Merge "Remove OpenSSL and replace with deprecation notice"HEAD master main emu-master-dev emu-30-release emu-29.0-release aosp-emu-30-release

author: Kenny Root <kroot@google.com> 2016-06-16 22:40:43 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2016-06-16 22:40:44 +0000
commit: 8953c287cf742a22411f75fab28a33772240e44f (patch)
tree: c47b14108644e49f0ae74f10798f55a6ffa89106
parent: e67c7edd65f69f58535fb358a8665a23e5de62a4 (diff)
parent: 96ec8d2622a5c17816f1ae17016f1d71e351fd55 (diff)
download: openssl-aosp-emu-30-release.tar.gz
1247 files changed, 14 insertions, 558191 deletions
diff --git a/Android.mk b/Android.mk
deleted file mode 100644
index 5fbcfc63c2..0000000000
--- a/Android.mk
+++ /dev/null
@@ -1,14 +0,0 @@
-LOCAL_PATH := $(call my-dir)
-
-# Enable to be able to use ALOG* with #include "cutils/log.h"
-#log_c_includes += system/core/include
-#log_shared_libraries := liblog
-
-# These makefiles are here instead of being Android.mk files in the
-# respective crypto, ssl, and apps directories so
-# that import_openssl.sh import won't remove them.
-include $(LOCAL_PATH)/build-config-64.mk
-include $(LOCAL_PATH)/build-config-32.mk
-include $(LOCAL_PATH)/Crypto.mk
-include $(LOCAL_PATH)/Ssl.mk
-include $(LOCAL_PATH)/Apps.mk
diff --git a/Apps-config-host.mk b/Apps-config-host.mk
deleted file mode 100644
index baf5a6a1cd..0000000000
--- a/Apps-config-host.mk
+++ /dev/null
@@ -1,151 +0,0 @@
-# Auto-generated - DO NOT EDIT!
-# To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
-#
-# This script will append to the following variables:
-#
-#    LOCAL_CFLAGS
-#    LOCAL_C_INCLUDES
-#    LOCAL_SRC_FILES_$(TARGET_ARCH)
-#    LOCAL_SRC_FILES_$(TARGET_2ND_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_2ND_ARCH)
-#    LOCAL_ADDITIONAL_DEPENDENCIES
-
-
-LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Apps-config-host.mk
-
-common_cflags := \
-  -DMONOLITH \
-
-common_src_files := \
-  apps/app_rand.c \
-  apps/apps.c \
-  apps/asn1pars.c \
-  apps/ca.c \
-  apps/ciphers.c \
-  apps/cms.c \
-  apps/crl.c \
-  apps/crl2p7.c \
-  apps/dgst.c \
-  apps/dh.c \
-  apps/dhparam.c \
-  apps/dsa.c \
-  apps/dsaparam.c \
-  apps/ec.c \
-  apps/ecparam.c \
-  apps/enc.c \
-  apps/engine.c \
-  apps/errstr.c \
-  apps/gendh.c \
-  apps/gendsa.c \
-  apps/genpkey.c \
-  apps/genrsa.c \
-  apps/nseq.c \
-  apps/ocsp.c \
-  apps/openssl.c \
-  apps/passwd.c \
-  apps/pkcs12.c \
-  apps/pkcs7.c \
-  apps/pkcs8.c \
-  apps/pkey.c \
-  apps/pkeyparam.c \
-  apps/pkeyutl.c \
-  apps/prime.c \
-  apps/rand.c \
-  apps/req.c \
-  apps/rsa.c \
-  apps/rsautl.c \
-  apps/s_cb.c \
-  apps/s_client.c \
-  apps/s_server.c \
-  apps/s_socket.c \
-  apps/s_time.c \
-  apps/sess_id.c \
-  apps/smime.c \
-  apps/speed.c \
-  apps/spkac.c \
-  apps/srp.c \
-  apps/verify.c \
-  apps/version.c \
-  apps/x509.c \
-
-common_c_includes := \
-  external/openssl/. \
-  external/openssl/include \
-
-arm_clang_asflags :=
-
-arm_cflags :=
-
-arm_src_files :=
-
-arm_exclude_files :=
-
-arm64_clang_asflags :=
-
-arm64_cflags :=
-
-arm64_src_files :=
-
-arm64_exclude_files :=
-
-x86_clang_asflags :=
-
-x86_cflags :=
-
-x86_src_files :=
-
-x86_exclude_files :=
-
-x86_64_clang_asflags :=
-
-x86_64_cflags :=
-
-x86_64_src_files :=
-
-x86_64_exclude_files :=
-
-mips_clang_asflags :=
-
-mips_cflags :=
-
-mips_src_files :=
-
-mips_exclude_files :=
-
-mips64_clang_asflags :=
-
-mips64_cflags :=
-
-mips64_src_files :=
-
-mips64_exclude_files :=
-
-mips32r6_clang_asflags :=
-
-mips32r6_cflags :=
-
-mips32r6_src_files :=
-
-mips32r6_exclude_files :=
-
-
-ifdef ARCH_MIPS_REV6
-mips_cflags := $(mips32r6_cflags)
-mips_src_files := $(mips32r6_src_files)
-mips_exclude_files := $(mips32r6_exclude_files)
-endif
-
-LOCAL_CFLAGS += $(common_cflags)
-LOCAL_C_INCLUDES += $(common_c_includes) $(local_c_includes)
-
-ifeq ($(HOST_OS),linux)
-LOCAL_CFLAGS_x86 += $(x86_cflags)
-LOCAL_SRC_FILES_x86 += $(filter-out $(x86_exclude_files), $(common_src_files) $(x86_src_files))
-LOCAL_CFLAGS_x86_64 += $(x86_64_cflags)
-LOCAL_SRC_FILES_x86_64 += $(filter-out $(x86_64_exclude_files), $(common_src_files) $(x86_64_src_files))
-else
-$(warning Unknown host OS $(HOST_OS))
-LOCAL_SRC_FILES += $(common_src_files)
-endif
diff --git a/Apps-config-target.mk b/Apps-config-target.mk
deleted file mode 100644
index f2bb032d3a..0000000000
--- a/Apps-config-target.mk
+++ /dev/null
@@ -1,165 +0,0 @@
-# Auto-generated - DO NOT EDIT!
-# To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
-#
-# This script will append to the following variables:
-#
-#    LOCAL_CFLAGS
-#    LOCAL_C_INCLUDES
-#    LOCAL_SRC_FILES_$(TARGET_ARCH)
-#    LOCAL_SRC_FILES_$(TARGET_2ND_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_2ND_ARCH)
-#    LOCAL_ADDITIONAL_DEPENDENCIES
-
-
-LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Apps-config-target.mk
-
-common_cflags := \
-  -DMONOLITH \
-
-common_src_files := \
-  apps/app_rand.c \
-  apps/apps.c \
-  apps/asn1pars.c \
-  apps/ca.c \
-  apps/ciphers.c \
-  apps/cms.c \
-  apps/crl.c \
-  apps/crl2p7.c \
-  apps/dgst.c \
-  apps/dh.c \
-  apps/dhparam.c \
-  apps/dsa.c \
-  apps/dsaparam.c \
-  apps/ec.c \
-  apps/ecparam.c \
-  apps/enc.c \
-  apps/engine.c \
-  apps/errstr.c \
-  apps/gendh.c \
-  apps/gendsa.c \
-  apps/genpkey.c \
-  apps/genrsa.c \
-  apps/nseq.c \
-  apps/ocsp.c \
-  apps/openssl.c \
-  apps/passwd.c \
-  apps/pkcs12.c \
-  apps/pkcs7.c \
-  apps/pkcs8.c \
-  apps/pkey.c \
-  apps/pkeyparam.c \
-  apps/pkeyutl.c \
-  apps/prime.c \
-  apps/rand.c \
-  apps/req.c \
-  apps/rsa.c \
-  apps/rsautl.c \
-  apps/s_cb.c \
-  apps/s_client.c \
-  apps/s_server.c \
-  apps/s_socket.c \
-  apps/s_time.c \
-  apps/sess_id.c \
-  apps/smime.c \
-  apps/speed.c \
-  apps/spkac.c \
-  apps/srp.c \
-  apps/verify.c \
-  apps/version.c \
-  apps/x509.c \
-
-common_c_includes := \
-  external/openssl/. \
-  external/openssl/include \
-
-arm_clang_asflags :=
-
-arm_cflags :=
-
-arm_src_files :=
-
-arm_exclude_files :=
-
-arm64_clang_asflags :=
-
-arm64_cflags :=
-
-arm64_src_files :=
-
-arm64_exclude_files :=
-
-x86_clang_asflags :=
-
-x86_cflags :=
-
-x86_src_files :=
-
-x86_exclude_files :=
-
-x86_64_clang_asflags :=
-
-x86_64_cflags :=
-
-x86_64_src_files :=
-
-x86_64_exclude_files :=
-
-mips_clang_asflags :=
-
-mips_cflags :=
-
-mips_src_files :=
-
-mips_exclude_files :=
-
-mips64_clang_asflags :=
-
-mips64_cflags :=
-
-mips64_src_files :=
-
-mips64_exclude_files :=
-
-mips32r6_clang_asflags :=
-
-mips32r6_cflags :=
-
-mips32r6_src_files :=
-
-mips32r6_exclude_files :=
-
-
-ifdef ARCH_MIPS_REV6
-mips_cflags := $(mips32r6_cflags)
-mips_src_files := $(mips32r6_src_files)
-mips_exclude_files := $(mips32r6_exclude_files)
-endif
-
-LOCAL_CFLAGS += $(common_cflags)
-LOCAL_C_INCLUDES += $(common_c_includes)
-
-LOCAL_SRC_FILES_arm += $(filter-out $(arm_exclude_files),$(common_src_files) $(arm_src_files))
-LOCAL_CFLAGS_arm += $(arm_cflags)
-LOCAL_CLANG_ASFLAGS_arm += $(arm_clang_asflags)
-
-LOCAL_SRC_FILES_arm64 += $(filter-out $(arm64_exclude_files),$(common_src_files) $(arm64_src_files))
-LOCAL_CFLAGS_arm64 += $(arm64_cflags)
-LOCAL_CLANG_ASFLAGS_arm64 += $(arm64_clang_asflags)
-
-LOCAL_SRC_FILES_x86 += $(filter-out $(x86_exclude_files),$(common_src_files) $(x86_src_files))
-LOCAL_CFLAGS_x86 += $(x86_cflags)
-LOCAL_CLANG_ASFLAGS_x86 += $(x86_clang_asflags)
-
-LOCAL_SRC_FILES_x86_64 += $(filter-out $(x86_64_exclude_files),$(common_src_files) $(x86_64_src_files))
-LOCAL_CFLAGS_x86_64 += $(x86_64_cflags)
-LOCAL_CLANG_ASFLAGS_x86_64 += $(x86_64_clang_asflags)
-
-LOCAL_SRC_FILES_mips += $(filter-out $(mips_exclude_files),$(common_src_files) $(mips_src_files))
-LOCAL_CFLAGS_mips += $(mips_cflags)
-LOCAL_CLANG_ASFLAGS_mips += $(mips_clang_asflags)
-
-LOCAL_SRC_FILES_mips64 += $(filter-out $(mips64_exclude_files),$(common_src_files) $(mips64_src_files))
-LOCAL_CFLAGS_mips64 += $(mips64_cflags)
-LOCAL_CLANG_ASFLAGS_mips64 += $(mips64_clang_asflags)
diff --git a/Apps.mk b/Apps.mk
deleted file mode 100644
index 4c224ce53c..0000000000
--- a/Apps.mk
+++ /dev/null
@@ -1,26 +0,0 @@
-# Copyright 2006 The Android Open Source Project
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := openssl
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := openssl
-LOCAL_MODULE_STEM_64 := openssl64
-LOCAL_CLANG := true
-LOCAL_MODULE_TAGS := optional
-LOCAL_SHARED_LIBRARIES := libssl libcrypto
-include $(LOCAL_PATH)/Apps-config-target.mk
-include $(LOCAL_PATH)/android-config.mk
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Apps.mk
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := openssl
-LOCAL_MODULE_TAGS := optional
-LOCAL_SHARED_LIBRARIES := libssl-host libcrypto-host
-LOCAL_CXX_STL := none
-include $(LOCAL_PATH)/Apps-config-host.mk
-include $(LOCAL_PATH)/android-config.mk
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Apps.mk
-include $(BUILD_HOST_EXECUTABLE)
diff --git a/CleanSpec.mk b/CleanSpec.mk
deleted file mode 100644
index 8b33f99ffa..0000000000
--- a/CleanSpec.mk
+++ /dev/null
@@ -1,63 +0,0 @@
-# Copyright (C) 2007 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-# If you don't need to do a full clean build but would like to touch
-# a file or delete some intermediate files, add a clean step to the end
-# of the list.  These steps will only be run once, if they haven't been
-# run before.
-#
-# E.g.:
-#     $(call add-clean-step, touch -c external/sqlite/sqlite3.h)
-#     $(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/STATIC_LIBRARIES/libz_intermediates)
-#
-# Always use "touch -c" and "rm -f" or "rm -rf" to gracefully deal with
-# files that are missing or have been moved.
-#
-# Use $(PRODUCT_OUT) to get to the "out/target/product/blah/" directory.
-# Use $(OUT_DIR) to refer to the "out" directory.
-#
-# If you need to re-do something that's already mentioned, just copy
-# the command and add it to the bottom of the list.  E.g., if a change
-# that you made last week required touching a file and a change you
-# made today requires touching the same file, just copy the old
-# touch step and add it to the end of the list.
-#
-# ************************************************
-# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
-# ************************************************
-
-# For example:
-#$(call add-clean-step, rm -rf $(OUT_DIR)/target/common/obj/APPS/AndroidTests_intermediates)
-#$(call add-clean-step, rm -rf $(OUT_DIR)/target/common/obj/JAVA_LIBRARIES/core_intermediates)
-#$(call add-clean-step, find $(OUT_DIR) -type f -name "IGTalkSession*" -print0 | xargs -0 rm -f)
-#$(call add-clean-step, rm -rf $(PRODUCT_OUT)/data/*)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_intermediates $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/ssltest_intermediates)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_intermediates $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/ssltest_intermediates)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_intermediates $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/ssltest_intermediates)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_intermediates $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/ssltest_intermediates)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_intermediates $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/openssl_intermediates $(PRODUCT_OUT)/obj/EXECUTABLES/ssltest_intermediates)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libssl_intermediates)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_intermediates)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/STATIC_LIBRARIES/libssl_static_intermediates)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/STATIC_LIBRARIES/libcrypto_static_intermediates)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/EXECUTABLES/*ssl*_intermediates $(PRODUCT_OUT)/obj/*/libssl_*intermediates $(PRODUCT_OUT)/obj/*/libcrypto_*intermediates)
-$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/*/libcrypto*intermediates/export_includes $(PRODUCT_OUT)/obj/*/libssl*intermediates/export_includes $(OUT_DIR)/host/*/obj*/SHARED_LIBRARIES/libcrypto*intermediates/export_includes $(OUT_DIR)/host/*/obj*/SHARED_LIBRARIES/libssl*intermediates/export_includes)
-$(call add-clean-step, rm -rf $(OUT_DIR)/host/*/obj/*/libcrypto*intermediates $(OUT_DIR)/host/*/obj/libssl*intermediates)
-
-# ************************************************
-# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
-# ************************************************
diff --git a/Crypto-config-host.mk b/Crypto-config-host.mk
deleted file mode 100644
index 6cd5c0b682..0000000000
--- a/Crypto-config-host.mk
+++ /dev/null
@@ -1,753 +0,0 @@
-# Auto-generated - DO NOT EDIT!
-# To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
-#
-# This script will append to the following variables:
-#
-#    LOCAL_CFLAGS
-#    LOCAL_C_INCLUDES
-#    LOCAL_SRC_FILES_$(TARGET_ARCH)
-#    LOCAL_SRC_FILES_$(TARGET_2ND_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_2ND_ARCH)
-#    LOCAL_ADDITIONAL_DEPENDENCIES
-#    LOCAL_EXPORT_C_INCLUDE_DIRS
-
-
-LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Crypto-config-host.mk
-
-common_cflags := \
-  -DNO_WINDOWS_BRAINDEATH \
-
-common_src_files := \
-  crypto/aes/aes_cbc.c \
-  crypto/aes/aes_cfb.c \
-  crypto/aes/aes_core.c \
-  crypto/aes/aes_ctr.c \
-  crypto/aes/aes_ecb.c \
-  crypto/aes/aes_misc.c \
-  crypto/aes/aes_ofb.c \
-  crypto/aes/aes_wrap.c \
-  crypto/asn1/a_bitstr.c \
-  crypto/asn1/a_bool.c \
-  crypto/asn1/a_bytes.c \
-  crypto/asn1/a_d2i_fp.c \
-  crypto/asn1/a_digest.c \
-  crypto/asn1/a_dup.c \
-  crypto/asn1/a_enum.c \
-  crypto/asn1/a_gentm.c \
-  crypto/asn1/a_i2d_fp.c \
-  crypto/asn1/a_int.c \
-  crypto/asn1/a_mbstr.c \
-  crypto/asn1/a_object.c \
-  crypto/asn1/a_octet.c \
-  crypto/asn1/a_print.c \
-  crypto/asn1/a_set.c \
-  crypto/asn1/a_sign.c \
-  crypto/asn1/a_strex.c \
-  crypto/asn1/a_strnid.c \
-  crypto/asn1/a_time.c \
-  crypto/asn1/a_type.c \
-  crypto/asn1/a_utctm.c \
-  crypto/asn1/a_utf8.c \
-  crypto/asn1/a_verify.c \
-  crypto/asn1/ameth_lib.c \
-  crypto/asn1/asn1_err.c \
-  crypto/asn1/asn1_gen.c \
-  crypto/asn1/asn1_lib.c \
-  crypto/asn1/asn1_par.c \
-  crypto/asn1/asn_mime.c \
-  crypto/asn1/asn_moid.c \
-  crypto/asn1/asn_pack.c \
-  crypto/asn1/bio_asn1.c \
-  crypto/asn1/bio_ndef.c \
-  crypto/asn1/d2i_pr.c \
-  crypto/asn1/d2i_pu.c \
-  crypto/asn1/evp_asn1.c \
-  crypto/asn1/f_enum.c \
-  crypto/asn1/f_int.c \
-  crypto/asn1/f_string.c \
-  crypto/asn1/i2d_pr.c \
-  crypto/asn1/i2d_pu.c \
-  crypto/asn1/n_pkey.c \
-  crypto/asn1/nsseq.c \
-  crypto/asn1/p5_pbe.c \
-  crypto/asn1/p5_pbev2.c \
-  crypto/asn1/p8_pkey.c \
-  crypto/asn1/t_bitst.c \
-  crypto/asn1/t_crl.c \
-  crypto/asn1/t_pkey.c \
-  crypto/asn1/t_req.c \
-  crypto/asn1/t_spki.c \
-  crypto/asn1/t_x509.c \
-  crypto/asn1/t_x509a.c \
-  crypto/asn1/tasn_dec.c \
-  crypto/asn1/tasn_enc.c \
-  crypto/asn1/tasn_fre.c \
-  crypto/asn1/tasn_new.c \
-  crypto/asn1/tasn_prn.c \
-  crypto/asn1/tasn_typ.c \
-  crypto/asn1/tasn_utl.c \
-  crypto/asn1/x_algor.c \
-  crypto/asn1/x_attrib.c \
-  crypto/asn1/x_bignum.c \
-  crypto/asn1/x_crl.c \
-  crypto/asn1/x_exten.c \
-  crypto/asn1/x_info.c \
-  crypto/asn1/x_long.c \
-  crypto/asn1/x_name.c \
-  crypto/asn1/x_nx509.c \
-  crypto/asn1/x_pkey.c \
-  crypto/asn1/x_pubkey.c \
-  crypto/asn1/x_req.c \
-  crypto/asn1/x_sig.c \
-  crypto/asn1/x_spki.c \
-  crypto/asn1/x_val.c \
-  crypto/asn1/x_x509.c \
-  crypto/asn1/x_x509a.c \
-  crypto/bf/bf_cfb64.c \
-  crypto/bf/bf_ecb.c \
-  crypto/bf/bf_enc.c \
-  crypto/bf/bf_ofb64.c \
-  crypto/bf/bf_skey.c \
-  crypto/bio/b_dump.c \
-  crypto/bio/b_print.c \
-  crypto/bio/b_sock.c \
-  crypto/bio/bf_buff.c \
-  crypto/bio/bf_nbio.c \
-  crypto/bio/bf_null.c \
-  crypto/bio/bio_cb.c \
-  crypto/bio/bio_err.c \
-  crypto/bio/bio_lib.c \
-  crypto/bio/bss_acpt.c \
-  crypto/bio/bss_bio.c \
-  crypto/bio/bss_conn.c \
-  crypto/bio/bss_dgram.c \
-  crypto/bio/bss_fd.c \
-  crypto/bio/bss_file.c \
-  crypto/bio/bss_log.c \
-  crypto/bio/bss_mem.c \
-  crypto/bio/bss_null.c \
-  crypto/bio/bss_sock.c \
-  crypto/bn/bn_add.c \
-  crypto/bn/bn_asm.c \
-  crypto/bn/bn_blind.c \
-  crypto/bn/bn_const.c \
-  crypto/bn/bn_ctx.c \
-  crypto/bn/bn_div.c \
-  crypto/bn/bn_err.c \
-  crypto/bn/bn_exp.c \
-  crypto/bn/bn_exp2.c \
-  crypto/bn/bn_gcd.c \
-  crypto/bn/bn_gf2m.c \
-  crypto/bn/bn_kron.c \
-  crypto/bn/bn_lib.c \
-  crypto/bn/bn_mod.c \
-  crypto/bn/bn_mont.c \
-  crypto/bn/bn_mpi.c \
-  crypto/bn/bn_mul.c \
-  crypto/bn/bn_nist.c \
-  crypto/bn/bn_prime.c \
-  crypto/bn/bn_print.c \
-  crypto/bn/bn_rand.c \
-  crypto/bn/bn_recp.c \
-  crypto/bn/bn_shift.c \
-  crypto/bn/bn_sqr.c \
-  crypto/bn/bn_sqrt.c \
-  crypto/bn/bn_word.c \
-  crypto/buffer/buf_err.c \
-  crypto/buffer/buf_str.c \
-  crypto/buffer/buffer.c \
-  crypto/cmac/cm_ameth.c \
-  crypto/cmac/cm_pmeth.c \
-  crypto/cmac/cmac.c \
-  crypto/cms/cms_asn1.c \
-  crypto/cms/cms_att.c \
-  crypto/cms/cms_cd.c \
-  crypto/cms/cms_dd.c \
-  crypto/cms/cms_enc.c \
-  crypto/cms/cms_env.c \
-  crypto/cms/cms_err.c \
-  crypto/cms/cms_ess.c \
-  crypto/cms/cms_io.c \
-  crypto/cms/cms_lib.c \
-  crypto/cms/cms_pwri.c \
-  crypto/cms/cms_sd.c \
-  crypto/cms/cms_smime.c \
-  crypto/comp/c_rle.c \
-  crypto/comp/c_zlib.c \
-  crypto/comp/comp_err.c \
-  crypto/comp/comp_lib.c \
-  crypto/conf/conf_api.c \
-  crypto/conf/conf_def.c \
-  crypto/conf/conf_err.c \
-  crypto/conf/conf_lib.c \
-  crypto/conf/conf_mall.c \
-  crypto/conf/conf_mod.c \
-  crypto/conf/conf_sap.c \
-  crypto/constant_time_locl.h \
-  crypto/cpt_err.c \
-  crypto/cryptlib.c \
-  crypto/cversion.c \
-  crypto/des/cbc_cksm.c \
-  crypto/des/cbc_enc.c \
-  crypto/des/cfb64ede.c \
-  crypto/des/cfb64enc.c \
-  crypto/des/cfb_enc.c \
-  crypto/des/des_enc.c \
-  crypto/des/des_old.c \
-  crypto/des/des_old2.c \
-  crypto/des/ecb3_enc.c \
-  crypto/des/ecb_enc.c \
-  crypto/des/ede_cbcm_enc.c \
-  crypto/des/enc_read.c \
-  crypto/des/enc_writ.c \
-  crypto/des/fcrypt.c \
-  crypto/des/fcrypt_b.c \
-  crypto/des/ofb64ede.c \
-  crypto/des/ofb64enc.c \
-  crypto/des/ofb_enc.c \
-  crypto/des/pcbc_enc.c \
-  crypto/des/qud_cksm.c \
-  crypto/des/rand_key.c \
-  crypto/des/read2pwd.c \
-  crypto/des/rpc_enc.c \
-  crypto/des/set_key.c \
-  crypto/des/str2key.c \
-  crypto/des/xcbc_enc.c \
-  crypto/dh/dh_ameth.c \
-  crypto/dh/dh_asn1.c \
-  crypto/dh/dh_check.c \
-  crypto/dh/dh_depr.c \
-  crypto/dh/dh_err.c \
-  crypto/dh/dh_gen.c \
-  crypto/dh/dh_key.c \
-  crypto/dh/dh_lib.c \
-  crypto/dh/dh_pmeth.c \
-  crypto/dsa/dsa_ameth.c \
-  crypto/dsa/dsa_asn1.c \
-  crypto/dsa/dsa_depr.c \
-  crypto/dsa/dsa_err.c \
-  crypto/dsa/dsa_gen.c \
-  crypto/dsa/dsa_key.c \
-  crypto/dsa/dsa_lib.c \
-  crypto/dsa/dsa_ossl.c \
-  crypto/dsa/dsa_pmeth.c \
-  crypto/dsa/dsa_prn.c \
-  crypto/dsa/dsa_sign.c \
-  crypto/dsa/dsa_vrf.c \
-  crypto/dso/dso_dl.c \
-  crypto/dso/dso_dlfcn.c \
-  crypto/dso/dso_err.c \
-  crypto/dso/dso_lib.c \
-  crypto/dso/dso_null.c \
-  crypto/dso/dso_openssl.c \
-  crypto/ebcdic.c \
-  crypto/ec/ec2_mult.c \
-  crypto/ec/ec2_oct.c \
-  crypto/ec/ec2_smpl.c \
-  crypto/ec/ec_ameth.c \
-  crypto/ec/ec_asn1.c \
-  crypto/ec/ec_check.c \
-  crypto/ec/ec_curve.c \
-  crypto/ec/ec_cvt.c \
-  crypto/ec/ec_err.c \
-  crypto/ec/ec_key.c \
-  crypto/ec/ec_lib.c \
-  crypto/ec/ec_mult.c \
-  crypto/ec/ec_oct.c \
-  crypto/ec/ec_pmeth.c \
-  crypto/ec/ec_print.c \
-  crypto/ec/eck_prn.c \
-  crypto/ec/ecp_mont.c \
-  crypto/ec/ecp_nist.c \
-  crypto/ec/ecp_oct.c \
-  crypto/ec/ecp_smpl.c \
-  crypto/ecdh/ech_err.c \
-  crypto/ecdh/ech_key.c \
-  crypto/ecdh/ech_lib.c \
-  crypto/ecdh/ech_ossl.c \
-  crypto/ecdsa/ecs_asn1.c \
-  crypto/ecdsa/ecs_err.c \
-  crypto/ecdsa/ecs_lib.c \
-  crypto/ecdsa/ecs_ossl.c \
-  crypto/ecdsa/ecs_sign.c \
-  crypto/ecdsa/ecs_vrf.c \
-  crypto/engine/eng_all.c \
-  crypto/engine/eng_cnf.c \
-  crypto/engine/eng_ctrl.c \
-  crypto/engine/eng_dyn.c \
-  crypto/engine/eng_err.c \
-  crypto/engine/eng_fat.c \
-  crypto/engine/eng_init.c \
-  crypto/engine/eng_lib.c \
-  crypto/engine/eng_list.c \
-  crypto/engine/eng_pkey.c \
-  crypto/engine/eng_table.c \
-  crypto/engine/tb_asnmth.c \
-  crypto/engine/tb_cipher.c \
-  crypto/engine/tb_dh.c \
-  crypto/engine/tb_digest.c \
-  crypto/engine/tb_dsa.c \
-  crypto/engine/tb_ecdh.c \
-  crypto/engine/tb_ecdsa.c \
-  crypto/engine/tb_pkmeth.c \
-  crypto/engine/tb_rand.c \
-  crypto/engine/tb_rsa.c \
-  crypto/engine/tb_store.c \
-  crypto/err/err.c \
-  crypto/err/err_all.c \
-  crypto/err/err_prn.c \
-  crypto/evp/bio_b64.c \
-  crypto/evp/bio_enc.c \
-  crypto/evp/bio_md.c \
-  crypto/evp/bio_ok.c \
-  crypto/evp/c_all.c \
-  crypto/evp/c_allc.c \
-  crypto/evp/c_alld.c \
-  crypto/evp/digest.c \
-  crypto/evp/e_aes.c \
-  crypto/evp/e_aes_cbc_hmac_sha1.c \
-  crypto/evp/e_bf.c \
-  crypto/evp/e_des.c \
-  crypto/evp/e_des3.c \
-  crypto/evp/e_null.c \
-  crypto/evp/e_old.c \
-  crypto/evp/e_rc2.c \
-  crypto/evp/e_rc4.c \
-  crypto/evp/e_rc4_hmac_md5.c \
-  crypto/evp/e_rc5.c \
-  crypto/evp/e_xcbc_d.c \
-  crypto/evp/encode.c \
-  crypto/evp/evp_acnf.c \
-  crypto/evp/evp_cnf.c \
-  crypto/evp/evp_enc.c \
-  crypto/evp/evp_err.c \
-  crypto/evp/evp_key.c \
-  crypto/evp/evp_lib.c \
-  crypto/evp/evp_pbe.c \
-  crypto/evp/evp_pkey.c \
-  crypto/evp/m_dss.c \
-  crypto/evp/m_dss1.c \
-  crypto/evp/m_ecdsa.c \
-  crypto/evp/m_md4.c \
-  crypto/evp/m_md5.c \
-  crypto/evp/m_mdc2.c \
-  crypto/evp/m_null.c \
-  crypto/evp/m_sha1.c \
-  crypto/evp/m_sigver.c \
-  crypto/evp/m_wp.c \
-  crypto/evp/names.c \
-  crypto/evp/p5_crpt.c \
-  crypto/evp/p5_crpt2.c \
-  crypto/evp/p_dec.c \
-  crypto/evp/p_enc.c \
-  crypto/evp/p_lib.c \
-  crypto/evp/p_open.c \
-  crypto/evp/p_seal.c \
-  crypto/evp/p_sign.c \
-  crypto/evp/p_verify.c \
-  crypto/evp/pmeth_fn.c \
-  crypto/evp/pmeth_gn.c \
-  crypto/evp/pmeth_lib.c \
-  crypto/ex_data.c \
-  crypto/hmac/hm_ameth.c \
-  crypto/hmac/hm_pmeth.c \
-  crypto/hmac/hmac.c \
-  crypto/krb5/krb5_asn.c \
-  crypto/lhash/lh_stats.c \
-  crypto/lhash/lhash.c \
-  crypto/md4/md4_dgst.c \
-  crypto/md4/md4_one.c \
-  crypto/md5/md5_dgst.c \
-  crypto/md5/md5_one.c \
-  crypto/mem.c \
-  crypto/mem_clr.c \
-  crypto/mem_dbg.c \
-  crypto/modes/cbc128.c \
-  crypto/modes/ccm128.c \
-  crypto/modes/cfb128.c \
-  crypto/modes/ctr128.c \
-  crypto/modes/gcm128.c \
-  crypto/modes/ofb128.c \
-  crypto/modes/xts128.c \
-  crypto/o_dir.c \
-  crypto/o_init.c \
-  crypto/o_str.c \
-  crypto/o_time.c \
-  crypto/objects/o_names.c \
-  crypto/objects/obj_dat.c \
-  crypto/objects/obj_err.c \
-  crypto/objects/obj_lib.c \
-  crypto/objects/obj_xref.c \
-  crypto/ocsp/ocsp_asn.c \
-  crypto/ocsp/ocsp_cl.c \
-  crypto/ocsp/ocsp_err.c \
-  crypto/ocsp/ocsp_ext.c \
-  crypto/ocsp/ocsp_ht.c \
-  crypto/ocsp/ocsp_lib.c \
-  crypto/ocsp/ocsp_prn.c \
-  crypto/ocsp/ocsp_srv.c \
-  crypto/ocsp/ocsp_vfy.c \
-  crypto/pem/pem_all.c \
-  crypto/pem/pem_err.c \
-  crypto/pem/pem_info.c \
-  crypto/pem/pem_lib.c \
-  crypto/pem/pem_oth.c \
-  crypto/pem/pem_pk8.c \
-  crypto/pem/pem_pkey.c \
-  crypto/pem/pem_seal.c \
-  crypto/pem/pem_sign.c \
-  crypto/pem/pem_x509.c \
-  crypto/pem/pem_xaux.c \
-  crypto/pem/pvkfmt.c \
-  crypto/pkcs12/p12_add.c \
-  crypto/pkcs12/p12_asn.c \
-  crypto/pkcs12/p12_attr.c \
-  crypto/pkcs12/p12_crpt.c \
-  crypto/pkcs12/p12_crt.c \
-  crypto/pkcs12/p12_decr.c \
-  crypto/pkcs12/p12_init.c \
-  crypto/pkcs12/p12_key.c \
-  crypto/pkcs12/p12_kiss.c \
-  crypto/pkcs12/p12_mutl.c \
-  crypto/pkcs12/p12_npas.c \
-  crypto/pkcs12/p12_p8d.c \
-  crypto/pkcs12/p12_p8e.c \
-  crypto/pkcs12/p12_utl.c \
-  crypto/pkcs12/pk12err.c \
-  crypto/pkcs7/pk7_asn1.c \
-  crypto/pkcs7/pk7_attr.c \
-  crypto/pkcs7/pk7_doit.c \
-  crypto/pkcs7/pk7_lib.c \
-  crypto/pkcs7/pk7_mime.c \
-  crypto/pkcs7/pk7_smime.c \
-  crypto/pkcs7/pkcs7err.c \
-  crypto/pqueue/pqueue.c \
-  crypto/rand/md_rand.c \
-  crypto/rand/rand_egd.c \
-  crypto/rand/rand_err.c \
-  crypto/rand/rand_lib.c \
-  crypto/rand/rand_unix.c \
-  crypto/rand/rand_win.c \
-  crypto/rand/randfile.c \
-  crypto/rc2/rc2_cbc.c \
-  crypto/rc2/rc2_ecb.c \
-  crypto/rc2/rc2_skey.c \
-  crypto/rc2/rc2cfb64.c \
-  crypto/rc2/rc2ofb64.c \
-  crypto/rc4/rc4_enc.c \
-  crypto/rc4/rc4_skey.c \
-  crypto/rc4/rc4_utl.c \
-  crypto/rsa/rsa_ameth.c \
-  crypto/rsa/rsa_asn1.c \
-  crypto/rsa/rsa_chk.c \
-  crypto/rsa/rsa_crpt.c \
-  crypto/rsa/rsa_eay.c \
-  crypto/rsa/rsa_err.c \
-  crypto/rsa/rsa_gen.c \
-  crypto/rsa/rsa_lib.c \
-  crypto/rsa/rsa_none.c \
-  crypto/rsa/rsa_null.c \
-  crypto/rsa/rsa_oaep.c \
-  crypto/rsa/rsa_pk1.c \
-  crypto/rsa/rsa_pmeth.c \
-  crypto/rsa/rsa_prn.c \
-  crypto/rsa/rsa_pss.c \
-  crypto/rsa/rsa_saos.c \
-  crypto/rsa/rsa_sign.c \
-  crypto/rsa/rsa_ssl.c \
-  crypto/rsa/rsa_x931.c \
-  crypto/sha/sha1_one.c \
-  crypto/sha/sha1dgst.c \
-  crypto/sha/sha256.c \
-  crypto/sha/sha512.c \
-  crypto/sha/sha_dgst.c \
-  crypto/srp/srp_lib.c \
-  crypto/srp/srp_vfy.c \
-  crypto/stack/stack.c \
-  crypto/ts/ts_err.c \
-  crypto/txt_db/txt_db.c \
-  crypto/ui/ui_compat.c \
-  crypto/ui/ui_err.c \
-  crypto/ui/ui_lib.c \
-  crypto/ui/ui_openssl.c \
-  crypto/ui/ui_util.c \
-  crypto/uid.c \
-  crypto/x509/by_dir.c \
-  crypto/x509/by_file.c \
-  crypto/x509/x509_att.c \
-  crypto/x509/x509_cmp.c \
-  crypto/x509/x509_d2.c \
-  crypto/x509/x509_def.c \
-  crypto/x509/x509_err.c \
-  crypto/x509/x509_ext.c \
-  crypto/x509/x509_lu.c \
-  crypto/x509/x509_obj.c \
-  crypto/x509/x509_r2x.c \
-  crypto/x509/x509_req.c \
-  crypto/x509/x509_set.c \
-  crypto/x509/x509_trs.c \
-  crypto/x509/x509_txt.c \
-  crypto/x509/x509_v3.c \
-  crypto/x509/x509_vfy.c \
-  crypto/x509/x509_vpm.c \
-  crypto/x509/x509cset.c \
-  crypto/x509/x509name.c \
-  crypto/x509/x509rset.c \
-  crypto/x509/x509spki.c \
-  crypto/x509/x509type.c \
-  crypto/x509/x_all.c \
-  crypto/x509v3/pcy_cache.c \
-  crypto/x509v3/pcy_data.c \
-  crypto/x509v3/pcy_lib.c \
-  crypto/x509v3/pcy_map.c \
-  crypto/x509v3/pcy_node.c \
-  crypto/x509v3/pcy_tree.c \
-  crypto/x509v3/v3_akey.c \
-  crypto/x509v3/v3_akeya.c \
-  crypto/x509v3/v3_alt.c \
-  crypto/x509v3/v3_bcons.c \
-  crypto/x509v3/v3_bitst.c \
-  crypto/x509v3/v3_conf.c \
-  crypto/x509v3/v3_cpols.c \
-  crypto/x509v3/v3_crld.c \
-  crypto/x509v3/v3_enum.c \
-  crypto/x509v3/v3_extku.c \
-  crypto/x509v3/v3_genn.c \
-  crypto/x509v3/v3_ia5.c \
-  crypto/x509v3/v3_info.c \
-  crypto/x509v3/v3_int.c \
-  crypto/x509v3/v3_lib.c \
-  crypto/x509v3/v3_ncons.c \
-  crypto/x509v3/v3_ocsp.c \
-  crypto/x509v3/v3_pci.c \
-  crypto/x509v3/v3_pcia.c \
-  crypto/x509v3/v3_pcons.c \
-  crypto/x509v3/v3_pku.c \
-  crypto/x509v3/v3_pmaps.c \
-  crypto/x509v3/v3_prn.c \
-  crypto/x509v3/v3_purp.c \
-  crypto/x509v3/v3_skey.c \
-  crypto/x509v3/v3_sxnet.c \
-  crypto/x509v3/v3_utl.c \
-  crypto/x509v3/v3err.c \
-
-common_c_includes := \
-  external/openssl/. \
-  external/openssl/crypto \
-  external/openssl/crypto/asn1 \
-  external/openssl/crypto/evp \
-  external/openssl/crypto/modes \
-  external/openssl/include \
-  external/openssl/include/openssl \
-
-arm_clang_asflags := \
-  -no-integrated-as \
-
-arm_cflags := \
-  -DAES_ASM \
-  -DBSAES_ASM \
-  -DDES_UNROLL \
-  -DGHASH_ASM \
-  -DOPENSSL_BN_ASM_GF2m \
-  -DOPENSSL_BN_ASM_MONT \
-  -DOPENSSL_CPUID_OBJ \
-  -DSHA1_ASM \
-  -DSHA256_ASM \
-  -DSHA512_ASM \
-
-arm_src_files := \
-  crypto/aes/asm/aes-armv4.S \
-  crypto/aes/asm/aesv8-armx.S \
-  crypto/aes/asm/bsaes-armv7.S \
-  crypto/armcap.c \
-  crypto/armv4cpuid.S \
-  crypto/bn/asm/armv4-gf2m.S \
-  crypto/bn/asm/armv4-mont.S \
-  crypto/modes/asm/ghash-armv4.S \
-  crypto/modes/asm/ghashv8-armx.S \
-  crypto/sha/asm/sha1-armv4-large.S \
-  crypto/sha/asm/sha256-armv4.S \
-  crypto/sha/asm/sha512-armv4.S \
-
-arm_exclude_files := \
-  crypto/aes/aes_core.c \
-  crypto/mem_clr.c \
-
-arm64_clang_asflags := \
-  -no-integrated-as \
-
-arm64_cflags := \
-  -DDES_UNROLL \
-  -DOPENSSL_CPUID_OBJ \
-  -DSHA1_ASM \
-  -DSHA256_ASM \
-  -DSHA512_ASM \
-
-arm64_src_files := \
-  crypto/aes/asm/aesv8-armx-64.S \
-  crypto/arm64cpuid.S \
-  crypto/armcap.c \
-  crypto/modes/asm/ghashv8-armx-64.S \
-  crypto/sha/asm/sha1-armv8.S \
-  crypto/sha/asm/sha256-armv8.S \
-  crypto/sha/asm/sha512-armv8.S \
-
-arm64_exclude_files :=
-
-x86_clang_asflags :=
-
-x86_cflags := \
-  -DAES_ASM \
-  -DDES_PTR \
-  -DDES_RISC1 \
-  -DDES_UNROLL \
-  -DGHASH_ASM \
-  -DMD5_ASM \
-  -DOPENSSL_BN_ASM_GF2m \
-  -DOPENSSL_BN_ASM_MONT \
-  -DOPENSSL_BN_ASM_PART_WORDS \
-  -DOPENSSL_CPUID_OBJ \
-  -DOPENSSL_IA32_SSE2 \
-  -DRC4_INDEX \
-  -DRMD160_ASM \
-  -DSHA1_ASM \
-  -DSHA256_ASM \
-  -DSHA512_ASM \
-  -DVPAES_ASM \
-
-x86_src_files := \
-  crypto/aes/asm/aes-586.S \
-  crypto/aes/asm/aesni-x86.S \
-  crypto/aes/asm/vpaes-x86.S \
-  crypto/bf/asm/bf-586.S \
-  crypto/bn/asm/bn-586.S \
-  crypto/bn/asm/co-586.S \
-  crypto/bn/asm/x86-gf2m.S \
-  crypto/bn/asm/x86-mont.S \
-  crypto/des/asm/crypt586.S \
-  crypto/des/asm/des-586.S \
-  crypto/md5/asm/md5-586.S \
-  crypto/modes/asm/ghash-x86.S \
-  crypto/sha/asm/sha1-586.S \
-  crypto/sha/asm/sha256-586.S \
-  crypto/sha/asm/sha512-586.S \
-  crypto/x86cpuid.S \
-
-x86_exclude_files := \
-  crypto/aes/aes_cbc.c \
-  crypto/aes/aes_core.c \
-  crypto/bf/bf_enc.c \
-  crypto/bn/bn_asm.c \
-  crypto/des/des_enc.c \
-  crypto/des/fcrypt_b.c \
-  crypto/mem_clr.c \
-
-x86_64_clang_asflags :=
-
-x86_64_cflags := \
-  -DAES_ASM \
-  -DBSAES_ASM \
-  -DDES_UNROLL \
-  -DGHASH_ASM \
-  -DMD5_ASM \
-  -DOPENSSL_BN_ASM_GF2m \
-  -DOPENSSL_BN_ASM_MONT \
-  -DOPENSSL_BN_ASM_MONT5 \
-  -DOPENSSL_CPUID_OBJ \
-  -DOPENSSL_IA32_SSE2 \
-  -DSHA1_ASM \
-  -DSHA256_ASM \
-  -DSHA512_ASM \
-  -DVPAES_ASM \
-
-x86_64_src_files := \
-  crypto/aes/asm/aes-x86_64.S \
-  crypto/aes/asm/aesni-sha1-x86_64.S \
-  crypto/aes/asm/aesni-x86_64.S \
-  crypto/aes/asm/bsaes-x86_64.S \
-  crypto/aes/asm/vpaes-x86_64.S \
-  crypto/bn/asm/modexp512-x86_64.S \
-  crypto/bn/asm/x86_64-gcc.c \
-  crypto/bn/asm/x86_64-gf2m.S \
-  crypto/bn/asm/x86_64-mont.S \
-  crypto/bn/asm/x86_64-mont5.S \
-  crypto/md5/asm/md5-x86_64.S \
-  crypto/modes/asm/ghash-x86_64.S \
-  crypto/rc4/asm/rc4-md5-x86_64.S \
-  crypto/rc4/asm/rc4-x86_64.S \
-  crypto/sha/asm/sha1-x86_64.S \
-  crypto/sha/asm/sha256-x86_64.S \
-  crypto/sha/asm/sha512-x86_64.S \
-  crypto/x86_64cpuid.S \
-
-x86_64_exclude_files := \
-  crypto/aes/aes_cbc.c \
-  crypto/aes/aes_core.c \
-  crypto/bn/bn_asm.c \
-  crypto/mem_clr.c \
-  crypto/rc4/rc4_enc.c \
-  crypto/rc4/rc4_skey.c \
-
-mips_clang_asflags :=
-
-mips_cflags := \
-  -DAES_ASM \
-  -DOPENSSL_BN_ASM_MONT \
-  -DSHA1_ASM \
-  -DSHA256_ASM \
-
-mips_src_files := \
-  crypto/aes/asm/aes-mips.S \
-  crypto/bn/asm/bn-mips.S \
-  crypto/bn/asm/mips-mont.S \
-  crypto/sha/asm/sha1-mips.S \
-  crypto/sha/asm/sha256-mips.S \
-
-mips_exclude_files := \
-  crypto/aes/aes_core.c \
-  crypto/bn/bn_asm.c \
-
-mips64_clang_asflags :=
-
-mips64_cflags := \
-  -DOPENSSL_NO_ASM \
-
-mips64_src_files :=
-
-mips64_exclude_files :=
-
-mips32r6_clang_asflags :=
-
-mips32r6_cflags := \
-  -DOPENSSL_NO_ASM \
-
-mips32r6_src_files :=
-
-mips32r6_exclude_files :=
-
-
-# "Temporary" hack until this can be fixed in openssl.config
-x86_64_cflags += -DRC4_INT="unsigned int"
-
-LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
-
-ifdef ARCH_MIPS_REV6
-mips_cflags := $(mips32r6_cflags)
-mips_src_files := $(mips32r6_src_files)
-mips_exclude_files := $(mips32r6_exclude_files)
-endif
-
-LOCAL_CFLAGS += $(common_cflags)
-LOCAL_C_INCLUDES += $(common_c_includes) $(local_c_includes)
-
-ifeq ($(HOST_OS),linux)
-LOCAL_CFLAGS_x86 += $(x86_cflags)
-LOCAL_SRC_FILES_x86 += $(filter-out $(x86_exclude_files), $(common_src_files) $(x86_src_files))
-LOCAL_CFLAGS_x86_64 += $(x86_64_cflags)
-LOCAL_SRC_FILES_x86_64 += $(filter-out $(x86_64_exclude_files), $(common_src_files) $(x86_64_src_files))
-else
-$(warning Unknown host OS $(HOST_OS))
-LOCAL_SRC_FILES += $(common_src_files)
-endif
diff --git a/Crypto-config-target.mk b/Crypto-config-target.mk
deleted file mode 100644
index 7fb86f5fd4..0000000000
--- a/Crypto-config-target.mk
+++ /dev/null
@@ -1,767 +0,0 @@
-# Auto-generated - DO NOT EDIT!
-# To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
-#
-# This script will append to the following variables:
-#
-#    LOCAL_CFLAGS
-#    LOCAL_C_INCLUDES
-#    LOCAL_SRC_FILES_$(TARGET_ARCH)
-#    LOCAL_SRC_FILES_$(TARGET_2ND_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_2ND_ARCH)
-#    LOCAL_ADDITIONAL_DEPENDENCIES
-#    LOCAL_EXPORT_C_INCLUDE_DIRS
-
-
-LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Crypto-config-target.mk
-
-common_cflags := \
-  -DNO_WINDOWS_BRAINDEATH \
-
-common_src_files := \
-  crypto/aes/aes_cbc.c \
-  crypto/aes/aes_cfb.c \
-  crypto/aes/aes_core.c \
-  crypto/aes/aes_ctr.c \
-  crypto/aes/aes_ecb.c \
-  crypto/aes/aes_misc.c \
-  crypto/aes/aes_ofb.c \
-  crypto/aes/aes_wrap.c \
-  crypto/asn1/a_bitstr.c \
-  crypto/asn1/a_bool.c \
-  crypto/asn1/a_bytes.c \
-  crypto/asn1/a_d2i_fp.c \
-  crypto/asn1/a_digest.c \
-  crypto/asn1/a_dup.c \
-  crypto/asn1/a_enum.c \
-  crypto/asn1/a_gentm.c \
-  crypto/asn1/a_i2d_fp.c \
-  crypto/asn1/a_int.c \
-  crypto/asn1/a_mbstr.c \
-  crypto/asn1/a_object.c \
-  crypto/asn1/a_octet.c \
-  crypto/asn1/a_print.c \
-  crypto/asn1/a_set.c \
-  crypto/asn1/a_sign.c \
-  crypto/asn1/a_strex.c \
-  crypto/asn1/a_strnid.c \
-  crypto/asn1/a_time.c \
-  crypto/asn1/a_type.c \
-  crypto/asn1/a_utctm.c \
-  crypto/asn1/a_utf8.c \
-  crypto/asn1/a_verify.c \
-  crypto/asn1/ameth_lib.c \
-  crypto/asn1/asn1_err.c \
-  crypto/asn1/asn1_gen.c \
-  crypto/asn1/asn1_lib.c \
-  crypto/asn1/asn1_par.c \
-  crypto/asn1/asn_mime.c \
-  crypto/asn1/asn_moid.c \
-  crypto/asn1/asn_pack.c \
-  crypto/asn1/bio_asn1.c \
-  crypto/asn1/bio_ndef.c \
-  crypto/asn1/d2i_pr.c \
-  crypto/asn1/d2i_pu.c \
-  crypto/asn1/evp_asn1.c \
-  crypto/asn1/f_enum.c \
-  crypto/asn1/f_int.c \
-  crypto/asn1/f_string.c \
-  crypto/asn1/i2d_pr.c \
-  crypto/asn1/i2d_pu.c \
-  crypto/asn1/n_pkey.c \
-  crypto/asn1/nsseq.c \
-  crypto/asn1/p5_pbe.c \
-  crypto/asn1/p5_pbev2.c \
-  crypto/asn1/p8_pkey.c \
-  crypto/asn1/t_bitst.c \
-  crypto/asn1/t_crl.c \
-  crypto/asn1/t_pkey.c \
-  crypto/asn1/t_req.c \
-  crypto/asn1/t_spki.c \
-  crypto/asn1/t_x509.c \
-  crypto/asn1/t_x509a.c \
-  crypto/asn1/tasn_dec.c \
-  crypto/asn1/tasn_enc.c \
-  crypto/asn1/tasn_fre.c \
-  crypto/asn1/tasn_new.c \
-  crypto/asn1/tasn_prn.c \
-  crypto/asn1/tasn_typ.c \
-  crypto/asn1/tasn_utl.c \
-  crypto/asn1/x_algor.c \
-  crypto/asn1/x_attrib.c \
-  crypto/asn1/x_bignum.c \
-  crypto/asn1/x_crl.c \
-  crypto/asn1/x_exten.c \
-  crypto/asn1/x_info.c \
-  crypto/asn1/x_long.c \
-  crypto/asn1/x_name.c \
-  crypto/asn1/x_nx509.c \
-  crypto/asn1/x_pkey.c \
-  crypto/asn1/x_pubkey.c \
-  crypto/asn1/x_req.c \
-  crypto/asn1/x_sig.c \
-  crypto/asn1/x_spki.c \
-  crypto/asn1/x_val.c \
-  crypto/asn1/x_x509.c \
-  crypto/asn1/x_x509a.c \
-  crypto/bf/bf_cfb64.c \
-  crypto/bf/bf_ecb.c \
-  crypto/bf/bf_enc.c \
-  crypto/bf/bf_ofb64.c \
-  crypto/bf/bf_skey.c \
-  crypto/bio/b_dump.c \
-  crypto/bio/b_print.c \
-  crypto/bio/b_sock.c \
-  crypto/bio/bf_buff.c \
-  crypto/bio/bf_nbio.c \
-  crypto/bio/bf_null.c \
-  crypto/bio/bio_cb.c \
-  crypto/bio/bio_err.c \
-  crypto/bio/bio_lib.c \
-  crypto/bio/bss_acpt.c \
-  crypto/bio/bss_bio.c \
-  crypto/bio/bss_conn.c \
-  crypto/bio/bss_dgram.c \
-  crypto/bio/bss_fd.c \
-  crypto/bio/bss_file.c \
-  crypto/bio/bss_log.c \
-  crypto/bio/bss_mem.c \
-  crypto/bio/bss_null.c \
-  crypto/bio/bss_sock.c \
-  crypto/bn/bn_add.c \
-  crypto/bn/bn_asm.c \
-  crypto/bn/bn_blind.c \
-  crypto/bn/bn_const.c \
-  crypto/bn/bn_ctx.c \
-  crypto/bn/bn_div.c \
-  crypto/bn/bn_err.c \
-  crypto/bn/bn_exp.c \
-  crypto/bn/bn_exp2.c \
-  crypto/bn/bn_gcd.c \
-  crypto/bn/bn_gf2m.c \
-  crypto/bn/bn_kron.c \
-  crypto/bn/bn_lib.c \
-  crypto/bn/bn_mod.c \
-  crypto/bn/bn_mont.c \
-  crypto/bn/bn_mpi.c \
-  crypto/bn/bn_mul.c \
-  crypto/bn/bn_nist.c \
-  crypto/bn/bn_prime.c \
-  crypto/bn/bn_print.c \
-  crypto/bn/bn_rand.c \
-  crypto/bn/bn_recp.c \
-  crypto/bn/bn_shift.c \
-  crypto/bn/bn_sqr.c \
-  crypto/bn/bn_sqrt.c \
-  crypto/bn/bn_word.c \
-  crypto/buffer/buf_err.c \
-  crypto/buffer/buf_str.c \
-  crypto/buffer/buffer.c \
-  crypto/cmac/cm_ameth.c \
-  crypto/cmac/cm_pmeth.c \
-  crypto/cmac/cmac.c \
-  crypto/cms/cms_asn1.c \
-  crypto/cms/cms_att.c \
-  crypto/cms/cms_cd.c \
-  crypto/cms/cms_dd.c \
-  crypto/cms/cms_enc.c \
-  crypto/cms/cms_env.c \
-  crypto/cms/cms_err.c \
-  crypto/cms/cms_ess.c \
-  crypto/cms/cms_io.c \
-  crypto/cms/cms_lib.c \
-  crypto/cms/cms_pwri.c \
-  crypto/cms/cms_sd.c \
-  crypto/cms/cms_smime.c \
-  crypto/comp/c_rle.c \
-  crypto/comp/c_zlib.c \
-  crypto/comp/comp_err.c \
-  crypto/comp/comp_lib.c \
-  crypto/conf/conf_api.c \
-  crypto/conf/conf_def.c \
-  crypto/conf/conf_err.c \
-  crypto/conf/conf_lib.c \
-  crypto/conf/conf_mall.c \
-  crypto/conf/conf_mod.c \
-  crypto/conf/conf_sap.c \
-  crypto/constant_time_locl.h \
-  crypto/cpt_err.c \
-  crypto/cryptlib.c \
-  crypto/cversion.c \
-  crypto/des/cbc_cksm.c \
-  crypto/des/cbc_enc.c \
-  crypto/des/cfb64ede.c \
-  crypto/des/cfb64enc.c \
-  crypto/des/cfb_enc.c \
-  crypto/des/des_enc.c \
-  crypto/des/des_old.c \
-  crypto/des/des_old2.c \
-  crypto/des/ecb3_enc.c \
-  crypto/des/ecb_enc.c \
-  crypto/des/ede_cbcm_enc.c \
-  crypto/des/enc_read.c \
-  crypto/des/enc_writ.c \
-  crypto/des/fcrypt.c \
-  crypto/des/fcrypt_b.c \
-  crypto/des/ofb64ede.c \
-  crypto/des/ofb64enc.c \
-  crypto/des/ofb_enc.c \
-  crypto/des/pcbc_enc.c \
-  crypto/des/qud_cksm.c \
-  crypto/des/rand_key.c \
-  crypto/des/read2pwd.c \
-  crypto/des/rpc_enc.c \
-  crypto/des/set_key.c \
-  crypto/des/str2key.c \
-  crypto/des/xcbc_enc.c \
-  crypto/dh/dh_ameth.c \
-  crypto/dh/dh_asn1.c \
-  crypto/dh/dh_check.c \
-  crypto/dh/dh_depr.c \
-  crypto/dh/dh_err.c \
-  crypto/dh/dh_gen.c \
-  crypto/dh/dh_key.c \
-  crypto/dh/dh_lib.c \
-  crypto/dh/dh_pmeth.c \
-  crypto/dsa/dsa_ameth.c \
-  crypto/dsa/dsa_asn1.c \
-  crypto/dsa/dsa_depr.c \
-  crypto/dsa/dsa_err.c \
-  crypto/dsa/dsa_gen.c \
-  crypto/dsa/dsa_key.c \
-  crypto/dsa/dsa_lib.c \
-  crypto/dsa/dsa_ossl.c \
-  crypto/dsa/dsa_pmeth.c \
-  crypto/dsa/dsa_prn.c \
-  crypto/dsa/dsa_sign.c \
-  crypto/dsa/dsa_vrf.c \
-  crypto/dso/dso_dl.c \
-  crypto/dso/dso_dlfcn.c \
-  crypto/dso/dso_err.c \
-  crypto/dso/dso_lib.c \
-  crypto/dso/dso_null.c \
-  crypto/dso/dso_openssl.c \
-  crypto/ebcdic.c \
-  crypto/ec/ec2_mult.c \
-  crypto/ec/ec2_oct.c \
-  crypto/ec/ec2_smpl.c \
-  crypto/ec/ec_ameth.c \
-  crypto/ec/ec_asn1.c \
-  crypto/ec/ec_check.c \
-  crypto/ec/ec_curve.c \
-  crypto/ec/ec_cvt.c \
-  crypto/ec/ec_err.c \
-  crypto/ec/ec_key.c \
-  crypto/ec/ec_lib.c \
-  crypto/ec/ec_mult.c \
-  crypto/ec/ec_oct.c \
-  crypto/ec/ec_pmeth.c \
-  crypto/ec/ec_print.c \
-  crypto/ec/eck_prn.c \
-  crypto/ec/ecp_mont.c \
-  crypto/ec/ecp_nist.c \
-  crypto/ec/ecp_oct.c \
-  crypto/ec/ecp_smpl.c \
-  crypto/ecdh/ech_err.c \
-  crypto/ecdh/ech_key.c \
-  crypto/ecdh/ech_lib.c \
-  crypto/ecdh/ech_ossl.c \
-  crypto/ecdsa/ecs_asn1.c \
-  crypto/ecdsa/ecs_err.c \
-  crypto/ecdsa/ecs_lib.c \
-  crypto/ecdsa/ecs_ossl.c \
-  crypto/ecdsa/ecs_sign.c \
-  crypto/ecdsa/ecs_vrf.c \
-  crypto/engine/eng_all.c \
-  crypto/engine/eng_cnf.c \
-  crypto/engine/eng_ctrl.c \
-  crypto/engine/eng_dyn.c \
-  crypto/engine/eng_err.c \
-  crypto/engine/eng_fat.c \
-  crypto/engine/eng_init.c \
-  crypto/engine/eng_lib.c \
-  crypto/engine/eng_list.c \
-  crypto/engine/eng_pkey.c \
-  crypto/engine/eng_table.c \
-  crypto/engine/tb_asnmth.c \
-  crypto/engine/tb_cipher.c \
-  crypto/engine/tb_dh.c \
-  crypto/engine/tb_digest.c \
-  crypto/engine/tb_dsa.c \
-  crypto/engine/tb_ecdh.c \
-  crypto/engine/tb_ecdsa.c \
-  crypto/engine/tb_pkmeth.c \
-  crypto/engine/tb_rand.c \
-  crypto/engine/tb_rsa.c \
-  crypto/engine/tb_store.c \
-  crypto/err/err.c \
-  crypto/err/err_all.c \
-  crypto/err/err_prn.c \
-  crypto/evp/bio_b64.c \
-  crypto/evp/bio_enc.c \
-  crypto/evp/bio_md.c \
-  crypto/evp/bio_ok.c \
-  crypto/evp/c_all.c \
-  crypto/evp/c_allc.c \
-  crypto/evp/c_alld.c \
-  crypto/evp/digest.c \
-  crypto/evp/e_aes.c \
-  crypto/evp/e_aes_cbc_hmac_sha1.c \
-  crypto/evp/e_bf.c \
-  crypto/evp/e_des.c \
-  crypto/evp/e_des3.c \
-  crypto/evp/e_null.c \
-  crypto/evp/e_old.c \
-  crypto/evp/e_rc2.c \
-  crypto/evp/e_rc4.c \
-  crypto/evp/e_rc4_hmac_md5.c \
-  crypto/evp/e_rc5.c \
-  crypto/evp/e_xcbc_d.c \
-  crypto/evp/encode.c \
-  crypto/evp/evp_acnf.c \
-  crypto/evp/evp_cnf.c \
-  crypto/evp/evp_enc.c \
-  crypto/evp/evp_err.c \
-  crypto/evp/evp_key.c \
-  crypto/evp/evp_lib.c \
-  crypto/evp/evp_pbe.c \
-  crypto/evp/evp_pkey.c \
-  crypto/evp/m_dss.c \
-  crypto/evp/m_dss1.c \
-  crypto/evp/m_ecdsa.c \
-  crypto/evp/m_md4.c \
-  crypto/evp/m_md5.c \
-  crypto/evp/m_mdc2.c \
-  crypto/evp/m_null.c \
-  crypto/evp/m_sha1.c \
-  crypto/evp/m_sigver.c \
-  crypto/evp/m_wp.c \
-  crypto/evp/names.c \
-  crypto/evp/p5_crpt.c \
-  crypto/evp/p5_crpt2.c \
-  crypto/evp/p_dec.c \
-  crypto/evp/p_enc.c \
-  crypto/evp/p_lib.c \
-  crypto/evp/p_open.c \
-  crypto/evp/p_seal.c \
-  crypto/evp/p_sign.c \
-  crypto/evp/p_verify.c \
-  crypto/evp/pmeth_fn.c \
-  crypto/evp/pmeth_gn.c \
-  crypto/evp/pmeth_lib.c \
-  crypto/ex_data.c \
-  crypto/hmac/hm_ameth.c \
-  crypto/hmac/hm_pmeth.c \
-  crypto/hmac/hmac.c \
-  crypto/krb5/krb5_asn.c \
-  crypto/lhash/lh_stats.c \
-  crypto/lhash/lhash.c \
-  crypto/md4/md4_dgst.c \
-  crypto/md4/md4_one.c \
-  crypto/md5/md5_dgst.c \
-  crypto/md5/md5_one.c \
-  crypto/mem.c \
-  crypto/mem_clr.c \
-  crypto/mem_dbg.c \
-  crypto/modes/cbc128.c \
-  crypto/modes/ccm128.c \
-  crypto/modes/cfb128.c \
-  crypto/modes/ctr128.c \
-  crypto/modes/gcm128.c \
-  crypto/modes/ofb128.c \
-  crypto/modes/xts128.c \
-  crypto/o_dir.c \
-  crypto/o_init.c \
-  crypto/o_str.c \
-  crypto/o_time.c \
-  crypto/objects/o_names.c \
-  crypto/objects/obj_dat.c \
-  crypto/objects/obj_err.c \
-  crypto/objects/obj_lib.c \
-  crypto/objects/obj_xref.c \
-  crypto/ocsp/ocsp_asn.c \
-  crypto/ocsp/ocsp_cl.c \
-  crypto/ocsp/ocsp_err.c \
-  crypto/ocsp/ocsp_ext.c \
-  crypto/ocsp/ocsp_ht.c \
-  crypto/ocsp/ocsp_lib.c \
-  crypto/ocsp/ocsp_prn.c \
-  crypto/ocsp/ocsp_srv.c \
-  crypto/ocsp/ocsp_vfy.c \
-  crypto/pem/pem_all.c \
-  crypto/pem/pem_err.c \
-  crypto/pem/pem_info.c \
-  crypto/pem/pem_lib.c \
-  crypto/pem/pem_oth.c \
-  crypto/pem/pem_pk8.c \
-  crypto/pem/pem_pkey.c \
-  crypto/pem/pem_seal.c \
-  crypto/pem/pem_sign.c \
-  crypto/pem/pem_x509.c \
-  crypto/pem/pem_xaux.c \
-  crypto/pem/pvkfmt.c \
-  crypto/pkcs12/p12_add.c \
-  crypto/pkcs12/p12_asn.c \
-  crypto/pkcs12/p12_attr.c \
-  crypto/pkcs12/p12_crpt.c \
-  crypto/pkcs12/p12_crt.c \
-  crypto/pkcs12/p12_decr.c \
-  crypto/pkcs12/p12_init.c \
-  crypto/pkcs12/p12_key.c \
-  crypto/pkcs12/p12_kiss.c \
-  crypto/pkcs12/p12_mutl.c \
-  crypto/pkcs12/p12_npas.c \
-  crypto/pkcs12/p12_p8d.c \
-  crypto/pkcs12/p12_p8e.c \
-  crypto/pkcs12/p12_utl.c \
-  crypto/pkcs12/pk12err.c \
-  crypto/pkcs7/pk7_asn1.c \
-  crypto/pkcs7/pk7_attr.c \
-  crypto/pkcs7/pk7_doit.c \
-  crypto/pkcs7/pk7_lib.c \
-  crypto/pkcs7/pk7_mime.c \
-  crypto/pkcs7/pk7_smime.c \
-  crypto/pkcs7/pkcs7err.c \
-  crypto/pqueue/pqueue.c \
-  crypto/rand/md_rand.c \
-  crypto/rand/rand_egd.c \
-  crypto/rand/rand_err.c \
-  crypto/rand/rand_lib.c \
-  crypto/rand/rand_unix.c \
-  crypto/rand/rand_win.c \
-  crypto/rand/randfile.c \
-  crypto/rc2/rc2_cbc.c \
-  crypto/rc2/rc2_ecb.c \
-  crypto/rc2/rc2_skey.c \
-  crypto/rc2/rc2cfb64.c \
-  crypto/rc2/rc2ofb64.c \
-  crypto/rc4/rc4_enc.c \
-  crypto/rc4/rc4_skey.c \
-  crypto/rc4/rc4_utl.c \
-  crypto/rsa/rsa_ameth.c \
-  crypto/rsa/rsa_asn1.c \
-  crypto/rsa/rsa_chk.c \
-  crypto/rsa/rsa_crpt.c \
-  crypto/rsa/rsa_eay.c \
-  crypto/rsa/rsa_err.c \
-  crypto/rsa/rsa_gen.c \
-  crypto/rsa/rsa_lib.c \
-  crypto/rsa/rsa_none.c \
-  crypto/rsa/rsa_null.c \
-  crypto/rsa/rsa_oaep.c \
-  crypto/rsa/rsa_pk1.c \
-  crypto/rsa/rsa_pmeth.c \
-  crypto/rsa/rsa_prn.c \
-  crypto/rsa/rsa_pss.c \
-  crypto/rsa/rsa_saos.c \
-  crypto/rsa/rsa_sign.c \
-  crypto/rsa/rsa_ssl.c \
-  crypto/rsa/rsa_x931.c \
-  crypto/sha/sha1_one.c \
-  crypto/sha/sha1dgst.c \
-  crypto/sha/sha256.c \
-  crypto/sha/sha512.c \
-  crypto/sha/sha_dgst.c \
-  crypto/srp/srp_lib.c \
-  crypto/srp/srp_vfy.c \
-  crypto/stack/stack.c \
-  crypto/ts/ts_err.c \
-  crypto/txt_db/txt_db.c \
-  crypto/ui/ui_compat.c \
-  crypto/ui/ui_err.c \
-  crypto/ui/ui_lib.c \
-  crypto/ui/ui_openssl.c \
-  crypto/ui/ui_util.c \
-  crypto/uid.c \
-  crypto/x509/by_dir.c \
-  crypto/x509/by_file.c \
-  crypto/x509/x509_att.c \
-  crypto/x509/x509_cmp.c \
-  crypto/x509/x509_d2.c \
-  crypto/x509/x509_def.c \
-  crypto/x509/x509_err.c \
-  crypto/x509/x509_ext.c \
-  crypto/x509/x509_lu.c \
-  crypto/x509/x509_obj.c \
-  crypto/x509/x509_r2x.c \
-  crypto/x509/x509_req.c \
-  crypto/x509/x509_set.c \
-  crypto/x509/x509_trs.c \
-  crypto/x509/x509_txt.c \
-  crypto/x509/x509_v3.c \
-  crypto/x509/x509_vfy.c \
-  crypto/x509/x509_vpm.c \
-  crypto/x509/x509cset.c \
-  crypto/x509/x509name.c \
-  crypto/x509/x509rset.c \
-  crypto/x509/x509spki.c \
-  crypto/x509/x509type.c \
-  crypto/x509/x_all.c \
-  crypto/x509v3/pcy_cache.c \
-  crypto/x509v3/pcy_data.c \
-  crypto/x509v3/pcy_lib.c \
-  crypto/x509v3/pcy_map.c \
-  crypto/x509v3/pcy_node.c \
-  crypto/x509v3/pcy_tree.c \
-  crypto/x509v3/v3_akey.c \
-  crypto/x509v3/v3_akeya.c \
-  crypto/x509v3/v3_alt.c \
-  crypto/x509v3/v3_bcons.c \
-  crypto/x509v3/v3_bitst.c \
-  crypto/x509v3/v3_conf.c \
-  crypto/x509v3/v3_cpols.c \
-  crypto/x509v3/v3_crld.c \
-  crypto/x509v3/v3_enum.c \
-  crypto/x509v3/v3_extku.c \
-  crypto/x509v3/v3_genn.c \
-  crypto/x509v3/v3_ia5.c \
-  crypto/x509v3/v3_info.c \
-  crypto/x509v3/v3_int.c \
-  crypto/x509v3/v3_lib.c \
-  crypto/x509v3/v3_ncons.c \
-  crypto/x509v3/v3_ocsp.c \
-  crypto/x509v3/v3_pci.c \
-  crypto/x509v3/v3_pcia.c \
-  crypto/x509v3/v3_pcons.c \
-  crypto/x509v3/v3_pku.c \
-  crypto/x509v3/v3_pmaps.c \
-  crypto/x509v3/v3_prn.c \
-  crypto/x509v3/v3_purp.c \
-  crypto/x509v3/v3_skey.c \
-  crypto/x509v3/v3_sxnet.c \
-  crypto/x509v3/v3_utl.c \
-  crypto/x509v3/v3err.c \
-
-common_c_includes := \
-  external/openssl/. \
-  external/openssl/crypto \
-  external/openssl/crypto/asn1 \
-  external/openssl/crypto/evp \
-  external/openssl/crypto/modes \
-  external/openssl/include \
-  external/openssl/include/openssl \
-
-arm_clang_asflags := \
-  -no-integrated-as \
-
-arm_cflags := \
-  -DAES_ASM \
-  -DBSAES_ASM \
-  -DDES_UNROLL \
-  -DGHASH_ASM \
-  -DOPENSSL_BN_ASM_GF2m \
-  -DOPENSSL_BN_ASM_MONT \
-  -DOPENSSL_CPUID_OBJ \
-  -DSHA1_ASM \
-  -DSHA256_ASM \
-  -DSHA512_ASM \
-
-arm_src_files := \
-  crypto/aes/asm/aes-armv4.S \
-  crypto/aes/asm/aesv8-armx.S \
-  crypto/aes/asm/bsaes-armv7.S \
-  crypto/armcap.c \
-  crypto/armv4cpuid.S \
-  crypto/bn/asm/armv4-gf2m.S \
-  crypto/bn/asm/armv4-mont.S \
-  crypto/modes/asm/ghash-armv4.S \
-  crypto/modes/asm/ghashv8-armx.S \
-  crypto/sha/asm/sha1-armv4-large.S \
-  crypto/sha/asm/sha256-armv4.S \
-  crypto/sha/asm/sha512-armv4.S \
-
-arm_exclude_files := \
-  crypto/aes/aes_core.c \
-  crypto/mem_clr.c \
-
-arm64_clang_asflags := \
-  -no-integrated-as \
-
-arm64_cflags := \
-  -DDES_UNROLL \
-  -DOPENSSL_CPUID_OBJ \
-  -DSHA1_ASM \
-  -DSHA256_ASM \
-  -DSHA512_ASM \
-
-arm64_src_files := \
-  crypto/aes/asm/aesv8-armx-64.S \
-  crypto/arm64cpuid.S \
-  crypto/armcap.c \
-  crypto/modes/asm/ghashv8-armx-64.S \
-  crypto/sha/asm/sha1-armv8.S \
-  crypto/sha/asm/sha256-armv8.S \
-  crypto/sha/asm/sha512-armv8.S \
-
-arm64_exclude_files :=
-
-x86_clang_asflags :=
-
-x86_cflags := \
-  -DAES_ASM \
-  -DDES_PTR \
-  -DDES_RISC1 \
-  -DDES_UNROLL \
-  -DGHASH_ASM \
-  -DMD5_ASM \
-  -DOPENSSL_BN_ASM_GF2m \
-  -DOPENSSL_BN_ASM_MONT \
-  -DOPENSSL_BN_ASM_PART_WORDS \
-  -DOPENSSL_CPUID_OBJ \
-  -DOPENSSL_IA32_SSE2 \
-  -DRC4_INDEX \
-  -DRMD160_ASM \
-  -DSHA1_ASM \
-  -DSHA256_ASM \
-  -DSHA512_ASM \
-  -DVPAES_ASM \
-
-x86_src_files := \
-  crypto/aes/asm/aes-586.S \
-  crypto/aes/asm/aesni-x86.S \
-  crypto/aes/asm/vpaes-x86.S \
-  crypto/bf/asm/bf-586.S \
-  crypto/bn/asm/bn-586.S \
-  crypto/bn/asm/co-586.S \
-  crypto/bn/asm/x86-gf2m.S \
-  crypto/bn/asm/x86-mont.S \
-  crypto/des/asm/crypt586.S \
-  crypto/des/asm/des-586.S \
-  crypto/md5/asm/md5-586.S \
-  crypto/modes/asm/ghash-x86.S \
-  crypto/sha/asm/sha1-586.S \
-  crypto/sha/asm/sha256-586.S \
-  crypto/sha/asm/sha512-586.S \
-  crypto/x86cpuid.S \
-
-x86_exclude_files := \
-  crypto/aes/aes_cbc.c \
-  crypto/aes/aes_core.c \
-  crypto/bf/bf_enc.c \
-  crypto/bn/bn_asm.c \
-  crypto/des/des_enc.c \
-  crypto/des/fcrypt_b.c \
-  crypto/mem_clr.c \
-
-x86_64_clang_asflags :=
-
-x86_64_cflags := \
-  -DAES_ASM \
-  -DBSAES_ASM \
-  -DDES_UNROLL \
-  -DGHASH_ASM \
-  -DMD5_ASM \
-  -DOPENSSL_BN_ASM_GF2m \
-  -DOPENSSL_BN_ASM_MONT \
-  -DOPENSSL_BN_ASM_MONT5 \
-  -DOPENSSL_CPUID_OBJ \
-  -DOPENSSL_IA32_SSE2 \
-  -DSHA1_ASM \
-  -DSHA256_ASM \
-  -DSHA512_ASM \
-  -DVPAES_ASM \
-
-x86_64_src_files := \
-  crypto/aes/asm/aes-x86_64.S \
-  crypto/aes/asm/aesni-sha1-x86_64.S \
-  crypto/aes/asm/aesni-x86_64.S \
-  crypto/aes/asm/bsaes-x86_64.S \
-  crypto/aes/asm/vpaes-x86_64.S \
-  crypto/bn/asm/modexp512-x86_64.S \
-  crypto/bn/asm/x86_64-gcc.c \
-  crypto/bn/asm/x86_64-gf2m.S \
-  crypto/bn/asm/x86_64-mont.S \
-  crypto/bn/asm/x86_64-mont5.S \
-  crypto/md5/asm/md5-x86_64.S \
-  crypto/modes/asm/ghash-x86_64.S \
-  crypto/rc4/asm/rc4-md5-x86_64.S \
-  crypto/rc4/asm/rc4-x86_64.S \
-  crypto/sha/asm/sha1-x86_64.S \
-  crypto/sha/asm/sha256-x86_64.S \
-  crypto/sha/asm/sha512-x86_64.S \
-  crypto/x86_64cpuid.S \
-
-x86_64_exclude_files := \
-  crypto/aes/aes_cbc.c \
-  crypto/aes/aes_core.c \
-  crypto/bn/bn_asm.c \
-  crypto/mem_clr.c \
-  crypto/rc4/rc4_enc.c \
-  crypto/rc4/rc4_skey.c \
-
-mips_clang_asflags :=
-
-mips_cflags := \
-  -DAES_ASM \
-  -DOPENSSL_BN_ASM_MONT \
-  -DSHA1_ASM \
-  -DSHA256_ASM \
-
-mips_src_files := \
-  crypto/aes/asm/aes-mips.S \
-  crypto/bn/asm/bn-mips.S \
-  crypto/bn/asm/mips-mont.S \
-  crypto/sha/asm/sha1-mips.S \
-  crypto/sha/asm/sha256-mips.S \
-
-mips_exclude_files := \
-  crypto/aes/aes_core.c \
-  crypto/bn/bn_asm.c \
-
-mips64_clang_asflags :=
-
-mips64_cflags := \
-  -DOPENSSL_NO_ASM \
-
-mips64_src_files :=
-
-mips64_exclude_files :=
-
-mips32r6_clang_asflags :=
-
-mips32r6_cflags := \
-  -DOPENSSL_NO_ASM \
-
-mips32r6_src_files :=
-
-mips32r6_exclude_files :=
-
-
-# "Temporary" hack until this can be fixed in openssl.config
-x86_64_cflags += -DRC4_INT="unsigned int"
-
-LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
-
-ifdef ARCH_MIPS_REV6
-mips_cflags := $(mips32r6_cflags)
-mips_src_files := $(mips32r6_src_files)
-mips_exclude_files := $(mips32r6_exclude_files)
-endif
-
-LOCAL_CFLAGS += $(common_cflags)
-LOCAL_C_INCLUDES += $(common_c_includes)
-
-LOCAL_SRC_FILES_arm += $(filter-out $(arm_exclude_files),$(common_src_files) $(arm_src_files))
-LOCAL_CFLAGS_arm += $(arm_cflags)
-LOCAL_CLANG_ASFLAGS_arm += $(arm_clang_asflags)
-
-LOCAL_SRC_FILES_arm64 += $(filter-out $(arm64_exclude_files),$(common_src_files) $(arm64_src_files))
-LOCAL_CFLAGS_arm64 += $(arm64_cflags)
-LOCAL_CLANG_ASFLAGS_arm64 += $(arm64_clang_asflags)
-
-LOCAL_SRC_FILES_x86 += $(filter-out $(x86_exclude_files),$(common_src_files) $(x86_src_files))
-LOCAL_CFLAGS_x86 += $(x86_cflags)
-LOCAL_CLANG_ASFLAGS_x86 += $(x86_clang_asflags)
-
-LOCAL_SRC_FILES_x86_64 += $(filter-out $(x86_64_exclude_files),$(common_src_files) $(x86_64_src_files))
-LOCAL_CFLAGS_x86_64 += $(x86_64_cflags)
-LOCAL_CLANG_ASFLAGS_x86_64 += $(x86_64_clang_asflags)
-
-LOCAL_SRC_FILES_mips += $(filter-out $(mips_exclude_files),$(common_src_files) $(mips_src_files))
-LOCAL_CFLAGS_mips += $(mips_cflags)
-LOCAL_CLANG_ASFLAGS_mips += $(mips_clang_asflags)
-
-LOCAL_SRC_FILES_mips64 += $(filter-out $(mips64_exclude_files),$(common_src_files) $(mips64_src_files))
-LOCAL_CFLAGS_mips64 += $(mips64_cflags)
-LOCAL_CLANG_ASFLAGS_mips64 += $(mips64_clang_asflags)
diff --git a/Crypto-config-trusty.mk b/Crypto-config-trusty.mk
deleted file mode 100644
index cc22723ba0..0000000000
--- a/Crypto-config-trusty.mk
+++ /dev/null
@@ -1,306 +0,0 @@
-# Auto-generated - DO NOT EDIT!
-# To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
-#
-# This script will append to the following variables:
-#
-#    LOCAL_CFLAGS
-#    LOCAL_C_INCLUDES
-#    LOCAL_SRC_FILES_$(TARGET_ARCH)
-#    LOCAL_SRC_FILES_$(TARGET_2ND_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_2ND_ARCH)
-#    LOCAL_ADDITIONAL_DEPENDENCIES
-#    LOCAL_EXPORT_C_INCLUDE_DIRS
-
-
-LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Crypto-config-trusty.mk
-
-common_cflags := \
-  -DGETPID_IS_MEANINGLESS \
-  -DNO_WINDOWS_BRAINDEATH \
-
-common_src_files := \
-  Crypto-config.mk \
-  crypto/aes/aes_cbc.c \
-  crypto/aes/aes_misc.c \
-  crypto/asn1/a_bitstr.c \
-  crypto/asn1/a_d2i_fp.c \
-  crypto/asn1/a_int.c \
-  crypto/asn1/a_object.c \
-  crypto/asn1/a_octet.c \
-  crypto/asn1/a_type.c \
-  crypto/asn1/ameth_lib.c \
-  crypto/asn1/asn1_lib.c \
-  crypto/asn1/asn_pack.c \
-  crypto/asn1/d2i_pr.c \
-  crypto/asn1/f_int.c \
-  crypto/asn1/i2d_pr.c \
-  crypto/asn1/p8_pkey.c \
-  crypto/asn1/t_pkey.c \
-  crypto/asn1/t_x509.c \
-  crypto/asn1/tasn_dec.c \
-  crypto/asn1/tasn_enc.c \
-  crypto/asn1/tasn_fre.c \
-  crypto/asn1/tasn_new.c \
-  crypto/asn1/tasn_typ.c \
-  crypto/asn1/tasn_utl.c \
-  crypto/asn1/x_algor.c \
-  crypto/asn1/x_attrib.c \
-  crypto/asn1/x_bignum.c \
-  crypto/asn1/x_long.c \
-  crypto/asn1/x_pubkey.c \
-  crypto/asn1/x_sig.c \
-  crypto/bio/b_print.c \
-  crypto/bio/bio_lib.c \
-  crypto/bio/bss_mem.c \
-  crypto/bn/bn_add.c \
-  crypto/bn/bn_asm.c \
-  crypto/bn/bn_blind.c \
-  crypto/bn/bn_ctx.c \
-  crypto/bn/bn_div.c \
-  crypto/bn/bn_exp.c \
-  crypto/bn/bn_exp2.c \
-  crypto/bn/bn_gcd.c \
-  crypto/bn/bn_gf2m.c \
-  crypto/bn/bn_kron.c \
-  crypto/bn/bn_lib.c \
-  crypto/bn/bn_mod.c \
-  crypto/bn/bn_mont.c \
-  crypto/bn/bn_mul.c \
-  crypto/bn/bn_nist.c \
-  crypto/bn/bn_prime.c \
-  crypto/bn/bn_print.c \
-  crypto/bn/bn_rand.c \
-  crypto/bn/bn_recp.c \
-  crypto/bn/bn_shift.c \
-  crypto/bn/bn_sqr.c \
-  crypto/bn/bn_sqrt.c \
-  crypto/bn/bn_word.c \
-  crypto/buffer/buf_str.c \
-  crypto/buffer/buffer.c \
-  crypto/cmac/cm_ameth.c \
-  crypto/cmac/cm_pmeth.c \
-  crypto/cmac/cmac.c \
-  crypto/cryptlib.c \
-  crypto/dh/dh_ameth.c \
-  crypto/dh/dh_asn1.c \
-  crypto/dh/dh_check.c \
-  crypto/dh/dh_gen.c \
-  crypto/dh/dh_key.c \
-  crypto/dh/dh_lib.c \
-  crypto/dh/dh_pmeth.c \
-  crypto/dsa/dsa_ameth.c \
-  crypto/dsa/dsa_asn1.c \
-  crypto/dsa/dsa_gen.c \
-  crypto/dsa/dsa_key.c \
-  crypto/dsa/dsa_lib.c \
-  crypto/dsa/dsa_ossl.c \
-  crypto/dsa/dsa_pmeth.c \
-  crypto/dsa/dsa_sign.c \
-  crypto/dsa/dsa_vrf.c \
-  crypto/ec/ec2_mult.c \
-  crypto/ec/ec2_oct.c \
-  crypto/ec/ec2_smpl.c \
-  crypto/ec/ec_ameth.c \
-  crypto/ec/ec_asn1.c \
-  crypto/ec/ec_curve.c \
-  crypto/ec/ec_cvt.c \
-  crypto/ec/ec_key.c \
-  crypto/ec/ec_lib.c \
-  crypto/ec/ec_mult.c \
-  crypto/ec/ec_oct.c \
-  crypto/ec/ec_pmeth.c \
-  crypto/ec/ec_print.c \
-  crypto/ec/eck_prn.c \
-  crypto/ec/ecp_mont.c \
-  crypto/ec/ecp_nist.c \
-  crypto/ec/ecp_oct.c \
-  crypto/ec/ecp_smpl.c \
-  crypto/ecdh/ech_key.c \
-  crypto/ecdh/ech_lib.c \
-  crypto/ecdh/ech_ossl.c \
-  crypto/ecdsa/ecs_asn1.c \
-  crypto/ecdsa/ecs_lib.c \
-  crypto/ecdsa/ecs_ossl.c \
-  crypto/ecdsa/ecs_sign.c \
-  crypto/ecdsa/ecs_vrf.c \
-  crypto/engine/eng_init.c \
-  crypto/engine/eng_lib.c \
-  crypto/engine/eng_table.c \
-  crypto/engine/tb_asnmth.c \
-  crypto/engine/tb_cipher.c \
-  crypto/engine/tb_dh.c \
-  crypto/engine/tb_digest.c \
-  crypto/engine/tb_dsa.c \
-  crypto/engine/tb_ecdh.c \
-  crypto/engine/tb_ecdsa.c \
-  crypto/engine/tb_pkmeth.c \
-  crypto/engine/tb_rand.c \
-  crypto/engine/tb_rsa.c \
-  crypto/err/err.c \
-  crypto/evp/digest.c \
-  crypto/evp/e_aes.c \
-  crypto/evp/evp_enc.c \
-  crypto/evp/evp_lib.c \
-  crypto/evp/evp_pkey.c \
-  crypto/evp/m_sha1.c \
-  crypto/evp/m_sigver.c \
-  crypto/evp/names.c \
-  crypto/evp/p_lib.c \
-  crypto/evp/pmeth_fn.c \
-  crypto/evp/pmeth_gn.c \
-  crypto/evp/pmeth_lib.c \
-  crypto/ex_data.c \
-  crypto/hmac/hm_ameth.c \
-  crypto/hmac/hm_pmeth.c \
-  crypto/hmac/hmac.c \
-  crypto/lhash/lhash.c \
-  crypto/mem.c \
-  crypto/mem_clr.c \
-  crypto/mem_dbg.c \
-  crypto/modes/cbc128.c \
-  crypto/modes/ctr128.c \
-  crypto/objects/o_names.c \
-  crypto/objects/obj_dat.c \
-  crypto/objects/obj_xref.c \
-  crypto/pkcs7/pk7_lib.c \
-  crypto/rand/md_rand.c \
-  crypto/rand/rand_lib.c \
-  crypto/rsa/rsa_ameth.c \
-  crypto/rsa/rsa_asn1.c \
-  crypto/rsa/rsa_chk.c \
-  crypto/rsa/rsa_crpt.c \
-  crypto/rsa/rsa_eay.c \
-  crypto/rsa/rsa_gen.c \
-  crypto/rsa/rsa_lib.c \
-  crypto/rsa/rsa_none.c \
-  crypto/rsa/rsa_oaep.c \
-  crypto/rsa/rsa_pk1.c \
-  crypto/rsa/rsa_pmeth.c \
-  crypto/rsa/rsa_pss.c \
-  crypto/rsa/rsa_saos.c \
-  crypto/rsa/rsa_sign.c \
-  crypto/rsa/rsa_ssl.c \
-  crypto/rsa/rsa_x931.c \
-  crypto/sha/sha1_one.c \
-  crypto/sha/sha1dgst.c \
-  crypto/sha/sha256.c \
-  crypto/sha/sha512.c \
-  crypto/stack/stack.c \
-  crypto/x509/x_all.c \
-  crypto/x509v3/v3_utl.c \
-
-common_c_includes := \
-  external/openssl/. \
-  external/openssl/crypto \
-  external/openssl/crypto/asn1 \
-  external/openssl/crypto/evp \
-  external/openssl/crypto/modes \
-  external/openssl/include \
-  external/openssl/include/openssl \
-
-arm_clang_asflags :=
-
-arm_cflags := \
-  -DAES_ASM \
-  -DGHASH_ASM \
-  -DOPENSSL_BN_ASM_GF2m \
-  -DOPENSSL_BN_ASM_MONT \
-  -DSHA1_ASM \
-  -DSHA256_ASM \
-  -DSHA512_ASM \
-
-arm_src_files := \
-  crypto/aes/asm/aes-armv4.S \
-  crypto/bn/asm/armv4-gf2m.S \
-  crypto/bn/asm/armv4-mont.S \
-  crypto/sha/asm/sha1-armv4-large.S \
-  crypto/sha/asm/sha256-armv4.S \
-  crypto/sha/asm/sha512-armv4.S \
-
-arm_exclude_files :=
-
-arm64_clang_asflags :=
-
-arm64_cflags :=
-
-arm64_src_files :=
-
-arm64_exclude_files :=
-
-x86_clang_asflags :=
-
-x86_cflags :=
-
-x86_src_files :=
-
-x86_exclude_files :=
-
-x86_64_clang_asflags :=
-
-x86_64_cflags :=
-
-x86_64_src_files :=
-
-x86_64_exclude_files :=
-
-mips_clang_asflags :=
-
-mips_cflags :=
-
-mips_src_files :=
-
-mips_exclude_files :=
-
-mips64_clang_asflags :=
-
-mips64_cflags :=
-
-mips64_src_files :=
-
-mips64_exclude_files :=
-
-mips32r6_clang_asflags :=
-
-mips32r6_cflags :=
-
-mips32r6_src_files :=
-
-mips32r6_exclude_files :=
-
-
-LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
-
-ifdef ARCH_MIPS_REV6
-mips_cflags := $(mips32r6_cflags)
-mips_src_files := $(mips32r6_src_files)
-mips_exclude_files := $(mips32r6_exclude_files)
-endif
-
-LOCAL_CFLAGS += $(common_cflags)
-LOCAL_C_INCLUDES += $(common_c_includes)
-
-LOCAL_SRC_FILES_arm += $(filter-out $(arm_exclude_files),$(common_src_files) $(arm_src_files))
-LOCAL_CFLAGS_arm += $(arm_cflags)
-LOCAL_CLANG_ASFLAGS_arm += $(arm_clang_asflags)
-
-LOCAL_SRC_FILES_arm64 += $(filter-out $(arm64_exclude_files),$(common_src_files) $(arm64_src_files))
-LOCAL_CFLAGS_arm64 += $(arm64_cflags)
-LOCAL_CLANG_ASFLAGS_arm64 += $(arm64_clang_asflags)
-
-LOCAL_SRC_FILES_x86 += $(filter-out $(x86_exclude_files),$(common_src_files) $(x86_src_files))
-LOCAL_CFLAGS_x86 += $(x86_cflags)
-LOCAL_CLANG_ASFLAGS_x86 += $(x86_clang_asflags)
-
-LOCAL_SRC_FILES_x86_64 += $(filter-out $(x86_64_exclude_files),$(common_src_files) $(x86_64_src_files))
-LOCAL_CFLAGS_x86_64 += $(x86_64_cflags)
-LOCAL_CLANG_ASFLAGS_x86_64 += $(x86_64_clang_asflags)
-
-LOCAL_SRC_FILES_mips += $(filter-out $(mips_exclude_files),$(common_src_files) $(mips_src_files))
-LOCAL_CFLAGS_mips += $(mips_cflags)
-LOCAL_CLANG_ASFLAGS_mips += $(mips_clang_asflags)
-
-LOCAL_SRC_FILES_mips64 += $(filter-out $(mips64_exclude_files),$(common_src_files) $(mips64_src_files))
-LOCAL_CFLAGS_mips64 += $(mips64_cflags)
-LOCAL_CLANG_ASFLAGS_mips64 += $(mips64_clang_asflags)
diff --git a/Crypto.mk b/Crypto.mk
deleted file mode 100644
index aba5dac350..0000000000
--- a/Crypto.mk
+++ /dev/null
@@ -1,75 +0,0 @@
-#######################################
-# target static library
-include $(CLEAR_VARS)
-LOCAL_SHARED_LIBRARIES := $(log_shared_libraries)
-LOCAL_C_INCLUDES := $(log_c_includes)
-
-# The static library should be used in only unbundled apps
-# and we don't have clang in unbundled build yet.
-LOCAL_SDK_VERSION := 9
-
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE := libcrypto_static
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Crypto.mk
-include $(LOCAL_PATH)/Crypto-config-target.mk
-include $(LOCAL_PATH)/android-config.mk
-
-# Replace cflags with static-specific cflags so we dont build in libdl deps
-LOCAL_CFLAGS_32 := $(openssl_cflags_static_32)
-LOCAL_CFLAGS_64 := $(openssl_cflags_static_64)
-include $(BUILD_STATIC_LIBRARY)
-
-#######################################
-# target shared library
-include $(CLEAR_VARS)
-LOCAL_SHARED_LIBRARIES := $(log_shared_libraries)
-LOCAL_C_INCLUDES := $(log_c_includes)
-
-# If we're building an unbundled build, don't try to use clang since it's not
-# in the NDK yet. This can be removed when a clang version that is fast enough
-# in the NDK.
-ifeq (,$(TARGET_BUILD_APPS))
-LOCAL_CLANG := true
-else
-LOCAL_SDK_VERSION := 9
-endif
-LOCAL_LDFLAGS += -ldl
-
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE := libcrypto
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Crypto.mk
-include $(LOCAL_PATH)/Crypto-config-target.mk
-include $(LOCAL_PATH)/android-config.mk
-include $(BUILD_SHARED_LIBRARY)
-
-#######################################
-# host shared library
-include $(CLEAR_VARS)
-LOCAL_SHARED_LIBRARIES := $(log_shared_libraries)
-LOCAL_C_INCLUDES := $(log_c_includes)
-LOCAL_CFLAGS += -DPURIFY
-LOCAL_LDLIBS += -ldl
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE := libcrypto-host
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Crypto.mk
-LOCAL_MULTILIB := both
-LOCAL_CXX_STL := none
-include $(LOCAL_PATH)/Crypto-config-host.mk
-include $(LOCAL_PATH)/android-config.mk
-include $(BUILD_HOST_SHARED_LIBRARY)
-
-########################################
-# host static library, which is used by some SDK tools.
-
-include $(CLEAR_VARS)
-LOCAL_SHARED_LIBRARIES := $(log_shared_libraries)
-LOCAL_C_INCLUDES := $(log_c_includes)
-LOCAL_CFLAGS += -DPURIFY
-LOCAL_LDLIBS += -ldl
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE := libcrypto_static
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Crypto.mk
-LOCAL_CXX_STL := none
-include $(LOCAL_PATH)/Crypto-config-host.mk
-include $(LOCAL_PATH)/android-config.mk
-include $(BUILD_HOST_STATIC_LIBRARY)
diff --git a/MODULE_LICENSE_BSD_LIKE b/MODULE_LICENSE_BSD_LIKE
deleted file mode 100644
index e69de29bb2..0000000000
--- a/MODULE_LICENSE_BSD_LIKE
+++ /dev/null
diff --git a/NOTICE b/NOTICE
deleted file mode 100644
index e47d101f10..0000000000
--- a/NOTICE
+++ /dev/null
@@ -1,127 +0,0 @@
-
-  LICENSE ISSUES
-  ==============
-
-  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
-  the OpenSSL License and the original SSLeay license apply to the toolkit.
-  See below for the actual license texts. Actually both licenses are BSD-style
-  Open Source licenses. In case of any license issues related to OpenSSL
-  please contact openssl-core@openssl.org.
-
-  OpenSSL License
-  ---------------
-
-/* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
- Original SSLeay License
- -----------------------
-
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
diff --git a/README.android b/README.android
deleted file mode 100644
index a7c3cc10a4..0000000000
--- a/README.android
+++ /dev/null
@@ -1,87 +0,0 @@
-OpenSSL on the Android platform.
----
-
-The code in this directory is based on $OPENSSL_VERSION in the file
-openssl.version. See patches/README for more information on how the
-code differs from $OPENSSL_VERSION.
-
-Porting New Versions of OpenSSL.
---
-
-The following steps are recommended for porting new OpenSSL versions.
-
-1) Retrieve the appropriate version of the OpenSSL source from
-   www.openssl.org/source (in openssl-*.tar.gz file). Check the PGP
-   signature (found in matching openssl-*.tar.gz.asc file) with:
-
-     gpg openssl-*.tar.gz.asc
-
-   If the public key is not found, import the the one with the
-   matching RSA key ID from http://www.openssl.org/about/, using:
-
-     gpg --import # paste PGP public key block on stdin
-
-2) Update the variables in openssl.config and openssl.version as appropriate.
-   At the very least you will need to update the openssl.version.
-
-3) Run:
-
-     ./import_openssl.sh import openssl-*.tar.gz
-
-4) If there are any errors, then modify openssl.config, openssl.version
-   and patches in patches/ as appropriate.  You might want to use:
-
-     ./import_openssl.sh regenerate patches/*.patch
-
-   Repeat step 3.
-
-5) Cleanup before building with:
-
-     m -j16 clean-libcrypto clean-libssl clean-openssl clean-ssltest
-
-6) Build openssl from the external/openssl directory with:
-
-     mm -j16 snod && adb remount && adb sync system
-
-   If there are build errors, then patches/*.mk, openssl.config, or
-   android-config.mk may need updating.
-
-7) Run tests to make sure things are working:
-
-     # Run local openssl tests
-     (cd android.testssl/ && ./testssl.sh)
-     # Build and sync libcore tests
-     (croot && cd libcore && mm -j16 snod && adb remount && adb sync)
-     # Run tests from libcore
-     (croot && vogar --classpath out/target/common/obj/JAVA_LIBRARIES/core-tests_intermediates/classes.jar javax.net.ssl tests.api.javax.net)
-     # Run tests from Harmony
-     (croot && vogar --classpath out/target/common/obj/JAVA_LIBRARIES/apache-harmony-tests_intermediates/classes.jar tests.api.java.math.BigIntegerTest org.apache.harmony.tests.java.math)
-     # try an https website
-     adb shell am start https://online.citibank.com # confirm result in browser
-
-     The vogar tool can be found externally at http://code.google.com/p/vogar/
-
-     Quick installation instructions (without rebuilding from source):
-        VOGAR=$HOME/vogar
-        svn co http://vogar.googlecode.com/svn/trunk/ $VOGAR
-        mkdir -p $VOGAR/build/
-        curl -o $VOGAR/build/vogar.jar https://vogar.googlecode.com/files/vogar.jar
-        PATH=$PATH:$VOGAR/bin
-
-     Within Google, you can find it under:
-       /home/dalvik-prebuild/vogar/bin/vogar
-
-     # You can also run openssl s_server as a test server on the device:
-     adb push ./android.testssl/CAss.cnf /sdcard/CAss.cnf
-     adb shell openssl req -config /sdcard/CAss.cnf -x509 -nodes -days 365 -subj '/C=US/ST=California/L=Mountain View/CN=localhost' -newkey rsa:1024 -keyout /sdcard/server.pem -out /sdcard/server.pem
-     adb shell openssl s_server -cert /sdcard/server.pem -www -verify 1
-     adb shell am start https://localhost:4433 # confirm result in browser
-
-8) Do a full build before checking in:
-
-     m -j16
-
-Optionally, check whether build flags (located in CONFIGURE_ARGS in
-openssl.config, plus some extras in android-config.mk), need to be updated.
-Doing this step will help ensure that the compiled library is appropriately
-optimized for speed and size.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000000..629dcbd3aa
--- /dev/null
+++ b/README.md
@@ -0,0 +1,14 @@
+This OpenSSL repository is unmaintained
+=======================================
+
+Android no longer uses OpenSSL and has instead moved to BoringSSL. As a result
+this repository is unmaintained. It should not be used.
+
+Most applications can move to using BoringSSL as long as they are not
+using deprecated APIs. For more information about BoringSSL, see these
+references:
+
+  * [Upstream BoringSSL repository](https://boringssl.googlesource.com/boringssl/): The
+    official BoringSSL repository.
+  * [Android's BoringSSL project](https://android.googlesource.com/platform/external/boringssl/):
+    Android's copy of BoringSSL.
diff --git a/Ssl-config-host.mk b/Ssl-config-host.mk
deleted file mode 100644
index 8f3bdce5a1..0000000000
--- a/Ssl-config-host.mk
+++ /dev/null
@@ -1,148 +0,0 @@
-# Auto-generated - DO NOT EDIT!
-# To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
-#
-# This script will append to the following variables:
-#
-#    LOCAL_CFLAGS
-#    LOCAL_C_INCLUDES
-#    LOCAL_SRC_FILES_$(TARGET_ARCH)
-#    LOCAL_SRC_FILES_$(TARGET_2ND_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_2ND_ARCH)
-#    LOCAL_ADDITIONAL_DEPENDENCIES
-#    LOCAL_EXPORT_C_INCLUDE_DIRS
-
-
-LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Ssl-config-host.mk
-
-common_cflags :=
-
-common_src_files := \
-  ssl/bio_ssl.c \
-  ssl/d1_both.c \
-  ssl/d1_enc.c \
-  ssl/d1_lib.c \
-  ssl/d1_pkt.c \
-  ssl/d1_srtp.c \
-  ssl/kssl.c \
-  ssl/s23_clnt.c \
-  ssl/s23_lib.c \
-  ssl/s23_meth.c \
-  ssl/s23_pkt.c \
-  ssl/s23_srvr.c \
-  ssl/s2_clnt.c \
-  ssl/s2_enc.c \
-  ssl/s2_lib.c \
-  ssl/s2_meth.c \
-  ssl/s2_pkt.c \
-  ssl/s2_srvr.c \
-  ssl/s3_both.c \
-  ssl/s3_cbc.c \
-  ssl/s3_clnt.c \
-  ssl/s3_enc.c \
-  ssl/s3_lib.c \
-  ssl/s3_meth.c \
-  ssl/s3_pkt.c \
-  ssl/s3_srvr.c \
-  ssl/ssl_algs.c \
-  ssl/ssl_asn1.c \
-  ssl/ssl_cert.c \
-  ssl/ssl_ciph.c \
-  ssl/ssl_err.c \
-  ssl/ssl_err2.c \
-  ssl/ssl_lib.c \
-  ssl/ssl_rsa.c \
-  ssl/ssl_sess.c \
-  ssl/ssl_stat.c \
-  ssl/ssl_txt.c \
-  ssl/t1_clnt.c \
-  ssl/t1_enc.c \
-  ssl/t1_lib.c \
-  ssl/t1_meth.c \
-  ssl/t1_reneg.c \
-  ssl/t1_srvr.c \
-  ssl/tls_srp.c \
-
-common_c_includes := \
-  external/openssl/. \
-  external/openssl/crypto \
-  external/openssl/include \
-
-arm_clang_asflags :=
-
-arm_cflags :=
-
-arm_src_files :=
-
-arm_exclude_files :=
-
-arm64_clang_asflags :=
-
-arm64_cflags :=
-
-arm64_src_files :=
-
-arm64_exclude_files :=
-
-x86_clang_asflags :=
-
-x86_cflags :=
-
-x86_src_files :=
-
-x86_exclude_files :=
-
-x86_64_clang_asflags :=
-
-x86_64_cflags :=
-
-x86_64_src_files :=
-
-x86_64_exclude_files :=
-
-mips_clang_asflags :=
-
-mips_cflags :=
-
-mips_src_files :=
-
-mips_exclude_files :=
-
-mips64_clang_asflags :=
-
-mips64_cflags :=
-
-mips64_src_files :=
-
-mips64_exclude_files :=
-
-mips32r6_clang_asflags :=
-
-mips32r6_cflags :=
-
-mips32r6_src_files :=
-
-mips32r6_exclude_files :=
-
-
-LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
-
-ifdef ARCH_MIPS_REV6
-mips_cflags := $(mips32r6_cflags)
-mips_src_files := $(mips32r6_src_files)
-mips_exclude_files := $(mips32r6_exclude_files)
-endif
-
-LOCAL_CFLAGS += $(common_cflags)
-LOCAL_C_INCLUDES += $(common_c_includes) $(local_c_includes)
-
-ifeq ($(HOST_OS),linux)
-LOCAL_CFLAGS_x86 += $(x86_cflags)
-LOCAL_SRC_FILES_x86 += $(filter-out $(x86_exclude_files), $(common_src_files) $(x86_src_files))
-LOCAL_CFLAGS_x86_64 += $(x86_64_cflags)
-LOCAL_SRC_FILES_x86_64 += $(filter-out $(x86_64_exclude_files), $(common_src_files) $(x86_64_src_files))
-else
-$(warning Unknown host OS $(HOST_OS))
-LOCAL_SRC_FILES += $(common_src_files)
-endif
diff --git a/Ssl-config-target.mk b/Ssl-config-target.mk
deleted file mode 100644
index 30a2621dcd..0000000000
--- a/Ssl-config-target.mk
+++ /dev/null
@@ -1,162 +0,0 @@
-# Auto-generated - DO NOT EDIT!
-# To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
-#
-# This script will append to the following variables:
-#
-#    LOCAL_CFLAGS
-#    LOCAL_C_INCLUDES
-#    LOCAL_SRC_FILES_$(TARGET_ARCH)
-#    LOCAL_SRC_FILES_$(TARGET_2ND_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_ARCH)
-#    LOCAL_CFLAGS_$(TARGET_2ND_ARCH)
-#    LOCAL_ADDITIONAL_DEPENDENCIES
-#    LOCAL_EXPORT_C_INCLUDE_DIRS
-
-
-LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Ssl-config-target.mk
-
-common_cflags :=
-
-common_src_files := \
-  ssl/bio_ssl.c \
-  ssl/d1_both.c \
-  ssl/d1_enc.c \
-  ssl/d1_lib.c \
-  ssl/d1_pkt.c \
-  ssl/d1_srtp.c \
-  ssl/kssl.c \
-  ssl/s23_clnt.c \
-  ssl/s23_lib.c \
-  ssl/s23_meth.c \
-  ssl/s23_pkt.c \
-  ssl/s23_srvr.c \
-  ssl/s2_clnt.c \
-  ssl/s2_enc.c \
-  ssl/s2_lib.c \
-  ssl/s2_meth.c \
-  ssl/s2_pkt.c \
-  ssl/s2_srvr.c \
-  ssl/s3_both.c \
-  ssl/s3_cbc.c \
-  ssl/s3_clnt.c \
-  ssl/s3_enc.c \
-  ssl/s3_lib.c \
-  ssl/s3_meth.c \
-  ssl/s3_pkt.c \
-  ssl/s3_srvr.c \
-  ssl/ssl_algs.c \
-  ssl/ssl_asn1.c \
-  ssl/ssl_cert.c \
-  ssl/ssl_ciph.c \
-  ssl/ssl_err.c \
-  ssl/ssl_err2.c \
-  ssl/ssl_lib.c \
-  ssl/ssl_rsa.c \
-  ssl/ssl_sess.c \
-  ssl/ssl_stat.c \
-  ssl/ssl_txt.c \
-  ssl/t1_clnt.c \
-  ssl/t1_enc.c \
-  ssl/t1_lib.c \
-  ssl/t1_meth.c \
-  ssl/t1_reneg.c \
-  ssl/t1_srvr.c \
-  ssl/tls_srp.c \
-
-common_c_includes := \
-  external/openssl/. \
-  external/openssl/crypto \
-  external/openssl/include \
-
-arm_clang_asflags :=
-
-arm_cflags :=
-
-arm_src_files :=
-
-arm_exclude_files :=
-
-arm64_clang_asflags :=
-
-arm64_cflags :=
-
-arm64_src_files :=
-
-arm64_exclude_files :=
-
-x86_clang_asflags :=
-
-x86_cflags :=
-
-x86_src_files :=
-
-x86_exclude_files :=
-
-x86_64_clang_asflags :=
-
-x86_64_cflags :=
-
-x86_64_src_files :=
-
-x86_64_exclude_files :=
-
-mips_clang_asflags :=
-
-mips_cflags :=
-
-mips_src_files :=
-
-mips_exclude_files :=
-
-mips64_clang_asflags :=
-
-mips64_cflags :=
-
-mips64_src_files :=
-
-mips64_exclude_files :=
-
-mips32r6_clang_asflags :=
-
-mips32r6_cflags :=
-
-mips32r6_src_files :=
-
-mips32r6_exclude_files :=
-
-
-LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
-
-ifdef ARCH_MIPS_REV6
-mips_cflags := $(mips32r6_cflags)
-mips_src_files := $(mips32r6_src_files)
-mips_exclude_files := $(mips32r6_exclude_files)
-endif
-
-LOCAL_CFLAGS += $(common_cflags)
-LOCAL_C_INCLUDES += $(common_c_includes)
-
-LOCAL_SRC_FILES_arm += $(filter-out $(arm_exclude_files),$(common_src_files) $(arm_src_files))
-LOCAL_CFLAGS_arm += $(arm_cflags)
-LOCAL_CLANG_ASFLAGS_arm += $(arm_clang_asflags)
-
-LOCAL_SRC_FILES_arm64 += $(filter-out $(arm64_exclude_files),$(common_src_files) $(arm64_src_files))
-LOCAL_CFLAGS_arm64 += $(arm64_cflags)
-LOCAL_CLANG_ASFLAGS_arm64 += $(arm64_clang_asflags)
-
-LOCAL_SRC_FILES_x86 += $(filter-out $(x86_exclude_files),$(common_src_files) $(x86_src_files))
-LOCAL_CFLAGS_x86 += $(x86_cflags)
-LOCAL_CLANG_ASFLAGS_x86 += $(x86_clang_asflags)
-
-LOCAL_SRC_FILES_x86_64 += $(filter-out $(x86_64_exclude_files),$(common_src_files) $(x86_64_src_files))
-LOCAL_CFLAGS_x86_64 += $(x86_64_cflags)
-LOCAL_CLANG_ASFLAGS_x86_64 += $(x86_64_clang_asflags)
-
-LOCAL_SRC_FILES_mips += $(filter-out $(mips_exclude_files),$(common_src_files) $(mips_src_files))
-LOCAL_CFLAGS_mips += $(mips_cflags)
-LOCAL_CLANG_ASFLAGS_mips += $(mips_clang_asflags)
-
-LOCAL_SRC_FILES_mips64 += $(filter-out $(mips64_exclude_files),$(common_src_files) $(mips64_src_files))
-LOCAL_CFLAGS_mips64 += $(mips64_cflags)
-LOCAL_CLANG_ASFLAGS_mips64 += $(mips64_clang_asflags)
diff --git a/Ssl.mk b/Ssl.mk
deleted file mode 100644
index 5500667b72..0000000000
--- a/Ssl.mk
+++ /dev/null
@@ -1,76 +0,0 @@
-#######################################
-# target static library
-include $(CLEAR_VARS)
-LOCAL_SHARED_LIBRARIES := $(log_shared_libraries)
-LOCAL_C_INCLUDES := $(log_c_includes)
-
-# The static library should be used in only unbundled apps
-# and we don't have clang in unbundled build yet.
-LOCAL_SDK_VERSION := 9
-
-LOCAL_SRC_FILES += $(target_src_files)
-LOCAL_CFLAGS += $(target_c_flags)
-LOCAL_C_INCLUDES += $(target_c_includes)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE := libssl_static
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Ssl.mk
-include $(LOCAL_PATH)/Ssl-config-target.mk
-include $(LOCAL_PATH)/android-config.mk
-include $(BUILD_STATIC_LIBRARY)
-
-#######################################
-# target shared library
-include $(CLEAR_VARS)
-LOCAL_SHARED_LIBRARIES := $(log_shared_libraries)
-LOCAL_C_INCLUDES := $(log_c_includes)
-
-# If we're building an unbundled build, don't try to use clang since it's not
-# in the NDK yet. This can be removed when a clang version that is fast enough
-# in the NDK.
-ifeq (,$(TARGET_BUILD_APPS))
-LOCAL_CLANG := true
-else
-LOCAL_SDK_VERSION := 9
-endif
-
-LOCAL_SHARED_LIBRARIES += libcrypto
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE := libssl
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Ssl.mk
-include $(LOCAL_PATH)/Ssl-config-target.mk
-include $(LOCAL_PATH)/android-config.mk
-include $(BUILD_SHARED_LIBRARY)
-
-#######################################
-# host shared library
-include $(CLEAR_VARS)
-LOCAL_SHARED_LIBRARIES := $(log_shared_libraries)
-LOCAL_C_INCLUDES := $(log_c_includes)
-
-LOCAL_SHARED_LIBRARIES += libcrypto-host
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE := libssl-host
-LOCAL_MULTILIB := both
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Ssl.mk
-LOCAL_CXX_STL := none
-include $(LOCAL_PATH)/Ssl-config-host.mk
-include $(LOCAL_PATH)/android-config.mk
-include $(BUILD_HOST_SHARED_LIBRARY)
-
-#######################################
-# ssltest
-include $(CLEAR_VARS)
-LOCAL_SHARED_LIBRARIES := $(log_shared_libraries)
-LOCAL_C_INCLUDES := $(log_c_includes)
-
-LOCAL_SRC_FILES := ssl/ssltest.c
-LOCAL_SHARED_LIBRARIES := libssl libcrypto
-LOCAL_MODULE := ssltest
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := ssltest
-LOCAL_MODULE_STEM_64 := ssltest64
-LOCAL_MODULE_TAGS := optional
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Ssl.mk
-include $(LOCAL_PATH)/Ssl-config-host.mk
-include $(LOCAL_PATH)/android-config.mk
-include $(BUILD_EXECUTABLE)
diff --git a/android-config.mk b/android-config.mk
deleted file mode 100644
index 675a65b3f1..0000000000
--- a/android-config.mk
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# These flags represent the build-time configuration of OpenSSL for android
-#
-# The value of $(openssl_cflags) was pruned from the Makefile generated
-# by running ./Configure from import_openssl.sh.
-#
-# This script performs minor but required patching for the Android build.
-#
-
-# Directories for ENGINE shared libraries
-openssl_cflags_32 += \
-  -DOPENSSLDIR="\"/system/lib/ssl\"" \
-  -DENGINESDIR="\"/system/lib/ssl/engines\""
-openssl_cflags_static_32 += \
-  -DOPENSSLDIR="\"/system/lib/ssl\"" \
-  -DENGINESDIR="\"/system/lib/ssl/engines\""
-openssl_cflags_64 += \
-  -DOPENSSLDIR="\"/system/lib64/ssl\"" \
-  -DENGINESDIR="\"/system/lib64/ssl/engines\""
-openssl_cflags_static_64 += \
-  -DOPENSSLDIR="\"/system/lib64/ssl\"" \
-  -DENGINESDIR="\"/system/lib64/ssl/engines\""
-
-# Intentionally excluded http://b/7079965
-ifneq (,$(filter -DZLIB, $(openssl_cflags_32) $(openssl_cflags_64) \
-    $(openssl_cflags_static_32) $(openssl_cflags_static_64)))
-$(error ZLIB should not be enabled in openssl configuration)
-endif
-
-LOCAL_CFLAGS_32 += $(openssl_cflags_32)
-LOCAL_CFLAGS_64 += $(openssl_cflags_64)
-
-LOCAL_CFLAGS_32 := $(filter-out -DTERMIO, $(LOCAL_CFLAGS_32))
-LOCAL_CFLAGS_64 := $(filter-out -DTERMIO, $(LOCAL_CFLAGS_64))
-# filter out static flags too
-openssl_cflags_static_32 := $(filter-out -DTERMIO, $(openssl_cflags_static_32))
-openssl_cflags_static_64 := $(filter-out -DTERMIO, $(openssl_cflags_static_64))
-
-ifeq ($(HOST_OS),windows)
-LOCAL_CFLAGS_32 := $(filter-out -DDSO_DLFCN -DHAVE_DLFCN_H,$(LOCAL_CFLAGS_32))
-LOCAL_CFLAGS_64 := $(filter-out -DDSO_DLFCN -DHAVE_DLFCN_H,$(LOCAL_CFLAGS_64))
-endif
-
-LOCAL_CFLAGS += -Wno-missing-field-initializers -Wno-unused-parameter
-
-# Debug
-# LOCAL_CFLAGS += -DCIPHER_DEBUG
-
-# Add clang here when it works on host
-# LOCAL_CLANG := true
diff --git a/android.testssl/CAss.cnf b/android.testssl/CAss.cnf
deleted file mode 100644
index 77c01c30cd..0000000000
--- a/android.testssl/CAss.cnf
+++ /dev/null
@@ -1,76 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE		= /sdcard/android.testssl/.rnd
-
-####################################################################
-[ req ]
-default_bits		= 2048
-default_keyfile 	= keySS.pem
-distinguished_name	= req_distinguished_name
-encrypt_rsa_key		= no
-default_md		= sha1
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-countryName_value		= AU
-
-organizationName		= Organization Name (eg, company)
-organizationName_value		= Dodgy Brothers
-
-commonName			= Common Name (eg, YOUR name)
-commonName_value		= Dodgy CA
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= ./demoCA		# Where everything is kept
-certs		= $dir/certs		# Where the issued certs are kept
-crl_dir		= $dir/crl		# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
-					# several ctificates with same subject.
-new_certs_dir	= $dir/newcerts		# default place for new certs.
-
-certificate	= $dir/cacert.pem 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/cakey.pem# The private key
-RANDFILE	= $dir/private/.rand	# private random number file
-
-x509_extensions	= v3_ca			# The extentions to add to the cert
-
-name_opt 	= ca_default		# Subject Name options
-cert_opt 	= ca_default		# Certificate field options
-
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= md5			# which md to use.
-preserve	= no			# keep passed DN ordering
-
-policy		= policy_anything
-
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-
-
-[ v3_ca ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true,pathlen:1
-keyUsage = cRLSign, keyCertSign
-issuerAltName=issuer:copy
diff --git a/android.testssl/Uss.cnf b/android.testssl/Uss.cnf
deleted file mode 100644
index 317ab6de9b..0000000000
--- a/android.testssl/Uss.cnf
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE		= /sdcard/android.testssl/.rnd
-
-####################################################################
-[ req ]
-default_bits		= 2048
-default_keyfile 	= keySS.pem
-distinguished_name	= req_distinguished_name
-encrypt_rsa_key		= no
-default_md		= sha256
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-countryName_value		= AU
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Dodgy Brothers
-
-0.commonName			= Common Name (eg, YOUR name)
-0.commonName_value		= Brother 1
-
-1.commonName			= Common Name (eg, YOUR name)
-1.commonName_value		= Brother 2
-
-[ v3_ee ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-basicConstraints = CA:false
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-issuerAltName=issuer:copy
-
diff --git a/android.testssl/server2.pem b/android.testssl/server2.pem
deleted file mode 100644
index a3927cf788..0000000000
--- a/android.testssl/server2.pem
+++ /dev/null
@@ -1,52 +0,0 @@
-subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert #2
-issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
------BEGIN CERTIFICATE-----
-MIID6jCCAtKgAwIBAgIJALnu1NlVpZ60MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZzELMAkG
-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
-RVNUSU5HIFBVUlBPU0VTIE9OTFkxHDAaBgNVBAMME1Rlc3QgU2VydmVyIENlcnQg
-IzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrdi7j9yctG+L4EjBy
-gjPmEqZzOJEQba26MoQGzglU7e5Xf59Rb/hgVQuKAoiZe7/R8rK4zJ4W7iXdXw0L
-qBpyG8B5aGKeI32w+A9TcBApoXXL2CrYQEQjZwUIpLlYBIi2NkJj3nVkq5dgl1gO
-ALiQ+W8jg3kzg5Ec9rimp9r93N8wsSL3awsafurmYCvOf7leHaMP1WJ/zDRGUNHG
-/WtDjXc8ZUG1+6EXU9Jc2Fs+2Omf7fcN0l00AK/wPg8OaNS0rKyGq9JdIT9FRGV1
-bXe/rx58FaE5CItdwCSYhJvF/O95LWQoxJXye5bCFLmvDTEyVq9FMSCptfsmbXjE
-ZGsXAgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJ
-YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
-DgQWBBR52UaWWTKzZGDH/X4mWNcuqeQVazAfBgNVHSMEGDAWgBQ2w2yI55X+sL3s
-zj49hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEANBW+XYLlHBqVY/31ie+3gRlS
-LPfy4SIqn0t3RJjagT29MXprblBO2cbMO8VGjkQdKGpmMXjxbht2arOOUXRHX4n/
-XTyn/QHEf0bcwIITMReO3DZUPAEw8hSjn9xEOM0IRVOCP+mH5fi74QzzQaZVCyYg
-5VtLKdww/+sc0nCbKl2KWgDluriH0nfVx95qgW3mg9dhXRr0zmf1w2zkBHYpARYL
-Dew6Z8EE4tS3HJu8/qM6meWzNtrfonQ3eiiMxjZBxzV46jchBwa2z9XYhP6AmpPb
-oeTSzcQNbWsxaGYzWo46oLDUZmJOwSBawbS31bZNMCoPIY6ukoesCzFSsUKZww==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA63Yu4/cnLRvi+BIwcoIz5hKmcziREG2tujKEBs4JVO3uV3+f
-UW/4YFULigKImXu/0fKyuMyeFu4l3V8NC6gachvAeWhiniN9sPgPU3AQKaF1y9gq
-2EBEI2cFCKS5WASItjZCY951ZKuXYJdYDgC4kPlvI4N5M4ORHPa4pqfa/dzfMLEi
-92sLGn7q5mArzn+5Xh2jD9Vif8w0RlDRxv1rQ413PGVBtfuhF1PSXNhbPtjpn+33
-DdJdNACv8D4PDmjUtKyshqvSXSE/RURldW13v68efBWhOQiLXcAkmISbxfzveS1k
-KMSV8nuWwhS5rw0xMlavRTEgqbX7Jm14xGRrFwIDAQABAoIBAHLsTPihIfLnYIE5
-x4GsQQ5zXeBw5ITDM37ktwHnQDC+rIzyUl1aLD1AZRBoKinXd4lOTqLZ4/NHKx4A
-DYr58mZtWyUmqLOMmQVuHXTZBlp7XtYuXMMNovQwjQlp9LicBeoBU6gQ5PVMtubD
-F4xGF89Sn0cTHW3iMkqTtQ5KcR1j57OcJO0FEb1vPvk2MXI5ZyAatUYE7YacbEzd
-rg02uIwx3FqNSkuSI79uz4hMdV5TPtuhxx9nTwj9aLUhXFeZ0mn2PVgVzEnnMoJb
-+znlsZDgzDlJqdaD744YGWh8Z3OEssB35KfzFcdOeO6yH8lmv2Zfznk7pNPT7LTb
-Lae9VgkCgYEA92p1qnAB3NtJtNcaW53i0S5WJgS1hxWKvUDx3lTB9s8X9fHpqL1a
-E94fDfWzp/hax6FefUKIvBOukPLQ6bYjTMiFoOHzVirghAIuIUoMI5VtLhwD1hKs
-Lr7l/dptMgKb1nZHyXoKHRBthsy3K4+udsPi8TzMvYElgEqyQIe/Rk0CgYEA86GL
-8HC6zLszzKERDPBxrboRmoFvVUCTQDhsfj1M8aR3nQ8V5LkdIJc7Wqm/Ggfk9QRf
-rJ8M2WUMlU5CNnCn/KCrKzCNZIReze3fV+HnKdbcXGLvgbHPrhnz8yYehUFG+RGq
-bVyDWRU94T38izy2s5qMYrMJWZEYyXncSPbfcPMCgYAtaXfxcZ+V5xYPQFARMtiX
-5nZfggvDoJuXgx0h3tK/N2HBfcaSdzbaYLG4gTmZggc/jwnl2dl5E++9oSPhUdIG
-3ONSFUbxsOsGr9PBvnKd8WZZyUCXAVRjPBzAzF+whzQNWCZy/5htnz9LN7YDI9s0
-5113Q96cheDZPFydZY0hHQKBgQDVbEhNukM5xCiNcu+f2SaMnLp9EjQ4h5g3IvaP
-5B16daw/Dw8LzcohWboqIxeAsze0GD/D1ZUJAEd0qBjC3g+a9BjefervCjKOzXng
-38mEUm+6EwVjJSQcjSmycEs+Sr/kwr/8i5WYvU32+jk4tFgMoC+o6tQe/Uesf68k
-z/dPVwKBgGbF7Vv1/3SmhlOy+zYyvJ0CrWtKxH9QP6tLIEgEpd8x7YTSuCH94yok
-kToMXYA3sWNPt22GbRDZ+rcp4c7HkDx6I6vpdP9aQEwJTp0EPy0sgWr2XwYmreIQ
-NFmkk8Itn9EY2R9VBaP7GLv5kvwxDdLAnmwGmzVtbmaVdxCaBwUk
------END RSA PRIVATE KEY-----
diff --git a/android.testssl/testssl b/android.testssl/testssl
deleted file mode 100755
index 66b87361c1..0000000000
--- a/android.testssl/testssl
+++ /dev/null
@@ -1,187 +0,0 @@
-#!/bin/sh
-
-if [ "$1" = "" ]; then
-  key=../apps/server.pem
-else
-  key="$1"
-fi
-if [ "$2" = "" ]; then
-  cert=../apps/server.pem
-else
-  cert="$2"
-fi
-ssltest="adb shell /system/bin/ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
-
-if adb shell /system/bin/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
-  dsa_cert=YES
-else
-  dsa_cert=NO
-fi
-
-if [ "$3" = "" ]; then
-  CA="-CApath ../certs"
-else
-  CA="-CAfile $3"
-fi
-
-if [ "$4" = "" ]; then
-  extra=""
-else
-  extra="$4"
-fi
-
-#############################################################################
-
-echo test sslv2
-$ssltest -ssl2 $extra || exit 1
-
-echo test sslv2 with server authentication
-$ssltest -ssl2 -server_auth $CA $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
-  echo test sslv2 with client authentication
-  $ssltest -ssl2 -client_auth $CA $extra || exit 1
-
-  echo test sslv2 with both client and server authentication
-  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
-fi
-
-echo test sslv3
-$ssltest -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication
-$ssltest -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication
-$ssltest -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication
-$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3
-$ssltest $extra || exit 1
-
-echo test sslv2/sslv3 with server authentication
-$ssltest -server_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with client authentication
-$ssltest -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication
-$ssltest -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication and handshake cutthrough
-$ssltest -server_auth -client_auth -cutthrough $CA $extra || exit 1
-
-echo test sslv2 via BIO pair
-$ssltest -bio_pair -ssl2 $extra || exit 1
-
-echo test sslv2 with server authentication via BIO pair
-$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
-  echo test sslv2 with client authentication via BIO pair
-  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
-
-  echo test sslv2 with both client and server authentication via BIO pair
-  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
-fi
-
-echo test sslv3 via BIO pair
-$ssltest -bio_pair -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 via BIO pair
-$ssltest $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
-  echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
-  $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
-fi
-
-echo test sslv2/sslv3 with 1024bit DHE via BIO pair
-$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
-
-echo test sslv2/sslv3 with server authentication
-$ssltest -bio_pair -server_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
-$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
-
-echo "Testing ciphersuites"
-for protocol in TLSv1.2 SSLv3; do
-  echo "Testing ciphersuites for $protocol"
-  for cipher in `adb shell /system/bin/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
-    echo "Testing $cipher"
-    prot=""
-    if [ $protocol = "SSLv3" ] ; then
-      prot="-ssl3"
-    fi
-    $ssltest -cipher $cipher $prot
-    if [ $? -ne 0 ] ; then
-	  echo "Failed $cipher"
-	  exit 1
-    fi
-  done
-done
-
-#############################################################################
-
-if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then
-  echo skipping anonymous DH tests
-else
-  echo test tls1 with 1024bit anonymous DH, multiple handshakes
-  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
-fi
-
-if [ `adb shell /system/bin/openssl no-rsa` = no-dh ]; then
-  echo skipping RSA tests
-else
-  echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
-  adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
-
-  if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then
-    echo skipping RSA+DHE tests
-  else
-    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
-    adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
-  fi
-fi
-
-echo test tls1 with PSK
-$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
-
-echo test tls1 with PSK via BIO pair
-$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
-
-if adb shell /system/bin/openssl no-srp; then
-  echo skipping SRP tests
-else
-  echo test tls1 with SRP
-  $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
-
-  echo test tls1 with SRP via BIO pair
-  $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
-
-  echo test tls1 with SRP auth
-  $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123
-
-  echo test tls1 with SRP auth via BIO pair
-  $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123
-fi
-
-exit 0
diff --git a/android.testssl/testssl.sh b/android.testssl/testssl.sh
deleted file mode 100755
index cd5609285f..0000000000
--- a/android.testssl/testssl.sh
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2010 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Android testssl.sh driver script for openssl's testssl
-#
-# based on openssl's test/testss script and test/Makefile's test_ssl target
-#
-
-set -e
-trap "echo Exiting on unexpected error." ERR
-
-device=/sdcard/android.testssl
-
-digest='-sha1'
-reqcmd="adb shell /system/bin/openssl req"
-x509cmd="adb shell /system/bin/openssl x509 $digest"
-
-CAkey="$device/keyCA.ss"
-CAcert="$device/certCA.ss"
-CAreq="$device/reqCA.ss"
-CAconf="$device/CAss.cnf"
-
-Uconf="$device/Uss.cnf"
-Ureq="$device/reqU.ss"
-Ukey="$device/keyU.ss"
-Ucert="$device/certU.ss"
-
-echo
-echo "setting up"
-adb remount
-adb shell rm -r $device
-adb shell mkdir $device
-
-echo
-echo "pushing test files to device"
-adb push . $device
-
-echo
-echo "make a certificate request using 'req'"
-adb shell "echo \"string to make the random number generator think it has entropy\" >> $device/.rnd"
-req_new='-new'
-$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new
-
-echo
-echo "convert the certificate request into a self signed certificate using 'x509'"
-$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca
-
-echo
-echo "make a user certificate request using 'req'"
-$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new
-
-echo
-echo "sign user certificate request with the just created CA via 'x509'"
-$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee
-
-echo
-echo "running testssl"
-./testssl $Ukey $Ucert $CAcert
-
-echo
-echo "cleaning up"
-adb shell rm -r $device
diff --git a/apps/CA.pl b/apps/CA.pl
deleted file mode 100644
index a3965ecea9..0000000000
--- a/apps/CA.pl
+++ /dev/null
@@ -1,189 +0,0 @@
-#!/usr/bin/perl
-#
-# CA - wrapper around ca to make it easier to use ... basically ca requires
-#      some setup stuff to be done before you can use it and this makes
-#      things easier between now and when Eric is convinced to fix it :-)
-#
-# CA -newca ... will setup the right stuff
-# CA -newreq[-nodes] ... will generate a certificate request 
-# CA -sign ... will sign the generated request and output 
-#
-# At the end of that grab newreq.pem and newcert.pem (one has the key 
-# and the other the certificate) and cat them together and that is what
-# you want/need ... I'll make even this a little cleaner later.
-#
-#
-# 12-Jan-96 tjh    Added more things ... including CA -signcert which
-#                  converts a certificate to a request and then signs it.
-# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
-#		   environment variable so this can be driven from
-#		   a script.
-# 25-Jul-96 eay    Cleaned up filenames some more.
-# 11-Jun-96 eay    Fixed a few filename missmatches.
-# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
-# 18-Apr-96 tjh    Original hacking
-#
-# Tim Hudson
-# tjh@cryptsoft.com
-#
-
-# 27-Apr-98 snh    Translation into perl, fix existing CA bug.
-#
-#
-# Steve Henson
-# shenson@bigfoot.com
-
-# default openssl.cnf file has setup as per the following
-# demoCA ... where everything is stored
-
-my $openssl;
-if(defined $ENV{OPENSSL}) {
-	$openssl = $ENV{OPENSSL};
-} else {
-	$openssl = "openssl";
-	$ENV{OPENSSL} = $openssl;
-}
-
-$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
-$DAYS="-days 365";	# 1 year
-$CADAYS="-days 1095";	# 3 years
-$REQ="$openssl req $SSLEAY_CONFIG";
-$CA="$openssl ca $SSLEAY_CONFIG";
-$VERIFY="$openssl verify";
-$X509="$openssl x509";
-$PKCS12="$openssl pkcs12";
-
-$CATOP="./demoCA";
-$CAKEY="cakey.pem";
-$CAREQ="careq.pem";
-$CACERT="cacert.pem";
-
-$DIRMODE = 0777;
-
-$RET = 0;
-
-foreach (@ARGV) {
-	if ( /^(-\?|-h|-help)$/ ) {
-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-	    exit 0;
-	} elsif (/^-newcert$/) {
-	    # create a certificate
-	    system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
-	    $RET=$?;
-	    print "Certificate is in newcert.pem, private key is in newkey.pem\n"
-	} elsif (/^-newreq$/) {
-	    # create a certificate request
-	    system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
-	    $RET=$?;
-	    print "Request is in newreq.pem, private key is in newkey.pem\n";
-	} elsif (/^-newreq-nodes$/) {
-	    # create a certificate request
-	    system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
-	    $RET=$?;
-	    print "Request is in newreq.pem, private key is in newkey.pem\n";
-	} elsif (/^-newca$/) {
-		# if explicitly asked for or it doesn't exist then setup the
-		# directory structure that Eric likes to manage things 
-	    $NEW="1";
-	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {
-		# create the directory hierarchy
-		mkdir $CATOP, $DIRMODE;
-		mkdir "${CATOP}/certs", $DIRMODE;
-		mkdir "${CATOP}/crl", $DIRMODE ;
-		mkdir "${CATOP}/newcerts", $DIRMODE;
-		mkdir "${CATOP}/private", $DIRMODE;
-		open OUT, ">${CATOP}/index.txt";
-		close OUT;
-		open OUT, ">${CATOP}/crlnumber";
-		print OUT "01\n";
-		close OUT;
-	    }
-	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
-		print "CA certificate filename (or enter to create)\n";
-		$FILE = <STDIN>;
-
-		chop $FILE;
-
-		# ask user for existing CA certificate
-		if ($FILE) {
-		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
-		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
-		    $RET=$?;
-		} else {
-		    print "Making CA certificate ...\n";
-		    system ("$REQ -new -keyout " .
-			"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
-		    system ("$CA -create_serial " .
-			"-out ${CATOP}/$CACERT $CADAYS -batch " . 
-			"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
-			"-extensions v3_ca " .
-			"-infiles ${CATOP}/$CAREQ ");
-		    $RET=$?;
-		}
-	    }
-	} elsif (/^-pkcs12$/) {
-	    my $cname = $ARGV[1];
-	    $cname = "My Certificate" unless defined $cname;
-	    system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
-			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
-			"-export -name \"$cname\"");
-	    $RET=$?;
-	    print "PKCS #12 file is in newcert.p12\n";
-	    exit $RET;
-	} elsif (/^-xsign$/) {
-	    system ("$CA -policy policy_anything -infiles newreq.pem");
-	    $RET=$?;
-	} elsif (/^(-sign|-signreq)$/) {
-	    system ("$CA -policy policy_anything -out newcert.pem " .
-							"-infiles newreq.pem");
-	    $RET=$?;
-	    print "Signed certificate is in newcert.pem\n";
-	} elsif (/^(-signCA)$/) {
-	    system ("$CA -policy policy_anything -out newcert.pem " .
-					"-extensions v3_ca -infiles newreq.pem");
-	    $RET=$?;
-	    print "Signed CA certificate is in newcert.pem\n";
-	} elsif (/^-signcert$/) {
-	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
-								"-out tmp.pem");
-	    system ("$CA -policy policy_anything -out newcert.pem " .
-							"-infiles tmp.pem");
-	    $RET = $?;
-	    print "Signed certificate is in newcert.pem\n";
-	} elsif (/^-verify$/) {
-	    if (shift) {
-		foreach $j (@ARGV) {
-		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");
-		    $RET=$? if ($? != 0);
-		}
-		exit $RET;
-	    } else {
-		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
-		    $RET=$?;
-	    	    exit 0;
-	    }
-	} else {
-	    print STDERR "Unknown arg $_\n";
-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-	    exit 1;
-	}
-}
-
-exit $RET;
-
-sub cp_pem {
-my ($infile, $outfile, $bound) = @_;
-open IN, $infile;
-open OUT, ">$outfile";
-my $flag = 0;
-while (<IN>) {
-	$flag = 1 if (/^-----BEGIN.*$bound/) ;
-	print OUT $_ if ($flag);
-	if (/^-----END.*$bound/) {
-		close IN;
-		close OUT;
-		return;
-	}
-}
-}
-
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
deleted file mode 100644
index c783a6e6a5..0000000000
--- a/apps/CA.pl.in
+++ /dev/null
@@ -1,189 +0,0 @@
-#!/usr/local/bin/perl
-#
-# CA - wrapper around ca to make it easier to use ... basically ca requires
-#      some setup stuff to be done before you can use it and this makes
-#      things easier between now and when Eric is convinced to fix it :-)
-#
-# CA -newca ... will setup the right stuff
-# CA -newreq[-nodes] ... will generate a certificate request 
-# CA -sign ... will sign the generated request and output 
-#
-# At the end of that grab newreq.pem and newcert.pem (one has the key 
-# and the other the certificate) and cat them together and that is what
-# you want/need ... I'll make even this a little cleaner later.
-#
-#
-# 12-Jan-96 tjh    Added more things ... including CA -signcert which
-#                  converts a certificate to a request and then signs it.
-# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
-#		   environment variable so this can be driven from
-#		   a script.
-# 25-Jul-96 eay    Cleaned up filenames some more.
-# 11-Jun-96 eay    Fixed a few filename missmatches.
-# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
-# 18-Apr-96 tjh    Original hacking
-#
-# Tim Hudson
-# tjh@cryptsoft.com
-#
-
-# 27-Apr-98 snh    Translation into perl, fix existing CA bug.
-#
-#
-# Steve Henson
-# shenson@bigfoot.com
-
-# default openssl.cnf file has setup as per the following
-# demoCA ... where everything is stored
-
-my $openssl;
-if(defined $ENV{OPENSSL}) {
-	$openssl = $ENV{OPENSSL};
-} else {
-	$openssl = "openssl";
-	$ENV{OPENSSL} = $openssl;
-}
-
-$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
-$DAYS="-days 365";	# 1 year
-$CADAYS="-days 1095";	# 3 years
-$REQ="$openssl req $SSLEAY_CONFIG";
-$CA="$openssl ca $SSLEAY_CONFIG";
-$VERIFY="$openssl verify";
-$X509="$openssl x509";
-$PKCS12="$openssl pkcs12";
-
-$CATOP="./demoCA";
-$CAKEY="cakey.pem";
-$CAREQ="careq.pem";
-$CACERT="cacert.pem";
-
-$DIRMODE = 0777;
-
-$RET = 0;
-
-foreach (@ARGV) {
-	if ( /^(-\?|-h|-help)$/ ) {
-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-	    exit 0;
-	} elsif (/^-newcert$/) {
-	    # create a certificate
-	    system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
-	    $RET=$?;
-	    print "Certificate is in newcert.pem, private key is in newkey.pem\n"
-	} elsif (/^-newreq$/) {
-	    # create a certificate request
-	    system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
-	    $RET=$?;
-	    print "Request is in newreq.pem, private key is in newkey.pem\n";
-	} elsif (/^-newreq-nodes$/) {
-	    # create a certificate request
-	    system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
-	    $RET=$?;
-	    print "Request is in newreq.pem, private key is in newkey.pem\n";
-	} elsif (/^-newca$/) {
-		# if explicitly asked for or it doesn't exist then setup the
-		# directory structure that Eric likes to manage things 
-	    $NEW="1";
-	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {
-		# create the directory hierarchy
-		mkdir $CATOP, $DIRMODE;
-		mkdir "${CATOP}/certs", $DIRMODE;
-		mkdir "${CATOP}/crl", $DIRMODE ;
-		mkdir "${CATOP}/newcerts", $DIRMODE;
-		mkdir "${CATOP}/private", $DIRMODE;
-		open OUT, ">${CATOP}/index.txt";
-		close OUT;
-		open OUT, ">${CATOP}/crlnumber";
-		print OUT "01\n";
-		close OUT;
-	    }
-	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
-		print "CA certificate filename (or enter to create)\n";
-		$FILE = <STDIN>;
-
-		chop $FILE;
-
-		# ask user for existing CA certificate
-		if ($FILE) {
-		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
-		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
-		    $RET=$?;
-		} else {
-		    print "Making CA certificate ...\n";
-		    system ("$REQ -new -keyout " .
-			"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
-		    system ("$CA -create_serial " .
-			"-out ${CATOP}/$CACERT $CADAYS -batch " . 
-			"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
-			"-extensions v3_ca " .
-			"-infiles ${CATOP}/$CAREQ ");
-		    $RET=$?;
-		}
-	    }
-	} elsif (/^-pkcs12$/) {
-	    my $cname = $ARGV[1];
-	    $cname = "My Certificate" unless defined $cname;
-	    system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
-			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
-			"-export -name \"$cname\"");
-	    $RET=$?;
-	    print "PKCS #12 file is in newcert.p12\n";
-	    exit $RET;
-	} elsif (/^-xsign$/) {
-	    system ("$CA -policy policy_anything -infiles newreq.pem");
-	    $RET=$?;
-	} elsif (/^(-sign|-signreq)$/) {
-	    system ("$CA -policy policy_anything -out newcert.pem " .
-							"-infiles newreq.pem");
-	    $RET=$?;
-	    print "Signed certificate is in newcert.pem\n";
-	} elsif (/^(-signCA)$/) {
-	    system ("$CA -policy policy_anything -out newcert.pem " .
-					"-extensions v3_ca -infiles newreq.pem");
-	    $RET=$?;
-	    print "Signed CA certificate is in newcert.pem\n";
-	} elsif (/^-signcert$/) {
-	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
-								"-out tmp.pem");
-	    system ("$CA -policy policy_anything -out newcert.pem " .
-							"-infiles tmp.pem");
-	    $RET = $?;
-	    print "Signed certificate is in newcert.pem\n";
-	} elsif (/^-verify$/) {
-	    if (shift) {
-		foreach $j (@ARGV) {
-		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");
-		    $RET=$? if ($? != 0);
-		}
-		exit $RET;
-	    } else {
-		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
-		    $RET=$?;
-	    	    exit 0;
-	    }
-	} else {
-	    print STDERR "Unknown arg $_\n";
-	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-	    exit 1;
-	}
-}
-
-exit $RET;
-
-sub cp_pem {
-my ($infile, $outfile, $bound) = @_;
-open IN, $infile;
-open OUT, ">$outfile";
-my $flag = 0;
-while (<IN>) {
-	$flag = 1 if (/^-----BEGIN.*$bound/) ;
-	print OUT $_ if ($flag);
-	if (/^-----END.*$bound/) {
-		close IN;
-		close OUT;
-		return;
-	}
-}
-}
-
diff --git a/apps/CA.sh b/apps/CA.sh
deleted file mode 100644
index 7ad6b8c52e..0000000000
--- a/apps/CA.sh
+++ /dev/null
@@ -1,198 +0,0 @@
-#!/bin/sh
-#
-# CA - wrapper around ca to make it easier to use ... basically ca requires
-#      some setup stuff to be done before you can use it and this makes
-#      things easier between now and when Eric is convinced to fix it :-)
-#
-# CA -newca ... will setup the right stuff
-# CA -newreq ... will generate a certificate request
-# CA -sign ... will sign the generated request and output
-#
-# At the end of that grab newreq.pem and newcert.pem (one has the key
-# and the other the certificate) and cat them together and that is what
-# you want/need ... I'll make even this a little cleaner later.
-#
-#
-# 12-Jan-96 tjh    Added more things ... including CA -signcert which
-#                  converts a certificate to a request and then signs it.
-# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
-#                  environment variable so this can be driven from
-#                  a script.
-# 25-Jul-96 eay    Cleaned up filenames some more.
-# 11-Jun-96 eay    Fixed a few filename missmatches.
-# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
-# 18-Apr-96 tjh    Original hacking
-#
-# Tim Hudson
-# tjh@cryptsoft.com
-#
-
-# default openssl.cnf file has setup as per the following
-# demoCA ... where everything is stored
-cp_pem() {
-    infile=$1
-    outfile=$2
-    bound=$3
-    flag=0
-    exec <$infile;
-    while read line; do
-	if [ $flag -eq 1 ]; then
-		echo $line|grep "^-----END.*$bound"  2>/dev/null 1>/dev/null
-		if [ $? -eq 0 ] ; then
-			echo $line >>$outfile
-			break
-		else
-			echo $line >>$outfile
-		fi
-	fi
-
-	echo $line|grep "^-----BEGIN.*$bound"  2>/dev/null 1>/dev/null
-	if [ $? -eq 0 ]; then
-		echo $line >$outfile
-		flag=1
-	fi
-    done
-}
-
-usage() {
- echo "usage: $0 -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify" >&2
-}
-
-if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
-
-if [ -z "$DAYS" ] ; then DAYS="-days 365" ; fi	# 1 year
-CADAYS="-days 1095"	# 3 years
-REQ="$OPENSSL req $SSLEAY_CONFIG"
-CA="$OPENSSL ca $SSLEAY_CONFIG"
-VERIFY="$OPENSSL verify"
-X509="$OPENSSL x509"
-PKCS12="openssl pkcs12"
-
-if [ -z "$CATOP" ] ; then CATOP=./demoCA ; fi
-CAKEY=./cakey.pem
-CAREQ=./careq.pem
-CACERT=./cacert.pem
-
-RET=0
-
-while [ "$1" != "" ] ; do
-case $1 in
--\?|-h|-help)
-    usage
-    exit 0
-    ;;
--newcert)
-    # create a certificate
-    $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
-    RET=$?
-    echo "Certificate is in newcert.pem, private key is in newkey.pem"
-    ;;
--newreq)
-    # create a certificate request
-    $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
-    RET=$?
-    echo "Request is in newreq.pem, private key is in newkey.pem"
-    ;;
--newreq-nodes) 
-    # create a certificate request
-    $REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS
-    RET=$?
-    echo "Request (and private key) is in newreq.pem"
-    ;;
--newca)
-    # if explicitly asked for or it doesn't exist then setup the directory
-    # structure that Eric likes to manage things
-    NEW="1"
-    if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
-	# create the directory hierarchy
-	mkdir -p ${CATOP}
-	mkdir -p ${CATOP}/certs
-	mkdir -p ${CATOP}/crl
-	mkdir -p ${CATOP}/newcerts
-	mkdir -p ${CATOP}/private
-	touch ${CATOP}/index.txt
-    fi
-    if [ ! -f ${CATOP}/private/$CAKEY ]; then
-	echo "CA certificate filename (or enter to create)"
-	read FILE
-
-	# ask user for existing CA certificate
-	if [ "$FILE" ]; then
-	    cp_pem $FILE ${CATOP}/private/$CAKEY PRIVATE
-	    cp_pem $FILE ${CATOP}/$CACERT CERTIFICATE
-	    RET=$?
-	    if [ ! -f "${CATOP}/serial" ]; then
-		$X509 -in ${CATOP}/$CACERT -noout -next_serial \
-		      -out ${CATOP}/serial
-	    fi
-	else
-	    echo "Making CA certificate ..."
-	    $REQ -new -keyout ${CATOP}/private/$CAKEY \
-			   -out ${CATOP}/$CAREQ
-	    $CA -create_serial -out ${CATOP}/$CACERT $CADAYS -batch \
-			   -keyfile ${CATOP}/private/$CAKEY -selfsign \
-			   -extensions v3_ca \
-			   -infiles ${CATOP}/$CAREQ
-	    RET=$?
-	fi
-    fi
-    ;;
--xsign)
-    $CA -policy policy_anything -infiles newreq.pem
-    RET=$?
-    ;;
--pkcs12)
-    if [ -z "$2" ] ; then
-	CNAME="My Certificate"
-    else
-	CNAME="$2"
-    fi
-    $PKCS12 -in newcert.pem -inkey newreq.pem -certfile ${CATOP}/$CACERT \
-	    -out newcert.p12 -export -name "$CNAME"
-    RET=$?
-    exit $RET
-    ;;
--sign|-signreq)
-    $CA -policy policy_anything -out newcert.pem -infiles newreq.pem
-    RET=$?
-    cat newcert.pem
-    echo "Signed certificate is in newcert.pem"
-    ;;
--signCA)
-    $CA -policy policy_anything -out newcert.pem -extensions v3_ca -infiles newreq.pem
-    RET=$?
-    echo "Signed CA certificate is in newcert.pem"
-    ;;
--signcert)
-    echo "Cert passphrase will be requested twice - bug?"
-    $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
-    $CA -policy policy_anything -out newcert.pem -infiles tmp.pem
-    RET=$?
-    cat newcert.pem
-    echo "Signed certificate is in newcert.pem"
-    ;;
--verify)
-    shift
-    if [ -z "$1" ]; then
-	    $VERIFY -CAfile $CATOP/$CACERT newcert.pem
-	    RET=$?
-    else
-	for j
-	do
-	    $VERIFY -CAfile $CATOP/$CACERT $j
-	    if [ $? != 0 ]; then
-		    RET=$?
-	    fi
-	done
-    fi
-    exit $RET
-    ;;
-*)
-    echo "Unknown arg $i" >&2
-    usage
-    exit 1
-    ;;
-esac
-shift
-done
-exit $RET
diff --git a/apps/app_rand.c b/apps/app_rand.c
deleted file mode 100644
index b7b6128c1e..0000000000
--- a/apps/app_rand.c
+++ /dev/null
@@ -1,218 +0,0 @@
-/* apps/app_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-
-
-static int seeded = 0;
-static int egdsocket = 0;
-
-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
-	{
-	int consider_randfile = (file == NULL);
-	char buffer[200];
-	
-#ifdef OPENSSL_SYS_WINDOWS
-	BIO_printf(bio_e,"Loading 'screen' into random state -");
-	BIO_flush(bio_e);
-	RAND_screen();
-	BIO_printf(bio_e," done\n");
-#endif
-
-	if (file == NULL)
-		file = RAND_file_name(buffer, sizeof buffer);
-	else if (RAND_egd(file) > 0)
-		{
-		/* we try if the given filename is an EGD socket.
-		   if it is, we don't write anything back to the file. */
-		egdsocket = 1;
-		return 1;
-		}
-	if (file == NULL || !RAND_load_file(file, -1))
-		{
-		if (RAND_status() == 0)
-			{
-			if (!dont_warn)
-				{
-				BIO_printf(bio_e,"unable to load 'random state'\n");
-				BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
-				BIO_printf(bio_e,"with much random data.\n");
-				if (consider_randfile) /* explanation does not apply when a file is explicitly named */
-					{
-					BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
-					BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
-					}
-				}
-			return 0;
-			}
-		}
-	seeded = 1;
-	return 1;
-	}
-
-long app_RAND_load_files(char *name)
-	{
-	char *p,*n;
-	int last;
-	long tot=0;
-	int egd;
-	
-	for (;;)
-		{
-		last=0;
-		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
-		if (*p == '\0') last=1;
-		*p='\0';
-		n=name;
-		name=p+1;
-		if (*n == '\0') break;
-
-		egd=RAND_egd(n);
-		if (egd > 0)
-			tot+=egd;
-		else
-			tot+=RAND_load_file(n,-1);
-		if (last) break;
-		}
-	if (tot > 512)
-		app_RAND_allow_write_file();
-	return(tot);
-	}
-
-int app_RAND_write_file(const char *file, BIO *bio_e)
-	{
-	char buffer[200];
-	
-	if (egdsocket || !seeded)
-		/* If we did not manage to read the seed file,
-		 * we should not write a low-entropy seed file back --
-		 * it would suppress a crucial warning the next time
-		 * we want to use it. */
-		return 0;
-
-	if (file == NULL)
-		file = RAND_file_name(buffer, sizeof buffer);
-	if (file == NULL || !RAND_write_file(file))
-		{
-		BIO_printf(bio_e,"unable to write 'random state'\n");
-		return 0;
-		}
-	return 1;
-	}
-
-void app_RAND_allow_write_file(void)
-	{
-	seeded = 1;
-	}
diff --git a/apps/apps.c b/apps/apps.c
deleted file mode 100644
index 3e18289a4b..0000000000
--- a/apps/apps.c
+++ /dev/null
@@ -1,3098 +0,0 @@
-/* apps/apps.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
-#define _POSIX_C_SOURCE 2	/* On VMS, you need to define this to get
-				   the declaration of fileno().  The value
-				   2 is to make sure no function defined
-				   in POSIX-2 is left undefined. */
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(NETWARE_CLIB)
-#include <strings.h>
-#endif
-#include <sys/types.h>
-#include <ctype.h>
-#include <errno.h>
-#include <assert.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-#include <openssl/ui.h>
-#include <openssl/safestack.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_JPAKE
-#include <openssl/jpake.h>
-#endif
-
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
-
-#ifdef _WIN32
-static int WIN32_rename(const char *from, const char *to);
-#define rename(from,to) WIN32_rename((from),(to))
-#endif
-
-typedef struct {
-	const char *name;
-	unsigned long flag;
-	unsigned long mask;
-} NAME_EX_TBL;
-
-static UI_METHOD *ui_method = NULL;
-
-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
-static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
-
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-/* Looks like this stuff is worth moving into separate function */
-static EVP_PKEY *
-load_netscape_key(BIO *err, BIO *key, const char *file,
-		const char *key_descrip, int format);
-#endif
-
-int app_init(long mesgwin);
-#ifdef undef /* never finished - probably never will be :-) */
-int args_from_file(char *file, int *argc, char **argv[])
-	{
-	FILE *fp;
-	int num,i;
-	unsigned int len;
-	static char *buf=NULL;
-	static char **arg=NULL;
-	char *p;
-
-	fp=fopen(file,"r");
-	if (fp == NULL)
-		return(0);
-
-	if (fseek(fp,0,SEEK_END)==0)
-		len=ftell(fp), rewind(fp);
-	else	len=-1;
-	if (len<=0)
-		{
-		fclose(fp);
-		return(0);
-		}
-
-	*argc=0;
-	*argv=NULL;
-
-	if (buf != NULL) OPENSSL_free(buf);
-	buf=(char *)OPENSSL_malloc(len+1);
-	if (buf == NULL) return(0);
-
-	len=fread(buf,1,len,fp);
-	if (len <= 1) return(0);
-	buf[len]='\0';
-
-	i=0;
-	for (p=buf; *p; p++)
-		if (*p == '\n') i++;
-	if (arg != NULL) OPENSSL_free(arg);
-	arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
-
-	*argv=arg;
-	num=0;
-	p=buf;
-	for (;;)
-		{
-		if (!*p) break;
-		if (*p == '#') /* comment line */
-			{
-			while (*p && (*p != '\n')) p++;
-			continue;
-			}
-		/* else we have a line */
-		*(arg++)=p;
-		num++;
-		while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
-			p++;
-		if (!*p) break;
-		if (*p == '\n')
-			{
-			*(p++)='\0';
-			continue;
-			}
-		/* else it is a tab or space */
-		p++;
-		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
-			p++;
-		if (!*p) break;
-		if (*p == '\n')
-			{
-			p++;
-			continue;
-			}
-		*(arg++)=p++;
-		num++;
-		while (*p && (*p != '\n')) p++;
-		if (!*p) break;
-		/* else *p == '\n' */
-		*(p++)='\0';
-		}
-	*argc=num;
-	return(1);
-	}
-#endif
-
-int str2fmt(char *s)
-	{
-	if (s == NULL)
-		return FORMAT_UNDEF;
-	if 	((*s == 'D') || (*s == 'd'))
-		return(FORMAT_ASN1);
-	else if ((*s == 'T') || (*s == 't'))
-		return(FORMAT_TEXT);
-  	else if ((*s == 'N') || (*s == 'n'))
-  		return(FORMAT_NETSCAPE);
-  	else if ((*s == 'S') || (*s == 's'))
-  		return(FORMAT_SMIME);
- 	else if ((*s == 'M') || (*s == 'm'))
- 		return(FORMAT_MSBLOB);
-	else if ((*s == '1')
-		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
-		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
-		return(FORMAT_PKCS12);
-	else if ((*s == 'E') || (*s == 'e'))
-		return(FORMAT_ENGINE);
-	else if ((*s == 'P') || (*s == 'p'))
- 		{
- 		if (s[1] == 'V' || s[1] == 'v')
- 			return FORMAT_PVK;
- 		else
-  			return(FORMAT_PEM);
- 		}
-	else
-		return(FORMAT_UNDEF);
-	}
-
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
-void program_name(char *in, char *out, int size)
-	{
-	int i,n;
-	char *p=NULL;
-
-	n=strlen(in);
-	/* find the last '/', '\' or ':' */
-	for (i=n-1; i>0; i--)
-		{
-		if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
-			{
-			p= &(in[i+1]);
-			break;
-			}
-		}
-	if (p == NULL)
-		p=in;
-	n=strlen(p);
-
-#if defined(OPENSSL_SYS_NETWARE)
-   /* strip off trailing .nlm if present. */
-   if ((n > 4) && (p[n-4] == '.') &&
-      ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
-      ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
-      ((p[n-1] == 'm') || (p[n-1] == 'M')))
-      n-=4;
-#else
-	/* strip off trailing .exe if present. */
-	if ((n > 4) && (p[n-4] == '.') &&
-		((p[n-3] == 'e') || (p[n-3] == 'E')) &&
-		((p[n-2] == 'x') || (p[n-2] == 'X')) &&
-		((p[n-1] == 'e') || (p[n-1] == 'E')))
-		n-=4;
-#endif
-
-	if (n > size-1)
-		n=size-1;
-
-	for (i=0; i<n; i++)
-		{
-		if ((p[i] >= 'A') && (p[i] <= 'Z'))
-			out[i]=p[i]-'A'+'a';
-		else
-			out[i]=p[i];
-		}
-	out[n]='\0';
-	}
-#else
-#ifdef OPENSSL_SYS_VMS
-void program_name(char *in, char *out, int size)
-	{
-	char *p=in, *q;
-	char *chars=":]>";
-
-	while(*chars != '\0')
-		{
-		q=strrchr(p,*chars);
-		if (q > p)
-			p = q + 1;
-		chars++;
-		}
-
-	q=strrchr(p,'.');
-	if (q == NULL)
-		q = p + strlen(p);
-	strncpy(out,p,size-1);
-	if (q-p >= size)
-		{
-		out[size-1]='\0';
-		}
-	else
-		{
-		out[q-p]='\0';
-		}
-	}
-#else
-void program_name(char *in, char *out, int size)
-	{
-	char *p;
-
-	p=strrchr(in,'/');
-	if (p != NULL)
-		p++;
-	else
-		p=in;
-	BUF_strlcpy(out,p,size);
-	}
-#endif
-#endif
-
-int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
-	{
-	int num,i;
-	char *p;
-
-	*argc=0;
-	*argv=NULL;
-
-	i=0;
-	if (arg->count == 0)
-		{
-		arg->count=20;
-		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
-		if (arg->data == NULL)
-			return 0;
-		}
-	for (i=0; i<arg->count; i++)
-		arg->data[i]=NULL;
-
-	num=0;
-	p=buf;
-	for (;;)
-		{
-		/* first scan over white space */
-		if (!*p) break;
-		while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
-			p++;
-		if (!*p) break;
-
-		/* The start of something good :-) */
-		if (num >= arg->count)
-			{
-			char **tmp_p;
-			int tlen = arg->count + 20;
-			tmp_p = (char **)OPENSSL_realloc(arg->data,
-				sizeof(char *)*tlen);
-			if (tmp_p == NULL)
-				return 0;
-			arg->data  = tmp_p;
-			arg->count = tlen;
-			/* initialize newly allocated data */
-			for (i = num; i < arg->count; i++)
-				arg->data[i] = NULL;
-			}
-		arg->data[num++]=p;
-
-		/* now look for the end of this */
-		if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
-			{
-			i= *(p++);
-			arg->data[num-1]++; /* jump over quote */
-			while (*p && (*p != i))
-				p++;
-			*p='\0';
-			}
-		else
-			{
-			while (*p && ((*p != ' ') &&
-				(*p != '\t') && (*p != '\n')))
-				p++;
-
-			if (*p == '\0')
-				p--;
-			else
-				*p='\0';
-			}
-		p++;
-		}
-	*argc=num;
-	*argv=arg->data;
-	return(1);
-	}
-
-#ifndef APP_INIT
-int app_init(long mesgwin)
-	{
-	return(1);
-	}
-#endif
-
-
-int dump_cert_text (BIO *out, X509 *x)
-{
-	char *p;
-
-	p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
-	BIO_puts(out,"subject=");
-	BIO_puts(out,p);
-	OPENSSL_free(p);
-
-	p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
-	BIO_puts(out,"\nissuer=");
-	BIO_puts(out,p);
-	BIO_puts(out,"\n");
-	OPENSSL_free(p);
-
-	return 0;
-}
-
-static int ui_open(UI *ui)
-	{
-	return UI_method_get_opener(UI_OpenSSL())(ui);
-	}
-static int ui_read(UI *ui, UI_STRING *uis)
-	{
-	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
-		&& UI_get0_user_data(ui))
-		{
-		switch(UI_get_string_type(uis))
-			{
-		case UIT_PROMPT:
-		case UIT_VERIFY:
-			{
-			const char *password =
-				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-			if (password && password[0] != '\0')
-				{
-				UI_set_result(ui, uis, password);
-				return 1;
-				}
-			}
-		default:
-			break;
-			}
-		}
-	return UI_method_get_reader(UI_OpenSSL())(ui, uis);
-	}
-static int ui_write(UI *ui, UI_STRING *uis)
-	{
-	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
-		&& UI_get0_user_data(ui))
-		{
-		switch(UI_get_string_type(uis))
-			{
-		case UIT_PROMPT:
-		case UIT_VERIFY:
-			{
-			const char *password =
-				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
-			if (password && password[0] != '\0')
-				return 1;
-			}
-		default:
-			break;
-			}
-		}
-	return UI_method_get_writer(UI_OpenSSL())(ui, uis);
-	}
-static int ui_close(UI *ui)
-	{
-	return UI_method_get_closer(UI_OpenSSL())(ui);
-	}
-int setup_ui_method(void)
-	{
-	ui_method = UI_create_method("OpenSSL application user interface");
-	UI_method_set_opener(ui_method, ui_open);
-	UI_method_set_reader(ui_method, ui_read);
-	UI_method_set_writer(ui_method, ui_write);
-	UI_method_set_closer(ui_method, ui_close);
-	return 0;
-	}
-void destroy_ui_method(void)
-	{
-	if(ui_method)
-		{
-		UI_destroy_method(ui_method);
-		ui_method = NULL;
-		}
-	}
-int password_callback(char *buf, int bufsiz, int verify,
-	PW_CB_DATA *cb_tmp)
-	{
-	UI *ui = NULL;
-	int res = 0;
-	const char *prompt_info = NULL;
-	const char *password = NULL;
-	PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
-
-	if (cb_data)
-		{
-		if (cb_data->password)
-			password = cb_data->password;
-		if (cb_data->prompt_info)
-			prompt_info = cb_data->prompt_info;
-		}
-
-	if (password)
-		{
-		res = strlen(password);
-		if (res > bufsiz)
-			res = bufsiz;
-		memcpy(buf, password, res);
-		return res;
-		}
-
-	ui = UI_new_method(ui_method);
-	if (ui)
-		{
-		int ok = 0;
-		char *buff = NULL;
-		int ui_flags = 0;
-		char *prompt = NULL;
-
-		prompt = UI_construct_prompt(ui, "pass phrase",
-			prompt_info);
-
-		ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
-		UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
-
-		if (ok >= 0)
-			ok = UI_add_input_string(ui,prompt,ui_flags,buf,
-				PW_MIN_LENGTH,bufsiz-1);
-		if (ok >= 0 && verify)
-			{
-			buff = (char *)OPENSSL_malloc(bufsiz);
-			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
-				PW_MIN_LENGTH,bufsiz-1, buf);
-			}
-		if (ok >= 0)
-			do
-				{
-				ok = UI_process(ui);
-				}
-			while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
-
-		if (buff)
-			{
-			OPENSSL_cleanse(buff,(unsigned int)bufsiz);
-			OPENSSL_free(buff);
-			}
-
-		if (ok >= 0)
-			res = strlen(buf);
-		if (ok == -1)
-			{
-			BIO_printf(bio_err, "User interface error\n");
-			ERR_print_errors(bio_err);
-			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
-			res = 0;
-			}
-		if (ok == -2)
-			{
-			BIO_printf(bio_err,"aborted!\n");
-			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
-			res = 0;
-			}
-		UI_free(ui);
-		OPENSSL_free(prompt);
-		}
-	return res;
-	}
-
-static char *app_get_pass(BIO *err, char *arg, int keepbio);
-
-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
-{
-	int same;
-	if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
-	else same = 1;
-	if(arg1) {
-		*pass1 = app_get_pass(err, arg1, same);
-		if(!*pass1) return 0;
-	} else if(pass1) *pass1 = NULL;
-	if(arg2) {
-		*pass2 = app_get_pass(err, arg2, same ? 2 : 0);
-		if(!*pass2) return 0;
-	} else if(pass2) *pass2 = NULL;
-	return 1;
-}
-
-static char *app_get_pass(BIO *err, char *arg, int keepbio)
-{
-	char *tmp, tpass[APP_PASS_LEN];
-	static BIO *pwdbio = NULL;
-	int i;
-	if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
-	if(!strncmp(arg, "env:", 4)) {
-		tmp = getenv(arg + 4);
-		if(!tmp) {
-			BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
-			return NULL;
-		}
-		return BUF_strdup(tmp);
-	}
-	if(!keepbio || !pwdbio) {
-		if(!strncmp(arg, "file:", 5)) {
-			pwdbio = BIO_new_file(arg + 5, "r");
-			if(!pwdbio) {
-				BIO_printf(err, "Can't open file %s\n", arg + 5);
-				return NULL;
-			}
-#if !defined(_WIN32)
-		/*
-		 * Under _WIN32, which covers even Win64 and CE, file
-		 * descriptors referenced by BIO_s_fd are not inherited
-		 * by child process and therefore below is not an option.
-		 * It could have been an option if bss_fd.c was operating
-		 * on real Windows descriptors, such as those obtained
-		 * with CreateFile.
-		 */
-		} else if(!strncmp(arg, "fd:", 3)) {
-			BIO *btmp;
-			i = atoi(arg + 3);
-			if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
-			if((i < 0) || !pwdbio) {
-				BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
-				return NULL;
-			}
-			/* Can't do BIO_gets on an fd BIO so add a buffering BIO */
-			btmp = BIO_new(BIO_f_buffer());
-			pwdbio = BIO_push(btmp, pwdbio);
-#endif
-		} else if(!strcmp(arg, "stdin")) {
-			pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
-			if(!pwdbio) {
-				BIO_printf(err, "Can't open BIO for stdin\n");
-				return NULL;
-			}
-		} else {
-			BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
-			return NULL;
-		}
-	}
-	i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
-	if(keepbio != 1) {
-		BIO_free_all(pwdbio);
-		pwdbio = NULL;
-	}
-	if(i <= 0) {
-		BIO_printf(err, "Error reading password from BIO\n");
-		return NULL;
-	}
-	tmp = strchr(tpass, '\n');
-	if(tmp) *tmp = 0;
-	return BUF_strdup(tpass);
-}
-
-int add_oid_section(BIO *err, CONF *conf)
-{	
-	char *p;
-	STACK_OF(CONF_VALUE) *sktmp;
-	CONF_VALUE *cnf;
-	int i;
-	if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
-		{
-		ERR_clear_error();
-		return 1;
-		}
-	if(!(sktmp = NCONF_get_section(conf, p))) {
-		BIO_printf(err, "problem loading oid section %s\n", p);
-		return 0;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
-		cnf = sk_CONF_VALUE_value(sktmp, i);
-		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
-			BIO_printf(err, "problem creating object %s=%s\n",
-							 cnf->name, cnf->value);
-			return 0;
-		}
-	}
-	return 1;
-}
-
-static int load_pkcs12(BIO *err, BIO *in, const char *desc,
-		pem_password_cb *pem_cb,  void *cb_data,
-		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
-	{
- 	const char *pass;
-	char tpass[PEM_BUFSIZE];
-	int len, ret = 0;
-	PKCS12 *p12;
-	p12 = d2i_PKCS12_bio(in, NULL);
-	if (p12 == NULL)
-		{
-		BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);	
-		goto die;
-		}
-	/* See if an empty password will do */
-	if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
-		pass = "";
-	else
-		{
-		if (!pem_cb)
-			pem_cb = (pem_password_cb *)password_callback;
-		len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
-		if (len < 0) 
-			{
-			BIO_printf(err, "Passpharse callback error for %s\n",
-					desc);
-			goto die;
-			}
-		if (len < PEM_BUFSIZE)
-			tpass[len] = 0;
-		if (!PKCS12_verify_mac(p12, tpass, len))
-			{
-			BIO_printf(err,
-	"Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);	
-			goto die;
-			}
-		pass = tpass;
-		}
-	ret = PKCS12_parse(p12, pass, pkey, cert, ca);
-	die:
-	if (p12)
-		PKCS12_free(p12);
-	return ret;
-	}
-
-X509 *load_cert(BIO *err, const char *file, int format,
-	const char *pass, ENGINE *e, const char *cert_descrip)
-	{
-	X509 *x=NULL;
-	BIO *cert;
-
-	if ((cert=BIO_new(BIO_s_file())) == NULL)
-		{
-		ERR_print_errors(err);
-		goto end;
-		}
-
-	if (file == NULL)
-		{
-#ifdef _IONBF
-# ifndef OPENSSL_NO_SETVBUF_IONBF
-		setvbuf(stdin, NULL, _IONBF, 0);
-# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
-#endif
-		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
-		}
-	else
-		{
-		if (BIO_read_filename(cert,file) <= 0)
-			{
-			BIO_printf(err, "Error opening %s %s\n",
-				cert_descrip, file);
-			ERR_print_errors(err);
-			goto end;
-			}
-		}
-
-	if 	(format == FORMAT_ASN1)
-		x=d2i_X509_bio(cert,NULL);
-	else if (format == FORMAT_NETSCAPE)
-		{
-		NETSCAPE_X509 *nx;
-		nx=ASN1_item_d2i_bio(ASN1_ITEM_rptr(NETSCAPE_X509),cert,NULL);
-		if (nx == NULL)
-				goto end;
-
-		if ((strncmp(NETSCAPE_CERT_HDR,(char *)nx->header->data,
-			nx->header->length) != 0))
-			{
-			NETSCAPE_X509_free(nx);
-			BIO_printf(err,"Error reading header on certificate\n");
-			goto end;
-			}
-		x=nx->cert;
-		nx->cert = NULL;
-		NETSCAPE_X509_free(nx);
-		}
-	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509_AUX(cert,NULL,
-			(pem_password_cb *)password_callback, NULL);
-	else if (format == FORMAT_PKCS12)
-		{
-		if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
-					NULL, &x, NULL))
-			goto end;
-		}
-	else	{
-		BIO_printf(err,"bad input format specified for %s\n",
-			cert_descrip);
-		goto end;
-		}
-end:
-	if (x == NULL)
-		{
-		BIO_printf(err,"unable to load certificate\n");
-		ERR_print_errors(err);
-		}
-	if (cert != NULL) BIO_free(cert);
-	return(x);
-	}
-
-EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
-	const char *pass, ENGINE *e, const char *key_descrip)
-	{
-	BIO *key=NULL;
-	EVP_PKEY *pkey=NULL;
-	PW_CB_DATA cb_data;
-
-	cb_data.password = pass;
-	cb_data.prompt_info = file;
-
-	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
-		{
-		BIO_printf(err,"no keyfile specified\n");
-		goto end;
-		}
-#ifndef OPENSSL_NO_ENGINE
-	if (format == FORMAT_ENGINE)
-		{
-		if (!e)
-			BIO_printf(err,"no engine specified\n");
-		else
-			{
-			pkey = ENGINE_load_private_key(e, file,
-				ui_method, &cb_data);
-			if (!pkey) 
-				{
-				BIO_printf(err,"cannot load %s from engine\n",key_descrip);
-				ERR_print_errors(err);
-				}	
-			}
-		goto end;
-		}
-#endif
-	key=BIO_new(BIO_s_file());
-	if (key == NULL)
-		{
-		ERR_print_errors(err);
-		goto end;
-		}
-	if (file == NULL && maybe_stdin)
-		{
-#ifdef _IONBF
-# ifndef OPENSSL_NO_SETVBUF_IONBF
-		setvbuf(stdin, NULL, _IONBF, 0);
-# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
-#endif
-		BIO_set_fp(key,stdin,BIO_NOCLOSE);
-		}
-	else
-		if (BIO_read_filename(key,file) <= 0)
-			{
-			BIO_printf(err, "Error opening %s %s\n",
-				key_descrip, file);
-			ERR_print_errors(err);
-			goto end;
-			}
-	if (format == FORMAT_ASN1)
-		{
-		pkey=d2i_PrivateKey_bio(key, NULL);
-		}
-	else if (format == FORMAT_PEM)
-		{
-		pkey=PEM_read_bio_PrivateKey(key,NULL,
-			(pem_password_cb *)password_callback, &cb_data);
-		}
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
-		pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
-	else if (format == FORMAT_PKCS12)
-		{
-		if (!load_pkcs12(err, key, key_descrip,
-				(pem_password_cb *)password_callback, &cb_data,
-				&pkey, NULL, NULL))
-			goto end;
-		}
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
-	else if (format == FORMAT_MSBLOB)
-		pkey = b2i_PrivateKey_bio(key);
-	else if (format == FORMAT_PVK)
-		pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
-								&cb_data);
-#endif
-	else
-		{
-		BIO_printf(err,"bad input format specified for key file\n");
-		goto end;
-		}
- end:
-	if (key != NULL) BIO_free(key);
-	if (pkey == NULL) 
-		{
-		BIO_printf(err,"unable to load %s\n", key_descrip);
-		ERR_print_errors(err);
-		}	
-	return(pkey);
-	}
-
-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
-	const char *pass, ENGINE *e, const char *key_descrip)
-	{
-	BIO *key=NULL;
-	EVP_PKEY *pkey=NULL;
-	PW_CB_DATA cb_data;
-
-	cb_data.password = pass;
-	cb_data.prompt_info = file;
-
-	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
-		{
-		BIO_printf(err,"no keyfile specified\n");
-		goto end;
-		}
-#ifndef OPENSSL_NO_ENGINE
-	if (format == FORMAT_ENGINE)
-		{
-		if (!e)
-			BIO_printf(bio_err,"no engine specified\n");
-		else
-			pkey = ENGINE_load_public_key(e, file,
-				ui_method, &cb_data);
-		goto end;
-		}
-#endif
-	key=BIO_new(BIO_s_file());
-	if (key == NULL)
-		{
-		ERR_print_errors(err);
-		goto end;
-		}
-	if (file == NULL && maybe_stdin)
-		{
-#ifdef _IONBF
-# ifndef OPENSSL_NO_SETVBUF_IONBF
-		setvbuf(stdin, NULL, _IONBF, 0);
-# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
-#endif
-		BIO_set_fp(key,stdin,BIO_NOCLOSE);
-		}
-	else
-		if (BIO_read_filename(key,file) <= 0)
-			{
-			BIO_printf(err, "Error opening %s %s\n",
-				key_descrip, file);
-			ERR_print_errors(err);
-			goto end;
-		}
-	if (format == FORMAT_ASN1)
-		{
-		pkey=d2i_PUBKEY_bio(key, NULL);
-		}
-#ifndef OPENSSL_NO_RSA
-	else if (format == FORMAT_ASN1RSA)
-		{
-		RSA *rsa;
-		rsa = d2i_RSAPublicKey_bio(key, NULL);
-		if (rsa)
-			{
-			pkey = EVP_PKEY_new();
-			if (pkey)
-				EVP_PKEY_set1_RSA(pkey, rsa);
-			RSA_free(rsa);
-			}
-		else
-			pkey = NULL;
-		}
-	else if (format == FORMAT_PEMRSA)
-		{
-		RSA *rsa;
-		rsa = PEM_read_bio_RSAPublicKey(key, NULL, 
-			(pem_password_cb *)password_callback, &cb_data);
-		if (rsa)
-			{
-			pkey = EVP_PKEY_new();
-			if (pkey)
-				EVP_PKEY_set1_RSA(pkey, rsa);
-			RSA_free(rsa);
-			}
-		else
-			pkey = NULL;
-		}
-#endif
-	else if (format == FORMAT_PEM)
-		{
-		pkey=PEM_read_bio_PUBKEY(key,NULL,
-			(pem_password_cb *)password_callback, &cb_data);
-		}
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
-		pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
-	else if (format == FORMAT_MSBLOB)
-		pkey = b2i_PublicKey_bio(key);
-#endif
-	else
-		{
-		BIO_printf(err,"bad input format specified for key file\n");
-		goto end;
-		}
- end:
-	if (key != NULL) BIO_free(key);
-	if (pkey == NULL)
-		BIO_printf(err,"unable to load %s\n", key_descrip);
-	return(pkey);
-	}
-
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-static EVP_PKEY *
-load_netscape_key(BIO *err, BIO *key, const char *file,
-		const char *key_descrip, int format)
-	{
-	EVP_PKEY *pkey;
-	BUF_MEM *buf;
-	RSA	*rsa;
-	const unsigned char *p;
-	int size, i;
-
-	buf=BUF_MEM_new();
-	pkey = EVP_PKEY_new();
-	size = 0;
-	if (buf == NULL || pkey == NULL)
-		goto error;
-	for (;;)
-		{
-		if (!BUF_MEM_grow_clean(buf,size+1024*10))
-			goto error;
-		i = BIO_read(key, &(buf->data[size]), 1024*10);
-		size += i;
-		if (i == 0)
-			break;
-		if (i < 0)
-			{
-				BIO_printf(err, "Error reading %s %s",
-					key_descrip, file);
-				goto error;
-			}
-		}
-	p=(unsigned char *)buf->data;
-	rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
-		(format == FORMAT_IISSGC ? 1 : 0));
-	if (rsa == NULL)
-		goto error;
-	BUF_MEM_free(buf);
-	EVP_PKEY_set1_RSA(pkey, rsa);
-	return pkey;
-error:
-	BUF_MEM_free(buf);
-	EVP_PKEY_free(pkey);
-	return NULL;
-	}
-#endif /* ndef OPENSSL_NO_RC4 */
-
-static int load_certs_crls(BIO *err, const char *file, int format,
-	const char *pass, ENGINE *e, const char *desc,
-	STACK_OF(X509) **pcerts, STACK_OF(X509_CRL) **pcrls)
-	{
-	int i;
-	BIO *bio;
-	STACK_OF(X509_INFO) *xis = NULL;
-	X509_INFO *xi;
-	PW_CB_DATA cb_data;
-	int rv = 0;
-
-	cb_data.password = pass;
-	cb_data.prompt_info = file;
-
-	if (format != FORMAT_PEM)
-		{
-		BIO_printf(err,"bad input format specified for %s\n", desc);
-		return 0;
-		}
-
-	if (file == NULL)
-		bio = BIO_new_fp(stdin,BIO_NOCLOSE);
-	else
-		bio = BIO_new_file(file, "r");
-
-	if (bio == NULL)
-		{
-		BIO_printf(err, "Error opening %s %s\n",
-				desc, file ? file : "stdin");
-		ERR_print_errors(err);
-		return 0;
-		}
-
-	xis = PEM_X509_INFO_read_bio(bio, NULL,
-				(pem_password_cb *)password_callback, &cb_data);
-
-	BIO_free(bio);
-
-	if (pcerts)
-		{
-		*pcerts = sk_X509_new_null();
-		if (!*pcerts)
-			goto end;
-		}
-
-	if (pcrls)
-		{
-		*pcrls = sk_X509_CRL_new_null();
-		if (!*pcrls)
-			goto end;
-		}
-
-	for(i = 0; i < sk_X509_INFO_num(xis); i++)
-		{
-		xi = sk_X509_INFO_value (xis, i);
-		if (xi->x509 && pcerts)
-			{
-			if (!sk_X509_push(*pcerts, xi->x509))
-				goto end;
-			xi->x509 = NULL;
-			}
-		if (xi->crl && pcrls)
-			{
-			if (!sk_X509_CRL_push(*pcrls, xi->crl))
-				goto end;
-			xi->crl = NULL;
-			}
-		}
-
-	if (pcerts && sk_X509_num(*pcerts) > 0)
-		rv = 1;
-
-	if (pcrls && sk_X509_CRL_num(*pcrls) > 0)
-		rv = 1;
-
-	end:
-
-	if (xis)
-		sk_X509_INFO_pop_free(xis, X509_INFO_free);
-
-	if (rv == 0)
-		{
-		if (pcerts)
-			{
-			sk_X509_pop_free(*pcerts, X509_free);
-			*pcerts = NULL;
-			}
-		if (pcrls)
-			{
-			sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
-			*pcrls = NULL;
-			}
-		BIO_printf(err,"unable to load %s\n",
-				pcerts ? "certificates" : "CRLs");
-		ERR_print_errors(err);
-		}
-	return rv;
-	}
-
-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
-	const char *pass, ENGINE *e, const char *desc)
-	{
-	STACK_OF(X509) *certs;
-	if (!load_certs_crls(err, file, format, pass, e, desc, &certs, NULL))
-		return NULL;
-	return certs;
-	}	
-
-STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
-	const char *pass, ENGINE *e, const char *desc)
-	{
-	STACK_OF(X509_CRL) *crls;
-	if (!load_certs_crls(err, file, format, pass, e, desc, NULL, &crls))
-		return NULL;
-	return crls;
-	}	
-
-#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
-/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT		0
-/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
-/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
-/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
-
-#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
-			 X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
-
-int set_cert_ex(unsigned long *flags, const char *arg)
-{
-	static const NAME_EX_TBL cert_tbl[] = {
-		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},
-		{ "ca_default", X509_FLAG_CA, 0xffffffffl},
-		{ "no_header", X509_FLAG_NO_HEADER, 0},
-		{ "no_version", X509_FLAG_NO_VERSION, 0},
-		{ "no_serial", X509_FLAG_NO_SERIAL, 0},
-		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
-		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
-		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
-		{ "no_issuer", X509_FLAG_NO_ISSUER, 0},
-		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
-		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
-		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
-		{ "no_aux", X509_FLAG_NO_AUX, 0},
-		{ "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
-		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
-		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
-		{ NULL, 0, 0}
-	};
-	return set_multi_opts(flags, arg, cert_tbl);
-}
-
-int set_name_ex(unsigned long *flags, const char *arg)
-{
-	static const NAME_EX_TBL ex_tbl[] = {
-		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
-		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
-		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
-		{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
-		{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
-		{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
-		{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
-		{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
-		{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
-		{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
-		{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
-		{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
-		{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
-		{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
-		{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
-		{ "dn_rev", XN_FLAG_DN_REV, 0},
-		{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
-		{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
-		{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
-		{ "align", XN_FLAG_FN_ALIGN, 0},
-		{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
-		{ "space_eq", XN_FLAG_SPC_EQ, 0},
-		{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
-		{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
-		{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
-		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
-		{ "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
-		{ NULL, 0, 0}
-	};
-	return set_multi_opts(flags, arg, ex_tbl);
-}
-
-int set_ext_copy(int *copy_type, const char *arg)
-{
-	if (!strcasecmp(arg, "none"))
-		*copy_type = EXT_COPY_NONE;
-	else if (!strcasecmp(arg, "copy"))
-		*copy_type = EXT_COPY_ADD;
-	else if (!strcasecmp(arg, "copyall"))
-		*copy_type = EXT_COPY_ALL;
-	else
-		return 0;
-	return 1;
-}
-
-int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
-{
-	STACK_OF(X509_EXTENSION) *exts = NULL;
-	X509_EXTENSION *ext, *tmpext;
-	ASN1_OBJECT *obj;
-	int i, idx, ret = 0;
-	if (!x || !req || (copy_type == EXT_COPY_NONE))
-		return 1;
-	exts = X509_REQ_get_extensions(req);
-
-	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
-		ext = sk_X509_EXTENSION_value(exts, i);
-		obj = X509_EXTENSION_get_object(ext);
-		idx = X509_get_ext_by_OBJ(x, obj, -1);
-		/* Does extension exist? */
-		if (idx != -1) {
-			/* If normal copy don't override existing extension */
-			if (copy_type == EXT_COPY_ADD)
-				continue;
-			/* Delete all extensions of same type */
-			do {
-				tmpext = X509_get_ext(x, idx);
-				X509_delete_ext(x, idx);
-				X509_EXTENSION_free(tmpext);
-				idx = X509_get_ext_by_OBJ(x, obj, -1);
-			} while (idx != -1);
-		}
-		if (!X509_add_ext(x, ext, -1))
-			goto end;
-	}
-
-	ret = 1;
-
-	end:
-
-	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-
-	return ret;
-}
-		
-		
-			
-
-static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
-{
-	STACK_OF(CONF_VALUE) *vals;
-	CONF_VALUE *val;
-	int i, ret = 1;
-	if(!arg) return 0;
-	vals = X509V3_parse_list(arg);
-	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
-		val = sk_CONF_VALUE_value(vals, i);
-		if (!set_table_opts(flags, val->name, in_tbl))
-			ret = 0;
-	}
-	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-	return ret;
-}
-
-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
-{
-	char c;
-	const NAME_EX_TBL *ptbl;
-	c = arg[0];
-
-	if(c == '-') {
-		c = 0;
-		arg++;
-	} else if (c == '+') {
-		c = 1;
-		arg++;
-	} else c = 1;
-
-	for(ptbl = in_tbl; ptbl->name; ptbl++) {
-		if(!strcasecmp(arg, ptbl->name)) {
-			*flags &= ~ptbl->mask;
-			if(c) *flags |= ptbl->flag;
-			else *flags &= ~ptbl->flag;
-			return 1;
-		}
-	}
-	return 0;
-}
-
-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
-{
-	char *buf;
-	char mline = 0;
-	int indent = 0;
-
-	if(title) BIO_puts(out, title);
-	if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-		mline = 1;
-		indent = 4;
-	}
-	if(lflags == XN_FLAG_COMPAT) {
-		buf = X509_NAME_oneline(nm, 0, 0);
-		BIO_puts(out, buf);
-		BIO_puts(out, "\n");
-		OPENSSL_free(buf);
-	} else {
-		if(mline) BIO_puts(out, "\n");
-		X509_NAME_print_ex(out, nm, indent, lflags);
-		BIO_puts(out, "\n");
-	}
-}
-
-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
-{
-	X509_STORE *store;
-	X509_LOOKUP *lookup;
-	if(!(store = X509_STORE_new())) goto end;
-	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
-	if (lookup == NULL) goto end;
-	if (CAfile) {
-		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
-			BIO_printf(bp, "Error loading file %s\n", CAfile);
-			goto end;
-		}
-	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-		
-	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
-	if (lookup == NULL) goto end;
-	if (CApath) {
-		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
-			BIO_printf(bp, "Error loading directory %s\n", CApath);
-			goto end;
-		}
-	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-
-	ERR_clear_error();
-	return store;
-	end:
-	X509_STORE_free(store);
-	return NULL;
-}
-
-#ifndef OPENSSL_NO_ENGINE
-/* Try to load an engine in a shareable library */
-static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
-	{
-	ENGINE *e = ENGINE_by_id("dynamic");
-	if (e)
-		{
-		if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
-			|| !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
-			{
-			ENGINE_free(e);
-			e = NULL;
-			}
-		}
-	return e;
-	}
-
-ENGINE *setup_engine(BIO *err, const char *engine, int debug)
-        {
-        ENGINE *e = NULL;
-
-        if (engine)
-                {
-		if(strcmp(engine, "auto") == 0)
-			{
-			BIO_printf(err,"enabling auto ENGINE support\n");
-			ENGINE_register_all_complete();
-			return NULL;
-			}
-		if((e = ENGINE_by_id(engine)) == NULL
-			&& (e = try_load_engine(err, engine, debug)) == NULL)
-			{
-			BIO_printf(err,"invalid engine \"%s\"\n", engine);
-			ERR_print_errors(err);
-			return NULL;
-			}
-		if (debug)
-			{
-			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
-				0, err, 0);
-			}
-                ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
-		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
-			{
-			BIO_printf(err,"can't use that engine\n");
-			ERR_print_errors(err);
-			ENGINE_free(e);
-			return NULL;
-			}
-
-		BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
-
-		/* Free our "structural" reference. */
-		ENGINE_free(e);
-		}
-        return e;
-        }
-#endif
-
-int load_config(BIO *err, CONF *cnf)
-	{
-	static int load_config_called = 0;
-	if (load_config_called)
-		return 1;
-	load_config_called = 1;
-	if (!cnf)
-		cnf = config;
-	if (!cnf)
-		return 1;
-
-	OPENSSL_load_builtin_modules();
-
-	if (CONF_modules_load(cnf, NULL, 0) <= 0)
-		{
-		BIO_printf(err, "Error configuring OpenSSL\n");
-		ERR_print_errors(err);
-		return 0;
-		}
-	return 1;
-	}
-
-char *make_config_name()
-	{
-	const char *t=X509_get_default_cert_area();
-	size_t len;
-	char *p;
-
-	len=strlen(t)+strlen(OPENSSL_CONF)+2;
-	p=OPENSSL_malloc(len);
-	if (p == NULL)
-		return NULL;
-	BUF_strlcpy(p,t,len);
-#ifndef OPENSSL_SYS_VMS
-	BUF_strlcat(p,"/",len);
-#endif
-	BUF_strlcat(p,OPENSSL_CONF,len);
-
-	return p;
-	}
-
-static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
-	{
-	const char *n;
-
-	n=a[DB_serial];
-	while (*n == '0') n++;
-	return(lh_strhash(n));
-	}
-
-static int index_serial_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
-	{
-	const char *aa,*bb;
-
-	for (aa=a[DB_serial]; *aa == '0'; aa++);
-	for (bb=b[DB_serial]; *bb == '0'; bb++);
-	return(strcmp(aa,bb));
-	}
-
-static int index_name_qual(char **a)
-	{ return(a[0][0] == 'V'); }
-
-static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
-	{ return(lh_strhash(a[DB_name])); }
-
-int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
-	{ return(strcmp(a[DB_name], b[DB_name])); }
-
-static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
-static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
-static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
-
-#undef BSIZE
-#define BSIZE 256
-
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
-	{
-	BIO *in=NULL;
-	BIGNUM *ret=NULL;
-	MS_STATIC char buf[1024];
-	ASN1_INTEGER *ai=NULL;
-
-	ai=ASN1_INTEGER_new();
-	if (ai == NULL) goto err;
-
-	if ((in=BIO_new(BIO_s_file())) == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	if (BIO_read_filename(in,serialfile) <= 0)
-		{
-		if (!create)
-			{
-			perror(serialfile);
-			goto err;
-			}
-		else
-			{
-			ret=BN_new();
-			if (ret == NULL || !rand_serial(ret, ai))
-				BIO_printf(bio_err, "Out of memory\n");
-			}
-		}
-	else
-		{
-		if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
-			{
-			BIO_printf(bio_err,"unable to load number from %s\n",
-				serialfile);
-			goto err;
-			}
-		ret=ASN1_INTEGER_to_BN(ai,NULL);
-		if (ret == NULL)
-			{
-			BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
-			goto err;
-			}
-		}
-
-	if (ret && retai)
-		{
-		*retai = ai;
-		ai = NULL;
-		}
- err:
-	if (in != NULL) BIO_free(in);
-	if (ai != NULL) ASN1_INTEGER_free(ai);
-	return(ret);
-	}
-
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
-	{
-	char buf[1][BSIZE];
-	BIO *out = NULL;
-	int ret=0;
-	ASN1_INTEGER *ai=NULL;
-	int j;
-
-	if (suffix == NULL)
-		j = strlen(serialfile);
-	else
-		j = strlen(serialfile) + strlen(suffix) + 1;
-	if (j >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-	if (suffix == NULL)
-		BUF_strlcpy(buf[0], serialfile, BSIZE);
-	else
-		{
-#ifndef OPENSSL_SYS_VMS
-		j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
-#else
-		j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
-#endif
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
-	out=BIO_new(BIO_s_file());
-	if (out == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-	if (BIO_write_filename(out,buf[0]) <= 0)
-		{
-		perror(serialfile);
-		goto err;
-		}
-
-	if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
-		{
-		BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
-		goto err;
-		}
-	i2a_ASN1_INTEGER(out,ai);
-	BIO_puts(out,"\n");
-	ret=1;
-	if (retai)
-		{
-		*retai = ai;
-		ai = NULL;
-		}
-err:
-	if (out != NULL) BIO_free_all(out);
-	if (ai != NULL) ASN1_INTEGER_free(ai);
-	return(ret);
-	}
-
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
-	{
-	char buf[5][BSIZE];
-	int i,j;
-
-	i = strlen(serialfile) + strlen(old_suffix);
-	j = strlen(serialfile) + strlen(new_suffix);
-	if (i > j) j = i;
-	if (j + 1 >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
-		serialfile, new_suffix);
-#else
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
-		serialfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
-		serialfile, old_suffix);
-#else
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
-		serialfile, old_suffix);
-#endif
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		serialfile, buf[1]);
-#endif
-	if (rename(serialfile,buf[1]) < 0 && errno != ENOENT
-#ifdef ENOTDIR
-			&& errno != ENOTDIR
-#endif
-	   )		{
-			BIO_printf(bio_err,
-				"unable to rename %s to %s\n",
-				serialfile, buf[1]);
-			perror("reason");
-			goto err;
-			}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[0],serialfile);
-#endif
-	if (rename(buf[0],serialfile) < 0)
-		{
-		BIO_printf(bio_err,
-			"unable to rename %s to %s\n",
-			buf[0],serialfile);
-		perror("reason");
-		rename(buf[1],serialfile);
-		goto err;
-		}
-	return 1;
- err:
-	return 0;
-	}
-
-int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
-	{
-	BIGNUM *btmp;
-	int ret = 0;
-	if (b)
-		btmp = b;
-	else
-		btmp = BN_new();
-
-	if (!btmp)
-		return 0;
-
-	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
-		goto error;
-	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
-		goto error;
-
-	ret = 1;
-	
-	error:
-
-	if (!b)
-		BN_free(btmp);
-	
-	return ret;
-	}
-
-CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
-	{
-	CA_DB *retdb = NULL;
-	TXT_DB *tmpdb = NULL;
-	BIO *in = BIO_new(BIO_s_file());
-	CONF *dbattr_conf = NULL;
-	char buf[1][BSIZE];
-	long errorline= -1;
-
-	if (in == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-	if (BIO_read_filename(in,dbfile) <= 0)
-		{
-		perror(dbfile);
-		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
-		goto err;
-		}
-	if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
-		goto err;
-
-#ifndef OPENSSL_SYS_VMS
-	BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
-#else
-	BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
-#endif
-	dbattr_conf = NCONF_new(NULL);
-	if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
-		{
-		if (errorline > 0)
-			{
-			BIO_printf(bio_err,
-				"error on line %ld of db attribute file '%s'\n"
-				,errorline,buf[0]);
-			goto err;
-			}
-		else
-			{
-			NCONF_free(dbattr_conf);
-			dbattr_conf = NULL;
-			}
-		}
-
-	if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
-		{
-		fprintf(stderr, "Out of memory\n");
-		goto err;
-		}
-
-	retdb->db = tmpdb;
-	tmpdb = NULL;
-	if (db_attr)
-		retdb->attributes = *db_attr;
-	else
-		{
-		retdb->attributes.unique_subject = 1;
-		}
-
-	if (dbattr_conf)
-		{
-		char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
-		if (p)
-			{
-#ifdef RL_DEBUG
-			BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
-#endif
-			retdb->attributes.unique_subject = parse_yesno(p,1);
-			}
-		}
-
- err:
-	if (dbattr_conf) NCONF_free(dbattr_conf);
-	if (tmpdb) TXT_DB_free(tmpdb);
-	if (in) BIO_free_all(in);
-	return retdb;
-	}
-
-int index_index(CA_DB *db)
-	{
-	if (!TXT_DB_create_index(db->db, DB_serial, NULL,
-				LHASH_HASH_FN(index_serial),
-				LHASH_COMP_FN(index_serial)))
-		{
-		BIO_printf(bio_err,
-		  "error creating serial number index:(%ld,%ld,%ld)\n",
-		  			db->db->error,db->db->arg1,db->db->arg2);
-			return 0;
-		}
-
-	if (db->attributes.unique_subject
-		&& !TXT_DB_create_index(db->db, DB_name, index_name_qual,
-			LHASH_HASH_FN(index_name),
-			LHASH_COMP_FN(index_name)))
-		{
-		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
-			db->db->error,db->db->arg1,db->db->arg2);
-		return 0;
-		}
-	return 1;
-	}
-
-int save_index(const char *dbfile, const char *suffix, CA_DB *db)
-	{
-	char buf[3][BSIZE];
-	BIO *out = BIO_new(BIO_s_file());
-	int j;
-
-	if (out == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	j = strlen(dbfile) + strlen(suffix);
-	if (j + 6 >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
-#else
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
-#else
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
-#else
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
-#endif
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
-	if (BIO_write_filename(out,buf[0]) <= 0)
-		{
-		perror(dbfile);
-		BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
-		goto err;
-		}
-	j=TXT_DB_write(out,db->db);
-	if (j <= 0) goto err;
-			
-	BIO_free(out);
-
-	out = BIO_new(BIO_s_file());
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
-#endif
-	if (BIO_write_filename(out,buf[1]) <= 0)
-		{
-		perror(buf[2]);
-		BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
-		goto err;
-		}
-	BIO_printf(out,"unique_subject = %s\n",
-		db->attributes.unique_subject ? "yes" : "no");
-	BIO_free(out);
-
-	return 1;
- err:
-	return 0;
-	}
-
-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
-	{
-	char buf[5][BSIZE];
-	int i,j;
-
-	i = strlen(dbfile) + strlen(old_suffix);
-	j = strlen(dbfile) + strlen(new_suffix);
-	if (i > j) j = i;
-	if (j + 6 >= BSIZE)
-		{
-		BIO_printf(bio_err,"file name too long\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
-#else
-	j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
-		dbfile, new_suffix);
-#else
-	j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
-		dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
-		dbfile, new_suffix);
-#else
-	j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
-		dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
-		dbfile, old_suffix);
-#else
-	j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
-		dbfile, old_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
-	j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
-		dbfile, old_suffix);
-#else
-	j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
-		dbfile, old_suffix);
-#endif
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		dbfile, buf[1]);
-#endif
-	if (rename(dbfile,buf[1]) < 0 && errno != ENOENT
-#ifdef ENOTDIR
-		&& errno != ENOTDIR
-#endif
-	   )		{
-			BIO_printf(bio_err,
-				"unable to rename %s to %s\n",
-				dbfile, buf[1]);
-			perror("reason");
-			goto err;
-			}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[0],dbfile);
-#endif
-	if (rename(buf[0],dbfile) < 0)
-		{
-		BIO_printf(bio_err,
-			"unable to rename %s to %s\n",
-			buf[0],dbfile);
-		perror("reason");
-		rename(buf[1],dbfile);
-		goto err;
-		}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[4],buf[3]);
-#endif
-	if (rename(buf[4],buf[3]) < 0 && errno != ENOENT
-#ifdef ENOTDIR
-		&& errno != ENOTDIR
-#endif
-	   )		{
-			BIO_printf(bio_err,
-				"unable to rename %s to %s\n",
-				buf[4], buf[3]);
-			perror("reason");
-			rename(dbfile,buf[0]);
-			rename(buf[1],dbfile);
-			goto err;
-			}
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
-		buf[2],buf[4]);
-#endif
-	if (rename(buf[2],buf[4]) < 0)
-		{
-		BIO_printf(bio_err,
-			"unable to rename %s to %s\n",
-			buf[2],buf[4]);
-		perror("reason");
-		rename(buf[3],buf[4]);
-		rename(dbfile,buf[0]);
-		rename(buf[1],dbfile);
-		goto err;
-		}
-	return 1;
- err:
-	return 0;
-	}
-
-void free_index(CA_DB *db)
-	{
-	if (db)
-		{
-		if (db->db) TXT_DB_free(db->db);
-		OPENSSL_free(db);
-		}
-	}
-
-int parse_yesno(const char *str, int def)
-	{
-	int ret = def;
-	if (str)
-		{
-		switch (*str)
-			{
-		case 'f': /* false */
-		case 'F': /* FALSE */
-		case 'n': /* no */
-		case 'N': /* NO */
-		case '0': /* 0 */
-			ret = 0;
-			break;
-		case 't': /* true */
-		case 'T': /* TRUE */
-		case 'y': /* yes */
-		case 'Y': /* YES */
-		case '1': /* 1 */
-			ret = 1;
-			break;
-		default:
-			ret = def;
-			break;
-			}
-		}
-	return ret;
-	}
-
-/*
- * subject is expected to be in the format /type0=value0/type1=value1/type2=...
- * where characters may be escaped by \
- */
-X509_NAME *parse_name(char *subject, long chtype, int multirdn)
-	{
-	size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
-	char *buf = OPENSSL_malloc(buflen);
-	size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
-	char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
-	char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
-	int *mval = OPENSSL_malloc (max_ne * sizeof (int));
-
-	char *sp = subject, *bp = buf;
-	int i, ne_num = 0;
-
-	X509_NAME *n = NULL;
-	int nid;
-
-	if (!buf || !ne_types || !ne_values || !mval)
-		{
-		BIO_printf(bio_err, "malloc error\n");
-		goto error;
-		}	
-
-	if (*subject != '/')
-		{
-		BIO_printf(bio_err, "Subject does not start with '/'.\n");
-		goto error;
-		}
-	sp++; /* skip leading / */
-
-	/* no multivalued RDN by default */
-	mval[ne_num] = 0;
-
-	while (*sp)
-		{
-		/* collect type */
-		ne_types[ne_num] = bp;
-		while (*sp)
-			{
-			if (*sp == '\\') /* is there anything to escape in the type...? */
-				{
-				if (*++sp)
-					*bp++ = *sp++;
-				else	
-					{
-					BIO_printf(bio_err, "escape character at end of string\n");
-					goto error;
-					}
-				}	
-			else if (*sp == '=')
-				{
-				sp++;
-				*bp++ = '\0';
-				break;
-				}
-			else
-				*bp++ = *sp++;
-			}
-		if (!*sp)
-			{
-			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
-			goto error;
-			}
-		ne_values[ne_num] = bp;
-		while (*sp)
-			{
-			if (*sp == '\\')
-				{
-				if (*++sp)
-					*bp++ = *sp++;
-				else
-					{
-					BIO_printf(bio_err, "escape character at end of string\n");
-					goto error;
-					}
-				}
-			else if (*sp == '/')
-				{
-				sp++;
-				/* no multivalued RDN by default */
-				mval[ne_num+1] = 0;
-				break;
-				}
-			else if (*sp == '+' && multirdn)
-				{
-				/* a not escaped + signals a mutlivalued RDN */
-				sp++;
-				mval[ne_num+1] = -1;
-				break;
-				}
-			else
-				*bp++ = *sp++;
-			}
-		*bp++ = '\0';
-		ne_num++;
-		}	
-
-	if (!(n = X509_NAME_new()))
-		goto error;
-
-	for (i = 0; i < ne_num; i++)
-		{
-		if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
-			{
-			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
-			continue;
-			}
-
-		if (!*ne_values[i])
-			{
-			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
-			continue;
-			}
-
-		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
-			goto error;
-		}
-
-	OPENSSL_free(ne_values);
-	OPENSSL_free(ne_types);
-	OPENSSL_free(buf);
-	OPENSSL_free(mval);
-	return n;
-
-error:
-	X509_NAME_free(n);
-	if (ne_values)
-		OPENSSL_free(ne_values);
-	if (ne_types)
-		OPENSSL_free(ne_types);
-	if (mval)
-		OPENSSL_free(mval);
-	if (buf)
-		OPENSSL_free(buf);
-	return NULL;
-}
-
-int args_verify(char ***pargs, int *pargc,
-			int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
-	{
-	ASN1_OBJECT *otmp = NULL;
-	unsigned long flags = 0;
-	int i;
-	int purpose = 0, depth = -1;
-	char **oldargs = *pargs;
-	char *arg = **pargs, *argn = (*pargs)[1];
-	time_t at_time = 0;
-	if (!strcmp(arg, "-policy"))
-		{
-		if (!argn)
-			*badarg = 1;
-		else
-			{
-			otmp = OBJ_txt2obj(argn, 0);
-			if (!otmp)
-				{
-				BIO_printf(err, "Invalid Policy \"%s\"\n",
-									argn);
-				*badarg = 1;
-				}
-			}
-		(*pargs)++;
-		}
-	else if (strcmp(arg,"-purpose") == 0)
-		{
-		X509_PURPOSE *xptmp;
-		if (!argn)
-			*badarg = 1;
-		else
-			{
-			i = X509_PURPOSE_get_by_sname(argn);
-			if(i < 0)
-				{
-				BIO_printf(err, "unrecognized purpose\n");
-				*badarg = 1;
-				}
-			else
-				{
-				xptmp = X509_PURPOSE_get0(i);
-				purpose = X509_PURPOSE_get_id(xptmp);
-				}
-			}
-		(*pargs)++;
-		}
-	else if (strcmp(arg,"-verify_depth") == 0)
-		{
-		if (!argn)
-			*badarg = 1;
-		else
-			{
-			depth = atoi(argn);
-			if(depth < 0)
-				{
-				BIO_printf(err, "invalid depth\n");
-				*badarg = 1;
-				}
-			}
-		(*pargs)++;
-		}
-	else if (strcmp(arg,"-attime") == 0)
-		{
-		if (!argn)
-			*badarg = 1;
-		else
-			{
-			long timestamp;
-			/* interpret the -attime argument as seconds since
-			 * Epoch */
-			if (sscanf(argn, "%li", &timestamp) != 1)
-				{
-				BIO_printf(bio_err,
-						"Error parsing timestamp %s\n",
-					   	argn);
-				*badarg = 1;
-				}
-			/* on some platforms time_t may be a float */
-			at_time = (time_t) timestamp;
-			}
-		(*pargs)++;
-		}
-	else if (!strcmp(arg, "-ignore_critical"))
-		flags |= X509_V_FLAG_IGNORE_CRITICAL;
-	else if (!strcmp(arg, "-issuer_checks"))
-		flags |= X509_V_FLAG_CB_ISSUER_CHECK;
-	else if (!strcmp(arg, "-crl_check"))
-		flags |=  X509_V_FLAG_CRL_CHECK;
-	else if (!strcmp(arg, "-crl_check_all"))
-		flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
-	else if (!strcmp(arg, "-policy_check"))
-		flags |= X509_V_FLAG_POLICY_CHECK;
-	else if (!strcmp(arg, "-explicit_policy"))
-		flags |= X509_V_FLAG_EXPLICIT_POLICY;
-	else if (!strcmp(arg, "-inhibit_any"))
-		flags |= X509_V_FLAG_INHIBIT_ANY;
-	else if (!strcmp(arg, "-inhibit_map"))
-		flags |= X509_V_FLAG_INHIBIT_MAP;
-	else if (!strcmp(arg, "-x509_strict"))
-		flags |= X509_V_FLAG_X509_STRICT;
-	else if (!strcmp(arg, "-extended_crl"))
-		flags |= X509_V_FLAG_EXTENDED_CRL_SUPPORT;
-	else if (!strcmp(arg, "-use_deltas"))
-		flags |= X509_V_FLAG_USE_DELTAS;
-	else if (!strcmp(arg, "-policy_print"))
-		flags |= X509_V_FLAG_NOTIFY_POLICY;
-	else if (!strcmp(arg, "-check_ss_sig"))
-		flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
-	else
-		return 0;
-
-	if (*badarg)
-		{
-		if (*pm)
-			X509_VERIFY_PARAM_free(*pm);
-		*pm = NULL;
-		goto end;
-		}
-
-	if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
-		{
-		*badarg = 1;
-		goto end;
-		}
-
-	if (otmp)
-		X509_VERIFY_PARAM_add0_policy(*pm, otmp);
-	if (flags)
-		X509_VERIFY_PARAM_set_flags(*pm, flags);
-
-	if (purpose)
-		X509_VERIFY_PARAM_set_purpose(*pm, purpose);
-
-	if (depth >= 0)
-		X509_VERIFY_PARAM_set_depth(*pm, depth);
-
-	if (at_time) 
-		X509_VERIFY_PARAM_set_time(*pm, at_time);
-
-	end:
-
-	(*pargs)++;
-
-	if (pargc)
-		*pargc -= *pargs - oldargs;
-
-	return 1;
-
-	}
-
-/* Read whole contents of a BIO into an allocated memory buffer and
- * return it.
- */
-
-int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
-	{
-	BIO *mem;
-	int len, ret;
-	unsigned char tbuf[1024];
-	mem = BIO_new(BIO_s_mem());
-	if (!mem)
-		return -1;
-	for(;;)
-		{
-		if ((maxlen != -1) && maxlen < 1024)
-			len = maxlen;
-		else
-			len = 1024;
-		len = BIO_read(in, tbuf, len);
-		if (len <= 0)
-			break;
-		if (BIO_write(mem, tbuf, len) != len)
-			{
-			BIO_free(mem);
-			return -1;
-			}
-		maxlen -= len;
-
-		if (maxlen == 0)
-			break;
-		}
-	ret = BIO_get_mem_data(mem, (char **)out);
-	BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
-	BIO_free(mem);
-	return ret;
-	}
-
-int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
-	{
-	int rv;
-	char *stmp, *vtmp = NULL;
-	stmp = BUF_strdup(value);
-	if (!stmp)
-		return -1;
-	vtmp = strchr(stmp, ':');
-	if (vtmp)
-		{
-		*vtmp = 0;
-		vtmp++;
-		}
-	rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
-	OPENSSL_free(stmp);
-	return rv;
-	}
-
-static void nodes_print(BIO *out, const char *name,
-	STACK_OF(X509_POLICY_NODE) *nodes)
-	{
-	X509_POLICY_NODE *node;
-	int i;
-	BIO_printf(out, "%s Policies:", name);
-	if (nodes)
-		{
-		BIO_puts(out, "\n");
-		for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
-			{
-			node = sk_X509_POLICY_NODE_value(nodes, i);
-			X509_POLICY_NODE_print(out, node, 2);
-			}
-		}
-	else
-		BIO_puts(out, " <empty>\n");
-	}
-
-void policies_print(BIO *out, X509_STORE_CTX *ctx)
-	{
-	X509_POLICY_TREE *tree;
-	int explicit_policy;
-	int free_out = 0;
-	if (out == NULL)
-		{
-		out = BIO_new_fp(stderr, BIO_NOCLOSE);
-		free_out = 1;
-		}
-	tree = X509_STORE_CTX_get0_policy_tree(ctx);
-	explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
-
-	BIO_printf(out, "Require explicit Policy: %s\n",
-				explicit_policy ? "True" : "False");
-
-	nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
-	nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
-	if (free_out)
-		BIO_free(out);
-	}
-
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-
-static JPAKE_CTX *jpake_init(const char *us, const char *them,
-							 const char *secret)
-	{
-	BIGNUM *p = NULL;
-	BIGNUM *g = NULL;
-	BIGNUM *q = NULL;
-	BIGNUM *bnsecret = BN_new();
-	JPAKE_CTX *ctx;
-
-	/* Use a safe prime for p (that we found earlier) */
-	BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
-	g = BN_new();
-	BN_set_word(g, 2);
-	q = BN_new();
-	BN_rshift1(q, p);
-
-	BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
-
-	ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
-	BN_free(bnsecret);
-	BN_free(q);
-	BN_free(g);
-	BN_free(p);
-
-	return ctx;
-	}
-
-static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
-	{
-	BN_print(conn, p->gx);
-	BIO_puts(conn, "\n");
-	BN_print(conn, p->zkpx.gr);
-	BIO_puts(conn, "\n");
-	BN_print(conn, p->zkpx.b);
-	BIO_puts(conn, "\n");
-	}
-
-static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
-	{
-	JPAKE_STEP1 s1;
-
-	JPAKE_STEP1_init(&s1);
-	JPAKE_STEP1_generate(&s1, ctx);
-	jpake_send_part(bconn, &s1.p1);
-	jpake_send_part(bconn, &s1.p2);
-	(void)BIO_flush(bconn);
-	JPAKE_STEP1_release(&s1);
-	}
-
-static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
-	{
-	JPAKE_STEP2 s2;
-
-	JPAKE_STEP2_init(&s2);
-	JPAKE_STEP2_generate(&s2, ctx);
-	jpake_send_part(bconn, &s2);
-	(void)BIO_flush(bconn);
-	JPAKE_STEP2_release(&s2);
-	}
-
-static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
-	{
-	JPAKE_STEP3A s3a;
-
-	JPAKE_STEP3A_init(&s3a);
-	JPAKE_STEP3A_generate(&s3a, ctx);
-	BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
-	(void)BIO_flush(bconn);
-	JPAKE_STEP3A_release(&s3a);
-	}
-
-static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
-	{
-	JPAKE_STEP3B s3b;
-
-	JPAKE_STEP3B_init(&s3b);
-	JPAKE_STEP3B_generate(&s3b, ctx);
-	BIO_write(bconn, s3b.hk, sizeof s3b.hk);
-	(void)BIO_flush(bconn);
-	JPAKE_STEP3B_release(&s3b);
-	}
-
-static void readbn(BIGNUM **bn, BIO *bconn)
-	{
-	char buf[10240];
-	int l;
-
-	l = BIO_gets(bconn, buf, sizeof buf);
-	assert(l > 0);
-	assert(buf[l-1] == '\n');
-	buf[l-1] = '\0';
-	BN_hex2bn(bn, buf);
-	}
-
-static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
-	{
-	readbn(&p->gx, bconn);
-	readbn(&p->zkpx.gr, bconn);
-	readbn(&p->zkpx.b, bconn);
-	}
-
-static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
-	{
-	JPAKE_STEP1 s1;
-
-	JPAKE_STEP1_init(&s1);
-	jpake_receive_part(&s1.p1, bconn);
-	jpake_receive_part(&s1.p2, bconn);
-	if(!JPAKE_STEP1_process(ctx, &s1))
-		{
-		ERR_print_errors(bio_err);
-		exit(1);
-		}
-	JPAKE_STEP1_release(&s1);
-	}
-
-static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
-	{
-	JPAKE_STEP2 s2;
-
-	JPAKE_STEP2_init(&s2);
-	jpake_receive_part(&s2, bconn);
-	if(!JPAKE_STEP2_process(ctx, &s2))
-		{
-		ERR_print_errors(bio_err);
-		exit(1);
-		}
-	JPAKE_STEP2_release(&s2);
-	}
-
-static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
-	{
-	JPAKE_STEP3A s3a;
-	int l;
-
-	JPAKE_STEP3A_init(&s3a);
-	l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
-	assert(l == sizeof s3a.hhk);
-	if(!JPAKE_STEP3A_process(ctx, &s3a))
-		{
-		ERR_print_errors(bio_err);
-		exit(1);
-		}
-	JPAKE_STEP3A_release(&s3a);
-	}
-
-static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
-	{
-	JPAKE_STEP3B s3b;
-	int l;
-
-	JPAKE_STEP3B_init(&s3b);
-	l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
-	assert(l == sizeof s3b.hk);
-	if(!JPAKE_STEP3B_process(ctx, &s3b))
-		{
-		ERR_print_errors(bio_err);
-		exit(1);
-		}
-	JPAKE_STEP3B_release(&s3b);
-	}
-
-void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
-	{
-	JPAKE_CTX *ctx;
-	BIO *bconn;
-
-	BIO_puts(out, "Authenticating with JPAKE\n");
-
-	ctx = jpake_init("client", "server", secret);
-
-	bconn = BIO_new(BIO_f_buffer());
-	BIO_push(bconn, conn);
-
-	jpake_send_step1(bconn, ctx);
-	jpake_receive_step1(ctx, bconn);
-	jpake_send_step2(bconn, ctx);
-	jpake_receive_step2(ctx, bconn);
-	jpake_send_step3a(bconn, ctx);
-	jpake_receive_step3b(ctx, bconn);
-
-	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
-
-	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
-
-	BIO_pop(bconn);
-	BIO_free(bconn);
-
-	JPAKE_CTX_free(ctx);
-	}
-
-void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
-	{
-	JPAKE_CTX *ctx;
-	BIO *bconn;
-
-	BIO_puts(out, "Authenticating with JPAKE\n");
-
-	ctx = jpake_init("server", "client", secret);
-
-	bconn = BIO_new(BIO_f_buffer());
-	BIO_push(bconn, conn);
-
-	jpake_receive_step1(ctx, bconn);
-	jpake_send_step1(bconn, ctx);
-	jpake_receive_step2(ctx, bconn);
-	jpake_send_step2(bconn, ctx);
-	jpake_receive_step3a(ctx, bconn);
-	jpake_send_step3b(bconn, ctx);
-
-	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
-
-	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
-
-	BIO_pop(bconn);
-	BIO_free(bconn);
-
-	JPAKE_CTX_free(ctx);
-	}
-
-#endif
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-/* next_protos_parse parses a comma separated list of strings into a string
- * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
- *   outlen: (output) set to the length of the resulting buffer on success.
- *   err: (maybe NULL) on failure, an error message line is written to this BIO.
- *   in: a NUL termianted string like "abc,def,ghi"
- *
- *   returns: a malloced buffer or NULL on failure.
- */
-unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
-	{
-	size_t len;
-	unsigned char *out;
-	size_t i, start = 0;
-
-	len = strlen(in);
-	if (len >= 65535)
-		return NULL;
-
-	out = OPENSSL_malloc(strlen(in) + 1);
-	if (!out)
-		return NULL;
-
-	for (i = 0; i <= len; ++i)
-		{
-		if (i == len || in[i] == ',')
-			{
-			if (i - start > 255)
-				{
-				OPENSSL_free(out);
-				return NULL;
-				}
-			out[start] = i - start;
-			start = i + 1;
-			}
-		else
-			out[i+1] = in[i];
-		}
-
-	*outlen = len + 1;
-	return out;
-	}
-#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
-
-/*
- * Platform-specific sections
- */
-#if defined(_WIN32)
-# ifdef fileno
-#  undef fileno
-#  define fileno(a) (int)_fileno(a)
-# endif
-
-# include <windows.h>
-# include <tchar.h>
-
-static int WIN32_rename(const char *from, const char *to)
-	{
-	TCHAR  *tfrom=NULL,*tto;
-	DWORD	err;
-	int	ret=0;
-
-	if (sizeof(TCHAR) == 1)
-		{
-		tfrom = (TCHAR *)from;
-		tto   = (TCHAR *)to;
-		}
-	else	/* UNICODE path */
-		{
-		size_t i,flen=strlen(from)+1,tlen=strlen(to)+1;
-		tfrom = (TCHAR *)malloc(sizeof(TCHAR)*(flen+tlen));
-		if (tfrom==NULL) goto err;
-		tto=tfrom+flen;
-#if !defined(_WIN32_WCE) || _WIN32_WCE>=101
-		if (!MultiByteToWideChar(CP_ACP,0,from,flen,(WCHAR *)tfrom,flen))
-#endif
-			for (i=0;i<flen;i++)	tfrom[i]=(TCHAR)from[i];
-#if !defined(_WIN32_WCE) || _WIN32_WCE>=101
-		if (!MultiByteToWideChar(CP_ACP,0,to,  tlen,(WCHAR *)tto,  tlen))
-#endif
-			for (i=0;i<tlen;i++)	tto[i]  =(TCHAR)to[i];
-		}
-
-	if (MoveFile(tfrom,tto))	goto ok;
-	err=GetLastError();
-	if (err==ERROR_ALREADY_EXISTS || err==ERROR_FILE_EXISTS)
-		{
-		if (DeleteFile(tto) && MoveFile(tfrom,tto))
-			goto ok;
-		err=GetLastError();
-		}
-	if (err==ERROR_FILE_NOT_FOUND || err==ERROR_PATH_NOT_FOUND)
-		errno = ENOENT;
-	else if (err==ERROR_ACCESS_DENIED)
-		errno = EACCES;
-	else
-		errno = EINVAL;	/* we could map more codes... */
-err:
-	ret=-1;
-ok:
-	if (tfrom!=NULL && tfrom!=(TCHAR *)from)	free(tfrom);
-	return ret;
-	}
-#endif
-
-/* app_tminterval section */
-#if defined(_WIN32)
-double app_tminterval(int stop,int usertime)
-	{
-	FILETIME		now;
-	double			ret=0;
-	static ULARGE_INTEGER	tmstart;
-	static int		warning=1;
-#ifdef _WIN32_WINNT
-	static HANDLE		proc=NULL;
-
-	if (proc==NULL)
-		{
-		if (check_winnt())
-			proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
-						GetCurrentProcessId());
-		if (proc==NULL) proc = (HANDLE)-1;
-		}
-
-	if (usertime && proc!=(HANDLE)-1)
-		{
-		FILETIME junk;
-		GetProcessTimes(proc,&junk,&junk,&junk,&now);
-		}
-	else
-#endif
-		{
-		SYSTEMTIME systime;
-
-		if (usertime && warning)
-			{
-			BIO_printf(bio_err,"To get meaningful results, run "
-					   "this program on idle system.\n");
-			warning=0;
-			}
-		GetSystemTime(&systime);
-		SystemTimeToFileTime(&systime,&now);
-		}
-
-	if (stop==TM_START)
-		{
-		tmstart.u.LowPart  = now.dwLowDateTime;
-		tmstart.u.HighPart = now.dwHighDateTime;
-		}
-	else	{
-		ULARGE_INTEGER tmstop;
-
-		tmstop.u.LowPart   = now.dwLowDateTime;
-		tmstop.u.HighPart  = now.dwHighDateTime;
-
-		ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart)*1e-7;
-		}
-
-	return (ret);
-	}
-
-#elif defined(OPENSSL_SYS_NETWARE)
-#include <time.h>
-
-double app_tminterval(int stop,int usertime)
-	{
-	double		ret=0;
-	static clock_t	tmstart;
-	static int	warning=1;
-
-	if (usertime && warning)
-		{
-		BIO_printf(bio_err,"To get meaningful results, run "
-				   "this program on idle system.\n");
-		warning=0;
-		}
-
-	if (stop==TM_START)	tmstart = clock();
-	else			ret     = (clock()-tmstart)/(double)CLOCKS_PER_SEC;
-
-	return (ret);
-	}
-
-#elif defined(OPENSSL_SYSTEM_VXWORKS)
-#include <time.h>
-
-double app_tminterval(int stop,int usertime)
-	{
-	double ret=0;
-#ifdef CLOCK_REALTIME
-	static struct timespec	tmstart;
-	struct timespec		now;
-#else
-	static unsigned long	tmstart;
-	unsigned long		now;
-#endif
-	static int warning=1;
-
-	if (usertime && warning)
-		{
-		BIO_printf(bio_err,"To get meaningful results, run "
-				   "this program on idle system.\n");
-		warning=0;
-		}
-
-#ifdef CLOCK_REALTIME
-	clock_gettime(CLOCK_REALTIME,&now);
-	if (stop==TM_START)	tmstart = now;
-	else	ret = ( (now.tv_sec+now.tv_nsec*1e-9)
-			- (tmstart.tv_sec+tmstart.tv_nsec*1e-9) );
-#else
-	now = tickGet();
-	if (stop==TM_START)	tmstart = now;
-	else			ret = (now - tmstart)/(double)sysClkRateGet();
-#endif
-	return (ret);
-	}
-
-#elif defined(OPENSSL_SYSTEM_VMS)
-#include <time.h>
-#include <times.h>
-
-double app_tminterval(int stop,int usertime)
-	{
-	static clock_t	tmstart;
-	double		ret = 0;
-	clock_t		now;
-#ifdef __TMS
-	struct tms	rus;
-
-	now = times(&rus);
-	if (usertime)	now = rus.tms_utime;
-#else
-	if (usertime)
-		now = clock(); /* sum of user and kernel times */
-	else	{
-		struct timeval tv;
-		gettimeofday(&tv,NULL);
-		now = (clock_t)(
-			(unsigned long long)tv.tv_sec*CLK_TCK +
-			(unsigned long long)tv.tv_usec*(1000000/CLK_TCK)
-			);
-		}
-#endif
-	if (stop==TM_START)	tmstart = now;
-	else			ret = (now - tmstart)/(double)(CLK_TCK);
-
-	return (ret);
-	}
-
-#elif defined(_SC_CLK_TCK)	/* by means of unistd.h */
-#include <sys/times.h>
-
-double app_tminterval(int stop,int usertime)
-	{
-	double		ret = 0;
-	struct tms	rus;
-	clock_t		now = times(&rus);
-	static clock_t	tmstart;
-
-	if (usertime)		now = rus.tms_utime;
-
-	if (stop==TM_START)	tmstart = now;
-	else
-		{
-		long int tck = sysconf(_SC_CLK_TCK);
-		ret = (now - tmstart)/(double)tck;
-		}
-
-	return (ret);
-	}
-
-#else
-#include <sys/time.h>
-#include <sys/resource.h>
-
-double app_tminterval(int stop,int usertime)
-	{
-	double		ret = 0;
-	struct rusage	rus;
-	struct timeval	now;
-	static struct timeval tmstart;
-
-	if (usertime)		getrusage(RUSAGE_SELF,&rus), now = rus.ru_utime;
-	else			gettimeofday(&now,NULL);
-
-	if (stop==TM_START)	tmstart = now;
-	else			ret = ( (now.tv_sec+now.tv_usec*1e-6)
-					- (tmstart.tv_sec+tmstart.tv_usec*1e-6) );
-
-	return ret;
-	}
-#endif
-
-/* app_isdir section */
-#ifdef _WIN32
-int app_isdir(const char *name)
-	{
-	HANDLE		hList;
-	WIN32_FIND_DATA	FileData;
-#if defined(UNICODE) || defined(_UNICODE)
-	size_t i, len_0 = strlen(name)+1;
-
-	if (len_0 > sizeof(FileData.cFileName)/sizeof(FileData.cFileName[0]))
-		return -1;
-
-#if !defined(_WIN32_WCE) || _WIN32_WCE>=101
-	if (!MultiByteToWideChar(CP_ACP,0,name,len_0,FileData.cFileName,len_0))
-#endif
-		for (i=0;i<len_0;i++)
-			FileData.cFileName[i] = (WCHAR)name[i];
-
-	hList = FindFirstFile(FileData.cFileName,&FileData);
-#else
-	hList = FindFirstFile(name,&FileData);
-#endif
-	if (hList == INVALID_HANDLE_VALUE)	return -1;
-	FindClose(hList);
-	return ((FileData.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)!=0);
-	}
-#else
-#include <sys/stat.h>
-#ifndef S_ISDIR
-# if defined(_S_IFMT) && defined(_S_IFDIR)
-#  define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
-# else 
-#  define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
-# endif 
-#endif 
-
-int app_isdir(const char *name)
-	{
-#if defined(S_ISDIR)
-	struct stat st;
-
-	if (stat(name,&st)==0)	return S_ISDIR(st.st_mode);
-	else			return -1;
-#else
-	return -1;
-#endif
-	}
-#endif
-
-/* raw_read|write section */
-#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
-int raw_read_stdin(void *buf,int siz)
-	{
-	DWORD n;
-	if (ReadFile(GetStdHandle(STD_INPUT_HANDLE),buf,siz,&n,NULL))
-		return (n);
-	else	return (-1);
-	}
-#else
-int raw_read_stdin(void *buf,int siz)
-	{	return read(fileno(stdin),buf,siz);	}
-#endif
-
-#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
-int raw_write_stdout(const void *buf,int siz)
-	{
-	DWORD n;
-	if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE),buf,siz,&n,NULL))
-		return (n);
-	else	return (-1);
-	}
-#else
-int raw_write_stdout(const void *buf,int siz)
-	{	return write(fileno(stdout),buf,siz);	}
-#endif
diff --git a/apps/apps.h b/apps/apps.h
deleted file mode 100644
index 3aeb46c4e2..0000000000
--- a/apps/apps.h
+++ /dev/null
@@ -1,375 +0,0 @@
-/* apps/apps.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_APPS_H
-#define HEADER_APPS_H
-
-#include "e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-#include <openssl/txt_db.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#ifndef OPENSSL_NO_OCSP
-#include <openssl/ocsp.h>
-#endif
-#include <openssl/ossl_typ.h>
-
-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
-int app_RAND_write_file(const char *file, BIO *bio_e);
-/* When `file' is NULL, use defaults.
- * `bio_e' is for error messages. */
-void app_RAND_allow_write_file(void);
-long app_RAND_load_files(char *file); /* `file' is a list of files to read,
-                                       * separated by LIST_SEPARATOR_CHAR
-                                       * (see e_os.h).  The string is
-                                       * destroyed! */
-
-#ifndef MONOLITH
-
-#define MAIN(a,v)	main(a,v)
-
-#ifndef NON_MAIN
-CONF *config=NULL;
-BIO *bio_err=NULL;
-#else
-extern CONF *config;
-extern BIO *bio_err;
-#endif
-
-#else
-
-#define MAIN(a,v)	PROG(a,v)
-extern CONF *config;
-extern char *default_config_file;
-extern BIO *bio_err;
-
-#endif
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifdef SIGPIPE
-#define do_pipe_sig()	signal(SIGPIPE,SIG_IGN)
-#else
-#define do_pipe_sig()
-#endif
-
-#ifdef OPENSSL_NO_COMP
-#define zlib_cleanup() 
-#else
-#define zlib_cleanup() COMP_zlib_cleanup()
-#endif
-
-#if defined(MONOLITH) && !defined(OPENSSL_C)
-#  define apps_startup() \
-		do_pipe_sig()
-#  define apps_shutdown()
-#else
-#  ifndef OPENSSL_NO_ENGINE
-#    define apps_startup() \
-			do { do_pipe_sig(); CRYPTO_malloc_init(); \
-			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
-			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-#    define apps_shutdown() \
-			do { CONF_modules_unload(1); destroy_ui_method(); \
-			OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
-			CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
-			RAND_cleanup(); \
-			ERR_free_strings(); zlib_cleanup();} while(0)
-#  else
-#    define apps_startup() \
-			do { do_pipe_sig(); CRYPTO_malloc_init(); \
-			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
-			setup_ui_method(); } while(0)
-#    define apps_shutdown() \
-			do { CONF_modules_unload(1); destroy_ui_method(); \
-			OBJ_cleanup(); EVP_cleanup(); \
-			CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
-			RAND_cleanup(); \
-			ERR_free_strings(); zlib_cleanup(); } while(0)
-#  endif
-#endif
-
-#ifdef OPENSSL_SYSNAME_WIN32
-#  define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
-#else
-#  define openssl_fdset(a,b) FD_SET(a, b)
-#endif
-
-
-typedef struct args_st
-	{
-	char **data;
-	int count;
-	} ARGS;
-
-#define PW_MIN_LENGTH 4
-typedef struct pw_cb_data
-	{
-	const void *password;
-	const char *prompt_info;
-	} PW_CB_DATA;
-
-int password_callback(char *buf, int bufsiz, int verify,
-	PW_CB_DATA *cb_data);
-
-int setup_ui_method(void);
-void destroy_ui_method(void);
-
-int should_retry(int i);
-int args_from_file(char *file, int *argc, char **argv[]);
-int str2fmt(char *s);
-void program_name(char *in,char *out,int size);
-int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-#ifdef HEADER_X509_H
-int dump_cert_text(BIO *out, X509 *x);
-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);
-#endif
-int set_cert_ex(unsigned long *flags, const char *arg);
-int set_name_ex(unsigned long *flags, const char *arg);
-int set_ext_copy(int *copy_type, const char *arg);
-int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, CONF *conf);
-X509 *load_cert(BIO *err, const char *file, int format,
-	const char *pass, ENGINE *e, const char *cert_descrip);
-EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
-	const char *pass, ENGINE *e, const char *key_descrip);
-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
-	const char *pass, ENGINE *e, const char *key_descrip);
-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
-	const char *pass, ENGINE *e, const char *cert_descrip);
-STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
-	const char *pass, ENGINE *e, const char *cert_descrip);
-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
-#ifndef OPENSSL_NO_ENGINE
-ENGINE *setup_engine(BIO *err, const char *engine, int debug);
-#endif
-
-#ifndef OPENSSL_NO_OCSP
-OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
-			char *host, char *path, char *port, int use_ssl,
-			STACK_OF(CONF_VALUE) *headers,
-			int req_timeout);
-#endif
-
-int load_config(BIO *err, CONF *cnf);
-char *make_config_name(void);
-
-/* Functions defined in ca.c and also used in ocsp.c */
-int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
-			ASN1_GENERALIZEDTIME **pinvtm, const char *str);
-
-#define DB_type         0
-#define DB_exp_date     1
-#define DB_rev_date     2
-#define DB_serial       3       /* index - unique */
-#define DB_file         4       
-#define DB_name         5       /* index - unique when active and not disabled */
-#define DB_NUMBER       6
-
-#define DB_TYPE_REV	'R'
-#define DB_TYPE_EXP	'E'
-#define DB_TYPE_VAL	'V'
-
-typedef struct db_attr_st
-	{
-	int unique_subject;
-	} DB_ATTR;
-typedef struct ca_db_st
-	{
-	DB_ATTR attributes;
-	TXT_DB *db;
-	} CA_DB;
-
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
-int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
-CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
-int index_index(CA_DB *db);
-int save_index(const char *dbfile, const char *suffix, CA_DB *db);
-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
-void free_index(CA_DB *db);
-#define index_name_cmp_noconst(a, b) \
-	index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
-	(const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
-int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
-int parse_yesno(const char *str, int def);
-
-X509_NAME *parse_name(char *str, long chtype, int multirdn);
-int args_verify(char ***pargs, int *pargc,
-			int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
-void policies_print(BIO *out, X509_STORE_CTX *ctx);
-int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
-int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
-int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
-			const char *algname, ENGINE *e, int do_param);
-int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
-			STACK_OF(OPENSSL_STRING) *sigopts);
-int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
-			STACK_OF(OPENSSL_STRING) *sigopts);
-int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
-			STACK_OF(OPENSSL_STRING) *sigopts);
-#ifndef OPENSSL_NO_PSK
-extern char *psk_key;
-#endif
-#ifndef OPENSSL_NO_JPAKE
-void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
-void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
-#endif
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
-#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
-
-#define FORMAT_UNDEF    0
-#define FORMAT_ASN1     1
-#define FORMAT_TEXT     2
-#define FORMAT_PEM      3
-#define FORMAT_NETSCAPE 4
-#define FORMAT_PKCS12   5
-#define FORMAT_SMIME    6
-#define FORMAT_ENGINE   7
-#define FORMAT_IISSGC	8	/* XXX this stupid macro helps us to avoid
-				 * adding yet another param to load_*key() */
-#define FORMAT_PEMRSA	9	/* PEM RSAPubicKey format */
-#define FORMAT_ASN1RSA	10	/* DER RSAPubicKey format */
-#define FORMAT_MSBLOB	11	/* MS Key blob format */
-#define FORMAT_PVK	12	/* MS PVK file format */
-
-#define EXT_COPY_NONE	0
-#define EXT_COPY_ADD	1
-#define EXT_COPY_ALL	2
-
-#define NETSCAPE_CERT_HDR	"certificate"
-
-#define APP_PASS_LEN	1024
-
-#define SERIAL_RAND_BITS	64
-
-int app_isdir(const char *);
-int raw_read_stdin(void *,int);
-int raw_write_stdout(const void *,int);
-
-#define TM_START	0
-#define TM_STOP		1
-double app_tminterval (int stop,int usertime);
-
-#define OPENSSL_NO_SSL_INTERN
-
-#endif
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
deleted file mode 100644
index 0d6607071f..0000000000
--- a/apps/asn1pars.c
+++ /dev/null
@@ -1,445 +0,0 @@
-/* apps/asn1pars.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* A nice addition from Dr Stephen Henson <steve@openssl.org> to 
- * add the -strparse option which parses nested binary structures
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-/* -inform arg	- input format - default PEM (DER or PEM)
- * -in arg	- input file - default stdin
- * -i		- indent the details by depth
- * -offset	- where in the file to start
- * -length	- how many bytes to use
- * -oid file	- extra oid description file
- */
-
-#undef PROG
-#define PROG	asn1parse_main
-
-int MAIN(int, char **);
-
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
-
-int MAIN(int argc, char **argv)
-	{
-	int i,badops=0,offset=0,ret=1,j;
-	unsigned int length=0;
-	long num,tmplen;
-	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
-	int informat,indent=0, noout = 0, dump = 0;
-	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
-	char *genstr=NULL, *genconf=NULL;
-	unsigned char *tmpbuf;
-	const unsigned char *ctmpbuf;
-	BUF_MEM *buf=NULL;
-	STACK_OF(OPENSSL_STRING) *osk=NULL;
-	ASN1_TYPE *at=NULL;
-
-	informat=FORMAT_PEM;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	if ((osk=sk_OPENSSL_STRING_new_null()) == NULL)
-		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
-		goto end;
-		}
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			derfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-i") == 0)
-			{
-			indent=1;
-			}
-		else if (strcmp(*argv,"-noout") == 0) noout = 1;
-		else if (strcmp(*argv,"-oid") == 0)
-			{
-			if (--argc < 1) goto bad;
-			oidfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-offset") == 0)
-			{
-			if (--argc < 1) goto bad;
-			offset= atoi(*(++argv));
-			}
-		else if (strcmp(*argv,"-length") == 0)
-			{
-			if (--argc < 1) goto bad;
-			length= atoi(*(++argv));
-			if (length == 0) goto bad;
-			}
-		else if (strcmp(*argv,"-dump") == 0)
-			{
-			dump= -1;
-			}
-		else if (strcmp(*argv,"-dlimit") == 0)
-			{
-			if (--argc < 1) goto bad;
-			dump= atoi(*(++argv));
-			if (dump <= 0) goto bad;
-			}
-		else if (strcmp(*argv,"-strparse") == 0)
-			{
-			if (--argc < 1) goto bad;
-			sk_OPENSSL_STRING_push(osk,*(++argv));
-			}
-		else if (strcmp(*argv,"-genstr") == 0)
-			{
-			if (--argc < 1) goto bad;
-			genstr= *(++argv);
-			}
-		else if (strcmp(*argv,"-genconf") == 0)
-			{
-			if (--argc < 1) goto bad;
-			genconf= *(++argv);
-			}
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err,"%s [options] <infile\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
-		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
-		BIO_printf(bio_err," -noout arg    don't produce any output\n");
-		BIO_printf(bio_err," -offset arg   offset into file\n");
-		BIO_printf(bio_err," -length arg   length of section in file\n");
-		BIO_printf(bio_err," -i            indent entries\n");
-		BIO_printf(bio_err," -dump         dump unknown data in hex form\n");
-		BIO_printf(bio_err," -dlimit arg   dump the first arg bytes of unknown data in hex form\n");
-		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
-		BIO_printf(bio_err," -strparse offset\n");
-		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
-		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
-		BIO_printf(bio_err," -genstr str   string to generate ASN1 structure from\n");
-		BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	out = BIO_push(tmpbio, out);
-	}
-#endif
-
-	if (oidfile != NULL)
-		{
-		if (BIO_read_filename(in,oidfile) <= 0)
-			{
-			BIO_printf(bio_err,"problems opening %s\n",oidfile);
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		OBJ_create_objects(in);
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-
-	if (derfile) {
-		if(!(derout = BIO_new_file(derfile, "wb"))) {
-			BIO_printf(bio_err,"problems opening %s\n",derfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-
-	if ((buf=BUF_MEM_new()) == NULL) goto end;
-	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
-
-	if (genstr || genconf)
-		{
-		num = do_generate(bio_err, genstr, genconf, buf);
-		if (num < 0)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-
-	else
-		{
-
-		if (informat == FORMAT_PEM)
-			{
-			BIO *tmp;
-
-			if ((b64=BIO_new(BIO_f_base64())) == NULL)
-				goto end;
-			BIO_push(b64,in);
-			tmp=in;
-			in=b64;
-			b64=tmp;
-			}
-
-		num=0;
-		for (;;)
-			{
-			if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
-			i=BIO_read(in,&(buf->data[num]),BUFSIZ);
-			if (i <= 0) break;
-			num+=i;
-			}
-		}
-	str=buf->data;
-
-	/* If any structs to parse go through in sequence */
-
-	if (sk_OPENSSL_STRING_num(osk))
-		{
-		tmpbuf=(unsigned char *)str;
-		tmplen=num;
-		for (i=0; i<sk_OPENSSL_STRING_num(osk); i++)
-			{
-			ASN1_TYPE *atmp;
-			int typ;
-			j=atoi(sk_OPENSSL_STRING_value(osk,i));
-			if (j == 0)
-				{
-				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_OPENSSL_STRING_value(osk,i));
-				continue;
-				}
-			tmpbuf+=j;
-			tmplen-=j;
-			atmp = at;
-			ctmpbuf = tmpbuf;
-			at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen);
-			ASN1_TYPE_free(atmp);
-			if(!at)
-				{
-				BIO_printf(bio_err,"Error parsing structure\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			typ = ASN1_TYPE_get(at);
-			if ((typ == V_ASN1_OBJECT)
-				|| (typ == V_ASN1_NULL))
-				{
-				BIO_printf(bio_err, "Can't parse %s type\n",
-					typ == V_ASN1_NULL ? "NULL" : "OBJECT");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			/* hmm... this is a little evil but it works */
-			tmpbuf=at->value.asn1_string->data;
-			tmplen=at->value.asn1_string->length;
-			}
-		str=(char *)tmpbuf;
-		num=tmplen;
-		}
-
-	if (offset >= num)
-		{
-		BIO_printf(bio_err, "Error: offset too large\n");
-		goto end;
-		}
-
-	num -= offset;
-
-	if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
-	if(derout) {
-		if(BIO_write(derout, str + offset, length) != (int)length) {
-			BIO_printf(bio_err, "Error writing output\n");
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-	if (!noout &&
-	    !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
-		    indent,dump))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	ret=0;
-end:
-	BIO_free(derout);
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
-	if (b64 != NULL) BIO_free(b64);
-	if (ret != 0)
-		ERR_print_errors(bio_err);
-	if (buf != NULL) BUF_MEM_free(buf);
-	if (at != NULL) ASN1_TYPE_free(at);
-	if (osk != NULL) sk_OPENSSL_STRING_free(osk);
-	OBJ_cleanup();
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
-	{
-	CONF *cnf = NULL;
-	int len;
-	long errline;
-	unsigned char *p;
-	ASN1_TYPE *atyp = NULL;
-
-	if (genconf)
-		{
-		cnf = NCONF_new(NULL);
-		if (!NCONF_load(cnf, genconf, &errline))
-			goto conferr;
-		if (!genstr)
-			genstr = NCONF_get_string(cnf, "default", "asn1");
-		if (!genstr)
-			{
-			BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
-			goto err;
-			}
-		}
-
-	atyp = ASN1_generate_nconf(genstr, cnf);
-	NCONF_free(cnf);
-	cnf = NULL;
-
-	if (!atyp)
-		return -1;
-
-	len = i2d_ASN1_TYPE(atyp, NULL);
-
-	if (len <= 0)
-		goto err;
-
-	if (!BUF_MEM_grow(buf,len))
-		goto err;
-
-	p=(unsigned char *)buf->data;
-
-	i2d_ASN1_TYPE(atyp, &p);
-
-	ASN1_TYPE_free(atyp);
-	return len;
-
-	conferr:
-
-	if (errline > 0)
-		BIO_printf(bio, "Error on line %ld of config file '%s'\n",
-							errline, genconf);
-	else
-		BIO_printf(bio, "Error loading config file '%s'\n", genconf);
-
-	err:
-	NCONF_free(cnf);
-	ASN1_TYPE_free(atyp);
-
-	return -1;
-
-	}
diff --git a/apps/ca-cert.srl b/apps/ca-cert.srl
deleted file mode 100644
index 2c7456e3eb..0000000000
--- a/apps/ca-cert.srl
+++ /dev/null
@@ -1 +0,0 @@
-07
diff --git a/apps/ca-key.pem b/apps/ca-key.pem
deleted file mode 100644
index 3a520b238f..0000000000
--- a/apps/ca-key.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
------END RSA PRIVATE KEY-----
diff --git a/apps/ca-req.pem b/apps/ca-req.pem
deleted file mode 100644
index 77bf7ec308..0000000000
--- a/apps/ca-req.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
-GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx
-MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy
-bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d
-FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe
-cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7
-cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR
-5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW
-kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=
------END CERTIFICATE REQUEST-----
diff --git a/apps/ca.c b/apps/ca.c
deleted file mode 100644
index 613f5bee5c..0000000000
--- a/apps/ca.c
+++ /dev/null
@@ -1,3015 +0,0 @@
-/* apps/ca.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* The PPKI stuff has been donated by Jeff Barber <jeffb@issl.atl.hp.com> */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <openssl/conf.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/txt_db.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-#include <openssl/ocsp.h>
-#include <openssl/pem.h>
-
-#ifndef W_OK
-#  ifdef OPENSSL_SYS_VMS
-#    if defined(__DECC)
-#      include <unistd.h>
-#    else
-#      include <unixlib.h>
-#    endif
-#  elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE)
-#    include <sys/file.h>
-#  endif
-#endif
-
-#include "apps.h"
-
-#ifndef W_OK
-#  define F_OK 0
-#  define X_OK 1
-#  define W_OK 2
-#  define R_OK 4
-#endif
-
-#undef PROG
-#define PROG ca_main
-
-#define BASE_SECTION	"ca"
-#define CONFIG_FILE "openssl.cnf"
-
-#define ENV_DEFAULT_CA		"default_ca"
-
-#define STRING_MASK	"string_mask"
-#define UTF8_IN			"utf8"
-
-#define ENV_DIR			"dir"
-#define ENV_CERTS		"certs"
-#define ENV_CRL_DIR		"crl_dir"
-#define ENV_CA_DB		"CA_DB"
-#define ENV_NEW_CERTS_DIR	"new_certs_dir"
-#define ENV_CERTIFICATE 	"certificate"
-#define ENV_SERIAL		"serial"
-#define ENV_CRLNUMBER		"crlnumber"
-#define ENV_CRL			"crl"
-#define ENV_PRIVATE_KEY		"private_key"
-#define ENV_RANDFILE		"RANDFILE"
-#define ENV_DEFAULT_DAYS 	"default_days"
-#define ENV_DEFAULT_STARTDATE 	"default_startdate"
-#define ENV_DEFAULT_ENDDATE 	"default_enddate"
-#define ENV_DEFAULT_CRL_DAYS 	"default_crl_days"
-#define ENV_DEFAULT_CRL_HOURS 	"default_crl_hours"
-#define ENV_DEFAULT_MD		"default_md"
-#define ENV_DEFAULT_EMAIL_DN	"email_in_dn"
-#define ENV_PRESERVE		"preserve"
-#define ENV_POLICY      	"policy"
-#define ENV_EXTENSIONS      	"x509_extensions"
-#define ENV_CRLEXT      	"crl_extensions"
-#define ENV_MSIE_HACK		"msie_hack"
-#define ENV_NAMEOPT		"name_opt"
-#define ENV_CERTOPT		"cert_opt"
-#define ENV_EXTCOPY		"copy_extensions"
-#define ENV_UNIQUE_SUBJECT	"unique_subject"
-
-#define ENV_DATABASE		"database"
-
-/* Additional revocation information types */
-
-#define REV_NONE		0	/* No addditional information */
-#define REV_CRL_REASON		1	/* Value is CRL reason code */
-#define REV_HOLD		2	/* Value is hold instruction */
-#define REV_KEY_COMPROMISE	3	/* Value is cert key compromise time */
-#define REV_CA_COMPROMISE	4	/* Value is CA key compromise time */
-
-static const char *ca_usage[]={
-"usage: ca args\n",
-"\n",
-" -verbose        - Talk alot while doing things\n",
-" -config file    - A config file\n",
-" -name arg       - The particular CA definition to use\n",
-" -gencrl         - Generate a new CRL\n",
-" -crldays days   - Days is when the next CRL is due\n",
-" -crlhours hours - Hours is when the next CRL is due\n",
-" -startdate YYMMDDHHMMSSZ  - certificate validity notBefore\n",
-" -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)\n",
-" -days arg       - number of days to certify the certificate for\n",
-" -md arg         - md to use, one of md2, md5, sha or sha1\n",
-" -policy arg     - The CA 'policy' to support\n",
-" -keyfile arg    - private key file\n",
-" -keyform arg    - private key file format (PEM or ENGINE)\n",
-" -key arg        - key to decode the private key if it is encrypted\n",
-" -cert file      - The CA certificate\n",
-" -selfsign       - sign a certificate with the key associated with it\n",
-" -in file        - The input PEM encoded certificate request(s)\n",
-" -out file       - Where to put the output file(s)\n",
-" -outdir dir     - Where to put output certificates\n",
-" -infiles ....   - The last argument, requests to process\n",
-" -spkac file     - File contains DN and signed public key and challenge\n",
-" -ss_cert file   - File contains a self signed cert to sign\n",
-" -preserveDN     - Don't re-order the DN\n",
-" -noemailDN      - Don't add the EMAIL field into certificate' subject\n",
-" -batch          - Don't ask questions\n",
-" -msie_hack      - msie modifications to handle all those universal strings\n",
-" -revoke file    - Revoke a certificate (given in file)\n",
-" -subj arg       - Use arg instead of request's subject\n",
-" -utf8           - input characters are UTF8 (default ASCII)\n",
-" -multivalue-rdn - enable support for multivalued RDNs\n",
-" -extensions ..  - Extension section (override value in config file)\n",
-" -extfile file   - Configuration file with X509v3 extentions to add\n",
-" -crlexts ..     - CRL extension section (override value in config file)\n",
-#ifndef OPENSSL_NO_ENGINE
-" -engine e       - use engine e, possibly a hardware device.\n",
-#endif
-" -status serial  - Shows certificate status given the serial number\n",
-" -updatedb       - Updates db for expired certificates\n",
-NULL
-};
-
-#ifdef EFENCE
-extern int EF_PROTECT_FREE;
-extern int EF_PROTECT_BELOW;
-extern int EF_ALIGNMENT;
-#endif
-
-static void lookup_fail(const char *name, const char *tag);
-static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-		   const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts,
-		   STACK_OF(CONF_VALUE) *policy,CA_DB *db,
-		   BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate,
-		   char *enddate, long days, int batch, char *ext_sect, CONF *conf,
-		   int verbose, unsigned long certopt, unsigned long nameopt,
-		   int default_op, int ext_copy, int selfsign);
-static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-			const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts,
-			STACK_OF(CONF_VALUE) *policy,
-			CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn,
-			char *startdate, char *enddate, long days, int batch,
-			char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
-			unsigned long nameopt, int default_op, int ext_copy,
-			ENGINE *e);
-static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-			 const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts,
-			 STACK_OF(CONF_VALUE) *policy,
-			 CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn,
-			 char *startdate, char *enddate, long days, char *ext_sect,
-			 CONF *conf, int verbose, unsigned long certopt, 
-			 unsigned long nameopt, int default_op, int ext_copy);
-static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	STACK_OF(OPENSSL_STRING) *sigopts,
-	STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
-	int email_dn, char *startdate, char *enddate, long days, int batch,
-       	int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
-	unsigned long certopt, unsigned long nameopt, int default_op,
-	int ext_copy, int selfsign);
-static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
-static int get_certificate_status(const char *ser_status, CA_DB *db);
-static int do_updatedb(CA_DB *db);
-static int check_time_format(const char *str);
-char *make_revocation_str(int rev_type, char *rev_arg);
-int make_revoked(X509_REVOKED *rev, const char *str);
-int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
-static CONF *conf=NULL;
-static CONF *extconf=NULL;
-static char *section=NULL;
-
-static int preserve=0;
-static int msie_hack=0;
-
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	char *key=NULL,*passargin=NULL;
-	int create_ser = 0;
-	int free_key = 0;
-	int total=0;
-	int total_done=0;
-	int badops=0;
-	int ret=1;
-	int email_dn=1;
-	int req=0;
-	int verbose=0;
-	int gencrl=0;
-	int dorevoke=0;
-	int doupdatedb=0;
-	long crldays=0;
-	long crlhours=0;
-	long crlsec=0;
-	long errorline= -1;
-	char *configfile=NULL;
-	char *md=NULL;
-	char *policy=NULL;
-	char *keyfile=NULL;
-	char *certfile=NULL;
-	int keyform=FORMAT_PEM;
-	char *infile=NULL;
-	char *spkac_file=NULL;
-	char *ss_cert_file=NULL;
-	char *ser_status=NULL;
-	EVP_PKEY *pkey=NULL;
-	int output_der = 0;
-	char *outfile=NULL;
-	char *outdir=NULL;
-	char *serialfile=NULL;
-	char *crlnumberfile=NULL;
-	char *extensions=NULL;
-	char *extfile=NULL;
-	char *subj=NULL;
-	unsigned long chtype = MBSTRING_ASC;
-	int multirdn = 0;
-	char *tmp_email_dn=NULL;
-	char *crl_ext=NULL;
-	int rev_type = REV_NONE;
-	char *rev_arg = NULL;
-	BIGNUM *serial=NULL;
-	BIGNUM *crlnumber=NULL;
-	char *startdate=NULL;
-	char *enddate=NULL;
-	long days=0;
-	int batch=0;
-	int notext=0;
-	unsigned long nameopt = 0, certopt = 0;
-	int default_op = 1;
-	int ext_copy = EXT_COPY_NONE;
-	int selfsign = 0;
-	X509 *x509=NULL, *x509p = NULL;
-	X509 *x=NULL;
-	BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
-	char *dbfile=NULL;
-	CA_DB *db=NULL;
-	X509_CRL *crl=NULL;
-	X509_REVOKED *r=NULL;
-	ASN1_TIME *tmptm;
-	ASN1_INTEGER *tmpser;
-	char *f;
-	const char *p;
-	char * const *pp;
-	int i,j;
-	const EVP_MD *dgst=NULL;
-	STACK_OF(CONF_VALUE) *attribs=NULL;
-	STACK_OF(X509) *cert_sk=NULL;
-	STACK_OF(OPENSSL_STRING) *sigopts = NULL;
-#undef BSIZE
-#define BSIZE 256
-	MS_STATIC char buf[3][BSIZE];
-	char *randfile=NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine = NULL;
-#endif
-	char *tofree=NULL;
-	DB_ATTR db_attr;
-
-#ifdef EFENCE
-EF_PROTECT_FREE=1;
-EF_PROTECT_BELOW=1;
-EF_ALIGNMENT=0;
-#endif
-
-	apps_startup();
-
-	conf = NULL;
-	key = NULL;
-	section = NULL;
-
-	preserve=0;
-	msie_hack=0;
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if	(strcmp(*argv,"-verbose") == 0)
-			verbose=1;
-		else if	(strcmp(*argv,"-config") == 0)
-			{
-			if (--argc < 1) goto bad;
-			configfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-name") == 0)
-			{
-			if (--argc < 1) goto bad;
-			section= *(++argv);
-			}
-		else if (strcmp(*argv,"-subj") == 0)
-			{
-			if (--argc < 1) goto bad;
-			subj= *(++argv);
-			/* preserve=1; */
-			}
-		else if (strcmp(*argv,"-utf8") == 0)
-			chtype = MBSTRING_UTF8;
-		else if (strcmp(*argv,"-create_serial") == 0)
-			create_ser = 1;
-		else if (strcmp(*argv,"-multivalue-rdn") == 0)
-			multirdn=1;
-		else if (strcmp(*argv,"-startdate") == 0)
-			{
-			if (--argc < 1) goto bad;
-			startdate= *(++argv);
-			}
-		else if (strcmp(*argv,"-enddate") == 0)
-			{
-			if (--argc < 1) goto bad;
-			enddate= *(++argv);
-			}
-		else if (strcmp(*argv,"-days") == 0)
-			{
-			if (--argc < 1) goto bad;
-			days=atoi(*(++argv));
-			}
-		else if (strcmp(*argv,"-md") == 0)
-			{
-			if (--argc < 1) goto bad;
-			md= *(++argv);
-			}
-		else if (strcmp(*argv,"-policy") == 0)
-			{
-			if (--argc < 1) goto bad;
-			policy= *(++argv);
-			}
-		else if (strcmp(*argv,"-keyfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyform=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			key= *(++argv);
-			}
-		else if (strcmp(*argv,"-cert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			certfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-selfsign") == 0)
-			selfsign=1;
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			req=1;
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-outdir") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outdir= *(++argv);
-			}
-		else if (strcmp(*argv,"-sigopt") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			if (!sigopts)
-				sigopts = sk_OPENSSL_STRING_new_null();
-			if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
-				goto bad;
-			}
-		else if (strcmp(*argv,"-notext") == 0)
-			notext=1;
-		else if (strcmp(*argv,"-batch") == 0)
-			batch=1;
-		else if (strcmp(*argv,"-preserveDN") == 0)
-			preserve=1;
-		else if (strcmp(*argv,"-noemailDN") == 0)
-			email_dn=0;
-		else if (strcmp(*argv,"-gencrl") == 0)
-			gencrl=1;
-		else if (strcmp(*argv,"-msie_hack") == 0)
-			msie_hack=1;
-		else if (strcmp(*argv,"-crldays") == 0)
-			{
-			if (--argc < 1) goto bad;
-			crldays= atol(*(++argv));
-			}
-		else if (strcmp(*argv,"-crlhours") == 0)
-			{
-			if (--argc < 1) goto bad;
-			crlhours= atol(*(++argv));
-			}
-		else if (strcmp(*argv,"-crlsec") == 0)
-			{
-			if (--argc < 1) goto bad;
-			crlsec = atol(*(++argv));
-			}
-		else if (strcmp(*argv,"-infiles") == 0)
-			{
-			argc--;
-			argv++;
-			req=1;
-			break;
-			}
-		else if (strcmp(*argv, "-ss_cert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			ss_cert_file = *(++argv);
-			req=1;
-			}
-		else if (strcmp(*argv, "-spkac") == 0)
-			{
-			if (--argc < 1) goto bad;
-			spkac_file = *(++argv);
-			req=1;
-			}
-		else if (strcmp(*argv,"-revoke") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			dorevoke=1;
-			}
-		else if (strcmp(*argv,"-extensions") == 0)
-			{
-			if (--argc < 1) goto bad;
-			extensions= *(++argv);
-			}
-		else if (strcmp(*argv,"-extfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			extfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-status") == 0)
-			{
-			if (--argc < 1) goto bad;
-			ser_status= *(++argv);
-			}
-		else if (strcmp(*argv,"-updatedb") == 0)
-			{
-			doupdatedb=1;
-			}
-		else if (strcmp(*argv,"-crlexts") == 0)
-			{
-			if (--argc < 1) goto bad;
-			crl_ext= *(++argv);
-			}
-		else if (strcmp(*argv,"-crl_reason") == 0)
-			{
-			if (--argc < 1) goto bad;
-			rev_arg = *(++argv);
-			rev_type = REV_CRL_REASON;
-			}
-		else if (strcmp(*argv,"-crl_hold") == 0)
-			{
-			if (--argc < 1) goto bad;
-			rev_arg = *(++argv);
-			rev_type = REV_HOLD;
-			}
-		else if (strcmp(*argv,"-crl_compromise") == 0)
-			{
-			if (--argc < 1) goto bad;
-			rev_arg = *(++argv);
-			rev_type = REV_KEY_COMPROMISE;
-			}
-		else if (strcmp(*argv,"-crl_CA_compromise") == 0)
-			{
-			if (--argc < 1) goto bad;
-			rev_arg = *(++argv);
-			rev_type = REV_CA_COMPROMISE;
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-		else
-			{
-bad:
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-		const char **pp2;
-
-		for (pp2=ca_usage; (*pp2 != NULL); pp2++)
-			BIO_printf(bio_err,"%s",*pp2);
-		goto err;
-		}
-
-	ERR_load_crypto_strings();
-
-	/*****************************************************************/
-	tofree=NULL;
-	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
-	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
-	if (configfile == NULL)
-		{
-		const char *s=X509_get_default_cert_area();
-		size_t len;
-
-#ifdef OPENSSL_SYS_VMS
-		len = strlen(s)+sizeof(CONFIG_FILE);
-		tofree=OPENSSL_malloc(len);
-		strcpy(tofree,s);
-#else
-		len = strlen(s)+sizeof(CONFIG_FILE)+1;
-		tofree=OPENSSL_malloc(len);
-		BUF_strlcpy(tofree,s,len);
-		BUF_strlcat(tofree,"/",len);
-#endif
-		BUF_strlcat(tofree,CONFIG_FILE,len);
-		configfile=tofree;
-		}
-
-	BIO_printf(bio_err,"Using configuration from %s\n",configfile);
-	conf = NCONF_new(NULL);
-	if (NCONF_load(conf,configfile,&errorline) <= 0)
-		{
-		if (errorline <= 0)
-			BIO_printf(bio_err,"error loading the config file '%s'\n",
-				configfile);
-		else
-			BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
-				,errorline,configfile);
-		goto err;
-		}
-	if(tofree)
-		{
-		OPENSSL_free(tofree);
-		tofree = NULL;
-		}
-
-	if (!load_config(bio_err, conf))
-		goto err;
-
-#ifndef OPENSSL_NO_ENGINE
-	e = setup_engine(bio_err, engine, 0);
-#endif
-
-	/* Lets get the config section we are using */
-	if (section == NULL)
-		{
-		section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
-		if (section == NULL)
-			{
-			lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
-			goto err;
-			}
-		}
-
-	if (conf != NULL)
-		{
-		p=NCONF_get_string(conf,NULL,"oid_file");
-		if (p == NULL)
-			ERR_clear_error();
-		if (p != NULL)
-			{
-			BIO *oid_bio;
-
-			oid_bio=BIO_new_file(p,"r");
-			if (oid_bio == NULL) 
-				{
-				/*
-				BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
-				ERR_print_errors(bio_err);
-				*/
-				ERR_clear_error();
-				}
-			else
-				{
-				OBJ_create_objects(oid_bio);
-				BIO_free(oid_bio);
-				}
-			}
-		if (!add_oid_section(bio_err,conf)) 
-			{
-			ERR_print_errors(bio_err);
-			goto err;
-			}
-		}
-
-	randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
-	if (randfile == NULL)
-		ERR_clear_error();
-	app_RAND_load_file(randfile, bio_err, 0);
-
-	f = NCONF_get_string(conf, section, STRING_MASK);
-	if (!f)
-		ERR_clear_error();
-
-	if(f && !ASN1_STRING_set_default_mask_asc(f)) {
-		BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
-		goto err;
-	}
-
-	if (chtype != MBSTRING_UTF8){
-		f = NCONF_get_string(conf, section, UTF8_IN);
-		if (!f)
-			ERR_clear_error();
-		else if (!strcmp(f, "yes"))
-			chtype = MBSTRING_UTF8;
-	}
-
-	db_attr.unique_subject = 1;
-	p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
-	if (p)
-		{
-#ifdef RL_DEBUG
-		BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
-#endif
-		db_attr.unique_subject = parse_yesno(p,1);
-		}
-	else
-		ERR_clear_error();
-#ifdef RL_DEBUG
-	if (!p)
-		BIO_printf(bio_err, "DEBUG: unique_subject undefined\n");
-#endif
-#ifdef RL_DEBUG
-	BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
-		db_attr.unique_subject);
-#endif
-	
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	Sout=BIO_new(BIO_s_file());
-	Cout=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	/*****************************************************************/
-	/* report status of cert with serial number given on command line */
-	if (ser_status)
-	{
-		if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
-			{
-			lookup_fail(section,ENV_DATABASE);
-			goto err;
-			}
-		db = load_index(dbfile,&db_attr);
-		if (db == NULL) goto err;
-
-		if (!index_index(db)) goto err;
-
-		if (get_certificate_status(ser_status,db) != 1)
-			BIO_printf(bio_err,"Error verifying serial %s!\n",
-				 ser_status);
-		goto err;
-	}
-
-	/*****************************************************************/
-	/* we definitely need a private key, so let's get it */
-
-	if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
-		section,ENV_PRIVATE_KEY)) == NULL))
-		{
-		lookup_fail(section,ENV_PRIVATE_KEY);
-		goto err;
-		}
-	if (!key)
-		{
-		free_key = 1;
-		if (!app_passwd(bio_err, passargin, NULL, &key, NULL))
-			{
-			BIO_printf(bio_err,"Error getting password\n");
-			goto err;
-			}
-		}
-	pkey = load_key(bio_err, keyfile, keyform, 0, key, e, 
-		"CA private key");
-	if (key) OPENSSL_cleanse(key,strlen(key));
-	if (pkey == NULL)
-		{
-		/* load_key() has already printed an appropriate message */
-		goto err;
-		}
-
-	/*****************************************************************/
-	/* we need a certificate */
-	if (!selfsign || spkac_file || ss_cert_file || gencrl)
-		{
-		if ((certfile == NULL)
-			&& ((certfile=NCONF_get_string(conf,
-				     section,ENV_CERTIFICATE)) == NULL))
-			{
-			lookup_fail(section,ENV_CERTIFICATE);
-			goto err;
-			}
-		x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
-			"CA certificate");
-		if (x509 == NULL)
-			goto err;
-
-		if (!X509_check_private_key(x509,pkey))
-			{
-			BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
-			goto err;
-			}
-		}
-	if (!selfsign) x509p = x509;
-
-	f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
-	if (f == NULL)
-		ERR_clear_error();
-	if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
-		preserve=1;
-	f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
-	if (f == NULL)
-		ERR_clear_error();
-	if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
-		msie_hack=1;
-
-	f=NCONF_get_string(conf,section,ENV_NAMEOPT);
-
-	if (f)
-		{
-		if (!set_name_ex(&nameopt, f))
-			{
-			BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
-			goto err;
-			}
-		default_op = 0;
-		}
-	else
-		ERR_clear_error();
-
-	f=NCONF_get_string(conf,section,ENV_CERTOPT);
-
-	if (f)
-		{
-		if (!set_cert_ex(&certopt, f))
-			{
-			BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
-			goto err;
-			}
-		default_op = 0;
-		}
-	else
-		ERR_clear_error();
-
-	f=NCONF_get_string(conf,section,ENV_EXTCOPY);
-
-	if (f)
-		{
-		if (!set_ext_copy(&ext_copy, f))
-			{
-			BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
-			goto err;
-			}
-		}
-	else
-		ERR_clear_error();
-
-	/*****************************************************************/
-	/* lookup where to write new certificates */
-	if ((outdir == NULL) && (req))
-		{
-
-		if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
-			== NULL)
-			{
-			BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
-			goto err;
-			}
-#ifndef OPENSSL_SYS_VMS
-	    /* outdir is a directory spec, but access() for VMS demands a
-	       filename.  In any case, stat(), below, will catch the problem
-	       if outdir is not a directory spec, and the fopen() or open()
-	       will catch an error if there is no write access.
-
-	       Presumably, this problem could also be solved by using the DEC
-	       C routines to convert the directory syntax to Unixly, and give
-	       that to access().  However, time's too short to do that just
-	       now.
-	    */
-#ifndef _WIN32
-		if (access(outdir,R_OK|W_OK|X_OK) != 0)
-#else
-		if (_access(outdir,R_OK|W_OK|X_OK) != 0)
-#endif
-			{
-			BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
-			perror(outdir);
-			goto err;
-			}
-
-		if (app_isdir(outdir)<=0)
-			{
-			BIO_printf(bio_err,"%s need to be a directory\n",outdir);
-			perror(outdir);
-			goto err;
-			}
-#endif
-		}
-
-	/*****************************************************************/
-	/* we need to load the database file */
-	if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
-		{
-		lookup_fail(section,ENV_DATABASE);
-		goto err;
-		}
-	db = load_index(dbfile, &db_attr);
-	if (db == NULL) goto err;
-
-	/* Lets check some fields */
-	for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
-		{
-		pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
-		if ((pp[DB_type][0] != DB_TYPE_REV) &&
-			(pp[DB_rev_date][0] != '\0'))
-			{
-			BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1);
-			goto err;
-			}
-		if ((pp[DB_type][0] == DB_TYPE_REV) &&
-			!make_revoked(NULL, pp[DB_rev_date]))
-			{
-			BIO_printf(bio_err," in entry %d\n", i+1);
-			goto err;
-			}
-		if (!check_time_format((char *)pp[DB_exp_date]))
-			{
-			BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
-			goto err;
-			}
-		p=pp[DB_serial];
-		j=strlen(p);
-		if (*p == '-')
-			{
-			p++;
-			j--;
-			}
-		if ((j&1) || (j < 2))
-			{
-			BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);
-			goto err;
-			}
-		while (*p)
-			{
-			if (!(	((*p >= '0') && (*p <= '9')) ||
-				((*p >= 'A') && (*p <= 'F')) ||
-				((*p >= 'a') && (*p <= 'f')))  )
-				{
-				BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p);
-				goto err;
-				}
-			p++;
-			}
-		}
-	if (verbose)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		TXT_DB_write(out,db->db);
-		BIO_printf(bio_err,"%d entries loaded from the database\n",
-			   sk_OPENSSL_PSTRING_num(db->db->data));
-		BIO_printf(bio_err,"generating index\n");
-		}
-	
-	if (!index_index(db)) goto err;
-
-	/*****************************************************************/
-	/* Update the db file for expired certificates */
-	if (doupdatedb)
-		{
-		if (verbose)
-			BIO_printf(bio_err, "Updating %s ...\n",
-							dbfile);
-
-		i = do_updatedb(db);
-		if (i == -1)
-			{
-			BIO_printf(bio_err,"Malloc failure\n");
-			goto err;
-			}
-		else if (i == 0)
-			{
-			if (verbose) BIO_printf(bio_err,
-					"No entries found to mark expired\n"); 
-			}
-	    	else
-			{
-			if (!save_index(dbfile,"new",db)) goto err;
-				
-			if (!rotate_index(dbfile,"new","old")) goto err;
-				
-			if (verbose) BIO_printf(bio_err,
-				"Done. %d entries marked as expired\n",i); 
-	      		}
-	  	}
-
- 	/*****************************************************************/
-	/* Read extentions config file                                   */
-	if (extfile)
-		{
-		extconf = NCONF_new(NULL);
-		if (NCONF_load(extconf,extfile,&errorline) <= 0)
-			{
-			if (errorline <= 0)
-				BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
-					extfile);
-			else
-				BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n",
-					errorline,extfile);
-			ret = 1;
-			goto err;
-			}
-
-		if (verbose)
-			BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);
-
-		/* We can have sections in the ext file */
-		if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
-			extensions = "default";
-		}
-
-	/*****************************************************************/
-	if (req || gencrl)
-		{
-		if (outfile != NULL)
-			{
-			if (BIO_write_filename(Sout,outfile) <= 0)
-				{
-				perror(outfile);
-				goto err;
-				}
-			}
-		else
-			{
-			BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			Sout = BIO_push(tmpbio, Sout);
-			}
-#endif
-			}
-		}
-
-	if ((md == NULL) && ((md=NCONF_get_string(conf,
-		section,ENV_DEFAULT_MD)) == NULL))
-		{
-		lookup_fail(section,ENV_DEFAULT_MD);
-		goto err;
-		}
-
-	if (!strcmp(md, "default"))
-		{
-		int def_nid;
-		if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
-			{
-			BIO_puts(bio_err,"no default digest\n");
-			goto err;
-			}
-		md = (char *)OBJ_nid2sn(def_nid);
-		}
-
-	if ((dgst=EVP_get_digestbyname(md)) == NULL)
-		{
-		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
-		goto err;
-		}
-
-	if (req)
-		{
-		if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
-			section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
-			{
-			if(strcmp(tmp_email_dn,"no") == 0)
-				email_dn=0;
-			}
-		if (verbose)
-			BIO_printf(bio_err,"message digest is %s\n",
-				OBJ_nid2ln(dgst->type));
-		if ((policy == NULL) && ((policy=NCONF_get_string(conf,
-			section,ENV_POLICY)) == NULL))
-			{
-			lookup_fail(section,ENV_POLICY);
-			goto err;
-			}
-		if (verbose)
-			BIO_printf(bio_err,"policy is %s\n",policy);
-
-		if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
-			== NULL)
-			{
-			lookup_fail(section,ENV_SERIAL);
-			goto err;
-			}
-
-		if (!extconf)
-			{
-			/* no '-extfile' option, so we look for extensions
-			 * in the main configuration file */
-			if (!extensions)
-				{
-				extensions=NCONF_get_string(conf,section,
-								ENV_EXTENSIONS);
-				if (!extensions)
-					ERR_clear_error();
-				}
-			if (extensions)
-				{
-				/* Check syntax of file */
-				X509V3_CTX ctx;
-				X509V3_set_ctx_test(&ctx);
-				X509V3_set_nconf(&ctx, conf);
-				if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
-								NULL))
-					{
-					BIO_printf(bio_err,
-				 	"Error Loading extension section %s\n",
-								 extensions);
-					ret = 1;
-					goto err;
-					}
-				}
-			}
-
-		if (startdate == NULL)
-			{
-			startdate=NCONF_get_string(conf,section,
-				ENV_DEFAULT_STARTDATE);
-			if (startdate == NULL)
-				ERR_clear_error();
-			}
-		if (startdate && !ASN1_TIME_set_string(NULL, startdate))
-			{
-			BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
-			goto err;
-			}
-		if (startdate == NULL) startdate="today";
-
-		if (enddate == NULL)
-			{
-			enddate=NCONF_get_string(conf,section,
-				ENV_DEFAULT_ENDDATE);
-			if (enddate == NULL)
-				ERR_clear_error();
-			}
-		if (enddate && !ASN1_TIME_set_string(NULL, enddate))
-			{
-			BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
-			goto err;
-			}
-
-		if (days == 0)
-			{
-			if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
-				days = 0;
-			}
-		if (!enddate && (days == 0))
-			{
-			BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
-			goto err;
-			}
-
-		if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)
-			{
-			BIO_printf(bio_err,"error while loading serial number\n");
-			goto err;
-			}
-		if (verbose)
-			{
-			if (BN_is_zero(serial))
-				BIO_printf(bio_err,"next serial number is 00\n");
-			else
-				{
-				if ((f=BN_bn2hex(serial)) == NULL) goto err;
-				BIO_printf(bio_err,"next serial number is %s\n",f);
-				OPENSSL_free(f);
-				}
-			}
-
-		if ((attribs=NCONF_get_section(conf,policy)) == NULL)
-			{
-			BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
-			goto err;
-			}
-
-		if ((cert_sk=sk_X509_new_null()) == NULL)
-			{
-			BIO_printf(bio_err,"Memory allocation failure\n");
-			goto err;
-			}
-		if (spkac_file != NULL)
-			{
-			total++;
-			j=certify_spkac(&x,spkac_file,pkey,x509,dgst,sigopts,
-				attribs,db, serial,subj,chtype,multirdn,
-				email_dn,startdate,enddate,days,extensions,
-				conf,verbose,certopt,nameopt,default_op,ext_copy);
-			if (j < 0) goto err;
-			if (j > 0)
-				{
-				total_done++;
-				BIO_printf(bio_err,"\n");
-				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_X509_push(cert_sk,x))
-					{
-					BIO_printf(bio_err,"Memory allocation failure\n");
-					goto err;
-					}
-				if (outfile)
-					{
-					output_der = 1;
-					batch = 1;
-					}
-				}
-			}
-		if (ss_cert_file != NULL)
-			{
-			total++;
-			j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,sigopts,
-				attribs,
-				db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
-				extensions,conf,verbose, certopt, nameopt,
-				default_op, ext_copy, e);
-			if (j < 0) goto err;
-			if (j > 0)
-				{
-				total_done++;
-				BIO_printf(bio_err,"\n");
-				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_X509_push(cert_sk,x))
-					{
-					BIO_printf(bio_err,"Memory allocation failure\n");
-					goto err;
-					}
-				}
-			}
-		if (infile != NULL)
-			{
-			total++;
-			j=certify(&x,infile,pkey,x509p,dgst,sigopts, attribs,db,
-				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
-				extensions,conf,verbose, certopt, nameopt,
-				default_op, ext_copy, selfsign);
-			if (j < 0) goto err;
-			if (j > 0)
-				{
-				total_done++;
-				BIO_printf(bio_err,"\n");
-				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_X509_push(cert_sk,x))
-					{
-					BIO_printf(bio_err,"Memory allocation failure\n");
-					goto err;
-					}
-				}
-			}
-		for (i=0; i<argc; i++)
-			{
-			total++;
-			j=certify(&x,argv[i],pkey,x509p,dgst,sigopts,attribs,db,
-				serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
-				extensions,conf,verbose, certopt, nameopt,
-				default_op, ext_copy, selfsign);
-			if (j < 0) goto err;
-			if (j > 0)
-				{
-				total_done++;
-				BIO_printf(bio_err,"\n");
-				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_X509_push(cert_sk,x))
-					{
-					BIO_printf(bio_err,"Memory allocation failure\n");
-					goto err;
-					}
-				}
-			}	
-		/* we have a stack of newly certified certificates
-		 * and a data base and serial number that need
-		 * updating */
-
-		if (sk_X509_num(cert_sk) > 0)
-			{
-			if (!batch)
-				{
-				BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
-				(void)BIO_flush(bio_err);
-				buf[0][0]='\0';
-				if (!fgets(buf[0],10,stdin))
-					{
-					BIO_printf(bio_err,"CERTIFICATION CANCELED: I/O error\n"); 
-					ret=0;
-					goto err;
-					}
-				if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
-					{
-					BIO_printf(bio_err,"CERTIFICATION CANCELED\n"); 
-					ret=0;
-					goto err;
-					}
-				}
-
-			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
-
-			if (!save_serial(serialfile,"new",serial,NULL)) goto err;
-
-			if (!save_index(dbfile, "new", db)) goto err;
-			}
-	
-		if (verbose)
-			BIO_printf(bio_err,"writing new certificates\n");
-		for (i=0; i<sk_X509_num(cert_sk); i++)
-			{
-			int k;
-			char *n;
-
-			x=sk_X509_value(cert_sk,i);
-
-			j=x->cert_info->serialNumber->length;
-			p=(const char *)x->cert_info->serialNumber->data;
-			
-			if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
-				{
-				BIO_printf(bio_err,"certificate file name too long\n");
-				goto err;
-				}
-
-			strcpy(buf[2],outdir);
-
-#ifndef OPENSSL_SYS_VMS
-			BUF_strlcat(buf[2],"/",sizeof(buf[2]));
-#endif
-
-			n=(char *)&(buf[2][strlen(buf[2])]);
-			if (j > 0)
-				{
-				for (k=0; k<j; k++)
-					{
-					if (n >= &(buf[2][sizeof(buf[2])]))
-						break;
-					BIO_snprintf(n,
-						     &buf[2][0] + sizeof(buf[2]) - n,
-						     "%02X",(unsigned char)*(p++));
-					n+=2;
-					}
-				}
-			else
-				{
-				*(n++)='0';
-				*(n++)='0';
-				}
-			*(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m';
-			*n='\0';
-			if (verbose)
-				BIO_printf(bio_err,"writing %s\n",buf[2]);
-
-			if (BIO_write_filename(Cout,buf[2]) <= 0)
-				{
-				perror(buf[2]);
-				goto err;
-				}
-			write_new_certificate(Cout,x, 0, notext);
-			write_new_certificate(Sout,x, output_der, notext);
-			}
-
-		if (sk_X509_num(cert_sk))
-			{
-			/* Rename the database and the serial file */
-			if (!rotate_serial(serialfile,"new","old")) goto err;
-
-			if (!rotate_index(dbfile,"new","old")) goto err;
-
-			BIO_printf(bio_err,"Data Base Updated\n");
-			}
-		}
-	
-	/*****************************************************************/
-	if (gencrl)
-		{
-		int crl_v2 = 0;
-		if (!crl_ext)
-			{
-			crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
-			if (!crl_ext)
-				ERR_clear_error();
-			}
-		if (crl_ext)
-			{
-			/* Check syntax of file */
-			X509V3_CTX ctx;
-			X509V3_set_ctx_test(&ctx);
-			X509V3_set_nconf(&ctx, conf);
-			if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
-				{
-				BIO_printf(bio_err,
-				 "Error Loading CRL extension section %s\n",
-								 crl_ext);
-				ret = 1;
-				goto err;
-				}
-			}
-
-		if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
-			!= NULL)
-			if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
-				{
-				BIO_printf(bio_err,"error while loading CRL number\n");
-				goto err;
-				}
-
-		if (!crldays && !crlhours && !crlsec)
-			{
-			if (!NCONF_get_number(conf,section,
-				ENV_DEFAULT_CRL_DAYS, &crldays))
-				crldays = 0;
-			if (!NCONF_get_number(conf,section,
-				ENV_DEFAULT_CRL_HOURS, &crlhours))
-				crlhours = 0;
-			ERR_clear_error();
-			}
-		if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
-			{
-			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
-			goto err;
-			}
-
-		if (verbose) BIO_printf(bio_err,"making CRL\n");
-		if ((crl=X509_CRL_new()) == NULL) goto err;
-		if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;
-
-		tmptm = ASN1_TIME_new();
-		if (!tmptm) goto err;
-		X509_gmtime_adj(tmptm,0);
-		X509_CRL_set_lastUpdate(crl, tmptm);	
-		if (!X509_time_adj_ex(tmptm, crldays, crlhours*60*60 + crlsec,
-			NULL))
-			{
-			BIO_puts(bio_err, "error setting CRL nextUpdate\n");
-			goto err;
-			}
-		X509_CRL_set_nextUpdate(crl, tmptm);	
-
-		ASN1_TIME_free(tmptm);
-
-		for (i=0; i<sk_OPENSSL_PSTRING_num(db->db->data); i++)
-			{
-			pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
-			if (pp[DB_type][0] == DB_TYPE_REV)
-				{
-				if ((r=X509_REVOKED_new()) == NULL) goto err;
-				j = make_revoked(r, pp[DB_rev_date]);
-				if (!j) goto err;
-				if (j == 2) crl_v2 = 1;
-				if (!BN_hex2bn(&serial, pp[DB_serial]))
-					goto err;
-				tmpser = BN_to_ASN1_INTEGER(serial, NULL);
-				BN_free(serial);
-				serial = NULL;
-				if (!tmpser)
-					goto err;
-				X509_REVOKED_set_serialNumber(r, tmpser);
-				ASN1_INTEGER_free(tmpser);
-				X509_CRL_add0_revoked(crl,r);
-				}
-			}
-
-		/* sort the data so it will be written in serial
-		 * number order */
-		X509_CRL_sort(crl);
-
-		/* we now have a CRL */
-		if (verbose) BIO_printf(bio_err,"signing CRL\n");
-
-		/* Add any extensions asked for */
-
-		if (crl_ext || crlnumberfile != NULL)
-			{
-			X509V3_CTX crlctx;
-			X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
-			X509V3_set_nconf(&crlctx, conf);
-
-			if (crl_ext)
-				if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
-					crl_ext, crl)) goto err;
-			if (crlnumberfile != NULL)
-				{
-				tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
-				if (!tmpser) goto err;
-				X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
-				ASN1_INTEGER_free(tmpser);
-				crl_v2 = 1;
-				if (!BN_add_word(crlnumber,1)) goto err;
-				}
-			}
-		if (crl_ext || crl_v2)
-			{
-			if (!X509_CRL_set_version(crl, 1))
-				goto err; /* version 2 CRL */
-			}
-
-		
-		if (crlnumberfile != NULL)	/* we have a CRL number that need updating */
-			if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
-
-		if (crlnumber)
-			{
-			BN_free(crlnumber);
-			crlnumber = NULL;
-			}
-
-		if (!do_X509_CRL_sign(bio_err,crl,pkey,dgst,sigopts)) goto err;
-
-		PEM_write_bio_X509_CRL(Sout,crl);
-
-		if (crlnumberfile != NULL)	/* Rename the crlnumber file */
-			if (!rotate_serial(crlnumberfile,"new","old")) goto err;
-
-		}
-	/*****************************************************************/
-	if (dorevoke)
-		{
-		if (infile == NULL) 
-			{
-			BIO_printf(bio_err,"no input files\n");
-			goto err;
-			}
-		else
-			{
-			X509 *revcert;
-			revcert=load_cert(bio_err, infile, FORMAT_PEM,
-				NULL, e, infile);
-			if (revcert == NULL)
-				goto err;
-			j=do_revoke(revcert,db, rev_type, rev_arg);
-			if (j <= 0) goto err;
-			X509_free(revcert);
-
-			if (!save_index(dbfile, "new", db)) goto err;
-
-			if (!rotate_index(dbfile, "new", "old")) goto err;
-
-			BIO_printf(bio_err,"Data Base Updated\n"); 
-			}
-		}
-	/*****************************************************************/
-	ret=0;
-err:
-	if(tofree)
-		OPENSSL_free(tofree);
-	BIO_free_all(Cout);
-	BIO_free_all(Sout);
-	BIO_free_all(out);
-	BIO_free_all(in);
-
-	if (cert_sk)
-		sk_X509_pop_free(cert_sk,X509_free);
-
-	if (ret) ERR_print_errors(bio_err);
-	app_RAND_write_file(randfile, bio_err);
-	if (free_key && key)
-		OPENSSL_free(key);
-	BN_free(serial);
-	BN_free(crlnumber);
-	free_index(db);
-	if (sigopts)
-		sk_OPENSSL_STRING_free(sigopts);
-	EVP_PKEY_free(pkey);
-	if (x509) X509_free(x509);
-	X509_CRL_free(crl);
-	NCONF_free(conf);
-	NCONF_free(extconf);
-	OBJ_cleanup();
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-static void lookup_fail(const char *name, const char *tag)
-	{
-	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
-	}
-
-static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
-	     STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-	     BIGNUM *serial, char *subj,unsigned long chtype, int multirdn,
-	     int email_dn, char *startdate, char *enddate,
-	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
-	     unsigned long certopt, unsigned long nameopt, int default_op,
-	     int ext_copy, int selfsign)
-	{
-	X509_REQ *req=NULL;
-	BIO *in=NULL;
-	EVP_PKEY *pktmp=NULL;
-	int ok= -1,i;
-
-	in=BIO_new(BIO_s_file());
-
-	if (BIO_read_filename(in,infile) <= 0)
-		{
-		perror(infile);
-		goto err;
-		}
-	if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL)
-		{
-		BIO_printf(bio_err,"Error reading certificate request in %s\n",
-			infile);
-		goto err;
-		}
-	if (verbose)
-		X509_REQ_print(bio_err,req);
-
-	BIO_printf(bio_err,"Check that the request matches the signature\n");
-
-	if (selfsign && !X509_REQ_check_private_key(req,pkey))
-		{
-		BIO_printf(bio_err,"Certificate request and CA private key do not match\n");
-		ok=0;
-		goto err;
-		}
-	if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)
-		{
-		BIO_printf(bio_err,"error unpacking public key\n");
-		goto err;
-		}
-	i=X509_REQ_verify(req,pktmp);
-	EVP_PKEY_free(pktmp);
-	if (i < 0)
-		{
-		ok=0;
-		BIO_printf(bio_err,"Signature verification problems....\n");
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-	if (i == 0)
-		{
-		ok=0;
-		BIO_printf(bio_err,"Signature did not match the certificate request\n");
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-	else
-		BIO_printf(bio_err,"Signature ok\n");
-
-	ok=do_body(xret,pkey,x509,dgst,sigopts, policy,db,serial,subj,chtype,
-		multirdn, email_dn,
-		startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
-		certopt, nameopt, default_op, ext_copy, selfsign);
-
-err:
-	if (req != NULL) X509_REQ_free(req);
-	if (in != NULL) BIO_free(in);
-	return(ok);
-	}
-
-static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
-	     STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-	     BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
-	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
-	     unsigned long certopt, unsigned long nameopt, int default_op,
-	     int ext_copy, ENGINE *e)
-	{
-	X509 *req=NULL;
-	X509_REQ *rreq=NULL;
-	EVP_PKEY *pktmp=NULL;
-	int ok= -1,i;
-
-	if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
-		goto err;
-	if (verbose)
-		X509_print(bio_err,req);
-
-	BIO_printf(bio_err,"Check that the request matches the signature\n");
-
-	if ((pktmp=X509_get_pubkey(req)) == NULL)
-		{
-		BIO_printf(bio_err,"error unpacking public key\n");
-		goto err;
-		}
-	i=X509_verify(req,pktmp);
-	EVP_PKEY_free(pktmp);
-	if (i < 0)
-		{
-		ok=0;
-		BIO_printf(bio_err,"Signature verification problems....\n");
-		goto err;
-		}
-	if (i == 0)
-		{
-		ok=0;
-		BIO_printf(bio_err,"Signature did not match the certificate\n");
-		goto err;
-		}
-	else
-		BIO_printf(bio_err,"Signature ok\n");
-
-	if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
-		goto err;
-
-	ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
-		days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
-		ext_copy, 0);
-
-err:
-	if (rreq != NULL) X509_REQ_free(rreq);
-	if (req != NULL) X509_free(req);
-	return(ok);
-	}
-
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
-	     STACK_OF(OPENSSL_STRING) *sigopts, STACK_OF(CONF_VALUE) *policy,
-             CA_DB *db, BIGNUM *serial, char *subj,
-	     unsigned long chtype, int multirdn,
-	     int email_dn, char *startdate, char *enddate, long days, int batch,
-	     int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
-	     unsigned long certopt, unsigned long nameopt, int default_op,
-	     int ext_copy, int selfsign)
-	{
-	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;
-	ASN1_UTCTIME *tm,*tmptm;
-	ASN1_STRING *str,*str2;
-	ASN1_OBJECT *obj;
-	X509 *ret=NULL;
-	X509_CINF *ci;
-	X509_NAME_ENTRY *ne;
-	X509_NAME_ENTRY *tne,*push;
-	EVP_PKEY *pktmp;
-	int ok= -1,i,j,last,nid;
-	const char *p;
-	CONF_VALUE *cv;
-	OPENSSL_STRING row[DB_NUMBER];
-	OPENSSL_STRING *irow=NULL;
-	OPENSSL_STRING *rrow=NULL;
-	char buf[25];
-
-	tmptm=ASN1_UTCTIME_new();
-	if (tmptm == NULL)
-		{
-		BIO_printf(bio_err,"malloc error\n");
-		return(0);
-		}
-
-	for (i=0; i<DB_NUMBER; i++)
-		row[i]=NULL;
-
-	if (subj)
-		{
-		X509_NAME *n = parse_name(subj, chtype, multirdn);
-
-		if (!n)
-			{
-			ERR_print_errors(bio_err);
-			goto err;
-			}
-		X509_REQ_set_subject_name(req,n);
-		req->req_info->enc.modified = 1;
-		X509_NAME_free(n);
-		}
-
-	if (default_op)
-		BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n");
-
-	name=X509_REQ_get_subject_name(req);
-	for (i=0; i<X509_NAME_entry_count(name); i++)
-		{
-		ne= X509_NAME_get_entry(name,i);
-		str=X509_NAME_ENTRY_get_data(ne);
-		obj=X509_NAME_ENTRY_get_object(ne);
-
-		if (msie_hack)
-			{
-			/* assume all type should be strings */
-			nid=OBJ_obj2nid(ne->object);
-
-			if (str->type == V_ASN1_UNIVERSALSTRING)
-				ASN1_UNIVERSALSTRING_to_string(str);
-
-			if ((str->type == V_ASN1_IA5STRING) &&
-				(nid != NID_pkcs9_emailAddress))
-				str->type=V_ASN1_T61STRING;
-
-			if ((nid == NID_pkcs9_emailAddress) &&
-				(str->type == V_ASN1_PRINTABLESTRING))
-				str->type=V_ASN1_IA5STRING;
-			}
-
-		/* If no EMAIL is wanted in the subject */
-		if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
-			continue;
-
-		/* check some things */
-		if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
-			(str->type != V_ASN1_IA5STRING))
-			{
-			BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
-			goto err;
-			}
-		if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING))
-			{
-			j=ASN1_PRINTABLE_type(str->data,str->length);
-			if (	((j == V_ASN1_T61STRING) &&
-				 (str->type != V_ASN1_T61STRING)) ||
-				((j == V_ASN1_IA5STRING) &&
-				 (str->type == V_ASN1_PRINTABLESTRING)))
-				{
-				BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
-				goto err;
-				}
-			}
-
-		if (default_op)
-			old_entry_print(bio_err, obj, str);
-		}
-
-	/* Ok, now we check the 'policy' stuff. */
-	if ((subject=X509_NAME_new()) == NULL)
-		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
-		goto err;
-		}
-
-	/* take a copy of the issuer name before we mess with it. */
-	if (selfsign)
-		CAname=X509_NAME_dup(name);
-	else
-		CAname=X509_NAME_dup(x509->cert_info->subject);
-	if (CAname == NULL) goto err;
-	str=str2=NULL;
-
-	for (i=0; i<sk_CONF_VALUE_num(policy); i++)
-		{
-		cv=sk_CONF_VALUE_value(policy,i); /* get the object id */
-		if ((j=OBJ_txt2nid(cv->name)) == NID_undef)
-			{
-			BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
-			goto err;
-			}
-		obj=OBJ_nid2obj(j);
-
-		last= -1;
-		for (;;)
-			{
-			/* lookup the object in the supplied name list */
-			j=X509_NAME_get_index_by_OBJ(name,obj,last);
-			if (j < 0)
-				{
-				if (last != -1) break;
-				tne=NULL;
-				}
-			else
-				{
-				tne=X509_NAME_get_entry(name,j);
-				}
-			last=j;
-
-			/* depending on the 'policy', decide what to do. */
-			push=NULL;
-			if (strcmp(cv->value,"optional") == 0)
-				{
-				if (tne != NULL)
-					push=tne;
-				}
-			else if (strcmp(cv->value,"supplied") == 0)
-				{
-				if (tne == NULL)
-					{
-					BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name);
-					goto err;
-					}
-				else
-					push=tne;
-				}
-			else if (strcmp(cv->value,"match") == 0)
-				{
-				int last2;
-
-				if (tne == NULL)
-					{
-					BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name);
-					goto err;
-					}
-
-				last2= -1;
-
-again2:
-				j=X509_NAME_get_index_by_OBJ(CAname,obj,last2);
-				if ((j < 0) && (last2 == -1))
-					{
-					BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name);
-					goto err;
-					}
-				if (j >= 0)
-					{
-					push=X509_NAME_get_entry(CAname,j);
-					str=X509_NAME_ENTRY_get_data(tne);
-					str2=X509_NAME_ENTRY_get_data(push);
-					last2=j;
-					if (ASN1_STRING_cmp(str,str2) != 0)
-						goto again2;
-					}
-				if (j < 0)
-					{
-					BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data));
-					goto err;
-					}
-				}
-			else
-				{
-				BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value);
-				goto err;
-				}
-
-			if (push != NULL)
-				{
-				if (!X509_NAME_add_entry(subject,push, -1, 0))
-					{
-					if (push != NULL)
-						X509_NAME_ENTRY_free(push);
-					BIO_printf(bio_err,"Memory allocation failure\n");
-					goto err;
-					}
-				}
-			if (j < 0) break;
-			}
-		}
-
-	if (preserve)
-		{
-		X509_NAME_free(subject);
-		/* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
-		subject=X509_NAME_dup(name);
-		if (subject == NULL) goto err;
-		}
-
-	if (verbose)
-		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
-
-	/* Build the correct Subject if no e-mail is wanted in the subject */
-	/* and add it later on because of the method extensions are added (altName) */
-	 
-	if (email_dn)
-		dn_subject = subject;
-	else
-		{
-		X509_NAME_ENTRY *tmpne;
-		/* Its best to dup the subject DN and then delete any email
-		 * addresses because this retains its structure.
-		 */
-		if (!(dn_subject = X509_NAME_dup(subject)))
-			{
-			BIO_printf(bio_err,"Memory allocation failure\n");
-			goto err;
-			}
-		while((i = X509_NAME_get_index_by_NID(dn_subject,
-					NID_pkcs9_emailAddress, -1)) >= 0)
-			{
-			tmpne = X509_NAME_get_entry(dn_subject, i);
-			X509_NAME_delete_entry(dn_subject, i);
-			X509_NAME_ENTRY_free(tmpne);
-			}
-		}
-
-	if (BN_is_zero(serial))
-		row[DB_serial]=BUF_strdup("00");
-	else
-		row[DB_serial]=BN_bn2hex(serial);
-	if (row[DB_serial] == NULL)
-		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
-		goto err;
-		}
-
-	if (db->attributes.unique_subject)
-		{
-		OPENSSL_STRING *crow=row;
-
-		rrow=TXT_DB_get_by_index(db->db,DB_name,crow);
-		if (rrow != NULL)
-			{
-			BIO_printf(bio_err,
-				"ERROR:There is already a certificate for %s\n",
-				row[DB_name]);
-			}
-		}
-	if (rrow == NULL)
-		{
-		rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
-		if (rrow != NULL)
-			{
-			BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
-				row[DB_serial]);
-			BIO_printf(bio_err,"      check the database/serial_file for corruption\n");
-			}
-		}
-
-	if (rrow != NULL)
-		{
-		BIO_printf(bio_err,
-			"The matching entry has the following details\n");
-		if (rrow[DB_type][0] == 'E')
-			p="Expired";
-		else if (rrow[DB_type][0] == 'R')
-			p="Revoked";
-		else if (rrow[DB_type][0] == 'V')
-			p="Valid";
-		else
-			p="\ninvalid type, Data base error\n";
-		BIO_printf(bio_err,"Type	  :%s\n",p);;
-		if (rrow[DB_type][0] == 'R')
-			{
-			p=rrow[DB_exp_date]; if (p == NULL) p="undef";
-			BIO_printf(bio_err,"Was revoked on:%s\n",p);
-			}
-		p=rrow[DB_exp_date]; if (p == NULL) p="undef";
-		BIO_printf(bio_err,"Expires on    :%s\n",p);
-		p=rrow[DB_serial]; if (p == NULL) p="undef";
-		BIO_printf(bio_err,"Serial Number :%s\n",p);
-		p=rrow[DB_file]; if (p == NULL) p="undef";
-		BIO_printf(bio_err,"File name     :%s\n",p);
-		p=rrow[DB_name]; if (p == NULL) p="undef";
-		BIO_printf(bio_err,"Subject Name  :%s\n",p);
-		ok= -1; /* This is now a 'bad' error. */
-		goto err;
-		}
-
-	/* We are now totally happy, lets make and sign the certificate */
-	if (verbose)
-		BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
-
-	if ((ret=X509_new()) == NULL) goto err;
-	ci=ret->cert_info;
-
-#ifdef X509_V3
-	/* Make it an X509 v3 certificate. */
-	if (!X509_set_version(ret,2)) goto err;
-#endif
-
-	if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)
-		goto err;
-	if (selfsign)
-		{
-		if (!X509_set_issuer_name(ret,subject))
-			goto err;
-		}
-	else
-		{
-		if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
-			goto err;
-		}
-
-	if (strcmp(startdate,"today") == 0)
-		X509_gmtime_adj(X509_get_notBefore(ret),0);
-	else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate);
-
-	if (enddate == NULL)
-		X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
-	else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
-
-	if (!X509_set_subject_name(ret,subject)) goto err;
-
-	pktmp=X509_REQ_get_pubkey(req);
-	i = X509_set_pubkey(ret,pktmp);
-	EVP_PKEY_free(pktmp);
-	if (!i) goto err;
-
-	/* Lets add the extensions, if there are any */
-	if (ext_sect)
-		{
-		X509V3_CTX ctx;
-		if (ci->version == NULL)
-			if ((ci->version=ASN1_INTEGER_new()) == NULL)
-				goto err;
-		ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
-
-		/* Free the current entries if any, there should not
-		 * be any I believe */
-		if (ci->extensions != NULL)
-			sk_X509_EXTENSION_pop_free(ci->extensions,
-						   X509_EXTENSION_free);
-
-		ci->extensions = NULL;
-
-		/* Initialize the context structure */
-		if (selfsign)
-			X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0);
-		else
-			X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
-
-		if (extconf)
-			{
-			if (verbose)
-				BIO_printf(bio_err, "Extra configuration file found\n");
- 
-			/* Use the extconf configuration db LHASH */
-			X509V3_set_nconf(&ctx, extconf);
- 
-			/* Test the structure (needed?) */
-			/* X509V3_set_ctx_test(&ctx); */
-
-			/* Adds exts contained in the configuration file */
-			if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
-				{
-				BIO_printf(bio_err,
-				    "ERROR: adding extensions in section %s\n",
-								ext_sect);
-				ERR_print_errors(bio_err);
-				goto err;
-				}
-			if (verbose)
-				BIO_printf(bio_err, "Successfully added extensions from file.\n");
-			}
-		else if (ext_sect)
-			{
-			/* We found extensions to be set from config file */
-			X509V3_set_nconf(&ctx, lconf);
-
-			if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
-				{
-				BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
-				ERR_print_errors(bio_err);
-				goto err;
-				}
-
-			if (verbose) 
-				BIO_printf(bio_err, "Successfully added extensions from config\n");
-			}
-		}
-
-	/* Copy extensions from request (if any) */
-
-	if (!copy_extensions(ret, req, ext_copy))
-		{
-		BIO_printf(bio_err, "ERROR: adding extensions from request\n");
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	/* Set the right value for the noemailDN option */
-	if( email_dn == 0 )
-		{
-		if (!X509_set_subject_name(ret,dn_subject)) goto err;
-		}
-
-	if (!default_op)
-		{
-		BIO_printf(bio_err, "Certificate Details:\n");
-		/* Never print signature details because signature not present */
-		certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
-		X509_print_ex(bio_err, ret, nameopt, certopt); 
-		}
-
-	BIO_printf(bio_err,"Certificate is to be certified until ");
-	ASN1_TIME_print(bio_err,X509_get_notAfter(ret));
-	if (days) BIO_printf(bio_err," (%ld days)",days);
-	BIO_printf(bio_err, "\n");
-
-	if (!batch)
-		{
-
-		BIO_printf(bio_err,"Sign the certificate? [y/n]:");
-		(void)BIO_flush(bio_err);
-		buf[0]='\0';
-		if (!fgets(buf,sizeof(buf)-1,stdin))
-			{
-			BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
-			ok=0;
-			goto err;
-			}
-		if (!((buf[0] == 'y') || (buf[0] == 'Y')))
-			{
-			BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");
-			ok=0;
-			goto err;
-			}
-		}
-
-	pktmp=X509_get_pubkey(ret);
-	if (EVP_PKEY_missing_parameters(pktmp) &&
-		!EVP_PKEY_missing_parameters(pkey))
-		EVP_PKEY_copy_parameters(pktmp,pkey);
-	EVP_PKEY_free(pktmp);
-
-	if (!do_X509_sign(bio_err, ret,pkey,dgst, sigopts))
-		goto err;
-
-	/* We now just add it to the database */
-	row[DB_type]=(char *)OPENSSL_malloc(2);
-
-	tm=X509_get_notAfter(ret);
-	row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
-	memcpy(row[DB_exp_date],tm->data,tm->length);
-	row[DB_exp_date][tm->length]='\0';
-
-	row[DB_rev_date]=NULL;
-
-	/* row[DB_serial] done already */
-	row[DB_file]=(char *)OPENSSL_malloc(8);
-	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
-
-	if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
-		(row[DB_file] == NULL) || (row[DB_name] == NULL))
-		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
-		goto err;
-		}
-	BUF_strlcpy(row[DB_file],"unknown",8);
-	row[DB_type][0]='V';
-	row[DB_type][1]='\0';
-
-	if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
-		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
-		goto err;
-		}
-
-	for (i=0; i<DB_NUMBER; i++)
-		{
-		irow[i]=row[i];
-		row[i]=NULL;
-		}
-	irow[DB_NUMBER]=NULL;
-
-	if (!TXT_DB_insert(db->db,irow))
-		{
-		BIO_printf(bio_err,"failed to update database\n");
-		BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
-		goto err;
-		}
-	ok=1;
-err:
-	for (i=0; i<DB_NUMBER; i++)
-		if (row[i] != NULL) OPENSSL_free(row[i]);
-
-	if (CAname != NULL)
-		X509_NAME_free(CAname);
-	if (subject != NULL)
-		X509_NAME_free(subject);
-	if ((dn_subject != NULL) && !email_dn)
-		X509_NAME_free(dn_subject);
-	if (tmptm != NULL)
-		ASN1_UTCTIME_free(tmptm);
-	if (ok <= 0)
-		{
-		if (ret != NULL) X509_free(ret);
-		ret=NULL;
-		}
-	else
-		*xret=ret;
-	return(ok);
-	}
-
-static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
-	{
-
-	if (output_der)
-		{
-		(void)i2d_X509_bio(bp,x);
-		return;
-		}
-#if 0
-	/* ??? Not needed since X509_print prints all this stuff anyway */
-	f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
-	BIO_printf(bp,"issuer :%s\n",f);
-
-	f=X509_NAME_oneline(X509_get_subject_name(x),buf,256);
-	BIO_printf(bp,"subject:%s\n",f);
-
-	BIO_puts(bp,"serial :");
-	i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
-	BIO_puts(bp,"\n\n");
-#endif
-	if (!notext)X509_print(bp,x);
-	PEM_write_bio_X509(bp,x);
-	}
-
-static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-	     const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
-	     STACK_OF(CONF_VALUE) *policy, CA_DB *db,
-	     BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
-	     long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
-	     unsigned long nameopt, int default_op, int ext_copy)
-	{
-	STACK_OF(CONF_VALUE) *sk=NULL;
-	LHASH_OF(CONF_VALUE) *parms=NULL;
-	X509_REQ *req=NULL;
-	CONF_VALUE *cv=NULL;
-	NETSCAPE_SPKI *spki = NULL;
-	X509_REQ_INFO *ri;
-	char *type,*buf;
-	EVP_PKEY *pktmp=NULL;
-	X509_NAME *n=NULL;
-	X509_NAME_ENTRY *ne=NULL;
-	int ok= -1,i,j;
-	long errline;
-	int nid;
-
-	/*
-	 * Load input file into a hash table.  (This is just an easy
-	 * way to read and parse the file, then put it into a convenient
-	 * STACK format).
-	 */
-	parms=CONF_load(NULL,infile,&errline);
-	if (parms == NULL)
-		{
-		BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile);
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	sk=CONF_get_section(parms, "default");
-	if (sk_CONF_VALUE_num(sk) == 0)
-		{
-		BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
-		CONF_free(parms);
-		goto err;
-		}
-
-	/*
-	 * Now create a dummy X509 request structure.  We don't actually
-	 * have an X509 request, but we have many of the components
-	 * (a public key, various DN components).  The idea is that we
-	 * put these components into the right X509 request structure
-	 * and we can use the same code as if you had a real X509 request.
-	 */
-	req=X509_REQ_new();
-	if (req == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	/*
-	 * Build up the subject name set.
-	 */
-	ri=req->req_info;
-	n = ri->subject;
-
-	for (i = 0; ; i++)
-		{
-		if (sk_CONF_VALUE_num(sk) <= i) break;
-
-		cv=sk_CONF_VALUE_value(sk,i);
-		type=cv->name;
-		/* Skip past any leading X. X: X, etc to allow for
-		 * multiple instances
-		 */
-		for (buf = cv->name; *buf ; buf++)
-			if ((*buf == ':') || (*buf == ',') || (*buf == '.'))
-				{
-				buf++;
-				if (*buf) type = buf;
-				break;
-				}
-
-		buf=cv->value;
-		if ((nid=OBJ_txt2nid(type)) == NID_undef)
-			{
-			if (strcmp(type, "SPKAC") == 0)
-				{
-				spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
-				if (spki == NULL)
-					{
-					BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n");
-					ERR_print_errors(bio_err);
-					goto err;
-					}
-				}
-			continue;
-			}
-
-		if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
-				(unsigned char *)buf, -1, -1, 0))
-			goto err;
-		}
-	if (spki == NULL)
-		{
-		BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n",
-			infile);
-		goto err;
-		}
-
-	/*
-	 * Now extract the key from the SPKI structure.
-	 */
-
-	BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n");
-
-	if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL)
-		{
-		BIO_printf(bio_err,"error unpacking SPKAC public key\n");
-		goto err;
-		}
-
-	j = NETSCAPE_SPKI_verify(spki, pktmp);
-	if (j <= 0)
-		{
-		BIO_printf(bio_err,"signature verification failed on SPKAC public key\n");
-		goto err;
-		}
-	BIO_printf(bio_err,"Signature ok\n");
-
-	X509_REQ_set_pubkey(req,pktmp);
-	EVP_PKEY_free(pktmp);
-	ok=do_body(xret,pkey,x509,dgst,sigopts,policy,db,serial,subj,chtype,
-		   multirdn,email_dn,startdate,enddate, days,1,verbose,req,
-		   ext_sect,lconf, certopt, nameopt, default_op, ext_copy, 0);
-err:
-	if (req != NULL) X509_REQ_free(req);
-	if (parms != NULL) CONF_free(parms);
-	if (spki != NULL) NETSCAPE_SPKI_free(spki);
-	if (ne != NULL) X509_NAME_ENTRY_free(ne);
-
-	return(ok);
-	}
-
-static int check_time_format(const char *str)
-	{
-	return ASN1_TIME_set_string(NULL, str);
-	}
-
-static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
-	{
-	ASN1_UTCTIME *tm=NULL;
-	char *row[DB_NUMBER],**rrow,**irow;
-	char *rev_str = NULL;
-	BIGNUM *bn = NULL;
-	int ok=-1,i;
-
-	for (i=0; i<DB_NUMBER; i++)
-		row[i]=NULL;
-	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
-	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
-	if (!bn)
-		goto err;
-	if (BN_is_zero(bn))
-		row[DB_serial]=BUF_strdup("00");
-	else
-		row[DB_serial]=BN_bn2hex(bn);
-	BN_free(bn);
-	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
-		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
-		goto err;
-		}
-	/* We have to lookup by serial number because name lookup
-	 * skips revoked certs
- 	 */
-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
-	if (rrow == NULL)
-		{
-		BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
-
-		/* We now just add it to the database */
-		row[DB_type]=(char *)OPENSSL_malloc(2);
-
-		tm=X509_get_notAfter(x509);
-		row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
-		memcpy(row[DB_exp_date],tm->data,tm->length);
-		row[DB_exp_date][tm->length]='\0';
-
-		row[DB_rev_date]=NULL;
-
-		/* row[DB_serial] done already */
-		row[DB_file]=(char *)OPENSSL_malloc(8);
-
-		/* row[DB_name] done already */
-
-		if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
-			(row[DB_file] == NULL))
-			{
-			BIO_printf(bio_err,"Memory allocation failure\n");
-			goto err;
-			}
-		BUF_strlcpy(row[DB_file],"unknown",8);
-		row[DB_type][0]='V';
-		row[DB_type][1]='\0';
-
-		if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
-			{
-			BIO_printf(bio_err,"Memory allocation failure\n");
-			goto err;
-			}
-
-		for (i=0; i<DB_NUMBER; i++)
-			{
-			irow[i]=row[i];
-			row[i]=NULL;
-			}
-		irow[DB_NUMBER]=NULL;
-
-		if (!TXT_DB_insert(db->db,irow))
-			{
-			BIO_printf(bio_err,"failed to update database\n");
-			BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
-			goto err;
-			}
-
-		/* Revoke Certificate */
-		ok = do_revoke(x509,db, type, value);
-
-		goto err;
-
-		}
-	else if (index_name_cmp_noconst(row, rrow))
-		{
-		BIO_printf(bio_err,"ERROR:name does not match %s\n",
-			   row[DB_name]);
-		goto err;
-		}
-	else if (rrow[DB_type][0]=='R')
-		{
-		BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
-			   row[DB_serial]);
-		goto err;
-		}
-	else
-		{
-		BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
-		rev_str = make_revocation_str(type, value);
-		if (!rev_str)
-			{
-			BIO_printf(bio_err, "Error in revocation arguments\n");
-			goto err;
-			}
-		rrow[DB_type][0]='R';
-		rrow[DB_type][1]='\0';
-		rrow[DB_rev_date] = rev_str;
-		}
-	ok=1;
-err:
-	for (i=0; i<DB_NUMBER; i++)
-		{
-		if (row[i] != NULL) 
-			OPENSSL_free(row[i]);
-		}
-	return(ok);
-	}
-
-static int get_certificate_status(const char *serial, CA_DB *db)
-	{
-	char *row[DB_NUMBER],**rrow;
-	int ok=-1,i;
-
-	/* Free Resources */
-	for (i=0; i<DB_NUMBER; i++)
-		row[i]=NULL;
-
-	/* Malloc needed char spaces */
-	row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2);
-	if (row[DB_serial] == NULL)
-		{
-		BIO_printf(bio_err,"Malloc failure\n");
-		goto err;
-		}
-
-	if (strlen(serial) % 2)
-		{
-		/* Set the first char to 0 */;
-		row[DB_serial][0]='0';
-
-		/* Copy String from serial to row[DB_serial] */
-		memcpy(row[DB_serial]+1, serial, strlen(serial));
-		row[DB_serial][strlen(serial)+1]='\0';
-		}
-	else
-		{
-		/* Copy String from serial to row[DB_serial] */
-		memcpy(row[DB_serial], serial, strlen(serial));
-		row[DB_serial][strlen(serial)]='\0';
-		}
-			
-	/* Make it Upper Case */
-	for (i=0; row[DB_serial][i] != '\0'; i++)
-		row[DB_serial][i] = toupper((unsigned char)row[DB_serial][i]);
-	
-
-	ok=1;
-
-	/* Search for the certificate */
-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
-	if (rrow == NULL)
-		{
-		BIO_printf(bio_err,"Serial %s not present in db.\n",
-				 row[DB_serial]);
-		ok=-1;
-		goto err;
-		}
-	else if (rrow[DB_type][0]=='V')
-		{
-		BIO_printf(bio_err,"%s=Valid (%c)\n",
-			row[DB_serial], rrow[DB_type][0]);
-		goto err;
-		}
-	else if (rrow[DB_type][0]=='R')
-		{
-		BIO_printf(bio_err,"%s=Revoked (%c)\n",
-			row[DB_serial], rrow[DB_type][0]);
-		goto err;
-		}
-	else if (rrow[DB_type][0]=='E')
-		{
-		BIO_printf(bio_err,"%s=Expired (%c)\n",
-			row[DB_serial], rrow[DB_type][0]);
-		goto err;
-		}
-	else if (rrow[DB_type][0]=='S')
-		{
-		BIO_printf(bio_err,"%s=Suspended (%c)\n",
-			row[DB_serial], rrow[DB_type][0]);
-		goto err;
-		}
-	else
-		{
-		BIO_printf(bio_err,"%s=Unknown (%c).\n",
-			row[DB_serial], rrow[DB_type][0]);
-		ok=-1;
-		}
-err:
-	for (i=0; i<DB_NUMBER; i++)
-		{
-		if (row[i] != NULL)
-			OPENSSL_free(row[i]);
-		}
-	return(ok);
-	}
-
-static int do_updatedb (CA_DB *db)
-	{
-	ASN1_UTCTIME	*a_tm = NULL;
-	int i, cnt = 0;
-	int db_y2k, a_y2k;  /* flags = 1 if y >= 2000 */ 
-	char **rrow, *a_tm_s;
-
-	a_tm = ASN1_UTCTIME_new();
-
-	/* get actual time and make a string */
-	a_tm = X509_gmtime_adj(a_tm, 0);
-	a_tm_s = (char *) OPENSSL_malloc(a_tm->length+1);
-	if (a_tm_s == NULL)
-		{
-		cnt = -1;
-		goto err;
-		}
-
-	memcpy(a_tm_s, a_tm->data, a_tm->length);
-	a_tm_s[a_tm->length] = '\0';
-
-	if (strncmp(a_tm_s, "49", 2) <= 0)
-		a_y2k = 1;
-	else
-		a_y2k = 0;
-
-	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
-		{
-		rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
-
-		if (rrow[DB_type][0] == 'V')
-		 	{
-			/* ignore entries that are not valid */
-			if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
-				db_y2k = 1;
-			else
-				db_y2k = 0;
-
-			if (db_y2k == a_y2k)
-				{
-				/* all on the same y2k side */
-				if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0)
-				       	{
-				       	rrow[DB_type][0]  = 'E';
-				       	rrow[DB_type][1]  = '\0';
-	  				cnt++;
-
-					BIO_printf(bio_err, "%s=Expired\n",
-							rrow[DB_serial]);
-					}
-				}
-			else if (db_y2k < a_y2k)
-				{
-		  		rrow[DB_type][0]  = 'E';
-		  		rrow[DB_type][1]  = '\0';
-	  			cnt++;
-
-				BIO_printf(bio_err, "%s=Expired\n",
-							rrow[DB_serial]);
-				}
-
-			}
-    		}
-
-err:
-
-	ASN1_UTCTIME_free(a_tm);
-	OPENSSL_free(a_tm_s);
-
-	return (cnt);
-	}
-
-static const char *crl_reasons[] = {
-	/* CRL reason strings */
-	"unspecified",
-	"keyCompromise",
-	"CACompromise",
-	"affiliationChanged",
-	"superseded", 
-	"cessationOfOperation",
-	"certificateHold",
-	"removeFromCRL",
-	/* Additional pseudo reasons */
-	"holdInstruction",
-	"keyTime",
-	"CAkeyTime"
-};
-
-#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *))
-
-/* Given revocation information convert to a DB string.
- * The format of the string is:
- * revtime[,reason,extra]. Where 'revtime' is the
- * revocation time (the current time). 'reason' is the
- * optional CRL reason and 'extra' is any additional
- * argument
- */
-
-char *make_revocation_str(int rev_type, char *rev_arg)
-	{
-	char *other = NULL, *str;
-	const char *reason = NULL;
-	ASN1_OBJECT *otmp;
-	ASN1_UTCTIME *revtm = NULL;
-	int i;
-	switch (rev_type)
-		{
-	case REV_NONE:
-		break;
-
-	case REV_CRL_REASON:
-		for (i = 0; i < 8; i++)
-			{
-			if (!strcasecmp(rev_arg, crl_reasons[i]))
-				{
-				reason = crl_reasons[i];
-				break;
-				}
-			}
-		if (reason == NULL)
-			{
-			BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);
-			return NULL;
-			}
-		break;
-
-	case REV_HOLD:
-		/* Argument is an OID */
-
-		otmp = OBJ_txt2obj(rev_arg, 0);
-		ASN1_OBJECT_free(otmp);
-
-		if (otmp == NULL)
-			{
-			BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
-			return NULL;
-			}
-
-		reason = "holdInstruction";
-		other = rev_arg;
-		break;
-		
-	case REV_KEY_COMPROMISE:
-	case REV_CA_COMPROMISE:
-
-		/* Argument is the key compromise time  */
-		if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg))
-			{	
-			BIO_printf(bio_err, "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", rev_arg);
-			return NULL;
-			}
-		other = rev_arg;
-		if (rev_type == REV_KEY_COMPROMISE)
-			reason = "keyTime";
-		else 
-			reason = "CAkeyTime";
-
-		break;
-
-		}
-
-	revtm = X509_gmtime_adj(NULL, 0);
-
-	if (!revtm)
-		return NULL;
-
-	i = revtm->length + 1;
-
-	if (reason) i += strlen(reason) + 1;
-	if (other) i += strlen(other) + 1;
-
-	str = OPENSSL_malloc(i);
-
-	if (!str) return NULL;
-
-	BUF_strlcpy(str, (char *)revtm->data, i);
-	if (reason)
-		{
-		BUF_strlcat(str, ",", i);
-		BUF_strlcat(str, reason, i);
-		}
-	if (other)
-		{
-		BUF_strlcat(str, ",", i);
-		BUF_strlcat(str, other, i);
-		}
-	ASN1_UTCTIME_free(revtm);
-	return str;
-	}
-
-/* Convert revocation field to X509_REVOKED entry 
- * return code:
- * 0 error
- * 1 OK
- * 2 OK and some extensions added (i.e. V2 CRL)
- */
-
-
-int make_revoked(X509_REVOKED *rev, const char *str)
-	{
-	char *tmp = NULL;
-	int reason_code = -1;
-	int i, ret = 0;
-	ASN1_OBJECT *hold = NULL;
-	ASN1_GENERALIZEDTIME *comp_time = NULL;
-	ASN1_ENUMERATED *rtmp = NULL;
-
-	ASN1_TIME *revDate = NULL;
-
-	i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
-
-	if (i == 0)
-		goto err;
-
-	if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
-		goto err;
-
-	if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS))
-		{
-		rtmp = ASN1_ENUMERATED_new();
-		if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
-			goto err;
-		if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
-			goto err;
-		}
-
-	if (rev && comp_time)
-		{
-		if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0))
-			goto err;
-		}
-	if (rev && hold)
-		{
-		if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0))
-			goto err;
-		}
-
-	if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
-		ret = 2;
-	else ret = 1;
-
-	err:
-
-	if (tmp) OPENSSL_free(tmp);
-	ASN1_OBJECT_free(hold);
-	ASN1_GENERALIZEDTIME_free(comp_time);
-	ASN1_ENUMERATED_free(rtmp);
-	ASN1_TIME_free(revDate);
-
-	return ret;
-	}
-
-int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
-	{
-	char buf[25],*pbuf, *p;
-	int j;
-	j=i2a_ASN1_OBJECT(bp,obj);
-	pbuf=buf;
-	for (j=22-j; j>0; j--)
-		*(pbuf++)=' ';
-	*(pbuf++)=':';
-	*(pbuf++)='\0';
-	BIO_puts(bp,buf);
-
-	if (str->type == V_ASN1_PRINTABLESTRING)
-		BIO_printf(bp,"PRINTABLE:'");
-	else if (str->type == V_ASN1_T61STRING)
-		BIO_printf(bp,"T61STRING:'");
-	else if (str->type == V_ASN1_IA5STRING)
-		BIO_printf(bp,"IA5STRING:'");
-	else if (str->type == V_ASN1_UNIVERSALSTRING)
-		BIO_printf(bp,"UNIVERSALSTRING:'");
-	else
-		BIO_printf(bp,"ASN.1 %2d:'",str->type);
-			
-	p=(char *)str->data;
-	for (j=str->length; j>0; j--)
-		{
-		if ((*p >= ' ') && (*p <= '~'))
-			BIO_printf(bp,"%c",*p);
-		else if (*p & 0x80)
-			BIO_printf(bp,"\\0x%02X",*p);
-		else if ((unsigned char)*p == 0xf7)
-			BIO_printf(bp,"^?");
-		else	BIO_printf(bp,"^%c",*p+'@');
-		p++;
-		}
-	BIO_printf(bp,"'\n");
-	return 1;
-	}
-
-int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str)
-	{
-	char *tmp = NULL;
-	char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
-	int reason_code = -1;
-	int ret = 0;
-	unsigned int i;
-	ASN1_OBJECT *hold = NULL;
-	ASN1_GENERALIZEDTIME *comp_time = NULL;
-	tmp = BUF_strdup(str);
-
-	p = strchr(tmp, ',');
-
-	rtime_str = tmp;
-
-	if (p)
-		{
-		*p = '\0';
-		p++;
-		reason_str = p;
-		p = strchr(p, ',');
-		if (p)
-			{
-			*p = '\0';
-			arg_str = p + 1;
-			}
-		}
-
-	if (prevtm)
-		{
-		*prevtm = ASN1_UTCTIME_new();
-		if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str))
-			{
-			BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
-			goto err;
-			}
-		}
-	if (reason_str)
-		{
-		for (i = 0; i < NUM_REASONS; i++)
-			{
-			if(!strcasecmp(reason_str, crl_reasons[i]))
-				{
-				reason_code = i;
-				break;
-				}
-			}
-		if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS)
-			{
-			BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
-			goto err;
-			}
-
-		if (reason_code == 7)
-			reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
-		else if (reason_code == 8)		/* Hold instruction */
-			{
-			if (!arg_str)
-				{	
-				BIO_printf(bio_err, "missing hold instruction\n");
-				goto err;
-				}
-			reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
-			hold = OBJ_txt2obj(arg_str, 0);
-
-			if (!hold)
-				{
-				BIO_printf(bio_err, "invalid object identifier %s\n", arg_str);
-				goto err;
-				}
-			if (phold) *phold = hold;
-			}
-		else if ((reason_code == 9) || (reason_code == 10))
-			{
-			if (!arg_str)
-				{	
-				BIO_printf(bio_err, "missing compromised time\n");
-				goto err;
-				}
-			comp_time = ASN1_GENERALIZEDTIME_new();
-			if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str))
-				{	
-				BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
-				goto err;
-				}
-			if (reason_code == 9)
-				reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
-			else
-				reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
-			}
-		}
-
-	if (preason) *preason = reason_code;
-	if (pinvtm) *pinvtm = comp_time;
-	else ASN1_GENERALIZEDTIME_free(comp_time);
-
-	ret = 1;
-
-	err:
-
-	if (tmp) OPENSSL_free(tmp);
-	if (!phold) ASN1_OBJECT_free(hold);
-	if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time);
-
-	return ret;
-	}
diff --git a/apps/cert.pem b/apps/cert.pem
deleted file mode 100644
index de4a77ac6d..0000000000
--- a/apps/cert.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
-VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
-Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
-YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
-DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
-tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
-sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
-19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
------END CERTIFICATE-----
diff --git a/apps/ciphers.c b/apps/ciphers.c
deleted file mode 100644
index 93dce1c40b..0000000000
--- a/apps/ciphers.c
+++ /dev/null
@@ -1,225 +0,0 @@
-/* apps/ciphers.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG	ciphers_main
-
-static const char *ciphers_usage[]={
-"usage: ciphers args\n",
-" -v          - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
-" -V          - even more verbose\n",
-" -ssl2       - SSL2 mode\n",
-" -ssl3       - SSL3 mode\n",
-" -tls1       - TLS1 mode\n",
-NULL
-};
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	int ret=1,i;
-	int verbose=0,Verbose=0;
-	const char **pp;
-	const char *p;
-	int badops=0;
-	SSL_CTX *ctx=NULL;
-	SSL *ssl=NULL;
-	char *ciphers=NULL;
-	const SSL_METHOD *meth=NULL;
-	STACK_OF(SSL_CIPHER) *sk;
-	char buf[512];
-	BIO *STDout=NULL;
-
-	meth=SSLv23_server_method();
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	STDout = BIO_push(tmpbio, STDout);
-	}
-#endif
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if (strcmp(*argv,"-v") == 0)
-			verbose=1;
-		else if (strcmp(*argv,"-V") == 0)
-			verbose=Verbose=1;
-#ifndef OPENSSL_NO_SSL2
-		else if (strcmp(*argv,"-ssl2") == 0)
-			meth=SSLv2_client_method();
-#endif
-#ifndef OPENSSL_NO_SSL3
-		else if (strcmp(*argv,"-ssl3") == 0)
-			meth=SSLv3_client_method();
-#endif
-#ifndef OPENSSL_NO_TLS1
-		else if (strcmp(*argv,"-tls1") == 0)
-			meth=TLSv1_client_method();
-#endif
-		else if ((strncmp(*argv,"-h",2) == 0) ||
-			 (strcmp(*argv,"-?") == 0))
-			{
-			badops=1;
-			break;
-			}
-		else
-			{
-			ciphers= *argv;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-		for (pp=ciphers_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
-		goto end;
-		}
-
-	OpenSSL_add_ssl_algorithms();
-
-	ctx=SSL_CTX_new(meth);
-	if (ctx == NULL) goto err;
-	if (ciphers != NULL) {
-		if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
-			BIO_printf(bio_err, "Error in cipher list\n");
-			goto err;
-		}
-	}
-	ssl=SSL_new(ctx);
-	if (ssl == NULL) goto err;
-
-
-	if (!verbose)
-		{
-		for (i=0; ; i++)
-			{
-			p=SSL_get_cipher_list(ssl,i);
-			if (p == NULL) break;
-			if (i != 0) BIO_printf(STDout,":");
-			BIO_printf(STDout,"%s",p);
-			}
-		BIO_printf(STDout,"\n");
-		}
-	else /* verbose */
-		{
-		sk=SSL_get_ciphers(ssl);
-
-		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
-			{
-			SSL_CIPHER *c;
-
-			c = sk_SSL_CIPHER_value(sk,i);
-			
-			if (Verbose)
-				{
-				unsigned long id = SSL_CIPHER_get_id(c);
-				int id0 = (int)(id >> 24);
-				int id1 = (int)((id >> 16) & 0xffL);
-				int id2 = (int)((id >> 8) & 0xffL);
-				int id3 = (int)(id & 0xffL);
-				
-				if ((id & 0xff000000L) == 0x02000000L)
-					BIO_printf(STDout, "     0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
-				else if ((id & 0xff000000L) == 0x03000000L)
-					BIO_printf(STDout, "          0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
-				else
-					BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
-				}
-
-			BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf));
-			}
-		}
-
-	ret=0;
-	if (0)
-		{
-err:
-		SSL_load_error_strings();
-		ERR_print_errors(bio_err);
-		}
-end:
-	if (ctx != NULL) SSL_CTX_free(ctx);
-	if (ssl != NULL) SSL_free(ssl);
-	if (STDout != NULL) BIO_free_all(STDout);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
diff --git a/apps/client.pem b/apps/client.pem
deleted file mode 100644
index e7a47a73f3..0000000000
--- a/apps/client.pem
+++ /dev/null
@@ -1,52 +0,0 @@
-subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
-issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
------BEGIN CERTIFICATE-----
-MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6yMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
-RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
-+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
-lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
-nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
-x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
-bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
-AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
-AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
-BBSZHKyLoTh7Mb409Zn/mK1ceSDAjDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
-hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAD0mL7PtPYgCEuDyOQSbLpeND5hVS
-curxQdGnrJ6Acrhodb7E9ccATokeb0PLx6HBLQUicxhTZIQ9FbO43YkQcOU6C3BB
-IlwskqmtN6+VmrQzNolHCDzvxNZs9lYL2VbGPGqVRyjZeHpoAlf9cQr8PgDb4d4b
-vUx2KAhHQvV2nkmYvKyXcgnRuHggumF87mkxidriGAEFwH4qfOqetUg64WyxP7P2
-QLipm04SyQa7ONtIApfVXgHcE42Py4/f4arzCzMjKe3VyhGkS7nsT55X/fWgTaRm
-CQPkO+H94P958WTvQDt77bQ+D3IvYaVvfil8n6HJMOJfFT0LJuSUbpSXJg==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
-wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
-agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
-mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
-MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
-HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
-p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
-KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
-1uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
-L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
-LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
-Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
-/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
-1oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
-1ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
-NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
-zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
-mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
-5SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
-u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
-HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
-tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
-SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
-kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
-1Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
------END RSA PRIVATE KEY-----
diff --git a/apps/cms.c b/apps/cms.c
deleted file mode 100644
index 5f77f8fbb0..0000000000
--- a/apps/cms.c
+++ /dev/null
@@ -1,1397 +0,0 @@
-/* apps/cms.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/* CMS utility function */
-
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-
-#ifndef OPENSSL_NO_CMS
-
-#include <openssl/crypto.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/x509_vfy.h>
-#include <openssl/x509v3.h>
-#include <openssl/cms.h>
-
-#undef PROG
-#define PROG cms_main
-static int save_certs(char *signerfile, STACK_OF(X509) *signers);
-static int cms_cb(int ok, X509_STORE_CTX *ctx);
-static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
-static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
-						int rr_allorfirst,
-					STACK_OF(OPENSSL_STRING) *rr_from);
-
-#define SMIME_OP	0x10
-#define SMIME_IP	0x20
-#define SMIME_SIGNERS	0x40
-#define SMIME_ENCRYPT		(1 | SMIME_OP)
-#define SMIME_DECRYPT		(2 | SMIME_IP)
-#define SMIME_SIGN		(3 | SMIME_OP | SMIME_SIGNERS)
-#define SMIME_VERIFY		(4 | SMIME_IP)
-#define SMIME_CMSOUT		(5 | SMIME_IP | SMIME_OP)
-#define SMIME_RESIGN		(6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
-#define SMIME_DATAOUT		(7 | SMIME_IP)
-#define SMIME_DATA_CREATE	(8 | SMIME_OP)
-#define SMIME_DIGEST_VERIFY	(9 | SMIME_IP)
-#define SMIME_DIGEST_CREATE	(10 | SMIME_OP)
-#define SMIME_UNCOMPRESS	(11 | SMIME_IP)
-#define SMIME_COMPRESS		(12 | SMIME_OP)
-#define SMIME_ENCRYPTED_DECRYPT	(13 | SMIME_IP)
-#define SMIME_ENCRYPTED_ENCRYPT	(14 | SMIME_OP)
-#define SMIME_SIGN_RECEIPT	(15 | SMIME_IP | SMIME_OP)
-#define SMIME_VERIFY_RECEIPT	(16 | SMIME_IP)
-
-int verify_err = 0;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	int operation = 0;
-	int ret = 0;
-	char **args;
-	const char *inmode = "r", *outmode = "w";
-	char *infile = NULL, *outfile = NULL, *rctfile = NULL;
-	char *signerfile = NULL, *recipfile = NULL;
-	STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
-	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
-	char *certsoutfile = NULL;
-	const EVP_CIPHER *cipher = NULL;
-	CMS_ContentInfo *cms = NULL, *rcms = NULL;
-	X509_STORE *store = NULL;
-	X509 *cert = NULL, *recip = NULL, *signer = NULL;
-	EVP_PKEY *key = NULL;
-	STACK_OF(X509) *encerts = NULL, *other = NULL;
-	BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
-	int badarg = 0;
-	int flags = CMS_DETACHED, noout = 0, print = 0;
-	int verify_retcode = 0;
-	int rr_print = 0, rr_allorfirst = -1;
-	STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
-	CMS_ReceiptRequest *rr = NULL;
-	char *to = NULL, *from = NULL, *subject = NULL;
-	char *CAfile = NULL, *CApath = NULL;
-	char *passargin = NULL, *passin = NULL;
-	char *inrand = NULL;
-	int need_rand = 0;
-	const EVP_MD *sign_md = NULL;
-	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
-        int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-	unsigned char *secret_key = NULL, *secret_keyid = NULL;
-	unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
-	size_t secret_keylen = 0, secret_keyidlen = 0;
-
-	ASN1_OBJECT *econtent_type = NULL;
-
-	X509_VERIFY_PARAM *vpm = NULL;
-
-	args = argv + 1;
-	ret = 1;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		{
-		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-		}
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	while (!badarg && *args && *args[0] == '-')
-		{
-		if (!strcmp (*args, "-encrypt"))
-			operation = SMIME_ENCRYPT;
-		else if (!strcmp (*args, "-decrypt"))
-			operation = SMIME_DECRYPT;
-		else if (!strcmp (*args, "-sign"))
-			operation = SMIME_SIGN;
-		else if (!strcmp (*args, "-sign_receipt"))
-			operation = SMIME_SIGN_RECEIPT;
-		else if (!strcmp (*args, "-resign"))
-			operation = SMIME_RESIGN;
-		else if (!strcmp (*args, "-verify"))
-			operation = SMIME_VERIFY;
-		else if (!strcmp (*args, "-verify_retcode"))
-			verify_retcode = 1;
-		else if (!strcmp(*args,"-verify_receipt"))
-			{
-			operation = SMIME_VERIFY_RECEIPT;
-			if (!args[1])
-				goto argerr;
-			args++;
-			rctfile = *args;
-			}
-		else if (!strcmp (*args, "-cmsout"))
-			operation = SMIME_CMSOUT;
-		else if (!strcmp (*args, "-data_out"))
-			operation = SMIME_DATAOUT;
-		else if (!strcmp (*args, "-data_create"))
-			operation = SMIME_DATA_CREATE;
-		else if (!strcmp (*args, "-digest_verify"))
-			operation = SMIME_DIGEST_VERIFY;
-		else if (!strcmp (*args, "-digest_create"))
-			operation = SMIME_DIGEST_CREATE;
-		else if (!strcmp (*args, "-compress"))
-			operation = SMIME_COMPRESS;
-		else if (!strcmp (*args, "-uncompress"))
-			operation = SMIME_UNCOMPRESS;
-		else if (!strcmp (*args, "-EncryptedData_decrypt"))
-			operation = SMIME_ENCRYPTED_DECRYPT;
-		else if (!strcmp (*args, "-EncryptedData_encrypt"))
-			operation = SMIME_ENCRYPTED_ENCRYPT;
-#ifndef OPENSSL_NO_DES
-		else if (!strcmp (*args, "-des3")) 
-				cipher = EVP_des_ede3_cbc();
-		else if (!strcmp (*args, "-des")) 
-				cipher = EVP_des_cbc();
-#endif
-#ifndef OPENSSL_NO_SEED
-		else if (!strcmp (*args, "-seed")) 
-				cipher = EVP_seed_cbc();
-#endif
-#ifndef OPENSSL_NO_RC2
-		else if (!strcmp (*args, "-rc2-40")) 
-				cipher = EVP_rc2_40_cbc();
-		else if (!strcmp (*args, "-rc2-128")) 
-				cipher = EVP_rc2_cbc();
-		else if (!strcmp (*args, "-rc2-64")) 
-				cipher = EVP_rc2_64_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
-		else if (!strcmp(*args,"-aes128"))
-				cipher = EVP_aes_128_cbc();
-		else if (!strcmp(*args,"-aes192"))
-				cipher = EVP_aes_192_cbc();
-		else if (!strcmp(*args,"-aes256"))
-				cipher = EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-		else if (!strcmp(*args,"-camellia128"))
-				cipher = EVP_camellia_128_cbc();
-		else if (!strcmp(*args,"-camellia192"))
-				cipher = EVP_camellia_192_cbc();
-		else if (!strcmp(*args,"-camellia256"))
-				cipher = EVP_camellia_256_cbc();
-#endif
-		else if (!strcmp (*args, "-debug_decrypt")) 
-				flags |= CMS_DEBUG_DECRYPT;
-		else if (!strcmp (*args, "-text")) 
-				flags |= CMS_TEXT;
-		else if (!strcmp (*args, "-nointern")) 
-				flags |= CMS_NOINTERN;
-		else if (!strcmp (*args, "-noverify") 
-			|| !strcmp (*args, "-no_signer_cert_verify")) 
-				flags |= CMS_NO_SIGNER_CERT_VERIFY;
-		else if (!strcmp (*args, "-nocerts")) 
-				flags |= CMS_NOCERTS;
-		else if (!strcmp (*args, "-noattr")) 
-				flags |= CMS_NOATTR;
-		else if (!strcmp (*args, "-nodetach")) 
-				flags &= ~CMS_DETACHED;
-		else if (!strcmp (*args, "-nosmimecap"))
-				flags |= CMS_NOSMIMECAP;
-		else if (!strcmp (*args, "-binary"))
-				flags |= CMS_BINARY;
-		else if (!strcmp (*args, "-keyid"))
-				flags |= CMS_USE_KEYID;
-		else if (!strcmp (*args, "-nosigs"))
-				flags |= CMS_NOSIGS;
-		else if (!strcmp (*args, "-no_content_verify"))
-				flags |= CMS_NO_CONTENT_VERIFY;
-		else if (!strcmp (*args, "-no_attr_verify"))
-				flags |= CMS_NO_ATTR_VERIFY;
-		else if (!strcmp (*args, "-stream"))
-				flags |= CMS_STREAM;
-		else if (!strcmp (*args, "-indef"))
-				flags |= CMS_STREAM;
-		else if (!strcmp (*args, "-noindef"))
-				flags &= ~CMS_STREAM;
-		else if (!strcmp (*args, "-nooldmime"))
-				flags |= CMS_NOOLDMIMETYPE;
-		else if (!strcmp (*args, "-crlfeol"))
-				flags |= CMS_CRLFEOL;
-		else if (!strcmp (*args, "-noout"))
-				noout = 1;
-		else if (!strcmp (*args, "-receipt_request_print"))
-				rr_print = 1;
-		else if (!strcmp (*args, "-receipt_request_all"))
-				rr_allorfirst = 0;
-		else if (!strcmp (*args, "-receipt_request_first"))
-				rr_allorfirst = 1;
-		else if (!strcmp(*args,"-receipt_request_from"))
-			{
-			if (!args[1])
-				goto argerr;
-			args++;
-			if (!rr_from)
-				rr_from = sk_OPENSSL_STRING_new_null();
-			sk_OPENSSL_STRING_push(rr_from, *args);
-			}
-		else if (!strcmp(*args,"-receipt_request_to"))
-			{
-			if (!args[1])
-				goto argerr;
-			args++;
-			if (!rr_to)
-				rr_to = sk_OPENSSL_STRING_new_null();
-			sk_OPENSSL_STRING_push(rr_to, *args);
-			}
-		else if (!strcmp (*args, "-print"))
-				{
-				noout = 1;
-				print = 1;
-				}
-		else if (!strcmp(*args,"-secretkey"))
-			{
-			long ltmp;
-			if (!args[1])
-				goto argerr;
-			args++;
-			secret_key = string_to_hex(*args, &ltmp);
-			if (!secret_key)
-				{
-				BIO_printf(bio_err, "Invalid key %s\n", *args);
-				goto argerr;
-				}
-			secret_keylen = (size_t)ltmp;
-			}
-		else if (!strcmp(*args,"-secretkeyid"))
-			{
-			long ltmp;
-			if (!args[1])
-				goto argerr;
-			args++;
-			secret_keyid = string_to_hex(*args, &ltmp);
-			if (!secret_keyid)
-				{
-				BIO_printf(bio_err, "Invalid id %s\n", *args);
-				goto argerr;
-				}
-			secret_keyidlen = (size_t)ltmp;
-			}
-		else if (!strcmp(*args,"-pwri_password"))
-			{
-			if (!args[1])
-				goto argerr;
-			args++;
-			pwri_pass = (unsigned char *)*args;
-			}
-		else if (!strcmp(*args,"-econtent_type"))
-			{
-			if (!args[1])
-				goto argerr;
-			args++;
-			econtent_type = OBJ_txt2obj(*args, 0);
-			if (!econtent_type)
-				{
-				BIO_printf(bio_err, "Invalid OID %s\n", *args);
-				goto argerr;
-				}
-			}
-		else if (!strcmp(*args,"-rand"))
-			{
-			if (!args[1])
-				goto argerr;
-			args++;
-			inrand = *args;
-			need_rand = 1;
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (!strcmp(*args,"-engine"))
-			{
-			if (!args[1])
-				goto argerr;
-			engine = *++args;
-			}
-#endif
-		else if (!strcmp(*args,"-passin"))
-			{
-			if (!args[1])
-				goto argerr;
-			passargin = *++args;
-			}
-		else if (!strcmp (*args, "-to"))
-			{
-			if (!args[1])
-				goto argerr;
-			to = *++args;
-			}
-		else if (!strcmp (*args, "-from"))
-			{
-			if (!args[1])
-				goto argerr;
-			from = *++args;
-			}
-		else if (!strcmp (*args, "-subject"))
-			{
-			if (!args[1])
-				goto argerr;
-			subject = *++args;
-			}
-		else if (!strcmp (*args, "-signer"))
-			{
-			if (!args[1])
-				goto argerr;
-			/* If previous -signer argument add signer to list */
-
-			if (signerfile)
-				{
-				if (!sksigners)
-					sksigners = sk_OPENSSL_STRING_new_null();
-				sk_OPENSSL_STRING_push(sksigners, signerfile);
-				if (!keyfile)
-					keyfile = signerfile;
-				if (!skkeys)
-					skkeys = sk_OPENSSL_STRING_new_null();
-				sk_OPENSSL_STRING_push(skkeys, keyfile);
-				keyfile = NULL;
-				}
-			signerfile = *++args;
-			}
-		else if (!strcmp (*args, "-recip"))
-			{
-			if (!args[1])
-				goto argerr;
-			recipfile = *++args;
-			}
-		else if (!strcmp (*args, "-certsout"))
-			{
-			if (!args[1])
-				goto argerr;
-			certsoutfile = *++args;
-			}
-		else if (!strcmp (*args, "-md"))
-			{
-			if (!args[1])
-				goto argerr;
-			sign_md = EVP_get_digestbyname(*++args);
-			if (sign_md == NULL)
-				{
-				BIO_printf(bio_err, "Unknown digest %s\n",
-							*args);
-				goto argerr;
-				}
-			}
-		else if (!strcmp (*args, "-inkey"))
-			{
-			if (!args[1])	
-				goto argerr;
-			/* If previous -inkey arument add signer to list */
-			if (keyfile)
-				{
-				if (!signerfile)
-					{
-					BIO_puts(bio_err, "Illegal -inkey without -signer\n");
-					goto argerr;
-					}
-				if (!sksigners)
-					sksigners = sk_OPENSSL_STRING_new_null();
-				sk_OPENSSL_STRING_push(sksigners, signerfile);
-				signerfile = NULL;
-				if (!skkeys)
-					skkeys = sk_OPENSSL_STRING_new_null();
-				sk_OPENSSL_STRING_push(skkeys, keyfile);
-				}
-			keyfile = *++args;
-			}
-		else if (!strcmp (*args, "-keyform"))
-			{
-			if (!args[1])
-				goto argerr;
-			keyform = str2fmt(*++args);
-			}
-		else if (!strcmp (*args, "-rctform"))
-			{
-			if (!args[1])
-				goto argerr;
-			rctformat = str2fmt(*++args);
-			}
-		else if (!strcmp (*args, "-certfile"))
-			{
-			if (!args[1])
-				goto argerr;
-			certfile = *++args;
-			}
-		else if (!strcmp (*args, "-CAfile"))
-			{
-			if (!args[1])
-				goto argerr;
-			CAfile = *++args;
-			}
-		else if (!strcmp (*args, "-CApath"))
-			{
-			if (!args[1])
-				goto argerr;
-			CApath = *++args;
-			}
-		else if (!strcmp (*args, "-in"))
-			{
-			if (!args[1])
-				goto argerr;
-			infile = *++args;
-			}
-		else if (!strcmp (*args, "-inform"))
-			{
-			if (!args[1])
-				goto argerr;
-			informat = str2fmt(*++args);
-			}
-		else if (!strcmp (*args, "-outform"))
-			{
-			if (!args[1])
-				goto argerr;
-			outformat = str2fmt(*++args);
-			}
-		else if (!strcmp (*args, "-out"))
-			{
-			if (!args[1])
-				goto argerr;
-			outfile = *++args;
-			}
-		else if (!strcmp (*args, "-content"))
-			{
-			if (!args[1])
-				goto argerr;
-			contfile = *++args;
-			}
-		else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
-			continue;
-		else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
-			badarg = 1;
-		args++;
-		}
-
-	if (((rr_allorfirst != -1) || rr_from) && !rr_to)
-		{
-		BIO_puts(bio_err, "No Signed Receipts Recipients\n");
-		goto argerr;
-		}
-
-	if (!(operation & SMIME_SIGNERS)  && (rr_to || rr_from))
-		{
-		BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
-		goto argerr;
-		}
-	if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
-		{
-		BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
-		goto argerr;
-		}
-
-	if (operation & SMIME_SIGNERS)
-		{
-		if (keyfile && !signerfile)
-			{
-			BIO_puts(bio_err, "Illegal -inkey without -signer\n");
-			goto argerr;
-			}
-		/* Check to see if any final signer needs to be appended */
-		if (signerfile)
-			{
-			if (!sksigners)
-				sksigners = sk_OPENSSL_STRING_new_null();
-			sk_OPENSSL_STRING_push(sksigners, signerfile);
-			if (!skkeys)
-				skkeys = sk_OPENSSL_STRING_new_null();
-			if (!keyfile)
-				keyfile = signerfile;
-			sk_OPENSSL_STRING_push(skkeys, keyfile);
-			}
-		if (!sksigners)
-			{
-			BIO_printf(bio_err, "No signer certificate specified\n");
-			badarg = 1;
-			}
-		signerfile = NULL;
-		keyfile = NULL;
-		need_rand = 1;
-		}
-
-	else if (operation == SMIME_DECRYPT)
-		{
-		if (!recipfile && !keyfile && !secret_key && !pwri_pass)
-			{
-			BIO_printf(bio_err, "No recipient certificate or key specified\n");
-			badarg = 1;
-			}
-		}
-	else if (operation == SMIME_ENCRYPT)
-		{
-		if (!*args && !secret_key && !pwri_pass)
-			{
-			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
-			badarg = 1;
-			}
-		need_rand = 1;
-		}
-	else if (!operation)
-		badarg = 1;
-
-	if (badarg)
-		{
-		argerr:
-		BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
-		BIO_printf (bio_err, "where options are\n");
-		BIO_printf (bio_err, "-encrypt       encrypt message\n");
-		BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");
-		BIO_printf (bio_err, "-sign          sign message\n");
-		BIO_printf (bio_err, "-verify        verify signed message\n");
-		BIO_printf (bio_err, "-cmsout        output CMS structure\n");
-#ifndef OPENSSL_NO_DES
-		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
-		BIO_printf (bio_err, "-des           encrypt with DES\n");
-#endif
-#ifndef OPENSSL_NO_SEED
-		BIO_printf (bio_err, "-seed          encrypt with SEED\n");
-#endif
-#ifndef OPENSSL_NO_RC2
-		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
-		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
-		BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
-#endif
-#ifndef OPENSSL_NO_AES
-		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
-		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-		BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
-		BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
-#endif
-		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
-		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
-		BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
-		BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
-		BIO_printf (bio_err, "-nodetach      use opaque signing\n");
-		BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
-		BIO_printf (bio_err, "-binary        don't translate message to text\n");
-		BIO_printf (bio_err, "-certfile file other certificates file\n");
-		BIO_printf (bio_err, "-certsout file certificate output file\n");
-		BIO_printf (bio_err, "-signer file   signer certificate file\n");
-		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
-		BIO_printf (bio_err, "-keyid         use subject key identifier\n");
-		BIO_printf (bio_err, "-in file       input file\n");
-		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
-		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
-		BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
-		BIO_printf (bio_err, "-out file      output file\n");
-		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
-		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
-		BIO_printf (bio_err, "-to addr       to address\n");
-		BIO_printf (bio_err, "-from ad       from address\n");
-		BIO_printf (bio_err, "-subject s     subject\n");
-		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
-		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
-		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
-		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
-		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
-#endif
-		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
-		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,  "               the random number generator\n");
-		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
-		goto end;
-		}
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
-	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
-		{
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-		}
-
-	if (need_rand)
-		{
-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-		if (inrand != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				app_RAND_load_files(inrand));
-		}
-
-	ret = 2;
-
-	if (!(operation & SMIME_SIGNERS))
-		flags &= ~CMS_DETACHED;
-
-	if (operation & SMIME_OP)
-		{
-		if (outformat == FORMAT_ASN1)
-			outmode = "wb";
-		}
-	else
-		{
-		if (flags & CMS_BINARY)
-			outmode = "wb";
-		}
-
-	if (operation & SMIME_IP)
-		{
-		if (informat == FORMAT_ASN1)
-			inmode = "rb";
-		}
-	else
-		{
-		if (flags & CMS_BINARY)
-			inmode = "rb";
-		}
-
-	if (operation == SMIME_ENCRYPT)
-		{
-		if (!cipher)
-			{
-#ifndef OPENSSL_NO_DES			
-			cipher = EVP_des_ede3_cbc();
-#else
-			BIO_printf(bio_err, "No cipher selected\n");
-			goto end;
-#endif
-			}
-
-		if (secret_key && !secret_keyid)
-			{
-			BIO_printf(bio_err, "No secret key id\n");
-			goto end;
-			}
-
-		if (*args)
-			encerts = sk_X509_new_null();
-		while (*args)
-			{
-			if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
-				NULL, e, "recipient certificate file")))
-				goto end;
-			sk_X509_push(encerts, cert);
-			cert = NULL;
-			args++;
-			}
-		}
-
-	if (certfile)
-		{
-		if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
-			e, "certificate file")))
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-
-	if (recipfile && (operation == SMIME_DECRYPT))
-		{
-		if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
-			e, "recipient certificate file")))
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-
-	if (operation == SMIME_SIGN_RECEIPT)
-		{
-		if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL,
-			e, "receipt signer certificate file")))
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-
-	if (operation == SMIME_DECRYPT)
-		{
-		if (!keyfile)
-			keyfile = recipfile;
-		}
-	else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT))
-		{
-		if (!keyfile)
-			keyfile = signerfile;
-		}
-	else keyfile = NULL;
-
-	if (keyfile)
-		{
-		key = load_key(bio_err, keyfile, keyform, 0, passin, e,
-			       "signing key file");
-		if (!key)
-			goto end;
-		}
-
-	if (infile)
-		{
-		if (!(in = BIO_new_file(infile, inmode)))
-			{
-			BIO_printf (bio_err,
-				 "Can't open input file %s\n", infile);
-			goto end;
-			}
-		}
-	else
-		in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
-	if (operation & SMIME_IP)
-		{
-		if (informat == FORMAT_SMIME) 
-			cms = SMIME_read_CMS(in, &indata);
-		else if (informat == FORMAT_PEM) 
-			cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
-		else if (informat == FORMAT_ASN1) 
-			cms = d2i_CMS_bio(in, NULL);
-		else
-			{
-			BIO_printf(bio_err, "Bad input format for CMS file\n");
-			goto end;
-			}
-
-		if (!cms)
-			{
-			BIO_printf(bio_err, "Error reading S/MIME message\n");
-			goto end;
-			}
-		if (contfile)
-			{
-			BIO_free(indata);
-			if (!(indata = BIO_new_file(contfile, "rb")))
-				{
-				BIO_printf(bio_err, "Can't read content file %s\n", contfile);
-				goto end;
-				}
-			}
-		if (certsoutfile)
-			{
-			STACK_OF(X509) *allcerts;
-			allcerts = CMS_get1_certs(cms);
-			if (!save_certs(certsoutfile, allcerts))
-				{
-				BIO_printf(bio_err,
-						"Error writing certs to %s\n",
-								certsoutfile);
-				ret = 5;
-				goto end;
-				}
-			sk_X509_pop_free(allcerts, X509_free);
-			}
-		}
-
-	if (rctfile)
-		{
-		char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
-		if (!(rctin = BIO_new_file(rctfile, rctmode)))
-			{
-			BIO_printf (bio_err,
-				 "Can't open receipt file %s\n", rctfile);
-			goto end;
-			}
-		
-		if (rctformat == FORMAT_SMIME) 
-			rcms = SMIME_read_CMS(rctin, NULL);
-		else if (rctformat == FORMAT_PEM) 
-			rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
-		else if (rctformat == FORMAT_ASN1) 
-			rcms = d2i_CMS_bio(rctin, NULL);
-		else
-			{
-			BIO_printf(bio_err, "Bad input format for receipt\n");
-			goto end;
-			}
-
-		if (!rcms)
-			{
-			BIO_printf(bio_err, "Error reading receipt\n");
-			goto end;
-			}
-		}
-
-	if (outfile)
-		{
-		if (!(out = BIO_new_file(outfile, outmode)))
-			{
-			BIO_printf (bio_err,
-				 "Can't open output file %s\n", outfile);
-			goto end;
-			}
-		}
-	else
-		{
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		    out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-
-	if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT))
-		{
-		if (!(store = setup_verify(bio_err, CAfile, CApath)))
-			goto end;
-		X509_STORE_set_verify_cb(store, cms_cb);
-		if (vpm)
-			X509_STORE_set1_param(store, vpm);
-		}
-
-
-	ret = 3;
-
-	if (operation == SMIME_DATA_CREATE)
-		{
-		cms = CMS_data_create(in, flags);
-		}
-	else if (operation == SMIME_DIGEST_CREATE)
-		{
-		cms = CMS_digest_create(in, sign_md, flags);
-		}
-	else if (operation == SMIME_COMPRESS)
-		{
-		cms = CMS_compress(in, -1, flags);
-		}
-	else if (operation == SMIME_ENCRYPT)
-		{
-		flags |= CMS_PARTIAL;
-		cms = CMS_encrypt(encerts, in, cipher, flags);
-		if (!cms)
-			goto end;
-		if (secret_key)
-			{
-			if (!CMS_add0_recipient_key(cms, NID_undef, 
-						secret_key, secret_keylen,
-						secret_keyid, secret_keyidlen,
-						NULL, NULL, NULL))
-				goto end;
-			/* NULL these because call absorbs them */
-			secret_key = NULL;
-			secret_keyid = NULL;
-			}
-		if (pwri_pass)
-			{
-			pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass);
-			if (!pwri_tmp)
-				goto end;
-			if (!CMS_add0_recipient_password(cms,
-						-1, NID_undef, NID_undef,
-						 pwri_tmp, -1, NULL))
-				goto end;
-			pwri_tmp = NULL;
-			}
-		if (!(flags & CMS_STREAM))
-			{
-			if (!CMS_final(cms, in, NULL, flags))
-				goto end;
-			}
-		}
-	else if (operation == SMIME_ENCRYPTED_ENCRYPT)
-		{
-		cms = CMS_EncryptedData_encrypt(in, cipher,
-						secret_key, secret_keylen,
-						flags);
-
-		}
-	else if (operation == SMIME_SIGN_RECEIPT)
-		{
-		CMS_ContentInfo *srcms = NULL;
-		STACK_OF(CMS_SignerInfo) *sis;
-		CMS_SignerInfo *si;
-		sis = CMS_get0_SignerInfos(cms);
-		if (!sis)
-			goto end;
-		si = sk_CMS_SignerInfo_value(sis, 0);
-		srcms = CMS_sign_receipt(si, signer, key, other, flags);
-		if (!srcms)
-			goto end;
-		CMS_ContentInfo_free(cms);
-		cms = srcms;
-		}
-	else if (operation & SMIME_SIGNERS)
-		{
-		int i;
-		/* If detached data content we enable streaming if
-		 * S/MIME output format.
-		 */
-		if (operation == SMIME_SIGN)
-			{
-				
-			if (flags & CMS_DETACHED)
-				{
-				if (outformat == FORMAT_SMIME)
-					flags |= CMS_STREAM;
-				}
-			flags |= CMS_PARTIAL;
-			cms = CMS_sign(NULL, NULL, other, in, flags);
-			if (!cms)
-				goto end;
-			if (econtent_type)
-				CMS_set1_eContentType(cms, econtent_type);
-
-			if (rr_to)
-				{
-				rr = make_receipt_request(rr_to, rr_allorfirst,
-								rr_from);
-				if (!rr)
-					{
-					BIO_puts(bio_err,
-				"Signed Receipt Request Creation Error\n");
-					goto end;
-					}
-				}
-			}
-		else
-			flags |= CMS_REUSE_DIGEST;
-		for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
-			{
-			CMS_SignerInfo *si;
-			signerfile = sk_OPENSSL_STRING_value(sksigners, i);
-			keyfile = sk_OPENSSL_STRING_value(skkeys, i);
-			signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
-					e, "signer certificate");
-			if (!signer)
-				goto end;
-			key = load_key(bio_err, keyfile, keyform, 0, passin, e,
-			       "signing key file");
-			if (!key)
-				goto end;
-			si = CMS_add1_signer(cms, signer, key, sign_md, flags);
-			if (!si)
-				goto end;
-			if (rr && !CMS_add1_ReceiptRequest(si, rr))
-				goto end;
-			X509_free(signer);
-			signer = NULL;
-			EVP_PKEY_free(key);
-			key = NULL;
-			}
-		/* If not streaming or resigning finalize structure */
-		if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM))
-			{
-			if (!CMS_final(cms, in, NULL, flags))
-				goto end;
-			}
-		}
-
-	if (!cms)
-		{
-		BIO_printf(bio_err, "Error creating CMS structure\n");
-		goto end;
-		}
-
-	ret = 4;
-	if (operation == SMIME_DECRYPT)
-		{
-		if (flags & CMS_DEBUG_DECRYPT)
-			CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
-
-		if (secret_key)
-			{
-			if (!CMS_decrypt_set1_key(cms,
-						secret_key, secret_keylen,
-						secret_keyid, secret_keyidlen))
-				{
-				BIO_puts(bio_err,
-					"Error decrypting CMS using secret key\n");
-				goto end;
-				}
-			}
-
-		if (key)
-			{
-			if (!CMS_decrypt_set1_pkey(cms, key, recip))
-				{
-				BIO_puts(bio_err,
-					"Error decrypting CMS using private key\n");
-				goto end;
-				}
-			}
-
-		if (pwri_pass)
-			{
-			if (!CMS_decrypt_set1_password(cms, pwri_pass, -1))
-				{
-				BIO_puts(bio_err,
-					"Error decrypting CMS using password\n");
-				goto end;
-				}
-			}
-
-		if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
-			{
-			BIO_printf(bio_err, "Error decrypting CMS structure\n");
-			goto end;
-			}
-		}
-	else if (operation == SMIME_DATAOUT)
-		{
-		if (!CMS_data(cms, out, flags))
-			goto end;
-		}
-	else if (operation == SMIME_UNCOMPRESS)
-		{
-		if (!CMS_uncompress(cms, indata, out, flags))
-			goto end;
-		}
-	else if (operation == SMIME_DIGEST_VERIFY)
-		{
-		if (CMS_digest_verify(cms, indata, out, flags) > 0)
-			BIO_printf(bio_err, "Verification successful\n");
-		else
-			{
-			BIO_printf(bio_err, "Verification failure\n");
-			goto end;
-			}
-		}
-	else if (operation == SMIME_ENCRYPTED_DECRYPT)
-		{
-		if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
-						indata, out, flags))
-			goto end;
-		}
-	else if (operation == SMIME_VERIFY)
-		{
-		if (CMS_verify(cms, other, store, indata, out, flags) > 0)
-			BIO_printf(bio_err, "Verification successful\n");
-		else
-			{
-			BIO_printf(bio_err, "Verification failure\n");
-			if (verify_retcode)
-				ret = verify_err + 32;
-			goto end;
-			}
-		if (signerfile)
-			{
-			STACK_OF(X509) *signers;
-			signers = CMS_get0_signers(cms);
-			if (!save_certs(signerfile, signers))
-				{
-				BIO_printf(bio_err,
-						"Error writing signers to %s\n",
-								signerfile);
-				ret = 5;
-				goto end;
-				}
-			sk_X509_free(signers);
-			}
-		if (rr_print)
-			receipt_request_print(bio_err, cms);
-					
-		}
-	else if (operation == SMIME_VERIFY_RECEIPT)
-		{
-		if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
-			BIO_printf(bio_err, "Verification successful\n");
-		else
-			{
-			BIO_printf(bio_err, "Verification failure\n");
-			goto end;
-			}
-		}
-	else
-		{
-		if (noout)
-			{
-			if (print)
-				CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
-			}
-		else if (outformat == FORMAT_SMIME)
-			{
-			if (to)
-				BIO_printf(out, "To: %s\n", to);
-			if (from)
-				BIO_printf(out, "From: %s\n", from);
-			if (subject)
-				BIO_printf(out, "Subject: %s\n", subject);
-			if (operation == SMIME_RESIGN)
-				ret = SMIME_write_CMS(out, cms, indata, flags);
-			else
-				ret = SMIME_write_CMS(out, cms, in, flags);
-			}
-		else if (outformat == FORMAT_PEM) 
-			ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
-		else if (outformat == FORMAT_ASN1) 
-			ret = i2d_CMS_bio_stream(out,cms, in, flags);
-		else
-			{
-			BIO_printf(bio_err, "Bad output format for CMS file\n");
-			goto end;
-			}
-		if (ret <= 0)
-			{
-			ret = 6;
-			goto end;
-			}
-		}
-	ret = 0;
-end:
-	if (ret)
-		ERR_print_errors(bio_err);
-	if (need_rand)
-		app_RAND_write_file(NULL, bio_err);
-	sk_X509_pop_free(encerts, X509_free);
-	sk_X509_pop_free(other, X509_free);
-	if (vpm)
-		X509_VERIFY_PARAM_free(vpm);
-	if (sksigners)
-		sk_OPENSSL_STRING_free(sksigners);
-	if (skkeys)
-		sk_OPENSSL_STRING_free(skkeys);
-	if (secret_key)
-		OPENSSL_free(secret_key);
-	if (secret_keyid)
-		OPENSSL_free(secret_keyid);
-	if (pwri_tmp)
-		OPENSSL_free(pwri_tmp);
-	if (econtent_type)
-		ASN1_OBJECT_free(econtent_type);
-	if (rr)
-		CMS_ReceiptRequest_free(rr);
-	if (rr_to)
-		sk_OPENSSL_STRING_free(rr_to);
-	if (rr_from)
-		sk_OPENSSL_STRING_free(rr_from);
-	X509_STORE_free(store);
-	X509_free(cert);
-	X509_free(recip);
-	X509_free(signer);
-	EVP_PKEY_free(key);
-	CMS_ContentInfo_free(cms);
-	CMS_ContentInfo_free(rcms);
-	BIO_free(rctin);
-	BIO_free(in);
-	BIO_free(indata);
-	BIO_free_all(out);
-	if (passin) OPENSSL_free(passin);
-	return (ret);
-}
-
-static int save_certs(char *signerfile, STACK_OF(X509) *signers)
-	{
-	int i;
-	BIO *tmp;
-	if (!signerfile)
-		return 1;
-	tmp = BIO_new_file(signerfile, "w");
-	if (!tmp) return 0;
-	for(i = 0; i < sk_X509_num(signers); i++)
-		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
-	BIO_free(tmp);
-	return 1;
-	}
-	
-
-/* Minimal callback just to output policy info (if any) */
-
-static int cms_cb(int ok, X509_STORE_CTX *ctx)
-	{
-	int error;
-
-	error = X509_STORE_CTX_get_error(ctx);
-
-	verify_err = error;
-
-	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
-		&& ((error != X509_V_OK) || (ok != 2)))
-		return ok;
-
-	policies_print(NULL, ctx);
-
-	return ok;
-
-	}
-
-static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
-	{
-	STACK_OF(GENERAL_NAME) *gens;
-	GENERAL_NAME *gen;
-	int i, j;
-	for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++)
-		{
-		gens = sk_GENERAL_NAMES_value(gns, i);
-		for (j = 0; j < sk_GENERAL_NAME_num(gens); j++)
-			{
-			gen = sk_GENERAL_NAME_value(gens, j);
-			BIO_puts(out, "    ");
-			GENERAL_NAME_print(out, gen);
-			BIO_puts(out, "\n");
-			}
-		}
-	return;
-	}
-
-static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
-	{
-	STACK_OF(CMS_SignerInfo) *sis;
-	CMS_SignerInfo *si;
-	CMS_ReceiptRequest *rr;
-	int allorfirst;
-	STACK_OF(GENERAL_NAMES) *rto, *rlist;
-	ASN1_STRING *scid;
-	int i, rv;
-	sis = CMS_get0_SignerInfos(cms);
-	for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++)
-		{
-		si = sk_CMS_SignerInfo_value(sis, i);
-		rv = CMS_get1_ReceiptRequest(si, &rr);
-		BIO_printf(bio_err, "Signer %d:\n", i + 1);
-		if (rv == 0)
-			BIO_puts(bio_err, "  No Receipt Request\n");
-		else if (rv < 0)
-			{
-			BIO_puts(bio_err, "  Receipt Request Parse Error\n");
-			ERR_print_errors(bio_err);
-			}
-		else
-			{
-			char *id;
-			int idlen;
-			CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
-							&rlist, &rto);
-			BIO_puts(out, "  Signed Content ID:\n");
-			idlen = ASN1_STRING_length(scid);
-			id = (char *)ASN1_STRING_data(scid);
-			BIO_dump_indent(out, id, idlen, 4);
-			BIO_puts(out, "  Receipts From");
-			if (rlist)
-				{
-				BIO_puts(out, " List:\n");
-				gnames_stack_print(out, rlist);
-				}
-			else if (allorfirst == 1)
-				BIO_puts(out, ": First Tier\n");
-			else if (allorfirst == 0)
-				BIO_puts(out, ": All\n");
-			else
-				BIO_printf(out, " Unknown (%d)\n", allorfirst);
-			BIO_puts(out, "  Receipts To:\n");
-			gnames_stack_print(out, rto);
-			}
-		if (rr)
-			CMS_ReceiptRequest_free(rr);
-		}
-	}
-
-static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
-	{
-	int i;
-	STACK_OF(GENERAL_NAMES) *ret;
-	GENERAL_NAMES *gens = NULL;
-	GENERAL_NAME *gen = NULL;
-	ret = sk_GENERAL_NAMES_new_null();
-	if (!ret)
-		goto err;
-	for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++)
-		{
-		char *str = sk_OPENSSL_STRING_value(ns, i);
-		gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
-		if (!gen)
-			goto err;
-		gens = GENERAL_NAMES_new();
-		if (!gens)
-			goto err;
-		if (!sk_GENERAL_NAME_push(gens, gen))
-			goto err;
-		gen = NULL;
-		if (!sk_GENERAL_NAMES_push(ret, gens))
-			goto err;
-		gens = NULL;
-		}
-
-	return ret;
-
-	err:
-	if (ret)
-		sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
-	if (gens)
-		GENERAL_NAMES_free(gens);
-	if (gen)
-		GENERAL_NAME_free(gen);
-	return NULL;
-	}
-
-
-static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,
-						int rr_allorfirst,
-						STACK_OF(OPENSSL_STRING) *rr_from)
-	{
-	STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
-	CMS_ReceiptRequest *rr;
-	rct_to = make_names_stack(rr_to);
-	if (!rct_to)
-		goto err;
-	if (rr_from)
-		{
-		rct_from = make_names_stack(rr_from);
-		if (!rct_from)
-			goto err;
-		}
-	else
-		rct_from = NULL;
-	rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
-						rct_to);
-	return rr;
-	err:
-	return NULL;
-	}
-
-#endif
diff --git a/apps/crl.c b/apps/crl.c
deleted file mode 100644
index 8797d300cf..0000000000
--- a/apps/crl.c
+++ /dev/null
@@ -1,464 +0,0 @@
-/* apps/crl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	crl_main
-
-#undef POSTFIX
-#define	POSTFIX	".rvk"
-
-static const char *crl_usage[]={
-"usage: crl args\n",
-"\n",
-" -inform arg     - input format - default PEM (DER or PEM)\n",
-" -outform arg    - output format - default PEM\n",
-" -text           - print out a text format version\n",
-" -in arg         - input file - default stdin\n",
-" -out arg        - output file - default stdout\n",
-" -hash           - print hash value\n",
-#ifndef OPENSSL_NO_MD5
-" -hash_old       - print old-style (MD5) hash value\n",
-#endif
-" -fingerprint    - print the crl fingerprint\n",
-" -issuer         - print issuer DN\n",
-" -lastupdate     - lastUpdate field\n",
-" -nextupdate     - nextUpdate field\n",
-" -crlnumber      - print CRL number\n",
-" -noout          - no CRL output\n",
-" -CAfile  name   - verify CRL using certificates in file \"name\"\n",
-" -CApath  dir    - verify CRL using certificates in \"dir\"\n",
-" -nameopt arg    - various certificate name options\n",
-NULL
-};
-
-static X509_CRL *load_crl(char *file, int format);
-static BIO *bio_out=NULL;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	unsigned long nmflag = 0;
-	X509_CRL *x=NULL;
-	char *CAfile = NULL, *CApath = NULL;
-	int ret=1,i,num,badops=0;
-	BIO *out=NULL;
-	int informat,outformat;
-	char *infile=NULL,*outfile=NULL;
-	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
-#ifndef OPENSSL_NO_MD5
-       int hash_old=0;
-#endif
-	int fingerprint = 0, crlnumber = 0;
-	const char **pp;
-	X509_STORE *store = NULL;
-	X509_STORE_CTX ctx;
-	X509_LOOKUP *lookup = NULL;
-	X509_OBJECT xobj;
-	EVP_PKEY *pkey;
-	int do_ver = 0;
-	const EVP_MD *md_alg,*digest=EVP_sha1();
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	if (bio_out == NULL)
-		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
-			{
-			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			bio_out = BIO_push(tmpbio, bio_out);
-			}
-#endif
-			}
-
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	argc--;
-	argv++;
-	num=0;
-	while (argc >= 1)
-		{
-#ifdef undef
-		if	(strcmp(*argv,"-p") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
-			}
-#endif
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-CApath") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CApath = *(++argv);
-			do_ver = 1;
-			}
-		else if (strcmp(*argv,"-CAfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAfile = *(++argv);
-			do_ver = 1;
-			}
-		else if (strcmp(*argv,"-verify") == 0)
-			do_ver = 1;
-		else if (strcmp(*argv,"-text") == 0)
-			text = 1;
-		else if (strcmp(*argv,"-hash") == 0)
-			hash= ++num;
-#ifndef OPENSSL_NO_MD5
-		else if (strcmp(*argv,"-hash_old") == 0)
-			hash_old= ++num;
-#endif
-		else if (strcmp(*argv,"-nameopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
-			}
-		else if (strcmp(*argv,"-issuer") == 0)
-			issuer= ++num;
-		else if (strcmp(*argv,"-lastupdate") == 0)
-			lastupdate= ++num;
-		else if (strcmp(*argv,"-nextupdate") == 0)
-			nextupdate= ++num;
-		else if (strcmp(*argv,"-noout") == 0)
-			noout= ++num;
-		else if (strcmp(*argv,"-fingerprint") == 0)
-			fingerprint= ++num;
-		else if (strcmp(*argv,"-crlnumber") == 0)
-			crlnumber= ++num;
-		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
-			{
-			/* ok */
-			digest=md_alg;
-			}
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		for (pp=crl_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-	x=load_crl(infile,informat);
-	if (x == NULL) { goto end; }
-
-	if(do_ver) {
-		store = X509_STORE_new();
-		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
-		if (lookup == NULL) goto end;
-		if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
-			X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-			
-		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
-		if (lookup == NULL) goto end;
-		if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
-			X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-		ERR_clear_error();
-
-		if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
-			BIO_printf(bio_err,
-				"Error initialising X509 store\n");
-			goto end;
-		}
-
-		i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, 
-					X509_CRL_get_issuer(x), &xobj);
-		if(i <= 0) {
-			BIO_printf(bio_err,
-				"Error getting CRL issuer certificate\n");
-			goto end;
-		}
-		pkey = X509_get_pubkey(xobj.data.x509);
-		X509_OBJECT_free_contents(&xobj);
-		if(!pkey) {
-			BIO_printf(bio_err,
-				"Error getting CRL issuer public key\n");
-			goto end;
-		}
-		i = X509_CRL_verify(x, pkey);
-		EVP_PKEY_free(pkey);
-		if(i < 0) goto end;
-		if(i == 0) BIO_printf(bio_err, "verify failure\n");
-		else BIO_printf(bio_err, "verify OK\n");
-	}
-
-	if (num)
-		{
-		for (i=1; i<=num; i++)
-			{
-			if (issuer == i)
-				{
-				print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
-				}
-			if (crlnumber == i)
-				{
-				ASN1_INTEGER *crlnum;
-				crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number,
-							      NULL, NULL);
-				BIO_printf(bio_out,"crlNumber=");
-				if (crlnum)
-					{
-					i2a_ASN1_INTEGER(bio_out, crlnum);
-					ASN1_INTEGER_free(crlnum);
-					}
-				else
-					BIO_puts(bio_out, "<NONE>");
-				BIO_printf(bio_out,"\n");
-				}
-			if (hash == i)
-				{
-				BIO_printf(bio_out,"%08lx\n",
-					X509_NAME_hash(X509_CRL_get_issuer(x)));
-				}
-#ifndef OPENSSL_NO_MD5
-			if (hash_old == i)
-				{
-				BIO_printf(bio_out,"%08lx\n",
-					X509_NAME_hash_old(
-						X509_CRL_get_issuer(x)));
-				}
-#endif
-			if (lastupdate == i)
-				{
-				BIO_printf(bio_out,"lastUpdate=");
-				ASN1_TIME_print(bio_out,
-						X509_CRL_get_lastUpdate(x));
-				BIO_printf(bio_out,"\n");
-				}
-			if (nextupdate == i)
-				{
-				BIO_printf(bio_out,"nextUpdate=");
-				if (X509_CRL_get_nextUpdate(x)) 
-					ASN1_TIME_print(bio_out,
-						X509_CRL_get_nextUpdate(x));
-				else
-					BIO_printf(bio_out,"NONE");
-				BIO_printf(bio_out,"\n");
-				}
-			if (fingerprint == i)
-				{
-				int j;
-				unsigned int n;
-				unsigned char md[EVP_MAX_MD_SIZE];
-
-				if (!X509_CRL_digest(x,digest,md,&n))
-					{
-					BIO_printf(bio_err,"out of memory\n");
-					goto end;
-					}
-				BIO_printf(bio_out,"%s Fingerprint=",
-						OBJ_nid2sn(EVP_MD_type(digest)));
-				for (j=0; j<(int)n; j++)
-					{
-					BIO_printf(bio_out,"%02X%c",md[j],
-						(j+1 == (int)n)
-						?'\n':':');
-					}
-				}
-			}
-		}
-
-	out=BIO_new(BIO_s_file());
-	if (out == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	if (text) X509_CRL_print(out, x);
-
-	if (noout) 
-		{
-		ret = 0;
-		goto end;
-		}
-
-	if 	(outformat == FORMAT_ASN1)
-		i=(int)i2d_X509_CRL_bio(out,x);
-	else if (outformat == FORMAT_PEM)
-		i=PEM_write_bio_X509_CRL(out,x);
-	else	
-		{
-		BIO_printf(bio_err,"bad output format specified for outfile\n");
-		goto end;
-		}
-	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
-	ret=0;
-end:
-	BIO_free_all(out);
-	BIO_free_all(bio_out);
-	bio_out=NULL;
-	X509_CRL_free(x);
-	if(store) {
-		X509_STORE_CTX_cleanup(&ctx);
-		X509_STORE_free(store);
-	}
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-static X509_CRL *load_crl(char *infile, int format)
-	{
-	X509_CRL *x=NULL;
-	BIO *in=NULL;
-
-	in=BIO_new(BIO_s_file());
-	if (in == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-	if 	(format == FORMAT_ASN1)
-		x=d2i_X509_CRL_bio(in,NULL);
-	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
-	else	{
-		BIO_printf(bio_err,"bad input format specified for input crl\n");
-		goto end;
-		}
-	if (x == NULL)
-		{
-		BIO_printf(bio_err,"unable to load CRL\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	
-end:
-	BIO_free(in);
-	return(x);
-	}
-
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
deleted file mode 100644
index 42c6886b83..0000000000
--- a/apps/crl2p7.c
+++ /dev/null
@@ -1,343 +0,0 @@
-/* apps/crl2p7.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
- * and donated 'to the cause' along with lots and lots of other fixes to
- * the library. */
-
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-#include <openssl/objects.h>
-
-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
-#undef PROG
-#define PROG	crl2pkcs7_main
-
-/* -inform arg	- input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg	- input file - default stdin
- * -out arg	- output file - default stdout
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	int i,badops=0;
-	BIO *in=NULL,*out=NULL;
-	int informat,outformat;
-	char *infile,*outfile,*prog,*certfile;
-	PKCS7 *p7 = NULL;
-	PKCS7_SIGNED *p7s = NULL;
-	X509_CRL *crl=NULL;
-	STACK_OF(OPENSSL_STRING) *certflst=NULL;
-	STACK_OF(X509_CRL) *crl_stack=NULL;
-	STACK_OF(X509) *cert_stack=NULL;
-	int ret=1,nocrl=0;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	infile=NULL;
-	outfile=NULL;
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-nocrl") == 0)
-			{
-			nocrl=1;
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-certfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
-			if (!certflst)
-				goto end;
-			if (!sk_OPENSSL_STRING_push(certflst,*(++argv)))
-				{
-				sk_OPENSSL_STRING_free(certflst);
-				goto end;
-				}
-			}
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");
-		BIO_printf(bio_err," -in arg        input file\n");
-		BIO_printf(bio_err," -out arg       output file\n");
-		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
-		BIO_printf(bio_err,"                (can be used more than once)\n");
-		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
-		ret = 1;
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (!nocrl)
-		{
-		if (infile == NULL)
-			BIO_set_fp(in,stdin,BIO_NOCLOSE);
-		else
-			{
-			if (BIO_read_filename(in,infile) <= 0)
-				{
-				perror(infile);
-				goto end;
-				}
-			}
-
-		if 	(informat == FORMAT_ASN1)
-			crl=d2i_X509_CRL_bio(in,NULL);
-		else if (informat == FORMAT_PEM)
-			crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
-		else	{
-			BIO_printf(bio_err,"bad input format specified for input crl\n");
-			goto end;
-			}
-		if (crl == NULL)
-			{
-			BIO_printf(bio_err,"unable to load CRL\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-	
-	if ((p7=PKCS7_new()) == NULL) goto end;
-	if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
-	p7->type=OBJ_nid2obj(NID_pkcs7_signed);
-	p7->d.sign=p7s;
-	p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
-
-	if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
-	if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
-	p7s->crl=crl_stack;
-	if (crl != NULL)
-		{
-		sk_X509_CRL_push(crl_stack,crl);
-		crl=NULL; /* now part of p7 for OPENSSL_freeing */
-		}
-
-	if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
-	p7s->cert=cert_stack;
-
-	if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
-		certfile = sk_OPENSSL_STRING_value(certflst, i);
-		if (add_certs_from_file(cert_stack,certfile) < 0)
-			{
-			BIO_printf(bio_err, "error loading certificates\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-	}
-
-	sk_OPENSSL_STRING_free(certflst);
-
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	if 	(outformat == FORMAT_ASN1)
-		i=i2d_PKCS7_bio(out,p7);
-	else if (outformat == FORMAT_PEM)
-		i=PEM_write_bio_PKCS7(out,p7);
-	else	{
-		BIO_printf(bio_err,"bad output format specified for outfile\n");
-		goto end;
-		}
-	if (!i)
-		{
-		BIO_printf(bio_err,"unable to write pkcs7 object\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	ret=0;
-end:
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
-	if (p7 != NULL) PKCS7_free(p7);
-	if (crl != NULL) X509_CRL_free(crl);
-
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-/*
- *----------------------------------------------------------------------
- * int add_certs_from_file
- *
- *	Read a list of certificates to be checked from a file.
- *
- * Results:
- *	number of certs added if successful, -1 if not.
- *----------------------------------------------------------------------
- */
-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
-	{
-	BIO *in=NULL;
-	int count=0;
-	int ret= -1;
-	STACK_OF(X509_INFO) *sk=NULL;
-	X509_INFO *xi;
-
-	in=BIO_new(BIO_s_file());
-	if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
-		{
-		BIO_printf(bio_err,"error opening the file, %s\n",certfile);
-		goto end;
-		}
-
-	/* This loads from a file, a stack of x509/crl/pkey sets */
-	sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL);
-	if (sk == NULL) {
-		BIO_printf(bio_err,"error reading the file, %s\n",certfile);
-		goto end;
-	}
-
-	/* scan over it and pull out the CRL's */
-	while (sk_X509_INFO_num(sk))
-		{
-		xi=sk_X509_INFO_shift(sk);
-		if (xi->x509 != NULL)
-			{
-			sk_X509_push(stack,xi->x509);
-			xi->x509=NULL;
-			count++;
-			}
-		X509_INFO_free(xi);
-		}
-
-	ret=count;
-end:
- 	/* never need to OPENSSL_free x */
-	if (in != NULL) BIO_free(in);
-	if (sk != NULL) sk_X509_INFO_free(sk);
-	return(ret);
-	}
-
diff --git a/apps/dgst.c b/apps/dgst.c
deleted file mode 100644
index e31a6b182e..0000000000
--- a/apps/dgst.c
+++ /dev/null
@@ -1,646 +0,0 @@
-/* apps/dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/hmac.h>
-
-#undef BUFSIZE
-#define BUFSIZE	1024*8
-
-#undef PROG
-#define PROG	dgst_main
-
-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-	  EVP_PKEY *key, unsigned char *sigin, int siglen,
-	  const char *sig_name, const char *md_name,
-	  const char *file,BIO *bmd);
-
-static void list_md_fn(const EVP_MD *m,
-			const char *from, const char *to, void *arg)
-	{
-	const char *mname;
-	/* Skip aliases */
-	if (!m)
-		return;
-	mname = OBJ_nid2ln(EVP_MD_type(m));
-	/* Skip shortnames */
-	if (strcmp(from, mname))
-		return;
-	/* Skip clones */
-	if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST)
-		return;
-	if (strchr(mname, ' '))
-		mname= EVP_MD_name(m);
-	BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n",
-			mname, mname);
-	}
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	unsigned char *buf=NULL;
-	int i,err=1;
-	const EVP_MD *md=NULL,*m;
-	BIO *in=NULL,*inp;
-	BIO *bmd=NULL;
-	BIO *out = NULL;
-#define PROG_NAME_SIZE  39
-	char pname[PROG_NAME_SIZE+1];
-	int separator=0;
-	int debug=0;
-	int keyform=FORMAT_PEM;
-	const char *outfile = NULL, *keyfile = NULL;
-	const char *sigfile = NULL, *randfile = NULL;
-	int out_bin = -1, want_pub = 0, do_verify = 0;
-	EVP_PKEY *sigkey = NULL;
-	unsigned char *sigbuf = NULL;
-	int siglen = 0;
-	char *passargin = NULL, *passin = NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-	char *hmac_key=NULL;
-	char *mac_name=NULL;
-	int non_fips_allow = 0;
-	STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
-
-	apps_startup();
-
-	if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
-		{
-		BIO_printf(bio_err,"out of memory\n");
-		goto end;
-		}
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	/* first check the program name */
-	program_name(argv[0],pname,sizeof pname);
-
-	md=EVP_get_digestbyname(pname);
-
-	argc--;
-	argv++;
-	while (argc > 0)
-		{
-		if ((*argv)[0] != '-') break;
-		if (strcmp(*argv,"-c") == 0)
-			separator=1;
-		else if (strcmp(*argv,"-r") == 0)
-			separator=2;
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) break;
-			randfile=*(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) break;
-			outfile=*(++argv);
-			}
-		else if (strcmp(*argv,"-sign") == 0)
-			{
-			if (--argc < 1) break;
-			keyfile=*(++argv);
-			}
-		else if (!strcmp(*argv,"-passin"))
-			{
-			if (--argc < 1)
-				break;
-			passargin=*++argv;
-			}
-		else if (strcmp(*argv,"-verify") == 0)
-			{
-			if (--argc < 1) break;
-			keyfile=*(++argv);
-			want_pub = 1;
-			do_verify = 1;
-			}
-		else if (strcmp(*argv,"-prverify") == 0)
-			{
-			if (--argc < 1) break;
-			keyfile=*(++argv);
-			do_verify = 1;
-			}
-		else if (strcmp(*argv,"-signature") == 0)
-			{
-			if (--argc < 1) break;
-			sigfile=*(++argv);
-			}
-		else if (strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) break;
-			keyform=str2fmt(*(++argv));
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) break;
-			engine= *(++argv);
-        		e = setup_engine(bio_err, engine, 0);
-			}
-#endif
-		else if (strcmp(*argv,"-hex") == 0)
-			out_bin = 0;
-		else if (strcmp(*argv,"-binary") == 0)
-			out_bin = 1;
-		else if (strcmp(*argv,"-d") == 0)
-			debug=1;
-		else if (!strcmp(*argv,"-fips-fingerprint"))
-			hmac_key = "etaonrishdlcupfm";
-		else if (strcmp(*argv,"-non-fips-allow") == 0)
-			non_fips_allow=1;
-		else if (!strcmp(*argv,"-hmac"))
-			{
-			if (--argc < 1)
-				break;
-			hmac_key=*++argv;
-			}
-		else if (!strcmp(*argv,"-mac"))
-			{
-			if (--argc < 1)
-				break;
-			mac_name=*++argv;
-			}
-		else if (strcmp(*argv,"-sigopt") == 0)
-			{
-			if (--argc < 1)
-				break;
-			if (!sigopts)
-				sigopts = sk_OPENSSL_STRING_new_null();
-			if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
-				break;
-			}
-		else if (strcmp(*argv,"-macopt") == 0)
-			{
-			if (--argc < 1)
-				break;
-			if (!macopts)
-				macopts = sk_OPENSSL_STRING_new_null();
-			if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
-				break;
-			}
-		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
-			md=m;
-		else
-			break;
-		argc--;
-		argv++;
-		}
-
-
-	if(do_verify && !sigfile) {
-		BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
-		goto end;
-	}
-
-	if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
-		{
-		BIO_printf(bio_err,"unknown option '%s'\n",*argv);
-		BIO_printf(bio_err,"options are\n");
-		BIO_printf(bio_err,"-c              to output the digest with separating colons\n");
-		BIO_printf(bio_err,"-r              to output the digest in coreutils format\n");
-		BIO_printf(bio_err,"-d              to output debug info\n");
-		BIO_printf(bio_err,"-hex            output as hex dump\n");
-		BIO_printf(bio_err,"-binary         output in binary form\n");
-		BIO_printf(bio_err,"-hmac arg       set the HMAC key to arg\n");
-		BIO_printf(bio_err,"-non-fips-allow allow use of non FIPS digest\n");
-		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
-		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
-		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
-		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
-		BIO_printf(bio_err,"-out filename   output to filename rather than stdout\n");
-		BIO_printf(bio_err,"-signature file signature to verify\n");
-		BIO_printf(bio_err,"-sigopt nm:v    signature parameter\n");
-		BIO_printf(bio_err,"-hmac key       create hashed MAC with key\n");
-		BIO_printf(bio_err,"-mac algorithm  create MAC (not neccessarily HMAC)\n"); 
-		BIO_printf(bio_err,"-macopt nm:v    MAC algorithm parameters or key\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
-#endif
-
-		EVP_MD_do_all_sorted(list_md_fn, bio_err);
-		goto end;
-		}
-
-	in=BIO_new(BIO_s_file());
-	bmd=BIO_new(BIO_f_md());
-	if (debug)
-		{
-		BIO_set_callback(in,BIO_debug_callback);
-		/* needed for windows 3.1 */
-		BIO_set_callback_arg(in,(char *)bio_err);
-		}
-
-	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
-		{
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-		}
-
-	if ((in == NULL) || (bmd == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if(out_bin == -1) {
-		if(keyfile)
-			out_bin = 1;
-		else
-			out_bin = 0;
-	}
-
-	if(randfile)
-		app_RAND_load_file(randfile, bio_err, 0);
-
-	if(outfile) {
-		if(out_bin)
-			out = BIO_new_file(outfile, "wb");
-		else    out = BIO_new_file(outfile, "w");
-	} else {
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-
-	if(!out) {
-		BIO_printf(bio_err, "Error opening output file %s\n", 
-					outfile ? outfile : "(stdout)");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-	if ((!!mac_name + !!keyfile + !!hmac_key) > 1)
-		{
-		BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
-		goto end;
-		}
-
-	if(keyfile)
-		{
-		if (want_pub)
-			sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
-				e, "key file");
-		else
-			sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
-				e, "key file");
-		if (!sigkey)
-			{
-			/* load_[pub]key() has already printed an appropriate
-			   message */
-			goto end;
-			}
-		}
-
-	if (mac_name)
-		{
-		EVP_PKEY_CTX *mac_ctx = NULL;
-		int r = 0;
-		if (!init_gen_str(bio_err, &mac_ctx, mac_name,e, 0))
-			goto mac_end;
-		if (macopts)
-			{
-			char *macopt;
-			for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++)
-				{
-				macopt = sk_OPENSSL_STRING_value(macopts, i);
-				if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
-					{
-					BIO_printf(bio_err,
-						"MAC parameter error \"%s\"\n",
-						macopt);
-					ERR_print_errors(bio_err);
-					goto mac_end;
-					}
-				}
-			}
-		if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0)
-			{
-			BIO_puts(bio_err, "Error generating key\n");
-			ERR_print_errors(bio_err);
-			goto mac_end;
-			}
-		r = 1;
-		mac_end:
-		if (mac_ctx)
-			EVP_PKEY_CTX_free(mac_ctx);
-		if (r == 0)
-			goto end;
-		}
-
-	if (non_fips_allow)
-		{
-		EVP_MD_CTX *md_ctx;
-		BIO_get_md_ctx(bmd,&md_ctx);
-		EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-		}
-
-	if (hmac_key)
-		{
-		sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
-					(unsigned char *)hmac_key, -1);
-		if (!sigkey)
-			goto end;
-		}
-
-	if (sigkey)
-		{
-		EVP_MD_CTX *mctx = NULL;
-		EVP_PKEY_CTX *pctx = NULL;
-		int r;
-		if (!BIO_get_md_ctx(bmd, &mctx))
-			{
-			BIO_printf(bio_err, "Error getting context\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (do_verify)
-			r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
-		else
-			r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
-		if (!r)
-			{
-			BIO_printf(bio_err, "Error setting context\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (sigopts)
-			{
-			char *sigopt;
-			for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
-				{
-				sigopt = sk_OPENSSL_STRING_value(sigopts, i);
-				if (pkey_ctrl_string(pctx, sigopt) <= 0)
-					{
-					BIO_printf(bio_err,
-						"parameter error \"%s\"\n",
-						sigopt);
-					ERR_print_errors(bio_err);
-					goto end;
-					}
-				}
-			}
-		}
-	/* we use md as a filter, reading from 'in' */
-	else
-		{
-		if (md == NULL)
-			md = EVP_md5(); 
-		if (!BIO_set_md(bmd,md))
-			{
-			BIO_printf(bio_err, "Error setting digest %s\n", pname);
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-
-	if(sigfile && sigkey) {
-		BIO *sigbio;
-		sigbio = BIO_new_file(sigfile, "rb");
-		siglen = EVP_PKEY_size(sigkey);
-		sigbuf = OPENSSL_malloc(siglen);
-		if(!sigbio) {
-			BIO_printf(bio_err, "Error opening signature file %s\n",
-								sigfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		siglen = BIO_read(sigbio, sigbuf, siglen);
-		BIO_free(sigbio);
-		if(siglen <= 0) {
-			BIO_printf(bio_err, "Error reading signature file %s\n",
-								sigfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-	inp=BIO_push(bmd,in);
-
-	if (md == NULL)
-		{
-		EVP_MD_CTX *tctx;
-		BIO_get_md_ctx(bmd, &tctx);
-		md = EVP_MD_CTX_md(tctx);
-		}
-
-	if (argc == 0)
-		{
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
-			  siglen,NULL,NULL,"stdin",bmd);
-		}
-	else
-		{
-		const char *md_name = NULL, *sig_name = NULL;
-		if(!out_bin)
-			{
-			if (sigkey)
-				{
-				const EVP_PKEY_ASN1_METHOD *ameth;
-				ameth = EVP_PKEY_get0_asn1(sigkey);
-				if (ameth)
-					EVP_PKEY_asn1_get0_info(NULL, NULL,
-						NULL, NULL, &sig_name, ameth);
-				}
-			md_name = EVP_MD_name(md);
-			}
-		err = 0;
-		for (i=0; i<argc; i++)
-			{
-			int r;
-			if (BIO_read_filename(in,argv[i]) <= 0)
-				{
-				perror(argv[i]);
-				err++;
-				continue;
-				}
-			else
-			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
-				siglen,sig_name,md_name, argv[i],bmd);
-			if(r)
-			    err=r;
-			(void)BIO_reset(bmd);
-			}
-		}
-end:
-	if (buf != NULL)
-		{
-		OPENSSL_cleanse(buf,BUFSIZE);
-		OPENSSL_free(buf);
-		}
-	if (in != NULL) BIO_free(in);
-	if (passin)
-		OPENSSL_free(passin);
-	BIO_free_all(out);
-	EVP_PKEY_free(sigkey);
-	if (sigopts)
-		sk_OPENSSL_STRING_free(sigopts);
-	if (macopts)
-		sk_OPENSSL_STRING_free(macopts);
-	if(sigbuf) OPENSSL_free(sigbuf);
-	if (bmd != NULL) BIO_free(bmd);
-	apps_shutdown();
-	OPENSSL_EXIT(err);
-	}
-
-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
-	  EVP_PKEY *key, unsigned char *sigin, int siglen,
-	  const char *sig_name, const char *md_name,
-	  const char *file,BIO *bmd)
-	{
-	size_t len;
-	int i;
-
-	for (;;)
-		{
-		i=BIO_read(bp,(char *)buf,BUFSIZE);
-		if(i < 0)
-			{
-			BIO_printf(bio_err, "Read Error in %s\n",file);
-			ERR_print_errors(bio_err);
-			return 1;
-			}
-		if (i == 0) break;
-		}
-	if(sigin)
-		{
-		EVP_MD_CTX *ctx;
-		BIO_get_md_ctx(bp, &ctx);
-		i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); 
-		if(i > 0)
-			BIO_printf(out, "Verified OK\n");
-		else if(i == 0)
-			{
-			BIO_printf(out, "Verification Failure\n");
-			return 1;
-			}
-		else
-			{
-			BIO_printf(bio_err, "Error Verifying Data\n");
-			ERR_print_errors(bio_err);
-			return 1;
-			}
-		return 0;
-		}
-	if(key)
-		{
-		EVP_MD_CTX *ctx;
-		BIO_get_md_ctx(bp, &ctx);
-		len = BUFSIZE;
-		if(!EVP_DigestSignFinal(ctx, buf, &len)) 
-			{
-			BIO_printf(bio_err, "Error Signing Data\n");
-			ERR_print_errors(bio_err);
-			return 1;
-			}
-		}
-	else
-		{
-		len=BIO_gets(bp,(char *)buf,BUFSIZE);
-		if ((int)len <0)
-			{
-			ERR_print_errors(bio_err);
-			return 1;
-			}
-		}
-
-	if(binout) BIO_write(out, buf, len);
-	else if (sep == 2)
-		{
-		for (i=0; i<(int)len; i++)
-			BIO_printf(out, "%02x",buf[i]);
-		BIO_printf(out, " *%s\n", file);
-		}
-	else 
-		{
-		if (sig_name)
-			BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file);
-		else if (md_name)
-			BIO_printf(out, "%s(%s)= ", md_name, file);
-		else
-			BIO_printf(out, "(%s)= ", file);
-		for (i=0; i<(int)len; i++)
-			{
-			if (sep && (i != 0))
-				BIO_printf(out, ":");
-			BIO_printf(out, "%02x",buf[i]);
-			}
-		BIO_printf(out, "\n");
-		}
-	return 0;
-	}
-
diff --git a/apps/dh.c b/apps/dh.c
deleted file mode 100644
index dee9c01fce..0000000000
--- a/apps/dh.c
+++ /dev/null
@@ -1,355 +0,0 @@
-/* apps/dh.c */
-/* obsoleted by dhparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_DH
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	dh_main
-
-/* -inform arg	- input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg	- input file - default stdin
- * -out arg	- output file - default stdout
- * -check	- check the parameters are ok
- * -noout
- * -text
- * -C
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	DH *dh=NULL;
-	int i,badops=0,text=0;
-	BIO *in=NULL,*out=NULL;
-	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine;
-#endif
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-#ifndef OPENSSL_NO_ENGINE
-	engine=NULL;
-#endif
-	infile=NULL;
-	outfile=NULL;
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-check") == 0)
-			check=1;
-		else if (strcmp(*argv,"-text") == 0)
-			text=1;
-		else if (strcmp(*argv,"-C") == 0)
-			C=1;
-		else if (strcmp(*argv,"-noout") == 0)
-			noout=1;
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
-		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -check        check the DH parameters\n");
-		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
-		BIO_printf(bio_err," -C            Output C code\n");
-		BIO_printf(bio_err," -noout        no output\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-#endif
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
-        setup_engine(bio_err, engine, 0);
-#endif
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	if	(informat == FORMAT_ASN1)
-		dh=d2i_DHparams_bio(in,NULL);
-	else if (informat == FORMAT_PEM)
-		dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
-	else
-		{
-		BIO_printf(bio_err,"bad input format specified\n");
-		goto end;
-		}
-	if (dh == NULL)
-		{
-		BIO_printf(bio_err,"unable to load DH parameters\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	
-
-	if (text)
-		{
-		DHparams_print(out,dh);
-#ifdef undef
-		printf("p=");
-		BN_print(stdout,dh->p);
-		printf("\ng=");
-		BN_print(stdout,dh->g);
-		printf("\n");
-		if (dh->length != 0)
-			printf("recommended private length=%ld\n",dh->length);
-#endif
-		}
-	
-	if (check)
-		{
-		if (!DH_check(dh,&i))
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (i & DH_CHECK_P_NOT_PRIME)
-			printf("p value is not prime\n");
-		if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-			printf("p value is not a safe prime\n");
-		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
-			printf("unable to check the generator value\n");
-		if (i & DH_NOT_SUITABLE_GENERATOR)
-			printf("the g value is not a generator\n");
-		if (i == 0)
-			printf("DH parameters appear to be ok.\n");
-		}
-	if (C)
-		{
-		unsigned char *data;
-		int len,l,bits;
-
-		len=BN_num_bytes(dh->p);
-		bits=BN_num_bits(dh->p);
-		data=(unsigned char *)OPENSSL_malloc(len);
-		if (data == NULL)
-			{
-			perror("OPENSSL_malloc");
-			goto end;
-			}
-		l=BN_bn2bin(dh->p,data);
-		printf("static unsigned char dh%d_p[]={",bits);
-		for (i=0; i<l; i++)
-			{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-			}
-		printf("\n\t};\n");
-
-		l=BN_bn2bin(dh->g,data);
-		printf("static unsigned char dh%d_g[]={",bits);
-		for (i=0; i<l; i++)
-			{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-			}
-		printf("\n\t};\n\n");
-
-		printf("DH *get_dh%d()\n\t{\n",bits);
-		printf("\tDH *dh;\n\n");
-		printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
-		printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
-			bits,bits);
-		printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
-			bits,bits);
-		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
-		printf("\t\treturn(NULL);\n");
-		printf("\treturn(dh);\n\t}\n");
-		OPENSSL_free(data);
-		}
-
-
-	if (!noout)
-		{
-		if 	(outformat == FORMAT_ASN1)
-			i=i2d_DHparams_bio(out,dh);
-		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_DHparams(out,dh);
-		else	{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			goto end;
-			}
-		if (!i)
-			{
-			BIO_printf(bio_err,"unable to write DH parameters\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-	ret=0;
-end:
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
-	if (dh != NULL) DH_free(dh);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-#else /* !OPENSSL_NO_DH */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/apps/dh1024.pem b/apps/dh1024.pem
deleted file mode 100644
index 6eaeca9b8e..0000000000
--- a/apps/dh1024.pem
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
-jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
-ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
------END DH PARAMETERS-----
-
-These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/apps/dh2048.pem b/apps/dh2048.pem
deleted file mode 100644
index dcd0b8d01b..0000000000
--- a/apps/dh2048.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
-89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
-T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
-zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
-Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
-CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
------END DH PARAMETERS-----
-
-These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
diff --git a/apps/dh4096.pem b/apps/dh4096.pem
deleted file mode 100644
index 1b35ad8e62..0000000000
--- a/apps/dh4096.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
-l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
-Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
-Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
-VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
-alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
-sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
-ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
-OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
-AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
-KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
------END DH PARAMETERS-----
-
-These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/apps/dh512.pem b/apps/dh512.pem
deleted file mode 100644
index 200d16cd89..0000000000
--- a/apps/dh512.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN DH PARAMETERS-----
-MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
-XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
------END DH PARAMETERS-----
-
-These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/apps/dhparam.c b/apps/dhparam.c
deleted file mode 100644
index 1297d6fb5e..0000000000
--- a/apps/dhparam.c
+++ /dev/null
@@ -1,559 +0,0 @@
-/* apps/dhparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_DH
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#undef PROG
-#define PROG	dhparam_main
-
-#define DEFBITS	512
-
-/* -inform arg	- input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg	- input file - default stdin
- * -out arg	- output file - default stdout
- * -dsaparam  - read or generate DSA parameters, convert to DH
- * -check	- check the parameters are ok
- * -noout
- * -text
- * -C
- */
-
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	DH *dh=NULL;
-	int i,badops=0,text=0;
-#ifndef OPENSSL_NO_DSA
-	int dsaparam=0;
-#endif
-	BIO *in=NULL,*out=NULL;
-	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog;
-	char *inrand=NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-	int num = 0, g = 0;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	infile=NULL;
-	outfile=NULL;
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-check") == 0)
-			check=1;
-		else if (strcmp(*argv,"-text") == 0)
-			text=1;
-#ifndef OPENSSL_NO_DSA
-		else if (strcmp(*argv,"-dsaparam") == 0)
-			dsaparam=1;
-#endif
-		else if (strcmp(*argv,"-C") == 0)
-			C=1;
-		else if (strcmp(*argv,"-noout") == 0)
-			noout=1;
-		else if (strcmp(*argv,"-2") == 0)
-			g=2;
-		else if (strcmp(*argv,"-5") == 0)
-			g=5;
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			}
-		else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
-			goto bad;
-		argv++;
-		argc--;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err,"%s [options] [numbits]\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
-		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
-#ifndef OPENSSL_NO_DSA
-		BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");
-#endif
-		BIO_printf(bio_err," -check        check the DH parameters\n");
-		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
-		BIO_printf(bio_err," -C            Output C code\n");
-		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
-		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
-		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-#endif
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,"               the random number generator\n");
-		BIO_printf(bio_err," -noout        no output\n");
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
-        setup_engine(bio_err, engine, 0);
-#endif
-
-	if (g && !num)
-		num = DEFBITS;
-
-#ifndef OPENSSL_NO_DSA
-	if (dsaparam)
-		{
-		if (g)
-			{
-			BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
-			goto end;
-			}
-		}
-	else
-#endif
-		{
-		/* DH parameters */
-		if (num && !g)
-			g = 2;
-		}
-
-	if(num) {
-
-		BN_GENCB cb;
-		BN_GENCB_set(&cb, dh_cb, bio_err);
-		if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
-			{
-			BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-			}
-		if (inrand != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				app_RAND_load_files(inrand));
-
-#ifndef OPENSSL_NO_DSA
-		if (dsaparam)
-			{
-			DSA *dsa = DSA_new();
-			
-			BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
-			if(!dsa || !DSA_generate_parameters_ex(dsa, num,
-						NULL, 0, NULL, NULL, &cb))
-				{
-				if(dsa) DSA_free(dsa);
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-
-			dh = DSA_dup_DH(dsa);
-			DSA_free(dsa);
-			if (dh == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		else
-#endif
-			{
-			dh = DH_new();
-			BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
-			BIO_printf(bio_err,"This is going to take a long time\n");
-			if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-
-		app_RAND_write_file(NULL, bio_err);
-	} else {
-
-		in=BIO_new(BIO_s_file());
-		if (in == NULL)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (infile == NULL)
-			BIO_set_fp(in,stdin,BIO_NOCLOSE);
-		else
-			{
-			if (BIO_read_filename(in,infile) <= 0)
-				{
-				perror(infile);
-				goto end;
-				}
-			}
-
-		if	(informat != FORMAT_ASN1 && informat != FORMAT_PEM)
-			{
-			BIO_printf(bio_err,"bad input format specified\n");
-			goto end;
-			}
-
-#ifndef OPENSSL_NO_DSA
-		if (dsaparam)
-			{
-			DSA *dsa;
-			
-			if (informat == FORMAT_ASN1)
-				dsa=d2i_DSAparams_bio(in,NULL);
-			else /* informat == FORMAT_PEM */
-				dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
-			
-			if (dsa == NULL)
-				{
-				BIO_printf(bio_err,"unable to load DSA parameters\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			
-			dh = DSA_dup_DH(dsa);
-			DSA_free(dsa);
-			if (dh == NULL)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		else
-#endif
-			{
-			if (informat == FORMAT_ASN1)
-				dh=d2i_DHparams_bio(in,NULL);
-			else /* informat == FORMAT_PEM */
-				dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
-			
-			if (dh == NULL)
-				{
-				BIO_printf(bio_err,"unable to load DH parameters\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		
-		/* dh != NULL */
-	}
-	
-	out=BIO_new(BIO_s_file());
-	if (out == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-
-	if (text)
-		{
-		DHparams_print(out,dh);
-		}
-	
-	if (check)
-		{
-		if (!DH_check(dh,&i))
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (i & DH_CHECK_P_NOT_PRIME)
-			printf("p value is not prime\n");
-		if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-			printf("p value is not a safe prime\n");
-		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
-			printf("unable to check the generator value\n");
-		if (i & DH_NOT_SUITABLE_GENERATOR)
-			printf("the g value is not a generator\n");
-		if (i == 0)
-			printf("DH parameters appear to be ok.\n");
-		}
-	if (C)
-		{
-		unsigned char *data;
-		int len,l,bits;
-
-		len=BN_num_bytes(dh->p);
-		bits=BN_num_bits(dh->p);
-		data=(unsigned char *)OPENSSL_malloc(len);
-		if (data == NULL)
-			{
-			perror("OPENSSL_malloc");
-			goto end;
-			}
-		printf("#ifndef HEADER_DH_H\n"
-		       "#include <openssl/dh.h>\n"
-		       "#endif\n");
-		printf("DH *get_dh%d()\n\t{\n",bits);
-
-		l=BN_bn2bin(dh->p,data);
-		printf("\tstatic unsigned char dh%d_p[]={",bits);
-		for (i=0; i<l; i++)
-			{
-			if ((i%12) == 0) printf("\n\t\t");
-			printf("0x%02X,",data[i]);
-			}
-		printf("\n\t\t};\n");
-
-		l=BN_bn2bin(dh->g,data);
-		printf("\tstatic unsigned char dh%d_g[]={",bits);
-		for (i=0; i<l; i++)
-			{
-			if ((i%12) == 0) printf("\n\t\t");
-			printf("0x%02X,",data[i]);
-			}
-		printf("\n\t\t};\n");
-
-		printf("\tDH *dh;\n\n");
-		printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
-		printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
-			bits,bits);
-		printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
-			bits,bits);
-		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
-		printf("\t\t{ DH_free(dh); return(NULL); }\n");
-		if (dh->length)
-			printf("\tdh->length = %ld;\n", dh->length);
-		printf("\treturn(dh);\n\t}\n");
-		OPENSSL_free(data);
-		}
-
-
-	if (!noout)
-		{
-		if 	(outformat == FORMAT_ASN1)
-			i=i2d_DHparams_bio(out,dh);
-		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_DHparams(out,dh);
-		else	{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			goto end;
-			}
-		if (!i)
-			{
-			BIO_printf(bio_err,"unable to write DH parameters\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-	ret=0;
-end:
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
-	if (dh != NULL) DH_free(dh);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
-	{
-	char c='*';
-
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	BIO_write(cb->arg,&c,1);
-	(void)BIO_flush(cb->arg);
-#ifdef LINT
-	p=n;
-#endif
-	return 1;
-	}
-
-#else /* !OPENSSL_NO_DH */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/apps/dsa-ca.pem b/apps/dsa-ca.pem
deleted file mode 100644
index cccc14208f..0000000000
--- a/apps/dsa-ca.pem
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
-PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
-u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
-Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
-hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
-SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
-Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
-94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
-tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
-J6zsFbSEHaQGUmfSeoM=
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE REQUEST-----
-MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
-ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
-sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
-rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
-cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
-bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
-CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
-F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
-vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
-AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
-3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
-AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
------END CERTIFICATE REQUEST-----
------BEGIN CERTIFICATE-----
-MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
-CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
-ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
-AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
-ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
-MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
-MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
-C1Q=
------END CERTIFICATE-----
-
diff --git a/apps/dsa-pca.pem b/apps/dsa-pca.pem
deleted file mode 100644
index d23774edd6..0000000000
--- a/apps/dsa-pca.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
-PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
-u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
-Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
-hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
-SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
-Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
-6TicfImU7UFRn9h00j0lJQ==
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE REQUEST-----
-MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
-MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
-lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
-Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
-5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
-aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
-kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
-QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
-6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
-yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
-z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
-nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
------END CERTIFICATE REQUEST-----
------BEGIN CERTIFICATE-----
-MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
-CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
-ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
-ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
-R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
-JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
-BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
-mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
-VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
-uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
-AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
-5rKUjNBhSg==
------END CERTIFICATE-----
-
diff --git a/apps/dsa.c b/apps/dsa.c
deleted file mode 100644
index 5222487ab9..0000000000
--- a/apps/dsa.c
+++ /dev/null
@@ -1,376 +0,0 @@
-/* apps/dsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_DSA
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/bn.h>
-
-#undef PROG
-#define PROG	dsa_main
-
-/* -inform arg	- input format - default PEM (one of DER, NET or PEM)
- * -outform arg - output format - default PEM
- * -in arg	- input file - default stdin
- * -out arg	- output file - default stdout
- * -des		- encrypt output if PEM format with DES in cbc mode
- * -des3	- encrypt output if PEM format
- * -idea	- encrypt output if PEM format
- * -aes128	- encrypt output if PEM format
- * -aes192	- encrypt output if PEM format
- * -aes256	- encrypt output if PEM format
- * -camellia128 - encrypt output if PEM format
- * -camellia192 - encrypt output if PEM format
- * -camellia256 - encrypt output if PEM format
- * -seed        - encrypt output if PEM format
- * -text	- print a text version
- * -modulus	- print the DSA public key
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	int ret=1;
-	DSA *dsa=NULL;
-	int i,badops=0;
-	const EVP_CIPHER *enc=NULL;
-	BIO *in=NULL,*out=NULL;
-	int informat,outformat,text=0,noout=0;
-	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine;
-#endif
-	char *passargin = NULL, *passargout = NULL;
-	char *passin = NULL, *passout = NULL;
-	int modulus=0;
-
-	int pvk_encr = 2;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-#ifndef OPENSSL_NO_ENGINE
-	engine=NULL;
-#endif
-	infile=NULL;
-	outfile=NULL;
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-pvk-strong") == 0)
-			pvk_encr=2;
-		else if (strcmp(*argv,"-pvk-weak") == 0)
-			pvk_encr=1;
-		else if (strcmp(*argv,"-pvk-none") == 0)
-			pvk_encr=0;
-		else if (strcmp(*argv,"-noout") == 0)
-			noout=1;
-		else if (strcmp(*argv,"-text") == 0)
-			text=1;
-		else if (strcmp(*argv,"-modulus") == 0)
-			modulus=1;
-		else if (strcmp(*argv,"-pubin") == 0)
-			pubin=1;
-		else if (strcmp(*argv,"-pubout") == 0)
-			pubout=1;
-		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg     input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg    output format - DER or PEM\n");
-		BIO_printf(bio_err," -in arg         input file\n");
-		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
-		BIO_printf(bio_err," -out arg        output file\n");
-		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
-#endif
-		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
-		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef OPENSSL_NO_IDEA
-		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
-#endif
-#ifndef OPENSSL_NO_AES
-		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
-		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
-		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
-#endif
-#ifndef OPENSSL_NO_SEED
-		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");
-#endif
-		BIO_printf(bio_err," -text           print the key in text\n");
-		BIO_printf(bio_err," -noout          don't print key out\n");
-		BIO_printf(bio_err," -modulus        print the DSA public value\n");
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
-		BIO_printf(bio_err, "Error getting passwords\n");
-		goto end;
-	}
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-
-	BIO_printf(bio_err,"read DSA key\n");
-
-		{
-		EVP_PKEY	*pkey;
-
-		if (pubin)
-			pkey = load_pubkey(bio_err, infile, informat, 1,
-				passin, e, "Public Key");
-		else
-			pkey = load_key(bio_err, infile, informat, 1,
-				passin, e, "Private Key");
-
-		if (pkey)
-			{
-			dsa = EVP_PKEY_get1_DSA(pkey);
-			EVP_PKEY_free(pkey);
-			}
-		}
-	if (dsa == NULL)
-		{
-		BIO_printf(bio_err,"unable to load Key\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	if (text) 
-		if (!DSA_print(out,dsa,0))
-			{
-			perror(outfile);
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-	if (modulus)
-		{
-		fprintf(stdout,"Public Key=");
-		BN_print(out,dsa->pub_key);
-		fprintf(stdout,"\n");
-		}
-
-	if (noout) goto end;
-	BIO_printf(bio_err,"writing DSA key\n");
-	if 	(outformat == FORMAT_ASN1) {
-		if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
-		else i=i2d_DSAPrivateKey_bio(out,dsa);
-	} else if (outformat == FORMAT_PEM) {
-		if(pubin || pubout)
-			i=PEM_write_bio_DSA_PUBKEY(out,dsa);
-		else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
-							NULL,0,NULL, passout);
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
-	} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
-		EVP_PKEY *pk;
-		pk = EVP_PKEY_new();
-		EVP_PKEY_set1_DSA(pk, dsa);
-		if (outformat == FORMAT_PVK)
-			i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
-		else if (pubin || pubout)
-			i = i2b_PublicKey_bio(out, pk);
-		else
-			i = i2b_PrivateKey_bio(out, pk);
-		EVP_PKEY_free(pk);
-#endif
-	} else {
-		BIO_printf(bio_err,"bad output format specified for outfile\n");
-		goto end;
-		}
-	if (i <= 0)
-		{
-		BIO_printf(bio_err,"unable to write private key\n");
-		ERR_print_errors(bio_err);
-		}
-	else
-		ret=0;
-end:
-	if(in != NULL) BIO_free(in);
-	if(out != NULL) BIO_free_all(out);
-	if(dsa != NULL) DSA_free(dsa);
-	if(passin) OPENSSL_free(passin);
-	if(passout) OPENSSL_free(passout);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-#else /* !OPENSSL_NO_DSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/apps/dsa1024.pem b/apps/dsa1024.pem
deleted file mode 100644
index 082dec3897..0000000000
--- a/apps/dsa1024.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN DSA PARAMETERS-----
-MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
-mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
-OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
-bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
-3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
-zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
-Arg=
------END DSA PARAMETERS-----
diff --git a/apps/dsa512.pem b/apps/dsa512.pem
deleted file mode 100644
index 5f86d1a6e7..0000000000
--- a/apps/dsa512.pem
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN DSA PARAMETERS-----
-MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
-TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
-gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
-L8wka5B33qJoplISogOdIA==
------END DSA PARAMETERS-----
diff --git a/apps/dsap.pem b/apps/dsap.pem
deleted file mode 100644
index d4dfdb3054..0000000000
--- a/apps/dsap.pem
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN DSA PARAMETERS-----
-MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
-GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
-t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
-ADiRffvSdhrNw5dkqdql
------END DSA PARAMETERS-----
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
deleted file mode 100644
index 683d51391b..0000000000
--- a/apps/dsaparam.c
+++ /dev/null
@@ -1,486 +0,0 @@
-/* apps/dsaparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	dsaparam_main
-
-/* -inform arg	- input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg	- input file - default stdin
- * -out arg	- output file - default stdout
- * -noout
- * -text
- * -C
- * -noout
- * -genkey
- *  #ifdef GENCB_TEST
- * -timebomb n  - interrupt keygen after <n> seconds
- *  #endif
- */
-
-#ifdef GENCB_TEST
-
-static int stop_keygen_flag = 0;
-
-static void timebomb_sigalarm(int foo)
-	{
-	stop_keygen_flag = 1;
-	}
-
-#endif
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	DSA *dsa=NULL;
-	int i,badops=0,text=0;
-	BIO *in=NULL,*out=NULL;
-	int informat,outformat,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog,*inrand=NULL;
-	int numbits= -1,num,genkey=0;
-	int need_rand=0;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-#ifdef GENCB_TEST
-	int timebomb=0;
-#endif
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	infile=NULL;
-	outfile=NULL;
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if(strcmp(*argv, "-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine = *(++argv);
-			}
-#endif
-#ifdef GENCB_TEST
-		else if(strcmp(*argv, "-timebomb") == 0)
-			{
-			if (--argc < 1) goto bad;
-			timebomb = atoi(*(++argv));
-			}
-#endif
-		else if (strcmp(*argv,"-text") == 0)
-			text=1;
-		else if (strcmp(*argv,"-C") == 0)
-			C=1;
-		else if (strcmp(*argv,"-genkey") == 0)
-			{
-			genkey=1;
-			need_rand=1;
-			}
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			need_rand=1;
-			}
-		else if (strcmp(*argv,"-noout") == 0)
-			noout=1;
-		else if (sscanf(*argv,"%d",&num) == 1)
-			{
-			/* generate a key */
-			numbits=num;
-			need_rand=1;
-			}
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
-		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -text         print as text\n");
-		BIO_printf(bio_err," -C            Output C code\n");
-		BIO_printf(bio_err," -noout        no output\n");
-		BIO_printf(bio_err," -genkey       generate a DSA key\n");
-		BIO_printf(bio_err," -rand         files to use for random number input\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-#endif
-#ifdef GENCB_TEST
-		BIO_printf(bio_err," -timebomb n   interrupt keygen after <n> seconds\n");
-#endif
-		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-#ifndef OPENSSL_NO_ENGINE
-        setup_engine(bio_err, engine, 0);
-#endif
-
-	if (need_rand)
-		{
-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-		if (inrand != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				app_RAND_load_files(inrand));
-		}
-
-	if (numbits > 0)
-		{
-		BN_GENCB cb;
-		BN_GENCB_set(&cb, dsa_cb, bio_err);
-		assert(need_rand);
-		dsa = DSA_new();
-		if(!dsa)
-			{
-			BIO_printf(bio_err,"Error allocating DSA object\n");
-			goto end;
-			}
-		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
-	        BIO_printf(bio_err,"This could take some time\n");
-#ifdef GENCB_TEST
-		if(timebomb > 0)
-	{
-		struct sigaction act;
-		act.sa_handler = timebomb_sigalarm;
-		act.sa_flags = 0;
-		BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
-				timebomb);
-		if(sigaction(SIGALRM, &act, NULL) != 0)
-			{
-			BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
-			goto end;
-			}
-		alarm(timebomb);
-	}
-#endif
-	        if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
-			{
-#ifdef GENCB_TEST
-			if(stop_keygen_flag)
-				{
-				BIO_printf(bio_err,"DSA key generation time-stopped\n");
-				/* This is an asked-for behaviour! */
-				ret = 0;
-				goto end;
-				}
-#endif
-			ERR_print_errors(bio_err);
-			BIO_printf(bio_err,"Error, DSA key generation failed\n");
-			goto end;
-			}
-		}
-	else if	(informat == FORMAT_ASN1)
-		dsa=d2i_DSAparams_bio(in,NULL);
-	else if (informat == FORMAT_PEM)
-		dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
-	else
-		{
-		BIO_printf(bio_err,"bad input format specified\n");
-		goto end;
-		}
-	if (dsa == NULL)
-		{
-		BIO_printf(bio_err,"unable to load DSA parameters\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (text)
-		{
-		DSAparams_print(out,dsa);
-		}
-	
-	if (C)
-		{
-		unsigned char *data;
-		int l,len,bits_p;
-
-		len=BN_num_bytes(dsa->p);
-		bits_p=BN_num_bits(dsa->p);
-		data=(unsigned char *)OPENSSL_malloc(len+20);
-		if (data == NULL)
-			{
-			perror("OPENSSL_malloc");
-			goto end;
-			}
-		l=BN_bn2bin(dsa->p,data);
-		printf("static unsigned char dsa%d_p[]={",bits_p);
-		for (i=0; i<l; i++)
-			{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-			}
-		printf("\n\t};\n");
-
-		l=BN_bn2bin(dsa->q,data);
-		printf("static unsigned char dsa%d_q[]={",bits_p);
-		for (i=0; i<l; i++)
-			{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-			}
-		printf("\n\t};\n");
-
-		l=BN_bn2bin(dsa->g,data);
-		printf("static unsigned char dsa%d_g[]={",bits_p);
-		for (i=0; i<l; i++)
-			{
-			if ((i%12) == 0) printf("\n\t");
-			printf("0x%02X,",data[i]);
-			}
-		printf("\n\t};\n\n");
-
-		printf("DSA *get_dsa%d()\n\t{\n",bits_p);
-		printf("\tDSA *dsa;\n\n");
-		printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");
-		printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",
-			bits_p,bits_p);
-		printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",
-			bits_p,bits_p);
-		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
-			bits_p,bits_p);
-		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
-		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
-		printf("\treturn(dsa);\n\t}\n");
-		}
-
-
-	if (!noout)
-		{
-		if 	(outformat == FORMAT_ASN1)
-			i=i2d_DSAparams_bio(out,dsa);
-		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_DSAparams(out,dsa);
-		else	{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			goto end;
-			}
-		if (!i)
-			{
-			BIO_printf(bio_err,"unable to write DSA parameters\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-	if (genkey)
-		{
-		DSA *dsakey;
-
-		assert(need_rand);
-		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
-		if (!DSA_generate_key(dsakey))
-			{
-			ERR_print_errors(bio_err);
-			DSA_free(dsakey);
-			goto end;
-			}
-		if 	(outformat == FORMAT_ASN1)
-			i=i2d_DSAPrivateKey_bio(out,dsakey);
-		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
-		else	{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			DSA_free(dsakey);
-			goto end;
-			}
-		DSA_free(dsakey);
-		}
-	if (need_rand)
-		app_RAND_write_file(NULL, bio_err);
-	ret=0;
-end:
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
-	if (dsa != NULL) DSA_free(dsa);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
-	{
-	char c='*';
-
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	BIO_write(cb->arg,&c,1);
-	(void)BIO_flush(cb->arg);
-#ifdef LINT
-	p=n;
-#endif
-#ifdef GENCB_TEST
-	if(stop_keygen_flag)
-		return 0;
-#endif
-	return 1;
-	}
-#else /* !OPENSSL_NO_DSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/apps/ec.c b/apps/ec.c
deleted file mode 100644
index 896eabc13f..0000000000
--- a/apps/ec.c
+++ /dev/null
@@ -1,406 +0,0 @@
-/* apps/ec.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_EC
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	ec_main
-
-/* -inform arg    - input format - default PEM (one of DER, NET or PEM)
- * -outform arg   - output format - default PEM
- * -in arg        - input file - default stdin
- * -out arg       - output file - default stdout
- * -des           - encrypt output if PEM format with DES in cbc mode
- * -text          - print a text version
- * -param_out     - print the elliptic curve parameters
- * -conv_form arg - specifies the point encoding form
- * -param_enc arg - specifies the parameter encoding
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-	int 	ret = 1;
-	EC_KEY 	*eckey = NULL;
-	const EC_GROUP *group;
-	int 	i, badops = 0;
-	const EVP_CIPHER *enc = NULL;
-	BIO 	*in = NULL, *out = NULL;
-	int 	informat, outformat, text=0, noout=0;
-	int  	pubin = 0, pubout = 0, param_out = 0;
-	char 	*infile, *outfile, *prog, *engine;
-	char 	*passargin = NULL, *passargout = NULL;
-	char 	*passin = NULL, *passout = NULL;
-	point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
-	int	new_form = 0;
-	int	asn1_flag = OPENSSL_EC_NAMED_CURVE;
-	int 	new_asn1_flag = 0;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	engine = NULL;
-	infile = NULL;
-	outfile = NULL;
-	informat = FORMAT_PEM;
-	outformat = FORMAT_PEM;
-
-	prog = argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if (strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
-		else if (strcmp(*argv, "-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-		else if (strcmp(*argv, "-noout") == 0)
-			noout = 1;
-		else if (strcmp(*argv, "-text") == 0)
-			text = 1;
-		else if (strcmp(*argv, "-conv_form") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			++argv;
-			new_form = 1;
-			if (strcmp(*argv, "compressed") == 0)
-				form = POINT_CONVERSION_COMPRESSED;
-			else if (strcmp(*argv, "uncompressed") == 0)
-				form = POINT_CONVERSION_UNCOMPRESSED;
-			else if (strcmp(*argv, "hybrid") == 0)
-				form = POINT_CONVERSION_HYBRID;
-			else
-				goto bad;
-			}
-		else if (strcmp(*argv, "-param_enc") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			++argv;
-			new_asn1_flag = 1;
-			if (strcmp(*argv, "named_curve") == 0)
-				asn1_flag = OPENSSL_EC_NAMED_CURVE;
-			else if (strcmp(*argv, "explicit") == 0)
-				asn1_flag = 0;
-			else
-				goto bad;
-			}
-		else if (strcmp(*argv, "-param_out") == 0)
-			param_out = 1;
-		else if (strcmp(*argv, "-pubin") == 0)
-			pubin=1;
-		else if (strcmp(*argv, "-pubout") == 0)
-			pubout=1;
-		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
-			{
-			BIO_printf(bio_err, "unknown option %s\n", *argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, " -inform arg     input format - "
-				"DER or PEM\n");
-		BIO_printf(bio_err, " -outform arg    output format - "
-				"DER or PEM\n");
-		BIO_printf(bio_err, " -in arg         input file\n");
-		BIO_printf(bio_err, " -passin arg     input file pass "
-				"phrase source\n");
-		BIO_printf(bio_err, " -out arg        output file\n");
-		BIO_printf(bio_err, " -passout arg    output file pass "
-				"phrase source\n");
-		BIO_printf(bio_err, " -engine e       use engine e, "
-				"possibly a hardware device.\n");
-		BIO_printf(bio_err, " -des            encrypt PEM output, "
-				"instead of 'des' every other \n"
-				"                 cipher "
-				"supported by OpenSSL can be used\n");
-		BIO_printf(bio_err, " -text           print the key\n");
-		BIO_printf(bio_err, " -noout          don't print key out\n");
-		BIO_printf(bio_err, " -param_out      print the elliptic "
-				"curve parameters\n");
-		BIO_printf(bio_err, " -conv_form arg  specifies the "
-				"point conversion form \n");
-		BIO_printf(bio_err, "                 possible values:"
-				" compressed\n");
-		BIO_printf(bio_err, "                                 "
-				" uncompressed (default)\n");
-		BIO_printf(bio_err, "                                  "
-				" hybrid\n");
-		BIO_printf(bio_err, " -param_enc arg  specifies the way"
-				" the ec parameters are encoded\n");
-		BIO_printf(bio_err, "                 in the asn1 der "
-				"encoding\n");
-		BIO_printf(bio_err, "                 possible values:"
-				" named_curve (default)\n");
-		BIO_printf(bio_err,"                                  "
-				"explicit\n");
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
-        setup_engine(bio_err, engine, 0);
-#endif
-
-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 
-		{
-		BIO_printf(bio_err, "Error getting passwords\n");
-		goto end;
-		}
-
-	in = BIO_new(BIO_s_file());
-	out = BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in, stdin, BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in, infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-
-	BIO_printf(bio_err, "read EC key\n");
-	if (informat == FORMAT_ASN1) 
-		{
-		if (pubin) 
-			eckey = d2i_EC_PUBKEY_bio(in, NULL);
-		else 
-			eckey = d2i_ECPrivateKey_bio(in, NULL);
-		} 
-	else if (informat == FORMAT_PEM) 
-		{
-		if (pubin) 
-			eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, 
-				NULL);
-		else 
-			eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
-				passin);
-		} 
-	else
-		{
-		BIO_printf(bio_err, "bad input format specified for key\n");
-		goto end;
-		}
-	if (eckey == NULL)
-		{
-		BIO_printf(bio_err,"unable to load Key\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out, stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out, outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	group = EC_KEY_get0_group(eckey);
-
-	if (new_form)
-		EC_KEY_set_conv_form(eckey, form);
-
-	if (new_asn1_flag)
-		EC_KEY_set_asn1_flag(eckey, asn1_flag);
-
-	if (text) 
-		if (!EC_KEY_print(out, eckey, 0))
-			{
-			perror(outfile);
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-	if (noout) 
-		{
-		ret = 0;
-		goto end;
-		}
-
-	BIO_printf(bio_err, "writing EC key\n");
-	if (outformat == FORMAT_ASN1) 
-		{
-		if (param_out)
-			i = i2d_ECPKParameters_bio(out, group);
-		else if (pubin || pubout) 
-			i = i2d_EC_PUBKEY_bio(out, eckey);
-		else 
-			i = i2d_ECPrivateKey_bio(out, eckey);
-		} 
-	else if (outformat == FORMAT_PEM) 
-		{
-		if (param_out)
-			i = PEM_write_bio_ECPKParameters(out, group);
-		else if (pubin || pubout)
-			i = PEM_write_bio_EC_PUBKEY(out, eckey);
-		else 
-			i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
-						NULL, 0, NULL, passout);
-		} 
-	else 
-		{
-		BIO_printf(bio_err, "bad output format specified for "
-			"outfile\n");
-		goto end;
-		}
-
-	if (!i)
-		{
-		BIO_printf(bio_err, "unable to write private key\n");
-		ERR_print_errors(bio_err);
-		}
-	else
-		ret=0;
-end:
-	if (in)
-		BIO_free(in);
-	if (out)
-		BIO_free_all(out);
-	if (eckey)
-		EC_KEY_free(eckey);
-	if (passin)
-		OPENSSL_free(passin);
-	if (passout)
-		OPENSSL_free(passout);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-}
-#else /* !OPENSSL_NO_EC */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/apps/ecparam.c b/apps/ecparam.c
deleted file mode 100644
index 976ebef12b..0000000000
--- a/apps/ecparam.c
+++ /dev/null
@@ -1,731 +0,0 @@
-/* apps/ecparam.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_EC
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	ecparam_main
-
-/* -inform arg      - input format - default PEM (DER or PEM)
- * -outform arg     - output format - default PEM
- * -in  arg         - input file  - default stdin
- * -out arg         - output file - default stdout
- * -noout           - do not print the ec parameter
- * -text            - print the ec parameters in text form
- * -check           - validate the ec parameters
- * -C               - print a 'C' function creating the parameters
- * -name arg        - use the ec parameters with 'short name' name
- * -list_curves     - prints a list of all currently available curve 'short names'
- * -conv_form arg   - specifies the point conversion form 
- *                  - possible values: compressed
- *                                     uncompressed (default)
- *                                     hybrid
- * -param_enc arg   - specifies the way the ec parameters are encoded
- *                    in the asn1 der encoding
- *                    possible values: named_curve (default)
- *                                     explicit
- * -no_seed         - if 'explicit' parameters are chosen do not use the seed
- * -genkey          - generate ec key
- * -rand file       - files to use for random number input
- * -engine e        - use engine e, possibly a hardware device
- */
-
-
-static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	EC_GROUP *group = NULL;
-	point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; 
-	int 	new_form = 0;
-	int 	asn1_flag = OPENSSL_EC_NAMED_CURVE;
-	int 	new_asn1_flag = 0;
-	char 	*curve_name = NULL, *inrand = NULL;
-	int	list_curves = 0, no_seed = 0, check = 0,
-		badops = 0, text = 0, i, need_rand = 0, genkey = 0;
-	char	*infile = NULL, *outfile = NULL, *prog;
-	BIO 	*in = NULL, *out = NULL;
-	int 	informat, outformat, noout = 0, C = 0, ret = 1;
-	char	*engine = NULL;
-
-	BIGNUM	*ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
-		*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
-	unsigned char *buffer = NULL;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-text") == 0)
-			text = 1;
-		else if (strcmp(*argv,"-C") == 0)
-			C = 1;
-		else if (strcmp(*argv,"-check") == 0)
-			check = 1;
-		else if (strcmp (*argv, "-name") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			curve_name = *(++argv);
-			}
-		else if (strcmp(*argv, "-list_curves") == 0)
-			list_curves = 1;
-		else if (strcmp(*argv, "-conv_form") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			++argv;
-			new_form = 1;
-			if (strcmp(*argv, "compressed") == 0)
-				form = POINT_CONVERSION_COMPRESSED;
-			else if (strcmp(*argv, "uncompressed") == 0)
-				form = POINT_CONVERSION_UNCOMPRESSED;
-			else if (strcmp(*argv, "hybrid") == 0)
-				form = POINT_CONVERSION_HYBRID;
-			else
-				goto bad;
-			}
-		else if (strcmp(*argv, "-param_enc") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			++argv;
-			new_asn1_flag = 1;
-			if (strcmp(*argv, "named_curve") == 0)
-				asn1_flag = OPENSSL_EC_NAMED_CURVE;
-			else if (strcmp(*argv, "explicit") == 0)
-				asn1_flag = 0;
-			else
-				goto bad;
-			}
-		else if (strcmp(*argv, "-no_seed") == 0)
-			no_seed = 1;
-		else if (strcmp(*argv, "-noout") == 0)
-			noout=1;
-		else if (strcmp(*argv,"-genkey") == 0)
-			{
-			genkey=1;
-			need_rand=1;
-			}
-		else if (strcmp(*argv, "-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			need_rand=1;
-			}
-		else if(strcmp(*argv, "-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine = *(++argv);
-			}	
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, " -inform arg       input format - "
-				"default PEM (DER or PEM)\n");
-		BIO_printf(bio_err, " -outform arg      output format - "
-				"default PEM\n");
-		BIO_printf(bio_err, " -in  arg          input file  - "
-				"default stdin\n");
-		BIO_printf(bio_err, " -out arg          output file - "
-				"default stdout\n");
-		BIO_printf(bio_err, " -noout            do not print the "
-				"ec parameter\n");
-		BIO_printf(bio_err, " -text             print the ec "
-				"parameters in text form\n");
-		BIO_printf(bio_err, " -check            validate the ec "
-				"parameters\n");
-		BIO_printf(bio_err, " -C                print a 'C' "
-				"function creating the parameters\n");
-		BIO_printf(bio_err, " -name arg         use the "
-				"ec parameters with 'short name' name\n");
-		BIO_printf(bio_err, " -list_curves      prints a list of "
-				"all currently available curve 'short names'\n");
-		BIO_printf(bio_err, " -conv_form arg    specifies the "
-				"point conversion form \n");
-		BIO_printf(bio_err, "                   possible values:"
-				" compressed\n");
-		BIO_printf(bio_err, "                                   "
-				" uncompressed (default)\n");
-		BIO_printf(bio_err, "                                   "
-				" hybrid\n");
-		BIO_printf(bio_err, " -param_enc arg    specifies the way"
-				" the ec parameters are encoded\n");
-		BIO_printf(bio_err, "                   in the asn1 der "
-				"encoding\n");
-		BIO_printf(bio_err, "                   possible values:"
-				" named_curve (default)\n");
-		BIO_printf(bio_err, "                                   "
-				" explicit\n");
-		BIO_printf(bio_err, " -no_seed          if 'explicit'"
-				" parameters are chosen do not"
-				" use the seed\n");
-		BIO_printf(bio_err, " -genkey           generate ec"
-				" key\n");
-		BIO_printf(bio_err, " -rand file        files to use for"
-				" random number input\n");
-		BIO_printf(bio_err, " -engine e         use engine e, "
-				"possibly a hardware device\n");
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-#ifndef OPENSSL_NO_ENGINE
-	setup_engine(bio_err, engine, 0);
-#endif
-
-	if (list_curves)
-		{
-		EC_builtin_curve *curves = NULL;
-		size_t crv_len = 0;
-		size_t n = 0;
-
-		crv_len = EC_get_builtin_curves(NULL, 0);
-
-		curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));
-
-		if (curves == NULL)
-			goto end;
-
-		if (!EC_get_builtin_curves(curves, crv_len))
-			{
-			OPENSSL_free(curves);
-			goto end;
-			}
-
-		
-		for (n = 0; n < crv_len; n++)
-			{
-			const char *comment;
-			const char *sname;
-			comment = curves[n].comment;
-			sname   = OBJ_nid2sn(curves[n].nid);
-			if (comment == NULL)
-				comment = "CURVE DESCRIPTION NOT AVAILABLE";
-			if (sname == NULL)
-				sname = "";
-
-			BIO_printf(out, "  %-10s: ", sname);
-			BIO_printf(out, "%s\n", comment);
-			} 
-
-		OPENSSL_free(curves);
-		ret = 0;
-		goto end;
-		}
-
-	if (curve_name != NULL)
-		{
-		int nid;
-
-		/* workaround for the SECG curve names secp192r1
-		 * and secp256r1 (which are the same as the curves
-		 * prime192v1 and prime256v1 defined in X9.62)
-		 */
-		if (!strcmp(curve_name, "secp192r1"))
-			{
-			BIO_printf(bio_err, "using curve name prime192v1 "
-				"instead of secp192r1\n");
-			nid = NID_X9_62_prime192v1;
-			}
-		else if (!strcmp(curve_name, "secp256r1"))
-			{
-			BIO_printf(bio_err, "using curve name prime256v1 "
-				"instead of secp256r1\n");
-			nid = NID_X9_62_prime256v1;
-			}
-		else
-			nid = OBJ_sn2nid(curve_name);
-	
-		if (nid == 0)
-			{
-			BIO_printf(bio_err, "unknown curve name (%s)\n", 
-				curve_name);
-			goto end;
-			}
-
-		group = EC_GROUP_new_by_curve_name(nid);
-		if (group == NULL)
-			{
-			BIO_printf(bio_err, "unable to create curve (%s)\n", 
-				curve_name);
-			goto end;
-			}
-		EC_GROUP_set_asn1_flag(group, asn1_flag);
-		EC_GROUP_set_point_conversion_form(group, form);
-		}
-	else if (informat == FORMAT_ASN1)
-		{
-		group = d2i_ECPKParameters_bio(in, NULL);
-		}
-	else if (informat == FORMAT_PEM)
-		{
-		group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
-		}
-	else
-		{
-		BIO_printf(bio_err, "bad input format specified\n");
-		goto end;
-		}
-
-	if (group == NULL)
-		{
-		BIO_printf(bio_err, 
-			"unable to load elliptic curve parameters\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (new_form)
-		EC_GROUP_set_point_conversion_form(group, form);
-
-	if (new_asn1_flag)
-		EC_GROUP_set_asn1_flag(group, asn1_flag);
-
-	if (no_seed)
-		{
-		EC_GROUP_set_seed(group, NULL, 0);
-		}
-
-	if (text)
-		{
-		if (!ECPKParameters_print(out, group, 0))
-			goto end;
-		}
-
-	if (check)
-		{
-		if (group == NULL)
-			BIO_printf(bio_err, "no elliptic curve parameters\n");
-		BIO_printf(bio_err, "checking elliptic curve parameters: ");
-		if (!EC_GROUP_check(group, NULL))
-			{
-			BIO_printf(bio_err, "failed\n");
-			ERR_print_errors(bio_err);
-			}
-		else
-			BIO_printf(bio_err, "ok\n");
-			
-		}
-
-	if (C)
-		{
-		size_t	buf_len = 0, tmp_len = 0;
-		const EC_POINT *point;
-		int	is_prime, len = 0;
-		const EC_METHOD *meth = EC_GROUP_method_of(group);
-
-		if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
-		    (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
-		    (ec_order = BN_new()) == NULL || 
-		    (ec_cofactor = BN_new()) == NULL )
-			{
-			perror("OPENSSL_malloc");
-			goto end;
-			}
-
-		is_prime = (EC_METHOD_get_field_type(meth) == 
-			NID_X9_62_prime_field);
-
-		if (is_prime)
-			{
-			if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
-				ec_b, NULL))
-				goto end;
-			}
-		else
-			{
-			/* TODO */
-			goto end;
-			}
-
-		if ((point = EC_GROUP_get0_generator(group)) == NULL)
-			goto end;
-		if (!EC_POINT_point2bn(group, point, 
-			EC_GROUP_get_point_conversion_form(group), ec_gen, 
-			NULL))
-			goto end;
-		if (!EC_GROUP_get_order(group, ec_order, NULL))
-			goto end;
-		if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
-			goto end;
-
-		if (!ec_p || !ec_a || !ec_b || !ec_gen || 
-			!ec_order || !ec_cofactor)
-			goto end;
-
-		len = BN_num_bits(ec_order);
-
-		if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
-			buf_len = tmp_len;
-		if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
-			buf_len = tmp_len;
-
-		buffer = (unsigned char *)OPENSSL_malloc(buf_len);
-
-		if (buffer == NULL)
-			{
-			perror("OPENSSL_malloc");
-			goto end;
-			}
-
-		ecparam_print_var(out, ec_p, "ec_p", len, buffer);
-		ecparam_print_var(out, ec_a, "ec_a", len, buffer);
-		ecparam_print_var(out, ec_b, "ec_b", len, buffer);
-		ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
-		ecparam_print_var(out, ec_order, "ec_order", len, buffer);
-		ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, 
-			buffer);
-
-		BIO_printf(out, "\n\n");
-
-		BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
-		BIO_printf(out, "\tint ok=0;\n");
-		BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
-		BIO_printf(out, "\tEC_POINT *point = NULL;\n");
-		BIO_printf(out, "\tBIGNUM   *tmp_1 = NULL, *tmp_2 = NULL, "
-				"*tmp_3 = NULL;\n\n");
-		BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
-				"sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
-				"goto err;\n", len, len);
-		BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
-				"sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
-				"goto err;\n", len, len);
-		BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
-				"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
-				"goto err;\n", len, len);
-		if (is_prime)
-			{
-			BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
-				"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
-				"\n\t\tgoto err;\n\n");
-			}
-		else
-			{
-			/* TODO */
-			goto end;
-			}
-		BIO_printf(out, "\t/* build generator */\n");
-		BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
-				"sizeof(ec_gen_%d), tmp_1)) == NULL)"
-				"\n\t\tgoto err;\n", len, len);
-		BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
-				"NULL, NULL);\n");
-		BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
-		BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
-				"sizeof(ec_order_%d), tmp_2)) == NULL)"
-				"\n\t\tgoto err;\n", len, len);
-		BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
-				"sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
-				"\n\t\tgoto err;\n", len, len);
-		BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
-				" tmp_2, tmp_3))\n\t\tgoto err;\n");
-		BIO_printf(out, "\n\tok=1;\n");
-		BIO_printf(out, "err:\n");
-		BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
-		BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
-		BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
-		BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
-		BIO_printf(out, "\tif (!ok)\n");
-		BIO_printf(out, "\t\t{\n");
-		BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
-		BIO_printf(out, "\t\tgroup = NULL;\n");
-		BIO_printf(out, "\t\t}\n");
-		BIO_printf(out, "\treturn(group);\n\t}\n");
-	}
-
-	if (!noout)
-		{
-		if (outformat == FORMAT_ASN1)
-			i = i2d_ECPKParameters_bio(out, group);
-		else if (outformat == FORMAT_PEM)
-			i = PEM_write_bio_ECPKParameters(out, group);
-		else	
-			{
-			BIO_printf(bio_err,"bad output format specified for"
-				" outfile\n");
-			goto end;
-			}
-		if (!i)
-			{
-			BIO_printf(bio_err, "unable to write elliptic "
-				"curve parameters\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-	
-	if (need_rand)
-		{
-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-		if (inrand != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				app_RAND_load_files(inrand));
-		}
-
-	if (genkey)
-		{
-		EC_KEY *eckey = EC_KEY_new();
-
-		if (eckey == NULL)
-			goto end;
-
-		assert(need_rand);
-
-		if (EC_KEY_set_group(eckey, group) == 0)
-			goto end;
-		
-		if (!EC_KEY_generate_key(eckey))
-			{
-			EC_KEY_free(eckey);
-			goto end;
-			}
-		if (outformat == FORMAT_ASN1)
-			i = i2d_ECPrivateKey_bio(out, eckey);
-		else if (outformat == FORMAT_PEM)
-			i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
-				NULL, 0, NULL, NULL);
-		else	
-			{
-			BIO_printf(bio_err, "bad output format specified "
-				"for outfile\n");
-			EC_KEY_free(eckey);
-			goto end;
-			}
-		EC_KEY_free(eckey);
-		}
-
-	if (need_rand)
-		app_RAND_write_file(NULL, bio_err);
-
-	ret=0;
-end:
-	if (ec_p)
-		BN_free(ec_p);
-	if (ec_a)
-		BN_free(ec_a);
-	if (ec_b)
-		BN_free(ec_b);
-	if (ec_gen)
-		BN_free(ec_gen);
-	if (ec_order)
-		BN_free(ec_order);
-	if (ec_cofactor)
-		BN_free(ec_cofactor);
-	if (buffer)
-		OPENSSL_free(buffer);
-	if (in != NULL)
-		BIO_free(in);
-	if (out != NULL)
-		BIO_free_all(out);
-	if (group != NULL)
-		EC_GROUP_free(group);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-}
-
-static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
-	int len, unsigned char *buffer)
-	{
-	BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
-	if (BN_is_zero(in))
-		BIO_printf(out, "\n\t0x00");
-	else 
-		{
-		int i, l;
-
-		l = BN_bn2bin(in, buffer);
-		for (i=0; i<l-1; i++)
-			{
-			if ((i%12) == 0) 
-				BIO_printf(out, "\n\t");
-			BIO_printf(out, "0x%02X,", buffer[i]);
-			}
-		if ((i%12) == 0) 
-			BIO_printf(out, "\n\t");
-		BIO_printf(out, "0x%02X", buffer[i]);
-		}
-	BIO_printf(out, "\n\t};\n\n");
-	return 1;
-	}
-#else /* !OPENSSL_NO_EC */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/apps/enc.c b/apps/enc.c
deleted file mode 100644
index c8cb021224..0000000000
--- a/apps/enc.c
+++ /dev/null
@@ -1,746 +0,0 @@
-/* apps/enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-#include <openssl/pem.h>
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <ctype.h>
-
-int set_hex(char *in,unsigned char *out,int size);
-#undef SIZE
-#undef BSIZE
-#undef PROG
-
-#define SIZE	(512)
-#define BSIZE	(8*1024)
-#define	PROG	enc_main
-
-static void show_ciphers(const OBJ_NAME *name,void *bio_)
-	{
-	BIO *bio=bio_;
-	static int n;
-
-	if(!islower((unsigned char)*name->name))
-		return;
-
-	BIO_printf(bio,"-%-25s",name->name);
-	if(++n == 3)
-		{
-		BIO_printf(bio,"\n");
-		n=0;
-		}
-	else
-		BIO_printf(bio," ");
-	}
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	static const char magic[]="Salted__";
-	char mbuf[sizeof magic-1];
-	char *strbuf=NULL;
-	unsigned char *buff=NULL,*bufsize=NULL;
-	int bsize=BSIZE,verbose=0;
-	int ret=1,inl;
-	int nopad = 0;
-	unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
-	unsigned char salt[PKCS5_SALT_LEN];
-	char *str=NULL, *passarg = NULL, *pass = NULL;
-	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
-	char *md=NULL;
-	int enc=1,printkey=0,i,base64=0;
-#ifdef ZLIB
-	int do_zlib=0;
-	BIO *bzl = NULL;
-#endif
-	int debug=0,olb64=0,nosalt=0;
-	const EVP_CIPHER *cipher=NULL,*c;
-	EVP_CIPHER_CTX *ctx = NULL;
-	char *inf=NULL,*outf=NULL;
-	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
-#define PROG_NAME_SIZE  39
-	char pname[PROG_NAME_SIZE+1];
-#ifndef OPENSSL_NO_ENGINE
-	char *engine = NULL;
-#endif
-	const EVP_MD *dgst=NULL;
-	int non_fips_allow = 0;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	/* first check the program name */
-	program_name(argv[0],pname,sizeof pname);
-	if (strcmp(pname,"base64") == 0)
-		base64=1;
-#ifdef ZLIB
-	if (strcmp(pname,"zlib") == 0)
-		do_zlib=1;
-#endif
-
-	cipher=EVP_get_cipherbyname(pname);
-#ifdef ZLIB
-	if (!do_zlib && !base64 && (cipher == NULL)
-				&& (strcmp(pname,"enc") != 0))
-#else
-	if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
-#endif
-		{
-		BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
-		goto bad;
-		}
-
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if	(strcmp(*argv,"-e") == 0)
-			enc=1;
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inf= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outf= *(++argv);
-			}
-		else if (strcmp(*argv,"-pass") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passarg= *(++argv);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-		else if	(strcmp(*argv,"-d") == 0)
-			enc=0;
-		else if	(strcmp(*argv,"-p") == 0)
-			printkey=1;
-		else if	(strcmp(*argv,"-v") == 0)
-			verbose=1;
-		else if	(strcmp(*argv,"-nopad") == 0)
-			nopad=1;
-		else if	(strcmp(*argv,"-salt") == 0)
-			nosalt=0;
-		else if	(strcmp(*argv,"-nosalt") == 0)
-			nosalt=1;
-		else if	(strcmp(*argv,"-debug") == 0)
-			debug=1;
-		else if	(strcmp(*argv,"-P") == 0)
-			printkey=2;
-		else if	(strcmp(*argv,"-A") == 0)
-			olb64=1;
-		else if	(strcmp(*argv,"-a") == 0)
-			base64=1;
-		else if	(strcmp(*argv,"-base64") == 0)
-			base64=1;
-#ifdef ZLIB
-		else if	(strcmp(*argv,"-z") == 0)
-			do_zlib=1;
-#endif
-		else if (strcmp(*argv,"-bufsize") == 0)
-			{
-			if (--argc < 1) goto bad;
-			bufsize=(unsigned char *)*(++argv);
-			}
-		else if (strcmp(*argv,"-k") == 0)
-			{
-			if (--argc < 1) goto bad;
-			str= *(++argv);
-			}
-		else if (strcmp(*argv,"-kfile") == 0)
-			{
-			static char buf[128];
-			FILE *infile;
-			char *file;
-
-			if (--argc < 1) goto bad;
-			file= *(++argv);
-			infile=fopen(file,"r");
-			if (infile == NULL)
-				{
-				BIO_printf(bio_err,"unable to read key from '%s'\n",
-					file);
-				goto bad;
-				}
-			buf[0]='\0';
-			if (!fgets(buf,sizeof buf,infile))
-				{
-				BIO_printf(bio_err,"unable to read key from '%s'\n",
-					file);
-				goto bad;
-				}
-			fclose(infile);
-			i=strlen(buf);
-			if ((i > 0) &&
-				((buf[i-1] == '\n') || (buf[i-1] == '\r')))
-				buf[--i]='\0';
-			if ((i > 0) &&
-				((buf[i-1] == '\n') || (buf[i-1] == '\r')))
-				buf[--i]='\0';
-			if (i < 1)
-				{
-				BIO_printf(bio_err,"zero length password\n");
-				goto bad;
-				}
-			str=buf;
-			}
-		else if (strcmp(*argv,"-K") == 0)
-			{
-			if (--argc < 1) goto bad;
-			hkey= *(++argv);
-			}
-		else if (strcmp(*argv,"-S") == 0)
-			{
-			if (--argc < 1) goto bad;
-			hsalt= *(++argv);
-			}
-		else if (strcmp(*argv,"-iv") == 0)
-			{
-			if (--argc < 1) goto bad;
-			hiv= *(++argv);
-			}
-		else if (strcmp(*argv,"-md") == 0)
-			{
-			if (--argc < 1) goto bad;
-			md= *(++argv);
-			}
-		else if (strcmp(*argv,"-non-fips-allow") == 0)
-			non_fips_allow = 1;
-		else if	((argv[0][0] == '-') &&
-			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
-			{
-			cipher=c;
-			}
-		else if (strcmp(*argv,"-none") == 0)
-			cipher=NULL;
-		else
-			{
-			BIO_printf(bio_err,"unknown option '%s'\n",*argv);
-bad:
-			BIO_printf(bio_err,"options are\n");
-			BIO_printf(bio_err,"%-14s input file\n","-in <file>");
-			BIO_printf(bio_err,"%-14s output file\n","-out <file>");
-			BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
-			BIO_printf(bio_err,"%-14s encrypt\n","-e");
-			BIO_printf(bio_err,"%-14s decrypt\n","-d");
-			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
-			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
-			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
-			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
-			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
-			BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
-			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
-			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
-			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
-			BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad");
-#ifndef OPENSSL_NO_ENGINE
-			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
-#endif
-
-			BIO_printf(bio_err,"Cipher Types\n");
-			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
-					       show_ciphers,
-					       bio_err);
-			BIO_printf(bio_err,"\n");
-
-			goto end;
-			}
-		argc--;
-		argv++;
-		}
-
-#ifndef OPENSSL_NO_ENGINE
-        setup_engine(bio_err, engine, 0);
-#endif
-
-	if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
-		{
-		BIO_printf(bio_err, "AEAD ciphers not supported by the enc utility\n");
-		goto end;
-		}
-
-	if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE))
-		{
-		BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n");
-		goto end;
-		}
-
-	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
-		{
-		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
-		goto end;
-		}
-
-	if (dgst == NULL)
-		{
-		dgst = EVP_md5();
-		}
-
-	if (bufsize != NULL)
-		{
-		unsigned long n;
-
-		for (n=0; *bufsize; bufsize++)
-			{
-			i= *bufsize;
-			if ((i <= '9') && (i >= '0'))
-				n=n*10+i-'0';
-			else if (i == 'k')
-				{
-				n*=1024;
-				bufsize++;
-				break;
-				}
-			}
-		if (*bufsize != '\0')
-			{
-			BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
-			goto end;
-			}
-
-		/* It must be large enough for a base64 encoded line */
-		if (base64 && n < 80) n=80;
-
-		bsize=(int)n;
-		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
-		}
-
-	strbuf=OPENSSL_malloc(SIZE);
-	buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
-	if ((buff == NULL) || (strbuf == NULL))
-		{
-		BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
-		goto end;
-		}
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	if (debug)
-		{
-		BIO_set_callback(in,BIO_debug_callback);
-		BIO_set_callback(out,BIO_debug_callback);
-		BIO_set_callback_arg(in,(char *)bio_err);
-		BIO_set_callback_arg(out,(char *)bio_err);
-		}
-
-	if (inf == NULL)
-	        {
-#ifndef OPENSSL_NO_SETVBUF_IONBF
-		if (bufsize != NULL)
-			setvbuf(stdin, (char *)NULL, _IONBF, 0);
-#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	        }
-	else
-		{
-		if (BIO_read_filename(in,inf) <= 0)
-			{
-			perror(inf);
-			goto end;
-			}
-		}
-
-	if(!str && passarg) {
-		if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
-			BIO_printf(bio_err, "Error getting password\n");
-			goto end;
-		}
-		str = pass;
-	}
-
-	if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
-		{
-		for (;;)
-			{
-			char buf[200];
-
-			BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
-				     OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
-				     (enc)?"encryption":"decryption");
-			strbuf[0]='\0';
-			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
-			if (i == 0)
-				{
-				if (strbuf[0] == '\0')
-					{
-					ret=1;
-					goto end;
-					}
-				str=strbuf;
-				break;
-				}
-			if (i < 0)
-				{
-				BIO_printf(bio_err,"bad password read\n");
-				goto end;
-				}
-			}
-		}
-
-
-	if (outf == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifndef OPENSSL_NO_SETVBUF_IONBF
-		if (bufsize != NULL)
-			setvbuf(stdout, (char *)NULL, _IONBF, 0);
-#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outf) <= 0)
-			{
-			perror(outf);
-			goto end;
-			}
-		}
-
-	rbio=in;
-	wbio=out;
-
-#ifdef ZLIB
-
-	if (do_zlib)
-		{
-		if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
-			goto end;
-		if (enc)
-			wbio=BIO_push(bzl,wbio);
-		else
-			rbio=BIO_push(bzl,rbio);
-		}
-#endif
-
-	if (base64)
-		{
-		if ((b64=BIO_new(BIO_f_base64())) == NULL)
-			goto end;
-		if (debug)
-			{
-			BIO_set_callback(b64,BIO_debug_callback);
-			BIO_set_callback_arg(b64,(char *)bio_err);
-			}
-		if (olb64)
-			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
-		if (enc)
-			wbio=BIO_push(b64,wbio);
-		else
-			rbio=BIO_push(b64,rbio);
-		}
-
-	if (cipher != NULL)
-		{
-		/* Note that str is NULL if a key was passed on the command
-		 * line, so we get no salt in that case. Is this a bug?
-		 */
-		if (str != NULL)
-			{
-			/* Salt handling: if encrypting generate a salt and
-			 * write to output BIO. If decrypting read salt from
-			 * input BIO.
-			 */
-			unsigned char *sptr;
-			if(nosalt) sptr = NULL;
-			else {
-				if(enc) {
-					if(hsalt) {
-						if(!set_hex(hsalt,salt,sizeof salt)) {
-							BIO_printf(bio_err,
-								"invalid hex salt value\n");
-							goto end;
-						}
-					} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
-						goto end;
-					/* If -P option then don't bother writing */
-					if((printkey != 2)
-					   && (BIO_write(wbio,magic,
-							 sizeof magic-1) != sizeof magic-1
-					       || BIO_write(wbio,
-							    (char *)salt,
-							    sizeof salt) != sizeof salt)) {
-						BIO_printf(bio_err,"error writing output file\n");
-						goto end;
-					}
-				} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
-					  || BIO_read(rbio,
-						      (unsigned char *)salt,
-				    sizeof salt) != sizeof salt) {
-					BIO_printf(bio_err,"error reading input file\n");
-					goto end;
-				} else if(memcmp(mbuf,magic,sizeof magic-1)) {
-				    BIO_printf(bio_err,"bad magic number\n");
-				    goto end;
-				}
-
-				sptr = salt;
-			}
-
-			EVP_BytesToKey(cipher,dgst,sptr,
-				(unsigned char *)str,
-				strlen(str),1,key,iv);
-			/* zero the complete buffer or the string
-			 * passed from the command line
-			 * bug picked up by
-			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
-			if (str == strbuf)
-				OPENSSL_cleanse(str,SIZE);
-			else
-				OPENSSL_cleanse(str,strlen(str));
-			}
-		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
-			{
-			BIO_printf(bio_err,"invalid hex iv value\n");
-			goto end;
-			}
-		if ((hiv == NULL) && (str == NULL)
-		    && EVP_CIPHER_iv_length(cipher) != 0)
-			{
-			/* No IV was explicitly set and no IV was generated
-			 * during EVP_BytesToKey. Hence the IV is undefined,
-			 * making correct decryption impossible. */
-			BIO_printf(bio_err, "iv undefined\n");
-			goto end;
-			}
-		if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
-			{
-			BIO_printf(bio_err,"invalid hex key value\n");
-			goto end;
-			}
-
-		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
-			goto end;
-
-		/* Since we may be changing parameters work on the encryption
-		 * context rather than calling BIO_set_cipher().
-		 */
-
-		BIO_get_cipher_ctx(benc, &ctx);
-
-		if (non_fips_allow)
-			EVP_CIPHER_CTX_set_flags(ctx,
-				EVP_CIPH_FLAG_NON_FIPS_ALLOW);
-
-		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
-			{
-			BIO_printf(bio_err, "Error setting cipher %s\n",
-				EVP_CIPHER_name(cipher));
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-		if (nopad)
-			EVP_CIPHER_CTX_set_padding(ctx, 0);
-
-		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
-			{
-			BIO_printf(bio_err, "Error setting cipher %s\n",
-				EVP_CIPHER_name(cipher));
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-		if (debug)
-			{
-			BIO_set_callback(benc,BIO_debug_callback);
-			BIO_set_callback_arg(benc,(char *)bio_err);
-			}
-
-		if (printkey)
-			{
-			if (!nosalt)
-				{
-				printf("salt=");
-				for (i=0; i<(int)sizeof(salt); i++)
-					printf("%02X",salt[i]);
-				printf("\n");
-				}
-			if (cipher->key_len > 0)
-				{
-				printf("key=");
-				for (i=0; i<cipher->key_len; i++)
-					printf("%02X",key[i]);
-				printf("\n");
-				}
-			if (cipher->iv_len > 0)
-				{
-				printf("iv =");
-				for (i=0; i<cipher->iv_len; i++)
-					printf("%02X",iv[i]);
-				printf("\n");
-				}
-			if (printkey == 2)
-				{
-				ret=0;
-				goto end;
-				}
-			}
-		}
-
-	/* Only encrypt/decrypt as we write the file */
-	if (benc != NULL)
-		wbio=BIO_push(benc,wbio);
-
-	for (;;)
-		{
-		inl=BIO_read(rbio,(char *)buff,bsize);
-		if (inl <= 0) break;
-		if (BIO_write(wbio,(char *)buff,inl) != inl)
-			{
-			BIO_printf(bio_err,"error writing output file\n");
-			goto end;
-			}
-		}
-	if (!BIO_flush(wbio))
-		{
-		BIO_printf(bio_err,"bad decrypt\n");
-		goto end;
-		}
-
-	ret=0;
-	if (verbose)
-		{
-		BIO_printf(bio_err,"bytes read   :%8ld\n",BIO_number_read(in));
-		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
-		}
-end:
-	ERR_print_errors(bio_err);
-	if (strbuf != NULL) OPENSSL_free(strbuf);
-	if (buff != NULL) OPENSSL_free(buff);
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
-	if (benc != NULL) BIO_free(benc);
-	if (b64 != NULL) BIO_free(b64);
-#ifdef ZLIB
-	if (bzl != NULL) BIO_free(bzl);
-#endif
-	if(pass) OPENSSL_free(pass);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-int set_hex(char *in, unsigned char *out, int size)
-	{
-	int i,n;
-	unsigned char j;
-
-	n=strlen(in);
-	if (n > (size*2))
-		{
-		BIO_printf(bio_err,"hex string is too long\n");
-		return(0);
-		}
-	memset(out,0,size);
-	for (i=0; i<n; i++)
-		{
-		j=(unsigned char)*in;
-		*(in++)='\0';
-		if (j == 0) break;
-		if ((j >= '0') && (j <= '9'))
-			j-='0';
-		else if ((j >= 'A') && (j <= 'F'))
-			j=j-'A'+10;
-		else if ((j >= 'a') && (j <= 'f'))
-			j=j-'a'+10;
-		else
-			{
-			BIO_printf(bio_err,"non-hex digit\n");
-			return(0);
-			}
-		if (i&1)
-			out[i/2]|=j;
-		else
-			out[i/2]=(j<<4);
-		}
-	return(1);
-	}
diff --git a/apps/engine.c b/apps/engine.c
deleted file mode 100644
index 9a0294398e..0000000000
--- a/apps/engine.c
+++ /dev/null
@@ -1,549 +0,0 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/err.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG	engine_main
-
-static const char *engine_usage[]={
-"usage: engine opts [engine ...]\n",
-" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
-"               -vv will additionally display each command's description\n",
-"               -vvv will also add the input flags for each command\n",
-"               -vvvv will also show internal input flags\n",
-" -c          - for each engine, also list the capabilities\n",
-" -t[t]       - for each engine, check that they are really available\n",
-"               -tt will display error trace for unavailable engines\n",
-" -pre <cmd>  - runs command 'cmd' against the ENGINE before any attempts\n",
-"               to load it (if -t is used)\n",
-" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
-"               (only used if -t is also provided)\n",
-" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
-" line, or all supported ENGINEs if none are specified.\n",
-" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
-" argument \"/lib/libdriver.so\".\n",
-NULL
-};
-
-static void identity(char *ptr)
-	{
-	return;
-	}
-
-static int append_buf(char **buf, const char *s, int *size, int step)
-	{
-	int l = strlen(s);
-
-	if (*buf == NULL)
-		{
-		*size = step;
-		*buf = OPENSSL_malloc(*size);
-		if (*buf == NULL)
-			return 0;
-		**buf = '\0';
-		}
-
-	if (**buf != '\0')
-		l += 2;		/* ", " */
-
-	if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
-		{
-		*size += step;
-		*buf = OPENSSL_realloc(*buf, *size);
-		}
-
-	if (*buf == NULL)
-		return 0;
-
-	if (**buf != '\0')
-		BUF_strlcat(*buf, ", ", *size);
-	BUF_strlcat(*buf, s, *size);
-
-	return 1;
-	}
-
-static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
-	{
-	int started = 0, err = 0;
-	/* Indent before displaying input flags */
-	BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
-	if(flags == 0)
-		{
-		BIO_printf(bio_out, "<no flags>\n");
-		return 1;
-		}
-        /* If the object is internal, mark it in a way that shows instead of
-         * having it part of all the other flags, even if it really is. */
-	if(flags & ENGINE_CMD_FLAG_INTERNAL)
-		{
-		BIO_printf(bio_out, "[Internal] ");
-		}
-
-	if(flags & ENGINE_CMD_FLAG_NUMERIC)
-		{
-		BIO_printf(bio_out, "NUMERIC");
-		started = 1;
-		}
-	/* Now we check that no combinations of the mutually exclusive NUMERIC,
-	 * STRING, and NO_INPUT flags have been used. Future flags that can be
-	 * OR'd together with these would need to added after these to preserve
-	 * the testing logic. */
-	if(flags & ENGINE_CMD_FLAG_STRING)
-		{
-		if(started)
-			{
-			BIO_printf(bio_out, "|");
-			err = 1;
-			}
-		BIO_printf(bio_out, "STRING");
-		started = 1;
-		}
-	if(flags & ENGINE_CMD_FLAG_NO_INPUT)
-		{
-		if(started)
-			{
-			BIO_printf(bio_out, "|");
-			err = 1;
-			}
-		BIO_printf(bio_out, "NO_INPUT");
-		started = 1;
-		}
-	/* Check for unknown flags */
-	flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
-			~ENGINE_CMD_FLAG_STRING &
-			~ENGINE_CMD_FLAG_NO_INPUT &
-			~ENGINE_CMD_FLAG_INTERNAL;
-	if(flags)
-		{
-		if(started) BIO_printf(bio_out, "|");
-		BIO_printf(bio_out, "<0x%04X>", flags);
-		}
-	if(err)
-		BIO_printf(bio_out, "  <illegal flags!>");
-	BIO_printf(bio_out, "\n");
-	return 1;
-	}
-
-static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
-	{
-	static const int line_wrap = 78;
-	int num;
-	int ret = 0;
-	char *name = NULL;
-	char *desc = NULL;
-	int flags;
-	int xpos = 0;
-	STACK_OF(OPENSSL_STRING) *cmds = NULL;
-	if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
-			((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
-					0, NULL, NULL)) <= 0))
-		{
-#if 0
-		BIO_printf(bio_out, "%s<no control commands>\n", indent);
-#endif
-		return 1;
-		}
-
-	cmds = sk_OPENSSL_STRING_new_null();
-
-	if(!cmds)
-		goto err;
-	do {
-		int len;
-		/* Get the command input flags */
-		if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
-					NULL, NULL)) < 0)
-			goto err;
-                if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
-                        {
-                        /* Get the command name */
-                        if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
-                                NULL, NULL)) <= 0)
-                                goto err;
-                        if((name = OPENSSL_malloc(len + 1)) == NULL)
-                                goto err;
-                        if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
-                                NULL) <= 0)
-                                goto err;
-                        /* Get the command description */
-                        if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
-                                NULL, NULL)) < 0)
-                                goto err;
-                        if(len > 0)
-                                {
-                                if((desc = OPENSSL_malloc(len + 1)) == NULL)
-                                        goto err;
-                                if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
-                                        NULL) <= 0)
-                                        goto err;
-                                }
-                        /* Now decide on the output */
-                        if(xpos == 0)
-                                /* Do an indent */
-                                xpos = BIO_puts(bio_out, indent);
-                        else
-                                /* Otherwise prepend a ", " */
-                                xpos += BIO_printf(bio_out, ", ");
-                        if(verbose == 1)
-                                {
-                                /* We're just listing names, comma-delimited */
-                                if((xpos > (int)strlen(indent)) &&
-					(xpos + (int)strlen(name) > line_wrap))
-                                        {
-                                        BIO_printf(bio_out, "\n");
-                                        xpos = BIO_puts(bio_out, indent);
-                                        }
-                                xpos += BIO_printf(bio_out, "%s", name);
-                                }
-                        else
-                                {
-                                /* We're listing names plus descriptions */
-                                BIO_printf(bio_out, "%s: %s\n", name,
-                                        (desc == NULL) ? "<no description>" : desc);
-                                /* ... and sometimes input flags */
-                                if((verbose >= 3) && !util_flags(bio_out, flags,
-                                        indent))
-                                        goto err;
-                                xpos = 0;
-                                }
-                        }
-		OPENSSL_free(name); name = NULL;
-		if(desc) { OPENSSL_free(desc); desc = NULL; }
-		/* Move to the next command */
-		num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
-					num, NULL, NULL);
-		} while(num > 0);
-	if(xpos > 0)
-		BIO_printf(bio_out, "\n");
-	ret = 1;
-err:
-	if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity);
-	if(name) OPENSSL_free(name);
-	if(desc) OPENSSL_free(desc);
-	return ret;
-	}
-
-static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
-			BIO *bio_out, const char *indent)
-	{
-	int loop, res, num = sk_OPENSSL_STRING_num(cmds);
-
-	if(num < 0)
-		{
-		BIO_printf(bio_out, "[Error]: internal stack error\n");
-		return;
-		}
-	for(loop = 0; loop < num; loop++)
-		{
-		char buf[256];
-		const char *cmd, *arg;
-		cmd = sk_OPENSSL_STRING_value(cmds, loop);
-		res = 1; /* assume success */
-		/* Check if this command has no ":arg" */
-		if((arg = strstr(cmd, ":")) == NULL)
-			{
-			if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
-				res = 0;
-			}
-		else
-			{
-			if((int)(arg - cmd) > 254)
-				{
-				BIO_printf(bio_out,"[Error]: command name too long\n");
-				return;
-				}
-			memcpy(buf, cmd, (int)(arg - cmd));
-			buf[arg-cmd] = '\0';
-			arg++; /* Move past the ":" */
-			/* Call the command with the argument */
-			if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
-				res = 0;
-			}
-		if(res)
-			BIO_printf(bio_out, "[Success]: %s\n", cmd);
-		else
-			{
-			BIO_printf(bio_out, "[Failure]: %s\n", cmd);
-			ERR_print_errors(bio_out);
-			}
-		}
-	}
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	int ret=1,i;
-	const char **pp;
-	int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
-	ENGINE *e;
-	STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null();
-	STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
-	STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
-	int badops=1;
-	BIO *bio_out=NULL;
-	const char *indent = "     ";
-
-	apps_startup();
-	SSL_load_error_strings();
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	bio_out = BIO_push(tmpbio, bio_out);
-	}
-#endif
-
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if (strncmp(*argv,"-v",2) == 0)
-			{
-			if(strspn(*argv + 1, "v") < strlen(*argv + 1))
-				goto skip_arg_loop;
-			if((verbose=strlen(*argv + 1)) > 4)
-				goto skip_arg_loop;
-			}
-		else if (strcmp(*argv,"-c") == 0)
-			list_cap=1;
-		else if (strncmp(*argv,"-t",2) == 0)
-			{
-			test_avail=1;
-			if(strspn(*argv + 1, "t") < strlen(*argv + 1))
-				goto skip_arg_loop;
-			if((test_avail_noise = strlen(*argv + 1) - 1) > 1)
-				goto skip_arg_loop;
-			}
-		else if (strcmp(*argv,"-pre") == 0)
-			{
-			argc--; argv++;
-			if (argc == 0)
-				goto skip_arg_loop;
-			sk_OPENSSL_STRING_push(pre_cmds,*argv);
-			}
-		else if (strcmp(*argv,"-post") == 0)
-			{
-			argc--; argv++;
-			if (argc == 0)
-				goto skip_arg_loop;
-			sk_OPENSSL_STRING_push(post_cmds,*argv);
-			}
-		else if ((strncmp(*argv,"-h",2) == 0) ||
-				(strcmp(*argv,"-?") == 0))
-			goto skip_arg_loop;
-		else
-			sk_OPENSSL_STRING_push(engines,*argv);
-		argc--;
-		argv++;
-		}
-	/* Looks like everything went OK */
-	badops = 0;
-skip_arg_loop:
-
-	if (badops)
-		{
-		for (pp=engine_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
-		goto end;
-		}
-
-	if (sk_OPENSSL_STRING_num(engines) == 0)
-		{
-		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
-			{
-			sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e));
-			}
-		}
-
-	for (i=0; i<sk_OPENSSL_STRING_num(engines); i++)
-		{
-		const char *id = sk_OPENSSL_STRING_value(engines,i);
-		if ((e = ENGINE_by_id(id)) != NULL)
-			{
-			const char *name = ENGINE_get_name(e);
-			/* Do "id" first, then "name". Easier to auto-parse. */
-			BIO_printf(bio_out, "(%s) %s\n", id, name);
-			util_do_cmds(e, pre_cmds, bio_out, indent);
-			if (strcmp(ENGINE_get_id(e), id) != 0)
-				{
-				BIO_printf(bio_out, "Loaded: (%s) %s\n",
-					ENGINE_get_id(e), ENGINE_get_name(e));
-				}
-			if (list_cap)
-				{
-				int cap_size = 256;
-				char *cap_buf = NULL;
-				int k,n;
-				const int *nids;
-				ENGINE_CIPHERS_PTR fn_c;
-				ENGINE_DIGESTS_PTR fn_d;
-				ENGINE_PKEY_METHS_PTR fn_pk;
-
-				if (ENGINE_get_RSA(e) != NULL
-					&& !append_buf(&cap_buf, "RSA",
-						&cap_size, 256))
-					goto end;
-				if (ENGINE_get_DSA(e) != NULL
-					&& !append_buf(&cap_buf, "DSA",
-						&cap_size, 256))
-					goto end;
-				if (ENGINE_get_DH(e) != NULL
-					&& !append_buf(&cap_buf, "DH",
-						&cap_size, 256))
-					goto end;
-				if (ENGINE_get_RAND(e) != NULL
-					&& !append_buf(&cap_buf, "RAND",
-						&cap_size, 256))
-					goto end;
-
-				fn_c = ENGINE_get_ciphers(e);
-				if(!fn_c) goto skip_ciphers;
-				n = fn_c(e, NULL, &nids, 0);
-				for(k=0 ; k < n ; ++k)
-					if(!append_buf(&cap_buf,
-						       OBJ_nid2sn(nids[k]),
-						       &cap_size, 256))
-						goto end;
-
-skip_ciphers:
-				fn_d = ENGINE_get_digests(e);
-				if(!fn_d) goto skip_digests;
-				n = fn_d(e, NULL, &nids, 0);
-				for(k=0 ; k < n ; ++k)
-					if(!append_buf(&cap_buf,
-						       OBJ_nid2sn(nids[k]),
-						       &cap_size, 256))
-						goto end;
-
-skip_digests:
-				fn_pk = ENGINE_get_pkey_meths(e);
-				if(!fn_pk) goto skip_pmeths;
-				n = fn_pk(e, NULL, &nids, 0);
-				for(k=0 ; k < n ; ++k)
-					if(!append_buf(&cap_buf,
-						       OBJ_nid2sn(nids[k]),
-						       &cap_size, 256))
-						goto end;
-skip_pmeths:
-				if (cap_buf && (*cap_buf != '\0'))
-					BIO_printf(bio_out, " [%s]\n", cap_buf);
-
-				OPENSSL_free(cap_buf);
-				}
-			if(test_avail)
-				{
-				BIO_printf(bio_out, "%s", indent);
-				if (ENGINE_init(e))
-					{
-					BIO_printf(bio_out, "[ available ]\n");
-					util_do_cmds(e, post_cmds, bio_out, indent);
-					ENGINE_finish(e);
-					}
-				else
-					{
-					BIO_printf(bio_out, "[ unavailable ]\n");
-					if(test_avail_noise)
-						ERR_print_errors_fp(stdout);
-					ERR_clear_error();
-					}
-				}
-			if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
-				goto end;
-			ENGINE_free(e);
-			}
-		else
-			ERR_print_errors(bio_err);
-		}
-
-	ret=0;
-end:
-
-	ERR_print_errors(bio_err);
-	sk_OPENSSL_STRING_pop_free(engines, identity);
-	sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
-	sk_OPENSSL_STRING_pop_free(post_cmds, identity);
-	if (bio_out != NULL) BIO_free_all(bio_out);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-#else
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/apps/errstr.c b/apps/errstr.c
deleted file mode 100644
index fe3b98077e..0000000000
--- a/apps/errstr.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/* apps/errstr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/lhash.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG	errstr_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	int i,ret=0;
-	char buf[256];
-	unsigned long l;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	SSL_load_error_strings();
-
-	if ((argc > 1) && (strcmp(argv[1],"-stats") == 0))
-		{
-		BIO *out=NULL;
-
-		out=BIO_new(BIO_s_file());
-		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
-			{
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-			lh_ERR_STRING_DATA_node_stats_bio(
-						  ERR_get_string_table(), out);
-			lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(),
-						     out);
-			lh_ERR_STRING_DATA_node_usage_stats_bio(
-						    ERR_get_string_table(),out);
-			}
-		if (out != NULL) BIO_free_all(out);
-		argc--;
-		argv++;
-		}
-
-	for (i=1; i<argc; i++)
-		{
-		if (sscanf(argv[i],"%lx",&l))
-			{
-			ERR_error_string_n(l, buf, sizeof buf);
-			printf("%s\n",buf);
-			}
-		else
-			{
-			printf("%s: bad error code\n",argv[i]);
-			printf("usage: errstr [-stats] <errno> ...\n");
-			ret++;
-			}
-		}
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
diff --git a/apps/gendh.c b/apps/gendh.c
deleted file mode 100644
index 4ec776ba93..0000000000
--- a/apps/gendh.c
+++ /dev/null
@@ -1,241 +0,0 @@
-/* apps/gendh.c */
-/* obsoleted by dhparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#ifndef OPENSSL_NO_DH
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#define DEFBITS	512
-#undef PROG
-#define PROG gendh_main
-
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	BN_GENCB cb;
-	DH *dh=NULL;
-	int ret=1,num=DEFBITS;
-	int g=2;
-	char *outfile=NULL;
-	char *inrand=NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-	BIO *out=NULL;
-
-	apps_startup();
-
-	BN_GENCB_set(&cb, dh_cb, bio_err);
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	argv++;
-	argc--;
-	for (;;)
-		{
-		if (argc <= 0) break;
-		if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-2") == 0)
-			g=2;
-	/*	else if (strcmp(*argv,"-3") == 0)
-			g=3; */
-		else if (strcmp(*argv,"-5") == 0)
-			g=5;
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			}
-		else
-			break;
-		argv++;
-		argc--;
-		}
-	if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
-		{
-bad:
-		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
-		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
-#endif
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,"             the random number generator\n");
-		goto end;
-		}
-		
-#ifndef OPENSSL_NO_ENGINE
-        setup_engine(bio_err, engine, 0);
-#endif
-
-	out=BIO_new(BIO_s_file());
-	if (out == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
-		{
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-		}
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
-
-	BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
-	BIO_printf(bio_err,"This is going to take a long time\n");
-
-	if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
-		goto end;
-		
-	app_RAND_write_file(NULL, bio_err);
-
-	if (!PEM_write_bio_DHparams(out,dh))
-		goto end;
-	ret=0;
-end:
-	if (ret != 0)
-		ERR_print_errors(bio_err);
-	if (out != NULL) BIO_free_all(out);
-	if (dh != NULL) DH_free(dh);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
-	{
-	char c='*';
-
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	BIO_write(cb->arg,&c,1);
-	(void)BIO_flush(cb->arg);
-#ifdef LINT
-	p=n;
-#endif
-	return 1;
-	}
-#else /* !OPENSSL_NO_DH */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/apps/gendsa.c b/apps/gendsa.c
deleted file mode 100644
index 62ea977905..0000000000
--- a/apps/gendsa.c
+++ /dev/null
@@ -1,285 +0,0 @@
-/* apps/gendsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_DSA
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#define DEFBITS	512
-#undef PROG
-#define PROG gendsa_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	DSA *dsa=NULL;
-	int ret=1;
-	char *outfile=NULL;
-	char *inrand=NULL,*dsaparams=NULL;
-	char *passargout = NULL, *passout = NULL;
-	BIO *out=NULL,*in=NULL;
-	const EVP_CIPHER *enc=NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	argv++;
-	argc--;
-	for (;;)
-		{
-		if (argc <= 0) break;
-		if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			}
-		else if (strcmp(*argv,"-") == 0)
-			goto bad;
-#ifndef OPENSSL_NO_DES
-		else if (strcmp(*argv,"-des") == 0)
-			enc=EVP_des_cbc();
-		else if (strcmp(*argv,"-des3") == 0)
-			enc=EVP_des_ede3_cbc();
-#endif
-#ifndef OPENSSL_NO_IDEA
-		else if (strcmp(*argv,"-idea") == 0)
-			enc=EVP_idea_cbc();
-#endif
-#ifndef OPENSSL_NO_SEED
-		else if (strcmp(*argv,"-seed") == 0)
-			enc=EVP_seed_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
-		else if (strcmp(*argv,"-aes128") == 0)
-			enc=EVP_aes_128_cbc();
-		else if (strcmp(*argv,"-aes192") == 0)
-			enc=EVP_aes_192_cbc();
-		else if (strcmp(*argv,"-aes256") == 0)
-			enc=EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-		else if (strcmp(*argv,"-camellia128") == 0)
-			enc=EVP_camellia_128_cbc();
-		else if (strcmp(*argv,"-camellia192") == 0)
-			enc=EVP_camellia_192_cbc();
-		else if (strcmp(*argv,"-camellia256") == 0)
-			enc=EVP_camellia_256_cbc();
-#endif
-		else if (**argv != '-' && dsaparams == NULL)
-			{
-			dsaparams = *argv;
-			}
-		else
-			goto bad;
-		argv++;
-		argc--;
-		}
-
-	if (dsaparams == NULL)
-		{
-bad:
-		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
-		BIO_printf(bio_err," -out file - output the key to 'file'\n");
-#ifndef OPENSSL_NO_DES
-		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
-		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#endif
-#ifndef OPENSSL_NO_IDEA
-		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
-#endif
-#ifndef OPENSSL_NO_SEED
-		BIO_printf(bio_err," -seed\n");
-		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");
-#endif
-#ifndef OPENSSL_NO_AES
-		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
-		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
-		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
-#endif
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
-#endif
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,"             the random number generator\n");
-		BIO_printf(bio_err," dsaparam-file\n");
-		BIO_printf(bio_err,"           - a DSA parameter file as generated by the dsaparam command\n");
-		goto end;
-		}
-
-#ifndef OPENSSL_NO_ENGINE
-        setup_engine(bio_err, engine, 0);
-#endif
-
-	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-	}
-
-
-	in=BIO_new(BIO_s_file());
-	if (!(BIO_read_filename(in,dsaparams)))
-		{
-		perror(dsaparams);
-		goto end;
-		}
-
-	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
-		{
-		BIO_printf(bio_err,"unable to load DSA parameter file\n");
-		goto end;
-		}
-	BIO_free(in);
-	in = NULL;
-		
-	out=BIO_new(BIO_s_file());
-	if (out == NULL) goto end;
-
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
-		{
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-		}
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
-
-	BIO_printf(bio_err,"Generating DSA key, %d bits\n",
-							BN_num_bits(dsa->p));
-	if (!DSA_generate_key(dsa)) goto end;
-
-	app_RAND_write_file(NULL, bio_err);
-
-	if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))
-		goto end;
-	ret=0;
-end:
-	if (ret != 0)
-		ERR_print_errors(bio_err);
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
-	if (dsa != NULL) DSA_free(dsa);
-	if(passout) OPENSSL_free(passout);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-#else /* !OPENSSL_NO_DSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/apps/genpkey.c b/apps/genpkey.c
deleted file mode 100644
index 6dfda08b9e..0000000000
--- a/apps/genpkey.c
+++ /dev/null
@@ -1,440 +0,0 @@
-/* apps/genpkey.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
-				const char *file, ENGINE *e);
-static int genpkey_cb(EVP_PKEY_CTX *ctx);
-
-#define PROG genpkey_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	char **args, *outfile = NULL;
-	char *passarg = NULL;
-	BIO *in = NULL, *out = NULL;
-	const EVP_CIPHER *cipher = NULL;
-	int outformat;
-	int text = 0;
-	EVP_PKEY *pkey=NULL;
-	EVP_PKEY_CTX *ctx = NULL;
-	char *pass = NULL;
-	int badarg = 0;
-	int ret = 1, rv;
-
-	int do_param = 0;
-
-	if (bio_err == NULL)
-		bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	outformat=FORMAT_PEM;
-
-	ERR_load_crypto_strings();
-	OpenSSL_add_all_algorithms();
-	args = argv + 1;
-	while (!badarg && *args && *args[0] == '-')
-		{
-		if (!strcmp(*args,"-outform"))
-			{
-			if (args[1])
-				{
-				args++;
-				outformat=str2fmt(*args);
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args,"-pass"))
-			{
-			if (!args[1]) goto bad;
-			passarg= *(++args);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*args,"-engine") == 0)
-			{
-			if (!args[1])
-				goto bad;
-        		e = setup_engine(bio_err, *(++args), 0);
-			}
-#endif
-		else if (!strcmp (*args, "-paramfile"))
-			{
-			if (!args[1])
-				goto bad;
-			args++;
-			if (do_param == 1)
-				goto bad;
-			if (!init_keygen_file(bio_err, &ctx, *args, e))
-				goto end;
-			}
-		else if (!strcmp (*args, "-out"))
-			{
-			if (args[1])
-				{
-				args++;
-				outfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (strcmp(*args,"-algorithm") == 0)
-			{
-			if (!args[1])
-				goto bad;
-			if (!init_gen_str(bio_err, &ctx, *(++args),e, do_param))
-				goto end;
-			}
-		else if (strcmp(*args,"-pkeyopt") == 0)
-			{
-			if (!args[1])
-				goto bad;
-			if (!ctx)
-				{
-				BIO_puts(bio_err, "No keytype specified\n");
-				goto bad;
-				}
-			else if (pkey_ctrl_string(ctx, *(++args)) <= 0)
-				{
-				BIO_puts(bio_err, "parameter setting error\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		else if (strcmp(*args,"-genparam") == 0)
-			{
-			if (ctx)
-				goto bad;
-			do_param = 1;
-			}
-		else if (strcmp(*args,"-text") == 0)
-			text=1;
-		else
-			{
-			cipher = EVP_get_cipherbyname(*args + 1);
-			if (!cipher)
-				{
-				BIO_printf(bio_err, "Unknown cipher %s\n",
-								*args + 1);
-				badarg = 1;
-				}
-			if (do_param == 1)
-				badarg = 1;
-			}
-		args++;
-		}
-
-	if (!ctx)
-		badarg = 1;
-
-	if (badarg)
-		{
-		bad:
-		BIO_printf(bio_err, "Usage: genpkey [options]\n");
-		BIO_printf(bio_err, "where options may be\n");
-		BIO_printf(bio_err, "-out file          output file\n");
-		BIO_printf(bio_err, "-outform X         output format (DER or PEM)\n");
-		BIO_printf(bio_err, "-pass arg          output file pass phrase source\n");
-		BIO_printf(bio_err, "-<cipher>          use cipher <cipher> to encrypt the key\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err, "-engine e          use engine e, possibly a hardware device.\n");
-#endif
-		BIO_printf(bio_err, "-paramfile file    parameters file\n");
-		BIO_printf(bio_err, "-algorithm alg     the public key algorithm\n");
-		BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n"
-				            "                   to value <value>\n");
-		BIO_printf(bio_err, "-genparam          generate parameters, not key\n");
-		BIO_printf(bio_err, "-text              print the in text\n");
-		BIO_printf(bio_err, "NB: options order may be important!  See the manual page.\n");
-		goto end;
-		}
-
-	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
-		{
-		BIO_puts(bio_err, "Error getting password\n");
-		goto end;
-		}
-
-	if (outfile)
-		{
-		if (!(out = BIO_new_file (outfile, "wb")))
-			{
-			BIO_printf(bio_err,
-				 "Can't open output file %s\n", outfile);
-			goto end;
-			}
-		}
-	else
-		{
-		out = BIO_new_fp (stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-		}
-
-	EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
-	EVP_PKEY_CTX_set_app_data(ctx, bio_err);
-
-	if (do_param)
-		{
-		if (EVP_PKEY_paramgen(ctx, &pkey) <= 0)
-			{
-			BIO_puts(bio_err, "Error generating parameters\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-	else
-		{
-		if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
-			{
-			BIO_puts(bio_err, "Error generating key\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-
-	if (do_param)
-		rv = PEM_write_bio_Parameters(out, pkey);
-	else if (outformat == FORMAT_PEM) 
-		rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0,
-								NULL, pass);
-	else if (outformat == FORMAT_ASN1)
-		rv = i2d_PrivateKey_bio(out, pkey);
-	else
-		{
-		BIO_printf(bio_err, "Bad format specified for key\n");
-		goto end;
-		}
-
-	if (rv <= 0)
-		{
-		BIO_puts(bio_err, "Error writing key\n");
-		ERR_print_errors(bio_err);
-		}
-
-	if (text)
-		{
-		if (do_param)
-			rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
-		else
-			rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
-
-		if (rv <= 0)
-			{
-			BIO_puts(bio_err, "Error printing key\n");
-			ERR_print_errors(bio_err);
-			}
-		}
-
-	ret = 0;
-
-	end:
-	if (pkey)
-		EVP_PKEY_free(pkey);
-	if (ctx)
-		EVP_PKEY_CTX_free(ctx);
-	if (out)
-		BIO_free_all(out);
-	BIO_free(in);
-	if (pass)
-		OPENSSL_free(pass);
-
-	return ret;
-	}
-
-static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
-				const char *file, ENGINE *e)
-	{
-	BIO *pbio;
-	EVP_PKEY *pkey = NULL;
-	EVP_PKEY_CTX *ctx = NULL;
-	if (*pctx)
-		{
-		BIO_puts(err, "Parameters already set!\n");
-		return 0;
-		}
-
-	pbio = BIO_new_file(file, "r");
-	if (!pbio)
-		{
-		BIO_printf(err, "Can't open parameter file %s\n", file);
-		return 0;
-		}
-
-	pkey = PEM_read_bio_Parameters(pbio, NULL);
-	BIO_free(pbio);
-
-	if (!pkey)
-		{
-		BIO_printf(bio_err, "Error reading parameter file %s\n", file);
-		return 0;
-		}
-
-	ctx = EVP_PKEY_CTX_new(pkey, e);
-	if (!ctx)
-		goto err;
-	if (EVP_PKEY_keygen_init(ctx) <= 0)
-		goto err;
-	EVP_PKEY_free(pkey);
-	*pctx = ctx;
-	return 1;
-
-	err:
-	BIO_puts(err, "Error initializing context\n");
-	ERR_print_errors(err);
-	if (ctx)
-		EVP_PKEY_CTX_free(ctx);
-	if (pkey)
-		EVP_PKEY_free(pkey);
-	return 0;
-
-	}
-
-int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
-			const char *algname, ENGINE *e, int do_param)
-	{
-	EVP_PKEY_CTX *ctx = NULL;
-	const EVP_PKEY_ASN1_METHOD *ameth;
-	ENGINE *tmpeng = NULL;
-	int pkey_id;
-
-	if (*pctx)
-		{
-		BIO_puts(err, "Algorithm already set!\n");
-		return 0;
-		}
-
-	ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
-
-#ifndef OPENSSL_NO_ENGINE
-	if (!ameth && e)
-		ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
-#endif
-
-	if (!ameth)
-		{
-		BIO_printf(bio_err, "Algorithm %s not found\n", algname);
-		return 0;
-		}
-
-	ERR_clear_error();
-
-	EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
-#ifndef OPENSSL_NO_ENGINE
-	if (tmpeng)
-		ENGINE_finish(tmpeng);
-#endif
-	ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
-
-	if (!ctx)
-		goto err;
-	if (do_param)
-		{
-		if (EVP_PKEY_paramgen_init(ctx) <= 0)
-			goto err;
-		}
-	else
-		{
-		if (EVP_PKEY_keygen_init(ctx) <= 0)
-			goto err;
-		}
-
-	*pctx = ctx;
-	return 1;
-
-	err:
-	BIO_printf(err, "Error initializing %s context\n", algname);
-	ERR_print_errors(err);
-	if (ctx)
-		EVP_PKEY_CTX_free(ctx);
-	return 0;
-
-	}
-
-static int genpkey_cb(EVP_PKEY_CTX *ctx)
-	{
-	char c='*';
-	BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
-	int p;
-	p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	BIO_write(b,&c,1);
-	(void)BIO_flush(b);
-#ifdef LINT
-	p=n;
-#endif
-	return 1;
-	}
diff --git a/apps/genrsa.c b/apps/genrsa.c
deleted file mode 100644
index ece114c876..0000000000
--- a/apps/genrsa.c
+++ /dev/null
@@ -1,335 +0,0 @@
-/* apps/genrsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#ifndef OPENSSL_NO_RSA
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-
-#define DEFBITS	1024
-#undef PROG
-#define PROG genrsa_main
-
-static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	BN_GENCB cb;
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE *e = NULL;
-#endif
-	int ret=1;
-	int i,num=DEFBITS;
-	long l;
-	const EVP_CIPHER *enc=NULL;
-	unsigned long f4=RSA_F4;
-	char *outfile=NULL;
-	char *passargout = NULL, *passout = NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-	char *inrand=NULL;
-	BIO *out=NULL;
-	BIGNUM *bn = BN_new();
-	RSA *rsa = NULL;
-
-	if(!bn) goto err;
-
-	apps_startup();
-	BN_GENCB_set(&cb, genrsa_cb, bio_err);
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto err;
-	if ((out=BIO_new(BIO_s_file())) == NULL)
-		{
-		BIO_printf(bio_err,"unable to create BIO for output\n");
-		goto err;
-		}
-
-	argv++;
-	argc--;
-	for (;;)
-		{
-		if (argc <= 0) break;
-		if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-3") == 0)
-			f4=3;
-		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
-			f4=RSA_F4;
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			}
-#ifndef OPENSSL_NO_DES
-		else if (strcmp(*argv,"-des") == 0)
-			enc=EVP_des_cbc();
-		else if (strcmp(*argv,"-des3") == 0)
-			enc=EVP_des_ede3_cbc();
-#endif
-#ifndef OPENSSL_NO_IDEA
-		else if (strcmp(*argv,"-idea") == 0)
-			enc=EVP_idea_cbc();
-#endif
-#ifndef OPENSSL_NO_SEED
-		else if (strcmp(*argv,"-seed") == 0)
-			enc=EVP_seed_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
-		else if (strcmp(*argv,"-aes128") == 0)
-			enc=EVP_aes_128_cbc();
-		else if (strcmp(*argv,"-aes192") == 0)
-			enc=EVP_aes_192_cbc();
-		else if (strcmp(*argv,"-aes256") == 0)
-			enc=EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-		else if (strcmp(*argv,"-camellia128") == 0)
-			enc=EVP_camellia_128_cbc();
-		else if (strcmp(*argv,"-camellia192") == 0)
-			enc=EVP_camellia_192_cbc();
-		else if (strcmp(*argv,"-camellia256") == 0)
-			enc=EVP_camellia_256_cbc();
-#endif
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
-		else
-			break;
-		argv++;
-		argc--;
-		}
-	if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
-		{
-bad:
-		BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
-		BIO_printf(bio_err," -des            encrypt the generated key with DES in cbc mode\n");
-		BIO_printf(bio_err," -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#ifndef OPENSSL_NO_IDEA
-		BIO_printf(bio_err," -idea           encrypt the generated key with IDEA in cbc mode\n");
-#endif
-#ifndef OPENSSL_NO_SEED
-		BIO_printf(bio_err," -seed\n");
-		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");
-#endif
-#ifndef OPENSSL_NO_AES
-		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
-		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
-		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
-#endif
-		BIO_printf(bio_err," -out file       output the key to 'file\n");
-		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
-		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
-		BIO_printf(bio_err," -3              use 3 for the E value\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
-#endif
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,"                 the random number generator\n");
-		goto err;
-		}
-		
-	ERR_load_crypto_strings();
-
-	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
-		BIO_printf(bio_err, "Error getting password\n");
-		goto err;
-	}
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto err;
-			}
-		}
-
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
-		&& !RAND_status())
-		{
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-		}
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
-
-	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
-		num);
-#ifdef OPENSSL_NO_ENGINE
-	rsa = RSA_new();
-#else
-	rsa = RSA_new_method(e);
-#endif
-	if (!rsa)
-		goto err;
-
-	if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
-		goto err;
-		
-	app_RAND_write_file(NULL, bio_err);
-
-	/* We need to do the following for when the base number size is <
-	 * long, esp windows 3.1 :-(. */
-	l=0L;
-	for (i=0; i<rsa->e->top; i++)
-		{
-#ifndef SIXTY_FOUR_BIT
-		l<<=BN_BITS4;
-		l<<=BN_BITS4;
-#endif
-		l+=rsa->e->d[i];
-		}
-	BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
-	{
-	PW_CB_DATA cb_data;
-	cb_data.password = passout;
-	cb_data.prompt_info = outfile;
-	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
-		(pem_password_cb *)password_callback,&cb_data))
-		goto err;
-	}
-
-	ret=0;
-err:
-	if (bn) BN_free(bn);
-	if (rsa) RSA_free(rsa);
-	if (out) BIO_free_all(out);
-	if(passout) OPENSSL_free(passout);
-	if (ret != 0)
-		ERR_print_errors(bio_err);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
-	{
-	char c='*';
-
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	BIO_write(cb->arg,&c,1);
-	(void)BIO_flush(cb->arg);
-#ifdef LINT
-	p=n;
-#endif
-	return 1;
-	}
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/apps/md4.c b/apps/md4.c
deleted file mode 120000
index 7f457b2ab1..0000000000
--- a/apps/md4.c
+++ /dev/null
@@ -1 +0,0 @@
-../crypto/md4/md4.c
-\ No newline at end of file
diff --git a/apps/nseq.c b/apps/nseq.c
deleted file mode 100644
index e3c4dba547..0000000000
--- a/apps/nseq.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/* nseq.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/pem.h>
-#include <openssl/err.h>
-
-#undef PROG
-#define PROG nseq_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-	char **args, *infile = NULL, *outfile = NULL;
-	BIO *in = NULL, *out = NULL;
-	int toseq = 0;
-	X509 *x509 = NULL;
-	NETSCAPE_CERT_SEQUENCE *seq = NULL;
-	int i, ret = 1;
-	int badarg = 0;
-	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-	ERR_load_crypto_strings();
-	args = argv + 1;
-	while (!badarg && *args && *args[0] == '-') {
-		if (!strcmp (*args, "-toseq")) toseq = 1;
-		else if (!strcmp (*args, "-in")) {
-			if (args[1]) {
-				args++;
-				infile = *args;
-			} else badarg = 1;
-		} else if (!strcmp (*args, "-out")) {
-			if (args[1]) {
-				args++;
-				outfile = *args;
-			} else badarg = 1;
-		} else badarg = 1;
-		args++;
-	}
-
-	if (badarg) {
-		BIO_printf (bio_err, "Netscape certificate sequence utility\n");
-		BIO_printf (bio_err, "Usage nseq [options]\n");
-		BIO_printf (bio_err, "where options are\n");
-		BIO_printf (bio_err, "-in file  input file\n");
-		BIO_printf (bio_err, "-out file output file\n");
-		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
-		OPENSSL_EXIT(1);
-	}
-
-	if (infile) {
-		if (!(in = BIO_new_file (infile, "r"))) {
-			BIO_printf (bio_err,
-				 "Can't open input file %s\n", infile);
-			goto end;
-		}
-	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
-	if (outfile) {
-		if (!(out = BIO_new_file (outfile, "w"))) {
-			BIO_printf (bio_err,
-				 "Can't open output file %s\n", outfile);
-			goto end;
-		}
-	} else {
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-	if (toseq) {
-		seq = NETSCAPE_CERT_SEQUENCE_new();
-		seq->certs = sk_X509_new_null();
-		while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 
-		    sk_X509_push(seq->certs,x509);
-
-		if(!sk_X509_num(seq->certs))
-		{
-			BIO_printf (bio_err, "Error reading certs file %s\n", infile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
-		ret = 0;
-		goto end;
-	}
-
-	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
-		BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	for(i = 0; i < sk_X509_num(seq->certs); i++) {
-		x509 = sk_X509_value(seq->certs, i);
-		dump_cert_text(out, x509);
-		PEM_write_bio_X509(out, x509);
-	}
-	ret = 0;
-end:
-	BIO_free(in);
-	BIO_free_all(out);
-	NETSCAPE_CERT_SEQUENCE_free(seq);
-
-	OPENSSL_EXIT(ret);
-}
-
diff --git a/apps/ocsp.c b/apps/ocsp.c
deleted file mode 100644
index 8883afc956..0000000000
--- a/apps/ocsp.c
+++ /dev/null
@@ -1,1423 +0,0 @@
-/* ocsp.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef OPENSSL_NO_OCSP
-
-#ifdef OPENSSL_SYS_VMS
-#define _XOPEN_SOURCE_EXTENDED	/* So fd_set and friends get properly defined
-				   on OpenVMS */
-#endif
-
-#define USE_SOCKETS
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h" /* needs to be included before the openssl headers! */
-#include <openssl/e_os2.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/x509v3.h>
-
-#if defined(NETWARE_CLIB)
-#  ifdef NETWARE_BSDSOCK
-#    include <sys/socket.h>
-#    include <sys/bsdskt.h>
-#  else
-#    include <novsock2.h>
-#  endif
-#elif defined(NETWARE_LIBC)
-#  ifdef NETWARE_BSDSOCK
-#    include <sys/select.h>
-#  else
-#    include <novsock2.h>
-#  endif
-#endif
-  
-/* Maximum leeway in validity period: default 5 minutes */
-#define MAX_VALIDITY_PERIOD	(5 * 60)
-
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md, X509 *issuer,
-				STACK_OF(OCSP_CERTID) *ids);
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, const EVP_MD * cert_id_md, X509 *issuer,
-				STACK_OF(OCSP_CERTID) *ids);
-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
-			      STACK_OF(OPENSSL_STRING) *names,
-			      STACK_OF(OCSP_CERTID) *ids, long nsec,
-			      long maxage);
-
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
-			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
-			STACK_OF(X509) *rother, unsigned long flags,
-			int nmin, int ndays);
-
-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
-static BIO *init_responder(char *port);
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
-static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
-				STACK_OF(CONF_VALUE) *headers,
-				OCSP_REQUEST *req, int req_timeout);
-
-#undef PROG
-#define PROG ocsp_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	char **args;
-	char *host = NULL, *port = NULL, *path = "/";
-	char *thost = NULL, *tport = NULL, *tpath = NULL;
-	char *reqin = NULL, *respin = NULL;
-	char *reqout = NULL, *respout = NULL;
-	char *signfile = NULL, *keyfile = NULL;
-	char *rsignfile = NULL, *rkeyfile = NULL;
-	char *outfile = NULL;
-	int add_nonce = 1, noverify = 0, use_ssl = -1;
-	STACK_OF(CONF_VALUE) *headers = NULL;
-	OCSP_REQUEST *req = NULL;
-	OCSP_RESPONSE *resp = NULL;
-	OCSP_BASICRESP *bs = NULL;
-	X509 *issuer = NULL, *cert = NULL;
-	X509 *signer = NULL, *rsigner = NULL;
-	EVP_PKEY *key = NULL, *rkey = NULL;
-	BIO *acbio = NULL, *cbio = NULL;
-	BIO *derbio = NULL;
-	BIO *out = NULL;
-	int req_timeout = -1;
-	int req_text = 0, resp_text = 0;
-	long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
-	char *CAfile = NULL, *CApath = NULL;
-	X509_STORE *store = NULL;
-	STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
-	char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
-	unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
-	int ret = 1;
-	int accept_count = -1;
-	int badarg = 0;
-	int i;
-	int ignore_err = 0;
-	STACK_OF(OPENSSL_STRING) *reqnames = NULL;
-	STACK_OF(OCSP_CERTID) *ids = NULL;
-
-	X509 *rca_cert = NULL;
-	char *ridx_filename = NULL;
-	char *rca_filename = NULL;
-	CA_DB *rdb = NULL;
-	int nmin = 0, ndays = -1;
-	const EVP_MD *cert_id_md = NULL;
-
-	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-	SSL_load_error_strings();
-	OpenSSL_add_ssl_algorithms();
-	args = argv + 1;
-	reqnames = sk_OPENSSL_STRING_new_null();
-	ids = sk_OCSP_CERTID_new_null();
-	while (!badarg && *args && *args[0] == '-')
-		{
-		if (!strcmp(*args, "-out"))
-			{
-			if (args[1])
-				{
-				args++;
-				outfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-timeout"))
-			{
-			if (args[1])
-				{
-				args++;
-				req_timeout = atol(*args);
-				if (req_timeout < 0)
-					{
-					BIO_printf(bio_err,
-						"Illegal timeout value %s\n",
-						*args);
-					badarg = 1;
-					}
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-url"))
-			{
-			if (thost)
-				OPENSSL_free(thost);
-			if (tport)
-				OPENSSL_free(tport);
-			if (tpath)
-				OPENSSL_free(tpath);
-			if (args[1])
-				{
-				args++;
-				if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl))
-					{
-					BIO_printf(bio_err, "Error parsing URL\n");
-					badarg = 1;
-					}
-				thost = host;
-				tport = port;
-				tpath = path;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-host"))
-			{
-			if (args[1])
-				{
-				args++;
-				host = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-port"))
-			{
-			if (args[1])
-				{
-				args++;
-				port = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-header"))
-			{
-			if (args[1] && args[2])
-				{
-				if (!X509V3_add_value(args[1], args[2], &headers))
-					goto end;
-				args += 2;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-ignore_err"))
-			ignore_err = 1;
-		else if (!strcmp(*args, "-noverify"))
-			noverify = 1;
-		else if (!strcmp(*args, "-nonce"))
-			add_nonce = 2;
-		else if (!strcmp(*args, "-no_nonce"))
-			add_nonce = 0;
-		else if (!strcmp(*args, "-resp_no_certs"))
-			rflags |= OCSP_NOCERTS;
-		else if (!strcmp(*args, "-resp_key_id"))
-			rflags |= OCSP_RESPID_KEY;
-		else if (!strcmp(*args, "-no_certs"))
-			sign_flags |= OCSP_NOCERTS;
-		else if (!strcmp(*args, "-no_signature_verify"))
-			verify_flags |= OCSP_NOSIGS;
-		else if (!strcmp(*args, "-no_cert_verify"))
-			verify_flags |= OCSP_NOVERIFY;
-		else if (!strcmp(*args, "-no_chain"))
-			verify_flags |= OCSP_NOCHAIN;
-		else if (!strcmp(*args, "-no_cert_checks"))
-			verify_flags |= OCSP_NOCHECKS;
-		else if (!strcmp(*args, "-no_explicit"))
-			verify_flags |= OCSP_NOEXPLICIT;
-		else if (!strcmp(*args, "-trust_other"))
-			verify_flags |= OCSP_TRUSTOTHER;
-		else if (!strcmp(*args, "-no_intern"))
-			verify_flags |= OCSP_NOINTERN;
-		else if (!strcmp(*args, "-text"))
-			{
-			req_text = 1;
-			resp_text = 1;
-			}
-		else if (!strcmp(*args, "-req_text"))
-			req_text = 1;
-		else if (!strcmp(*args, "-resp_text"))
-			resp_text = 1;
-		else if (!strcmp(*args, "-reqin"))
-			{
-			if (args[1])
-				{
-				args++;
-				reqin = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-respin"))
-			{
-			if (args[1])
-				{
-				args++;
-				respin = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-signer"))
-			{
-			if (args[1])
-				{
-				args++;
-				signfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-VAfile"))
-			{
-			if (args[1])
-				{
-				args++;
-				verify_certfile = *args;
-				verify_flags |= OCSP_TRUSTOTHER;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-sign_other"))
-			{
-			if (args[1])
-				{
-				args++;
-				sign_certfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-verify_other"))
-			{
-			if (args[1])
-				{
-				args++;
-				verify_certfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-CAfile"))
-			{
-			if (args[1])
-				{
-				args++;
-				CAfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-CApath"))
-			{
-			if (args[1])
-				{
-				args++;
-				CApath = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-validity_period"))
-			{
-			if (args[1])
-				{
-				args++;
-				nsec = atol(*args);
-				if (nsec < 0)
-					{
-					BIO_printf(bio_err,
-						"Illegal validity period %s\n",
-						*args);
-					badarg = 1;
-					}
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-status_age"))
-			{
-			if (args[1])
-				{
-				args++;
-				maxage = atol(*args);
-				if (maxage < 0)
-					{
-					BIO_printf(bio_err,
-						"Illegal validity age %s\n",
-						*args);
-					badarg = 1;
-					}
-				}
-			else badarg = 1;
-			}
-		 else if (!strcmp(*args, "-signkey"))
-			{
-			if (args[1])
-				{
-				args++;
-				keyfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-reqout"))
-			{
-			if (args[1])
-				{
-				args++;
-				reqout = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-respout"))
-			{
-			if (args[1])
-				{
-				args++;
-				respout = *args;
-				}
-			else badarg = 1;
-			}
-		 else if (!strcmp(*args, "-path"))
-			{
-			if (args[1])
-				{
-				args++;
-				path = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-issuer"))
-			{
-			if (args[1])
-				{
-				args++;
-				X509_free(issuer);
-				issuer = load_cert(bio_err, *args, FORMAT_PEM,
-					NULL, e, "issuer certificate");
-				if(!issuer) goto end;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-cert"))
-			{
-			if (args[1])
-				{
-				args++;
-				X509_free(cert);
-				cert = load_cert(bio_err, *args, FORMAT_PEM,
-					NULL, e, "certificate");
-				if(!cert) goto end;
-				if (!cert_id_md) cert_id_md = EVP_sha1();
-				if(!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
-					goto end;
-				if(!sk_OPENSSL_STRING_push(reqnames, *args))
-					goto end;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-serial"))
-			{
-			if (args[1])
-				{
-				args++;
-				if (!cert_id_md) cert_id_md = EVP_sha1();
-				if(!add_ocsp_serial(&req, *args, cert_id_md, issuer, ids))
-					goto end;
-				if(!sk_OPENSSL_STRING_push(reqnames, *args))
-					goto end;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-index"))
-			{
-			if (args[1])
-				{
-				args++;
-				ridx_filename = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-CA"))
-			{
-			if (args[1])
-				{
-				args++;
-				rca_filename = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-nmin"))
-			{
-			if (args[1])
-				{
-				args++;
-				nmin = atol(*args);
-				if (nmin < 0)
-					{
-					BIO_printf(bio_err,
-						"Illegal update period %s\n",
-						*args);
-					badarg = 1;
-					}
-				}
-				if (ndays == -1)
-					ndays = 0;
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-nrequest"))
-			{
-			if (args[1])
-				{
-				args++;
-				accept_count = atol(*args);
-				if (accept_count < 0)
-					{
-					BIO_printf(bio_err,
-						"Illegal accept count %s\n",
-						*args);
-					badarg = 1;
-					}
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-ndays"))
-			{
-			if (args[1])
-				{
-				args++;
-				ndays = atol(*args);
-				if (ndays < 0)
-					{
-					BIO_printf(bio_err,
-						"Illegal update period %s\n",
-						*args);
-					badarg = 1;
-					}
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-rsigner"))
-			{
-			if (args[1])
-				{
-				args++;
-				rsignfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-rkey"))
-			{
-			if (args[1])
-				{
-				args++;
-				rkeyfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args, "-rother"))
-			{
-			if (args[1])
-				{
-				args++;
-				rcertfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL)
-			{
-			badarg = 1;
-			}
-		args++;
-		}
-
-	/* Have we anything to do? */
-	if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1;
-
-	if (badarg)
-		{
-		BIO_printf (bio_err, "OCSP utility\n");
-		BIO_printf (bio_err, "Usage ocsp [options]\n");
-		BIO_printf (bio_err, "where options are\n");
-		BIO_printf (bio_err, "-out file            output filename\n");
-		BIO_printf (bio_err, "-issuer file         issuer certificate\n");
-		BIO_printf (bio_err, "-cert file           certificate to check\n");
-		BIO_printf (bio_err, "-serial n            serial number to check\n");
-		BIO_printf (bio_err, "-signer file         certificate to sign OCSP request with\n");
-		BIO_printf (bio_err, "-signkey file        private key to sign OCSP request with\n");
-		BIO_printf (bio_err, "-sign_other file     additional certificates to include in signed request\n");
-		BIO_printf (bio_err, "-no_certs            don't include any certificates in signed request\n");
-		BIO_printf (bio_err, "-req_text            print text form of request\n");
-		BIO_printf (bio_err, "-resp_text           print text form of response\n");
-		BIO_printf (bio_err, "-text                print text form of request and response\n");
-		BIO_printf (bio_err, "-reqout file         write DER encoded OCSP request to \"file\"\n");
-		BIO_printf (bio_err, "-respout file        write DER encoded OCSP reponse to \"file\"\n");
-		BIO_printf (bio_err, "-reqin file          read DER encoded OCSP request from \"file\"\n");
-		BIO_printf (bio_err, "-respin file         read DER encoded OCSP reponse from \"file\"\n");
-		BIO_printf (bio_err, "-nonce               add OCSP nonce to request\n");
-		BIO_printf (bio_err, "-no_nonce            don't add OCSP nonce to request\n");
-		BIO_printf (bio_err, "-url URL             OCSP responder URL\n");
-		BIO_printf (bio_err, "-host host:n         send OCSP request to host on port n\n");
-		BIO_printf (bio_err, "-path                path to use in OCSP request\n");
-		BIO_printf (bio_err, "-CApath dir          trusted certificates directory\n");
-		BIO_printf (bio_err, "-CAfile file         trusted certificates file\n");
-		BIO_printf (bio_err, "-VAfile file         validator certificates file\n");
-		BIO_printf (bio_err, "-validity_period n   maximum validity discrepancy in seconds\n");
-		BIO_printf (bio_err, "-status_age n        maximum status age in seconds\n");
-		BIO_printf (bio_err, "-noverify            don't verify response at all\n");
-		BIO_printf (bio_err, "-verify_other file   additional certificates to search for signer\n");
-		BIO_printf (bio_err, "-trust_other         don't verify additional certificates\n");
-		BIO_printf (bio_err, "-no_intern           don't search certificates contained in response for signer\n");
-		BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
-		BIO_printf (bio_err, "-no_cert_verify      don't check signing certificate\n");
-		BIO_printf (bio_err, "-no_chain            don't chain verify response\n");
-		BIO_printf (bio_err, "-no_cert_checks      don't do additional checks on signing certificate\n");
-		BIO_printf (bio_err, "-port num            port to run responder on\n");
-		BIO_printf (bio_err, "-index file          certificate status index file\n");
-		BIO_printf (bio_err, "-CA file             CA certificate\n");
-		BIO_printf (bio_err, "-rsigner file        responder certificate to sign responses with\n");
-		BIO_printf (bio_err, "-rkey file           responder key to sign responses with\n");
-		BIO_printf (bio_err, "-rother file         other certificates to include in response\n");
-		BIO_printf (bio_err, "-resp_no_certs       don't include any certificates in response\n");
-		BIO_printf (bio_err, "-nmin n              number of minutes before next update\n");
-		BIO_printf (bio_err, "-ndays n             number of days before next update\n");
-		BIO_printf (bio_err, "-resp_key_id         identify reponse by signing certificate key ID\n");
-		BIO_printf (bio_err, "-nrequest n          number of requests to accept (default unlimited)\n");
-		BIO_printf (bio_err, "-<dgst alg>          use specified digest in the request\n");
-		BIO_printf (bio_err, "-timeout n           timeout connection to OCSP responder after n seconds\n");
-		goto end;
-		}
-
-	if(outfile) out = BIO_new_file(outfile, "w");
-	else out = BIO_new_fp(stdout, BIO_NOCLOSE);
-
-	if(!out)
-		{
-		BIO_printf(bio_err, "Error opening output file\n");
-		goto end;
-		}
-
-	if (!req && (add_nonce != 2)) add_nonce = 0;
-
-	if (!req && reqin)
-		{
-		derbio = BIO_new_file(reqin, "rb");
-		if (!derbio)
-			{
-			BIO_printf(bio_err, "Error Opening OCSP request file\n");
-			goto end;
-			}
-		req = d2i_OCSP_REQUEST_bio(derbio, NULL);
-		BIO_free(derbio);
-		if(!req)
-			{
-			BIO_printf(bio_err, "Error reading OCSP request\n");
-			goto end;
-			}
-		}
-
-	if (!req && port)
-		{
-		acbio = init_responder(port);
-		if (!acbio)
-			goto end;
-		}
-
-	if (rsignfile && !rdb)
-		{
-		if (!rkeyfile) rkeyfile = rsignfile;
-		rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
-			NULL, e, "responder certificate");
-		if (!rsigner)
-			{
-			BIO_printf(bio_err, "Error loading responder certificate\n");
-			goto end;
-			}
-		rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
-			NULL, e, "CA certificate");
-		if (rcertfile)
-			{
-			rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
-				NULL, e, "responder other certificates");
-			if (!rother) goto end;
-			}
-		rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
-			"responder private key");
-		if (!rkey)
-			goto end;
-		}
-	if(acbio)
-		BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
-
-	redo_accept:
-
-	if (acbio)
-		{
-		if (!do_responder(&req, &cbio, acbio, port))
-			goto end;
-		if (!req)
-			{
-			resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
-			send_ocsp_response(cbio, resp);
-			goto done_resp;
-			}
-		}
-
-	if (!req && (signfile || reqout || host || add_nonce || ridx_filename))
-		{
-		BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
-		goto end;
-		}
-
-	if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1);
-
-	if (signfile)
-		{
-		if (!keyfile) keyfile = signfile;
-		signer = load_cert(bio_err, signfile, FORMAT_PEM,
-			NULL, e, "signer certificate");
-		if (!signer)
-			{
-			BIO_printf(bio_err, "Error loading signer certificate\n");
-			goto end;
-			}
-		if (sign_certfile)
-			{
-			sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
-				NULL, e, "signer certificates");
-			if (!sign_other) goto end;
-			}
-		key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
-			"signer private key");
-		if (!key)
-			goto end;
-
-		if (!OCSP_request_sign(req, signer, key, NULL, sign_other, sign_flags))
-			{
-			BIO_printf(bio_err, "Error signing OCSP request\n");
-			goto end;
-			}
-		}
-
-	if (req_text && req) OCSP_REQUEST_print(out, req, 0);
-
-	if (reqout)
-		{
-		derbio = BIO_new_file(reqout, "wb");
-		if(!derbio)
-			{
-			BIO_printf(bio_err, "Error opening file %s\n", reqout);
-			goto end;
-			}
-		i2d_OCSP_REQUEST_bio(derbio, req);
-		BIO_free(derbio);
-		}
-
-	if (ridx_filename && (!rkey || !rsigner || !rca_cert))
-		{
-		BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
-		goto end;
-		}
-
-	if (ridx_filename && !rdb)
-		{
-		rdb = load_index(ridx_filename, NULL);
-		if (!rdb) goto end;
-		if (!index_index(rdb)) goto end;
-		}
-
-	if (rdb)
-		{
-		i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays);
-		if (cbio)
-			send_ocsp_response(cbio, resp);
-		}
-	else if (host)
-		{
-#ifndef OPENSSL_NO_SOCK
-		resp = process_responder(bio_err, req, host, path,
-					port, use_ssl, headers, req_timeout);
-		if (!resp)
-			goto end;
-#else
-		BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
-		goto end;
-#endif
-		}
-	else if (respin)
-		{
-		derbio = BIO_new_file(respin, "rb");
-		if (!derbio)
-			{
-			BIO_printf(bio_err, "Error Opening OCSP response file\n");
-			goto end;
-			}
-		resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
-		BIO_free(derbio);
-		if(!resp)
-			{
-			BIO_printf(bio_err, "Error reading OCSP response\n");
-			goto end;
-			}
-	
-		}
-	else
-		{
-		ret = 0;
-		goto end;
-		}
-
-	done_resp:
-
-	if (respout)
-		{
-		derbio = BIO_new_file(respout, "wb");
-		if(!derbio)
-			{
-			BIO_printf(bio_err, "Error opening file %s\n", respout);
-			goto end;
-			}
-		i2d_OCSP_RESPONSE_bio(derbio, resp);
-		BIO_free(derbio);
-		}
-
-	i = OCSP_response_status(resp);
-
-	if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
-		{
-		BIO_printf(out, "Responder Error: %s (%d)\n",
-				OCSP_response_status_str(i), i);
-		if (ignore_err)
-			goto redo_accept;
-		ret = 0;
-		goto end;
-		}
-
-	if (resp_text) OCSP_RESPONSE_print(out, resp, 0);
-
-	/* If running as responder don't verify our own response */
-	if (cbio)
-		{
-		if (accept_count > 0)
-			accept_count--;
-		/* Redo if more connections needed */
-		if (accept_count)
-			{
-			BIO_free_all(cbio);
-			cbio = NULL;
-			OCSP_REQUEST_free(req);
-			req = NULL;
-			OCSP_RESPONSE_free(resp);
-			resp = NULL;
-			goto redo_accept;
-			}
-		goto end;
-		}
-
-	if (!store)
-		store = setup_verify(bio_err, CAfile, CApath);
-	if (!store)
-		goto end;
-	if (verify_certfile)
-		{
-		verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
-			NULL, e, "validator certificate");
-		if (!verify_other) goto end;
-		}
-
-	bs = OCSP_response_get1_basic(resp);
-
-	if (!bs)
-		{
-		BIO_printf(bio_err, "Error parsing response\n");
-		goto end;
-		}
-
-	if (!noverify)
-		{
-		if (req && ((i = OCSP_check_nonce(req, bs)) <= 0))
-			{
-			if (i == -1)
-				BIO_printf(bio_err, "WARNING: no nonce in response\n");
-			else
-				{
-				BIO_printf(bio_err, "Nonce Verify error\n");
-				goto end;
-				}
-			}
-
-		i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
-                if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);
-
-		if(i <= 0)
-			{
-			BIO_printf(bio_err, "Response Verify Failure\n");
-			ERR_print_errors(bio_err);
-			}
-		else
-			BIO_printf(bio_err, "Response verify OK\n");
-
-		}
-
-	if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
-		goto end;
-
-	ret = 0;
-
-end:
-	ERR_print_errors(bio_err);
-	X509_free(signer);
-	X509_STORE_free(store);
-	EVP_PKEY_free(key);
-	EVP_PKEY_free(rkey);
-	X509_free(issuer);
-	X509_free(cert);
-	X509_free(rsigner);
-	X509_free(rca_cert);
-	free_index(rdb);
-	BIO_free_all(cbio);
-	BIO_free_all(acbio);
-	BIO_free(out);
-	OCSP_REQUEST_free(req);
-	OCSP_RESPONSE_free(resp);
-	OCSP_BASICRESP_free(bs);
-	sk_OPENSSL_STRING_free(reqnames);
-	sk_OCSP_CERTID_free(ids);
-	sk_X509_pop_free(sign_other, X509_free);
-	sk_X509_pop_free(verify_other, X509_free);
-	sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
-
-	if (thost)
-		OPENSSL_free(thost);
-	if (tport)
-		OPENSSL_free(tport);
-	if (tpath)
-		OPENSSL_free(tpath);
-
-	OPENSSL_EXIT(ret);
-}
-
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md,X509 *issuer,
-				STACK_OF(OCSP_CERTID) *ids)
-	{
-	OCSP_CERTID *id;
-	if(!issuer)
-		{
-		BIO_printf(bio_err, "No issuer certificate specified\n");
-		return 0;
-		}
-	if(!*req) *req = OCSP_REQUEST_new();
-	if(!*req) goto err;
-	id = OCSP_cert_to_id(cert_id_md, cert, issuer);
-	if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
-	if(!OCSP_request_add0_id(*req, id)) goto err;
-	return 1;
-
-	err:
-	BIO_printf(bio_err, "Error Creating OCSP request\n");
-	return 0;
-	}
-
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,const EVP_MD *cert_id_md, X509 *issuer,
-				STACK_OF(OCSP_CERTID) *ids)
-	{
-	OCSP_CERTID *id;
-	X509_NAME *iname;
-	ASN1_BIT_STRING *ikey;
-	ASN1_INTEGER *sno;
-	if(!issuer)
-		{
-		BIO_printf(bio_err, "No issuer certificate specified\n");
-		return 0;
-		}
-	if(!*req) *req = OCSP_REQUEST_new();
-	if(!*req) goto err;
-	iname = X509_get_subject_name(issuer);
-	ikey = X509_get0_pubkey_bitstr(issuer);
-	sno = s2i_ASN1_INTEGER(NULL, serial);
-	if(!sno)
-		{
-		BIO_printf(bio_err, "Error converting serial number %s\n", serial);
-		return 0;
-		}
-	id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno);
-	ASN1_INTEGER_free(sno);
-	if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
-	if(!OCSP_request_add0_id(*req, id)) goto err;
-	return 1;
-
-	err:
-	BIO_printf(bio_err, "Error Creating OCSP request\n");
-	return 0;
-	}
-
-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
-			      STACK_OF(OPENSSL_STRING) *names,
-			      STACK_OF(OCSP_CERTID) *ids, long nsec,
-			      long maxage)
-	{
-	OCSP_CERTID *id;
-	char *name;
-	int i;
-
-	int status, reason;
-
-	ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
-
-	if (!bs || !req || !sk_OPENSSL_STRING_num(names) || !sk_OCSP_CERTID_num(ids))
-		return 1;
-
-	for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
-		{
-		id = sk_OCSP_CERTID_value(ids, i);
-		name = sk_OPENSSL_STRING_value(names, i);
-		BIO_printf(out, "%s: ", name);
-
-		if(!OCSP_resp_find_status(bs, id, &status, &reason,
-					&rev, &thisupd, &nextupd))
-			{
-			BIO_puts(out, "ERROR: No Status found.\n");
-			continue;
-			}
-
-		/* Check validity: if invalid write to output BIO so we
-		 * know which response this refers to.
-		 */
-		if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage))
-			{
-			BIO_puts(out, "WARNING: Status times invalid.\n");
-			ERR_print_errors(out);
-			}
-		BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
-
-		BIO_puts(out, "\tThis Update: ");
-		ASN1_GENERALIZEDTIME_print(out, thisupd);
-		BIO_puts(out, "\n");
-
-		if(nextupd)
-			{
-			BIO_puts(out, "\tNext Update: ");
-			ASN1_GENERALIZEDTIME_print(out, nextupd);
-			BIO_puts(out, "\n");
-			}
-
-		if (status != V_OCSP_CERTSTATUS_REVOKED)
-			continue;
-
-		if (reason != -1)
-			BIO_printf(out, "\tReason: %s\n",
-				OCSP_crl_reason_str(reason));
-
-		BIO_puts(out, "\tRevocation Time: ");
-		ASN1_GENERALIZEDTIME_print(out, rev);
-		BIO_puts(out, "\n");
-		}
-
-	return 1;
-	}
-
-
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
-			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
-			STACK_OF(X509) *rother, unsigned long flags,
-			int nmin, int ndays)
-	{
-	ASN1_TIME *thisupd = NULL, *nextupd = NULL;
-	OCSP_CERTID *cid, *ca_id = NULL;
-	OCSP_BASICRESP *bs = NULL;
-	int i, id_count, ret = 1;
-
-	id_count = OCSP_request_onereq_count(req);
-
-	if (id_count <= 0)
-		{
-		*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
-		goto end;
-		}
-
-
-	bs = OCSP_BASICRESP_new();
-	thisupd = X509_gmtime_adj(NULL, 0);
-	if (ndays != -1)
-		nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 );
-
-	/* Examine each certificate id in the request */
-	for (i = 0; i < id_count; i++)
-		{
-		OCSP_ONEREQ *one;
-		ASN1_INTEGER *serial;
-		char **inf;
-		ASN1_OBJECT *cert_id_md_oid;
-		const EVP_MD *cert_id_md;
-		one = OCSP_request_onereq_get0(req, i);
-		cid = OCSP_onereq_get0_id(one);
-
-		OCSP_id_get0_info(NULL,&cert_id_md_oid, NULL,NULL, cid);
-
-		cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);	
-		if (! cert_id_md) 
-			{
-			*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
-				NULL);
-				goto end;
-			}	
-		if (ca_id) OCSP_CERTID_free(ca_id);
-		ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca);
-
-		/* Is this request about our CA? */
-		if (OCSP_id_issuer_cmp(ca_id, cid))
-			{
-			OCSP_basic_add1_status(bs, cid,
-						V_OCSP_CERTSTATUS_UNKNOWN,
-						0, NULL,
-						thisupd, nextupd);
-			continue;
-			}
-		OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
-		inf = lookup_serial(db, serial);
-		if (!inf)
-			OCSP_basic_add1_status(bs, cid,
-						V_OCSP_CERTSTATUS_UNKNOWN,
-						0, NULL,
-						thisupd, nextupd);
-		else if (inf[DB_type][0] == DB_TYPE_VAL)
-			OCSP_basic_add1_status(bs, cid,
-						V_OCSP_CERTSTATUS_GOOD,
-						0, NULL,
-						thisupd, nextupd);
-		else if (inf[DB_type][0] == DB_TYPE_REV)
-			{
-			ASN1_OBJECT *inst = NULL;
-			ASN1_TIME *revtm = NULL;
-			ASN1_GENERALIZEDTIME *invtm = NULL;
-			OCSP_SINGLERESP *single;
-			int reason = -1;
-			unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
-			single = OCSP_basic_add1_status(bs, cid,
-						V_OCSP_CERTSTATUS_REVOKED,
-						reason, revtm,
-						thisupd, nextupd);
-			if (invtm)
-				OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0);
-			else if (inst)
-				OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0);
-			ASN1_OBJECT_free(inst);
-			ASN1_TIME_free(revtm);
-			ASN1_GENERALIZEDTIME_free(invtm);
-			}
-		}
-
-	OCSP_copy_nonce(bs, req);
-	
-	OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
-
-	*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
-
-	end:
-	ASN1_TIME_free(thisupd);
-	ASN1_TIME_free(nextupd);
-	OCSP_CERTID_free(ca_id);
-	OCSP_BASICRESP_free(bs);
-	return ret;
-
-	}
-
-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
-	{
-	int i;
-	BIGNUM *bn = NULL;
-	char *itmp, *row[DB_NUMBER],**rrow;
-	for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
-	bn = ASN1_INTEGER_to_BN(ser,NULL);
-	OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */
-	if (BN_is_zero(bn))
-		itmp = BUF_strdup("00");
-	else
-		itmp = BN_bn2hex(bn);
-	row[DB_serial] = itmp;
-	BN_free(bn);
-	rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
-	OPENSSL_free(itmp);
-	return rrow;
-	}
-
-/* Quick and dirty OCSP server: read in and parse input request */
-
-static BIO *init_responder(char *port)
-	{
-	BIO *acbio = NULL, *bufbio = NULL;
-	bufbio = BIO_new(BIO_f_buffer());
-	if (!bufbio) 
-		goto err;
-#ifndef OPENSSL_NO_SOCK
-	acbio = BIO_new_accept(port);
-#else
-	BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n");
-#endif
-	if (!acbio)
-		goto err;
-	BIO_set_accept_bios(acbio, bufbio);
-	bufbio = NULL;
-
-	if (BIO_do_accept(acbio) <= 0)
-		{
-			BIO_printf(bio_err, "Error setting up accept BIO\n");
-			ERR_print_errors(bio_err);
-			goto err;
-		}
-
-	return acbio;
-
-	err:
-	BIO_free_all(acbio);
-	BIO_free(bufbio);
-	return NULL;
-	}
-
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)
-	{
-	int have_post = 0, len;
-	OCSP_REQUEST *req = NULL;
-	char inbuf[1024];
-	BIO *cbio = NULL;
-
-	if (BIO_do_accept(acbio) <= 0)
-		{
-			BIO_printf(bio_err, "Error accepting connection\n");
-			ERR_print_errors(bio_err);
-			return 0;
-		}
-
-	cbio = BIO_pop(acbio);
-	*pcbio = cbio;
-
-	for(;;)
-		{
-		len = BIO_gets(cbio, inbuf, sizeof inbuf);
-		if (len <= 0)
-			return 1;
-		/* Look for "POST" signalling start of query */
-		if (!have_post)
-			{
-			if(strncmp(inbuf, "POST", 4))
-				{
-				BIO_printf(bio_err, "Invalid request\n");
-				return 1;
-				}
-			have_post = 1;
-			}
-		/* Look for end of headers */
-		if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
-			break;
-		}
-
-	/* Try to read OCSP request */
-
-	req = d2i_OCSP_REQUEST_bio(cbio, NULL);
-
-	if (!req)
-		{
-		BIO_printf(bio_err, "Error parsing OCSP request\n");
-		ERR_print_errors(bio_err);
-		}
-
-	*preq = req;
-
-	return 1;
-
-	}
-
-static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
-	{
-	char http_resp[] = 
-		"HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
-		"Content-Length: %d\r\n\r\n";
-	if (!cbio)
-		return 0;
-	BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
-	i2d_OCSP_RESPONSE_bio(cbio, resp);
-	(void)BIO_flush(cbio);
-	return 1;
-	}
-
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
-				STACK_OF(CONF_VALUE) *headers,
-				OCSP_REQUEST *req, int req_timeout)
-	{
-	int fd;
-	int rv;
-	int i;
-	OCSP_REQ_CTX *ctx = NULL;
-	OCSP_RESPONSE *rsp = NULL;
-	fd_set confds;
-	struct timeval tv;
-
-	if (req_timeout != -1)
-		BIO_set_nbio(cbio, 1);
-
-	rv = BIO_do_connect(cbio);
-
-	if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio)))
-		{
-		BIO_puts(err, "Error connecting BIO\n");
-		return NULL;
-		}
-
-	if (BIO_get_fd(cbio, &fd) <= 0)
-		{
-		BIO_puts(err, "Can't get connection fd\n");
-		goto err;
-		}
-
-	if (req_timeout != -1 && rv <= 0)
-		{
-		FD_ZERO(&confds);
-		openssl_fdset(fd, &confds);
-		tv.tv_usec = 0;
-		tv.tv_sec = req_timeout;
-		rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
-		if (rv == 0)
-			{
-			BIO_puts(err, "Timeout on connect\n");
-			return NULL;
-			}
-		}
-
-
-	ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
-	if (!ctx)
-		return NULL;
-
-	for (i = 0; i < sk_CONF_VALUE_num(headers); i++)
-		{
-		CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
-		if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
-			goto err;
-		}
-
-	if (!OCSP_REQ_CTX_set1_req(ctx, req))
-		goto err;
-	
-	for (;;)
-		{
-		rv = OCSP_sendreq_nbio(&rsp, ctx);
-		if (rv != -1)
-			break;
-		if (req_timeout == -1)
-			continue;
-		FD_ZERO(&confds);
-		openssl_fdset(fd, &confds);
-		tv.tv_usec = 0;
-		tv.tv_sec = req_timeout;
-		if (BIO_should_read(cbio))
-			rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
-		else if (BIO_should_write(cbio))
-			rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
-		else
-			{
-			BIO_puts(err, "Unexpected retry condition\n");
-			goto err;
-			}
-		if (rv == 0)
-			{
-			BIO_puts(err, "Timeout on request\n");
-			break;
-			}
-		if (rv == -1)
-			{
-			BIO_puts(err, "Select error\n");
-			break;
-			}
-
-		}
-	err:
-	if (ctx)
-		OCSP_REQ_CTX_free(ctx);
-
-	return rsp;
-	}
-
-OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
-			char *host, char *path, char *port, int use_ssl,
-			STACK_OF(CONF_VALUE) *headers,
-			int req_timeout)
-	{
-	BIO *cbio = NULL;
-	SSL_CTX *ctx = NULL;
-	OCSP_RESPONSE *resp = NULL;
-	cbio = BIO_new_connect(host);
-	if (!cbio)
-		{
-		BIO_printf(err, "Error creating connect BIO\n");
-		goto end;
-		}
-	if (port) BIO_set_conn_port(cbio, port);
-	if (use_ssl == 1)
-		{
-		BIO *sbio;
-		ctx = SSL_CTX_new(SSLv23_client_method());
-		if (ctx == NULL)
-			{
-			BIO_printf(err, "Error creating SSL context.\n");
-			goto end;
-			}
-		SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
-		sbio = BIO_new_ssl(ctx, 1);
-		cbio = BIO_push(sbio, cbio);
-		}
-	resp = query_responder(err, cbio, path, headers, req, req_timeout);
-	if (!resp)
-		BIO_printf(bio_err, "Error querying OCSP responder\n");
-	end:
-	if (cbio)
-		BIO_free_all(cbio);
-	if (ctx)
-		SSL_CTX_free(ctx);
-	return resp;
-	}
-
-#endif
diff --git a/apps/oid.cnf b/apps/oid.cnf
deleted file mode 100644
index faf425a156..0000000000
--- a/apps/oid.cnf
+++ /dev/null
@@ -1,6 +0,0 @@
-2.99999.1       SET.ex1         SET x509v3 extension 1
-2.99999.2       SET.ex2         SET x509v3 extension 2
-2.99999.3       SET.ex3         SET x509v3 extension 3
-2.99999.4       SET.ex4         SET x509v3 extension 4
-2.99999.5       SET.ex5         SET x509v3 extension 5
-2.99999.6       SET.ex6         SET x509v3 extension 6
diff --git a/apps/openssl.c b/apps/openssl.c
deleted file mode 100644
index bca79a2311..0000000000
--- a/apps/openssl.c
+++ /dev/null
@@ -1,732 +0,0 @@
-/* apps/openssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#include "progs.h"
-#include "s_apps.h"
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
- * base prototypes (we cast each variable inside the function to the required
- * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
- * functions. */
-
-static LHASH_OF(FUNCTION) *prog_init(void );
-static int do_cmd(LHASH_OF(FUNCTION) *prog,int argc,char *argv[]);
-static void list_pkey(BIO *out);
-static void list_cipher(BIO *out);
-static void list_md(BIO *out);
-char *default_config_file=NULL;
-
-/* Make sure there is only one when MONOLITH is defined */
-#ifdef MONOLITH
-CONF *config=NULL;
-BIO *bio_err=NULL;
-#endif
-
-
-static void lock_dbg_cb(int mode, int type, const char *file, int line)
-	{
-	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
-	const char *errstr = NULL;
-	int rw;
-	
-	rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
-	if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
-		{
-		errstr = "invalid mode";
-		goto err;
-		}
-
-	if (type < 0 || type >= CRYPTO_NUM_LOCKS)
-		{
-		errstr = "type out of bounds";
-		goto err;
-		}
-
-	if (mode & CRYPTO_LOCK)
-		{
-		if (modes[type])
-			{
-			errstr = "already locked";
-			/* must not happen in a single-threaded program
-			 * (would deadlock) */
-			goto err;
-			}
-
-		modes[type] = rw;
-		}
-	else if (mode & CRYPTO_UNLOCK)
-		{
-		if (!modes[type])
-			{
-			errstr = "not locked";
-			goto err;
-			}
-		
-		if (modes[type] != rw)
-			{
-			errstr = (rw == CRYPTO_READ) ?
-				"CRYPTO_r_unlock on write lock" :
-				"CRYPTO_w_unlock on read lock";
-			}
-
-		modes[type] = 0;
-		}
-	else
-		{
-		errstr = "invalid mode";
-		goto err;
-		}
-
- err:
-	if (errstr)
-		{
-		/* we cannot use bio_err here */
-		fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
-			errstr, mode, type, file, line);
-		}
-	}
-
-#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
-# define ARGV _Argv
-#else
-# define ARGV Argv
-#endif
-
-int main(int Argc, char *ARGV[])
-	{
-	ARGS arg;
-#define PROG_NAME_SIZE	39
-	char pname[PROG_NAME_SIZE+1];
-	FUNCTION f,*fp;
-	MS_STATIC const char *prompt;
-	MS_STATIC char buf[1024];
-	char *to_free=NULL;
-	int n,i,ret=0;
-	int argc;
-	char **argv,*p;
-	LHASH_OF(FUNCTION) *prog=NULL;
-	long errline;
-
-#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
-	/* 2011-03-22 SMS.
-	 * If we have 32-bit pointers everywhere, then we're safe, and
-	 * we bypass this mess, as on non-VMS systems.  (See ARGV,
-	 * above.)
-	 * Problem 1: Compaq/HP C before V7.3 always used 32-bit
-	 * pointers for argv[].
-	 * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
-	 * everywhere else, we always allocate and use a 64-bit
-	 * duplicate of argv[].
-	 * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
-	 * to NULL-terminate a 64-bit argv[].  (As this was written, the
-	 * compiler ECO was available only on IA64.)
-	 * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
-	 * 64-bit argv[argc] for NULL, and, if necessary, use a
-	 * (properly) NULL-terminated (64-bit) duplicate of argv[].
-	 * The same code is used in either case to duplicate argv[].
-	 * Some of these decisions could be handled in preprocessing,
-	 * but the code tends to get even uglier, and the penalty for
-	 * deciding at compile- or run-time is tiny.
-	 */
-	char **Argv = NULL;
-	int free_Argv = 0;
-
-	if ((sizeof( _Argv) < 8)        /* 32-bit argv[]. */
-# if !defined( VMS_TRUST_ARGV)
-	 || (_Argv[ Argc] != NULL)      /* Untrusted argv[argc] not NULL. */
-# endif
-		)
-		{
-		int i;
-		Argv = OPENSSL_malloc( (Argc+ 1)* sizeof( char *));
-		if (Argv == NULL)
-			{ ret = -1; goto end; }
-		for(i = 0; i < Argc; i++)
-			Argv[i] = _Argv[i];
-		Argv[ Argc] = NULL;     /* Certain NULL termination. */
-		free_Argv = 1;
-		}
-	else
-		{
-		/* Use the known-good 32-bit argv[] (which needs the
-		 * type cast to satisfy the compiler), or the trusted or
-		 * tested-good 64-bit argv[] as-is. */
-		Argv = (char **)_Argv;
-		}
-#endif /* defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) */
-
-	arg.data=NULL;
-	arg.count=0;
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
-		{
-		if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
-			{
-			CRYPTO_malloc_debug_init();
-			CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-			}
-		else
-			{
-			/* OPENSSL_DEBUG_MEMORY=off */
-			CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
-			}
-		}
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-#if 0
-	if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
-#endif
-		{
-		CRYPTO_set_locking_callback(lock_dbg_cb);
-		}
-
-	if(getenv("OPENSSL_FIPS")) {
-#ifdef OPENSSL_FIPS
-		if (!FIPS_mode_set(1)) {
-			ERR_load_crypto_strings();
-			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-			EXIT(1);
-		}
-#else
-		fprintf(stderr, "FIPS mode not supported.\n");
-		EXIT(1);
-#endif
-		}
-
-	apps_startup();
-
-	/* Lets load up our environment a little */
-	p=getenv("OPENSSL_CONF");
-	if (p == NULL)
-		p=getenv("SSLEAY_CONF");
-	if (p == NULL)
-		p=to_free=make_config_name();
-
-	default_config_file=p;
-
-	config=NCONF_new(NULL);
-	i=NCONF_load(config,p,&errline);
-	if (i == 0)
-		{
-		if (ERR_GET_REASON(ERR_peek_last_error())
-		    == CONF_R_NO_SUCH_FILE)
-			{
-#if 0 /* ANDROID */
-			BIO_printf(bio_err,
-				   "WARNING: can't open config file: %s\n",p);
-#endif
-			ERR_clear_error();
-			NCONF_free(config);
-			config = NULL;
-			}
-		else
-			{
-			ERR_print_errors(bio_err);
-			NCONF_free(config);
-			exit(1);
-			}
-		}
-
-	prog=prog_init();
-
-	/* first check the program name */
-	program_name(Argv[0],pname,sizeof pname);
-
-	f.name=pname;
-	fp=lh_FUNCTION_retrieve(prog,&f);
-	if (fp != NULL)
-		{
-		Argv[0]=pname;
-		ret=fp->func(Argc,Argv);
-		goto end;
-		}
-
-	/* ok, now check that there are not arguments, if there are,
-	 * run with them, shifting the ssleay off the front */
-	if (Argc != 1)
-		{
-		Argc--;
-		Argv++;
-		ret=do_cmd(prog,Argc,Argv);
-		if (ret < 0) ret=0;
-		goto end;
-		}
-
-	/* ok, lets enter the old 'OpenSSL>' mode */
-	
-	for (;;)
-		{
-		ret=0;
-		p=buf;
-		n=sizeof buf;
-		i=0;
-		for (;;)
-			{
-			p[0]='\0';
-			if (i++)
-				prompt=">";
-			else	prompt="OpenSSL> ";
-			fputs(prompt,stdout);
-			fflush(stdout);
-			if (!fgets(p,n,stdin))
-				goto end;
-			if (p[0] == '\0') goto end;
-			i=strlen(p);
-			if (i <= 1) break;
-			if (p[i-2] != '\\') break;
-			i-=2;
-			p+=i;
-			n-=i;
-			}
-		if (!chopup_args(&arg,buf,&argc,&argv)) break;
-
-		ret=do_cmd(prog,argc,argv);
-		if (ret < 0)
-			{
-			ret=0;
-			goto end;
-			}
-		if (ret != 0)
-			BIO_printf(bio_err,"error in %s\n",argv[0]);
-		(void)BIO_flush(bio_err);
-		}
-	BIO_printf(bio_err,"bad exit\n");
-	ret=1;
-end:
-	if (to_free)
-		OPENSSL_free(to_free);
-	if (config != NULL)
-		{
-		NCONF_free(config);
-		config=NULL;
-		}
-	if (prog != NULL) lh_FUNCTION_free(prog);
-	if (arg.data != NULL) OPENSSL_free(arg.data);
-
-
-	if (bio_err != NULL)
-		{
-		BIO_free(bio_err);
-		bio_err=NULL;
-		}
-#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
-	/* Free any duplicate Argv[] storage. */
-	if (free_Argv)
-		{
-		OPENSSL_free(Argv);
-		}
-#endif
-	apps_shutdown();
-	CRYPTO_mem_leaks(bio_err);
-
-	OPENSSL_EXIT(ret);
-	}
-
-#define LIST_STANDARD_COMMANDS "list-standard-commands"
-#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
-#define LIST_MESSAGE_DIGEST_ALGORITHMS "list-message-digest-algorithms"
-#define LIST_CIPHER_COMMANDS "list-cipher-commands"
-#define LIST_CIPHER_ALGORITHMS "list-cipher-algorithms"
-#define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms"
-
-
-static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
-	{
-	FUNCTION f,*fp;
-	int i,ret=1,tp,nl;
-
-	if ((argc <= 0) || (argv[0] == NULL))
-		{ ret=0; goto end; }
-	f.name=argv[0];
-	fp=lh_FUNCTION_retrieve(prog,&f);
-	if (fp == NULL)
-		{
-		if (EVP_get_digestbyname(argv[0]))
-			{
-			f.type = FUNC_TYPE_MD;
-			f.func = dgst_main;
-			fp = &f;
-			}
-		else if (EVP_get_cipherbyname(argv[0]))
-			{
-			f.type = FUNC_TYPE_CIPHER;
-			f.func = enc_main;
-			fp = &f;
-			}
-		}
-	if (fp != NULL)
-		{
-		ret=fp->func(argc,argv);
-		}
-	else if ((strncmp(argv[0],"no-",3)) == 0)
-		{
-		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		bio_stdout = BIO_push(tmpbio, bio_stdout);
-		}
-#endif
-		f.name=argv[0]+3;
-		ret = (lh_FUNCTION_retrieve(prog,&f) != NULL);
-		if (!ret)
-			BIO_printf(bio_stdout, "%s\n", argv[0]);
-		else
-			BIO_printf(bio_stdout, "%s\n", argv[0]+3);
-		BIO_free_all(bio_stdout);
-		goto end;
-		}
-	else if ((strcmp(argv[0],"quit") == 0) ||
-		(strcmp(argv[0],"q") == 0) ||
-		(strcmp(argv[0],"exit") == 0) ||
-		(strcmp(argv[0],"bye") == 0))
-		{
-		ret= -1;
-		goto end;
-		}
-	else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
-		(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
-		(strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) ||
-		(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0) ||
-		(strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) ||
-		(strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0))
-		{
-		int list_type;
-		BIO *bio_stdout;
-
-		if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)
-			list_type = FUNC_TYPE_GENERAL;
-		else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
-			list_type = FUNC_TYPE_MD;
-		else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0)
-			list_type = FUNC_TYPE_MD_ALG;
-		else if (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0)
-			list_type = FUNC_TYPE_PKEY;
-		else if (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0)
-			list_type = FUNC_TYPE_CIPHER_ALG;
-		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
-			list_type = FUNC_TYPE_CIPHER;
-		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		bio_stdout = BIO_push(tmpbio, bio_stdout);
-		}
-#endif
-
-		if (!load_config(bio_err, NULL))
-			goto end;
-
-		if (list_type == FUNC_TYPE_PKEY)
-			list_pkey(bio_stdout);	
-		if (list_type == FUNC_TYPE_MD_ALG)
-			list_md(bio_stdout);	
-		if (list_type == FUNC_TYPE_CIPHER_ALG)
-			list_cipher(bio_stdout);	
-		else
-			{
-			for (fp=functions; fp->name != NULL; fp++)
-				if (fp->type == list_type)
-					BIO_printf(bio_stdout, "%s\n",
-								fp->name);
-			}
-		BIO_free_all(bio_stdout);
-		ret=0;
-		goto end;
-		}
-	else
-		{
-		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
-			argv[0]);
-		BIO_printf(bio_err, "\nStandard commands");
-		i=0;
-		tp=0;
-		for (fp=functions; fp->name != NULL; fp++)
-			{
-			nl=0;
-#ifdef OPENSSL_NO_CAMELLIA
-			if (((i++) % 5) == 0)
-#else
-			if (((i++) % 4) == 0)
-#endif
-				{
-				BIO_printf(bio_err,"\n");
-				nl=1;
-				}
-			if (fp->type != tp)
-				{
-				tp=fp->type;
-				if (!nl) BIO_printf(bio_err,"\n");
-				if (tp == FUNC_TYPE_MD)
-					{
-					i=1;
-					BIO_printf(bio_err,
-						"\nMessage Digest commands (see the `dgst' command for more details)\n");
-					}
-				else if (tp == FUNC_TYPE_CIPHER)
-					{
-					i=1;
-					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
-					}
-				}
-#ifdef OPENSSL_NO_CAMELLIA
-			BIO_printf(bio_err,"%-15s",fp->name);
-#else
-			BIO_printf(bio_err,"%-18s",fp->name);
-#endif
-			}
-		BIO_printf(bio_err,"\n\n");
-		ret=0;
-		}
-end:
-	return(ret);
-	}
-
-static int SortFnByName(const void *_f1,const void *_f2)
-    {
-    const FUNCTION *f1=_f1;
-    const FUNCTION *f2=_f2;
-
-    if(f1->type != f2->type)
-	return f1->type-f2->type;
-    return strcmp(f1->name,f2->name);
-    }
-
-static void list_pkey(BIO *out)
-	{
-	int i;
-	for (i = 0; i < EVP_PKEY_asn1_get_count(); i++)
-		{
-		const EVP_PKEY_ASN1_METHOD *ameth;
-		int pkey_id, pkey_base_id, pkey_flags;
-		const char *pinfo, *pem_str;
-		ameth = EVP_PKEY_asn1_get0(i);
-		EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
-						&pinfo, &pem_str, ameth);
-		if (pkey_flags & ASN1_PKEY_ALIAS)
-			{
-			BIO_printf(out, "Name: %s\n", 
-					OBJ_nid2ln(pkey_id));
-			BIO_printf(out, "\tType: Alias to %s\n",
-					OBJ_nid2ln(pkey_base_id));
-			}
-		else
-			{
-			BIO_printf(out, "Name: %s\n", pinfo);
-			BIO_printf(out, "\tType: %s Algorithm\n", 
-				pkey_flags & ASN1_PKEY_DYNAMIC ?
-					"External" : "Builtin");
-			BIO_printf(out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
-			if (pem_str == NULL)
-				pem_str = "(none)";
-			BIO_printf(out, "\tPEM string: %s\n", pem_str);
-			}
-					
-		}
-	}
-
-static void list_cipher_fn(const EVP_CIPHER *c,
-			const char *from, const char *to, void *arg)
-	{
-	if (c)
-		BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
-	else
-		{
-		if (!from)
-			from = "<undefined>";
-		if (!to)
-			to = "<undefined>";
-		BIO_printf(arg, "%s => %s\n", from, to);
-		}
-	}
-
-static void list_cipher(BIO *out)
-	{
-	EVP_CIPHER_do_all_sorted(list_cipher_fn, out);
-	}
-
-static void list_md_fn(const EVP_MD *m,
-			const char *from, const char *to, void *arg)
-	{
-	if (m)
-		BIO_printf(arg, "%s\n", EVP_MD_name(m));
-	else
-		{
-		if (!from)
-			from = "<undefined>";
-		if (!to)
-			to = "<undefined>";
-		BIO_printf(arg, "%s => %s\n", from, to);
-		}
-	}
-
-static void list_md(BIO *out)
-	{
-	EVP_MD_do_all_sorted(list_md_fn, out);
-	}
-
-static int MS_CALLBACK function_cmp(const FUNCTION *a, const FUNCTION *b)
-	{
-	return strncmp(a->name,b->name,8);
-	}
-static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION)
-
-static unsigned long MS_CALLBACK function_hash(const FUNCTION *a)
-	{
-	return lh_strhash(a->name);
-	}	
-static IMPLEMENT_LHASH_HASH_FN(function, FUNCTION)
-
-static LHASH_OF(FUNCTION) *prog_init(void)
-	{
-	LHASH_OF(FUNCTION) *ret;
-	FUNCTION *f;
-	size_t i;
-
-	/* Purely so it looks nice when the user hits ? */
-	for(i=0,f=functions ; f->name != NULL ; ++f,++i)
-	    ;
-	qsort(functions,i,sizeof *functions,SortFnByName);
-
-	if ((ret=lh_FUNCTION_new()) == NULL)
-		return(NULL);
-
-	for (f=functions; f->name != NULL; f++)
-		(void)lh_FUNCTION_insert(ret,f);
-	return(ret);
-	}
-
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
deleted file mode 100644
index 18760c6e67..0000000000
--- a/apps/openssl.cnf
+++ /dev/null
@@ -1,350 +0,0 @@
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME			= .
-RANDFILE		= $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file		= $ENV::HOME/.oid
-oid_section		= new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions		= 
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-# Policies used by the TSA examples.
-tsa_policy1 = 1.2.3.4.1
-tsa_policy2 = 1.2.3.4.5.6
-tsa_policy3 = 1.2.3.4.5.7
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= ./demoCA		# Where everything is kept
-certs		= $dir/certs		# Where the issued certs are kept
-crl_dir		= $dir/crl		# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-#unique_subject	= no			# Set to 'no' to allow creation of
-					# several ctificates with same subject.
-new_certs_dir	= $dir/newcerts		# default place for new certs.
-
-certificate	= $dir/cacert.pem 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crlnumber	= $dir/crlnumber	# the current crl number
-					# must be commented out to leave a V1 CRL
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/cakey.pem# The private key
-RANDFILE	= $dir/private/.rand	# private random number file
-
-x509_extensions	= usr_cert		# The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt 	= ca_default		# Subject Name options
-cert_opt 	= ca_default		# Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions	= crl_ext
-
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= default		# use public key default MD
-preserve	= no			# keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy		= policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= match
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 1024
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options. 
-# default: PrintableString, T61String, BMPString.
-# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
-# utf8only: only UTF8Strings (PKIX recommendation after 2004).
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
-string_mask = utf8only
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= Some-State
-
-localityName			= Locality Name (eg, city)
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= World Wide Web Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-
-commonName			= Common Name (e.g. server FQDN or YOUR name)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 64
-
-# SET-ex3			= SET extension number 3
-
-[ req_attributes ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType			= server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment			= "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This is required for TSA certificates.
-# extendedKeyUsage = critical,timeStamping
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType			= server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment			= "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
-
-####################################################################
-[ tsa ]
-
-default_tsa = tsa_config1	# the default TSA section
-
-[ tsa_config1 ]
-
-# These are used by the TSA reply generation only.
-dir		= ./demoCA		# TSA root directory
-serial		= $dir/tsaserial	# The current serial number (mandatory)
-crypto_device	= builtin		# OpenSSL engine to use for signing
-signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
-					# (optional)
-certs		= $dir/cacert.pem	# Certificate chain to include in reply
-					# (optional)
-signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
-
-default_policy	= tsa_policy1		# Policy if request did not specify it
-					# (optional)
-other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
-digests		= md5, sha1		# Acceptable message digests (mandatory)
-accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
-clock_precision_digits  = 0	# number of digits after dot. (optional)
-ordering		= yes	# Is ordering defined for timestamps?
-				# (optional, default: no)
-tsa_name		= yes	# Must the TSA name be included in the reply?
-				# (optional, default: no)
-ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
-				# (optional, default: no)
diff --git a/apps/passwd.c b/apps/passwd.c
deleted file mode 100644
index 9ca25dd1da..0000000000
--- a/apps/passwd.c
+++ /dev/null
@@ -1,512 +0,0 @@
-/* apps/passwd.c */
-
-#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
-# define NO_MD5CRYPT_1
-#endif
-
-#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
-
-#include <assert.h>
-#include <string.h>
-
-#include "apps.h"
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_DES
-# include <openssl/des.h>
-#endif
-#ifndef NO_MD5CRYPT_1
-# include <openssl/md5.h>
-#endif
-
-
-#undef PROG
-#define PROG passwd_main
-
-
-static unsigned const char cov_2char[64]={
-	/* from crypto/des/fcrypt.c */
-	0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
-	0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
-	0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
-	0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
-	0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
-	0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
-	0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
-	0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
-};
-
-static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
-	char *passwd, BIO *out, int quiet, int table, int reverse,
-	size_t pw_maxlen, int usecrypt, int use1, int useapr1);
-
-/* -crypt        - standard Unix password algorithm (default)
- * -1            - MD5-based password algorithm
- * -apr1         - MD5-based password algorithm, Apache variant
- * -salt string  - salt
- * -in file      - read passwords from file
- * -stdin        - read passwords from stdin
- * -noverify     - never verify when reading password from terminal
- * -quiet        - no warnings
- * -table        - format output as table
- * -reverse      - switch table columns
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	int ret = 1;
-	char *infile = NULL;
-	int in_stdin = 0;
-	int in_noverify = 0;
-	char *salt = NULL, *passwd = NULL, **passwds = NULL;
-	char *salt_malloc = NULL, *passwd_malloc = NULL;
-	size_t passwd_malloc_size = 0;
-	int pw_source_defined = 0;
-	BIO *in = NULL, *out = NULL;
-	int i, badopt, opt_done;
-	int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
-	int usecrypt = 0, use1 = 0, useapr1 = 0;
-	size_t pw_maxlen = 0;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto err;
-	out = BIO_new(BIO_s_file());
-	if (out == NULL)
-		goto err;
-	BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	out = BIO_push(tmpbio, out);
-	}
-#endif
-
-	badopt = 0, opt_done = 0;
-	i = 0;
-	while (!badopt && !opt_done && argv[++i] != NULL)
-		{
-		if (strcmp(argv[i], "-crypt") == 0)
-			usecrypt = 1;
-		else if (strcmp(argv[i], "-1") == 0)
-			use1 = 1;
-		else if (strcmp(argv[i], "-apr1") == 0)
-			useapr1 = 1;
-		else if (strcmp(argv[i], "-salt") == 0)
-			{
-			if ((argv[i+1] != NULL) && (salt == NULL))
-				{
-				passed_salt = 1;
-				salt = argv[++i];
-				}
-			else
-				badopt = 1;
-			}
-		else if (strcmp(argv[i], "-in") == 0)
-			{
-			if ((argv[i+1] != NULL) && !pw_source_defined)
-				{
-				pw_source_defined = 1;
-				infile = argv[++i];
-				}
-			else
-				badopt = 1;
-			}
-		else if (strcmp(argv[i], "-stdin") == 0)
-			{
-			if (!pw_source_defined)
-				{
-				pw_source_defined = 1;
-				in_stdin = 1;
-				}
-			else
-				badopt = 1;
-			}
-		else if (strcmp(argv[i], "-noverify") == 0)
-			in_noverify = 1;
-		else if (strcmp(argv[i], "-quiet") == 0)
-			quiet = 1;
-		else if (strcmp(argv[i], "-table") == 0)
-			table = 1;
-		else if (strcmp(argv[i], "-reverse") == 0)
-			reverse = 1;
-		else if (argv[i][0] == '-')
-			badopt = 1;
-		else if (!pw_source_defined)
-			/* non-option arguments, use as passwords */
-			{
-			pw_source_defined = 1;
-			passwds = &argv[i];
-			opt_done = 1;
-			}
-		else
-			badopt = 1;
-		}
-
-	if (!usecrypt && !use1 && !useapr1) /* use default */
-		usecrypt = 1;
-	if (usecrypt + use1 + useapr1 > 1) /* conflict */
-		badopt = 1;
-
-	/* reject unsupported algorithms */
-#ifdef OPENSSL_NO_DES
-	if (usecrypt) badopt = 1;
-#endif
-#ifdef NO_MD5CRYPT_1
-	if (use1 || useapr1) badopt = 1;
-#endif
-
-	if (badopt) 
-		{
-		BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
-		BIO_printf(bio_err, "where options are\n");
-#ifndef OPENSSL_NO_DES
-		BIO_printf(bio_err, "-crypt             standard Unix password algorithm (default)\n");
-#endif
-#ifndef NO_MD5CRYPT_1
-		BIO_printf(bio_err, "-1                 MD5-based password algorithm\n");
-		BIO_printf(bio_err, "-apr1              MD5-based password algorithm, Apache variant\n");
-#endif
-		BIO_printf(bio_err, "-salt string       use provided salt\n");
-		BIO_printf(bio_err, "-in file           read passwords from file\n");
-		BIO_printf(bio_err, "-stdin             read passwords from stdin\n");
-		BIO_printf(bio_err, "-noverify          never verify when reading password from terminal\n");
-		BIO_printf(bio_err, "-quiet             no warnings\n");
-		BIO_printf(bio_err, "-table             format output as table\n");
-		BIO_printf(bio_err, "-reverse           switch table columns\n");
-		
-		goto err;
-		}
-
-	if ((infile != NULL) || in_stdin)
-		{
-		in = BIO_new(BIO_s_file());
-		if (in == NULL)
-			goto err;
-		if (infile != NULL)
-			{
-			assert(in_stdin == 0);
-			if (BIO_read_filename(in, infile) <= 0)
-				goto err;
-			}
-		else
-			{
-			assert(in_stdin);
-			BIO_set_fp(in, stdin, BIO_NOCLOSE);
-			}
-		}
-	
-	if (usecrypt)
-		pw_maxlen = 8;
-	else if (use1 || useapr1)
-		pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
-
-	if (passwds == NULL)
-		{
-		/* no passwords on the command line */
-
-		passwd_malloc_size = pw_maxlen + 2;
-		/* longer than necessary so that we can warn about truncation */
-		passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
-		if (passwd_malloc == NULL)
-			goto err;
-		}
-
-	if ((in == NULL) && (passwds == NULL))
-		{
-		/* build a null-terminated list */
-		static char *passwds_static[2] = {NULL, NULL};
-		
-		passwds = passwds_static;
-		if (in == NULL)
-			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
-				goto err;
-		passwds[0] = passwd_malloc;
-		}
-
-	if (in == NULL)
-		{
-		assert(passwds != NULL);
-		assert(*passwds != NULL);
-		
-		do /* loop over list of passwords */
-			{
-			passwd = *passwds++;
-			if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
-				quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
-				goto err;
-			}
-		while (*passwds != NULL);
-		}
-	else
-		/* in != NULL */
-		{
-		int done;
-
-		assert (passwd != NULL);
-		do
-			{
-			int r = BIO_gets(in, passwd, pw_maxlen + 1);
-			if (r > 0)
-				{
-				char *c = (strchr(passwd, '\n')) ;
-				if (c != NULL)
-					*c = 0; /* truncate at newline */
-				else
-					{
-					/* ignore rest of line */
-					char trash[BUFSIZ];
-					do
-						r = BIO_gets(in, trash, sizeof trash);
-					while ((r > 0) && (!strchr(trash, '\n')));
-					}
-				
-				if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
-					quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
-					goto err;
-				}
-			done = (r <= 0);
-			}
-		while (!done);
-		}
-	ret = 0;
-
-err:
-	ERR_print_errors(bio_err);
-	if (salt_malloc)
-		OPENSSL_free(salt_malloc);
-	if (passwd_malloc)
-		OPENSSL_free(passwd_malloc);
-	if (in)
-		BIO_free(in);
-	if (out)
-		BIO_free_all(out);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-
-#ifndef NO_MD5CRYPT_1
-/* MD5-based password algorithm (should probably be available as a library
- * function; then the static buffer would not be acceptable).
- * For magic string "1", this should be compatible to the MD5-based BSD
- * password algorithm.
- * For 'magic' string "apr1", this is compatible to the MD5-based Apache
- * password algorithm.
- * (Apparently, the Apache password algorithm is identical except that the
- * 'magic' string was changed -- the laziest application of the NIH principle
- * I've ever encountered.)
- */
-static char *md5crypt(const char *passwd, const char *magic, const char *salt)
-	{
-	static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
-	unsigned char buf[MD5_DIGEST_LENGTH];
-	char *salt_out;
-	int n;
-	unsigned int i;
-	EVP_MD_CTX md,md2;
-	size_t passwd_len, salt_len;
-
-	passwd_len = strlen(passwd);
-	out_buf[0] = '$';
-	out_buf[1] = 0;
-	assert(strlen(magic) <= 4); /* "1" or "apr1" */
-	strncat(out_buf, magic, 4);
-	strncat(out_buf, "$", 1);
-	strncat(out_buf, salt, 8);
-	assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
-	salt_out = out_buf + 2 + strlen(magic);
-	salt_len = strlen(salt_out);
-	assert(salt_len <= 8);
-	
-	EVP_MD_CTX_init(&md);
-	EVP_DigestInit_ex(&md,EVP_md5(), NULL);
-	EVP_DigestUpdate(&md, passwd, passwd_len);
-	EVP_DigestUpdate(&md, "$", 1);
-	EVP_DigestUpdate(&md, magic, strlen(magic));
-	EVP_DigestUpdate(&md, "$", 1);
-	EVP_DigestUpdate(&md, salt_out, salt_len);
-	
-	EVP_MD_CTX_init(&md2);
-	EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
-	EVP_DigestUpdate(&md2, passwd, passwd_len);
-	EVP_DigestUpdate(&md2, salt_out, salt_len);
-	EVP_DigestUpdate(&md2, passwd, passwd_len);
-	EVP_DigestFinal_ex(&md2, buf, NULL);
-
-	for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
-		EVP_DigestUpdate(&md, buf, sizeof buf);
-	EVP_DigestUpdate(&md, buf, i);
-	
-	n = passwd_len;
-	while (n)
-		{
-		EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
-		n >>= 1;
-		}
-	EVP_DigestFinal_ex(&md, buf, NULL);
-
-	for (i = 0; i < 1000; i++)
-		{
-		EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
-		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,
-		                       (i & 1) ? passwd_len : sizeof buf);
-		if (i % 3)
-			EVP_DigestUpdate(&md2, salt_out, salt_len);
-		if (i % 7)
-			EVP_DigestUpdate(&md2, passwd, passwd_len);
-		EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd,
-		                       (i & 1) ? sizeof buf : passwd_len);
-		EVP_DigestFinal_ex(&md2, buf, NULL);
-		}
-	EVP_MD_CTX_cleanup(&md2);
-	
-	 {
-		/* transform buf into output string */
-	
-		unsigned char buf_perm[sizeof buf];
-		int dest, source;
-		char *output;
-
-		/* silly output permutation */
-		for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17)
-			buf_perm[dest] = buf[source];
-		buf_perm[14] = buf[5];
-		buf_perm[15] = buf[11];
-#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */
-		assert(16 == sizeof buf_perm);
-#endif
-		
-		output = salt_out + salt_len;
-		assert(output == out_buf + strlen(out_buf));
-		
-		*output++ = '$';
-
-		for (i = 0; i < 15; i += 3)
-			{
-			*output++ = cov_2char[buf_perm[i+2] & 0x3f];
-			*output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) |
-				                  (buf_perm[i+2] >> 6)];
-			*output++ = cov_2char[((buf_perm[i] & 3) << 4) |
-				                  (buf_perm[i+1] >> 4)];
-			*output++ = cov_2char[buf_perm[i] >> 2];
-			}
-		assert(i == 15);
-		*output++ = cov_2char[buf_perm[i] & 0x3f];
-		*output++ = cov_2char[buf_perm[i] >> 6];
-		*output = 0;
-		assert(strlen(out_buf) < sizeof(out_buf));
-	 }
-	EVP_MD_CTX_cleanup(&md);
-
-	return out_buf;
-	}
-#endif
-
-
-static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
-	char *passwd, BIO *out,	int quiet, int table, int reverse,
-	size_t pw_maxlen, int usecrypt, int use1, int useapr1)
-	{
-	char *hash = NULL;
-
-	assert(salt_p != NULL);
-	assert(salt_malloc_p != NULL);
-
-	/* first make sure we have a salt */
-	if (!passed_salt)
-		{
-#ifndef OPENSSL_NO_DES
-		if (usecrypt)
-			{
-			if (*salt_malloc_p == NULL)
-				{
-				*salt_p = *salt_malloc_p = OPENSSL_malloc(3);
-				if (*salt_malloc_p == NULL)
-					goto err;
-				}
-			if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
-				goto err;
-			(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
-			(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
-			(*salt_p)[2] = 0;
-#ifdef CHARSET_EBCDIC
-			ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert
-			                                    * back to ASCII */
-#endif
-			}
-#endif /* !OPENSSL_NO_DES */
-
-#ifndef NO_MD5CRYPT_1
-		if (use1 || useapr1)
-			{
-			int i;
-			
-			if (*salt_malloc_p == NULL)
-				{
-				*salt_p = *salt_malloc_p = OPENSSL_malloc(9);
-				if (*salt_malloc_p == NULL)
-					goto err;
-				}
-			if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
-				goto err;
-			
-			for (i = 0; i < 8; i++)
-				(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
-			(*salt_p)[8] = 0;
-			}
-#endif /* !NO_MD5CRYPT_1 */
-		}
-	
-	assert(*salt_p != NULL);
-	
-	/* truncate password if necessary */
-	if ((strlen(passwd) > pw_maxlen))
-		{
-		if (!quiet)
-			/* XXX: really we should know how to print a size_t, not cast it */
-			BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen);
-		passwd[pw_maxlen] = 0;
-		}
-	assert(strlen(passwd) <= pw_maxlen);
-	
-	/* now compute password hash */
-#ifndef OPENSSL_NO_DES
-	if (usecrypt)
-		hash = DES_crypt(passwd, *salt_p);
-#endif
-#ifndef NO_MD5CRYPT_1
-	if (use1 || useapr1)
-		hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
-#endif
-	assert(hash != NULL);
-
-	if (table && !reverse)
-		BIO_printf(out, "%s\t%s\n", passwd, hash);
-	else if (table && reverse)
-		BIO_printf(out, "%s\t%s\n", hash, passwd);
-	else
-		BIO_printf(out, "%s\n", hash);
-	return 1;
-	
-err:
-	return 0;
-	}
-#else
-
-int MAIN(int argc, char **argv)
-	{
-	fputs("Program not available.\n", stderr)
-	OPENSSL_EXIT(1);
-	}
-#endif
diff --git a/apps/pca-cert.srl b/apps/pca-cert.srl
deleted file mode 100644
index 2c7456e3eb..0000000000
--- a/apps/pca-cert.srl
+++ /dev/null
@@ -1 +0,0 @@
-07
diff --git a/apps/pca-key.pem b/apps/pca-key.pem
deleted file mode 100644
index 20029ab779..0000000000
--- a/apps/pca-key.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
-wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
-vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
-AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
-z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
-xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
-HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
-yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
-xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
-7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
-h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
-QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
-hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
------END RSA PRIVATE KEY-----
diff --git a/apps/pca-req.pem b/apps/pca-req.pem
deleted file mode 100644
index 33f155337b..0000000000
--- a/apps/pca-req.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBmjCCAQMCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
-GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAo
-MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfj
-Irkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUX
-MRsp22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3
-vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEzz
-IG8NnfpnPTQSCN5zJhOfy6p9AcDyQzuJirYv1HR/qoYWalPh/U2uiK0lAim7qMcv
-wOlK3I7A8B7/4dLqvIqgtUj9b1WT8zIrnwdvJI4osLI2BY+c1pVlp174DHLMol1L
-Cl1e3N5BTm7lCitTYjuUhsw6hiA8IcdNKDo6sktV
------END CERTIFICATE REQUEST-----
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
deleted file mode 100644
index 4d62a7b8ca..0000000000
--- a/apps/pkcs12.c
+++ /dev/null
@@ -1,984 +0,0 @@
-/* pkcs12.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-
-#define PROG pkcs12_main
-
-const EVP_CIPHER *enc;
-
-
-#define NOKEYS		0x1
-#define NOCERTS 	0x2
-#define INFO		0x4
-#define CLCERTS		0x8
-#define CACERTS		0x10
-
-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
-			  int passlen, int options, char *pempass);
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
-void hex_prin(BIO *out, unsigned char *buf, int len);
-int alg_print(BIO *x, X509_ALGOR *alg);
-int cert_load(BIO *in, STACK_OF(X509) *sk);
-static int set_pbe(BIO *err, int *ppbe, const char *str);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-    ENGINE *e = NULL;
-    char *infile=NULL, *outfile=NULL, *keyname = NULL;	
-    char *certfile=NULL;
-    BIO *in=NULL, *out = NULL;
-    char **args;
-    char *name = NULL;
-    char *csp_name = NULL;
-    int add_lmk = 0;
-    PKCS12 *p12 = NULL;
-    char pass[50], macpass[50];
-    int export_cert = 0;
-    int options = 0;
-    int chain = 0;
-    int badarg = 0;
-    int iter = PKCS12_DEFAULT_ITER;
-    int maciter = PKCS12_DEFAULT_ITER;
-    int twopass = 0;
-    int keytype = 0;
-    int cert_pbe;
-    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-    int ret = 1;
-    int macver = 1;
-    int noprompt = 0;
-    STACK_OF(OPENSSL_STRING) *canames = NULL;
-    char *cpass = NULL, *mpass = NULL;
-    char *passargin = NULL, *passargout = NULL, *passarg = NULL;
-    char *passin = NULL, *passout = NULL;
-    char *inrand = NULL;
-    char *macalg = NULL;
-    char *CApath = NULL, *CAfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
-    char *engine=NULL;
-#endif
-
-    apps_startup();
-
-#ifdef OPENSSL_FIPS
-    if (FIPS_mode())
-	cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-    else
-#endif
-    cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-
-    enc = EVP_des_ede3_cbc();
-    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-    args = argv + 1;
-
-
-    while (*args) {
-	if (*args[0] == '-') {
-		if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
-		else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
-		else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
-		else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
-		else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
-		else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
-		else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
-		else if (!strcmp (*args, "-info")) options |= INFO;
-		else if (!strcmp (*args, "-chain")) chain = 1;
-		else if (!strcmp (*args, "-twopass")) twopass = 1;
-		else if (!strcmp (*args, "-nomacver")) macver = 0;
-		else if (!strcmp (*args, "-descert"))
-    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-		else if (!strcmp (*args, "-export")) export_cert = 1;
-		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
-		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
-#ifndef OPENSSL_NO_IDEA
-		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
-#endif
-#ifndef OPENSSL_NO_SEED
-		else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
-		else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
-		else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
-		else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-		else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
-		else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
-		else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
-#endif
-		else if (!strcmp (*args, "-noiter")) iter = 1;
-		else if (!strcmp (*args, "-maciter"))
-					 maciter = PKCS12_DEFAULT_ITER;
-		else if (!strcmp (*args, "-nomaciter"))
-					 maciter = 1;
-		else if (!strcmp (*args, "-nomac"))
-					 maciter = -1;
-		else if (!strcmp (*args, "-macalg"))
-		    if (args[1]) {
-			args++;	
-			macalg = *args;
-		    } else badarg = 1;
-		else if (!strcmp (*args, "-nodes")) enc=NULL;
-		else if (!strcmp (*args, "-certpbe")) {
-			if (!set_pbe(bio_err, &cert_pbe, *++args))
-				badarg = 1;
-		} else if (!strcmp (*args, "-keypbe")) {
-			if (!set_pbe(bio_err, &key_pbe, *++args))
-				badarg = 1;
-		} else if (!strcmp (*args, "-rand")) {
-		    if (args[1]) {
-			args++;	
-			inrand = *args;
-		    } else badarg = 1;
-		} else if (!strcmp (*args, "-inkey")) {
-		    if (args[1]) {
-			args++;	
-			keyname = *args;
-		    } else badarg = 1;
-		} else if (!strcmp (*args, "-certfile")) {
-		    if (args[1]) {
-			args++;	
-			certfile = *args;
-		    } else badarg = 1;
-		} else if (!strcmp (*args, "-name")) {
-		    if (args[1]) {
-			args++;	
-			name = *args;
-		    } else badarg = 1;
-		} else if (!strcmp (*args, "-LMK"))
-			add_lmk = 1;
-		else if (!strcmp (*args, "-CSP")) {
-		    if (args[1]) {
-			args++;	
-			csp_name = *args;
-		    } else badarg = 1;
-		} else if (!strcmp (*args, "-caname")) {
-		    if (args[1]) {
-			args++;	
-			if (!canames) canames = sk_OPENSSL_STRING_new_null();
-			sk_OPENSSL_STRING_push(canames, *args);
-		    } else badarg = 1;
-		} else if (!strcmp (*args, "-in")) {
-		    if (args[1]) {
-			args++;	
-			infile = *args;
-		    } else badarg = 1;
-		} else if (!strcmp (*args, "-out")) {
-		    if (args[1]) {
-			args++;	
-			outfile = *args;
-		    } else badarg = 1;
-		} else if (!strcmp(*args,"-passin")) {
-		    if (args[1]) {
-			args++;	
-			passargin = *args;
-		    } else badarg = 1;
-		} else if (!strcmp(*args,"-passout")) {
-		    if (args[1]) {
-			args++;	
-			passargout = *args;
-		    } else badarg = 1;
-		} else if (!strcmp (*args, "-password")) {
-		    if (args[1]) {
-			args++;	
-			passarg = *args;
-		    	noprompt = 1;
-		    } else badarg = 1;
-		} else if (!strcmp(*args,"-CApath")) {
-		    if (args[1]) {
-			args++;	
-			CApath = *args;
-		    } else badarg = 1;
-		} else if (!strcmp(*args,"-CAfile")) {
-		    if (args[1]) {
-			args++;	
-			CAfile = *args;
-		    } else badarg = 1;
-#ifndef OPENSSL_NO_ENGINE
-		} else if (!strcmp(*args,"-engine")) {
-		    if (args[1]) {
-			args++;	
-			engine = *args;
-		    } else badarg = 1;
-#endif
-		} else badarg = 1;
-
-	} else badarg = 1;
-	args++;
-    }
-
-    if (badarg) {
-	BIO_printf (bio_err, "Usage: pkcs12 [options]\n");
-	BIO_printf (bio_err, "where options are\n");
-	BIO_printf (bio_err, "-export       output PKCS12 file\n");
-	BIO_printf (bio_err, "-chain        add certificate chain\n");
-	BIO_printf (bio_err, "-inkey file   private key if not infile\n");
-	BIO_printf (bio_err, "-certfile f   add all certs in f\n");
-	BIO_printf (bio_err, "-CApath arg   - PEM format directory of CA's\n");
-	BIO_printf (bio_err, "-CAfile arg   - PEM format file of CA's\n");
-	BIO_printf (bio_err, "-name \"name\"  use name as friendly name\n");
-	BIO_printf (bio_err, "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
-	BIO_printf (bio_err, "-in  infile   input filename\n");
-	BIO_printf (bio_err, "-out outfile  output filename\n");
-	BIO_printf (bio_err, "-noout        don't output anything, just verify.\n");
-	BIO_printf (bio_err, "-nomacver     don't verify MAC.\n");
-	BIO_printf (bio_err, "-nocerts      don't output certificates.\n");
-	BIO_printf (bio_err, "-clcerts      only output client certificates.\n");
-	BIO_printf (bio_err, "-cacerts      only output CA certificates.\n");
-	BIO_printf (bio_err, "-nokeys       don't output private keys.\n");
-	BIO_printf (bio_err, "-info         give info about PKCS#12 structure.\n");
-	BIO_printf (bio_err, "-des          encrypt private keys with DES\n");
-	BIO_printf (bio_err, "-des3         encrypt private keys with triple DES (default)\n");
-#ifndef OPENSSL_NO_IDEA
-	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
-#endif
-#ifndef OPENSSL_NO_SEED
-	BIO_printf (bio_err, "-seed         encrypt private keys with seed\n");
-#endif
-#ifndef OPENSSL_NO_AES
-	BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
-	BIO_printf (bio_err, "              encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-	BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
-	BIO_printf (bio_err, "              encrypt PEM output with cbc camellia\n");
-#endif
-	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
-	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
-	BIO_printf (bio_err, "-nomaciter    don't use MAC iteration\n");
-	BIO_printf (bio_err, "-maciter      use MAC iteration\n");
-	BIO_printf (bio_err, "-nomac        don't generate MAC\n");
-	BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");
-	BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
-	BIO_printf (bio_err, "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
-	BIO_printf (bio_err, "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");
-	BIO_printf (bio_err, "-macalg alg   digest algorithm used in MAC (default SHA1)\n");
-	BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
-	BIO_printf (bio_err, "-keysig       set MS key signature type\n");
-	BIO_printf (bio_err, "-password p   set import/export password source\n");
-	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
-	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
-#ifndef OPENSSL_NO_ENGINE
-	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
-#endif
-	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
-	BIO_printf(bio_err,  "              the random number generator\n");
-	BIO_printf(bio_err,  "-CSP name     Microsoft CSP name\n");
-	BIO_printf(bio_err,  "-LMK          Add local machine keyset attribute to private key\n");
-    	goto end;
-    }
-
-#ifndef OPENSSL_NO_ENGINE
-    e = setup_engine(bio_err, engine, 0);
-#endif
-
-    if(passarg) {
-	if(export_cert) passargout = passarg;
-	else passargin = passarg;
-    }
-
-    if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
-	BIO_printf(bio_err, "Error getting passwords\n");
-	goto end;
-    }
-
-    if(!cpass) {
-    	if(export_cert) cpass = passout;
-    	else cpass = passin;
-    }
-
-    if(cpass) {
-	mpass = cpass;
-	noprompt = 1;
-    } else {
-	cpass = pass;
-	mpass = macpass;
-    }
-
-    if(export_cert || inrand) {
-    	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-        if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
-    }
-    ERR_load_crypto_strings();
-
-#ifdef CRYPTO_MDEBUG
-    CRYPTO_push_info("read files");
-#endif
-
-    if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
-    else in = BIO_new_file(infile, "rb");
-    if (!in) {
-	    BIO_printf(bio_err, "Error opening input file %s\n",
-						infile ? infile : "<stdin>");
-	    perror (infile);
-	    goto end;
-   }
-
-#ifdef CRYPTO_MDEBUG
-    CRYPTO_pop_info();
-    CRYPTO_push_info("write files");
-#endif
-
-    if (!outfile) {
-	out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-	{
-	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	    out = BIO_push(tmpbio, out);
-	}
-#endif
-    } else out = BIO_new_file(outfile, "wb");
-    if (!out) {
-	BIO_printf(bio_err, "Error opening output file %s\n",
-						outfile ? outfile : "<stdout>");
-	perror (outfile);
-	goto end;
-    }
-    if (twopass) {
-#ifdef CRYPTO_MDEBUG
-    CRYPTO_push_info("read MAC password");
-#endif
-	if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
-	{
-    	    BIO_printf (bio_err, "Can't read Password\n");
-    	    goto end;
-       	}
-#ifdef CRYPTO_MDEBUG
-    CRYPTO_pop_info();
-#endif
-    }
-
-    if (export_cert) {
-	EVP_PKEY *key = NULL;
-	X509 *ucert = NULL, *x = NULL;
-	STACK_OF(X509) *certs=NULL;
-	const EVP_MD *macmd = NULL;
-	unsigned char *catmp = NULL;
-	int i;
-
-	if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
-		{	
-		BIO_printf(bio_err, "Nothing to do!\n");
-		goto export_end;
-		}
-
-	if (options & NOCERTS)
-		chain = 0;
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_push_info("process -export_cert");
-	CRYPTO_push_info("reading private key");
-#endif
-	if (!(options & NOKEYS))
-		{
-		key = load_key(bio_err, keyname ? keyname : infile,
-				FORMAT_PEM, 1, passin, e, "private key");
-		if (!key)
-			goto export_end;
-		}
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("reading certs from input");
-#endif
-
-	/* Load in all certs in input file */
-	if(!(options & NOCERTS))
-		{
-		certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
-							"certificates");
-		if (!certs)
-			goto export_end;
-
-		if (key)
-			{
-			/* Look for matching private key */
-			for(i = 0; i < sk_X509_num(certs); i++)
-				{
-				x = sk_X509_value(certs, i);
-				if(X509_check_private_key(x, key))
-					{
-					ucert = x;
-					/* Zero keyid and alias */
-					X509_keyid_set1(ucert, NULL, 0);
-					X509_alias_set1(ucert, NULL, 0);
-					/* Remove from list */
-					(void)sk_X509_delete(certs, i);
-					break;
-					}
-				}
-			if (!ucert)
-				{
-				BIO_printf(bio_err, "No certificate matches private key\n");
-				goto export_end;
-				}
-			}
-
-		}
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("reading certs from input 2");
-#endif
-
-	/* Add any more certificates asked for */
-	if(certfile)
-		{
-		STACK_OF(X509) *morecerts=NULL;
-		if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
-					    NULL, e,
-					    "certificates from certfile")))
-			goto export_end;
-		while(sk_X509_num(morecerts) > 0)
-			sk_X509_push(certs, sk_X509_shift(morecerts));
-		sk_X509_free(morecerts);
- 		}
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("reading certs from certfile");
-#endif
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("building chain");
-#endif
-
-	/* If chaining get chain from user cert */
-	if (chain) {
-        	int vret;
-		STACK_OF(X509) *chain2;
-		X509_STORE *store = X509_STORE_new();
-		if (!store)
-			{
-			BIO_printf (bio_err, "Memory allocation error\n");
-			goto export_end;
-			}
-		if (!X509_STORE_load_locations(store, CAfile, CApath))
-			X509_STORE_set_default_paths (store);
-
-		vret = get_cert_chain (ucert, store, &chain2);
-		X509_STORE_free(store);
-
-		if (!vret) {
-		    /* Exclude verified certificate */
-		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
-			sk_X509_push(certs, sk_X509_value (chain2, i));
-		    /* Free first certificate */
-		    X509_free(sk_X509_value(chain2, 0));
-		    sk_X509_free(chain2);
-		} else {
-			if (vret >= 0)
-				BIO_printf (bio_err, "Error %s getting chain.\n",
-					X509_verify_cert_error_string(vret));
-			else
-				ERR_print_errors(bio_err);
-			goto export_end;
-		}			
-    	}
-
-	/* Add any CA names */
-
-	for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++)
-		{
-		catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
-		X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
-		}
-
-	if (csp_name && key)
-		EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
-				MBSTRING_ASC, (unsigned char *)csp_name, -1);
-
-	if (add_lmk && key)
-		EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("reading password");
-#endif
-
-	if(!noprompt &&
-		EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
-		{
-	    	BIO_printf (bio_err, "Can't read Password\n");
-	    	goto export_end;
-        	}
-	if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("creating PKCS#12 structure");
-#endif
-
-	p12 = PKCS12_create(cpass, name, key, ucert, certs,
-				key_pbe, cert_pbe, iter, -1, keytype);
-
-	if (!p12)
-		{
-	    	ERR_print_errors (bio_err);
-		goto export_end;
-		}
-
-	if (macalg)
-		{
-		macmd = EVP_get_digestbyname(macalg);
-		if (!macmd)
-			{
-			BIO_printf(bio_err, "Unknown digest algorithm %s\n", 
-						macalg);
-			}
-		}
-
-	if (maciter != -1)
-		PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_push_info("writing pkcs12");
-#endif
-
-	i2d_PKCS12_bio(out, p12);
-
-	ret = 0;
-
-    export_end:
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-	CRYPTO_pop_info();
-	CRYPTO_push_info("process -export_cert: freeing");
-#endif
-
-	if (key) EVP_PKEY_free(key);
-	if (certs) sk_X509_pop_free(certs, X509_free);
-	if (ucert) X509_free(ucert);
-
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-#endif
-	goto end;
-	
-    }
-
-    if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
-	ERR_print_errors(bio_err);
-	goto end;
-    }
-
-#ifdef CRYPTO_MDEBUG
-    CRYPTO_push_info("read import password");
-#endif
-    if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
-	BIO_printf (bio_err, "Can't read Password\n");
-	goto end;
-    }
-#ifdef CRYPTO_MDEBUG
-    CRYPTO_pop_info();
-#endif
-
-    if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
-
-    if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
-    if(macver) {
-#ifdef CRYPTO_MDEBUG
-    CRYPTO_push_info("verify MAC");
-#endif
-	/* If we enter empty password try no password first */
-	if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
-		/* If mac and crypto pass the same set it to NULL too */
-		if(!twopass) cpass = NULL;
-	} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
-	    BIO_printf (bio_err, "Mac verify error: invalid password?\n");
-	    ERR_print_errors (bio_err);
-	    goto end;
-	}
-	BIO_printf (bio_err, "MAC verified OK\n");
-#ifdef CRYPTO_MDEBUG
-    CRYPTO_pop_info();
-#endif
-    }
-
-#ifdef CRYPTO_MDEBUG
-    CRYPTO_push_info("output keys and certificates");
-#endif
-    if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) {
-	BIO_printf(bio_err, "Error outputting keys and certificates\n");
-	ERR_print_errors (bio_err);
-	goto end;
-    }
-#ifdef CRYPTO_MDEBUG
-    CRYPTO_pop_info();
-#endif
-    ret = 0;
- end:
-    if (p12) PKCS12_free(p12);
-    if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
-#ifdef CRYPTO_MDEBUG
-    CRYPTO_remove_all_info();
-#endif
-    BIO_free(in);
-    BIO_free_all(out);
-    if (canames) sk_OPENSSL_STRING_free(canames);
-    if(passin) OPENSSL_free(passin);
-    if(passout) OPENSSL_free(passout);
-    apps_shutdown();
-    OPENSSL_EXIT(ret);
-}
-
-int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
-	     int passlen, int options, char *pempass)
-{
-	STACK_OF(PKCS7) *asafes = NULL;
-	STACK_OF(PKCS12_SAFEBAG) *bags;
-	int i, bagnid;
-	int ret = 0;
-	PKCS7 *p7;
-
-	if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
-	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
-		p7 = sk_PKCS7_value (asafes, i);
-		bagnid = OBJ_obj2nid (p7->type);
-		if (bagnid == NID_pkcs7_data) {
-			bags = PKCS12_unpack_p7data(p7);
-			if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
-		} else if (bagnid == NID_pkcs7_encrypted) {
-			if (options & INFO) {
-				BIO_printf(bio_err, "PKCS7 Encrypted data: ");
-				alg_print(bio_err, 
-					p7->d.encrypted->enc_data->algorithm);
-			}
-			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
-		} else continue;
-		if (!bags) goto err;
-	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
-						 options, pempass)) {
-			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
-			goto err;
-		}
-		sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
-		bags = NULL;
-	}
-	ret = 1;
-
-	err:
-
-	if (asafes)
-		sk_PKCS7_pop_free (asafes, PKCS7_free);
-	return ret;
-}
-
-int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
-			   char *pass, int passlen, int options, char *pempass)
-{
-	int i;
-	for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
-		if (!dump_certs_pkeys_bag (out,
-					   sk_PKCS12_SAFEBAG_value (bags, i),
-					   pass, passlen,
-					   options, pempass))
-		    return 0;
-	}
-	return 1;
-}
-
-int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
-	     int passlen, int options, char *pempass)
-{
-	EVP_PKEY *pkey;
-	PKCS8_PRIV_KEY_INFO *p8;
-	X509 *x509;
-	
-	switch (M_PKCS12_bag_type(bag))
-	{
-	case NID_keyBag:
-		if (options & INFO) BIO_printf (bio_err, "Key bag\n");
-		if (options & NOKEYS) return 1;
-		print_attribs (out, bag->attrib, "Bag Attributes");
-		p8 = bag->value.keybag;
-		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
-		print_attribs (out, p8->attributes, "Key Attributes");
-		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
-		EVP_PKEY_free(pkey);
-	break;
-
-	case NID_pkcs8ShroudedKeyBag:
-		if (options & INFO) {
-			BIO_printf (bio_err, "Shrouded Keybag: ");
-			alg_print (bio_err, bag->value.shkeybag->algor);
-		}
-		if (options & NOKEYS) return 1;
-		print_attribs (out, bag->attrib, "Bag Attributes");
-		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
-				return 0;
-		if (!(pkey = EVP_PKCS82PKEY (p8))) {
-			PKCS8_PRIV_KEY_INFO_free(p8);
-			return 0;
-		}
-		print_attribs (out, p8->attributes, "Key Attributes");
-		PKCS8_PRIV_KEY_INFO_free(p8);
-		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
-		EVP_PKEY_free(pkey);
-	break;
-
-	case NID_certBag:
-		if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
-		if (options & NOCERTS) return 1;
-                if (PKCS12_get_attr(bag, NID_localKeyID)) {
-			if (options & CACERTS) return 1;
-		} else if (options & CLCERTS) return 1;
-		print_attribs (out, bag->attrib, "Bag Attributes");
-		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
-								 return 1;
-		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
-		dump_cert_text (out, x509);
-		PEM_write_bio_X509 (out, x509);
-		X509_free(x509);
-	break;
-
-	case NID_safeContentsBag:
-		if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
-		print_attribs (out, bag->attrib, "Bag Attributes");
-		return dump_certs_pkeys_bags (out, bag->value.safes, pass,
-							    passlen, options, pempass);
-					
-	default:
-		BIO_printf (bio_err, "Warning unsupported bag type: ");
-		i2a_ASN1_OBJECT (bio_err, bag->type);
-		BIO_printf (bio_err, "\n");
-		return 1;
-	break;
-	}
-	return 1;
-}
-
-/* Given a single certificate return a verified chain or NULL if error */
-
-/* Hope this is OK .... */
-
-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
-{
-	X509_STORE_CTX store_ctx;
-	STACK_OF(X509) *chn;
-	int i = 0;
-
-	/* FIXME: Should really check the return status of X509_STORE_CTX_init
-	 * for an error, but how that fits into the return value of this
-	 * function is less obvious. */
-	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
-	if (X509_verify_cert(&store_ctx) <= 0) {
-		i = X509_STORE_CTX_get_error (&store_ctx);
-		if (i == 0)
-			/* avoid returning 0 if X509_verify_cert() did not
-			 * set an appropriate error value in the context */
-			i = -1;
-		chn = NULL;
-		goto err;
-	} else
-		chn = X509_STORE_CTX_get1_chain(&store_ctx);
-err:
-	X509_STORE_CTX_cleanup(&store_ctx);
-	*chain = chn;
-	
-	return i;
-}	
-
-int alg_print (BIO *x, X509_ALGOR *alg)
-{
-	PBEPARAM *pbe;
-	const unsigned char *p;
-	p = alg->parameter->value.sequence->data;
-	pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
-	if (!pbe)
-		return 1;
-	BIO_printf (bio_err, "%s, Iteration %ld\n", 
-		OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
-		ASN1_INTEGER_get(pbe->iter));
-	PBEPARAM_free (pbe);
-	return 1;
-}
-
-/* Load all certificates from a given file */
-
-int cert_load(BIO *in, STACK_OF(X509) *sk)
-{
-	int ret;
-	X509 *cert;
-	ret = 0;
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_push_info("cert_load(): reading one cert");
-#endif
-	while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_pop_info();
-#endif
-		ret = 1;
-		sk_X509_push(sk, cert);
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_push_info("cert_load(): reading one cert");
-#endif
-	}
-#ifdef CRYPTO_MDEBUG
-	CRYPTO_pop_info();
-#endif
-	if(ret) ERR_clear_error();
-	return ret;
-}
-
-/* Generalised attribute print: handle PKCS#8 and bag attributes */
-
-int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
-{
-	X509_ATTRIBUTE *attr;
-	ASN1_TYPE *av;
-	char *value;
-	int i, attr_nid;
-	if(!attrlst) {
-		BIO_printf(out, "%s: <No Attributes>\n", name);
-		return 1;
-	}
-	if(!sk_X509_ATTRIBUTE_num(attrlst)) {
-		BIO_printf(out, "%s: <Empty Attributes>\n", name);
-		return 1;
-	}
-	BIO_printf(out, "%s\n", name);
-	for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
-		attr = sk_X509_ATTRIBUTE_value(attrlst, i);
-		attr_nid = OBJ_obj2nid(attr->object);
-		BIO_printf(out, "    ");
-		if(attr_nid == NID_undef) {
-			i2a_ASN1_OBJECT (out, attr->object);
-			BIO_printf(out, ": ");
-		} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
-
-		if(sk_ASN1_TYPE_num(attr->value.set)) {
-			av = sk_ASN1_TYPE_value(attr->value.set, 0);
-			switch(av->type) {
-				case V_ASN1_BMPSTRING:
-        			value = OPENSSL_uni2asc(av->value.bmpstring->data,
-                                	       av->value.bmpstring->length);
-				BIO_printf(out, "%s\n", value);
-				OPENSSL_free(value);
-				break;
-
-				case V_ASN1_OCTET_STRING:
-				hex_prin(out, av->value.octet_string->data,
-					av->value.octet_string->length);
-				BIO_printf(out, "\n");	
-				break;
-
-				case V_ASN1_BIT_STRING:
-				hex_prin(out, av->value.bit_string->data,
-					av->value.bit_string->length);
-				BIO_printf(out, "\n");	
-				break;
-
-				default:
-					BIO_printf(out, "<Unsupported tag %d>\n", av->type);
-				break;
-			}
-		} else BIO_printf(out, "<No Values>\n");
-	}
-	return 1;
-}
-
-void hex_prin(BIO *out, unsigned char *buf, int len)
-{
-	int i;
-	for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
-}
-
-static int set_pbe(BIO *err, int *ppbe, const char *str)
-	{
-	if (!str)
-		return 0;
-	if (!strcmp(str, "NONE"))
-		{
-		*ppbe = -1;
-		return 1;
-		}
-	*ppbe=OBJ_txt2nid(str);
-	if (*ppbe == NID_undef)
-		{
-		BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
-		return 0;
-		}
-	return 1;
-	}
-			
-#endif
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
deleted file mode 100644
index ae6cd33f73..0000000000
--- a/apps/pkcs7.c
+++ /dev/null
@@ -1,320 +0,0 @@
-/* apps/pkcs7.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	pkcs7_main
-
-/* -inform arg	- input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg	- input file - default stdin
- * -out arg	- output file - default stdout
- * -print_certs
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	PKCS7 *p7=NULL;
-	int i,badops=0;
-	BIO *in=NULL,*out=NULL;
-	int informat,outformat;
-	char *infile,*outfile,*prog;
-	int print_certs=0,text=0,noout=0,p7_print=0;
-	int ret=1;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	infile=NULL;
-	outfile=NULL;
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-noout") == 0)
-			noout=1;
-		else if (strcmp(*argv,"-text") == 0)
-			text=1;
-		else if (strcmp(*argv,"-print") == 0)
-			p7_print=1;
-		else if (strcmp(*argv,"-print_certs") == 0)
-			print_certs=1;
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
-		BIO_printf(bio_err," -in arg       input file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
-		BIO_printf(bio_err," -text         print full details of certificates\n");
-		BIO_printf(bio_err," -noout        don't output encoded data\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
-#endif
-		ret = 1;
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
-        setup_engine(bio_err, engine, 0);
-#endif
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
-                goto end;
-                }
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-		if (in == NULL)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-
-	if	(informat == FORMAT_ASN1)
-		p7=d2i_PKCS7_bio(in,NULL);
-	else if (informat == FORMAT_PEM)
-		p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
-	else
-		{
-		BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
-		goto end;
-		}
-	if (p7 == NULL)
-		{
-		BIO_printf(bio_err,"unable to load PKCS7 object\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	if (p7_print)
-		PKCS7_print_ctx(out, p7, 0, NULL);
-
-	if (print_certs)
-		{
-		STACK_OF(X509) *certs=NULL;
-		STACK_OF(X509_CRL) *crls=NULL;
-
-		i=OBJ_obj2nid(p7->type);
-		switch (i)
-			{
-		case NID_pkcs7_signed:
-			certs=p7->d.sign->cert;
-			crls=p7->d.sign->crl;
-			break;
-		case NID_pkcs7_signedAndEnveloped:
-			certs=p7->d.signed_and_enveloped->cert;
-			crls=p7->d.signed_and_enveloped->crl;
-			break;
-		default:
-			break;
-			}
-
-		if (certs != NULL)
-			{
-			X509 *x;
-
-			for (i=0; i<sk_X509_num(certs); i++)
-				{
-				x=sk_X509_value(certs,i);
-				if(text) X509_print(out, x);
-				else dump_cert_text(out, x);
-
-				if(!noout) PEM_write_bio_X509(out,x);
-				BIO_puts(out,"\n");
-				}
-			}
-		if (crls != NULL)
-			{
-			X509_CRL *crl;
-
-			for (i=0; i<sk_X509_CRL_num(crls); i++)
-				{
-				crl=sk_X509_CRL_value(crls,i);
-
-				X509_CRL_print(out, crl);
-
-				if(!noout)PEM_write_bio_X509_CRL(out,crl);
-				BIO_puts(out,"\n");
-				}
-			}
-
-		ret=0;
-		goto end;
-		}
-
-	if(!noout) {
-		if 	(outformat == FORMAT_ASN1)
-			i=i2d_PKCS7_bio(out,p7);
-		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_PKCS7(out,p7);
-		else	{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			goto end;
-			}
-
-		if (!i)
-			{
-			BIO_printf(bio_err,"unable to write pkcs7 object\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-	}
-	ret=0;
-end:
-	if (p7 != NULL) PKCS7_free(p7);
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free_all(out);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
deleted file mode 100644
index 7edeb179dd..0000000000
--- a/apps/pkcs8.c
+++ /dev/null
@@ -1,439 +0,0 @@
-/* pkcs8.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999-2004.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pkcs12.h>
-
-#define PROG pkcs8_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	char **args, *infile = NULL, *outfile = NULL;
-	char *passargin = NULL, *passargout = NULL;
-	BIO *in = NULL, *out = NULL;
-	int topk8 = 0;
-	int pbe_nid = -1;
-	const EVP_CIPHER *cipher = NULL;
-	int iter = PKCS12_DEFAULT_ITER;
-	int informat, outformat;
-	int p8_broken = PKCS8_OK;
-	int nocrypt = 0;
-	X509_SIG *p8 = NULL;
-	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
-	EVP_PKEY *pkey=NULL;
-	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
-	int badarg = 0;
-	int ret = 1;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-
-	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	ERR_load_crypto_strings();
-	OpenSSL_add_all_algorithms();
-	args = argv + 1;
-	while (!badarg && *args && *args[0] == '-')
-		{
-		if (!strcmp(*args,"-v2"))
-			{
-			if (args[1])
-				{
-				args++;
-				cipher=EVP_get_cipherbyname(*args);
-				if (!cipher)
-					{
-					BIO_printf(bio_err,
-						 "Unknown cipher %s\n", *args);
-					badarg = 1;
-					}
-				}
-			else
-				badarg = 1;
-			}
-		else if (!strcmp(*args,"-v1"))
-			{
-			if (args[1])
-				{
-				args++;
-				pbe_nid=OBJ_txt2nid(*args);
-				if (pbe_nid == NID_undef)
-					{
-					BIO_printf(bio_err,
-						 "Unknown PBE algorithm %s\n", *args);
-					badarg = 1;
-					}
-				}
-			else
-				badarg = 1;
-			}
-		else if (!strcmp(*args,"-inform"))
-			{
-			if (args[1])
-				{
-				args++;
-				informat=str2fmt(*args);
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args,"-outform"))
-			{
-			if (args[1])
-				{
-				args++;
-				outformat=str2fmt(*args);
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-topk8"))
-			topk8 = 1;
-		else if (!strcmp (*args, "-noiter"))
-			iter = 1;
-		else if (!strcmp (*args, "-nocrypt"))
-			nocrypt = 1;
-		else if (!strcmp (*args, "-nooct"))
-			p8_broken = PKCS8_NO_OCTET;
-		else if (!strcmp (*args, "-nsdb"))
-			p8_broken = PKCS8_NS_DB;
-		else if (!strcmp (*args, "-embed"))
-			p8_broken = PKCS8_EMBEDDED_PARAM;
-		else if (!strcmp(*args,"-passin"))
-			{
-			if (!args[1]) goto bad;
-			passargin= *(++args);
-			}
-		else if (!strcmp(*args,"-passout"))
-			{
-			if (!args[1]) goto bad;
-			passargout= *(++args);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*args,"-engine") == 0)
-			{
-			if (!args[1]) goto bad;
-			engine= *(++args);
-			}
-#endif
-		else if (!strcmp (*args, "-in"))
-			{
-			if (args[1])
-				{
-				args++;
-				infile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-out"))
-			{
-			if (args[1])
-				{
-				args++;
-				outfile = *args;
-				}
-			else badarg = 1;
-			}
-		else badarg = 1;
-		args++;
-		}
-
-	if (badarg)
-		{
-		bad:
-		BIO_printf(bio_err, "Usage pkcs8 [options]\n");
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, "-in file        input file\n");
-		BIO_printf(bio_err, "-inform X       input format (DER or PEM)\n");
-		BIO_printf(bio_err, "-passin arg     input file pass phrase source\n");
-		BIO_printf(bio_err, "-outform X      output format (DER or PEM)\n");
-		BIO_printf(bio_err, "-out file       output file\n");
-		BIO_printf(bio_err, "-passout arg    output file pass phrase source\n");
-		BIO_printf(bio_err, "-topk8          output PKCS8 file\n");
-		BIO_printf(bio_err, "-nooct          use (nonstandard) no octet format\n");
-		BIO_printf(bio_err, "-embed          use (nonstandard) embedded DSA parameters format\n");
-		BIO_printf(bio_err, "-nsdb           use (nonstandard) DSA Netscape DB format\n");
-		BIO_printf(bio_err, "-noiter         use 1 as iteration count\n");
-		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
-		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
-		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
-#endif
-		goto end;
-		}
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
-	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
-		{
-		BIO_printf(bio_err, "Error getting passwords\n");
-		goto end;
-		}
-
-	if ((pbe_nid == -1) && !cipher)
-		pbe_nid = NID_pbeWithMD5AndDES_CBC;
-
-	if (infile)
-		{
-		if (!(in = BIO_new_file(infile, "rb")))
-			{
-			BIO_printf(bio_err,
-				 "Can't open input file %s\n", infile);
-			goto end;
-			}
-		}
-	else
-		in = BIO_new_fp (stdin, BIO_NOCLOSE);
-
-	if (outfile)
-		{
-		if (!(out = BIO_new_file (outfile, "wb")))
-			{
-			BIO_printf(bio_err,
-				 "Can't open output file %s\n", outfile);
-			goto end;
-			}
-		}
-	else
-		{
-		out = BIO_new_fp (stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-		}
-	if (topk8)
-		{
-		pkey = load_key(bio_err, infile, informat, 1,
-			passin, e, "key");
-		if (!pkey)
-			goto end;
-		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
-			{
-			BIO_printf(bio_err, "Error converting key\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (nocrypt)
-			{
-			if (outformat == FORMAT_PEM) 
-				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
-			else if (outformat == FORMAT_ASN1)
-				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
-			else
-				{
-				BIO_printf(bio_err, "Bad format specified for key\n");
-				goto end;
-				}
-			}
-		else
-			{
-			if (passout)
-				p8pass = passout;
-			else
-				{
-				p8pass = pass;
-				if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
-					goto end;
-				}
-			app_RAND_load_file(NULL, bio_err, 0);
-			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
-					p8pass, strlen(p8pass),
-					NULL, 0, iter, p8inf)))
-				{
-				BIO_printf(bio_err, "Error encrypting key\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			app_RAND_write_file(NULL, bio_err);
-			if (outformat == FORMAT_PEM) 
-				PEM_write_bio_PKCS8(out, p8);
-			else if (outformat == FORMAT_ASN1)
-				i2d_PKCS8_bio(out, p8);
-			else
-				{
-				BIO_printf(bio_err, "Bad format specified for key\n");
-				goto end;
-				}
-			}
-
-		ret = 0;
-		goto end;
-		}
-
-	if (nocrypt)
-		{
-		if (informat == FORMAT_PEM) 
-			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
-		else if (informat == FORMAT_ASN1)
-			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
-		else
-			{
-			BIO_printf(bio_err, "Bad format specified for key\n");
-			goto end;
-			}
-		}
-	else
-		{
-		if (informat == FORMAT_PEM) 
-			p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
-		else if (informat == FORMAT_ASN1)
-			p8 = d2i_PKCS8_bio(in, NULL);
-		else
-			{
-			BIO_printf(bio_err, "Bad format specified for key\n");
-			goto end;
-			}
-
-		if (!p8)
-			{
-			BIO_printf (bio_err, "Error reading key\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (passin)
-			p8pass = passin;
-		else
-			{
-			p8pass = pass;
-			EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
-			}
-		p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
-		}
-
-	if (!p8inf)
-		{
-		BIO_printf(bio_err, "Error decrypting key\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (!(pkey = EVP_PKCS82PKEY(p8inf)))
-		{
-		BIO_printf(bio_err, "Error converting key\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	
-	if (p8inf->broken)
-		{
-		BIO_printf(bio_err, "Warning: broken key encoding: ");
-		switch (p8inf->broken)
-			{
-			case PKCS8_NO_OCTET:
-			BIO_printf(bio_err, "No Octet String in PrivateKey\n");
-			break;
-
-			case PKCS8_EMBEDDED_PARAM:
-			BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
-			break;
-
-			case PKCS8_NS_DB:
-			BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
-			break;
-
-			case PKCS8_NEG_PRIVKEY:
-			BIO_printf(bio_err, "DSA private key value is negative\n");
-			break;
-
-			default:
-			BIO_printf(bio_err, "Unknown broken type\n");
-			break;
-		}
-	}
-	
-	if (outformat == FORMAT_PEM) 
-		PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
-	else if (outformat == FORMAT_ASN1)
-		i2d_PrivateKey_bio(out, pkey);
-	else
-		{
-		BIO_printf(bio_err, "Bad format specified for key\n");
-			goto end;
-		}
-	ret = 0;
-
-	end:
-	X509_SIG_free(p8);
-	PKCS8_PRIV_KEY_INFO_free(p8inf);
-	EVP_PKEY_free(pkey);
-	BIO_free_all(out);
-	BIO_free(in);
-	if (passin)
-		OPENSSL_free(passin);
-	if (passout)
-		OPENSSL_free(passout);
-
-	return ret;
-	}
diff --git a/apps/pkey.c b/apps/pkey.c
deleted file mode 100644
index 17e6702fb1..0000000000
--- a/apps/pkey.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/* apps/pkey.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-
-#define PROG pkey_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	char **args, *infile = NULL, *outfile = NULL;
-	char *passargin = NULL, *passargout = NULL;
-	BIO *in = NULL, *out = NULL;
-	const EVP_CIPHER *cipher = NULL;
-	int informat, outformat;
-	int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0;
-	EVP_PKEY *pkey=NULL;
-	char *passin = NULL, *passout = NULL;
-	int badarg = 0;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-	int ret = 1;
-
-	if (bio_err == NULL)
-		bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	ERR_load_crypto_strings();
-	OpenSSL_add_all_algorithms();
-	args = argv + 1;
-	while (!badarg && *args && *args[0] == '-')
-		{
-		if (!strcmp(*args,"-inform"))
-			{
-			if (args[1])
-				{
-				args++;
-				informat=str2fmt(*args);
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args,"-outform"))
-			{
-			if (args[1])
-				{
-				args++;
-				outformat=str2fmt(*args);
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp(*args,"-passin"))
-			{
-			if (!args[1]) goto bad;
-			passargin= *(++args);
-			}
-		else if (!strcmp(*args,"-passout"))
-			{
-			if (!args[1]) goto bad;
-			passargout= *(++args);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*args,"-engine") == 0)
-			{
-			if (!args[1]) goto bad;
-			engine= *(++args);
-			}
-#endif
-		else if (!strcmp (*args, "-in"))
-			{
-			if (args[1])
-				{
-				args++;
-				infile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-out"))
-			{
-			if (args[1])
-				{
-				args++;
-				outfile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (strcmp(*args,"-pubin") == 0)
-			{
-			pubin=1;
-			pubout=1;
-			pubtext=1;
-			}
-		else if (strcmp(*args,"-pubout") == 0)
-			pubout=1;
-		else if (strcmp(*args,"-text_pub") == 0)
-			{
-			pubtext=1;
-			text=1;
-			}
-		else if (strcmp(*args,"-text") == 0)
-			text=1;
-		else if (strcmp(*args,"-noout") == 0)
-			noout=1;
-		else
-			{
-			cipher = EVP_get_cipherbyname(*args + 1);
-			if (!cipher)
-				{
-				BIO_printf(bio_err, "Unknown cipher %s\n",
-								*args + 1);
-				badarg = 1;
-				}
-			}
-		args++;
-		}
-
-	if (badarg)
-		{
-		bad:
-		BIO_printf(bio_err, "Usage pkey [options]\n");
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, "-in file        input file\n");
-		BIO_printf(bio_err, "-inform X       input format (DER or PEM)\n");
-		BIO_printf(bio_err, "-passin arg     input file pass phrase source\n");
-		BIO_printf(bio_err, "-outform X      output format (DER or PEM)\n");
-		BIO_printf(bio_err, "-out file       output file\n");
-		BIO_printf(bio_err, "-passout arg    output file pass phrase source\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
-#endif
-		return 1;
-		}
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
-	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
-		{
-		BIO_printf(bio_err, "Error getting passwords\n");
-		goto end;
-		}
-
-	if (outfile)
-		{
-		if (!(out = BIO_new_file (outfile, "wb")))
-			{
-			BIO_printf(bio_err,
-				 "Can't open output file %s\n", outfile);
-			goto end;
-			}
-		}
-	else
-		{
-		out = BIO_new_fp (stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-		}
-
-	if (pubin)
-		pkey = load_pubkey(bio_err, infile, informat, 1,
-			passin, e, "Public Key");
-	else
-		pkey = load_key(bio_err, infile, informat, 1,
-			passin, e, "key");
-	if (!pkey)
-		goto end;
-
-	if (!noout)
-		{
-		if (outformat == FORMAT_PEM) 
-			{
-			if (pubout)
-				PEM_write_bio_PUBKEY(out,pkey);
-			else
-				PEM_write_bio_PrivateKey(out, pkey, cipher,
-							NULL, 0, NULL, passout);
-			}
-		else if (outformat == FORMAT_ASN1)
-			{
-			if (pubout)
-				i2d_PUBKEY_bio(out, pkey);
-			else
-				i2d_PrivateKey_bio(out, pkey);
-			}
-		else
-			{
-			BIO_printf(bio_err, "Bad format specified for key\n");
-			goto end;
-			}
-
-		}
-
-	if (text)
-		{
-		if (pubtext)
-			EVP_PKEY_print_public(out, pkey, 0, NULL);
-		else
-			EVP_PKEY_print_private(out, pkey, 0, NULL);
-		}
-
-	ret = 0;
-
-	end:
-	EVP_PKEY_free(pkey);
-	BIO_free_all(out);
-	BIO_free(in);
-	if (passin)
-		OPENSSL_free(passin);
-	if (passout)
-		OPENSSL_free(passout);
-
-	return ret;
-	}
diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c
deleted file mode 100644
index 6f7a357a36..0000000000
--- a/apps/pkeyparam.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/* apps/pkeyparam.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-
-#define PROG pkeyparam_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	char **args, *infile = NULL, *outfile = NULL;
-	BIO *in = NULL, *out = NULL;
-	int text = 0, noout = 0;
-	EVP_PKEY *pkey=NULL;
-	int badarg = 0;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-	int ret = 1;
-
-	if (bio_err == NULL)
-		bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	ERR_load_crypto_strings();
-	OpenSSL_add_all_algorithms();
-	args = argv + 1;
-	while (!badarg && *args && *args[0] == '-')
-		{
-		if (!strcmp (*args, "-in"))
-			{
-			if (args[1])
-				{
-				args++;
-				infile = *args;
-				}
-			else badarg = 1;
-			}
-		else if (!strcmp (*args, "-out"))
-			{
-			if (args[1])
-				{
-				args++;
-				outfile = *args;
-				}
-			else badarg = 1;
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*args,"-engine") == 0)
-			{
-			if (!args[1]) goto bad;
-			engine= *(++args);
-			}
-#endif
-
-		else if (strcmp(*args,"-text") == 0)
-			text=1;
-		else if (strcmp(*args,"-noout") == 0)
-			noout=1;
-		args++;
-		}
-
-	if (badarg)
-		{
-#ifndef OPENSSL_NO_ENGINE
-		bad:
-#endif
-		BIO_printf(bio_err, "Usage pkeyparam [options]\n");
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, "-in file        input file\n");
-		BIO_printf(bio_err, "-out file       output file\n");
-		BIO_printf(bio_err, "-text           print parameters as text\n");
-		BIO_printf(bio_err, "-noout          don't output encoded parameters\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
-#endif
-		return 1;
-		}
-
-#ifndef OPENSSL_NO_ENGINE
-        setup_engine(bio_err, engine, 0);
-#endif
-
-	if (infile)
-		{
-		if (!(in = BIO_new_file (infile, "r")))
-			{
-			BIO_printf(bio_err,
-				 "Can't open input file %s\n", infile);
-			goto end;
-			}
-		}
-	else
-		in = BIO_new_fp (stdin, BIO_NOCLOSE);
-
-	if (outfile)
-		{
-		if (!(out = BIO_new_file (outfile, "w")))
-			{
-			BIO_printf(bio_err,
-				 "Can't open output file %s\n", outfile);
-			goto end;
-			}
-		}
-	else
-		{
-		out = BIO_new_fp (stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-		}
-
-	pkey = PEM_read_bio_Parameters(in, NULL);
-	if (!pkey)
-		{
-		BIO_printf(bio_err, "Error reading parameters\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (!noout)
-		PEM_write_bio_Parameters(out,pkey);
-
-	if (text)
-		EVP_PKEY_print_params(out, pkey, 0, NULL);
-
-	ret = 0;
-
-	end:
-	EVP_PKEY_free(pkey);
-	BIO_free_all(out);
-	BIO_free(in);
-
-	return ret;
-	}
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
deleted file mode 100644
index 7eb3f5c544..0000000000
--- a/apps/pkeyutl.c
+++ /dev/null
@@ -1,570 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include "apps.h"
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/evp.h>
-
-#define KEY_PRIVKEY	1
-#define KEY_PUBKEY	2
-#define KEY_CERT	3
-
-static void usage(void);
-
-#undef PROG
-
-#define PROG pkeyutl_main
-
-static EVP_PKEY_CTX *init_ctx(int *pkeysize,
-				char *keyfile, int keyform, int key_type,
-				char *passargin, int pkey_op, ENGINE *e);
-
-static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
-							const char *file);
-
-static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
-		unsigned char *out, size_t *poutlen,
-		unsigned char *in, size_t inlen);
-
-int MAIN(int argc, char **);
-
-int MAIN(int argc, char **argv)
-{
-	BIO *in = NULL, *out = NULL;
-	char *infile = NULL, *outfile = NULL, *sigfile = NULL;
-	ENGINE *e = NULL;
-	int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
-	int keyform = FORMAT_PEM, peerform = FORMAT_PEM;
-	char badarg = 0, rev = 0;
-	char hexdump = 0, asn1parse = 0;
-	EVP_PKEY_CTX *ctx = NULL;
-	char *passargin = NULL;
-	int keysize = -1;
-
-	unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
-	size_t buf_outlen;
-	int buf_inlen = 0, siglen = -1;
-
-	int ret = 1, rv = -1;
-
-	argc--;
-	argv++;
-
-	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-	ERR_load_crypto_strings();
-	OpenSSL_add_all_algorithms();
-	
-	while(argc >= 1)
-		{
-		if (!strcmp(*argv,"-in"))
-			{
-			if (--argc < 1) badarg = 1;
-                        else infile= *(++argv);
-			}
-		else if (!strcmp(*argv,"-out"))
-			{
-			if (--argc < 1) badarg = 1;
-			else outfile= *(++argv);
-			}
-		else if (!strcmp(*argv,"-sigfile"))
-			{
-			if (--argc < 1) badarg = 1;
-			else sigfile= *(++argv);
-			}
-		else if(!strcmp(*argv, "-inkey"))
-			{
-			if (--argc < 1)
-				badarg = 1;
-			else
-				{
-				ctx = init_ctx(&keysize,
-						*(++argv), keyform, key_type,
-						passargin, pkey_op, e);
-				if (!ctx)
-					{
-					BIO_puts(bio_err,
-						"Error initializing context\n");
-					ERR_print_errors(bio_err);
-					badarg = 1;
-					}
-				}
-			}
-		else if (!strcmp(*argv,"-peerkey"))
-			{
-			if (--argc < 1)
-				badarg = 1;
-			else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
-				badarg = 1;
-			}
-		else if (!strcmp(*argv,"-passin"))
-			{
-			if (--argc < 1) badarg = 1;
-			else passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-peerform") == 0)
-			{
-			if (--argc < 1) badarg = 1;
-			else peerform=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) badarg = 1;
-			else keyform=str2fmt(*(++argv));
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if(!strcmp(*argv, "-engine"))
-			{
-			if (--argc < 1)
-				badarg = 1;
-			else
-				e = setup_engine(bio_err, *(++argv), 0);
-			}
-#endif
-		else if(!strcmp(*argv, "-pubin"))
-			key_type = KEY_PUBKEY;
-		else if(!strcmp(*argv, "-certin"))
-			key_type = KEY_CERT;
-		else if(!strcmp(*argv, "-asn1parse"))
-			asn1parse = 1;
-		else if(!strcmp(*argv, "-hexdump"))
-			hexdump = 1;
-		else if(!strcmp(*argv, "-sign"))
-			pkey_op = EVP_PKEY_OP_SIGN;
-		else if(!strcmp(*argv, "-verify"))
-			pkey_op = EVP_PKEY_OP_VERIFY;
-		else if(!strcmp(*argv, "-verifyrecover"))
-			pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
-		else if(!strcmp(*argv, "-rev"))
-			rev = 1;
-		else if(!strcmp(*argv, "-encrypt"))
-			pkey_op = EVP_PKEY_OP_ENCRYPT;
-		else if(!strcmp(*argv, "-decrypt"))
-			pkey_op = EVP_PKEY_OP_DECRYPT;
-		else if(!strcmp(*argv, "-derive"))
-			pkey_op = EVP_PKEY_OP_DERIVE;
-		else if (strcmp(*argv,"-pkeyopt") == 0)
-			{
-			if (--argc < 1)
-				badarg = 1;
-			else if (!ctx)
-				{
-				BIO_puts(bio_err,
-					"-pkeyopt command before -inkey\n");
-				badarg = 1;
-				}
-			else if (pkey_ctrl_string(ctx, *(++argv)) <= 0)
-				{
-				BIO_puts(bio_err, "parameter setting error\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		else badarg = 1;
-		if(badarg)
-			{
-			usage();
-			goto end;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (!ctx)
-		{
-		usage();
-		goto end;
-		}
-
-	if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY))
-		{
-		BIO_puts(bio_err, "Signature file specified for non verify\n");
-		goto end;
-		}
-
-	if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY))
-		{
-		BIO_puts(bio_err, "No signature file specified for verify\n");
-		goto end;
-		}
-
-/* FIXME: seed PRNG only if needed */
-	app_RAND_load_file(NULL, bio_err, 0);
-
-	if (pkey_op != EVP_PKEY_OP_DERIVE)
-		{
-		if(infile)
-			{
-			if(!(in = BIO_new_file(infile, "rb")))
-				{
-				BIO_puts(bio_err,
-					"Error Opening Input File\n");
-				ERR_print_errors(bio_err);	
-				goto end;
-				}
-			}
-		else
-			in = BIO_new_fp(stdin, BIO_NOCLOSE);
-		}
-
-	if(outfile)
-		{
-		if(!(out = BIO_new_file(outfile, "wb")))
-			{
-			BIO_printf(bio_err, "Error Creating Output File\n");
-			ERR_print_errors(bio_err);	
-			goto end;
-			}
-		}
-	else
-		{
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		    out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-
-	if (sigfile)
-		{
-		BIO *sigbio = BIO_new_file(sigfile, "rb");
-		if (!sigbio)
-			{
-			BIO_printf(bio_err, "Can't open signature file %s\n",
-								sigfile);
-			goto end;
-			}
-		siglen = bio_to_mem(&sig, keysize * 10, sigbio);
-		BIO_free(sigbio);
-		if (siglen <= 0)
-			{
-			BIO_printf(bio_err, "Error reading signature data\n");
-			goto end;
-			}
-		}
-	
-	if (in)
-		{
-		/* Read the input data */
-		buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
-		if(buf_inlen <= 0)
-			{
-			BIO_printf(bio_err, "Error reading input Data\n");
-			exit(1);
-			}
-		if(rev)
-			{
-			size_t i;
-			unsigned char ctmp;
-			size_t l = (size_t)buf_inlen;
-			for(i = 0; i < l/2; i++)
-				{
-				ctmp = buf_in[i];
-				buf_in[i] = buf_in[l - 1 - i];
-				buf_in[l - 1 - i] = ctmp;
-				}
-			}
-		}
-
-	if(pkey_op == EVP_PKEY_OP_VERIFY)
-		{
-		rv  = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
-				      buf_in, (size_t)buf_inlen);
-		if (rv == 0)
-			BIO_puts(out, "Signature Verification Failure\n");
-		else if (rv == 1)
-			BIO_puts(out, "Signature Verified Successfully\n");
-		if (rv >= 0)
-			goto end;
-		}
-	else
-		{	
-		rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
-			      buf_in, (size_t)buf_inlen);
-		if (rv > 0)
-			{
-			buf_out = OPENSSL_malloc(buf_outlen);
-			if (!buf_out)
-				rv = -1;
-			else
-				rv = do_keyop(ctx, pkey_op,
-						buf_out, (size_t *)&buf_outlen,
-						buf_in, (size_t)buf_inlen);
-			}
-		}
-
-	if(rv <= 0)
-		{
-		BIO_printf(bio_err, "Public Key operation error\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	ret = 0;
-	if(asn1parse)
-		{
-		if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
-			ERR_print_errors(bio_err);
-		}
-	else if(hexdump)
-		BIO_dump(out, (char *)buf_out, buf_outlen);
-	else
-		BIO_write(out, buf_out, buf_outlen);
-
-	end:
-	if (ctx)
-		EVP_PKEY_CTX_free(ctx);
-	BIO_free(in);
-	BIO_free_all(out);
-	if (buf_in)
-		OPENSSL_free(buf_in);
-	if (buf_out)
-		OPENSSL_free(buf_out);
-	if (sig)
-		OPENSSL_free(sig);
-	return ret;
-}
-
-static void usage()
-{
-	BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
-	BIO_printf(bio_err, "-in file        input file\n");
-	BIO_printf(bio_err, "-out file       output file\n");
-	BIO_printf(bio_err, "-sigfile file signature file (verify operation only)\n");
-	BIO_printf(bio_err, "-inkey file     input key\n");
-	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
-	BIO_printf(bio_err, "-pubin          input is a public key\n");
-	BIO_printf(bio_err, "-certin         input is a certificate carrying a public key\n");
-	BIO_printf(bio_err, "-pkeyopt X:Y    public key options\n");
-	BIO_printf(bio_err, "-sign           sign with private key\n");
-	BIO_printf(bio_err, "-verify         verify with public key\n");
-	BIO_printf(bio_err, "-verifyrecover  verify with public key, recover original data\n");
-	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
-	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
-	BIO_printf(bio_err, "-derive         derive shared secret\n");
-	BIO_printf(bio_err, "-hexdump        hex dump output\n");
-#ifndef OPENSSL_NO_ENGINE
-	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
-#endif
-	BIO_printf(bio_err, "-passin arg     pass phrase source\n");
-
-}
-
-static EVP_PKEY_CTX *init_ctx(int *pkeysize,
-				char *keyfile, int keyform, int key_type,
-				char *passargin, int pkey_op, ENGINE *e)
-	{
-	EVP_PKEY *pkey = NULL;
-	EVP_PKEY_CTX *ctx = NULL;
-	char *passin = NULL;
-	int rv = -1;
-	X509 *x;
-	if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) 
-		|| (pkey_op == EVP_PKEY_OP_DERIVE))
-		&& (key_type != KEY_PRIVKEY))
-		{
-		BIO_printf(bio_err, "A private key is needed for this operation\n");
-		goto end;
-		}
-	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
-		{
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-		}
-	switch(key_type)
-		{
-		case KEY_PRIVKEY:
-		pkey = load_key(bio_err, keyfile, keyform, 0,
-			passin, e, "Private Key");
-		break;
-
-		case KEY_PUBKEY:
-		pkey = load_pubkey(bio_err, keyfile, keyform, 0,
-			NULL, e, "Public Key");
-		break;
-
-		case KEY_CERT:
-		x = load_cert(bio_err, keyfile, keyform,
-			NULL, e, "Certificate");
-		if(x)
-			{
-			pkey = X509_get_pubkey(x);
-			X509_free(x);
-			}
-		break;
-
-		}
-
-	*pkeysize = EVP_PKEY_size(pkey);
-
-	if (!pkey)
-		goto end;
-
-	ctx = EVP_PKEY_CTX_new(pkey, e);
-
-	EVP_PKEY_free(pkey);
-
-	if (!ctx)
-		goto end;
-
-	switch(pkey_op)
-		{
-		case EVP_PKEY_OP_SIGN:
-		rv = EVP_PKEY_sign_init(ctx);
-		break;
-
-		case EVP_PKEY_OP_VERIFY:
-		rv = EVP_PKEY_verify_init(ctx);
-		break;
-
-		case EVP_PKEY_OP_VERIFYRECOVER:
-		rv = EVP_PKEY_verify_recover_init(ctx);
-		break;
-
-		case EVP_PKEY_OP_ENCRYPT:
-		rv = EVP_PKEY_encrypt_init(ctx);
-		break;
-
-		case EVP_PKEY_OP_DECRYPT:
-		rv = EVP_PKEY_decrypt_init(ctx);
-		break;
-
-		case EVP_PKEY_OP_DERIVE:
-		rv = EVP_PKEY_derive_init(ctx);
-		break;
-		}
-
-	if (rv <= 0)
-		{
-		EVP_PKEY_CTX_free(ctx);
-		ctx = NULL;
-		}
-
-	end:
-
-	if (passin)
-		OPENSSL_free(passin);
-
-	return ctx;
-
-
-	}
-
-static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
-							const char *file)
-	{
-	EVP_PKEY *peer = NULL;
-	int ret;
-	if (!ctx)
-		{
-		BIO_puts(err, "-peerkey command before -inkey\n");
-		return 0;
-		}
-		
-	peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
-
-	if (!peer)
-		{
-		BIO_printf(bio_err, "Error reading peer key %s\n", file);
-		ERR_print_errors(err);
-		return 0;
-		}
-
-	ret = EVP_PKEY_derive_set_peer(ctx, peer);
-
-	EVP_PKEY_free(peer);
-	if (ret <= 0)
-		ERR_print_errors(err);
-	return ret;
-	}
-
-static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
-		unsigned char *out, size_t *poutlen,
-		unsigned char *in, size_t inlen)
-	{
-	int rv = 0;
-	switch(pkey_op)
-		{
-		case EVP_PKEY_OP_VERIFYRECOVER:
-		rv  = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
-		break;
-
-		case EVP_PKEY_OP_SIGN:
-		rv  = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
-		break;
-
-		case EVP_PKEY_OP_ENCRYPT:
-		rv  = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
-		break;
-
-		case EVP_PKEY_OP_DECRYPT:
-		rv  = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
-		break; 
-
-		case EVP_PKEY_OP_DERIVE:
-		rv  = EVP_PKEY_derive(ctx, out, poutlen);
-		break;
-
-		}
-	return rv;
-	}
diff --git a/apps/prime.c b/apps/prime.c
deleted file mode 100644
index f1aaef8725..0000000000
--- a/apps/prime.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-
-#include "apps.h"
-#include <openssl/bn.h>
-
-
-#undef PROG
-#define PROG prime_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-    {
-    int hex=0;
-    int checks=20;
-    int generate=0;
-    int bits=0;
-    int safe=0;
-    BIGNUM *bn=NULL;
-    BIO *bio_out;
-
-    apps_startup();
-
-    if (bio_err == NULL)
-	if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-	    BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-    --argc;
-    ++argv;
-    while (argc >= 1 && **argv == '-')
-	{
-	if(!strcmp(*argv,"-hex"))
-	    hex=1;
-	else if(!strcmp(*argv,"-generate"))
-	    generate=1;
-	else if(!strcmp(*argv,"-bits"))
-	    if(--argc < 1)
-		goto bad;
-	    else
-		bits=atoi(*++argv);
-	else if(!strcmp(*argv,"-safe"))
-	    safe=1;
-	else if(!strcmp(*argv,"-checks"))
-	    if(--argc < 1)
-		goto bad;
-	    else
-		checks=atoi(*++argv);
-	else
-	    {
-	    BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
-	    goto bad;
-	    }
-	--argc;
-	++argv;
-	}
-
-    if (argv[0] == NULL && !generate)
-	{
-	BIO_printf(bio_err,"No prime specified\n");
-	goto bad;
-	}
-
-    if ((bio_out=BIO_new(BIO_s_file())) != NULL)
-	{
-	BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-	    {
-	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	    bio_out = BIO_push(tmpbio, bio_out);
-	    }
-#endif
-	}
-
-    if(generate)
-	{
-	char *s;
-
-	if(!bits)
-	    {
-	    BIO_printf(bio_err,"Specifiy the number of bits.\n");
-	    return 1;
-	    }
-	bn=BN_new();
-	BN_generate_prime_ex(bn,bits,safe,NULL,NULL,NULL);
-	s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
-	BIO_printf(bio_out,"%s\n",s);
-	OPENSSL_free(s);
-	}
-    else
-	{
-	if(hex)
-	    BN_hex2bn(&bn,argv[0]);
-	else
-	    BN_dec2bn(&bn,argv[0]);
-
-	BN_print(bio_out,bn);
-	BIO_printf(bio_out," is %sprime\n",
-		   BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
-	}
-
-    BN_free(bn);
-    BIO_free_all(bio_out);
-
-    return 0;
-
-    bad:
-    BIO_printf(bio_err,"options are\n");
-    BIO_printf(bio_err,"%-14s hex\n","-hex");
-    BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");
-    return 1;
-    }
diff --git a/apps/privkey.pem b/apps/privkey.pem
deleted file mode 100644
index 0af46474a7..0000000000
--- a/apps/privkey.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF
-
-6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9
-Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo
-F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3
-XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE
-jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy
-vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh
-JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf
-PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM
-POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS
-gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz
-8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v
-Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC
-dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw==
------END RSA PRIVATE KEY-----
diff --git a/apps/progs.h b/apps/progs.h
deleted file mode 100644
index b162055d5e..0000000000
--- a/apps/progs.h
+++ /dev/null
@@ -1,368 +0,0 @@
-/* apps/progs.h */
-/* automatically generated by progs.pl for openssl.c */
-
-extern int verify_main(int argc,char *argv[]);
-extern int asn1parse_main(int argc,char *argv[]);
-extern int req_main(int argc,char *argv[]);
-extern int dgst_main(int argc,char *argv[]);
-extern int dh_main(int argc,char *argv[]);
-extern int dhparam_main(int argc,char *argv[]);
-extern int enc_main(int argc,char *argv[]);
-extern int passwd_main(int argc,char *argv[]);
-extern int gendh_main(int argc,char *argv[]);
-extern int errstr_main(int argc,char *argv[]);
-extern int ca_main(int argc,char *argv[]);
-extern int crl_main(int argc,char *argv[]);
-extern int rsa_main(int argc,char *argv[]);
-extern int rsautl_main(int argc,char *argv[]);
-extern int dsa_main(int argc,char *argv[]);
-extern int dsaparam_main(int argc,char *argv[]);
-extern int ec_main(int argc,char *argv[]);
-extern int ecparam_main(int argc,char *argv[]);
-extern int x509_main(int argc,char *argv[]);
-extern int genrsa_main(int argc,char *argv[]);
-extern int gendsa_main(int argc,char *argv[]);
-extern int genpkey_main(int argc,char *argv[]);
-extern int s_server_main(int argc,char *argv[]);
-extern int s_client_main(int argc,char *argv[]);
-extern int speed_main(int argc,char *argv[]);
-extern int s_time_main(int argc,char *argv[]);
-extern int version_main(int argc,char *argv[]);
-extern int pkcs7_main(int argc,char *argv[]);
-extern int cms_main(int argc,char *argv[]);
-extern int crl2pkcs7_main(int argc,char *argv[]);
-extern int sess_id_main(int argc,char *argv[]);
-extern int ciphers_main(int argc,char *argv[]);
-extern int nseq_main(int argc,char *argv[]);
-extern int pkcs12_main(int argc,char *argv[]);
-extern int pkcs8_main(int argc,char *argv[]);
-extern int pkey_main(int argc,char *argv[]);
-extern int pkeyparam_main(int argc,char *argv[]);
-extern int pkeyutl_main(int argc,char *argv[]);
-extern int spkac_main(int argc,char *argv[]);
-extern int smime_main(int argc,char *argv[]);
-extern int rand_main(int argc,char *argv[]);
-extern int engine_main(int argc,char *argv[]);
-extern int ocsp_main(int argc,char *argv[]);
-extern int prime_main(int argc,char *argv[]);
-extern int ts_main(int argc,char *argv[]);
-extern int srp_main(int argc,char *argv[]);
-
-#define FUNC_TYPE_GENERAL	1
-#define FUNC_TYPE_MD		2
-#define FUNC_TYPE_CIPHER	3
-#define FUNC_TYPE_PKEY		4
-#define FUNC_TYPE_MD_ALG	5
-#define FUNC_TYPE_CIPHER_ALG	6
-
-typedef struct {
-	int type;
-	const char *name;
-	int (*func)(int argc,char *argv[]);
-	} FUNCTION;
-DECLARE_LHASH_OF(FUNCTION);
-
-FUNCTION functions[] = {
-	{FUNC_TYPE_GENERAL,"verify",verify_main},
-	{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
-	{FUNC_TYPE_GENERAL,"req",req_main},
-	{FUNC_TYPE_GENERAL,"dgst",dgst_main},
-#ifndef OPENSSL_NO_DH
-	{FUNC_TYPE_GENERAL,"dh",dh_main},
-#endif
-#ifndef OPENSSL_NO_DH
-	{FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
-#endif
-	{FUNC_TYPE_GENERAL,"enc",enc_main},
-	{FUNC_TYPE_GENERAL,"passwd",passwd_main},
-#ifndef OPENSSL_NO_DH
-	{FUNC_TYPE_GENERAL,"gendh",gendh_main},
-#endif
-	{FUNC_TYPE_GENERAL,"errstr",errstr_main},
-	{FUNC_TYPE_GENERAL,"ca",ca_main},
-	{FUNC_TYPE_GENERAL,"crl",crl_main},
-#ifndef OPENSSL_NO_RSA
-	{FUNC_TYPE_GENERAL,"rsa",rsa_main},
-#endif
-#ifndef OPENSSL_NO_RSA
-	{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
-#endif
-#ifndef OPENSSL_NO_DSA
-	{FUNC_TYPE_GENERAL,"dsa",dsa_main},
-#endif
-#ifndef OPENSSL_NO_DSA
-	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
-#endif
-#ifndef OPENSSL_NO_EC
-	{FUNC_TYPE_GENERAL,"ec",ec_main},
-#endif
-#ifndef OPENSSL_NO_EC
-	{FUNC_TYPE_GENERAL,"ecparam",ecparam_main},
-#endif
-	{FUNC_TYPE_GENERAL,"x509",x509_main},
-#ifndef OPENSSL_NO_RSA
-	{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
-#endif
-#ifndef OPENSSL_NO_DSA
-	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
-#endif
-	{FUNC_TYPE_GENERAL,"genpkey",genpkey_main},
-#if !defined(OPENSSL_NO_SOCK)
-	{FUNC_TYPE_GENERAL,"s_server",s_server_main},
-#endif
-#if !defined(OPENSSL_NO_SOCK)
-	{FUNC_TYPE_GENERAL,"s_client",s_client_main},
-#endif
-#ifndef OPENSSL_NO_SPEED
-	{FUNC_TYPE_GENERAL,"speed",speed_main},
-#endif
-#if !defined(OPENSSL_NO_SOCK)
-	{FUNC_TYPE_GENERAL,"s_time",s_time_main},
-#endif
-	{FUNC_TYPE_GENERAL,"version",version_main},
-	{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
-#ifndef OPENSSL_NO_CMS
-	{FUNC_TYPE_GENERAL,"cms",cms_main},
-#endif
-	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
-	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
-#if !defined(OPENSSL_NO_SOCK)
-	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
-#endif
-	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
-	{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
-#endif
-	{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
-	{FUNC_TYPE_GENERAL,"pkey",pkey_main},
-	{FUNC_TYPE_GENERAL,"pkeyparam",pkeyparam_main},
-	{FUNC_TYPE_GENERAL,"pkeyutl",pkeyutl_main},
-	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
-	{FUNC_TYPE_GENERAL,"smime",smime_main},
-	{FUNC_TYPE_GENERAL,"rand",rand_main},
-#ifndef OPENSSL_NO_ENGINE
-	{FUNC_TYPE_GENERAL,"engine",engine_main},
-#endif
-#ifndef OPENSSL_NO_OCSP
-	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
-#endif
-	{FUNC_TYPE_GENERAL,"prime",prime_main},
-#if 0 /* ANDROID */
-	{FUNC_TYPE_GENERAL,"ts",ts_main},
-#endif
-#ifndef OPENSSL_NO_SRP
-	{FUNC_TYPE_GENERAL,"srp",srp_main},
-#endif
-#ifndef OPENSSL_NO_MD2
-	{FUNC_TYPE_MD,"md2",dgst_main},
-#endif
-#ifndef OPENSSL_NO_MD4
-	{FUNC_TYPE_MD,"md4",dgst_main},
-#endif
-#ifndef OPENSSL_NO_MD5
-	{FUNC_TYPE_MD,"md5",dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA
-	{FUNC_TYPE_MD,"sha",dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA1
-	{FUNC_TYPE_MD,"sha1",dgst_main},
-#endif
-#ifndef OPENSSL_NO_MDC2
-	{FUNC_TYPE_MD,"mdc2",dgst_main},
-#endif
-#ifndef OPENSSL_NO_RMD160
-	{FUNC_TYPE_MD,"rmd160",dgst_main},
-#endif
-#ifndef OPENSSL_NO_AES
-	{FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
-	{FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
-	{FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
-	{FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
-	{FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
-	{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-	{FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-	{FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-	{FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-	{FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-	{FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-	{FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},
-#endif
-	{FUNC_TYPE_CIPHER,"base64",enc_main},
-#ifdef ZLIB
-	{FUNC_TYPE_CIPHER,"zlib",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des3",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"desx",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
-	{FUNC_TYPE_CIPHER,"idea",enc_main},
-#endif
-#ifndef OPENSSL_NO_SEED
-	{FUNC_TYPE_CIPHER,"seed",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC4
-	{FUNC_TYPE_CIPHER,"rc4",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC4
-	{FUNC_TYPE_CIPHER,"rc4-40",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
-	{FUNC_TYPE_CIPHER,"rc2",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
-	{FUNC_TYPE_CIPHER,"bf",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
-	{FUNC_TYPE_CIPHER,"cast",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
-	{FUNC_TYPE_CIPHER,"rc5",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des-ede",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des-ede3",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
-	{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
-	{FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
-	{FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
-	{FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
-	{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_SEED
-	{FUNC_TYPE_CIPHER,"seed-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_SEED
-	{FUNC_TYPE_CIPHER,"seed-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_SEED
-	{FUNC_TYPE_CIPHER,"seed-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_SEED
-	{FUNC_TYPE_CIPHER,"seed-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
-	{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
-	{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
-	{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
-	{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
-	{FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
-	{FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
-	{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
-	{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
-	{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
-	{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
-	{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
-	{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
-	{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
-	{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
-	{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
-	{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
-	{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
-	{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
-	{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
-#endif
-	{0,NULL,NULL}
-	};
diff --git a/apps/progs.pl b/apps/progs.pl
deleted file mode 100644
index fa6258cf5e..0000000000
--- a/apps/progs.pl
+++ /dev/null
@@ -1,104 +0,0 @@
-#!/usr/local/bin/perl
-
-print "/* apps/progs.h */\n";
-print "/* automatically generated by progs.pl for openssl.c */\n\n";
-
-grep(s/^asn1pars$/asn1parse/,@ARGV);
-
-foreach (@ARGV)
-	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
-
-print <<'EOF';
-
-#define FUNC_TYPE_GENERAL	1
-#define FUNC_TYPE_MD		2
-#define FUNC_TYPE_CIPHER	3
-#define FUNC_TYPE_PKEY		4
-#define FUNC_TYPE_MD_ALG	5
-#define FUNC_TYPE_CIPHER_ALG	6
-
-typedef struct {
-	int type;
-	const char *name;
-	int (*func)(int argc,char *argv[]);
-	} FUNCTION;
-DECLARE_LHASH_OF(FUNCTION);
-
-FUNCTION functions[] = {
-EOF
-
-foreach (@ARGV)
-	{
-	push(@files,$_);
-	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
-	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
-		{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } 
-	elsif ( ($_ =~ /^speed$/))
-		{ print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^engine$/))
-		{ print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) 
-		{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n";  }
-	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
-		{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/))
-		{ print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";}
-	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
-		{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^pkcs12$/))
-		{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^cms$/))
-		{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^ocsp$/))
-		{ print "#ifndef OPENSSL_NO_OCSP\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^srp$/))
-		{ print "#ifndef OPENSSL_NO_SRP\n${str}#endif\n"; }
-	else
-		{ print $str; }
-	}
-
-foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
-	{
-	push(@files,$_);
-	printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
-	}
-
-foreach (
-	"aes-128-cbc", "aes-128-ecb",
-	"aes-192-cbc", "aes-192-ecb",
-	"aes-256-cbc", "aes-256-ecb",
-	"camellia-128-cbc", "camellia-128-ecb",
-	"camellia-192-cbc", "camellia-192-ecb",
-	"camellia-256-cbc", "camellia-256-ecb",
-	"base64", "zlib",
-	"des", "des3", "desx", "idea", "seed", "rc4", "rc4-40",
-	"rc2", "bf", "cast", "rc5",
-	"des-ecb", "des-ede",    "des-ede3",
-	"des-cbc", "des-ede-cbc","des-ede3-cbc",
-	"des-cfb", "des-ede-cfb","des-ede3-cfb",
-	"des-ofb", "des-ede-ofb","des-ede3-ofb",
-	"idea-cbc","idea-ecb",    "idea-cfb", "idea-ofb",
-	"seed-cbc","seed-ecb",    "seed-cfb", "seed-ofb",
-	"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
-	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",
-	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
-	"cast-cbc", "rc5-cbc",   "rc5-ecb",  "rc5-cfb",  "rc5-ofb")
-	{
-	push(@files,$_);
-
-	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
-	if    ($_ =~ /des/)  { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
-	elsif ($_ =~ /aes/)  { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
-	elsif ($_ =~ /camellia/)  { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
-	elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
-	elsif ($_ =~ /seed/) { $t="#ifndef OPENSSL_NO_SEED\n${t}#endif\n"; }
-	elsif ($_ =~ /rc4/)  { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
-	elsif ($_ =~ /rc2/)  { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
-	elsif ($_ =~ /bf/)   { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
-	elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }
-	elsif ($_ =~ /rc5/)  { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }
-	elsif ($_ =~ /zlib/)  { $t="#ifdef ZLIB\n${t}#endif\n"; }
-	print $t;
-	}
-
-print "\t{0,NULL,NULL}\n\t};\n";
diff --git a/apps/rand.c b/apps/rand.c
deleted file mode 100644
index 790e79592c..0000000000
--- a/apps/rand.c
+++ /dev/null
@@ -1,245 +0,0 @@
-/* apps/rand.c */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "apps.h"
-
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-#undef PROG
-#define PROG rand_main
-
-/* -out file         - write to file
- * -rand file:file   - PRNG seed files
- * -base64           - base64 encode output
- * -hex              - hex encode output
- * num               - write 'num' bytes
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	int i, r, ret = 1;
-	int badopt;
-	char *outfile = NULL;
-	char *inrand = NULL;
-	int base64 = 0;
-	int hex = 0;
-	BIO *out = NULL;
-	int num = -1;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto err;
-
-	badopt = 0;
-	i = 0;
-	while (!badopt && argv[++i] != NULL)
-		{
-		if (strcmp(argv[i], "-out") == 0)
-			{
-			if ((argv[i+1] != NULL) && (outfile == NULL))
-				outfile = argv[++i];
-			else
-				badopt = 1;
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(argv[i], "-engine") == 0)
-			{
-			if ((argv[i+1] != NULL) && (engine == NULL))
-				engine = argv[++i];
-			else
-				badopt = 1;
-			}
-#endif
-		else if (strcmp(argv[i], "-rand") == 0)
-			{
-			if ((argv[i+1] != NULL) && (inrand == NULL))
-				inrand = argv[++i];
-			else
-				badopt = 1;
-			}
-		else if (strcmp(argv[i], "-base64") == 0)
-			{
-			if (!base64)
-				base64 = 1;
-			else
-				badopt = 1;
-			}
-		else if (strcmp(argv[i], "-hex") == 0)
-			{
-			if (!hex)
-				hex = 1;
-			else
-				badopt = 1;
-			}
-		else if (isdigit((unsigned char)argv[i][0]))
-			{
-			if (num < 0)
-				{
-				r = sscanf(argv[i], "%d", &num);
-				if (r == 0 || num < 0)
-					badopt = 1;
-				}
-			else
-				badopt = 1;
-			}
-		else
-			badopt = 1;
-		}
-
-	if (hex && base64)
-		badopt = 1;
-
-	if (num < 0)
-		badopt = 1;
-	
-	if (badopt) 
-		{
-		BIO_printf(bio_err, "Usage: rand [options] num\n");
-		BIO_printf(bio_err, "where options are\n");
-		BIO_printf(bio_err, "-out file             - write to file\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device.\n");
-#endif
-		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err, "-base64               - base64 encode output\n");
-		BIO_printf(bio_err, "-hex                  - hex encode output\n");
-		goto err;
-		}
-
-#ifndef OPENSSL_NO_ENGINE
-        setup_engine(bio_err, engine, 0);
-#endif
-
-	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
-
-	out = BIO_new(BIO_s_file());
-	if (out == NULL)
-		goto err;
-	if (outfile != NULL)
-		r = BIO_write_filename(out, outfile);
-	else
-		{
-		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	if (r <= 0)
-		goto err;
-
-	if (base64)
-		{
-		BIO *b64 = BIO_new(BIO_f_base64());
-		if (b64 == NULL)
-			goto err;
-		out = BIO_push(b64, out);
-		}
-	
-	while (num > 0) 
-		{
-		unsigned char buf[4096];
-		int chunk;
-
-		chunk = num;
-		if (chunk > (int)sizeof(buf))
-			chunk = sizeof buf;
-		r = RAND_bytes(buf, chunk);
-		if (r <= 0)
-			goto err;
-		if (!hex) 
-			BIO_write(out, buf, chunk);
-		else
-			{
-			for (i = 0; i < chunk; i++)
-				BIO_printf(out, "%02x", buf[i]);
-			}
-		num -= chunk;
-		}
-	if (hex)
-		BIO_puts(out, "\n");
-	(void)BIO_flush(out);
-
-	app_RAND_write_file(NULL, bio_err);
-	ret = 0;
-	
-err:
-	ERR_print_errors(bio_err);
-	if (out)
-		BIO_free_all(out);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
diff --git a/apps/req.c b/apps/req.c
deleted file mode 100644
index d41385d706..0000000000
--- a/apps/req.c
+++ /dev/null
@@ -1,1848 +0,0 @@
-/* apps/req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-#include <openssl/pem.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#define SECTION		"req"
-
-#define BITS		"default_bits"
-#define KEYFILE		"default_keyfile"
-#define PROMPT		"prompt"
-#define DISTINGUISHED_NAME	"distinguished_name"
-#define ATTRIBUTES	"attributes"
-#define V3_EXTENSIONS	"x509_extensions"
-#define REQ_EXTENSIONS	"req_extensions"
-#define STRING_MASK	"string_mask"
-#define UTF8_IN		"utf8"
-
-#define DEFAULT_KEY_LENGTH	512
-#define MIN_KEY_LENGTH		384
-
-#undef PROG
-#define PROG	req_main
-
-/* -inform arg	- input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg	- input file - default stdin
- * -out arg	- output file - default stdout
- * -verify	- check request signature
- * -noout	- don't print stuff out.
- * -text	- print out human readable text.
- * -nodes	- no des encryption
- * -config file	- Load configuration file.
- * -key file	- make a request using key in file (or use it for verification).
- * -keyform arg	- key file format.
- * -rand file(s) - load the file(s) into the PRNG.
- * -newkey	- make a key and a request.
- * -modulus	- print RSA modulus.
- * -pubkey	- output Public Key.
- * -x509	- output a self signed X509 structure instead.
- * -asn1-kludge	- output new certificate request in a format that some CA's
- *		  require.  This format is wrong
- */
-
-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn,
-		int attribs,unsigned long chtype);
-static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,
-		int multirdn);
-static int prompt_info(X509_REQ *req,
-		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
-		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
-		unsigned long chtype);
-static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
-				STACK_OF(CONF_VALUE) *attr, int attribs,
-				unsigned long chtype);
-static int add_attribute_object(X509_REQ *req, char *text, const char *def,
-				char *value, int nid, int n_min,
-				int n_max, unsigned long chtype);
-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
-	int nid,int n_min,int n_max, unsigned long chtype, int mval);
-static int genpkey_cb(EVP_PKEY_CTX *ctx);
-static int req_check_len(int len,int n_min,int n_max);
-static int check_end(const char *str, const char *end);
-static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
-					long *pkeylen, char **palgnam,
-					ENGINE *keygen_engine);
-#ifndef MONOLITH
-static char *default_config_file=NULL;
-#endif
-static CONF *req_conf=NULL;
-static int batch=0;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL, *gen_eng = NULL;
-	unsigned long nmflag = 0, reqflag = 0;
-	int ex=1,x509=0,days=30;
-	X509 *x509ss=NULL;
-	X509_REQ *req=NULL;
-	EVP_PKEY_CTX *genctx = NULL;
-	const char *keyalg = NULL;
-	char *keyalgstr = NULL;
-	STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL;
-	EVP_PKEY *pkey=NULL;
-	int i=0,badops=0,newreq=0,verbose=0,pkey_type=-1;
-	long newkey = -1;
-	BIO *in=NULL,*out=NULL;
-	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
-	int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
-	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-	char *extensions = NULL;
-	char *req_exts = NULL;
-	const EVP_CIPHER *cipher=NULL;
-	ASN1_INTEGER *serial = NULL;
-	int modulus=0;
-	char *inrand=NULL;
-	char *passargin = NULL, *passargout = NULL;
-	char *passin = NULL, *passout = NULL;
-	char *p;
-	char *subj = NULL;
-	int multirdn = 0;
-	const EVP_MD *md_alg=NULL,*digest=NULL;
-	unsigned long chtype = MBSTRING_ASC;
-#ifndef MONOLITH
-	char *to_free;
-	long errline;
-#endif
-
-	req_conf = NULL;
-#ifndef OPENSSL_NO_DES
-	cipher=EVP_des_ede3_cbc();
-#endif
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	infile=NULL;
-	outfile=NULL;
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-		else if (strcmp(*argv,"-keygen_engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			gen_eng = ENGINE_by_id(*(++argv));
-			if (gen_eng == NULL)
-				{
-				BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
-				goto end;
-				}
-			}
-#endif
-		else if (strcmp(*argv,"-key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-pubkey") == 0)
-			{
-			pubkey=1;
-			}
-		else if (strcmp(*argv,"-new") == 0)
-			{
-			newreq=1;
-			}
-		else if (strcmp(*argv,"-config") == 0)
-			{	
-			if (--argc < 1) goto bad;
-			template= *(++argv);
-			}
-		else if (strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyform=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-keyout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyout= *(++argv);
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			}
-		else if (strcmp(*argv,"-newkey") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			keyalg = *(++argv);
-			newreq=1;
-			}
-		else if (strcmp(*argv,"-pkeyopt") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			if (!pkeyopts)
-				pkeyopts = sk_OPENSSL_STRING_new_null();
-			if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, *(++argv)))
-				goto bad;
-			}
-		else if (strcmp(*argv,"-sigopt") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			if (!sigopts)
-				sigopts = sk_OPENSSL_STRING_new_null();
-			if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
-				goto bad;
-			}
-		else if (strcmp(*argv,"-batch") == 0)
-			batch=1;
-		else if (strcmp(*argv,"-newhdr") == 0)
-			newhdr=1;
-		else if (strcmp(*argv,"-modulus") == 0)
-			modulus=1;
-		else if (strcmp(*argv,"-verify") == 0)
-			verify=1;
-		else if (strcmp(*argv,"-nodes") == 0)
-			nodes=1;
-		else if (strcmp(*argv,"-noout") == 0)
-			noout=1;
-		else if (strcmp(*argv,"-verbose") == 0)
-			verbose=1;
-		else if (strcmp(*argv,"-utf8") == 0)
-			chtype = MBSTRING_UTF8;
-		else if (strcmp(*argv,"-nameopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
-			}
-		else if (strcmp(*argv,"-reqopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
-			}
-		else if (strcmp(*argv,"-subject") == 0)
-			subject=1;
-		else if (strcmp(*argv,"-text") == 0)
-			text=1;
-		else if (strcmp(*argv,"-x509") == 0)
-			x509=1;
-		else if (strcmp(*argv,"-asn1-kludge") == 0)
-			kludge=1;
-		else if (strcmp(*argv,"-no-asn1-kludge") == 0)
-			kludge=0;
-		else if (strcmp(*argv,"-subj") == 0)
-			{
-			if (--argc < 1) goto bad;
-			subj= *(++argv);
-			}
-		else if (strcmp(*argv,"-multivalue-rdn") == 0)
-			multirdn=1;
-		else if (strcmp(*argv,"-days") == 0)
-			{
-			if (--argc < 1) goto bad;
-			days= atoi(*(++argv));
-			if (days == 0) days=30;
-			}
-		else if (strcmp(*argv,"-set_serial") == 0)
-			{
-			if (--argc < 1) goto bad;
-			serial = s2i_ASN1_INTEGER(NULL, *(++argv));
-			if (!serial) goto bad;
-			}
-		else if (strcmp(*argv,"-extensions") == 0)
-			{
-			if (--argc < 1) goto bad;
-			extensions = *(++argv);
-			}
-		else if (strcmp(*argv,"-reqexts") == 0)
-			{
-			if (--argc < 1) goto bad;
-			req_exts = *(++argv);
-			}
-		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
-			{
-			/* ok */
-			digest=md_alg;
-			}
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
-		BIO_printf(bio_err,"where options  are\n");
-		BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");
-		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");
-		BIO_printf(bio_err," -in arg        input file\n");
-		BIO_printf(bio_err," -out arg       output file\n");
-		BIO_printf(bio_err," -text          text form of request\n");
-		BIO_printf(bio_err," -pubkey        output public key\n");
-		BIO_printf(bio_err," -noout         do not output REQ\n");
-		BIO_printf(bio_err," -verify        verify signature on REQ\n");
-		BIO_printf(bio_err," -modulus       RSA modulus\n");
-		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");
-#endif
-		BIO_printf(bio_err," -subject       output the request's subject\n");
-		BIO_printf(bio_err," -passin        private key password source\n");
-		BIO_printf(bio_err," -key file      use the private key contained in file\n");
-		BIO_printf(bio_err," -keyform arg   key file format\n");
-		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,"                load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,"                the random number generator\n");
-		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
-		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-#ifndef OPENSSL_NO_ECDSA
-		BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
-#endif
-		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
-		BIO_printf(bio_err," -config file   request template file.\n");
-		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
-		BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
-		BIO_printf(bio_err," -new           new request.\n");
-		BIO_printf(bio_err," -batch         do not ask anything during request generation\n");
-		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
-		BIO_printf(bio_err," -days          number of days a certificate generated by -x509 is valid for.\n");
-		BIO_printf(bio_err," -set_serial    serial number to use for a certificate generated by -x509.\n");
-		BIO_printf(bio_err," -newhdr        output \"NEW\" in the header lines\n");
-		BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");
-		BIO_printf(bio_err,"                have been reported as requiring\n");
-		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
-		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
-		BIO_printf(bio_err," -utf8          input characters are UTF8 (default ASCII)\n");
-		BIO_printf(bio_err," -nameopt arg    - various certificate name options\n");
-		BIO_printf(bio_err," -reqopt arg    - various request text options\n\n");
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
-		BIO_printf(bio_err, "Error getting passwords\n");
-		goto end;
-	}
-
-#ifndef MONOLITH /* else this has happened in openssl.c (global `config') */
-	/* Lets load up our environment a little */
-	p=getenv("OPENSSL_CONF");
-	if (p == NULL)
-		p=getenv("SSLEAY_CONF");
-	if (p == NULL)
-		p=to_free=make_config_name();
-	default_config_file=p;
-	config=NCONF_new(NULL);
-	i=NCONF_load(config, p, &errline);
-#endif
-
-	if (template != NULL)
-		{
-		long errline = -1;
-
-		if( verbose )
-			BIO_printf(bio_err,"Using configuration from %s\n",template);
-		req_conf=NCONF_new(NULL);
-		i=NCONF_load(req_conf,template,&errline);
-		if (i == 0)
-			{
-			BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
-			goto end;
-			}
-		}
-	else
-		{
-		req_conf=config;
-
-		if (req_conf == NULL)
-			{
-			BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file);
-			if (newreq)
-				goto end;
-			}
-		else if( verbose )
-			BIO_printf(bio_err,"Using configuration from %s\n",
-			default_config_file);
-		}
-
-	if (req_conf != NULL)
-		{
-		if (!load_config(bio_err, req_conf))
-			goto end;
-		p=NCONF_get_string(req_conf,NULL,"oid_file");
-		if (p == NULL)
-			ERR_clear_error();
-		if (p != NULL)
-			{
-			BIO *oid_bio;
-
-			oid_bio=BIO_new_file(p,"r");
-			if (oid_bio == NULL) 
-				{
-				/*
-				BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
-				ERR_print_errors(bio_err);
-				*/
-				}
-			else
-				{
-				OBJ_create_objects(oid_bio);
-				BIO_free(oid_bio);
-				}
-			}
-		}
-	if(!add_oid_section(bio_err, req_conf)) goto end;
-
-	if (md_alg == NULL)
-		{
-		p=NCONF_get_string(req_conf,SECTION,"default_md");
-		if (p == NULL)
-			ERR_clear_error();
-		if (p != NULL)
-			{
-			if ((md_alg=EVP_get_digestbyname(p)) != NULL)
-				digest=md_alg;
-			}
-		}
-
-	if (!extensions)
-		{
-		extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
-		if (!extensions)
-			ERR_clear_error();
-		}
-	if (extensions) {
-		/* Check syntax of file */
-		X509V3_CTX ctx;
-		X509V3_set_ctx_test(&ctx);
-		X509V3_set_nconf(&ctx, req_conf);
-		if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
-			BIO_printf(bio_err,
-			 "Error Loading extension section %s\n", extensions);
-			goto end;
-		}
-	}
-
-	if(!passin)
-		{
-		passin = NCONF_get_string(req_conf, SECTION, "input_password");
-		if (!passin)
-			ERR_clear_error();
-		}
-	
-	if(!passout)
-		{
-		passout = NCONF_get_string(req_conf, SECTION, "output_password");
-		if (!passout)
-			ERR_clear_error();
-		}
-
-	p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
-	if (!p)
-		ERR_clear_error();
-
-	if(p && !ASN1_STRING_set_default_mask_asc(p)) {
-		BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
-		goto end;
-	}
-
-	if (chtype != MBSTRING_UTF8)
-		{
-		p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
-		if (!p)
-			ERR_clear_error();
-		else if (!strcmp(p, "yes"))
-			chtype = MBSTRING_UTF8;
-		}
-
-
-	if(!req_exts)
-		{
-		req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
-		if (!req_exts)
-			ERR_clear_error();
-		}
-	if(req_exts) {
-		/* Check syntax of file */
-		X509V3_CTX ctx;
-		X509V3_set_ctx_test(&ctx);
-		X509V3_set_nconf(&ctx, req_conf);
-		if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
-			BIO_printf(bio_err,
-			 "Error Loading request extension section %s\n",
-								req_exts);
-			goto end;
-		}
-	}
-
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		goto end;
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
-	if (keyfile != NULL)
-		{
-		pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
-			"Private Key");
-		if (!pkey)
-			{
-			/* load_key() has already printed an appropriate
-			   message */
-			goto end;
-			}
-		else
-			{
-			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
-			if (randfile == NULL)
-				ERR_clear_error();
-			app_RAND_load_file(randfile, bio_err, 0);
-			}
-		}
-
-	if (newreq && (pkey == NULL))
-		{
-		char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
-		if (randfile == NULL)
-			ERR_clear_error();
-		app_RAND_load_file(randfile, bio_err, 0);
-		if (inrand)
-			app_RAND_load_files(inrand);
-
-		if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
-			{
-			newkey=DEFAULT_KEY_LENGTH;
-			}
-
-		if (keyalg)
-			{
-			genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
-							&keyalgstr, gen_eng);
-			if (!genctx)
-				goto end;
-			}
-	
-		if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
-			{
-			BIO_printf(bio_err,"private key length is too short,\n");
-			BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey);
-			goto end;
-			}
-
-		if (!genctx)
-			{
-			genctx = set_keygen_ctx(bio_err, NULL, &pkey_type, &newkey,
-							&keyalgstr, gen_eng);
-			if (!genctx)
-				goto end;
-			}
-
-		if (pkeyopts)
-			{
-			char *genopt;
-			for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++)
-				{
-				genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
-				if (pkey_ctrl_string(genctx, genopt) <= 0)
-					{
-					BIO_printf(bio_err,
-						"parameter error \"%s\"\n",
-						genopt);
-					ERR_print_errors(bio_err);
-					goto end;
-					}
-				}
-			}
-
-		BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
-				newkey, keyalgstr);
-
-		EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
-		EVP_PKEY_CTX_set_app_data(genctx, bio_err);
-
-		if (EVP_PKEY_keygen(genctx, &pkey) <= 0)
-			{
-			BIO_puts(bio_err, "Error Generating Key\n");
-			goto end;
-			}
-
-		EVP_PKEY_CTX_free(genctx);
-		genctx = NULL;
-
-		app_RAND_write_file(randfile, bio_err);
-
-		if (keyout == NULL)
-			{
-			keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
-			if (keyout == NULL)
-				ERR_clear_error();
-			}
-		
-		if (keyout == NULL)
-			{
-			BIO_printf(bio_err,"writing new private key to stdout\n");
-			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-			}
-		else
-			{
-			BIO_printf(bio_err,"writing new private key to '%s'\n",keyout);
-			if (BIO_write_filename(out,keyout) <= 0)
-				{
-				perror(keyout);
-				goto end;
-				}
-			}
-
-		p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
-		if (p == NULL)
-			{
-			ERR_clear_error();
-			p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
-			if (p == NULL)
-				ERR_clear_error();
-			}
-		if ((p != NULL) && (strcmp(p,"no") == 0))
-			cipher=NULL;
-		if (nodes) cipher=NULL;
-		
-		i=0;
-loop:
-		if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
-			NULL,0,NULL,passout))
-			{
-			if ((ERR_GET_REASON(ERR_peek_error()) ==
-				PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
-				{
-				ERR_clear_error();
-				i++;
-				goto loop;
-				}
-			goto end;
-			}
-		BIO_printf(bio_err,"-----\n");
-		}
-
-	if (!newreq)
-		{
-		/* Since we are using a pre-existing certificate
-		 * request, the kludge 'format' info should not be
-		 * changed. */
-		kludge= -1;
-		if (infile == NULL)
-			BIO_set_fp(in,stdin,BIO_NOCLOSE);
-		else
-			{
-			if (BIO_read_filename(in,infile) <= 0)
-				{
-				perror(infile);
-				goto end;
-				}
-			}
-
-		if	(informat == FORMAT_ASN1)
-			req=d2i_X509_REQ_bio(in,NULL);
-		else if (informat == FORMAT_PEM)
-			req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
-		else
-			{
-			BIO_printf(bio_err,"bad input format specified for X509 request\n");
-			goto end;
-			}
-		if (req == NULL)
-			{
-			BIO_printf(bio_err,"unable to load X509 request\n");
-			goto end;
-			}
-		}
-
-	if (newreq || x509)
-		{
-		if (pkey == NULL)
-			{
-			BIO_printf(bio_err,"you need to specify a private key\n");
-			goto end;
-			}
-
-		if (req == NULL)
-			{
-			req=X509_REQ_new();
-			if (req == NULL)
-				{
-				goto end;
-				}
-
-			i=make_REQ(req,pkey,subj,multirdn,!x509, chtype);
-			subj=NULL; /* done processing '-subj' option */
-			if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
-				{
-				sk_X509_ATTRIBUTE_free(req->req_info->attributes);
-				req->req_info->attributes = NULL;
-				}
-			if (!i)
-				{
-				BIO_printf(bio_err,"problems making Certificate Request\n");
-				goto end;
-				}
-			}
-		if (x509)
-			{
-			EVP_PKEY *tmppkey;
-			X509V3_CTX ext_ctx;
-			if ((x509ss=X509_new()) == NULL) goto end;
-
-			/* Set version to V3 */
-			if(extensions && !X509_set_version(x509ss, 2)) goto end;
-			if (serial)
-				{
-				if (!X509_set_serialNumber(x509ss, serial)) goto end;
-				}
-			else
-				{
-				if (!rand_serial(NULL,
-					X509_get_serialNumber(x509ss)))
-						goto end;
-				}
-
-			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
-			if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
-			if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL)) goto end;
-			if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
-			tmppkey = X509_REQ_get_pubkey(req);
-			if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
-			EVP_PKEY_free(tmppkey);
-
-			/* Set up V3 context struct */
-
-			X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
-			X509V3_set_nconf(&ext_ctx, req_conf);
-
-			/* Add extensions */
-			if(extensions && !X509V3_EXT_add_nconf(req_conf, 
-				 	&ext_ctx, extensions, x509ss))
-				{
-				BIO_printf(bio_err,
-					"Error Loading extension section %s\n",
-					extensions);
-				goto end;
-				}
-
-			i=do_X509_sign(bio_err, x509ss, pkey, digest, sigopts);
-			if (!i)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		else
-			{
-			X509V3_CTX ext_ctx;
-
-			/* Set up V3 context struct */
-
-			X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
-			X509V3_set_nconf(&ext_ctx, req_conf);
-
-			/* Add extensions */
-			if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, 
-				 	&ext_ctx, req_exts, req))
-				{
-				BIO_printf(bio_err,
-					"Error Loading extension section %s\n",
-					req_exts);
-				goto end;
-				}
-			i=do_X509_REQ_sign(bio_err, req, pkey, digest, sigopts);
-			if (!i)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-		}
-
-	if (subj && x509)
-		{
-		BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
-		goto end;
-		}
-
-	if (subj && !x509)
-		{
-		if (verbose)
-			{
-			BIO_printf(bio_err, "Modifying Request's Subject\n");
-			print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
-			}
-
-		if (build_subject(req, subj, chtype, multirdn) == 0)
-			{
-			BIO_printf(bio_err, "ERROR: cannot modify subject\n");
-			ex=1;
-			goto end;
-			}
-
-		req->req_info->enc.modified = 1;
-
-		if (verbose)
-			{
-			print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
-			}
-		}
-
-	if (verify && !x509)
-		{
-		int tmp=0;
-
-		if (pkey == NULL)
-			{
-			pkey=X509_REQ_get_pubkey(req);
-			tmp=1;
-			if (pkey == NULL) goto end;
-			}
-
-		i=X509_REQ_verify(req,pkey);
-		if (tmp) {
-			EVP_PKEY_free(pkey);
-			pkey=NULL;
-		}
-
-		if (i < 0)
-			{
-			goto end;
-			}
-		else if (i == 0)
-			{
-			BIO_printf(bio_err,"verify failure\n");
-			ERR_print_errors(bio_err);
-			}
-		else /* if (i > 0) */
-			BIO_printf(bio_err,"verify OK\n");
-		}
-
-	if (noout && !text && !modulus && !subject && !pubkey)
-		{
-		ex=0;
-		goto end;
-		}
-
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
-			i=(int)BIO_append_filename(out,outfile);
-		else
-			i=(int)BIO_write_filename(out,outfile);
-		if (!i)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	if (pubkey)
-		{
-		EVP_PKEY *tpubkey; 
-		tpubkey=X509_REQ_get_pubkey(req);
-		if (tpubkey == NULL)
-			{
-			BIO_printf(bio_err,"Error getting public key\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		PEM_write_bio_PUBKEY(out, tpubkey);
-		EVP_PKEY_free(tpubkey);
-		}
-
-	if (text)
-		{
-		if (x509)
-			X509_print_ex(out, x509ss, nmflag, reqflag);
-		else	
-			X509_REQ_print_ex(out, req, nmflag, reqflag);
-		}
-
-	if(subject) 
-		{
-		if(x509)
-			print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
-		else
-			print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
-		}
-
-	if (modulus)
-		{
-		EVP_PKEY *tpubkey;
-
-		if (x509)
-			tpubkey=X509_get_pubkey(x509ss);
-		else
-			tpubkey=X509_REQ_get_pubkey(req);
-		if (tpubkey == NULL)
-			{
-			fprintf(stdout,"Modulus=unavailable\n");
-			goto end; 
-			}
-		fprintf(stdout,"Modulus=");
-#ifndef OPENSSL_NO_RSA
-		if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA)
-			BN_print(out,tpubkey->pkey.rsa->n);
-		else
-#endif
-			fprintf(stdout,"Wrong Algorithm type");
-		EVP_PKEY_free(tpubkey);
-		fprintf(stdout,"\n");
-		}
-
-	if (!noout && !x509)
-		{
-		if 	(outformat == FORMAT_ASN1)
-			i=i2d_X509_REQ_bio(out,req);
-		else if (outformat == FORMAT_PEM) {
-			if(newhdr) i=PEM_write_bio_X509_REQ_NEW(out,req);
-			else i=PEM_write_bio_X509_REQ(out,req);
-		} else {
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			goto end;
-			}
-		if (!i)
-			{
-			BIO_printf(bio_err,"unable to write X509 request\n");
-			goto end;
-			}
-		}
-	if (!noout && x509 && (x509ss != NULL))
-		{
-		if 	(outformat == FORMAT_ASN1)
-			i=i2d_X509_bio(out,x509ss);
-		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_X509(out,x509ss);
-		else	{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			goto end;
-			}
-		if (!i)
-			{
-			BIO_printf(bio_err,"unable to write X509 certificate\n");
-			goto end;
-			}
-		}
-	ex=0;
-end:
-#ifndef MONOLITH
-	if(to_free)
-		OPENSSL_free(to_free);
-#endif
-	if (ex)
-		{
-		ERR_print_errors(bio_err);
-		}
-	if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
-	BIO_free(in);
-	BIO_free_all(out);
-	EVP_PKEY_free(pkey);
-	if (genctx)
-		EVP_PKEY_CTX_free(genctx);
-	if (pkeyopts)
-		sk_OPENSSL_STRING_free(pkeyopts);
-	if (sigopts)
-		sk_OPENSSL_STRING_free(sigopts);
-#ifndef OPENSSL_NO_ENGINE
-	if (gen_eng)
-		ENGINE_free(gen_eng);
-#endif
-	if (keyalgstr)
-		OPENSSL_free(keyalgstr);
-	X509_REQ_free(req);
-	X509_free(x509ss);
-	ASN1_INTEGER_free(serial);
-	if(passargin && passin) OPENSSL_free(passin);
-	if(passargout && passout) OPENSSL_free(passout);
-	OBJ_cleanup();
-	apps_shutdown();
-	OPENSSL_EXIT(ex);
-	}
-
-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
-			int attribs, unsigned long chtype)
-	{
-	int ret=0,i;
-	char no_prompt = 0;
-	STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
-	char *tmp, *dn_sect,*attr_sect;
-
-	tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
-	if (tmp == NULL)
-		ERR_clear_error();
-	if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
-
-	dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
-	if (dn_sect == NULL)
-		{
-		BIO_printf(bio_err,"unable to find '%s' in config\n",
-			DISTINGUISHED_NAME);
-		goto err;
-		}
-	dn_sk=NCONF_get_section(req_conf,dn_sect);
-	if (dn_sk == NULL)
-		{
-		BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
-		goto err;
-		}
-
-	attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
-	if (attr_sect == NULL)
-		{
-		ERR_clear_error();		
-		attr_sk=NULL;
-		}
-	else
-		{
-		attr_sk=NCONF_get_section(req_conf,attr_sect);
-		if (attr_sk == NULL)
-			{
-			BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
-			goto err;
-			}
-		}
-
-	/* setup version number */
-	if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
-
-	if (no_prompt) 
-		i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
-	else 
-		{
-		if (subj)
-			i = build_subject(req, subj, chtype, multirdn);
-		else
-			i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
-		}
-	if(!i) goto err;
-
-	if (!X509_REQ_set_pubkey(req,pkey)) goto err;
-
-	ret=1;
-err:
-	return(ret);
-	}
-
-/*
- * subject is expected to be in the format /type0=value0/type1=value1/type2=...
- * where characters may be escaped by \
- */
-static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn)
-	{
-	X509_NAME *n;
-
-	if (!(n = parse_name(subject, chtype, multirdn)))
-		return 0;
-
-	if (!X509_REQ_set_subject_name(req, n))
-		{
-		X509_NAME_free(n);
-		return 0;
-		}
-	X509_NAME_free(n);
-	return 1;
-}
-
-
-static int prompt_info(X509_REQ *req,
-		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
-		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
-		unsigned long chtype)
-	{
-	int i;
-	char *p,*q;
-	char buf[100];
-	int nid, mval;
-	long n_min,n_max;
-	char *type, *value;
-	const char *def;
-	CONF_VALUE *v;
-	X509_NAME *subj;
-	subj = X509_REQ_get_subject_name(req);
-
-	if(!batch)
-		{
-		BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
-		BIO_printf(bio_err,"into your certificate request.\n");
-		BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
-		BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
-		BIO_printf(bio_err,"For some fields there will be a default value,\n");
-		BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
-		BIO_printf(bio_err,"-----\n");
-		}
-
-
-	if (sk_CONF_VALUE_num(dn_sk))
-		{
-		i= -1;
-start:		for (;;)
-			{
-			i++;
-			if (sk_CONF_VALUE_num(dn_sk) <= i) break;
-
-			v=sk_CONF_VALUE_value(dn_sk,i);
-			p=q=NULL;
-			type=v->name;
-			if(!check_end(type,"_min") || !check_end(type,"_max") ||
-				!check_end(type,"_default") ||
-					 !check_end(type,"_value")) continue;
-			/* Skip past any leading X. X: X, etc to allow for
-			 * multiple instances 
-			 */
-			for(p = v->name; *p ; p++) 
-				if ((*p == ':') || (*p == ',') ||
-							 (*p == '.')) {
-					p++;
-					if(*p) type = p;
-					break;
-				}
-			if (*type == '+')
-				{
-				mval = -1;
-				type++;
-				}
-			else
-				mval = 0;
-			/* If OBJ not recognised ignore it */
-			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
-			if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
-				>= (int)sizeof(buf))
-			   {
-			   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
-			   return 0;
-			   }
-
-			if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
-				{
-				ERR_clear_error();
-				def="";
-				}
-				
-			BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
-			if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
-				{
-				ERR_clear_error();
-				value=NULL;
-				}
-
-			BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
-			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
-				{
-				ERR_clear_error();
-				n_min = -1;
-				}
-
-			BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
-			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
-				{
-				ERR_clear_error();
-				n_max = -1;
-				}
-
-			if (!add_DN_object(subj,v->value,def,value,nid,
-				n_min,n_max, chtype, mval))
-				return 0;
-			}
-		if (X509_NAME_entry_count(subj) == 0)
-			{
-			BIO_printf(bio_err,"error, no objects specified in config file\n");
-			return 0;
-			}
-
-		if (attribs)
-			{
-			if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
-				{
-				BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
-				BIO_printf(bio_err,"to be sent with your certificate request\n");
-				}
-
-			i= -1;
-start2:			for (;;)
-				{
-				i++;
-				if ((attr_sk == NULL) ||
-					    (sk_CONF_VALUE_num(attr_sk) <= i))
-					break;
-
-				v=sk_CONF_VALUE_value(attr_sk,i);
-				type=v->name;
-				if ((nid=OBJ_txt2nid(type)) == NID_undef)
-					goto start2;
-
-				if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
-					>= (int)sizeof(buf))
-				   {
-				   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
-				   return 0;
-				   }
-
-				if ((def=NCONF_get_string(req_conf,attr_sect,buf))
-					== NULL)
-					{
-					ERR_clear_error();
-					def="";
-					}
-				
-				
-				BIO_snprintf(buf,sizeof buf,"%s_value",type);
-				if ((value=NCONF_get_string(req_conf,attr_sect,buf))
-					== NULL)
-					{
-					ERR_clear_error();
-					value=NULL;
-					}
-
-				BIO_snprintf(buf,sizeof buf,"%s_min",type);
-				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
-					{
-					ERR_clear_error();
-					n_min = -1;
-					}
-
-				BIO_snprintf(buf,sizeof buf,"%s_max",type);
-				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
-					{
-					ERR_clear_error();
-					n_max = -1;
-					}
-
-				if (!add_attribute_object(req,
-					v->value,def,value,nid,n_min,n_max, chtype))
-					return 0;
-				}
-			}
-		}
-	else
-		{
-		BIO_printf(bio_err,"No template, please set one up.\n");
-		return 0;
-		}
-
-	return 1;
-
-	}
-
-static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
-			STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype)
-	{
-	int i;
-	char *p,*q;
-	char *type;
-	CONF_VALUE *v;
-	X509_NAME *subj;
-
-	subj = X509_REQ_get_subject_name(req);
-
-	for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
-		{
-		int mval;
-		v=sk_CONF_VALUE_value(dn_sk,i);
-		p=q=NULL;
-		type=v->name;
-		/* Skip past any leading X. X: X, etc to allow for
-		 * multiple instances 
-		 */
-		for(p = v->name; *p ; p++) 
-#ifndef CHARSET_EBCDIC
-			if ((*p == ':') || (*p == ',') || (*p == '.')) {
-#else
-			if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) {
-#endif
-				p++;
-				if(*p) type = p;
-				break;
-			}
-#ifndef CHARSET_EBCDIC
-		if (*p == '+')
-#else
-		if (*p == os_toascii['+'])
-#endif
-			{
-			p++;
-			mval = -1;
-			}
-		else
-			mval = 0;
-		if (!X509_NAME_add_entry_by_txt(subj,type, chtype,
-				(unsigned char *) v->value,-1,-1,mval)) return 0;
-
-		}
-
-		if (!X509_NAME_entry_count(subj))
-			{
-			BIO_printf(bio_err,"error, no objects specified in config file\n");
-			return 0;
-			}
-		if (attribs)
-			{
-			for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
-				{
-				v=sk_CONF_VALUE_value(attr_sk,i);
-				if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
-					(unsigned char *)v->value, -1)) return 0;
-				}
-			}
-	return 1;
-	}
-
-
-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
-	     int nid, int n_min, int n_max, unsigned long chtype, int mval)
-	{
-	int i,ret=0;
-	MS_STATIC char buf[1024];
-start:
-	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
-	(void)BIO_flush(bio_err);
-	if(value != NULL)
-		{
-		BUF_strlcpy(buf,value,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
-		BIO_printf(bio_err,"%s\n",value);
-		}
-	else
-		{
-		buf[0]='\0';
-		if (!batch)
-			{
-			if (!fgets(buf,sizeof buf,stdin))
-				return 0;
-			}
-		else
-			{
-			buf[0] = '\n';
-			buf[1] = '\0';
-			}
-		}
-
-	if (buf[0] == '\0') return(0);
-	else if (buf[0] == '\n')
-		{
-		if ((def == NULL) || (def[0] == '\0'))
-			return(1);
-		BUF_strlcpy(buf,def,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
-		}
-	else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
-
-	i=strlen(buf);
-	if (buf[i-1] != '\n')
-		{
-		BIO_printf(bio_err,"weird input :-(\n");
-		return(0);
-		}
-	buf[--i]='\0';
-#ifdef CHARSET_EBCDIC
-	ebcdic2ascii(buf, buf, i);
-#endif
-	if(!req_check_len(i, n_min, n_max))
-		{
-		if (batch || value)
-			return 0;
-		goto start;
-		}
-
-	if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
-				(unsigned char *) buf, -1,-1,mval)) goto err;
-	ret=1;
-err:
-	return(ret);
-	}
-
-static int add_attribute_object(X509_REQ *req, char *text, const char *def,
-				char *value, int nid, int n_min,
-				int n_max, unsigned long chtype)
-	{
-	int i;
-	static char buf[1024];
-
-start:
-	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
-	(void)BIO_flush(bio_err);
-	if (value != NULL)
-		{
-		BUF_strlcpy(buf,value,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
-		BIO_printf(bio_err,"%s\n",value);
-		}
-	else
-		{
-		buf[0]='\0';
-		if (!batch)
-			{
-			if (!fgets(buf,sizeof buf,stdin))
-				return 0;
-			}
-		else
-			{
-			buf[0] = '\n';
-			buf[1] = '\0';
-			}
-		}
-
-	if (buf[0] == '\0') return(0);
-	else if (buf[0] == '\n')
-		{
-		if ((def == NULL) || (def[0] == '\0'))
-			return(1);
-		BUF_strlcpy(buf,def,sizeof buf);
-		BUF_strlcat(buf,"\n",sizeof buf);
-		}
-	else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
-
-	i=strlen(buf);
-	if (buf[i-1] != '\n')
-		{
-		BIO_printf(bio_err,"weird input :-(\n");
-		return(0);
-		}
-	buf[--i]='\0';
-#ifdef CHARSET_EBCDIC
-	ebcdic2ascii(buf, buf, i);
-#endif
-	if(!req_check_len(i, n_min, n_max))
-		{
-		if (batch || value)
-			return 0;
-		goto start;
-		}
-
-	if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
-					(unsigned char *)buf, -1)) {
-		BIO_printf(bio_err, "Error adding attribute\n");
-		ERR_print_errors(bio_err);
-		goto err;
-	}
-
-	return(1);
-err:
-	return(0);
-	}
-
-static int req_check_len(int len, int n_min, int n_max)
-	{
-	if ((n_min > 0) && (len < n_min))
-		{
-		BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
-		return(0);
-		}
-	if ((n_max >= 0) && (len > n_max))
-		{
-		BIO_printf(bio_err,"string is too long, it needs to be less than  %d bytes long\n",n_max);
-		return(0);
-		}
-	return(1);
-	}
-
-/* Check if the end of a string matches 'end' */
-static int check_end(const char *str, const char *end)
-{
-	int elen, slen;	
-	const char *tmp;
-	elen = strlen(end);
-	slen = strlen(str);
-	if(elen > slen) return 1;
-	tmp = str + slen - elen;
-	return strcmp(tmp, end);
-}
-
-static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
-					long *pkeylen, char **palgnam,
-					ENGINE *keygen_engine)
-	{
-	EVP_PKEY_CTX *gctx = NULL;
-	EVP_PKEY *param = NULL;
-	long keylen = -1;
-	BIO *pbio = NULL;
-	const char *paramfile = NULL;
-
-	if (gstr == NULL)
-		{
-		*pkey_type = EVP_PKEY_RSA;
-		keylen = *pkeylen;
-		}
-	else if (gstr[0] >= '0' && gstr[0] <= '9')
-		{
-		*pkey_type = EVP_PKEY_RSA;
-		keylen = atol(gstr);
-		*pkeylen = keylen;
-		}
-	else if (!strncmp(gstr, "param:", 6))
-		paramfile = gstr + 6;
-	else
-		{
-		const char *p = strchr(gstr, ':');
-		int len;
-		ENGINE *tmpeng;
-		const EVP_PKEY_ASN1_METHOD *ameth;
-
-		if (p)
-			len = p - gstr;
-		else
-			len = strlen(gstr);
-		/* The lookup of a the string will cover all engines so
-		 * keep a note of the implementation.
-		 */
-
-		ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
-
-		if (!ameth)
-			{
-			BIO_printf(err, "Unknown algorithm %.*s\n", len, gstr);
-			return NULL;
-			}
-
-		EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL,
-									ameth);
-#ifndef OPENSSL_NO_ENGINE
-		if (tmpeng)
-			ENGINE_finish(tmpeng);
-#endif
-		if (*pkey_type == EVP_PKEY_RSA)
-			{
-			if (p)
-				{
-				keylen = atol(p + 1);
-				*pkeylen = keylen;
-				}
-			else
-				keylen = *pkeylen;
-			}
-		else if (p)
-			paramfile = p + 1;
-		}
-
-	if (paramfile)
-		{
-		pbio = BIO_new_file(paramfile, "r");
-		if (!pbio)
-			{
-			BIO_printf(err, "Can't open parameter file %s\n",
-					paramfile);
-			return NULL;
-			}
-		param = PEM_read_bio_Parameters(pbio, NULL);
-
-		if (!param)
-			{
-			X509 *x;
-			(void)BIO_reset(pbio);
-			x = PEM_read_bio_X509(pbio, NULL, NULL, NULL);
-			if (x)
-				{
-				param = X509_get_pubkey(x);
-				X509_free(x);
-				}
-			}
-
-		BIO_free(pbio);
-
-		if (!param)
-			{
-			BIO_printf(err, "Error reading parameter file %s\n",
-					paramfile);
-			return NULL;
-			}
-		if (*pkey_type == -1)
-			*pkey_type = EVP_PKEY_id(param);
-		else if (*pkey_type != EVP_PKEY_base_id(param))
-			{
-			BIO_printf(err, "Key Type does not match parameters\n");
-			EVP_PKEY_free(param);
-			return NULL;
-			}
-		}
-
-	if (palgnam)
-		{
-		const EVP_PKEY_ASN1_METHOD *ameth;
-		ENGINE *tmpeng;
-		const char *anam;
-		ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
-		if (!ameth)
-			{
-			BIO_puts(err, "Internal error: can't find key algorithm\n");
-			return NULL;
-			}
-		EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
-		*palgnam = BUF_strdup(anam);
-#ifndef OPENSSL_NO_ENGINE
-		if (tmpeng)
-			ENGINE_finish(tmpeng);
-#endif
-		}
-
-	if (param)
-		{
-		gctx = EVP_PKEY_CTX_new(param, keygen_engine);
-		*pkeylen = EVP_PKEY_bits(param);
-		EVP_PKEY_free(param);
-		}
-	else
-		gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
-
-	if (!gctx)
-		{
-		BIO_puts(err, "Error allocating keygen context\n");
-		ERR_print_errors(err);
-		return NULL;
-		}
-
-	if (EVP_PKEY_keygen_init(gctx) <= 0)
-		{
-		BIO_puts(err, "Error initializing keygen context\n");
-		ERR_print_errors(err);
-		return NULL;
-		}
-#ifndef OPENSSL_NO_RSA
-	if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1))
-		{
-		if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0)
-			{
-			BIO_puts(err, "Error setting RSA keysize\n");
-			ERR_print_errors(err);
-			EVP_PKEY_CTX_free(gctx);
-			return NULL;
-			}
-		}
-#endif
-
-	return gctx;
-	}
-
-static int genpkey_cb(EVP_PKEY_CTX *ctx)
-	{
-	char c='*';
-	BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
-	int p;
-	p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	BIO_write(b,&c,1);
-	(void)BIO_flush(b);
-#ifdef LINT
-	p=n;
-#endif
-	return 1;
-	}
-
-static int do_sign_init(BIO *err, EVP_MD_CTX *ctx, EVP_PKEY *pkey,
-			const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
-	{
-	EVP_PKEY_CTX *pkctx = NULL;
-	int i;
-	EVP_MD_CTX_init(ctx);
-	if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
-		return 0;
-	for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
-		{
-		char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
-		if (pkey_ctrl_string(pkctx, sigopt) <= 0)
-			{
-			BIO_printf(err, "parameter error \"%s\"\n", sigopt);
-			ERR_print_errors(bio_err);
-			return 0;
-			}
-		}
-	return 1;
-	}
-
-int do_X509_sign(BIO *err, X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
-			STACK_OF(OPENSSL_STRING) *sigopts)
-	{
-	int rv;
-	EVP_MD_CTX mctx;
-	EVP_MD_CTX_init(&mctx);
-	rv = do_sign_init(err, &mctx, pkey, md, sigopts);
-	if (rv > 0)
-		rv = X509_sign_ctx(x, &mctx);
-	EVP_MD_CTX_cleanup(&mctx);
-	return rv > 0 ? 1 : 0;
-	}
-
-
-int do_X509_REQ_sign(BIO *err, X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
-			STACK_OF(OPENSSL_STRING) *sigopts)
-	{
-	int rv;
-	EVP_MD_CTX mctx;
-	EVP_MD_CTX_init(&mctx);
-	rv = do_sign_init(err, &mctx, pkey, md, sigopts);
-	if (rv > 0)
-		rv = X509_REQ_sign_ctx(x, &mctx);
-	EVP_MD_CTX_cleanup(&mctx);
-	return rv > 0 ? 1 : 0;
-	}
-		
-	
-
-int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
-			STACK_OF(OPENSSL_STRING) *sigopts)
-	{
-	int rv;
-	EVP_MD_CTX mctx;
-	EVP_MD_CTX_init(&mctx);
-	rv = do_sign_init(err, &mctx, pkey, md, sigopts);
-	if (rv > 0)
-		rv = X509_CRL_sign_ctx(x, &mctx);
-	EVP_MD_CTX_cleanup(&mctx);
-	return rv > 0 ? 1 : 0;
-	}
-		
-	
diff --git a/apps/req.pem b/apps/req.pem
deleted file mode 100644
index 5537df601d..0000000000
--- a/apps/req.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
-YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
-S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
-AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
-tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
-84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
-CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
-Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
------END CERTIFICATE REQUEST-----
diff --git a/apps/rsa.c b/apps/rsa.c
deleted file mode 100644
index a17708fe9c..0000000000
--- a/apps/rsa.c
+++ /dev/null
@@ -1,450 +0,0 @@
-/* apps/rsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_RSA
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/bn.h>
-
-#undef PROG
-#define PROG	rsa_main
-
-/* -inform arg	- input format - default PEM (one of DER, NET or PEM)
- * -outform arg - output format - default PEM
- * -in arg	- input file - default stdin
- * -out arg	- output file - default stdout
- * -des		- encrypt output if PEM format with DES in cbc mode
- * -des3	- encrypt output if PEM format
- * -idea	- encrypt output if PEM format
- * -seed	- encrypt output if PEM format
- * -aes128	- encrypt output if PEM format
- * -aes192	- encrypt output if PEM format
- * -aes256	- encrypt output if PEM format
- * -camellia128 - encrypt output if PEM format
- * -camellia192 - encrypt output if PEM format
- * -camellia256 - encrypt output if PEM format
- * -text	- print a text version
- * -modulus	- print the RSA key modulus
- * -check	- verify key consistency
- * -pubin	- Expect a public key in input file.
- * -pubout	- Output a public key.
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	int ret=1;
-	RSA *rsa=NULL;
-	int i,badops=0, sgckey=0;
-	const EVP_CIPHER *enc=NULL;
-	BIO *out=NULL;
-	int informat,outformat,text=0,check=0,noout=0;
-	int pubin = 0, pubout = 0;
-	char *infile,*outfile,*prog;
-	char *passargin = NULL, *passargout = NULL;
-	char *passin = NULL, *passout = NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-	int modulus=0;
-
-	int pvk_encr = 2;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	infile=NULL;
-	outfile=NULL;
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-sgckey") == 0)
-			sgckey=1;
-		else if (strcmp(*argv,"-pubin") == 0)
-			pubin=1;
-		else if (strcmp(*argv,"-pubout") == 0)
-			pubout=1;
-		else if (strcmp(*argv,"-RSAPublicKey_in") == 0)
-			pubin = 2;
-		else if (strcmp(*argv,"-RSAPublicKey_out") == 0)
-			pubout = 2;
-		else if (strcmp(*argv,"-pvk-strong") == 0)
-			pvk_encr=2;
-		else if (strcmp(*argv,"-pvk-weak") == 0)
-			pvk_encr=1;
-		else if (strcmp(*argv,"-pvk-none") == 0)
-			pvk_encr=0;
-		else if (strcmp(*argv,"-noout") == 0)
-			noout=1;
-		else if (strcmp(*argv,"-text") == 0)
-			text=1;
-		else if (strcmp(*argv,"-modulus") == 0)
-			modulus=1;
-		else if (strcmp(*argv,"-check") == 0)
-			check=1;
-		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg     input format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -outform arg    output format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -in arg         input file\n");
-		BIO_printf(bio_err," -sgckey         Use IIS SGC key format\n");
-		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
-		BIO_printf(bio_err," -out arg        output file\n");
-		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
-		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
-		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef OPENSSL_NO_IDEA
-		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
-#endif
-#ifndef OPENSSL_NO_SEED
-		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");
-#endif
-#ifndef OPENSSL_NO_AES
-		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
-		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
-		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
-#endif
-		BIO_printf(bio_err," -text           print the key in text\n");
-		BIO_printf(bio_err," -noout          don't print key out\n");
-		BIO_printf(bio_err," -modulus        print the RSA key modulus\n");
-		BIO_printf(bio_err," -check          verify key consistency\n");
-		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
-		BIO_printf(bio_err," -pubout         output a public key\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
-#endif
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
-		BIO_printf(bio_err, "Error getting passwords\n");
-		goto end;
-	}
-
-	if(check && pubin) {
-		BIO_printf(bio_err, "Only private keys can be checked\n");
-		goto end;
-	}
-
-	out=BIO_new(BIO_s_file());
-
-	{
-		EVP_PKEY	*pkey;
-
-		if (pubin)
-			{
-			int tmpformat=-1;
-			if (pubin == 2)
-				{
-				if (informat == FORMAT_PEM)
-					tmpformat = FORMAT_PEMRSA;
-				else if (informat == FORMAT_ASN1)
-					tmpformat = FORMAT_ASN1RSA;
-				}
-			else if (informat == FORMAT_NETSCAPE && sgckey)
-				tmpformat = FORMAT_IISSGC;
-			else
-				tmpformat = informat;
-					
-			pkey = load_pubkey(bio_err, infile, tmpformat, 1,
-				passin, e, "Public Key");
-			}
-		else
-			pkey = load_key(bio_err, infile,
-				(informat == FORMAT_NETSCAPE && sgckey ?
-					FORMAT_IISSGC : informat), 1,
-				passin, e, "Private Key");
-
-		if (pkey != NULL)
-			rsa = EVP_PKEY_get1_RSA(pkey);
-		EVP_PKEY_free(pkey);
-	}
-
-	if (rsa == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-	else
-		{
-		if (BIO_write_filename(out,outfile) <= 0)
-			{
-			perror(outfile);
-			goto end;
-			}
-		}
-
-	if (text) 
-		if (!RSA_print(out,rsa,0))
-			{
-			perror(outfile);
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-	if (modulus)
-		{
-		BIO_printf(out,"Modulus=");
-		BN_print(out,rsa->n);
-		BIO_printf(out,"\n");
-		}
-
-	if (check)
-		{
-		int r = RSA_check_key(rsa);
-
-		if (r == 1)
-			BIO_printf(out,"RSA key ok\n");
-		else if (r == 0)
-			{
-			unsigned long err;
-
-			while ((err = ERR_peek_error()) != 0 &&
-				ERR_GET_LIB(err) == ERR_LIB_RSA &&
-				ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
-				ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
-				{
-				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
-				ERR_get_error(); /* remove e from error stack */
-				}
-			}
-		
-		if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-		
-	if (noout)
-		{
-		ret = 0;
-		goto end;
-		}
-	BIO_printf(bio_err,"writing RSA key\n");
-	if 	(outformat == FORMAT_ASN1) {
-		if(pubout || pubin) 
-			{
-			if (pubout == 2)
-				i=i2d_RSAPublicKey_bio(out,rsa);
-			else
-				i=i2d_RSA_PUBKEY_bio(out,rsa);
-			}
-		else i=i2d_RSAPrivateKey_bio(out,rsa);
-	}
-#ifndef OPENSSL_NO_RC4
-	else if (outformat == FORMAT_NETSCAPE)
-		{
-		unsigned char *p,*pp;
-		int size;
-
-		i=1;
-		size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
-		if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
-			{
-			BIO_printf(bio_err,"Memory allocation failure\n");
-			goto end;
-			}
-		pp=p;
-		i2d_RSA_NET(rsa,&p,NULL, sgckey);
-		BIO_write(out,(char *)pp,size);
-		OPENSSL_free(pp);
-		}
-#endif
-	else if (outformat == FORMAT_PEM) {
-		if(pubout || pubin)
-			{
-			if (pubout == 2)
-		    		i=PEM_write_bio_RSAPublicKey(out,rsa);
-			else
-		    		i=PEM_write_bio_RSA_PUBKEY(out,rsa);
-			}
-		else i=PEM_write_bio_RSAPrivateKey(out,rsa,
-						enc,NULL,0,NULL,passout);
-#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
-	} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
-		EVP_PKEY *pk;
-		pk = EVP_PKEY_new();
-		EVP_PKEY_set1_RSA(pk, rsa);
-		if (outformat == FORMAT_PVK)
-			i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
-		else if (pubin || pubout)
-			i = i2b_PublicKey_bio(out, pk);
-		else
-			i = i2b_PrivateKey_bio(out, pk);
-		EVP_PKEY_free(pk);
-#endif
-	} else	{
-		BIO_printf(bio_err,"bad output format specified for outfile\n");
-		goto end;
-		}
-	if (i <= 0)
-		{
-		BIO_printf(bio_err,"unable to write key\n");
-		ERR_print_errors(bio_err);
-		}
-	else
-		ret=0;
-end:
-	if(out != NULL) BIO_free_all(out);
-	if(rsa != NULL) RSA_free(rsa);
-	if(passin) OPENSSL_free(passin);
-	if(passout) OPENSSL_free(passout);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/apps/rsa8192.pem b/apps/rsa8192.pem
deleted file mode 100644
index 946a6e5433..0000000000
--- a/apps/rsa8192.pem
+++ /dev/null
@@ -1,101 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-
-MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
-ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
-MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
-55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm
-yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3
-tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA
-LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE
-aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d
-PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59
-mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi
-71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z
-d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2
-wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0
-bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE
-Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa
-Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd
-pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS
-os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah
-mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx
-cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K
-LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ
-tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS
-PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9
-psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0
-9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6
-xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c
-ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW
-RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf
-1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI
-P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH
-77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4
-4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I
-/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg
-GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq
-HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB
-ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy
-AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT
-52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p
-5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr
-7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5
-KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h
-cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1
-dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/
-DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw
-Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr
-f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ
-J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+
-TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY
-fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c
-Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5
-mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC
-YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd
-mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ
-Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw
-c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w
-Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR
-WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh
-KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi
-JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
-yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
-kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
-DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
-22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
-ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
-D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
-PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
-dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ
-FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg
-6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz
-eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG
-bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz
-XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf
-7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w
-82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly
-beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr
-pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9
-70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM
-YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin
-ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy
-lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe
-4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P
-lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG
-LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3
-x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w
-O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD
-6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80
-Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz
-DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn
-Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R
-oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q
-nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H
-X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV
-QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg
-TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
-46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE
-rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
-I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
------END RSA PRIVATE KEY-----
-
diff --git a/apps/rsautl.c b/apps/rsautl.c
deleted file mode 100644
index b01f004eb3..0000000000
--- a/apps/rsautl.c
+++ /dev/null
@@ -1,351 +0,0 @@
-/* rsautl.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_RSA
-
-#include "apps.h"
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/rsa.h>
-
-#define RSA_SIGN 	1
-#define RSA_VERIFY 	2
-#define RSA_ENCRYPT 	3
-#define RSA_DECRYPT 	4
-
-#define KEY_PRIVKEY	1
-#define KEY_PUBKEY	2
-#define KEY_CERT	3
-
-static void usage(void);
-
-#undef PROG
-
-#define PROG rsautl_main
-
-int MAIN(int argc, char **);
-
-int MAIN(int argc, char **argv)
-{
-	ENGINE *e = NULL;
-	BIO *in = NULL, *out = NULL;
-	char *infile = NULL, *outfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine = NULL;
-#endif
-	char *keyfile = NULL;
-	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
-	int keyform = FORMAT_PEM;
-	char need_priv = 0, badarg = 0, rev = 0;
-	char hexdump = 0, asn1parse = 0;
-	X509 *x;
-	EVP_PKEY *pkey = NULL;
-	RSA *rsa = NULL;
-	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
-	char *passargin = NULL, *passin = NULL;
-	int rsa_inlen, rsa_outlen = 0;
-	int keysize;
-
-	int ret = 1;
-
-	argc--;
-	argv++;
-
-	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-	ERR_load_crypto_strings();
-	OpenSSL_add_all_algorithms();
-	pad = RSA_PKCS1_PADDING;
-	
-	while(argc >= 1)
-	{
-		if (!strcmp(*argv,"-in")) {
-			if (--argc < 1)
-				badarg = 1;
-			else
-				infile= *(++argv);
-		} else if (!strcmp(*argv,"-out")) {
-			if (--argc < 1)
-				badarg = 1;
-			else
-				outfile= *(++argv);
-		} else if(!strcmp(*argv, "-inkey")) {
-			if (--argc < 1)
-				badarg = 1;
-			else
-				keyfile = *(++argv);
-		} else if (!strcmp(*argv,"-passin")) {
-			if (--argc < 1)
-				badarg = 1;
-			else
-				passargin= *(++argv);
-		} else if (strcmp(*argv,"-keyform") == 0) {
-			if (--argc < 1)
-				badarg = 1;
-			else
-				keyform=str2fmt(*(++argv));
-#ifndef OPENSSL_NO_ENGINE
-		} else if(!strcmp(*argv, "-engine")) {
-			if (--argc < 1)
-				badarg = 1;
-			else
-				engine = *(++argv);
-#endif
-		} else if(!strcmp(*argv, "-pubin")) {
-			key_type = KEY_PUBKEY;
-		} else if(!strcmp(*argv, "-certin")) {
-			key_type = KEY_CERT;
-		} 
-		else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
-		else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
-		else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
-		else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
-		else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
-		else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
-		else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
-		else if(!strcmp(*argv, "-sign")) {
-			rsa_mode = RSA_SIGN;
-			need_priv = 1;
-		} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
-		else if(!strcmp(*argv, "-rev")) rev = 1;
-		else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
-		else if(!strcmp(*argv, "-decrypt")) {
-			rsa_mode = RSA_DECRYPT;
-			need_priv = 1;
-		} else badarg = 1;
-		if(badarg) {
-			usage();
-			goto end;
-		}
-		argc--;
-		argv++;
-	}
-
-	if(need_priv && (key_type != KEY_PRIVKEY)) {
-		BIO_printf(bio_err, "A private key is needed for this operation\n");
-		goto end;
-	}
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-	}
-
-/* FIXME: seed PRNG only if needed */
-	app_RAND_load_file(NULL, bio_err, 0);
-	
-	switch(key_type) {
-		case KEY_PRIVKEY:
-		pkey = load_key(bio_err, keyfile, keyform, 0,
-			passin, e, "Private Key");
-		break;
-
-		case KEY_PUBKEY:
-		pkey = load_pubkey(bio_err, keyfile, keyform, 0,
-			NULL, e, "Public Key");
-		break;
-
-		case KEY_CERT:
-		x = load_cert(bio_err, keyfile, keyform,
-			NULL, e, "Certificate");
-		if(x) {
-			pkey = X509_get_pubkey(x);
-			X509_free(x);
-		}
-		break;
-	}
-
-	if(!pkey) {
-		return 1;
-	}
-
-	rsa = EVP_PKEY_get1_RSA(pkey);
-	EVP_PKEY_free(pkey);
-
-	if(!rsa) {
-		BIO_printf(bio_err, "Error getting RSA key\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-
-	if(infile) {
-		if(!(in = BIO_new_file(infile, "rb"))) {
-			BIO_printf(bio_err, "Error Reading Input File\n");
-			ERR_print_errors(bio_err);	
-			goto end;
-		}
-	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
-	if(outfile) {
-		if(!(out = BIO_new_file(outfile, "wb"))) {
-			BIO_printf(bio_err, "Error Reading Output File\n");
-			ERR_print_errors(bio_err);	
-			goto end;
-		}
-	} else {
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		    out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-
-	keysize = RSA_size(rsa);
-
-	rsa_in = OPENSSL_malloc(keysize * 2);
-	rsa_out = OPENSSL_malloc(keysize);
-
-	/* Read the input data */
-	rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
-	if(rsa_inlen <= 0) {
-		BIO_printf(bio_err, "Error reading input Data\n");
-		exit(1);
-	}
-	if(rev) {
-		int i;
-		unsigned char ctmp;
-		for(i = 0; i < rsa_inlen/2; i++) {
-			ctmp = rsa_in[i];
-			rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
-			rsa_in[rsa_inlen - 1 - i] = ctmp;
-		}
-	}
-	switch(rsa_mode) {
-
-		case RSA_VERIFY:
-			rsa_outlen  = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
-		break;
-
-		case RSA_SIGN:
-			rsa_outlen  = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
-		break;
-
-		case RSA_ENCRYPT:
-			rsa_outlen  = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
-		break;
-
-		case RSA_DECRYPT:
-			rsa_outlen  = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
-		break;
-
-	}
-
-	if(rsa_outlen <= 0) {
-		BIO_printf(bio_err, "RSA operation error\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-	ret = 0;
-	if(asn1parse) {
-		if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
-			ERR_print_errors(bio_err);
-		}
-	} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
-	else BIO_write(out, rsa_out, rsa_outlen);
-	end:
-	RSA_free(rsa);
-	BIO_free(in);
-	BIO_free_all(out);
-	if(rsa_in) OPENSSL_free(rsa_in);
-	if(rsa_out) OPENSSL_free(rsa_out);
-	if(passin) OPENSSL_free(passin);
-	return ret;
-}
-
-static void usage()
-{
-	BIO_printf(bio_err, "Usage: rsautl [options]\n");
-	BIO_printf(bio_err, "-in file        input file\n");
-	BIO_printf(bio_err, "-out file       output file\n");
-	BIO_printf(bio_err, "-inkey file     input key\n");
-	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
-	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
-	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
-	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
-	BIO_printf(bio_err, "-raw            use no padding\n");
-	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
-	BIO_printf(bio_err, "-oaep           use PKCS#1 OAEP\n");
-	BIO_printf(bio_err, "-sign           sign with private key\n");
-	BIO_printf(bio_err, "-verify         verify with public key\n");
-	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
-	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
-	BIO_printf(bio_err, "-hexdump        hex dump output\n");
-#ifndef OPENSSL_NO_ENGINE
-	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
-	BIO_printf (bio_err, "-passin arg    pass phrase source\n");
-#endif
-
-}
-
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/apps/s1024key.pem b/apps/s1024key.pem
deleted file mode 100644
index 19e0403572..0000000000
--- a/apps/s1024key.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
-S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
-pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
-AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
-dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
-bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
-Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
-zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
-6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
-QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
-dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
-0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
-nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
------END RSA PRIVATE KEY-----
diff --git a/apps/s1024req.pem b/apps/s1024req.pem
deleted file mode 100644
index bb75e7eeb7..0000000000
--- a/apps/s1024req.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
-GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz
-dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR
-9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo
-KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2
-RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE
-BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq
-nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil
-frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M=
------END CERTIFICATE REQUEST-----
diff --git a/apps/s512-key.pem b/apps/s512-key.pem
deleted file mode 100644
index 0e3ff2d373..0000000000
--- a/apps/s512-key.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
-TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
-OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
-gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
-rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
-PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
-vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
------END RSA PRIVATE KEY-----
diff --git a/apps/s512-req.pem b/apps/s512-req.pem
deleted file mode 100644
index ea314be555..0000000000
--- a/apps/s512-req.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
-MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0
-IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S
-MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E
-y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm
-5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8=
------END CERTIFICATE REQUEST-----
diff --git a/apps/s_apps.h b/apps/s_apps.h
deleted file mode 100644
index 820e5c5815..0000000000
--- a/apps/s_apps.h
+++ /dev/null
@@ -1,176 +0,0 @@
-/* apps/s_apps.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */
-#include <sys/types.h>
-#endif
-#include <openssl/opensslconf.h>
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-#include <conio.h>
-#endif
-
-#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
-#define _kbhit kbhit
-#endif
-
-#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
-/* VAX C does not defined fd_set and friends, but it's actually quite simple */
-/* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */
-#define MAX_NOFILE	32
-#define	NBBY		 8		/* number of bits in a byte	*/
-
-#ifndef	FD_SETSIZE
-#define	FD_SETSIZE	MAX_NOFILE
-#endif	/* FD_SETSIZE */
-
-/* How many things we'll allow select to use. 0 if unlimited */
-#define MAXSELFD	MAX_NOFILE
-typedef int	fd_mask;	/* int here! VMS prototypes int, not long */
-#define NFDBITS	(sizeof(fd_mask) * NBBY)	/* bits per mask (power of 2!)*/
-#define NFDSHIFT 5				/* Shift based on above */
-
-typedef fd_mask fd_set;
-#define	FD_SET(n, p)	(*(p) |= (1 << ((n) % NFDBITS)))
-#define	FD_CLR(n, p)	(*(p) &= ~(1 << ((n) % NFDBITS)))
-#define	FD_ISSET(n, p)	(*(p) & (1 << ((n) % NFDBITS)))
-#define FD_ZERO(p)	memset((char *)(p), 0, sizeof(*(p)))
-#endif
-
-#define PORT            4433
-#define PORT_STR        "4433"
-#define PROTOCOL        "tcp"
-
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
-#ifdef HEADER_X509_H
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#endif
-#ifdef HEADER_SSL_H
-int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
-#endif
-int init_client(int *sock, char *server, int port, int type);
-int should_retry(int i);
-int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
-
-long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
-				   int argi, long argl, long ret);
-
-#ifdef HEADER_SSL_H
-void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
-void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
-void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
-					unsigned char *data, int len,
-					void *arg);
-#endif
-
-int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
-int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);
diff --git a/apps/s_cb.c b/apps/s_cb.c
deleted file mode 100644
index 146a960795..0000000000
--- a/apps/s_cb.c
+++ /dev/null
@@ -1,934 +0,0 @@
-/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#define USE_SOCKETS
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
-#undef USE_SOCKETS
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include "s_apps.h"
-
-#define	COOKIE_SECRET_LENGTH	16
-
-int verify_depth=0;
-int verify_error=X509_V_OK;
-int verify_return_error=0;
-unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
-int cookie_initialized=0;
-
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
-	{
-	X509 *err_cert;
-	int err,depth;
-
-	err_cert=X509_STORE_CTX_get_current_cert(ctx);
-	err=	X509_STORE_CTX_get_error(ctx);
-	depth=	X509_STORE_CTX_get_error_depth(ctx);
-
-	BIO_printf(bio_err,"depth=%d ",depth);
-	if (err_cert)
-		{
-		X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
-					0, XN_FLAG_ONELINE);
-		BIO_puts(bio_err, "\n");
-		}
-	else
-		BIO_puts(bio_err, "<no cert>\n");
-	if (!ok)
-		{
-		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
-			X509_verify_cert_error_string(err));
-		if (verify_depth >= depth)
-			{
-			if (!verify_return_error)
-				ok=1;
-			verify_error=X509_V_OK;
-			}
-		else
-			{
-			ok=0;
-			verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
-			}
-		}
-	switch (err)
-		{
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-		BIO_puts(bio_err,"issuer= ");
-		X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
-					0, XN_FLAG_ONELINE);
-		BIO_puts(bio_err, "\n");
-		break;
-	case X509_V_ERR_CERT_NOT_YET_VALID:
-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-		BIO_printf(bio_err,"notBefore=");
-		ASN1_TIME_print(bio_err,X509_get_notBefore(err_cert));
-		BIO_printf(bio_err,"\n");
-		break;
-	case X509_V_ERR_CERT_HAS_EXPIRED:
-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-		BIO_printf(bio_err,"notAfter=");
-		ASN1_TIME_print(bio_err,X509_get_notAfter(err_cert));
-		BIO_printf(bio_err,"\n");
-		break;
-	case X509_V_ERR_NO_EXPLICIT_POLICY:
-		policies_print(bio_err, ctx);
-		break;
-		}
-	if (err == X509_V_OK && ok == 2)
-		policies_print(bio_err, ctx);
-
-	BIO_printf(bio_err,"verify return:%d\n",ok);
-	return(ok);
-	}
-
-int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
-	{
-	if (cert_file != NULL)
-		{
-		/*
-		SSL *ssl;
-		X509 *x509;
-		*/
-
-		if (SSL_CTX_use_certificate_file(ctx,cert_file,
-			SSL_FILETYPE_PEM) <= 0)
-			{
-			BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
-			ERR_print_errors(bio_err);
-			return(0);
-			}
-		if (key_file == NULL) key_file=cert_file;
-		if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
-			SSL_FILETYPE_PEM) <= 0)
-			{
-			BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
-			ERR_print_errors(bio_err);
-			return(0);
-			}
-
-		/*
-		In theory this is no longer needed 
-		ssl=SSL_new(ctx);
-		x509=SSL_get_certificate(ssl);
-
-		if (x509 != NULL) {
-			EVP_PKEY *pktmp;
-			pktmp = X509_get_pubkey(x509);
-			EVP_PKEY_copy_parameters(pktmp,
-						SSL_get_privatekey(ssl));
-			EVP_PKEY_free(pktmp);
-		}
-		SSL_free(ssl);
-		*/
-
-		/* If we are using DSA, we can copy the parameters from
-		 * the private key */
-
-
-		/* Now we know that a key and cert have been set against
-		 * the SSL context */
-		if (!SSL_CTX_check_private_key(ctx))
-			{
-			BIO_printf(bio_err,"Private key does not match the certificate public key\n");
-			return(0);
-			}
-		}
-	return(1);
-	}
-
-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
-	{
-	if (cert ==  NULL)
-		return 1;
-	if (SSL_CTX_use_certificate(ctx,cert) <= 0)
-		{
-		BIO_printf(bio_err,"error setting certificate\n");
-		ERR_print_errors(bio_err);
-		return 0;
-		}
-	if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
-		{
-		BIO_printf(bio_err,"error setting private key\n");
-		ERR_print_errors(bio_err);
-		return 0;
-		}
-
-		
-		/* Now we know that a key and cert have been set against
-		 * the SSL context */
-	if (!SSL_CTX_check_private_key(ctx))
-		{
-		BIO_printf(bio_err,"Private key does not match the certificate public key\n");
-		return 0;
-		}
-	return 1;
-	}
-
-long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
-				   int argi, long argl, long ret)
-	{
-	BIO *out;
-
-	out=(BIO *)BIO_get_callback_arg(bio);
-	if (out == NULL) return(ret);
-
-	if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
-		{
-		BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
- 			(void *)bio,argp,(unsigned long)argi,ret,ret);
-		BIO_dump(out,argp,(int)ret);
-		return(ret);
-		}
-	else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
-		{
-		BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
-			(void *)bio,argp,(unsigned long)argi,ret,ret);
-		BIO_dump(out,argp,(int)ret);
-		}
-	return(ret);
-	}
-
-void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
-	{
-	const char *str;
-	int w;
-
-	w=where& ~SSL_ST_MASK;
-
-	if (w & SSL_ST_CONNECT) str="SSL_connect";
-	else if (w & SSL_ST_ACCEPT) str="SSL_accept";
-	else str="undefined";
-
-	if (where & SSL_CB_LOOP)
-		{
-		BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
-		}
-	else if (where & SSL_CB_ALERT)
-		{
-		str=(where & SSL_CB_READ)?"read":"write";
-		BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
-			str,
-			SSL_alert_type_string_long(ret),
-			SSL_alert_desc_string_long(ret));
-		}
-	else if (where & SSL_CB_EXIT)
-		{
-		if (ret == 0)
-			BIO_printf(bio_err,"%s:failed in %s\n",
-				str,SSL_state_string_long(s));
-		else if (ret < 0)
-			{
-			BIO_printf(bio_err,"%s:error in %s\n",
-				str,SSL_state_string_long(s));
-			}
-		}
-	}
-
-
-void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
-	{
-	BIO *bio = arg;
-	const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
-	
-	str_write_p = write_p ? ">>>" : "<<<";
-
-	switch (version)
-		{
-	case SSL2_VERSION:
-		str_version = "SSL 2.0";
-		break;
-	case SSL3_VERSION:
-		str_version = "SSL 3.0 ";
-		break;
-	case TLS1_VERSION:
-		str_version = "TLS 1.0 ";
-		break;
-	case TLS1_1_VERSION:
-		str_version = "TLS 1.1 ";
-		break;
-	case TLS1_2_VERSION:
-		str_version = "TLS 1.2 ";
-		break;
-	case DTLS1_VERSION:
-		str_version = "DTLS 1.0 ";
-		break;
-	case DTLS1_BAD_VER:
-		str_version = "DTLS 1.0 (bad) ";
-		break;
-	default:
-		str_version = "???";
-		}
-
-	if (version == SSL2_VERSION)
-		{
-		str_details1 = "???";
-
-		if (len > 0)
-			{
-			switch (((const unsigned char*)buf)[0])
-				{
-				case 0:
-					str_details1 = ", ERROR:";
-					str_details2 = " ???";
-					if (len >= 3)
-						{
-						unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
-						
-						switch (err)
-							{
-						case 0x0001:
-							str_details2 = " NO-CIPHER-ERROR";
-							break;
-						case 0x0002:
-							str_details2 = " NO-CERTIFICATE-ERROR";
-							break;
-						case 0x0004:
-							str_details2 = " BAD-CERTIFICATE-ERROR";
-							break;
-						case 0x0006:
-							str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
-							break;
-							}
-						}
-
-					break;
-				case 1:
-					str_details1 = ", CLIENT-HELLO";
-					break;
-				case 2:
-					str_details1 = ", CLIENT-MASTER-KEY";
-					break;
-				case 3:
-					str_details1 = ", CLIENT-FINISHED";
-					break;
-				case 4:
-					str_details1 = ", SERVER-HELLO";
-					break;
-				case 5:
-					str_details1 = ", SERVER-VERIFY";
-					break;
-				case 6:
-					str_details1 = ", SERVER-FINISHED";
-					break;
-				case 7:
-					str_details1 = ", REQUEST-CERTIFICATE";
-					break;
-				case 8:
-					str_details1 = ", CLIENT-CERTIFICATE";
-					break;
-				}
-			}
-		}
-
-	if (version == SSL3_VERSION ||
-	    version == TLS1_VERSION ||
-	    version == TLS1_1_VERSION ||
-	    version == TLS1_2_VERSION ||
-	    version == DTLS1_VERSION ||
-	    version == DTLS1_BAD_VER)
-		{
-		switch (content_type)
-			{
-		case 20:
-			str_content_type = "ChangeCipherSpec";
-			break;
-		case 21:
-			str_content_type = "Alert";
-			break;
-		case 22:
-			str_content_type = "Handshake";
-			break;
-			}
-
-		if (content_type == 21) /* Alert */
-			{
-			str_details1 = ", ???";
-			
-			if (len == 2)
-				{
-				switch (((const unsigned char*)buf)[0])
-					{
-				case 1:
-					str_details1 = ", warning";
-					break;
-				case 2:
-					str_details1 = ", fatal";
-					break;
-					}
-
-				str_details2 = " ???";
-				switch (((const unsigned char*)buf)[1])
-					{
-				case 0:
-					str_details2 = " close_notify";
-					break;
-				case 10:
-					str_details2 = " unexpected_message";
-					break;
-				case 20:
-					str_details2 = " bad_record_mac";
-					break;
-				case 21:
-					str_details2 = " decryption_failed";
-					break;
-				case 22:
-					str_details2 = " record_overflow";
-					break;
-				case 30:
-					str_details2 = " decompression_failure";
-					break;
-				case 40:
-					str_details2 = " handshake_failure";
-					break;
-				case 42:
-					str_details2 = " bad_certificate";
-					break;
-				case 43:
-					str_details2 = " unsupported_certificate";
-					break;
-				case 44:
-					str_details2 = " certificate_revoked";
-					break;
-				case 45:
-					str_details2 = " certificate_expired";
-					break;
-				case 46:
-					str_details2 = " certificate_unknown";
-					break;
-				case 47:
-					str_details2 = " illegal_parameter";
-					break;
-				case 48:
-					str_details2 = " unknown_ca";
-					break;
-				case 49:
-					str_details2 = " access_denied";
-					break;
-				case 50:
-					str_details2 = " decode_error";
-					break;
-				case 51:
-					str_details2 = " decrypt_error";
-					break;
-				case 60:
-					str_details2 = " export_restriction";
-					break;
-				case 70:
-					str_details2 = " protocol_version";
-					break;
-				case 71:
-					str_details2 = " insufficient_security";
-					break;
-				case 80:
-					str_details2 = " internal_error";
-					break;
-				case 90:
-					str_details2 = " user_canceled";
-					break;
-				case 100:
-					str_details2 = " no_renegotiation";
-					break;
-				case 110:
-					str_details2 = " unsupported_extension";
-					break;
-				case 111:
-					str_details2 = " certificate_unobtainable";
-					break;
-				case 112:
-					str_details2 = " unrecognized_name";
-					break;
-				case 113:
-					str_details2 = " bad_certificate_status_response";
-					break;
-				case 114:
-					str_details2 = " bad_certificate_hash_value";
-					break;
-				case 115:
-					str_details2 = " unknown_psk_identity";
-					break;
-					}
-				}
-			}
-		
-		if (content_type == 22) /* Handshake */
-			{
-			str_details1 = "???";
-
-			if (len > 0)
-				{
-				switch (((const unsigned char*)buf)[0])
-					{
-				case 0:
-					str_details1 = ", HelloRequest";
-					break;
-				case 1:
-					str_details1 = ", ClientHello";
-					break;
-				case 2:
-					str_details1 = ", ServerHello";
-					break;
-				case 3:
-					str_details1 = ", HelloVerifyRequest";
-					break;
-				case 11:
-					str_details1 = ", Certificate";
-					break;
-				case 12:
-					str_details1 = ", ServerKeyExchange";
-					break;
-				case 13:
-					str_details1 = ", CertificateRequest";
-					break;
-				case 14:
-					str_details1 = ", ServerHelloDone";
-					break;
-				case 15:
-					str_details1 = ", CertificateVerify";
-					break;
-				case 16:
-					str_details1 = ", ClientKeyExchange";
-					break;
-				case 20:
-					str_details1 = ", Finished";
-					break;
-					}
-				}
-			}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-		if (content_type == 24) /* Heartbeat */
-			{
-			str_details1 = ", Heartbeat";
-			
-			if (len > 0)
-				{
-				switch (((const unsigned char*)buf)[0])
-					{
-				case 1:
-					str_details1 = ", HeartbeatRequest";
-					break;
-				case 2:
-					str_details1 = ", HeartbeatResponse";
-					break;
-					}
-				}
-			}
-#endif
-		}
-
-	BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
-
-	if (len > 0)
-		{
-		size_t num, i;
-		
-		BIO_printf(bio, "   ");
-		num = len;
-#if 0
-		if (num > 16)
-			num = 16;
-#endif
-		for (i = 0; i < num; i++)
-			{
-			if (i % 16 == 0 && i > 0)
-				BIO_printf(bio, "\n   ");
-			BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
-			}
-		if (i < len)
-			BIO_printf(bio, " ...");
-		BIO_printf(bio, "\n");
-		}
-	(void)BIO_flush(bio);
-	}
-
-void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
-					unsigned char *data, int len,
-					void *arg)
-	{
-	BIO *bio = arg;
-	char *extname;
-
-	switch(type)
-		{
-		case TLSEXT_TYPE_server_name:
-		extname = "server name";
-		break;
-
-		case TLSEXT_TYPE_max_fragment_length:
-		extname = "max fragment length";
-		break;
-
-		case TLSEXT_TYPE_client_certificate_url:
-		extname = "client certificate URL";
-		break;
-
-		case TLSEXT_TYPE_trusted_ca_keys:
-		extname = "trusted CA keys";
-		break;
-
-		case TLSEXT_TYPE_truncated_hmac:
-		extname = "truncated HMAC";
-		break;
-
-		case TLSEXT_TYPE_status_request:
-		extname = "status request";
-		break;
-
-		case TLSEXT_TYPE_user_mapping:
-		extname = "user mapping";
-		break;
-
-		case TLSEXT_TYPE_client_authz:
-		extname = "client authz";
-		break;
-
-		case TLSEXT_TYPE_server_authz:
-		extname = "server authz";
-		break;
-
-		case TLSEXT_TYPE_cert_type:
-		extname = "cert type";
-		break;
-
-		case TLSEXT_TYPE_elliptic_curves:
-		extname = "elliptic curves";
-		break;
-
-		case TLSEXT_TYPE_ec_point_formats:
-		extname = "EC point formats";
-		break;
-
-		case TLSEXT_TYPE_srp:
-		extname = "SRP";
-		break;
-
-		case TLSEXT_TYPE_signature_algorithms:
-		extname = "signature algorithms";
-		break;
-
-		case TLSEXT_TYPE_use_srtp:
-		extname = "use SRTP";
-		break;
-
-		case TLSEXT_TYPE_heartbeat:
-		extname = "heartbeat";
-		break;
-
-		case TLSEXT_TYPE_session_ticket:
-		extname = "session ticket";
-		break;
-
-		case TLSEXT_TYPE_renegotiate: 
-		extname = "renegotiation info";
-		break;
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-		case TLSEXT_TYPE_opaque_prf_input:
-		extname = "opaque PRF input";
-		break;
-#endif
-#ifdef TLSEXT_TYPE_next_proto_neg
-		case TLSEXT_TYPE_next_proto_neg:
-		extname = "next protocol";
-		break;
-#endif
-
-		case TLSEXT_TYPE_padding:
-		extname = "TLS padding";
-		break;
-
-		default:
-		extname = "unknown";
-		break;
-
-		}
-	
-	BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
-			client_server ? "server": "client",
-			extname, type, len);
-	BIO_dump(bio, (char *)data, len);
-	(void)BIO_flush(bio);
-	}
-
-int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
-	{
-	unsigned char *buffer, result[EVP_MAX_MD_SIZE];
-	unsigned int length, resultlength;
-	union {
-		struct sockaddr sa;
-		struct sockaddr_in s4;
-#if OPENSSL_USE_IPV6
-		struct sockaddr_in6 s6;
-#endif
-	} peer;
-
-	/* Initialize a random secret */
-	if (!cookie_initialized)
-		{
-		if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
-			{
-			BIO_printf(bio_err,"error setting random cookie secret\n");
-			return 0;
-			}
-		cookie_initialized = 1;
-		}
-
-	/* Read peer information */
-	(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
-
-	/* Create buffer with peer's address and port */
-	length = 0;
-	switch (peer.sa.sa_family)
-		{
-	case AF_INET:
-		length += sizeof(struct in_addr);
-		length += sizeof(peer.s4.sin_port);
-		break;
-#if OPENSSL_USE_IPV6
-	case AF_INET6:
-		length += sizeof(struct in6_addr);
-		length += sizeof(peer.s6.sin6_port);
-		break;
-#endif
-	default:
-		OPENSSL_assert(0);
-		break;
-		}
-	buffer = OPENSSL_malloc(length);
-
-	if (buffer == NULL)
-		{
-		BIO_printf(bio_err,"out of memory\n");
-		return 0;
-		}
-
-	switch (peer.sa.sa_family)
-		{
-	case AF_INET:
-		memcpy(buffer,
-		       &peer.s4.sin_port,
-		       sizeof(peer.s4.sin_port));
-		memcpy(buffer + sizeof(peer.s4.sin_port),
-		       &peer.s4.sin_addr,
-		       sizeof(struct in_addr));
-		break;
-#if OPENSSL_USE_IPV6
-	case AF_INET6:
-		memcpy(buffer,
-		       &peer.s6.sin6_port,
-		       sizeof(peer.s6.sin6_port));
-		memcpy(buffer + sizeof(peer.s6.sin6_port),
-		       &peer.s6.sin6_addr,
-		       sizeof(struct in6_addr));
-		break;
-#endif
-	default:
-		OPENSSL_assert(0);
-		break;
-		}
-
-	/* Calculate HMAC of buffer using the secret */
-	HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
-	     buffer, length, result, &resultlength);
-	OPENSSL_free(buffer);
-
-	memcpy(cookie, result, resultlength);
-	*cookie_len = resultlength;
-
-	return 1;
-	}
-
-int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
-	{
-	unsigned char *buffer, result[EVP_MAX_MD_SIZE];
-	unsigned int length, resultlength;
-	union {
-		struct sockaddr sa;
-		struct sockaddr_in s4;
-#if OPENSSL_USE_IPV6
-		struct sockaddr_in6 s6;
-#endif
-	} peer;
-
-	/* If secret isn't initialized yet, the cookie can't be valid */
-	if (!cookie_initialized)
-		return 0;
-
-	/* Read peer information */
-	(void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
-
-	/* Create buffer with peer's address and port */
-	length = 0;
-	switch (peer.sa.sa_family)
-		{
-	case AF_INET:
-		length += sizeof(struct in_addr);
-		length += sizeof(peer.s4.sin_port);
-		break;
-#if OPENSSL_USE_IPV6
-	case AF_INET6:
-		length += sizeof(struct in6_addr);
-		length += sizeof(peer.s6.sin6_port);
-		break;
-#endif
-	default:
-		OPENSSL_assert(0);
-		break;
-		}
-	buffer = OPENSSL_malloc(length);
-	
-	if (buffer == NULL)
-		{
-		BIO_printf(bio_err,"out of memory\n");
-		return 0;
-		}
-
-	switch (peer.sa.sa_family)
-		{
-	case AF_INET:
-		memcpy(buffer,
-		       &peer.s4.sin_port,
-		       sizeof(peer.s4.sin_port));
-		memcpy(buffer + sizeof(peer.s4.sin_port),
-		       &peer.s4.sin_addr,
-		       sizeof(struct in_addr));
-		break;
-#if OPENSSL_USE_IPV6
-	case AF_INET6:
-		memcpy(buffer,
-		       &peer.s6.sin6_port,
-		       sizeof(peer.s6.sin6_port));
-		memcpy(buffer + sizeof(peer.s6.sin6_port),
-		       &peer.s6.sin6_addr,
-		       sizeof(struct in6_addr));
-		break;
-#endif
-	default:
-		OPENSSL_assert(0);
-		break;
-		}
-
-	/* Calculate HMAC of buffer using the secret */
-	HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
-	     buffer, length, result, &resultlength);
-	OPENSSL_free(buffer);
-
-	if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
-		return 1;
-
-	return 0;
-	}
diff --git a/apps/s_client.c b/apps/s_client.c
deleted file mode 100644
index afa4c2b999..0000000000
--- a/apps/s_client.c
+++ /dev/null
@@ -1,2232 +0,0 @@
-/* apps/s_client.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/e_os2.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-
-/* With IPv6, it looks like Digital has mixed up the proper order of
-   recursive header file inclusion, resulting in the compiler complaining
-   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
-   is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-#define __U_INT
-typedef unsigned int u_int;
-#endif
-
-#define USE_SOCKETS
-#include "apps.h"
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#include <openssl/ocsp.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_SRP
-#include <openssl/srp.h>
-#endif
-#include "s_apps.h"
-#include "timeouts.h"
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-
-#if defined(OPENSSL_SYS_BEOS_R5)
-#include <fcntl.h>
-#endif
-
-#undef PROG
-#define PROG	s_client_main
-
-/*#define SSL_HOST_NAME	"www.netscape.com" */
-/*#define SSL_HOST_NAME	"193.118.187.102" */
-#define SSL_HOST_NAME	"localhost"
-
-/*#define TEST_CERT "client.pem" */ /* no default cert. */
-
-#undef BUFSIZZ
-#define BUFSIZZ 1024*8
-
-extern int verify_depth;
-extern int verify_error;
-extern int verify_return_error;
-
-#ifdef FIONBIO
-static int c_nbio=0;
-#endif
-static int c_Pause=0;
-static int c_debug=0;
-#ifndef OPENSSL_NO_TLSEXT
-static int c_tlsextdebug=0;
-static int c_status_req=0;
-#endif
-static int c_msg=0;
-static int c_showcerts=0;
-
-static char *keymatexportlabel=NULL;
-static int keymatexportlen=20;
-
-static void sc_usage(void);
-static void print_stuff(BIO *berr,SSL *con,int full);
-#ifndef OPENSSL_NO_TLSEXT
-static int ocsp_resp_cb(SSL *s, void *arg);
-#endif
-static BIO *bio_c_out=NULL;
-static int c_quiet=0;
-static int c_ign_eof=0;
-
-#ifndef OPENSSL_NO_PSK
-/* Default PSK identity and key */
-static char *psk_identity="Client_identity";
-/*char *psk_key=NULL;  by default PSK is not used */
-
-static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
-	unsigned int max_identity_len, unsigned char *psk,
-	unsigned int max_psk_len)
-	{
-	unsigned int psk_len = 0;
-	int ret;
-        BIGNUM *bn=NULL;
-
-	if (c_debug)
-		BIO_printf(bio_c_out, "psk_client_cb\n");
-	if (!hint)
-                {
-                /* no ServerKeyExchange message*/
-		if (c_debug)
-			BIO_printf(bio_c_out,"NULL received PSK identity hint, continuing anyway\n");
-                }
-        else if (c_debug)
-		BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
-
-	/* lookup PSK identity and PSK key based on the given identity hint here */
-	ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity);
-	if (ret < 0 || (unsigned int)ret > max_identity_len)
-		goto out_err;
-	if (c_debug)
-		BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, ret);
-        ret=BN_hex2bn(&bn, psk_key);
-        if (!ret)
-                {
-                BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
-                if (bn)
-                        BN_free(bn);
-                return 0;
-                }
-
-        if ((unsigned int)BN_num_bytes(bn) > max_psk_len)
-                {
-                BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
-                        max_psk_len, BN_num_bytes(bn));
-                BN_free(bn);
-                return 0;
-                }
-
-        psk_len=BN_bn2bin(bn, psk);
-        BN_free(bn);
-        if (psk_len == 0)
-                goto out_err;
-
-	if (c_debug)
-		BIO_printf(bio_c_out, "created PSK len=%d\n", psk_len);
-
-        return psk_len;
- out_err:
-	if (c_debug)
-		BIO_printf(bio_err, "Error in PSK client callback\n");
-        return 0;
-	}
-#endif
-
-static void sc_usage(void)
-	{
-	BIO_printf(bio_err,"usage: s_client args\n");
-	BIO_printf(bio_err,"\n");
-	BIO_printf(bio_err," -host host     - use -connect instead\n");
-	BIO_printf(bio_err," -port port     - use -connect instead\n");
-	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-
-	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
-	BIO_printf(bio_err," -verify_return_error - return verification errors\n");
-	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
-	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
-	BIO_printf(bio_err," -key arg      - Private key file to use, in cert file if\n");
-	BIO_printf(bio_err,"                 not specified but cert file is.\n");
-	BIO_printf(bio_err," -keyform arg  - key format (PEM or DER) PEM default\n");
-	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
-	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
-	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
-	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
-	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
-	BIO_printf(bio_err," -prexit       - print session information even on connection failure\n");
-	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
-	BIO_printf(bio_err," -debug        - extra output\n");
-#ifdef WATT32
-	BIO_printf(bio_err," -wdebug       - WATT-32 tcp debugging\n");
-#endif
-	BIO_printf(bio_err," -msg          - Show protocol messages\n");
-	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
-	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
-#ifdef FIONBIO
-	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
-#endif
-	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
-	BIO_printf(bio_err," -quiet        - no s_client output\n");
-	BIO_printf(bio_err," -ign_eof      - ignore input eof (default when -quiet)\n");
-	BIO_printf(bio_err," -no_ign_eof   - don't ignore input eof\n");
-#ifndef OPENSSL_NO_PSK
-	BIO_printf(bio_err," -psk_identity arg - PSK identity\n");
-	BIO_printf(bio_err," -psk arg      - PSK in hex (without 0x)\n");
-# ifndef OPENSSL_NO_JPAKE
-	BIO_printf(bio_err," -jpake arg    - JPAKE secret to use\n");
-# endif
-#endif
-#ifndef OPENSSL_NO_SRP
-	BIO_printf(bio_err," -srpuser user     - SRP authentification for 'user'\n");
-	BIO_printf(bio_err," -srppass arg      - password for 'user'\n");
-	BIO_printf(bio_err," -srp_lateuser     - SRP username into second ClientHello message\n");
-	BIO_printf(bio_err," -srp_moregroups   - Tolerate other than the known g N values.\n");
-	BIO_printf(bio_err," -srp_strength int - minimal length in bits for N (default %d).\n",SRP_MINIMAL_N);
-#endif
-	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
-#ifndef OPENSSL_NO_SSL3_METHOD
-	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
-#endif
-	BIO_printf(bio_err," -tls1_2       - just use TLSv1.2\n");
-	BIO_printf(bio_err," -tls1_1       - just use TLSv1.1\n");
-	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
-	BIO_printf(bio_err," -dtls1        - just use DTLSv1\n");    
-	BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n");
-	BIO_printf(bio_err," -mtu          - set the link layer MTU\n");
-	BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
-	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
-	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");
-	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
-	BIO_printf(bio_err,"                 command to see what is available\n");
-	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
-	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
-	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
-	BIO_printf(bio_err,"                 only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
-	BIO_printf(bio_err,"                 are supported.\n");
-#ifndef OPENSSL_NO_ENGINE
-	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
-#endif
-	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-	BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");
-	BIO_printf(bio_err," -sess_in arg  - file to read SSL session from\n");
-#ifndef OPENSSL_NO_TLSEXT
-	BIO_printf(bio_err," -servername host  - Set TLS extension servername in ClientHello\n");
-	BIO_printf(bio_err," -tlsextdebug      - hex dump of all TLS extensions received\n");
-	BIO_printf(bio_err," -status           - request certificate status from server\n");
-	BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
-# ifndef OPENSSL_NO_NEXTPROTONEG
-	BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
-	BIO_printf(bio_err," -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
-# endif
-#endif
-	BIO_printf(bio_err," -cutthrough       - enable 1-RTT full-handshake for strong ciphers\n");
-	BIO_printf(bio_err," -no_record_splitting  - disable 1/n-1 record splitting in CBC mode\n");
-	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
-#ifndef OPENSSL_NO_SRTP
-	BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
-#endif
- 	BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
- 	BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
-	}
-
-#ifndef OPENSSL_NO_TLSEXT
-
-/* This is a context that we pass to callbacks */
-typedef struct tlsextctx_st {
-   BIO * biodebug;
-   int ack;
-} tlsextctx;
-
-
-static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
-	{
-	tlsextctx * p = (tlsextctx *) arg;
-	const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-	if (SSL_get_servername_type(s) != -1) 
- 	        p->ack = !SSL_session_reused(s) && hn != NULL;
-	else 
-		BIO_printf(bio_err,"Can't use SSL_get_servername\n");
-	
-	return SSL_TLSEXT_ERR_OK;
-	}
-
-#ifndef OPENSSL_NO_SRP
-
-/* This is a context that we pass to all callbacks */
-typedef struct srp_arg_st
-	{
-	char *srppassin;
-	char *srplogin;
-	int msg;   /* copy from c_msg */
-	int debug; /* copy from c_debug */
-	int amp;   /* allow more groups */
-	int strength /* minimal size for N */ ;
-	} SRP_ARG;
-
-#define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
-
-static int srp_Verify_N_and_g(BIGNUM *N, BIGNUM *g)
-	{
-	BN_CTX *bn_ctx = BN_CTX_new();
-	BIGNUM *p = BN_new();
-	BIGNUM *r = BN_new();
-	int ret =
-		g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
-		BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
-		p != NULL && BN_rshift1(p, N) &&
-
-		/* p = (N-1)/2 */
-		BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) &&
-		r != NULL &&
-
-		/* verify g^((N-1)/2) == -1 (mod N) */
-		BN_mod_exp(r, g, p, N, bn_ctx) &&
-		BN_add_word(r, 1) &&
-		BN_cmp(r, N) == 0;
-
-	if(r)
-		BN_free(r);
-	if(p)
-		BN_free(p);
-	if(bn_ctx)
-		BN_CTX_free(bn_ctx);
-	return ret;
-	}
-
-/* This callback is used here for two purposes:
-   - extended debugging
-   - making some primality tests for unknown groups
-   The callback is only called for a non default group.
-
-   An application does not need the call back at all if
-   only the stanard groups are used.  In real life situations, 
-   client and server already share well known groups, 
-   thus there is no need to verify them. 
-   Furthermore, in case that a server actually proposes a group that
-   is not one of those defined in RFC 5054, it is more appropriate 
-   to add the group to a static list and then compare since 
-   primality tests are rather cpu consuming.
-*/
-
-static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg)
-	{
-	SRP_ARG *srp_arg = (SRP_ARG *)arg;
-	BIGNUM *N = NULL, *g = NULL;
-	if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s)))
-		return 0;
-	if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1)
-		{
-    		BIO_printf(bio_err, "SRP parameters:\n"); 
-		BIO_printf(bio_err,"\tN="); BN_print(bio_err,N);
-		BIO_printf(bio_err,"\n\tg="); BN_print(bio_err,g);
-		BIO_printf(bio_err,"\n");
-		}
-
-	if (SRP_check_known_gN_param(g,N))
-		return 1;
-
-	if (srp_arg->amp == 1)
-		{
-		if (srp_arg->debug)
-			BIO_printf(bio_err, "SRP param N and g are not known params, going to check deeper.\n");
-
-/* The srp_moregroups is a real debugging feature.
-   Implementors should rather add the value to the known ones.
-   The minimal size has already been tested.
-*/
-		if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N,g))
-			return 1;
-		}	
-	BIO_printf(bio_err, "SRP param N and g rejected.\n");
-	return 0;
-	}
-
-#define PWD_STRLEN 1024
-
-static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
-	{
-	SRP_ARG *srp_arg = (SRP_ARG *)arg;
-	char *pass = (char *)OPENSSL_malloc(PWD_STRLEN+1);
-	PW_CB_DATA cb_tmp;
-	int l;
-
-	cb_tmp.password = (char *)srp_arg->srppassin;
-	cb_tmp.prompt_info = "SRP user";
-	if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp))<0)
-		{
-		BIO_printf (bio_err, "Can't read Password\n");
-		OPENSSL_free(pass);
-		return NULL;
-		}
-	*(pass+l)= '\0';
-
-	return pass;
-	}
-
-#endif
-#ifndef OPENSSL_NO_SRTP
-	char *srtp_profiles = NULL;
-#endif
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-/* This the context that we pass to next_proto_cb */
-typedef struct tlsextnextprotoctx_st {
-	unsigned char *data;
-	unsigned short len;
-	int status;
-} tlsextnextprotoctx;
-
-static tlsextnextprotoctx next_proto;
-
-static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
-	{
-	tlsextnextprotoctx *ctx = arg;
-
-	if (!c_quiet)
-		{
-		/* We can assume that |in| is syntactically valid. */
-		unsigned i;
-		BIO_printf(bio_c_out, "Protocols advertised by server: ");
-		for (i = 0; i < inlen; )
-			{
-			if (i)
-				BIO_write(bio_c_out, ", ", 2);
-			BIO_write(bio_c_out, &in[i + 1], in[i]);
-			i += in[i] + 1;
-			}
-		BIO_write(bio_c_out, "\n", 1);
-		}
-
-	ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
-	return SSL_TLSEXT_ERR_OK;
-	}
-# endif  /* ndef OPENSSL_NO_NEXTPROTONEG */
-#endif
-
-enum
-{
-	PROTO_OFF	= 0,
-	PROTO_SMTP,
-	PROTO_POP3,
-	PROTO_IMAP,
-	PROTO_FTP,
-	PROTO_XMPP
-};
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	unsigned int off=0, clr=0;
-	SSL *con=NULL;
-#ifndef OPENSSL_NO_KRB5
-	KSSL_CTX *kctx;
-#endif
-	int s,k,width,state=0;
-	char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
-	int cbuf_len,cbuf_off;
-	int sbuf_len,sbuf_off;
-	fd_set readfds,writefds;
-	short port=PORT;
-	int full_log=1;
-	char *host=SSL_HOST_NAME;
-	char *cert_file=NULL,*key_file=NULL;
-	int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
-	char *passarg = NULL, *pass = NULL;
-	X509 *cert = NULL;
-	EVP_PKEY *key = NULL;
-	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
-	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
-	int cutthrough=0, no_record_splitting=0;
-	int crlf=0;
-	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
-	SSL_CTX *ctx=NULL;
-	int ret=1,in_init=1,i,nbio_test=0;
-	int starttls_proto = PROTO_OFF;
-	int prexit = 0;
-	X509_VERIFY_PARAM *vpm = NULL;
-	int badarg = 0;
-	const SSL_METHOD *meth=NULL;
-	int socket_type=SOCK_STREAM;
-	BIO *sbio;
-	char *inrand=NULL;
-	int mbuf_len=0;
-	struct timeval timeout, *timeoutp;
-	int ssl_mode;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine_id=NULL;
-	char *ssl_client_engine_id=NULL;
-	ENGINE *ssl_client_engine=NULL;
-#endif
-	ENGINE *e=NULL;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
-	struct timeval tv;
-#if defined(OPENSSL_SYS_BEOS_R5)
-	int stdin_set = 0;
-#endif
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-	char *servername = NULL; 
-        tlsextctx tlsextcbp = 
-        {NULL,0};
-# ifndef OPENSSL_NO_NEXTPROTONEG
-	const char *next_proto_neg_in = NULL;
-	const char *alpn_in = NULL;
-# endif
-#endif
-	char *sess_in = NULL;
-	char *sess_out = NULL;
-	struct sockaddr peer;
-	int peerlen = sizeof(peer);
-	int fallback_scsv = 0;
-	int enable_timeouts = 0 ;
-	long socket_mtu = 0;
-#ifndef OPENSSL_NO_JPAKE
-	char *jpake_secret = NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-	char * srppass = NULL;
-	int srp_lateuser = 0;
-	SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024};
-#endif
-
-	meth=SSLv23_client_method();
-
-	apps_startup();
-	c_Pause=0;
-	c_quiet=0;
-	c_ign_eof=0;
-	c_debug=0;
-	c_msg=0;
-	c_showcerts=0;
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	if (	((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
-		((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
-		((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
-		{
-		BIO_printf(bio_err,"out of memory\n");
-		goto end;
-		}
-
-	verify_depth=0;
-	verify_error=X509_V_OK;
-#ifdef FIONBIO
-	c_nbio=0;
-#endif
-
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if	(strcmp(*argv,"-host") == 0)
-			{
-			if (--argc < 1) goto bad;
-			host= *(++argv);
-			}
-		else if	(strcmp(*argv,"-port") == 0)
-			{
-			if (--argc < 1) goto bad;
-			port=atoi(*(++argv));
-			if (port == 0) goto bad;
-			}
-		else if (strcmp(*argv,"-connect") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!extract_host_port(*(++argv),&host,NULL,&port))
-				goto bad;
-			}
-		else if	(strcmp(*argv,"-verify") == 0)
-			{
-			verify=SSL_VERIFY_PEER;
-			if (--argc < 1) goto bad;
-			verify_depth=atoi(*(++argv));
-			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
-			}
-		else if	(strcmp(*argv,"-cert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			cert_file= *(++argv);
-			}
-		else if	(strcmp(*argv,"-sess_out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			sess_out = *(++argv);
-			}
-		else if	(strcmp(*argv,"-sess_in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			sess_in = *(++argv);
-			}
-		else if	(strcmp(*argv,"-certform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			cert_format = str2fmt(*(++argv));
-			}
-		else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
-			{
-			if (badarg)
-				goto bad;
-			continue;
-			}
-		else if (strcmp(*argv,"-verify_return_error") == 0)
-			verify_return_error = 1;
-		else if	(strcmp(*argv,"-prexit") == 0)
-			prexit=1;
-		else if	(strcmp(*argv,"-crlf") == 0)
-			crlf=1;
-		else if	(strcmp(*argv,"-quiet") == 0)
-			{
-			c_quiet=1;
-			c_ign_eof=1;
-			}
-		else if	(strcmp(*argv,"-ign_eof") == 0)
-			c_ign_eof=1;
-		else if	(strcmp(*argv,"-no_ign_eof") == 0)
-			c_ign_eof=0;
-		else if	(strcmp(*argv,"-pause") == 0)
-			c_Pause=1;
-		else if	(strcmp(*argv,"-debug") == 0)
-			c_debug=1;
-#ifndef OPENSSL_NO_TLSEXT
-		else if	(strcmp(*argv,"-tlsextdebug") == 0)
-			c_tlsextdebug=1;
-		else if	(strcmp(*argv,"-status") == 0)
-			c_status_req=1;
-#endif
-#ifdef WATT32
-		else if (strcmp(*argv,"-wdebug") == 0)
-			dbug_init();
-#endif
-		else if	(strcmp(*argv,"-msg") == 0)
-			c_msg=1;
-		else if	(strcmp(*argv,"-showcerts") == 0)
-			c_showcerts=1;
-		else if	(strcmp(*argv,"-nbio_test") == 0)
-			nbio_test=1;
-		else if	(strcmp(*argv,"-state") == 0)
-			state=1;
-#ifndef OPENSSL_NO_PSK
-                else if (strcmp(*argv,"-psk_identity") == 0)
-			{
-			if (--argc < 1) goto bad;
-			psk_identity=*(++argv);
-			}
-                else if (strcmp(*argv,"-psk") == 0)
-			{
-                        size_t j;
-
-			if (--argc < 1) goto bad;
-			psk_key=*(++argv);
-			for (j = 0; j < strlen(psk_key); j++)
-                                {
-                                if (isxdigit((unsigned char)psk_key[j]))
-                                        continue;
-                                BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
-                                goto bad;
-                                }
-			}
-#endif
-#ifndef OPENSSL_NO_SRP
-		else if (strcmp(*argv,"-srpuser") == 0)
-			{
-			if (--argc < 1) goto bad;
-			srp_arg.srplogin= *(++argv);
-			meth=TLSv1_client_method();
-			}
-		else if (strcmp(*argv,"-srppass") == 0)
-			{
-			if (--argc < 1) goto bad;
-			srppass= *(++argv);
-			meth=TLSv1_client_method();
-			}
-		else if (strcmp(*argv,"-srp_strength") == 0)
-			{
-			if (--argc < 1) goto bad;
-			srp_arg.strength=atoi(*(++argv));
-			BIO_printf(bio_err,"SRP minimal length for N is %d\n",srp_arg.strength);
-			meth=TLSv1_client_method();
-			}
-		else if (strcmp(*argv,"-srp_lateuser") == 0)
-			{
-			srp_lateuser= 1;
-			meth=TLSv1_client_method();
-			}
-		else if	(strcmp(*argv,"-srp_moregroups") == 0)
-			{
-			srp_arg.amp=1;
-			meth=TLSv1_client_method();
-			}
-#endif
-#ifndef OPENSSL_NO_SSL2
-		else if	(strcmp(*argv,"-ssl2") == 0)
-			meth=SSLv2_client_method();
-#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-		else if	(strcmp(*argv,"-ssl3") == 0)
-			meth=SSLv3_client_method();
-#endif
-#ifndef OPENSSL_NO_TLS1
-		else if	(strcmp(*argv,"-tls1_2") == 0)
-			meth=TLSv1_2_client_method();
-		else if	(strcmp(*argv,"-tls1_1") == 0)
-			meth=TLSv1_1_client_method();
-		else if	(strcmp(*argv,"-tls1") == 0)
-			meth=TLSv1_client_method();
-#endif
-#ifndef OPENSSL_NO_DTLS1
-		else if	(strcmp(*argv,"-dtls1") == 0)
-			{
-			meth=DTLSv1_client_method();
-			socket_type=SOCK_DGRAM;
-			}
-		else if (strcmp(*argv,"-fallback_scsv") == 0)
-			{
-			fallback_scsv = 1;
-			}
-		else if (strcmp(*argv,"-timeout") == 0)
-			enable_timeouts=1;
-		else if (strcmp(*argv,"-mtu") == 0)
-			{
-			if (--argc < 1) goto bad;
-			socket_mtu = atol(*(++argv));
-			}
-#endif
-		else if (strcmp(*argv,"-bugs") == 0)
-			bugs=1;
-		else if	(strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			key_format = str2fmt(*(++argv));
-			}
-		else if	(strcmp(*argv,"-pass") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passarg = *(++argv);
-			}
-		else if	(strcmp(*argv,"-key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			key_file= *(++argv);
-			}
-		else if	(strcmp(*argv,"-reconnect") == 0)
-			{
-			reconnect=5;
-			}
-		else if	(strcmp(*argv,"-CApath") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CApath= *(++argv);
-			}
-		else if	(strcmp(*argv,"-CAfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-no_tls1_2") == 0)
-			off|=SSL_OP_NO_TLSv1_2;
-		else if (strcmp(*argv,"-no_tls1_1") == 0)
-			off|=SSL_OP_NO_TLSv1_1;
-		else if (strcmp(*argv,"-no_tls1") == 0)
-			off|=SSL_OP_NO_TLSv1;
-		else if (strcmp(*argv,"-no_ssl3") == 0)
-			off|=SSL_OP_NO_SSLv3;
-		else if (strcmp(*argv,"-no_ssl2") == 0)
-			off|=SSL_OP_NO_SSLv2;
-		else if	(strcmp(*argv,"-no_comp") == 0)
-			{ off|=SSL_OP_NO_COMPRESSION; }
-#ifndef OPENSSL_NO_TLSEXT
-		else if	(strcmp(*argv,"-no_ticket") == 0)
-			{ off|=SSL_OP_NO_TICKET; }
-# ifndef OPENSSL_NO_NEXTPROTONEG
-		else if (strcmp(*argv,"-nextprotoneg") == 0)
-			{
-			if (--argc < 1) goto bad;
-			next_proto_neg_in = *(++argv);
-			}
-		else if (strcmp(*argv,"-alpn") == 0)
-			{
-			if (--argc < 1) goto bad;
-			alpn_in = *(++argv);
-			}
-# endif
-#endif
-		else if (strcmp(*argv,"-cutthrough") == 0)
-			cutthrough=1;
-		else if (strcmp(*argv,"-no_record_splitting") == 0)
-			no_record_splitting=1;
-		else if (strcmp(*argv,"-serverpref") == 0)
-			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
-		else if (strcmp(*argv,"-legacy_renegotiation") == 0)
-			off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-		else if	(strcmp(*argv,"-legacy_server_connect") == 0)
-			{ off|=SSL_OP_LEGACY_SERVER_CONNECT; }
-		else if	(strcmp(*argv,"-no_legacy_server_connect") == 0)
-			{ clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
-		else if	(strcmp(*argv,"-cipher") == 0)
-			{
-			if (--argc < 1) goto bad;
-			cipher= *(++argv);
-			}
-#ifdef FIONBIO
-		else if (strcmp(*argv,"-nbio") == 0)
-			{ c_nbio=1; }
-#endif
-		else if	(strcmp(*argv,"-starttls") == 0)
-			{
-			if (--argc < 1) goto bad;
-			++argv;
-			if (strcmp(*argv,"smtp") == 0)
-				starttls_proto = PROTO_SMTP;
-			else if (strcmp(*argv,"pop3") == 0)
-				starttls_proto = PROTO_POP3;
-			else if (strcmp(*argv,"imap") == 0)
-				starttls_proto = PROTO_IMAP;
-			else if (strcmp(*argv,"ftp") == 0)
-				starttls_proto = PROTO_FTP;
-			else if (strcmp(*argv, "xmpp") == 0)
-				starttls_proto = PROTO_XMPP;
-			else
-				goto bad;
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if	(strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine_id = *(++argv);
-			}
-		else if	(strcmp(*argv,"-ssl_client_engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			ssl_client_engine_id = *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			}
-#ifndef OPENSSL_NO_TLSEXT
-		else if (strcmp(*argv,"-servername") == 0)
-			{
-			if (--argc < 1) goto bad;
-			servername= *(++argv);
-			/* meth=TLSv1_client_method(); */
-			}
-#endif
-#ifndef OPENSSL_NO_JPAKE
-		else if (strcmp(*argv,"-jpake") == 0)
-			{
-			if (--argc < 1) goto bad;
-			jpake_secret = *++argv;
-			}
-#endif
-#ifndef OPENSSL_NO_SRTP
-		else if (strcmp(*argv,"-use_srtp") == 0)
-			{
-			if (--argc < 1) goto bad;
-			srtp_profiles = *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-keymatexport") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keymatexportlabel= *(++argv);
-			}
-		else if (strcmp(*argv,"-keymatexportlen") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keymatexportlen=atoi(*(++argv));
-			if (keymatexportlen == 0) goto bad;
-			}
-                else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badop=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-	if (badop)
-		{
-bad:
-		sc_usage();
-		goto end;
-		}
-
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-	if (jpake_secret)
-		{
-		if (psk_key)
-			{
-			BIO_printf(bio_err,
-				   "Can't use JPAKE and PSK together\n");
-			goto end;
-			}
-		psk_identity = "JPAKE";
-		if (cipher)
-			{
-			BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-			goto end;
-			}
-		cipher = "PSK";
-		}
-#endif
-
-	OpenSSL_add_ssl_algorithms();
-	SSL_load_error_strings();
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-	next_proto.status = -1;
-	if (next_proto_neg_in)
-		{
-		next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
-		if (next_proto.data == NULL)
-			{
-			BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n");
-			goto end;
-			}
-		}
-	else
-		next_proto.data = NULL;
-#endif
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine_id, 1);
-	if (ssl_client_engine_id)
-		{
-		ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
-		if (!ssl_client_engine)
-			{
-			BIO_printf(bio_err,
-					"Error getting client auth engine\n");
-			goto end;
-			}
-		}
-
-#endif
-	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
-		{
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-		}
-
-	if (key_file == NULL)
-		key_file = cert_file;
-
-
-	if (key_file)
-
-		{
-
-		key = load_key(bio_err, key_file, key_format, 0, pass, e,
-			       "client certificate private key file");
-		if (!key)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-		}
-
-	if (cert_file)
-
-		{
-		cert = load_cert(bio_err,cert_file,cert_format,
-				NULL, e, "client certificate file");
-
-		if (!cert)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
-		&& !RAND_status())
-		{
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-		}
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
-
-	if (bio_c_out == NULL)
-		{
-		if (c_quiet && !c_debug && !c_msg)
-			{
-			bio_c_out=BIO_new(BIO_s_null());
-			}
-		else
-			{
-			if (bio_c_out == NULL)
-				bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-			}
-		}
-
-#ifndef OPENSSL_NO_SRP
-	if(!app_passwd(bio_err, srppass, NULL, &srp_arg.srppassin, NULL))
-		{
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-		}
-#endif
-
-	ctx=SSL_CTX_new(meth);
-	if (ctx == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (vpm)
-		SSL_CTX_set1_param(ctx, vpm);
-
-#ifndef OPENSSL_NO_ENGINE
-	if (ssl_client_engine)
-		{
-		if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
-			{
-			BIO_puts(bio_err, "Error setting client auth engine\n");
-			ERR_print_errors(bio_err);
-			ENGINE_free(ssl_client_engine);
-			goto end;
-			}
-		ENGINE_free(ssl_client_engine);
-		}
-#endif
-
-#ifndef OPENSSL_NO_PSK
-#ifdef OPENSSL_NO_JPAKE
-	if (psk_key != NULL)
-#else
-	if (psk_key != NULL || jpake_secret)
-#endif
-		{
-		if (c_debug)
-			BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
-		SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
-		}
-#endif
-#ifndef OPENSSL_NO_SRTP
-	if (srtp_profiles != NULL)
-		SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
-#endif
-	if (bugs)
-		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
-	else
-		SSL_CTX_set_options(ctx,off);
-
-	if (clr)
-		SSL_CTX_clear_options(ctx, clr);
-	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
-	 * Setting read ahead solves this problem.
-	 */
-	if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
-
-#if !defined(OPENSSL_NO_TLSEXT)
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
-	if (next_proto.data)
-		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
-# endif
-	if (alpn_in)
-		{
-		unsigned short alpn_len;
-		unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
-
-		if (alpn == NULL)
-			{
-			BIO_printf(bio_err, "Error parsing -alpn argument\n");
-			goto end;
-			}
-		SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
-		}
-#endif
-
-	ssl_mode = SSL_CTX_get_mode(ctx);
-	if (!no_record_splitting)
-		ssl_mode |= SSL_MODE_CBC_RECORD_SPLITTING;
-	if (cutthrough)
-		{
-		/* Enable handshake cutthrough for client connections using
-		 * strong ciphers. */
-		ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH;
-		}
-	SSL_CTX_set_mode(ctx, ssl_mode);
-
-	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
-	if (cipher != NULL)
-		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
-		BIO_printf(bio_err,"error setting cipher list\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-#if 0
-	else
-		SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
-#endif
-
-	SSL_CTX_set_verify(ctx,verify,verify_callback);
-	if (!set_cert_key_stuff(ctx,cert,key))
-		goto end;
-
-	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
-		(!SSL_CTX_set_default_verify_paths(ctx)))
-		{
-		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
-		ERR_print_errors(bio_err);
-		/* goto end; */
-		}
-
-#ifndef OPENSSL_NO_TLSEXT
-	if (servername != NULL)
-		{
-		tlsextcbp.biodebug = bio_err;
-		SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
-		SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
-		}
-#ifndef OPENSSL_NO_SRP
-        if (srp_arg.srplogin)
-		{
-		if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin))
-			{
-			BIO_printf(bio_err,"Unable to set SRP username\n");
-			goto end;
-			}
-		srp_arg.msg = c_msg;
-		srp_arg.debug = c_debug ;
-		SSL_CTX_set_srp_cb_arg(ctx,&srp_arg);
-		SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
-		SSL_CTX_set_srp_strength(ctx, srp_arg.strength);
-		if (c_msg || c_debug || srp_arg.amp == 0)
-			SSL_CTX_set_srp_verify_param_callback(ctx, ssl_srp_verify_param_cb);
-		}
-
-#endif
-#endif
-
-	con=SSL_new(ctx);
-	if (sess_in)
-		{
-		SSL_SESSION *sess;
-		BIO *stmp = BIO_new_file(sess_in, "r");
-		if (!stmp)
-			{
-			BIO_printf(bio_err, "Can't open session file %s\n",
-						sess_in);
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
-		BIO_free(stmp);
-		if (!sess)
-			{
-			BIO_printf(bio_err, "Can't open session file %s\n",
-						sess_in);
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		SSL_set_session(con, sess);
-		SSL_SESSION_free(sess);
-		}
-
-	if (fallback_scsv)
-		SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
-
-#ifndef OPENSSL_NO_TLSEXT
-	if (servername != NULL)
-		{
-		if (!SSL_set_tlsext_host_name(con,servername))
-			{
-			BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-#endif
-#ifndef OPENSSL_NO_KRB5
-	if (con  &&  (kctx = kssl_ctx_new()) != NULL)
-                {
-		SSL_set0_kssl_ctx(con, kctx);
-                kssl_ctx_setstring(kctx, KSSL_SERVER, host);
-		}
-#endif	/* OPENSSL_NO_KRB5  */
-/*	SSL_set_cipher_list(con,"RC4-MD5"); */
-#if 0
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	SSL_set_tlsext_opaque_prf_input(con, "Test client", 11);
-#endif
-#endif
-
-re_start:
-
-	if (init_client(&s,host,port,socket_type) == 0)
-		{
-		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
-		SHUTDOWN(s);
-		goto end;
-		}
-	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
-
-#ifdef FIONBIO
-	if (c_nbio)
-		{
-		unsigned long l=1;
-		BIO_printf(bio_c_out,"turning on non blocking io\n");
-		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-#endif                                              
-	if (c_Pause & 0x01) SSL_set_debug(con, 1);
-
-	if ( SSL_version(con) == DTLS1_VERSION)
-		{
-
-		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
-		if (getsockname(s, &peer, (void *)&peerlen) < 0)
-			{
-			BIO_printf(bio_err, "getsockname:errno=%d\n",
-				get_last_socket_error());
-			SHUTDOWN(s);
-			goto end;
-			}
-
-		(void)BIO_ctrl_set_connected(sbio, 1, &peer);
-
-		if (enable_timeouts)
-			{
-			timeout.tv_sec = 0;
-			timeout.tv_usec = DGRAM_RCV_TIMEOUT;
-			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
-			
-			timeout.tv_sec = 0;
-			timeout.tv_usec = DGRAM_SND_TIMEOUT;
-			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
-			}
-
-		if (socket_mtu)
-			{
-			if(socket_mtu < DTLS_get_link_min_mtu(con))
-				{
-				BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
-					DTLS_get_link_min_mtu(con));
-				BIO_free(sbio);
-				goto shut;
-				}
-			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
-			if(!DTLS_set_link_mtu(con, socket_mtu))
-				{
-				BIO_printf(bio_err, "Failed to set MTU\n");
-				BIO_free(sbio);
-				goto shut;
-				}
-			}
-		else
-			/* want to do MTU discovery */
-			BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
-		}
-	else
-		sbio=BIO_new_socket(s,BIO_NOCLOSE);
-
-	if (nbio_test)
-		{
-		BIO *test;
-
-		test=BIO_new(BIO_f_nbio_test());
-		sbio=BIO_push(test,sbio);
-		}
-
-	if (c_debug)
-		{
-		SSL_set_debug(con, 1);
-		BIO_set_callback(sbio,bio_dump_callback);
-		BIO_set_callback_arg(sbio,(char *)bio_c_out);
-		}
-	if (c_msg)
-		{
-		SSL_set_msg_callback(con, msg_cb);
-		SSL_set_msg_callback_arg(con, bio_c_out);
-		}
-#ifndef OPENSSL_NO_TLSEXT
-	if (c_tlsextdebug)
-		{
-		SSL_set_tlsext_debug_callback(con, tlsext_cb);
-		SSL_set_tlsext_debug_arg(con, bio_c_out);
-		}
-	if (c_status_req)
-		{
-		SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
-		SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
-		SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
-#if 0
-{
-STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
-OCSP_RESPID *id = OCSP_RESPID_new();
-id->value.byKey = ASN1_OCTET_STRING_new();
-id->type = V_OCSP_RESPID_KEY;
-ASN1_STRING_set(id->value.byKey, "Hello World", -1);
-sk_OCSP_RESPID_push(ids, id);
-SSL_set_tlsext_status_ids(con, ids);
-}
-#endif
-		}
-#endif
-#ifndef OPENSSL_NO_JPAKE
-	if (jpake_secret)
-		jpake_client_auth(bio_c_out, sbio, jpake_secret);
-#endif
-
-	SSL_set_bio(con,sbio,sbio);
-	SSL_set_connect_state(con);
-
-	/* ok, lets connect */
-	width=SSL_get_fd(con)+1;
-
-	read_tty=1;
-	write_tty=0;
-	tty_on=0;
-	read_ssl=1;
-	write_ssl=1;
-	
-	cbuf_len=0;
-	cbuf_off=0;
-	sbuf_len=0;
-	sbuf_off=0;
-
-	/* This is an ugly hack that does a lot of assumptions */
-	/* We do have to handle multi-line responses which may come
- 	   in a single packet or not. We therefore have to use
-	   BIO_gets() which does need a buffering BIO. So during
-	   the initial chitchat we do push a buffering BIO into the
-	   chain that is removed again later on to not disturb the
-	   rest of the s_client operation. */
-	if (starttls_proto == PROTO_SMTP)
-		{
-		int foundit=0;
-		BIO *fbio = BIO_new(BIO_f_buffer());
-		BIO_push(fbio, sbio);
-		/* wait for multi-line response to end from SMTP */
-		do
-			{
-			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
-			}
-		while (mbuf_len>3 && mbuf[3]=='-');
-		/* STARTTLS command requires EHLO... */
-		BIO_printf(fbio,"EHLO openssl.client.net\r\n");
-		(void)BIO_flush(fbio);
-		/* wait for multi-line response to end EHLO SMTP response */
-		do
-			{
-			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
-			if (strstr(mbuf,"STARTTLS"))
-				foundit=1;
-			}
-		while (mbuf_len>3 && mbuf[3]=='-');
-		(void)BIO_flush(fbio);
-		BIO_pop(fbio);
-		BIO_free(fbio);
-		if (!foundit)
-			BIO_printf(bio_err,
-				   "didn't found starttls in server response,"
-				   " try anyway...\n");
-		BIO_printf(sbio,"STARTTLS\r\n");
-		BIO_read(sbio,sbuf,BUFSIZZ);
-		}
-	else if (starttls_proto == PROTO_POP3)
-		{
-		BIO_read(sbio,mbuf,BUFSIZZ);
-		BIO_printf(sbio,"STLS\r\n");
-		BIO_read(sbio,sbuf,BUFSIZZ);
-		}
-	else if (starttls_proto == PROTO_IMAP)
-		{
-		int foundit=0;
-		BIO *fbio = BIO_new(BIO_f_buffer());
-		BIO_push(fbio, sbio);
-		BIO_gets(fbio,mbuf,BUFSIZZ);
-		/* STARTTLS command requires CAPABILITY... */
-		BIO_printf(fbio,". CAPABILITY\r\n");
-		(void)BIO_flush(fbio);
-		/* wait for multi-line CAPABILITY response */
-		do
-			{
-			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
-			if (strstr(mbuf,"STARTTLS"))
-				foundit=1;
-			}
-		while (mbuf_len>3 && mbuf[0]!='.');
-		(void)BIO_flush(fbio);
-		BIO_pop(fbio);
-		BIO_free(fbio);
-		if (!foundit)
-			BIO_printf(bio_err,
-				   "didn't found STARTTLS in server response,"
-				   " try anyway...\n");
-		BIO_printf(sbio,". STARTTLS\r\n");
-		BIO_read(sbio,sbuf,BUFSIZZ);
-		}
-	else if (starttls_proto == PROTO_FTP)
-		{
-		BIO *fbio = BIO_new(BIO_f_buffer());
-		BIO_push(fbio, sbio);
-		/* wait for multi-line response to end from FTP */
-		do
-			{
-			mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
-			}
-		while (mbuf_len>3 && mbuf[3]=='-');
-		(void)BIO_flush(fbio);
-		BIO_pop(fbio);
-		BIO_free(fbio);
-		BIO_printf(sbio,"AUTH TLS\r\n");
-		BIO_read(sbio,sbuf,BUFSIZZ);
-		}
-	if (starttls_proto == PROTO_XMPP)
-		{
-		int seen = 0;
-		BIO_printf(sbio,"<stream:stream "
-		    "xmlns:stream='http://etherx.jabber.org/streams' "
-		    "xmlns='jabber:client' to='%s' version='1.0'>", host);
-		seen = BIO_read(sbio,mbuf,BUFSIZZ);
-		mbuf[seen] = 0;
-		while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
-			{
-			if (strstr(mbuf, "/stream:features>"))
-				goto shut;
-			seen = BIO_read(sbio,mbuf,BUFSIZZ);
-			mbuf[seen] = 0;
-			}
-		BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
-		seen = BIO_read(sbio,sbuf,BUFSIZZ);
-		sbuf[seen] = 0;
-		if (!strstr(sbuf, "<proceed"))
-			goto shut;
-		mbuf[0] = 0;
-		}
-
-	for (;;)
-		{
-		FD_ZERO(&readfds);
-		FD_ZERO(&writefds);
-
-		if ((SSL_version(con) == DTLS1_VERSION) &&
-			DTLSv1_get_timeout(con, &timeout))
-			timeoutp = &timeout;
-		else
-			timeoutp = NULL;
-
-		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
-			{
-			in_init=1;
-			tty_on=0;
-			}
-		else
-			{
-			tty_on=1;
-			if (in_init)
-				{
-				in_init=0;
-#if 0 /* This test doesn't really work as intended (needs to be fixed) */
-#ifndef OPENSSL_NO_TLSEXT
-				if (servername != NULL && !SSL_session_reused(con))
-					{
-					BIO_printf(bio_c_out,"Server did %sacknowledge servername extension.\n",tlsextcbp.ack?"":"not ");
-					}
-#endif
-#endif
-				if (sess_out)
-					{
-					BIO *stmp = BIO_new_file(sess_out, "w");
-					if (stmp)
-						{
-						PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
-						BIO_free(stmp);
-						}
-					else 
-						BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
-					}
-				print_stuff(bio_c_out,con,full_log);
-				if (full_log > 0) full_log--;
-
-				if (starttls_proto)
-					{
-					BIO_printf(bio_err,"%s",mbuf);
-					/* We don't need to know any more */
-					starttls_proto = PROTO_OFF;
-					}
-
-				if (reconnect)
-					{
-					reconnect--;
-					BIO_printf(bio_c_out,"drop connection and then reconnect\n");
-					SSL_shutdown(con);
-					SSL_set_connect_state(con);
-					SHUTDOWN(SSL_get_fd(con));
-					goto re_start;
-					}
-				}
-			}
-
-		ssl_pending = read_ssl && SSL_pending(con);
-
-		if (!ssl_pending)
-			{
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined (OPENSSL_SYS_BEOS_R5)
-			if (tty_on)
-				{
-				if (read_tty)  openssl_fdset(fileno(stdin),&readfds);
-				if (write_tty) openssl_fdset(fileno(stdout),&writefds);
-				}
-			if (read_ssl)
-				openssl_fdset(SSL_get_fd(con),&readfds);
-			if (write_ssl)
-				openssl_fdset(SSL_get_fd(con),&writefds);
-#else
-			if(!tty_on || !write_tty) {
-				if (read_ssl)
-					openssl_fdset(SSL_get_fd(con),&readfds);
-				if (write_ssl)
-					openssl_fdset(SSL_get_fd(con),&writefds);
-			}
-#endif
-/*			printf("mode tty(%d %d%d) ssl(%d%d)\n",
-				tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
-
-			/* Note: under VMS with SOCKETSHR the second parameter
-			 * is currently of type (int *) whereas under other
-			 * systems it is (void *) if you don't have a cast it
-			 * will choke the compiler: if you do have a cast then
-			 * you can either go for (int *) or (void *).
-			 */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-                        /* Under Windows/DOS we make the assumption that we can
-			 * always write to the tty: therefore if we need to
-			 * write to the tty we just fall through. Otherwise
-			 * we timeout the select every second and see if there
-			 * are any keypresses. Note: this is a hack, in a proper
-			 * Windows application we wouldn't do this.
-			 */
-			i=0;
-			if(!write_tty) {
-				if(read_tty) {
-					tv.tv_sec = 1;
-					tv.tv_usec = 0;
-					i=select(width,(void *)&readfds,(void *)&writefds,
-						 NULL,&tv);
-#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
-					if(!i && (!_kbhit() || !read_tty) ) continue;
-#else
-					if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
-#endif
-				} else 	i=select(width,(void *)&readfds,(void *)&writefds,
-					 NULL,timeoutp);
-			}
-#elif defined(OPENSSL_SYS_NETWARE)
-			if(!write_tty) {
-				if(read_tty) {
-					tv.tv_sec = 1;
-					tv.tv_usec = 0;
-					i=select(width,(void *)&readfds,(void *)&writefds,
-						NULL,&tv);
-				} else 	i=select(width,(void *)&readfds,(void *)&writefds,
-					NULL,timeoutp);
-			}
-#elif defined(OPENSSL_SYS_BEOS_R5)
-			/* Under BeOS-R5 the situation is similar to DOS */
-			i=0;
-			stdin_set = 0;
-			(void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
-			if(!write_tty) {
-				if(read_tty) {
-					tv.tv_sec = 1;
-					tv.tv_usec = 0;
-					i=select(width,(void *)&readfds,(void *)&writefds,
-						 NULL,&tv);
-					if (read(fileno(stdin), sbuf, 0) >= 0)
-						stdin_set = 1;
-					if (!i && (stdin_set != 1 || !read_tty))
-						continue;
-				} else 	i=select(width,(void *)&readfds,(void *)&writefds,
-					 NULL,timeoutp);
-			}
-			(void)fcntl(fileno(stdin), F_SETFL, 0);
-#else
-			i=select(width,(void *)&readfds,(void *)&writefds,
-				 NULL,timeoutp);
-#endif
-			if ( i < 0)
-				{
-				BIO_printf(bio_err,"bad select %d\n",
-				get_last_socket_error());
-				goto shut;
-				/* goto end; */
-				}
-			}
-
-		if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
-			{
-			BIO_printf(bio_err,"TIMEOUT occured\n");
-			}
-
-		if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
-			{
-			k=SSL_write(con,&(cbuf[cbuf_off]),
-				(unsigned int)cbuf_len);
-			switch (SSL_get_error(con,k))
-				{
-			case SSL_ERROR_NONE:
-				cbuf_off+=k;
-				cbuf_len-=k;
-				if (k <= 0) goto end;
-				/* we have done a  write(con,NULL,0); */
-				if (cbuf_len <= 0)
-					{
-					read_tty=1;
-					write_ssl=0;
-					}
-				else /* if (cbuf_len > 0) */
-					{
-					read_tty=0;
-					write_ssl=1;
-					}
-				break;
-			case SSL_ERROR_WANT_WRITE:
-				BIO_printf(bio_c_out,"write W BLOCK\n");
-				write_ssl=1;
-				read_tty=0;
-				break;
-			case SSL_ERROR_WANT_READ:
-				BIO_printf(bio_c_out,"write R BLOCK\n");
-				write_tty=0;
-				read_ssl=1;
-				write_ssl=0;
-				break;
-			case SSL_ERROR_WANT_X509_LOOKUP:
-				BIO_printf(bio_c_out,"write X BLOCK\n");
-				break;
-			case SSL_ERROR_ZERO_RETURN:
-				if (cbuf_len != 0)
-					{
-					BIO_printf(bio_c_out,"shutdown\n");
-					ret = 0;
-					goto shut;
-					}
-				else
-					{
-					read_tty=1;
-					write_ssl=0;
-					break;
-					}
-				
-			case SSL_ERROR_SYSCALL:
-				if ((k != 0) || (cbuf_len != 0))
-					{
-					BIO_printf(bio_err,"write:errno=%d\n",
-						get_last_socket_error());
-					goto shut;
-					}
-				else
-					{
-					read_tty=1;
-					write_ssl=0;
-					}
-				break;
-			case SSL_ERROR_SSL:
-				ERR_print_errors(bio_err);
-				goto shut;
-				}
-			}
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
-		/* Assume Windows/DOS/BeOS can always write */
-		else if (!ssl_pending && write_tty)
-#else
-		else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
-#endif
-			{
-#ifdef CHARSET_EBCDIC
-			ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
-#endif
-			i=raw_write_stdout(&(sbuf[sbuf_off]),sbuf_len);
-
-			if (i <= 0)
-				{
-				BIO_printf(bio_c_out,"DONE\n");
-				ret = 0;
-				goto shut;
-				/* goto end; */
-				}
-
-			sbuf_len-=i;;
-			sbuf_off+=i;
-			if (sbuf_len <= 0)
-				{
-				read_ssl=1;
-				write_tty=0;
-				}
-			}
-		else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
-			{
-#ifdef RENEG
-{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
-#endif
-#if 1
-			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
-#else
-/* Demo for pending and peek :-) */
-			k=SSL_read(con,sbuf,16);
-{ char zbuf[10240]; 
-printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
-}
-#endif
-
-			switch (SSL_get_error(con,k))
-				{
-			case SSL_ERROR_NONE:
-				if (k <= 0)
-					goto end;
-				sbuf_off=0;
-				sbuf_len=k;
-
-				read_ssl=0;
-				write_tty=1;
-				break;
-			case SSL_ERROR_WANT_WRITE:
-				BIO_printf(bio_c_out,"read W BLOCK\n");
-				write_ssl=1;
-				read_tty=0;
-				break;
-			case SSL_ERROR_WANT_READ:
-				BIO_printf(bio_c_out,"read R BLOCK\n");
-				write_tty=0;
-				read_ssl=1;
-				if ((read_tty == 0) && (write_ssl == 0))
-					write_ssl=1;
-				break;
-			case SSL_ERROR_WANT_X509_LOOKUP:
-				BIO_printf(bio_c_out,"read X BLOCK\n");
-				break;
-			case SSL_ERROR_SYSCALL:
-				ret=get_last_socket_error();
-				BIO_printf(bio_err,"read:errno=%d\n",ret);
-				goto shut;
-			case SSL_ERROR_ZERO_RETURN:
-				BIO_printf(bio_c_out,"closed\n");
-				ret=0;
-				goto shut;
-			case SSL_ERROR_SSL:
-				ERR_print_errors(bio_err);
-				goto shut;
-				/* break; */
-				}
-			}
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
-		else if (_kbhit())
-#else
-		else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
-#endif
-#elif defined (OPENSSL_SYS_NETWARE)
-		else if (_kbhit())
-#elif defined(OPENSSL_SYS_BEOS_R5)
-		else if (stdin_set)
-#else
-		else if (FD_ISSET(fileno(stdin),&readfds))
-#endif
-			{
-			if (crlf)
-				{
-				int j, lf_num;
-
-				i=raw_read_stdin(cbuf,BUFSIZZ/2);
-				lf_num = 0;
-				/* both loops are skipped when i <= 0 */
-				for (j = 0; j < i; j++)
-					if (cbuf[j] == '\n')
-						lf_num++;
-				for (j = i-1; j >= 0; j--)
-					{
-					cbuf[j+lf_num] = cbuf[j];
-					if (cbuf[j] == '\n')
-						{
-						lf_num--;
-						i++;
-						cbuf[j+lf_num] = '\r';
-						}
-					}
-				assert(lf_num == 0);
-				}
-			else
-				i=raw_read_stdin(cbuf,BUFSIZZ);
-
-			if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
-				{
-				BIO_printf(bio_err,"DONE\n");
-				ret=0;
-				goto shut;
-				}
-
-			if ((!c_ign_eof) && (cbuf[0] == 'R'))
-				{
-				BIO_printf(bio_err,"RENEGOTIATING\n");
-				SSL_renegotiate(con);
-				cbuf_len=0;
-				}
-#ifndef OPENSSL_NO_HEARTBEATS
-			else if ((!c_ign_eof) && (cbuf[0] == 'B'))
- 				{
-				BIO_printf(bio_err,"HEARTBEATING\n");
-				SSL_heartbeat(con);
-				cbuf_len=0;
-				}
-#endif
-			else
-				{
-				cbuf_len=i;
-				cbuf_off=0;
-#ifdef CHARSET_EBCDIC
-				ebcdic2ascii(cbuf, cbuf, i);
-#endif
-				}
-
-			write_ssl=1;
-			read_tty=0;
-			}
-		}
-
-	ret=0;
-shut:
-	if (in_init)
-		print_stuff(bio_c_out,con,full_log);
-	SSL_shutdown(con);
-	SHUTDOWN(SSL_get_fd(con));
-end:
-	if (con != NULL)
-		{
-		if (prexit != 0)
-			print_stuff(bio_c_out,con,1);
-		SSL_free(con);
-		}
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-	if (next_proto.data)
-		OPENSSL_free(next_proto.data);
-#endif
-	if (ctx != NULL) SSL_CTX_free(ctx);
-	if (cert)
-		X509_free(cert);
-	if (key)
-		EVP_PKEY_free(key);
-	if (pass)
-		OPENSSL_free(pass);
-	if (vpm)
-		X509_VERIFY_PARAM_free(vpm);
-	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
-	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
-	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
-	if (bio_c_out != NULL)
-		{
-		BIO_free(bio_c_out);
-		bio_c_out=NULL;
-		}
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-
-static void print_stuff(BIO *bio, SSL *s, int full)
-	{
-	X509 *peer=NULL;
-	char *p;
-	static const char *space="                ";
-	char buf[BUFSIZ];
-	STACK_OF(X509) *sk;
-	STACK_OF(X509_NAME) *sk2;
-	const SSL_CIPHER *c;
-	X509_NAME *xn;
-	int j,i;
-#ifndef OPENSSL_NO_COMP
-	const COMP_METHOD *comp, *expansion;
-#endif
-	unsigned char *exportedkeymat;
-
-	if (full)
-		{
-		int got_a_chain = 0;
-
-		sk=SSL_get_peer_cert_chain(s);
-		if (sk != NULL)
-			{
-			got_a_chain = 1; /* we don't have it for SSL2 (yet) */
-
-			BIO_printf(bio,"---\nCertificate chain\n");
-			for (i=0; i<sk_X509_num(sk); i++)
-				{
-				X509_NAME_oneline(X509_get_subject_name(
-					sk_X509_value(sk,i)),buf,sizeof buf);
-				BIO_printf(bio,"%2d s:%s\n",i,buf);
-				X509_NAME_oneline(X509_get_issuer_name(
-					sk_X509_value(sk,i)),buf,sizeof buf);
-				BIO_printf(bio,"   i:%s\n",buf);
-				if (c_showcerts)
-					PEM_write_bio_X509(bio,sk_X509_value(sk,i));
-				}
-			}
-
-		BIO_printf(bio,"---\n");
-		peer=SSL_get_peer_certificate(s);
-		if (peer != NULL)
-			{
-			BIO_printf(bio,"Server certificate\n");
-			if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
-				PEM_write_bio_X509(bio,peer);
-			X509_NAME_oneline(X509_get_subject_name(peer),
-				buf,sizeof buf);
-			BIO_printf(bio,"subject=%s\n",buf);
-			X509_NAME_oneline(X509_get_issuer_name(peer),
-				buf,sizeof buf);
-			BIO_printf(bio,"issuer=%s\n",buf);
-			}
-		else
-			BIO_printf(bio,"no peer certificate available\n");
-
-		sk2=SSL_get_client_CA_list(s);
-		if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
-			{
-			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
-			for (i=0; i<sk_X509_NAME_num(sk2); i++)
-				{
-				xn=sk_X509_NAME_value(sk2,i);
-				X509_NAME_oneline(xn,buf,sizeof(buf));
-				BIO_write(bio,buf,strlen(buf));
-				BIO_write(bio,"\n",1);
-				}
-			}
-		else
-			{
-			BIO_printf(bio,"---\nNo client certificate CA names sent\n");
-			}
-		p=SSL_get_shared_ciphers(s,buf,sizeof buf);
-		if (p != NULL)
-			{
-			/* This works only for SSL 2.  In later protocol
-			 * versions, the client does not know what other
-			 * ciphers (in addition to the one to be used
-			 * in the current connection) the server supports. */
-
-			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
-			j=i=0;
-			while (*p)
-				{
-				if (*p == ':')
-					{
-					BIO_write(bio,space,15-j%25);
-					i++;
-					j=0;
-					BIO_write(bio,((i%3)?" ":"\n"),1);
-					}
-				else
-					{
-					BIO_write(bio,p,1);
-					j++;
-					}
-				p++;
-				}
-			BIO_write(bio,"\n",1);
-			}
-
-		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
-			BIO_number_read(SSL_get_rbio(s)),
-			BIO_number_written(SSL_get_wbio(s)));
-		}
-	BIO_printf(bio,(SSL_cache_hit(s)?"---\nReused, ":"---\nNew, "));
-	c=SSL_get_current_cipher(s);
-	BIO_printf(bio,"%s, Cipher is %s\n",
-		SSL_CIPHER_get_version(c),
-		SSL_CIPHER_get_name(c));
-	if (peer != NULL) {
-		EVP_PKEY *pktmp;
-		pktmp = X509_get_pubkey(peer);
-		BIO_printf(bio,"Server public key is %d bit\n",
-							 EVP_PKEY_bits(pktmp));
-		EVP_PKEY_free(pktmp);
-	}
-	BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
-			SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
-#ifndef OPENSSL_NO_COMP
-	comp=SSL_get_current_compression(s);
-	expansion=SSL_get_current_expansion(s);
-	BIO_printf(bio,"Compression: %s\n",
-		comp ? SSL_COMP_get_name(comp) : "NONE");
-	BIO_printf(bio,"Expansion: %s\n",
-		expansion ? SSL_COMP_get_name(expansion) : "NONE");
-#endif
- 
-#ifdef SSL_DEBUG
-	{
-	/* Print out local port of connection: useful for debugging */
-	int sock;
-	struct sockaddr_in ladd;
-	socklen_t ladd_size = sizeof(ladd);
-	sock = SSL_get_fd(s);
-	getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);
-	BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
-	}
-#endif
-
-#if !defined(OPENSSL_NO_TLSEXT)
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
-	if (next_proto.status != -1) {
-		const unsigned char *proto;
-		unsigned int proto_len;
-		SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
-		BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
-		BIO_write(bio, proto, proto_len);
-		BIO_write(bio, "\n", 1);
-	}
-	{
-		const unsigned char *proto;
-		unsigned int proto_len;
-		SSL_get0_alpn_selected(s, &proto, &proto_len);
-		if (proto_len > 0)
-			{
-			BIO_printf(bio, "ALPN protocol: ");
-			BIO_write(bio, proto, proto_len);
-			BIO_write(bio, "\n", 1);
-			}
-		else
-			BIO_printf(bio, "No ALPN negotiated\n");
-	}
-# endif
-#endif
-
-#ifndef OPENSSL_NO_SRTP
- 	{
- 	SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
- 
-	if(srtp_profile)
-		BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n",
-			   srtp_profile->name);
-	}
-#endif
- 
-	SSL_SESSION_print(bio,SSL_get_session(s));
-	if (keymatexportlabel != NULL)
-		{
-		BIO_printf(bio, "Keying material exporter:\n");
-		BIO_printf(bio, "    Label: '%s'\n", keymatexportlabel);
-		BIO_printf(bio, "    Length: %i bytes\n", keymatexportlen);
-		exportedkeymat = OPENSSL_malloc(keymatexportlen);
-		if (exportedkeymat != NULL)
-			{
-			if (!SSL_export_keying_material(s, exportedkeymat,
-						        keymatexportlen,
-						        keymatexportlabel,
-						        strlen(keymatexportlabel),
-						        NULL, 0, 0))
-				{
-				BIO_printf(bio, "    Error\n");
-				}
-			else
-				{
-				BIO_printf(bio, "    Keying material: ");
-				for (i=0; i<keymatexportlen; i++)
-					BIO_printf(bio, "%02X",
-						   exportedkeymat[i]);
-				BIO_printf(bio, "\n");
-				}
-			OPENSSL_free(exportedkeymat);
-			}
-		}
-	BIO_printf(bio,"---\n");
-	if (peer != NULL)
-		X509_free(peer);
-	/* flush, or debugging output gets mixed with http response */
-	(void)BIO_flush(bio);
-	}
-
-#ifndef OPENSSL_NO_TLSEXT
-
-static int ocsp_resp_cb(SSL *s, void *arg)
-	{
-	const unsigned char *p;
-	int len;
-	OCSP_RESPONSE *rsp;
-	len = SSL_get_tlsext_status_ocsp_resp(s, &p);
-	BIO_puts(arg, "OCSP response: ");
-	if (!p)
-		{
-		BIO_puts(arg, "no response sent\n");
-		return 1;
-		}
-	rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
-	if (!rsp)
-		{
-		BIO_puts(arg, "response parse error\n");
-		BIO_dump_indent(arg, (char *)p, len, 4);
-		return 0;
-		}
-	BIO_puts(arg, "\n======================================\n");
-	OCSP_RESPONSE_print(arg, rsp, 0);
-	BIO_puts(arg, "======================================\n");
-	OCSP_RESPONSE_free(rsp);
-	return 1;
-	}
-
-#endif
diff --git a/apps/s_server.c b/apps/s_server.c
deleted file mode 100644
index f47328ab35..0000000000
--- a/apps/s_server.c
+++ /dev/null
@@ -1,3041 +0,0 @@
-/* apps/s_server.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/e_os2.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-
-#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */
-#include <sys/types.h>
-#endif
-
-/* With IPv6, it looks like Digital has mixed up the proper order of
-   recursive header file inclusion, resulting in the compiler complaining
-   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
-   is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-#define __U_INT
-typedef unsigned int u_int;
-#endif
-
-#include <openssl/lhash.h>
-#include <openssl/bn.h>
-#define USE_SOCKETS
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/rand.h>
-#include <openssl/ocsp.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_SRP
-#include <openssl/srp.h>
-#endif
-#include "s_apps.h"
-#include "timeouts.h"
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-
-#if defined(OPENSSL_SYS_BEOS_R5)
-#include <fcntl.h>
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
-#endif
-static int sv_body(char *hostname, int s, unsigned char *context);
-static int www_body(char *hostname, int s, unsigned char *context);
-static void close_accept_socket(void );
-static void sv_usage(void);
-static int init_ssl_connection(SSL *s);
-static void print_stats(BIO *bp,SSL_CTX *ctx);
-static int generate_session_id(const SSL *ssl, unsigned char *id,
-				unsigned int *id_len);
-#ifndef OPENSSL_NO_DH
-static DH *load_dh_param(const char *dhfile);
-static DH *get_dh512(void);
-#endif
-
-#ifdef MONOLITH
-static void s_server_init(void);
-#endif
-
-#ifndef OPENSSL_NO_DH
-static unsigned char dh512_p[]={
-	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
-	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
-	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
-	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
-	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
-	0x47,0x74,0xE8,0x33,
-	};
-static unsigned char dh512_g[]={
-	0x02,
-	};
-
-static DH *get_dh512(void)
-	{
-	DH *dh=NULL;
-
-	if ((dh=DH_new()) == NULL) return(NULL);
-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
-	if ((dh->p == NULL) || (dh->g == NULL))
-		return(NULL);
-	return(dh);
-	}
-#endif
-
-
-/* static int load_CA(SSL_CTX *ctx, char *file);*/
-
-#undef BUFSIZZ
-#define BUFSIZZ	16*1024
-static int bufsize=BUFSIZZ;
-static int accept_socket= -1;
-
-#define TEST_CERT	"server.pem"
-#ifndef OPENSSL_NO_TLSEXT
-#define TEST_CERT2	"server2.pem"
-#endif
-#undef PROG
-#define PROG		s_server_main
-
-extern int verify_depth, verify_return_error;
-
-static char *cipher=NULL;
-static int s_server_verify=SSL_VERIFY_NONE;
-static int s_server_session_id_context = 1; /* anything will do */
-static const char *s_cert_file=TEST_CERT,*s_key_file=NULL;
-#ifndef OPENSSL_NO_TLSEXT
-static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;
-#endif
-static char *s_dcert_file=NULL,*s_dkey_file=NULL;
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-static int s_nbio_test=0;
-int s_crlf=0;
-static SSL_CTX *ctx=NULL;
-#ifndef OPENSSL_NO_TLSEXT
-static SSL_CTX *ctx2=NULL;
-#endif
-static int www=0;
-
-static BIO *bio_s_out=NULL;
-static int s_debug=0;
-#ifndef OPENSSL_NO_TLSEXT
-static int s_tlsextdebug=0;
-static int s_tlsextstatus=0;
-static int cert_status_cb(SSL *s, void *arg);
-#endif
-static int s_msg=0;
-static int s_quiet=0;
-
-static char *keymatexportlabel=NULL;
-static int keymatexportlen=20;
-
-static int hack=0;
-#ifndef OPENSSL_NO_ENGINE
-static char *engine_id=NULL;
-#endif
-static const char *session_id_prefix=NULL;
-
-static int enable_timeouts = 0;
-static long socket_mtu;
-#ifndef OPENSSL_NO_DTLS1
-static int cert_chain = 0;
-#endif
-
-
-#ifndef OPENSSL_NO_PSK
-static char *psk_identity="Client_identity";
-char *psk_key=NULL; /* by default PSK is not used */
-
-static unsigned int psk_server_cb(SSL *ssl, const char *identity,
-	unsigned char *psk, unsigned int max_psk_len)
-	{
-	unsigned int psk_len = 0;
-	int ret;
-	BIGNUM *bn = NULL;
-
-	if (s_debug)
-		BIO_printf(bio_s_out,"psk_server_cb\n");
-	if (!identity)
-		{
-		BIO_printf(bio_err,"Error: client did not send PSK identity\n");
-		goto out_err;
-		}
-	if (s_debug)
-		BIO_printf(bio_s_out,"identity_len=%d identity=%s\n",
-			identity ? (int)strlen(identity) : 0, identity);
-
-	/* here we could lookup the given identity e.g. from a database */
-  	if (strcmp(identity, psk_identity) != 0)
-		{
-                BIO_printf(bio_s_out, "PSK error: client identity not found"
-			   " (got '%s' expected '%s')\n", identity,
-			   psk_identity);
-		goto out_err;
-                }
-	if (s_debug)
-		BIO_printf(bio_s_out, "PSK client identity found\n");
-
-	/* convert the PSK key to binary */
-	ret = BN_hex2bn(&bn, psk_key);
-	if (!ret)
-		{
-		BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", psk_key);
-		if (bn)
-			BN_free(bn);
-		return 0;
-		}
-	if (BN_num_bytes(bn) > (int)max_psk_len)
-		{
-		BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
-			max_psk_len, BN_num_bytes(bn));
-		BN_free(bn);
-		return 0;
-		}
-
-	ret = BN_bn2bin(bn, psk);
-	BN_free(bn);
-
-	if (ret < 0)
-		goto out_err;
-	psk_len = (unsigned int)ret;
-
-	if (s_debug)
-		BIO_printf(bio_s_out, "fetched PSK len=%d\n", psk_len);
-        return psk_len;
- out_err:
-	if (s_debug)
-		BIO_printf(bio_err, "Error in PSK server callback\n");
-	return 0;
-        }
-#endif
-
-#ifndef OPENSSL_NO_SRP
-/* This is a context that we pass to callbacks */
-typedef struct srpsrvparm_st
-	{
-	char *login;
-	SRP_VBASE *vb;
-	SRP_user_pwd *user;
-	} srpsrvparm;
-
-/* This callback pretends to require some asynchronous logic in order to obtain
-   a verifier. When the callback is called for a new connection we return
-   with a negative value. This will provoke the accept etc to return with
-   an LOOKUP_X509. The main logic of the reinvokes the suspended call 
-   (which would normally occur after a worker has finished) and we
-   set the user parameters. 
-*/
-static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
-	{
-	srpsrvparm *p = (srpsrvparm *)arg;
-	if (p->login == NULL && p->user == NULL )
-		{
-		p->login = SSL_get_srp_username(s);
-		BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
-		return (-1) ;
-		}
-
-	if (p->user == NULL)
-		{
-		BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
-		return SSL3_AL_FATAL;
-		}
-	if (SSL_set_srp_server_param(s, p->user->N, p->user->g, p->user->s, p->user->v,
-				     p->user->info) < 0)
-		{
-		*ad = SSL_AD_INTERNAL_ERROR;
-		return SSL3_AL_FATAL;
-		}
-	BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login,p->user->info);
-	/* need to check whether there are memory leaks */
-	p->user = NULL;
-	p->login = NULL;
-	return SSL_ERROR_NONE;
-	}
-
-#endif
-
-#ifdef MONOLITH
-static void s_server_init(void)
-	{
-	accept_socket=-1;
-	cipher=NULL;
-	s_server_verify=SSL_VERIFY_NONE;
-	s_dcert_file=NULL;
-	s_dkey_file=NULL;
-	s_cert_file=TEST_CERT;
-	s_key_file=NULL;
-#ifndef OPENSSL_NO_TLSEXT
-	s_cert_file2=TEST_CERT2;
-	s_key_file2=NULL;
-	ctx2=NULL;
-#endif
-#ifdef FIONBIO
-	s_nbio=0;
-#endif
-	s_nbio_test=0;
-	ctx=NULL;
-	www=0;
-
-	bio_s_out=NULL;
-	s_debug=0;
-	s_msg=0;
-	s_quiet=0;
-	hack=0;
-#ifndef OPENSSL_NO_ENGINE
-	engine_id=NULL;
-#endif
-	}
-#endif
-
-static void sv_usage(void)
-	{
-	BIO_printf(bio_err,"usage: s_server [args ...]\n");
-	BIO_printf(bio_err,"\n");
-	BIO_printf(bio_err," -accept arg   - port to accept on (default is %d)\n",PORT);
-	BIO_printf(bio_err," -context arg  - set session ID context\n");
-	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
-	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
-	BIO_printf(bio_err," -verify_return_error - return verification errors\n");
-	BIO_printf(bio_err," -cert arg     - certificate file to use\n");
-	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);
-	BIO_printf(bio_err," -crl_check    - check the peer certificate has not been revoked by its CA.\n" \
-	                   "                 The CRL(s) are appended to the certificate file\n");
-	BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
-	                   "                 or any other CRL in the CA chain. CRL(s) are appened to the\n" \
-	                   "                 the certificate file.\n");
-	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
-	BIO_printf(bio_err," -key arg      - Private Key file to use, in cert file if\n");
-	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT);
-	BIO_printf(bio_err," -keyform arg  - key format (PEM, DER or ENGINE) PEM default\n");
-	BIO_printf(bio_err," -pass arg     - private key file pass phrase source\n");
-	BIO_printf(bio_err," -dcert arg    - second certificate file to use (usually for DSA)\n");
-	BIO_printf(bio_err," -dcertform x  - second certificate format (PEM or DER) PEM default\n");
-	BIO_printf(bio_err," -dkey arg     - second private key file to use (usually for DSA)\n");
-	BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
-	BIO_printf(bio_err," -dpass arg    - second private key file pass phrase source\n");
-	BIO_printf(bio_err," -dhparam arg  - DH parameter file to use, in cert file if not specified\n");
-	BIO_printf(bio_err,"                 or a default set of parameters is used\n");
-#ifndef OPENSSL_NO_ECDH
-	BIO_printf(bio_err," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
-	                   "                 Use \"openssl ecparam -list_curves\" for all names\n" \
-	                   "                 (default is nistp256).\n");
-#endif
-#ifdef FIONBIO
-	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
-#endif
-	BIO_printf(bio_err," -nbio_test    - test with the non-blocking test bio\n");
-	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
-	BIO_printf(bio_err," -debug        - Print more output\n");
-	BIO_printf(bio_err," -msg          - Show protocol messages\n");
-	BIO_printf(bio_err," -state        - Print the SSL states\n");
-	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
-	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
-	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
-	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
-	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
-	BIO_printf(bio_err," -quiet        - No server output\n");
-	BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
-#ifndef OPENSSL_NO_PSK
-	BIO_printf(bio_err," -psk_hint arg - PSK identity hint to use\n");
-	BIO_printf(bio_err," -psk arg      - PSK in hex (without 0x)\n");
-# ifndef OPENSSL_NO_JPAKE
-	BIO_printf(bio_err," -jpake arg    - JPAKE secret to use\n");
-# endif
-#endif
-#ifndef OPENSSL_NO_SRP
-	BIO_printf(bio_err," -srpvfile file      - The verifier file for SRP\n");
-	BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n");
-#endif
-	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
-#ifndef OPENSSL_NO_SSL3_METHOD
-	BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
-#endif
-	BIO_printf(bio_err," -tls1_2       - Just talk TLSv1.2\n");
-	BIO_printf(bio_err," -tls1_1       - Just talk TLSv1.1\n");
-	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
-	BIO_printf(bio_err," -dtls1        - Just talk DTLSv1\n");
-	BIO_printf(bio_err," -timeout      - Enable timeouts\n");
-	BIO_printf(bio_err," -mtu          - Set link layer MTU\n");
-	BIO_printf(bio_err," -chain        - Read a certificate chain\n");
-	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
-	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
-	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
-	BIO_printf(bio_err," -no_tls1_1    - Just disable TLSv1.1\n");
-	BIO_printf(bio_err," -no_tls1_2    - Just disable TLSv1.2\n");
-#ifndef OPENSSL_NO_DH
-	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
-	BIO_printf(bio_err," -no_ecdhe     - Disable ephemeral ECDH\n");
-#endif
-	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
-	BIO_printf(bio_err," -hack         - workaround for early Netscape code\n");
-	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
-	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
-	BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
-        BIO_printf(bio_err,"                 with the assumption it contains a complete HTTP response.\n");
-#ifndef OPENSSL_NO_ENGINE
-	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
-#endif
-	BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
-	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-#ifndef OPENSSL_NO_TLSEXT
-	BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n");
-	BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
-	BIO_printf(bio_err," -cert2 arg    - certificate file to use for servername\n");
-	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT2);
-	BIO_printf(bio_err," -key2 arg     - Private Key file to use for servername, in cert file if\n");
-	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT2);
-	BIO_printf(bio_err," -tlsextdebug  - hex dump of all TLS extensions received\n");
-	BIO_printf(bio_err," -no_ticket    - disable use of RFC4507bis session tickets\n");
-	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
-# ifndef OPENSSL_NO_NEXTPROTONEG
-	BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
-# endif
-# ifndef OPENSSL_NO_SRTP
-        BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
-# endif
-#endif
-	BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
-	BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
-	BIO_printf(bio_err," -status           - respond to certificate status requests\n");
-	BIO_printf(bio_err," -status_verbose   - enable status request verbose printout\n");
-	BIO_printf(bio_err," -status_timeout n - status request responder timeout\n");
-	BIO_printf(bio_err," -status_url URL   - status request fallback URL\n");
-	}
-
-static int local_argc=0;
-static char **local_argv;
-
-#ifdef CHARSET_EBCDIC
-static int ebcdic_new(BIO *bi);
-static int ebcdic_free(BIO *a);
-static int ebcdic_read(BIO *b, char *out, int outl);
-static int ebcdic_write(BIO *b, const char *in, int inl);
-static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
-static int ebcdic_gets(BIO *bp, char *buf, int size);
-static int ebcdic_puts(BIO *bp, const char *str);
-
-#define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
-static BIO_METHOD methods_ebcdic=
-	{
-	BIO_TYPE_EBCDIC_FILTER,
-	"EBCDIC/ASCII filter",
-	ebcdic_write,
-	ebcdic_read,
-	ebcdic_puts,
-	ebcdic_gets,
-	ebcdic_ctrl,
-	ebcdic_new,
-	ebcdic_free,
-	};
-
-typedef struct
-{
-	size_t	alloced;
-	char	buff[1];
-} EBCDIC_OUTBUFF;
-
-BIO_METHOD *BIO_f_ebcdic_filter()
-{
-	return(&methods_ebcdic);
-}
-
-static int ebcdic_new(BIO *bi)
-{
-	EBCDIC_OUTBUFF *wbuf;
-
-	wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
-	wbuf->alloced = 1024;
-	wbuf->buff[0] = '\0';
-
-	bi->ptr=(char *)wbuf;
-	bi->init=1;
-	bi->flags=0;
-	return(1);
-}
-
-static int ebcdic_free(BIO *a)
-{
-	if (a == NULL) return(0);
-	if (a->ptr != NULL)
-		OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-}
-	
-static int ebcdic_read(BIO *b, char *out, int outl)
-{
-	int ret=0;
-
-	if (out == NULL || outl == 0) return(0);
-	if (b->next_bio == NULL) return(0);
-
-	ret=BIO_read(b->next_bio,out,outl);
-	if (ret > 0)
-		ascii2ebcdic(out,out,ret);
-	return(ret);
-}
-
-static int ebcdic_write(BIO *b, const char *in, int inl)
-{
-	EBCDIC_OUTBUFF *wbuf;
-	int ret=0;
-	int num;
-	unsigned char n;
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-	if (b->next_bio == NULL) return(0);
-
-	wbuf=(EBCDIC_OUTBUFF *)b->ptr;
-
-	if (inl > (num = wbuf->alloced))
-	{
-		num = num + num;  /* double the size */
-		if (num < inl)
-			num = inl;
-		OPENSSL_free(wbuf);
-		wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
-
-		wbuf->alloced = num;
-		wbuf->buff[0] = '\0';
-
-		b->ptr=(char *)wbuf;
-	}
-
-	ebcdic2ascii(wbuf->buff, in, inl);
-
-	ret=BIO_write(b->next_bio, wbuf->buff, inl);
-
-	return(ret);
-}
-
-static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
-{
-	long ret;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-	{
-	case BIO_CTRL_DUP:
-		ret=0L;
-		break;
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	}
-	return(ret);
-}
-
-static int ebcdic_gets(BIO *bp, char *buf, int size)
-{
-	int i, ret=0;
-	if (bp->next_bio == NULL) return(0);
-/*	return(BIO_gets(bp->next_bio,buf,size));*/
-	for (i=0; i<size-1; ++i)
-	{
-		ret = ebcdic_read(bp,&buf[i],1);
-		if (ret <= 0)
-			break;
-		else if (buf[i] == '\n')
-		{
-			++i;
-			break;
-		}
-	}
-	if (i < size)
-		buf[i] = '\0';
-	return (ret < 0 && i == 0) ? ret : i;
-}
-
-static int ebcdic_puts(BIO *bp, const char *str)
-{
-	if (bp->next_bio == NULL) return(0);
-	return ebcdic_write(bp, str, strlen(str));
-}
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-
-/* This is a context that we pass to callbacks */
-typedef struct tlsextctx_st {
-   char * servername;
-   BIO * biodebug;
-   int extension_error;
-} tlsextctx;
-
-
-static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
-	{
-	tlsextctx * p = (tlsextctx *) arg;
-	const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-        if (servername && p->biodebug) 
-		BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername);
-        
-	if (!p->servername)
-		return SSL_TLSEXT_ERR_NOACK;
-	
-	if (servername)
-		{
-    		if (strcasecmp(servername,p->servername)) 
-			return p->extension_error;
-		if (ctx2)
-			{
-			BIO_printf(p->biodebug,"Switching server context.\n");
-			SSL_set_SSL_CTX(s,ctx2);
-			}     
-		}
-	return SSL_TLSEXT_ERR_OK;
-}
-
-/* Structure passed to cert status callback */
-
-typedef struct tlsextstatusctx_st {
-   /* Default responder to use */
-   char *host, *path, *port;
-   int use_ssl;
-   int timeout;
-   BIO *err;
-   int verbose;
-} tlsextstatusctx;
-
-static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0};
-
-/* Certificate Status callback. This is called when a client includes a
- * certificate status request extension.
- *
- * This is a simplified version. It examines certificates each time and
- * makes one OCSP responder query for each request.
- *
- * A full version would store details such as the OCSP certificate IDs and
- * minimise the number of OCSP responses by caching them until they were
- * considered "expired".
- */
-
-static int cert_status_cb(SSL *s, void *arg)
-	{
-	tlsextstatusctx *srctx = arg;
-	BIO *err = srctx->err;
-	char *host, *port, *path;
-	int use_ssl;
-	unsigned char *rspder = NULL;
-	int rspderlen;
-	STACK_OF(OPENSSL_STRING) *aia = NULL;
-	X509 *x = NULL;
-	X509_STORE_CTX inctx;
-	X509_OBJECT obj;
-	OCSP_REQUEST *req = NULL;
-	OCSP_RESPONSE *resp = NULL;
-	OCSP_CERTID *id = NULL;
-	STACK_OF(X509_EXTENSION) *exts;
-	int ret = SSL_TLSEXT_ERR_NOACK;
-	int i;
-#if 0
-STACK_OF(OCSP_RESPID) *ids;
-SSL_get_tlsext_status_ids(s, &ids);
-BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
-#endif
-	if (srctx->verbose)
-		BIO_puts(err, "cert_status: callback called\n");
-	/* Build up OCSP query from server certificate */
-	x = SSL_get_certificate(s);
-	aia = X509_get1_ocsp(x);
-	if (aia)
-		{
-		if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
-			&host, &port, &path, &use_ssl))
-			{
-			BIO_puts(err, "cert_status: can't parse AIA URL\n");
-			goto err;
-			}
-		if (srctx->verbose)
-			BIO_printf(err, "cert_status: AIA URL: %s\n",
-					sk_OPENSSL_STRING_value(aia, 0));
-		}
-	else
-		{
-		if (!srctx->host)
-			{
-			BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n");
-			goto done;
-			}
-		host = srctx->host;
-		path = srctx->path;
-		port = srctx->port;
-		use_ssl = srctx->use_ssl;
-		}
-		
-	if (!X509_STORE_CTX_init(&inctx,
-				SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
-				NULL, NULL))
-		goto err;
-	if (X509_STORE_get_by_subject(&inctx,X509_LU_X509,
-				X509_get_issuer_name(x),&obj) <= 0)
-		{
-		BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
-		X509_STORE_CTX_cleanup(&inctx);
-		goto done;
-		}
-	req = OCSP_REQUEST_new();
-	if (!req)
-		goto err;
-	id = OCSP_cert_to_id(NULL, x, obj.data.x509);
-	X509_free(obj.data.x509);
-	X509_STORE_CTX_cleanup(&inctx);
-	if (!id)
-		goto err;
-	if (!OCSP_request_add0_id(req, id))
-		goto err;
-	id = NULL;
-	/* Add any extensions to the request */
-	SSL_get_tlsext_status_exts(s, &exts);
-	for (i = 0; i < sk_X509_EXTENSION_num(exts); i++)
-		{
-		X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
-		if (!OCSP_REQUEST_add_ext(req, ext, -1))
-			goto err;
-		}
-	resp = process_responder(err, req, host, path, port, use_ssl, NULL,
-					srctx->timeout);
-	if (!resp)
-		{
-		BIO_puts(err, "cert_status: error querying responder\n");
-		goto done;
-		}
-	rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
-	if (rspderlen <= 0)
-		goto err;
-	SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
-	if (srctx->verbose)
-		{
-		BIO_puts(err, "cert_status: ocsp response sent:\n");
-		OCSP_RESPONSE_print(err, resp, 2);
-		}
-	ret = SSL_TLSEXT_ERR_OK;
-	done:
-	if (ret != SSL_TLSEXT_ERR_OK)
-		ERR_print_errors(err);
-	if (aia)
-		{
-		OPENSSL_free(host);
-		OPENSSL_free(path);
-		OPENSSL_free(port);
-		X509_email_free(aia);
-		}
-	if (id)
-		OCSP_CERTID_free(id);
-	if (req)
-		OCSP_REQUEST_free(req);
-	if (resp)
-		OCSP_RESPONSE_free(resp);
-	return ret;
-	err:
-	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-	goto done;
-	}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-/* This is the context that we pass to next_proto_cb */
-typedef struct tlsextnextprotoctx_st {
-	unsigned char *data;
-	unsigned int len;
-} tlsextnextprotoctx;
-
-static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
-	{
-	tlsextnextprotoctx *next_proto = arg;
-
-	*data = next_proto->data;
-	*len = next_proto->len;
-
-	return SSL_TLSEXT_ERR_OK;
-	}
-# endif  /* ndef OPENSSL_NO_NEXTPROTONEG */
-
-
-#endif
-
-int MAIN(int, char **);
-
-#ifndef OPENSSL_NO_JPAKE
-static char *jpake_secret = NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-	static srpsrvparm srp_callback_parm;
-#endif
-#ifndef OPENSSL_NO_SRTP
-static char *srtp_profiles = NULL;
-#endif
-
-int MAIN(int argc, char *argv[])
-	{
-	X509_VERIFY_PARAM *vpm = NULL;
-	int badarg = 0;
-	short port=PORT;
-	char *CApath=NULL,*CAfile=NULL;
-	unsigned char *context = NULL;
-	char *dhfile = NULL;
-#ifndef OPENSSL_NO_ECDH
-	char *named_curve = NULL;
-#endif
-	int badop=0,bugs=0;
-	int ret=1;
-	int off=0;
-	int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
-	int state=0;
-	const SSL_METHOD *meth=NULL;
-	int socket_type=SOCK_STREAM;
-	ENGINE *e=NULL;
-	char *inrand=NULL;
-	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-	char *passarg = NULL, *pass = NULL;
-	char *dpassarg = NULL, *dpass = NULL;
-	int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
-	X509 *s_cert = NULL, *s_dcert = NULL;
-	EVP_PKEY *s_key = NULL, *s_dkey = NULL;
-	int no_cache = 0;
-#ifndef OPENSSL_NO_TLSEXT
-	EVP_PKEY *s_key2 = NULL;
-	X509 *s_cert2 = NULL;
-        tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
-# ifndef OPENSSL_NO_NEXTPROTONEG
-	const char *next_proto_neg_in = NULL;
-	tlsextnextprotoctx next_proto;
-# endif
-#endif
-#ifndef OPENSSL_NO_PSK
-	/* by default do not send a PSK identity hint */
-	static char *psk_identity_hint=NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-	char *srpuserseed = NULL;
-	char *srp_verifier_file = NULL;
-#endif
-	meth=SSLv23_server_method();
-
-	local_argc=argc;
-	local_argv=argv;
-
-	apps_startup();
-#ifdef MONOLITH
-	s_server_init();
-#endif
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	verify_depth=0;
-#ifdef FIONBIO
-	s_nbio=0;
-#endif
-	s_nbio_test=0;
-
-	argc--;
-	argv++;
-
-	while (argc >= 1)
-		{
-		if	((strcmp(*argv,"-port") == 0) ||
-			 (strcmp(*argv,"-accept") == 0))
-			{
-			if (--argc < 1) goto bad;
-			if (!extract_port(*(++argv),&port))
-				goto bad;
-			}
-		else if	(strcmp(*argv,"-verify") == 0)
-			{
-			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
-			if (--argc < 1) goto bad;
-			verify_depth=atoi(*(++argv));
-			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
-			}
-		else if	(strcmp(*argv,"-Verify") == 0)
-			{
-			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
-				SSL_VERIFY_CLIENT_ONCE;
-			if (--argc < 1) goto bad;
-			verify_depth=atoi(*(++argv));
-			BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
-			}
-		else if	(strcmp(*argv,"-context") == 0)
-			{
-			if (--argc < 1) goto bad;
-			context= (unsigned char *)*(++argv);
-			}
-		else if	(strcmp(*argv,"-cert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			s_cert_file= *(++argv);
-			}
-		else if	(strcmp(*argv,"-certform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			s_cert_format = str2fmt(*(++argv));
-			}
-		else if	(strcmp(*argv,"-key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			s_key_file= *(++argv);
-			}
-		else if	(strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			s_key_format = str2fmt(*(++argv));
-			}
-		else if	(strcmp(*argv,"-pass") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passarg = *(++argv);
-			}
-		else if	(strcmp(*argv,"-dhparam") == 0)
-			{
-			if (--argc < 1) goto bad;
-			dhfile = *(++argv);
-			}
-#ifndef OPENSSL_NO_ECDH		
-		else if	(strcmp(*argv,"-named_curve") == 0)
-			{
-			if (--argc < 1) goto bad;
-			named_curve = *(++argv);
-			}
-#endif
-		else if	(strcmp(*argv,"-dcertform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			s_dcert_format = str2fmt(*(++argv));
-			}
-		else if	(strcmp(*argv,"-dcert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			s_dcert_file= *(++argv);
-			}
-		else if	(strcmp(*argv,"-dkeyform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			s_dkey_format = str2fmt(*(++argv));
-			}
-		else if	(strcmp(*argv,"-dpass") == 0)
-			{
-			if (--argc < 1) goto bad;
-			dpassarg = *(++argv);
-			}
-		else if	(strcmp(*argv,"-dkey") == 0)
-			{
-			if (--argc < 1) goto bad;
-			s_dkey_file= *(++argv);
-			}
-		else if (strcmp(*argv,"-nocert") == 0)
-			{
-			nocert=1;
-			}
-		else if	(strcmp(*argv,"-CApath") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CApath= *(++argv);
-			}
-		else if (strcmp(*argv,"-no_cache") == 0)
-			no_cache = 1;
-		else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm))
-			{
-			if (badarg)
-				goto bad;
-			continue;
-			}
-		else if (strcmp(*argv,"-verify_return_error") == 0)
-			verify_return_error = 1;
-		else if	(strcmp(*argv,"-serverpref") == 0)
-			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
-		else if (strcmp(*argv,"-legacy_renegotiation") == 0)
-			off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-		else if	(strcmp(*argv,"-cipher") == 0)
-			{
-			if (--argc < 1) goto bad;
-			cipher= *(++argv);
-			}
-		else if	(strcmp(*argv,"-CAfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAfile= *(++argv);
-			}
-#ifdef FIONBIO	
-		else if	(strcmp(*argv,"-nbio") == 0)
-			{ s_nbio=1; }
-#endif
-		else if	(strcmp(*argv,"-nbio_test") == 0)
-			{
-#ifdef FIONBIO	
-			s_nbio=1;
-#endif
-			s_nbio_test=1;
-			}
-		else if	(strcmp(*argv,"-debug") == 0)
-			{ s_debug=1; }
-#ifndef OPENSSL_NO_TLSEXT
-		else if	(strcmp(*argv,"-tlsextdebug") == 0)
-			s_tlsextdebug=1;
-		else if	(strcmp(*argv,"-status") == 0)
-			s_tlsextstatus=1;
-		else if	(strcmp(*argv,"-status_verbose") == 0)
-			{
-			s_tlsextstatus=1;
-			tlscstatp.verbose = 1;
-			}
-		else if (!strcmp(*argv, "-status_timeout"))
-			{
-			s_tlsextstatus=1;
-                        if (--argc < 1) goto bad;
-			tlscstatp.timeout = atoi(*(++argv));
-			}
-		else if (!strcmp(*argv, "-status_url"))
-			{
-			s_tlsextstatus=1;
-                        if (--argc < 1) goto bad;
-			if (!OCSP_parse_url(*(++argv),
-					&tlscstatp.host,
-					&tlscstatp.port,
-					&tlscstatp.path,
-					&tlscstatp.use_ssl))
-				{
-				BIO_printf(bio_err, "Error parsing URL\n");
-				goto bad;
-				}
-			}
-#endif
-		else if	(strcmp(*argv,"-msg") == 0)
-			{ s_msg=1; }
-		else if	(strcmp(*argv,"-hack") == 0)
-			{ hack=1; }
-		else if	(strcmp(*argv,"-state") == 0)
-			{ state=1; }
-		else if	(strcmp(*argv,"-crlf") == 0)
-			{ s_crlf=1; }
-		else if	(strcmp(*argv,"-quiet") == 0)
-			{ s_quiet=1; }
-		else if	(strcmp(*argv,"-bugs") == 0)
-			{ bugs=1; }
-		else if	(strcmp(*argv,"-no_tmp_rsa") == 0)
-			{ no_tmp_rsa=1; }
-		else if	(strcmp(*argv,"-no_dhe") == 0)
-			{ no_dhe=1; }
-		else if	(strcmp(*argv,"-no_ecdhe") == 0)
-			{ no_ecdhe=1; }
-#ifndef OPENSSL_NO_PSK
-                else if (strcmp(*argv,"-psk_hint") == 0)
-			{
-                        if (--argc < 1) goto bad;
-                        psk_identity_hint= *(++argv);
-                        }
-                else if (strcmp(*argv,"-psk") == 0)
-			{
-			size_t i;
-
-			if (--argc < 1) goto bad;
-			psk_key=*(++argv);
-			for (i=0; i<strlen(psk_key); i++)
-				{
-				if (isxdigit((unsigned char)psk_key[i]))
-					continue;
-				BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
-				goto bad;
-				}
-			}
-#endif
-#ifndef OPENSSL_NO_SRP
-		else if (strcmp(*argv, "-srpvfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			srp_verifier_file = *(++argv);
-			meth = TLSv1_server_method();
-			}
-		else if (strcmp(*argv, "-srpuserseed") == 0)
-			{
-			if (--argc < 1) goto bad;
-			srpuserseed = *(++argv);
-			meth = TLSv1_server_method();
-			}
-#endif
-		else if	(strcmp(*argv,"-www") == 0)
-			{ www=1; }
-		else if	(strcmp(*argv,"-WWW") == 0)
-			{ www=2; }
-		else if	(strcmp(*argv,"-HTTP") == 0)
-			{ www=3; }
-		else if	(strcmp(*argv,"-no_ssl2") == 0)
-			{ off|=SSL_OP_NO_SSLv2; }
-		else if	(strcmp(*argv,"-no_ssl3") == 0)
-			{ off|=SSL_OP_NO_SSLv3; }
-		else if	(strcmp(*argv,"-no_tls1") == 0)
-			{ off|=SSL_OP_NO_TLSv1; }
-		else if	(strcmp(*argv,"-no_tls1_1") == 0)
-			{ off|=SSL_OP_NO_TLSv1_1; }
-		else if	(strcmp(*argv,"-no_tls1_2") == 0)
-			{ off|=SSL_OP_NO_TLSv1_2; }
-		else if	(strcmp(*argv,"-no_comp") == 0)
-			{ off|=SSL_OP_NO_COMPRESSION; }
-#ifndef OPENSSL_NO_TLSEXT
-		else if	(strcmp(*argv,"-no_ticket") == 0)
-			{ off|=SSL_OP_NO_TICKET; }
-#endif
-#ifndef OPENSSL_NO_SSL2
-		else if	(strcmp(*argv,"-ssl2") == 0)
-			{ meth=SSLv2_server_method(); }
-#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-		else if	(strcmp(*argv,"-ssl3") == 0)
-			{ meth=SSLv3_server_method(); }
-#endif
-#ifndef OPENSSL_NO_TLS1
-		else if	(strcmp(*argv,"-tls1") == 0)
-			{ meth=TLSv1_server_method(); }
-		else if	(strcmp(*argv,"-tls1_1") == 0)
-			{ meth=TLSv1_1_server_method(); }
-		else if	(strcmp(*argv,"-tls1_2") == 0)
-			{ meth=TLSv1_2_server_method(); }
-#endif
-#ifndef OPENSSL_NO_DTLS1
-		else if	(strcmp(*argv,"-dtls1") == 0)
-			{ 
-			meth=DTLSv1_server_method();
-			socket_type = SOCK_DGRAM;
-			}
-		else if (strcmp(*argv,"-timeout") == 0)
-			enable_timeouts = 1;
-		else if (strcmp(*argv,"-mtu") == 0)
-			{
-			if (--argc < 1) goto bad;
-			socket_mtu = atol(*(++argv));
-			}
-		else if (strcmp(*argv, "-chain") == 0)
-			cert_chain = 1;
-#endif
-		else if (strcmp(*argv, "-id_prefix") == 0)
-			{
-			if (--argc < 1) goto bad;
-			session_id_prefix = *(++argv);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine_id= *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-rand") == 0)
-			{
-			if (--argc < 1) goto bad;
-			inrand= *(++argv);
-			}
-#ifndef OPENSSL_NO_TLSEXT
-		else if (strcmp(*argv,"-servername") == 0)
-			{
-			if (--argc < 1) goto bad;
-			tlsextcbp.servername= *(++argv);
-			}
-		else if (strcmp(*argv,"-servername_fatal") == 0)
-			{ tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; }
-		else if	(strcmp(*argv,"-cert2") == 0)
-			{
-			if (--argc < 1) goto bad;
-			s_cert_file2= *(++argv);
-			}
-		else if	(strcmp(*argv,"-key2") == 0)
-			{
-			if (--argc < 1) goto bad;
-			s_key_file2= *(++argv);
-			}
-# ifndef OPENSSL_NO_NEXTPROTONEG
-		else if	(strcmp(*argv,"-nextprotoneg") == 0)
-			{
-			if (--argc < 1) goto bad;
-			next_proto_neg_in = *(++argv);
-			}
-# endif
-#endif
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-		else if (strcmp(*argv,"-jpake") == 0)
-			{
-			if (--argc < 1) goto bad;
-			jpake_secret = *(++argv);
-			}
-#endif
-#ifndef OPENSSL_NO_SRTP
-		else if (strcmp(*argv,"-use_srtp") == 0)
-			{
-			if (--argc < 1) goto bad;
-			srtp_profiles = *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-keymatexport") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keymatexportlabel= *(++argv);
-			}
-		else if (strcmp(*argv,"-keymatexportlen") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keymatexportlen=atoi(*(++argv));
-			if (keymatexportlen == 0) goto bad;
-			}
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badop=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-	if (badop)
-		{
-bad:
-		sv_usage();
-		goto end;
-		}
-#ifndef OPENSSL_NO_DTLS1
-	if (www && socket_type == SOCK_DGRAM)
-		{
-		BIO_printf(bio_err,
-				"Can't use -HTTP, -www or -WWW with DTLS\n");
-		goto end;
-		}
-#endif
-
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-	if (jpake_secret)
-		{
-		if (psk_key)
-			{
-			BIO_printf(bio_err,
-				   "Can't use JPAKE and PSK together\n");
-			goto end;
-			}
-		psk_identity = "JPAKE";
-		if (cipher)
-			{
-			BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-			goto end;
-			}
-		cipher = "PSK";
-		}
-
-#endif
-
-	SSL_load_error_strings();
-	OpenSSL_add_ssl_algorithms();
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine_id, 1);
-#endif
-
-	if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))
-		{
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-		}
-
-
-	if (s_key_file == NULL)
-		s_key_file = s_cert_file;
-#ifndef OPENSSL_NO_TLSEXT
-	if (s_key_file2 == NULL)
-		s_key_file2 = s_cert_file2;
-#endif
-
-	if (nocert == 0)
-		{
-		s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
-		       "server certificate private key file");
-		if (!s_key)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-		s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
-			NULL, e, "server certificate file");
-
-		if (!s_cert)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-#ifndef OPENSSL_NO_TLSEXT
-		if (tlsextcbp.servername) 
-			{
-			s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
-				"second server certificate private key file");
-			if (!s_key2)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			
-			s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format,
-				NULL, e, "second server certificate file");
-			
-			if (!s_cert2)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			}
-#endif
-		}
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 
-	if (next_proto_neg_in)
-		{
-		unsigned short len;
-		next_proto.data = next_protos_parse(&len, next_proto_neg_in);
-		if (next_proto.data == NULL)
-			goto end;
-		next_proto.len = len;
-		}
-	else
-		{
-		next_proto.data = NULL;
-		}
-#endif
-
-
-	if (s_dcert_file)
-		{
-
-		if (s_dkey_file == NULL)
-			s_dkey_file = s_dcert_file;
-
-		s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
-				0, dpass, e,
-			       "second certificate private key file");
-		if (!s_dkey)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-		s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format,
-				NULL, e, "second server certificate file");
-
-		if (!s_dcert)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-		}
-
-	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
-		&& !RAND_status())
-		{
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-		}
-	if (inrand != NULL)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			app_RAND_load_files(inrand));
-
-	if (bio_s_out == NULL)
-		{
-		if (s_quiet && !s_debug && !s_msg)
-			{
-			bio_s_out=BIO_new(BIO_s_null());
-			}
-		else
-			{
-			if (bio_s_out == NULL)
-				bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-			}
-		}
-
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-	if (nocert)
-#endif
-		{
-		s_cert_file=NULL;
-		s_key_file=NULL;
-		s_dcert_file=NULL;
-		s_dkey_file=NULL;
-#ifndef OPENSSL_NO_TLSEXT
-		s_cert_file2=NULL;
-		s_key_file2=NULL;
-#endif
-		}
-
-	ctx=SSL_CTX_new(meth);
-	if (ctx == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	if (session_id_prefix)
-		{
-		if(strlen(session_id_prefix) >= 32)
-			BIO_printf(bio_err,
-"warning: id_prefix is too long, only one new session will be possible\n");
-		else if(strlen(session_id_prefix) >= 16)
-			BIO_printf(bio_err,
-"warning: id_prefix is too long if you use SSLv2\n");
-		if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
-			{
-			BIO_printf(bio_err,"error setting 'id_prefix'\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
-		}
-	SSL_CTX_set_quiet_shutdown(ctx,1);
-	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
-	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
-	SSL_CTX_set_options(ctx,off);
-	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
-	 * Setting read ahead solves this problem.
-	 */
-	if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
-
-	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
-	if (no_cache)
-		SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
-	else
-		SSL_CTX_sess_set_cache_size(ctx,128);
-
-#ifndef OPENSSL_NO_SRTP
-	if (srtp_profiles != NULL)
-		SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
-#endif
-
-#if 0
-	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
-#endif
-
-#if 0
-	if (s_cert_file == NULL)
-		{
-		BIO_printf(bio_err,"You must specify a certificate file for the server to use\n");
-		goto end;
-		}
-#endif
-
-	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
-		(!SSL_CTX_set_default_verify_paths(ctx)))
-		{
-		/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
-		ERR_print_errors(bio_err);
-		/* goto end; */
-		}
-	if (vpm)
-		SSL_CTX_set1_param(ctx, vpm);
-
-#ifndef OPENSSL_NO_TLSEXT
-	if (s_cert2)
-		{
-		ctx2=SSL_CTX_new(meth);
-		if (ctx2 == NULL)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-	
-	if (ctx2)
-		{
-		BIO_printf(bio_s_out,"Setting secondary ctx parameters\n");
-
-		if (session_id_prefix)
-			{
-			if(strlen(session_id_prefix) >= 32)
-				BIO_printf(bio_err,
-					"warning: id_prefix is too long, only one new session will be possible\n");
-			else if(strlen(session_id_prefix) >= 16)
-				BIO_printf(bio_err,
-					"warning: id_prefix is too long if you use SSLv2\n");
-			if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id))
-				{
-				BIO_printf(bio_err,"error setting 'id_prefix'\n");
-				ERR_print_errors(bio_err);
-				goto end;
-				}
-			BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
-			}
-		SSL_CTX_set_quiet_shutdown(ctx2,1);
-		if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);
-		if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
-		SSL_CTX_set_options(ctx2,off);
-		/* DTLS: partial reads end up discarding unread UDP bytes :-( 
-		 * Setting read ahead solves this problem.
-		 */
-		if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);
-
-		if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
-
-		if (no_cache)
-			SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
-		else
-			SSL_CTX_sess_set_cache_size(ctx2,128);
-
-		if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
-			(!SSL_CTX_set_default_verify_paths(ctx2)))
-			{
-			ERR_print_errors(bio_err);
-			}
-		if (vpm)
-			SSL_CTX_set1_param(ctx2, vpm);
-		}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-	if (next_proto.data)
-		SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);
-# endif
-#endif 
-
-#ifndef OPENSSL_NO_DH
-	if (!no_dhe)
-		{
-		DH *dh=NULL;
-
-		if (dhfile)
-			dh = load_dh_param(dhfile);
-		else if (s_cert_file)
-			dh = load_dh_param(s_cert_file);
-
-		if (dh != NULL)
-			{
-			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
-			}
-		else
-			{
-			BIO_printf(bio_s_out,"Using default temp DH parameters\n");
-			dh=get_dh512();
-			}
-		(void)BIO_flush(bio_s_out);
-
-		SSL_CTX_set_tmp_dh(ctx,dh);
-#ifndef OPENSSL_NO_TLSEXT
-		if (ctx2)
-			{
-			if (!dhfile)
-				{ 
-				DH *dh2=load_dh_param(s_cert_file2);
-				if (dh2 != NULL)
-					{
-					BIO_printf(bio_s_out,"Setting temp DH parameters\n");
-					(void)BIO_flush(bio_s_out);
-
-					DH_free(dh);
-					dh = dh2;
-					}
-				}
-			SSL_CTX_set_tmp_dh(ctx2,dh);
-			}
-#endif
-		DH_free(dh);
-		}
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-	if (!no_ecdhe)
-		{
-		EC_KEY *ecdh=NULL;
-
-		if (named_curve)
-			{
-			int nid = OBJ_sn2nid(named_curve);
-
-			if (nid == 0)
-				{
-				BIO_printf(bio_err, "unknown curve name (%s)\n", 
-					named_curve);
-				goto end;
-				}
-			ecdh = EC_KEY_new_by_curve_name(nid);
-			if (ecdh == NULL)
-				{
-				BIO_printf(bio_err, "unable to create curve (%s)\n", 
-					named_curve);
-				goto end;
-				}
-			}
-
-		if (ecdh != NULL)
-			{
-			BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
-			}
-		else
-			{
-			BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
-			ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-			if (ecdh == NULL) 
-				{
-				BIO_printf(bio_err, "unable to create curve (nistp256)\n");
-				goto end;
-				}
-			}
-		(void)BIO_flush(bio_s_out);
-
-		SSL_CTX_set_tmp_ecdh(ctx,ecdh);
-#ifndef OPENSSL_NO_TLSEXT
-		if (ctx2) 
-			SSL_CTX_set_tmp_ecdh(ctx2,ecdh);
-#endif
-		EC_KEY_free(ecdh);
-		}
-#endif
-	
-	if (!set_cert_key_stuff(ctx, s_cert, s_key))
-		goto end;
-#ifndef OPENSSL_NO_TLSEXT
-	if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))
-		goto end; 
-#endif
-	if (s_dcert != NULL)
-		{
-		if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
-			goto end;
-		}
-
-#ifndef OPENSSL_NO_RSA
-#if 1
-	if (!no_tmp_rsa)
-		{
-		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
-#ifndef OPENSSL_NO_TLSEXT
-		if (ctx2) 
-			SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb);
-#endif		
-		}
-#else
-	if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
-		{
-		RSA *rsa;
-
-		BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key...");
-		BIO_flush(bio_s_out);
-
-		rsa=RSA_generate_key(512,RSA_F4,NULL);
-
-		if (!SSL_CTX_set_tmp_rsa(ctx,rsa))
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-#ifndef OPENSSL_NO_TLSEXT
-			if (ctx2)
-				{
-				if (!SSL_CTX_set_tmp_rsa(ctx2,rsa))
-					{
-					ERR_print_errors(bio_err);
-					goto end;
-					}
-				}
-#endif
-		RSA_free(rsa);
-		BIO_printf(bio_s_out,"\n");
-		}
-#endif
-#endif
-
-#ifndef OPENSSL_NO_PSK
-#ifdef OPENSSL_NO_JPAKE
-	if (psk_key != NULL)
-#else
-	if (psk_key != NULL || jpake_secret)
-#endif
-		{
-		if (s_debug)
-			BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
-		SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
-		}
-
-	if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint))
-		{
-		BIO_printf(bio_err,"error setting PSK identity hint to context\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-#endif
-
-	if (cipher != NULL)
-		{
-		if(!SSL_CTX_set_cipher_list(ctx,cipher))
-			{
-			BIO_printf(bio_err,"error setting cipher list\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-#ifndef OPENSSL_NO_TLSEXT
-		if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher))
-			{
-			BIO_printf(bio_err,"error setting cipher list\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-#endif
-		}
-	SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
-	SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
-		sizeof s_server_session_id_context);
-
-	/* Set DTLS cookie generation and verification callbacks */
-	SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
-	SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
-
-#ifndef OPENSSL_NO_TLSEXT
-	if (ctx2)
-		{
-		SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback);
-		SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context,
-			sizeof s_server_session_id_context);
-
-		tlsextcbp.biodebug = bio_s_out;
-		SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
-		SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
-		SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
-		SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
-		}
-#endif
-
-#ifndef OPENSSL_NO_SRP
-	if (srp_verifier_file != NULL)
-		{
-		srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
-		srp_callback_parm.user = NULL;
-		srp_callback_parm.login = NULL;
-		if ((ret = SRP_VBASE_init(srp_callback_parm.vb, srp_verifier_file)) != SRP_NO_ERROR)
-			{
-			BIO_printf(bio_err,
-				   "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
-				   srp_verifier_file, ret);
-				goto end;
-			}
-		SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,verify_callback);
-		SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);  			
-		SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
-		}
-	else
-#endif
-	if (CAfile != NULL)
-		{
-		SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
-#ifndef OPENSSL_NO_TLSEXT
-		if (ctx2) 
-			SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile));
-#endif
-		}
-
-	BIO_printf(bio_s_out,"ACCEPT\n");
-	(void)BIO_flush(bio_s_out);
-	if (www)
-		do_server(port,socket_type,&accept_socket,www_body, context);
-	else
-		do_server(port,socket_type,&accept_socket,sv_body, context);
-	print_stats(bio_s_out,ctx);
-	ret=0;
-end:
-	if (ctx != NULL) SSL_CTX_free(ctx);
-	if (s_cert)
-		X509_free(s_cert);
-	if (s_dcert)
-		X509_free(s_dcert);
-	if (s_key)
-		EVP_PKEY_free(s_key);
-	if (s_dkey)
-		EVP_PKEY_free(s_dkey);
-	if (pass)
-		OPENSSL_free(pass);
-	if (dpass)
-		OPENSSL_free(dpass);
-	if (vpm)
-		X509_VERIFY_PARAM_free(vpm);
-#ifndef OPENSSL_NO_TLSEXT
-	if (tlscstatp.host)
-		OPENSSL_free(tlscstatp.host);
-	if (tlscstatp.port)
-		OPENSSL_free(tlscstatp.port);
-	if (tlscstatp.path)
-		OPENSSL_free(tlscstatp.path);
-	if (ctx2 != NULL) SSL_CTX_free(ctx2);
-	if (s_cert2)
-		X509_free(s_cert2);
-	if (s_key2)
-		EVP_PKEY_free(s_key2);
-#endif
-	if (bio_s_out != NULL)
-		{
-        BIO_free(bio_s_out);
-		bio_s_out=NULL;
-		}
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
-	{
-	BIO_printf(bio,"%4ld items in the session cache\n",
-		SSL_CTX_sess_number(ssl_ctx));
-	BIO_printf(bio,"%4ld client connects (SSL_connect())\n",
-		SSL_CTX_sess_connect(ssl_ctx));
-	BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n",
-		SSL_CTX_sess_connect_renegotiate(ssl_ctx));
-	BIO_printf(bio,"%4ld client connects that finished\n",
-		SSL_CTX_sess_connect_good(ssl_ctx));
-	BIO_printf(bio,"%4ld server accepts (SSL_accept())\n",
-		SSL_CTX_sess_accept(ssl_ctx));
-	BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n",
-		SSL_CTX_sess_accept_renegotiate(ssl_ctx));
-	BIO_printf(bio,"%4ld server accepts that finished\n",
-		SSL_CTX_sess_accept_good(ssl_ctx));
-	BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
-	BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
-	BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
-	BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
-	BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n",
-		SSL_CTX_sess_cache_full(ssl_ctx),
-		SSL_CTX_sess_get_cache_size(ssl_ctx));
-	}
-
-static int sv_body(char *hostname, int s, unsigned char *context)
-	{
-	char *buf=NULL;
-	fd_set readfds;
-	int ret=1,width;
-	int k,i;
-	unsigned long l;
-	SSL *con=NULL;
-	BIO *sbio;
-#ifndef OPENSSL_NO_KRB5
-	KSSL_CTX *kctx;
-#endif
-	struct timeval timeout;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
-	struct timeval tv;
-#else
-	struct timeval *timeoutp;
-#endif
-
-	if ((buf=OPENSSL_malloc(bufsize)) == NULL)
-		{
-		BIO_printf(bio_err,"out of memory\n");
-		goto err;
-		}
-#ifdef FIONBIO	
-	if (s_nbio)
-		{
-		unsigned long sl=1;
-
-		if (!s_quiet)
-			BIO_printf(bio_err,"turning on non blocking io\n");
-		if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
-			ERR_print_errors(bio_err);
-		}
-#endif
-
-	if (con == NULL) {
-		con=SSL_new(ctx);
-#ifndef OPENSSL_NO_TLSEXT
-	if (s_tlsextdebug)
-		{
-		SSL_set_tlsext_debug_callback(con, tlsext_cb);
-		SSL_set_tlsext_debug_arg(con, bio_s_out);
-		}
-	if (s_tlsextstatus)
-		{
-		SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
-		tlscstatp.err = bio_err;
-		SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
-		}
-#endif
-#ifndef OPENSSL_NO_KRB5
-		if ((kctx = kssl_ctx_new()) != NULL)
-                        {
-			SSL_set0_kssl_ctx(con, kctx);
-                        kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
-                        kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
-                        }
-#endif	/* OPENSSL_NO_KRB5 */
-		if(context)
-		      SSL_set_session_id_context(con, context,
-						 strlen((char *)context));
-	}
-	SSL_clear(con);
-#if 0
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	SSL_set_tlsext_opaque_prf_input(con, "Test server", 11);
-#endif
-#endif
-
-	if (SSL_version(con) == DTLS1_VERSION)
-		{
-
-		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
-
-		if (enable_timeouts)
-			{
-			timeout.tv_sec = 0;
-			timeout.tv_usec = DGRAM_RCV_TIMEOUT;
-			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
-			
-			timeout.tv_sec = 0;
-			timeout.tv_usec = DGRAM_SND_TIMEOUT;
-			BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
-			}
-
-		if (socket_mtu)
-			{
-			if(socket_mtu < DTLS_get_link_min_mtu(con))
-				{
-				BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
-					DTLS_get_link_min_mtu(con));
-				ret = -1;
-				BIO_free(sbio);
-				goto err;
-				}
-			SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
-			if(!DTLS_set_link_mtu(con, socket_mtu))
-				{
-				BIO_printf(bio_err, "Failed to set MTU\n");
-				ret = -1;
-				BIO_free(sbio);
-				goto err;
-				}
-			}
-		else
-			/* want to do MTU discovery */
-			BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
-
-        /* turn on cookie exchange */
-        SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
-		}
-	else
-		sbio=BIO_new_socket(s,BIO_NOCLOSE);
-
-	if (s_nbio_test)
-		{
-		BIO *test;
-
-		test=BIO_new(BIO_f_nbio_test());
-		sbio=BIO_push(test,sbio);
-		}
-#ifndef OPENSSL_NO_JPAKE
-	if(jpake_secret)
-		jpake_server_auth(bio_s_out, sbio, jpake_secret);
-#endif
-
-	SSL_set_bio(con,sbio,sbio);
-	SSL_set_accept_state(con);
-	/* SSL_set_fd(con,s); */
-
-	if (s_debug)
-		{
-		SSL_set_debug(con, 1);
-		BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
-		BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
-		}
-	if (s_msg)
-		{
-		SSL_set_msg_callback(con, msg_cb);
-		SSL_set_msg_callback_arg(con, bio_s_out);
-		}
-#ifndef OPENSSL_NO_TLSEXT
-	if (s_tlsextdebug)
-		{
-		SSL_set_tlsext_debug_callback(con, tlsext_cb);
-		SSL_set_tlsext_debug_arg(con, bio_s_out);
-		}
-#endif
-
-	width=s+1;
-	for (;;)
-		{
-		int read_from_terminal;
-		int read_from_sslcon;
-
-		read_from_terminal = 0;
-		read_from_sslcon = SSL_pending(con);
-
-		if (!read_from_sslcon)
-			{
-			FD_ZERO(&readfds);
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_BEOS_R5)
-			openssl_fdset(fileno(stdin),&readfds);
-#endif
-			openssl_fdset(s,&readfds);
-			/* Note: under VMS with SOCKETSHR the second parameter is
-			 * currently of type (int *) whereas under other systems
-			 * it is (void *) if you don't have a cast it will choke
-			 * the compiler: if you do have a cast then you can either
-			 * go for (int *) or (void *).
-			 */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
-                        /* Under DOS (non-djgpp) and Windows we can't select on stdin: only
-			 * on sockets. As a workaround we timeout the select every
-			 * second and check for any keypress. In a proper Windows
-			 * application we wouldn't do this because it is inefficient.
-			 */
-			tv.tv_sec = 1;
-			tv.tv_usec = 0;
-			i=select(width,(void *)&readfds,NULL,NULL,&tv);
-			if((i < 0) || (!i && !_kbhit() ) )continue;
-			if(_kbhit())
-				read_from_terminal = 1;
-#elif defined(OPENSSL_SYS_BEOS_R5)
-			/* Under BeOS-R5 the situation is similar to DOS */
-			tv.tv_sec = 1;
-			tv.tv_usec = 0;
-			(void)fcntl(fileno(stdin), F_SETFL, O_NONBLOCK);
-			i=select(width,(void *)&readfds,NULL,NULL,&tv);
-			if ((i < 0) || (!i && read(fileno(stdin), buf, 0) < 0))
-				continue;
-			if (read(fileno(stdin), buf, 0) >= 0)
-				read_from_terminal = 1;
-			(void)fcntl(fileno(stdin), F_SETFL, 0);
-#else
-			if ((SSL_version(con) == DTLS1_VERSION) &&
-				DTLSv1_get_timeout(con, &timeout))
-				timeoutp = &timeout;
-			else
-				timeoutp = NULL;
-
-			i=select(width,(void *)&readfds,NULL,NULL,timeoutp);
-
-			if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
-				{
-				BIO_printf(bio_err,"TIMEOUT occured\n");
-				}
-
-			if (i <= 0) continue;
-			if (FD_ISSET(fileno(stdin),&readfds))
-				read_from_terminal = 1;
-#endif
-			if (FD_ISSET(s,&readfds))
-				read_from_sslcon = 1;
-			}
-		if (read_from_terminal)
-			{
-			if (s_crlf)
-				{
-				int j, lf_num;
-
-				i=raw_read_stdin(buf, bufsize/2);
-				lf_num = 0;
-				/* both loops are skipped when i <= 0 */
-				for (j = 0; j < i; j++)
-					if (buf[j] == '\n')
-						lf_num++;
-				for (j = i-1; j >= 0; j--)
-					{
-					buf[j+lf_num] = buf[j];
-					if (buf[j] == '\n')
-						{
-						lf_num--;
-						i++;
-						buf[j+lf_num] = '\r';
-						}
-					}
-				assert(lf_num == 0);
-				}
-			else
-				i=raw_read_stdin(buf,bufsize);
-			if (!s_quiet)
-				{
-				if ((i <= 0) || (buf[0] == 'Q'))
-					{
-					BIO_printf(bio_s_out,"DONE\n");
-					SHUTDOWN(s);
-					close_accept_socket();
-					ret= -11;
-					goto err;
-					}
-				if ((i <= 0) || (buf[0] == 'q'))
-					{
-					BIO_printf(bio_s_out,"DONE\n");
-					if (SSL_version(con) != DTLS1_VERSION)
-                        SHUTDOWN(s);
-	/*				close_accept_socket();
-					ret= -11;*/
-					goto err;
-					}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-				if ((buf[0] == 'B') &&
-					((buf[1] == '\n') || (buf[1] == '\r')))
-					{
-					BIO_printf(bio_err,"HEARTBEATING\n");
-					SSL_heartbeat(con);
-					i=0;
-					continue;
-					}
-#endif
-				if ((buf[0] == 'r') && 
-					((buf[1] == '\n') || (buf[1] == '\r')))
-					{
-					SSL_renegotiate(con);
-					i=SSL_do_handshake(con);
-					printf("SSL_do_handshake -> %d\n",i);
-					i=0; /*13; */
-					continue;
-					/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
-					}
-				if ((buf[0] == 'R') &&
-					((buf[1] == '\n') || (buf[1] == '\r')))
-					{
-					SSL_set_verify(con,
-						SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
-					SSL_renegotiate(con);
-					i=SSL_do_handshake(con);
-					printf("SSL_do_handshake -> %d\n",i);
-					i=0; /* 13; */
-					continue;
-					/* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */
-					}
-				if (buf[0] == 'P')
-					{
-					static const char *str="Lets print some clear text\n";
-					BIO_write(SSL_get_wbio(con),str,strlen(str));
-					}
-				if (buf[0] == 'S')
-					{
-					print_stats(bio_s_out,SSL_get_SSL_CTX(con));
-					}
-				}
-#ifdef CHARSET_EBCDIC
-			ebcdic2ascii(buf,buf,i);
-#endif
-			l=k=0;
-			for (;;)
-				{
-				/* should do a select for the write */
-#ifdef RENEG
-{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
-#endif
-				k=SSL_write(con,&(buf[l]),(unsigned int)i);
-#ifndef OPENSSL_NO_SRP
-				while (SSL_get_error(con,k) == SSL_ERROR_WANT_X509_LOOKUP)
-					{
-					BIO_printf(bio_s_out,"LOOKUP renego during write\n");
-					srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 
-					if (srp_callback_parm.user) 
-						BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
-					else 
-						BIO_printf(bio_s_out,"LOOKUP not successful\n");
-						k=SSL_write(con,&(buf[l]),(unsigned int)i);
-					}
-#endif
-				switch (SSL_get_error(con,k))
-					{
-				case SSL_ERROR_NONE:
-					break;
-				case SSL_ERROR_WANT_WRITE:
-				case SSL_ERROR_WANT_READ:
-				case SSL_ERROR_WANT_X509_LOOKUP:
-					BIO_printf(bio_s_out,"Write BLOCK\n");
-					break;
-				case SSL_ERROR_SYSCALL:
-				case SSL_ERROR_SSL:
-					BIO_printf(bio_s_out,"ERROR\n");
-					ERR_print_errors(bio_err);
-					ret=1;
-					goto err;
-					/* break; */
-				case SSL_ERROR_ZERO_RETURN:
-					BIO_printf(bio_s_out,"DONE\n");
-					ret=1;
-					goto err;
-					}
-				l+=k;
-				i-=k;
-				if (i <= 0) break;
-				}
-			}
-		if (read_from_sslcon)
-			{
-			if (!SSL_is_init_finished(con))
-				{
-				i=init_ssl_connection(con);
-				
-				if (i < 0)
-					{
-					ret=0;
-					goto err;
-					}
-				else if (i == 0)
-					{
-					ret=1;
-					goto err;
-					}
-				}
-			else
-				{
-again:	
-				i=SSL_read(con,(char *)buf,bufsize);
-#ifndef OPENSSL_NO_SRP
-				while (SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP)
-					{
-					BIO_printf(bio_s_out,"LOOKUP renego during read\n");
-					srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 
-					if (srp_callback_parm.user) 
-						BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
-					else 
-						BIO_printf(bio_s_out,"LOOKUP not successful\n");
-					i=SSL_read(con,(char *)buf,bufsize);
-					}
-#endif
-				switch (SSL_get_error(con,i))
-					{
-				case SSL_ERROR_NONE:
-#ifdef CHARSET_EBCDIC
-					ascii2ebcdic(buf,buf,i);
-#endif
-					raw_write_stdout(buf,
-						(unsigned int)i);
-					if (SSL_pending(con)) goto again;
-					break;
-				case SSL_ERROR_WANT_WRITE:
-				case SSL_ERROR_WANT_READ:
-					BIO_printf(bio_s_out,"Read BLOCK\n");
-					break;
-				case SSL_ERROR_SYSCALL:
-				case SSL_ERROR_SSL:
-					BIO_printf(bio_s_out,"ERROR\n");
-					ERR_print_errors(bio_err);
-					ret=1;
-					goto err;
-				case SSL_ERROR_ZERO_RETURN:
-					BIO_printf(bio_s_out,"DONE\n");
-					ret=1;
-					goto err;
-					}
-				}
-			}
-		}
-err:
-	if (con != NULL)
-		{
-		BIO_printf(bio_s_out,"shutting down SSL\n");
-#if 1
-		SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
-		SSL_shutdown(con);
-#endif
-		SSL_free(con);
-		}
-	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
-	if (buf != NULL)
-		{
-		OPENSSL_cleanse(buf,bufsize);
-		OPENSSL_free(buf);
-		}
-	if (ret >= 0)
-		BIO_printf(bio_s_out,"ACCEPT\n");
-	return(ret);
-	}
-
-static void close_accept_socket(void)
-	{
-	BIO_printf(bio_err,"shutdown accept socket\n");
-	if (accept_socket >= 0)
-		{
-		SHUTDOWN2(accept_socket);
-		}
-	}
-
-static int init_ssl_connection(SSL *con)
-	{
-	int i;
-	const char *str;
-	X509 *peer;
-	long verify_error;
-	MS_STATIC char buf[BUFSIZ];
-#ifndef OPENSSL_NO_KRB5
-	char *client_princ;
-#endif
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-	const unsigned char *next_proto_neg;
-	unsigned next_proto_neg_len;
-#endif
-	unsigned char *exportedkeymat;
-
-
-	i=SSL_accept(con);
-#ifndef OPENSSL_NO_SRP
-	while (i <= 0 &&  SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) 
-		{
-			BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
-			srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 
-			if (srp_callback_parm.user) 
-				BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
-			else 
-				BIO_printf(bio_s_out,"LOOKUP not successful\n");
-			i=SSL_accept(con);
-		}
-#endif
-	if (i <= 0)
-		{
-		if (BIO_sock_should_retry(i))
-			{
-			BIO_printf(bio_s_out,"DELAY\n");
-			return(1);
-			}
-
-		BIO_printf(bio_err,"ERROR\n");
-		verify_error=SSL_get_verify_result(con);
-		if (verify_error != X509_V_OK)
-			{
-			BIO_printf(bio_err,"verify error:%s\n",
-				X509_verify_cert_error_string(verify_error));
-			}
-		else
-			ERR_print_errors(bio_err);
-		return(0);
-		}
-
-	PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));
-
-	peer=SSL_get_peer_certificate(con);
-	if (peer != NULL)
-		{
-		BIO_printf(bio_s_out,"Client certificate\n");
-		PEM_write_bio_X509(bio_s_out,peer);
-		X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
-		BIO_printf(bio_s_out,"subject=%s\n",buf);
-		X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
-		BIO_printf(bio_s_out,"issuer=%s\n",buf);
-		X509_free(peer);
-		}
-
-	if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
-		BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
-	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
-	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-	SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
-	if (next_proto_neg)
-		{
-		BIO_printf(bio_s_out,"NEXTPROTO is ");
-		BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
-		BIO_printf(bio_s_out, "\n");
-		}
-#endif
-#ifndef OPENSSL_NO_SRTP
-	{
-	SRTP_PROTECTION_PROFILE *srtp_profile
-	  = SSL_get_selected_srtp_profile(con);
-
-	if(srtp_profile)
-		BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n",
-			   srtp_profile->name);
-	}
-#endif
-	if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n");
-	if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
-		TLS1_FLAGS_TLS_PADDING_BUG)
-		BIO_printf(bio_s_out,
-			   "Peer has incorrect TLSv1 block padding\n");
-#ifndef OPENSSL_NO_KRB5
-	client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
-	if (client_princ != NULL)
-		{
-		BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
-								client_princ);
-		}
-#endif /* OPENSSL_NO_KRB5 */
-	BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
-		      SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
-	if (keymatexportlabel != NULL)
-		{
-		BIO_printf(bio_s_out, "Keying material exporter:\n");
-		BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);
-		BIO_printf(bio_s_out, "    Length: %i bytes\n",
-			   keymatexportlen);
-		exportedkeymat = OPENSSL_malloc(keymatexportlen);
-		if (exportedkeymat != NULL)
-			{
-			if (!SSL_export_keying_material(con, exportedkeymat,
-						        keymatexportlen,
-						        keymatexportlabel,
-						        strlen(keymatexportlabel),
-						        NULL, 0, 0))
-				{
-				BIO_printf(bio_s_out, "    Error\n");
-				}
-			else
-				{
-				BIO_printf(bio_s_out, "    Keying material: ");
-				for (i=0; i<keymatexportlen; i++)
-					BIO_printf(bio_s_out, "%02X",
-						   exportedkeymat[i]);
-				BIO_printf(bio_s_out, "\n");
-				}
-			OPENSSL_free(exportedkeymat);
-			}
-		}
-
-	return(1);
-	}
-
-#ifndef OPENSSL_NO_DH
-static DH *load_dh_param(const char *dhfile)
-	{
-	DH *ret=NULL;
-	BIO *bio;
-
-	if ((bio=BIO_new_file(dhfile,"r")) == NULL)
-		goto err;
-	ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
-err:
-	if (bio != NULL) BIO_free(bio);
-	return(ret);
-	}
-#endif
-#ifndef OPENSSL_NO_KRB5
-	char *client_princ;
-#endif
-
-#if 0
-static int load_CA(SSL_CTX *ctx, char *file)
-	{
-	FILE *in;
-	X509 *x=NULL;
-
-	if ((in=fopen(file,"r")) == NULL)
-		return(0);
-
-	for (;;)
-		{
-		if (PEM_read_X509(in,&x,NULL) == NULL)
-			break;
-		SSL_CTX_add_client_CA(ctx,x);
-		}
-	if (x != NULL) X509_free(x);
-	fclose(in);
-	return(1);
-	}
-#endif
-
-static int www_body(char *hostname, int s, unsigned char *context)
-	{
-	char *buf=NULL;
-	int ret=1;
-	int i,j,k,dot;
-	SSL *con;
-	const SSL_CIPHER *c;
-	BIO *io,*ssl_bio,*sbio;
-#ifndef OPENSSL_NO_KRB5
-	KSSL_CTX *kctx;
-#endif
-
-	buf=OPENSSL_malloc(bufsize);
-	if (buf == NULL) return(0);
-	io=BIO_new(BIO_f_buffer());
-	ssl_bio=BIO_new(BIO_f_ssl());
-	if ((io == NULL) || (ssl_bio == NULL)) goto err;
-
-#ifdef FIONBIO	
-	if (s_nbio)
-		{
-		unsigned long sl=1;
-
-		if (!s_quiet)
-			BIO_printf(bio_err,"turning on non blocking io\n");
-		if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
-			ERR_print_errors(bio_err);
-		}
-#endif
-
-	/* lets make the output buffer a reasonable size */
-	if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
-
-	if ((con=SSL_new(ctx)) == NULL) goto err;
-#ifndef OPENSSL_NO_TLSEXT
-		if (s_tlsextdebug)
-			{
-			SSL_set_tlsext_debug_callback(con, tlsext_cb);
-			SSL_set_tlsext_debug_arg(con, bio_s_out);
-			}
-#endif
-#ifndef OPENSSL_NO_KRB5
-	if ((kctx = kssl_ctx_new()) != NULL)
-		{
-		kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
-		kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
-		}
-#endif	/* OPENSSL_NO_KRB5 */
-	if(context) SSL_set_session_id_context(con, context,
-					       strlen((char *)context));
-
-	sbio=BIO_new_socket(s,BIO_NOCLOSE);
-	if (s_nbio_test)
-		{
-		BIO *test;
-
-		test=BIO_new(BIO_f_nbio_test());
-		sbio=BIO_push(test,sbio);
-		}
-	SSL_set_bio(con,sbio,sbio);
-	SSL_set_accept_state(con);
-
-	/* SSL_set_fd(con,s); */
-	BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
-	BIO_push(io,ssl_bio);
-#ifdef CHARSET_EBCDIC
-	io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io);
-#endif
-
-	if (s_debug)
-		{
-		SSL_set_debug(con, 1);
-		BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
-		BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
-		}
-	if (s_msg)
-		{
-		SSL_set_msg_callback(con, msg_cb);
-		SSL_set_msg_callback_arg(con, bio_s_out);
-		}
-
-	for (;;)
-		{
-		if (hack)
-			{
-			i=SSL_accept(con);
-#ifndef OPENSSL_NO_SRP
-			while (i <= 0 &&  SSL_get_error(con,i) == SSL_ERROR_WANT_X509_LOOKUP) 
-		{
-			BIO_printf(bio_s_out,"LOOKUP during accept %s\n",srp_callback_parm.login);
-			srp_callback_parm.user = SRP_VBASE_get_by_user(srp_callback_parm.vb, srp_callback_parm.login); 
-			if (srp_callback_parm.user) 
-				BIO_printf(bio_s_out,"LOOKUP done %s\n",srp_callback_parm.user->info);
-			else 
-				BIO_printf(bio_s_out,"LOOKUP not successful\n");
-			i=SSL_accept(con);
-		}
-#endif
-			switch (SSL_get_error(con,i))
-				{
-			case SSL_ERROR_NONE:
-				break;
-			case SSL_ERROR_WANT_WRITE:
-			case SSL_ERROR_WANT_READ:
-			case SSL_ERROR_WANT_X509_LOOKUP:
-				continue;
-			case SSL_ERROR_SYSCALL:
-			case SSL_ERROR_SSL:
-			case SSL_ERROR_ZERO_RETURN:
-				ret=1;
-				goto err;
-				/* break; */
-				}
-
-			SSL_renegotiate(con);
-			SSL_write(con,NULL,0);
-			}
-
-		i=BIO_gets(io,buf,bufsize-1);
-		if (i < 0) /* error */
-			{
-			if (!BIO_should_retry(io))
-				{
-				if (!s_quiet)
-					ERR_print_errors(bio_err);
-				goto err;
-				}
-			else
-				{
-				BIO_printf(bio_s_out,"read R BLOCK\n");
-#if defined(OPENSSL_SYS_NETWARE)
-            delay(1000);
-#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
-				sleep(1);
-#endif
-				continue;
-				}
-			}
-		else if (i == 0) /* end of input */
-			{
-			ret=1;
-			goto end;
-			}
-
-		/* else we have data */
-		if (	((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
-			((www == 2) && (strncmp("GET /stats ",buf,10) == 0)))
-			{
-			char *p;
-			X509 *peer;
-			STACK_OF(SSL_CIPHER) *sk;
-			static const char *space="                          ";
-
-			BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
-			BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
-			BIO_puts(io,"<pre>\n");
-/*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
-			BIO_puts(io,"\n");
-			for (i=0; i<local_argc; i++)
-				{
-				BIO_puts(io,local_argv[i]);
-				BIO_write(io," ",1);
-				}
-			BIO_puts(io,"\n");
-
-			BIO_printf(io,
-				"Secure Renegotiation IS%s supported\n",
-		      		SSL_get_secure_renegotiation_support(con) ?
-							"" : " NOT");
-
-			/* The following is evil and should not really
-			 * be done */
-			BIO_printf(io,"Ciphers supported in s_server binary\n");
-			sk=SSL_get_ciphers(con);
-			j=sk_SSL_CIPHER_num(sk);
-			for (i=0; i<j; i++)
-				{
-				c=sk_SSL_CIPHER_value(sk,i);
-				BIO_printf(io,"%-11s:%-25s",
-					SSL_CIPHER_get_version(c),
-					SSL_CIPHER_get_name(c));
-				if ((((i+1)%2) == 0) && (i+1 != j))
-					BIO_puts(io,"\n");
-				}
-			BIO_puts(io,"\n");
-			p=SSL_get_shared_ciphers(con,buf,bufsize);
-			if (p != NULL)
-				{
-				BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
-				j=i=0;
-				while (*p)
-					{
-					if (*p == ':')
-						{
-						BIO_write(io,space,26-j);
-						i++;
-						j=0;
-						BIO_write(io,((i%3)?" ":"\n"),1);
-						}
-					else
-						{
-						BIO_write(io,p,1);
-						j++;
-						}
-					p++;
-					}
-				BIO_puts(io,"\n");
-				}
-			BIO_printf(io,(SSL_cache_hit(con)
-				?"---\nReused, "
-				:"---\nNew, "));
-			c=SSL_get_current_cipher(con);
-			BIO_printf(io,"%s, Cipher is %s\n",
-				SSL_CIPHER_get_version(c),
-				SSL_CIPHER_get_name(c));
-			SSL_SESSION_print(io,SSL_get_session(con));
-			BIO_printf(io,"---\n");
-			print_stats(io,SSL_get_SSL_CTX(con));
-			BIO_printf(io,"---\n");
-			peer=SSL_get_peer_certificate(con);
-			if (peer != NULL)
-				{
-				BIO_printf(io,"Client certificate\n");
-				X509_print(io,peer);
-				PEM_write_bio_X509(io,peer);
-				}
-			else
-				BIO_puts(io,"no client certificate available\n");
-			BIO_puts(io,"</BODY></HTML>\r\n\r\n");
-			break;
-			}
-		else if ((www == 2 || www == 3)
-                         && (strncmp("GET /",buf,5) == 0))
-			{
-			BIO *file;
-			char *p,*e;
-			static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
-
-			/* skip the '/' */
-			p= &(buf[5]);
-
-			dot = 1;
-			for (e=p; *e != '\0'; e++)
-				{
-				if (e[0] == ' ')
-					break;
-
-				switch (dot)
-					{
-				case 1:
-					dot = (e[0] == '.') ? 2 : 0;
-					break;
-				case 2:
-					dot = (e[0] == '.') ? 3 : 0;
-					break;
-				case 3:
-					dot = (e[0] == '/') ? -1 : 0;
-					break;
-					}
-				if (dot == 0)
-					dot = (e[0] == '/') ? 1 : 0;
-				}
-			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
-
-			if (*e == '\0')
-				{
-				BIO_puts(io,text);
-				BIO_printf(io,"'%s' is an invalid file name\r\n",p);
-				break;
-				}
-			*e='\0';
-
-			if (dot)
-				{
-				BIO_puts(io,text);
-				BIO_printf(io,"'%s' contains '..' reference\r\n",p);
-				break;
-				}
-
-			if (*p == '/')
-				{
-				BIO_puts(io,text);
-				BIO_printf(io,"'%s' is an invalid path\r\n",p);
-				break;
-				}
-
-#if 0
-			/* append if a directory lookup */
-			if (e[-1] == '/')
-				strcat(p,"index.html");
-#endif
-
-			/* if a directory, do the index thang */
-			if (app_isdir(p)>0)
-				{
-#if 0 /* must check buffer size */
-				strcat(p,"/index.html");
-#else
-				BIO_puts(io,text);
-				BIO_printf(io,"'%s' is a directory\r\n",p);
-				break;
-#endif
-				}
-
-			if ((file=BIO_new_file(p,"r")) == NULL)
-				{
-				BIO_puts(io,text);
-				BIO_printf(io,"Error opening '%s'\r\n",p);
-				ERR_print_errors(io);
-				break;
-				}
-
-			if (!s_quiet)
-				BIO_printf(bio_err,"FILE:%s\n",p);
-
-                        if (www == 2)
-                                {
-                                i=strlen(p);
-                                if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
-                                        ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
-                                        ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
-                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
-                                else
-                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
-                                }
-			/* send the file */
-			for (;;)
-				{
-				i=BIO_read(file,buf,bufsize);
-				if (i <= 0) break;
-
-#ifdef RENEG
-				total_bytes+=i;
-				fprintf(stderr,"%d\n",i);
-				if (total_bytes > 3*1024)
-					{
-					total_bytes=0;
-					fprintf(stderr,"RENEGOTIATE\n");
-					SSL_renegotiate(con);
-					}
-#endif
-
-				for (j=0; j<i; )
-					{
-#ifdef RENEG
-{ static count=0; if (++count == 13) { SSL_renegotiate(con); } }
-#endif
-					k=BIO_write(io,&(buf[j]),i-j);
-					if (k <= 0)
-						{
-						if (!BIO_should_retry(io))
-							goto write_error;
-						else
-							{
-							BIO_printf(bio_s_out,"rwrite W BLOCK\n");
-							}
-						}
-					else
-						{
-						j+=k;
-						}
-					}
-				}
-write_error:
-			BIO_free(file);
-			break;
-			}
-		}
-
-	for (;;)
-		{
-		i=(int)BIO_flush(io);
-		if (i <= 0)
-			{
-			if (!BIO_should_retry(io))
-				break;
-			}
-		else
-			break;
-		}
-end:
-#if 1
-	/* make sure we re-use sessions */
-	SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
-	/* This kills performance */
-/*	SSL_shutdown(con); A shutdown gets sent in the
- *	BIO_free_all(io) procession */
-#endif
-
-err:
-
-	if (ret >= 0)
-		BIO_printf(bio_s_out,"ACCEPT\n");
-
-	if (buf != NULL) OPENSSL_free(buf);
-	if (io != NULL) BIO_free_all(io);
-/*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/
-	return(ret);
-	}
-
-#ifndef OPENSSL_NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
-	{
-	BIGNUM *bn = NULL;
-	static RSA *rsa_tmp=NULL;
-
-	if (!rsa_tmp && ((bn = BN_new()) == NULL))
-		BIO_printf(bio_err,"Allocation error in generating RSA key\n");
-	if (!rsa_tmp && bn)
-		{
-		if (!s_quiet)
-			{
-			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
-			(void)BIO_flush(bio_err);
-			}
-		if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
-				!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
-			{
-			if(rsa_tmp) RSA_free(rsa_tmp);
-			rsa_tmp = NULL;
-			}
-		if (!s_quiet)
-			{
-			BIO_printf(bio_err,"\n");
-			(void)BIO_flush(bio_err);
-			}
-		BN_free(bn);
-		}
-	return(rsa_tmp);
-	}
-#endif
-
-#define MAX_SESSION_ID_ATTEMPTS 10
-static int generate_session_id(const SSL *ssl, unsigned char *id,
-				unsigned int *id_len)
-	{
-	unsigned int count = 0;
-	do	{
-		RAND_pseudo_bytes(id, *id_len);
-		/* Prefix the session_id with the required prefix. NB: If our
-		 * prefix is too long, clip it - but there will be worse effects
-		 * anyway, eg. the server could only possibly create 1 session
-		 * ID (ie. the prefix!) so all future session negotiations will
-		 * fail due to conflicts. */
-		memcpy(id, session_id_prefix,
-			(strlen(session_id_prefix) < *id_len) ?
-			strlen(session_id_prefix) : *id_len);
-		}
-	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
-		(++count < MAX_SESSION_ID_ATTEMPTS));
-	if(count >= MAX_SESSION_ID_ATTEMPTS)
-		return 0;
-	return 1;
-	}
diff --git a/apps/s_socket.c b/apps/s_socket.c
deleted file mode 100644
index 94eb40f3ff..0000000000
--- a/apps/s_socket.c
+++ /dev/null
@@ -1,622 +0,0 @@
-/* apps/s_socket.c -  socket-related functions used by s_client and s_server */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <signal.h>
-
-#ifdef FLAT_INC
-#include "e_os2.h"
-#else
-#include "../e_os2.h"
-#endif
-
-/* With IPv6, it looks like Digital has mixed up the proper order of
-   recursive header file inclusion, resulting in the compiler complaining
-   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
-   is needed to have fileno() declared correctly...  So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-#define __U_INT
-typedef unsigned int u_int;
-#endif
-
-#define USE_SOCKETS
-#define NON_MAIN
-#include "apps.h"
-#undef USE_SOCKETS
-#undef NON_MAIN
-#include "s_apps.h"
-#include <openssl/ssl.h>
-
-#ifdef FLAT_INC
-#include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
-
-#ifndef OPENSSL_NO_SOCK
-
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
-#include "netdb.h"
-#endif
-
-static struct hostent *GetHostByName(char *name);
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
-static void ssl_sock_cleanup(void);
-#endif
-static int ssl_sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port,char *ip, int type);
-static int do_accept(int acc_sock, int *sock, char **host);
-static int host_ip(char *str, unsigned char ip[4]);
-
-#ifdef OPENSSL_SYS_WIN16
-#define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
-#else
-#define SOCKET_PROTOCOL	IPPROTO_TCP
-#endif
-
-#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-static int wsa_init_done=0;
-#endif
-
-#ifdef OPENSSL_SYS_WINDOWS
-static struct WSAData wsa_state;
-static int wsa_init_done=0;
-
-#ifdef OPENSSL_SYS_WIN16
-static HWND topWnd=0;
-static FARPROC lpTopWndProc=NULL;
-static FARPROC lpTopHookProc=NULL;
-extern HINSTANCE _hInstance;  /* nice global CRT provides */
-
-static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
-	     LPARAM lParam)
-	{
-	if (hwnd == topWnd)
-		{
-		switch(message)
-			{
-		case WM_DESTROY:
-		case WM_CLOSE:
-			SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
-			ssl_sock_cleanup();
-			break;
-			}
-		}
-	return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam);
-	}
-
-static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
-	{
-	topWnd=hwnd;
-	return(FALSE);
-	}
-
-#endif /* OPENSSL_SYS_WIN32 */
-#endif /* OPENSSL_SYS_WINDOWS */
-
-#ifdef OPENSSL_SYS_WINDOWS
-static void ssl_sock_cleanup(void)
-	{
-	if (wsa_init_done)
-		{
-		wsa_init_done=0;
-#ifndef OPENSSL_SYS_WINCE
-		WSACancelBlockingCall();
-#endif
-		WSACleanup();
-		}
-	}
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-static void sock_cleanup(void)
-    {
-    if (wsa_init_done)
-        {
-        wsa_init_done=0;
-		WSACleanup();
-		}
-	}
-#endif
-
-static int ssl_sock_init(void)
-	{
-#ifdef WATT32
-	extern int _watt_do_exit;
-	_watt_do_exit = 0;
-	if (sock_init())
-		return (0);
-#elif defined(OPENSSL_SYS_WINDOWS)
-	if (!wsa_init_done)
-		{
-		int err;
-	  
-#ifdef SIGINT
-		signal(SIGINT,(void (*)(int))ssl_sock_cleanup);
-#endif
-		wsa_init_done=1;
-		memset(&wsa_state,0,sizeof(wsa_state));
-		if (WSAStartup(0x0101,&wsa_state)!=0)
-			{
-			err=WSAGetLastError();
-			BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);
-			return(0);
-			}
-
-#ifdef OPENSSL_SYS_WIN16
-		EnumTaskWindows(GetCurrentTask(),enumproc,0L);
-		lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
-		lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
-
-		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
-#endif /* OPENSSL_SYS_WIN16 */
-		}
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-   WORD wVerReq;
-   WSADATA wsaData;
-   int err;
-
-   if (!wsa_init_done)
-      {
-   
-# ifdef SIGINT
-      signal(SIGINT,(void (*)(int))sock_cleanup);
-# endif
-
-      wsa_init_done=1;
-      wVerReq = MAKEWORD( 2, 0 );
-      err = WSAStartup(wVerReq,&wsaData);
-      if (err != 0)
-         {
-         BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err);
-         return(0);
-         }
-      }
-#endif /* OPENSSL_SYS_WINDOWS */
-	return(1);
-	}
-
-int init_client(int *sock, char *host, int port, int type)
-	{
-	unsigned char ip[4];
-
-	memset(ip, '\0', sizeof ip);
-	if (!host_ip(host,&(ip[0])))
-		return 0;
-	return init_client_ip(sock,ip,port,type);
-	}
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
-	{
-	unsigned long addr;
-	struct sockaddr_in them;
-	int s,i;
-
-	if (!ssl_sock_init()) return(0);
-
-	memset((char *)&them,0,sizeof(them));
-	them.sin_family=AF_INET;
-	them.sin_port=htons((unsigned short)port);
-	addr=(unsigned long)
-		((unsigned long)ip[0]<<24L)|
-		((unsigned long)ip[1]<<16L)|
-		((unsigned long)ip[2]<< 8L)|
-		((unsigned long)ip[3]);
-	them.sin_addr.s_addr=htonl(addr);
-
-	if (type == SOCK_STREAM)
-		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-	else /* ( type == SOCK_DGRAM) */
-		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-			
-	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-
-#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
-	if (type == SOCK_STREAM)
-		{
-		i=0;
-		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-		if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
-		}
-#endif
-
-	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-		{ closesocket(s); perror("connect"); return(0); }
-	*sock=s;
-	return(1);
-	}
-
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
-	{
-	int sock;
-	char *name = NULL;
-	int accept_socket = 0;
-	int i;
-
-	if (!init_server(&accept_socket,port,type)) return(0);
-
-	if (ret != NULL)
-		{
-		*ret=accept_socket;
-		/* return(1);*/
-		}
-  	for (;;)
-  		{
-		if (type==SOCK_STREAM)
-			{
-			if (do_accept(accept_socket,&sock,&name) == 0)
-				{
-				SHUTDOWN(accept_socket);
-				return(0);
-				}
-			}
-		else
-			sock = accept_socket;
-		i=(*cb)(name,sock, context);
-		if (name != NULL) OPENSSL_free(name);
-		if (type==SOCK_STREAM)
-			SHUTDOWN2(sock);
-		if (i < 0)
-			{
-			SHUTDOWN2(accept_socket);
-			return(i);
-			}
-		}
-	}
-
-static int init_server_long(int *sock, int port, char *ip, int type)
-	{
-	int ret=0;
-	struct sockaddr_in server;
-	int s= -1;
-
-	if (!ssl_sock_init()) return(0);
-
-	memset((char *)&server,0,sizeof(server));
-	server.sin_family=AF_INET;
-	server.sin_port=htons((unsigned short)port);
-	if (ip == NULL)
-		server.sin_addr.s_addr=INADDR_ANY;
-	else
-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-#ifndef BIT_FIELD_LIMITS
-		memcpy(&server.sin_addr.s_addr,ip,4);
-#else
-		memcpy(&server.sin_addr,ip,4);
-#endif
-	
-		if (type == SOCK_STREAM)
-			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-		else /* type == SOCK_DGRAM */
-			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-
-	if (s == INVALID_SOCKET) goto err;
-#if defined SOL_SOCKET && defined SO_REUSEADDR
-		{
-		int j = 1;
-		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-			   (void *) &j, sizeof j);
-		}
-#endif
-	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
-		{
-#ifndef OPENSSL_SYS_WINDOWS
-		perror("bind");
-#endif
-		goto err;
-		}
-	/* Make it 128 for linux */
-	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
-	*sock=s;
-	ret=1;
-err:
-	if ((ret == 0) && (s != -1))
-		{
-		SHUTDOWN(s);
-		}
-	return(ret);
-	}
-
-static int init_server(int *sock, int port, int type)
-	{
-	return(init_server_long(sock, port, NULL, type));
-	}
-
-static int do_accept(int acc_sock, int *sock, char **host)
-	{
-	int ret;
-	struct hostent *h1,*h2;
-	static struct sockaddr_in from;
-	int len;
-/*	struct linger ling; */
-
-	if (!ssl_sock_init()) return(0);
-
-#ifndef OPENSSL_SYS_WINDOWS
-redoit:
-#endif
-
-	memset((char *)&from,0,sizeof(from));
-	len=sizeof(from);
-	/* Note: under VMS with SOCKETSHR the fourth parameter is currently
-	 * of type (int *) whereas under other systems it is (void *) if
-	 * you don't have a cast it will choke the compiler: if you do
-	 * have a cast then you can either go for (int *) or (void *).
-	 */
-	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
-	if (ret == INVALID_SOCKET)
-		{
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
-		int i;
-		i=WSAGetLastError();
-		BIO_printf(bio_err,"accept error %d\n",i);
-#else
-		if (errno == EINTR)
-			{
-			/*check_timeout(); */
-			goto redoit;
-			}
-		fprintf(stderr,"errno=%d ",errno);
-		perror("accept");
-#endif
-		return(0);
-		}
-
-/*
-	ling.l_onoff=1;
-	ling.l_linger=0;
-	i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
-	if (i < 0) { perror("linger"); return(0); }
-	i=0;
-	i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-	if (i < 0) { perror("keepalive"); return(0); }
-*/
-
-	if (host == NULL) goto end;
-#ifndef BIT_FIELD_LIMITS
-	/* I should use WSAAsyncGetHostByName() under windows */
-	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
-		sizeof(from.sin_addr.s_addr),AF_INET);
-#else
-	h1=gethostbyaddr((char *)&from.sin_addr,
-		sizeof(struct in_addr),AF_INET);
-#endif
-	if (h1 == NULL)
-		{
-		BIO_printf(bio_err,"bad gethostbyaddr\n");
-		*host=NULL;
-		/* return(0); */
-		}
-	else
-		{
-		if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
-			{
-			perror("OPENSSL_malloc");
-			closesocket(ret);
-			return(0);
-			}
-		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
-
-		h2=GetHostByName(*host);
-		if (h2 == NULL)
-			{
-			BIO_printf(bio_err,"gethostbyname failure\n");
-			closesocket(ret);
-			return(0);
-			}
-		if (h2->h_addrtype != AF_INET)
-			{
-			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-			closesocket(ret);
-			return(0);
-			}
-		}
-end:
-	*sock=ret;
-	return(1);
-	}
-
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
-	     short *port_ptr)
-	{
-	char *h,*p;
-
-	h=str;
-	p=strchr(str,':');
-	if (p == NULL)
-		{
-		BIO_printf(bio_err,"no port defined\n");
-		return(0);
-		}
-	*(p++)='\0';
-
-	if ((ip != NULL) && !host_ip(str,ip))
-		goto err;
-	if (host_ptr != NULL) *host_ptr=h;
-
-	if (!extract_port(p,port_ptr))
-		goto err;
-	return(1);
-err:
-	return(0);
-	}
-
-static int host_ip(char *str, unsigned char ip[4])
-	{
-	unsigned int in[4]; 
-	int i;
-
-	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
-		{
-		for (i=0; i<4; i++)
-			if (in[i] > 255)
-				{
-				BIO_printf(bio_err,"invalid IP address\n");
-				goto err;
-				}
-		ip[0]=in[0];
-		ip[1]=in[1];
-		ip[2]=in[2];
-		ip[3]=in[3];
-		}
-	else
-		{ /* do a gethostbyname */
-		struct hostent *he;
-
-		if (!ssl_sock_init()) return(0);
-
-		he=GetHostByName(str);
-		if (he == NULL)
-			{
-			BIO_printf(bio_err,"gethostbyname failure\n");
-			goto err;
-			}
-		/* cast to short because of win16 winsock definition */
-		if ((short)he->h_addrtype != AF_INET)
-			{
-			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-			return(0);
-			}
-		ip[0]=he->h_addr_list[0][0];
-		ip[1]=he->h_addr_list[0][1];
-		ip[2]=he->h_addr_list[0][2];
-		ip[3]=he->h_addr_list[0][3];
-		}
-	return(1);
-err:
-	return(0);
-	}
-
-int extract_port(char *str, short *port_ptr)
-	{
-	int i;
-	struct servent *s;
-
-	i=atoi(str);
-	if (i != 0)
-		*port_ptr=(unsigned short)i;
-	else
-		{
-		s=getservbyname(str,"tcp");
-		if (s == NULL)
-			{
-			BIO_printf(bio_err,"getservbyname failure for %s\n",str);
-			return(0);
-			}
-		*port_ptr=ntohs((unsigned short)s->s_port);
-		}
-	return(1);
-	}
-
-#define GHBN_NUM	4
-static struct ghbn_cache_st
-	{
-	char name[128];
-	struct hostent ent;
-	unsigned long order;
-	} ghbn_cache[GHBN_NUM];
-
-static unsigned long ghbn_hits=0L;
-static unsigned long ghbn_miss=0L;
-
-static struct hostent *GetHostByName(char *name)
-	{
-	struct hostent *ret;
-	int i,lowi=0;
-	unsigned long low= (unsigned long)-1;
-
-	for (i=0; i<GHBN_NUM; i++)
-		{
-		if (low > ghbn_cache[i].order)
-			{
-			low=ghbn_cache[i].order;
-			lowi=i;
-			}
-		if (ghbn_cache[i].order > 0)
-			{
-			if (strncmp(name,ghbn_cache[i].name,128) == 0)
-				break;
-			}
-		}
-	if (i == GHBN_NUM) /* no hit*/
-		{
-		ghbn_miss++;
-		ret=gethostbyname(name);
-		if (ret == NULL) return(NULL);
-		/* else add to cache */
-		if(strlen(name) < sizeof ghbn_cache[0].name)
-			{
-			strcpy(ghbn_cache[lowi].name,name);
-			memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
-			ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
-			}
-		return(ret);
-		}
-	else
-		{
-		ghbn_hits++;
-		ret= &(ghbn_cache[i].ent);
-		ghbn_cache[i].order=ghbn_miss+ghbn_hits;
-		return(ret);
-		}
-	}
-
-#endif
diff --git a/apps/s_time.c b/apps/s_time.c
deleted file mode 100644
index 81dad53243..0000000000
--- a/apps/s_time.c
+++ /dev/null
@@ -1,626 +0,0 @@
-/* apps/s_time.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define NO_SHUTDOWN
-
-/*-----------------------------------------
-   s_time - SSL client connection timer program
-   Written and donated by Larry Streepy <streepy@healthcare.com>
-  -----------------------------------------*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define USE_SOCKETS
-#include "apps.h"
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/pem.h>
-#include "s_apps.h"
-#include <openssl/err.h>
-#ifdef WIN32_STUFF
-#include "winmain.h"
-#include "wintext.h"
-#endif
-#if !defined(OPENSSL_SYS_MSDOS)
-#include OPENSSL_UNISTD
-#endif
-
-#undef PROG
-#define PROG s_time_main
-
-#undef ioctl
-#define ioctl ioctlsocket
-
-#define SSL_CONNECT_NAME	"localhost:4433"
-
-/*#define TEST_CERT "client.pem" */ /* no default cert. */
-
-#undef BUFSIZZ
-#define BUFSIZZ 1024*10
-
-#define MYBUFSIZ 1024*8
-
-#undef min
-#undef max
-#define min(a,b) (((a) < (b)) ? (a) : (b))
-#define max(a,b) (((a) > (b)) ? (a) : (b))
-
-#undef SECONDS
-#define SECONDS	30
-extern int verify_depth;
-extern int verify_error;
-
-static void s_time_usage(void);
-static int parseArgs( int argc, char **argv );
-static SSL *doConnection( SSL *scon );
-static void s_time_init(void);
-
-/***********************************************************************
- * Static data declarations
- */
-
-/* static char *port=PORT_STR;*/
-static char *host=SSL_CONNECT_NAME;
-static char *t_cert_file=NULL;
-static char *t_key_file=NULL;
-static char *CApath=NULL;
-static char *CAfile=NULL;
-static char *tm_cipher=NULL;
-static int tm_verify = SSL_VERIFY_NONE;
-static int maxTime = SECONDS;
-static SSL_CTX *tm_ctx=NULL;
-static const SSL_METHOD *s_time_meth=NULL;
-static char *s_www_path=NULL;
-static long bytes_read=0; 
-static int st_bugs=0;
-static int perform=0;
-#ifdef FIONBIO
-static int t_nbio=0;
-#endif
-#ifdef OPENSSL_SYS_WIN32
-static int exitNow = 0;		/* Set when it's time to exit main */
-#endif
-
-static void s_time_init(void)
-	{
-	host=SSL_CONNECT_NAME;
-	t_cert_file=NULL;
-	t_key_file=NULL;
-	CApath=NULL;
-	CAfile=NULL;
-	tm_cipher=NULL;
-	tm_verify = SSL_VERIFY_NONE;
-	maxTime = SECONDS;
-	tm_ctx=NULL;
-	s_time_meth=NULL;
-	s_www_path=NULL;
-	bytes_read=0; 
-	st_bugs=0;
-	perform=0;
-
-#ifdef FIONBIO
-	t_nbio=0;
-#endif
-#ifdef OPENSSL_SYS_WIN32
-	exitNow = 0;		/* Set when it's time to exit main */
-#endif
-	}
-
-/***********************************************************************
- * usage - display usage message
- */
-static void s_time_usage(void)
-{
-	static char umsg[] = "\
--time arg     - max number of seconds to collect data, default %d\n\
--verify arg   - turn on peer certificate verification, arg == depth\n\
--cert arg     - certificate file to use, PEM format assumed\n\
--key arg      - RSA file to use, PEM format assumed, key is in cert file\n\
-                file if not specified by this option\n\
--CApath arg   - PEM format directory of CA's\n\
--CAfile arg   - PEM format file of CA's\n\
--cipher       - preferred cipher to use, play with 'openssl ciphers'\n\n";
-
-	printf( "usage: s_time <args>\n\n" );
-
-	printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
-#ifdef FIONBIO
-	printf("-nbio         - Run with non-blocking IO\n");
-	printf("-ssl2         - Just use SSLv2\n");
-	printf("-ssl3         - Just use SSLv3\n");
-	printf("-bugs         - Turn on SSL bug compatibility\n");
-	printf("-new          - Just time new connections\n");
-	printf("-reuse        - Just time connection reuse\n");
-	printf("-www page     - Retrieve 'page' from the site\n");
-#endif
-	printf( umsg,SECONDS );
-}
-
-/***********************************************************************
- * parseArgs - Parse command line arguments and initialize data
- *
- * Returns 0 if ok, -1 on bad args
- */
-static int parseArgs(int argc, char **argv)
-{
-    int badop = 0;
-
-    verify_depth=0;
-    verify_error=X509_V_OK;
-
-    argc--;
-    argv++;
-
-    while (argc >= 1) {
-	if (strcmp(*argv,"-connect") == 0)
-		{
-		if (--argc < 1) goto bad;
-		host= *(++argv);
-		}
-#if 0
-	else if( strcmp(*argv,"-host") == 0)
-		{
-		if (--argc < 1) goto bad;
-		host= *(++argv);
-		}
-	else if( strcmp(*argv,"-port") == 0)
-		{
-		if (--argc < 1) goto bad;
-		port= *(++argv);
-		}
-#endif
-	else if (strcmp(*argv,"-reuse") == 0)
-		perform=2;
-	else if (strcmp(*argv,"-new") == 0)
-		perform=1;
-	else if( strcmp(*argv,"-verify") == 0) {
-
-	    tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
-	    if (--argc < 1) goto bad;
-	    verify_depth=atoi(*(++argv));
-	    BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
-
-	} else if( strcmp(*argv,"-cert") == 0) {
-
-	    if (--argc < 1) goto bad;
-	    t_cert_file= *(++argv);
-
-	} else if( strcmp(*argv,"-key") == 0) {
-
-	    if (--argc < 1) goto bad;
-	    t_key_file= *(++argv);
-
-	} else if( strcmp(*argv,"-CApath") == 0) {
-
-	    if (--argc < 1) goto bad;
-	    CApath= *(++argv);
-
-	} else if( strcmp(*argv,"-CAfile") == 0) {
-
-	    if (--argc < 1) goto bad;
-	    CAfile= *(++argv);
-
-	} else if( strcmp(*argv,"-cipher") == 0) {
-
-	    if (--argc < 1) goto bad;
-	    tm_cipher= *(++argv);
-	}
-#ifdef FIONBIO
-	else if(strcmp(*argv,"-nbio") == 0) {
-	    t_nbio=1;
-	}
-#endif
-	else if(strcmp(*argv,"-www") == 0)
-		{
-		if (--argc < 1) goto bad;
-		s_www_path= *(++argv);
-		if(strlen(s_www_path) > MYBUFSIZ-100)
-			{
-			BIO_printf(bio_err,"-www option too long\n");
-			badop=1;
-			}
-		}
-	else if(strcmp(*argv,"-bugs") == 0)
-	    st_bugs=1;
-#ifndef OPENSSL_NO_SSL2
-	else if(strcmp(*argv,"-ssl2") == 0)
-	    s_time_meth=SSLv2_client_method();
-#endif
-#ifndef OPENSSL_NO_SSL3
-	else if(strcmp(*argv,"-ssl3") == 0)
-	    s_time_meth=SSLv3_client_method();
-#endif
-	else if( strcmp(*argv,"-time") == 0) {
-
-	    if (--argc < 1) goto bad;
-	    maxTime= atoi(*(++argv));
-	}
-	else {
-	    BIO_printf(bio_err,"unknown option %s\n",*argv);
-	    badop=1;
-	    break;
-	}
-
-	argc--;
-	argv++;
-    }
-
-    if (perform == 0) perform=3;
-
-    if(badop) {
-bad:
-		s_time_usage();
-		return -1;
-    }
-
-	return 0;			/* Valid args */
-}
-
-/***********************************************************************
- * TIME - time functions
- */
-#define START	0
-#define STOP	1
-
-static double tm_Time_F(int s)
-	{
-	return app_tminterval(s,1);
-	}
-
-/***********************************************************************
- * MAIN - main processing area for client
- *			real name depends on MONOLITH
- */
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	double totalTime = 0.0;
-	int nConn = 0;
-	SSL *scon=NULL;
-	long finishtime=0;
-	int ret=1,i;
-	MS_STATIC char buf[1024*8];
-	int ver;
-
-	apps_startup();
-	s_time_init();
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-	s_time_meth=SSLv23_client_method();
-
-	/* parse the command line arguments */
-	if( parseArgs( argc, argv ) < 0 )
-		goto end;
-
-	OpenSSL_add_ssl_algorithms();
-	if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
-
-	SSL_CTX_set_quiet_shutdown(tm_ctx,1);
-
-	if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
-	SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
-	if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) 
-		goto end;
-
-	SSL_load_error_strings();
-
-	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
-		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
-		{
-		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
-		ERR_print_errors(bio_err);
-		/* goto end; */
-		}
-
-	if (tm_cipher == NULL)
-		tm_cipher = getenv("SSL_CIPHER");
-
-	if (tm_cipher == NULL ) {
-		fprintf( stderr, "No CIPHER specified\n" );
-	}
-
-	if (!(perform & 1)) goto next;
-	printf( "Collecting connection statistics for %d seconds\n", maxTime );
-
-	/* Loop and time how long it takes to make connections */
-
-	bytes_read=0;
-	finishtime=(long)time(NULL)+maxTime;
-	tm_Time_F(START);
-	for (;;)
-		{
-		if (finishtime < (long)time(NULL)) break;
-#ifdef WIN32_STUFF
-
-		if( flushWinMsgs(0) == -1 )
-			goto end;
-
-		if( waitingToDie || exitNow )		/* we're dead */
-			goto end;
-#endif
-
-		if( (scon = doConnection( NULL )) == NULL )
-			goto end;
-
-		if (s_www_path != NULL)
-			{
-			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
-			SSL_write(scon,buf,strlen(buf));
-			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
-				bytes_read+=i;
-			}
-
-#ifdef NO_SHUTDOWN
-		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
-		SSL_shutdown(scon);
-#endif
-		SHUTDOWN2(SSL_get_fd(scon));
-
-		nConn += 1;
-		if (SSL_session_reused(scon))
-			ver='r';
-		else
-			{
-			ver=SSL_version(scon);
-			if (ver == TLS1_VERSION)
-				ver='t';
-			else if (ver == SSL3_VERSION)
-				ver='3';
-			else if (ver == SSL2_VERSION)
-				ver='2';
-			else
-				ver='*';
-			}
-		fputc(ver,stdout);
-		fflush(stdout);
-
-		SSL_free( scon );
-		scon=NULL;
-		}
-	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
-
-	i=(int)((long)time(NULL)-finishtime+maxTime);
-	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
-	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
-
-	/* Now loop and time connections using the same session id over and over */
-
-next:
-	if (!(perform & 2)) goto end;
-	printf( "\n\nNow timing with session id reuse.\n" );
-
-	/* Get an SSL object so we can reuse the session id */
-	if( (scon = doConnection( NULL )) == NULL )
-		{
-		fprintf( stderr, "Unable to get connection\n" );
-		goto end;
-		}
-
-	if (s_www_path != NULL)
-		{
-		BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
-		SSL_write(scon,buf,strlen(buf));
-		while (SSL_read(scon,buf,sizeof(buf)) > 0)
-			;
-		}
-#ifdef NO_SHUTDOWN
-	SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
-	SSL_shutdown(scon);
-#endif
-	SHUTDOWN2(SSL_get_fd(scon));
-
-	nConn = 0;
-	totalTime = 0.0;
-
-	finishtime=(long)time(NULL)+maxTime;
-
-	printf( "starting\n" );
-	bytes_read=0;
-	tm_Time_F(START);
-		
-	for (;;)
-		{
-		if (finishtime < (long)time(NULL)) break;
-
-#ifdef WIN32_STUFF
-		if( flushWinMsgs(0) == -1 )
-			goto end;
-
-		if( waitingToDie || exitNow )	/* we're dead */
-			goto end;
-#endif
-
-	 	if( (doConnection( scon )) == NULL )
-			goto end;
-
-		if (s_www_path)
-			{
-			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
-			SSL_write(scon,buf,strlen(buf));
-			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
-				bytes_read+=i;
-			}
-
-#ifdef NO_SHUTDOWN
-		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
-		SSL_shutdown(scon);
-#endif
-		SHUTDOWN2(SSL_get_fd(scon));
-	
-		nConn += 1;
-		if (SSL_session_reused(scon))
-			ver='r';
-		else
-			{
-			ver=SSL_version(scon);
-			if (ver == TLS1_VERSION)
-				ver='t';
-			else if (ver == SSL3_VERSION)
-				ver='3';
-			else if (ver == SSL2_VERSION)
-				ver='2';
-			else
-				ver='*';
-			}
-		fputc(ver,stdout);
-		fflush(stdout);
-		}
-	totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
-
-
-	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
-	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
-
-	ret=0;
-end:
-	if (scon != NULL) SSL_free(scon);
-
-	if (tm_ctx != NULL)
-		{
-		SSL_CTX_free(tm_ctx);
-		tm_ctx=NULL;
-		}
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-/***********************************************************************
- * doConnection - make a connection
- * Args:
- *		scon	= earlier ssl connection for session id, or NULL
- * Returns:
- *		SSL *	= the connection pointer.
- */
-static SSL *doConnection(SSL *scon)
-	{
-	BIO *conn;
-	SSL *serverCon;
-	int width, i;
-	fd_set readfds;
-
-	if ((conn=BIO_new(BIO_s_connect())) == NULL)
-		return(NULL);
-
-/*	BIO_set_conn_port(conn,port);*/
-	BIO_set_conn_hostname(conn,host);
-
-	if (scon == NULL)
-		serverCon=SSL_new(tm_ctx);
-	else
-		{
-		serverCon=scon;
-		SSL_set_connect_state(serverCon);
-		}
-
-	SSL_set_bio(serverCon,conn,conn);
-
-#if 0
-	if( scon != NULL )
-		SSL_set_session(serverCon,SSL_get_session(scon));
-#endif
-
-	/* ok, lets connect */
-	for(;;) {
-		i=SSL_connect(serverCon);
-		if (BIO_sock_should_retry(i))
-			{
-			BIO_printf(bio_err,"DELAY\n");
-
-			i=SSL_get_fd(serverCon);
-			width=i+1;
-			FD_ZERO(&readfds);
-			openssl_fdset(i,&readfds);
-			/* Note: under VMS with SOCKETSHR the 2nd parameter
-			 * is currently of type (int *) whereas under other
-			 * systems it is (void *) if you don't have a cast it
-			 * will choke the compiler: if you do have a cast then
-			 * you can either go for (int *) or (void *).
-			 */
-			select(width,(void *)&readfds,NULL,NULL,NULL);
-			continue;
-			}
-		break;
-		}
-	if(i <= 0)
-		{
-		BIO_printf(bio_err,"ERROR\n");
-		if (verify_error != X509_V_OK)
-			BIO_printf(bio_err,"verify error:%s\n",
-				X509_verify_cert_error_string(verify_error));
-		else
-			ERR_print_errors(bio_err);
-		if (scon == NULL)
-			SSL_free(serverCon);
-		return NULL;
-		}
-
-	return serverCon;
-	}
-
-
diff --git a/apps/server.pem b/apps/server.pem
deleted file mode 100644
index d0fc265f04..0000000000
--- a/apps/server.pem
+++ /dev/null
@@ -1,52 +0,0 @@
-subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
-issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
------BEGIN CERTIFICATE-----
-MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
-RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
-KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
-R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
-vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
-TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
-41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
-AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
-AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
-BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
-hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
-WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
-yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
-vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
-xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
-JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
-h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
-tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
-D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
-uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
-qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
-zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
-r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
-AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
-5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
-W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
-674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
-utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
-BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
-4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
-WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
-bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
-6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
-4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
-WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
-n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
-JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
-OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
-xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
-UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
------END RSA PRIVATE KEY-----
diff --git a/apps/server.srl b/apps/server.srl
deleted file mode 100644
index 8a0f05e166..0000000000
--- a/apps/server.srl
+++ /dev/null
@@ -1 +0,0 @@
-01
diff --git a/apps/server2.pem b/apps/server2.pem
deleted file mode 100644
index a3927cf788..0000000000
--- a/apps/server2.pem
+++ /dev/null
@@ -1,52 +0,0 @@
-subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert #2
-issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
------BEGIN CERTIFICATE-----
-MIID6jCCAtKgAwIBAgIJALnu1NlVpZ60MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZzELMAkG
-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
-RVNUSU5HIFBVUlBPU0VTIE9OTFkxHDAaBgNVBAMME1Rlc3QgU2VydmVyIENlcnQg
-IzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrdi7j9yctG+L4EjBy
-gjPmEqZzOJEQba26MoQGzglU7e5Xf59Rb/hgVQuKAoiZe7/R8rK4zJ4W7iXdXw0L
-qBpyG8B5aGKeI32w+A9TcBApoXXL2CrYQEQjZwUIpLlYBIi2NkJj3nVkq5dgl1gO
-ALiQ+W8jg3kzg5Ec9rimp9r93N8wsSL3awsafurmYCvOf7leHaMP1WJ/zDRGUNHG
-/WtDjXc8ZUG1+6EXU9Jc2Fs+2Omf7fcN0l00AK/wPg8OaNS0rKyGq9JdIT9FRGV1
-bXe/rx58FaE5CItdwCSYhJvF/O95LWQoxJXye5bCFLmvDTEyVq9FMSCptfsmbXjE
-ZGsXAgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJ
-YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
-DgQWBBR52UaWWTKzZGDH/X4mWNcuqeQVazAfBgNVHSMEGDAWgBQ2w2yI55X+sL3s
-zj49hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEANBW+XYLlHBqVY/31ie+3gRlS
-LPfy4SIqn0t3RJjagT29MXprblBO2cbMO8VGjkQdKGpmMXjxbht2arOOUXRHX4n/
-XTyn/QHEf0bcwIITMReO3DZUPAEw8hSjn9xEOM0IRVOCP+mH5fi74QzzQaZVCyYg
-5VtLKdww/+sc0nCbKl2KWgDluriH0nfVx95qgW3mg9dhXRr0zmf1w2zkBHYpARYL
-Dew6Z8EE4tS3HJu8/qM6meWzNtrfonQ3eiiMxjZBxzV46jchBwa2z9XYhP6AmpPb
-oeTSzcQNbWsxaGYzWo46oLDUZmJOwSBawbS31bZNMCoPIY6ukoesCzFSsUKZww==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA63Yu4/cnLRvi+BIwcoIz5hKmcziREG2tujKEBs4JVO3uV3+f
-UW/4YFULigKImXu/0fKyuMyeFu4l3V8NC6gachvAeWhiniN9sPgPU3AQKaF1y9gq
-2EBEI2cFCKS5WASItjZCY951ZKuXYJdYDgC4kPlvI4N5M4ORHPa4pqfa/dzfMLEi
-92sLGn7q5mArzn+5Xh2jD9Vif8w0RlDRxv1rQ413PGVBtfuhF1PSXNhbPtjpn+33
-DdJdNACv8D4PDmjUtKyshqvSXSE/RURldW13v68efBWhOQiLXcAkmISbxfzveS1k
-KMSV8nuWwhS5rw0xMlavRTEgqbX7Jm14xGRrFwIDAQABAoIBAHLsTPihIfLnYIE5
-x4GsQQ5zXeBw5ITDM37ktwHnQDC+rIzyUl1aLD1AZRBoKinXd4lOTqLZ4/NHKx4A
-DYr58mZtWyUmqLOMmQVuHXTZBlp7XtYuXMMNovQwjQlp9LicBeoBU6gQ5PVMtubD
-F4xGF89Sn0cTHW3iMkqTtQ5KcR1j57OcJO0FEb1vPvk2MXI5ZyAatUYE7YacbEzd
-rg02uIwx3FqNSkuSI79uz4hMdV5TPtuhxx9nTwj9aLUhXFeZ0mn2PVgVzEnnMoJb
-+znlsZDgzDlJqdaD744YGWh8Z3OEssB35KfzFcdOeO6yH8lmv2Zfznk7pNPT7LTb
-Lae9VgkCgYEA92p1qnAB3NtJtNcaW53i0S5WJgS1hxWKvUDx3lTB9s8X9fHpqL1a
-E94fDfWzp/hax6FefUKIvBOukPLQ6bYjTMiFoOHzVirghAIuIUoMI5VtLhwD1hKs
-Lr7l/dptMgKb1nZHyXoKHRBthsy3K4+udsPi8TzMvYElgEqyQIe/Rk0CgYEA86GL
-8HC6zLszzKERDPBxrboRmoFvVUCTQDhsfj1M8aR3nQ8V5LkdIJc7Wqm/Ggfk9QRf
-rJ8M2WUMlU5CNnCn/KCrKzCNZIReze3fV+HnKdbcXGLvgbHPrhnz8yYehUFG+RGq
-bVyDWRU94T38izy2s5qMYrMJWZEYyXncSPbfcPMCgYAtaXfxcZ+V5xYPQFARMtiX
-5nZfggvDoJuXgx0h3tK/N2HBfcaSdzbaYLG4gTmZggc/jwnl2dl5E++9oSPhUdIG
-3ONSFUbxsOsGr9PBvnKd8WZZyUCXAVRjPBzAzF+whzQNWCZy/5htnz9LN7YDI9s0
-5113Q96cheDZPFydZY0hHQKBgQDVbEhNukM5xCiNcu+f2SaMnLp9EjQ4h5g3IvaP
-5B16daw/Dw8LzcohWboqIxeAsze0GD/D1ZUJAEd0qBjC3g+a9BjefervCjKOzXng
-38mEUm+6EwVjJSQcjSmycEs+Sr/kwr/8i5WYvU32+jk4tFgMoC+o6tQe/Uesf68k
-z/dPVwKBgGbF7Vv1/3SmhlOy+zYyvJ0CrWtKxH9QP6tLIEgEpd8x7YTSuCH94yok
-kToMXYA3sWNPt22GbRDZ+rcp4c7HkDx6I6vpdP9aQEwJTp0EPy0sgWr2XwYmreIQ
-NFmkk8Itn9EY2R9VBaP7GLv5kvwxDdLAnmwGmzVtbmaVdxCaBwUk
------END RSA PRIVATE KEY-----
diff --git a/apps/sess_id.c b/apps/sess_id.c
deleted file mode 100644
index b16686c26d..0000000000
--- a/apps/sess_id.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/* apps/sess_id.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG	sess_id_main
-
-static const char *sess_id_usage[]={
-"usage: sess_id args\n",
-"\n",
-" -inform arg     - input format - default PEM (DER or PEM)\n",
-" -outform arg    - output format - default PEM\n",
-" -in arg         - input file - default stdin\n",
-" -out arg        - output file - default stdout\n",
-" -text           - print ssl session id details\n",
-" -cert           - output certificate \n",
-" -noout          - no CRL output\n",
-" -context arg    - set the session ID context\n",
-NULL
-};
-
-static SSL_SESSION *load_sess_id(char *file, int format);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	SSL_SESSION *x=NULL;
-	X509 *peer = NULL;
-	int ret=1,i,num,badops=0;
-	BIO *out=NULL;
-	int informat,outformat;
-	char *infile=NULL,*outfile=NULL,*context=NULL;
-	int cert=0,noout=0,text=0;
-	const char **pp;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-
-	argc--;
-	argv++;
-	num=0;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-text") == 0)
-			text= ++num;
-		else if (strcmp(*argv,"-cert") == 0)
-			cert= ++num;
-		else if (strcmp(*argv,"-noout") == 0)
-			noout= ++num;
-		else if (strcmp(*argv,"-context") == 0)
-		    {
-		    if(--argc < 1) goto bad;
-		    context=*++argv;
-		    }
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		for (pp=sess_id_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-	x=load_sess_id(infile,informat);
-	if (x == NULL) { goto end; }
-	peer = SSL_SESSION_get0_peer(x);
-
-	if(context)
-	    {
-	    size_t ctx_len = strlen(context);
-	    if(ctx_len > SSL_MAX_SID_CTX_LENGTH)
-		{
-		BIO_printf(bio_err,"Context too long\n");
-		goto end;
-		}
-	    SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len);
-	    }
-
-#ifdef undef
-	/* just testing for memory leaks :-) */
-	{
-	SSL_SESSION *s;
-	char buf[1024*10],*p;
-	int i;
-
-	s=SSL_SESSION_new();
-
-	p= &buf;
-	i=i2d_SSL_SESSION(x,&p);
-	p= &buf;
-	d2i_SSL_SESSION(&s,&p,(long)i);
-	p= &buf;
-	d2i_SSL_SESSION(&s,&p,(long)i);
-	p= &buf;
-	d2i_SSL_SESSION(&s,&p,(long)i);
-	SSL_SESSION_free(s);
-	}
-#endif
-
-	if (!noout || text)
-		{
-		out=BIO_new(BIO_s_file());
-		if (out == NULL)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-		if (outfile == NULL)
-			{
-			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-			}
-		else
-			{
-			if (BIO_write_filename(out,outfile) <= 0)
-				{
-				perror(outfile);
-				goto end;
-				}
-			}
-		}
-
-	if (text)
-		{
-		SSL_SESSION_print(out,x);
-
-		if (cert)
-			{
-			if (peer == NULL)
-				BIO_puts(out,"No certificate present\n");
-			else
-				X509_print(out,peer);
-			}
-		}
-
-	if (!noout && !cert)
-		{
-		if 	(outformat == FORMAT_ASN1)
-			i=i2d_SSL_SESSION_bio(out,x);
-		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_SSL_SESSION(out,x);
-		else	{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			goto end;
-			}
-		if (!i) {
-			BIO_printf(bio_err,"unable to write SSL_SESSION\n");
-			goto end;
-			}
-		}
-	else if (!noout && (peer != NULL)) /* just print the certificate */
-		{
-		if 	(outformat == FORMAT_ASN1)
-			i=(int)i2d_X509_bio(out,peer);
-		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_X509(out,peer);
-		else	{
-			BIO_printf(bio_err,"bad output format specified for outfile\n");
-			goto end;
-			}
-		if (!i) {
-			BIO_printf(bio_err,"unable to write X509\n");
-			goto end;
-			}
-		}
-	ret=0;
-end:
-	if (out != NULL) BIO_free_all(out);
-	if (x != NULL) SSL_SESSION_free(x);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-static SSL_SESSION *load_sess_id(char *infile, int format)
-	{
-	SSL_SESSION *x=NULL;
-	BIO *in=NULL;
-
-	in=BIO_new(BIO_s_file());
-	if (in == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
-	if 	(format == FORMAT_ASN1)
-		x=d2i_SSL_SESSION_bio(in,NULL);
-	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);
-	else	{
-		BIO_printf(bio_err,"bad input format specified for input crl\n");
-		goto end;
-		}
-	if (x == NULL)
-		{
-		BIO_printf(bio_err,"unable to load SSL_SESSION\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	
-end:
-	if (in != NULL) BIO_free(in);
-	return(x);
-	}
-
diff --git a/apps/smime.c b/apps/smime.c
deleted file mode 100644
index d1fe32d31b..0000000000
--- a/apps/smime.c
+++ /dev/null
@@ -1,857 +0,0 @@
-/* smime.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* S/MIME utility function */
-
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/crypto.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/x509_vfy.h>
-#include <openssl/x509v3.h>
-
-#undef PROG
-#define PROG smime_main
-static int save_certs(char *signerfile, STACK_OF(X509) *signers);
-static int smime_cb(int ok, X509_STORE_CTX *ctx);
-
-#define SMIME_OP	0x10
-#define SMIME_IP	0x20
-#define SMIME_SIGNERS	0x40
-#define SMIME_ENCRYPT	(1 | SMIME_OP)
-#define SMIME_DECRYPT	(2 | SMIME_IP)
-#define SMIME_SIGN	(3 | SMIME_OP | SMIME_SIGNERS)
-#define SMIME_VERIFY	(4 | SMIME_IP)
-#define SMIME_PK7OUT	(5 | SMIME_IP | SMIME_OP)
-#define SMIME_RESIGN	(6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	int operation = 0;
-	int ret = 0;
-	char **args;
-	const char *inmode = "r", *outmode = "w";
-	char *infile = NULL, *outfile = NULL;
-	char *signerfile = NULL, *recipfile = NULL;
-	STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
-	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
-	const EVP_CIPHER *cipher = NULL;
-	PKCS7 *p7 = NULL;
-	X509_STORE *store = NULL;
-	X509 *cert = NULL, *recip = NULL, *signer = NULL;
-	EVP_PKEY *key = NULL;
-	STACK_OF(X509) *encerts = NULL, *other = NULL;
-	BIO *in = NULL, *out = NULL, *indata = NULL;
-	int badarg = 0;
-	int flags = PKCS7_DETACHED;
-	char *to = NULL, *from = NULL, *subject = NULL;
-	char *CAfile = NULL, *CApath = NULL;
-	char *passargin = NULL, *passin = NULL;
-	char *inrand = NULL;
-	int need_rand = 0;
-	int indef = 0;
-	const EVP_MD *sign_md = NULL;
-	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
-        int keyform = FORMAT_PEM;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-
-	X509_VERIFY_PARAM *vpm = NULL;
-
-	args = argv + 1;
-	ret = 1;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		{
-		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-		}
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	while (!badarg && *args && *args[0] == '-')
-		{
-		if (!strcmp (*args, "-encrypt"))
-			operation = SMIME_ENCRYPT;
-		else if (!strcmp (*args, "-decrypt"))
-			operation = SMIME_DECRYPT;
-		else if (!strcmp (*args, "-sign"))
-			operation = SMIME_SIGN;
-		else if (!strcmp (*args, "-resign"))
-			operation = SMIME_RESIGN;
-		else if (!strcmp (*args, "-verify"))
-			operation = SMIME_VERIFY;
-		else if (!strcmp (*args, "-pk7out"))
-			operation = SMIME_PK7OUT;
-#ifndef OPENSSL_NO_DES
-		else if (!strcmp (*args, "-des3")) 
-				cipher = EVP_des_ede3_cbc();
-		else if (!strcmp (*args, "-des")) 
-				cipher = EVP_des_cbc();
-#endif
-#ifndef OPENSSL_NO_SEED
-		else if (!strcmp (*args, "-seed")) 
-				cipher = EVP_seed_cbc();
-#endif
-#ifndef OPENSSL_NO_RC2
-		else if (!strcmp (*args, "-rc2-40")) 
-				cipher = EVP_rc2_40_cbc();
-		else if (!strcmp (*args, "-rc2-128")) 
-				cipher = EVP_rc2_cbc();
-		else if (!strcmp (*args, "-rc2-64")) 
-				cipher = EVP_rc2_64_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
-		else if (!strcmp(*args,"-aes128"))
-				cipher = EVP_aes_128_cbc();
-		else if (!strcmp(*args,"-aes192"))
-				cipher = EVP_aes_192_cbc();
-		else if (!strcmp(*args,"-aes256"))
-				cipher = EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-		else if (!strcmp(*args,"-camellia128"))
-				cipher = EVP_camellia_128_cbc();
-		else if (!strcmp(*args,"-camellia192"))
-				cipher = EVP_camellia_192_cbc();
-		else if (!strcmp(*args,"-camellia256"))
-				cipher = EVP_camellia_256_cbc();
-#endif
-		else if (!strcmp (*args, "-text")) 
-				flags |= PKCS7_TEXT;
-		else if (!strcmp (*args, "-nointern")) 
-				flags |= PKCS7_NOINTERN;
-		else if (!strcmp (*args, "-noverify")) 
-				flags |= PKCS7_NOVERIFY;
-		else if (!strcmp (*args, "-nochain")) 
-				flags |= PKCS7_NOCHAIN;
-		else if (!strcmp (*args, "-nocerts")) 
-				flags |= PKCS7_NOCERTS;
-		else if (!strcmp (*args, "-noattr")) 
-				flags |= PKCS7_NOATTR;
-		else if (!strcmp (*args, "-nodetach")) 
-				flags &= ~PKCS7_DETACHED;
-		else if (!strcmp (*args, "-nosmimecap"))
-				flags |= PKCS7_NOSMIMECAP;
-		else if (!strcmp (*args, "-binary"))
-				flags |= PKCS7_BINARY;
-		else if (!strcmp (*args, "-nosigs"))
-				flags |= PKCS7_NOSIGS;
-		else if (!strcmp (*args, "-stream"))
-				indef = 1;
-		else if (!strcmp (*args, "-indef"))
-				indef = 1;
-		else if (!strcmp (*args, "-noindef"))
-				indef = 0;
-		else if (!strcmp (*args, "-nooldmime"))
-				flags |= PKCS7_NOOLDMIMETYPE;
-		else if (!strcmp (*args, "-crlfeol"))
-				flags |= PKCS7_CRLFEOL;
-		else if (!strcmp(*args,"-rand"))
-			{
-			if (!args[1])
-				goto argerr;
-			args++;
-			inrand = *args;
-			need_rand = 1;
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (!strcmp(*args,"-engine"))
-			{
-			if (!args[1])
-				goto argerr;
-			engine = *++args;
-			}
-#endif
-		else if (!strcmp(*args,"-passin"))
-			{
-			if (!args[1])
-				goto argerr;
-			passargin = *++args;
-			}
-		else if (!strcmp (*args, "-to"))
-			{
-			if (!args[1])
-				goto argerr;
-			to = *++args;
-			}
-		else if (!strcmp (*args, "-from"))
-			{
-			if (!args[1])
-				goto argerr;
-			from = *++args;
-			}
-		else if (!strcmp (*args, "-subject"))
-			{
-			if (!args[1])
-				goto argerr;
-			subject = *++args;
-			}
-		else if (!strcmp (*args, "-signer"))
-			{
-			if (!args[1])
-				goto argerr;
-			/* If previous -signer argument add signer to list */
-
-			if (signerfile)
-				{
-				if (!sksigners)
-					sksigners = sk_OPENSSL_STRING_new_null();
-				sk_OPENSSL_STRING_push(sksigners, signerfile);
-				if (!keyfile)
-					keyfile = signerfile;
-				if (!skkeys)
-					skkeys = sk_OPENSSL_STRING_new_null();
-				sk_OPENSSL_STRING_push(skkeys, keyfile);
-				keyfile = NULL;
-				}
-			signerfile = *++args;
-			}
-		else if (!strcmp (*args, "-recip"))
-			{
-			if (!args[1])
-				goto argerr;
-			recipfile = *++args;
-			}
-		else if (!strcmp (*args, "-md"))
-			{
-			if (!args[1])
-				goto argerr;
-			sign_md = EVP_get_digestbyname(*++args);
-			if (sign_md == NULL)
-				{
-				BIO_printf(bio_err, "Unknown digest %s\n",
-							*args);
-				goto argerr;
-				}
-			}
-		else if (!strcmp (*args, "-inkey"))
-			{
-			if (!args[1])	
-				goto argerr;
-			/* If previous -inkey arument add signer to list */
-			if (keyfile)
-				{
-				if (!signerfile)
-					{
-					BIO_puts(bio_err, "Illegal -inkey without -signer\n");
-					goto argerr;
-					}
-				if (!sksigners)
-					sksigners = sk_OPENSSL_STRING_new_null();
-				sk_OPENSSL_STRING_push(sksigners, signerfile);
-				signerfile = NULL;
-				if (!skkeys)
-					skkeys = sk_OPENSSL_STRING_new_null();
-				sk_OPENSSL_STRING_push(skkeys, keyfile);
-				}
-			keyfile = *++args;
-			}
-		else if (!strcmp (*args, "-keyform"))
-			{
-			if (!args[1])
-				goto argerr;
-			keyform = str2fmt(*++args);
-			}
-		else if (!strcmp (*args, "-certfile"))
-			{
-			if (!args[1])
-				goto argerr;
-			certfile = *++args;
-			}
-		else if (!strcmp (*args, "-CAfile"))
-			{
-			if (!args[1])
-				goto argerr;
-			CAfile = *++args;
-			}
-		else if (!strcmp (*args, "-CApath"))
-			{
-			if (!args[1])
-				goto argerr;
-			CApath = *++args;
-			}
-		else if (!strcmp (*args, "-in"))
-			{
-			if (!args[1])
-				goto argerr;
-			infile = *++args;
-			}
-		else if (!strcmp (*args, "-inform"))
-			{
-			if (!args[1])
-				goto argerr;
-			informat = str2fmt(*++args);
-			}
-		else if (!strcmp (*args, "-outform"))
-			{
-			if (!args[1])
-				goto argerr;
-			outformat = str2fmt(*++args);
-			}
-		else if (!strcmp (*args, "-out"))
-			{
-			if (!args[1])
-				goto argerr;
-			outfile = *++args;
-			}
-		else if (!strcmp (*args, "-content"))
-			{
-			if (!args[1])
-				goto argerr;
-			contfile = *++args;
-			}
-		else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
-			continue;
-		else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
-			badarg = 1;
-		args++;
-		}
-
-	if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
-		{
-		BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
-		goto argerr;
-		}
-
-	if (operation & SMIME_SIGNERS)
-		{
-		/* Check to see if any final signer needs to be appended */
-		if (keyfile && !signerfile)
-			{
-			BIO_puts(bio_err, "Illegal -inkey without -signer\n");
-			goto argerr;
-			}
-		if (signerfile)
-			{
-			if (!sksigners)
-				sksigners = sk_OPENSSL_STRING_new_null();
-			sk_OPENSSL_STRING_push(sksigners, signerfile);
-			if (!skkeys)
-				skkeys = sk_OPENSSL_STRING_new_null();
-			if (!keyfile)
-				keyfile = signerfile;
-			sk_OPENSSL_STRING_push(skkeys, keyfile);
-			}
-		if (!sksigners)
-			{
-			BIO_printf(bio_err, "No signer certificate specified\n");
-			badarg = 1;
-			}
-		signerfile = NULL;
-		keyfile = NULL;
-		need_rand = 1;
-		}
-	else if (operation == SMIME_DECRYPT)
-		{
-		if (!recipfile && !keyfile)
-			{
-			BIO_printf(bio_err, "No recipient certificate or key specified\n");
-			badarg = 1;
-			}
-		}
-	else if (operation == SMIME_ENCRYPT)
-		{
-		if (!*args)
-			{
-			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
-			badarg = 1;
-			}
-		need_rand = 1;
-		}
-	else if (!operation)
-		badarg = 1;
-
-	if (badarg)
-		{
-		argerr:
-		BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
-		BIO_printf (bio_err, "where options are\n");
-		BIO_printf (bio_err, "-encrypt       encrypt message\n");
-		BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");
-		BIO_printf (bio_err, "-sign          sign message\n");
-		BIO_printf (bio_err, "-verify        verify signed message\n");
-		BIO_printf (bio_err, "-pk7out        output PKCS#7 structure\n");
-#ifndef OPENSSL_NO_DES
-		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
-		BIO_printf (bio_err, "-des           encrypt with DES\n");
-#endif
-#ifndef OPENSSL_NO_SEED
-		BIO_printf (bio_err, "-seed          encrypt with SEED\n");
-#endif
-#ifndef OPENSSL_NO_RC2
-		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
-		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
-		BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
-#endif
-#ifndef OPENSSL_NO_AES
-		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
-		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-		BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
-		BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
-#endif
-		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
-		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
-		BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
-		BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
-		BIO_printf (bio_err, "-nodetach      use opaque signing\n");
-		BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
-		BIO_printf (bio_err, "-binary        don't translate message to text\n");
-		BIO_printf (bio_err, "-certfile file other certificates file\n");
-		BIO_printf (bio_err, "-signer file   signer certificate file\n");
-		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
-		BIO_printf (bio_err, "-in file       input file\n");
-		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
-		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
-		BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
-		BIO_printf (bio_err, "-out file      output file\n");
-		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
-		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
-		BIO_printf (bio_err, "-to addr       to address\n");
-		BIO_printf (bio_err, "-from ad       from address\n");
-		BIO_printf (bio_err, "-subject s     subject\n");
-		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
-		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
-		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
-		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
-		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
-#endif
-		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
-		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,  "               the random number generator\n");
-		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
-		goto end;
-		}
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
-	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
-		{
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-		}
-
-	if (need_rand)
-		{
-		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
-		if (inrand != NULL)
-			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-				app_RAND_load_files(inrand));
-		}
-
-	ret = 2;
-
-	if (!(operation & SMIME_SIGNERS))
-		flags &= ~PKCS7_DETACHED;
-
-	if (operation & SMIME_OP)
-		{
-		if (outformat == FORMAT_ASN1)
-			outmode = "wb";
-		}
-	else
-		{
-		if (flags & PKCS7_BINARY)
-			outmode = "wb";
-		}
-
-	if (operation & SMIME_IP)
-		{
-		if (informat == FORMAT_ASN1)
-			inmode = "rb";
-		}
-	else
-		{
-		if (flags & PKCS7_BINARY)
-			inmode = "rb";
-		}
-
-	if (operation == SMIME_ENCRYPT)
-		{
-		if (!cipher)
-			{
-#ifndef OPENSSL_NO_DES			
-			cipher = EVP_des_ede3_cbc();
-#else
-			BIO_printf(bio_err, "No cipher selected\n");
-			goto end;
-#endif
-			}
-		encerts = sk_X509_new_null();
-		while (*args)
-			{
-			if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
-				NULL, e, "recipient certificate file")))
-				{
-#if 0				/* An appropriate message is already printed */
-				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
-#endif
-				goto end;
-				}
-			sk_X509_push(encerts, cert);
-			cert = NULL;
-			args++;
-			}
-		}
-
-	if (certfile)
-		{
-		if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
-			e, "certificate file")))
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-
-	if (recipfile && (operation == SMIME_DECRYPT))
-		{
-		if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
-			e, "recipient certificate file")))
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-
-	if (operation == SMIME_DECRYPT)
-		{
-		if (!keyfile)
-			keyfile = recipfile;
-		}
-	else if (operation == SMIME_SIGN)
-		{
-		if (!keyfile)
-			keyfile = signerfile;
-		}
-	else keyfile = NULL;
-
-	if (keyfile)
-		{
-		key = load_key(bio_err, keyfile, keyform, 0, passin, e,
-			       "signing key file");
-		if (!key)
-			goto end;
-		}
-
-	if (infile)
-		{
-		if (!(in = BIO_new_file(infile, inmode)))
-			{
-			BIO_printf (bio_err,
-				 "Can't open input file %s\n", infile);
-			goto end;
-			}
-		}
-	else
-		in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
-	if (operation & SMIME_IP)
-		{
-		if (informat == FORMAT_SMIME) 
-			p7 = SMIME_read_PKCS7(in, &indata);
-		else if (informat == FORMAT_PEM) 
-			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
-		else if (informat == FORMAT_ASN1) 
-			p7 = d2i_PKCS7_bio(in, NULL);
-		else
-			{
-			BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
-			goto end;
-			}
-
-		if (!p7)
-			{
-			BIO_printf(bio_err, "Error reading S/MIME message\n");
-			goto end;
-			}
-		if (contfile)
-			{
-			BIO_free(indata);
-			if (!(indata = BIO_new_file(contfile, "rb")))
-				{
-				BIO_printf(bio_err, "Can't read content file %s\n", contfile);
-				goto end;
-				}
-			}
-		}
-
-	if (outfile)
-		{
-		if (!(out = BIO_new_file(outfile, outmode)))
-			{
-			BIO_printf (bio_err,
-				 "Can't open output file %s\n", outfile);
-			goto end;
-			}
-		}
-	else
-		{
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		    out = BIO_push(tmpbio, out);
-		}
-#endif
-		}
-
-	if (operation == SMIME_VERIFY)
-		{
-		if (!(store = setup_verify(bio_err, CAfile, CApath)))
-			goto end;
-		X509_STORE_set_verify_cb(store, smime_cb);
-		if (vpm)
-			X509_STORE_set1_param(store, vpm);
-		}
-
-
-	ret = 3;
-
-	if (operation == SMIME_ENCRYPT)
-		{
-		if (indef)
-			flags |= PKCS7_STREAM;
-		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
-		}
-	else if (operation & SMIME_SIGNERS)
-		{
-		int i;
-		/* If detached data content we only enable streaming if
-		 * S/MIME output format.
-		 */
-		if (operation == SMIME_SIGN)
-			{
-			if (flags & PKCS7_DETACHED)
-				{
-				if (outformat == FORMAT_SMIME)
-					flags |= PKCS7_STREAM;
-				}
-			else if (indef)
-				flags |= PKCS7_STREAM;
-			flags |= PKCS7_PARTIAL;
-			p7 = PKCS7_sign(NULL, NULL, other, in, flags);
-			if (!p7)
-				goto end;
-			}
-		else
-			flags |= PKCS7_REUSE_DIGEST;
-		for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
-			{
-			signerfile = sk_OPENSSL_STRING_value(sksigners, i);
-			keyfile = sk_OPENSSL_STRING_value(skkeys, i);
-			signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
-					e, "signer certificate");
-			if (!signer)
-				goto end;
-			key = load_key(bio_err, keyfile, keyform, 0, passin, e,
-			       "signing key file");
-			if (!key)
-				goto end;
-			if (!PKCS7_sign_add_signer(p7, signer, key,
-						sign_md, flags))
-				goto end;
-			X509_free(signer);
-			signer = NULL;
-			EVP_PKEY_free(key);
-			key = NULL;
-			}
-		/* If not streaming or resigning finalize structure */
-		if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM))
-			{
-			if (!PKCS7_final(p7, in, flags))
-				goto end;
-			}
-		}
-
-	if (!p7)
-		{
-		BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
-		goto end;
-		}
-
-	ret = 4;
-	if (operation == SMIME_DECRYPT)
-		{
-		if (!PKCS7_decrypt(p7, key, recip, out, flags))
-			{
-			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
-			goto end;
-			}
-		}
-	else if (operation == SMIME_VERIFY)
-		{
-		STACK_OF(X509) *signers;
-		if (PKCS7_verify(p7, other, store, indata, out, flags))
-			BIO_printf(bio_err, "Verification successful\n");
-		else
-			{
-			BIO_printf(bio_err, "Verification failure\n");
-			goto end;
-			}
-		signers = PKCS7_get0_signers(p7, other, flags);
-		if (!save_certs(signerfile, signers))
-			{
-			BIO_printf(bio_err, "Error writing signers to %s\n",
-								signerfile);
-			ret = 5;
-			goto end;
-			}
-		sk_X509_free(signers);
-		}
-	else if (operation == SMIME_PK7OUT)
-		PEM_write_bio_PKCS7(out, p7);
-	else
-		{
-		if (to)
-			BIO_printf(out, "To: %s\n", to);
-		if (from)
-			BIO_printf(out, "From: %s\n", from);
-		if (subject)
-			BIO_printf(out, "Subject: %s\n", subject);
-		if (outformat == FORMAT_SMIME) 
-			{
-			if (operation == SMIME_RESIGN)
-				SMIME_write_PKCS7(out, p7, indata, flags);
-			else
-				SMIME_write_PKCS7(out, p7, in, flags);
-			}
-		else if (outformat == FORMAT_PEM) 
-			PEM_write_bio_PKCS7_stream(out, p7, in, flags);
-		else if (outformat == FORMAT_ASN1) 
-			i2d_PKCS7_bio_stream(out,p7, in, flags);
-		else
-			{
-			BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
-			goto end;
-			}
-		}
-	ret = 0;
-end:
-	if (need_rand)
-		app_RAND_write_file(NULL, bio_err);
-	if (ret) ERR_print_errors(bio_err);
-	sk_X509_pop_free(encerts, X509_free);
-	sk_X509_pop_free(other, X509_free);
-	if (vpm)
-		X509_VERIFY_PARAM_free(vpm);
-	if (sksigners)
-		sk_OPENSSL_STRING_free(sksigners);
-	if (skkeys)
-		sk_OPENSSL_STRING_free(skkeys);
-	X509_STORE_free(store);
-	X509_free(cert);
-	X509_free(recip);
-	X509_free(signer);
-	EVP_PKEY_free(key);
-	PKCS7_free(p7);
-	BIO_free(in);
-	BIO_free(indata);
-	BIO_free_all(out);
-	if (passin) OPENSSL_free(passin);
-	return (ret);
-}
-
-static int save_certs(char *signerfile, STACK_OF(X509) *signers)
-	{
-	int i;
-	BIO *tmp;
-	if (!signerfile)
-		return 1;
-	tmp = BIO_new_file(signerfile, "w");
-	if (!tmp) return 0;
-	for(i = 0; i < sk_X509_num(signers); i++)
-		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
-	BIO_free(tmp);
-	return 1;
-	}
-	
-
-/* Minimal callback just to output policy info (if any) */
-
-static int smime_cb(int ok, X509_STORE_CTX *ctx)
-	{
-	int error;
-
-	error = X509_STORE_CTX_get_error(ctx);
-
-	if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
-		&& ((error != X509_V_OK) || (ok != 2)))
-		return ok;
-
-	policies_print(NULL, ctx);
-
-	return ok;
-
-	}
diff --git a/apps/speed.c b/apps/speed.c
deleted file mode 100644
index 2e613968de..0000000000
--- a/apps/speed.c
+++ /dev/null
@@ -1,2823 +0,0 @@
-/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The ECDH and ECDSA speed test software is originally written by 
- * Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#ifndef OPENSSL_NO_SPEED
-
-#undef SECONDS
-#define SECONDS		3	
-#define RSA_SECONDS	10
-#define DSA_SECONDS	10
-#define ECDSA_SECONDS   10
-#define ECDH_SECONDS    10
-
-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
-
-#undef PROG
-#define PROG speed_main
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <string.h>
-#include <math.h>
-#include "apps.h"
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#if !defined(OPENSSL_SYS_MSDOS)
-#include OPENSSL_UNISTD
-#endif
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#if defined(_WIN32) || defined(__CYGWIN__)
-#include <windows.h>
-# if defined(__CYGWIN__) && !defined(_WIN32)
-  /* <windows.h> should define _WIN32, which normally is mutually
-   * exclusive with __CYGWIN__, but if it didn't... */
-#  define _WIN32
-  /* this is done because Cygwin alarm() fails sometimes. */
-# endif
-#endif
-
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DES
-#include <openssl/des.h>
-#endif
-#ifndef OPENSSL_NO_AES
-#include <openssl/aes.h>
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-#include <openssl/camellia.h>
-#endif
-#ifndef OPENSSL_NO_MD2
-#include <openssl/md2.h>
-#endif
-#ifndef OPENSSL_NO_MDC2
-#include <openssl/mdc2.h>
-#endif
-#ifndef OPENSSL_NO_MD4
-#include <openssl/md4.h>
-#endif
-#ifndef OPENSSL_NO_MD5
-#include <openssl/md5.h>
-#endif
-#ifndef OPENSSL_NO_HMAC
-#include <openssl/hmac.h>
-#endif
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_SHA
-#include <openssl/sha.h>
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-#include <openssl/ripemd.h>
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-#include <openssl/whrlpool.h>
-#endif
-#ifndef OPENSSL_NO_RC4
-#include <openssl/rc4.h>
-#endif
-#ifndef OPENSSL_NO_RC5
-#include <openssl/rc5.h>
-#endif
-#ifndef OPENSSL_NO_RC2
-#include <openssl/rc2.h>
-#endif
-#ifndef OPENSSL_NO_IDEA
-#include <openssl/idea.h>
-#endif
-#ifndef OPENSSL_NO_SEED
-#include <openssl/seed.h>
-#endif
-#ifndef OPENSSL_NO_BF
-#include <openssl/blowfish.h>
-#endif
-#ifndef OPENSSL_NO_CAST
-#include <openssl/cast.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#include "./testrsa.h"
-#endif
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#include "./testdsa.h"
-#endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-#include <openssl/modes.h>
-
-#ifdef OPENSSL_FIPS
-#ifdef OPENSSL_DOING_MAKEDEPEND
-#undef AES_set_encrypt_key
-#undef AES_set_decrypt_key
-#undef DES_set_key_unchecked
-#endif
-#define BF_set_key	private_BF_set_key
-#define CAST_set_key	private_CAST_set_key
-#define idea_set_encrypt_key	private_idea_set_encrypt_key
-#define SEED_set_key	private_SEED_set_key
-#define RC2_set_key	private_RC2_set_key
-#define RC4_set_key	private_RC4_set_key
-#define DES_set_key_unchecked	private_DES_set_key_unchecked
-#define AES_set_encrypt_key	private_AES_set_encrypt_key
-#define AES_set_decrypt_key	private_AES_set_decrypt_key
-#define Camellia_set_key	private_Camellia_set_key
-#endif
-
-#ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
-#  define HAVE_FORK 0
-# else
-#  define HAVE_FORK 1
-# endif
-#endif
-
-#if HAVE_FORK
-#undef NO_FORK
-#else
-#define NO_FORK
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE	((long)1024*8+1)
-static volatile int run=0;
-
-static int mr=0;
-static int usertime=1;
-
-static double Time_F(int s);
-static void print_message(const char *s,long num,int length);
-static void pkey_print_message(const char *str, const char *str2,
-	long num, int bits, int sec);
-static void print_result(int alg,int run_no,int count,double time_used);
-#ifndef NO_FORK
-static int do_multi(int multi);
-#endif
-
-#define ALGOR_NUM	30
-#define SIZE_NUM	5
-#define RSA_NUM		4
-#define DSA_NUM		3
-
-#define EC_NUM       16
-#define MAX_ECDH_SIZE 256
-
-static const char *names[ALGOR_NUM]={
-  "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
-  "des cbc","des ede3","idea cbc","seed cbc",
-  "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
-  "aes-128 cbc","aes-192 cbc","aes-256 cbc",
-  "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
-  "evp","sha256","sha512","whirlpool",
-  "aes-128 ige","aes-192 ige","aes-256 ige","ghash" };
-static double results[ALGOR_NUM][SIZE_NUM];
-static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
-#ifndef OPENSSL_NO_RSA
-static double rsa_results[RSA_NUM][2];
-#endif
-#ifndef OPENSSL_NO_DSA
-static double dsa_results[DSA_NUM][2];
-#endif
-#ifndef OPENSSL_NO_ECDSA
-static double ecdsa_results[EC_NUM][2];
-#endif
-#ifndef OPENSSL_NO_ECDH
-static double ecdh_results[EC_NUM][1];
-#endif
-
-#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-static int rnd_fake = 0;
-#endif
-
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif 
-
-static SIGRETTYPE sig_done(int sig);
-static SIGRETTYPE sig_done(int sig)
-	{
-	signal(SIGALRM,sig_done);
-	run=0;
-#ifdef LINT
-	sig=sig;
-#endif
-	}
-#endif
-
-#define START	0
-#define STOP	1
-
-#if defined(_WIN32)
-
-#if !defined(SIGALRM)
-# define SIGALRM
-#endif
-static unsigned int lapse,schlock;
-static void alarm_win32(unsigned int secs) { lapse = secs*1000; }
-#define alarm alarm_win32
-
-static DWORD WINAPI sleepy(VOID *arg)
-	{
-	schlock = 1;
-	Sleep(lapse);
-	run = 0;
-	return 0;
-	}
-
-static double Time_F(int s)
-	{
-	if (s == START)
-		{
-		HANDLE	thr;
-		schlock = 0;
-		thr = CreateThread(NULL,4096,sleepy,NULL,0,NULL);
-		if (thr==NULL)
-			{
-			DWORD ret=GetLastError();
-			BIO_printf(bio_err,"unable to CreateThread (%d)",ret);
-			ExitProcess(ret);
-			}
-		CloseHandle(thr);		/* detach the thread	*/
-		while (!schlock) Sleep(0);	/* scheduler spinlock	*/
-		}
-
-	return app_tminterval(s,usertime);
-	}
-#else
-
-static double Time_F(int s)
-	{
-	return app_tminterval(s,usertime);
-	}
-#endif
-
-
-#ifndef OPENSSL_NO_ECDH
-static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
-	{
-#ifndef OPENSSL_NO_SHA
-	if (*outlen < SHA_DIGEST_LENGTH)
-		return NULL;
-	else
-		*outlen = SHA_DIGEST_LENGTH;
-	return SHA1(in, inlen, out);
-#else
-	return NULL;
-#endif	/* OPENSSL_NO_SHA */
-	}
-#endif	/* OPENSSL_NO_ECDH */
-
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	unsigned char *buf=NULL,*buf2=NULL;
-	int mret=1;
-	long count=0,save_count=0;
-	int i,j,k;
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
-	long rsa_count;
-#endif
-#ifndef OPENSSL_NO_RSA
-	unsigned rsa_num;
-#endif
-	unsigned char md[EVP_MAX_MD_SIZE];
-#ifndef OPENSSL_NO_MD2
-	unsigned char md2[MD2_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_MDC2
-	unsigned char mdc2[MDC2_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_MD4
-	unsigned char md4[MD4_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_MD5
-	unsigned char md5[MD5_DIGEST_LENGTH];
-	unsigned char hmac[MD5_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_SHA
-	unsigned char sha[SHA_DIGEST_LENGTH];
-#ifndef OPENSSL_NO_SHA256
-	unsigned char sha256[SHA256_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_SHA512
-	unsigned char sha512[SHA512_DIGEST_LENGTH];
-#endif
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-	unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_RC4
-	RC4_KEY rc4_ks;
-#endif
-#ifndef OPENSSL_NO_RC5
-	RC5_32_KEY rc5_ks;
-#endif
-#ifndef OPENSSL_NO_RC2
-	RC2_KEY rc2_ks;
-#endif
-#ifndef OPENSSL_NO_IDEA
-	IDEA_KEY_SCHEDULE idea_ks;
-#endif
-#ifndef OPENSSL_NO_SEED
-	SEED_KEY_SCHEDULE seed_ks;
-#endif
-#ifndef OPENSSL_NO_BF
-	BF_KEY bf_ks;
-#endif
-#ifndef OPENSSL_NO_CAST
-	CAST_KEY cast_ks;
-#endif
-	static const unsigned char key16[16]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-#ifndef OPENSSL_NO_AES
-	static const unsigned char key24[24]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
-		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	static const unsigned char key32[32]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
-		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
-		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-	static const unsigned char ckey24[24]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
-		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	static const unsigned char ckey32[32]=
-		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
-		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
-		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
-		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
-#endif
-#ifndef OPENSSL_NO_AES
-#define MAX_BLOCK_SIZE 128
-#else
-#define MAX_BLOCK_SIZE 64
-#endif
-	unsigned char DES_iv[8];
-	unsigned char iv[2*MAX_BLOCK_SIZE/8];
-#ifndef OPENSSL_NO_DES
-	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
-	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	DES_key_schedule sch;
-	DES_key_schedule sch2;
-	DES_key_schedule sch3;
-#endif
-#ifndef OPENSSL_NO_AES
-	AES_KEY aes_ks1, aes_ks2, aes_ks3;
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-	CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
-#endif
-#define	D_MD2		0
-#define	D_MDC2		1
-#define	D_MD4		2
-#define	D_MD5		3
-#define	D_HMAC		4
-#define	D_SHA1		5
-#define D_RMD160	6
-#define	D_RC4		7
-#define	D_CBC_DES	8
-#define	D_EDE3_DES	9
-#define	D_CBC_IDEA	10
-#define	D_CBC_SEED	11
-#define	D_CBC_RC2	12
-#define	D_CBC_RC5	13
-#define	D_CBC_BF	14
-#define	D_CBC_CAST	15
-#define D_CBC_128_AES	16
-#define D_CBC_192_AES	17
-#define D_CBC_256_AES	18
-#define D_CBC_128_CML   19 
-#define D_CBC_192_CML   20
-#define D_CBC_256_CML   21 
-#define D_EVP		22
-#define D_SHA256	23	
-#define D_SHA512	24
-#define D_WHIRLPOOL	25
-#define D_IGE_128_AES   26
-#define D_IGE_192_AES   27
-#define D_IGE_256_AES   28
-#define D_GHASH		29
-	double d=0.0;
-	long c[ALGOR_NUM][SIZE_NUM];
-#define	R_DSA_512	0
-#define	R_DSA_1024	1
-#define	R_DSA_2048	2
-#define	R_RSA_512	0
-#define	R_RSA_1024	1
-#define	R_RSA_2048	2
-#define	R_RSA_4096	3
-
-#define R_EC_P160    0
-#define R_EC_P192    1	
-#define R_EC_P224    2
-#define R_EC_P256    3
-#define R_EC_P384    4
-#define R_EC_P521    5
-#define R_EC_K163    6
-#define R_EC_K233    7
-#define R_EC_K283    8
-#define R_EC_K409    9
-#define R_EC_K571    10
-#define R_EC_B163    11
-#define R_EC_B233    12
-#define R_EC_B283    13
-#define R_EC_B409    14
-#define R_EC_B571    15
-
-#ifndef OPENSSL_NO_RSA
-	RSA *rsa_key[RSA_NUM];
-	long rsa_c[RSA_NUM][2];
-	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
-	static unsigned char *rsa_data[RSA_NUM]=
-		{test512,test1024,test2048,test4096};
-	static int rsa_data_length[RSA_NUM]={
-		sizeof(test512),sizeof(test1024),
-		sizeof(test2048),sizeof(test4096)};
-#endif
-#ifndef OPENSSL_NO_DSA
-	DSA *dsa_key[DSA_NUM];
-	long dsa_c[DSA_NUM][2];
-	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
-#endif
-#ifndef OPENSSL_NO_EC
-	/* We only test over the following curves as they are representative, 
-	 * To add tests over more curves, simply add the curve NID
-	 * and curve name to the following arrays and increase the 
-	 * EC_NUM value accordingly. 
-	 */
-	static unsigned int test_curves[EC_NUM] = 
-	{	
-	/* Prime Curves */
-	NID_secp160r1,
-	NID_X9_62_prime192v1,
-	NID_secp224r1,
-	NID_X9_62_prime256v1,
-	NID_secp384r1,
-	NID_secp521r1,
-	/* Binary Curves */
-	NID_sect163k1,
-	NID_sect233k1,
-	NID_sect283k1,
-	NID_sect409k1,
-	NID_sect571k1,
-	NID_sect163r2,
-	NID_sect233r1,
-	NID_sect283r1,
-	NID_sect409r1,
-	NID_sect571r1
-	}; 
-	static const char * test_curves_names[EC_NUM] = 
-	{
-	/* Prime Curves */
-	"secp160r1",
-	"nistp192",
-	"nistp224",
-	"nistp256",
-	"nistp384",
-	"nistp521",
-	/* Binary Curves */
-	"nistk163",
-	"nistk233",
-	"nistk283",
-	"nistk409",
-	"nistk571",
-	"nistb163",
-	"nistb233",
-	"nistb283",
-	"nistb409",
-	"nistb571"
-	};
-	static int test_curves_bits[EC_NUM] =
-        {
-        160, 192, 224, 256, 384, 521,
-        163, 233, 283, 409, 571,
-        163, 233, 283, 409, 571
-        };
-
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-	unsigned char ecdsasig[256];
-	unsigned int ecdsasiglen;
-	EC_KEY *ecdsa[EC_NUM];
-	long ecdsa_c[EC_NUM][2];
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-	EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
-	unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
-	int secret_size_a, secret_size_b;
-	int ecdh_checks = 0;
-	int secret_idx = 0;
-	long ecdh_c[EC_NUM][2];
-#endif
-
-	int rsa_doit[RSA_NUM];
-	int dsa_doit[DSA_NUM];
-#ifndef OPENSSL_NO_ECDSA
-	int ecdsa_doit[EC_NUM];
-#endif
-#ifndef OPENSSL_NO_ECDH
-        int ecdh_doit[EC_NUM];
-#endif
-	int doit[ALGOR_NUM];
-	int pr_header=0;
-	const EVP_CIPHER *evp_cipher=NULL;
-	const EVP_MD *evp_md=NULL;
-	int decrypt=0;
-#ifndef NO_FORK
-	int multi=0;
-#endif
-
-#ifndef TIMES
-	usertime=-1;
-#endif
-
-	apps_startup();
-	memset(results, 0, sizeof(results));
-#ifndef OPENSSL_NO_DSA
-	memset(dsa_key,0,sizeof(dsa_key));
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	for (i=0; i<EC_NUM; i++)
-		{
-		ecdh_a[i] = NULL;
-		ecdh_b[i] = NULL;
-		}
-#endif
-
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-#ifndef OPENSSL_NO_RSA
-	memset(rsa_key,0,sizeof(rsa_key));
-	for (i=0; i<RSA_NUM; i++)
-		rsa_key[i]=NULL;
-#endif
-
-	if ((buf=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
-		{
-		BIO_printf(bio_err,"out of memory\n");
-		goto end;
-		}
-	if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
-		{
-		BIO_printf(bio_err,"out of memory\n");
-		goto end;
-		}
-
-	memset(c,0,sizeof(c));
-	memset(DES_iv,0,sizeof(DES_iv));
-	memset(iv,0,sizeof(iv));
-
-	for (i=0; i<ALGOR_NUM; i++)
-		doit[i]=0;
-	for (i=0; i<RSA_NUM; i++)
-		rsa_doit[i]=0;
-	for (i=0; i<DSA_NUM; i++)
-		dsa_doit[i]=0;
-#ifndef OPENSSL_NO_ECDSA
-	for (i=0; i<EC_NUM; i++)
-		ecdsa_doit[i]=0;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	for (i=0; i<EC_NUM; i++)
-		ecdh_doit[i]=0;
-#endif
-
-	
-	j=0;
-	argc--;
-	argv++;
-	while (argc)
-		{
-		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
-			{
-			usertime = 0;
-			j--;	/* Otherwise, -elapsed gets confused with
-				   an algorithm. */
-			}
-		else if	((argc > 0) && (strcmp(*argv,"-evp") == 0))
-			{
-			argc--;
-			argv++;
-			if(argc == 0)
-				{
-				BIO_printf(bio_err,"no EVP given\n");
-				goto end;
-				}
-			evp_cipher=EVP_get_cipherbyname(*argv);
-			if(!evp_cipher)
-				{
-				evp_md=EVP_get_digestbyname(*argv);
-				}
-			if(!evp_cipher && !evp_md)
-				{
-				BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv);
-				goto end;
-				}
-			doit[D_EVP]=1;
-			}
-		else if (argc > 0 && !strcmp(*argv,"-decrypt"))
-			{
-			decrypt=1;
-			j--;	/* Otherwise, -elapsed gets confused with
-				   an algorithm. */
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
-			{
-			argc--;
-			argv++;
-			if(argc == 0)
-				{
-				BIO_printf(bio_err,"no engine given\n");
-				goto end;
-				}
-                        setup_engine(bio_err, *argv, 0);
-			/* j will be increased again further down.  We just
-			   don't want speed to confuse an engine with an
-			   algorithm, especially when none is given (which
-			   means all of them should be run) */
-			j--;
-			}
-#endif
-#ifndef NO_FORK
-		else if	((argc > 0) && (strcmp(*argv,"-multi") == 0))
-			{
-			argc--;
-			argv++;
-			if(argc == 0)
-				{
-				BIO_printf(bio_err,"no multi count given\n");
-				goto end;
-				}
-			multi=atoi(argv[0]);
-			if(multi <= 0)
-			    {
-				BIO_printf(bio_err,"bad multi count\n");
-				goto end;
-				}				
-			j--;	/* Otherwise, -mr gets confused with
-				   an algorithm. */
-			}
-#endif
-		else if (argc > 0 && !strcmp(*argv,"-mr"))
-			{
-			mr=1;
-			j--;	/* Otherwise, -mr gets confused with
-				   an algorithm. */
-			}
-		else
-#ifndef OPENSSL_NO_MD2
-		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_MDC2
-			if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_MD4
-			if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_MD5
-			if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_MD5
-			if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_SHA
-			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
-		else
-			if (strcmp(*argv,"sha") == 0)	doit[D_SHA1]=1,
-							doit[D_SHA256]=1,
-							doit[D_SHA512]=1;
-		else
-#ifndef OPENSSL_NO_SHA256
-			if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_SHA512
-			if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1;
-		else
-#endif
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-			if (strcmp(*argv,"whirlpool") == 0) doit[D_WHIRLPOOL]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
-		else
-			if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
-		else
-			if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_RC4
-			if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
-		else 
-#endif
-#ifndef OPENSSL_NO_DES
-			if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
-		else	if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_AES
-			if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1;
-		else	if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1;
-		else	if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
-		else    if (strcmp(*argv,"aes-128-ige") == 0) doit[D_IGE_128_AES]=1;
-		else	if (strcmp(*argv,"aes-192-ige") == 0) doit[D_IGE_192_AES]=1;
-		else	if (strcmp(*argv,"aes-256-ige") == 0) doit[D_IGE_256_AES]=1;
-                else
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-			if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1;
-		else    if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1;
-		else    if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_RSA
-#if 0 /* was: #ifdef RSAref */
-			if (strcmp(*argv,"rsaref") == 0) 
-			{
-			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
-			j--;
-			}
-		else
-#endif
-#ifndef RSA_NULL
-			if (strcmp(*argv,"openssl") == 0) 
-			{
-			RSA_set_default_method(RSA_PKCS1_SSLeay());
-			j--;
-			}
-		else
-#endif
-#endif /* !OPENSSL_NO_RSA */
-		     if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
-		else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
-		else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
-		else if (strcmp(*argv,"rsa512") == 0) rsa_doit[R_RSA_512]=2;
-		else if (strcmp(*argv,"rsa1024") == 0) rsa_doit[R_RSA_1024]=2;
-		else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
-		else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
-		else
-#ifndef OPENSSL_NO_RC2
-		     if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
-		else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_RC5
-		     if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
-		else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_IDEA
-		     if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
-		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_SEED
-		     if (strcmp(*argv,"seed-cbc") == 0) doit[D_CBC_SEED]=1;
-		else if (strcmp(*argv,"seed") == 0) doit[D_CBC_SEED]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_BF
-		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
-		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
-		else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_CAST
-		     if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
-		else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
-		else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
-		else
-#endif
-#ifndef OPENSSL_NO_DES
-			if (strcmp(*argv,"des") == 0)
-			{
-			doit[D_CBC_DES]=1;
-			doit[D_EDE3_DES]=1;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_AES
-			if (strcmp(*argv,"aes") == 0)
-			{
-			doit[D_CBC_128_AES]=1;
-			doit[D_CBC_192_AES]=1;
-			doit[D_CBC_256_AES]=1;
-			}
-		else if (strcmp(*argv,"ghash") == 0)
-			{
-			doit[D_GHASH]=1;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-			if (strcmp(*argv,"camellia") == 0)
-			{
-			doit[D_CBC_128_CML]=1;
-			doit[D_CBC_192_CML]=1;
-			doit[D_CBC_256_CML]=1;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_RSA
-			if (strcmp(*argv,"rsa") == 0)
-			{
-			rsa_doit[R_RSA_512]=1;
-			rsa_doit[R_RSA_1024]=1;
-			rsa_doit[R_RSA_2048]=1;
-			rsa_doit[R_RSA_4096]=1;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_DSA
-			if (strcmp(*argv,"dsa") == 0)
-			{
-			dsa_doit[R_DSA_512]=1;
-			dsa_doit[R_DSA_1024]=1;
-			dsa_doit[R_DSA_2048]=1;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-		     if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
-		else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;
-		else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
-		else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
-		else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
-		else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
-		else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
-		else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
-		else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
-		else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
-		else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
-		else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
-		else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
-		else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
-		else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
-		else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
-		else if (strcmp(*argv,"ecdsa") == 0)
-			{
-			for (i=0; i < EC_NUM; i++)
-				ecdsa_doit[i]=1;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_ECDH
-		     if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
-		else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;
-		else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
-		else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
-		else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
-		else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
-		else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
-		else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
-		else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
-		else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
-		else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
-		else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
-		else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
-		else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
-		else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
-		else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
-		else if (strcmp(*argv,"ecdh") == 0)
-			{
-			for (i=0; i < EC_NUM; i++)
-				ecdh_doit[i]=1;
-			}
-		else
-#endif
-			{
-			BIO_printf(bio_err,"Error: bad option or value\n");
-			BIO_printf(bio_err,"\n");
-			BIO_printf(bio_err,"Available values:\n");
-#ifndef OPENSSL_NO_MD2
-			BIO_printf(bio_err,"md2      ");
-#endif
-#ifndef OPENSSL_NO_MDC2
-			BIO_printf(bio_err,"mdc2     ");
-#endif
-#ifndef OPENSSL_NO_MD4
-			BIO_printf(bio_err,"md4      ");
-#endif
-#ifndef OPENSSL_NO_MD5
-			BIO_printf(bio_err,"md5      ");
-#ifndef OPENSSL_NO_HMAC
-			BIO_printf(bio_err,"hmac     ");
-#endif
-#endif
-#ifndef OPENSSL_NO_SHA1
-			BIO_printf(bio_err,"sha1     ");
-#endif
-#ifndef OPENSSL_NO_SHA256
-			BIO_printf(bio_err,"sha256   ");
-#endif
-#ifndef OPENSSL_NO_SHA512
-			BIO_printf(bio_err,"sha512   ");
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-			BIO_printf(bio_err,"whirlpool");
-#endif
-#ifndef OPENSSL_NO_RIPEMD160
-			BIO_printf(bio_err,"rmd160");
-#endif
-#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
-    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
-    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \
-    !defined(OPENSSL_NO_WHIRLPOOL)
-			BIO_printf(bio_err,"\n");
-#endif
-
-#ifndef OPENSSL_NO_IDEA
-			BIO_printf(bio_err,"idea-cbc ");
-#endif
-#ifndef OPENSSL_NO_SEED
-			BIO_printf(bio_err,"seed-cbc ");
-#endif
-#ifndef OPENSSL_NO_RC2
-			BIO_printf(bio_err,"rc2-cbc  ");
-#endif
-#ifndef OPENSSL_NO_RC5
-			BIO_printf(bio_err,"rc5-cbc  ");
-#endif
-#ifndef OPENSSL_NO_BF
-			BIO_printf(bio_err,"bf-cbc");
-#endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
-    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
-			BIO_printf(bio_err,"\n");
-#endif
-#ifndef OPENSSL_NO_DES
-			BIO_printf(bio_err,"des-cbc  des-ede3 ");
-#endif
-#ifndef OPENSSL_NO_AES
-			BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
-			BIO_printf(bio_err,"aes-128-ige aes-192-ige aes-256-ige ");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-			BIO_printf(bio_err,"\n");
-			BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
-#endif
-#ifndef OPENSSL_NO_RC4
-			BIO_printf(bio_err,"rc4");
-#endif
-			BIO_printf(bio_err,"\n");
-
-#ifndef OPENSSL_NO_RSA
-			BIO_printf(bio_err,"rsa512   rsa1024  rsa2048  rsa4096\n");
-#endif
-
-#ifndef OPENSSL_NO_DSA
-			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
-#endif
-#ifndef OPENSSL_NO_ECDSA
-			BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
-			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
-			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
-			BIO_printf(bio_err,"ecdsa\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
-			BIO_printf(bio_err,"ecdhp160  ecdhp192  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
-			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
-			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
-			BIO_printf(bio_err,"ecdh\n");
-#endif
-
-#ifndef OPENSSL_NO_IDEA
-			BIO_printf(bio_err,"idea     ");
-#endif
-#ifndef OPENSSL_NO_SEED
-			BIO_printf(bio_err,"seed     ");
-#endif
-#ifndef OPENSSL_NO_RC2
-			BIO_printf(bio_err,"rc2      ");
-#endif
-#ifndef OPENSSL_NO_DES
-			BIO_printf(bio_err,"des      ");
-#endif
-#ifndef OPENSSL_NO_AES
-			BIO_printf(bio_err,"aes      ");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-			BIO_printf(bio_err,"camellia ");
-#endif
-#ifndef OPENSSL_NO_RSA
-			BIO_printf(bio_err,"rsa      ");
-#endif
-#ifndef OPENSSL_NO_BF
-			BIO_printf(bio_err,"blowfish");
-#endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
-    !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \
-    !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \
-    !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)
-			BIO_printf(bio_err,"\n");
-#endif
-
-			BIO_printf(bio_err,"\n");
-			BIO_printf(bio_err,"Available options:\n");
-#if defined(TIMES) || defined(USE_TOD)
-			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
-#endif
-#ifndef OPENSSL_NO_ENGINE
-			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
-#endif
-			BIO_printf(bio_err,"-evp e          use EVP e.\n");
-			BIO_printf(bio_err,"-decrypt        time decryption instead of encryption (only EVP).\n");
-			BIO_printf(bio_err,"-mr             produce machine readable output.\n");
-#ifndef NO_FORK
-			BIO_printf(bio_err,"-multi n        run n benchmarks in parallel.\n");
-#endif
-			goto end;
-			}
-		argc--;
-		argv++;
-		j++;
-		}
-
-#ifndef NO_FORK
-	if(multi && do_multi(multi))
-		goto show_res;
-#endif
-
-	if (j == 0)
-		{
-		for (i=0; i<ALGOR_NUM; i++)
-			{
-			if (i != D_EVP)
-				doit[i]=1;
-			}
-		for (i=0; i<RSA_NUM; i++)
-			rsa_doit[i]=1;
-		for (i=0; i<DSA_NUM; i++)
-			dsa_doit[i]=1;
-#ifndef OPENSSL_NO_ECDSA
-		for (i=0; i<EC_NUM; i++)
-			ecdsa_doit[i]=1;
-#endif
-#ifndef OPENSSL_NO_ECDH
-		for (i=0; i<EC_NUM; i++)
-			ecdh_doit[i]=1;
-#endif
-		}
-	for (i=0; i<ALGOR_NUM; i++)
-		if (doit[i]) pr_header++;
-
-	if (usertime == 0 && !mr)
-		BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
-
-#ifndef OPENSSL_NO_RSA
-	for (i=0; i<RSA_NUM; i++)
-		{
-		const unsigned char *p;
-
-		p=rsa_data[i];
-		rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
-		if (rsa_key[i] == NULL)
-			{
-			BIO_printf(bio_err,"internal error loading RSA key number %d\n",i);
-			goto end;
-			}
-#if 0
-		else
-			{
-			BIO_printf(bio_err,mr ? "+RK:%d:"
-				   : "Loaded RSA key, %d bit modulus and e= 0x",
-				   BN_num_bits(rsa_key[i]->n));
-			BN_print(bio_err,rsa_key[i]->e);
-			BIO_printf(bio_err,"\n");
-			}
-#endif
-		}
-#endif
-
-#ifndef OPENSSL_NO_DSA
-	dsa_key[0]=get_dsa512();
-	dsa_key[1]=get_dsa1024();
-	dsa_key[2]=get_dsa2048();
-#endif
-
-#ifndef OPENSSL_NO_DES
-	DES_set_key_unchecked(&key,&sch);
-	DES_set_key_unchecked(&key2,&sch2);
-	DES_set_key_unchecked(&key3,&sch3);
-#endif
-#ifndef OPENSSL_NO_AES
-	AES_set_encrypt_key(key16,128,&aes_ks1);
-	AES_set_encrypt_key(key24,192,&aes_ks2);
-	AES_set_encrypt_key(key32,256,&aes_ks3);
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-	Camellia_set_key(key16,128,&camellia_ks1);
-	Camellia_set_key(ckey24,192,&camellia_ks2);
-	Camellia_set_key(ckey32,256,&camellia_ks3);
-#endif
-#ifndef OPENSSL_NO_IDEA
-	idea_set_encrypt_key(key16,&idea_ks);
-#endif
-#ifndef OPENSSL_NO_SEED
-	SEED_set_key(key16,&seed_ks);
-#endif
-#ifndef OPENSSL_NO_RC4
-	RC4_set_key(&rc4_ks,16,key16);
-#endif
-#ifndef OPENSSL_NO_RC2
-	RC2_set_key(&rc2_ks,16,key16,128);
-#endif
-#ifndef OPENSSL_NO_RC5
-	RC5_32_set_key(&rc5_ks,16,key16,12);
-#endif
-#ifndef OPENSSL_NO_BF
-	BF_set_key(&bf_ks,16,key16);
-#endif
-#ifndef OPENSSL_NO_CAST
-	CAST_set_key(&cast_ks,16,key16);
-#endif
-#ifndef OPENSSL_NO_RSA
-	memset(rsa_c,0,sizeof(rsa_c));
-#endif
-#ifndef SIGALRM
-#ifndef OPENSSL_NO_DES
-	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
-	count=10;
-	do	{
-		long it;
-		count*=2;
-		Time_F(START);
-		for (it=count; it; it--)
-			DES_ecb_encrypt((DES_cblock *)buf,
-				(DES_cblock *)buf,
-				&sch,DES_ENCRYPT);
-		d=Time_F(STOP);
-		} while (d <3);
-	save_count=count;
-	c[D_MD2][0]=count/10;
-	c[D_MDC2][0]=count/10;
-	c[D_MD4][0]=count;
-	c[D_MD5][0]=count;
-	c[D_HMAC][0]=count;
-	c[D_SHA1][0]=count;
-	c[D_RMD160][0]=count;
-	c[D_RC4][0]=count*5;
-	c[D_CBC_DES][0]=count;
-	c[D_EDE3_DES][0]=count/3;
-	c[D_CBC_IDEA][0]=count;
-	c[D_CBC_SEED][0]=count;
-	c[D_CBC_RC2][0]=count;
-	c[D_CBC_RC5][0]=count;
-	c[D_CBC_BF][0]=count;
-	c[D_CBC_CAST][0]=count;
-	c[D_CBC_128_AES][0]=count;
-	c[D_CBC_192_AES][0]=count;
-	c[D_CBC_256_AES][0]=count;
-	c[D_CBC_128_CML][0]=count;
-	c[D_CBC_192_CML][0]=count;
-	c[D_CBC_256_CML][0]=count;
-	c[D_SHA256][0]=count;
-	c[D_SHA512][0]=count;
-	c[D_WHIRLPOOL][0]=count;
-	c[D_IGE_128_AES][0]=count;
-	c[D_IGE_192_AES][0]=count;
-	c[D_IGE_256_AES][0]=count;
-	c[D_GHASH][0]=count;
-
-	for (i=1; i<SIZE_NUM; i++)
-		{
-		c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
-		c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
-		c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i];
-		c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
-		c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
-		c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
-		c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
-		c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];
-		c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];
-		c[D_WHIRLPOOL][i]=c[D_WHIRLPOOL][0]*4*lengths[0]/lengths[i];
-		}
-	for (i=1; i<SIZE_NUM; i++)
-		{
-		long l0,l1;
-
-		l0=(long)lengths[i-1];
-		l1=(long)lengths[i];
-		c[D_RC4][i]=c[D_RC4][i-1]*l0/l1;
-		c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1;
-		c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;
-		c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;
-		c[D_CBC_SEED][i]=c[D_CBC_SEED][i-1]*l0/l1;
-		c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;
-		c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
-		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
-		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
-		c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
-		c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
-		c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
- 		c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1;
-		c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1;
-		c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1;
-		c[D_IGE_128_AES][i]=c[D_IGE_128_AES][i-1]*l0/l1;
-		c[D_IGE_192_AES][i]=c[D_IGE_192_AES][i-1]*l0/l1;
-		c[D_IGE_256_AES][i]=c[D_IGE_256_AES][i-1]*l0/l1;
-		}
-#ifndef OPENSSL_NO_RSA
-	rsa_c[R_RSA_512][0]=count/2000;
-	rsa_c[R_RSA_512][1]=count/400;
-	for (i=1; i<RSA_NUM; i++)
-		{
-		rsa_c[i][0]=rsa_c[i-1][0]/8;
-		rsa_c[i][1]=rsa_c[i-1][1]/4;
-		if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
-			rsa_doit[i]=0;
-		else
-			{
-			if (rsa_c[i][0] == 0)
-				{
-				rsa_c[i][0]=1;
-				rsa_c[i][1]=20;
-				}
-			}				
-		}
-#endif
-
-#ifndef OPENSSL_NO_DSA
-	dsa_c[R_DSA_512][0]=count/1000;
-	dsa_c[R_DSA_512][1]=count/1000/2;
-	for (i=1; i<DSA_NUM; i++)
-		{
-		dsa_c[i][0]=dsa_c[i-1][0]/4;
-		dsa_c[i][1]=dsa_c[i-1][1]/4;
-		if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
-			dsa_doit[i]=0;
-		else
-			{
-			if (dsa_c[i] == 0)
-				{
-				dsa_c[i][0]=1;
-				dsa_c[i][1]=1;
-				}
-			}				
-		}
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-	ecdsa_c[R_EC_P160][0]=count/1000;
-	ecdsa_c[R_EC_P160][1]=count/1000/2;
-	for (i=R_EC_P192; i<=R_EC_P521; i++)
-		{
-		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
-		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
-		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-			ecdsa_doit[i]=0;
-		else
-			{
-			if (ecdsa_c[i] == 0)
-				{
-				ecdsa_c[i][0]=1;
-				ecdsa_c[i][1]=1;
-				}
-			}
-		}
-	ecdsa_c[R_EC_K163][0]=count/1000;
-	ecdsa_c[R_EC_K163][1]=count/1000/2;
-	for (i=R_EC_K233; i<=R_EC_K571; i++)
-		{
-		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
-		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
-		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-			ecdsa_doit[i]=0;
-		else
-			{
-			if (ecdsa_c[i] == 0)
-				{
-				ecdsa_c[i][0]=1;
-				ecdsa_c[i][1]=1;
-				}
-			}
-		}
-	ecdsa_c[R_EC_B163][0]=count/1000;
-	ecdsa_c[R_EC_B163][1]=count/1000/2;
-	for (i=R_EC_B233; i<=R_EC_B571; i++)
-		{
-		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
-		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
-		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
-			ecdsa_doit[i]=0;
-		else
-			{
-			if (ecdsa_c[i] == 0)
-				{
-				ecdsa_c[i][0]=1;
-				ecdsa_c[i][1]=1;
-				}
-			}
-		}
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-	ecdh_c[R_EC_P160][0]=count/1000;
-	ecdh_c[R_EC_P160][1]=count/1000;
-	for (i=R_EC_P192; i<=R_EC_P521; i++)
-		{
-		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
-		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
-		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-			ecdh_doit[i]=0;
-		else
-			{
-			if (ecdh_c[i] == 0)
-				{
-				ecdh_c[i][0]=1;
-				ecdh_c[i][1]=1;
-				}
-			}
-		}
-	ecdh_c[R_EC_K163][0]=count/1000;
-	ecdh_c[R_EC_K163][1]=count/1000;
-	for (i=R_EC_K233; i<=R_EC_K571; i++)
-		{
-		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
-		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
-		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-			ecdh_doit[i]=0;
-		else
-			{
-			if (ecdh_c[i] == 0)
-				{
-				ecdh_c[i][0]=1;
-				ecdh_c[i][1]=1;
-				}
-			}
-		}
-	ecdh_c[R_EC_B163][0]=count/1000;
-	ecdh_c[R_EC_B163][1]=count/1000;
-	for (i=R_EC_B233; i<=R_EC_B571; i++)
-		{
-		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
-		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
-		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
-			ecdh_doit[i]=0;
-		else
-			{
-			if (ecdh_c[i] == 0)
-				{
-				ecdh_c[i][0]=1;
-				ecdh_c[i][1]=1;
-				}
-			}
-		}
-#endif
-
-#define COND(d)	(count < (d))
-#define COUNT(d) (d)
-#else
-/* not worth fixing */
-# error "You cannot disable DES on systems without SIGALRM."
-#endif /* OPENSSL_NO_DES */
-#else
-#define COND(c)	(run && count<0x7fffffff)
-#define COUNT(d) (count)
-#ifndef _WIN32
-	signal(SIGALRM,sig_done);
-#endif
-#endif /* SIGALRM */
-
-#ifndef OPENSSL_NO_MD2
-	if (doit[D_MD2])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_MD2][j]); count++)
-				EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL);
-			d=Time_F(STOP);
-			print_result(D_MD2,j,count,d);
-			}
-		}
-#endif
-#ifndef OPENSSL_NO_MDC2
-	if (doit[D_MDC2])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_MDC2][j]); count++)
-				EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL);
-			d=Time_F(STOP);
-			print_result(D_MDC2,j,count,d);
-			}
-		}
-#endif
-
-#ifndef OPENSSL_NO_MD4
-	if (doit[D_MD4])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_MD4][j]); count++)
-				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL);
-			d=Time_F(STOP);
-			print_result(D_MD4,j,count,d);
-			}
-		}
-#endif
-
-#ifndef OPENSSL_NO_MD5
-	if (doit[D_MD5])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_MD5][j]); count++)
-				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);
-			d=Time_F(STOP);
-			print_result(D_MD5,j,count,d);
-			}
-		}
-#endif
-
-#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
-	if (doit[D_HMAC])
-		{
-		HMAC_CTX hctx;
-
-		HMAC_CTX_init(&hctx);
-		HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
-			16,EVP_md5(), NULL);
-
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_HMAC][j]); count++)
-				{
-				HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
-				HMAC_Update(&hctx,buf,lengths[j]);
-				HMAC_Final(&hctx,&(hmac[0]),NULL);
-				}
-			d=Time_F(STOP);
-			print_result(D_HMAC,j,count,d);
-			}
-		HMAC_CTX_cleanup(&hctx);
-		}
-#endif
-#ifndef OPENSSL_NO_SHA
-	if (doit[D_SHA1])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_SHA1][j]); count++)
-				EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);
-			d=Time_F(STOP);
-			print_result(D_SHA1,j,count,d);
-			}
-		}
-
-#ifndef OPENSSL_NO_SHA256
-	if (doit[D_SHA256])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_SHA256][j]); count++)
-				SHA256(buf,lengths[j],sha256);
-			d=Time_F(STOP);
-			print_result(D_SHA256,j,count,d);
-			}
-		}
-#endif
-
-#ifndef OPENSSL_NO_SHA512
-	if (doit[D_SHA512])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_SHA512][j]); count++)
-				SHA512(buf,lengths[j],sha512);
-			d=Time_F(STOP);
-			print_result(D_SHA512,j,count,d);
-			}
-		}
-#endif
-#endif
-
-#ifndef OPENSSL_NO_WHIRLPOOL
-	if (doit[D_WHIRLPOOL])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_WHIRLPOOL],c[D_WHIRLPOOL][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_WHIRLPOOL][j]); count++)
-				WHIRLPOOL(buf,lengths[j],whirlpool);
-			d=Time_F(STOP);
-			print_result(D_WHIRLPOOL,j,count,d);
-			}
-		}
-#endif
-
-#ifndef OPENSSL_NO_RIPEMD
-	if (doit[D_RMD160])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_RMD160][j]); count++)
-				EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL);
-			d=Time_F(STOP);
-			print_result(D_RMD160,j,count,d);
-			}
-		}
-#endif
-#ifndef OPENSSL_NO_RC4
-	if (doit[D_RC4])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_RC4][j]); count++)
-				RC4(&rc4_ks,(unsigned int)lengths[j],
-					buf,buf);
-			d=Time_F(STOP);
-			print_result(D_RC4,j,count,d);
-			}
-		}
-#endif
-#ifndef OPENSSL_NO_DES
-	if (doit[D_CBC_DES])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
-				DES_ncbc_encrypt(buf,buf,lengths[j],&sch,
-						 &DES_iv,DES_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_CBC_DES,j,count,d);
-			}
-		}
-
-	if (doit[D_EDE3_DES])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
-				DES_ede3_cbc_encrypt(buf,buf,lengths[j],
-						     &sch,&sch2,&sch3,
-						     &DES_iv,DES_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_EDE3_DES,j,count,d);
-			}
-		}
-#endif
-#ifndef OPENSSL_NO_AES
-	if (doit[D_CBC_128_AES])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_128_AES],c[D_CBC_128_AES][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_128_AES][j]); count++)
-				AES_cbc_encrypt(buf,buf,
-					(unsigned long)lengths[j],&aes_ks1,
-					iv,AES_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_CBC_128_AES,j,count,d);
-			}
-		}
-	if (doit[D_CBC_192_AES])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_192_AES],c[D_CBC_192_AES][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_192_AES][j]); count++)
-				AES_cbc_encrypt(buf,buf,
-					(unsigned long)lengths[j],&aes_ks2,
-					iv,AES_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_CBC_192_AES,j,count,d);
-			}
-		}
-	if (doit[D_CBC_256_AES])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_256_AES],c[D_CBC_256_AES][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_256_AES][j]); count++)
-				AES_cbc_encrypt(buf,buf,
-					(unsigned long)lengths[j],&aes_ks3,
-					iv,AES_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_CBC_256_AES,j,count,d);
-			}
-		}
-
-#if 0 /* ANDROID */
-	if (doit[D_IGE_128_AES])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_IGE_128_AES],c[D_IGE_128_AES][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_IGE_128_AES][j]); count++)
-				AES_ige_encrypt(buf,buf2,
-					(unsigned long)lengths[j],&aes_ks1,
-					iv,AES_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_IGE_128_AES,j,count,d);
-			}
-		}
-	if (doit[D_IGE_192_AES])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_IGE_192_AES],c[D_IGE_192_AES][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_IGE_192_AES][j]); count++)
-				AES_ige_encrypt(buf,buf2,
-					(unsigned long)lengths[j],&aes_ks2,
-					iv,AES_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_IGE_192_AES,j,count,d);
-			}
-		}
-	if (doit[D_IGE_256_AES])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_IGE_256_AES],c[D_IGE_256_AES][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_IGE_256_AES][j]); count++)
-				AES_ige_encrypt(buf,buf2,
-					(unsigned long)lengths[j],&aes_ks3,
-					iv,AES_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_IGE_256_AES,j,count,d);
-			}
-		}
-	if (doit[D_GHASH])
-		{
-		GCM128_CONTEXT *ctx = CRYPTO_gcm128_new(&aes_ks1,(block128_f)AES_encrypt);
-		CRYPTO_gcm128_setiv (ctx,(unsigned char *)"0123456789ab",12);
-
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_GHASH],c[D_GHASH][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_GHASH][j]); count++)
-				CRYPTO_gcm128_aad(ctx,buf,lengths[j]);
-			d=Time_F(STOP);
-			print_result(D_GHASH,j,count,d);
-			}
-		CRYPTO_gcm128_release(ctx);
-		}
-
-#endif
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-	if (doit[D_CBC_128_CML])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_128_CML],c[D_CBC_128_CML][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_128_CML][j]); count++)
-				Camellia_cbc_encrypt(buf,buf,
-				        (unsigned long)lengths[j],&camellia_ks1,
-				        iv,CAMELLIA_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_CBC_128_CML,j,count,d);
-			}
-		}
-	if (doit[D_CBC_192_CML])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_192_CML],c[D_CBC_192_CML][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_192_CML][j]); count++)
-				Camellia_cbc_encrypt(buf,buf,
-				        (unsigned long)lengths[j],&camellia_ks2,
-				        iv,CAMELLIA_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_CBC_192_CML,j,count,d);
-			}
-		}
-	if (doit[D_CBC_256_CML])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_256_CML],c[D_CBC_256_CML][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_256_CML][j]); count++)
-				Camellia_cbc_encrypt(buf,buf,
-				        (unsigned long)lengths[j],&camellia_ks3,
-				        iv,CAMELLIA_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_CBC_256_CML,j,count,d);
-			}
-		}
-
-#endif
-#ifndef OPENSSL_NO_IDEA
-	if (doit[D_CBC_IDEA])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
-				idea_cbc_encrypt(buf,buf,
-					(unsigned long)lengths[j],&idea_ks,
-					iv,IDEA_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_CBC_IDEA,j,count,d);
-			}
-		}
-#endif
-#ifndef OPENSSL_NO_SEED
-	if (doit[D_CBC_SEED])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_SEED],c[D_CBC_SEED][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_SEED][j]); count++)
-				SEED_cbc_encrypt(buf,buf,
-					(unsigned long)lengths[j],&seed_ks,iv,1);
-			d=Time_F(STOP);
-			print_result(D_CBC_SEED,j,count,d);
-			}
-		}
-#endif
-#ifndef OPENSSL_NO_RC2
-	if (doit[D_CBC_RC2])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
-				RC2_cbc_encrypt(buf,buf,
-					(unsigned long)lengths[j],&rc2_ks,
-					iv,RC2_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_CBC_RC2,j,count,d);
-			}
-		}
-#endif
-#ifndef OPENSSL_NO_RC5
-	if (doit[D_CBC_RC5])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
-				RC5_32_cbc_encrypt(buf,buf,
-					(unsigned long)lengths[j],&rc5_ks,
-					iv,RC5_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_CBC_RC5,j,count,d);
-			}
-		}
-#endif
-#ifndef OPENSSL_NO_BF
-	if (doit[D_CBC_BF])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
-				BF_cbc_encrypt(buf,buf,
-					(unsigned long)lengths[j],&bf_ks,
-					iv,BF_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_CBC_BF,j,count,d);
-			}
-		}
-#endif
-#ifndef OPENSSL_NO_CAST
-	if (doit[D_CBC_CAST])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
-			Time_F(START);
-			for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
-				CAST_cbc_encrypt(buf,buf,
-					(unsigned long)lengths[j],&cast_ks,
-					iv,CAST_ENCRYPT);
-			d=Time_F(STOP);
-			print_result(D_CBC_CAST,j,count,d);
-			}
-		}
-#endif
-
-	if (doit[D_EVP])
-		{
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			if (evp_cipher)
-				{
-				EVP_CIPHER_CTX ctx;
-				int outl;
-
-				names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
-				/* -O3 -fschedule-insns messes up an
-				 * optimization here!  names[D_EVP]
-				 * somehow becomes NULL */
-				print_message(names[D_EVP],save_count,
-					lengths[j]);
-
-				EVP_CIPHER_CTX_init(&ctx);
-				if(decrypt)
-					EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
-				else
-					EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
-				EVP_CIPHER_CTX_set_padding(&ctx, 0);
-
-				Time_F(START);
-				if(decrypt)
-					for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
-						EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
-				else
-					for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
-						EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
-				if(decrypt)
-					EVP_DecryptFinal_ex(&ctx,buf,&outl);
-				else
-					EVP_EncryptFinal_ex(&ctx,buf,&outl);
-				d=Time_F(STOP);
-				EVP_CIPHER_CTX_cleanup(&ctx);
-				}
-			if (evp_md)
-				{
-				names[D_EVP]=OBJ_nid2ln(evp_md->type);
-				print_message(names[D_EVP],save_count,
-					lengths[j]);
-
-				Time_F(START);
-				for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
-					EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL);
-
-				d=Time_F(STOP);
-				}
-			print_result(D_EVP,j,count,d);
-			}
-		}
-
-	RAND_pseudo_bytes(buf,36);
-#ifndef OPENSSL_NO_RSA
-	for (j=0; j<RSA_NUM; j++)
-		{
-		int ret;
-		if (!rsa_doit[j]) continue;
-		ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
-		if (ret == 0)
-			{
-			BIO_printf(bio_err,"RSA sign failure.  No RSA sign will be done.\n");
-			ERR_print_errors(bio_err);
-			rsa_count=1;
-			}
-		else
-			{
-			pkey_print_message("private","rsa",
-				rsa_c[j][0],rsa_bits[j],
-				RSA_SECONDS);
-/*			RSA_blinding_on(rsa_key[j],NULL); */
-			Time_F(START);
-			for (count=0,run=1; COND(rsa_c[j][0]); count++)
-				{
-				ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
-					&rsa_num, rsa_key[j]);
-				if (ret == 0)
-					{
-					BIO_printf(bio_err,
-						"RSA sign failure\n");
-					ERR_print_errors(bio_err);
-					count=1;
-					break;
-					}
-				}
-			d=Time_F(STOP);
-			BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
-				   : "%ld %d bit private RSA's in %.2fs\n",
-				   count,rsa_bits[j],d);
-			rsa_results[j][0]=d/(double)count;
-			rsa_count=count;
-			}
-
-#if 1
-		ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
-		if (ret <= 0)
-			{
-			BIO_printf(bio_err,"RSA verify failure.  No RSA verify will be done.\n");
-			ERR_print_errors(bio_err);
-			rsa_doit[j] = 0;
-			}
-		else
-			{
-			pkey_print_message("public","rsa",
-				rsa_c[j][1],rsa_bits[j],
-				RSA_SECONDS);
-			Time_F(START);
-			for (count=0,run=1; COND(rsa_c[j][1]); count++)
-				{
-				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
-					rsa_num, rsa_key[j]);
-				if (ret <= 0)
-					{
-					BIO_printf(bio_err,
-						"RSA verify failure\n");
-					ERR_print_errors(bio_err);
-					count=1;
-					break;
-					}
-				}
-			d=Time_F(STOP);
-			BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
-				   : "%ld %d bit public RSA's in %.2fs\n",
-				   count,rsa_bits[j],d);
-			rsa_results[j][1]=d/(double)count;
-			}
-#endif
-
-		if (rsa_count <= 1)
-			{
-			/* if longer than 10s, don't do any more */
-			for (j++; j<RSA_NUM; j++)
-				rsa_doit[j]=0;
-			}
-		}
-#endif
-
-	RAND_pseudo_bytes(buf,20);
-#ifndef OPENSSL_NO_DSA
-	if (RAND_status() != 1)
-		{
-		RAND_seed(rnd_seed, sizeof rnd_seed);
-		rnd_fake = 1;
-		}
-	for (j=0; j<DSA_NUM; j++)
-		{
-		unsigned int kk;
-		int ret;
-
-		if (!dsa_doit[j]) continue;
-/*		DSA_generate_key(dsa_key[j]); */
-/*		DSA_sign_setup(dsa_key[j],NULL); */
-		ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
-			&kk,dsa_key[j]);
-		if (ret == 0)
-			{
-			BIO_printf(bio_err,"DSA sign failure.  No DSA sign will be done.\n");
-			ERR_print_errors(bio_err);
-			rsa_count=1;
-			}
-		else
-			{
-			pkey_print_message("sign","dsa",
-				dsa_c[j][0],dsa_bits[j],
-				DSA_SECONDS);
-			Time_F(START);
-			for (count=0,run=1; COND(dsa_c[j][0]); count++)
-				{
-				ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
-					&kk,dsa_key[j]);
-				if (ret == 0)
-					{
-					BIO_printf(bio_err,
-						"DSA sign failure\n");
-					ERR_print_errors(bio_err);
-					count=1;
-					break;
-					}
-				}
-			d=Time_F(STOP);
-			BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
-				   : "%ld %d bit DSA signs in %.2fs\n",
-				   count,dsa_bits[j],d);
-			dsa_results[j][0]=d/(double)count;
-			rsa_count=count;
-			}
-
-		ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
-			kk,dsa_key[j]);
-		if (ret <= 0)
-			{
-			BIO_printf(bio_err,"DSA verify failure.  No DSA verify will be done.\n");
-			ERR_print_errors(bio_err);
-			dsa_doit[j] = 0;
-			}
-		else
-			{
-			pkey_print_message("verify","dsa",
-				dsa_c[j][1],dsa_bits[j],
-				DSA_SECONDS);
-			Time_F(START);
-			for (count=0,run=1; COND(dsa_c[j][1]); count++)
-				{
-				ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
-					kk,dsa_key[j]);
-				if (ret <= 0)
-					{
-					BIO_printf(bio_err,
-						"DSA verify failure\n");
-					ERR_print_errors(bio_err);
-					count=1;
-					break;
-					}
-				}
-			d=Time_F(STOP);
-			BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
-				   : "%ld %d bit DSA verify in %.2fs\n",
-				   count,dsa_bits[j],d);
-			dsa_results[j][1]=d/(double)count;
-			}
-
-		if (rsa_count <= 1)
-			{
-			/* if longer than 10s, don't do any more */
-			for (j++; j<DSA_NUM; j++)
-				dsa_doit[j]=0;
-			}
-		}
-	if (rnd_fake) RAND_cleanup();
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-	if (RAND_status() != 1) 
-		{
-		RAND_seed(rnd_seed, sizeof rnd_seed);
-		rnd_fake = 1;
-		}
-	for (j=0; j<EC_NUM; j++) 
-		{
-		int ret;
-
-		if (!ecdsa_doit[j]) continue; /* Ignore Curve */ 
-		ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
-		if (ecdsa[j] == NULL) 
-			{
-			BIO_printf(bio_err,"ECDSA failure.\n");
-			ERR_print_errors(bio_err);
-			rsa_count=1;
-			} 
-		else 
-			{
-#if 1
-			EC_KEY_precompute_mult(ecdsa[j], NULL);
-#endif
-			/* Perform ECDSA signature test */
-			EC_KEY_generate_key(ecdsa[j]);
-			ret = ECDSA_sign(0, buf, 20, ecdsasig, 
-				&ecdsasiglen, ecdsa[j]);
-			if (ret == 0) 
-				{
-				BIO_printf(bio_err,"ECDSA sign failure.  No ECDSA sign will be done.\n");
-				ERR_print_errors(bio_err);
-				rsa_count=1;
-				} 
-			else 
-				{
-				pkey_print_message("sign","ecdsa",
-					ecdsa_c[j][0], 
-					test_curves_bits[j],
-					ECDSA_SECONDS);
-
-				Time_F(START);
-				for (count=0,run=1; COND(ecdsa_c[j][0]);
-					count++) 
-					{
-					ret=ECDSA_sign(0, buf, 20, 
-						ecdsasig, &ecdsasiglen,
-						ecdsa[j]);
-					if (ret == 0) 
-						{
-						BIO_printf(bio_err, "ECDSA sign failure\n");
-						ERR_print_errors(bio_err);
-						count=1;
-						break;
-						}
-					}
-				d=Time_F(STOP);
-
-				BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
-					"%ld %d bit ECDSA signs in %.2fs \n", 
-					count, test_curves_bits[j], d);
-				ecdsa_results[j][0]=d/(double)count;
-				rsa_count=count;
-				}
-
-			/* Perform ECDSA verification test */
-			ret=ECDSA_verify(0, buf, 20, ecdsasig, 
-				ecdsasiglen, ecdsa[j]);
-			if (ret != 1) 
-				{
-				BIO_printf(bio_err,"ECDSA verify failure.  No ECDSA verify will be done.\n");
-				ERR_print_errors(bio_err);
-				ecdsa_doit[j] = 0;
-				} 
-			else 
-				{
-				pkey_print_message("verify","ecdsa",
-				ecdsa_c[j][1],
-				test_curves_bits[j],
-				ECDSA_SECONDS);
-				Time_F(START);
-				for (count=0,run=1; COND(ecdsa_c[j][1]); count++) 
-					{
-					ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
-					if (ret != 1) 
-						{
-						BIO_printf(bio_err, "ECDSA verify failure\n");
-						ERR_print_errors(bio_err);
-						count=1;
-						break;
-						}
-					}
-				d=Time_F(STOP);
-				BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
-						: "%ld %d bit ECDSA verify in %.2fs\n",
-				count, test_curves_bits[j], d);
-				ecdsa_results[j][1]=d/(double)count;
-				}
-
-			if (rsa_count <= 1) 
-				{
-				/* if longer than 10s, don't do any more */
-				for (j++; j<EC_NUM; j++)
-				ecdsa_doit[j]=0;
-				}
-			}
-		}
-	if (rnd_fake) RAND_cleanup();
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-	if (RAND_status() != 1)
-		{
-		RAND_seed(rnd_seed, sizeof rnd_seed);
-		rnd_fake = 1;
-		}
-	for (j=0; j<EC_NUM; j++)
-		{
-		if (!ecdh_doit[j]) continue;
-		ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
-		ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
-		if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
-			{
-			BIO_printf(bio_err,"ECDH failure.\n");
-			ERR_print_errors(bio_err);
-			rsa_count=1;
-			}
-		else
-			{
-			/* generate two ECDH key pairs */
-			if (!EC_KEY_generate_key(ecdh_a[j]) ||
-				!EC_KEY_generate_key(ecdh_b[j]))
-				{
-				BIO_printf(bio_err,"ECDH key generation failure.\n");
-				ERR_print_errors(bio_err);
-				rsa_count=1;		
-				}
-			else
-				{
-				/* If field size is not more than 24 octets, then use SHA-1 hash of result;
-				 * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
-				 */
-				int field_size, outlen;
-				void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);
-				field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
-				if (field_size <= 24 * 8)
-					{
-					outlen = KDF1_SHA1_len;
-					kdf = KDF1_SHA1;
-					}
-				else
-					{
-					outlen = (field_size+7)/8;
-					kdf = NULL;
-					}
-				secret_size_a = ECDH_compute_key(secret_a, outlen,
-					EC_KEY_get0_public_key(ecdh_b[j]),
-					ecdh_a[j], kdf);
-				secret_size_b = ECDH_compute_key(secret_b, outlen,
-					EC_KEY_get0_public_key(ecdh_a[j]),
-					ecdh_b[j], kdf);
-				if (secret_size_a != secret_size_b) 
-					ecdh_checks = 0;
-				else
-					ecdh_checks = 1;
-
-				for (secret_idx = 0; 
-				    (secret_idx < secret_size_a)
-					&& (ecdh_checks == 1);
-				    secret_idx++)
-					{
-					if (secret_a[secret_idx] != secret_b[secret_idx])
-					ecdh_checks = 0;
-					}
-
-				if (ecdh_checks == 0)
-					{
-					BIO_printf(bio_err,"ECDH computations don't match.\n");
-					ERR_print_errors(bio_err);
-					rsa_count=1;		
-					}
-
-				pkey_print_message("","ecdh",
-				ecdh_c[j][0], 
-				test_curves_bits[j],
-				ECDH_SECONDS);
-				Time_F(START);
-				for (count=0,run=1; COND(ecdh_c[j][0]); count++)
-					{
-					ECDH_compute_key(secret_a, outlen,
-					EC_KEY_get0_public_key(ecdh_b[j]),
-					ecdh_a[j], kdf);
-					}
-				d=Time_F(STOP);
-				BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
-				count, test_curves_bits[j], d);
-				ecdh_results[j][0]=d/(double)count;
-				rsa_count=count;
-				}
-			}
-
-
-		if (rsa_count <= 1)
-			{
-			/* if longer than 10s, don't do any more */
-			for (j++; j<EC_NUM; j++)
-			ecdh_doit[j]=0;
-			}
-		}
-	if (rnd_fake) RAND_cleanup();
-#endif
-#ifndef NO_FORK
-show_res:
-#endif
-	if(!mr)
-		{
-		fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
-        fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
-		printf("options:");
-		printf("%s ",BN_options());
-#ifndef OPENSSL_NO_MD2
-		printf("%s ",MD2_options());
-#endif
-#ifndef OPENSSL_NO_RC4
-		printf("%s ",RC4_options());
-#endif
-#ifndef OPENSSL_NO_DES
-		printf("%s ",DES_options());
-#endif
-#ifndef OPENSSL_NO_AES
-		printf("%s ",AES_options());
-#endif
-#ifndef OPENSSL_NO_IDEA
-		printf("%s ",idea_options());
-#endif
-#ifndef OPENSSL_NO_BF
-		printf("%s ",BF_options());
-#endif
-		fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
-		}
-
-	if (pr_header)
-		{
-		if(mr)
-			fprintf(stdout,"+H");
-		else
-			{
-			fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n"); 
-			fprintf(stdout,"type        ");
-			}
-		for (j=0;  j<SIZE_NUM; j++)
-			fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
-		fprintf(stdout,"\n");
-		}
-
-	for (k=0; k<ALGOR_NUM; k++)
-		{
-		if (!doit[k]) continue;
-		if(mr)
-			fprintf(stdout,"+F:%d:%s",k,names[k]);
-		else
-			fprintf(stdout,"%-13s",names[k]);
-		for (j=0; j<SIZE_NUM; j++)
-			{
-			if (results[k][j] > 10000 && !mr)
-				fprintf(stdout," %11.2fk",results[k][j]/1e3);
-			else
-				fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
-			}
-		fprintf(stdout,"\n");
-		}
-#ifndef OPENSSL_NO_RSA
-	j=1;
-	for (k=0; k<RSA_NUM; k++)
-		{
-		if (!rsa_doit[k]) continue;
-		if (j && !mr)
-			{
-			printf("%18ssign    verify    sign/s verify/s\n"," ");
-			j=0;
-			}
-		if(mr)
-			fprintf(stdout,"+F2:%u:%u:%f:%f\n",
-				k,rsa_bits[k],rsa_results[k][0],
-				rsa_results[k][1]);
-		else
-			fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
-				rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
-				1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
-		}
-#endif
-#ifndef OPENSSL_NO_DSA
-	j=1;
-	for (k=0; k<DSA_NUM; k++)
-		{
-		if (!dsa_doit[k]) continue;
-		if (j && !mr)
-			{
-			printf("%18ssign    verify    sign/s verify/s\n"," ");
-			j=0;
-			}
-		if(mr)
-			fprintf(stdout,"+F3:%u:%u:%f:%f\n",
-				k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
-		else
-			fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
-				dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
-				1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
-		}
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	j=1;
-	for (k=0; k<EC_NUM; k++)
-		{
-		if (!ecdsa_doit[k]) continue;
-		if (j && !mr)
-			{
-			printf("%30ssign    verify    sign/s verify/s\n"," ");
-			j=0;
-			}
-
-		if (mr)
-			fprintf(stdout,"+F4:%u:%u:%f:%f\n", 
-				k, test_curves_bits[k],
-				ecdsa_results[k][0],ecdsa_results[k][1]);
-		else
-			fprintf(stdout,
-				"%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", 
-				test_curves_bits[k],
-				test_curves_names[k],
-				ecdsa_results[k][0],ecdsa_results[k][1], 
-				1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]);
-		}
-#endif
-
-
-#ifndef OPENSSL_NO_ECDH
-	j=1;
-	for (k=0; k<EC_NUM; k++)
-		{
-		if (!ecdh_doit[k]) continue;
-		if (j && !mr)
-			{
-			printf("%30sop      op/s\n"," ");
-			j=0;
-			}
-		if (mr)
-			fprintf(stdout,"+F5:%u:%u:%f:%f\n",
-				k, test_curves_bits[k],
-				ecdh_results[k][0], 1.0/ecdh_results[k][0]);
-
-		else
-			fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n",
-				test_curves_bits[k],
-				test_curves_names[k],
-				ecdh_results[k][0], 1.0/ecdh_results[k][0]);
-		}
-#endif
-
-	mret=0;
-
-end:
-	ERR_print_errors(bio_err);
-	if (buf != NULL) OPENSSL_free(buf);
-	if (buf2 != NULL) OPENSSL_free(buf2);
-#ifndef OPENSSL_NO_RSA
-	for (i=0; i<RSA_NUM; i++)
-		if (rsa_key[i] != NULL)
-			RSA_free(rsa_key[i]);
-#endif
-#ifndef OPENSSL_NO_DSA
-	for (i=0; i<DSA_NUM; i++)
-		if (dsa_key[i] != NULL)
-			DSA_free(dsa_key[i]);
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-	for (i=0; i<EC_NUM; i++)
-		if (ecdsa[i] != NULL)
-			EC_KEY_free(ecdsa[i]);
-#endif
-#ifndef OPENSSL_NO_ECDH
-	for (i=0; i<EC_NUM; i++)
-	{
-		if (ecdh_a[i] != NULL)
-			EC_KEY_free(ecdh_a[i]);
-		if (ecdh_b[i] != NULL)
-			EC_KEY_free(ecdh_b[i]);
-	}
-#endif
-
-	apps_shutdown();
-	OPENSSL_EXIT(mret);
-	}
-
-static void print_message(const char *s, long num, int length)
-	{
-#ifdef SIGALRM
-	BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n"
-		   : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
-	(void)BIO_flush(bio_err);
-	alarm(SECONDS);
-#else
-	BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n"
-		   : "Doing %s %ld times on %d size blocks: ",s,num,length);
-	(void)BIO_flush(bio_err);
-#endif
-#ifdef LINT
-	num=num;
-#endif
-	}
-
-static void pkey_print_message(const char *str, const char *str2, long num,
-	int bits, int tm)
-	{
-#ifdef SIGALRM
-	BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"
-			   : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
-	(void)BIO_flush(bio_err);
-	alarm(tm);
-#else
-	BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n"
-			   : "Doing %ld %d bit %s %s's: ",num,bits,str,str2);
-	(void)BIO_flush(bio_err);
-#endif
-#ifdef LINT
-	num=num;
-#endif
-	}
-
-static void print_result(int alg,int run_no,int count,double time_used)
-	{
-	BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"
-		   : "%d %s's in %.2fs\n",count,names[alg],time_used);
-	results[alg][run_no]=((double)count)/time_used*lengths[run_no];
-	}
-
-#ifndef NO_FORK
-static char *sstrsep(char **string, const char *delim)
-    {
-    char isdelim[256];
-    char *token = *string;
-
-    if (**string == 0)
-        return NULL;
-
-    memset(isdelim, 0, sizeof isdelim);
-    isdelim[0] = 1;
-
-    while (*delim)
-        {
-        isdelim[(unsigned char)(*delim)] = 1;
-        delim++;
-        }
-
-    while (!isdelim[(unsigned char)(**string)])
-        {
-        (*string)++;
-        }
-
-    if (**string)
-        {
-        **string = 0;
-        (*string)++;
-        }
-
-    return token;
-    }
-
-static int do_multi(int multi)
-	{
-	int n;
-	int fd[2];
-	int *fds;
-	static char sep[]=":";
-
-	fds=malloc(multi*sizeof *fds);
-	for(n=0 ; n < multi ; ++n)
-		{
-		if (pipe(fd) == -1)
-			{
-			fprintf(stderr, "pipe failure\n");
-			exit(1);
-			}
-		fflush(stdout);
-		fflush(stderr);
-		if(fork())
-			{
-			close(fd[1]);
-			fds[n]=fd[0];
-			}
-		else
-			{
-			close(fd[0]);
-			close(1);
-			if (dup(fd[1]) == -1)
-				{
-				fprintf(stderr, "dup failed\n");
-				exit(1);
-				}
-			close(fd[1]);
-			mr=1;
-			usertime=0;
-			free(fds);
-			return 0;
-			}
-		printf("Forked child %d\n",n);
-		}
-
-	/* for now, assume the pipe is long enough to take all the output */
-	for(n=0 ; n < multi ; ++n)
-		{
-		FILE *f;
-		char buf[1024];
-		char *p;
-
-		f=fdopen(fds[n],"r");
-		while(fgets(buf,sizeof buf,f))
-			{
-			p=strchr(buf,'\n');
-			if(p)
-				*p='\0';
-			if(buf[0] != '+')
-				{
-				fprintf(stderr,"Don't understand line '%s' from child %d\n",
-						buf,n);
-				continue;
-				}
-			printf("Got: %s from %d\n",buf,n);
-			if(!strncmp(buf,"+F:",3))
-				{
-				int alg;
-				int j;
-
-				p=buf+3;
-				alg=atoi(sstrsep(&p,sep));
-				sstrsep(&p,sep);
-				for(j=0 ; j < SIZE_NUM ; ++j)
-					results[alg][j]+=atof(sstrsep(&p,sep));
-				}
-			else if(!strncmp(buf,"+F2:",4))
-				{
-				int k;
-				double d;
-				
-				p=buf+4;
-				k=atoi(sstrsep(&p,sep));
-				sstrsep(&p,sep);
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
-				else
-					rsa_results[k][0]=d;
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
-				else
-					rsa_results[k][1]=d;
-				}
-#ifndef OPENSSL_NO_DSA
-			else if(!strncmp(buf,"+F3:",4))
-				{
-				int k;
-				double d;
-				
-				p=buf+4;
-				k=atoi(sstrsep(&p,sep));
-				sstrsep(&p,sep);
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
-				else
-					dsa_results[k][0]=d;
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
-				else
-					dsa_results[k][1]=d;
-				}
-#endif
-#ifndef OPENSSL_NO_ECDSA
-			else if(!strncmp(buf,"+F4:",4))
-				{
-				int k;
-				double d;
-				
-				p=buf+4;
-				k=atoi(sstrsep(&p,sep));
-				sstrsep(&p,sep);
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d);
-				else
-					ecdsa_results[k][0]=d;
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d);
-				else
-					ecdsa_results[k][1]=d;
-				}
-#endif 
-
-#ifndef OPENSSL_NO_ECDH
-			else if(!strncmp(buf,"+F5:",4))
-				{
-				int k;
-				double d;
-				
-				p=buf+4;
-				k=atoi(sstrsep(&p,sep));
-				sstrsep(&p,sep);
-
-				d=atof(sstrsep(&p,sep));
-				if(n)
-					ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d);
-				else
-					ecdh_results[k][0]=d;
-
-				}
-#endif
-
-			else if(!strncmp(buf,"+H:",3))
-				{
-				}
-			else
-				fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n);
-			}
-
-		fclose(f);
-		}
-	free(fds);
-	return 1;
-	}
-#endif
-#endif
diff --git a/apps/spkac.c b/apps/spkac.c
deleted file mode 100644
index 0e01ea9947..0000000000
--- a/apps/spkac.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/* apps/spkac.c */
-
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999. Based on an original idea by Massimiliano Pala
- * (madwolf@openca.org).
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/lhash.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	spkac_main
-
-/* -in arg	- input file - default stdin
- * -out arg	- output file - default stdout
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	int i,badops=0, ret = 1;
-	BIO *in = NULL,*out = NULL;
-	int verify=0,noout=0,pubkey=0;
-	char *infile = NULL,*outfile = NULL,*prog;
-	char *passargin = NULL, *passin = NULL;
-	const char *spkac = "SPKAC", *spksect = "default";
-	char *spkstr = NULL;
-	char *challenge = NULL, *keyfile = NULL;
-	CONF *conf = NULL;
-	NETSCAPE_SPKI *spki = NULL;
-	EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-
-	apps_startup();
-
-	if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-challenge") == 0)
-			{
-			if (--argc < 1) goto bad;
-			challenge= *(++argv);
-			}
-		else if (strcmp(*argv,"-spkac") == 0)
-			{
-			if (--argc < 1) goto bad;
-			spkac= *(++argv);
-			}
-		else if (strcmp(*argv,"-spksect") == 0)
-			{
-			if (--argc < 1) goto bad;
-			spksect= *(++argv);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-noout") == 0)
-			noout=1;
-		else if (strcmp(*argv,"-pubkey") == 0)
-			pubkey=1;
-		else if (strcmp(*argv,"-verify") == 0)
-			verify=1;
-		else badops = 1;
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err,"%s [options]\n",prog);
-		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -in arg        input file\n");
-		BIO_printf(bio_err," -out arg       output file\n");
-		BIO_printf(bio_err," -key arg       create SPKAC using private key\n");
-		BIO_printf(bio_err," -passin arg    input file pass phrase source\n");
-		BIO_printf(bio_err," -challenge arg challenge string\n");
-		BIO_printf(bio_err," -spkac arg     alternative SPKAC name\n");
-		BIO_printf(bio_err," -noout         don't print SPKAC\n");
-		BIO_printf(bio_err," -pubkey        output public key\n");
-		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
-#endif
-		goto end;
-		}
-
-	ERR_load_crypto_strings();
-	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-	}
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
-	if(keyfile) {
-		pkey = load_key(bio_err,
-				strcmp(keyfile, "-") ? keyfile : NULL,
-				FORMAT_PEM, 1, passin, e, "private key");
-		if(!pkey) {
-			goto end;
-		}
-		spki = NETSCAPE_SPKI_new();
-		if(challenge) ASN1_STRING_set(spki->spkac->challenge,
-						 challenge, (int)strlen(challenge));
-		NETSCAPE_SPKI_set_pubkey(spki, pkey);
-		NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
-		spkstr = NETSCAPE_SPKI_b64_encode(spki);
-
-		if (outfile) out = BIO_new_file(outfile, "w");
-		else {
-			out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-			{
-			    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			    out = BIO_push(tmpbio, out);
-			}
-#endif
-		}
-
-		if(!out) {
-			BIO_printf(bio_err, "Error opening output file\n");
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-		BIO_printf(out, "SPKAC=%s\n", spkstr);
-		OPENSSL_free(spkstr);
-		ret = 0;
-		goto end;
-	}
-
-	
-
-	if (infile) in = BIO_new_file(infile, "r");
-	else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
-	if(!in) {
-		BIO_printf(bio_err, "Error opening input file\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	conf = NCONF_new(NULL);
-	i = NCONF_load_bio(conf, in, NULL);
-
-	if(!i) {
-		BIO_printf(bio_err, "Error parsing config file\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	spkstr = NCONF_get_string(conf, spksect, spkac);
-		
-	if(!spkstr) {
-		BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
-	
-	if(!spki) {
-		BIO_printf(bio_err, "Error loading SPKAC\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	if (outfile) out = BIO_new_file(outfile, "w");
-	else {
-		out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-		{
-		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-		    out = BIO_push(tmpbio, out);
-		}
-#endif
-	}
-
-	if(!out) {
-		BIO_printf(bio_err, "Error opening output file\n");
-		ERR_print_errors(bio_err);
-		goto end;
-	}
-
-	if(!noout) NETSCAPE_SPKI_print(out, spki);
-	pkey = NETSCAPE_SPKI_get_pubkey(spki);
-	if(verify) {
-		i = NETSCAPE_SPKI_verify(spki, pkey);
-		if (i > 0) BIO_printf(bio_err, "Signature OK\n");
-		else {
-			BIO_printf(bio_err, "Signature Failure\n");
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	}
-	if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
-
-	ret = 0;
-
-end:
-	NCONF_free(conf);
-	NETSCAPE_SPKI_free(spki);
-	BIO_free(in);
-	BIO_free_all(out);
-	EVP_PKEY_free(pkey);
-	if(passin) OPENSSL_free(passin);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
diff --git a/apps/srp.c b/apps/srp.c
deleted file mode 100644
index 9c7ae184db..0000000000
--- a/apps/srp.c
+++ /dev/null
@@ -1,756 +0,0 @@
-/* apps/srp.c */
-/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)  
- * for the EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_NO_SRP
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/conf.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/txt_db.h>
-#include <openssl/buffer.h>
-#include <openssl/srp.h>
-
-#include "apps.h"
-
-#undef PROG
-#define PROG srp_main
-
-#define BASE_SECTION	"srp"
-#define CONFIG_FILE "openssl.cnf"
-
-#define ENV_RANDFILE		"RANDFILE"
-
-#define ENV_DATABASE		"srpvfile"
-#define ENV_DEFAULT_SRP		"default_srp"
-
-static char *srp_usage[]={
-"usage: srp [args] [user] \n",
-"\n",
-" -verbose        Talk alot while doing things\n",
-" -config file    A config file\n",
-" -name arg       The particular srp definition to use\n",
-" -srpvfile arg   The srp verifier file name\n",
-" -add            add an user and srp verifier\n",
-" -modify         modify the srp verifier of an existing user\n",
-" -delete         delete user from verifier file\n",
-" -list           list user\n",
-" -gn arg         g and N values to be used for new verifier\n",
-" -userinfo arg   additional info to be set for user\n",
-" -passin arg     input file pass phrase source\n",
-" -passout arg    output file pass phrase source\n",
-#ifndef OPENSSL_NO_ENGINE
-" -engine e         - use engine e, possibly a hardware device.\n",
-#endif
-NULL
-};
-
-#ifdef EFENCE
-extern int EF_PROTECT_FREE;
-extern int EF_PROTECT_BELOW;
-extern int EF_ALIGNMENT;
-#endif
-
-static CONF *conf=NULL;
-static char *section=NULL;
-
-#define VERBOSE if (verbose) 
-#define VVERBOSE if (verbose>1) 
-
-
-int MAIN(int, char **);
-
-static int get_index(CA_DB *db, char* id, char type)
-	{
-	char ** pp;
-	int i;
-	if (id == NULL) return -1;
-	if (type == DB_SRP_INDEX) 
-	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
-		{
-		pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
-		if (pp[DB_srptype][0] == DB_SRP_INDEX  && !strcmp(id,pp[DB_srpid])) 
-			return i;
-		}
-	else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
-		{
-		pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
-
-		if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) 
-			return i;
-		}
-
-	return -1 ; 
-	}
-
-static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
-	{
-	if (indx >= 0 && verbose)
-		{
-		int j;
-		char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
-		BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
-		for (j = 0; j < DB_NUMBER; j++)
-			{
-			BIO_printf(bio_err,"  %d = \"%s\"\n", j, pp[j]);
-			}
-		}
-	}
-
-static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose)
-	{
-	print_entry(db, bio, indexindex, verbose, "g N entry") ;
-	}
-
-static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
-	{
-	if (verbose > 0)
-		{
-		char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
-
-		if (pp[DB_srptype][0] != 'I')
-			{
-			print_entry(db, bio, userindex, verbose, "User entry");
-			print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, "g N entry");
-			}
-
-		}
-	}
-
-static int update_index(CA_DB *db, BIO *bio, char **row)
-	{
-	char ** irow;
-	int i;
-
-	if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
-		{
-		BIO_printf(bio_err,"Memory allocation failure\n");
-		return 0;
-		}
-
-	for (i=0; i<DB_NUMBER; i++)
-		{
-		irow[i]=row[i];
-		row[i]=NULL;
-		}
-	irow[DB_NUMBER]=NULL;
-
-	if (!TXT_DB_insert(db->db,irow))
-		{
-		BIO_printf(bio,"failed to update srpvfile\n");
-		BIO_printf(bio,"TXT_DB error number %ld\n",db->db->error);
-		OPENSSL_free(irow);
-		return 0;
-		}
-	return 1;
-	}
-
-static void lookup_fail(const char *name, char *tag)
-	{
-	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
-	}
-
-
-static char *srp_verify_user(const char *user, const char *srp_verifier,
-			     char *srp_usersalt, const char *g, const char *N,
-			     const char *passin, BIO *bio, int verbose)
-	{
-	char password[1024];
-	PW_CB_DATA cb_tmp;
-	char *verifier = NULL;
-	char *gNid = NULL;
-
-	cb_tmp.prompt_info = user;
-	cb_tmp.password = passin;
-
- 	if (password_callback(password, 1024, 0, &cb_tmp) >0)
-		{
-		VERBOSE BIO_printf(bio,"Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt, g, N);
-		BIO_printf(bio, "Pass %s\n", password);
-
-		if (!(gNid=SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g)))
-			{
-			BIO_printf(bio, "Internal error validating SRP verifier\n");
-			}
-		else
-			{
-			if (strcmp(verifier, srp_verifier))
-				gNid = NULL;
-			OPENSSL_free(verifier);
-			}
-		}
-	return gNid;
-	}
-
-static char *srp_create_user(char *user, char **srp_verifier,
-			     char **srp_usersalt, char *g, char *N,
-			     char *passout, BIO *bio, int verbose)
-	{
- 	char password[1024];
-        PW_CB_DATA cb_tmp;
-	char *gNid = NULL;
-	char *salt = NULL;
-        cb_tmp.prompt_info = user;
-        cb_tmp.password = passout;
-
-	if (password_callback(password,1024,1,&cb_tmp) >0)
-		{
-		VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N);
-		if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g)))
-			{
-			BIO_printf(bio,"Internal error creating SRP verifier\n");
-			}
-		else 
-			*srp_usersalt = salt;
-		VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier);
-
-		}
-	return gNid;
-	}
-
-int MAIN(int argc, char **argv)
-	{
-	int add_user = 0;
-	int list_user= 0;
-	int delete_user= 0;
-	int modify_user= 0;
-	char * user = NULL;
-
-	char *passargin = NULL, *passargout = NULL;
-	char *passin = NULL, *passout = NULL;
-        char * gN = NULL;
-	int gNindex = -1;
-	char ** gNrow = NULL;
-	int maxgN = -1;
-
-	char * userinfo = NULL;
-
-	int badops=0;
-	int ret=1;
-	int errors=0;
-	int verbose=0;
-	int doupdatedb=0;
-	char *configfile=NULL;
-	char *dbfile=NULL;
-	CA_DB *db=NULL;
-	char **pp ;
-	int i;
-	long errorline = -1;
-	char *randfile=NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine = NULL;
-#endif
-	char *tofree=NULL;
-	DB_ATTR db_attr;
-
-#ifdef EFENCE
-EF_PROTECT_FREE=1;
-EF_PROTECT_BELOW=1;
-EF_ALIGNMENT=0;
-#endif
-
-	apps_startup();
-
-	conf = NULL;
-	section = NULL;
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	argc--;
-	argv++;
-	while (argc >= 1 && badops == 0)
-		{
-		if	(strcmp(*argv,"-verbose") == 0)
-			verbose++;
-		else if	(strcmp(*argv,"-config") == 0)
-			{
-			if (--argc < 1) goto bad;
-			configfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-name") == 0)
-			{
-			if (--argc < 1) goto bad;
-			section= *(++argv);
-			}
-		else if	(strcmp(*argv,"-srpvfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			dbfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-add") == 0)
-			add_user=1;
-		else if (strcmp(*argv,"-delete") == 0)
-			delete_user=1;
-		else if (strcmp(*argv,"-modify") == 0)
-			modify_user=1;
-		else if (strcmp(*argv,"-list") == 0)
-			list_user=1;
-		else if (strcmp(*argv,"-gn") == 0)
-			{
-			if (--argc < 1) goto bad;
-			gN= *(++argv);
-			}
-		else if (strcmp(*argv,"-userinfo") == 0)
-			{
-			if (--argc < 1) goto bad;
-			userinfo= *(++argv);
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-passout") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargout= *(++argv);
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-
-		else if (**argv == '-')
-			{
-bad:
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		else 
-			break;
-	
-		argc--;
-		argv++;
-		}
-
-	if (dbfile && configfile)
-		{
-		BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n");
-		badops = 1;
-		}
-	if (add_user+delete_user+modify_user+list_user != 1)
-		{
-		BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
-		badops = 1;
-		}
-	if (delete_user+modify_user+delete_user== 1 && argc <= 0)
-		{
-		BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n");
-		badops = 1;
-		}
-	if ((passin || passout) && argc != 1 )
-		{
-		BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n");
-		badops = 1;
-		}
-
-	if (badops)
-		{
-		for (pp=srp_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
-
-		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,"                 the random number generator\n");
-		goto err;
-		}
-
-	ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
-	setup_engine(bio_err, engine, 0);
-#endif
-
-	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
-		{
-		BIO_printf(bio_err, "Error getting passwords\n");
-		goto err;
-		}
-
-        if (!dbfile)
-		{
-
-
-	/*****************************************************************/
-		tofree=NULL;
-		if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
-		if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
-		if (configfile == NULL)
-			{
-			const char *s=X509_get_default_cert_area();
-			size_t len;
-
-#ifdef OPENSSL_SYS_VMS
-			len = strlen(s)+sizeof(CONFIG_FILE);
-			tofree=OPENSSL_malloc(len);
-			strcpy(tofree,s);
-#else
-			len = strlen(s)+sizeof(CONFIG_FILE)+1;
-			tofree=OPENSSL_malloc(len);
-			BUF_strlcpy(tofree,s,len);
-			BUF_strlcat(tofree,"/",len);
-#endif
-			BUF_strlcat(tofree,CONFIG_FILE,len);
-			configfile=tofree;
-			}
-
-		VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile);
-		conf = NCONF_new(NULL);
-		if (NCONF_load(conf,configfile,&errorline) <= 0)
-			{
-			if (errorline <= 0)
-				BIO_printf(bio_err,"error loading the config file '%s'\n",
-					configfile);
-			else
-				BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
-					,errorline,configfile);
-			goto err;
-			}
-		if(tofree)
-			{
-			OPENSSL_free(tofree);
-			tofree = NULL;
-			}
-
-		if (!load_config(bio_err, conf))
-			goto err;
-
-	/* Lets get the config section we are using */
-		if (section == NULL)
-			{
-			VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");
-
-			section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP);
-			if (section == NULL)
-				{
-				lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP);
-				goto err;
-				}
-			}
-         
-		if (randfile == NULL && conf)
-	        	randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
-
-	
-		VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section);
-
-		if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
-			{
-			lookup_fail(section,ENV_DATABASE);
-			goto err;
-			}
-
-        	}
-	if (randfile == NULL)
-		ERR_clear_error();
-       	else 
-		app_RAND_load_file(randfile, bio_err, 0);
-
-	VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile);
-
-	db = load_index(dbfile, &db_attr);
-	if (db == NULL) goto err;
-
-	/* Lets check some fields */
-	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
-		{
-		pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
-	
-		if (pp[DB_srptype][0] == DB_SRP_INDEX)
-			{
-			maxgN = i;
-			if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
-				gNindex = i;
-
-			print_index(db, bio_err, i, verbose > 1);
-			}
-		}
-	
-	VERBOSE BIO_printf(bio_err, "Database initialised\n");
-
-	if (gNindex >= 0)
-		{
-		gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
-		print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
-		}
-	else if (maxgN > 0 && !SRP_get_default_gN(gN))
-		{
-		BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
-		goto err;
-		}
-	else
-		{
-		VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
-		gNrow = NULL;
-		}
-	
-
-	VVERBOSE BIO_printf(bio_err,"Starting user processing\n");
-
-	if (argc > 0)
-		user = *(argv++) ;
-
-	while (list_user || user)
-		{
-		int userindex = -1;
-		if (user) 
-			VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
-		if ((userindex = get_index(db, user, 'U')) >= 0)
-			{
-			print_user(db, bio_err, userindex, (verbose > 0) || list_user);
-			}
-		
-		if (list_user)
-			{
-			if (user == NULL)
-				{
-				BIO_printf(bio_err,"List all users\n");
-
-				for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
-					{
-					print_user(db,bio_err, i, 1);
-					}
-				list_user = 0;
-				}
-			else if (userindex < 0)
-				{
-				BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n",
-					   user);
-				errors++;
-				}
-			}
-		else if (add_user)
-			{
-			if (userindex >= 0)
-				{
-				/* reactivation of a new user */
-				char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
-				BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
-				row[DB_srptype][0] = 'V';
-
-				doupdatedb = 1;
-				}
-			else
-				{
-				char *row[DB_NUMBER] ; char *gNid;
-				row[DB_srpverifier] = NULL;
-				row[DB_srpsalt] = NULL;
-				row[DB_srpinfo] = NULL;
-				if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
-					{
-						BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user);
-						errors++;
-						goto err;
-					}
-				row[DB_srpid] = BUF_strdup(user);
-				row[DB_srptype] = BUF_strdup("v");
-				row[DB_srpgN] = BUF_strdup(gNid);
-
-				if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
-					(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) || 
-					!update_index(db, bio_err, row))
-					{
-					if (row[DB_srpid]) OPENSSL_free(row[DB_srpid]);
-					if (row[DB_srpgN]) OPENSSL_free(row[DB_srpgN]);
-					if (row[DB_srpinfo]) OPENSSL_free(row[DB_srpinfo]);
-					if (row[DB_srptype]) OPENSSL_free(row[DB_srptype]);
-					if (row[DB_srpverifier]) OPENSSL_free(row[DB_srpverifier]);
-					if (row[DB_srpsalt]) OPENSSL_free(row[DB_srpsalt]);
-					goto err;
-					}
-				doupdatedb = 1;
-				}
-			}
-		else if (modify_user)
-			{
-			if (userindex < 0)
-				{
-				BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.\n",user);
-				errors++;
-				}
-			else
-				{
-
-				char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
-				char type = row[DB_srptype][0];
-				if (type == 'v')
-					{
-					BIO_printf(bio_err,"user \"%s\" already updated, operation ignored.\n",user);
-					errors++;
-					}
-				else
-					{
-					char *gNid;
-
-					if (row[DB_srptype][0] == 'V')
-						{
-						int user_gN;
-						char **irow = NULL;
-						VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user);
-						if ( (user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
-							irow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
-
- 						if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose))
-							{
-							BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user);
-							errors++;
-							goto err;
-							}
-						} 
-					VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user);
-
-					if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
-						{
-						BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
-						errors++;
-						goto err;
-						}
-
-					row[DB_srptype][0] = 'v';
-					row[DB_srpgN] = BUF_strdup(gNid);
- 
-					if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
-						(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))  
-						goto err;
-
-					doupdatedb = 1;
-					}
-				}
-			}
-		else if (delete_user)
-			{
-			if (userindex < 0)
-				{
-				BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user);
-				errors++;
-				}
-			else
-				{
-				char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
-				BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
-
-				xpp[DB_srptype][0] = 'R';
-				
-				doupdatedb = 1;
-				}
-			}
-		if (--argc > 0)
-			user = *(argv++) ;
-		else
-			{
-			user = NULL;
-			list_user = 0;
-			}
-		}
-
-	VERBOSE BIO_printf(bio_err,"User procession done.\n");
-
-
-	if (doupdatedb)
-		{
-		/* Lets check some fields */
-		for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
-			{
-			pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
-	
-			if (pp[DB_srptype][0] == 'v')
-				{
-				pp[DB_srptype][0] = 'V';
-				print_user(db, bio_err, i, verbose);
-				}
-			}
-
-		VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
-		if (!save_index(dbfile, "new", db)) goto err;
-				
-		VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
-		if (!rotate_index(dbfile, "new", "old")) goto err;
-
-		VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
-		}
-
-	ret = (errors != 0);
-err:
-	if (errors != 0)
-	VERBOSE BIO_printf(bio_err,"User errors %d.\n",errors);
-
-	VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret);
-	if(tofree)
-		OPENSSL_free(tofree);
-	if (ret) ERR_print_errors(bio_err);
-	if (randfile) app_RAND_write_file(randfile, bio_err);
-	if (conf) NCONF_free(conf);
-	if (db) free_index(db);
-
-	OBJ_cleanup();
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-
-
-#endif
-
diff --git a/apps/testCA.pem b/apps/testCA.pem
deleted file mode 100644
index dcb710aa9d..0000000000
--- a/apps/testCA.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBBzCBsgIBADBNMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEX
-MBUGA1UEChMOTWluY29tIFB0eSBMdGQxEDAOBgNVBAMTB1RFU1QgQ0EwXDANBgkq
-hkiG9w0BAQEFAANLADBIAkEAzW9brgA8efT2ODB+NrsflJZj3KKqKsm4OrXTRqfL
-VETj1ws/zCXl42XJAxdWQMCP0liKfc9Ut4xi1qCVI7N07wIDAQABoAAwDQYJKoZI
-hvcNAQEEBQADQQBjZZ42Det9Uw0AFwJy4ufUEy5Cv74pxBp5SZnljgHY+Az0Hs2S
-uNkIegr2ITX5azKi9nOkg9ZmsmGG13FIjiC/
------END CERTIFICATE REQUEST-----
diff --git a/apps/testdsa.h b/apps/testdsa.h
deleted file mode 100644
index 9e84e31c93..0000000000
--- a/apps/testdsa.h
+++ /dev/null
@@ -1,217 +0,0 @@
-/* NOCW */
-/* used by apps/speed.c */
-DSA *get_dsa512(void );
-DSA *get_dsa1024(void );
-DSA *get_dsa2048(void );
-static unsigned char dsa512_priv[] = {
-	0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,
-	0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,
-	};
-static unsigned char dsa512_pub[] = {
-	0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,
-	0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,
-	0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e,
-	0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12,
-	0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,
-	0xbe,0xba,0x0a,0x6b,0xc8,
-	};
-static unsigned char dsa512_p[]={
-	0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
-	0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
-	0x62,0x50,0x33,0x4B,0x02,0x3C,0x52,0x30,0x03,0x8B,0x3B,0xF9,
-	0x5F,0xD1,0x24,0x06,0x4F,0x7B,0x4C,0xBA,0xAA,0x40,0x9B,0xFD,
-	0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66,
-	0xA2,0x76,0x7D,0x31,
-	};
-static unsigned char dsa512_q[]={
-	0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,
-	0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F,
-	};
-static unsigned char dsa512_g[]={
-	0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49,
-	0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,
-	0xBE,0x5B,0x5F,0xB7,0x10,0xD7,0x89,0xB7,0x8E,0x74,0xFB,0xCF,
-	0x29,0x1E,0xEB,0xA8,0x2C,0x54,0x51,0xB8,0x10,0xDE,0xA0,0xCE,
-	0x2F,0xCC,0x24,0x6B,0x90,0x77,0xDE,0xA2,0x68,0xA6,0x52,0x12,
-	0xA2,0x03,0x9D,0x20,
-	};
-
-DSA *get_dsa512()
-	{
-	DSA *dsa;
-
-	if ((dsa=DSA_new()) == NULL) return(NULL);
-	dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);
-	dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);
-	dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
-	dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
-	dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
-	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
-				(dsa->q == NULL) || (dsa->g == NULL))
-		return(NULL);
-	return(dsa);
-	}
-
-static unsigned char dsa1024_priv[]={
-	0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,
-	0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,
-	};
-static unsigned char dsa1024_pub[]={
-	0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,
-	0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,
-	0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e,
-	0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5,
-	0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68,
-	0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82,
-	0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04,
-	0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28,
-	0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e,
-	0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,
-	0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b
-	};
-static unsigned char dsa1024_p[]={
-	0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
-	0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
-	0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73,
-	0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9,
-	0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5,
-	0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E,
-	0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7,
-	0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95,
-	0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE,
-	0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,
-	0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,
-	};
-static unsigned char dsa1024_q[]={
-	0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,
-	0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,
-	};
-static unsigned char dsa1024_g[]={
-	0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,
-	0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,
-	0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88,
-	0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18,
-	0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61,
-	0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F,
-	0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16,
-	0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6,
-	0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5,
-	0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5,
-	0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8,
-	};
-
-DSA *get_dsa1024()
-	{
-	DSA *dsa;
-
-	if ((dsa=DSA_new()) == NULL) return(NULL);
-	dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);
-	dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);
-	dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
-	dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
-	dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
-	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
-				(dsa->q == NULL) || (dsa->g == NULL))
-		return(NULL);
-	return(dsa);
-	}
-
-static unsigned char dsa2048_priv[]={
-	0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,
-	0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,
-	};
-static unsigned char dsa2048_pub[]={
-	0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,
-	0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,
-	0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47,
-	0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53,
-	0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f,
-	0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50,
-	0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9,
-	0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a,
-	0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d,
-	0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24,
-	0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03,
-	0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36,
-	0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34,
-	0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14,
-	0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04,
-	0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8,
-	0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9,
-	0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51,
-	0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d,
-	0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18,
-	0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,
-	0x8b,0x33,0xb7,0xce,
-	};
-static unsigned char dsa2048_p[]={
-	0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
-	0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
-	0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2,
-	0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E,
-	0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19,
-	0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58,
-	0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B,
-	0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C,
-	0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF,
-	0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56,
-	0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51,
-	0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62,
-	0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18,
-	0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72,
-	0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C,
-	0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5,
-	0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4,
-	0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8,
-	0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F,
-	0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A,
-	0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,
-	0xF8,0x68,0xCF,0x9B,
-	};
-static unsigned char dsa2048_q[]={
-	0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,
-	0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,
-	};
-static unsigned char dsa2048_g[]={
-	0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,
-	0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,
-	0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C,
-	0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E,
-	0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29,
-	0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8,
-	0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D,
-	0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A,
-	0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F,
-	0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B,
-	0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E,
-	0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7,
-	0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40,
-	0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6,
-	0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5,
-	0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5,
-	0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72,
-	0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64,
-	0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01,
-	0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99,
-	0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E,
-	0xF8,0xB2,0xE5,0x38,
-	};
- 
-DSA *get_dsa2048()
-	{
-	DSA *dsa;
- 
-	if ((dsa=DSA_new()) == NULL) return(NULL);
-	dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);
-	dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);
-	dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
-	dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
-	dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
-	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
-				(dsa->q == NULL) || (dsa->g == NULL))
-		return(NULL);
-	return(dsa);
-	}
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-static int rnd_fake = 0;
diff --git a/apps/testrsa.h b/apps/testrsa.h
deleted file mode 100644
index 3007d792b0..0000000000
--- a/apps/testrsa.h
+++ /dev/null
@@ -1,518 +0,0 @@
-/* apps/testrsa.h */
-/* used by apps/speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-static unsigned char test512[]={
-	0x30,0x82,0x01,0x3a,0x02,0x01,0x00,0x02,0x41,0x00,
-	0xd6,0x33,0xb9,0xc8,0xfb,0x4f,0x3c,0x7d,0xc0,0x01,
-	0x86,0xd0,0xe7,0xa0,0x55,0xf2,0x95,0x93,0xcc,0x4f,
-	0xb7,0x5b,0x67,0x5b,0x94,0x68,0xc9,0x34,0x15,0xde,
-	0xa5,0x2e,0x1c,0x33,0xc2,0x6e,0xfc,0x34,0x5e,0x71,
-	0x13,0xb7,0xd6,0xee,0xd8,0xa5,0x65,0x05,0x72,0x87,
-	0xa8,0xb0,0x77,0xfe,0x57,0xf5,0xfc,0x5f,0x55,0x83,
-	0x87,0xdd,0x57,0x49,0x02,0x03,0x01,0x00,0x01,0x02,
-	0x41,0x00,0xa7,0xf7,0x91,0xc5,0x0f,0x84,0x57,0xdc,
-	0x07,0xf7,0x6a,0x7f,0x60,0x52,0xb3,0x72,0xf1,0x66,
-	0x1f,0x7d,0x97,0x3b,0x9e,0xb6,0x0a,0x8f,0x8c,0xcf,
-	0x42,0x23,0x00,0x04,0xd4,0x28,0x0e,0x1c,0x90,0xc4,
-	0x11,0x25,0x25,0xa5,0x93,0xa5,0x2f,0x70,0x02,0xdf,
-	0x81,0x9c,0x49,0x03,0xa0,0xf8,0x6d,0x54,0x2e,0x26,
-	0xde,0xaa,0x85,0x59,0xa8,0x31,0x02,0x21,0x00,0xeb,
-	0x47,0xd7,0x3b,0xf6,0xc3,0xdd,0x5a,0x46,0xc5,0xb9,
-	0x2b,0x9a,0xa0,0x09,0x8f,0xa6,0xfb,0xf3,0x78,0x7a,
-	0x33,0x70,0x9d,0x0f,0x42,0x6b,0x13,0x68,0x24,0xd3,
-	0x15,0x02,0x21,0x00,0xe9,0x10,0xb0,0xb3,0x0d,0xe2,
-	0x82,0x68,0x77,0x8a,0x6e,0x7c,0xda,0xbc,0x3e,0x53,
-	0x83,0xfb,0xd6,0x22,0xe7,0xb5,0xae,0x6e,0x80,0xda,
-	0x00,0x55,0x97,0xc1,0xd0,0x65,0x02,0x20,0x4c,0xf8,
-	0x73,0xb1,0x6a,0x49,0x29,0x61,0x1f,0x46,0x10,0x0d,
-	0xf3,0xc7,0xe7,0x58,0xd7,0x88,0x15,0x5e,0x94,0x9b,
-	0xbf,0x7b,0xa2,0x42,0x58,0x45,0x41,0x0c,0xcb,0x01,
-	0x02,0x20,0x12,0x11,0xba,0x31,0x57,0x9d,0x3d,0x11,
-	0x0e,0x5b,0x8c,0x2f,0x5f,0xe2,0x02,0x4f,0x05,0x47,
-	0x8c,0x15,0x8e,0xb3,0x56,0x3f,0xb8,0xfb,0xad,0xd4,
-	0xf4,0xfc,0x10,0xc5,0x02,0x20,0x18,0xa1,0x29,0x99,
-	0x5b,0xd9,0xc8,0xd4,0xfc,0x49,0x7a,0x2a,0x21,0x2c,
-	0x49,0xe4,0x4f,0xeb,0xef,0x51,0xf1,0xab,0x6d,0xfb,
-	0x4b,0x14,0xe9,0x4b,0x52,0xb5,0x82,0x2c,
-	};
-
-static unsigned char test1024[]={
-	0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,
-	0x00,0xdc,0x98,0x43,0xe8,0x3d,0x43,0x5b,0xe4,0x05,
-	0xcd,0xd0,0xa9,0x3e,0xcb,0x83,0x75,0xf6,0xb5,0xa5,
-	0x9f,0x6b,0xe9,0x34,0x41,0x29,0x18,0xfa,0x6a,0x55,
-	0x4d,0x70,0xfc,0xec,0xae,0x87,0x38,0x0a,0x20,0xa9,
-	0xc0,0x45,0x77,0x6e,0x57,0x60,0x57,0xf4,0xed,0x96,
-	0x22,0xcb,0x8f,0xe1,0x33,0x3a,0x17,0x1f,0xed,0x37,
-	0xa5,0x6f,0xeb,0xa6,0xbc,0x12,0x80,0x1d,0x53,0xbd,
-	0x70,0xeb,0x21,0x76,0x3e,0xc9,0x2f,0x1a,0x45,0x24,
-	0x82,0xff,0xcd,0x59,0x32,0x06,0x2e,0x12,0x3b,0x23,
-	0x78,0xed,0x12,0x3d,0xe0,0x8d,0xf9,0x67,0x4f,0x37,
-	0x4e,0x47,0x02,0x4c,0x2d,0xc0,0x4f,0x1f,0xb3,0x94,
-	0xe1,0x41,0x2e,0x2d,0x90,0x10,0xfc,0x82,0x91,0x8b,
-	0x0f,0x22,0xd4,0xf2,0xfc,0x2c,0xab,0x53,0x55,0x02,
-	0x03,0x01,0x00,0x01,0x02,0x81,0x80,0x2b,0xcc,0x3f,
-	0x8f,0x58,0xba,0x8b,0x00,0x16,0xf6,0xea,0x3a,0xf0,
-	0x30,0xd0,0x05,0x17,0xda,0xb0,0xeb,0x9a,0x2d,0x4f,
-	0x26,0xb0,0xd6,0x38,0xc1,0xeb,0xf5,0xd8,0x3d,0x1f,
-	0x70,0xf7,0x7f,0xf4,0xe2,0xcf,0x51,0x51,0x79,0x88,
-	0xfa,0xe8,0x32,0x0e,0x7b,0x2d,0x97,0xf2,0xfa,0xba,
-	0x27,0xc5,0x9c,0xd9,0xc5,0xeb,0x8a,0x79,0x52,0x3c,
-	0x64,0x34,0x7d,0xc2,0xcf,0x28,0xc7,0x4e,0xd5,0x43,
-	0x0b,0xd1,0xa6,0xca,0x6d,0x03,0x2d,0x72,0x23,0xbc,
-	0x6d,0x05,0xfa,0x16,0x09,0x2f,0x2e,0x5c,0xb6,0xee,
-	0x74,0xdd,0xd2,0x48,0x8e,0x36,0x0c,0x06,0x3d,0x4d,
-	0xe5,0x10,0x82,0xeb,0x6a,0xf3,0x4b,0x9f,0xd6,0xed,
-	0x11,0xb1,0x6e,0xec,0xf4,0xfe,0x8e,0x75,0x94,0x20,
-	0x2f,0xcb,0xac,0x46,0xf1,0x02,0x41,0x00,0xf9,0x8c,
-	0xa3,0x85,0xb1,0xdd,0x29,0xaf,0x65,0xc1,0x33,0xf3,
-	0x95,0xc5,0x52,0x68,0x0b,0xd4,0xf1,0xe5,0x0e,0x02,
-	0x9f,0x4f,0xfa,0x77,0xdc,0x46,0x9e,0xc7,0xa6,0xe4,
-	0x16,0x29,0xda,0xb0,0x07,0xcf,0x5b,0xa9,0x12,0x8a,
-	0xdd,0x63,0x0a,0xde,0x2e,0x8c,0x66,0x8b,0x8c,0xdc,
-	0x19,0xa3,0x7e,0xf4,0x3b,0xd0,0x1a,0x8c,0xa4,0xc2,
-	0xe1,0xd3,0x02,0x41,0x00,0xe2,0x4c,0x05,0xf2,0x04,
-	0x86,0x4e,0x61,0x43,0xdb,0xb0,0xb9,0x96,0x86,0x52,
-	0x2c,0xca,0x8d,0x7b,0xab,0x0b,0x13,0x0d,0x7e,0x38,
-	0x5b,0xe2,0x2e,0x7b,0x0e,0xe7,0x19,0x99,0x38,0xe7,
-	0xf2,0x21,0xbd,0x85,0x85,0xe3,0xfd,0x28,0x77,0x20,
-	0x31,0x71,0x2c,0xd0,0xff,0xfb,0x2e,0xaf,0x85,0xb4,
-	0x86,0xca,0xf3,0xbb,0xca,0xaa,0x0f,0x95,0x37,0x02,
-	0x40,0x0e,0x41,0x9a,0x95,0xe8,0xb3,0x59,0xce,0x4b,
-	0x61,0xde,0x35,0xec,0x38,0x79,0x9c,0xb8,0x10,0x52,
-	0x41,0x63,0xab,0x82,0xae,0x6f,0x00,0xa9,0xf4,0xde,
-	0xdd,0x49,0x0b,0x7e,0xb8,0xa5,0x65,0xa9,0x0c,0x8f,
-	0x8f,0xf9,0x1f,0x35,0xc6,0x92,0xb8,0x5e,0xb0,0x66,
-	0xab,0x52,0x40,0xc0,0xb6,0x36,0x6a,0x7d,0x80,0x46,
-	0x04,0x02,0xe5,0x9f,0x41,0x02,0x41,0x00,0xc0,0xad,
-	0xcc,0x4e,0x21,0xee,0x1d,0x24,0x91,0xfb,0xa7,0x80,
-	0x8d,0x9a,0xb6,0xb3,0x2e,0x8f,0xc2,0xe1,0x82,0xdf,
-	0x69,0x18,0xb4,0x71,0xff,0xa6,0x65,0xde,0xed,0x84,
-	0x8d,0x42,0xb7,0xb3,0x21,0x69,0x56,0x1c,0x07,0x60,
-	0x51,0x29,0x04,0xff,0x34,0x06,0xdd,0xb9,0x67,0x2c,
-	0x7c,0x04,0x93,0x0e,0x46,0x15,0xbb,0x2a,0xb7,0x1b,
-	0xe7,0x87,0x02,0x40,0x78,0xda,0x5d,0x07,0x51,0x0c,
-	0x16,0x7a,0x9f,0x29,0x20,0x84,0x0d,0x42,0xfa,0xd7,
-	0x00,0xd8,0x77,0x7e,0xb0,0xb0,0x6b,0xd6,0x5b,0x53,
-	0xb8,0x9b,0x7a,0xcd,0xc7,0x2b,0xb8,0x6a,0x63,0xa9,
-	0xfb,0x6f,0xa4,0x72,0xbf,0x4c,0x5d,0x00,0x14,0xba,
-	0xfa,0x59,0x88,0xed,0xe4,0xe0,0x8c,0xa2,0xec,0x14,
-	0x7e,0x2d,0xe2,0xf0,0x46,0x49,0x95,0x45,
-	};
-
-static unsigned char test2048[]={
-	0x30,0x82,0x04,0xa3,0x02,0x01,0x00,0x02,0x82,0x01,
-	0x01,0x00,0xc0,0xc0,0xce,0x3e,0x3c,0x53,0x67,0x3f,
-	0x4f,0xc5,0x2f,0xa4,0xc2,0x5a,0x2f,0x58,0xfd,0x27,
-	0x52,0x6a,0xe8,0xcf,0x4a,0x73,0x47,0x8d,0x25,0x0f,
-	0x5f,0x03,0x26,0x78,0xef,0xf0,0x22,0x12,0xd3,0xde,
-	0x47,0xb2,0x1c,0x0b,0x38,0x63,0x1a,0x6c,0x85,0x7a,
-	0x80,0xc6,0x8f,0xa0,0x41,0xaf,0x62,0xc4,0x67,0x32,
-	0x88,0xf8,0xa6,0x9c,0xf5,0x23,0x1d,0xe4,0xac,0x3f,
-	0x29,0xf9,0xec,0xe1,0x8b,0x26,0x03,0x2c,0xb2,0xab,
-	0xf3,0x7d,0xb5,0xca,0x49,0xc0,0x8f,0x1c,0xdf,0x33,
-	0x3a,0x60,0xda,0x3c,0xb0,0x16,0xf8,0xa9,0x12,0x8f,
-	0x64,0xac,0x23,0x0c,0x69,0x64,0x97,0x5d,0x99,0xd4,
-	0x09,0x83,0x9b,0x61,0xd3,0xac,0xf0,0xde,0xdd,0x5e,
-	0x9f,0x44,0x94,0xdb,0x3a,0x4d,0x97,0xe8,0x52,0x29,
-	0xf7,0xdb,0x94,0x07,0x45,0x90,0x78,0x1e,0x31,0x0b,
-	0x80,0xf7,0x57,0xad,0x1c,0x79,0xc5,0xcb,0x32,0xb0,
-	0xce,0xcd,0x74,0xb3,0xe2,0x94,0xc5,0x78,0x2f,0x34,
-	0x1a,0x45,0xf7,0x8c,0x52,0xa5,0xbc,0x8d,0xec,0xd1,
-	0x2f,0x31,0x3b,0xf0,0x49,0x59,0x5e,0x88,0x9d,0x15,
-	0x92,0x35,0x32,0xc1,0xe7,0x61,0xec,0x50,0x48,0x7c,
-	0xba,0x05,0xf9,0xf8,0xf8,0xa7,0x8c,0x83,0xe8,0x66,
-	0x5b,0xeb,0xfe,0xd8,0x4f,0xdd,0x6d,0x36,0xc0,0xb2,
-	0x90,0x0f,0xb8,0x52,0xf9,0x04,0x9b,0x40,0x2c,0x27,
-	0xd6,0x36,0x8e,0xc2,0x1b,0x44,0xf3,0x92,0xd5,0x15,
-	0x9e,0x9a,0xbc,0xf3,0x7d,0x03,0xd7,0x02,0x14,0x20,
-	0xe9,0x10,0x92,0xfd,0xf9,0xfc,0x8f,0xe5,0x18,0xe1,
-	0x95,0xcc,0x9e,0x60,0xa6,0xfa,0x38,0x4d,0x02,0x03,
-	0x01,0x00,0x01,0x02,0x82,0x01,0x00,0x00,0xc3,0xc3,
-	0x0d,0xb4,0x27,0x90,0x8d,0x4b,0xbf,0xb8,0x84,0xaa,
-	0xd0,0xb8,0xc7,0x5d,0x99,0xbe,0x55,0xf6,0x3e,0x7c,
-	0x49,0x20,0xcb,0x8a,0x8e,0x19,0x0e,0x66,0x24,0xac,
-	0xaf,0x03,0x33,0x97,0xeb,0x95,0xd5,0x3b,0x0f,0x40,
-	0x56,0x04,0x50,0xd1,0xe6,0xbe,0x84,0x0b,0x25,0xd3,
-	0x9c,0xe2,0x83,0x6c,0xf5,0x62,0x5d,0xba,0x2b,0x7d,
-	0x3d,0x7a,0x6c,0xe1,0xd2,0x0e,0x54,0x93,0x80,0x01,
-	0x91,0x51,0x09,0xe8,0x5b,0x8e,0x47,0xbd,0x64,0xe4,
-	0x0e,0x03,0x83,0x55,0xcf,0x5a,0x37,0xf0,0x25,0xb5,
-	0x7d,0x21,0xd7,0x69,0xdf,0x6f,0xc2,0xcf,0x10,0xc9,
-	0x8a,0x40,0x9f,0x7a,0x70,0xc0,0xe8,0xe8,0xc0,0xe6,
-	0x9a,0x15,0x0a,0x8d,0x4e,0x46,0xcb,0x7a,0xdb,0xb3,
-	0xcb,0x83,0x02,0xc4,0xf0,0xab,0xeb,0x02,0x01,0x0e,
-	0x23,0xfc,0x1d,0xc4,0xbd,0xd4,0xaa,0x5d,0x31,0x46,
-	0x99,0xce,0x9e,0xf8,0x04,0x75,0x10,0x67,0xc4,0x53,
-	0x47,0x44,0xfa,0xc2,0x25,0x73,0x7e,0xd0,0x8e,0x59,
-	0xd1,0xb2,0x5a,0xf4,0xc7,0x18,0x92,0x2f,0x39,0xab,
-	0xcd,0xa3,0xb5,0xc2,0xb9,0xc7,0xb9,0x1b,0x9f,0x48,
-	0xfa,0x13,0xc6,0x98,0x4d,0xca,0x84,0x9c,0x06,0xca,
-	0xe7,0x89,0x01,0x04,0xc4,0x6c,0xfd,0x29,0x59,0x35,
-	0xe7,0xf3,0xdd,0xce,0x64,0x59,0xbf,0x21,0x13,0xa9,
-	0x9f,0x0e,0xc5,0xff,0xbd,0x33,0x00,0xec,0xac,0x6b,
-	0x11,0xef,0x51,0x5e,0xad,0x07,0x15,0xde,0xb8,0x5f,
-	0xc6,0xb9,0xa3,0x22,0x65,0x46,0x83,0x14,0xdf,0xd0,
-	0xf1,0x44,0x8a,0xe1,0x9c,0x23,0x33,0xb4,0x97,0x33,
-	0xe6,0x6b,0x81,0x02,0x81,0x81,0x00,0xec,0x12,0xa7,
-	0x59,0x74,0x6a,0xde,0x3e,0xad,0xd8,0x36,0x80,0x50,
-	0xa2,0xd5,0x21,0x81,0x07,0xf1,0xd0,0x91,0xf2,0x6c,
-	0x12,0x2f,0x9d,0x1a,0x26,0xf8,0x30,0x65,0xdf,0xe8,
-	0xc0,0x9b,0x6a,0x30,0x98,0x82,0x87,0xec,0xa2,0x56,
-	0x87,0x62,0x6f,0xe7,0x9f,0xf6,0x56,0xe6,0x71,0x8f,
-	0x49,0x86,0x93,0x5a,0x4d,0x34,0x58,0xfe,0xd9,0x04,
-	0x13,0xaf,0x79,0xb7,0xad,0x11,0xd1,0x30,0x9a,0x14,
-	0x06,0xa0,0xfa,0xb7,0x55,0xdc,0x6c,0x5a,0x4c,0x2c,
-	0x59,0x56,0xf6,0xe8,0x9d,0xaf,0x0a,0x78,0x99,0x06,
-	0x06,0x9e,0xe7,0x9c,0x51,0x55,0x43,0xfc,0x3b,0x6c,
-	0x0b,0xbf,0x2d,0x41,0xa7,0xaf,0xb7,0xe0,0xe8,0x28,
-	0x18,0xb4,0x13,0xd1,0xe6,0x97,0xd0,0x9f,0x6a,0x80,
-	0xca,0xdd,0x1a,0x7e,0x15,0x02,0x81,0x81,0x00,0xd1,
-	0x06,0x0c,0x1f,0xe3,0xd0,0xab,0xd6,0xca,0x7c,0xbc,
-	0x7d,0x13,0x35,0xce,0x27,0xcd,0xd8,0x49,0x51,0x63,
-	0x64,0x0f,0xca,0x06,0x12,0xfc,0x07,0x3e,0xaf,0x61,
-	0x6d,0xe2,0x53,0x39,0x27,0xae,0xc3,0x11,0x9e,0x94,
-	0x01,0x4f,0xe3,0xf3,0x67,0xf9,0x77,0xf9,0xe7,0x95,
-	0x3a,0x6f,0xe2,0x20,0x73,0x3e,0xa4,0x7a,0x28,0xd4,
-	0x61,0x97,0xf6,0x17,0xa0,0x23,0x10,0x2b,0xce,0x84,
-	0x57,0x7e,0x25,0x1f,0xf4,0xa8,0x54,0xd2,0x65,0x94,
-	0xcc,0x95,0x0a,0xab,0x30,0xc1,0x59,0x1f,0x61,0x8e,
-	0xb9,0x6b,0xd7,0x4e,0xb9,0x83,0x43,0x79,0x85,0x11,
-	0xbc,0x0f,0xae,0x25,0x20,0x05,0xbc,0xd2,0x48,0xa1,
-	0x68,0x09,0x84,0xf6,0x12,0x9a,0x66,0xb9,0x2b,0xbb,
-	0x76,0x03,0x17,0x46,0x4e,0x97,0x59,0x02,0x81,0x80,
-	0x09,0x4c,0xfa,0xd6,0xe5,0x65,0x48,0x78,0x43,0xb5,
-	0x1f,0x00,0x93,0x2c,0xb7,0x24,0xe8,0xc6,0x7d,0x5a,
-	0x70,0x45,0x92,0xc8,0x6c,0xa3,0xcd,0xe1,0xf7,0x29,
-	0x40,0xfa,0x3f,0x5b,0x47,0x44,0x39,0xc1,0xe8,0x72,
-	0x9e,0x7a,0x0e,0xda,0xaa,0xa0,0x2a,0x09,0xfd,0x54,
-	0x93,0x23,0xaa,0x37,0x85,0x5b,0xcc,0xd4,0xf9,0xd8,
-	0xff,0xc1,0x61,0x0d,0xbd,0x7e,0x18,0x24,0x73,0x6d,
-	0x40,0x72,0xf1,0x93,0x09,0x48,0x97,0x6c,0x84,0x90,
-	0xa8,0x46,0x14,0x01,0x39,0x11,0xe5,0x3c,0x41,0x27,
-	0x32,0x75,0x24,0xed,0xa1,0xd9,0x12,0x29,0x8a,0x28,
-	0x71,0x89,0x8d,0xca,0x30,0xb0,0x01,0xc4,0x2f,0x82,
-	0x19,0x14,0x4c,0x70,0x1c,0xb8,0x23,0x2e,0xe8,0x90,
-	0x49,0x97,0x92,0x97,0x6b,0x7a,0x9d,0xb9,0x02,0x81,
-	0x80,0x0f,0x0e,0xa1,0x76,0xf6,0xa1,0x44,0x8f,0xaf,
-	0x7c,0x76,0xd3,0x87,0xbb,0xbb,0x83,0x10,0x88,0x01,
-	0x18,0x14,0xd1,0xd3,0x75,0x59,0x24,0xaa,0xf5,0x16,
-	0xa5,0xe9,0x9d,0xd1,0xcc,0xee,0xf4,0x15,0xd9,0xc5,
-	0x7e,0x27,0xe9,0x44,0x49,0x06,0x72,0xb9,0xfc,0xd3,
-	0x8a,0xc4,0x2c,0x36,0x7d,0x12,0x9b,0x5a,0xaa,0xdc,
-	0x85,0xee,0x6e,0xad,0x54,0xb3,0xf4,0xfc,0x31,0xa1,
-	0x06,0x3a,0x70,0x57,0x0c,0xf3,0x95,0x5b,0x3e,0xe8,
-	0xfd,0x1a,0x4f,0xf6,0x78,0x93,0x46,0x6a,0xd7,0x31,
-	0xb4,0x84,0x64,0x85,0x09,0x38,0x89,0x92,0x94,0x1c,
-	0xbf,0xe2,0x3c,0x2a,0xe0,0xff,0x99,0xa3,0xf0,0x2b,
-	0x31,0xc2,0x36,0xcd,0x60,0xbf,0x9d,0x2d,0x74,0x32,
-	0xe8,0x9c,0x93,0x6e,0xbb,0x91,0x7b,0xfd,0xd9,0x02,
-	0x81,0x81,0x00,0xa2,0x71,0x25,0x38,0xeb,0x2a,0xe9,
-	0x37,0xcd,0xfe,0x44,0xce,0x90,0x3f,0x52,0x87,0x84,
-	0x52,0x1b,0xae,0x8d,0x22,0x94,0xce,0x38,0xe6,0x04,
-	0x88,0x76,0x85,0x9a,0xd3,0x14,0x09,0xe5,0x69,0x9a,
-	0xff,0x58,0x92,0x02,0x6a,0x7d,0x7c,0x1e,0x2c,0xfd,
-	0xa8,0xca,0x32,0x14,0x4f,0x0d,0x84,0x0d,0x37,0x43,
-	0xbf,0xe4,0x5d,0x12,0xc8,0x24,0x91,0x27,0x8d,0x46,
-	0xd9,0x54,0x53,0xe7,0x62,0x71,0xa8,0x2b,0x71,0x41,
-	0x8d,0x75,0xf8,0x3a,0xa0,0x61,0x29,0x46,0xa6,0xe5,
-	0x82,0xfa,0x3a,0xd9,0x08,0xfa,0xfc,0x63,0xfd,0x6b,
-	0x30,0xbc,0xf4,0x4e,0x9e,0x8c,0x25,0x0c,0xb6,0x55,
-	0xe7,0x3c,0xd4,0x4e,0x0b,0xfd,0x8b,0xc3,0x0e,0x1d,
-	0x9c,0x44,0x57,0x8f,0x1f,0x86,0xf7,0xd5,0x1b,0xe4,
-	0x95,
-	};
-
-static unsigned char test4096[]={
-	0x30,0x82,0x09,0x29,0x02,0x01,0x00,0x02,0x82,0x02,
-	0x01,0x00,0xc0,0x71,0xac,0x1a,0x13,0x88,0x82,0x43,
-	0x3b,0x51,0x57,0x71,0x8d,0xb6,0x2b,0x82,0x65,0x21,
-	0x53,0x5f,0x28,0x29,0x4f,0x8d,0x7c,0x8a,0xb9,0x44,
-	0xb3,0x28,0x41,0x4f,0xd3,0xfa,0x6a,0xf8,0xb9,0x28,
-	0x50,0x39,0x67,0x53,0x2c,0x3c,0xd7,0xcb,0x96,0x41,
-	0x40,0x32,0xbb,0xeb,0x70,0xae,0x1f,0xb0,0x65,0xf7,
-	0x3a,0xd9,0x22,0xfd,0x10,0xae,0xbd,0x02,0xe2,0xdd,
-	0xf3,0xc2,0x79,0x3c,0xc6,0xfc,0x75,0xbb,0xaf,0x4e,
-	0x3a,0x36,0xc2,0x4f,0xea,0x25,0xdf,0x13,0x16,0x4b,
-	0x20,0xfe,0x4b,0x69,0x16,0xc4,0x7f,0x1a,0x43,0xa6,
-	0x17,0x1b,0xb9,0x0a,0xf3,0x09,0x86,0x28,0x89,0xcf,
-	0x2c,0xd0,0xd4,0x81,0xaf,0xc6,0x6d,0xe6,0x21,0x8d,
-	0xee,0xef,0xea,0xdc,0xb7,0xc6,0x3b,0x63,0x9f,0x0e,
-	0xad,0x89,0x78,0x23,0x18,0xbf,0x70,0x7e,0x84,0xe0,
-	0x37,0xec,0xdb,0x8e,0x9c,0x3e,0x6a,0x19,0xcc,0x99,
-	0x72,0xe6,0xb5,0x7d,0x6d,0xfa,0xe5,0xd3,0xe4,0x90,
-	0xb5,0xb2,0xb2,0x12,0x70,0x4e,0xca,0xf8,0x10,0xf8,
-	0xa3,0x14,0xc2,0x48,0x19,0xeb,0x60,0x99,0xbb,0x2a,
-	0x1f,0xb1,0x7a,0xb1,0x3d,0x24,0xfb,0xa0,0x29,0xda,
-	0xbd,0x1b,0xd7,0xa4,0xbf,0xef,0x60,0x2d,0x22,0xca,
-	0x65,0x98,0xf1,0xc4,0xe1,0xc9,0x02,0x6b,0x16,0x28,
-	0x2f,0xa1,0xaa,0x79,0x00,0xda,0xdc,0x7c,0x43,0xf7,
-	0x42,0x3c,0xa0,0xef,0x68,0xf7,0xdf,0xb9,0x69,0xfb,
-	0x8e,0x01,0xed,0x01,0x42,0xb5,0x4e,0x57,0xa6,0x26,
-	0xb8,0xd0,0x7b,0x56,0x6d,0x03,0xc6,0x40,0x8c,0x8c,
-	0x2a,0x55,0xd7,0x9c,0x35,0x00,0x94,0x93,0xec,0x03,
-	0xeb,0x22,0xef,0x77,0xbb,0x79,0x13,0x3f,0x15,0xa1,
-	0x8f,0xca,0xdf,0xfd,0xd3,0xb8,0xe1,0xd4,0xcc,0x09,
-	0x3f,0x3c,0x2c,0xdb,0xd1,0x49,0x7f,0x38,0x07,0x83,
-	0x6d,0xeb,0x08,0x66,0xe9,0x06,0x44,0x12,0xac,0x95,
-	0x22,0x90,0x23,0x67,0xd4,0x08,0xcc,0xf4,0xb7,0xdc,
-	0xcc,0x87,0xd4,0xac,0x69,0x35,0x4c,0xb5,0x39,0x36,
-	0xcd,0xa4,0xd2,0x95,0xca,0x0d,0xc5,0xda,0xc2,0xc5,
-	0x22,0x32,0x28,0x08,0xe3,0xd2,0x8b,0x38,0x30,0xdc,
-	0x8c,0x75,0x4f,0x6a,0xec,0x7a,0xac,0x16,0x3e,0xa8,
-	0xd4,0x6a,0x45,0xe1,0xa8,0x4f,0x2e,0x80,0x34,0xaa,
-	0x54,0x1b,0x02,0x95,0x7d,0x8a,0x6d,0xcc,0x79,0xca,
-	0xf2,0xa4,0x2e,0x8d,0xfb,0xfe,0x15,0x51,0x10,0x0e,
-	0x4d,0x88,0xb1,0xc7,0xf4,0x79,0xdb,0xf0,0xb4,0x56,
-	0x44,0x37,0xca,0x5a,0xc1,0x8c,0x48,0xac,0xae,0x48,
-	0x80,0x83,0x01,0x3f,0xde,0xd9,0xd3,0x2c,0x51,0x46,
-	0xb1,0x41,0xb6,0xc6,0x91,0x72,0xf9,0x83,0x55,0x1b,
-	0x8c,0xba,0xf3,0x73,0xe5,0x2c,0x74,0x50,0x3a,0xbe,
-	0xc5,0x2f,0xa7,0xb2,0x6d,0x8c,0x9e,0x13,0x77,0xa3,
-	0x13,0xcd,0x6d,0x8c,0x45,0xe1,0xfc,0x0b,0xb7,0x69,
-	0xe9,0x27,0xbc,0x65,0xc3,0xfa,0x9b,0xd0,0xef,0xfe,
-	0xe8,0x1f,0xb3,0x5e,0x34,0xf4,0x8c,0xea,0xfc,0xd3,
-	0x81,0xbf,0x3d,0x30,0xb2,0xb4,0x01,0xe8,0x43,0x0f,
-	0xba,0x02,0x23,0x42,0x76,0x82,0x31,0x73,0x91,0xed,
-	0x07,0x46,0x61,0x0d,0x39,0x83,0x40,0xce,0x7a,0xd4,
-	0xdb,0x80,0x2c,0x1f,0x0d,0xd1,0x34,0xd4,0x92,0xe3,
-	0xd4,0xf1,0xc2,0x01,0x02,0x03,0x01,0x00,0x01,0x02,
-	0x82,0x02,0x01,0x00,0x97,0x6c,0xda,0x6e,0xea,0x4f,
-	0xcf,0xaf,0xf7,0x4c,0xd9,0xf1,0x90,0x00,0x77,0xdb,
-	0xf2,0x97,0x76,0x72,0xb9,0xb7,0x47,0xd1,0x9c,0xdd,
-	0xcb,0x4a,0x33,0x6e,0xc9,0x75,0x76,0xe6,0xe4,0xa5,
-	0x31,0x8c,0x77,0x13,0xb4,0x29,0xcd,0xf5,0x52,0x17,
-	0xef,0xf3,0x08,0x00,0xe3,0xbd,0x2e,0xbc,0xd4,0x52,
-	0x88,0xe9,0x30,0x75,0x0b,0x02,0xf5,0xcd,0x89,0x0c,
-	0x6c,0x57,0x19,0x27,0x3d,0x1e,0x85,0xb4,0xc1,0x2f,
-	0x1d,0x92,0x00,0x5c,0x76,0x29,0x4b,0xa4,0xe1,0x12,
-	0xb3,0xc8,0x09,0xfe,0x0e,0x78,0x72,0x61,0xcb,0x61,
-	0x6f,0x39,0x91,0x95,0x4e,0xd5,0x3e,0xc7,0x8f,0xb8,
-	0xf6,0x36,0xfe,0x9c,0x93,0x9a,0x38,0x25,0x7a,0xf4,
-	0x4a,0x12,0xd4,0xa0,0x13,0xbd,0xf9,0x1d,0x12,0x3e,
-	0x21,0x39,0xfb,0x72,0xe0,0x05,0x3d,0xc3,0xe5,0x50,
-	0xa8,0x5d,0x85,0xa3,0xea,0x5f,0x1c,0xb2,0x3f,0xea,
-	0x6d,0x03,0x91,0x55,0xd8,0x19,0x0a,0x21,0x12,0x16,
-	0xd9,0x12,0xc4,0xe6,0x07,0x18,0x5b,0x26,0xa4,0xae,
-	0xed,0x2b,0xb7,0xa6,0xed,0xf8,0xad,0xec,0x77,0xe6,
-	0x7f,0x4f,0x76,0x00,0xc0,0xfa,0x15,0x92,0xb4,0x2c,
-	0x22,0xc2,0xeb,0x6a,0xad,0x14,0x05,0xb2,0xe5,0x8a,
-	0x9e,0x85,0x83,0xcc,0x04,0xf1,0x56,0x78,0x44,0x5e,
-	0xde,0xe0,0x60,0x1a,0x65,0x79,0x31,0x23,0x05,0xbb,
-	0x01,0xff,0xdd,0x2e,0xb7,0xb3,0xaa,0x74,0xe0,0xa5,
-	0x94,0xaf,0x4b,0xde,0x58,0x0f,0x55,0xde,0x33,0xf6,
-	0xe3,0xd6,0x34,0x36,0x57,0xd6,0x79,0x91,0x2e,0xbe,
-	0x3b,0xd9,0x4e,0xb6,0x9d,0x21,0x5c,0xd3,0x48,0x14,
-	0x7f,0x4a,0xc4,0x60,0xa9,0x29,0xf8,0x53,0x7f,0x88,
-	0x11,0x2d,0xb5,0xc5,0x2d,0x6f,0xee,0x85,0x0b,0xf7,
-	0x8d,0x9a,0xbe,0xb0,0x42,0xf2,0x2e,0x71,0xaf,0x19,
-	0x31,0x6d,0xec,0xcd,0x6f,0x2b,0x23,0xdf,0xb4,0x40,
-	0xaf,0x2c,0x0a,0xc3,0x1b,0x7d,0x7d,0x03,0x1d,0x4b,
-	0xf3,0xb5,0xe0,0x85,0xd8,0xdf,0x91,0x6b,0x0a,0x69,
-	0xf7,0xf2,0x69,0x66,0x5b,0xf1,0xcf,0x46,0x7d,0xe9,
-	0x70,0xfa,0x6d,0x7e,0x75,0x4e,0xa9,0x77,0xe6,0x8c,
-	0x02,0xf7,0x14,0x4d,0xa5,0x41,0x8f,0x3f,0xc1,0x62,
-	0x1e,0x71,0x5e,0x38,0xb4,0xd6,0xe6,0xe1,0x4b,0xc2,
-	0x2c,0x30,0x83,0x81,0x6f,0x49,0x2e,0x96,0xe6,0xc9,
-	0x9a,0xf7,0x5d,0x09,0xa0,0x55,0x02,0xa5,0x3a,0x25,
-	0x23,0xd0,0x92,0xc3,0xa3,0xe3,0x0e,0x12,0x2f,0x4d,
-	0xef,0xf3,0x55,0x5a,0xbe,0xe6,0x19,0x86,0x31,0xab,
-	0x75,0x9a,0xd3,0xf0,0x2c,0xc5,0x41,0x92,0xd9,0x1f,
-	0x5f,0x11,0x8c,0x75,0x1c,0x63,0xd0,0x02,0x80,0x2c,
-	0x68,0xcb,0x93,0xfb,0x51,0x73,0x49,0xb4,0x60,0xda,
-	0xe2,0x26,0xaf,0xa9,0x46,0x12,0xb8,0xec,0x50,0xdd,
-	0x12,0x06,0x5f,0xce,0x59,0xe6,0xf6,0x1c,0xe0,0x54,
-	0x10,0xad,0xf6,0xcd,0x98,0xcc,0x0f,0xfb,0xcb,0x41,
-	0x14,0x9d,0xed,0xe4,0xb4,0x74,0x5f,0x09,0x60,0xc7,
-	0x12,0xf6,0x7b,0x3c,0x8f,0xa7,0x20,0xbc,0xe4,0xb1,
-	0xef,0xeb,0xa4,0x93,0xc5,0x06,0xca,0x9a,0x27,0x9d,
-	0x87,0xf3,0xde,0xca,0xe5,0xe7,0xf6,0x1c,0x01,0x65,
-	0x5b,0xfb,0x19,0x79,0x6e,0x08,0x26,0xc5,0xc8,0x28,
-	0x0e,0xb6,0x3b,0x07,0x08,0xc1,0x02,0x82,0x01,0x01,
-	0x00,0xe8,0x1c,0x73,0xa6,0xb8,0xe0,0x0e,0x6d,0x8d,
-	0x1b,0xb9,0x53,0xed,0x58,0x94,0xe6,0x1d,0x60,0x14,
-	0x5c,0x76,0x43,0xc4,0x58,0x19,0xc4,0x24,0xe8,0xbc,
-	0x1b,0x3b,0x0b,0x13,0x24,0x45,0x54,0x0e,0xcc,0x37,
-	0xf0,0xe0,0x63,0x7d,0xc3,0xf7,0xfb,0x81,0x74,0x81,
-	0xc4,0x0f,0x1a,0x21,0x48,0xaf,0xce,0xc1,0xc4,0x94,
-	0x18,0x06,0x44,0x8d,0xd3,0xd2,0x22,0x2d,0x2d,0x3e,
-	0x5a,0x31,0xdc,0x95,0x8e,0xf4,0x41,0xfc,0x58,0xc9,
-	0x40,0x92,0x17,0x5f,0xe3,0xda,0xac,0x9e,0x3f,0x1c,
-	0x2a,0x6b,0x58,0x5f,0x48,0x78,0x20,0xb1,0xaf,0x24,
-	0x9b,0x3c,0x20,0x8b,0x93,0x25,0x9e,0xe6,0x6b,0xbc,
-	0x13,0x42,0x14,0x6c,0x36,0x31,0xff,0x7a,0xd1,0xc1,
-	0x1a,0x26,0x14,0x7f,0xa9,0x76,0xa7,0x0c,0xf8,0xcc,
-	0xed,0x07,0x6a,0xd2,0xdf,0x62,0xee,0x0a,0x7c,0x84,
-	0xcb,0x49,0x90,0xb2,0x03,0x0d,0xa2,0x82,0x06,0x77,
-	0xf1,0xcd,0x67,0xf2,0x47,0x21,0x02,0x3f,0x43,0x21,
-	0xf0,0x46,0x30,0x62,0x51,0x72,0xb1,0xe7,0x48,0xc6,
-	0x67,0x12,0xcd,0x9e,0xd6,0x15,0xe5,0x21,0xed,0xfa,
-	0x8f,0x30,0xa6,0x41,0xfe,0xb6,0xfa,0x8f,0x34,0x14,
-	0x19,0xe8,0x11,0xf7,0xa5,0x77,0x3e,0xb7,0xf9,0x39,
-	0x07,0x8c,0x67,0x2a,0xab,0x7b,0x08,0xf8,0xb0,0x06,
-	0xa8,0xea,0x2f,0x8f,0xfa,0xcc,0xcc,0x40,0xce,0xf3,
-	0x70,0x4f,0x3f,0x7f,0xe2,0x0c,0xea,0x76,0x4a,0x35,
-	0x4e,0x47,0xad,0x2b,0xa7,0x97,0x5d,0x74,0x43,0x97,
-	0x90,0xd2,0xfb,0xd9,0xf9,0x96,0x01,0x33,0x05,0xed,
-	0x7b,0x03,0x05,0xad,0xf8,0x49,0x03,0x02,0x82,0x01,
-	0x01,0x00,0xd4,0x40,0x17,0x66,0x10,0x92,0x95,0xc8,
-	0xec,0x62,0xa9,0x7a,0xcb,0x93,0x8e,0xe6,0x53,0xd4,
-	0x80,0x48,0x27,0x4b,0x41,0xce,0x61,0xdf,0xbf,0x94,
-	0xa4,0x3d,0x71,0x03,0x0b,0xed,0x25,0x71,0x98,0xa4,
-	0xd6,0xd5,0x4a,0x57,0xf5,0x6c,0x1b,0xda,0x21,0x7d,
-	0x35,0x45,0xb3,0xf3,0x6a,0xd9,0xd3,0x43,0xe8,0x5c,
-	0x54,0x1c,0x83,0x1b,0xb4,0x5f,0xf2,0x97,0x24,0x2e,
-	0xdc,0x40,0xde,0x92,0x23,0x59,0x8e,0xbc,0xd2,0xa1,
-	0xf2,0xe0,0x4c,0xdd,0x0b,0xd1,0xe7,0xae,0x65,0xbc,
-	0xb5,0xf5,0x5b,0x98,0xe9,0xd7,0xc2,0xb7,0x0e,0x55,
-	0x71,0x0e,0x3c,0x0a,0x24,0x6b,0xa6,0xe6,0x14,0x61,
-	0x11,0xfd,0x33,0x42,0x99,0x2b,0x84,0x77,0x74,0x92,
-	0x91,0xf5,0x79,0x79,0xcf,0xad,0x8e,0x04,0xef,0x80,
-	0x1e,0x57,0xf4,0x14,0xf5,0x35,0x09,0x74,0xb2,0x13,
-	0x71,0x58,0x6b,0xea,0x32,0x5d,0xf3,0xd3,0x76,0x48,
-	0x39,0x10,0x23,0x84,0x9d,0xbe,0x92,0x77,0x4a,0xed,
-	0x70,0x3e,0x1a,0xa2,0x6c,0xb3,0x81,0x00,0xc3,0xc9,
-	0xe4,0x52,0xc8,0x24,0x88,0x0c,0x41,0xad,0x87,0x5a,
-	0xea,0xa3,0x7a,0x85,0x1c,0x5e,0x31,0x7f,0xc3,0x35,
-	0xc6,0xfa,0x10,0xc8,0x75,0x10,0xc4,0x96,0x99,0xe7,
-	0xfe,0x01,0xb4,0x74,0xdb,0xb4,0x11,0xc3,0xc8,0x8c,
-	0xf6,0xf7,0x3b,0x66,0x50,0xfc,0xdb,0xeb,0xca,0x47,
-	0x85,0x89,0xe1,0x65,0xd9,0x62,0x34,0x3c,0x70,0xd8,
-	0x2e,0xb4,0x2f,0x65,0x3c,0x4a,0xa6,0x2a,0xe7,0xc7,
-	0xd8,0x41,0x8f,0x8a,0x43,0xbf,0x42,0xf2,0x4d,0xbc,
-	0xfc,0x9e,0x27,0x95,0xfb,0x75,0xff,0xab,0x02,0x82,
-	0x01,0x00,0x41,0x2f,0x44,0x57,0x6d,0x12,0x17,0x5b,
-	0x32,0xc6,0xb7,0x6c,0x57,0x7a,0x8a,0x0e,0x79,0xef,
-	0x72,0xa8,0x68,0xda,0x2d,0x38,0xe4,0xbb,0x8d,0xf6,
-	0x02,0x65,0xcf,0x56,0x13,0xe1,0x1a,0xcb,0x39,0x80,
-	0xa6,0xb1,0x32,0x03,0x1e,0xdd,0xbb,0x35,0xd9,0xac,
-	0x43,0x89,0x31,0x08,0x90,0x92,0x5e,0x35,0x3d,0x7b,
-	0x9c,0x6f,0x86,0xcb,0x17,0xdd,0x85,0xe4,0xed,0x35,
-	0x08,0x8e,0xc1,0xf4,0x05,0xd8,0x68,0xc6,0x63,0x3c,
-	0xf7,0xff,0xf7,0x47,0x33,0x39,0xc5,0x3e,0xb7,0x0e,
-	0x58,0x35,0x9d,0x81,0xea,0xf8,0x6a,0x2c,0x1c,0x5a,
-	0x68,0x78,0x64,0x11,0x6b,0xc1,0x3e,0x4e,0x7a,0xbd,
-	0x84,0xcb,0x0f,0xc2,0xb6,0x85,0x1d,0xd3,0x76,0xc5,
-	0x93,0x6a,0x69,0x89,0x56,0x34,0xdc,0x4a,0x9b,0xbc,
-	0xff,0xa8,0x0d,0x6e,0x35,0x9c,0x60,0xa7,0x23,0x30,
-	0xc7,0x06,0x64,0x39,0x8b,0x94,0x89,0xee,0xba,0x7f,
-	0x60,0x8d,0xfa,0xb6,0x97,0x76,0xdc,0x51,0x4a,0x3c,
-	0xeb,0x3a,0x14,0x2c,0x20,0x60,0x69,0x4a,0x86,0xfe,
-	0x8c,0x21,0x84,0x49,0x54,0xb3,0x20,0xe1,0x01,0x7f,
-	0x58,0xdf,0x7f,0xb5,0x21,0x51,0x8c,0x47,0x9f,0x91,
-	0xeb,0x97,0x3e,0xf2,0x54,0xcf,0x16,0x46,0xf9,0xd9,
-	0xb6,0xe7,0x64,0xc9,0xd0,0x54,0xea,0x2f,0xa1,0xcf,
-	0xa5,0x7f,0x28,0x8d,0x84,0xec,0xd5,0x39,0x03,0x76,
-	0x5b,0x2d,0x8e,0x43,0xf2,0x01,0x24,0xc9,0x6f,0xc0,
-	0xf5,0x69,0x6f,0x7d,0xb5,0x85,0xd2,0x5f,0x7f,0x78,
-	0x40,0x07,0x7f,0x09,0x15,0xb5,0x1f,0x28,0x65,0x10,
-	0xe4,0x19,0xa8,0xc6,0x9e,0x8d,0xdc,0xcb,0x02,0x82,
-	0x01,0x00,0x13,0x01,0xee,0x56,0x80,0x93,0x70,0x00,
-	0x7f,0x52,0xd2,0x94,0xa1,0x98,0x84,0x4a,0x92,0x25,
-	0x4c,0x9b,0xa9,0x91,0x2e,0xc2,0x79,0xb7,0x5c,0xe3,
-	0xc5,0xd5,0x8e,0xc2,0x54,0x16,0x17,0xad,0x55,0x9b,
-	0x25,0x76,0x12,0x63,0x50,0x22,0x2f,0x58,0x58,0x79,
-	0x6b,0x04,0xe3,0xf9,0x9f,0x8f,0x04,0x41,0x67,0x94,
-	0xa5,0x1f,0xac,0x8a,0x15,0x9c,0x26,0x10,0x6c,0xf8,
-	0x19,0x57,0x61,0xd7,0x3a,0x7d,0x31,0xb0,0x2d,0x38,
-	0xbd,0x94,0x62,0xad,0xc4,0xfa,0x36,0x42,0x42,0xf0,
-	0x24,0x67,0x65,0x9d,0x8b,0x0b,0x7c,0x6f,0x82,0x44,
-	0x1a,0x8c,0xc8,0xc9,0xab,0xbb,0x4c,0x45,0xfc,0x7b,
-	0x38,0xee,0x30,0xe1,0xfc,0xef,0x8d,0xbc,0x58,0xdf,
-	0x2b,0x5d,0x0d,0x54,0xe0,0x49,0x4d,0x97,0x99,0x8f,
-	0x22,0xa8,0x83,0xbe,0x40,0xbb,0x50,0x2e,0x78,0x28,
-	0x0f,0x95,0x78,0x8c,0x8f,0x98,0x24,0x56,0xc2,0x97,
-	0xf3,0x2c,0x43,0xd2,0x03,0x82,0x66,0x81,0x72,0x5f,
-	0x53,0x16,0xec,0xb1,0xb1,0x04,0x5e,0x40,0x20,0x48,
-	0x7b,0x3f,0x02,0x97,0x6a,0xeb,0x96,0x12,0x21,0x35,
-	0xfe,0x1f,0x47,0xc0,0x95,0xea,0xc5,0x8a,0x08,0x84,
-	0x4f,0x5e,0x63,0x94,0x60,0x0f,0x71,0x5b,0x7f,0x4a,
-	0xec,0x4f,0x60,0xc6,0xba,0x4a,0x24,0xf1,0x20,0x8b,
-	0xa7,0x2e,0x3a,0xce,0x8d,0xe0,0x27,0x1d,0xb5,0x8e,
-	0xb4,0x21,0xc5,0xe2,0xa6,0x16,0x0a,0x51,0x83,0x55,
-	0x88,0xd1,0x30,0x11,0x63,0xd5,0xd7,0x8d,0xae,0x16,
-	0x12,0x82,0xc4,0x85,0x00,0x4e,0x27,0x83,0xa5,0x7c,
-	0x90,0x2e,0xe5,0xa2,0xa3,0xd3,0x4c,0x63,0x02,0x82,
-	0x01,0x01,0x00,0x86,0x08,0x98,0x98,0xa5,0x00,0x05,
-	0x39,0x77,0xd9,0x66,0xb3,0xcf,0xca,0xa0,0x71,0xb3,
-	0x50,0xce,0x3d,0xb1,0x93,0x95,0x35,0xc4,0xd4,0x2e,
-	0x90,0xdf,0x0f,0xfc,0x60,0xc1,0x94,0x68,0x61,0x43,
-	0xca,0x9a,0x23,0x4a,0x1e,0x45,0x72,0x99,0xb5,0x1e,
-	0x61,0x8d,0x77,0x0f,0xa0,0xbb,0xd7,0x77,0xb4,0x2a,
-	0x15,0x11,0x88,0x2d,0xb3,0x56,0x61,0x5e,0x6a,0xed,
-	0xa4,0x46,0x4a,0x3f,0x50,0x11,0xd6,0xba,0xb6,0xd7,
-	0x95,0x65,0x53,0xc3,0xa1,0x8f,0xe0,0xa3,0xf5,0x1c,
-	0xfd,0xaf,0x6e,0x43,0xd7,0x17,0xa7,0xd3,0x81,0x1b,
-	0xa4,0xdf,0xe0,0x97,0x8a,0x46,0x03,0xd3,0x46,0x0e,
-	0x83,0x48,0x4e,0xd2,0x02,0xcb,0xc0,0xad,0x79,0x95,
-	0x8c,0x96,0xba,0x40,0x34,0x11,0x71,0x5e,0xe9,0x11,
-	0xf9,0xc5,0x4a,0x5e,0x91,0x9d,0xf5,0x92,0x4f,0xeb,
-	0xc6,0x70,0x02,0x2d,0x3d,0x04,0xaa,0xe9,0x3a,0x8e,
-	0xd5,0xa8,0xad,0xf7,0xce,0x0d,0x16,0xb2,0xec,0x0a,
-	0x9c,0xf5,0x94,0x39,0xb9,0x8a,0xfc,0x1e,0xf9,0xcc,
-	0xf2,0x5f,0x21,0x31,0x74,0x72,0x6b,0x64,0xae,0x35,
-	0x61,0x8d,0x0d,0xcb,0xe7,0xda,0x39,0xca,0xf3,0x21,
-	0x66,0x0b,0x95,0xd7,0x0a,0x7c,0xca,0xa1,0xa9,0x5a,
-	0xe8,0xac,0xe0,0x71,0x54,0xaf,0x28,0xcf,0xd5,0x70,
-	0x89,0xe0,0xf3,0x9e,0x43,0x6c,0x8d,0x7b,0x99,0x01,
-	0x68,0x4d,0xa1,0x45,0x46,0x0c,0x43,0xbc,0xcc,0x2c,
-	0xdd,0xc5,0x46,0xc8,0x4e,0x0e,0xbe,0xed,0xb9,0x26,
-	0xab,0x2e,0xdb,0xeb,0x8f,0xff,0xdb,0xb0,0xc6,0x55,
-	0xaf,0xf8,0x2a,0x91,0x9d,0x50,0x44,0x21,0x17,
-	};
diff --git a/apps/timeouts.h b/apps/timeouts.h
deleted file mode 100644
index 89b5dc76f6..0000000000
--- a/apps/timeouts.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/* apps/timeouts.h */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef INCLUDED_TIMEOUTS_H
-#define INCLUDED_TIMEOUTS_H
-
-/* numbers in us */
-#define DGRAM_RCV_TIMEOUT         250000
-#define DGRAM_SND_TIMEOUT         250000
-
-#endif /* ! INCLUDED_TIMEOUTS_H */
diff --git a/apps/verify.c b/apps/verify.c
deleted file mode 100644
index 893670ff41..0000000000
--- a/apps/verify.c
+++ /dev/null
@@ -1,362 +0,0 @@
-/* apps/verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG	verify_main
-
-static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx, char *file,
-		STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
-		STACK_OF(X509_CRL) *crls, ENGINE *e);
-static int v_verbose=0, vflags = 0;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	int i,ret=1, badarg = 0;
-	char *CApath=NULL,*CAfile=NULL;
-	char *untfile = NULL, *trustfile = NULL, *crlfile = NULL;
-	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
-	STACK_OF(X509_CRL) *crls = NULL;
-	X509_STORE *cert_ctx=NULL;
-	X509_LOOKUP *lookup=NULL;
-	X509_VERIFY_PARAM *vpm = NULL;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-
-	cert_ctx=X509_STORE_new();
-	if (cert_ctx == NULL) goto end;
-	X509_STORE_set_verify_cb(cert_ctx,cb);
-
-	ERR_load_crypto_strings();
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-
-	argc--;
-	argv++;
-	for (;;)
-		{
-		if (argc >= 1)
-			{
-			if (strcmp(*argv,"-CApath") == 0)
-				{
-				if (argc-- < 1) goto end;
-				CApath= *(++argv);
-				}
-			else if (strcmp(*argv,"-CAfile") == 0)
-				{
-				if (argc-- < 1) goto end;
-				CAfile= *(++argv);
-				}
-			else if (args_verify(&argv, &argc, &badarg, bio_err,
-									&vpm))
-				{
-				if (badarg)
-					goto end;
-				continue;
-				}
-			else if (strcmp(*argv,"-untrusted") == 0)
-				{
-				if (argc-- < 1) goto end;
-				untfile= *(++argv);
-				}
-			else if (strcmp(*argv,"-trusted") == 0)
-				{
-				if (argc-- < 1) goto end;
-				trustfile= *(++argv);
-				}
-			else if (strcmp(*argv,"-CRLfile") == 0)
-				{
-				if (argc-- < 1) goto end;
-				crlfile= *(++argv);
-				}
-#ifndef OPENSSL_NO_ENGINE
-			else if (strcmp(*argv,"-engine") == 0)
-				{
-				if (--argc < 1) goto end;
-				engine= *(++argv);
-				}
-#endif
-			else if (strcmp(*argv,"-help") == 0)
-				goto end;
-			else if (strcmp(*argv,"-verbose") == 0)
-				v_verbose=1;
-			else if (argv[0][0] == '-')
-				goto end;
-			else
-				break;
-			argc--;
-			argv++;
-			}
-		else
-			break;
-		}
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
-	if (vpm)
-		X509_STORE_set1_param(cert_ctx, vpm);
-
-	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
-	if (lookup == NULL) abort();
-	if (CAfile) {
-		i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM);
-		if(!i) {
-			BIO_printf(bio_err, "Error loading file %s\n", CAfile);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-		
-	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
-	if (lookup == NULL) abort();
-	if (CApath) {
-		i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM);
-		if(!i) {
-			BIO_printf(bio_err, "Error loading directory %s\n", CApath);
-			ERR_print_errors(bio_err);
-			goto end;
-		}
-	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-
-	ERR_clear_error();
-
-	if(untfile)
-		{
-		untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
-					NULL, e, "untrusted certificates");
-		if(!untrusted)
-			goto end;
-		}
-
-	if(trustfile)
-		{
-		trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
-					NULL, e, "trusted certificates");
-		if(!trusted)
-			goto end;
-		}
-
-	if(crlfile)
-		{
-		crls = load_crls(bio_err, crlfile, FORMAT_PEM,
-					NULL, e, "other CRLs");
-		if(!crls)
-			goto end;
-		}
-
-	ret = 0;
-	if (argc < 1)
-		{ 
-		if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
-			ret = -1;
-		}
-	else
-		{
-		for (i=0; i<argc; i++)
-			if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e))
-				ret = -1;
-		}
-
-end:
-	if (ret == 1) {
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
-		BIO_printf(bio_err," [-attime timestamp]");
-#ifndef OPENSSL_NO_ENGINE
-		BIO_printf(bio_err," [-engine e]");
-#endif
-		BIO_printf(bio_err," cert1 cert2 ...\n");
-
-		BIO_printf(bio_err,"recognized usages:\n");
-		for(i = 0; i < X509_PURPOSE_get_count(); i++)
-			{
-			X509_PURPOSE *ptmp;
-			ptmp = X509_PURPOSE_get0(i);
-			BIO_printf(bio_err, "\t%-10s\t%s\n",
-				   X509_PURPOSE_get0_sname(ptmp),
-				   X509_PURPOSE_get0_name(ptmp));
-			}
-	}
-	if (vpm) X509_VERIFY_PARAM_free(vpm);
-	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
-	sk_X509_pop_free(untrusted, X509_free);
-	sk_X509_pop_free(trusted, X509_free);
-	sk_X509_CRL_pop_free(crls, X509_CRL_free);
-	apps_shutdown();
-	OPENSSL_EXIT(ret < 0 ? 2 : ret);
-	}
-
-static int check(X509_STORE *ctx, char *file,
-		STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
-		STACK_OF(X509_CRL) *crls, ENGINE *e)
-	{
-	X509 *x=NULL;
-	int i=0,ret=0;
-	X509_STORE_CTX *csc;
-
-	x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
-	if (x == NULL)
-		goto end;
-	fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
-
-	csc = X509_STORE_CTX_new();
-	if (csc == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	X509_STORE_set_flags(ctx, vflags);
-	if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
-	if (crls)
-		X509_STORE_CTX_set0_crls(csc, crls);
-	i=X509_verify_cert(csc);
-	X509_STORE_CTX_free(csc);
-
-	ret=0;
-end:
-	if (i > 0)
-		{
-		fprintf(stdout,"OK\n");
-		ret=1;
-		}
-	else
-		ERR_print_errors(bio_err);
-	if (x != NULL) X509_free(x);
-
-	return(ret);
-	}
-
-static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
-	{
-	int cert_error = X509_STORE_CTX_get_error(ctx);
-	X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
-
-	if (!ok)
-		{
-		if (current_cert)
-			{
-			X509_NAME_print_ex_fp(stdout,
-				X509_get_subject_name(current_cert),
-				0, XN_FLAG_ONELINE);
-			printf("\n");
-			}
-		printf("%serror %d at %d depth lookup:%s\n",
-			X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path]" : "",
-			cert_error,
-			X509_STORE_CTX_get_error_depth(ctx),
-			X509_verify_cert_error_string(cert_error));
-		switch(cert_error)
-			{
-			case X509_V_ERR_NO_EXPLICIT_POLICY:
-				policies_print(NULL, ctx);
-			case X509_V_ERR_CERT_HAS_EXPIRED:
-
-			/* since we are just checking the certificates, it is
-			 * ok if they are self signed. But we should still warn
-			 * the user.
-			 */
-
-			case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-			/* Continue after extension errors too */
-			case X509_V_ERR_INVALID_CA:
-			case X509_V_ERR_INVALID_NON_CA:
-			case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-			case X509_V_ERR_INVALID_PURPOSE:
-			case X509_V_ERR_CRL_HAS_EXPIRED:
-			case X509_V_ERR_CRL_NOT_YET_VALID:
-			case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
-			ok = 1;
-
-			}
-
-		return ok;
-
-		}
-	if (cert_error == X509_V_OK && ok == 2)
-		policies_print(NULL, ctx);
-	if (!v_verbose)
-		ERR_clear_error();
-	return(ok);
-	}
diff --git a/apps/version.c b/apps/version.c
deleted file mode 100644
index e9555cbde2..0000000000
--- a/apps/version.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/* apps/version.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/evp.h>
-#include <openssl/crypto.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_MD2
-# include <openssl/md2.h>
-#endif
-#ifndef OPENSSL_NO_RC4
-# include <openssl/rc4.h>
-#endif
-#ifndef OPENSSL_NO_DES
-# include <openssl/des.h>
-#endif
-#ifndef OPENSSL_NO_IDEA
-# include <openssl/idea.h>
-#endif
-#ifndef OPENSSL_NO_BF
-# include <openssl/blowfish.h>
-#endif
-
-#undef PROG
-#define PROG	version_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	int i,ret=0;
-	int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	if (argc == 1) version=1;
-	for (i=1; i<argc; i++)
-		{
-		if (strcmp(argv[i],"-v") == 0)
-			version=1;	
-		else if (strcmp(argv[i],"-b") == 0)
-			date=1;
-		else if (strcmp(argv[i],"-f") == 0)
-			cflags=1;
-		else if (strcmp(argv[i],"-o") == 0)
-			options=1;
-		else if (strcmp(argv[i],"-p") == 0)
-			platform=1;
-		else if (strcmp(argv[i],"-d") == 0)
-			dir=1;
-		else if (strcmp(argv[i],"-a") == 0)
-			date=version=cflags=options=platform=dir=1;
-		else
-			{
-			BIO_printf(bio_err,"usage:version -[avbofpd]\n");
-			ret=1;
-			goto end;
-			}
-		}
-
-	if (version)
-		{
-		if (SSLeay() == SSLEAY_VERSION_NUMBER)
-			{
-			printf("%s\n",SSLeay_version(SSLEAY_VERSION));
-			}
-		else
-			{
-			printf("%s (Library: %s)\n",
-				OPENSSL_VERSION_TEXT,
-				SSLeay_version(SSLEAY_VERSION));
-			}
-		}
-	if (date)    printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
-	if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
-	if (options) 
-		{
-		printf("options:  ");
-		printf("%s ",BN_options());
-#ifndef OPENSSL_NO_MD2
-		printf("%s ",MD2_options());
-#endif
-#ifndef OPENSSL_NO_RC4
-		printf("%s ",RC4_options());
-#endif
-#ifndef OPENSSL_NO_DES
-		printf("%s ",DES_options());
-#endif
-#ifndef OPENSSL_NO_IDEA
-		printf("%s ",idea_options());
-#endif
-#ifndef OPENSSL_NO_BF
-		printf("%s ",BF_options());
-#endif
-		printf("\n");
-		}
-	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
-	if (dir)  printf("%s\n",SSLeay_version(SSLEAY_DIR));
-end:
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
diff --git a/apps/winrand.c b/apps/winrand.c
deleted file mode 100644
index 59bede3d70..0000000000
--- a/apps/winrand.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/* apps/winrand.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Usage: winrand [filename]
- *
- * Collects entropy from mouse movements and other events and writes
- * random data to filename or .rnd
- */
-
-#include <windows.h>
-#include <openssl/opensslv.h>
-#include <openssl/rand.h>
-
-LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
-const char *filename;
-
-int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
-        PSTR cmdline, int iCmdShow)
-	{
-	static char appname[] = "OpenSSL";
-	HWND hwnd;
-	MSG msg;
-	WNDCLASSEX wndclass;
-        char buffer[200];
-
-        if (cmdline[0] == '\0')
-                filename = RAND_file_name(buffer, sizeof buffer);
-        else
-                filename = cmdline;
-
-        RAND_load_file(filename, -1);
-
-	wndclass.cbSize = sizeof(wndclass);
-	wndclass.style = CS_HREDRAW | CS_VREDRAW;
-	wndclass.lpfnWndProc = WndProc;
-	wndclass.cbClsExtra = 0;
-	wndclass.cbWndExtra = 0;
-	wndclass.hInstance = hInstance;
-	wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
-	wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
-	wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
-	wndclass.lpszMenuName = NULL;
-        wndclass.lpszClassName = appname;
-	wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
-	RegisterClassEx(&wndclass);
-
-        hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
-		WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
-		CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL);
-
-	ShowWindow(hwnd, iCmdShow);
-	UpdateWindow(hwnd);
-
-
-	while (GetMessage(&msg, NULL, 0, 0))
-		{
-		TranslateMessage(&msg);
-		DispatchMessage(&msg);
-		}
-
-	return msg.wParam;
-	}
-
-LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
-	{
-        HDC hdc;
-	PAINTSTRUCT ps;
-        RECT rect;
-        static int seeded = 0;
-
-	switch (iMsg)
-		{
-	case WM_PAINT:
-		hdc = BeginPaint(hwnd, &ps);
-		GetClientRect(hwnd, &rect);
-                DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
-			&rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
-		EndPaint(hwnd, &ps);
-		return 0;
-		
-        case WM_DESTROY:
-                PostQuitMessage(0);
-                return 0;
-                }
-
-        if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0)
-                {
-                seeded = 1;
-                if (RAND_write_file(filename) <= 0)
-                        MessageBox(hwnd, "Couldn't write random file!",
-				"OpenSSL", MB_OK | MB_ICONERROR);
-                PostQuitMessage(0);
-                }
-
-	return DefWindowProc(hwnd, iMsg, wParam, lParam);
-	}
diff --git a/apps/x509.c b/apps/x509.c
deleted file mode 100644
index 3863ab968d..0000000000
--- a/apps/x509.c
+++ /dev/null
@@ -1,1310 +0,0 @@
-/* apps/x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-#include <openssl/pem.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#undef PROG
-#define PROG x509_main
-
-#undef POSTFIX
-#define	POSTFIX	".srl"
-#define DEF_DAYS	30
-
-static const char *x509_usage[]={
-"usage: x509 args\n",
-" -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
-" -outform arg    - output format - default PEM (one of DER, NET or PEM)\n",
-" -keyform arg    - private key format - default PEM\n",
-" -CAform arg     - CA format - default PEM\n",
-" -CAkeyform arg  - CA key format - default PEM\n",
-" -in arg         - input file - default stdin\n",
-" -out arg        - output file - default stdout\n",
-" -passin arg     - private key password source\n",
-" -serial         - print serial number value\n",
-" -subject_hash   - print subject hash value\n",
-#ifndef OPENSSL_NO_MD5
-" -subject_hash_old   - print old-style (MD5) subject hash value\n",
-#endif
-" -issuer_hash    - print issuer hash value\n",
-#ifndef OPENSSL_NO_MD5
-" -issuer_hash_old    - print old-style (MD5) issuer hash value\n",
-#endif
-" -hash           - synonym for -subject_hash\n",
-" -subject        - print subject DN\n",
-" -issuer         - print issuer DN\n",
-" -email          - print email address(es)\n",
-" -startdate      - notBefore field\n",
-" -enddate        - notAfter field\n",
-" -purpose        - print out certificate purposes\n",
-" -dates          - both Before and After dates\n",
-" -modulus        - print the RSA key modulus\n",
-" -pubkey         - output the public key\n",
-" -fingerprint    - print the certificate fingerprint\n",
-" -alias          - output certificate alias\n",
-" -noout          - no certificate output\n",
-" -ocspid         - print OCSP hash values for the subject name and public key\n",
-" -ocsp_uri       - print OCSP Responder URL(s)\n",
-" -trustout       - output a \"trusted\" certificate\n",
-" -clrtrust       - clear all trusted purposes\n",
-" -clrreject      - clear all rejected purposes\n",
-" -addtrust arg   - trust certificate for a given purpose\n",
-" -addreject arg  - reject certificate for a given purpose\n",
-" -setalias arg   - set certificate alias\n",
-" -days arg       - How long till expiry of a signed certificate - def 30 days\n",
-" -checkend arg   - check whether the cert expires in the next arg seconds\n",
-"                   exit 1 if so, 0 if not\n",
-" -signkey arg    - self sign cert with arg\n",
-" -x509toreq      - output a certification request object\n",
-" -req            - input is a certificate request, sign and output.\n",
-" -CA arg         - set the CA certificate, must be PEM format.\n",
-" -CAkey arg      - set the CA key, must be PEM format\n",
-"                   missing, it is assumed to be in the CA file.\n",
-" -CAcreateserial - create serial number file if it does not exist\n",
-" -CAserial arg   - serial file\n",
-" -set_serial     - serial number to use\n",
-" -text           - print the certificate in text form\n",
-" -C              - print out C code forms\n",
-" -md2/-md5/-sha1/-mdc2 - digest to use\n",
-" -extfile        - configuration file with X509V3 extensions to add\n",
-" -extensions     - section from config file with X509V3 extensions to add\n",
-" -clrext         - delete extensions before signing and input certificate\n",
-" -nameopt arg    - various certificate name options\n",
-#ifndef OPENSSL_NO_ENGINE
-" -engine e       - use engine e, possibly a hardware device.\n",
-#endif
-" -certopt arg    - various certificate text options\n",
-NULL
-};
-
-static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
-static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
-						CONF *conf, char *section);
-static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
-			 X509 *x,X509 *xca,EVP_PKEY *pkey,
-			 STACK_OF(OPENSSL_STRING) *sigopts,
-			 char *serial, int create ,int days, int clrext,
-			 CONF *conf, char *section, ASN1_INTEGER *sno);
-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
-static int reqfile=0;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-	{
-	ENGINE *e = NULL;
-	int ret=1;
-	X509_REQ *req=NULL;
-	X509 *x=NULL,*xca=NULL;
-	ASN1_OBJECT *objtmp;
-	STACK_OF(OPENSSL_STRING) *sigopts = NULL;
-	EVP_PKEY *Upkey=NULL,*CApkey=NULL;
-	ASN1_INTEGER *sno = NULL;
-	int i,num,badops=0;
-	BIO *out=NULL;
-	BIO *STDout=NULL;
-	STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
-	int informat,outformat,keyformat,CAformat,CAkeyformat;
-	char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
-	char *CAkeyfile=NULL,*CAserial=NULL;
-	char *alias=NULL;
-	int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
-	int next_serial=0;
-	int subject_hash=0,issuer_hash=0,ocspid=0;
-#ifndef OPENSSL_NO_MD5
-	int subject_hash_old=0,issuer_hash_old=0;
-#endif
-	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
-	int ocsp_uri=0;
-	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
-	int C=0;
-	int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
-	int pprint = 0;
-	const char **pp;
-	X509_STORE *ctx=NULL;
-	X509_REQ *rq=NULL;
-	int fingerprint=0;
-	char buf[256];
-	const EVP_MD *md_alg,*digest=NULL;
-	CONF *extconf = NULL;
-	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
-	int need_rand = 0;
-	int checkend=0,checkoffset=0;
-	unsigned long nmflag = 0, certflag = 0;
-#ifndef OPENSSL_NO_ENGINE
-	char *engine=NULL;
-#endif
-
-	reqfile=0;
-
-	apps_startup();
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-	if (!load_config(bio_err, NULL))
-		goto end;
-	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-	{
-	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-	STDout = BIO_push(tmpbio, STDout);
-	}
-#endif
-
-	informat=FORMAT_PEM;
-	outformat=FORMAT_PEM;
-	keyformat=FORMAT_PEM;
-	CAformat=FORMAT_PEM;
-	CAkeyformat=FORMAT_PEM;
-
-	ctx=X509_STORE_new();
-	if (ctx == NULL) goto end;
-	X509_STORE_set_verify_cb(ctx,callb);
-
-	argc--;
-	argv++;
-	num=0;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-inform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			informat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-outform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-keyform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-req") == 0)
-			{
-			reqfile=1;
-			need_rand = 1;
-			}
-		else if (strcmp(*argv,"-CAform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-CAkeyform") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAkeyformat=str2fmt(*(++argv));
-			}
-		else if (strcmp(*argv,"-sigopt") == 0)
-			{
-			if (--argc < 1)
-				goto bad;
-			if (!sigopts)
-				sigopts = sk_OPENSSL_STRING_new_null();
-			if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
-				goto bad;
-			}
-		else if (strcmp(*argv,"-days") == 0)
-			{
-			if (--argc < 1) goto bad;
-			days=atoi(*(++argv));
-			if (days == 0)
-				{
-				BIO_printf(bio_err,"bad number of days\n");
-				goto bad;
-				}
-			}
-		else if (strcmp(*argv,"-passin") == 0)
-			{
-			if (--argc < 1) goto bad;
-			passargin= *(++argv);
-			}
-		else if (strcmp(*argv,"-extfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			extfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-extensions") == 0)
-			{
-			if (--argc < 1) goto bad;
-			extsect= *(++argv);
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-signkey") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keyfile= *(++argv);
-			sign_flag= ++num;
-			need_rand = 1;
-			}
-		else if (strcmp(*argv,"-CA") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAfile= *(++argv);
-			CA_flag= ++num;
-			need_rand = 1;
-			}
-		else if (strcmp(*argv,"-CAkey") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAkeyfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-CAserial") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAserial= *(++argv);
-			}
-		else if (strcmp(*argv,"-set_serial") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
-				goto bad;
-			}
-		else if (strcmp(*argv,"-addtrust") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
-				{
-				BIO_printf(bio_err,
-					"Invalid trust object value %s\n", *argv);
-				goto bad;
-				}
-			if (!trust) trust = sk_ASN1_OBJECT_new_null();
-			sk_ASN1_OBJECT_push(trust, objtmp);
-			trustout = 1;
-			}
-		else if (strcmp(*argv,"-addreject") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
-				{
-				BIO_printf(bio_err,
-					"Invalid reject object value %s\n", *argv);
-				goto bad;
-				}
-			if (!reject) reject = sk_ASN1_OBJECT_new_null();
-			sk_ASN1_OBJECT_push(reject, objtmp);
-			trustout = 1;
-			}
-		else if (strcmp(*argv,"-setalias") == 0)
-			{
-			if (--argc < 1) goto bad;
-			alias= *(++argv);
-			trustout = 1;
-			}
-		else if (strcmp(*argv,"-certopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_cert_ex(&certflag, *(++argv))) goto bad;
-			}
-		else if (strcmp(*argv,"-nameopt") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
-			}
-#ifndef OPENSSL_NO_ENGINE
-		else if (strcmp(*argv,"-engine") == 0)
-			{
-			if (--argc < 1) goto bad;
-			engine= *(++argv);
-			}
-#endif
-		else if (strcmp(*argv,"-C") == 0)
-			C= ++num;
-		else if (strcmp(*argv,"-email") == 0)
-			email= ++num;
-		else if (strcmp(*argv,"-ocsp_uri") == 0)
-			ocsp_uri= ++num;
-		else if (strcmp(*argv,"-serial") == 0)
-			serial= ++num;
-		else if (strcmp(*argv,"-next_serial") == 0)
-			next_serial= ++num;
-		else if (strcmp(*argv,"-modulus") == 0)
-			modulus= ++num;
-		else if (strcmp(*argv,"-pubkey") == 0)
-			pubkey= ++num;
-		else if (strcmp(*argv,"-x509toreq") == 0)
-			x509req= ++num;
-		else if (strcmp(*argv,"-text") == 0)
-			text= ++num;
-		else if (strcmp(*argv,"-hash") == 0
-			|| strcmp(*argv,"-subject_hash") == 0)
-			subject_hash= ++num;
-#ifndef OPENSSL_NO_MD5
-		else if (strcmp(*argv,"-subject_hash_old") == 0)
-			subject_hash_old= ++num;
-#endif
-		else if (strcmp(*argv,"-issuer_hash") == 0)
-			issuer_hash= ++num;
-#ifndef OPENSSL_NO_MD5
-		else if (strcmp(*argv,"-issuer_hash_old") == 0)
-			issuer_hash_old= ++num;
-#endif
-		else if (strcmp(*argv,"-subject") == 0)
-			subject= ++num;
-		else if (strcmp(*argv,"-issuer") == 0)
-			issuer= ++num;
-		else if (strcmp(*argv,"-fingerprint") == 0)
-			fingerprint= ++num;
-		else if (strcmp(*argv,"-dates") == 0)
-			{
-			startdate= ++num;
-			enddate= ++num;
-			}
-		else if (strcmp(*argv,"-purpose") == 0)
-			pprint= ++num;
-		else if (strcmp(*argv,"-startdate") == 0)
-			startdate= ++num;
-		else if (strcmp(*argv,"-enddate") == 0)
-			enddate= ++num;
-		else if (strcmp(*argv,"-checkend") == 0)
-			{
-			if (--argc < 1) goto bad;
-			checkoffset=atoi(*(++argv));
-			checkend=1;
-			}
-		else if (strcmp(*argv,"-noout") == 0)
-			noout= ++num;
-		else if (strcmp(*argv,"-trustout") == 0)
-			trustout= 1;
-		else if (strcmp(*argv,"-clrtrust") == 0)
-			clrtrust= ++num;
-		else if (strcmp(*argv,"-clrreject") == 0)
-			clrreject= ++num;
-		else if (strcmp(*argv,"-alias") == 0)
-			aliasout= ++num;
-		else if (strcmp(*argv,"-CAcreateserial") == 0)
-			CA_createserial= ++num;
-		else if (strcmp(*argv,"-clrext") == 0)
-			clrext = 1;
-#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
-		else if (strcmp(*argv,"-crlext") == 0)
-			{
-			BIO_printf(bio_err,"use -clrext instead of -crlext\n");
-			clrext = 1;
-			}
-#endif
-		else if (strcmp(*argv,"-ocspid") == 0)
-			ocspid= ++num;
-		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
-			{
-			/* ok */
-			digest=md_alg;
-			}
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		for (pp=x509_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,"%s",*pp);
-		goto end;
-		}
-
-#ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
-#endif
-
-	if (need_rand)
-		app_RAND_load_file(NULL, bio_err, 0);
-
-	ERR_load_crypto_strings();
-
-	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
-		{
-		BIO_printf(bio_err, "Error getting password\n");
-		goto end;
-		}
-
-	if (!X509_STORE_set_default_paths(ctx))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
-		{ CAkeyfile=CAfile; }
-	else if ((CA_flag) && (CAkeyfile == NULL))
-		{
-		BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n");
-		goto end;
-		}
-
-	if (extfile)
-		{
-		long errorline = -1;
-		X509V3_CTX ctx2;
-		extconf = NCONF_new(NULL);
-		if (!NCONF_load(extconf, extfile,&errorline))
-			{
-			if (errorline <= 0)
-				BIO_printf(bio_err,
-					"error loading the config file '%s'\n",
-								extfile);
-                	else
-                        	BIO_printf(bio_err,
-				       "error on line %ld of config file '%s'\n"
-							,errorline,extfile);
-			goto end;
-			}
-		if (!extsect)
-			{
-			extsect = NCONF_get_string(extconf, "default", "extensions");
-			if (!extsect)
-				{
-				ERR_clear_error();
-				extsect = "default";
-				}
-			}
-		X509V3_set_ctx_test(&ctx2);
-		X509V3_set_nconf(&ctx2, extconf);
-		if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
-			{
-			BIO_printf(bio_err,
-				"Error Loading extension section %s\n",
-								 extsect);
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-
-
-	if (reqfile)
-		{
-		EVP_PKEY *pkey;
-		BIO *in;
-
-		if (!sign_flag && !CA_flag)
-			{
-			BIO_printf(bio_err,"We need a private key to sign with\n");
-			goto end;
-			}
-		in=BIO_new(BIO_s_file());
-		if (in == NULL)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-		if (infile == NULL)
-			BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
-		else
-			{
-			if (BIO_read_filename(in,infile) <= 0)
-				{
-				perror(infile);
-				BIO_free(in);
-				goto end;
-				}
-			}
-		req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
-		BIO_free(in);
-
-		if (req == NULL)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-
-		if (	(req->req_info == NULL) ||
-			(req->req_info->pubkey == NULL) ||
-			(req->req_info->pubkey->public_key == NULL) ||
-			(req->req_info->pubkey->public_key->data == NULL))
-			{
-			BIO_printf(bio_err,"The certificate request appears to corrupted\n");
-			BIO_printf(bio_err,"It does not contain a public key\n");
-			goto end;
-			}
-		if ((pkey=X509_REQ_get_pubkey(req)) == NULL)
-	                {
-	                BIO_printf(bio_err,"error unpacking public key\n");
-	                goto end;
-	                }
-		i=X509_REQ_verify(req,pkey);
-		EVP_PKEY_free(pkey);
-		if (i < 0)
-			{
-			BIO_printf(bio_err,"Signature verification error\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-	        if (i == 0)
-			{
-			BIO_printf(bio_err,"Signature did not match the certificate request\n");
-			goto end;
-			}
-		else
-			BIO_printf(bio_err,"Signature ok\n");
-
-		print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
-
-		if ((x=X509_new()) == NULL) goto end;
-
-		if (sno == NULL)
-			{
-			sno = ASN1_INTEGER_new();
-			if (!sno || !rand_serial(NULL, sno))
-				goto end;
-			if (!X509_set_serialNumber(x, sno)) 
-				goto end;
-			ASN1_INTEGER_free(sno);
-			sno = NULL;
-			}
-		else if (!X509_set_serialNumber(x, sno)) 
-			goto end;
-
-		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
-		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
-
-		X509_gmtime_adj(X509_get_notBefore(x),0);
-	        X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL);
-
-		pkey = X509_REQ_get_pubkey(req);
-		X509_set_pubkey(x,pkey);
-		EVP_PKEY_free(pkey);
-		}
-	else
-		x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
-
-	if (x == NULL) goto end;
-	if (CA_flag)
-		{
-		xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
-		if (xca == NULL) goto end;
-		}
-
-	if (!noout || text || next_serial)
-		{
-		OBJ_create("2.99999.3",
-			"SET.ex3","SET x509v3 extension 3");
-
-		out=BIO_new(BIO_s_file());
-		if (out == NULL)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		if (outfile == NULL)
-			{
-			BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
-			{
-			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
-			out = BIO_push(tmpbio, out);
-			}
-#endif
-			}
-		else
-			{
-			if (BIO_write_filename(out,outfile) <= 0)
-				{
-				perror(outfile);
-				goto end;
-				}
-			}
-		}
-
-	if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
-
-	if (clrtrust) X509_trust_clear(x);
-	if (clrreject) X509_reject_clear(x);
-
-	if (trust)
-		{
-		for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
-			{
-			objtmp = sk_ASN1_OBJECT_value(trust, i);
-			X509_add1_trust_object(x, objtmp);
-			}
-		}
-
-	if (reject)
-		{
-		for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
-			{
-			objtmp = sk_ASN1_OBJECT_value(reject, i);
-			X509_add1_reject_object(x, objtmp);
-			}
-		}
-
-	if (num)
-		{
-		for (i=1; i<=num; i++)
-			{
-			if (issuer == i)
-				{
-				print_name(STDout, "issuer= ",
-					X509_get_issuer_name(x), nmflag);
-				}
-			else if (subject == i) 
-				{
-				print_name(STDout, "subject= ",
-					X509_get_subject_name(x), nmflag);
-				}
-			else if (serial == i)
-				{
-				BIO_printf(STDout,"serial=");
-				i2a_ASN1_INTEGER(STDout,
-					X509_get_serialNumber(x));
-				BIO_printf(STDout,"\n");
-				}
-			else if (next_serial == i)
-				{
-				BIGNUM *bnser;
-				ASN1_INTEGER *ser;
-				ser = X509_get_serialNumber(x);
-				bnser = ASN1_INTEGER_to_BN(ser, NULL);
-				if (!bnser)
-					goto end;
-				if (!BN_add_word(bnser, 1))
-					goto end;
-				ser = BN_to_ASN1_INTEGER(bnser, NULL);
-				if (!ser)
-					goto end;
-				BN_free(bnser);
-				i2a_ASN1_INTEGER(out, ser);
-				ASN1_INTEGER_free(ser);
-				BIO_puts(out, "\n");
-				}
-			else if ((email == i) || (ocsp_uri == i))
-				{
-				int j;
-				STACK_OF(OPENSSL_STRING) *emlst;
-				if (email == i)
-					emlst = X509_get1_email(x);
-				else
-					emlst = X509_get1_ocsp(x);
-				for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
-					BIO_printf(STDout, "%s\n",
-						   sk_OPENSSL_STRING_value(emlst, j));
-				X509_email_free(emlst);
-				}
-			else if (aliasout == i)
-				{
-				unsigned char *alstr;
-				alstr = X509_alias_get0(x, NULL);
-				if (alstr) BIO_printf(STDout,"%s\n", alstr);
-				else BIO_puts(STDout,"<No Alias>\n");
-				}
-			else if (subject_hash == i)
-				{
-				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
-				}
-#ifndef OPENSSL_NO_MD5
-			else if (subject_hash_old == i)
-				{
-				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash_old(x));
-				}
-#endif
-			else if (issuer_hash == i)
-				{
-				BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
-				}
-#ifndef OPENSSL_NO_MD5
-			else if (issuer_hash_old == i)
-				{
-				BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash_old(x));
-				}
-#endif
-			else if (pprint == i)
-				{
-				X509_PURPOSE *ptmp;
-				int j;
-				BIO_printf(STDout, "Certificate purposes:\n");
-				for (j = 0; j < X509_PURPOSE_get_count(); j++)
-					{
-					ptmp = X509_PURPOSE_get0(j);
-					purpose_print(STDout, x, ptmp);
-					}
-				}
-			else
-				if (modulus == i)
-				{
-				EVP_PKEY *pkey;
-
-				pkey=X509_get_pubkey(x);
-				if (pkey == NULL)
-					{
-					BIO_printf(bio_err,"Modulus=unavailable\n");
-					ERR_print_errors(bio_err);
-					goto end;
-					}
-				BIO_printf(STDout,"Modulus=");
-#ifndef OPENSSL_NO_RSA
-				if (pkey->type == EVP_PKEY_RSA)
-					BN_print(STDout,pkey->pkey.rsa->n);
-				else
-#endif
-#ifndef OPENSSL_NO_DSA
-				if (pkey->type == EVP_PKEY_DSA)
-					BN_print(STDout,pkey->pkey.dsa->pub_key);
-				else
-#endif
-					BIO_printf(STDout,"Wrong Algorithm type");
-				BIO_printf(STDout,"\n");
-				EVP_PKEY_free(pkey);
-				}
-			else
-				if (pubkey == i)
-				{
-				EVP_PKEY *pkey;
-
-				pkey=X509_get_pubkey(x);
-				if (pkey == NULL)
-					{
-					BIO_printf(bio_err,"Error getting public key\n");
-					ERR_print_errors(bio_err);
-					goto end;
-					}
-				PEM_write_bio_PUBKEY(STDout, pkey);
-				EVP_PKEY_free(pkey);
-				}
-			else
-				if (C == i)
-				{
-				unsigned char *d;
-				char *m;
-				int y,z;
-
-				X509_NAME_oneline(X509_get_subject_name(x),
-					buf,sizeof buf);
-				BIO_printf(STDout,"/* subject:%s */\n",buf);
-				m=X509_NAME_oneline(
-					X509_get_issuer_name(x),buf,
-					sizeof buf);
-				BIO_printf(STDout,"/* issuer :%s */\n",buf);
-
-				z=i2d_X509(x,NULL);
-				m=OPENSSL_malloc(z);
-
-				d=(unsigned char *)m;
-				z=i2d_X509_NAME(X509_get_subject_name(x),&d);
-				BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z);
-				d=(unsigned char *)m;
-				for (y=0; y<z; y++)
-					{
-					BIO_printf(STDout,"0x%02X,",d[y]);
-					if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n");
-					}
-				if (y%16 != 0) BIO_printf(STDout,"\n");
-				BIO_printf(STDout,"};\n");
-
-				z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);
-				BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z);
-				d=(unsigned char *)m;
-				for (y=0; y<z; y++)
-					{
-					BIO_printf(STDout,"0x%02X,",d[y]);
-					if ((y & 0x0f) == 0x0f)
-						BIO_printf(STDout,"\n");
-					}
-				if (y%16 != 0) BIO_printf(STDout,"\n");
-				BIO_printf(STDout,"};\n");
-
-				z=i2d_X509(x,&d);
-				BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z);
-				d=(unsigned char *)m;
-				for (y=0; y<z; y++)
-					{
-					BIO_printf(STDout,"0x%02X,",d[y]);
-					if ((y & 0x0f) == 0x0f)
-						BIO_printf(STDout,"\n");
-					}
-				if (y%16 != 0) BIO_printf(STDout,"\n");
-				BIO_printf(STDout,"};\n");
-
-				OPENSSL_free(m);
-				}
-			else if (text == i)
-				{
-				X509_print_ex(STDout,x,nmflag, certflag);
-				}
-			else if (startdate == i)
-				{
-				BIO_puts(STDout,"notBefore=");
-				ASN1_TIME_print(STDout,X509_get_notBefore(x));
-				BIO_puts(STDout,"\n");
-				}
-			else if (enddate == i)
-				{
-				BIO_puts(STDout,"notAfter=");
-				ASN1_TIME_print(STDout,X509_get_notAfter(x));
-				BIO_puts(STDout,"\n");
-				}
-			else if (fingerprint == i)
-				{
-				int j;
-				unsigned int n;
-				unsigned char md[EVP_MAX_MD_SIZE];
-				const EVP_MD *fdig = digest;
-
-				if (!fdig)
-					fdig = EVP_sha1();
-
-				if (!X509_digest(x,fdig,md,&n))
-					{
-					BIO_printf(bio_err,"out of memory\n");
-					goto end;
-					}
-				BIO_printf(STDout,"%s Fingerprint=",
-						OBJ_nid2sn(EVP_MD_type(fdig)));
-				for (j=0; j<(int)n; j++)
-					{
-					BIO_printf(STDout,"%02X%c",md[j],
-						(j+1 == (int)n)
-						?'\n':':');
-					}
-				}
-
-			/* should be in the library */
-			else if ((sign_flag == i) && (x509req == 0))
-				{
-				BIO_printf(bio_err,"Getting Private key\n");
-				if (Upkey == NULL)
-					{
-					Upkey=load_key(bio_err,
-						keyfile, keyformat, 0,
-						passin, e, "Private key");
-					if (Upkey == NULL) goto end;
-					}
-
-				assert(need_rand);
-				if (!sign(x,Upkey,days,clrext,digest,
-						 extconf, extsect)) goto end;
-				}
-			else if (CA_flag == i)
-				{
-				BIO_printf(bio_err,"Getting CA Private Key\n");
-				if (CAkeyfile != NULL)
-					{
-					CApkey=load_key(bio_err,
-						CAkeyfile, CAkeyformat,
-						0, passin, e,
-						"CA Private Key");
-					if (CApkey == NULL) goto end;
-					}
-				
-				assert(need_rand);
-				if (!x509_certify(ctx,CAfile,digest,x,xca,
-					CApkey, sigopts,
-					CAserial,CA_createserial,days, clrext,
-					extconf, extsect, sno))
-					goto end;
-				}
-			else if (x509req == i)
-				{
-				EVP_PKEY *pk;
-
-				BIO_printf(bio_err,"Getting request Private Key\n");
-				if (keyfile == NULL)
-					{
-					BIO_printf(bio_err,"no request key file specified\n");
-					goto end;
-					}
-				else
-					{
-					pk=load_key(bio_err,
-						keyfile, keyformat, 0,
-						passin, e, "request key");
-					if (pk == NULL) goto end;
-					}
-
-				BIO_printf(bio_err,"Generating certificate request\n");
-
-				rq=X509_to_X509_REQ(x,pk,digest);
-				EVP_PKEY_free(pk);
-				if (rq == NULL)
-					{
-					ERR_print_errors(bio_err);
-					goto end;
-					}
-				if (!noout)
-					{
-					X509_REQ_print(out,rq);
-					PEM_write_bio_X509_REQ(out,rq);
-					}
-				noout=1;
-				}
-			else if (ocspid == i)
-				{
-				X509_ocspid_print(out, x);
-				}
-			}
-		}
-
-	if (checkend)
-		{
-		time_t tcheck=time(NULL) + checkoffset;
-
-		if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0)
-			{
-			BIO_printf(out,"Certificate will expire\n");
-			ret=1;
-			}
-		else
-			{
-			BIO_printf(out,"Certificate will not expire\n");
-			ret=0;
-			}
-		goto end;
-		}
-
-	if (noout)
-		{
-		ret=0;
-		goto end;
-		}
-
-	if 	(outformat == FORMAT_ASN1)
-		i=i2d_X509_bio(out,x);
-	else if (outformat == FORMAT_PEM)
-		{
-		if (trustout) i=PEM_write_bio_X509_AUX(out,x);
-		else i=PEM_write_bio_X509(out,x);
-		}
-	else if (outformat == FORMAT_NETSCAPE)
-		{
-		NETSCAPE_X509 nx;
-		ASN1_OCTET_STRING hdr;
-
-		hdr.data=(unsigned char *)NETSCAPE_CERT_HDR;
-		hdr.length=strlen(NETSCAPE_CERT_HDR);
-		nx.header= &hdr;
-		nx.cert=x;
-
-		i=ASN1_item_i2d_bio(ASN1_ITEM_rptr(NETSCAPE_X509),out,&nx);
-		}
-	else	{
-		BIO_printf(bio_err,"bad output format specified for outfile\n");
-		goto end;
-		}
-	if (!i)
-		{
-		BIO_printf(bio_err,"unable to write certificate\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	ret=0;
-end:
-	if (need_rand)
-		app_RAND_write_file(NULL, bio_err);
-	OBJ_cleanup();
-	NCONF_free(extconf);
-	BIO_free_all(out);
-	BIO_free_all(STDout);
-	X509_STORE_free(ctx);
-	X509_REQ_free(req);
-	X509_free(x);
-	X509_free(xca);
-	EVP_PKEY_free(Upkey);
-	EVP_PKEY_free(CApkey);
-	if (sigopts)
-		sk_OPENSSL_STRING_free(sigopts);
-	X509_REQ_free(rq);
-	ASN1_INTEGER_free(sno);
-	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
-	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
-	if (passin) OPENSSL_free(passin);
-	apps_shutdown();
-	OPENSSL_EXIT(ret);
-	}
-
-static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
-	{
-	char *buf = NULL, *p;
-	ASN1_INTEGER *bs = NULL;
-	BIGNUM *serial = NULL;
-	size_t len;
-
-	len = ((serialfile == NULL)
-		?(strlen(CAfile)+strlen(POSTFIX)+1)
-		:(strlen(serialfile)))+1;
-	buf=OPENSSL_malloc(len);
-	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
-	if (serialfile == NULL)
-		{
-		BUF_strlcpy(buf,CAfile,len);
-		for (p=buf; *p; p++)
-			if (*p == '.')
-				{
-				*p='\0';
-				break;
-				}
-		BUF_strlcat(buf,POSTFIX,len);
-		}
-	else
-		BUF_strlcpy(buf,serialfile,len);
-
-	serial = load_serial(buf, create, NULL);
-	if (serial == NULL) goto end;
-
-	if (!BN_add_word(serial,1))
-		{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
-
-	if (!save_serial(buf, NULL, serial, &bs)) goto end;
-
- end:
-	if (buf) OPENSSL_free(buf);
-	BN_free(serial);
-	return bs;
-	}
-
-static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
-	     		X509 *x, X509 *xca, EVP_PKEY *pkey,
-			STACK_OF(OPENSSL_STRING) *sigopts,
-	  		char *serialfile, int create,
-	     		int days, int clrext, CONF *conf, char *section,
-			ASN1_INTEGER *sno)
-	{
-	int ret=0;
-	ASN1_INTEGER *bs=NULL;
-	X509_STORE_CTX xsc;
-	EVP_PKEY *upkey;
-
-	upkey = X509_get_pubkey(xca);
-	EVP_PKEY_copy_parameters(upkey,pkey);
-	EVP_PKEY_free(upkey);
-
-	if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
-		{
-		BIO_printf(bio_err,"Error initialising X509 store\n");
-		goto end;
-		}
-	if (sno) bs = sno;
-	else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
-		goto end;
-
-/*	if (!X509_STORE_add_cert(ctx,x)) goto end;*/
-
-	/* NOTE: this certificate can/should be self signed, unless it was
-	 * a certificate request in which case it is not. */
-	X509_STORE_CTX_set_cert(&xsc,x);
-	X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
-	if (!reqfile && X509_verify_cert(&xsc) <= 0)
-		goto end;
-
-	if (!X509_check_private_key(xca,pkey))
-		{
-		BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
-		goto end;
-		}
-
-	if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
-	if (!X509_set_serialNumber(x,bs)) goto end;
-
-	if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL)
-		goto end;
-
-	/* hardwired expired */
-	if (X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL) == NULL)
-		goto end;
-
-	if (clrext)
-		{
-		while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
-		}
-
-	if (conf)
-		{
-		X509V3_CTX ctx2;
-		X509_set_version(x,2); /* version 3 certificate */
-                X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
-                X509V3_set_nconf(&ctx2, conf);
-                if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
-		}
-
-	if (!do_X509_sign(bio_err, x, pkey, digest, sigopts))
-		goto end;
-	ret=1;
-end:
-	X509_STORE_CTX_cleanup(&xsc);
-	if (!ret)
-		ERR_print_errors(bio_err);
-	if (!sno) ASN1_INTEGER_free(bs);
-	return ret;
-	}
-
-static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
-	{
-	int err;
-	X509 *err_cert;
-
-	/* it is ok to use a self signed certificate
-	 * This case will catch both the initial ok == 0 and the
-	 * final ok == 1 calls to this function */
-	err=X509_STORE_CTX_get_error(ctx);
-	if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
-		return 1;
-
-	/* BAD we should have gotten an error.  Normally if everything
-	 * worked X509_STORE_CTX_get_error(ctx) will still be set to
-	 * DEPTH_ZERO_SELF_.... */
-	if (ok)
-		{
-		BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
-		return 0;
-		}
-	else
-		{
-		err_cert=X509_STORE_CTX_get_current_cert(ctx);
-		print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
-		BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
-			err,X509_STORE_CTX_get_error_depth(ctx),
-			X509_verify_cert_error_string(err));
-		return 1;
-		}
-	}
-
-/* self sign */
-static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, 
-						CONF *conf, char *section)
-	{
-
-	EVP_PKEY *pktmp;
-
-	pktmp = X509_get_pubkey(x);
-	EVP_PKEY_copy_parameters(pktmp,pkey);
-	EVP_PKEY_save_parameters(pktmp,1);
-	EVP_PKEY_free(pktmp);
-
-	if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
-	if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
-
-	/* Lets just make it 12:00am GMT, Jan 1 1970 */
-	/* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
-	/* 28 days to be certified */
-
-	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
-		goto err;
-
-	if (!X509_set_pubkey(x,pkey)) goto err;
-	if (clrext)
-		{
-		while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
-		}
-	if (conf)
-		{
-		X509V3_CTX ctx;
-		X509_set_version(x,2); /* version 3 certificate */
-                X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
-                X509V3_set_nconf(&ctx, conf);
-                if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
-		}
-	if (!X509_sign(x,pkey,digest)) goto err;
-	return 1;
-err:
-	ERR_print_errors(bio_err);
-	return 0;
-	}
-
-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
-{
-	int id, i, idret;
-	char *pname;
-	id = X509_PURPOSE_get_id(pt);
-	pname = X509_PURPOSE_get0_name(pt);
-	for (i = 0; i < 2; i++)
-		{
-		idret = X509_check_purpose(cert, id, i);
-		BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); 
-		if (idret == 1) BIO_printf(bio, "Yes\n");
-		else if (idret == 0) BIO_printf(bio, "No\n");
-		else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
-		}
-	return 1;
-}
diff --git a/build-config-32.mk b/build-config-32.mk
deleted file mode 100644
index cb5aea96f5..0000000000
--- a/build-config-32.mk
+++ /dev/null
@@ -1,66 +0,0 @@
-# Auto-generated - DO NOT EDIT!
-# To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
-#
-openssl_cflags_32 := \
-  -DOPENSSL_THREADS \
-  -D_REENTRANT \
-  -DDSO_DLFCN \
-  -DHAVE_DLFCN_H \
-  -DL_ENDIAN \
-  -DTERMIO \
-  -DOPENSSL_NO_CAMELLIA \
-  -DOPENSSL_NO_CAPIENG \
-  -DOPENSSL_NO_CAST \
-  -DOPENSSL_NO_DTLS1 \
-  -DOPENSSL_NO_EC_NISTP_64_GCC_128 \
-  -DOPENSSL_NO_GMP \
-  -DOPENSSL_NO_GOST \
-  -DOPENSSL_NO_HEARTBEATS \
-  -DOPENSSL_NO_IDEA \
-  -DOPENSSL_NO_JPAKE \
-  -DOPENSSL_NO_MD2 \
-  -DOPENSSL_NO_MDC2 \
-  -DOPENSSL_NO_RC5 \
-  -DOPENSSL_NO_RDRAND \
-  -DOPENSSL_NO_RFC3779 \
-  -DOPENSSL_NO_RIPEMD \
-  -DOPENSSL_NO_RSAX \
-  -DOPENSSL_NO_SCTP \
-  -DOPENSSL_NO_SEED \
-  -DOPENSSL_NO_SHA0 \
-  -DOPENSSL_NO_STATIC_ENGINE \
-  -DOPENSSL_NO_STORE \
-  -DOPENSSL_NO_UNIT_TEST \
-  -DOPENSSL_NO_WHIRLPOOL \
-
-openssl_cflags_static_32 := \
-  -DOPENSSL_THREADS \
-  -D_REENTRANT \
-  -DL_ENDIAN \
-  -DTERMIO \
-  -DOPENSSL_NO_CAMELLIA \
-  -DOPENSSL_NO_CAPIENG \
-  -DOPENSSL_NO_CAST \
-  -DOPENSSL_NO_DTLS1 \
-  -DOPENSSL_NO_EC_NISTP_64_GCC_128 \
-  -DOPENSSL_NO_GMP \
-  -DOPENSSL_NO_GOST \
-  -DOPENSSL_NO_HEARTBEATS \
-  -DOPENSSL_NO_IDEA \
-  -DOPENSSL_NO_JPAKE \
-  -DOPENSSL_NO_MD2 \
-  -DOPENSSL_NO_MDC2 \
-  -DOPENSSL_NO_RC5 \
-  -DOPENSSL_NO_RDRAND \
-  -DOPENSSL_NO_RFC3779 \
-  -DOPENSSL_NO_RIPEMD \
-  -DOPENSSL_NO_RSAX \
-  -DOPENSSL_NO_SCTP \
-  -DOPENSSL_NO_SEED \
-  -DOPENSSL_NO_SHA0 \
-  -DOPENSSL_NO_STATIC_ENGINE \
-  -DOPENSSL_NO_STORE \
-  -DOPENSSL_NO_UNIT_TEST \
-  -DOPENSSL_NO_WHIRLPOOL \
-
diff --git a/build-config-64.mk b/build-config-64.mk
deleted file mode 100644
index e7c9c46297..0000000000
--- a/build-config-64.mk
+++ /dev/null
@@ -1,66 +0,0 @@
-# Auto-generated - DO NOT EDIT!
-# To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
-#
-openssl_cflags_64 := \
-  -DOPENSSL_THREADS \
-  -D_REENTRANT \
-  -DDSO_DLFCN \
-  -DHAVE_DLFCN_H \
-  -DL_ENDIAN \
-  -DTERMIO \
-  -DOPENSSL_NO_CAMELLIA \
-  -DOPENSSL_NO_CAPIENG \
-  -DOPENSSL_NO_CAST \
-  -DOPENSSL_NO_DTLS1 \
-  -DOPENSSL_NO_EC_NISTP_64_GCC_128 \
-  -DOPENSSL_NO_GMP \
-  -DOPENSSL_NO_GOST \
-  -DOPENSSL_NO_HEARTBEATS \
-  -DOPENSSL_NO_IDEA \
-  -DOPENSSL_NO_JPAKE \
-  -DOPENSSL_NO_MD2 \
-  -DOPENSSL_NO_MDC2 \
-  -DOPENSSL_NO_RC5 \
-  -DOPENSSL_NO_RDRAND \
-  -DOPENSSL_NO_RFC3779 \
-  -DOPENSSL_NO_RIPEMD \
-  -DOPENSSL_NO_RSAX \
-  -DOPENSSL_NO_SCTP \
-  -DOPENSSL_NO_SEED \
-  -DOPENSSL_NO_SHA0 \
-  -DOPENSSL_NO_STATIC_ENGINE \
-  -DOPENSSL_NO_STORE \
-  -DOPENSSL_NO_UNIT_TEST \
-  -DOPENSSL_NO_WHIRLPOOL \
-
-openssl_cflags_static_64 := \
-  -DOPENSSL_THREADS \
-  -D_REENTRANT \
-  -DL_ENDIAN \
-  -DTERMIO \
-  -DOPENSSL_NO_CAMELLIA \
-  -DOPENSSL_NO_CAPIENG \
-  -DOPENSSL_NO_CAST \
-  -DOPENSSL_NO_DTLS1 \
-  -DOPENSSL_NO_EC_NISTP_64_GCC_128 \
-  -DOPENSSL_NO_GMP \
-  -DOPENSSL_NO_GOST \
-  -DOPENSSL_NO_HEARTBEATS \
-  -DOPENSSL_NO_IDEA \
-  -DOPENSSL_NO_JPAKE \
-  -DOPENSSL_NO_MD2 \
-  -DOPENSSL_NO_MDC2 \
-  -DOPENSSL_NO_RC5 \
-  -DOPENSSL_NO_RDRAND \
-  -DOPENSSL_NO_RFC3779 \
-  -DOPENSSL_NO_RIPEMD \
-  -DOPENSSL_NO_RSAX \
-  -DOPENSSL_NO_SCTP \
-  -DOPENSSL_NO_SEED \
-  -DOPENSSL_NO_SHA0 \
-  -DOPENSSL_NO_STATIC_ENGINE \
-  -DOPENSSL_NO_STORE \
-  -DOPENSSL_NO_UNIT_TEST \
-  -DOPENSSL_NO_WHIRLPOOL \
-
diff --git a/build-config-static-32.mk b/build-config-static-32.mk
deleted file mode 100644
index 57bb55a232..0000000000
--- a/build-config-static-32.mk
+++ /dev/null
@@ -1,33 +0,0 @@
-# Auto-generated - DO NOT EDIT!
-# To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1f.tar.gz
-#
-openssl_cflags_32 := \
-  -DOPENSSL_THREADS \
-  -D_REENTRANT \
-  -DDSO_DLFCN \
-  -DHAVE_DLFCN_H \
-  -DL_ENDIAN \
-  -DTERMIO \
-  -DOPENSSL_NO_CAMELLIA \
-  -DOPENSSL_NO_CAPIENG \
-  -DOPENSSL_NO_CAST \
-  -DOPENSSL_NO_DTLS1 \
-  -DOPENSSL_NO_EC_NISTP_64_GCC_128 \
-  -DOPENSSL_NO_GMP \
-  -DOPENSSL_NO_GOST \
-  -DOPENSSL_NO_HEARTBEATS \
-  -DOPENSSL_NO_IDEA \
-  -DOPENSSL_NO_JPAKE \
-  -DOPENSSL_NO_MD2 \
-  -DOPENSSL_NO_MDC2 \
-  -DOPENSSL_NO_RC5 \
-  -DOPENSSL_NO_RDRAND \
-  -DOPENSSL_NO_RFC3779 \
-  -DOPENSSL_NO_RSAX \
-  -DOPENSSL_NO_SCTP \
-  -DOPENSSL_NO_SEED \
-  -DOPENSSL_NO_SHA0 \
-  -DOPENSSL_NO_STATIC_ENGINE \
-  -DOPENSSL_NO_STORE \
-  -DOPENSSL_NO_WHIRLPOOL \
diff --git a/build-config-static-64.mk b/build-config-static-64.mk
deleted file mode 100644
index 66943acccc..0000000000
--- a/build-config-static-64.mk
+++ /dev/null
@@ -1,33 +0,0 @@
-# Auto-generated - DO NOT EDIT!
-# To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1f.tar.gz
-#
-openssl_cflags_64 := \
-  -DOPENSSL_THREADS \
-  -D_REENTRANT \
-  -DDSO_DLFCN \
-  -DHAVE_DLFCN_H \
-  -DL_ENDIAN \
-  -DTERMIO \
-  -DOPENSSL_NO_CAMELLIA \
-  -DOPENSSL_NO_CAPIENG \
-  -DOPENSSL_NO_CAST \
-  -DOPENSSL_NO_DTLS1 \
-  -DOPENSSL_NO_EC_NISTP_64_GCC_128 \
-  -DOPENSSL_NO_GMP \
-  -DOPENSSL_NO_GOST \
-  -DOPENSSL_NO_HEARTBEATS \
-  -DOPENSSL_NO_IDEA \
-  -DOPENSSL_NO_JPAKE \
-  -DOPENSSL_NO_MD2 \
-  -DOPENSSL_NO_MDC2 \
-  -DOPENSSL_NO_RC5 \
-  -DOPENSSL_NO_RDRAND \
-  -DOPENSSL_NO_RFC3779 \
-  -DOPENSSL_NO_RSAX \
-  -DOPENSSL_NO_SCTP \
-  -DOPENSSL_NO_SEED \
-  -DOPENSSL_NO_SHA0 \
-  -DOPENSSL_NO_STATIC_ENGINE \
-  -DOPENSSL_NO_STORE \
-  -DOPENSSL_NO_WHIRLPOOL \
diff --git a/build-config-trusty.mk b/build-config-trusty.mk
deleted file mode 100644
index d0b19aae03..0000000000
--- a/build-config-trusty.mk
+++ /dev/null
@@ -1,102 +0,0 @@
-# Auto-generated - DO NOT EDIT!
-# To regenerate, edit openssl.config, then run:
-#     ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
-#
-openssl_cflags_trusty := \
-  -DL_ENDIAN \
-  -DOPENSSL_NO_ERR \
-  -DOPENSSL_NO_CAMELLIA \
-  -DOPENSSL_NO_CAPIENG \
-  -DOPENSSL_NO_CAST \
-  -DOPENSSL_NO_CMS \
-  -DOPENSSL_NO_COMP \
-  -DOPENSSL_NO_CONF \
-  -DOPENSSL_NO_DES \
-  -DOPENSSL_NO_DTLS1 \
-  -DOPENSSL_NO_EC_NISTP_64_GCC_128 \
-  -DOPENSSL_NO_GMP \
-  -DOPENSSL_NO_GOST \
-  -DOPENSSL_NO_HEARTBEATS \
-  -DOPENSSL_NO_IDEA \
-  -DOPENSSL_NO_JPAKE \
-  -DOPENSSL_NO_LOCKING \
-  -DOPENSSL_NO_MD2 \
-  -DOPENSSL_NO_MD4 \
-  -DOPENSSL_NO_MD5 \
-  -DOPENSSL_NO_MDC2 \
-  -DOPENSSL_NO_OCSP \
-  -DOPENSSL_NO_PEM \
-  -DOPENSSL_NO_PKCS12 \
-  -DOPENSSL_NO_PQUEUE \
-  -DOPENSSL_NO_RC2 \
-  -DOPENSSL_NO_RC4 \
-  -DOPENSSL_NO_RC5 \
-  -DOPENSSL_NO_RDRAND \
-  -DOPENSSL_NO_RFC3779 \
-  -DOPENSSL_NO_RIPEMD \
-  -DOPENSSL_NO_RSAX \
-  -DOPENSSL_NO_SCTP \
-  -DOPENSSL_NO_SEED \
-  -DOPENSSL_NO_SHA0 \
-  -DOPENSSL_NO_SRP \
-  -DOPENSSL_NO_SSL2 \
-  -DOPENSSL_NO_SSL3 \
-  -DOPENSSL_NO_STATIC_ENGINE \
-  -DOPENSSL_NO_STORE \
-  -DOPENSSL_NO_TLS1 \
-  -DOPENSSL_NO_TLSEXT \
-  -DOPENSSL_NO_TS \
-  -DOPENSSL_NO_TXT_DB \
-  -DOPENSSL_NO_UI \
-  -DOPENSSL_NO_UNIT_TEST \
-  -DOPENSSL_NO_WHIRLPOOL \
-
-openssl_cflags_static_trusty := \
-  -DL_ENDIAN \
-  -DOPENSSL_NO_ERR \
-  -DOPENSSL_NO_CAMELLIA \
-  -DOPENSSL_NO_CAPIENG \
-  -DOPENSSL_NO_CAST \
-  -DOPENSSL_NO_CMS \
-  -DOPENSSL_NO_COMP \
-  -DOPENSSL_NO_CONF \
-  -DOPENSSL_NO_DES \
-  -DOPENSSL_NO_DTLS1 \
-  -DOPENSSL_NO_EC_NISTP_64_GCC_128 \
-  -DOPENSSL_NO_GMP \
-  -DOPENSSL_NO_GOST \
-  -DOPENSSL_NO_HEARTBEATS \
-  -DOPENSSL_NO_IDEA \
-  -DOPENSSL_NO_JPAKE \
-  -DOPENSSL_NO_LOCKING \
-  -DOPENSSL_NO_MD2 \
-  -DOPENSSL_NO_MD4 \
-  -DOPENSSL_NO_MD5 \
-  -DOPENSSL_NO_MDC2 \
-  -DOPENSSL_NO_OCSP \
-  -DOPENSSL_NO_PEM \
-  -DOPENSSL_NO_PKCS12 \
-  -DOPENSSL_NO_PQUEUE \
-  -DOPENSSL_NO_RC2 \
-  -DOPENSSL_NO_RC4 \
-  -DOPENSSL_NO_RC5 \
-  -DOPENSSL_NO_RDRAND \
-  -DOPENSSL_NO_RFC3779 \
-  -DOPENSSL_NO_RIPEMD \
-  -DOPENSSL_NO_RSAX \
-  -DOPENSSL_NO_SCTP \
-  -DOPENSSL_NO_SEED \
-  -DOPENSSL_NO_SHA0 \
-  -DOPENSSL_NO_SRP \
-  -DOPENSSL_NO_SSL2 \
-  -DOPENSSL_NO_SSL3 \
-  -DOPENSSL_NO_STATIC_ENGINE \
-  -DOPENSSL_NO_STORE \
-  -DOPENSSL_NO_TLS1 \
-  -DOPENSSL_NO_TLSEXT \
-  -DOPENSSL_NO_TS \
-  -DOPENSSL_NO_TXT_DB \
-  -DOPENSSL_NO_UI \
-  -DOPENSSL_NO_UNIT_TEST \
-  -DOPENSSL_NO_WHIRLPOOL \
-
diff --git a/check-all-builds.sh b/check-all-builds.sh
deleted file mode 100755
index 9743872a31..0000000000
--- a/check-all-builds.sh
+++ /dev/null
@@ -1,647 +0,0 @@
-#!/bin/sh
-#
-
-set -e
-export LANG=C
-export LC_ALL=C
-
-PROGDIR=$(dirname "$0")
-PROGNAME=$(basename "$0")
-
-panic () {
-  echo "ERROR: $@"
-  exit 1
-}
-
-VERBOSE=1
-
-# Dump message is $VERBOSE >= $1
-# $1+: message.
-dump_n () {
-  local LOG_LEVEL=$1
-  shift
-  if [ "$VERBOSE" -ge "$LOG_LEVEL" ]; then
-    printf "%s\n" "$@"
-  fi
-}
-
-# Dump a message unless --quiet is used.
-# $1+: message.
-dump () {
-  dump_n 1 "$@"
-}
-
-# Dump a message if --verbose is used only.
-# $1+: message.
-log () {
-  dump_n 2 "$@"
-}
-
-# Run a command silently, unless --verbose or '--verbose --verbose'
-# is used.
-# $1+: Command
-# Return: command status.
-run () {
-  log "COMMAND: $*"
-  case $VERBOSE in
-    0)
-      "$@" >/dev/null 2>&1 || return $?
-      ;;
-    1)
-      "$@" >/dev/null || return $?
-      ;;
-    *)
-      "$@" || return $?
-      ;;
-  esac
-}
-
-# $1: string
-# Out: input string, with capital letters replaced by small ones.
-tolower () {
-  echo "$1" | tr '[A-Z]' '[a-z]'
-}
-
-# Return value of a given variable.
-# $1: Variable name
-var_value () {
-  eval printf \"%s\" \"\$$1\"
-}
-
-# Remove some items from a list
-# $1: input space-separated list
-# $2: space-separated list of items to remove from 1
-# Out: items of $1 without items of $2
-filter_out () {
-  local TMP=$(mktemp)
-  local RESULT
-  printf "" > $TMP
-  echo "$2" | tr ' ' '\n' > $TMP
-  RESULT=$(echo "$1" | tr ' ' '\n' | fgrep -x -v -f $TMP | tr '\n' ' ')
-  rm -f $TMP
-  echo "$RESULT"
-}
-
-src_to_obj () {
-  case $1 in
-    *.c)
-      echo ${1%%.c}.o
-      ;;
-    *.S)
-      echo ${1%%.S}.o
-      ;;
-    *)
-      echo $1
-      ;;
-  esac
-}
-
-# Determine host operating system.
-HOST_OS=$(uname -s)
-case $HOST_OS in
-  Linux)
-    HOST_OS=linux
-    ;;
-  Darwin)
-    HOST_OS=darwin
-    ;;
-esac
-
-# Determine host architecture
-HOST_ARCH=$(uname -m)
-case $HOST_ARCH in
-  i?86)
-    HOST_ARCH=x86
-    ;;
-esac
-
-ANDROID_HOST_TAG=$HOST_OS-$HOST_ARCH
-
-case $ANDROID_HOST_TAG in
-  linux-x86_64|darwin-x86-64)
-    ANDROID_HOST_TAG=$HOST_OS-x86
-    ;;
-  *)
-    panic "Sorry, this script can only run on 64-bit Linux or Darwin"
-esac
-
-# Determine number of cores
-case $HOST_OS in
-  linux)
-    NUM_CORES=$(grep -c "processor" /proc/cpuinfo)
-    ;;
-  darwin)
-    NUM_CORES=$(sysctl -n hw.ncpu)
-    ;;
-  *)
-    NUM_CORES=1
-    ;;
-esac
-
-# The list of supported Android target architectures.
-
-# NOTE: x86_64 is not ready yet, while the toolchain is in
-# prebuilts/ it doesn't have a sysroot which means it requires
-# a platform build to get Bionic and stuff.
-ANDROID_ARCHS="arm arm64 x86 x86_64 mips"
-
-BUILD_TYPES=
-for ARCH in $ANDROID_ARCHS; do
-  BUILD_TYPES="$BUILD_TYPES android-$ARCH"
-done
-ANDROID_BUILD_TYPES=$BUILD_TYPES
-
-HOST_BUILD_TYPES="$HOST_OS-x86 $HOST_OS-generic32 $HOST_OS-generic64"
-HOST_BUILD_TYPES="$HOST_BUILD_TYPES $HOST_OS-x86_64"
-
-BUILD_TYPES="$ANDROID_BUILD_TYPES $HOST_BUILD_TYPES"
-
-# Parse command-line
-DO_HELP=
-SRC_DIR=$(cd $PROGDIR && pwd)
-OUT_DIR=out
-BUILD_DIR=
-BUILD_TYPES=
-NUM_JOBS=$NUM_CORES
-ANDROID_BUILD_TOP=$(cd $PROGDIR/../.. && pwd)
-for OPT; do
-  case $OPT in
-    --help|-h|-?)
-      DO_HELP=true
-      ;;
-    --build-dir=*)
-      BUILD_DIR=${OPT##--build-dir=}
-      ;;
-    --verbose)
-      VERBOSE=$(( $VERBOSE + 1 ))
-      ;;
-    --jobs=*)
-      NUM_JOBS=${OPT##--jobs=}
-      ;;
-    --quiet)
-      VERBOSE=$(( $VERBOSE - 1 ))
-      ;;
-    -j*)
-      NUM_JOBS=${OPT##-j}
-      ;;
-    -*)
-      panic "Unknown option '$OPT', see --help for details."
-      ;;
-    *)
-      BUILD_TYPES="$BUILD_TYPES $OPT"
-      ;;
-  esac
-done
-
-# Print help when needed.
-if [ "$DO_HELP" ]; then
-  echo \
-"Usage: $PROGNAME [options] [<build-type> ...]
-
-This script is used to ensure that all OpenSSL build variants compile
-properly. It can be used after modifying external/openssl/openssl.config
-and re-running import_openssl.sh to check that any changes didn't break
-the build.
-
-A <build-type> is a description of a given build of the library and its
-program. Its format is:
-
-  <compiler>-<system>-<arch>
-
-Where: <compiler> is either 'gcc' or 'clang'.
-       <system>   is 'android', 'linux' or 'darwin'.
-       <arch>     is 'arm', 'x86'  or 'mips'.
-
-By default, it rebuilds the sources for the following build types:
-"
-  for BUILD_TYPE in $BUILD_TYPES; do
-    echo "  $BUILD_TYPE"
-  done
-
-  echo \
-"However, you can pass custom values on the command-line instead.
-
-This scripts generates a custom Makefile in a temporary directory, then
-launches 'make' in it to build all binaries in parallel. In case of
-problem, you can use the --build-dir=<path> option to specify a custom
-build-directory, which will _not_ be removed when the script exits.
-
-For example, to better see why a build fails:
-
-   ./$PROGNAME --build-dir=/tmp/mydir
-   make -C /tmp/mydir V=1
-
-Valid options:
-
-  --help|-h|-?        Print this message.
-  --build-dir=<path>  Specify build directory.
-  --jobs=<count>      Run <count> parallel build jobs [$NUM_JOBS].
-  -j<count>           Same as --jobs=<count>.
-  --verbose           Increase verbosity.
-  --quiet             Decrease verbosity.
-"
-  exit 0
-fi
-
-log "Host OS: $HOST_OS"
-log "Host arch: $HOST_ARCH"
-log "Host CPU count: $NUM_CORES"
-
-if [ -z "$BUILD_TYPES" ]; then
-  BUILD_TYPES="$ANDROID_BUILD_TYPES $HOST_BUILD_TYPES"
-fi
-log "Build types: $BUILD_TYPES"
-
-if [ -z "$BUILD_DIR" ]; then
-  # Create a temporary directory, ensure it gets destroyed properly
-  # when the script exits.
-  BUILD_DIR=$(mktemp -d)
-  clean_build_dir () {
-    log "Cleaning up temporary directory: $BUILD_DIR"
-    rm -rf "$BUILD_DIR"
-    exit $1
-  }
-  trap "clean_build_dir 0" EXIT
-  trap "clean_build_dir \$?" INT HUP QUIT TERM
-  log "Using temporary build directory: $BUILD_DIR"
-else
-  log "Using user build directory: $BUILD_DIR"
-fi
-
-mkdir -p "$BUILD_DIR" && rm -rf "$BUILD_DIR"/*
-
-MAKEFILE=$BUILD_DIR/GNUmakefile
-
-# Return source files for a given module and architecture.
-# $1: module prefix (e.g. CRYPTO)
-# $2: build arch.
-get_module_src_files_for_arch () {
-  local prefix=$1
-  local arch=$2
-  local src_files="$(var_value OPENSSL_${prefix}_SOURCES)"
-  src_files="$src_files $(var_value OPENSSL_${prefix}_SOURCES_${arch})"
-  local exclude_files="$(var_value OPENSSL_${prefix}_SOURCES_EXCLUDES_${arch})"
-  src_files=$(filter_out "$src_files" "$exclude_files")
-  echo "$src_files"
-}
-
-# Return the compiler defines for a given module and architecture
-# $1: module prefix (e.g. CRYPTO)
-# $2 build arch.
-get_module_defines_for_arch () {
-  local prefix=$1
-  local arch=$2
-  local defines="$(var_value OPENSSL_${prefix}_DEFINES)"
-  defines="$defines $(var_value OPENSSL_${prefix}_DEFINES_${arch})"
-  echo "$defines"
-}
-
-# $1: module prefix (e.g. CRYPTO)
-get_module_c_includes () {
-  var_value OPENSSL_$1_INCLUDES
-}
-
-# $1: build type (e.g. gcc-android-arm)
-# Out: build arch.
-get_build_arch () {
-  echo "$1" | cut -d- -f3
-}
-
-# $1: build arch
-# Out: GNU configuration target (e.g. arm-linux-androideabi)
-get_build_arch_target () {
-  case $1 in
-    arm64)
-      echo "aarch64-linux-android"
-      ;;
-    arm)
-      echo "arm-linux-androideabi"
-      ;;
-    x86)
-      echo "x86_64-linux-android"
-      ;;
-    x86_64)
-      echo "x86_64-linux-android"
-      ;;
-    mips)
-      echo "mipsel-linux-android"
-      ;;
-    *)
-      echo "$1-linux-android"
-      ;;
-  esac
-}
-
-GCC_VERSION=4.8
-CLANG_VERSION=3.2
-
-get_prebuilt_gcc_dir_for_arch () {
-  local arch=$1
-  local target=$(get_build_arch_target $arch)
-  # Adjust $arch for x86_64 because the prebuilts are actually
-  # under prebuilts/gcc/<host>/x86/
-  case $arch in
-    x86_64)
-        arch=x86
-        ;;
-    arm64)
-        arch=aarch64
-        ;;
-  esac
-  echo "$ANDROID_BUILD_TOP/prebuilts/gcc/$ANDROID_HOST_TAG/$arch/$target-$GCC_VERSION"
-}
-
-get_prebuilt_clang () {
-  echo "$ANDROID_BUILD_TOP/prebuilts/clang/$ANDROID_HOST_TAG/$CLANG_VERSION/clang"
-}
-
-get_prebuilt_ndk_sysroot_for_arch () {
-  echo "$ANDROID_BUILD_TOP/prebuilts/ndk/current/platforms/android-9/arch-$1"
-}
-
-get_c_runtime_file () {
-  local build_type=$1
-  local arch=$(get_build_arch $build_type)
-  local filename=$2
-  echo "$(get_prebuilt_ndk_sysroot_for_arch $arch)/usr/lib/$filename"
-}
-
-# $1: build type (e.g. gcc-android-arm)
-get_build_compiler () {
-  local arch=$(get_build_arch $1)
-  local target=$(get_build_arch_target $arch)
-  local gcc_dir=$(get_prebuilt_gcc_dir_for_arch $arch);
-  local result
-
-  # Get the toolchain binary.
-  case $1 in
-    gcc-android-*)
-      result="$gcc_dir/bin/$target-gcc"
-      ;;
-    clang-android-*)
-      result="$(get_prebuilt_clang) -target $target -B$gcc_dir/$target/bin -I$gcc_dir/lib/gcc/$target/$GCC_VERSION/include"
-      ;;
-    gcc-*)
-      result=gcc
-      ;;
-    clang-*) # Must have host clang compiler.
-      result=clang
-      ;;
-  esac
-
-  compiler_check=$(which $result 2>/dev/null || echo "")
-  if [ -z "$compiler_check" ]; then
-    panic "Could not find compiler: $result"
-  fi
-
-  # Get the Android sysroot if needed.
-  case $1 in
-    *-android-*)
-      result="$result --sysroot=$(get_prebuilt_ndk_sysroot_for_arch $arch)"
-      ;;
-  esac
-
-  # Force -m32 flag when needed for 32-bit builds.
-  case $1 in
-    *-x86|*-generic32)
-      result="$result -m32"
-      ;;
-  esac
-  echo "$result"
-}
-
-# $1: build type.
-# Out: common compiler flags for this build.
-get_build_c_flags () {
-  local result="-O2 -fPIC"
-  case $1 in
-    *-android-arm)
-      result="$result -march=armv7-a -mfpu=vfpv3-d16"
-      ;;
-  esac
-
-  case $1 in
-    *-generic32|*-generic64)
-      # Generic builds do not compile without this flag.
-      result="$result -DOPENSSL_NO_ASM"
-      ;;
-  esac
-  echo "$result"
-}
-
-# $1: build type.
-# Out: linker for this build.
-get_build_linker () {
-  get_build_compiler $1
-}
-
-clear_sources () {
-  g_all_objs=""
-}
-
-# Generate build instructions to compile source files.
-# Also update g_all_objs.
-# $1: module prefix (e.g. CRYPTO)
-# $2: build type
-build_sources () {
-  local prefix=$1
-  local build_type=$2
-  echo "## build_sources prefix='$prefix' build_type='$build_type'"
-  local arch=$(get_build_arch $build_type)
-  local src_files=$(get_module_src_files_for_arch $prefix $arch)
-  local c_defines=$(get_module_defines_for_arch $prefix $arch)
-  local c_includes=$(get_module_c_includes $prefix "$SRC_DIR")
-  local build_cc=$(get_build_compiler $build_type)
-  local build_cflags=$(get_build_c_flags $build_type)
-  local build_linker=$(get_build_linker $build_type)
-  local src obj def inc
-
-  printf "OUT_DIR := $OUT_DIR/$build_type\n\n"
-  printf "BUILD_CC := $build_cc\n\n"
-  printf "BUILD_LINKER := $build_linker\n\n"
-  printf "BUILD_CFLAGS := $build_cflags"
-  for inc in $c_includes; do
-    printf " -I\$(SRC_DIR)/$inc"
-  done
-  for def in $c_defines; do
-    printf " -D$def"
-  done
-  printf "\n\n"
-  printf "BUILD_OBJECTS :=\n\n"
-
-  case $build_type in
-    clang-android-*)
-      # The version of clang that comes with the platform build doesn't
-      # support simple linking of shared libraries and executables. One
-      # has to provide the C runtime files explicitely.
-      local crtbegin_so=$(get_c_runtime_file $build_type crtbegin_so.o)
-      local crtend_so=$(get_c_runtime_file $build_type crtend_so.o)
-      local crtbegin_exe=$(get_c_runtime_file $build_type crtbegin_dynamic.o)
-      local crtend_exe=$(get_c_runtime_file $build_type crtend_android.o)
-      printf "CRTBEGIN_SO := $crtbegin_so\n"
-      printf "CRTEND_SO := $crtend_so\n"
-      printf "CRTBEGIN_EXE := $crtbegin_exe\n"
-      printf "CRTEND_EXE := $crtend_exe\n"
-      printf "\n"
-      ;;
-  esac
-
-  for src in $src_files; do
-    obj=$(src_to_obj $src)
-    g_all_objs="$g_all_objs $obj"
-    printf "OBJ := \$(OUT_DIR)/$obj\n"
-    printf "BUILD_OBJECTS += \$(OBJ)\n"
-    printf "\$(OBJ): PRIVATE_CC := \$(BUILD_CC)\n"
-    printf "\$(OBJ): PRIVATE_CFLAGS := \$(BUILD_CFLAGS)\n"
-    printf "\$(OBJ): \$(SRC_DIR)/$src\n"
-    printf "\t@echo [$build_type] CC $src\n"
-    printf "\t@mkdir -p \$\$(dirname \$@)\n"
-    printf "\t\$(hide) \$(PRIVATE_CC) \$(PRIVATE_CFLAGS) -c -o \$@ \$<\n"
-    printf "\n"
-  done
-  printf "\n"
-}
-
-# $1: library name (e.g. crypto).
-# $2: module prefix (e.g. CRYPTO).
-# $3: build type.
-# $4: source directory.
-# $5: output directory.
-build_shared_library () {
-  local name=$1
-  local prefix=$2
-  local build_type=$3
-  local src_dir="$4"
-  local out_dir="$5"
-  local shlib="lib${name}.so"
-  local build_linker=$(get_build_linker $build_type)
-  clear_sources
-  build_sources $prefix $build_type
-
-  # TODO(digit): Make the clang build link properly.
-  printf "SHLIB=\$(OUT_DIR)/$shlib\n"
-  printf "\$(SHLIB): PRIVATE_LINKER := \$(BUILD_LINKER)\n"
-  case $build_type in
-    clang-android-*)
-      printf "\$(SHLIB): PRIVATE_CRTBEGIN := \$(CRTBEGIN_SO)\n"
-      printf "\$(SHLIB): PRIVATE_CRTEND := \$(CRTEND_SO)\n"
-      ;;
-  esac
-  printf "\$(SHLIB): \$(BUILD_OBJECTS)\n"
-  printf "\t@echo [$build_type] SHARED_LIBRARY $(basename $shlib)\n"
-  printf "\t@mkdir -p \$\$(dirname \$@)\n"
-  case $build_type in
-    clang-android-*)
-      printf "\t\$(hide) \$(PRIVATE_LINKER) -nostdlib -shared -o \$@ \$(PRIVATE_CRTBEGIN) \$^ \$(PRIVATE_CRTEND)\n"
-      ;;
-    *)
-      printf "\t\$(hide) \$(PRIVATE_LINKER) -shared -o \$@ \$^\n"
-      ;;
-  esac
-  printf "\n"
-}
-
-# $1: executable name.
-# $2: module prefix (e.g. APPS).
-# $3: build type.
-# $4: source directory.
-# $5: output directory.
-# $6: dependent shared libraries (e.g. 'crypto ssl')
-build_executable () {
-  local name=$1
-  local prefix=$2
-  local build_type=$3
-  local src_dir="$4"
-  local out_dir="$5"
-  local shlibs="$6"
-  local build_linker=$(get_build_linker $build_type)
-  clear_sources
-  build_sources $prefix $build_type
-
-  # TODO(digit): Make the clang build link properly.
-  exec=$name
-  all_shlibs=
-  printf "EXEC := \$(OUT_DIR)/$name\n"
-  printf "openssl_all: \$(EXEC)\n"
-  printf "\$(EXEC): PRIVATE_LINKER := \$(BUILD_LINKER)\n"
-  printf "\$(EXEC): \$(BUILD_OBJECTS)"
-  for lib in $shlibs; do
-    printf " \$(OUT_DIR)/lib${lib}.so"
-  done
-  printf "\n"
-  printf "\t@echo [$build_type] EXECUTABLE $name\n"
-  printf "\t@mkdir -p \$\$(dirname \$@)\n"
-  printf "\t\$(hide) \$(PRIVATE_LINKER) -o \$@ \$^\n"
-  printf "\n"
-}
-
-ALL_BUILDS=
-
-generate_openssl_build () {
-  local build_type=$1
-  local out="$OUT_DIR/$build_type"
-  ALL_BUILDS="$ALL_BUILDS $build_type"
-  echo "# Build type: $build_type"
-  build_shared_library crypto CRYPTO $build_type "$SRC_DIR" "$out"
-  build_shared_library ssl SSL $build_type "$SRC_DIR" "$out"
-  build_executable openssl APPS $build_type "$SRC_DIR" "$out" "crypto ssl"
-}
-
-generate_makefile () {
-  echo \
-"# Auto-generated by $PROGDIR - do not edit
-
-.PHONY: openssl_all
-
-all: openssl_all
-
-# Use 'make V=1' to print build commands.
-ifeq (1,\$(V))
-hide :=
-else
-hide := @
-endif
-
-SRC_DIR=$SRC_DIR
-OUT_DIR=$OUT_DIR
-"
-
-  for BUILD_TYPE in $BUILD_TYPES; do
-    generate_openssl_build gcc-$BUILD_TYPE
-  done
-
-# TODO(digit): Make the Clang build run.
-#   for BUILD_TYPE in $ANDROID_BUILD_TYPES; do
-#     generate_openssl_build clang-$BUILD_TYPE
-#   done
-}
-
-. $SRC_DIR/openssl.config
-
-
-
-dump "Generating Makefile"
-log "Makefile path: $MAKEFILE"
-generate_makefile > $MAKEFILE
-
-dump "Building libraries with $NUM_JOBS jobs"
-dump "For the following builds:"
-for BUILD in $ALL_BUILDS; do
-  dump "  $BUILD"
-done
-MAKE_FLAGS="-j$NUM_JOBS"
-if [ "$VERBOSE" -gt 2 ]; then
-  MAKE_FLAGS="$MAKE_FLAGS V=1"
-fi
-run make $MAKE_FLAGS -f "$MAKEFILE" -C "$BUILD_DIR"
-case $? in
-  0)
-    dump "All OK, congratulations!"
-    ;;
-  *)
-    dump "Error, try doing the following to inspect the issues:"
-    dump "   $PROGNAME --build-dir=/tmp/mybuild"
-    dump "   make -C /tmp/mybuild V=1"
-    dump " "
-    ;;
-esac
diff --git a/crypto/LPdir_nyi.c b/crypto/LPdir_nyi.c
deleted file mode 100644
index 6c1a50e6a8..0000000000
--- a/crypto/LPdir_nyi.c
+++ /dev/null
@@ -1,42 +0,0 @@
-/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef LPDIR_H
-#include "LPdir.h"
-#endif
-
-struct LP_dir_context_st { void *dummy; };
-const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
-	{
-	errno = EINVAL;
-	return 0;
-	}
-int LP_find_file_end(LP_DIR_CTX **ctx)
-	{
-	errno = EINVAL;
-	return 0;
-	}
diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c
deleted file mode 100644
index b004cd99e8..0000000000
--- a/crypto/LPdir_unix.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <stddef.h>
-#include <stdlib.h>
-#include <limits.h>
-#include <string.h>
-#include <sys/types.h>
-#include <dirent.h>
-#include <errno.h>
-#ifndef LPDIR_H
-#include "LPdir.h"
-#endif
-
-/* The POSIXly macro for the maximum number of characters in a file path
-   is NAME_MAX.  However, some operating systems use PATH_MAX instead.
-   Therefore, it seems natural to first check for PATH_MAX and use that,
-   and if it doesn't exist, use NAME_MAX. */
-#if defined(PATH_MAX)
-# define LP_ENTRY_SIZE PATH_MAX
-#elif defined(NAME_MAX)
-# define LP_ENTRY_SIZE NAME_MAX
-#endif
-
-/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
-   exist.  It's also possible that NAME_MAX exists but is define to a
-   very small value (HP-UX offers 14), so we need to check if we got a
-   result, and if it meets a minimum standard, and create or change it
-   if not. */
-#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
-# undef LP_ENTRY_SIZE
-# define LP_ENTRY_SIZE 255
-#endif
-
-struct LP_dir_context_st
-{
-  DIR *dir;
-  char entry_name[LP_ENTRY_SIZE+1];
-};
-
-const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
-{
-  struct dirent *direntry = NULL;
-
-  if (ctx == NULL || directory == NULL)
-    {
-      errno = EINVAL;
-      return 0;
-    }
-
-  errno = 0;
-  if (*ctx == NULL)
-    {
-      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
-      if (*ctx == NULL)
-	{
-	  errno = ENOMEM;
-	  return 0;
-	}
-      memset(*ctx, '\0', sizeof(LP_DIR_CTX));
-
-      (*ctx)->dir = opendir(directory);
-      if ((*ctx)->dir == NULL)
-	{
-	  int save_errno = errno; /* Probably not needed, but I'm paranoid */
-	  free(*ctx);
-	  *ctx = NULL;
-	  errno = save_errno;
-	  return 0;
-	}
-    }
-
-  direntry = readdir((*ctx)->dir);
-  if (direntry == NULL)
-    {
-      return 0;
-    }
-
-  strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1);
-  (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
-  return (*ctx)->entry_name;
-}
-
-int LP_find_file_end(LP_DIR_CTX **ctx)
-{
-  if (ctx != NULL && *ctx != NULL)
-    {
-      int ret = closedir((*ctx)->dir);
-
-      free(*ctx);
-      switch (ret)
-	{
-	case 0:
-	  return 1;
-	case -1:
-	  return 0;
-	default:
-	  break;
-	}
-    }
-  errno = EINVAL;
-  return 0;
-}
diff --git a/crypto/LPdir_win.c b/crypto/LPdir_win.c
deleted file mode 100644
index 7eea373cde..0000000000
--- a/crypto/LPdir_win.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#include <windows.h>
-#include <tchar.h>
-#ifndef LPDIR_H
-#include "LPdir.h"
-#endif
-
-/* We're most likely overcautious here, but let's reserve for
-    broken WinCE headers and explicitly opt for UNICODE call.
-    Keep in mind that our WinCE builds are compiled with -DUNICODE
-    [as well as -D_UNICODE]. */
-#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
-# define FindFirstFile FindFirstFileW
-#endif
-#if defined(LP_SYS_WINCE) && !defined(FindNextFile)
-# define FindNextFile FindNextFileW
-#endif
-
-#ifndef NAME_MAX
-#define NAME_MAX 255
-#endif
-
-struct LP_dir_context_st
-{
-  WIN32_FIND_DATA ctx;
-  HANDLE handle;
-  char entry_name[NAME_MAX+1];
-};
-
-const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
-{
-  if (ctx == NULL || directory == NULL)
-    {
-      errno = EINVAL;
-      return 0;
-    }
-
-  errno = 0;
-  if (*ctx == NULL)
-    {
-      const char *extdir = directory;
-      char *extdirbuf = NULL;
-      size_t dirlen = strlen (directory);
-
-      if (dirlen == 0)
-	{
-	  errno = ENOENT;
-	  return 0;
-	}
-
-      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
-      if (*ctx == NULL)
-	{
-	  errno = ENOMEM;
-	  return 0;
-	}
-      memset(*ctx, '\0', sizeof(LP_DIR_CTX));
-
-      if (directory[dirlen-1] != '*')
-	{
-	  extdirbuf = (char *)malloc(dirlen + 3);
-	  if (extdirbuf == NULL)
-	    {
-	      free(*ctx);
-	      *ctx = NULL;
-	      errno = ENOMEM;
-	      return 0;
-	    }
-	  if (directory[dirlen-1] != '/' && directory[dirlen-1] != '\\')
-	    extdir = strcat(strcpy (extdirbuf,directory),"/*");
-	  else
-	    extdir = strcat(strcpy (extdirbuf,directory),"*");
-	}
-
-      if (sizeof(TCHAR) != sizeof(char))
-	{
-	  TCHAR *wdir = NULL;
-	  /* len_0 denotes string length *with* trailing 0 */ 
-	  size_t index = 0,len_0 = strlen(extdir) + 1;
-
-	  wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
-	  if (wdir == NULL)
-	    {
-	      if (extdirbuf != NULL)
-		{
-		  free (extdirbuf);
-		}
-	      free(*ctx);
-	      *ctx = NULL;
-	      errno = ENOMEM;
-	      return 0;
-	    }
-
-#ifdef LP_MULTIBYTE_AVAILABLE
-	  if (!MultiByteToWideChar(CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
-#endif
-	    for (index = 0; index < len_0; index++)
-	      wdir[index] = (TCHAR)extdir[index];
-
-	  (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
-
-	  free(wdir);
-	}
-      else
-	{
-	  (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
-	}
-      if (extdirbuf != NULL)
-	{
-	  free (extdirbuf);
-	}
-
-      if ((*ctx)->handle == INVALID_HANDLE_VALUE)
-	{
-	  free(*ctx);
-	  *ctx = NULL;
-	  errno = EINVAL;
-	  return 0;
-	}
-    }
-  else
-    {
-      if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE)
-	{
-	  return 0;
-	}
-    }
-  if (sizeof(TCHAR) != sizeof(char))
-    {
-      TCHAR *wdir = (*ctx)->ctx.cFileName;
-      size_t index, len_0 = 0;
-
-      while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++;
-      len_0++;
-
-#ifdef LP_MULTIBYTE_AVAILABLE
-      if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
-			       sizeof((*ctx)->entry_name), NULL, 0))
-#endif
-	for (index = 0; index < len_0; index++)
-	  (*ctx)->entry_name[index] = (char)wdir[index];
-    }
-  else
-    strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
-	    sizeof((*ctx)->entry_name)-1);
-
-  (*ctx)->entry_name[sizeof((*ctx)->entry_name)-1] = '\0';
-
-  return (*ctx)->entry_name;
-}
-
-int LP_find_file_end(LP_DIR_CTX **ctx)
-{
-  if (ctx != NULL && *ctx != NULL)
-    {
-      FindClose((*ctx)->handle);
-      free(*ctx);
-      *ctx = NULL;
-      return 1;
-    }
-  errno = EINVAL;
-  return 0;
-}
diff --git a/crypto/LPdir_win32.c b/crypto/LPdir_win32.c
deleted file mode 100644
index e39872da52..0000000000
--- a/crypto/LPdir_win32.c
+++ /dev/null
@@ -1,30 +0,0 @@
-/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#define LP_SYS_WIN32
-#define LP_MULTIBYTE_AVAILABLE
-#include "LPdir_win.c"
diff --git a/crypto/LPdir_wince.c b/crypto/LPdir_wince.c
deleted file mode 100644
index ab0e1e6f4f..0000000000
--- a/crypto/LPdir_wince.c
+++ /dev/null
@@ -1,31 +0,0 @@
-/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#define LP_SYS_WINCE
-/* We might want to define LP_MULTIBYTE_AVAILABLE here.  It's currently
-   under investigation what the exact conditions would be */
-#include "LPdir_win.c"
diff --git a/crypto/aes/README b/crypto/aes/README
deleted file mode 100644
index 0f9620a80e..0000000000
--- a/crypto/aes/README
+++ /dev/null
@@ -1,3 +0,0 @@
-This is an OpenSSL-compatible version of AES (also called Rijndael).
-aes_core.c is basically the same as rijndael-alg-fst.c but with an
-API that looks like the rest of the OpenSSL symmetric cipher suite.
diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h
deleted file mode 100644
index 031abf01b5..0000000000
--- a/crypto/aes/aes.h
+++ /dev/null
@@ -1,147 +0,0 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_AES_H
-#define HEADER_AES_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_AES
-#error AES is disabled.
-#endif
-
-#include <stddef.h>
-
-#define AES_ENCRYPT	1
-#define AES_DECRYPT	0
-
-/* Because array size can't be a const in C, the following two are macros.
-   Both sizes are in bytes. */
-#define AES_MAXNR 14
-#define AES_BLOCK_SIZE 16
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* This should be a hidden type, but EVP requires that the size be known */
-struct aes_key_st {
-#ifdef AES_LONG
-    unsigned long rd_key[4 *(AES_MAXNR + 1)];
-#else
-    unsigned int rd_key[4 *(AES_MAXNR + 1)];
-#endif
-    int rounds;
-};
-typedef struct aes_key_st AES_KEY;
-
-const char *AES_options(void);
-
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-	AES_KEY *key);
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-	AES_KEY *key);
-
-int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-	AES_KEY *key);
-int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-	AES_KEY *key);
-
-void AES_encrypt(const unsigned char *in, unsigned char *out,
-	const AES_KEY *key);
-void AES_decrypt(const unsigned char *in, unsigned char *out,
-	const AES_KEY *key);
-
-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
-	const AES_KEY *key, const int enc);
-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, const int enc);
-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, int *num, const int enc);
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, int *num, const int enc);
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, int *num, const int enc);
-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, int *num);
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char ivec[AES_BLOCK_SIZE],
-	unsigned char ecount_buf[AES_BLOCK_SIZE],
-	unsigned int *num);
-/* NB: the IV is _two_ blocks long */
-void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-		     size_t length, const AES_KEY *key,
-		     unsigned char *ivec, const int enc);
-/* NB: the IV is _four_ blocks long */
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-			size_t length, const AES_KEY *key,
-			const AES_KEY *key2, const unsigned char *ivec,
-			const int enc);
-
-int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
-		unsigned char *out,
-		const unsigned char *in, unsigned int inlen);
-int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
-		unsigned char *out,
-		const unsigned char *in, unsigned int inlen);
-
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif /* !HEADER_AES_H */
diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c
deleted file mode 100644
index 227f75625d..0000000000
--- a/crypto/aes/aes_cbc.c
+++ /dev/null
@@ -1,63 +0,0 @@
-/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-		     size_t len, const AES_KEY *key,
-		     unsigned char *ivec, const int enc) {
-
-	if (enc)
-		CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block128_f)AES_encrypt);
-	else
-		CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block128_f)AES_decrypt);
-}
diff --git a/crypto/aes/aes_cfb.c b/crypto/aes/aes_cfb.c
deleted file mode 100644
index 0c6d058ce7..0000000000
--- a/crypto/aes/aes_cfb.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-/* The input and output encrypted as though 128bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
-
-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, int *num, const int enc) {
-
-	CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
-}
-
-/* N.B. This expects the input to be packed, MS bit first */
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-		      size_t length, const AES_KEY *key,
-		      unsigned char *ivec, int *num, const int enc)
-    {
-    CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
-    }
-
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-		      size_t length, const AES_KEY *key,
-		      unsigned char *ivec, int *num, const int enc)
-    {
-    CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
-    }
-
diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c
deleted file mode 100644
index 8f5210ac70..0000000000
--- a/crypto/aes/aes_core.c
+++ /dev/null
@@ -1,1358 +0,0 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
-/**
- * rijndael-alg-fst.c
- *
- * @version 3.0 (December 2000)
- *
- * Optimised ANSI C code for the Rijndael cipher (now AES)
- *
- * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
- * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
- * @author Paulo Barreto <paulo.barreto@terra.com.br>
- *
- * This code is hereby placed in the public domain.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
- * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
- * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* Note: rewritten a little bit to provide error control and an OpenSSL-
-   compatible API */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <stdlib.h>
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-#ifndef AES_ASM
-/*
-Te0[x] = S [x].[02, 01, 01, 03];
-Te1[x] = S [x].[03, 02, 01, 01];
-Te2[x] = S [x].[01, 03, 02, 01];
-Te3[x] = S [x].[01, 01, 03, 02];
-
-Td0[x] = Si[x].[0e, 09, 0d, 0b];
-Td1[x] = Si[x].[0b, 0e, 09, 0d];
-Td2[x] = Si[x].[0d, 0b, 0e, 09];
-Td3[x] = Si[x].[09, 0d, 0b, 0e];
-Td4[x] = Si[x].[01];
-*/
-
-static const u32 Te0[256] = {
-    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
-    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
-    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
-    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
-    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
-    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
-    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
-    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
-    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
-    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
-    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
-    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
-    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
-    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
-    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
-    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
-    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
-    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
-    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
-    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
-    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
-    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
-    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
-    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
-    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
-    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
-    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
-    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
-    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
-    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
-    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
-    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
-    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
-    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
-    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
-    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
-    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
-    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
-    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
-    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
-    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
-    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
-    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
-    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
-    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
-    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
-    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
-    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
-    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
-    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
-    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
-    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
-    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
-    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
-    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
-    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
-    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
-    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
-    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
-    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
-    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
-    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
-    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
-    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
-};
-static const u32 Te1[256] = {
-    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
-    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
-    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
-    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
-    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
-    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
-    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
-    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
-    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
-    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
-    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
-    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
-    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
-    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
-    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
-    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
-    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
-    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
-    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
-    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
-    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
-    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
-    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
-    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
-    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
-    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
-    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
-    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
-    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
-    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
-    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
-    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
-    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
-    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
-    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
-    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
-    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
-    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
-    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
-    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
-    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
-    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
-    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
-    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
-    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
-    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
-    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
-    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
-    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
-    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
-    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
-    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
-    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
-    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
-    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
-    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
-    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
-    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
-    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
-    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
-    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
-    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
-    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
-    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
-};
-static const u32 Te2[256] = {
-    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
-    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
-    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
-    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
-    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
-    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
-    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
-    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
-    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
-    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
-    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
-    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
-    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
-    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
-    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
-    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
-    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
-    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
-    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
-    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
-    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
-    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
-    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
-    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
-    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
-    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
-    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
-    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
-    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
-    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
-    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
-    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
-    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
-    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
-    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
-    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
-    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
-    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
-    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
-    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
-    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
-    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
-    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
-    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
-    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
-    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
-    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
-    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
-    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
-    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
-    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
-    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
-    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
-    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
-    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
-    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
-    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
-    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
-    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
-    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
-    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
-    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
-    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
-    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
-};
-static const u32 Te3[256] = {
-    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
-    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
-    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
-    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
-    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
-    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
-    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
-    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
-    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
-    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
-    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
-    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
-    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
-    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
-    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
-    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
-    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
-    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
-    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
-    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
-    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
-    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
-    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
-    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
-    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
-    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
-    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
-    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
-    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
-    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
-    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
-    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
-    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
-    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
-    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
-    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
-    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
-    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
-    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
-    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
-    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
-    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
-    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
-    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
-    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
-    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
-    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
-    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
-    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
-    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
-    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
-    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
-    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
-    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
-    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
-    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
-    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
-    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
-    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
-    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
-    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
-    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
-    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
-    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
-};
-
-static const u32 Td0[256] = {
-    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
-    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
-    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
-    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
-    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
-    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
-    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
-    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
-    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
-    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
-    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
-    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
-    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
-    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
-    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
-    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
-    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
-    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
-    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
-    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
-    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
-    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
-    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
-    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
-    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
-    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
-    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
-    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
-    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
-    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
-    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
-    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
-    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
-    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
-    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
-    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
-    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
-    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
-    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
-    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
-    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
-    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
-    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
-    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
-    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
-    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
-    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
-    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
-    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
-    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
-    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
-    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
-    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
-    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
-    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
-    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
-    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
-    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
-    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
-    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
-    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
-    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
-    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
-    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
-};
-static const u32 Td1[256] = {
-    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
-    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
-    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
-    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
-    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
-    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
-    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
-    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
-    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
-    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
-    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
-    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
-    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
-    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
-    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
-    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
-    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
-    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
-    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
-    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
-    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
-    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
-    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
-    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
-    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
-    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
-    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
-    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
-    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
-    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
-    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
-    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
-    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
-    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
-    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
-    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
-    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
-    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
-    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
-    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
-    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
-    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
-    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
-    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
-    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
-    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
-    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
-    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
-    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
-    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
-    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
-    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
-    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
-    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
-    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
-    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
-    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
-    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
-    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
-    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
-    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
-    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
-    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
-    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
-};
-static const u32 Td2[256] = {
-    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
-    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
-    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
-    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
-    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
-    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
-    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
-    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
-    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
-    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
-    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
-    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
-    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
-    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
-    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
-    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
-    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
-    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
-    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
-    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
-    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
-    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
-    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
-    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
-    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
-    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
-    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
-    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
-    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
-    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
-    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
-    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
-    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
-    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
-    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
-    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
-    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
-    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
-    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
-    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
-    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
-    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
-    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
-    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
-    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
-    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
-    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
-    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
-    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
-    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
-    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
-    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
-    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
-    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
-    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
-    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
-    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
-    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
-    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
-    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
-    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
-    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
-    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
-    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
-};
-static const u32 Td3[256] = {
-    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
-    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
-    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
-    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
-    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
-    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
-    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
-    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
-    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
-    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
-    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
-    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
-    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
-    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
-    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
-    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
-    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
-    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
-    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
-    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
-    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
-    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
-    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
-    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
-    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
-    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
-    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
-    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
-    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
-    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
-    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
-    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
-    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
-    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
-    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
-    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
-    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
-    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
-    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
-    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
-    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
-    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
-    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
-    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
-    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
-    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
-    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
-    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
-    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
-    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
-    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
-    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
-    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
-    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
-    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
-    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
-    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
-    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
-    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
-    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
-    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
-    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
-    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
-    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
-};
-static const u8 Td4[256] = {
-    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
-    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
-    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
-    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
-    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
-    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
-    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
-    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
-    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
-    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
-    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
-    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
-    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
-    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
-    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
-    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
-    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
-    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
-    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
-    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
-    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
-    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
-    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
-    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
-    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
-    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
-    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
-    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
-    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
-    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
-    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
-    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
-};
-static const u32 rcon[] = {
-	0x01000000, 0x02000000, 0x04000000, 0x08000000,
-	0x10000000, 0x20000000, 0x40000000, 0x80000000,
-	0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
-};
-
-/**
- * Expand the cipher key into the encryption key schedule.
- */
-int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-			AES_KEY *key) {
-
-	u32 *rk;
-   	int i = 0;
-	u32 temp;
-
-	if (!userKey || !key)
-		return -1;
-	if (bits != 128 && bits != 192 && bits != 256)
-		return -2;
-
-	rk = key->rd_key;
-
-	if (bits==128)
-		key->rounds = 10;
-	else if (bits==192)
-		key->rounds = 12;
-	else
-		key->rounds = 14;
-
-	rk[0] = GETU32(userKey     );
-	rk[1] = GETU32(userKey +  4);
-	rk[2] = GETU32(userKey +  8);
-	rk[3] = GETU32(userKey + 12);
-	if (bits == 128) {
-		while (1) {
-			temp  = rk[3];
-			rk[4] = rk[0] ^
-				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^
-				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
-				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^
-				(Te1[(temp >> 24)       ] & 0x000000ff) ^
-				rcon[i];
-			rk[5] = rk[1] ^ rk[4];
-			rk[6] = rk[2] ^ rk[5];
-			rk[7] = rk[3] ^ rk[6];
-			if (++i == 10) {
-				return 0;
-			}
-			rk += 4;
-		}
-	}
-	rk[4] = GETU32(userKey + 16);
-	rk[5] = GETU32(userKey + 20);
-	if (bits == 192) {
-		while (1) {
-			temp = rk[ 5];
-			rk[ 6] = rk[ 0] ^
-				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^
-				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
-				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^
-				(Te1[(temp >> 24)       ] & 0x000000ff) ^
-				rcon[i];
-			rk[ 7] = rk[ 1] ^ rk[ 6];
-			rk[ 8] = rk[ 2] ^ rk[ 7];
-			rk[ 9] = rk[ 3] ^ rk[ 8];
-			if (++i == 8) {
-				return 0;
-			}
-			rk[10] = rk[ 4] ^ rk[ 9];
-			rk[11] = rk[ 5] ^ rk[10];
-			rk += 6;
-		}
-	}
-	rk[6] = GETU32(userKey + 24);
-	rk[7] = GETU32(userKey + 28);
-	if (bits == 256) {
-		while (1) {
-			temp = rk[ 7];
-			rk[ 8] = rk[ 0] ^
-				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^
-				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
-				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^
-				(Te1[(temp >> 24)       ] & 0x000000ff) ^
-				rcon[i];
-			rk[ 9] = rk[ 1] ^ rk[ 8];
-			rk[10] = rk[ 2] ^ rk[ 9];
-			rk[11] = rk[ 3] ^ rk[10];
-			if (++i == 7) {
-				return 0;
-			}
-			temp = rk[11];
-			rk[12] = rk[ 4] ^
-				(Te2[(temp >> 24)       ] & 0xff000000) ^
-				(Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
-				(Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
-				(Te1[(temp      ) & 0xff] & 0x000000ff);
-			rk[13] = rk[ 5] ^ rk[12];
-			rk[14] = rk[ 6] ^ rk[13];
-			rk[15] = rk[ 7] ^ rk[14];
-
-			rk += 8;
-        	}
-	}
-	return 0;
-}
-
-/**
- * Expand the cipher key into the decryption key schedule.
- */
-int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-			 AES_KEY *key) {
-
-        u32 *rk;
-	int i, j, status;
-	u32 temp;
-
-	/* first, start with an encryption schedule */
-	status = private_AES_set_encrypt_key(userKey, bits, key);
-	if (status < 0)
-		return status;
-
-	rk = key->rd_key;
-
-	/* invert the order of the round keys: */
-	for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
-		temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
-		temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
-		temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
-		temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
-	}
-	/* apply the inverse MixColumn transform to all round keys but the first and the last: */
-	for (i = 1; i < (key->rounds); i++) {
-		rk += 4;
-		rk[0] =
-			Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
-			Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
-			Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
-			Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
-		rk[1] =
-			Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
-			Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
-			Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
-			Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
-		rk[2] =
-			Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
-			Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
-			Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
-			Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
-		rk[3] =
-			Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
-			Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
-			Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
-			Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
-	}
-	return 0;
-}
-
-/*
- * Encrypt a single block
- * in and out can overlap
- */
-void AES_encrypt(const unsigned char *in, unsigned char *out,
-		 const AES_KEY *key) {
-
-	const u32 *rk;
-	u32 s0, s1, s2, s3, t0, t1, t2, t3;
-#ifndef FULL_UNROLL
-	int r;
-#endif /* ?FULL_UNROLL */
-
-	assert(in && out && key);
-	rk = key->rd_key;
-
-	/*
-	 * map byte array block to cipher state
-	 * and add initial round key:
-	 */
-	s0 = GETU32(in     ) ^ rk[0];
-	s1 = GETU32(in +  4) ^ rk[1];
-	s2 = GETU32(in +  8) ^ rk[2];
-	s3 = GETU32(in + 12) ^ rk[3];
-#ifdef FULL_UNROLL
-	/* round 1: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
-   	/* round 2: */
-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
-	/* round 3: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
-   	/* round 4: */
-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
-	/* round 5: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
-   	/* round 6: */
-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
-	/* round 7: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
-   	/* round 8: */
-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
-	/* round 9: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
-    if (key->rounds > 10) {
-        /* round 10: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
-        /* round 11: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
-        if (key->rounds > 12) {
-            /* round 12: */
-            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
-            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
-            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
-            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
-            /* round 13: */
-            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
-            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
-            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
-            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
-        }
-    }
-    rk += key->rounds << 2;
-#else  /* !FULL_UNROLL */
-    /*
-     * Nr - 1 full rounds:
-     */
-    r = key->rounds >> 1;
-    for (;;) {
-        t0 =
-            Te0[(s0 >> 24)       ] ^
-            Te1[(s1 >> 16) & 0xff] ^
-            Te2[(s2 >>  8) & 0xff] ^
-            Te3[(s3      ) & 0xff] ^
-            rk[4];
-        t1 =
-            Te0[(s1 >> 24)       ] ^
-            Te1[(s2 >> 16) & 0xff] ^
-            Te2[(s3 >>  8) & 0xff] ^
-            Te3[(s0      ) & 0xff] ^
-            rk[5];
-        t2 =
-            Te0[(s2 >> 24)       ] ^
-            Te1[(s3 >> 16) & 0xff] ^
-            Te2[(s0 >>  8) & 0xff] ^
-            Te3[(s1      ) & 0xff] ^
-            rk[6];
-        t3 =
-            Te0[(s3 >> 24)       ] ^
-            Te1[(s0 >> 16) & 0xff] ^
-            Te2[(s1 >>  8) & 0xff] ^
-            Te3[(s2      ) & 0xff] ^
-            rk[7];
-
-        rk += 8;
-        if (--r == 0) {
-            break;
-        }
-
-        s0 =
-            Te0[(t0 >> 24)       ] ^
-            Te1[(t1 >> 16) & 0xff] ^
-            Te2[(t2 >>  8) & 0xff] ^
-            Te3[(t3      ) & 0xff] ^
-            rk[0];
-        s1 =
-            Te0[(t1 >> 24)       ] ^
-            Te1[(t2 >> 16) & 0xff] ^
-            Te2[(t3 >>  8) & 0xff] ^
-            Te3[(t0      ) & 0xff] ^
-            rk[1];
-        s2 =
-            Te0[(t2 >> 24)       ] ^
-            Te1[(t3 >> 16) & 0xff] ^
-            Te2[(t0 >>  8) & 0xff] ^
-            Te3[(t1      ) & 0xff] ^
-            rk[2];
-        s3 =
-            Te0[(t3 >> 24)       ] ^
-            Te1[(t0 >> 16) & 0xff] ^
-            Te2[(t1 >>  8) & 0xff] ^
-            Te3[(t2      ) & 0xff] ^
-            rk[3];
-    }
-#endif /* ?FULL_UNROLL */
-    /*
-	 * apply last round and
-	 * map cipher state to byte array block:
-	 */
-	s0 =
-		(Te2[(t0 >> 24)       ] & 0xff000000) ^
-		(Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te1[(t3      ) & 0xff] & 0x000000ff) ^
-		rk[0];
-	PUTU32(out     , s0);
-	s1 =
-		(Te2[(t1 >> 24)       ] & 0xff000000) ^
-		(Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te1[(t0      ) & 0xff] & 0x000000ff) ^
-		rk[1];
-	PUTU32(out +  4, s1);
-	s2 =
-		(Te2[(t2 >> 24)       ] & 0xff000000) ^
-		(Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te1[(t1      ) & 0xff] & 0x000000ff) ^
-		rk[2];
-	PUTU32(out +  8, s2);
-	s3 =
-		(Te2[(t3 >> 24)       ] & 0xff000000) ^
-		(Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te1[(t2      ) & 0xff] & 0x000000ff) ^
-		rk[3];
-	PUTU32(out + 12, s3);
-}
-
-/*
- * Decrypt a single block
- * in and out can overlap
- */
-void AES_decrypt(const unsigned char *in, unsigned char *out,
-		 const AES_KEY *key) {
-
-	const u32 *rk;
-	u32 s0, s1, s2, s3, t0, t1, t2, t3;
-#ifndef FULL_UNROLL
-	int r;
-#endif /* ?FULL_UNROLL */
-
-	assert(in && out && key);
-	rk = key->rd_key;
-
-	/*
-	 * map byte array block to cipher state
-	 * and add initial round key:
-	 */
-    s0 = GETU32(in     ) ^ rk[0];
-    s1 = GETU32(in +  4) ^ rk[1];
-    s2 = GETU32(in +  8) ^ rk[2];
-    s3 = GETU32(in + 12) ^ rk[3];
-#ifdef FULL_UNROLL
-    /* round 1: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
-    /* round 2: */
-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
-    /* round 3: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
-    /* round 4: */
-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
-    /* round 5: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
-    /* round 6: */
-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
-    /* round 7: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
-    /* round 8: */
-    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
-    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
-    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
-    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
-    /* round 9: */
-    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
-    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
-    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
-    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
-    if (key->rounds > 10) {
-        /* round 10: */
-        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
-        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
-        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
-        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
-        /* round 11: */
-        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
-        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
-        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
-        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
-        if (key->rounds > 12) {
-            /* round 12: */
-            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
-            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
-            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
-            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
-            /* round 13: */
-            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
-            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
-            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
-            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
-        }
-    }
-	rk += key->rounds << 2;
-#else  /* !FULL_UNROLL */
-    /*
-     * Nr - 1 full rounds:
-     */
-    r = key->rounds >> 1;
-    for (;;) {
-        t0 =
-            Td0[(s0 >> 24)       ] ^
-            Td1[(s3 >> 16) & 0xff] ^
-            Td2[(s2 >>  8) & 0xff] ^
-            Td3[(s1      ) & 0xff] ^
-            rk[4];
-        t1 =
-            Td0[(s1 >> 24)       ] ^
-            Td1[(s0 >> 16) & 0xff] ^
-            Td2[(s3 >>  8) & 0xff] ^
-            Td3[(s2      ) & 0xff] ^
-            rk[5];
-        t2 =
-            Td0[(s2 >> 24)       ] ^
-            Td1[(s1 >> 16) & 0xff] ^
-            Td2[(s0 >>  8) & 0xff] ^
-            Td3[(s3      ) & 0xff] ^
-            rk[6];
-        t3 =
-            Td0[(s3 >> 24)       ] ^
-            Td1[(s2 >> 16) & 0xff] ^
-            Td2[(s1 >>  8) & 0xff] ^
-            Td3[(s0      ) & 0xff] ^
-            rk[7];
-
-        rk += 8;
-        if (--r == 0) {
-            break;
-        }
-
-        s0 =
-            Td0[(t0 >> 24)       ] ^
-            Td1[(t3 >> 16) & 0xff] ^
-            Td2[(t2 >>  8) & 0xff] ^
-            Td3[(t1      ) & 0xff] ^
-            rk[0];
-        s1 =
-            Td0[(t1 >> 24)       ] ^
-            Td1[(t0 >> 16) & 0xff] ^
-            Td2[(t3 >>  8) & 0xff] ^
-            Td3[(t2      ) & 0xff] ^
-            rk[1];
-        s2 =
-            Td0[(t2 >> 24)       ] ^
-            Td1[(t1 >> 16) & 0xff] ^
-            Td2[(t0 >>  8) & 0xff] ^
-            Td3[(t3      ) & 0xff] ^
-            rk[2];
-        s3 =
-            Td0[(t3 >> 24)       ] ^
-            Td1[(t2 >> 16) & 0xff] ^
-            Td2[(t1 >>  8) & 0xff] ^
-            Td3[(t0      ) & 0xff] ^
-            rk[3];
-    }
-#endif /* ?FULL_UNROLL */
-    /*
-	 * apply last round and
-	 * map cipher state to byte array block:
-	 */
-   	s0 =
-   		(Td4[(t0 >> 24)       ] << 24) ^
-   		(Td4[(t3 >> 16) & 0xff] << 16) ^
-   		(Td4[(t2 >>  8) & 0xff] <<  8) ^
-   		(Td4[(t1      ) & 0xff])       ^
-   		rk[0];
-	PUTU32(out     , s0);
-   	s1 =
-   		(Td4[(t1 >> 24)       ] << 24) ^
-   		(Td4[(t0 >> 16) & 0xff] << 16) ^
-   		(Td4[(t3 >>  8) & 0xff] <<  8) ^
-   		(Td4[(t2      ) & 0xff])       ^
-   		rk[1];
-	PUTU32(out +  4, s1);
-   	s2 =
-   		(Td4[(t2 >> 24)       ] << 24) ^
-   		(Td4[(t1 >> 16) & 0xff] << 16) ^
-   		(Td4[(t0 >>  8) & 0xff] <<  8) ^
-   		(Td4[(t3      ) & 0xff])       ^
-   		rk[2];
-	PUTU32(out +  8, s2);
-   	s3 =
-   		(Td4[(t3 >> 24)       ] << 24) ^
-   		(Td4[(t2 >> 16) & 0xff] << 16) ^
-   		(Td4[(t1 >>  8) & 0xff] <<  8) ^
-   		(Td4[(t0      ) & 0xff])       ^
-   		rk[3];
-	PUTU32(out + 12, s3);
-}
-
-#else /* AES_ASM */
-
-static const u8 Te4[256] = {
-    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
-    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
-    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
-    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
-    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
-    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
-    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
-    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
-    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
-    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
-    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
-    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
-    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
-    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
-    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
-    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
-    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
-    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
-    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
-    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
-    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
-    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
-    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
-    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
-    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
-    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
-    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
-    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
-    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
-    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
-    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
-    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
-};
-static const u32 rcon[] = {
-	0x01000000, 0x02000000, 0x04000000, 0x08000000,
-	0x10000000, 0x20000000, 0x40000000, 0x80000000,
-	0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
-};
-
-/**
- * Expand the cipher key into the encryption key schedule.
- */
-int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-			AES_KEY *key) {
-	u32 *rk;
-   	int i = 0;
-	u32 temp;
-
-	if (!userKey || !key)
-		return -1;
-	if (bits != 128 && bits != 192 && bits != 256)
-		return -2;
-
-	rk = key->rd_key;
-
-	if (bits==128)
-		key->rounds = 10;
-	else if (bits==192)
-		key->rounds = 12;
-	else
-		key->rounds = 14;
-
-	rk[0] = GETU32(userKey     );
-	rk[1] = GETU32(userKey +  4);
-	rk[2] = GETU32(userKey +  8);
-	rk[3] = GETU32(userKey + 12);
-	if (bits == 128) {
-		while (1) {
-			temp  = rk[3];
-			rk[4] = rk[0] ^
-				(Te4[(temp >> 16) & 0xff] << 24) ^
-				(Te4[(temp >>  8) & 0xff] << 16) ^
-				(Te4[(temp      ) & 0xff] << 8) ^
-				(Te4[(temp >> 24)       ]) ^
-				rcon[i];
-			rk[5] = rk[1] ^ rk[4];
-			rk[6] = rk[2] ^ rk[5];
-			rk[7] = rk[3] ^ rk[6];
-			if (++i == 10) {
-				return 0;
-			}
-			rk += 4;
-		}
-	}
-	rk[4] = GETU32(userKey + 16);
-	rk[5] = GETU32(userKey + 20);
-	if (bits == 192) {
-		while (1) {
-			temp = rk[ 5];
-			rk[ 6] = rk[ 0] ^
-				(Te4[(temp >> 16) & 0xff] << 24) ^
-				(Te4[(temp >>  8) & 0xff] << 16) ^
-				(Te4[(temp      ) & 0xff] << 8) ^
-				(Te4[(temp >> 24)       ]) ^
-				rcon[i];
-			rk[ 7] = rk[ 1] ^ rk[ 6];
-			rk[ 8] = rk[ 2] ^ rk[ 7];
-			rk[ 9] = rk[ 3] ^ rk[ 8];
-			if (++i == 8) {
-				return 0;
-			}
-			rk[10] = rk[ 4] ^ rk[ 9];
-			rk[11] = rk[ 5] ^ rk[10];
-			rk += 6;
-		}
-	}
-	rk[6] = GETU32(userKey + 24);
-	rk[7] = GETU32(userKey + 28);
-	if (bits == 256) {
-		while (1) {
-			temp = rk[ 7];
-			rk[ 8] = rk[ 0] ^
-				(Te4[(temp >> 16) & 0xff] << 24) ^
-				(Te4[(temp >>  8) & 0xff] << 16) ^
-				(Te4[(temp      ) & 0xff] << 8) ^
-				(Te4[(temp >> 24)       ]) ^
-				rcon[i];
-			rk[ 9] = rk[ 1] ^ rk[ 8];
-			rk[10] = rk[ 2] ^ rk[ 9];
-			rk[11] = rk[ 3] ^ rk[10];
-			if (++i == 7) {
-				return 0;
-			}
-			temp = rk[11];
-			rk[12] = rk[ 4] ^
-				(Te4[(temp >> 24)       ] << 24) ^
-				(Te4[(temp >> 16) & 0xff] << 16) ^
-				(Te4[(temp >>  8) & 0xff] << 8) ^
-				(Te4[(temp      ) & 0xff]);
-			rk[13] = rk[ 5] ^ rk[12];
-			rk[14] = rk[ 6] ^ rk[13];
-			rk[15] = rk[ 7] ^ rk[14];
-
-			rk += 8;
-        	}
-	}
-	return 0;
-}
-
-/**
- * Expand the cipher key into the decryption key schedule.
- */
-int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-			 AES_KEY *key) {
-
-        u32 *rk;
-	int i, j, status;
-	u32 temp;
-
-	/* first, start with an encryption schedule */
-	status = private_AES_set_encrypt_key(userKey, bits, key);
-	if (status < 0)
-		return status;
-
-	rk = key->rd_key;
-
-	/* invert the order of the round keys: */
-	for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
-		temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
-		temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
-		temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
-		temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
-	}
-	/* apply the inverse MixColumn transform to all round keys but the first and the last: */
-	for (i = 1; i < (key->rounds); i++) {
-		rk += 4;
-		for (j = 0; j < 4; j++) {
-			u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-
-			tp1 = rk[j];
-			m = tp1 & 0x80808080;
-			tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			m = tp2 & 0x80808080;
-			tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			m = tp4 & 0x80808080;
-			tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			tp9 = tp8 ^ tp1;
-			tpb = tp9 ^ tp2;
-			tpd = tp9 ^ tp4;
-			tpe = tp8 ^ tp4 ^ tp2;
-#if defined(ROTATE)
-			rk[j] = tpe ^ ROTATE(tpd,16) ^
-				ROTATE(tp9,24) ^ ROTATE(tpb,8);
-#else
-			rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
-				(tp9 >> 8) ^ (tp9 << 24) ^
-				(tpb >> 24) ^ (tpb << 8);
-#endif
-		}
-	}
-	return 0;
-}
-
-#endif /* AES_ASM */
diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c
deleted file mode 100644
index 7c9d165d8a..0000000000
--- a/crypto/aes/aes_ctr.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-			size_t length, const AES_KEY *key,
-			unsigned char ivec[AES_BLOCK_SIZE],
-			unsigned char ecount_buf[AES_BLOCK_SIZE],
-			unsigned int *num) {
-	CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)AES_encrypt);
-}
diff --git a/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c
deleted file mode 100644
index 28aa561c2d..0000000000
--- a/crypto/aes/aes_ecb.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
-		     const AES_KEY *key, const int enc) {
-
-        assert(in && out && key);
-	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
-
-	if (AES_ENCRYPT == enc)
-		AES_encrypt(in, out, key);
-	else
-		AES_decrypt(in, out, key);
-}
-
diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c
deleted file mode 100644
index c161351e65..0000000000
--- a/crypto/aes/aes_ige.c
+++ /dev/null
@@ -1,323 +0,0 @@
-/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include "cryptlib.h"
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
-typedef struct {
-        unsigned long data[N_WORDS];
-} aes_block_t;
-
-/* XXX: probably some better way to do this */
-#if defined(__i386__) || defined(__x86_64__)
-#define UNALIGNED_MEMOPS_ARE_FAST 1
-#else
-#define UNALIGNED_MEMOPS_ARE_FAST 0
-#endif
-
-#if UNALIGNED_MEMOPS_ARE_FAST
-#define load_block(d, s)        (d) = *(const aes_block_t *)(s)
-#define store_block(d, s)       *(aes_block_t *)(d) = (s)
-#else
-#define load_block(d, s)        memcpy((d).data, (s), AES_BLOCK_SIZE)
-#define store_block(d, s)       memcpy((d), (s).data, AES_BLOCK_SIZE)
-#endif
-
-/* N.B. The IV for this mode is _twice_ the block size */
-
-void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-					 size_t length, const AES_KEY *key,
-					 unsigned char *ivec, const int enc)
-	{
-	size_t n;
-	size_t len = length;
-
-	OPENSSL_assert(in && out && key && ivec);
-	OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
-	OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
-
-	len = length / AES_BLOCK_SIZE;
-
-	if (AES_ENCRYPT == enc)
-		{
-		if (in != out &&
-		    (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
-			{
-			aes_block_t *ivp = (aes_block_t *)ivec;
-			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
-
-			while (len)
-				{
-				aes_block_t *inp = (aes_block_t *)in;
-				aes_block_t *outp = (aes_block_t *)out;
-
-				for(n=0 ; n < N_WORDS; ++n)
-					outp->data[n] = inp->data[n] ^ ivp->data[n];
-				AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key);
-				for(n=0 ; n < N_WORDS; ++n)
-					outp->data[n] ^= iv2p->data[n];
-				ivp = outp;
-				iv2p = inp;
-				--len;
-				in += AES_BLOCK_SIZE;
-				out += AES_BLOCK_SIZE;
-				}
-			memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
-			memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
-			}
-		else
-			{
-			aes_block_t tmp, tmp2;
-			aes_block_t iv;
-			aes_block_t iv2;
-
-			load_block(iv, ivec);
-			load_block(iv2, ivec + AES_BLOCK_SIZE);
-
-			while (len)
-				{
-				load_block(tmp, in);
-				for(n=0 ; n < N_WORDS; ++n)
-					tmp2.data[n] = tmp.data[n] ^ iv.data[n];
-				AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key);
-				for(n=0 ; n < N_WORDS; ++n)
-					tmp2.data[n] ^= iv2.data[n];
-				store_block(out, tmp2);
-				iv = tmp2;
-				iv2 = tmp;
-				--len;
-				in += AES_BLOCK_SIZE;
-				out += AES_BLOCK_SIZE;
-				}
-			memcpy(ivec, iv.data, AES_BLOCK_SIZE);
-			memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
-			}
-		}
-	else
-		{
-		if (in != out &&
-		    (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
-			{
-			aes_block_t *ivp = (aes_block_t *)ivec;
-			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
-
-			while (len)
-				{
-				aes_block_t tmp;
-				aes_block_t *inp = (aes_block_t *)in;
-				aes_block_t *outp = (aes_block_t *)out;
-
-				for(n=0 ; n < N_WORDS; ++n)
-					tmp.data[n] = inp->data[n] ^ iv2p->data[n];
-				AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key);
-				for(n=0 ; n < N_WORDS; ++n)
-					outp->data[n] ^= ivp->data[n];
-				ivp = inp;
-				iv2p = outp;
-				--len;
-				in += AES_BLOCK_SIZE;
-				out += AES_BLOCK_SIZE;
-				}
-			memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
-			memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
-			}
-		else
-			{
-			aes_block_t tmp, tmp2;
-			aes_block_t iv;
-			aes_block_t iv2;
-
-			load_block(iv, ivec);
-			load_block(iv2, ivec + AES_BLOCK_SIZE);
-
-			while (len)
-				{
-				load_block(tmp, in);
-				tmp2 = tmp;
-				for(n=0 ; n < N_WORDS; ++n)
-					tmp.data[n] ^= iv2.data[n];
-				AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key);
-				for(n=0 ; n < N_WORDS; ++n)
-					tmp.data[n] ^= iv.data[n];
-				store_block(out, tmp);
-				iv = tmp2;
-				iv2 = tmp;
-				--len;
-				in += AES_BLOCK_SIZE;
-				out += AES_BLOCK_SIZE;
-				}
-			memcpy(ivec, iv.data, AES_BLOCK_SIZE);
-			memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
-			}
-		}
-	}
-
-/*
- * Note that its effectively impossible to do biIGE in anything other
- * than a single pass, so no provision is made for chaining.
- */
-
-/* N.B. The IV for this mode is _four times_ the block size */
-
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-						size_t length, const AES_KEY *key,
-						const AES_KEY *key2, const unsigned char *ivec,
-						const int enc)
-	{
-	size_t n;
-	size_t len = length;
-	unsigned char tmp[AES_BLOCK_SIZE];
-	unsigned char tmp2[AES_BLOCK_SIZE];
-	unsigned char tmp3[AES_BLOCK_SIZE];
-	unsigned char prev[AES_BLOCK_SIZE];
-	const unsigned char *iv;
-	const unsigned char *iv2;
-
-	OPENSSL_assert(in && out && key && ivec);
-	OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
-	OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
-
-	if (AES_ENCRYPT == enc)
-		{
-		/* XXX: Do a separate case for when in != out (strictly should
-		   check for overlap, too) */
-
-		/* First the forward pass */ 
-		iv = ivec;
-		iv2 = ivec + AES_BLOCK_SIZE;
-		while (len >= AES_BLOCK_SIZE)
-			{
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				out[n] = in[n] ^ iv[n];
-			AES_encrypt(out, out, key);
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				out[n] ^= iv2[n];
-			iv = out;
-			memcpy(prev, in, AES_BLOCK_SIZE);
-			iv2 = prev;
-			len -= AES_BLOCK_SIZE;
-			in += AES_BLOCK_SIZE;
-			out += AES_BLOCK_SIZE;
-			}
-
-		/* And now backwards */
-		iv = ivec + AES_BLOCK_SIZE*2;
-		iv2 = ivec + AES_BLOCK_SIZE*3;
-		len = length;
-		while(len >= AES_BLOCK_SIZE)
-			{
-			out -= AES_BLOCK_SIZE;
-			/* XXX: reduce copies by alternating between buffers */
-			memcpy(tmp, out, AES_BLOCK_SIZE);
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				out[n] ^= iv[n];
-			/*			hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
-			AES_encrypt(out, out, key);
-			/*			hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
-			/*			hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				out[n] ^= iv2[n];
-			/*			hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
-			iv = out;
-			memcpy(prev, tmp, AES_BLOCK_SIZE);
-			iv2 = prev;
-			len -= AES_BLOCK_SIZE;
-			}
-		}
-	else
-		{
-		/* First backwards */
-		iv = ivec + AES_BLOCK_SIZE*2;
-		iv2 = ivec + AES_BLOCK_SIZE*3;
-		in += length;
-		out += length;
-		while (len >= AES_BLOCK_SIZE)
-			{
-			in -= AES_BLOCK_SIZE;
-			out -= AES_BLOCK_SIZE;
-			memcpy(tmp, in, AES_BLOCK_SIZE);
-			memcpy(tmp2, in, AES_BLOCK_SIZE);
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				tmp[n] ^= iv2[n];
-			AES_decrypt(tmp, out, key);
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				out[n] ^= iv[n];
-			memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-			iv = tmp3;
-			iv2 = out;
-			len -= AES_BLOCK_SIZE;
-			}
-
-		/* And now forwards */
-		iv = ivec;
-		iv2 = ivec + AES_BLOCK_SIZE;
-		len = length;
-		while (len >= AES_BLOCK_SIZE)
-			{
-			memcpy(tmp, out, AES_BLOCK_SIZE);
-			memcpy(tmp2, out, AES_BLOCK_SIZE);
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				tmp[n] ^= iv2[n];
-			AES_decrypt(tmp, out, key);
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				out[n] ^= iv[n];
-			memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-			iv = tmp3;
-			iv2 = out;
-			len -= AES_BLOCK_SIZE;
-			in += AES_BLOCK_SIZE;
-			out += AES_BLOCK_SIZE;
-			}
-		}
-	}
diff --git a/crypto/aes/aes_locl.h b/crypto/aes/aes_locl.h
deleted file mode 100644
index 054b442d41..0000000000
--- a/crypto/aes/aes_locl.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_AES_LOCL_H
-#define HEADER_AES_LOCL_H
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_AES
-#error AES is disabled.
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
-# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
-# define GETU32(p) SWAP(*((u32 *)(p)))
-# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
-#else
-# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
-# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
-#endif
-
-#ifdef AES_LONG
-typedef unsigned long u32;
-#else
-typedef unsigned int u32;
-#endif
-typedef unsigned short u16;
-typedef unsigned char u8;
-
-#define MAXKC   (256/32)
-#define MAXKB   (256/8)
-#define MAXNR   14
-
-/* This controls loop-unrolling in aes_core.c */
-#undef FULL_UNROLL
-
-#endif /* !HEADER_AES_LOCL_H */
diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c
deleted file mode 100644
index f083488ecb..0000000000
--- a/crypto/aes/aes_misc.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-const char AES_version[]="AES" OPENSSL_VERSION_PTEXT;
-
-const char *AES_options(void) {
-#ifdef FULL_UNROLL
-        return "aes(full)";
-#else   
-        return "aes(partial)";
-#endif
-}
-
-/* FIPS wrapper functions to block low level AES calls in FIPS mode */
-
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-			AES_KEY *key)
-	{
-#ifdef OPENSSL_FIPS
-	fips_cipher_abort(AES);
-#endif
-	return private_AES_set_encrypt_key(userKey, bits, key);
-	}
-
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-			AES_KEY *key)
-	{
-#ifdef OPENSSL_FIPS
-	fips_cipher_abort(AES);
-#endif
-	return private_AES_set_decrypt_key(userKey, bits, key);
-	}
diff --git a/crypto/aes/aes_ofb.c b/crypto/aes/aes_ofb.c
deleted file mode 100644
index 50bf0b8325..0000000000
--- a/crypto/aes/aes_ofb.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/modes.h>
-
-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, int *num)
-{
-	CRYPTO_ofb128_encrypt(in,out,length,key,ivec,num,(block128_f)AES_encrypt);
-}
diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c
deleted file mode 100644
index e2d73d37ce..0000000000
--- a/crypto/aes/aes_wrap.c
+++ /dev/null
@@ -1,259 +0,0 @@
-/* crypto/aes/aes_wrap.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/aes.h>
-#include <openssl/bio.h>
-
-static const unsigned char default_iv[] = {
-  0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
-};
-
-int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
-		unsigned char *out,
-		const unsigned char *in, unsigned int inlen)
-	{
-	unsigned char *A, B[16], *R;
-	unsigned int i, j, t;
-	if ((inlen & 0x7) || (inlen < 8))
-		return -1;
-	A = B;
-	t = 1;
-	memcpy(out + 8, in, inlen);
-	if (!iv)
-		iv = default_iv;
-
-	memcpy(A, iv, 8);
-
-	for (j = 0; j < 6; j++)
-		{
-		R = out + 8;
-		for (i = 0; i < inlen; i += 8, t++, R += 8)
-			{
-			memcpy(B + 8, R, 8);
-			AES_encrypt(B, B, key);
-			A[7] ^= (unsigned char)(t & 0xff);
-			if (t > 0xff)	
-				{
-				A[6] ^= (unsigned char)((t >> 8) & 0xff);
-				A[5] ^= (unsigned char)((t >> 16) & 0xff);
-				A[4] ^= (unsigned char)((t >> 24) & 0xff);
-				}
-			memcpy(R, B + 8, 8);
-			}
-		}
-	memcpy(out, A, 8);
-	return inlen + 8;
-	}
-
-int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
-		unsigned char *out,
-		const unsigned char *in, unsigned int inlen)
-	{
-	unsigned char *A, B[16], *R;
-	unsigned int i, j, t;
-	inlen -= 8;
-	if (inlen & 0x7)
-		return -1;
-	if (inlen < 8)
-		return -1;
-	A = B;
-	t =  6 * (inlen >> 3);
-	memcpy(A, in, 8);
-	memcpy(out, in + 8, inlen);
-	for (j = 0; j < 6; j++)
-		{
-		R = out + inlen - 8;
-		for (i = 0; i < inlen; i += 8, t--, R -= 8)
-			{
-			A[7] ^= (unsigned char)(t & 0xff);
-			if (t > 0xff)	
-				{
-				A[6] ^= (unsigned char)((t >> 8) & 0xff);
-				A[5] ^= (unsigned char)((t >> 16) & 0xff);
-				A[4] ^= (unsigned char)((t >> 24) & 0xff);
-				}
-			memcpy(B + 8, R, 8);
-			AES_decrypt(B, B, key);
-			memcpy(R, B + 8, 8);
-			}
-		}
-	if (!iv)
-		iv = default_iv;
-	if (memcmp(A, iv, 8))
-		{
-		OPENSSL_cleanse(out, inlen);
-		return 0;
-		}
-	return inlen;
-	}
-
-#ifdef AES_WRAP_TEST
-
-int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
-			 const unsigned char *iv,
-			 const unsigned char *eout,
-			 const unsigned char *key, int keylen)
-	{
-	unsigned char *otmp = NULL, *ptmp = NULL;
-	int r, ret = 0;
-	AES_KEY wctx;
-	otmp = OPENSSL_malloc(keylen + 8);
-	ptmp = OPENSSL_malloc(keylen);
-	if (!otmp || !ptmp)
-		return 0;
-	if (AES_set_encrypt_key(kek, keybits, &wctx))
-		goto err;
-	r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
-	if (r <= 0)
-		goto err;
-
-	if (eout && memcmp(eout, otmp, keylen))
-		goto err;
-		
-	if (AES_set_decrypt_key(kek, keybits, &wctx))
-		goto err;
-	r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
-
-	if (memcmp(key, ptmp, keylen))
-		goto err;
-
-	ret = 1;
-
-	err:
-	if (otmp)
-		OPENSSL_free(otmp);
-	if (ptmp)
-		OPENSSL_free(ptmp);
-
-	return ret;
-
-	}
-
-
-
-int main(int argc, char **argv)
-{
-
-static const unsigned char kek[] = {
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
-};
-
-static const unsigned char key[] = {
-  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
-};
-
-static const unsigned char e1[] = {
-  0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
-  0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
-  0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
-};
-
-static const unsigned char e2[] = {
-  0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
-  0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
-  0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
-};
-
-static const unsigned char e3[] = {
-  0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
-  0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
-  0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
-};
-
-static const unsigned char e4[] = {
-  0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
-  0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
-  0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
-  0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
-};
-
-static const unsigned char e5[] = {
-  0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
-  0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
-  0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
-  0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
-};
-
-static const unsigned char e6[] = {
-  0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
-  0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
-  0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
-  0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
-  0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
-};
-
-	AES_KEY wctx, xctx;
-	int ret;
-	ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
-	fprintf(stderr, "Key test result %d\n", ret);
-}
-	
-	
-#endif
diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c
deleted file mode 100644
index d323e265c0..0000000000
--- a/crypto/aes/aes_x86core.c
+++ /dev/null
@@ -1,1063 +0,0 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
-/**
- * rijndael-alg-fst.c
- *
- * @version 3.0 (December 2000)
- *
- * Optimised ANSI C code for the Rijndael cipher (now AES)
- *
- * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
- * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
- * @author Paulo Barreto <paulo.barreto@terra.com.br>
- *
- * This code is hereby placed in the public domain.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
- * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
- * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This is experimental x86[_64] derivative. It assumes little-endian
- * byte order and expects CPU to sustain unaligned memory references.
- * It is used as playground for cache-time attack mitigations and
- * serves as reference C implementation for x86[_64] assembler.
- *
- *					<appro@fy.chalmers.se>
- */
-
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <stdlib.h>
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-/*
- * These two parameters control which table, 256-byte or 2KB, is
- * referenced in outer and respectively inner rounds.
- */
-#define AES_COMPACT_IN_OUTER_ROUNDS
-#ifdef  AES_COMPACT_IN_OUTER_ROUNDS
-/* AES_COMPACT_IN_OUTER_ROUNDS costs ~30% in performance, while
- * adding AES_COMPACT_IN_INNER_ROUNDS reduces benchmark *further*
- * by factor of ~2. */
-# undef  AES_COMPACT_IN_INNER_ROUNDS
-#endif
-
-#if 1
-static void prefetch256(const void *table)
-{
-	volatile unsigned long *t=(void *)table,ret;
-	unsigned long sum;
-	int i;
-
-	/* 32 is common least cache-line size */
-	for (sum=0,i=0;i<256/sizeof(t[0]);i+=32/sizeof(t[0]))	sum ^= t[i];
-
-	ret = sum;
-}
-#else
-# define prefetch256(t)
-#endif
-
-#undef GETU32
-#define GETU32(p) (*((u32*)(p)))
-
-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-typedef unsigned __int64 u64;
-#define U64(C)	C##UI64
-#elif defined(__arch64__)
-typedef unsigned long u64;
-#define U64(C)	C##UL
-#else
-typedef unsigned long long u64;
-#define U64(C)	C##ULL
-#endif
-
-#undef ROTATE
-#if defined(_MSC_VER) || defined(__ICC)
-# define ROTATE(a,n)	_lrotl(a,n)
-#elif defined(__GNUC__) && __GNUC__>=2
-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#   define ROTATE(a,n)	({ register unsigned int ret;	\
-				asm (			\
-				"roll %1,%0"		\
-				: "=r"(ret)		\
-				: "I"(n), "0"(a)	\
-				: "cc");		\
-			   ret;				\
-			})
-# endif
-#endif
-/*
-Te [x] = S [x].[02, 01, 01, 03, 02, 01, 01, 03];
-Te0[x] = S [x].[02, 01, 01, 03];
-Te1[x] = S [x].[03, 02, 01, 01];
-Te2[x] = S [x].[01, 03, 02, 01];
-Te3[x] = S [x].[01, 01, 03, 02];
-*/
-#define Te0 (u32)((u64*)((u8*)Te+0))
-#define Te1 (u32)((u64*)((u8*)Te+3))
-#define Te2 (u32)((u64*)((u8*)Te+2))
-#define Te3 (u32)((u64*)((u8*)Te+1))
-/*
-Td [x] = Si[x].[0e, 09, 0d, 0b, 0e, 09, 0d, 0b];
-Td0[x] = Si[x].[0e, 09, 0d, 0b];
-Td1[x] = Si[x].[0b, 0e, 09, 0d];
-Td2[x] = Si[x].[0d, 0b, 0e, 09];
-Td3[x] = Si[x].[09, 0d, 0b, 0e];
-Td4[x] = Si[x].[01];
-*/
-#define Td0 (u32)((u64*)((u8*)Td+0))
-#define Td1 (u32)((u64*)((u8*)Td+3))
-#define Td2 (u32)((u64*)((u8*)Td+2))
-#define Td3 (u32)((u64*)((u8*)Td+1))
-
-static const u64 Te[256] = {
-    U64(0xa56363c6a56363c6), U64(0x847c7cf8847c7cf8),
-    U64(0x997777ee997777ee), U64(0x8d7b7bf68d7b7bf6),
-    U64(0x0df2f2ff0df2f2ff), U64(0xbd6b6bd6bd6b6bd6),
-    U64(0xb16f6fdeb16f6fde), U64(0x54c5c59154c5c591),
-    U64(0x5030306050303060), U64(0x0301010203010102),
-    U64(0xa96767cea96767ce), U64(0x7d2b2b567d2b2b56),
-    U64(0x19fefee719fefee7), U64(0x62d7d7b562d7d7b5),
-    U64(0xe6abab4de6abab4d), U64(0x9a7676ec9a7676ec),
-    U64(0x45caca8f45caca8f), U64(0x9d82821f9d82821f),
-    U64(0x40c9c98940c9c989), U64(0x877d7dfa877d7dfa),
-    U64(0x15fafaef15fafaef), U64(0xeb5959b2eb5959b2),
-    U64(0xc947478ec947478e), U64(0x0bf0f0fb0bf0f0fb),
-    U64(0xecadad41ecadad41), U64(0x67d4d4b367d4d4b3),
-    U64(0xfda2a25ffda2a25f), U64(0xeaafaf45eaafaf45),
-    U64(0xbf9c9c23bf9c9c23), U64(0xf7a4a453f7a4a453),
-    U64(0x967272e4967272e4), U64(0x5bc0c09b5bc0c09b),
-    U64(0xc2b7b775c2b7b775), U64(0x1cfdfde11cfdfde1),
-    U64(0xae93933dae93933d), U64(0x6a26264c6a26264c),
-    U64(0x5a36366c5a36366c), U64(0x413f3f7e413f3f7e),
-    U64(0x02f7f7f502f7f7f5), U64(0x4fcccc834fcccc83),
-    U64(0x5c3434685c343468), U64(0xf4a5a551f4a5a551),
-    U64(0x34e5e5d134e5e5d1), U64(0x08f1f1f908f1f1f9),
-    U64(0x937171e2937171e2), U64(0x73d8d8ab73d8d8ab),
-    U64(0x5331316253313162), U64(0x3f15152a3f15152a),
-    U64(0x0c0404080c040408), U64(0x52c7c79552c7c795),
-    U64(0x6523234665232346), U64(0x5ec3c39d5ec3c39d),
-    U64(0x2818183028181830), U64(0xa1969637a1969637),
-    U64(0x0f05050a0f05050a), U64(0xb59a9a2fb59a9a2f),
-    U64(0x0907070e0907070e), U64(0x3612122436121224),
-    U64(0x9b80801b9b80801b), U64(0x3de2e2df3de2e2df),
-    U64(0x26ebebcd26ebebcd), U64(0x6927274e6927274e),
-    U64(0xcdb2b27fcdb2b27f), U64(0x9f7575ea9f7575ea),
-    U64(0x1b0909121b090912), U64(0x9e83831d9e83831d),
-    U64(0x742c2c58742c2c58), U64(0x2e1a1a342e1a1a34),
-    U64(0x2d1b1b362d1b1b36), U64(0xb26e6edcb26e6edc),
-    U64(0xee5a5ab4ee5a5ab4), U64(0xfba0a05bfba0a05b),
-    U64(0xf65252a4f65252a4), U64(0x4d3b3b764d3b3b76),
-    U64(0x61d6d6b761d6d6b7), U64(0xceb3b37dceb3b37d),
-    U64(0x7b2929527b292952), U64(0x3ee3e3dd3ee3e3dd),
-    U64(0x712f2f5e712f2f5e), U64(0x9784841397848413),
-    U64(0xf55353a6f55353a6), U64(0x68d1d1b968d1d1b9),
-    U64(0x0000000000000000), U64(0x2cededc12cededc1),
-    U64(0x6020204060202040), U64(0x1ffcfce31ffcfce3),
-    U64(0xc8b1b179c8b1b179), U64(0xed5b5bb6ed5b5bb6),
-    U64(0xbe6a6ad4be6a6ad4), U64(0x46cbcb8d46cbcb8d),
-    U64(0xd9bebe67d9bebe67), U64(0x4b3939724b393972),
-    U64(0xde4a4a94de4a4a94), U64(0xd44c4c98d44c4c98),
-    U64(0xe85858b0e85858b0), U64(0x4acfcf854acfcf85),
-    U64(0x6bd0d0bb6bd0d0bb), U64(0x2aefefc52aefefc5),
-    U64(0xe5aaaa4fe5aaaa4f), U64(0x16fbfbed16fbfbed),
-    U64(0xc5434386c5434386), U64(0xd74d4d9ad74d4d9a),
-    U64(0x5533336655333366), U64(0x9485851194858511),
-    U64(0xcf45458acf45458a), U64(0x10f9f9e910f9f9e9),
-    U64(0x0602020406020204), U64(0x817f7ffe817f7ffe),
-    U64(0xf05050a0f05050a0), U64(0x443c3c78443c3c78),
-    U64(0xba9f9f25ba9f9f25), U64(0xe3a8a84be3a8a84b),
-    U64(0xf35151a2f35151a2), U64(0xfea3a35dfea3a35d),
-    U64(0xc0404080c0404080), U64(0x8a8f8f058a8f8f05),
-    U64(0xad92923fad92923f), U64(0xbc9d9d21bc9d9d21),
-    U64(0x4838387048383870), U64(0x04f5f5f104f5f5f1),
-    U64(0xdfbcbc63dfbcbc63), U64(0xc1b6b677c1b6b677),
-    U64(0x75dadaaf75dadaaf), U64(0x6321214263212142),
-    U64(0x3010102030101020), U64(0x1affffe51affffe5),
-    U64(0x0ef3f3fd0ef3f3fd), U64(0x6dd2d2bf6dd2d2bf),
-    U64(0x4ccdcd814ccdcd81), U64(0x140c0c18140c0c18),
-    U64(0x3513132635131326), U64(0x2fececc32fececc3),
-    U64(0xe15f5fbee15f5fbe), U64(0xa2979735a2979735),
-    U64(0xcc444488cc444488), U64(0x3917172e3917172e),
-    U64(0x57c4c49357c4c493), U64(0xf2a7a755f2a7a755),
-    U64(0x827e7efc827e7efc), U64(0x473d3d7a473d3d7a),
-    U64(0xac6464c8ac6464c8), U64(0xe75d5dbae75d5dba),
-    U64(0x2b1919322b191932), U64(0x957373e6957373e6),
-    U64(0xa06060c0a06060c0), U64(0x9881811998818119),
-    U64(0xd14f4f9ed14f4f9e), U64(0x7fdcdca37fdcdca3),
-    U64(0x6622224466222244), U64(0x7e2a2a547e2a2a54),
-    U64(0xab90903bab90903b), U64(0x8388880b8388880b),
-    U64(0xca46468cca46468c), U64(0x29eeeec729eeeec7),
-    U64(0xd3b8b86bd3b8b86b), U64(0x3c1414283c141428),
-    U64(0x79dedea779dedea7), U64(0xe25e5ebce25e5ebc),
-    U64(0x1d0b0b161d0b0b16), U64(0x76dbdbad76dbdbad),
-    U64(0x3be0e0db3be0e0db), U64(0x5632326456323264),
-    U64(0x4e3a3a744e3a3a74), U64(0x1e0a0a141e0a0a14),
-    U64(0xdb494992db494992), U64(0x0a06060c0a06060c),
-    U64(0x6c2424486c242448), U64(0xe45c5cb8e45c5cb8),
-    U64(0x5dc2c29f5dc2c29f), U64(0x6ed3d3bd6ed3d3bd),
-    U64(0xefacac43efacac43), U64(0xa66262c4a66262c4),
-    U64(0xa8919139a8919139), U64(0xa4959531a4959531),
-    U64(0x37e4e4d337e4e4d3), U64(0x8b7979f28b7979f2),
-    U64(0x32e7e7d532e7e7d5), U64(0x43c8c88b43c8c88b),
-    U64(0x5937376e5937376e), U64(0xb76d6ddab76d6dda),
-    U64(0x8c8d8d018c8d8d01), U64(0x64d5d5b164d5d5b1),
-    U64(0xd24e4e9cd24e4e9c), U64(0xe0a9a949e0a9a949),
-    U64(0xb46c6cd8b46c6cd8), U64(0xfa5656acfa5656ac),
-    U64(0x07f4f4f307f4f4f3), U64(0x25eaeacf25eaeacf),
-    U64(0xaf6565caaf6565ca), U64(0x8e7a7af48e7a7af4),
-    U64(0xe9aeae47e9aeae47), U64(0x1808081018080810),
-    U64(0xd5baba6fd5baba6f), U64(0x887878f0887878f0),
-    U64(0x6f25254a6f25254a), U64(0x722e2e5c722e2e5c),
-    U64(0x241c1c38241c1c38), U64(0xf1a6a657f1a6a657),
-    U64(0xc7b4b473c7b4b473), U64(0x51c6c69751c6c697),
-    U64(0x23e8e8cb23e8e8cb), U64(0x7cdddda17cdddda1),
-    U64(0x9c7474e89c7474e8), U64(0x211f1f3e211f1f3e),
-    U64(0xdd4b4b96dd4b4b96), U64(0xdcbdbd61dcbdbd61),
-    U64(0x868b8b0d868b8b0d), U64(0x858a8a0f858a8a0f),
-    U64(0x907070e0907070e0), U64(0x423e3e7c423e3e7c),
-    U64(0xc4b5b571c4b5b571), U64(0xaa6666ccaa6666cc),
-    U64(0xd8484890d8484890), U64(0x0503030605030306),
-    U64(0x01f6f6f701f6f6f7), U64(0x120e0e1c120e0e1c),
-    U64(0xa36161c2a36161c2), U64(0x5f35356a5f35356a),
-    U64(0xf95757aef95757ae), U64(0xd0b9b969d0b9b969),
-    U64(0x9186861791868617), U64(0x58c1c19958c1c199),
-    U64(0x271d1d3a271d1d3a), U64(0xb99e9e27b99e9e27),
-    U64(0x38e1e1d938e1e1d9), U64(0x13f8f8eb13f8f8eb),
-    U64(0xb398982bb398982b), U64(0x3311112233111122),
-    U64(0xbb6969d2bb6969d2), U64(0x70d9d9a970d9d9a9),
-    U64(0x898e8e07898e8e07), U64(0xa7949433a7949433),
-    U64(0xb69b9b2db69b9b2d), U64(0x221e1e3c221e1e3c),
-    U64(0x9287871592878715), U64(0x20e9e9c920e9e9c9),
-    U64(0x49cece8749cece87), U64(0xff5555aaff5555aa),
-    U64(0x7828285078282850), U64(0x7adfdfa57adfdfa5),
-    U64(0x8f8c8c038f8c8c03), U64(0xf8a1a159f8a1a159),
-    U64(0x8089890980898909), U64(0x170d0d1a170d0d1a),
-    U64(0xdabfbf65dabfbf65), U64(0x31e6e6d731e6e6d7),
-    U64(0xc6424284c6424284), U64(0xb86868d0b86868d0),
-    U64(0xc3414182c3414182), U64(0xb0999929b0999929),
-    U64(0x772d2d5a772d2d5a), U64(0x110f0f1e110f0f1e),
-    U64(0xcbb0b07bcbb0b07b), U64(0xfc5454a8fc5454a8),
-    U64(0xd6bbbb6dd6bbbb6d), U64(0x3a16162c3a16162c)
-};
-
-static const u8 Te4[256] = {
-    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
-    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
-    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
-    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
-    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
-    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
-    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
-    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
-    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
-    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
-    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
-    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
-    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
-    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
-    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
-    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
-    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
-    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
-    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
-    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
-    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
-    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
-    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
-    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
-    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
-    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
-    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
-    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
-    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
-    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
-    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
-    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
-};
-
-static const u64 Td[256] = {
-    U64(0x50a7f45150a7f451), U64(0x5365417e5365417e),
-    U64(0xc3a4171ac3a4171a), U64(0x965e273a965e273a),
-    U64(0xcb6bab3bcb6bab3b), U64(0xf1459d1ff1459d1f),
-    U64(0xab58faacab58faac), U64(0x9303e34b9303e34b),
-    U64(0x55fa302055fa3020), U64(0xf66d76adf66d76ad),
-    U64(0x9176cc889176cc88), U64(0x254c02f5254c02f5),
-    U64(0xfcd7e54ffcd7e54f), U64(0xd7cb2ac5d7cb2ac5),
-    U64(0x8044352680443526), U64(0x8fa362b58fa362b5),
-    U64(0x495ab1de495ab1de), U64(0x671bba25671bba25),
-    U64(0x980eea45980eea45), U64(0xe1c0fe5de1c0fe5d),
-    U64(0x02752fc302752fc3), U64(0x12f04c8112f04c81),
-    U64(0xa397468da397468d), U64(0xc6f9d36bc6f9d36b),
-    U64(0xe75f8f03e75f8f03), U64(0x959c9215959c9215),
-    U64(0xeb7a6dbfeb7a6dbf), U64(0xda595295da595295),
-    U64(0x2d83bed42d83bed4), U64(0xd3217458d3217458),
-    U64(0x2969e0492969e049), U64(0x44c8c98e44c8c98e),
-    U64(0x6a89c2756a89c275), U64(0x78798ef478798ef4),
-    U64(0x6b3e58996b3e5899), U64(0xdd71b927dd71b927),
-    U64(0xb64fe1beb64fe1be), U64(0x17ad88f017ad88f0),
-    U64(0x66ac20c966ac20c9), U64(0xb43ace7db43ace7d),
-    U64(0x184adf63184adf63), U64(0x82311ae582311ae5),
-    U64(0x6033519760335197), U64(0x457f5362457f5362),
-    U64(0xe07764b1e07764b1), U64(0x84ae6bbb84ae6bbb),
-    U64(0x1ca081fe1ca081fe), U64(0x942b08f9942b08f9),
-    U64(0x5868487058684870), U64(0x19fd458f19fd458f),
-    U64(0x876cde94876cde94), U64(0xb7f87b52b7f87b52),
-    U64(0x23d373ab23d373ab), U64(0xe2024b72e2024b72),
-    U64(0x578f1fe3578f1fe3), U64(0x2aab55662aab5566),
-    U64(0x0728ebb20728ebb2), U64(0x03c2b52f03c2b52f),
-    U64(0x9a7bc5869a7bc586), U64(0xa50837d3a50837d3),
-    U64(0xf2872830f2872830), U64(0xb2a5bf23b2a5bf23),
-    U64(0xba6a0302ba6a0302), U64(0x5c8216ed5c8216ed),
-    U64(0x2b1ccf8a2b1ccf8a), U64(0x92b479a792b479a7),
-    U64(0xf0f207f3f0f207f3), U64(0xa1e2694ea1e2694e),
-    U64(0xcdf4da65cdf4da65), U64(0xd5be0506d5be0506),
-    U64(0x1f6234d11f6234d1), U64(0x8afea6c48afea6c4),
-    U64(0x9d532e349d532e34), U64(0xa055f3a2a055f3a2),
-    U64(0x32e18a0532e18a05), U64(0x75ebf6a475ebf6a4),
-    U64(0x39ec830b39ec830b), U64(0xaaef6040aaef6040),
-    U64(0x069f715e069f715e), U64(0x51106ebd51106ebd),
-    U64(0xf98a213ef98a213e), U64(0x3d06dd963d06dd96),
-    U64(0xae053eddae053edd), U64(0x46bde64d46bde64d),
-    U64(0xb58d5491b58d5491), U64(0x055dc471055dc471),
-    U64(0x6fd406046fd40604), U64(0xff155060ff155060),
-    U64(0x24fb981924fb9819), U64(0x97e9bdd697e9bdd6),
-    U64(0xcc434089cc434089), U64(0x779ed967779ed967),
-    U64(0xbd42e8b0bd42e8b0), U64(0x888b8907888b8907),
-    U64(0x385b19e7385b19e7), U64(0xdbeec879dbeec879),
-    U64(0x470a7ca1470a7ca1), U64(0xe90f427ce90f427c),
-    U64(0xc91e84f8c91e84f8), U64(0x0000000000000000),
-    U64(0x8386800983868009), U64(0x48ed2b3248ed2b32),
-    U64(0xac70111eac70111e), U64(0x4e725a6c4e725a6c),
-    U64(0xfbff0efdfbff0efd), U64(0x5638850f5638850f),
-    U64(0x1ed5ae3d1ed5ae3d), U64(0x27392d3627392d36),
-    U64(0x64d90f0a64d90f0a), U64(0x21a65c6821a65c68),
-    U64(0xd1545b9bd1545b9b), U64(0x3a2e36243a2e3624),
-    U64(0xb1670a0cb1670a0c), U64(0x0fe757930fe75793),
-    U64(0xd296eeb4d296eeb4), U64(0x9e919b1b9e919b1b),
-    U64(0x4fc5c0804fc5c080), U64(0xa220dc61a220dc61),
-    U64(0x694b775a694b775a), U64(0x161a121c161a121c),
-    U64(0x0aba93e20aba93e2), U64(0xe52aa0c0e52aa0c0),
-    U64(0x43e0223c43e0223c), U64(0x1d171b121d171b12),
-    U64(0x0b0d090e0b0d090e), U64(0xadc78bf2adc78bf2),
-    U64(0xb9a8b62db9a8b62d), U64(0xc8a91e14c8a91e14),
-    U64(0x8519f1578519f157), U64(0x4c0775af4c0775af),
-    U64(0xbbdd99eebbdd99ee), U64(0xfd607fa3fd607fa3),
-    U64(0x9f2601f79f2601f7), U64(0xbcf5725cbcf5725c),
-    U64(0xc53b6644c53b6644), U64(0x347efb5b347efb5b),
-    U64(0x7629438b7629438b), U64(0xdcc623cbdcc623cb),
-    U64(0x68fcedb668fcedb6), U64(0x63f1e4b863f1e4b8),
-    U64(0xcadc31d7cadc31d7), U64(0x1085634210856342),
-    U64(0x4022971340229713), U64(0x2011c6842011c684),
-    U64(0x7d244a857d244a85), U64(0xf83dbbd2f83dbbd2),
-    U64(0x1132f9ae1132f9ae), U64(0x6da129c76da129c7),
-    U64(0x4b2f9e1d4b2f9e1d), U64(0xf330b2dcf330b2dc),
-    U64(0xec52860dec52860d), U64(0xd0e3c177d0e3c177),
-    U64(0x6c16b32b6c16b32b), U64(0x99b970a999b970a9),
-    U64(0xfa489411fa489411), U64(0x2264e9472264e947),
-    U64(0xc48cfca8c48cfca8), U64(0x1a3ff0a01a3ff0a0),
-    U64(0xd82c7d56d82c7d56), U64(0xef903322ef903322),
-    U64(0xc74e4987c74e4987), U64(0xc1d138d9c1d138d9),
-    U64(0xfea2ca8cfea2ca8c), U64(0x360bd498360bd498),
-    U64(0xcf81f5a6cf81f5a6), U64(0x28de7aa528de7aa5),
-    U64(0x268eb7da268eb7da), U64(0xa4bfad3fa4bfad3f),
-    U64(0xe49d3a2ce49d3a2c), U64(0x0d9278500d927850),
-    U64(0x9bcc5f6a9bcc5f6a), U64(0x62467e5462467e54),
-    U64(0xc2138df6c2138df6), U64(0xe8b8d890e8b8d890),
-    U64(0x5ef7392e5ef7392e), U64(0xf5afc382f5afc382),
-    U64(0xbe805d9fbe805d9f), U64(0x7c93d0697c93d069),
-    U64(0xa92dd56fa92dd56f), U64(0xb31225cfb31225cf),
-    U64(0x3b99acc83b99acc8), U64(0xa77d1810a77d1810),
-    U64(0x6e639ce86e639ce8), U64(0x7bbb3bdb7bbb3bdb),
-    U64(0x097826cd097826cd), U64(0xf418596ef418596e),
-    U64(0x01b79aec01b79aec), U64(0xa89a4f83a89a4f83),
-    U64(0x656e95e6656e95e6), U64(0x7ee6ffaa7ee6ffaa),
-    U64(0x08cfbc2108cfbc21), U64(0xe6e815efe6e815ef),
-    U64(0xd99be7bad99be7ba), U64(0xce366f4ace366f4a),
-    U64(0xd4099fead4099fea), U64(0xd67cb029d67cb029),
-    U64(0xafb2a431afb2a431), U64(0x31233f2a31233f2a),
-    U64(0x3094a5c63094a5c6), U64(0xc066a235c066a235),
-    U64(0x37bc4e7437bc4e74), U64(0xa6ca82fca6ca82fc),
-    U64(0xb0d090e0b0d090e0), U64(0x15d8a73315d8a733),
-    U64(0x4a9804f14a9804f1), U64(0xf7daec41f7daec41),
-    U64(0x0e50cd7f0e50cd7f), U64(0x2ff691172ff69117),
-    U64(0x8dd64d768dd64d76), U64(0x4db0ef434db0ef43),
-    U64(0x544daacc544daacc), U64(0xdf0496e4df0496e4),
-    U64(0xe3b5d19ee3b5d19e), U64(0x1b886a4c1b886a4c),
-    U64(0xb81f2cc1b81f2cc1), U64(0x7f5165467f516546),
-    U64(0x04ea5e9d04ea5e9d), U64(0x5d358c015d358c01),
-    U64(0x737487fa737487fa), U64(0x2e410bfb2e410bfb),
-    U64(0x5a1d67b35a1d67b3), U64(0x52d2db9252d2db92),
-    U64(0x335610e9335610e9), U64(0x1347d66d1347d66d),
-    U64(0x8c61d79a8c61d79a), U64(0x7a0ca1377a0ca137),
-    U64(0x8e14f8598e14f859), U64(0x893c13eb893c13eb),
-    U64(0xee27a9ceee27a9ce), U64(0x35c961b735c961b7),
-    U64(0xede51ce1ede51ce1), U64(0x3cb1477a3cb1477a),
-    U64(0x59dfd29c59dfd29c), U64(0x3f73f2553f73f255),
-    U64(0x79ce141879ce1418), U64(0xbf37c773bf37c773),
-    U64(0xeacdf753eacdf753), U64(0x5baafd5f5baafd5f),
-    U64(0x146f3ddf146f3ddf), U64(0x86db447886db4478),
-    U64(0x81f3afca81f3afca), U64(0x3ec468b93ec468b9),
-    U64(0x2c3424382c342438), U64(0x5f40a3c25f40a3c2),
-    U64(0x72c31d1672c31d16), U64(0x0c25e2bc0c25e2bc),
-    U64(0x8b493c288b493c28), U64(0x41950dff41950dff),
-    U64(0x7101a8397101a839), U64(0xdeb30c08deb30c08),
-    U64(0x9ce4b4d89ce4b4d8), U64(0x90c1566490c15664),
-    U64(0x6184cb7b6184cb7b), U64(0x70b632d570b632d5),
-    U64(0x745c6c48745c6c48), U64(0x4257b8d04257b8d0)
-};
-static const u8 Td4[256] = {
-    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
-    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
-    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
-    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
-    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
-    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
-    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
-    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
-    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
-    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
-    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
-    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
-    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
-    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
-    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
-    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
-    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
-    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
-    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
-    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
-    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
-    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
-    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
-    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
-    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
-    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
-    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
-    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
-    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
-    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
-    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
-    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU
-};
-
-static const u32 rcon[] = {
-    0x00000001U, 0x00000002U, 0x00000004U, 0x00000008U,
-    0x00000010U, 0x00000020U, 0x00000040U, 0x00000080U,
-    0x0000001bU, 0x00000036U, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
-};
-
-/**
- * Expand the cipher key into the encryption key schedule.
- */
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-			AES_KEY *key) {
-
-	u32 *rk;
-   	int i = 0;
-	u32 temp;
-
-	if (!userKey || !key)
-		return -1;
-	if (bits != 128 && bits != 192 && bits != 256)
-		return -2;
-
-	rk = key->rd_key;
-
-	if (bits==128)
-		key->rounds = 10;
-	else if (bits==192)
-		key->rounds = 12;
-	else
-		key->rounds = 14;
-
-	rk[0] = GETU32(userKey     );
-	rk[1] = GETU32(userKey +  4);
-	rk[2] = GETU32(userKey +  8);
-	rk[3] = GETU32(userKey + 12);
-	if (bits == 128) {
-		while (1) {
-			temp  = rk[3];
-			rk[4] = rk[0] ^
-				(Te4[(temp >>  8) & 0xff]      ) ^
-				(Te4[(temp >> 16) & 0xff] <<  8) ^
-				(Te4[(temp >> 24)       ] << 16) ^
-				(Te4[(temp      ) & 0xff] << 24) ^
-				rcon[i];
-			rk[5] = rk[1] ^ rk[4];
-			rk[6] = rk[2] ^ rk[5];
-			rk[7] = rk[3] ^ rk[6];
-			if (++i == 10) {
-				return 0;
-			}
-			rk += 4;
-		}
-	}
-	rk[4] = GETU32(userKey + 16);
-	rk[5] = GETU32(userKey + 20);
-	if (bits == 192) {
-		while (1) {
-			temp = rk[ 5];
-			rk[ 6] = rk[ 0] ^
-				(Te4[(temp >>  8) & 0xff]      ) ^
-				(Te4[(temp >> 16) & 0xff] <<  8) ^
-				(Te4[(temp >> 24)       ] << 16) ^
-				(Te4[(temp      ) & 0xff] << 24) ^
-				rcon[i];
-			rk[ 7] = rk[ 1] ^ rk[ 6];
-			rk[ 8] = rk[ 2] ^ rk[ 7];
-			rk[ 9] = rk[ 3] ^ rk[ 8];
-			if (++i == 8) {
-				return 0;
-			}
-			rk[10] = rk[ 4] ^ rk[ 9];
-			rk[11] = rk[ 5] ^ rk[10];
-			rk += 6;
-		}
-	}
-	rk[6] = GETU32(userKey + 24);
-	rk[7] = GETU32(userKey + 28);
-	if (bits == 256) {
-		while (1) {
-			temp = rk[ 7];
-			rk[ 8] = rk[ 0] ^
-				(Te4[(temp >>  8) & 0xff]      ) ^
-				(Te4[(temp >> 16) & 0xff] <<  8) ^
-				(Te4[(temp >> 24)       ] << 16) ^
-				(Te4[(temp      ) & 0xff] << 24) ^
-				rcon[i];
-			rk[ 9] = rk[ 1] ^ rk[ 8];
-			rk[10] = rk[ 2] ^ rk[ 9];
-			rk[11] = rk[ 3] ^ rk[10];
-			if (++i == 7) {
-				return 0;
-			}
-			temp = rk[11];
-			rk[12] = rk[ 4] ^
-				(Te4[(temp      ) & 0xff]      ) ^
-				(Te4[(temp >>  8) & 0xff] <<  8) ^
-				(Te4[(temp >> 16) & 0xff] << 16) ^
-				(Te4[(temp >> 24)       ] << 24);
-			rk[13] = rk[ 5] ^ rk[12];
-			rk[14] = rk[ 6] ^ rk[13];
-			rk[15] = rk[ 7] ^ rk[14];
-
-			rk += 8;
-        	}
-	}
-	return 0;
-}
-
-/**
- * Expand the cipher key into the decryption key schedule.
- */
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-			 AES_KEY *key) {
-
-        u32 *rk;
-	int i, j, status;
-	u32 temp;
-
-	/* first, start with an encryption schedule */
-	status = AES_set_encrypt_key(userKey, bits, key);
-	if (status < 0)
-		return status;
-
-	rk = key->rd_key;
-
-	/* invert the order of the round keys: */
-	for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
-		temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
-		temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
-		temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
-		temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
-	}
-	/* apply the inverse MixColumn transform to all round keys but the first and the last: */
-	for (i = 1; i < (key->rounds); i++) {
-		rk += 4;
-#if 1
-		for (j = 0; j < 4; j++) {
-			u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-
-			tp1 = rk[j];
-			m = tp1 & 0x80808080;
-			tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			m = tp2 & 0x80808080;
-			tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			m = tp4 & 0x80808080;
-			tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			tp9 = tp8 ^ tp1;
-			tpb = tp9 ^ tp2;
-			tpd = tp9 ^ tp4;
-			tpe = tp8 ^ tp4 ^ tp2;
-#if defined(ROTATE)
-			rk[j] = tpe ^ ROTATE(tpd,16) ^
-				ROTATE(tp9,8) ^ ROTATE(tpb,24);
-#else
-			rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
-				(tp9 >> 24) ^ (tp9 << 8) ^
-				(tpb >> 8) ^ (tpb << 24);
-#endif
-		}
-#else
-		rk[0] =
-			Td0[Te2[(rk[0]      ) & 0xff] & 0xff] ^
-			Td1[Te2[(rk[0] >>  8) & 0xff] & 0xff] ^
-			Td2[Te2[(rk[0] >> 16) & 0xff] & 0xff] ^
-			Td3[Te2[(rk[0] >> 24)       ] & 0xff];
-		rk[1] =
-			Td0[Te2[(rk[1]      ) & 0xff] & 0xff] ^
-			Td1[Te2[(rk[1] >>  8) & 0xff] & 0xff] ^
-			Td2[Te2[(rk[1] >> 16) & 0xff] & 0xff] ^
-			Td3[Te2[(rk[1] >> 24)       ] & 0xff];
-		rk[2] =
-			Td0[Te2[(rk[2]      ) & 0xff] & 0xff] ^
-			Td1[Te2[(rk[2] >>  8) & 0xff] & 0xff] ^
-			Td2[Te2[(rk[2] >> 16) & 0xff] & 0xff] ^
-			Td3[Te2[(rk[2] >> 24)       ] & 0xff];
-		rk[3] =
-			Td0[Te2[(rk[3]      ) & 0xff] & 0xff] ^
-			Td1[Te2[(rk[3] >>  8) & 0xff] & 0xff] ^
-			Td2[Te2[(rk[3] >> 16) & 0xff] & 0xff] ^
-			Td3[Te2[(rk[3] >> 24)       ] & 0xff];
-#endif
-	}
-	return 0;
-}
-
-/*
- * Encrypt a single block
- * in and out can overlap
- */
-void AES_encrypt(const unsigned char *in, unsigned char *out,
-		 const AES_KEY *key) {
-
-	const u32 *rk;
-	u32 s0, s1, s2, s3, t[4];
-	int r;
-
-	assert(in && out && key);
-	rk = key->rd_key;
-
-	/*
-	 * map byte array block to cipher state
-	 * and add initial round key:
-	 */
-	s0 = GETU32(in     ) ^ rk[0];
-	s1 = GETU32(in +  4) ^ rk[1];
-	s2 = GETU32(in +  8) ^ rk[2];
-	s3 = GETU32(in + 12) ^ rk[3];
-
-#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
-	prefetch256(Te4);
-
-	t[0] =	Te4[(s0      ) & 0xff]       ^
-		Te4[(s1 >>  8) & 0xff] <<  8 ^
-		Te4[(s2 >> 16) & 0xff] << 16 ^
-		Te4[(s3 >> 24)       ] << 24;
-	t[1] =	Te4[(s1      ) & 0xff]       ^
-		Te4[(s2 >>  8) & 0xff] <<  8 ^
-		Te4[(s3 >> 16) & 0xff] << 16 ^
-		Te4[(s0 >> 24)       ] << 24;
-	t[2] =	Te4[(s2      ) & 0xff]       ^
-		Te4[(s3 >>  8) & 0xff] <<  8 ^
-		Te4[(s0 >> 16) & 0xff] << 16 ^
-		Te4[(s1 >> 24)       ] << 24;
-	t[3] =	Te4[(s3      ) & 0xff]       ^
-		Te4[(s0 >>  8) & 0xff] <<  8 ^
-		Te4[(s1 >> 16) & 0xff] << 16 ^
-		Te4[(s2 >> 24)       ] << 24;
-
-	/* now do the linear transform using words */
-	{	int i;
-		u32 r0, r1, r2;
-
-		for (i = 0; i < 4; i++) {
-			r0 = t[i];
-			r1 = r0 & 0x80808080;
-			r2 = ((r0 & 0x7f7f7f7f) << 1) ^
-				((r1 - (r1 >> 7)) & 0x1b1b1b1b);
-#if defined(ROTATE)
-			t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^
-				ROTATE(r0,16) ^ ROTATE(r0,8);
-#else
-			t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^
-				(r0 << 16) ^ (r0 >> 16) ^
-				(r0 << 8) ^ (r0 >> 24);
-#endif
-			t[i] ^= rk[4+i];
-		}
-	}
-#else
-	t[0] =	Te0[(s0      ) & 0xff] ^
-		Te1[(s1 >>  8) & 0xff] ^
-		Te2[(s2 >> 16) & 0xff] ^
-		Te3[(s3 >> 24)       ] ^
-		rk[4];
-	t[1] =	Te0[(s1      ) & 0xff] ^
-		Te1[(s2 >>  8) & 0xff] ^
-		Te2[(s3 >> 16) & 0xff] ^
-		Te3[(s0 >> 24)       ] ^
-		rk[5];
-	t[2] =	Te0[(s2      ) & 0xff] ^
-		Te1[(s3 >>  8) & 0xff] ^
-		Te2[(s0 >> 16) & 0xff] ^
-		Te3[(s1 >> 24)       ] ^
-		rk[6];
-	t[3] =	Te0[(s3      ) & 0xff] ^
-		Te1[(s0 >>  8) & 0xff] ^
-		Te2[(s1 >> 16) & 0xff] ^
-		Te3[(s2 >> 24)       ] ^
-		rk[7];
-#endif
-	s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
-
-    /*
-     * Nr - 2 full rounds:
-     */
-    for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
-#if defined(AES_COMPACT_IN_INNER_ROUNDS)
-	t[0] =	Te4[(s0      ) & 0xff]       ^
-		Te4[(s1 >>  8) & 0xff] <<  8 ^
-		Te4[(s2 >> 16) & 0xff] << 16 ^
-		Te4[(s3 >> 24)       ] << 24;
-	t[1] =	Te4[(s1      ) & 0xff]       ^
-		Te4[(s2 >>  8) & 0xff] <<  8 ^
-		Te4[(s3 >> 16) & 0xff] << 16 ^
-		Te4[(s0 >> 24)       ] << 24;
-	t[2] =	Te4[(s2      ) & 0xff]       ^
-		Te4[(s3 >>  8) & 0xff] <<  8 ^
-		Te4[(s0 >> 16) & 0xff] << 16 ^
-		Te4[(s1 >> 24)       ] << 24;
-	t[3] =	Te4[(s3      ) & 0xff]       ^
-		Te4[(s0 >>  8) & 0xff] <<  8 ^
-		Te4[(s1 >> 16) & 0xff] << 16 ^
-		Te4[(s2 >> 24)       ] << 24;
-
-	/* now do the linear transform using words */
-	{	int i;
-		u32 r0, r1, r2;
-
-		for (i = 0; i < 4; i++) {
-			r0 = t[i];
-			r1 = r0 & 0x80808080;
-			r2 = ((r0 & 0x7f7f7f7f) << 1) ^
-				((r1 - (r1 >> 7)) & 0x1b1b1b1b);
-#if defined(ROTATE)
-			t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^
-				ROTATE(r0,16) ^ ROTATE(r0,8);
-#else
-			t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^
-				(r0 << 16) ^ (r0 >> 16) ^
-				(r0 << 8) ^ (r0 >> 24);
-#endif
-			t[i] ^= rk[i];
-		}
-	}
-#else
-	t[0] =	Te0[(s0      ) & 0xff] ^
-		Te1[(s1 >>  8) & 0xff] ^
-		Te2[(s2 >> 16) & 0xff] ^
-		Te3[(s3 >> 24)       ] ^
-		rk[0];
-	t[1] =	Te0[(s1      ) & 0xff] ^
-		Te1[(s2 >>  8) & 0xff] ^
-		Te2[(s3 >> 16) & 0xff] ^
-		Te3[(s0 >> 24)       ] ^
-		rk[1];
-	t[2] =	Te0[(s2      ) & 0xff] ^
-		Te1[(s3 >>  8) & 0xff] ^
-		Te2[(s0 >> 16) & 0xff] ^
-		Te3[(s1 >> 24)       ] ^
-		rk[2];
-	t[3] =	Te0[(s3      ) & 0xff] ^
-		Te1[(s0 >>  8) & 0xff] ^
-		Te2[(s1 >> 16) & 0xff] ^
-		Te3[(s2 >> 24)       ] ^
-		rk[3];
-#endif
-	s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
-    }
-    /*
-	 * apply last round and
-	 * map cipher state to byte array block:
-	 */
-#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
-	prefetch256(Te4);
-
-	*(u32*)(out+0) =
-		Te4[(s0      ) & 0xff]       ^
-		Te4[(s1 >>  8) & 0xff] <<  8 ^
-		Te4[(s2 >> 16) & 0xff] << 16 ^
-		Te4[(s3 >> 24)       ] << 24 ^
-		rk[0];
-	*(u32*)(out+4) =
-		Te4[(s1      ) & 0xff]       ^
-		Te4[(s2 >>  8) & 0xff] <<  8 ^
-		Te4[(s3 >> 16) & 0xff] << 16 ^
-		Te4[(s0 >> 24)       ] << 24 ^
-		rk[1];
-	*(u32*)(out+8) =
-		Te4[(s2      ) & 0xff]       ^
-		Te4[(s3 >>  8) & 0xff] <<  8 ^
-		Te4[(s0 >> 16) & 0xff] << 16 ^
-		Te4[(s1 >> 24)       ] << 24 ^
-		rk[2];
-	*(u32*)(out+12) =
-		Te4[(s3      ) & 0xff]       ^
-		Te4[(s0 >>  8) & 0xff] <<  8 ^
-		Te4[(s1 >> 16) & 0xff] << 16 ^
-		Te4[(s2 >> 24)       ] << 24 ^
-		rk[3];
-#else
-	*(u32*)(out+0) =
-		(Te2[(s0      ) & 0xff] & 0x000000ffU) ^
-		(Te3[(s1 >>  8) & 0xff] & 0x0000ff00U) ^
-		(Te0[(s2 >> 16) & 0xff] & 0x00ff0000U) ^
-		(Te1[(s3 >> 24)       ] & 0xff000000U) ^
-		rk[0];
-	*(u32*)(out+4) =
-		(Te2[(s1      ) & 0xff] & 0x000000ffU) ^
-		(Te3[(s2 >>  8) & 0xff] & 0x0000ff00U) ^
-		(Te0[(s3 >> 16) & 0xff] & 0x00ff0000U) ^
-		(Te1[(s0 >> 24)       ] & 0xff000000U) ^
-		rk[1];
-	*(u32*)(out+8) =
-		(Te2[(s2      ) & 0xff] & 0x000000ffU) ^
-		(Te3[(s3 >>  8) & 0xff] & 0x0000ff00U) ^
-		(Te0[(s0 >> 16) & 0xff] & 0x00ff0000U) ^
-		(Te1[(s1 >> 24)       ] & 0xff000000U) ^
-		rk[2];
-	*(u32*)(out+12) =
-		(Te2[(s3      ) & 0xff] & 0x000000ffU) ^
-		(Te3[(s0 >>  8) & 0xff] & 0x0000ff00U) ^
-		(Te0[(s1 >> 16) & 0xff] & 0x00ff0000U) ^
-		(Te1[(s2 >> 24)       ] & 0xff000000U) ^
-		rk[3];
-#endif
-}
-
-/*
- * Decrypt a single block
- * in and out can overlap
- */
-void AES_decrypt(const unsigned char *in, unsigned char *out,
-		 const AES_KEY *key) {
-
-	const u32 *rk;
-	u32 s0, s1, s2, s3, t[4];
-	int r;
-
-	assert(in && out && key);
-	rk = key->rd_key;
-
-	/*
-	 * map byte array block to cipher state
-	 * and add initial round key:
-	 */
-	s0 = GETU32(in     ) ^ rk[0];
-	s1 = GETU32(in +  4) ^ rk[1];
-	s2 = GETU32(in +  8) ^ rk[2];
-	s3 = GETU32(in + 12) ^ rk[3];
-
-#if defined(AES_COMPACT_IN_OUTER_ROUNDS)
-	prefetch256(Td4);
-
-        t[0] =	Td4[(s0      ) & 0xff]       ^
-		Td4[(s3 >>  8) & 0xff] <<  8 ^
-		Td4[(s2 >> 16) & 0xff] << 16 ^
-		Td4[(s1 >> 24)       ] << 24;
-        t[1] =	Td4[(s1      ) & 0xff]       ^
-		Td4[(s0 >>  8) & 0xff] <<  8 ^
-		Td4[(s3 >> 16) & 0xff] << 16 ^
-		Td4[(s2 >> 24)       ] << 24;
-        t[2] =	Td4[(s2      ) & 0xff]       ^
-		Td4[(s1 >>  8) & 0xff] <<  8 ^
-		Td4[(s0 >> 16) & 0xff] << 16 ^
-		Td4[(s3 >> 24)       ] << 24;
-        t[3] =	Td4[(s3      ) & 0xff]       ^
-		Td4[(s2 >>  8) & 0xff] <<  8 ^
-		Td4[(s1 >> 16) & 0xff] << 16 ^
-		Td4[(s0 >> 24)       ] << 24;
-
-	/* now do the linear transform using words */ 
-	{	int i;
-		u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-
-		for (i = 0; i < 4; i++) {
-			tp1 = t[i];
-			m = tp1 & 0x80808080;
-			tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			m = tp2 & 0x80808080;
-			tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			m = tp4 & 0x80808080;
-			tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			tp9 = tp8 ^ tp1;
-			tpb = tp9 ^ tp2;
-			tpd = tp9 ^ tp4;
-			tpe = tp8 ^ tp4 ^ tp2;
-#if defined(ROTATE)
-			t[i] = tpe ^ ROTATE(tpd,16) ^
-				ROTATE(tp9,8) ^ ROTATE(tpb,24);
-#else
-			t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
-				(tp9 >> 24) ^ (tp9 << 8) ^
-				(tpb >> 8) ^ (tpb << 24);
-#endif
-			t[i] ^= rk[4+i];
-		}
-	}
-#else
-	t[0] =	Td0[(s0      ) & 0xff] ^
-		Td1[(s3 >>  8) & 0xff] ^
-		Td2[(s2 >> 16) & 0xff] ^
-		Td3[(s1 >> 24)       ] ^
-		rk[4];
-	t[1] =	Td0[(s1      ) & 0xff] ^
-		Td1[(s0 >>  8) & 0xff] ^
-		Td2[(s3 >> 16) & 0xff] ^
-		Td3[(s2 >> 24)       ] ^
-		rk[5];
-	t[2] =	Td0[(s2      ) & 0xff] ^
-		Td1[(s1 >>  8) & 0xff] ^
-		Td2[(s0 >> 16) & 0xff] ^
-		Td3[(s3 >> 24)       ] ^
-		rk[6];
-	t[3] =	Td0[(s3      ) & 0xff] ^
-		Td1[(s2 >>  8) & 0xff] ^
-		Td2[(s1 >> 16) & 0xff] ^
-		Td3[(s0 >> 24)       ] ^
-		rk[7];
-#endif
-	s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
-
-    /*
-     * Nr - 2 full rounds:
-     */
-    for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) {
-#if defined(AES_COMPACT_IN_INNER_ROUNDS)
-        t[0] =	Td4[(s0      ) & 0xff]       ^
-		Td4[(s3 >>  8) & 0xff] <<  8 ^
-		Td4[(s2 >> 16) & 0xff] << 16 ^
-		Td4[(s1 >> 24)       ] << 24;
-        t[1] =	Td4[(s1      ) & 0xff]       ^
-		Td4[(s0 >>  8) & 0xff] <<  8 ^
-		Td4[(s3 >> 16) & 0xff] << 16 ^
-		Td4[(s2 >> 24)       ] << 24;
-        t[2] =	Td4[(s2      ) & 0xff]       ^
-		Td4[(s1 >>  8) & 0xff] <<  8 ^
-		Td4[(s0 >> 16) & 0xff] << 16 ^
-		Td4[(s3 >> 24)       ] << 24;
-        t[3] =	Td4[(s3      ) & 0xff]       ^
-		Td4[(s2 >>  8) & 0xff] <<  8 ^
-		Td4[(s1 >> 16) & 0xff] << 16 ^
-		Td4[(s0 >> 24)       ] << 24;
-
-	/* now do the linear transform using words */ 
-	{	int i;
-		u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
-
-		for (i = 0; i < 4; i++) {
-			tp1 = t[i];
-			m = tp1 & 0x80808080;
-			tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			m = tp2 & 0x80808080;
-			tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			m = tp4 & 0x80808080;
-			tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
-				((m - (m >> 7)) & 0x1b1b1b1b);
-			tp9 = tp8 ^ tp1;
-			tpb = tp9 ^ tp2;
-			tpd = tp9 ^ tp4;
-			tpe = tp8 ^ tp4 ^ tp2;
-#if defined(ROTATE)
-			t[i] = tpe ^ ROTATE(tpd,16) ^
-				ROTATE(tp9,8) ^ ROTATE(tpb,24);
-#else
-			t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ 
-				(tp9 >> 24) ^ (tp9 << 8) ^
-				(tpb >> 8) ^ (tpb << 24);
-#endif
-			t[i] ^= rk[i];
-		}
-	}
-#else
-	t[0] =	Td0[(s0      ) & 0xff] ^
-		Td1[(s3 >>  8) & 0xff] ^
-		Td2[(s2 >> 16) & 0xff] ^
-		Td3[(s1 >> 24)       ] ^
-		rk[0];
-	t[1] =	Td0[(s1      ) & 0xff] ^
-		Td1[(s0 >>  8) & 0xff] ^
-		Td2[(s3 >> 16) & 0xff] ^
-		Td3[(s2 >> 24)       ] ^
-		rk[1];
-	t[2] =	Td0[(s2      ) & 0xff] ^
-		Td1[(s1 >>  8) & 0xff] ^
-		Td2[(s0 >> 16) & 0xff] ^
-		Td3[(s3 >> 24)       ] ^
-		rk[2];
-	t[3] =	Td0[(s3      ) & 0xff] ^
-		Td1[(s2 >>  8) & 0xff] ^
-		Td2[(s1 >> 16) & 0xff] ^
-		Td3[(s0 >> 24)       ] ^
-		rk[3];
-#endif
-	s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3];
-    }
-    /*
-	 * apply last round and
-	 * map cipher state to byte array block:
-	 */
-	prefetch256(Td4);
-
-	*(u32*)(out+0) =
-		(Td4[(s0      ) & 0xff])	^
-		(Td4[(s3 >>  8) & 0xff] <<  8) ^
-		(Td4[(s2 >> 16) & 0xff] << 16) ^
-		(Td4[(s1 >> 24)       ] << 24) ^
-		rk[0];
-	*(u32*)(out+4) =
-		(Td4[(s1      ) & 0xff])	 ^
-		(Td4[(s0 >>  8) & 0xff] <<  8) ^
-		(Td4[(s3 >> 16) & 0xff] << 16) ^
-		(Td4[(s2 >> 24)       ] << 24) ^
-		rk[1];
-	*(u32*)(out+8) =
-		(Td4[(s2      ) & 0xff])	 ^
-		(Td4[(s1 >>  8) & 0xff] <<  8) ^
-		(Td4[(s0 >> 16) & 0xff] << 16) ^
-		(Td4[(s3 >> 24)       ] << 24) ^
-		rk[2];
-	*(u32*)(out+12) =
-		(Td4[(s3      ) & 0xff])	 ^
-		(Td4[(s2 >>  8) & 0xff] <<  8) ^
-		(Td4[(s1 >> 16) & 0xff] << 16) ^
-		(Td4[(s0 >> 24)       ] << 24) ^
-		rk[3];
-}
diff --git a/crypto/aes/asm/aes-586.S b/crypto/aes/asm/aes-586.S
deleted file mode 100644
index 20c0238f0b..0000000000
--- a/crypto/aes/asm/aes-586.S
+++ /dev/null
@@ -1,3239 +0,0 @@
-.file	"aes-586.s"
-.text
-.type	_x86_AES_encrypt_compact,@function
-.align	16
-_x86_AES_encrypt_compact:
-	movl	%edi,20(%esp)
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	movl	240(%edi),%esi
-	leal	-2(%esi,%esi,1),%esi
-	leal	(%edi,%esi,8),%esi
-	movl	%esi,24(%esp)
-	movl	-128(%ebp),%edi
-	movl	-96(%ebp),%esi
-	movl	-64(%ebp),%edi
-	movl	-32(%ebp),%esi
-	movl	(%ebp),%edi
-	movl	32(%ebp),%esi
-	movl	64(%ebp),%edi
-	movl	96(%ebp),%esi
-.align	16
-.L000loop:
-	movl	%eax,%esi
-	andl	$255,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	movzbl	%bh,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%ecx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%edx,%edi
-	shrl	$24,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	movl	%esi,4(%esp)
-
-	movl	%ebx,%esi
-	andl	$255,%esi
-	shrl	$16,%ebx
-	movzbl	-128(%ebp,%esi,1),%esi
-	movzbl	%ch,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%edx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%eax,%edi
-	shrl	$24,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	movl	%esi,8(%esp)
-
-	movl	%ecx,%esi
-	andl	$255,%esi
-	shrl	$24,%ecx
-	movzbl	-128(%ebp,%esi,1),%esi
-	movzbl	%dh,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%eax,%edi
-	shrl	$16,%edi
-	andl	$255,%edx
-	andl	$255,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movzbl	%bh,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-
-	andl	$255,%edx
-	movzbl	-128(%ebp,%edx,1),%edx
-	movzbl	%ah,%eax
-	movzbl	-128(%ebp,%eax,1),%eax
-	shll	$8,%eax
-	xorl	%eax,%edx
-	movl	4(%esp),%eax
-	andl	$255,%ebx
-	movzbl	-128(%ebp,%ebx,1),%ebx
-	shll	$16,%ebx
-	xorl	%ebx,%edx
-	movl	8(%esp),%ebx
-	movzbl	-128(%ebp,%ecx,1),%ecx
-	shll	$24,%ecx
-	xorl	%ecx,%edx
-	movl	%esi,%ecx
-
-	movl	%ecx,%esi
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%ecx,%ecx,1),%edi
-	subl	%ebp,%esi
-	andl	$4278124286,%edi
-	andl	$454761243,%esi
-	movl	%ecx,%ebp
-	xorl	%edi,%esi
-	xorl	%esi,%ecx
-	roll	$24,%ecx
-	xorl	%esi,%ecx
-	rorl	$16,%ebp
-	xorl	%ebp,%ecx
-	rorl	$8,%ebp
-	xorl	%ebp,%ecx
-	movl	%edx,%esi
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%edx,%edx,1),%edi
-	subl	%ebp,%esi
-	andl	$4278124286,%edi
-	andl	$454761243,%esi
-	movl	%edx,%ebp
-	xorl	%edi,%esi
-	xorl	%esi,%edx
-	roll	$24,%edx
-	xorl	%esi,%edx
-	rorl	$16,%ebp
-	xorl	%ebp,%edx
-	rorl	$8,%ebp
-	xorl	%ebp,%edx
-	movl	%eax,%esi
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%eax,%eax,1),%edi
-	subl	%ebp,%esi
-	andl	$4278124286,%edi
-	andl	$454761243,%esi
-	movl	%eax,%ebp
-	xorl	%edi,%esi
-	xorl	%esi,%eax
-	roll	$24,%eax
-	xorl	%esi,%eax
-	rorl	$16,%ebp
-	xorl	%ebp,%eax
-	rorl	$8,%ebp
-	xorl	%ebp,%eax
-	movl	%ebx,%esi
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%ebx,%ebx,1),%edi
-	subl	%ebp,%esi
-	andl	$4278124286,%edi
-	andl	$454761243,%esi
-	movl	%ebx,%ebp
-	xorl	%edi,%esi
-	xorl	%esi,%ebx
-	roll	$24,%ebx
-	xorl	%esi,%ebx
-	rorl	$16,%ebp
-	xorl	%ebp,%ebx
-	rorl	$8,%ebp
-	xorl	%ebp,%ebx
-	movl	20(%esp),%edi
-	movl	28(%esp),%ebp
-	addl	$16,%edi
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	cmpl	24(%esp),%edi
-	movl	%edi,20(%esp)
-	jb	.L000loop
-	movl	%eax,%esi
-	andl	$255,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	movzbl	%bh,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%ecx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%edx,%edi
-	shrl	$24,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	movl	%esi,4(%esp)
-
-	movl	%ebx,%esi
-	andl	$255,%esi
-	shrl	$16,%ebx
-	movzbl	-128(%ebp,%esi,1),%esi
-	movzbl	%ch,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%edx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%eax,%edi
-	shrl	$24,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	movl	%esi,8(%esp)
-
-	movl	%ecx,%esi
-	andl	$255,%esi
-	shrl	$24,%ecx
-	movzbl	-128(%ebp,%esi,1),%esi
-	movzbl	%dh,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%eax,%edi
-	shrl	$16,%edi
-	andl	$255,%edx
-	andl	$255,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movzbl	%bh,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-
-	movl	20(%esp),%edi
-	andl	$255,%edx
-	movzbl	-128(%ebp,%edx,1),%edx
-	movzbl	%ah,%eax
-	movzbl	-128(%ebp,%eax,1),%eax
-	shll	$8,%eax
-	xorl	%eax,%edx
-	movl	4(%esp),%eax
-	andl	$255,%ebx
-	movzbl	-128(%ebp,%ebx,1),%ebx
-	shll	$16,%ebx
-	xorl	%ebx,%edx
-	movl	8(%esp),%ebx
-	movzbl	-128(%ebp,%ecx,1),%ecx
-	shll	$24,%ecx
-	xorl	%ecx,%edx
-	movl	%esi,%ecx
-
-	xorl	16(%edi),%eax
-	xorl	20(%edi),%ebx
-	xorl	24(%edi),%ecx
-	xorl	28(%edi),%edx
-	ret
-.size	_x86_AES_encrypt_compact,.-_x86_AES_encrypt_compact
-.type	_sse_AES_encrypt_compact,@function
-.align	16
-_sse_AES_encrypt_compact:
-	pxor	(%edi),%mm0
-	pxor	8(%edi),%mm4
-	movl	240(%edi),%esi
-	leal	-2(%esi,%esi,1),%esi
-	leal	(%edi,%esi,8),%esi
-	movl	%esi,24(%esp)
-	movl	$454761243,%eax
-	movl	%eax,8(%esp)
-	movl	%eax,12(%esp)
-	movl	-128(%ebp),%eax
-	movl	-96(%ebp),%ebx
-	movl	-64(%ebp),%ecx
-	movl	-32(%ebp),%edx
-	movl	(%ebp),%eax
-	movl	32(%ebp),%ebx
-	movl	64(%ebp),%ecx
-	movl	96(%ebp),%edx
-.align	16
-.L001loop:
-	pshufw	$8,%mm0,%mm1
-	pshufw	$13,%mm4,%mm5
-	movd	%mm1,%eax
-	movd	%mm5,%ebx
-	movzbl	%al,%esi
-	movzbl	-128(%ebp,%esi,1),%ecx
-	pshufw	$13,%mm0,%mm2
-	movzbl	%ah,%edx
-	movzbl	-128(%ebp,%edx,1),%edx
-	shll	$8,%edx
-	shrl	$16,%eax
-	movzbl	%bl,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$16,%esi
-	orl	%esi,%ecx
-	pshufw	$8,%mm4,%mm6
-	movzbl	%bh,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$24,%esi
-	orl	%esi,%edx
-	shrl	$16,%ebx
-	movzbl	%ah,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$8,%esi
-	orl	%esi,%ecx
-	movzbl	%bh,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$24,%esi
-	orl	%esi,%ecx
-	movd	%ecx,%mm0
-	movzbl	%al,%esi
-	movzbl	-128(%ebp,%esi,1),%ecx
-	movd	%mm2,%eax
-	movzbl	%bl,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$16,%esi
-	orl	%esi,%ecx
-	movd	%mm6,%ebx
-	movzbl	%ah,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$24,%esi
-	orl	%esi,%ecx
-	movzbl	%bh,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$8,%esi
-	orl	%esi,%ecx
-	movd	%ecx,%mm1
-	movzbl	%bl,%esi
-	movzbl	-128(%ebp,%esi,1),%ecx
-	shrl	$16,%ebx
-	movzbl	%al,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$16,%esi
-	orl	%esi,%ecx
-	shrl	$16,%eax
-	punpckldq	%mm1,%mm0
-	movzbl	%ah,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$24,%esi
-	orl	%esi,%ecx
-	andl	$255,%eax
-	movzbl	-128(%ebp,%eax,1),%eax
-	shll	$16,%eax
-	orl	%eax,%edx
-	movzbl	%bh,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$8,%esi
-	orl	%esi,%ecx
-	movd	%ecx,%mm4
-	andl	$255,%ebx
-	movzbl	-128(%ebp,%ebx,1),%ebx
-	orl	%ebx,%edx
-	movd	%edx,%mm5
-	punpckldq	%mm5,%mm4
-	addl	$16,%edi
-	cmpl	24(%esp),%edi
-	ja	.L002out
-	movq	8(%esp),%mm2
-	pxor	%mm3,%mm3
-	pxor	%mm7,%mm7
-	movq	%mm0,%mm1
-	movq	%mm4,%mm5
-	pcmpgtb	%mm0,%mm3
-	pcmpgtb	%mm4,%mm7
-	pand	%mm2,%mm3
-	pand	%mm2,%mm7
-	pshufw	$177,%mm0,%mm2
-	pshufw	$177,%mm4,%mm6
-	paddb	%mm0,%mm0
-	paddb	%mm4,%mm4
-	pxor	%mm3,%mm0
-	pxor	%mm7,%mm4
-	pshufw	$177,%mm2,%mm3
-	pshufw	$177,%mm6,%mm7
-	pxor	%mm0,%mm1
-	pxor	%mm4,%mm5
-	pxor	%mm2,%mm0
-	pxor	%mm6,%mm4
-	movq	%mm3,%mm2
-	movq	%mm7,%mm6
-	pslld	$8,%mm3
-	pslld	$8,%mm7
-	psrld	$24,%mm2
-	psrld	$24,%mm6
-	pxor	%mm3,%mm0
-	pxor	%mm7,%mm4
-	pxor	%mm2,%mm0
-	pxor	%mm6,%mm4
-	movq	%mm1,%mm3
-	movq	%mm5,%mm7
-	movq	(%edi),%mm2
-	movq	8(%edi),%mm6
-	psrld	$8,%mm1
-	psrld	$8,%mm5
-	movl	-128(%ebp),%eax
-	pslld	$24,%mm3
-	pslld	$24,%mm7
-	movl	-64(%ebp),%ebx
-	pxor	%mm1,%mm0
-	pxor	%mm5,%mm4
-	movl	(%ebp),%ecx
-	pxor	%mm3,%mm0
-	pxor	%mm7,%mm4
-	movl	64(%ebp),%edx
-	pxor	%mm2,%mm0
-	pxor	%mm6,%mm4
-	jmp	.L001loop
-.align	16
-.L002out:
-	pxor	(%edi),%mm0
-	pxor	8(%edi),%mm4
-	ret
-.size	_sse_AES_encrypt_compact,.-_sse_AES_encrypt_compact
-.type	_x86_AES_encrypt,@function
-.align	16
-_x86_AES_encrypt:
-	movl	%edi,20(%esp)
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	movl	240(%edi),%esi
-	leal	-2(%esi,%esi,1),%esi
-	leal	(%edi,%esi,8),%esi
-	movl	%esi,24(%esp)
-.align	16
-.L003loop:
-	movl	%eax,%esi
-	andl	$255,%esi
-	movl	(%ebp,%esi,8),%esi
-	movzbl	%bh,%edi
-	xorl	3(%ebp,%edi,8),%esi
-	movl	%ecx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	xorl	2(%ebp,%edi,8),%esi
-	movl	%edx,%edi
-	shrl	$24,%edi
-	xorl	1(%ebp,%edi,8),%esi
-	movl	%esi,4(%esp)
-
-	movl	%ebx,%esi
-	andl	$255,%esi
-	shrl	$16,%ebx
-	movl	(%ebp,%esi,8),%esi
-	movzbl	%ch,%edi
-	xorl	3(%ebp,%edi,8),%esi
-	movl	%edx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	xorl	2(%ebp,%edi,8),%esi
-	movl	%eax,%edi
-	shrl	$24,%edi
-	xorl	1(%ebp,%edi,8),%esi
-	movl	%esi,8(%esp)
-
-	movl	%ecx,%esi
-	andl	$255,%esi
-	shrl	$24,%ecx
-	movl	(%ebp,%esi,8),%esi
-	movzbl	%dh,%edi
-	xorl	3(%ebp,%edi,8),%esi
-	movl	%eax,%edi
-	shrl	$16,%edi
-	andl	$255,%edx
-	andl	$255,%edi
-	xorl	2(%ebp,%edi,8),%esi
-	movzbl	%bh,%edi
-	xorl	1(%ebp,%edi,8),%esi
-
-	movl	20(%esp),%edi
-	movl	(%ebp,%edx,8),%edx
-	movzbl	%ah,%eax
-	xorl	3(%ebp,%eax,8),%edx
-	movl	4(%esp),%eax
-	andl	$255,%ebx
-	xorl	2(%ebp,%ebx,8),%edx
-	movl	8(%esp),%ebx
-	xorl	1(%ebp,%ecx,8),%edx
-	movl	%esi,%ecx
-
-	addl	$16,%edi
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	cmpl	24(%esp),%edi
-	movl	%edi,20(%esp)
-	jb	.L003loop
-	movl	%eax,%esi
-	andl	$255,%esi
-	movl	2(%ebp,%esi,8),%esi
-	andl	$255,%esi
-	movzbl	%bh,%edi
-	movl	(%ebp,%edi,8),%edi
-	andl	$65280,%edi
-	xorl	%edi,%esi
-	movl	%ecx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movl	(%ebp,%edi,8),%edi
-	andl	$16711680,%edi
-	xorl	%edi,%esi
-	movl	%edx,%edi
-	shrl	$24,%edi
-	movl	2(%ebp,%edi,8),%edi
-	andl	$4278190080,%edi
-	xorl	%edi,%esi
-	movl	%esi,4(%esp)
-	movl	%ebx,%esi
-	andl	$255,%esi
-	shrl	$16,%ebx
-	movl	2(%ebp,%esi,8),%esi
-	andl	$255,%esi
-	movzbl	%ch,%edi
-	movl	(%ebp,%edi,8),%edi
-	andl	$65280,%edi
-	xorl	%edi,%esi
-	movl	%edx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movl	(%ebp,%edi,8),%edi
-	andl	$16711680,%edi
-	xorl	%edi,%esi
-	movl	%eax,%edi
-	shrl	$24,%edi
-	movl	2(%ebp,%edi,8),%edi
-	andl	$4278190080,%edi
-	xorl	%edi,%esi
-	movl	%esi,8(%esp)
-	movl	%ecx,%esi
-	andl	$255,%esi
-	shrl	$24,%ecx
-	movl	2(%ebp,%esi,8),%esi
-	andl	$255,%esi
-	movzbl	%dh,%edi
-	movl	(%ebp,%edi,8),%edi
-	andl	$65280,%edi
-	xorl	%edi,%esi
-	movl	%eax,%edi
-	shrl	$16,%edi
-	andl	$255,%edx
-	andl	$255,%edi
-	movl	(%ebp,%edi,8),%edi
-	andl	$16711680,%edi
-	xorl	%edi,%esi
-	movzbl	%bh,%edi
-	movl	2(%ebp,%edi,8),%edi
-	andl	$4278190080,%edi
-	xorl	%edi,%esi
-	movl	20(%esp),%edi
-	andl	$255,%edx
-	movl	2(%ebp,%edx,8),%edx
-	andl	$255,%edx
-	movzbl	%ah,%eax
-	movl	(%ebp,%eax,8),%eax
-	andl	$65280,%eax
-	xorl	%eax,%edx
-	movl	4(%esp),%eax
-	andl	$255,%ebx
-	movl	(%ebp,%ebx,8),%ebx
-	andl	$16711680,%ebx
-	xorl	%ebx,%edx
-	movl	8(%esp),%ebx
-	movl	2(%ebp,%ecx,8),%ecx
-	andl	$4278190080,%ecx
-	xorl	%ecx,%edx
-	movl	%esi,%ecx
-	addl	$16,%edi
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	ret
-.align	64
-.LAES_Te:
-.long	2774754246,2774754246
-.long	2222750968,2222750968
-.long	2574743534,2574743534
-.long	2373680118,2373680118
-.long	234025727,234025727
-.long	3177933782,3177933782
-.long	2976870366,2976870366
-.long	1422247313,1422247313
-.long	1345335392,1345335392
-.long	50397442,50397442
-.long	2842126286,2842126286
-.long	2099981142,2099981142
-.long	436141799,436141799
-.long	1658312629,1658312629
-.long	3870010189,3870010189
-.long	2591454956,2591454956
-.long	1170918031,1170918031
-.long	2642575903,2642575903
-.long	1086966153,1086966153
-.long	2273148410,2273148410
-.long	368769775,368769775
-.long	3948501426,3948501426
-.long	3376891790,3376891790
-.long	200339707,200339707
-.long	3970805057,3970805057
-.long	1742001331,1742001331
-.long	4255294047,4255294047
-.long	3937382213,3937382213
-.long	3214711843,3214711843
-.long	4154762323,4154762323
-.long	2524082916,2524082916
-.long	1539358875,1539358875
-.long	3266819957,3266819957
-.long	486407649,486407649
-.long	2928907069,2928907069
-.long	1780885068,1780885068
-.long	1513502316,1513502316
-.long	1094664062,1094664062
-.long	49805301,49805301
-.long	1338821763,1338821763
-.long	1546925160,1546925160
-.long	4104496465,4104496465
-.long	887481809,887481809
-.long	150073849,150073849
-.long	2473685474,2473685474
-.long	1943591083,1943591083
-.long	1395732834,1395732834
-.long	1058346282,1058346282
-.long	201589768,201589768
-.long	1388824469,1388824469
-.long	1696801606,1696801606
-.long	1589887901,1589887901
-.long	672667696,672667696
-.long	2711000631,2711000631
-.long	251987210,251987210
-.long	3046808111,3046808111
-.long	151455502,151455502
-.long	907153956,907153956
-.long	2608889883,2608889883
-.long	1038279391,1038279391
-.long	652995533,652995533
-.long	1764173646,1764173646
-.long	3451040383,3451040383
-.long	2675275242,2675275242
-.long	453576978,453576978
-.long	2659418909,2659418909
-.long	1949051992,1949051992
-.long	773462580,773462580
-.long	756751158,756751158
-.long	2993581788,2993581788
-.long	3998898868,3998898868
-.long	4221608027,4221608027
-.long	4132590244,4132590244
-.long	1295727478,1295727478
-.long	1641469623,1641469623
-.long	3467883389,3467883389
-.long	2066295122,2066295122
-.long	1055122397,1055122397
-.long	1898917726,1898917726
-.long	2542044179,2542044179
-.long	4115878822,4115878822
-.long	1758581177,1758581177
-.long	0,0
-.long	753790401,753790401
-.long	1612718144,1612718144
-.long	536673507,536673507
-.long	3367088505,3367088505
-.long	3982187446,3982187446
-.long	3194645204,3194645204
-.long	1187761037,1187761037
-.long	3653156455,3653156455
-.long	1262041458,1262041458
-.long	3729410708,3729410708
-.long	3561770136,3561770136
-.long	3898103984,3898103984
-.long	1255133061,1255133061
-.long	1808847035,1808847035
-.long	720367557,720367557
-.long	3853167183,3853167183
-.long	385612781,385612781
-.long	3309519750,3309519750
-.long	3612167578,3612167578
-.long	1429418854,1429418854
-.long	2491778321,2491778321
-.long	3477423498,3477423498
-.long	284817897,284817897
-.long	100794884,100794884
-.long	2172616702,2172616702
-.long	4031795360,4031795360
-.long	1144798328,1144798328
-.long	3131023141,3131023141
-.long	3819481163,3819481163
-.long	4082192802,4082192802
-.long	4272137053,4272137053
-.long	3225436288,3225436288
-.long	2324664069,2324664069
-.long	2912064063,2912064063
-.long	3164445985,3164445985
-.long	1211644016,1211644016
-.long	83228145,83228145
-.long	3753688163,3753688163
-.long	3249976951,3249976951
-.long	1977277103,1977277103
-.long	1663115586,1663115586
-.long	806359072,806359072
-.long	452984805,452984805
-.long	250868733,250868733
-.long	1842533055,1842533055
-.long	1288555905,1288555905
-.long	336333848,336333848
-.long	890442534,890442534
-.long	804056259,804056259
-.long	3781124030,3781124030
-.long	2727843637,2727843637
-.long	3427026056,3427026056
-.long	957814574,957814574
-.long	1472513171,1472513171
-.long	4071073621,4071073621
-.long	2189328124,2189328124
-.long	1195195770,1195195770
-.long	2892260552,2892260552
-.long	3881655738,3881655738
-.long	723065138,723065138
-.long	2507371494,2507371494
-.long	2690670784,2690670784
-.long	2558624025,2558624025
-.long	3511635870,3511635870
-.long	2145180835,2145180835
-.long	1713513028,1713513028
-.long	2116692564,2116692564
-.long	2878378043,2878378043
-.long	2206763019,2206763019
-.long	3393603212,3393603212
-.long	703524551,703524551
-.long	3552098411,3552098411
-.long	1007948840,1007948840
-.long	2044649127,2044649127
-.long	3797835452,3797835452
-.long	487262998,487262998
-.long	1994120109,1994120109
-.long	1004593371,1004593371
-.long	1446130276,1446130276
-.long	1312438900,1312438900
-.long	503974420,503974420
-.long	3679013266,3679013266
-.long	168166924,168166924
-.long	1814307912,1814307912
-.long	3831258296,3831258296
-.long	1573044895,1573044895
-.long	1859376061,1859376061
-.long	4021070915,4021070915
-.long	2791465668,2791465668
-.long	2828112185,2828112185
-.long	2761266481,2761266481
-.long	937747667,937747667
-.long	2339994098,2339994098
-.long	854058965,854058965
-.long	1137232011,1137232011
-.long	1496790894,1496790894
-.long	3077402074,3077402074
-.long	2358086913,2358086913
-.long	1691735473,1691735473
-.long	3528347292,3528347292
-.long	3769215305,3769215305
-.long	3027004632,3027004632
-.long	4199962284,4199962284
-.long	133494003,133494003
-.long	636152527,636152527
-.long	2942657994,2942657994
-.long	2390391540,2390391540
-.long	3920539207,3920539207
-.long	403179536,403179536
-.long	3585784431,3585784431
-.long	2289596656,2289596656
-.long	1864705354,1864705354
-.long	1915629148,1915629148
-.long	605822008,605822008
-.long	4054230615,4054230615
-.long	3350508659,3350508659
-.long	1371981463,1371981463
-.long	602466507,602466507
-.long	2094914977,2094914977
-.long	2624877800,2624877800
-.long	555687742,555687742
-.long	3712699286,3712699286
-.long	3703422305,3703422305
-.long	2257292045,2257292045
-.long	2240449039,2240449039
-.long	2423288032,2423288032
-.long	1111375484,1111375484
-.long	3300242801,3300242801
-.long	2858837708,2858837708
-.long	3628615824,3628615824
-.long	84083462,84083462
-.long	32962295,32962295
-.long	302911004,302911004
-.long	2741068226,2741068226
-.long	1597322602,1597322602
-.long	4183250862,4183250862
-.long	3501832553,3501832553
-.long	2441512471,2441512471
-.long	1489093017,1489093017
-.long	656219450,656219450
-.long	3114180135,3114180135
-.long	954327513,954327513
-.long	335083755,335083755
-.long	3013122091,3013122091
-.long	856756514,856756514
-.long	3144247762,3144247762
-.long	1893325225,1893325225
-.long	2307821063,2307821063
-.long	2811532339,2811532339
-.long	3063651117,3063651117
-.long	572399164,572399164
-.long	2458355477,2458355477
-.long	552200649,552200649
-.long	1238290055,1238290055
-.long	4283782570,4283782570
-.long	2015897680,2015897680
-.long	2061492133,2061492133
-.long	2408352771,2408352771
-.long	4171342169,4171342169
-.long	2156497161,2156497161
-.long	386731290,386731290
-.long	3669999461,3669999461
-.long	837215959,837215959
-.long	3326231172,3326231172
-.long	3093850320,3093850320
-.long	3275833730,3275833730
-.long	2962856233,2962856233
-.long	1999449434,1999449434
-.long	286199582,286199582
-.long	3417354363,3417354363
-.long	4233385128,4233385128
-.long	3602627437,3602627437
-.long	974525996,974525996
-.byte	99,124,119,123,242,107,111,197
-.byte	48,1,103,43,254,215,171,118
-.byte	202,130,201,125,250,89,71,240
-.byte	173,212,162,175,156,164,114,192
-.byte	183,253,147,38,54,63,247,204
-.byte	52,165,229,241,113,216,49,21
-.byte	4,199,35,195,24,150,5,154
-.byte	7,18,128,226,235,39,178,117
-.byte	9,131,44,26,27,110,90,160
-.byte	82,59,214,179,41,227,47,132
-.byte	83,209,0,237,32,252,177,91
-.byte	106,203,190,57,74,76,88,207
-.byte	208,239,170,251,67,77,51,133
-.byte	69,249,2,127,80,60,159,168
-.byte	81,163,64,143,146,157,56,245
-.byte	188,182,218,33,16,255,243,210
-.byte	205,12,19,236,95,151,68,23
-.byte	196,167,126,61,100,93,25,115
-.byte	96,129,79,220,34,42,144,136
-.byte	70,238,184,20,222,94,11,219
-.byte	224,50,58,10,73,6,36,92
-.byte	194,211,172,98,145,149,228,121
-.byte	231,200,55,109,141,213,78,169
-.byte	108,86,244,234,101,122,174,8
-.byte	186,120,37,46,28,166,180,198
-.byte	232,221,116,31,75,189,139,138
-.byte	112,62,181,102,72,3,246,14
-.byte	97,53,87,185,134,193,29,158
-.byte	225,248,152,17,105,217,142,148
-.byte	155,30,135,233,206,85,40,223
-.byte	140,161,137,13,191,230,66,104
-.byte	65,153,45,15,176,84,187,22
-.byte	99,124,119,123,242,107,111,197
-.byte	48,1,103,43,254,215,171,118
-.byte	202,130,201,125,250,89,71,240
-.byte	173,212,162,175,156,164,114,192
-.byte	183,253,147,38,54,63,247,204
-.byte	52,165,229,241,113,216,49,21
-.byte	4,199,35,195,24,150,5,154
-.byte	7,18,128,226,235,39,178,117
-.byte	9,131,44,26,27,110,90,160
-.byte	82,59,214,179,41,227,47,132
-.byte	83,209,0,237,32,252,177,91
-.byte	106,203,190,57,74,76,88,207
-.byte	208,239,170,251,67,77,51,133
-.byte	69,249,2,127,80,60,159,168
-.byte	81,163,64,143,146,157,56,245
-.byte	188,182,218,33,16,255,243,210
-.byte	205,12,19,236,95,151,68,23
-.byte	196,167,126,61,100,93,25,115
-.byte	96,129,79,220,34,42,144,136
-.byte	70,238,184,20,222,94,11,219
-.byte	224,50,58,10,73,6,36,92
-.byte	194,211,172,98,145,149,228,121
-.byte	231,200,55,109,141,213,78,169
-.byte	108,86,244,234,101,122,174,8
-.byte	186,120,37,46,28,166,180,198
-.byte	232,221,116,31,75,189,139,138
-.byte	112,62,181,102,72,3,246,14
-.byte	97,53,87,185,134,193,29,158
-.byte	225,248,152,17,105,217,142,148
-.byte	155,30,135,233,206,85,40,223
-.byte	140,161,137,13,191,230,66,104
-.byte	65,153,45,15,176,84,187,22
-.byte	99,124,119,123,242,107,111,197
-.byte	48,1,103,43,254,215,171,118
-.byte	202,130,201,125,250,89,71,240
-.byte	173,212,162,175,156,164,114,192
-.byte	183,253,147,38,54,63,247,204
-.byte	52,165,229,241,113,216,49,21
-.byte	4,199,35,195,24,150,5,154
-.byte	7,18,128,226,235,39,178,117
-.byte	9,131,44,26,27,110,90,160
-.byte	82,59,214,179,41,227,47,132
-.byte	83,209,0,237,32,252,177,91
-.byte	106,203,190,57,74,76,88,207
-.byte	208,239,170,251,67,77,51,133
-.byte	69,249,2,127,80,60,159,168
-.byte	81,163,64,143,146,157,56,245
-.byte	188,182,218,33,16,255,243,210
-.byte	205,12,19,236,95,151,68,23
-.byte	196,167,126,61,100,93,25,115
-.byte	96,129,79,220,34,42,144,136
-.byte	70,238,184,20,222,94,11,219
-.byte	224,50,58,10,73,6,36,92
-.byte	194,211,172,98,145,149,228,121
-.byte	231,200,55,109,141,213,78,169
-.byte	108,86,244,234,101,122,174,8
-.byte	186,120,37,46,28,166,180,198
-.byte	232,221,116,31,75,189,139,138
-.byte	112,62,181,102,72,3,246,14
-.byte	97,53,87,185,134,193,29,158
-.byte	225,248,152,17,105,217,142,148
-.byte	155,30,135,233,206,85,40,223
-.byte	140,161,137,13,191,230,66,104
-.byte	65,153,45,15,176,84,187,22
-.byte	99,124,119,123,242,107,111,197
-.byte	48,1,103,43,254,215,171,118
-.byte	202,130,201,125,250,89,71,240
-.byte	173,212,162,175,156,164,114,192
-.byte	183,253,147,38,54,63,247,204
-.byte	52,165,229,241,113,216,49,21
-.byte	4,199,35,195,24,150,5,154
-.byte	7,18,128,226,235,39,178,117
-.byte	9,131,44,26,27,110,90,160
-.byte	82,59,214,179,41,227,47,132
-.byte	83,209,0,237,32,252,177,91
-.byte	106,203,190,57,74,76,88,207
-.byte	208,239,170,251,67,77,51,133
-.byte	69,249,2,127,80,60,159,168
-.byte	81,163,64,143,146,157,56,245
-.byte	188,182,218,33,16,255,243,210
-.byte	205,12,19,236,95,151,68,23
-.byte	196,167,126,61,100,93,25,115
-.byte	96,129,79,220,34,42,144,136
-.byte	70,238,184,20,222,94,11,219
-.byte	224,50,58,10,73,6,36,92
-.byte	194,211,172,98,145,149,228,121
-.byte	231,200,55,109,141,213,78,169
-.byte	108,86,244,234,101,122,174,8
-.byte	186,120,37,46,28,166,180,198
-.byte	232,221,116,31,75,189,139,138
-.byte	112,62,181,102,72,3,246,14
-.byte	97,53,87,185,134,193,29,158
-.byte	225,248,152,17,105,217,142,148
-.byte	155,30,135,233,206,85,40,223
-.byte	140,161,137,13,191,230,66,104
-.byte	65,153,45,15,176,84,187,22
-.long	1,2,4,8
-.long	16,32,64,128
-.long	27,54,0,0
-.long	0,0,0,0
-.size	_x86_AES_encrypt,.-_x86_AES_encrypt
-.globl	AES_encrypt
-.type	AES_encrypt,@function
-.align	16
-AES_encrypt:
-.L_AES_encrypt_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%esi
-	movl	28(%esp),%edi
-	movl	%esp,%eax
-	subl	$36,%esp
-	andl	$-64,%esp
-	leal	-127(%edi),%ebx
-	subl	%esp,%ebx
-	negl	%ebx
-	andl	$960,%ebx
-	subl	%ebx,%esp
-	addl	$4,%esp
-	movl	%eax,28(%esp)
-	call	.L004pic_point
-.L004pic_point:
-	popl	%ebp
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L004pic_point](%ebp),%eax
-	movl	OPENSSL_ia32cap_P@GOT(%eax),%eax
-	leal	.LAES_Te-.L004pic_point(%ebp),%ebp
-	leal	764(%esp),%ebx
-	subl	%ebp,%ebx
-	andl	$768,%ebx
-	leal	2176(%ebp,%ebx,1),%ebp
-	btl	$25,(%eax)
-	jnc	.L005x86
-	movq	(%esi),%mm0
-	movq	8(%esi),%mm4
-	call	_sse_AES_encrypt_compact
-	movl	28(%esp),%esp
-	movl	24(%esp),%esi
-	movq	%mm0,(%esi)
-	movq	%mm4,8(%esi)
-	emms
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align	16
-.L005x86:
-	movl	%ebp,24(%esp)
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	call	_x86_AES_encrypt_compact
-	movl	28(%esp),%esp
-	movl	24(%esp),%esi
-	movl	%eax,(%esi)
-	movl	%ebx,4(%esi)
-	movl	%ecx,8(%esi)
-	movl	%edx,12(%esi)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	AES_encrypt,.-.L_AES_encrypt_begin
-.type	_x86_AES_decrypt_compact,@function
-.align	16
-_x86_AES_decrypt_compact:
-	movl	%edi,20(%esp)
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	movl	240(%edi),%esi
-	leal	-2(%esi,%esi,1),%esi
-	leal	(%edi,%esi,8),%esi
-	movl	%esi,24(%esp)
-	movl	-128(%ebp),%edi
-	movl	-96(%ebp),%esi
-	movl	-64(%ebp),%edi
-	movl	-32(%ebp),%esi
-	movl	(%ebp),%edi
-	movl	32(%ebp),%esi
-	movl	64(%ebp),%edi
-	movl	96(%ebp),%esi
-.align	16
-.L006loop:
-	movl	%eax,%esi
-	andl	$255,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	movzbl	%dh,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%ecx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%ebx,%edi
-	shrl	$24,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	movl	%esi,4(%esp)
-	movl	%ebx,%esi
-	andl	$255,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	movzbl	%ah,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%edx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%ecx,%edi
-	shrl	$24,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	movl	%esi,8(%esp)
-	movl	%ecx,%esi
-	andl	$255,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	movzbl	%bh,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%eax,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%edx,%edi
-	shrl	$24,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	andl	$255,%edx
-	movzbl	-128(%ebp,%edx,1),%edx
-	movzbl	%ch,%ecx
-	movzbl	-128(%ebp,%ecx,1),%ecx
-	shll	$8,%ecx
-	xorl	%ecx,%edx
-	movl	%esi,%ecx
-	shrl	$16,%ebx
-	andl	$255,%ebx
-	movzbl	-128(%ebp,%ebx,1),%ebx
-	shll	$16,%ebx
-	xorl	%ebx,%edx
-	shrl	$24,%eax
-	movzbl	-128(%ebp,%eax,1),%eax
-	shll	$24,%eax
-	xorl	%eax,%edx
-	movl	%ecx,%esi
-	andl	$2155905152,%esi
-	movl	%esi,%edi
-	shrl	$7,%edi
-	leal	(%ecx,%ecx,1),%eax
-	subl	%edi,%esi
-	andl	$4278124286,%eax
-	andl	$454761243,%esi
-	xorl	%eax,%esi
-	movl	%esi,%eax
-	andl	$2155905152,%esi
-	movl	%esi,%edi
-	shrl	$7,%edi
-	leal	(%eax,%eax,1),%ebx
-	subl	%edi,%esi
-	andl	$4278124286,%ebx
-	andl	$454761243,%esi
-	xorl	%ecx,%eax
-	xorl	%ebx,%esi
-	movl	%esi,%ebx
-	andl	$2155905152,%esi
-	movl	%esi,%edi
-	shrl	$7,%edi
-	leal	(%ebx,%ebx,1),%ebp
-	subl	%edi,%esi
-	andl	$4278124286,%ebp
-	andl	$454761243,%esi
-	xorl	%ecx,%ebx
-	roll	$8,%ecx
-	xorl	%esi,%ebp
-	xorl	%eax,%ecx
-	xorl	%ebp,%eax
-	roll	$24,%eax
-	xorl	%ebx,%ecx
-	xorl	%ebp,%ebx
-	roll	$16,%ebx
-	xorl	%ebp,%ecx
-	roll	$8,%ebp
-	xorl	%eax,%ecx
-	xorl	%ebx,%ecx
-	movl	4(%esp),%eax
-	xorl	%ebp,%ecx
-	movl	%ecx,12(%esp)
-	movl	%edx,%esi
-	andl	$2155905152,%esi
-	movl	%esi,%edi
-	shrl	$7,%edi
-	leal	(%edx,%edx,1),%ebx
-	subl	%edi,%esi
-	andl	$4278124286,%ebx
-	andl	$454761243,%esi
-	xorl	%ebx,%esi
-	movl	%esi,%ebx
-	andl	$2155905152,%esi
-	movl	%esi,%edi
-	shrl	$7,%edi
-	leal	(%ebx,%ebx,1),%ecx
-	subl	%edi,%esi
-	andl	$4278124286,%ecx
-	andl	$454761243,%esi
-	xorl	%edx,%ebx
-	xorl	%ecx,%esi
-	movl	%esi,%ecx
-	andl	$2155905152,%esi
-	movl	%esi,%edi
-	shrl	$7,%edi
-	leal	(%ecx,%ecx,1),%ebp
-	subl	%edi,%esi
-	andl	$4278124286,%ebp
-	andl	$454761243,%esi
-	xorl	%edx,%ecx
-	roll	$8,%edx
-	xorl	%esi,%ebp
-	xorl	%ebx,%edx
-	xorl	%ebp,%ebx
-	roll	$24,%ebx
-	xorl	%ecx,%edx
-	xorl	%ebp,%ecx
-	roll	$16,%ecx
-	xorl	%ebp,%edx
-	roll	$8,%ebp
-	xorl	%ebx,%edx
-	xorl	%ecx,%edx
-	movl	8(%esp),%ebx
-	xorl	%ebp,%edx
-	movl	%edx,16(%esp)
-	movl	%eax,%esi
-	andl	$2155905152,%esi
-	movl	%esi,%edi
-	shrl	$7,%edi
-	leal	(%eax,%eax,1),%ecx
-	subl	%edi,%esi
-	andl	$4278124286,%ecx
-	andl	$454761243,%esi
-	xorl	%ecx,%esi
-	movl	%esi,%ecx
-	andl	$2155905152,%esi
-	movl	%esi,%edi
-	shrl	$7,%edi
-	leal	(%ecx,%ecx,1),%edx
-	subl	%edi,%esi
-	andl	$4278124286,%edx
-	andl	$454761243,%esi
-	xorl	%eax,%ecx
-	xorl	%edx,%esi
-	movl	%esi,%edx
-	andl	$2155905152,%esi
-	movl	%esi,%edi
-	shrl	$7,%edi
-	leal	(%edx,%edx,1),%ebp
-	subl	%edi,%esi
-	andl	$4278124286,%ebp
-	andl	$454761243,%esi
-	xorl	%eax,%edx
-	roll	$8,%eax
-	xorl	%esi,%ebp
-	xorl	%ecx,%eax
-	xorl	%ebp,%ecx
-	roll	$24,%ecx
-	xorl	%edx,%eax
-	xorl	%ebp,%edx
-	roll	$16,%edx
-	xorl	%ebp,%eax
-	roll	$8,%ebp
-	xorl	%ecx,%eax
-	xorl	%edx,%eax
-	xorl	%ebp,%eax
-	movl	%ebx,%esi
-	andl	$2155905152,%esi
-	movl	%esi,%edi
-	shrl	$7,%edi
-	leal	(%ebx,%ebx,1),%ecx
-	subl	%edi,%esi
-	andl	$4278124286,%ecx
-	andl	$454761243,%esi
-	xorl	%ecx,%esi
-	movl	%esi,%ecx
-	andl	$2155905152,%esi
-	movl	%esi,%edi
-	shrl	$7,%edi
-	leal	(%ecx,%ecx,1),%edx
-	subl	%edi,%esi
-	andl	$4278124286,%edx
-	andl	$454761243,%esi
-	xorl	%ebx,%ecx
-	xorl	%edx,%esi
-	movl	%esi,%edx
-	andl	$2155905152,%esi
-	movl	%esi,%edi
-	shrl	$7,%edi
-	leal	(%edx,%edx,1),%ebp
-	subl	%edi,%esi
-	andl	$4278124286,%ebp
-	andl	$454761243,%esi
-	xorl	%ebx,%edx
-	roll	$8,%ebx
-	xorl	%esi,%ebp
-	xorl	%ecx,%ebx
-	xorl	%ebp,%ecx
-	roll	$24,%ecx
-	xorl	%edx,%ebx
-	xorl	%ebp,%edx
-	roll	$16,%edx
-	xorl	%ebp,%ebx
-	roll	$8,%ebp
-	xorl	%ecx,%ebx
-	xorl	%edx,%ebx
-	movl	12(%esp),%ecx
-	xorl	%ebp,%ebx
-	movl	16(%esp),%edx
-	movl	20(%esp),%edi
-	movl	28(%esp),%ebp
-	addl	$16,%edi
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	cmpl	24(%esp),%edi
-	movl	%edi,20(%esp)
-	jb	.L006loop
-	movl	%eax,%esi
-	andl	$255,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	movzbl	%dh,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%ecx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%ebx,%edi
-	shrl	$24,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	movl	%esi,4(%esp)
-	movl	%ebx,%esi
-	andl	$255,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	movzbl	%ah,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%edx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%ecx,%edi
-	shrl	$24,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	movl	%esi,8(%esp)
-	movl	%ecx,%esi
-	andl	$255,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	movzbl	%bh,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%eax,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%edx,%edi
-	shrl	$24,%edi
-	movzbl	-128(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	movl	20(%esp),%edi
-	andl	$255,%edx
-	movzbl	-128(%ebp,%edx,1),%edx
-	movzbl	%ch,%ecx
-	movzbl	-128(%ebp,%ecx,1),%ecx
-	shll	$8,%ecx
-	xorl	%ecx,%edx
-	movl	%esi,%ecx
-	shrl	$16,%ebx
-	andl	$255,%ebx
-	movzbl	-128(%ebp,%ebx,1),%ebx
-	shll	$16,%ebx
-	xorl	%ebx,%edx
-	movl	8(%esp),%ebx
-	shrl	$24,%eax
-	movzbl	-128(%ebp,%eax,1),%eax
-	shll	$24,%eax
-	xorl	%eax,%edx
-	movl	4(%esp),%eax
-	xorl	16(%edi),%eax
-	xorl	20(%edi),%ebx
-	xorl	24(%edi),%ecx
-	xorl	28(%edi),%edx
-	ret
-.size	_x86_AES_decrypt_compact,.-_x86_AES_decrypt_compact
-.type	_sse_AES_decrypt_compact,@function
-.align	16
-_sse_AES_decrypt_compact:
-	pxor	(%edi),%mm0
-	pxor	8(%edi),%mm4
-	movl	240(%edi),%esi
-	leal	-2(%esi,%esi,1),%esi
-	leal	(%edi,%esi,8),%esi
-	movl	%esi,24(%esp)
-	movl	$454761243,%eax
-	movl	%eax,8(%esp)
-	movl	%eax,12(%esp)
-	movl	-128(%ebp),%eax
-	movl	-96(%ebp),%ebx
-	movl	-64(%ebp),%ecx
-	movl	-32(%ebp),%edx
-	movl	(%ebp),%eax
-	movl	32(%ebp),%ebx
-	movl	64(%ebp),%ecx
-	movl	96(%ebp),%edx
-.align	16
-.L007loop:
-	pshufw	$12,%mm0,%mm1
-	movd	%mm1,%eax
-	pshufw	$9,%mm4,%mm5
-	movzbl	%al,%esi
-	movzbl	-128(%ebp,%esi,1),%ecx
-	movd	%mm5,%ebx
-	movzbl	%ah,%edx
-	movzbl	-128(%ebp,%edx,1),%edx
-	shll	$8,%edx
-	pshufw	$6,%mm0,%mm2
-	movzbl	%bl,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$16,%esi
-	orl	%esi,%ecx
-	shrl	$16,%eax
-	movzbl	%bh,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$24,%esi
-	orl	%esi,%edx
-	shrl	$16,%ebx
-	pshufw	$3,%mm4,%mm6
-	movzbl	%ah,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$24,%esi
-	orl	%esi,%ecx
-	movzbl	%bh,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$8,%esi
-	orl	%esi,%ecx
-	movd	%ecx,%mm0
-	movzbl	%al,%esi
-	movd	%mm2,%eax
-	movzbl	-128(%ebp,%esi,1),%ecx
-	shll	$16,%ecx
-	movzbl	%bl,%esi
-	movd	%mm6,%ebx
-	movzbl	-128(%ebp,%esi,1),%esi
-	orl	%esi,%ecx
-	movzbl	%al,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	orl	%esi,%edx
-	movzbl	%bl,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$16,%esi
-	orl	%esi,%edx
-	movd	%edx,%mm1
-	movzbl	%ah,%esi
-	movzbl	-128(%ebp,%esi,1),%edx
-	shll	$8,%edx
-	movzbl	%bh,%esi
-	shrl	$16,%eax
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$24,%esi
-	orl	%esi,%edx
-	shrl	$16,%ebx
-	punpckldq	%mm1,%mm0
-	movzbl	%bh,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$8,%esi
-	orl	%esi,%ecx
-	andl	$255,%ebx
-	movzbl	-128(%ebp,%ebx,1),%ebx
-	orl	%ebx,%edx
-	movzbl	%al,%esi
-	movzbl	-128(%ebp,%esi,1),%esi
-	shll	$16,%esi
-	orl	%esi,%edx
-	movd	%edx,%mm4
-	movzbl	%ah,%eax
-	movzbl	-128(%ebp,%eax,1),%eax
-	shll	$24,%eax
-	orl	%eax,%ecx
-	movd	%ecx,%mm5
-	punpckldq	%mm5,%mm4
-	addl	$16,%edi
-	cmpl	24(%esp),%edi
-	ja	.L008out
-	movq	%mm0,%mm3
-	movq	%mm4,%mm7
-	pshufw	$228,%mm0,%mm2
-	pshufw	$228,%mm4,%mm6
-	movq	%mm0,%mm1
-	movq	%mm4,%mm5
-	pshufw	$177,%mm0,%mm0
-	pshufw	$177,%mm4,%mm4
-	pslld	$8,%mm2
-	pslld	$8,%mm6
-	psrld	$8,%mm3
-	psrld	$8,%mm7
-	pxor	%mm2,%mm0
-	pxor	%mm6,%mm4
-	pxor	%mm3,%mm0
-	pxor	%mm7,%mm4
-	pslld	$16,%mm2
-	pslld	$16,%mm6
-	psrld	$16,%mm3
-	psrld	$16,%mm7
-	pxor	%mm2,%mm0
-	pxor	%mm6,%mm4
-	pxor	%mm3,%mm0
-	pxor	%mm7,%mm4
-	movq	8(%esp),%mm3
-	pxor	%mm2,%mm2
-	pxor	%mm6,%mm6
-	pcmpgtb	%mm1,%mm2
-	pcmpgtb	%mm5,%mm6
-	pand	%mm3,%mm2
-	pand	%mm3,%mm6
-	paddb	%mm1,%mm1
-	paddb	%mm5,%mm5
-	pxor	%mm2,%mm1
-	pxor	%mm6,%mm5
-	movq	%mm1,%mm3
-	movq	%mm5,%mm7
-	movq	%mm1,%mm2
-	movq	%mm5,%mm6
-	pxor	%mm1,%mm0
-	pxor	%mm5,%mm4
-	pslld	$24,%mm3
-	pslld	$24,%mm7
-	psrld	$8,%mm2
-	psrld	$8,%mm6
-	pxor	%mm3,%mm0
-	pxor	%mm7,%mm4
-	pxor	%mm2,%mm0
-	pxor	%mm6,%mm4
-	movq	8(%esp),%mm2
-	pxor	%mm3,%mm3
-	pxor	%mm7,%mm7
-	pcmpgtb	%mm1,%mm3
-	pcmpgtb	%mm5,%mm7
-	pand	%mm2,%mm3
-	pand	%mm2,%mm7
-	paddb	%mm1,%mm1
-	paddb	%mm5,%mm5
-	pxor	%mm3,%mm1
-	pxor	%mm7,%mm5
-	pshufw	$177,%mm1,%mm3
-	pshufw	$177,%mm5,%mm7
-	pxor	%mm1,%mm0
-	pxor	%mm5,%mm4
-	pxor	%mm3,%mm0
-	pxor	%mm7,%mm4
-	pxor	%mm3,%mm3
-	pxor	%mm7,%mm7
-	pcmpgtb	%mm1,%mm3
-	pcmpgtb	%mm5,%mm7
-	pand	%mm2,%mm3
-	pand	%mm2,%mm7
-	paddb	%mm1,%mm1
-	paddb	%mm5,%mm5
-	pxor	%mm3,%mm1
-	pxor	%mm7,%mm5
-	pxor	%mm1,%mm0
-	pxor	%mm5,%mm4
-	movq	%mm1,%mm3
-	movq	%mm5,%mm7
-	pshufw	$177,%mm1,%mm2
-	pshufw	$177,%mm5,%mm6
-	pxor	%mm2,%mm0
-	pxor	%mm6,%mm4
-	pslld	$8,%mm1
-	pslld	$8,%mm5
-	psrld	$8,%mm3
-	psrld	$8,%mm7
-	movq	(%edi),%mm2
-	movq	8(%edi),%mm6
-	pxor	%mm1,%mm0
-	pxor	%mm5,%mm4
-	pxor	%mm3,%mm0
-	pxor	%mm7,%mm4
-	movl	-128(%ebp),%eax
-	pslld	$16,%mm1
-	pslld	$16,%mm5
-	movl	-64(%ebp),%ebx
-	psrld	$16,%mm3
-	psrld	$16,%mm7
-	movl	(%ebp),%ecx
-	pxor	%mm1,%mm0
-	pxor	%mm5,%mm4
-	movl	64(%ebp),%edx
-	pxor	%mm3,%mm0
-	pxor	%mm7,%mm4
-	pxor	%mm2,%mm0
-	pxor	%mm6,%mm4
-	jmp	.L007loop
-.align	16
-.L008out:
-	pxor	(%edi),%mm0
-	pxor	8(%edi),%mm4
-	ret
-.size	_sse_AES_decrypt_compact,.-_sse_AES_decrypt_compact
-.type	_x86_AES_decrypt,@function
-.align	16
-_x86_AES_decrypt:
-	movl	%edi,20(%esp)
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	movl	240(%edi),%esi
-	leal	-2(%esi,%esi,1),%esi
-	leal	(%edi,%esi,8),%esi
-	movl	%esi,24(%esp)
-.align	16
-.L009loop:
-	movl	%eax,%esi
-	andl	$255,%esi
-	movl	(%ebp,%esi,8),%esi
-	movzbl	%dh,%edi
-	xorl	3(%ebp,%edi,8),%esi
-	movl	%ecx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	xorl	2(%ebp,%edi,8),%esi
-	movl	%ebx,%edi
-	shrl	$24,%edi
-	xorl	1(%ebp,%edi,8),%esi
-	movl	%esi,4(%esp)
-
-	movl	%ebx,%esi
-	andl	$255,%esi
-	movl	(%ebp,%esi,8),%esi
-	movzbl	%ah,%edi
-	xorl	3(%ebp,%edi,8),%esi
-	movl	%edx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	xorl	2(%ebp,%edi,8),%esi
-	movl	%ecx,%edi
-	shrl	$24,%edi
-	xorl	1(%ebp,%edi,8),%esi
-	movl	%esi,8(%esp)
-
-	movl	%ecx,%esi
-	andl	$255,%esi
-	movl	(%ebp,%esi,8),%esi
-	movzbl	%bh,%edi
-	xorl	3(%ebp,%edi,8),%esi
-	movl	%eax,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	xorl	2(%ebp,%edi,8),%esi
-	movl	%edx,%edi
-	shrl	$24,%edi
-	xorl	1(%ebp,%edi,8),%esi
-
-	movl	20(%esp),%edi
-	andl	$255,%edx
-	movl	(%ebp,%edx,8),%edx
-	movzbl	%ch,%ecx
-	xorl	3(%ebp,%ecx,8),%edx
-	movl	%esi,%ecx
-	shrl	$16,%ebx
-	andl	$255,%ebx
-	xorl	2(%ebp,%ebx,8),%edx
-	movl	8(%esp),%ebx
-	shrl	$24,%eax
-	xorl	1(%ebp,%eax,8),%edx
-	movl	4(%esp),%eax
-
-	addl	$16,%edi
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	cmpl	24(%esp),%edi
-	movl	%edi,20(%esp)
-	jb	.L009loop
-	leal	2176(%ebp),%ebp
-	movl	-128(%ebp),%edi
-	movl	-96(%ebp),%esi
-	movl	-64(%ebp),%edi
-	movl	-32(%ebp),%esi
-	movl	(%ebp),%edi
-	movl	32(%ebp),%esi
-	movl	64(%ebp),%edi
-	movl	96(%ebp),%esi
-	leal	-128(%ebp),%ebp
-	movl	%eax,%esi
-	andl	$255,%esi
-	movzbl	(%ebp,%esi,1),%esi
-	movzbl	%dh,%edi
-	movzbl	(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%ecx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%ebx,%edi
-	shrl	$24,%edi
-	movzbl	(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	movl	%esi,4(%esp)
-	movl	%ebx,%esi
-	andl	$255,%esi
-	movzbl	(%ebp,%esi,1),%esi
-	movzbl	%ah,%edi
-	movzbl	(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%edx,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%ecx,%edi
-	shrl	$24,%edi
-	movzbl	(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	movl	%esi,8(%esp)
-	movl	%ecx,%esi
-	andl	$255,%esi
-	movzbl	(%ebp,%esi,1),%esi
-	movzbl	%bh,%edi
-	movzbl	(%ebp,%edi,1),%edi
-	shll	$8,%edi
-	xorl	%edi,%esi
-	movl	%eax,%edi
-	shrl	$16,%edi
-	andl	$255,%edi
-	movzbl	(%ebp,%edi,1),%edi
-	shll	$16,%edi
-	xorl	%edi,%esi
-	movl	%edx,%edi
-	shrl	$24,%edi
-	movzbl	(%ebp,%edi,1),%edi
-	shll	$24,%edi
-	xorl	%edi,%esi
-	movl	20(%esp),%edi
-	andl	$255,%edx
-	movzbl	(%ebp,%edx,1),%edx
-	movzbl	%ch,%ecx
-	movzbl	(%ebp,%ecx,1),%ecx
-	shll	$8,%ecx
-	xorl	%ecx,%edx
-	movl	%esi,%ecx
-	shrl	$16,%ebx
-	andl	$255,%ebx
-	movzbl	(%ebp,%ebx,1),%ebx
-	shll	$16,%ebx
-	xorl	%ebx,%edx
-	movl	8(%esp),%ebx
-	shrl	$24,%eax
-	movzbl	(%ebp,%eax,1),%eax
-	shll	$24,%eax
-	xorl	%eax,%edx
-	movl	4(%esp),%eax
-	leal	-2048(%ebp),%ebp
-	addl	$16,%edi
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	ret
-.align	64
-.LAES_Td:
-.long	1353184337,1353184337
-.long	1399144830,1399144830
-.long	3282310938,3282310938
-.long	2522752826,2522752826
-.long	3412831035,3412831035
-.long	4047871263,4047871263
-.long	2874735276,2874735276
-.long	2466505547,2466505547
-.long	1442459680,1442459680
-.long	4134368941,4134368941
-.long	2440481928,2440481928
-.long	625738485,625738485
-.long	4242007375,4242007375
-.long	3620416197,3620416197
-.long	2151953702,2151953702
-.long	2409849525,2409849525
-.long	1230680542,1230680542
-.long	1729870373,1729870373
-.long	2551114309,2551114309
-.long	3787521629,3787521629
-.long	41234371,41234371
-.long	317738113,317738113
-.long	2744600205,2744600205
-.long	3338261355,3338261355
-.long	3881799427,3881799427
-.long	2510066197,2510066197
-.long	3950669247,3950669247
-.long	3663286933,3663286933
-.long	763608788,763608788
-.long	3542185048,3542185048
-.long	694804553,694804553
-.long	1154009486,1154009486
-.long	1787413109,1787413109
-.long	2021232372,2021232372
-.long	1799248025,1799248025
-.long	3715217703,3715217703
-.long	3058688446,3058688446
-.long	397248752,397248752
-.long	1722556617,1722556617
-.long	3023752829,3023752829
-.long	407560035,407560035
-.long	2184256229,2184256229
-.long	1613975959,1613975959
-.long	1165972322,1165972322
-.long	3765920945,3765920945
-.long	2226023355,2226023355
-.long	480281086,480281086
-.long	2485848313,2485848313
-.long	1483229296,1483229296
-.long	436028815,436028815
-.long	2272059028,2272059028
-.long	3086515026,3086515026
-.long	601060267,601060267
-.long	3791801202,3791801202
-.long	1468997603,1468997603
-.long	715871590,715871590
-.long	120122290,120122290
-.long	63092015,63092015
-.long	2591802758,2591802758
-.long	2768779219,2768779219
-.long	4068943920,4068943920
-.long	2997206819,2997206819
-.long	3127509762,3127509762
-.long	1552029421,1552029421
-.long	723308426,723308426
-.long	2461301159,2461301159
-.long	4042393587,4042393587
-.long	2715969870,2715969870
-.long	3455375973,3455375973
-.long	3586000134,3586000134
-.long	526529745,526529745
-.long	2331944644,2331944644
-.long	2639474228,2639474228
-.long	2689987490,2689987490
-.long	853641733,853641733
-.long	1978398372,1978398372
-.long	971801355,971801355
-.long	2867814464,2867814464
-.long	111112542,111112542
-.long	1360031421,1360031421
-.long	4186579262,4186579262
-.long	1023860118,1023860118
-.long	2919579357,2919579357
-.long	1186850381,1186850381
-.long	3045938321,3045938321
-.long	90031217,90031217
-.long	1876166148,1876166148
-.long	4279586912,4279586912
-.long	620468249,620468249
-.long	2548678102,2548678102
-.long	3426959497,3426959497
-.long	2006899047,2006899047
-.long	3175278768,3175278768
-.long	2290845959,2290845959
-.long	945494503,945494503
-.long	3689859193,3689859193
-.long	1191869601,1191869601
-.long	3910091388,3910091388
-.long	3374220536,3374220536
-.long	0,0
-.long	2206629897,2206629897
-.long	1223502642,1223502642
-.long	2893025566,2893025566
-.long	1316117100,1316117100
-.long	4227796733,4227796733
-.long	1446544655,1446544655
-.long	517320253,517320253
-.long	658058550,658058550
-.long	1691946762,1691946762
-.long	564550760,564550760
-.long	3511966619,3511966619
-.long	976107044,976107044
-.long	2976320012,2976320012
-.long	266819475,266819475
-.long	3533106868,3533106868
-.long	2660342555,2660342555
-.long	1338359936,1338359936
-.long	2720062561,2720062561
-.long	1766553434,1766553434
-.long	370807324,370807324
-.long	179999714,179999714
-.long	3844776128,3844776128
-.long	1138762300,1138762300
-.long	488053522,488053522
-.long	185403662,185403662
-.long	2915535858,2915535858
-.long	3114841645,3114841645
-.long	3366526484,3366526484
-.long	2233069911,2233069911
-.long	1275557295,1275557295
-.long	3151862254,3151862254
-.long	4250959779,4250959779
-.long	2670068215,2670068215
-.long	3170202204,3170202204
-.long	3309004356,3309004356
-.long	880737115,880737115
-.long	1982415755,1982415755
-.long	3703972811,3703972811
-.long	1761406390,1761406390
-.long	1676797112,1676797112
-.long	3403428311,3403428311
-.long	277177154,277177154
-.long	1076008723,1076008723
-.long	538035844,538035844
-.long	2099530373,2099530373
-.long	4164795346,4164795346
-.long	288553390,288553390
-.long	1839278535,1839278535
-.long	1261411869,1261411869
-.long	4080055004,4080055004
-.long	3964831245,3964831245
-.long	3504587127,3504587127
-.long	1813426987,1813426987
-.long	2579067049,2579067049
-.long	4199060497,4199060497
-.long	577038663,577038663
-.long	3297574056,3297574056
-.long	440397984,440397984
-.long	3626794326,3626794326
-.long	4019204898,4019204898
-.long	3343796615,3343796615
-.long	3251714265,3251714265
-.long	4272081548,4272081548
-.long	906744984,906744984
-.long	3481400742,3481400742
-.long	685669029,685669029
-.long	646887386,646887386
-.long	2764025151,2764025151
-.long	3835509292,3835509292
-.long	227702864,227702864
-.long	2613862250,2613862250
-.long	1648787028,1648787028
-.long	3256061430,3256061430
-.long	3904428176,3904428176
-.long	1593260334,1593260334
-.long	4121936770,4121936770
-.long	3196083615,3196083615
-.long	2090061929,2090061929
-.long	2838353263,2838353263
-.long	3004310991,3004310991
-.long	999926984,999926984
-.long	2809993232,2809993232
-.long	1852021992,1852021992
-.long	2075868123,2075868123
-.long	158869197,158869197
-.long	4095236462,4095236462
-.long	28809964,28809964
-.long	2828685187,2828685187
-.long	1701746150,1701746150
-.long	2129067946,2129067946
-.long	147831841,147831841
-.long	3873969647,3873969647
-.long	3650873274,3650873274
-.long	3459673930,3459673930
-.long	3557400554,3557400554
-.long	3598495785,3598495785
-.long	2947720241,2947720241
-.long	824393514,824393514
-.long	815048134,815048134
-.long	3227951669,3227951669
-.long	935087732,935087732
-.long	2798289660,2798289660
-.long	2966458592,2966458592
-.long	366520115,366520115
-.long	1251476721,1251476721
-.long	4158319681,4158319681
-.long	240176511,240176511
-.long	804688151,804688151
-.long	2379631990,2379631990
-.long	1303441219,1303441219
-.long	1414376140,1414376140
-.long	3741619940,3741619940
-.long	3820343710,3820343710
-.long	461924940,461924940
-.long	3089050817,3089050817
-.long	2136040774,2136040774
-.long	82468509,82468509
-.long	1563790337,1563790337
-.long	1937016826,1937016826
-.long	776014843,776014843
-.long	1511876531,1511876531
-.long	1389550482,1389550482
-.long	861278441,861278441
-.long	323475053,323475053
-.long	2355222426,2355222426
-.long	2047648055,2047648055
-.long	2383738969,2383738969
-.long	2302415851,2302415851
-.long	3995576782,3995576782
-.long	902390199,902390199
-.long	3991215329,3991215329
-.long	1018251130,1018251130
-.long	1507840668,1507840668
-.long	1064563285,1064563285
-.long	2043548696,2043548696
-.long	3208103795,3208103795
-.long	3939366739,3939366739
-.long	1537932639,1537932639
-.long	342834655,342834655
-.long	2262516856,2262516856
-.long	2180231114,2180231114
-.long	1053059257,1053059257
-.long	741614648,741614648
-.long	1598071746,1598071746
-.long	1925389590,1925389590
-.long	203809468,203809468
-.long	2336832552,2336832552
-.long	1100287487,1100287487
-.long	1895934009,1895934009
-.long	3736275976,3736275976
-.long	2632234200,2632234200
-.long	2428589668,2428589668
-.long	1636092795,1636092795
-.long	1890988757,1890988757
-.long	1952214088,1952214088
-.long	1113045200,1113045200
-.byte	82,9,106,213,48,54,165,56
-.byte	191,64,163,158,129,243,215,251
-.byte	124,227,57,130,155,47,255,135
-.byte	52,142,67,68,196,222,233,203
-.byte	84,123,148,50,166,194,35,61
-.byte	238,76,149,11,66,250,195,78
-.byte	8,46,161,102,40,217,36,178
-.byte	118,91,162,73,109,139,209,37
-.byte	114,248,246,100,134,104,152,22
-.byte	212,164,92,204,93,101,182,146
-.byte	108,112,72,80,253,237,185,218
-.byte	94,21,70,87,167,141,157,132
-.byte	144,216,171,0,140,188,211,10
-.byte	247,228,88,5,184,179,69,6
-.byte	208,44,30,143,202,63,15,2
-.byte	193,175,189,3,1,19,138,107
-.byte	58,145,17,65,79,103,220,234
-.byte	151,242,207,206,240,180,230,115
-.byte	150,172,116,34,231,173,53,133
-.byte	226,249,55,232,28,117,223,110
-.byte	71,241,26,113,29,41,197,137
-.byte	111,183,98,14,170,24,190,27
-.byte	252,86,62,75,198,210,121,32
-.byte	154,219,192,254,120,205,90,244
-.byte	31,221,168,51,136,7,199,49
-.byte	177,18,16,89,39,128,236,95
-.byte	96,81,127,169,25,181,74,13
-.byte	45,229,122,159,147,201,156,239
-.byte	160,224,59,77,174,42,245,176
-.byte	200,235,187,60,131,83,153,97
-.byte	23,43,4,126,186,119,214,38
-.byte	225,105,20,99,85,33,12,125
-.byte	82,9,106,213,48,54,165,56
-.byte	191,64,163,158,129,243,215,251
-.byte	124,227,57,130,155,47,255,135
-.byte	52,142,67,68,196,222,233,203
-.byte	84,123,148,50,166,194,35,61
-.byte	238,76,149,11,66,250,195,78
-.byte	8,46,161,102,40,217,36,178
-.byte	118,91,162,73,109,139,209,37
-.byte	114,248,246,100,134,104,152,22
-.byte	212,164,92,204,93,101,182,146
-.byte	108,112,72,80,253,237,185,218
-.byte	94,21,70,87,167,141,157,132
-.byte	144,216,171,0,140,188,211,10
-.byte	247,228,88,5,184,179,69,6
-.byte	208,44,30,143,202,63,15,2
-.byte	193,175,189,3,1,19,138,107
-.byte	58,145,17,65,79,103,220,234
-.byte	151,242,207,206,240,180,230,115
-.byte	150,172,116,34,231,173,53,133
-.byte	226,249,55,232,28,117,223,110
-.byte	71,241,26,113,29,41,197,137
-.byte	111,183,98,14,170,24,190,27
-.byte	252,86,62,75,198,210,121,32
-.byte	154,219,192,254,120,205,90,244
-.byte	31,221,168,51,136,7,199,49
-.byte	177,18,16,89,39,128,236,95
-.byte	96,81,127,169,25,181,74,13
-.byte	45,229,122,159,147,201,156,239
-.byte	160,224,59,77,174,42,245,176
-.byte	200,235,187,60,131,83,153,97
-.byte	23,43,4,126,186,119,214,38
-.byte	225,105,20,99,85,33,12,125
-.byte	82,9,106,213,48,54,165,56
-.byte	191,64,163,158,129,243,215,251
-.byte	124,227,57,130,155,47,255,135
-.byte	52,142,67,68,196,222,233,203
-.byte	84,123,148,50,166,194,35,61
-.byte	238,76,149,11,66,250,195,78
-.byte	8,46,161,102,40,217,36,178
-.byte	118,91,162,73,109,139,209,37
-.byte	114,248,246,100,134,104,152,22
-.byte	212,164,92,204,93,101,182,146
-.byte	108,112,72,80,253,237,185,218
-.byte	94,21,70,87,167,141,157,132
-.byte	144,216,171,0,140,188,211,10
-.byte	247,228,88,5,184,179,69,6
-.byte	208,44,30,143,202,63,15,2
-.byte	193,175,189,3,1,19,138,107
-.byte	58,145,17,65,79,103,220,234
-.byte	151,242,207,206,240,180,230,115
-.byte	150,172,116,34,231,173,53,133
-.byte	226,249,55,232,28,117,223,110
-.byte	71,241,26,113,29,41,197,137
-.byte	111,183,98,14,170,24,190,27
-.byte	252,86,62,75,198,210,121,32
-.byte	154,219,192,254,120,205,90,244
-.byte	31,221,168,51,136,7,199,49
-.byte	177,18,16,89,39,128,236,95
-.byte	96,81,127,169,25,181,74,13
-.byte	45,229,122,159,147,201,156,239
-.byte	160,224,59,77,174,42,245,176
-.byte	200,235,187,60,131,83,153,97
-.byte	23,43,4,126,186,119,214,38
-.byte	225,105,20,99,85,33,12,125
-.byte	82,9,106,213,48,54,165,56
-.byte	191,64,163,158,129,243,215,251
-.byte	124,227,57,130,155,47,255,135
-.byte	52,142,67,68,196,222,233,203
-.byte	84,123,148,50,166,194,35,61
-.byte	238,76,149,11,66,250,195,78
-.byte	8,46,161,102,40,217,36,178
-.byte	118,91,162,73,109,139,209,37
-.byte	114,248,246,100,134,104,152,22
-.byte	212,164,92,204,93,101,182,146
-.byte	108,112,72,80,253,237,185,218
-.byte	94,21,70,87,167,141,157,132
-.byte	144,216,171,0,140,188,211,10
-.byte	247,228,88,5,184,179,69,6
-.byte	208,44,30,143,202,63,15,2
-.byte	193,175,189,3,1,19,138,107
-.byte	58,145,17,65,79,103,220,234
-.byte	151,242,207,206,240,180,230,115
-.byte	150,172,116,34,231,173,53,133
-.byte	226,249,55,232,28,117,223,110
-.byte	71,241,26,113,29,41,197,137
-.byte	111,183,98,14,170,24,190,27
-.byte	252,86,62,75,198,210,121,32
-.byte	154,219,192,254,120,205,90,244
-.byte	31,221,168,51,136,7,199,49
-.byte	177,18,16,89,39,128,236,95
-.byte	96,81,127,169,25,181,74,13
-.byte	45,229,122,159,147,201,156,239
-.byte	160,224,59,77,174,42,245,176
-.byte	200,235,187,60,131,83,153,97
-.byte	23,43,4,126,186,119,214,38
-.byte	225,105,20,99,85,33,12,125
-.size	_x86_AES_decrypt,.-_x86_AES_decrypt
-.globl	AES_decrypt
-.type	AES_decrypt,@function
-.align	16
-AES_decrypt:
-.L_AES_decrypt_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%esi
-	movl	28(%esp),%edi
-	movl	%esp,%eax
-	subl	$36,%esp
-	andl	$-64,%esp
-	leal	-127(%edi),%ebx
-	subl	%esp,%ebx
-	negl	%ebx
-	andl	$960,%ebx
-	subl	%ebx,%esp
-	addl	$4,%esp
-	movl	%eax,28(%esp)
-	call	.L010pic_point
-.L010pic_point:
-	popl	%ebp
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L010pic_point](%ebp),%eax
-	movl	OPENSSL_ia32cap_P@GOT(%eax),%eax
-	leal	.LAES_Td-.L010pic_point(%ebp),%ebp
-	leal	764(%esp),%ebx
-	subl	%ebp,%ebx
-	andl	$768,%ebx
-	leal	2176(%ebp,%ebx,1),%ebp
-	btl	$25,(%eax)
-	jnc	.L011x86
-	movq	(%esi),%mm0
-	movq	8(%esi),%mm4
-	call	_sse_AES_decrypt_compact
-	movl	28(%esp),%esp
-	movl	24(%esp),%esi
-	movq	%mm0,(%esi)
-	movq	%mm4,8(%esi)
-	emms
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align	16
-.L011x86:
-	movl	%ebp,24(%esp)
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	call	_x86_AES_decrypt_compact
-	movl	28(%esp),%esp
-	movl	24(%esp),%esi
-	movl	%eax,(%esi)
-	movl	%ebx,4(%esi)
-	movl	%ecx,8(%esi)
-	movl	%edx,12(%esi)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	AES_decrypt,.-.L_AES_decrypt_begin
-.globl	AES_cbc_encrypt
-.type	AES_cbc_encrypt,@function
-.align	16
-AES_cbc_encrypt:
-.L_AES_cbc_encrypt_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),%ecx
-	cmpl	$0,%ecx
-	je	.L012drop_out
-	call	.L013pic_point
-.L013pic_point:
-	popl	%ebp
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L013pic_point](%ebp),%eax
-	movl	OPENSSL_ia32cap_P@GOT(%eax),%eax
-	cmpl	$0,40(%esp)
-	leal	.LAES_Te-.L013pic_point(%ebp),%ebp
-	jne	.L014picked_te
-	leal	.LAES_Td-.LAES_Te(%ebp),%ebp
-.L014picked_te:
-	pushfl
-	cld
-	cmpl	$512,%ecx
-	jb	.L015slow_way
-	testl	$15,%ecx
-	jnz	.L015slow_way
-	btl	$28,(%eax)
-	jc	.L015slow_way
-	leal	-324(%esp),%esi
-	andl	$-64,%esi
-	movl	%ebp,%eax
-	leal	2304(%ebp),%ebx
-	movl	%esi,%edx
-	andl	$4095,%eax
-	andl	$4095,%ebx
-	andl	$4095,%edx
-	cmpl	%ebx,%edx
-	jb	.L016tbl_break_out
-	subl	%ebx,%edx
-	subl	%edx,%esi
-	jmp	.L017tbl_ok
-.align	4
-.L016tbl_break_out:
-	subl	%eax,%edx
-	andl	$4095,%edx
-	addl	$384,%edx
-	subl	%edx,%esi
-.align	4
-.L017tbl_ok:
-	leal	24(%esp),%edx
-	xchgl	%esi,%esp
-	addl	$4,%esp
-	movl	%ebp,24(%esp)
-	movl	%esi,28(%esp)
-	movl	(%edx),%eax
-	movl	4(%edx),%ebx
-	movl	12(%edx),%edi
-	movl	16(%edx),%esi
-	movl	20(%edx),%edx
-	movl	%eax,32(%esp)
-	movl	%ebx,36(%esp)
-	movl	%ecx,40(%esp)
-	movl	%edi,44(%esp)
-	movl	%esi,48(%esp)
-	movl	$0,316(%esp)
-	movl	%edi,%ebx
-	movl	$61,%ecx
-	subl	%ebp,%ebx
-	movl	%edi,%esi
-	andl	$4095,%ebx
-	leal	76(%esp),%edi
-	cmpl	$2304,%ebx
-	jb	.L018do_copy
-	cmpl	$3852,%ebx
-	jb	.L019skip_copy
-.align	4
-.L018do_copy:
-	movl	%edi,44(%esp)
-.long	2784229001
-.L019skip_copy:
-	movl	$16,%edi
-.align	4
-.L020prefetch_tbl:
-	movl	(%ebp),%eax
-	movl	32(%ebp),%ebx
-	movl	64(%ebp),%ecx
-	movl	96(%ebp),%esi
-	leal	128(%ebp),%ebp
-	subl	$1,%edi
-	jnz	.L020prefetch_tbl
-	subl	$2048,%ebp
-	movl	32(%esp),%esi
-	movl	48(%esp),%edi
-	cmpl	$0,%edx
-	je	.L021fast_decrypt
-	movl	(%edi),%eax
-	movl	4(%edi),%ebx
-.align	16
-.L022fast_enc_loop:
-	movl	8(%edi),%ecx
-	movl	12(%edi),%edx
-	xorl	(%esi),%eax
-	xorl	4(%esi),%ebx
-	xorl	8(%esi),%ecx
-	xorl	12(%esi),%edx
-	movl	44(%esp),%edi
-	call	_x86_AES_encrypt
-	movl	32(%esp),%esi
-	movl	36(%esp),%edi
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,12(%edi)
-	leal	16(%esi),%esi
-	movl	40(%esp),%ecx
-	movl	%esi,32(%esp)
-	leal	16(%edi),%edx
-	movl	%edx,36(%esp)
-	subl	$16,%ecx
-	movl	%ecx,40(%esp)
-	jnz	.L022fast_enc_loop
-	movl	48(%esp),%esi
-	movl	8(%edi),%ecx
-	movl	12(%edi),%edx
-	movl	%eax,(%esi)
-	movl	%ebx,4(%esi)
-	movl	%ecx,8(%esi)
-	movl	%edx,12(%esi)
-	cmpl	$0,316(%esp)
-	movl	44(%esp),%edi
-	je	.L023skip_ezero
-	movl	$60,%ecx
-	xorl	%eax,%eax
-.align	4
-.long	2884892297
-.L023skip_ezero:
-	movl	28(%esp),%esp
-	popfl
-.L012drop_out:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-	pushfl
-.align	16
-.L021fast_decrypt:
-	cmpl	36(%esp),%esi
-	je	.L024fast_dec_in_place
-	movl	%edi,52(%esp)
-.align	4
-.align	16
-.L025fast_dec_loop:
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	movl	44(%esp),%edi
-	call	_x86_AES_decrypt
-	movl	52(%esp),%edi
-	movl	40(%esp),%esi
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	movl	36(%esp),%edi
-	movl	32(%esp),%esi
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,12(%edi)
-	movl	40(%esp),%ecx
-	movl	%esi,52(%esp)
-	leal	16(%esi),%esi
-	movl	%esi,32(%esp)
-	leal	16(%edi),%edi
-	movl	%edi,36(%esp)
-	subl	$16,%ecx
-	movl	%ecx,40(%esp)
-	jnz	.L025fast_dec_loop
-	movl	52(%esp),%edi
-	movl	48(%esp),%esi
-	movl	(%edi),%eax
-	movl	4(%edi),%ebx
-	movl	8(%edi),%ecx
-	movl	12(%edi),%edx
-	movl	%eax,(%esi)
-	movl	%ebx,4(%esi)
-	movl	%ecx,8(%esi)
-	movl	%edx,12(%esi)
-	jmp	.L026fast_dec_out
-.align	16
-.L024fast_dec_in_place:
-.L027fast_dec_in_place_loop:
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	leal	60(%esp),%edi
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,12(%edi)
-	movl	44(%esp),%edi
-	call	_x86_AES_decrypt
-	movl	48(%esp),%edi
-	movl	36(%esp),%esi
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	movl	%eax,(%esi)
-	movl	%ebx,4(%esi)
-	movl	%ecx,8(%esi)
-	movl	%edx,12(%esi)
-	leal	16(%esi),%esi
-	movl	%esi,36(%esp)
-	leal	60(%esp),%esi
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,12(%edi)
-	movl	32(%esp),%esi
-	movl	40(%esp),%ecx
-	leal	16(%esi),%esi
-	movl	%esi,32(%esp)
-	subl	$16,%ecx
-	movl	%ecx,40(%esp)
-	jnz	.L027fast_dec_in_place_loop
-.align	4
-.L026fast_dec_out:
-	cmpl	$0,316(%esp)
-	movl	44(%esp),%edi
-	je	.L028skip_dzero
-	movl	$60,%ecx
-	xorl	%eax,%eax
-.align	4
-.long	2884892297
-.L028skip_dzero:
-	movl	28(%esp),%esp
-	popfl
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-	pushfl
-.align	16
-.L015slow_way:
-	movl	(%eax),%eax
-	movl	36(%esp),%edi
-	leal	-80(%esp),%esi
-	andl	$-64,%esi
-	leal	-143(%edi),%ebx
-	subl	%esi,%ebx
-	negl	%ebx
-	andl	$960,%ebx
-	subl	%ebx,%esi
-	leal	768(%esi),%ebx
-	subl	%ebp,%ebx
-	andl	$768,%ebx
-	leal	2176(%ebp,%ebx,1),%ebp
-	leal	24(%esp),%edx
-	xchgl	%esi,%esp
-	addl	$4,%esp
-	movl	%ebp,24(%esp)
-	movl	%esi,28(%esp)
-	movl	%eax,52(%esp)
-	movl	(%edx),%eax
-	movl	4(%edx),%ebx
-	movl	16(%edx),%esi
-	movl	20(%edx),%edx
-	movl	%eax,32(%esp)
-	movl	%ebx,36(%esp)
-	movl	%ecx,40(%esp)
-	movl	%edi,44(%esp)
-	movl	%esi,48(%esp)
-	movl	%esi,%edi
-	movl	%eax,%esi
-	cmpl	$0,%edx
-	je	.L029slow_decrypt
-	cmpl	$16,%ecx
-	movl	%ebx,%edx
-	jb	.L030slow_enc_tail
-	btl	$25,52(%esp)
-	jnc	.L031slow_enc_x86
-	movq	(%edi),%mm0
-	movq	8(%edi),%mm4
-.align	16
-.L032slow_enc_loop_sse:
-	pxor	(%esi),%mm0
-	pxor	8(%esi),%mm4
-	movl	44(%esp),%edi
-	call	_sse_AES_encrypt_compact
-	movl	32(%esp),%esi
-	movl	36(%esp),%edi
-	movl	40(%esp),%ecx
-	movq	%mm0,(%edi)
-	movq	%mm4,8(%edi)
-	leal	16(%esi),%esi
-	movl	%esi,32(%esp)
-	leal	16(%edi),%edx
-	movl	%edx,36(%esp)
-	subl	$16,%ecx
-	cmpl	$16,%ecx
-	movl	%ecx,40(%esp)
-	jae	.L032slow_enc_loop_sse
-	testl	$15,%ecx
-	jnz	.L030slow_enc_tail
-	movl	48(%esp),%esi
-	movq	%mm0,(%esi)
-	movq	%mm4,8(%esi)
-	emms
-	movl	28(%esp),%esp
-	popfl
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-	pushfl
-.align	16
-.L031slow_enc_x86:
-	movl	(%edi),%eax
-	movl	4(%edi),%ebx
-.align	4
-.L033slow_enc_loop_x86:
-	movl	8(%edi),%ecx
-	movl	12(%edi),%edx
-	xorl	(%esi),%eax
-	xorl	4(%esi),%ebx
-	xorl	8(%esi),%ecx
-	xorl	12(%esi),%edx
-	movl	44(%esp),%edi
-	call	_x86_AES_encrypt_compact
-	movl	32(%esp),%esi
-	movl	36(%esp),%edi
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,12(%edi)
-	movl	40(%esp),%ecx
-	leal	16(%esi),%esi
-	movl	%esi,32(%esp)
-	leal	16(%edi),%edx
-	movl	%edx,36(%esp)
-	subl	$16,%ecx
-	cmpl	$16,%ecx
-	movl	%ecx,40(%esp)
-	jae	.L033slow_enc_loop_x86
-	testl	$15,%ecx
-	jnz	.L030slow_enc_tail
-	movl	48(%esp),%esi
-	movl	8(%edi),%ecx
-	movl	12(%edi),%edx
-	movl	%eax,(%esi)
-	movl	%ebx,4(%esi)
-	movl	%ecx,8(%esi)
-	movl	%edx,12(%esi)
-	movl	28(%esp),%esp
-	popfl
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-	pushfl
-.align	16
-.L030slow_enc_tail:
-	emms
-	movl	%edx,%edi
-	movl	$16,%ebx
-	subl	%ecx,%ebx
-	cmpl	%esi,%edi
-	je	.L034enc_in_place
-.align	4
-.long	2767451785
-	jmp	.L035enc_skip_in_place
-.L034enc_in_place:
-	leal	(%edi,%ecx,1),%edi
-.L035enc_skip_in_place:
-	movl	%ebx,%ecx
-	xorl	%eax,%eax
-.align	4
-.long	2868115081
-	movl	48(%esp),%edi
-	movl	%edx,%esi
-	movl	(%edi),%eax
-	movl	4(%edi),%ebx
-	movl	$16,40(%esp)
-	jmp	.L033slow_enc_loop_x86
-.align	16
-.L029slow_decrypt:
-	btl	$25,52(%esp)
-	jnc	.L036slow_dec_loop_x86
-.align	4
-.L037slow_dec_loop_sse:
-	movq	(%esi),%mm0
-	movq	8(%esi),%mm4
-	movl	44(%esp),%edi
-	call	_sse_AES_decrypt_compact
-	movl	32(%esp),%esi
-	leal	60(%esp),%eax
-	movl	36(%esp),%ebx
-	movl	40(%esp),%ecx
-	movl	48(%esp),%edi
-	movq	(%esi),%mm1
-	movq	8(%esi),%mm5
-	pxor	(%edi),%mm0
-	pxor	8(%edi),%mm4
-	movq	%mm1,(%edi)
-	movq	%mm5,8(%edi)
-	subl	$16,%ecx
-	jc	.L038slow_dec_partial_sse
-	movq	%mm0,(%ebx)
-	movq	%mm4,8(%ebx)
-	leal	16(%ebx),%ebx
-	movl	%ebx,36(%esp)
-	leal	16(%esi),%esi
-	movl	%esi,32(%esp)
-	movl	%ecx,40(%esp)
-	jnz	.L037slow_dec_loop_sse
-	emms
-	movl	28(%esp),%esp
-	popfl
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-	pushfl
-.align	16
-.L038slow_dec_partial_sse:
-	movq	%mm0,(%eax)
-	movq	%mm4,8(%eax)
-	emms
-	addl	$16,%ecx
-	movl	%ebx,%edi
-	movl	%eax,%esi
-.align	4
-.long	2767451785
-	movl	28(%esp),%esp
-	popfl
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-	pushfl
-.align	16
-.L036slow_dec_loop_x86:
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	leal	60(%esp),%edi
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,12(%edi)
-	movl	44(%esp),%edi
-	call	_x86_AES_decrypt_compact
-	movl	48(%esp),%edi
-	movl	40(%esp),%esi
-	xorl	(%edi),%eax
-	xorl	4(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	12(%edi),%edx
-	subl	$16,%esi
-	jc	.L039slow_dec_partial_x86
-	movl	%esi,40(%esp)
-	movl	36(%esp),%esi
-	movl	%eax,(%esi)
-	movl	%ebx,4(%esi)
-	movl	%ecx,8(%esi)
-	movl	%edx,12(%esi)
-	leal	16(%esi),%esi
-	movl	%esi,36(%esp)
-	leal	60(%esp),%esi
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,12(%edi)
-	movl	32(%esp),%esi
-	leal	16(%esi),%esi
-	movl	%esi,32(%esp)
-	jnz	.L036slow_dec_loop_x86
-	movl	28(%esp),%esp
-	popfl
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-	pushfl
-.align	16
-.L039slow_dec_partial_x86:
-	leal	60(%esp),%esi
-	movl	%eax,(%esi)
-	movl	%ebx,4(%esi)
-	movl	%ecx,8(%esi)
-	movl	%edx,12(%esi)
-	movl	32(%esp),%esi
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,12(%edi)
-	movl	40(%esp),%ecx
-	movl	36(%esp),%edi
-	leal	60(%esp),%esi
-.align	4
-.long	2767451785
-	movl	28(%esp),%esp
-	popfl
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	AES_cbc_encrypt,.-.L_AES_cbc_encrypt_begin
-.type	_x86_AES_set_encrypt_key,@function
-.align	16
-_x86_AES_set_encrypt_key:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	24(%esp),%esi
-	movl	32(%esp),%edi
-	testl	$-1,%esi
-	jz	.L040badpointer
-	testl	$-1,%edi
-	jz	.L040badpointer
-	call	.L041pic_point
-.L041pic_point:
-	popl	%ebp
-	leal	.LAES_Te-.L041pic_point(%ebp),%ebp
-	leal	2176(%ebp),%ebp
-	movl	-128(%ebp),%eax
-	movl	-96(%ebp),%ebx
-	movl	-64(%ebp),%ecx
-	movl	-32(%ebp),%edx
-	movl	(%ebp),%eax
-	movl	32(%ebp),%ebx
-	movl	64(%ebp),%ecx
-	movl	96(%ebp),%edx
-	movl	28(%esp),%ecx
-	cmpl	$128,%ecx
-	je	.L04210rounds
-	cmpl	$192,%ecx
-	je	.L04312rounds
-	cmpl	$256,%ecx
-	je	.L04414rounds
-	movl	$-2,%eax
-	jmp	.L045exit
-.L04210rounds:
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,12(%edi)
-	xorl	%ecx,%ecx
-	jmp	.L04610shortcut
-.align	4
-.L04710loop:
-	movl	(%edi),%eax
-	movl	12(%edi),%edx
-.L04610shortcut:
-	movzbl	%dl,%esi
-	movzbl	-128(%ebp,%esi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$24,%ebx
-	xorl	%ebx,%eax
-	movzbl	-128(%ebp,%esi,1),%ebx
-	shrl	$16,%edx
-	movzbl	%dl,%esi
-	xorl	%ebx,%eax
-	movzbl	-128(%ebp,%esi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$8,%ebx
-	xorl	%ebx,%eax
-	movzbl	-128(%ebp,%esi,1),%ebx
-	shll	$16,%ebx
-	xorl	%ebx,%eax
-	xorl	896(%ebp,%ecx,4),%eax
-	movl	%eax,16(%edi)
-	xorl	4(%edi),%eax
-	movl	%eax,20(%edi)
-	xorl	8(%edi),%eax
-	movl	%eax,24(%edi)
-	xorl	12(%edi),%eax
-	movl	%eax,28(%edi)
-	incl	%ecx
-	addl	$16,%edi
-	cmpl	$10,%ecx
-	jl	.L04710loop
-	movl	$10,80(%edi)
-	xorl	%eax,%eax
-	jmp	.L045exit
-.L04312rounds:
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,12(%edi)
-	movl	16(%esi),%ecx
-	movl	20(%esi),%edx
-	movl	%ecx,16(%edi)
-	movl	%edx,20(%edi)
-	xorl	%ecx,%ecx
-	jmp	.L04812shortcut
-.align	4
-.L04912loop:
-	movl	(%edi),%eax
-	movl	20(%edi),%edx
-.L04812shortcut:
-	movzbl	%dl,%esi
-	movzbl	-128(%ebp,%esi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$24,%ebx
-	xorl	%ebx,%eax
-	movzbl	-128(%ebp,%esi,1),%ebx
-	shrl	$16,%edx
-	movzbl	%dl,%esi
-	xorl	%ebx,%eax
-	movzbl	-128(%ebp,%esi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$8,%ebx
-	xorl	%ebx,%eax
-	movzbl	-128(%ebp,%esi,1),%ebx
-	shll	$16,%ebx
-	xorl	%ebx,%eax
-	xorl	896(%ebp,%ecx,4),%eax
-	movl	%eax,24(%edi)
-	xorl	4(%edi),%eax
-	movl	%eax,28(%edi)
-	xorl	8(%edi),%eax
-	movl	%eax,32(%edi)
-	xorl	12(%edi),%eax
-	movl	%eax,36(%edi)
-	cmpl	$7,%ecx
-	je	.L05012break
-	incl	%ecx
-	xorl	16(%edi),%eax
-	movl	%eax,40(%edi)
-	xorl	20(%edi),%eax
-	movl	%eax,44(%edi)
-	addl	$24,%edi
-	jmp	.L04912loop
-.L05012break:
-	movl	$12,72(%edi)
-	xorl	%eax,%eax
-	jmp	.L045exit
-.L04414rounds:
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,12(%edi)
-	movl	16(%esi),%eax
-	movl	20(%esi),%ebx
-	movl	24(%esi),%ecx
-	movl	28(%esi),%edx
-	movl	%eax,16(%edi)
-	movl	%ebx,20(%edi)
-	movl	%ecx,24(%edi)
-	movl	%edx,28(%edi)
-	xorl	%ecx,%ecx
-	jmp	.L05114shortcut
-.align	4
-.L05214loop:
-	movl	28(%edi),%edx
-.L05114shortcut:
-	movl	(%edi),%eax
-	movzbl	%dl,%esi
-	movzbl	-128(%ebp,%esi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$24,%ebx
-	xorl	%ebx,%eax
-	movzbl	-128(%ebp,%esi,1),%ebx
-	shrl	$16,%edx
-	movzbl	%dl,%esi
-	xorl	%ebx,%eax
-	movzbl	-128(%ebp,%esi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$8,%ebx
-	xorl	%ebx,%eax
-	movzbl	-128(%ebp,%esi,1),%ebx
-	shll	$16,%ebx
-	xorl	%ebx,%eax
-	xorl	896(%ebp,%ecx,4),%eax
-	movl	%eax,32(%edi)
-	xorl	4(%edi),%eax
-	movl	%eax,36(%edi)
-	xorl	8(%edi),%eax
-	movl	%eax,40(%edi)
-	xorl	12(%edi),%eax
-	movl	%eax,44(%edi)
-	cmpl	$6,%ecx
-	je	.L05314break
-	incl	%ecx
-	movl	%eax,%edx
-	movl	16(%edi),%eax
-	movzbl	%dl,%esi
-	movzbl	-128(%ebp,%esi,1),%ebx
-	movzbl	%dh,%esi
-	xorl	%ebx,%eax
-	movzbl	-128(%ebp,%esi,1),%ebx
-	shrl	$16,%edx
-	shll	$8,%ebx
-	movzbl	%dl,%esi
-	xorl	%ebx,%eax
-	movzbl	-128(%ebp,%esi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$16,%ebx
-	xorl	%ebx,%eax
-	movzbl	-128(%ebp,%esi,1),%ebx
-	shll	$24,%ebx
-	xorl	%ebx,%eax
-	movl	%eax,48(%edi)
-	xorl	20(%edi),%eax
-	movl	%eax,52(%edi)
-	xorl	24(%edi),%eax
-	movl	%eax,56(%edi)
-	xorl	28(%edi),%eax
-	movl	%eax,60(%edi)
-	addl	$32,%edi
-	jmp	.L05214loop
-.L05314break:
-	movl	$14,48(%edi)
-	xorl	%eax,%eax
-	jmp	.L045exit
-.L040badpointer:
-	movl	$-1,%eax
-.L045exit:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	_x86_AES_set_encrypt_key,.-_x86_AES_set_encrypt_key
-.globl	private_AES_set_encrypt_key
-.type	private_AES_set_encrypt_key,@function
-.align	16
-private_AES_set_encrypt_key:
-.L_private_AES_set_encrypt_key_begin:
-	call	_x86_AES_set_encrypt_key
-	ret
-.size	private_AES_set_encrypt_key,.-.L_private_AES_set_encrypt_key_begin
-.globl	private_AES_set_decrypt_key
-.type	private_AES_set_decrypt_key,@function
-.align	16
-private_AES_set_decrypt_key:
-.L_private_AES_set_decrypt_key_begin:
-	call	_x86_AES_set_encrypt_key
-	cmpl	$0,%eax
-	je	.L054proceed
-	ret
-.L054proceed:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),%esi
-	movl	240(%esi),%ecx
-	leal	(,%ecx,4),%ecx
-	leal	(%esi,%ecx,4),%edi
-.align	4
-.L055invert:
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	(%edi),%ecx
-	movl	4(%edi),%edx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	movl	%ecx,(%esi)
-	movl	%edx,4(%esi)
-	movl	8(%esi),%eax
-	movl	12(%esi),%ebx
-	movl	8(%edi),%ecx
-	movl	12(%edi),%edx
-	movl	%eax,8(%edi)
-	movl	%ebx,12(%edi)
-	movl	%ecx,8(%esi)
-	movl	%edx,12(%esi)
-	addl	$16,%esi
-	subl	$16,%edi
-	cmpl	%edi,%esi
-	jne	.L055invert
-	movl	28(%esp),%edi
-	movl	240(%edi),%esi
-	leal	-2(%esi,%esi,1),%esi
-	leal	(%edi,%esi,8),%esi
-	movl	%esi,28(%esp)
-	movl	16(%edi),%eax
-.align	4
-.L056permute:
-	addl	$16,%edi
-	movl	%eax,%esi
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%eax,%eax,1),%ebx
-	subl	%ebp,%esi
-	andl	$4278124286,%ebx
-	andl	$454761243,%esi
-	xorl	%ebx,%esi
-	movl	%esi,%ebx
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%ebx,%ebx,1),%ecx
-	subl	%ebp,%esi
-	andl	$4278124286,%ecx
-	andl	$454761243,%esi
-	xorl	%eax,%ebx
-	xorl	%ecx,%esi
-	movl	%esi,%ecx
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%ecx,%ecx,1),%edx
-	xorl	%eax,%ecx
-	subl	%ebp,%esi
-	andl	$4278124286,%edx
-	andl	$454761243,%esi
-	roll	$8,%eax
-	xorl	%esi,%edx
-	movl	4(%edi),%ebp
-	xorl	%ebx,%eax
-	xorl	%edx,%ebx
-	xorl	%ecx,%eax
-	roll	$24,%ebx
-	xorl	%edx,%ecx
-	xorl	%edx,%eax
-	roll	$16,%ecx
-	xorl	%ebx,%eax
-	roll	$8,%edx
-	xorl	%ecx,%eax
-	movl	%ebp,%ebx
-	xorl	%edx,%eax
-	movl	%eax,(%edi)
-	movl	%ebx,%esi
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%ebx,%ebx,1),%ecx
-	subl	%ebp,%esi
-	andl	$4278124286,%ecx
-	andl	$454761243,%esi
-	xorl	%ecx,%esi
-	movl	%esi,%ecx
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%ecx,%ecx,1),%edx
-	subl	%ebp,%esi
-	andl	$4278124286,%edx
-	andl	$454761243,%esi
-	xorl	%ebx,%ecx
-	xorl	%edx,%esi
-	movl	%esi,%edx
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%edx,%edx,1),%eax
-	xorl	%ebx,%edx
-	subl	%ebp,%esi
-	andl	$4278124286,%eax
-	andl	$454761243,%esi
-	roll	$8,%ebx
-	xorl	%esi,%eax
-	movl	8(%edi),%ebp
-	xorl	%ecx,%ebx
-	xorl	%eax,%ecx
-	xorl	%edx,%ebx
-	roll	$24,%ecx
-	xorl	%eax,%edx
-	xorl	%eax,%ebx
-	roll	$16,%edx
-	xorl	%ecx,%ebx
-	roll	$8,%eax
-	xorl	%edx,%ebx
-	movl	%ebp,%ecx
-	xorl	%eax,%ebx
-	movl	%ebx,4(%edi)
-	movl	%ecx,%esi
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%ecx,%ecx,1),%edx
-	subl	%ebp,%esi
-	andl	$4278124286,%edx
-	andl	$454761243,%esi
-	xorl	%edx,%esi
-	movl	%esi,%edx
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%edx,%edx,1),%eax
-	subl	%ebp,%esi
-	andl	$4278124286,%eax
-	andl	$454761243,%esi
-	xorl	%ecx,%edx
-	xorl	%eax,%esi
-	movl	%esi,%eax
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%eax,%eax,1),%ebx
-	xorl	%ecx,%eax
-	subl	%ebp,%esi
-	andl	$4278124286,%ebx
-	andl	$454761243,%esi
-	roll	$8,%ecx
-	xorl	%esi,%ebx
-	movl	12(%edi),%ebp
-	xorl	%edx,%ecx
-	xorl	%ebx,%edx
-	xorl	%eax,%ecx
-	roll	$24,%edx
-	xorl	%ebx,%eax
-	xorl	%ebx,%ecx
-	roll	$16,%eax
-	xorl	%edx,%ecx
-	roll	$8,%ebx
-	xorl	%eax,%ecx
-	movl	%ebp,%edx
-	xorl	%ebx,%ecx
-	movl	%ecx,8(%edi)
-	movl	%edx,%esi
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%edx,%edx,1),%eax
-	subl	%ebp,%esi
-	andl	$4278124286,%eax
-	andl	$454761243,%esi
-	xorl	%eax,%esi
-	movl	%esi,%eax
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%eax,%eax,1),%ebx
-	subl	%ebp,%esi
-	andl	$4278124286,%ebx
-	andl	$454761243,%esi
-	xorl	%edx,%eax
-	xorl	%ebx,%esi
-	movl	%esi,%ebx
-	andl	$2155905152,%esi
-	movl	%esi,%ebp
-	shrl	$7,%ebp
-	leal	(%ebx,%ebx,1),%ecx
-	xorl	%edx,%ebx
-	subl	%ebp,%esi
-	andl	$4278124286,%ecx
-	andl	$454761243,%esi
-	roll	$8,%edx
-	xorl	%esi,%ecx
-	movl	16(%edi),%ebp
-	xorl	%eax,%edx
-	xorl	%ecx,%eax
-	xorl	%ebx,%edx
-	roll	$24,%eax
-	xorl	%ecx,%ebx
-	xorl	%ecx,%edx
-	roll	$16,%ebx
-	xorl	%eax,%edx
-	roll	$8,%ecx
-	xorl	%ebx,%edx
-	movl	%ebp,%eax
-	xorl	%ecx,%edx
-	movl	%edx,12(%edi)
-	cmpl	28(%esp),%edi
-	jb	.L056permute
-	xorl	%eax,%eax
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	private_AES_set_decrypt_key,.-.L_private_AES_set_decrypt_key_begin
-.byte	65,69,83,32,102,111,114,32,120,56,54,44,32,67,82,89
-.byte	80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114
-.byte	111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.comm	OPENSSL_ia32cap_P,8,4
diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl
deleted file mode 100644
index 51b500ddef..0000000000
--- a/crypto/aes/asm/aes-586.pl
+++ /dev/null
@@ -1,2980 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# Version 4.3.
-#
-# You might fail to appreciate this module performance from the first
-# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
-# to be *the* best Intel C compiler without -KPIC, performance appears
-# to be virtually identical... But try to re-configure with shared
-# library support... Aha! Intel compiler "suddenly" lags behind by 30%
-# [on P4, more on others]:-) And if compared to position-independent
-# code generated by GNU C, this code performs *more* than *twice* as
-# fast! Yes, all this buzz about PIC means that unlike other hand-
-# coded implementations, this one was explicitly designed to be safe
-# to use even in shared library context... This also means that this
-# code isn't necessarily absolutely fastest "ever," because in order
-# to achieve position independence an extra register has to be
-# off-loaded to stack, which affects the benchmark result.
-#
-# Special note about instruction choice. Do you recall RC4_INT code
-# performing poorly on P4? It might be the time to figure out why.
-# RC4_INT code implies effective address calculations in base+offset*4
-# form. Trouble is that it seems that offset scaling turned to be
-# critical path... At least eliminating scaling resulted in 2.8x RC4
-# performance improvement [as you might recall]. As AES code is hungry
-# for scaling too, I [try to] avoid the latter by favoring off-by-2
-# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF.
-#
-# As was shown by Dean Gaudet <dean@arctic.org>, the above note turned
-# void. Performance improvement with off-by-2 shifts was observed on
-# intermediate implementation, which was spilling yet another register
-# to stack... Final offset*4 code below runs just a tad faster on P4,
-# but exhibits up to 10% improvement on other cores.
-#
-# Second version is "monolithic" replacement for aes_core.c, which in
-# addition to AES_[de|en]crypt implements private_AES_set_[de|en]cryption_key.
-# This made it possible to implement little-endian variant of the
-# algorithm without modifying the base C code. Motivating factor for
-# the undertaken effort was that it appeared that in tight IA-32
-# register window little-endian flavor could achieve slightly higher
-# Instruction Level Parallelism, and it indeed resulted in up to 15%
-# better performance on most recent µ-archs...
-#
-# Third version adds AES_cbc_encrypt implementation, which resulted in
-# up to 40% performance imrovement of CBC benchmark results. 40% was
-# observed on P4 core, where "overall" imrovement coefficient, i.e. if
-# compared to PIC generated by GCC and in CBC mode, was observed to be
-# as large as 4x:-) CBC performance is virtually identical to ECB now
-# and on some platforms even better, e.g. 17.6 "small" cycles/byte on
-# Opteron, because certain function prologues and epilogues are
-# effectively taken out of the loop...
-#
-# Version 3.2 implements compressed tables and prefetch of these tables
-# in CBC[!] mode. Former means that 3/4 of table references are now
-# misaligned, which unfortunately has negative impact on elder IA-32
-# implementations, Pentium suffered 30% penalty, PIII - 10%.
-#
-# Version 3.3 avoids L1 cache aliasing between stack frame and
-# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The
-# latter is achieved by copying the key schedule to controlled place in
-# stack. This unfortunately has rather strong impact on small block CBC
-# performance, ~2x deterioration on 16-byte block if compared to 3.3.
-#
-# Version 3.5 checks if there is L1 cache aliasing between user-supplied
-# key schedule and S-boxes and abstains from copying the former if
-# there is no. This allows end-user to consciously retain small block
-# performance by aligning key schedule in specific manner.
-#
-# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB.
-#
-# Current ECB performance numbers for 128-bit key in CPU cycles per
-# processed byte [measure commonly used by AES benchmarkers] are:
-#
-#		small footprint		fully unrolled
-# P4		24			22
-# AMD K8	20			19
-# PIII		25			23
-# Pentium	81			78
-#
-# Version 3.7 reimplements outer rounds as "compact." Meaning that
-# first and last rounds reference compact 256 bytes S-box. This means
-# that first round consumes a lot more CPU cycles and that encrypt
-# and decrypt performance becomes asymmetric. Encrypt performance
-# drops by 10-12%, while decrypt - by 20-25%:-( 256 bytes S-box is
-# aggressively pre-fetched.
-#
-# Version 4.0 effectively rolls back to 3.6 and instead implements
-# additional set of functions, _[x86|sse]_AES_[en|de]crypt_compact,
-# which use exclusively 256 byte S-box. These functions are to be
-# called in modes not concealing plain text, such as ECB, or when
-# we're asked to process smaller amount of data [or unconditionally
-# on hyper-threading CPU]. Currently it's called unconditionally from
-# AES_[en|de]crypt, which affects all modes, but CBC. CBC routine
-# still needs to be modified to switch between slower and faster
-# mode when appropriate... But in either case benchmark landscape
-# changes dramatically and below numbers are CPU cycles per processed
-# byte for 128-bit key.
-#
-#		ECB encrypt	ECB decrypt	CBC large chunk
-# P4		56[60]		84[100]		23
-# AMD K8	48[44]		70[79]		18
-# PIII		41[50]		61[91]		24
-# Core 2	32[38]		45[70]		18.5
-# Pentium	120		160		77
-#
-# Version 4.1 switches to compact S-box even in key schedule setup.
-#
-# Version 4.2 prefetches compact S-box in every SSE round or in other
-# words every cache-line is *guaranteed* to be accessed within ~50
-# cycles window. Why just SSE? Because it's needed on hyper-threading
-# CPU! Which is also why it's prefetched with 64 byte stride. Best
-# part is that it has no negative effect on performance:-)  
-#
-# Version 4.3 implements switch between compact and non-compact block
-# functions in AES_cbc_encrypt depending on how much data was asked
-# to be processed in one stroke.
-#
-######################################################################
-# Timing attacks are classified in two classes: synchronous when
-# attacker consciously initiates cryptographic operation and collects
-# timing data of various character afterwards, and asynchronous when
-# malicious code is executed on same CPU simultaneously with AES,
-# instruments itself and performs statistical analysis of this data.
-#
-# As far as synchronous attacks go the root to the AES timing
-# vulnerability is twofold. Firstly, of 256 S-box elements at most 160
-# are referred to in single 128-bit block operation. Well, in C
-# implementation with 4 distinct tables it's actually as little as 40
-# references per 256 elements table, but anyway... Secondly, even
-# though S-box elements are clustered into smaller amount of cache-
-# lines, smaller than 160 and even 40, it turned out that for certain
-# plain-text pattern[s] or simply put chosen plain-text and given key
-# few cache-lines remain unaccessed during block operation. Now, if
-# attacker can figure out this access pattern, he can deduct the key
-# [or at least part of it]. The natural way to mitigate this kind of
-# attacks is to minimize the amount of cache-lines in S-box and/or
-# prefetch them to ensure that every one is accessed for more uniform
-# timing. But note that *if* plain-text was concealed in such way that
-# input to block function is distributed *uniformly*, then attack
-# wouldn't apply. Now note that some encryption modes, most notably
-# CBC, do mask the plain-text in this exact way [secure cipher output
-# is distributed uniformly]. Yes, one still might find input that
-# would reveal the information about given key, but if amount of
-# candidate inputs to be tried is larger than amount of possible key
-# combinations then attack becomes infeasible. This is why revised
-# AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk
-# of data is to be processed in one stroke. The current size limit of
-# 512 bytes is chosen to provide same [diminishigly low] probability
-# for cache-line to remain untouched in large chunk operation with
-# large S-box as for single block operation with compact S-box and
-# surely needs more careful consideration...
-#
-# As for asynchronous attacks. There are two flavours: attacker code
-# being interleaved with AES on hyper-threading CPU at *instruction*
-# level, and two processes time sharing single core. As for latter.
-# Two vectors. 1. Given that attacker process has higher priority,
-# yield execution to process performing AES just before timer fires
-# off the scheduler, immediately regain control of CPU and analyze the
-# cache state. For this attack to be efficient attacker would have to
-# effectively slow down the operation by several *orders* of magnitute,
-# by ratio of time slice to duration of handful of AES rounds, which
-# unlikely to remain unnoticed. Not to mention that this also means
-# that he would spend correspondigly more time to collect enough
-# statistical data to mount the attack. It's probably appropriate to
-# say that if adeversary reckons that this attack is beneficial and
-# risks to be noticed, you probably have larger problems having him
-# mere opportunity. In other words suggested code design expects you
-# to preclude/mitigate this attack by overall system security design.
-# 2. Attacker manages to make his code interrupt driven. In order for
-# this kind of attack to be feasible, interrupt rate has to be high
-# enough, again comparable to duration of handful of AES rounds. But
-# is there interrupt source of such rate? Hardly, not even 1Gbps NIC
-# generates interrupts at such raging rate...
-#
-# And now back to the former, hyper-threading CPU or more specifically
-# Intel P4. Recall that asynchronous attack implies that malicious
-# code instruments itself. And naturally instrumentation granularity
-# has be noticeably lower than duration of codepath accessing S-box.
-# Given that all cache-lines are accessed during that time that is.
-# Current implementation accesses *all* cache-lines within ~50 cycles
-# window, which is actually *less* than RDTSC latency on Intel P4!
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"aes-586.pl",$x86only = $ARGV[$#ARGV] eq "386");
-&static_label("AES_Te");
-&static_label("AES_Td");
-
-$s0="eax";
-$s1="ebx";
-$s2="ecx";
-$s3="edx";
-$key="edi";
-$acc="esi";
-$tbl="ebp";
-
-# stack frame layout in _[x86|sse]_AES_* routines, frame is allocated
-# by caller
-$__ra=&DWP(0,"esp");	# return address
-$__s0=&DWP(4,"esp");	# s0 backing store
-$__s1=&DWP(8,"esp");	# s1 backing store
-$__s2=&DWP(12,"esp");	# s2 backing store
-$__s3=&DWP(16,"esp");	# s3 backing store
-$__key=&DWP(20,"esp");	# pointer to key schedule
-$__end=&DWP(24,"esp");	# pointer to end of key schedule
-$__tbl=&DWP(28,"esp");	# %ebp backing store
-
-# stack frame layout in AES_[en|crypt] routines, which differs from
-# above by 4 and overlaps by %ebp backing store
-$_tbl=&DWP(24,"esp");
-$_esp=&DWP(28,"esp");
-
-sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
-
-$speed_limit=512;	# chunks smaller than $speed_limit are
-			# processed with compact routine in CBC mode
-$small_footprint=1;	# $small_footprint=1 code is ~5% slower [on
-			# recent µ-archs], but ~5 times smaller!
-			# I favor compact code to minimize cache
-			# contention and in hope to "collect" 5% back
-			# in real-life applications...
-
-$vertical_spin=0;	# shift "verticaly" defaults to 0, because of
-			# its proof-of-concept status...
-# Note that there is no decvert(), as well as last encryption round is
-# performed with "horizontal" shifts. This is because this "vertical"
-# implementation [one which groups shifts on a given $s[i] to form a
-# "column," unlike "horizontal" one, which groups shifts on different
-# $s[i] to form a "row"] is work in progress. It was observed to run
-# few percents faster on Intel cores, but not AMD. On AMD K8 core it's
-# whole 12% slower:-( So we face a trade-off... Shall it be resolved
-# some day? Till then the code is considered experimental and by
-# default remains dormant...
-
-sub encvert()
-{ my ($te,@s) = @_;
-  my $v0 = $acc, $v1 = $key;
-
-	&mov	($v0,$s[3]);				# copy s3
-	&mov	(&DWP(4,"esp"),$s[2]);			# save s2
-	&mov	($v1,$s[0]);				# copy s0
-	&mov	(&DWP(8,"esp"),$s[1]);			# save s1
-
-	&movz	($s[2],&HB($s[0]));
-	&and	($s[0],0xFF);
-	&mov	($s[0],&DWP(0,$te,$s[0],8));		# s0>>0
-	&shr	($v1,16);
-	&mov	($s[3],&DWP(3,$te,$s[2],8));		# s0>>8
-	&movz	($s[1],&HB($v1));
-	&and	($v1,0xFF);
-	&mov	($s[2],&DWP(2,$te,$v1,8));		# s0>>16
-	 &mov	($v1,$v0);
-	&mov	($s[1],&DWP(1,$te,$s[1],8));		# s0>>24
-
-	&and	($v0,0xFF);
-	&xor	($s[3],&DWP(0,$te,$v0,8));		# s3>>0
-	&movz	($v0,&HB($v1));
-	&shr	($v1,16);
-	&xor	($s[2],&DWP(3,$te,$v0,8));		# s3>>8
-	&movz	($v0,&HB($v1));
-	&and	($v1,0xFF);
-	&xor	($s[1],&DWP(2,$te,$v1,8));		# s3>>16
-	 &mov	($v1,&DWP(4,"esp"));			# restore s2
-	&xor	($s[0],&DWP(1,$te,$v0,8));		# s3>>24
-
-	&mov	($v0,$v1);
-	&and	($v1,0xFF);
-	&xor	($s[2],&DWP(0,$te,$v1,8));		# s2>>0
-	&movz	($v1,&HB($v0));
-	&shr	($v0,16);
-	&xor	($s[1],&DWP(3,$te,$v1,8));		# s2>>8
-	&movz	($v1,&HB($v0));
-	&and	($v0,0xFF);
-	&xor	($s[0],&DWP(2,$te,$v0,8));		# s2>>16
-	 &mov	($v0,&DWP(8,"esp"));			# restore s1
-	&xor	($s[3],&DWP(1,$te,$v1,8));		# s2>>24
-
-	&mov	($v1,$v0);
-	&and	($v0,0xFF);
-	&xor	($s[1],&DWP(0,$te,$v0,8));		# s1>>0
-	&movz	($v0,&HB($v1));
-	&shr	($v1,16);
-	&xor	($s[0],&DWP(3,$te,$v0,8));		# s1>>8
-	&movz	($v0,&HB($v1));
-	&and	($v1,0xFF);
-	&xor	($s[3],&DWP(2,$te,$v1,8));		# s1>>16
-	 &mov	($key,$__key);				# reincarnate v1 as key
-	&xor	($s[2],&DWP(1,$te,$v0,8));		# s1>>24
-}
-
-# Another experimental routine, which features "horizontal spin," but
-# eliminates one reference to stack. Strangely enough runs slower...
-sub enchoriz()
-{ my $v0 = $key, $v1 = $acc;
-
-	&movz	($v0,&LB($s0));			#  3, 2, 1, 0*
-	&rotr	($s2,8);			#  8,11,10, 9
-	&mov	($v1,&DWP(0,$te,$v0,8));	#  0
-	&movz	($v0,&HB($s1));			#  7, 6, 5*, 4
-	&rotr	($s3,16);			# 13,12,15,14
-	&xor	($v1,&DWP(3,$te,$v0,8));	#  5
-	&movz	($v0,&HB($s2));			#  8,11,10*, 9
-	&rotr	($s0,16);			#  1, 0, 3, 2
-	&xor	($v1,&DWP(2,$te,$v0,8));	# 10
-	&movz	($v0,&HB($s3));			# 13,12,15*,14
-	&xor	($v1,&DWP(1,$te,$v0,8));	# 15, t[0] collected
-	&mov	($__s0,$v1);			# t[0] saved
-
-	&movz	($v0,&LB($s1));			#  7, 6, 5, 4*
-	&shr	($s1,16);			#  -, -, 7, 6
-	&mov	($v1,&DWP(0,$te,$v0,8));	#  4
-	&movz	($v0,&LB($s3));			# 13,12,15,14*
-	&xor	($v1,&DWP(2,$te,$v0,8));	# 14
-	&movz	($v0,&HB($s0));			#  1, 0, 3*, 2
-	&and	($s3,0xffff0000);		# 13,12, -, -
-	&xor	($v1,&DWP(1,$te,$v0,8));	#  3
-	&movz	($v0,&LB($s2));			#  8,11,10, 9*
-	&or	($s3,$s1);			# 13,12, 7, 6
-	&xor	($v1,&DWP(3,$te,$v0,8));	#  9, t[1] collected
-	&mov	($s1,$v1);			#  s[1]=t[1]
-
-	&movz	($v0,&LB($s0));			#  1, 0, 3, 2*
-	&shr	($s2,16);			#  -, -, 8,11
-	&mov	($v1,&DWP(2,$te,$v0,8));	#  2
-	&movz	($v0,&HB($s3));			# 13,12, 7*, 6
-	&xor	($v1,&DWP(1,$te,$v0,8));	#  7
-	&movz	($v0,&HB($s2));			#  -, -, 8*,11
-	&xor	($v1,&DWP(0,$te,$v0,8));	#  8
-	&mov	($v0,$s3);
-	&shr	($v0,24);			# 13
-	&xor	($v1,&DWP(3,$te,$v0,8));	# 13, t[2] collected
-
-	&movz	($v0,&LB($s2));			#  -, -, 8,11*
-	&shr	($s0,24);			#  1*
-	&mov	($s2,&DWP(1,$te,$v0,8));	# 11
-	&xor	($s2,&DWP(3,$te,$s0,8));	#  1
-	&mov	($s0,$__s0);			# s[0]=t[0]
-	&movz	($v0,&LB($s3));			# 13,12, 7, 6*
-	&shr	($s3,16);			#   ,  ,13,12
-	&xor	($s2,&DWP(2,$te,$v0,8));	#  6
-	&mov	($key,$__key);			# reincarnate v0 as key
-	&and	($s3,0xff);			#   ,  ,13,12*
-	&mov	($s3,&DWP(0,$te,$s3,8));	# 12
-	&xor	($s3,$s2);			# s[2]=t[3] collected
-	&mov	($s2,$v1);			# s[2]=t[2]
-}
-
-# More experimental code... SSE one... Even though this one eliminates
-# *all* references to stack, it's not faster...
-sub sse_encbody()
-{
-	&movz	($acc,&LB("eax"));		#  0
-	&mov	("ecx",&DWP(0,$tbl,$acc,8));	#  0
-	&pshufw	("mm2","mm0",0x0d);		#  7, 6, 3, 2
-	&movz	("edx",&HB("eax"));		#  1
-	&mov	("edx",&DWP(3,$tbl,"edx",8));	#  1
-	&shr	("eax",16);			#  5, 4
-
-	&movz	($acc,&LB("ebx"));		# 10
-	&xor	("ecx",&DWP(2,$tbl,$acc,8));	# 10
-	&pshufw	("mm6","mm4",0x08);		# 13,12, 9, 8
-	&movz	($acc,&HB("ebx"));		# 11
-	&xor	("edx",&DWP(1,$tbl,$acc,8));	# 11
-	&shr	("ebx",16);			# 15,14
-
-	&movz	($acc,&HB("eax"));		#  5
-	&xor	("ecx",&DWP(3,$tbl,$acc,8));	#  5
-	&movq	("mm3",QWP(16,$key));
-	&movz	($acc,&HB("ebx"));		# 15
-	&xor	("ecx",&DWP(1,$tbl,$acc,8));	# 15
-	&movd	("mm0","ecx");			# t[0] collected
-
-	&movz	($acc,&LB("eax"));		#  4
-	&mov	("ecx",&DWP(0,$tbl,$acc,8));	#  4
-	&movd	("eax","mm2");			#  7, 6, 3, 2
-	&movz	($acc,&LB("ebx"));		# 14
-	&xor	("ecx",&DWP(2,$tbl,$acc,8));	# 14
-	&movd	("ebx","mm6");			# 13,12, 9, 8
-
-	&movz	($acc,&HB("eax"));		#  3
-	&xor	("ecx",&DWP(1,$tbl,$acc,8));	#  3
-	&movz	($acc,&HB("ebx"));		#  9
-	&xor	("ecx",&DWP(3,$tbl,$acc,8));	#  9
-	&movd	("mm1","ecx");			# t[1] collected
-
-	&movz	($acc,&LB("eax"));		#  2
-	&mov	("ecx",&DWP(2,$tbl,$acc,8));	#  2
-	&shr	("eax",16);			#  7, 6
-	&punpckldq	("mm0","mm1");		# t[0,1] collected
-	&movz	($acc,&LB("ebx"));		#  8
-	&xor	("ecx",&DWP(0,$tbl,$acc,8));	#  8
-	&shr	("ebx",16);			# 13,12
-
-	&movz	($acc,&HB("eax"));		#  7
-	&xor	("ecx",&DWP(1,$tbl,$acc,8));	#  7
-	&pxor	("mm0","mm3");
-	&movz	("eax",&LB("eax"));		#  6
-	&xor	("edx",&DWP(2,$tbl,"eax",8));	#  6
-	&pshufw	("mm1","mm0",0x08);		#  5, 4, 1, 0
-	&movz	($acc,&HB("ebx"));		# 13
-	&xor	("ecx",&DWP(3,$tbl,$acc,8));	# 13
-	&xor	("ecx",&DWP(24,$key));		# t[2]
-	&movd	("mm4","ecx");			# t[2] collected
-	&movz	("ebx",&LB("ebx"));		# 12
-	&xor	("edx",&DWP(0,$tbl,"ebx",8));	# 12
-	&shr	("ecx",16);
-	&movd	("eax","mm1");			#  5, 4, 1, 0
-	&mov	("ebx",&DWP(28,$key));		# t[3]
-	&xor	("ebx","edx");
-	&movd	("mm5","ebx");			# t[3] collected
-	&and	("ebx",0xffff0000);
-	&or	("ebx","ecx");
-
-	&punpckldq	("mm4","mm5");		# t[2,3] collected
-}
-
-######################################################################
-# "Compact" block function
-######################################################################
-
-sub enccompact()
-{ my $Fn = mov;
-  while ($#_>5) { pop(@_); $Fn=sub{}; }
-  my ($i,$te,@s)=@_;
-  my $tmp = $key;
-  my $out = $i==3?$s[0]:$acc;
-
-	# $Fn is used in first compact round and its purpose is to
-	# void restoration of some values from stack, so that after
-	# 4xenccompact with extra argument $key value is left there...
-	if ($i==3)  {	&$Fn	($key,$__key);			}##%edx
-	else        {	&mov	($out,$s[0]);			}
-			&and	($out,0xFF);
-	if ($i==1)  {	&shr	($s[0],16);			}#%ebx[1]
-	if ($i==2)  {	&shr	($s[0],24);			}#%ecx[2]
-			&movz	($out,&BP(-128,$te,$out,1));
-
-	if ($i==3)  {	$tmp=$s[1];				}##%eax
-			&movz	($tmp,&HB($s[1]));
-			&movz	($tmp,&BP(-128,$te,$tmp,1));
-			&shl	($tmp,8);
-			&xor	($out,$tmp);
-
-	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$__s0);		}##%ebx
-	else        {	&mov	($tmp,$s[2]);
-			&shr	($tmp,16);			}
-	if ($i==2)  {	&and	($s[1],0xFF);			}#%edx[2]
-			&and	($tmp,0xFF);
-			&movz	($tmp,&BP(-128,$te,$tmp,1));
-			&shl	($tmp,16);
-			&xor	($out,$tmp);
-
-	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}##%ecx
-	elsif($i==2){	&movz	($tmp,&HB($s[3]));		}#%ebx[2]
-	else        {	&mov	($tmp,$s[3]);
-			&shr	($tmp,24);			}
-			&movz	($tmp,&BP(-128,$te,$tmp,1));
-			&shl	($tmp,24);
-			&xor	($out,$tmp);
-	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
-	if ($i==3)  {	&mov	($s[3],$acc);			}
-	&comment();
-}
-
-sub enctransform()
-{ my @s = ($s0,$s1,$s2,$s3);
-  my $i = shift;
-  my $tmp = $tbl;
-  my $r2  = $key ;
-
-	&mov	($acc,$s[$i]);
-	&and	($acc,0x80808080);
-	&mov	($tmp,$acc);
-	&shr	($tmp,7);
-	&lea	($r2,&DWP(0,$s[$i],$s[$i]));
-	&sub	($acc,$tmp);
-	&and	($r2,0xfefefefe);
-	&and	($acc,0x1b1b1b1b);
-	&mov	($tmp,$s[$i]);
-	&xor	($acc,$r2);	# r2
-
-	&xor	($s[$i],$acc);	# r0 ^ r2
-	&rotl	($s[$i],24);
-	&xor	($s[$i],$acc)	# ROTATE(r2^r0,24) ^ r2
-	&rotr	($tmp,16);
-	&xor	($s[$i],$tmp);
-	&rotr	($tmp,8);
-	&xor	($s[$i],$tmp);
-}
-
-&function_begin_B("_x86_AES_encrypt_compact");
-	# note that caller is expected to allocate stack frame for me!
-	&mov	($__key,$key);			# save key
-
-	&xor	($s0,&DWP(0,$key));		# xor with key
-	&xor	($s1,&DWP(4,$key));
-	&xor	($s2,&DWP(8,$key));
-	&xor	($s3,&DWP(12,$key));
-
-	&mov	($acc,&DWP(240,$key));		# load key->rounds
-	&lea	($acc,&DWP(-2,$acc,$acc));
-	&lea	($acc,&DWP(0,$key,$acc,8));
-	&mov	($__end,$acc);			# end of key schedule
-
-	# prefetch Te4
-	&mov	($key,&DWP(0-128,$tbl));
-	&mov	($acc,&DWP(32-128,$tbl));
-	&mov	($key,&DWP(64-128,$tbl));
-	&mov	($acc,&DWP(96-128,$tbl));
-	&mov	($key,&DWP(128-128,$tbl));
-	&mov	($acc,&DWP(160-128,$tbl));
-	&mov	($key,&DWP(192-128,$tbl));
-	&mov	($acc,&DWP(224-128,$tbl));
-
-	&set_label("loop",16);
-
-		&enccompact(0,$tbl,$s0,$s1,$s2,$s3,1);
-		&enccompact(1,$tbl,$s1,$s2,$s3,$s0,1);
-		&enccompact(2,$tbl,$s2,$s3,$s0,$s1,1);
-		&enccompact(3,$tbl,$s3,$s0,$s1,$s2,1);
-		&enctransform(2);
-		&enctransform(3);
-		&enctransform(0);
-		&enctransform(1);
-		&mov 	($key,$__key);
-		&mov	($tbl,$__tbl);
-		&add	($key,16);		# advance rd_key
-		&xor	($s0,&DWP(0,$key));
-		&xor	($s1,&DWP(4,$key));
-		&xor	($s2,&DWP(8,$key));
-		&xor	($s3,&DWP(12,$key));
-
-	&cmp	($key,$__end);
-	&mov	($__key,$key);
-	&jb	(&label("loop"));
-
-	&enccompact(0,$tbl,$s0,$s1,$s2,$s3);
-	&enccompact(1,$tbl,$s1,$s2,$s3,$s0);
-	&enccompact(2,$tbl,$s2,$s3,$s0,$s1);
-	&enccompact(3,$tbl,$s3,$s0,$s1,$s2);
-
-	&xor	($s0,&DWP(16,$key));
-	&xor	($s1,&DWP(20,$key));
-	&xor	($s2,&DWP(24,$key));
-	&xor	($s3,&DWP(28,$key));
-
-	&ret	();
-&function_end_B("_x86_AES_encrypt_compact");
-
-######################################################################
-# "Compact" SSE block function.
-######################################################################
-#
-# Performance is not actually extraordinary in comparison to pure
-# x86 code. In particular encrypt performance is virtually the same.
-# Decrypt performance on the other hand is 15-20% better on newer
-# µ-archs [but we're thankful for *any* improvement here], and ~50%
-# better on PIII:-) And additionally on the pros side this code
-# eliminates redundant references to stack and thus relieves/
-# minimizes the pressure on the memory bus.
-#
-# MMX register layout                           lsb
-# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-# |          mm4          |          mm0          |
-# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-# |     s3    |     s2    |     s1    |     s0    |    
-# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-# |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0|
-# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-#
-# Indexes translate as s[N/4]>>(8*(N%4)), e.g. 5 means s1>>8.
-# In this terms encryption and decryption "compact" permutation
-# matrices can be depicted as following:
-#
-# encryption              lsb	# decryption              lsb
-# +----++----+----+----+----+	# +----++----+----+----+----+
-# | t0 || 15 | 10 |  5 |  0 |	# | t0 ||  7 | 10 | 13 |  0 |
-# +----++----+----+----+----+	# +----++----+----+----+----+
-# | t1 ||  3 | 14 |  9 |  4 |	# | t1 || 11 | 14 |  1 |  4 |
-# +----++----+----+----+----+	# +----++----+----+----+----+
-# | t2 ||  7 |  2 | 13 |  8 |	# | t2 || 15 |  2 |  5 |  8 |
-# +----++----+----+----+----+	# +----++----+----+----+----+
-# | t3 || 11 |  6 |  1 | 12 |	# | t3 ||  3 |  6 |  9 | 12 |
-# +----++----+----+----+----+	# +----++----+----+----+----+
-#
-######################################################################
-# Why not xmm registers? Short answer. It was actually tested and
-# was not any faster, but *contrary*, most notably on Intel CPUs.
-# Longer answer. Main advantage of using mm registers is that movd
-# latency is lower, especially on Intel P4. While arithmetic
-# instructions are twice as many, they can be scheduled every cycle
-# and not every second one when they are operating on xmm register,
-# so that "arithmetic throughput" remains virtually the same. And
-# finally the code can be executed even on elder SSE-only CPUs:-)
-
-sub sse_enccompact()
-{
-	&pshufw	("mm1","mm0",0x08);		#  5, 4, 1, 0
-	&pshufw	("mm5","mm4",0x0d);		# 15,14,11,10
-	&movd	("eax","mm1");			#  5, 4, 1, 0
-	&movd	("ebx","mm5");			# 15,14,11,10
-
-	&movz	($acc,&LB("eax"));		#  0
-	&movz	("ecx",&BP(-128,$tbl,$acc,1));	#  0
-	&pshufw	("mm2","mm0",0x0d);		#  7, 6, 3, 2
-	&movz	("edx",&HB("eax"));		#  1
-	&movz	("edx",&BP(-128,$tbl,"edx",1));	#  1
-	&shl	("edx",8);			#  1
-	&shr	("eax",16);			#  5, 4
-
-	&movz	($acc,&LB("ebx"));		# 10
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	# 10
-	&shl	($acc,16);			# 10
-	&or	("ecx",$acc);			# 10
-	&pshufw	("mm6","mm4",0x08);		# 13,12, 9, 8
-	&movz	($acc,&HB("ebx"));		# 11
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	# 11
-	&shl	($acc,24);			# 11
-	&or	("edx",$acc);			# 11
-	&shr	("ebx",16);			# 15,14
-
-	&movz	($acc,&HB("eax"));		#  5
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	#  5
-	&shl	($acc,8);			#  5
-	&or	("ecx",$acc);			#  5
-	&movz	($acc,&HB("ebx"));		# 15
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	# 15
-	&shl	($acc,24);			# 15
-	&or	("ecx",$acc);			# 15
-	&movd	("mm0","ecx");			# t[0] collected
-
-	&movz	($acc,&LB("eax"));		#  4
-	&movz	("ecx",&BP(-128,$tbl,$acc,1));	#  4
-	&movd	("eax","mm2");			#  7, 6, 3, 2
-	&movz	($acc,&LB("ebx"));		# 14
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	# 14
-	&shl	($acc,16);			# 14
-	&or	("ecx",$acc);			# 14
-
-	&movd	("ebx","mm6");			# 13,12, 9, 8
-	&movz	($acc,&HB("eax"));		#  3
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	#  3
-	&shl	($acc,24);			#  3
-	&or	("ecx",$acc);			#  3
-	&movz	($acc,&HB("ebx"));		#  9
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	#  9
-	&shl	($acc,8);			#  9
-	&or	("ecx",$acc);			#  9
-	&movd	("mm1","ecx");			# t[1] collected
-
-	&movz	($acc,&LB("ebx"));		#  8
-	&movz	("ecx",&BP(-128,$tbl,$acc,1));	#  8
-	&shr	("ebx",16);			# 13,12
-	&movz	($acc,&LB("eax"));		#  2
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	#  2
-	&shl	($acc,16);			#  2
-	&or	("ecx",$acc);			#  2
-	&shr	("eax",16);			#  7, 6
-
-	&punpckldq	("mm0","mm1");		# t[0,1] collected
-
-	&movz	($acc,&HB("eax"));		#  7
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	#  7
-	&shl	($acc,24);			#  7
-	&or	("ecx",$acc);			#  7
-	&and	("eax",0xff);			#  6
-	&movz	("eax",&BP(-128,$tbl,"eax",1));	#  6
-	&shl	("eax",16);			#  6
-	&or	("edx","eax");			#  6
-	&movz	($acc,&HB("ebx"));		# 13
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	# 13
-	&shl	($acc,8);			# 13
-	&or	("ecx",$acc);			# 13
-	&movd	("mm4","ecx");			# t[2] collected
-	&and	("ebx",0xff);			# 12
-	&movz	("ebx",&BP(-128,$tbl,"ebx",1));	# 12
-	&or	("edx","ebx");			# 12
-	&movd	("mm5","edx");			# t[3] collected
-
-	&punpckldq	("mm4","mm5");		# t[2,3] collected
-}
-
-					if (!$x86only) {
-&function_begin_B("_sse_AES_encrypt_compact");
-	&pxor	("mm0",&QWP(0,$key));	#  7, 6, 5, 4, 3, 2, 1, 0
-	&pxor	("mm4",&QWP(8,$key));	# 15,14,13,12,11,10, 9, 8
-
-	# note that caller is expected to allocate stack frame for me!
-	&mov	($acc,&DWP(240,$key));		# load key->rounds
-	&lea	($acc,&DWP(-2,$acc,$acc));
-	&lea	($acc,&DWP(0,$key,$acc,8));
-	&mov	($__end,$acc);			# end of key schedule
-
-	&mov	($s0,0x1b1b1b1b);		# magic constant
-	&mov	(&DWP(8,"esp"),$s0);
-	&mov	(&DWP(12,"esp"),$s0);
-
-	# prefetch Te4
-	&mov	($s0,&DWP(0-128,$tbl));
-	&mov	($s1,&DWP(32-128,$tbl));
-	&mov	($s2,&DWP(64-128,$tbl));
-	&mov	($s3,&DWP(96-128,$tbl));
-	&mov	($s0,&DWP(128-128,$tbl));
-	&mov	($s1,&DWP(160-128,$tbl));
-	&mov	($s2,&DWP(192-128,$tbl));
-	&mov	($s3,&DWP(224-128,$tbl));
-
-	&set_label("loop",16);
-		&sse_enccompact();
-		&add	($key,16);
-		&cmp	($key,$__end);
-		&ja	(&label("out"));
-
-		&movq	("mm2",&QWP(8,"esp"));
-		&pxor	("mm3","mm3");		&pxor	("mm7","mm7");
-		&movq	("mm1","mm0");		&movq	("mm5","mm4");	# r0
-		&pcmpgtb("mm3","mm0");		&pcmpgtb("mm7","mm4");
-		&pand	("mm3","mm2");		&pand	("mm7","mm2");
-		&pshufw	("mm2","mm0",0xb1);	&pshufw	("mm6","mm4",0xb1);# ROTATE(r0,16)
-		&paddb	("mm0","mm0");		&paddb	("mm4","mm4");
-		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# = r2
-		&pshufw	("mm3","mm2",0xb1);	&pshufw	("mm7","mm6",0xb1);# r0
-		&pxor	("mm1","mm0");		&pxor	("mm5","mm4");	# r0^r2
-		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= ROTATE(r0,16)
-
-		&movq	("mm2","mm3");		&movq	("mm6","mm7");
-		&pslld	("mm3",8);		&pslld	("mm7",8);
-		&psrld	("mm2",24);		&psrld	("mm6",24);
-		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= r0<<8
-		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= r0>>24
-
-		&movq	("mm3","mm1");		&movq	("mm7","mm5");
-		&movq	("mm2",&QWP(0,$key));	&movq	("mm6",&QWP(8,$key));
-		&psrld	("mm1",8);		&psrld	("mm5",8);
-		&mov	($s0,&DWP(0-128,$tbl));
-		&pslld	("mm3",24);		&pslld	("mm7",24);
-		&mov	($s1,&DWP(64-128,$tbl));
-		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= (r2^r0)<<8
-		&mov	($s2,&DWP(128-128,$tbl));
-		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= (r2^r0)>>24
-		&mov	($s3,&DWP(192-128,$tbl));
-
-		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");
-	&jmp	(&label("loop"));
-
-	&set_label("out",16);
-	&pxor	("mm0",&QWP(0,$key));
-	&pxor	("mm4",&QWP(8,$key));
-
-	&ret	();
-&function_end_B("_sse_AES_encrypt_compact");
-					}
-
-######################################################################
-# Vanilla block function.
-######################################################################
-
-sub encstep()
-{ my ($i,$te,@s) = @_;
-  my $tmp = $key;
-  my $out = $i==3?$s[0]:$acc;
-
-	# lines marked with #%e?x[i] denote "reordered" instructions...
-	if ($i==3)  {	&mov	($key,$__key);			}##%edx
-	else        {	&mov	($out,$s[0]);
-			&and	($out,0xFF);			}
-	if ($i==1)  {	&shr	($s[0],16);			}#%ebx[1]
-	if ($i==2)  {	&shr	($s[0],24);			}#%ecx[2]
-			&mov	($out,&DWP(0,$te,$out,8));
-
-	if ($i==3)  {	$tmp=$s[1];				}##%eax
-			&movz	($tmp,&HB($s[1]));
-			&xor	($out,&DWP(3,$te,$tmp,8));
-
-	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$__s0);		}##%ebx
-	else        {	&mov	($tmp,$s[2]);
-			&shr	($tmp,16);			}
-	if ($i==2)  {	&and	($s[1],0xFF);			}#%edx[2]
-			&and	($tmp,0xFF);
-			&xor	($out,&DWP(2,$te,$tmp,8));
-
-	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}##%ecx
-	elsif($i==2){	&movz	($tmp,&HB($s[3]));		}#%ebx[2]
-	else        {	&mov	($tmp,$s[3]); 
-			&shr	($tmp,24)			}
-			&xor	($out,&DWP(1,$te,$tmp,8));
-	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
-	if ($i==3)  {	&mov	($s[3],$acc);			}
-			&comment();
-}
-
-sub enclast()
-{ my ($i,$te,@s)=@_;
-  my $tmp = $key;
-  my $out = $i==3?$s[0]:$acc;
-
-	if ($i==3)  {	&mov	($key,$__key);			}##%edx
-	else        {	&mov	($out,$s[0]);			}
-			&and	($out,0xFF);
-	if ($i==1)  {	&shr	($s[0],16);			}#%ebx[1]
-	if ($i==2)  {	&shr	($s[0],24);			}#%ecx[2]
-			&mov	($out,&DWP(2,$te,$out,8));
-			&and	($out,0x000000ff);
-
-	if ($i==3)  {	$tmp=$s[1];				}##%eax
-			&movz	($tmp,&HB($s[1]));
-			&mov	($tmp,&DWP(0,$te,$tmp,8));
-			&and	($tmp,0x0000ff00);
-			&xor	($out,$tmp);
-
-	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$__s0);		}##%ebx
-	else        {	&mov	($tmp,$s[2]);
-			&shr	($tmp,16);			}
-	if ($i==2)  {	&and	($s[1],0xFF);			}#%edx[2]
-			&and	($tmp,0xFF);
-			&mov	($tmp,&DWP(0,$te,$tmp,8));
-			&and	($tmp,0x00ff0000);
-			&xor	($out,$tmp);
-
-	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}##%ecx
-	elsif($i==2){	&movz	($tmp,&HB($s[3]));		}#%ebx[2]
-	else        {	&mov	($tmp,$s[3]);
-			&shr	($tmp,24);			}
-			&mov	($tmp,&DWP(2,$te,$tmp,8));
-			&and	($tmp,0xff000000);
-			&xor	($out,$tmp);
-	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
-	if ($i==3)  {	&mov	($s[3],$acc);			}
-}
-
-&function_begin_B("_x86_AES_encrypt");
-	if ($vertical_spin) {
-		# I need high parts of volatile registers to be accessible...
-		&exch	($s1="edi",$key="ebx");
-		&mov	($s2="esi",$acc="ecx");
-	}
-
-	# note that caller is expected to allocate stack frame for me!
-	&mov	($__key,$key);			# save key
-
-	&xor	($s0,&DWP(0,$key));		# xor with key
-	&xor	($s1,&DWP(4,$key));
-	&xor	($s2,&DWP(8,$key));
-	&xor	($s3,&DWP(12,$key));
-
-	&mov	($acc,&DWP(240,$key));		# load key->rounds
-
-	if ($small_footprint) {
-	    &lea	($acc,&DWP(-2,$acc,$acc));
-	    &lea	($acc,&DWP(0,$key,$acc,8));
-	    &mov	($__end,$acc);		# end of key schedule
-
-	    &set_label("loop",16);
-		if ($vertical_spin) {
-		    &encvert($tbl,$s0,$s1,$s2,$s3);
-		} else {
-		    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
-		    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
-		    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
-		    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
-		}
-		&add	($key,16);		# advance rd_key
-		&xor	($s0,&DWP(0,$key));
-		&xor	($s1,&DWP(4,$key));
-		&xor	($s2,&DWP(8,$key));
-		&xor	($s3,&DWP(12,$key));
-	    &cmp	($key,$__end);
-	    &mov	($__key,$key);
-	    &jb		(&label("loop"));
-	}
-	else {
-	    &cmp	($acc,10);
-	    &jle	(&label("10rounds"));
-	    &cmp	($acc,12);
-	    &jle	(&label("12rounds"));
-
-	&set_label("14rounds",4);
-	    for ($i=1;$i<3;$i++) {
-		if ($vertical_spin) {
-		    &encvert($tbl,$s0,$s1,$s2,$s3);
-		} else {
-		    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
-		    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
-		    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
-		    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
-		}
-		&xor	($s0,&DWP(16*$i+0,$key));
-		&xor	($s1,&DWP(16*$i+4,$key));
-		&xor	($s2,&DWP(16*$i+8,$key));
-		&xor	($s3,&DWP(16*$i+12,$key));
-	    }
-	    &add	($key,32);
-	    &mov	($__key,$key);		# advance rd_key
-	&set_label("12rounds",4);
-	    for ($i=1;$i<3;$i++) {
-		if ($vertical_spin) {
-		    &encvert($tbl,$s0,$s1,$s2,$s3);
-		} else {
-		    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
-		    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
-		    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
-		    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
-		}
-		&xor	($s0,&DWP(16*$i+0,$key));
-		&xor	($s1,&DWP(16*$i+4,$key));
-		&xor	($s2,&DWP(16*$i+8,$key));
-		&xor	($s3,&DWP(16*$i+12,$key));
-	    }
-	    &add	($key,32);
-	    &mov	($__key,$key);		# advance rd_key
-	&set_label("10rounds",4);
-	    for ($i=1;$i<10;$i++) {
-		if ($vertical_spin) {
-		    &encvert($tbl,$s0,$s1,$s2,$s3);
-		} else {
-		    &encstep(0,$tbl,$s0,$s1,$s2,$s3);
-		    &encstep(1,$tbl,$s1,$s2,$s3,$s0);
-		    &encstep(2,$tbl,$s2,$s3,$s0,$s1);
-		    &encstep(3,$tbl,$s3,$s0,$s1,$s2);
-		}
-		&xor	($s0,&DWP(16*$i+0,$key));
-		&xor	($s1,&DWP(16*$i+4,$key));
-		&xor	($s2,&DWP(16*$i+8,$key));
-		&xor	($s3,&DWP(16*$i+12,$key));
-	    }
-	}
-
-	if ($vertical_spin) {
-	    # "reincarnate" some registers for "horizontal" spin...
-	    &mov	($s1="ebx",$key="edi");
-	    &mov	($s2="ecx",$acc="esi");
-	}
-	&enclast(0,$tbl,$s0,$s1,$s2,$s3);
-	&enclast(1,$tbl,$s1,$s2,$s3,$s0);
-	&enclast(2,$tbl,$s2,$s3,$s0,$s1);
-	&enclast(3,$tbl,$s3,$s0,$s1,$s2);
-
-	&add	($key,$small_footprint?16:160);
-	&xor	($s0,&DWP(0,$key));
-	&xor	($s1,&DWP(4,$key));
-	&xor	($s2,&DWP(8,$key));
-	&xor	($s3,&DWP(12,$key));
-
-	&ret	();
-
-&set_label("AES_Te",64);	# Yes! I keep it in the code segment!
-	&_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
-	&_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
-	&_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
-	&_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
-	&_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
-	&_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
-	&_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
-	&_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
-	&_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
-	&_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
-	&_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
-	&_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
-	&_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
-	&_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
-	&_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
-	&_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
-	&_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
-	&_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
-	&_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
-	&_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
-	&_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
-	&_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
-	&_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
-	&_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
-	&_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
-	&_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
-	&_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
-	&_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
-	&_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
-	&_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
-	&_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
-	&_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
-	&_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
-	&_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
-	&_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
-	&_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
-	&_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
-	&_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
-	&_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
-	&_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
-	&_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
-	&_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
-	&_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
-	&_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
-	&_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
-	&_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
-	&_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
-	&_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
-	&_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
-	&_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
-	&_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
-	&_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
-	&_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
-	&_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
-	&_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
-	&_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
-	&_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
-	&_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
-	&_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
-	&_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
-	&_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
-	&_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
-	&_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
-	&_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
-
-#Te4	# four copies of Te4 to choose from to avoid L1 aliasing
-	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
-	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
-	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
-	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-#rcon:
-	&data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);
-	&data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
-	&data_word(0x0000001b, 0x00000036, 0x00000000, 0x00000000);
-	&data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000);
-&function_end_B("_x86_AES_encrypt");
-
-# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
-&function_begin("AES_encrypt");
-	&mov	($acc,&wparam(0));		# load inp
-	&mov	($key,&wparam(2));		# load key
-
-	&mov	($s0,"esp");
-	&sub	("esp",36);
-	&and	("esp",-64);			# align to cache-line
-
-	# place stack frame just "above" the key schedule
-	&lea	($s1,&DWP(-64-63,$key));
-	&sub	($s1,"esp");
-	&neg	($s1);
-	&and	($s1,0x3C0);	# modulo 1024, but aligned to cache-line
-	&sub	("esp",$s1);
-	&add	("esp",4);	# 4 is reserved for caller's return address
-	&mov	($_esp,$s0);			# save stack pointer
-
-	&call   (&label("pic_point"));          # make it PIC!
-	&set_label("pic_point");
-	&blindpop($tbl);
-	&picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if (!$x86only);
-	&lea    ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
-
-	# pick Te4 copy which can't "overlap" with stack frame or key schedule
-	&lea	($s1,&DWP(768-4,"esp"));
-	&sub	($s1,$tbl);
-	&and	($s1,0x300);
-	&lea	($tbl,&DWP(2048+128,$tbl,$s1));
-
-					if (!$x86only) {
-	&bt	(&DWP(0,$s0),25);	# check for SSE bit
-	&jnc	(&label("x86"));
-
-	&movq	("mm0",&QWP(0,$acc));
-	&movq	("mm4",&QWP(8,$acc));
-	&call	("_sse_AES_encrypt_compact");
-	&mov	("esp",$_esp);			# restore stack pointer
-	&mov	($acc,&wparam(1));		# load out
-	&movq	(&QWP(0,$acc),"mm0");		# write output data
-	&movq	(&QWP(8,$acc),"mm4");
-	&emms	();
-	&function_end_A();
-					}
-	&set_label("x86",16);
-	&mov	($_tbl,$tbl);
-	&mov	($s0,&DWP(0,$acc));		# load input data
-	&mov	($s1,&DWP(4,$acc));
-	&mov	($s2,&DWP(8,$acc));
-	&mov	($s3,&DWP(12,$acc));
-	&call	("_x86_AES_encrypt_compact");
-	&mov	("esp",$_esp);			# restore stack pointer
-	&mov	($acc,&wparam(1));		# load out
-	&mov	(&DWP(0,$acc),$s0);		# write output data
-	&mov	(&DWP(4,$acc),$s1);
-	&mov	(&DWP(8,$acc),$s2);
-	&mov	(&DWP(12,$acc),$s3);
-&function_end("AES_encrypt");
-
-#--------------------------------------------------------------------#
-
-######################################################################
-# "Compact" block function
-######################################################################
-
-sub deccompact()
-{ my $Fn = mov;
-  while ($#_>5) { pop(@_); $Fn=sub{}; }
-  my ($i,$td,@s)=@_;
-  my $tmp = $key;
-  my $out = $i==3?$s[0]:$acc;
-
-	# $Fn is used in first compact round and its purpose is to
-	# void restoration of some values from stack, so that after
-	# 4xdeccompact with extra argument $key, $s0 and $s1 values
-	# are left there...
-	if($i==3)   {	&$Fn	($key,$__key);			}
-	else        {	&mov	($out,$s[0]);			}
-			&and	($out,0xFF);
-			&movz	($out,&BP(-128,$td,$out,1));
-
-	if ($i==3)  {	$tmp=$s[1];				}
-			&movz	($tmp,&HB($s[1]));
-			&movz	($tmp,&BP(-128,$td,$tmp,1));
-			&shl	($tmp,8);
-			&xor	($out,$tmp);
-
-	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$acc);		}
-	else        {	mov	($tmp,$s[2]);			}
-			&shr	($tmp,16);
-			&and	($tmp,0xFF);
-			&movz	($tmp,&BP(-128,$td,$tmp,1));
-			&shl	($tmp,16);
-			&xor	($out,$tmp);
-
-	if ($i==3)  {	$tmp=$s[3]; &$Fn ($s[2],$__s1);		}
-	else        {	&mov	($tmp,$s[3]);			}
-			&shr	($tmp,24);
-			&movz	($tmp,&BP(-128,$td,$tmp,1));
-			&shl	($tmp,24);
-			&xor	($out,$tmp);
-	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
-	if ($i==3)  {	&$Fn	($s[3],$__s0);			}
-}
-
-# must be called with 2,3,0,1 as argument sequence!!!
-sub dectransform()
-{ my @s = ($s0,$s1,$s2,$s3);
-  my $i = shift;
-  my $tmp = $key;
-  my $tp2 = @s[($i+2)%4]; $tp2 = @s[2] if ($i==1);
-  my $tp4 = @s[($i+3)%4]; $tp4 = @s[3] if ($i==1);
-  my $tp8 = $tbl;
-
-	&mov	($acc,$s[$i]);
-	&and	($acc,0x80808080);
-	&mov	($tmp,$acc);
-	&shr	($tmp,7);
-	&lea	($tp2,&DWP(0,$s[$i],$s[$i]));
-	&sub	($acc,$tmp);
-	&and	($tp2,0xfefefefe);
-	&and	($acc,0x1b1b1b1b);
-	&xor	($acc,$tp2);
-	&mov	($tp2,$acc);
-
-	&and	($acc,0x80808080);
-	&mov	($tmp,$acc);
-	&shr	($tmp,7);
-	&lea	($tp4,&DWP(0,$tp2,$tp2));
-	&sub	($acc,$tmp);
-	&and	($tp4,0xfefefefe);
-	&and	($acc,0x1b1b1b1b);
-	 &xor	($tp2,$s[$i]);	# tp2^tp1
-	&xor	($acc,$tp4);
-	&mov	($tp4,$acc);
-
-	&and	($acc,0x80808080);
-	&mov	($tmp,$acc);
-	&shr	($tmp,7);
-	&lea	($tp8,&DWP(0,$tp4,$tp4));
-	&sub	($acc,$tmp);
-	&and	($tp8,0xfefefefe);
-	&and	($acc,0x1b1b1b1b);
-	 &xor	($tp4,$s[$i]);	# tp4^tp1
-	 &rotl	($s[$i],8);	# = ROTATE(tp1,8)
-	&xor	($tp8,$acc);
-
-	&xor	($s[$i],$tp2);
-	&xor	($tp2,$tp8);
-	&rotl	($tp2,24);
-	&xor	($s[$i],$tp4);
-	&xor	($tp4,$tp8);
-	&rotl	($tp4,16);
-	&xor	($s[$i],$tp8);	# ^= tp8^(tp4^tp1)^(tp2^tp1)
-	&rotl	($tp8,8);
-	&xor	($s[$i],$tp2);	# ^= ROTATE(tp8^tp2^tp1,24)
-	&xor	($s[$i],$tp4);	# ^= ROTATE(tp8^tp4^tp1,16)
-	 &mov	($s[0],$__s0)			if($i==2); #prefetch $s0
-	 &mov	($s[1],$__s1)			if($i==3); #prefetch $s1
-	 &mov	($s[2],$__s2)			if($i==1);
-	&xor	($s[$i],$tp8);	# ^= ROTATE(tp8,8)
-
-	&mov	($s[3],$__s3)			if($i==1);
-	&mov	(&DWP(4+4*$i,"esp"),$s[$i])	if($i>=2);
-}
-
-&function_begin_B("_x86_AES_decrypt_compact");
-	# note that caller is expected to allocate stack frame for me!
-	&mov	($__key,$key);			# save key
-
-	&xor	($s0,&DWP(0,$key));		# xor with key
-	&xor	($s1,&DWP(4,$key));
-	&xor	($s2,&DWP(8,$key));
-	&xor	($s3,&DWP(12,$key));
-
-	&mov	($acc,&DWP(240,$key));		# load key->rounds
-
-	&lea	($acc,&DWP(-2,$acc,$acc));
-	&lea	($acc,&DWP(0,$key,$acc,8));
-	&mov	($__end,$acc);			# end of key schedule
-
-	# prefetch Td4
-	&mov	($key,&DWP(0-128,$tbl));
-	&mov	($acc,&DWP(32-128,$tbl));
-	&mov	($key,&DWP(64-128,$tbl));
-	&mov	($acc,&DWP(96-128,$tbl));
-	&mov	($key,&DWP(128-128,$tbl));
-	&mov	($acc,&DWP(160-128,$tbl));
-	&mov	($key,&DWP(192-128,$tbl));
-	&mov	($acc,&DWP(224-128,$tbl));
-
-	&set_label("loop",16);
-
-		&deccompact(0,$tbl,$s0,$s3,$s2,$s1,1);
-		&deccompact(1,$tbl,$s1,$s0,$s3,$s2,1);
-		&deccompact(2,$tbl,$s2,$s1,$s0,$s3,1);
-		&deccompact(3,$tbl,$s3,$s2,$s1,$s0,1);
-		&dectransform(2);
-		&dectransform(3);
-		&dectransform(0);
-		&dectransform(1);
-		&mov 	($key,$__key);
-		&mov	($tbl,$__tbl);
-		&add	($key,16);		# advance rd_key
-		&xor	($s0,&DWP(0,$key));
-		&xor	($s1,&DWP(4,$key));
-		&xor	($s2,&DWP(8,$key));
-		&xor	($s3,&DWP(12,$key));
-
-	&cmp	($key,$__end);
-	&mov	($__key,$key);
-	&jb	(&label("loop"));
-
-	&deccompact(0,$tbl,$s0,$s3,$s2,$s1);
-	&deccompact(1,$tbl,$s1,$s0,$s3,$s2);
-	&deccompact(2,$tbl,$s2,$s1,$s0,$s3);
-	&deccompact(3,$tbl,$s3,$s2,$s1,$s0);
-
-	&xor	($s0,&DWP(16,$key));
-	&xor	($s1,&DWP(20,$key));
-	&xor	($s2,&DWP(24,$key));
-	&xor	($s3,&DWP(28,$key));
-
-	&ret	();
-&function_end_B("_x86_AES_decrypt_compact");
-
-######################################################################
-# "Compact" SSE block function.
-######################################################################
-
-sub sse_deccompact()
-{
-	&pshufw	("mm1","mm0",0x0c);		#  7, 6, 1, 0
-	&movd	("eax","mm1");			#  7, 6, 1, 0
-
-	&pshufw	("mm5","mm4",0x09);		# 13,12,11,10
-	&movz	($acc,&LB("eax"));		#  0
-	&movz	("ecx",&BP(-128,$tbl,$acc,1));	#  0
-	&movd	("ebx","mm5");			# 13,12,11,10
-	&movz	("edx",&HB("eax"));		#  1
-	&movz	("edx",&BP(-128,$tbl,"edx",1));	#  1
-	&shl	("edx",8);			#  1
-
-	&pshufw	("mm2","mm0",0x06);		#  3, 2, 5, 4
-	&movz	($acc,&LB("ebx"));		# 10
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	# 10
-	&shl	($acc,16);			# 10
-	&or	("ecx",$acc);			# 10
-	&shr	("eax",16);			#  7, 6
-	&movz	($acc,&HB("ebx"));		# 11
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	# 11
-	&shl	($acc,24);			# 11
-	&or	("edx",$acc);			# 11
-	&shr	("ebx",16);			# 13,12
-
-	&pshufw	("mm6","mm4",0x03);		# 9, 8,15,14
-	&movz	($acc,&HB("eax"));		#  7
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	#  7
-	&shl	($acc,24);			#  7
-	&or	("ecx",$acc);			#  7
-	&movz	($acc,&HB("ebx"));		# 13
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	# 13
-	&shl	($acc,8);			# 13
-	&or	("ecx",$acc);			# 13
-	&movd	("mm0","ecx");			# t[0] collected
-
-	&movz	($acc,&LB("eax"));		#  6
-	&movd	("eax","mm2");			#  3, 2, 5, 4
-	&movz	("ecx",&BP(-128,$tbl,$acc,1));	#  6
-	&shl	("ecx",16);			#  6
-	&movz	($acc,&LB("ebx"));		# 12
-	&movd	("ebx","mm6");			#  9, 8,15,14
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	# 12
-	&or	("ecx",$acc);			# 12
-
-	&movz	($acc,&LB("eax"));		#  4
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	#  4
-	&or	("edx",$acc);			#  4
-	&movz	($acc,&LB("ebx"));		# 14
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	# 14
-	&shl	($acc,16);			# 14
-	&or	("edx",$acc);			# 14
-	&movd	("mm1","edx");			# t[1] collected
-
-	&movz	($acc,&HB("eax"));		#  5
-	&movz	("edx",&BP(-128,$tbl,$acc,1));	#  5
-	&shl	("edx",8);			#  5
-	&movz	($acc,&HB("ebx"));		# 15
-	&shr	("eax",16);			#  3, 2
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	# 15
-	&shl	($acc,24);			# 15
-	&or	("edx",$acc);			# 15
-	&shr	("ebx",16);			#  9, 8
-
-	&punpckldq	("mm0","mm1");		# t[0,1] collected
-
-	&movz	($acc,&HB("ebx"));		#  9
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	#  9
-	&shl	($acc,8);			#  9
-	&or	("ecx",$acc);			#  9
-	&and	("ebx",0xff);			#  8
-	&movz	("ebx",&BP(-128,$tbl,"ebx",1));	#  8
-	&or	("edx","ebx");			#  8
-	&movz	($acc,&LB("eax"));		#  2
-	&movz	($acc,&BP(-128,$tbl,$acc,1));	#  2
-	&shl	($acc,16);			#  2
-	&or	("edx",$acc);			#  2
-	&movd	("mm4","edx");			# t[2] collected
-	&movz	("eax",&HB("eax"));		#  3
-	&movz	("eax",&BP(-128,$tbl,"eax",1));	#  3
-	&shl	("eax",24);			#  3
-	&or	("ecx","eax");			#  3
-	&movd	("mm5","ecx");			# t[3] collected
-
-	&punpckldq	("mm4","mm5");		# t[2,3] collected
-}
-
-					if (!$x86only) {
-&function_begin_B("_sse_AES_decrypt_compact");
-	&pxor	("mm0",&QWP(0,$key));	#  7, 6, 5, 4, 3, 2, 1, 0
-	&pxor	("mm4",&QWP(8,$key));	# 15,14,13,12,11,10, 9, 8
-
-	# note that caller is expected to allocate stack frame for me!
-	&mov	($acc,&DWP(240,$key));		# load key->rounds
-	&lea	($acc,&DWP(-2,$acc,$acc));
-	&lea	($acc,&DWP(0,$key,$acc,8));
-	&mov	($__end,$acc);			# end of key schedule
-
-	&mov	($s0,0x1b1b1b1b);		# magic constant
-	&mov	(&DWP(8,"esp"),$s0);
-	&mov	(&DWP(12,"esp"),$s0);
-
-	# prefetch Td4
-	&mov	($s0,&DWP(0-128,$tbl));
-	&mov	($s1,&DWP(32-128,$tbl));
-	&mov	($s2,&DWP(64-128,$tbl));
-	&mov	($s3,&DWP(96-128,$tbl));
-	&mov	($s0,&DWP(128-128,$tbl));
-	&mov	($s1,&DWP(160-128,$tbl));
-	&mov	($s2,&DWP(192-128,$tbl));
-	&mov	($s3,&DWP(224-128,$tbl));
-
-	&set_label("loop",16);
-		&sse_deccompact();
-		&add	($key,16);
-		&cmp	($key,$__end);
-		&ja	(&label("out"));
-
-		# ROTATE(x^y,N) == ROTATE(x,N)^ROTATE(y,N)
-		&movq	("mm3","mm0");		&movq	("mm7","mm4");
-		&movq	("mm2","mm0",1);	&movq	("mm6","mm4",1);
-		&movq	("mm1","mm0");		&movq	("mm5","mm4");
-		&pshufw	("mm0","mm0",0xb1);	&pshufw	("mm4","mm4",0xb1);# = ROTATE(tp0,16)
-		&pslld	("mm2",8);		&pslld	("mm6",8);
-		&psrld	("mm3",8);		&psrld	("mm7",8);
-		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= tp0<<8
-		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp0>>8
-		&pslld	("mm2",16);		&pslld	("mm6",16);
-		&psrld	("mm3",16);		&psrld	("mm7",16);
-		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= tp0<<24
-		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp0>>24
-
-		&movq	("mm3",&QWP(8,"esp"));
-		&pxor	("mm2","mm2");		&pxor	("mm6","mm6");
-		&pcmpgtb("mm2","mm1");		&pcmpgtb("mm6","mm5");
-		&pand	("mm2","mm3");		&pand	("mm6","mm3");
-		&paddb	("mm1","mm1");		&paddb	("mm5","mm5");
-		&pxor	("mm1","mm2");		&pxor	("mm5","mm6");	# tp2
-		&movq	("mm3","mm1");		&movq	("mm7","mm5");
-		&movq	("mm2","mm1");		&movq	("mm6","mm5");
-		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp2
-		&pslld	("mm3",24);		&pslld	("mm7",24);
-		&psrld	("mm2",8);		&psrld	("mm6",8);
-		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp2<<24
-		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= tp2>>8
-
-		&movq	("mm2",&QWP(8,"esp"));
-		&pxor	("mm3","mm3");		&pxor	("mm7","mm7");
-		&pcmpgtb("mm3","mm1");		&pcmpgtb("mm7","mm5");
-		&pand	("mm3","mm2");		&pand	("mm7","mm2");
-		&paddb	("mm1","mm1");		&paddb	("mm5","mm5");
-		&pxor	("mm1","mm3");		&pxor	("mm5","mm7");	# tp4
-		&pshufw	("mm3","mm1",0xb1);	&pshufw	("mm7","mm5",0xb1);
-		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp4
-		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= ROTATE(tp4,16)	
-
-		&pxor	("mm3","mm3");		&pxor	("mm7","mm7");
-		&pcmpgtb("mm3","mm1");		&pcmpgtb("mm7","mm5");
-		&pand	("mm3","mm2");		&pand	("mm7","mm2");
-		&paddb	("mm1","mm1");		&paddb	("mm5","mm5");
-		&pxor	("mm1","mm3");		&pxor	("mm5","mm7");	# tp8
-		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp8
-		&movq	("mm3","mm1");		&movq	("mm7","mm5");
-		&pshufw	("mm2","mm1",0xb1);	&pshufw	("mm6","mm5",0xb1);
-		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");	# ^= ROTATE(tp8,16)
-		&pslld	("mm1",8);		&pslld	("mm5",8);
-		&psrld	("mm3",8);		&psrld	("mm7",8);
-		&movq	("mm2",&QWP(0,$key));	&movq	("mm6",&QWP(8,$key));
-		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp8<<8
-		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp8>>8
-		&mov	($s0,&DWP(0-128,$tbl));
-		&pslld	("mm1",16);		&pslld	("mm5",16);
-		&mov	($s1,&DWP(64-128,$tbl));
-		&psrld	("mm3",16);		&psrld	("mm7",16);
-		&mov	($s2,&DWP(128-128,$tbl));
-		&pxor	("mm0","mm1");		&pxor	("mm4","mm5");	# ^= tp8<<24
-		&mov	($s3,&DWP(192-128,$tbl));
-		&pxor	("mm0","mm3");		&pxor	("mm4","mm7");	# ^= tp8>>24
-
-		&pxor	("mm0","mm2");		&pxor	("mm4","mm6");
-	&jmp	(&label("loop"));
-
-	&set_label("out",16);
-	&pxor	("mm0",&QWP(0,$key));
-	&pxor	("mm4",&QWP(8,$key));
-
-	&ret	();
-&function_end_B("_sse_AES_decrypt_compact");
-					}
-
-######################################################################
-# Vanilla block function.
-######################################################################
-
-sub decstep()
-{ my ($i,$td,@s) = @_;
-  my $tmp = $key;
-  my $out = $i==3?$s[0]:$acc;
-
-	# no instructions are reordered, as performance appears
-	# optimal... or rather that all attempts to reorder didn't
-	# result in better performance [which by the way is not a
-	# bit lower than ecryption].
-	if($i==3)   {	&mov	($key,$__key);			}
-	else        {	&mov	($out,$s[0]);			}
-			&and	($out,0xFF);
-			&mov	($out,&DWP(0,$td,$out,8));
-
-	if ($i==3)  {	$tmp=$s[1];				}
-			&movz	($tmp,&HB($s[1]));
-			&xor	($out,&DWP(3,$td,$tmp,8));
-
-	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$acc);		}
-	else        {	&mov	($tmp,$s[2]);			}
-			&shr	($tmp,16);
-			&and	($tmp,0xFF);
-			&xor	($out,&DWP(2,$td,$tmp,8));
-
-	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}
-	else        {	&mov	($tmp,$s[3]);			}
-			&shr	($tmp,24);
-			&xor	($out,&DWP(1,$td,$tmp,8));
-	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
-	if ($i==3)  {	&mov	($s[3],$__s0);			}
-			&comment();
-}
-
-sub declast()
-{ my ($i,$td,@s)=@_;
-  my $tmp = $key;
-  my $out = $i==3?$s[0]:$acc;
-
-	if($i==0)   {	&lea	($td,&DWP(2048+128,$td));
-			&mov	($tmp,&DWP(0-128,$td));
-			&mov	($acc,&DWP(32-128,$td));
-			&mov	($tmp,&DWP(64-128,$td));
-			&mov	($acc,&DWP(96-128,$td));
-			&mov	($tmp,&DWP(128-128,$td));
-			&mov	($acc,&DWP(160-128,$td));
-			&mov	($tmp,&DWP(192-128,$td));
-			&mov	($acc,&DWP(224-128,$td));
-			&lea	($td,&DWP(-128,$td));		}
-	if($i==3)   {	&mov	($key,$__key);			}
-	else        {	&mov	($out,$s[0]);			}
-			&and	($out,0xFF);
-			&movz	($out,&BP(0,$td,$out,1));
-
-	if ($i==3)  {	$tmp=$s[1];				}
-			&movz	($tmp,&HB($s[1]));
-			&movz	($tmp,&BP(0,$td,$tmp,1));
-			&shl	($tmp,8);
-			&xor	($out,$tmp);
-
-	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$acc);		}
-	else        {	mov	($tmp,$s[2]);			}
-			&shr	($tmp,16);
-			&and	($tmp,0xFF);
-			&movz	($tmp,&BP(0,$td,$tmp,1));
-			&shl	($tmp,16);
-			&xor	($out,$tmp);
-
-	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],$__s1);		}
-	else        {	&mov	($tmp,$s[3]);			}
-			&shr	($tmp,24);
-			&movz	($tmp,&BP(0,$td,$tmp,1));
-			&shl	($tmp,24);
-			&xor	($out,$tmp);
-	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
-	if ($i==3)  {	&mov	($s[3],$__s0);
-			&lea	($td,&DWP(-2048,$td));		}
-}
-
-&function_begin_B("_x86_AES_decrypt");
-	# note that caller is expected to allocate stack frame for me!
-	&mov	($__key,$key);			# save key
-
-	&xor	($s0,&DWP(0,$key));		# xor with key
-	&xor	($s1,&DWP(4,$key));
-	&xor	($s2,&DWP(8,$key));
-	&xor	($s3,&DWP(12,$key));
-
-	&mov	($acc,&DWP(240,$key));		# load key->rounds
-
-	if ($small_footprint) {
-	    &lea	($acc,&DWP(-2,$acc,$acc));
-	    &lea	($acc,&DWP(0,$key,$acc,8));
-	    &mov	($__end,$acc);		# end of key schedule
-	    &set_label("loop",16);
-		&decstep(0,$tbl,$s0,$s3,$s2,$s1);
-		&decstep(1,$tbl,$s1,$s0,$s3,$s2);
-		&decstep(2,$tbl,$s2,$s1,$s0,$s3);
-		&decstep(3,$tbl,$s3,$s2,$s1,$s0);
-		&add	($key,16);		# advance rd_key
-		&xor	($s0,&DWP(0,$key));
-		&xor	($s1,&DWP(4,$key));
-		&xor	($s2,&DWP(8,$key));
-		&xor	($s3,&DWP(12,$key));
-	    &cmp	($key,$__end);
-	    &mov	($__key,$key);
-	    &jb		(&label("loop"));
-	}
-	else {
-	    &cmp	($acc,10);
-	    &jle	(&label("10rounds"));
-	    &cmp	($acc,12);
-	    &jle	(&label("12rounds"));
-
-	&set_label("14rounds",4);
-	    for ($i=1;$i<3;$i++) {
-		&decstep(0,$tbl,$s0,$s3,$s2,$s1);
-		&decstep(1,$tbl,$s1,$s0,$s3,$s2);
-		&decstep(2,$tbl,$s2,$s1,$s0,$s3);
-		&decstep(3,$tbl,$s3,$s2,$s1,$s0);
-		&xor	($s0,&DWP(16*$i+0,$key));
-		&xor	($s1,&DWP(16*$i+4,$key));
-		&xor	($s2,&DWP(16*$i+8,$key));
-		&xor	($s3,&DWP(16*$i+12,$key));
-	    }
-	    &add	($key,32);
-	    &mov	($__key,$key);		# advance rd_key
-	&set_label("12rounds",4);
-	    for ($i=1;$i<3;$i++) {
-		&decstep(0,$tbl,$s0,$s3,$s2,$s1);
-		&decstep(1,$tbl,$s1,$s0,$s3,$s2);
-		&decstep(2,$tbl,$s2,$s1,$s0,$s3);
-		&decstep(3,$tbl,$s3,$s2,$s1,$s0);
-		&xor	($s0,&DWP(16*$i+0,$key));
-		&xor	($s1,&DWP(16*$i+4,$key));
-		&xor	($s2,&DWP(16*$i+8,$key));
-		&xor	($s3,&DWP(16*$i+12,$key));
-	    }
-	    &add	($key,32);
-	    &mov	($__key,$key);		# advance rd_key
-	&set_label("10rounds",4);
-	    for ($i=1;$i<10;$i++) {
-		&decstep(0,$tbl,$s0,$s3,$s2,$s1);
-		&decstep(1,$tbl,$s1,$s0,$s3,$s2);
-		&decstep(2,$tbl,$s2,$s1,$s0,$s3);
-		&decstep(3,$tbl,$s3,$s2,$s1,$s0);
-		&xor	($s0,&DWP(16*$i+0,$key));
-		&xor	($s1,&DWP(16*$i+4,$key));
-		&xor	($s2,&DWP(16*$i+8,$key));
-		&xor	($s3,&DWP(16*$i+12,$key));
-	    }
-	}
-
-	&declast(0,$tbl,$s0,$s3,$s2,$s1);
-	&declast(1,$tbl,$s1,$s0,$s3,$s2);
-	&declast(2,$tbl,$s2,$s1,$s0,$s3);
-	&declast(3,$tbl,$s3,$s2,$s1,$s0);
-
-	&add	($key,$small_footprint?16:160);
-	&xor	($s0,&DWP(0,$key));
-	&xor	($s1,&DWP(4,$key));
-	&xor	($s2,&DWP(8,$key));
-	&xor	($s3,&DWP(12,$key));
-
-	&ret	();
-
-&set_label("AES_Td",64);	# Yes! I keep it in the code segment!
-	&_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
-	&_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
-	&_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
-	&_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
-	&_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
-	&_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
-	&_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
-	&_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
-	&_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
-	&_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
-	&_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
-	&_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
-	&_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
-	&_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
-	&_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
-	&_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
-	&_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
-	&_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
-	&_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
-	&_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
-	&_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
-	&_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
-	&_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
-	&_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
-	&_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
-	&_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
-	&_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
-	&_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
-	&_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
-	&_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
-	&_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
-	&_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
-	&_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
-	&_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
-	&_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
-	&_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
-	&_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
-	&_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
-	&_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
-	&_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
-	&_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
-	&_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
-	&_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
-	&_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
-	&_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
-	&_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
-	&_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
-	&_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
-	&_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
-	&_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
-	&_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
-	&_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
-	&_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
-	&_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
-	&_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
-	&_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
-	&_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
-	&_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
-	&_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
-	&_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
-	&_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
-	&_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
-	&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
-	&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
-
-#Td4:	# four copies of Td4 to choose from to avoid L1 aliasing
-	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-
-	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-
-	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-
-	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-&function_end_B("_x86_AES_decrypt");
-
-# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
-&function_begin("AES_decrypt");
-	&mov	($acc,&wparam(0));		# load inp
-	&mov	($key,&wparam(2));		# load key
-
-	&mov	($s0,"esp");
-	&sub	("esp",36);
-	&and	("esp",-64);			# align to cache-line
-
-	# place stack frame just "above" the key schedule
-	&lea	($s1,&DWP(-64-63,$key));
-	&sub	($s1,"esp");
-	&neg	($s1);
-	&and	($s1,0x3C0);	# modulo 1024, but aligned to cache-line
-	&sub	("esp",$s1);
-	&add	("esp",4);	# 4 is reserved for caller's return address
-	&mov	($_esp,$s0);	# save stack pointer
-
-	&call   (&label("pic_point"));          # make it PIC!
-	&set_label("pic_point");
-	&blindpop($tbl);
-	&picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
-	&lea    ($tbl,&DWP(&label("AES_Td")."-".&label("pic_point"),$tbl));
-
-	# pick Td4 copy which can't "overlap" with stack frame or key schedule
-	&lea	($s1,&DWP(768-4,"esp"));
-	&sub	($s1,$tbl);
-	&and	($s1,0x300);
-	&lea	($tbl,&DWP(2048+128,$tbl,$s1));
-
-					if (!$x86only) {
-	&bt	(&DWP(0,$s0),25);	# check for SSE bit
-	&jnc	(&label("x86"));
-
-	&movq	("mm0",&QWP(0,$acc));
-	&movq	("mm4",&QWP(8,$acc));
-	&call	("_sse_AES_decrypt_compact");
-	&mov	("esp",$_esp);			# restore stack pointer
-	&mov	($acc,&wparam(1));		# load out
-	&movq	(&QWP(0,$acc),"mm0");		# write output data
-	&movq	(&QWP(8,$acc),"mm4");
-	&emms	();
-	&function_end_A();
-					}
-	&set_label("x86",16);
-	&mov	($_tbl,$tbl);
-	&mov	($s0,&DWP(0,$acc));		# load input data
-	&mov	($s1,&DWP(4,$acc));
-	&mov	($s2,&DWP(8,$acc));
-	&mov	($s3,&DWP(12,$acc));
-	&call	("_x86_AES_decrypt_compact");
-	&mov	("esp",$_esp);			# restore stack pointer
-	&mov	($acc,&wparam(1));		# load out
-	&mov	(&DWP(0,$acc),$s0);		# write output data
-	&mov	(&DWP(4,$acc),$s1);
-	&mov	(&DWP(8,$acc),$s2);
-	&mov	(&DWP(12,$acc),$s3);
-&function_end("AES_decrypt");
-
-# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
-#			size_t length, const AES_KEY *key,
-#			unsigned char *ivp,const int enc);
-{
-# stack frame layout
-#             -4(%esp)		# return address	 0(%esp)
-#              0(%esp)		# s0 backing store	 4(%esp)	
-#              4(%esp)		# s1 backing store	 8(%esp)
-#              8(%esp)		# s2 backing store	12(%esp)
-#             12(%esp)		# s3 backing store	16(%esp)
-#             16(%esp)		# key backup		20(%esp)
-#             20(%esp)		# end of key schedule	24(%esp)
-#             24(%esp)		# %ebp backup		28(%esp)
-#             28(%esp)		# %esp backup
-my $_inp=&DWP(32,"esp");	# copy of wparam(0)
-my $_out=&DWP(36,"esp");	# copy of wparam(1)
-my $_len=&DWP(40,"esp");	# copy of wparam(2)
-my $_key=&DWP(44,"esp");	# copy of wparam(3)
-my $_ivp=&DWP(48,"esp");	# copy of wparam(4)
-my $_tmp=&DWP(52,"esp");	# volatile variable
-#
-my $ivec=&DWP(60,"esp");	# ivec[16]
-my $aes_key=&DWP(76,"esp");	# copy of aes_key
-my $mark=&DWP(76+240,"esp");	# copy of aes_key->rounds
-
-&function_begin("AES_cbc_encrypt");
-	&mov	($s2 eq "ecx"? $s2 : "",&wparam(2));	# load len
-	&cmp	($s2,0);
-	&je	(&label("drop_out"));
-
-	&call   (&label("pic_point"));		# make it PIC!
-	&set_label("pic_point");
-	&blindpop($tbl);
-	&picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
-
-	&cmp	(&wparam(5),0);
-	&lea    ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
-	&jne	(&label("picked_te"));
-	&lea	($tbl,&DWP(&label("AES_Td")."-".&label("AES_Te"),$tbl));
-	&set_label("picked_te");
-
-	# one can argue if this is required
-	&pushf	();
-	&cld	();
-
-	&cmp	($s2,$speed_limit);
-	&jb	(&label("slow_way"));
-	&test	($s2,15);
-	&jnz	(&label("slow_way"));
-					if (!$x86only) {
-	&bt	(&DWP(0,$s0),28);	# check for hyper-threading bit
-	&jc	(&label("slow_way"));
-					}
-	# pre-allocate aligned stack frame...
-	&lea	($acc,&DWP(-80-244,"esp"));
-	&and	($acc,-64);
-
-	# ... and make sure it doesn't alias with $tbl modulo 4096
-	&mov	($s0,$tbl);
-	&lea	($s1,&DWP(2048+256,$tbl));
-	&mov	($s3,$acc);
-	&and	($s0,0xfff);		# s = %ebp&0xfff
-	&and	($s1,0xfff);		# e = (%ebp+2048+256)&0xfff
-	&and	($s3,0xfff);		# p = %esp&0xfff
-
-	&cmp	($s3,$s1);		# if (p>=e) %esp =- (p-e);
-	&jb	(&label("tbl_break_out"));
-	&sub	($s3,$s1);
-	&sub	($acc,$s3);
-	&jmp	(&label("tbl_ok"));
-	&set_label("tbl_break_out",4);	# else %esp -= (p-s)&0xfff + framesz;
-	&sub	($s3,$s0);
-	&and	($s3,0xfff);
-	&add	($s3,384);
-	&sub	($acc,$s3);
-	&set_label("tbl_ok",4);
-
-	&lea	($s3,&wparam(0));	# obtain pointer to parameter block
-	&exch	("esp",$acc);		# allocate stack frame
-	&add	("esp",4);		# reserve for return address!
-	&mov	($_tbl,$tbl);		# save %ebp
-	&mov	($_esp,$acc);		# save %esp
-
-	&mov	($s0,&DWP(0,$s3));	# load inp
-	&mov	($s1,&DWP(4,$s3));	# load out
-	#&mov	($s2,&DWP(8,$s3));	# load len
-	&mov	($key,&DWP(12,$s3));	# load key
-	&mov	($acc,&DWP(16,$s3));	# load ivp
-	&mov	($s3,&DWP(20,$s3));	# load enc flag
-
-	&mov	($_inp,$s0);		# save copy of inp
-	&mov	($_out,$s1);		# save copy of out
-	&mov	($_len,$s2);		# save copy of len
-	&mov	($_key,$key);		# save copy of key
-	&mov	($_ivp,$acc);		# save copy of ivp
-
-	&mov	($mark,0);		# copy of aes_key->rounds = 0;
-	# do we copy key schedule to stack?
-	&mov	($s1 eq "ebx" ? $s1 : "",$key);
-	&mov	($s2 eq "ecx" ? $s2 : "",244/4);
-	&sub	($s1,$tbl);
-	&mov	("esi",$key);
-	&and	($s1,0xfff);
-	&lea	("edi",$aes_key);
-	&cmp	($s1,2048+256);
-	&jb	(&label("do_copy"));
-	&cmp	($s1,4096-244);
-	&jb	(&label("skip_copy"));
-	&set_label("do_copy",4);
-		&mov	($_key,"edi");
-		&data_word(0xA5F3F689);	# rep movsd
-	&set_label("skip_copy");
-
-	&mov	($key,16);
-	&set_label("prefetch_tbl",4);
-		&mov	($s0,&DWP(0,$tbl));
-		&mov	($s1,&DWP(32,$tbl));
-		&mov	($s2,&DWP(64,$tbl));
-		&mov	($acc,&DWP(96,$tbl));
-		&lea	($tbl,&DWP(128,$tbl));
-		&sub	($key,1);
-	&jnz	(&label("prefetch_tbl"));
-	&sub	($tbl,2048);
-
-	&mov	($acc,$_inp);
-	&mov	($key,$_ivp);
-
-	&cmp	($s3,0);
-	&je	(&label("fast_decrypt"));
-
-#----------------------------- ENCRYPT -----------------------------#
-	&mov	($s0,&DWP(0,$key));		# load iv
-	&mov	($s1,&DWP(4,$key));
-
-	&set_label("fast_enc_loop",16);
-		&mov	($s2,&DWP(8,$key));
-		&mov	($s3,&DWP(12,$key));
-
-		&xor	($s0,&DWP(0,$acc));	# xor input data
-		&xor	($s1,&DWP(4,$acc));
-		&xor	($s2,&DWP(8,$acc));
-		&xor	($s3,&DWP(12,$acc));
-
-		&mov	($key,$_key);		# load key
-		&call	("_x86_AES_encrypt");
-
-		&mov	($acc,$_inp);		# load inp
-		&mov	($key,$_out);		# load out
-
-		&mov	(&DWP(0,$key),$s0);	# save output data
-		&mov	(&DWP(4,$key),$s1);
-		&mov	(&DWP(8,$key),$s2);
-		&mov	(&DWP(12,$key),$s3);
-
-		&lea	($acc,&DWP(16,$acc));	# advance inp
-		&mov	($s2,$_len);		# load len
-		&mov	($_inp,$acc);		# save inp
-		&lea	($s3,&DWP(16,$key));	# advance out
-		&mov	($_out,$s3);		# save out
-		&sub	($s2,16);		# decrease len
-		&mov	($_len,$s2);		# save len
-	&jnz	(&label("fast_enc_loop"));
-	&mov	($acc,$_ivp);		# load ivp
-	&mov	($s2,&DWP(8,$key));	# restore last 2 dwords
-	&mov	($s3,&DWP(12,$key));
-	&mov	(&DWP(0,$acc),$s0);	# save ivec
-	&mov	(&DWP(4,$acc),$s1);
-	&mov	(&DWP(8,$acc),$s2);
-	&mov	(&DWP(12,$acc),$s3);
-
-	&cmp	($mark,0);		# was the key schedule copied?
-	&mov	("edi",$_key);
-	&je	(&label("skip_ezero"));
-	# zero copy of key schedule
-	&mov	("ecx",240/4);
-	&xor	("eax","eax");
-	&align	(4);
-	&data_word(0xABF3F689);	# rep stosd
-	&set_label("skip_ezero")
-	&mov	("esp",$_esp);
-	&popf	();
-    &set_label("drop_out");
-	&function_end_A();
-	&pushf	();			# kludge, never executed
-
-#----------------------------- DECRYPT -----------------------------#
-&set_label("fast_decrypt",16);
-
-	&cmp	($acc,$_out);
-	&je	(&label("fast_dec_in_place"));	# in-place processing...
-
-	&mov	($_tmp,$key);
-
-	&align	(4);
-	&set_label("fast_dec_loop",16);
-		&mov	($s0,&DWP(0,$acc));	# read input
-		&mov	($s1,&DWP(4,$acc));
-		&mov	($s2,&DWP(8,$acc));
-		&mov	($s3,&DWP(12,$acc));
-
-		&mov	($key,$_key);		# load key
-		&call	("_x86_AES_decrypt");
-
-		&mov	($key,$_tmp);		# load ivp
-		&mov	($acc,$_len);		# load len
-		&xor	($s0,&DWP(0,$key));	# xor iv
-		&xor	($s1,&DWP(4,$key));
-		&xor	($s2,&DWP(8,$key));
-		&xor	($s3,&DWP(12,$key));
-
-		&mov	($key,$_out);		# load out
-		&mov	($acc,$_inp);		# load inp
-
-		&mov	(&DWP(0,$key),$s0);	# write output
-		&mov	(&DWP(4,$key),$s1);
-		&mov	(&DWP(8,$key),$s2);
-		&mov	(&DWP(12,$key),$s3);
-
-		&mov	($s2,$_len);		# load len
-		&mov	($_tmp,$acc);		# save ivp
-		&lea	($acc,&DWP(16,$acc));	# advance inp
-		&mov	($_inp,$acc);		# save inp
-		&lea	($key,&DWP(16,$key));	# advance out
-		&mov	($_out,$key);		# save out
-		&sub	($s2,16);		# decrease len
-		&mov	($_len,$s2);		# save len
-	&jnz	(&label("fast_dec_loop"));
-	&mov	($key,$_tmp);		# load temp ivp
-	&mov	($acc,$_ivp);		# load user ivp
-	&mov	($s0,&DWP(0,$key));	# load iv
-	&mov	($s1,&DWP(4,$key));
-	&mov	($s2,&DWP(8,$key));
-	&mov	($s3,&DWP(12,$key));
-	&mov	(&DWP(0,$acc),$s0);	# copy back to user
-	&mov	(&DWP(4,$acc),$s1);
-	&mov	(&DWP(8,$acc),$s2);
-	&mov	(&DWP(12,$acc),$s3);
-	&jmp	(&label("fast_dec_out"));
-
-    &set_label("fast_dec_in_place",16);
-	&set_label("fast_dec_in_place_loop");
-		&mov	($s0,&DWP(0,$acc));	# read input
-		&mov	($s1,&DWP(4,$acc));
-		&mov	($s2,&DWP(8,$acc));
-		&mov	($s3,&DWP(12,$acc));
-
-		&lea	($key,$ivec);
-		&mov	(&DWP(0,$key),$s0);	# copy to temp
-		&mov	(&DWP(4,$key),$s1);
-		&mov	(&DWP(8,$key),$s2);
-		&mov	(&DWP(12,$key),$s3);
-
-		&mov	($key,$_key);		# load key
-		&call	("_x86_AES_decrypt");
-
-		&mov	($key,$_ivp);		# load ivp
-		&mov	($acc,$_out);		# load out
-		&xor	($s0,&DWP(0,$key));	# xor iv
-		&xor	($s1,&DWP(4,$key));
-		&xor	($s2,&DWP(8,$key));
-		&xor	($s3,&DWP(12,$key));
-
-		&mov	(&DWP(0,$acc),$s0);	# write output
-		&mov	(&DWP(4,$acc),$s1);
-		&mov	(&DWP(8,$acc),$s2);
-		&mov	(&DWP(12,$acc),$s3);
-
-		&lea	($acc,&DWP(16,$acc));	# advance out
-		&mov	($_out,$acc);		# save out
-
-		&lea	($acc,$ivec);
-		&mov	($s0,&DWP(0,$acc));	# read temp
-		&mov	($s1,&DWP(4,$acc));
-		&mov	($s2,&DWP(8,$acc));
-		&mov	($s3,&DWP(12,$acc));
-
-		&mov	(&DWP(0,$key),$s0);	# copy iv
-		&mov	(&DWP(4,$key),$s1);
-		&mov	(&DWP(8,$key),$s2);
-		&mov	(&DWP(12,$key),$s3);
-
-		&mov	($acc,$_inp);		# load inp
-		&mov	($s2,$_len);		# load len
-		&lea	($acc,&DWP(16,$acc));	# advance inp
-		&mov	($_inp,$acc);		# save inp
-		&sub	($s2,16);		# decrease len
-		&mov	($_len,$s2);		# save len
-	&jnz	(&label("fast_dec_in_place_loop"));
-
-    &set_label("fast_dec_out",4);
-	&cmp	($mark,0);		# was the key schedule copied?
-	&mov	("edi",$_key);
-	&je	(&label("skip_dzero"));
-	# zero copy of key schedule
-	&mov	("ecx",240/4);
-	&xor	("eax","eax");
-	&align	(4);
-	&data_word(0xABF3F689);	# rep stosd
-	&set_label("skip_dzero")
-	&mov	("esp",$_esp);
-	&popf	();
-	&function_end_A();
-	&pushf	();			# kludge, never executed
-
-#--------------------------- SLOW ROUTINE ---------------------------#
-&set_label("slow_way",16);
-
-	&mov	($s0,&DWP(0,$s0)) if (!$x86only);# load OPENSSL_ia32cap
-	&mov	($key,&wparam(3));	# load key
-
-	# pre-allocate aligned stack frame...
-	&lea	($acc,&DWP(-80,"esp"));
-	&and	($acc,-64);
-
-	# ... and make sure it doesn't alias with $key modulo 1024
-	&lea	($s1,&DWP(-80-63,$key));
-	&sub	($s1,$acc);
-	&neg	($s1);
-	&and	($s1,0x3C0);	# modulo 1024, but aligned to cache-line
-	&sub	($acc,$s1);
-
-	# pick S-box copy which can't overlap with stack frame or $key
-	&lea	($s1,&DWP(768,$acc));
-	&sub	($s1,$tbl);
-	&and	($s1,0x300);
-	&lea	($tbl,&DWP(2048+128,$tbl,$s1));
-
-	&lea	($s3,&wparam(0));	# pointer to parameter block
-
-	&exch	("esp",$acc);
-	&add	("esp",4);		# reserve for return address!
-	&mov	($_tbl,$tbl);		# save %ebp
-	&mov	($_esp,$acc);		# save %esp
-	&mov	($_tmp,$s0);		# save OPENSSL_ia32cap
-
-	&mov	($s0,&DWP(0,$s3));	# load inp
-	&mov	($s1,&DWP(4,$s3));	# load out
-	#&mov	($s2,&DWP(8,$s3));	# load len
-	#&mov	($key,&DWP(12,$s3));	# load key
-	&mov	($acc,&DWP(16,$s3));	# load ivp
-	&mov	($s3,&DWP(20,$s3));	# load enc flag
-
-	&mov	($_inp,$s0);		# save copy of inp
-	&mov	($_out,$s1);		# save copy of out
-	&mov	($_len,$s2);		# save copy of len
-	&mov	($_key,$key);		# save copy of key
-	&mov	($_ivp,$acc);		# save copy of ivp
-
-	&mov	($key,$acc);
-	&mov	($acc,$s0);
-
-	&cmp	($s3,0);
-	&je	(&label("slow_decrypt"));
-
-#--------------------------- SLOW ENCRYPT ---------------------------#
-	&cmp	($s2,16);
-	&mov	($s3,$s1);
-	&jb	(&label("slow_enc_tail"));
-
-					if (!$x86only) {
-	&bt	($_tmp,25);		# check for SSE bit
-	&jnc	(&label("slow_enc_x86"));
-
-	&movq	("mm0",&QWP(0,$key));	# load iv
-	&movq	("mm4",&QWP(8,$key));
-
-	&set_label("slow_enc_loop_sse",16);
-		&pxor	("mm0",&QWP(0,$acc));	# xor input data
-		&pxor	("mm4",&QWP(8,$acc));
-
-		&mov	($key,$_key);
-		&call	("_sse_AES_encrypt_compact");
-
-		&mov	($acc,$_inp);		# load inp
-		&mov	($key,$_out);		# load out
-		&mov	($s2,$_len);		# load len
-
-		&movq	(&QWP(0,$key),"mm0");	# save output data
-		&movq	(&QWP(8,$key),"mm4");
-
-		&lea	($acc,&DWP(16,$acc));	# advance inp
-		&mov	($_inp,$acc);		# save inp
-		&lea	($s3,&DWP(16,$key));	# advance out
-		&mov	($_out,$s3);		# save out
-		&sub	($s2,16);		# decrease len
-		&cmp	($s2,16);
-		&mov	($_len,$s2);		# save len
-	&jae	(&label("slow_enc_loop_sse"));
-	&test	($s2,15);
-	&jnz	(&label("slow_enc_tail"));
-	&mov	($acc,$_ivp);		# load ivp
-	&movq	(&QWP(0,$acc),"mm0");	# save ivec
-	&movq	(&QWP(8,$acc),"mm4");
-	&emms	();
-	&mov	("esp",$_esp);
-	&popf	();
-	&function_end_A();
-	&pushf	();			# kludge, never executed
-					}
-    &set_label("slow_enc_x86",16);
-	&mov	($s0,&DWP(0,$key));	# load iv
-	&mov	($s1,&DWP(4,$key));
-
-	&set_label("slow_enc_loop_x86",4);
-		&mov	($s2,&DWP(8,$key));
-		&mov	($s3,&DWP(12,$key));
-
-		&xor	($s0,&DWP(0,$acc));	# xor input data
-		&xor	($s1,&DWP(4,$acc));
-		&xor	($s2,&DWP(8,$acc));
-		&xor	($s3,&DWP(12,$acc));
-
-		&mov	($key,$_key);		# load key
-		&call	("_x86_AES_encrypt_compact");
-
-		&mov	($acc,$_inp);		# load inp
-		&mov	($key,$_out);		# load out
-
-		&mov	(&DWP(0,$key),$s0);	# save output data
-		&mov	(&DWP(4,$key),$s1);
-		&mov	(&DWP(8,$key),$s2);
-		&mov	(&DWP(12,$key),$s3);
-
-		&mov	($s2,$_len);		# load len
-		&lea	($acc,&DWP(16,$acc));	# advance inp
-		&mov	($_inp,$acc);		# save inp
-		&lea	($s3,&DWP(16,$key));	# advance out
-		&mov	($_out,$s3);		# save out
-		&sub	($s2,16);		# decrease len
-		&cmp	($s2,16);
-		&mov	($_len,$s2);		# save len
-	&jae	(&label("slow_enc_loop_x86"));
-	&test	($s2,15);
-	&jnz	(&label("slow_enc_tail"));
-	&mov	($acc,$_ivp);		# load ivp
-	&mov	($s2,&DWP(8,$key));	# restore last dwords
-	&mov	($s3,&DWP(12,$key));
-	&mov	(&DWP(0,$acc),$s0);	# save ivec
-	&mov	(&DWP(4,$acc),$s1);
-	&mov	(&DWP(8,$acc),$s2);
-	&mov	(&DWP(12,$acc),$s3);
-
-	&mov	("esp",$_esp);
-	&popf	();
-	&function_end_A();
-	&pushf	();			# kludge, never executed
-
-    &set_label("slow_enc_tail",16);
-	&emms	()	if (!$x86only);
-	&mov	($key eq "edi"? $key:"",$s3);	# load out to edi
-	&mov	($s1,16);
-	&sub	($s1,$s2);
-	&cmp	($key,$acc eq "esi"? $acc:"");	# compare with inp
-	&je	(&label("enc_in_place"));
-	&align	(4);
-	&data_word(0xA4F3F689);	# rep movsb	# copy input
-	&jmp	(&label("enc_skip_in_place"));
-    &set_label("enc_in_place");
-	&lea	($key,&DWP(0,$key,$s2));
-    &set_label("enc_skip_in_place");
-	&mov	($s2,$s1);
-	&xor	($s0,$s0);
-	&align	(4);
-	&data_word(0xAAF3F689);	# rep stosb	# zero tail
-
-	&mov	($key,$_ivp);			# restore ivp
-	&mov	($acc,$s3);			# output as input
-	&mov	($s0,&DWP(0,$key));
-	&mov	($s1,&DWP(4,$key));
-	&mov	($_len,16);			# len=16
-	&jmp	(&label("slow_enc_loop_x86"));	# one more spin...
-
-#--------------------------- SLOW DECRYPT ---------------------------#
-&set_label("slow_decrypt",16);
-					if (!$x86only) {
-	&bt	($_tmp,25);		# check for SSE bit
-	&jnc	(&label("slow_dec_loop_x86"));
-
-	&set_label("slow_dec_loop_sse",4);
-		&movq	("mm0",&QWP(0,$acc));	# read input
-		&movq	("mm4",&QWP(8,$acc));
-
-		&mov	($key,$_key);
-		&call	("_sse_AES_decrypt_compact");
-
-		&mov	($acc,$_inp);		# load inp
-		&lea	($s0,$ivec);
-		&mov	($s1,$_out);		# load out
-		&mov	($s2,$_len);		# load len
-		&mov	($key,$_ivp);		# load ivp
-
-		&movq	("mm1",&QWP(0,$acc));	# re-read input
-		&movq	("mm5",&QWP(8,$acc));
-
-		&pxor	("mm0",&QWP(0,$key));	# xor iv
-		&pxor	("mm4",&QWP(8,$key));
-
-		&movq	(&QWP(0,$key),"mm1");	# copy input to iv
-		&movq	(&QWP(8,$key),"mm5");
-
-		&sub	($s2,16);		# decrease len
-		&jc	(&label("slow_dec_partial_sse"));
-
-		&movq	(&QWP(0,$s1),"mm0");	# write output
-		&movq	(&QWP(8,$s1),"mm4");
-
-		&lea	($s1,&DWP(16,$s1));	# advance out
-		&mov	($_out,$s1);		# save out
-		&lea	($acc,&DWP(16,$acc));	# advance inp
-		&mov	($_inp,$acc);		# save inp
-		&mov	($_len,$s2);		# save len
-	&jnz	(&label("slow_dec_loop_sse"));
-	&emms	();
-	&mov	("esp",$_esp);
-	&popf	();
-	&function_end_A();
-	&pushf	();			# kludge, never executed
-
-    &set_label("slow_dec_partial_sse",16);
-	&movq	(&QWP(0,$s0),"mm0");	# save output to temp
-	&movq	(&QWP(8,$s0),"mm4");
-	&emms	();
-
-	&add	($s2 eq "ecx" ? "ecx":"",16);
-	&mov	("edi",$s1);		# out
-	&mov	("esi",$s0);		# temp
-	&align	(4);
-	&data_word(0xA4F3F689);		# rep movsb # copy partial output
-
-	&mov	("esp",$_esp);
-	&popf	();
-	&function_end_A();
-	&pushf	();			# kludge, never executed
-					}
-	&set_label("slow_dec_loop_x86",16);
-		&mov	($s0,&DWP(0,$acc));	# read input
-		&mov	($s1,&DWP(4,$acc));
-		&mov	($s2,&DWP(8,$acc));
-		&mov	($s3,&DWP(12,$acc));
-
-		&lea	($key,$ivec);
-		&mov	(&DWP(0,$key),$s0);	# copy to temp
-		&mov	(&DWP(4,$key),$s1);
-		&mov	(&DWP(8,$key),$s2);
-		&mov	(&DWP(12,$key),$s3);
-
-		&mov	($key,$_key);		# load key
-		&call	("_x86_AES_decrypt_compact");
-
-		&mov	($key,$_ivp);		# load ivp
-		&mov	($acc,$_len);		# load len
-		&xor	($s0,&DWP(0,$key));	# xor iv
-		&xor	($s1,&DWP(4,$key));
-		&xor	($s2,&DWP(8,$key));
-		&xor	($s3,&DWP(12,$key));
-
-		&sub	($acc,16);
-		&jc	(&label("slow_dec_partial_x86"));
-
-		&mov	($_len,$acc);		# save len
-		&mov	($acc,$_out);		# load out
-
-		&mov	(&DWP(0,$acc),$s0);	# write output
-		&mov	(&DWP(4,$acc),$s1);
-		&mov	(&DWP(8,$acc),$s2);
-		&mov	(&DWP(12,$acc),$s3);
-
-		&lea	($acc,&DWP(16,$acc));	# advance out
-		&mov	($_out,$acc);		# save out
-
-		&lea	($acc,$ivec);
-		&mov	($s0,&DWP(0,$acc));	# read temp
-		&mov	($s1,&DWP(4,$acc));
-		&mov	($s2,&DWP(8,$acc));
-		&mov	($s3,&DWP(12,$acc));
-
-		&mov	(&DWP(0,$key),$s0);	# copy it to iv
-		&mov	(&DWP(4,$key),$s1);
-		&mov	(&DWP(8,$key),$s2);
-		&mov	(&DWP(12,$key),$s3);
-
-		&mov	($acc,$_inp);		# load inp
-		&lea	($acc,&DWP(16,$acc));	# advance inp
-		&mov	($_inp,$acc);		# save inp
-	&jnz	(&label("slow_dec_loop_x86"));
-	&mov	("esp",$_esp);
-	&popf	();
-	&function_end_A();
-	&pushf	();			# kludge, never executed
-
-    &set_label("slow_dec_partial_x86",16);
-	&lea	($acc,$ivec);
-	&mov	(&DWP(0,$acc),$s0);	# save output to temp
-	&mov	(&DWP(4,$acc),$s1);
-	&mov	(&DWP(8,$acc),$s2);
-	&mov	(&DWP(12,$acc),$s3);
-
-	&mov	($acc,$_inp);
-	&mov	($s0,&DWP(0,$acc));	# re-read input
-	&mov	($s1,&DWP(4,$acc));
-	&mov	($s2,&DWP(8,$acc));
-	&mov	($s3,&DWP(12,$acc));
-
-	&mov	(&DWP(0,$key),$s0);	# copy it to iv
-	&mov	(&DWP(4,$key),$s1);
-	&mov	(&DWP(8,$key),$s2);
-	&mov	(&DWP(12,$key),$s3);
-
-	&mov	("ecx",$_len);
-	&mov	("edi",$_out);
-	&lea	("esi",$ivec);
-	&align	(4);
-	&data_word(0xA4F3F689);		# rep movsb # copy partial output
-
-	&mov	("esp",$_esp);
-	&popf	();
-&function_end("AES_cbc_encrypt");
-}
-
-#------------------------------------------------------------------#
-
-sub enckey()
-{
-	&movz	("esi",&LB("edx"));		# rk[i]>>0
-	&movz	("ebx",&BP(-128,$tbl,"esi",1));
-	&movz	("esi",&HB("edx"));		# rk[i]>>8
-	&shl	("ebx",24);
-	&xor	("eax","ebx");
-
-	&movz	("ebx",&BP(-128,$tbl,"esi",1));
-	&shr	("edx",16);
-	&movz	("esi",&LB("edx"));		# rk[i]>>16
-	&xor	("eax","ebx");
-
-	&movz	("ebx",&BP(-128,$tbl,"esi",1));
-	&movz	("esi",&HB("edx"));		# rk[i]>>24
-	&shl	("ebx",8);
-	&xor	("eax","ebx");
-
-	&movz	("ebx",&BP(-128,$tbl,"esi",1));
-	&shl	("ebx",16);
-	&xor	("eax","ebx");
-
-	&xor	("eax",&DWP(1024-128,$tbl,"ecx",4));	# rcon
-}
-
-&function_begin("_x86_AES_set_encrypt_key");
-	&mov	("esi",&wparam(1));		# user supplied key
-	&mov	("edi",&wparam(3));		# private key schedule
-
-	&test	("esi",-1);
-	&jz	(&label("badpointer"));
-	&test	("edi",-1);
-	&jz	(&label("badpointer"));
-
-	&call	(&label("pic_point"));
-	&set_label("pic_point");
-	&blindpop($tbl);
-	&lea	($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
-	&lea	($tbl,&DWP(2048+128,$tbl));
-
-	# prefetch Te4
-	&mov	("eax",&DWP(0-128,$tbl));
-	&mov	("ebx",&DWP(32-128,$tbl));
-	&mov	("ecx",&DWP(64-128,$tbl));
-	&mov	("edx",&DWP(96-128,$tbl));
-	&mov	("eax",&DWP(128-128,$tbl));
-	&mov	("ebx",&DWP(160-128,$tbl));
-	&mov	("ecx",&DWP(192-128,$tbl));
-	&mov	("edx",&DWP(224-128,$tbl));
-
-	&mov	("ecx",&wparam(2));		# number of bits in key
-	&cmp	("ecx",128);
-	&je	(&label("10rounds"));
-	&cmp	("ecx",192);
-	&je	(&label("12rounds"));
-	&cmp	("ecx",256);
-	&je	(&label("14rounds"));
-	&mov	("eax",-2);			# invalid number of bits
-	&jmp	(&label("exit"));
-
-    &set_label("10rounds");
-	&mov	("eax",&DWP(0,"esi"));		# copy first 4 dwords
-	&mov	("ebx",&DWP(4,"esi"));
-	&mov	("ecx",&DWP(8,"esi"));
-	&mov	("edx",&DWP(12,"esi"));
-	&mov	(&DWP(0,"edi"),"eax");
-	&mov	(&DWP(4,"edi"),"ebx");
-	&mov	(&DWP(8,"edi"),"ecx");
-	&mov	(&DWP(12,"edi"),"edx");
-
-	&xor	("ecx","ecx");
-	&jmp	(&label("10shortcut"));
-
-	&align	(4);
-	&set_label("10loop");
-		&mov	("eax",&DWP(0,"edi"));		# rk[0]
-		&mov	("edx",&DWP(12,"edi"));		# rk[3]
-	&set_label("10shortcut");
-		&enckey	();
-
-		&mov	(&DWP(16,"edi"),"eax");		# rk[4]
-		&xor	("eax",&DWP(4,"edi"));
-		&mov	(&DWP(20,"edi"),"eax");		# rk[5]
-		&xor	("eax",&DWP(8,"edi"));
-		&mov	(&DWP(24,"edi"),"eax");		# rk[6]
-		&xor	("eax",&DWP(12,"edi"));
-		&mov	(&DWP(28,"edi"),"eax");		# rk[7]
-		&inc	("ecx");
-		&add	("edi",16);
-		&cmp	("ecx",10);
-	&jl	(&label("10loop"));
-
-	&mov	(&DWP(80,"edi"),10);		# setup number of rounds
-	&xor	("eax","eax");
-	&jmp	(&label("exit"));
-		
-    &set_label("12rounds");
-	&mov	("eax",&DWP(0,"esi"));		# copy first 6 dwords
-	&mov	("ebx",&DWP(4,"esi"));
-	&mov	("ecx",&DWP(8,"esi"));
-	&mov	("edx",&DWP(12,"esi"));
-	&mov	(&DWP(0,"edi"),"eax");
-	&mov	(&DWP(4,"edi"),"ebx");
-	&mov	(&DWP(8,"edi"),"ecx");
-	&mov	(&DWP(12,"edi"),"edx");
-	&mov	("ecx",&DWP(16,"esi"));
-	&mov	("edx",&DWP(20,"esi"));
-	&mov	(&DWP(16,"edi"),"ecx");
-	&mov	(&DWP(20,"edi"),"edx");
-
-	&xor	("ecx","ecx");
-	&jmp	(&label("12shortcut"));
-
-	&align	(4);
-	&set_label("12loop");
-		&mov	("eax",&DWP(0,"edi"));		# rk[0]
-		&mov	("edx",&DWP(20,"edi"));		# rk[5]
-	&set_label("12shortcut");
-		&enckey	();
-
-		&mov	(&DWP(24,"edi"),"eax");		# rk[6]
-		&xor	("eax",&DWP(4,"edi"));
-		&mov	(&DWP(28,"edi"),"eax");		# rk[7]
-		&xor	("eax",&DWP(8,"edi"));
-		&mov	(&DWP(32,"edi"),"eax");		# rk[8]
-		&xor	("eax",&DWP(12,"edi"));
-		&mov	(&DWP(36,"edi"),"eax");		# rk[9]
-
-		&cmp	("ecx",7);
-		&je	(&label("12break"));
-		&inc	("ecx");
-
-		&xor	("eax",&DWP(16,"edi"));
-		&mov	(&DWP(40,"edi"),"eax");		# rk[10]
-		&xor	("eax",&DWP(20,"edi"));
-		&mov	(&DWP(44,"edi"),"eax");		# rk[11]
-
-		&add	("edi",24);
-	&jmp	(&label("12loop"));
-
-	&set_label("12break");
-	&mov	(&DWP(72,"edi"),12);		# setup number of rounds
-	&xor	("eax","eax");
-	&jmp	(&label("exit"));
-
-    &set_label("14rounds");
-	&mov	("eax",&DWP(0,"esi"));		# copy first 8 dwords
-	&mov	("ebx",&DWP(4,"esi"));
-	&mov	("ecx",&DWP(8,"esi"));
-	&mov	("edx",&DWP(12,"esi"));
-	&mov	(&DWP(0,"edi"),"eax");
-	&mov	(&DWP(4,"edi"),"ebx");
-	&mov	(&DWP(8,"edi"),"ecx");
-	&mov	(&DWP(12,"edi"),"edx");
-	&mov	("eax",&DWP(16,"esi"));
-	&mov	("ebx",&DWP(20,"esi"));
-	&mov	("ecx",&DWP(24,"esi"));
-	&mov	("edx",&DWP(28,"esi"));
-	&mov	(&DWP(16,"edi"),"eax");
-	&mov	(&DWP(20,"edi"),"ebx");
-	&mov	(&DWP(24,"edi"),"ecx");
-	&mov	(&DWP(28,"edi"),"edx");
-
-	&xor	("ecx","ecx");
-	&jmp	(&label("14shortcut"));
-
-	&align	(4);
-	&set_label("14loop");
-		&mov	("edx",&DWP(28,"edi"));		# rk[7]
-	&set_label("14shortcut");
-		&mov	("eax",&DWP(0,"edi"));		# rk[0]
-
-		&enckey	();
-
-		&mov	(&DWP(32,"edi"),"eax");		# rk[8]
-		&xor	("eax",&DWP(4,"edi"));
-		&mov	(&DWP(36,"edi"),"eax");		# rk[9]
-		&xor	("eax",&DWP(8,"edi"));
-		&mov	(&DWP(40,"edi"),"eax");		# rk[10]
-		&xor	("eax",&DWP(12,"edi"));
-		&mov	(&DWP(44,"edi"),"eax");		# rk[11]
-
-		&cmp	("ecx",6);
-		&je	(&label("14break"));
-		&inc	("ecx");
-
-		&mov	("edx","eax");
-		&mov	("eax",&DWP(16,"edi"));		# rk[4]
-		&movz	("esi",&LB("edx"));		# rk[11]>>0
-		&movz	("ebx",&BP(-128,$tbl,"esi",1));
-		&movz	("esi",&HB("edx"));		# rk[11]>>8
-		&xor	("eax","ebx");
-
-		&movz	("ebx",&BP(-128,$tbl,"esi",1));
-		&shr	("edx",16);
-		&shl	("ebx",8);
-		&movz	("esi",&LB("edx"));		# rk[11]>>16
-		&xor	("eax","ebx");
-
-		&movz	("ebx",&BP(-128,$tbl,"esi",1));
-		&movz	("esi",&HB("edx"));		# rk[11]>>24
-		&shl	("ebx",16);
-		&xor	("eax","ebx");
-
-		&movz	("ebx",&BP(-128,$tbl,"esi",1));
-		&shl	("ebx",24);
-		&xor	("eax","ebx");
-
-		&mov	(&DWP(48,"edi"),"eax");		# rk[12]
-		&xor	("eax",&DWP(20,"edi"));
-		&mov	(&DWP(52,"edi"),"eax");		# rk[13]
-		&xor	("eax",&DWP(24,"edi"));
-		&mov	(&DWP(56,"edi"),"eax");		# rk[14]
-		&xor	("eax",&DWP(28,"edi"));
-		&mov	(&DWP(60,"edi"),"eax");		# rk[15]
-
-		&add	("edi",32);
-	&jmp	(&label("14loop"));
-
-	&set_label("14break");
-	&mov	(&DWP(48,"edi"),14);		# setup number of rounds
-	&xor	("eax","eax");
-	&jmp	(&label("exit"));
-
-    &set_label("badpointer");
-	&mov	("eax",-1);
-    &set_label("exit");
-&function_end("_x86_AES_set_encrypt_key");
-
-# int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-#                        AES_KEY *key)
-&function_begin_B("private_AES_set_encrypt_key");
-	&call	("_x86_AES_set_encrypt_key");
-	&ret	();
-&function_end_B("private_AES_set_encrypt_key");
-
-sub deckey()
-{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
-  my $tmp = $tbl;
-
-	&mov	($acc,$tp1);
-	&and	($acc,0x80808080);
-	&mov	($tmp,$acc);
-	&shr	($tmp,7);
-	&lea	($tp2,&DWP(0,$tp1,$tp1));
-	&sub	($acc,$tmp);
-	&and	($tp2,0xfefefefe);
-	&and	($acc,0x1b1b1b1b);
-	&xor	($acc,$tp2);
-	&mov	($tp2,$acc);
-
-	&and	($acc,0x80808080);
-	&mov	($tmp,$acc);
-	&shr	($tmp,7);
-	&lea	($tp4,&DWP(0,$tp2,$tp2));
-	&sub	($acc,$tmp);
-	&and	($tp4,0xfefefefe);
-	&and	($acc,0x1b1b1b1b);
-	 &xor	($tp2,$tp1);	# tp2^tp1
-	&xor	($acc,$tp4);
-	&mov	($tp4,$acc);
-
-	&and	($acc,0x80808080);
-	&mov	($tmp,$acc);
-	&shr	($tmp,7);
-	&lea	($tp8,&DWP(0,$tp4,$tp4));
-	 &xor	($tp4,$tp1);	# tp4^tp1
-	&sub	($acc,$tmp);
-	&and	($tp8,0xfefefefe);
-	&and	($acc,0x1b1b1b1b);
-	 &rotl	($tp1,8);	# = ROTATE(tp1,8)
-	&xor	($tp8,$acc);
-
-	&mov	($tmp,&DWP(4*($i+1),$key));	# modulo-scheduled load
-
-	&xor	($tp1,$tp2);
-	&xor	($tp2,$tp8);
-	&xor	($tp1,$tp4);
-	&rotl	($tp2,24);
-	&xor	($tp4,$tp8);
-	&xor	($tp1,$tp8);	# ^= tp8^(tp4^tp1)^(tp2^tp1)
-	&rotl	($tp4,16);
-	&xor	($tp1,$tp2);	# ^= ROTATE(tp8^tp2^tp1,24)
-	&rotl	($tp8,8);
-	&xor	($tp1,$tp4);	# ^= ROTATE(tp8^tp4^tp1,16)
-	&mov	($tp2,$tmp);
-	&xor	($tp1,$tp8);	# ^= ROTATE(tp8,8)
-
-	&mov	(&DWP(4*$i,$key),$tp1);
-}
-
-# int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-#                        AES_KEY *key)
-&function_begin_B("private_AES_set_decrypt_key");
-	&call	("_x86_AES_set_encrypt_key");
-	&cmp	("eax",0);
-	&je	(&label("proceed"));
-	&ret	();
-
-    &set_label("proceed");
-	&push	("ebp");
-	&push	("ebx");
-	&push	("esi");
-	&push	("edi");
-
-	&mov	("esi",&wparam(2));
-	&mov	("ecx",&DWP(240,"esi"));	# pull number of rounds
-	&lea	("ecx",&DWP(0,"","ecx",4));
-	&lea	("edi",&DWP(0,"esi","ecx",4));	# pointer to last chunk
-
-	&set_label("invert",4);			# invert order of chunks
-		&mov	("eax",&DWP(0,"esi"));
-		&mov	("ebx",&DWP(4,"esi"));
-		&mov	("ecx",&DWP(0,"edi"));
-		&mov	("edx",&DWP(4,"edi"));
-		&mov	(&DWP(0,"edi"),"eax");
-		&mov	(&DWP(4,"edi"),"ebx");
-		&mov	(&DWP(0,"esi"),"ecx");
-		&mov	(&DWP(4,"esi"),"edx");
-		&mov	("eax",&DWP(8,"esi"));
-		&mov	("ebx",&DWP(12,"esi"));
-		&mov	("ecx",&DWP(8,"edi"));
-		&mov	("edx",&DWP(12,"edi"));
-		&mov	(&DWP(8,"edi"),"eax");
-		&mov	(&DWP(12,"edi"),"ebx");
-		&mov	(&DWP(8,"esi"),"ecx");
-		&mov	(&DWP(12,"esi"),"edx");
-		&add	("esi",16);
-		&sub	("edi",16);
-		&cmp	("esi","edi");
-	&jne	(&label("invert"));
-
-	&mov	($key,&wparam(2));
-	&mov	($acc,&DWP(240,$key));		# pull number of rounds
-	&lea	($acc,&DWP(-2,$acc,$acc));
-	&lea	($acc,&DWP(0,$key,$acc,8));
-	&mov	(&wparam(2),$acc);
-
-	&mov	($s0,&DWP(16,$key));		# modulo-scheduled load
-	&set_label("permute",4);		# permute the key schedule
-		&add	($key,16);
-		&deckey	(0,$key,$s0,$s1,$s2,$s3);
-		&deckey	(1,$key,$s1,$s2,$s3,$s0);
-		&deckey	(2,$key,$s2,$s3,$s0,$s1);
-		&deckey	(3,$key,$s3,$s0,$s1,$s2);
-		&cmp	($key,&wparam(2));
-	&jb	(&label("permute"));
-
-	&xor	("eax","eax");			# return success
-&function_end("private_AES_set_decrypt_key");
-&asciz("AES for x86, CRYPTOGAMS by <appro\@openssl.org>");
-
-&asm_finish();
diff --git a/crypto/aes/asm/aes-armv4.S b/crypto/aes/asm/aes-armv4.S
deleted file mode 100644
index 333a522730..0000000000
--- a/crypto/aes/asm/aes-armv4.S
+++ /dev/null
@@ -1,1177 +0,0 @@
-
-@ ====================================================================
-@ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-@ project. The module is, however, dual licensed under OpenSSL and
-@ CRYPTOGAMS licenses depending on where you obtain it. For further
-@ details see http://www.openssl.org/~appro/cryptogams/.
-@ ====================================================================
-
-@ AES for ARMv4
-
-@ January 2007.
-@
-@ Code uses single 1K S-box and is >2 times faster than code generated
-@ by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
-@ allows to merge logical or arithmetic operation with shift or rotate
-@ in one instruction and emit combined result every cycle. The module
-@ is endian-neutral. The performance is ~42 cycles/byte for 128-bit
-@ key [on single-issue Xscale PXA250 core].
-
-@ May 2007.
-@
-@ AES_set_[en|de]crypt_key is added.
-
-@ July 2010.
-@
-@ Rescheduling for dual-issue pipeline resulted in 12% improvement on
-@ Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
-
-@ February 2011.
-@
-@ Profiler-assisted and platform-specific optimization resulted in 16%
-@ improvement on Cortex A8 core and ~21.5 cycles per byte.
-
-#ifndef __KERNEL__
-# include "arm_arch.h"
-#else
-# define __ARM_ARCH__ __LINUX_ARM_ARCH__
-#endif
-
-.text
-#if __ARM_ARCH__<7
-.code	32
-#else
-.syntax	unified
-# ifdef __thumb2__
-.thumb
-# else
-.code	32
-# endif
-#endif
-
-.type	AES_Te,%object
-.align	5
-AES_Te:
-.word	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
-.word	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
-.word	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
-.word	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
-.word	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
-.word	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
-.word	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
-.word	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
-.word	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
-.word	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
-.word	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
-.word	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
-.word	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
-.word	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
-.word	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
-.word	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
-.word	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
-.word	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
-.word	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
-.word	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
-.word	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
-.word	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
-.word	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
-.word	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
-.word	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
-.word	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
-.word	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
-.word	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
-.word	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
-.word	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
-.word	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
-.word	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
-.word	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
-.word	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
-.word	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
-.word	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
-.word	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
-.word	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
-.word	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
-.word	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
-.word	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
-.word	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
-.word	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
-.word	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
-.word	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
-.word	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
-.word	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
-.word	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
-.word	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
-.word	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
-.word	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
-.word	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
-.word	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
-.word	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
-.word	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
-.word	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
-.word	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
-.word	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
-.word	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
-.word	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
-.word	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
-.word	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
-.word	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
-.word	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
-@ Te4[256]
-.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
-.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
-.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
-.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
-.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
-.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
-.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
-.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
-.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
-.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
-.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
-.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
-.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
-.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
-.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
-.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
-.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
-.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
-.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
-.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
-.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
-.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
-.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
-.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
-.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
-.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
-.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
-.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
-.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
-.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
-.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
-.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-@ rcon[]
-.word	0x01000000, 0x02000000, 0x04000000, 0x08000000
-.word	0x10000000, 0x20000000, 0x40000000, 0x80000000
-.word	0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
-.size	AES_Te,.-AES_Te
-
-@ void AES_encrypt(const unsigned char *in, unsigned char *out,
-@ 		 const AES_KEY *key) {
-.global AES_encrypt
-.type   AES_encrypt,%function
-.align	5
-AES_encrypt:
-#if __ARM_ARCH__<7
-	sub	r3,pc,#8		@ AES_encrypt
-#else
-	adr	r3,AES_encrypt
-#endif
-	stmdb   sp!,{r1,r4-r12,lr}
-	mov	r12,r0		@ inp
-	mov	r11,r2
-	sub	r10,r3,#AES_encrypt-AES_Te	@ Te
-#if __ARM_ARCH__<7
-	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
-	ldrb	r4,[r12,#2]	@ manner...
-	ldrb	r5,[r12,#1]
-	ldrb	r6,[r12,#0]
-	orr	r0,r0,r4,lsl#8
-	ldrb	r1,[r12,#7]
-	orr	r0,r0,r5,lsl#16
-	ldrb	r4,[r12,#6]
-	orr	r0,r0,r6,lsl#24
-	ldrb	r5,[r12,#5]
-	ldrb	r6,[r12,#4]
-	orr	r1,r1,r4,lsl#8
-	ldrb	r2,[r12,#11]
-	orr	r1,r1,r5,lsl#16
-	ldrb	r4,[r12,#10]
-	orr	r1,r1,r6,lsl#24
-	ldrb	r5,[r12,#9]
-	ldrb	r6,[r12,#8]
-	orr	r2,r2,r4,lsl#8
-	ldrb	r3,[r12,#15]
-	orr	r2,r2,r5,lsl#16
-	ldrb	r4,[r12,#14]
-	orr	r2,r2,r6,lsl#24
-	ldrb	r5,[r12,#13]
-	ldrb	r6,[r12,#12]
-	orr	r3,r3,r4,lsl#8
-	orr	r3,r3,r5,lsl#16
-	orr	r3,r3,r6,lsl#24
-#else
-	ldr	r0,[r12,#0]
-	ldr	r1,[r12,#4]
-	ldr	r2,[r12,#8]
-	ldr	r3,[r12,#12]
-#ifdef __ARMEL__
-	rev	r0,r0
-	rev	r1,r1
-	rev	r2,r2
-	rev	r3,r3
-#endif
-#endif
-	bl	_armv4_AES_encrypt
-
-	ldr	r12,[sp],#4		@ pop out
-#if __ARM_ARCH__>=7
-#ifdef __ARMEL__
-	rev	r0,r0
-	rev	r1,r1
-	rev	r2,r2
-	rev	r3,r3
-#endif
-	str	r0,[r12,#0]
-	str	r1,[r12,#4]
-	str	r2,[r12,#8]
-	str	r3,[r12,#12]
-#else
-	mov	r4,r0,lsr#24		@ write output in endian-neutral
-	mov	r5,r0,lsr#16		@ manner...
-	mov	r6,r0,lsr#8
-	strb	r4,[r12,#0]
-	strb	r5,[r12,#1]
-	mov	r4,r1,lsr#24
-	strb	r6,[r12,#2]
-	mov	r5,r1,lsr#16
-	strb	r0,[r12,#3]
-	mov	r6,r1,lsr#8
-	strb	r4,[r12,#4]
-	strb	r5,[r12,#5]
-	mov	r4,r2,lsr#24
-	strb	r6,[r12,#6]
-	mov	r5,r2,lsr#16
-	strb	r1,[r12,#7]
-	mov	r6,r2,lsr#8
-	strb	r4,[r12,#8]
-	strb	r5,[r12,#9]
-	mov	r4,r3,lsr#24
-	strb	r6,[r12,#10]
-	mov	r5,r3,lsr#16
-	strb	r2,[r12,#11]
-	mov	r6,r3,lsr#8
-	strb	r4,[r12,#12]
-	strb	r5,[r12,#13]
-	strb	r6,[r12,#14]
-	strb	r3,[r12,#15]
-#endif
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r12,pc}
-#else
-	ldmia   sp!,{r4-r12,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
-#endif
-.size	AES_encrypt,.-AES_encrypt
-
-.type   _armv4_AES_encrypt,%function
-.align	2
-_armv4_AES_encrypt:
-	str	lr,[sp,#-4]!		@ push lr
-	ldmia	r11!,{r4-r7}
-	eor	r0,r0,r4
-	ldr	r12,[r11,#240-16]
-	eor	r1,r1,r5
-	eor	r2,r2,r6
-	eor	r3,r3,r7
-	sub	r12,r12,#1
-	mov	lr,#255
-
-	and	r7,lr,r0
-	and	r8,lr,r0,lsr#8
-	and	r9,lr,r0,lsr#16
-	mov	r0,r0,lsr#24
-.Lenc_loop:
-	ldr	r4,[r10,r7,lsl#2]	@ Te3[s0>>0]
-	and	r7,lr,r1,lsr#16	@ i0
-	ldr	r5,[r10,r8,lsl#2]	@ Te2[s0>>8]
-	and	r8,lr,r1
-	ldr	r6,[r10,r9,lsl#2]	@ Te1[s0>>16]
-	and	r9,lr,r1,lsr#8
-	ldr	r0,[r10,r0,lsl#2]	@ Te0[s0>>24]
-	mov	r1,r1,lsr#24
-
-	ldr	r7,[r10,r7,lsl#2]	@ Te1[s1>>16]
-	ldr	r8,[r10,r8,lsl#2]	@ Te3[s1>>0]
-	ldr	r9,[r10,r9,lsl#2]	@ Te2[s1>>8]
-	eor	r0,r0,r7,ror#8
-	ldr	r1,[r10,r1,lsl#2]	@ Te0[s1>>24]
-	and	r7,lr,r2,lsr#8	@ i0
-	eor	r5,r5,r8,ror#8
-	and	r8,lr,r2,lsr#16	@ i1
-	eor	r6,r6,r9,ror#8
-	and	r9,lr,r2
-	ldr	r7,[r10,r7,lsl#2]	@ Te2[s2>>8]
-	eor	r1,r1,r4,ror#24
-	ldr	r8,[r10,r8,lsl#2]	@ Te1[s2>>16]
-	mov	r2,r2,lsr#24
-
-	ldr	r9,[r10,r9,lsl#2]	@ Te3[s2>>0]
-	eor	r0,r0,r7,ror#16
-	ldr	r2,[r10,r2,lsl#2]	@ Te0[s2>>24]
-	and	r7,lr,r3		@ i0
-	eor	r1,r1,r8,ror#8
-	and	r8,lr,r3,lsr#8	@ i1
-	eor	r6,r6,r9,ror#16
-	and	r9,lr,r3,lsr#16	@ i2
-	ldr	r7,[r10,r7,lsl#2]	@ Te3[s3>>0]
-	eor	r2,r2,r5,ror#16
-	ldr	r8,[r10,r8,lsl#2]	@ Te2[s3>>8]
-	mov	r3,r3,lsr#24
-
-	ldr	r9,[r10,r9,lsl#2]	@ Te1[s3>>16]
-	eor	r0,r0,r7,ror#24
-	ldr	r7,[r11],#16
-	eor	r1,r1,r8,ror#16
-	ldr	r3,[r10,r3,lsl#2]	@ Te0[s3>>24]
-	eor	r2,r2,r9,ror#8
-	ldr	r4,[r11,#-12]
-	eor	r3,r3,r6,ror#8
-
-	ldr	r5,[r11,#-8]
-	eor	r0,r0,r7
-	ldr	r6,[r11,#-4]
-	and	r7,lr,r0
-	eor	r1,r1,r4
-	and	r8,lr,r0,lsr#8
-	eor	r2,r2,r5
-	and	r9,lr,r0,lsr#16
-	eor	r3,r3,r6
-	mov	r0,r0,lsr#24
-
-	subs	r12,r12,#1
-	bne	.Lenc_loop
-
-	add	r10,r10,#2
-
-	ldrb	r4,[r10,r7,lsl#2]	@ Te4[s0>>0]
-	and	r7,lr,r1,lsr#16	@ i0
-	ldrb	r5,[r10,r8,lsl#2]	@ Te4[s0>>8]
-	and	r8,lr,r1
-	ldrb	r6,[r10,r9,lsl#2]	@ Te4[s0>>16]
-	and	r9,lr,r1,lsr#8
-	ldrb	r0,[r10,r0,lsl#2]	@ Te4[s0>>24]
-	mov	r1,r1,lsr#24
-
-	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s1>>16]
-	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s1>>0]
-	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s1>>8]
-	eor	r0,r7,r0,lsl#8
-	ldrb	r1,[r10,r1,lsl#2]	@ Te4[s1>>24]
-	and	r7,lr,r2,lsr#8	@ i0
-	eor	r5,r8,r5,lsl#8
-	and	r8,lr,r2,lsr#16	@ i1
-	eor	r6,r9,r6,lsl#8
-	and	r9,lr,r2
-	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s2>>8]
-	eor	r1,r4,r1,lsl#24
-	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s2>>16]
-	mov	r2,r2,lsr#24
-
-	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s2>>0]
-	eor	r0,r7,r0,lsl#8
-	ldrb	r2,[r10,r2,lsl#2]	@ Te4[s2>>24]
-	and	r7,lr,r3		@ i0
-	eor	r1,r1,r8,lsl#16
-	and	r8,lr,r3,lsr#8	@ i1
-	eor	r6,r9,r6,lsl#8
-	and	r9,lr,r3,lsr#16	@ i2
-	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s3>>0]
-	eor	r2,r5,r2,lsl#24
-	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s3>>8]
-	mov	r3,r3,lsr#24
-
-	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s3>>16]
-	eor	r0,r7,r0,lsl#8
-	ldr	r7,[r11,#0]
-	ldrb	r3,[r10,r3,lsl#2]	@ Te4[s3>>24]
-	eor	r1,r1,r8,lsl#8
-	ldr	r4,[r11,#4]
-	eor	r2,r2,r9,lsl#16
-	ldr	r5,[r11,#8]
-	eor	r3,r6,r3,lsl#24
-	ldr	r6,[r11,#12]
-
-	eor	r0,r0,r7
-	eor	r1,r1,r4
-	eor	r2,r2,r5
-	eor	r3,r3,r6
-
-	sub	r10,r10,#2
-	ldr	pc,[sp],#4		@ pop and return
-.size	_armv4_AES_encrypt,.-_armv4_AES_encrypt
-
-.global private_AES_set_encrypt_key
-.type   private_AES_set_encrypt_key,%function
-.align	5
-private_AES_set_encrypt_key:
-_armv4_AES_set_encrypt_key:
-#if __ARM_ARCH__<7
-	sub	r3,pc,#8		@ AES_set_encrypt_key
-#else
-	adr	r3,private_AES_set_encrypt_key
-#endif
-	teq	r0,#0
-#if __ARM_ARCH__>=7
-	itt	eq			@ Thumb2 thing, sanity check in ARM
-#endif
-	moveq	r0,#-1
-	beq	.Labrt
-	teq	r2,#0
-#if __ARM_ARCH__>=7
-	itt	eq			@ Thumb2 thing, sanity check in ARM
-#endif
-	moveq	r0,#-1
-	beq	.Labrt
-
-	teq	r1,#128
-	beq	.Lok
-	teq	r1,#192
-	beq	.Lok
-	teq	r1,#256
-#if __ARM_ARCH__>=7
-	itt	ne			@ Thumb2 thing, sanity check in ARM
-#endif
-	movne	r0,#-1
-	bne	.Labrt
-
-.Lok:	stmdb   sp!,{r4-r12,lr}
-	sub	r10,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024	@ Te4
-
-	mov	r12,r0		@ inp
-	mov	lr,r1			@ bits
-	mov	r11,r2			@ key
-
-#if __ARM_ARCH__<7
-	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
-	ldrb	r4,[r12,#2]	@ manner...
-	ldrb	r5,[r12,#1]
-	ldrb	r6,[r12,#0]
-	orr	r0,r0,r4,lsl#8
-	ldrb	r1,[r12,#7]
-	orr	r0,r0,r5,lsl#16
-	ldrb	r4,[r12,#6]
-	orr	r0,r0,r6,lsl#24
-	ldrb	r5,[r12,#5]
-	ldrb	r6,[r12,#4]
-	orr	r1,r1,r4,lsl#8
-	ldrb	r2,[r12,#11]
-	orr	r1,r1,r5,lsl#16
-	ldrb	r4,[r12,#10]
-	orr	r1,r1,r6,lsl#24
-	ldrb	r5,[r12,#9]
-	ldrb	r6,[r12,#8]
-	orr	r2,r2,r4,lsl#8
-	ldrb	r3,[r12,#15]
-	orr	r2,r2,r5,lsl#16
-	ldrb	r4,[r12,#14]
-	orr	r2,r2,r6,lsl#24
-	ldrb	r5,[r12,#13]
-	ldrb	r6,[r12,#12]
-	orr	r3,r3,r4,lsl#8
-	str	r0,[r11],#16
-	orr	r3,r3,r5,lsl#16
-	str	r1,[r11,#-12]
-	orr	r3,r3,r6,lsl#24
-	str	r2,[r11,#-8]
-	str	r3,[r11,#-4]
-#else
-	ldr	r0,[r12,#0]
-	ldr	r1,[r12,#4]
-	ldr	r2,[r12,#8]
-	ldr	r3,[r12,#12]
-#ifdef __ARMEL__
-	rev	r0,r0
-	rev	r1,r1
-	rev	r2,r2
-	rev	r3,r3
-#endif
-	str	r0,[r11],#16
-	str	r1,[r11,#-12]
-	str	r2,[r11,#-8]
-	str	r3,[r11,#-4]
-#endif
-
-	teq	lr,#128
-	bne	.Lnot128
-	mov	r12,#10
-	str	r12,[r11,#240-16]
-	add	r6,r10,#256			@ rcon
-	mov	lr,#255
-
-.L128_loop:
-	and	r5,lr,r3,lsr#24
-	and	r7,lr,r3,lsr#16
-	ldrb	r5,[r10,r5]
-	and	r8,lr,r3,lsr#8
-	ldrb	r7,[r10,r7]
-	and	r9,lr,r3
-	ldrb	r8,[r10,r8]
-	orr	r5,r5,r7,lsl#24
-	ldrb	r9,[r10,r9]
-	orr	r5,r5,r8,lsl#16
-	ldr	r4,[r6],#4			@ rcon[i++]
-	orr	r5,r5,r9,lsl#8
-	eor	r5,r5,r4
-	eor	r0,r0,r5			@ rk[4]=rk[0]^...
-	eor	r1,r1,r0			@ rk[5]=rk[1]^rk[4]
-	str	r0,[r11],#16
-	eor	r2,r2,r1			@ rk[6]=rk[2]^rk[5]
-	str	r1,[r11,#-12]
-	eor	r3,r3,r2			@ rk[7]=rk[3]^rk[6]
-	str	r2,[r11,#-8]
-	subs	r12,r12,#1
-	str	r3,[r11,#-4]
-	bne	.L128_loop
-	sub	r2,r11,#176
-	b	.Ldone
-
-.Lnot128:
-#if __ARM_ARCH__<7
-	ldrb	r8,[r12,#19]
-	ldrb	r4,[r12,#18]
-	ldrb	r5,[r12,#17]
-	ldrb	r6,[r12,#16]
-	orr	r8,r8,r4,lsl#8
-	ldrb	r9,[r12,#23]
-	orr	r8,r8,r5,lsl#16
-	ldrb	r4,[r12,#22]
-	orr	r8,r8,r6,lsl#24
-	ldrb	r5,[r12,#21]
-	ldrb	r6,[r12,#20]
-	orr	r9,r9,r4,lsl#8
-	orr	r9,r9,r5,lsl#16
-	str	r8,[r11],#8
-	orr	r9,r9,r6,lsl#24
-	str	r9,[r11,#-4]
-#else
-	ldr	r8,[r12,#16]
-	ldr	r9,[r12,#20]
-#ifdef __ARMEL__
-	rev	r8,r8
-	rev	r9,r9
-#endif
-	str	r8,[r11],#8
-	str	r9,[r11,#-4]
-#endif
-
-	teq	lr,#192
-	bne	.Lnot192
-	mov	r12,#12
-	str	r12,[r11,#240-24]
-	add	r6,r10,#256			@ rcon
-	mov	lr,#255
-	mov	r12,#8
-
-.L192_loop:
-	and	r5,lr,r9,lsr#24
-	and	r7,lr,r9,lsr#16
-	ldrb	r5,[r10,r5]
-	and	r8,lr,r9,lsr#8
-	ldrb	r7,[r10,r7]
-	and	r9,lr,r9
-	ldrb	r8,[r10,r8]
-	orr	r5,r5,r7,lsl#24
-	ldrb	r9,[r10,r9]
-	orr	r5,r5,r8,lsl#16
-	ldr	r4,[r6],#4			@ rcon[i++]
-	orr	r5,r5,r9,lsl#8
-	eor	r9,r5,r4
-	eor	r0,r0,r9			@ rk[6]=rk[0]^...
-	eor	r1,r1,r0			@ rk[7]=rk[1]^rk[6]
-	str	r0,[r11],#24
-	eor	r2,r2,r1			@ rk[8]=rk[2]^rk[7]
-	str	r1,[r11,#-20]
-	eor	r3,r3,r2			@ rk[9]=rk[3]^rk[8]
-	str	r2,[r11,#-16]
-	subs	r12,r12,#1
-	str	r3,[r11,#-12]
-#if __ARM_ARCH__>=7
-	itt	eq				@ Thumb2 thing, sanity check in ARM
-#endif
-	subeq	r2,r11,#216
-	beq	.Ldone
-
-	ldr	r7,[r11,#-32]
-	ldr	r8,[r11,#-28]
-	eor	r7,r7,r3			@ rk[10]=rk[4]^rk[9]
-	eor	r9,r8,r7			@ rk[11]=rk[5]^rk[10]
-	str	r7,[r11,#-8]
-	str	r9,[r11,#-4]
-	b	.L192_loop
-
-.Lnot192:
-#if __ARM_ARCH__<7
-	ldrb	r8,[r12,#27]
-	ldrb	r4,[r12,#26]
-	ldrb	r5,[r12,#25]
-	ldrb	r6,[r12,#24]
-	orr	r8,r8,r4,lsl#8
-	ldrb	r9,[r12,#31]
-	orr	r8,r8,r5,lsl#16
-	ldrb	r4,[r12,#30]
-	orr	r8,r8,r6,lsl#24
-	ldrb	r5,[r12,#29]
-	ldrb	r6,[r12,#28]
-	orr	r9,r9,r4,lsl#8
-	orr	r9,r9,r5,lsl#16
-	str	r8,[r11],#8
-	orr	r9,r9,r6,lsl#24
-	str	r9,[r11,#-4]
-#else
-	ldr	r8,[r12,#24]
-	ldr	r9,[r12,#28]
-#ifdef __ARMEL__
-	rev	r8,r8
-	rev	r9,r9
-#endif
-	str	r8,[r11],#8
-	str	r9,[r11,#-4]
-#endif
-
-	mov	r12,#14
-	str	r12,[r11,#240-32]
-	add	r6,r10,#256			@ rcon
-	mov	lr,#255
-	mov	r12,#7
-
-.L256_loop:
-	and	r5,lr,r9,lsr#24
-	and	r7,lr,r9,lsr#16
-	ldrb	r5,[r10,r5]
-	and	r8,lr,r9,lsr#8
-	ldrb	r7,[r10,r7]
-	and	r9,lr,r9
-	ldrb	r8,[r10,r8]
-	orr	r5,r5,r7,lsl#24
-	ldrb	r9,[r10,r9]
-	orr	r5,r5,r8,lsl#16
-	ldr	r4,[r6],#4			@ rcon[i++]
-	orr	r5,r5,r9,lsl#8
-	eor	r9,r5,r4
-	eor	r0,r0,r9			@ rk[8]=rk[0]^...
-	eor	r1,r1,r0			@ rk[9]=rk[1]^rk[8]
-	str	r0,[r11],#32
-	eor	r2,r2,r1			@ rk[10]=rk[2]^rk[9]
-	str	r1,[r11,#-28]
-	eor	r3,r3,r2			@ rk[11]=rk[3]^rk[10]
-	str	r2,[r11,#-24]
-	subs	r12,r12,#1
-	str	r3,[r11,#-20]
-#if __ARM_ARCH__>=7
-	itt	eq				@ Thumb2 thing, sanity check in ARM
-#endif
-	subeq	r2,r11,#256
-	beq	.Ldone
-
-	and	r5,lr,r3
-	and	r7,lr,r3,lsr#8
-	ldrb	r5,[r10,r5]
-	and	r8,lr,r3,lsr#16
-	ldrb	r7,[r10,r7]
-	and	r9,lr,r3,lsr#24
-	ldrb	r8,[r10,r8]
-	orr	r5,r5,r7,lsl#8
-	ldrb	r9,[r10,r9]
-	orr	r5,r5,r8,lsl#16
-	ldr	r4,[r11,#-48]
-	orr	r5,r5,r9,lsl#24
-
-	ldr	r7,[r11,#-44]
-	ldr	r8,[r11,#-40]
-	eor	r4,r4,r5			@ rk[12]=rk[4]^...
-	ldr	r9,[r11,#-36]
-	eor	r7,r7,r4			@ rk[13]=rk[5]^rk[12]
-	str	r4,[r11,#-16]
-	eor	r8,r8,r7			@ rk[14]=rk[6]^rk[13]
-	str	r7,[r11,#-12]
-	eor	r9,r9,r8			@ rk[15]=rk[7]^rk[14]
-	str	r8,[r11,#-8]
-	str	r9,[r11,#-4]
-	b	.L256_loop
-
-.align	2
-.Ldone:	mov	r0,#0
-	ldmia   sp!,{r4-r12,lr}
-.Labrt:
-#if __ARM_ARCH__>=5
-	bx	lr				@ .word	0xe12fff1e
-#else
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
-#endif
-.size	private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
-
-.global private_AES_set_decrypt_key
-.type   private_AES_set_decrypt_key,%function
-.align	5
-private_AES_set_decrypt_key:
-	str	lr,[sp,#-4]!            @ push lr
-	bl	_armv4_AES_set_encrypt_key
-	teq	r0,#0
-	ldr	lr,[sp],#4              @ pop lr
-	bne	.Labrt
-
-	mov	r0,r2			@ AES_set_encrypt_key preserves r2,
-	mov	r1,r2			@ which is AES_KEY *key
-	b	_armv4_AES_set_enc2dec_key
-.size	private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
-
-@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
-.global	AES_set_enc2dec_key
-.type	AES_set_enc2dec_key,%function
-.align	5
-AES_set_enc2dec_key:
-_armv4_AES_set_enc2dec_key:
-	stmdb   sp!,{r4-r12,lr}
-
-	ldr	r12,[r0,#240]
-	mov	r7,r0			@ input
-	add	r8,r0,r12,lsl#4
-	mov	r11,r1			@ ouput
-	add	r10,r1,r12,lsl#4
-	str	r12,[r1,#240]
-
-.Linv:	ldr	r0,[r7],#16
-	ldr	r1,[r7,#-12]
-	ldr	r2,[r7,#-8]
-	ldr	r3,[r7,#-4]
-	ldr	r4,[r8],#-16
-	ldr	r5,[r8,#16+4]
-	ldr	r6,[r8,#16+8]
-	ldr	r9,[r8,#16+12]
-	str	r0,[r10],#-16
-	str	r1,[r10,#16+4]
-	str	r2,[r10,#16+8]
-	str	r3,[r10,#16+12]
-	str	r4,[r11],#16
-	str	r5,[r11,#-12]
-	str	r6,[r11,#-8]
-	str	r9,[r11,#-4]
-	teq	r7,r8
-	bne	.Linv
-
-	ldr	r0,[r7]
-	ldr	r1,[r7,#4]
-	ldr	r2,[r7,#8]
-	ldr	r3,[r7,#12]
-	str	r0,[r11]
-	str	r1,[r11,#4]
-	str	r2,[r11,#8]
-	str	r3,[r11,#12]
-	sub	r11,r11,r12,lsl#3
-	ldr	r0,[r11,#16]!		@ prefetch tp1
-	mov	r7,#0x80
-	mov	r8,#0x1b
-	orr	r7,r7,#0x8000
-	orr	r8,r8,#0x1b00
-	orr	r7,r7,r7,lsl#16
-	orr	r8,r8,r8,lsl#16
-	sub	r12,r12,#1
-	mvn	r9,r7
-	mov	r12,r12,lsl#2	@ (rounds-1)*4
-
-.Lmix:	and	r4,r0,r7
-	and	r1,r0,r9
-	sub	r4,r4,r4,lsr#7
-	and	r4,r4,r8
-	eor	r1,r4,r1,lsl#1	@ tp2
-
-	and	r4,r1,r7
-	and	r2,r1,r9
-	sub	r4,r4,r4,lsr#7
-	and	r4,r4,r8
-	eor	r2,r4,r2,lsl#1	@ tp4
-
-	and	r4,r2,r7
-	and	r3,r2,r9
-	sub	r4,r4,r4,lsr#7
-	and	r4,r4,r8
-	eor	r3,r4,r3,lsl#1	@ tp8
-
-	eor	r4,r1,r2
-	eor	r5,r0,r3		@ tp9
-	eor	r4,r4,r3		@ tpe
-	eor	r4,r4,r1,ror#24
-	eor	r4,r4,r5,ror#24	@ ^= ROTATE(tpb=tp9^tp2,8)
-	eor	r4,r4,r2,ror#16
-	eor	r4,r4,r5,ror#16	@ ^= ROTATE(tpd=tp9^tp4,16)
-	eor	r4,r4,r5,ror#8	@ ^= ROTATE(tp9,24)
-
-	ldr	r0,[r11,#4]		@ prefetch tp1
-	str	r4,[r11],#4
-	subs	r12,r12,#1
-	bne	.Lmix
-
-	mov	r0,#0
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r12,pc}
-#else
-	ldmia   sp!,{r4-r12,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
-#endif
-.size	AES_set_enc2dec_key,.-AES_set_enc2dec_key
-
-.type	AES_Td,%object
-.align	5
-AES_Td:
-.word	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
-.word	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
-.word	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
-.word	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
-.word	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
-.word	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
-.word	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
-.word	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
-.word	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
-.word	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
-.word	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
-.word	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
-.word	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
-.word	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
-.word	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
-.word	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
-.word	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
-.word	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
-.word	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
-.word	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
-.word	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
-.word	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
-.word	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
-.word	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
-.word	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
-.word	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
-.word	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
-.word	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
-.word	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
-.word	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
-.word	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
-.word	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
-.word	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
-.word	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
-.word	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
-.word	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
-.word	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
-.word	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
-.word	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
-.word	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
-.word	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
-.word	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
-.word	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
-.word	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
-.word	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
-.word	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
-.word	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
-.word	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
-.word	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
-.word	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
-.word	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
-.word	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
-.word	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
-.word	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
-.word	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
-.word	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
-.word	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
-.word	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
-.word	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
-.word	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
-.word	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
-.word	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
-.word	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
-.word	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
-@ Td4[256]
-.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
-.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
-.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
-.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
-.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
-.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
-.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
-.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
-.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
-.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
-.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
-.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
-.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
-.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
-.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
-.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
-.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
-.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
-.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
-.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
-.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
-.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
-.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
-.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
-.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
-.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
-.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
-.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
-.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
-.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
-.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
-.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-.size	AES_Td,.-AES_Td
-
-@ void AES_decrypt(const unsigned char *in, unsigned char *out,
-@ 		 const AES_KEY *key) {
-.global AES_decrypt
-.type   AES_decrypt,%function
-.align	5
-AES_decrypt:
-#if __ARM_ARCH__<7
-	sub	r3,pc,#8		@ AES_decrypt
-#else
-	adr	r3,AES_decrypt
-#endif
-	stmdb   sp!,{r1,r4-r12,lr}
-	mov	r12,r0		@ inp
-	mov	r11,r2
-	sub	r10,r3,#AES_decrypt-AES_Td		@ Td
-#if __ARM_ARCH__<7
-	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
-	ldrb	r4,[r12,#2]	@ manner...
-	ldrb	r5,[r12,#1]
-	ldrb	r6,[r12,#0]
-	orr	r0,r0,r4,lsl#8
-	ldrb	r1,[r12,#7]
-	orr	r0,r0,r5,lsl#16
-	ldrb	r4,[r12,#6]
-	orr	r0,r0,r6,lsl#24
-	ldrb	r5,[r12,#5]
-	ldrb	r6,[r12,#4]
-	orr	r1,r1,r4,lsl#8
-	ldrb	r2,[r12,#11]
-	orr	r1,r1,r5,lsl#16
-	ldrb	r4,[r12,#10]
-	orr	r1,r1,r6,lsl#24
-	ldrb	r5,[r12,#9]
-	ldrb	r6,[r12,#8]
-	orr	r2,r2,r4,lsl#8
-	ldrb	r3,[r12,#15]
-	orr	r2,r2,r5,lsl#16
-	ldrb	r4,[r12,#14]
-	orr	r2,r2,r6,lsl#24
-	ldrb	r5,[r12,#13]
-	ldrb	r6,[r12,#12]
-	orr	r3,r3,r4,lsl#8
-	orr	r3,r3,r5,lsl#16
-	orr	r3,r3,r6,lsl#24
-#else
-	ldr	r0,[r12,#0]
-	ldr	r1,[r12,#4]
-	ldr	r2,[r12,#8]
-	ldr	r3,[r12,#12]
-#ifdef __ARMEL__
-	rev	r0,r0
-	rev	r1,r1
-	rev	r2,r2
-	rev	r3,r3
-#endif
-#endif
-	bl	_armv4_AES_decrypt
-
-	ldr	r12,[sp],#4		@ pop out
-#if __ARM_ARCH__>=7
-#ifdef __ARMEL__
-	rev	r0,r0
-	rev	r1,r1
-	rev	r2,r2
-	rev	r3,r3
-#endif
-	str	r0,[r12,#0]
-	str	r1,[r12,#4]
-	str	r2,[r12,#8]
-	str	r3,[r12,#12]
-#else
-	mov	r4,r0,lsr#24		@ write output in endian-neutral
-	mov	r5,r0,lsr#16		@ manner...
-	mov	r6,r0,lsr#8
-	strb	r4,[r12,#0]
-	strb	r5,[r12,#1]
-	mov	r4,r1,lsr#24
-	strb	r6,[r12,#2]
-	mov	r5,r1,lsr#16
-	strb	r0,[r12,#3]
-	mov	r6,r1,lsr#8
-	strb	r4,[r12,#4]
-	strb	r5,[r12,#5]
-	mov	r4,r2,lsr#24
-	strb	r6,[r12,#6]
-	mov	r5,r2,lsr#16
-	strb	r1,[r12,#7]
-	mov	r6,r2,lsr#8
-	strb	r4,[r12,#8]
-	strb	r5,[r12,#9]
-	mov	r4,r3,lsr#24
-	strb	r6,[r12,#10]
-	mov	r5,r3,lsr#16
-	strb	r2,[r12,#11]
-	mov	r6,r3,lsr#8
-	strb	r4,[r12,#12]
-	strb	r5,[r12,#13]
-	strb	r6,[r12,#14]
-	strb	r3,[r12,#15]
-#endif
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r12,pc}
-#else
-	ldmia   sp!,{r4-r12,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
-#endif
-.size	AES_decrypt,.-AES_decrypt
-
-.type   _armv4_AES_decrypt,%function
-.align	2
-_armv4_AES_decrypt:
-	str	lr,[sp,#-4]!		@ push lr
-	ldmia	r11!,{r4-r7}
-	eor	r0,r0,r4
-	ldr	r12,[r11,#240-16]
-	eor	r1,r1,r5
-	eor	r2,r2,r6
-	eor	r3,r3,r7
-	sub	r12,r12,#1
-	mov	lr,#255
-
-	and	r7,lr,r0,lsr#16
-	and	r8,lr,r0,lsr#8
-	and	r9,lr,r0
-	mov	r0,r0,lsr#24
-.Ldec_loop:
-	ldr	r4,[r10,r7,lsl#2]	@ Td1[s0>>16]
-	and	r7,lr,r1		@ i0
-	ldr	r5,[r10,r8,lsl#2]	@ Td2[s0>>8]
-	and	r8,lr,r1,lsr#16
-	ldr	r6,[r10,r9,lsl#2]	@ Td3[s0>>0]
-	and	r9,lr,r1,lsr#8
-	ldr	r0,[r10,r0,lsl#2]	@ Td0[s0>>24]
-	mov	r1,r1,lsr#24
-
-	ldr	r7,[r10,r7,lsl#2]	@ Td3[s1>>0]
-	ldr	r8,[r10,r8,lsl#2]	@ Td1[s1>>16]
-	ldr	r9,[r10,r9,lsl#2]	@ Td2[s1>>8]
-	eor	r0,r0,r7,ror#24
-	ldr	r1,[r10,r1,lsl#2]	@ Td0[s1>>24]
-	and	r7,lr,r2,lsr#8	@ i0
-	eor	r5,r8,r5,ror#8
-	and	r8,lr,r2		@ i1
-	eor	r6,r9,r6,ror#8
-	and	r9,lr,r2,lsr#16
-	ldr	r7,[r10,r7,lsl#2]	@ Td2[s2>>8]
-	eor	r1,r1,r4,ror#8
-	ldr	r8,[r10,r8,lsl#2]	@ Td3[s2>>0]
-	mov	r2,r2,lsr#24
-
-	ldr	r9,[r10,r9,lsl#2]	@ Td1[s2>>16]
-	eor	r0,r0,r7,ror#16
-	ldr	r2,[r10,r2,lsl#2]	@ Td0[s2>>24]
-	and	r7,lr,r3,lsr#16	@ i0
-	eor	r1,r1,r8,ror#24
-	and	r8,lr,r3,lsr#8	@ i1
-	eor	r6,r9,r6,ror#8
-	and	r9,lr,r3		@ i2
-	ldr	r7,[r10,r7,lsl#2]	@ Td1[s3>>16]
-	eor	r2,r2,r5,ror#8
-	ldr	r8,[r10,r8,lsl#2]	@ Td2[s3>>8]
-	mov	r3,r3,lsr#24
-
-	ldr	r9,[r10,r9,lsl#2]	@ Td3[s3>>0]
-	eor	r0,r0,r7,ror#8
-	ldr	r7,[r11],#16
-	eor	r1,r1,r8,ror#16
-	ldr	r3,[r10,r3,lsl#2]	@ Td0[s3>>24]
-	eor	r2,r2,r9,ror#24
-
-	ldr	r4,[r11,#-12]
-	eor	r0,r0,r7
-	ldr	r5,[r11,#-8]
-	eor	r3,r3,r6,ror#8
-	ldr	r6,[r11,#-4]
-	and	r7,lr,r0,lsr#16
-	eor	r1,r1,r4
-	and	r8,lr,r0,lsr#8
-	eor	r2,r2,r5
-	and	r9,lr,r0
-	eor	r3,r3,r6
-	mov	r0,r0,lsr#24
-
-	subs	r12,r12,#1
-	bne	.Ldec_loop
-
-	add	r10,r10,#1024
-
-	ldr	r5,[r10,#0]		@ prefetch Td4
-	ldr	r6,[r10,#32]
-	ldr	r4,[r10,#64]
-	ldr	r5,[r10,#96]
-	ldr	r6,[r10,#128]
-	ldr	r4,[r10,#160]
-	ldr	r5,[r10,#192]
-	ldr	r6,[r10,#224]
-
-	ldrb	r0,[r10,r0]		@ Td4[s0>>24]
-	ldrb	r4,[r10,r7]		@ Td4[s0>>16]
-	and	r7,lr,r1		@ i0
-	ldrb	r5,[r10,r8]		@ Td4[s0>>8]
-	and	r8,lr,r1,lsr#16
-	ldrb	r6,[r10,r9]		@ Td4[s0>>0]
-	and	r9,lr,r1,lsr#8
-
-	add	r1,r10,r1,lsr#24
-	ldrb	r7,[r10,r7]		@ Td4[s1>>0]
-	ldrb	r1,[r1]		@ Td4[s1>>24]
-	ldrb	r8,[r10,r8]		@ Td4[s1>>16]
-	eor	r0,r7,r0,lsl#24
-	ldrb	r9,[r10,r9]		@ Td4[s1>>8]
-	eor	r1,r4,r1,lsl#8
-	and	r7,lr,r2,lsr#8	@ i0
-	eor	r5,r5,r8,lsl#8
-	and	r8,lr,r2		@ i1
-	ldrb	r7,[r10,r7]		@ Td4[s2>>8]
-	eor	r6,r6,r9,lsl#8
-	ldrb	r8,[r10,r8]		@ Td4[s2>>0]
-	and	r9,lr,r2,lsr#16
-
-	add	r2,r10,r2,lsr#24
-	ldrb	r2,[r2]		@ Td4[s2>>24]
-	eor	r0,r0,r7,lsl#8
-	ldrb	r9,[r10,r9]		@ Td4[s2>>16]
-	eor	r1,r8,r1,lsl#16
-	and	r7,lr,r3,lsr#16	@ i0
-	eor	r2,r5,r2,lsl#16
-	and	r8,lr,r3,lsr#8	@ i1
-	ldrb	r7,[r10,r7]		@ Td4[s3>>16]
-	eor	r6,r6,r9,lsl#16
-	ldrb	r8,[r10,r8]		@ Td4[s3>>8]
-	and	r9,lr,r3		@ i2
-
-	add	r3,r10,r3,lsr#24
-	ldrb	r9,[r10,r9]		@ Td4[s3>>0]
-	ldrb	r3,[r3]		@ Td4[s3>>24]
-	eor	r0,r0,r7,lsl#16
-	ldr	r7,[r11,#0]
-	eor	r1,r1,r8,lsl#8
-	ldr	r4,[r11,#4]
-	eor	r2,r9,r2,lsl#8
-	ldr	r5,[r11,#8]
-	eor	r3,r6,r3,lsl#24
-	ldr	r6,[r11,#12]
-
-	eor	r0,r0,r7
-	eor	r1,r1,r4
-	eor	r2,r2,r5
-	eor	r3,r3,r6
-
-	sub	r10,r10,#1024
-	ldr	pc,[sp],#4		@ pop and return
-.size	_armv4_AES_decrypt,.-_armv4_AES_decrypt
-.asciz	"AES for ARMv4, CRYPTOGAMS by <appro@openssl.org>"
-.align	2
diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl
deleted file mode 100644
index 4f8917089f..0000000000
--- a/crypto/aes/asm/aes-armv4.pl
+++ /dev/null
@@ -1,1217 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# AES for ARMv4
-
-# January 2007.
-#
-# Code uses single 1K S-box and is >2 times faster than code generated
-# by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
-# allows to merge logical or arithmetic operation with shift or rotate
-# in one instruction and emit combined result every cycle. The module
-# is endian-neutral. The performance is ~42 cycles/byte for 128-bit
-# key [on single-issue Xscale PXA250 core].
-
-# May 2007.
-#
-# AES_set_[en|de]crypt_key is added.
-
-# July 2010.
-#
-# Rescheduling for dual-issue pipeline resulted in 12% improvement on
-# Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
-
-# February 2011.
-#
-# Profiler-assisted and platform-specific optimization resulted in 16%
-# improvement on Cortex A8 core and ~21.5 cycles per byte.
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$s0="r0";
-$s1="r1";
-$s2="r2";
-$s3="r3";
-$t1="r4";
-$t2="r5";
-$t3="r6";
-$i1="r7";
-$i2="r8";
-$i3="r9";
-
-$tbl="r10";
-$key="r11";
-$rounds="r12";
-
-$code=<<___;
-#ifndef __KERNEL__
-# include "arm_arch.h"
-#else
-# define __ARM_ARCH__ __LINUX_ARM_ARCH__
-#endif
-
-.text
-#if __ARM_ARCH__<7
-.code	32
-#else
-.syntax	unified
-# ifdef __thumb2__
-.thumb
-# else
-.code	32
-# endif
-#endif
-
-.type	AES_Te,%object
-.align	5
-AES_Te:
-.word	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
-.word	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
-.word	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
-.word	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
-.word	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
-.word	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
-.word	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
-.word	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
-.word	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
-.word	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
-.word	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
-.word	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
-.word	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
-.word	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
-.word	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
-.word	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
-.word	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
-.word	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
-.word	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
-.word	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
-.word	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
-.word	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
-.word	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
-.word	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
-.word	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
-.word	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
-.word	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
-.word	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
-.word	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
-.word	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
-.word	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
-.word	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
-.word	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
-.word	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
-.word	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
-.word	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
-.word	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
-.word	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
-.word	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
-.word	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
-.word	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
-.word	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
-.word	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
-.word	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
-.word	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
-.word	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
-.word	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
-.word	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
-.word	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
-.word	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
-.word	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
-.word	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
-.word	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
-.word	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
-.word	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
-.word	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
-.word	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
-.word	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
-.word	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
-.word	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
-.word	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
-.word	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
-.word	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
-.word	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
-@ Te4[256]
-.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
-.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
-.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
-.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
-.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
-.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
-.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
-.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
-.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
-.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
-.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
-.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
-.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
-.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
-.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
-.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
-.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
-.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
-.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
-.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
-.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
-.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
-.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
-.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
-.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
-.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
-.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
-.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
-.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
-.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
-.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
-.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-@ rcon[]
-.word	0x01000000, 0x02000000, 0x04000000, 0x08000000
-.word	0x10000000, 0x20000000, 0x40000000, 0x80000000
-.word	0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
-.size	AES_Te,.-AES_Te
-
-@ void AES_encrypt(const unsigned char *in, unsigned char *out,
-@ 		 const AES_KEY *key) {
-.global AES_encrypt
-.type   AES_encrypt,%function
-.align	5
-AES_encrypt:
-#if __ARM_ARCH__<7
-	sub	r3,pc,#8		@ AES_encrypt
-#else
-	adr	r3,AES_encrypt
-#endif
-	stmdb   sp!,{r1,r4-r12,lr}
-	mov	$rounds,r0		@ inp
-	mov	$key,r2
-	sub	$tbl,r3,#AES_encrypt-AES_Te	@ Te
-#if __ARM_ARCH__<7
-	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
-	ldrb	$t1,[$rounds,#2]	@ manner...
-	ldrb	$t2,[$rounds,#1]
-	ldrb	$t3,[$rounds,#0]
-	orr	$s0,$s0,$t1,lsl#8
-	ldrb	$s1,[$rounds,#7]
-	orr	$s0,$s0,$t2,lsl#16
-	ldrb	$t1,[$rounds,#6]
-	orr	$s0,$s0,$t3,lsl#24
-	ldrb	$t2,[$rounds,#5]
-	ldrb	$t3,[$rounds,#4]
-	orr	$s1,$s1,$t1,lsl#8
-	ldrb	$s2,[$rounds,#11]
-	orr	$s1,$s1,$t2,lsl#16
-	ldrb	$t1,[$rounds,#10]
-	orr	$s1,$s1,$t3,lsl#24
-	ldrb	$t2,[$rounds,#9]
-	ldrb	$t3,[$rounds,#8]
-	orr	$s2,$s2,$t1,lsl#8
-	ldrb	$s3,[$rounds,#15]
-	orr	$s2,$s2,$t2,lsl#16
-	ldrb	$t1,[$rounds,#14]
-	orr	$s2,$s2,$t3,lsl#24
-	ldrb	$t2,[$rounds,#13]
-	ldrb	$t3,[$rounds,#12]
-	orr	$s3,$s3,$t1,lsl#8
-	orr	$s3,$s3,$t2,lsl#16
-	orr	$s3,$s3,$t3,lsl#24
-#else
-	ldr	$s0,[$rounds,#0]
-	ldr	$s1,[$rounds,#4]
-	ldr	$s2,[$rounds,#8]
-	ldr	$s3,[$rounds,#12]
-#ifdef __ARMEL__
-	rev	$s0,$s0
-	rev	$s1,$s1
-	rev	$s2,$s2
-	rev	$s3,$s3
-#endif
-#endif
-	bl	_armv4_AES_encrypt
-
-	ldr	$rounds,[sp],#4		@ pop out
-#if __ARM_ARCH__>=7
-#ifdef __ARMEL__
-	rev	$s0,$s0
-	rev	$s1,$s1
-	rev	$s2,$s2
-	rev	$s3,$s3
-#endif
-	str	$s0,[$rounds,#0]
-	str	$s1,[$rounds,#4]
-	str	$s2,[$rounds,#8]
-	str	$s3,[$rounds,#12]
-#else
-	mov	$t1,$s0,lsr#24		@ write output in endian-neutral
-	mov	$t2,$s0,lsr#16		@ manner...
-	mov	$t3,$s0,lsr#8
-	strb	$t1,[$rounds,#0]
-	strb	$t2,[$rounds,#1]
-	mov	$t1,$s1,lsr#24
-	strb	$t3,[$rounds,#2]
-	mov	$t2,$s1,lsr#16
-	strb	$s0,[$rounds,#3]
-	mov	$t3,$s1,lsr#8
-	strb	$t1,[$rounds,#4]
-	strb	$t2,[$rounds,#5]
-	mov	$t1,$s2,lsr#24
-	strb	$t3,[$rounds,#6]
-	mov	$t2,$s2,lsr#16
-	strb	$s1,[$rounds,#7]
-	mov	$t3,$s2,lsr#8
-	strb	$t1,[$rounds,#8]
-	strb	$t2,[$rounds,#9]
-	mov	$t1,$s3,lsr#24
-	strb	$t3,[$rounds,#10]
-	mov	$t2,$s3,lsr#16
-	strb	$s2,[$rounds,#11]
-	mov	$t3,$s3,lsr#8
-	strb	$t1,[$rounds,#12]
-	strb	$t2,[$rounds,#13]
-	strb	$t3,[$rounds,#14]
-	strb	$s3,[$rounds,#15]
-#endif
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r12,pc}
-#else
-	ldmia   sp!,{r4-r12,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	bx	lr			@ interoperable with Thumb ISA:-)
-#endif
-.size	AES_encrypt,.-AES_encrypt
-
-.type   _armv4_AES_encrypt,%function
-.align	2
-_armv4_AES_encrypt:
-	str	lr,[sp,#-4]!		@ push lr
-	ldmia	$key!,{$t1-$i1}
-	eor	$s0,$s0,$t1
-	ldr	$rounds,[$key,#240-16]
-	eor	$s1,$s1,$t2
-	eor	$s2,$s2,$t3
-	eor	$s3,$s3,$i1
-	sub	$rounds,$rounds,#1
-	mov	lr,#255
-
-	and	$i1,lr,$s0
-	and	$i2,lr,$s0,lsr#8
-	and	$i3,lr,$s0,lsr#16
-	mov	$s0,$s0,lsr#24
-.Lenc_loop:
-	ldr	$t1,[$tbl,$i1,lsl#2]	@ Te3[s0>>0]
-	and	$i1,lr,$s1,lsr#16	@ i0
-	ldr	$t2,[$tbl,$i2,lsl#2]	@ Te2[s0>>8]
-	and	$i2,lr,$s1
-	ldr	$t3,[$tbl,$i3,lsl#2]	@ Te1[s0>>16]
-	and	$i3,lr,$s1,lsr#8
-	ldr	$s0,[$tbl,$s0,lsl#2]	@ Te0[s0>>24]
-	mov	$s1,$s1,lsr#24
-
-	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te1[s1>>16]
-	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te3[s1>>0]
-	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te2[s1>>8]
-	eor	$s0,$s0,$i1,ror#8
-	ldr	$s1,[$tbl,$s1,lsl#2]	@ Te0[s1>>24]
-	and	$i1,lr,$s2,lsr#8	@ i0
-	eor	$t2,$t2,$i2,ror#8
-	and	$i2,lr,$s2,lsr#16	@ i1
-	eor	$t3,$t3,$i3,ror#8
-	and	$i3,lr,$s2
-	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te2[s2>>8]
-	eor	$s1,$s1,$t1,ror#24
-	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te1[s2>>16]
-	mov	$s2,$s2,lsr#24
-
-	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te3[s2>>0]
-	eor	$s0,$s0,$i1,ror#16
-	ldr	$s2,[$tbl,$s2,lsl#2]	@ Te0[s2>>24]
-	and	$i1,lr,$s3		@ i0
-	eor	$s1,$s1,$i2,ror#8
-	and	$i2,lr,$s3,lsr#8	@ i1
-	eor	$t3,$t3,$i3,ror#16
-	and	$i3,lr,$s3,lsr#16	@ i2
-	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te3[s3>>0]
-	eor	$s2,$s2,$t2,ror#16
-	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te2[s3>>8]
-	mov	$s3,$s3,lsr#24
-
-	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te1[s3>>16]
-	eor	$s0,$s0,$i1,ror#24
-	ldr	$i1,[$key],#16
-	eor	$s1,$s1,$i2,ror#16
-	ldr	$s3,[$tbl,$s3,lsl#2]	@ Te0[s3>>24]
-	eor	$s2,$s2,$i3,ror#8
-	ldr	$t1,[$key,#-12]
-	eor	$s3,$s3,$t3,ror#8
-
-	ldr	$t2,[$key,#-8]
-	eor	$s0,$s0,$i1
-	ldr	$t3,[$key,#-4]
-	and	$i1,lr,$s0
-	eor	$s1,$s1,$t1
-	and	$i2,lr,$s0,lsr#8
-	eor	$s2,$s2,$t2
-	and	$i3,lr,$s0,lsr#16
-	eor	$s3,$s3,$t3
-	mov	$s0,$s0,lsr#24
-
-	subs	$rounds,$rounds,#1
-	bne	.Lenc_loop
-
-	add	$tbl,$tbl,#2
-
-	ldrb	$t1,[$tbl,$i1,lsl#2]	@ Te4[s0>>0]
-	and	$i1,lr,$s1,lsr#16	@ i0
-	ldrb	$t2,[$tbl,$i2,lsl#2]	@ Te4[s0>>8]
-	and	$i2,lr,$s1
-	ldrb	$t3,[$tbl,$i3,lsl#2]	@ Te4[s0>>16]
-	and	$i3,lr,$s1,lsr#8
-	ldrb	$s0,[$tbl,$s0,lsl#2]	@ Te4[s0>>24]
-	mov	$s1,$s1,lsr#24
-
-	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s1>>16]
-	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s1>>0]
-	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s1>>8]
-	eor	$s0,$i1,$s0,lsl#8
-	ldrb	$s1,[$tbl,$s1,lsl#2]	@ Te4[s1>>24]
-	and	$i1,lr,$s2,lsr#8	@ i0
-	eor	$t2,$i2,$t2,lsl#8
-	and	$i2,lr,$s2,lsr#16	@ i1
-	eor	$t3,$i3,$t3,lsl#8
-	and	$i3,lr,$s2
-	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s2>>8]
-	eor	$s1,$t1,$s1,lsl#24
-	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s2>>16]
-	mov	$s2,$s2,lsr#24
-
-	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s2>>0]
-	eor	$s0,$i1,$s0,lsl#8
-	ldrb	$s2,[$tbl,$s2,lsl#2]	@ Te4[s2>>24]
-	and	$i1,lr,$s3		@ i0
-	eor	$s1,$s1,$i2,lsl#16
-	and	$i2,lr,$s3,lsr#8	@ i1
-	eor	$t3,$i3,$t3,lsl#8
-	and	$i3,lr,$s3,lsr#16	@ i2
-	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s3>>0]
-	eor	$s2,$t2,$s2,lsl#24
-	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s3>>8]
-	mov	$s3,$s3,lsr#24
-
-	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s3>>16]
-	eor	$s0,$i1,$s0,lsl#8
-	ldr	$i1,[$key,#0]
-	ldrb	$s3,[$tbl,$s3,lsl#2]	@ Te4[s3>>24]
-	eor	$s1,$s1,$i2,lsl#8
-	ldr	$t1,[$key,#4]
-	eor	$s2,$s2,$i3,lsl#16
-	ldr	$t2,[$key,#8]
-	eor	$s3,$t3,$s3,lsl#24
-	ldr	$t3,[$key,#12]
-
-	eor	$s0,$s0,$i1
-	eor	$s1,$s1,$t1
-	eor	$s2,$s2,$t2
-	eor	$s3,$s3,$t3
-
-	sub	$tbl,$tbl,#2
-	ldr	pc,[sp],#4		@ pop and return
-.size	_armv4_AES_encrypt,.-_armv4_AES_encrypt
-
-.global private_AES_set_encrypt_key
-.type   private_AES_set_encrypt_key,%function
-.align	5
-private_AES_set_encrypt_key:
-_armv4_AES_set_encrypt_key:
-#if __ARM_ARCH__<7
-	sub	r3,pc,#8		@ AES_set_encrypt_key
-#else
-	adr	r3,private_AES_set_encrypt_key
-#endif
-	teq	r0,#0
-#if __ARM_ARCH__>=7
-	itt	eq			@ Thumb2 thing, sanity check in ARM
-#endif
-	moveq	r0,#-1
-	beq	.Labrt
-	teq	r2,#0
-#if __ARM_ARCH__>=7
-	itt	eq			@ Thumb2 thing, sanity check in ARM
-#endif
-	moveq	r0,#-1
-	beq	.Labrt
-
-	teq	r1,#128
-	beq	.Lok
-	teq	r1,#192
-	beq	.Lok
-	teq	r1,#256
-#if __ARM_ARCH__>=7
-	itt	ne			@ Thumb2 thing, sanity check in ARM
-#endif
-	movne	r0,#-1
-	bne	.Labrt
-
-.Lok:	stmdb   sp!,{r4-r12,lr}
-	sub	$tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024	@ Te4
-
-	mov	$rounds,r0		@ inp
-	mov	lr,r1			@ bits
-	mov	$key,r2			@ key
-
-#if __ARM_ARCH__<7
-	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
-	ldrb	$t1,[$rounds,#2]	@ manner...
-	ldrb	$t2,[$rounds,#1]
-	ldrb	$t3,[$rounds,#0]
-	orr	$s0,$s0,$t1,lsl#8
-	ldrb	$s1,[$rounds,#7]
-	orr	$s0,$s0,$t2,lsl#16
-	ldrb	$t1,[$rounds,#6]
-	orr	$s0,$s0,$t3,lsl#24
-	ldrb	$t2,[$rounds,#5]
-	ldrb	$t3,[$rounds,#4]
-	orr	$s1,$s1,$t1,lsl#8
-	ldrb	$s2,[$rounds,#11]
-	orr	$s1,$s1,$t2,lsl#16
-	ldrb	$t1,[$rounds,#10]
-	orr	$s1,$s1,$t3,lsl#24
-	ldrb	$t2,[$rounds,#9]
-	ldrb	$t3,[$rounds,#8]
-	orr	$s2,$s2,$t1,lsl#8
-	ldrb	$s3,[$rounds,#15]
-	orr	$s2,$s2,$t2,lsl#16
-	ldrb	$t1,[$rounds,#14]
-	orr	$s2,$s2,$t3,lsl#24
-	ldrb	$t2,[$rounds,#13]
-	ldrb	$t3,[$rounds,#12]
-	orr	$s3,$s3,$t1,lsl#8
-	str	$s0,[$key],#16
-	orr	$s3,$s3,$t2,lsl#16
-	str	$s1,[$key,#-12]
-	orr	$s3,$s3,$t3,lsl#24
-	str	$s2,[$key,#-8]
-	str	$s3,[$key,#-4]
-#else
-	ldr	$s0,[$rounds,#0]
-	ldr	$s1,[$rounds,#4]
-	ldr	$s2,[$rounds,#8]
-	ldr	$s3,[$rounds,#12]
-#ifdef __ARMEL__
-	rev	$s0,$s0
-	rev	$s1,$s1
-	rev	$s2,$s2
-	rev	$s3,$s3
-#endif
-	str	$s0,[$key],#16
-	str	$s1,[$key,#-12]
-	str	$s2,[$key,#-8]
-	str	$s3,[$key,#-4]
-#endif
-
-	teq	lr,#128
-	bne	.Lnot128
-	mov	$rounds,#10
-	str	$rounds,[$key,#240-16]
-	add	$t3,$tbl,#256			@ rcon
-	mov	lr,#255
-
-.L128_loop:
-	and	$t2,lr,$s3,lsr#24
-	and	$i1,lr,$s3,lsr#16
-	ldrb	$t2,[$tbl,$t2]
-	and	$i2,lr,$s3,lsr#8
-	ldrb	$i1,[$tbl,$i1]
-	and	$i3,lr,$s3
-	ldrb	$i2,[$tbl,$i2]
-	orr	$t2,$t2,$i1,lsl#24
-	ldrb	$i3,[$tbl,$i3]
-	orr	$t2,$t2,$i2,lsl#16
-	ldr	$t1,[$t3],#4			@ rcon[i++]
-	orr	$t2,$t2,$i3,lsl#8
-	eor	$t2,$t2,$t1
-	eor	$s0,$s0,$t2			@ rk[4]=rk[0]^...
-	eor	$s1,$s1,$s0			@ rk[5]=rk[1]^rk[4]
-	str	$s0,[$key],#16
-	eor	$s2,$s2,$s1			@ rk[6]=rk[2]^rk[5]
-	str	$s1,[$key,#-12]
-	eor	$s3,$s3,$s2			@ rk[7]=rk[3]^rk[6]
-	str	$s2,[$key,#-8]
-	subs	$rounds,$rounds,#1
-	str	$s3,[$key,#-4]
-	bne	.L128_loop
-	sub	r2,$key,#176
-	b	.Ldone
-
-.Lnot128:
-#if __ARM_ARCH__<7
-	ldrb	$i2,[$rounds,#19]
-	ldrb	$t1,[$rounds,#18]
-	ldrb	$t2,[$rounds,#17]
-	ldrb	$t3,[$rounds,#16]
-	orr	$i2,$i2,$t1,lsl#8
-	ldrb	$i3,[$rounds,#23]
-	orr	$i2,$i2,$t2,lsl#16
-	ldrb	$t1,[$rounds,#22]
-	orr	$i2,$i2,$t3,lsl#24
-	ldrb	$t2,[$rounds,#21]
-	ldrb	$t3,[$rounds,#20]
-	orr	$i3,$i3,$t1,lsl#8
-	orr	$i3,$i3,$t2,lsl#16
-	str	$i2,[$key],#8
-	orr	$i3,$i3,$t3,lsl#24
-	str	$i3,[$key,#-4]
-#else
-	ldr	$i2,[$rounds,#16]
-	ldr	$i3,[$rounds,#20]
-#ifdef __ARMEL__
-	rev	$i2,$i2
-	rev	$i3,$i3
-#endif
-	str	$i2,[$key],#8
-	str	$i3,[$key,#-4]
-#endif
-
-	teq	lr,#192
-	bne	.Lnot192
-	mov	$rounds,#12
-	str	$rounds,[$key,#240-24]
-	add	$t3,$tbl,#256			@ rcon
-	mov	lr,#255
-	mov	$rounds,#8
-
-.L192_loop:
-	and	$t2,lr,$i3,lsr#24
-	and	$i1,lr,$i3,lsr#16
-	ldrb	$t2,[$tbl,$t2]
-	and	$i2,lr,$i3,lsr#8
-	ldrb	$i1,[$tbl,$i1]
-	and	$i3,lr,$i3
-	ldrb	$i2,[$tbl,$i2]
-	orr	$t2,$t2,$i1,lsl#24
-	ldrb	$i3,[$tbl,$i3]
-	orr	$t2,$t2,$i2,lsl#16
-	ldr	$t1,[$t3],#4			@ rcon[i++]
-	orr	$t2,$t2,$i3,lsl#8
-	eor	$i3,$t2,$t1
-	eor	$s0,$s0,$i3			@ rk[6]=rk[0]^...
-	eor	$s1,$s1,$s0			@ rk[7]=rk[1]^rk[6]
-	str	$s0,[$key],#24
-	eor	$s2,$s2,$s1			@ rk[8]=rk[2]^rk[7]
-	str	$s1,[$key,#-20]
-	eor	$s3,$s3,$s2			@ rk[9]=rk[3]^rk[8]
-	str	$s2,[$key,#-16]
-	subs	$rounds,$rounds,#1
-	str	$s3,[$key,#-12]
-#if __ARM_ARCH__>=7
-	itt	eq				@ Thumb2 thing, sanity check in ARM
-#endif
-	subeq	r2,$key,#216
-	beq	.Ldone
-
-	ldr	$i1,[$key,#-32]
-	ldr	$i2,[$key,#-28]
-	eor	$i1,$i1,$s3			@ rk[10]=rk[4]^rk[9]
-	eor	$i3,$i2,$i1			@ rk[11]=rk[5]^rk[10]
-	str	$i1,[$key,#-8]
-	str	$i3,[$key,#-4]
-	b	.L192_loop
-
-.Lnot192:
-#if __ARM_ARCH__<7
-	ldrb	$i2,[$rounds,#27]
-	ldrb	$t1,[$rounds,#26]
-	ldrb	$t2,[$rounds,#25]
-	ldrb	$t3,[$rounds,#24]
-	orr	$i2,$i2,$t1,lsl#8
-	ldrb	$i3,[$rounds,#31]
-	orr	$i2,$i2,$t2,lsl#16
-	ldrb	$t1,[$rounds,#30]
-	orr	$i2,$i2,$t3,lsl#24
-	ldrb	$t2,[$rounds,#29]
-	ldrb	$t3,[$rounds,#28]
-	orr	$i3,$i3,$t1,lsl#8
-	orr	$i3,$i3,$t2,lsl#16
-	str	$i2,[$key],#8
-	orr	$i3,$i3,$t3,lsl#24
-	str	$i3,[$key,#-4]
-#else
-	ldr	$i2,[$rounds,#24]
-	ldr	$i3,[$rounds,#28]
-#ifdef __ARMEL__
-	rev	$i2,$i2
-	rev	$i3,$i3
-#endif
-	str	$i2,[$key],#8
-	str	$i3,[$key,#-4]
-#endif
-
-	mov	$rounds,#14
-	str	$rounds,[$key,#240-32]
-	add	$t3,$tbl,#256			@ rcon
-	mov	lr,#255
-	mov	$rounds,#7
-
-.L256_loop:
-	and	$t2,lr,$i3,lsr#24
-	and	$i1,lr,$i3,lsr#16
-	ldrb	$t2,[$tbl,$t2]
-	and	$i2,lr,$i3,lsr#8
-	ldrb	$i1,[$tbl,$i1]
-	and	$i3,lr,$i3
-	ldrb	$i2,[$tbl,$i2]
-	orr	$t2,$t2,$i1,lsl#24
-	ldrb	$i3,[$tbl,$i3]
-	orr	$t2,$t2,$i2,lsl#16
-	ldr	$t1,[$t3],#4			@ rcon[i++]
-	orr	$t2,$t2,$i3,lsl#8
-	eor	$i3,$t2,$t1
-	eor	$s0,$s0,$i3			@ rk[8]=rk[0]^...
-	eor	$s1,$s1,$s0			@ rk[9]=rk[1]^rk[8]
-	str	$s0,[$key],#32
-	eor	$s2,$s2,$s1			@ rk[10]=rk[2]^rk[9]
-	str	$s1,[$key,#-28]
-	eor	$s3,$s3,$s2			@ rk[11]=rk[3]^rk[10]
-	str	$s2,[$key,#-24]
-	subs	$rounds,$rounds,#1
-	str	$s3,[$key,#-20]
-#if __ARM_ARCH__>=7
-	itt	eq				@ Thumb2 thing, sanity check in ARM
-#endif
-	subeq	r2,$key,#256
-	beq	.Ldone
-
-	and	$t2,lr,$s3
-	and	$i1,lr,$s3,lsr#8
-	ldrb	$t2,[$tbl,$t2]
-	and	$i2,lr,$s3,lsr#16
-	ldrb	$i1,[$tbl,$i1]
-	and	$i3,lr,$s3,lsr#24
-	ldrb	$i2,[$tbl,$i2]
-	orr	$t2,$t2,$i1,lsl#8
-	ldrb	$i3,[$tbl,$i3]
-	orr	$t2,$t2,$i2,lsl#16
-	ldr	$t1,[$key,#-48]
-	orr	$t2,$t2,$i3,lsl#24
-
-	ldr	$i1,[$key,#-44]
-	ldr	$i2,[$key,#-40]
-	eor	$t1,$t1,$t2			@ rk[12]=rk[4]^...
-	ldr	$i3,[$key,#-36]
-	eor	$i1,$i1,$t1			@ rk[13]=rk[5]^rk[12]
-	str	$t1,[$key,#-16]
-	eor	$i2,$i2,$i1			@ rk[14]=rk[6]^rk[13]
-	str	$i1,[$key,#-12]
-	eor	$i3,$i3,$i2			@ rk[15]=rk[7]^rk[14]
-	str	$i2,[$key,#-8]
-	str	$i3,[$key,#-4]
-	b	.L256_loop
-
-.align	2
-.Ldone:	mov	r0,#0
-	ldmia   sp!,{r4-r12,lr}
-.Labrt:
-#if __ARM_ARCH__>=5
-	ret				@ bx lr
-#else
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	bx	lr			@ interoperable with Thumb ISA:-)
-#endif
-.size	private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
-
-.global private_AES_set_decrypt_key
-.type   private_AES_set_decrypt_key,%function
-.align	5
-private_AES_set_decrypt_key:
-	str	lr,[sp,#-4]!            @ push lr
-	bl	_armv4_AES_set_encrypt_key
-	teq	r0,#0
-	ldr	lr,[sp],#4              @ pop lr
-	bne	.Labrt
-
-	mov	r0,r2			@ AES_set_encrypt_key preserves r2,
-	mov	r1,r2			@ which is AES_KEY *key
-	b	_armv4_AES_set_enc2dec_key
-.size	private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
-
-@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
-.global	AES_set_enc2dec_key
-.type	AES_set_enc2dec_key,%function
-.align	5
-AES_set_enc2dec_key:
-_armv4_AES_set_enc2dec_key:
-	stmdb   sp!,{r4-r12,lr}
-
-	ldr	$rounds,[r0,#240]
-	mov	$i1,r0			@ input
-	add	$i2,r0,$rounds,lsl#4
-	mov	$key,r1			@ ouput
-	add	$tbl,r1,$rounds,lsl#4
-	str	$rounds,[r1,#240]
-
-.Linv:	ldr	$s0,[$i1],#16
-	ldr	$s1,[$i1,#-12]
-	ldr	$s2,[$i1,#-8]
-	ldr	$s3,[$i1,#-4]
-	ldr	$t1,[$i2],#-16
-	ldr	$t2,[$i2,#16+4]
-	ldr	$t3,[$i2,#16+8]
-	ldr	$i3,[$i2,#16+12]
-	str	$s0,[$tbl],#-16
-	str	$s1,[$tbl,#16+4]
-	str	$s2,[$tbl,#16+8]
-	str	$s3,[$tbl,#16+12]
-	str	$t1,[$key],#16
-	str	$t2,[$key,#-12]
-	str	$t3,[$key,#-8]
-	str	$i3,[$key,#-4]
-	teq	$i1,$i2
-	bne	.Linv
-
-	ldr	$s0,[$i1]
-	ldr	$s1,[$i1,#4]
-	ldr	$s2,[$i1,#8]
-	ldr	$s3,[$i1,#12]
-	str	$s0,[$key]
-	str	$s1,[$key,#4]
-	str	$s2,[$key,#8]
-	str	$s3,[$key,#12]
-	sub	$key,$key,$rounds,lsl#3
-___
-$mask80=$i1;
-$mask1b=$i2;
-$mask7f=$i3;
-$code.=<<___;
-	ldr	$s0,[$key,#16]!		@ prefetch tp1
-	mov	$mask80,#0x80
-	mov	$mask1b,#0x1b
-	orr	$mask80,$mask80,#0x8000
-	orr	$mask1b,$mask1b,#0x1b00
-	orr	$mask80,$mask80,$mask80,lsl#16
-	orr	$mask1b,$mask1b,$mask1b,lsl#16
-	sub	$rounds,$rounds,#1
-	mvn	$mask7f,$mask80
-	mov	$rounds,$rounds,lsl#2	@ (rounds-1)*4
-
-.Lmix:	and	$t1,$s0,$mask80
-	and	$s1,$s0,$mask7f
-	sub	$t1,$t1,$t1,lsr#7
-	and	$t1,$t1,$mask1b
-	eor	$s1,$t1,$s1,lsl#1	@ tp2
-
-	and	$t1,$s1,$mask80
-	and	$s2,$s1,$mask7f
-	sub	$t1,$t1,$t1,lsr#7
-	and	$t1,$t1,$mask1b
-	eor	$s2,$t1,$s2,lsl#1	@ tp4
-
-	and	$t1,$s2,$mask80
-	and	$s3,$s2,$mask7f
-	sub	$t1,$t1,$t1,lsr#7
-	and	$t1,$t1,$mask1b
-	eor	$s3,$t1,$s3,lsl#1	@ tp8
-
-	eor	$t1,$s1,$s2
-	eor	$t2,$s0,$s3		@ tp9
-	eor	$t1,$t1,$s3		@ tpe
-	eor	$t1,$t1,$s1,ror#24
-	eor	$t1,$t1,$t2,ror#24	@ ^= ROTATE(tpb=tp9^tp2,8)
-	eor	$t1,$t1,$s2,ror#16
-	eor	$t1,$t1,$t2,ror#16	@ ^= ROTATE(tpd=tp9^tp4,16)
-	eor	$t1,$t1,$t2,ror#8	@ ^= ROTATE(tp9,24)
-
-	ldr	$s0,[$key,#4]		@ prefetch tp1
-	str	$t1,[$key],#4
-	subs	$rounds,$rounds,#1
-	bne	.Lmix
-
-	mov	r0,#0
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r12,pc}
-#else
-	ldmia   sp!,{r4-r12,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	bx	lr			@ interoperable with Thumb ISA:-)
-#endif
-.size	AES_set_enc2dec_key,.-AES_set_enc2dec_key
-
-.type	AES_Td,%object
-.align	5
-AES_Td:
-.word	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
-.word	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
-.word	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
-.word	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
-.word	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
-.word	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
-.word	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
-.word	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
-.word	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
-.word	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
-.word	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
-.word	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
-.word	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
-.word	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
-.word	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
-.word	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
-.word	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
-.word	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
-.word	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
-.word	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
-.word	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
-.word	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
-.word	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
-.word	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
-.word	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
-.word	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
-.word	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
-.word	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
-.word	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
-.word	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
-.word	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
-.word	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
-.word	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
-.word	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
-.word	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
-.word	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
-.word	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
-.word	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
-.word	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
-.word	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
-.word	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
-.word	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
-.word	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
-.word	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
-.word	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
-.word	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
-.word	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
-.word	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
-.word	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
-.word	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
-.word	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
-.word	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
-.word	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
-.word	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
-.word	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
-.word	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
-.word	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
-.word	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
-.word	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
-.word	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
-.word	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
-.word	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
-.word	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
-.word	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
-@ Td4[256]
-.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
-.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
-.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
-.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
-.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
-.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
-.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
-.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
-.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
-.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
-.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
-.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
-.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
-.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
-.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
-.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
-.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
-.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
-.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
-.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
-.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
-.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
-.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
-.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
-.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
-.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
-.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
-.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
-.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
-.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
-.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
-.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-.size	AES_Td,.-AES_Td
-
-@ void AES_decrypt(const unsigned char *in, unsigned char *out,
-@ 		 const AES_KEY *key) {
-.global AES_decrypt
-.type   AES_decrypt,%function
-.align	5
-AES_decrypt:
-#if __ARM_ARCH__<7
-	sub	r3,pc,#8		@ AES_decrypt
-#else
-	adr	r3,AES_decrypt
-#endif
-	stmdb   sp!,{r1,r4-r12,lr}
-	mov	$rounds,r0		@ inp
-	mov	$key,r2
-	sub	$tbl,r3,#AES_decrypt-AES_Td		@ Td
-#if __ARM_ARCH__<7
-	ldrb	$s0,[$rounds,#3]	@ load input data in endian-neutral
-	ldrb	$t1,[$rounds,#2]	@ manner...
-	ldrb	$t2,[$rounds,#1]
-	ldrb	$t3,[$rounds,#0]
-	orr	$s0,$s0,$t1,lsl#8
-	ldrb	$s1,[$rounds,#7]
-	orr	$s0,$s0,$t2,lsl#16
-	ldrb	$t1,[$rounds,#6]
-	orr	$s0,$s0,$t3,lsl#24
-	ldrb	$t2,[$rounds,#5]
-	ldrb	$t3,[$rounds,#4]
-	orr	$s1,$s1,$t1,lsl#8
-	ldrb	$s2,[$rounds,#11]
-	orr	$s1,$s1,$t2,lsl#16
-	ldrb	$t1,[$rounds,#10]
-	orr	$s1,$s1,$t3,lsl#24
-	ldrb	$t2,[$rounds,#9]
-	ldrb	$t3,[$rounds,#8]
-	orr	$s2,$s2,$t1,lsl#8
-	ldrb	$s3,[$rounds,#15]
-	orr	$s2,$s2,$t2,lsl#16
-	ldrb	$t1,[$rounds,#14]
-	orr	$s2,$s2,$t3,lsl#24
-	ldrb	$t2,[$rounds,#13]
-	ldrb	$t3,[$rounds,#12]
-	orr	$s3,$s3,$t1,lsl#8
-	orr	$s3,$s3,$t2,lsl#16
-	orr	$s3,$s3,$t3,lsl#24
-#else
-	ldr	$s0,[$rounds,#0]
-	ldr	$s1,[$rounds,#4]
-	ldr	$s2,[$rounds,#8]
-	ldr	$s3,[$rounds,#12]
-#ifdef __ARMEL__
-	rev	$s0,$s0
-	rev	$s1,$s1
-	rev	$s2,$s2
-	rev	$s3,$s3
-#endif
-#endif
-	bl	_armv4_AES_decrypt
-
-	ldr	$rounds,[sp],#4		@ pop out
-#if __ARM_ARCH__>=7
-#ifdef __ARMEL__
-	rev	$s0,$s0
-	rev	$s1,$s1
-	rev	$s2,$s2
-	rev	$s3,$s3
-#endif
-	str	$s0,[$rounds,#0]
-	str	$s1,[$rounds,#4]
-	str	$s2,[$rounds,#8]
-	str	$s3,[$rounds,#12]
-#else
-	mov	$t1,$s0,lsr#24		@ write output in endian-neutral
-	mov	$t2,$s0,lsr#16		@ manner...
-	mov	$t3,$s0,lsr#8
-	strb	$t1,[$rounds,#0]
-	strb	$t2,[$rounds,#1]
-	mov	$t1,$s1,lsr#24
-	strb	$t3,[$rounds,#2]
-	mov	$t2,$s1,lsr#16
-	strb	$s0,[$rounds,#3]
-	mov	$t3,$s1,lsr#8
-	strb	$t1,[$rounds,#4]
-	strb	$t2,[$rounds,#5]
-	mov	$t1,$s2,lsr#24
-	strb	$t3,[$rounds,#6]
-	mov	$t2,$s2,lsr#16
-	strb	$s1,[$rounds,#7]
-	mov	$t3,$s2,lsr#8
-	strb	$t1,[$rounds,#8]
-	strb	$t2,[$rounds,#9]
-	mov	$t1,$s3,lsr#24
-	strb	$t3,[$rounds,#10]
-	mov	$t2,$s3,lsr#16
-	strb	$s2,[$rounds,#11]
-	mov	$t3,$s3,lsr#8
-	strb	$t1,[$rounds,#12]
-	strb	$t2,[$rounds,#13]
-	strb	$t3,[$rounds,#14]
-	strb	$s3,[$rounds,#15]
-#endif
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r12,pc}
-#else
-	ldmia   sp!,{r4-r12,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	bx	lr			@ interoperable with Thumb ISA:-)
-#endif
-.size	AES_decrypt,.-AES_decrypt
-
-.type   _armv4_AES_decrypt,%function
-.align	2
-_armv4_AES_decrypt:
-	str	lr,[sp,#-4]!		@ push lr
-	ldmia	$key!,{$t1-$i1}
-	eor	$s0,$s0,$t1
-	ldr	$rounds,[$key,#240-16]
-	eor	$s1,$s1,$t2
-	eor	$s2,$s2,$t3
-	eor	$s3,$s3,$i1
-	sub	$rounds,$rounds,#1
-	mov	lr,#255
-
-	and	$i1,lr,$s0,lsr#16
-	and	$i2,lr,$s0,lsr#8
-	and	$i3,lr,$s0
-	mov	$s0,$s0,lsr#24
-.Ldec_loop:
-	ldr	$t1,[$tbl,$i1,lsl#2]	@ Td1[s0>>16]
-	and	$i1,lr,$s1		@ i0
-	ldr	$t2,[$tbl,$i2,lsl#2]	@ Td2[s0>>8]
-	and	$i2,lr,$s1,lsr#16
-	ldr	$t3,[$tbl,$i3,lsl#2]	@ Td3[s0>>0]
-	and	$i3,lr,$s1,lsr#8
-	ldr	$s0,[$tbl,$s0,lsl#2]	@ Td0[s0>>24]
-	mov	$s1,$s1,lsr#24
-
-	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td3[s1>>0]
-	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td1[s1>>16]
-	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td2[s1>>8]
-	eor	$s0,$s0,$i1,ror#24
-	ldr	$s1,[$tbl,$s1,lsl#2]	@ Td0[s1>>24]
-	and	$i1,lr,$s2,lsr#8	@ i0
-	eor	$t2,$i2,$t2,ror#8
-	and	$i2,lr,$s2		@ i1
-	eor	$t3,$i3,$t3,ror#8
-	and	$i3,lr,$s2,lsr#16
-	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td2[s2>>8]
-	eor	$s1,$s1,$t1,ror#8
-	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td3[s2>>0]
-	mov	$s2,$s2,lsr#24
-
-	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td1[s2>>16]
-	eor	$s0,$s0,$i1,ror#16
-	ldr	$s2,[$tbl,$s2,lsl#2]	@ Td0[s2>>24]
-	and	$i1,lr,$s3,lsr#16	@ i0
-	eor	$s1,$s1,$i2,ror#24
-	and	$i2,lr,$s3,lsr#8	@ i1
-	eor	$t3,$i3,$t3,ror#8
-	and	$i3,lr,$s3		@ i2
-	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td1[s3>>16]
-	eor	$s2,$s2,$t2,ror#8
-	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td2[s3>>8]
-	mov	$s3,$s3,lsr#24
-
-	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td3[s3>>0]
-	eor	$s0,$s0,$i1,ror#8
-	ldr	$i1,[$key],#16
-	eor	$s1,$s1,$i2,ror#16
-	ldr	$s3,[$tbl,$s3,lsl#2]	@ Td0[s3>>24]
-	eor	$s2,$s2,$i3,ror#24
-
-	ldr	$t1,[$key,#-12]
-	eor	$s0,$s0,$i1
-	ldr	$t2,[$key,#-8]
-	eor	$s3,$s3,$t3,ror#8
-	ldr	$t3,[$key,#-4]
-	and	$i1,lr,$s0,lsr#16
-	eor	$s1,$s1,$t1
-	and	$i2,lr,$s0,lsr#8
-	eor	$s2,$s2,$t2
-	and	$i3,lr,$s0
-	eor	$s3,$s3,$t3
-	mov	$s0,$s0,lsr#24
-
-	subs	$rounds,$rounds,#1
-	bne	.Ldec_loop
-
-	add	$tbl,$tbl,#1024
-
-	ldr	$t2,[$tbl,#0]		@ prefetch Td4
-	ldr	$t3,[$tbl,#32]
-	ldr	$t1,[$tbl,#64]
-	ldr	$t2,[$tbl,#96]
-	ldr	$t3,[$tbl,#128]
-	ldr	$t1,[$tbl,#160]
-	ldr	$t2,[$tbl,#192]
-	ldr	$t3,[$tbl,#224]
-
-	ldrb	$s0,[$tbl,$s0]		@ Td4[s0>>24]
-	ldrb	$t1,[$tbl,$i1]		@ Td4[s0>>16]
-	and	$i1,lr,$s1		@ i0
-	ldrb	$t2,[$tbl,$i2]		@ Td4[s0>>8]
-	and	$i2,lr,$s1,lsr#16
-	ldrb	$t3,[$tbl,$i3]		@ Td4[s0>>0]
-	and	$i3,lr,$s1,lsr#8
-
-	add	$s1,$tbl,$s1,lsr#24
-	ldrb	$i1,[$tbl,$i1]		@ Td4[s1>>0]
-	ldrb	$s1,[$s1]		@ Td4[s1>>24]
-	ldrb	$i2,[$tbl,$i2]		@ Td4[s1>>16]
-	eor	$s0,$i1,$s0,lsl#24
-	ldrb	$i3,[$tbl,$i3]		@ Td4[s1>>8]
-	eor	$s1,$t1,$s1,lsl#8
-	and	$i1,lr,$s2,lsr#8	@ i0
-	eor	$t2,$t2,$i2,lsl#8
-	and	$i2,lr,$s2		@ i1
-	ldrb	$i1,[$tbl,$i1]		@ Td4[s2>>8]
-	eor	$t3,$t3,$i3,lsl#8
-	ldrb	$i2,[$tbl,$i2]		@ Td4[s2>>0]
-	and	$i3,lr,$s2,lsr#16
-
-	add	$s2,$tbl,$s2,lsr#24
-	ldrb	$s2,[$s2]		@ Td4[s2>>24]
-	eor	$s0,$s0,$i1,lsl#8
-	ldrb	$i3,[$tbl,$i3]		@ Td4[s2>>16]
-	eor	$s1,$i2,$s1,lsl#16
-	and	$i1,lr,$s3,lsr#16	@ i0
-	eor	$s2,$t2,$s2,lsl#16
-	and	$i2,lr,$s3,lsr#8	@ i1
-	ldrb	$i1,[$tbl,$i1]		@ Td4[s3>>16]
-	eor	$t3,$t3,$i3,lsl#16
-	ldrb	$i2,[$tbl,$i2]		@ Td4[s3>>8]
-	and	$i3,lr,$s3		@ i2
-
-	add	$s3,$tbl,$s3,lsr#24
-	ldrb	$i3,[$tbl,$i3]		@ Td4[s3>>0]
-	ldrb	$s3,[$s3]		@ Td4[s3>>24]
-	eor	$s0,$s0,$i1,lsl#16
-	ldr	$i1,[$key,#0]
-	eor	$s1,$s1,$i2,lsl#8
-	ldr	$t1,[$key,#4]
-	eor	$s2,$i3,$s2,lsl#8
-	ldr	$t2,[$key,#8]
-	eor	$s3,$t3,$s3,lsl#24
-	ldr	$t3,[$key,#12]
-
-	eor	$s0,$s0,$i1
-	eor	$s1,$s1,$t1
-	eor	$s2,$s2,$t2
-	eor	$s3,$s3,$t3
-
-	sub	$tbl,$tbl,#1024
-	ldr	pc,[sp],#4		@ pop and return
-.size	_armv4_AES_decrypt,.-_armv4_AES_decrypt
-.asciz	"AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
-.align	2
-___
-
-$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
-$code =~ s/\bret\b/bx\tlr/gm;
-
-open SELF,$0;
-while(<SELF>) {
-	next if (/^#!/);
-	last if (!s/^#/@/ and !/^$/);
-	print;
-}
-close SELF;
-
-print $code;
-close STDOUT;	# enforce flush
diff --git a/crypto/aes/asm/aes-ia64.S b/crypto/aes/asm/aes-ia64.S
deleted file mode 100644
index 7f6c4c3662..0000000000
--- a/crypto/aes/asm/aes-ia64.S
+++ /dev/null
@@ -1,1123 +0,0 @@
-// ====================================================================
-// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-// project. Rights for redistribution and usage in source and binary
-// forms are granted according to the OpenSSL license.
-// ====================================================================
-//
-// What's wrong with compiler generated code? Compiler never uses
-// variable 'shr' which is pairable with 'extr'/'dep' instructions.
-// Then it uses 'zxt' which is an I-type, but can be replaced with
-// 'and' which in turn can be assigned to M-port [there're double as
-// much M-ports as there're I-ports on Itanium 2]. By sacrificing few
-// registers for small constants (255, 24 and 16) to be used with
-// 'shr' and 'and' instructions I can achieve better ILP, Intruction
-// Level Parallelism, and performance. This code outperforms GCC 3.3
-// generated code by over factor of 2 (two), GCC 3.4 - by 70% and
-// HP C - by 40%. Measured best-case scenario, i.e. aligned
-// big-endian input, ECB timing on Itanium 2 is (18 + 13*rounds)
-// ticks per block, or 9.25 CPU cycles per byte for 128 bit key.
-
-// Version 1.2 mitigates the hazard of cache-timing attacks by
-// a) compressing S-boxes from 8KB to 2KB+256B, b) scheduling
-// references to S-boxes for L2 cache latency, c) prefetching T[ed]4
-// prior last round. As result performance dropped to (26 + 15*rounds)
-// ticks per block or 11 cycles per byte processed with 128-bit key.
-// This is ~16% deterioration. For reference Itanium 2 L1 cache has
-// 64 bytes line size and L2 - 128 bytes...
-
-.ident	"aes-ia64.S, version 1.2"
-.ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-.explicit
-.text
-
-rk0=r8;     rk1=r9;
-
-pfssave=r2;
-lcsave=r10;
-prsave=r3;
-maskff=r11;
-twenty4=r14;
-sixteen=r15;
-
-te00=r16;   te11=r17;   te22=r18;   te33=r19;
-te01=r20;   te12=r21;   te23=r22;   te30=r23;
-te02=r24;   te13=r25;   te20=r26;   te31=r27;
-te03=r28;   te10=r29;   te21=r30;   te32=r31;
-
-// these are rotating...
-t0=r32;     s0=r33;
-t1=r34;     s1=r35;
-t2=r36;     s2=r37;
-t3=r38;     s3=r39;
-
-te0=r40;    te1=r41;    te2=r42;    te3=r43;
-
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-# define ADDP	addp4
-#else
-# define ADDP	add
-#endif
-
-// Offsets from Te0
-#define TE0	0
-#define TE2	2
-#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
-#define TE1	3
-#define TE3	1
-#else
-#define TE1	1
-#define TE3	3
-#endif
-
-// This implies that AES_KEY comprises 32-bit key schedule elements
-// even on LP64 platforms.
-#ifndef	KSZ
-# define KSZ	4
-# define LDKEY	ld4
-#endif
-
-.proc	_ia64_AES_encrypt#
-// Input:	rk0-rk1
-//		te0
-//		te3	as AES_KEY->rounds!!!
-//		s0-s3
-//		maskff,twenty4,sixteen
-// Output:	r16,r20,r24,r28 as s0-s3
-// Clobber:	r16-r31,rk0-rk1,r32-r43
-.align	32
-_ia64_AES_encrypt:
-	.prologue
-	.altrp	b6
-	.body
-{ .mmi;	alloc	r16=ar.pfs,12,0,0,8
-	LDKEY	t0=[rk0],2*KSZ
-	mov	pr.rot=1<<16	}
-{ .mmi;	LDKEY	t1=[rk1],2*KSZ
-	add	te1=TE1,te0
-	add	te3=-3,te3	};;
-{ .mib;	LDKEY	t2=[rk0],2*KSZ
-	mov	ar.ec=2		}
-{ .mib;	LDKEY	t3=[rk1],2*KSZ
-	add	te2=TE2,te0
-	brp.loop.imp	.Le_top,.Le_end-16	};;
-
-{ .mmi;	xor	s0=s0,t0
-	xor	s1=s1,t1
-	mov	ar.lc=te3	}
-{ .mmi;	xor	s2=s2,t2
-	xor	s3=s3,t3
-	add	te3=TE3,te0	};;
-
-.align	32
-.Le_top:
-{ .mmi;	(p0)	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
-	(p0)	and	te33=s3,maskff		// 0/0:s3&0xff
-	(p0)	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
-{ .mmi; (p0)	LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
-	(p0)	and	te30=s0,maskff		// 0/1:s0&0xff
-	(p0)	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
-{ .mmi;	(p0)	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
-	(p0)	shladd	te33=te33,3,te3		// 1/0:te0+s0>>24
-	(p0)	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
-{ .mmi;	(p0)	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
-	(p0)	shladd	te30=te30,3,te3		// 1/1:te3+s0
-	(p0)	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
-{ .mmi;	(p0)	ld4	te33=[te33]		// 2/0:te3[s3&0xff]
-	(p0)	shladd	te22=te22,3,te2		// 2/0:te2+s2>>8&0xff
-	(p0)	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
-{ .mmi;	(p0)	ld4	te30=[te30]		// 2/1:te3[s0]
-	(p0)	shladd	te23=te23,3,te2		// 2/1:te2+s3>>8
-	(p0)	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
-{ .mmi;	(p0)	ld4	te22=[te22]		// 3/0:te2[s2>>8]
-	(p0)	shladd	te20=te20,3,te2		// 3/2:te2+s0>>8
-	(p0)	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
-{ .mmi;	(p0)	ld4	te23=[te23]		// 3/1:te2[s3>>8]
-	(p0)	shladd	te00=te00,3,te0		// 3/0:te0+s0>>24
-	(p0)	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
-{ .mmi;	(p0)	ld4	te20=[te20]		// 4/2:te2[s0>>8]
-	(p0)	shladd	te21=te21,3,te2		// 4/3:te3+s2
-	(p0)	extr.u	te11=s1,16,8	}	// 4/0:s1>>16&0xff
-{ .mmi;	(p0)	ld4	te00=[te00]		// 4/0:te0[s0>>24]
-	(p0)	shladd	te01=te01,3,te0		// 4/1:te0+s1>>24
-	(p0)	shr.u	te13=s3,sixteen	};;	// 4/2:s3>>16
-{ .mmi;	(p0)	ld4	te21=[te21]		// 5/3:te2[s1>>8]
-	(p0)	shladd	te11=te11,3,te1		// 5/0:te1+s1>>16
-	(p0)	extr.u	te12=s2,16,8	}	// 5/1:s2>>16&0xff
-{ .mmi;	(p0)	ld4	te01=[te01]		// 5/1:te0[s1>>24]
-	(p0)	shladd	te02=te02,3,te0		// 5/2:te0+s2>>24
-	(p0)	and	te31=s1,maskff	};;	// 5/2:s1&0xff
-{ .mmi;	(p0)	ld4	te11=[te11]		// 6/0:te1[s1>>16]
-	(p0)	shladd	te12=te12,3,te1		// 6/1:te1+s2>>16
-	(p0)	extr.u	te10=s0,16,8	}	// 6/3:s0>>16&0xff
-{ .mmi;	(p0)	ld4	te02=[te02]		// 6/2:te0[s2>>24]
-	(p0)	shladd	te03=te03,3,te0		// 6/3:te1+s0>>16
-	(p0)	and	te32=s2,maskff	};;	// 6/3:s2&0xff
-
-{ .mmi;	(p0)	ld4	te12=[te12]		// 7/1:te1[s2>>16]
-	(p0)	shladd	te31=te31,3,te3		// 7/2:te3+s1&0xff
-	(p0)	and	te13=te13,maskff}	// 7/2:s3>>16&0xff
-{ .mmi;	(p0)	ld4	te03=[te03]		// 7/3:te0[s3>>24]
-	(p0)	shladd	te32=te32,3,te3		// 7/3:te3+s2
-	(p0)	xor	t0=t0,te33	};;	// 7/0:
-{ .mmi;	(p0)	ld4	te31=[te31]		// 8/2:te3[s1]
-	(p0)	shladd	te13=te13,3,te1		// 8/2:te1+s3>>16
-	(p0)	xor	t0=t0,te22	}	// 8/0:
-{ .mmi;	(p0)	ld4	te32=[te32]		// 8/3:te3[s2]
-	(p0)	shladd	te10=te10,3,te1		// 8/3:te1+s0>>16
-	(p0)	xor	t1=t1,te30	};;	// 8/1:
-{ .mmi;	(p0)	ld4	te13=[te13]		// 9/2:te1[s3>>16]
-	(p0)	ld4	te10=[te10]		// 9/3:te1[s0>>16]
-	(p0)	xor	t0=t0,te00	};;	// 9/0:		!L2 scheduling
-{ .mmi;	(p0)	xor	t1=t1,te23		// 10[9]/1:	
-	(p0)	xor	t2=t2,te20		// 10[9]/2:
-	(p0)	xor	t3=t3,te21	};;	// 10[9]/3:
-{ .mmi;	(p0)	xor	t0=t0,te11		// 11[10]/0:done!
-	(p0)	xor	t1=t1,te01		// 11[10]/1:
-	(p0)	xor	t2=t2,te02	};;	// 11[10]/2:	!L2 scheduling
-{ .mmi;	(p0)	xor	t3=t3,te03		// 12[10]/3:
-	(p16)	cmp.eq	p0,p17=r0,r0 	};;	// 12[10]/clear (p17)
-{ .mmi;	(p0)	xor	t1=t1,te12		// 13[11]/1:done!
-	(p0)	xor	t2=t2,te31		// 13[11]/2:
-	(p0)	xor	t3=t3,te32	}	// 13[11]/3:
-{ .mmi;	(p17)	add	te0=2048,te0		// 13[11]/
-	(p17)	add	te1=2048+64-TE1,te1};;	// 13[11]/
-{ .mib;	(p0)	xor	t2=t2,te13		// 14[12]/2:done!
-	(p17)	add	te2=2048+128-TE2,te2}	// 14[12]/
-{ .mib;	(p0)	xor	t3=t3,te10		// 14[12]/3:done!
-	(p17)	add	te3=2048+192-TE3,te3	// 14[12]/
-	br.ctop.sptk	.Le_top		};;
-.Le_end:
-
-
-{ .mmi;	ld8	te12=[te0]		// prefetch Te4
-	ld8	te31=[te1]	}
-{ .mmi;	ld8	te10=[te2]
-	ld8	te32=[te3]	}
-
-{ .mmi;	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
-	and	te33=s3,maskff		// 0/0:s3&0xff
-	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
-{ .mmi; LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
-	and	te30=s0,maskff		// 0/1:s0&0xff
-	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
-{ .mmi;	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
-	add	te33=te33,te0		// 1/0:te0+s0>>24
-	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
-{ .mmi;	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
-	add	te30=te30,te0		// 1/1:te0+s0
-	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
-{ .mmi;	ld1	te33=[te33]		// 2/0:te0[s3&0xff]
-	add	te22=te22,te0		// 2/0:te0+s2>>8&0xff
-	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
-{ .mmi;	ld1	te30=[te30]		// 2/1:te0[s0]
-	add	te23=te23,te0		// 2/1:te0+s3>>8
-	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
-{ .mmi;	ld1	te22=[te22]		// 3/0:te0[s2>>8]
-	add	te20=te20,te0		// 3/2:te0+s0>>8
-	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
-{ .mmi;	ld1	te23=[te23]		// 3/1:te0[s3>>8]
-	add	te00=te00,te0		// 3/0:te0+s0>>24
-	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
-{ .mmi;	ld1	te20=[te20]		// 4/2:te0[s0>>8]
-	add	te21=te21,te0		// 4/3:te0+s2
-	extr.u	te11=s1,16,8	}	// 4/0:s1>>16&0xff
-{ .mmi;	ld1	te00=[te00]		// 4/0:te0[s0>>24]
-	add	te01=te01,te0		// 4/1:te0+s1>>24
-	shr.u	te13=s3,sixteen	};;	// 4/2:s3>>16
-{ .mmi;	ld1	te21=[te21]		// 5/3:te0[s1>>8]
-	add	te11=te11,te0		// 5/0:te0+s1>>16
-	extr.u	te12=s2,16,8	}	// 5/1:s2>>16&0xff
-{ .mmi;	ld1	te01=[te01]		// 5/1:te0[s1>>24]
-	add	te02=te02,te0		// 5/2:te0+s2>>24
-	and	te31=s1,maskff	};;	// 5/2:s1&0xff
-{ .mmi;	ld1	te11=[te11]		// 6/0:te0[s1>>16]
-	add	te12=te12,te0		// 6/1:te0+s2>>16
-	extr.u	te10=s0,16,8	}	// 6/3:s0>>16&0xff
-{ .mmi;	ld1	te02=[te02]		// 6/2:te0[s2>>24]
-	add	te03=te03,te0		// 6/3:te0+s0>>16
-	and	te32=s2,maskff	};;	// 6/3:s2&0xff
-
-{ .mmi;	ld1	te12=[te12]		// 7/1:te0[s2>>16]
-	add	te31=te31,te0		// 7/2:te0+s1&0xff
-	dep	te33=te22,te33,8,8}	// 7/0:
-{ .mmi;	ld1	te03=[te03]		// 7/3:te0[s3>>24]
-	add	te32=te32,te0		// 7/3:te0+s2
-	and	te13=te13,maskff};;	// 7/2:s3>>16&0xff
-{ .mmi;	ld1	te31=[te31]		// 8/2:te0[s1]
-	add	te13=te13,te0		// 8/2:te0+s3>>16
-	dep	te30=te23,te30,8,8}	// 8/1:
-{ .mmi;	ld1	te32=[te32]		// 8/3:te0[s2]
-	add	te10=te10,te0		// 8/3:te0+s0>>16
-	shl	te00=te00,twenty4};;	// 8/0:
-{ .mii;	ld1	te13=[te13]		// 9/2:te0[s3>>16]
-	dep	te33=te11,te33,16,8	// 9/0:
-	shl	te01=te01,twenty4};;	// 9/1:
-{ .mii;	ld1	te10=[te10]		// 10/3:te0[s0>>16]
-	dep	te31=te20,te31,8,8	// 10/2:
-	shl	te02=te02,twenty4};;	// 10/2:
-{ .mii;	xor	t0=t0,te33		// 11/0:
-	dep	te32=te21,te32,8,8	// 11/3:
-	shl	te12=te12,sixteen};;	// 11/1:
-{ .mii;	xor	r16=t0,te00		// 12/0:done!
-	dep	te31=te13,te31,16,8	// 12/2:
-	shl	te03=te03,twenty4};;	// 12/3:
-{ .mmi;	xor	t1=t1,te01		// 13/1:
-	xor	t2=t2,te02		// 13/2:
-	dep	te32=te10,te32,16,8};;	// 13/3:
-{ .mmi;	xor	t1=t1,te30		// 14/1:
-	xor	r24=t2,te31		// 14/2:done!
-	xor	t3=t3,te32	};;	// 14/3:
-{ .mib;	xor	r20=t1,te12		// 15/1:done!
-	xor	r28=t3,te03		// 15/3:done!
-	br.ret.sptk	b6	};;
-.endp	_ia64_AES_encrypt#
-
-// void AES_encrypt (const void *in,void *out,const AES_KEY *key);
-.global	AES_encrypt#
-.proc	AES_encrypt#
-.align	32
-AES_encrypt:
-	.prologue
-	.save	ar.pfs,pfssave
-{ .mmi;	alloc	pfssave=ar.pfs,3,1,12,0
-	and	out0=3,in0
-	mov	r3=ip			}
-{ .mmi;	ADDP	in0=0,in0
-	mov	loc0=psr.um
-	ADDP	out11=KSZ*60,in2	};;	// &AES_KEY->rounds
-
-{ .mmi;	ld4	out11=[out11]			// AES_KEY->rounds
-	add	out8=(AES_Te#-AES_encrypt#),r3	// Te0
-	.save	pr,prsave
-	mov	prsave=pr		}
-{ .mmi;	rum	1<<3				// clear um.ac
-	.save	ar.lc,lcsave
-	mov	lcsave=ar.lc		};;
-
-	.body
-#if defined(_HPUX_SOURCE)	// HPUX is big-endian, cut 15+15 cycles...
-{ .mib; cmp.ne	p6,p0=out0,r0
-	add	out0=4,in0
-(p6)	br.dpnt.many	.Le_i_unaligned	};;
-
-{ .mmi;	ld4	out1=[in0],8		// s0
-	and	out9=3,in1
-	mov	twenty4=24		}
-{ .mmi;	ld4	out3=[out0],8		// s1
-	ADDP	rk0=0,in2
-	mov	sixteen=16		};;
-{ .mmi;	ld4	out5=[in0]		// s2
-	cmp.ne	p6,p0=out9,r0
-	mov	maskff=0xff		}
-{ .mmb;	ld4	out7=[out0]		// s3
-	ADDP	rk1=KSZ,in2
-	br.call.sptk.many	b6=_ia64_AES_encrypt	};;
-
-{ .mib;	ADDP	in0=4,in1
-	ADDP	in1=0,in1
-(p6)	br.spnt	.Le_o_unaligned		};;
-
-{ .mii;	mov	psr.um=loc0
-	mov	ar.pfs=pfssave
-	mov	ar.lc=lcsave		};;
-{ .mmi;	st4	[in1]=r16,8		// s0
-	st4	[in0]=r20,8		// s1
-	mov	pr=prsave,0x1ffff	};;
-{ .mmb;	st4	[in1]=r24		// s2
-	st4	[in0]=r28		// s3
-	br.ret.sptk.many	b0	};;
-#endif
-
-.align	32
-.Le_i_unaligned:
-{ .mmi;	add	out0=1,in0
-	add	out2=2,in0
-	add	out4=3,in0	};;
-{ .mmi;	ld1	r16=[in0],4
-	ld1	r17=[out0],4	}//;;
-{ .mmi;	ld1	r18=[out2],4
-	ld1	out1=[out4],4	};;	// s0
-{ .mmi;	ld1	r20=[in0],4
-	ld1	r21=[out0],4	}//;;
-{ .mmi;	ld1	r22=[out2],4
-	ld1	out3=[out4],4	};;	// s1
-{ .mmi;	ld1	r24=[in0],4
-	ld1	r25=[out0],4	}//;;
-{ .mmi;	ld1	r26=[out2],4
-	ld1	out5=[out4],4	};;	// s2
-{ .mmi;	ld1	r28=[in0]
-	ld1	r29=[out0]	}//;;
-{ .mmi;	ld1	r30=[out2]
-	ld1	out7=[out4]	};;	// s3
-
-{ .mii;
-	dep	out1=r16,out1,24,8	//;;
-	dep	out3=r20,out3,24,8	}//;;
-{ .mii;	ADDP	rk0=0,in2
-	dep	out5=r24,out5,24,8	//;;
-	dep	out7=r28,out7,24,8	};;
-{ .mii;	ADDP	rk1=KSZ,in2
-	dep	out1=r17,out1,16,8	//;;
-	dep	out3=r21,out3,16,8	}//;;
-{ .mii;	mov	twenty4=24
-	dep	out5=r25,out5,16,8	//;;
-	dep	out7=r29,out7,16,8	};;
-{ .mii;	mov	sixteen=16
-	dep	out1=r18,out1,8,8	//;;
-	dep	out3=r22,out3,8,8	}//;;
-{ .mii;	mov	maskff=0xff
-	dep	out5=r26,out5,8,8	//;;
-	dep	out7=r30,out7,8,8	};;
-
-{ .mib;	br.call.sptk.many	b6=_ia64_AES_encrypt	};;
-
-.Le_o_unaligned:
-{ .mii;	ADDP	out0=0,in1
-	extr.u	r17=r16,8,8			// s0
-	shr.u	r19=r16,twenty4		}//;;
-{ .mii;	ADDP	out1=1,in1
-	extr.u	r18=r16,16,8
-	shr.u	r23=r20,twenty4		}//;;	// s1
-{ .mii;	ADDP	out2=2,in1
-	extr.u	r21=r20,8,8
-	shr.u	r22=r20,sixteen		}//;;
-{ .mii;	ADDP	out3=3,in1
-	extr.u	r25=r24,8,8			// s2
-	shr.u	r27=r24,twenty4		};;
-{ .mii;	st1	[out3]=r16,4
-	extr.u	r26=r24,16,8
-	shr.u	r31=r28,twenty4		}//;;	// s3
-{ .mii;	st1	[out2]=r17,4
-	extr.u	r29=r28,8,8
-	shr.u	r30=r28,sixteen		}//;;
-
-{ .mmi;	st1	[out1]=r18,4
-	st1	[out0]=r19,4		};;
-{ .mmi;	st1	[out3]=r20,4
-	st1	[out2]=r21,4		}//;;
-{ .mmi;	st1	[out1]=r22,4
-	st1	[out0]=r23,4		};;
-{ .mmi;	st1	[out3]=r24,4
-	st1	[out2]=r25,4
-	mov	pr=prsave,0x1ffff	}//;;
-{ .mmi;	st1	[out1]=r26,4
-	st1	[out0]=r27,4
-	mov	ar.pfs=pfssave		};;
-{ .mmi;	st1	[out3]=r28
-	st1	[out2]=r29
-	mov	ar.lc=lcsave		}//;;
-{ .mmi;	st1	[out1]=r30
-	st1	[out0]=r31		}
-{ .mfb;	mov	psr.um=loc0			// restore user mask
-	br.ret.sptk.many	b0	};;
-.endp	AES_encrypt#
-
-// *AES_decrypt are autogenerated by the following script:
-#if 0
-#!/usr/bin/env perl
-print "// *AES_decrypt are autogenerated by the following script:\n#if 0\n";
-open(PROG,'<'.$0); while(<PROG>) { print; } close(PROG);
-print "#endif\n";
-while(<>) {
-	$process=1	if (/\.proc\s+_ia64_AES_encrypt/);
-	next		if (!$process);
-
-	#s/te00=s0/td00=s0/;	s/te00/td00/g;
-	s/te11=s1/td13=s3/;	s/te11/td13/g;
-	#s/te22=s2/td22=s2/;	s/te22/td22/g;
-	s/te33=s3/td31=s1/;	s/te33/td31/g;
-
-	#s/te01=s1/td01=s1/;	s/te01/td01/g;
-	s/te12=s2/td10=s0/;	s/te12/td10/g;
-	#s/te23=s3/td23=s3/;	s/te23/td23/g;
-	s/te30=s0/td32=s2/;	s/te30/td32/g;
-
-	#s/te02=s2/td02=s2/;	s/te02/td02/g;
-	s/te13=s3/td11=s1/;	s/te13/td11/g;
-	#s/te20=s0/td20=s0/;	s/te20/td20/g;
-	s/te31=s1/td33=s3/;	s/te31/td33/g;
-
-	#s/te03=s3/td03=s3/;	s/te03/td03/g;
-	s/te10=s0/td12=s2/;	s/te10/td12/g;
-	#s/te21=s1/td21=s1/;	s/te21/td21/g;
-	s/te32=s2/td30=s0/;	s/te32/td30/g;
-
-	s/td/te/g;
-
-	s/AES_encrypt/AES_decrypt/g;
-	s/\.Le_/.Ld_/g;
-	s/AES_Te#/AES_Td#/g;
-
-	print;
-
-	exit		if (/\.endp\s+AES_decrypt/);
-}
-#endif
-.proc	_ia64_AES_decrypt#
-// Input:	rk0-rk1
-//		te0
-//		te3	as AES_KEY->rounds!!!
-//		s0-s3
-//		maskff,twenty4,sixteen
-// Output:	r16,r20,r24,r28 as s0-s3
-// Clobber:	r16-r31,rk0-rk1,r32-r43
-.align	32
-_ia64_AES_decrypt:
-	.prologue
-	.altrp	b6
-	.body
-{ .mmi;	alloc	r16=ar.pfs,12,0,0,8
-	LDKEY	t0=[rk0],2*KSZ
-	mov	pr.rot=1<<16	}
-{ .mmi;	LDKEY	t1=[rk1],2*KSZ
-	add	te1=TE1,te0
-	add	te3=-3,te3	};;
-{ .mib;	LDKEY	t2=[rk0],2*KSZ
-	mov	ar.ec=2		}
-{ .mib;	LDKEY	t3=[rk1],2*KSZ
-	add	te2=TE2,te0
-	brp.loop.imp	.Ld_top,.Ld_end-16	};;
-
-{ .mmi;	xor	s0=s0,t0
-	xor	s1=s1,t1
-	mov	ar.lc=te3	}
-{ .mmi;	xor	s2=s2,t2
-	xor	s3=s3,t3
-	add	te3=TE3,te0	};;
-
-.align	32
-.Ld_top:
-{ .mmi;	(p0)	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
-	(p0)	and	te31=s1,maskff		// 0/0:s3&0xff
-	(p0)	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
-{ .mmi; (p0)	LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
-	(p0)	and	te32=s2,maskff		// 0/1:s0&0xff
-	(p0)	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
-{ .mmi;	(p0)	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
-	(p0)	shladd	te31=te31,3,te3		// 1/0:te0+s0>>24
-	(p0)	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
-{ .mmi;	(p0)	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
-	(p0)	shladd	te32=te32,3,te3		// 1/1:te3+s0
-	(p0)	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
-{ .mmi;	(p0)	ld4	te31=[te31]		// 2/0:te3[s3&0xff]
-	(p0)	shladd	te22=te22,3,te2		// 2/0:te2+s2>>8&0xff
-	(p0)	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
-{ .mmi;	(p0)	ld4	te32=[te32]		// 2/1:te3[s0]
-	(p0)	shladd	te23=te23,3,te2		// 2/1:te2+s3>>8
-	(p0)	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
-{ .mmi;	(p0)	ld4	te22=[te22]		// 3/0:te2[s2>>8]
-	(p0)	shladd	te20=te20,3,te2		// 3/2:te2+s0>>8
-	(p0)	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
-{ .mmi;	(p0)	ld4	te23=[te23]		// 3/1:te2[s3>>8]
-	(p0)	shladd	te00=te00,3,te0		// 3/0:te0+s0>>24
-	(p0)	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
-{ .mmi;	(p0)	ld4	te20=[te20]		// 4/2:te2[s0>>8]
-	(p0)	shladd	te21=te21,3,te2		// 4/3:te3+s2
-	(p0)	extr.u	te13=s3,16,8	}	// 4/0:s1>>16&0xff
-{ .mmi;	(p0)	ld4	te00=[te00]		// 4/0:te0[s0>>24]
-	(p0)	shladd	te01=te01,3,te0		// 4/1:te0+s1>>24
-	(p0)	shr.u	te11=s1,sixteen	};;	// 4/2:s3>>16
-{ .mmi;	(p0)	ld4	te21=[te21]		// 5/3:te2[s1>>8]
-	(p0)	shladd	te13=te13,3,te1		// 5/0:te1+s1>>16
-	(p0)	extr.u	te10=s0,16,8	}	// 5/1:s2>>16&0xff
-{ .mmi;	(p0)	ld4	te01=[te01]		// 5/1:te0[s1>>24]
-	(p0)	shladd	te02=te02,3,te0		// 5/2:te0+s2>>24
-	(p0)	and	te33=s3,maskff	};;	// 5/2:s1&0xff
-{ .mmi;	(p0)	ld4	te13=[te13]		// 6/0:te1[s1>>16]
-	(p0)	shladd	te10=te10,3,te1		// 6/1:te1+s2>>16
-	(p0)	extr.u	te12=s2,16,8	}	// 6/3:s0>>16&0xff
-{ .mmi;	(p0)	ld4	te02=[te02]		// 6/2:te0[s2>>24]
-	(p0)	shladd	te03=te03,3,te0		// 6/3:te1+s0>>16
-	(p0)	and	te30=s0,maskff	};;	// 6/3:s2&0xff
-
-{ .mmi;	(p0)	ld4	te10=[te10]		// 7/1:te1[s2>>16]
-	(p0)	shladd	te33=te33,3,te3		// 7/2:te3+s1&0xff
-	(p0)	and	te11=te11,maskff}	// 7/2:s3>>16&0xff
-{ .mmi;	(p0)	ld4	te03=[te03]		// 7/3:te0[s3>>24]
-	(p0)	shladd	te30=te30,3,te3		// 7/3:te3+s2
-	(p0)	xor	t0=t0,te31	};;	// 7/0:
-{ .mmi;	(p0)	ld4	te33=[te33]		// 8/2:te3[s1]
-	(p0)	shladd	te11=te11,3,te1		// 8/2:te1+s3>>16
-	(p0)	xor	t0=t0,te22	}	// 8/0:
-{ .mmi;	(p0)	ld4	te30=[te30]		// 8/3:te3[s2]
-	(p0)	shladd	te12=te12,3,te1		// 8/3:te1+s0>>16
-	(p0)	xor	t1=t1,te32	};;	// 8/1:
-{ .mmi;	(p0)	ld4	te11=[te11]		// 9/2:te1[s3>>16]
-	(p0)	ld4	te12=[te12]		// 9/3:te1[s0>>16]
-	(p0)	xor	t0=t0,te00	};;	// 9/0:		!L2 scheduling
-{ .mmi;	(p0)	xor	t1=t1,te23		// 10[9]/1:	
-	(p0)	xor	t2=t2,te20		// 10[9]/2:
-	(p0)	xor	t3=t3,te21	};;	// 10[9]/3:
-{ .mmi;	(p0)	xor	t0=t0,te13		// 11[10]/0:done!
-	(p0)	xor	t1=t1,te01		// 11[10]/1:
-	(p0)	xor	t2=t2,te02	};;	// 11[10]/2:	!L2 scheduling
-{ .mmi;	(p0)	xor	t3=t3,te03		// 12[10]/3:
-	(p16)	cmp.eq	p0,p17=r0,r0 	};;	// 12[10]/clear (p17)
-{ .mmi;	(p0)	xor	t1=t1,te10		// 13[11]/1:done!
-	(p0)	xor	t2=t2,te33		// 13[11]/2:
-	(p0)	xor	t3=t3,te30	}	// 13[11]/3:
-{ .mmi;	(p17)	add	te0=2048,te0		// 13[11]/
-	(p17)	add	te1=2048+64-TE1,te1};;	// 13[11]/
-{ .mib;	(p0)	xor	t2=t2,te11		// 14[12]/2:done!
-	(p17)	add	te2=2048+128-TE2,te2}	// 14[12]/
-{ .mib;	(p0)	xor	t3=t3,te12		// 14[12]/3:done!
-	(p17)	add	te3=2048+192-TE3,te3	// 14[12]/
-	br.ctop.sptk	.Ld_top		};;
-.Ld_end:
-
-
-{ .mmi;	ld8	te10=[te0]		// prefetch Td4
-	ld8	te33=[te1]	}
-{ .mmi;	ld8	te12=[te2]
-	ld8	te30=[te3]	}
-
-{ .mmi;	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
-	and	te31=s1,maskff		// 0/0:s3&0xff
-	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
-{ .mmi; LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
-	and	te32=s2,maskff		// 0/1:s0&0xff
-	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
-{ .mmi;	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
-	add	te31=te31,te0		// 1/0:te0+s0>>24
-	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
-{ .mmi;	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
-	add	te32=te32,te0		// 1/1:te0+s0
-	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
-{ .mmi;	ld1	te31=[te31]		// 2/0:te0[s3&0xff]
-	add	te22=te22,te0		// 2/0:te0+s2>>8&0xff
-	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
-{ .mmi;	ld1	te32=[te32]		// 2/1:te0[s0]
-	add	te23=te23,te0		// 2/1:te0+s3>>8
-	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
-{ .mmi;	ld1	te22=[te22]		// 3/0:te0[s2>>8]
-	add	te20=te20,te0		// 3/2:te0+s0>>8
-	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
-{ .mmi;	ld1	te23=[te23]		// 3/1:te0[s3>>8]
-	add	te00=te00,te0		// 3/0:te0+s0>>24
-	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
-{ .mmi;	ld1	te20=[te20]		// 4/2:te0[s0>>8]
-	add	te21=te21,te0		// 4/3:te0+s2
-	extr.u	te13=s3,16,8	}	// 4/0:s1>>16&0xff
-{ .mmi;	ld1	te00=[te00]		// 4/0:te0[s0>>24]
-	add	te01=te01,te0		// 4/1:te0+s1>>24
-	shr.u	te11=s1,sixteen	};;	// 4/2:s3>>16
-{ .mmi;	ld1	te21=[te21]		// 5/3:te0[s1>>8]
-	add	te13=te13,te0		// 5/0:te0+s1>>16
-	extr.u	te10=s0,16,8	}	// 5/1:s2>>16&0xff
-{ .mmi;	ld1	te01=[te01]		// 5/1:te0[s1>>24]
-	add	te02=te02,te0		// 5/2:te0+s2>>24
-	and	te33=s3,maskff	};;	// 5/2:s1&0xff
-{ .mmi;	ld1	te13=[te13]		// 6/0:te0[s1>>16]
-	add	te10=te10,te0		// 6/1:te0+s2>>16
-	extr.u	te12=s2,16,8	}	// 6/3:s0>>16&0xff
-{ .mmi;	ld1	te02=[te02]		// 6/2:te0[s2>>24]
-	add	te03=te03,te0		// 6/3:te0+s0>>16
-	and	te30=s0,maskff	};;	// 6/3:s2&0xff
-
-{ .mmi;	ld1	te10=[te10]		// 7/1:te0[s2>>16]
-	add	te33=te33,te0		// 7/2:te0+s1&0xff
-	dep	te31=te22,te31,8,8}	// 7/0:
-{ .mmi;	ld1	te03=[te03]		// 7/3:te0[s3>>24]
-	add	te30=te30,te0		// 7/3:te0+s2
-	and	te11=te11,maskff};;	// 7/2:s3>>16&0xff
-{ .mmi;	ld1	te33=[te33]		// 8/2:te0[s1]
-	add	te11=te11,te0		// 8/2:te0+s3>>16
-	dep	te32=te23,te32,8,8}	// 8/1:
-{ .mmi;	ld1	te30=[te30]		// 8/3:te0[s2]
-	add	te12=te12,te0		// 8/3:te0+s0>>16
-	shl	te00=te00,twenty4};;	// 8/0:
-{ .mii;	ld1	te11=[te11]		// 9/2:te0[s3>>16]
-	dep	te31=te13,te31,16,8	// 9/0:
-	shl	te01=te01,twenty4};;	// 9/1:
-{ .mii;	ld1	te12=[te12]		// 10/3:te0[s0>>16]
-	dep	te33=te20,te33,8,8	// 10/2:
-	shl	te02=te02,twenty4};;	// 10/2:
-{ .mii;	xor	t0=t0,te31		// 11/0:
-	dep	te30=te21,te30,8,8	// 11/3:
-	shl	te10=te10,sixteen};;	// 11/1:
-{ .mii;	xor	r16=t0,te00		// 12/0:done!
-	dep	te33=te11,te33,16,8	// 12/2:
-	shl	te03=te03,twenty4};;	// 12/3:
-{ .mmi;	xor	t1=t1,te01		// 13/1:
-	xor	t2=t2,te02		// 13/2:
-	dep	te30=te12,te30,16,8};;	// 13/3:
-{ .mmi;	xor	t1=t1,te32		// 14/1:
-	xor	r24=t2,te33		// 14/2:done!
-	xor	t3=t3,te30	};;	// 14/3:
-{ .mib;	xor	r20=t1,te10		// 15/1:done!
-	xor	r28=t3,te03		// 15/3:done!
-	br.ret.sptk	b6	};;
-.endp	_ia64_AES_decrypt#
-
-// void AES_decrypt (const void *in,void *out,const AES_KEY *key);
-.global	AES_decrypt#
-.proc	AES_decrypt#
-.align	32
-AES_decrypt:
-	.prologue
-	.save	ar.pfs,pfssave
-{ .mmi;	alloc	pfssave=ar.pfs,3,1,12,0
-	and	out0=3,in0
-	mov	r3=ip			}
-{ .mmi;	ADDP	in0=0,in0
-	mov	loc0=psr.um
-	ADDP	out11=KSZ*60,in2	};;	// &AES_KEY->rounds
-
-{ .mmi;	ld4	out11=[out11]			// AES_KEY->rounds
-	add	out8=(AES_Td#-AES_decrypt#),r3	// Te0
-	.save	pr,prsave
-	mov	prsave=pr		}
-{ .mmi;	rum	1<<3				// clear um.ac
-	.save	ar.lc,lcsave
-	mov	lcsave=ar.lc		};;
-
-	.body
-#if defined(_HPUX_SOURCE)	// HPUX is big-endian, cut 15+15 cycles...
-{ .mib; cmp.ne	p6,p0=out0,r0
-	add	out0=4,in0
-(p6)	br.dpnt.many	.Ld_i_unaligned	};;
-
-{ .mmi;	ld4	out1=[in0],8		// s0
-	and	out9=3,in1
-	mov	twenty4=24		}
-{ .mmi;	ld4	out3=[out0],8		// s1
-	ADDP	rk0=0,in2
-	mov	sixteen=16		};;
-{ .mmi;	ld4	out5=[in0]		// s2
-	cmp.ne	p6,p0=out9,r0
-	mov	maskff=0xff		}
-{ .mmb;	ld4	out7=[out0]		// s3
-	ADDP	rk1=KSZ,in2
-	br.call.sptk.many	b6=_ia64_AES_decrypt	};;
-
-{ .mib;	ADDP	in0=4,in1
-	ADDP	in1=0,in1
-(p6)	br.spnt	.Ld_o_unaligned		};;
-
-{ .mii;	mov	psr.um=loc0
-	mov	ar.pfs=pfssave
-	mov	ar.lc=lcsave		};;
-{ .mmi;	st4	[in1]=r16,8		// s0
-	st4	[in0]=r20,8		// s1
-	mov	pr=prsave,0x1ffff	};;
-{ .mmb;	st4	[in1]=r24		// s2
-	st4	[in0]=r28		// s3
-	br.ret.sptk.many	b0	};;
-#endif
-
-.align	32
-.Ld_i_unaligned:
-{ .mmi;	add	out0=1,in0
-	add	out2=2,in0
-	add	out4=3,in0	};;
-{ .mmi;	ld1	r16=[in0],4
-	ld1	r17=[out0],4	}//;;
-{ .mmi;	ld1	r18=[out2],4
-	ld1	out1=[out4],4	};;	// s0
-{ .mmi;	ld1	r20=[in0],4
-	ld1	r21=[out0],4	}//;;
-{ .mmi;	ld1	r22=[out2],4
-	ld1	out3=[out4],4	};;	// s1
-{ .mmi;	ld1	r24=[in0],4
-	ld1	r25=[out0],4	}//;;
-{ .mmi;	ld1	r26=[out2],4
-	ld1	out5=[out4],4	};;	// s2
-{ .mmi;	ld1	r28=[in0]
-	ld1	r29=[out0]	}//;;
-{ .mmi;	ld1	r30=[out2]
-	ld1	out7=[out4]	};;	// s3
-
-{ .mii;
-	dep	out1=r16,out1,24,8	//;;
-	dep	out3=r20,out3,24,8	}//;;
-{ .mii;	ADDP	rk0=0,in2
-	dep	out5=r24,out5,24,8	//;;
-	dep	out7=r28,out7,24,8	};;
-{ .mii;	ADDP	rk1=KSZ,in2
-	dep	out1=r17,out1,16,8	//;;
-	dep	out3=r21,out3,16,8	}//;;
-{ .mii;	mov	twenty4=24
-	dep	out5=r25,out5,16,8	//;;
-	dep	out7=r29,out7,16,8	};;
-{ .mii;	mov	sixteen=16
-	dep	out1=r18,out1,8,8	//;;
-	dep	out3=r22,out3,8,8	}//;;
-{ .mii;	mov	maskff=0xff
-	dep	out5=r26,out5,8,8	//;;
-	dep	out7=r30,out7,8,8	};;
-
-{ .mib;	br.call.sptk.many	b6=_ia64_AES_decrypt	};;
-
-.Ld_o_unaligned:
-{ .mii;	ADDP	out0=0,in1
-	extr.u	r17=r16,8,8			// s0
-	shr.u	r19=r16,twenty4		}//;;
-{ .mii;	ADDP	out1=1,in1
-	extr.u	r18=r16,16,8
-	shr.u	r23=r20,twenty4		}//;;	// s1
-{ .mii;	ADDP	out2=2,in1
-	extr.u	r21=r20,8,8
-	shr.u	r22=r20,sixteen		}//;;
-{ .mii;	ADDP	out3=3,in1
-	extr.u	r25=r24,8,8			// s2
-	shr.u	r27=r24,twenty4		};;
-{ .mii;	st1	[out3]=r16,4
-	extr.u	r26=r24,16,8
-	shr.u	r31=r28,twenty4		}//;;	// s3
-{ .mii;	st1	[out2]=r17,4
-	extr.u	r29=r28,8,8
-	shr.u	r30=r28,sixteen		}//;;
-
-{ .mmi;	st1	[out1]=r18,4
-	st1	[out0]=r19,4		};;
-{ .mmi;	st1	[out3]=r20,4
-	st1	[out2]=r21,4		}//;;
-{ .mmi;	st1	[out1]=r22,4
-	st1	[out0]=r23,4		};;
-{ .mmi;	st1	[out3]=r24,4
-	st1	[out2]=r25,4
-	mov	pr=prsave,0x1ffff	}//;;
-{ .mmi;	st1	[out1]=r26,4
-	st1	[out0]=r27,4
-	mov	ar.pfs=pfssave		};;
-{ .mmi;	st1	[out3]=r28
-	st1	[out2]=r29
-	mov	ar.lc=lcsave		}//;;
-{ .mmi;	st1	[out1]=r30
-	st1	[out0]=r31		}
-{ .mfb;	mov	psr.um=loc0			// restore user mask
-	br.ret.sptk.many	b0	};;
-.endp	AES_decrypt#
-
-// leave it in .text segment...
-.align	64
-.global	AES_Te#
-.type	AES_Te#,@object
-AES_Te:	data4	0xc66363a5,0xc66363a5, 0xf87c7c84,0xf87c7c84
-	data4	0xee777799,0xee777799, 0xf67b7b8d,0xf67b7b8d
-	data4	0xfff2f20d,0xfff2f20d, 0xd66b6bbd,0xd66b6bbd
-	data4	0xde6f6fb1,0xde6f6fb1, 0x91c5c554,0x91c5c554
-	data4	0x60303050,0x60303050, 0x02010103,0x02010103
-	data4	0xce6767a9,0xce6767a9, 0x562b2b7d,0x562b2b7d
-	data4	0xe7fefe19,0xe7fefe19, 0xb5d7d762,0xb5d7d762
-	data4	0x4dababe6,0x4dababe6, 0xec76769a,0xec76769a
-	data4	0x8fcaca45,0x8fcaca45, 0x1f82829d,0x1f82829d
-	data4	0x89c9c940,0x89c9c940, 0xfa7d7d87,0xfa7d7d87
-	data4	0xeffafa15,0xeffafa15, 0xb25959eb,0xb25959eb
-	data4	0x8e4747c9,0x8e4747c9, 0xfbf0f00b,0xfbf0f00b
-	data4	0x41adadec,0x41adadec, 0xb3d4d467,0xb3d4d467
-	data4	0x5fa2a2fd,0x5fa2a2fd, 0x45afafea,0x45afafea
-	data4	0x239c9cbf,0x239c9cbf, 0x53a4a4f7,0x53a4a4f7
-	data4	0xe4727296,0xe4727296, 0x9bc0c05b,0x9bc0c05b
-	data4	0x75b7b7c2,0x75b7b7c2, 0xe1fdfd1c,0xe1fdfd1c
-	data4	0x3d9393ae,0x3d9393ae, 0x4c26266a,0x4c26266a
-	data4	0x6c36365a,0x6c36365a, 0x7e3f3f41,0x7e3f3f41
-	data4	0xf5f7f702,0xf5f7f702, 0x83cccc4f,0x83cccc4f
-	data4	0x6834345c,0x6834345c, 0x51a5a5f4,0x51a5a5f4
-	data4	0xd1e5e534,0xd1e5e534, 0xf9f1f108,0xf9f1f108
-	data4	0xe2717193,0xe2717193, 0xabd8d873,0xabd8d873
-	data4	0x62313153,0x62313153, 0x2a15153f,0x2a15153f
-	data4	0x0804040c,0x0804040c, 0x95c7c752,0x95c7c752
-	data4	0x46232365,0x46232365, 0x9dc3c35e,0x9dc3c35e
-	data4	0x30181828,0x30181828, 0x379696a1,0x379696a1
-	data4	0x0a05050f,0x0a05050f, 0x2f9a9ab5,0x2f9a9ab5
-	data4	0x0e070709,0x0e070709, 0x24121236,0x24121236
-	data4	0x1b80809b,0x1b80809b, 0xdfe2e23d,0xdfe2e23d
-	data4	0xcdebeb26,0xcdebeb26, 0x4e272769,0x4e272769
-	data4	0x7fb2b2cd,0x7fb2b2cd, 0xea75759f,0xea75759f
-	data4	0x1209091b,0x1209091b, 0x1d83839e,0x1d83839e
-	data4	0x582c2c74,0x582c2c74, 0x341a1a2e,0x341a1a2e
-	data4	0x361b1b2d,0x361b1b2d, 0xdc6e6eb2,0xdc6e6eb2
-	data4	0xb45a5aee,0xb45a5aee, 0x5ba0a0fb,0x5ba0a0fb
-	data4	0xa45252f6,0xa45252f6, 0x763b3b4d,0x763b3b4d
-	data4	0xb7d6d661,0xb7d6d661, 0x7db3b3ce,0x7db3b3ce
-	data4	0x5229297b,0x5229297b, 0xdde3e33e,0xdde3e33e
-	data4	0x5e2f2f71,0x5e2f2f71, 0x13848497,0x13848497
-	data4	0xa65353f5,0xa65353f5, 0xb9d1d168,0xb9d1d168
-	data4	0x00000000,0x00000000, 0xc1eded2c,0xc1eded2c
-	data4	0x40202060,0x40202060, 0xe3fcfc1f,0xe3fcfc1f
-	data4	0x79b1b1c8,0x79b1b1c8, 0xb65b5bed,0xb65b5bed
-	data4	0xd46a6abe,0xd46a6abe, 0x8dcbcb46,0x8dcbcb46
-	data4	0x67bebed9,0x67bebed9, 0x7239394b,0x7239394b
-	data4	0x944a4ade,0x944a4ade, 0x984c4cd4,0x984c4cd4
-	data4	0xb05858e8,0xb05858e8, 0x85cfcf4a,0x85cfcf4a
-	data4	0xbbd0d06b,0xbbd0d06b, 0xc5efef2a,0xc5efef2a
-	data4	0x4faaaae5,0x4faaaae5, 0xedfbfb16,0xedfbfb16
-	data4	0x864343c5,0x864343c5, 0x9a4d4dd7,0x9a4d4dd7
-	data4	0x66333355,0x66333355, 0x11858594,0x11858594
-	data4	0x8a4545cf,0x8a4545cf, 0xe9f9f910,0xe9f9f910
-	data4	0x04020206,0x04020206, 0xfe7f7f81,0xfe7f7f81
-	data4	0xa05050f0,0xa05050f0, 0x783c3c44,0x783c3c44
-	data4	0x259f9fba,0x259f9fba, 0x4ba8a8e3,0x4ba8a8e3
-	data4	0xa25151f3,0xa25151f3, 0x5da3a3fe,0x5da3a3fe
-	data4	0x804040c0,0x804040c0, 0x058f8f8a,0x058f8f8a
-	data4	0x3f9292ad,0x3f9292ad, 0x219d9dbc,0x219d9dbc
-	data4	0x70383848,0x70383848, 0xf1f5f504,0xf1f5f504
-	data4	0x63bcbcdf,0x63bcbcdf, 0x77b6b6c1,0x77b6b6c1
-	data4	0xafdada75,0xafdada75, 0x42212163,0x42212163
-	data4	0x20101030,0x20101030, 0xe5ffff1a,0xe5ffff1a
-	data4	0xfdf3f30e,0xfdf3f30e, 0xbfd2d26d,0xbfd2d26d
-	data4	0x81cdcd4c,0x81cdcd4c, 0x180c0c14,0x180c0c14
-	data4	0x26131335,0x26131335, 0xc3ecec2f,0xc3ecec2f
-	data4	0xbe5f5fe1,0xbe5f5fe1, 0x359797a2,0x359797a2
-	data4	0x884444cc,0x884444cc, 0x2e171739,0x2e171739
-	data4	0x93c4c457,0x93c4c457, 0x55a7a7f2,0x55a7a7f2
-	data4	0xfc7e7e82,0xfc7e7e82, 0x7a3d3d47,0x7a3d3d47
-	data4	0xc86464ac,0xc86464ac, 0xba5d5de7,0xba5d5de7
-	data4	0x3219192b,0x3219192b, 0xe6737395,0xe6737395
-	data4	0xc06060a0,0xc06060a0, 0x19818198,0x19818198
-	data4	0x9e4f4fd1,0x9e4f4fd1, 0xa3dcdc7f,0xa3dcdc7f
-	data4	0x44222266,0x44222266, 0x542a2a7e,0x542a2a7e
-	data4	0x3b9090ab,0x3b9090ab, 0x0b888883,0x0b888883
-	data4	0x8c4646ca,0x8c4646ca, 0xc7eeee29,0xc7eeee29
-	data4	0x6bb8b8d3,0x6bb8b8d3, 0x2814143c,0x2814143c
-	data4	0xa7dede79,0xa7dede79, 0xbc5e5ee2,0xbc5e5ee2
-	data4	0x160b0b1d,0x160b0b1d, 0xaddbdb76,0xaddbdb76
-	data4	0xdbe0e03b,0xdbe0e03b, 0x64323256,0x64323256
-	data4	0x743a3a4e,0x743a3a4e, 0x140a0a1e,0x140a0a1e
-	data4	0x924949db,0x924949db, 0x0c06060a,0x0c06060a
-	data4	0x4824246c,0x4824246c, 0xb85c5ce4,0xb85c5ce4
-	data4	0x9fc2c25d,0x9fc2c25d, 0xbdd3d36e,0xbdd3d36e
-	data4	0x43acacef,0x43acacef, 0xc46262a6,0xc46262a6
-	data4	0x399191a8,0x399191a8, 0x319595a4,0x319595a4
-	data4	0xd3e4e437,0xd3e4e437, 0xf279798b,0xf279798b
-	data4	0xd5e7e732,0xd5e7e732, 0x8bc8c843,0x8bc8c843
-	data4	0x6e373759,0x6e373759, 0xda6d6db7,0xda6d6db7
-	data4	0x018d8d8c,0x018d8d8c, 0xb1d5d564,0xb1d5d564
-	data4	0x9c4e4ed2,0x9c4e4ed2, 0x49a9a9e0,0x49a9a9e0
-	data4	0xd86c6cb4,0xd86c6cb4, 0xac5656fa,0xac5656fa
-	data4	0xf3f4f407,0xf3f4f407, 0xcfeaea25,0xcfeaea25
-	data4	0xca6565af,0xca6565af, 0xf47a7a8e,0xf47a7a8e
-	data4	0x47aeaee9,0x47aeaee9, 0x10080818,0x10080818
-	data4	0x6fbabad5,0x6fbabad5, 0xf0787888,0xf0787888
-	data4	0x4a25256f,0x4a25256f, 0x5c2e2e72,0x5c2e2e72
-	data4	0x381c1c24,0x381c1c24, 0x57a6a6f1,0x57a6a6f1
-	data4	0x73b4b4c7,0x73b4b4c7, 0x97c6c651,0x97c6c651
-	data4	0xcbe8e823,0xcbe8e823, 0xa1dddd7c,0xa1dddd7c
-	data4	0xe874749c,0xe874749c, 0x3e1f1f21,0x3e1f1f21
-	data4	0x964b4bdd,0x964b4bdd, 0x61bdbddc,0x61bdbddc
-	data4	0x0d8b8b86,0x0d8b8b86, 0x0f8a8a85,0x0f8a8a85
-	data4	0xe0707090,0xe0707090, 0x7c3e3e42,0x7c3e3e42
-	data4	0x71b5b5c4,0x71b5b5c4, 0xcc6666aa,0xcc6666aa
-	data4	0x904848d8,0x904848d8, 0x06030305,0x06030305
-	data4	0xf7f6f601,0xf7f6f601, 0x1c0e0e12,0x1c0e0e12
-	data4	0xc26161a3,0xc26161a3, 0x6a35355f,0x6a35355f
-	data4	0xae5757f9,0xae5757f9, 0x69b9b9d0,0x69b9b9d0
-	data4	0x17868691,0x17868691, 0x99c1c158,0x99c1c158
-	data4	0x3a1d1d27,0x3a1d1d27, 0x279e9eb9,0x279e9eb9
-	data4	0xd9e1e138,0xd9e1e138, 0xebf8f813,0xebf8f813
-	data4	0x2b9898b3,0x2b9898b3, 0x22111133,0x22111133
-	data4	0xd26969bb,0xd26969bb, 0xa9d9d970,0xa9d9d970
-	data4	0x078e8e89,0x078e8e89, 0x339494a7,0x339494a7
-	data4	0x2d9b9bb6,0x2d9b9bb6, 0x3c1e1e22,0x3c1e1e22
-	data4	0x15878792,0x15878792, 0xc9e9e920,0xc9e9e920
-	data4	0x87cece49,0x87cece49, 0xaa5555ff,0xaa5555ff
-	data4	0x50282878,0x50282878, 0xa5dfdf7a,0xa5dfdf7a
-	data4	0x038c8c8f,0x038c8c8f, 0x59a1a1f8,0x59a1a1f8
-	data4	0x09898980,0x09898980, 0x1a0d0d17,0x1a0d0d17
-	data4	0x65bfbfda,0x65bfbfda, 0xd7e6e631,0xd7e6e631
-	data4	0x844242c6,0x844242c6, 0xd06868b8,0xd06868b8
-	data4	0x824141c3,0x824141c3, 0x299999b0,0x299999b0
-	data4	0x5a2d2d77,0x5a2d2d77, 0x1e0f0f11,0x1e0f0f11
-	data4	0x7bb0b0cb,0x7bb0b0cb, 0xa85454fc,0xa85454fc
-	data4	0x6dbbbbd6,0x6dbbbbd6, 0x2c16163a,0x2c16163a
-// Te4:
-	data1	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
-	data1	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
-	data1	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
-	data1	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
-	data1	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
-	data1	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
-	data1	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
-	data1	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
-	data1	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
-	data1	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
-	data1	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
-	data1	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
-	data1	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
-	data1	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
-	data1	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
-	data1	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
-	data1	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
-	data1	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
-	data1	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
-	data1	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
-	data1	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
-	data1	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
-	data1	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
-	data1	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
-	data1	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
-	data1	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
-	data1	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
-	data1	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
-	data1	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
-	data1	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
-	data1	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
-	data1	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-.size	AES_Te#,2048+256	// HP-UX assembler fails to ".-AES_Te#"
-
-.align	64
-.global	AES_Td#
-.type	AES_Td#,@object
-AES_Td:	data4	0x51f4a750,0x51f4a750, 0x7e416553,0x7e416553
-	data4	0x1a17a4c3,0x1a17a4c3, 0x3a275e96,0x3a275e96
-	data4	0x3bab6bcb,0x3bab6bcb, 0x1f9d45f1,0x1f9d45f1
-	data4	0xacfa58ab,0xacfa58ab, 0x4be30393,0x4be30393
-	data4	0x2030fa55,0x2030fa55, 0xad766df6,0xad766df6
-	data4	0x88cc7691,0x88cc7691, 0xf5024c25,0xf5024c25
-	data4	0x4fe5d7fc,0x4fe5d7fc, 0xc52acbd7,0xc52acbd7
-	data4	0x26354480,0x26354480, 0xb562a38f,0xb562a38f
-	data4	0xdeb15a49,0xdeb15a49, 0x25ba1b67,0x25ba1b67
-	data4	0x45ea0e98,0x45ea0e98, 0x5dfec0e1,0x5dfec0e1
-	data4	0xc32f7502,0xc32f7502, 0x814cf012,0x814cf012
-	data4	0x8d4697a3,0x8d4697a3, 0x6bd3f9c6,0x6bd3f9c6
-	data4	0x038f5fe7,0x038f5fe7, 0x15929c95,0x15929c95
-	data4	0xbf6d7aeb,0xbf6d7aeb, 0x955259da,0x955259da
-	data4	0xd4be832d,0xd4be832d, 0x587421d3,0x587421d3
-	data4	0x49e06929,0x49e06929, 0x8ec9c844,0x8ec9c844
-	data4	0x75c2896a,0x75c2896a, 0xf48e7978,0xf48e7978
-	data4	0x99583e6b,0x99583e6b, 0x27b971dd,0x27b971dd
-	data4	0xbee14fb6,0xbee14fb6, 0xf088ad17,0xf088ad17
-	data4	0xc920ac66,0xc920ac66, 0x7dce3ab4,0x7dce3ab4
-	data4	0x63df4a18,0x63df4a18, 0xe51a3182,0xe51a3182
-	data4	0x97513360,0x97513360, 0x62537f45,0x62537f45
-	data4	0xb16477e0,0xb16477e0, 0xbb6bae84,0xbb6bae84
-	data4	0xfe81a01c,0xfe81a01c, 0xf9082b94,0xf9082b94
-	data4	0x70486858,0x70486858, 0x8f45fd19,0x8f45fd19
-	data4	0x94de6c87,0x94de6c87, 0x527bf8b7,0x527bf8b7
-	data4	0xab73d323,0xab73d323, 0x724b02e2,0x724b02e2
-	data4	0xe31f8f57,0xe31f8f57, 0x6655ab2a,0x6655ab2a
-	data4	0xb2eb2807,0xb2eb2807, 0x2fb5c203,0x2fb5c203
-	data4	0x86c57b9a,0x86c57b9a, 0xd33708a5,0xd33708a5
-	data4	0x302887f2,0x302887f2, 0x23bfa5b2,0x23bfa5b2
-	data4	0x02036aba,0x02036aba, 0xed16825c,0xed16825c
-	data4	0x8acf1c2b,0x8acf1c2b, 0xa779b492,0xa779b492
-	data4	0xf307f2f0,0xf307f2f0, 0x4e69e2a1,0x4e69e2a1
-	data4	0x65daf4cd,0x65daf4cd, 0x0605bed5,0x0605bed5
-	data4	0xd134621f,0xd134621f, 0xc4a6fe8a,0xc4a6fe8a
-	data4	0x342e539d,0x342e539d, 0xa2f355a0,0xa2f355a0
-	data4	0x058ae132,0x058ae132, 0xa4f6eb75,0xa4f6eb75
-	data4	0x0b83ec39,0x0b83ec39, 0x4060efaa,0x4060efaa
-	data4	0x5e719f06,0x5e719f06, 0xbd6e1051,0xbd6e1051
-	data4	0x3e218af9,0x3e218af9, 0x96dd063d,0x96dd063d
-	data4	0xdd3e05ae,0xdd3e05ae, 0x4de6bd46,0x4de6bd46
-	data4	0x91548db5,0x91548db5, 0x71c45d05,0x71c45d05
-	data4	0x0406d46f,0x0406d46f, 0x605015ff,0x605015ff
-	data4	0x1998fb24,0x1998fb24, 0xd6bde997,0xd6bde997
-	data4	0x894043cc,0x894043cc, 0x67d99e77,0x67d99e77
-	data4	0xb0e842bd,0xb0e842bd, 0x07898b88,0x07898b88
-	data4	0xe7195b38,0xe7195b38, 0x79c8eedb,0x79c8eedb
-	data4	0xa17c0a47,0xa17c0a47, 0x7c420fe9,0x7c420fe9
-	data4	0xf8841ec9,0xf8841ec9, 0x00000000,0x00000000
-	data4	0x09808683,0x09808683, 0x322bed48,0x322bed48
-	data4	0x1e1170ac,0x1e1170ac, 0x6c5a724e,0x6c5a724e
-	data4	0xfd0efffb,0xfd0efffb, 0x0f853856,0x0f853856
-	data4	0x3daed51e,0x3daed51e, 0x362d3927,0x362d3927
-	data4	0x0a0fd964,0x0a0fd964, 0x685ca621,0x685ca621
-	data4	0x9b5b54d1,0x9b5b54d1, 0x24362e3a,0x24362e3a
-	data4	0x0c0a67b1,0x0c0a67b1, 0x9357e70f,0x9357e70f
-	data4	0xb4ee96d2,0xb4ee96d2, 0x1b9b919e,0x1b9b919e
-	data4	0x80c0c54f,0x80c0c54f, 0x61dc20a2,0x61dc20a2
-	data4	0x5a774b69,0x5a774b69, 0x1c121a16,0x1c121a16
-	data4	0xe293ba0a,0xe293ba0a, 0xc0a02ae5,0xc0a02ae5
-	data4	0x3c22e043,0x3c22e043, 0x121b171d,0x121b171d
-	data4	0x0e090d0b,0x0e090d0b, 0xf28bc7ad,0xf28bc7ad
-	data4	0x2db6a8b9,0x2db6a8b9, 0x141ea9c8,0x141ea9c8
-	data4	0x57f11985,0x57f11985, 0xaf75074c,0xaf75074c
-	data4	0xee99ddbb,0xee99ddbb, 0xa37f60fd,0xa37f60fd
-	data4	0xf701269f,0xf701269f, 0x5c72f5bc,0x5c72f5bc
-	data4	0x44663bc5,0x44663bc5, 0x5bfb7e34,0x5bfb7e34
-	data4	0x8b432976,0x8b432976, 0xcb23c6dc,0xcb23c6dc
-	data4	0xb6edfc68,0xb6edfc68, 0xb8e4f163,0xb8e4f163
-	data4	0xd731dcca,0xd731dcca, 0x42638510,0x42638510
-	data4	0x13972240,0x13972240, 0x84c61120,0x84c61120
-	data4	0x854a247d,0x854a247d, 0xd2bb3df8,0xd2bb3df8
-	data4	0xaef93211,0xaef93211, 0xc729a16d,0xc729a16d
-	data4	0x1d9e2f4b,0x1d9e2f4b, 0xdcb230f3,0xdcb230f3
-	data4	0x0d8652ec,0x0d8652ec, 0x77c1e3d0,0x77c1e3d0
-	data4	0x2bb3166c,0x2bb3166c, 0xa970b999,0xa970b999
-	data4	0x119448fa,0x119448fa, 0x47e96422,0x47e96422
-	data4	0xa8fc8cc4,0xa8fc8cc4, 0xa0f03f1a,0xa0f03f1a
-	data4	0x567d2cd8,0x567d2cd8, 0x223390ef,0x223390ef
-	data4	0x87494ec7,0x87494ec7, 0xd938d1c1,0xd938d1c1
-	data4	0x8ccaa2fe,0x8ccaa2fe, 0x98d40b36,0x98d40b36
-	data4	0xa6f581cf,0xa6f581cf, 0xa57ade28,0xa57ade28
-	data4	0xdab78e26,0xdab78e26, 0x3fadbfa4,0x3fadbfa4
-	data4	0x2c3a9de4,0x2c3a9de4, 0x5078920d,0x5078920d
-	data4	0x6a5fcc9b,0x6a5fcc9b, 0x547e4662,0x547e4662
-	data4	0xf68d13c2,0xf68d13c2, 0x90d8b8e8,0x90d8b8e8
-	data4	0x2e39f75e,0x2e39f75e, 0x82c3aff5,0x82c3aff5
-	data4	0x9f5d80be,0x9f5d80be, 0x69d0937c,0x69d0937c
-	data4	0x6fd52da9,0x6fd52da9, 0xcf2512b3,0xcf2512b3
-	data4	0xc8ac993b,0xc8ac993b, 0x10187da7,0x10187da7
-	data4	0xe89c636e,0xe89c636e, 0xdb3bbb7b,0xdb3bbb7b
-	data4	0xcd267809,0xcd267809, 0x6e5918f4,0x6e5918f4
-	data4	0xec9ab701,0xec9ab701, 0x834f9aa8,0x834f9aa8
-	data4	0xe6956e65,0xe6956e65, 0xaaffe67e,0xaaffe67e
-	data4	0x21bccf08,0x21bccf08, 0xef15e8e6,0xef15e8e6
-	data4	0xbae79bd9,0xbae79bd9, 0x4a6f36ce,0x4a6f36ce
-	data4	0xea9f09d4,0xea9f09d4, 0x29b07cd6,0x29b07cd6
-	data4	0x31a4b2af,0x31a4b2af, 0x2a3f2331,0x2a3f2331
-	data4	0xc6a59430,0xc6a59430, 0x35a266c0,0x35a266c0
-	data4	0x744ebc37,0x744ebc37, 0xfc82caa6,0xfc82caa6
-	data4	0xe090d0b0,0xe090d0b0, 0x33a7d815,0x33a7d815
-	data4	0xf104984a,0xf104984a, 0x41ecdaf7,0x41ecdaf7
-	data4	0x7fcd500e,0x7fcd500e, 0x1791f62f,0x1791f62f
-	data4	0x764dd68d,0x764dd68d, 0x43efb04d,0x43efb04d
-	data4	0xccaa4d54,0xccaa4d54, 0xe49604df,0xe49604df
-	data4	0x9ed1b5e3,0x9ed1b5e3, 0x4c6a881b,0x4c6a881b
-	data4	0xc12c1fb8,0xc12c1fb8, 0x4665517f,0x4665517f
-	data4	0x9d5eea04,0x9d5eea04, 0x018c355d,0x018c355d
-	data4	0xfa877473,0xfa877473, 0xfb0b412e,0xfb0b412e
-	data4	0xb3671d5a,0xb3671d5a, 0x92dbd252,0x92dbd252
-	data4	0xe9105633,0xe9105633, 0x6dd64713,0x6dd64713
-	data4	0x9ad7618c,0x9ad7618c, 0x37a10c7a,0x37a10c7a
-	data4	0x59f8148e,0x59f8148e, 0xeb133c89,0xeb133c89
-	data4	0xcea927ee,0xcea927ee, 0xb761c935,0xb761c935
-	data4	0xe11ce5ed,0xe11ce5ed, 0x7a47b13c,0x7a47b13c
-	data4	0x9cd2df59,0x9cd2df59, 0x55f2733f,0x55f2733f
-	data4	0x1814ce79,0x1814ce79, 0x73c737bf,0x73c737bf
-	data4	0x53f7cdea,0x53f7cdea, 0x5ffdaa5b,0x5ffdaa5b
-	data4	0xdf3d6f14,0xdf3d6f14, 0x7844db86,0x7844db86
-	data4	0xcaaff381,0xcaaff381, 0xb968c43e,0xb968c43e
-	data4	0x3824342c,0x3824342c, 0xc2a3405f,0xc2a3405f
-	data4	0x161dc372,0x161dc372, 0xbce2250c,0xbce2250c
-	data4	0x283c498b,0x283c498b, 0xff0d9541,0xff0d9541
-	data4	0x39a80171,0x39a80171, 0x080cb3de,0x080cb3de
-	data4	0xd8b4e49c,0xd8b4e49c, 0x6456c190,0x6456c190
-	data4	0x7bcb8461,0x7bcb8461, 0xd532b670,0xd532b670
-	data4	0x486c5c74,0x486c5c74, 0xd0b85742,0xd0b85742
-// Td4:
-	data1	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
-	data1	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
-	data1	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
-	data1	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
-	data1	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
-	data1	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
-	data1	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
-	data1	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
-	data1	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
-	data1	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
-	data1	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
-	data1	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
-	data1	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
-	data1	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
-	data1	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
-	data1	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
-	data1	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
-	data1	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
-	data1	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
-	data1	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
-	data1	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
-	data1	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
-	data1	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
-	data1	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
-	data1	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
-	data1	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
-	data1	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
-	data1	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
-	data1	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
-	data1	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
-	data1	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
-	data1	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-.size	AES_Td#,2048+256	// HP-UX assembler fails to ".-AES_Td#"
diff --git a/crypto/aes/asm/aes-mips.S b/crypto/aes/asm/aes-mips.S
deleted file mode 100644
index f5750bf83f..0000000000
--- a/crypto/aes/asm/aes-mips.S
+++ /dev/null
@@ -1,1337 +0,0 @@
-.text
-#ifdef OPENSSL_FIPSCANISTER
-# include <openssl/fipssyms.h>
-#endif
-
-#if !defined(__vxworks) || defined(__pic__)
-.option	pic2
-#endif
-.set	noat
-.align	5
-.ent	_mips_AES_encrypt
-_mips_AES_encrypt:
-	.frame	$29,0,$31
-	.set	reorder
-	lw	$12,0($6)
-	lw	$13,4($6)
-	lw	$14,8($6)
-	lw	$15,12($6)
-	lw	$30,240($6)
-	add $3,$6,16
-
-	xor	$8,$12
-	xor	$9,$13
-	xor	$10,$14
-	xor	$11,$15
-
-	sub	$30,1
-	srl	$1,$9,6
-.Loop_enc:
-	srl	$2,$10,6
-	srl	$24,$11,6
-	srl	$25,$8,6
-	and	$1,0x3fc
-	and	$2,0x3fc
-	and	$24,0x3fc
-	and	$25,0x3fc
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lwl	$12,2($1)		# Te1[s1>>16]
-	lwl	$13,2($2)		# Te1[s2>>16]
-	lwl	$14,2($24)		# Te1[s3>>16]
-	lwl	$15,2($25)		# Te1[s0>>16]
-	lwr	$12,3($1)		# Te1[s1>>16]
-	lwr	$13,3($2)		# Te1[s2>>16]
-	lwr	$14,3($24)		# Te1[s3>>16]
-	lwr	$15,3($25)		# Te1[s0>>16]
-
-	srl	$1,$10,14
-	srl	$2,$11,14
-	srl	$24,$8,14
-	srl	$25,$9,14
-	and	$1,0x3fc
-	and	$2,0x3fc
-	and	$24,0x3fc
-	and	$25,0x3fc
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lwl	$16,1($1)		# Te2[s2>>8]
-	lwl	$17,1($2)		# Te2[s3>>8]
-	lwl	$18,1($24)		# Te2[s0>>8]
-	lwl	$19,1($25)		# Te2[s1>>8]
-	lwr	$16,2($1)		# Te2[s2>>8]
-	lwr	$17,2($2)		# Te2[s3>>8]
-	lwr	$18,2($24)		# Te2[s0>>8]
-	lwr	$19,2($25)		# Te2[s1>>8]
-
-	srl	$1,$11,22
-	srl	$2,$8,22
-	srl	$24,$9,22
-	srl	$25,$10,22
-	and	$1,0x3fc
-	and	$2,0x3fc
-	and	$24,0x3fc
-	and	$25,0x3fc
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lwl	$20,0($1)		# Te3[s3]
-	lwl	$21,0($2)		# Te3[s0]
-	lwl	$22,0($24)		# Te3[s1]
-	lwl	$23,0($25)		# Te3[s2]
-	lwr	$20,1($1)		# Te3[s3]
-	lwr	$21,1($2)		# Te3[s0]
-	lwr	$22,1($24)		# Te3[s1]
-	lwr	$23,1($25)		# Te3[s2]
-
-	sll	$1,$8,2
-	sll	$2,$9,2
-	sll	$24,$10,2
-	sll	$25,$11,2
-	and	$1,0x3fc
-	and	$2,0x3fc
-	and	$24,0x3fc
-	and	$25,0x3fc
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	xor	$12,$16
-	xor	$13,$17
-	xor	$14,$18
-	xor	$15,$19
-	lw	$16,0($1)		# Te0[s0>>24]
-	lw	$17,0($2)		# Te0[s1>>24]
-	lw	$18,0($24)		# Te0[s2>>24]
-	lw	$19,0($25)		# Te0[s3>>24]
-
-	lw	$8,0($3)
-	lw	$9,4($3)
-	lw	$10,8($3)
-	lw	$11,12($3)
-
-	xor	$12,$20
-	xor	$13,$21
-	xor	$14,$22
-	xor	$15,$23
-
-	xor	$12,$16
-	xor	$13,$17
-	xor	$14,$18
-	xor	$15,$19
-
-	sub	$30,1
-	add $3,16
-	xor	$8,$12
-	xor	$9,$13
-	xor	$10,$14
-	xor	$11,$15
-	.set	noreorder
-	bnez	$30,.Loop_enc
-	srl	$1,$9,6
-
-	.set	reorder
-	srl	$2,$10,6
-	srl	$24,$11,6
-	srl	$25,$8,6
-	and	$1,0x3fc
-	and	$2,0x3fc
-	and	$24,0x3fc
-	and	$25,0x3fc
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lbu	$12,2($1)		# Te4[s1>>16]
-	lbu	$13,2($2)		# Te4[s2>>16]
-	lbu	$14,2($24)		# Te4[s3>>16]
-	lbu	$15,2($25)		# Te4[s0>>16]
-
-	srl	$1,$10,14
-	srl	$2,$11,14
-	srl	$24,$8,14
-	srl	$25,$9,14
-	and	$1,0x3fc
-	and	$2,0x3fc
-	and	$24,0x3fc
-	and	$25,0x3fc
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lbu	$16,2($1)		# Te4[s2>>8]
-	lbu	$17,2($2)		# Te4[s3>>8]
-	lbu	$18,2($24)		# Te4[s0>>8]
-	lbu	$19,2($25)		# Te4[s1>>8]
-
-	sll	$1,$8,2
-	sll	$2,$9,2
-	sll	$24,$10,2
-	sll	$25,$11,2
-	and	$1,0x3fc
-	and	$2,0x3fc
-	and	$24,0x3fc
-	and	$25,0x3fc
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lbu	$20,2($1)		# Te4[s0>>24]
-	lbu	$21,2($2)		# Te4[s1>>24]
-	lbu	$22,2($24)		# Te4[s2>>24]
-	lbu	$23,2($25)		# Te4[s3>>24]
-
-	srl	$1,$11,22
-	srl	$2,$8,22
-	srl	$24,$9,22
-	srl	$25,$10,22
-	and	$1,0x3fc
-	and	$2,0x3fc
-	and	$24,0x3fc
-	and	$25,0x3fc
-
-	sll	$12,$12,8
-	sll	$13,$13,8
-	sll	$14,$14,8
-	sll	$15,$15,8
-
-	sll	$16,$16,16
-	sll	$17,$17,16
-	sll	$18,$18,16
-	sll	$19,$19,16
-
-	xor	$12,$16
-	xor	$13,$17
-	xor	$14,$18
-	xor	$15,$19
-
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lbu	$16,2($1)		# Te4[s3]
-	lbu	$17,2($2)		# Te4[s0]
-	lbu	$18,2($24)		# Te4[s1]
-	lbu	$19,2($25)		# Te4[s2]
-
-	#sll	$20,$20,0
-	#sll	$21,$21,0
-	#sll	$22,$22,0
-	#sll	$23,$23,0
-
-	lw	$8,0($3)
-	lw	$9,4($3)
-	lw	$10,8($3)
-	lw	$11,12($3)
-
-	xor	$12,$20
-	xor	$13,$21
-	xor	$14,$22
-	xor	$15,$23
-
-	sll	$16,$16,24
-	sll	$17,$17,24
-	sll	$18,$18,24
-	sll	$19,$19,24
-
-	xor	$12,$16
-	xor	$13,$17
-	xor	$14,$18
-	xor	$15,$19
-
-	xor	$8,$12
-	xor	$9,$13
-	xor	$10,$14
-	xor	$11,$15
-
-	jr	$31
-.end	_mips_AES_encrypt
-
-.align	5
-.globl	AES_encrypt
-.ent	AES_encrypt
-AES_encrypt:
-	.frame	$29,64,$31
-	.mask	3237937152,-4
-	.set	noreorder
-	.cpload	$25
-	sub $29,64
-	sw	$31,64-1*4($29)
-	sw	$30,64-2*4($29)
-	sw	$23,64-3*4($29)
-	sw	$22,64-4*4($29)
-	sw	$21,64-5*4($29)
-	sw	$20,64-6*4($29)
-	sw	$19,64-7*4($29)
-	sw	$18,64-8*4($29)
-	sw	$17,64-9*4($29)
-	sw	$16,64-10*4($29)
-	.set	reorder
-	la	$7,AES_Te		# PIC-ified 'load address'
-
-	lwl	$8,0+3($4)
-	lwl	$9,4+3($4)
-	lwl	$10,8+3($4)
-	lwl	$11,12+3($4)
-	lwr	$8,0+0($4)
-	lwr	$9,4+0($4)
-	lwr	$10,8+0($4)
-	lwr	$11,12+0($4)
-
-	bal	_mips_AES_encrypt
-
-	swr	$8,0+0($5)
-	swr	$9,4+0($5)
-	swr	$10,8+0($5)
-	swr	$11,12+0($5)
-	swl	$8,0+3($5)
-	swl	$9,4+3($5)
-	swl	$10,8+3($5)
-	swl	$11,12+3($5)
-
-	.set	noreorder
-	lw	$31,64-1*4($29)
-	lw	$30,64-2*4($29)
-	lw	$23,64-3*4($29)
-	lw	$22,64-4*4($29)
-	lw	$21,64-5*4($29)
-	lw	$20,64-6*4($29)
-	lw	$19,64-7*4($29)
-	lw	$18,64-8*4($29)
-	lw	$17,64-9*4($29)
-	lw	$16,64-10*4($29)
-	jr	$31
-	add $29,64
-.end	AES_encrypt
-.align	5
-.ent	_mips_AES_decrypt
-_mips_AES_decrypt:
-	.frame	$29,0,$31
-	.set	reorder
-	lw	$12,0($6)
-	lw	$13,4($6)
-	lw	$14,8($6)
-	lw	$15,12($6)
-	lw	$30,240($6)
-	add $3,$6,16
-
-	xor	$8,$12
-	xor	$9,$13
-	xor	$10,$14
-	xor	$11,$15
-
-	sub	$30,1
-	srl	$1,$11,6
-.Loop_dec:
-	srl	$2,$8,6
-	srl	$24,$9,6
-	srl	$25,$10,6
-	and	$1,0x3fc
-	and	$2,0x3fc
-	and	$24,0x3fc
-	and	$25,0x3fc
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lwl	$12,2($1)		# Td1[s3>>16]
-	lwl	$13,2($2)		# Td1[s0>>16]
-	lwl	$14,2($24)		# Td1[s1>>16]
-	lwl	$15,2($25)		# Td1[s2>>16]
-	lwr	$12,3($1)		# Td1[s3>>16]
-	lwr	$13,3($2)		# Td1[s0>>16]
-	lwr	$14,3($24)		# Td1[s1>>16]
-	lwr	$15,3($25)		# Td1[s2>>16]
-
-	srl	$1,$10,14
-	srl	$2,$11,14
-	srl	$24,$8,14
-	srl	$25,$9,14
-	and	$1,0x3fc
-	and	$2,0x3fc
-	and	$24,0x3fc
-	and	$25,0x3fc
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lwl	$16,1($1)		# Td2[s2>>8]
-	lwl	$17,1($2)		# Td2[s3>>8]
-	lwl	$18,1($24)		# Td2[s0>>8]
-	lwl	$19,1($25)		# Td2[s1>>8]
-	lwr	$16,2($1)		# Td2[s2>>8]
-	lwr	$17,2($2)		# Td2[s3>>8]
-	lwr	$18,2($24)		# Td2[s0>>8]
-	lwr	$19,2($25)		# Td2[s1>>8]
-
-	srl	$1,$9,22
-	srl	$2,$10,22
-	srl	$24,$11,22
-	srl	$25,$8,22
-	and	$1,0x3fc
-	and	$2,0x3fc
-	and	$24,0x3fc
-	and	$25,0x3fc
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lwl	$20,0($1)		# Td3[s1]
-	lwl	$21,0($2)		# Td3[s2]
-	lwl	$22,0($24)		# Td3[s3]
-	lwl	$23,0($25)		# Td3[s0]
-	lwr	$20,1($1)		# Td3[s1]
-	lwr	$21,1($2)		# Td3[s2]
-	lwr	$22,1($24)		# Td3[s3]
-	lwr	$23,1($25)		# Td3[s0]
-
-	sll	$1,$8,2
-	sll	$2,$9,2
-	sll	$24,$10,2
-	sll	$25,$11,2
-	and	$1,0x3fc
-	and	$2,0x3fc
-	and	$24,0x3fc
-	and	$25,0x3fc
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-
-	xor	$12,$16
-	xor	$13,$17
-	xor	$14,$18
-	xor	$15,$19
-
-
-	lw	$16,0($1)		# Td0[s0>>24]
-	lw	$17,0($2)		# Td0[s1>>24]
-	lw	$18,0($24)		# Td0[s2>>24]
-	lw	$19,0($25)		# Td0[s3>>24]
-
-	lw	$8,0($3)
-	lw	$9,4($3)
-	lw	$10,8($3)
-	lw	$11,12($3)
-
-	xor	$12,$20
-	xor	$13,$21
-	xor	$14,$22
-	xor	$15,$23
-
-	xor	$12,$16
-	xor	$13,$17
-	xor	$14,$18
-	xor	$15,$19
-
-	sub	$30,1
-	add $3,16
-	xor	$8,$12
-	xor	$9,$13
-	xor	$10,$14
-	xor	$11,$15
-	.set	noreorder
-	bnez	$30,.Loop_dec
-	srl	$1,$11,6
-
-	.set	reorder
-	lw	$16,1024($7)		# prefetch Td4
-	lw	$17,1024+32($7)
-	lw	$18,1024+64($7)
-	lw	$19,1024+96($7)
-	lw	$20,1024+128($7)
-	lw	$21,1024+160($7)
-	lw	$22,1024+192($7)
-	lw	$23,1024+224($7)
-
-	srl	$1,$11,8
-	srl	$2,$8,8
-	srl	$24,$9,8
-	srl	$25,$10,8
-	and	$1,0xff
-	and	$2,0xff
-	and	$24,0xff
-	and	$25,0xff
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lbu	$12,1024($1)		# Td4[s3>>16]
-	lbu	$13,1024($2)		# Td4[s0>>16]
-	lbu	$14,1024($24)		# Td4[s1>>16]
-	lbu	$15,1024($25)		# Td4[s2>>16]
-
-	srl	$1,$10,16
-	srl	$2,$11,16
-	srl	$24,$8,16
-	srl	$25,$9,16
-	and	$1,0xff
-	and	$2,0xff
-	and	$24,0xff
-	and	$25,0xff
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lbu	$16,1024($1)		# Td4[s2>>8]
-	lbu	$17,1024($2)		# Td4[s3>>8]
-	lbu	$18,1024($24)		# Td4[s0>>8]
-	lbu	$19,1024($25)		# Td4[s1>>8]
-
-	and	$1,$8,0xff
-	and	$2,$9,0xff
-	and	$24,$10,0xff
-	and	$25,$11,0xff
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lbu	$20,1024($1)		# Td4[s0>>24]
-	lbu	$21,1024($2)		# Td4[s1>>24]
-	lbu	$22,1024($24)		# Td4[s2>>24]
-	lbu	$23,1024($25)		# Td4[s3>>24]
-
-	srl	$1,$9,24
-	srl	$2,$10,24
-	srl	$24,$11,24
-	srl	$25,$8,24
-
-	sll	$12,$12,8
-	sll	$13,$13,8
-	sll	$14,$14,8
-	sll	$15,$15,8
-
-	sll	$16,$16,16
-	sll	$17,$17,16
-	sll	$18,$18,16
-	sll	$19,$19,16
-
-	xor	$12,$16
-	xor	$13,$17
-	xor	$14,$18
-	xor	$15,$19
-
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lbu	$16,1024($1)		# Td4[s1]
-	lbu	$17,1024($2)		# Td4[s2]
-	lbu	$18,1024($24)		# Td4[s3]
-	lbu	$19,1024($25)		# Td4[s0]
-
-	#sll	$20,$20,0
-	#sll	$21,$21,0
-	#sll	$22,$22,0
-	#sll	$23,$23,0
-
-	lw	$8,0($3)
-	lw	$9,4($3)
-	lw	$10,8($3)
-	lw	$11,12($3)
-
-	sll	$16,$16,24
-	sll	$17,$17,24
-	sll	$18,$18,24
-	sll	$19,$19,24
-
-
-	xor	$12,$20
-	xor	$13,$21
-	xor	$14,$22
-	xor	$15,$23
-
-	xor	$12,$16
-	xor	$13,$17
-	xor	$14,$18
-	xor	$15,$19
-
-	xor	$8,$12
-	xor	$9,$13
-	xor	$10,$14
-	xor	$11,$15
-
-	jr	$31
-.end	_mips_AES_decrypt
-
-.align	5
-.globl	AES_decrypt
-.ent	AES_decrypt
-AES_decrypt:
-	.frame	$29,64,$31
-	.mask	3237937152,-4
-	.set	noreorder
-	.cpload	$25
-	sub $29,64
-	sw	$31,64-1*4($29)
-	sw	$30,64-2*4($29)
-	sw	$23,64-3*4($29)
-	sw	$22,64-4*4($29)
-	sw	$21,64-5*4($29)
-	sw	$20,64-6*4($29)
-	sw	$19,64-7*4($29)
-	sw	$18,64-8*4($29)
-	sw	$17,64-9*4($29)
-	sw	$16,64-10*4($29)
-	.set	reorder
-	la	$7,AES_Td		# PIC-ified 'load address'
-
-	lwl	$8,0+3($4)
-	lwl	$9,4+3($4)
-	lwl	$10,8+3($4)
-	lwl	$11,12+3($4)
-	lwr	$8,0+0($4)
-	lwr	$9,4+0($4)
-	lwr	$10,8+0($4)
-	lwr	$11,12+0($4)
-
-	bal	_mips_AES_decrypt
-
-	swr	$8,0+0($5)
-	swr	$9,4+0($5)
-	swr	$10,8+0($5)
-	swr	$11,12+0($5)
-	swl	$8,0+3($5)
-	swl	$9,4+3($5)
-	swl	$10,8+3($5)
-	swl	$11,12+3($5)
-
-	.set	noreorder
-	lw	$31,64-1*4($29)
-	lw	$30,64-2*4($29)
-	lw	$23,64-3*4($29)
-	lw	$22,64-4*4($29)
-	lw	$21,64-5*4($29)
-	lw	$20,64-6*4($29)
-	lw	$19,64-7*4($29)
-	lw	$18,64-8*4($29)
-	lw	$17,64-9*4($29)
-	lw	$16,64-10*4($29)
-	jr	$31
-	add $29,64
-.end	AES_decrypt
-.align	5
-.ent	_mips_AES_set_encrypt_key
-_mips_AES_set_encrypt_key:
-	.frame	$29,0,$31
-	.set	noreorder
-	beqz	$4,.Lekey_done
-	li	$2,-1
-	beqz	$6,.Lekey_done
-	add $3,$7,1024+256
-
-	.set	reorder
-	lwl	$8,0+3($4)	# load 128 bits
-	lwl	$9,4+3($4)
-	lwl	$10,8+3($4)
-	lwl	$11,12+3($4)
-	li	$1,128
-	lwr	$8,0+0($4)
-	lwr	$9,4+0($4)
-	lwr	$10,8+0($4)
-	lwr	$11,12+0($4)
-	.set	noreorder
-	beq	$5,$1,.L128bits
-	li	$30,10
-
-	.set	reorder
-	lwl	$12,16+3($4)	# load 192 bits
-	lwl	$13,20+3($4)
-	li	$1,192
-	lwr	$12,16+0($4)
-	lwr	$13,20+0($4)
-	.set	noreorder
-	beq	$5,$1,.L192bits
-	li	$30,8
-
-	.set	reorder
-	lwl	$14,24+3($4)	# load 256 bits
-	lwl	$15,28+3($4)
-	li	$1,256
-	lwr	$14,24+0($4)
-	lwr	$15,28+0($4)
-	.set	noreorder
-	beq	$5,$1,.L256bits
-	li	$30,7
-
-	b	.Lekey_done
-	li	$2,-2
-
-.align	4
-.L128bits:
-	.set	reorder
-	srl	$1,$11,16
-	srl	$2,$11,8
-	and	$1,0xff
-	and	$2,0xff
-	and	$24,$11,0xff
-	srl	$25,$11,24
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lbu	$1,1024($1)
-	lbu	$2,1024($2)
-	lbu	$24,1024($24)
-	lbu	$25,1024($25)
-
-	sw	$8,0($6)
-	sw	$9,4($6)
-	sw	$10,8($6)
-	sw	$11,12($6)
-	sub	$30,1
-	add $6,16
-
-	sll	$1,$1,8
-	#sll	$2,$2,0
-	sll	$24,$24,24
-	sll	$25,$25,16
-
-	xor	$8,$1
-	lw	$1,0($3)
-	xor	$8,$2
-	xor	$8,$24
-	xor	$8,$25
-	xor	$8,$1
-
-	xor	$9,$8
-	xor	$10,$9
-	xor	$11,$10
-
-	.set	noreorder
-	bnez	$30,.L128bits
-	add $3,4
-
-	sw	$8,0($6)
-	sw	$9,4($6)
-	sw	$10,8($6)
-	li	$30,10
-	sw	$11,12($6)
-	li	$2,0
-	sw	$30,80($6)
-	b	.Lekey_done
-	sub $6,10*16
-
-.align	4
-.L192bits:
-	.set	reorder
-	srl	$1,$13,16
-	srl	$2,$13,8
-	and	$1,0xff
-	and	$2,0xff
-	and	$24,$13,0xff
-	srl	$25,$13,24
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lbu	$1,1024($1)
-	lbu	$2,1024($2)
-	lbu	$24,1024($24)
-	lbu	$25,1024($25)
-
-	sw	$8,0($6)
-	sw	$9,4($6)
-	sw	$10,8($6)
-	sw	$11,12($6)
-	sw	$12,16($6)
-	sw	$13,20($6)
-	sub	$30,1
-	add $6,24
-
-	sll	$1,$1,8
-	#sll	$2,$2,0
-	sll	$24,$24,24
-	sll	$25,$25,16
-
-	xor	$8,$1
-	lw	$1,0($3)
-	xor	$8,$2
-	xor	$8,$24
-	xor	$8,$25
-	xor	$8,$1
-
-	xor	$9,$8
-	xor	$10,$9
-	xor	$11,$10
-	xor	$12,$11
-	xor	$13,$12
-
-	.set	noreorder
-	bnez	$30,.L192bits
-	add $3,4
-
-	sw	$8,0($6)
-	sw	$9,4($6)
-	sw	$10,8($6)
-	li	$30,12
-	sw	$11,12($6)
-	li	$2,0
-	sw	$30,48($6)
-	b	.Lekey_done
-	sub $6,12*16
-
-.align	4
-.L256bits:
-	.set	reorder
-	srl	$1,$15,16
-	srl	$2,$15,8
-	and	$1,0xff
-	and	$2,0xff
-	and	$24,$15,0xff
-	srl	$25,$15,24
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lbu	$1,1024($1)
-	lbu	$2,1024($2)
-	lbu	$24,1024($24)
-	lbu	$25,1024($25)
-
-	sw	$8,0($6)
-	sw	$9,4($6)
-	sw	$10,8($6)
-	sw	$11,12($6)
-	sw	$12,16($6)
-	sw	$13,20($6)
-	sw	$14,24($6)
-	sw	$15,28($6)
-	sub	$30,1
-
-	sll	$1,$1,8
-	#sll	$2,$2,0
-	sll	$24,$24,24
-	sll	$25,$25,16
-
-	xor	$8,$1
-	lw	$1,0($3)
-	xor	$8,$2
-	xor	$8,$24
-	xor	$8,$25
-	xor	$8,$1
-
-	xor	$9,$8
-	xor	$10,$9
-	xor	$11,$10
-	beqz	$30,.L256bits_done
-
-	srl	$1,$11,24
-	srl	$2,$11,16
-	srl	$24,$11,8
-	and	$25,$11,0xff
-	and	$2,0xff
-	and	$24,0xff
-	add $1,$7
-	add $2,$7
-	add $24,$7
-	add $25,$7
-	lbu	$1,1024($1)
-	lbu	$2,1024($2)
-	lbu	$24,1024($24)
-	lbu	$25,1024($25)
-	sll	$1,24
-	sll	$2,16
-	sll	$24,8
-
-	xor	$12,$1
-	xor	$12,$2
-	xor	$12,$24
-	xor	$12,$25
-
-	xor	$13,$12
-	xor	$14,$13
-	xor	$15,$14
-
-	add $6,32
-	.set	noreorder
-	b	.L256bits
-	add $3,4
-
-.L256bits_done:
-	sw	$8,32($6)
-	sw	$9,36($6)
-	sw	$10,40($6)
-	li	$30,14
-	sw	$11,44($6)
-	li	$2,0
-	sw	$30,48($6)
-	sub $6,12*16
-
-.Lekey_done:
-	jr	$31
-	nop
-.end	_mips_AES_set_encrypt_key
-
-.globl	private_AES_set_encrypt_key
-.ent	private_AES_set_encrypt_key
-private_AES_set_encrypt_key:
-	.frame	$29,32,$31
-	.mask	3221225472,-4
-	.set	noreorder
-	.cpload	$25
-	sub $29,32
-	sw	$31,32-1*4($29)
-	sw	$30,32-2*4($29)
-	.set	reorder
-	la	$7,AES_Te		# PIC-ified 'load address'
-
-	bal	_mips_AES_set_encrypt_key
-
-	.set	noreorder
-	move	$4,$2
-	lw	$31,32-1*4($29)
-	lw	$30,32-2*4($29)
-	jr	$31
-	add $29,32
-.end	private_AES_set_encrypt_key
-.align	5
-.globl	private_AES_set_decrypt_key
-.ent	private_AES_set_decrypt_key
-private_AES_set_decrypt_key:
-	.frame	$29,32,$31
-	.mask	3221225472,-4
-	.set	noreorder
-	.cpload	$25
-	sub $29,32
-	sw	$31,32-1*4($29)
-	sw	$30,32-2*4($29)
-	.set	reorder
-	la	$7,AES_Te		# PIC-ified 'load address'
-
-	bal	_mips_AES_set_encrypt_key
-
-	bltz	$2,.Ldkey_done
-
-	sll	$1,$30,4
-	add $4,$6,0
-	add $5,$6,$1
-.align	4
-.Lswap:
-	lw	$8,0($4)
-	lw	$9,4($4)
-	lw	$10,8($4)
-	lw	$11,12($4)
-	lw	$12,0($5)
-	lw	$13,4($5)
-	lw	$14,8($5)
-	lw	$15,12($5)
-	sw	$8,0($5)
-	sw	$9,4($5)
-	sw	$10,8($5)
-	sw	$11,12($5)
-	add $4,16
-	sub $5,16
-	sw	$12,-16($4)
-	sw	$13,-12($4)
-	sw	$14,-8($4)
-	sw	$15,-4($4)
-	bne	$4,$5,.Lswap
-
-	lw	$8,16($6)		# modulo-scheduled
-	lui	$2,0x8080
-	sub	$30,1
-	or	$2,0x8080
-	sll	$30,2
-	add $6,16
-	lui	$25,0x1b1b
-	nor	$24,$0,$2
-	or	$25,0x1b1b
-.align	4
-.Lmix:
-	and	$1,$8,$2
-	and	$9,$8,$24
-	srl	$10,$1,7
-	addu	$9,$9		# tp2<<1
-	subu	$1,$10
-	and	$1,$25
-	xor	$9,$1
-
-	and	$1,$9,$2
-	and	$10,$9,$24
-	srl	$11,$1,7
-	addu	$10,$10		# tp4<<1
-	subu	$1,$11
-	and	$1,$25
-	xor	$10,$1
-
-	and	$1,$10,$2
-	and	$11,$10,$24
-	srl	$12,$1,7
-	addu	$11,$11		# tp8<<1
-	subu	$1,$12
-	and	$1,$25
-	xor	$11,$1
-
-	xor	$12,$11,$8
-	xor	$15,$11,$10
-	xor	$13,$12,$9
-	xor	$14,$12,$10
-
-	sll	$8,$14,16
-	 xor	$15,$9
-	srl	$9,$14,16
-	xor	$15,$8
-	sll	$8,$12,8
-	xor	$15,$9
-	srl	$9,$12,24
-	xor	$15,$8
-	sll	$8,$13,24
-	xor	$15,$9
-	srl	$9,$13,8
-	xor	$15,$8
-	lw	$8,4($6)		# modulo-scheduled
-	xor	$15,$9
-	sub	$30,1
-	sw	$15,0($6)
-	add $6,4
-	bnez	$30,.Lmix
-
-	li	$2,0
-.Ldkey_done:
-	.set	noreorder
-	move	$4,$2
-	lw	$31,32-1*4($29)
-	lw	$30,32-2*4($29)
-	jr	$31
-	add $29,32
-.end	private_AES_set_decrypt_key
-.rdata
-.align	6
-AES_Te:
-.byte	0xc6,0x63,0x63,0xa5,	0xf8,0x7c,0x7c,0x84	# Te0
-.byte	0xee,0x77,0x77,0x99,	0xf6,0x7b,0x7b,0x8d
-.byte	0xff,0xf2,0xf2,0x0d,	0xd6,0x6b,0x6b,0xbd
-.byte	0xde,0x6f,0x6f,0xb1,	0x91,0xc5,0xc5,0x54
-.byte	0x60,0x30,0x30,0x50,	0x02,0x01,0x01,0x03
-.byte	0xce,0x67,0x67,0xa9,	0x56,0x2b,0x2b,0x7d
-.byte	0xe7,0xfe,0xfe,0x19,	0xb5,0xd7,0xd7,0x62
-.byte	0x4d,0xab,0xab,0xe6,	0xec,0x76,0x76,0x9a
-.byte	0x8f,0xca,0xca,0x45,	0x1f,0x82,0x82,0x9d
-.byte	0x89,0xc9,0xc9,0x40,	0xfa,0x7d,0x7d,0x87
-.byte	0xef,0xfa,0xfa,0x15,	0xb2,0x59,0x59,0xeb
-.byte	0x8e,0x47,0x47,0xc9,	0xfb,0xf0,0xf0,0x0b
-.byte	0x41,0xad,0xad,0xec,	0xb3,0xd4,0xd4,0x67
-.byte	0x5f,0xa2,0xa2,0xfd,	0x45,0xaf,0xaf,0xea
-.byte	0x23,0x9c,0x9c,0xbf,	0x53,0xa4,0xa4,0xf7
-.byte	0xe4,0x72,0x72,0x96,	0x9b,0xc0,0xc0,0x5b
-.byte	0x75,0xb7,0xb7,0xc2,	0xe1,0xfd,0xfd,0x1c
-.byte	0x3d,0x93,0x93,0xae,	0x4c,0x26,0x26,0x6a
-.byte	0x6c,0x36,0x36,0x5a,	0x7e,0x3f,0x3f,0x41
-.byte	0xf5,0xf7,0xf7,0x02,	0x83,0xcc,0xcc,0x4f
-.byte	0x68,0x34,0x34,0x5c,	0x51,0xa5,0xa5,0xf4
-.byte	0xd1,0xe5,0xe5,0x34,	0xf9,0xf1,0xf1,0x08
-.byte	0xe2,0x71,0x71,0x93,	0xab,0xd8,0xd8,0x73
-.byte	0x62,0x31,0x31,0x53,	0x2a,0x15,0x15,0x3f
-.byte	0x08,0x04,0x04,0x0c,	0x95,0xc7,0xc7,0x52
-.byte	0x46,0x23,0x23,0x65,	0x9d,0xc3,0xc3,0x5e
-.byte	0x30,0x18,0x18,0x28,	0x37,0x96,0x96,0xa1
-.byte	0x0a,0x05,0x05,0x0f,	0x2f,0x9a,0x9a,0xb5
-.byte	0x0e,0x07,0x07,0x09,	0x24,0x12,0x12,0x36
-.byte	0x1b,0x80,0x80,0x9b,	0xdf,0xe2,0xe2,0x3d
-.byte	0xcd,0xeb,0xeb,0x26,	0x4e,0x27,0x27,0x69
-.byte	0x7f,0xb2,0xb2,0xcd,	0xea,0x75,0x75,0x9f
-.byte	0x12,0x09,0x09,0x1b,	0x1d,0x83,0x83,0x9e
-.byte	0x58,0x2c,0x2c,0x74,	0x34,0x1a,0x1a,0x2e
-.byte	0x36,0x1b,0x1b,0x2d,	0xdc,0x6e,0x6e,0xb2
-.byte	0xb4,0x5a,0x5a,0xee,	0x5b,0xa0,0xa0,0xfb
-.byte	0xa4,0x52,0x52,0xf6,	0x76,0x3b,0x3b,0x4d
-.byte	0xb7,0xd6,0xd6,0x61,	0x7d,0xb3,0xb3,0xce
-.byte	0x52,0x29,0x29,0x7b,	0xdd,0xe3,0xe3,0x3e
-.byte	0x5e,0x2f,0x2f,0x71,	0x13,0x84,0x84,0x97
-.byte	0xa6,0x53,0x53,0xf5,	0xb9,0xd1,0xd1,0x68
-.byte	0x00,0x00,0x00,0x00,	0xc1,0xed,0xed,0x2c
-.byte	0x40,0x20,0x20,0x60,	0xe3,0xfc,0xfc,0x1f
-.byte	0x79,0xb1,0xb1,0xc8,	0xb6,0x5b,0x5b,0xed
-.byte	0xd4,0x6a,0x6a,0xbe,	0x8d,0xcb,0xcb,0x46
-.byte	0x67,0xbe,0xbe,0xd9,	0x72,0x39,0x39,0x4b
-.byte	0x94,0x4a,0x4a,0xde,	0x98,0x4c,0x4c,0xd4
-.byte	0xb0,0x58,0x58,0xe8,	0x85,0xcf,0xcf,0x4a
-.byte	0xbb,0xd0,0xd0,0x6b,	0xc5,0xef,0xef,0x2a
-.byte	0x4f,0xaa,0xaa,0xe5,	0xed,0xfb,0xfb,0x16
-.byte	0x86,0x43,0x43,0xc5,	0x9a,0x4d,0x4d,0xd7
-.byte	0x66,0x33,0x33,0x55,	0x11,0x85,0x85,0x94
-.byte	0x8a,0x45,0x45,0xcf,	0xe9,0xf9,0xf9,0x10
-.byte	0x04,0x02,0x02,0x06,	0xfe,0x7f,0x7f,0x81
-.byte	0xa0,0x50,0x50,0xf0,	0x78,0x3c,0x3c,0x44
-.byte	0x25,0x9f,0x9f,0xba,	0x4b,0xa8,0xa8,0xe3
-.byte	0xa2,0x51,0x51,0xf3,	0x5d,0xa3,0xa3,0xfe
-.byte	0x80,0x40,0x40,0xc0,	0x05,0x8f,0x8f,0x8a
-.byte	0x3f,0x92,0x92,0xad,	0x21,0x9d,0x9d,0xbc
-.byte	0x70,0x38,0x38,0x48,	0xf1,0xf5,0xf5,0x04
-.byte	0x63,0xbc,0xbc,0xdf,	0x77,0xb6,0xb6,0xc1
-.byte	0xaf,0xda,0xda,0x75,	0x42,0x21,0x21,0x63
-.byte	0x20,0x10,0x10,0x30,	0xe5,0xff,0xff,0x1a
-.byte	0xfd,0xf3,0xf3,0x0e,	0xbf,0xd2,0xd2,0x6d
-.byte	0x81,0xcd,0xcd,0x4c,	0x18,0x0c,0x0c,0x14
-.byte	0x26,0x13,0x13,0x35,	0xc3,0xec,0xec,0x2f
-.byte	0xbe,0x5f,0x5f,0xe1,	0x35,0x97,0x97,0xa2
-.byte	0x88,0x44,0x44,0xcc,	0x2e,0x17,0x17,0x39
-.byte	0x93,0xc4,0xc4,0x57,	0x55,0xa7,0xa7,0xf2
-.byte	0xfc,0x7e,0x7e,0x82,	0x7a,0x3d,0x3d,0x47
-.byte	0xc8,0x64,0x64,0xac,	0xba,0x5d,0x5d,0xe7
-.byte	0x32,0x19,0x19,0x2b,	0xe6,0x73,0x73,0x95
-.byte	0xc0,0x60,0x60,0xa0,	0x19,0x81,0x81,0x98
-.byte	0x9e,0x4f,0x4f,0xd1,	0xa3,0xdc,0xdc,0x7f
-.byte	0x44,0x22,0x22,0x66,	0x54,0x2a,0x2a,0x7e
-.byte	0x3b,0x90,0x90,0xab,	0x0b,0x88,0x88,0x83
-.byte	0x8c,0x46,0x46,0xca,	0xc7,0xee,0xee,0x29
-.byte	0x6b,0xb8,0xb8,0xd3,	0x28,0x14,0x14,0x3c
-.byte	0xa7,0xde,0xde,0x79,	0xbc,0x5e,0x5e,0xe2
-.byte	0x16,0x0b,0x0b,0x1d,	0xad,0xdb,0xdb,0x76
-.byte	0xdb,0xe0,0xe0,0x3b,	0x64,0x32,0x32,0x56
-.byte	0x74,0x3a,0x3a,0x4e,	0x14,0x0a,0x0a,0x1e
-.byte	0x92,0x49,0x49,0xdb,	0x0c,0x06,0x06,0x0a
-.byte	0x48,0x24,0x24,0x6c,	0xb8,0x5c,0x5c,0xe4
-.byte	0x9f,0xc2,0xc2,0x5d,	0xbd,0xd3,0xd3,0x6e
-.byte	0x43,0xac,0xac,0xef,	0xc4,0x62,0x62,0xa6
-.byte	0x39,0x91,0x91,0xa8,	0x31,0x95,0x95,0xa4
-.byte	0xd3,0xe4,0xe4,0x37,	0xf2,0x79,0x79,0x8b
-.byte	0xd5,0xe7,0xe7,0x32,	0x8b,0xc8,0xc8,0x43
-.byte	0x6e,0x37,0x37,0x59,	0xda,0x6d,0x6d,0xb7
-.byte	0x01,0x8d,0x8d,0x8c,	0xb1,0xd5,0xd5,0x64
-.byte	0x9c,0x4e,0x4e,0xd2,	0x49,0xa9,0xa9,0xe0
-.byte	0xd8,0x6c,0x6c,0xb4,	0xac,0x56,0x56,0xfa
-.byte	0xf3,0xf4,0xf4,0x07,	0xcf,0xea,0xea,0x25
-.byte	0xca,0x65,0x65,0xaf,	0xf4,0x7a,0x7a,0x8e
-.byte	0x47,0xae,0xae,0xe9,	0x10,0x08,0x08,0x18
-.byte	0x6f,0xba,0xba,0xd5,	0xf0,0x78,0x78,0x88
-.byte	0x4a,0x25,0x25,0x6f,	0x5c,0x2e,0x2e,0x72
-.byte	0x38,0x1c,0x1c,0x24,	0x57,0xa6,0xa6,0xf1
-.byte	0x73,0xb4,0xb4,0xc7,	0x97,0xc6,0xc6,0x51
-.byte	0xcb,0xe8,0xe8,0x23,	0xa1,0xdd,0xdd,0x7c
-.byte	0xe8,0x74,0x74,0x9c,	0x3e,0x1f,0x1f,0x21
-.byte	0x96,0x4b,0x4b,0xdd,	0x61,0xbd,0xbd,0xdc
-.byte	0x0d,0x8b,0x8b,0x86,	0x0f,0x8a,0x8a,0x85
-.byte	0xe0,0x70,0x70,0x90,	0x7c,0x3e,0x3e,0x42
-.byte	0x71,0xb5,0xb5,0xc4,	0xcc,0x66,0x66,0xaa
-.byte	0x90,0x48,0x48,0xd8,	0x06,0x03,0x03,0x05
-.byte	0xf7,0xf6,0xf6,0x01,	0x1c,0x0e,0x0e,0x12
-.byte	0xc2,0x61,0x61,0xa3,	0x6a,0x35,0x35,0x5f
-.byte	0xae,0x57,0x57,0xf9,	0x69,0xb9,0xb9,0xd0
-.byte	0x17,0x86,0x86,0x91,	0x99,0xc1,0xc1,0x58
-.byte	0x3a,0x1d,0x1d,0x27,	0x27,0x9e,0x9e,0xb9
-.byte	0xd9,0xe1,0xe1,0x38,	0xeb,0xf8,0xf8,0x13
-.byte	0x2b,0x98,0x98,0xb3,	0x22,0x11,0x11,0x33
-.byte	0xd2,0x69,0x69,0xbb,	0xa9,0xd9,0xd9,0x70
-.byte	0x07,0x8e,0x8e,0x89,	0x33,0x94,0x94,0xa7
-.byte	0x2d,0x9b,0x9b,0xb6,	0x3c,0x1e,0x1e,0x22
-.byte	0x15,0x87,0x87,0x92,	0xc9,0xe9,0xe9,0x20
-.byte	0x87,0xce,0xce,0x49,	0xaa,0x55,0x55,0xff
-.byte	0x50,0x28,0x28,0x78,	0xa5,0xdf,0xdf,0x7a
-.byte	0x03,0x8c,0x8c,0x8f,	0x59,0xa1,0xa1,0xf8
-.byte	0x09,0x89,0x89,0x80,	0x1a,0x0d,0x0d,0x17
-.byte	0x65,0xbf,0xbf,0xda,	0xd7,0xe6,0xe6,0x31
-.byte	0x84,0x42,0x42,0xc6,	0xd0,0x68,0x68,0xb8
-.byte	0x82,0x41,0x41,0xc3,	0x29,0x99,0x99,0xb0
-.byte	0x5a,0x2d,0x2d,0x77,	0x1e,0x0f,0x0f,0x11
-.byte	0x7b,0xb0,0xb0,0xcb,	0xa8,0x54,0x54,0xfc
-.byte	0x6d,0xbb,0xbb,0xd6,	0x2c,0x16,0x16,0x3a
-
-.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5	# Te4
-.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
-.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
-.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
-.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
-.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
-.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
-.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
-.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
-.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
-.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
-.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
-.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
-.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
-.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
-.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
-.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
-.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
-.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
-.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
-.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
-.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
-.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
-.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
-.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
-.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
-.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
-.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
-.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
-.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
-.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
-.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-
-.byte	0x01,0x00,0x00,0x00,	0x02,0x00,0x00,0x00	# rcon
-.byte	0x04,0x00,0x00,0x00,	0x08,0x00,0x00,0x00
-.byte	0x10,0x00,0x00,0x00,	0x20,0x00,0x00,0x00
-.byte	0x40,0x00,0x00,0x00,	0x80,0x00,0x00,0x00
-.byte	0x1B,0x00,0x00,0x00,	0x36,0x00,0x00,0x00
-
-.align	6
-AES_Td:
-.byte	0x51,0xf4,0xa7,0x50,	0x7e,0x41,0x65,0x53	# Td0
-.byte	0x1a,0x17,0xa4,0xc3,	0x3a,0x27,0x5e,0x96
-.byte	0x3b,0xab,0x6b,0xcb,	0x1f,0x9d,0x45,0xf1
-.byte	0xac,0xfa,0x58,0xab,	0x4b,0xe3,0x03,0x93
-.byte	0x20,0x30,0xfa,0x55,	0xad,0x76,0x6d,0xf6
-.byte	0x88,0xcc,0x76,0x91,	0xf5,0x02,0x4c,0x25
-.byte	0x4f,0xe5,0xd7,0xfc,	0xc5,0x2a,0xcb,0xd7
-.byte	0x26,0x35,0x44,0x80,	0xb5,0x62,0xa3,0x8f
-.byte	0xde,0xb1,0x5a,0x49,	0x25,0xba,0x1b,0x67
-.byte	0x45,0xea,0x0e,0x98,	0x5d,0xfe,0xc0,0xe1
-.byte	0xc3,0x2f,0x75,0x02,	0x81,0x4c,0xf0,0x12
-.byte	0x8d,0x46,0x97,0xa3,	0x6b,0xd3,0xf9,0xc6
-.byte	0x03,0x8f,0x5f,0xe7,	0x15,0x92,0x9c,0x95
-.byte	0xbf,0x6d,0x7a,0xeb,	0x95,0x52,0x59,0xda
-.byte	0xd4,0xbe,0x83,0x2d,	0x58,0x74,0x21,0xd3
-.byte	0x49,0xe0,0x69,0x29,	0x8e,0xc9,0xc8,0x44
-.byte	0x75,0xc2,0x89,0x6a,	0xf4,0x8e,0x79,0x78
-.byte	0x99,0x58,0x3e,0x6b,	0x27,0xb9,0x71,0xdd
-.byte	0xbe,0xe1,0x4f,0xb6,	0xf0,0x88,0xad,0x17
-.byte	0xc9,0x20,0xac,0x66,	0x7d,0xce,0x3a,0xb4
-.byte	0x63,0xdf,0x4a,0x18,	0xe5,0x1a,0x31,0x82
-.byte	0x97,0x51,0x33,0x60,	0x62,0x53,0x7f,0x45
-.byte	0xb1,0x64,0x77,0xe0,	0xbb,0x6b,0xae,0x84
-.byte	0xfe,0x81,0xa0,0x1c,	0xf9,0x08,0x2b,0x94
-.byte	0x70,0x48,0x68,0x58,	0x8f,0x45,0xfd,0x19
-.byte	0x94,0xde,0x6c,0x87,	0x52,0x7b,0xf8,0xb7
-.byte	0xab,0x73,0xd3,0x23,	0x72,0x4b,0x02,0xe2
-.byte	0xe3,0x1f,0x8f,0x57,	0x66,0x55,0xab,0x2a
-.byte	0xb2,0xeb,0x28,0x07,	0x2f,0xb5,0xc2,0x03
-.byte	0x86,0xc5,0x7b,0x9a,	0xd3,0x37,0x08,0xa5
-.byte	0x30,0x28,0x87,0xf2,	0x23,0xbf,0xa5,0xb2
-.byte	0x02,0x03,0x6a,0xba,	0xed,0x16,0x82,0x5c
-.byte	0x8a,0xcf,0x1c,0x2b,	0xa7,0x79,0xb4,0x92
-.byte	0xf3,0x07,0xf2,0xf0,	0x4e,0x69,0xe2,0xa1
-.byte	0x65,0xda,0xf4,0xcd,	0x06,0x05,0xbe,0xd5
-.byte	0xd1,0x34,0x62,0x1f,	0xc4,0xa6,0xfe,0x8a
-.byte	0x34,0x2e,0x53,0x9d,	0xa2,0xf3,0x55,0xa0
-.byte	0x05,0x8a,0xe1,0x32,	0xa4,0xf6,0xeb,0x75
-.byte	0x0b,0x83,0xec,0x39,	0x40,0x60,0xef,0xaa
-.byte	0x5e,0x71,0x9f,0x06,	0xbd,0x6e,0x10,0x51
-.byte	0x3e,0x21,0x8a,0xf9,	0x96,0xdd,0x06,0x3d
-.byte	0xdd,0x3e,0x05,0xae,	0x4d,0xe6,0xbd,0x46
-.byte	0x91,0x54,0x8d,0xb5,	0x71,0xc4,0x5d,0x05
-.byte	0x04,0x06,0xd4,0x6f,	0x60,0x50,0x15,0xff
-.byte	0x19,0x98,0xfb,0x24,	0xd6,0xbd,0xe9,0x97
-.byte	0x89,0x40,0x43,0xcc,	0x67,0xd9,0x9e,0x77
-.byte	0xb0,0xe8,0x42,0xbd,	0x07,0x89,0x8b,0x88
-.byte	0xe7,0x19,0x5b,0x38,	0x79,0xc8,0xee,0xdb
-.byte	0xa1,0x7c,0x0a,0x47,	0x7c,0x42,0x0f,0xe9
-.byte	0xf8,0x84,0x1e,0xc9,	0x00,0x00,0x00,0x00
-.byte	0x09,0x80,0x86,0x83,	0x32,0x2b,0xed,0x48
-.byte	0x1e,0x11,0x70,0xac,	0x6c,0x5a,0x72,0x4e
-.byte	0xfd,0x0e,0xff,0xfb,	0x0f,0x85,0x38,0x56
-.byte	0x3d,0xae,0xd5,0x1e,	0x36,0x2d,0x39,0x27
-.byte	0x0a,0x0f,0xd9,0x64,	0x68,0x5c,0xa6,0x21
-.byte	0x9b,0x5b,0x54,0xd1,	0x24,0x36,0x2e,0x3a
-.byte	0x0c,0x0a,0x67,0xb1,	0x93,0x57,0xe7,0x0f
-.byte	0xb4,0xee,0x96,0xd2,	0x1b,0x9b,0x91,0x9e
-.byte	0x80,0xc0,0xc5,0x4f,	0x61,0xdc,0x20,0xa2
-.byte	0x5a,0x77,0x4b,0x69,	0x1c,0x12,0x1a,0x16
-.byte	0xe2,0x93,0xba,0x0a,	0xc0,0xa0,0x2a,0xe5
-.byte	0x3c,0x22,0xe0,0x43,	0x12,0x1b,0x17,0x1d
-.byte	0x0e,0x09,0x0d,0x0b,	0xf2,0x8b,0xc7,0xad
-.byte	0x2d,0xb6,0xa8,0xb9,	0x14,0x1e,0xa9,0xc8
-.byte	0x57,0xf1,0x19,0x85,	0xaf,0x75,0x07,0x4c
-.byte	0xee,0x99,0xdd,0xbb,	0xa3,0x7f,0x60,0xfd
-.byte	0xf7,0x01,0x26,0x9f,	0x5c,0x72,0xf5,0xbc
-.byte	0x44,0x66,0x3b,0xc5,	0x5b,0xfb,0x7e,0x34
-.byte	0x8b,0x43,0x29,0x76,	0xcb,0x23,0xc6,0xdc
-.byte	0xb6,0xed,0xfc,0x68,	0xb8,0xe4,0xf1,0x63
-.byte	0xd7,0x31,0xdc,0xca,	0x42,0x63,0x85,0x10
-.byte	0x13,0x97,0x22,0x40,	0x84,0xc6,0x11,0x20
-.byte	0x85,0x4a,0x24,0x7d,	0xd2,0xbb,0x3d,0xf8
-.byte	0xae,0xf9,0x32,0x11,	0xc7,0x29,0xa1,0x6d
-.byte	0x1d,0x9e,0x2f,0x4b,	0xdc,0xb2,0x30,0xf3
-.byte	0x0d,0x86,0x52,0xec,	0x77,0xc1,0xe3,0xd0
-.byte	0x2b,0xb3,0x16,0x6c,	0xa9,0x70,0xb9,0x99
-.byte	0x11,0x94,0x48,0xfa,	0x47,0xe9,0x64,0x22
-.byte	0xa8,0xfc,0x8c,0xc4,	0xa0,0xf0,0x3f,0x1a
-.byte	0x56,0x7d,0x2c,0xd8,	0x22,0x33,0x90,0xef
-.byte	0x87,0x49,0x4e,0xc7,	0xd9,0x38,0xd1,0xc1
-.byte	0x8c,0xca,0xa2,0xfe,	0x98,0xd4,0x0b,0x36
-.byte	0xa6,0xf5,0x81,0xcf,	0xa5,0x7a,0xde,0x28
-.byte	0xda,0xb7,0x8e,0x26,	0x3f,0xad,0xbf,0xa4
-.byte	0x2c,0x3a,0x9d,0xe4,	0x50,0x78,0x92,0x0d
-.byte	0x6a,0x5f,0xcc,0x9b,	0x54,0x7e,0x46,0x62
-.byte	0xf6,0x8d,0x13,0xc2,	0x90,0xd8,0xb8,0xe8
-.byte	0x2e,0x39,0xf7,0x5e,	0x82,0xc3,0xaf,0xf5
-.byte	0x9f,0x5d,0x80,0xbe,	0x69,0xd0,0x93,0x7c
-.byte	0x6f,0xd5,0x2d,0xa9,	0xcf,0x25,0x12,0xb3
-.byte	0xc8,0xac,0x99,0x3b,	0x10,0x18,0x7d,0xa7
-.byte	0xe8,0x9c,0x63,0x6e,	0xdb,0x3b,0xbb,0x7b
-.byte	0xcd,0x26,0x78,0x09,	0x6e,0x59,0x18,0xf4
-.byte	0xec,0x9a,0xb7,0x01,	0x83,0x4f,0x9a,0xa8
-.byte	0xe6,0x95,0x6e,0x65,	0xaa,0xff,0xe6,0x7e
-.byte	0x21,0xbc,0xcf,0x08,	0xef,0x15,0xe8,0xe6
-.byte	0xba,0xe7,0x9b,0xd9,	0x4a,0x6f,0x36,0xce
-.byte	0xea,0x9f,0x09,0xd4,	0x29,0xb0,0x7c,0xd6
-.byte	0x31,0xa4,0xb2,0xaf,	0x2a,0x3f,0x23,0x31
-.byte	0xc6,0xa5,0x94,0x30,	0x35,0xa2,0x66,0xc0
-.byte	0x74,0x4e,0xbc,0x37,	0xfc,0x82,0xca,0xa6
-.byte	0xe0,0x90,0xd0,0xb0,	0x33,0xa7,0xd8,0x15
-.byte	0xf1,0x04,0x98,0x4a,	0x41,0xec,0xda,0xf7
-.byte	0x7f,0xcd,0x50,0x0e,	0x17,0x91,0xf6,0x2f
-.byte	0x76,0x4d,0xd6,0x8d,	0x43,0xef,0xb0,0x4d
-.byte	0xcc,0xaa,0x4d,0x54,	0xe4,0x96,0x04,0xdf
-.byte	0x9e,0xd1,0xb5,0xe3,	0x4c,0x6a,0x88,0x1b
-.byte	0xc1,0x2c,0x1f,0xb8,	0x46,0x65,0x51,0x7f
-.byte	0x9d,0x5e,0xea,0x04,	0x01,0x8c,0x35,0x5d
-.byte	0xfa,0x87,0x74,0x73,	0xfb,0x0b,0x41,0x2e
-.byte	0xb3,0x67,0x1d,0x5a,	0x92,0xdb,0xd2,0x52
-.byte	0xe9,0x10,0x56,0x33,	0x6d,0xd6,0x47,0x13
-.byte	0x9a,0xd7,0x61,0x8c,	0x37,0xa1,0x0c,0x7a
-.byte	0x59,0xf8,0x14,0x8e,	0xeb,0x13,0x3c,0x89
-.byte	0xce,0xa9,0x27,0xee,	0xb7,0x61,0xc9,0x35
-.byte	0xe1,0x1c,0xe5,0xed,	0x7a,0x47,0xb1,0x3c
-.byte	0x9c,0xd2,0xdf,0x59,	0x55,0xf2,0x73,0x3f
-.byte	0x18,0x14,0xce,0x79,	0x73,0xc7,0x37,0xbf
-.byte	0x53,0xf7,0xcd,0xea,	0x5f,0xfd,0xaa,0x5b
-.byte	0xdf,0x3d,0x6f,0x14,	0x78,0x44,0xdb,0x86
-.byte	0xca,0xaf,0xf3,0x81,	0xb9,0x68,0xc4,0x3e
-.byte	0x38,0x24,0x34,0x2c,	0xc2,0xa3,0x40,0x5f
-.byte	0x16,0x1d,0xc3,0x72,	0xbc,0xe2,0x25,0x0c
-.byte	0x28,0x3c,0x49,0x8b,	0xff,0x0d,0x95,0x41
-.byte	0x39,0xa8,0x01,0x71,	0x08,0x0c,0xb3,0xde
-.byte	0xd8,0xb4,0xe4,0x9c,	0x64,0x56,0xc1,0x90
-.byte	0x7b,0xcb,0x84,0x61,	0xd5,0x32,0xb6,0x70
-.byte	0x48,0x6c,0x5c,0x74,	0xd0,0xb8,0x57,0x42
-
-.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38	# Td4
-.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
-.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
-.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
-.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
-.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
-.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
-.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
-.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
-.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
-.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
-.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
-.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
-.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
-.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
-.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
-.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
-.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
-.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
-.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
-.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
-.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
-.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
-.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
-.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
-.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
-.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
-.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
-.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
-.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
-.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
-.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl
deleted file mode 100644
index 537c8d3172..0000000000
--- a/crypto/aes/asm/aes-mips.pl
+++ /dev/null
@@ -1,1611 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# AES for MIPS
-
-# October 2010
-#
-# Code uses 1K[+256B] S-box and on single-issue core [such as R5000]
-# spends ~68 cycles per byte processed with 128-bit key. This is ~16%
-# faster than gcc-generated code, which is not very impressive. But
-# recall that compressed S-box requires extra processing, namely
-# additional rotations. Rotations are implemented with lwl/lwr pairs,
-# which is normally used for loading unaligned data. Another cool
-# thing about this module is its endian neutrality, which means that
-# it processes data without ever changing byte order...
-
-######################################################################
-# There is a number of MIPS ABI in use, O32 and N32/64 are most
-# widely used. Then there is a new contender: NUBI. It appears that if
-# one picks the latter, it's possible to arrange code in ABI neutral
-# manner. Therefore let's stick to NUBI register layout:
-#
-($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
-($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
-($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
-($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
-#
-# The return value is placed in $a0. Following coding rules facilitate
-# interoperability:
-#
-# - never ever touch $tp, "thread pointer", former $gp;
-# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
-#   old code];
-# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
-#
-# For reference here is register layout for N32/64 MIPS ABIs:
-#
-# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
-# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
-# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
-# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
-# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
-#
-$flavour = shift; # supported flavours are o32,n32,64,nubi32,nubi64
-
-if ($flavour =~ /64|n32/i) {
-	$PTR_ADD="dadd";	# incidentally works even on n32
-	$PTR_SUB="dsub";	# incidentally works even on n32
-	$REG_S="sd";
-	$REG_L="ld";
-	$PTR_SLL="dsll";	# incidentally works even on n32
-	$SZREG=8;
-} else {
-	$PTR_ADD="add";
-	$PTR_SUB="sub";
-	$REG_S="sw";
-	$REG_L="lw";
-	$PTR_SLL="sll";
-	$SZREG=4;
-}
-$pf = ($flavour =~ /nubi/i) ? $t0 : $t2;
-#
-# <appro@openssl.org>
-#
-######################################################################
-
-$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
-
-for (@ARGV) {	$output=$_ if (/^\w[\w\-]*\.\w+$/);	}
-open STDOUT,">$output";
-
-if (!defined($big_endian))
-{    $big_endian=(unpack('L',pack('N',1))==1);   }
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-my ($MSB,$LSB)=(0,3);	# automatically converted to little-endian
-
-$code.=<<___;
-.text
-#ifdef OPENSSL_FIPSCANISTER
-# include <openssl/fipssyms.h>
-#endif
-
-#if !defined(__vxworks) || defined(__pic__)
-.option	pic2
-#endif
-.set	noat
-___
-
-{{{
-my $FRAMESIZE=16*$SZREG;
-my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc0fff008 : 0xc0ff0000;
-
-my ($inp,$out,$key,$Tbl,$s0,$s1,$s2,$s3)=($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7);
-my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2);
-my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7,$t8,$t9,$t10,$t11) = map("\$$_",(12..23));
-my ($key0,$cnt)=($gp,$fp);
-
-# instuction ordering is "stolen" from output from MIPSpro assembler
-# invoked with -mips3 -O3 arguments...
-$code.=<<___;
-.align	5
-.ent	_mips_AES_encrypt
-_mips_AES_encrypt:
-	.frame	$sp,0,$ra
-	.set	reorder
-	lw	$t0,0($key)
-	lw	$t1,4($key)
-	lw	$t2,8($key)
-	lw	$t3,12($key)
-	lw	$cnt,240($key)
-	$PTR_ADD $key0,$key,16
-
-	xor	$s0,$t0
-	xor	$s1,$t1
-	xor	$s2,$t2
-	xor	$s3,$t3
-
-	sub	$cnt,1
-	_xtr	$i0,$s1,16-2
-.Loop_enc:
-	_xtr	$i1,$s2,16-2
-	_xtr	$i2,$s3,16-2
-	_xtr	$i3,$s0,16-2
-	and	$i0,0x3fc
-	and	$i1,0x3fc
-	and	$i2,0x3fc
-	and	$i3,0x3fc
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lwl	$t0,3($i0)		# Te1[s1>>16]
-	lwl	$t1,3($i1)		# Te1[s2>>16]
-	lwl	$t2,3($i2)		# Te1[s3>>16]
-	lwl	$t3,3($i3)		# Te1[s0>>16]
-	lwr	$t0,2($i0)		# Te1[s1>>16]
-	lwr	$t1,2($i1)		# Te1[s2>>16]
-	lwr	$t2,2($i2)		# Te1[s3>>16]
-	lwr	$t3,2($i3)		# Te1[s0>>16]
-
-	_xtr	$i0,$s2,8-2
-	_xtr	$i1,$s3,8-2
-	_xtr	$i2,$s0,8-2
-	_xtr	$i3,$s1,8-2
-	and	$i0,0x3fc
-	and	$i1,0x3fc
-	and	$i2,0x3fc
-	and	$i3,0x3fc
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lwl	$t4,2($i0)		# Te2[s2>>8]
-	lwl	$t5,2($i1)		# Te2[s3>>8]
-	lwl	$t6,2($i2)		# Te2[s0>>8]
-	lwl	$t7,2($i3)		# Te2[s1>>8]
-	lwr	$t4,1($i0)		# Te2[s2>>8]
-	lwr	$t5,1($i1)		# Te2[s3>>8]
-	lwr	$t6,1($i2)		# Te2[s0>>8]
-	lwr	$t7,1($i3)		# Te2[s1>>8]
-
-	_xtr	$i0,$s3,0-2
-	_xtr	$i1,$s0,0-2
-	_xtr	$i2,$s1,0-2
-	_xtr	$i3,$s2,0-2
-	and	$i0,0x3fc
-	and	$i1,0x3fc
-	and	$i2,0x3fc
-	and	$i3,0x3fc
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lwl	$t8,1($i0)		# Te3[s3]
-	lwl	$t9,1($i1)		# Te3[s0]
-	lwl	$t10,1($i2)		# Te3[s1]
-	lwl	$t11,1($i3)		# Te3[s2]
-	lwr	$t8,0($i0)		# Te3[s3]
-	lwr	$t9,0($i1)		# Te3[s0]
-	lwr	$t10,0($i2)		# Te3[s1]
-	lwr	$t11,0($i3)		# Te3[s2]
-
-	_xtr	$i0,$s0,24-2
-	_xtr	$i1,$s1,24-2
-	_xtr	$i2,$s2,24-2
-	_xtr	$i3,$s3,24-2
-	and	$i0,0x3fc
-	and	$i1,0x3fc
-	and	$i2,0x3fc
-	and	$i3,0x3fc
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	xor	$t0,$t4
-	xor	$t1,$t5
-	xor	$t2,$t6
-	xor	$t3,$t7
-	lw	$t4,0($i0)		# Te0[s0>>24]
-	lw	$t5,0($i1)		# Te0[s1>>24]
-	lw	$t6,0($i2)		# Te0[s2>>24]
-	lw	$t7,0($i3)		# Te0[s3>>24]
-
-	lw	$s0,0($key0)
-	lw	$s1,4($key0)
-	lw	$s2,8($key0)
-	lw	$s3,12($key0)
-
-	xor	$t0,$t8
-	xor	$t1,$t9
-	xor	$t2,$t10
-	xor	$t3,$t11
-
-	xor	$t0,$t4
-	xor	$t1,$t5
-	xor	$t2,$t6
-	xor	$t3,$t7
-
-	sub	$cnt,1
-	$PTR_ADD $key0,16
-	xor	$s0,$t0
-	xor	$s1,$t1
-	xor	$s2,$t2
-	xor	$s3,$t3
-	.set	noreorder
-	bnez	$cnt,.Loop_enc
-	_xtr	$i0,$s1,16-2
-
-	.set	reorder
-	_xtr	$i1,$s2,16-2
-	_xtr	$i2,$s3,16-2
-	_xtr	$i3,$s0,16-2
-	and	$i0,0x3fc
-	and	$i1,0x3fc
-	and	$i2,0x3fc
-	and	$i3,0x3fc
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lbu	$t0,2($i0)		# Te4[s1>>16]
-	lbu	$t1,2($i1)		# Te4[s2>>16]
-	lbu	$t2,2($i2)		# Te4[s3>>16]
-	lbu	$t3,2($i3)		# Te4[s0>>16]
-
-	_xtr	$i0,$s2,8-2
-	_xtr	$i1,$s3,8-2
-	_xtr	$i2,$s0,8-2
-	_xtr	$i3,$s1,8-2
-	and	$i0,0x3fc
-	and	$i1,0x3fc
-	and	$i2,0x3fc
-	and	$i3,0x3fc
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lbu	$t4,2($i0)		# Te4[s2>>8]
-	lbu	$t5,2($i1)		# Te4[s3>>8]
-	lbu	$t6,2($i2)		# Te4[s0>>8]
-	lbu	$t7,2($i3)		# Te4[s1>>8]
-
-	_xtr	$i0,$s0,24-2
-	_xtr	$i1,$s1,24-2
-	_xtr	$i2,$s2,24-2
-	_xtr	$i3,$s3,24-2
-	and	$i0,0x3fc
-	and	$i1,0x3fc
-	and	$i2,0x3fc
-	and	$i3,0x3fc
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lbu	$t8,2($i0)		# Te4[s0>>24]
-	lbu	$t9,2($i1)		# Te4[s1>>24]
-	lbu	$t10,2($i2)		# Te4[s2>>24]
-	lbu	$t11,2($i3)		# Te4[s3>>24]
-
-	_xtr	$i0,$s3,0-2
-	_xtr	$i1,$s0,0-2
-	_xtr	$i2,$s1,0-2
-	_xtr	$i3,$s2,0-2
-	and	$i0,0x3fc
-	and	$i1,0x3fc
-	and	$i2,0x3fc
-	and	$i3,0x3fc
-
-	_ins	$t0,16
-	_ins	$t1,16
-	_ins	$t2,16
-	_ins	$t3,16
-
-	_ins	$t4,8
-	_ins	$t5,8
-	_ins	$t6,8
-	_ins	$t7,8
-
-	xor	$t0,$t4
-	xor	$t1,$t5
-	xor	$t2,$t6
-	xor	$t3,$t7
-
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lbu	$t4,2($i0)		# Te4[s3]
-	lbu	$t5,2($i1)		# Te4[s0]
-	lbu	$t6,2($i2)		# Te4[s1]
-	lbu	$t7,2($i3)		# Te4[s2]
-
-	_ins	$t8,24
-	_ins	$t9,24
-	_ins	$t10,24
-	_ins	$t11,24
-
-	lw	$s0,0($key0)
-	lw	$s1,4($key0)
-	lw	$s2,8($key0)
-	lw	$s3,12($key0)
-
-	xor	$t0,$t8
-	xor	$t1,$t9
-	xor	$t2,$t10
-	xor	$t3,$t11
-
-	_ins	$t4,0
-	_ins	$t5,0
-	_ins	$t6,0
-	_ins	$t7,0
-
-	xor	$t0,$t4
-	xor	$t1,$t5
-	xor	$t2,$t6
-	xor	$t3,$t7
-
-	xor	$s0,$t0
-	xor	$s1,$t1
-	xor	$s2,$t2
-	xor	$s3,$t3
-
-	jr	$ra
-.end	_mips_AES_encrypt
-
-.align	5
-.globl	AES_encrypt
-.ent	AES_encrypt
-AES_encrypt:
-	.frame	$sp,$FRAMESIZE,$ra
-	.mask	$SAVED_REGS_MASK,-$SZREG
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
-	.cpload	$pf
-___
-$code.=<<___;
-	$PTR_SUB $sp,$FRAMESIZE
-	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
-	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
-	$REG_S	$s11,$FRAMESIZE-3*$SZREG($sp)
-	$REG_S	$s10,$FRAMESIZE-4*$SZREG($sp)
-	$REG_S	$s9,$FRAMESIZE-5*$SZREG($sp)
-	$REG_S	$s8,$FRAMESIZE-6*$SZREG($sp)
-	$REG_S	$s7,$FRAMESIZE-7*$SZREG($sp)
-	$REG_S	$s6,$FRAMESIZE-8*$SZREG($sp)
-	$REG_S	$s5,$FRAMESIZE-9*$SZREG($sp)
-	$REG_S	$s4,$FRAMESIZE-10*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
-	$REG_S	\$15,$FRAMESIZE-11*$SZREG($sp)
-	$REG_S	\$14,$FRAMESIZE-12*$SZREG($sp)
-	$REG_S	\$13,$FRAMESIZE-13*$SZREG($sp)
-	$REG_S	\$12,$FRAMESIZE-14*$SZREG($sp)
-	$REG_S	$gp,$FRAMESIZE-15*$SZREG($sp)
-___
-$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
-	.cplocal	$Tbl
-	.cpsetup	$pf,$zero,AES_encrypt
-___
-$code.=<<___;
-	.set	reorder
-	la	$Tbl,AES_Te		# PIC-ified 'load address'
-
-	lwl	$s0,0+$MSB($inp)
-	lwl	$s1,4+$MSB($inp)
-	lwl	$s2,8+$MSB($inp)
-	lwl	$s3,12+$MSB($inp)
-	lwr	$s0,0+$LSB($inp)
-	lwr	$s1,4+$LSB($inp)
-	lwr	$s2,8+$LSB($inp)
-	lwr	$s3,12+$LSB($inp)
-
-	bal	_mips_AES_encrypt
-
-	swr	$s0,0+$LSB($out)
-	swr	$s1,4+$LSB($out)
-	swr	$s2,8+$LSB($out)
-	swr	$s3,12+$LSB($out)
-	swl	$s0,0+$MSB($out)
-	swl	$s1,4+$MSB($out)
-	swl	$s2,8+$MSB($out)
-	swl	$s3,12+$MSB($out)
-
-	.set	noreorder
-	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
-	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
-	$REG_L	$s11,$FRAMESIZE-3*$SZREG($sp)
-	$REG_L	$s10,$FRAMESIZE-4*$SZREG($sp)
-	$REG_L	$s9,$FRAMESIZE-5*$SZREG($sp)
-	$REG_L	$s8,$FRAMESIZE-6*$SZREG($sp)
-	$REG_L	$s7,$FRAMESIZE-7*$SZREG($sp)
-	$REG_L	$s6,$FRAMESIZE-8*$SZREG($sp)
-	$REG_L	$s5,$FRAMESIZE-9*$SZREG($sp)
-	$REG_L	$s4,$FRAMESIZE-10*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	\$15,$FRAMESIZE-11*$SZREG($sp)
-	$REG_L	\$14,$FRAMESIZE-12*$SZREG($sp)
-	$REG_L	\$13,$FRAMESIZE-13*$SZREG($sp)
-	$REG_L	\$12,$FRAMESIZE-14*$SZREG($sp)
-	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
-___
-$code.=<<___;
-	jr	$ra
-	$PTR_ADD $sp,$FRAMESIZE
-.end	AES_encrypt
-___
-
-$code.=<<___;
-.align	5
-.ent	_mips_AES_decrypt
-_mips_AES_decrypt:
-	.frame	$sp,0,$ra
-	.set	reorder
-	lw	$t0,0($key)
-	lw	$t1,4($key)
-	lw	$t2,8($key)
-	lw	$t3,12($key)
-	lw	$cnt,240($key)
-	$PTR_ADD $key0,$key,16
-
-	xor	$s0,$t0
-	xor	$s1,$t1
-	xor	$s2,$t2
-	xor	$s3,$t3
-
-	sub	$cnt,1
-	_xtr	$i0,$s3,16-2
-.Loop_dec:
-	_xtr	$i1,$s0,16-2
-	_xtr	$i2,$s1,16-2
-	_xtr	$i3,$s2,16-2
-	and	$i0,0x3fc
-	and	$i1,0x3fc
-	and	$i2,0x3fc
-	and	$i3,0x3fc
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lwl	$t0,3($i0)		# Td1[s3>>16]
-	lwl	$t1,3($i1)		# Td1[s0>>16]
-	lwl	$t2,3($i2)		# Td1[s1>>16]
-	lwl	$t3,3($i3)		# Td1[s2>>16]
-	lwr	$t0,2($i0)		# Td1[s3>>16]
-	lwr	$t1,2($i1)		# Td1[s0>>16]
-	lwr	$t2,2($i2)		# Td1[s1>>16]
-	lwr	$t3,2($i3)		# Td1[s2>>16]
-
-	_xtr	$i0,$s2,8-2
-	_xtr	$i1,$s3,8-2
-	_xtr	$i2,$s0,8-2
-	_xtr	$i3,$s1,8-2
-	and	$i0,0x3fc
-	and	$i1,0x3fc
-	and	$i2,0x3fc
-	and	$i3,0x3fc
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lwl	$t4,2($i0)		# Td2[s2>>8]
-	lwl	$t5,2($i1)		# Td2[s3>>8]
-	lwl	$t6,2($i2)		# Td2[s0>>8]
-	lwl	$t7,2($i3)		# Td2[s1>>8]
-	lwr	$t4,1($i0)		# Td2[s2>>8]
-	lwr	$t5,1($i1)		# Td2[s3>>8]
-	lwr	$t6,1($i2)		# Td2[s0>>8]
-	lwr	$t7,1($i3)		# Td2[s1>>8]
-
-	_xtr	$i0,$s1,0-2
-	_xtr	$i1,$s2,0-2
-	_xtr	$i2,$s3,0-2
-	_xtr	$i3,$s0,0-2
-	and	$i0,0x3fc
-	and	$i1,0x3fc
-	and	$i2,0x3fc
-	and	$i3,0x3fc
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lwl	$t8,1($i0)		# Td3[s1]
-	lwl	$t9,1($i1)		# Td3[s2]
-	lwl	$t10,1($i2)		# Td3[s3]
-	lwl	$t11,1($i3)		# Td3[s0]
-	lwr	$t8,0($i0)		# Td3[s1]
-	lwr	$t9,0($i1)		# Td3[s2]
-	lwr	$t10,0($i2)		# Td3[s3]
-	lwr	$t11,0($i3)		# Td3[s0]
-
-	_xtr	$i0,$s0,24-2
-	_xtr	$i1,$s1,24-2
-	_xtr	$i2,$s2,24-2
-	_xtr	$i3,$s3,24-2
-	and	$i0,0x3fc
-	and	$i1,0x3fc
-	and	$i2,0x3fc
-	and	$i3,0x3fc
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-
-	xor	$t0,$t4
-	xor	$t1,$t5
-	xor	$t2,$t6
-	xor	$t3,$t7
-
-
-	lw	$t4,0($i0)		# Td0[s0>>24]
-	lw	$t5,0($i1)		# Td0[s1>>24]
-	lw	$t6,0($i2)		# Td0[s2>>24]
-	lw	$t7,0($i3)		# Td0[s3>>24]
-
-	lw	$s0,0($key0)
-	lw	$s1,4($key0)
-	lw	$s2,8($key0)
-	lw	$s3,12($key0)
-
-	xor	$t0,$t8
-	xor	$t1,$t9
-	xor	$t2,$t10
-	xor	$t3,$t11
-
-	xor	$t0,$t4
-	xor	$t1,$t5
-	xor	$t2,$t6
-	xor	$t3,$t7
-
-	sub	$cnt,1
-	$PTR_ADD $key0,16
-	xor	$s0,$t0
-	xor	$s1,$t1
-	xor	$s2,$t2
-	xor	$s3,$t3
-	.set	noreorder
-	bnez	$cnt,.Loop_dec
-	_xtr	$i0,$s3,16-2
-
-	.set	reorder
-	lw	$t4,1024($Tbl)		# prefetch Td4
-	lw	$t5,1024+32($Tbl)
-	lw	$t6,1024+64($Tbl)
-	lw	$t7,1024+96($Tbl)
-	lw	$t8,1024+128($Tbl)
-	lw	$t9,1024+160($Tbl)
-	lw	$t10,1024+192($Tbl)
-	lw	$t11,1024+224($Tbl)
-
-	_xtr	$i0,$s3,16
-	_xtr	$i1,$s0,16
-	_xtr	$i2,$s1,16
-	_xtr	$i3,$s2,16
-	and	$i0,0xff
-	and	$i1,0xff
-	and	$i2,0xff
-	and	$i3,0xff
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lbu	$t0,1024($i0)		# Td4[s3>>16]
-	lbu	$t1,1024($i1)		# Td4[s0>>16]
-	lbu	$t2,1024($i2)		# Td4[s1>>16]
-	lbu	$t3,1024($i3)		# Td4[s2>>16]
-
-	_xtr	$i0,$s2,8
-	_xtr	$i1,$s3,8
-	_xtr	$i2,$s0,8
-	_xtr	$i3,$s1,8
-	and	$i0,0xff
-	and	$i1,0xff
-	and	$i2,0xff
-	and	$i3,0xff
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lbu	$t4,1024($i0)		# Td4[s2>>8]
-	lbu	$t5,1024($i1)		# Td4[s3>>8]
-	lbu	$t6,1024($i2)		# Td4[s0>>8]
-	lbu	$t7,1024($i3)		# Td4[s1>>8]
-
-	_xtr	$i0,$s0,24
-	_xtr	$i1,$s1,24
-	_xtr	$i2,$s2,24
-	_xtr	$i3,$s3,24
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lbu	$t8,1024($i0)		# Td4[s0>>24]
-	lbu	$t9,1024($i1)		# Td4[s1>>24]
-	lbu	$t10,1024($i2)		# Td4[s2>>24]
-	lbu	$t11,1024($i3)		# Td4[s3>>24]
-
-	_xtr	$i0,$s1,0
-	_xtr	$i1,$s2,0
-	_xtr	$i2,$s3,0
-	_xtr	$i3,$s0,0
-
-	_ins	$t0,16
-	_ins	$t1,16
-	_ins	$t2,16
-	_ins	$t3,16
-
-	_ins	$t4,8
-	_ins	$t5,8
-	_ins	$t6,8
-	_ins	$t7,8
-
-	xor	$t0,$t4
-	xor	$t1,$t5
-	xor	$t2,$t6
-	xor	$t3,$t7
-
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lbu	$t4,1024($i0)		# Td4[s1]
-	lbu	$t5,1024($i1)		# Td4[s2]
-	lbu	$t6,1024($i2)		# Td4[s3]
-	lbu	$t7,1024($i3)		# Td4[s0]
-
-	_ins	$t8,24
-	_ins	$t9,24
-	_ins	$t10,24
-	_ins	$t11,24
-
-	lw	$s0,0($key0)
-	lw	$s1,4($key0)
-	lw	$s2,8($key0)
-	lw	$s3,12($key0)
-
-	_ins	$t4,0
-	_ins	$t5,0
-	_ins	$t6,0
-	_ins	$t7,0
-
-
-	xor	$t0,$t8
-	xor	$t1,$t9
-	xor	$t2,$t10
-	xor	$t3,$t11
-
-	xor	$t0,$t4
-	xor	$t1,$t5
-	xor	$t2,$t6
-	xor	$t3,$t7
-
-	xor	$s0,$t0
-	xor	$s1,$t1
-	xor	$s2,$t2
-	xor	$s3,$t3
-
-	jr	$ra
-.end	_mips_AES_decrypt
-
-.align	5
-.globl	AES_decrypt
-.ent	AES_decrypt
-AES_decrypt:
-	.frame	$sp,$FRAMESIZE,$ra
-	.mask	$SAVED_REGS_MASK,-$SZREG
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
-	.cpload	$pf
-___
-$code.=<<___;
-	$PTR_SUB $sp,$FRAMESIZE
-	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
-	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
-	$REG_S	$s11,$FRAMESIZE-3*$SZREG($sp)
-	$REG_S	$s10,$FRAMESIZE-4*$SZREG($sp)
-	$REG_S	$s9,$FRAMESIZE-5*$SZREG($sp)
-	$REG_S	$s8,$FRAMESIZE-6*$SZREG($sp)
-	$REG_S	$s7,$FRAMESIZE-7*$SZREG($sp)
-	$REG_S	$s6,$FRAMESIZE-8*$SZREG($sp)
-	$REG_S	$s5,$FRAMESIZE-9*$SZREG($sp)
-	$REG_S	$s4,$FRAMESIZE-10*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
-	$REG_S	\$15,$FRAMESIZE-11*$SZREG($sp)
-	$REG_S	\$14,$FRAMESIZE-12*$SZREG($sp)
-	$REG_S	\$13,$FRAMESIZE-13*$SZREG($sp)
-	$REG_S	\$12,$FRAMESIZE-14*$SZREG($sp)
-	$REG_S	$gp,$FRAMESIZE-15*$SZREG($sp)
-___
-$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
-	.cplocal	$Tbl
-	.cpsetup	$pf,$zero,AES_decrypt
-___
-$code.=<<___;
-	.set	reorder
-	la	$Tbl,AES_Td		# PIC-ified 'load address'
-
-	lwl	$s0,0+$MSB($inp)
-	lwl	$s1,4+$MSB($inp)
-	lwl	$s2,8+$MSB($inp)
-	lwl	$s3,12+$MSB($inp)
-	lwr	$s0,0+$LSB($inp)
-	lwr	$s1,4+$LSB($inp)
-	lwr	$s2,8+$LSB($inp)
-	lwr	$s3,12+$LSB($inp)
-
-	bal	_mips_AES_decrypt
-
-	swr	$s0,0+$LSB($out)
-	swr	$s1,4+$LSB($out)
-	swr	$s2,8+$LSB($out)
-	swr	$s3,12+$LSB($out)
-	swl	$s0,0+$MSB($out)
-	swl	$s1,4+$MSB($out)
-	swl	$s2,8+$MSB($out)
-	swl	$s3,12+$MSB($out)
-
-	.set	noreorder
-	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
-	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
-	$REG_L	$s11,$FRAMESIZE-3*$SZREG($sp)
-	$REG_L	$s10,$FRAMESIZE-4*$SZREG($sp)
-	$REG_L	$s9,$FRAMESIZE-5*$SZREG($sp)
-	$REG_L	$s8,$FRAMESIZE-6*$SZREG($sp)
-	$REG_L	$s7,$FRAMESIZE-7*$SZREG($sp)
-	$REG_L	$s6,$FRAMESIZE-8*$SZREG($sp)
-	$REG_L	$s5,$FRAMESIZE-9*$SZREG($sp)
-	$REG_L	$s4,$FRAMESIZE-10*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	\$15,$FRAMESIZE-11*$SZREG($sp)
-	$REG_L	\$14,$FRAMESIZE-12*$SZREG($sp)
-	$REG_L	\$13,$FRAMESIZE-13*$SZREG($sp)
-	$REG_L	\$12,$FRAMESIZE-14*$SZREG($sp)
-	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
-___
-$code.=<<___;
-	jr	$ra
-	$PTR_ADD $sp,$FRAMESIZE
-.end	AES_decrypt
-___
-}}}
-
-{{{
-my $FRAMESIZE=8*$SZREG;
-my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc000f008 : 0xc0000000;
-
-my ($inp,$bits,$key,$Tbl)=($a0,$a1,$a2,$a3);
-my ($rk0,$rk1,$rk2,$rk3,$rk4,$rk5,$rk6,$rk7)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3);
-my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2);
-my ($rcon,$cnt)=($gp,$fp);
-
-$code.=<<___;
-.align	5
-.ent	_mips_AES_set_encrypt_key
-_mips_AES_set_encrypt_key:
-	.frame	$sp,0,$ra
-	.set	noreorder
-	beqz	$inp,.Lekey_done
-	li	$t0,-1
-	beqz	$key,.Lekey_done
-	$PTR_ADD $rcon,$Tbl,1024+256
-
-	.set	reorder
-	lwl	$rk0,0+$MSB($inp)	# load 128 bits
-	lwl	$rk1,4+$MSB($inp)
-	lwl	$rk2,8+$MSB($inp)
-	lwl	$rk3,12+$MSB($inp)
-	li	$at,128
-	lwr	$rk0,0+$LSB($inp)
-	lwr	$rk1,4+$LSB($inp)
-	lwr	$rk2,8+$LSB($inp)
-	lwr	$rk3,12+$LSB($inp)
-	.set	noreorder
-	beq	$bits,$at,.L128bits
-	li	$cnt,10
-
-	.set	reorder
-	lwl	$rk4,16+$MSB($inp)	# load 192 bits
-	lwl	$rk5,20+$MSB($inp)
-	li	$at,192
-	lwr	$rk4,16+$LSB($inp)
-	lwr	$rk5,20+$LSB($inp)
-	.set	noreorder
-	beq	$bits,$at,.L192bits
-	li	$cnt,8
-
-	.set	reorder
-	lwl	$rk6,24+$MSB($inp)	# load 256 bits
-	lwl	$rk7,28+$MSB($inp)
-	li	$at,256
-	lwr	$rk6,24+$LSB($inp)
-	lwr	$rk7,28+$LSB($inp)
-	.set	noreorder
-	beq	$bits,$at,.L256bits
-	li	$cnt,7
-
-	b	.Lekey_done
-	li	$t0,-2
-
-.align	4
-.L128bits:
-	.set	reorder
-	srl	$i0,$rk3,16
-	srl	$i1,$rk3,8
-	and	$i0,0xff
-	and	$i1,0xff
-	and	$i2,$rk3,0xff
-	srl	$i3,$rk3,24
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lbu	$i0,1024($i0)
-	lbu	$i1,1024($i1)
-	lbu	$i2,1024($i2)
-	lbu	$i3,1024($i3)
-
-	sw	$rk0,0($key)
-	sw	$rk1,4($key)
-	sw	$rk2,8($key)
-	sw	$rk3,12($key)
-	sub	$cnt,1
-	$PTR_ADD $key,16
-
-	_bias	$i0,24
-	_bias	$i1,16
-	_bias	$i2,8
-	_bias	$i3,0
-
-	xor	$rk0,$i0
-	lw	$i0,0($rcon)
-	xor	$rk0,$i1
-	xor	$rk0,$i2
-	xor	$rk0,$i3
-	xor	$rk0,$i0
-
-	xor	$rk1,$rk0
-	xor	$rk2,$rk1
-	xor	$rk3,$rk2
-
-	.set	noreorder
-	bnez	$cnt,.L128bits
-	$PTR_ADD $rcon,4
-
-	sw	$rk0,0($key)
-	sw	$rk1,4($key)
-	sw	$rk2,8($key)
-	li	$cnt,10
-	sw	$rk3,12($key)
-	li	$t0,0
-	sw	$cnt,80($key)
-	b	.Lekey_done
-	$PTR_SUB $key,10*16
-
-.align	4
-.L192bits:
-	.set	reorder
-	srl	$i0,$rk5,16
-	srl	$i1,$rk5,8
-	and	$i0,0xff
-	and	$i1,0xff
-	and	$i2,$rk5,0xff
-	srl	$i3,$rk5,24
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lbu	$i0,1024($i0)
-	lbu	$i1,1024($i1)
-	lbu	$i2,1024($i2)
-	lbu	$i3,1024($i3)
-
-	sw	$rk0,0($key)
-	sw	$rk1,4($key)
-	sw	$rk2,8($key)
-	sw	$rk3,12($key)
-	sw	$rk4,16($key)
-	sw	$rk5,20($key)
-	sub	$cnt,1
-	$PTR_ADD $key,24
-
-	_bias	$i0,24
-	_bias	$i1,16
-	_bias	$i2,8
-	_bias	$i3,0
-
-	xor	$rk0,$i0
-	lw	$i0,0($rcon)
-	xor	$rk0,$i1
-	xor	$rk0,$i2
-	xor	$rk0,$i3
-	xor	$rk0,$i0
-
-	xor	$rk1,$rk0
-	xor	$rk2,$rk1
-	xor	$rk3,$rk2
-	xor	$rk4,$rk3
-	xor	$rk5,$rk4
-
-	.set	noreorder
-	bnez	$cnt,.L192bits
-	$PTR_ADD $rcon,4
-
-	sw	$rk0,0($key)
-	sw	$rk1,4($key)
-	sw	$rk2,8($key)
-	li	$cnt,12
-	sw	$rk3,12($key)
-	li	$t0,0
-	sw	$cnt,48($key)
-	b	.Lekey_done
-	$PTR_SUB $key,12*16
-
-.align	4
-.L256bits:
-	.set	reorder
-	srl	$i0,$rk7,16
-	srl	$i1,$rk7,8
-	and	$i0,0xff
-	and	$i1,0xff
-	and	$i2,$rk7,0xff
-	srl	$i3,$rk7,24
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lbu	$i0,1024($i0)
-	lbu	$i1,1024($i1)
-	lbu	$i2,1024($i2)
-	lbu	$i3,1024($i3)
-
-	sw	$rk0,0($key)
-	sw	$rk1,4($key)
-	sw	$rk2,8($key)
-	sw	$rk3,12($key)
-	sw	$rk4,16($key)
-	sw	$rk5,20($key)
-	sw	$rk6,24($key)
-	sw	$rk7,28($key)
-	sub	$cnt,1
-
-	_bias	$i0,24
-	_bias	$i1,16
-	_bias	$i2,8
-	_bias	$i3,0
-
-	xor	$rk0,$i0
-	lw	$i0,0($rcon)
-	xor	$rk0,$i1
-	xor	$rk0,$i2
-	xor	$rk0,$i3
-	xor	$rk0,$i0
-
-	xor	$rk1,$rk0
-	xor	$rk2,$rk1
-	xor	$rk3,$rk2
-	beqz	$cnt,.L256bits_done
-
-	srl	$i0,$rk3,24
-	srl	$i1,$rk3,16
-	srl	$i2,$rk3,8
-	and	$i3,$rk3,0xff
-	and	$i1,0xff
-	and	$i2,0xff
-	$PTR_ADD $i0,$Tbl
-	$PTR_ADD $i1,$Tbl
-	$PTR_ADD $i2,$Tbl
-	$PTR_ADD $i3,$Tbl
-	lbu	$i0,1024($i0)
-	lbu	$i1,1024($i1)
-	lbu	$i2,1024($i2)
-	lbu	$i3,1024($i3)
-	sll	$i0,24
-	sll	$i1,16
-	sll	$i2,8
-
-	xor	$rk4,$i0
-	xor	$rk4,$i1
-	xor	$rk4,$i2
-	xor	$rk4,$i3
-
-	xor	$rk5,$rk4
-	xor	$rk6,$rk5
-	xor	$rk7,$rk6
-
-	$PTR_ADD $key,32
-	.set	noreorder
-	b	.L256bits
-	$PTR_ADD $rcon,4
-
-.L256bits_done:
-	sw	$rk0,32($key)
-	sw	$rk1,36($key)
-	sw	$rk2,40($key)
-	li	$cnt,14
-	sw	$rk3,44($key)
-	li	$t0,0
-	sw	$cnt,48($key)
-	$PTR_SUB $key,12*16
-
-.Lekey_done:
-	jr	$ra
-	nop
-.end	_mips_AES_set_encrypt_key
-
-.globl	private_AES_set_encrypt_key
-.ent	private_AES_set_encrypt_key
-private_AES_set_encrypt_key:
-	.frame	$sp,$FRAMESIZE,$ra
-	.mask	$SAVED_REGS_MASK,-$SZREG
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
-	.cpload	$pf
-___
-$code.=<<___;
-	$PTR_SUB $sp,$FRAMESIZE
-	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
-	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
-	$REG_S	$s3,$FRAMESIZE-3*$SZREG($sp)
-	$REG_S	$s2,$FRAMESIZE-4*$SZREG($sp)
-	$REG_S	$s1,$FRAMESIZE-5*$SZREG($sp)
-	$REG_S	$s0,$FRAMESIZE-6*$SZREG($sp)
-	$REG_S	$gp,$FRAMESIZE-7*$SZREG($sp)
-___
-$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
-	.cplocal	$Tbl
-	.cpsetup	$pf,$zero,private_AES_set_encrypt_key
-___
-$code.=<<___;
-	.set	reorder
-	la	$Tbl,AES_Te		# PIC-ified 'load address'
-
-	bal	_mips_AES_set_encrypt_key
-
-	.set	noreorder
-	move	$a0,$t0
-	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
-	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$s3,$FRAMESIZE-11*$SZREG($sp)
-	$REG_L	$s2,$FRAMESIZE-12*$SZREG($sp)
-	$REG_L	$s1,$FRAMESIZE-13*$SZREG($sp)
-	$REG_L	$s0,$FRAMESIZE-14*$SZREG($sp)
-	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
-___
-$code.=<<___;
-	jr	$ra
-	$PTR_ADD $sp,$FRAMESIZE
-.end	private_AES_set_encrypt_key
-___
-
-my ($head,$tail)=($inp,$bits);
-my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3);
-my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2);
-$code.=<<___;
-.align	5
-.globl	private_AES_set_decrypt_key
-.ent	private_AES_set_decrypt_key
-private_AES_set_decrypt_key:
-	.frame	$sp,$FRAMESIZE,$ra
-	.mask	$SAVED_REGS_MASK,-$SZREG
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
-	.cpload	$pf
-___
-$code.=<<___;
-	$PTR_SUB $sp,$FRAMESIZE
-	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
-	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
-	$REG_S	$s3,$FRAMESIZE-3*$SZREG($sp)
-	$REG_S	$s2,$FRAMESIZE-4*$SZREG($sp)
-	$REG_S	$s1,$FRAMESIZE-5*$SZREG($sp)
-	$REG_S	$s0,$FRAMESIZE-6*$SZREG($sp)
-	$REG_S	$gp,$FRAMESIZE-7*$SZREG($sp)
-___
-$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
-	.cplocal	$Tbl
-	.cpsetup	$pf,$zero,private_AES_set_decrypt_key
-___
-$code.=<<___;
-	.set	reorder
-	la	$Tbl,AES_Te		# PIC-ified 'load address'
-
-	bal	_mips_AES_set_encrypt_key
-
-	bltz	$t0,.Ldkey_done
-
-	sll	$at,$cnt,4
-	$PTR_ADD $head,$key,0
-	$PTR_ADD $tail,$key,$at
-.align	4
-.Lswap:
-	lw	$rk0,0($head)
-	lw	$rk1,4($head)
-	lw	$rk2,8($head)
-	lw	$rk3,12($head)
-	lw	$rk4,0($tail)
-	lw	$rk5,4($tail)
-	lw	$rk6,8($tail)
-	lw	$rk7,12($tail)
-	sw	$rk0,0($tail)
-	sw	$rk1,4($tail)
-	sw	$rk2,8($tail)
-	sw	$rk3,12($tail)
-	$PTR_ADD $head,16
-	$PTR_SUB $tail,16
-	sw	$rk4,-16($head)
-	sw	$rk5,-12($head)
-	sw	$rk6,-8($head)
-	sw	$rk7,-4($head)
-	bne	$head,$tail,.Lswap
-
-	lw	$tp1,16($key)		# modulo-scheduled
-	lui	$x80808080,0x8080
-	sub	$cnt,1
-	or	$x80808080,0x8080
-	sll	$cnt,2
-	$PTR_ADD $key,16
-	lui	$x1b1b1b1b,0x1b1b
-	nor	$x7f7f7f7f,$zero,$x80808080
-	or	$x1b1b1b1b,0x1b1b
-.align	4
-.Lmix:
-	and	$m,$tp1,$x80808080
-	and	$tp2,$tp1,$x7f7f7f7f
-	srl	$tp4,$m,7
-	addu	$tp2,$tp2		# tp2<<1
-	subu	$m,$tp4
-	and	$m,$x1b1b1b1b
-	xor	$tp2,$m
-
-	and	$m,$tp2,$x80808080
-	and	$tp4,$tp2,$x7f7f7f7f
-	srl	$tp8,$m,7
-	addu	$tp4,$tp4		# tp4<<1
-	subu	$m,$tp8
-	and	$m,$x1b1b1b1b
-	xor	$tp4,$m
-
-	and	$m,$tp4,$x80808080
-	and	$tp8,$tp4,$x7f7f7f7f
-	srl	$tp9,$m,7
-	addu	$tp8,$tp8		# tp8<<1
-	subu	$m,$tp9
-	and	$m,$x1b1b1b1b
-	xor	$tp8,$m
-
-	xor	$tp9,$tp8,$tp1
-	xor	$tpe,$tp8,$tp4
-	xor	$tpb,$tp9,$tp2
-	xor	$tpd,$tp9,$tp4
-
-	_ror	$tp1,$tpd,16
-	 xor	$tpe,$tp2
-	_ror	$tp2,$tpd,-16
-	xor	$tpe,$tp1
-	_ror	$tp1,$tp9,8
-	xor	$tpe,$tp2
-	_ror	$tp2,$tp9,-24
-	xor	$tpe,$tp1
-	_ror	$tp1,$tpb,24
-	xor	$tpe,$tp2
-	_ror	$tp2,$tpb,-8
-	xor	$tpe,$tp1
-	lw	$tp1,4($key)		# modulo-scheduled
-	xor	$tpe,$tp2
-	sub	$cnt,1
-	sw	$tpe,0($key)
-	$PTR_ADD $key,4
-	bnez	$cnt,.Lmix
-
-	li	$t0,0
-.Ldkey_done:
-	.set	noreorder
-	move	$a0,$t0
-	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
-	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$s3,$FRAMESIZE-11*$SZREG($sp)
-	$REG_L	$s2,$FRAMESIZE-12*$SZREG($sp)
-	$REG_L	$s1,$FRAMESIZE-13*$SZREG($sp)
-	$REG_L	$s0,$FRAMESIZE-14*$SZREG($sp)
-	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
-___
-$code.=<<___;
-	jr	$ra
-	$PTR_ADD $sp,$FRAMESIZE
-.end	private_AES_set_decrypt_key
-___
-}}}
-
-######################################################################
-# Tables are kept in endian-neutral manner
-$code.=<<___;
-.rdata
-.align	6
-AES_Te:
-.byte	0xc6,0x63,0x63,0xa5,	0xf8,0x7c,0x7c,0x84	# Te0
-.byte	0xee,0x77,0x77,0x99,	0xf6,0x7b,0x7b,0x8d
-.byte	0xff,0xf2,0xf2,0x0d,	0xd6,0x6b,0x6b,0xbd
-.byte	0xde,0x6f,0x6f,0xb1,	0x91,0xc5,0xc5,0x54
-.byte	0x60,0x30,0x30,0x50,	0x02,0x01,0x01,0x03
-.byte	0xce,0x67,0x67,0xa9,	0x56,0x2b,0x2b,0x7d
-.byte	0xe7,0xfe,0xfe,0x19,	0xb5,0xd7,0xd7,0x62
-.byte	0x4d,0xab,0xab,0xe6,	0xec,0x76,0x76,0x9a
-.byte	0x8f,0xca,0xca,0x45,	0x1f,0x82,0x82,0x9d
-.byte	0x89,0xc9,0xc9,0x40,	0xfa,0x7d,0x7d,0x87
-.byte	0xef,0xfa,0xfa,0x15,	0xb2,0x59,0x59,0xeb
-.byte	0x8e,0x47,0x47,0xc9,	0xfb,0xf0,0xf0,0x0b
-.byte	0x41,0xad,0xad,0xec,	0xb3,0xd4,0xd4,0x67
-.byte	0x5f,0xa2,0xa2,0xfd,	0x45,0xaf,0xaf,0xea
-.byte	0x23,0x9c,0x9c,0xbf,	0x53,0xa4,0xa4,0xf7
-.byte	0xe4,0x72,0x72,0x96,	0x9b,0xc0,0xc0,0x5b
-.byte	0x75,0xb7,0xb7,0xc2,	0xe1,0xfd,0xfd,0x1c
-.byte	0x3d,0x93,0x93,0xae,	0x4c,0x26,0x26,0x6a
-.byte	0x6c,0x36,0x36,0x5a,	0x7e,0x3f,0x3f,0x41
-.byte	0xf5,0xf7,0xf7,0x02,	0x83,0xcc,0xcc,0x4f
-.byte	0x68,0x34,0x34,0x5c,	0x51,0xa5,0xa5,0xf4
-.byte	0xd1,0xe5,0xe5,0x34,	0xf9,0xf1,0xf1,0x08
-.byte	0xe2,0x71,0x71,0x93,	0xab,0xd8,0xd8,0x73
-.byte	0x62,0x31,0x31,0x53,	0x2a,0x15,0x15,0x3f
-.byte	0x08,0x04,0x04,0x0c,	0x95,0xc7,0xc7,0x52
-.byte	0x46,0x23,0x23,0x65,	0x9d,0xc3,0xc3,0x5e
-.byte	0x30,0x18,0x18,0x28,	0x37,0x96,0x96,0xa1
-.byte	0x0a,0x05,0x05,0x0f,	0x2f,0x9a,0x9a,0xb5
-.byte	0x0e,0x07,0x07,0x09,	0x24,0x12,0x12,0x36
-.byte	0x1b,0x80,0x80,0x9b,	0xdf,0xe2,0xe2,0x3d
-.byte	0xcd,0xeb,0xeb,0x26,	0x4e,0x27,0x27,0x69
-.byte	0x7f,0xb2,0xb2,0xcd,	0xea,0x75,0x75,0x9f
-.byte	0x12,0x09,0x09,0x1b,	0x1d,0x83,0x83,0x9e
-.byte	0x58,0x2c,0x2c,0x74,	0x34,0x1a,0x1a,0x2e
-.byte	0x36,0x1b,0x1b,0x2d,	0xdc,0x6e,0x6e,0xb2
-.byte	0xb4,0x5a,0x5a,0xee,	0x5b,0xa0,0xa0,0xfb
-.byte	0xa4,0x52,0x52,0xf6,	0x76,0x3b,0x3b,0x4d
-.byte	0xb7,0xd6,0xd6,0x61,	0x7d,0xb3,0xb3,0xce
-.byte	0x52,0x29,0x29,0x7b,	0xdd,0xe3,0xe3,0x3e
-.byte	0x5e,0x2f,0x2f,0x71,	0x13,0x84,0x84,0x97
-.byte	0xa6,0x53,0x53,0xf5,	0xb9,0xd1,0xd1,0x68
-.byte	0x00,0x00,0x00,0x00,	0xc1,0xed,0xed,0x2c
-.byte	0x40,0x20,0x20,0x60,	0xe3,0xfc,0xfc,0x1f
-.byte	0x79,0xb1,0xb1,0xc8,	0xb6,0x5b,0x5b,0xed
-.byte	0xd4,0x6a,0x6a,0xbe,	0x8d,0xcb,0xcb,0x46
-.byte	0x67,0xbe,0xbe,0xd9,	0x72,0x39,0x39,0x4b
-.byte	0x94,0x4a,0x4a,0xde,	0x98,0x4c,0x4c,0xd4
-.byte	0xb0,0x58,0x58,0xe8,	0x85,0xcf,0xcf,0x4a
-.byte	0xbb,0xd0,0xd0,0x6b,	0xc5,0xef,0xef,0x2a
-.byte	0x4f,0xaa,0xaa,0xe5,	0xed,0xfb,0xfb,0x16
-.byte	0x86,0x43,0x43,0xc5,	0x9a,0x4d,0x4d,0xd7
-.byte	0x66,0x33,0x33,0x55,	0x11,0x85,0x85,0x94
-.byte	0x8a,0x45,0x45,0xcf,	0xe9,0xf9,0xf9,0x10
-.byte	0x04,0x02,0x02,0x06,	0xfe,0x7f,0x7f,0x81
-.byte	0xa0,0x50,0x50,0xf0,	0x78,0x3c,0x3c,0x44
-.byte	0x25,0x9f,0x9f,0xba,	0x4b,0xa8,0xa8,0xe3
-.byte	0xa2,0x51,0x51,0xf3,	0x5d,0xa3,0xa3,0xfe
-.byte	0x80,0x40,0x40,0xc0,	0x05,0x8f,0x8f,0x8a
-.byte	0x3f,0x92,0x92,0xad,	0x21,0x9d,0x9d,0xbc
-.byte	0x70,0x38,0x38,0x48,	0xf1,0xf5,0xf5,0x04
-.byte	0x63,0xbc,0xbc,0xdf,	0x77,0xb6,0xb6,0xc1
-.byte	0xaf,0xda,0xda,0x75,	0x42,0x21,0x21,0x63
-.byte	0x20,0x10,0x10,0x30,	0xe5,0xff,0xff,0x1a
-.byte	0xfd,0xf3,0xf3,0x0e,	0xbf,0xd2,0xd2,0x6d
-.byte	0x81,0xcd,0xcd,0x4c,	0x18,0x0c,0x0c,0x14
-.byte	0x26,0x13,0x13,0x35,	0xc3,0xec,0xec,0x2f
-.byte	0xbe,0x5f,0x5f,0xe1,	0x35,0x97,0x97,0xa2
-.byte	0x88,0x44,0x44,0xcc,	0x2e,0x17,0x17,0x39
-.byte	0x93,0xc4,0xc4,0x57,	0x55,0xa7,0xa7,0xf2
-.byte	0xfc,0x7e,0x7e,0x82,	0x7a,0x3d,0x3d,0x47
-.byte	0xc8,0x64,0x64,0xac,	0xba,0x5d,0x5d,0xe7
-.byte	0x32,0x19,0x19,0x2b,	0xe6,0x73,0x73,0x95
-.byte	0xc0,0x60,0x60,0xa0,	0x19,0x81,0x81,0x98
-.byte	0x9e,0x4f,0x4f,0xd1,	0xa3,0xdc,0xdc,0x7f
-.byte	0x44,0x22,0x22,0x66,	0x54,0x2a,0x2a,0x7e
-.byte	0x3b,0x90,0x90,0xab,	0x0b,0x88,0x88,0x83
-.byte	0x8c,0x46,0x46,0xca,	0xc7,0xee,0xee,0x29
-.byte	0x6b,0xb8,0xb8,0xd3,	0x28,0x14,0x14,0x3c
-.byte	0xa7,0xde,0xde,0x79,	0xbc,0x5e,0x5e,0xe2
-.byte	0x16,0x0b,0x0b,0x1d,	0xad,0xdb,0xdb,0x76
-.byte	0xdb,0xe0,0xe0,0x3b,	0x64,0x32,0x32,0x56
-.byte	0x74,0x3a,0x3a,0x4e,	0x14,0x0a,0x0a,0x1e
-.byte	0x92,0x49,0x49,0xdb,	0x0c,0x06,0x06,0x0a
-.byte	0x48,0x24,0x24,0x6c,	0xb8,0x5c,0x5c,0xe4
-.byte	0x9f,0xc2,0xc2,0x5d,	0xbd,0xd3,0xd3,0x6e
-.byte	0x43,0xac,0xac,0xef,	0xc4,0x62,0x62,0xa6
-.byte	0x39,0x91,0x91,0xa8,	0x31,0x95,0x95,0xa4
-.byte	0xd3,0xe4,0xe4,0x37,	0xf2,0x79,0x79,0x8b
-.byte	0xd5,0xe7,0xe7,0x32,	0x8b,0xc8,0xc8,0x43
-.byte	0x6e,0x37,0x37,0x59,	0xda,0x6d,0x6d,0xb7
-.byte	0x01,0x8d,0x8d,0x8c,	0xb1,0xd5,0xd5,0x64
-.byte	0x9c,0x4e,0x4e,0xd2,	0x49,0xa9,0xa9,0xe0
-.byte	0xd8,0x6c,0x6c,0xb4,	0xac,0x56,0x56,0xfa
-.byte	0xf3,0xf4,0xf4,0x07,	0xcf,0xea,0xea,0x25
-.byte	0xca,0x65,0x65,0xaf,	0xf4,0x7a,0x7a,0x8e
-.byte	0x47,0xae,0xae,0xe9,	0x10,0x08,0x08,0x18
-.byte	0x6f,0xba,0xba,0xd5,	0xf0,0x78,0x78,0x88
-.byte	0x4a,0x25,0x25,0x6f,	0x5c,0x2e,0x2e,0x72
-.byte	0x38,0x1c,0x1c,0x24,	0x57,0xa6,0xa6,0xf1
-.byte	0x73,0xb4,0xb4,0xc7,	0x97,0xc6,0xc6,0x51
-.byte	0xcb,0xe8,0xe8,0x23,	0xa1,0xdd,0xdd,0x7c
-.byte	0xe8,0x74,0x74,0x9c,	0x3e,0x1f,0x1f,0x21
-.byte	0x96,0x4b,0x4b,0xdd,	0x61,0xbd,0xbd,0xdc
-.byte	0x0d,0x8b,0x8b,0x86,	0x0f,0x8a,0x8a,0x85
-.byte	0xe0,0x70,0x70,0x90,	0x7c,0x3e,0x3e,0x42
-.byte	0x71,0xb5,0xb5,0xc4,	0xcc,0x66,0x66,0xaa
-.byte	0x90,0x48,0x48,0xd8,	0x06,0x03,0x03,0x05
-.byte	0xf7,0xf6,0xf6,0x01,	0x1c,0x0e,0x0e,0x12
-.byte	0xc2,0x61,0x61,0xa3,	0x6a,0x35,0x35,0x5f
-.byte	0xae,0x57,0x57,0xf9,	0x69,0xb9,0xb9,0xd0
-.byte	0x17,0x86,0x86,0x91,	0x99,0xc1,0xc1,0x58
-.byte	0x3a,0x1d,0x1d,0x27,	0x27,0x9e,0x9e,0xb9
-.byte	0xd9,0xe1,0xe1,0x38,	0xeb,0xf8,0xf8,0x13
-.byte	0x2b,0x98,0x98,0xb3,	0x22,0x11,0x11,0x33
-.byte	0xd2,0x69,0x69,0xbb,	0xa9,0xd9,0xd9,0x70
-.byte	0x07,0x8e,0x8e,0x89,	0x33,0x94,0x94,0xa7
-.byte	0x2d,0x9b,0x9b,0xb6,	0x3c,0x1e,0x1e,0x22
-.byte	0x15,0x87,0x87,0x92,	0xc9,0xe9,0xe9,0x20
-.byte	0x87,0xce,0xce,0x49,	0xaa,0x55,0x55,0xff
-.byte	0x50,0x28,0x28,0x78,	0xa5,0xdf,0xdf,0x7a
-.byte	0x03,0x8c,0x8c,0x8f,	0x59,0xa1,0xa1,0xf8
-.byte	0x09,0x89,0x89,0x80,	0x1a,0x0d,0x0d,0x17
-.byte	0x65,0xbf,0xbf,0xda,	0xd7,0xe6,0xe6,0x31
-.byte	0x84,0x42,0x42,0xc6,	0xd0,0x68,0x68,0xb8
-.byte	0x82,0x41,0x41,0xc3,	0x29,0x99,0x99,0xb0
-.byte	0x5a,0x2d,0x2d,0x77,	0x1e,0x0f,0x0f,0x11
-.byte	0x7b,0xb0,0xb0,0xcb,	0xa8,0x54,0x54,0xfc
-.byte	0x6d,0xbb,0xbb,0xd6,	0x2c,0x16,0x16,0x3a
-
-.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5	# Te4
-.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
-.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
-.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
-.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
-.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
-.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
-.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
-.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
-.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
-.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
-.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
-.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
-.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
-.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
-.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
-.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
-.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
-.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
-.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
-.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
-.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
-.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
-.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
-.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
-.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
-.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
-.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
-.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
-.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
-.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
-.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-
-.byte	0x01,0x00,0x00,0x00,	0x02,0x00,0x00,0x00	# rcon
-.byte	0x04,0x00,0x00,0x00,	0x08,0x00,0x00,0x00
-.byte	0x10,0x00,0x00,0x00,	0x20,0x00,0x00,0x00
-.byte	0x40,0x00,0x00,0x00,	0x80,0x00,0x00,0x00
-.byte	0x1B,0x00,0x00,0x00,	0x36,0x00,0x00,0x00
-
-.align	6
-AES_Td:
-.byte	0x51,0xf4,0xa7,0x50,	0x7e,0x41,0x65,0x53	# Td0
-.byte	0x1a,0x17,0xa4,0xc3,	0x3a,0x27,0x5e,0x96
-.byte	0x3b,0xab,0x6b,0xcb,	0x1f,0x9d,0x45,0xf1
-.byte	0xac,0xfa,0x58,0xab,	0x4b,0xe3,0x03,0x93
-.byte	0x20,0x30,0xfa,0x55,	0xad,0x76,0x6d,0xf6
-.byte	0x88,0xcc,0x76,0x91,	0xf5,0x02,0x4c,0x25
-.byte	0x4f,0xe5,0xd7,0xfc,	0xc5,0x2a,0xcb,0xd7
-.byte	0x26,0x35,0x44,0x80,	0xb5,0x62,0xa3,0x8f
-.byte	0xde,0xb1,0x5a,0x49,	0x25,0xba,0x1b,0x67
-.byte	0x45,0xea,0x0e,0x98,	0x5d,0xfe,0xc0,0xe1
-.byte	0xc3,0x2f,0x75,0x02,	0x81,0x4c,0xf0,0x12
-.byte	0x8d,0x46,0x97,0xa3,	0x6b,0xd3,0xf9,0xc6
-.byte	0x03,0x8f,0x5f,0xe7,	0x15,0x92,0x9c,0x95
-.byte	0xbf,0x6d,0x7a,0xeb,	0x95,0x52,0x59,0xda
-.byte	0xd4,0xbe,0x83,0x2d,	0x58,0x74,0x21,0xd3
-.byte	0x49,0xe0,0x69,0x29,	0x8e,0xc9,0xc8,0x44
-.byte	0x75,0xc2,0x89,0x6a,	0xf4,0x8e,0x79,0x78
-.byte	0x99,0x58,0x3e,0x6b,	0x27,0xb9,0x71,0xdd
-.byte	0xbe,0xe1,0x4f,0xb6,	0xf0,0x88,0xad,0x17
-.byte	0xc9,0x20,0xac,0x66,	0x7d,0xce,0x3a,0xb4
-.byte	0x63,0xdf,0x4a,0x18,	0xe5,0x1a,0x31,0x82
-.byte	0x97,0x51,0x33,0x60,	0x62,0x53,0x7f,0x45
-.byte	0xb1,0x64,0x77,0xe0,	0xbb,0x6b,0xae,0x84
-.byte	0xfe,0x81,0xa0,0x1c,	0xf9,0x08,0x2b,0x94
-.byte	0x70,0x48,0x68,0x58,	0x8f,0x45,0xfd,0x19
-.byte	0x94,0xde,0x6c,0x87,	0x52,0x7b,0xf8,0xb7
-.byte	0xab,0x73,0xd3,0x23,	0x72,0x4b,0x02,0xe2
-.byte	0xe3,0x1f,0x8f,0x57,	0x66,0x55,0xab,0x2a
-.byte	0xb2,0xeb,0x28,0x07,	0x2f,0xb5,0xc2,0x03
-.byte	0x86,0xc5,0x7b,0x9a,	0xd3,0x37,0x08,0xa5
-.byte	0x30,0x28,0x87,0xf2,	0x23,0xbf,0xa5,0xb2
-.byte	0x02,0x03,0x6a,0xba,	0xed,0x16,0x82,0x5c
-.byte	0x8a,0xcf,0x1c,0x2b,	0xa7,0x79,0xb4,0x92
-.byte	0xf3,0x07,0xf2,0xf0,	0x4e,0x69,0xe2,0xa1
-.byte	0x65,0xda,0xf4,0xcd,	0x06,0x05,0xbe,0xd5
-.byte	0xd1,0x34,0x62,0x1f,	0xc4,0xa6,0xfe,0x8a
-.byte	0x34,0x2e,0x53,0x9d,	0xa2,0xf3,0x55,0xa0
-.byte	0x05,0x8a,0xe1,0x32,	0xa4,0xf6,0xeb,0x75
-.byte	0x0b,0x83,0xec,0x39,	0x40,0x60,0xef,0xaa
-.byte	0x5e,0x71,0x9f,0x06,	0xbd,0x6e,0x10,0x51
-.byte	0x3e,0x21,0x8a,0xf9,	0x96,0xdd,0x06,0x3d
-.byte	0xdd,0x3e,0x05,0xae,	0x4d,0xe6,0xbd,0x46
-.byte	0x91,0x54,0x8d,0xb5,	0x71,0xc4,0x5d,0x05
-.byte	0x04,0x06,0xd4,0x6f,	0x60,0x50,0x15,0xff
-.byte	0x19,0x98,0xfb,0x24,	0xd6,0xbd,0xe9,0x97
-.byte	0x89,0x40,0x43,0xcc,	0x67,0xd9,0x9e,0x77
-.byte	0xb0,0xe8,0x42,0xbd,	0x07,0x89,0x8b,0x88
-.byte	0xe7,0x19,0x5b,0x38,	0x79,0xc8,0xee,0xdb
-.byte	0xa1,0x7c,0x0a,0x47,	0x7c,0x42,0x0f,0xe9
-.byte	0xf8,0x84,0x1e,0xc9,	0x00,0x00,0x00,0x00
-.byte	0x09,0x80,0x86,0x83,	0x32,0x2b,0xed,0x48
-.byte	0x1e,0x11,0x70,0xac,	0x6c,0x5a,0x72,0x4e
-.byte	0xfd,0x0e,0xff,0xfb,	0x0f,0x85,0x38,0x56
-.byte	0x3d,0xae,0xd5,0x1e,	0x36,0x2d,0x39,0x27
-.byte	0x0a,0x0f,0xd9,0x64,	0x68,0x5c,0xa6,0x21
-.byte	0x9b,0x5b,0x54,0xd1,	0x24,0x36,0x2e,0x3a
-.byte	0x0c,0x0a,0x67,0xb1,	0x93,0x57,0xe7,0x0f
-.byte	0xb4,0xee,0x96,0xd2,	0x1b,0x9b,0x91,0x9e
-.byte	0x80,0xc0,0xc5,0x4f,	0x61,0xdc,0x20,0xa2
-.byte	0x5a,0x77,0x4b,0x69,	0x1c,0x12,0x1a,0x16
-.byte	0xe2,0x93,0xba,0x0a,	0xc0,0xa0,0x2a,0xe5
-.byte	0x3c,0x22,0xe0,0x43,	0x12,0x1b,0x17,0x1d
-.byte	0x0e,0x09,0x0d,0x0b,	0xf2,0x8b,0xc7,0xad
-.byte	0x2d,0xb6,0xa8,0xb9,	0x14,0x1e,0xa9,0xc8
-.byte	0x57,0xf1,0x19,0x85,	0xaf,0x75,0x07,0x4c
-.byte	0xee,0x99,0xdd,0xbb,	0xa3,0x7f,0x60,0xfd
-.byte	0xf7,0x01,0x26,0x9f,	0x5c,0x72,0xf5,0xbc
-.byte	0x44,0x66,0x3b,0xc5,	0x5b,0xfb,0x7e,0x34
-.byte	0x8b,0x43,0x29,0x76,	0xcb,0x23,0xc6,0xdc
-.byte	0xb6,0xed,0xfc,0x68,	0xb8,0xe4,0xf1,0x63
-.byte	0xd7,0x31,0xdc,0xca,	0x42,0x63,0x85,0x10
-.byte	0x13,0x97,0x22,0x40,	0x84,0xc6,0x11,0x20
-.byte	0x85,0x4a,0x24,0x7d,	0xd2,0xbb,0x3d,0xf8
-.byte	0xae,0xf9,0x32,0x11,	0xc7,0x29,0xa1,0x6d
-.byte	0x1d,0x9e,0x2f,0x4b,	0xdc,0xb2,0x30,0xf3
-.byte	0x0d,0x86,0x52,0xec,	0x77,0xc1,0xe3,0xd0
-.byte	0x2b,0xb3,0x16,0x6c,	0xa9,0x70,0xb9,0x99
-.byte	0x11,0x94,0x48,0xfa,	0x47,0xe9,0x64,0x22
-.byte	0xa8,0xfc,0x8c,0xc4,	0xa0,0xf0,0x3f,0x1a
-.byte	0x56,0x7d,0x2c,0xd8,	0x22,0x33,0x90,0xef
-.byte	0x87,0x49,0x4e,0xc7,	0xd9,0x38,0xd1,0xc1
-.byte	0x8c,0xca,0xa2,0xfe,	0x98,0xd4,0x0b,0x36
-.byte	0xa6,0xf5,0x81,0xcf,	0xa5,0x7a,0xde,0x28
-.byte	0xda,0xb7,0x8e,0x26,	0x3f,0xad,0xbf,0xa4
-.byte	0x2c,0x3a,0x9d,0xe4,	0x50,0x78,0x92,0x0d
-.byte	0x6a,0x5f,0xcc,0x9b,	0x54,0x7e,0x46,0x62
-.byte	0xf6,0x8d,0x13,0xc2,	0x90,0xd8,0xb8,0xe8
-.byte	0x2e,0x39,0xf7,0x5e,	0x82,0xc3,0xaf,0xf5
-.byte	0x9f,0x5d,0x80,0xbe,	0x69,0xd0,0x93,0x7c
-.byte	0x6f,0xd5,0x2d,0xa9,	0xcf,0x25,0x12,0xb3
-.byte	0xc8,0xac,0x99,0x3b,	0x10,0x18,0x7d,0xa7
-.byte	0xe8,0x9c,0x63,0x6e,	0xdb,0x3b,0xbb,0x7b
-.byte	0xcd,0x26,0x78,0x09,	0x6e,0x59,0x18,0xf4
-.byte	0xec,0x9a,0xb7,0x01,	0x83,0x4f,0x9a,0xa8
-.byte	0xe6,0x95,0x6e,0x65,	0xaa,0xff,0xe6,0x7e
-.byte	0x21,0xbc,0xcf,0x08,	0xef,0x15,0xe8,0xe6
-.byte	0xba,0xe7,0x9b,0xd9,	0x4a,0x6f,0x36,0xce
-.byte	0xea,0x9f,0x09,0xd4,	0x29,0xb0,0x7c,0xd6
-.byte	0x31,0xa4,0xb2,0xaf,	0x2a,0x3f,0x23,0x31
-.byte	0xc6,0xa5,0x94,0x30,	0x35,0xa2,0x66,0xc0
-.byte	0x74,0x4e,0xbc,0x37,	0xfc,0x82,0xca,0xa6
-.byte	0xe0,0x90,0xd0,0xb0,	0x33,0xa7,0xd8,0x15
-.byte	0xf1,0x04,0x98,0x4a,	0x41,0xec,0xda,0xf7
-.byte	0x7f,0xcd,0x50,0x0e,	0x17,0x91,0xf6,0x2f
-.byte	0x76,0x4d,0xd6,0x8d,	0x43,0xef,0xb0,0x4d
-.byte	0xcc,0xaa,0x4d,0x54,	0xe4,0x96,0x04,0xdf
-.byte	0x9e,0xd1,0xb5,0xe3,	0x4c,0x6a,0x88,0x1b
-.byte	0xc1,0x2c,0x1f,0xb8,	0x46,0x65,0x51,0x7f
-.byte	0x9d,0x5e,0xea,0x04,	0x01,0x8c,0x35,0x5d
-.byte	0xfa,0x87,0x74,0x73,	0xfb,0x0b,0x41,0x2e
-.byte	0xb3,0x67,0x1d,0x5a,	0x92,0xdb,0xd2,0x52
-.byte	0xe9,0x10,0x56,0x33,	0x6d,0xd6,0x47,0x13
-.byte	0x9a,0xd7,0x61,0x8c,	0x37,0xa1,0x0c,0x7a
-.byte	0x59,0xf8,0x14,0x8e,	0xeb,0x13,0x3c,0x89
-.byte	0xce,0xa9,0x27,0xee,	0xb7,0x61,0xc9,0x35
-.byte	0xe1,0x1c,0xe5,0xed,	0x7a,0x47,0xb1,0x3c
-.byte	0x9c,0xd2,0xdf,0x59,	0x55,0xf2,0x73,0x3f
-.byte	0x18,0x14,0xce,0x79,	0x73,0xc7,0x37,0xbf
-.byte	0x53,0xf7,0xcd,0xea,	0x5f,0xfd,0xaa,0x5b
-.byte	0xdf,0x3d,0x6f,0x14,	0x78,0x44,0xdb,0x86
-.byte	0xca,0xaf,0xf3,0x81,	0xb9,0x68,0xc4,0x3e
-.byte	0x38,0x24,0x34,0x2c,	0xc2,0xa3,0x40,0x5f
-.byte	0x16,0x1d,0xc3,0x72,	0xbc,0xe2,0x25,0x0c
-.byte	0x28,0x3c,0x49,0x8b,	0xff,0x0d,0x95,0x41
-.byte	0x39,0xa8,0x01,0x71,	0x08,0x0c,0xb3,0xde
-.byte	0xd8,0xb4,0xe4,0x9c,	0x64,0x56,0xc1,0x90
-.byte	0x7b,0xcb,0x84,0x61,	0xd5,0x32,0xb6,0x70
-.byte	0x48,0x6c,0x5c,0x74,	0xd0,0xb8,0x57,0x42
-
-.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38	# Td4
-.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
-.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
-.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
-.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
-.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
-.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
-.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
-.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
-.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
-.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
-.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
-.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
-.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
-.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
-.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
-.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
-.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
-.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
-.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
-.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
-.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
-.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
-.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
-.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
-.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
-.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
-.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
-.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
-.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
-.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
-.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-___
-
-foreach (split("\n",$code)) {
-	s/\`([^\`]*)\`/eval $1/ge;
-
-	# made-up _instructions, _xtr, _ins, _ror and _bias, cope
-	# with byte order dependencies...
-	if (/^\s+_/) {
-	    s/(_[a-z]+\s+)(\$[0-9]+),([^,]+)(#.*)*$/$1$2,$2,$3/;
-
-	    s/_xtr\s+(\$[0-9]+),(\$[0-9]+),([0-9]+(\-2)*)/
-		sprintf("srl\t$1,$2,%d",$big_endian ?	eval($3)
-					:		eval("24-$3"))/e or
-	    s/_ins\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/
-		sprintf("sll\t$1,$2,%d",$big_endian ?	eval($3)
-					:		eval("24-$3"))/e or
-	    s/_ror\s+(\$[0-9]+),(\$[0-9]+),(\-?[0-9]+)/
-		sprintf("srl\t$1,$2,%d",$big_endian ?	eval($3)
-					:		eval("$3*-1"))/e or
-	    s/_bias\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/
-		sprintf("sll\t$1,$2,%d",$big_endian ?	eval($3)
-					:		eval("($3-16)&31"))/e;
-
-	    s/srl\s+(\$[0-9]+),(\$[0-9]+),\-([0-9]+)/
-		sprintf("sll\t$1,$2,$3")/e				or
-	    s/srl\s+(\$[0-9]+),(\$[0-9]+),0/
-		sprintf("and\t$1,$2,0xff")/e				or
-	    s/(sll\s+\$[0-9]+,\$[0-9]+,0)/#$1/;
-	}
-
-	# convert lwl/lwr and swr/swl to little-endian order
-	if (!$big_endian && /^\s+[sl]w[lr]\s+/) {
-	    s/([sl]wl.*)([0-9]+)\((\$[0-9]+)\)/
-		sprintf("$1%d($3)",eval("$2-$2%4+($2%4-1)&3"))/e	or
-	    s/([sl]wr.*)([0-9]+)\((\$[0-9]+)\)/
-		sprintf("$1%d($3)",eval("$2-$2%4+($2%4+1)&3"))/e;
-	}
-
-	print $_,"\n";
-}
-
-close STDOUT;
diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl
deleted file mode 100644
index 714dcfbbe3..0000000000
--- a/crypto/aes/asm/aes-parisc.pl
+++ /dev/null
@@ -1,1022 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# AES for PA-RISC.
-#
-# June 2009.
-#
-# The module is mechanical transliteration of aes-sparcv9.pl, but with
-# a twist: S-boxes are compressed even further down to 1K+256B. On
-# PA-7100LC performance is ~40% better than gcc 3.2 generated code and
-# is about 33 cycles per byte processed with 128-bit key. Newer CPUs
-# perform at 16 cycles per byte. It's not faster than code generated
-# by vendor compiler, but recall that it has compressed S-boxes, which
-# requires extra processing.
-#
-# Special thanks to polarhome.com for providing HP-UX account.
-
-$flavour = shift;
-$output = shift;
-open STDOUT,">$output";
-
-if ($flavour =~ /64/) {
-	$LEVEL		="2.0W";
-	$SIZE_T		=8;
-	$FRAME_MARKER	=80;
-	$SAVED_RP	=16;
-	$PUSH		="std";
-	$PUSHMA		="std,ma";
-	$POP		="ldd";
-	$POPMB		="ldd,mb";
-} else {
-	$LEVEL		="1.0";
-	$SIZE_T		=4;
-	$FRAME_MARKER	=48;
-	$SAVED_RP	=20;
-	$PUSH		="stw";
-	$PUSHMA		="stwm";
-	$POP		="ldw";
-	$POPMB		="ldwm";
-}
-
-$FRAME=16*$SIZE_T+$FRAME_MARKER;# 16 saved regs + frame marker
-				#                 [+ argument transfer]
-$inp="%r26";	# arg0
-$out="%r25";	# arg1
-$key="%r24";	# arg2
-
-($s0,$s1,$s2,$s3) = ("%r1","%r2","%r3","%r4");
-($t0,$t1,$t2,$t3) = ("%r5","%r6","%r7","%r8");
-
-($acc0, $acc1, $acc2, $acc3, $acc4, $acc5, $acc6, $acc7,
- $acc8, $acc9,$acc10,$acc11,$acc12,$acc13,$acc14,$acc15) =
-("%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16",
-"%r17","%r18","%r19","%r20","%r21","%r22","%r23","%r26");
-
-$tbl="%r28";
-$rounds="%r29";
-
-$code=<<___;
-	.LEVEL	$LEVEL
-	.SPACE	\$TEXT\$
-	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
-
-	.EXPORT	AES_encrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
-	.ALIGN	64
-AES_encrypt
-	.PROC
-	.CALLINFO	FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
-	.ENTRY
-	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
-	$PUSHMA	%r3,$FRAME(%sp)
-	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
-	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
-	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
-	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
-	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
-	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
-	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
-	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
-	$PUSH	%r12,`-$FRAME+9*$SIZE_T`(%sp)
-	$PUSH	%r13,`-$FRAME+10*$SIZE_T`(%sp)
-	$PUSH	%r14,`-$FRAME+11*$SIZE_T`(%sp)
-	$PUSH	%r15,`-$FRAME+12*$SIZE_T`(%sp)
-	$PUSH	%r16,`-$FRAME+13*$SIZE_T`(%sp)
-	$PUSH	%r17,`-$FRAME+14*$SIZE_T`(%sp)
-	$PUSH	%r18,`-$FRAME+15*$SIZE_T`(%sp)
-
-	blr	%r0,$tbl
-	ldi	3,$t0
-L\$enc_pic
-	andcm	$tbl,$t0,$tbl
-	ldo	L\$AES_Te-L\$enc_pic($tbl),$tbl
-
-	and	$inp,$t0,$t0
-	sub	$inp,$t0,$inp
-	ldw	0($inp),$s0
-	ldw	4($inp),$s1
-	ldw	8($inp),$s2
-	comib,=	0,$t0,L\$enc_inp_aligned
-	ldw	12($inp),$s3
-
-	sh3addl	$t0,%r0,$t0
-	subi	32,$t0,$t0
-	mtctl	$t0,%cr11
-	ldw	16($inp),$t1
-	vshd	$s0,$s1,$s0
-	vshd	$s1,$s2,$s1
-	vshd	$s2,$s3,$s2
-	vshd	$s3,$t1,$s3
-
-L\$enc_inp_aligned
-	bl	_parisc_AES_encrypt,%r31
-	nop
-
-	extru,<> $out,31,2,%r0
-	b	L\$enc_out_aligned
-	nop
-
-	_srm	$s0,24,$acc0
-	_srm	$s0,16,$acc1
-	stb	$acc0,0($out)
-	_srm	$s0,8,$acc2
-	stb	$acc1,1($out)
-	_srm	$s1,24,$acc4
-	stb	$acc2,2($out)
-	_srm	$s1,16,$acc5
-	stb	$s0,3($out)
-	_srm	$s1,8,$acc6
-	stb	$acc4,4($out)
-	_srm	$s2,24,$acc0
-	stb	$acc5,5($out)
-	_srm	$s2,16,$acc1
-	stb	$acc6,6($out)
-	_srm	$s2,8,$acc2
-	stb	$s1,7($out)
-	_srm	$s3,24,$acc4
-	stb	$acc0,8($out)
-	_srm	$s3,16,$acc5
-	stb	$acc1,9($out)
-	_srm	$s3,8,$acc6
-	stb	$acc2,10($out)
-	stb	$s2,11($out)
-	stb	$acc4,12($out)
-	stb	$acc5,13($out)
-	stb	$acc6,14($out)
-	b	L\$enc_done
-	stb	$s3,15($out)
-
-L\$enc_out_aligned
-	stw	$s0,0($out)
-	stw	$s1,4($out)
-	stw	$s2,8($out)
-	stw	$s3,12($out)
-
-L\$enc_done
-	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2	; standard epilogue
-	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
-	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
-	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
-	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
-	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
-	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
-	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
-	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
-	$POP	`-$FRAME+9*$SIZE_T`(%sp),%r12
-	$POP	`-$FRAME+10*$SIZE_T`(%sp),%r13
-	$POP	`-$FRAME+11*$SIZE_T`(%sp),%r14
-	$POP	`-$FRAME+12*$SIZE_T`(%sp),%r15
-	$POP	`-$FRAME+13*$SIZE_T`(%sp),%r16
-	$POP	`-$FRAME+14*$SIZE_T`(%sp),%r17
-	$POP	`-$FRAME+15*$SIZE_T`(%sp),%r18
-	bv	(%r2)
-	.EXIT
-	$POPMB	-$FRAME(%sp),%r3
-	.PROCEND
-
-	.ALIGN	16
-_parisc_AES_encrypt
-	.PROC
-	.CALLINFO	MILLICODE
-	.ENTRY
-	ldw	240($key),$rounds
-	ldw	0($key),$t0
-	ldw	4($key),$t1
-	ldw	8($key),$t2
-	_srm	$rounds,1,$rounds
-	xor	$t0,$s0,$s0
-	ldw	12($key),$t3
-	_srm	$s0,24,$acc0
-	xor	$t1,$s1,$s1
-	ldw	16($key),$t0
-	_srm	$s1,16,$acc1
-	xor	$t2,$s2,$s2
-	ldw	20($key),$t1
-	xor	$t3,$s3,$s3
-	ldw	24($key),$t2
-	ldw	28($key),$t3
-L\$enc_loop
-	_srm	$s2,8,$acc2
-	ldwx,s	$acc0($tbl),$acc0
-	_srm	$s3,0,$acc3
-	ldwx,s	$acc1($tbl),$acc1
-	_srm	$s1,24,$acc4
-	ldwx,s	$acc2($tbl),$acc2
-	_srm	$s2,16,$acc5
-	ldwx,s	$acc3($tbl),$acc3
-	_srm	$s3,8,$acc6
-	ldwx,s	$acc4($tbl),$acc4
-	_srm	$s0,0,$acc7
-	ldwx,s	$acc5($tbl),$acc5
-	_srm	$s2,24,$acc8
-	ldwx,s	$acc6($tbl),$acc6
-	_srm	$s3,16,$acc9
-	ldwx,s	$acc7($tbl),$acc7
-	_srm	$s0,8,$acc10
-	ldwx,s	$acc8($tbl),$acc8
-	_srm	$s1,0,$acc11
-	ldwx,s	$acc9($tbl),$acc9
-	_srm	$s3,24,$acc12
-	ldwx,s	$acc10($tbl),$acc10
-	_srm	$s0,16,$acc13
-	ldwx,s	$acc11($tbl),$acc11
-	_srm	$s1,8,$acc14
-	ldwx,s	$acc12($tbl),$acc12
-	_srm	$s2,0,$acc15
-	ldwx,s	$acc13($tbl),$acc13
-	ldwx,s	$acc14($tbl),$acc14
-	ldwx,s	$acc15($tbl),$acc15
-	addib,= -1,$rounds,L\$enc_last
-	ldo	32($key),$key
-
-		_ror	$acc1,8,$acc1
-		xor	$acc0,$t0,$t0
-	ldw	0($key),$s0
-		_ror	$acc2,16,$acc2
-		xor	$acc1,$t0,$t0
-	ldw	4($key),$s1
-		_ror	$acc3,24,$acc3
-		xor	$acc2,$t0,$t0
-	ldw	8($key),$s2
-		_ror	$acc5,8,$acc5
-		xor	$acc3,$t0,$t0
-	ldw	12($key),$s3
-		_ror	$acc6,16,$acc6
-		xor	$acc4,$t1,$t1
-		_ror	$acc7,24,$acc7
-		xor	$acc5,$t1,$t1
-		_ror	$acc9,8,$acc9
-		xor	$acc6,$t1,$t1
-		_ror	$acc10,16,$acc10
-		xor	$acc7,$t1,$t1
-		_ror	$acc11,24,$acc11
-		xor	$acc8,$t2,$t2
-		_ror	$acc13,8,$acc13
-		xor	$acc9,$t2,$t2
-		_ror	$acc14,16,$acc14
-		xor	$acc10,$t2,$t2
-		_ror	$acc15,24,$acc15
-		xor	$acc11,$t2,$t2
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$t3,$t3
-	_srm	$t0,24,$acc0
-		xor	$acc14,$t3,$t3
-	_srm	$t1,16,$acc1
-		xor	$acc15,$t3,$t3
-
-	_srm	$t2,8,$acc2
-	ldwx,s	$acc0($tbl),$acc0
-	_srm	$t3,0,$acc3
-	ldwx,s	$acc1($tbl),$acc1
-	_srm	$t1,24,$acc4
-	ldwx,s	$acc2($tbl),$acc2
-	_srm	$t2,16,$acc5
-	ldwx,s	$acc3($tbl),$acc3
-	_srm	$t3,8,$acc6
-	ldwx,s	$acc4($tbl),$acc4
-	_srm	$t0,0,$acc7
-	ldwx,s	$acc5($tbl),$acc5
-	_srm	$t2,24,$acc8
-	ldwx,s	$acc6($tbl),$acc6
-	_srm	$t3,16,$acc9
-	ldwx,s	$acc7($tbl),$acc7
-	_srm	$t0,8,$acc10
-	ldwx,s	$acc8($tbl),$acc8
-	_srm	$t1,0,$acc11
-	ldwx,s	$acc9($tbl),$acc9
-	_srm	$t3,24,$acc12
-	ldwx,s	$acc10($tbl),$acc10
-	_srm	$t0,16,$acc13
-	ldwx,s	$acc11($tbl),$acc11
-	_srm	$t1,8,$acc14
-	ldwx,s	$acc12($tbl),$acc12
-	_srm	$t2,0,$acc15
-	ldwx,s	$acc13($tbl),$acc13
-		_ror	$acc1,8,$acc1
-	ldwx,s	$acc14($tbl),$acc14
-
-		_ror	$acc2,16,$acc2
-		xor	$acc0,$s0,$s0
-	ldwx,s	$acc15($tbl),$acc15
-		_ror	$acc3,24,$acc3
-		xor	$acc1,$s0,$s0
-	ldw	16($key),$t0
-		_ror	$acc5,8,$acc5
-		xor	$acc2,$s0,$s0
-	ldw	20($key),$t1
-		_ror	$acc6,16,$acc6
-		xor	$acc3,$s0,$s0
-	ldw	24($key),$t2
-		_ror	$acc7,24,$acc7
-		xor	$acc4,$s1,$s1
-	ldw	28($key),$t3
-		_ror	$acc9,8,$acc9
-		xor	$acc5,$s1,$s1
-	ldw	1024+0($tbl),%r0		; prefetch te4
-		_ror	$acc10,16,$acc10
-		xor	$acc6,$s1,$s1
-	ldw	1024+32($tbl),%r0		; prefetch te4
-		_ror	$acc11,24,$acc11
-		xor	$acc7,$s1,$s1
-	ldw	1024+64($tbl),%r0		; prefetch te4
-		_ror	$acc13,8,$acc13
-		xor	$acc8,$s2,$s2
-	ldw	1024+96($tbl),%r0		; prefetch te4
-		_ror	$acc14,16,$acc14
-		xor	$acc9,$s2,$s2
-	ldw	1024+128($tbl),%r0		; prefetch te4
-		_ror	$acc15,24,$acc15
-		xor	$acc10,$s2,$s2
-	ldw	1024+160($tbl),%r0		; prefetch te4
-	_srm	$s0,24,$acc0
-		xor	$acc11,$s2,$s2
-	ldw	1024+192($tbl),%r0		; prefetch te4
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$s3,$s3
-	ldw	1024+224($tbl),%r0		; prefetch te4
-	_srm	$s1,16,$acc1
-		xor	$acc14,$s3,$s3
-	b	L\$enc_loop
-		xor	$acc15,$s3,$s3
-
-	.ALIGN	16
-L\$enc_last
-	ldo	1024($tbl),$rounds
-		_ror	$acc1,8,$acc1
-		xor	$acc0,$t0,$t0
-	ldw	0($key),$s0
-		_ror	$acc2,16,$acc2
-		xor	$acc1,$t0,$t0
-	ldw	4($key),$s1
-		_ror	$acc3,24,$acc3
-		xor	$acc2,$t0,$t0
-	ldw	8($key),$s2
-		_ror	$acc5,8,$acc5
-		xor	$acc3,$t0,$t0
-	ldw	12($key),$s3
-		_ror	$acc6,16,$acc6
-		xor	$acc4,$t1,$t1
-		_ror	$acc7,24,$acc7
-		xor	$acc5,$t1,$t1
-		_ror	$acc9,8,$acc9
-		xor	$acc6,$t1,$t1
-		_ror	$acc10,16,$acc10
-		xor	$acc7,$t1,$t1
-		_ror	$acc11,24,$acc11
-		xor	$acc8,$t2,$t2
-		_ror	$acc13,8,$acc13
-		xor	$acc9,$t2,$t2
-		_ror	$acc14,16,$acc14
-		xor	$acc10,$t2,$t2
-		_ror	$acc15,24,$acc15
-		xor	$acc11,$t2,$t2
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$t3,$t3
-	_srm	$t0,24,$acc0
-		xor	$acc14,$t3,$t3
-	_srm	$t1,16,$acc1
-		xor	$acc15,$t3,$t3
-
-	_srm	$t2,8,$acc2
-	ldbx	$acc0($rounds),$acc0
-	_srm	$t1,24,$acc4
-	ldbx	$acc1($rounds),$acc1
-	_srm	$t2,16,$acc5
-	_srm	$t3,0,$acc3
-	ldbx	$acc2($rounds),$acc2
-	ldbx	$acc3($rounds),$acc3
-	_srm	$t3,8,$acc6
-	ldbx	$acc4($rounds),$acc4
-	_srm	$t2,24,$acc8
-	ldbx	$acc5($rounds),$acc5
-	_srm	$t3,16,$acc9
-	_srm	$t0,0,$acc7
-	ldbx	$acc6($rounds),$acc6
-	ldbx	$acc7($rounds),$acc7
-	_srm	$t0,8,$acc10
-	ldbx	$acc8($rounds),$acc8
-	_srm	$t3,24,$acc12
-	ldbx	$acc9($rounds),$acc9
-	_srm	$t0,16,$acc13
-	_srm	$t1,0,$acc11
-	ldbx	$acc10($rounds),$acc10
-	_srm	$t1,8,$acc14
-	ldbx	$acc11($rounds),$acc11
-	ldbx	$acc12($rounds),$acc12
-	ldbx	$acc13($rounds),$acc13
-	_srm	$t2,0,$acc15
-	ldbx	$acc14($rounds),$acc14
-
-		dep	$acc0,7,8,$acc3
-	ldbx	$acc15($rounds),$acc15
-		dep	$acc4,7,8,$acc7
-		dep	$acc1,15,8,$acc3
-		dep	$acc5,15,8,$acc7
-		dep	$acc2,23,8,$acc3
-		dep	$acc6,23,8,$acc7
-		xor	$acc3,$s0,$s0
-		xor	$acc7,$s1,$s1
-		dep	$acc8,7,8,$acc11
-		dep	$acc12,7,8,$acc15
-		dep	$acc9,15,8,$acc11
-		dep	$acc13,15,8,$acc15
-		dep	$acc10,23,8,$acc11
-		dep	$acc14,23,8,$acc15
-		xor	$acc11,$s2,$s2
-
-	bv	(%r31)
-	.EXIT
-		xor	$acc15,$s3,$s3
-	.PROCEND
-
-	.ALIGN	64
-L\$AES_Te
-	.WORD	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
-	.WORD	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
-	.WORD	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
-	.WORD	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
-	.WORD	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
-	.WORD	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
-	.WORD	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
-	.WORD	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
-	.WORD	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
-	.WORD	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
-	.WORD	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
-	.WORD	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
-	.WORD	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
-	.WORD	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
-	.WORD	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
-	.WORD	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
-	.WORD	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
-	.WORD	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
-	.WORD	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
-	.WORD	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
-	.WORD	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
-	.WORD	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
-	.WORD	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
-	.WORD	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
-	.WORD	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
-	.WORD	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
-	.WORD	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
-	.WORD	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
-	.WORD	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
-	.WORD	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
-	.WORD	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
-	.WORD	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
-	.WORD	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
-	.WORD	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
-	.WORD	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
-	.WORD	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
-	.WORD	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
-	.WORD	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
-	.WORD	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
-	.WORD	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
-	.WORD	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
-	.WORD	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
-	.WORD	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
-	.WORD	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
-	.WORD	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
-	.WORD	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
-	.WORD	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
-	.WORD	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
-	.WORD	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
-	.WORD	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
-	.WORD	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
-	.WORD	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
-	.WORD	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
-	.WORD	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
-	.WORD	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
-	.WORD	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
-	.WORD	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
-	.WORD	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
-	.WORD	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
-	.WORD	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
-	.WORD	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
-	.WORD	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
-	.WORD	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
-	.WORD	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
-	.BYTE	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
-	.BYTE	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
-	.BYTE	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
-	.BYTE	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
-	.BYTE	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
-	.BYTE	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
-	.BYTE	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
-	.BYTE	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
-	.BYTE	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
-	.BYTE	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
-	.BYTE	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
-	.BYTE	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
-	.BYTE	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
-	.BYTE	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
-	.BYTE	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
-	.BYTE	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
-	.BYTE	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
-	.BYTE	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
-	.BYTE	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
-	.BYTE	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
-	.BYTE	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
-	.BYTE	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
-	.BYTE	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
-	.BYTE	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
-	.BYTE	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
-	.BYTE	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
-	.BYTE	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
-	.BYTE	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
-	.BYTE	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
-	.BYTE	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
-	.BYTE	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
-	.BYTE	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-___
-
-$code.=<<___;
-	.EXPORT	AES_decrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
-	.ALIGN	16
-AES_decrypt
-	.PROC
-	.CALLINFO	FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
-	.ENTRY
-	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
-	$PUSHMA	%r3,$FRAME(%sp)
-	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
-	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
-	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
-	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
-	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
-	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
-	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
-	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
-	$PUSH	%r12,`-$FRAME+9*$SIZE_T`(%sp)
-	$PUSH	%r13,`-$FRAME+10*$SIZE_T`(%sp)
-	$PUSH	%r14,`-$FRAME+11*$SIZE_T`(%sp)
-	$PUSH	%r15,`-$FRAME+12*$SIZE_T`(%sp)
-	$PUSH	%r16,`-$FRAME+13*$SIZE_T`(%sp)
-	$PUSH	%r17,`-$FRAME+14*$SIZE_T`(%sp)
-	$PUSH	%r18,`-$FRAME+15*$SIZE_T`(%sp)
-
-	blr	%r0,$tbl
-	ldi	3,$t0
-L\$dec_pic
-	andcm	$tbl,$t0,$tbl
-	ldo	L\$AES_Td-L\$dec_pic($tbl),$tbl
-
-	and	$inp,$t0,$t0
-	sub	$inp,$t0,$inp
-	ldw	0($inp),$s0
-	ldw	4($inp),$s1
-	ldw	8($inp),$s2
-	comib,=	0,$t0,L\$dec_inp_aligned
-	ldw	12($inp),$s3
-
-	sh3addl	$t0,%r0,$t0
-	subi	32,$t0,$t0
-	mtctl	$t0,%cr11
-	ldw	16($inp),$t1
-	vshd	$s0,$s1,$s0
-	vshd	$s1,$s2,$s1
-	vshd	$s2,$s3,$s2
-	vshd	$s3,$t1,$s3
-
-L\$dec_inp_aligned
-	bl	_parisc_AES_decrypt,%r31
-	nop
-
-	extru,<> $out,31,2,%r0
-	b	L\$dec_out_aligned
-	nop
-
-	_srm	$s0,24,$acc0
-	_srm	$s0,16,$acc1
-	stb	$acc0,0($out)
-	_srm	$s0,8,$acc2
-	stb	$acc1,1($out)
-	_srm	$s1,24,$acc4
-	stb	$acc2,2($out)
-	_srm	$s1,16,$acc5
-	stb	$s0,3($out)
-	_srm	$s1,8,$acc6
-	stb	$acc4,4($out)
-	_srm	$s2,24,$acc0
-	stb	$acc5,5($out)
-	_srm	$s2,16,$acc1
-	stb	$acc6,6($out)
-	_srm	$s2,8,$acc2
-	stb	$s1,7($out)
-	_srm	$s3,24,$acc4
-	stb	$acc0,8($out)
-	_srm	$s3,16,$acc5
-	stb	$acc1,9($out)
-	_srm	$s3,8,$acc6
-	stb	$acc2,10($out)
-	stb	$s2,11($out)
-	stb	$acc4,12($out)
-	stb	$acc5,13($out)
-	stb	$acc6,14($out)
-	b	L\$dec_done
-	stb	$s3,15($out)
-
-L\$dec_out_aligned
-	stw	$s0,0($out)
-	stw	$s1,4($out)
-	stw	$s2,8($out)
-	stw	$s3,12($out)
-
-L\$dec_done
-	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2	; standard epilogue
-	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
-	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
-	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
-	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
-	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
-	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
-	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
-	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
-	$POP	`-$FRAME+9*$SIZE_T`(%sp),%r12
-	$POP	`-$FRAME+10*$SIZE_T`(%sp),%r13
-	$POP	`-$FRAME+11*$SIZE_T`(%sp),%r14
-	$POP	`-$FRAME+12*$SIZE_T`(%sp),%r15
-	$POP	`-$FRAME+13*$SIZE_T`(%sp),%r16
-	$POP	`-$FRAME+14*$SIZE_T`(%sp),%r17
-	$POP	`-$FRAME+15*$SIZE_T`(%sp),%r18
-	bv	(%r2)
-	.EXIT
-	$POPMB	-$FRAME(%sp),%r3
-	.PROCEND
-
-	.ALIGN	16
-_parisc_AES_decrypt
-	.PROC
-	.CALLINFO	MILLICODE
-	.ENTRY
-	ldw	240($key),$rounds
-	ldw	0($key),$t0
-	ldw	4($key),$t1
-	ldw	8($key),$t2
-	ldw	12($key),$t3
-	_srm	$rounds,1,$rounds
-	xor	$t0,$s0,$s0
-	ldw	16($key),$t0
-	xor	$t1,$s1,$s1
-	ldw	20($key),$t1
-	_srm	$s0,24,$acc0
-	xor	$t2,$s2,$s2
-	ldw	24($key),$t2
-	xor	$t3,$s3,$s3
-	ldw	28($key),$t3
-	_srm	$s3,16,$acc1
-L\$dec_loop
-	_srm	$s2,8,$acc2
-	ldwx,s	$acc0($tbl),$acc0
-	_srm	$s1,0,$acc3
-	ldwx,s	$acc1($tbl),$acc1
-	_srm	$s1,24,$acc4
-	ldwx,s	$acc2($tbl),$acc2
-	_srm	$s0,16,$acc5
-	ldwx,s	$acc3($tbl),$acc3
-	_srm	$s3,8,$acc6
-	ldwx,s	$acc4($tbl),$acc4
-	_srm	$s2,0,$acc7
-	ldwx,s	$acc5($tbl),$acc5
-	_srm	$s2,24,$acc8
-	ldwx,s	$acc6($tbl),$acc6
-	_srm	$s1,16,$acc9
-	ldwx,s	$acc7($tbl),$acc7
-	_srm	$s0,8,$acc10
-	ldwx,s	$acc8($tbl),$acc8
-	_srm	$s3,0,$acc11
-	ldwx,s	$acc9($tbl),$acc9
-	_srm	$s3,24,$acc12
-	ldwx,s	$acc10($tbl),$acc10
-	_srm	$s2,16,$acc13
-	ldwx,s	$acc11($tbl),$acc11
-	_srm	$s1,8,$acc14
-	ldwx,s	$acc12($tbl),$acc12
-	_srm	$s0,0,$acc15
-	ldwx,s	$acc13($tbl),$acc13
-	ldwx,s	$acc14($tbl),$acc14
-	ldwx,s	$acc15($tbl),$acc15
-	addib,= -1,$rounds,L\$dec_last
-	ldo	32($key),$key
-
-		_ror	$acc1,8,$acc1
-		xor	$acc0,$t0,$t0
-	ldw	0($key),$s0
-		_ror	$acc2,16,$acc2
-		xor	$acc1,$t0,$t0
-	ldw	4($key),$s1
-		_ror	$acc3,24,$acc3
-		xor	$acc2,$t0,$t0
-	ldw	8($key),$s2
-		_ror	$acc5,8,$acc5
-		xor	$acc3,$t0,$t0
-	ldw	12($key),$s3
-		_ror	$acc6,16,$acc6
-		xor	$acc4,$t1,$t1
-		_ror	$acc7,24,$acc7
-		xor	$acc5,$t1,$t1
-		_ror	$acc9,8,$acc9
-		xor	$acc6,$t1,$t1
-		_ror	$acc10,16,$acc10
-		xor	$acc7,$t1,$t1
-		_ror	$acc11,24,$acc11
-		xor	$acc8,$t2,$t2
-		_ror	$acc13,8,$acc13
-		xor	$acc9,$t2,$t2
-		_ror	$acc14,16,$acc14
-		xor	$acc10,$t2,$t2
-		_ror	$acc15,24,$acc15
-		xor	$acc11,$t2,$t2
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$t3,$t3
-	_srm	$t0,24,$acc0
-		xor	$acc14,$t3,$t3
-		xor	$acc15,$t3,$t3
-	_srm	$t3,16,$acc1
-
-	_srm	$t2,8,$acc2
-	ldwx,s	$acc0($tbl),$acc0
-	_srm	$t1,0,$acc3
-	ldwx,s	$acc1($tbl),$acc1
-	_srm	$t1,24,$acc4
-	ldwx,s	$acc2($tbl),$acc2
-	_srm	$t0,16,$acc5
-	ldwx,s	$acc3($tbl),$acc3
-	_srm	$t3,8,$acc6
-	ldwx,s	$acc4($tbl),$acc4
-	_srm	$t2,0,$acc7
-	ldwx,s	$acc5($tbl),$acc5
-	_srm	$t2,24,$acc8
-	ldwx,s	$acc6($tbl),$acc6
-	_srm	$t1,16,$acc9
-	ldwx,s	$acc7($tbl),$acc7
-	_srm	$t0,8,$acc10
-	ldwx,s	$acc8($tbl),$acc8
-	_srm	$t3,0,$acc11
-	ldwx,s	$acc9($tbl),$acc9
-	_srm	$t3,24,$acc12
-	ldwx,s	$acc10($tbl),$acc10
-	_srm	$t2,16,$acc13
-	ldwx,s	$acc11($tbl),$acc11
-	_srm	$t1,8,$acc14
-	ldwx,s	$acc12($tbl),$acc12
-	_srm	$t0,0,$acc15
-	ldwx,s	$acc13($tbl),$acc13
-		_ror	$acc1,8,$acc1
-	ldwx,s	$acc14($tbl),$acc14
-
-		_ror	$acc2,16,$acc2
-		xor	$acc0,$s0,$s0
-	ldwx,s	$acc15($tbl),$acc15
-		_ror	$acc3,24,$acc3
-		xor	$acc1,$s0,$s0
-	ldw	16($key),$t0
-		_ror	$acc5,8,$acc5
-		xor	$acc2,$s0,$s0
-	ldw	20($key),$t1
-		_ror	$acc6,16,$acc6
-		xor	$acc3,$s0,$s0
-	ldw	24($key),$t2
-		_ror	$acc7,24,$acc7
-		xor	$acc4,$s1,$s1
-	ldw	28($key),$t3
-		_ror	$acc9,8,$acc9
-		xor	$acc5,$s1,$s1
-	ldw	1024+0($tbl),%r0		; prefetch td4
-		_ror	$acc10,16,$acc10
-		xor	$acc6,$s1,$s1
-	ldw	1024+32($tbl),%r0		; prefetch td4
-		_ror	$acc11,24,$acc11
-		xor	$acc7,$s1,$s1
-	ldw	1024+64($tbl),%r0		; prefetch td4
-		_ror	$acc13,8,$acc13
-		xor	$acc8,$s2,$s2
-	ldw	1024+96($tbl),%r0		; prefetch td4
-		_ror	$acc14,16,$acc14
-		xor	$acc9,$s2,$s2
-	ldw	1024+128($tbl),%r0		; prefetch td4
-		_ror	$acc15,24,$acc15
-		xor	$acc10,$s2,$s2
-	ldw	1024+160($tbl),%r0		; prefetch td4
-	_srm	$s0,24,$acc0
-		xor	$acc11,$s2,$s2
-	ldw	1024+192($tbl),%r0		; prefetch td4
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$s3,$s3
-	ldw	1024+224($tbl),%r0		; prefetch td4
-		xor	$acc14,$s3,$s3
-		xor	$acc15,$s3,$s3
-	b	L\$dec_loop
-	_srm	$s3,16,$acc1
-
-	.ALIGN	16
-L\$dec_last
-	ldo	1024($tbl),$rounds
-		_ror	$acc1,8,$acc1
-		xor	$acc0,$t0,$t0
-	ldw	0($key),$s0
-		_ror	$acc2,16,$acc2
-		xor	$acc1,$t0,$t0
-	ldw	4($key),$s1
-		_ror	$acc3,24,$acc3
-		xor	$acc2,$t0,$t0
-	ldw	8($key),$s2
-		_ror	$acc5,8,$acc5
-		xor	$acc3,$t0,$t0
-	ldw	12($key),$s3
-		_ror	$acc6,16,$acc6
-		xor	$acc4,$t1,$t1
-		_ror	$acc7,24,$acc7
-		xor	$acc5,$t1,$t1
-		_ror	$acc9,8,$acc9
-		xor	$acc6,$t1,$t1
-		_ror	$acc10,16,$acc10
-		xor	$acc7,$t1,$t1
-		_ror	$acc11,24,$acc11
-		xor	$acc8,$t2,$t2
-		_ror	$acc13,8,$acc13
-		xor	$acc9,$t2,$t2
-		_ror	$acc14,16,$acc14
-		xor	$acc10,$t2,$t2
-		_ror	$acc15,24,$acc15
-		xor	$acc11,$t2,$t2
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$t3,$t3
-	_srm	$t0,24,$acc0
-		xor	$acc14,$t3,$t3
-		xor	$acc15,$t3,$t3
-	_srm	$t3,16,$acc1
-
-	_srm	$t2,8,$acc2
-	ldbx	$acc0($rounds),$acc0
-	_srm	$t1,24,$acc4
-	ldbx	$acc1($rounds),$acc1
-	_srm	$t0,16,$acc5
-	_srm	$t1,0,$acc3
-	ldbx	$acc2($rounds),$acc2
-	ldbx	$acc3($rounds),$acc3
-	_srm	$t3,8,$acc6
-	ldbx	$acc4($rounds),$acc4
-	_srm	$t2,24,$acc8
-	ldbx	$acc5($rounds),$acc5
-	_srm	$t1,16,$acc9
-	_srm	$t2,0,$acc7
-	ldbx	$acc6($rounds),$acc6
-	ldbx	$acc7($rounds),$acc7
-	_srm	$t0,8,$acc10
-	ldbx	$acc8($rounds),$acc8
-	_srm	$t3,24,$acc12
-	ldbx	$acc9($rounds),$acc9
-	_srm	$t2,16,$acc13
-	_srm	$t3,0,$acc11
-	ldbx	$acc10($rounds),$acc10
-	_srm	$t1,8,$acc14
-	ldbx	$acc11($rounds),$acc11
-	ldbx	$acc12($rounds),$acc12
-	ldbx	$acc13($rounds),$acc13
-	_srm	$t0,0,$acc15
-	ldbx	$acc14($rounds),$acc14
-
-		dep	$acc0,7,8,$acc3
-	ldbx	$acc15($rounds),$acc15
-		dep	$acc4,7,8,$acc7
-		dep	$acc1,15,8,$acc3
-		dep	$acc5,15,8,$acc7
-		dep	$acc2,23,8,$acc3
-		dep	$acc6,23,8,$acc7
-		xor	$acc3,$s0,$s0
-		xor	$acc7,$s1,$s1
-		dep	$acc8,7,8,$acc11
-		dep	$acc12,7,8,$acc15
-		dep	$acc9,15,8,$acc11
-		dep	$acc13,15,8,$acc15
-		dep	$acc10,23,8,$acc11
-		dep	$acc14,23,8,$acc15
-		xor	$acc11,$s2,$s2
-
-	bv	(%r31)
-	.EXIT
-		xor	$acc15,$s3,$s3
-	.PROCEND
-
-	.ALIGN	64
-L\$AES_Td
-	.WORD	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
-	.WORD	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
-	.WORD	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
-	.WORD	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
-	.WORD	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
-	.WORD	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
-	.WORD	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
-	.WORD	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
-	.WORD	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
-	.WORD	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
-	.WORD	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
-	.WORD	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
-	.WORD	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
-	.WORD	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
-	.WORD	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
-	.WORD	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
-	.WORD	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
-	.WORD	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
-	.WORD	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
-	.WORD	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
-	.WORD	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
-	.WORD	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
-	.WORD	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
-	.WORD	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
-	.WORD	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
-	.WORD	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
-	.WORD	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
-	.WORD	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
-	.WORD	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
-	.WORD	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
-	.WORD	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
-	.WORD	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
-	.WORD	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
-	.WORD	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
-	.WORD	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
-	.WORD	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
-	.WORD	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
-	.WORD	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
-	.WORD	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
-	.WORD	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
-	.WORD	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
-	.WORD	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
-	.WORD	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
-	.WORD	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
-	.WORD	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
-	.WORD	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
-	.WORD	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
-	.WORD	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
-	.WORD	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
-	.WORD	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
-	.WORD	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
-	.WORD	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
-	.WORD	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
-	.WORD	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
-	.WORD	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
-	.WORD	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
-	.WORD	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
-	.WORD	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
-	.WORD	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
-	.WORD	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
-	.WORD	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
-	.WORD	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
-	.WORD	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
-	.WORD	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
-	.BYTE	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
-	.BYTE	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
-	.BYTE	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
-	.BYTE	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
-	.BYTE	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
-	.BYTE	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
-	.BYTE	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
-	.BYTE	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
-	.BYTE	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
-	.BYTE	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
-	.BYTE	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
-	.BYTE	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
-	.BYTE	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
-	.BYTE	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
-	.BYTE	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
-	.BYTE	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
-	.BYTE	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
-	.BYTE	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
-	.BYTE	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
-	.BYTE	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
-	.BYTE	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
-	.BYTE	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
-	.BYTE	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
-	.BYTE	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
-	.BYTE	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
-	.BYTE	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
-	.BYTE	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
-	.BYTE	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
-	.BYTE	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
-	.BYTE	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
-	.BYTE	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
-	.BYTE	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-	.STRINGZ "AES for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-foreach (split("\n",$code)) {
-	s/\`([^\`]*)\`/eval $1/ge;
-
-	# translate made up instructons: _ror, _srm
-	s/_ror(\s+)(%r[0-9]+),/shd$1$2,$2,/				or
-
-	s/_srm(\s+%r[0-9]+),([0-9]+),/
-		$SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2)
-		:            sprintf("extrd,u%s,%d,8,",$1,63-$2)/e;
-
-	s/,\*/,/			if ($SIZE_T==4);
-	s/\bbv\b(.*\(%r2\))/bve$1/	if ($SIZE_T==8);
-	print $_,"\n";
-}
-close STDOUT;
diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl
deleted file mode 100644
index 7c52cbe5f9..0000000000
--- a/crypto/aes/asm/aes-ppc.pl
+++ /dev/null
@@ -1,1365 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# Needs more work: key setup, CBC routine...
-#
-# ppc_AES_[en|de]crypt perform at 18 cycles per byte processed with
-# 128-bit key, which is ~40% better than 64-bit code generated by gcc
-# 4.0. But these are not the ones currently used! Their "compact"
-# counterparts are, for security reason. ppc_AES_encrypt_compact runs
-# at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact -
-# at 1/3 of ppc_AES_decrypt.
-
-# February 2010
-#
-# Rescheduling instructions to favour Power6 pipeline gave 10%
-# performance improvement on the platfrom in question (and marginal
-# improvement even on others). It should be noted that Power6 fails
-# to process byte in 18 cycles, only in 23, because it fails to issue
-# 4 load instructions in two cycles, only in 3. As result non-compact
-# block subroutines are 25% slower than one would expect. Compact
-# functions scale better, because they have pure computational part,
-# which scales perfectly with clock frequency. To be specific
-# ppc_AES_encrypt_compact operates at 42 cycles per byte, while
-# ppc_AES_decrypt_compact - at 55 (in 64-bit build).
-
-$flavour = shift;
-
-if ($flavour =~ /64/) {
-	$SIZE_T	=8;
-	$LRSAVE	=2*$SIZE_T;
-	$STU	="stdu";
-	$POP	="ld";
-	$PUSH	="std";
-} elsif ($flavour =~ /32/) {
-	$SIZE_T	=4;
-	$LRSAVE	=$SIZE_T;
-	$STU	="stwu";
-	$POP	="lwz";
-	$PUSH	="stw";
-} else { die "nonsense $flavour"; }
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
-die "can't locate ppc-xlate.pl";
-
-open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
-
-$FRAME=32*$SIZE_T;
-
-sub _data_word()
-{ my $i;
-    while(defined($i=shift)) { $code.=sprintf"\t.long\t0x%08x,0x%08x\n",$i,$i; }
-}
-
-$sp="r1";
-$toc="r2";
-$inp="r3";
-$out="r4";
-$key="r5";
-
-$Tbl0="r3";
-$Tbl1="r6";
-$Tbl2="r7";
-$Tbl3="r2";
-
-$s0="r8";
-$s1="r9";
-$s2="r10";
-$s3="r11";
-
-$t0="r12";
-$t1="r13";
-$t2="r14";
-$t3="r15";
-
-$acc00="r16";
-$acc01="r17";
-$acc02="r18";
-$acc03="r19";
-
-$acc04="r20";
-$acc05="r21";
-$acc06="r22";
-$acc07="r23";
-
-$acc08="r24";
-$acc09="r25";
-$acc10="r26";
-$acc11="r27";
-
-$acc12="r28";
-$acc13="r29";
-$acc14="r30";
-$acc15="r31";
-
-# stay away from TLS pointer
-if ($SIZE_T==8)	{ die if ($t1 ne "r13");  $t1="r0";		}
-else		{ die if ($Tbl3 ne "r2"); $Tbl3=$t0; $t0="r0";	}
-$mask80=$Tbl2;
-$mask1b=$Tbl3;
-
-$code.=<<___;
-.machine	"any"
-.text
-
-.align	7
-LAES_Te:
-	mflr	r0
-	bcl	20,31,\$+4
-	mflr	$Tbl0	;    vvvvv "distance" between . and 1st data entry
-	addi	$Tbl0,$Tbl0,`128-8`
-	mtlr	r0
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-	.space	`64-9*4`
-LAES_Td:
-	mflr	r0
-	bcl	20,31,\$+4
-	mflr	$Tbl0	;    vvvvvvvv "distance" between . and 1st data entry
-	addi	$Tbl0,$Tbl0,`128-64-8+2048+256`
-	mtlr	r0
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-	.space	`128-64-9*4`
-___
-&_data_word(
-	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
-	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
-	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
-	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
-	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
-	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
-	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
-	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
-	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
-	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
-	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
-	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
-	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
-	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
-	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
-	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
-	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
-	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
-	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
-	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
-	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
-	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
-	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
-	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
-	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
-	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
-	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
-	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
-	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
-	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
-	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
-	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
-	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
-	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
-	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
-	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
-	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
-	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
-	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
-	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
-	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
-	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
-	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
-	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
-	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
-	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
-	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
-	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
-	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
-	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
-	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
-	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
-	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
-	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
-	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
-	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
-	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
-	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
-	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
-	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
-	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
-	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
-	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
-	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a);
-$code.=<<___;
-.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
-.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
-.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
-.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
-.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
-.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
-.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
-.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
-.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
-.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
-.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
-.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
-.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
-.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
-.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
-.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
-.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
-.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
-.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
-.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
-.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
-.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
-.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
-.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
-.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
-.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
-.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
-.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
-.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
-.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
-.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
-.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-___
-&_data_word(
-	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
-	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
-	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
-	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
-	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
-	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
-	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
-	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
-	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
-	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
-	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
-	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
-	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
-	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
-	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
-	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
-	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
-	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
-	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
-	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
-	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
-	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
-	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
-	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
-	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
-	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
-	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
-	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
-	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
-	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
-	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
-	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
-	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
-	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
-	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
-	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
-	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
-	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
-	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
-	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
-	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
-	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
-	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
-	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
-	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
-	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
-	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
-	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
-	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
-	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
-	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
-	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
-	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
-	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
-	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
-	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
-	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
-	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
-	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
-	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
-	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
-	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
-	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
-	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742);
-$code.=<<___;
-.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
-.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
-.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
-.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
-.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
-.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
-.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
-.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
-.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
-.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
-.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
-.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
-.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
-.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
-.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
-.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
-.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
-.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
-.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
-.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
-.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
-.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
-.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
-.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
-.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
-.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
-.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
-.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
-.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
-.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
-.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
-.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-
-
-.globl	.AES_encrypt
-.align	7
-.AES_encrypt:
-	$STU	$sp,-$FRAME($sp)
-	mflr	r0
-
-	$PUSH	$toc,`$FRAME-$SIZE_T*20`($sp)
-	$PUSH	r13,`$FRAME-$SIZE_T*19`($sp)
-	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
-	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
-	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
-	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
-	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
-	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
-	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
-	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
-	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
-	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
-	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
-	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
-	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
-	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
-	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
-	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
-	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
-	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
-	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
-
-	andi.	$t0,$inp,3
-	andi.	$t1,$out,3
-	or.	$t0,$t0,$t1
-	bne	Lenc_unaligned
-
-Lenc_unaligned_ok:
-	lwz	$s0,0($inp)
-	lwz	$s1,4($inp)
-	lwz	$s2,8($inp)
-	lwz	$s3,12($inp)
-	bl	LAES_Te
-	bl	Lppc_AES_encrypt_compact
-	stw	$s0,0($out)
-	stw	$s1,4($out)
-	stw	$s2,8($out)
-	stw	$s3,12($out)
-	b	Lenc_done
-
-Lenc_unaligned:
-	subfic	$t0,$inp,4096
-	subfic	$t1,$out,4096
-	andi.	$t0,$t0,4096-16
-	beq	Lenc_xpage
-	andi.	$t1,$t1,4096-16
-	bne	Lenc_unaligned_ok
-
-Lenc_xpage:
-	lbz	$acc00,0($inp)
-	lbz	$acc01,1($inp)
-	lbz	$acc02,2($inp)
-	lbz	$s0,3($inp)
-	lbz	$acc04,4($inp)
-	lbz	$acc05,5($inp)
-	lbz	$acc06,6($inp)
-	lbz	$s1,7($inp)
-	lbz	$acc08,8($inp)
-	lbz	$acc09,9($inp)
-	lbz	$acc10,10($inp)
-	insrwi	$s0,$acc00,8,0
-	lbz	$s2,11($inp)
-	insrwi	$s1,$acc04,8,0
-	lbz	$acc12,12($inp)
-	insrwi	$s0,$acc01,8,8
-	lbz	$acc13,13($inp)
-	insrwi	$s1,$acc05,8,8
-	lbz	$acc14,14($inp)
-	insrwi	$s0,$acc02,8,16
-	lbz	$s3,15($inp)
-	insrwi	$s1,$acc06,8,16
-	insrwi	$s2,$acc08,8,0
-	insrwi	$s3,$acc12,8,0
-	insrwi	$s2,$acc09,8,8
-	insrwi	$s3,$acc13,8,8
-	insrwi	$s2,$acc10,8,16
-	insrwi	$s3,$acc14,8,16
-
-	bl	LAES_Te
-	bl	Lppc_AES_encrypt_compact
-
-	extrwi	$acc00,$s0,8,0
-	extrwi	$acc01,$s0,8,8
-	stb	$acc00,0($out)
-	extrwi	$acc02,$s0,8,16
-	stb	$acc01,1($out)
-	stb	$acc02,2($out)
-	extrwi	$acc04,$s1,8,0
-	stb	$s0,3($out)
-	extrwi	$acc05,$s1,8,8
-	stb	$acc04,4($out)
-	extrwi	$acc06,$s1,8,16
-	stb	$acc05,5($out)
-	stb	$acc06,6($out)
-	extrwi	$acc08,$s2,8,0
-	stb	$s1,7($out)
-	extrwi	$acc09,$s2,8,8
-	stb	$acc08,8($out)
-	extrwi	$acc10,$s2,8,16
-	stb	$acc09,9($out)
-	stb	$acc10,10($out)
-	extrwi	$acc12,$s3,8,0
-	stb	$s2,11($out)
-	extrwi	$acc13,$s3,8,8
-	stb	$acc12,12($out)
-	extrwi	$acc14,$s3,8,16
-	stb	$acc13,13($out)
-	stb	$acc14,14($out)
-	stb	$s3,15($out)
-
-Lenc_done:
-	$POP	r0,`$FRAME+$LRSAVE`($sp)
-	$POP	$toc,`$FRAME-$SIZE_T*20`($sp)
-	$POP	r13,`$FRAME-$SIZE_T*19`($sp)
-	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
-	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
-	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
-	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
-	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
-	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
-	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
-	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
-	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
-	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
-	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
-	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
-	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
-	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
-	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
-	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
-	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
-	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
-	mtlr	r0
-	addi	$sp,$sp,$FRAME
-	blr
-	.long	0
-	.byte	0,12,4,1,0x80,18,3,0
-	.long	0
-
-.align	5
-Lppc_AES_encrypt:
-	lwz	$acc00,240($key)
-	addi	$Tbl1,$Tbl0,3
-	lwz	$t0,0($key)
-	addi	$Tbl2,$Tbl0,2
-	lwz	$t1,4($key)
-	addi	$Tbl3,$Tbl0,1
-	lwz	$t2,8($key)
-	addi	$acc00,$acc00,-1
-	lwz	$t3,12($key)
-	addi	$key,$key,16
-	xor	$s0,$s0,$t0
-	xor	$s1,$s1,$t1
-	xor	$s2,$s2,$t2
-	xor	$s3,$s3,$t3
-	mtctr	$acc00
-.align	4
-Lenc_loop:
-	rlwinm	$acc00,$s0,`32-24+3`,21,28
-	rlwinm	$acc01,$s1,`32-24+3`,21,28
-	rlwinm	$acc02,$s2,`32-24+3`,21,28
-	rlwinm	$acc03,$s3,`32-24+3`,21,28
-	lwz	$t0,0($key)
-	rlwinm	$acc04,$s1,`32-16+3`,21,28
-	lwz	$t1,4($key)
-	rlwinm	$acc05,$s2,`32-16+3`,21,28
-	lwz	$t2,8($key)
-	rlwinm	$acc06,$s3,`32-16+3`,21,28
-	lwz	$t3,12($key)
-	rlwinm	$acc07,$s0,`32-16+3`,21,28
-	lwzx	$acc00,$Tbl0,$acc00
-	rlwinm	$acc08,$s2,`32-8+3`,21,28
-	lwzx	$acc01,$Tbl0,$acc01
-	rlwinm	$acc09,$s3,`32-8+3`,21,28
-	lwzx	$acc02,$Tbl0,$acc02
-	rlwinm	$acc10,$s0,`32-8+3`,21,28
-	lwzx	$acc03,$Tbl0,$acc03
-	rlwinm	$acc11,$s1,`32-8+3`,21,28
-	lwzx	$acc04,$Tbl1,$acc04
-	rlwinm	$acc12,$s3,`0+3`,21,28
-	lwzx	$acc05,$Tbl1,$acc05
-	rlwinm	$acc13,$s0,`0+3`,21,28
-	lwzx	$acc06,$Tbl1,$acc06
-	rlwinm	$acc14,$s1,`0+3`,21,28
-	lwzx	$acc07,$Tbl1,$acc07
-	rlwinm	$acc15,$s2,`0+3`,21,28
-	lwzx	$acc08,$Tbl2,$acc08
-	xor	$t0,$t0,$acc00
-	lwzx	$acc09,$Tbl2,$acc09
-	xor	$t1,$t1,$acc01
-	lwzx	$acc10,$Tbl2,$acc10
-	xor	$t2,$t2,$acc02
-	lwzx	$acc11,$Tbl2,$acc11
-	xor	$t3,$t3,$acc03
-	lwzx	$acc12,$Tbl3,$acc12
-	xor	$t0,$t0,$acc04
-	lwzx	$acc13,$Tbl3,$acc13
-	xor	$t1,$t1,$acc05
-	lwzx	$acc14,$Tbl3,$acc14
-	xor	$t2,$t2,$acc06
-	lwzx	$acc15,$Tbl3,$acc15
-	xor	$t3,$t3,$acc07
-	xor	$t0,$t0,$acc08
-	xor	$t1,$t1,$acc09
-	xor	$t2,$t2,$acc10
-	xor	$t3,$t3,$acc11
-	xor	$s0,$t0,$acc12
-	xor	$s1,$t1,$acc13
-	xor	$s2,$t2,$acc14
-	xor	$s3,$t3,$acc15
-	addi	$key,$key,16
-	bdnz-	Lenc_loop
-
-	addi	$Tbl2,$Tbl0,2048
-	nop
-	lwz	$t0,0($key)
-	rlwinm	$acc00,$s0,`32-24`,24,31
-	lwz	$t1,4($key)
-	rlwinm	$acc01,$s1,`32-24`,24,31
-	lwz	$t2,8($key)
-	rlwinm	$acc02,$s2,`32-24`,24,31
-	lwz	$t3,12($key)
-	rlwinm	$acc03,$s3,`32-24`,24,31
-	lwz	$acc08,`2048+0`($Tbl0)	! prefetch Te4
-	rlwinm	$acc04,$s1,`32-16`,24,31
-	lwz	$acc09,`2048+32`($Tbl0)
-	rlwinm	$acc05,$s2,`32-16`,24,31
-	lwz	$acc10,`2048+64`($Tbl0)
-	rlwinm	$acc06,$s3,`32-16`,24,31
-	lwz	$acc11,`2048+96`($Tbl0)
-	rlwinm	$acc07,$s0,`32-16`,24,31
-	lwz	$acc12,`2048+128`($Tbl0)
-	rlwinm	$acc08,$s2,`32-8`,24,31
-	lwz	$acc13,`2048+160`($Tbl0)
-	rlwinm	$acc09,$s3,`32-8`,24,31
-	lwz	$acc14,`2048+192`($Tbl0)
-	rlwinm	$acc10,$s0,`32-8`,24,31
-	lwz	$acc15,`2048+224`($Tbl0)
-	rlwinm	$acc11,$s1,`32-8`,24,31
-	lbzx	$acc00,$Tbl2,$acc00
-	rlwinm	$acc12,$s3,`0`,24,31
-	lbzx	$acc01,$Tbl2,$acc01
-	rlwinm	$acc13,$s0,`0`,24,31
-	lbzx	$acc02,$Tbl2,$acc02
-	rlwinm	$acc14,$s1,`0`,24,31
-	lbzx	$acc03,$Tbl2,$acc03
-	rlwinm	$acc15,$s2,`0`,24,31
-	lbzx	$acc04,$Tbl2,$acc04
-	rlwinm	$s0,$acc00,24,0,7
-	lbzx	$acc05,$Tbl2,$acc05
-	rlwinm	$s1,$acc01,24,0,7
-	lbzx	$acc06,$Tbl2,$acc06
-	rlwinm	$s2,$acc02,24,0,7
-	lbzx	$acc07,$Tbl2,$acc07
-	rlwinm	$s3,$acc03,24,0,7
-	lbzx	$acc08,$Tbl2,$acc08
-	rlwimi	$s0,$acc04,16,8,15
-	lbzx	$acc09,$Tbl2,$acc09
-	rlwimi	$s1,$acc05,16,8,15
-	lbzx	$acc10,$Tbl2,$acc10
-	rlwimi	$s2,$acc06,16,8,15
-	lbzx	$acc11,$Tbl2,$acc11
-	rlwimi	$s3,$acc07,16,8,15
-	lbzx	$acc12,$Tbl2,$acc12
-	rlwimi	$s0,$acc08,8,16,23
-	lbzx	$acc13,$Tbl2,$acc13
-	rlwimi	$s1,$acc09,8,16,23
-	lbzx	$acc14,$Tbl2,$acc14
-	rlwimi	$s2,$acc10,8,16,23
-	lbzx	$acc15,$Tbl2,$acc15
-	rlwimi	$s3,$acc11,8,16,23
-	or	$s0,$s0,$acc12
-	or	$s1,$s1,$acc13
-	or	$s2,$s2,$acc14
-	or	$s3,$s3,$acc15
-	xor	$s0,$s0,$t0
-	xor	$s1,$s1,$t1
-	xor	$s2,$s2,$t2
-	xor	$s3,$s3,$t3
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-
-.align	4
-Lppc_AES_encrypt_compact:
-	lwz	$acc00,240($key)
-	addi	$Tbl1,$Tbl0,2048
-	lwz	$t0,0($key)
-	lis	$mask80,0x8080
-	lwz	$t1,4($key)
-	lis	$mask1b,0x1b1b
-	lwz	$t2,8($key)
-	ori	$mask80,$mask80,0x8080
-	lwz	$t3,12($key)
-	ori	$mask1b,$mask1b,0x1b1b
-	addi	$key,$key,16
-	mtctr	$acc00
-.align	4
-Lenc_compact_loop:
-	xor	$s0,$s0,$t0
-	xor	$s1,$s1,$t1
-	rlwinm	$acc00,$s0,`32-24`,24,31
-	xor	$s2,$s2,$t2
-	rlwinm	$acc01,$s1,`32-24`,24,31
-	xor	$s3,$s3,$t3
-	rlwinm	$acc02,$s2,`32-24`,24,31
-	rlwinm	$acc03,$s3,`32-24`,24,31
-	rlwinm	$acc04,$s1,`32-16`,24,31
-	rlwinm	$acc05,$s2,`32-16`,24,31
-	rlwinm	$acc06,$s3,`32-16`,24,31
-	rlwinm	$acc07,$s0,`32-16`,24,31
-	lbzx	$acc00,$Tbl1,$acc00
-	rlwinm	$acc08,$s2,`32-8`,24,31
-	lbzx	$acc01,$Tbl1,$acc01
-	rlwinm	$acc09,$s3,`32-8`,24,31
-	lbzx	$acc02,$Tbl1,$acc02
-	rlwinm	$acc10,$s0,`32-8`,24,31
-	lbzx	$acc03,$Tbl1,$acc03
-	rlwinm	$acc11,$s1,`32-8`,24,31
-	lbzx	$acc04,$Tbl1,$acc04
-	rlwinm	$acc12,$s3,`0`,24,31
-	lbzx	$acc05,$Tbl1,$acc05
-	rlwinm	$acc13,$s0,`0`,24,31
-	lbzx	$acc06,$Tbl1,$acc06
-	rlwinm	$acc14,$s1,`0`,24,31
-	lbzx	$acc07,$Tbl1,$acc07
-	rlwinm	$acc15,$s2,`0`,24,31
-	lbzx	$acc08,$Tbl1,$acc08
-	rlwinm	$s0,$acc00,24,0,7
-	lbzx	$acc09,$Tbl1,$acc09
-	rlwinm	$s1,$acc01,24,0,7
-	lbzx	$acc10,$Tbl1,$acc10
-	rlwinm	$s2,$acc02,24,0,7
-	lbzx	$acc11,$Tbl1,$acc11
-	rlwinm	$s3,$acc03,24,0,7
-	lbzx	$acc12,$Tbl1,$acc12
-	rlwimi	$s0,$acc04,16,8,15
-	lbzx	$acc13,$Tbl1,$acc13
-	rlwimi	$s1,$acc05,16,8,15
-	lbzx	$acc14,$Tbl1,$acc14
-	rlwimi	$s2,$acc06,16,8,15
-	lbzx	$acc15,$Tbl1,$acc15
-	rlwimi	$s3,$acc07,16,8,15
-	rlwimi	$s0,$acc08,8,16,23
-	rlwimi	$s1,$acc09,8,16,23
-	rlwimi	$s2,$acc10,8,16,23
-	rlwimi	$s3,$acc11,8,16,23
-	lwz	$t0,0($key)
-	or	$s0,$s0,$acc12
-	lwz	$t1,4($key)
-	or	$s1,$s1,$acc13
-	lwz	$t2,8($key)
-	or	$s2,$s2,$acc14
-	lwz	$t3,12($key)
-	or	$s3,$s3,$acc15
-
-	addi	$key,$key,16
-	bdz	Lenc_compact_done
-
-	and	$acc00,$s0,$mask80	# r1=r0&0x80808080
-	and	$acc01,$s1,$mask80
-	and	$acc02,$s2,$mask80
-	and	$acc03,$s3,$mask80
-	srwi	$acc04,$acc00,7		# r1>>7
-	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
-	srwi	$acc05,$acc01,7
-	andc	$acc09,$s1,$mask80
-	srwi	$acc06,$acc02,7
-	andc	$acc10,$s2,$mask80
-	srwi	$acc07,$acc03,7
-	andc	$acc11,$s3,$mask80
-	sub	$acc00,$acc00,$acc04	# r1-(r1>>7)
-	sub	$acc01,$acc01,$acc05
-	sub	$acc02,$acc02,$acc06
-	sub	$acc03,$acc03,$acc07
-	add	$acc08,$acc08,$acc08	# (r0&0x7f7f7f7f)<<1
-	add	$acc09,$acc09,$acc09
-	add	$acc10,$acc10,$acc10
-	add	$acc11,$acc11,$acc11
-	and	$acc00,$acc00,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
-	and	$acc01,$acc01,$mask1b
-	and	$acc02,$acc02,$mask1b
-	and	$acc03,$acc03,$mask1b
-	xor	$acc00,$acc00,$acc08	# r2
-	xor	$acc01,$acc01,$acc09
-	 rotlwi	$acc12,$s0,16		# ROTATE(r0,16)
-	xor	$acc02,$acc02,$acc10
-	 rotlwi	$acc13,$s1,16
-	xor	$acc03,$acc03,$acc11
-	 rotlwi	$acc14,$s2,16
-
-	xor	$s0,$s0,$acc00		# r0^r2
-	rotlwi	$acc15,$s3,16
-	xor	$s1,$s1,$acc01
-	rotrwi	$s0,$s0,24		# ROTATE(r2^r0,24)
-	xor	$s2,$s2,$acc02
-	rotrwi	$s1,$s1,24
-	xor	$s3,$s3,$acc03
-	rotrwi	$s2,$s2,24
-	xor	$s0,$s0,$acc00		# ROTATE(r2^r0,24)^r2
-	rotrwi	$s3,$s3,24
-	xor	$s1,$s1,$acc01
-	xor	$s2,$s2,$acc02
-	xor	$s3,$s3,$acc03
-	rotlwi	$acc08,$acc12,8		# ROTATE(r0,24)
-	xor	$s0,$s0,$acc12		#
-	rotlwi	$acc09,$acc13,8
-	xor	$s1,$s1,$acc13
-	rotlwi	$acc10,$acc14,8
-	xor	$s2,$s2,$acc14
-	rotlwi	$acc11,$acc15,8
-	xor	$s3,$s3,$acc15
-	xor	$s0,$s0,$acc08		#
-	xor	$s1,$s1,$acc09
-	xor	$s2,$s2,$acc10
-	xor	$s3,$s3,$acc11
-
-	b	Lenc_compact_loop
-.align	4
-Lenc_compact_done:
-	xor	$s0,$s0,$t0
-	xor	$s1,$s1,$t1
-	xor	$s2,$s2,$t2
-	xor	$s3,$s3,$t3
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-
-.globl	.AES_decrypt
-.align	7
-.AES_decrypt:
-	$STU	$sp,-$FRAME($sp)
-	mflr	r0
-
-	$PUSH	$toc,`$FRAME-$SIZE_T*20`($sp)
-	$PUSH	r13,`$FRAME-$SIZE_T*19`($sp)
-	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
-	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
-	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
-	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
-	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
-	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
-	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
-	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
-	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
-	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
-	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
-	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
-	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
-	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
-	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
-	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
-	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
-	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
-	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
-
-	andi.	$t0,$inp,3
-	andi.	$t1,$out,3
-	or.	$t0,$t0,$t1
-	bne	Ldec_unaligned
-
-Ldec_unaligned_ok:
-	lwz	$s0,0($inp)
-	lwz	$s1,4($inp)
-	lwz	$s2,8($inp)
-	lwz	$s3,12($inp)
-	bl	LAES_Td
-	bl	Lppc_AES_decrypt_compact
-	stw	$s0,0($out)
-	stw	$s1,4($out)
-	stw	$s2,8($out)
-	stw	$s3,12($out)
-	b	Ldec_done
-
-Ldec_unaligned:
-	subfic	$t0,$inp,4096
-	subfic	$t1,$out,4096
-	andi.	$t0,$t0,4096-16
-	beq	Ldec_xpage
-	andi.	$t1,$t1,4096-16
-	bne	Ldec_unaligned_ok
-
-Ldec_xpage:
-	lbz	$acc00,0($inp)
-	lbz	$acc01,1($inp)
-	lbz	$acc02,2($inp)
-	lbz	$s0,3($inp)
-	lbz	$acc04,4($inp)
-	lbz	$acc05,5($inp)
-	lbz	$acc06,6($inp)
-	lbz	$s1,7($inp)
-	lbz	$acc08,8($inp)
-	lbz	$acc09,9($inp)
-	lbz	$acc10,10($inp)
-	insrwi	$s0,$acc00,8,0
-	lbz	$s2,11($inp)
-	insrwi	$s1,$acc04,8,0
-	lbz	$acc12,12($inp)
-	insrwi	$s0,$acc01,8,8
-	lbz	$acc13,13($inp)
-	insrwi	$s1,$acc05,8,8
-	lbz	$acc14,14($inp)
-	insrwi	$s0,$acc02,8,16
-	lbz	$s3,15($inp)
-	insrwi	$s1,$acc06,8,16
-	insrwi	$s2,$acc08,8,0
-	insrwi	$s3,$acc12,8,0
-	insrwi	$s2,$acc09,8,8
-	insrwi	$s3,$acc13,8,8
-	insrwi	$s2,$acc10,8,16
-	insrwi	$s3,$acc14,8,16
-
-	bl	LAES_Td
-	bl	Lppc_AES_decrypt_compact
-
-	extrwi	$acc00,$s0,8,0
-	extrwi	$acc01,$s0,8,8
-	stb	$acc00,0($out)
-	extrwi	$acc02,$s0,8,16
-	stb	$acc01,1($out)
-	stb	$acc02,2($out)
-	extrwi	$acc04,$s1,8,0
-	stb	$s0,3($out)
-	extrwi	$acc05,$s1,8,8
-	stb	$acc04,4($out)
-	extrwi	$acc06,$s1,8,16
-	stb	$acc05,5($out)
-	stb	$acc06,6($out)
-	extrwi	$acc08,$s2,8,0
-	stb	$s1,7($out)
-	extrwi	$acc09,$s2,8,8
-	stb	$acc08,8($out)
-	extrwi	$acc10,$s2,8,16
-	stb	$acc09,9($out)
-	stb	$acc10,10($out)
-	extrwi	$acc12,$s3,8,0
-	stb	$s2,11($out)
-	extrwi	$acc13,$s3,8,8
-	stb	$acc12,12($out)
-	extrwi	$acc14,$s3,8,16
-	stb	$acc13,13($out)
-	stb	$acc14,14($out)
-	stb	$s3,15($out)
-
-Ldec_done:
-	$POP	r0,`$FRAME+$LRSAVE`($sp)
-	$POP	$toc,`$FRAME-$SIZE_T*20`($sp)
-	$POP	r13,`$FRAME-$SIZE_T*19`($sp)
-	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
-	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
-	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
-	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
-	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
-	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
-	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
-	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
-	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
-	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
-	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
-	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
-	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
-	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
-	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
-	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
-	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
-	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
-	mtlr	r0
-	addi	$sp,$sp,$FRAME
-	blr
-	.long	0
-	.byte	0,12,4,1,0x80,18,3,0
-	.long	0
-
-.align	5
-Lppc_AES_decrypt:
-	lwz	$acc00,240($key)
-	addi	$Tbl1,$Tbl0,3
-	lwz	$t0,0($key)
-	addi	$Tbl2,$Tbl0,2
-	lwz	$t1,4($key)
-	addi	$Tbl3,$Tbl0,1
-	lwz	$t2,8($key)
-	addi	$acc00,$acc00,-1
-	lwz	$t3,12($key)
-	addi	$key,$key,16
-	xor	$s0,$s0,$t0
-	xor	$s1,$s1,$t1
-	xor	$s2,$s2,$t2
-	xor	$s3,$s3,$t3
-	mtctr	$acc00
-.align	4
-Ldec_loop:
-	rlwinm	$acc00,$s0,`32-24+3`,21,28
-	rlwinm	$acc01,$s1,`32-24+3`,21,28
-	rlwinm	$acc02,$s2,`32-24+3`,21,28
-	rlwinm	$acc03,$s3,`32-24+3`,21,28
-	lwz	$t0,0($key)
-	rlwinm	$acc04,$s3,`32-16+3`,21,28
-	lwz	$t1,4($key)
-	rlwinm	$acc05,$s0,`32-16+3`,21,28
-	lwz	$t2,8($key)
-	rlwinm	$acc06,$s1,`32-16+3`,21,28
-	lwz	$t3,12($key)
-	rlwinm	$acc07,$s2,`32-16+3`,21,28
-	lwzx	$acc00,$Tbl0,$acc00
-	rlwinm	$acc08,$s2,`32-8+3`,21,28
-	lwzx	$acc01,$Tbl0,$acc01
-	rlwinm	$acc09,$s3,`32-8+3`,21,28
-	lwzx	$acc02,$Tbl0,$acc02
-	rlwinm	$acc10,$s0,`32-8+3`,21,28
-	lwzx	$acc03,$Tbl0,$acc03
-	rlwinm	$acc11,$s1,`32-8+3`,21,28
-	lwzx	$acc04,$Tbl1,$acc04
-	rlwinm	$acc12,$s1,`0+3`,21,28
-	lwzx	$acc05,$Tbl1,$acc05
-	rlwinm	$acc13,$s2,`0+3`,21,28
-	lwzx	$acc06,$Tbl1,$acc06
-	rlwinm	$acc14,$s3,`0+3`,21,28
-	lwzx	$acc07,$Tbl1,$acc07
-	rlwinm	$acc15,$s0,`0+3`,21,28
-	lwzx	$acc08,$Tbl2,$acc08
-	xor	$t0,$t0,$acc00
-	lwzx	$acc09,$Tbl2,$acc09
-	xor	$t1,$t1,$acc01
-	lwzx	$acc10,$Tbl2,$acc10
-	xor	$t2,$t2,$acc02
-	lwzx	$acc11,$Tbl2,$acc11
-	xor	$t3,$t3,$acc03
-	lwzx	$acc12,$Tbl3,$acc12
-	xor	$t0,$t0,$acc04
-	lwzx	$acc13,$Tbl3,$acc13
-	xor	$t1,$t1,$acc05
-	lwzx	$acc14,$Tbl3,$acc14
-	xor	$t2,$t2,$acc06
-	lwzx	$acc15,$Tbl3,$acc15
-	xor	$t3,$t3,$acc07
-	xor	$t0,$t0,$acc08
-	xor	$t1,$t1,$acc09
-	xor	$t2,$t2,$acc10
-	xor	$t3,$t3,$acc11
-	xor	$s0,$t0,$acc12
-	xor	$s1,$t1,$acc13
-	xor	$s2,$t2,$acc14
-	xor	$s3,$t3,$acc15
-	addi	$key,$key,16
-	bdnz-	Ldec_loop
-
-	addi	$Tbl2,$Tbl0,2048
-	nop
-	lwz	$t0,0($key)
-	rlwinm	$acc00,$s0,`32-24`,24,31
-	lwz	$t1,4($key)
-	rlwinm	$acc01,$s1,`32-24`,24,31
-	lwz	$t2,8($key)
-	rlwinm	$acc02,$s2,`32-24`,24,31
-	lwz	$t3,12($key)
-	rlwinm	$acc03,$s3,`32-24`,24,31
-	lwz	$acc08,`2048+0`($Tbl0)	! prefetch Td4
-	rlwinm	$acc04,$s3,`32-16`,24,31
-	lwz	$acc09,`2048+32`($Tbl0)
-	rlwinm	$acc05,$s0,`32-16`,24,31
-	lwz	$acc10,`2048+64`($Tbl0)
-	lbzx	$acc00,$Tbl2,$acc00
-	lwz	$acc11,`2048+96`($Tbl0)
-	lbzx	$acc01,$Tbl2,$acc01
-	lwz	$acc12,`2048+128`($Tbl0)
-	rlwinm	$acc06,$s1,`32-16`,24,31
-	lwz	$acc13,`2048+160`($Tbl0)
-	rlwinm	$acc07,$s2,`32-16`,24,31
-	lwz	$acc14,`2048+192`($Tbl0)
-	rlwinm	$acc08,$s2,`32-8`,24,31
-	lwz	$acc15,`2048+224`($Tbl0)
-	rlwinm	$acc09,$s3,`32-8`,24,31
-	lbzx	$acc02,$Tbl2,$acc02
-	rlwinm	$acc10,$s0,`32-8`,24,31
-	lbzx	$acc03,$Tbl2,$acc03
-	rlwinm	$acc11,$s1,`32-8`,24,31
-	lbzx	$acc04,$Tbl2,$acc04
-	rlwinm	$acc12,$s1,`0`,24,31
-	lbzx	$acc05,$Tbl2,$acc05
-	rlwinm	$acc13,$s2,`0`,24,31
-	lbzx	$acc06,$Tbl2,$acc06
-	rlwinm	$acc14,$s3,`0`,24,31
-	lbzx	$acc07,$Tbl2,$acc07
-	rlwinm	$acc15,$s0,`0`,24,31
-	lbzx	$acc08,$Tbl2,$acc08
-	rlwinm	$s0,$acc00,24,0,7
-	lbzx	$acc09,$Tbl2,$acc09
-	rlwinm	$s1,$acc01,24,0,7
-	lbzx	$acc10,$Tbl2,$acc10
-	rlwinm	$s2,$acc02,24,0,7
-	lbzx	$acc11,$Tbl2,$acc11
-	rlwinm	$s3,$acc03,24,0,7
-	lbzx	$acc12,$Tbl2,$acc12
-	rlwimi	$s0,$acc04,16,8,15
-	lbzx	$acc13,$Tbl2,$acc13
-	rlwimi	$s1,$acc05,16,8,15
-	lbzx	$acc14,$Tbl2,$acc14
-	rlwimi	$s2,$acc06,16,8,15
-	lbzx	$acc15,$Tbl2,$acc15
-	rlwimi	$s3,$acc07,16,8,15
-	rlwimi	$s0,$acc08,8,16,23
-	rlwimi	$s1,$acc09,8,16,23
-	rlwimi	$s2,$acc10,8,16,23
-	rlwimi	$s3,$acc11,8,16,23
-	or	$s0,$s0,$acc12
-	or	$s1,$s1,$acc13
-	or	$s2,$s2,$acc14
-	or	$s3,$s3,$acc15
-	xor	$s0,$s0,$t0
-	xor	$s1,$s1,$t1
-	xor	$s2,$s2,$t2
-	xor	$s3,$s3,$t3
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-
-.align	4
-Lppc_AES_decrypt_compact:
-	lwz	$acc00,240($key)
-	addi	$Tbl1,$Tbl0,2048
-	lwz	$t0,0($key)
-	lis	$mask80,0x8080
-	lwz	$t1,4($key)
-	lis	$mask1b,0x1b1b
-	lwz	$t2,8($key)
-	ori	$mask80,$mask80,0x8080
-	lwz	$t3,12($key)
-	ori	$mask1b,$mask1b,0x1b1b
-	addi	$key,$key,16
-___
-$code.=<<___ if ($SIZE_T==8);
-	insrdi	$mask80,$mask80,32,0
-	insrdi	$mask1b,$mask1b,32,0
-___
-$code.=<<___;
-	mtctr	$acc00
-.align	4
-Ldec_compact_loop:
-	xor	$s0,$s0,$t0
-	xor	$s1,$s1,$t1
-	rlwinm	$acc00,$s0,`32-24`,24,31
-	xor	$s2,$s2,$t2
-	rlwinm	$acc01,$s1,`32-24`,24,31
-	xor	$s3,$s3,$t3
-	rlwinm	$acc02,$s2,`32-24`,24,31
-	rlwinm	$acc03,$s3,`32-24`,24,31
-	rlwinm	$acc04,$s3,`32-16`,24,31
-	rlwinm	$acc05,$s0,`32-16`,24,31
-	rlwinm	$acc06,$s1,`32-16`,24,31
-	rlwinm	$acc07,$s2,`32-16`,24,31
-	lbzx	$acc00,$Tbl1,$acc00
-	rlwinm	$acc08,$s2,`32-8`,24,31
-	lbzx	$acc01,$Tbl1,$acc01
-	rlwinm	$acc09,$s3,`32-8`,24,31
-	lbzx	$acc02,$Tbl1,$acc02
-	rlwinm	$acc10,$s0,`32-8`,24,31
-	lbzx	$acc03,$Tbl1,$acc03
-	rlwinm	$acc11,$s1,`32-8`,24,31
-	lbzx	$acc04,$Tbl1,$acc04
-	rlwinm	$acc12,$s1,`0`,24,31
-	lbzx	$acc05,$Tbl1,$acc05
-	rlwinm	$acc13,$s2,`0`,24,31
-	lbzx	$acc06,$Tbl1,$acc06
-	rlwinm	$acc14,$s3,`0`,24,31
-	lbzx	$acc07,$Tbl1,$acc07
-	rlwinm	$acc15,$s0,`0`,24,31
-	lbzx	$acc08,$Tbl1,$acc08
-	rlwinm	$s0,$acc00,24,0,7
-	lbzx	$acc09,$Tbl1,$acc09
-	rlwinm	$s1,$acc01,24,0,7
-	lbzx	$acc10,$Tbl1,$acc10
-	rlwinm	$s2,$acc02,24,0,7
-	lbzx	$acc11,$Tbl1,$acc11
-	rlwinm	$s3,$acc03,24,0,7
-	lbzx	$acc12,$Tbl1,$acc12
-	rlwimi	$s0,$acc04,16,8,15
-	lbzx	$acc13,$Tbl1,$acc13
-	rlwimi	$s1,$acc05,16,8,15
-	lbzx	$acc14,$Tbl1,$acc14
-	rlwimi	$s2,$acc06,16,8,15
-	lbzx	$acc15,$Tbl1,$acc15
-	rlwimi	$s3,$acc07,16,8,15
-	rlwimi	$s0,$acc08,8,16,23
-	rlwimi	$s1,$acc09,8,16,23
-	rlwimi	$s2,$acc10,8,16,23
-	rlwimi	$s3,$acc11,8,16,23
-	lwz	$t0,0($key)
-	or	$s0,$s0,$acc12
-	lwz	$t1,4($key)
-	or	$s1,$s1,$acc13
-	lwz	$t2,8($key)
-	or	$s2,$s2,$acc14
-	lwz	$t3,12($key)
-	or	$s3,$s3,$acc15
-
-	addi	$key,$key,16
-	bdz	Ldec_compact_done
-___
-$code.=<<___ if ($SIZE_T==8);
-	# vectorized permutation improves decrypt performance by 10%
-	insrdi	$s0,$s1,32,0
-	insrdi	$s2,$s3,32,0
-
-	and	$acc00,$s0,$mask80	# r1=r0&0x80808080
-	and	$acc02,$s2,$mask80
-	srdi	$acc04,$acc00,7		# r1>>7
-	srdi	$acc06,$acc02,7
-	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
-	andc	$acc10,$s2,$mask80
-	sub	$acc00,$acc00,$acc04	# r1-(r1>>7)
-	sub	$acc02,$acc02,$acc06
-	add	$acc08,$acc08,$acc08	# (r0&0x7f7f7f7f)<<1
-	add	$acc10,$acc10,$acc10
-	and	$acc00,$acc00,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
-	and	$acc02,$acc02,$mask1b
-	xor	$acc00,$acc00,$acc08	# r2
-	xor	$acc02,$acc02,$acc10
-
-	and	$acc04,$acc00,$mask80	# r1=r2&0x80808080
-	and	$acc06,$acc02,$mask80
-	srdi	$acc08,$acc04,7		# r1>>7
-	srdi	$acc10,$acc06,7
-	andc	$acc12,$acc00,$mask80	# r2&0x7f7f7f7f
-	andc	$acc14,$acc02,$mask80
-	sub	$acc04,$acc04,$acc08	# r1-(r1>>7)
-	sub	$acc06,$acc06,$acc10
-	add	$acc12,$acc12,$acc12	# (r2&0x7f7f7f7f)<<1
-	add	$acc14,$acc14,$acc14
-	and	$acc04,$acc04,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
-	and	$acc06,$acc06,$mask1b
-	xor	$acc04,$acc04,$acc12	# r4
-	xor	$acc06,$acc06,$acc14
-
-	and	$acc08,$acc04,$mask80	# r1=r4&0x80808080
-	and	$acc10,$acc06,$mask80
-	srdi	$acc12,$acc08,7		# r1>>7
-	srdi	$acc14,$acc10,7
-	sub	$acc08,$acc08,$acc12	# r1-(r1>>7)
-	sub	$acc10,$acc10,$acc14
-	andc	$acc12,$acc04,$mask80	# r4&0x7f7f7f7f
-	andc	$acc14,$acc06,$mask80
-	add	$acc12,$acc12,$acc12	# (r4&0x7f7f7f7f)<<1
-	add	$acc14,$acc14,$acc14
-	and	$acc08,$acc08,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
-	and	$acc10,$acc10,$mask1b
-	xor	$acc08,$acc08,$acc12	# r8
-	xor	$acc10,$acc10,$acc14
-
-	xor	$acc00,$acc00,$s0	# r2^r0
-	xor	$acc02,$acc02,$s2
-	xor	$acc04,$acc04,$s0	# r4^r0
-	xor	$acc06,$acc06,$s2
-
-	extrdi	$acc01,$acc00,32,0
-	extrdi	$acc03,$acc02,32,0
-	extrdi	$acc05,$acc04,32,0
-	extrdi	$acc07,$acc06,32,0
-	extrdi	$acc09,$acc08,32,0
-	extrdi	$acc11,$acc10,32,0
-___
-$code.=<<___ if ($SIZE_T==4);
-	and	$acc00,$s0,$mask80	# r1=r0&0x80808080
-	and	$acc01,$s1,$mask80
-	and	$acc02,$s2,$mask80
-	and	$acc03,$s3,$mask80
-	srwi	$acc04,$acc00,7		# r1>>7
-	andc	$acc08,$s0,$mask80	# r0&0x7f7f7f7f
-	srwi	$acc05,$acc01,7
-	andc	$acc09,$s1,$mask80
-	srwi	$acc06,$acc02,7
-	andc	$acc10,$s2,$mask80
-	srwi	$acc07,$acc03,7
-	andc	$acc11,$s3,$mask80
-	sub	$acc00,$acc00,$acc04	# r1-(r1>>7)
-	sub	$acc01,$acc01,$acc05
-	sub	$acc02,$acc02,$acc06
-	sub	$acc03,$acc03,$acc07
-	add	$acc08,$acc08,$acc08	# (r0&0x7f7f7f7f)<<1
-	add	$acc09,$acc09,$acc09
-	add	$acc10,$acc10,$acc10
-	add	$acc11,$acc11,$acc11
-	and	$acc00,$acc00,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
-	and	$acc01,$acc01,$mask1b
-	and	$acc02,$acc02,$mask1b
-	and	$acc03,$acc03,$mask1b
-	xor	$acc00,$acc00,$acc08	# r2
-	xor	$acc01,$acc01,$acc09
-	xor	$acc02,$acc02,$acc10
-	xor	$acc03,$acc03,$acc11
-
-	and	$acc04,$acc00,$mask80	# r1=r2&0x80808080
-	and	$acc05,$acc01,$mask80
-	and	$acc06,$acc02,$mask80
-	and	$acc07,$acc03,$mask80
-	srwi	$acc08,$acc04,7		# r1>>7
-	andc	$acc12,$acc00,$mask80	# r2&0x7f7f7f7f
-	srwi	$acc09,$acc05,7
-	andc	$acc13,$acc01,$mask80
-	srwi	$acc10,$acc06,7
-	andc	$acc14,$acc02,$mask80
-	srwi	$acc11,$acc07,7
-	andc	$acc15,$acc03,$mask80
-	sub	$acc04,$acc04,$acc08	# r1-(r1>>7)
-	sub	$acc05,$acc05,$acc09
-	sub	$acc06,$acc06,$acc10
-	sub	$acc07,$acc07,$acc11
-	add	$acc12,$acc12,$acc12	# (r2&0x7f7f7f7f)<<1
-	add	$acc13,$acc13,$acc13
-	add	$acc14,$acc14,$acc14
-	add	$acc15,$acc15,$acc15
-	and	$acc04,$acc04,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
-	and	$acc05,$acc05,$mask1b
-	and	$acc06,$acc06,$mask1b
-	and	$acc07,$acc07,$mask1b
-	xor	$acc04,$acc04,$acc12	# r4
-	xor	$acc05,$acc05,$acc13
-	xor	$acc06,$acc06,$acc14
-	xor	$acc07,$acc07,$acc15
-
-	and	$acc08,$acc04,$mask80	# r1=r4&0x80808080
-	and	$acc09,$acc05,$mask80
-	srwi	$acc12,$acc08,7		# r1>>7
-	and	$acc10,$acc06,$mask80
-	srwi	$acc13,$acc09,7
-	and	$acc11,$acc07,$mask80
-	srwi	$acc14,$acc10,7
-	sub	$acc08,$acc08,$acc12	# r1-(r1>>7)
-	srwi	$acc15,$acc11,7
-	sub	$acc09,$acc09,$acc13
-	sub	$acc10,$acc10,$acc14
-	sub	$acc11,$acc11,$acc15
-	andc	$acc12,$acc04,$mask80	# r4&0x7f7f7f7f
-	andc	$acc13,$acc05,$mask80
-	andc	$acc14,$acc06,$mask80
-	andc	$acc15,$acc07,$mask80
-	add	$acc12,$acc12,$acc12	# (r4&0x7f7f7f7f)<<1
-	add	$acc13,$acc13,$acc13
-	add	$acc14,$acc14,$acc14
-	add	$acc15,$acc15,$acc15
-	and	$acc08,$acc08,$mask1b	# (r1-(r1>>7))&0x1b1b1b1b
-	and	$acc09,$acc09,$mask1b
-	and	$acc10,$acc10,$mask1b
-	and	$acc11,$acc11,$mask1b
-	xor	$acc08,$acc08,$acc12	# r8
-	xor	$acc09,$acc09,$acc13
-	xor	$acc10,$acc10,$acc14
-	xor	$acc11,$acc11,$acc15
-
-	xor	$acc00,$acc00,$s0	# r2^r0
-	xor	$acc01,$acc01,$s1
-	xor	$acc02,$acc02,$s2
-	xor	$acc03,$acc03,$s3
-	xor	$acc04,$acc04,$s0	# r4^r0
-	xor	$acc05,$acc05,$s1
-	xor	$acc06,$acc06,$s2
-	xor	$acc07,$acc07,$s3
-___
-$code.=<<___;
-	rotrwi	$s0,$s0,8		# = ROTATE(r0,8)
-	rotrwi	$s1,$s1,8
-	xor	$s0,$s0,$acc00		# ^= r2^r0
-	rotrwi	$s2,$s2,8
-	xor	$s1,$s1,$acc01
-	rotrwi	$s3,$s3,8
-	xor	$s2,$s2,$acc02
-	xor	$s3,$s3,$acc03
-	xor	$acc00,$acc00,$acc08
-	xor	$acc01,$acc01,$acc09
-	xor	$acc02,$acc02,$acc10
-	xor	$acc03,$acc03,$acc11
-	xor	$s0,$s0,$acc04		# ^= r4^r0
-	rotrwi	$acc00,$acc00,24
-	xor	$s1,$s1,$acc05
-	rotrwi	$acc01,$acc01,24
-	xor	$s2,$s2,$acc06
-	rotrwi	$acc02,$acc02,24
-	xor	$s3,$s3,$acc07
-	rotrwi	$acc03,$acc03,24
-	xor	$acc04,$acc04,$acc08
-	xor	$acc05,$acc05,$acc09
-	xor	$acc06,$acc06,$acc10
-	xor	$acc07,$acc07,$acc11
-	xor	$s0,$s0,$acc08		# ^= r8 [^((r4^r0)^(r2^r0)=r4^r2)]
-	rotrwi	$acc04,$acc04,16
-	xor	$s1,$s1,$acc09
-	rotrwi	$acc05,$acc05,16
-	xor	$s2,$s2,$acc10
-	rotrwi	$acc06,$acc06,16
-	xor	$s3,$s3,$acc11
-	rotrwi	$acc07,$acc07,16
-	xor	$s0,$s0,$acc00		# ^= ROTATE(r8^r2^r0,24)
-	rotrwi	$acc08,$acc08,8
-	xor	$s1,$s1,$acc01
-	rotrwi	$acc09,$acc09,8
-	xor	$s2,$s2,$acc02
-	rotrwi	$acc10,$acc10,8
-	xor	$s3,$s3,$acc03
-	rotrwi	$acc11,$acc11,8
-	xor	$s0,$s0,$acc04		# ^= ROTATE(r8^r4^r0,16)
-	xor	$s1,$s1,$acc05
-	xor	$s2,$s2,$acc06
-	xor	$s3,$s3,$acc07
-	xor	$s0,$s0,$acc08		# ^= ROTATE(r8,8)	
-	xor	$s1,$s1,$acc09	
-	xor	$s2,$s2,$acc10	
-	xor	$s3,$s3,$acc11	
-
-	b	Ldec_compact_loop
-.align	4
-Ldec_compact_done:
-	xor	$s0,$s0,$t0
-	xor	$s1,$s1,$t1
-	xor	$s2,$s2,$t2
-	xor	$s3,$s3,$t3
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-
-.asciz	"AES for PPC, CRYPTOGAMS by <appro\@openssl.org>"
-.align	7
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
deleted file mode 100644
index e75dcd0315..0000000000
--- a/crypto/aes/asm/aes-s390x.pl
+++ /dev/null
@@ -1,2237 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# AES for s390x.
-
-# April 2007.
-#
-# Software performance improvement over gcc-generated code is ~70% and
-# in absolute terms is ~73 cycles per byte processed with 128-bit key.
-# You're likely to exclaim "why so slow?" Keep in mind that z-CPUs are
-# *strictly* in-order execution and issued instruction [in this case
-# load value from memory is critical] has to complete before execution
-# flow proceeds. S-boxes are compressed to 2KB[+256B].
-#
-# As for hardware acceleration support. It's basically a "teaser," as
-# it can and should be improved in several ways. Most notably support
-# for CBC is not utilized, nor multiple blocks are ever processed.
-# Then software key schedule can be postponed till hardware support
-# detection... Performance improvement over assembler is reportedly
-# ~2.5x, but can reach >8x [naturally on larger chunks] if proper
-# support is implemented.
-
-# May 2007.
-#
-# Implement AES_set_[en|de]crypt_key. Key schedule setup is avoided
-# for 128-bit keys, if hardware support is detected.
-
-# Januray 2009.
-#
-# Add support for hardware AES192/256 and reschedule instructions to
-# minimize/avoid Address Generation Interlock hazard and to favour
-# dual-issue z10 pipeline. This gave ~25% improvement on z10 and
-# almost 50% on z9. The gain is smaller on z10, because being dual-
-# issue z10 makes it improssible to eliminate the interlock condition:
-# critial path is not long enough. Yet it spends ~24 cycles per byte
-# processed with 128-bit key.
-#
-# Unlike previous version hardware support detection takes place only
-# at the moment of key schedule setup, which is denoted in key->rounds.
-# This is done, because deferred key setup can't be made MT-safe, not
-# for keys longer than 128 bits.
-#
-# Add AES_cbc_encrypt, which gives incredible performance improvement,
-# it was measured to be ~6.6x. It's less than previously mentioned 8x,
-# because software implementation was optimized.
-
-# May 2010.
-#
-# Add AES_ctr32_encrypt. If hardware-assisted, it provides up to 4.3x
-# performance improvement over "generic" counter mode routine relying
-# on single-block, also hardware-assisted, AES_encrypt. "Up to" refers
-# to the fact that exact throughput value depends on current stack
-# frame alignment within 4KB page. In worst case you get ~75% of the
-# maximum, but *on average* it would be as much as ~98%. Meaning that
-# worst case is unlike, it's like hitting ravine on plateau.
-
-# November 2010.
-#
-# Adapt for -m31 build. If kernel supports what's called "highgprs"
-# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
-# instructions and achieve "64-bit" performance even in 31-bit legacy
-# application context. The feature is not specific to any particular
-# processor, as long as it's "z-CPU". Latter implies that the code
-# remains z/Architecture specific. On z990 it was measured to perform
-# 2x better than code generated by gcc 4.3.
-
-# December 2010.
-#
-# Add support for z196 "cipher message with counter" instruction.
-# Note however that it's disengaged, because it was measured to
-# perform ~12% worse than vanilla km-based code...
-
-# February 2011.
-#
-# Add AES_xts_[en|de]crypt. This includes support for z196 km-xts-aes
-# instructions, which deliver ~70% improvement at 8KB block size over
-# vanilla km-based code, 37% - at most like 512-bytes block size.
-
-$flavour = shift;
-
-if ($flavour =~ /3[12]/) {
-	$SIZE_T=4;
-	$g="";
-} else {
-	$SIZE_T=8;
-	$g="g";
-}
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$softonly=0;	# allow hardware support
-
-$t0="%r0";	$mask="%r0";
-$t1="%r1";
-$t2="%r2";	$inp="%r2";
-$t3="%r3";	$out="%r3";	$bits="%r3";
-$key="%r4";
-$i1="%r5";
-$i2="%r6";
-$i3="%r7";
-$s0="%r8";
-$s1="%r9";
-$s2="%r10";
-$s3="%r11";
-$tbl="%r12";
-$rounds="%r13";
-$ra="%r14";
-$sp="%r15";
-
-$stdframe=16*$SIZE_T+4*8;
-
-sub _data_word()
-{ my $i;
-    while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
-}
-
-$code=<<___;
-.text
-
-.type	AES_Te,\@object
-.align	256
-AES_Te:
-___
-&_data_word(
-	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
-	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
-	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
-	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
-	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
-	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
-	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
-	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
-	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
-	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
-	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
-	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
-	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
-	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
-	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
-	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
-	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
-	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
-	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
-	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
-	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
-	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
-	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
-	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
-	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
-	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
-	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
-	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
-	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
-	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
-	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
-	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
-	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
-	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
-	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
-	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
-	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
-	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
-	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
-	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
-	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
-	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
-	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
-	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
-	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
-	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
-	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
-	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
-	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
-	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
-	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
-	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
-	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
-	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
-	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
-	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
-	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
-	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
-	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
-	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
-	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
-	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
-	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
-	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a);
-$code.=<<___;
-# Te4[256]
-.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
-.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
-.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
-.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
-.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
-.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
-.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
-.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
-.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
-.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
-.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
-.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
-.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
-.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
-.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
-.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
-.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
-.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
-.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
-.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
-.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
-.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
-.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
-.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
-.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
-.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
-.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
-.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
-.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
-.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
-.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
-.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-# rcon[]
-.long	0x01000000, 0x02000000, 0x04000000, 0x08000000
-.long	0x10000000, 0x20000000, 0x40000000, 0x80000000
-.long	0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
-.align	256
-.size	AES_Te,.-AES_Te
-
-# void AES_encrypt(const unsigned char *inp, unsigned char *out,
-# 		 const AES_KEY *key) {
-.globl	AES_encrypt
-.type	AES_encrypt,\@function
-AES_encrypt:
-___
-$code.=<<___ if (!$softonly);
-	l	%r0,240($key)
-	lhi	%r1,16
-	clr	%r0,%r1
-	jl	.Lesoft
-
-	la	%r1,0($key)
-	#la	%r2,0($inp)
-	la	%r4,0($out)
-	lghi	%r3,16		# single block length
-	.long	0xb92e0042	# km %r4,%r2
-	brc	1,.-4		# can this happen?
-	br	%r14
-.align	64
-.Lesoft:
-___
-$code.=<<___;
-	stm${g}	%r3,$ra,3*$SIZE_T($sp)
-
-	llgf	$s0,0($inp)
-	llgf	$s1,4($inp)
-	llgf	$s2,8($inp)
-	llgf	$s3,12($inp)
-
-	larl	$tbl,AES_Te
-	bras	$ra,_s390x_AES_encrypt
-
-	l${g}	$out,3*$SIZE_T($sp)
-	st	$s0,0($out)
-	st	$s1,4($out)
-	st	$s2,8($out)
-	st	$s3,12($out)
-
-	lm${g}	%r6,$ra,6*$SIZE_T($sp)
-	br	$ra
-.size	AES_encrypt,.-AES_encrypt
-
-.type   _s390x_AES_encrypt,\@function
-.align	16
-_s390x_AES_encrypt:
-	st${g}	$ra,15*$SIZE_T($sp)
-	x	$s0,0($key)
-	x	$s1,4($key)
-	x	$s2,8($key)
-	x	$s3,12($key)
-	l	$rounds,240($key)
-	llill	$mask,`0xff<<3`
-	aghi	$rounds,-1
-	j	.Lenc_loop
-.align	16
-.Lenc_loop:
-	sllg	$t1,$s0,`0+3`
-	srlg	$t2,$s0,`8-3`
-	srlg	$t3,$s0,`16-3`
-	srl	$s0,`24-3`
-	nr	$s0,$mask
-	ngr	$t1,$mask
-	nr	$t2,$mask
-	nr	$t3,$mask
-
-	srlg	$i1,$s1,`16-3`	# i0
-	sllg	$i2,$s1,`0+3`
-	srlg	$i3,$s1,`8-3`
-	srl	$s1,`24-3`
-	nr	$i1,$mask
-	nr	$s1,$mask
-	ngr	$i2,$mask
-	nr	$i3,$mask
-
-	l	$s0,0($s0,$tbl)	# Te0[s0>>24]
-	l	$t1,1($t1,$tbl)	# Te3[s0>>0]
-	l	$t2,2($t2,$tbl) # Te2[s0>>8]
-	l	$t3,3($t3,$tbl)	# Te1[s0>>16]
-
-	x	$s0,3($i1,$tbl)	# Te1[s1>>16]
-	l	$s1,0($s1,$tbl)	# Te0[s1>>24]
-	x	$t2,1($i2,$tbl)	# Te3[s1>>0]
-	x	$t3,2($i3,$tbl)	# Te2[s1>>8]
-
-	srlg	$i1,$s2,`8-3`	# i0
-	srlg	$i2,$s2,`16-3`	# i1
-	nr	$i1,$mask
-	nr	$i2,$mask
-	sllg	$i3,$s2,`0+3`
-	srl	$s2,`24-3`
-	nr	$s2,$mask
-	ngr	$i3,$mask
-
-	xr	$s1,$t1
-	srlg	$ra,$s3,`8-3`	# i1
-	sllg	$t1,$s3,`0+3`	# i0
-	nr	$ra,$mask
-	la	$key,16($key)
-	ngr	$t1,$mask
-
-	x	$s0,2($i1,$tbl)	# Te2[s2>>8]
-	x	$s1,3($i2,$tbl)	# Te1[s2>>16]
-	l	$s2,0($s2,$tbl)	# Te0[s2>>24]
-	x	$t3,1($i3,$tbl)	# Te3[s2>>0]
-
-	srlg	$i3,$s3,`16-3`	# i2
-	xr	$s2,$t2
-	srl	$s3,`24-3`
-	nr	$i3,$mask
-	nr	$s3,$mask
-
-	x	$s0,0($key)
-	x	$s1,4($key)
-	x	$s2,8($key)
-	x	$t3,12($key)
-
-	x	$s0,1($t1,$tbl)	# Te3[s3>>0]
-	x	$s1,2($ra,$tbl)	# Te2[s3>>8]
-	x	$s2,3($i3,$tbl)	# Te1[s3>>16]
-	l	$s3,0($s3,$tbl)	# Te0[s3>>24]
-	xr	$s3,$t3
-
-	brct	$rounds,.Lenc_loop
-	.align	16
-
-	sllg	$t1,$s0,`0+3`
-	srlg	$t2,$s0,`8-3`
-	ngr	$t1,$mask
-	srlg	$t3,$s0,`16-3`
-	srl	$s0,`24-3`
-	nr	$s0,$mask
-	nr	$t2,$mask
-	nr	$t3,$mask
-
-	srlg	$i1,$s1,`16-3`	# i0
-	sllg	$i2,$s1,`0+3`
-	ngr	$i2,$mask
-	srlg	$i3,$s1,`8-3`
-	srl	$s1,`24-3`
-	nr	$i1,$mask
-	nr	$s1,$mask
-	nr	$i3,$mask
-
-	llgc	$s0,2($s0,$tbl)	# Te4[s0>>24]
-	llgc	$t1,2($t1,$tbl)	# Te4[s0>>0]
-	sll	$s0,24
-	llgc	$t2,2($t2,$tbl)	# Te4[s0>>8]
-	llgc	$t3,2($t3,$tbl)	# Te4[s0>>16]
-	sll	$t2,8
-	sll	$t3,16
-
-	llgc	$i1,2($i1,$tbl)	# Te4[s1>>16]
-	llgc	$s1,2($s1,$tbl)	# Te4[s1>>24]
-	llgc	$i2,2($i2,$tbl)	# Te4[s1>>0]
-	llgc	$i3,2($i3,$tbl)	# Te4[s1>>8]
-	sll	$i1,16
-	sll	$s1,24
-	sll	$i3,8
-	or	$s0,$i1
-	or	$s1,$t1
-	or	$t2,$i2
-	or	$t3,$i3
-	
-	srlg	$i1,$s2,`8-3`	# i0
-	srlg	$i2,$s2,`16-3`	# i1
-	nr	$i1,$mask
-	nr	$i2,$mask
-	sllg	$i3,$s2,`0+3`
-	srl	$s2,`24-3`
-	ngr	$i3,$mask
-	nr	$s2,$mask
-
-	sllg	$t1,$s3,`0+3`	# i0
-	srlg	$ra,$s3,`8-3`	# i1
-	ngr	$t1,$mask
-
-	llgc	$i1,2($i1,$tbl)	# Te4[s2>>8]
-	llgc	$i2,2($i2,$tbl)	# Te4[s2>>16]
-	sll	$i1,8
-	llgc	$s2,2($s2,$tbl)	# Te4[s2>>24]
-	llgc	$i3,2($i3,$tbl)	# Te4[s2>>0]
-	sll	$i2,16
-	nr	$ra,$mask
-	sll	$s2,24
-	or	$s0,$i1
-	or	$s1,$i2
-	or	$s2,$t2
-	or	$t3,$i3
-
-	srlg	$i3,$s3,`16-3`	# i2
-	srl	$s3,`24-3`
-	nr	$i3,$mask
-	nr	$s3,$mask
-
-	l	$t0,16($key)
-	l	$t2,20($key)
-
-	llgc	$i1,2($t1,$tbl)	# Te4[s3>>0]
-	llgc	$i2,2($ra,$tbl)	# Te4[s3>>8]
-	llgc	$i3,2($i3,$tbl)	# Te4[s3>>16]
-	llgc	$s3,2($s3,$tbl)	# Te4[s3>>24]
-	sll	$i2,8
-	sll	$i3,16
-	sll	$s3,24
-	or	$s0,$i1
-	or	$s1,$i2
-	or	$s2,$i3
-	or	$s3,$t3
-
-	l${g}	$ra,15*$SIZE_T($sp)
-	xr	$s0,$t0
-	xr	$s1,$t2
-	x	$s2,24($key)
-	x	$s3,28($key)
-
-	br	$ra	
-.size	_s390x_AES_encrypt,.-_s390x_AES_encrypt
-___
-
-$code.=<<___;
-.type	AES_Td,\@object
-.align	256
-AES_Td:
-___
-&_data_word(
-	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
-	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
-	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
-	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
-	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
-	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
-	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
-	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
-	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
-	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
-	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
-	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
-	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
-	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
-	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
-	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
-	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
-	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
-	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
-	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
-	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
-	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
-	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
-	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
-	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
-	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
-	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
-	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
-	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
-	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
-	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
-	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
-	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
-	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
-	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
-	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
-	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
-	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
-	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
-	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
-	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
-	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
-	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
-	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
-	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
-	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
-	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
-	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
-	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
-	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
-	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
-	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
-	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
-	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
-	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
-	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
-	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
-	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
-	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
-	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
-	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
-	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
-	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
-	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742);
-$code.=<<___;
-# Td4[256]
-.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
-.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
-.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
-.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
-.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
-.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
-.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
-.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
-.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
-.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
-.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
-.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
-.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
-.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
-.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
-.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
-.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
-.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
-.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
-.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
-.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
-.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
-.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
-.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
-.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
-.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
-.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
-.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
-.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
-.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
-.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
-.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-.size	AES_Td,.-AES_Td
-
-# void AES_decrypt(const unsigned char *inp, unsigned char *out,
-# 		 const AES_KEY *key) {
-.globl	AES_decrypt
-.type	AES_decrypt,\@function
-AES_decrypt:
-___
-$code.=<<___ if (!$softonly);
-	l	%r0,240($key)
-	lhi	%r1,16
-	clr	%r0,%r1
-	jl	.Ldsoft
-
-	la	%r1,0($key)
-	#la	%r2,0($inp)
-	la	%r4,0($out)
-	lghi	%r3,16		# single block length
-	.long	0xb92e0042	# km %r4,%r2
-	brc	1,.-4		# can this happen?
-	br	%r14
-.align	64
-.Ldsoft:
-___
-$code.=<<___;
-	stm${g}	%r3,$ra,3*$SIZE_T($sp)
-
-	llgf	$s0,0($inp)
-	llgf	$s1,4($inp)
-	llgf	$s2,8($inp)
-	llgf	$s3,12($inp)
-
-	larl	$tbl,AES_Td
-	bras	$ra,_s390x_AES_decrypt
-
-	l${g}	$out,3*$SIZE_T($sp)
-	st	$s0,0($out)
-	st	$s1,4($out)
-	st	$s2,8($out)
-	st	$s3,12($out)
-
-	lm${g}	%r6,$ra,6*$SIZE_T($sp)
-	br	$ra
-.size	AES_decrypt,.-AES_decrypt
-
-.type   _s390x_AES_decrypt,\@function
-.align	16
-_s390x_AES_decrypt:
-	st${g}	$ra,15*$SIZE_T($sp)
-	x	$s0,0($key)
-	x	$s1,4($key)
-	x	$s2,8($key)
-	x	$s3,12($key)
-	l	$rounds,240($key)
-	llill	$mask,`0xff<<3`
-	aghi	$rounds,-1
-	j	.Ldec_loop
-.align	16
-.Ldec_loop:
-	srlg	$t1,$s0,`16-3`
-	srlg	$t2,$s0,`8-3`
-	sllg	$t3,$s0,`0+3`
-	srl	$s0,`24-3`
-	nr	$s0,$mask
-	nr	$t1,$mask
-	nr	$t2,$mask
-	ngr	$t3,$mask
-
-	sllg	$i1,$s1,`0+3`	# i0
-	srlg	$i2,$s1,`16-3`
-	srlg	$i3,$s1,`8-3`
-	srl	$s1,`24-3`
-	ngr	$i1,$mask
-	nr	$s1,$mask
-	nr	$i2,$mask
-	nr	$i3,$mask
-
-	l	$s0,0($s0,$tbl)	# Td0[s0>>24]
-	l	$t1,3($t1,$tbl)	# Td1[s0>>16]
-	l	$t2,2($t2,$tbl)	# Td2[s0>>8]
-	l	$t3,1($t3,$tbl)	# Td3[s0>>0]
-
-	x	$s0,1($i1,$tbl)	# Td3[s1>>0]
-	l	$s1,0($s1,$tbl)	# Td0[s1>>24]
-	x	$t2,3($i2,$tbl)	# Td1[s1>>16]
-	x	$t3,2($i3,$tbl)	# Td2[s1>>8]
-
-	srlg	$i1,$s2,`8-3`	# i0
-	sllg	$i2,$s2,`0+3`	# i1
-	srlg	$i3,$s2,`16-3`
-	srl	$s2,`24-3`
-	nr	$i1,$mask
-	ngr	$i2,$mask
-	nr	$s2,$mask
-	nr	$i3,$mask
-
-	xr	$s1,$t1
-	srlg	$ra,$s3,`8-3`	# i1
-	srlg	$t1,$s3,`16-3`	# i0
-	nr	$ra,$mask
-	la	$key,16($key)
-	nr	$t1,$mask
-
-	x	$s0,2($i1,$tbl)	# Td2[s2>>8]
-	x	$s1,1($i2,$tbl)	# Td3[s2>>0]
-	l	$s2,0($s2,$tbl)	# Td0[s2>>24]
-	x	$t3,3($i3,$tbl)	# Td1[s2>>16]
-
-	sllg	$i3,$s3,`0+3`	# i2
-	srl	$s3,`24-3`
-	ngr	$i3,$mask
-	nr	$s3,$mask
-
-	xr	$s2,$t2
-	x	$s0,0($key)
-	x	$s1,4($key)
-	x	$s2,8($key)
-	x	$t3,12($key)
-
-	x	$s0,3($t1,$tbl)	# Td1[s3>>16]
-	x	$s1,2($ra,$tbl)	# Td2[s3>>8]
-	x	$s2,1($i3,$tbl)	# Td3[s3>>0]
-	l	$s3,0($s3,$tbl)	# Td0[s3>>24]
-	xr	$s3,$t3
-
-	brct	$rounds,.Ldec_loop
-	.align	16
-
-	l	$t1,`2048+0`($tbl)	# prefetch Td4
-	l	$t2,`2048+64`($tbl)
-	l	$t3,`2048+128`($tbl)
-	l	$i1,`2048+192`($tbl)
-	llill	$mask,0xff
-
-	srlg	$i3,$s0,24	# i0
-	srlg	$t1,$s0,16
-	srlg	$t2,$s0,8
-	nr	$s0,$mask	# i3
-	nr	$t1,$mask
-
-	srlg	$i1,$s1,24
-	nr	$t2,$mask
-	srlg	$i2,$s1,16
-	srlg	$ra,$s1,8
-	nr	$s1,$mask	# i0
-	nr	$i2,$mask
-	nr	$ra,$mask
-
-	llgc	$i3,2048($i3,$tbl)	# Td4[s0>>24]
-	llgc	$t1,2048($t1,$tbl)	# Td4[s0>>16]
-	llgc	$t2,2048($t2,$tbl)	# Td4[s0>>8]
-	sll	$t1,16
-	llgc	$t3,2048($s0,$tbl)	# Td4[s0>>0]
-	sllg	$s0,$i3,24
-	sll	$t2,8
-
-	llgc	$s1,2048($s1,$tbl)	# Td4[s1>>0]
-	llgc	$i1,2048($i1,$tbl)	# Td4[s1>>24]
-	llgc	$i2,2048($i2,$tbl)	# Td4[s1>>16]
-	sll	$i1,24
-	llgc	$i3,2048($ra,$tbl)	# Td4[s1>>8]
-	sll	$i2,16
-	sll	$i3,8
-	or	$s0,$s1
-	or	$t1,$i1
-	or	$t2,$i2
-	or	$t3,$i3
-
-	srlg	$i1,$s2,8	# i0
-	srlg	$i2,$s2,24
-	srlg	$i3,$s2,16
-	nr	$s2,$mask	# i1
-	nr	$i1,$mask
-	nr	$i3,$mask
-	llgc	$i1,2048($i1,$tbl)	# Td4[s2>>8]
-	llgc	$s1,2048($s2,$tbl)	# Td4[s2>>0]
-	llgc	$i2,2048($i2,$tbl)	# Td4[s2>>24]
-	llgc	$i3,2048($i3,$tbl)	# Td4[s2>>16]
-	sll	$i1,8
-	sll	$i2,24
-	or	$s0,$i1
-	sll	$i3,16
-	or	$t2,$i2
-	or	$t3,$i3
-
-	srlg	$i1,$s3,16	# i0
-	srlg	$i2,$s3,8	# i1
-	srlg	$i3,$s3,24
-	nr	$s3,$mask	# i2
-	nr	$i1,$mask
-	nr	$i2,$mask
-
-	l${g}	$ra,15*$SIZE_T($sp)
-	or	$s1,$t1
-	l	$t0,16($key)
-	l	$t1,20($key)
-
-	llgc	$i1,2048($i1,$tbl)	# Td4[s3>>16]
-	llgc	$i2,2048($i2,$tbl)	# Td4[s3>>8]
-	sll	$i1,16
-	llgc	$s2,2048($s3,$tbl)	# Td4[s3>>0]
-	llgc	$s3,2048($i3,$tbl)	# Td4[s3>>24]
-	sll	$i2,8
-	sll	$s3,24
-	or	$s0,$i1
-	or	$s1,$i2
-	or	$s2,$t2
-	or	$s3,$t3
-
-	xr	$s0,$t0
-	xr	$s1,$t1
-	x	$s2,24($key)
-	x	$s3,28($key)
-
-	br	$ra	
-.size	_s390x_AES_decrypt,.-_s390x_AES_decrypt
-___
-
-$code.=<<___;
-# void AES_set_encrypt_key(const unsigned char *in, int bits,
-# 		 AES_KEY *key) {
-.globl	private_AES_set_encrypt_key
-.type	private_AES_set_encrypt_key,\@function
-.align	16
-private_AES_set_encrypt_key:
-_s390x_AES_set_encrypt_key:
-	lghi	$t0,0
-	cl${g}r	$inp,$t0
-	je	.Lminus1
-	cl${g}r	$key,$t0
-	je	.Lminus1
-
-	lghi	$t0,128
-	clr	$bits,$t0
-	je	.Lproceed
-	lghi	$t0,192
-	clr	$bits,$t0
-	je	.Lproceed
-	lghi	$t0,256
-	clr	$bits,$t0
-	je	.Lproceed
-	lghi	%r2,-2
-	br	%r14
-
-.align	16
-.Lproceed:
-___
-$code.=<<___ if (!$softonly);
-	# convert bits to km code, [128,192,256]->[18,19,20]
-	lhi	%r5,-128
-	lhi	%r0,18
-	ar	%r5,$bits
-	srl	%r5,6
-	ar	%r5,%r0
-
-	larl	%r1,OPENSSL_s390xcap_P
-	lg	%r0,0(%r1)
-	tmhl	%r0,0x4000	# check for message-security assist
-	jz	.Lekey_internal
-
-	lghi	%r0,0		# query capability vector
-	la	%r1,16($sp)
-	.long	0xb92f0042	# kmc %r4,%r2
-
-	llihh	%r1,0x8000
-	srlg	%r1,%r1,0(%r5)
-	ng	%r1,16($sp)
-	jz	.Lekey_internal
-
-	lmg	%r0,%r1,0($inp)	# just copy 128 bits...
-	stmg	%r0,%r1,0($key)
-	lhi	%r0,192
-	cr	$bits,%r0
-	jl	1f
-	lg	%r1,16($inp)
-	stg	%r1,16($key)
-	je	1f
-	lg	%r1,24($inp)
-	stg	%r1,24($key)
-1:	st	$bits,236($key)	# save bits [for debugging purposes]
-	lgr	$t0,%r5
-	st	%r5,240($key)	# save km code
-	lghi	%r2,0
-	br	%r14
-___
-$code.=<<___;
-.align	16
-.Lekey_internal:
-	stm${g}	%r4,%r13,4*$SIZE_T($sp)	# all non-volatile regs and $key
-
-	larl	$tbl,AES_Te+2048
-
-	llgf	$s0,0($inp)
-	llgf	$s1,4($inp)
-	llgf	$s2,8($inp)
-	llgf	$s3,12($inp)
-	st	$s0,0($key)
-	st	$s1,4($key)
-	st	$s2,8($key)
-	st	$s3,12($key)
-	lghi	$t0,128
-	cr	$bits,$t0
-	jne	.Lnot128
-
-	llill	$mask,0xff
-	lghi	$t3,0			# i=0
-	lghi	$rounds,10
-	st	$rounds,240($key)
-
-	llgfr	$t2,$s3			# temp=rk[3]
-	srlg	$i1,$s3,8
-	srlg	$i2,$s3,16
-	srlg	$i3,$s3,24
-	nr	$t2,$mask
-	nr	$i1,$mask
-	nr	$i2,$mask
-
-.align	16
-.L128_loop:
-	la	$t2,0($t2,$tbl)
-	la	$i1,0($i1,$tbl)
-	la	$i2,0($i2,$tbl)
-	la	$i3,0($i3,$tbl)
-	icm	$t2,2,0($t2)		# Te4[rk[3]>>0]<<8
-	icm	$t2,4,0($i1)		# Te4[rk[3]>>8]<<16
-	icm	$t2,8,0($i2)		# Te4[rk[3]>>16]<<24
-	icm	$t2,1,0($i3)		# Te4[rk[3]>>24]
-	x	$t2,256($t3,$tbl)	# rcon[i]
-	xr	$s0,$t2			# rk[4]=rk[0]^...
-	xr	$s1,$s0			# rk[5]=rk[1]^rk[4]
-	xr	$s2,$s1			# rk[6]=rk[2]^rk[5]
-	xr	$s3,$s2			# rk[7]=rk[3]^rk[6]
-
-	llgfr	$t2,$s3			# temp=rk[3]
-	srlg	$i1,$s3,8
-	srlg	$i2,$s3,16
-	nr	$t2,$mask
-	nr	$i1,$mask
-	srlg	$i3,$s3,24
-	nr	$i2,$mask
-
-	st	$s0,16($key)
-	st	$s1,20($key)
-	st	$s2,24($key)
-	st	$s3,28($key)
-	la	$key,16($key)		# key+=4
-	la	$t3,4($t3)		# i++
-	brct	$rounds,.L128_loop
-	lghi	$t0,10
-	lghi	%r2,0
-	lm${g}	%r4,%r13,4*$SIZE_T($sp)
-	br	$ra
-
-.align	16
-.Lnot128:
-	llgf	$t0,16($inp)
-	llgf	$t1,20($inp)
-	st	$t0,16($key)
-	st	$t1,20($key)
-	lghi	$t0,192
-	cr	$bits,$t0
-	jne	.Lnot192
-
-	llill	$mask,0xff
-	lghi	$t3,0			# i=0
-	lghi	$rounds,12
-	st	$rounds,240($key)
-	lghi	$rounds,8
-
-	srlg	$i1,$t1,8
-	srlg	$i2,$t1,16
-	srlg	$i3,$t1,24
-	nr	$t1,$mask
-	nr	$i1,$mask
-	nr	$i2,$mask
-
-.align	16
-.L192_loop:
-	la	$t1,0($t1,$tbl)
-	la	$i1,0($i1,$tbl)
-	la	$i2,0($i2,$tbl)
-	la	$i3,0($i3,$tbl)
-	icm	$t1,2,0($t1)		# Te4[rk[5]>>0]<<8
-	icm	$t1,4,0($i1)		# Te4[rk[5]>>8]<<16
-	icm	$t1,8,0($i2)		# Te4[rk[5]>>16]<<24
-	icm	$t1,1,0($i3)		# Te4[rk[5]>>24]
-	x	$t1,256($t3,$tbl)	# rcon[i]
-	xr	$s0,$t1			# rk[6]=rk[0]^...
-	xr	$s1,$s0			# rk[7]=rk[1]^rk[6]
-	xr	$s2,$s1			# rk[8]=rk[2]^rk[7]
-	xr	$s3,$s2			# rk[9]=rk[3]^rk[8]
-
-	st	$s0,24($key)
-	st	$s1,28($key)
-	st	$s2,32($key)
-	st	$s3,36($key)
-	brct	$rounds,.L192_continue
-	lghi	$t0,12
-	lghi	%r2,0
-	lm${g}	%r4,%r13,4*$SIZE_T($sp)
-	br	$ra
-
-.align	16
-.L192_continue:
-	lgr	$t1,$s3
-	x	$t1,16($key)		# rk[10]=rk[4]^rk[9]
-	st	$t1,40($key)
-	x	$t1,20($key)		# rk[11]=rk[5]^rk[10]
-	st	$t1,44($key)
-
-	srlg	$i1,$t1,8
-	srlg	$i2,$t1,16
-	srlg	$i3,$t1,24
-	nr	$t1,$mask
-	nr	$i1,$mask
-	nr	$i2,$mask
-
-	la	$key,24($key)		# key+=6
-	la	$t3,4($t3)		# i++
-	j	.L192_loop
-
-.align	16
-.Lnot192:
-	llgf	$t0,24($inp)
-	llgf	$t1,28($inp)
-	st	$t0,24($key)
-	st	$t1,28($key)
-	llill	$mask,0xff
-	lghi	$t3,0			# i=0
-	lghi	$rounds,14
-	st	$rounds,240($key)
-	lghi	$rounds,7
-
-	srlg	$i1,$t1,8
-	srlg	$i2,$t1,16
-	srlg	$i3,$t1,24
-	nr	$t1,$mask
-	nr	$i1,$mask
-	nr	$i2,$mask
-
-.align	16
-.L256_loop:
-	la	$t1,0($t1,$tbl)
-	la	$i1,0($i1,$tbl)
-	la	$i2,0($i2,$tbl)
-	la	$i3,0($i3,$tbl)
-	icm	$t1,2,0($t1)		# Te4[rk[7]>>0]<<8
-	icm	$t1,4,0($i1)		# Te4[rk[7]>>8]<<16
-	icm	$t1,8,0($i2)		# Te4[rk[7]>>16]<<24
-	icm	$t1,1,0($i3)		# Te4[rk[7]>>24]
-	x	$t1,256($t3,$tbl)	# rcon[i]
-	xr	$s0,$t1			# rk[8]=rk[0]^...
-	xr	$s1,$s0			# rk[9]=rk[1]^rk[8]
-	xr	$s2,$s1			# rk[10]=rk[2]^rk[9]
-	xr	$s3,$s2			# rk[11]=rk[3]^rk[10]
-	st	$s0,32($key)
-	st	$s1,36($key)
-	st	$s2,40($key)
-	st	$s3,44($key)
-	brct	$rounds,.L256_continue
-	lghi	$t0,14
-	lghi	%r2,0
-	lm${g}	%r4,%r13,4*$SIZE_T($sp)
-	br	$ra
-
-.align	16
-.L256_continue:
-	lgr	$t1,$s3			# temp=rk[11]
-	srlg	$i1,$s3,8
-	srlg	$i2,$s3,16
-	srlg	$i3,$s3,24
-	nr	$t1,$mask
-	nr	$i1,$mask
-	nr	$i2,$mask
-	la	$t1,0($t1,$tbl)
-	la	$i1,0($i1,$tbl)
-	la	$i2,0($i2,$tbl)
-	la	$i3,0($i3,$tbl)
-	llgc	$t1,0($t1)		# Te4[rk[11]>>0]
-	icm	$t1,2,0($i1)		# Te4[rk[11]>>8]<<8
-	icm	$t1,4,0($i2)		# Te4[rk[11]>>16]<<16
-	icm	$t1,8,0($i3)		# Te4[rk[11]>>24]<<24
-	x	$t1,16($key)		# rk[12]=rk[4]^...
-	st	$t1,48($key)
-	x	$t1,20($key)		# rk[13]=rk[5]^rk[12]
-	st	$t1,52($key)
-	x	$t1,24($key)		# rk[14]=rk[6]^rk[13]
-	st	$t1,56($key)
-	x	$t1,28($key)		# rk[15]=rk[7]^rk[14]
-	st	$t1,60($key)
-
-	srlg	$i1,$t1,8
-	srlg	$i2,$t1,16
-	srlg	$i3,$t1,24
-	nr	$t1,$mask
-	nr	$i1,$mask
-	nr	$i2,$mask
-
-	la	$key,32($key)		# key+=8
-	la	$t3,4($t3)		# i++
-	j	.L256_loop
-
-.Lminus1:
-	lghi	%r2,-1
-	br	$ra
-.size	private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
-
-# void AES_set_decrypt_key(const unsigned char *in, int bits,
-# 		 AES_KEY *key) {
-.globl	private_AES_set_decrypt_key
-.type	private_AES_set_decrypt_key,\@function
-.align	16
-private_AES_set_decrypt_key:
-	#st${g}	$key,4*$SIZE_T($sp)	# I rely on AES_set_encrypt_key to
-	st${g}	$ra,14*$SIZE_T($sp)	# save non-volatile registers and $key!
-	bras	$ra,_s390x_AES_set_encrypt_key
-	#l${g}	$key,4*$SIZE_T($sp)
-	l${g}	$ra,14*$SIZE_T($sp)
-	ltgr	%r2,%r2
-	bnzr	$ra
-___
-$code.=<<___ if (!$softonly);
-	#l	$t0,240($key)
-	lhi	$t1,16
-	cr	$t0,$t1
-	jl	.Lgo
-	oill	$t0,0x80	# set "decrypt" bit
-	st	$t0,240($key)
-	br	$ra
-___
-$code.=<<___;
-.align	16
-.Lgo:	lgr	$rounds,$t0	#llgf	$rounds,240($key)
-	la	$i1,0($key)
-	sllg	$i2,$rounds,4
-	la	$i2,0($i2,$key)
-	srl	$rounds,1
-	lghi	$t1,-16
-
-.align	16
-.Linv:	lmg	$s0,$s1,0($i1)
-	lmg	$s2,$s3,0($i2)
-	stmg	$s0,$s1,0($i2)
-	stmg	$s2,$s3,0($i1)
-	la	$i1,16($i1)
-	la	$i2,0($t1,$i2)
-	brct	$rounds,.Linv
-___
-$mask80=$i1;
-$mask1b=$i2;
-$maskfe=$i3;
-$code.=<<___;
-	llgf	$rounds,240($key)
-	aghi	$rounds,-1
-	sll	$rounds,2	# (rounds-1)*4
-	llilh	$mask80,0x8080
-	llilh	$mask1b,0x1b1b
-	llilh	$maskfe,0xfefe
-	oill	$mask80,0x8080
-	oill	$mask1b,0x1b1b
-	oill	$maskfe,0xfefe
-
-.align	16
-.Lmix:	l	$s0,16($key)	# tp1
-	lr	$s1,$s0
-	ngr	$s1,$mask80
-	srlg	$t1,$s1,7
-	slr	$s1,$t1
-	nr	$s1,$mask1b
-	sllg	$t1,$s0,1
-	nr	$t1,$maskfe
-	xr	$s1,$t1		# tp2
-
-	lr	$s2,$s1
-	ngr	$s2,$mask80
-	srlg	$t1,$s2,7
-	slr	$s2,$t1
-	nr	$s2,$mask1b
-	sllg	$t1,$s1,1
-	nr	$t1,$maskfe
-	xr	$s2,$t1		# tp4
-
-	lr	$s3,$s2
-	ngr	$s3,$mask80
-	srlg	$t1,$s3,7
-	slr	$s3,$t1
-	nr	$s3,$mask1b
-	sllg	$t1,$s2,1
-	nr	$t1,$maskfe
-	xr	$s3,$t1		# tp8
-
-	xr	$s1,$s0		# tp2^tp1
-	xr	$s2,$s0		# tp4^tp1
-	rll	$s0,$s0,24	# = ROTATE(tp1,8)
-	xr	$s2,$s3		# ^=tp8
-	xr	$s0,$s1		# ^=tp2^tp1
-	xr	$s1,$s3		# tp2^tp1^tp8
-	xr	$s0,$s2		# ^=tp4^tp1^tp8
-	rll	$s1,$s1,8
-	rll	$s2,$s2,16
-	xr	$s0,$s1		# ^= ROTATE(tp8^tp2^tp1,24)
-	rll	$s3,$s3,24
-	xr	$s0,$s2    	# ^= ROTATE(tp8^tp4^tp1,16)
-	xr	$s0,$s3		# ^= ROTATE(tp8,8)
-
-	st	$s0,16($key)
-	la	$key,4($key)
-	brct	$rounds,.Lmix
-
-	lm${g}	%r6,%r13,6*$SIZE_T($sp)# as was saved by AES_set_encrypt_key!
-	lghi	%r2,0
-	br	$ra
-.size	private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
-___
-
-########################################################################
-# void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-#                     size_t length, const AES_KEY *key,
-#                     unsigned char *ivec, const int enc)
-{
-my $inp="%r2";
-my $out="%r4";	# length and out are swapped
-my $len="%r3";
-my $key="%r5";
-my $ivp="%r6";
-
-$code.=<<___;
-.globl	AES_cbc_encrypt
-.type	AES_cbc_encrypt,\@function
-.align	16
-AES_cbc_encrypt:
-	xgr	%r3,%r4		# flip %r3 and %r4, out and len
-	xgr	%r4,%r3
-	xgr	%r3,%r4
-___
-$code.=<<___ if (!$softonly);
-	lhi	%r0,16
-	cl	%r0,240($key)
-	jh	.Lcbc_software
-
-	lg	%r0,0($ivp)	# copy ivec
-	lg	%r1,8($ivp)
-	stmg	%r0,%r1,16($sp)
-	lmg	%r0,%r1,0($key)	# copy key, cover 256 bit
-	stmg	%r0,%r1,32($sp)
-	lmg	%r0,%r1,16($key)
-	stmg	%r0,%r1,48($sp)
-	l	%r0,240($key)	# load kmc code
-	lghi	$key,15		# res=len%16, len-=res;
-	ngr	$key,$len
-	sl${g}r	$len,$key
-	la	%r1,16($sp)	# parameter block - ivec || key
-	jz	.Lkmc_truncated
-	.long	0xb92f0042	# kmc %r4,%r2
-	brc	1,.-4		# pay attention to "partial completion"
-	ltr	$key,$key
-	jnz	.Lkmc_truncated
-.Lkmc_done:
-	lmg	%r0,%r1,16($sp)	# copy ivec to caller
-	stg	%r0,0($ivp)
-	stg	%r1,8($ivp)
-	br	$ra
-.align	16
-.Lkmc_truncated:
-	ahi	$key,-1		# it's the way it's encoded in mvc
-	tmll	%r0,0x80
-	jnz	.Lkmc_truncated_dec
-	lghi	%r1,0
-	stg	%r1,16*$SIZE_T($sp)
-	stg	%r1,16*$SIZE_T+8($sp)
-	bras	%r1,1f
-	mvc	16*$SIZE_T(1,$sp),0($inp)
-1:	ex	$key,0(%r1)
-	la	%r1,16($sp)	# restore parameter block
-	la	$inp,16*$SIZE_T($sp)
-	lghi	$len,16
-	.long	0xb92f0042	# kmc %r4,%r2
-	j	.Lkmc_done
-.align	16
-.Lkmc_truncated_dec:
-	st${g}	$out,4*$SIZE_T($sp)
-	la	$out,16*$SIZE_T($sp)
-	lghi	$len,16
-	.long	0xb92f0042	# kmc %r4,%r2
-	l${g}	$out,4*$SIZE_T($sp)
-	bras	%r1,2f
-	mvc	0(1,$out),16*$SIZE_T($sp)
-2:	ex	$key,0(%r1)
-	j	.Lkmc_done
-.align	16
-.Lcbc_software:
-___
-$code.=<<___;
-	stm${g}	$key,$ra,5*$SIZE_T($sp)
-	lhi	%r0,0
-	cl	%r0,`$stdframe+$SIZE_T-4`($sp)
-	je	.Lcbc_decrypt
-
-	larl	$tbl,AES_Te
-
-	llgf	$s0,0($ivp)
-	llgf	$s1,4($ivp)
-	llgf	$s2,8($ivp)
-	llgf	$s3,12($ivp)
-
-	lghi	$t0,16
-	sl${g}r	$len,$t0
-	brc	4,.Lcbc_enc_tail	# if borrow
-.Lcbc_enc_loop:
-	stm${g}	$inp,$out,2*$SIZE_T($sp)
-	x	$s0,0($inp)
-	x	$s1,4($inp)
-	x	$s2,8($inp)
-	x	$s3,12($inp)
-	lgr	%r4,$key
-
-	bras	$ra,_s390x_AES_encrypt
-
-	lm${g}	$inp,$key,2*$SIZE_T($sp)
-	st	$s0,0($out)
-	st	$s1,4($out)
-	st	$s2,8($out)
-	st	$s3,12($out)
-
-	la	$inp,16($inp)
-	la	$out,16($out)
-	lghi	$t0,16
-	lt${g}r	$len,$len
-	jz	.Lcbc_enc_done
-	sl${g}r	$len,$t0
-	brc	4,.Lcbc_enc_tail	# if borrow
-	j	.Lcbc_enc_loop
-.align	16
-.Lcbc_enc_done:
-	l${g}	$ivp,6*$SIZE_T($sp)
-	st	$s0,0($ivp)
-	st	$s1,4($ivp)	
-	st	$s2,8($ivp)
-	st	$s3,12($ivp)
-
-	lm${g}	%r7,$ra,7*$SIZE_T($sp)
-	br	$ra
-
-.align	16
-.Lcbc_enc_tail:
-	aghi	$len,15
-	lghi	$t0,0
-	stg	$t0,16*$SIZE_T($sp)
-	stg	$t0,16*$SIZE_T+8($sp)
-	bras	$t1,3f
-	mvc	16*$SIZE_T(1,$sp),0($inp)
-3:	ex	$len,0($t1)
-	lghi	$len,0
-	la	$inp,16*$SIZE_T($sp)
-	j	.Lcbc_enc_loop
-
-.align	16
-.Lcbc_decrypt:
-	larl	$tbl,AES_Td
-
-	lg	$t0,0($ivp)
-	lg	$t1,8($ivp)
-	stmg	$t0,$t1,16*$SIZE_T($sp)
-
-.Lcbc_dec_loop:
-	stm${g}	$inp,$out,2*$SIZE_T($sp)
-	llgf	$s0,0($inp)
-	llgf	$s1,4($inp)
-	llgf	$s2,8($inp)
-	llgf	$s3,12($inp)
-	lgr	%r4,$key
-
-	bras	$ra,_s390x_AES_decrypt
-
-	lm${g}	$inp,$key,2*$SIZE_T($sp)
-	sllg	$s0,$s0,32
-	sllg	$s2,$s2,32
-	lr	$s0,$s1
-	lr	$s2,$s3
-
-	lg	$t0,0($inp)
-	lg	$t1,8($inp)
-	xg	$s0,16*$SIZE_T($sp)
-	xg	$s2,16*$SIZE_T+8($sp)
-	lghi	$s1,16
-	sl${g}r	$len,$s1
-	brc	4,.Lcbc_dec_tail	# if borrow
-	brc	2,.Lcbc_dec_done	# if zero
-	stg	$s0,0($out)
-	stg	$s2,8($out)
-	stmg	$t0,$t1,16*$SIZE_T($sp)
-
-	la	$inp,16($inp)
-	la	$out,16($out)
-	j	.Lcbc_dec_loop
-
-.Lcbc_dec_done:
-	stg	$s0,0($out)
-	stg	$s2,8($out)
-.Lcbc_dec_exit:
-	lm${g}	%r6,$ra,6*$SIZE_T($sp)
-	stmg	$t0,$t1,0($ivp)
-
-	br	$ra
-
-.align	16
-.Lcbc_dec_tail:
-	aghi	$len,15
-	stg	$s0,16*$SIZE_T($sp)
-	stg	$s2,16*$SIZE_T+8($sp)
-	bras	$s1,4f
-	mvc	0(1,$out),16*$SIZE_T($sp)
-4:	ex	$len,0($s1)
-	j	.Lcbc_dec_exit
-.size	AES_cbc_encrypt,.-AES_cbc_encrypt
-___
-}
-########################################################################
-# void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-#                     size_t blocks, const AES_KEY *key,
-#                     const unsigned char *ivec)
-{
-my $inp="%r2";
-my $out="%r4";	# blocks and out are swapped
-my $len="%r3";
-my $key="%r5";	my $iv0="%r5";
-my $ivp="%r6";
-my $fp ="%r7";
-
-$code.=<<___;
-.globl	AES_ctr32_encrypt
-.type	AES_ctr32_encrypt,\@function
-.align	16
-AES_ctr32_encrypt:
-	xgr	%r3,%r4		# flip %r3 and %r4, $out and $len
-	xgr	%r4,%r3
-	xgr	%r3,%r4
-	llgfr	$len,$len	# safe in ctr32 subroutine even in 64-bit case
-___
-$code.=<<___ if (!$softonly);
-	l	%r0,240($key)
-	lhi	%r1,16
-	clr	%r0,%r1
-	jl	.Lctr32_software
-
-	stm${g}	%r6,$s3,6*$SIZE_T($sp)
-
-	slgr	$out,$inp
-	la	%r1,0($key)	# %r1 is permanent copy of $key
-	lg	$iv0,0($ivp)	# load ivec
-	lg	$ivp,8($ivp)
-
-	# prepare and allocate stack frame at the top of 4K page
-	# with 1K reserved for eventual signal handling
-	lghi	$s0,-1024-256-16# guarantee at least 256-bytes buffer
-	lghi	$s1,-4096
-	algr	$s0,$sp
-	lgr	$fp,$sp
-	ngr	$s0,$s1		# align at page boundary
-	slgr	$fp,$s0		# total buffer size
-	lgr	$s2,$sp
-	lghi	$s1,1024+16	# sl[g]fi is extended-immediate facility
-	slgr	$fp,$s1		# deduct reservation to get usable buffer size
-	# buffer size is at lest 256 and at most 3072+256-16
-
-	la	$sp,1024($s0)	# alloca
-	srlg	$fp,$fp,4	# convert bytes to blocks, minimum 16
-	st${g}	$s2,0($sp)	# back-chain
-	st${g}	$fp,$SIZE_T($sp)
-
-	slgr	$len,$fp
-	brc	1,.Lctr32_hw_switch	# not zero, no borrow
-	algr	$fp,$len	# input is shorter than allocated buffer
-	lghi	$len,0
-	st${g}	$fp,$SIZE_T($sp)
-
-.Lctr32_hw_switch:
-___
-$code.=<<___ if (0);	######### kmctr code was measured to be ~12% slower
-	larl	$s0,OPENSSL_s390xcap_P
-	lg	$s0,8($s0)
-	tmhh	$s0,0x0004	# check for message_security-assist-4
-	jz	.Lctr32_km_loop
-
-	llgfr	$s0,%r0
-	lgr	$s1,%r1
-	lghi	%r0,0
-	la	%r1,16($sp)
-	.long	0xb92d2042	# kmctr %r4,%r2,%r2
-
-	llihh	%r0,0x8000	# check if kmctr supports the function code
-	srlg	%r0,%r0,0($s0)
-	ng	%r0,16($sp)
-	lgr	%r0,$s0
-	lgr	%r1,$s1
-	jz	.Lctr32_km_loop
-
-####### kmctr code
-	algr	$out,$inp	# restore $out
-	lgr	$s1,$len	# $s1 undertakes $len
-	j	.Lctr32_kmctr_loop
-.align	16
-.Lctr32_kmctr_loop:
-	la	$s2,16($sp)
-	lgr	$s3,$fp
-.Lctr32_kmctr_prepare:
-	stg	$iv0,0($s2)
-	stg	$ivp,8($s2)
-	la	$s2,16($s2)
-	ahi	$ivp,1		# 32-bit increment, preserves upper half
-	brct	$s3,.Lctr32_kmctr_prepare
-
-	#la	$inp,0($inp)	# inp
-	sllg	$len,$fp,4	# len
-	#la	$out,0($out)	# out
-	la	$s2,16($sp)	# iv
-	.long	0xb92da042	# kmctr $out,$s2,$inp
-	brc	1,.-4		# pay attention to "partial completion"
-
-	slgr	$s1,$fp
-	brc	1,.Lctr32_kmctr_loop	# not zero, no borrow
-	algr	$fp,$s1
-	lghi	$s1,0
-	brc	4+1,.Lctr32_kmctr_loop	# not zero
-
-	l${g}	$sp,0($sp)
-	lm${g}	%r6,$s3,6*$SIZE_T($sp)
-	br	$ra
-.align	16
-___
-$code.=<<___;
-.Lctr32_km_loop:
-	la	$s2,16($sp)
-	lgr	$s3,$fp
-.Lctr32_km_prepare:
-	stg	$iv0,0($s2)
-	stg	$ivp,8($s2)
-	la	$s2,16($s2)
-	ahi	$ivp,1		# 32-bit increment, preserves upper half
-	brct	$s3,.Lctr32_km_prepare
-
-	la	$s0,16($sp)	# inp
-	sllg	$s1,$fp,4	# len
-	la	$s2,16($sp)	# out
-	.long	0xb92e00a8	# km %r10,%r8
-	brc	1,.-4		# pay attention to "partial completion"
-
-	la	$s2,16($sp)
-	lgr	$s3,$fp
-	slgr	$s2,$inp
-.Lctr32_km_xor:
-	lg	$s0,0($inp)
-	lg	$s1,8($inp)
-	xg	$s0,0($s2,$inp)
-	xg	$s1,8($s2,$inp)
-	stg	$s0,0($out,$inp)
-	stg	$s1,8($out,$inp)
-	la	$inp,16($inp)
-	brct	$s3,.Lctr32_km_xor
-
-	slgr	$len,$fp
-	brc	1,.Lctr32_km_loop	# not zero, no borrow
-	algr	$fp,$len
-	lghi	$len,0
-	brc	4+1,.Lctr32_km_loop	# not zero
-
-	l${g}	$s0,0($sp)
-	l${g}	$s1,$SIZE_T($sp)
-	la	$s2,16($sp)
-.Lctr32_km_zap:
-	stg	$s0,0($s2)
-	stg	$s0,8($s2)
-	la	$s2,16($s2)
-	brct	$s1,.Lctr32_km_zap
-
-	la	$sp,0($s0)
-	lm${g}	%r6,$s3,6*$SIZE_T($sp)
-	br	$ra
-.align	16
-.Lctr32_software:
-___
-$code.=<<___;
-	stm${g}	$key,$ra,5*$SIZE_T($sp)
-	sl${g}r	$inp,$out
-	larl	$tbl,AES_Te
-	llgf	$t1,12($ivp)
-
-.Lctr32_loop:
-	stm${g}	$inp,$out,2*$SIZE_T($sp)
-	llgf	$s0,0($ivp)
-	llgf	$s1,4($ivp)
-	llgf	$s2,8($ivp)
-	lgr	$s3,$t1
-	st	$t1,16*$SIZE_T($sp)
-	lgr	%r4,$key
-
-	bras	$ra,_s390x_AES_encrypt
-
-	lm${g}	$inp,$ivp,2*$SIZE_T($sp)
-	llgf	$t1,16*$SIZE_T($sp)
-	x	$s0,0($inp,$out)
-	x	$s1,4($inp,$out)
-	x	$s2,8($inp,$out)
-	x	$s3,12($inp,$out)
-	stm	$s0,$s3,0($out)
-
-	la	$out,16($out)
-	ahi	$t1,1		# 32-bit increment
-	brct	$len,.Lctr32_loop
-
-	lm${g}	%r6,$ra,6*$SIZE_T($sp)
-	br	$ra
-.size	AES_ctr32_encrypt,.-AES_ctr32_encrypt
-___
-}
-
-########################################################################
-# void AES_xts_encrypt(const char *inp,char *out,size_t len,
-#	const AES_KEY *key1, const AES_KEY *key2,
-#	const unsigned char iv[16]);
-#
-{
-my $inp="%r2";
-my $out="%r4";	# len and out are swapped
-my $len="%r3";
-my $key1="%r5";	# $i1
-my $key2="%r6";	# $i2
-my $fp="%r7";	# $i3
-my $tweak=16*$SIZE_T+16;	# or $stdframe-16, bottom of the frame...
-
-$code.=<<___;
-.type	_s390x_xts_km,\@function
-.align	16
-_s390x_xts_km:
-___
-$code.=<<___ if(1);
-	llgfr	$s0,%r0			# put aside the function code
-	lghi	$s1,0x7f
-	nr	$s1,%r0
-	lghi	%r0,0			# query capability vector
-	la	%r1,$tweak-16($sp)
-	.long	0xb92e0042		# km %r4,%r2
-	llihh	%r1,0x8000
-	srlg	%r1,%r1,32($s1)		# check for 32+function code
-	ng	%r1,$tweak-16($sp)
-	lgr	%r0,$s0			# restore the function code
-	la	%r1,0($key1)		# restore $key1
-	jz	.Lxts_km_vanilla
-
-	lmg	$i2,$i3,$tweak($sp)	# put aside the tweak value
-	algr	$out,$inp
-
-	oill	%r0,32			# switch to xts function code
-	aghi	$s1,-18			#
-	sllg	$s1,$s1,3		# (function code - 18)*8, 0 or 16
-	la	%r1,$tweak-16($sp)
-	slgr	%r1,$s1			# parameter block position
-	lmg	$s0,$s3,0($key1)	# load 256 bits of key material,
-	stmg	$s0,$s3,0(%r1)		# and copy it to parameter block.
-					# yes, it contains junk and overlaps
-					# with the tweak in 128-bit case.
-					# it's done to avoid conditional
-					# branch.
-	stmg	$i2,$i3,$tweak($sp)	# "re-seat" the tweak value
-
-	.long	0xb92e0042		# km %r4,%r2
-	brc	1,.-4			# pay attention to "partial completion"
-
-	lrvg	$s0,$tweak+0($sp)	# load the last tweak
-	lrvg	$s1,$tweak+8($sp)
-	stmg	%r0,%r3,$tweak-32($sp)	# wipe copy of the key
-
-	nill	%r0,0xffdf		# switch back to original function code
-	la	%r1,0($key1)		# restore pointer to $key1
-	slgr	$out,$inp
-
-	llgc	$len,2*$SIZE_T-1($sp)
-	nill	$len,0x0f		# $len%=16
-	br	$ra
-	
-.align	16
-.Lxts_km_vanilla:
-___
-$code.=<<___;
-	# prepare and allocate stack frame at the top of 4K page
-	# with 1K reserved for eventual signal handling
-	lghi	$s0,-1024-256-16# guarantee at least 256-bytes buffer
-	lghi	$s1,-4096
-	algr	$s0,$sp
-	lgr	$fp,$sp
-	ngr	$s0,$s1		# align at page boundary
-	slgr	$fp,$s0		# total buffer size
-	lgr	$s2,$sp
-	lghi	$s1,1024+16	# sl[g]fi is extended-immediate facility
-	slgr	$fp,$s1		# deduct reservation to get usable buffer size
-	# buffer size is at lest 256 and at most 3072+256-16
-
-	la	$sp,1024($s0)	# alloca
-	nill	$fp,0xfff0	# round to 16*n
-	st${g}	$s2,0($sp)	# back-chain
-	nill	$len,0xfff0	# redundant
-	st${g}	$fp,$SIZE_T($sp)
-
-	slgr	$len,$fp
-	brc	1,.Lxts_km_go	# not zero, no borrow
-	algr	$fp,$len	# input is shorter than allocated buffer
-	lghi	$len,0
-	st${g}	$fp,$SIZE_T($sp)
-
-.Lxts_km_go:
-	lrvg	$s0,$tweak+0($s2)	# load the tweak value in little-endian
-	lrvg	$s1,$tweak+8($s2)
-
-	la	$s2,16($sp)		# vector of ascending tweak values
-	slgr	$s2,$inp
-	srlg	$s3,$fp,4
-	j	.Lxts_km_start
-
-.Lxts_km_loop:
-	la	$s2,16($sp)
-	slgr	$s2,$inp
-	srlg	$s3,$fp,4
-.Lxts_km_prepare:
-	lghi	$i1,0x87
-	srag	$i2,$s1,63		# broadcast upper bit
-	ngr	$i1,$i2			# rem
-	algr	$s0,$s0
-	alcgr	$s1,$s1
-	xgr	$s0,$i1
-.Lxts_km_start:
-	lrvgr	$i1,$s0			# flip byte order
-	lrvgr	$i2,$s1
-	stg	$i1,0($s2,$inp)
-	stg	$i2,8($s2,$inp)
-	xg	$i1,0($inp)
-	xg	$i2,8($inp)
-	stg	$i1,0($out,$inp)
-	stg	$i2,8($out,$inp)
-	la	$inp,16($inp)
-	brct	$s3,.Lxts_km_prepare
-
-	slgr	$inp,$fp		# rewind $inp
-	la	$s2,0($out,$inp)
-	lgr	$s3,$fp
-	.long	0xb92e00aa		# km $s2,$s2
-	brc	1,.-4			# pay attention to "partial completion"
-
-	la	$s2,16($sp)
-	slgr	$s2,$inp
-	srlg	$s3,$fp,4
-.Lxts_km_xor:
-	lg	$i1,0($out,$inp)
-	lg	$i2,8($out,$inp)
-	xg	$i1,0($s2,$inp)
-	xg	$i2,8($s2,$inp)
-	stg	$i1,0($out,$inp)
-	stg	$i2,8($out,$inp)
-	la	$inp,16($inp)
-	brct	$s3,.Lxts_km_xor
-
-	slgr	$len,$fp
-	brc	1,.Lxts_km_loop		# not zero, no borrow
-	algr	$fp,$len
-	lghi	$len,0
-	brc	4+1,.Lxts_km_loop	# not zero
-
-	l${g}	$i1,0($sp)		# back-chain
-	llgf	$fp,`2*$SIZE_T-4`($sp)	# bytes used
-	la	$i2,16($sp)
-	srlg	$fp,$fp,4
-.Lxts_km_zap:
-	stg	$i1,0($i2)
-	stg	$i1,8($i2)
-	la	$i2,16($i2)
-	brct	$fp,.Lxts_km_zap
-
-	la	$sp,0($i1)
-	llgc	$len,2*$SIZE_T-1($i1)
-	nill	$len,0x0f		# $len%=16
-	bzr	$ra
-
-	# generate one more tweak...
-	lghi	$i1,0x87
-	srag	$i2,$s1,63		# broadcast upper bit
-	ngr	$i1,$i2			# rem
-	algr	$s0,$s0
-	alcgr	$s1,$s1
-	xgr	$s0,$i1
-
-	ltr	$len,$len		# clear zero flag
-	br	$ra
-.size	_s390x_xts_km,.-_s390x_xts_km
-
-.globl	AES_xts_encrypt
-.type	AES_xts_encrypt,\@function
-.align	16
-AES_xts_encrypt:
-	xgr	%r3,%r4			# flip %r3 and %r4, $out and $len
-	xgr	%r4,%r3
-	xgr	%r3,%r4
-___
-$code.=<<___ if ($SIZE_T==4);
-	llgfr	$len,$len
-___
-$code.=<<___;
-	st${g}	$len,1*$SIZE_T($sp)	# save copy of $len
-	srag	$len,$len,4		# formally wrong, because it expands
-					# sign byte, but who can afford asking
-					# to process more than 2^63-1 bytes?
-					# I use it, because it sets condition
-					# code...
-	bcr	8,$ra			# abort if zero (i.e. less than 16)
-___
-$code.=<<___ if (!$softonly);
-	llgf	%r0,240($key2)
-	lhi	%r1,16
-	clr	%r0,%r1
-	jl	.Lxts_enc_software
-
-	st${g}	$ra,5*$SIZE_T($sp)
-	stm${g}	%r6,$s3,6*$SIZE_T($sp)
-
-	sllg	$len,$len,4		# $len&=~15
-	slgr	$out,$inp
-
-	# generate the tweak value
-	l${g}	$s3,$stdframe($sp)	# pointer to iv
-	la	$s2,$tweak($sp)
-	lmg	$s0,$s1,0($s3)
-	lghi	$s3,16
-	stmg	$s0,$s1,0($s2)
-	la	%r1,0($key2)		# $key2 is not needed anymore
-	.long	0xb92e00aa		# km $s2,$s2, generate the tweak
-	brc	1,.-4			# can this happen?
-
-	l	%r0,240($key1)
-	la	%r1,0($key1)		# $key1 is not needed anymore
-	bras	$ra,_s390x_xts_km
-	jz	.Lxts_enc_km_done
-
-	aghi	$inp,-16		# take one step back
-	la	$i3,0($out,$inp)	# put aside real $out
-.Lxts_enc_km_steal:
-	llgc	$i1,16($inp)
-	llgc	$i2,0($out,$inp)
-	stc	$i1,0($out,$inp)
-	stc	$i2,16($out,$inp)
-	la	$inp,1($inp)
-	brct	$len,.Lxts_enc_km_steal
-
-	la	$s2,0($i3)
-	lghi	$s3,16
-	lrvgr	$i1,$s0			# flip byte order
-	lrvgr	$i2,$s1
-	xg	$i1,0($s2)
-	xg	$i2,8($s2)
-	stg	$i1,0($s2)
-	stg	$i2,8($s2)
-	.long	0xb92e00aa		# km $s2,$s2
-	brc	1,.-4			# can this happen?
-	lrvgr	$i1,$s0			# flip byte order
-	lrvgr	$i2,$s1
-	xg	$i1,0($i3)
-	xg	$i2,8($i3)
-	stg	$i1,0($i3)
-	stg	$i2,8($i3)
-
-.Lxts_enc_km_done:
-	stg	$sp,$tweak+0($sp)	# wipe tweak
-	stg	$sp,$tweak+8($sp)
-	l${g}	$ra,5*$SIZE_T($sp)
-	lm${g}	%r6,$s3,6*$SIZE_T($sp)
-	br	$ra
-.align	16
-.Lxts_enc_software:
-___
-$code.=<<___;
-	stm${g}	%r6,$ra,6*$SIZE_T($sp)
-
-	slgr	$out,$inp
-
-	l${g}	$s3,$stdframe($sp)	# ivp
-	llgf	$s0,0($s3)		# load iv
-	llgf	$s1,4($s3)
-	llgf	$s2,8($s3)
-	llgf	$s3,12($s3)
-	stm${g}	%r2,%r5,2*$SIZE_T($sp)
-	la	$key,0($key2)
-	larl	$tbl,AES_Te
-	bras	$ra,_s390x_AES_encrypt	# generate the tweak
-	lm${g}	%r2,%r5,2*$SIZE_T($sp)
-	stm	$s0,$s3,$tweak($sp)	# save the tweak
-	j	.Lxts_enc_enter
-
-.align	16
-.Lxts_enc_loop:
-	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
-	lrvg	$s3,$tweak+8($sp)
-	lghi	%r1,0x87
-	srag	%r0,$s3,63		# broadcast upper bit
-	ngr	%r1,%r0			# rem
-	algr	$s1,$s1
-	alcgr	$s3,$s3
-	xgr	$s1,%r1
-	lrvgr	$s1,$s1			# flip byte order
-	lrvgr	$s3,$s3
-	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits 
-	stg	$s1,$tweak+0($sp)	# save the tweak
-	llgfr	$s1,$s1
-	srlg	$s2,$s3,32
-	stg	$s3,$tweak+8($sp)
-	llgfr	$s3,$s3
-	la	$inp,16($inp)		# $inp+=16
-.Lxts_enc_enter:
-	x	$s0,0($inp)		# ^=*($inp)
-	x	$s1,4($inp)
-	x	$s2,8($inp)
-	x	$s3,12($inp)
-	stm${g}	%r2,%r3,2*$SIZE_T($sp)	# only two registers are changing
-	la	$key,0($key1)
-	bras	$ra,_s390x_AES_encrypt
-	lm${g}	%r2,%r5,2*$SIZE_T($sp)
-	x	$s0,$tweak+0($sp)	# ^=tweak
-	x	$s1,$tweak+4($sp)
-	x	$s2,$tweak+8($sp)
-	x	$s3,$tweak+12($sp)
-	st	$s0,0($out,$inp)
-	st	$s1,4($out,$inp)
-	st	$s2,8($out,$inp)
-	st	$s3,12($out,$inp)
-	brct${g}	$len,.Lxts_enc_loop
-
-	llgc	$len,`2*$SIZE_T-1`($sp)
-	nill	$len,0x0f		# $len%16
-	jz	.Lxts_enc_done
-
-	la	$i3,0($inp,$out)	# put aside real $out
-.Lxts_enc_steal:
-	llgc	%r0,16($inp)
-	llgc	%r1,0($out,$inp)
-	stc	%r0,0($out,$inp)
-	stc	%r1,16($out,$inp)
-	la	$inp,1($inp)
-	brct	$len,.Lxts_enc_steal
-	la	$out,0($i3)		# restore real $out
-
-	# generate last tweak...
-	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
-	lrvg	$s3,$tweak+8($sp)
-	lghi	%r1,0x87
-	srag	%r0,$s3,63		# broadcast upper bit
-	ngr	%r1,%r0			# rem
-	algr	$s1,$s1
-	alcgr	$s3,$s3
-	xgr	$s1,%r1
-	lrvgr	$s1,$s1			# flip byte order
-	lrvgr	$s3,$s3
-	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits 
-	stg	$s1,$tweak+0($sp)	# save the tweak
-	llgfr	$s1,$s1
-	srlg	$s2,$s3,32
-	stg	$s3,$tweak+8($sp)
-	llgfr	$s3,$s3
-
-	x	$s0,0($out)		# ^=*(inp)|stolen cipther-text
-	x	$s1,4($out)
-	x	$s2,8($out)
-	x	$s3,12($out)
-	st${g}	$out,4*$SIZE_T($sp)
-	la	$key,0($key1)
-	bras	$ra,_s390x_AES_encrypt
-	l${g}	$out,4*$SIZE_T($sp)
-	x	$s0,`$tweak+0`($sp)	# ^=tweak
-	x	$s1,`$tweak+4`($sp)
-	x	$s2,`$tweak+8`($sp)
-	x	$s3,`$tweak+12`($sp)
-	st	$s0,0($out)
-	st	$s1,4($out)
-	st	$s2,8($out)
-	st	$s3,12($out)
-
-.Lxts_enc_done:
-	stg	$sp,$tweak+0($sp)	# wipe tweak
-	stg	$sp,$twesk+8($sp)
-	lm${g}	%r6,$ra,6*$SIZE_T($sp)
-	br	$ra
-.size	AES_xts_encrypt,.-AES_xts_encrypt
-___
-# void AES_xts_decrypt(const char *inp,char *out,size_t len,
-#	const AES_KEY *key1, const AES_KEY *key2,
-#	const unsigned char iv[16]);
-#
-$code.=<<___;
-.globl	AES_xts_decrypt
-.type	AES_xts_decrypt,\@function
-.align	16
-AES_xts_decrypt:
-	xgr	%r3,%r4			# flip %r3 and %r4, $out and $len
-	xgr	%r4,%r3
-	xgr	%r3,%r4
-___
-$code.=<<___ if ($SIZE_T==4);
-	llgfr	$len,$len
-___
-$code.=<<___;
-	st${g}	$len,1*$SIZE_T($sp)	# save copy of $len
-	aghi	$len,-16
-	bcr	4,$ra			# abort if less than zero. formally
-					# wrong, because $len is unsigned,
-					# but who can afford asking to
-					# process more than 2^63-1 bytes?
-	tmll	$len,0x0f
-	jnz	.Lxts_dec_proceed
-	aghi	$len,16
-.Lxts_dec_proceed:
-___
-$code.=<<___ if (!$softonly);
-	llgf	%r0,240($key2)
-	lhi	%r1,16
-	clr	%r0,%r1
-	jl	.Lxts_dec_software
-
-	st${g}	$ra,5*$SIZE_T($sp)
-	stm${g}	%r6,$s3,6*$SIZE_T($sp)
-
-	nill	$len,0xfff0		# $len&=~15
-	slgr	$out,$inp
-
-	# generate the tweak value
-	l${g}	$s3,$stdframe($sp)	# pointer to iv
-	la	$s2,$tweak($sp)
-	lmg	$s0,$s1,0($s3)
-	lghi	$s3,16
-	stmg	$s0,$s1,0($s2)
-	la	%r1,0($key2)		# $key2 is not needed past this point
-	.long	0xb92e00aa		# km $s2,$s2, generate the tweak
-	brc	1,.-4			# can this happen?
-
-	l	%r0,240($key1)
-	la	%r1,0($key1)		# $key1 is not needed anymore
-
-	ltgr	$len,$len
-	jz	.Lxts_dec_km_short
-	bras	$ra,_s390x_xts_km
-	jz	.Lxts_dec_km_done
-
-	lrvgr	$s2,$s0			# make copy in reverse byte order
-	lrvgr	$s3,$s1
-	j	.Lxts_dec_km_2ndtweak
-
-.Lxts_dec_km_short:
-	llgc	$len,`2*$SIZE_T-1`($sp)
-	nill	$len,0x0f		# $len%=16
-	lrvg	$s0,$tweak+0($sp)	# load the tweak
-	lrvg	$s1,$tweak+8($sp)
-	lrvgr	$s2,$s0			# make copy in reverse byte order
-	lrvgr	$s3,$s1
-
-.Lxts_dec_km_2ndtweak:
-	lghi	$i1,0x87
-	srag	$i2,$s1,63		# broadcast upper bit
-	ngr	$i1,$i2			# rem
-	algr	$s0,$s0
-	alcgr	$s1,$s1
-	xgr	$s0,$i1
-	lrvgr	$i1,$s0			# flip byte order
-	lrvgr	$i2,$s1
-
-	xg	$i1,0($inp)
-	xg	$i2,8($inp)
-	stg	$i1,0($out,$inp)
-	stg	$i2,8($out,$inp)
-	la	$i2,0($out,$inp)
-	lghi	$i3,16
-	.long	0xb92e0066		# km $i2,$i2
-	brc	1,.-4			# can this happen?
-	lrvgr	$i1,$s0
-	lrvgr	$i2,$s1
-	xg	$i1,0($out,$inp)
-	xg	$i2,8($out,$inp)
-	stg	$i1,0($out,$inp)
-	stg	$i2,8($out,$inp)
-
-	la	$i3,0($out,$inp)	# put aside real $out
-.Lxts_dec_km_steal:
-	llgc	$i1,16($inp)
-	llgc	$i2,0($out,$inp)
-	stc	$i1,0($out,$inp)
-	stc	$i2,16($out,$inp)
-	la	$inp,1($inp)
-	brct	$len,.Lxts_dec_km_steal
-
-	lgr	$s0,$s2
-	lgr	$s1,$s3
-	xg	$s0,0($i3)
-	xg	$s1,8($i3)
-	stg	$s0,0($i3)
-	stg	$s1,8($i3)
-	la	$s0,0($i3)
-	lghi	$s1,16
-	.long	0xb92e0088		# km $s0,$s0
-	brc	1,.-4			# can this happen?
-	xg	$s2,0($i3)
-	xg	$s3,8($i3)
-	stg	$s2,0($i3)
-	stg	$s3,8($i3)
-.Lxts_dec_km_done:
-	stg	$sp,$tweak+0($sp)	# wipe tweak
-	stg	$sp,$tweak+8($sp)
-	l${g}	$ra,5*$SIZE_T($sp)
-	lm${g}	%r6,$s3,6*$SIZE_T($sp)
-	br	$ra
-.align	16
-.Lxts_dec_software:
-___
-$code.=<<___;
-	stm${g}	%r6,$ra,6*$SIZE_T($sp)
-
-	srlg	$len,$len,4
-	slgr	$out,$inp
-
-	l${g}	$s3,$stdframe($sp)	# ivp
-	llgf	$s0,0($s3)		# load iv
-	llgf	$s1,4($s3)
-	llgf	$s2,8($s3)
-	llgf	$s3,12($s3)
-	stm${g}	%r2,%r5,2*$SIZE_T($sp)
-	la	$key,0($key2)
-	larl	$tbl,AES_Te
-	bras	$ra,_s390x_AES_encrypt	# generate the tweak
-	lm${g}	%r2,%r5,2*$SIZE_T($sp)
-	larl	$tbl,AES_Td
-	lt${g}r	$len,$len
-	stm	$s0,$s3,$tweak($sp)	# save the tweak
-	jz	.Lxts_dec_short
-	j	.Lxts_dec_enter
-
-.align	16
-.Lxts_dec_loop:
-	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
-	lrvg	$s3,$tweak+8($sp)
-	lghi	%r1,0x87
-	srag	%r0,$s3,63		# broadcast upper bit
-	ngr	%r1,%r0			# rem
-	algr	$s1,$s1
-	alcgr	$s3,$s3
-	xgr	$s1,%r1
-	lrvgr	$s1,$s1			# flip byte order
-	lrvgr	$s3,$s3
-	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits 
-	stg	$s1,$tweak+0($sp)	# save the tweak
-	llgfr	$s1,$s1
-	srlg	$s2,$s3,32
-	stg	$s3,$tweak+8($sp)
-	llgfr	$s3,$s3
-.Lxts_dec_enter:
-	x	$s0,0($inp)		# tweak^=*(inp)
-	x	$s1,4($inp)
-	x	$s2,8($inp)
-	x	$s3,12($inp)
-	stm${g}	%r2,%r3,2*$SIZE_T($sp)	# only two registers are changing
-	la	$key,0($key1)
-	bras	$ra,_s390x_AES_decrypt
-	lm${g}	%r2,%r5,2*$SIZE_T($sp)
-	x	$s0,$tweak+0($sp)	# ^=tweak
-	x	$s1,$tweak+4($sp)
-	x	$s2,$tweak+8($sp)
-	x	$s3,$tweak+12($sp)
-	st	$s0,0($out,$inp)
-	st	$s1,4($out,$inp)
-	st	$s2,8($out,$inp)
-	st	$s3,12($out,$inp)
-	la	$inp,16($inp)
-	brct${g}	$len,.Lxts_dec_loop
-
-	llgc	$len,`2*$SIZE_T-1`($sp)
-	nill	$len,0x0f		# $len%16
-	jz	.Lxts_dec_done
-
-	# generate pair of tweaks...
-	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
-	lrvg	$s3,$tweak+8($sp)
-	lghi	%r1,0x87
-	srag	%r0,$s3,63		# broadcast upper bit
-	ngr	%r1,%r0			# rem
-	algr	$s1,$s1
-	alcgr	$s3,$s3
-	xgr	$s1,%r1
-	lrvgr	$i2,$s1			# flip byte order
-	lrvgr	$i3,$s3
-	stmg	$i2,$i3,$tweak($sp)	# save the 1st tweak
-	j	.Lxts_dec_2ndtweak
-
-.align	16
-.Lxts_dec_short:
-	llgc	$len,`2*$SIZE_T-1`($sp)
-	nill	$len,0x0f		# $len%16
-	lrvg	$s1,$tweak+0($sp)	# load the tweak in little-endian
-	lrvg	$s3,$tweak+8($sp)
-.Lxts_dec_2ndtweak:
-	lghi	%r1,0x87
-	srag	%r0,$s3,63		# broadcast upper bit
-	ngr	%r1,%r0			# rem
-	algr	$s1,$s1
-	alcgr	$s3,$s3
-	xgr	$s1,%r1
-	lrvgr	$s1,$s1			# flip byte order
-	lrvgr	$s3,$s3
-	srlg	$s0,$s1,32		# smash the tweak to 4x32-bits
-	stg	$s1,$tweak-16+0($sp)	# save the 2nd tweak
-	llgfr	$s1,$s1
-	srlg	$s2,$s3,32
-	stg	$s3,$tweak-16+8($sp)
-	llgfr	$s3,$s3
-
-	x	$s0,0($inp)		# tweak_the_2nd^=*(inp)
-	x	$s1,4($inp)
-	x	$s2,8($inp)
-	x	$s3,12($inp)
-	stm${g}	%r2,%r3,2*$SIZE_T($sp)
-	la	$key,0($key1)
-	bras	$ra,_s390x_AES_decrypt
-	lm${g}	%r2,%r5,2*$SIZE_T($sp)
-	x	$s0,$tweak-16+0($sp)	# ^=tweak_the_2nd
-	x	$s1,$tweak-16+4($sp)
-	x	$s2,$tweak-16+8($sp)
-	x	$s3,$tweak-16+12($sp)
-	st	$s0,0($out,$inp)
-	st	$s1,4($out,$inp)
-	st	$s2,8($out,$inp)
-	st	$s3,12($out,$inp)
-
-	la	$i3,0($out,$inp)	# put aside real $out
-.Lxts_dec_steal:
-	llgc	%r0,16($inp)
-	llgc	%r1,0($out,$inp)
-	stc	%r0,0($out,$inp)
-	stc	%r1,16($out,$inp)
-	la	$inp,1($inp)
-	brct	$len,.Lxts_dec_steal
-	la	$out,0($i3)		# restore real $out
-
-	lm	$s0,$s3,$tweak($sp)	# load the 1st tweak
-	x	$s0,0($out)		# tweak^=*(inp)|stolen cipher-text
-	x	$s1,4($out)
-	x	$s2,8($out)
-	x	$s3,12($out)
-	st${g}	$out,4*$SIZE_T($sp)
-	la	$key,0($key1)
-	bras	$ra,_s390x_AES_decrypt
-	l${g}	$out,4*$SIZE_T($sp)
-	x	$s0,$tweak+0($sp)	# ^=tweak
-	x	$s1,$tweak+4($sp)
-	x	$s2,$tweak+8($sp)
-	x	$s3,$tweak+12($sp)
-	st	$s0,0($out)
-	st	$s1,4($out)
-	st	$s2,8($out)
-	st	$s3,12($out)
-	stg	$sp,$tweak-16+0($sp)	# wipe 2nd tweak
-	stg	$sp,$tweak-16+8($sp)
-.Lxts_dec_done:
-	stg	$sp,$tweak+0($sp)	# wipe tweak
-	stg	$sp,$twesk+8($sp)
-	lm${g}	%r6,$ra,6*$SIZE_T($sp)
-	br	$ra
-.size	AES_xts_decrypt,.-AES_xts_decrypt
-___
-}
-$code.=<<___;
-.string	"AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-.comm	OPENSSL_s390xcap_P,16,8
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;	# force flush
diff --git a/crypto/aes/asm/aes-sparcv9.pl b/crypto/aes/asm/aes-sparcv9.pl
deleted file mode 100755
index 403c4d1290..0000000000
--- a/crypto/aes/asm/aes-sparcv9.pl
+++ /dev/null
@@ -1,1182 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
-# forms are granted according to the OpenSSL license.
-# ====================================================================
-#
-# Version 1.1
-#
-# The major reason for undertaken effort was to mitigate the hazard of
-# cache-timing attack. This is [currently and initially!] addressed in
-# two ways. 1. S-boxes are compressed from 5KB to 2KB+256B size each.
-# 2. References to them are scheduled for L2 cache latency, meaning
-# that the tables don't have to reside in L1 cache. Once again, this
-# is an initial draft and one should expect more countermeasures to
-# be implemented...
-#
-# Version 1.1 prefetches T[ed]4 in order to mitigate attack on last
-# round.
-#
-# Even though performance was not the primary goal [on the contrary,
-# extra shifts "induced" by compressed S-box and longer loop epilogue
-# "induced" by scheduling for L2 have negative effect on performance],
-# the code turned out to run in ~23 cycles per processed byte en-/
-# decrypted with 128-bit key. This is pretty good result for code
-# with mentioned qualities and UltraSPARC core. Compared to Sun C
-# generated code my encrypt procedure runs just few percents faster,
-# while decrypt one - whole 50% faster [yes, Sun C failed to generate
-# optimal decrypt procedure]. Compared to GNU C generated code both
-# procedures are more than 60% faster:-)
-
-$bits=32;
-for (@ARGV)	{ $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
-if ($bits==64)	{ $bias=2047; $frame=192; }
-else		{ $bias=0;    $frame=112; }
-$locals=16;
-
-$acc0="%l0";
-$acc1="%o0";
-$acc2="%o1";
-$acc3="%o2";
-
-$acc4="%l1";
-$acc5="%o3";
-$acc6="%o4";
-$acc7="%o5";
-
-$acc8="%l2";
-$acc9="%o7";
-$acc10="%g1";
-$acc11="%g2";
-
-$acc12="%l3";
-$acc13="%g3";
-$acc14="%g4";
-$acc15="%g5";
-
-$t0="%l4";
-$t1="%l5";
-$t2="%l6";
-$t3="%l7";
-
-$s0="%i0";
-$s1="%i1";
-$s2="%i2";
-$s3="%i3";
-$tbl="%i4";
-$key="%i5";
-$rounds="%i7";	# aliases with return address, which is off-loaded to stack
-
-sub _data_word()
-{ my $i;
-    while(defined($i=shift)) { $code.=sprintf"\t.long\t0x%08x,0x%08x\n",$i,$i; }
-}
-
-$code.=<<___ if ($bits==64);
-.register	%g2,#scratch
-.register	%g3,#scratch
-___
-$code.=<<___;
-.section	".text",#alloc,#execinstr
-
-.align	256
-AES_Te:
-___
-&_data_word(
-	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
-	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
-	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
-	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
-	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
-	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
-	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
-	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
-	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
-	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
-	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
-	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
-	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
-	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
-	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
-	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
-	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
-	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
-	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
-	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
-	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
-	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
-	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
-	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
-	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
-	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
-	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
-	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
-	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
-	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
-	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
-	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
-	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
-	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
-	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
-	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
-	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
-	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
-	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
-	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
-	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
-	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
-	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
-	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
-	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
-	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
-	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
-	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
-	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
-	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
-	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
-	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
-	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
-	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
-	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
-	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
-	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
-	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
-	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
-	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
-	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
-	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
-	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
-	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a);
-$code.=<<___;
-	.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
-	.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
-	.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
-	.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
-	.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
-	.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
-	.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
-	.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
-	.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
-	.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
-	.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
-	.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
-	.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
-	.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
-	.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
-	.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
-	.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
-	.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
-	.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
-	.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
-	.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
-	.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
-	.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
-	.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
-	.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
-	.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
-	.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
-	.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
-	.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
-	.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
-	.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
-	.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-.type	AES_Te,#object
-.size	AES_Te,(.-AES_Te)
-
-.align	64
-.skip	16
-_sparcv9_AES_encrypt:
-	save	%sp,-$frame-$locals,%sp
-	stx	%i7,[%sp+$bias+$frame+0]	! off-load return address
-	ld	[$key+240],$rounds
-	ld	[$key+0],$t0
-	ld	[$key+4],$t1			!
-	ld	[$key+8],$t2
-	srl	$rounds,1,$rounds
-	xor	$t0,$s0,$s0
-	ld	[$key+12],$t3
-	srl	$s0,21,$acc0
-	xor	$t1,$s1,$s1
-	ld	[$key+16],$t0
-	srl	$s1,13,$acc1			!
-	xor	$t2,$s2,$s2
-	ld	[$key+20],$t1
-	xor	$t3,$s3,$s3
-	ld	[$key+24],$t2
-	and	$acc0,2040,$acc0
-	ld	[$key+28],$t3
-	nop
-.Lenc_loop:
-	srl	$s2,5,$acc2			!
-	and	$acc1,2040,$acc1
-	ldx	[$tbl+$acc0],$acc0
-	sll	$s3,3,$acc3
-	and	$acc2,2040,$acc2
-	ldx	[$tbl+$acc1],$acc1
-	srl	$s1,21,$acc4
-	and	$acc3,2040,$acc3
-	ldx	[$tbl+$acc2],$acc2		!
-	srl	$s2,13,$acc5
-	and	$acc4,2040,$acc4
-	ldx	[$tbl+$acc3],$acc3
-	srl	$s3,5,$acc6
-	and	$acc5,2040,$acc5
-	ldx	[$tbl+$acc4],$acc4
-	fmovs	%f0,%f0
-	sll	$s0,3,$acc7			!
-	and	$acc6,2040,$acc6
-	ldx	[$tbl+$acc5],$acc5
-	srl	$s2,21,$acc8
-	and	$acc7,2040,$acc7
-	ldx	[$tbl+$acc6],$acc6
-	srl	$s3,13,$acc9
-	and	$acc8,2040,$acc8
-	ldx	[$tbl+$acc7],$acc7		!
-	srl	$s0,5,$acc10
-	and	$acc9,2040,$acc9
-	ldx	[$tbl+$acc8],$acc8
-	sll	$s1,3,$acc11
-	and	$acc10,2040,$acc10
-	ldx	[$tbl+$acc9],$acc9
-	fmovs	%f0,%f0
-	srl	$s3,21,$acc12			!
-	and	$acc11,2040,$acc11
-	ldx	[$tbl+$acc10],$acc10
-	srl	$s0,13,$acc13
-	and	$acc12,2040,$acc12
-	ldx	[$tbl+$acc11],$acc11
-	srl	$s1,5,$acc14
-	and	$acc13,2040,$acc13
-	ldx	[$tbl+$acc12],$acc12		!
-	sll	$s2,3,$acc15
-	and	$acc14,2040,$acc14
-	ldx	[$tbl+$acc13],$acc13
-	and	$acc15,2040,$acc15
-	add	$key,32,$key
-	ldx	[$tbl+$acc14],$acc14
-	fmovs	%f0,%f0
-	subcc	$rounds,1,$rounds		!
-	ldx	[$tbl+$acc15],$acc15
-	bz,a,pn	%icc,.Lenc_last
-	add	$tbl,2048,$rounds
-
-		srlx	$acc1,8,$acc1
-		xor	$acc0,$t0,$t0
-	ld	[$key+0],$s0
-	fmovs	%f0,%f0
-		srlx	$acc2,16,$acc2		!
-		xor	$acc1,$t0,$t0
-	ld	[$key+4],$s1
-		srlx	$acc3,24,$acc3
-		xor	$acc2,$t0,$t0
-	ld	[$key+8],$s2
-		srlx	$acc5,8,$acc5
-		xor	$acc3,$t0,$t0
-	ld	[$key+12],$s3			!
-		srlx	$acc6,16,$acc6
-		xor	$acc4,$t1,$t1
-	fmovs	%f0,%f0
-		srlx	$acc7,24,$acc7
-		xor	$acc5,$t1,$t1
-		srlx	$acc9,8,$acc9
-		xor	$acc6,$t1,$t1
-		srlx	$acc10,16,$acc10	!
-		xor	$acc7,$t1,$t1
-		srlx	$acc11,24,$acc11
-		xor	$acc8,$t2,$t2
-		srlx	$acc13,8,$acc13
-		xor	$acc9,$t2,$t2
-		srlx	$acc14,16,$acc14
-		xor	$acc10,$t2,$t2
-		srlx	$acc15,24,$acc15	!
-		xor	$acc11,$t2,$t2
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$t3,$t3
-	srl	$t0,21,$acc0
-		xor	$acc14,$t3,$t3
-	srl	$t1,13,$acc1
-		xor	$acc15,$t3,$t3
-
-	and	$acc0,2040,$acc0		!
-	srl	$t2,5,$acc2
-	and	$acc1,2040,$acc1
-	ldx	[$tbl+$acc0],$acc0
-	sll	$t3,3,$acc3
-	and	$acc2,2040,$acc2
-	ldx	[$tbl+$acc1],$acc1
-	fmovs	%f0,%f0
-	srl	$t1,21,$acc4			!
-	and	$acc3,2040,$acc3
-	ldx	[$tbl+$acc2],$acc2
-	srl	$t2,13,$acc5
-	and	$acc4,2040,$acc4
-	ldx	[$tbl+$acc3],$acc3
-	srl	$t3,5,$acc6
-	and	$acc5,2040,$acc5
-	ldx	[$tbl+$acc4],$acc4		!
-	sll	$t0,3,$acc7
-	and	$acc6,2040,$acc6
-	ldx	[$tbl+$acc5],$acc5
-	srl	$t2,21,$acc8
-	and	$acc7,2040,$acc7
-	ldx	[$tbl+$acc6],$acc6
-	fmovs	%f0,%f0
-	srl	$t3,13,$acc9			!
-	and	$acc8,2040,$acc8
-	ldx	[$tbl+$acc7],$acc7
-	srl	$t0,5,$acc10
-	and	$acc9,2040,$acc9
-	ldx	[$tbl+$acc8],$acc8
-	sll	$t1,3,$acc11
-	and	$acc10,2040,$acc10
-	ldx	[$tbl+$acc9],$acc9		!
-	srl	$t3,21,$acc12
-	and	$acc11,2040,$acc11
-	ldx	[$tbl+$acc10],$acc10
-	srl	$t0,13,$acc13
-	and	$acc12,2040,$acc12
-	ldx	[$tbl+$acc11],$acc11
-	fmovs	%f0,%f0
-	srl	$t1,5,$acc14			!
-	and	$acc13,2040,$acc13
-	ldx	[$tbl+$acc12],$acc12
-	sll	$t2,3,$acc15
-	and	$acc14,2040,$acc14
-	ldx	[$tbl+$acc13],$acc13
-		srlx	$acc1,8,$acc1
-	and	$acc15,2040,$acc15
-	ldx	[$tbl+$acc14],$acc14		!
-
-		srlx	$acc2,16,$acc2
-		xor	$acc0,$s0,$s0
-	ldx	[$tbl+$acc15],$acc15
-		srlx	$acc3,24,$acc3
-		xor	$acc1,$s0,$s0
-	ld	[$key+16],$t0
-	fmovs	%f0,%f0
-		srlx	$acc5,8,$acc5		!
-		xor	$acc2,$s0,$s0
-	ld	[$key+20],$t1
-		srlx	$acc6,16,$acc6
-		xor	$acc3,$s0,$s0
-	ld	[$key+24],$t2
-		srlx	$acc7,24,$acc7
-		xor	$acc4,$s1,$s1
-	ld	[$key+28],$t3			!
-		srlx	$acc9,8,$acc9
-		xor	$acc5,$s1,$s1
-	ldx	[$tbl+2048+0],%g0		! prefetch te4
-		srlx	$acc10,16,$acc10
-		xor	$acc6,$s1,$s1
-	ldx	[$tbl+2048+32],%g0		! prefetch te4
-		srlx	$acc11,24,$acc11
-		xor	$acc7,$s1,$s1
-	ldx	[$tbl+2048+64],%g0		! prefetch te4
-		srlx	$acc13,8,$acc13
-		xor	$acc8,$s2,$s2
-	ldx	[$tbl+2048+96],%g0		! prefetch te4
-		srlx	$acc14,16,$acc14	!
-		xor	$acc9,$s2,$s2
-	ldx	[$tbl+2048+128],%g0		! prefetch te4
-		srlx	$acc15,24,$acc15
-		xor	$acc10,$s2,$s2
-	ldx	[$tbl+2048+160],%g0		! prefetch te4
-	srl	$s0,21,$acc0
-		xor	$acc11,$s2,$s2
-	ldx	[$tbl+2048+192],%g0		! prefetch te4
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$s3,$s3
-	ldx	[$tbl+2048+224],%g0		! prefetch te4
-	srl	$s1,13,$acc1			!
-		xor	$acc14,$s3,$s3
-		xor	$acc15,$s3,$s3
-	ba	.Lenc_loop
-	and	$acc0,2040,$acc0
-
-.align	32
-.Lenc_last:
-		srlx	$acc1,8,$acc1		!
-		xor	$acc0,$t0,$t0
-	ld	[$key+0],$s0
-		srlx	$acc2,16,$acc2
-		xor	$acc1,$t0,$t0
-	ld	[$key+4],$s1
-		srlx	$acc3,24,$acc3
-		xor	$acc2,$t0,$t0
-	ld	[$key+8],$s2			!
-		srlx	$acc5,8,$acc5
-		xor	$acc3,$t0,$t0
-	ld	[$key+12],$s3
-		srlx	$acc6,16,$acc6
-		xor	$acc4,$t1,$t1
-		srlx	$acc7,24,$acc7
-		xor	$acc5,$t1,$t1
-		srlx	$acc9,8,$acc9		!
-		xor	$acc6,$t1,$t1
-		srlx	$acc10,16,$acc10
-		xor	$acc7,$t1,$t1
-		srlx	$acc11,24,$acc11
-		xor	$acc8,$t2,$t2
-		srlx	$acc13,8,$acc13
-		xor	$acc9,$t2,$t2
-		srlx	$acc14,16,$acc14	!
-		xor	$acc10,$t2,$t2
-		srlx	$acc15,24,$acc15
-		xor	$acc11,$t2,$t2
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$t3,$t3
-	srl	$t0,24,$acc0
-		xor	$acc14,$t3,$t3
-	srl	$t1,16,$acc1			!
-		xor	$acc15,$t3,$t3
-
-	srl	$t2,8,$acc2
-	and	$acc1,255,$acc1
-	ldub	[$rounds+$acc0],$acc0
-	srl	$t1,24,$acc4
-	and	$acc2,255,$acc2
-	ldub	[$rounds+$acc1],$acc1
-	srl	$t2,16,$acc5			!
-	and	$t3,255,$acc3
-	ldub	[$rounds+$acc2],$acc2
-	ldub	[$rounds+$acc3],$acc3
-	srl	$t3,8,$acc6
-	and	$acc5,255,$acc5
-	ldub	[$rounds+$acc4],$acc4
-	fmovs	%f0,%f0
-	srl	$t2,24,$acc8			!
-	and	$acc6,255,$acc6
-	ldub	[$rounds+$acc5],$acc5
-	srl	$t3,16,$acc9
-	and	$t0,255,$acc7
-	ldub	[$rounds+$acc6],$acc6
-	ldub	[$rounds+$acc7],$acc7
-	fmovs	%f0,%f0
-	srl	$t0,8,$acc10			!
-	and	$acc9,255,$acc9
-	ldub	[$rounds+$acc8],$acc8
-	srl	$t3,24,$acc12
-	and	$acc10,255,$acc10
-	ldub	[$rounds+$acc9],$acc9
-	srl	$t0,16,$acc13
-	and	$t1,255,$acc11
-	ldub	[$rounds+$acc10],$acc10		!
-	srl	$t1,8,$acc14
-	and	$acc13,255,$acc13
-	ldub	[$rounds+$acc11],$acc11
-	ldub	[$rounds+$acc12],$acc12
-	and	$acc14,255,$acc14
-	ldub	[$rounds+$acc13],$acc13
-	and	$t2,255,$acc15
-	ldub	[$rounds+$acc14],$acc14		!
-
-		sll	$acc0,24,$acc0
-		xor	$acc3,$s0,$s0
-	ldub	[$rounds+$acc15],$acc15
-		sll	$acc1,16,$acc1
-		xor	$acc0,$s0,$s0
-	ldx	[%sp+$bias+$frame+0],%i7	! restore return address
-	fmovs	%f0,%f0
-		sll	$acc2,8,$acc2		!
-		xor	$acc1,$s0,$s0
-		sll	$acc4,24,$acc4
-		xor	$acc2,$s0,$s0
-		sll	$acc5,16,$acc5
-		xor	$acc7,$s1,$s1
-		sll	$acc6,8,$acc6
-		xor	$acc4,$s1,$s1
-		sll	$acc8,24,$acc8		!
-		xor	$acc5,$s1,$s1
-		sll	$acc9,16,$acc9
-		xor	$acc11,$s2,$s2
-		sll	$acc10,8,$acc10
-		xor	$acc6,$s1,$s1
-		sll	$acc12,24,$acc12
-		xor	$acc8,$s2,$s2
-		sll	$acc13,16,$acc13	!
-		xor	$acc9,$s2,$s2
-		sll	$acc14,8,$acc14
-		xor	$acc10,$s2,$s2
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$s3,$s3
-		xor	$acc14,$s3,$s3
-		xor	$acc15,$s3,$s3
-
-	ret
-	restore
-.type	_sparcv9_AES_encrypt,#function
-.size	_sparcv9_AES_encrypt,(.-_sparcv9_AES_encrypt)
-
-.align	32
-.globl	AES_encrypt
-AES_encrypt:
-	or	%o0,%o1,%g1
-	andcc	%g1,3,%g0
-	bnz,pn	%xcc,.Lunaligned_enc
-	save	%sp,-$frame,%sp
-
-	ld	[%i0+0],%o0
-	ld	[%i0+4],%o1
-	ld	[%i0+8],%o2
-	ld	[%i0+12],%o3
-
-1:	call	.+8
-	add	%o7,AES_Te-1b,%o4
-	call	_sparcv9_AES_encrypt
-	mov	%i2,%o5
-
-	st	%o0,[%i1+0]
-	st	%o1,[%i1+4]
-	st	%o2,[%i1+8]
-	st	%o3,[%i1+12]
-
-	ret
-	restore
-
-.align	32
-.Lunaligned_enc:
-	ldub	[%i0+0],%l0
-	ldub	[%i0+1],%l1
-	ldub	[%i0+2],%l2
-
-	sll	%l0,24,%l0
-	ldub	[%i0+3],%l3
-	sll	%l1,16,%l1
-	ldub	[%i0+4],%l4
-	sll	%l2,8,%l2
-	or	%l1,%l0,%l0
-	ldub	[%i0+5],%l5
-	sll	%l4,24,%l4
-	or	%l3,%l2,%l2
-	ldub	[%i0+6],%l6
-	sll	%l5,16,%l5
-	or	%l0,%l2,%o0
-	ldub	[%i0+7],%l7
-
-	sll	%l6,8,%l6
-	or	%l5,%l4,%l4
-	ldub	[%i0+8],%l0
-	or	%l7,%l6,%l6
-	ldub	[%i0+9],%l1
-	or	%l4,%l6,%o1
-	ldub	[%i0+10],%l2
-
-	sll	%l0,24,%l0
-	ldub	[%i0+11],%l3
-	sll	%l1,16,%l1
-	ldub	[%i0+12],%l4
-	sll	%l2,8,%l2
-	or	%l1,%l0,%l0
-	ldub	[%i0+13],%l5
-	sll	%l4,24,%l4
-	or	%l3,%l2,%l2
-	ldub	[%i0+14],%l6
-	sll	%l5,16,%l5
-	or	%l0,%l2,%o2
-	ldub	[%i0+15],%l7
-
-	sll	%l6,8,%l6
-	or	%l5,%l4,%l4
-	or	%l7,%l6,%l6
-	or	%l4,%l6,%o3
-
-1:	call	.+8
-	add	%o7,AES_Te-1b,%o4
-	call	_sparcv9_AES_encrypt
-	mov	%i2,%o5
-
-	srl	%o0,24,%l0
-	srl	%o0,16,%l1
-	stb	%l0,[%i1+0]
-	srl	%o0,8,%l2
-	stb	%l1,[%i1+1]
-	stb	%l2,[%i1+2]
-	srl	%o1,24,%l4
-	stb	%o0,[%i1+3]
-
-	srl	%o1,16,%l5
-	stb	%l4,[%i1+4]
-	srl	%o1,8,%l6
-	stb	%l5,[%i1+5]
-	stb	%l6,[%i1+6]
-	srl	%o2,24,%l0
-	stb	%o1,[%i1+7]
-
-	srl	%o2,16,%l1
-	stb	%l0,[%i1+8]
-	srl	%o2,8,%l2
-	stb	%l1,[%i1+9]
-	stb	%l2,[%i1+10]
-	srl	%o3,24,%l4
-	stb	%o2,[%i1+11]
-
-	srl	%o3,16,%l5
-	stb	%l4,[%i1+12]
-	srl	%o3,8,%l6
-	stb	%l5,[%i1+13]
-	stb	%l6,[%i1+14]
-	stb	%o3,[%i1+15]
-
-	ret
-	restore
-.type	AES_encrypt,#function
-.size	AES_encrypt,(.-AES_encrypt)
-
-___
-
-$code.=<<___;
-.align	256
-AES_Td:
-___
-&_data_word(
-	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
-	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
-	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
-	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
-	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
-	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
-	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
-	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
-	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
-	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
-	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
-	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
-	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
-	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
-	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
-	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
-	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
-	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
-	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
-	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
-	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
-	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
-	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
-	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
-	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
-	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
-	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
-	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
-	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
-	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
-	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
-	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
-	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
-	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
-	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
-	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
-	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
-	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
-	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
-	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
-	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
-	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
-	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
-	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
-	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
-	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
-	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
-	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
-	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
-	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
-	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
-	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
-	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
-	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
-	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
-	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
-	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
-	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
-	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
-	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
-	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
-	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
-	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
-	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742);
-$code.=<<___;
-	.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
-	.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
-	.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
-	.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
-	.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
-	.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
-	.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
-	.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
-	.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
-	.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
-	.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
-	.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
-	.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
-	.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
-	.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
-	.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
-	.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
-	.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
-	.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
-	.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
-	.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
-	.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
-	.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
-	.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
-	.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
-	.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
-	.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
-	.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
-	.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
-	.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
-	.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
-	.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-.type	AES_Td,#object
-.size	AES_Td,(.-AES_Td)
-
-.align	64
-.skip	16
-_sparcv9_AES_decrypt:
-	save	%sp,-$frame-$locals,%sp
-	stx	%i7,[%sp+$bias+$frame+0]	! off-load return address
-	ld	[$key+240],$rounds
-	ld	[$key+0],$t0
-	ld	[$key+4],$t1			!
-	ld	[$key+8],$t2
-	ld	[$key+12],$t3
-	srl	$rounds,1,$rounds
-	xor	$t0,$s0,$s0
-	ld	[$key+16],$t0
-	xor	$t1,$s1,$s1
-	ld	[$key+20],$t1
-	srl	$s0,21,$acc0			!
-	xor	$t2,$s2,$s2
-	ld	[$key+24],$t2
-	xor	$t3,$s3,$s3
-	and	$acc0,2040,$acc0
-	ld	[$key+28],$t3
-	srl	$s3,13,$acc1
-	nop
-.Ldec_loop:
-	srl	$s2,5,$acc2			!
-	and	$acc1,2040,$acc1
-	ldx	[$tbl+$acc0],$acc0
-	sll	$s1,3,$acc3
-	and	$acc2,2040,$acc2
-	ldx	[$tbl+$acc1],$acc1
-	srl	$s1,21,$acc4
-	and	$acc3,2040,$acc3
-	ldx	[$tbl+$acc2],$acc2		!
-	srl	$s0,13,$acc5
-	and	$acc4,2040,$acc4
-	ldx	[$tbl+$acc3],$acc3
-	srl	$s3,5,$acc6
-	and	$acc5,2040,$acc5
-	ldx	[$tbl+$acc4],$acc4
-	fmovs	%f0,%f0
-	sll	$s2,3,$acc7			!
-	and	$acc6,2040,$acc6
-	ldx	[$tbl+$acc5],$acc5
-	srl	$s2,21,$acc8
-	and	$acc7,2040,$acc7
-	ldx	[$tbl+$acc6],$acc6
-	srl	$s1,13,$acc9
-	and	$acc8,2040,$acc8
-	ldx	[$tbl+$acc7],$acc7		!
-	srl	$s0,5,$acc10
-	and	$acc9,2040,$acc9
-	ldx	[$tbl+$acc8],$acc8
-	sll	$s3,3,$acc11
-	and	$acc10,2040,$acc10
-	ldx	[$tbl+$acc9],$acc9
-	fmovs	%f0,%f0
-	srl	$s3,21,$acc12			!
-	and	$acc11,2040,$acc11
-	ldx	[$tbl+$acc10],$acc10
-	srl	$s2,13,$acc13
-	and	$acc12,2040,$acc12
-	ldx	[$tbl+$acc11],$acc11
-	srl	$s1,5,$acc14
-	and	$acc13,2040,$acc13
-	ldx	[$tbl+$acc12],$acc12		!
-	sll	$s0,3,$acc15
-	and	$acc14,2040,$acc14
-	ldx	[$tbl+$acc13],$acc13
-	and	$acc15,2040,$acc15
-	add	$key,32,$key
-	ldx	[$tbl+$acc14],$acc14
-	fmovs	%f0,%f0
-	subcc	$rounds,1,$rounds		!
-	ldx	[$tbl+$acc15],$acc15
-	bz,a,pn	%icc,.Ldec_last
-	add	$tbl,2048,$rounds
-
-		srlx	$acc1,8,$acc1
-		xor	$acc0,$t0,$t0
-	ld	[$key+0],$s0
-	fmovs	%f0,%f0
-		srlx	$acc2,16,$acc2		!
-		xor	$acc1,$t0,$t0
-	ld	[$key+4],$s1
-		srlx	$acc3,24,$acc3
-		xor	$acc2,$t0,$t0
-	ld	[$key+8],$s2
-		srlx	$acc5,8,$acc5
-		xor	$acc3,$t0,$t0
-	ld	[$key+12],$s3			!
-		srlx	$acc6,16,$acc6
-		xor	$acc4,$t1,$t1
-	fmovs	%f0,%f0
-		srlx	$acc7,24,$acc7
-		xor	$acc5,$t1,$t1
-		srlx	$acc9,8,$acc9
-		xor	$acc6,$t1,$t1
-		srlx	$acc10,16,$acc10	!
-		xor	$acc7,$t1,$t1
-		srlx	$acc11,24,$acc11
-		xor	$acc8,$t2,$t2
-		srlx	$acc13,8,$acc13
-		xor	$acc9,$t2,$t2
-		srlx	$acc14,16,$acc14
-		xor	$acc10,$t2,$t2
-		srlx	$acc15,24,$acc15	!
-		xor	$acc11,$t2,$t2
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$t3,$t3
-	srl	$t0,21,$acc0
-		xor	$acc14,$t3,$t3
-		xor	$acc15,$t3,$t3
-	srl	$t3,13,$acc1
-
-	and	$acc0,2040,$acc0		!
-	srl	$t2,5,$acc2
-	and	$acc1,2040,$acc1
-	ldx	[$tbl+$acc0],$acc0
-	sll	$t1,3,$acc3
-	and	$acc2,2040,$acc2
-	ldx	[$tbl+$acc1],$acc1
-	fmovs	%f0,%f0
-	srl	$t1,21,$acc4			!
-	and	$acc3,2040,$acc3
-	ldx	[$tbl+$acc2],$acc2
-	srl	$t0,13,$acc5
-	and	$acc4,2040,$acc4
-	ldx	[$tbl+$acc3],$acc3
-	srl	$t3,5,$acc6
-	and	$acc5,2040,$acc5
-	ldx	[$tbl+$acc4],$acc4		!
-	sll	$t2,3,$acc7
-	and	$acc6,2040,$acc6
-	ldx	[$tbl+$acc5],$acc5
-	srl	$t2,21,$acc8
-	and	$acc7,2040,$acc7
-	ldx	[$tbl+$acc6],$acc6
-	fmovs	%f0,%f0
-	srl	$t1,13,$acc9			!
-	and	$acc8,2040,$acc8
-	ldx	[$tbl+$acc7],$acc7
-	srl	$t0,5,$acc10
-	and	$acc9,2040,$acc9
-	ldx	[$tbl+$acc8],$acc8
-	sll	$t3,3,$acc11
-	and	$acc10,2040,$acc10
-	ldx	[$tbl+$acc9],$acc9		!
-	srl	$t3,21,$acc12
-	and	$acc11,2040,$acc11
-	ldx	[$tbl+$acc10],$acc10
-	srl	$t2,13,$acc13
-	and	$acc12,2040,$acc12
-	ldx	[$tbl+$acc11],$acc11
-	fmovs	%f0,%f0
-	srl	$t1,5,$acc14			!
-	and	$acc13,2040,$acc13
-	ldx	[$tbl+$acc12],$acc12
-	sll	$t0,3,$acc15
-	and	$acc14,2040,$acc14
-	ldx	[$tbl+$acc13],$acc13
-		srlx	$acc1,8,$acc1
-	and	$acc15,2040,$acc15
-	ldx	[$tbl+$acc14],$acc14		!
-
-		srlx	$acc2,16,$acc2
-		xor	$acc0,$s0,$s0
-	ldx	[$tbl+$acc15],$acc15
-		srlx	$acc3,24,$acc3
-		xor	$acc1,$s0,$s0
-	ld	[$key+16],$t0
-	fmovs	%f0,%f0
-		srlx	$acc5,8,$acc5		!
-		xor	$acc2,$s0,$s0
-	ld	[$key+20],$t1
-		srlx	$acc6,16,$acc6
-		xor	$acc3,$s0,$s0
-	ld	[$key+24],$t2
-		srlx	$acc7,24,$acc7
-		xor	$acc4,$s1,$s1
-	ld	[$key+28],$t3			!
-		srlx	$acc9,8,$acc9
-		xor	$acc5,$s1,$s1
-	ldx	[$tbl+2048+0],%g0		! prefetch td4
-		srlx	$acc10,16,$acc10
-		xor	$acc6,$s1,$s1
-	ldx	[$tbl+2048+32],%g0		! prefetch td4
-		srlx	$acc11,24,$acc11
-		xor	$acc7,$s1,$s1
-	ldx	[$tbl+2048+64],%g0		! prefetch td4
-		srlx	$acc13,8,$acc13
-		xor	$acc8,$s2,$s2
-	ldx	[$tbl+2048+96],%g0		! prefetch td4
-		srlx	$acc14,16,$acc14	!
-		xor	$acc9,$s2,$s2
-	ldx	[$tbl+2048+128],%g0		! prefetch td4
-		srlx	$acc15,24,$acc15
-		xor	$acc10,$s2,$s2
-	ldx	[$tbl+2048+160],%g0		! prefetch td4
-	srl	$s0,21,$acc0
-		xor	$acc11,$s2,$s2
-	ldx	[$tbl+2048+192],%g0		! prefetch td4
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$s3,$s3
-	ldx	[$tbl+2048+224],%g0		! prefetch td4
-	and	$acc0,2040,$acc0		!
-		xor	$acc14,$s3,$s3
-		xor	$acc15,$s3,$s3
-	ba	.Ldec_loop
-	srl	$s3,13,$acc1
-
-.align	32
-.Ldec_last:
-		srlx	$acc1,8,$acc1		!
-		xor	$acc0,$t0,$t0
-	ld	[$key+0],$s0
-		srlx	$acc2,16,$acc2
-		xor	$acc1,$t0,$t0
-	ld	[$key+4],$s1
-		srlx	$acc3,24,$acc3
-		xor	$acc2,$t0,$t0
-	ld	[$key+8],$s2			!
-		srlx	$acc5,8,$acc5
-		xor	$acc3,$t0,$t0
-	ld	[$key+12],$s3
-		srlx	$acc6,16,$acc6
-		xor	$acc4,$t1,$t1
-		srlx	$acc7,24,$acc7
-		xor	$acc5,$t1,$t1
-		srlx	$acc9,8,$acc9		!
-		xor	$acc6,$t1,$t1
-		srlx	$acc10,16,$acc10
-		xor	$acc7,$t1,$t1
-		srlx	$acc11,24,$acc11
-		xor	$acc8,$t2,$t2
-		srlx	$acc13,8,$acc13
-		xor	$acc9,$t2,$t2
-		srlx	$acc14,16,$acc14	!
-		xor	$acc10,$t2,$t2
-		srlx	$acc15,24,$acc15
-		xor	$acc11,$t2,$t2
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$t3,$t3
-	srl	$t0,24,$acc0
-		xor	$acc14,$t3,$t3
-		xor	$acc15,$t3,$t3		!
-	srl	$t3,16,$acc1
-
-	srl	$t2,8,$acc2
-	and	$acc1,255,$acc1
-	ldub	[$rounds+$acc0],$acc0
-	srl	$t1,24,$acc4
-	and	$acc2,255,$acc2
-	ldub	[$rounds+$acc1],$acc1
-	srl	$t0,16,$acc5			!
-	and	$t1,255,$acc3
-	ldub	[$rounds+$acc2],$acc2
-	ldub	[$rounds+$acc3],$acc3
-	srl	$t3,8,$acc6
-	and	$acc5,255,$acc5
-	ldub	[$rounds+$acc4],$acc4
-	fmovs	%f0,%f0
-	srl	$t2,24,$acc8			!
-	and	$acc6,255,$acc6
-	ldub	[$rounds+$acc5],$acc5
-	srl	$t1,16,$acc9
-	and	$t2,255,$acc7
-	ldub	[$rounds+$acc6],$acc6
-	ldub	[$rounds+$acc7],$acc7
-	fmovs	%f0,%f0
-	srl	$t0,8,$acc10			!
-	and	$acc9,255,$acc9
-	ldub	[$rounds+$acc8],$acc8
-	srl	$t3,24,$acc12
-	and	$acc10,255,$acc10
-	ldub	[$rounds+$acc9],$acc9
-	srl	$t2,16,$acc13
-	and	$t3,255,$acc11
-	ldub	[$rounds+$acc10],$acc10		!
-	srl	$t1,8,$acc14
-	and	$acc13,255,$acc13
-	ldub	[$rounds+$acc11],$acc11
-	ldub	[$rounds+$acc12],$acc12
-	and	$acc14,255,$acc14
-	ldub	[$rounds+$acc13],$acc13
-	and	$t0,255,$acc15
-	ldub	[$rounds+$acc14],$acc14		!
-
-		sll	$acc0,24,$acc0
-		xor	$acc3,$s0,$s0
-	ldub	[$rounds+$acc15],$acc15
-		sll	$acc1,16,$acc1
-		xor	$acc0,$s0,$s0
-	ldx	[%sp+$bias+$frame+0],%i7	! restore return address
-	fmovs	%f0,%f0
-		sll	$acc2,8,$acc2		!
-		xor	$acc1,$s0,$s0
-		sll	$acc4,24,$acc4
-		xor	$acc2,$s0,$s0
-		sll	$acc5,16,$acc5
-		xor	$acc7,$s1,$s1
-		sll	$acc6,8,$acc6
-		xor	$acc4,$s1,$s1
-		sll	$acc8,24,$acc8		!
-		xor	$acc5,$s1,$s1
-		sll	$acc9,16,$acc9
-		xor	$acc11,$s2,$s2
-		sll	$acc10,8,$acc10
-		xor	$acc6,$s1,$s1
-		sll	$acc12,24,$acc12
-		xor	$acc8,$s2,$s2
-		sll	$acc13,16,$acc13	!
-		xor	$acc9,$s2,$s2
-		sll	$acc14,8,$acc14
-		xor	$acc10,$s2,$s2
-		xor	$acc12,$acc14,$acc14
-		xor	$acc13,$s3,$s3
-		xor	$acc14,$s3,$s3
-		xor	$acc15,$s3,$s3
-
-	ret
-	restore
-.type	_sparcv9_AES_decrypt,#function
-.size	_sparcv9_AES_decrypt,(.-_sparcv9_AES_decrypt)
-
-.align	32
-.globl	AES_decrypt
-AES_decrypt:
-	or	%o0,%o1,%g1
-	andcc	%g1,3,%g0
-	bnz,pn	%xcc,.Lunaligned_dec
-	save	%sp,-$frame,%sp
-
-	ld	[%i0+0],%o0
-	ld	[%i0+4],%o1
-	ld	[%i0+8],%o2
-	ld	[%i0+12],%o3
-
-1:	call	.+8
-	add	%o7,AES_Td-1b,%o4
-	call	_sparcv9_AES_decrypt
-	mov	%i2,%o5
-
-	st	%o0,[%i1+0]
-	st	%o1,[%i1+4]
-	st	%o2,[%i1+8]
-	st	%o3,[%i1+12]
-
-	ret
-	restore
-
-.align	32
-.Lunaligned_dec:
-	ldub	[%i0+0],%l0
-	ldub	[%i0+1],%l1
-	ldub	[%i0+2],%l2
-
-	sll	%l0,24,%l0
-	ldub	[%i0+3],%l3
-	sll	%l1,16,%l1
-	ldub	[%i0+4],%l4
-	sll	%l2,8,%l2
-	or	%l1,%l0,%l0
-	ldub	[%i0+5],%l5
-	sll	%l4,24,%l4
-	or	%l3,%l2,%l2
-	ldub	[%i0+6],%l6
-	sll	%l5,16,%l5
-	or	%l0,%l2,%o0
-	ldub	[%i0+7],%l7
-
-	sll	%l6,8,%l6
-	or	%l5,%l4,%l4
-	ldub	[%i0+8],%l0
-	or	%l7,%l6,%l6
-	ldub	[%i0+9],%l1
-	or	%l4,%l6,%o1
-	ldub	[%i0+10],%l2
-
-	sll	%l0,24,%l0
-	ldub	[%i0+11],%l3
-	sll	%l1,16,%l1
-	ldub	[%i0+12],%l4
-	sll	%l2,8,%l2
-	or	%l1,%l0,%l0
-	ldub	[%i0+13],%l5
-	sll	%l4,24,%l4
-	or	%l3,%l2,%l2
-	ldub	[%i0+14],%l6
-	sll	%l5,16,%l5
-	or	%l0,%l2,%o2
-	ldub	[%i0+15],%l7
-
-	sll	%l6,8,%l6
-	or	%l5,%l4,%l4
-	or	%l7,%l6,%l6
-	or	%l4,%l6,%o3
-
-1:	call	.+8
-	add	%o7,AES_Td-1b,%o4
-	call	_sparcv9_AES_decrypt
-	mov	%i2,%o5
-
-	srl	%o0,24,%l0
-	srl	%o0,16,%l1
-	stb	%l0,[%i1+0]
-	srl	%o0,8,%l2
-	stb	%l1,[%i1+1]
-	stb	%l2,[%i1+2]
-	srl	%o1,24,%l4
-	stb	%o0,[%i1+3]
-
-	srl	%o1,16,%l5
-	stb	%l4,[%i1+4]
-	srl	%o1,8,%l6
-	stb	%l5,[%i1+5]
-	stb	%l6,[%i1+6]
-	srl	%o2,24,%l0
-	stb	%o1,[%i1+7]
-
-	srl	%o2,16,%l1
-	stb	%l0,[%i1+8]
-	srl	%o2,8,%l2
-	stb	%l1,[%i1+9]
-	stb	%l2,[%i1+10]
-	srl	%o3,24,%l4
-	stb	%o2,[%i1+11]
-
-	srl	%o3,16,%l5
-	stb	%l4,[%i1+12]
-	srl	%o3,8,%l6
-	stb	%l5,[%i1+13]
-	stb	%l6,[%i1+14]
-	stb	%o3,[%i1+15]
-
-	ret
-	restore
-.type	AES_decrypt,#function
-.size	AES_decrypt,(.-AES_decrypt)
-___
-
-# fmovs instructions substituting for FP nops were originally added
-# to meet specific instruction alignment requirements to maximize ILP.
-# As UltraSPARC T1, a.k.a. Niagara, has shared FPU, FP nops can have
-# undesired effect, so just omit them and sacrifice some portion of
-# percent in performance...
-$code =~ s/fmovs.*$//gm;
-
-print $code;
-close STDOUT;	# ensure flush
diff --git a/crypto/aes/asm/aes-x86_64.S b/crypto/aes/asm/aes-x86_64.S
deleted file mode 100644
index e385566f08..0000000000
--- a/crypto/aes/asm/aes-x86_64.S
+++ /dev/null
@@ -1,2541 +0,0 @@
-.text	
-.type	_x86_64_AES_encrypt,@function
-.align	16
-_x86_64_AES_encrypt:
-	xorl	0(%r15),%eax
-	xorl	4(%r15),%ebx
-	xorl	8(%r15),%ecx
-	xorl	12(%r15),%edx
-
-	movl	240(%r15),%r13d
-	subl	$1,%r13d
-	jmp	.Lenc_loop
-.align	16
-.Lenc_loop:
-
-	movzbl	%al,%esi
-	movzbl	%bl,%edi
-	movzbl	%cl,%ebp
-	movl	0(%r14,%rsi,8),%r10d
-	movl	0(%r14,%rdi,8),%r11d
-	movl	0(%r14,%rbp,8),%r12d
-
-	movzbl	%bh,%esi
-	movzbl	%ch,%edi
-	movzbl	%dl,%ebp
-	xorl	3(%r14,%rsi,8),%r10d
-	xorl	3(%r14,%rdi,8),%r11d
-	movl	0(%r14,%rbp,8),%r8d
-
-	movzbl	%dh,%esi
-	shrl	$16,%ecx
-	movzbl	%ah,%ebp
-	xorl	3(%r14,%rsi,8),%r12d
-	shrl	$16,%edx
-	xorl	3(%r14,%rbp,8),%r8d
-
-	shrl	$16,%ebx
-	leaq	16(%r15),%r15
-	shrl	$16,%eax
-
-	movzbl	%cl,%esi
-	movzbl	%dl,%edi
-	movzbl	%al,%ebp
-	xorl	2(%r14,%rsi,8),%r10d
-	xorl	2(%r14,%rdi,8),%r11d
-	xorl	2(%r14,%rbp,8),%r12d
-
-	movzbl	%dh,%esi
-	movzbl	%ah,%edi
-	movzbl	%bl,%ebp
-	xorl	1(%r14,%rsi,8),%r10d
-	xorl	1(%r14,%rdi,8),%r11d
-	xorl	2(%r14,%rbp,8),%r8d
-
-	movl	12(%r15),%edx
-	movzbl	%bh,%edi
-	movzbl	%ch,%ebp
-	movl	0(%r15),%eax
-	xorl	1(%r14,%rdi,8),%r12d
-	xorl	1(%r14,%rbp,8),%r8d
-
-	movl	4(%r15),%ebx
-	movl	8(%r15),%ecx
-	xorl	%r10d,%eax
-	xorl	%r11d,%ebx
-	xorl	%r12d,%ecx
-	xorl	%r8d,%edx
-	subl	$1,%r13d
-	jnz	.Lenc_loop
-	movzbl	%al,%esi
-	movzbl	%bl,%edi
-	movzbl	%cl,%ebp
-	movzbl	2(%r14,%rsi,8),%r10d
-	movzbl	2(%r14,%rdi,8),%r11d
-	movzbl	2(%r14,%rbp,8),%r12d
-
-	movzbl	%dl,%esi
-	movzbl	%bh,%edi
-	movzbl	%ch,%ebp
-	movzbl	2(%r14,%rsi,8),%r8d
-	movl	0(%r14,%rdi,8),%edi
-	movl	0(%r14,%rbp,8),%ebp
-
-	andl	$65280,%edi
-	andl	$65280,%ebp
-
-	xorl	%edi,%r10d
-	xorl	%ebp,%r11d
-	shrl	$16,%ecx
-
-	movzbl	%dh,%esi
-	movzbl	%ah,%edi
-	shrl	$16,%edx
-	movl	0(%r14,%rsi,8),%esi
-	movl	0(%r14,%rdi,8),%edi
-
-	andl	$65280,%esi
-	andl	$65280,%edi
-	shrl	$16,%ebx
-	xorl	%esi,%r12d
-	xorl	%edi,%r8d
-	shrl	$16,%eax
-
-	movzbl	%cl,%esi
-	movzbl	%dl,%edi
-	movzbl	%al,%ebp
-	movl	0(%r14,%rsi,8),%esi
-	movl	0(%r14,%rdi,8),%edi
-	movl	0(%r14,%rbp,8),%ebp
-
-	andl	$16711680,%esi
-	andl	$16711680,%edi
-	andl	$16711680,%ebp
-
-	xorl	%esi,%r10d
-	xorl	%edi,%r11d
-	xorl	%ebp,%r12d
-
-	movzbl	%bl,%esi
-	movzbl	%dh,%edi
-	movzbl	%ah,%ebp
-	movl	0(%r14,%rsi,8),%esi
-	movl	2(%r14,%rdi,8),%edi
-	movl	2(%r14,%rbp,8),%ebp
-
-	andl	$16711680,%esi
-	andl	$4278190080,%edi
-	andl	$4278190080,%ebp
-
-	xorl	%esi,%r8d
-	xorl	%edi,%r10d
-	xorl	%ebp,%r11d
-
-	movzbl	%bh,%esi
-	movzbl	%ch,%edi
-	movl	16+12(%r15),%edx
-	movl	2(%r14,%rsi,8),%esi
-	movl	2(%r14,%rdi,8),%edi
-	movl	16+0(%r15),%eax
-
-	andl	$4278190080,%esi
-	andl	$4278190080,%edi
-
-	xorl	%esi,%r12d
-	xorl	%edi,%r8d
-
-	movl	16+4(%r15),%ebx
-	movl	16+8(%r15),%ecx
-	xorl	%r10d,%eax
-	xorl	%r11d,%ebx
-	xorl	%r12d,%ecx
-	xorl	%r8d,%edx
-.byte	0xf3,0xc3			
-.size	_x86_64_AES_encrypt,.-_x86_64_AES_encrypt
-.type	_x86_64_AES_encrypt_compact,@function
-.align	16
-_x86_64_AES_encrypt_compact:
-	leaq	128(%r14),%r8
-	movl	0-128(%r8),%edi
-	movl	32-128(%r8),%ebp
-	movl	64-128(%r8),%r10d
-	movl	96-128(%r8),%r11d
-	movl	128-128(%r8),%edi
-	movl	160-128(%r8),%ebp
-	movl	192-128(%r8),%r10d
-	movl	224-128(%r8),%r11d
-	jmp	.Lenc_loop_compact
-.align	16
-.Lenc_loop_compact:
-	xorl	0(%r15),%eax
-	xorl	4(%r15),%ebx
-	xorl	8(%r15),%ecx
-	xorl	12(%r15),%edx
-	leaq	16(%r15),%r15
-	movzbl	%al,%r10d
-	movzbl	%bl,%r11d
-	movzbl	%cl,%r12d
-	movzbl	(%r14,%r10,1),%r10d
-	movzbl	(%r14,%r11,1),%r11d
-	movzbl	(%r14,%r12,1),%r12d
-
-	movzbl	%dl,%r8d
-	movzbl	%bh,%esi
-	movzbl	%ch,%edi
-	movzbl	(%r14,%r8,1),%r8d
-	movzbl	(%r14,%rsi,1),%r9d
-	movzbl	(%r14,%rdi,1),%r13d
-
-	movzbl	%dh,%ebp
-	movzbl	%ah,%esi
-	shrl	$16,%ecx
-	movzbl	(%r14,%rbp,1),%ebp
-	movzbl	(%r14,%rsi,1),%esi
-	shrl	$16,%edx
-
-	movzbl	%cl,%edi
-	shll	$8,%r9d
-	shll	$8,%r13d
-	movzbl	(%r14,%rdi,1),%edi
-	xorl	%r9d,%r10d
-	xorl	%r13d,%r11d
-
-	movzbl	%dl,%r9d
-	shrl	$16,%eax
-	shrl	$16,%ebx
-	movzbl	%al,%r13d
-	shll	$8,%ebp
-	shll	$8,%esi
-	movzbl	(%r14,%r9,1),%r9d
-	movzbl	(%r14,%r13,1),%r13d
-	xorl	%ebp,%r12d
-	xorl	%esi,%r8d
-
-	movzbl	%bl,%ebp
-	movzbl	%dh,%esi
-	shll	$16,%edi
-	movzbl	(%r14,%rbp,1),%ebp
-	movzbl	(%r14,%rsi,1),%esi
-	xorl	%edi,%r10d
-
-	movzbl	%ah,%edi
-	shrl	$8,%ecx
-	shrl	$8,%ebx
-	movzbl	(%r14,%rdi,1),%edi
-	movzbl	(%r14,%rcx,1),%edx
-	movzbl	(%r14,%rbx,1),%ecx
-	shll	$16,%r9d
-	shll	$16,%r13d
-	shll	$16,%ebp
-	xorl	%r9d,%r11d
-	xorl	%r13d,%r12d
-	xorl	%ebp,%r8d
-
-	shll	$24,%esi
-	shll	$24,%edi
-	shll	$24,%edx
-	xorl	%esi,%r10d
-	shll	$24,%ecx
-	xorl	%edi,%r11d
-	movl	%r10d,%eax
-	movl	%r11d,%ebx
-	xorl	%r12d,%ecx
-	xorl	%r8d,%edx
-	cmpq	16(%rsp),%r15
-	je	.Lenc_compact_done
-	movl	%eax,%esi
-	movl	%ebx,%edi
-	andl	$2155905152,%esi
-	andl	$2155905152,%edi
-	movl	%esi,%r10d
-	movl	%edi,%r11d
-	shrl	$7,%r10d
-	leal	(%rax,%rax,1),%r8d
-	shrl	$7,%r11d
-	leal	(%rbx,%rbx,1),%r9d
-	subl	%r10d,%esi
-	subl	%r11d,%edi
-	andl	$4278124286,%r8d
-	andl	$4278124286,%r9d
-	andl	$454761243,%esi
-	andl	$454761243,%edi
-	movl	%eax,%r10d
-	movl	%ebx,%r11d
-	xorl	%esi,%r8d
-	xorl	%edi,%r9d
-
-	xorl	%r8d,%eax
-	xorl	%r9d,%ebx
-	movl	%ecx,%esi
-	movl	%edx,%edi
-	roll	$24,%eax
-	roll	$24,%ebx
-	andl	$2155905152,%esi
-	andl	$2155905152,%edi
-	xorl	%r8d,%eax
-	xorl	%r9d,%ebx
-	movl	%esi,%r12d
-	movl	%edi,%ebp
-	rorl	$16,%r10d
-	rorl	$16,%r11d
-	shrl	$7,%r12d
-	leal	(%rcx,%rcx,1),%r8d
-	xorl	%r10d,%eax
-	xorl	%r11d,%ebx
-	shrl	$7,%ebp
-	leal	(%rdx,%rdx,1),%r9d
-	rorl	$8,%r10d
-	rorl	$8,%r11d
-	subl	%r12d,%esi
-	subl	%ebp,%edi
-	xorl	%r10d,%eax
-	xorl	%r11d,%ebx
-
-	andl	$4278124286,%r8d
-	andl	$4278124286,%r9d
-	andl	$454761243,%esi
-	andl	$454761243,%edi
-	movl	%ecx,%r12d
-	movl	%edx,%ebp
-	xorl	%esi,%r8d
-	xorl	%edi,%r9d
-
-	xorl	%r8d,%ecx
-	xorl	%r9d,%edx
-	roll	$24,%ecx
-	roll	$24,%edx
-	xorl	%r8d,%ecx
-	xorl	%r9d,%edx
-	movl	0(%r14),%esi
-	rorl	$16,%r12d
-	rorl	$16,%ebp
-	movl	64(%r14),%edi
-	xorl	%r12d,%ecx
-	xorl	%ebp,%edx
-	movl	128(%r14),%r8d
-	rorl	$8,%r12d
-	rorl	$8,%ebp
-	movl	192(%r14),%r9d
-	xorl	%r12d,%ecx
-	xorl	%ebp,%edx
-	jmp	.Lenc_loop_compact
-.align	16
-.Lenc_compact_done:
-	xorl	0(%r15),%eax
-	xorl	4(%r15),%ebx
-	xorl	8(%r15),%ecx
-	xorl	12(%r15),%edx
-.byte	0xf3,0xc3			
-.size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
-.globl	AES_encrypt
-.type	AES_encrypt,@function
-.align	16
-.globl	asm_AES_encrypt
-.hidden	asm_AES_encrypt
-asm_AES_encrypt:
-AES_encrypt:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-
-
-	movq	%rsp,%r10
-	leaq	-63(%rdx),%rcx
-	andq	$-64,%rsp
-	subq	%rsp,%rcx
-	negq	%rcx
-	andq	$960,%rcx
-	subq	%rcx,%rsp
-	subq	$32,%rsp
-
-	movq	%rsi,16(%rsp)
-	movq	%r10,24(%rsp)
-.Lenc_prologue:
-
-	movq	%rdx,%r15
-	movl	240(%r15),%r13d
-
-	movl	0(%rdi),%eax
-	movl	4(%rdi),%ebx
-	movl	8(%rdi),%ecx
-	movl	12(%rdi),%edx
-
-	shll	$4,%r13d
-	leaq	(%r15,%r13,1),%rbp
-	movq	%r15,(%rsp)
-	movq	%rbp,8(%rsp)
-
-
-	leaq	.LAES_Te+2048(%rip),%r14
-	leaq	768(%rsp),%rbp
-	subq	%r14,%rbp
-	andq	$768,%rbp
-	leaq	(%r14,%rbp,1),%r14
-
-	call	_x86_64_AES_encrypt_compact
-
-	movq	16(%rsp),%r9
-	movq	24(%rsp),%rsi
-	movl	%eax,0(%r9)
-	movl	%ebx,4(%r9)
-	movl	%ecx,8(%r9)
-	movl	%edx,12(%r9)
-
-	movq	(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbp
-	movq	40(%rsi),%rbx
-	leaq	48(%rsi),%rsp
-.Lenc_epilogue:
-	.byte	0xf3,0xc3
-.size	AES_encrypt,.-AES_encrypt
-.type	_x86_64_AES_decrypt,@function
-.align	16
-_x86_64_AES_decrypt:
-	xorl	0(%r15),%eax
-	xorl	4(%r15),%ebx
-	xorl	8(%r15),%ecx
-	xorl	12(%r15),%edx
-
-	movl	240(%r15),%r13d
-	subl	$1,%r13d
-	jmp	.Ldec_loop
-.align	16
-.Ldec_loop:
-
-	movzbl	%al,%esi
-	movzbl	%bl,%edi
-	movzbl	%cl,%ebp
-	movl	0(%r14,%rsi,8),%r10d
-	movl	0(%r14,%rdi,8),%r11d
-	movl	0(%r14,%rbp,8),%r12d
-
-	movzbl	%dh,%esi
-	movzbl	%ah,%edi
-	movzbl	%dl,%ebp
-	xorl	3(%r14,%rsi,8),%r10d
-	xorl	3(%r14,%rdi,8),%r11d
-	movl	0(%r14,%rbp,8),%r8d
-
-	movzbl	%bh,%esi
-	shrl	$16,%eax
-	movzbl	%ch,%ebp
-	xorl	3(%r14,%rsi,8),%r12d
-	shrl	$16,%edx
-	xorl	3(%r14,%rbp,8),%r8d
-
-	shrl	$16,%ebx
-	leaq	16(%r15),%r15
-	shrl	$16,%ecx
-
-	movzbl	%cl,%esi
-	movzbl	%dl,%edi
-	movzbl	%al,%ebp
-	xorl	2(%r14,%rsi,8),%r10d
-	xorl	2(%r14,%rdi,8),%r11d
-	xorl	2(%r14,%rbp,8),%r12d
-
-	movzbl	%bh,%esi
-	movzbl	%ch,%edi
-	movzbl	%bl,%ebp
-	xorl	1(%r14,%rsi,8),%r10d
-	xorl	1(%r14,%rdi,8),%r11d
-	xorl	2(%r14,%rbp,8),%r8d
-
-	movzbl	%dh,%esi
-	movl	12(%r15),%edx
-	movzbl	%ah,%ebp
-	xorl	1(%r14,%rsi,8),%r12d
-	movl	0(%r15),%eax
-	xorl	1(%r14,%rbp,8),%r8d
-
-	xorl	%r10d,%eax
-	movl	4(%r15),%ebx
-	movl	8(%r15),%ecx
-	xorl	%r12d,%ecx
-	xorl	%r11d,%ebx
-	xorl	%r8d,%edx
-	subl	$1,%r13d
-	jnz	.Ldec_loop
-	leaq	2048(%r14),%r14
-	movzbl	%al,%esi
-	movzbl	%bl,%edi
-	movzbl	%cl,%ebp
-	movzbl	(%r14,%rsi,1),%r10d
-	movzbl	(%r14,%rdi,1),%r11d
-	movzbl	(%r14,%rbp,1),%r12d
-
-	movzbl	%dl,%esi
-	movzbl	%dh,%edi
-	movzbl	%ah,%ebp
-	movzbl	(%r14,%rsi,1),%r8d
-	movzbl	(%r14,%rdi,1),%edi
-	movzbl	(%r14,%rbp,1),%ebp
-
-	shll	$8,%edi
-	shll	$8,%ebp
-
-	xorl	%edi,%r10d
-	xorl	%ebp,%r11d
-	shrl	$16,%edx
-
-	movzbl	%bh,%esi
-	movzbl	%ch,%edi
-	shrl	$16,%eax
-	movzbl	(%r14,%rsi,1),%esi
-	movzbl	(%r14,%rdi,1),%edi
-
-	shll	$8,%esi
-	shll	$8,%edi
-	shrl	$16,%ebx
-	xorl	%esi,%r12d
-	xorl	%edi,%r8d
-	shrl	$16,%ecx
-
-	movzbl	%cl,%esi
-	movzbl	%dl,%edi
-	movzbl	%al,%ebp
-	movzbl	(%r14,%rsi,1),%esi
-	movzbl	(%r14,%rdi,1),%edi
-	movzbl	(%r14,%rbp,1),%ebp
-
-	shll	$16,%esi
-	shll	$16,%edi
-	shll	$16,%ebp
-
-	xorl	%esi,%r10d
-	xorl	%edi,%r11d
-	xorl	%ebp,%r12d
-
-	movzbl	%bl,%esi
-	movzbl	%bh,%edi
-	movzbl	%ch,%ebp
-	movzbl	(%r14,%rsi,1),%esi
-	movzbl	(%r14,%rdi,1),%edi
-	movzbl	(%r14,%rbp,1),%ebp
-
-	shll	$16,%esi
-	shll	$24,%edi
-	shll	$24,%ebp
-
-	xorl	%esi,%r8d
-	xorl	%edi,%r10d
-	xorl	%ebp,%r11d
-
-	movzbl	%dh,%esi
-	movzbl	%ah,%edi
-	movl	16+12(%r15),%edx
-	movzbl	(%r14,%rsi,1),%esi
-	movzbl	(%r14,%rdi,1),%edi
-	movl	16+0(%r15),%eax
-
-	shll	$24,%esi
-	shll	$24,%edi
-
-	xorl	%esi,%r12d
-	xorl	%edi,%r8d
-
-	movl	16+4(%r15),%ebx
-	movl	16+8(%r15),%ecx
-	leaq	-2048(%r14),%r14
-	xorl	%r10d,%eax
-	xorl	%r11d,%ebx
-	xorl	%r12d,%ecx
-	xorl	%r8d,%edx
-.byte	0xf3,0xc3			
-.size	_x86_64_AES_decrypt,.-_x86_64_AES_decrypt
-.type	_x86_64_AES_decrypt_compact,@function
-.align	16
-_x86_64_AES_decrypt_compact:
-	leaq	128(%r14),%r8
-	movl	0-128(%r8),%edi
-	movl	32-128(%r8),%ebp
-	movl	64-128(%r8),%r10d
-	movl	96-128(%r8),%r11d
-	movl	128-128(%r8),%edi
-	movl	160-128(%r8),%ebp
-	movl	192-128(%r8),%r10d
-	movl	224-128(%r8),%r11d
-	jmp	.Ldec_loop_compact
-
-.align	16
-.Ldec_loop_compact:
-	xorl	0(%r15),%eax
-	xorl	4(%r15),%ebx
-	xorl	8(%r15),%ecx
-	xorl	12(%r15),%edx
-	leaq	16(%r15),%r15
-	movzbl	%al,%r10d
-	movzbl	%bl,%r11d
-	movzbl	%cl,%r12d
-	movzbl	(%r14,%r10,1),%r10d
-	movzbl	(%r14,%r11,1),%r11d
-	movzbl	(%r14,%r12,1),%r12d
-
-	movzbl	%dl,%r8d
-	movzbl	%dh,%esi
-	movzbl	%ah,%edi
-	movzbl	(%r14,%r8,1),%r8d
-	movzbl	(%r14,%rsi,1),%r9d
-	movzbl	(%r14,%rdi,1),%r13d
-
-	movzbl	%bh,%ebp
-	movzbl	%ch,%esi
-	shrl	$16,%ecx
-	movzbl	(%r14,%rbp,1),%ebp
-	movzbl	(%r14,%rsi,1),%esi
-	shrl	$16,%edx
-
-	movzbl	%cl,%edi
-	shll	$8,%r9d
-	shll	$8,%r13d
-	movzbl	(%r14,%rdi,1),%edi
-	xorl	%r9d,%r10d
-	xorl	%r13d,%r11d
-
-	movzbl	%dl,%r9d
-	shrl	$16,%eax
-	shrl	$16,%ebx
-	movzbl	%al,%r13d
-	shll	$8,%ebp
-	shll	$8,%esi
-	movzbl	(%r14,%r9,1),%r9d
-	movzbl	(%r14,%r13,1),%r13d
-	xorl	%ebp,%r12d
-	xorl	%esi,%r8d
-
-	movzbl	%bl,%ebp
-	movzbl	%bh,%esi
-	shll	$16,%edi
-	movzbl	(%r14,%rbp,1),%ebp
-	movzbl	(%r14,%rsi,1),%esi
-	xorl	%edi,%r10d
-
-	movzbl	%ch,%edi
-	shll	$16,%r9d
-	shll	$16,%r13d
-	movzbl	(%r14,%rdi,1),%ebx
-	xorl	%r9d,%r11d
-	xorl	%r13d,%r12d
-
-	movzbl	%dh,%edi
-	shrl	$8,%eax
-	shll	$16,%ebp
-	movzbl	(%r14,%rdi,1),%ecx
-	movzbl	(%r14,%rax,1),%edx
-	xorl	%ebp,%r8d
-
-	shll	$24,%esi
-	shll	$24,%ebx
-	shll	$24,%ecx
-	xorl	%esi,%r10d
-	shll	$24,%edx
-	xorl	%r11d,%ebx
-	movl	%r10d,%eax
-	xorl	%r12d,%ecx
-	xorl	%r8d,%edx
-	cmpq	16(%rsp),%r15
-	je	.Ldec_compact_done
-
-	movq	256+0(%r14),%rsi
-	shlq	$32,%rbx
-	shlq	$32,%rdx
-	movq	256+8(%r14),%rdi
-	orq	%rbx,%rax
-	orq	%rdx,%rcx
-	movq	256+16(%r14),%rbp
-	movq	%rax,%rbx
-	movq	%rcx,%rdx
-	andq	%rsi,%rbx
-	andq	%rsi,%rdx
-	movq	%rbx,%r9
-	movq	%rdx,%r12
-	shrq	$7,%r9
-	leaq	(%rax,%rax,1),%r8
-	shrq	$7,%r12
-	leaq	(%rcx,%rcx,1),%r11
-	subq	%r9,%rbx
-	subq	%r12,%rdx
-	andq	%rdi,%r8
-	andq	%rdi,%r11
-	andq	%rbp,%rbx
-	andq	%rbp,%rdx
-	xorq	%r8,%rbx
-	xorq	%r11,%rdx
-	movq	%rbx,%r8
-	movq	%rdx,%r11
-
-	andq	%rsi,%rbx
-	andq	%rsi,%rdx
-	movq	%rbx,%r10
-	movq	%rdx,%r13
-	shrq	$7,%r10
-	leaq	(%r8,%r8,1),%r9
-	shrq	$7,%r13
-	leaq	(%r11,%r11,1),%r12
-	subq	%r10,%rbx
-	subq	%r13,%rdx
-	andq	%rdi,%r9
-	andq	%rdi,%r12
-	andq	%rbp,%rbx
-	andq	%rbp,%rdx
-	xorq	%r9,%rbx
-	xorq	%r12,%rdx
-	movq	%rbx,%r9
-	movq	%rdx,%r12
-
-	andq	%rsi,%rbx
-	andq	%rsi,%rdx
-	movq	%rbx,%r10
-	movq	%rdx,%r13
-	shrq	$7,%r10
-	xorq	%rax,%r8
-	shrq	$7,%r13
-	xorq	%rcx,%r11
-	subq	%r10,%rbx
-	subq	%r13,%rdx
-	leaq	(%r9,%r9,1),%r10
-	leaq	(%r12,%r12,1),%r13
-	xorq	%rax,%r9
-	xorq	%rcx,%r12
-	andq	%rdi,%r10
-	andq	%rdi,%r13
-	andq	%rbp,%rbx
-	andq	%rbp,%rdx
-	xorq	%rbx,%r10
-	xorq	%rdx,%r13
-
-	xorq	%r10,%rax
-	xorq	%r13,%rcx
-	xorq	%r10,%r8
-	xorq	%r13,%r11
-	movq	%rax,%rbx
-	movq	%rcx,%rdx
-	xorq	%r10,%r9
-	xorq	%r13,%r12
-	shrq	$32,%rbx
-	shrq	$32,%rdx
-	xorq	%r8,%r10
-	xorq	%r11,%r13
-	roll	$8,%eax
-	roll	$8,%ecx
-	xorq	%r9,%r10
-	xorq	%r12,%r13
-
-	roll	$8,%ebx
-	roll	$8,%edx
-	xorl	%r10d,%eax
-	xorl	%r13d,%ecx
-	shrq	$32,%r10
-	shrq	$32,%r13
-	xorl	%r10d,%ebx
-	xorl	%r13d,%edx
-
-	movq	%r8,%r10
-	movq	%r11,%r13
-	shrq	$32,%r10
-	shrq	$32,%r13
-	roll	$24,%r8d
-	roll	$24,%r11d
-	roll	$24,%r10d
-	roll	$24,%r13d
-	xorl	%r8d,%eax
-	xorl	%r11d,%ecx
-	movq	%r9,%r8
-	movq	%r12,%r11
-	xorl	%r10d,%ebx
-	xorl	%r13d,%edx
-
-	movq	0(%r14),%rsi
-	shrq	$32,%r8
-	shrq	$32,%r11
-	movq	64(%r14),%rdi
-	roll	$16,%r9d
-	roll	$16,%r12d
-	movq	128(%r14),%rbp
-	roll	$16,%r8d
-	roll	$16,%r11d
-	movq	192(%r14),%r10
-	xorl	%r9d,%eax
-	xorl	%r12d,%ecx
-	movq	256(%r14),%r13
-	xorl	%r8d,%ebx
-	xorl	%r11d,%edx
-	jmp	.Ldec_loop_compact
-.align	16
-.Ldec_compact_done:
-	xorl	0(%r15),%eax
-	xorl	4(%r15),%ebx
-	xorl	8(%r15),%ecx
-	xorl	12(%r15),%edx
-.byte	0xf3,0xc3			
-.size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
-.globl	AES_decrypt
-.type	AES_decrypt,@function
-.align	16
-.globl	asm_AES_decrypt
-.hidden	asm_AES_decrypt
-asm_AES_decrypt:
-AES_decrypt:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-
-
-	movq	%rsp,%r10
-	leaq	-63(%rdx),%rcx
-	andq	$-64,%rsp
-	subq	%rsp,%rcx
-	negq	%rcx
-	andq	$960,%rcx
-	subq	%rcx,%rsp
-	subq	$32,%rsp
-
-	movq	%rsi,16(%rsp)
-	movq	%r10,24(%rsp)
-.Ldec_prologue:
-
-	movq	%rdx,%r15
-	movl	240(%r15),%r13d
-
-	movl	0(%rdi),%eax
-	movl	4(%rdi),%ebx
-	movl	8(%rdi),%ecx
-	movl	12(%rdi),%edx
-
-	shll	$4,%r13d
-	leaq	(%r15,%r13,1),%rbp
-	movq	%r15,(%rsp)
-	movq	%rbp,8(%rsp)
-
-
-	leaq	.LAES_Td+2048(%rip),%r14
-	leaq	768(%rsp),%rbp
-	subq	%r14,%rbp
-	andq	$768,%rbp
-	leaq	(%r14,%rbp,1),%r14
-	shrq	$3,%rbp
-	addq	%rbp,%r14
-
-	call	_x86_64_AES_decrypt_compact
-
-	movq	16(%rsp),%r9
-	movq	24(%rsp),%rsi
-	movl	%eax,0(%r9)
-	movl	%ebx,4(%r9)
-	movl	%ecx,8(%r9)
-	movl	%edx,12(%r9)
-
-	movq	(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbp
-	movq	40(%rsi),%rbx
-	leaq	48(%rsi),%rsp
-.Ldec_epilogue:
-	.byte	0xf3,0xc3
-.size	AES_decrypt,.-AES_decrypt
-.globl	private_AES_set_encrypt_key
-.type	private_AES_set_encrypt_key,@function
-.align	16
-private_AES_set_encrypt_key:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	subq	$8,%rsp
-.Lenc_key_prologue:
-
-	call	_x86_64_AES_set_encrypt_key
-
-	movq	8(%rsp),%r15
-	movq	16(%rsp),%r14
-	movq	24(%rsp),%r13
-	movq	32(%rsp),%r12
-	movq	40(%rsp),%rbp
-	movq	48(%rsp),%rbx
-	addq	$56,%rsp
-.Lenc_key_epilogue:
-	.byte	0xf3,0xc3
-.size	private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
-
-.type	_x86_64_AES_set_encrypt_key,@function
-.align	16
-_x86_64_AES_set_encrypt_key:
-	movl	%esi,%ecx
-	movq	%rdi,%rsi
-	movq	%rdx,%rdi
-
-	testq	$-1,%rsi
-	jz	.Lbadpointer
-	testq	$-1,%rdi
-	jz	.Lbadpointer
-
-	leaq	.LAES_Te(%rip),%rbp
-	leaq	2048+128(%rbp),%rbp
-
-
-	movl	0-128(%rbp),%eax
-	movl	32-128(%rbp),%ebx
-	movl	64-128(%rbp),%r8d
-	movl	96-128(%rbp),%edx
-	movl	128-128(%rbp),%eax
-	movl	160-128(%rbp),%ebx
-	movl	192-128(%rbp),%r8d
-	movl	224-128(%rbp),%edx
-
-	cmpl	$128,%ecx
-	je	.L10rounds
-	cmpl	$192,%ecx
-	je	.L12rounds
-	cmpl	$256,%ecx
-	je	.L14rounds
-	movq	$-2,%rax
-	jmp	.Lexit
-
-.L10rounds:
-	movq	0(%rsi),%rax
-	movq	8(%rsi),%rdx
-	movq	%rax,0(%rdi)
-	movq	%rdx,8(%rdi)
-
-	shrq	$32,%rdx
-	xorl	%ecx,%ecx
-	jmp	.L10shortcut
-.align	4
-.L10loop:
-	movl	0(%rdi),%eax
-	movl	12(%rdi),%edx
-.L10shortcut:
-	movzbl	%dl,%esi
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$24,%ebx
-	xorl	%ebx,%eax
-
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	shrl	$16,%edx
-	movzbl	%dl,%esi
-	xorl	%ebx,%eax
-
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$8,%ebx
-	xorl	%ebx,%eax
-
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	shll	$16,%ebx
-	xorl	%ebx,%eax
-
-	xorl	1024-128(%rbp,%rcx,4),%eax
-	movl	%eax,16(%rdi)
-	xorl	4(%rdi),%eax
-	movl	%eax,20(%rdi)
-	xorl	8(%rdi),%eax
-	movl	%eax,24(%rdi)
-	xorl	12(%rdi),%eax
-	movl	%eax,28(%rdi)
-	addl	$1,%ecx
-	leaq	16(%rdi),%rdi
-	cmpl	$10,%ecx
-	jl	.L10loop
-
-	movl	$10,80(%rdi)
-	xorq	%rax,%rax
-	jmp	.Lexit
-
-.L12rounds:
-	movq	0(%rsi),%rax
-	movq	8(%rsi),%rbx
-	movq	16(%rsi),%rdx
-	movq	%rax,0(%rdi)
-	movq	%rbx,8(%rdi)
-	movq	%rdx,16(%rdi)
-
-	shrq	$32,%rdx
-	xorl	%ecx,%ecx
-	jmp	.L12shortcut
-.align	4
-.L12loop:
-	movl	0(%rdi),%eax
-	movl	20(%rdi),%edx
-.L12shortcut:
-	movzbl	%dl,%esi
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$24,%ebx
-	xorl	%ebx,%eax
-
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	shrl	$16,%edx
-	movzbl	%dl,%esi
-	xorl	%ebx,%eax
-
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$8,%ebx
-	xorl	%ebx,%eax
-
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	shll	$16,%ebx
-	xorl	%ebx,%eax
-
-	xorl	1024-128(%rbp,%rcx,4),%eax
-	movl	%eax,24(%rdi)
-	xorl	4(%rdi),%eax
-	movl	%eax,28(%rdi)
-	xorl	8(%rdi),%eax
-	movl	%eax,32(%rdi)
-	xorl	12(%rdi),%eax
-	movl	%eax,36(%rdi)
-
-	cmpl	$7,%ecx
-	je	.L12break
-	addl	$1,%ecx
-
-	xorl	16(%rdi),%eax
-	movl	%eax,40(%rdi)
-	xorl	20(%rdi),%eax
-	movl	%eax,44(%rdi)
-
-	leaq	24(%rdi),%rdi
-	jmp	.L12loop
-.L12break:
-	movl	$12,72(%rdi)
-	xorq	%rax,%rax
-	jmp	.Lexit
-
-.L14rounds:
-	movq	0(%rsi),%rax
-	movq	8(%rsi),%rbx
-	movq	16(%rsi),%rcx
-	movq	24(%rsi),%rdx
-	movq	%rax,0(%rdi)
-	movq	%rbx,8(%rdi)
-	movq	%rcx,16(%rdi)
-	movq	%rdx,24(%rdi)
-
-	shrq	$32,%rdx
-	xorl	%ecx,%ecx
-	jmp	.L14shortcut
-.align	4
-.L14loop:
-	movl	0(%rdi),%eax
-	movl	28(%rdi),%edx
-.L14shortcut:
-	movzbl	%dl,%esi
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$24,%ebx
-	xorl	%ebx,%eax
-
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	shrl	$16,%edx
-	movzbl	%dl,%esi
-	xorl	%ebx,%eax
-
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$8,%ebx
-	xorl	%ebx,%eax
-
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	shll	$16,%ebx
-	xorl	%ebx,%eax
-
-	xorl	1024-128(%rbp,%rcx,4),%eax
-	movl	%eax,32(%rdi)
-	xorl	4(%rdi),%eax
-	movl	%eax,36(%rdi)
-	xorl	8(%rdi),%eax
-	movl	%eax,40(%rdi)
-	xorl	12(%rdi),%eax
-	movl	%eax,44(%rdi)
-
-	cmpl	$6,%ecx
-	je	.L14break
-	addl	$1,%ecx
-
-	movl	%eax,%edx
-	movl	16(%rdi),%eax
-	movzbl	%dl,%esi
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	movzbl	%dh,%esi
-	xorl	%ebx,%eax
-
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	shrl	$16,%edx
-	shll	$8,%ebx
-	movzbl	%dl,%esi
-	xorl	%ebx,%eax
-
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	movzbl	%dh,%esi
-	shll	$16,%ebx
-	xorl	%ebx,%eax
-
-	movzbl	-128(%rbp,%rsi,1),%ebx
-	shll	$24,%ebx
-	xorl	%ebx,%eax
-
-	movl	%eax,48(%rdi)
-	xorl	20(%rdi),%eax
-	movl	%eax,52(%rdi)
-	xorl	24(%rdi),%eax
-	movl	%eax,56(%rdi)
-	xorl	28(%rdi),%eax
-	movl	%eax,60(%rdi)
-
-	leaq	32(%rdi),%rdi
-	jmp	.L14loop
-.L14break:
-	movl	$14,48(%rdi)
-	xorq	%rax,%rax
-	jmp	.Lexit
-
-.Lbadpointer:
-	movq	$-1,%rax
-.Lexit:
-.byte	0xf3,0xc3			
-.size	_x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
-.globl	private_AES_set_decrypt_key
-.type	private_AES_set_decrypt_key,@function
-.align	16
-private_AES_set_decrypt_key:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	pushq	%rdx
-.Ldec_key_prologue:
-
-	call	_x86_64_AES_set_encrypt_key
-	movq	(%rsp),%r8
-	cmpl	$0,%eax
-	jne	.Labort
-
-	movl	240(%r8),%r14d
-	xorq	%rdi,%rdi
-	leaq	(%rdi,%r14,4),%rcx
-	movq	%r8,%rsi
-	leaq	(%r8,%rcx,4),%rdi
-.align	4
-.Linvert:
-	movq	0(%rsi),%rax
-	movq	8(%rsi),%rbx
-	movq	0(%rdi),%rcx
-	movq	8(%rdi),%rdx
-	movq	%rax,0(%rdi)
-	movq	%rbx,8(%rdi)
-	movq	%rcx,0(%rsi)
-	movq	%rdx,8(%rsi)
-	leaq	16(%rsi),%rsi
-	leaq	-16(%rdi),%rdi
-	cmpq	%rsi,%rdi
-	jne	.Linvert
-
-	leaq	.LAES_Te+2048+1024(%rip),%rax
-
-	movq	40(%rax),%rsi
-	movq	48(%rax),%rdi
-	movq	56(%rax),%rbp
-
-	movq	%r8,%r15
-	subl	$1,%r14d
-.align	4
-.Lpermute:
-	leaq	16(%r15),%r15
-	movq	0(%r15),%rax
-	movq	8(%r15),%rcx
-	movq	%rax,%rbx
-	movq	%rcx,%rdx
-	andq	%rsi,%rbx
-	andq	%rsi,%rdx
-	movq	%rbx,%r9
-	movq	%rdx,%r12
-	shrq	$7,%r9
-	leaq	(%rax,%rax,1),%r8
-	shrq	$7,%r12
-	leaq	(%rcx,%rcx,1),%r11
-	subq	%r9,%rbx
-	subq	%r12,%rdx
-	andq	%rdi,%r8
-	andq	%rdi,%r11
-	andq	%rbp,%rbx
-	andq	%rbp,%rdx
-	xorq	%r8,%rbx
-	xorq	%r11,%rdx
-	movq	%rbx,%r8
-	movq	%rdx,%r11
-
-	andq	%rsi,%rbx
-	andq	%rsi,%rdx
-	movq	%rbx,%r10
-	movq	%rdx,%r13
-	shrq	$7,%r10
-	leaq	(%r8,%r8,1),%r9
-	shrq	$7,%r13
-	leaq	(%r11,%r11,1),%r12
-	subq	%r10,%rbx
-	subq	%r13,%rdx
-	andq	%rdi,%r9
-	andq	%rdi,%r12
-	andq	%rbp,%rbx
-	andq	%rbp,%rdx
-	xorq	%r9,%rbx
-	xorq	%r12,%rdx
-	movq	%rbx,%r9
-	movq	%rdx,%r12
-
-	andq	%rsi,%rbx
-	andq	%rsi,%rdx
-	movq	%rbx,%r10
-	movq	%rdx,%r13
-	shrq	$7,%r10
-	xorq	%rax,%r8
-	shrq	$7,%r13
-	xorq	%rcx,%r11
-	subq	%r10,%rbx
-	subq	%r13,%rdx
-	leaq	(%r9,%r9,1),%r10
-	leaq	(%r12,%r12,1),%r13
-	xorq	%rax,%r9
-	xorq	%rcx,%r12
-	andq	%rdi,%r10
-	andq	%rdi,%r13
-	andq	%rbp,%rbx
-	andq	%rbp,%rdx
-	xorq	%rbx,%r10
-	xorq	%rdx,%r13
-
-	xorq	%r10,%rax
-	xorq	%r13,%rcx
-	xorq	%r10,%r8
-	xorq	%r13,%r11
-	movq	%rax,%rbx
-	movq	%rcx,%rdx
-	xorq	%r10,%r9
-	xorq	%r13,%r12
-	shrq	$32,%rbx
-	shrq	$32,%rdx
-	xorq	%r8,%r10
-	xorq	%r11,%r13
-	roll	$8,%eax
-	roll	$8,%ecx
-	xorq	%r9,%r10
-	xorq	%r12,%r13
-
-	roll	$8,%ebx
-	roll	$8,%edx
-	xorl	%r10d,%eax
-	xorl	%r13d,%ecx
-	shrq	$32,%r10
-	shrq	$32,%r13
-	xorl	%r10d,%ebx
-	xorl	%r13d,%edx
-
-	movq	%r8,%r10
-	movq	%r11,%r13
-	shrq	$32,%r10
-	shrq	$32,%r13
-	roll	$24,%r8d
-	roll	$24,%r11d
-	roll	$24,%r10d
-	roll	$24,%r13d
-	xorl	%r8d,%eax
-	xorl	%r11d,%ecx
-	movq	%r9,%r8
-	movq	%r12,%r11
-	xorl	%r10d,%ebx
-	xorl	%r13d,%edx
-
-
-	shrq	$32,%r8
-	shrq	$32,%r11
-
-	roll	$16,%r9d
-	roll	$16,%r12d
-
-	roll	$16,%r8d
-	roll	$16,%r11d
-
-	xorl	%r9d,%eax
-	xorl	%r12d,%ecx
-
-	xorl	%r8d,%ebx
-	xorl	%r11d,%edx
-	movl	%eax,0(%r15)
-	movl	%ebx,4(%r15)
-	movl	%ecx,8(%r15)
-	movl	%edx,12(%r15)
-	subl	$1,%r14d
-	jnz	.Lpermute
-
-	xorq	%rax,%rax
-.Labort:
-	movq	8(%rsp),%r15
-	movq	16(%rsp),%r14
-	movq	24(%rsp),%r13
-	movq	32(%rsp),%r12
-	movq	40(%rsp),%rbp
-	movq	48(%rsp),%rbx
-	addq	$56,%rsp
-.Ldec_key_epilogue:
-	.byte	0xf3,0xc3
-.size	private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
-.globl	AES_cbc_encrypt
-.type	AES_cbc_encrypt,@function
-.align	16
-
-.globl	asm_AES_cbc_encrypt
-.hidden	asm_AES_cbc_encrypt
-asm_AES_cbc_encrypt:
-AES_cbc_encrypt:
-	cmpq	$0,%rdx
-	je	.Lcbc_epilogue
-	pushfq
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-.Lcbc_prologue:
-
-	cld
-	movl	%r9d,%r9d
-
-	leaq	.LAES_Te(%rip),%r14
-	cmpq	$0,%r9
-	jne	.Lcbc_picked_te
-	leaq	.LAES_Td(%rip),%r14
-.Lcbc_picked_te:
-
-	movl	OPENSSL_ia32cap_P(%rip),%r10d
-	cmpq	$512,%rdx
-	jb	.Lcbc_slow_prologue
-	testq	$15,%rdx
-	jnz	.Lcbc_slow_prologue
-	btl	$28,%r10d
-	jc	.Lcbc_slow_prologue
-
-
-	leaq	-88-248(%rsp),%r15
-	andq	$-64,%r15
-
-
-	movq	%r14,%r10
-	leaq	2304(%r14),%r11
-	movq	%r15,%r12
-	andq	$4095,%r10
-	andq	$4095,%r11
-	andq	$4095,%r12
-
-	cmpq	%r11,%r12
-	jb	.Lcbc_te_break_out
-	subq	%r11,%r12
-	subq	%r12,%r15
-	jmp	.Lcbc_te_ok
-.Lcbc_te_break_out:
-	subq	%r10,%r12
-	andq	$4095,%r12
-	addq	$320,%r12
-	subq	%r12,%r15
-.align	4
-.Lcbc_te_ok:
-
-	xchgq	%rsp,%r15
-
-	movq	%r15,16(%rsp)
-.Lcbc_fast_body:
-	movq	%rdi,24(%rsp)
-	movq	%rsi,32(%rsp)
-	movq	%rdx,40(%rsp)
-	movq	%rcx,48(%rsp)
-	movq	%r8,56(%rsp)
-	movl	$0,80+240(%rsp)
-	movq	%r8,%rbp
-	movq	%r9,%rbx
-	movq	%rsi,%r9
-	movq	%rdi,%r8
-	movq	%rcx,%r15
-
-	movl	240(%r15),%eax
-
-	movq	%r15,%r10
-	subq	%r14,%r10
-	andq	$4095,%r10
-	cmpq	$2304,%r10
-	jb	.Lcbc_do_ecopy
-	cmpq	$4096-248,%r10
-	jb	.Lcbc_skip_ecopy
-.align	4
-.Lcbc_do_ecopy:
-	movq	%r15,%rsi
-	leaq	80(%rsp),%rdi
-	leaq	80(%rsp),%r15
-	movl	$30,%ecx
-.long	0x90A548F3	
-	movl	%eax,(%rdi)
-.Lcbc_skip_ecopy:
-	movq	%r15,0(%rsp)
-
-	movl	$18,%ecx
-.align	4
-.Lcbc_prefetch_te:
-	movq	0(%r14),%r10
-	movq	32(%r14),%r11
-	movq	64(%r14),%r12
-	movq	96(%r14),%r13
-	leaq	128(%r14),%r14
-	subl	$1,%ecx
-	jnz	.Lcbc_prefetch_te
-	leaq	-2304(%r14),%r14
-
-	cmpq	$0,%rbx
-	je	.LFAST_DECRYPT
-
-
-	movl	0(%rbp),%eax
-	movl	4(%rbp),%ebx
-	movl	8(%rbp),%ecx
-	movl	12(%rbp),%edx
-
-.align	4
-.Lcbc_fast_enc_loop:
-	xorl	0(%r8),%eax
-	xorl	4(%r8),%ebx
-	xorl	8(%r8),%ecx
-	xorl	12(%r8),%edx
-	movq	0(%rsp),%r15
-	movq	%r8,24(%rsp)
-
-	call	_x86_64_AES_encrypt
-
-	movq	24(%rsp),%r8
-	movq	40(%rsp),%r10
-	movl	%eax,0(%r9)
-	movl	%ebx,4(%r9)
-	movl	%ecx,8(%r9)
-	movl	%edx,12(%r9)
-
-	leaq	16(%r8),%r8
-	leaq	16(%r9),%r9
-	subq	$16,%r10
-	testq	$-16,%r10
-	movq	%r10,40(%rsp)
-	jnz	.Lcbc_fast_enc_loop
-	movq	56(%rsp),%rbp
-	movl	%eax,0(%rbp)
-	movl	%ebx,4(%rbp)
-	movl	%ecx,8(%rbp)
-	movl	%edx,12(%rbp)
-
-	jmp	.Lcbc_fast_cleanup
-
-
-.align	16
-.LFAST_DECRYPT:
-	cmpq	%r8,%r9
-	je	.Lcbc_fast_dec_in_place
-
-	movq	%rbp,64(%rsp)
-.align	4
-.Lcbc_fast_dec_loop:
-	movl	0(%r8),%eax
-	movl	4(%r8),%ebx
-	movl	8(%r8),%ecx
-	movl	12(%r8),%edx
-	movq	0(%rsp),%r15
-	movq	%r8,24(%rsp)
-
-	call	_x86_64_AES_decrypt
-
-	movq	64(%rsp),%rbp
-	movq	24(%rsp),%r8
-	movq	40(%rsp),%r10
-	xorl	0(%rbp),%eax
-	xorl	4(%rbp),%ebx
-	xorl	8(%rbp),%ecx
-	xorl	12(%rbp),%edx
-	movq	%r8,%rbp
-
-	subq	$16,%r10
-	movq	%r10,40(%rsp)
-	movq	%rbp,64(%rsp)
-
-	movl	%eax,0(%r9)
-	movl	%ebx,4(%r9)
-	movl	%ecx,8(%r9)
-	movl	%edx,12(%r9)
-
-	leaq	16(%r8),%r8
-	leaq	16(%r9),%r9
-	jnz	.Lcbc_fast_dec_loop
-	movq	56(%rsp),%r12
-	movq	0(%rbp),%r10
-	movq	8(%rbp),%r11
-	movq	%r10,0(%r12)
-	movq	%r11,8(%r12)
-	jmp	.Lcbc_fast_cleanup
-
-.align	16
-.Lcbc_fast_dec_in_place:
-	movq	0(%rbp),%r10
-	movq	8(%rbp),%r11
-	movq	%r10,0+64(%rsp)
-	movq	%r11,8+64(%rsp)
-.align	4
-.Lcbc_fast_dec_in_place_loop:
-	movl	0(%r8),%eax
-	movl	4(%r8),%ebx
-	movl	8(%r8),%ecx
-	movl	12(%r8),%edx
-	movq	0(%rsp),%r15
-	movq	%r8,24(%rsp)
-
-	call	_x86_64_AES_decrypt
-
-	movq	24(%rsp),%r8
-	movq	40(%rsp),%r10
-	xorl	0+64(%rsp),%eax
-	xorl	4+64(%rsp),%ebx
-	xorl	8+64(%rsp),%ecx
-	xorl	12+64(%rsp),%edx
-
-	movq	0(%r8),%r11
-	movq	8(%r8),%r12
-	subq	$16,%r10
-	jz	.Lcbc_fast_dec_in_place_done
-
-	movq	%r11,0+64(%rsp)
-	movq	%r12,8+64(%rsp)
-
-	movl	%eax,0(%r9)
-	movl	%ebx,4(%r9)
-	movl	%ecx,8(%r9)
-	movl	%edx,12(%r9)
-
-	leaq	16(%r8),%r8
-	leaq	16(%r9),%r9
-	movq	%r10,40(%rsp)
-	jmp	.Lcbc_fast_dec_in_place_loop
-.Lcbc_fast_dec_in_place_done:
-	movq	56(%rsp),%rdi
-	movq	%r11,0(%rdi)
-	movq	%r12,8(%rdi)
-
-	movl	%eax,0(%r9)
-	movl	%ebx,4(%r9)
-	movl	%ecx,8(%r9)
-	movl	%edx,12(%r9)
-
-.align	4
-.Lcbc_fast_cleanup:
-	cmpl	$0,80+240(%rsp)
-	leaq	80(%rsp),%rdi
-	je	.Lcbc_exit
-	movl	$30,%ecx
-	xorq	%rax,%rax
-.long	0x90AB48F3	
-
-	jmp	.Lcbc_exit
-
-
-.align	16
-.Lcbc_slow_prologue:
-
-	leaq	-88(%rsp),%rbp
-	andq	$-64,%rbp
-
-	leaq	-88-63(%rcx),%r10
-	subq	%rbp,%r10
-	negq	%r10
-	andq	$960,%r10
-	subq	%r10,%rbp
-
-	xchgq	%rsp,%rbp
-
-	movq	%rbp,16(%rsp)
-.Lcbc_slow_body:
-
-
-
-
-	movq	%r8,56(%rsp)
-	movq	%r8,%rbp
-	movq	%r9,%rbx
-	movq	%rsi,%r9
-	movq	%rdi,%r8
-	movq	%rcx,%r15
-	movq	%rdx,%r10
-
-	movl	240(%r15),%eax
-	movq	%r15,0(%rsp)
-	shll	$4,%eax
-	leaq	(%r15,%rax,1),%rax
-	movq	%rax,8(%rsp)
-
-
-	leaq	2048(%r14),%r14
-	leaq	768-8(%rsp),%rax
-	subq	%r14,%rax
-	andq	$768,%rax
-	leaq	(%r14,%rax,1),%r14
-
-	cmpq	$0,%rbx
-	je	.LSLOW_DECRYPT
-
-
-	testq	$-16,%r10
-	movl	0(%rbp),%eax
-	movl	4(%rbp),%ebx
-	movl	8(%rbp),%ecx
-	movl	12(%rbp),%edx
-	jz	.Lcbc_slow_enc_tail	
-
-.align	4
-.Lcbc_slow_enc_loop:
-	xorl	0(%r8),%eax
-	xorl	4(%r8),%ebx
-	xorl	8(%r8),%ecx
-	xorl	12(%r8),%edx
-	movq	0(%rsp),%r15
-	movq	%r8,24(%rsp)
-	movq	%r9,32(%rsp)
-	movq	%r10,40(%rsp)
-
-	call	_x86_64_AES_encrypt_compact
-
-	movq	24(%rsp),%r8
-	movq	32(%rsp),%r9
-	movq	40(%rsp),%r10
-	movl	%eax,0(%r9)
-	movl	%ebx,4(%r9)
-	movl	%ecx,8(%r9)
-	movl	%edx,12(%r9)
-
-	leaq	16(%r8),%r8
-	leaq	16(%r9),%r9
-	subq	$16,%r10
-	testq	$-16,%r10
-	jnz	.Lcbc_slow_enc_loop
-	testq	$15,%r10
-	jnz	.Lcbc_slow_enc_tail
-	movq	56(%rsp),%rbp
-	movl	%eax,0(%rbp)
-	movl	%ebx,4(%rbp)
-	movl	%ecx,8(%rbp)
-	movl	%edx,12(%rbp)
-
-	jmp	.Lcbc_exit
-
-.align	4
-.Lcbc_slow_enc_tail:
-	movq	%rax,%r11
-	movq	%rcx,%r12
-	movq	%r10,%rcx
-	movq	%r8,%rsi
-	movq	%r9,%rdi
-.long	0x9066A4F3		
-	movq	$16,%rcx
-	subq	%r10,%rcx
-	xorq	%rax,%rax
-.long	0x9066AAF3		
-	movq	%r9,%r8
-	movq	$16,%r10
-	movq	%r11,%rax
-	movq	%r12,%rcx
-	jmp	.Lcbc_slow_enc_loop	
-
-.align	16
-.LSLOW_DECRYPT:
-	shrq	$3,%rax
-	addq	%rax,%r14
-
-	movq	0(%rbp),%r11
-	movq	8(%rbp),%r12
-	movq	%r11,0+64(%rsp)
-	movq	%r12,8+64(%rsp)
-
-.align	4
-.Lcbc_slow_dec_loop:
-	movl	0(%r8),%eax
-	movl	4(%r8),%ebx
-	movl	8(%r8),%ecx
-	movl	12(%r8),%edx
-	movq	0(%rsp),%r15
-	movq	%r8,24(%rsp)
-	movq	%r9,32(%rsp)
-	movq	%r10,40(%rsp)
-
-	call	_x86_64_AES_decrypt_compact
-
-	movq	24(%rsp),%r8
-	movq	32(%rsp),%r9
-	movq	40(%rsp),%r10
-	xorl	0+64(%rsp),%eax
-	xorl	4+64(%rsp),%ebx
-	xorl	8+64(%rsp),%ecx
-	xorl	12+64(%rsp),%edx
-
-	movq	0(%r8),%r11
-	movq	8(%r8),%r12
-	subq	$16,%r10
-	jc	.Lcbc_slow_dec_partial
-	jz	.Lcbc_slow_dec_done
-
-	movq	%r11,0+64(%rsp)
-	movq	%r12,8+64(%rsp)
-
-	movl	%eax,0(%r9)
-	movl	%ebx,4(%r9)
-	movl	%ecx,8(%r9)
-	movl	%edx,12(%r9)
-
-	leaq	16(%r8),%r8
-	leaq	16(%r9),%r9
-	jmp	.Lcbc_slow_dec_loop
-.Lcbc_slow_dec_done:
-	movq	56(%rsp),%rdi
-	movq	%r11,0(%rdi)
-	movq	%r12,8(%rdi)
-
-	movl	%eax,0(%r9)
-	movl	%ebx,4(%r9)
-	movl	%ecx,8(%r9)
-	movl	%edx,12(%r9)
-
-	jmp	.Lcbc_exit
-
-.align	4
-.Lcbc_slow_dec_partial:
-	movq	56(%rsp),%rdi
-	movq	%r11,0(%rdi)
-	movq	%r12,8(%rdi)
-
-	movl	%eax,0+64(%rsp)
-	movl	%ebx,4+64(%rsp)
-	movl	%ecx,8+64(%rsp)
-	movl	%edx,12+64(%rsp)
-
-	movq	%r9,%rdi
-	leaq	64(%rsp),%rsi
-	leaq	16(%r10),%rcx
-.long	0x9066A4F3	
-	jmp	.Lcbc_exit
-
-.align	16
-.Lcbc_exit:
-	movq	16(%rsp),%rsi
-	movq	(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbp
-	movq	40(%rsi),%rbx
-	leaq	48(%rsi),%rsp
-.Lcbc_popfq:
-	popfq
-.Lcbc_epilogue:
-	.byte	0xf3,0xc3
-.size	AES_cbc_encrypt,.-AES_cbc_encrypt
-.align	64
-.LAES_Te:
-.long	0xa56363c6,0xa56363c6
-.long	0x847c7cf8,0x847c7cf8
-.long	0x997777ee,0x997777ee
-.long	0x8d7b7bf6,0x8d7b7bf6
-.long	0x0df2f2ff,0x0df2f2ff
-.long	0xbd6b6bd6,0xbd6b6bd6
-.long	0xb16f6fde,0xb16f6fde
-.long	0x54c5c591,0x54c5c591
-.long	0x50303060,0x50303060
-.long	0x03010102,0x03010102
-.long	0xa96767ce,0xa96767ce
-.long	0x7d2b2b56,0x7d2b2b56
-.long	0x19fefee7,0x19fefee7
-.long	0x62d7d7b5,0x62d7d7b5
-.long	0xe6abab4d,0xe6abab4d
-.long	0x9a7676ec,0x9a7676ec
-.long	0x45caca8f,0x45caca8f
-.long	0x9d82821f,0x9d82821f
-.long	0x40c9c989,0x40c9c989
-.long	0x877d7dfa,0x877d7dfa
-.long	0x15fafaef,0x15fafaef
-.long	0xeb5959b2,0xeb5959b2
-.long	0xc947478e,0xc947478e
-.long	0x0bf0f0fb,0x0bf0f0fb
-.long	0xecadad41,0xecadad41
-.long	0x67d4d4b3,0x67d4d4b3
-.long	0xfda2a25f,0xfda2a25f
-.long	0xeaafaf45,0xeaafaf45
-.long	0xbf9c9c23,0xbf9c9c23
-.long	0xf7a4a453,0xf7a4a453
-.long	0x967272e4,0x967272e4
-.long	0x5bc0c09b,0x5bc0c09b
-.long	0xc2b7b775,0xc2b7b775
-.long	0x1cfdfde1,0x1cfdfde1
-.long	0xae93933d,0xae93933d
-.long	0x6a26264c,0x6a26264c
-.long	0x5a36366c,0x5a36366c
-.long	0x413f3f7e,0x413f3f7e
-.long	0x02f7f7f5,0x02f7f7f5
-.long	0x4fcccc83,0x4fcccc83
-.long	0x5c343468,0x5c343468
-.long	0xf4a5a551,0xf4a5a551
-.long	0x34e5e5d1,0x34e5e5d1
-.long	0x08f1f1f9,0x08f1f1f9
-.long	0x937171e2,0x937171e2
-.long	0x73d8d8ab,0x73d8d8ab
-.long	0x53313162,0x53313162
-.long	0x3f15152a,0x3f15152a
-.long	0x0c040408,0x0c040408
-.long	0x52c7c795,0x52c7c795
-.long	0x65232346,0x65232346
-.long	0x5ec3c39d,0x5ec3c39d
-.long	0x28181830,0x28181830
-.long	0xa1969637,0xa1969637
-.long	0x0f05050a,0x0f05050a
-.long	0xb59a9a2f,0xb59a9a2f
-.long	0x0907070e,0x0907070e
-.long	0x36121224,0x36121224
-.long	0x9b80801b,0x9b80801b
-.long	0x3de2e2df,0x3de2e2df
-.long	0x26ebebcd,0x26ebebcd
-.long	0x6927274e,0x6927274e
-.long	0xcdb2b27f,0xcdb2b27f
-.long	0x9f7575ea,0x9f7575ea
-.long	0x1b090912,0x1b090912
-.long	0x9e83831d,0x9e83831d
-.long	0x742c2c58,0x742c2c58
-.long	0x2e1a1a34,0x2e1a1a34
-.long	0x2d1b1b36,0x2d1b1b36
-.long	0xb26e6edc,0xb26e6edc
-.long	0xee5a5ab4,0xee5a5ab4
-.long	0xfba0a05b,0xfba0a05b
-.long	0xf65252a4,0xf65252a4
-.long	0x4d3b3b76,0x4d3b3b76
-.long	0x61d6d6b7,0x61d6d6b7
-.long	0xceb3b37d,0xceb3b37d
-.long	0x7b292952,0x7b292952
-.long	0x3ee3e3dd,0x3ee3e3dd
-.long	0x712f2f5e,0x712f2f5e
-.long	0x97848413,0x97848413
-.long	0xf55353a6,0xf55353a6
-.long	0x68d1d1b9,0x68d1d1b9
-.long	0x00000000,0x00000000
-.long	0x2cededc1,0x2cededc1
-.long	0x60202040,0x60202040
-.long	0x1ffcfce3,0x1ffcfce3
-.long	0xc8b1b179,0xc8b1b179
-.long	0xed5b5bb6,0xed5b5bb6
-.long	0xbe6a6ad4,0xbe6a6ad4
-.long	0x46cbcb8d,0x46cbcb8d
-.long	0xd9bebe67,0xd9bebe67
-.long	0x4b393972,0x4b393972
-.long	0xde4a4a94,0xde4a4a94
-.long	0xd44c4c98,0xd44c4c98
-.long	0xe85858b0,0xe85858b0
-.long	0x4acfcf85,0x4acfcf85
-.long	0x6bd0d0bb,0x6bd0d0bb
-.long	0x2aefefc5,0x2aefefc5
-.long	0xe5aaaa4f,0xe5aaaa4f
-.long	0x16fbfbed,0x16fbfbed
-.long	0xc5434386,0xc5434386
-.long	0xd74d4d9a,0xd74d4d9a
-.long	0x55333366,0x55333366
-.long	0x94858511,0x94858511
-.long	0xcf45458a,0xcf45458a
-.long	0x10f9f9e9,0x10f9f9e9
-.long	0x06020204,0x06020204
-.long	0x817f7ffe,0x817f7ffe
-.long	0xf05050a0,0xf05050a0
-.long	0x443c3c78,0x443c3c78
-.long	0xba9f9f25,0xba9f9f25
-.long	0xe3a8a84b,0xe3a8a84b
-.long	0xf35151a2,0xf35151a2
-.long	0xfea3a35d,0xfea3a35d
-.long	0xc0404080,0xc0404080
-.long	0x8a8f8f05,0x8a8f8f05
-.long	0xad92923f,0xad92923f
-.long	0xbc9d9d21,0xbc9d9d21
-.long	0x48383870,0x48383870
-.long	0x04f5f5f1,0x04f5f5f1
-.long	0xdfbcbc63,0xdfbcbc63
-.long	0xc1b6b677,0xc1b6b677
-.long	0x75dadaaf,0x75dadaaf
-.long	0x63212142,0x63212142
-.long	0x30101020,0x30101020
-.long	0x1affffe5,0x1affffe5
-.long	0x0ef3f3fd,0x0ef3f3fd
-.long	0x6dd2d2bf,0x6dd2d2bf
-.long	0x4ccdcd81,0x4ccdcd81
-.long	0x140c0c18,0x140c0c18
-.long	0x35131326,0x35131326
-.long	0x2fececc3,0x2fececc3
-.long	0xe15f5fbe,0xe15f5fbe
-.long	0xa2979735,0xa2979735
-.long	0xcc444488,0xcc444488
-.long	0x3917172e,0x3917172e
-.long	0x57c4c493,0x57c4c493
-.long	0xf2a7a755,0xf2a7a755
-.long	0x827e7efc,0x827e7efc
-.long	0x473d3d7a,0x473d3d7a
-.long	0xac6464c8,0xac6464c8
-.long	0xe75d5dba,0xe75d5dba
-.long	0x2b191932,0x2b191932
-.long	0x957373e6,0x957373e6
-.long	0xa06060c0,0xa06060c0
-.long	0x98818119,0x98818119
-.long	0xd14f4f9e,0xd14f4f9e
-.long	0x7fdcdca3,0x7fdcdca3
-.long	0x66222244,0x66222244
-.long	0x7e2a2a54,0x7e2a2a54
-.long	0xab90903b,0xab90903b
-.long	0x8388880b,0x8388880b
-.long	0xca46468c,0xca46468c
-.long	0x29eeeec7,0x29eeeec7
-.long	0xd3b8b86b,0xd3b8b86b
-.long	0x3c141428,0x3c141428
-.long	0x79dedea7,0x79dedea7
-.long	0xe25e5ebc,0xe25e5ebc
-.long	0x1d0b0b16,0x1d0b0b16
-.long	0x76dbdbad,0x76dbdbad
-.long	0x3be0e0db,0x3be0e0db
-.long	0x56323264,0x56323264
-.long	0x4e3a3a74,0x4e3a3a74
-.long	0x1e0a0a14,0x1e0a0a14
-.long	0xdb494992,0xdb494992
-.long	0x0a06060c,0x0a06060c
-.long	0x6c242448,0x6c242448
-.long	0xe45c5cb8,0xe45c5cb8
-.long	0x5dc2c29f,0x5dc2c29f
-.long	0x6ed3d3bd,0x6ed3d3bd
-.long	0xefacac43,0xefacac43
-.long	0xa66262c4,0xa66262c4
-.long	0xa8919139,0xa8919139
-.long	0xa4959531,0xa4959531
-.long	0x37e4e4d3,0x37e4e4d3
-.long	0x8b7979f2,0x8b7979f2
-.long	0x32e7e7d5,0x32e7e7d5
-.long	0x43c8c88b,0x43c8c88b
-.long	0x5937376e,0x5937376e
-.long	0xb76d6dda,0xb76d6dda
-.long	0x8c8d8d01,0x8c8d8d01
-.long	0x64d5d5b1,0x64d5d5b1
-.long	0xd24e4e9c,0xd24e4e9c
-.long	0xe0a9a949,0xe0a9a949
-.long	0xb46c6cd8,0xb46c6cd8
-.long	0xfa5656ac,0xfa5656ac
-.long	0x07f4f4f3,0x07f4f4f3
-.long	0x25eaeacf,0x25eaeacf
-.long	0xaf6565ca,0xaf6565ca
-.long	0x8e7a7af4,0x8e7a7af4
-.long	0xe9aeae47,0xe9aeae47
-.long	0x18080810,0x18080810
-.long	0xd5baba6f,0xd5baba6f
-.long	0x887878f0,0x887878f0
-.long	0x6f25254a,0x6f25254a
-.long	0x722e2e5c,0x722e2e5c
-.long	0x241c1c38,0x241c1c38
-.long	0xf1a6a657,0xf1a6a657
-.long	0xc7b4b473,0xc7b4b473
-.long	0x51c6c697,0x51c6c697
-.long	0x23e8e8cb,0x23e8e8cb
-.long	0x7cdddda1,0x7cdddda1
-.long	0x9c7474e8,0x9c7474e8
-.long	0x211f1f3e,0x211f1f3e
-.long	0xdd4b4b96,0xdd4b4b96
-.long	0xdcbdbd61,0xdcbdbd61
-.long	0x868b8b0d,0x868b8b0d
-.long	0x858a8a0f,0x858a8a0f
-.long	0x907070e0,0x907070e0
-.long	0x423e3e7c,0x423e3e7c
-.long	0xc4b5b571,0xc4b5b571
-.long	0xaa6666cc,0xaa6666cc
-.long	0xd8484890,0xd8484890
-.long	0x05030306,0x05030306
-.long	0x01f6f6f7,0x01f6f6f7
-.long	0x120e0e1c,0x120e0e1c
-.long	0xa36161c2,0xa36161c2
-.long	0x5f35356a,0x5f35356a
-.long	0xf95757ae,0xf95757ae
-.long	0xd0b9b969,0xd0b9b969
-.long	0x91868617,0x91868617
-.long	0x58c1c199,0x58c1c199
-.long	0x271d1d3a,0x271d1d3a
-.long	0xb99e9e27,0xb99e9e27
-.long	0x38e1e1d9,0x38e1e1d9
-.long	0x13f8f8eb,0x13f8f8eb
-.long	0xb398982b,0xb398982b
-.long	0x33111122,0x33111122
-.long	0xbb6969d2,0xbb6969d2
-.long	0x70d9d9a9,0x70d9d9a9
-.long	0x898e8e07,0x898e8e07
-.long	0xa7949433,0xa7949433
-.long	0xb69b9b2d,0xb69b9b2d
-.long	0x221e1e3c,0x221e1e3c
-.long	0x92878715,0x92878715
-.long	0x20e9e9c9,0x20e9e9c9
-.long	0x49cece87,0x49cece87
-.long	0xff5555aa,0xff5555aa
-.long	0x78282850,0x78282850
-.long	0x7adfdfa5,0x7adfdfa5
-.long	0x8f8c8c03,0x8f8c8c03
-.long	0xf8a1a159,0xf8a1a159
-.long	0x80898909,0x80898909
-.long	0x170d0d1a,0x170d0d1a
-.long	0xdabfbf65,0xdabfbf65
-.long	0x31e6e6d7,0x31e6e6d7
-.long	0xc6424284,0xc6424284
-.long	0xb86868d0,0xb86868d0
-.long	0xc3414182,0xc3414182
-.long	0xb0999929,0xb0999929
-.long	0x772d2d5a,0x772d2d5a
-.long	0x110f0f1e,0x110f0f1e
-.long	0xcbb0b07b,0xcbb0b07b
-.long	0xfc5454a8,0xfc5454a8
-.long	0xd6bbbb6d,0xd6bbbb6d
-.long	0x3a16162c,0x3a16162c
-.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
-.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
-.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
-.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
-.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
-.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
-.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
-.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
-.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
-.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
-.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
-.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
-.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
-.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
-.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
-.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
-.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
-.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
-.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
-.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
-.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
-.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
-.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
-.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
-.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
-.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
-.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
-.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
-.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
-.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
-.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
-.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
-.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
-.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
-.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
-.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
-.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
-.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
-.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
-.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
-.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
-.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
-.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
-.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
-.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
-.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
-.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
-.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
-.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
-.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
-.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
-.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
-.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
-.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
-.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
-.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
-.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
-.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
-.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
-.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
-.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
-.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
-.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
-.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
-.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
-.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
-.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
-.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
-.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
-.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
-.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
-.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
-.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
-.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
-.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
-.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
-.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
-.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
-.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
-.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
-.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
-.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
-.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
-.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
-.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
-.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
-.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
-.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
-.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
-.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
-.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
-.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
-.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
-.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
-.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
-.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
-.byte	0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5
-.byte	0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76
-.byte	0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0
-.byte	0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0
-.byte	0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc
-.byte	0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15
-.byte	0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a
-.byte	0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75
-.byte	0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0
-.byte	0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84
-.byte	0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b
-.byte	0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf
-.byte	0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85
-.byte	0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8
-.byte	0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5
-.byte	0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2
-.byte	0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17
-.byte	0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73
-.byte	0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88
-.byte	0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb
-.byte	0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c
-.byte	0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79
-.byte	0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9
-.byte	0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08
-.byte	0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6
-.byte	0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a
-.byte	0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e
-.byte	0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e
-.byte	0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94
-.byte	0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf
-.byte	0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68
-.byte	0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16
-.long	0x00000001, 0x00000002, 0x00000004, 0x00000008
-.long	0x00000010, 0x00000020, 0x00000040, 0x00000080
-.long	0x0000001b, 0x00000036, 0x80808080, 0x80808080
-.long	0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
-.align	64
-.LAES_Td:
-.long	0x50a7f451,0x50a7f451
-.long	0x5365417e,0x5365417e
-.long	0xc3a4171a,0xc3a4171a
-.long	0x965e273a,0x965e273a
-.long	0xcb6bab3b,0xcb6bab3b
-.long	0xf1459d1f,0xf1459d1f
-.long	0xab58faac,0xab58faac
-.long	0x9303e34b,0x9303e34b
-.long	0x55fa3020,0x55fa3020
-.long	0xf66d76ad,0xf66d76ad
-.long	0x9176cc88,0x9176cc88
-.long	0x254c02f5,0x254c02f5
-.long	0xfcd7e54f,0xfcd7e54f
-.long	0xd7cb2ac5,0xd7cb2ac5
-.long	0x80443526,0x80443526
-.long	0x8fa362b5,0x8fa362b5
-.long	0x495ab1de,0x495ab1de
-.long	0x671bba25,0x671bba25
-.long	0x980eea45,0x980eea45
-.long	0xe1c0fe5d,0xe1c0fe5d
-.long	0x02752fc3,0x02752fc3
-.long	0x12f04c81,0x12f04c81
-.long	0xa397468d,0xa397468d
-.long	0xc6f9d36b,0xc6f9d36b
-.long	0xe75f8f03,0xe75f8f03
-.long	0x959c9215,0x959c9215
-.long	0xeb7a6dbf,0xeb7a6dbf
-.long	0xda595295,0xda595295
-.long	0x2d83bed4,0x2d83bed4
-.long	0xd3217458,0xd3217458
-.long	0x2969e049,0x2969e049
-.long	0x44c8c98e,0x44c8c98e
-.long	0x6a89c275,0x6a89c275
-.long	0x78798ef4,0x78798ef4
-.long	0x6b3e5899,0x6b3e5899
-.long	0xdd71b927,0xdd71b927
-.long	0xb64fe1be,0xb64fe1be
-.long	0x17ad88f0,0x17ad88f0
-.long	0x66ac20c9,0x66ac20c9
-.long	0xb43ace7d,0xb43ace7d
-.long	0x184adf63,0x184adf63
-.long	0x82311ae5,0x82311ae5
-.long	0x60335197,0x60335197
-.long	0x457f5362,0x457f5362
-.long	0xe07764b1,0xe07764b1
-.long	0x84ae6bbb,0x84ae6bbb
-.long	0x1ca081fe,0x1ca081fe
-.long	0x942b08f9,0x942b08f9
-.long	0x58684870,0x58684870
-.long	0x19fd458f,0x19fd458f
-.long	0x876cde94,0x876cde94
-.long	0xb7f87b52,0xb7f87b52
-.long	0x23d373ab,0x23d373ab
-.long	0xe2024b72,0xe2024b72
-.long	0x578f1fe3,0x578f1fe3
-.long	0x2aab5566,0x2aab5566
-.long	0x0728ebb2,0x0728ebb2
-.long	0x03c2b52f,0x03c2b52f
-.long	0x9a7bc586,0x9a7bc586
-.long	0xa50837d3,0xa50837d3
-.long	0xf2872830,0xf2872830
-.long	0xb2a5bf23,0xb2a5bf23
-.long	0xba6a0302,0xba6a0302
-.long	0x5c8216ed,0x5c8216ed
-.long	0x2b1ccf8a,0x2b1ccf8a
-.long	0x92b479a7,0x92b479a7
-.long	0xf0f207f3,0xf0f207f3
-.long	0xa1e2694e,0xa1e2694e
-.long	0xcdf4da65,0xcdf4da65
-.long	0xd5be0506,0xd5be0506
-.long	0x1f6234d1,0x1f6234d1
-.long	0x8afea6c4,0x8afea6c4
-.long	0x9d532e34,0x9d532e34
-.long	0xa055f3a2,0xa055f3a2
-.long	0x32e18a05,0x32e18a05
-.long	0x75ebf6a4,0x75ebf6a4
-.long	0x39ec830b,0x39ec830b
-.long	0xaaef6040,0xaaef6040
-.long	0x069f715e,0x069f715e
-.long	0x51106ebd,0x51106ebd
-.long	0xf98a213e,0xf98a213e
-.long	0x3d06dd96,0x3d06dd96
-.long	0xae053edd,0xae053edd
-.long	0x46bde64d,0x46bde64d
-.long	0xb58d5491,0xb58d5491
-.long	0x055dc471,0x055dc471
-.long	0x6fd40604,0x6fd40604
-.long	0xff155060,0xff155060
-.long	0x24fb9819,0x24fb9819
-.long	0x97e9bdd6,0x97e9bdd6
-.long	0xcc434089,0xcc434089
-.long	0x779ed967,0x779ed967
-.long	0xbd42e8b0,0xbd42e8b0
-.long	0x888b8907,0x888b8907
-.long	0x385b19e7,0x385b19e7
-.long	0xdbeec879,0xdbeec879
-.long	0x470a7ca1,0x470a7ca1
-.long	0xe90f427c,0xe90f427c
-.long	0xc91e84f8,0xc91e84f8
-.long	0x00000000,0x00000000
-.long	0x83868009,0x83868009
-.long	0x48ed2b32,0x48ed2b32
-.long	0xac70111e,0xac70111e
-.long	0x4e725a6c,0x4e725a6c
-.long	0xfbff0efd,0xfbff0efd
-.long	0x5638850f,0x5638850f
-.long	0x1ed5ae3d,0x1ed5ae3d
-.long	0x27392d36,0x27392d36
-.long	0x64d90f0a,0x64d90f0a
-.long	0x21a65c68,0x21a65c68
-.long	0xd1545b9b,0xd1545b9b
-.long	0x3a2e3624,0x3a2e3624
-.long	0xb1670a0c,0xb1670a0c
-.long	0x0fe75793,0x0fe75793
-.long	0xd296eeb4,0xd296eeb4
-.long	0x9e919b1b,0x9e919b1b
-.long	0x4fc5c080,0x4fc5c080
-.long	0xa220dc61,0xa220dc61
-.long	0x694b775a,0x694b775a
-.long	0x161a121c,0x161a121c
-.long	0x0aba93e2,0x0aba93e2
-.long	0xe52aa0c0,0xe52aa0c0
-.long	0x43e0223c,0x43e0223c
-.long	0x1d171b12,0x1d171b12
-.long	0x0b0d090e,0x0b0d090e
-.long	0xadc78bf2,0xadc78bf2
-.long	0xb9a8b62d,0xb9a8b62d
-.long	0xc8a91e14,0xc8a91e14
-.long	0x8519f157,0x8519f157
-.long	0x4c0775af,0x4c0775af
-.long	0xbbdd99ee,0xbbdd99ee
-.long	0xfd607fa3,0xfd607fa3
-.long	0x9f2601f7,0x9f2601f7
-.long	0xbcf5725c,0xbcf5725c
-.long	0xc53b6644,0xc53b6644
-.long	0x347efb5b,0x347efb5b
-.long	0x7629438b,0x7629438b
-.long	0xdcc623cb,0xdcc623cb
-.long	0x68fcedb6,0x68fcedb6
-.long	0x63f1e4b8,0x63f1e4b8
-.long	0xcadc31d7,0xcadc31d7
-.long	0x10856342,0x10856342
-.long	0x40229713,0x40229713
-.long	0x2011c684,0x2011c684
-.long	0x7d244a85,0x7d244a85
-.long	0xf83dbbd2,0xf83dbbd2
-.long	0x1132f9ae,0x1132f9ae
-.long	0x6da129c7,0x6da129c7
-.long	0x4b2f9e1d,0x4b2f9e1d
-.long	0xf330b2dc,0xf330b2dc
-.long	0xec52860d,0xec52860d
-.long	0xd0e3c177,0xd0e3c177
-.long	0x6c16b32b,0x6c16b32b
-.long	0x99b970a9,0x99b970a9
-.long	0xfa489411,0xfa489411
-.long	0x2264e947,0x2264e947
-.long	0xc48cfca8,0xc48cfca8
-.long	0x1a3ff0a0,0x1a3ff0a0
-.long	0xd82c7d56,0xd82c7d56
-.long	0xef903322,0xef903322
-.long	0xc74e4987,0xc74e4987
-.long	0xc1d138d9,0xc1d138d9
-.long	0xfea2ca8c,0xfea2ca8c
-.long	0x360bd498,0x360bd498
-.long	0xcf81f5a6,0xcf81f5a6
-.long	0x28de7aa5,0x28de7aa5
-.long	0x268eb7da,0x268eb7da
-.long	0xa4bfad3f,0xa4bfad3f
-.long	0xe49d3a2c,0xe49d3a2c
-.long	0x0d927850,0x0d927850
-.long	0x9bcc5f6a,0x9bcc5f6a
-.long	0x62467e54,0x62467e54
-.long	0xc2138df6,0xc2138df6
-.long	0xe8b8d890,0xe8b8d890
-.long	0x5ef7392e,0x5ef7392e
-.long	0xf5afc382,0xf5afc382
-.long	0xbe805d9f,0xbe805d9f
-.long	0x7c93d069,0x7c93d069
-.long	0xa92dd56f,0xa92dd56f
-.long	0xb31225cf,0xb31225cf
-.long	0x3b99acc8,0x3b99acc8
-.long	0xa77d1810,0xa77d1810
-.long	0x6e639ce8,0x6e639ce8
-.long	0x7bbb3bdb,0x7bbb3bdb
-.long	0x097826cd,0x097826cd
-.long	0xf418596e,0xf418596e
-.long	0x01b79aec,0x01b79aec
-.long	0xa89a4f83,0xa89a4f83
-.long	0x656e95e6,0x656e95e6
-.long	0x7ee6ffaa,0x7ee6ffaa
-.long	0x08cfbc21,0x08cfbc21
-.long	0xe6e815ef,0xe6e815ef
-.long	0xd99be7ba,0xd99be7ba
-.long	0xce366f4a,0xce366f4a
-.long	0xd4099fea,0xd4099fea
-.long	0xd67cb029,0xd67cb029
-.long	0xafb2a431,0xafb2a431
-.long	0x31233f2a,0x31233f2a
-.long	0x3094a5c6,0x3094a5c6
-.long	0xc066a235,0xc066a235
-.long	0x37bc4e74,0x37bc4e74
-.long	0xa6ca82fc,0xa6ca82fc
-.long	0xb0d090e0,0xb0d090e0
-.long	0x15d8a733,0x15d8a733
-.long	0x4a9804f1,0x4a9804f1
-.long	0xf7daec41,0xf7daec41
-.long	0x0e50cd7f,0x0e50cd7f
-.long	0x2ff69117,0x2ff69117
-.long	0x8dd64d76,0x8dd64d76
-.long	0x4db0ef43,0x4db0ef43
-.long	0x544daacc,0x544daacc
-.long	0xdf0496e4,0xdf0496e4
-.long	0xe3b5d19e,0xe3b5d19e
-.long	0x1b886a4c,0x1b886a4c
-.long	0xb81f2cc1,0xb81f2cc1
-.long	0x7f516546,0x7f516546
-.long	0x04ea5e9d,0x04ea5e9d
-.long	0x5d358c01,0x5d358c01
-.long	0x737487fa,0x737487fa
-.long	0x2e410bfb,0x2e410bfb
-.long	0x5a1d67b3,0x5a1d67b3
-.long	0x52d2db92,0x52d2db92
-.long	0x335610e9,0x335610e9
-.long	0x1347d66d,0x1347d66d
-.long	0x8c61d79a,0x8c61d79a
-.long	0x7a0ca137,0x7a0ca137
-.long	0x8e14f859,0x8e14f859
-.long	0x893c13eb,0x893c13eb
-.long	0xee27a9ce,0xee27a9ce
-.long	0x35c961b7,0x35c961b7
-.long	0xede51ce1,0xede51ce1
-.long	0x3cb1477a,0x3cb1477a
-.long	0x59dfd29c,0x59dfd29c
-.long	0x3f73f255,0x3f73f255
-.long	0x79ce1418,0x79ce1418
-.long	0xbf37c773,0xbf37c773
-.long	0xeacdf753,0xeacdf753
-.long	0x5baafd5f,0x5baafd5f
-.long	0x146f3ddf,0x146f3ddf
-.long	0x86db4478,0x86db4478
-.long	0x81f3afca,0x81f3afca
-.long	0x3ec468b9,0x3ec468b9
-.long	0x2c342438,0x2c342438
-.long	0x5f40a3c2,0x5f40a3c2
-.long	0x72c31d16,0x72c31d16
-.long	0x0c25e2bc,0x0c25e2bc
-.long	0x8b493c28,0x8b493c28
-.long	0x41950dff,0x41950dff
-.long	0x7101a839,0x7101a839
-.long	0xdeb30c08,0xdeb30c08
-.long	0x9ce4b4d8,0x9ce4b4d8
-.long	0x90c15664,0x90c15664
-.long	0x6184cb7b,0x6184cb7b
-.long	0x70b632d5,0x70b632d5
-.long	0x745c6c48,0x745c6c48
-.long	0x4257b8d0,0x4257b8d0
-.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
-.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
-.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
-.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
-.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
-.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
-.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
-.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
-.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
-.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
-.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
-.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
-.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
-.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
-.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
-.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
-.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
-.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
-.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
-.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
-.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
-.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
-.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
-.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
-.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
-.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
-.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
-.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
-.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
-.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
-.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
-.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
-.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
-.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
-.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
-.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
-.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
-.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
-.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
-.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
-.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
-.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
-.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
-.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
-.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
-.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
-.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
-.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
-.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
-.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
-.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
-.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
-.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
-.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
-.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
-.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
-.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
-.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
-.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
-.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
-.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
-.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
-.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
-.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
-.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
-.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
-.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
-.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
-.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
-.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
-.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
-.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
-.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
-.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
-.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
-.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
-.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
-.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
-.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
-.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
-.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
-.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
-.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
-.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
-.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
-.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
-.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
-.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
-.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
-.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
-.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
-.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
-.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
-.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
-.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
-.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
-.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
-.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
-.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
-.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-.byte	0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38
-.byte	0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb
-.byte	0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87
-.byte	0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb
-.byte	0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d
-.byte	0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e
-.byte	0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2
-.byte	0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25
-.byte	0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16
-.byte	0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92
-.byte	0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda
-.byte	0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84
-.byte	0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a
-.byte	0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06
-.byte	0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02
-.byte	0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b
-.byte	0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea
-.byte	0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73
-.byte	0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85
-.byte	0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e
-.byte	0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89
-.byte	0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b
-.byte	0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20
-.byte	0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4
-.byte	0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31
-.byte	0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f
-.byte	0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d
-.byte	0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef
-.byte	0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0
-.byte	0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61
-.byte	0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26
-.byte	0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
-.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
-.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-.byte	65,69,83,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.align	64
diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl
deleted file mode 100755
index 34cbb5d844..0000000000
--- a/crypto/aes/asm/aes-x86_64.pl
+++ /dev/null
@@ -1,2819 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# Version 2.1.
-#
-# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on
-# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version
-# [you'll notice a lot of resemblance], such as compressed S-boxes
-# in little-endian byte order, prefetch of these tables in CBC mode,
-# as well as avoiding L1 cache aliasing between stack frame and key
-# schedule and already mentioned tables, compressed Td4...
-#
-# Performance in number of cycles per processed byte for 128-bit key:
-#
-#		ECB encrypt	ECB decrypt	CBC large chunk
-# AMD64		33		41		13.0
-# EM64T		38		59		18.6(*)
-# Core 2	30		43		14.5(*)
-#
-# (*) with hyper-threading off
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-$verticalspin=1;	# unlike 32-bit version $verticalspin performs
-			# ~15% better on both AMD and Intel cores
-$speed_limit=512;	# see aes-586.pl for details
-
-$code=".text\n";
-
-$s0="%eax";
-$s1="%ebx";
-$s2="%ecx";
-$s3="%edx";
-$acc0="%esi";	$mask80="%rsi";
-$acc1="%edi";	$maskfe="%rdi";
-$acc2="%ebp";	$mask1b="%rbp";
-$inp="%r8";
-$out="%r9";
-$t0="%r10d";
-$t1="%r11d";
-$t2="%r12d";
-$rnds="%r13d";
-$sbox="%r14";
-$key="%r15";
-
-sub hi() { my $r=shift;	$r =~ s/%[er]([a-d])x/%\1h/;	$r; }
-sub lo() { my $r=shift;	$r =~ s/%[er]([a-d])x/%\1l/;
-			$r =~ s/%[er]([sd]i)/%\1l/;
-			$r =~ s/%(r[0-9]+)[d]?/%\1b/;	$r; }
-sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/;
-			$r =~ s/%r([0-9]+)/%r\1d/;	$r; }
-sub _data_word()
-{ my $i;
-    while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
-}
-sub data_word()
-{ my $i;
-  my $last=pop(@_);
-    $code.=".long\t";
-    while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; }
-    $code.=sprintf"0x%08x\n",$last;
-}
-
-sub data_byte()
-{ my $i;
-  my $last=pop(@_);
-    $code.=".byte\t";
-    while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; }
-    $code.=sprintf"0x%02x\n",$last&0xff;
-}
-
-sub encvert()
-{ my $t3="%r8d";	# zaps $inp!
-
-$code.=<<___;
-	# favor 3-way issue Opteron pipeline...
-	movzb	`&lo("$s0")`,$acc0
-	movzb	`&lo("$s1")`,$acc1
-	movzb	`&lo("$s2")`,$acc2
-	mov	0($sbox,$acc0,8),$t0
-	mov	0($sbox,$acc1,8),$t1
-	mov	0($sbox,$acc2,8),$t2
-
-	movzb	`&hi("$s1")`,$acc0
-	movzb	`&hi("$s2")`,$acc1
-	movzb	`&lo("$s3")`,$acc2
-	xor	3($sbox,$acc0,8),$t0
-	xor	3($sbox,$acc1,8),$t1
-	mov	0($sbox,$acc2,8),$t3
-
-	movzb	`&hi("$s3")`,$acc0
-	shr	\$16,$s2
-	movzb	`&hi("$s0")`,$acc2
-	xor	3($sbox,$acc0,8),$t2
-	shr	\$16,$s3
-	xor	3($sbox,$acc2,8),$t3
-
-	shr	\$16,$s1
-	lea	16($key),$key
-	shr	\$16,$s0
-
-	movzb	`&lo("$s2")`,$acc0
-	movzb	`&lo("$s3")`,$acc1
-	movzb	`&lo("$s0")`,$acc2
-	xor	2($sbox,$acc0,8),$t0
-	xor	2($sbox,$acc1,8),$t1
-	xor	2($sbox,$acc2,8),$t2
-
-	movzb	`&hi("$s3")`,$acc0
-	movzb	`&hi("$s0")`,$acc1
-	movzb	`&lo("$s1")`,$acc2
-	xor	1($sbox,$acc0,8),$t0
-	xor	1($sbox,$acc1,8),$t1
-	xor	2($sbox,$acc2,8),$t3
-
-	mov	12($key),$s3
-	movzb	`&hi("$s1")`,$acc1
-	movzb	`&hi("$s2")`,$acc2
-	mov	0($key),$s0
-	xor	1($sbox,$acc1,8),$t2
-	xor	1($sbox,$acc2,8),$t3
-
-	mov	4($key),$s1
-	mov	8($key),$s2
-	xor	$t0,$s0
-	xor	$t1,$s1
-	xor	$t2,$s2
-	xor	$t3,$s3
-___
-}
-
-sub enclastvert()
-{ my $t3="%r8d";	# zaps $inp!
-
-$code.=<<___;
-	movzb	`&lo("$s0")`,$acc0
-	movzb	`&lo("$s1")`,$acc1
-	movzb	`&lo("$s2")`,$acc2
-	movzb	2($sbox,$acc0,8),$t0
-	movzb	2($sbox,$acc1,8),$t1
-	movzb	2($sbox,$acc2,8),$t2
-
-	movzb	`&lo("$s3")`,$acc0
-	movzb	`&hi("$s1")`,$acc1
-	movzb	`&hi("$s2")`,$acc2
-	movzb	2($sbox,$acc0,8),$t3
-	mov	0($sbox,$acc1,8),$acc1	#$t0
-	mov	0($sbox,$acc2,8),$acc2	#$t1
-
-	and	\$0x0000ff00,$acc1
-	and	\$0x0000ff00,$acc2
-
-	xor	$acc1,$t0
-	xor	$acc2,$t1
-	shr	\$16,$s2
-
-	movzb	`&hi("$s3")`,$acc0
-	movzb	`&hi("$s0")`,$acc1
-	shr	\$16,$s3
-	mov	0($sbox,$acc0,8),$acc0	#$t2
-	mov	0($sbox,$acc1,8),$acc1	#$t3
-
-	and	\$0x0000ff00,$acc0
-	and	\$0x0000ff00,$acc1
-	shr	\$16,$s1
-	xor	$acc0,$t2
-	xor	$acc1,$t3
-	shr	\$16,$s0
-
-	movzb	`&lo("$s2")`,$acc0
-	movzb	`&lo("$s3")`,$acc1
-	movzb	`&lo("$s0")`,$acc2
-	mov	0($sbox,$acc0,8),$acc0	#$t0
-	mov	0($sbox,$acc1,8),$acc1	#$t1
-	mov	0($sbox,$acc2,8),$acc2	#$t2
-
-	and	\$0x00ff0000,$acc0
-	and	\$0x00ff0000,$acc1
-	and	\$0x00ff0000,$acc2
-
-	xor	$acc0,$t0
-	xor	$acc1,$t1
-	xor	$acc2,$t2
-
-	movzb	`&lo("$s1")`,$acc0
-	movzb	`&hi("$s3")`,$acc1
-	movzb	`&hi("$s0")`,$acc2
-	mov	0($sbox,$acc0,8),$acc0	#$t3
-	mov	2($sbox,$acc1,8),$acc1	#$t0
-	mov	2($sbox,$acc2,8),$acc2	#$t1
-
-	and	\$0x00ff0000,$acc0
-	and	\$0xff000000,$acc1
-	and	\$0xff000000,$acc2
-
-	xor	$acc0,$t3
-	xor	$acc1,$t0
-	xor	$acc2,$t1
-
-	movzb	`&hi("$s1")`,$acc0
-	movzb	`&hi("$s2")`,$acc1
-	mov	16+12($key),$s3
-	mov	2($sbox,$acc0,8),$acc0	#$t2
-	mov	2($sbox,$acc1,8),$acc1	#$t3
-	mov	16+0($key),$s0
-
-	and	\$0xff000000,$acc0
-	and	\$0xff000000,$acc1
-
-	xor	$acc0,$t2
-	xor	$acc1,$t3
-
-	mov	16+4($key),$s1
-	mov	16+8($key),$s2
-	xor	$t0,$s0
-	xor	$t1,$s1
-	xor	$t2,$s2
-	xor	$t3,$s3
-___
-}
-
-sub encstep()
-{ my ($i,@s) = @_;
-  my $tmp0=$acc0;
-  my $tmp1=$acc1;
-  my $tmp2=$acc2;
-  my $out=($t0,$t1,$t2,$s[0])[$i];
-
-	if ($i==3) {
-		$tmp0=$s[1];
-		$tmp1=$s[2];
-		$tmp2=$s[3];
-	}
-	$code.="	movzb	".&lo($s[0]).",$out\n";
-	$code.="	mov	$s[2],$tmp1\n"		if ($i!=3);
-	$code.="	lea	16($key),$key\n"	if ($i==0);
-
-	$code.="	movzb	".&hi($s[1]).",$tmp0\n";
-	$code.="	mov	0($sbox,$out,8),$out\n";
-
-	$code.="	shr	\$16,$tmp1\n";
-	$code.="	mov	$s[3],$tmp2\n"		if ($i!=3);
-	$code.="	xor	3($sbox,$tmp0,8),$out\n";
-
-	$code.="	movzb	".&lo($tmp1).",$tmp1\n";
-	$code.="	shr	\$24,$tmp2\n";
-	$code.="	xor	4*$i($key),$out\n";
-
-	$code.="	xor	2($sbox,$tmp1,8),$out\n";
-	$code.="	xor	1($sbox,$tmp2,8),$out\n";
-
-	$code.="	mov	$t0,$s[1]\n"		if ($i==3);
-	$code.="	mov	$t1,$s[2]\n"		if ($i==3);
-	$code.="	mov	$t2,$s[3]\n"		if ($i==3);
-	$code.="\n";
-}
-
-sub enclast()
-{ my ($i,@s)=@_;
-  my $tmp0=$acc0;
-  my $tmp1=$acc1;
-  my $tmp2=$acc2;
-  my $out=($t0,$t1,$t2,$s[0])[$i];
-
-	if ($i==3) {
-		$tmp0=$s[1];
-		$tmp1=$s[2];
-		$tmp2=$s[3];
-	}
-	$code.="	movzb	".&lo($s[0]).",$out\n";
-	$code.="	mov	$s[2],$tmp1\n"		if ($i!=3);
-
-	$code.="	mov	2($sbox,$out,8),$out\n";
-	$code.="	shr	\$16,$tmp1\n";
-	$code.="	mov	$s[3],$tmp2\n"		if ($i!=3);
-
-	$code.="	and	\$0x000000ff,$out\n";
-	$code.="	movzb	".&hi($s[1]).",$tmp0\n";
-	$code.="	movzb	".&lo($tmp1).",$tmp1\n";
-	$code.="	shr	\$24,$tmp2\n";
-
-	$code.="	mov	0($sbox,$tmp0,8),$tmp0\n";
-	$code.="	mov	0($sbox,$tmp1,8),$tmp1\n";
-	$code.="	mov	2($sbox,$tmp2,8),$tmp2\n";
-
-	$code.="	and	\$0x0000ff00,$tmp0\n";
-	$code.="	and	\$0x00ff0000,$tmp1\n";
-	$code.="	and	\$0xff000000,$tmp2\n";
-
-	$code.="	xor	$tmp0,$out\n";
-	$code.="	mov	$t0,$s[1]\n"		if ($i==3);
-	$code.="	xor	$tmp1,$out\n";
-	$code.="	mov	$t1,$s[2]\n"		if ($i==3);
-	$code.="	xor	$tmp2,$out\n";
-	$code.="	mov	$t2,$s[3]\n"		if ($i==3);
-	$code.="\n";
-}
-
-$code.=<<___;
-.type	_x86_64_AES_encrypt,\@abi-omnipotent
-.align	16
-_x86_64_AES_encrypt:
-	xor	0($key),$s0			# xor with key
-	xor	4($key),$s1
-	xor	8($key),$s2
-	xor	12($key),$s3
-
-	mov	240($key),$rnds			# load key->rounds
-	sub	\$1,$rnds
-	jmp	.Lenc_loop
-.align	16
-.Lenc_loop:
-___
-	if ($verticalspin) { &encvert(); }
-	else {	&encstep(0,$s0,$s1,$s2,$s3);
-		&encstep(1,$s1,$s2,$s3,$s0);
-		&encstep(2,$s2,$s3,$s0,$s1);
-		&encstep(3,$s3,$s0,$s1,$s2);
-	}
-$code.=<<___;
-	sub	\$1,$rnds
-	jnz	.Lenc_loop
-___
-	if ($verticalspin) { &enclastvert(); }
-	else {	&enclast(0,$s0,$s1,$s2,$s3);
-		&enclast(1,$s1,$s2,$s3,$s0);
-		&enclast(2,$s2,$s3,$s0,$s1);
-		&enclast(3,$s3,$s0,$s1,$s2);
-		$code.=<<___;
-		xor	16+0($key),$s0		# xor with key
-		xor	16+4($key),$s1
-		xor	16+8($key),$s2
-		xor	16+12($key),$s3
-___
-	}
-$code.=<<___;
-	.byte	0xf3,0xc3			# rep ret
-.size	_x86_64_AES_encrypt,.-_x86_64_AES_encrypt
-___
-
-# it's possible to implement this by shifting tN by 8, filling least
-# significant byte with byte load and finally bswap-ing at the end,
-# but such partial register load kills Core 2...
-sub enccompactvert()
-{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
-
-$code.=<<___;
-	movzb	`&lo("$s0")`,$t0
-	movzb	`&lo("$s1")`,$t1
-	movzb	`&lo("$s2")`,$t2
-	movzb	($sbox,$t0,1),$t0
-	movzb	($sbox,$t1,1),$t1
-	movzb	($sbox,$t2,1),$t2
-
-	movzb	`&lo("$s3")`,$t3
-	movzb	`&hi("$s1")`,$acc0
-	movzb	`&hi("$s2")`,$acc1
-	movzb	($sbox,$t3,1),$t3
-	movzb	($sbox,$acc0,1),$t4	#$t0
-	movzb	($sbox,$acc1,1),$t5	#$t1
-
-	movzb	`&hi("$s3")`,$acc2
-	movzb	`&hi("$s0")`,$acc0
-	shr	\$16,$s2
-	movzb	($sbox,$acc2,1),$acc2	#$t2
-	movzb	($sbox,$acc0,1),$acc0	#$t3
-	shr	\$16,$s3
-
-	movzb	`&lo("$s2")`,$acc1
-	shl	\$8,$t4
-	shl	\$8,$t5
-	movzb	($sbox,$acc1,1),$acc1	#$t0
-	xor	$t4,$t0
-	xor	$t5,$t1
-
-	movzb	`&lo("$s3")`,$t4
-	shr	\$16,$s0
-	shr	\$16,$s1
-	movzb	`&lo("$s0")`,$t5
-	shl	\$8,$acc2
-	shl	\$8,$acc0
-	movzb	($sbox,$t4,1),$t4	#$t1
-	movzb	($sbox,$t5,1),$t5	#$t2
-	xor	$acc2,$t2
-	xor	$acc0,$t3
-
-	movzb	`&lo("$s1")`,$acc2
-	movzb	`&hi("$s3")`,$acc0
-	shl	\$16,$acc1
-	movzb	($sbox,$acc2,1),$acc2	#$t3
-	movzb	($sbox,$acc0,1),$acc0	#$t0
-	xor	$acc1,$t0
-
-	movzb	`&hi("$s0")`,$acc1
-	shr	\$8,$s2
-	shr	\$8,$s1
-	movzb	($sbox,$acc1,1),$acc1	#$t1
-	movzb	($sbox,$s2,1),$s3	#$t3
-	movzb	($sbox,$s1,1),$s2	#$t2
-	shl	\$16,$t4
-	shl	\$16,$t5
-	shl	\$16,$acc2
-	xor	$t4,$t1
-	xor	$t5,$t2
-	xor	$acc2,$t3
-
-	shl	\$24,$acc0
-	shl	\$24,$acc1
-	shl	\$24,$s3
-	xor	$acc0,$t0
-	shl	\$24,$s2
-	xor	$acc1,$t1
-	mov	$t0,$s0
-	mov	$t1,$s1
-	xor	$t2,$s2
-	xor	$t3,$s3
-___
-}
-
-sub enctransform_ref()
-{ my $sn = shift;
-  my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d");
-
-$code.=<<___;
-	mov	$sn,$acc
-	and	\$0x80808080,$acc
-	mov	$acc,$tmp
-	shr	\$7,$tmp
-	lea	($sn,$sn),$r2
-	sub	$tmp,$acc
-	and	\$0xfefefefe,$r2
-	and	\$0x1b1b1b1b,$acc
-	mov	$sn,$tmp
-	xor	$acc,$r2
-
-	xor	$r2,$sn
-	rol	\$24,$sn
-	xor	$r2,$sn
-	ror	\$16,$tmp
-	xor	$tmp,$sn
-	ror	\$8,$tmp
-	xor	$tmp,$sn
-___
-}
-
-# unlike decrypt case it does not pay off to parallelize enctransform
-sub enctransform()
-{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d");
-
-$code.=<<___;
-	mov	$s0,$acc0
-	mov	$s1,$acc1
-	and	\$0x80808080,$acc0
-	and	\$0x80808080,$acc1
-	mov	$acc0,$t0
-	mov	$acc1,$t1
-	shr	\$7,$t0
-	lea	($s0,$s0),$r20
-	shr	\$7,$t1
-	lea	($s1,$s1),$r21
-	sub	$t0,$acc0
-	sub	$t1,$acc1
-	and	\$0xfefefefe,$r20
-	and	\$0xfefefefe,$r21
-	and	\$0x1b1b1b1b,$acc0
-	and	\$0x1b1b1b1b,$acc1
-	mov	$s0,$t0
-	mov	$s1,$t1
-	xor	$acc0,$r20
-	xor	$acc1,$r21
-
-	xor	$r20,$s0
-	xor	$r21,$s1
-	 mov	$s2,$acc0
-	 mov	$s3,$acc1
-	rol	\$24,$s0
-	rol	\$24,$s1
-	 and	\$0x80808080,$acc0
-	 and	\$0x80808080,$acc1
-	xor	$r20,$s0
-	xor	$r21,$s1
-	 mov	$acc0,$t2
-	 mov	$acc1,$t3
-	ror	\$16,$t0
-	ror	\$16,$t1
-	 shr	\$7,$t2
-	 lea	($s2,$s2),$r20
-	xor	$t0,$s0
-	xor	$t1,$s1
-	 shr	\$7,$t3
-	 lea	($s3,$s3),$r21
-	ror	\$8,$t0
-	ror	\$8,$t1
-	 sub	$t2,$acc0
-	 sub	$t3,$acc1
-	xor	$t0,$s0
-	xor	$t1,$s1
-
-	and	\$0xfefefefe,$r20
-	and	\$0xfefefefe,$r21
-	and	\$0x1b1b1b1b,$acc0
-	and	\$0x1b1b1b1b,$acc1
-	mov	$s2,$t2
-	mov	$s3,$t3
-	xor	$acc0,$r20
-	xor	$acc1,$r21
-
-	xor	$r20,$s2
-	xor	$r21,$s3
-	rol	\$24,$s2
-	rol	\$24,$s3
-	xor	$r20,$s2
-	xor	$r21,$s3
-	mov	0($sbox),$acc0			# prefetch Te4
-	ror	\$16,$t2
-	ror	\$16,$t3
-	mov	64($sbox),$acc1
-	xor	$t2,$s2
-	xor	$t3,$s3
-	mov	128($sbox),$r20
-	ror	\$8,$t2
-	ror	\$8,$t3
-	mov	192($sbox),$r21
-	xor	$t2,$s2
-	xor	$t3,$s3
-___
-}
-
-$code.=<<___;
-.type	_x86_64_AES_encrypt_compact,\@abi-omnipotent
-.align	16
-_x86_64_AES_encrypt_compact:
-	lea	128($sbox),$inp			# size optimization
-	mov	0-128($inp),$acc1		# prefetch Te4
-	mov	32-128($inp),$acc2
-	mov	64-128($inp),$t0
-	mov	96-128($inp),$t1
-	mov	128-128($inp),$acc1
-	mov	160-128($inp),$acc2
-	mov	192-128($inp),$t0
-	mov	224-128($inp),$t1
-	jmp	.Lenc_loop_compact
-.align	16
-.Lenc_loop_compact:
-		xor	0($key),$s0		# xor with key
-		xor	4($key),$s1
-		xor	8($key),$s2
-		xor	12($key),$s3
-		lea	16($key),$key
-___
-		&enccompactvert();
-$code.=<<___;
-		cmp	16(%rsp),$key
-		je	.Lenc_compact_done
-___
-		&enctransform();
-$code.=<<___;
-	jmp	.Lenc_loop_compact
-.align	16
-.Lenc_compact_done:
-	xor	0($key),$s0
-	xor	4($key),$s1
-	xor	8($key),$s2
-	xor	12($key),$s3
-	.byte	0xf3,0xc3			# rep ret
-.size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
-___
-
-# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
-$code.=<<___;
-.globl	AES_encrypt
-.type	AES_encrypt,\@function,3
-.align	16
-.globl	asm_AES_encrypt
-.hidden	asm_AES_encrypt
-asm_AES_encrypt:
-AES_encrypt:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-
-	# allocate frame "above" key schedule
-	mov	%rsp,%r10
-	lea	-63(%rdx),%rcx	# %rdx is key argument
-	and	\$-64,%rsp
-	sub	%rsp,%rcx
-	neg	%rcx
-	and	\$0x3c0,%rcx
-	sub	%rcx,%rsp
-	sub	\$32,%rsp
-
-	mov	%rsi,16(%rsp)	# save out
-	mov	%r10,24(%rsp)	# save real stack pointer
-.Lenc_prologue:
-
-	mov	%rdx,$key
-	mov	240($key),$rnds	# load rounds
-
-	mov	0(%rdi),$s0	# load input vector
-	mov	4(%rdi),$s1
-	mov	8(%rdi),$s2
-	mov	12(%rdi),$s3
-
-	shl	\$4,$rnds
-	lea	($key,$rnds),%rbp
-	mov	$key,(%rsp)	# key schedule
-	mov	%rbp,8(%rsp)	# end of key schedule
-
-	# pick Te4 copy which can't "overlap" with stack frame or key schedule
-	lea	.LAES_Te+2048(%rip),$sbox
-	lea	768(%rsp),%rbp
-	sub	$sbox,%rbp
-	and	\$0x300,%rbp
-	lea	($sbox,%rbp),$sbox
-
-	call	_x86_64_AES_encrypt_compact
-
-	mov	16(%rsp),$out	# restore out
-	mov	24(%rsp),%rsi	# restore saved stack pointer
-	mov	$s0,0($out)	# write output vector
-	mov	$s1,4($out)
-	mov	$s2,8($out)
-	mov	$s3,12($out)
-
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lenc_epilogue:
-	ret
-.size	AES_encrypt,.-AES_encrypt
-___
-
-#------------------------------------------------------------------#
-
-sub decvert()
-{ my $t3="%r8d";	# zaps $inp!
-
-$code.=<<___;
-	# favor 3-way issue Opteron pipeline...
-	movzb	`&lo("$s0")`,$acc0
-	movzb	`&lo("$s1")`,$acc1
-	movzb	`&lo("$s2")`,$acc2
-	mov	0($sbox,$acc0,8),$t0
-	mov	0($sbox,$acc1,8),$t1
-	mov	0($sbox,$acc2,8),$t2
-
-	movzb	`&hi("$s3")`,$acc0
-	movzb	`&hi("$s0")`,$acc1
-	movzb	`&lo("$s3")`,$acc2
-	xor	3($sbox,$acc0,8),$t0
-	xor	3($sbox,$acc1,8),$t1
-	mov	0($sbox,$acc2,8),$t3
-
-	movzb	`&hi("$s1")`,$acc0
-	shr	\$16,$s0
-	movzb	`&hi("$s2")`,$acc2
-	xor	3($sbox,$acc0,8),$t2
-	shr	\$16,$s3
-	xor	3($sbox,$acc2,8),$t3
-
-	shr	\$16,$s1
-	lea	16($key),$key
-	shr	\$16,$s2
-
-	movzb	`&lo("$s2")`,$acc0
-	movzb	`&lo("$s3")`,$acc1
-	movzb	`&lo("$s0")`,$acc2
-	xor	2($sbox,$acc0,8),$t0
-	xor	2($sbox,$acc1,8),$t1
-	xor	2($sbox,$acc2,8),$t2
-
-	movzb	`&hi("$s1")`,$acc0
-	movzb	`&hi("$s2")`,$acc1
-	movzb	`&lo("$s1")`,$acc2
-	xor	1($sbox,$acc0,8),$t0
-	xor	1($sbox,$acc1,8),$t1
-	xor	2($sbox,$acc2,8),$t3
-
-	movzb	`&hi("$s3")`,$acc0
-	mov	12($key),$s3
-	movzb	`&hi("$s0")`,$acc2
-	xor	1($sbox,$acc0,8),$t2
-	mov	0($key),$s0
-	xor	1($sbox,$acc2,8),$t3
-
-	xor	$t0,$s0
-	mov	4($key),$s1
-	mov	8($key),$s2
-	xor	$t2,$s2
-	xor	$t1,$s1
-	xor	$t3,$s3
-___
-}
-
-sub declastvert()
-{ my $t3="%r8d";	# zaps $inp!
-
-$code.=<<___;
-	lea	2048($sbox),$sbox	# size optimization
-	movzb	`&lo("$s0")`,$acc0
-	movzb	`&lo("$s1")`,$acc1
-	movzb	`&lo("$s2")`,$acc2
-	movzb	($sbox,$acc0,1),$t0
-	movzb	($sbox,$acc1,1),$t1
-	movzb	($sbox,$acc2,1),$t2
-
-	movzb	`&lo("$s3")`,$acc0
-	movzb	`&hi("$s3")`,$acc1
-	movzb	`&hi("$s0")`,$acc2
-	movzb	($sbox,$acc0,1),$t3
-	movzb	($sbox,$acc1,1),$acc1	#$t0
-	movzb	($sbox,$acc2,1),$acc2	#$t1
-
-	shl	\$8,$acc1
-	shl	\$8,$acc2
-
-	xor	$acc1,$t0
-	xor	$acc2,$t1
-	shr	\$16,$s3
-
-	movzb	`&hi("$s1")`,$acc0
-	movzb	`&hi("$s2")`,$acc1
-	shr	\$16,$s0
-	movzb	($sbox,$acc0,1),$acc0	#$t2
-	movzb	($sbox,$acc1,1),$acc1	#$t3
-
-	shl	\$8,$acc0
-	shl	\$8,$acc1
-	shr	\$16,$s1
-	xor	$acc0,$t2
-	xor	$acc1,$t3
-	shr	\$16,$s2
-
-	movzb	`&lo("$s2")`,$acc0
-	movzb	`&lo("$s3")`,$acc1
-	movzb	`&lo("$s0")`,$acc2
-	movzb	($sbox,$acc0,1),$acc0	#$t0
-	movzb	($sbox,$acc1,1),$acc1	#$t1
-	movzb	($sbox,$acc2,1),$acc2	#$t2
-
-	shl	\$16,$acc0
-	shl	\$16,$acc1
-	shl	\$16,$acc2
-
-	xor	$acc0,$t0
-	xor	$acc1,$t1
-	xor	$acc2,$t2
-
-	movzb	`&lo("$s1")`,$acc0
-	movzb	`&hi("$s1")`,$acc1
-	movzb	`&hi("$s2")`,$acc2
-	movzb	($sbox,$acc0,1),$acc0	#$t3
-	movzb	($sbox,$acc1,1),$acc1	#$t0
-	movzb	($sbox,$acc2,1),$acc2	#$t1
-
-	shl	\$16,$acc0
-	shl	\$24,$acc1
-	shl	\$24,$acc2
-
-	xor	$acc0,$t3
-	xor	$acc1,$t0
-	xor	$acc2,$t1
-
-	movzb	`&hi("$s3")`,$acc0
-	movzb	`&hi("$s0")`,$acc1
-	mov	16+12($key),$s3
-	movzb	($sbox,$acc0,1),$acc0	#$t2
-	movzb	($sbox,$acc1,1),$acc1	#$t3
-	mov	16+0($key),$s0
-
-	shl	\$24,$acc0
-	shl	\$24,$acc1
-
-	xor	$acc0,$t2
-	xor	$acc1,$t3
-
-	mov	16+4($key),$s1
-	mov	16+8($key),$s2
-	lea	-2048($sbox),$sbox
-	xor	$t0,$s0
-	xor	$t1,$s1
-	xor	$t2,$s2
-	xor	$t3,$s3
-___
-}
-
-sub decstep()
-{ my ($i,@s) = @_;
-  my $tmp0=$acc0;
-  my $tmp1=$acc1;
-  my $tmp2=$acc2;
-  my $out=($t0,$t1,$t2,$s[0])[$i];
-
-	$code.="	mov	$s[0],$out\n"		if ($i!=3);
-			$tmp1=$s[2]			if ($i==3);
-	$code.="	mov	$s[2],$tmp1\n"		if ($i!=3);
-	$code.="	and	\$0xFF,$out\n";
-
-	$code.="	mov	0($sbox,$out,8),$out\n";
-	$code.="	shr	\$16,$tmp1\n";
-			$tmp2=$s[3]			if ($i==3);
-	$code.="	mov	$s[3],$tmp2\n"		if ($i!=3);
-
-			$tmp0=$s[1]			if ($i==3);
-	$code.="	movzb	".&hi($s[1]).",$tmp0\n";
-	$code.="	and	\$0xFF,$tmp1\n";
-	$code.="	shr	\$24,$tmp2\n";
-
-	$code.="	xor	3($sbox,$tmp0,8),$out\n";
-	$code.="	xor	2($sbox,$tmp1,8),$out\n";
-	$code.="	xor	1($sbox,$tmp2,8),$out\n";
-
-	$code.="	mov	$t2,$s[1]\n"		if ($i==3);
-	$code.="	mov	$t1,$s[2]\n"		if ($i==3);
-	$code.="	mov	$t0,$s[3]\n"		if ($i==3);
-	$code.="\n";
-}
-
-sub declast()
-{ my ($i,@s)=@_;
-  my $tmp0=$acc0;
-  my $tmp1=$acc1;
-  my $tmp2=$acc2;
-  my $out=($t0,$t1,$t2,$s[0])[$i];
-
-	$code.="	mov	$s[0],$out\n"		if ($i!=3);
-			$tmp1=$s[2]			if ($i==3);
-	$code.="	mov	$s[2],$tmp1\n"		if ($i!=3);
-	$code.="	and	\$0xFF,$out\n";
-
-	$code.="	movzb	2048($sbox,$out,1),$out\n";
-	$code.="	shr	\$16,$tmp1\n";
-			$tmp2=$s[3]			if ($i==3);
-	$code.="	mov	$s[3],$tmp2\n"		if ($i!=3);
-
-			$tmp0=$s[1]			if ($i==3);
-	$code.="	movzb	".&hi($s[1]).",$tmp0\n";
-	$code.="	and	\$0xFF,$tmp1\n";
-	$code.="	shr	\$24,$tmp2\n";
-
-	$code.="	movzb	2048($sbox,$tmp0,1),$tmp0\n";
-	$code.="	movzb	2048($sbox,$tmp1,1),$tmp1\n";
-	$code.="	movzb	2048($sbox,$tmp2,1),$tmp2\n";
-
-	$code.="	shl	\$8,$tmp0\n";
-	$code.="	shl	\$16,$tmp1\n";
-	$code.="	shl	\$24,$tmp2\n";
-
-	$code.="	xor	$tmp0,$out\n";
-	$code.="	mov	$t2,$s[1]\n"		if ($i==3);
-	$code.="	xor	$tmp1,$out\n";
-	$code.="	mov	$t1,$s[2]\n"		if ($i==3);
-	$code.="	xor	$tmp2,$out\n";
-	$code.="	mov	$t0,$s[3]\n"		if ($i==3);
-	$code.="\n";
-}
-
-$code.=<<___;
-.type	_x86_64_AES_decrypt,\@abi-omnipotent
-.align	16
-_x86_64_AES_decrypt:
-	xor	0($key),$s0			# xor with key
-	xor	4($key),$s1
-	xor	8($key),$s2
-	xor	12($key),$s3
-
-	mov	240($key),$rnds			# load key->rounds
-	sub	\$1,$rnds
-	jmp	.Ldec_loop
-.align	16
-.Ldec_loop:
-___
-	if ($verticalspin) { &decvert(); }
-	else {	&decstep(0,$s0,$s3,$s2,$s1);
-		&decstep(1,$s1,$s0,$s3,$s2);
-		&decstep(2,$s2,$s1,$s0,$s3);
-		&decstep(3,$s3,$s2,$s1,$s0);
-		$code.=<<___;
-		lea	16($key),$key
-		xor	0($key),$s0			# xor with key
-		xor	4($key),$s1
-		xor	8($key),$s2
-		xor	12($key),$s3
-___
-	}
-$code.=<<___;
-	sub	\$1,$rnds
-	jnz	.Ldec_loop
-___
-	if ($verticalspin) { &declastvert(); }
-	else {	&declast(0,$s0,$s3,$s2,$s1);
-		&declast(1,$s1,$s0,$s3,$s2);
-		&declast(2,$s2,$s1,$s0,$s3);
-		&declast(3,$s3,$s2,$s1,$s0);
-		$code.=<<___;
-		xor	16+0($key),$s0			# xor with key
-		xor	16+4($key),$s1
-		xor	16+8($key),$s2
-		xor	16+12($key),$s3
-___
-	}
-$code.=<<___;
-	.byte	0xf3,0xc3			# rep ret
-.size	_x86_64_AES_decrypt,.-_x86_64_AES_decrypt
-___
-
-sub deccompactvert()
-{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
-
-$code.=<<___;
-	movzb	`&lo("$s0")`,$t0
-	movzb	`&lo("$s1")`,$t1
-	movzb	`&lo("$s2")`,$t2
-	movzb	($sbox,$t0,1),$t0
-	movzb	($sbox,$t1,1),$t1
-	movzb	($sbox,$t2,1),$t2
-
-	movzb	`&lo("$s3")`,$t3
-	movzb	`&hi("$s3")`,$acc0
-	movzb	`&hi("$s0")`,$acc1
-	movzb	($sbox,$t3,1),$t3
-	movzb	($sbox,$acc0,1),$t4	#$t0
-	movzb	($sbox,$acc1,1),$t5	#$t1
-
-	movzb	`&hi("$s1")`,$acc2
-	movzb	`&hi("$s2")`,$acc0
-	shr	\$16,$s2
-	movzb	($sbox,$acc2,1),$acc2	#$t2
-	movzb	($sbox,$acc0,1),$acc0	#$t3
-	shr	\$16,$s3
-
-	movzb	`&lo("$s2")`,$acc1
-	shl	\$8,$t4
-	shl	\$8,$t5
-	movzb	($sbox,$acc1,1),$acc1	#$t0
-	xor	$t4,$t0
-	xor	$t5,$t1
-
-	movzb	`&lo("$s3")`,$t4
-	shr	\$16,$s0
-	shr	\$16,$s1
-	movzb	`&lo("$s0")`,$t5
-	shl	\$8,$acc2
-	shl	\$8,$acc0
-	movzb	($sbox,$t4,1),$t4	#$t1
-	movzb	($sbox,$t5,1),$t5	#$t2
-	xor	$acc2,$t2
-	xor	$acc0,$t3
-
-	movzb	`&lo("$s1")`,$acc2
-	movzb	`&hi("$s1")`,$acc0
-	shl	\$16,$acc1
-	movzb	($sbox,$acc2,1),$acc2	#$t3
-	movzb	($sbox,$acc0,1),$acc0	#$t0
-	xor	$acc1,$t0
-
-	movzb	`&hi("$s2")`,$acc1
-	shl	\$16,$t4
-	shl	\$16,$t5
-	movzb	($sbox,$acc1,1),$s1	#$t1
-	xor	$t4,$t1
-	xor	$t5,$t2
-
-	movzb	`&hi("$s3")`,$acc1
-	shr	\$8,$s0
-	shl	\$16,$acc2
-	movzb	($sbox,$acc1,1),$s2	#$t2
-	movzb	($sbox,$s0,1),$s3	#$t3
-	xor	$acc2,$t3
-
-	shl	\$24,$acc0
-	shl	\$24,$s1
-	shl	\$24,$s2
-	xor	$acc0,$t0
-	shl	\$24,$s3
-	xor	$t1,$s1
-	mov	$t0,$s0
-	xor	$t2,$s2
-	xor	$t3,$s3
-___
-}
-
-# parallelized version! input is pair of 64-bit values: %rax=s1.s0
-# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1,
-# %ecx=s2 and %edx=s3.
-sub dectransform()
-{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx");
-  my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx");
-  my $prefetch = shift;
-
-$code.=<<___;
-	mov	$tp10,$acc0
-	mov	$tp18,$acc8
-	and	$mask80,$acc0
-	and	$mask80,$acc8
-	mov	$acc0,$tp40
-	mov	$acc8,$tp48
-	shr	\$7,$tp40
-	lea	($tp10,$tp10),$tp20
-	shr	\$7,$tp48
-	lea	($tp18,$tp18),$tp28
-	sub	$tp40,$acc0
-	sub	$tp48,$acc8
-	and	$maskfe,$tp20
-	and	$maskfe,$tp28
-	and	$mask1b,$acc0
-	and	$mask1b,$acc8
-	xor	$tp20,$acc0
-	xor	$tp28,$acc8
-	mov	$acc0,$tp20
-	mov	$acc8,$tp28
-
-	and	$mask80,$acc0
-	and	$mask80,$acc8
-	mov	$acc0,$tp80
-	mov	$acc8,$tp88
-	shr	\$7,$tp80
-	lea	($tp20,$tp20),$tp40
-	shr	\$7,$tp88
-	lea	($tp28,$tp28),$tp48
-	sub	$tp80,$acc0
-	sub	$tp88,$acc8
-	and	$maskfe,$tp40
-	and	$maskfe,$tp48
-	and	$mask1b,$acc0
-	and	$mask1b,$acc8
-	xor	$tp40,$acc0
-	xor	$tp48,$acc8
-	mov	$acc0,$tp40
-	mov	$acc8,$tp48
-
-	and	$mask80,$acc0
-	and	$mask80,$acc8
-	mov	$acc0,$tp80
-	mov	$acc8,$tp88
-	shr	\$7,$tp80
-	 xor	$tp10,$tp20		# tp2^=tp1
-	shr	\$7,$tp88
-	 xor	$tp18,$tp28		# tp2^=tp1
-	sub	$tp80,$acc0
-	sub	$tp88,$acc8
-	lea	($tp40,$tp40),$tp80
-	lea	($tp48,$tp48),$tp88
-	 xor	$tp10,$tp40		# tp4^=tp1
-	 xor	$tp18,$tp48		# tp4^=tp1
-	and	$maskfe,$tp80
-	and	$maskfe,$tp88
-	and	$mask1b,$acc0
-	and	$mask1b,$acc8
-	xor	$acc0,$tp80
-	xor	$acc8,$tp88
-
-	xor	$tp80,$tp10		# tp1^=tp8
-	xor	$tp88,$tp18		# tp1^=tp8
-	xor	$tp80,$tp20		# tp2^tp1^=tp8
-	xor	$tp88,$tp28		# tp2^tp1^=tp8
-	mov	$tp10,$acc0
-	mov	$tp18,$acc8
-	xor	$tp80,$tp40		# tp4^tp1^=tp8
-	xor	$tp88,$tp48		# tp4^tp1^=tp8
-	shr	\$32,$acc0
-	shr	\$32,$acc8
-	xor	$tp20,$tp80		# tp8^=tp8^tp2^tp1=tp2^tp1
-	xor	$tp28,$tp88		# tp8^=tp8^tp2^tp1=tp2^tp1
-	rol	\$8,`&LO("$tp10")`	# ROTATE(tp1^tp8,8)
-	rol	\$8,`&LO("$tp18")`	# ROTATE(tp1^tp8,8)
-	xor	$tp40,$tp80		# tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
-	xor	$tp48,$tp88		# tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
-
-	rol	\$8,`&LO("$acc0")`	# ROTATE(tp1^tp8,8)
-	rol	\$8,`&LO("$acc8")`	# ROTATE(tp1^tp8,8)
-	xor	`&LO("$tp80")`,`&LO("$tp10")`
-	xor	`&LO("$tp88")`,`&LO("$tp18")`
-	shr	\$32,$tp80
-	shr	\$32,$tp88
-	xor	`&LO("$tp80")`,`&LO("$acc0")`
-	xor	`&LO("$tp88")`,`&LO("$acc8")`
-
-	mov	$tp20,$tp80
-	mov	$tp28,$tp88
-	shr	\$32,$tp80
-	shr	\$32,$tp88
-	rol	\$24,`&LO("$tp20")`	# ROTATE(tp2^tp1^tp8,24)
-	rol	\$24,`&LO("$tp28")`	# ROTATE(tp2^tp1^tp8,24)
-	rol	\$24,`&LO("$tp80")`	# ROTATE(tp2^tp1^tp8,24)
-	rol	\$24,`&LO("$tp88")`	# ROTATE(tp2^tp1^tp8,24)
-	xor	`&LO("$tp20")`,`&LO("$tp10")`
-	xor	`&LO("$tp28")`,`&LO("$tp18")`
-	mov	$tp40,$tp20
-	mov	$tp48,$tp28
-	xor	`&LO("$tp80")`,`&LO("$acc0")`
-	xor	`&LO("$tp88")`,`&LO("$acc8")`
-
-	`"mov	0($sbox),$mask80"	if ($prefetch)`
-	shr	\$32,$tp20
-	shr	\$32,$tp28
-	`"mov	64($sbox),$maskfe"	if ($prefetch)`
-	rol	\$16,`&LO("$tp40")`	# ROTATE(tp4^tp1^tp8,16)
-	rol	\$16,`&LO("$tp48")`	# ROTATE(tp4^tp1^tp8,16)
-	`"mov	128($sbox),$mask1b"	if ($prefetch)`
-	rol	\$16,`&LO("$tp20")`	# ROTATE(tp4^tp1^tp8,16)
-	rol	\$16,`&LO("$tp28")`	# ROTATE(tp4^tp1^tp8,16)
-	`"mov	192($sbox),$tp80"	if ($prefetch)`
-	xor	`&LO("$tp40")`,`&LO("$tp10")`
-	xor	`&LO("$tp48")`,`&LO("$tp18")`
-	`"mov	256($sbox),$tp88"	if ($prefetch)`
-	xor	`&LO("$tp20")`,`&LO("$acc0")`
-	xor	`&LO("$tp28")`,`&LO("$acc8")`
-___
-}
-
-$code.=<<___;
-.type	_x86_64_AES_decrypt_compact,\@abi-omnipotent
-.align	16
-_x86_64_AES_decrypt_compact:
-	lea	128($sbox),$inp			# size optimization
-	mov	0-128($inp),$acc1		# prefetch Td4
-	mov	32-128($inp),$acc2
-	mov	64-128($inp),$t0
-	mov	96-128($inp),$t1
-	mov	128-128($inp),$acc1
-	mov	160-128($inp),$acc2
-	mov	192-128($inp),$t0
-	mov	224-128($inp),$t1
-	jmp	.Ldec_loop_compact
-
-.align	16
-.Ldec_loop_compact:
-		xor	0($key),$s0		# xor with key
-		xor	4($key),$s1
-		xor	8($key),$s2
-		xor	12($key),$s3
-		lea	16($key),$key
-___
-		&deccompactvert();
-$code.=<<___;
-		cmp	16(%rsp),$key
-		je	.Ldec_compact_done
-
-		mov	256+0($sbox),$mask80
-		shl	\$32,%rbx
-		shl	\$32,%rdx
-		mov	256+8($sbox),$maskfe
-		or	%rbx,%rax
-		or	%rdx,%rcx
-		mov	256+16($sbox),$mask1b
-___
-		&dectransform(1);
-$code.=<<___;
-	jmp	.Ldec_loop_compact
-.align	16
-.Ldec_compact_done:
-	xor	0($key),$s0
-	xor	4($key),$s1
-	xor	8($key),$s2
-	xor	12($key),$s3
-	.byte	0xf3,0xc3			# rep ret
-.size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
-___
-
-# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
-$code.=<<___;
-.globl	AES_decrypt
-.type	AES_decrypt,\@function,3
-.align	16
-.globl	asm_AES_decrypt
-.hidden	asm_AES_decrypt
-asm_AES_decrypt:
-AES_decrypt:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-
-	# allocate frame "above" key schedule
-	mov	%rsp,%r10
-	lea	-63(%rdx),%rcx	# %rdx is key argument
-	and	\$-64,%rsp
-	sub	%rsp,%rcx
-	neg	%rcx
-	and	\$0x3c0,%rcx
-	sub	%rcx,%rsp
-	sub	\$32,%rsp
-
-	mov	%rsi,16(%rsp)	# save out
-	mov	%r10,24(%rsp)	# save real stack pointer
-.Ldec_prologue:
-
-	mov	%rdx,$key
-	mov	240($key),$rnds	# load rounds
-
-	mov	0(%rdi),$s0	# load input vector
-	mov	4(%rdi),$s1
-	mov	8(%rdi),$s2
-	mov	12(%rdi),$s3
-
-	shl	\$4,$rnds
-	lea	($key,$rnds),%rbp
-	mov	$key,(%rsp)	# key schedule
-	mov	%rbp,8(%rsp)	# end of key schedule
-
-	# pick Td4 copy which can't "overlap" with stack frame or key schedule
-	lea	.LAES_Td+2048(%rip),$sbox
-	lea	768(%rsp),%rbp
-	sub	$sbox,%rbp
-	and	\$0x300,%rbp
-	lea	($sbox,%rbp),$sbox
-	shr	\$3,%rbp	# recall "magic" constants!
-	add	%rbp,$sbox
-
-	call	_x86_64_AES_decrypt_compact
-
-	mov	16(%rsp),$out	# restore out
-	mov	24(%rsp),%rsi	# restore saved stack pointer
-	mov	$s0,0($out)	# write output vector
-	mov	$s1,4($out)
-	mov	$s2,8($out)
-	mov	$s3,12($out)
-
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Ldec_epilogue:
-	ret
-.size	AES_decrypt,.-AES_decrypt
-___
-#------------------------------------------------------------------#
-
-sub enckey()
-{
-$code.=<<___;
-	movz	%dl,%esi		# rk[i]>>0
-	movzb	-128(%rbp,%rsi),%ebx
-	movz	%dh,%esi		# rk[i]>>8
-	shl	\$24,%ebx
-	xor	%ebx,%eax
-
-	movzb	-128(%rbp,%rsi),%ebx
-	shr	\$16,%edx
-	movz	%dl,%esi		# rk[i]>>16
-	xor	%ebx,%eax
-
-	movzb	-128(%rbp,%rsi),%ebx
-	movz	%dh,%esi		# rk[i]>>24
-	shl	\$8,%ebx
-	xor	%ebx,%eax
-
-	movzb	-128(%rbp,%rsi),%ebx
-	shl	\$16,%ebx
-	xor	%ebx,%eax
-
-	xor	1024-128(%rbp,%rcx,4),%eax		# rcon
-___
-}
-
-# int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-#                        AES_KEY *key)
-$code.=<<___;
-.globl	private_AES_set_encrypt_key
-.type	private_AES_set_encrypt_key,\@function,3
-.align	16
-private_AES_set_encrypt_key:
-	push	%rbx
-	push	%rbp
-	push	%r12			# redundant, but allows to share 
-	push	%r13			# exception handler...
-	push	%r14
-	push	%r15
-	sub	\$8,%rsp
-.Lenc_key_prologue:
-
-	call	_x86_64_AES_set_encrypt_key
-
-	mov	8(%rsp),%r15
-	mov	16(%rsp),%r14
-	mov	24(%rsp),%r13
-	mov	32(%rsp),%r12
-	mov	40(%rsp),%rbp
-	mov	48(%rsp),%rbx
-	add	\$56,%rsp
-.Lenc_key_epilogue:
-	ret
-.size	private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
-
-.type	_x86_64_AES_set_encrypt_key,\@abi-omnipotent
-.align	16
-_x86_64_AES_set_encrypt_key:
-	mov	%esi,%ecx			# %ecx=bits
-	mov	%rdi,%rsi			# %rsi=userKey
-	mov	%rdx,%rdi			# %rdi=key
-
-	test	\$-1,%rsi
-	jz	.Lbadpointer
-	test	\$-1,%rdi
-	jz	.Lbadpointer
-
-	lea	.LAES_Te(%rip),%rbp
-	lea	2048+128(%rbp),%rbp
-
-	# prefetch Te4
-	mov	0-128(%rbp),%eax
-	mov	32-128(%rbp),%ebx
-	mov	64-128(%rbp),%r8d
-	mov	96-128(%rbp),%edx
-	mov	128-128(%rbp),%eax
-	mov	160-128(%rbp),%ebx
-	mov	192-128(%rbp),%r8d
-	mov	224-128(%rbp),%edx
-
-	cmp	\$128,%ecx
-	je	.L10rounds
-	cmp	\$192,%ecx
-	je	.L12rounds
-	cmp	\$256,%ecx
-	je	.L14rounds
-	mov	\$-2,%rax			# invalid number of bits
-	jmp	.Lexit
-
-.L10rounds:
-	mov	0(%rsi),%rax			# copy first 4 dwords
-	mov	8(%rsi),%rdx
-	mov	%rax,0(%rdi)
-	mov	%rdx,8(%rdi)
-
-	shr	\$32,%rdx
-	xor	%ecx,%ecx
-	jmp	.L10shortcut
-.align	4
-.L10loop:
-		mov	0(%rdi),%eax			# rk[0]
-		mov	12(%rdi),%edx			# rk[3]
-.L10shortcut:
-___
-		&enckey	();
-$code.=<<___;
-		mov	%eax,16(%rdi)			# rk[4]
-		xor	4(%rdi),%eax
-		mov	%eax,20(%rdi)			# rk[5]
-		xor	8(%rdi),%eax
-		mov	%eax,24(%rdi)			# rk[6]
-		xor	12(%rdi),%eax
-		mov	%eax,28(%rdi)			# rk[7]
-		add	\$1,%ecx
-		lea	16(%rdi),%rdi
-		cmp	\$10,%ecx
-	jl	.L10loop
-
-	movl	\$10,80(%rdi)			# setup number of rounds
-	xor	%rax,%rax
-	jmp	.Lexit
-
-.L12rounds:
-	mov	0(%rsi),%rax			# copy first 6 dwords
-	mov	8(%rsi),%rbx
-	mov	16(%rsi),%rdx
-	mov	%rax,0(%rdi)
-	mov	%rbx,8(%rdi)
-	mov	%rdx,16(%rdi)
-
-	shr	\$32,%rdx
-	xor	%ecx,%ecx
-	jmp	.L12shortcut
-.align	4
-.L12loop:
-		mov	0(%rdi),%eax			# rk[0]
-		mov	20(%rdi),%edx			# rk[5]
-.L12shortcut:
-___
-		&enckey	();
-$code.=<<___;
-		mov	%eax,24(%rdi)			# rk[6]
-		xor	4(%rdi),%eax
-		mov	%eax,28(%rdi)			# rk[7]
-		xor	8(%rdi),%eax
-		mov	%eax,32(%rdi)			# rk[8]
-		xor	12(%rdi),%eax
-		mov	%eax,36(%rdi)			# rk[9]
-
-		cmp	\$7,%ecx
-		je	.L12break
-		add	\$1,%ecx
-
-		xor	16(%rdi),%eax
-		mov	%eax,40(%rdi)			# rk[10]
-		xor	20(%rdi),%eax
-		mov	%eax,44(%rdi)			# rk[11]
-
-		lea	24(%rdi),%rdi
-	jmp	.L12loop
-.L12break:
-	movl	\$12,72(%rdi)		# setup number of rounds
-	xor	%rax,%rax
-	jmp	.Lexit
-
-.L14rounds:		
-	mov	0(%rsi),%rax			# copy first 8 dwords
-	mov	8(%rsi),%rbx
-	mov	16(%rsi),%rcx
-	mov	24(%rsi),%rdx
-	mov	%rax,0(%rdi)
-	mov	%rbx,8(%rdi)
-	mov	%rcx,16(%rdi)
-	mov	%rdx,24(%rdi)
-
-	shr	\$32,%rdx
-	xor	%ecx,%ecx
-	jmp	.L14shortcut
-.align	4
-.L14loop:
-		mov	0(%rdi),%eax			# rk[0]
-		mov	28(%rdi),%edx			# rk[4]
-.L14shortcut:
-___
-		&enckey	();
-$code.=<<___;
-		mov	%eax,32(%rdi)			# rk[8]
-		xor	4(%rdi),%eax
-		mov	%eax,36(%rdi)			# rk[9]
-		xor	8(%rdi),%eax
-		mov	%eax,40(%rdi)			# rk[10]
-		xor	12(%rdi),%eax
-		mov	%eax,44(%rdi)			# rk[11]
-
-		cmp	\$6,%ecx
-		je	.L14break
-		add	\$1,%ecx
-
-		mov	%eax,%edx
-		mov	16(%rdi),%eax			# rk[4]
-		movz	%dl,%esi			# rk[11]>>0
-		movzb	-128(%rbp,%rsi),%ebx
-		movz	%dh,%esi			# rk[11]>>8
-		xor	%ebx,%eax
-
-		movzb	-128(%rbp,%rsi),%ebx
-		shr	\$16,%edx
-		shl	\$8,%ebx
-		movz	%dl,%esi			# rk[11]>>16
-		xor	%ebx,%eax
-
-		movzb	-128(%rbp,%rsi),%ebx
-		movz	%dh,%esi			# rk[11]>>24
-		shl	\$16,%ebx
-		xor	%ebx,%eax
-
-		movzb	-128(%rbp,%rsi),%ebx
-		shl	\$24,%ebx
-		xor	%ebx,%eax
-
-		mov	%eax,48(%rdi)			# rk[12]
-		xor	20(%rdi),%eax
-		mov	%eax,52(%rdi)			# rk[13]
-		xor	24(%rdi),%eax
-		mov	%eax,56(%rdi)			# rk[14]
-		xor	28(%rdi),%eax
-		mov	%eax,60(%rdi)			# rk[15]
-
-		lea	32(%rdi),%rdi
-	jmp	.L14loop
-.L14break:
-	movl	\$14,48(%rdi)		# setup number of rounds
-	xor	%rax,%rax
-	jmp	.Lexit
-
-.Lbadpointer:
-	mov	\$-1,%rax
-.Lexit:
-	.byte	0xf3,0xc3			# rep ret
-.size	_x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
-___
-
-sub deckey_ref()
-{ my ($i,$ptr,$te,$td) = @_;
-  my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d");
-$code.=<<___;
-	mov	$i($ptr),$tp1
-	mov	$tp1,$acc
-	and	\$0x80808080,$acc
-	mov	$acc,$tp4
-	shr	\$7,$tp4
-	lea	0($tp1,$tp1),$tp2
-	sub	$tp4,$acc
-	and	\$0xfefefefe,$tp2
-	and	\$0x1b1b1b1b,$acc
-	xor	$tp2,$acc
-	mov	$acc,$tp2
-
-	and	\$0x80808080,$acc
-	mov	$acc,$tp8
-	shr	\$7,$tp8
-	lea	0($tp2,$tp2),$tp4
-	sub	$tp8,$acc
-	and	\$0xfefefefe,$tp4
-	and	\$0x1b1b1b1b,$acc
-	 xor	$tp1,$tp2		# tp2^tp1
-	xor	$tp4,$acc
-	mov	$acc,$tp4
-
-	and	\$0x80808080,$acc
-	mov	$acc,$tp8
-	shr	\$7,$tp8
-	sub	$tp8,$acc
-	lea	0($tp4,$tp4),$tp8
-	 xor	$tp1,$tp4		# tp4^tp1
-	and	\$0xfefefefe,$tp8
-	and	\$0x1b1b1b1b,$acc
-	xor	$acc,$tp8
-
-	xor	$tp8,$tp1		# tp1^tp8
-	rol	\$8,$tp1		# ROTATE(tp1^tp8,8)
-	xor	$tp8,$tp2		# tp2^tp1^tp8
-	xor	$tp8,$tp4		# tp4^tp1^tp8
-	xor	$tp2,$tp8
-	xor	$tp4,$tp8		# tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2
-
-	xor	$tp8,$tp1
-	rol	\$24,$tp2		# ROTATE(tp2^tp1^tp8,24)
-	xor	$tp2,$tp1
-	rol	\$16,$tp4		# ROTATE(tp4^tp1^tp8,16)
-	xor	$tp4,$tp1
-
-	mov	$tp1,$i($ptr)
-___
-}
-
-# int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-#                        AES_KEY *key)
-$code.=<<___;
-.globl	private_AES_set_decrypt_key
-.type	private_AES_set_decrypt_key,\@function,3
-.align	16
-private_AES_set_decrypt_key:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	push	%rdx			# save key schedule
-.Ldec_key_prologue:
-
-	call	_x86_64_AES_set_encrypt_key
-	mov	(%rsp),%r8		# restore key schedule
-	cmp	\$0,%eax
-	jne	.Labort
-
-	mov	240(%r8),%r14d		# pull number of rounds
-	xor	%rdi,%rdi
-	lea	(%rdi,%r14d,4),%rcx
-	mov	%r8,%rsi
-	lea	(%r8,%rcx,4),%rdi	# pointer to last chunk
-.align	4
-.Linvert:
-		mov	0(%rsi),%rax
-		mov	8(%rsi),%rbx
-		mov	0(%rdi),%rcx
-		mov	8(%rdi),%rdx
-		mov	%rax,0(%rdi)
-		mov	%rbx,8(%rdi)
-		mov	%rcx,0(%rsi)
-		mov	%rdx,8(%rsi)
-		lea	16(%rsi),%rsi
-		lea	-16(%rdi),%rdi
-		cmp	%rsi,%rdi
-	jne	.Linvert
-
-	lea	.LAES_Te+2048+1024(%rip),%rax	# rcon
-
-	mov	40(%rax),$mask80
-	mov	48(%rax),$maskfe
-	mov	56(%rax),$mask1b
-
-	mov	%r8,$key
-	sub	\$1,%r14d
-.align	4
-.Lpermute:
-		lea	16($key),$key
-		mov	0($key),%rax
-		mov	8($key),%rcx
-___
-		&dectransform ();
-$code.=<<___;
-		mov	%eax,0($key)
-		mov	%ebx,4($key)
-		mov	%ecx,8($key)
-		mov	%edx,12($key)
-		sub	\$1,%r14d
-	jnz	.Lpermute
-
-	xor	%rax,%rax
-.Labort:
-	mov	8(%rsp),%r15
-	mov	16(%rsp),%r14
-	mov	24(%rsp),%r13
-	mov	32(%rsp),%r12
-	mov	40(%rsp),%rbp
-	mov	48(%rsp),%rbx
-	add	\$56,%rsp
-.Ldec_key_epilogue:
-	ret
-.size	private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
-___
-
-# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
-#			size_t length, const AES_KEY *key,
-#			unsigned char *ivp,const int enc);
-{
-# stack frame layout
-# -8(%rsp)		return address
-my $keyp="0(%rsp)";		# one to pass as $key
-my $keyend="8(%rsp)";		# &(keyp->rd_key[4*keyp->rounds])
-my $_rsp="16(%rsp)";		# saved %rsp
-my $_inp="24(%rsp)";		# copy of 1st parameter, inp
-my $_out="32(%rsp)";		# copy of 2nd parameter, out
-my $_len="40(%rsp)";		# copy of 3rd parameter, length
-my $_key="48(%rsp)";		# copy of 4th parameter, key
-my $_ivp="56(%rsp)";		# copy of 5th parameter, ivp
-my $ivec="64(%rsp)";		# ivec[16]
-my $aes_key="80(%rsp)";		# copy of aes_key
-my $mark="80+240(%rsp)";	# copy of aes_key->rounds
-
-$code.=<<___;
-.globl	AES_cbc_encrypt
-.type	AES_cbc_encrypt,\@function,6
-.align	16
-.extern	OPENSSL_ia32cap_P
-.globl	asm_AES_cbc_encrypt
-.hidden	asm_AES_cbc_encrypt
-asm_AES_cbc_encrypt:
-AES_cbc_encrypt:
-	cmp	\$0,%rdx	# check length
-	je	.Lcbc_epilogue
-	pushfq
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-.Lcbc_prologue:
-
-	cld
-	mov	%r9d,%r9d	# clear upper half of enc
-
-	lea	.LAES_Te(%rip),$sbox
-	cmp	\$0,%r9
-	jne	.Lcbc_picked_te
-	lea	.LAES_Td(%rip),$sbox
-.Lcbc_picked_te:
-
-	mov	OPENSSL_ia32cap_P(%rip),%r10d
-	cmp	\$$speed_limit,%rdx
-	jb	.Lcbc_slow_prologue
-	test	\$15,%rdx
-	jnz	.Lcbc_slow_prologue
-	bt	\$28,%r10d
-	jc	.Lcbc_slow_prologue
-
-	# allocate aligned stack frame...
-	lea	-88-248(%rsp),$key
-	and	\$-64,$key
-
-	# ... and make sure it doesn't alias with AES_T[ed] modulo 4096
-	mov	$sbox,%r10
-	lea	2304($sbox),%r11
-	mov	$key,%r12
-	and	\$0xFFF,%r10	# s = $sbox&0xfff
-	and	\$0xFFF,%r11	# e = ($sbox+2048)&0xfff
-	and	\$0xFFF,%r12	# p = %rsp&0xfff
-
-	cmp	%r11,%r12	# if (p=>e) %rsp =- (p-e);
-	jb	.Lcbc_te_break_out
-	sub	%r11,%r12
-	sub	%r12,$key
-	jmp	.Lcbc_te_ok
-.Lcbc_te_break_out:		# else %rsp -= (p-s)&0xfff + framesz
-	sub	%r10,%r12
-	and	\$0xFFF,%r12
-	add	\$320,%r12
-	sub	%r12,$key
-.align	4
-.Lcbc_te_ok:
-
-	xchg	%rsp,$key
-	#add	\$8,%rsp	# reserve for return address!
-	mov	$key,$_rsp	# save %rsp
-.Lcbc_fast_body:
-	mov	%rdi,$_inp	# save copy of inp
-	mov	%rsi,$_out	# save copy of out
-	mov	%rdx,$_len	# save copy of len
-	mov	%rcx,$_key	# save copy of key
-	mov	%r8,$_ivp	# save copy of ivp
-	movl	\$0,$mark	# copy of aes_key->rounds = 0;
-	mov	%r8,%rbp	# rearrange input arguments
-	mov	%r9,%rbx
-	mov	%rsi,$out
-	mov	%rdi,$inp
-	mov	%rcx,$key
-
-	mov	240($key),%eax		# key->rounds
-	# do we copy key schedule to stack?
-	mov	$key,%r10
-	sub	$sbox,%r10
-	and	\$0xfff,%r10
-	cmp	\$2304,%r10
-	jb	.Lcbc_do_ecopy
-	cmp	\$4096-248,%r10
-	jb	.Lcbc_skip_ecopy
-.align	4
-.Lcbc_do_ecopy:
-		mov	$key,%rsi
-		lea	$aes_key,%rdi
-		lea	$aes_key,$key
-		mov	\$240/8,%ecx
-		.long	0x90A548F3	# rep movsq
-		mov	%eax,(%rdi)	# copy aes_key->rounds
-.Lcbc_skip_ecopy:
-	mov	$key,$keyp	# save key pointer
-
-	mov	\$18,%ecx
-.align	4
-.Lcbc_prefetch_te:
-		mov	0($sbox),%r10
-		mov	32($sbox),%r11
-		mov	64($sbox),%r12
-		mov	96($sbox),%r13
-		lea	128($sbox),$sbox
-		sub	\$1,%ecx
-	jnz	.Lcbc_prefetch_te
-	lea	-2304($sbox),$sbox
-
-	cmp	\$0,%rbx
-	je	.LFAST_DECRYPT
-
-#----------------------------- ENCRYPT -----------------------------#
-	mov	0(%rbp),$s0		# load iv
-	mov	4(%rbp),$s1
-	mov	8(%rbp),$s2
-	mov	12(%rbp),$s3
-
-.align	4
-.Lcbc_fast_enc_loop:
-		xor	0($inp),$s0
-		xor	4($inp),$s1
-		xor	8($inp),$s2
-		xor	12($inp),$s3
-		mov	$keyp,$key	# restore key
-		mov	$inp,$_inp	# if ($verticalspin) save inp
-
-		call	_x86_64_AES_encrypt
-
-		mov	$_inp,$inp	# if ($verticalspin) restore inp
-		mov	$_len,%r10
-		mov	$s0,0($out)
-		mov	$s1,4($out)
-		mov	$s2,8($out)
-		mov	$s3,12($out)
-
-		lea	16($inp),$inp
-		lea	16($out),$out
-		sub	\$16,%r10
-		test	\$-16,%r10
-		mov	%r10,$_len
-	jnz	.Lcbc_fast_enc_loop
-	mov	$_ivp,%rbp	# restore ivp
-	mov	$s0,0(%rbp)	# save ivec
-	mov	$s1,4(%rbp)
-	mov	$s2,8(%rbp)
-	mov	$s3,12(%rbp)
-
-	jmp	.Lcbc_fast_cleanup
-
-#----------------------------- DECRYPT -----------------------------#
-.align	16
-.LFAST_DECRYPT:
-	cmp	$inp,$out
-	je	.Lcbc_fast_dec_in_place
-
-	mov	%rbp,$ivec
-.align	4
-.Lcbc_fast_dec_loop:
-		mov	0($inp),$s0	# read input
-		mov	4($inp),$s1
-		mov	8($inp),$s2
-		mov	12($inp),$s3
-		mov	$keyp,$key	# restore key
-		mov	$inp,$_inp	# if ($verticalspin) save inp
-
-		call	_x86_64_AES_decrypt
-
-		mov	$ivec,%rbp	# load ivp
-		mov	$_inp,$inp	# if ($verticalspin) restore inp
-		mov	$_len,%r10	# load len
-		xor	0(%rbp),$s0	# xor iv
-		xor	4(%rbp),$s1
-		xor	8(%rbp),$s2
-		xor	12(%rbp),$s3
-		mov	$inp,%rbp	# current input, next iv
-
-		sub	\$16,%r10
-		mov	%r10,$_len	# update len
-		mov	%rbp,$ivec	# update ivp
-
-		mov	$s0,0($out)	# write output
-		mov	$s1,4($out)
-		mov	$s2,8($out)
-		mov	$s3,12($out)
-
-		lea	16($inp),$inp
-		lea	16($out),$out
-	jnz	.Lcbc_fast_dec_loop
-	mov	$_ivp,%r12		# load user ivp
-	mov	0(%rbp),%r10		# load iv
-	mov	8(%rbp),%r11
-	mov	%r10,0(%r12)		# copy back to user
-	mov	%r11,8(%r12)
-	jmp	.Lcbc_fast_cleanup
-
-.align	16
-.Lcbc_fast_dec_in_place:
-	mov	0(%rbp),%r10		# copy iv to stack
-	mov	8(%rbp),%r11
-	mov	%r10,0+$ivec
-	mov	%r11,8+$ivec
-.align	4
-.Lcbc_fast_dec_in_place_loop:
-		mov	0($inp),$s0	# load input
-		mov	4($inp),$s1
-		mov	8($inp),$s2
-		mov	12($inp),$s3
-		mov	$keyp,$key	# restore key
-		mov	$inp,$_inp	# if ($verticalspin) save inp
-
-		call	_x86_64_AES_decrypt
-
-		mov	$_inp,$inp	# if ($verticalspin) restore inp
-		mov	$_len,%r10
-		xor	0+$ivec,$s0
-		xor	4+$ivec,$s1
-		xor	8+$ivec,$s2
-		xor	12+$ivec,$s3
-
-		mov	0($inp),%r11	# load input
-		mov	8($inp),%r12
-		sub	\$16,%r10
-		jz	.Lcbc_fast_dec_in_place_done
-
-		mov	%r11,0+$ivec	# copy input to iv
-		mov	%r12,8+$ivec
-
-		mov	$s0,0($out)	# save output [zaps input]
-		mov	$s1,4($out)
-		mov	$s2,8($out)
-		mov	$s3,12($out)
-
-		lea	16($inp),$inp
-		lea	16($out),$out
-		mov	%r10,$_len
-	jmp	.Lcbc_fast_dec_in_place_loop
-.Lcbc_fast_dec_in_place_done:
-	mov	$_ivp,%rdi
-	mov	%r11,0(%rdi)	# copy iv back to user
-	mov	%r12,8(%rdi)
-
-	mov	$s0,0($out)	# save output [zaps input]
-	mov	$s1,4($out)
-	mov	$s2,8($out)
-	mov	$s3,12($out)
-
-.align	4
-.Lcbc_fast_cleanup:
-	cmpl	\$0,$mark	# was the key schedule copied?
-	lea	$aes_key,%rdi
-	je	.Lcbc_exit
-		mov	\$240/8,%ecx
-		xor	%rax,%rax
-		.long	0x90AB48F3	# rep stosq
-
-	jmp	.Lcbc_exit
-
-#--------------------------- SLOW ROUTINE ---------------------------#
-.align	16
-.Lcbc_slow_prologue:
-	# allocate aligned stack frame...
-	lea	-88(%rsp),%rbp
-	and	\$-64,%rbp
-	# ... just "above" key schedule
-	lea	-88-63(%rcx),%r10
-	sub	%rbp,%r10
-	neg	%r10
-	and	\$0x3c0,%r10
-	sub	%r10,%rbp
-
-	xchg	%rsp,%rbp
-	#add	\$8,%rsp	# reserve for return address!
-	mov	%rbp,$_rsp	# save %rsp
-.Lcbc_slow_body:
-	#mov	%rdi,$_inp	# save copy of inp
-	#mov	%rsi,$_out	# save copy of out
-	#mov	%rdx,$_len	# save copy of len
-	#mov	%rcx,$_key	# save copy of key
-	mov	%r8,$_ivp	# save copy of ivp
-	mov	%r8,%rbp	# rearrange input arguments
-	mov	%r9,%rbx
-	mov	%rsi,$out
-	mov	%rdi,$inp
-	mov	%rcx,$key
-	mov	%rdx,%r10
-
-	mov	240($key),%eax
-	mov	$key,$keyp	# save key pointer
-	shl	\$4,%eax
-	lea	($key,%rax),%rax
-	mov	%rax,$keyend
-
-	# pick Te4 copy which can't "overlap" with stack frame or key scdedule
-	lea	2048($sbox),$sbox
-	lea	768-8(%rsp),%rax
-	sub	$sbox,%rax
-	and	\$0x300,%rax
-	lea	($sbox,%rax),$sbox
-
-	cmp	\$0,%rbx
-	je	.LSLOW_DECRYPT
-
-#--------------------------- SLOW ENCRYPT ---------------------------#
-	test	\$-16,%r10		# check upon length
-	mov	0(%rbp),$s0		# load iv
-	mov	4(%rbp),$s1
-	mov	8(%rbp),$s2
-	mov	12(%rbp),$s3
-	jz	.Lcbc_slow_enc_tail	# short input...
-
-.align	4
-.Lcbc_slow_enc_loop:
-		xor	0($inp),$s0
-		xor	4($inp),$s1
-		xor	8($inp),$s2
-		xor	12($inp),$s3
-		mov	$keyp,$key	# restore key
-		mov	$inp,$_inp	# save inp
-		mov	$out,$_out	# save out
-		mov	%r10,$_len	# save len
-
-		call	_x86_64_AES_encrypt_compact
-
-		mov	$_inp,$inp	# restore inp
-		mov	$_out,$out	# restore out
-		mov	$_len,%r10	# restore len
-		mov	$s0,0($out)
-		mov	$s1,4($out)
-		mov	$s2,8($out)
-		mov	$s3,12($out)
-
-		lea	16($inp),$inp
-		lea	16($out),$out
-		sub	\$16,%r10
-		test	\$-16,%r10
-	jnz	.Lcbc_slow_enc_loop
-	test	\$15,%r10
-	jnz	.Lcbc_slow_enc_tail
-	mov	$_ivp,%rbp	# restore ivp
-	mov	$s0,0(%rbp)	# save ivec
-	mov	$s1,4(%rbp)
-	mov	$s2,8(%rbp)
-	mov	$s3,12(%rbp)
-
-	jmp	.Lcbc_exit
-
-.align	4
-.Lcbc_slow_enc_tail:
-	mov	%rax,%r11
-	mov	%rcx,%r12
-	mov	%r10,%rcx
-	mov	$inp,%rsi
-	mov	$out,%rdi
-	.long	0x9066A4F3		# rep movsb
-	mov	\$16,%rcx		# zero tail
-	sub	%r10,%rcx
-	xor	%rax,%rax
-	.long	0x9066AAF3		# rep stosb
-	mov	$out,$inp		# this is not a mistake!
-	mov	\$16,%r10		# len=16
-	mov	%r11,%rax
-	mov	%r12,%rcx
-	jmp	.Lcbc_slow_enc_loop	# one more spin...
-#--------------------------- SLOW DECRYPT ---------------------------#
-.align	16
-.LSLOW_DECRYPT:
-	shr	\$3,%rax
-	add	%rax,$sbox		# recall "magic" constants!
-
-	mov	0(%rbp),%r11		# copy iv to stack
-	mov	8(%rbp),%r12
-	mov	%r11,0+$ivec
-	mov	%r12,8+$ivec
-
-.align	4
-.Lcbc_slow_dec_loop:
-		mov	0($inp),$s0	# load input
-		mov	4($inp),$s1
-		mov	8($inp),$s2
-		mov	12($inp),$s3
-		mov	$keyp,$key	# restore key
-		mov	$inp,$_inp	# save inp
-		mov	$out,$_out	# save out
-		mov	%r10,$_len	# save len
-
-		call	_x86_64_AES_decrypt_compact
-
-		mov	$_inp,$inp	# restore inp
-		mov	$_out,$out	# restore out
-		mov	$_len,%r10
-		xor	0+$ivec,$s0
-		xor	4+$ivec,$s1
-		xor	8+$ivec,$s2
-		xor	12+$ivec,$s3
-
-		mov	0($inp),%r11	# load input
-		mov	8($inp),%r12
-		sub	\$16,%r10
-		jc	.Lcbc_slow_dec_partial
-		jz	.Lcbc_slow_dec_done
-
-		mov	%r11,0+$ivec	# copy input to iv
-		mov	%r12,8+$ivec
-
-		mov	$s0,0($out)	# save output [can zap input]
-		mov	$s1,4($out)
-		mov	$s2,8($out)
-		mov	$s3,12($out)
-
-		lea	16($inp),$inp
-		lea	16($out),$out
-	jmp	.Lcbc_slow_dec_loop
-.Lcbc_slow_dec_done:
-	mov	$_ivp,%rdi
-	mov	%r11,0(%rdi)		# copy iv back to user
-	mov	%r12,8(%rdi)
-
-	mov	$s0,0($out)		# save output [can zap input]
-	mov	$s1,4($out)
-	mov	$s2,8($out)
-	mov	$s3,12($out)
-
-	jmp	.Lcbc_exit
-
-.align	4
-.Lcbc_slow_dec_partial:
-	mov	$_ivp,%rdi
-	mov	%r11,0(%rdi)		# copy iv back to user
-	mov	%r12,8(%rdi)
-
-	mov	$s0,0+$ivec		# save output to stack
-	mov	$s1,4+$ivec
-	mov	$s2,8+$ivec
-	mov	$s3,12+$ivec
-
-	mov	$out,%rdi
-	lea	$ivec,%rsi
-	lea	16(%r10),%rcx
-	.long	0x9066A4F3	# rep movsb
-	jmp	.Lcbc_exit
-
-.align	16
-.Lcbc_exit:
-	mov	$_rsp,%rsi
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lcbc_popfq:
-	popfq
-.Lcbc_epilogue:
-	ret
-.size	AES_cbc_encrypt,.-AES_cbc_encrypt
-___
-}
-
-$code.=<<___;
-.align	64
-.LAES_Te:
-___
-	&_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
-	&_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
-	&_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
-	&_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
-	&_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
-	&_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
-	&_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
-	&_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
-	&_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
-	&_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
-	&_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
-	&_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
-	&_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
-	&_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
-	&_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
-	&_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
-	&_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
-	&_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
-	&_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
-	&_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
-	&_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
-	&_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
-	&_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
-	&_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
-	&_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
-	&_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
-	&_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
-	&_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
-	&_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
-	&_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
-	&_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
-	&_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
-	&_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
-	&_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
-	&_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
-	&_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
-	&_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
-	&_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
-	&_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
-	&_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
-	&_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
-	&_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
-	&_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
-	&_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
-	&_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
-	&_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
-	&_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
-	&_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
-	&_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
-	&_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
-	&_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
-	&_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
-	&_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
-	&_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
-	&_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
-	&_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
-	&_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
-	&_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
-	&_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
-	&_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
-	&_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
-	&_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
-	&_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
-	&_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
-
-#Te4	# four copies of Te4 to choose from to avoid L1 aliasing
-	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
-	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
-	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-
-	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
-	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
-	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
-	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
-	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
-	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
-	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
-	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
-	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
-	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
-	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
-	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
-	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
-	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
-	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
-	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
-	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
-	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
-	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
-	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
-	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
-	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
-	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
-	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
-	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
-	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
-	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
-	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
-	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
-	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
-	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
-	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
-#rcon:
-$code.=<<___;
-	.long	0x00000001, 0x00000002, 0x00000004, 0x00000008
-	.long	0x00000010, 0x00000020, 0x00000040, 0x00000080
-	.long	0x0000001b, 0x00000036, 0x80808080, 0x80808080
-	.long	0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
-___
-$code.=<<___;
-.align	64
-.LAES_Td:
-___
-	&_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
-	&_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
-	&_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
-	&_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
-	&_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
-	&_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
-	&_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
-	&_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
-	&_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
-	&_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
-	&_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
-	&_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
-	&_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
-	&_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
-	&_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
-	&_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
-	&_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
-	&_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
-	&_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
-	&_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
-	&_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
-	&_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
-	&_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
-	&_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
-	&_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
-	&_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
-	&_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
-	&_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
-	&_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
-	&_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
-	&_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
-	&_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
-	&_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
-	&_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
-	&_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
-	&_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
-	&_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
-	&_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
-	&_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
-	&_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
-	&_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
-	&_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
-	&_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
-	&_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
-	&_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
-	&_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
-	&_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
-	&_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
-	&_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
-	&_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
-	&_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
-	&_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
-	&_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
-	&_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
-	&_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
-	&_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
-	&_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
-	&_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
-	&_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
-	&_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
-	&_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
-	&_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
-	&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
-	&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
-
-#Td4:	# four copies of Td4 to choose from to avoid L1 aliasing
-	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-$code.=<<___;
-	.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
-	.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-___
-	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-$code.=<<___;
-	.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
-	.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-___
-	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-$code.=<<___;
-	.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
-	.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-___
-	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-$code.=<<___;
-	.long	0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
-	.long	0x1b1b1b1b, 0x1b1b1b1b, 0, 0
-.asciz  "AES for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-.align	64
-___
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	block_se_handler,\@abi-omnipotent
-.align	16
-block_se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# prologue label
-	cmp	%r10,%rbx		# context->Rip<prologue label
-	jb	.Lin_block_prologue
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lin_block_prologue
-
-	mov	24(%rax),%rax		# pull saved real stack pointer
-	lea	48(%rax),%rax		# adjust...
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%rbp
-	mov	-24(%rax),%r12
-	mov	-32(%rax),%r13
-	mov	-40(%rax),%r14
-	mov	-48(%rax),%r15
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-.Lin_block_prologue:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	jmp	.Lcommon_seh_exit
-.size	block_se_handler,.-block_se_handler
-
-.type	key_se_handler,\@abi-omnipotent
-.align	16
-key_se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# prologue label
-	cmp	%r10,%rbx		# context->Rip<prologue label
-	jb	.Lin_key_prologue
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lin_key_prologue
-
-	lea	56(%rax),%rax
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%rbp
-	mov	-24(%rax),%r12
-	mov	-32(%rax),%r13
-	mov	-40(%rax),%r14
-	mov	-48(%rax),%r15
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-.Lin_key_prologue:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	jmp	.Lcommon_seh_exit
-.size	key_se_handler,.-key_se_handler
-
-.type	cbc_se_handler,\@abi-omnipotent
-.align	16
-cbc_se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	lea	.Lcbc_prologue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<.Lcbc_prologue
-	jb	.Lin_cbc_prologue
-
-	lea	.Lcbc_fast_body(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<.Lcbc_fast_body
-	jb	.Lin_cbc_frame_setup
-
-	lea	.Lcbc_slow_prologue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<.Lcbc_slow_prologue
-	jb	.Lin_cbc_body
-
-	lea	.Lcbc_slow_body(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<.Lcbc_slow_body
-	jb	.Lin_cbc_frame_setup
-
-.Lin_cbc_body:
-	mov	152($context),%rax	# pull context->Rsp
-
-	lea	.Lcbc_epilogue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip>=.Lcbc_epilogue
-	jae	.Lin_cbc_prologue
-
-	lea	8(%rax),%rax
-
-	lea	.Lcbc_popfq(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip>=.Lcbc_popfq
-	jae	.Lin_cbc_prologue
-
-	mov	`16-8`(%rax),%rax	# biased $_rsp
-	lea	56(%rax),%rax
-
-.Lin_cbc_frame_setup:
-	mov	-16(%rax),%rbx
-	mov	-24(%rax),%rbp
-	mov	-32(%rax),%r12
-	mov	-40(%rax),%r13
-	mov	-48(%rax),%r14
-	mov	-56(%rax),%r15
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-.Lin_cbc_prologue:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-.Lcommon_seh_exit:
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	cbc_se_handler,.-cbc_se_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_AES_encrypt
-	.rva	.LSEH_end_AES_encrypt
-	.rva	.LSEH_info_AES_encrypt
-
-	.rva	.LSEH_begin_AES_decrypt
-	.rva	.LSEH_end_AES_decrypt
-	.rva	.LSEH_info_AES_decrypt
-
-	.rva	.LSEH_begin_private_AES_set_encrypt_key
-	.rva	.LSEH_end_private_AES_set_encrypt_key
-	.rva	.LSEH_info_private_AES_set_encrypt_key
-
-	.rva	.LSEH_begin_private_AES_set_decrypt_key
-	.rva	.LSEH_end_private_AES_set_decrypt_key
-	.rva	.LSEH_info_private_AES_set_decrypt_key
-
-	.rva	.LSEH_begin_AES_cbc_encrypt
-	.rva	.LSEH_end_AES_cbc_encrypt
-	.rva	.LSEH_info_AES_cbc_encrypt
-
-.section	.xdata
-.align	8
-.LSEH_info_AES_encrypt:
-	.byte	9,0,0,0
-	.rva	block_se_handler
-	.rva	.Lenc_prologue,.Lenc_epilogue	# HandlerData[]
-.LSEH_info_AES_decrypt:
-	.byte	9,0,0,0
-	.rva	block_se_handler
-	.rva	.Ldec_prologue,.Ldec_epilogue	# HandlerData[]
-.LSEH_info_private_AES_set_encrypt_key:
-	.byte	9,0,0,0
-	.rva	key_se_handler
-	.rva	.Lenc_key_prologue,.Lenc_key_epilogue	# HandlerData[]
-.LSEH_info_private_AES_set_decrypt_key:
-	.byte	9,0,0,0
-	.rva	key_se_handler
-	.rva	.Ldec_key_prologue,.Ldec_key_epilogue	# HandlerData[]
-.LSEH_info_AES_cbc_encrypt:
-	.byte	9,0,0,0
-	.rva	cbc_se_handler
-___
-}
-
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-
-print $code;
-
-close STDOUT;
diff --git a/crypto/aes/asm/aesni-sha1-x86_64.S b/crypto/aes/asm/aesni-sha1-x86_64.S
deleted file mode 100644
index 32fd600b92..0000000000
--- a/crypto/aes/asm/aesni-sha1-x86_64.S
+++ /dev/null
@@ -1,1396 +0,0 @@
-.text	
-
-
-.globl	aesni_cbc_sha1_enc
-.type	aesni_cbc_sha1_enc,@function
-.align	16
-aesni_cbc_sha1_enc:
-
-	movl	OPENSSL_ia32cap_P+0(%rip),%r10d
-	movl	OPENSSL_ia32cap_P+4(%rip),%r11d
-	jmp	aesni_cbc_sha1_enc_ssse3
-	.byte	0xf3,0xc3
-.size	aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc
-.type	aesni_cbc_sha1_enc_ssse3,@function
-.align	16
-aesni_cbc_sha1_enc_ssse3:
-	movq	8(%rsp),%r10
-
-
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	leaq	-104(%rsp),%rsp
-
-
-	movq	%rdi,%r12
-	movq	%rsi,%r13
-	movq	%rdx,%r14
-	movq	%rcx,%r15
-	movdqu	(%r8),%xmm11
-	movq	%r8,88(%rsp)
-	shlq	$6,%r14
-	subq	%r12,%r13
-	movl	240(%r15),%r8d
-	addq	%r10,%r14
-
-	leaq	K_XX_XX(%rip),%r11
-	movl	0(%r9),%eax
-	movl	4(%r9),%ebx
-	movl	8(%r9),%ecx
-	movl	12(%r9),%edx
-	movl	%ebx,%esi
-	movl	16(%r9),%ebp
-
-	movdqa	64(%r11),%xmm6
-	movdqa	0(%r11),%xmm9
-	movdqu	0(%r10),%xmm0
-	movdqu	16(%r10),%xmm1
-	movdqu	32(%r10),%xmm2
-	movdqu	48(%r10),%xmm3
-.byte	102,15,56,0,198
-	addq	$64,%r10
-.byte	102,15,56,0,206
-.byte	102,15,56,0,214
-.byte	102,15,56,0,222
-	paddd	%xmm9,%xmm0
-	paddd	%xmm9,%xmm1
-	paddd	%xmm9,%xmm2
-	movdqa	%xmm0,0(%rsp)
-	psubd	%xmm9,%xmm0
-	movdqa	%xmm1,16(%rsp)
-	psubd	%xmm9,%xmm1
-	movdqa	%xmm2,32(%rsp)
-	psubd	%xmm9,%xmm2
-	movups	(%r15),%xmm13
-	movups	16(%r15),%xmm14
-	jmp	.Loop_ssse3
-.align	16
-.Loop_ssse3:
-	movdqa	%xmm1,%xmm4
-	addl	0(%rsp),%ebp
-	movups	0(%r12),%xmm12
-	xorps	%xmm13,%xmm12
-	xorps	%xmm12,%xmm11
-.byte	102,69,15,56,220,222
-	movups	32(%r15),%xmm15
-	xorl	%edx,%ecx
-	movdqa	%xmm3,%xmm8
-.byte	102,15,58,15,224,8
-	movl	%eax,%edi
-	roll	$5,%eax
-	paddd	%xmm3,%xmm9
-	andl	%ecx,%esi
-	xorl	%edx,%ecx
-	psrldq	$4,%xmm8
-	xorl	%edx,%esi
-	addl	%eax,%ebp
-	pxor	%xmm0,%xmm4
-	rorl	$2,%ebx
-	addl	%esi,%ebp
-	pxor	%xmm2,%xmm8
-	addl	4(%rsp),%edx
-	xorl	%ecx,%ebx
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	pxor	%xmm8,%xmm4
-	andl	%ebx,%edi
-	xorl	%ecx,%ebx
-	movdqa	%xmm9,48(%rsp)
-	xorl	%ecx,%edi
-.byte	102,69,15,56,220,223
-	movups	48(%r15),%xmm14
-	addl	%ebp,%edx
-	movdqa	%xmm4,%xmm10
-	movdqa	%xmm4,%xmm8
-	rorl	$7,%eax
-	addl	%edi,%edx
-	addl	8(%rsp),%ecx
-	xorl	%ebx,%eax
-	pslldq	$12,%xmm10
-	paddd	%xmm4,%xmm4
-	movl	%edx,%edi
-	roll	$5,%edx
-	andl	%eax,%esi
-	xorl	%ebx,%eax
-	psrld	$31,%xmm8
-	xorl	%ebx,%esi
-	addl	%edx,%ecx
-	movdqa	%xmm10,%xmm9
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	psrld	$30,%xmm10
-	por	%xmm8,%xmm4
-	addl	12(%rsp),%ebx
-	xorl	%eax,%ebp
-	movl	%ecx,%esi
-	roll	$5,%ecx
-.byte	102,69,15,56,220,222
-	movups	64(%r15),%xmm15
-	pslld	$2,%xmm9
-	pxor	%xmm10,%xmm4
-	andl	%ebp,%edi
-	xorl	%eax,%ebp
-	movdqa	0(%r11),%xmm10
-	xorl	%eax,%edi
-	addl	%ecx,%ebx
-	pxor	%xmm9,%xmm4
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	movdqa	%xmm2,%xmm5
-	addl	16(%rsp),%eax
-	xorl	%ebp,%edx
-	movdqa	%xmm4,%xmm9
-.byte	102,15,58,15,233,8
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	paddd	%xmm4,%xmm10
-	andl	%edx,%esi
-	xorl	%ebp,%edx
-	psrldq	$4,%xmm9
-	xorl	%ebp,%esi
-	addl	%ebx,%eax
-	pxor	%xmm1,%xmm5
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	pxor	%xmm3,%xmm9
-	addl	20(%rsp),%ebp
-.byte	102,69,15,56,220,223
-	movups	80(%r15),%xmm14
-	xorl	%edx,%ecx
-	movl	%eax,%esi
-	roll	$5,%eax
-	pxor	%xmm9,%xmm5
-	andl	%ecx,%edi
-	xorl	%edx,%ecx
-	movdqa	%xmm10,0(%rsp)
-	xorl	%edx,%edi
-	addl	%eax,%ebp
-	movdqa	%xmm5,%xmm8
-	movdqa	%xmm5,%xmm9
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	addl	24(%rsp),%edx
-	xorl	%ecx,%ebx
-	pslldq	$12,%xmm8
-	paddd	%xmm5,%xmm5
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	andl	%ebx,%esi
-	xorl	%ecx,%ebx
-	psrld	$31,%xmm9
-	xorl	%ecx,%esi
-.byte	102,69,15,56,220,222
-	movups	96(%r15),%xmm15
-	addl	%ebp,%edx
-	movdqa	%xmm8,%xmm10
-	rorl	$7,%eax
-	addl	%esi,%edx
-	psrld	$30,%xmm8
-	por	%xmm9,%xmm5
-	addl	28(%rsp),%ecx
-	xorl	%ebx,%eax
-	movl	%edx,%esi
-	roll	$5,%edx
-	pslld	$2,%xmm10
-	pxor	%xmm8,%xmm5
-	andl	%eax,%edi
-	xorl	%ebx,%eax
-	movdqa	16(%r11),%xmm8
-	xorl	%ebx,%edi
-	addl	%edx,%ecx
-	pxor	%xmm10,%xmm5
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	movdqa	%xmm3,%xmm6
-	addl	32(%rsp),%ebx
-	xorl	%eax,%ebp
-	movdqa	%xmm5,%xmm10
-.byte	102,15,58,15,242,8
-	movl	%ecx,%edi
-	roll	$5,%ecx
-.byte	102,69,15,56,220,223
-	movups	112(%r15),%xmm14
-	paddd	%xmm5,%xmm8
-	andl	%ebp,%esi
-	xorl	%eax,%ebp
-	psrldq	$4,%xmm10
-	xorl	%eax,%esi
-	addl	%ecx,%ebx
-	pxor	%xmm2,%xmm6
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	pxor	%xmm4,%xmm10
-	addl	36(%rsp),%eax
-	xorl	%ebp,%edx
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	pxor	%xmm10,%xmm6
-	andl	%edx,%edi
-	xorl	%ebp,%edx
-	movdqa	%xmm8,16(%rsp)
-	xorl	%ebp,%edi
-	addl	%ebx,%eax
-	movdqa	%xmm6,%xmm9
-	movdqa	%xmm6,%xmm10
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	addl	40(%rsp),%ebp
-.byte	102,69,15,56,220,222
-	movups	128(%r15),%xmm15
-	xorl	%edx,%ecx
-	pslldq	$12,%xmm9
-	paddd	%xmm6,%xmm6
-	movl	%eax,%edi
-	roll	$5,%eax
-	andl	%ecx,%esi
-	xorl	%edx,%ecx
-	psrld	$31,%xmm10
-	xorl	%edx,%esi
-	addl	%eax,%ebp
-	movdqa	%xmm9,%xmm8
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	psrld	$30,%xmm9
-	por	%xmm10,%xmm6
-	addl	44(%rsp),%edx
-	xorl	%ecx,%ebx
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	pslld	$2,%xmm8
-	pxor	%xmm9,%xmm6
-	andl	%ebx,%edi
-	xorl	%ecx,%ebx
-	movdqa	16(%r11),%xmm9
-	xorl	%ecx,%edi
-.byte	102,69,15,56,220,223
-	movups	144(%r15),%xmm14
-	addl	%ebp,%edx
-	pxor	%xmm8,%xmm6
-	rorl	$7,%eax
-	addl	%edi,%edx
-	movdqa	%xmm4,%xmm7
-	addl	48(%rsp),%ecx
-	xorl	%ebx,%eax
-	movdqa	%xmm6,%xmm8
-.byte	102,15,58,15,251,8
-	movl	%edx,%edi
-	roll	$5,%edx
-	paddd	%xmm6,%xmm9
-	andl	%eax,%esi
-	xorl	%ebx,%eax
-	psrldq	$4,%xmm8
-	xorl	%ebx,%esi
-	addl	%edx,%ecx
-	pxor	%xmm3,%xmm7
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	pxor	%xmm5,%xmm8
-	addl	52(%rsp),%ebx
-	xorl	%eax,%ebp
-	movl	%ecx,%esi
-	roll	$5,%ecx
-.byte	102,69,15,56,220,222
-	movups	160(%r15),%xmm15
-	pxor	%xmm8,%xmm7
-	andl	%ebp,%edi
-	xorl	%eax,%ebp
-	movdqa	%xmm9,32(%rsp)
-	xorl	%eax,%edi
-	addl	%ecx,%ebx
-	movdqa	%xmm7,%xmm10
-	movdqa	%xmm7,%xmm8
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	addl	56(%rsp),%eax
-	xorl	%ebp,%edx
-	pslldq	$12,%xmm10
-	paddd	%xmm7,%xmm7
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	andl	%edx,%esi
-	xorl	%ebp,%edx
-	psrld	$31,%xmm8
-	xorl	%ebp,%esi
-	addl	%ebx,%eax
-	movdqa	%xmm10,%xmm9
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	psrld	$30,%xmm10
-	por	%xmm8,%xmm7
-	addl	60(%rsp),%ebp
-	cmpl	$11,%r8d
-	jb	.Laesenclast1
-	movups	176(%r15),%xmm14
-.byte	102,69,15,56,220,223
-	movups	192(%r15),%xmm15
-.byte	102,69,15,56,220,222
-	je	.Laesenclast1
-	movups	208(%r15),%xmm14
-.byte	102,69,15,56,220,223
-	movups	224(%r15),%xmm15
-.byte	102,69,15,56,220,222
-.Laesenclast1:
-.byte	102,69,15,56,221,223
-	movups	16(%r15),%xmm14
-	xorl	%edx,%ecx
-	movl	%eax,%esi
-	roll	$5,%eax
-	pslld	$2,%xmm9
-	pxor	%xmm10,%xmm7
-	andl	%ecx,%edi
-	xorl	%edx,%ecx
-	movdqa	16(%r11),%xmm10
-	xorl	%edx,%edi
-	addl	%eax,%ebp
-	pxor	%xmm9,%xmm7
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	movdqa	%xmm7,%xmm9
-	addl	0(%rsp),%edx
-	pxor	%xmm4,%xmm0
-.byte	102,68,15,58,15,206,8
-	xorl	%ecx,%ebx
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	pxor	%xmm1,%xmm0
-	andl	%ebx,%esi
-	xorl	%ecx,%ebx
-	movdqa	%xmm10,%xmm8
-	paddd	%xmm7,%xmm10
-	xorl	%ecx,%esi
-	movups	16(%r12),%xmm12
-	xorps	%xmm13,%xmm12
-	movups	%xmm11,0(%r13,%r12,1)
-	xorps	%xmm12,%xmm11
-.byte	102,69,15,56,220,222
-	movups	32(%r15),%xmm15
-	addl	%ebp,%edx
-	pxor	%xmm9,%xmm0
-	rorl	$7,%eax
-	addl	%esi,%edx
-	addl	4(%rsp),%ecx
-	xorl	%ebx,%eax
-	movdqa	%xmm0,%xmm9
-	movdqa	%xmm10,48(%rsp)
-	movl	%edx,%esi
-	roll	$5,%edx
-	andl	%eax,%edi
-	xorl	%ebx,%eax
-	pslld	$2,%xmm0
-	xorl	%ebx,%edi
-	addl	%edx,%ecx
-	psrld	$30,%xmm9
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	addl	8(%rsp),%ebx
-	xorl	%eax,%ebp
-	movl	%ecx,%edi
-	roll	$5,%ecx
-.byte	102,69,15,56,220,223
-	movups	48(%r15),%xmm14
-	por	%xmm9,%xmm0
-	andl	%ebp,%esi
-	xorl	%eax,%ebp
-	movdqa	%xmm0,%xmm10
-	xorl	%eax,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	addl	12(%rsp),%eax
-	xorl	%ebp,%edx
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	andl	%edx,%edi
-	xorl	%ebp,%edx
-	xorl	%ebp,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	addl	16(%rsp),%ebp
-.byte	102,69,15,56,220,222
-	movups	64(%r15),%xmm15
-	pxor	%xmm5,%xmm1
-.byte	102,68,15,58,15,215,8
-	xorl	%edx,%esi
-	movl	%eax,%edi
-	roll	$5,%eax
-	pxor	%xmm2,%xmm1
-	xorl	%ecx,%esi
-	addl	%eax,%ebp
-	movdqa	%xmm8,%xmm9
-	paddd	%xmm0,%xmm8
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	pxor	%xmm10,%xmm1
-	addl	20(%rsp),%edx
-	xorl	%ecx,%edi
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	movdqa	%xmm1,%xmm10
-	movdqa	%xmm8,0(%rsp)
-	xorl	%ebx,%edi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%edi,%edx
-	pslld	$2,%xmm1
-	addl	24(%rsp),%ecx
-	xorl	%ebx,%esi
-	psrld	$30,%xmm10
-	movl	%edx,%edi
-	roll	$5,%edx
-	xorl	%eax,%esi
-.byte	102,69,15,56,220,223
-	movups	80(%r15),%xmm14
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	por	%xmm10,%xmm1
-	addl	28(%rsp),%ebx
-	xorl	%eax,%edi
-	movdqa	%xmm1,%xmm8
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	xorl	%ebp,%edi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	addl	32(%rsp),%eax
-	pxor	%xmm6,%xmm2
-.byte	102,68,15,58,15,192,8
-	xorl	%ebp,%esi
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	pxor	%xmm3,%xmm2
-	xorl	%edx,%esi
-	addl	%ebx,%eax
-	movdqa	32(%r11),%xmm10
-	paddd	%xmm1,%xmm9
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	pxor	%xmm8,%xmm2
-	addl	36(%rsp),%ebp
-.byte	102,69,15,56,220,222
-	movups	96(%r15),%xmm15
-	xorl	%edx,%edi
-	movl	%eax,%esi
-	roll	$5,%eax
-	movdqa	%xmm2,%xmm8
-	movdqa	%xmm9,16(%rsp)
-	xorl	%ecx,%edi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	pslld	$2,%xmm2
-	addl	40(%rsp),%edx
-	xorl	%ecx,%esi
-	psrld	$30,%xmm8
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	xorl	%ebx,%esi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%esi,%edx
-	por	%xmm8,%xmm2
-	addl	44(%rsp),%ecx
-	xorl	%ebx,%edi
-	movdqa	%xmm2,%xmm9
-	movl	%edx,%esi
-	roll	$5,%edx
-	xorl	%eax,%edi
-.byte	102,69,15,56,220,223
-	movups	112(%r15),%xmm14
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	addl	48(%rsp),%ebx
-	pxor	%xmm7,%xmm3
-.byte	102,68,15,58,15,201,8
-	xorl	%eax,%esi
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	pxor	%xmm4,%xmm3
-	xorl	%ebp,%esi
-	addl	%ecx,%ebx
-	movdqa	%xmm10,%xmm8
-	paddd	%xmm2,%xmm10
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	pxor	%xmm9,%xmm3
-	addl	52(%rsp),%eax
-	xorl	%ebp,%edi
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	movdqa	%xmm3,%xmm9
-	movdqa	%xmm10,32(%rsp)
-	xorl	%edx,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	pslld	$2,%xmm3
-	addl	56(%rsp),%ebp
-.byte	102,69,15,56,220,222
-	movups	128(%r15),%xmm15
-	xorl	%edx,%esi
-	psrld	$30,%xmm9
-	movl	%eax,%edi
-	roll	$5,%eax
-	xorl	%ecx,%esi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	por	%xmm9,%xmm3
-	addl	60(%rsp),%edx
-	xorl	%ecx,%edi
-	movdqa	%xmm3,%xmm10
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	xorl	%ebx,%edi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%edi,%edx
-	addl	0(%rsp),%ecx
-	pxor	%xmm0,%xmm4
-.byte	102,68,15,58,15,210,8
-	xorl	%ebx,%esi
-	movl	%edx,%edi
-	roll	$5,%edx
-	pxor	%xmm5,%xmm4
-	xorl	%eax,%esi
-.byte	102,69,15,56,220,223
-	movups	144(%r15),%xmm14
-	addl	%edx,%ecx
-	movdqa	%xmm8,%xmm9
-	paddd	%xmm3,%xmm8
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	pxor	%xmm10,%xmm4
-	addl	4(%rsp),%ebx
-	xorl	%eax,%edi
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	movdqa	%xmm4,%xmm10
-	movdqa	%xmm8,48(%rsp)
-	xorl	%ebp,%edi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	pslld	$2,%xmm4
-	addl	8(%rsp),%eax
-	xorl	%ebp,%esi
-	psrld	$30,%xmm10
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	xorl	%edx,%esi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	por	%xmm10,%xmm4
-	addl	12(%rsp),%ebp
-.byte	102,69,15,56,220,222
-	movups	160(%r15),%xmm15
-	xorl	%edx,%edi
-	movdqa	%xmm4,%xmm8
-	movl	%eax,%esi
-	roll	$5,%eax
-	xorl	%ecx,%edi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	addl	16(%rsp),%edx
-	pxor	%xmm1,%xmm5
-.byte	102,68,15,58,15,195,8
-	xorl	%ecx,%esi
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	pxor	%xmm6,%xmm5
-	xorl	%ebx,%esi
-	addl	%ebp,%edx
-	movdqa	%xmm9,%xmm10
-	paddd	%xmm4,%xmm9
-	rorl	$7,%eax
-	addl	%esi,%edx
-	pxor	%xmm8,%xmm5
-	addl	20(%rsp),%ecx
-	xorl	%ebx,%edi
-	movl	%edx,%esi
-	roll	$5,%edx
-	movdqa	%xmm5,%xmm8
-	movdqa	%xmm9,0(%rsp)
-	xorl	%eax,%edi
-	cmpl	$11,%r8d
-	jb	.Laesenclast2
-	movups	176(%r15),%xmm14
-.byte	102,69,15,56,220,223
-	movups	192(%r15),%xmm15
-.byte	102,69,15,56,220,222
-	je	.Laesenclast2
-	movups	208(%r15),%xmm14
-.byte	102,69,15,56,220,223
-	movups	224(%r15),%xmm15
-.byte	102,69,15,56,220,222
-.Laesenclast2:
-.byte	102,69,15,56,221,223
-	movups	16(%r15),%xmm14
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	pslld	$2,%xmm5
-	addl	24(%rsp),%ebx
-	xorl	%eax,%esi
-	psrld	$30,%xmm8
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	xorl	%ebp,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	por	%xmm8,%xmm5
-	addl	28(%rsp),%eax
-	xorl	%ebp,%edi
-	movdqa	%xmm5,%xmm9
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	movl	%ecx,%edi
-	movups	32(%r12),%xmm12
-	xorps	%xmm13,%xmm12
-	movups	%xmm11,16(%r13,%r12,1)
-	xorps	%xmm12,%xmm11
-.byte	102,69,15,56,220,222
-	movups	32(%r15),%xmm15
-	pxor	%xmm2,%xmm6
-.byte	102,68,15,58,15,204,8
-	xorl	%edx,%ecx
-	addl	32(%rsp),%ebp
-	andl	%edx,%edi
-	pxor	%xmm7,%xmm6
-	andl	%ecx,%esi
-	rorl	$7,%ebx
-	movdqa	%xmm10,%xmm8
-	paddd	%xmm5,%xmm10
-	addl	%edi,%ebp
-	movl	%eax,%edi
-	pxor	%xmm9,%xmm6
-	roll	$5,%eax
-	addl	%esi,%ebp
-	xorl	%edx,%ecx
-	addl	%eax,%ebp
-	movdqa	%xmm6,%xmm9
-	movdqa	%xmm10,16(%rsp)
-	movl	%ebx,%esi
-	xorl	%ecx,%ebx
-	addl	36(%rsp),%edx
-	andl	%ecx,%esi
-	pslld	$2,%xmm6
-	andl	%ebx,%edi
-	rorl	$7,%eax
-	psrld	$30,%xmm9
-	addl	%esi,%edx
-	movl	%ebp,%esi
-	roll	$5,%ebp
-.byte	102,69,15,56,220,223
-	movups	48(%r15),%xmm14
-	addl	%edi,%edx
-	xorl	%ecx,%ebx
-	addl	%ebp,%edx
-	por	%xmm9,%xmm6
-	movl	%eax,%edi
-	xorl	%ebx,%eax
-	movdqa	%xmm6,%xmm10
-	addl	40(%rsp),%ecx
-	andl	%ebx,%edi
-	andl	%eax,%esi
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	movl	%edx,%edi
-	roll	$5,%edx
-	addl	%esi,%ecx
-	xorl	%ebx,%eax
-	addl	%edx,%ecx
-	movl	%ebp,%esi
-	xorl	%eax,%ebp
-	addl	44(%rsp),%ebx
-	andl	%eax,%esi
-	andl	%ebp,%edi
-.byte	102,69,15,56,220,222
-	movups	64(%r15),%xmm15
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	addl	%edi,%ebx
-	xorl	%eax,%ebp
-	addl	%ecx,%ebx
-	movl	%edx,%edi
-	pxor	%xmm3,%xmm7
-.byte	102,68,15,58,15,213,8
-	xorl	%ebp,%edx
-	addl	48(%rsp),%eax
-	andl	%ebp,%edi
-	pxor	%xmm0,%xmm7
-	andl	%edx,%esi
-	rorl	$7,%ecx
-	movdqa	48(%r11),%xmm9
-	paddd	%xmm6,%xmm8
-	addl	%edi,%eax
-	movl	%ebx,%edi
-	pxor	%xmm10,%xmm7
-	roll	$5,%ebx
-	addl	%esi,%eax
-	xorl	%ebp,%edx
-	addl	%ebx,%eax
-	movdqa	%xmm7,%xmm10
-	movdqa	%xmm8,32(%rsp)
-	movl	%ecx,%esi
-.byte	102,69,15,56,220,223
-	movups	80(%r15),%xmm14
-	xorl	%edx,%ecx
-	addl	52(%rsp),%ebp
-	andl	%edx,%esi
-	pslld	$2,%xmm7
-	andl	%ecx,%edi
-	rorl	$7,%ebx
-	psrld	$30,%xmm10
-	addl	%esi,%ebp
-	movl	%eax,%esi
-	roll	$5,%eax
-	addl	%edi,%ebp
-	xorl	%edx,%ecx
-	addl	%eax,%ebp
-	por	%xmm10,%xmm7
-	movl	%ebx,%edi
-	xorl	%ecx,%ebx
-	movdqa	%xmm7,%xmm8
-	addl	56(%rsp),%edx
-	andl	%ecx,%edi
-	andl	%ebx,%esi
-	rorl	$7,%eax
-	addl	%edi,%edx
-	movl	%ebp,%edi
-	roll	$5,%ebp
-.byte	102,69,15,56,220,222
-	movups	96(%r15),%xmm15
-	addl	%esi,%edx
-	xorl	%ecx,%ebx
-	addl	%ebp,%edx
-	movl	%eax,%esi
-	xorl	%ebx,%eax
-	addl	60(%rsp),%ecx
-	andl	%ebx,%esi
-	andl	%eax,%edi
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	movl	%edx,%esi
-	roll	$5,%edx
-	addl	%edi,%ecx
-	xorl	%ebx,%eax
-	addl	%edx,%ecx
-	movl	%ebp,%edi
-	pxor	%xmm4,%xmm0
-.byte	102,68,15,58,15,198,8
-	xorl	%eax,%ebp
-	addl	0(%rsp),%ebx
-	andl	%eax,%edi
-	pxor	%xmm1,%xmm0
-	andl	%ebp,%esi
-.byte	102,69,15,56,220,223
-	movups	112(%r15),%xmm14
-	rorl	$7,%edx
-	movdqa	%xmm9,%xmm10
-	paddd	%xmm7,%xmm9
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	pxor	%xmm8,%xmm0
-	roll	$5,%ecx
-	addl	%esi,%ebx
-	xorl	%eax,%ebp
-	addl	%ecx,%ebx
-	movdqa	%xmm0,%xmm8
-	movdqa	%xmm9,48(%rsp)
-	movl	%edx,%esi
-	xorl	%ebp,%edx
-	addl	4(%rsp),%eax
-	andl	%ebp,%esi
-	pslld	$2,%xmm0
-	andl	%edx,%edi
-	rorl	$7,%ecx
-	psrld	$30,%xmm8
-	addl	%esi,%eax
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	addl	%edi,%eax
-	xorl	%ebp,%edx
-	addl	%ebx,%eax
-	por	%xmm8,%xmm0
-	movl	%ecx,%edi
-.byte	102,69,15,56,220,222
-	movups	128(%r15),%xmm15
-	xorl	%edx,%ecx
-	movdqa	%xmm0,%xmm9
-	addl	8(%rsp),%ebp
-	andl	%edx,%edi
-	andl	%ecx,%esi
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	movl	%eax,%edi
-	roll	$5,%eax
-	addl	%esi,%ebp
-	xorl	%edx,%ecx
-	addl	%eax,%ebp
-	movl	%ebx,%esi
-	xorl	%ecx,%ebx
-	addl	12(%rsp),%edx
-	andl	%ecx,%esi
-	andl	%ebx,%edi
-	rorl	$7,%eax
-	addl	%esi,%edx
-	movl	%ebp,%esi
-	roll	$5,%ebp
-.byte	102,69,15,56,220,223
-	movups	144(%r15),%xmm14
-	addl	%edi,%edx
-	xorl	%ecx,%ebx
-	addl	%ebp,%edx
-	movl	%eax,%edi
-	pxor	%xmm5,%xmm1
-.byte	102,68,15,58,15,207,8
-	xorl	%ebx,%eax
-	addl	16(%rsp),%ecx
-	andl	%ebx,%edi
-	pxor	%xmm2,%xmm1
-	andl	%eax,%esi
-	rorl	$7,%ebp
-	movdqa	%xmm10,%xmm8
-	paddd	%xmm0,%xmm10
-	addl	%edi,%ecx
-	movl	%edx,%edi
-	pxor	%xmm9,%xmm1
-	roll	$5,%edx
-	addl	%esi,%ecx
-	xorl	%ebx,%eax
-	addl	%edx,%ecx
-	movdqa	%xmm1,%xmm9
-	movdqa	%xmm10,0(%rsp)
-	movl	%ebp,%esi
-	xorl	%eax,%ebp
-	addl	20(%rsp),%ebx
-	andl	%eax,%esi
-	pslld	$2,%xmm1
-	andl	%ebp,%edi
-.byte	102,69,15,56,220,222
-	movups	160(%r15),%xmm15
-	rorl	$7,%edx
-	psrld	$30,%xmm9
-	addl	%esi,%ebx
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	addl	%edi,%ebx
-	xorl	%eax,%ebp
-	addl	%ecx,%ebx
-	por	%xmm9,%xmm1
-	movl	%edx,%edi
-	xorl	%ebp,%edx
-	movdqa	%xmm1,%xmm10
-	addl	24(%rsp),%eax
-	andl	%ebp,%edi
-	andl	%edx,%esi
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	addl	%esi,%eax
-	xorl	%ebp,%edx
-	addl	%ebx,%eax
-	movl	%ecx,%esi
-	cmpl	$11,%r8d
-	jb	.Laesenclast3
-	movups	176(%r15),%xmm14
-.byte	102,69,15,56,220,223
-	movups	192(%r15),%xmm15
-.byte	102,69,15,56,220,222
-	je	.Laesenclast3
-	movups	208(%r15),%xmm14
-.byte	102,69,15,56,220,223
-	movups	224(%r15),%xmm15
-.byte	102,69,15,56,220,222
-.Laesenclast3:
-.byte	102,69,15,56,221,223
-	movups	16(%r15),%xmm14
-	xorl	%edx,%ecx
-	addl	28(%rsp),%ebp
-	andl	%edx,%esi
-	andl	%ecx,%edi
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	movl	%eax,%esi
-	roll	$5,%eax
-	addl	%edi,%ebp
-	xorl	%edx,%ecx
-	addl	%eax,%ebp
-	movl	%ebx,%edi
-	pxor	%xmm6,%xmm2
-.byte	102,68,15,58,15,208,8
-	xorl	%ecx,%ebx
-	addl	32(%rsp),%edx
-	andl	%ecx,%edi
-	pxor	%xmm3,%xmm2
-	andl	%ebx,%esi
-	rorl	$7,%eax
-	movdqa	%xmm8,%xmm9
-	paddd	%xmm1,%xmm8
-	addl	%edi,%edx
-	movl	%ebp,%edi
-	pxor	%xmm10,%xmm2
-	roll	$5,%ebp
-	movups	48(%r12),%xmm12
-	xorps	%xmm13,%xmm12
-	movups	%xmm11,32(%r13,%r12,1)
-	xorps	%xmm12,%xmm11
-.byte	102,69,15,56,220,222
-	movups	32(%r15),%xmm15
-	addl	%esi,%edx
-	xorl	%ecx,%ebx
-	addl	%ebp,%edx
-	movdqa	%xmm2,%xmm10
-	movdqa	%xmm8,16(%rsp)
-	movl	%eax,%esi
-	xorl	%ebx,%eax
-	addl	36(%rsp),%ecx
-	andl	%ebx,%esi
-	pslld	$2,%xmm2
-	andl	%eax,%edi
-	rorl	$7,%ebp
-	psrld	$30,%xmm10
-	addl	%esi,%ecx
-	movl	%edx,%esi
-	roll	$5,%edx
-	addl	%edi,%ecx
-	xorl	%ebx,%eax
-	addl	%edx,%ecx
-	por	%xmm10,%xmm2
-	movl	%ebp,%edi
-	xorl	%eax,%ebp
-	movdqa	%xmm2,%xmm8
-	addl	40(%rsp),%ebx
-	andl	%eax,%edi
-	andl	%ebp,%esi
-.byte	102,69,15,56,220,223
-	movups	48(%r15),%xmm14
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	addl	%esi,%ebx
-	xorl	%eax,%ebp
-	addl	%ecx,%ebx
-	movl	%edx,%esi
-	xorl	%ebp,%edx
-	addl	44(%rsp),%eax
-	andl	%ebp,%esi
-	andl	%edx,%edi
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	addl	%edi,%eax
-	xorl	%ebp,%edx
-	addl	%ebx,%eax
-	addl	48(%rsp),%ebp
-.byte	102,69,15,56,220,222
-	movups	64(%r15),%xmm15
-	pxor	%xmm7,%xmm3
-.byte	102,68,15,58,15,193,8
-	xorl	%edx,%esi
-	movl	%eax,%edi
-	roll	$5,%eax
-	pxor	%xmm4,%xmm3
-	xorl	%ecx,%esi
-	addl	%eax,%ebp
-	movdqa	%xmm9,%xmm10
-	paddd	%xmm2,%xmm9
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	pxor	%xmm8,%xmm3
-	addl	52(%rsp),%edx
-	xorl	%ecx,%edi
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	movdqa	%xmm3,%xmm8
-	movdqa	%xmm9,32(%rsp)
-	xorl	%ebx,%edi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%edi,%edx
-	pslld	$2,%xmm3
-	addl	56(%rsp),%ecx
-	xorl	%ebx,%esi
-	psrld	$30,%xmm8
-	movl	%edx,%edi
-	roll	$5,%edx
-	xorl	%eax,%esi
-.byte	102,69,15,56,220,223
-	movups	80(%r15),%xmm14
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	por	%xmm8,%xmm3
-	addl	60(%rsp),%ebx
-	xorl	%eax,%edi
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	xorl	%ebp,%edi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	addl	0(%rsp),%eax
-	paddd	%xmm3,%xmm10
-	xorl	%ebp,%esi
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	xorl	%edx,%esi
-	movdqa	%xmm10,48(%rsp)
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	addl	4(%rsp),%ebp
-.byte	102,69,15,56,220,222
-	movups	96(%r15),%xmm15
-	xorl	%edx,%edi
-	movl	%eax,%esi
-	roll	$5,%eax
-	xorl	%ecx,%edi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	addl	8(%rsp),%edx
-	xorl	%ecx,%esi
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	xorl	%ebx,%esi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%esi,%edx
-	addl	12(%rsp),%ecx
-	xorl	%ebx,%edi
-	movl	%edx,%esi
-	roll	$5,%edx
-	xorl	%eax,%edi
-.byte	102,69,15,56,220,223
-	movups	112(%r15),%xmm14
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	cmpq	%r14,%r10
-	je	.Ldone_ssse3
-	movdqa	64(%r11),%xmm6
-	movdqa	0(%r11),%xmm9
-	movdqu	0(%r10),%xmm0
-	movdqu	16(%r10),%xmm1
-	movdqu	32(%r10),%xmm2
-	movdqu	48(%r10),%xmm3
-.byte	102,15,56,0,198
-	addq	$64,%r10
-	addl	16(%rsp),%ebx
-	xorl	%eax,%esi
-.byte	102,15,56,0,206
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	paddd	%xmm9,%xmm0
-	xorl	%ebp,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	movdqa	%xmm0,0(%rsp)
-	addl	20(%rsp),%eax
-	xorl	%ebp,%edi
-	psubd	%xmm9,%xmm0
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	addl	24(%rsp),%ebp
-.byte	102,69,15,56,220,222
-	movups	128(%r15),%xmm15
-	xorl	%edx,%esi
-	movl	%eax,%edi
-	roll	$5,%eax
-	xorl	%ecx,%esi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	addl	28(%rsp),%edx
-	xorl	%ecx,%edi
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	xorl	%ebx,%edi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%edi,%edx
-	addl	32(%rsp),%ecx
-	xorl	%ebx,%esi
-.byte	102,15,56,0,214
-	movl	%edx,%edi
-	roll	$5,%edx
-	paddd	%xmm9,%xmm1
-	xorl	%eax,%esi
-.byte	102,69,15,56,220,223
-	movups	144(%r15),%xmm14
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	movdqa	%xmm1,16(%rsp)
-	addl	36(%rsp),%ebx
-	xorl	%eax,%edi
-	psubd	%xmm9,%xmm1
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	xorl	%ebp,%edi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	addl	40(%rsp),%eax
-	xorl	%ebp,%esi
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	xorl	%edx,%esi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	addl	44(%rsp),%ebp
-.byte	102,69,15,56,220,222
-	movups	160(%r15),%xmm15
-	xorl	%edx,%edi
-	movl	%eax,%esi
-	roll	$5,%eax
-	xorl	%ecx,%edi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	addl	48(%rsp),%edx
-	xorl	%ecx,%esi
-.byte	102,15,56,0,222
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	paddd	%xmm9,%xmm2
-	xorl	%ebx,%esi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%esi,%edx
-	movdqa	%xmm2,32(%rsp)
-	addl	52(%rsp),%ecx
-	xorl	%ebx,%edi
-	psubd	%xmm9,%xmm2
-	movl	%edx,%esi
-	roll	$5,%edx
-	xorl	%eax,%edi
-	cmpl	$11,%r8d
-	jb	.Laesenclast4
-	movups	176(%r15),%xmm14
-.byte	102,69,15,56,220,223
-	movups	192(%r15),%xmm15
-.byte	102,69,15,56,220,222
-	je	.Laesenclast4
-	movups	208(%r15),%xmm14
-.byte	102,69,15,56,220,223
-	movups	224(%r15),%xmm15
-.byte	102,69,15,56,220,222
-.Laesenclast4:
-.byte	102,69,15,56,221,223
-	movups	16(%r15),%xmm14
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	addl	56(%rsp),%ebx
-	xorl	%eax,%esi
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	xorl	%ebp,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	addl	60(%rsp),%eax
-	xorl	%ebp,%edi
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	movups	%xmm11,48(%r13,%r12,1)
-	leaq	64(%r12),%r12
-
-	addl	0(%r9),%eax
-	addl	4(%r9),%esi
-	addl	8(%r9),%ecx
-	addl	12(%r9),%edx
-	movl	%eax,0(%r9)
-	addl	16(%r9),%ebp
-	movl	%esi,4(%r9)
-	movl	%esi,%ebx
-	movl	%ecx,8(%r9)
-	movl	%edx,12(%r9)
-	movl	%ebp,16(%r9)
-	jmp	.Loop_ssse3
-
-.align	16
-.Ldone_ssse3:
-	addl	16(%rsp),%ebx
-	xorl	%eax,%esi
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	xorl	%ebp,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	addl	20(%rsp),%eax
-	xorl	%ebp,%edi
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	addl	24(%rsp),%ebp
-.byte	102,69,15,56,220,222
-	movups	128(%r15),%xmm15
-	xorl	%edx,%esi
-	movl	%eax,%edi
-	roll	$5,%eax
-	xorl	%ecx,%esi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	addl	28(%rsp),%edx
-	xorl	%ecx,%edi
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	xorl	%ebx,%edi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%edi,%edx
-	addl	32(%rsp),%ecx
-	xorl	%ebx,%esi
-	movl	%edx,%edi
-	roll	$5,%edx
-	xorl	%eax,%esi
-.byte	102,69,15,56,220,223
-	movups	144(%r15),%xmm14
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	addl	36(%rsp),%ebx
-	xorl	%eax,%edi
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	xorl	%ebp,%edi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	addl	40(%rsp),%eax
-	xorl	%ebp,%esi
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	xorl	%edx,%esi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	addl	44(%rsp),%ebp
-.byte	102,69,15,56,220,222
-	movups	160(%r15),%xmm15
-	xorl	%edx,%edi
-	movl	%eax,%esi
-	roll	$5,%eax
-	xorl	%ecx,%edi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	addl	48(%rsp),%edx
-	xorl	%ecx,%esi
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	xorl	%ebx,%esi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%esi,%edx
-	addl	52(%rsp),%ecx
-	xorl	%ebx,%edi
-	movl	%edx,%esi
-	roll	$5,%edx
-	xorl	%eax,%edi
-	cmpl	$11,%r8d
-	jb	.Laesenclast5
-	movups	176(%r15),%xmm14
-.byte	102,69,15,56,220,223
-	movups	192(%r15),%xmm15
-.byte	102,69,15,56,220,222
-	je	.Laesenclast5
-	movups	208(%r15),%xmm14
-.byte	102,69,15,56,220,223
-	movups	224(%r15),%xmm15
-.byte	102,69,15,56,220,222
-.Laesenclast5:
-.byte	102,69,15,56,221,223
-	movups	16(%r15),%xmm14
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	addl	56(%rsp),%ebx
-	xorl	%eax,%esi
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	xorl	%ebp,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	addl	60(%rsp),%eax
-	xorl	%ebp,%edi
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	movups	%xmm11,48(%r13,%r12,1)
-	movq	88(%rsp),%r8
-
-	addl	0(%r9),%eax
-	addl	4(%r9),%esi
-	addl	8(%r9),%ecx
-	movl	%eax,0(%r9)
-	addl	12(%r9),%edx
-	movl	%esi,4(%r9)
-	addl	16(%r9),%ebp
-	movl	%ecx,8(%r9)
-	movl	%edx,12(%r9)
-	movl	%ebp,16(%r9)
-	movups	%xmm11,(%r8)
-	leaq	104(%rsp),%rsi
-	movq	0(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbp
-	movq	40(%rsi),%rbx
-	leaq	48(%rsi),%rsp
-.Lepilogue_ssse3:
-	.byte	0xf3,0xc3
-.size	aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3
-.align	64
-K_XX_XX:
-.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
-.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	
-.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
-.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
-.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	
-
-.byte	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.align	64
diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl
deleted file mode 100644
index 3c8f6c19e7..0000000000
--- a/crypto/aes/asm/aesni-sha1-x86_64.pl
+++ /dev/null
@@ -1,1250 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# June 2011
-#
-# This is AESNI-CBC+SHA1 "stitch" implementation. The idea, as spelled
-# in http://download.intel.com/design/intarch/papers/323686.pdf, is
-# that since AESNI-CBC encrypt exhibit *very* low instruction-level
-# parallelism, interleaving it with another algorithm would allow to
-# utilize processor resources better and achieve better performance.
-# SHA1 instruction sequences(*) are taken from sha1-x86_64.pl and
-# AESNI code is weaved into it. Below are performance numbers in
-# cycles per processed byte, less is better, for standalone AESNI-CBC
-# encrypt, sum of the latter and standalone SHA1, and "stitched"
-# subroutine:
-#
-#		AES-128-CBC	+SHA1		stitch      gain
-# Westmere	3.77[+5.6]	9.37		6.65	    +41%
-# Sandy Bridge	5.05[+5.2(6.3)]	10.25(11.35)	6.16(7.08)  +67%(+60%)
-#
-#		AES-192-CBC
-# Westmere	4.51		10.11		6.97	    +45%
-# Sandy Bridge	6.05		11.25(12.35)	6.34(7.27)  +77%(+70%)
-#
-#		AES-256-CBC
-# Westmere	5.25		10.85		7.25	    +50%
-# Sandy Bridge	7.05		12.25(13.35)	7.06(7.70)  +74%(+73%)
-#
-# (*)	There are two code paths: SSSE3 and AVX. See sha1-568.pl for
-#	background information. Above numbers in parentheses are SSSE3
-#	results collected on AVX-capable CPU, i.e. apply on OSes that
-#	don't support AVX.
-#
-# Needless to mention that it makes no sense to implement "stitched"
-# *decrypt* subroutine. Because *both* AESNI-CBC decrypt and SHA1
-# fully utilize parallelism, so stitching would not give any gain
-# anyway. Well, there might be some, e.g. because of better cache
-# locality... For reference, here are performance results for
-# standalone AESNI-CBC decrypt:
-#
-#		AES-128-CBC	AES-192-CBC	AES-256-CBC
-# Westmere	1.31		1.55		1.80
-# Sandy Bridge	0.93		1.06		1.22
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-$avx=1 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
-		=~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
-	   $1>=2.19);
-$avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
-	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
-	   $1>=2.09);
-$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
-	   `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
-	   $1>=10);
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-# void aesni_cbc_sha1_enc(const void *inp,
-#			void *out,
-#			size_t length,
-#			const AES_KEY *key,
-#			unsigned char *iv,
-#			SHA_CTX *ctx,
-#			const void *in0);
-
-$code.=<<___;
-.text
-.extern	OPENSSL_ia32cap_P
-
-.globl	aesni_cbc_sha1_enc
-.type	aesni_cbc_sha1_enc,\@abi-omnipotent
-.align	16
-aesni_cbc_sha1_enc:
-	# caller should check for SSSE3 and AES-NI bits
-	mov	OPENSSL_ia32cap_P+0(%rip),%r10d
-	mov	OPENSSL_ia32cap_P+4(%rip),%r11d
-___
-$code.=<<___ if ($avx);
-	and	\$`1<<28`,%r11d		# mask AVX bit
-	and	\$`1<<30`,%r10d		# mask "Intel CPU" bit
-	or	%r11d,%r10d
-	cmp	\$`1<<28|1<<30`,%r10d
-	je	aesni_cbc_sha1_enc_avx
-___
-$code.=<<___;
-	jmp	aesni_cbc_sha1_enc_ssse3
-	ret
-.size	aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc
-___
-
-my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
-
-my $Xi=4;
-my @X=map("%xmm$_",(4..7,0..3));
-my @Tx=map("%xmm$_",(8..10));
-my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");	# size optimization
-my @T=("%esi","%edi");
-my $j=0; my $jj=0; my $r=0; my $sn=0;
-my $K_XX_XX="%r11";
-my ($iv,$in,$rndkey0)=map("%xmm$_",(11..13));
-my @rndkey=("%xmm14","%xmm15");
-
-sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
-{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
-  my $arg = pop;
-    $arg = "\$$arg" if ($arg*1 eq $arg);
-    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
-}
-
-my $_rol=sub { &rol(@_) };
-my $_ror=sub { &ror(@_) };
-
-$code.=<<___;
-.type	aesni_cbc_sha1_enc_ssse3,\@function,6
-.align	16
-aesni_cbc_sha1_enc_ssse3:
-	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
-	#shr	\$6,$len			# debugging artefact
-	#jz	.Lepilogue_ssse3		# debugging artefact
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
-	#mov	$in0,$inp			# debugging artefact
-	#lea	64(%rsp),$ctx			# debugging artefact
-___
-$code.=<<___ if ($win64);
-	movaps	%xmm6,96+0(%rsp)
-	movaps	%xmm7,96+16(%rsp)
-	movaps	%xmm8,96+32(%rsp)
-	movaps	%xmm9,96+48(%rsp)
-	movaps	%xmm10,96+64(%rsp)
-	movaps	%xmm11,96+80(%rsp)
-	movaps	%xmm12,96+96(%rsp)
-	movaps	%xmm13,96+112(%rsp)
-	movaps	%xmm14,96+128(%rsp)
-	movaps	%xmm15,96+144(%rsp)
-.Lprologue_ssse3:
-___
-$code.=<<___;
-	mov	$in0,%r12			# reassign arguments
-	mov	$out,%r13
-	mov	$len,%r14
-	mov	$key,%r15
-	movdqu	($ivp),$iv			# load IV
-	mov	$ivp,88(%rsp)			# save $ivp
-___
-my ($in0,$out,$len,$key)=map("%r$_",(12..15));	# reassign arguments
-my $rounds="${ivp}d";
-$code.=<<___;
-	shl	\$6,$len
-	sub	$in0,$out
-	mov	240($key),$rounds
-	add	$inp,$len		# end of input
-
-	lea	K_XX_XX(%rip),$K_XX_XX
-	mov	0($ctx),$A		# load context
-	mov	4($ctx),$B
-	mov	8($ctx),$C
-	mov	12($ctx),$D
-	mov	$B,@T[0]		# magic seed
-	mov	16($ctx),$E
-
-	movdqa	64($K_XX_XX),@X[2]	# pbswap mask
-	movdqa	0($K_XX_XX),@Tx[1]	# K_00_19
-	movdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
-	movdqu	16($inp),@X[-3&7]
-	movdqu	32($inp),@X[-2&7]
-	movdqu	48($inp),@X[-1&7]
-	pshufb	@X[2],@X[-4&7]		# byte swap
-	add	\$64,$inp
-	pshufb	@X[2],@X[-3&7]
-	pshufb	@X[2],@X[-2&7]
-	pshufb	@X[2],@X[-1&7]
-	paddd	@Tx[1],@X[-4&7]		# add K_00_19
-	paddd	@Tx[1],@X[-3&7]
-	paddd	@Tx[1],@X[-2&7]
-	movdqa	@X[-4&7],0(%rsp)	# X[]+K xfer to IALU
-	psubd	@Tx[1],@X[-4&7]		# restore X[]
-	movdqa	@X[-3&7],16(%rsp)
-	psubd	@Tx[1],@X[-3&7]
-	movdqa	@X[-2&7],32(%rsp)
-	psubd	@Tx[1],@X[-2&7]
-	movups	($key),$rndkey0		# $key[0]
-	movups	16($key),$rndkey[0]	# forward reference
-	jmp	.Loop_ssse3
-___
-
-my $aesenc=sub {
-  use integer;
-  my ($n,$k)=($r/10,$r%10);
-    if ($k==0) {
-      $code.=<<___;
-	movups		`16*$n`($in0),$in		# load input
-	xorps		$rndkey0,$in
-___
-      $code.=<<___ if ($n);
-	movups		$iv,`16*($n-1)`($out,$in0)	# write output
-___
-      $code.=<<___;
-	xorps		$in,$iv
-	aesenc		$rndkey[0],$iv
-	movups		`32+16*$k`($key),$rndkey[1]
-___
-    } elsif ($k==9) {
-      $sn++;
-      $code.=<<___;
-	cmp		\$11,$rounds
-	jb		.Laesenclast$sn
-	movups		`32+16*($k+0)`($key),$rndkey[1]
-	aesenc		$rndkey[0],$iv
-	movups		`32+16*($k+1)`($key),$rndkey[0]
-	aesenc		$rndkey[1],$iv
-	je		.Laesenclast$sn
-	movups		`32+16*($k+2)`($key),$rndkey[1]
-	aesenc		$rndkey[0],$iv
-	movups		`32+16*($k+3)`($key),$rndkey[0]
-	aesenc		$rndkey[1],$iv
-.Laesenclast$sn:
-	aesenclast	$rndkey[0],$iv
-	movups		16($key),$rndkey[1]		# forward reference
-___
-    } else {
-      $code.=<<___;
-	aesenc		$rndkey[0],$iv
-	movups		`32+16*$k`($key),$rndkey[1]
-___
-    }
-    $r++;	unshift(@rndkey,pop(@rndkey));
-};
-
-sub Xupdate_ssse3_16_31()		# recall that $Xi starts wtih 4
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
-  my ($a,$b,$c,$d,$e);
-
-	&movdqa	(@X[0],@X[-3&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&movdqa	(@Tx[0],@X[-1&7]);
-	&palignr(@X[0],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	  &paddd	(@Tx[1],@X[-1&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&psrldq	(@Tx[0],4);		# "X[-3]", 3 dwords
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&pxor	(@X[0],@X[-4&7]);	# "X[0]"^="X[-16]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pxor	(@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pxor	(@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&movdqa	(@Tx[2],@X[0]);
-	&movdqa	(@Tx[0],@X[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pslldq	(@Tx[2],12);		# "X[0]"<<96, extract one dword
-	&paddd	(@X[0],@X[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&psrld	(@Tx[0],31);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&movdqa	(@Tx[1],@Tx[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&psrld	(@Tx[2],30);
-	&por	(@X[0],@Tx[0]);		# "X[0]"<<<=1
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pslld	(@Tx[1],2);
-	&pxor	(@X[0],@Tx[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &movdqa	(@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)");	# K_XX_XX
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pxor	(@X[0],@Tx[1]);		# "X[0]"^=("X[0]">>96)<<<2
-
-	 foreach (@insns) { eval; }	# remaining instructions [if any]
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-		push(@Tx,shift(@Tx));
-}
-
-sub Xupdate_ssse3_32_79()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 48 instructions
-  my ($a,$b,$c,$d,$e);
-
-	&movdqa	(@Tx[0],@X[-1&7])	if ($Xi==8);
-	 eval(shift(@insns));		# body_20_39
-	&pxor	(@X[0],@X[-4&7]);	# "X[0]"="X[-32]"^"X[-16]"
-	&palignr(@Tx[0],@X[-2&7],8);	# compose "X[-6]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-
-	&pxor	(@X[0],@X[-7&7]);	# "X[0]"^="X[-28]"
-	 eval(shift(@insns));
-	 eval(shift(@insns))	if (@insns[0] !~ /&ro[rl]/);
-	if ($Xi%5) {
-	  &movdqa	(@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
-	} else {			# ... or load next one
-	  &movdqa	(@Tx[2],eval(16*($Xi/5))."($K_XX_XX)");
-	}
-	  &paddd	(@Tx[1],@X[-1&7]);
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&pxor	(@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-
-	&movdqa	(@Tx[0],@X[0]);
-	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&pslld	(@X[0],2);
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	&psrld	(@Tx[0],30);
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&por	(@X[0],@Tx[0]);		# "X[0]"<<<=2
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	  &movdqa	(@Tx[1],@X[0])	if ($Xi<19);
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-
-	 foreach (@insns) { eval; }	# remaining instructions
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-		push(@Tx,shift(@Tx));
-}
-
-sub Xuplast_ssse3_80()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	  &paddd	(@Tx[1],@X[-1&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer IALU
-
-	 foreach (@insns) { eval; }		# remaining instructions
-
-	&cmp	($inp,$len);
-	&je	(".Ldone_ssse3");
-
-	unshift(@Tx,pop(@Tx));
-
-	&movdqa	(@X[2],"64($K_XX_XX)");		# pbswap mask
-	&movdqa	(@Tx[1],"0($K_XX_XX)");		# K_00_19
-	&movdqu	(@X[-4&7],"0($inp)");		# load input
-	&movdqu	(@X[-3&7],"16($inp)");
-	&movdqu	(@X[-2&7],"32($inp)");
-	&movdqu	(@X[-1&7],"48($inp)");
-	&pshufb	(@X[-4&7],@X[2]);		# byte swap
-	&add	($inp,64);
-
-  $Xi=0;
-}
-
-sub Xloop_ssse3()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&pshufb	(@X[($Xi-3)&7],@X[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&paddd	(@X[($Xi-4)&7],@Tx[1]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&movdqa	(eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&psubd	(@X[($Xi-4)&7],@Tx[1]);
-
-	foreach (@insns) { eval; }
-  $Xi++;
-}
-
-sub Xtail_ssse3()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	foreach (@insns) { eval; }
-}
-
-sub body_00_19 () {
-  use integer;
-  my ($k,$n);
-  my @r=(
-	'($a,$b,$c,$d,$e)=@V;'.
-	'&add	($e,eval(4*($j&15))."(%rsp)");',	# X[]+K xfer
-	'&xor	($c,$d);',
-	'&mov	(@T[1],$a);',	# $b in next round
-	'&$_rol	($a,5);',
-	'&and	(@T[0],$c);',	# ($b&($c^$d))
-	'&xor	($c,$d);',	# restore $c
-	'&xor	(@T[0],$d);',
-	'&add	($e,$a);',
-	'&$_ror	($b,$j?7:2);',	# $b>>>2
-	'&add	($e,@T[0]);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
-	);
-	$n = scalar(@r);
-	$k = (($jj+1)*12/20)*20*$n/12;	# 12 aesencs per these 20 rounds
-	@r[$k%$n].='&$aesenc();'	if ($jj==$k/$n);
-	$jj++;
-    return @r;
-}
-
-sub body_20_39 () {
-  use integer;
-  my ($k,$n);
-  my @r=(
-	'($a,$b,$c,$d,$e)=@V;'.
-	'&add	($e,eval(4*($j++&15))."(%rsp)");',	# X[]+K xfer
-	'&xor	(@T[0],$d);',	# ($b^$d)
-	'&mov	(@T[1],$a);',	# $b in next round
-	'&$_rol	($a,5);',
-	'&xor	(@T[0],$c);',	# ($b^$d^$c)
-	'&add	($e,$a);',
-	'&$_ror	($b,7);',	# $b>>>2
-	'&add	($e,@T[0]);'	.'unshift(@V,pop(@V)); unshift(@T,pop(@T));'
-	);
-	$n = scalar(@r);
-	$k = (($jj+1)*8/20)*20*$n/8;	# 8 aesencs per these 20 rounds
-	@r[$k%$n].='&$aesenc();'	if ($jj==$k/$n);
-	$jj++;
-    return @r;
-}
-
-sub body_40_59 () {
-  use integer;
-  my ($k,$n);
-  my @r=(
-	'($a,$b,$c,$d,$e)=@V;'.
-	'&mov	(@T[1],$c);',
-	'&xor	($c,$d);',
-	'&add	($e,eval(4*($j++&15))."(%rsp)");',	# X[]+K xfer
-	'&and	(@T[1],$d);',
-	'&and	(@T[0],$c);',	# ($b&($c^$d))
-	'&$_ror	($b,7);',	# $b>>>2
-	'&add	($e,@T[1]);',
-	'&mov	(@T[1],$a);',	# $b in next round
-	'&$_rol	($a,5);',
-	'&add	($e,@T[0]);',
-	'&xor	($c,$d);',	# restore $c
-	'&add	($e,$a);'	.'unshift(@V,pop(@V)); unshift(@T,pop(@T));'
-	);
-	$n = scalar(@r);
-	$k=(($jj+1)*12/20)*20*$n/12;	# 12 aesencs per these 20 rounds
-	@r[$k%$n].='&$aesenc();'	if ($jj==$k/$n);
-	$jj++;
-    return @r;
-}
-$code.=<<___;
-.align	16
-.Loop_ssse3:
-___
-	&Xupdate_ssse3_16_31(\&body_00_19);
-	&Xupdate_ssse3_16_31(\&body_00_19);
-	&Xupdate_ssse3_16_31(\&body_00_19);
-	&Xupdate_ssse3_16_31(\&body_00_19);
-	&Xupdate_ssse3_32_79(\&body_00_19);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xuplast_ssse3_80(\&body_20_39);	# can jump to "done"
-
-				$saved_j=$j; @saved_V=@V;
-				$saved_r=$r; @saved_rndkey=@rndkey;
-
-	&Xloop_ssse3(\&body_20_39);
-	&Xloop_ssse3(\&body_20_39);
-	&Xloop_ssse3(\&body_20_39);
-
-$code.=<<___;
-	movups	$iv,48($out,$in0)		# write output
-	lea	64($in0),$in0
-
-	add	0($ctx),$A			# update context
-	add	4($ctx),@T[0]
-	add	8($ctx),$C
-	add	12($ctx),$D
-	mov	$A,0($ctx)
-	add	16($ctx),$E
-	mov	@T[0],4($ctx)
-	mov	@T[0],$B			# magic seed
-	mov	$C,8($ctx)
-	mov	$D,12($ctx)
-	mov	$E,16($ctx)
-	jmp	.Loop_ssse3
-
-.align	16
-.Ldone_ssse3:
-___
-				$jj=$j=$saved_j; @V=@saved_V;
-				$r=$saved_r;     @rndkey=@saved_rndkey;
-
-	&Xtail_ssse3(\&body_20_39);
-	&Xtail_ssse3(\&body_20_39);
-	&Xtail_ssse3(\&body_20_39);
-
-$code.=<<___;
-	movups	$iv,48($out,$in0)		# write output
-	mov	88(%rsp),$ivp			# restore $ivp
-
-	add	0($ctx),$A			# update context
-	add	4($ctx),@T[0]
-	add	8($ctx),$C
-	mov	$A,0($ctx)
-	add	12($ctx),$D
-	mov	@T[0],4($ctx)
-	add	16($ctx),$E
-	mov	$C,8($ctx)
-	mov	$D,12($ctx)
-	mov	$E,16($ctx)
-	movups	$iv,($ivp)			# write IV
-___
-$code.=<<___ if ($win64);
-	movaps	96+0(%rsp),%xmm6
-	movaps	96+16(%rsp),%xmm7
-	movaps	96+32(%rsp),%xmm8
-	movaps	96+48(%rsp),%xmm9
-	movaps	96+64(%rsp),%xmm10
-	movaps	96+80(%rsp),%xmm11
-	movaps	96+96(%rsp),%xmm12
-	movaps	96+112(%rsp),%xmm13
-	movaps	96+128(%rsp),%xmm14
-	movaps	96+144(%rsp),%xmm15
-___
-$code.=<<___;
-	lea	`104+($win64?10*16:0)`(%rsp),%rsi
-	mov	0(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lepilogue_ssse3:
-	ret
-.size	aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3
-___
-
-$j=$jj=$r=$sn=0;
-
-if ($avx) {
-my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
-
-my $Xi=4;
-my @X=map("%xmm$_",(4..7,0..3));
-my @Tx=map("%xmm$_",(8..10));
-my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");	# size optimization
-my @T=("%esi","%edi");
-
-my $_rol=sub { &shld(@_[0],@_) };
-my $_ror=sub { &shrd(@_[0],@_) };
-
-$code.=<<___;
-.type	aesni_cbc_sha1_enc_avx,\@function,6
-.align	16
-aesni_cbc_sha1_enc_avx:
-	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
-	#shr	\$6,$len			# debugging artefact
-	#jz	.Lepilogue_avx			# debugging artefact
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	lea	`-104-($win64?10*16:0)`(%rsp),%rsp
-	#mov	$in0,$inp			# debugging artefact
-	#lea	64(%rsp),$ctx			# debugging artefact
-___
-$code.=<<___ if ($win64);
-	movaps	%xmm6,96+0(%rsp)
-	movaps	%xmm7,96+16(%rsp)
-	movaps	%xmm8,96+32(%rsp)
-	movaps	%xmm9,96+48(%rsp)
-	movaps	%xmm10,96+64(%rsp)
-	movaps	%xmm11,96+80(%rsp)
-	movaps	%xmm12,96+96(%rsp)
-	movaps	%xmm13,96+112(%rsp)
-	movaps	%xmm14,96+128(%rsp)
-	movaps	%xmm15,96+144(%rsp)
-.Lprologue_avx:
-___
-$code.=<<___;
-	vzeroall
-	mov	$in0,%r12			# reassign arguments
-	mov	$out,%r13
-	mov	$len,%r14
-	mov	$key,%r15
-	vmovdqu	($ivp),$iv			# load IV
-	mov	$ivp,88(%rsp)			# save $ivp
-___
-my ($in0,$out,$len,$key)=map("%r$_",(12..15));	# reassign arguments
-my $rounds="${ivp}d";
-$code.=<<___;
-	shl	\$6,$len
-	sub	$in0,$out
-	mov	240($key),$rounds
-	add	\$112,$key		# size optimization
-	add	$inp,$len		# end of input
-
-	lea	K_XX_XX(%rip),$K_XX_XX
-	mov	0($ctx),$A		# load context
-	mov	4($ctx),$B
-	mov	8($ctx),$C
-	mov	12($ctx),$D
-	mov	$B,@T[0]		# magic seed
-	mov	16($ctx),$E
-
-	vmovdqa	64($K_XX_XX),@X[2]	# pbswap mask
-	vmovdqa	0($K_XX_XX),@Tx[1]	# K_00_19
-	vmovdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
-	vmovdqu	16($inp),@X[-3&7]
-	vmovdqu	32($inp),@X[-2&7]
-	vmovdqu	48($inp),@X[-1&7]
-	vpshufb	@X[2],@X[-4&7],@X[-4&7]	# byte swap
-	add	\$64,$inp
-	vpshufb	@X[2],@X[-3&7],@X[-3&7]
-	vpshufb	@X[2],@X[-2&7],@X[-2&7]
-	vpshufb	@X[2],@X[-1&7],@X[-1&7]
-	vpaddd	@Tx[1],@X[-4&7],@X[0]	# add K_00_19
-	vpaddd	@Tx[1],@X[-3&7],@X[1]
-	vpaddd	@Tx[1],@X[-2&7],@X[2]
-	vmovdqa	@X[0],0(%rsp)		# X[]+K xfer to IALU
-	vmovdqa	@X[1],16(%rsp)
-	vmovdqa	@X[2],32(%rsp)
-	vmovups	-112($key),$rndkey0	# $key[0]
-	vmovups	16-112($key),$rndkey[0]	# forward reference
-	jmp	.Loop_avx
-___
-
-my $aesenc=sub {
-  use integer;
-  my ($n,$k)=($r/10,$r%10);
-    if ($k==0) {
-      $code.=<<___;
-	vmovups		`16*$n`($in0),$in		# load input
-	vxorps		$rndkey0,$in,$in
-___
-      $code.=<<___ if ($n);
-	vmovups		$iv,`16*($n-1)`($out,$in0)	# write output
-___
-      $code.=<<___;
-	vxorps		$in,$iv,$iv
-	vaesenc		$rndkey[0],$iv,$iv
-	vmovups		`32+16*$k-112`($key),$rndkey[1]
-___
-    } elsif ($k==9) {
-      $sn++;
-      $code.=<<___;
-	cmp		\$11,$rounds
-	jb		.Lvaesenclast$sn
-	vaesenc		$rndkey[0],$iv,$iv
-	vmovups		`32+16*($k+0)-112`($key),$rndkey[1]
-	vaesenc		$rndkey[1],$iv,$iv
-	vmovups		`32+16*($k+1)-112`($key),$rndkey[0]
-	je		.Lvaesenclast$sn
-	vaesenc		$rndkey[0],$iv,$iv
-	vmovups		`32+16*($k+2)-112`($key),$rndkey[1]
-	vaesenc		$rndkey[1],$iv,$iv
-	vmovups		`32+16*($k+3)-112`($key),$rndkey[0]
-.Lvaesenclast$sn:
-	vaesenclast	$rndkey[0],$iv,$iv
-	vmovups		16-112($key),$rndkey[1]		# forward reference
-___
-    } else {
-      $code.=<<___;
-	vaesenc		$rndkey[0],$iv,$iv
-	vmovups		`32+16*$k-112`($key),$rndkey[1]
-___
-    }
-    $r++;	unshift(@rndkey,pop(@rndkey));
-};
-
-sub Xupdate_avx_16_31()		# recall that $Xi starts wtih 4
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	  &vpaddd	(@Tx[1],@Tx[1],@X[-1&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpsrldq(@Tx[0],@X[-1&7],4);	# "X[-3]", 3 dwords
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpxor	(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpsrld	(@Tx[0],@X[0],31);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpslldq(@Tx[2],@X[0],12);		# "X[0]"<<96, extract one dword
-	&vpaddd	(@X[0],@X[0],@X[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpsrld	(@Tx[1],@Tx[2],30);
-	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=1
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpslld	(@Tx[2],@Tx[2],2);
-	&vpxor	(@X[0],@X[0],@Tx[1]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpxor	(@X[0],@X[0],@Tx[2]);		# "X[0]"^=("X[0]">>96)<<<2
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vmovdqa	(@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)");	# K_XX_XX
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-
-	 foreach (@insns) { eval; }	# remaining instructions [if any]
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-		push(@Tx,shift(@Tx));
-}
-
-sub Xupdate_avx_32_79()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 48 instructions
-  my ($a,$b,$c,$d,$e);
-
-	&vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8);	# compose "X[-6]"
-	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"="X[-32]"^"X[-16]"
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-
-	&vpxor	(@X[0],@X[0],@X[-7&7]);		# "X[0]"^="X[-28]"
-	 eval(shift(@insns));
-	 eval(shift(@insns))	if (@insns[0] !~ /&ro[rl]/);
-	if ($Xi%5) {
-	  &vmovdqa	(@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
-	} else {			# ... or load next one
-	  &vmovdqa	(@Tx[2],eval(16*($Xi/5))."($K_XX_XX)");
-	}
-	  &vpaddd	(@Tx[1],@Tx[1],@X[-1&7]);
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-
-	&vpsrld	(@Tx[0],@X[0],30);
-	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&vpslld	(@X[0],@X[0],2);
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=2
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	  &vmovdqa	(@Tx[1],@X[0])	if ($Xi<19);
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-
-	 foreach (@insns) { eval; }	# remaining instructions
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-		push(@Tx,shift(@Tx));
-}
-
-sub Xuplast_avx_80()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	  &vpaddd	(@Tx[1],@Tx[1],@X[-1&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer IALU
-
-	 foreach (@insns) { eval; }		# remaining instructions
-
-	&cmp	($inp,$len);
-	&je	(".Ldone_avx");
-
-	unshift(@Tx,pop(@Tx));
-
-	&vmovdqa(@X[2],"64($K_XX_XX)");		# pbswap mask
-	&vmovdqa(@Tx[1],"0($K_XX_XX)");		# K_00_19
-	&vmovdqu(@X[-4&7],"0($inp)");		# load input
-	&vmovdqu(@X[-3&7],"16($inp)");
-	&vmovdqu(@X[-2&7],"32($inp)");
-	&vmovdqu(@X[-1&7],"48($inp)");
-	&vpshufb(@X[-4&7],@X[-4&7],@X[2]);	# byte swap
-	&add	($inp,64);
-
-  $Xi=0;
-}
-
-sub Xloop_avx()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpaddd	(@X[$Xi&7],@X[($Xi-4)&7],@Tx[1]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	foreach (@insns) { eval; }
-  $Xi++;
-}
-
-sub Xtail_avx()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	foreach (@insns) { eval; }
-}
-
-$code.=<<___;
-.align	16
-.Loop_avx:
-___
-	&Xupdate_avx_16_31(\&body_00_19);
-	&Xupdate_avx_16_31(\&body_00_19);
-	&Xupdate_avx_16_31(\&body_00_19);
-	&Xupdate_avx_16_31(\&body_00_19);
-	&Xupdate_avx_32_79(\&body_00_19);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xuplast_avx_80(\&body_20_39);	# can jump to "done"
-
-				$saved_j=$j; @saved_V=@V;
-				$saved_r=$r; @saved_rndkey=@rndkey;
-
-	&Xloop_avx(\&body_20_39);
-	&Xloop_avx(\&body_20_39);
-	&Xloop_avx(\&body_20_39);
-
-$code.=<<___;
-	vmovups	$iv,48($out,$in0)		# write output
-	lea	64($in0),$in0
-
-	add	0($ctx),$A			# update context
-	add	4($ctx),@T[0]
-	add	8($ctx),$C
-	add	12($ctx),$D
-	mov	$A,0($ctx)
-	add	16($ctx),$E
-	mov	@T[0],4($ctx)
-	mov	@T[0],$B			# magic seed
-	mov	$C,8($ctx)
-	mov	$D,12($ctx)
-	mov	$E,16($ctx)
-	jmp	.Loop_avx
-
-.align	16
-.Ldone_avx:
-___
-				$jj=$j=$saved_j; @V=@saved_V;
-				$r=$saved_r;     @rndkey=@saved_rndkey;
-
-	&Xtail_avx(\&body_20_39);
-	&Xtail_avx(\&body_20_39);
-	&Xtail_avx(\&body_20_39);
-
-$code.=<<___;
-	vmovups	$iv,48($out,$in0)		# write output
-	mov	88(%rsp),$ivp			# restore $ivp
-
-	add	0($ctx),$A			# update context
-	add	4($ctx),@T[0]
-	add	8($ctx),$C
-	mov	$A,0($ctx)
-	add	12($ctx),$D
-	mov	@T[0],4($ctx)
-	add	16($ctx),$E
-	mov	$C,8($ctx)
-	mov	$D,12($ctx)
-	mov	$E,16($ctx)
-	vmovups	$iv,($ivp)			# write IV
-	vzeroall
-___
-$code.=<<___ if ($win64);
-	movaps	96+0(%rsp),%xmm6
-	movaps	96+16(%rsp),%xmm7
-	movaps	96+32(%rsp),%xmm8
-	movaps	96+48(%rsp),%xmm9
-	movaps	96+64(%rsp),%xmm10
-	movaps	96+80(%rsp),%xmm11
-	movaps	96+96(%rsp),%xmm12
-	movaps	96+112(%rsp),%xmm13
-	movaps	96+128(%rsp),%xmm14
-	movaps	96+144(%rsp),%xmm15
-___
-$code.=<<___;
-	lea	`104+($win64?10*16:0)`(%rsp),%rsi
-	mov	0(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lepilogue_avx:
-	ret
-.size	aesni_cbc_sha1_enc_avx,.-aesni_cbc_sha1_enc_avx
-___
-}
-$code.=<<___;
-.align	64
-K_XX_XX:
-.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
-.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	# K_20_39
-.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	# K_40_59
-.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	# K_60_79
-.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap mask
-
-.asciz	"AESNI-CBC+SHA1 stitch for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-.align	64
-___
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	ssse3_handler,\@abi-omnipotent
-.align	16
-ssse3_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# prologue label
-	cmp	%r10,%rbx		# context->Rip<prologue label
-	jb	.Lcommon_seh_tail
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lcommon_seh_tail
-
-	lea	96(%rax),%rsi
-	lea	512($context),%rdi	# &context.Xmm6
-	mov	\$20,%ecx
-	.long	0xa548f3fc		# cld; rep movsq
-	lea	`104+10*16`(%rax),%rax	# adjust stack pointer
-
-	mov	0(%rax),%r15
-	mov	8(%rax),%r14
-	mov	16(%rax),%r13
-	mov	24(%rax),%r12
-	mov	32(%rax),%rbp
-	mov	40(%rax),%rbx
-	lea	48(%rax),%rax
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-.Lcommon_seh_tail:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	ssse3_handler,.-ssse3_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_aesni_cbc_sha1_enc_ssse3
-	.rva	.LSEH_end_aesni_cbc_sha1_enc_ssse3
-	.rva	.LSEH_info_aesni_cbc_sha1_enc_ssse3
-___
-$code.=<<___ if ($avx);
-	.rva	.LSEH_begin_aesni_cbc_sha1_enc_avx
-	.rva	.LSEH_end_aesni_cbc_sha1_enc_avx
-	.rva	.LSEH_info_aesni_cbc_sha1_enc_avx
-___
-$code.=<<___;
-.section	.xdata
-.align	8
-.LSEH_info_aesni_cbc_sha1_enc_ssse3:
-	.byte	9,0,0,0
-	.rva	ssse3_handler
-	.rva	.Lprologue_ssse3,.Lepilogue_ssse3	# HandlerData[]
-___
-$code.=<<___ if ($avx);
-.LSEH_info_aesni_cbc_sha1_enc_avx:
-	.byte	9,0,0,0
-	.rva	ssse3_handler
-	.rva	.Lprologue_avx,.Lepilogue_avx		# HandlerData[]
-___
-}
-
-####################################################################
-sub rex {
-  local *opcode=shift;
-  my ($dst,$src)=@_;
-  my $rex=0;
-
-    $rex|=0x04			if($dst>=8);
-    $rex|=0x01			if($src>=8);
-    push @opcode,$rex|0x40	if($rex);
-}
-
-sub aesni {
-  my $line=shift;
-  my @opcode=(0x66);
-
-    if ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
-	my %opcodelet = (
-		"aesenc" => 0xdc,	"aesenclast" => 0xdd
-	);
-	return undef if (!defined($opcodelet{$1}));
-	rex(\@opcode,$3,$2);
-	push @opcode,0x0f,0x38,$opcodelet{$1};
-	push @opcode,0xc0|($2&7)|(($3&7)<<3);	# ModR/M
-	return ".byte\t".join(',',@opcode);
-    }
-    return $line;
-}
-
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
-
-print $code;
-close STDOUT;
diff --git a/crypto/aes/asm/aesni-x86.S b/crypto/aes/asm/aesni-x86.S
deleted file mode 100644
index 0766bb54cd..0000000000
--- a/crypto/aes/asm/aesni-x86.S
+++ /dev/null
@@ -1,2143 +0,0 @@
-.file	"crypto/aes/asm/aesni-x86.s"
-.text
-.globl	aesni_encrypt
-.type	aesni_encrypt,@function
-.align	16
-aesni_encrypt:
-.L_aesni_encrypt_begin:
-	movl	4(%esp),%eax
-	movl	12(%esp),%edx
-	movups	(%eax),%xmm2
-	movl	240(%edx),%ecx
-	movl	8(%esp),%eax
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L000enc1_loop_1:
-.byte	102,15,56,220,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L000enc1_loop_1
-.byte	102,15,56,221,209
-	movups	%xmm2,(%eax)
-	ret
-.size	aesni_encrypt,.-.L_aesni_encrypt_begin
-.globl	aesni_decrypt
-.type	aesni_decrypt,@function
-.align	16
-aesni_decrypt:
-.L_aesni_decrypt_begin:
-	movl	4(%esp),%eax
-	movl	12(%esp),%edx
-	movups	(%eax),%xmm2
-	movl	240(%edx),%ecx
-	movl	8(%esp),%eax
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L001dec1_loop_2:
-.byte	102,15,56,222,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L001dec1_loop_2
-.byte	102,15,56,223,209
-	movups	%xmm2,(%eax)
-	ret
-.size	aesni_decrypt,.-.L_aesni_decrypt_begin
-.type	_aesni_encrypt3,@function
-.align	16
-_aesni_encrypt3:
-	movups	(%edx),%xmm0
-	shrl	$1,%ecx
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-	pxor	%xmm0,%xmm3
-	pxor	%xmm0,%xmm4
-	movups	(%edx),%xmm0
-.L002enc3_loop:
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	decl	%ecx
-.byte	102,15,56,220,225
-	movups	16(%edx),%xmm1
-.byte	102,15,56,220,208
-.byte	102,15,56,220,216
-	leal	32(%edx),%edx
-.byte	102,15,56,220,224
-	movups	(%edx),%xmm0
-	jnz	.L002enc3_loop
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-.byte	102,15,56,220,225
-.byte	102,15,56,221,208
-.byte	102,15,56,221,216
-.byte	102,15,56,221,224
-	ret
-.size	_aesni_encrypt3,.-_aesni_encrypt3
-.type	_aesni_decrypt3,@function
-.align	16
-_aesni_decrypt3:
-	movups	(%edx),%xmm0
-	shrl	$1,%ecx
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-	pxor	%xmm0,%xmm3
-	pxor	%xmm0,%xmm4
-	movups	(%edx),%xmm0
-.L003dec3_loop:
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-	decl	%ecx
-.byte	102,15,56,222,225
-	movups	16(%edx),%xmm1
-.byte	102,15,56,222,208
-.byte	102,15,56,222,216
-	leal	32(%edx),%edx
-.byte	102,15,56,222,224
-	movups	(%edx),%xmm0
-	jnz	.L003dec3_loop
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-.byte	102,15,56,222,225
-.byte	102,15,56,223,208
-.byte	102,15,56,223,216
-.byte	102,15,56,223,224
-	ret
-.size	_aesni_decrypt3,.-_aesni_decrypt3
-.type	_aesni_encrypt4,@function
-.align	16
-_aesni_encrypt4:
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	shrl	$1,%ecx
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-	pxor	%xmm0,%xmm3
-	pxor	%xmm0,%xmm4
-	pxor	%xmm0,%xmm5
-	movups	(%edx),%xmm0
-.L004enc4_loop:
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	decl	%ecx
-.byte	102,15,56,220,225
-.byte	102,15,56,220,233
-	movups	16(%edx),%xmm1
-.byte	102,15,56,220,208
-.byte	102,15,56,220,216
-	leal	32(%edx),%edx
-.byte	102,15,56,220,224
-.byte	102,15,56,220,232
-	movups	(%edx),%xmm0
-	jnz	.L004enc4_loop
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-.byte	102,15,56,220,225
-.byte	102,15,56,220,233
-.byte	102,15,56,221,208
-.byte	102,15,56,221,216
-.byte	102,15,56,221,224
-.byte	102,15,56,221,232
-	ret
-.size	_aesni_encrypt4,.-_aesni_encrypt4
-.type	_aesni_decrypt4,@function
-.align	16
-_aesni_decrypt4:
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	shrl	$1,%ecx
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-	pxor	%xmm0,%xmm3
-	pxor	%xmm0,%xmm4
-	pxor	%xmm0,%xmm5
-	movups	(%edx),%xmm0
-.L005dec4_loop:
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-	decl	%ecx
-.byte	102,15,56,222,225
-.byte	102,15,56,222,233
-	movups	16(%edx),%xmm1
-.byte	102,15,56,222,208
-.byte	102,15,56,222,216
-	leal	32(%edx),%edx
-.byte	102,15,56,222,224
-.byte	102,15,56,222,232
-	movups	(%edx),%xmm0
-	jnz	.L005dec4_loop
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-.byte	102,15,56,222,225
-.byte	102,15,56,222,233
-.byte	102,15,56,223,208
-.byte	102,15,56,223,216
-.byte	102,15,56,223,224
-.byte	102,15,56,223,232
-	ret
-.size	_aesni_decrypt4,.-_aesni_decrypt4
-.type	_aesni_encrypt6,@function
-.align	16
-_aesni_encrypt6:
-	movups	(%edx),%xmm0
-	shrl	$1,%ecx
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-	pxor	%xmm0,%xmm3
-.byte	102,15,56,220,209
-	pxor	%xmm0,%xmm4
-.byte	102,15,56,220,217
-	pxor	%xmm0,%xmm5
-	decl	%ecx
-.byte	102,15,56,220,225
-	pxor	%xmm0,%xmm6
-.byte	102,15,56,220,233
-	pxor	%xmm0,%xmm7
-.byte	102,15,56,220,241
-	movups	(%edx),%xmm0
-.byte	102,15,56,220,249
-	jmp	.L_aesni_encrypt6_enter
-.align	16
-.L006enc6_loop:
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	decl	%ecx
-.byte	102,15,56,220,225
-.byte	102,15,56,220,233
-.byte	102,15,56,220,241
-.byte	102,15,56,220,249
-.align	16
-.L_aesni_encrypt6_enter:
-	movups	16(%edx),%xmm1
-.byte	102,15,56,220,208
-.byte	102,15,56,220,216
-	leal	32(%edx),%edx
-.byte	102,15,56,220,224
-.byte	102,15,56,220,232
-.byte	102,15,56,220,240
-.byte	102,15,56,220,248
-	movups	(%edx),%xmm0
-	jnz	.L006enc6_loop
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-.byte	102,15,56,220,225
-.byte	102,15,56,220,233
-.byte	102,15,56,220,241
-.byte	102,15,56,220,249
-.byte	102,15,56,221,208
-.byte	102,15,56,221,216
-.byte	102,15,56,221,224
-.byte	102,15,56,221,232
-.byte	102,15,56,221,240
-.byte	102,15,56,221,248
-	ret
-.size	_aesni_encrypt6,.-_aesni_encrypt6
-.type	_aesni_decrypt6,@function
-.align	16
-_aesni_decrypt6:
-	movups	(%edx),%xmm0
-	shrl	$1,%ecx
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-	pxor	%xmm0,%xmm3
-.byte	102,15,56,222,209
-	pxor	%xmm0,%xmm4
-.byte	102,15,56,222,217
-	pxor	%xmm0,%xmm5
-	decl	%ecx
-.byte	102,15,56,222,225
-	pxor	%xmm0,%xmm6
-.byte	102,15,56,222,233
-	pxor	%xmm0,%xmm7
-.byte	102,15,56,222,241
-	movups	(%edx),%xmm0
-.byte	102,15,56,222,249
-	jmp	.L_aesni_decrypt6_enter
-.align	16
-.L007dec6_loop:
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-	decl	%ecx
-.byte	102,15,56,222,225
-.byte	102,15,56,222,233
-.byte	102,15,56,222,241
-.byte	102,15,56,222,249
-.align	16
-.L_aesni_decrypt6_enter:
-	movups	16(%edx),%xmm1
-.byte	102,15,56,222,208
-.byte	102,15,56,222,216
-	leal	32(%edx),%edx
-.byte	102,15,56,222,224
-.byte	102,15,56,222,232
-.byte	102,15,56,222,240
-.byte	102,15,56,222,248
-	movups	(%edx),%xmm0
-	jnz	.L007dec6_loop
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-.byte	102,15,56,222,225
-.byte	102,15,56,222,233
-.byte	102,15,56,222,241
-.byte	102,15,56,222,249
-.byte	102,15,56,223,208
-.byte	102,15,56,223,216
-.byte	102,15,56,223,224
-.byte	102,15,56,223,232
-.byte	102,15,56,223,240
-.byte	102,15,56,223,248
-	ret
-.size	_aesni_decrypt6,.-_aesni_decrypt6
-.globl	aesni_ecb_encrypt
-.type	aesni_ecb_encrypt,@function
-.align	16
-aesni_ecb_encrypt:
-.L_aesni_ecb_encrypt_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%esi
-	movl	24(%esp),%edi
-	movl	28(%esp),%eax
-	movl	32(%esp),%edx
-	movl	36(%esp),%ebx
-	andl	$-16,%eax
-	jz	.L008ecb_ret
-	movl	240(%edx),%ecx
-	testl	%ebx,%ebx
-	jz	.L009ecb_decrypt
-	movl	%edx,%ebp
-	movl	%ecx,%ebx
-	cmpl	$96,%eax
-	jb	.L010ecb_enc_tail
-	movdqu	(%esi),%xmm2
-	movdqu	16(%esi),%xmm3
-	movdqu	32(%esi),%xmm4
-	movdqu	48(%esi),%xmm5
-	movdqu	64(%esi),%xmm6
-	movdqu	80(%esi),%xmm7
-	leal	96(%esi),%esi
-	subl	$96,%eax
-	jmp	.L011ecb_enc_loop6_enter
-.align	16
-.L012ecb_enc_loop6:
-	movups	%xmm2,(%edi)
-	movdqu	(%esi),%xmm2
-	movups	%xmm3,16(%edi)
-	movdqu	16(%esi),%xmm3
-	movups	%xmm4,32(%edi)
-	movdqu	32(%esi),%xmm4
-	movups	%xmm5,48(%edi)
-	movdqu	48(%esi),%xmm5
-	movups	%xmm6,64(%edi)
-	movdqu	64(%esi),%xmm6
-	movups	%xmm7,80(%edi)
-	leal	96(%edi),%edi
-	movdqu	80(%esi),%xmm7
-	leal	96(%esi),%esi
-.L011ecb_enc_loop6_enter:
-	call	_aesni_encrypt6
-	movl	%ebp,%edx
-	movl	%ebx,%ecx
-	subl	$96,%eax
-	jnc	.L012ecb_enc_loop6
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-	movups	%xmm6,64(%edi)
-	movups	%xmm7,80(%edi)
-	leal	96(%edi),%edi
-	addl	$96,%eax
-	jz	.L008ecb_ret
-.L010ecb_enc_tail:
-	movups	(%esi),%xmm2
-	cmpl	$32,%eax
-	jb	.L013ecb_enc_one
-	movups	16(%esi),%xmm3
-	je	.L014ecb_enc_two
-	movups	32(%esi),%xmm4
-	cmpl	$64,%eax
-	jb	.L015ecb_enc_three
-	movups	48(%esi),%xmm5
-	je	.L016ecb_enc_four
-	movups	64(%esi),%xmm6
-	xorps	%xmm7,%xmm7
-	call	_aesni_encrypt6
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-	movups	%xmm6,64(%edi)
-	jmp	.L008ecb_ret
-.align	16
-.L013ecb_enc_one:
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L017enc1_loop_3:
-.byte	102,15,56,220,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L017enc1_loop_3
-.byte	102,15,56,221,209
-	movups	%xmm2,(%edi)
-	jmp	.L008ecb_ret
-.align	16
-.L014ecb_enc_two:
-	xorps	%xmm4,%xmm4
-	call	_aesni_encrypt3
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	jmp	.L008ecb_ret
-.align	16
-.L015ecb_enc_three:
-	call	_aesni_encrypt3
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	jmp	.L008ecb_ret
-.align	16
-.L016ecb_enc_four:
-	call	_aesni_encrypt4
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-	jmp	.L008ecb_ret
-.align	16
-.L009ecb_decrypt:
-	movl	%edx,%ebp
-	movl	%ecx,%ebx
-	cmpl	$96,%eax
-	jb	.L018ecb_dec_tail
-	movdqu	(%esi),%xmm2
-	movdqu	16(%esi),%xmm3
-	movdqu	32(%esi),%xmm4
-	movdqu	48(%esi),%xmm5
-	movdqu	64(%esi),%xmm6
-	movdqu	80(%esi),%xmm7
-	leal	96(%esi),%esi
-	subl	$96,%eax
-	jmp	.L019ecb_dec_loop6_enter
-.align	16
-.L020ecb_dec_loop6:
-	movups	%xmm2,(%edi)
-	movdqu	(%esi),%xmm2
-	movups	%xmm3,16(%edi)
-	movdqu	16(%esi),%xmm3
-	movups	%xmm4,32(%edi)
-	movdqu	32(%esi),%xmm4
-	movups	%xmm5,48(%edi)
-	movdqu	48(%esi),%xmm5
-	movups	%xmm6,64(%edi)
-	movdqu	64(%esi),%xmm6
-	movups	%xmm7,80(%edi)
-	leal	96(%edi),%edi
-	movdqu	80(%esi),%xmm7
-	leal	96(%esi),%esi
-.L019ecb_dec_loop6_enter:
-	call	_aesni_decrypt6
-	movl	%ebp,%edx
-	movl	%ebx,%ecx
-	subl	$96,%eax
-	jnc	.L020ecb_dec_loop6
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-	movups	%xmm6,64(%edi)
-	movups	%xmm7,80(%edi)
-	leal	96(%edi),%edi
-	addl	$96,%eax
-	jz	.L008ecb_ret
-.L018ecb_dec_tail:
-	movups	(%esi),%xmm2
-	cmpl	$32,%eax
-	jb	.L021ecb_dec_one
-	movups	16(%esi),%xmm3
-	je	.L022ecb_dec_two
-	movups	32(%esi),%xmm4
-	cmpl	$64,%eax
-	jb	.L023ecb_dec_three
-	movups	48(%esi),%xmm5
-	je	.L024ecb_dec_four
-	movups	64(%esi),%xmm6
-	xorps	%xmm7,%xmm7
-	call	_aesni_decrypt6
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-	movups	%xmm6,64(%edi)
-	jmp	.L008ecb_ret
-.align	16
-.L021ecb_dec_one:
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L025dec1_loop_4:
-.byte	102,15,56,222,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L025dec1_loop_4
-.byte	102,15,56,223,209
-	movups	%xmm2,(%edi)
-	jmp	.L008ecb_ret
-.align	16
-.L022ecb_dec_two:
-	xorps	%xmm4,%xmm4
-	call	_aesni_decrypt3
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	jmp	.L008ecb_ret
-.align	16
-.L023ecb_dec_three:
-	call	_aesni_decrypt3
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	jmp	.L008ecb_ret
-.align	16
-.L024ecb_dec_four:
-	call	_aesni_decrypt4
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-.L008ecb_ret:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	aesni_ecb_encrypt,.-.L_aesni_ecb_encrypt_begin
-.globl	aesni_ccm64_encrypt_blocks
-.type	aesni_ccm64_encrypt_blocks,@function
-.align	16
-aesni_ccm64_encrypt_blocks:
-.L_aesni_ccm64_encrypt_blocks_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%esi
-	movl	24(%esp),%edi
-	movl	28(%esp),%eax
-	movl	32(%esp),%edx
-	movl	36(%esp),%ebx
-	movl	40(%esp),%ecx
-	movl	%esp,%ebp
-	subl	$60,%esp
-	andl	$-16,%esp
-	movl	%ebp,48(%esp)
-	movdqu	(%ebx),%xmm7
-	movdqu	(%ecx),%xmm3
-	movl	240(%edx),%ecx
-	movl	$202182159,(%esp)
-	movl	$134810123,4(%esp)
-	movl	$67438087,8(%esp)
-	movl	$66051,12(%esp)
-	movl	$1,%ebx
-	xorl	%ebp,%ebp
-	movl	%ebx,16(%esp)
-	movl	%ebp,20(%esp)
-	movl	%ebp,24(%esp)
-	movl	%ebp,28(%esp)
-	shrl	$1,%ecx
-	leal	(%edx),%ebp
-	movdqa	(%esp),%xmm5
-	movdqa	%xmm7,%xmm2
-	movl	%ecx,%ebx
-.byte	102,15,56,0,253
-.L026ccm64_enc_outer:
-	movups	(%ebp),%xmm0
-	movl	%ebx,%ecx
-	movups	(%esi),%xmm6
-	xorps	%xmm0,%xmm2
-	movups	16(%ebp),%xmm1
-	xorps	%xmm6,%xmm0
-	leal	32(%ebp),%edx
-	xorps	%xmm0,%xmm3
-	movups	(%edx),%xmm0
-.L027ccm64_enc2_loop:
-.byte	102,15,56,220,209
-	decl	%ecx
-.byte	102,15,56,220,217
-	movups	16(%edx),%xmm1
-.byte	102,15,56,220,208
-	leal	32(%edx),%edx
-.byte	102,15,56,220,216
-	movups	(%edx),%xmm0
-	jnz	.L027ccm64_enc2_loop
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	paddq	16(%esp),%xmm7
-.byte	102,15,56,221,208
-.byte	102,15,56,221,216
-	decl	%eax
-	leal	16(%esi),%esi
-	xorps	%xmm2,%xmm6
-	movdqa	%xmm7,%xmm2
-	movups	%xmm6,(%edi)
-	leal	16(%edi),%edi
-.byte	102,15,56,0,213
-	jnz	.L026ccm64_enc_outer
-	movl	48(%esp),%esp
-	movl	40(%esp),%edi
-	movups	%xmm3,(%edi)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	aesni_ccm64_encrypt_blocks,.-.L_aesni_ccm64_encrypt_blocks_begin
-.globl	aesni_ccm64_decrypt_blocks
-.type	aesni_ccm64_decrypt_blocks,@function
-.align	16
-aesni_ccm64_decrypt_blocks:
-.L_aesni_ccm64_decrypt_blocks_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%esi
-	movl	24(%esp),%edi
-	movl	28(%esp),%eax
-	movl	32(%esp),%edx
-	movl	36(%esp),%ebx
-	movl	40(%esp),%ecx
-	movl	%esp,%ebp
-	subl	$60,%esp
-	andl	$-16,%esp
-	movl	%ebp,48(%esp)
-	movdqu	(%ebx),%xmm7
-	movdqu	(%ecx),%xmm3
-	movl	240(%edx),%ecx
-	movl	$202182159,(%esp)
-	movl	$134810123,4(%esp)
-	movl	$67438087,8(%esp)
-	movl	$66051,12(%esp)
-	movl	$1,%ebx
-	xorl	%ebp,%ebp
-	movl	%ebx,16(%esp)
-	movl	%ebp,20(%esp)
-	movl	%ebp,24(%esp)
-	movl	%ebp,28(%esp)
-	movdqa	(%esp),%xmm5
-	movdqa	%xmm7,%xmm2
-	movl	%edx,%ebp
-	movl	%ecx,%ebx
-.byte	102,15,56,0,253
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L028enc1_loop_5:
-.byte	102,15,56,220,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L028enc1_loop_5
-.byte	102,15,56,221,209
-	movups	(%esi),%xmm6
-	paddq	16(%esp),%xmm7
-	leal	16(%esi),%esi
-	jmp	.L029ccm64_dec_outer
-.align	16
-.L029ccm64_dec_outer:
-	xorps	%xmm2,%xmm6
-	movdqa	%xmm7,%xmm2
-	movl	%ebx,%ecx
-	movups	%xmm6,(%edi)
-	leal	16(%edi),%edi
-.byte	102,15,56,0,213
-	subl	$1,%eax
-	jz	.L030ccm64_dec_break
-	movups	(%ebp),%xmm0
-	shrl	$1,%ecx
-	movups	16(%ebp),%xmm1
-	xorps	%xmm0,%xmm6
-	leal	32(%ebp),%edx
-	xorps	%xmm0,%xmm2
-	xorps	%xmm6,%xmm3
-	movups	(%edx),%xmm0
-.L031ccm64_dec2_loop:
-.byte	102,15,56,220,209
-	decl	%ecx
-.byte	102,15,56,220,217
-	movups	16(%edx),%xmm1
-.byte	102,15,56,220,208
-	leal	32(%edx),%edx
-.byte	102,15,56,220,216
-	movups	(%edx),%xmm0
-	jnz	.L031ccm64_dec2_loop
-	movups	(%esi),%xmm6
-	paddq	16(%esp),%xmm7
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	leal	16(%esi),%esi
-.byte	102,15,56,221,208
-.byte	102,15,56,221,216
-	jmp	.L029ccm64_dec_outer
-.align	16
-.L030ccm64_dec_break:
-	movl	%ebp,%edx
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	xorps	%xmm0,%xmm6
-	leal	32(%edx),%edx
-	xorps	%xmm6,%xmm3
-.L032enc1_loop_6:
-.byte	102,15,56,220,217
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L032enc1_loop_6
-.byte	102,15,56,221,217
-	movl	48(%esp),%esp
-	movl	40(%esp),%edi
-	movups	%xmm3,(%edi)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	aesni_ccm64_decrypt_blocks,.-.L_aesni_ccm64_decrypt_blocks_begin
-.globl	aesni_ctr32_encrypt_blocks
-.type	aesni_ctr32_encrypt_blocks,@function
-.align	16
-aesni_ctr32_encrypt_blocks:
-.L_aesni_ctr32_encrypt_blocks_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%esi
-	movl	24(%esp),%edi
-	movl	28(%esp),%eax
-	movl	32(%esp),%edx
-	movl	36(%esp),%ebx
-	movl	%esp,%ebp
-	subl	$88,%esp
-	andl	$-16,%esp
-	movl	%ebp,80(%esp)
-	cmpl	$1,%eax
-	je	.L033ctr32_one_shortcut
-	movdqu	(%ebx),%xmm7
-	movl	$202182159,(%esp)
-	movl	$134810123,4(%esp)
-	movl	$67438087,8(%esp)
-	movl	$66051,12(%esp)
-	movl	$6,%ecx
-	xorl	%ebp,%ebp
-	movl	%ecx,16(%esp)
-	movl	%ecx,20(%esp)
-	movl	%ecx,24(%esp)
-	movl	%ebp,28(%esp)
-.byte	102,15,58,22,251,3
-.byte	102,15,58,34,253,3
-	movl	240(%edx),%ecx
-	bswap	%ebx
-	pxor	%xmm1,%xmm1
-	pxor	%xmm0,%xmm0
-	movdqa	(%esp),%xmm2
-.byte	102,15,58,34,203,0
-	leal	3(%ebx),%ebp
-.byte	102,15,58,34,197,0
-	incl	%ebx
-.byte	102,15,58,34,203,1
-	incl	%ebp
-.byte	102,15,58,34,197,1
-	incl	%ebx
-.byte	102,15,58,34,203,2
-	incl	%ebp
-.byte	102,15,58,34,197,2
-	movdqa	%xmm1,48(%esp)
-.byte	102,15,56,0,202
-	movdqa	%xmm0,64(%esp)
-.byte	102,15,56,0,194
-	pshufd	$192,%xmm1,%xmm2
-	pshufd	$128,%xmm1,%xmm3
-	cmpl	$6,%eax
-	jb	.L034ctr32_tail
-	movdqa	%xmm7,32(%esp)
-	shrl	$1,%ecx
-	movl	%edx,%ebp
-	movl	%ecx,%ebx
-	subl	$6,%eax
-	jmp	.L035ctr32_loop6
-.align	16
-.L035ctr32_loop6:
-	pshufd	$64,%xmm1,%xmm4
-	movdqa	32(%esp),%xmm1
-	pshufd	$192,%xmm0,%xmm5
-	por	%xmm1,%xmm2
-	pshufd	$128,%xmm0,%xmm6
-	por	%xmm1,%xmm3
-	pshufd	$64,%xmm0,%xmm7
-	por	%xmm1,%xmm4
-	por	%xmm1,%xmm5
-	por	%xmm1,%xmm6
-	por	%xmm1,%xmm7
-	movups	(%ebp),%xmm0
-	movups	16(%ebp),%xmm1
-	leal	32(%ebp),%edx
-	decl	%ecx
-	pxor	%xmm0,%xmm2
-	pxor	%xmm0,%xmm3
-.byte	102,15,56,220,209
-	pxor	%xmm0,%xmm4
-.byte	102,15,56,220,217
-	pxor	%xmm0,%xmm5
-.byte	102,15,56,220,225
-	pxor	%xmm0,%xmm6
-.byte	102,15,56,220,233
-	pxor	%xmm0,%xmm7
-.byte	102,15,56,220,241
-	movups	(%edx),%xmm0
-.byte	102,15,56,220,249
-	call	.L_aesni_encrypt6_enter
-	movups	(%esi),%xmm1
-	movups	16(%esi),%xmm0
-	xorps	%xmm1,%xmm2
-	movups	32(%esi),%xmm1
-	xorps	%xmm0,%xmm3
-	movups	%xmm2,(%edi)
-	movdqa	16(%esp),%xmm0
-	xorps	%xmm1,%xmm4
-	movdqa	48(%esp),%xmm1
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	paddd	%xmm0,%xmm1
-	paddd	64(%esp),%xmm0
-	movdqa	(%esp),%xmm2
-	movups	48(%esi),%xmm3
-	movups	64(%esi),%xmm4
-	xorps	%xmm3,%xmm5
-	movups	80(%esi),%xmm3
-	leal	96(%esi),%esi
-	movdqa	%xmm1,48(%esp)
-.byte	102,15,56,0,202
-	xorps	%xmm4,%xmm6
-	movups	%xmm5,48(%edi)
-	xorps	%xmm3,%xmm7
-	movdqa	%xmm0,64(%esp)
-.byte	102,15,56,0,194
-	movups	%xmm6,64(%edi)
-	pshufd	$192,%xmm1,%xmm2
-	movups	%xmm7,80(%edi)
-	leal	96(%edi),%edi
-	movl	%ebx,%ecx
-	pshufd	$128,%xmm1,%xmm3
-	subl	$6,%eax
-	jnc	.L035ctr32_loop6
-	addl	$6,%eax
-	jz	.L036ctr32_ret
-	movl	%ebp,%edx
-	leal	1(,%ecx,2),%ecx
-	movdqa	32(%esp),%xmm7
-.L034ctr32_tail:
-	por	%xmm7,%xmm2
-	cmpl	$2,%eax
-	jb	.L037ctr32_one
-	pshufd	$64,%xmm1,%xmm4
-	por	%xmm7,%xmm3
-	je	.L038ctr32_two
-	pshufd	$192,%xmm0,%xmm5
-	por	%xmm7,%xmm4
-	cmpl	$4,%eax
-	jb	.L039ctr32_three
-	pshufd	$128,%xmm0,%xmm6
-	por	%xmm7,%xmm5
-	je	.L040ctr32_four
-	por	%xmm7,%xmm6
-	call	_aesni_encrypt6
-	movups	(%esi),%xmm1
-	movups	16(%esi),%xmm0
-	xorps	%xmm1,%xmm2
-	movups	32(%esi),%xmm1
-	xorps	%xmm0,%xmm3
-	movups	48(%esi),%xmm0
-	xorps	%xmm1,%xmm4
-	movups	64(%esi),%xmm1
-	xorps	%xmm0,%xmm5
-	movups	%xmm2,(%edi)
-	xorps	%xmm1,%xmm6
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-	movups	%xmm6,64(%edi)
-	jmp	.L036ctr32_ret
-.align	16
-.L033ctr32_one_shortcut:
-	movups	(%ebx),%xmm2
-	movl	240(%edx),%ecx
-.L037ctr32_one:
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L041enc1_loop_7:
-.byte	102,15,56,220,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L041enc1_loop_7
-.byte	102,15,56,221,209
-	movups	(%esi),%xmm6
-	xorps	%xmm2,%xmm6
-	movups	%xmm6,(%edi)
-	jmp	.L036ctr32_ret
-.align	16
-.L038ctr32_two:
-	call	_aesni_encrypt3
-	movups	(%esi),%xmm5
-	movups	16(%esi),%xmm6
-	xorps	%xmm5,%xmm2
-	xorps	%xmm6,%xmm3
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	jmp	.L036ctr32_ret
-.align	16
-.L039ctr32_three:
-	call	_aesni_encrypt3
-	movups	(%esi),%xmm5
-	movups	16(%esi),%xmm6
-	xorps	%xmm5,%xmm2
-	movups	32(%esi),%xmm7
-	xorps	%xmm6,%xmm3
-	movups	%xmm2,(%edi)
-	xorps	%xmm7,%xmm4
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	jmp	.L036ctr32_ret
-.align	16
-.L040ctr32_four:
-	call	_aesni_encrypt4
-	movups	(%esi),%xmm6
-	movups	16(%esi),%xmm7
-	movups	32(%esi),%xmm1
-	xorps	%xmm6,%xmm2
-	movups	48(%esi),%xmm0
-	xorps	%xmm7,%xmm3
-	movups	%xmm2,(%edi)
-	xorps	%xmm1,%xmm4
-	movups	%xmm3,16(%edi)
-	xorps	%xmm0,%xmm5
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-.L036ctr32_ret:
-	movl	80(%esp),%esp
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	aesni_ctr32_encrypt_blocks,.-.L_aesni_ctr32_encrypt_blocks_begin
-.globl	aesni_xts_encrypt
-.type	aesni_xts_encrypt,@function
-.align	16
-aesni_xts_encrypt:
-.L_aesni_xts_encrypt_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	36(%esp),%edx
-	movl	40(%esp),%esi
-	movl	240(%edx),%ecx
-	movups	(%esi),%xmm2
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L042enc1_loop_8:
-.byte	102,15,56,220,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L042enc1_loop_8
-.byte	102,15,56,221,209
-	movl	20(%esp),%esi
-	movl	24(%esp),%edi
-	movl	28(%esp),%eax
-	movl	32(%esp),%edx
-	movl	%esp,%ebp
-	subl	$120,%esp
-	movl	240(%edx),%ecx
-	andl	$-16,%esp
-	movl	$135,96(%esp)
-	movl	$0,100(%esp)
-	movl	$1,104(%esp)
-	movl	$0,108(%esp)
-	movl	%eax,112(%esp)
-	movl	%ebp,116(%esp)
-	movdqa	%xmm2,%xmm1
-	pxor	%xmm0,%xmm0
-	movdqa	96(%esp),%xmm3
-	pcmpgtd	%xmm1,%xmm0
-	andl	$-16,%eax
-	movl	%edx,%ebp
-	movl	%ecx,%ebx
-	subl	$96,%eax
-	jc	.L043xts_enc_short
-	shrl	$1,%ecx
-	movl	%ecx,%ebx
-	jmp	.L044xts_enc_loop6
-.align	16
-.L044xts_enc_loop6:
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	%xmm1,(%esp)
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	%xmm1,16(%esp)
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	%xmm1,32(%esp)
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	%xmm1,48(%esp)
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	pshufd	$19,%xmm0,%xmm7
-	movdqa	%xmm1,64(%esp)
-	paddq	%xmm1,%xmm1
-	movups	(%ebp),%xmm0
-	pand	%xmm3,%xmm7
-	movups	(%esi),%xmm2
-	pxor	%xmm1,%xmm7
-	movdqu	16(%esi),%xmm3
-	xorps	%xmm0,%xmm2
-	movdqu	32(%esi),%xmm4
-	pxor	%xmm0,%xmm3
-	movdqu	48(%esi),%xmm5
-	pxor	%xmm0,%xmm4
-	movdqu	64(%esi),%xmm6
-	pxor	%xmm0,%xmm5
-	movdqu	80(%esi),%xmm1
-	pxor	%xmm0,%xmm6
-	leal	96(%esi),%esi
-	pxor	(%esp),%xmm2
-	movdqa	%xmm7,80(%esp)
-	pxor	%xmm1,%xmm7
-	movups	16(%ebp),%xmm1
-	leal	32(%ebp),%edx
-	pxor	16(%esp),%xmm3
-.byte	102,15,56,220,209
-	pxor	32(%esp),%xmm4
-.byte	102,15,56,220,217
-	pxor	48(%esp),%xmm5
-	decl	%ecx
-.byte	102,15,56,220,225
-	pxor	64(%esp),%xmm6
-.byte	102,15,56,220,233
-	pxor	%xmm0,%xmm7
-.byte	102,15,56,220,241
-	movups	(%edx),%xmm0
-.byte	102,15,56,220,249
-	call	.L_aesni_encrypt6_enter
-	movdqa	80(%esp),%xmm1
-	pxor	%xmm0,%xmm0
-	xorps	(%esp),%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	xorps	16(%esp),%xmm3
-	movups	%xmm2,(%edi)
-	xorps	32(%esp),%xmm4
-	movups	%xmm3,16(%edi)
-	xorps	48(%esp),%xmm5
-	movups	%xmm4,32(%edi)
-	xorps	64(%esp),%xmm6
-	movups	%xmm5,48(%edi)
-	xorps	%xmm1,%xmm7
-	movups	%xmm6,64(%edi)
-	pshufd	$19,%xmm0,%xmm2
-	movups	%xmm7,80(%edi)
-	leal	96(%edi),%edi
-	movdqa	96(%esp),%xmm3
-	pxor	%xmm0,%xmm0
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	movl	%ebx,%ecx
-	pxor	%xmm2,%xmm1
-	subl	$96,%eax
-	jnc	.L044xts_enc_loop6
-	leal	1(,%ecx,2),%ecx
-	movl	%ebp,%edx
-	movl	%ecx,%ebx
-.L043xts_enc_short:
-	addl	$96,%eax
-	jz	.L045xts_enc_done6x
-	movdqa	%xmm1,%xmm5
-	cmpl	$32,%eax
-	jb	.L046xts_enc_one
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	je	.L047xts_enc_two
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	%xmm1,%xmm6
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	cmpl	$64,%eax
-	jb	.L048xts_enc_three
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	%xmm1,%xmm7
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	movdqa	%xmm5,(%esp)
-	movdqa	%xmm6,16(%esp)
-	je	.L049xts_enc_four
-	movdqa	%xmm7,32(%esp)
-	pshufd	$19,%xmm0,%xmm7
-	movdqa	%xmm1,48(%esp)
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm7
-	pxor	%xmm1,%xmm7
-	movdqu	(%esi),%xmm2
-	movdqu	16(%esi),%xmm3
-	movdqu	32(%esi),%xmm4
-	pxor	(%esp),%xmm2
-	movdqu	48(%esi),%xmm5
-	pxor	16(%esp),%xmm3
-	movdqu	64(%esi),%xmm6
-	pxor	32(%esp),%xmm4
-	leal	80(%esi),%esi
-	pxor	48(%esp),%xmm5
-	movdqa	%xmm7,64(%esp)
-	pxor	%xmm7,%xmm6
-	call	_aesni_encrypt6
-	movaps	64(%esp),%xmm1
-	xorps	(%esp),%xmm2
-	xorps	16(%esp),%xmm3
-	xorps	32(%esp),%xmm4
-	movups	%xmm2,(%edi)
-	xorps	48(%esp),%xmm5
-	movups	%xmm3,16(%edi)
-	xorps	%xmm1,%xmm6
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-	movups	%xmm6,64(%edi)
-	leal	80(%edi),%edi
-	jmp	.L050xts_enc_done
-.align	16
-.L046xts_enc_one:
-	movups	(%esi),%xmm2
-	leal	16(%esi),%esi
-	xorps	%xmm5,%xmm2
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L051enc1_loop_9:
-.byte	102,15,56,220,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L051enc1_loop_9
-.byte	102,15,56,221,209
-	xorps	%xmm5,%xmm2
-	movups	%xmm2,(%edi)
-	leal	16(%edi),%edi
-	movdqa	%xmm5,%xmm1
-	jmp	.L050xts_enc_done
-.align	16
-.L047xts_enc_two:
-	movaps	%xmm1,%xmm6
-	movups	(%esi),%xmm2
-	movups	16(%esi),%xmm3
-	leal	32(%esi),%esi
-	xorps	%xmm5,%xmm2
-	xorps	%xmm6,%xmm3
-	xorps	%xmm4,%xmm4
-	call	_aesni_encrypt3
-	xorps	%xmm5,%xmm2
-	xorps	%xmm6,%xmm3
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	leal	32(%edi),%edi
-	movdqa	%xmm6,%xmm1
-	jmp	.L050xts_enc_done
-.align	16
-.L048xts_enc_three:
-	movaps	%xmm1,%xmm7
-	movups	(%esi),%xmm2
-	movups	16(%esi),%xmm3
-	movups	32(%esi),%xmm4
-	leal	48(%esi),%esi
-	xorps	%xmm5,%xmm2
-	xorps	%xmm6,%xmm3
-	xorps	%xmm7,%xmm4
-	call	_aesni_encrypt3
-	xorps	%xmm5,%xmm2
-	xorps	%xmm6,%xmm3
-	xorps	%xmm7,%xmm4
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	leal	48(%edi),%edi
-	movdqa	%xmm7,%xmm1
-	jmp	.L050xts_enc_done
-.align	16
-.L049xts_enc_four:
-	movaps	%xmm1,%xmm6
-	movups	(%esi),%xmm2
-	movups	16(%esi),%xmm3
-	movups	32(%esi),%xmm4
-	xorps	(%esp),%xmm2
-	movups	48(%esi),%xmm5
-	leal	64(%esi),%esi
-	xorps	16(%esp),%xmm3
-	xorps	%xmm7,%xmm4
-	xorps	%xmm6,%xmm5
-	call	_aesni_encrypt4
-	xorps	(%esp),%xmm2
-	xorps	16(%esp),%xmm3
-	xorps	%xmm7,%xmm4
-	movups	%xmm2,(%edi)
-	xorps	%xmm6,%xmm5
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-	leal	64(%edi),%edi
-	movdqa	%xmm6,%xmm1
-	jmp	.L050xts_enc_done
-.align	16
-.L045xts_enc_done6x:
-	movl	112(%esp),%eax
-	andl	$15,%eax
-	jz	.L052xts_enc_ret
-	movdqa	%xmm1,%xmm5
-	movl	%eax,112(%esp)
-	jmp	.L053xts_enc_steal
-.align	16
-.L050xts_enc_done:
-	movl	112(%esp),%eax
-	pxor	%xmm0,%xmm0
-	andl	$15,%eax
-	jz	.L052xts_enc_ret
-	pcmpgtd	%xmm1,%xmm0
-	movl	%eax,112(%esp)
-	pshufd	$19,%xmm0,%xmm5
-	paddq	%xmm1,%xmm1
-	pand	96(%esp),%xmm5
-	pxor	%xmm1,%xmm5
-.L053xts_enc_steal:
-	movzbl	(%esi),%ecx
-	movzbl	-16(%edi),%edx
-	leal	1(%esi),%esi
-	movb	%cl,-16(%edi)
-	movb	%dl,(%edi)
-	leal	1(%edi),%edi
-	subl	$1,%eax
-	jnz	.L053xts_enc_steal
-	subl	112(%esp),%edi
-	movl	%ebp,%edx
-	movl	%ebx,%ecx
-	movups	-16(%edi),%xmm2
-	xorps	%xmm5,%xmm2
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L054enc1_loop_10:
-.byte	102,15,56,220,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L054enc1_loop_10
-.byte	102,15,56,221,209
-	xorps	%xmm5,%xmm2
-	movups	%xmm2,-16(%edi)
-.L052xts_enc_ret:
-	movl	116(%esp),%esp
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	aesni_xts_encrypt,.-.L_aesni_xts_encrypt_begin
-.globl	aesni_xts_decrypt
-.type	aesni_xts_decrypt,@function
-.align	16
-aesni_xts_decrypt:
-.L_aesni_xts_decrypt_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	36(%esp),%edx
-	movl	40(%esp),%esi
-	movl	240(%edx),%ecx
-	movups	(%esi),%xmm2
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L055enc1_loop_11:
-.byte	102,15,56,220,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L055enc1_loop_11
-.byte	102,15,56,221,209
-	movl	20(%esp),%esi
-	movl	24(%esp),%edi
-	movl	28(%esp),%eax
-	movl	32(%esp),%edx
-	movl	%esp,%ebp
-	subl	$120,%esp
-	andl	$-16,%esp
-	xorl	%ebx,%ebx
-	testl	$15,%eax
-	setnz	%bl
-	shll	$4,%ebx
-	subl	%ebx,%eax
-	movl	$135,96(%esp)
-	movl	$0,100(%esp)
-	movl	$1,104(%esp)
-	movl	$0,108(%esp)
-	movl	%eax,112(%esp)
-	movl	%ebp,116(%esp)
-	movl	240(%edx),%ecx
-	movl	%edx,%ebp
-	movl	%ecx,%ebx
-	movdqa	%xmm2,%xmm1
-	pxor	%xmm0,%xmm0
-	movdqa	96(%esp),%xmm3
-	pcmpgtd	%xmm1,%xmm0
-	andl	$-16,%eax
-	subl	$96,%eax
-	jc	.L056xts_dec_short
-	shrl	$1,%ecx
-	movl	%ecx,%ebx
-	jmp	.L057xts_dec_loop6
-.align	16
-.L057xts_dec_loop6:
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	%xmm1,(%esp)
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	%xmm1,16(%esp)
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	%xmm1,32(%esp)
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	%xmm1,48(%esp)
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	pshufd	$19,%xmm0,%xmm7
-	movdqa	%xmm1,64(%esp)
-	paddq	%xmm1,%xmm1
-	movups	(%ebp),%xmm0
-	pand	%xmm3,%xmm7
-	movups	(%esi),%xmm2
-	pxor	%xmm1,%xmm7
-	movdqu	16(%esi),%xmm3
-	xorps	%xmm0,%xmm2
-	movdqu	32(%esi),%xmm4
-	pxor	%xmm0,%xmm3
-	movdqu	48(%esi),%xmm5
-	pxor	%xmm0,%xmm4
-	movdqu	64(%esi),%xmm6
-	pxor	%xmm0,%xmm5
-	movdqu	80(%esi),%xmm1
-	pxor	%xmm0,%xmm6
-	leal	96(%esi),%esi
-	pxor	(%esp),%xmm2
-	movdqa	%xmm7,80(%esp)
-	pxor	%xmm1,%xmm7
-	movups	16(%ebp),%xmm1
-	leal	32(%ebp),%edx
-	pxor	16(%esp),%xmm3
-.byte	102,15,56,222,209
-	pxor	32(%esp),%xmm4
-.byte	102,15,56,222,217
-	pxor	48(%esp),%xmm5
-	decl	%ecx
-.byte	102,15,56,222,225
-	pxor	64(%esp),%xmm6
-.byte	102,15,56,222,233
-	pxor	%xmm0,%xmm7
-.byte	102,15,56,222,241
-	movups	(%edx),%xmm0
-.byte	102,15,56,222,249
-	call	.L_aesni_decrypt6_enter
-	movdqa	80(%esp),%xmm1
-	pxor	%xmm0,%xmm0
-	xorps	(%esp),%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	xorps	16(%esp),%xmm3
-	movups	%xmm2,(%edi)
-	xorps	32(%esp),%xmm4
-	movups	%xmm3,16(%edi)
-	xorps	48(%esp),%xmm5
-	movups	%xmm4,32(%edi)
-	xorps	64(%esp),%xmm6
-	movups	%xmm5,48(%edi)
-	xorps	%xmm1,%xmm7
-	movups	%xmm6,64(%edi)
-	pshufd	$19,%xmm0,%xmm2
-	movups	%xmm7,80(%edi)
-	leal	96(%edi),%edi
-	movdqa	96(%esp),%xmm3
-	pxor	%xmm0,%xmm0
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	movl	%ebx,%ecx
-	pxor	%xmm2,%xmm1
-	subl	$96,%eax
-	jnc	.L057xts_dec_loop6
-	leal	1(,%ecx,2),%ecx
-	movl	%ebp,%edx
-	movl	%ecx,%ebx
-.L056xts_dec_short:
-	addl	$96,%eax
-	jz	.L058xts_dec_done6x
-	movdqa	%xmm1,%xmm5
-	cmpl	$32,%eax
-	jb	.L059xts_dec_one
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	je	.L060xts_dec_two
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	%xmm1,%xmm6
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	cmpl	$64,%eax
-	jb	.L061xts_dec_three
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	%xmm1,%xmm7
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-	movdqa	%xmm5,(%esp)
-	movdqa	%xmm6,16(%esp)
-	je	.L062xts_dec_four
-	movdqa	%xmm7,32(%esp)
-	pshufd	$19,%xmm0,%xmm7
-	movdqa	%xmm1,48(%esp)
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm7
-	pxor	%xmm1,%xmm7
-	movdqu	(%esi),%xmm2
-	movdqu	16(%esi),%xmm3
-	movdqu	32(%esi),%xmm4
-	pxor	(%esp),%xmm2
-	movdqu	48(%esi),%xmm5
-	pxor	16(%esp),%xmm3
-	movdqu	64(%esi),%xmm6
-	pxor	32(%esp),%xmm4
-	leal	80(%esi),%esi
-	pxor	48(%esp),%xmm5
-	movdqa	%xmm7,64(%esp)
-	pxor	%xmm7,%xmm6
-	call	_aesni_decrypt6
-	movaps	64(%esp),%xmm1
-	xorps	(%esp),%xmm2
-	xorps	16(%esp),%xmm3
-	xorps	32(%esp),%xmm4
-	movups	%xmm2,(%edi)
-	xorps	48(%esp),%xmm5
-	movups	%xmm3,16(%edi)
-	xorps	%xmm1,%xmm6
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-	movups	%xmm6,64(%edi)
-	leal	80(%edi),%edi
-	jmp	.L063xts_dec_done
-.align	16
-.L059xts_dec_one:
-	movups	(%esi),%xmm2
-	leal	16(%esi),%esi
-	xorps	%xmm5,%xmm2
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L064dec1_loop_12:
-.byte	102,15,56,222,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L064dec1_loop_12
-.byte	102,15,56,223,209
-	xorps	%xmm5,%xmm2
-	movups	%xmm2,(%edi)
-	leal	16(%edi),%edi
-	movdqa	%xmm5,%xmm1
-	jmp	.L063xts_dec_done
-.align	16
-.L060xts_dec_two:
-	movaps	%xmm1,%xmm6
-	movups	(%esi),%xmm2
-	movups	16(%esi),%xmm3
-	leal	32(%esi),%esi
-	xorps	%xmm5,%xmm2
-	xorps	%xmm6,%xmm3
-	call	_aesni_decrypt3
-	xorps	%xmm5,%xmm2
-	xorps	%xmm6,%xmm3
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	leal	32(%edi),%edi
-	movdqa	%xmm6,%xmm1
-	jmp	.L063xts_dec_done
-.align	16
-.L061xts_dec_three:
-	movaps	%xmm1,%xmm7
-	movups	(%esi),%xmm2
-	movups	16(%esi),%xmm3
-	movups	32(%esi),%xmm4
-	leal	48(%esi),%esi
-	xorps	%xmm5,%xmm2
-	xorps	%xmm6,%xmm3
-	xorps	%xmm7,%xmm4
-	call	_aesni_decrypt3
-	xorps	%xmm5,%xmm2
-	xorps	%xmm6,%xmm3
-	xorps	%xmm7,%xmm4
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	leal	48(%edi),%edi
-	movdqa	%xmm7,%xmm1
-	jmp	.L063xts_dec_done
-.align	16
-.L062xts_dec_four:
-	movaps	%xmm1,%xmm6
-	movups	(%esi),%xmm2
-	movups	16(%esi),%xmm3
-	movups	32(%esi),%xmm4
-	xorps	(%esp),%xmm2
-	movups	48(%esi),%xmm5
-	leal	64(%esi),%esi
-	xorps	16(%esp),%xmm3
-	xorps	%xmm7,%xmm4
-	xorps	%xmm6,%xmm5
-	call	_aesni_decrypt4
-	xorps	(%esp),%xmm2
-	xorps	16(%esp),%xmm3
-	xorps	%xmm7,%xmm4
-	movups	%xmm2,(%edi)
-	xorps	%xmm6,%xmm5
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-	leal	64(%edi),%edi
-	movdqa	%xmm6,%xmm1
-	jmp	.L063xts_dec_done
-.align	16
-.L058xts_dec_done6x:
-	movl	112(%esp),%eax
-	andl	$15,%eax
-	jz	.L065xts_dec_ret
-	movl	%eax,112(%esp)
-	jmp	.L066xts_dec_only_one_more
-.align	16
-.L063xts_dec_done:
-	movl	112(%esp),%eax
-	pxor	%xmm0,%xmm0
-	andl	$15,%eax
-	jz	.L065xts_dec_ret
-	pcmpgtd	%xmm1,%xmm0
-	movl	%eax,112(%esp)
-	pshufd	$19,%xmm0,%xmm2
-	pxor	%xmm0,%xmm0
-	movdqa	96(%esp),%xmm3
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm2
-	pcmpgtd	%xmm1,%xmm0
-	pxor	%xmm2,%xmm1
-.L066xts_dec_only_one_more:
-	pshufd	$19,%xmm0,%xmm5
-	movdqa	%xmm1,%xmm6
-	paddq	%xmm1,%xmm1
-	pand	%xmm3,%xmm5
-	pxor	%xmm1,%xmm5
-	movl	%ebp,%edx
-	movl	%ebx,%ecx
-	movups	(%esi),%xmm2
-	xorps	%xmm5,%xmm2
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L067dec1_loop_13:
-.byte	102,15,56,222,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L067dec1_loop_13
-.byte	102,15,56,223,209
-	xorps	%xmm5,%xmm2
-	movups	%xmm2,(%edi)
-.L068xts_dec_steal:
-	movzbl	16(%esi),%ecx
-	movzbl	(%edi),%edx
-	leal	1(%esi),%esi
-	movb	%cl,(%edi)
-	movb	%dl,16(%edi)
-	leal	1(%edi),%edi
-	subl	$1,%eax
-	jnz	.L068xts_dec_steal
-	subl	112(%esp),%edi
-	movl	%ebp,%edx
-	movl	%ebx,%ecx
-	movups	(%edi),%xmm2
-	xorps	%xmm6,%xmm2
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L069dec1_loop_14:
-.byte	102,15,56,222,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L069dec1_loop_14
-.byte	102,15,56,223,209
-	xorps	%xmm6,%xmm2
-	movups	%xmm2,(%edi)
-.L065xts_dec_ret:
-	movl	116(%esp),%esp
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	aesni_xts_decrypt,.-.L_aesni_xts_decrypt_begin
-.globl	aesni_cbc_encrypt
-.type	aesni_cbc_encrypt,@function
-.align	16
-aesni_cbc_encrypt:
-.L_aesni_cbc_encrypt_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%esi
-	movl	%esp,%ebx
-	movl	24(%esp),%edi
-	subl	$24,%ebx
-	movl	28(%esp),%eax
-	andl	$-16,%ebx
-	movl	32(%esp),%edx
-	movl	36(%esp),%ebp
-	testl	%eax,%eax
-	jz	.L070cbc_abort
-	cmpl	$0,40(%esp)
-	xchgl	%esp,%ebx
-	movups	(%ebp),%xmm7
-	movl	240(%edx),%ecx
-	movl	%edx,%ebp
-	movl	%ebx,16(%esp)
-	movl	%ecx,%ebx
-	je	.L071cbc_decrypt
-	movaps	%xmm7,%xmm2
-	cmpl	$16,%eax
-	jb	.L072cbc_enc_tail
-	subl	$16,%eax
-	jmp	.L073cbc_enc_loop
-.align	16
-.L073cbc_enc_loop:
-	movups	(%esi),%xmm7
-	leal	16(%esi),%esi
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	xorps	%xmm0,%xmm7
-	leal	32(%edx),%edx
-	xorps	%xmm7,%xmm2
-.L074enc1_loop_15:
-.byte	102,15,56,220,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L074enc1_loop_15
-.byte	102,15,56,221,209
-	movl	%ebx,%ecx
-	movl	%ebp,%edx
-	movups	%xmm2,(%edi)
-	leal	16(%edi),%edi
-	subl	$16,%eax
-	jnc	.L073cbc_enc_loop
-	addl	$16,%eax
-	jnz	.L072cbc_enc_tail
-	movaps	%xmm2,%xmm7
-	jmp	.L075cbc_ret
-.L072cbc_enc_tail:
-	movl	%eax,%ecx
-.long	2767451785
-	movl	$16,%ecx
-	subl	%eax,%ecx
-	xorl	%eax,%eax
-.long	2868115081
-	leal	-16(%edi),%edi
-	movl	%ebx,%ecx
-	movl	%edi,%esi
-	movl	%ebp,%edx
-	jmp	.L073cbc_enc_loop
-.align	16
-.L071cbc_decrypt:
-	cmpl	$80,%eax
-	jbe	.L076cbc_dec_tail
-	movaps	%xmm7,(%esp)
-	subl	$80,%eax
-	jmp	.L077cbc_dec_loop6_enter
-.align	16
-.L078cbc_dec_loop6:
-	movaps	%xmm0,(%esp)
-	movups	%xmm7,(%edi)
-	leal	16(%edi),%edi
-.L077cbc_dec_loop6_enter:
-	movdqu	(%esi),%xmm2
-	movdqu	16(%esi),%xmm3
-	movdqu	32(%esi),%xmm4
-	movdqu	48(%esi),%xmm5
-	movdqu	64(%esi),%xmm6
-	movdqu	80(%esi),%xmm7
-	call	_aesni_decrypt6
-	movups	(%esi),%xmm1
-	movups	16(%esi),%xmm0
-	xorps	(%esp),%xmm2
-	xorps	%xmm1,%xmm3
-	movups	32(%esi),%xmm1
-	xorps	%xmm0,%xmm4
-	movups	48(%esi),%xmm0
-	xorps	%xmm1,%xmm5
-	movups	64(%esi),%xmm1
-	xorps	%xmm0,%xmm6
-	movups	80(%esi),%xmm0
-	xorps	%xmm1,%xmm7
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	leal	96(%esi),%esi
-	movups	%xmm4,32(%edi)
-	movl	%ebx,%ecx
-	movups	%xmm5,48(%edi)
-	movl	%ebp,%edx
-	movups	%xmm6,64(%edi)
-	leal	80(%edi),%edi
-	subl	$96,%eax
-	ja	.L078cbc_dec_loop6
-	movaps	%xmm7,%xmm2
-	movaps	%xmm0,%xmm7
-	addl	$80,%eax
-	jle	.L079cbc_dec_tail_collected
-	movups	%xmm2,(%edi)
-	leal	16(%edi),%edi
-.L076cbc_dec_tail:
-	movups	(%esi),%xmm2
-	movaps	%xmm2,%xmm6
-	cmpl	$16,%eax
-	jbe	.L080cbc_dec_one
-	movups	16(%esi),%xmm3
-	movaps	%xmm3,%xmm5
-	cmpl	$32,%eax
-	jbe	.L081cbc_dec_two
-	movups	32(%esi),%xmm4
-	cmpl	$48,%eax
-	jbe	.L082cbc_dec_three
-	movups	48(%esi),%xmm5
-	cmpl	$64,%eax
-	jbe	.L083cbc_dec_four
-	movups	64(%esi),%xmm6
-	movaps	%xmm7,(%esp)
-	movups	(%esi),%xmm2
-	xorps	%xmm7,%xmm7
-	call	_aesni_decrypt6
-	movups	(%esi),%xmm1
-	movups	16(%esi),%xmm0
-	xorps	(%esp),%xmm2
-	xorps	%xmm1,%xmm3
-	movups	32(%esi),%xmm1
-	xorps	%xmm0,%xmm4
-	movups	48(%esi),%xmm0
-	xorps	%xmm1,%xmm5
-	movups	64(%esi),%xmm7
-	xorps	%xmm0,%xmm6
-	movups	%xmm2,(%edi)
-	movups	%xmm3,16(%edi)
-	movups	%xmm4,32(%edi)
-	movups	%xmm5,48(%edi)
-	leal	64(%edi),%edi
-	movaps	%xmm6,%xmm2
-	subl	$80,%eax
-	jmp	.L079cbc_dec_tail_collected
-.align	16
-.L080cbc_dec_one:
-	movups	(%edx),%xmm0
-	movups	16(%edx),%xmm1
-	leal	32(%edx),%edx
-	xorps	%xmm0,%xmm2
-.L084dec1_loop_16:
-.byte	102,15,56,222,209
-	decl	%ecx
-	movups	(%edx),%xmm1
-	leal	16(%edx),%edx
-	jnz	.L084dec1_loop_16
-.byte	102,15,56,223,209
-	xorps	%xmm7,%xmm2
-	movaps	%xmm6,%xmm7
-	subl	$16,%eax
-	jmp	.L079cbc_dec_tail_collected
-.align	16
-.L081cbc_dec_two:
-	xorps	%xmm4,%xmm4
-	call	_aesni_decrypt3
-	xorps	%xmm7,%xmm2
-	xorps	%xmm6,%xmm3
-	movups	%xmm2,(%edi)
-	movaps	%xmm3,%xmm2
-	leal	16(%edi),%edi
-	movaps	%xmm5,%xmm7
-	subl	$32,%eax
-	jmp	.L079cbc_dec_tail_collected
-.align	16
-.L082cbc_dec_three:
-	call	_aesni_decrypt3
-	xorps	%xmm7,%xmm2
-	xorps	%xmm6,%xmm3
-	xorps	%xmm5,%xmm4
-	movups	%xmm2,(%edi)
-	movaps	%xmm4,%xmm2
-	movups	%xmm3,16(%edi)
-	leal	32(%edi),%edi
-	movups	32(%esi),%xmm7
-	subl	$48,%eax
-	jmp	.L079cbc_dec_tail_collected
-.align	16
-.L083cbc_dec_four:
-	call	_aesni_decrypt4
-	movups	16(%esi),%xmm1
-	movups	32(%esi),%xmm0
-	xorps	%xmm7,%xmm2
-	movups	48(%esi),%xmm7
-	xorps	%xmm6,%xmm3
-	movups	%xmm2,(%edi)
-	xorps	%xmm1,%xmm4
-	movups	%xmm3,16(%edi)
-	xorps	%xmm0,%xmm5
-	movups	%xmm4,32(%edi)
-	leal	48(%edi),%edi
-	movaps	%xmm5,%xmm2
-	subl	$64,%eax
-.L079cbc_dec_tail_collected:
-	andl	$15,%eax
-	jnz	.L085cbc_dec_tail_partial
-	movups	%xmm2,(%edi)
-	jmp	.L075cbc_ret
-.align	16
-.L085cbc_dec_tail_partial:
-	movaps	%xmm2,(%esp)
-	movl	$16,%ecx
-	movl	%esp,%esi
-	subl	%eax,%ecx
-.long	2767451785
-.L075cbc_ret:
-	movl	16(%esp),%esp
-	movl	36(%esp),%ebp
-	movups	%xmm7,(%ebp)
-.L070cbc_abort:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	aesni_cbc_encrypt,.-.L_aesni_cbc_encrypt_begin
-.type	_aesni_set_encrypt_key,@function
-.align	16
-_aesni_set_encrypt_key:
-	testl	%eax,%eax
-	jz	.L086bad_pointer
-	testl	%edx,%edx
-	jz	.L086bad_pointer
-	movups	(%eax),%xmm0
-	xorps	%xmm4,%xmm4
-	leal	16(%edx),%edx
-	cmpl	$256,%ecx
-	je	.L08714rounds
-	cmpl	$192,%ecx
-	je	.L08812rounds
-	cmpl	$128,%ecx
-	jne	.L089bad_keybits
-.align	16
-.L09010rounds:
-	movl	$9,%ecx
-	movups	%xmm0,-16(%edx)
-.byte	102,15,58,223,200,1
-	call	.L091key_128_cold
-.byte	102,15,58,223,200,2
-	call	.L092key_128
-.byte	102,15,58,223,200,4
-	call	.L092key_128
-.byte	102,15,58,223,200,8
-	call	.L092key_128
-.byte	102,15,58,223,200,16
-	call	.L092key_128
-.byte	102,15,58,223,200,32
-	call	.L092key_128
-.byte	102,15,58,223,200,64
-	call	.L092key_128
-.byte	102,15,58,223,200,128
-	call	.L092key_128
-.byte	102,15,58,223,200,27
-	call	.L092key_128
-.byte	102,15,58,223,200,54
-	call	.L092key_128
-	movups	%xmm0,(%edx)
-	movl	%ecx,80(%edx)
-	xorl	%eax,%eax
-	ret
-.align	16
-.L092key_128:
-	movups	%xmm0,(%edx)
-	leal	16(%edx),%edx
-.L091key_128_cold:
-	shufps	$16,%xmm0,%xmm4
-	xorps	%xmm4,%xmm0
-	shufps	$140,%xmm0,%xmm4
-	xorps	%xmm4,%xmm0
-	shufps	$255,%xmm1,%xmm1
-	xorps	%xmm1,%xmm0
-	ret
-.align	16
-.L08812rounds:
-	movq	16(%eax),%xmm2
-	movl	$11,%ecx
-	movups	%xmm0,-16(%edx)
-.byte	102,15,58,223,202,1
-	call	.L093key_192a_cold
-.byte	102,15,58,223,202,2
-	call	.L094key_192b
-.byte	102,15,58,223,202,4
-	call	.L095key_192a
-.byte	102,15,58,223,202,8
-	call	.L094key_192b
-.byte	102,15,58,223,202,16
-	call	.L095key_192a
-.byte	102,15,58,223,202,32
-	call	.L094key_192b
-.byte	102,15,58,223,202,64
-	call	.L095key_192a
-.byte	102,15,58,223,202,128
-	call	.L094key_192b
-	movups	%xmm0,(%edx)
-	movl	%ecx,48(%edx)
-	xorl	%eax,%eax
-	ret
-.align	16
-.L095key_192a:
-	movups	%xmm0,(%edx)
-	leal	16(%edx),%edx
-.align	16
-.L093key_192a_cold:
-	movaps	%xmm2,%xmm5
-.L096key_192b_warm:
-	shufps	$16,%xmm0,%xmm4
-	movdqa	%xmm2,%xmm3
-	xorps	%xmm4,%xmm0
-	shufps	$140,%xmm0,%xmm4
-	pslldq	$4,%xmm3
-	xorps	%xmm4,%xmm0
-	pshufd	$85,%xmm1,%xmm1
-	pxor	%xmm3,%xmm2
-	pxor	%xmm1,%xmm0
-	pshufd	$255,%xmm0,%xmm3
-	pxor	%xmm3,%xmm2
-	ret
-.align	16
-.L094key_192b:
-	movaps	%xmm0,%xmm3
-	shufps	$68,%xmm0,%xmm5
-	movups	%xmm5,(%edx)
-	shufps	$78,%xmm2,%xmm3
-	movups	%xmm3,16(%edx)
-	leal	32(%edx),%edx
-	jmp	.L096key_192b_warm
-.align	16
-.L08714rounds:
-	movups	16(%eax),%xmm2
-	movl	$13,%ecx
-	leal	16(%edx),%edx
-	movups	%xmm0,-32(%edx)
-	movups	%xmm2,-16(%edx)
-.byte	102,15,58,223,202,1
-	call	.L097key_256a_cold
-.byte	102,15,58,223,200,1
-	call	.L098key_256b
-.byte	102,15,58,223,202,2
-	call	.L099key_256a
-.byte	102,15,58,223,200,2
-	call	.L098key_256b
-.byte	102,15,58,223,202,4
-	call	.L099key_256a
-.byte	102,15,58,223,200,4
-	call	.L098key_256b
-.byte	102,15,58,223,202,8
-	call	.L099key_256a
-.byte	102,15,58,223,200,8
-	call	.L098key_256b
-.byte	102,15,58,223,202,16
-	call	.L099key_256a
-.byte	102,15,58,223,200,16
-	call	.L098key_256b
-.byte	102,15,58,223,202,32
-	call	.L099key_256a
-.byte	102,15,58,223,200,32
-	call	.L098key_256b
-.byte	102,15,58,223,202,64
-	call	.L099key_256a
-	movups	%xmm0,(%edx)
-	movl	%ecx,16(%edx)
-	xorl	%eax,%eax
-	ret
-.align	16
-.L099key_256a:
-	movups	%xmm2,(%edx)
-	leal	16(%edx),%edx
-.L097key_256a_cold:
-	shufps	$16,%xmm0,%xmm4
-	xorps	%xmm4,%xmm0
-	shufps	$140,%xmm0,%xmm4
-	xorps	%xmm4,%xmm0
-	shufps	$255,%xmm1,%xmm1
-	xorps	%xmm1,%xmm0
-	ret
-.align	16
-.L098key_256b:
-	movups	%xmm0,(%edx)
-	leal	16(%edx),%edx
-	shufps	$16,%xmm2,%xmm4
-	xorps	%xmm4,%xmm2
-	shufps	$140,%xmm2,%xmm4
-	xorps	%xmm4,%xmm2
-	shufps	$170,%xmm1,%xmm1
-	xorps	%xmm1,%xmm2
-	ret
-.align	4
-.L086bad_pointer:
-	movl	$-1,%eax
-	ret
-.align	4
-.L089bad_keybits:
-	movl	$-2,%eax
-	ret
-.size	_aesni_set_encrypt_key,.-_aesni_set_encrypt_key
-.globl	aesni_set_encrypt_key
-.type	aesni_set_encrypt_key,@function
-.align	16
-aesni_set_encrypt_key:
-.L_aesni_set_encrypt_key_begin:
-	movl	4(%esp),%eax
-	movl	8(%esp),%ecx
-	movl	12(%esp),%edx
-	call	_aesni_set_encrypt_key
-	ret
-.size	aesni_set_encrypt_key,.-.L_aesni_set_encrypt_key_begin
-.globl	aesni_set_decrypt_key
-.type	aesni_set_decrypt_key,@function
-.align	16
-aesni_set_decrypt_key:
-.L_aesni_set_decrypt_key_begin:
-	movl	4(%esp),%eax
-	movl	8(%esp),%ecx
-	movl	12(%esp),%edx
-	call	_aesni_set_encrypt_key
-	movl	12(%esp),%edx
-	shll	$4,%ecx
-	testl	%eax,%eax
-	jnz	.L100dec_key_ret
-	leal	16(%edx,%ecx,1),%eax
-	movups	(%edx),%xmm0
-	movups	(%eax),%xmm1
-	movups	%xmm0,(%eax)
-	movups	%xmm1,(%edx)
-	leal	16(%edx),%edx
-	leal	-16(%eax),%eax
-.L101dec_key_inverse:
-	movups	(%edx),%xmm0
-	movups	(%eax),%xmm1
-.byte	102,15,56,219,192
-.byte	102,15,56,219,201
-	leal	16(%edx),%edx
-	leal	-16(%eax),%eax
-	movups	%xmm0,16(%eax)
-	movups	%xmm1,-16(%edx)
-	cmpl	%edx,%eax
-	ja	.L101dec_key_inverse
-	movups	(%edx),%xmm0
-.byte	102,15,56,219,192
-	movups	%xmm0,(%edx)
-	xorl	%eax,%eax
-.L100dec_key_ret:
-	ret
-.size	aesni_set_decrypt_key,.-.L_aesni_set_decrypt_key_begin
-.byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69
-.byte	83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83
-.byte	32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115
-.byte	115,108,46,111,114,103,62,0
diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
deleted file mode 100644
index 3dc345b585..0000000000
--- a/crypto/aes/asm/aesni-x86.pl
+++ /dev/null
@@ -1,2189 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# This module implements support for Intel AES-NI extension. In
-# OpenSSL context it's used with Intel engine, but can also be used as
-# drop-in replacement for crypto/aes/asm/aes-586.pl [see below for
-# details].
-#
-# Performance.
-#
-# To start with see corresponding paragraph in aesni-x86_64.pl...
-# Instead of filling table similar to one found there I've chosen to
-# summarize *comparison* results for raw ECB, CTR and CBC benchmarks.
-# The simplified table below represents 32-bit performance relative
-# to 64-bit one in every given point. Ratios vary for different
-# encryption modes, therefore interval values.
-#
-#	16-byte     64-byte     256-byte    1-KB        8-KB
-#	53-67%      67-84%      91-94%      95-98%      97-99.5%
-#
-# Lower ratios for smaller block sizes are perfectly understandable,
-# because function call overhead is higher in 32-bit mode. Largest
-# 8-KB block performance is virtually same: 32-bit code is less than
-# 1% slower for ECB, CBC and CCM, and ~3% slower otherwise.
-
-# January 2011
-#
-# See aesni-x86_64.pl for details. Unlike x86_64 version this module
-# interleaves at most 6 aes[enc|dec] instructions, because there are
-# not enough registers for 8x interleave [which should be optimal for
-# Sandy Bridge]. Actually, performance results for 6x interleave
-# factor presented in aesni-x86_64.pl (except for CTR) are for this
-# module.
-
-# April 2011
-#
-# Add aesni_xts_[en|de]crypt. Westmere spends 1.50 cycles processing
-# one byte out of 8KB with 128-bit key, Sandy Bridge - 1.09.
-
-$PREFIX="aesni";	# if $PREFIX is set to "AES", the script
-			# generates drop-in replacement for
-			# crypto/aes/asm/aes-586.pl:-)
-$inline=1;		# inline _aesni_[en|de]crypt
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],$0);
-
-if ($PREFIX eq "aesni")	{ $movekey=*movups; }
-else			{ $movekey=*movups; }
-
-$len="eax";
-$rounds="ecx";
-$key="edx";
-$inp="esi";
-$out="edi";
-$rounds_="ebx";	# backup copy for $rounds
-$key_="ebp";	# backup copy for $key
-
-$rndkey0="xmm0";
-$rndkey1="xmm1";
-$inout0="xmm2";
-$inout1="xmm3";
-$inout2="xmm4";
-$inout3="xmm5";	$in1="xmm5";
-$inout4="xmm6";	$in0="xmm6";
-$inout5="xmm7";	$ivec="xmm7";
-
-# AESNI extenstion
-sub aeskeygenassist
-{ my($dst,$src,$imm)=@_;
-    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
-    {	&data_byte(0x66,0x0f,0x3a,0xdf,0xc0|($1<<3)|$2,$imm);	}
-}
-sub aescommon
-{ my($opcodelet,$dst,$src)=@_;
-    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
-    {	&data_byte(0x66,0x0f,0x38,$opcodelet,0xc0|($1<<3)|$2);}
-}
-sub aesimc	{ aescommon(0xdb,@_); }
-sub aesenc	{ aescommon(0xdc,@_); }
-sub aesenclast	{ aescommon(0xdd,@_); }
-sub aesdec	{ aescommon(0xde,@_); }
-sub aesdeclast	{ aescommon(0xdf,@_); }
-
-# Inline version of internal aesni_[en|de]crypt1
-{ my $sn;
-sub aesni_inline_generate1
-{ my ($p,$inout,$ivec)=@_; $inout=$inout0 if (!defined($inout));
-  $sn++;
-
-    &$movekey		($rndkey0,&QWP(0,$key));
-    &$movekey		($rndkey1,&QWP(16,$key));
-    &xorps		($ivec,$rndkey0)	if (defined($ivec));
-    &lea		($key,&DWP(32,$key));
-    &xorps		($inout,$ivec)		if (defined($ivec));
-    &xorps		($inout,$rndkey0)	if (!defined($ivec));
-    &set_label("${p}1_loop_$sn");
-	eval"&aes${p}	($inout,$rndkey1)";
-	&dec		($rounds);
-	&$movekey	($rndkey1,&QWP(0,$key));
-	&lea		($key,&DWP(16,$key));
-    &jnz		(&label("${p}1_loop_$sn"));
-    eval"&aes${p}last	($inout,$rndkey1)";
-}}
-
-sub aesni_generate1	# fully unrolled loop
-{ my ($p,$inout)=@_; $inout=$inout0 if (!defined($inout));
-
-    &function_begin_B("_aesni_${p}rypt1");
-	&movups		($rndkey0,&QWP(0,$key));
-	&$movekey	($rndkey1,&QWP(0x10,$key));
-	&xorps		($inout,$rndkey0);
-	&$movekey	($rndkey0,&QWP(0x20,$key));
-	&lea		($key,&DWP(0x30,$key));
-	&cmp		($rounds,11);
-	&jb		(&label("${p}128"));
-	&lea		($key,&DWP(0x20,$key));
-	&je		(&label("${p}192"));
-	&lea		($key,&DWP(0x20,$key));
-	eval"&aes${p}	($inout,$rndkey1)";
-	&$movekey	($rndkey1,&QWP(-0x40,$key));
-	eval"&aes${p}	($inout,$rndkey0)";
-	&$movekey	($rndkey0,&QWP(-0x30,$key));
-    &set_label("${p}192");
-	eval"&aes${p}	($inout,$rndkey1)";
-	&$movekey	($rndkey1,&QWP(-0x20,$key));
-	eval"&aes${p}	($inout,$rndkey0)";
-	&$movekey	($rndkey0,&QWP(-0x10,$key));
-    &set_label("${p}128");
-	eval"&aes${p}	($inout,$rndkey1)";
-	&$movekey	($rndkey1,&QWP(0,$key));
-	eval"&aes${p}	($inout,$rndkey0)";
-	&$movekey	($rndkey0,&QWP(0x10,$key));
-	eval"&aes${p}	($inout,$rndkey1)";
-	&$movekey	($rndkey1,&QWP(0x20,$key));
-	eval"&aes${p}	($inout,$rndkey0)";
-	&$movekey	($rndkey0,&QWP(0x30,$key));
-	eval"&aes${p}	($inout,$rndkey1)";
-	&$movekey	($rndkey1,&QWP(0x40,$key));
-	eval"&aes${p}	($inout,$rndkey0)";
-	&$movekey	($rndkey0,&QWP(0x50,$key));
-	eval"&aes${p}	($inout,$rndkey1)";
-	&$movekey	($rndkey1,&QWP(0x60,$key));
-	eval"&aes${p}	($inout,$rndkey0)";
-	&$movekey	($rndkey0,&QWP(0x70,$key));
-	eval"&aes${p}	($inout,$rndkey1)";
-    eval"&aes${p}last	($inout,$rndkey0)";
-    &ret();
-    &function_end_B("_aesni_${p}rypt1");
-}
-
-# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key);
-&aesni_generate1("enc") if (!$inline);
-&function_begin_B("${PREFIX}_encrypt");
-	&mov	("eax",&wparam(0));
-	&mov	($key,&wparam(2));
-	&movups	($inout0,&QWP(0,"eax"));
-	&mov	($rounds,&DWP(240,$key));
-	&mov	("eax",&wparam(1));
-	if ($inline)
-	{   &aesni_inline_generate1("enc");	}
-	else
-	{   &call	("_aesni_encrypt1");	}
-	&movups	(&QWP(0,"eax"),$inout0);
-	&ret	();
-&function_end_B("${PREFIX}_encrypt");
-
-# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key);
-&aesni_generate1("dec") if(!$inline);
-&function_begin_B("${PREFIX}_decrypt");
-	&mov	("eax",&wparam(0));
-	&mov	($key,&wparam(2));
-	&movups	($inout0,&QWP(0,"eax"));
-	&mov	($rounds,&DWP(240,$key));
-	&mov	("eax",&wparam(1));
-	if ($inline)
-	{   &aesni_inline_generate1("dec");	}
-	else
-	{   &call	("_aesni_decrypt1");	}
-	&movups	(&QWP(0,"eax"),$inout0);
-	&ret	();
-&function_end_B("${PREFIX}_decrypt");
-
-# _aesni_[en|de]cryptN are private interfaces, N denotes interleave
-# factor. Why 3x subroutine were originally used in loops? Even though
-# aes[enc|dec] latency was originally 6, it could be scheduled only
-# every *2nd* cycle. Thus 3x interleave was the one providing optimal
-# utilization, i.e. when subroutine's throughput is virtually same as
-# of non-interleaved subroutine [for number of input blocks up to 3].
-# This is why it makes no sense to implement 2x subroutine.
-# aes[enc|dec] latency in next processor generation is 8, but the
-# instructions can be scheduled every cycle. Optimal interleave for
-# new processor is therefore 8x, but it's unfeasible to accommodate it
-# in XMM registers addreassable in 32-bit mode and therefore 6x is
-# used instead...
-
-sub aesni_generate3
-{ my $p=shift;
-
-    &function_begin_B("_aesni_${p}rypt3");
-	&$movekey	($rndkey0,&QWP(0,$key));
-	&shr		($rounds,1);
-	&$movekey	($rndkey1,&QWP(16,$key));
-	&lea		($key,&DWP(32,$key));
-	&xorps		($inout0,$rndkey0);
-	&pxor		($inout1,$rndkey0);
-	&pxor		($inout2,$rndkey0);
-	&$movekey	($rndkey0,&QWP(0,$key));
-
-    &set_label("${p}3_loop");
-	eval"&aes${p}	($inout0,$rndkey1)";
-	eval"&aes${p}	($inout1,$rndkey1)";
-	&dec		($rounds);
-	eval"&aes${p}	($inout2,$rndkey1)";
-	&$movekey	($rndkey1,&QWP(16,$key));
-	eval"&aes${p}	($inout0,$rndkey0)";
-	eval"&aes${p}	($inout1,$rndkey0)";
-	&lea		($key,&DWP(32,$key));
-	eval"&aes${p}	($inout2,$rndkey0)";
-	&$movekey	($rndkey0,&QWP(0,$key));
-	&jnz		(&label("${p}3_loop"));
-    eval"&aes${p}	($inout0,$rndkey1)";
-    eval"&aes${p}	($inout1,$rndkey1)";
-    eval"&aes${p}	($inout2,$rndkey1)";
-    eval"&aes${p}last	($inout0,$rndkey0)";
-    eval"&aes${p}last	($inout1,$rndkey0)";
-    eval"&aes${p}last	($inout2,$rndkey0)";
-    &ret();
-    &function_end_B("_aesni_${p}rypt3");
-}
-
-# 4x interleave is implemented to improve small block performance,
-# most notably [and naturally] 4 block by ~30%. One can argue that one
-# should have implemented 5x as well, but improvement  would be <20%,
-# so it's not worth it...
-sub aesni_generate4
-{ my $p=shift;
-
-    &function_begin_B("_aesni_${p}rypt4");
-	&$movekey	($rndkey0,&QWP(0,$key));
-	&$movekey	($rndkey1,&QWP(16,$key));
-	&shr		($rounds,1);
-	&lea		($key,&DWP(32,$key));
-	&xorps		($inout0,$rndkey0);
-	&pxor		($inout1,$rndkey0);
-	&pxor		($inout2,$rndkey0);
-	&pxor		($inout3,$rndkey0);
-	&$movekey	($rndkey0,&QWP(0,$key));
-
-    &set_label("${p}4_loop");
-	eval"&aes${p}	($inout0,$rndkey1)";
-	eval"&aes${p}	($inout1,$rndkey1)";
-	&dec		($rounds);
-	eval"&aes${p}	($inout2,$rndkey1)";
-	eval"&aes${p}	($inout3,$rndkey1)";
-	&$movekey	($rndkey1,&QWP(16,$key));
-	eval"&aes${p}	($inout0,$rndkey0)";
-	eval"&aes${p}	($inout1,$rndkey0)";
-	&lea		($key,&DWP(32,$key));
-	eval"&aes${p}	($inout2,$rndkey0)";
-	eval"&aes${p}	($inout3,$rndkey0)";
-	&$movekey	($rndkey0,&QWP(0,$key));
-    &jnz		(&label("${p}4_loop"));
-
-    eval"&aes${p}	($inout0,$rndkey1)";
-    eval"&aes${p}	($inout1,$rndkey1)";
-    eval"&aes${p}	($inout2,$rndkey1)";
-    eval"&aes${p}	($inout3,$rndkey1)";
-    eval"&aes${p}last	($inout0,$rndkey0)";
-    eval"&aes${p}last	($inout1,$rndkey0)";
-    eval"&aes${p}last	($inout2,$rndkey0)";
-    eval"&aes${p}last	($inout3,$rndkey0)";
-    &ret();
-    &function_end_B("_aesni_${p}rypt4");
-}
-
-sub aesni_generate6
-{ my $p=shift;
-
-    &function_begin_B("_aesni_${p}rypt6");
-    &static_label("_aesni_${p}rypt6_enter");
-	&$movekey	($rndkey0,&QWP(0,$key));
-	&shr		($rounds,1);
-	&$movekey	($rndkey1,&QWP(16,$key));
-	&lea		($key,&DWP(32,$key));
-	&xorps		($inout0,$rndkey0);
-	&pxor		($inout1,$rndkey0);	# pxor does better here
-	eval"&aes${p}	($inout0,$rndkey1)";
-	&pxor		($inout2,$rndkey0);
-	eval"&aes${p}	($inout1,$rndkey1)";
-	&pxor		($inout3,$rndkey0);
-	&dec		($rounds);
-	eval"&aes${p}	($inout2,$rndkey1)";
-	&pxor		($inout4,$rndkey0);
-	eval"&aes${p}	($inout3,$rndkey1)";
-	&pxor		($inout5,$rndkey0);
-	eval"&aes${p}	($inout4,$rndkey1)";
-	&$movekey	($rndkey0,&QWP(0,$key));
-	eval"&aes${p}	($inout5,$rndkey1)";
-	&jmp		(&label("_aesni_${p}rypt6_enter"));
-
-    &set_label("${p}6_loop",16);
-	eval"&aes${p}	($inout0,$rndkey1)";
-	eval"&aes${p}	($inout1,$rndkey1)";
-	&dec		($rounds);
-	eval"&aes${p}	($inout2,$rndkey1)";
-	eval"&aes${p}	($inout3,$rndkey1)";
-	eval"&aes${p}	($inout4,$rndkey1)";
-	eval"&aes${p}	($inout5,$rndkey1)";
-    &set_label("_aesni_${p}rypt6_enter",16);
-	&$movekey	($rndkey1,&QWP(16,$key));
-	eval"&aes${p}	($inout0,$rndkey0)";
-	eval"&aes${p}	($inout1,$rndkey0)";
-	&lea		($key,&DWP(32,$key));
-	eval"&aes${p}	($inout2,$rndkey0)";
-	eval"&aes${p}	($inout3,$rndkey0)";
-	eval"&aes${p}	($inout4,$rndkey0)";
-	eval"&aes${p}	($inout5,$rndkey0)";
-	&$movekey	($rndkey0,&QWP(0,$key));
-    &jnz		(&label("${p}6_loop"));
-
-    eval"&aes${p}	($inout0,$rndkey1)";
-    eval"&aes${p}	($inout1,$rndkey1)";
-    eval"&aes${p}	($inout2,$rndkey1)";
-    eval"&aes${p}	($inout3,$rndkey1)";
-    eval"&aes${p}	($inout4,$rndkey1)";
-    eval"&aes${p}	($inout5,$rndkey1)";
-    eval"&aes${p}last	($inout0,$rndkey0)";
-    eval"&aes${p}last	($inout1,$rndkey0)";
-    eval"&aes${p}last	($inout2,$rndkey0)";
-    eval"&aes${p}last	($inout3,$rndkey0)";
-    eval"&aes${p}last	($inout4,$rndkey0)";
-    eval"&aes${p}last	($inout5,$rndkey0)";
-    &ret();
-    &function_end_B("_aesni_${p}rypt6");
-}
-&aesni_generate3("enc") if ($PREFIX eq "aesni");
-&aesni_generate3("dec");
-&aesni_generate4("enc") if ($PREFIX eq "aesni");
-&aesni_generate4("dec");
-&aesni_generate6("enc") if ($PREFIX eq "aesni");
-&aesni_generate6("dec");
-
-if ($PREFIX eq "aesni") {
-######################################################################
-# void aesni_ecb_encrypt (const void *in, void *out,
-#                         size_t length, const AES_KEY *key,
-#                         int enc);
-&function_begin("aesni_ecb_encrypt");
-	&mov	($inp,&wparam(0));
-	&mov	($out,&wparam(1));
-	&mov	($len,&wparam(2));
-	&mov	($key,&wparam(3));
-	&mov	($rounds_,&wparam(4));
-	&and	($len,-16);
-	&jz	(&label("ecb_ret"));
-	&mov	($rounds,&DWP(240,$key));
-	&test	($rounds_,$rounds_);
-	&jz	(&label("ecb_decrypt"));
-
-	&mov	($key_,$key);		# backup $key
-	&mov	($rounds_,$rounds);	# backup $rounds
-	&cmp	($len,0x60);
-	&jb	(&label("ecb_enc_tail"));
-
-	&movdqu	($inout0,&QWP(0,$inp));
-	&movdqu	($inout1,&QWP(0x10,$inp));
-	&movdqu	($inout2,&QWP(0x20,$inp));
-	&movdqu	($inout3,&QWP(0x30,$inp));
-	&movdqu	($inout4,&QWP(0x40,$inp));
-	&movdqu	($inout5,&QWP(0x50,$inp));
-	&lea	($inp,&DWP(0x60,$inp));
-	&sub	($len,0x60);
-	&jmp	(&label("ecb_enc_loop6_enter"));
-
-&set_label("ecb_enc_loop6",16);
-	&movups	(&QWP(0,$out),$inout0);
-	&movdqu	($inout0,&QWP(0,$inp));
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movdqu	($inout1,&QWP(0x10,$inp));
-	&movups	(&QWP(0x20,$out),$inout2);
-	&movdqu	($inout2,&QWP(0x20,$inp));
-	&movups	(&QWP(0x30,$out),$inout3);
-	&movdqu	($inout3,&QWP(0x30,$inp));
-	&movups	(&QWP(0x40,$out),$inout4);
-	&movdqu	($inout4,&QWP(0x40,$inp));
-	&movups	(&QWP(0x50,$out),$inout5);
-	&lea	($out,&DWP(0x60,$out));
-	&movdqu	($inout5,&QWP(0x50,$inp));
-	&lea	($inp,&DWP(0x60,$inp));
-&set_label("ecb_enc_loop6_enter");
-
-	&call	("_aesni_encrypt6");
-
-	&mov	($key,$key_);		# restore $key
-	&mov	($rounds,$rounds_);	# restore $rounds
-	&sub	($len,0x60);
-	&jnc	(&label("ecb_enc_loop6"));
-
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&movups	(&QWP(0x30,$out),$inout3);
-	&movups	(&QWP(0x40,$out),$inout4);
-	&movups	(&QWP(0x50,$out),$inout5);
-	&lea	($out,&DWP(0x60,$out));
-	&add	($len,0x60);
-	&jz	(&label("ecb_ret"));
-
-&set_label("ecb_enc_tail");
-	&movups	($inout0,&QWP(0,$inp));
-	&cmp	($len,0x20);
-	&jb	(&label("ecb_enc_one"));
-	&movups	($inout1,&QWP(0x10,$inp));
-	&je	(&label("ecb_enc_two"));
-	&movups	($inout2,&QWP(0x20,$inp));
-	&cmp	($len,0x40);
-	&jb	(&label("ecb_enc_three"));
-	&movups	($inout3,&QWP(0x30,$inp));
-	&je	(&label("ecb_enc_four"));
-	&movups	($inout4,&QWP(0x40,$inp));
-	&xorps	($inout5,$inout5);
-	&call	("_aesni_encrypt6");
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&movups	(&QWP(0x30,$out),$inout3);
-	&movups	(&QWP(0x40,$out),$inout4);
-	jmp	(&label("ecb_ret"));
-
-&set_label("ecb_enc_one",16);
-	if ($inline)
-	{   &aesni_inline_generate1("enc");	}
-	else
-	{   &call	("_aesni_encrypt1");	}
-	&movups	(&QWP(0,$out),$inout0);
-	&jmp	(&label("ecb_ret"));
-
-&set_label("ecb_enc_two",16);
-	&xorps	($inout2,$inout2);
-	&call	("_aesni_encrypt3");
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&jmp	(&label("ecb_ret"));
-
-&set_label("ecb_enc_three",16);
-	&call	("_aesni_encrypt3");
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&jmp	(&label("ecb_ret"));
-
-&set_label("ecb_enc_four",16);
-	&call	("_aesni_encrypt4");
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&movups	(&QWP(0x30,$out),$inout3);
-	&jmp	(&label("ecb_ret"));
-######################################################################
-&set_label("ecb_decrypt",16);
-	&mov	($key_,$key);		# backup $key
-	&mov	($rounds_,$rounds);	# backup $rounds
-	&cmp	($len,0x60);
-	&jb	(&label("ecb_dec_tail"));
-
-	&movdqu	($inout0,&QWP(0,$inp));
-	&movdqu	($inout1,&QWP(0x10,$inp));
-	&movdqu	($inout2,&QWP(0x20,$inp));
-	&movdqu	($inout3,&QWP(0x30,$inp));
-	&movdqu	($inout4,&QWP(0x40,$inp));
-	&movdqu	($inout5,&QWP(0x50,$inp));
-	&lea	($inp,&DWP(0x60,$inp));
-	&sub	($len,0x60);
-	&jmp	(&label("ecb_dec_loop6_enter"));
-
-&set_label("ecb_dec_loop6",16);
-	&movups	(&QWP(0,$out),$inout0);
-	&movdqu	($inout0,&QWP(0,$inp));
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movdqu	($inout1,&QWP(0x10,$inp));
-	&movups	(&QWP(0x20,$out),$inout2);
-	&movdqu	($inout2,&QWP(0x20,$inp));
-	&movups	(&QWP(0x30,$out),$inout3);
-	&movdqu	($inout3,&QWP(0x30,$inp));
-	&movups	(&QWP(0x40,$out),$inout4);
-	&movdqu	($inout4,&QWP(0x40,$inp));
-	&movups	(&QWP(0x50,$out),$inout5);
-	&lea	($out,&DWP(0x60,$out));
-	&movdqu	($inout5,&QWP(0x50,$inp));
-	&lea	($inp,&DWP(0x60,$inp));
-&set_label("ecb_dec_loop6_enter");
-
-	&call	("_aesni_decrypt6");
-
-	&mov	($key,$key_);		# restore $key
-	&mov	($rounds,$rounds_);	# restore $rounds
-	&sub	($len,0x60);
-	&jnc	(&label("ecb_dec_loop6"));
-
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&movups	(&QWP(0x30,$out),$inout3);
-	&movups	(&QWP(0x40,$out),$inout4);
-	&movups	(&QWP(0x50,$out),$inout5);
-	&lea	($out,&DWP(0x60,$out));
-	&add	($len,0x60);
-	&jz	(&label("ecb_ret"));
-
-&set_label("ecb_dec_tail");
-	&movups	($inout0,&QWP(0,$inp));
-	&cmp	($len,0x20);
-	&jb	(&label("ecb_dec_one"));
-	&movups	($inout1,&QWP(0x10,$inp));
-	&je	(&label("ecb_dec_two"));
-	&movups	($inout2,&QWP(0x20,$inp));
-	&cmp	($len,0x40);
-	&jb	(&label("ecb_dec_three"));
-	&movups	($inout3,&QWP(0x30,$inp));
-	&je	(&label("ecb_dec_four"));
-	&movups	($inout4,&QWP(0x40,$inp));
-	&xorps	($inout5,$inout5);
-	&call	("_aesni_decrypt6");
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&movups	(&QWP(0x30,$out),$inout3);
-	&movups	(&QWP(0x40,$out),$inout4);
-	&jmp	(&label("ecb_ret"));
-
-&set_label("ecb_dec_one",16);
-	if ($inline)
-	{   &aesni_inline_generate1("dec");	}
-	else
-	{   &call	("_aesni_decrypt1");	}
-	&movups	(&QWP(0,$out),$inout0);
-	&jmp	(&label("ecb_ret"));
-
-&set_label("ecb_dec_two",16);
-	&xorps	($inout2,$inout2);
-	&call	("_aesni_decrypt3");
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&jmp	(&label("ecb_ret"));
-
-&set_label("ecb_dec_three",16);
-	&call	("_aesni_decrypt3");
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&jmp	(&label("ecb_ret"));
-
-&set_label("ecb_dec_four",16);
-	&call	("_aesni_decrypt4");
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&movups	(&QWP(0x30,$out),$inout3);
-
-&set_label("ecb_ret");
-&function_end("aesni_ecb_encrypt");
-
-######################################################################
-# void aesni_ccm64_[en|de]crypt_blocks (const void *in, void *out,
-#                         size_t blocks, const AES_KEY *key,
-#                         const char *ivec,char *cmac);
-#
-# Handles only complete blocks, operates on 64-bit counter and
-# does not update *ivec! Nor does it finalize CMAC value
-# (see engine/eng_aesni.c for details)
-#
-{ my $cmac=$inout1;
-&function_begin("aesni_ccm64_encrypt_blocks");
-	&mov	($inp,&wparam(0));
-	&mov	($out,&wparam(1));
-	&mov	($len,&wparam(2));
-	&mov	($key,&wparam(3));
-	&mov	($rounds_,&wparam(4));
-	&mov	($rounds,&wparam(5));
-	&mov	($key_,"esp");
-	&sub	("esp",60);
-	&and	("esp",-16);			# align stack
-	&mov	(&DWP(48,"esp"),$key_);
-
-	&movdqu	($ivec,&QWP(0,$rounds_));	# load ivec
-	&movdqu	($cmac,&QWP(0,$rounds));	# load cmac
-	&mov	($rounds,&DWP(240,$key));
-
-	# compose byte-swap control mask for pshufb on stack
-	&mov	(&DWP(0,"esp"),0x0c0d0e0f);
-	&mov	(&DWP(4,"esp"),0x08090a0b);
-	&mov	(&DWP(8,"esp"),0x04050607);
-	&mov	(&DWP(12,"esp"),0x00010203);
-
-	# compose counter increment vector on stack
-	&mov	($rounds_,1);
-	&xor	($key_,$key_);
-	&mov	(&DWP(16,"esp"),$rounds_);
-	&mov	(&DWP(20,"esp"),$key_);
-	&mov	(&DWP(24,"esp"),$key_);
-	&mov	(&DWP(28,"esp"),$key_);
-
-	&shr	($rounds,1);
-	&lea	($key_,&DWP(0,$key));
-	&movdqa	($inout3,&QWP(0,"esp"));
-	&movdqa	($inout0,$ivec);
-	&mov	($rounds_,$rounds);
-	&pshufb	($ivec,$inout3);
-
-&set_label("ccm64_enc_outer");
-	&$movekey	($rndkey0,&QWP(0,$key_));
-	&mov		($rounds,$rounds_);
-	&movups		($in0,&QWP(0,$inp));
-
-	&xorps		($inout0,$rndkey0);
-	&$movekey	($rndkey1,&QWP(16,$key_));
-	&xorps		($rndkey0,$in0);
-	&lea		($key,&DWP(32,$key_));
-	&xorps		($cmac,$rndkey0);		# cmac^=inp
-	&$movekey	($rndkey0,&QWP(0,$key));
-
-&set_label("ccm64_enc2_loop");
-	&aesenc		($inout0,$rndkey1);
-	&dec		($rounds);
-	&aesenc		($cmac,$rndkey1);
-	&$movekey	($rndkey1,&QWP(16,$key));
-	&aesenc		($inout0,$rndkey0);
-	&lea		($key,&DWP(32,$key));
-	&aesenc		($cmac,$rndkey0);
-	&$movekey	($rndkey0,&QWP(0,$key));
-	&jnz		(&label("ccm64_enc2_loop"));
-	&aesenc		($inout0,$rndkey1);
-	&aesenc		($cmac,$rndkey1);
-	&paddq		($ivec,&QWP(16,"esp"));
-	&aesenclast	($inout0,$rndkey0);
-	&aesenclast	($cmac,$rndkey0);
-
-	&dec	($len);
-	&lea	($inp,&DWP(16,$inp));
-	&xorps	($in0,$inout0);			# inp^=E(ivec)
-	&movdqa	($inout0,$ivec);
-	&movups	(&QWP(0,$out),$in0);		# save output
-	&lea	($out,&DWP(16,$out));
-	&pshufb	($inout0,$inout3);
-	&jnz	(&label("ccm64_enc_outer"));
-
-	&mov	("esp",&DWP(48,"esp"));
-	&mov	($out,&wparam(5));
-	&movups	(&QWP(0,$out),$cmac);
-&function_end("aesni_ccm64_encrypt_blocks");
-
-&function_begin("aesni_ccm64_decrypt_blocks");
-	&mov	($inp,&wparam(0));
-	&mov	($out,&wparam(1));
-	&mov	($len,&wparam(2));
-	&mov	($key,&wparam(3));
-	&mov	($rounds_,&wparam(4));
-	&mov	($rounds,&wparam(5));
-	&mov	($key_,"esp");
-	&sub	("esp",60);
-	&and	("esp",-16);			# align stack
-	&mov	(&DWP(48,"esp"),$key_);
-
-	&movdqu	($ivec,&QWP(0,$rounds_));	# load ivec
-	&movdqu	($cmac,&QWP(0,$rounds));	# load cmac
-	&mov	($rounds,&DWP(240,$key));
-
-	# compose byte-swap control mask for pshufb on stack
-	&mov	(&DWP(0,"esp"),0x0c0d0e0f);
-	&mov	(&DWP(4,"esp"),0x08090a0b);
-	&mov	(&DWP(8,"esp"),0x04050607);
-	&mov	(&DWP(12,"esp"),0x00010203);
-
-	# compose counter increment vector on stack
-	&mov	($rounds_,1);
-	&xor	($key_,$key_);
-	&mov	(&DWP(16,"esp"),$rounds_);
-	&mov	(&DWP(20,"esp"),$key_);
-	&mov	(&DWP(24,"esp"),$key_);
-	&mov	(&DWP(28,"esp"),$key_);
-
-	&movdqa	($inout3,&QWP(0,"esp"));	# bswap mask
-	&movdqa	($inout0,$ivec);
-
-	&mov	($key_,$key);
-	&mov	($rounds_,$rounds);
-
-	&pshufb	($ivec,$inout3);
-	if ($inline)
-	{   &aesni_inline_generate1("enc");	}
-	else
-	{   &call	("_aesni_encrypt1");	}
-	&movups	($in0,&QWP(0,$inp));		# load inp
-	&paddq	($ivec,&QWP(16,"esp"));
-	&lea	($inp,&QWP(16,$inp));
-	&jmp	(&label("ccm64_dec_outer"));
-
-&set_label("ccm64_dec_outer",16);
-	&xorps	($in0,$inout0);			# inp ^= E(ivec)
-	&movdqa	($inout0,$ivec);
-	&mov	($rounds,$rounds_);
-	&movups	(&QWP(0,$out),$in0);		# save output
-	&lea	($out,&DWP(16,$out));
-	&pshufb	($inout0,$inout3);
-
-	&sub	($len,1);
-	&jz	(&label("ccm64_dec_break"));
-
-	&$movekey	($rndkey0,&QWP(0,$key_));
-	&shr		($rounds,1);
-	&$movekey	($rndkey1,&QWP(16,$key_));
-	&xorps		($in0,$rndkey0);
-	&lea		($key,&DWP(32,$key_));
-	&xorps		($inout0,$rndkey0);
-	&xorps		($cmac,$in0);		# cmac^=out
-	&$movekey	($rndkey0,&QWP(0,$key));
-
-&set_label("ccm64_dec2_loop");
-	&aesenc		($inout0,$rndkey1);
-	&dec		($rounds);
-	&aesenc		($cmac,$rndkey1);
-	&$movekey	($rndkey1,&QWP(16,$key));
-	&aesenc		($inout0,$rndkey0);
-	&lea		($key,&DWP(32,$key));
-	&aesenc		($cmac,$rndkey0);
-	&$movekey	($rndkey0,&QWP(0,$key));
-	&jnz		(&label("ccm64_dec2_loop"));
-	&movups		($in0,&QWP(0,$inp));	# load inp
-	&paddq		($ivec,&QWP(16,"esp"));
-	&aesenc		($inout0,$rndkey1);
-	&aesenc		($cmac,$rndkey1);
-	&lea		($inp,&QWP(16,$inp));
-	&aesenclast	($inout0,$rndkey0);
-	&aesenclast	($cmac,$rndkey0);
-	&jmp	(&label("ccm64_dec_outer"));
-
-&set_label("ccm64_dec_break",16);
-	&mov	($key,$key_);
-	if ($inline)
-	{   &aesni_inline_generate1("enc",$cmac,$in0);	}
-	else
-	{   &call	("_aesni_encrypt1",$cmac);	}
-
-	&mov	("esp",&DWP(48,"esp"));
-	&mov	($out,&wparam(5));
-	&movups	(&QWP(0,$out),$cmac);
-&function_end("aesni_ccm64_decrypt_blocks");
-}
-
-######################################################################
-# void aesni_ctr32_encrypt_blocks (const void *in, void *out,
-#                         size_t blocks, const AES_KEY *key,
-#                         const char *ivec);
-#
-# Handles only complete blocks, operates on 32-bit counter and
-# does not update *ivec! (see engine/eng_aesni.c for details)
-#
-# stack layout:
-#	0	pshufb mask
-#	16	vector addend: 0,6,6,6
-# 	32	counter-less ivec
-#	48	1st triplet of counter vector
-#	64	2nd triplet of counter vector
-#	80	saved %esp
-
-&function_begin("aesni_ctr32_encrypt_blocks");
-	&mov	($inp,&wparam(0));
-	&mov	($out,&wparam(1));
-	&mov	($len,&wparam(2));
-	&mov	($key,&wparam(3));
-	&mov	($rounds_,&wparam(4));
-	&mov	($key_,"esp");
-	&sub	("esp",88);
-	&and	("esp",-16);			# align stack
-	&mov	(&DWP(80,"esp"),$key_);
-
-	&cmp	($len,1);
-	&je	(&label("ctr32_one_shortcut"));
-
-	&movdqu	($inout5,&QWP(0,$rounds_));	# load ivec
-
-	# compose byte-swap control mask for pshufb on stack
-	&mov	(&DWP(0,"esp"),0x0c0d0e0f);
-	&mov	(&DWP(4,"esp"),0x08090a0b);
-	&mov	(&DWP(8,"esp"),0x04050607);
-	&mov	(&DWP(12,"esp"),0x00010203);
-
-	# compose counter increment vector on stack
-	&mov	($rounds,6);
-	&xor	($key_,$key_);
-	&mov	(&DWP(16,"esp"),$rounds);
-	&mov	(&DWP(20,"esp"),$rounds);
-	&mov	(&DWP(24,"esp"),$rounds);
-	&mov	(&DWP(28,"esp"),$key_);
-
-	&pextrd	($rounds_,$inout5,3);		# pull 32-bit counter
-	&pinsrd	($inout5,$key_,3);		# wipe 32-bit counter
-
-	&mov	($rounds,&DWP(240,$key));	# key->rounds
-
-	# compose 2 vectors of 3x32-bit counters
-	&bswap	($rounds_);
-	&pxor	($rndkey1,$rndkey1);
-	&pxor	($rndkey0,$rndkey0);
-	&movdqa	($inout0,&QWP(0,"esp"));	# load byte-swap mask
-	&pinsrd	($rndkey1,$rounds_,0);
-	&lea	($key_,&DWP(3,$rounds_));
-	&pinsrd	($rndkey0,$key_,0);
-	&inc	($rounds_);
-	&pinsrd	($rndkey1,$rounds_,1);
-	&inc	($key_);
-	&pinsrd	($rndkey0,$key_,1);
-	&inc	($rounds_);
-	&pinsrd	($rndkey1,$rounds_,2);
-	&inc	($key_);
-	&pinsrd	($rndkey0,$key_,2);
-	&movdqa	(&QWP(48,"esp"),$rndkey1);	# save 1st triplet
-	&pshufb	($rndkey1,$inout0);		# byte swap
-	&movdqa	(&QWP(64,"esp"),$rndkey0);	# save 2nd triplet
-	&pshufb	($rndkey0,$inout0);		# byte swap
-
-	&pshufd	($inout0,$rndkey1,3<<6);	# place counter to upper dword
-	&pshufd	($inout1,$rndkey1,2<<6);
-	&cmp	($len,6);
-	&jb	(&label("ctr32_tail"));
-	&movdqa	(&QWP(32,"esp"),$inout5);	# save counter-less ivec
-	&shr	($rounds,1);
-	&mov	($key_,$key);			# backup $key
-	&mov	($rounds_,$rounds);		# backup $rounds
-	&sub	($len,6);
-	&jmp	(&label("ctr32_loop6"));
-
-&set_label("ctr32_loop6",16);
-	&pshufd	($inout2,$rndkey1,1<<6);
-	&movdqa	($rndkey1,&QWP(32,"esp"));	# pull counter-less ivec
-	&pshufd	($inout3,$rndkey0,3<<6);
-	&por	($inout0,$rndkey1);		# merge counter-less ivec
-	&pshufd	($inout4,$rndkey0,2<<6);
-	&por	($inout1,$rndkey1);
-	&pshufd	($inout5,$rndkey0,1<<6);
-	&por	($inout2,$rndkey1);
-	&por	($inout3,$rndkey1);
-	&por	($inout4,$rndkey1);
-	&por	($inout5,$rndkey1);
-
-	# inlining _aesni_encrypt6's prologue gives ~4% improvement...
-	&$movekey	($rndkey0,&QWP(0,$key_));
-	&$movekey	($rndkey1,&QWP(16,$key_));
-	&lea		($key,&DWP(32,$key_));
-	&dec		($rounds);
-	&pxor		($inout0,$rndkey0);
-	&pxor		($inout1,$rndkey0);
-	&aesenc		($inout0,$rndkey1);
-	&pxor		($inout2,$rndkey0);
-	&aesenc		($inout1,$rndkey1);
-	&pxor		($inout3,$rndkey0);
-	&aesenc		($inout2,$rndkey1);
-	&pxor		($inout4,$rndkey0);
-	&aesenc		($inout3,$rndkey1);
-	&pxor		($inout5,$rndkey0);
-	&aesenc		($inout4,$rndkey1);
-	&$movekey	($rndkey0,&QWP(0,$key));
-	&aesenc		($inout5,$rndkey1);
-
-	&call		(&label("_aesni_encrypt6_enter"));
-
-	&movups	($rndkey1,&QWP(0,$inp));
-	&movups	($rndkey0,&QWP(0x10,$inp));
-	&xorps	($inout0,$rndkey1);
-	&movups	($rndkey1,&QWP(0x20,$inp));
-	&xorps	($inout1,$rndkey0);
-	&movups	(&QWP(0,$out),$inout0);
-	&movdqa	($rndkey0,&QWP(16,"esp"));	# load increment
-	&xorps	($inout2,$rndkey1);
-	&movdqa	($rndkey1,&QWP(48,"esp"));	# load 1st triplet
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movups	(&QWP(0x20,$out),$inout2);
-
-	&paddd	($rndkey1,$rndkey0);		# 1st triplet increment
-	&paddd	($rndkey0,&QWP(64,"esp"));	# 2nd triplet increment
-	&movdqa	($inout0,&QWP(0,"esp"));	# load byte swap mask
-
-	&movups	($inout1,&QWP(0x30,$inp));
-	&movups	($inout2,&QWP(0x40,$inp));
-	&xorps	($inout3,$inout1);
-	&movups	($inout1,&QWP(0x50,$inp));
-	&lea	($inp,&DWP(0x60,$inp));
-	&movdqa	(&QWP(48,"esp"),$rndkey1);	# save 1st triplet
-	&pshufb	($rndkey1,$inout0);		# byte swap
-	&xorps	($inout4,$inout2);
-	&movups	(&QWP(0x30,$out),$inout3);
-	&xorps	($inout5,$inout1);
-	&movdqa	(&QWP(64,"esp"),$rndkey0);	# save 2nd triplet
-	&pshufb	($rndkey0,$inout0);		# byte swap
-	&movups	(&QWP(0x40,$out),$inout4);
-	&pshufd	($inout0,$rndkey1,3<<6);
-	&movups	(&QWP(0x50,$out),$inout5);
-	&lea	($out,&DWP(0x60,$out));
-
-	&mov	($rounds,$rounds_);
-	&pshufd	($inout1,$rndkey1,2<<6);
-	&sub	($len,6);
-	&jnc	(&label("ctr32_loop6"));
-
-	&add	($len,6);
-	&jz	(&label("ctr32_ret"));
-	&mov	($key,$key_);
-	&lea	($rounds,&DWP(1,"",$rounds,2));	# restore $rounds
-	&movdqa	($inout5,&QWP(32,"esp"));	# pull count-less ivec
-
-&set_label("ctr32_tail");
-	&por	($inout0,$inout5);
-	&cmp	($len,2);
-	&jb	(&label("ctr32_one"));
-
-	&pshufd	($inout2,$rndkey1,1<<6);
-	&por	($inout1,$inout5);
-	&je	(&label("ctr32_two"));
-
-	&pshufd	($inout3,$rndkey0,3<<6);
-	&por	($inout2,$inout5);
-	&cmp	($len,4);
-	&jb	(&label("ctr32_three"));
-
-	&pshufd	($inout4,$rndkey0,2<<6);
-	&por	($inout3,$inout5);
-	&je	(&label("ctr32_four"));
-
-	&por	($inout4,$inout5);
-	&call	("_aesni_encrypt6");
-	&movups	($rndkey1,&QWP(0,$inp));
-	&movups	($rndkey0,&QWP(0x10,$inp));
-	&xorps	($inout0,$rndkey1);
-	&movups	($rndkey1,&QWP(0x20,$inp));
-	&xorps	($inout1,$rndkey0);
-	&movups	($rndkey0,&QWP(0x30,$inp));
-	&xorps	($inout2,$rndkey1);
-	&movups	($rndkey1,&QWP(0x40,$inp));
-	&xorps	($inout3,$rndkey0);
-	&movups	(&QWP(0,$out),$inout0);
-	&xorps	($inout4,$rndkey1);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&movups	(&QWP(0x30,$out),$inout3);
-	&movups	(&QWP(0x40,$out),$inout4);
-	&jmp	(&label("ctr32_ret"));
-
-&set_label("ctr32_one_shortcut",16);
-	&movups	($inout0,&QWP(0,$rounds_));	# load ivec
-	&mov	($rounds,&DWP(240,$key));
-	
-&set_label("ctr32_one");
-	if ($inline)
-	{   &aesni_inline_generate1("enc");	}
-	else
-	{   &call	("_aesni_encrypt1");	}
-	&movups	($in0,&QWP(0,$inp));
-	&xorps	($in0,$inout0);
-	&movups	(&QWP(0,$out),$in0);
-	&jmp	(&label("ctr32_ret"));
-
-&set_label("ctr32_two",16);
-	&call	("_aesni_encrypt3");
-	&movups	($inout3,&QWP(0,$inp));
-	&movups	($inout4,&QWP(0x10,$inp));
-	&xorps	($inout0,$inout3);
-	&xorps	($inout1,$inout4);
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&jmp	(&label("ctr32_ret"));
-
-&set_label("ctr32_three",16);
-	&call	("_aesni_encrypt3");
-	&movups	($inout3,&QWP(0,$inp));
-	&movups	($inout4,&QWP(0x10,$inp));
-	&xorps	($inout0,$inout3);
-	&movups	($inout5,&QWP(0x20,$inp));
-	&xorps	($inout1,$inout4);
-	&movups	(&QWP(0,$out),$inout0);
-	&xorps	($inout2,$inout5);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&jmp	(&label("ctr32_ret"));
-
-&set_label("ctr32_four",16);
-	&call	("_aesni_encrypt4");
-	&movups	($inout4,&QWP(0,$inp));
-	&movups	($inout5,&QWP(0x10,$inp));
-	&movups	($rndkey1,&QWP(0x20,$inp));
-	&xorps	($inout0,$inout4);
-	&movups	($rndkey0,&QWP(0x30,$inp));
-	&xorps	($inout1,$inout5);
-	&movups	(&QWP(0,$out),$inout0);
-	&xorps	($inout2,$rndkey1);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&xorps	($inout3,$rndkey0);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&movups	(&QWP(0x30,$out),$inout3);
-
-&set_label("ctr32_ret");
-	&mov	("esp",&DWP(80,"esp"));
-&function_end("aesni_ctr32_encrypt_blocks");
-
-######################################################################
-# void aesni_xts_[en|de]crypt(const char *inp,char *out,size_t len,
-#	const AES_KEY *key1, const AES_KEY *key2
-#	const unsigned char iv[16]);
-#
-{ my ($tweak,$twtmp,$twres,$twmask)=($rndkey1,$rndkey0,$inout0,$inout1);
-
-&function_begin("aesni_xts_encrypt");
-	&mov	($key,&wparam(4));		# key2
-	&mov	($inp,&wparam(5));		# clear-text tweak
-
-	&mov	($rounds,&DWP(240,$key));	# key2->rounds
-	&movups	($inout0,&QWP(0,$inp));
-	if ($inline)
-	{   &aesni_inline_generate1("enc");	}
-	else
-	{   &call	("_aesni_encrypt1");	}
-
-	&mov	($inp,&wparam(0));
-	&mov	($out,&wparam(1));
-	&mov	($len,&wparam(2));
-	&mov	($key,&wparam(3));		# key1
-
-	&mov	($key_,"esp");
-	&sub	("esp",16*7+8);
-	&mov	($rounds,&DWP(240,$key));	# key1->rounds
-	&and	("esp",-16);			# align stack
-
-	&mov	(&DWP(16*6+0,"esp"),0x87);	# compose the magic constant
-	&mov	(&DWP(16*6+4,"esp"),0);
-	&mov	(&DWP(16*6+8,"esp"),1);
-	&mov	(&DWP(16*6+12,"esp"),0);
-	&mov	(&DWP(16*7+0,"esp"),$len);	# save original $len
-	&mov	(&DWP(16*7+4,"esp"),$key_);	# save original %esp
-
-	&movdqa	($tweak,$inout0);
-	&pxor	($twtmp,$twtmp);
-	&movdqa	($twmask,&QWP(6*16,"esp"));	# 0x0...010...87
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-
-	&and	($len,-16);
-	&mov	($key_,$key);			# backup $key
-	&mov	($rounds_,$rounds);		# backup $rounds
-	&sub	($len,16*6);
-	&jc	(&label("xts_enc_short"));
-
-	&shr	($rounds,1);
-	&mov	($rounds_,$rounds);
-	&jmp	(&label("xts_enc_loop6"));
-
-&set_label("xts_enc_loop6",16);
-	for ($i=0;$i<4;$i++) {
-	    &pshufd	($twres,$twtmp,0x13);
-	    &pxor	($twtmp,$twtmp);
-	    &movdqa	(&QWP(16*$i,"esp"),$tweak);
-	    &paddq	($tweak,$tweak);	# &psllq($tweak,1);
-	    &pand	($twres,$twmask);	# isolate carry and residue
-	    &pcmpgtd	($twtmp,$tweak);	# broadcast upper bits
-	    &pxor	($tweak,$twres);
-	}
-	&pshufd	($inout5,$twtmp,0x13);
-	&movdqa	(&QWP(16*$i++,"esp"),$tweak);
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	 &$movekey	($rndkey0,&QWP(0,$key_));
-	&pand	($inout5,$twmask);		# isolate carry and residue
-	 &movups	($inout0,&QWP(0,$inp));	# load input
-	&pxor	($inout5,$tweak);
-
-	# inline _aesni_encrypt6 prologue and flip xor with tweak and key[0]
-	&movdqu	($inout1,&QWP(16*1,$inp));
-	 &xorps		($inout0,$rndkey0);	# input^=rndkey[0]
-	&movdqu	($inout2,&QWP(16*2,$inp));
-	 &pxor		($inout1,$rndkey0);
-	&movdqu	($inout3,&QWP(16*3,$inp));
-	 &pxor		($inout2,$rndkey0);
-	&movdqu	($inout4,&QWP(16*4,$inp));
-	 &pxor		($inout3,$rndkey0);
-	&movdqu	($rndkey1,&QWP(16*5,$inp));
-	 &pxor		($inout4,$rndkey0);
-	&lea	($inp,&DWP(16*6,$inp));
-	&pxor	($inout0,&QWP(16*0,"esp"));	# input^=tweak
-	&movdqa	(&QWP(16*$i,"esp"),$inout5);	# save last tweak
-	&pxor	($inout5,$rndkey1);
-
-	 &$movekey	($rndkey1,&QWP(16,$key_));
-	 &lea		($key,&DWP(32,$key_));
-	&pxor	($inout1,&QWP(16*1,"esp"));
-	 &aesenc	($inout0,$rndkey1);
-	&pxor	($inout2,&QWP(16*2,"esp"));
-	 &aesenc	($inout1,$rndkey1);
-	&pxor	($inout3,&QWP(16*3,"esp"));
-	 &dec		($rounds);
-	 &aesenc	($inout2,$rndkey1);
-	&pxor	($inout4,&QWP(16*4,"esp"));
-	 &aesenc	($inout3,$rndkey1);
-	&pxor		($inout5,$rndkey0);
-	 &aesenc	($inout4,$rndkey1);
-	 &$movekey	($rndkey0,&QWP(0,$key));
-	 &aesenc	($inout5,$rndkey1);
-	&call		(&label("_aesni_encrypt6_enter"));
-
-	&movdqa	($tweak,&QWP(16*5,"esp"));	# last tweak
-       &pxor	($twtmp,$twtmp);
-	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
-       &pcmpgtd	($twtmp,$tweak);		# broadcast upper bits
-	&xorps	($inout1,&QWP(16*1,"esp"));
-	&movups	(&QWP(16*0,$out),$inout0);	# write output
-	&xorps	($inout2,&QWP(16*2,"esp"));
-	&movups	(&QWP(16*1,$out),$inout1);
-	&xorps	($inout3,&QWP(16*3,"esp"));
-	&movups	(&QWP(16*2,$out),$inout2);
-	&xorps	($inout4,&QWP(16*4,"esp"));
-	&movups	(&QWP(16*3,$out),$inout3);
-	&xorps	($inout5,$tweak);
-	&movups	(&QWP(16*4,$out),$inout4);
-       &pshufd	($twres,$twtmp,0x13);
-	&movups	(&QWP(16*5,$out),$inout5);
-	&lea	($out,&DWP(16*6,$out));
-       &movdqa	($twmask,&QWP(16*6,"esp"));	# 0x0...010...87
-
-	&pxor	($twtmp,$twtmp);
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	&pand	($twres,$twmask);		# isolate carry and residue
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-	&mov	($rounds,$rounds_);		# restore $rounds
-	&pxor	($tweak,$twres);
-
-	&sub	($len,16*6);
-	&jnc	(&label("xts_enc_loop6"));
-
-	&lea	($rounds,&DWP(1,"",$rounds,2));	# restore $rounds
-	&mov	($key,$key_);			# restore $key
-	&mov	($rounds_,$rounds);
-
-&set_label("xts_enc_short");
-	&add	($len,16*6);
-	&jz	(&label("xts_enc_done6x"));
-
-	&movdqa	($inout3,$tweak);		# put aside previous tweak
-	&cmp	($len,0x20);
-	&jb	(&label("xts_enc_one"));
-
-	&pshufd	($twres,$twtmp,0x13);
-	&pxor	($twtmp,$twtmp);
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	&pand	($twres,$twmask);		# isolate carry and residue
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-	&pxor	($tweak,$twres);
-	&je	(&label("xts_enc_two"));
-
-	&pshufd	($twres,$twtmp,0x13);
-	&pxor	($twtmp,$twtmp);
-	&movdqa	($inout4,$tweak);		# put aside previous tweak
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	&pand	($twres,$twmask);		# isolate carry and residue
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-	&pxor	($tweak,$twres);
-	&cmp	($len,0x40);
-	&jb	(&label("xts_enc_three"));
-
-	&pshufd	($twres,$twtmp,0x13);
-	&pxor	($twtmp,$twtmp);
-	&movdqa	($inout5,$tweak);		# put aside previous tweak
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	&pand	($twres,$twmask);		# isolate carry and residue
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-	&pxor	($tweak,$twres);
-	&movdqa	(&QWP(16*0,"esp"),$inout3);
-	&movdqa	(&QWP(16*1,"esp"),$inout4);
-	&je	(&label("xts_enc_four"));
-
-	&movdqa	(&QWP(16*2,"esp"),$inout5);
-	&pshufd	($inout5,$twtmp,0x13);
-	&movdqa	(&QWP(16*3,"esp"),$tweak);
-	&paddq	($tweak,$tweak);		# &psllq($inout0,1);
-	&pand	($inout5,$twmask);		# isolate carry and residue
-	&pxor	($inout5,$tweak);
-
-	&movdqu	($inout0,&QWP(16*0,$inp));	# load input
-	&movdqu	($inout1,&QWP(16*1,$inp));
-	&movdqu	($inout2,&QWP(16*2,$inp));
-	&pxor	($inout0,&QWP(16*0,"esp"));	# input^=tweak
-	&movdqu	($inout3,&QWP(16*3,$inp));
-	&pxor	($inout1,&QWP(16*1,"esp"));
-	&movdqu	($inout4,&QWP(16*4,$inp));
-	&pxor	($inout2,&QWP(16*2,"esp"));
-	&lea	($inp,&DWP(16*5,$inp));
-	&pxor	($inout3,&QWP(16*3,"esp"));
-	&movdqa	(&QWP(16*4,"esp"),$inout5);	# save last tweak
-	&pxor	($inout4,$inout5);
-
-	&call	("_aesni_encrypt6");
-
-	&movaps	($tweak,&QWP(16*4,"esp"));	# last tweak
-	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
-	&xorps	($inout1,&QWP(16*1,"esp"));
-	&xorps	($inout2,&QWP(16*2,"esp"));
-	&movups	(&QWP(16*0,$out),$inout0);	# write output
-	&xorps	($inout3,&QWP(16*3,"esp"));
-	&movups	(&QWP(16*1,$out),$inout1);
-	&xorps	($inout4,$tweak);
-	&movups	(&QWP(16*2,$out),$inout2);
-	&movups	(&QWP(16*3,$out),$inout3);
-	&movups	(&QWP(16*4,$out),$inout4);
-	&lea	($out,&DWP(16*5,$out));
-	&jmp	(&label("xts_enc_done"));
-
-&set_label("xts_enc_one",16);
-	&movups	($inout0,&QWP(16*0,$inp));	# load input
-	&lea	($inp,&DWP(16*1,$inp));
-	&xorps	($inout0,$inout3);		# input^=tweak
-	if ($inline)
-	{   &aesni_inline_generate1("enc");	}
-	else
-	{   &call	("_aesni_encrypt1");	}
-	&xorps	($inout0,$inout3);		# output^=tweak
-	&movups	(&QWP(16*0,$out),$inout0);	# write output
-	&lea	($out,&DWP(16*1,$out));
-
-	&movdqa	($tweak,$inout3);		# last tweak
-	&jmp	(&label("xts_enc_done"));
-
-&set_label("xts_enc_two",16);
-	&movaps	($inout4,$tweak);		# put aside last tweak
-
-	&movups	($inout0,&QWP(16*0,$inp));	# load input
-	&movups	($inout1,&QWP(16*1,$inp));
-	&lea	($inp,&DWP(16*2,$inp));
-	&xorps	($inout0,$inout3);		# input^=tweak
-	&xorps	($inout1,$inout4);
-	&xorps	($inout2,$inout2);
-
-	&call	("_aesni_encrypt3");
-
-	&xorps	($inout0,$inout3);		# output^=tweak
-	&xorps	($inout1,$inout4);
-	&movups	(&QWP(16*0,$out),$inout0);	# write output
-	&movups	(&QWP(16*1,$out),$inout1);
-	&lea	($out,&DWP(16*2,$out));
-
-	&movdqa	($tweak,$inout4);		# last tweak
-	&jmp	(&label("xts_enc_done"));
-
-&set_label("xts_enc_three",16);
-	&movaps	($inout5,$tweak);		# put aside last tweak
-	&movups	($inout0,&QWP(16*0,$inp));	# load input
-	&movups	($inout1,&QWP(16*1,$inp));
-	&movups	($inout2,&QWP(16*2,$inp));
-	&lea	($inp,&DWP(16*3,$inp));
-	&xorps	($inout0,$inout3);		# input^=tweak
-	&xorps	($inout1,$inout4);
-	&xorps	($inout2,$inout5);
-
-	&call	("_aesni_encrypt3");
-
-	&xorps	($inout0,$inout3);		# output^=tweak
-	&xorps	($inout1,$inout4);
-	&xorps	($inout2,$inout5);
-	&movups	(&QWP(16*0,$out),$inout0);	# write output
-	&movups	(&QWP(16*1,$out),$inout1);
-	&movups	(&QWP(16*2,$out),$inout2);
-	&lea	($out,&DWP(16*3,$out));
-
-	&movdqa	($tweak,$inout5);		# last tweak
-	&jmp	(&label("xts_enc_done"));
-
-&set_label("xts_enc_four",16);
-	&movaps	($inout4,$tweak);		# put aside last tweak
-
-	&movups	($inout0,&QWP(16*0,$inp));	# load input
-	&movups	($inout1,&QWP(16*1,$inp));
-	&movups	($inout2,&QWP(16*2,$inp));
-	&xorps	($inout0,&QWP(16*0,"esp"));	# input^=tweak
-	&movups	($inout3,&QWP(16*3,$inp));
-	&lea	($inp,&DWP(16*4,$inp));
-	&xorps	($inout1,&QWP(16*1,"esp"));
-	&xorps	($inout2,$inout5);
-	&xorps	($inout3,$inout4);
-
-	&call	("_aesni_encrypt4");
-
-	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
-	&xorps	($inout1,&QWP(16*1,"esp"));
-	&xorps	($inout2,$inout5);
-	&movups	(&QWP(16*0,$out),$inout0);	# write output
-	&xorps	($inout3,$inout4);
-	&movups	(&QWP(16*1,$out),$inout1);
-	&movups	(&QWP(16*2,$out),$inout2);
-	&movups	(&QWP(16*3,$out),$inout3);
-	&lea	($out,&DWP(16*4,$out));
-
-	&movdqa	($tweak,$inout4);		# last tweak
-	&jmp	(&label("xts_enc_done"));
-
-&set_label("xts_enc_done6x",16);		# $tweak is pre-calculated
-	&mov	($len,&DWP(16*7+0,"esp"));	# restore original $len
-	&and	($len,15);
-	&jz	(&label("xts_enc_ret"));
-	&movdqa	($inout3,$tweak);
-	&mov	(&DWP(16*7+0,"esp"),$len);	# save $len%16
-	&jmp	(&label("xts_enc_steal"));
-
-&set_label("xts_enc_done",16);
-	&mov	($len,&DWP(16*7+0,"esp"));	# restore original $len
-	&pxor	($twtmp,$twtmp);
-	&and	($len,15);
-	&jz	(&label("xts_enc_ret"));
-
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-	&mov	(&DWP(16*7+0,"esp"),$len);	# save $len%16
-	&pshufd	($inout3,$twtmp,0x13);
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	&pand	($inout3,&QWP(16*6,"esp"));	# isolate carry and residue
-	&pxor	($inout3,$tweak);
-
-&set_label("xts_enc_steal");
-	&movz	($rounds,&BP(0,$inp));
-	&movz	($key,&BP(-16,$out));
-	&lea	($inp,&DWP(1,$inp));
-	&mov	(&BP(-16,$out),&LB($rounds));
-	&mov	(&BP(0,$out),&LB($key));
-	&lea	($out,&DWP(1,$out));
-	&sub	($len,1);
-	&jnz	(&label("xts_enc_steal"));
-
-	&sub	($out,&DWP(16*7+0,"esp"));	# rewind $out
-	&mov	($key,$key_);			# restore $key
-	&mov	($rounds,$rounds_);		# restore $rounds
-
-	&movups	($inout0,&QWP(-16,$out));	# load input
-	&xorps	($inout0,$inout3);		# input^=tweak
-	if ($inline)
-	{   &aesni_inline_generate1("enc");	}
-	else
-	{   &call	("_aesni_encrypt1");	}
-	&xorps	($inout0,$inout3);		# output^=tweak
-	&movups	(&QWP(-16,$out),$inout0);	# write output
-
-&set_label("xts_enc_ret");
-	&mov	("esp",&DWP(16*7+4,"esp"));	# restore %esp
-&function_end("aesni_xts_encrypt");
-
-&function_begin("aesni_xts_decrypt");
-	&mov	($key,&wparam(4));		# key2
-	&mov	($inp,&wparam(5));		# clear-text tweak
-
-	&mov	($rounds,&DWP(240,$key));	# key2->rounds
-	&movups	($inout0,&QWP(0,$inp));
-	if ($inline)
-	{   &aesni_inline_generate1("enc");	}
-	else
-	{   &call	("_aesni_encrypt1");	}
-
-	&mov	($inp,&wparam(0));
-	&mov	($out,&wparam(1));
-	&mov	($len,&wparam(2));
-	&mov	($key,&wparam(3));		# key1
-
-	&mov	($key_,"esp");
-	&sub	("esp",16*7+8);
-	&and	("esp",-16);			# align stack
-
-	&xor	($rounds_,$rounds_);		# if(len%16) len-=16;
-	&test	($len,15);
-	&setnz	(&LB($rounds_));
-	&shl	($rounds_,4);
-	&sub	($len,$rounds_);
-
-	&mov	(&DWP(16*6+0,"esp"),0x87);	# compose the magic constant
-	&mov	(&DWP(16*6+4,"esp"),0);
-	&mov	(&DWP(16*6+8,"esp"),1);
-	&mov	(&DWP(16*6+12,"esp"),0);
-	&mov	(&DWP(16*7+0,"esp"),$len);	# save original $len
-	&mov	(&DWP(16*7+4,"esp"),$key_);	# save original %esp
-
-	&mov	($rounds,&DWP(240,$key));	# key1->rounds
-	&mov	($key_,$key);			# backup $key
-	&mov	($rounds_,$rounds);		# backup $rounds
-
-	&movdqa	($tweak,$inout0);
-	&pxor	($twtmp,$twtmp);
-	&movdqa	($twmask,&QWP(6*16,"esp"));	# 0x0...010...87
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-
-	&and	($len,-16);
-	&sub	($len,16*6);
-	&jc	(&label("xts_dec_short"));
-
-	&shr	($rounds,1);
-	&mov	($rounds_,$rounds);
-	&jmp	(&label("xts_dec_loop6"));
-
-&set_label("xts_dec_loop6",16);
-	for ($i=0;$i<4;$i++) {
-	    &pshufd	($twres,$twtmp,0x13);
-	    &pxor	($twtmp,$twtmp);
-	    &movdqa	(&QWP(16*$i,"esp"),$tweak);
-	    &paddq	($tweak,$tweak);	# &psllq($tweak,1);
-	    &pand	($twres,$twmask);	# isolate carry and residue
-	    &pcmpgtd	($twtmp,$tweak);	# broadcast upper bits
-	    &pxor	($tweak,$twres);
-	}
-	&pshufd	($inout5,$twtmp,0x13);
-	&movdqa	(&QWP(16*$i++,"esp"),$tweak);
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	 &$movekey	($rndkey0,&QWP(0,$key_));
-	&pand	($inout5,$twmask);		# isolate carry and residue
-	 &movups	($inout0,&QWP(0,$inp));	# load input
-	&pxor	($inout5,$tweak);
-
-	# inline _aesni_encrypt6 prologue and flip xor with tweak and key[0]
-	&movdqu	($inout1,&QWP(16*1,$inp));
-	 &xorps		($inout0,$rndkey0);	# input^=rndkey[0]
-	&movdqu	($inout2,&QWP(16*2,$inp));
-	 &pxor		($inout1,$rndkey0);
-	&movdqu	($inout3,&QWP(16*3,$inp));
-	 &pxor		($inout2,$rndkey0);
-	&movdqu	($inout4,&QWP(16*4,$inp));
-	 &pxor		($inout3,$rndkey0);
-	&movdqu	($rndkey1,&QWP(16*5,$inp));
-	 &pxor		($inout4,$rndkey0);
-	&lea	($inp,&DWP(16*6,$inp));
-	&pxor	($inout0,&QWP(16*0,"esp"));	# input^=tweak
-	&movdqa	(&QWP(16*$i,"esp"),$inout5);	# save last tweak
-	&pxor	($inout5,$rndkey1);
-
-	 &$movekey	($rndkey1,&QWP(16,$key_));
-	 &lea		($key,&DWP(32,$key_));
-	&pxor	($inout1,&QWP(16*1,"esp"));
-	 &aesdec	($inout0,$rndkey1);
-	&pxor	($inout2,&QWP(16*2,"esp"));
-	 &aesdec	($inout1,$rndkey1);
-	&pxor	($inout3,&QWP(16*3,"esp"));
-	 &dec		($rounds);
-	 &aesdec	($inout2,$rndkey1);
-	&pxor	($inout4,&QWP(16*4,"esp"));
-	 &aesdec	($inout3,$rndkey1);
-	&pxor		($inout5,$rndkey0);
-	 &aesdec	($inout4,$rndkey1);
-	 &$movekey	($rndkey0,&QWP(0,$key));
-	 &aesdec	($inout5,$rndkey1);
-	&call		(&label("_aesni_decrypt6_enter"));
-
-	&movdqa	($tweak,&QWP(16*5,"esp"));	# last tweak
-       &pxor	($twtmp,$twtmp);
-	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
-       &pcmpgtd	($twtmp,$tweak);		# broadcast upper bits
-	&xorps	($inout1,&QWP(16*1,"esp"));
-	&movups	(&QWP(16*0,$out),$inout0);	# write output
-	&xorps	($inout2,&QWP(16*2,"esp"));
-	&movups	(&QWP(16*1,$out),$inout1);
-	&xorps	($inout3,&QWP(16*3,"esp"));
-	&movups	(&QWP(16*2,$out),$inout2);
-	&xorps	($inout4,&QWP(16*4,"esp"));
-	&movups	(&QWP(16*3,$out),$inout3);
-	&xorps	($inout5,$tweak);
-	&movups	(&QWP(16*4,$out),$inout4);
-       &pshufd	($twres,$twtmp,0x13);
-	&movups	(&QWP(16*5,$out),$inout5);
-	&lea	($out,&DWP(16*6,$out));
-       &movdqa	($twmask,&QWP(16*6,"esp"));	# 0x0...010...87
-
-	&pxor	($twtmp,$twtmp);
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	&pand	($twres,$twmask);		# isolate carry and residue
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-	&mov	($rounds,$rounds_);		# restore $rounds
-	&pxor	($tweak,$twres);
-
-	&sub	($len,16*6);
-	&jnc	(&label("xts_dec_loop6"));
-
-	&lea	($rounds,&DWP(1,"",$rounds,2));	# restore $rounds
-	&mov	($key,$key_);			# restore $key
-	&mov	($rounds_,$rounds);
-
-&set_label("xts_dec_short");
-	&add	($len,16*6);
-	&jz	(&label("xts_dec_done6x"));
-
-	&movdqa	($inout3,$tweak);		# put aside previous tweak
-	&cmp	($len,0x20);
-	&jb	(&label("xts_dec_one"));
-
-	&pshufd	($twres,$twtmp,0x13);
-	&pxor	($twtmp,$twtmp);
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	&pand	($twres,$twmask);		# isolate carry and residue
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-	&pxor	($tweak,$twres);
-	&je	(&label("xts_dec_two"));
-
-	&pshufd	($twres,$twtmp,0x13);
-	&pxor	($twtmp,$twtmp);
-	&movdqa	($inout4,$tweak);		# put aside previous tweak
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	&pand	($twres,$twmask);		# isolate carry and residue
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-	&pxor	($tweak,$twres);
-	&cmp	($len,0x40);
-	&jb	(&label("xts_dec_three"));
-
-	&pshufd	($twres,$twtmp,0x13);
-	&pxor	($twtmp,$twtmp);
-	&movdqa	($inout5,$tweak);		# put aside previous tweak
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	&pand	($twres,$twmask);		# isolate carry and residue
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-	&pxor	($tweak,$twres);
-	&movdqa	(&QWP(16*0,"esp"),$inout3);
-	&movdqa	(&QWP(16*1,"esp"),$inout4);
-	&je	(&label("xts_dec_four"));
-
-	&movdqa	(&QWP(16*2,"esp"),$inout5);
-	&pshufd	($inout5,$twtmp,0x13);
-	&movdqa	(&QWP(16*3,"esp"),$tweak);
-	&paddq	($tweak,$tweak);		# &psllq($inout0,1);
-	&pand	($inout5,$twmask);		# isolate carry and residue
-	&pxor	($inout5,$tweak);
-
-	&movdqu	($inout0,&QWP(16*0,$inp));	# load input
-	&movdqu	($inout1,&QWP(16*1,$inp));
-	&movdqu	($inout2,&QWP(16*2,$inp));
-	&pxor	($inout0,&QWP(16*0,"esp"));	# input^=tweak
-	&movdqu	($inout3,&QWP(16*3,$inp));
-	&pxor	($inout1,&QWP(16*1,"esp"));
-	&movdqu	($inout4,&QWP(16*4,$inp));
-	&pxor	($inout2,&QWP(16*2,"esp"));
-	&lea	($inp,&DWP(16*5,$inp));
-	&pxor	($inout3,&QWP(16*3,"esp"));
-	&movdqa	(&QWP(16*4,"esp"),$inout5);	# save last tweak
-	&pxor	($inout4,$inout5);
-
-	&call	("_aesni_decrypt6");
-
-	&movaps	($tweak,&QWP(16*4,"esp"));	# last tweak
-	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
-	&xorps	($inout1,&QWP(16*1,"esp"));
-	&xorps	($inout2,&QWP(16*2,"esp"));
-	&movups	(&QWP(16*0,$out),$inout0);	# write output
-	&xorps	($inout3,&QWP(16*3,"esp"));
-	&movups	(&QWP(16*1,$out),$inout1);
-	&xorps	($inout4,$tweak);
-	&movups	(&QWP(16*2,$out),$inout2);
-	&movups	(&QWP(16*3,$out),$inout3);
-	&movups	(&QWP(16*4,$out),$inout4);
-	&lea	($out,&DWP(16*5,$out));
-	&jmp	(&label("xts_dec_done"));
-
-&set_label("xts_dec_one",16);
-	&movups	($inout0,&QWP(16*0,$inp));	# load input
-	&lea	($inp,&DWP(16*1,$inp));
-	&xorps	($inout0,$inout3);		# input^=tweak
-	if ($inline)
-	{   &aesni_inline_generate1("dec");	}
-	else
-	{   &call	("_aesni_decrypt1");	}
-	&xorps	($inout0,$inout3);		# output^=tweak
-	&movups	(&QWP(16*0,$out),$inout0);	# write output
-	&lea	($out,&DWP(16*1,$out));
-
-	&movdqa	($tweak,$inout3);		# last tweak
-	&jmp	(&label("xts_dec_done"));
-
-&set_label("xts_dec_two",16);
-	&movaps	($inout4,$tweak);		# put aside last tweak
-
-	&movups	($inout0,&QWP(16*0,$inp));	# load input
-	&movups	($inout1,&QWP(16*1,$inp));
-	&lea	($inp,&DWP(16*2,$inp));
-	&xorps	($inout0,$inout3);		# input^=tweak
-	&xorps	($inout1,$inout4);
-
-	&call	("_aesni_decrypt3");
-
-	&xorps	($inout0,$inout3);		# output^=tweak
-	&xorps	($inout1,$inout4);
-	&movups	(&QWP(16*0,$out),$inout0);	# write output
-	&movups	(&QWP(16*1,$out),$inout1);
-	&lea	($out,&DWP(16*2,$out));
-
-	&movdqa	($tweak,$inout4);		# last tweak
-	&jmp	(&label("xts_dec_done"));
-
-&set_label("xts_dec_three",16);
-	&movaps	($inout5,$tweak);		# put aside last tweak
-	&movups	($inout0,&QWP(16*0,$inp));	# load input
-	&movups	($inout1,&QWP(16*1,$inp));
-	&movups	($inout2,&QWP(16*2,$inp));
-	&lea	($inp,&DWP(16*3,$inp));
-	&xorps	($inout0,$inout3);		# input^=tweak
-	&xorps	($inout1,$inout4);
-	&xorps	($inout2,$inout5);
-
-	&call	("_aesni_decrypt3");
-
-	&xorps	($inout0,$inout3);		# output^=tweak
-	&xorps	($inout1,$inout4);
-	&xorps	($inout2,$inout5);
-	&movups	(&QWP(16*0,$out),$inout0);	# write output
-	&movups	(&QWP(16*1,$out),$inout1);
-	&movups	(&QWP(16*2,$out),$inout2);
-	&lea	($out,&DWP(16*3,$out));
-
-	&movdqa	($tweak,$inout5);		# last tweak
-	&jmp	(&label("xts_dec_done"));
-
-&set_label("xts_dec_four",16);
-	&movaps	($inout4,$tweak);		# put aside last tweak
-
-	&movups	($inout0,&QWP(16*0,$inp));	# load input
-	&movups	($inout1,&QWP(16*1,$inp));
-	&movups	($inout2,&QWP(16*2,$inp));
-	&xorps	($inout0,&QWP(16*0,"esp"));	# input^=tweak
-	&movups	($inout3,&QWP(16*3,$inp));
-	&lea	($inp,&DWP(16*4,$inp));
-	&xorps	($inout1,&QWP(16*1,"esp"));
-	&xorps	($inout2,$inout5);
-	&xorps	($inout3,$inout4);
-
-	&call	("_aesni_decrypt4");
-
-	&xorps	($inout0,&QWP(16*0,"esp"));	# output^=tweak
-	&xorps	($inout1,&QWP(16*1,"esp"));
-	&xorps	($inout2,$inout5);
-	&movups	(&QWP(16*0,$out),$inout0);	# write output
-	&xorps	($inout3,$inout4);
-	&movups	(&QWP(16*1,$out),$inout1);
-	&movups	(&QWP(16*2,$out),$inout2);
-	&movups	(&QWP(16*3,$out),$inout3);
-	&lea	($out,&DWP(16*4,$out));
-
-	&movdqa	($tweak,$inout4);		# last tweak
-	&jmp	(&label("xts_dec_done"));
-
-&set_label("xts_dec_done6x",16);		# $tweak is pre-calculated
-	&mov	($len,&DWP(16*7+0,"esp"));	# restore original $len
-	&and	($len,15);
-	&jz	(&label("xts_dec_ret"));
-	&mov	(&DWP(16*7+0,"esp"),$len);	# save $len%16
-	&jmp	(&label("xts_dec_only_one_more"));
-
-&set_label("xts_dec_done",16);
-	&mov	($len,&DWP(16*7+0,"esp"));	# restore original $len
-	&pxor	($twtmp,$twtmp);
-	&and	($len,15);
-	&jz	(&label("xts_dec_ret"));
-
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-	&mov	(&DWP(16*7+0,"esp"),$len);	# save $len%16
-	&pshufd	($twres,$twtmp,0x13);
-	&pxor	($twtmp,$twtmp);
-	&movdqa	($twmask,&QWP(16*6,"esp"));
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	&pand	($twres,$twmask);		# isolate carry and residue
-	&pcmpgtd($twtmp,$tweak);		# broadcast upper bits
-	&pxor	($tweak,$twres);
-
-&set_label("xts_dec_only_one_more");
-	&pshufd	($inout3,$twtmp,0x13);
-	&movdqa	($inout4,$tweak);		# put aside previous tweak
-	&paddq	($tweak,$tweak);		# &psllq($tweak,1);
-	&pand	($inout3,$twmask);		# isolate carry and residue
-	&pxor	($inout3,$tweak);
-
-	&mov	($key,$key_);			# restore $key
-	&mov	($rounds,$rounds_);		# restore $rounds
-
-	&movups	($inout0,&QWP(0,$inp));		# load input
-	&xorps	($inout0,$inout3);		# input^=tweak
-	if ($inline)
-	{   &aesni_inline_generate1("dec");	}
-	else
-	{   &call	("_aesni_decrypt1");	}
-	&xorps	($inout0,$inout3);		# output^=tweak
-	&movups	(&QWP(0,$out),$inout0);		# write output
-
-&set_label("xts_dec_steal");
-	&movz	($rounds,&BP(16,$inp));
-	&movz	($key,&BP(0,$out));
-	&lea	($inp,&DWP(1,$inp));
-	&mov	(&BP(0,$out),&LB($rounds));
-	&mov	(&BP(16,$out),&LB($key));
-	&lea	($out,&DWP(1,$out));
-	&sub	($len,1);
-	&jnz	(&label("xts_dec_steal"));
-
-	&sub	($out,&DWP(16*7+0,"esp"));	# rewind $out
-	&mov	($key,$key_);			# restore $key
-	&mov	($rounds,$rounds_);		# restore $rounds
-
-	&movups	($inout0,&QWP(0,$out));		# load input
-	&xorps	($inout0,$inout4);		# input^=tweak
-	if ($inline)
-	{   &aesni_inline_generate1("dec");	}
-	else
-	{   &call	("_aesni_decrypt1");	}
-	&xorps	($inout0,$inout4);		# output^=tweak
-	&movups	(&QWP(0,$out),$inout0);		# write output
-
-&set_label("xts_dec_ret");
-	&mov	("esp",&DWP(16*7+4,"esp"));	# restore %esp
-&function_end("aesni_xts_decrypt");
-}
-}
-
-######################################################################
-# void $PREFIX_cbc_encrypt (const void *inp, void *out,
-#                           size_t length, const AES_KEY *key,
-#                           unsigned char *ivp,const int enc);
-&function_begin("${PREFIX}_cbc_encrypt");
-	&mov	($inp,&wparam(0));
-	&mov	($rounds_,"esp");
-	&mov	($out,&wparam(1));
-	&sub	($rounds_,24);
-	&mov	($len,&wparam(2));
-	&and	($rounds_,-16);
-	&mov	($key,&wparam(3));
-	&mov	($key_,&wparam(4));
-	&test	($len,$len);
-	&jz	(&label("cbc_abort"));
-
-	&cmp	(&wparam(5),0);
-	&xchg	($rounds_,"esp");		# alloca
-	&movups	($ivec,&QWP(0,$key_));		# load IV
-	&mov	($rounds,&DWP(240,$key));
-	&mov	($key_,$key);			# backup $key
-	&mov	(&DWP(16,"esp"),$rounds_);	# save original %esp
-	&mov	($rounds_,$rounds);		# backup $rounds
-	&je	(&label("cbc_decrypt"));
-
-	&movaps	($inout0,$ivec);
-	&cmp	($len,16);
-	&jb	(&label("cbc_enc_tail"));
-	&sub	($len,16);
-	&jmp	(&label("cbc_enc_loop"));
-
-&set_label("cbc_enc_loop",16);
-	&movups	($ivec,&QWP(0,$inp));		# input actually
-	&lea	($inp,&DWP(16,$inp));
-	if ($inline)
-	{   &aesni_inline_generate1("enc",$inout0,$ivec);	}
-	else
-	{   &xorps($inout0,$ivec); &call("_aesni_encrypt1");	}
-	&mov	($rounds,$rounds_);	# restore $rounds
-	&mov	($key,$key_);		# restore $key
-	&movups	(&QWP(0,$out),$inout0);	# store output
-	&lea	($out,&DWP(16,$out));
-	&sub	($len,16);
-	&jnc	(&label("cbc_enc_loop"));
-	&add	($len,16);
-	&jnz	(&label("cbc_enc_tail"));
-	&movaps	($ivec,$inout0);
-	&jmp	(&label("cbc_ret"));
-
-&set_label("cbc_enc_tail");
-	&mov	("ecx",$len);		# zaps $rounds
-	&data_word(0xA4F3F689);		# rep movsb
-	&mov	("ecx",16);		# zero tail
-	&sub	("ecx",$len);
-	&xor	("eax","eax");		# zaps $len
-	&data_word(0xAAF3F689);		# rep stosb
-	&lea	($out,&DWP(-16,$out));	# rewind $out by 1 block
-	&mov	($rounds,$rounds_);	# restore $rounds
-	&mov	($inp,$out);		# $inp and $out are the same
-	&mov	($key,$key_);		# restore $key
-	&jmp	(&label("cbc_enc_loop"));
-######################################################################
-&set_label("cbc_decrypt",16);
-	&cmp	($len,0x50);
-	&jbe	(&label("cbc_dec_tail"));
-	&movaps	(&QWP(0,"esp"),$ivec);		# save IV
-	&sub	($len,0x50);
-	&jmp	(&label("cbc_dec_loop6_enter"));
-
-&set_label("cbc_dec_loop6",16);
-	&movaps	(&QWP(0,"esp"),$rndkey0);	# save IV
-	&movups	(&QWP(0,$out),$inout5);
-	&lea	($out,&DWP(0x10,$out));
-&set_label("cbc_dec_loop6_enter");
-	&movdqu	($inout0,&QWP(0,$inp));
-	&movdqu	($inout1,&QWP(0x10,$inp));
-	&movdqu	($inout2,&QWP(0x20,$inp));
-	&movdqu	($inout3,&QWP(0x30,$inp));
-	&movdqu	($inout4,&QWP(0x40,$inp));
-	&movdqu	($inout5,&QWP(0x50,$inp));
-
-	&call	("_aesni_decrypt6");
-
-	&movups	($rndkey1,&QWP(0,$inp));
-	&movups	($rndkey0,&QWP(0x10,$inp));
-	&xorps	($inout0,&QWP(0,"esp"));	# ^=IV
-	&xorps	($inout1,$rndkey1);
-	&movups	($rndkey1,&QWP(0x20,$inp));
-	&xorps	($inout2,$rndkey0);
-	&movups	($rndkey0,&QWP(0x30,$inp));
-	&xorps	($inout3,$rndkey1);
-	&movups	($rndkey1,&QWP(0x40,$inp));
-	&xorps	($inout4,$rndkey0);
-	&movups	($rndkey0,&QWP(0x50,$inp));	# IV
-	&xorps	($inout5,$rndkey1);
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&lea	($inp,&DWP(0x60,$inp));
-	&movups	(&QWP(0x20,$out),$inout2);
-	&mov	($rounds,$rounds_)		# restore $rounds
-	&movups	(&QWP(0x30,$out),$inout3);
-	&mov	($key,$key_);			# restore $key
-	&movups	(&QWP(0x40,$out),$inout4);
-	&lea	($out,&DWP(0x50,$out));
-	&sub	($len,0x60);
-	&ja	(&label("cbc_dec_loop6"));
-
-	&movaps	($inout0,$inout5);
-	&movaps	($ivec,$rndkey0);
-	&add	($len,0x50);
-	&jle	(&label("cbc_dec_tail_collected"));
-	&movups	(&QWP(0,$out),$inout0);
-	&lea	($out,&DWP(0x10,$out));
-&set_label("cbc_dec_tail");
-	&movups	($inout0,&QWP(0,$inp));
-	&movaps	($in0,$inout0);
-	&cmp	($len,0x10);
-	&jbe	(&label("cbc_dec_one"));
-
-	&movups	($inout1,&QWP(0x10,$inp));
-	&movaps	($in1,$inout1);
-	&cmp	($len,0x20);
-	&jbe	(&label("cbc_dec_two"));
-
-	&movups	($inout2,&QWP(0x20,$inp));
-	&cmp	($len,0x30);
-	&jbe	(&label("cbc_dec_three"));
-
-	&movups	($inout3,&QWP(0x30,$inp));
-	&cmp	($len,0x40);
-	&jbe	(&label("cbc_dec_four"));
-
-	&movups	($inout4,&QWP(0x40,$inp));
-	&movaps	(&QWP(0,"esp"),$ivec);		# save IV
-	&movups	($inout0,&QWP(0,$inp));
-	&xorps	($inout5,$inout5);
-	&call	("_aesni_decrypt6");
-	&movups	($rndkey1,&QWP(0,$inp));
-	&movups	($rndkey0,&QWP(0x10,$inp));
-	&xorps	($inout0,&QWP(0,"esp"));	# ^= IV
-	&xorps	($inout1,$rndkey1);
-	&movups	($rndkey1,&QWP(0x20,$inp));
-	&xorps	($inout2,$rndkey0);
-	&movups	($rndkey0,&QWP(0x30,$inp));
-	&xorps	($inout3,$rndkey1);
-	&movups	($ivec,&QWP(0x40,$inp));	# IV
-	&xorps	($inout4,$rndkey0);
-	&movups	(&QWP(0,$out),$inout0);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&movups	(&QWP(0x30,$out),$inout3);
-	&lea	($out,&DWP(0x40,$out));
-	&movaps	($inout0,$inout4);
-	&sub	($len,0x50);
-	&jmp	(&label("cbc_dec_tail_collected"));
-
-&set_label("cbc_dec_one",16);
-	if ($inline)
-	{   &aesni_inline_generate1("dec");	}
-	else
-	{   &call	("_aesni_decrypt1");	}
-	&xorps	($inout0,$ivec);
-	&movaps	($ivec,$in0);
-	&sub	($len,0x10);
-	&jmp	(&label("cbc_dec_tail_collected"));
-
-&set_label("cbc_dec_two",16);
-	&xorps	($inout2,$inout2);
-	&call	("_aesni_decrypt3");
-	&xorps	($inout0,$ivec);
-	&xorps	($inout1,$in0);
-	&movups	(&QWP(0,$out),$inout0);
-	&movaps	($inout0,$inout1);
-	&lea	($out,&DWP(0x10,$out));
-	&movaps	($ivec,$in1);
-	&sub	($len,0x20);
-	&jmp	(&label("cbc_dec_tail_collected"));
-
-&set_label("cbc_dec_three",16);
-	&call	("_aesni_decrypt3");
-	&xorps	($inout0,$ivec);
-	&xorps	($inout1,$in0);
-	&xorps	($inout2,$in1);
-	&movups	(&QWP(0,$out),$inout0);
-	&movaps	($inout0,$inout2);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&lea	($out,&DWP(0x20,$out));
-	&movups	($ivec,&QWP(0x20,$inp));
-	&sub	($len,0x30);
-	&jmp	(&label("cbc_dec_tail_collected"));
-
-&set_label("cbc_dec_four",16);
-	&call	("_aesni_decrypt4");
-	&movups	($rndkey1,&QWP(0x10,$inp));
-	&movups	($rndkey0,&QWP(0x20,$inp));
-	&xorps	($inout0,$ivec);
-	&movups	($ivec,&QWP(0x30,$inp));
-	&xorps	($inout1,$in0);
-	&movups	(&QWP(0,$out),$inout0);
-	&xorps	($inout2,$rndkey1);
-	&movups	(&QWP(0x10,$out),$inout1);
-	&xorps	($inout3,$rndkey0);
-	&movups	(&QWP(0x20,$out),$inout2);
-	&lea	($out,&DWP(0x30,$out));
-	&movaps	($inout0,$inout3);
-	&sub	($len,0x40);
-
-&set_label("cbc_dec_tail_collected");
-	&and	($len,15);
-	&jnz	(&label("cbc_dec_tail_partial"));
-	&movups	(&QWP(0,$out),$inout0);
-	&jmp	(&label("cbc_ret"));
-
-&set_label("cbc_dec_tail_partial",16);
-	&movaps	(&QWP(0,"esp"),$inout0);
-	&mov	("ecx",16);
-	&mov	($inp,"esp");
-	&sub	("ecx",$len);
-	&data_word(0xA4F3F689);		# rep movsb
-
-&set_label("cbc_ret");
-	&mov	("esp",&DWP(16,"esp"));	# pull original %esp
-	&mov	($key_,&wparam(4));
-	&movups	(&QWP(0,$key_),$ivec);	# output IV
-&set_label("cbc_abort");
-&function_end("${PREFIX}_cbc_encrypt");
-
-######################################################################
-# Mechanical port from aesni-x86_64.pl.
-#
-# _aesni_set_encrypt_key is private interface,
-# input:
-#	"eax"	const unsigned char *userKey
-#	$rounds	int bits
-#	$key	AES_KEY *key
-# output:
-#	"eax"	return code
-#	$round	rounds
-
-&function_begin_B("_aesni_set_encrypt_key");
-	&test	("eax","eax");
-	&jz	(&label("bad_pointer"));
-	&test	($key,$key);
-	&jz	(&label("bad_pointer"));
-
-	&movups	("xmm0",&QWP(0,"eax"));	# pull first 128 bits of *userKey
-	&xorps	("xmm4","xmm4");	# low dword of xmm4 is assumed 0
-	&lea	($key,&DWP(16,$key));
-	&cmp	($rounds,256);
-	&je	(&label("14rounds"));
-	&cmp	($rounds,192);
-	&je	(&label("12rounds"));
-	&cmp	($rounds,128);
-	&jne	(&label("bad_keybits"));
-
-&set_label("10rounds",16);
-	&mov		($rounds,9);
-	&$movekey	(&QWP(-16,$key),"xmm0");	# round 0
-	&aeskeygenassist("xmm1","xmm0",0x01);		# round 1
-	&call		(&label("key_128_cold"));
-	&aeskeygenassist("xmm1","xmm0",0x2);		# round 2
-	&call		(&label("key_128"));
-	&aeskeygenassist("xmm1","xmm0",0x04);		# round 3
-	&call		(&label("key_128"));
-	&aeskeygenassist("xmm1","xmm0",0x08);		# round 4
-	&call		(&label("key_128"));
-	&aeskeygenassist("xmm1","xmm0",0x10);		# round 5
-	&call		(&label("key_128"));
-	&aeskeygenassist("xmm1","xmm0",0x20);		# round 6
-	&call		(&label("key_128"));
-	&aeskeygenassist("xmm1","xmm0",0x40);		# round 7
-	&call		(&label("key_128"));
-	&aeskeygenassist("xmm1","xmm0",0x80);		# round 8
-	&call		(&label("key_128"));
-	&aeskeygenassist("xmm1","xmm0",0x1b);		# round 9
-	&call		(&label("key_128"));
-	&aeskeygenassist("xmm1","xmm0",0x36);		# round 10
-	&call		(&label("key_128"));
-	&$movekey	(&QWP(0,$key),"xmm0");
-	&mov		(&DWP(80,$key),$rounds);
-	&xor		("eax","eax");
-	&ret();
-
-&set_label("key_128",16);
-	&$movekey	(&QWP(0,$key),"xmm0");
-	&lea		($key,&DWP(16,$key));
-&set_label("key_128_cold");
-	&shufps		("xmm4","xmm0",0b00010000);
-	&xorps		("xmm0","xmm4");
-	&shufps		("xmm4","xmm0",0b10001100);
-	&xorps		("xmm0","xmm4");
-	&shufps		("xmm1","xmm1",0b11111111);	# critical path
-	&xorps		("xmm0","xmm1");
-	&ret();
-
-&set_label("12rounds",16);
-	&movq		("xmm2",&QWP(16,"eax"));	# remaining 1/3 of *userKey
-	&mov		($rounds,11);
-	&$movekey	(&QWP(-16,$key),"xmm0")		# round 0
-	&aeskeygenassist("xmm1","xmm2",0x01);		# round 1,2
-	&call		(&label("key_192a_cold"));
-	&aeskeygenassist("xmm1","xmm2",0x02);		# round 2,3
-	&call		(&label("key_192b"));
-	&aeskeygenassist("xmm1","xmm2",0x04);		# round 4,5
-	&call		(&label("key_192a"));
-	&aeskeygenassist("xmm1","xmm2",0x08);		# round 5,6
-	&call		(&label("key_192b"));
-	&aeskeygenassist("xmm1","xmm2",0x10);		# round 7,8
-	&call		(&label("key_192a"));
-	&aeskeygenassist("xmm1","xmm2",0x20);		# round 8,9
-	&call		(&label("key_192b"));
-	&aeskeygenassist("xmm1","xmm2",0x40);		# round 10,11
-	&call		(&label("key_192a"));
-	&aeskeygenassist("xmm1","xmm2",0x80);		# round 11,12
-	&call		(&label("key_192b"));
-	&$movekey	(&QWP(0,$key),"xmm0");
-	&mov		(&DWP(48,$key),$rounds);
-	&xor		("eax","eax");
-	&ret();
-
-&set_label("key_192a",16);
-	&$movekey	(&QWP(0,$key),"xmm0");
-	&lea		($key,&DWP(16,$key));
-&set_label("key_192a_cold",16);
-	&movaps		("xmm5","xmm2");
-&set_label("key_192b_warm");
-	&shufps		("xmm4","xmm0",0b00010000);
-	&movdqa		("xmm3","xmm2");
-	&xorps		("xmm0","xmm4");
-	&shufps		("xmm4","xmm0",0b10001100);
-	&pslldq		("xmm3",4);
-	&xorps		("xmm0","xmm4");
-	&pshufd		("xmm1","xmm1",0b01010101);	# critical path
-	&pxor		("xmm2","xmm3");
-	&pxor		("xmm0","xmm1");
-	&pshufd		("xmm3","xmm0",0b11111111);
-	&pxor		("xmm2","xmm3");
-	&ret();
-
-&set_label("key_192b",16);
-	&movaps		("xmm3","xmm0");
-	&shufps		("xmm5","xmm0",0b01000100);
-	&$movekey	(&QWP(0,$key),"xmm5");
-	&shufps		("xmm3","xmm2",0b01001110);
-	&$movekey	(&QWP(16,$key),"xmm3");
-	&lea		($key,&DWP(32,$key));
-	&jmp		(&label("key_192b_warm"));
-
-&set_label("14rounds",16);
-	&movups		("xmm2",&QWP(16,"eax"));	# remaining half of *userKey
-	&mov		($rounds,13);
-	&lea		($key,&DWP(16,$key));
-	&$movekey	(&QWP(-32,$key),"xmm0");	# round 0
-	&$movekey	(&QWP(-16,$key),"xmm2");	# round 1
-	&aeskeygenassist("xmm1","xmm2",0x01);		# round 2
-	&call		(&label("key_256a_cold"));
-	&aeskeygenassist("xmm1","xmm0",0x01);		# round 3
-	&call		(&label("key_256b"));
-	&aeskeygenassist("xmm1","xmm2",0x02);		# round 4
-	&call		(&label("key_256a"));
-	&aeskeygenassist("xmm1","xmm0",0x02);		# round 5
-	&call		(&label("key_256b"));
-	&aeskeygenassist("xmm1","xmm2",0x04);		# round 6
-	&call		(&label("key_256a"));
-	&aeskeygenassist("xmm1","xmm0",0x04);		# round 7
-	&call		(&label("key_256b"));
-	&aeskeygenassist("xmm1","xmm2",0x08);		# round 8
-	&call		(&label("key_256a"));
-	&aeskeygenassist("xmm1","xmm0",0x08);		# round 9
-	&call		(&label("key_256b"));
-	&aeskeygenassist("xmm1","xmm2",0x10);		# round 10
-	&call		(&label("key_256a"));
-	&aeskeygenassist("xmm1","xmm0",0x10);		# round 11
-	&call		(&label("key_256b"));
-	&aeskeygenassist("xmm1","xmm2",0x20);		# round 12
-	&call		(&label("key_256a"));
-	&aeskeygenassist("xmm1","xmm0",0x20);		# round 13
-	&call		(&label("key_256b"));
-	&aeskeygenassist("xmm1","xmm2",0x40);		# round 14
-	&call		(&label("key_256a"));
-	&$movekey	(&QWP(0,$key),"xmm0");
-	&mov		(&DWP(16,$key),$rounds);
-	&xor		("eax","eax");
-	&ret();
-
-&set_label("key_256a",16);
-	&$movekey	(&QWP(0,$key),"xmm2");
-	&lea		($key,&DWP(16,$key));
-&set_label("key_256a_cold");
-	&shufps		("xmm4","xmm0",0b00010000);
-	&xorps		("xmm0","xmm4");
-	&shufps		("xmm4","xmm0",0b10001100);
-	&xorps		("xmm0","xmm4");
-	&shufps		("xmm1","xmm1",0b11111111);	# critical path
-	&xorps		("xmm0","xmm1");
-	&ret();
-
-&set_label("key_256b",16);
-	&$movekey	(&QWP(0,$key),"xmm0");
-	&lea		($key,&DWP(16,$key));
-
-	&shufps		("xmm4","xmm2",0b00010000);
-	&xorps		("xmm2","xmm4");
-	&shufps		("xmm4","xmm2",0b10001100);
-	&xorps		("xmm2","xmm4");
-	&shufps		("xmm1","xmm1",0b10101010);	# critical path
-	&xorps		("xmm2","xmm1");
-	&ret();
-
-&set_label("bad_pointer",4);
-	&mov	("eax",-1);
-	&ret	();
-&set_label("bad_keybits",4);
-	&mov	("eax",-2);
-	&ret	();
-&function_end_B("_aesni_set_encrypt_key");
-
-# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits,
-#                              AES_KEY *key)
-&function_begin_B("${PREFIX}_set_encrypt_key");
-	&mov	("eax",&wparam(0));
-	&mov	($rounds,&wparam(1));
-	&mov	($key,&wparam(2));
-	&call	("_aesni_set_encrypt_key");
-	&ret	();
-&function_end_B("${PREFIX}_set_encrypt_key");
-
-# int $PREFIX_set_decrypt_key (const unsigned char *userKey, int bits,
-#                              AES_KEY *key)
-&function_begin_B("${PREFIX}_set_decrypt_key");
-	&mov	("eax",&wparam(0));
-	&mov	($rounds,&wparam(1));
-	&mov	($key,&wparam(2));
-	&call	("_aesni_set_encrypt_key");
-	&mov	($key,&wparam(2));
-	&shl	($rounds,4)	# rounds-1 after _aesni_set_encrypt_key
-	&test	("eax","eax");
-	&jnz	(&label("dec_key_ret"));
-	&lea	("eax",&DWP(16,$key,$rounds));	# end of key schedule
-
-	&$movekey	("xmm0",&QWP(0,$key));	# just swap
-	&$movekey	("xmm1",&QWP(0,"eax"));
-	&$movekey	(&QWP(0,"eax"),"xmm0");
-	&$movekey	(&QWP(0,$key),"xmm1");
-	&lea		($key,&DWP(16,$key));
-	&lea		("eax",&DWP(-16,"eax"));
-
-&set_label("dec_key_inverse");
-	&$movekey	("xmm0",&QWP(0,$key));	# swap and inverse
-	&$movekey	("xmm1",&QWP(0,"eax"));
-	&aesimc		("xmm0","xmm0");
-	&aesimc		("xmm1","xmm1");
-	&lea		($key,&DWP(16,$key));
-	&lea		("eax",&DWP(-16,"eax"));
-	&$movekey	(&QWP(16,"eax"),"xmm0");
-	&$movekey	(&QWP(-16,$key),"xmm1");
-	&cmp		("eax",$key);
-	&ja		(&label("dec_key_inverse"));
-
-	&$movekey	("xmm0",&QWP(0,$key));	# inverse middle
-	&aesimc		("xmm0","xmm0");
-	&$movekey	(&QWP(0,$key),"xmm0");
-
-	&xor		("eax","eax");		# return success
-&set_label("dec_key_ret");
-	&ret	();
-&function_end_B("${PREFIX}_set_decrypt_key");
-&asciz("AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>");
-
-&asm_finish();
diff --git a/crypto/aes/asm/aesni-x86_64.S b/crypto/aes/asm/aesni-x86_64.S
deleted file mode 100644
index 917c832354..0000000000
--- a/crypto/aes/asm/aesni-x86_64.S
+++ /dev/null
@@ -1,2535 +0,0 @@
-.text	
-.globl	aesni_encrypt
-.type	aesni_encrypt,@function
-.align	16
-aesni_encrypt:
-	movups	(%rdi),%xmm2
-	movl	240(%rdx),%eax
-	movups	(%rdx),%xmm0
-	movups	16(%rdx),%xmm1
-	leaq	32(%rdx),%rdx
-	xorps	%xmm0,%xmm2
-.Loop_enc1_1:
-.byte	102,15,56,220,209
-	decl	%eax
-	movups	(%rdx),%xmm1
-	leaq	16(%rdx),%rdx
-	jnz	.Loop_enc1_1	
-.byte	102,15,56,221,209
-	movups	%xmm2,(%rsi)
-	.byte	0xf3,0xc3
-.size	aesni_encrypt,.-aesni_encrypt
-
-.globl	aesni_decrypt
-.type	aesni_decrypt,@function
-.align	16
-aesni_decrypt:
-	movups	(%rdi),%xmm2
-	movl	240(%rdx),%eax
-	movups	(%rdx),%xmm0
-	movups	16(%rdx),%xmm1
-	leaq	32(%rdx),%rdx
-	xorps	%xmm0,%xmm2
-.Loop_dec1_2:
-.byte	102,15,56,222,209
-	decl	%eax
-	movups	(%rdx),%xmm1
-	leaq	16(%rdx),%rdx
-	jnz	.Loop_dec1_2	
-.byte	102,15,56,223,209
-	movups	%xmm2,(%rsi)
-	.byte	0xf3,0xc3
-.size	aesni_decrypt, .-aesni_decrypt
-.type	_aesni_encrypt3,@function
-.align	16
-_aesni_encrypt3:
-	movups	(%rcx),%xmm0
-	shrl	$1,%eax
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-	xorps	%xmm0,%xmm3
-	xorps	%xmm0,%xmm4
-	movups	(%rcx),%xmm0
-
-.Lenc_loop3:
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	decl	%eax
-.byte	102,15,56,220,225
-	movups	16(%rcx),%xmm1
-.byte	102,15,56,220,208
-.byte	102,15,56,220,216
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,220,224
-	movups	(%rcx),%xmm0
-	jnz	.Lenc_loop3
-
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-.byte	102,15,56,220,225
-.byte	102,15,56,221,208
-.byte	102,15,56,221,216
-.byte	102,15,56,221,224
-	.byte	0xf3,0xc3
-.size	_aesni_encrypt3,.-_aesni_encrypt3
-.type	_aesni_decrypt3,@function
-.align	16
-_aesni_decrypt3:
-	movups	(%rcx),%xmm0
-	shrl	$1,%eax
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-	xorps	%xmm0,%xmm3
-	xorps	%xmm0,%xmm4
-	movups	(%rcx),%xmm0
-
-.Ldec_loop3:
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-	decl	%eax
-.byte	102,15,56,222,225
-	movups	16(%rcx),%xmm1
-.byte	102,15,56,222,208
-.byte	102,15,56,222,216
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,222,224
-	movups	(%rcx),%xmm0
-	jnz	.Ldec_loop3
-
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-.byte	102,15,56,222,225
-.byte	102,15,56,223,208
-.byte	102,15,56,223,216
-.byte	102,15,56,223,224
-	.byte	0xf3,0xc3
-.size	_aesni_decrypt3,.-_aesni_decrypt3
-.type	_aesni_encrypt4,@function
-.align	16
-_aesni_encrypt4:
-	movups	(%rcx),%xmm0
-	shrl	$1,%eax
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-	xorps	%xmm0,%xmm3
-	xorps	%xmm0,%xmm4
-	xorps	%xmm0,%xmm5
-	movups	(%rcx),%xmm0
-
-.Lenc_loop4:
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	decl	%eax
-.byte	102,15,56,220,225
-.byte	102,15,56,220,233
-	movups	16(%rcx),%xmm1
-.byte	102,15,56,220,208
-.byte	102,15,56,220,216
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,220,224
-.byte	102,15,56,220,232
-	movups	(%rcx),%xmm0
-	jnz	.Lenc_loop4
-
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-.byte	102,15,56,220,225
-.byte	102,15,56,220,233
-.byte	102,15,56,221,208
-.byte	102,15,56,221,216
-.byte	102,15,56,221,224
-.byte	102,15,56,221,232
-	.byte	0xf3,0xc3
-.size	_aesni_encrypt4,.-_aesni_encrypt4
-.type	_aesni_decrypt4,@function
-.align	16
-_aesni_decrypt4:
-	movups	(%rcx),%xmm0
-	shrl	$1,%eax
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-	xorps	%xmm0,%xmm3
-	xorps	%xmm0,%xmm4
-	xorps	%xmm0,%xmm5
-	movups	(%rcx),%xmm0
-
-.Ldec_loop4:
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-	decl	%eax
-.byte	102,15,56,222,225
-.byte	102,15,56,222,233
-	movups	16(%rcx),%xmm1
-.byte	102,15,56,222,208
-.byte	102,15,56,222,216
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,222,224
-.byte	102,15,56,222,232
-	movups	(%rcx),%xmm0
-	jnz	.Ldec_loop4
-
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-.byte	102,15,56,222,225
-.byte	102,15,56,222,233
-.byte	102,15,56,223,208
-.byte	102,15,56,223,216
-.byte	102,15,56,223,224
-.byte	102,15,56,223,232
-	.byte	0xf3,0xc3
-.size	_aesni_decrypt4,.-_aesni_decrypt4
-.type	_aesni_encrypt6,@function
-.align	16
-_aesni_encrypt6:
-	movups	(%rcx),%xmm0
-	shrl	$1,%eax
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-	pxor	%xmm0,%xmm3
-.byte	102,15,56,220,209
-	pxor	%xmm0,%xmm4
-.byte	102,15,56,220,217
-	pxor	%xmm0,%xmm5
-.byte	102,15,56,220,225
-	pxor	%xmm0,%xmm6
-.byte	102,15,56,220,233
-	pxor	%xmm0,%xmm7
-	decl	%eax
-.byte	102,15,56,220,241
-	movups	(%rcx),%xmm0
-.byte	102,15,56,220,249
-	jmp	.Lenc_loop6_enter
-.align	16
-.Lenc_loop6:
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	decl	%eax
-.byte	102,15,56,220,225
-.byte	102,15,56,220,233
-.byte	102,15,56,220,241
-.byte	102,15,56,220,249
-.Lenc_loop6_enter:
-	movups	16(%rcx),%xmm1
-.byte	102,15,56,220,208
-.byte	102,15,56,220,216
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,220,224
-.byte	102,15,56,220,232
-.byte	102,15,56,220,240
-.byte	102,15,56,220,248
-	movups	(%rcx),%xmm0
-	jnz	.Lenc_loop6
-
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-.byte	102,15,56,220,225
-.byte	102,15,56,220,233
-.byte	102,15,56,220,241
-.byte	102,15,56,220,249
-.byte	102,15,56,221,208
-.byte	102,15,56,221,216
-.byte	102,15,56,221,224
-.byte	102,15,56,221,232
-.byte	102,15,56,221,240
-.byte	102,15,56,221,248
-	.byte	0xf3,0xc3
-.size	_aesni_encrypt6,.-_aesni_encrypt6
-.type	_aesni_decrypt6,@function
-.align	16
-_aesni_decrypt6:
-	movups	(%rcx),%xmm0
-	shrl	$1,%eax
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-	pxor	%xmm0,%xmm3
-.byte	102,15,56,222,209
-	pxor	%xmm0,%xmm4
-.byte	102,15,56,222,217
-	pxor	%xmm0,%xmm5
-.byte	102,15,56,222,225
-	pxor	%xmm0,%xmm6
-.byte	102,15,56,222,233
-	pxor	%xmm0,%xmm7
-	decl	%eax
-.byte	102,15,56,222,241
-	movups	(%rcx),%xmm0
-.byte	102,15,56,222,249
-	jmp	.Ldec_loop6_enter
-.align	16
-.Ldec_loop6:
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-	decl	%eax
-.byte	102,15,56,222,225
-.byte	102,15,56,222,233
-.byte	102,15,56,222,241
-.byte	102,15,56,222,249
-.Ldec_loop6_enter:
-	movups	16(%rcx),%xmm1
-.byte	102,15,56,222,208
-.byte	102,15,56,222,216
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,222,224
-.byte	102,15,56,222,232
-.byte	102,15,56,222,240
-.byte	102,15,56,222,248
-	movups	(%rcx),%xmm0
-	jnz	.Ldec_loop6
-
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-.byte	102,15,56,222,225
-.byte	102,15,56,222,233
-.byte	102,15,56,222,241
-.byte	102,15,56,222,249
-.byte	102,15,56,223,208
-.byte	102,15,56,223,216
-.byte	102,15,56,223,224
-.byte	102,15,56,223,232
-.byte	102,15,56,223,240
-.byte	102,15,56,223,248
-	.byte	0xf3,0xc3
-.size	_aesni_decrypt6,.-_aesni_decrypt6
-.type	_aesni_encrypt8,@function
-.align	16
-_aesni_encrypt8:
-	movups	(%rcx),%xmm0
-	shrl	$1,%eax
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-	xorps	%xmm0,%xmm3
-.byte	102,15,56,220,209
-	pxor	%xmm0,%xmm4
-.byte	102,15,56,220,217
-	pxor	%xmm0,%xmm5
-.byte	102,15,56,220,225
-	pxor	%xmm0,%xmm6
-.byte	102,15,56,220,233
-	pxor	%xmm0,%xmm7
-	decl	%eax
-.byte	102,15,56,220,241
-	pxor	%xmm0,%xmm8
-.byte	102,15,56,220,249
-	pxor	%xmm0,%xmm9
-	movups	(%rcx),%xmm0
-.byte	102,68,15,56,220,193
-.byte	102,68,15,56,220,201
-	movups	16(%rcx),%xmm1
-	jmp	.Lenc_loop8_enter
-.align	16
-.Lenc_loop8:
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	decl	%eax
-.byte	102,15,56,220,225
-.byte	102,15,56,220,233
-.byte	102,15,56,220,241
-.byte	102,15,56,220,249
-.byte	102,68,15,56,220,193
-.byte	102,68,15,56,220,201
-	movups	16(%rcx),%xmm1
-.Lenc_loop8_enter:
-.byte	102,15,56,220,208
-.byte	102,15,56,220,216
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,220,224
-.byte	102,15,56,220,232
-.byte	102,15,56,220,240
-.byte	102,15,56,220,248
-.byte	102,68,15,56,220,192
-.byte	102,68,15,56,220,200
-	movups	(%rcx),%xmm0
-	jnz	.Lenc_loop8
-
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-.byte	102,15,56,220,225
-.byte	102,15,56,220,233
-.byte	102,15,56,220,241
-.byte	102,15,56,220,249
-.byte	102,68,15,56,220,193
-.byte	102,68,15,56,220,201
-.byte	102,15,56,221,208
-.byte	102,15,56,221,216
-.byte	102,15,56,221,224
-.byte	102,15,56,221,232
-.byte	102,15,56,221,240
-.byte	102,15,56,221,248
-.byte	102,68,15,56,221,192
-.byte	102,68,15,56,221,200
-	.byte	0xf3,0xc3
-.size	_aesni_encrypt8,.-_aesni_encrypt8
-.type	_aesni_decrypt8,@function
-.align	16
-_aesni_decrypt8:
-	movups	(%rcx),%xmm0
-	shrl	$1,%eax
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-	xorps	%xmm0,%xmm3
-.byte	102,15,56,222,209
-	pxor	%xmm0,%xmm4
-.byte	102,15,56,222,217
-	pxor	%xmm0,%xmm5
-.byte	102,15,56,222,225
-	pxor	%xmm0,%xmm6
-.byte	102,15,56,222,233
-	pxor	%xmm0,%xmm7
-	decl	%eax
-.byte	102,15,56,222,241
-	pxor	%xmm0,%xmm8
-.byte	102,15,56,222,249
-	pxor	%xmm0,%xmm9
-	movups	(%rcx),%xmm0
-.byte	102,68,15,56,222,193
-.byte	102,68,15,56,222,201
-	movups	16(%rcx),%xmm1
-	jmp	.Ldec_loop8_enter
-.align	16
-.Ldec_loop8:
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-	decl	%eax
-.byte	102,15,56,222,225
-.byte	102,15,56,222,233
-.byte	102,15,56,222,241
-.byte	102,15,56,222,249
-.byte	102,68,15,56,222,193
-.byte	102,68,15,56,222,201
-	movups	16(%rcx),%xmm1
-.Ldec_loop8_enter:
-.byte	102,15,56,222,208
-.byte	102,15,56,222,216
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,222,224
-.byte	102,15,56,222,232
-.byte	102,15,56,222,240
-.byte	102,15,56,222,248
-.byte	102,68,15,56,222,192
-.byte	102,68,15,56,222,200
-	movups	(%rcx),%xmm0
-	jnz	.Ldec_loop8
-
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-.byte	102,15,56,222,225
-.byte	102,15,56,222,233
-.byte	102,15,56,222,241
-.byte	102,15,56,222,249
-.byte	102,68,15,56,222,193
-.byte	102,68,15,56,222,201
-.byte	102,15,56,223,208
-.byte	102,15,56,223,216
-.byte	102,15,56,223,224
-.byte	102,15,56,223,232
-.byte	102,15,56,223,240
-.byte	102,15,56,223,248
-.byte	102,68,15,56,223,192
-.byte	102,68,15,56,223,200
-	.byte	0xf3,0xc3
-.size	_aesni_decrypt8,.-_aesni_decrypt8
-.globl	aesni_ecb_encrypt
-.type	aesni_ecb_encrypt,@function
-.align	16
-aesni_ecb_encrypt:
-	andq	$-16,%rdx
-	jz	.Lecb_ret
-
-	movl	240(%rcx),%eax
-	movups	(%rcx),%xmm0
-	movq	%rcx,%r11
-	movl	%eax,%r10d
-	testl	%r8d,%r8d
-	jz	.Lecb_decrypt
-
-	cmpq	$128,%rdx
-	jb	.Lecb_enc_tail
-
-	movdqu	(%rdi),%xmm2
-	movdqu	16(%rdi),%xmm3
-	movdqu	32(%rdi),%xmm4
-	movdqu	48(%rdi),%xmm5
-	movdqu	64(%rdi),%xmm6
-	movdqu	80(%rdi),%xmm7
-	movdqu	96(%rdi),%xmm8
-	movdqu	112(%rdi),%xmm9
-	leaq	128(%rdi),%rdi
-	subq	$128,%rdx
-	jmp	.Lecb_enc_loop8_enter
-.align	16
-.Lecb_enc_loop8:
-	movups	%xmm2,(%rsi)
-	movq	%r11,%rcx
-	movdqu	(%rdi),%xmm2
-	movl	%r10d,%eax
-	movups	%xmm3,16(%rsi)
-	movdqu	16(%rdi),%xmm3
-	movups	%xmm4,32(%rsi)
-	movdqu	32(%rdi),%xmm4
-	movups	%xmm5,48(%rsi)
-	movdqu	48(%rdi),%xmm5
-	movups	%xmm6,64(%rsi)
-	movdqu	64(%rdi),%xmm6
-	movups	%xmm7,80(%rsi)
-	movdqu	80(%rdi),%xmm7
-	movups	%xmm8,96(%rsi)
-	movdqu	96(%rdi),%xmm8
-	movups	%xmm9,112(%rsi)
-	leaq	128(%rsi),%rsi
-	movdqu	112(%rdi),%xmm9
-	leaq	128(%rdi),%rdi
-.Lecb_enc_loop8_enter:
-
-	call	_aesni_encrypt8
-
-	subq	$128,%rdx
-	jnc	.Lecb_enc_loop8
-
-	movups	%xmm2,(%rsi)
-	movq	%r11,%rcx
-	movups	%xmm3,16(%rsi)
-	movl	%r10d,%eax
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	movups	%xmm6,64(%rsi)
-	movups	%xmm7,80(%rsi)
-	movups	%xmm8,96(%rsi)
-	movups	%xmm9,112(%rsi)
-	leaq	128(%rsi),%rsi
-	addq	$128,%rdx
-	jz	.Lecb_ret
-
-.Lecb_enc_tail:
-	movups	(%rdi),%xmm2
-	cmpq	$32,%rdx
-	jb	.Lecb_enc_one
-	movups	16(%rdi),%xmm3
-	je	.Lecb_enc_two
-	movups	32(%rdi),%xmm4
-	cmpq	$64,%rdx
-	jb	.Lecb_enc_three
-	movups	48(%rdi),%xmm5
-	je	.Lecb_enc_four
-	movups	64(%rdi),%xmm6
-	cmpq	$96,%rdx
-	jb	.Lecb_enc_five
-	movups	80(%rdi),%xmm7
-	je	.Lecb_enc_six
-	movdqu	96(%rdi),%xmm8
-	call	_aesni_encrypt8
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	movups	%xmm6,64(%rsi)
-	movups	%xmm7,80(%rsi)
-	movups	%xmm8,96(%rsi)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_enc_one:
-	movups	(%rcx),%xmm0
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-.Loop_enc1_3:
-.byte	102,15,56,220,209
-	decl	%eax
-	movups	(%rcx),%xmm1
-	leaq	16(%rcx),%rcx
-	jnz	.Loop_enc1_3	
-.byte	102,15,56,221,209
-	movups	%xmm2,(%rsi)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_enc_two:
-	xorps	%xmm4,%xmm4
-	call	_aesni_encrypt3
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_enc_three:
-	call	_aesni_encrypt3
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_enc_four:
-	call	_aesni_encrypt4
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_enc_five:
-	xorps	%xmm7,%xmm7
-	call	_aesni_encrypt6
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	movups	%xmm6,64(%rsi)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_enc_six:
-	call	_aesni_encrypt6
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	movups	%xmm6,64(%rsi)
-	movups	%xmm7,80(%rsi)
-	jmp	.Lecb_ret
-
-.align	16
-.Lecb_decrypt:
-	cmpq	$128,%rdx
-	jb	.Lecb_dec_tail
-
-	movdqu	(%rdi),%xmm2
-	movdqu	16(%rdi),%xmm3
-	movdqu	32(%rdi),%xmm4
-	movdqu	48(%rdi),%xmm5
-	movdqu	64(%rdi),%xmm6
-	movdqu	80(%rdi),%xmm7
-	movdqu	96(%rdi),%xmm8
-	movdqu	112(%rdi),%xmm9
-	leaq	128(%rdi),%rdi
-	subq	$128,%rdx
-	jmp	.Lecb_dec_loop8_enter
-.align	16
-.Lecb_dec_loop8:
-	movups	%xmm2,(%rsi)
-	movq	%r11,%rcx
-	movdqu	(%rdi),%xmm2
-	movl	%r10d,%eax
-	movups	%xmm3,16(%rsi)
-	movdqu	16(%rdi),%xmm3
-	movups	%xmm4,32(%rsi)
-	movdqu	32(%rdi),%xmm4
-	movups	%xmm5,48(%rsi)
-	movdqu	48(%rdi),%xmm5
-	movups	%xmm6,64(%rsi)
-	movdqu	64(%rdi),%xmm6
-	movups	%xmm7,80(%rsi)
-	movdqu	80(%rdi),%xmm7
-	movups	%xmm8,96(%rsi)
-	movdqu	96(%rdi),%xmm8
-	movups	%xmm9,112(%rsi)
-	leaq	128(%rsi),%rsi
-	movdqu	112(%rdi),%xmm9
-	leaq	128(%rdi),%rdi
-.Lecb_dec_loop8_enter:
-
-	call	_aesni_decrypt8
-
-	movups	(%r11),%xmm0
-	subq	$128,%rdx
-	jnc	.Lecb_dec_loop8
-
-	movups	%xmm2,(%rsi)
-	movq	%r11,%rcx
-	movups	%xmm3,16(%rsi)
-	movl	%r10d,%eax
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	movups	%xmm6,64(%rsi)
-	movups	%xmm7,80(%rsi)
-	movups	%xmm8,96(%rsi)
-	movups	%xmm9,112(%rsi)
-	leaq	128(%rsi),%rsi
-	addq	$128,%rdx
-	jz	.Lecb_ret
-
-.Lecb_dec_tail:
-	movups	(%rdi),%xmm2
-	cmpq	$32,%rdx
-	jb	.Lecb_dec_one
-	movups	16(%rdi),%xmm3
-	je	.Lecb_dec_two
-	movups	32(%rdi),%xmm4
-	cmpq	$64,%rdx
-	jb	.Lecb_dec_three
-	movups	48(%rdi),%xmm5
-	je	.Lecb_dec_four
-	movups	64(%rdi),%xmm6
-	cmpq	$96,%rdx
-	jb	.Lecb_dec_five
-	movups	80(%rdi),%xmm7
-	je	.Lecb_dec_six
-	movups	96(%rdi),%xmm8
-	movups	(%rcx),%xmm0
-	call	_aesni_decrypt8
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	movups	%xmm6,64(%rsi)
-	movups	%xmm7,80(%rsi)
-	movups	%xmm8,96(%rsi)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_dec_one:
-	movups	(%rcx),%xmm0
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-.Loop_dec1_4:
-.byte	102,15,56,222,209
-	decl	%eax
-	movups	(%rcx),%xmm1
-	leaq	16(%rcx),%rcx
-	jnz	.Loop_dec1_4	
-.byte	102,15,56,223,209
-	movups	%xmm2,(%rsi)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_dec_two:
-	xorps	%xmm4,%xmm4
-	call	_aesni_decrypt3
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_dec_three:
-	call	_aesni_decrypt3
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_dec_four:
-	call	_aesni_decrypt4
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_dec_five:
-	xorps	%xmm7,%xmm7
-	call	_aesni_decrypt6
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	movups	%xmm6,64(%rsi)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_dec_six:
-	call	_aesni_decrypt6
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	movups	%xmm6,64(%rsi)
-	movups	%xmm7,80(%rsi)
-
-.Lecb_ret:
-	.byte	0xf3,0xc3
-.size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
-.globl	aesni_ccm64_encrypt_blocks
-.type	aesni_ccm64_encrypt_blocks,@function
-.align	16
-aesni_ccm64_encrypt_blocks:
-	movl	240(%rcx),%eax
-	movdqu	(%r8),%xmm9
-	movdqa	.Lincrement64(%rip),%xmm6
-	movdqa	.Lbswap_mask(%rip),%xmm7
-
-	shrl	$1,%eax
-	leaq	0(%rcx),%r11
-	movdqu	(%r9),%xmm3
-	movdqa	%xmm9,%xmm2
-	movl	%eax,%r10d
-.byte	102,68,15,56,0,207
-	jmp	.Lccm64_enc_outer
-.align	16
-.Lccm64_enc_outer:
-	movups	(%r11),%xmm0
-	movl	%r10d,%eax
-	movups	(%rdi),%xmm8
-
-	xorps	%xmm0,%xmm2
-	movups	16(%r11),%xmm1
-	xorps	%xmm8,%xmm0
-	leaq	32(%r11),%rcx
-	xorps	%xmm0,%xmm3
-	movups	(%rcx),%xmm0
-
-.Lccm64_enc2_loop:
-.byte	102,15,56,220,209
-	decl	%eax
-.byte	102,15,56,220,217
-	movups	16(%rcx),%xmm1
-.byte	102,15,56,220,208
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,220,216
-	movups	0(%rcx),%xmm0
-	jnz	.Lccm64_enc2_loop
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	paddq	%xmm6,%xmm9
-.byte	102,15,56,221,208
-.byte	102,15,56,221,216
-
-	decq	%rdx
-	leaq	16(%rdi),%rdi
-	xorps	%xmm2,%xmm8
-	movdqa	%xmm9,%xmm2
-	movups	%xmm8,(%rsi)
-	leaq	16(%rsi),%rsi
-.byte	102,15,56,0,215
-	jnz	.Lccm64_enc_outer
-
-	movups	%xmm3,(%r9)
-	.byte	0xf3,0xc3
-.size	aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
-.globl	aesni_ccm64_decrypt_blocks
-.type	aesni_ccm64_decrypt_blocks,@function
-.align	16
-aesni_ccm64_decrypt_blocks:
-	movl	240(%rcx),%eax
-	movups	(%r8),%xmm9
-	movdqu	(%r9),%xmm3
-	movdqa	.Lincrement64(%rip),%xmm6
-	movdqa	.Lbswap_mask(%rip),%xmm7
-
-	movaps	%xmm9,%xmm2
-	movl	%eax,%r10d
-	movq	%rcx,%r11
-.byte	102,68,15,56,0,207
-	movups	(%rcx),%xmm0
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-.Loop_enc1_5:
-.byte	102,15,56,220,209
-	decl	%eax
-	movups	(%rcx),%xmm1
-	leaq	16(%rcx),%rcx
-	jnz	.Loop_enc1_5	
-.byte	102,15,56,221,209
-	movups	(%rdi),%xmm8
-	paddq	%xmm6,%xmm9
-	leaq	16(%rdi),%rdi
-	jmp	.Lccm64_dec_outer
-.align	16
-.Lccm64_dec_outer:
-	xorps	%xmm2,%xmm8
-	movdqa	%xmm9,%xmm2
-	movl	%r10d,%eax
-	movups	%xmm8,(%rsi)
-	leaq	16(%rsi),%rsi
-.byte	102,15,56,0,215
-
-	subq	$1,%rdx
-	jz	.Lccm64_dec_break
-
-	movups	(%r11),%xmm0
-	shrl	$1,%eax
-	movups	16(%r11),%xmm1
-	xorps	%xmm0,%xmm8
-	leaq	32(%r11),%rcx
-	xorps	%xmm0,%xmm2
-	xorps	%xmm8,%xmm3
-	movups	(%rcx),%xmm0
-
-.Lccm64_dec2_loop:
-.byte	102,15,56,220,209
-	decl	%eax
-.byte	102,15,56,220,217
-	movups	16(%rcx),%xmm1
-.byte	102,15,56,220,208
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,220,216
-	movups	0(%rcx),%xmm0
-	jnz	.Lccm64_dec2_loop
-	movups	(%rdi),%xmm8
-	paddq	%xmm6,%xmm9
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	leaq	16(%rdi),%rdi
-.byte	102,15,56,221,208
-.byte	102,15,56,221,216
-	jmp	.Lccm64_dec_outer
-
-.align	16
-.Lccm64_dec_break:
-
-	movups	(%r11),%xmm0
-	movups	16(%r11),%xmm1
-	xorps	%xmm0,%xmm8
-	leaq	32(%r11),%r11
-	xorps	%xmm8,%xmm3
-.Loop_enc1_6:
-.byte	102,15,56,220,217
-	decl	%eax
-	movups	(%r11),%xmm1
-	leaq	16(%r11),%r11
-	jnz	.Loop_enc1_6	
-.byte	102,15,56,221,217
-	movups	%xmm3,(%r9)
-	.byte	0xf3,0xc3
-.size	aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
-.globl	aesni_ctr32_encrypt_blocks
-.type	aesni_ctr32_encrypt_blocks,@function
-.align	16
-aesni_ctr32_encrypt_blocks:
-	cmpq	$1,%rdx
-	je	.Lctr32_one_shortcut
-
-	movdqu	(%r8),%xmm14
-	movdqa	.Lbswap_mask(%rip),%xmm15
-	xorl	%eax,%eax
-.byte	102,69,15,58,22,242,3
-.byte	102,68,15,58,34,240,3
-
-	movl	240(%rcx),%eax
-	bswapl	%r10d
-	pxor	%xmm12,%xmm12
-	pxor	%xmm13,%xmm13
-.byte	102,69,15,58,34,226,0
-	leaq	3(%r10),%r11
-.byte	102,69,15,58,34,235,0
-	incl	%r10d
-.byte	102,69,15,58,34,226,1
-	incq	%r11
-.byte	102,69,15,58,34,235,1
-	incl	%r10d
-.byte	102,69,15,58,34,226,2
-	incq	%r11
-.byte	102,69,15,58,34,235,2
-	movdqa	%xmm12,-40(%rsp)
-.byte	102,69,15,56,0,231
-	movdqa	%xmm13,-24(%rsp)
-.byte	102,69,15,56,0,239
-
-	pshufd	$192,%xmm12,%xmm2
-	pshufd	$128,%xmm12,%xmm3
-	pshufd	$64,%xmm12,%xmm4
-	cmpq	$6,%rdx
-	jb	.Lctr32_tail
-	shrl	$1,%eax
-	movq	%rcx,%r11
-	movl	%eax,%r10d
-	subq	$6,%rdx
-	jmp	.Lctr32_loop6
-
-.align	16
-.Lctr32_loop6:
-	pshufd	$192,%xmm13,%xmm5
-	por	%xmm14,%xmm2
-	movups	(%r11),%xmm0
-	pshufd	$128,%xmm13,%xmm6
-	por	%xmm14,%xmm3
-	movups	16(%r11),%xmm1
-	pshufd	$64,%xmm13,%xmm7
-	por	%xmm14,%xmm4
-	por	%xmm14,%xmm5
-	xorps	%xmm0,%xmm2
-	por	%xmm14,%xmm6
-	por	%xmm14,%xmm7
-
-
-
-
-	pxor	%xmm0,%xmm3
-.byte	102,15,56,220,209
-	leaq	32(%r11),%rcx
-	pxor	%xmm0,%xmm4
-.byte	102,15,56,220,217
-	movdqa	.Lincrement32(%rip),%xmm13
-	pxor	%xmm0,%xmm5
-.byte	102,15,56,220,225
-	movdqa	-40(%rsp),%xmm12
-	pxor	%xmm0,%xmm6
-.byte	102,15,56,220,233
-	pxor	%xmm0,%xmm7
-	movups	(%rcx),%xmm0
-	decl	%eax
-.byte	102,15,56,220,241
-.byte	102,15,56,220,249
-	jmp	.Lctr32_enc_loop6_enter
-.align	16
-.Lctr32_enc_loop6:
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	decl	%eax
-.byte	102,15,56,220,225
-.byte	102,15,56,220,233
-.byte	102,15,56,220,241
-.byte	102,15,56,220,249
-.Lctr32_enc_loop6_enter:
-	movups	16(%rcx),%xmm1
-.byte	102,15,56,220,208
-.byte	102,15,56,220,216
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,220,224
-.byte	102,15,56,220,232
-.byte	102,15,56,220,240
-.byte	102,15,56,220,248
-	movups	(%rcx),%xmm0
-	jnz	.Lctr32_enc_loop6
-
-.byte	102,15,56,220,209
-	paddd	%xmm13,%xmm12
-.byte	102,15,56,220,217
-	paddd	-24(%rsp),%xmm13
-.byte	102,15,56,220,225
-	movdqa	%xmm12,-40(%rsp)
-.byte	102,15,56,220,233
-	movdqa	%xmm13,-24(%rsp)
-.byte	102,15,56,220,241
-.byte	102,69,15,56,0,231
-.byte	102,15,56,220,249
-.byte	102,69,15,56,0,239
-
-.byte	102,15,56,221,208
-	movups	(%rdi),%xmm8
-.byte	102,15,56,221,216
-	movups	16(%rdi),%xmm9
-.byte	102,15,56,221,224
-	movups	32(%rdi),%xmm10
-.byte	102,15,56,221,232
-	movups	48(%rdi),%xmm11
-.byte	102,15,56,221,240
-	movups	64(%rdi),%xmm1
-.byte	102,15,56,221,248
-	movups	80(%rdi),%xmm0
-	leaq	96(%rdi),%rdi
-
-	xorps	%xmm2,%xmm8
-	pshufd	$192,%xmm12,%xmm2
-	xorps	%xmm3,%xmm9
-	pshufd	$128,%xmm12,%xmm3
-	movups	%xmm8,(%rsi)
-	xorps	%xmm4,%xmm10
-	pshufd	$64,%xmm12,%xmm4
-	movups	%xmm9,16(%rsi)
-	xorps	%xmm5,%xmm11
-	movups	%xmm10,32(%rsi)
-	xorps	%xmm6,%xmm1
-	movups	%xmm11,48(%rsi)
-	xorps	%xmm7,%xmm0
-	movups	%xmm1,64(%rsi)
-	movups	%xmm0,80(%rsi)
-	leaq	96(%rsi),%rsi
-	movl	%r10d,%eax
-	subq	$6,%rdx
-	jnc	.Lctr32_loop6
-
-	addq	$6,%rdx
-	jz	.Lctr32_done
-	movq	%r11,%rcx
-	leal	1(%rax,%rax,1),%eax
-
-.Lctr32_tail:
-	por	%xmm14,%xmm2
-	movups	(%rdi),%xmm8
-	cmpq	$2,%rdx
-	jb	.Lctr32_one
-
-	por	%xmm14,%xmm3
-	movups	16(%rdi),%xmm9
-	je	.Lctr32_two
-
-	pshufd	$192,%xmm13,%xmm5
-	por	%xmm14,%xmm4
-	movups	32(%rdi),%xmm10
-	cmpq	$4,%rdx
-	jb	.Lctr32_three
-
-	pshufd	$128,%xmm13,%xmm6
-	por	%xmm14,%xmm5
-	movups	48(%rdi),%xmm11
-	je	.Lctr32_four
-
-	por	%xmm14,%xmm6
-	xorps	%xmm7,%xmm7
-
-	call	_aesni_encrypt6
-
-	movups	64(%rdi),%xmm1
-	xorps	%xmm2,%xmm8
-	xorps	%xmm3,%xmm9
-	movups	%xmm8,(%rsi)
-	xorps	%xmm4,%xmm10
-	movups	%xmm9,16(%rsi)
-	xorps	%xmm5,%xmm11
-	movups	%xmm10,32(%rsi)
-	xorps	%xmm6,%xmm1
-	movups	%xmm11,48(%rsi)
-	movups	%xmm1,64(%rsi)
-	jmp	.Lctr32_done
-
-.align	16
-.Lctr32_one_shortcut:
-	movups	(%r8),%xmm2
-	movups	(%rdi),%xmm8
-	movl	240(%rcx),%eax
-.Lctr32_one:
-	movups	(%rcx),%xmm0
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-.Loop_enc1_7:
-.byte	102,15,56,220,209
-	decl	%eax
-	movups	(%rcx),%xmm1
-	leaq	16(%rcx),%rcx
-	jnz	.Loop_enc1_7	
-.byte	102,15,56,221,209
-	xorps	%xmm2,%xmm8
-	movups	%xmm8,(%rsi)
-	jmp	.Lctr32_done
-
-.align	16
-.Lctr32_two:
-	xorps	%xmm4,%xmm4
-	call	_aesni_encrypt3
-	xorps	%xmm2,%xmm8
-	xorps	%xmm3,%xmm9
-	movups	%xmm8,(%rsi)
-	movups	%xmm9,16(%rsi)
-	jmp	.Lctr32_done
-
-.align	16
-.Lctr32_three:
-	call	_aesni_encrypt3
-	xorps	%xmm2,%xmm8
-	xorps	%xmm3,%xmm9
-	movups	%xmm8,(%rsi)
-	xorps	%xmm4,%xmm10
-	movups	%xmm9,16(%rsi)
-	movups	%xmm10,32(%rsi)
-	jmp	.Lctr32_done
-
-.align	16
-.Lctr32_four:
-	call	_aesni_encrypt4
-	xorps	%xmm2,%xmm8
-	xorps	%xmm3,%xmm9
-	movups	%xmm8,(%rsi)
-	xorps	%xmm4,%xmm10
-	movups	%xmm9,16(%rsi)
-	xorps	%xmm5,%xmm11
-	movups	%xmm10,32(%rsi)
-	movups	%xmm11,48(%rsi)
-
-.Lctr32_done:
-	.byte	0xf3,0xc3
-.size	aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks
-.globl	aesni_xts_encrypt
-.type	aesni_xts_encrypt,@function
-.align	16
-aesni_xts_encrypt:
-	leaq	-104(%rsp),%rsp
-	movups	(%r9),%xmm15
-	movl	240(%r8),%eax
-	movl	240(%rcx),%r10d
-	movups	(%r8),%xmm0
-	movups	16(%r8),%xmm1
-	leaq	32(%r8),%r8
-	xorps	%xmm0,%xmm15
-.Loop_enc1_8:
-.byte	102,68,15,56,220,249
-	decl	%eax
-	movups	(%r8),%xmm1
-	leaq	16(%r8),%r8
-	jnz	.Loop_enc1_8	
-.byte	102,68,15,56,221,249
-	movq	%rcx,%r11
-	movl	%r10d,%eax
-	movq	%rdx,%r9
-	andq	$-16,%rdx
-
-	movdqa	.Lxts_magic(%rip),%xmm8
-	pxor	%xmm14,%xmm14
-	pcmpgtd	%xmm15,%xmm14
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm10
-	paddq	%xmm15,%xmm15
-	pand	%xmm8,%xmm9
-	pcmpgtd	%xmm15,%xmm14
-	pxor	%xmm9,%xmm15
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm11
-	paddq	%xmm15,%xmm15
-	pand	%xmm8,%xmm9
-	pcmpgtd	%xmm15,%xmm14
-	pxor	%xmm9,%xmm15
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm12
-	paddq	%xmm15,%xmm15
-	pand	%xmm8,%xmm9
-	pcmpgtd	%xmm15,%xmm14
-	pxor	%xmm9,%xmm15
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm13
-	paddq	%xmm15,%xmm15
-	pand	%xmm8,%xmm9
-	pcmpgtd	%xmm15,%xmm14
-	pxor	%xmm9,%xmm15
-	subq	$96,%rdx
-	jc	.Lxts_enc_short
-
-	shrl	$1,%eax
-	subl	$1,%eax
-	movl	%eax,%r10d
-	jmp	.Lxts_enc_grandloop
-
-.align	16
-.Lxts_enc_grandloop:
-	pshufd	$19,%xmm14,%xmm9
-	movdqa	%xmm15,%xmm14
-	paddq	%xmm15,%xmm15
-	movdqu	0(%rdi),%xmm2
-	pand	%xmm8,%xmm9
-	movdqu	16(%rdi),%xmm3
-	pxor	%xmm9,%xmm15
-
-	movdqu	32(%rdi),%xmm4
-	pxor	%xmm10,%xmm2
-	movdqu	48(%rdi),%xmm5
-	pxor	%xmm11,%xmm3
-	movdqu	64(%rdi),%xmm6
-	pxor	%xmm12,%xmm4
-	movdqu	80(%rdi),%xmm7
-	leaq	96(%rdi),%rdi
-	pxor	%xmm13,%xmm5
-	movups	(%r11),%xmm0
-	pxor	%xmm14,%xmm6
-	pxor	%xmm15,%xmm7
-
-
-
-	movups	16(%r11),%xmm1
-	pxor	%xmm0,%xmm2
-	pxor	%xmm0,%xmm3
-	movdqa	%xmm10,0(%rsp)
-.byte	102,15,56,220,209
-	leaq	32(%r11),%rcx
-	pxor	%xmm0,%xmm4
-	movdqa	%xmm11,16(%rsp)
-.byte	102,15,56,220,217
-	pxor	%xmm0,%xmm5
-	movdqa	%xmm12,32(%rsp)
-.byte	102,15,56,220,225
-	pxor	%xmm0,%xmm6
-	movdqa	%xmm13,48(%rsp)
-.byte	102,15,56,220,233
-	pxor	%xmm0,%xmm7
-	movups	(%rcx),%xmm0
-	decl	%eax
-	movdqa	%xmm14,64(%rsp)
-.byte	102,15,56,220,241
-	movdqa	%xmm15,80(%rsp)
-.byte	102,15,56,220,249
-	pxor	%xmm14,%xmm14
-	pcmpgtd	%xmm15,%xmm14
-	jmp	.Lxts_enc_loop6_enter
-
-.align	16
-.Lxts_enc_loop6:
-.byte	102,15,56,220,209
-.byte	102,15,56,220,217
-	decl	%eax
-.byte	102,15,56,220,225
-.byte	102,15,56,220,233
-.byte	102,15,56,220,241
-.byte	102,15,56,220,249
-.Lxts_enc_loop6_enter:
-	movups	16(%rcx),%xmm1
-.byte	102,15,56,220,208
-.byte	102,15,56,220,216
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,220,224
-.byte	102,15,56,220,232
-.byte	102,15,56,220,240
-.byte	102,15,56,220,248
-	movups	(%rcx),%xmm0
-	jnz	.Lxts_enc_loop6
-
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	paddq	%xmm15,%xmm15
-.byte	102,15,56,220,209
-	pand	%xmm8,%xmm9
-.byte	102,15,56,220,217
-	pcmpgtd	%xmm15,%xmm14
-.byte	102,15,56,220,225
-	pxor	%xmm9,%xmm15
-.byte	102,15,56,220,233
-.byte	102,15,56,220,241
-.byte	102,15,56,220,249
-	movups	16(%rcx),%xmm1
-
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm10
-	paddq	%xmm15,%xmm15
-.byte	102,15,56,220,208
-	pand	%xmm8,%xmm9
-.byte	102,15,56,220,216
-	pcmpgtd	%xmm15,%xmm14
-.byte	102,15,56,220,224
-	pxor	%xmm9,%xmm15
-.byte	102,15,56,220,232
-.byte	102,15,56,220,240
-.byte	102,15,56,220,248
-	movups	32(%rcx),%xmm0
-
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm11
-	paddq	%xmm15,%xmm15
-.byte	102,15,56,220,209
-	pand	%xmm8,%xmm9
-.byte	102,15,56,220,217
-	pcmpgtd	%xmm15,%xmm14
-.byte	102,15,56,220,225
-	pxor	%xmm9,%xmm15
-.byte	102,15,56,220,233
-.byte	102,15,56,220,241
-.byte	102,15,56,220,249
-
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm12
-	paddq	%xmm15,%xmm15
-.byte	102,15,56,221,208
-	pand	%xmm8,%xmm9
-.byte	102,15,56,221,216
-	pcmpgtd	%xmm15,%xmm14
-.byte	102,15,56,221,224
-	pxor	%xmm9,%xmm15
-.byte	102,15,56,221,232
-.byte	102,15,56,221,240
-.byte	102,15,56,221,248
-
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm13
-	paddq	%xmm15,%xmm15
-	xorps	0(%rsp),%xmm2
-	pand	%xmm8,%xmm9
-	xorps	16(%rsp),%xmm3
-	pcmpgtd	%xmm15,%xmm14
-	pxor	%xmm9,%xmm15
-
-	xorps	32(%rsp),%xmm4
-	movups	%xmm2,0(%rsi)
-	xorps	48(%rsp),%xmm5
-	movups	%xmm3,16(%rsi)
-	xorps	64(%rsp),%xmm6
-	movups	%xmm4,32(%rsi)
-	xorps	80(%rsp),%xmm7
-	movups	%xmm5,48(%rsi)
-	movl	%r10d,%eax
-	movups	%xmm6,64(%rsi)
-	movups	%xmm7,80(%rsi)
-	leaq	96(%rsi),%rsi
-	subq	$96,%rdx
-	jnc	.Lxts_enc_grandloop
-
-	leal	3(%rax,%rax,1),%eax
-	movq	%r11,%rcx
-	movl	%eax,%r10d
-
-.Lxts_enc_short:
-	addq	$96,%rdx
-	jz	.Lxts_enc_done
-
-	cmpq	$32,%rdx
-	jb	.Lxts_enc_one
-	je	.Lxts_enc_two
-
-	cmpq	$64,%rdx
-	jb	.Lxts_enc_three
-	je	.Lxts_enc_four
-
-	pshufd	$19,%xmm14,%xmm9
-	movdqa	%xmm15,%xmm14
-	paddq	%xmm15,%xmm15
-	movdqu	(%rdi),%xmm2
-	pand	%xmm8,%xmm9
-	movdqu	16(%rdi),%xmm3
-	pxor	%xmm9,%xmm15
-
-	movdqu	32(%rdi),%xmm4
-	pxor	%xmm10,%xmm2
-	movdqu	48(%rdi),%xmm5
-	pxor	%xmm11,%xmm3
-	movdqu	64(%rdi),%xmm6
-	leaq	80(%rdi),%rdi
-	pxor	%xmm12,%xmm4
-	pxor	%xmm13,%xmm5
-	pxor	%xmm14,%xmm6
-
-	call	_aesni_encrypt6
-
-	xorps	%xmm10,%xmm2
-	movdqa	%xmm15,%xmm10
-	xorps	%xmm11,%xmm3
-	xorps	%xmm12,%xmm4
-	movdqu	%xmm2,(%rsi)
-	xorps	%xmm13,%xmm5
-	movdqu	%xmm3,16(%rsi)
-	xorps	%xmm14,%xmm6
-	movdqu	%xmm4,32(%rsi)
-	movdqu	%xmm5,48(%rsi)
-	movdqu	%xmm6,64(%rsi)
-	leaq	80(%rsi),%rsi
-	jmp	.Lxts_enc_done
-
-.align	16
-.Lxts_enc_one:
-	movups	(%rdi),%xmm2
-	leaq	16(%rdi),%rdi
-	xorps	%xmm10,%xmm2
-	movups	(%rcx),%xmm0
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-.Loop_enc1_9:
-.byte	102,15,56,220,209
-	decl	%eax
-	movups	(%rcx),%xmm1
-	leaq	16(%rcx),%rcx
-	jnz	.Loop_enc1_9	
-.byte	102,15,56,221,209
-	xorps	%xmm10,%xmm2
-	movdqa	%xmm11,%xmm10
-	movups	%xmm2,(%rsi)
-	leaq	16(%rsi),%rsi
-	jmp	.Lxts_enc_done
-
-.align	16
-.Lxts_enc_two:
-	movups	(%rdi),%xmm2
-	movups	16(%rdi),%xmm3
-	leaq	32(%rdi),%rdi
-	xorps	%xmm10,%xmm2
-	xorps	%xmm11,%xmm3
-
-	call	_aesni_encrypt3
-
-	xorps	%xmm10,%xmm2
-	movdqa	%xmm12,%xmm10
-	xorps	%xmm11,%xmm3
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	leaq	32(%rsi),%rsi
-	jmp	.Lxts_enc_done
-
-.align	16
-.Lxts_enc_three:
-	movups	(%rdi),%xmm2
-	movups	16(%rdi),%xmm3
-	movups	32(%rdi),%xmm4
-	leaq	48(%rdi),%rdi
-	xorps	%xmm10,%xmm2
-	xorps	%xmm11,%xmm3
-	xorps	%xmm12,%xmm4
-
-	call	_aesni_encrypt3
-
-	xorps	%xmm10,%xmm2
-	movdqa	%xmm13,%xmm10
-	xorps	%xmm11,%xmm3
-	xorps	%xmm12,%xmm4
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	leaq	48(%rsi),%rsi
-	jmp	.Lxts_enc_done
-
-.align	16
-.Lxts_enc_four:
-	movups	(%rdi),%xmm2
-	movups	16(%rdi),%xmm3
-	movups	32(%rdi),%xmm4
-	xorps	%xmm10,%xmm2
-	movups	48(%rdi),%xmm5
-	leaq	64(%rdi),%rdi
-	xorps	%xmm11,%xmm3
-	xorps	%xmm12,%xmm4
-	xorps	%xmm13,%xmm5
-
-	call	_aesni_encrypt4
-
-	xorps	%xmm10,%xmm2
-	movdqa	%xmm15,%xmm10
-	xorps	%xmm11,%xmm3
-	xorps	%xmm12,%xmm4
-	movups	%xmm2,(%rsi)
-	xorps	%xmm13,%xmm5
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	leaq	64(%rsi),%rsi
-	jmp	.Lxts_enc_done
-
-.align	16
-.Lxts_enc_done:
-	andq	$15,%r9
-	jz	.Lxts_enc_ret
-	movq	%r9,%rdx
-
-.Lxts_enc_steal:
-	movzbl	(%rdi),%eax
-	movzbl	-16(%rsi),%ecx
-	leaq	1(%rdi),%rdi
-	movb	%al,-16(%rsi)
-	movb	%cl,0(%rsi)
-	leaq	1(%rsi),%rsi
-	subq	$1,%rdx
-	jnz	.Lxts_enc_steal
-
-	subq	%r9,%rsi
-	movq	%r11,%rcx
-	movl	%r10d,%eax
-
-	movups	-16(%rsi),%xmm2
-	xorps	%xmm10,%xmm2
-	movups	(%rcx),%xmm0
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-.Loop_enc1_10:
-.byte	102,15,56,220,209
-	decl	%eax
-	movups	(%rcx),%xmm1
-	leaq	16(%rcx),%rcx
-	jnz	.Loop_enc1_10	
-.byte	102,15,56,221,209
-	xorps	%xmm10,%xmm2
-	movups	%xmm2,-16(%rsi)
-
-.Lxts_enc_ret:
-	leaq	104(%rsp),%rsp
-.Lxts_enc_epilogue:
-	.byte	0xf3,0xc3
-.size	aesni_xts_encrypt,.-aesni_xts_encrypt
-.globl	aesni_xts_decrypt
-.type	aesni_xts_decrypt,@function
-.align	16
-aesni_xts_decrypt:
-	leaq	-104(%rsp),%rsp
-	movups	(%r9),%xmm15
-	movl	240(%r8),%eax
-	movl	240(%rcx),%r10d
-	movups	(%r8),%xmm0
-	movups	16(%r8),%xmm1
-	leaq	32(%r8),%r8
-	xorps	%xmm0,%xmm15
-.Loop_enc1_11:
-.byte	102,68,15,56,220,249
-	decl	%eax
-	movups	(%r8),%xmm1
-	leaq	16(%r8),%r8
-	jnz	.Loop_enc1_11	
-.byte	102,68,15,56,221,249
-	xorl	%eax,%eax
-	testq	$15,%rdx
-	setnz	%al
-	shlq	$4,%rax
-	subq	%rax,%rdx
-
-	movq	%rcx,%r11
-	movl	%r10d,%eax
-	movq	%rdx,%r9
-	andq	$-16,%rdx
-
-	movdqa	.Lxts_magic(%rip),%xmm8
-	pxor	%xmm14,%xmm14
-	pcmpgtd	%xmm15,%xmm14
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm10
-	paddq	%xmm15,%xmm15
-	pand	%xmm8,%xmm9
-	pcmpgtd	%xmm15,%xmm14
-	pxor	%xmm9,%xmm15
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm11
-	paddq	%xmm15,%xmm15
-	pand	%xmm8,%xmm9
-	pcmpgtd	%xmm15,%xmm14
-	pxor	%xmm9,%xmm15
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm12
-	paddq	%xmm15,%xmm15
-	pand	%xmm8,%xmm9
-	pcmpgtd	%xmm15,%xmm14
-	pxor	%xmm9,%xmm15
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm13
-	paddq	%xmm15,%xmm15
-	pand	%xmm8,%xmm9
-	pcmpgtd	%xmm15,%xmm14
-	pxor	%xmm9,%xmm15
-	subq	$96,%rdx
-	jc	.Lxts_dec_short
-
-	shrl	$1,%eax
-	subl	$1,%eax
-	movl	%eax,%r10d
-	jmp	.Lxts_dec_grandloop
-
-.align	16
-.Lxts_dec_grandloop:
-	pshufd	$19,%xmm14,%xmm9
-	movdqa	%xmm15,%xmm14
-	paddq	%xmm15,%xmm15
-	movdqu	0(%rdi),%xmm2
-	pand	%xmm8,%xmm9
-	movdqu	16(%rdi),%xmm3
-	pxor	%xmm9,%xmm15
-
-	movdqu	32(%rdi),%xmm4
-	pxor	%xmm10,%xmm2
-	movdqu	48(%rdi),%xmm5
-	pxor	%xmm11,%xmm3
-	movdqu	64(%rdi),%xmm6
-	pxor	%xmm12,%xmm4
-	movdqu	80(%rdi),%xmm7
-	leaq	96(%rdi),%rdi
-	pxor	%xmm13,%xmm5
-	movups	(%r11),%xmm0
-	pxor	%xmm14,%xmm6
-	pxor	%xmm15,%xmm7
-
-
-
-	movups	16(%r11),%xmm1
-	pxor	%xmm0,%xmm2
-	pxor	%xmm0,%xmm3
-	movdqa	%xmm10,0(%rsp)
-.byte	102,15,56,222,209
-	leaq	32(%r11),%rcx
-	pxor	%xmm0,%xmm4
-	movdqa	%xmm11,16(%rsp)
-.byte	102,15,56,222,217
-	pxor	%xmm0,%xmm5
-	movdqa	%xmm12,32(%rsp)
-.byte	102,15,56,222,225
-	pxor	%xmm0,%xmm6
-	movdqa	%xmm13,48(%rsp)
-.byte	102,15,56,222,233
-	pxor	%xmm0,%xmm7
-	movups	(%rcx),%xmm0
-	decl	%eax
-	movdqa	%xmm14,64(%rsp)
-.byte	102,15,56,222,241
-	movdqa	%xmm15,80(%rsp)
-.byte	102,15,56,222,249
-	pxor	%xmm14,%xmm14
-	pcmpgtd	%xmm15,%xmm14
-	jmp	.Lxts_dec_loop6_enter
-
-.align	16
-.Lxts_dec_loop6:
-.byte	102,15,56,222,209
-.byte	102,15,56,222,217
-	decl	%eax
-.byte	102,15,56,222,225
-.byte	102,15,56,222,233
-.byte	102,15,56,222,241
-.byte	102,15,56,222,249
-.Lxts_dec_loop6_enter:
-	movups	16(%rcx),%xmm1
-.byte	102,15,56,222,208
-.byte	102,15,56,222,216
-	leaq	32(%rcx),%rcx
-.byte	102,15,56,222,224
-.byte	102,15,56,222,232
-.byte	102,15,56,222,240
-.byte	102,15,56,222,248
-	movups	(%rcx),%xmm0
-	jnz	.Lxts_dec_loop6
-
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	paddq	%xmm15,%xmm15
-.byte	102,15,56,222,209
-	pand	%xmm8,%xmm9
-.byte	102,15,56,222,217
-	pcmpgtd	%xmm15,%xmm14
-.byte	102,15,56,222,225
-	pxor	%xmm9,%xmm15
-.byte	102,15,56,222,233
-.byte	102,15,56,222,241
-.byte	102,15,56,222,249
-	movups	16(%rcx),%xmm1
-
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm10
-	paddq	%xmm15,%xmm15
-.byte	102,15,56,222,208
-	pand	%xmm8,%xmm9
-.byte	102,15,56,222,216
-	pcmpgtd	%xmm15,%xmm14
-.byte	102,15,56,222,224
-	pxor	%xmm9,%xmm15
-.byte	102,15,56,222,232
-.byte	102,15,56,222,240
-.byte	102,15,56,222,248
-	movups	32(%rcx),%xmm0
-
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm11
-	paddq	%xmm15,%xmm15
-.byte	102,15,56,222,209
-	pand	%xmm8,%xmm9
-.byte	102,15,56,222,217
-	pcmpgtd	%xmm15,%xmm14
-.byte	102,15,56,222,225
-	pxor	%xmm9,%xmm15
-.byte	102,15,56,222,233
-.byte	102,15,56,222,241
-.byte	102,15,56,222,249
-
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm12
-	paddq	%xmm15,%xmm15
-.byte	102,15,56,223,208
-	pand	%xmm8,%xmm9
-.byte	102,15,56,223,216
-	pcmpgtd	%xmm15,%xmm14
-.byte	102,15,56,223,224
-	pxor	%xmm9,%xmm15
-.byte	102,15,56,223,232
-.byte	102,15,56,223,240
-.byte	102,15,56,223,248
-
-	pshufd	$19,%xmm14,%xmm9
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm15,%xmm13
-	paddq	%xmm15,%xmm15
-	xorps	0(%rsp),%xmm2
-	pand	%xmm8,%xmm9
-	xorps	16(%rsp),%xmm3
-	pcmpgtd	%xmm15,%xmm14
-	pxor	%xmm9,%xmm15
-
-	xorps	32(%rsp),%xmm4
-	movups	%xmm2,0(%rsi)
-	xorps	48(%rsp),%xmm5
-	movups	%xmm3,16(%rsi)
-	xorps	64(%rsp),%xmm6
-	movups	%xmm4,32(%rsi)
-	xorps	80(%rsp),%xmm7
-	movups	%xmm5,48(%rsi)
-	movl	%r10d,%eax
-	movups	%xmm6,64(%rsi)
-	movups	%xmm7,80(%rsi)
-	leaq	96(%rsi),%rsi
-	subq	$96,%rdx
-	jnc	.Lxts_dec_grandloop
-
-	leal	3(%rax,%rax,1),%eax
-	movq	%r11,%rcx
-	movl	%eax,%r10d
-
-.Lxts_dec_short:
-	addq	$96,%rdx
-	jz	.Lxts_dec_done
-
-	cmpq	$32,%rdx
-	jb	.Lxts_dec_one
-	je	.Lxts_dec_two
-
-	cmpq	$64,%rdx
-	jb	.Lxts_dec_three
-	je	.Lxts_dec_four
-
-	pshufd	$19,%xmm14,%xmm9
-	movdqa	%xmm15,%xmm14
-	paddq	%xmm15,%xmm15
-	movdqu	(%rdi),%xmm2
-	pand	%xmm8,%xmm9
-	movdqu	16(%rdi),%xmm3
-	pxor	%xmm9,%xmm15
-
-	movdqu	32(%rdi),%xmm4
-	pxor	%xmm10,%xmm2
-	movdqu	48(%rdi),%xmm5
-	pxor	%xmm11,%xmm3
-	movdqu	64(%rdi),%xmm6
-	leaq	80(%rdi),%rdi
-	pxor	%xmm12,%xmm4
-	pxor	%xmm13,%xmm5
-	pxor	%xmm14,%xmm6
-
-	call	_aesni_decrypt6
-
-	xorps	%xmm10,%xmm2
-	xorps	%xmm11,%xmm3
-	xorps	%xmm12,%xmm4
-	movdqu	%xmm2,(%rsi)
-	xorps	%xmm13,%xmm5
-	movdqu	%xmm3,16(%rsi)
-	xorps	%xmm14,%xmm6
-	movdqu	%xmm4,32(%rsi)
-	pxor	%xmm14,%xmm14
-	movdqu	%xmm5,48(%rsi)
-	pcmpgtd	%xmm15,%xmm14
-	movdqu	%xmm6,64(%rsi)
-	leaq	80(%rsi),%rsi
-	pshufd	$19,%xmm14,%xmm11
-	andq	$15,%r9
-	jz	.Lxts_dec_ret
-
-	movdqa	%xmm15,%xmm10
-	paddq	%xmm15,%xmm15
-	pand	%xmm8,%xmm11
-	pxor	%xmm15,%xmm11
-	jmp	.Lxts_dec_done2
-
-.align	16
-.Lxts_dec_one:
-	movups	(%rdi),%xmm2
-	leaq	16(%rdi),%rdi
-	xorps	%xmm10,%xmm2
-	movups	(%rcx),%xmm0
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-.Loop_dec1_12:
-.byte	102,15,56,222,209
-	decl	%eax
-	movups	(%rcx),%xmm1
-	leaq	16(%rcx),%rcx
-	jnz	.Loop_dec1_12	
-.byte	102,15,56,223,209
-	xorps	%xmm10,%xmm2
-	movdqa	%xmm11,%xmm10
-	movups	%xmm2,(%rsi)
-	movdqa	%xmm12,%xmm11
-	leaq	16(%rsi),%rsi
-	jmp	.Lxts_dec_done
-
-.align	16
-.Lxts_dec_two:
-	movups	(%rdi),%xmm2
-	movups	16(%rdi),%xmm3
-	leaq	32(%rdi),%rdi
-	xorps	%xmm10,%xmm2
-	xorps	%xmm11,%xmm3
-
-	call	_aesni_decrypt3
-
-	xorps	%xmm10,%xmm2
-	movdqa	%xmm12,%xmm10
-	xorps	%xmm11,%xmm3
-	movdqa	%xmm13,%xmm11
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	leaq	32(%rsi),%rsi
-	jmp	.Lxts_dec_done
-
-.align	16
-.Lxts_dec_three:
-	movups	(%rdi),%xmm2
-	movups	16(%rdi),%xmm3
-	movups	32(%rdi),%xmm4
-	leaq	48(%rdi),%rdi
-	xorps	%xmm10,%xmm2
-	xorps	%xmm11,%xmm3
-	xorps	%xmm12,%xmm4
-
-	call	_aesni_decrypt3
-
-	xorps	%xmm10,%xmm2
-	movdqa	%xmm13,%xmm10
-	xorps	%xmm11,%xmm3
-	movdqa	%xmm15,%xmm11
-	xorps	%xmm12,%xmm4
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	leaq	48(%rsi),%rsi
-	jmp	.Lxts_dec_done
-
-.align	16
-.Lxts_dec_four:
-	pshufd	$19,%xmm14,%xmm9
-	movdqa	%xmm15,%xmm14
-	paddq	%xmm15,%xmm15
-	movups	(%rdi),%xmm2
-	pand	%xmm8,%xmm9
-	movups	16(%rdi),%xmm3
-	pxor	%xmm9,%xmm15
-
-	movups	32(%rdi),%xmm4
-	xorps	%xmm10,%xmm2
-	movups	48(%rdi),%xmm5
-	leaq	64(%rdi),%rdi
-	xorps	%xmm11,%xmm3
-	xorps	%xmm12,%xmm4
-	xorps	%xmm13,%xmm5
-
-	call	_aesni_decrypt4
-
-	xorps	%xmm10,%xmm2
-	movdqa	%xmm14,%xmm10
-	xorps	%xmm11,%xmm3
-	movdqa	%xmm15,%xmm11
-	xorps	%xmm12,%xmm4
-	movups	%xmm2,(%rsi)
-	xorps	%xmm13,%xmm5
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	leaq	64(%rsi),%rsi
-	jmp	.Lxts_dec_done
-
-.align	16
-.Lxts_dec_done:
-	andq	$15,%r9
-	jz	.Lxts_dec_ret
-.Lxts_dec_done2:
-	movq	%r9,%rdx
-	movq	%r11,%rcx
-	movl	%r10d,%eax
-
-	movups	(%rdi),%xmm2
-	xorps	%xmm11,%xmm2
-	movups	(%rcx),%xmm0
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-.Loop_dec1_13:
-.byte	102,15,56,222,209
-	decl	%eax
-	movups	(%rcx),%xmm1
-	leaq	16(%rcx),%rcx
-	jnz	.Loop_dec1_13	
-.byte	102,15,56,223,209
-	xorps	%xmm11,%xmm2
-	movups	%xmm2,(%rsi)
-
-.Lxts_dec_steal:
-	movzbl	16(%rdi),%eax
-	movzbl	(%rsi),%ecx
-	leaq	1(%rdi),%rdi
-	movb	%al,(%rsi)
-	movb	%cl,16(%rsi)
-	leaq	1(%rsi),%rsi
-	subq	$1,%rdx
-	jnz	.Lxts_dec_steal
-
-	subq	%r9,%rsi
-	movq	%r11,%rcx
-	movl	%r10d,%eax
-
-	movups	(%rsi),%xmm2
-	xorps	%xmm10,%xmm2
-	movups	(%rcx),%xmm0
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-.Loop_dec1_14:
-.byte	102,15,56,222,209
-	decl	%eax
-	movups	(%rcx),%xmm1
-	leaq	16(%rcx),%rcx
-	jnz	.Loop_dec1_14	
-.byte	102,15,56,223,209
-	xorps	%xmm10,%xmm2
-	movups	%xmm2,(%rsi)
-
-.Lxts_dec_ret:
-	leaq	104(%rsp),%rsp
-.Lxts_dec_epilogue:
-	.byte	0xf3,0xc3
-.size	aesni_xts_decrypt,.-aesni_xts_decrypt
-.globl	aesni_cbc_encrypt
-.type	aesni_cbc_encrypt,@function
-.align	16
-aesni_cbc_encrypt:
-	testq	%rdx,%rdx
-	jz	.Lcbc_ret
-
-	movl	240(%rcx),%r10d
-	movq	%rcx,%r11
-	testl	%r9d,%r9d
-	jz	.Lcbc_decrypt
-
-	movups	(%r8),%xmm2
-	movl	%r10d,%eax
-	cmpq	$16,%rdx
-	jb	.Lcbc_enc_tail
-	subq	$16,%rdx
-	jmp	.Lcbc_enc_loop
-.align	16
-.Lcbc_enc_loop:
-	movups	(%rdi),%xmm3
-	leaq	16(%rdi),%rdi
-
-	movups	(%rcx),%xmm0
-	movups	16(%rcx),%xmm1
-	xorps	%xmm0,%xmm3
-	leaq	32(%rcx),%rcx
-	xorps	%xmm3,%xmm2
-.Loop_enc1_15:
-.byte	102,15,56,220,209
-	decl	%eax
-	movups	(%rcx),%xmm1
-	leaq	16(%rcx),%rcx
-	jnz	.Loop_enc1_15	
-.byte	102,15,56,221,209
-	movl	%r10d,%eax
-	movq	%r11,%rcx
-	movups	%xmm2,0(%rsi)
-	leaq	16(%rsi),%rsi
-	subq	$16,%rdx
-	jnc	.Lcbc_enc_loop
-	addq	$16,%rdx
-	jnz	.Lcbc_enc_tail
-	movups	%xmm2,(%r8)
-	jmp	.Lcbc_ret
-
-.Lcbc_enc_tail:
-	movq	%rdx,%rcx
-	xchgq	%rdi,%rsi
-.long	0x9066A4F3	
-	movl	$16,%ecx
-	subq	%rdx,%rcx
-	xorl	%eax,%eax
-.long	0x9066AAF3	
-	leaq	-16(%rdi),%rdi
-	movl	%r10d,%eax
-	movq	%rdi,%rsi
-	movq	%r11,%rcx
-	xorq	%rdx,%rdx
-	jmp	.Lcbc_enc_loop	
-
-.align	16
-.Lcbc_decrypt:
-	movups	(%r8),%xmm9
-	movl	%r10d,%eax
-	cmpq	$112,%rdx
-	jbe	.Lcbc_dec_tail
-	shrl	$1,%r10d
-	subq	$112,%rdx
-	movl	%r10d,%eax
-	movaps	%xmm9,-24(%rsp)
-	jmp	.Lcbc_dec_loop8_enter
-.align	16
-.Lcbc_dec_loop8:
-	movaps	%xmm0,-24(%rsp)
-	movups	%xmm9,(%rsi)
-	leaq	16(%rsi),%rsi
-.Lcbc_dec_loop8_enter:
-	movups	(%rcx),%xmm0
-	movups	(%rdi),%xmm2
-	movups	16(%rdi),%xmm3
-	movups	16(%rcx),%xmm1
-
-	leaq	32(%rcx),%rcx
-	movdqu	32(%rdi),%xmm4
-	xorps	%xmm0,%xmm2
-	movdqu	48(%rdi),%xmm5
-	xorps	%xmm0,%xmm3
-	movdqu	64(%rdi),%xmm6
-.byte	102,15,56,222,209
-	pxor	%xmm0,%xmm4
-	movdqu	80(%rdi),%xmm7
-.byte	102,15,56,222,217
-	pxor	%xmm0,%xmm5
-	movdqu	96(%rdi),%xmm8
-.byte	102,15,56,222,225
-	pxor	%xmm0,%xmm6
-	movdqu	112(%rdi),%xmm9
-.byte	102,15,56,222,233
-	pxor	%xmm0,%xmm7
-	decl	%eax
-.byte	102,15,56,222,241
-	pxor	%xmm0,%xmm8
-.byte	102,15,56,222,249
-	pxor	%xmm0,%xmm9
-	movups	(%rcx),%xmm0
-.byte	102,68,15,56,222,193
-.byte	102,68,15,56,222,201
-	movups	16(%rcx),%xmm1
-
-	call	.Ldec_loop8_enter
-
-	movups	(%rdi),%xmm1
-	movups	16(%rdi),%xmm0
-	xorps	-24(%rsp),%xmm2
-	xorps	%xmm1,%xmm3
-	movups	32(%rdi),%xmm1
-	xorps	%xmm0,%xmm4
-	movups	48(%rdi),%xmm0
-	xorps	%xmm1,%xmm5
-	movups	64(%rdi),%xmm1
-	xorps	%xmm0,%xmm6
-	movups	80(%rdi),%xmm0
-	xorps	%xmm1,%xmm7
-	movups	96(%rdi),%xmm1
-	xorps	%xmm0,%xmm8
-	movups	112(%rdi),%xmm0
-	xorps	%xmm1,%xmm9
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	movl	%r10d,%eax
-	movups	%xmm6,64(%rsi)
-	movq	%r11,%rcx
-	movups	%xmm7,80(%rsi)
-	leaq	128(%rdi),%rdi
-	movups	%xmm8,96(%rsi)
-	leaq	112(%rsi),%rsi
-	subq	$128,%rdx
-	ja	.Lcbc_dec_loop8
-
-	movaps	%xmm9,%xmm2
-	movaps	%xmm0,%xmm9
-	addq	$112,%rdx
-	jle	.Lcbc_dec_tail_collected
-	movups	%xmm2,(%rsi)
-	leal	1(%r10,%r10,1),%eax
-	leaq	16(%rsi),%rsi
-.Lcbc_dec_tail:
-	movups	(%rdi),%xmm2
-	movaps	%xmm2,%xmm8
-	cmpq	$16,%rdx
-	jbe	.Lcbc_dec_one
-
-	movups	16(%rdi),%xmm3
-	movaps	%xmm3,%xmm7
-	cmpq	$32,%rdx
-	jbe	.Lcbc_dec_two
-
-	movups	32(%rdi),%xmm4
-	movaps	%xmm4,%xmm6
-	cmpq	$48,%rdx
-	jbe	.Lcbc_dec_three
-
-	movups	48(%rdi),%xmm5
-	cmpq	$64,%rdx
-	jbe	.Lcbc_dec_four
-
-	movups	64(%rdi),%xmm6
-	cmpq	$80,%rdx
-	jbe	.Lcbc_dec_five
-
-	movups	80(%rdi),%xmm7
-	cmpq	$96,%rdx
-	jbe	.Lcbc_dec_six
-
-	movups	96(%rdi),%xmm8
-	movaps	%xmm9,-24(%rsp)
-	call	_aesni_decrypt8
-	movups	(%rdi),%xmm1
-	movups	16(%rdi),%xmm0
-	xorps	-24(%rsp),%xmm2
-	xorps	%xmm1,%xmm3
-	movups	32(%rdi),%xmm1
-	xorps	%xmm0,%xmm4
-	movups	48(%rdi),%xmm0
-	xorps	%xmm1,%xmm5
-	movups	64(%rdi),%xmm1
-	xorps	%xmm0,%xmm6
-	movups	80(%rdi),%xmm0
-	xorps	%xmm1,%xmm7
-	movups	96(%rdi),%xmm9
-	xorps	%xmm0,%xmm8
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	movups	%xmm6,64(%rsi)
-	movups	%xmm7,80(%rsi)
-	leaq	96(%rsi),%rsi
-	movaps	%xmm8,%xmm2
-	subq	$112,%rdx
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_one:
-	movups	(%rcx),%xmm0
-	movups	16(%rcx),%xmm1
-	leaq	32(%rcx),%rcx
-	xorps	%xmm0,%xmm2
-.Loop_dec1_16:
-.byte	102,15,56,222,209
-	decl	%eax
-	movups	(%rcx),%xmm1
-	leaq	16(%rcx),%rcx
-	jnz	.Loop_dec1_16	
-.byte	102,15,56,223,209
-	xorps	%xmm9,%xmm2
-	movaps	%xmm8,%xmm9
-	subq	$16,%rdx
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_two:
-	xorps	%xmm4,%xmm4
-	call	_aesni_decrypt3
-	xorps	%xmm9,%xmm2
-	xorps	%xmm8,%xmm3
-	movups	%xmm2,(%rsi)
-	movaps	%xmm7,%xmm9
-	movaps	%xmm3,%xmm2
-	leaq	16(%rsi),%rsi
-	subq	$32,%rdx
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_three:
-	call	_aesni_decrypt3
-	xorps	%xmm9,%xmm2
-	xorps	%xmm8,%xmm3
-	movups	%xmm2,(%rsi)
-	xorps	%xmm7,%xmm4
-	movups	%xmm3,16(%rsi)
-	movaps	%xmm6,%xmm9
-	movaps	%xmm4,%xmm2
-	leaq	32(%rsi),%rsi
-	subq	$48,%rdx
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_four:
-	call	_aesni_decrypt4
-	xorps	%xmm9,%xmm2
-	movups	48(%rdi),%xmm9
-	xorps	%xmm8,%xmm3
-	movups	%xmm2,(%rsi)
-	xorps	%xmm7,%xmm4
-	movups	%xmm3,16(%rsi)
-	xorps	%xmm6,%xmm5
-	movups	%xmm4,32(%rsi)
-	movaps	%xmm5,%xmm2
-	leaq	48(%rsi),%rsi
-	subq	$64,%rdx
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_five:
-	xorps	%xmm7,%xmm7
-	call	_aesni_decrypt6
-	movups	16(%rdi),%xmm1
-	movups	32(%rdi),%xmm0
-	xorps	%xmm9,%xmm2
-	xorps	%xmm8,%xmm3
-	xorps	%xmm1,%xmm4
-	movups	48(%rdi),%xmm1
-	xorps	%xmm0,%xmm5
-	movups	64(%rdi),%xmm9
-	xorps	%xmm1,%xmm6
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	leaq	64(%rsi),%rsi
-	movaps	%xmm6,%xmm2
-	subq	$80,%rdx
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_six:
-	call	_aesni_decrypt6
-	movups	16(%rdi),%xmm1
-	movups	32(%rdi),%xmm0
-	xorps	%xmm9,%xmm2
-	xorps	%xmm8,%xmm3
-	xorps	%xmm1,%xmm4
-	movups	48(%rdi),%xmm1
-	xorps	%xmm0,%xmm5
-	movups	64(%rdi),%xmm0
-	xorps	%xmm1,%xmm6
-	movups	80(%rdi),%xmm9
-	xorps	%xmm0,%xmm7
-	movups	%xmm2,(%rsi)
-	movups	%xmm3,16(%rsi)
-	movups	%xmm4,32(%rsi)
-	movups	%xmm5,48(%rsi)
-	movups	%xmm6,64(%rsi)
-	leaq	80(%rsi),%rsi
-	movaps	%xmm7,%xmm2
-	subq	$96,%rdx
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_tail_collected:
-	andq	$15,%rdx
-	movups	%xmm9,(%r8)
-	jnz	.Lcbc_dec_tail_partial
-	movups	%xmm2,(%rsi)
-	jmp	.Lcbc_dec_ret
-.align	16
-.Lcbc_dec_tail_partial:
-	movaps	%xmm2,-24(%rsp)
-	movq	$16,%rcx
-	movq	%rsi,%rdi
-	subq	%rdx,%rcx
-	leaq	-24(%rsp),%rsi
-.long	0x9066A4F3	
-
-.Lcbc_dec_ret:
-.Lcbc_ret:
-	.byte	0xf3,0xc3
-.size	aesni_cbc_encrypt,.-aesni_cbc_encrypt
-.globl	aesni_set_decrypt_key
-.type	aesni_set_decrypt_key,@function
-.align	16
-aesni_set_decrypt_key:
-.byte	0x48,0x83,0xEC,0x08	
-	call	__aesni_set_encrypt_key
-	shll	$4,%esi
-	testl	%eax,%eax
-	jnz	.Ldec_key_ret
-	leaq	16(%rdx,%rsi,1),%rdi
-
-	movups	(%rdx),%xmm0
-	movups	(%rdi),%xmm1
-	movups	%xmm0,(%rdi)
-	movups	%xmm1,(%rdx)
-	leaq	16(%rdx),%rdx
-	leaq	-16(%rdi),%rdi
-
-.Ldec_key_inverse:
-	movups	(%rdx),%xmm0
-	movups	(%rdi),%xmm1
-.byte	102,15,56,219,192
-.byte	102,15,56,219,201
-	leaq	16(%rdx),%rdx
-	leaq	-16(%rdi),%rdi
-	movups	%xmm0,16(%rdi)
-	movups	%xmm1,-16(%rdx)
-	cmpq	%rdx,%rdi
-	ja	.Ldec_key_inverse
-
-	movups	(%rdx),%xmm0
-.byte	102,15,56,219,192
-	movups	%xmm0,(%rdi)
-.Ldec_key_ret:
-	addq	$8,%rsp
-	.byte	0xf3,0xc3
-.LSEH_end_set_decrypt_key:
-.size	aesni_set_decrypt_key,.-aesni_set_decrypt_key
-.globl	aesni_set_encrypt_key
-.type	aesni_set_encrypt_key,@function
-.align	16
-aesni_set_encrypt_key:
-__aesni_set_encrypt_key:
-.byte	0x48,0x83,0xEC,0x08	
-	movq	$-1,%rax
-	testq	%rdi,%rdi
-	jz	.Lenc_key_ret
-	testq	%rdx,%rdx
-	jz	.Lenc_key_ret
-
-	movups	(%rdi),%xmm0
-	xorps	%xmm4,%xmm4
-	leaq	16(%rdx),%rax
-	cmpl	$256,%esi
-	je	.L14rounds
-	cmpl	$192,%esi
-	je	.L12rounds
-	cmpl	$128,%esi
-	jne	.Lbad_keybits
-
-.L10rounds:
-	movl	$9,%esi
-	movups	%xmm0,(%rdx)
-.byte	102,15,58,223,200,1
-	call	.Lkey_expansion_128_cold
-.byte	102,15,58,223,200,2
-	call	.Lkey_expansion_128
-.byte	102,15,58,223,200,4
-	call	.Lkey_expansion_128
-.byte	102,15,58,223,200,8
-	call	.Lkey_expansion_128
-.byte	102,15,58,223,200,16
-	call	.Lkey_expansion_128
-.byte	102,15,58,223,200,32
-	call	.Lkey_expansion_128
-.byte	102,15,58,223,200,64
-	call	.Lkey_expansion_128
-.byte	102,15,58,223,200,128
-	call	.Lkey_expansion_128
-.byte	102,15,58,223,200,27
-	call	.Lkey_expansion_128
-.byte	102,15,58,223,200,54
-	call	.Lkey_expansion_128
-	movups	%xmm0,(%rax)
-	movl	%esi,80(%rax)
-	xorl	%eax,%eax
-	jmp	.Lenc_key_ret
-
-.align	16
-.L12rounds:
-	movq	16(%rdi),%xmm2
-	movl	$11,%esi
-	movups	%xmm0,(%rdx)
-.byte	102,15,58,223,202,1
-	call	.Lkey_expansion_192a_cold
-.byte	102,15,58,223,202,2
-	call	.Lkey_expansion_192b
-.byte	102,15,58,223,202,4
-	call	.Lkey_expansion_192a
-.byte	102,15,58,223,202,8
-	call	.Lkey_expansion_192b
-.byte	102,15,58,223,202,16
-	call	.Lkey_expansion_192a
-.byte	102,15,58,223,202,32
-	call	.Lkey_expansion_192b
-.byte	102,15,58,223,202,64
-	call	.Lkey_expansion_192a
-.byte	102,15,58,223,202,128
-	call	.Lkey_expansion_192b
-	movups	%xmm0,(%rax)
-	movl	%esi,48(%rax)
-	xorq	%rax,%rax
-	jmp	.Lenc_key_ret
-
-.align	16
-.L14rounds:
-	movups	16(%rdi),%xmm2
-	movl	$13,%esi
-	leaq	16(%rax),%rax
-	movups	%xmm0,(%rdx)
-	movups	%xmm2,16(%rdx)
-.byte	102,15,58,223,202,1
-	call	.Lkey_expansion_256a_cold
-.byte	102,15,58,223,200,1
-	call	.Lkey_expansion_256b
-.byte	102,15,58,223,202,2
-	call	.Lkey_expansion_256a
-.byte	102,15,58,223,200,2
-	call	.Lkey_expansion_256b
-.byte	102,15,58,223,202,4
-	call	.Lkey_expansion_256a
-.byte	102,15,58,223,200,4
-	call	.Lkey_expansion_256b
-.byte	102,15,58,223,202,8
-	call	.Lkey_expansion_256a
-.byte	102,15,58,223,200,8
-	call	.Lkey_expansion_256b
-.byte	102,15,58,223,202,16
-	call	.Lkey_expansion_256a
-.byte	102,15,58,223,200,16
-	call	.Lkey_expansion_256b
-.byte	102,15,58,223,202,32
-	call	.Lkey_expansion_256a
-.byte	102,15,58,223,200,32
-	call	.Lkey_expansion_256b
-.byte	102,15,58,223,202,64
-	call	.Lkey_expansion_256a
-	movups	%xmm0,(%rax)
-	movl	%esi,16(%rax)
-	xorq	%rax,%rax
-	jmp	.Lenc_key_ret
-
-.align	16
-.Lbad_keybits:
-	movq	$-2,%rax
-.Lenc_key_ret:
-	addq	$8,%rsp
-	.byte	0xf3,0xc3
-.LSEH_end_set_encrypt_key:
-
-.align	16
-.Lkey_expansion_128:
-	movups	%xmm0,(%rax)
-	leaq	16(%rax),%rax
-.Lkey_expansion_128_cold:
-	shufps	$16,%xmm0,%xmm4
-	xorps	%xmm4,%xmm0
-	shufps	$140,%xmm0,%xmm4
-	xorps	%xmm4,%xmm0
-	shufps	$255,%xmm1,%xmm1
-	xorps	%xmm1,%xmm0
-	.byte	0xf3,0xc3
-
-.align	16
-.Lkey_expansion_192a:
-	movups	%xmm0,(%rax)
-	leaq	16(%rax),%rax
-.Lkey_expansion_192a_cold:
-	movaps	%xmm2,%xmm5
-.Lkey_expansion_192b_warm:
-	shufps	$16,%xmm0,%xmm4
-	movdqa	%xmm2,%xmm3
-	xorps	%xmm4,%xmm0
-	shufps	$140,%xmm0,%xmm4
-	pslldq	$4,%xmm3
-	xorps	%xmm4,%xmm0
-	pshufd	$85,%xmm1,%xmm1
-	pxor	%xmm3,%xmm2
-	pxor	%xmm1,%xmm0
-	pshufd	$255,%xmm0,%xmm3
-	pxor	%xmm3,%xmm2
-	.byte	0xf3,0xc3
-
-.align	16
-.Lkey_expansion_192b:
-	movaps	%xmm0,%xmm3
-	shufps	$68,%xmm0,%xmm5
-	movups	%xmm5,(%rax)
-	shufps	$78,%xmm2,%xmm3
-	movups	%xmm3,16(%rax)
-	leaq	32(%rax),%rax
-	jmp	.Lkey_expansion_192b_warm
-
-.align	16
-.Lkey_expansion_256a:
-	movups	%xmm2,(%rax)
-	leaq	16(%rax),%rax
-.Lkey_expansion_256a_cold:
-	shufps	$16,%xmm0,%xmm4
-	xorps	%xmm4,%xmm0
-	shufps	$140,%xmm0,%xmm4
-	xorps	%xmm4,%xmm0
-	shufps	$255,%xmm1,%xmm1
-	xorps	%xmm1,%xmm0
-	.byte	0xf3,0xc3
-
-.align	16
-.Lkey_expansion_256b:
-	movups	%xmm0,(%rax)
-	leaq	16(%rax),%rax
-
-	shufps	$16,%xmm2,%xmm4
-	xorps	%xmm4,%xmm2
-	shufps	$140,%xmm2,%xmm4
-	xorps	%xmm4,%xmm2
-	shufps	$170,%xmm1,%xmm1
-	xorps	%xmm1,%xmm2
-	.byte	0xf3,0xc3
-.size	aesni_set_encrypt_key,.-aesni_set_encrypt_key
-.size	__aesni_set_encrypt_key,.-__aesni_set_encrypt_key
-.align	64
-.Lbswap_mask:
-.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
-.Lincrement32:
-.long	6,6,6,0
-.Lincrement64:
-.long	1,0,0,0
-.Lxts_magic:
-.long	0x87,0,1,0
-
-.byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.align	64
diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl
deleted file mode 100644
index c9270dfddc..0000000000
--- a/crypto/aes/asm/aesni-x86_64.pl
+++ /dev/null
@@ -1,3071 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# This module implements support for Intel AES-NI extension. In
-# OpenSSL context it's used with Intel engine, but can also be used as
-# drop-in replacement for crypto/aes/asm/aes-x86_64.pl [see below for
-# details].
-#
-# Performance.
-#
-# Given aes(enc|dec) instructions' latency asymptotic performance for
-# non-parallelizable modes such as CBC encrypt is 3.75 cycles per byte
-# processed with 128-bit key. And given their throughput asymptotic
-# performance for parallelizable modes is 1.25 cycles per byte. Being
-# asymptotic limit it's not something you commonly achieve in reality,
-# but how close does one get? Below are results collected for
-# different modes and block sized. Pairs of numbers are for en-/
-# decryption.
-#
-#	16-byte     64-byte     256-byte    1-KB        8-KB
-# ECB	4.25/4.25   1.38/1.38   1.28/1.28   1.26/1.26	1.26/1.26
-# CTR	5.42/5.42   1.92/1.92   1.44/1.44   1.28/1.28   1.26/1.26
-# CBC	4.38/4.43   4.15/1.43   4.07/1.32   4.07/1.29   4.06/1.28
-# CCM	5.66/9.42   4.42/5.41   4.16/4.40   4.09/4.15   4.06/4.07   
-# OFB	5.42/5.42   4.64/4.64   4.44/4.44   4.39/4.39   4.38/4.38
-# CFB	5.73/5.85   5.56/5.62   5.48/5.56   5.47/5.55   5.47/5.55
-#
-# ECB, CTR, CBC and CCM results are free from EVP overhead. This means
-# that otherwise used 'openssl speed -evp aes-128-??? -engine aesni
-# [-decrypt]' will exhibit 10-15% worse results for smaller blocks.
-# The results were collected with specially crafted speed.c benchmark
-# in order to compare them with results reported in "Intel Advanced
-# Encryption Standard (AES) New Instruction Set" White Paper Revision
-# 3.0 dated May 2010. All above results are consistently better. This
-# module also provides better performance for block sizes smaller than
-# 128 bytes in points *not* represented in the above table.
-#
-# Looking at the results for 8-KB buffer.
-#
-# CFB and OFB results are far from the limit, because implementation
-# uses "generic" CRYPTO_[c|o]fb128_encrypt interfaces relying on
-# single-block aesni_encrypt, which is not the most optimal way to go.
-# CBC encrypt result is unexpectedly high and there is no documented
-# explanation for it. Seemingly there is a small penalty for feeding
-# the result back to AES unit the way it's done in CBC mode. There is
-# nothing one can do and the result appears optimal. CCM result is
-# identical to CBC, because CBC-MAC is essentially CBC encrypt without
-# saving output. CCM CTR "stays invisible," because it's neatly
-# interleaved wih CBC-MAC. This provides ~30% improvement over
-# "straghtforward" CCM implementation with CTR and CBC-MAC performed
-# disjointly. Parallelizable modes practically achieve the theoretical
-# limit.
-#
-# Looking at how results vary with buffer size.
-#
-# Curves are practically saturated at 1-KB buffer size. In most cases
-# "256-byte" performance is >95%, and "64-byte" is ~90% of "8-KB" one.
-# CTR curve doesn't follow this pattern and is "slowest" changing one
-# with "256-byte" result being 87% of "8-KB." This is because overhead
-# in CTR mode is most computationally intensive. Small-block CCM
-# decrypt is slower than encrypt, because first CTR and last CBC-MAC
-# iterations can't be interleaved.
-#
-# Results for 192- and 256-bit keys.
-#
-# EVP-free results were observed to scale perfectly with number of
-# rounds for larger block sizes, i.e. 192-bit result being 10/12 times
-# lower and 256-bit one - 10/14. Well, in CBC encrypt case differences
-# are a tad smaller, because the above mentioned penalty biases all
-# results by same constant value. In similar way function call
-# overhead affects small-block performance, as well as OFB and CFB
-# results. Differences are not large, most common coefficients are
-# 10/11.7 and 10/13.4 (as opposite to 10/12.0 and 10/14.0), but one
-# observe even 10/11.2 and 10/12.4 (CTR, OFB, CFB)...
-
-# January 2011
-#
-# While Westmere processor features 6 cycles latency for aes[enc|dec]
-# instructions, which can be scheduled every second cycle, Sandy
-# Bridge spends 8 cycles per instruction, but it can schedule them
-# every cycle. This means that code targeting Westmere would perform
-# suboptimally on Sandy Bridge. Therefore this update.
-#
-# In addition, non-parallelizable CBC encrypt (as well as CCM) is
-# optimized. Relative improvement might appear modest, 8% on Westmere,
-# but in absolute terms it's 3.77 cycles per byte encrypted with
-# 128-bit key on Westmere, and 5.07 - on Sandy Bridge. These numbers
-# should be compared to asymptotic limits of 3.75 for Westmere and
-# 5.00 for Sandy Bridge. Actually, the fact that they get this close
-# to asymptotic limits is quite amazing. Indeed, the limit is
-# calculated as latency times number of rounds, 10 for 128-bit key,
-# and divided by 16, the number of bytes in block, or in other words
-# it accounts *solely* for aesenc instructions. But there are extra
-# instructions, and numbers so close to the asymptotic limits mean
-# that it's as if it takes as little as *one* additional cycle to
-# execute all of them. How is it possible? It is possible thanks to
-# out-of-order execution logic, which manages to overlap post-
-# processing of previous block, things like saving the output, with
-# actual encryption of current block, as well as pre-processing of
-# current block, things like fetching input and xor-ing it with
-# 0-round element of the key schedule, with actual encryption of
-# previous block. Keep this in mind...
-#
-# For parallelizable modes, such as ECB, CBC decrypt, CTR, higher
-# performance is achieved by interleaving instructions working on
-# independent blocks. In which case asymptotic limit for such modes
-# can be obtained by dividing above mentioned numbers by AES
-# instructions' interleave factor. Westmere can execute at most 3 
-# instructions at a time, meaning that optimal interleave factor is 3,
-# and that's where the "magic" number of 1.25 come from. "Optimal
-# interleave factor" means that increase of interleave factor does
-# not improve performance. The formula has proven to reflect reality
-# pretty well on Westmere... Sandy Bridge on the other hand can
-# execute up to 8 AES instructions at a time, so how does varying
-# interleave factor affect the performance? Here is table for ECB
-# (numbers are cycles per byte processed with 128-bit key):
-#
-# instruction interleave factor		3x	6x	8x
-# theoretical asymptotic limit		1.67	0.83	0.625
-# measured performance for 8KB block	1.05	0.86	0.84
-#
-# "as if" interleave factor		4.7x	5.8x	6.0x
-#
-# Further data for other parallelizable modes:
-#
-# CBC decrypt				1.16	0.93	0.93
-# CTR					1.14	0.91	n/a
-#
-# Well, given 3x column it's probably inappropriate to call the limit
-# asymptotic, if it can be surpassed, isn't it? What happens there?
-# Rewind to CBC paragraph for the answer. Yes, out-of-order execution
-# magic is responsible for this. Processor overlaps not only the
-# additional instructions with AES ones, but even AES instuctions
-# processing adjacent triplets of independent blocks. In the 6x case
-# additional instructions  still claim disproportionally small amount
-# of additional cycles, but in 8x case number of instructions must be
-# a tad too high for out-of-order logic to cope with, and AES unit
-# remains underutilized... As you can see 8x interleave is hardly
-# justifiable, so there no need to feel bad that 32-bit aesni-x86.pl
-# utilizies 6x interleave because of limited register bank capacity.
-#
-# Higher interleave factors do have negative impact on Westmere
-# performance. While for ECB mode it's negligible ~1.5%, other
-# parallelizables perform ~5% worse, which is outweighed by ~25%
-# improvement on Sandy Bridge. To balance regression on Westmere
-# CTR mode was implemented with 6x aesenc interleave factor.
-
-# April 2011
-#
-# Add aesni_xts_[en|de]crypt. Westmere spends 1.33 cycles processing
-# one byte out of 8KB with 128-bit key, Sandy Bridge - 0.97. Just like
-# in CTR mode AES instruction interleave factor was chosen to be 6x.
-
-$PREFIX="aesni";	# if $PREFIX is set to "AES", the script
-			# generates drop-in replacement for
-			# crypto/aes/asm/aes-x86_64.pl:-)
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-$movkey = $PREFIX eq "aesni" ? "movups" : "movups";
-@_4args=$win64?	("%rcx","%rdx","%r8", "%r9") :	# Win64 order
-		("%rdi","%rsi","%rdx","%rcx");	# Unix order
-
-$code=".text\n";
-
-$rounds="%eax";	# input to and changed by aesni_[en|de]cryptN !!!
-# this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ...
-$inp="%rdi";
-$out="%rsi";
-$len="%rdx";
-$key="%rcx";	# input to and changed by aesni_[en|de]cryptN !!!
-$ivp="%r8";	# cbc, ctr, ...
-
-$rnds_="%r10d";	# backup copy for $rounds
-$key_="%r11";	# backup copy for $key
-
-# %xmm register layout
-$rndkey0="%xmm0";	$rndkey1="%xmm1";
-$inout0="%xmm2";	$inout1="%xmm3";
-$inout2="%xmm4";	$inout3="%xmm5";
-$inout4="%xmm6";	$inout5="%xmm7";
-$inout6="%xmm8";	$inout7="%xmm9";
-
-$in2="%xmm6";		$in1="%xmm7";	# used in CBC decrypt, CTR, ...
-$in0="%xmm8";		$iv="%xmm9";
-
-# Inline version of internal aesni_[en|de]crypt1.
-#
-# Why folded loop? Because aes[enc|dec] is slow enough to accommodate
-# cycles which take care of loop variables...
-{ my $sn;
-sub aesni_generate1 {
-my ($p,$key,$rounds,$inout,$ivec)=@_;	$inout=$inout0 if (!defined($inout));
-++$sn;
-$code.=<<___;
-	$movkey	($key),$rndkey0
-	$movkey	16($key),$rndkey1
-___
-$code.=<<___ if (defined($ivec));
-	xorps	$rndkey0,$ivec
-	lea	32($key),$key
-	xorps	$ivec,$inout
-___
-$code.=<<___ if (!defined($ivec));
-	lea	32($key),$key
-	xorps	$rndkey0,$inout
-___
-$code.=<<___;
-.Loop_${p}1_$sn:
-	aes${p}	$rndkey1,$inout
-	dec	$rounds
-	$movkey	($key),$rndkey1
-	lea	16($key),$key
-	jnz	.Loop_${p}1_$sn	# loop body is 16 bytes
-	aes${p}last	$rndkey1,$inout
-___
-}}
-# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key);
-#
-{ my ($inp,$out,$key) = @_4args;
-
-$code.=<<___;
-.globl	${PREFIX}_encrypt
-.type	${PREFIX}_encrypt,\@abi-omnipotent
-.align	16
-${PREFIX}_encrypt:
-	movups	($inp),$inout0		# load input
-	mov	240($key),$rounds	# key->rounds
-___
-	&aesni_generate1("enc",$key,$rounds);
-$code.=<<___;
-	movups	$inout0,($out)		# output
-	ret
-.size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
-
-.globl	${PREFIX}_decrypt
-.type	${PREFIX}_decrypt,\@abi-omnipotent
-.align	16
-${PREFIX}_decrypt:
-	movups	($inp),$inout0		# load input
-	mov	240($key),$rounds	# key->rounds
-___
-	&aesni_generate1("dec",$key,$rounds);
-$code.=<<___;
-	movups	$inout0,($out)		# output
-	ret
-.size	${PREFIX}_decrypt, .-${PREFIX}_decrypt
-___
-}
-
-# _aesni_[en|de]cryptN are private interfaces, N denotes interleave
-# factor. Why 3x subroutine were originally used in loops? Even though
-# aes[enc|dec] latency was originally 6, it could be scheduled only
-# every *2nd* cycle. Thus 3x interleave was the one providing optimal
-# utilization, i.e. when subroutine's throughput is virtually same as
-# of non-interleaved subroutine [for number of input blocks up to 3].
-# This is why it makes no sense to implement 2x subroutine.
-# aes[enc|dec] latency in next processor generation is 8, but the
-# instructions can be scheduled every cycle. Optimal interleave for
-# new processor is therefore 8x...
-sub aesni_generate3 {
-my $dir=shift;
-# As already mentioned it takes in $key and $rounds, which are *not*
-# preserved. $inout[0-2] is cipher/clear text...
-$code.=<<___;
-.type	_aesni_${dir}rypt3,\@abi-omnipotent
-.align	16
-_aesni_${dir}rypt3:
-	$movkey	($key),$rndkey0
-	shr	\$1,$rounds
-	$movkey	16($key),$rndkey1
-	lea	32($key),$key
-	xorps	$rndkey0,$inout0
-	xorps	$rndkey0,$inout1
-	xorps	$rndkey0,$inout2
-	$movkey		($key),$rndkey0
-
-.L${dir}_loop3:
-	aes${dir}	$rndkey1,$inout0
-	aes${dir}	$rndkey1,$inout1
-	dec		$rounds
-	aes${dir}	$rndkey1,$inout2
-	$movkey		16($key),$rndkey1
-	aes${dir}	$rndkey0,$inout0
-	aes${dir}	$rndkey0,$inout1
-	lea		32($key),$key
-	aes${dir}	$rndkey0,$inout2
-	$movkey		($key),$rndkey0
-	jnz		.L${dir}_loop3
-
-	aes${dir}	$rndkey1,$inout0
-	aes${dir}	$rndkey1,$inout1
-	aes${dir}	$rndkey1,$inout2
-	aes${dir}last	$rndkey0,$inout0
-	aes${dir}last	$rndkey0,$inout1
-	aes${dir}last	$rndkey0,$inout2
-	ret
-.size	_aesni_${dir}rypt3,.-_aesni_${dir}rypt3
-___
-}
-# 4x interleave is implemented to improve small block performance,
-# most notably [and naturally] 4 block by ~30%. One can argue that one
-# should have implemented 5x as well, but improvement would be <20%,
-# so it's not worth it...
-sub aesni_generate4 {
-my $dir=shift;
-# As already mentioned it takes in $key and $rounds, which are *not*
-# preserved. $inout[0-3] is cipher/clear text...
-$code.=<<___;
-.type	_aesni_${dir}rypt4,\@abi-omnipotent
-.align	16
-_aesni_${dir}rypt4:
-	$movkey	($key),$rndkey0
-	shr	\$1,$rounds
-	$movkey	16($key),$rndkey1
-	lea	32($key),$key
-	xorps	$rndkey0,$inout0
-	xorps	$rndkey0,$inout1
-	xorps	$rndkey0,$inout2
-	xorps	$rndkey0,$inout3
-	$movkey	($key),$rndkey0
-
-.L${dir}_loop4:
-	aes${dir}	$rndkey1,$inout0
-	aes${dir}	$rndkey1,$inout1
-	dec		$rounds
-	aes${dir}	$rndkey1,$inout2
-	aes${dir}	$rndkey1,$inout3
-	$movkey		16($key),$rndkey1
-	aes${dir}	$rndkey0,$inout0
-	aes${dir}	$rndkey0,$inout1
-	lea		32($key),$key
-	aes${dir}	$rndkey0,$inout2
-	aes${dir}	$rndkey0,$inout3
-	$movkey		($key),$rndkey0
-	jnz		.L${dir}_loop4
-
-	aes${dir}	$rndkey1,$inout0
-	aes${dir}	$rndkey1,$inout1
-	aes${dir}	$rndkey1,$inout2
-	aes${dir}	$rndkey1,$inout3
-	aes${dir}last	$rndkey0,$inout0
-	aes${dir}last	$rndkey0,$inout1
-	aes${dir}last	$rndkey0,$inout2
-	aes${dir}last	$rndkey0,$inout3
-	ret
-.size	_aesni_${dir}rypt4,.-_aesni_${dir}rypt4
-___
-}
-sub aesni_generate6 {
-my $dir=shift;
-# As already mentioned it takes in $key and $rounds, which are *not*
-# preserved. $inout[0-5] is cipher/clear text...
-$code.=<<___;
-.type	_aesni_${dir}rypt6,\@abi-omnipotent
-.align	16
-_aesni_${dir}rypt6:
-	$movkey		($key),$rndkey0
-	shr		\$1,$rounds
-	$movkey		16($key),$rndkey1
-	lea		32($key),$key
-	xorps		$rndkey0,$inout0
-	pxor		$rndkey0,$inout1
-	aes${dir}	$rndkey1,$inout0
-	pxor		$rndkey0,$inout2
-	aes${dir}	$rndkey1,$inout1
-	pxor		$rndkey0,$inout3
-	aes${dir}	$rndkey1,$inout2
-	pxor		$rndkey0,$inout4
-	aes${dir}	$rndkey1,$inout3
-	pxor		$rndkey0,$inout5
-	dec		$rounds
-	aes${dir}	$rndkey1,$inout4
-	$movkey		($key),$rndkey0
-	aes${dir}	$rndkey1,$inout5
-	jmp		.L${dir}_loop6_enter
-.align	16
-.L${dir}_loop6:
-	aes${dir}	$rndkey1,$inout0
-	aes${dir}	$rndkey1,$inout1
-	dec		$rounds
-	aes${dir}	$rndkey1,$inout2
-	aes${dir}	$rndkey1,$inout3
-	aes${dir}	$rndkey1,$inout4
-	aes${dir}	$rndkey1,$inout5
-.L${dir}_loop6_enter:				# happens to be 16-byte aligned
-	$movkey		16($key),$rndkey1
-	aes${dir}	$rndkey0,$inout0
-	aes${dir}	$rndkey0,$inout1
-	lea		32($key),$key
-	aes${dir}	$rndkey0,$inout2
-	aes${dir}	$rndkey0,$inout3
-	aes${dir}	$rndkey0,$inout4
-	aes${dir}	$rndkey0,$inout5
-	$movkey		($key),$rndkey0
-	jnz		.L${dir}_loop6
-
-	aes${dir}	$rndkey1,$inout0
-	aes${dir}	$rndkey1,$inout1
-	aes${dir}	$rndkey1,$inout2
-	aes${dir}	$rndkey1,$inout3
-	aes${dir}	$rndkey1,$inout4
-	aes${dir}	$rndkey1,$inout5
-	aes${dir}last	$rndkey0,$inout0
-	aes${dir}last	$rndkey0,$inout1
-	aes${dir}last	$rndkey0,$inout2
-	aes${dir}last	$rndkey0,$inout3
-	aes${dir}last	$rndkey0,$inout4
-	aes${dir}last	$rndkey0,$inout5
-	ret
-.size	_aesni_${dir}rypt6,.-_aesni_${dir}rypt6
-___
-}
-sub aesni_generate8 {
-my $dir=shift;
-# As already mentioned it takes in $key and $rounds, which are *not*
-# preserved. $inout[0-7] is cipher/clear text...
-$code.=<<___;
-.type	_aesni_${dir}rypt8,\@abi-omnipotent
-.align	16
-_aesni_${dir}rypt8:
-	$movkey		($key),$rndkey0
-	shr		\$1,$rounds
-	$movkey		16($key),$rndkey1
-	lea		32($key),$key
-	xorps		$rndkey0,$inout0
-	xorps		$rndkey0,$inout1
-	aes${dir}	$rndkey1,$inout0
-	pxor		$rndkey0,$inout2
-	aes${dir}	$rndkey1,$inout1
-	pxor		$rndkey0,$inout3
-	aes${dir}	$rndkey1,$inout2
-	pxor		$rndkey0,$inout4
-	aes${dir}	$rndkey1,$inout3
-	pxor		$rndkey0,$inout5
-	dec		$rounds
-	aes${dir}	$rndkey1,$inout4
-	pxor		$rndkey0,$inout6
-	aes${dir}	$rndkey1,$inout5
-	pxor		$rndkey0,$inout7
-	$movkey		($key),$rndkey0
-	aes${dir}	$rndkey1,$inout6
-	aes${dir}	$rndkey1,$inout7
-	$movkey		16($key),$rndkey1
-	jmp		.L${dir}_loop8_enter
-.align	16
-.L${dir}_loop8:
-	aes${dir}	$rndkey1,$inout0
-	aes${dir}	$rndkey1,$inout1
-	dec		$rounds
-	aes${dir}	$rndkey1,$inout2
-	aes${dir}	$rndkey1,$inout3
-	aes${dir}	$rndkey1,$inout4
-	aes${dir}	$rndkey1,$inout5
-	aes${dir}	$rndkey1,$inout6
-	aes${dir}	$rndkey1,$inout7
-	$movkey		16($key),$rndkey1
-.L${dir}_loop8_enter:				# happens to be 16-byte aligned
-	aes${dir}	$rndkey0,$inout0
-	aes${dir}	$rndkey0,$inout1
-	lea		32($key),$key
-	aes${dir}	$rndkey0,$inout2
-	aes${dir}	$rndkey0,$inout3
-	aes${dir}	$rndkey0,$inout4
-	aes${dir}	$rndkey0,$inout5
-	aes${dir}	$rndkey0,$inout6
-	aes${dir}	$rndkey0,$inout7
-	$movkey		($key),$rndkey0
-	jnz		.L${dir}_loop8
-
-	aes${dir}	$rndkey1,$inout0
-	aes${dir}	$rndkey1,$inout1
-	aes${dir}	$rndkey1,$inout2
-	aes${dir}	$rndkey1,$inout3
-	aes${dir}	$rndkey1,$inout4
-	aes${dir}	$rndkey1,$inout5
-	aes${dir}	$rndkey1,$inout6
-	aes${dir}	$rndkey1,$inout7
-	aes${dir}last	$rndkey0,$inout0
-	aes${dir}last	$rndkey0,$inout1
-	aes${dir}last	$rndkey0,$inout2
-	aes${dir}last	$rndkey0,$inout3
-	aes${dir}last	$rndkey0,$inout4
-	aes${dir}last	$rndkey0,$inout5
-	aes${dir}last	$rndkey0,$inout6
-	aes${dir}last	$rndkey0,$inout7
-	ret
-.size	_aesni_${dir}rypt8,.-_aesni_${dir}rypt8
-___
-}
-&aesni_generate3("enc") if ($PREFIX eq "aesni");
-&aesni_generate3("dec");
-&aesni_generate4("enc") if ($PREFIX eq "aesni");
-&aesni_generate4("dec");
-&aesni_generate6("enc") if ($PREFIX eq "aesni");
-&aesni_generate6("dec");
-&aesni_generate8("enc") if ($PREFIX eq "aesni");
-&aesni_generate8("dec");
-
-if ($PREFIX eq "aesni") {
-########################################################################
-# void aesni_ecb_encrypt (const void *in, void *out,
-#			  size_t length, const AES_KEY *key,
-#			  int enc);
-$code.=<<___;
-.globl	aesni_ecb_encrypt
-.type	aesni_ecb_encrypt,\@function,5
-.align	16
-aesni_ecb_encrypt:
-___
-$code.=<<___ if ($win64);
-	lea	-0x58(%rsp),%rsp
-	movaps	%xmm6,(%rsp)
-	movaps	%xmm7,0x10(%rsp)
-	movaps	%xmm8,0x20(%rsp)
-	movaps	%xmm9,0x30(%rsp)
-.Lecb_enc_body:
-___
-$code.=<<___;
-	and	\$-16,$len
-	jz	.Lecb_ret
-
-	mov	240($key),$rounds	# key->rounds
-	$movkey	($key),$rndkey0
-	mov	$key,$key_		# backup $key
-	mov	$rounds,$rnds_		# backup $rounds
-	test	%r8d,%r8d		# 5th argument
-	jz	.Lecb_decrypt
-#--------------------------- ECB ENCRYPT ------------------------------#
-	cmp	\$0x80,$len
-	jb	.Lecb_enc_tail
-
-	movdqu	($inp),$inout0
-	movdqu	0x10($inp),$inout1
-	movdqu	0x20($inp),$inout2
-	movdqu	0x30($inp),$inout3
-	movdqu	0x40($inp),$inout4
-	movdqu	0x50($inp),$inout5
-	movdqu	0x60($inp),$inout6
-	movdqu	0x70($inp),$inout7
-	lea	0x80($inp),$inp
-	sub	\$0x80,$len
-	jmp	.Lecb_enc_loop8_enter
-.align 16
-.Lecb_enc_loop8:
-	movups	$inout0,($out)
-	mov	$key_,$key		# restore $key
-	movdqu	($inp),$inout0
-	mov	$rnds_,$rounds		# restore $rounds
-	movups	$inout1,0x10($out)
-	movdqu	0x10($inp),$inout1
-	movups	$inout2,0x20($out)
-	movdqu	0x20($inp),$inout2
-	movups	$inout3,0x30($out)
-	movdqu	0x30($inp),$inout3
-	movups	$inout4,0x40($out)
-	movdqu	0x40($inp),$inout4
-	movups	$inout5,0x50($out)
-	movdqu	0x50($inp),$inout5
-	movups	$inout6,0x60($out)
-	movdqu	0x60($inp),$inout6
-	movups	$inout7,0x70($out)
-	lea	0x80($out),$out
-	movdqu	0x70($inp),$inout7
-	lea	0x80($inp),$inp
-.Lecb_enc_loop8_enter:
-
-	call	_aesni_encrypt8
-
-	sub	\$0x80,$len
-	jnc	.Lecb_enc_loop8
-
-	movups	$inout0,($out)
-	mov	$key_,$key		# restore $key
-	movups	$inout1,0x10($out)
-	mov	$rnds_,$rounds		# restore $rounds
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	movups	$inout4,0x40($out)
-	movups	$inout5,0x50($out)
-	movups	$inout6,0x60($out)
-	movups	$inout7,0x70($out)
-	lea	0x80($out),$out
-	add	\$0x80,$len
-	jz	.Lecb_ret
-
-.Lecb_enc_tail:
-	movups	($inp),$inout0
-	cmp	\$0x20,$len
-	jb	.Lecb_enc_one
-	movups	0x10($inp),$inout1
-	je	.Lecb_enc_two
-	movups	0x20($inp),$inout2
-	cmp	\$0x40,$len
-	jb	.Lecb_enc_three
-	movups	0x30($inp),$inout3
-	je	.Lecb_enc_four
-	movups	0x40($inp),$inout4
-	cmp	\$0x60,$len
-	jb	.Lecb_enc_five
-	movups	0x50($inp),$inout5
-	je	.Lecb_enc_six
-	movdqu	0x60($inp),$inout6
-	call	_aesni_encrypt8
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	movups	$inout4,0x40($out)
-	movups	$inout5,0x50($out)
-	movups	$inout6,0x60($out)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_enc_one:
-___
-	&aesni_generate1("enc",$key,$rounds);
-$code.=<<___;
-	movups	$inout0,($out)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_enc_two:
-	xorps	$inout2,$inout2
-	call	_aesni_encrypt3
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_enc_three:
-	call	_aesni_encrypt3
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_enc_four:
-	call	_aesni_encrypt4
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_enc_five:
-	xorps	$inout5,$inout5
-	call	_aesni_encrypt6
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	movups	$inout4,0x40($out)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_enc_six:
-	call	_aesni_encrypt6
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	movups	$inout4,0x40($out)
-	movups	$inout5,0x50($out)
-	jmp	.Lecb_ret
-#--------------------------- ECB DECRYPT ------------------------------#
-.align	16
-.Lecb_decrypt:
-	cmp	\$0x80,$len
-	jb	.Lecb_dec_tail
-
-	movdqu	($inp),$inout0
-	movdqu	0x10($inp),$inout1
-	movdqu	0x20($inp),$inout2
-	movdqu	0x30($inp),$inout3
-	movdqu	0x40($inp),$inout4
-	movdqu	0x50($inp),$inout5
-	movdqu	0x60($inp),$inout6
-	movdqu	0x70($inp),$inout7
-	lea	0x80($inp),$inp
-	sub	\$0x80,$len
-	jmp	.Lecb_dec_loop8_enter
-.align 16
-.Lecb_dec_loop8:
-	movups	$inout0,($out)
-	mov	$key_,$key		# restore $key
-	movdqu	($inp),$inout0
-	mov	$rnds_,$rounds		# restore $rounds
-	movups	$inout1,0x10($out)
-	movdqu	0x10($inp),$inout1
-	movups	$inout2,0x20($out)
-	movdqu	0x20($inp),$inout2
-	movups	$inout3,0x30($out)
-	movdqu	0x30($inp),$inout3
-	movups	$inout4,0x40($out)
-	movdqu	0x40($inp),$inout4
-	movups	$inout5,0x50($out)
-	movdqu	0x50($inp),$inout5
-	movups	$inout6,0x60($out)
-	movdqu	0x60($inp),$inout6
-	movups	$inout7,0x70($out)
-	lea	0x80($out),$out
-	movdqu	0x70($inp),$inout7
-	lea	0x80($inp),$inp
-.Lecb_dec_loop8_enter:
-
-	call	_aesni_decrypt8
-
-	$movkey	($key_),$rndkey0
-	sub	\$0x80,$len
-	jnc	.Lecb_dec_loop8
-
-	movups	$inout0,($out)
-	mov	$key_,$key		# restore $key
-	movups	$inout1,0x10($out)
-	mov	$rnds_,$rounds		# restore $rounds
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	movups	$inout4,0x40($out)
-	movups	$inout5,0x50($out)
-	movups	$inout6,0x60($out)
-	movups	$inout7,0x70($out)
-	lea	0x80($out),$out
-	add	\$0x80,$len
-	jz	.Lecb_ret
-
-.Lecb_dec_tail:
-	movups	($inp),$inout0
-	cmp	\$0x20,$len
-	jb	.Lecb_dec_one
-	movups	0x10($inp),$inout1
-	je	.Lecb_dec_two
-	movups	0x20($inp),$inout2
-	cmp	\$0x40,$len
-	jb	.Lecb_dec_three
-	movups	0x30($inp),$inout3
-	je	.Lecb_dec_four
-	movups	0x40($inp),$inout4
-	cmp	\$0x60,$len
-	jb	.Lecb_dec_five
-	movups	0x50($inp),$inout5
-	je	.Lecb_dec_six
-	movups	0x60($inp),$inout6
-	$movkey	($key),$rndkey0
-	call	_aesni_decrypt8
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	movups	$inout4,0x40($out)
-	movups	$inout5,0x50($out)
-	movups	$inout6,0x60($out)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_dec_one:
-___
-	&aesni_generate1("dec",$key,$rounds);
-$code.=<<___;
-	movups	$inout0,($out)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_dec_two:
-	xorps	$inout2,$inout2
-	call	_aesni_decrypt3
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_dec_three:
-	call	_aesni_decrypt3
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_dec_four:
-	call	_aesni_decrypt4
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_dec_five:
-	xorps	$inout5,$inout5
-	call	_aesni_decrypt6
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	movups	$inout4,0x40($out)
-	jmp	.Lecb_ret
-.align	16
-.Lecb_dec_six:
-	call	_aesni_decrypt6
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	movups	$inout4,0x40($out)
-	movups	$inout5,0x50($out)
-
-.Lecb_ret:
-___
-$code.=<<___ if ($win64);
-	movaps	(%rsp),%xmm6
-	movaps	0x10(%rsp),%xmm7
-	movaps	0x20(%rsp),%xmm8
-	movaps	0x30(%rsp),%xmm9
-	lea	0x58(%rsp),%rsp
-.Lecb_enc_ret:
-___
-$code.=<<___;
-	ret
-.size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
-___
-
-{
-######################################################################
-# void aesni_ccm64_[en|de]crypt_blocks (const void *in, void *out,
-#                         size_t blocks, const AES_KEY *key,
-#                         const char *ivec,char *cmac);
-#
-# Handles only complete blocks, operates on 64-bit counter and
-# does not update *ivec! Nor does it finalize CMAC value
-# (see engine/eng_aesni.c for details)
-#
-{
-my $cmac="%r9";	# 6th argument
-
-my $increment="%xmm6";
-my $bswap_mask="%xmm7";
-
-$code.=<<___;
-.globl	aesni_ccm64_encrypt_blocks
-.type	aesni_ccm64_encrypt_blocks,\@function,6
-.align	16
-aesni_ccm64_encrypt_blocks:
-___
-$code.=<<___ if ($win64);
-	lea	-0x58(%rsp),%rsp
-	movaps	%xmm6,(%rsp)
-	movaps	%xmm7,0x10(%rsp)
-	movaps	%xmm8,0x20(%rsp)
-	movaps	%xmm9,0x30(%rsp)
-.Lccm64_enc_body:
-___
-$code.=<<___;
-	mov	240($key),$rounds		# key->rounds
-	movdqu	($ivp),$iv
-	movdqa	.Lincrement64(%rip),$increment
-	movdqa	.Lbswap_mask(%rip),$bswap_mask
-
-	shr	\$1,$rounds
-	lea	0($key),$key_
-	movdqu	($cmac),$inout1
-	movdqa	$iv,$inout0
-	mov	$rounds,$rnds_
-	pshufb	$bswap_mask,$iv
-	jmp	.Lccm64_enc_outer
-.align	16
-.Lccm64_enc_outer:
-	$movkey	($key_),$rndkey0
-	mov	$rnds_,$rounds
-	movups	($inp),$in0			# load inp
-
-	xorps	$rndkey0,$inout0		# counter
-	$movkey	16($key_),$rndkey1
-	xorps	$in0,$rndkey0
-	lea	32($key_),$key
-	xorps	$rndkey0,$inout1		# cmac^=inp
-	$movkey	($key),$rndkey0
-
-.Lccm64_enc2_loop:
-	aesenc	$rndkey1,$inout0
-	dec	$rounds
-	aesenc	$rndkey1,$inout1
-	$movkey	16($key),$rndkey1
-	aesenc	$rndkey0,$inout0
-	lea	32($key),$key
-	aesenc	$rndkey0,$inout1
-	$movkey	0($key),$rndkey0
-	jnz	.Lccm64_enc2_loop
-	aesenc	$rndkey1,$inout0
-	aesenc	$rndkey1,$inout1
-	paddq	$increment,$iv
-	aesenclast	$rndkey0,$inout0
-	aesenclast	$rndkey0,$inout1
-
-	dec	$len
-	lea	16($inp),$inp
-	xorps	$inout0,$in0			# inp ^= E(iv)
-	movdqa	$iv,$inout0
-	movups	$in0,($out)			# save output
-	lea	16($out),$out
-	pshufb	$bswap_mask,$inout0
-	jnz	.Lccm64_enc_outer
-
-	movups	$inout1,($cmac)
-___
-$code.=<<___ if ($win64);
-	movaps	(%rsp),%xmm6
-	movaps	0x10(%rsp),%xmm7
-	movaps	0x20(%rsp),%xmm8
-	movaps	0x30(%rsp),%xmm9
-	lea	0x58(%rsp),%rsp
-.Lccm64_enc_ret:
-___
-$code.=<<___;
-	ret
-.size	aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
-___
-######################################################################
-$code.=<<___;
-.globl	aesni_ccm64_decrypt_blocks
-.type	aesni_ccm64_decrypt_blocks,\@function,6
-.align	16
-aesni_ccm64_decrypt_blocks:
-___
-$code.=<<___ if ($win64);
-	lea	-0x58(%rsp),%rsp
-	movaps	%xmm6,(%rsp)
-	movaps	%xmm7,0x10(%rsp)
-	movaps	%xmm8,0x20(%rsp)
-	movaps	%xmm9,0x30(%rsp)
-.Lccm64_dec_body:
-___
-$code.=<<___;
-	mov	240($key),$rounds		# key->rounds
-	movups	($ivp),$iv
-	movdqu	($cmac),$inout1
-	movdqa	.Lincrement64(%rip),$increment
-	movdqa	.Lbswap_mask(%rip),$bswap_mask
-
-	movaps	$iv,$inout0
-	mov	$rounds,$rnds_
-	mov	$key,$key_
-	pshufb	$bswap_mask,$iv
-___
-	&aesni_generate1("enc",$key,$rounds);
-$code.=<<___;
-	movups	($inp),$in0			# load inp
-	paddq	$increment,$iv
-	lea	16($inp),$inp
-	jmp	.Lccm64_dec_outer
-.align	16
-.Lccm64_dec_outer:
-	xorps	$inout0,$in0			# inp ^= E(iv)
-	movdqa	$iv,$inout0
-	mov	$rnds_,$rounds
-	movups	$in0,($out)			# save output
-	lea	16($out),$out
-	pshufb	$bswap_mask,$inout0
-
-	sub	\$1,$len
-	jz	.Lccm64_dec_break
-
-	$movkey	($key_),$rndkey0
-	shr	\$1,$rounds
-	$movkey	16($key_),$rndkey1
-	xorps	$rndkey0,$in0
-	lea	32($key_),$key
-	xorps	$rndkey0,$inout0
-	xorps	$in0,$inout1			# cmac^=out
-	$movkey	($key),$rndkey0
-
-.Lccm64_dec2_loop:
-	aesenc	$rndkey1,$inout0
-	dec	$rounds
-	aesenc	$rndkey1,$inout1
-	$movkey	16($key),$rndkey1
-	aesenc	$rndkey0,$inout0
-	lea	32($key),$key
-	aesenc	$rndkey0,$inout1
-	$movkey	0($key),$rndkey0
-	jnz	.Lccm64_dec2_loop
-	movups	($inp),$in0			# load inp
-	paddq	$increment,$iv
-	aesenc	$rndkey1,$inout0
-	aesenc	$rndkey1,$inout1
-	lea	16($inp),$inp
-	aesenclast	$rndkey0,$inout0
-	aesenclast	$rndkey0,$inout1
-	jmp	.Lccm64_dec_outer
-
-.align	16
-.Lccm64_dec_break:
-	#xorps	$in0,$inout1			# cmac^=out
-___
-	&aesni_generate1("enc",$key_,$rounds,$inout1,$in0);
-$code.=<<___;
-	movups	$inout1,($cmac)
-___
-$code.=<<___ if ($win64);
-	movaps	(%rsp),%xmm6
-	movaps	0x10(%rsp),%xmm7
-	movaps	0x20(%rsp),%xmm8
-	movaps	0x30(%rsp),%xmm9
-	lea	0x58(%rsp),%rsp
-.Lccm64_dec_ret:
-___
-$code.=<<___;
-	ret
-.size	aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
-___
-}
-######################################################################
-# void aesni_ctr32_encrypt_blocks (const void *in, void *out,
-#                         size_t blocks, const AES_KEY *key,
-#                         const char *ivec);
-#
-# Handles only complete blocks, operates on 32-bit counter and
-# does not update *ivec! (see engine/eng_aesni.c for details)
-#
-{
-my $reserved = $win64?0:-0x28;
-my ($in0,$in1,$in2,$in3)=map("%xmm$_",(8..11));
-my ($iv0,$iv1,$ivec)=("%xmm12","%xmm13","%xmm14");
-my $bswap_mask="%xmm15";
-
-$code.=<<___;
-.globl	aesni_ctr32_encrypt_blocks
-.type	aesni_ctr32_encrypt_blocks,\@function,5
-.align	16
-aesni_ctr32_encrypt_blocks:
-___
-$code.=<<___ if ($win64);
-	lea	-0xc8(%rsp),%rsp
-	movaps	%xmm6,0x20(%rsp)
-	movaps	%xmm7,0x30(%rsp)
-	movaps	%xmm8,0x40(%rsp)
-	movaps	%xmm9,0x50(%rsp)
-	movaps	%xmm10,0x60(%rsp)
-	movaps	%xmm11,0x70(%rsp)
-	movaps	%xmm12,0x80(%rsp)
-	movaps	%xmm13,0x90(%rsp)
-	movaps	%xmm14,0xa0(%rsp)
-	movaps	%xmm15,0xb0(%rsp)
-.Lctr32_body:
-___
-$code.=<<___;
-	cmp	\$1,$len
-	je	.Lctr32_one_shortcut
-
-	movdqu	($ivp),$ivec
-	movdqa	.Lbswap_mask(%rip),$bswap_mask
-	xor	$rounds,$rounds
-	pextrd	\$3,$ivec,$rnds_		# pull 32-bit counter
-	pinsrd	\$3,$rounds,$ivec		# wipe 32-bit counter
-
-	mov	240($key),$rounds		# key->rounds
-	bswap	$rnds_
-	pxor	$iv0,$iv0			# vector of 3 32-bit counters
-	pxor	$iv1,$iv1			# vector of 3 32-bit counters
-	pinsrd	\$0,$rnds_,$iv0
-	lea	3($rnds_),$key_
-	pinsrd	\$0,$key_,$iv1
-	inc	$rnds_
-	pinsrd	\$1,$rnds_,$iv0
-	inc	$key_
-	pinsrd	\$1,$key_,$iv1
-	inc	$rnds_
-	pinsrd	\$2,$rnds_,$iv0
-	inc	$key_
-	pinsrd	\$2,$key_,$iv1
-	movdqa	$iv0,$reserved(%rsp)
-	pshufb	$bswap_mask,$iv0
-	movdqa	$iv1,`$reserved+0x10`(%rsp)
-	pshufb	$bswap_mask,$iv1
-
-	pshufd	\$`3<<6`,$iv0,$inout0		# place counter to upper dword
-	pshufd	\$`2<<6`,$iv0,$inout1
-	pshufd	\$`1<<6`,$iv0,$inout2
-	cmp	\$6,$len
-	jb	.Lctr32_tail
-	shr	\$1,$rounds
-	mov	$key,$key_			# backup $key
-	mov	$rounds,$rnds_			# backup $rounds
-	sub	\$6,$len
-	jmp	.Lctr32_loop6
-
-.align	16
-.Lctr32_loop6:
-	pshufd	\$`3<<6`,$iv1,$inout3
-	por	$ivec,$inout0			# merge counter-less ivec
-	 $movkey	($key_),$rndkey0
-	pshufd	\$`2<<6`,$iv1,$inout4
-	por	$ivec,$inout1
-	 $movkey	16($key_),$rndkey1
-	pshufd	\$`1<<6`,$iv1,$inout5
-	por	$ivec,$inout2
-	por	$ivec,$inout3
-	 xorps		$rndkey0,$inout0
-	por	$ivec,$inout4
-	por	$ivec,$inout5
-
-	# inline _aesni_encrypt6 and interleave last rounds
-	# with own code...
-
-	pxor		$rndkey0,$inout1
-	aesenc		$rndkey1,$inout0
-	lea		32($key_),$key
-	pxor		$rndkey0,$inout2
-	aesenc		$rndkey1,$inout1
-	 movdqa		.Lincrement32(%rip),$iv1
-	pxor		$rndkey0,$inout3
-	aesenc		$rndkey1,$inout2
-	 movdqa		$reserved(%rsp),$iv0
-	pxor		$rndkey0,$inout4
-	aesenc		$rndkey1,$inout3
-	pxor		$rndkey0,$inout5
-	$movkey		($key),$rndkey0
-	dec		$rounds
-	aesenc		$rndkey1,$inout4
-	aesenc		$rndkey1,$inout5
-	jmp		.Lctr32_enc_loop6_enter
-.align	16
-.Lctr32_enc_loop6:
-	aesenc		$rndkey1,$inout0
-	aesenc		$rndkey1,$inout1
-	dec		$rounds
-	aesenc		$rndkey1,$inout2
-	aesenc		$rndkey1,$inout3
-	aesenc		$rndkey1,$inout4
-	aesenc		$rndkey1,$inout5
-.Lctr32_enc_loop6_enter:
-	$movkey		16($key),$rndkey1
-	aesenc		$rndkey0,$inout0
-	aesenc		$rndkey0,$inout1
-	lea		32($key),$key
-	aesenc		$rndkey0,$inout2
-	aesenc		$rndkey0,$inout3
-	aesenc		$rndkey0,$inout4
-	aesenc		$rndkey0,$inout5
-	$movkey		($key),$rndkey0
-	jnz		.Lctr32_enc_loop6
-
-	aesenc		$rndkey1,$inout0
-	 paddd		$iv1,$iv0		# increment counter vector
-	aesenc		$rndkey1,$inout1
-	 paddd		`$reserved+0x10`(%rsp),$iv1
-	aesenc		$rndkey1,$inout2
-	 movdqa		$iv0,$reserved(%rsp)	# save counter vector
-	aesenc		$rndkey1,$inout3
-	 movdqa		$iv1,`$reserved+0x10`(%rsp)
-	aesenc		$rndkey1,$inout4
-	 pshufb		$bswap_mask,$iv0	# byte swap
-	aesenc		$rndkey1,$inout5
-	 pshufb		$bswap_mask,$iv1
-
-	aesenclast	$rndkey0,$inout0
-	 movups		($inp),$in0		# load input
-	aesenclast	$rndkey0,$inout1
-	 movups		0x10($inp),$in1
-	aesenclast	$rndkey0,$inout2
-	 movups		0x20($inp),$in2
-	aesenclast	$rndkey0,$inout3
-	 movups		0x30($inp),$in3
-	aesenclast	$rndkey0,$inout4
-	 movups		0x40($inp),$rndkey1
-	aesenclast	$rndkey0,$inout5
-	 movups		0x50($inp),$rndkey0
-	 lea	0x60($inp),$inp
-
-	xorps	$inout0,$in0			# xor
-	 pshufd	\$`3<<6`,$iv0,$inout0
-	xorps	$inout1,$in1
-	 pshufd	\$`2<<6`,$iv0,$inout1
-	movups	$in0,($out)			# store output
-	xorps	$inout2,$in2
-	 pshufd	\$`1<<6`,$iv0,$inout2
-	movups	$in1,0x10($out)
-	xorps	$inout3,$in3
-	movups	$in2,0x20($out)
-	xorps	$inout4,$rndkey1
-	movups	$in3,0x30($out)
-	xorps	$inout5,$rndkey0
-	movups	$rndkey1,0x40($out)
-	movups	$rndkey0,0x50($out)
-	lea	0x60($out),$out
-	mov	$rnds_,$rounds
-	sub	\$6,$len
-	jnc	.Lctr32_loop6
-
-	add	\$6,$len
-	jz	.Lctr32_done
-	mov	$key_,$key			# restore $key
-	lea	1($rounds,$rounds),$rounds	# restore original value
-
-.Lctr32_tail:
-	por	$ivec,$inout0
-	movups	($inp),$in0
-	cmp	\$2,$len
-	jb	.Lctr32_one
-
-	por	$ivec,$inout1
-	movups	0x10($inp),$in1
-	je	.Lctr32_two
-
-	pshufd	\$`3<<6`,$iv1,$inout3
-	por	$ivec,$inout2
-	movups	0x20($inp),$in2
-	cmp	\$4,$len
-	jb	.Lctr32_three
-
-	pshufd	\$`2<<6`,$iv1,$inout4
-	por	$ivec,$inout3
-	movups	0x30($inp),$in3
-	je	.Lctr32_four
-
-	por	$ivec,$inout4
-	xorps	$inout5,$inout5
-
-	call	_aesni_encrypt6
-
-	movups	0x40($inp),$rndkey1
-	xorps	$inout0,$in0
-	xorps	$inout1,$in1
-	movups	$in0,($out)
-	xorps	$inout2,$in2
-	movups	$in1,0x10($out)
-	xorps	$inout3,$in3
-	movups	$in2,0x20($out)
-	xorps	$inout4,$rndkey1
-	movups	$in3,0x30($out)
-	movups	$rndkey1,0x40($out)
-	jmp	.Lctr32_done
-
-.align	16
-.Lctr32_one_shortcut:
-	movups	($ivp),$inout0
-	movups	($inp),$in0
-	mov	240($key),$rounds		# key->rounds
-.Lctr32_one:
-___
-	&aesni_generate1("enc",$key,$rounds);
-$code.=<<___;
-	xorps	$inout0,$in0
-	movups	$in0,($out)
-	jmp	.Lctr32_done
-
-.align	16
-.Lctr32_two:
-	xorps	$inout2,$inout2
-	call	_aesni_encrypt3
-	xorps	$inout0,$in0
-	xorps	$inout1,$in1
-	movups	$in0,($out)
-	movups	$in1,0x10($out)
-	jmp	.Lctr32_done
-
-.align	16
-.Lctr32_three:
-	call	_aesni_encrypt3
-	xorps	$inout0,$in0
-	xorps	$inout1,$in1
-	movups	$in0,($out)
-	xorps	$inout2,$in2
-	movups	$in1,0x10($out)
-	movups	$in2,0x20($out)
-	jmp	.Lctr32_done
-
-.align	16
-.Lctr32_four:
-	call	_aesni_encrypt4
-	xorps	$inout0,$in0
-	xorps	$inout1,$in1
-	movups	$in0,($out)
-	xorps	$inout2,$in2
-	movups	$in1,0x10($out)
-	xorps	$inout3,$in3
-	movups	$in2,0x20($out)
-	movups	$in3,0x30($out)
-
-.Lctr32_done:
-___
-$code.=<<___ if ($win64);
-	movaps	0x20(%rsp),%xmm6
-	movaps	0x30(%rsp),%xmm7
-	movaps	0x40(%rsp),%xmm8
-	movaps	0x50(%rsp),%xmm9
-	movaps	0x60(%rsp),%xmm10
-	movaps	0x70(%rsp),%xmm11
-	movaps	0x80(%rsp),%xmm12
-	movaps	0x90(%rsp),%xmm13
-	movaps	0xa0(%rsp),%xmm14
-	movaps	0xb0(%rsp),%xmm15
-	lea	0xc8(%rsp),%rsp
-.Lctr32_ret:
-___
-$code.=<<___;
-	ret
-.size	aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks
-___
-}
-
-######################################################################
-# void aesni_xts_[en|de]crypt(const char *inp,char *out,size_t len,
-#	const AES_KEY *key1, const AES_KEY *key2
-#	const unsigned char iv[16]);
-#
-{
-my @tweak=map("%xmm$_",(10..15));
-my ($twmask,$twres,$twtmp)=("%xmm8","%xmm9",@tweak[4]);
-my ($key2,$ivp,$len_)=("%r8","%r9","%r9");
-my $frame_size = 0x68 + ($win64?160:0);
-
-$code.=<<___;
-.globl	aesni_xts_encrypt
-.type	aesni_xts_encrypt,\@function,6
-.align	16
-aesni_xts_encrypt:
-	lea	-$frame_size(%rsp),%rsp
-___
-$code.=<<___ if ($win64);
-	movaps	%xmm6,0x60(%rsp)
-	movaps	%xmm7,0x70(%rsp)
-	movaps	%xmm8,0x80(%rsp)
-	movaps	%xmm9,0x90(%rsp)
-	movaps	%xmm10,0xa0(%rsp)
-	movaps	%xmm11,0xb0(%rsp)
-	movaps	%xmm12,0xc0(%rsp)
-	movaps	%xmm13,0xd0(%rsp)
-	movaps	%xmm14,0xe0(%rsp)
-	movaps	%xmm15,0xf0(%rsp)
-.Lxts_enc_body:
-___
-$code.=<<___;
-	movups	($ivp),@tweak[5]		# load clear-text tweak
-	mov	240(%r8),$rounds		# key2->rounds
-	mov	240($key),$rnds_		# key1->rounds
-___
-	# generate the tweak
-	&aesni_generate1("enc",$key2,$rounds,@tweak[5]);
-$code.=<<___;
-	mov	$key,$key_			# backup $key
-	mov	$rnds_,$rounds			# backup $rounds
-	mov	$len,$len_			# backup $len
-	and	\$-16,$len
-
-	movdqa	.Lxts_magic(%rip),$twmask
-	pxor	$twtmp,$twtmp
-	pcmpgtd	@tweak[5],$twtmp		# broadcast upper bits
-___
-    for ($i=0;$i<4;$i++) {
-    $code.=<<___;
-	pshufd	\$0x13,$twtmp,$twres
-	pxor	$twtmp,$twtmp
-	movdqa	@tweak[5],@tweak[$i]
-	paddq	@tweak[5],@tweak[5]		# psllq	1,$tweak
-	pand	$twmask,$twres			# isolate carry and residue
-	pcmpgtd	@tweak[5],$twtmp		# broadcat upper bits
-	pxor	$twres,@tweak[5]
-___
-    }
-$code.=<<___;
-	sub	\$16*6,$len
-	jc	.Lxts_enc_short
-
-	shr	\$1,$rounds
-	sub	\$1,$rounds
-	mov	$rounds,$rnds_
-	jmp	.Lxts_enc_grandloop
-
-.align	16
-.Lxts_enc_grandloop:
-	pshufd	\$0x13,$twtmp,$twres
-	movdqa	@tweak[5],@tweak[4]
-	paddq	@tweak[5],@tweak[5]		# psllq 1,$tweak
-	movdqu	`16*0`($inp),$inout0		# load input
-	pand	$twmask,$twres			# isolate carry and residue
-	movdqu	`16*1`($inp),$inout1
-	pxor	$twres,@tweak[5]
-
-	movdqu	`16*2`($inp),$inout2
-	pxor	@tweak[0],$inout0		# input^=tweak
-	movdqu	`16*3`($inp),$inout3
-	pxor	@tweak[1],$inout1
-	movdqu	`16*4`($inp),$inout4
-	pxor	@tweak[2],$inout2
-	movdqu	`16*5`($inp),$inout5
-	lea	`16*6`($inp),$inp
-	pxor	@tweak[3],$inout3
-	$movkey		($key_),$rndkey0
-	pxor	@tweak[4],$inout4
-	pxor	@tweak[5],$inout5
-
-	# inline _aesni_encrypt6 and interleave first and last rounds
-	# with own code...
-	$movkey		16($key_),$rndkey1
-	pxor		$rndkey0,$inout0
-	pxor		$rndkey0,$inout1
-	 movdqa	@tweak[0],`16*0`(%rsp)		# put aside tweaks
-	aesenc		$rndkey1,$inout0
-	lea		32($key_),$key
-	pxor		$rndkey0,$inout2
-	 movdqa	@tweak[1],`16*1`(%rsp)
-	aesenc		$rndkey1,$inout1
-	pxor		$rndkey0,$inout3
-	 movdqa	@tweak[2],`16*2`(%rsp)
-	aesenc		$rndkey1,$inout2
-	pxor		$rndkey0,$inout4
-	 movdqa	@tweak[3],`16*3`(%rsp)
-	aesenc		$rndkey1,$inout3
-	pxor		$rndkey0,$inout5
-	$movkey		($key),$rndkey0
-	dec		$rounds
-	 movdqa	@tweak[4],`16*4`(%rsp)
-	aesenc		$rndkey1,$inout4
-	 movdqa	@tweak[5],`16*5`(%rsp)
-	aesenc		$rndkey1,$inout5
-	pxor	$twtmp,$twtmp
-	pcmpgtd	@tweak[5],$twtmp
-	jmp		.Lxts_enc_loop6_enter
-
-.align	16
-.Lxts_enc_loop6:
-	aesenc		$rndkey1,$inout0
-	aesenc		$rndkey1,$inout1
-	dec		$rounds
-	aesenc		$rndkey1,$inout2
-	aesenc		$rndkey1,$inout3
-	aesenc		$rndkey1,$inout4
-	aesenc		$rndkey1,$inout5
-.Lxts_enc_loop6_enter:
-	$movkey		16($key),$rndkey1
-	aesenc		$rndkey0,$inout0
-	aesenc		$rndkey0,$inout1
-	lea		32($key),$key
-	aesenc		$rndkey0,$inout2
-	aesenc		$rndkey0,$inout3
-	aesenc		$rndkey0,$inout4
-	aesenc		$rndkey0,$inout5
-	$movkey		($key),$rndkey0
-	jnz		.Lxts_enc_loop6
-
-	pshufd	\$0x13,$twtmp,$twres
-	pxor	$twtmp,$twtmp
-	paddq	@tweak[5],@tweak[5]		# psllq	1,$tweak
-	 aesenc		$rndkey1,$inout0
-	pand	$twmask,$twres			# isolate carry and residue
-	 aesenc		$rndkey1,$inout1
-	pcmpgtd	@tweak[5],$twtmp		# broadcast upper bits
-	 aesenc		$rndkey1,$inout2
-	pxor	$twres,@tweak[5]
-	 aesenc		$rndkey1,$inout3
-	 aesenc		$rndkey1,$inout4
-	 aesenc		$rndkey1,$inout5
-	 $movkey	16($key),$rndkey1
-
-	pshufd	\$0x13,$twtmp,$twres
-	pxor	$twtmp,$twtmp
-	movdqa	@tweak[5],@tweak[0]
-	paddq	@tweak[5],@tweak[5]		# psllq	1,$tweak
-	 aesenc		$rndkey0,$inout0
-	pand	$twmask,$twres			# isolate carry and residue
-	 aesenc		$rndkey0,$inout1
-	pcmpgtd	@tweak[5],$twtmp		# broadcat upper bits
-	 aesenc		$rndkey0,$inout2
-	pxor	$twres,@tweak[5]
-	 aesenc		$rndkey0,$inout3
-	 aesenc		$rndkey0,$inout4
-	 aesenc		$rndkey0,$inout5
-	 $movkey	32($key),$rndkey0
-
-	pshufd	\$0x13,$twtmp,$twres
-	pxor	$twtmp,$twtmp
-	movdqa	@tweak[5],@tweak[1]
-	paddq	@tweak[5],@tweak[5]		# psllq	1,$tweak
-	 aesenc		$rndkey1,$inout0
-	pand	$twmask,$twres			# isolate carry and residue
-	 aesenc		$rndkey1,$inout1
-	pcmpgtd	@tweak[5],$twtmp		# broadcat upper bits
-	 aesenc		$rndkey1,$inout2
-	pxor	$twres,@tweak[5]
-	 aesenc		$rndkey1,$inout3
-	 aesenc		$rndkey1,$inout4
-	 aesenc		$rndkey1,$inout5
-
-	pshufd	\$0x13,$twtmp,$twres
-	pxor	$twtmp,$twtmp
-	movdqa	@tweak[5],@tweak[2]
-	paddq	@tweak[5],@tweak[5]		# psllq	1,$tweak
-	 aesenclast	$rndkey0,$inout0
-	pand	$twmask,$twres			# isolate carry and residue
-	 aesenclast	$rndkey0,$inout1
-	pcmpgtd	@tweak[5],$twtmp		# broadcat upper bits
-	 aesenclast	$rndkey0,$inout2
-	pxor	$twres,@tweak[5]
-	 aesenclast	$rndkey0,$inout3
-	 aesenclast	$rndkey0,$inout4
-	 aesenclast	$rndkey0,$inout5
-
-	pshufd	\$0x13,$twtmp,$twres
-	pxor	$twtmp,$twtmp
-	movdqa	@tweak[5],@tweak[3]
-	paddq	@tweak[5],@tweak[5]		# psllq	1,$tweak
-	 xorps	`16*0`(%rsp),$inout0		# output^=tweak
-	pand	$twmask,$twres			# isolate carry and residue
-	 xorps	`16*1`(%rsp),$inout1
-	pcmpgtd	@tweak[5],$twtmp		# broadcat upper bits
-	pxor	$twres,@tweak[5]
-
-	xorps	`16*2`(%rsp),$inout2
-	movups	$inout0,`16*0`($out)		# write output
-	xorps	`16*3`(%rsp),$inout3
-	movups	$inout1,`16*1`($out)
-	xorps	`16*4`(%rsp),$inout4
-	movups	$inout2,`16*2`($out)
-	xorps	`16*5`(%rsp),$inout5
-	movups	$inout3,`16*3`($out)
-	mov	$rnds_,$rounds			# restore $rounds
-	movups	$inout4,`16*4`($out)
-	movups	$inout5,`16*5`($out)
-	lea	`16*6`($out),$out
-	sub	\$16*6,$len
-	jnc	.Lxts_enc_grandloop
-
-	lea	3($rounds,$rounds),$rounds	# restore original value
-	mov	$key_,$key			# restore $key
-	mov	$rounds,$rnds_			# backup $rounds
-
-.Lxts_enc_short:
-	add	\$16*6,$len
-	jz	.Lxts_enc_done
-
-	cmp	\$0x20,$len
-	jb	.Lxts_enc_one
-	je	.Lxts_enc_two
-
-	cmp	\$0x40,$len
-	jb	.Lxts_enc_three
-	je	.Lxts_enc_four
-
-	pshufd	\$0x13,$twtmp,$twres
-	movdqa	@tweak[5],@tweak[4]
-	paddq	@tweak[5],@tweak[5]		# psllq 1,$tweak
-	 movdqu	($inp),$inout0
-	pand	$twmask,$twres			# isolate carry and residue
-	 movdqu	16*1($inp),$inout1
-	pxor	$twres,@tweak[5]
-
-	movdqu	16*2($inp),$inout2
-	pxor	@tweak[0],$inout0
-	movdqu	16*3($inp),$inout3
-	pxor	@tweak[1],$inout1
-	movdqu	16*4($inp),$inout4
-	lea	16*5($inp),$inp
-	pxor	@tweak[2],$inout2
-	pxor	@tweak[3],$inout3
-	pxor	@tweak[4],$inout4
-
-	call	_aesni_encrypt6
-
-	xorps	@tweak[0],$inout0
-	movdqa	@tweak[5],@tweak[0]
-	xorps	@tweak[1],$inout1
-	xorps	@tweak[2],$inout2
-	movdqu	$inout0,($out)
-	xorps	@tweak[3],$inout3
-	movdqu	$inout1,16*1($out)
-	xorps	@tweak[4],$inout4
-	movdqu	$inout2,16*2($out)
-	movdqu	$inout3,16*3($out)
-	movdqu	$inout4,16*4($out)
-	lea	16*5($out),$out
-	jmp	.Lxts_enc_done
-
-.align	16
-.Lxts_enc_one:
-	movups	($inp),$inout0
-	lea	16*1($inp),$inp
-	xorps	@tweak[0],$inout0
-___
-	&aesni_generate1("enc",$key,$rounds);
-$code.=<<___;
-	xorps	@tweak[0],$inout0
-	movdqa	@tweak[1],@tweak[0]
-	movups	$inout0,($out)
-	lea	16*1($out),$out
-	jmp	.Lxts_enc_done
-
-.align	16
-.Lxts_enc_two:
-	movups	($inp),$inout0
-	movups	16($inp),$inout1
-	lea	32($inp),$inp
-	xorps	@tweak[0],$inout0
-	xorps	@tweak[1],$inout1
-
-	call	_aesni_encrypt3
-
-	xorps	@tweak[0],$inout0
-	movdqa	@tweak[2],@tweak[0]
-	xorps	@tweak[1],$inout1
-	movups	$inout0,($out)
-	movups	$inout1,16*1($out)
-	lea	16*2($out),$out
-	jmp	.Lxts_enc_done
-
-.align	16
-.Lxts_enc_three:
-	movups	($inp),$inout0
-	movups	16*1($inp),$inout1
-	movups	16*2($inp),$inout2
-	lea	16*3($inp),$inp
-	xorps	@tweak[0],$inout0
-	xorps	@tweak[1],$inout1
-	xorps	@tweak[2],$inout2
-
-	call	_aesni_encrypt3
-
-	xorps	@tweak[0],$inout0
-	movdqa	@tweak[3],@tweak[0]
-	xorps	@tweak[1],$inout1
-	xorps	@tweak[2],$inout2
-	movups	$inout0,($out)
-	movups	$inout1,16*1($out)
-	movups	$inout2,16*2($out)
-	lea	16*3($out),$out
-	jmp	.Lxts_enc_done
-
-.align	16
-.Lxts_enc_four:
-	movups	($inp),$inout0
-	movups	16*1($inp),$inout1
-	movups	16*2($inp),$inout2
-	xorps	@tweak[0],$inout0
-	movups	16*3($inp),$inout3
-	lea	16*4($inp),$inp
-	xorps	@tweak[1],$inout1
-	xorps	@tweak[2],$inout2
-	xorps	@tweak[3],$inout3
-
-	call	_aesni_encrypt4
-
-	xorps	@tweak[0],$inout0
-	movdqa	@tweak[5],@tweak[0]
-	xorps	@tweak[1],$inout1
-	xorps	@tweak[2],$inout2
-	movups	$inout0,($out)
-	xorps	@tweak[3],$inout3
-	movups	$inout1,16*1($out)
-	movups	$inout2,16*2($out)
-	movups	$inout3,16*3($out)
-	lea	16*4($out),$out
-	jmp	.Lxts_enc_done
-
-.align	16
-.Lxts_enc_done:
-	and	\$15,$len_
-	jz	.Lxts_enc_ret
-	mov	$len_,$len
-
-.Lxts_enc_steal:
-	movzb	($inp),%eax			# borrow $rounds ...
-	movzb	-16($out),%ecx			# ... and $key
-	lea	1($inp),$inp
-	mov	%al,-16($out)
-	mov	%cl,0($out)
-	lea	1($out),$out
-	sub	\$1,$len
-	jnz	.Lxts_enc_steal
-
-	sub	$len_,$out			# rewind $out
-	mov	$key_,$key			# restore $key
-	mov	$rnds_,$rounds			# restore $rounds
-
-	movups	-16($out),$inout0
-	xorps	@tweak[0],$inout0
-___
-	&aesni_generate1("enc",$key,$rounds);
-$code.=<<___;
-	xorps	@tweak[0],$inout0
-	movups	$inout0,-16($out)
-
-.Lxts_enc_ret:
-___
-$code.=<<___ if ($win64);
-	movaps	0x60(%rsp),%xmm6
-	movaps	0x70(%rsp),%xmm7
-	movaps	0x80(%rsp),%xmm8
-	movaps	0x90(%rsp),%xmm9
-	movaps	0xa0(%rsp),%xmm10
-	movaps	0xb0(%rsp),%xmm11
-	movaps	0xc0(%rsp),%xmm12
-	movaps	0xd0(%rsp),%xmm13
-	movaps	0xe0(%rsp),%xmm14
-	movaps	0xf0(%rsp),%xmm15
-___
-$code.=<<___;
-	lea	$frame_size(%rsp),%rsp
-.Lxts_enc_epilogue:
-	ret
-.size	aesni_xts_encrypt,.-aesni_xts_encrypt
-___
-
-$code.=<<___;
-.globl	aesni_xts_decrypt
-.type	aesni_xts_decrypt,\@function,6
-.align	16
-aesni_xts_decrypt:
-	lea	-$frame_size(%rsp),%rsp
-___
-$code.=<<___ if ($win64);
-	movaps	%xmm6,0x60(%rsp)
-	movaps	%xmm7,0x70(%rsp)
-	movaps	%xmm8,0x80(%rsp)
-	movaps	%xmm9,0x90(%rsp)
-	movaps	%xmm10,0xa0(%rsp)
-	movaps	%xmm11,0xb0(%rsp)
-	movaps	%xmm12,0xc0(%rsp)
-	movaps	%xmm13,0xd0(%rsp)
-	movaps	%xmm14,0xe0(%rsp)
-	movaps	%xmm15,0xf0(%rsp)
-.Lxts_dec_body:
-___
-$code.=<<___;
-	movups	($ivp),@tweak[5]		# load clear-text tweak
-	mov	240($key2),$rounds		# key2->rounds
-	mov	240($key),$rnds_		# key1->rounds
-___
-	# generate the tweak
-	&aesni_generate1("enc",$key2,$rounds,@tweak[5]);
-$code.=<<___;
-	xor	%eax,%eax			# if ($len%16) len-=16;
-	test	\$15,$len
-	setnz	%al
-	shl	\$4,%rax
-	sub	%rax,$len
-
-	mov	$key,$key_			# backup $key
-	mov	$rnds_,$rounds			# backup $rounds
-	mov	$len,$len_			# backup $len
-	and	\$-16,$len
-
-	movdqa	.Lxts_magic(%rip),$twmask
-	pxor	$twtmp,$twtmp
-	pcmpgtd	@tweak[5],$twtmp		# broadcast upper bits
-___
-    for ($i=0;$i<4;$i++) {
-    $code.=<<___;
-	pshufd	\$0x13,$twtmp,$twres
-	pxor	$twtmp,$twtmp
-	movdqa	@tweak[5],@tweak[$i]
-	paddq	@tweak[5],@tweak[5]		# psllq	1,$tweak
-	pand	$twmask,$twres			# isolate carry and residue
-	pcmpgtd	@tweak[5],$twtmp		# broadcat upper bits
-	pxor	$twres,@tweak[5]
-___
-    }
-$code.=<<___;
-	sub	\$16*6,$len
-	jc	.Lxts_dec_short
-
-	shr	\$1,$rounds
-	sub	\$1,$rounds
-	mov	$rounds,$rnds_
-	jmp	.Lxts_dec_grandloop
-
-.align	16
-.Lxts_dec_grandloop:
-	pshufd	\$0x13,$twtmp,$twres
-	movdqa	@tweak[5],@tweak[4]
-	paddq	@tweak[5],@tweak[5]		# psllq 1,$tweak
-	movdqu	`16*0`($inp),$inout0		# load input
-	pand	$twmask,$twres			# isolate carry and residue
-	movdqu	`16*1`($inp),$inout1
-	pxor	$twres,@tweak[5]
-
-	movdqu	`16*2`($inp),$inout2
-	pxor	@tweak[0],$inout0		# input^=tweak
-	movdqu	`16*3`($inp),$inout3
-	pxor	@tweak[1],$inout1
-	movdqu	`16*4`($inp),$inout4
-	pxor	@tweak[2],$inout2
-	movdqu	`16*5`($inp),$inout5
-	lea	`16*6`($inp),$inp
-	pxor	@tweak[3],$inout3
-	$movkey		($key_),$rndkey0
-	pxor	@tweak[4],$inout4
-	pxor	@tweak[5],$inout5
-
-	# inline _aesni_decrypt6 and interleave first and last rounds
-	# with own code...
-	$movkey		16($key_),$rndkey1
-	pxor		$rndkey0,$inout0
-	pxor		$rndkey0,$inout1
-	 movdqa	@tweak[0],`16*0`(%rsp)		# put aside tweaks
-	aesdec		$rndkey1,$inout0
-	lea		32($key_),$key
-	pxor		$rndkey0,$inout2
-	 movdqa	@tweak[1],`16*1`(%rsp)
-	aesdec		$rndkey1,$inout1
-	pxor		$rndkey0,$inout3
-	 movdqa	@tweak[2],`16*2`(%rsp)
-	aesdec		$rndkey1,$inout2
-	pxor		$rndkey0,$inout4
-	 movdqa	@tweak[3],`16*3`(%rsp)
-	aesdec		$rndkey1,$inout3
-	pxor		$rndkey0,$inout5
-	$movkey		($key),$rndkey0
-	dec		$rounds
-	 movdqa	@tweak[4],`16*4`(%rsp)
-	aesdec		$rndkey1,$inout4
-	 movdqa	@tweak[5],`16*5`(%rsp)
-	aesdec		$rndkey1,$inout5
-	pxor	$twtmp,$twtmp
-	pcmpgtd	@tweak[5],$twtmp
-	jmp		.Lxts_dec_loop6_enter
-
-.align	16
-.Lxts_dec_loop6:
-	aesdec		$rndkey1,$inout0
-	aesdec		$rndkey1,$inout1
-	dec		$rounds
-	aesdec		$rndkey1,$inout2
-	aesdec		$rndkey1,$inout3
-	aesdec		$rndkey1,$inout4
-	aesdec		$rndkey1,$inout5
-.Lxts_dec_loop6_enter:
-	$movkey		16($key),$rndkey1
-	aesdec		$rndkey0,$inout0
-	aesdec		$rndkey0,$inout1
-	lea		32($key),$key
-	aesdec		$rndkey0,$inout2
-	aesdec		$rndkey0,$inout3
-	aesdec		$rndkey0,$inout4
-	aesdec		$rndkey0,$inout5
-	$movkey		($key),$rndkey0
-	jnz		.Lxts_dec_loop6
-
-	pshufd	\$0x13,$twtmp,$twres
-	pxor	$twtmp,$twtmp
-	paddq	@tweak[5],@tweak[5]		# psllq	1,$tweak
-	 aesdec		$rndkey1,$inout0
-	pand	$twmask,$twres			# isolate carry and residue
-	 aesdec		$rndkey1,$inout1
-	pcmpgtd	@tweak[5],$twtmp		# broadcast upper bits
-	 aesdec		$rndkey1,$inout2
-	pxor	$twres,@tweak[5]
-	 aesdec		$rndkey1,$inout3
-	 aesdec		$rndkey1,$inout4
-	 aesdec		$rndkey1,$inout5
-	 $movkey	16($key),$rndkey1
-
-	pshufd	\$0x13,$twtmp,$twres
-	pxor	$twtmp,$twtmp
-	movdqa	@tweak[5],@tweak[0]
-	paddq	@tweak[5],@tweak[5]		# psllq	1,$tweak
-	 aesdec		$rndkey0,$inout0
-	pand	$twmask,$twres			# isolate carry and residue
-	 aesdec		$rndkey0,$inout1
-	pcmpgtd	@tweak[5],$twtmp		# broadcat upper bits
-	 aesdec		$rndkey0,$inout2
-	pxor	$twres,@tweak[5]
-	 aesdec		$rndkey0,$inout3
-	 aesdec		$rndkey0,$inout4
-	 aesdec		$rndkey0,$inout5
-	 $movkey	32($key),$rndkey0
-
-	pshufd	\$0x13,$twtmp,$twres
-	pxor	$twtmp,$twtmp
-	movdqa	@tweak[5],@tweak[1]
-	paddq	@tweak[5],@tweak[5]		# psllq	1,$tweak
-	 aesdec		$rndkey1,$inout0
-	pand	$twmask,$twres			# isolate carry and residue
-	 aesdec		$rndkey1,$inout1
-	pcmpgtd	@tweak[5],$twtmp		# broadcat upper bits
-	 aesdec		$rndkey1,$inout2
-	pxor	$twres,@tweak[5]
-	 aesdec		$rndkey1,$inout3
-	 aesdec		$rndkey1,$inout4
-	 aesdec		$rndkey1,$inout5
-
-	pshufd	\$0x13,$twtmp,$twres
-	pxor	$twtmp,$twtmp
-	movdqa	@tweak[5],@tweak[2]
-	paddq	@tweak[5],@tweak[5]		# psllq	1,$tweak
-	 aesdeclast	$rndkey0,$inout0
-	pand	$twmask,$twres			# isolate carry and residue
-	 aesdeclast	$rndkey0,$inout1
-	pcmpgtd	@tweak[5],$twtmp		# broadcat upper bits
-	 aesdeclast	$rndkey0,$inout2
-	pxor	$twres,@tweak[5]
-	 aesdeclast	$rndkey0,$inout3
-	 aesdeclast	$rndkey0,$inout4
-	 aesdeclast	$rndkey0,$inout5
-
-	pshufd	\$0x13,$twtmp,$twres
-	pxor	$twtmp,$twtmp
-	movdqa	@tweak[5],@tweak[3]
-	paddq	@tweak[5],@tweak[5]		# psllq	1,$tweak
-	 xorps	`16*0`(%rsp),$inout0		# output^=tweak
-	pand	$twmask,$twres			# isolate carry and residue
-	 xorps	`16*1`(%rsp),$inout1
-	pcmpgtd	@tweak[5],$twtmp		# broadcat upper bits
-	pxor	$twres,@tweak[5]
-
-	xorps	`16*2`(%rsp),$inout2
-	movups	$inout0,`16*0`($out)		# write output
-	xorps	`16*3`(%rsp),$inout3
-	movups	$inout1,`16*1`($out)
-	xorps	`16*4`(%rsp),$inout4
-	movups	$inout2,`16*2`($out)
-	xorps	`16*5`(%rsp),$inout5
-	movups	$inout3,`16*3`($out)
-	mov	$rnds_,$rounds			# restore $rounds
-	movups	$inout4,`16*4`($out)
-	movups	$inout5,`16*5`($out)
-	lea	`16*6`($out),$out
-	sub	\$16*6,$len
-	jnc	.Lxts_dec_grandloop
-
-	lea	3($rounds,$rounds),$rounds	# restore original value
-	mov	$key_,$key			# restore $key
-	mov	$rounds,$rnds_			# backup $rounds
-
-.Lxts_dec_short:
-	add	\$16*6,$len
-	jz	.Lxts_dec_done
-
-	cmp	\$0x20,$len
-	jb	.Lxts_dec_one
-	je	.Lxts_dec_two
-
-	cmp	\$0x40,$len
-	jb	.Lxts_dec_three
-	je	.Lxts_dec_four
-
-	pshufd	\$0x13,$twtmp,$twres
-	movdqa	@tweak[5],@tweak[4]
-	paddq	@tweak[5],@tweak[5]		# psllq 1,$tweak
-	 movdqu	($inp),$inout0
-	pand	$twmask,$twres			# isolate carry and residue
-	 movdqu	16*1($inp),$inout1
-	pxor	$twres,@tweak[5]
-
-	movdqu	16*2($inp),$inout2
-	pxor	@tweak[0],$inout0
-	movdqu	16*3($inp),$inout3
-	pxor	@tweak[1],$inout1
-	movdqu	16*4($inp),$inout4
-	lea	16*5($inp),$inp
-	pxor	@tweak[2],$inout2
-	pxor	@tweak[3],$inout3
-	pxor	@tweak[4],$inout4
-
-	call	_aesni_decrypt6
-
-	xorps	@tweak[0],$inout0
-	xorps	@tweak[1],$inout1
-	xorps	@tweak[2],$inout2
-	movdqu	$inout0,($out)
-	xorps	@tweak[3],$inout3
-	movdqu	$inout1,16*1($out)
-	xorps	@tweak[4],$inout4
-	movdqu	$inout2,16*2($out)
-	 pxor		$twtmp,$twtmp
-	movdqu	$inout3,16*3($out)
-	 pcmpgtd	@tweak[5],$twtmp
-	movdqu	$inout4,16*4($out)
-	lea	16*5($out),$out
-	 pshufd		\$0x13,$twtmp,@tweak[1]	# $twres
-	and	\$15,$len_
-	jz	.Lxts_dec_ret
-
-	movdqa	@tweak[5],@tweak[0]
-	paddq	@tweak[5],@tweak[5]		# psllq 1,$tweak
-	pand	$twmask,@tweak[1]		# isolate carry and residue
-	pxor	@tweak[5],@tweak[1]
-	jmp	.Lxts_dec_done2
-
-.align	16
-.Lxts_dec_one:
-	movups	($inp),$inout0
-	lea	16*1($inp),$inp
-	xorps	@tweak[0],$inout0
-___
-	&aesni_generate1("dec",$key,$rounds);
-$code.=<<___;
-	xorps	@tweak[0],$inout0
-	movdqa	@tweak[1],@tweak[0]
-	movups	$inout0,($out)
-	movdqa	@tweak[2],@tweak[1]
-	lea	16*1($out),$out
-	jmp	.Lxts_dec_done
-
-.align	16
-.Lxts_dec_two:
-	movups	($inp),$inout0
-	movups	16($inp),$inout1
-	lea	32($inp),$inp
-	xorps	@tweak[0],$inout0
-	xorps	@tweak[1],$inout1
-
-	call	_aesni_decrypt3
-
-	xorps	@tweak[0],$inout0
-	movdqa	@tweak[2],@tweak[0]
-	xorps	@tweak[1],$inout1
-	movdqa	@tweak[3],@tweak[1]
-	movups	$inout0,($out)
-	movups	$inout1,16*1($out)
-	lea	16*2($out),$out
-	jmp	.Lxts_dec_done
-
-.align	16
-.Lxts_dec_three:
-	movups	($inp),$inout0
-	movups	16*1($inp),$inout1
-	movups	16*2($inp),$inout2
-	lea	16*3($inp),$inp
-	xorps	@tweak[0],$inout0
-	xorps	@tweak[1],$inout1
-	xorps	@tweak[2],$inout2
-
-	call	_aesni_decrypt3
-
-	xorps	@tweak[0],$inout0
-	movdqa	@tweak[3],@tweak[0]
-	xorps	@tweak[1],$inout1
-	movdqa	@tweak[5],@tweak[1]
-	xorps	@tweak[2],$inout2
-	movups	$inout0,($out)
-	movups	$inout1,16*1($out)
-	movups	$inout2,16*2($out)
-	lea	16*3($out),$out
-	jmp	.Lxts_dec_done
-
-.align	16
-.Lxts_dec_four:
-	pshufd	\$0x13,$twtmp,$twres
-	movdqa	@tweak[5],@tweak[4]
-	paddq	@tweak[5],@tweak[5]		# psllq 1,$tweak
-	 movups	($inp),$inout0
-	pand	$twmask,$twres			# isolate carry and residue
-	 movups	16*1($inp),$inout1
-	pxor	$twres,@tweak[5]
-
-	movups	16*2($inp),$inout2
-	xorps	@tweak[0],$inout0
-	movups	16*3($inp),$inout3
-	lea	16*4($inp),$inp
-	xorps	@tweak[1],$inout1
-	xorps	@tweak[2],$inout2
-	xorps	@tweak[3],$inout3
-
-	call	_aesni_decrypt4
-
-	xorps	@tweak[0],$inout0
-	movdqa	@tweak[4],@tweak[0]
-	xorps	@tweak[1],$inout1
-	movdqa	@tweak[5],@tweak[1]
-	xorps	@tweak[2],$inout2
-	movups	$inout0,($out)
-	xorps	@tweak[3],$inout3
-	movups	$inout1,16*1($out)
-	movups	$inout2,16*2($out)
-	movups	$inout3,16*3($out)
-	lea	16*4($out),$out
-	jmp	.Lxts_dec_done
-
-.align	16
-.Lxts_dec_done:
-	and	\$15,$len_
-	jz	.Lxts_dec_ret
-.Lxts_dec_done2:
-	mov	$len_,$len
-	mov	$key_,$key			# restore $key
-	mov	$rnds_,$rounds			# restore $rounds
-
-	movups	($inp),$inout0
-	xorps	@tweak[1],$inout0
-___
-	&aesni_generate1("dec",$key,$rounds);
-$code.=<<___;
-	xorps	@tweak[1],$inout0
-	movups	$inout0,($out)
-
-.Lxts_dec_steal:
-	movzb	16($inp),%eax			# borrow $rounds ...
-	movzb	($out),%ecx			# ... and $key
-	lea	1($inp),$inp
-	mov	%al,($out)
-	mov	%cl,16($out)
-	lea	1($out),$out
-	sub	\$1,$len
-	jnz	.Lxts_dec_steal
-
-	sub	$len_,$out			# rewind $out
-	mov	$key_,$key			# restore $key
-	mov	$rnds_,$rounds			# restore $rounds
-
-	movups	($out),$inout0
-	xorps	@tweak[0],$inout0
-___
-	&aesni_generate1("dec",$key,$rounds);
-$code.=<<___;
-	xorps	@tweak[0],$inout0
-	movups	$inout0,($out)
-
-.Lxts_dec_ret:
-___
-$code.=<<___ if ($win64);
-	movaps	0x60(%rsp),%xmm6
-	movaps	0x70(%rsp),%xmm7
-	movaps	0x80(%rsp),%xmm8
-	movaps	0x90(%rsp),%xmm9
-	movaps	0xa0(%rsp),%xmm10
-	movaps	0xb0(%rsp),%xmm11
-	movaps	0xc0(%rsp),%xmm12
-	movaps	0xd0(%rsp),%xmm13
-	movaps	0xe0(%rsp),%xmm14
-	movaps	0xf0(%rsp),%xmm15
-___
-$code.=<<___;
-	lea	$frame_size(%rsp),%rsp
-.Lxts_dec_epilogue:
-	ret
-.size	aesni_xts_decrypt,.-aesni_xts_decrypt
-___
-} }}
-
-########################################################################
-# void $PREFIX_cbc_encrypt (const void *inp, void *out,
-#			    size_t length, const AES_KEY *key,
-#			    unsigned char *ivp,const int enc);
-{
-my $reserved = $win64?0x40:-0x18;	# used in decrypt
-$code.=<<___;
-.globl	${PREFIX}_cbc_encrypt
-.type	${PREFIX}_cbc_encrypt,\@function,6
-.align	16
-${PREFIX}_cbc_encrypt:
-	test	$len,$len		# check length
-	jz	.Lcbc_ret
-
-	mov	240($key),$rnds_	# key->rounds
-	mov	$key,$key_		# backup $key
-	test	%r9d,%r9d		# 6th argument
-	jz	.Lcbc_decrypt
-#--------------------------- CBC ENCRYPT ------------------------------#
-	movups	($ivp),$inout0		# load iv as initial state
-	mov	$rnds_,$rounds
-	cmp	\$16,$len
-	jb	.Lcbc_enc_tail
-	sub	\$16,$len
-	jmp	.Lcbc_enc_loop
-.align	16
-.Lcbc_enc_loop:
-	movups	($inp),$inout1		# load input
-	lea	16($inp),$inp
-	#xorps	$inout1,$inout0
-___
-	&aesni_generate1("enc",$key,$rounds,$inout0,$inout1);
-$code.=<<___;
-	mov	$rnds_,$rounds		# restore $rounds
-	mov	$key_,$key		# restore $key
-	movups	$inout0,0($out)		# store output
-	lea	16($out),$out
-	sub	\$16,$len
-	jnc	.Lcbc_enc_loop
-	add	\$16,$len
-	jnz	.Lcbc_enc_tail
-	movups	$inout0,($ivp)
-	jmp	.Lcbc_ret
-
-.Lcbc_enc_tail:
-	mov	$len,%rcx	# zaps $key
-	xchg	$inp,$out	# $inp is %rsi and $out is %rdi now
-	.long	0x9066A4F3	# rep movsb
-	mov	\$16,%ecx	# zero tail
-	sub	$len,%rcx
-	xor	%eax,%eax
-	.long	0x9066AAF3	# rep stosb
-	lea	-16(%rdi),%rdi	# rewind $out by 1 block
-	mov	$rnds_,$rounds	# restore $rounds
-	mov	%rdi,%rsi	# $inp and $out are the same
-	mov	$key_,$key	# restore $key
-	xor	$len,$len	# len=16
-	jmp	.Lcbc_enc_loop	# one more spin
-#--------------------------- CBC DECRYPT ------------------------------#
-.align	16
-.Lcbc_decrypt:
-___
-$code.=<<___ if ($win64);
-	lea	-0x58(%rsp),%rsp
-	movaps	%xmm6,(%rsp)
-	movaps	%xmm7,0x10(%rsp)
-	movaps	%xmm8,0x20(%rsp)
-	movaps	%xmm9,0x30(%rsp)
-.Lcbc_decrypt_body:
-___
-$code.=<<___;
-	movups	($ivp),$iv
-	mov	$rnds_,$rounds
-	cmp	\$0x70,$len
-	jbe	.Lcbc_dec_tail
-	shr	\$1,$rnds_
-	sub	\$0x70,$len
-	mov	$rnds_,$rounds
-	movaps	$iv,$reserved(%rsp)
-	jmp	.Lcbc_dec_loop8_enter
-.align	16
-.Lcbc_dec_loop8:
-	movaps	$rndkey0,$reserved(%rsp)	# save IV
-	movups	$inout7,($out)
-	lea	0x10($out),$out
-.Lcbc_dec_loop8_enter:
-	$movkey		($key),$rndkey0
-	movups	($inp),$inout0			# load input
-	movups	0x10($inp),$inout1
-	$movkey		16($key),$rndkey1
-
-	lea		32($key),$key
-	movdqu	0x20($inp),$inout2
-	xorps		$rndkey0,$inout0
-	movdqu	0x30($inp),$inout3
-	xorps		$rndkey0,$inout1
-	movdqu	0x40($inp),$inout4
-	aesdec		$rndkey1,$inout0
-	pxor		$rndkey0,$inout2
-	movdqu	0x50($inp),$inout5
-	aesdec		$rndkey1,$inout1
-	pxor		$rndkey0,$inout3
-	movdqu	0x60($inp),$inout6
-	aesdec		$rndkey1,$inout2
-	pxor		$rndkey0,$inout4
-	movdqu	0x70($inp),$inout7
-	aesdec		$rndkey1,$inout3
-	pxor		$rndkey0,$inout5
-	dec		$rounds
-	aesdec		$rndkey1,$inout4
-	pxor		$rndkey0,$inout6
-	aesdec		$rndkey1,$inout5
-	pxor		$rndkey0,$inout7
-	$movkey		($key),$rndkey0
-	aesdec		$rndkey1,$inout6
-	aesdec		$rndkey1,$inout7
-	$movkey		16($key),$rndkey1
-
-	call		.Ldec_loop8_enter
-
-	movups	($inp),$rndkey1		# re-load input
-	movups	0x10($inp),$rndkey0
-	xorps	$reserved(%rsp),$inout0	# ^= IV
-	xorps	$rndkey1,$inout1
-	movups	0x20($inp),$rndkey1
-	xorps	$rndkey0,$inout2
-	movups	0x30($inp),$rndkey0
-	xorps	$rndkey1,$inout3
-	movups	0x40($inp),$rndkey1
-	xorps	$rndkey0,$inout4
-	movups	0x50($inp),$rndkey0
-	xorps	$rndkey1,$inout5
-	movups	0x60($inp),$rndkey1
-	xorps	$rndkey0,$inout6
-	movups	0x70($inp),$rndkey0	# IV
-	xorps	$rndkey1,$inout7
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	mov	$rnds_,$rounds		# restore $rounds
-	movups	$inout4,0x40($out)
-	mov	$key_,$key		# restore $key
-	movups	$inout5,0x50($out)
-	lea	0x80($inp),$inp
-	movups	$inout6,0x60($out)
-	lea	0x70($out),$out
-	sub	\$0x80,$len
-	ja	.Lcbc_dec_loop8
-
-	movaps	$inout7,$inout0
-	movaps	$rndkey0,$iv
-	add	\$0x70,$len
-	jle	.Lcbc_dec_tail_collected
-	movups	$inout0,($out)
-	lea	1($rnds_,$rnds_),$rounds
-	lea	0x10($out),$out
-.Lcbc_dec_tail:
-	movups	($inp),$inout0
-	movaps	$inout0,$in0
-	cmp	\$0x10,$len
-	jbe	.Lcbc_dec_one
-
-	movups	0x10($inp),$inout1
-	movaps	$inout1,$in1
-	cmp	\$0x20,$len
-	jbe	.Lcbc_dec_two
-
-	movups	0x20($inp),$inout2
-	movaps	$inout2,$in2
-	cmp	\$0x30,$len
-	jbe	.Lcbc_dec_three
-
-	movups	0x30($inp),$inout3
-	cmp	\$0x40,$len
-	jbe	.Lcbc_dec_four
-
-	movups	0x40($inp),$inout4
-	cmp	\$0x50,$len
-	jbe	.Lcbc_dec_five
-
-	movups	0x50($inp),$inout5
-	cmp	\$0x60,$len
-	jbe	.Lcbc_dec_six
-
-	movups	0x60($inp),$inout6
-	movaps	$iv,$reserved(%rsp)	# save IV
-	call	_aesni_decrypt8
-	movups	($inp),$rndkey1
-	movups	0x10($inp),$rndkey0
-	xorps	$reserved(%rsp),$inout0	# ^= IV
-	xorps	$rndkey1,$inout1
-	movups	0x20($inp),$rndkey1
-	xorps	$rndkey0,$inout2
-	movups	0x30($inp),$rndkey0
-	xorps	$rndkey1,$inout3
-	movups	0x40($inp),$rndkey1
-	xorps	$rndkey0,$inout4
-	movups	0x50($inp),$rndkey0
-	xorps	$rndkey1,$inout5
-	movups	0x60($inp),$iv		# IV
-	xorps	$rndkey0,$inout6
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	movups	$inout4,0x40($out)
-	movups	$inout5,0x50($out)
-	lea	0x60($out),$out
-	movaps	$inout6,$inout0
-	sub	\$0x70,$len
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_one:
-___
-	&aesni_generate1("dec",$key,$rounds);
-$code.=<<___;
-	xorps	$iv,$inout0
-	movaps	$in0,$iv
-	sub	\$0x10,$len
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_two:
-	xorps	$inout2,$inout2
-	call	_aesni_decrypt3
-	xorps	$iv,$inout0
-	xorps	$in0,$inout1
-	movups	$inout0,($out)
-	movaps	$in1,$iv
-	movaps	$inout1,$inout0
-	lea	0x10($out),$out
-	sub	\$0x20,$len
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_three:
-	call	_aesni_decrypt3
-	xorps	$iv,$inout0
-	xorps	$in0,$inout1
-	movups	$inout0,($out)
-	xorps	$in1,$inout2
-	movups	$inout1,0x10($out)
-	movaps	$in2,$iv
-	movaps	$inout2,$inout0
-	lea	0x20($out),$out
-	sub	\$0x30,$len
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_four:
-	call	_aesni_decrypt4
-	xorps	$iv,$inout0
-	movups	0x30($inp),$iv
-	xorps	$in0,$inout1
-	movups	$inout0,($out)
-	xorps	$in1,$inout2
-	movups	$inout1,0x10($out)
-	xorps	$in2,$inout3
-	movups	$inout2,0x20($out)
-	movaps	$inout3,$inout0
-	lea	0x30($out),$out
-	sub	\$0x40,$len
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_five:
-	xorps	$inout5,$inout5
-	call	_aesni_decrypt6
-	movups	0x10($inp),$rndkey1
-	movups	0x20($inp),$rndkey0
-	xorps	$iv,$inout0
-	xorps	$in0,$inout1
-	xorps	$rndkey1,$inout2
-	movups	0x30($inp),$rndkey1
-	xorps	$rndkey0,$inout3
-	movups	0x40($inp),$iv
-	xorps	$rndkey1,$inout4
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	lea	0x40($out),$out
-	movaps	$inout4,$inout0
-	sub	\$0x50,$len
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_six:
-	call	_aesni_decrypt6
-	movups	0x10($inp),$rndkey1
-	movups	0x20($inp),$rndkey0
-	xorps	$iv,$inout0
-	xorps	$in0,$inout1
-	xorps	$rndkey1,$inout2
-	movups	0x30($inp),$rndkey1
-	xorps	$rndkey0,$inout3
-	movups	0x40($inp),$rndkey0
-	xorps	$rndkey1,$inout4
-	movups	0x50($inp),$iv
-	xorps	$rndkey0,$inout5
-	movups	$inout0,($out)
-	movups	$inout1,0x10($out)
-	movups	$inout2,0x20($out)
-	movups	$inout3,0x30($out)
-	movups	$inout4,0x40($out)
-	lea	0x50($out),$out
-	movaps	$inout5,$inout0
-	sub	\$0x60,$len
-	jmp	.Lcbc_dec_tail_collected
-.align	16
-.Lcbc_dec_tail_collected:
-	and	\$15,$len
-	movups	$iv,($ivp)
-	jnz	.Lcbc_dec_tail_partial
-	movups	$inout0,($out)
-	jmp	.Lcbc_dec_ret
-.align	16
-.Lcbc_dec_tail_partial:
-	movaps	$inout0,$reserved(%rsp)
-	mov	\$16,%rcx
-	mov	$out,%rdi
-	sub	$len,%rcx
-	lea	$reserved(%rsp),%rsi
-	.long	0x9066A4F3	# rep movsb
-
-.Lcbc_dec_ret:
-___
-$code.=<<___ if ($win64);
-	movaps	(%rsp),%xmm6
-	movaps	0x10(%rsp),%xmm7
-	movaps	0x20(%rsp),%xmm8
-	movaps	0x30(%rsp),%xmm9
-	lea	0x58(%rsp),%rsp
-___
-$code.=<<___;
-.Lcbc_ret:
-	ret
-.size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
-___
-} 
-# int $PREFIX_set_[en|de]crypt_key (const unsigned char *userKey,
-#				int bits, AES_KEY *key)
-{ my ($inp,$bits,$key) = @_4args;
-  $bits =~ s/%r/%e/;
-
-$code.=<<___;
-.globl	${PREFIX}_set_decrypt_key
-.type	${PREFIX}_set_decrypt_key,\@abi-omnipotent
-.align	16
-${PREFIX}_set_decrypt_key:
-	.byte	0x48,0x83,0xEC,0x08	# sub rsp,8
-	call	__aesni_set_encrypt_key
-	shl	\$4,$bits		# rounds-1 after _aesni_set_encrypt_key
-	test	%eax,%eax
-	jnz	.Ldec_key_ret
-	lea	16($key,$bits),$inp	# points at the end of key schedule
-
-	$movkey	($key),%xmm0		# just swap
-	$movkey	($inp),%xmm1
-	$movkey	%xmm0,($inp)
-	$movkey	%xmm1,($key)
-	lea	16($key),$key
-	lea	-16($inp),$inp
-
-.Ldec_key_inverse:
-	$movkey	($key),%xmm0		# swap and inverse
-	$movkey	($inp),%xmm1
-	aesimc	%xmm0,%xmm0
-	aesimc	%xmm1,%xmm1
-	lea	16($key),$key
-	lea	-16($inp),$inp
-	$movkey	%xmm0,16($inp)
-	$movkey	%xmm1,-16($key)
-	cmp	$key,$inp
-	ja	.Ldec_key_inverse
-
-	$movkey	($key),%xmm0		# inverse middle
-	aesimc	%xmm0,%xmm0
-	$movkey	%xmm0,($inp)
-.Ldec_key_ret:
-	add	\$8,%rsp
-	ret
-.LSEH_end_set_decrypt_key:
-.size	${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
-___
-
-# This is based on submission by
-#
-#	Huang Ying <ying.huang@intel.com>
-#	Vinodh Gopal <vinodh.gopal@intel.com>
-#	Kahraman Akdemir
-#
-# Agressively optimized in respect to aeskeygenassist's critical path
-# and is contained in %xmm0-5 to meet Win64 ABI requirement.
-#
-$code.=<<___;
-.globl	${PREFIX}_set_encrypt_key
-.type	${PREFIX}_set_encrypt_key,\@abi-omnipotent
-.align	16
-${PREFIX}_set_encrypt_key:
-__aesni_set_encrypt_key:
-	.byte	0x48,0x83,0xEC,0x08	# sub rsp,8
-	mov	\$-1,%rax
-	test	$inp,$inp
-	jz	.Lenc_key_ret
-	test	$key,$key
-	jz	.Lenc_key_ret
-
-	movups	($inp),%xmm0		# pull first 128 bits of *userKey
-	xorps	%xmm4,%xmm4		# low dword of xmm4 is assumed 0
-	lea	16($key),%rax
-	cmp	\$256,$bits
-	je	.L14rounds
-	cmp	\$192,$bits
-	je	.L12rounds
-	cmp	\$128,$bits
-	jne	.Lbad_keybits
-
-.L10rounds:
-	mov	\$9,$bits			# 10 rounds for 128-bit key
-	$movkey	%xmm0,($key)			# round 0
-	aeskeygenassist	\$0x1,%xmm0,%xmm1	# round 1
-	call		.Lkey_expansion_128_cold
-	aeskeygenassist	\$0x2,%xmm0,%xmm1	# round 2
-	call		.Lkey_expansion_128
-	aeskeygenassist	\$0x4,%xmm0,%xmm1	# round 3
-	call		.Lkey_expansion_128
-	aeskeygenassist	\$0x8,%xmm0,%xmm1	# round 4
-	call		.Lkey_expansion_128
-	aeskeygenassist	\$0x10,%xmm0,%xmm1	# round 5
-	call		.Lkey_expansion_128
-	aeskeygenassist	\$0x20,%xmm0,%xmm1	# round 6
-	call		.Lkey_expansion_128
-	aeskeygenassist	\$0x40,%xmm0,%xmm1	# round 7
-	call		.Lkey_expansion_128
-	aeskeygenassist	\$0x80,%xmm0,%xmm1	# round 8
-	call		.Lkey_expansion_128
-	aeskeygenassist	\$0x1b,%xmm0,%xmm1	# round 9
-	call		.Lkey_expansion_128
-	aeskeygenassist	\$0x36,%xmm0,%xmm1	# round 10
-	call		.Lkey_expansion_128
-	$movkey	%xmm0,(%rax)
-	mov	$bits,80(%rax)	# 240(%rdx)
-	xor	%eax,%eax
-	jmp	.Lenc_key_ret
-
-.align	16
-.L12rounds:
-	movq	16($inp),%xmm2			# remaining 1/3 of *userKey
-	mov	\$11,$bits			# 12 rounds for 192
-	$movkey	%xmm0,($key)			# round 0
-	aeskeygenassist	\$0x1,%xmm2,%xmm1	# round 1,2
-	call		.Lkey_expansion_192a_cold
-	aeskeygenassist	\$0x2,%xmm2,%xmm1	# round 2,3
-	call		.Lkey_expansion_192b
-	aeskeygenassist	\$0x4,%xmm2,%xmm1	# round 4,5
-	call		.Lkey_expansion_192a
-	aeskeygenassist	\$0x8,%xmm2,%xmm1	# round 5,6
-	call		.Lkey_expansion_192b
-	aeskeygenassist	\$0x10,%xmm2,%xmm1	# round 7,8
-	call		.Lkey_expansion_192a
-	aeskeygenassist	\$0x20,%xmm2,%xmm1	# round 8,9
-	call		.Lkey_expansion_192b
-	aeskeygenassist	\$0x40,%xmm2,%xmm1	# round 10,11
-	call		.Lkey_expansion_192a
-	aeskeygenassist	\$0x80,%xmm2,%xmm1	# round 11,12
-	call		.Lkey_expansion_192b
-	$movkey	%xmm0,(%rax)
-	mov	$bits,48(%rax)	# 240(%rdx)
-	xor	%rax, %rax
-	jmp	.Lenc_key_ret
-
-.align	16
-.L14rounds:
-	movups	16($inp),%xmm2			# remaning half of *userKey
-	mov	\$13,$bits			# 14 rounds for 256
-	lea	16(%rax),%rax
-	$movkey	%xmm0,($key)			# round 0
-	$movkey	%xmm2,16($key)			# round 1
-	aeskeygenassist	\$0x1,%xmm2,%xmm1	# round 2
-	call		.Lkey_expansion_256a_cold
-	aeskeygenassist	\$0x1,%xmm0,%xmm1	# round 3
-	call		.Lkey_expansion_256b
-	aeskeygenassist	\$0x2,%xmm2,%xmm1	# round 4
-	call		.Lkey_expansion_256a
-	aeskeygenassist	\$0x2,%xmm0,%xmm1	# round 5
-	call		.Lkey_expansion_256b
-	aeskeygenassist	\$0x4,%xmm2,%xmm1	# round 6
-	call		.Lkey_expansion_256a
-	aeskeygenassist	\$0x4,%xmm0,%xmm1	# round 7
-	call		.Lkey_expansion_256b
-	aeskeygenassist	\$0x8,%xmm2,%xmm1	# round 8
-	call		.Lkey_expansion_256a
-	aeskeygenassist	\$0x8,%xmm0,%xmm1	# round 9
-	call		.Lkey_expansion_256b
-	aeskeygenassist	\$0x10,%xmm2,%xmm1	# round 10
-	call		.Lkey_expansion_256a
-	aeskeygenassist	\$0x10,%xmm0,%xmm1	# round 11
-	call		.Lkey_expansion_256b
-	aeskeygenassist	\$0x20,%xmm2,%xmm1	# round 12
-	call		.Lkey_expansion_256a
-	aeskeygenassist	\$0x20,%xmm0,%xmm1	# round 13
-	call		.Lkey_expansion_256b
-	aeskeygenassist	\$0x40,%xmm2,%xmm1	# round 14
-	call		.Lkey_expansion_256a
-	$movkey	%xmm0,(%rax)
-	mov	$bits,16(%rax)	# 240(%rdx)
-	xor	%rax,%rax
-	jmp	.Lenc_key_ret
-
-.align	16
-.Lbad_keybits:
-	mov	\$-2,%rax
-.Lenc_key_ret:
-	add	\$8,%rsp
-	ret
-.LSEH_end_set_encrypt_key:
-
-.align	16
-.Lkey_expansion_128:
-	$movkey	%xmm0,(%rax)
-	lea	16(%rax),%rax
-.Lkey_expansion_128_cold:
-	shufps	\$0b00010000,%xmm0,%xmm4
-	xorps	%xmm4, %xmm0
-	shufps	\$0b10001100,%xmm0,%xmm4
-	xorps	%xmm4, %xmm0
-	shufps	\$0b11111111,%xmm1,%xmm1	# critical path
-	xorps	%xmm1,%xmm0
-	ret
-
-.align 16
-.Lkey_expansion_192a:
-	$movkey	%xmm0,(%rax)
-	lea	16(%rax),%rax
-.Lkey_expansion_192a_cold:
-	movaps	%xmm2, %xmm5
-.Lkey_expansion_192b_warm:
-	shufps	\$0b00010000,%xmm0,%xmm4
-	movdqa	%xmm2,%xmm3
-	xorps	%xmm4,%xmm0
-	shufps	\$0b10001100,%xmm0,%xmm4
-	pslldq	\$4,%xmm3
-	xorps	%xmm4,%xmm0
-	pshufd	\$0b01010101,%xmm1,%xmm1	# critical path
-	pxor	%xmm3,%xmm2
-	pxor	%xmm1,%xmm0
-	pshufd	\$0b11111111,%xmm0,%xmm3
-	pxor	%xmm3,%xmm2
-	ret
-
-.align 16
-.Lkey_expansion_192b:
-	movaps	%xmm0,%xmm3
-	shufps	\$0b01000100,%xmm0,%xmm5
-	$movkey	%xmm5,(%rax)
-	shufps	\$0b01001110,%xmm2,%xmm3
-	$movkey	%xmm3,16(%rax)
-	lea	32(%rax),%rax
-	jmp	.Lkey_expansion_192b_warm
-
-.align	16
-.Lkey_expansion_256a:
-	$movkey	%xmm2,(%rax)
-	lea	16(%rax),%rax
-.Lkey_expansion_256a_cold:
-	shufps	\$0b00010000,%xmm0,%xmm4
-	xorps	%xmm4,%xmm0
-	shufps	\$0b10001100,%xmm0,%xmm4
-	xorps	%xmm4,%xmm0
-	shufps	\$0b11111111,%xmm1,%xmm1	# critical path
-	xorps	%xmm1,%xmm0
-	ret
-
-.align 16
-.Lkey_expansion_256b:
-	$movkey	%xmm0,(%rax)
-	lea	16(%rax),%rax
-
-	shufps	\$0b00010000,%xmm2,%xmm4
-	xorps	%xmm4,%xmm2
-	shufps	\$0b10001100,%xmm2,%xmm4
-	xorps	%xmm4,%xmm2
-	shufps	\$0b10101010,%xmm1,%xmm1	# critical path
-	xorps	%xmm1,%xmm2
-	ret
-.size	${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
-.size	__aesni_set_encrypt_key,.-__aesni_set_encrypt_key
-___
-}
-
-$code.=<<___;
-.align	64
-.Lbswap_mask:
-	.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
-.Lincrement32:
-	.long	6,6,6,0
-.Lincrement64:
-	.long	1,0,0,0
-.Lxts_magic:
-	.long	0x87,0,1,0
-
-.asciz  "AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>"
-.align	64
-___
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-___
-$code.=<<___ if ($PREFIX eq "aesni");
-.type	ecb_ccm64_se_handler,\@abi-omnipotent
-.align	16
-ecb_ccm64_se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# prologue label
-	cmp	%r10,%rbx		# context->Rip<prologue label
-	jb	.Lcommon_seh_tail
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lcommon_seh_tail
-
-	lea	0(%rax),%rsi		# %xmm save area
-	lea	512($context),%rdi	# &context.Xmm6
-	mov	\$8,%ecx		# 4*sizeof(%xmm0)/sizeof(%rax)
-	.long	0xa548f3fc		# cld; rep movsq
-	lea	0x58(%rax),%rax		# adjust stack pointer
-
-	jmp	.Lcommon_seh_tail
-.size	ecb_ccm64_se_handler,.-ecb_ccm64_se_handler
-
-.type	ctr32_se_handler,\@abi-omnipotent
-.align	16
-ctr32_se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	lea	.Lctr32_body(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<"prologue" label
-	jb	.Lcommon_seh_tail
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	lea	.Lctr32_ret(%rip),%r10
-	cmp	%r10,%rbx
-	jae	.Lcommon_seh_tail
-
-	lea	0x20(%rax),%rsi		# %xmm save area
-	lea	512($context),%rdi	# &context.Xmm6
-	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
-	.long	0xa548f3fc		# cld; rep movsq
-	lea	0xc8(%rax),%rax		# adjust stack pointer
-
-	jmp	.Lcommon_seh_tail
-.size	ctr32_se_handler,.-ctr32_se_handler
-
-.type	xts_se_handler,\@abi-omnipotent
-.align	16
-xts_se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# prologue lable
-	cmp	%r10,%rbx		# context->Rip<prologue label
-	jb	.Lcommon_seh_tail
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lcommon_seh_tail
-
-	lea	0x60(%rax),%rsi		# %xmm save area
-	lea	512($context),%rdi	# & context.Xmm6
-	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
-	.long	0xa548f3fc		# cld; rep movsq
-	lea	0x68+160(%rax),%rax	# adjust stack pointer
-
-	jmp	.Lcommon_seh_tail
-.size	xts_se_handler,.-xts_se_handler
-___
-$code.=<<___;
-.type	cbc_se_handler,\@abi-omnipotent
-.align	16
-cbc_se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	152($context),%rax	# pull context->Rsp
-	mov	248($context),%rbx	# pull context->Rip
-
-	lea	.Lcbc_decrypt(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<"prologue" label
-	jb	.Lcommon_seh_tail
-
-	lea	.Lcbc_decrypt_body(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<cbc_decrypt_body
-	jb	.Lrestore_cbc_rax
-
-	lea	.Lcbc_ret(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip>="epilogue" label
-	jae	.Lcommon_seh_tail
-
-	lea	0(%rax),%rsi		# top of stack
-	lea	512($context),%rdi	# &context.Xmm6
-	mov	\$8,%ecx		# 4*sizeof(%xmm0)/sizeof(%rax)
-	.long	0xa548f3fc		# cld; rep movsq
-	lea	0x58(%rax),%rax		# adjust stack pointer
-	jmp	.Lcommon_seh_tail
-
-.Lrestore_cbc_rax:
-	mov	120($context),%rax
-
-.Lcommon_seh_tail:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	cbc_se_handler,.-cbc_se_handler
-
-.section	.pdata
-.align	4
-___
-$code.=<<___ if ($PREFIX eq "aesni");
-	.rva	.LSEH_begin_aesni_ecb_encrypt
-	.rva	.LSEH_end_aesni_ecb_encrypt
-	.rva	.LSEH_info_ecb
-
-	.rva	.LSEH_begin_aesni_ccm64_encrypt_blocks
-	.rva	.LSEH_end_aesni_ccm64_encrypt_blocks
-	.rva	.LSEH_info_ccm64_enc
-
-	.rva	.LSEH_begin_aesni_ccm64_decrypt_blocks
-	.rva	.LSEH_end_aesni_ccm64_decrypt_blocks
-	.rva	.LSEH_info_ccm64_dec
-
-	.rva	.LSEH_begin_aesni_ctr32_encrypt_blocks
-	.rva	.LSEH_end_aesni_ctr32_encrypt_blocks
-	.rva	.LSEH_info_ctr32
-
-	.rva	.LSEH_begin_aesni_xts_encrypt
-	.rva	.LSEH_end_aesni_xts_encrypt
-	.rva	.LSEH_info_xts_enc
-
-	.rva	.LSEH_begin_aesni_xts_decrypt
-	.rva	.LSEH_end_aesni_xts_decrypt
-	.rva	.LSEH_info_xts_dec
-___
-$code.=<<___;
-	.rva	.LSEH_begin_${PREFIX}_cbc_encrypt
-	.rva	.LSEH_end_${PREFIX}_cbc_encrypt
-	.rva	.LSEH_info_cbc
-
-	.rva	${PREFIX}_set_decrypt_key
-	.rva	.LSEH_end_set_decrypt_key
-	.rva	.LSEH_info_key
-
-	.rva	${PREFIX}_set_encrypt_key
-	.rva	.LSEH_end_set_encrypt_key
-	.rva	.LSEH_info_key
-.section	.xdata
-.align	8
-___
-$code.=<<___ if ($PREFIX eq "aesni");
-.LSEH_info_ecb:
-	.byte	9,0,0,0
-	.rva	ecb_ccm64_se_handler
-	.rva	.Lecb_enc_body,.Lecb_enc_ret		# HandlerData[]
-.LSEH_info_ccm64_enc:
-	.byte	9,0,0,0
-	.rva	ecb_ccm64_se_handler
-	.rva	.Lccm64_enc_body,.Lccm64_enc_ret	# HandlerData[]
-.LSEH_info_ccm64_dec:
-	.byte	9,0,0,0
-	.rva	ecb_ccm64_se_handler
-	.rva	.Lccm64_dec_body,.Lccm64_dec_ret	# HandlerData[]
-.LSEH_info_ctr32:
-	.byte	9,0,0,0
-	.rva	ctr32_se_handler
-.LSEH_info_xts_enc:
-	.byte	9,0,0,0
-	.rva	xts_se_handler
-	.rva	.Lxts_enc_body,.Lxts_enc_epilogue	# HandlerData[]
-.LSEH_info_xts_dec:
-	.byte	9,0,0,0
-	.rva	xts_se_handler
-	.rva	.Lxts_dec_body,.Lxts_dec_epilogue	# HandlerData[]
-___
-$code.=<<___;
-.LSEH_info_cbc:
-	.byte	9,0,0,0
-	.rva	cbc_se_handler
-.LSEH_info_key:
-	.byte	0x01,0x04,0x01,0x00
-	.byte	0x04,0x02,0x00,0x00	# sub rsp,8
-___
-}
-
-sub rex {
-  local *opcode=shift;
-  my ($dst,$src)=@_;
-  my $rex=0;
-
-    $rex|=0x04			if($dst>=8);
-    $rex|=0x01			if($src>=8);
-    push @opcode,$rex|0x40	if($rex);
-}
-
-sub aesni {
-  my $line=shift;
-  my @opcode=(0x66);
-
-    if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
-	rex(\@opcode,$4,$3);
-	push @opcode,0x0f,0x3a,0xdf;
-	push @opcode,0xc0|($3&7)|(($4&7)<<3);	# ModR/M
-	my $c=$2;
-	push @opcode,$c=~/^0/?oct($c):$c;
-	return ".byte\t".join(',',@opcode);
-    }
-    elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
-	my %opcodelet = (
-		"aesimc" => 0xdb,
-		"aesenc" => 0xdc,	"aesenclast" => 0xdd,
-		"aesdec" => 0xde,	"aesdeclast" => 0xdf
-	);
-	return undef if (!defined($opcodelet{$1}));
-	rex(\@opcode,$3,$2);
-	push @opcode,0x0f,0x38,$opcodelet{$1};
-	push @opcode,0xc0|($2&7)|(($3&7)<<3);	# ModR/M
-	return ".byte\t".join(',',@opcode);
-    }
-    return $line;
-}
-
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
-
-print $code;
-
-close STDOUT;
diff --git a/crypto/aes/asm/aesv8-armx-64.S b/crypto/aes/asm/aesv8-armx-64.S
deleted file mode 100644
index be0a13dfe1..0000000000
--- a/crypto/aes/asm/aesv8-armx-64.S
+++ /dev/null
@@ -1,761 +0,0 @@
-#include "arm_arch.h"
-
-#if __ARM_ARCH__>=7
-.text
-.arch	armv8-a+crypto
-.align	5
-rcon:
-.long	0x01,0x01,0x01,0x01
-.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d	// rotate-n-splat
-.long	0x1b,0x1b,0x1b,0x1b
-
-.globl	aes_v8_set_encrypt_key
-.type	aes_v8_set_encrypt_key,%function
-.align	5
-aes_v8_set_encrypt_key:
-.Lenc_key:
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-	adr	x3,rcon
-	cmp	w1,#192
-
-	eor	v0.16b,v0.16b,v0.16b
-	ld1	{v3.16b},[x0],#16
-	mov	w1,#8		// reuse w1
-	ld1	{v1.4s,v2.4s},[x3],#32
-
-	b.lt	.Loop128
-	b.eq	.L192
-	b	.L256
-
-.align	4
-.Loop128:
-	tbl	v6.16b,{v3.16b},v2.16b
-	ext	v5.16b,v0.16b,v3.16b,#12
-	st1	{v3.4s},[x2],#16
-	aese	v6.16b,v0.16b
-	subs	w1,w1,#1
-
-	eor	v3.16b,v3.16b,v5.16b
-	ext	v5.16b,v0.16b,v5.16b,#12
-	eor	v3.16b,v3.16b,v5.16b
-	ext	v5.16b,v0.16b,v5.16b,#12
-	 eor	v6.16b,v6.16b,v1.16b
-	eor	v3.16b,v3.16b,v5.16b
-	shl	v1.16b,v1.16b,#1
-	eor	v3.16b,v3.16b,v6.16b
-	b.ne	.Loop128
-
-	ld1	{v1.4s},[x3]
-
-	tbl	v6.16b,{v3.16b},v2.16b
-	ext	v5.16b,v0.16b,v3.16b,#12
-	st1	{v3.4s},[x2],#16
-	aese	v6.16b,v0.16b
-
-	eor	v3.16b,v3.16b,v5.16b
-	ext	v5.16b,v0.16b,v5.16b,#12
-	eor	v3.16b,v3.16b,v5.16b
-	ext	v5.16b,v0.16b,v5.16b,#12
-	 eor	v6.16b,v6.16b,v1.16b
-	eor	v3.16b,v3.16b,v5.16b
-	shl	v1.16b,v1.16b,#1
-	eor	v3.16b,v3.16b,v6.16b
-
-	tbl	v6.16b,{v3.16b},v2.16b
-	ext	v5.16b,v0.16b,v3.16b,#12
-	st1	{v3.4s},[x2],#16
-	aese	v6.16b,v0.16b
-
-	eor	v3.16b,v3.16b,v5.16b
-	ext	v5.16b,v0.16b,v5.16b,#12
-	eor	v3.16b,v3.16b,v5.16b
-	ext	v5.16b,v0.16b,v5.16b,#12
-	 eor	v6.16b,v6.16b,v1.16b
-	eor	v3.16b,v3.16b,v5.16b
-	eor	v3.16b,v3.16b,v6.16b
-	st1	{v3.4s},[x2]
-	add	x2,x2,#0x50
-
-	mov	w12,#10
-	b	.Ldone
-
-.align	4
-.L192:
-	ld1	{v4.8b},[x0],#8
-	movi	v6.16b,#8			// borrow v6.16b
-	st1	{v3.4s},[x2],#16
-	sub	v2.16b,v2.16b,v6.16b	// adjust the mask
-
-.Loop192:
-	tbl	v6.16b,{v4.16b},v2.16b
-	ext	v5.16b,v0.16b,v3.16b,#12
-	st1	{v4.8b},[x2],#8
-	aese	v6.16b,v0.16b
-	subs	w1,w1,#1
-
-	eor	v3.16b,v3.16b,v5.16b
-	ext	v5.16b,v0.16b,v5.16b,#12
-	eor	v3.16b,v3.16b,v5.16b
-	ext	v5.16b,v0.16b,v5.16b,#12
-	eor	v3.16b,v3.16b,v5.16b
-
-	dup	v5.4s,v3.s[3]
-	eor	v5.16b,v5.16b,v4.16b
-	 eor	v6.16b,v6.16b,v1.16b
-	ext	v4.16b,v0.16b,v4.16b,#12
-	shl	v1.16b,v1.16b,#1
-	eor	v4.16b,v4.16b,v5.16b
-	eor	v3.16b,v3.16b,v6.16b
-	eor	v4.16b,v4.16b,v6.16b
-	st1	{v3.4s},[x2],#16
-	b.ne	.Loop192
-
-	mov	w12,#12
-	add	x2,x2,#0x20
-	b	.Ldone
-
-.align	4
-.L256:
-	ld1	{v4.16b},[x0]
-	mov	w1,#7
-	mov	w12,#14
-	st1	{v3.4s},[x2],#16
-
-.Loop256:
-	tbl	v6.16b,{v4.16b},v2.16b
-	ext	v5.16b,v0.16b,v3.16b,#12
-	st1	{v4.4s},[x2],#16
-	aese	v6.16b,v0.16b
-	subs	w1,w1,#1
-
-	eor	v3.16b,v3.16b,v5.16b
-	ext	v5.16b,v0.16b,v5.16b,#12
-	eor	v3.16b,v3.16b,v5.16b
-	ext	v5.16b,v0.16b,v5.16b,#12
-	 eor	v6.16b,v6.16b,v1.16b
-	eor	v3.16b,v3.16b,v5.16b
-	shl	v1.16b,v1.16b,#1
-	eor	v3.16b,v3.16b,v6.16b
-	st1	{v3.4s},[x2],#16
-	b.eq	.Ldone
-
-	dup	v6.4s,v3.s[3]		// just splat
-	ext	v5.16b,v0.16b,v4.16b,#12
-	aese	v6.16b,v0.16b
-
-	eor	v4.16b,v4.16b,v5.16b
-	ext	v5.16b,v0.16b,v5.16b,#12
-	eor	v4.16b,v4.16b,v5.16b
-	ext	v5.16b,v0.16b,v5.16b,#12
-	eor	v4.16b,v4.16b,v5.16b
-
-	eor	v4.16b,v4.16b,v6.16b
-	b	.Loop256
-
-.Ldone:
-	str	w12,[x2]
-
-	eor	x0,x0,x0		// return value
-	ldr	x29,[sp],#16
-	ret
-.size	aes_v8_set_encrypt_key,.-aes_v8_set_encrypt_key
-
-.globl	aes_v8_set_decrypt_key
-.type	aes_v8_set_decrypt_key,%function
-.align	5
-aes_v8_set_decrypt_key:
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-	bl	.Lenc_key
-
-	sub	x2,x2,#240		// restore original x2
-	mov	x4,#-16
-	add	x0,x2,x12,lsl#4	// end of key schedule
-
-	ld1	{v0.4s},[x2]
-	ld1	{v1.4s},[x0]
-	st1	{v0.4s},[x0],x4
-	st1	{v1.4s},[x2],#16
-
-.Loop_imc:
-	ld1	{v0.4s},[x2]
-	ld1	{v1.4s},[x0]
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	st1	{v0.4s},[x0],x4
-	st1	{v1.4s},[x2],#16
-	cmp	x0,x2
-	b.hi	.Loop_imc
-
-	ld1	{v0.4s},[x2]
-	aesimc	v0.16b,v0.16b
-	st1	{v0.4s},[x0]
-
-	eor	x0,x0,x0		// return value
-	ldp	x29,x30,[sp],#16
-	ret
-.size	aes_v8_set_decrypt_key,.-aes_v8_set_decrypt_key
-.globl	aes_v8_encrypt
-.type	aes_v8_encrypt,%function
-.align	5
-aes_v8_encrypt:
-	ldr	w3,[x2,#240]
-	ld1	{v0.4s},[x2],#16
-	ld1	{v2.16b},[x0]
-	sub	w3,w3,#2
-	ld1	{v1.4s},[x2],#16
-
-.Loop_enc:
-	aese	v2.16b,v0.16b
-	ld1	{v0.4s},[x2],#16
-	aesmc	v2.16b,v2.16b
-	subs	w3,w3,#2
-	aese	v2.16b,v1.16b
-	ld1	{v1.4s},[x2],#16
-	aesmc	v2.16b,v2.16b
-	b.gt	.Loop_enc
-
-	aese	v2.16b,v0.16b
-	ld1	{v0.4s},[x2]
-	aesmc	v2.16b,v2.16b
-	aese	v2.16b,v1.16b
-	eor	v2.16b,v2.16b,v0.16b
-
-	st1	{v2.16b},[x1]
-	ret
-.size	aes_v8_encrypt,.-aes_v8_encrypt
-.globl	aes_v8_decrypt
-.type	aes_v8_decrypt,%function
-.align	5
-aes_v8_decrypt:
-	ldr	w3,[x2,#240]
-	ld1	{v0.4s},[x2],#16
-	ld1	{v2.16b},[x0]
-	sub	w3,w3,#2
-	ld1	{v1.4s},[x2],#16
-
-.Loop_dec:
-	aesd	v2.16b,v0.16b
-	ld1	{v0.4s},[x2],#16
-	aesimc	v2.16b,v2.16b
-	subs	w3,w3,#2
-	aesd	v2.16b,v1.16b
-	ld1	{v1.4s},[x2],#16
-	aesimc	v2.16b,v2.16b
-	b.gt	.Loop_dec
-
-	aesd	v2.16b,v0.16b
-	ld1	{v0.4s},[x2]
-	aesimc	v2.16b,v2.16b
-	aesd	v2.16b,v1.16b
-	eor	v2.16b,v2.16b,v0.16b
-
-	st1	{v2.16b},[x1]
-	ret
-.size	aes_v8_decrypt,.-aes_v8_decrypt
-.globl	aes_v8_cbc_encrypt
-.type	aes_v8_cbc_encrypt,%function
-.align	5
-aes_v8_cbc_encrypt:
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-	subs	x2,x2,#16
-	mov	x8,#16
-	b.lo	.Lcbc_abort
-	csel	x8,xzr,x8,eq
-
-	cmp	w5,#0			// en- or decrypting?
-	ldr	w5,[x3,#240]
-	and	x2,x2,#-16
-	ld1	{v6.16b},[x4]
-	ld1	{v0.16b},[x0],x8
-
-	ld1	{v16.4s-v17.4s},[x3]		// load key schedule...
-	sub	w5,w5,#6
-	add	x7,x3,x5,lsl#4	// pointer to last 7 round keys
-	sub	w5,w5,#2
-	ld1	{v18.4s-v19.4s},[x7],#32
-	ld1	{v20.4s-v21.4s},[x7],#32
-	ld1	{v22.4s-v23.4s},[x7],#32
-	ld1	{v7.4s},[x7]
-
-	add	x7,x3,#32
-	mov	w6,w5
-	b.eq	.Lcbc_dec
-
-	cmp	w5,#2
-	eor	v0.16b,v0.16b,v6.16b
-	eor	v5.16b,v16.16b,v7.16b
-	b.eq	.Lcbc_enc128
-
-.Loop_cbc_enc:
-	aese	v0.16b,v16.16b
-	ld1	{v16.4s},[x7],#16
-	aesmc	v0.16b,v0.16b
-	subs	w6,w6,#2
-	aese	v0.16b,v17.16b
-	ld1	{v17.4s},[x7],#16
-	aesmc	v0.16b,v0.16b
-	b.gt	.Loop_cbc_enc
-
-	aese	v0.16b,v16.16b
-	aesmc	v0.16b,v0.16b
-	 subs	x2,x2,#16
-	aese	v0.16b,v17.16b
-	aesmc	v0.16b,v0.16b
-	 csel	x8,xzr,x8,eq
-	aese	v0.16b,v18.16b
-	aesmc	v0.16b,v0.16b
-	 add	x7,x3,#16
-	aese	v0.16b,v19.16b
-	aesmc	v0.16b,v0.16b
-	 ld1	{v16.16b},[x0],x8
-	aese	v0.16b,v20.16b
-	aesmc	v0.16b,v0.16b
-	 eor	v16.16b,v16.16b,v5.16b
-	aese	v0.16b,v21.16b
-	aesmc	v0.16b,v0.16b
-	 ld1 {v17.4s},[x7],#16	// re-pre-load rndkey[1]
-	aese	v0.16b,v22.16b
-	aesmc	v0.16b,v0.16b
-	aese	v0.16b,v23.16b
-
-	 mov	w6,w5
-	eor	v6.16b,v0.16b,v7.16b
-	st1	{v6.16b},[x1],#16
-	b.hs	.Loop_cbc_enc
-
-	b	.Lcbc_done
-
-.align	5
-.Lcbc_enc128:
-	ld1	{v2.4s-v3.4s},[x7]
-	aese	v0.16b,v16.16b
-	aesmc	v0.16b,v0.16b
-	b	.Lenter_cbc_enc128
-.Loop_cbc_enc128:
-	aese	v0.16b,v16.16b
-	aesmc	v0.16b,v0.16b
-	 st1	{v6.16b},[x1],#16
-.Lenter_cbc_enc128:
-	aese	v0.16b,v17.16b
-	aesmc	v0.16b,v0.16b
-	 subs	x2,x2,#16
-	aese	v0.16b,v2.16b
-	aesmc	v0.16b,v0.16b
-	 csel	x8,xzr,x8,eq
-	aese	v0.16b,v3.16b
-	aesmc	v0.16b,v0.16b
-	aese	v0.16b,v18.16b
-	aesmc	v0.16b,v0.16b
-	aese	v0.16b,v19.16b
-	aesmc	v0.16b,v0.16b
-	 ld1	{v16.16b},[x0],x8
-	aese	v0.16b,v20.16b
-	aesmc	v0.16b,v0.16b
-	aese	v0.16b,v21.16b
-	aesmc	v0.16b,v0.16b
-	aese	v0.16b,v22.16b
-	aesmc	v0.16b,v0.16b
-	 eor	v16.16b,v16.16b,v5.16b
-	aese	v0.16b,v23.16b
-	eor	v6.16b,v0.16b,v7.16b
-	b.hs	.Loop_cbc_enc128
-
-	st1	{v6.16b},[x1],#16
-	b	.Lcbc_done
-
-.align	5
-.Lcbc_dec128:
-	ld1	{v4.4s-v5.4s},[x7]
-	eor	v6.16b,v6.16b,v7.16b
-	eor	v2.16b,v0.16b,v7.16b
-	mov	x12,x8
-
-.Loop2x_cbc_dec128:
-	aesd	v0.16b,v16.16b
-	aesd	v1.16b,v16.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	 subs	x2,x2,#32
-	aesd	v0.16b,v17.16b
-	aesd	v1.16b,v17.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	 csel	x8,xzr,x8,lo
-	aesd	v0.16b,v4.16b
-	aesd	v1.16b,v4.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	 csel	x12,xzr,x12,ls
-	aesd	v0.16b,v5.16b
-	aesd	v1.16b,v5.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	aesd	v0.16b,v18.16b
-	aesd	v1.16b,v18.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	aesd	v0.16b,v19.16b
-	aesd	v1.16b,v19.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	aesd	v0.16b,v20.16b
-	aesd	v1.16b,v20.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	aesd	v0.16b,v21.16b
-	aesd	v1.16b,v21.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	aesd	v0.16b,v22.16b
-	aesd	v1.16b,v22.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	aesd	v0.16b,v23.16b
-	aesd	v1.16b,v23.16b
-
-	eor	v6.16b,v6.16b,v0.16b
-	ld1	{v0.16b},[x0],x8
-	eor	v2.16b,v2.16b,v1.16b
-	ld1	{v1.16b},[x0],x12
-	st1	{v6.16b},[x1],#16
-	eor	v6.16b,v3.16b,v7.16b
-	st1	{v2.16b},[x1],#16
-	eor	v2.16b,v0.16b,v7.16b
-	orr	v3.16b,v1.16b,v1.16b
-	b.hs	.Loop2x_cbc_dec128
-
-	adds	x2,x2,#32
-	eor	v6.16b,v6.16b,v7.16b
-	b.eq	.Lcbc_done
-	eor	v2.16b,v2.16b,v7.16b
-	b	.Lcbc_dec_tail
-
-.align	5
-.Lcbc_dec:
-	subs	x2,x2,#16
-	orr	v2.16b,v0.16b,v0.16b
-	b.lo	.Lcbc_dec_tail
-
-	csel	x8,xzr,x8,eq
-	cmp	w5,#2
-	ld1	{v1.16b},[x0],x8
-	orr	v3.16b,v1.16b,v1.16b
-	b.eq	.Lcbc_dec128
-
-.Loop2x_cbc_dec:
-	aesd	v0.16b,v16.16b
-	aesd	v1.16b,v16.16b
-	ld1	{v16.4s},[x7],#16
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	subs	w6,w6,#2
-	aesd	v0.16b,v17.16b
-	aesd	v1.16b,v17.16b
-	ld1	{v17.4s},[x7],#16
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	b.gt	.Loop2x_cbc_dec
-
-	aesd	v0.16b,v16.16b
-	aesd	v1.16b,v16.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	 eor	v4.16b,v6.16b,v7.16b
-	 eor	v5.16b,v2.16b,v7.16b
-	aesd	v0.16b,v17.16b
-	aesd	v1.16b,v17.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	 orr	v6.16b,v3.16b,v3.16b
-	 subs	x2,x2,#32
-	aesd	v0.16b,v18.16b
-	aesd	v1.16b,v18.16b
-	aesimc	v0.16b,v0.16b
-	 csel	x8,xzr,x8,lo
-	aesimc	v1.16b,v1.16b
-	 mov	x7,x3
-	aesd	v0.16b,v19.16b
-	aesd	v1.16b,v19.16b
-	aesimc	v0.16b,v0.16b
-	 ld1	{v2.16b},[x0],x8
-	aesimc	v1.16b,v1.16b
-	 csel	x8,xzr,x8,ls
-	aesd	v0.16b,v20.16b
-	aesd	v1.16b,v20.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	 ld1	{v3.16b},[x0],x8
-	aesd	v0.16b,v21.16b
-	aesd	v1.16b,v21.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	 ld1 {v16.4s},[x7],#16	// re-pre-load rndkey[0]
-	aesd	v0.16b,v22.16b
-	aesd	v1.16b,v22.16b
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	 ld1 {v17.4s},[x7],#16	// re-pre-load rndkey[1]
-	aesd	v0.16b,v23.16b
-	aesd	v1.16b,v23.16b
-
-	 mov	w6,w5
-	eor	v4.16b,v4.16b,v0.16b
-	eor	v5.16b,v5.16b,v1.16b
-	 orr	v0.16b,v2.16b,v2.16b
-	st1	{v4.16b},[x1],#16
-	 orr	v1.16b,v3.16b,v3.16b
-	st1	{v5.16b},[x1],#16
-	b.hs	.Loop2x_cbc_dec
-
-	adds	x2,x2,#32
-	b.eq	.Lcbc_done
-
-.Lcbc_dec_tail:
-	aesd	v0.16b,v16.16b
-	ld1	{v16.4s},[x7],#16
-	aesimc	v0.16b,v0.16b
-	subs	w6,w6,#2
-	aesd	v0.16b,v17.16b
-	ld1	{v17.4s},[x7],#16
-	aesimc	v0.16b,v0.16b
-	b.gt	.Lcbc_dec_tail
-
-	aesd	v0.16b,v16.16b
-	aesimc	v0.16b,v0.16b
-	aesd	v0.16b,v17.16b
-	aesimc	v0.16b,v0.16b
-	 eor	v4.16b,v6.16b,v7.16b
-	aesd	v0.16b,v18.16b
-	aesimc	v0.16b,v0.16b
-	 orr	v6.16b,v2.16b,v2.16b
-	aesd	v0.16b,v19.16b
-	aesimc	v0.16b,v0.16b
-	aesd	v0.16b,v20.16b
-	aesimc	v0.16b,v0.16b
-	aesd	v0.16b,v21.16b
-	aesimc	v0.16b,v0.16b
-	aesd	v0.16b,v22.16b
-	aesimc	v0.16b,v0.16b
-	aesd	v0.16b,v23.16b
-
-	eor	v4.16b,v4.16b,v0.16b
-	st1	{v4.16b},[x1],#16
-
-.Lcbc_done:
-	st1	{v6.16b},[x4]
-.Lcbc_abort:
-	ldr	x29,[sp],#16
-	ret
-.size	aes_v8_cbc_encrypt,.-aes_v8_cbc_encrypt
-.globl	aes_v8_ctr32_encrypt_blocks
-.type	aes_v8_ctr32_encrypt_blocks,%function
-.align	5
-aes_v8_ctr32_encrypt_blocks:
-	stp		x29,x30,[sp,#-16]!
-	add		x29,sp,#0
-	ldr		w5,[x3,#240]
-
-	ldr		w8, [x4, #12]
-	ld1		{v0.4s},[x4]
-
-	ld1		{v16.4s-v17.4s},[x3]		// load key schedule...
-	sub		w5,w5,#6
-	add		x7,x3,x5,lsl#4	// pointer to last 7 round keys
-	sub		w5,w5,#2
-	ld1		{v18.4s-v19.4s},[x7],#32
-	ld1		{v20.4s-v21.4s},[x7],#32
-	ld1		{v22.4s-v23.4s},[x7],#32
-	ld1		{v7.4s},[x7]
-
-	add		x7,x3,#32
-	mov		w6,w5
-
-	subs		x2,x2,#2
-	b.lo		.Lctr32_tail
-
-#ifndef __ARMEB__
-	rev		w8, w8
-#endif
-	orr		v1.16b,v0.16b,v0.16b
-	add		w8, w8, #1
-	orr		v6.16b,v0.16b,v0.16b
-	rev		w10, w8
-	cmp		w5,#2
-	mov		v1.s[3],w10
-	b.eq		.Lctr32_128
-
-.Loop2x_ctr32:
-	aese		v0.16b,v16.16b
-	aese		v1.16b,v16.16b
-	ld1		{v16.4s},[x7],#16
-	aesmc		v0.16b,v0.16b
-	aesmc		v1.16b,v1.16b
-	subs		w6,w6,#2
-	aese		v0.16b,v17.16b
-	aese		v1.16b,v17.16b
-	ld1		{v17.4s},[x7],#16
-	aesmc		v0.16b,v0.16b
-	aesmc		v1.16b,v1.16b
-	b.gt		.Loop2x_ctr32
-
-	aese		v0.16b,v16.16b
-	aese		v1.16b,v16.16b
-	aesmc		v4.16b,v0.16b
-	 orr		v0.16b,v6.16b,v6.16b
-	aesmc		v5.16b,v1.16b
-	 orr		v1.16b,v6.16b,v6.16b
-	aese		v4.16b,v17.16b
-	aese		v5.16b,v17.16b
-	 ld1		{v2.16b},[x0],#16
-	aesmc		v4.16b,v4.16b
-	 ld1		{v3.16b},[x0],#16
-	aesmc		v5.16b,v5.16b
-	 add		w8,w8,#1
-	aese		v4.16b,v18.16b
-	aese		v5.16b,v18.16b
-	 rev		w9,w8
-	aesmc		v4.16b,v4.16b
-	aesmc		v5.16b,v5.16b
-	 add		w8,w8,#1
-	aese		v4.16b,v19.16b
-	aese		v5.16b,v19.16b
-	 eor		v2.16b,v2.16b,v7.16b
-	 rev		w10,w8
-	aesmc		v4.16b,v4.16b
-	aesmc		v5.16b,v5.16b
-	 eor		v3.16b,v3.16b,v7.16b
-	 mov		x7,x3
-	aese		v4.16b,v20.16b
-	aese		v5.16b,v20.16b
-	 subs		x2,x2,#2
-	aesmc		v4.16b,v4.16b
-	aesmc		v5.16b,v5.16b
-	 ld1	 {v16.4s-v17.4s},[x7],#32	// re-pre-load rndkey[0-1]
-	aese		v4.16b,v21.16b
-	aese		v5.16b,v21.16b
-	aesmc		v4.16b,v4.16b
-	aesmc		v5.16b,v5.16b
-	aese		v4.16b,v22.16b
-	aese		v5.16b,v22.16b
-	 mov	v0.s[3], w9
-	aesmc		v4.16b,v4.16b
-	 mov	v1.s[3], w10
-	aesmc		v5.16b,v5.16b
-	aese		v4.16b,v23.16b
-	aese		v5.16b,v23.16b
-
-	 mov		w6,w5
-	eor		v2.16b,v2.16b,v4.16b
-	eor		v3.16b,v3.16b,v5.16b
-	st1		{v2.16b},[x1],#16
-	st1		{v3.16b},[x1],#16
-	b.hs		.Loop2x_ctr32
-
-	adds		x2,x2,#2
-	b.eq		.Lctr32_done
-	b		.Lctr32_tail
-
-.Lctr32_128:
-	ld1		{v4.4s-v5.4s},[x7]
-
-.Loop2x_ctr32_128:
-	aese		v0.16b,v16.16b
-	aese		v1.16b,v16.16b
-	aesmc		v0.16b,v0.16b
-	 ld1		{v2.16b},[x0],#16
-	aesmc		v1.16b,v1.16b
-	 ld1		{v3.16b},[x0],#16
-	aese		v0.16b,v17.16b
-	aese		v1.16b,v17.16b
-	 add		w8,w8,#1
-	aesmc		v0.16b,v0.16b
-	aesmc		v1.16b,v1.16b
-	 rev		w9,w8
-	aese		v0.16b,v4.16b
-	aese		v1.16b,v4.16b
-	 add		w8,w8,#1
-	aesmc		v0.16b,v0.16b
-	aesmc		v1.16b,v1.16b
-	 rev		w10,w8
-	aese		v0.16b,v5.16b
-	aese		v1.16b,v5.16b
-	 subs		x2,x2,#2
-	aesmc		v0.16b,v0.16b
-	aesmc		v1.16b,v1.16b
-	aese		v0.16b,v18.16b
-	aese		v1.16b,v18.16b
-	aesmc		v0.16b,v0.16b
-	aesmc		v1.16b,v1.16b
-	aese		v0.16b,v19.16b
-	aese		v1.16b,v19.16b
-	aesmc		v0.16b,v0.16b
-	aesmc		v1.16b,v1.16b
-	aese		v0.16b,v20.16b
-	aese		v1.16b,v20.16b
-	aesmc		v0.16b,v0.16b
-	aesmc		v1.16b,v1.16b
-	aese		v0.16b,v21.16b
-	aese		v1.16b,v21.16b
-	aesmc		v0.16b,v0.16b
-	aesmc		v1.16b,v1.16b
-	aese		v0.16b,v22.16b
-	aese		v1.16b,v22.16b
-	aesmc		v0.16b,v0.16b
-	aesmc		v1.16b,v1.16b
-	 eor		v2.16b,v2.16b,v7.16b
-	aese		v0.16b,v23.16b
-	 eor		v3.16b,v3.16b,v7.16b
-	aese		v1.16b,v23.16b
-
-	eor		v2.16b,v2.16b,v0.16b
-	orr		v0.16b,v6.16b,v6.16b
-	eor		v3.16b,v3.16b,v1.16b
-	orr		v1.16b,v6.16b,v6.16b
-	st1		{v2.16b},[x1],#16
-	mov		v0.s[3], w9
-	st1		{v3.16b},[x1],#16
-	mov		v1.s[3], w10
-	b.hs		.Loop2x_ctr32_128
-
-	adds		x2,x2,#2
-	b.eq		.Lctr32_done
-
-.Lctr32_tail:
-	aese		v0.16b,v16.16b
-	ld1		{v16.4s},[x7],#16
-	aesmc		v0.16b,v0.16b
-	subs		w6,w6,#2
-	aese		v0.16b,v17.16b
-	ld1		{v17.4s},[x7],#16
-	aesmc		v0.16b,v0.16b
-	b.gt		.Lctr32_tail
-
-	aese		v0.16b,v16.16b
-	aesmc		v0.16b,v0.16b
-	aese		v0.16b,v17.16b
-	aesmc		v0.16b,v0.16b
-	 ld1		{v2.16b},[x0]
-	aese		v0.16b,v18.16b
-	aesmc		v0.16b,v0.16b
-	aese		v0.16b,v19.16b
-	aesmc		v0.16b,v0.16b
-	aese		v0.16b,v20.16b
-	aesmc		v0.16b,v0.16b
-	aese		v0.16b,v21.16b
-	aesmc		v0.16b,v0.16b
-	aese		v0.16b,v22.16b
-	aesmc		v0.16b,v0.16b
-	 eor		v2.16b,v2.16b,v7.16b
-	aese		v0.16b,v23.16b
-
-	eor		v2.16b,v2.16b,v0.16b
-	st1		{v2.16b},[x1]
-
-.Lctr32_done:
-	ldr		x29,[sp],#16
-	ret
-.size	aes_v8_ctr32_encrypt_blocks,.-aes_v8_ctr32_encrypt_blocks
-#endif
diff --git a/crypto/aes/asm/aesv8-armx.S b/crypto/aes/asm/aesv8-armx.S
deleted file mode 100644
index 1637e4d4d3..0000000000
--- a/crypto/aes/asm/aesv8-armx.S
+++ /dev/null
@@ -1,767 +0,0 @@
-#include "arm_arch.h"
-
-#if __ARM_ARCH__>=7
-.text
-.fpu	neon
-.code	32
-.align	5
-rcon:
-.long	0x01,0x01,0x01,0x01
-.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d	@ rotate-n-splat
-.long	0x1b,0x1b,0x1b,0x1b
-
-.globl	aes_v8_set_encrypt_key
-.type	aes_v8_set_encrypt_key,%function
-.align	5
-aes_v8_set_encrypt_key:
-.Lenc_key:
-	adr	r3,rcon
-	cmp	r1,#192
-
-	veor	q0,q0,q0
-	vld1.8	{q3},[r0]!
-	mov	r1,#8		@ reuse r1
-	vld1.32	{q1,q2},[r3]!
-
-	blt	.Loop128
-	beq	.L192
-	b	.L256
-
-.align	4
-.Loop128:
-	vtbl.8	d20,{q3},d4
-	vtbl.8	d21,{q3},d5
-	vext.8	q9,q0,q3,#12
-	vst1.32	{q3},[r2]!
-	.byte	0x00,0x43,0xf0,0xf3	@ aese q10,q0
-	subs	r1,r1,#1
-
-	veor	q3,q3,q9
-	vext.8	q9,q0,q9,#12
-	veor	q3,q3,q9
-	vext.8	q9,q0,q9,#12
-	 veor	q10,q10,q1
-	veor	q3,q3,q9
-	vshl.u8	q1,q1,#1
-	veor	q3,q3,q10
-	bne	.Loop128
-
-	vld1.32	{q1},[r3]
-
-	vtbl.8	d20,{q3},d4
-	vtbl.8	d21,{q3},d5
-	vext.8	q9,q0,q3,#12
-	vst1.32	{q3},[r2]!
-	.byte	0x00,0x43,0xf0,0xf3	@ aese q10,q0
-
-	veor	q3,q3,q9
-	vext.8	q9,q0,q9,#12
-	veor	q3,q3,q9
-	vext.8	q9,q0,q9,#12
-	 veor	q10,q10,q1
-	veor	q3,q3,q9
-	vshl.u8	q1,q1,#1
-	veor	q3,q3,q10
-
-	vtbl.8	d20,{q3},d4
-	vtbl.8	d21,{q3},d5
-	vext.8	q9,q0,q3,#12
-	vst1.32	{q3},[r2]!
-	.byte	0x00,0x43,0xf0,0xf3	@ aese q10,q0
-
-	veor	q3,q3,q9
-	vext.8	q9,q0,q9,#12
-	veor	q3,q3,q9
-	vext.8	q9,q0,q9,#12
-	 veor	q10,q10,q1
-	veor	q3,q3,q9
-	veor	q3,q3,q10
-	vst1.32	{q3},[r2]
-	add	r2,r2,#0x50
-
-	mov	r12,#10
-	b	.Ldone
-
-.align	4
-.L192:
-	vld1.8	{d16},[r0]!
-	vmov.i8	q10,#8			@ borrow q10
-	vst1.32	{q3},[r2]!
-	vsub.i8	q2,q2,q10	@ adjust the mask
-
-.Loop192:
-	vtbl.8	d20,{q8},d4
-	vtbl.8	d21,{q8},d5
-	vext.8	q9,q0,q3,#12
-	vst1.32	{d16},[r2]!
-	.byte	0x00,0x43,0xf0,0xf3	@ aese q10,q0
-	subs	r1,r1,#1
-
-	veor	q3,q3,q9
-	vext.8	q9,q0,q9,#12
-	veor	q3,q3,q9
-	vext.8	q9,q0,q9,#12
-	veor	q3,q3,q9
-
-	vdup.32	q9,d7[1]
-	veor	q9,q9,q8
-	 veor	q10,q10,q1
-	vext.8	q8,q0,q8,#12
-	vshl.u8	q1,q1,#1
-	veor	q8,q8,q9
-	veor	q3,q3,q10
-	veor	q8,q8,q10
-	vst1.32	{q3},[r2]!
-	bne	.Loop192
-
-	mov	r12,#12
-	add	r2,r2,#0x20
-	b	.Ldone
-
-.align	4
-.L256:
-	vld1.8	{q8},[r0]
-	mov	r1,#7
-	mov	r12,#14
-	vst1.32	{q3},[r2]!
-
-.Loop256:
-	vtbl.8	d20,{q8},d4
-	vtbl.8	d21,{q8},d5
-	vext.8	q9,q0,q3,#12
-	vst1.32	{q8},[r2]!
-	.byte	0x00,0x43,0xf0,0xf3	@ aese q10,q0
-	subs	r1,r1,#1
-
-	veor	q3,q3,q9
-	vext.8	q9,q0,q9,#12
-	veor	q3,q3,q9
-	vext.8	q9,q0,q9,#12
-	 veor	q10,q10,q1
-	veor	q3,q3,q9
-	vshl.u8	q1,q1,#1
-	veor	q3,q3,q10
-	vst1.32	{q3},[r2]!
-	beq	.Ldone
-
-	vdup.32	q10,d7[1]
-	vext.8	q9,q0,q8,#12
-	.byte	0x00,0x43,0xf0,0xf3	@ aese q10,q0
-
-	veor	q8,q8,q9
-	vext.8	q9,q0,q9,#12
-	veor	q8,q8,q9
-	vext.8	q9,q0,q9,#12
-	veor	q8,q8,q9
-
-	veor	q8,q8,q10
-	b	.Loop256
-
-.Ldone:
-	str	r12,[r2]
-
-	eor	r0,r0,r0		@ return value
-	
-	bx	lr
-.size	aes_v8_set_encrypt_key,.-aes_v8_set_encrypt_key
-
-.globl	aes_v8_set_decrypt_key
-.type	aes_v8_set_decrypt_key,%function
-.align	5
-aes_v8_set_decrypt_key:
-	stmdb	sp!,{r4,lr}
-	bl	.Lenc_key
-
-	sub	r2,r2,#240		@ restore original r2
-	mov	r4,#-16
-	add	r0,r2,r12,lsl#4	@ end of key schedule
-
-	vld1.32	{q0},[r2]
-	vld1.32	{q1},[r0]
-	vst1.32	{q0},[r0],r4
-	vst1.32	{q1},[r2]!
-
-.Loop_imc:
-	vld1.32	{q0},[r2]
-	vld1.32	{q1},[r0]
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	vst1.32	{q0},[r0],r4
-	vst1.32	{q1},[r2]!
-	cmp	r0,r2
-	bhi	.Loop_imc
-
-	vld1.32	{q0},[r2]
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	vst1.32	{q0},[r0]
-
-	eor	r0,r0,r0		@ return value
-	ldmia	sp!,{r4,pc}
-.size	aes_v8_set_decrypt_key,.-aes_v8_set_decrypt_key
-.globl	aes_v8_encrypt
-.type	aes_v8_encrypt,%function
-.align	5
-aes_v8_encrypt:
-	ldr	r3,[r2,#240]
-	vld1.32	{q0},[r2]!
-	vld1.8	{q2},[r0]
-	sub	r3,r3,#2
-	vld1.32	{q1},[r2]!
-
-.Loop_enc:
-	.byte	0x00,0x43,0xb0,0xf3	@ aese q2,q0
-	vld1.32	{q0},[r2]!
-	.byte	0x84,0x43,0xb0,0xf3	@ aesmc q2,q2
-	subs	r3,r3,#2
-	.byte	0x02,0x43,0xb0,0xf3	@ aese q2,q1
-	vld1.32	{q1},[r2]!
-	.byte	0x84,0x43,0xb0,0xf3	@ aesmc q2,q2
-	bgt	.Loop_enc
-
-	.byte	0x00,0x43,0xb0,0xf3	@ aese q2,q0
-	vld1.32	{q0},[r2]
-	.byte	0x84,0x43,0xb0,0xf3	@ aesmc q2,q2
-	.byte	0x02,0x43,0xb0,0xf3	@ aese q2,q1
-	veor	q2,q2,q0
-
-	vst1.8	{q2},[r1]
-	bx	lr
-.size	aes_v8_encrypt,.-aes_v8_encrypt
-.globl	aes_v8_decrypt
-.type	aes_v8_decrypt,%function
-.align	5
-aes_v8_decrypt:
-	ldr	r3,[r2,#240]
-	vld1.32	{q0},[r2]!
-	vld1.8	{q2},[r0]
-	sub	r3,r3,#2
-	vld1.32	{q1},[r2]!
-
-.Loop_dec:
-	.byte	0x40,0x43,0xb0,0xf3	@ aesd q2,q0
-	vld1.32	{q0},[r2]!
-	.byte	0xc4,0x43,0xb0,0xf3	@ aesimc q2,q2
-	subs	r3,r3,#2
-	.byte	0x42,0x43,0xb0,0xf3	@ aesd q2,q1
-	vld1.32	{q1},[r2]!
-	.byte	0xc4,0x43,0xb0,0xf3	@ aesimc q2,q2
-	bgt	.Loop_dec
-
-	.byte	0x40,0x43,0xb0,0xf3	@ aesd q2,q0
-	vld1.32	{q0},[r2]
-	.byte	0xc4,0x43,0xb0,0xf3	@ aesimc q2,q2
-	.byte	0x42,0x43,0xb0,0xf3	@ aesd q2,q1
-	veor	q2,q2,q0
-
-	vst1.8	{q2},[r1]
-	bx	lr
-.size	aes_v8_decrypt,.-aes_v8_decrypt
-.globl	aes_v8_cbc_encrypt
-.type	aes_v8_cbc_encrypt,%function
-.align	5
-aes_v8_cbc_encrypt:
-	mov	ip,sp
-	stmdb	sp!,{r4-r8,lr}
-	vstmdb	sp!,{d8-d15}            @ ABI specification says so
-	ldmia	ip,{r4-r5}		@ load remaining args
-	subs	r2,r2,#16
-	mov	r8,#16
-	blo	.Lcbc_abort
-	moveq	r8,#0
-
-	cmp	r5,#0			@ en- or decrypting?
-	ldr	r5,[r3,#240]
-	and	r2,r2,#-16
-	vld1.8	{q6},[r4]
-	vld1.8	{q0},[r0],r8
-
-	vld1.32	{q8-q9},[r3]		@ load key schedule...
-	sub	r5,r5,#6
-	add	r7,r3,r5,lsl#4	@ pointer to last 7 round keys
-	sub	r5,r5,#2
-	vld1.32	{q10-q11},[r7]!
-	vld1.32	{q12-q13},[r7]!
-	vld1.32	{q14-q15},[r7]!
-	vld1.32	{q7},[r7]
-
-	add	r7,r3,#32
-	mov	r6,r5
-	beq	.Lcbc_dec
-
-	cmp	r5,#2
-	veor	q0,q0,q6
-	veor	q5,q8,q7
-	beq	.Lcbc_enc128
-
-.Loop_cbc_enc:
-	.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
-	vld1.32	{q8},[r7]!
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	subs	r6,r6,#2
-	.byte	0x22,0x03,0xb0,0xf3	@ aese q0,q9
-	vld1.32	{q9},[r7]!
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	bgt	.Loop_cbc_enc
-
-	.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 subs	r2,r2,#16
-	.byte	0x22,0x03,0xb0,0xf3	@ aese q0,q9
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 moveq	r8,#0
-	.byte	0x24,0x03,0xb0,0xf3	@ aese q0,q10
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 add	r7,r3,#16
-	.byte	0x26,0x03,0xb0,0xf3	@ aese q0,q11
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 vld1.8	{q8},[r0],r8
-	.byte	0x28,0x03,0xb0,0xf3	@ aese q0,q12
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 veor	q8,q8,q5
-	.byte	0x2a,0x03,0xb0,0xf3	@ aese q0,q13
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 vld1.32 {q9},[r7]!	@ re-pre-load rndkey[1]
-	.byte	0x2c,0x03,0xb0,0xf3	@ aese q0,q14
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x2e,0x03,0xb0,0xf3	@ aese q0,q15
-
-	 mov	r6,r5
-	veor	q6,q0,q7
-	vst1.8	{q6},[r1]!
-	bhs	.Loop_cbc_enc
-
-	b	.Lcbc_done
-
-.align	5
-.Lcbc_enc128:
-	vld1.32	{q2-q3},[r7]
-	.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	b	.Lenter_cbc_enc128
-.Loop_cbc_enc128:
-	.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 vst1.8	{q6},[r1]!
-.Lenter_cbc_enc128:
-	.byte	0x22,0x03,0xb0,0xf3	@ aese q0,q9
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 subs	r2,r2,#16
-	.byte	0x04,0x03,0xb0,0xf3	@ aese q0,q2
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 moveq	r8,#0
-	.byte	0x06,0x03,0xb0,0xf3	@ aese q0,q3
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x24,0x03,0xb0,0xf3	@ aese q0,q10
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x26,0x03,0xb0,0xf3	@ aese q0,q11
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 vld1.8	{q8},[r0],r8
-	.byte	0x28,0x03,0xb0,0xf3	@ aese q0,q12
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x2a,0x03,0xb0,0xf3	@ aese q0,q13
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x2c,0x03,0xb0,0xf3	@ aese q0,q14
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 veor	q8,q8,q5
-	.byte	0x2e,0x03,0xb0,0xf3	@ aese q0,q15
-	veor	q6,q0,q7
-	bhs	.Loop_cbc_enc128
-
-	vst1.8	{q6},[r1]!
-	b	.Lcbc_done
-
-.align	5
-.Lcbc_dec128:
-	vld1.32	{q4-q5},[r7]
-	veor	q6,q6,q7
-	veor	q2,q0,q7
-	mov	r12,r8
-
-.Loop2x_cbc_dec128:
-	.byte	0x60,0x03,0xb0,0xf3	@ aesd q0,q8
-	.byte	0x60,0x23,0xb0,0xf3	@ aesd q1,q8
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	 subs	r2,r2,#32
-	.byte	0x62,0x03,0xb0,0xf3	@ aesd q0,q9
-	.byte	0x62,0x23,0xb0,0xf3	@ aesd q1,q9
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	 movlo	r8,#0
-	.byte	0x48,0x03,0xb0,0xf3	@ aesd q0,q4
-	.byte	0x48,0x23,0xb0,0xf3	@ aesd q1,q4
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	 movls	r12,#0
-	.byte	0x4a,0x03,0xb0,0xf3	@ aesd q0,q5
-	.byte	0x4a,0x23,0xb0,0xf3	@ aesd q1,q5
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	.byte	0x64,0x03,0xb0,0xf3	@ aesd q0,q10
-	.byte	0x64,0x23,0xb0,0xf3	@ aesd q1,q10
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	.byte	0x66,0x03,0xb0,0xf3	@ aesd q0,q11
-	.byte	0x66,0x23,0xb0,0xf3	@ aesd q1,q11
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	.byte	0x68,0x03,0xb0,0xf3	@ aesd q0,q12
-	.byte	0x68,0x23,0xb0,0xf3	@ aesd q1,q12
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	.byte	0x6a,0x03,0xb0,0xf3	@ aesd q0,q13
-	.byte	0x6a,0x23,0xb0,0xf3	@ aesd q1,q13
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	.byte	0x6c,0x03,0xb0,0xf3	@ aesd q0,q14
-	.byte	0x6c,0x23,0xb0,0xf3	@ aesd q1,q14
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	.byte	0x6e,0x03,0xb0,0xf3	@ aesd q0,q15
-	.byte	0x6e,0x23,0xb0,0xf3	@ aesd q1,q15
-
-	veor	q6,q6,q0
-	vld1.8	{q0},[r0],r8
-	veor	q2,q2,q1
-	vld1.8	{q1},[r0],r12
-	vst1.8	{q6},[r1]!
-	veor	q6,q3,q7
-	vst1.8	{q2},[r1]!
-	veor	q2,q0,q7
-	vorr	q3,q1,q1
-	bhs	.Loop2x_cbc_dec128
-
-	adds	r2,r2,#32
-	veor	q6,q6,q7
-	beq	.Lcbc_done
-	veor	q2,q2,q7
-	b	.Lcbc_dec_tail
-
-.align	5
-.Lcbc_dec:
-	subs	r2,r2,#16
-	vorr	q2,q0,q0
-	blo	.Lcbc_dec_tail
-
-	moveq	r8,#0
-	cmp	r5,#2
-	vld1.8	{q1},[r0],r8
-	vorr	q3,q1,q1
-	beq	.Lcbc_dec128
-
-.Loop2x_cbc_dec:
-	.byte	0x60,0x03,0xb0,0xf3	@ aesd q0,q8
-	.byte	0x60,0x23,0xb0,0xf3	@ aesd q1,q8
-	vld1.32	{q8},[r7]!
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	subs	r6,r6,#2
-	.byte	0x62,0x03,0xb0,0xf3	@ aesd q0,q9
-	.byte	0x62,0x23,0xb0,0xf3	@ aesd q1,q9
-	vld1.32	{q9},[r7]!
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	bgt	.Loop2x_cbc_dec
-
-	.byte	0x60,0x03,0xb0,0xf3	@ aesd q0,q8
-	.byte	0x60,0x23,0xb0,0xf3	@ aesd q1,q8
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	 veor	q4,q6,q7
-	 veor	q5,q2,q7
-	.byte	0x62,0x03,0xb0,0xf3	@ aesd q0,q9
-	.byte	0x62,0x23,0xb0,0xf3	@ aesd q1,q9
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	 vorr	q6,q3,q3
-	 subs	r2,r2,#32
-	.byte	0x64,0x03,0xb0,0xf3	@ aesd q0,q10
-	.byte	0x64,0x23,0xb0,0xf3	@ aesd q1,q10
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	 movlo	r8,#0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	 mov	r7,r3
-	.byte	0x66,0x03,0xb0,0xf3	@ aesd q0,q11
-	.byte	0x66,0x23,0xb0,0xf3	@ aesd q1,q11
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	 vld1.8	{q2},[r0],r8
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	 movls	r8,#0
-	.byte	0x68,0x03,0xb0,0xf3	@ aesd q0,q12
-	.byte	0x68,0x23,0xb0,0xf3	@ aesd q1,q12
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	 vld1.8	{q3},[r0],r8
-	.byte	0x6a,0x03,0xb0,0xf3	@ aesd q0,q13
-	.byte	0x6a,0x23,0xb0,0xf3	@ aesd q1,q13
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	 vld1.32 {q8},[r7]!	@ re-pre-load rndkey[0]
-	.byte	0x6c,0x03,0xb0,0xf3	@ aesd q0,q14
-	.byte	0x6c,0x23,0xb0,0xf3	@ aesd q1,q14
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0xc2,0x23,0xb0,0xf3	@ aesimc q1,q1
-	 vld1.32 {q9},[r7]!	@ re-pre-load rndkey[1]
-	.byte	0x6e,0x03,0xb0,0xf3	@ aesd q0,q15
-	.byte	0x6e,0x23,0xb0,0xf3	@ aesd q1,q15
-
-	 mov	r6,r5
-	veor	q4,q4,q0
-	veor	q5,q5,q1
-	 vorr	q0,q2,q2
-	vst1.8	{q4},[r1]!
-	 vorr	q1,q3,q3
-	vst1.8	{q5},[r1]!
-	bhs	.Loop2x_cbc_dec
-
-	adds	r2,r2,#32
-	beq	.Lcbc_done
-
-.Lcbc_dec_tail:
-	.byte	0x60,0x03,0xb0,0xf3	@ aesd q0,q8
-	vld1.32	{q8},[r7]!
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	subs	r6,r6,#2
-	.byte	0x62,0x03,0xb0,0xf3	@ aesd q0,q9
-	vld1.32	{q9},[r7]!
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	bgt	.Lcbc_dec_tail
-
-	.byte	0x60,0x03,0xb0,0xf3	@ aesd q0,q8
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0x62,0x03,0xb0,0xf3	@ aesd q0,q9
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	 veor	q4,q6,q7
-	.byte	0x64,0x03,0xb0,0xf3	@ aesd q0,q10
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	 vorr	q6,q2,q2
-	.byte	0x66,0x03,0xb0,0xf3	@ aesd q0,q11
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0x68,0x03,0xb0,0xf3	@ aesd q0,q12
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0x6a,0x03,0xb0,0xf3	@ aesd q0,q13
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0x6c,0x03,0xb0,0xf3	@ aesd q0,q14
-	.byte	0xc0,0x03,0xb0,0xf3	@ aesimc q0,q0
-	.byte	0x6e,0x03,0xb0,0xf3	@ aesd q0,q15
-
-	veor	q4,q4,q0
-	vst1.8	{q4},[r1]!
-
-.Lcbc_done:
-	vst1.8	{q6},[r4]
-.Lcbc_abort:
-	vldmia	sp!,{d8-d15}
-	ldmia	sp!,{r4-r8,pc}
-.size	aes_v8_cbc_encrypt,.-aes_v8_cbc_encrypt
-.globl	aes_v8_ctr32_encrypt_blocks
-.type	aes_v8_ctr32_encrypt_blocks,%function
-.align	5
-aes_v8_ctr32_encrypt_blocks:
-	mov		ip,sp
-	stmdb		sp!,{r4-r10,lr}
-	vstmdb		sp!,{d8-d15}            @ ABI specification says so
-	ldr		r4, [ip]		@ load remaining arg
-	ldr		r5,[r3,#240]
-
-	ldr		r8, [r4, #12]
-	vld1.32		{q0},[r4]
-
-	vld1.32		{q8-q9},[r3]		@ load key schedule...
-	sub		r5,r5,#6
-	add		r7,r3,r5,lsl#4	@ pointer to last 7 round keys
-	sub		r5,r5,#2
-	vld1.32		{q10-q11},[r7]!
-	vld1.32		{q12-q13},[r7]!
-	vld1.32		{q14-q15},[r7]!
-	vld1.32		{q7},[r7]
-
-	add		r7,r3,#32
-	mov		r6,r5
-
-	subs		r2,r2,#2
-	blo		.Lctr32_tail
-
-#ifndef __ARMEB__
-	rev		r8, r8
-#endif
-	vorr		q1,q0,q0
-	add		r8, r8, #1
-	vorr		q6,q0,q0
-	rev		r10, r8
-	cmp		r5,#2
-	vmov.32	d3[1],r10
-	beq		.Lctr32_128
-
-.Loop2x_ctr32:
-	.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
-	.byte	0x20,0x23,0xb0,0xf3	@ aese q1,q8
-	vld1.32		{q8},[r7]!
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
-	subs		r6,r6,#2
-	.byte	0x22,0x03,0xb0,0xf3	@ aese q0,q9
-	.byte	0x22,0x23,0xb0,0xf3	@ aese q1,q9
-	vld1.32		{q9},[r7]!
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
-	bgt		.Loop2x_ctr32
-
-	.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
-	.byte	0x20,0x23,0xb0,0xf3	@ aese q1,q8
-	.byte	0x80,0x83,0xb0,0xf3	@ aesmc q4,q0
-	 vorr		q0,q6,q6
-	.byte	0x82,0xa3,0xb0,0xf3	@ aesmc q5,q1
-	 vorr		q1,q6,q6
-	.byte	0x22,0x83,0xb0,0xf3	@ aese q4,q9
-	.byte	0x22,0xa3,0xb0,0xf3	@ aese q5,q9
-	 vld1.8		{q2},[r0]!
-	.byte	0x88,0x83,0xb0,0xf3	@ aesmc q4,q4
-	 vld1.8		{q3},[r0]!
-	.byte	0x8a,0xa3,0xb0,0xf3	@ aesmc q5,q5
-	 add		r8,r8,#1
-	.byte	0x24,0x83,0xb0,0xf3	@ aese q4,q10
-	.byte	0x24,0xa3,0xb0,0xf3	@ aese q5,q10
-	 rev		r9,r8
-	.byte	0x88,0x83,0xb0,0xf3	@ aesmc q4,q4
-	.byte	0x8a,0xa3,0xb0,0xf3	@ aesmc q5,q5
-	 add		r8,r8,#1
-	.byte	0x26,0x83,0xb0,0xf3	@ aese q4,q11
-	.byte	0x26,0xa3,0xb0,0xf3	@ aese q5,q11
-	 veor		q2,q2,q7
-	 rev		r10,r8
-	.byte	0x88,0x83,0xb0,0xf3	@ aesmc q4,q4
-	.byte	0x8a,0xa3,0xb0,0xf3	@ aesmc q5,q5
-	 veor		q3,q3,q7
-	 mov		r7,r3
-	.byte	0x28,0x83,0xb0,0xf3	@ aese q4,q12
-	.byte	0x28,0xa3,0xb0,0xf3	@ aese q5,q12
-	 subs		r2,r2,#2
-	.byte	0x88,0x83,0xb0,0xf3	@ aesmc q4,q4
-	.byte	0x8a,0xa3,0xb0,0xf3	@ aesmc q5,q5
-	 vld1.32	 {q8-q9},[r7]!	@ re-pre-load rndkey[0-1]
-	.byte	0x2a,0x83,0xb0,0xf3	@ aese q4,q13
-	.byte	0x2a,0xa3,0xb0,0xf3	@ aese q5,q13
-	.byte	0x88,0x83,0xb0,0xf3	@ aesmc q4,q4
-	.byte	0x8a,0xa3,0xb0,0xf3	@ aesmc q5,q5
-	.byte	0x2c,0x83,0xb0,0xf3	@ aese q4,q14
-	.byte	0x2c,0xa3,0xb0,0xf3	@ aese q5,q14
-	 vmov.32	d1[1], r9
-	.byte	0x88,0x83,0xb0,0xf3	@ aesmc q4,q4
-	 vmov.32	d3[1], r10
-	.byte	0x8a,0xa3,0xb0,0xf3	@ aesmc q5,q5
-	.byte	0x2e,0x83,0xb0,0xf3	@ aese q4,q15
-	.byte	0x2e,0xa3,0xb0,0xf3	@ aese q5,q15
-
-	 mov		r6,r5
-	veor		q2,q2,q4
-	veor		q3,q3,q5
-	vst1.8		{q2},[r1]!
-	vst1.8		{q3},[r1]!
-	bhs		.Loop2x_ctr32
-
-	adds		r2,r2,#2
-	beq		.Lctr32_done
-	b		.Lctr32_tail
-
-.Lctr32_128:
-	vld1.32		{q4-q5},[r7]
-
-.Loop2x_ctr32_128:
-	.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
-	.byte	0x20,0x23,0xb0,0xf3	@ aese q1,q8
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 vld1.8		{q2},[r0]!
-	.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
-	 vld1.8		{q3},[r0]!
-	.byte	0x22,0x03,0xb0,0xf3	@ aese q0,q9
-	.byte	0x22,0x23,0xb0,0xf3	@ aese q1,q9
-	 add		r8,r8,#1
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
-	 rev		r9,r8
-	.byte	0x08,0x03,0xb0,0xf3	@ aese q0,q4
-	.byte	0x08,0x23,0xb0,0xf3	@ aese q1,q4
-	 add		r8,r8,#1
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
-	 rev		r10,r8
-	.byte	0x0a,0x03,0xb0,0xf3	@ aese q0,q5
-	.byte	0x0a,0x23,0xb0,0xf3	@ aese q1,q5
-	 subs		r2,r2,#2
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
-	.byte	0x24,0x03,0xb0,0xf3	@ aese q0,q10
-	.byte	0x24,0x23,0xb0,0xf3	@ aese q1,q10
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
-	.byte	0x26,0x03,0xb0,0xf3	@ aese q0,q11
-	.byte	0x26,0x23,0xb0,0xf3	@ aese q1,q11
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
-	.byte	0x28,0x03,0xb0,0xf3	@ aese q0,q12
-	.byte	0x28,0x23,0xb0,0xf3	@ aese q1,q12
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
-	.byte	0x2a,0x03,0xb0,0xf3	@ aese q0,q13
-	.byte	0x2a,0x23,0xb0,0xf3	@ aese q1,q13
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
-	.byte	0x2c,0x03,0xb0,0xf3	@ aese q0,q14
-	.byte	0x2c,0x23,0xb0,0xf3	@ aese q1,q14
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
-	 veor		q2,q2,q7
-	.byte	0x2e,0x03,0xb0,0xf3	@ aese q0,q15
-	 veor		q3,q3,q7
-	.byte	0x2e,0x23,0xb0,0xf3	@ aese q1,q15
-
-	veor		q2,q2,q0
-	vorr		q0,q6,q6
-	veor		q3,q3,q1
-	vorr		q1,q6,q6
-	vst1.8		{q2},[r1]!
-	vmov.32	d1[1], r9
-	vst1.8		{q3},[r1]!
-	vmov.32	d3[1], r10
-	bhs		.Loop2x_ctr32_128
-
-	adds		r2,r2,#2
-	beq		.Lctr32_done
-
-.Lctr32_tail:
-	.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
-	vld1.32		{q8},[r7]!
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	subs		r6,r6,#2
-	.byte	0x22,0x03,0xb0,0xf3	@ aese q0,q9
-	vld1.32		{q9},[r7]!
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	bgt		.Lctr32_tail
-
-	.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x22,0x03,0xb0,0xf3	@ aese q0,q9
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 vld1.8		{q2},[r0]
-	.byte	0x24,0x03,0xb0,0xf3	@ aese q0,q10
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x26,0x03,0xb0,0xf3	@ aese q0,q11
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x28,0x03,0xb0,0xf3	@ aese q0,q12
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x2a,0x03,0xb0,0xf3	@ aese q0,q13
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	.byte	0x2c,0x03,0xb0,0xf3	@ aese q0,q14
-	.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
-	 veor		q2,q2,q7
-	.byte	0x2e,0x03,0xb0,0xf3	@ aese q0,q15
-
-	veor		q2,q2,q0
-	vst1.8		{q2},[r1]
-
-.Lctr32_done:
-	vldmia		sp!,{d8-d15}
-	ldmia		sp!,{r4-r10,pc}
-.size	aes_v8_ctr32_encrypt_blocks,.-aes_v8_ctr32_encrypt_blocks
-#endif
diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
deleted file mode 100644
index 415dc04a23..0000000000
--- a/crypto/aes/asm/aesv8-armx.pl
+++ /dev/null
@@ -1,980 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# This module implements support for ARMv8 AES instructions. The
-# module is endian-agnostic in sense that it supports both big- and
-# little-endian cases. As does it support both 32- and 64-bit modes
-# of operation. Latter is achieved by limiting amount of utilized
-# registers to 16, which implies additional instructions. This has
-# no effect on mighty Apple A7, as results are literally equal to
-# the theoretical estimates based on instruction latencies and issue
-# rate. It remains to be seen how does it affect other platforms...
-#
-# Performance in cycles per byte processed with 128-bit key:
-#
-#		CBC enc		CBC dec		CTR
-# Apple A7	2.39		1.20		1.20
-# Cortex-A5x	n/a		n/a		n/a
-
-$flavour = shift;
-open STDOUT,">".shift;
-
-$prefix="aes_v8";
-
-$code=<<___;
-#include "arm_arch.h"
-
-#if __ARM_ARCH__>=7
-.text
-___
-$code.=".arch	armv8-a+crypto\n"	if ($flavour =~ /64/);
-$code.=".fpu	neon\n.code	32\n"	if ($flavour !~ /64/);
-
-# Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax,
-# NEON is mostly 32-bit mnemonics, integer - mostly 64. Goal is to
-# maintain both 32- and 64-bit codes within single module and
-# transliterate common code to either flavour with regex vodoo.
-#
-{{{
-my ($inp,$bits,$out,$ptr,$rounds)=("x0","w1","x2","x3","w12");
-my ($zero,$rcon,$mask,$in0,$in1,$tmp,$key)=
-	$flavour=~/64/? map("q$_",(0..6)) : map("q$_",(0..3,8..10));
-
-
-$code.=<<___;
-.align	5
-rcon:
-.long	0x01,0x01,0x01,0x01
-.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d	// rotate-n-splat
-.long	0x1b,0x1b,0x1b,0x1b
-
-.globl	${prefix}_set_encrypt_key
-.type	${prefix}_set_encrypt_key,%function
-.align	5
-${prefix}_set_encrypt_key:
-.Lenc_key:
-___
-$code.=<<___	if ($flavour =~ /64/);
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-___
-$code.=<<___;
-	adr	$ptr,rcon
-	cmp	$bits,#192
-
-	veor	$zero,$zero,$zero
-	vld1.8	{$in0},[$inp],#16
-	mov	$bits,#8		// reuse $bits
-	vld1.32	{$rcon,$mask},[$ptr],#32
-
-	b.lt	.Loop128
-	b.eq	.L192
-	b	.L256
-
-.align	4
-.Loop128:
-	vtbl.8	$key,{$in0},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in0},[$out],#16
-	aese	$key,$zero
-	subs	$bits,$bits,#1
-
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	 veor	$key,$key,$rcon
-	veor	$in0,$in0,$tmp
-	vshl.u8	$rcon,$rcon,#1
-	veor	$in0,$in0,$key
-	b.ne	.Loop128
-
-	vld1.32	{$rcon},[$ptr]
-
-	vtbl.8	$key,{$in0},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in0},[$out],#16
-	aese	$key,$zero
-
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	 veor	$key,$key,$rcon
-	veor	$in0,$in0,$tmp
-	vshl.u8	$rcon,$rcon,#1
-	veor	$in0,$in0,$key
-
-	vtbl.8	$key,{$in0},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in0},[$out],#16
-	aese	$key,$zero
-
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	 veor	$key,$key,$rcon
-	veor	$in0,$in0,$tmp
-	veor	$in0,$in0,$key
-	vst1.32	{$in0},[$out]
-	add	$out,$out,#0x50
-
-	mov	$rounds,#10
-	b	.Ldone
-
-.align	4
-.L192:
-	vld1.8	{$in1},[$inp],#8
-	vmov.i8	$key,#8			// borrow $key
-	vst1.32	{$in0},[$out],#16
-	vsub.i8	$mask,$mask,$key	// adjust the mask
-
-.Loop192:
-	vtbl.8	$key,{$in1},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in1},[$out],#8
-	aese	$key,$zero
-	subs	$bits,$bits,#1
-
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-
-	vdup.32	$tmp,${in0}[3]
-	veor	$tmp,$tmp,$in1
-	 veor	$key,$key,$rcon
-	vext.8	$in1,$zero,$in1,#12
-	vshl.u8	$rcon,$rcon,#1
-	veor	$in1,$in1,$tmp
-	veor	$in0,$in0,$key
-	veor	$in1,$in1,$key
-	vst1.32	{$in0},[$out],#16
-	b.ne	.Loop192
-
-	mov	$rounds,#12
-	add	$out,$out,#0x20
-	b	.Ldone
-
-.align	4
-.L256:
-	vld1.8	{$in1},[$inp]
-	mov	$bits,#7
-	mov	$rounds,#14
-	vst1.32	{$in0},[$out],#16
-
-.Loop256:
-	vtbl.8	$key,{$in1},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in1},[$out],#16
-	aese	$key,$zero
-	subs	$bits,$bits,#1
-
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	 veor	$key,$key,$rcon
-	veor	$in0,$in0,$tmp
-	vshl.u8	$rcon,$rcon,#1
-	veor	$in0,$in0,$key
-	vst1.32	{$in0},[$out],#16
-	b.eq	.Ldone
-
-	vdup.32	$key,${in0}[3]		// just splat
-	vext.8	$tmp,$zero,$in1,#12
-	aese	$key,$zero
-
-	veor	$in1,$in1,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in1,$in1,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in1,$in1,$tmp
-
-	veor	$in1,$in1,$key
-	b	.Loop256
-
-.Ldone:
-	str	$rounds,[$out]
-
-	eor	x0,x0,x0		// return value
-	`"ldr	x29,[sp],#16"		if ($flavour =~ /64/)`
-	ret
-.size	${prefix}_set_encrypt_key,.-${prefix}_set_encrypt_key
-
-.globl	${prefix}_set_decrypt_key
-.type	${prefix}_set_decrypt_key,%function
-.align	5
-${prefix}_set_decrypt_key:
-___
-$code.=<<___	if ($flavour =~ /64/);
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-___
-$code.=<<___	if ($flavour !~ /64/);
-	stmdb	sp!,{r4,lr}
-___
-$code.=<<___;
-	bl	.Lenc_key
-
-	sub	$out,$out,#240		// restore original $out
-	mov	x4,#-16
-	add	$inp,$out,x12,lsl#4	// end of key schedule
-
-	vld1.32	{v0.16b},[$out]
-	vld1.32	{v1.16b},[$inp]
-	vst1.32	{v0.16b},[$inp],x4
-	vst1.32	{v1.16b},[$out],#16
-
-.Loop_imc:
-	vld1.32	{v0.16b},[$out]
-	vld1.32	{v1.16b},[$inp]
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	vst1.32	{v0.16b},[$inp],x4
-	vst1.32	{v1.16b},[$out],#16
-	cmp	$inp,$out
-	b.hi	.Loop_imc
-
-	vld1.32	{v0.16b},[$out]
-	aesimc	v0.16b,v0.16b
-	vst1.32	{v0.16b},[$inp]
-
-	eor	x0,x0,x0		// return value
-___
-$code.=<<___	if ($flavour !~ /64/);
-	ldmia	sp!,{r4,pc}
-___
-$code.=<<___	if ($flavour =~ /64/);
-	ldp	x29,x30,[sp],#16
-	ret
-___
-$code.=<<___;
-.size	${prefix}_set_decrypt_key,.-${prefix}_set_decrypt_key
-___
-}}}
-{{{
-sub gen_block () {
-my $dir = shift;
-my ($e,$mc) = $dir eq "en" ? ("e","mc") : ("d","imc");
-my ($inp,$out,$key)=map("x$_",(0..2));
-my $rounds="w3";
-my ($rndkey0,$rndkey1,$inout)=map("q$_",(0..3));
-
-$code.=<<___;
-.globl	${prefix}_${dir}crypt
-.type	${prefix}_${dir}crypt,%function
-.align	5
-${prefix}_${dir}crypt:
-	ldr	$rounds,[$key,#240]
-	vld1.32	{$rndkey0},[$key],#16
-	vld1.8	{$inout},[$inp]
-	sub	$rounds,$rounds,#2
-	vld1.32	{$rndkey1},[$key],#16
-
-.Loop_${dir}c:
-	aes$e	$inout,$rndkey0
-	vld1.32	{$rndkey0},[$key],#16
-	aes$mc	$inout,$inout
-	subs	$rounds,$rounds,#2
-	aes$e	$inout,$rndkey1
-	vld1.32	{$rndkey1},[$key],#16
-	aes$mc	$inout,$inout
-	b.gt	.Loop_${dir}c
-
-	aes$e	$inout,$rndkey0
-	vld1.32	{$rndkey0},[$key]
-	aes$mc	$inout,$inout
-	aes$e	$inout,$rndkey1
-	veor	$inout,$inout,$rndkey0
-
-	vst1.8	{$inout},[$out]
-	ret
-.size	${prefix}_${dir}crypt,.-${prefix}_${dir}crypt
-___
-}
-&gen_block("en");
-&gen_block("de");
-}}}
-{{{
-my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4)); my $enc="w5";
-my ($rounds,$cnt,$key_,$step,$step1)=($enc,"w6","x7","x8","x12");
-my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7));
-
-my ($dat,$tmp,$rndzero_n_last)=($dat0,$tmp0,$tmp1);
-
-### q8-q15	preloaded key schedule
-
-$code.=<<___;
-.globl	${prefix}_cbc_encrypt
-.type	${prefix}_cbc_encrypt,%function
-.align	5
-${prefix}_cbc_encrypt:
-___
-$code.=<<___	if ($flavour =~ /64/);
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-___
-$code.=<<___	if ($flavour !~ /64/);
-	mov	ip,sp
-	stmdb	sp!,{r4-r8,lr}
-	vstmdb	sp!,{d8-d15}            @ ABI specification says so
-	ldmia	ip,{r4-r5}		@ load remaining args
-___
-$code.=<<___;
-	subs	$len,$len,#16
-	mov	$step,#16
-	b.lo	.Lcbc_abort
-	cclr	$step,eq
-
-	cmp	$enc,#0			// en- or decrypting?
-	ldr	$rounds,[$key,#240]
-	and	$len,$len,#-16
-	vld1.8	{$ivec},[$ivp]
-	vld1.8	{$dat},[$inp],$step
-
-	vld1.32	{q8-q9},[$key]		// load key schedule...
-	sub	$rounds,$rounds,#6
-	add	$key_,$key,x5,lsl#4	// pointer to last 7 round keys
-	sub	$rounds,$rounds,#2
-	vld1.32	{q10-q11},[$key_],#32
-	vld1.32	{q12-q13},[$key_],#32
-	vld1.32	{q14-q15},[$key_],#32
-	vld1.32	{$rndlast},[$key_]
-
-	add	$key_,$key,#32
-	mov	$cnt,$rounds
-	b.eq	.Lcbc_dec
-
-	cmp	$rounds,#2
-	veor	$dat,$dat,$ivec
-	veor	$rndzero_n_last,q8,$rndlast
-	b.eq	.Lcbc_enc128
-
-.Loop_cbc_enc:
-	aese	$dat,q8
-	vld1.32	{q8},[$key_],#16
-	aesmc	$dat,$dat
-	subs	$cnt,$cnt,#2
-	aese	$dat,q9
-	vld1.32	{q9},[$key_],#16
-	aesmc	$dat,$dat
-	b.gt	.Loop_cbc_enc
-
-	aese	$dat,q8
-	aesmc	$dat,$dat
-	 subs	$len,$len,#16
-	aese	$dat,q9
-	aesmc	$dat,$dat
-	 cclr	$step,eq
-	aese	$dat,q10
-	aesmc	$dat,$dat
-	 add	$key_,$key,#16
-	aese	$dat,q11
-	aesmc	$dat,$dat
-	 vld1.8	{q8},[$inp],$step
-	aese	$dat,q12
-	aesmc	$dat,$dat
-	 veor	q8,q8,$rndzero_n_last
-	aese	$dat,q13
-	aesmc	$dat,$dat
-	 vld1.32 {q9},[$key_],#16	// re-pre-load rndkey[1]
-	aese	$dat,q14
-	aesmc	$dat,$dat
-	aese	$dat,q15
-
-	 mov	$cnt,$rounds
-	veor	$ivec,$dat,$rndlast
-	vst1.8	{$ivec},[$out],#16
-	b.hs	.Loop_cbc_enc
-
-	b	.Lcbc_done
-
-.align	5
-.Lcbc_enc128:
-	vld1.32	{$in0-$in1},[$key_]
-	aese	$dat,q8
-	aesmc	$dat,$dat
-	b	.Lenter_cbc_enc128
-.Loop_cbc_enc128:
-	aese	$dat,q8
-	aesmc	$dat,$dat
-	 vst1.8	{$ivec},[$out],#16
-.Lenter_cbc_enc128:
-	aese	$dat,q9
-	aesmc	$dat,$dat
-	 subs	$len,$len,#16
-	aese	$dat,$in0
-	aesmc	$dat,$dat
-	 cclr	$step,eq
-	aese	$dat,$in1
-	aesmc	$dat,$dat
-	aese	$dat,q10
-	aesmc	$dat,$dat
-	aese	$dat,q11
-	aesmc	$dat,$dat
-	 vld1.8	{q8},[$inp],$step
-	aese	$dat,q12
-	aesmc	$dat,$dat
-	aese	$dat,q13
-	aesmc	$dat,$dat
-	aese	$dat,q14
-	aesmc	$dat,$dat
-	 veor	q8,q8,$rndzero_n_last
-	aese	$dat,q15
-	veor	$ivec,$dat,$rndlast
-	b.hs	.Loop_cbc_enc128
-
-	vst1.8	{$ivec},[$out],#16
-	b	.Lcbc_done
-
-.align	5
-.Lcbc_dec128:
-	vld1.32	{$tmp0-$tmp1},[$key_]
-	veor	$ivec,$ivec,$rndlast
-	veor	$in0,$dat0,$rndlast
-	mov	$step1,$step
-
-.Loop2x_cbc_dec128:
-	aesd	$dat0,q8
-	aesd	$dat1,q8
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	 subs	$len,$len,#32
-	aesd	$dat0,q9
-	aesd	$dat1,q9
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	 cclr	$step,lo
-	aesd	$dat0,$tmp0
-	aesd	$dat1,$tmp0
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	 cclr	$step1,ls
-	aesd	$dat0,$tmp1
-	aesd	$dat1,$tmp1
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	aesd	$dat0,q10
-	aesd	$dat1,q10
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	aesd	$dat0,q11
-	aesd	$dat1,q11
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	aesd	$dat0,q12
-	aesd	$dat1,q12
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	aesd	$dat0,q13
-	aesd	$dat1,q13
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	aesd	$dat0,q14
-	aesd	$dat1,q14
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	aesd	$dat0,q15
-	aesd	$dat1,q15
-
-	veor	$ivec,$ivec,$dat0
-	vld1.8	{$dat0},[$inp],$step
-	veor	$in0,$in0,$dat1
-	vld1.8	{$dat1},[$inp],$step1
-	vst1.8	{$ivec},[$out],#16
-	veor	$ivec,$in1,$rndlast
-	vst1.8	{$in0},[$out],#16
-	veor	$in0,$dat0,$rndlast
-	vorr	$in1,$dat1,$dat1
-	b.hs	.Loop2x_cbc_dec128
-
-	adds	$len,$len,#32
-	veor	$ivec,$ivec,$rndlast
-	b.eq	.Lcbc_done
-	veor	$in0,$in0,$rndlast
-	b	.Lcbc_dec_tail
-
-.align	5
-.Lcbc_dec:
-	subs	$len,$len,#16
-	vorr	$in0,$dat,$dat
-	b.lo	.Lcbc_dec_tail
-
-	cclr	$step,eq
-	cmp	$rounds,#2
-	vld1.8	{$dat1},[$inp],$step
-	vorr	$in1,$dat1,$dat1
-	b.eq	.Lcbc_dec128
-
-.Loop2x_cbc_dec:
-	aesd	$dat0,q8
-	aesd	$dat1,q8
-	vld1.32	{q8},[$key_],#16
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	subs	$cnt,$cnt,#2
-	aesd	$dat0,q9
-	aesd	$dat1,q9
-	vld1.32	{q9},[$key_],#16
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	b.gt	.Loop2x_cbc_dec
-
-	aesd	$dat0,q8
-	aesd	$dat1,q8
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	 veor	$tmp0,$ivec,$rndlast
-	 veor	$tmp1,$in0,$rndlast
-	aesd	$dat0,q9
-	aesd	$dat1,q9
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	 vorr	$ivec,$in1,$in1
-	 subs	$len,$len,#32
-	aesd	$dat0,q10
-	aesd	$dat1,q10
-	aesimc	$dat0,$dat0
-	 cclr	$step,lo
-	aesimc	$dat1,$dat1
-	 mov	$key_,$key
-	aesd	$dat0,q11
-	aesd	$dat1,q11
-	aesimc	$dat0,$dat0
-	 vld1.8	{$in0},[$inp],$step
-	aesimc	$dat1,$dat1
-	 cclr	$step,ls
-	aesd	$dat0,q12
-	aesd	$dat1,q12
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	 vld1.8	{$in1},[$inp],$step
-	aesd	$dat0,q13
-	aesd	$dat1,q13
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	 vld1.32 {q8},[$key_],#16	// re-pre-load rndkey[0]
-	aesd	$dat0,q14
-	aesd	$dat1,q14
-	aesimc	$dat0,$dat0
-	aesimc	$dat1,$dat1
-	 vld1.32 {q9},[$key_],#16	// re-pre-load rndkey[1]
-	aesd	$dat0,q15
-	aesd	$dat1,q15
-
-	 mov	$cnt,$rounds
-	veor	$tmp0,$tmp0,$dat0
-	veor	$tmp1,$tmp1,$dat1
-	 vorr	$dat0,$in0,$in0
-	vst1.8	{$tmp0},[$out],#16
-	 vorr	$dat1,$in1,$in1
-	vst1.8	{$tmp1},[$out],#16
-	b.hs	.Loop2x_cbc_dec
-
-	adds	$len,$len,#32
-	b.eq	.Lcbc_done
-
-.Lcbc_dec_tail:
-	aesd	$dat,q8
-	vld1.32	{q8},[$key_],#16
-	aesimc	$dat,$dat
-	subs	$cnt,$cnt,#2
-	aesd	$dat,q9
-	vld1.32	{q9},[$key_],#16
-	aesimc	$dat,$dat
-	b.gt	.Lcbc_dec_tail
-
-	aesd	$dat,q8
-	aesimc	$dat,$dat
-	aesd	$dat,q9
-	aesimc	$dat,$dat
-	 veor	$tmp,$ivec,$rndlast
-	aesd	$dat,q10
-	aesimc	$dat,$dat
-	 vorr	$ivec,$in0,$in0
-	aesd	$dat,q11
-	aesimc	$dat,$dat
-	aesd	$dat,q12
-	aesimc	$dat,$dat
-	aesd	$dat,q13
-	aesimc	$dat,$dat
-	aesd	$dat,q14
-	aesimc	$dat,$dat
-	aesd	$dat,q15
-
-	veor	$tmp,$tmp,$dat
-	vst1.8	{$tmp},[$out],#16
-
-.Lcbc_done:
-	vst1.8	{$ivec},[$ivp]
-.Lcbc_abort:
-___
-$code.=<<___	if ($flavour !~ /64/);
-	vldmia	sp!,{d8-d15}
-	ldmia	sp!,{r4-r8,pc}
-___
-$code.=<<___	if ($flavour =~ /64/);
-	ldr	x29,[sp],#16
-	ret
-___
-$code.=<<___;
-.size	${prefix}_cbc_encrypt,.-${prefix}_cbc_encrypt
-___
-}}}
-{{{
-my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4));
-my ($rounds,$cnt,$key_,$ctr,$tctr,$tctr1)=("w5","w6","x7","w8","w9","w10");
-my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7));
-
-my ($dat,$tmp)=($dat0,$tmp0);
-
-### q8-q15	preloaded key schedule
-
-$code.=<<___;
-.globl	${prefix}_ctr32_encrypt_blocks
-.type	${prefix}_ctr32_encrypt_blocks,%function
-.align	5
-${prefix}_ctr32_encrypt_blocks:
-___
-$code.=<<___	if ($flavour =~ /64/);
-	stp		x29,x30,[sp,#-16]!
-	add		x29,sp,#0
-___
-$code.=<<___	if ($flavour !~ /64/);
-	mov		ip,sp
-	stmdb		sp!,{r4-r10,lr}
-	vstmdb		sp!,{d8-d15}            @ ABI specification says so
-	ldr		r4, [ip]		@ load remaining arg
-___
-$code.=<<___;
-	ldr		$rounds,[$key,#240]
-
-	ldr		$ctr, [$ivp, #12]
-	vld1.32		{$dat0},[$ivp]
-
-	vld1.32		{q8-q9},[$key]		// load key schedule...
-	sub		$rounds,$rounds,#6
-	add		$key_,$key,x5,lsl#4	// pointer to last 7 round keys
-	sub		$rounds,$rounds,#2
-	vld1.32		{q10-q11},[$key_],#32
-	vld1.32		{q12-q13},[$key_],#32
-	vld1.32		{q14-q15},[$key_],#32
-	vld1.32		{$rndlast},[$key_]
-
-	add		$key_,$key,#32
-	mov		$cnt,$rounds
-
-	subs		$len,$len,#2
-	b.lo		.Lctr32_tail
-
-#ifndef __ARMEB__
-	rev		$ctr, $ctr
-#endif
-	vorr		$dat1,$dat0,$dat0
-	add		$ctr, $ctr, #1
-	vorr		$ivec,$dat0,$dat0
-	rev		$tctr1, $ctr
-	cmp		$rounds,#2
-	vmov.32		${dat1}[3],$tctr1
-	b.eq		.Lctr32_128
-
-.Loop2x_ctr32:
-	aese		$dat0,q8
-	aese		$dat1,q8
-	vld1.32		{q8},[$key_],#16
-	aesmc		$dat0,$dat0
-	aesmc		$dat1,$dat1
-	subs		$cnt,$cnt,#2
-	aese		$dat0,q9
-	aese		$dat1,q9
-	vld1.32		{q9},[$key_],#16
-	aesmc		$dat0,$dat0
-	aesmc		$dat1,$dat1
-	b.gt		.Loop2x_ctr32
-
-	aese		$dat0,q8
-	aese		$dat1,q8
-	aesmc		$tmp0,$dat0
-	 vorr		$dat0,$ivec,$ivec
-	aesmc		$tmp1,$dat1
-	 vorr		$dat1,$ivec,$ivec
-	aese		$tmp0,q9
-	aese		$tmp1,q9
-	 vld1.8		{$in0},[$inp],#16
-	aesmc		$tmp0,$tmp0
-	 vld1.8		{$in1},[$inp],#16
-	aesmc		$tmp1,$tmp1
-	 add		$ctr,$ctr,#1
-	aese		$tmp0,q10
-	aese		$tmp1,q10
-	 rev		$tctr,$ctr
-	aesmc		$tmp0,$tmp0
-	aesmc		$tmp1,$tmp1
-	 add		$ctr,$ctr,#1
-	aese		$tmp0,q11
-	aese		$tmp1,q11
-	 veor		$in0,$in0,$rndlast
-	 rev		$tctr1,$ctr
-	aesmc		$tmp0,$tmp0
-	aesmc		$tmp1,$tmp1
-	 veor		$in1,$in1,$rndlast
-	 mov		$key_,$key
-	aese		$tmp0,q12
-	aese		$tmp1,q12
-	 subs		$len,$len,#2
-	aesmc		$tmp0,$tmp0
-	aesmc		$tmp1,$tmp1
-	 vld1.32	 {q8-q9},[$key_],#32	// re-pre-load rndkey[0-1]
-	aese		$tmp0,q13
-	aese		$tmp1,q13
-	aesmc		$tmp0,$tmp0
-	aesmc		$tmp1,$tmp1
-	aese		$tmp0,q14
-	aese		$tmp1,q14
-	 vmov.32	${dat0}[3], $tctr
-	aesmc		$tmp0,$tmp0
-	 vmov.32	${dat1}[3], $tctr1
-	aesmc		$tmp1,$tmp1
-	aese		$tmp0,q15
-	aese		$tmp1,q15
-
-	 mov		$cnt,$rounds
-	veor		$in0,$in0,$tmp0
-	veor		$in1,$in1,$tmp1
-	vst1.8		{$in0},[$out],#16
-	vst1.8		{$in1},[$out],#16
-	b.hs		.Loop2x_ctr32
-
-	adds		$len,$len,#2
-	b.eq		.Lctr32_done
-	b		.Lctr32_tail
-
-.Lctr32_128:
-	vld1.32		{$tmp0-$tmp1},[$key_]
-
-.Loop2x_ctr32_128:
-	aese		$dat0,q8
-	aese		$dat1,q8
-	aesmc		$dat0,$dat0
-	 vld1.8		{$in0},[$inp],#16
-	aesmc		$dat1,$dat1
-	 vld1.8		{$in1},[$inp],#16
-	aese		$dat0,q9
-	aese		$dat1,q9
-	 add		$ctr,$ctr,#1
-	aesmc		$dat0,$dat0
-	aesmc		$dat1,$dat1
-	 rev		$tctr,$ctr
-	aese		$dat0,$tmp0
-	aese		$dat1,$tmp0
-	 add		$ctr,$ctr,#1
-	aesmc		$dat0,$dat0
-	aesmc		$dat1,$dat1
-	 rev		$tctr1,$ctr
-	aese		$dat0,$tmp1
-	aese		$dat1,$tmp1
-	 subs		$len,$len,#2
-	aesmc		$dat0,$dat0
-	aesmc		$dat1,$dat1
-	aese		$dat0,q10
-	aese		$dat1,q10
-	aesmc		$dat0,$dat0
-	aesmc		$dat1,$dat1
-	aese		$dat0,q11
-	aese		$dat1,q11
-	aesmc		$dat0,$dat0
-	aesmc		$dat1,$dat1
-	aese		$dat0,q12
-	aese		$dat1,q12
-	aesmc		$dat0,$dat0
-	aesmc		$dat1,$dat1
-	aese		$dat0,q13
-	aese		$dat1,q13
-	aesmc		$dat0,$dat0
-	aesmc		$dat1,$dat1
-	aese		$dat0,q14
-	aese		$dat1,q14
-	aesmc		$dat0,$dat0
-	aesmc		$dat1,$dat1
-	 veor		$in0,$in0,$rndlast
-	aese		$dat0,q15
-	 veor		$in1,$in1,$rndlast
-	aese		$dat1,q15
-
-	veor		$in0,$in0,$dat0
-	vorr		$dat0,$ivec,$ivec
-	veor		$in1,$in1,$dat1
-	vorr		$dat1,$ivec,$ivec
-	vst1.8		{$in0},[$out],#16
-	vmov.32		${dat0}[3], $tctr
-	vst1.8		{$in1},[$out],#16
-	vmov.32		${dat1}[3], $tctr1
-	b.hs		.Loop2x_ctr32_128
-
-	adds		$len,$len,#2
-	b.eq		.Lctr32_done
-
-.Lctr32_tail:
-	aese		$dat,q8
-	vld1.32		{q8},[$key_],#16
-	aesmc		$dat,$dat
-	subs		$cnt,$cnt,#2
-	aese		$dat,q9
-	vld1.32		{q9},[$key_],#16
-	aesmc		$dat,$dat
-	b.gt		.Lctr32_tail
-
-	aese		$dat,q8
-	aesmc		$dat,$dat
-	aese		$dat,q9
-	aesmc		$dat,$dat
-	 vld1.8		{$in0},[$inp]
-	aese		$dat,q10
-	aesmc		$dat,$dat
-	aese		$dat,q11
-	aesmc		$dat,$dat
-	aese		$dat,q12
-	aesmc		$dat,$dat
-	aese		$dat,q13
-	aesmc		$dat,$dat
-	aese		$dat,q14
-	aesmc		$dat,$dat
-	 veor		$in0,$in0,$rndlast
-	aese		$dat,q15
-
-	veor		$in0,$in0,$dat
-	vst1.8		{$in0},[$out]
-
-.Lctr32_done:
-___
-$code.=<<___	if ($flavour !~ /64/);
-	vldmia		sp!,{d8-d15}
-	ldmia		sp!,{r4-r10,pc}
-___
-$code.=<<___	if ($flavour =~ /64/);
-	ldr		x29,[sp],#16
-	ret
-___
-$code.=<<___;
-.size	${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks
-___
-}}}
-$code.=<<___;
-#endif
-___
-########################################
-if ($flavour =~ /64/) {			######## 64-bit code
-    my %opcode = (
-	"aesd"	=>	0x4e285800,	"aese"	=>	0x4e284800,
-	"aesimc"=>	0x4e287800,	"aesmc"	=>	0x4e286800	);
-
-    local *unaes = sub {
-	my ($mnemonic,$arg)=@_;
-
-	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o	&&
-	sprintf ".inst\t0x%08x\t//%s %s",
-			$opcode{$mnemonic}|$1|($2<<5),
-			$mnemonic,$arg;
-    };
-
-    foreach(split("\n",$code)) {
-        s/\`([^\`]*)\`/eval($1)/geo;
-
-	s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo;	# old->new registers
-        s/@\s/\/\//o;			# old->new style commentary
-
-	#s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo	or
-	s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel	$1$2,$1zr,$1$2,$3/o	or
-        s/vmov\.i8/movi/o	or	# fix up legacy mnemonics
-        s/vext\.8/ext/o		or
-        s/vrev32\.8/rev32/o	or
-        s/vtst\.8/cmtst/o	or
-        s/vshr/ushr/o		or
-        s/^(\s+)v/$1/o		or	# strip off v prefix
-	s/\bbx\s+lr\b/ret/o;
-
-	# fix up remainig legacy suffixes
-	s/\.[ui]?8//o;
-	m/\],#8/o and s/\.16b/\.8b/go;
-        s/\.[ui]?32//o and s/\.16b/\.4s/go;
-        s/\.[ui]?64//o and s/\.16b/\.2d/go;
-	s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
-
-        print $_,"\n";
-    }
-} else {				######## 32-bit code
-    my %opcode = (
-	"aesd"	=>	0xf3b00340,	"aese"	=>	0xf3b00300,
-	"aesimc"=>	0xf3b003c0,	"aesmc"	=>	0xf3b00380	);
-
-    local *unaes = sub {
-	my ($mnemonic,$arg)=@_;
-
-	if ($arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o) {
-	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
-					 |(($2&7)<<1) |(($2&8)<<2);
-	    # since ARMv7 instructions are always encoded little-endian.
-	    # correct solution is to use .inst directive, but older
-	    # assemblers don't implement it:-(
-	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
-			$word&0xff,($word>>8)&0xff,
-			($word>>16)&0xff,($word>>24)&0xff,
-			$mnemonic,$arg;
-	}
-    };
-
-    sub unvtbl {
-	my $arg=shift;
-
-	$arg =~ m/q([0-9]+),\s*\{q([0-9]+)\},\s*q([0-9]+)/o &&
-	sprintf	"vtbl.8	d%d,{q%d},d%d\n\t".
-		"vtbl.8	d%d,{q%d},d%d", 2*$1,$2,2*$3, 2*$1+1,$2,2*$3+1;	
-    }
-
-    sub unvdup32 {
-	my $arg=shift;
-
-	$arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o &&
-	sprintf	"vdup.32	q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1;	
-    }
-
-    sub unvmov32 {
-	my $arg=shift;
-
-	$arg =~ m/q([0-9]+)\[([0-3])\],(.*)/o &&
-	sprintf	"vmov.32	d%d[%d],%s",2*$1+($2>>1),$2&1,$3;	
-    }
-
-    foreach(split("\n",$code)) {
-        s/\`([^\`]*)\`/eval($1)/geo;
-
-	s/\b[wx]([0-9]+)\b/r$1/go;		# new->old registers
-	s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go;	# new->old registers
-        s/\/\/\s?/@ /o;				# new->old style commentary
-
-	# fix up remainig new-style suffixes
-	s/\{q([0-9]+)\},\s*\[(.+)\],#8/sprintf "{d%d},[$2]!",2*$1/eo	or
-	s/\],#[0-9]+/]!/o;
-
-	s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo	or
-	s/cclr\s+([^,]+),\s*([a-z]+)/mov$2	$1,#0/o	or
-	s/vtbl\.8\s+(.*)/unvtbl($1)/geo			or
-	s/vdup\.32\s+(.*)/unvdup32($1)/geo		or
-	s/vmov\.32\s+(.*)/unvmov32($1)/geo		or
-	s/^(\s+)b\./$1b/o				or
-	s/^(\s+)ret/$1bx\tlr/o;
-
-        print $_,"\n";
-    }
-}
-
-close STDOUT;
diff --git a/crypto/aes/asm/bsaes-armv7.S b/crypto/aes/asm/bsaes-armv7.S
deleted file mode 100644
index 64205d4532..0000000000
--- a/crypto/aes/asm/bsaes-armv7.S
+++ /dev/null
@@ -1,2544 +0,0 @@
-
-@ ====================================================================
-@ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-@ project. The module is, however, dual licensed under OpenSSL and
-@ CRYPTOGAMS licenses depending on where you obtain it. For further
-@ details see http://www.openssl.org/~appro/cryptogams/.
-@
-@ Specific modes and adaptation for Linux kernel by Ard Biesheuvel
-@ <ard.biesheuvel@linaro.org>. Permission to use under GPL terms is
-@ granted.
-@ ====================================================================
-
-@ Bit-sliced AES for ARM NEON
-@
-@ February 2012.
-@
-@ This implementation is direct adaptation of bsaes-x86_64 module for
-@ ARM NEON. Except that this module is endian-neutral [in sense that
-@ it can be compiled for either endianness] by courtesy of vld1.8's
-@ neutrality. Initial version doesn't implement interface to OpenSSL,
-@ only low-level primitives and unsupported entry points, just enough
-@ to collect performance results, which for Cortex-A8 core are:
-@
-@ encrypt	19.5 cycles per byte processed with 128-bit key
-@ decrypt	22.1 cycles per byte processed with 128-bit key
-@ key conv.	440  cycles per 128-bit key/0.18 of 8x block
-@
-@ Snapdragon S4 encrypts byte in 17.6 cycles and decrypts in 19.7,
-@ which is [much] worse than anticipated (for further details see
-@ http://www.openssl.org/~appro/Snapdragon-S4.html).
-@
-@ Cortex-A15 manages in 14.2/16.1 cycles [when integer-only code
-@ manages in 20.0 cycles].
-@
-@ When comparing to x86_64 results keep in mind that NEON unit is
-@ [mostly] single-issue and thus can't [fully] benefit from
-@ instruction-level parallelism. And when comparing to aes-armv4
-@ results keep in mind key schedule conversion overhead (see
-@ bsaes-x86_64.pl for further details)...
-@
-@						<appro@openssl.org>
-
-@ April-August 2013
-@
-@ Add CBC, CTR and XTS subroutines, adapt for kernel use.
-@
-@					<ard.biesheuvel@linaro.org>
-
-#ifndef __KERNEL__
-# include "arm_arch.h"
-
-# define VFP_ABI_PUSH	vstmdb	sp!,{d8-d15}
-# define VFP_ABI_POP	vldmia	sp!,{d8-d15}
-# define VFP_ABI_FRAME	0x40
-#else
-# define VFP_ABI_PUSH
-# define VFP_ABI_POP
-# define VFP_ABI_FRAME	0
-# define BSAES_ASM_EXTENDED_KEY
-# define XTS_CHAIN_TWEAK
-# define __ARM_ARCH__ __LINUX_ARM_ARCH__
-#endif
-
-#ifdef __thumb__
-# define adrl adr
-#endif
-
-#if __ARM_ARCH__>=7
-.text
-.syntax	unified 	@ ARMv7-capable assembler is expected to handle this
-#ifdef __thumb2__
-.thumb
-#else
-.code   32
-#endif
-
-.fpu	neon
-
-.type	_bsaes_decrypt8,%function
-.align	4
-_bsaes_decrypt8:
-	adr	r6,_bsaes_decrypt8
-	vldmia	r4!, {q9}		@ round 0 key
-	add	r6,r6,#.LM0ISR-_bsaes_decrypt8
-
-	vldmia	r6!, {q8}		@ .LM0ISR
-	veor	q10, q0, q9	@ xor with round0 key
-	veor	q11, q1, q9
-	 vtbl.8	d0, {q10}, d16
-	 vtbl.8	d1, {q10}, d17
-	veor	q12, q2, q9
-	 vtbl.8	d2, {q11}, d16
-	 vtbl.8	d3, {q11}, d17
-	veor	q13, q3, q9
-	 vtbl.8	d4, {q12}, d16
-	 vtbl.8	d5, {q12}, d17
-	veor	q14, q4, q9
-	 vtbl.8	d6, {q13}, d16
-	 vtbl.8	d7, {q13}, d17
-	veor	q15, q5, q9
-	 vtbl.8	d8, {q14}, d16
-	 vtbl.8	d9, {q14}, d17
-	veor	q10, q6, q9
-	 vtbl.8	d10, {q15}, d16
-	 vtbl.8	d11, {q15}, d17
-	veor	q11, q7, q9
-	 vtbl.8	d12, {q10}, d16
-	 vtbl.8	d13, {q10}, d17
-	 vtbl.8	d14, {q11}, d16
-	 vtbl.8	d15, {q11}, d17
-	vmov.i8	q8,#0x55			@ compose .LBS0
-	vmov.i8	q9,#0x33			@ compose .LBS1
-	vshr.u64	q10, q6, #1
-	 vshr.u64	q11, q4, #1
-	veor		q10, q10, q7
-	 veor		q11, q11, q5
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q7, q7, q10
-	vshl.u64	q10, q10, #1
-	 veor		q5, q5, q11
-	 vshl.u64	q11, q11, #1
-	veor		q6, q6, q10
-	 veor		q4, q4, q11
-	vshr.u64	q10, q2, #1
-	 vshr.u64	q11, q0, #1
-	veor		q10, q10, q3
-	 veor		q11, q11, q1
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q3, q3, q10
-	vshl.u64	q10, q10, #1
-	 veor		q1, q1, q11
-	 vshl.u64	q11, q11, #1
-	veor		q2, q2, q10
-	 veor		q0, q0, q11
-	vmov.i8	q8,#0x0f			@ compose .LBS2
-	vshr.u64	q10, q5, #2
-	 vshr.u64	q11, q4, #2
-	veor		q10, q10, q7
-	 veor		q11, q11, q6
-	vand		q10, q10, q9
-	 vand		q11, q11, q9
-	veor		q7, q7, q10
-	vshl.u64	q10, q10, #2
-	 veor		q6, q6, q11
-	 vshl.u64	q11, q11, #2
-	veor		q5, q5, q10
-	 veor		q4, q4, q11
-	vshr.u64	q10, q1, #2
-	 vshr.u64	q11, q0, #2
-	veor		q10, q10, q3
-	 veor		q11, q11, q2
-	vand		q10, q10, q9
-	 vand		q11, q11, q9
-	veor		q3, q3, q10
-	vshl.u64	q10, q10, #2
-	 veor		q2, q2, q11
-	 vshl.u64	q11, q11, #2
-	veor		q1, q1, q10
-	 veor		q0, q0, q11
-	vshr.u64	q10, q3, #4
-	 vshr.u64	q11, q2, #4
-	veor		q10, q10, q7
-	 veor		q11, q11, q6
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q7, q7, q10
-	vshl.u64	q10, q10, #4
-	 veor		q6, q6, q11
-	 vshl.u64	q11, q11, #4
-	veor		q3, q3, q10
-	 veor		q2, q2, q11
-	vshr.u64	q10, q1, #4
-	 vshr.u64	q11, q0, #4
-	veor		q10, q10, q5
-	 veor		q11, q11, q4
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q5, q5, q10
-	vshl.u64	q10, q10, #4
-	 veor		q4, q4, q11
-	 vshl.u64	q11, q11, #4
-	veor		q1, q1, q10
-	 veor		q0, q0, q11
-	sub	r5,r5,#1
-	b	.Ldec_sbox
-.align	4
-.Ldec_loop:
-	vldmia	r4!, {q8-q11}
-	veor	q8, q8, q0
-	veor	q9, q9, q1
-	vtbl.8	d0, {q8}, d24
-	vtbl.8	d1, {q8}, d25
-	vldmia	r4!, {q8}
-	veor	q10, q10, q2
-	vtbl.8	d2, {q9}, d24
-	vtbl.8	d3, {q9}, d25
-	vldmia	r4!, {q9}
-	veor	q11, q11, q3
-	vtbl.8	d4, {q10}, d24
-	vtbl.8	d5, {q10}, d25
-	vldmia	r4!, {q10}
-	vtbl.8	d6, {q11}, d24
-	vtbl.8	d7, {q11}, d25
-	vldmia	r4!, {q11}
-	veor	q8, q8, q4
-	veor	q9, q9, q5
-	vtbl.8	d8, {q8}, d24
-	vtbl.8	d9, {q8}, d25
-	veor	q10, q10, q6
-	vtbl.8	d10, {q9}, d24
-	vtbl.8	d11, {q9}, d25
-	veor	q11, q11, q7
-	vtbl.8	d12, {q10}, d24
-	vtbl.8	d13, {q10}, d25
-	vtbl.8	d14, {q11}, d24
-	vtbl.8	d15, {q11}, d25
-.Ldec_sbox:
-	 veor	q1, q1, q4
-	veor	q3, q3, q4
-
-	veor	q4, q4, q7
-	 veor	q1, q1, q6
-	veor	q2, q2, q7
-	veor	q6, q6, q4
-
-	veor	q0, q0, q1
-	veor	q2, q2, q5
-	 veor	q7, q7, q6
-	veor	q3, q3, q0
-	veor	q5, q5, q0
-	veor	q1, q1, q3
-	veor	q11, q3, q0
-	veor	q10, q7, q4
-	veor	q9, q1, q6
-	veor	q13, q4, q0
-	 vmov	q8, q10
-	veor	q12, q5, q2
-
-	vorr	q10, q10, q9
-	veor	q15, q11, q8
-	vand	q14, q11, q12
-	vorr	q11, q11, q12
-	veor	q12, q12, q9
-	vand	q8, q8, q9
-	veor	q9, q6, q2
-	vand	q15, q15, q12
-	vand	q13, q13, q9
-	veor	q9, q3, q7
-	veor	q12, q1, q5
-	veor	q11, q11, q13
-	veor	q10, q10, q13
-	vand	q13, q9, q12
-	vorr	q9, q9, q12
-	veor	q11, q11, q15
-	veor	q8, q8, q13
-	veor	q10, q10, q14
-	veor	q9, q9, q15
-	veor	q8, q8, q14
-	vand	q12, q4, q6
-	veor	q9, q9, q14
-	vand	q13, q0, q2
-	vand	q14, q7, q1
-	vorr	q15, q3, q5
-	veor	q11, q11, q12
-	veor	q9, q9, q14
-	veor	q8, q8, q15
-	veor	q10, q10, q13
-
-	@ Inv_GF16 	0, 	1, 	2, 	3, s0, s1, s2, s3
-
-	@ new smaller inversion
-
-	vand	q14, q11, q9
-	vmov	q12, q8
-
-	veor	q13, q10, q14
-	veor	q15, q8, q14
-	veor	q14, q8, q14	@ q14=q15
-
-	vbsl	q13, q9, q8
-	vbsl	q15, q11, q10
-	veor	q11, q11, q10
-
-	vbsl	q12, q13, q14
-	vbsl	q8, q14, q13
-
-	vand	q14, q12, q15
-	veor	q9, q9, q8
-
-	veor	q14, q14, q11
-	veor	q12, q5, q2
-	veor	q8, q1, q6
-	veor 	q10, q15, q14
-	vand	q10, q10, q5
-	veor	q5, q5, q1
-	vand	q11, q1, q15
-	vand	q5, q5, q14
-	veor	q1, q11, q10
-	veor	q5, q5, q11
-	veor	q15, q15, q13
-	veor	q14, q14, q9
-	veor	q11, q15, q14
-	 veor 	q10, q13, q9
-	vand	q11, q11, q12
-	 vand	q10, q10, q2
-	veor	q12, q12, q8
-	 veor	q2, q2, q6
-	vand	q8, q8, q15
-	 vand	q6, q6, q13
-	vand	q12, q12, q14
-	 vand	q2, q2, q9
-	veor	q8, q8, q12
-	 veor	q2, q2, q6
-	veor	q12, q12, q11
-	 veor	q6, q6, q10
-	veor	q5, q5, q12
-	veor	q2, q2, q12
-	veor	q1, q1, q8
-	veor	q6, q6, q8
-
-	veor	q12, q3, q0
-	veor	q8, q7, q4
-	veor	q11, q15, q14
-	 veor 	q10, q13, q9
-	vand	q11, q11, q12
-	 vand	q10, q10, q0
-	veor	q12, q12, q8
-	 veor	q0, q0, q4
-	vand	q8, q8, q15
-	 vand	q4, q4, q13
-	vand	q12, q12, q14
-	 vand	q0, q0, q9
-	veor	q8, q8, q12
-	 veor	q0, q0, q4
-	veor	q12, q12, q11
-	 veor	q4, q4, q10
-	veor	q15, q15, q13
-	veor	q14, q14, q9
-	veor 	q10, q15, q14
-	vand	q10, q10, q3
-	veor	q3, q3, q7
-	vand	q11, q7, q15
-	vand	q3, q3, q14
-	veor	q7, q11, q10
-	veor	q3, q3, q11
-	veor	q3, q3, q12
-	veor	q0, q0, q12
-	veor	q7, q7, q8
-	veor	q4, q4, q8
-	veor	q1, q1, q7
-	veor	q6, q6, q5
-
-	veor	q4, q4, q1
-	veor	q2, q2, q7
-	veor	q5, q5, q7
-	veor	q4, q4, q2
-	 veor 	q7, q7, q0
-	veor	q4, q4, q5
-	 veor	q3, q3, q6
-	 veor	q6, q6, q1
-	veor	q3, q3, q4
-
-	veor	q4, q4, q0
-	veor	q7, q7, q3
-	subs	r5,r5,#1
-	bcc	.Ldec_done
-	@ multiplication by 0x05-0x00-0x04-0x00
-	vext.8	q8, q0, q0, #8
-	vext.8	q14, q3, q3, #8
-	vext.8	q15, q5, q5, #8
-	veor	q8, q8, q0
-	vext.8	q9, q1, q1, #8
-	veor	q14, q14, q3
-	vext.8	q10, q6, q6, #8
-	veor	q15, q15, q5
-	vext.8	q11, q4, q4, #8
-	veor	q9, q9, q1
-	vext.8	q12, q2, q2, #8
-	veor	q10, q10, q6
-	vext.8	q13, q7, q7, #8
-	veor	q11, q11, q4
-	veor	q12, q12, q2
-	veor	q13, q13, q7
-
-	 veor	q0, q0, q14
-	 veor	q1, q1, q14
-	 veor	q6, q6, q8
-	 veor	q2, q2, q10
-	 veor	q4, q4, q9
-	 veor	q1, q1, q15
-	 veor	q6, q6, q15
-	 veor	q2, q2, q14
-	 veor	q7, q7, q11
-	 veor	q4, q4, q14
-	 veor	q3, q3, q12
-	 veor	q2, q2, q15
-	 veor	q7, q7, q15
-	 veor	q5, q5, q13
-	vext.8	q8, q0, q0, #12	@ x0 <<< 32
-	vext.8	q9, q1, q1, #12
-	 veor	q0, q0, q8		@ x0 ^ (x0 <<< 32)
-	vext.8	q10, q6, q6, #12
-	 veor	q1, q1, q9
-	vext.8	q11, q4, q4, #12
-	 veor	q6, q6, q10
-	vext.8	q12, q2, q2, #12
-	 veor	q4, q4, q11
-	vext.8	q13, q7, q7, #12
-	 veor	q2, q2, q12
-	vext.8	q14, q3, q3, #12
-	 veor	q7, q7, q13
-	vext.8	q15, q5, q5, #12
-	 veor	q3, q3, q14
-
-	veor	q9, q9, q0
-	 veor	q5, q5, q15
-	 vext.8	q0, q0, q0, #8		@ (x0 ^ (x0 <<< 32)) <<< 64)
-	veor	q10, q10, q1
-	veor	q8, q8, q5
-	veor	q9, q9, q5
-	 vext.8	q1, q1, q1, #8
-	veor	q13, q13, q2
-	 veor	q0, q0, q8
-	veor	q14, q14, q7
-	 veor	q1, q1, q9
-	 vext.8	q8, q2, q2, #8
-	veor	q12, q12, q4
-	 vext.8	q9, q7, q7, #8
-	veor	q15, q15, q3
-	 vext.8	q2, q4, q4, #8
-	veor	q11, q11, q6
-	 vext.8	q7, q5, q5, #8
-	veor	q12, q12, q5
-	 vext.8	q4, q3, q3, #8
-	veor	q11, q11, q5
-	 vext.8	q3, q6, q6, #8
-	veor	q5, q9, q13
-	veor	q11, q11, q2
-	veor	q7, q7, q15
-	veor	q6, q4, q14
-	veor	q4, q8, q12
-	veor	q2, q3, q10
-	vmov	q3, q11
-	 @ vmov	q5, q9
-	vldmia	r6, {q12}		@ .LISR
-	ite	eq				@ Thumb2 thing, sanity check in ARM
-	addeq	r6,r6,#0x10
-	bne	.Ldec_loop
-	vldmia	r6, {q12}		@ .LISRM0
-	b	.Ldec_loop
-.align	4
-.Ldec_done:
-	vmov.i8	q8,#0x55			@ compose .LBS0
-	vmov.i8	q9,#0x33			@ compose .LBS1
-	vshr.u64	q10, q3, #1
-	 vshr.u64	q11, q2, #1
-	veor		q10, q10, q5
-	 veor		q11, q11, q7
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q5, q5, q10
-	vshl.u64	q10, q10, #1
-	 veor		q7, q7, q11
-	 vshl.u64	q11, q11, #1
-	veor		q3, q3, q10
-	 veor		q2, q2, q11
-	vshr.u64	q10, q6, #1
-	 vshr.u64	q11, q0, #1
-	veor		q10, q10, q4
-	 veor		q11, q11, q1
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q4, q4, q10
-	vshl.u64	q10, q10, #1
-	 veor		q1, q1, q11
-	 vshl.u64	q11, q11, #1
-	veor		q6, q6, q10
-	 veor		q0, q0, q11
-	vmov.i8	q8,#0x0f			@ compose .LBS2
-	vshr.u64	q10, q7, #2
-	 vshr.u64	q11, q2, #2
-	veor		q10, q10, q5
-	 veor		q11, q11, q3
-	vand		q10, q10, q9
-	 vand		q11, q11, q9
-	veor		q5, q5, q10
-	vshl.u64	q10, q10, #2
-	 veor		q3, q3, q11
-	 vshl.u64	q11, q11, #2
-	veor		q7, q7, q10
-	 veor		q2, q2, q11
-	vshr.u64	q10, q1, #2
-	 vshr.u64	q11, q0, #2
-	veor		q10, q10, q4
-	 veor		q11, q11, q6
-	vand		q10, q10, q9
-	 vand		q11, q11, q9
-	veor		q4, q4, q10
-	vshl.u64	q10, q10, #2
-	 veor		q6, q6, q11
-	 vshl.u64	q11, q11, #2
-	veor		q1, q1, q10
-	 veor		q0, q0, q11
-	vshr.u64	q10, q4, #4
-	 vshr.u64	q11, q6, #4
-	veor		q10, q10, q5
-	 veor		q11, q11, q3
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q5, q5, q10
-	vshl.u64	q10, q10, #4
-	 veor		q3, q3, q11
-	 vshl.u64	q11, q11, #4
-	veor		q4, q4, q10
-	 veor		q6, q6, q11
-	vshr.u64	q10, q1, #4
-	 vshr.u64	q11, q0, #4
-	veor		q10, q10, q7
-	 veor		q11, q11, q2
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q7, q7, q10
-	vshl.u64	q10, q10, #4
-	 veor		q2, q2, q11
-	 vshl.u64	q11, q11, #4
-	veor		q1, q1, q10
-	 veor		q0, q0, q11
-	vldmia	r4, {q8}			@ last round key
-	veor	q6, q6, q8
-	veor	q4, q4, q8
-	veor	q2, q2, q8
-	veor	q7, q7, q8
-	veor	q3, q3, q8
-	veor	q5, q5, q8
-	veor	q0, q0, q8
-	veor	q1, q1, q8
-	bx	lr
-.size	_bsaes_decrypt8,.-_bsaes_decrypt8
-
-.type	_bsaes_const,%object
-.align	6
-_bsaes_const:
-.LM0ISR:	@ InvShiftRows constants
-	.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
-.LISR:
-	.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
-.LISRM0:
-	.quad	0x01040b0e0205080f, 0x0306090c00070a0d
-.LM0SR:		@ ShiftRows constants
-	.quad	0x0a0e02060f03070b, 0x0004080c05090d01
-.LSR:
-	.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
-.LSRM0:
-	.quad	0x0304090e00050a0f, 0x01060b0c0207080d
-.LM0:
-	.quad	0x02060a0e03070b0f, 0x0004080c0105090d
-.LREVM0SR:
-	.quad	0x090d01050c000408, 0x03070b0f060a0e02
-.asciz	"Bit-sliced AES for NEON, CRYPTOGAMS by <appro@openssl.org>"
-.align	6
-.size	_bsaes_const,.-_bsaes_const
-
-.type	_bsaes_encrypt8,%function
-.align	4
-_bsaes_encrypt8:
-	adr	r6,_bsaes_encrypt8
-	vldmia	r4!, {q9}		@ round 0 key
-	sub	r6,r6,#_bsaes_encrypt8-.LM0SR
-
-	vldmia	r6!, {q8}		@ .LM0SR
-_bsaes_encrypt8_alt:
-	veor	q10, q0, q9	@ xor with round0 key
-	veor	q11, q1, q9
-	 vtbl.8	d0, {q10}, d16
-	 vtbl.8	d1, {q10}, d17
-	veor	q12, q2, q9
-	 vtbl.8	d2, {q11}, d16
-	 vtbl.8	d3, {q11}, d17
-	veor	q13, q3, q9
-	 vtbl.8	d4, {q12}, d16
-	 vtbl.8	d5, {q12}, d17
-	veor	q14, q4, q9
-	 vtbl.8	d6, {q13}, d16
-	 vtbl.8	d7, {q13}, d17
-	veor	q15, q5, q9
-	 vtbl.8	d8, {q14}, d16
-	 vtbl.8	d9, {q14}, d17
-	veor	q10, q6, q9
-	 vtbl.8	d10, {q15}, d16
-	 vtbl.8	d11, {q15}, d17
-	veor	q11, q7, q9
-	 vtbl.8	d12, {q10}, d16
-	 vtbl.8	d13, {q10}, d17
-	 vtbl.8	d14, {q11}, d16
-	 vtbl.8	d15, {q11}, d17
-_bsaes_encrypt8_bitslice:
-	vmov.i8	q8,#0x55			@ compose .LBS0
-	vmov.i8	q9,#0x33			@ compose .LBS1
-	vshr.u64	q10, q6, #1
-	 vshr.u64	q11, q4, #1
-	veor		q10, q10, q7
-	 veor		q11, q11, q5
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q7, q7, q10
-	vshl.u64	q10, q10, #1
-	 veor		q5, q5, q11
-	 vshl.u64	q11, q11, #1
-	veor		q6, q6, q10
-	 veor		q4, q4, q11
-	vshr.u64	q10, q2, #1
-	 vshr.u64	q11, q0, #1
-	veor		q10, q10, q3
-	 veor		q11, q11, q1
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q3, q3, q10
-	vshl.u64	q10, q10, #1
-	 veor		q1, q1, q11
-	 vshl.u64	q11, q11, #1
-	veor		q2, q2, q10
-	 veor		q0, q0, q11
-	vmov.i8	q8,#0x0f			@ compose .LBS2
-	vshr.u64	q10, q5, #2
-	 vshr.u64	q11, q4, #2
-	veor		q10, q10, q7
-	 veor		q11, q11, q6
-	vand		q10, q10, q9
-	 vand		q11, q11, q9
-	veor		q7, q7, q10
-	vshl.u64	q10, q10, #2
-	 veor		q6, q6, q11
-	 vshl.u64	q11, q11, #2
-	veor		q5, q5, q10
-	 veor		q4, q4, q11
-	vshr.u64	q10, q1, #2
-	 vshr.u64	q11, q0, #2
-	veor		q10, q10, q3
-	 veor		q11, q11, q2
-	vand		q10, q10, q9
-	 vand		q11, q11, q9
-	veor		q3, q3, q10
-	vshl.u64	q10, q10, #2
-	 veor		q2, q2, q11
-	 vshl.u64	q11, q11, #2
-	veor		q1, q1, q10
-	 veor		q0, q0, q11
-	vshr.u64	q10, q3, #4
-	 vshr.u64	q11, q2, #4
-	veor		q10, q10, q7
-	 veor		q11, q11, q6
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q7, q7, q10
-	vshl.u64	q10, q10, #4
-	 veor		q6, q6, q11
-	 vshl.u64	q11, q11, #4
-	veor		q3, q3, q10
-	 veor		q2, q2, q11
-	vshr.u64	q10, q1, #4
-	 vshr.u64	q11, q0, #4
-	veor		q10, q10, q5
-	 veor		q11, q11, q4
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q5, q5, q10
-	vshl.u64	q10, q10, #4
-	 veor		q4, q4, q11
-	 vshl.u64	q11, q11, #4
-	veor		q1, q1, q10
-	 veor		q0, q0, q11
-	sub	r5,r5,#1
-	b	.Lenc_sbox
-.align	4
-.Lenc_loop:
-	vldmia	r4!, {q8-q11}
-	veor	q8, q8, q0
-	veor	q9, q9, q1
-	vtbl.8	d0, {q8}, d24
-	vtbl.8	d1, {q8}, d25
-	vldmia	r4!, {q8}
-	veor	q10, q10, q2
-	vtbl.8	d2, {q9}, d24
-	vtbl.8	d3, {q9}, d25
-	vldmia	r4!, {q9}
-	veor	q11, q11, q3
-	vtbl.8	d4, {q10}, d24
-	vtbl.8	d5, {q10}, d25
-	vldmia	r4!, {q10}
-	vtbl.8	d6, {q11}, d24
-	vtbl.8	d7, {q11}, d25
-	vldmia	r4!, {q11}
-	veor	q8, q8, q4
-	veor	q9, q9, q5
-	vtbl.8	d8, {q8}, d24
-	vtbl.8	d9, {q8}, d25
-	veor	q10, q10, q6
-	vtbl.8	d10, {q9}, d24
-	vtbl.8	d11, {q9}, d25
-	veor	q11, q11, q7
-	vtbl.8	d12, {q10}, d24
-	vtbl.8	d13, {q10}, d25
-	vtbl.8	d14, {q11}, d24
-	vtbl.8	d15, {q11}, d25
-.Lenc_sbox:
-	veor	q2, q2, q1
-	veor	q5, q5, q6
-	veor	q3, q3, q0
-	veor	q6, q6, q2
-	veor	q5, q5, q0
-
-	veor	q6, q6, q3
-	veor	q3, q3, q7
-	veor	q7, q7, q5
-	veor	q3, q3, q4
-	veor	q4, q4, q5
-
-	veor	q2, q2, q7
-	veor	q3, q3, q1
-	veor	q1, q1, q5
-	veor	q11, q7, q4
-	veor	q10, q1, q2
-	veor	q9, q5, q3
-	veor	q13, q2, q4
-	 vmov	q8, q10
-	veor	q12, q6, q0
-
-	vorr	q10, q10, q9
-	veor	q15, q11, q8
-	vand	q14, q11, q12
-	vorr	q11, q11, q12
-	veor	q12, q12, q9
-	vand	q8, q8, q9
-	veor	q9, q3, q0
-	vand	q15, q15, q12
-	vand	q13, q13, q9
-	veor	q9, q7, q1
-	veor	q12, q5, q6
-	veor	q11, q11, q13
-	veor	q10, q10, q13
-	vand	q13, q9, q12
-	vorr	q9, q9, q12
-	veor	q11, q11, q15
-	veor	q8, q8, q13
-	veor	q10, q10, q14
-	veor	q9, q9, q15
-	veor	q8, q8, q14
-	vand	q12, q2, q3
-	veor	q9, q9, q14
-	vand	q13, q4, q0
-	vand	q14, q1, q5
-	vorr	q15, q7, q6
-	veor	q11, q11, q12
-	veor	q9, q9, q14
-	veor	q8, q8, q15
-	veor	q10, q10, q13
-
-	@ Inv_GF16 	0, 	1, 	2, 	3, s0, s1, s2, s3
-
-	@ new smaller inversion
-
-	vand	q14, q11, q9
-	vmov	q12, q8
-
-	veor	q13, q10, q14
-	veor	q15, q8, q14
-	veor	q14, q8, q14	@ q14=q15
-
-	vbsl	q13, q9, q8
-	vbsl	q15, q11, q10
-	veor	q11, q11, q10
-
-	vbsl	q12, q13, q14
-	vbsl	q8, q14, q13
-
-	vand	q14, q12, q15
-	veor	q9, q9, q8
-
-	veor	q14, q14, q11
-	veor	q12, q6, q0
-	veor	q8, q5, q3
-	veor 	q10, q15, q14
-	vand	q10, q10, q6
-	veor	q6, q6, q5
-	vand	q11, q5, q15
-	vand	q6, q6, q14
-	veor	q5, q11, q10
-	veor	q6, q6, q11
-	veor	q15, q15, q13
-	veor	q14, q14, q9
-	veor	q11, q15, q14
-	 veor 	q10, q13, q9
-	vand	q11, q11, q12
-	 vand	q10, q10, q0
-	veor	q12, q12, q8
-	 veor	q0, q0, q3
-	vand	q8, q8, q15
-	 vand	q3, q3, q13
-	vand	q12, q12, q14
-	 vand	q0, q0, q9
-	veor	q8, q8, q12
-	 veor	q0, q0, q3
-	veor	q12, q12, q11
-	 veor	q3, q3, q10
-	veor	q6, q6, q12
-	veor	q0, q0, q12
-	veor	q5, q5, q8
-	veor	q3, q3, q8
-
-	veor	q12, q7, q4
-	veor	q8, q1, q2
-	veor	q11, q15, q14
-	 veor 	q10, q13, q9
-	vand	q11, q11, q12
-	 vand	q10, q10, q4
-	veor	q12, q12, q8
-	 veor	q4, q4, q2
-	vand	q8, q8, q15
-	 vand	q2, q2, q13
-	vand	q12, q12, q14
-	 vand	q4, q4, q9
-	veor	q8, q8, q12
-	 veor	q4, q4, q2
-	veor	q12, q12, q11
-	 veor	q2, q2, q10
-	veor	q15, q15, q13
-	veor	q14, q14, q9
-	veor 	q10, q15, q14
-	vand	q10, q10, q7
-	veor	q7, q7, q1
-	vand	q11, q1, q15
-	vand	q7, q7, q14
-	veor	q1, q11, q10
-	veor	q7, q7, q11
-	veor	q7, q7, q12
-	veor	q4, q4, q12
-	veor	q1, q1, q8
-	veor	q2, q2, q8
-	veor	q7, q7, q0
-	veor	q1, q1, q6
-	veor	q6, q6, q0
-	veor	q4, q4, q7
-	veor	q0, q0, q1
-
-	veor	q1, q1, q5
-	veor	q5, q5, q2
-	veor	q2, q2, q3
-	veor	q3, q3, q5
-	veor	q4, q4, q5
-
-	veor	q6, q6, q3
-	subs	r5,r5,#1
-	bcc	.Lenc_done
-	vext.8	q8, q0, q0, #12	@ x0 <<< 32
-	vext.8	q9, q1, q1, #12
-	 veor	q0, q0, q8		@ x0 ^ (x0 <<< 32)
-	vext.8	q10, q4, q4, #12
-	 veor	q1, q1, q9
-	vext.8	q11, q6, q6, #12
-	 veor	q4, q4, q10
-	vext.8	q12, q3, q3, #12
-	 veor	q6, q6, q11
-	vext.8	q13, q7, q7, #12
-	 veor	q3, q3, q12
-	vext.8	q14, q2, q2, #12
-	 veor	q7, q7, q13
-	vext.8	q15, q5, q5, #12
-	 veor	q2, q2, q14
-
-	veor	q9, q9, q0
-	 veor	q5, q5, q15
-	 vext.8	q0, q0, q0, #8		@ (x0 ^ (x0 <<< 32)) <<< 64)
-	veor	q10, q10, q1
-	veor	q8, q8, q5
-	veor	q9, q9, q5
-	 vext.8	q1, q1, q1, #8
-	veor	q13, q13, q3
-	 veor	q0, q0, q8
-	veor	q14, q14, q7
-	 veor	q1, q1, q9
-	 vext.8	q8, q3, q3, #8
-	veor	q12, q12, q6
-	 vext.8	q9, q7, q7, #8
-	veor	q15, q15, q2
-	 vext.8	q3, q6, q6, #8
-	veor	q11, q11, q4
-	 vext.8	q7, q5, q5, #8
-	veor	q12, q12, q5
-	 vext.8	q6, q2, q2, #8
-	veor	q11, q11, q5
-	 vext.8	q2, q4, q4, #8
-	veor	q5, q9, q13
-	veor	q4, q8, q12
-	veor	q3, q3, q11
-	veor	q7, q7, q15
-	veor	q6, q6, q14
-	 @ vmov	q4, q8
-	veor	q2, q2, q10
-	 @ vmov	q5, q9
-	vldmia	r6, {q12}		@ .LSR
-	ite	eq				@ Thumb2 thing, samity check in ARM
-	addeq	r6,r6,#0x10
-	bne	.Lenc_loop
-	vldmia	r6, {q12}		@ .LSRM0
-	b	.Lenc_loop
-.align	4
-.Lenc_done:
-	vmov.i8	q8,#0x55			@ compose .LBS0
-	vmov.i8	q9,#0x33			@ compose .LBS1
-	vshr.u64	q10, q2, #1
-	 vshr.u64	q11, q3, #1
-	veor		q10, q10, q5
-	 veor		q11, q11, q7
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q5, q5, q10
-	vshl.u64	q10, q10, #1
-	 veor		q7, q7, q11
-	 vshl.u64	q11, q11, #1
-	veor		q2, q2, q10
-	 veor		q3, q3, q11
-	vshr.u64	q10, q4, #1
-	 vshr.u64	q11, q0, #1
-	veor		q10, q10, q6
-	 veor		q11, q11, q1
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q6, q6, q10
-	vshl.u64	q10, q10, #1
-	 veor		q1, q1, q11
-	 vshl.u64	q11, q11, #1
-	veor		q4, q4, q10
-	 veor		q0, q0, q11
-	vmov.i8	q8,#0x0f			@ compose .LBS2
-	vshr.u64	q10, q7, #2
-	 vshr.u64	q11, q3, #2
-	veor		q10, q10, q5
-	 veor		q11, q11, q2
-	vand		q10, q10, q9
-	 vand		q11, q11, q9
-	veor		q5, q5, q10
-	vshl.u64	q10, q10, #2
-	 veor		q2, q2, q11
-	 vshl.u64	q11, q11, #2
-	veor		q7, q7, q10
-	 veor		q3, q3, q11
-	vshr.u64	q10, q1, #2
-	 vshr.u64	q11, q0, #2
-	veor		q10, q10, q6
-	 veor		q11, q11, q4
-	vand		q10, q10, q9
-	 vand		q11, q11, q9
-	veor		q6, q6, q10
-	vshl.u64	q10, q10, #2
-	 veor		q4, q4, q11
-	 vshl.u64	q11, q11, #2
-	veor		q1, q1, q10
-	 veor		q0, q0, q11
-	vshr.u64	q10, q6, #4
-	 vshr.u64	q11, q4, #4
-	veor		q10, q10, q5
-	 veor		q11, q11, q2
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q5, q5, q10
-	vshl.u64	q10, q10, #4
-	 veor		q2, q2, q11
-	 vshl.u64	q11, q11, #4
-	veor		q6, q6, q10
-	 veor		q4, q4, q11
-	vshr.u64	q10, q1, #4
-	 vshr.u64	q11, q0, #4
-	veor		q10, q10, q7
-	 veor		q11, q11, q3
-	vand		q10, q10, q8
-	 vand		q11, q11, q8
-	veor		q7, q7, q10
-	vshl.u64	q10, q10, #4
-	 veor		q3, q3, q11
-	 vshl.u64	q11, q11, #4
-	veor		q1, q1, q10
-	 veor		q0, q0, q11
-	vldmia	r4, {q8}			@ last round key
-	veor	q4, q4, q8
-	veor	q6, q6, q8
-	veor	q3, q3, q8
-	veor	q7, q7, q8
-	veor	q2, q2, q8
-	veor	q5, q5, q8
-	veor	q0, q0, q8
-	veor	q1, q1, q8
-	bx	lr
-.size	_bsaes_encrypt8,.-_bsaes_encrypt8
-.type	_bsaes_key_convert,%function
-.align	4
-_bsaes_key_convert:
-	adr	r6,_bsaes_key_convert
-	vld1.8	{q7},  [r4]!		@ load round 0 key
-	sub	r6,r6,#_bsaes_key_convert-.LM0
-	vld1.8	{q15}, [r4]!		@ load round 1 key
-
-	vmov.i8	q8,  #0x01			@ bit masks
-	vmov.i8	q9,  #0x02
-	vmov.i8	q10, #0x04
-	vmov.i8	q11, #0x08
-	vmov.i8	q12, #0x10
-	vmov.i8	q13, #0x20
-	vldmia	r6, {q14}		@ .LM0
-
-#ifdef __ARMEL__
-	vrev32.8	q7,  q7
-	vrev32.8	q15, q15
-#endif
-	sub	r5,r5,#1
-	vstmia	r12!, {q7}		@ save round 0 key
-	b	.Lkey_loop
-
-.align	4
-.Lkey_loop:
-	vtbl.8	d14,{q15},d28
-	vtbl.8	d15,{q15},d29
-	vmov.i8	q6,  #0x40
-	vmov.i8	q15, #0x80
-
-	vtst.8	q0, q7, q8
-	vtst.8	q1, q7, q9
-	vtst.8	q2, q7, q10
-	vtst.8	q3, q7, q11
-	vtst.8	q4, q7, q12
-	vtst.8	q5, q7, q13
-	vtst.8	q6, q7, q6
-	vtst.8	q7, q7, q15
-	vld1.8	{q15}, [r4]!		@ load next round key
-	vmvn	q0, q0		@ "pnot"
-	vmvn	q1, q1
-	vmvn	q5, q5
-	vmvn	q6, q6
-#ifdef __ARMEL__
-	vrev32.8	q15, q15
-#endif
-	subs	r5,r5,#1
-	vstmia	r12!,{q0-q7}		@ write bit-sliced round key
-	bne	.Lkey_loop
-
-	vmov.i8	q7,#0x63			@ compose .L63
-	@ don't save last round key
-	bx	lr
-.size	_bsaes_key_convert,.-_bsaes_key_convert
-.extern AES_cbc_encrypt
-.extern AES_decrypt
-
-.global	bsaes_cbc_encrypt
-.type	bsaes_cbc_encrypt,%function
-.align	5
-bsaes_cbc_encrypt:
-#ifndef	__KERNEL__
-	cmp	r2, #128
-#ifndef	__thumb__
-	blo	AES_cbc_encrypt
-#else
-	bhs	1f
-	b	AES_cbc_encrypt
-1:
-#endif
-#endif
-
-	@ it is up to the caller to make sure we are called with enc == 0
-
-	mov	ip, sp
-	stmdb	sp!, {r4-r10, lr}
-	VFP_ABI_PUSH
-	ldr	r8, [ip]			@ IV is 1st arg on the stack
-	mov	r2, r2, lsr#4		@ len in 16 byte blocks
-	sub	sp, #0x10			@ scratch space to carry over the IV
-	mov	r9, sp				@ save sp
-
-	ldr	r10, [r3, #240]		@ get # of rounds
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	@ allocate the key schedule on the stack
-	sub	r12, sp, r10, lsl#7		@ 128 bytes per inner round key
-	add	r12, #96			@ sifze of bit-slices key schedule
-
-	@ populate the key schedule
-	mov	r4, r3			@ pass key
-	mov	r5, r10			@ pass # of rounds
-	mov	sp, r12				@ sp is sp
-	bl	_bsaes_key_convert
-	vldmia	sp, {q6}
-	vstmia	r12,  {q15}		@ save last round key
-	veor	q7, q7, q6	@ fix up round 0 key
-	vstmia	sp, {q7}
-#else
-	ldr	r12, [r3, #244]
-	eors	r12, #1
-	beq	0f
-
-	@ populate the key schedule
-	str	r12, [r3, #244]
-	mov	r4, r3			@ pass key
-	mov	r5, r10			@ pass # of rounds
-	add	r12, r3, #248			@ pass key schedule
-	bl	_bsaes_key_convert
-	add	r4, r3, #248
-	vldmia	r4, {q6}
-	vstmia	r12, {q15}			@ save last round key
-	veor	q7, q7, q6	@ fix up round 0 key
-	vstmia	r4, {q7}
-
-.align	2
-0:
-#endif
-
-	vld1.8	{q15}, [r8]		@ load IV
-	b	.Lcbc_dec_loop
-
-.align	4
-.Lcbc_dec_loop:
-	subs	r2, r2, #0x8
-	bmi	.Lcbc_dec_loop_finish
-
-	vld1.8	{q0-q1}, [r0]!	@ load input
-	vld1.8	{q2-q3}, [r0]!
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	mov	r4, sp			@ pass the key
-#else
-	add	r4, r3, #248
-#endif
-	vld1.8	{q4-q5}, [r0]!
-	mov	r5, r10
-	vld1.8	{q6-q7}, [r0]
-	sub	r0, r0, #0x60
-	vstmia	r9, {q15}			@ put aside IV
-
-	bl	_bsaes_decrypt8
-
-	vldmia	r9, {q14}			@ reload IV
-	vld1.8	{q8-q9}, [r0]!	@ reload input
-	veor	q0, q0, q14	@ ^= IV
-	vld1.8	{q10-q11}, [r0]!
-	veor	q1, q1, q8
-	veor	q6, q6, q9
-	vld1.8	{q12-q13}, [r0]!
-	veor	q4, q4, q10
-	veor	q2, q2, q11
-	vld1.8	{q14-q15}, [r0]!
-	veor	q7, q7, q12
-	vst1.8	{q0-q1}, [r1]!	@ write output
-	veor	q3, q3, q13
-	vst1.8	{q6}, [r1]!
-	veor	q5, q5, q14
-	vst1.8	{q4}, [r1]!
-	vst1.8	{q2}, [r1]!
-	vst1.8	{q7}, [r1]!
-	vst1.8	{q3}, [r1]!
-	vst1.8	{q5}, [r1]!
-
-	b	.Lcbc_dec_loop
-
-.Lcbc_dec_loop_finish:
-	adds	r2, r2, #8
-	beq	.Lcbc_dec_done
-
-	vld1.8	{q0}, [r0]!		@ load input
-	cmp	r2, #2
-	blo	.Lcbc_dec_one
-	vld1.8	{q1}, [r0]!
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	mov	r4, sp			@ pass the key
-#else
-	add	r4, r3, #248
-#endif
-	mov	r5, r10
-	vstmia	r9, {q15}			@ put aside IV
-	beq	.Lcbc_dec_two
-	vld1.8	{q2}, [r0]!
-	cmp	r2, #4
-	blo	.Lcbc_dec_three
-	vld1.8	{q3}, [r0]!
-	beq	.Lcbc_dec_four
-	vld1.8	{q4}, [r0]!
-	cmp	r2, #6
-	blo	.Lcbc_dec_five
-	vld1.8	{q5}, [r0]!
-	beq	.Lcbc_dec_six
-	vld1.8	{q6}, [r0]!
-	sub	r0, r0, #0x70
-
-	bl	_bsaes_decrypt8
-
-	vldmia	r9, {q14}			@ reload IV
-	vld1.8	{q8-q9}, [r0]!	@ reload input
-	veor	q0, q0, q14	@ ^= IV
-	vld1.8	{q10-q11}, [r0]!
-	veor	q1, q1, q8
-	veor	q6, q6, q9
-	vld1.8	{q12-q13}, [r0]!
-	veor	q4, q4, q10
-	veor	q2, q2, q11
-	vld1.8	{q15}, [r0]!
-	veor	q7, q7, q12
-	vst1.8	{q0-q1}, [r1]!	@ write output
-	veor	q3, q3, q13
-	vst1.8	{q6}, [r1]!
-	vst1.8	{q4}, [r1]!
-	vst1.8	{q2}, [r1]!
-	vst1.8	{q7}, [r1]!
-	vst1.8	{q3}, [r1]!
-	b	.Lcbc_dec_done
-.align	4
-.Lcbc_dec_six:
-	sub	r0, r0, #0x60
-	bl	_bsaes_decrypt8
-	vldmia	r9,{q14}			@ reload IV
-	vld1.8	{q8-q9}, [r0]!	@ reload input
-	veor	q0, q0, q14	@ ^= IV
-	vld1.8	{q10-q11}, [r0]!
-	veor	q1, q1, q8
-	veor	q6, q6, q9
-	vld1.8	{q12}, [r0]!
-	veor	q4, q4, q10
-	veor	q2, q2, q11
-	vld1.8	{q15}, [r0]!
-	veor	q7, q7, q12
-	vst1.8	{q0-q1}, [r1]!	@ write output
-	vst1.8	{q6}, [r1]!
-	vst1.8	{q4}, [r1]!
-	vst1.8	{q2}, [r1]!
-	vst1.8	{q7}, [r1]!
-	b	.Lcbc_dec_done
-.align	4
-.Lcbc_dec_five:
-	sub	r0, r0, #0x50
-	bl	_bsaes_decrypt8
-	vldmia	r9, {q14}			@ reload IV
-	vld1.8	{q8-q9}, [r0]!	@ reload input
-	veor	q0, q0, q14	@ ^= IV
-	vld1.8	{q10-q11}, [r0]!
-	veor	q1, q1, q8
-	veor	q6, q6, q9
-	vld1.8	{q15}, [r0]!
-	veor	q4, q4, q10
-	vst1.8	{q0-q1}, [r1]!	@ write output
-	veor	q2, q2, q11
-	vst1.8	{q6}, [r1]!
-	vst1.8	{q4}, [r1]!
-	vst1.8	{q2}, [r1]!
-	b	.Lcbc_dec_done
-.align	4
-.Lcbc_dec_four:
-	sub	r0, r0, #0x40
-	bl	_bsaes_decrypt8
-	vldmia	r9, {q14}			@ reload IV
-	vld1.8	{q8-q9}, [r0]!	@ reload input
-	veor	q0, q0, q14	@ ^= IV
-	vld1.8	{q10}, [r0]!
-	veor	q1, q1, q8
-	veor	q6, q6, q9
-	vld1.8	{q15}, [r0]!
-	veor	q4, q4, q10
-	vst1.8	{q0-q1}, [r1]!	@ write output
-	vst1.8	{q6}, [r1]!
-	vst1.8	{q4}, [r1]!
-	b	.Lcbc_dec_done
-.align	4
-.Lcbc_dec_three:
-	sub	r0, r0, #0x30
-	bl	_bsaes_decrypt8
-	vldmia	r9, {q14}			@ reload IV
-	vld1.8	{q8-q9}, [r0]!	@ reload input
-	veor	q0, q0, q14	@ ^= IV
-	vld1.8	{q15}, [r0]!
-	veor	q1, q1, q8
-	veor	q6, q6, q9
-	vst1.8	{q0-q1}, [r1]!	@ write output
-	vst1.8	{q6}, [r1]!
-	b	.Lcbc_dec_done
-.align	4
-.Lcbc_dec_two:
-	sub	r0, r0, #0x20
-	bl	_bsaes_decrypt8
-	vldmia	r9, {q14}			@ reload IV
-	vld1.8	{q8}, [r0]!		@ reload input
-	veor	q0, q0, q14	@ ^= IV
-	vld1.8	{q15}, [r0]!		@ reload input
-	veor	q1, q1, q8
-	vst1.8	{q0-q1}, [r1]!	@ write output
-	b	.Lcbc_dec_done
-.align	4
-.Lcbc_dec_one:
-	sub	r0, r0, #0x10
-	mov	r10, r1			@ save original out pointer
-	mov	r1, r9			@ use the iv scratch space as out buffer
-	mov	r2, r3
-	vmov	q4,q15		@ just in case ensure that IV
-	vmov	q5,q0			@ and input are preserved
-	bl	AES_decrypt
-	vld1.8	{q0}, [r9,:64]		@ load result
-	veor	q0, q0, q4	@ ^= IV
-	vmov	q15, q5		@ q5 holds input
-	vst1.8	{q0}, [r10]		@ write output
-
-.Lcbc_dec_done:
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	vmov.i32	q0, #0
-	vmov.i32	q1, #0
-.Lcbc_dec_bzero:				@ wipe key schedule [if any]
-	vstmia		sp!, {q0-q1}
-	cmp		sp, r9
-	bne		.Lcbc_dec_bzero
-#endif
-
-	mov	sp, r9
-	add	sp, #0x10			@ add sp,r9,#0x10 is no good for thumb
-	vst1.8	{q15}, [r8]		@ return IV
-	VFP_ABI_POP
-	ldmia	sp!, {r4-r10, pc}
-.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
-.extern	AES_encrypt
-.global	bsaes_ctr32_encrypt_blocks
-.type	bsaes_ctr32_encrypt_blocks,%function
-.align	5
-bsaes_ctr32_encrypt_blocks:
-	cmp	r2, #8			@ use plain AES for
-	blo	.Lctr_enc_short			@ small sizes
-
-	mov	ip, sp
-	stmdb	sp!, {r4-r10, lr}
-	VFP_ABI_PUSH
-	ldr	r8, [ip]			@ ctr is 1st arg on the stack
-	sub	sp, sp, #0x10			@ scratch space to carry over the ctr
-	mov	r9, sp				@ save sp
-
-	ldr	r10, [r3, #240]		@ get # of rounds
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	@ allocate the key schedule on the stack
-	sub	r12, sp, r10, lsl#7		@ 128 bytes per inner round key
-	add	r12, #96			@ size of bit-sliced key schedule
-
-	@ populate the key schedule
-	mov	r4, r3			@ pass key
-	mov	r5, r10			@ pass # of rounds
-	mov	sp, r12				@ sp is sp
-	bl	_bsaes_key_convert
-	veor	q7,q7,q15	@ fix up last round key
-	vstmia	r12, {q7}			@ save last round key
-
-	vld1.8	{q0}, [r8]		@ load counter
-	add	r8, r6, #.LREVM0SR-.LM0	@ borrow r8
-	vldmia	sp, {q4}		@ load round0 key
-#else
-	ldr	r12, [r3, #244]
-	eors	r12, #1
-	beq	0f
-
-	@ populate the key schedule
-	str	r12, [r3, #244]
-	mov	r4, r3			@ pass key
-	mov	r5, r10			@ pass # of rounds
-	add	r12, r3, #248			@ pass key schedule
-	bl	_bsaes_key_convert
-	veor	q7,q7,q15	@ fix up last round key
-	vstmia	r12, {q7}			@ save last round key
-
-.align	2
-0:	add	r12, r3, #248
-	vld1.8	{q0}, [r8]		@ load counter
-	adrl	r8, .LREVM0SR			@ borrow r8
-	vldmia	r12, {q4}			@ load round0 key
-	sub	sp, #0x10			@ place for adjusted round0 key
-#endif
-
-	vmov.i32	q8,#1		@ compose 1<<96
-	veor		q9,q9,q9
-	vrev32.8	q0,q0
-	vext.8		q8,q9,q8,#4
-	vrev32.8	q4,q4
-	vadd.u32	q9,q8,q8	@ compose 2<<96
-	vstmia	sp, {q4}		@ save adjusted round0 key
-	b	.Lctr_enc_loop
-
-.align	4
-.Lctr_enc_loop:
-	vadd.u32	q10, q8, q9	@ compose 3<<96
-	vadd.u32	q1, q0, q8	@ +1
-	vadd.u32	q2, q0, q9	@ +2
-	vadd.u32	q3, q0, q10	@ +3
-	vadd.u32	q4, q1, q10
-	vadd.u32	q5, q2, q10
-	vadd.u32	q6, q3, q10
-	vadd.u32	q7, q4, q10
-	vadd.u32	q10, q5, q10	@ next counter
-
-	@ Borrow prologue from _bsaes_encrypt8 to use the opportunity
-	@ to flip byte order in 32-bit counter
-
-	vldmia		sp, {q9}		@ load round0 key
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x10		@ pass next round key
-#else
-	add		r4, r3, #264
-#endif
-	vldmia		r8, {q8}			@ .LREVM0SR
-	mov		r5, r10			@ pass rounds
-	vstmia		r9, {q10}			@ save next counter
-	sub		r6, r8, #.LREVM0SR-.LSR	@ pass constants
-
-	bl		_bsaes_encrypt8_alt
-
-	subs		r2, r2, #8
-	blo		.Lctr_enc_loop_done
-
-	vld1.8		{q8-q9}, [r0]!	@ load input
-	vld1.8		{q10-q11}, [r0]!
-	veor		q0, q8
-	veor		q1, q9
-	vld1.8		{q12-q13}, [r0]!
-	veor		q4, q10
-	veor		q6, q11
-	vld1.8		{q14-q15}, [r0]!
-	veor		q3, q12
-	vst1.8		{q0-q1}, [r1]!	@ write output
-	veor		q7, q13
-	veor		q2, q14
-	vst1.8		{q4}, [r1]!
-	veor		q5, q15
-	vst1.8		{q6}, [r1]!
-	vmov.i32	q8, #1			@ compose 1<<96
-	vst1.8		{q3}, [r1]!
-	veor		q9, q9, q9
-	vst1.8		{q7}, [r1]!
-	vext.8		q8, q9, q8, #4
-	vst1.8		{q2}, [r1]!
-	vadd.u32	q9,q8,q8		@ compose 2<<96
-	vst1.8		{q5}, [r1]!
-	vldmia		r9, {q0}			@ load counter
-
-	bne		.Lctr_enc_loop
-	b		.Lctr_enc_done
-
-.align	4
-.Lctr_enc_loop_done:
-	add		r2, r2, #8
-	vld1.8		{q8}, [r0]!	@ load input
-	veor		q0, q8
-	vst1.8		{q0}, [r1]!	@ write output
-	cmp		r2, #2
-	blo		.Lctr_enc_done
-	vld1.8		{q9}, [r0]!
-	veor		q1, q9
-	vst1.8		{q1}, [r1]!
-	beq		.Lctr_enc_done
-	vld1.8		{q10}, [r0]!
-	veor		q4, q10
-	vst1.8		{q4}, [r1]!
-	cmp		r2, #4
-	blo		.Lctr_enc_done
-	vld1.8		{q11}, [r0]!
-	veor		q6, q11
-	vst1.8		{q6}, [r1]!
-	beq		.Lctr_enc_done
-	vld1.8		{q12}, [r0]!
-	veor		q3, q12
-	vst1.8		{q3}, [r1]!
-	cmp		r2, #6
-	blo		.Lctr_enc_done
-	vld1.8		{q13}, [r0]!
-	veor		q7, q13
-	vst1.8		{q7}, [r1]!
-	beq		.Lctr_enc_done
-	vld1.8		{q14}, [r0]
-	veor		q2, q14
-	vst1.8		{q2}, [r1]!
-
-.Lctr_enc_done:
-	vmov.i32	q0, #0
-	vmov.i32	q1, #0
-#ifndef	BSAES_ASM_EXTENDED_KEY
-.Lctr_enc_bzero:			@ wipe key schedule [if any]
-	vstmia		sp!, {q0-q1}
-	cmp		sp, r9
-	bne		.Lctr_enc_bzero
-#else
-	vstmia		sp, {q0-q1}
-#endif
-
-	mov	sp, r9
-	add	sp, #0x10		@ add sp,r9,#0x10 is no good for thumb
-	VFP_ABI_POP
-	ldmia	sp!, {r4-r10, pc}	@ return
-
-.align	4
-.Lctr_enc_short:
-	ldr	ip, [sp]		@ ctr pointer is passed on stack
-	stmdb	sp!, {r4-r8, lr}
-
-	mov	r4, r0		@ copy arguments
-	mov	r5, r1
-	mov	r6, r2
-	mov	r7, r3
-	ldr	r8, [ip, #12]		@ load counter LSW
-	vld1.8	{q1}, [ip]		@ load whole counter value
-#ifdef __ARMEL__
-	rev	r8, r8
-#endif
-	sub	sp, sp, #0x10
-	vst1.8	{q1}, [sp,:64]	@ copy counter value
-	sub	sp, sp, #0x10
-
-.Lctr_enc_short_loop:
-	add	r0, sp, #0x10		@ input counter value
-	mov	r1, sp			@ output on the stack
-	mov	r2, r7			@ key
-
-	bl	AES_encrypt
-
-	vld1.8	{q0}, [r4]!	@ load input
-	vld1.8	{q1}, [sp,:64]	@ load encrypted counter
-	add	r8, r8, #1
-#ifdef __ARMEL__
-	rev	r0, r8
-	str	r0, [sp, #0x1c]		@ next counter value
-#else
-	str	r8, [sp, #0x1c]		@ next counter value
-#endif
-	veor	q0,q0,q1
-	vst1.8	{q0}, [r5]!	@ store output
-	subs	r6, r6, #1
-	bne	.Lctr_enc_short_loop
-
-	vmov.i32	q0, #0
-	vmov.i32	q1, #0
-	vstmia		sp!, {q0-q1}
-
-	ldmia	sp!, {r4-r8, pc}
-.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
-.globl	bsaes_xts_encrypt
-.type	bsaes_xts_encrypt,%function
-.align	4
-bsaes_xts_encrypt:
-	mov	ip, sp
-	stmdb	sp!, {r4-r10, lr}		@ 0x20
-	VFP_ABI_PUSH
-	mov	r6, sp				@ future r3
-
-	mov	r7, r0
-	mov	r8, r1
-	mov	r9, r2
-	mov	r10, r3
-
-	sub	r0, sp, #0x10			@ 0x10
-	bic	r0, #0xf			@ align at 16 bytes
-	mov	sp, r0
-
-#ifdef	XTS_CHAIN_TWEAK
-	ldr	r0, [ip]			@ pointer to input tweak
-#else
-	@ generate initial tweak
-	ldr	r0, [ip, #4]			@ iv[]
-	mov	r1, sp
-	ldr	r2, [ip, #0]			@ key2
-	bl	AES_encrypt
-	mov	r0,sp				@ pointer to initial tweak
-#endif
-
-	ldr	r1, [r10, #240]		@ get # of rounds
-	mov	r3, r6
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	@ allocate the key schedule on the stack
-	sub	r12, sp, r1, lsl#7		@ 128 bytes per inner round key
-	@ add	r12, #96			@ size of bit-sliced key schedule
-	sub	r12, #48			@ place for tweak[9]
-
-	@ populate the key schedule
-	mov	r4, r10			@ pass key
-	mov	r5, r1			@ pass # of rounds
-	mov	sp, r12
-	add	r12, #0x90			@ pass key schedule
-	bl	_bsaes_key_convert
-	veor	q7, q7, q15	@ fix up last round key
-	vstmia	r12, {q7}			@ save last round key
-#else
-	ldr	r12, [r10, #244]
-	eors	r12, #1
-	beq	0f
-
-	str	r12, [r10, #244]
-	mov	r4, r10			@ pass key
-	mov	r5, r1			@ pass # of rounds
-	add	r12, r10, #248			@ pass key schedule
-	bl	_bsaes_key_convert
-	veor	q7, q7, q15	@ fix up last round key
-	vstmia	r12, {q7}
-
-.align	2
-0:	sub	sp, #0x90			@ place for tweak[9]
-#endif
-
-	vld1.8	{q8}, [r0]			@ initial tweak
-	adr	r2, .Lxts_magic
-
-	subs	r9, #0x80
-	blo	.Lxts_enc_short
-	b	.Lxts_enc_loop
-
-.align	4
-.Lxts_enc_loop:
-	vldmia		r2, {q5}	@ load XTS magic
-	vshr.s64	q6, q8, #63
-	mov		r0, sp
-	vand		q6, q6, q5
-	vadd.u64	q9, q8, q8
-	vst1.64		{q8}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q9, #63
-	veor		q9, q9, q6
-	vand		q7, q7, q5
-	vadd.u64	q10, q9, q9
-	vst1.64		{q9}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q10, #63
-	veor		q10, q10, q7
-	vand		q6, q6, q5
-	vld1.8		{q0}, [r7]!
-	vadd.u64	q11, q10, q10
-	vst1.64		{q10}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q11, #63
-	veor		q11, q11, q6
-	vand		q7, q7, q5
-	vld1.8		{q1}, [r7]!
-	veor		q0, q0, q8
-	vadd.u64	q12, q11, q11
-	vst1.64		{q11}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q12, #63
-	veor		q12, q12, q7
-	vand		q6, q6, q5
-	vld1.8		{q2}, [r7]!
-	veor		q1, q1, q9
-	vadd.u64	q13, q12, q12
-	vst1.64		{q12}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q13, #63
-	veor		q13, q13, q6
-	vand		q7, q7, q5
-	vld1.8		{q3}, [r7]!
-	veor		q2, q2, q10
-	vadd.u64	q14, q13, q13
-	vst1.64		{q13}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q14, #63
-	veor		q14, q14, q7
-	vand		q6, q6, q5
-	vld1.8		{q4}, [r7]!
-	veor		q3, q3, q11
-	vadd.u64	q15, q14, q14
-	vst1.64		{q14}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q15, #63
-	veor		q15, q15, q6
-	vand		q7, q7, q5
-	vld1.8		{q5}, [r7]!
-	veor		q4, q4, q12
-	vadd.u64	q8, q15, q15
-	vst1.64		{q15}, [r0,:128]!
-	vswp		d15,d14
-	veor		q8, q8, q7
-	vst1.64		{q8}, [r0,:128]		@ next round tweak
-
-	vld1.8		{q6-q7}, [r7]!
-	veor		q5, q5, q13
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q6, q6, q14
-	mov		r5, r1			@ pass rounds
-	veor		q7, q7, q15
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	vld1.64		{q10-q11}, [r0,:128]!
-	veor		q0, q0, q8
-	vld1.64		{q12-q13}, [r0,:128]!
-	veor		q1, q1, q9
-	veor		q8, q4, q10
-	vst1.8		{q0-q1}, [r8]!
-	veor		q9, q6, q11
-	vld1.64		{q14-q15}, [r0,:128]!
-	veor		q10, q3, q12
-	vst1.8		{q8-q9}, [r8]!
-	veor		q11, q7, q13
-	veor		q12, q2, q14
-	vst1.8		{q10-q11}, [r8]!
-	veor		q13, q5, q15
-	vst1.8		{q12-q13}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-
-	subs		r9, #0x80
-	bpl		.Lxts_enc_loop
-
-.Lxts_enc_short:
-	adds		r9, #0x70
-	bmi		.Lxts_enc_done
-
-	vldmia		r2, {q5}	@ load XTS magic
-	vshr.s64	q7, q8, #63
-	mov		r0, sp
-	vand		q7, q7, q5
-	vadd.u64	q9, q8, q8
-	vst1.64		{q8}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q9, #63
-	veor		q9, q9, q7
-	vand		q6, q6, q5
-	vadd.u64	q10, q9, q9
-	vst1.64		{q9}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q10, #63
-	veor		q10, q10, q6
-	vand		q7, q7, q5
-	vld1.8		{q0}, [r7]!
-	subs		r9, #0x10
-	bmi		.Lxts_enc_1
-	vadd.u64	q11, q10, q10
-	vst1.64		{q10}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q11, #63
-	veor		q11, q11, q7
-	vand		q6, q6, q5
-	vld1.8		{q1}, [r7]!
-	subs		r9, #0x10
-	bmi		.Lxts_enc_2
-	veor		q0, q0, q8
-	vadd.u64	q12, q11, q11
-	vst1.64		{q11}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q12, #63
-	veor		q12, q12, q6
-	vand		q7, q7, q5
-	vld1.8		{q2}, [r7]!
-	subs		r9, #0x10
-	bmi		.Lxts_enc_3
-	veor		q1, q1, q9
-	vadd.u64	q13, q12, q12
-	vst1.64		{q12}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q13, #63
-	veor		q13, q13, q7
-	vand		q6, q6, q5
-	vld1.8		{q3}, [r7]!
-	subs		r9, #0x10
-	bmi		.Lxts_enc_4
-	veor		q2, q2, q10
-	vadd.u64	q14, q13, q13
-	vst1.64		{q13}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q14, #63
-	veor		q14, q14, q6
-	vand		q7, q7, q5
-	vld1.8		{q4}, [r7]!
-	subs		r9, #0x10
-	bmi		.Lxts_enc_5
-	veor		q3, q3, q11
-	vadd.u64	q15, q14, q14
-	vst1.64		{q14}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q15, #63
-	veor		q15, q15, q7
-	vand		q6, q6, q5
-	vld1.8		{q5}, [r7]!
-	subs		r9, #0x10
-	bmi		.Lxts_enc_6
-	veor		q4, q4, q12
-	sub		r9, #0x10
-	vst1.64		{q15}, [r0,:128]		@ next round tweak
-
-	vld1.8		{q6}, [r7]!
-	veor		q5, q5, q13
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q6, q6, q14
-	mov		r5, r1			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	vld1.64		{q10-q11}, [r0,:128]!
-	veor		q0, q0, q8
-	vld1.64		{q12-q13}, [r0,:128]!
-	veor		q1, q1, q9
-	veor		q8, q4, q10
-	vst1.8		{q0-q1}, [r8]!
-	veor		q9, q6, q11
-	vld1.64		{q14}, [r0,:128]!
-	veor		q10, q3, q12
-	vst1.8		{q8-q9}, [r8]!
-	veor		q11, q7, q13
-	veor		q12, q2, q14
-	vst1.8		{q10-q11}, [r8]!
-	vst1.8		{q12}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-	b		.Lxts_enc_done
-.align	4
-.Lxts_enc_6:
-	vst1.64		{q14}, [r0,:128]		@ next round tweak
-
-	veor		q4, q4, q12
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q5, q5, q13
-	mov		r5, r1			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	vld1.64		{q10-q11}, [r0,:128]!
-	veor		q0, q0, q8
-	vld1.64		{q12-q13}, [r0,:128]!
-	veor		q1, q1, q9
-	veor		q8, q4, q10
-	vst1.8		{q0-q1}, [r8]!
-	veor		q9, q6, q11
-	veor		q10, q3, q12
-	vst1.8		{q8-q9}, [r8]!
-	veor		q11, q7, q13
-	vst1.8		{q10-q11}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-	b		.Lxts_enc_done
-
-@ put this in range for both ARM and Thumb mode adr instructions
-.align	5
-.Lxts_magic:
-	.quad	1, 0x87
-
-.align	5
-.Lxts_enc_5:
-	vst1.64		{q13}, [r0,:128]		@ next round tweak
-
-	veor		q3, q3, q11
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q4, q4, q12
-	mov		r5, r1			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	vld1.64		{q10-q11}, [r0,:128]!
-	veor		q0, q0, q8
-	vld1.64		{q12}, [r0,:128]!
-	veor		q1, q1, q9
-	veor		q8, q4, q10
-	vst1.8		{q0-q1}, [r8]!
-	veor		q9, q6, q11
-	veor		q10, q3, q12
-	vst1.8		{q8-q9}, [r8]!
-	vst1.8		{q10}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-	b		.Lxts_enc_done
-.align	4
-.Lxts_enc_4:
-	vst1.64		{q12}, [r0,:128]		@ next round tweak
-
-	veor		q2, q2, q10
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q3, q3, q11
-	mov		r5, r1			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	vld1.64		{q10-q11}, [r0,:128]!
-	veor		q0, q0, q8
-	veor		q1, q1, q9
-	veor		q8, q4, q10
-	vst1.8		{q0-q1}, [r8]!
-	veor		q9, q6, q11
-	vst1.8		{q8-q9}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-	b		.Lxts_enc_done
-.align	4
-.Lxts_enc_3:
-	vst1.64		{q11}, [r0,:128]		@ next round tweak
-
-	veor		q1, q1, q9
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q2, q2, q10
-	mov		r5, r1			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	vld1.64		{q10}, [r0,:128]!
-	veor		q0, q0, q8
-	veor		q1, q1, q9
-	veor		q8, q4, q10
-	vst1.8		{q0-q1}, [r8]!
-	vst1.8		{q8}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-	b		.Lxts_enc_done
-.align	4
-.Lxts_enc_2:
-	vst1.64		{q10}, [r0,:128]		@ next round tweak
-
-	veor		q0, q0, q8
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q1, q1, q9
-	mov		r5, r1			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	veor		q0, q0, q8
-	veor		q1, q1, q9
-	vst1.8		{q0-q1}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-	b		.Lxts_enc_done
-.align	4
-.Lxts_enc_1:
-	mov		r0, sp
-	veor		q0, q8
-	mov		r1, sp
-	vst1.8		{q0}, [sp,:128]
-	mov		r2, r10
-	mov		r4, r3				@ preserve fp
-
-	bl		AES_encrypt
-
-	vld1.8		{q0}, [sp,:128]
-	veor		q0, q0, q8
-	vst1.8		{q0}, [r8]!
-	mov		r3, r4
-
-	vmov		q8, q9		@ next round tweak
-
-.Lxts_enc_done:
-#ifndef	XTS_CHAIN_TWEAK
-	adds		r9, #0x10
-	beq		.Lxts_enc_ret
-	sub		r6, r8, #0x10
-
-.Lxts_enc_steal:
-	ldrb		r0, [r7], #1
-	ldrb		r1, [r8, #-0x10]
-	strb		r0, [r8, #-0x10]
-	strb		r1, [r8], #1
-
-	subs		r9, #1
-	bhi		.Lxts_enc_steal
-
-	vld1.8		{q0}, [r6]
-	mov		r0, sp
-	veor		q0, q0, q8
-	mov		r1, sp
-	vst1.8		{q0}, [sp,:128]
-	mov		r2, r10
-	mov		r4, r3			@ preserve fp
-
-	bl		AES_encrypt
-
-	vld1.8		{q0}, [sp,:128]
-	veor		q0, q0, q8
-	vst1.8		{q0}, [r6]
-	mov		r3, r4
-#endif
-
-.Lxts_enc_ret:
-	bic		r0, r3, #0xf
-	vmov.i32	q0, #0
-	vmov.i32	q1, #0
-#ifdef	XTS_CHAIN_TWEAK
-	ldr		r1, [r3, #0x20+VFP_ABI_FRAME]	@ chain tweak
-#endif
-.Lxts_enc_bzero:				@ wipe key schedule [if any]
-	vstmia		sp!, {q0-q1}
-	cmp		sp, r0
-	bne		.Lxts_enc_bzero
-
-	mov		sp, r3
-#ifdef	XTS_CHAIN_TWEAK
-	vst1.8		{q8}, [r1]
-#endif
-	VFP_ABI_POP
-	ldmia		sp!, {r4-r10, pc}	@ return
-
-.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt
-
-.globl	bsaes_xts_decrypt
-.type	bsaes_xts_decrypt,%function
-.align	4
-bsaes_xts_decrypt:
-	mov	ip, sp
-	stmdb	sp!, {r4-r10, lr}		@ 0x20
-	VFP_ABI_PUSH
-	mov	r6, sp				@ future r3
-
-	mov	r7, r0
-	mov	r8, r1
-	mov	r9, r2
-	mov	r10, r3
-
-	sub	r0, sp, #0x10			@ 0x10
-	bic	r0, #0xf			@ align at 16 bytes
-	mov	sp, r0
-
-#ifdef	XTS_CHAIN_TWEAK
-	ldr	r0, [ip]			@ pointer to input tweak
-#else
-	@ generate initial tweak
-	ldr	r0, [ip, #4]			@ iv[]
-	mov	r1, sp
-	ldr	r2, [ip, #0]			@ key2
-	bl	AES_encrypt
-	mov	r0, sp				@ pointer to initial tweak
-#endif
-
-	ldr	r1, [r10, #240]		@ get # of rounds
-	mov	r3, r6
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	@ allocate the key schedule on the stack
-	sub	r12, sp, r1, lsl#7		@ 128 bytes per inner round key
-	@ add	r12, #96			@ size of bit-sliced key schedule
-	sub	r12, #48			@ place for tweak[9]
-
-	@ populate the key schedule
-	mov	r4, r10			@ pass key
-	mov	r5, r1			@ pass # of rounds
-	mov	sp, r12
-	add	r12, #0x90			@ pass key schedule
-	bl	_bsaes_key_convert
-	add	r4, sp, #0x90
-	vldmia	r4, {q6}
-	vstmia	r12,  {q15}		@ save last round key
-	veor	q7, q7, q6	@ fix up round 0 key
-	vstmia	r4, {q7}
-#else
-	ldr	r12, [r10, #244]
-	eors	r12, #1
-	beq	0f
-
-	str	r12, [r10, #244]
-	mov	r4, r10			@ pass key
-	mov	r5, r1			@ pass # of rounds
-	add	r12, r10, #248			@ pass key schedule
-	bl	_bsaes_key_convert
-	add	r4, r10, #248
-	vldmia	r4, {q6}
-	vstmia	r12,  {q15}		@ save last round key
-	veor	q7, q7, q6	@ fix up round 0 key
-	vstmia	r4, {q7}
-
-.align	2
-0:	sub	sp, #0x90			@ place for tweak[9]
-#endif
-	vld1.8	{q8}, [r0]			@ initial tweak
-	adr	r2, .Lxts_magic
-
-	tst	r9, #0xf			@ if not multiple of 16
-	it	ne				@ Thumb2 thing, sanity check in ARM
-	subne	r9, #0x10			@ subtract another 16 bytes
-	subs	r9, #0x80
-
-	blo	.Lxts_dec_short
-	b	.Lxts_dec_loop
-
-.align	4
-.Lxts_dec_loop:
-	vldmia		r2, {q5}	@ load XTS magic
-	vshr.s64	q6, q8, #63
-	mov		r0, sp
-	vand		q6, q6, q5
-	vadd.u64	q9, q8, q8
-	vst1.64		{q8}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q9, #63
-	veor		q9, q9, q6
-	vand		q7, q7, q5
-	vadd.u64	q10, q9, q9
-	vst1.64		{q9}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q10, #63
-	veor		q10, q10, q7
-	vand		q6, q6, q5
-	vld1.8		{q0}, [r7]!
-	vadd.u64	q11, q10, q10
-	vst1.64		{q10}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q11, #63
-	veor		q11, q11, q6
-	vand		q7, q7, q5
-	vld1.8		{q1}, [r7]!
-	veor		q0, q0, q8
-	vadd.u64	q12, q11, q11
-	vst1.64		{q11}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q12, #63
-	veor		q12, q12, q7
-	vand		q6, q6, q5
-	vld1.8		{q2}, [r7]!
-	veor		q1, q1, q9
-	vadd.u64	q13, q12, q12
-	vst1.64		{q12}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q13, #63
-	veor		q13, q13, q6
-	vand		q7, q7, q5
-	vld1.8		{q3}, [r7]!
-	veor		q2, q2, q10
-	vadd.u64	q14, q13, q13
-	vst1.64		{q13}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q14, #63
-	veor		q14, q14, q7
-	vand		q6, q6, q5
-	vld1.8		{q4}, [r7]!
-	veor		q3, q3, q11
-	vadd.u64	q15, q14, q14
-	vst1.64		{q14}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q15, #63
-	veor		q15, q15, q6
-	vand		q7, q7, q5
-	vld1.8		{q5}, [r7]!
-	veor		q4, q4, q12
-	vadd.u64	q8, q15, q15
-	vst1.64		{q15}, [r0,:128]!
-	vswp		d15,d14
-	veor		q8, q8, q7
-	vst1.64		{q8}, [r0,:128]		@ next round tweak
-
-	vld1.8		{q6-q7}, [r7]!
-	veor		q5, q5, q13
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q6, q6, q14
-	mov		r5, r1			@ pass rounds
-	veor		q7, q7, q15
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	vld1.64		{q10-q11}, [r0,:128]!
-	veor		q0, q0, q8
-	vld1.64		{q12-q13}, [r0,:128]!
-	veor		q1, q1, q9
-	veor		q8, q6, q10
-	vst1.8		{q0-q1}, [r8]!
-	veor		q9, q4, q11
-	vld1.64		{q14-q15}, [r0,:128]!
-	veor		q10, q2, q12
-	vst1.8		{q8-q9}, [r8]!
-	veor		q11, q7, q13
-	veor		q12, q3, q14
-	vst1.8		{q10-q11}, [r8]!
-	veor		q13, q5, q15
-	vst1.8		{q12-q13}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-
-	subs		r9, #0x80
-	bpl		.Lxts_dec_loop
-
-.Lxts_dec_short:
-	adds		r9, #0x70
-	bmi		.Lxts_dec_done
-
-	vldmia		r2, {q5}	@ load XTS magic
-	vshr.s64	q7, q8, #63
-	mov		r0, sp
-	vand		q7, q7, q5
-	vadd.u64	q9, q8, q8
-	vst1.64		{q8}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q9, #63
-	veor		q9, q9, q7
-	vand		q6, q6, q5
-	vadd.u64	q10, q9, q9
-	vst1.64		{q9}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q10, #63
-	veor		q10, q10, q6
-	vand		q7, q7, q5
-	vld1.8		{q0}, [r7]!
-	subs		r9, #0x10
-	bmi		.Lxts_dec_1
-	vadd.u64	q11, q10, q10
-	vst1.64		{q10}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q11, #63
-	veor		q11, q11, q7
-	vand		q6, q6, q5
-	vld1.8		{q1}, [r7]!
-	subs		r9, #0x10
-	bmi		.Lxts_dec_2
-	veor		q0, q0, q8
-	vadd.u64	q12, q11, q11
-	vst1.64		{q11}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q12, #63
-	veor		q12, q12, q6
-	vand		q7, q7, q5
-	vld1.8		{q2}, [r7]!
-	subs		r9, #0x10
-	bmi		.Lxts_dec_3
-	veor		q1, q1, q9
-	vadd.u64	q13, q12, q12
-	vst1.64		{q12}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q13, #63
-	veor		q13, q13, q7
-	vand		q6, q6, q5
-	vld1.8		{q3}, [r7]!
-	subs		r9, #0x10
-	bmi		.Lxts_dec_4
-	veor		q2, q2, q10
-	vadd.u64	q14, q13, q13
-	vst1.64		{q13}, [r0,:128]!
-	vswp		d13,d12
-	vshr.s64	q7, q14, #63
-	veor		q14, q14, q6
-	vand		q7, q7, q5
-	vld1.8		{q4}, [r7]!
-	subs		r9, #0x10
-	bmi		.Lxts_dec_5
-	veor		q3, q3, q11
-	vadd.u64	q15, q14, q14
-	vst1.64		{q14}, [r0,:128]!
-	vswp		d15,d14
-	vshr.s64	q6, q15, #63
-	veor		q15, q15, q7
-	vand		q6, q6, q5
-	vld1.8		{q5}, [r7]!
-	subs		r9, #0x10
-	bmi		.Lxts_dec_6
-	veor		q4, q4, q12
-	sub		r9, #0x10
-	vst1.64		{q15}, [r0,:128]		@ next round tweak
-
-	vld1.8		{q6}, [r7]!
-	veor		q5, q5, q13
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q6, q6, q14
-	mov		r5, r1			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	vld1.64		{q10-q11}, [r0,:128]!
-	veor		q0, q0, q8
-	vld1.64		{q12-q13}, [r0,:128]!
-	veor		q1, q1, q9
-	veor		q8, q6, q10
-	vst1.8		{q0-q1}, [r8]!
-	veor		q9, q4, q11
-	vld1.64		{q14}, [r0,:128]!
-	veor		q10, q2, q12
-	vst1.8		{q8-q9}, [r8]!
-	veor		q11, q7, q13
-	veor		q12, q3, q14
-	vst1.8		{q10-q11}, [r8]!
-	vst1.8		{q12}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-	b		.Lxts_dec_done
-.align	4
-.Lxts_dec_6:
-	vst1.64		{q14}, [r0,:128]		@ next round tweak
-
-	veor		q4, q4, q12
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q5, q5, q13
-	mov		r5, r1			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	vld1.64		{q10-q11}, [r0,:128]!
-	veor		q0, q0, q8
-	vld1.64		{q12-q13}, [r0,:128]!
-	veor		q1, q1, q9
-	veor		q8, q6, q10
-	vst1.8		{q0-q1}, [r8]!
-	veor		q9, q4, q11
-	veor		q10, q2, q12
-	vst1.8		{q8-q9}, [r8]!
-	veor		q11, q7, q13
-	vst1.8		{q10-q11}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-	b		.Lxts_dec_done
-.align	4
-.Lxts_dec_5:
-	vst1.64		{q13}, [r0,:128]		@ next round tweak
-
-	veor		q3, q3, q11
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q4, q4, q12
-	mov		r5, r1			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	vld1.64		{q10-q11}, [r0,:128]!
-	veor		q0, q0, q8
-	vld1.64		{q12}, [r0,:128]!
-	veor		q1, q1, q9
-	veor		q8, q6, q10
-	vst1.8		{q0-q1}, [r8]!
-	veor		q9, q4, q11
-	veor		q10, q2, q12
-	vst1.8		{q8-q9}, [r8]!
-	vst1.8		{q10}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-	b		.Lxts_dec_done
-.align	4
-.Lxts_dec_4:
-	vst1.64		{q12}, [r0,:128]		@ next round tweak
-
-	veor		q2, q2, q10
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q3, q3, q11
-	mov		r5, r1			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	vld1.64		{q10-q11}, [r0,:128]!
-	veor		q0, q0, q8
-	veor		q1, q1, q9
-	veor		q8, q6, q10
-	vst1.8		{q0-q1}, [r8]!
-	veor		q9, q4, q11
-	vst1.8		{q8-q9}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-	b		.Lxts_dec_done
-.align	4
-.Lxts_dec_3:
-	vst1.64		{q11}, [r0,:128]		@ next round tweak
-
-	veor		q1, q1, q9
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q2, q2, q10
-	mov		r5, r1			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	vld1.64		{q10}, [r0,:128]!
-	veor		q0, q0, q8
-	veor		q1, q1, q9
-	veor		q8, q6, q10
-	vst1.8		{q0-q1}, [r8]!
-	vst1.8		{q8}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-	b		.Lxts_dec_done
-.align	4
-.Lxts_dec_2:
-	vst1.64		{q10}, [r0,:128]		@ next round tweak
-
-	veor		q0, q0, q8
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, r10, #248			@ pass key schedule
-#endif
-	veor		q1, q1, q9
-	mov		r5, r1			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{q8-q9}, [r0,:128]!
-	veor		q0, q0, q8
-	veor		q1, q1, q9
-	vst1.8		{q0-q1}, [r8]!
-
-	vld1.64		{q8}, [r0,:128]		@ next round tweak
-	b		.Lxts_dec_done
-.align	4
-.Lxts_dec_1:
-	mov		r0, sp
-	veor		q0, q8
-	mov		r1, sp
-	vst1.8		{q0}, [sp,:128]
-	mov		r2, r10
-	mov		r4, r3				@ preserve fp
-	mov		r5, r2			@ preserve magic
-
-	bl		AES_decrypt
-
-	vld1.8		{q0}, [sp,:128]
-	veor		q0, q0, q8
-	vst1.8		{q0}, [r8]!
-	mov		r3, r4
-	mov		r2, r5
-
-	vmov		q8, q9		@ next round tweak
-
-.Lxts_dec_done:
-#ifndef	XTS_CHAIN_TWEAK
-	adds		r9, #0x10
-	beq		.Lxts_dec_ret
-
-	@ calculate one round of extra tweak for the stolen ciphertext
-	vldmia		r2, {q5}
-	vshr.s64	q6, q8, #63
-	vand		q6, q6, q5
-	vadd.u64	q9, q8, q8
-	vswp		d13,d12
-	veor		q9, q9, q6
-
-	@ perform the final decryption with the last tweak value
-	vld1.8		{q0}, [r7]!
-	mov		r0, sp
-	veor		q0, q0, q9
-	mov		r1, sp
-	vst1.8		{q0}, [sp,:128]
-	mov		r2, r10
-	mov		r4, r3			@ preserve fp
-
-	bl		AES_decrypt
-
-	vld1.8		{q0}, [sp,:128]
-	veor		q0, q0, q9
-	vst1.8		{q0}, [r8]
-
-	mov		r6, r8
-.Lxts_dec_steal:
-	ldrb		r1, [r8]
-	ldrb		r0, [r7], #1
-	strb		r1, [r8, #0x10]
-	strb		r0, [r8], #1
-
-	subs		r9, #1
-	bhi		.Lxts_dec_steal
-
-	vld1.8		{q0}, [r6]
-	mov		r0, sp
-	veor		q0, q8
-	mov		r1, sp
-	vst1.8		{q0}, [sp,:128]
-	mov		r2, r10
-
-	bl		AES_decrypt
-
-	vld1.8		{q0}, [sp,:128]
-	veor		q0, q0, q8
-	vst1.8		{q0}, [r6]
-	mov		r3, r4
-#endif
-
-.Lxts_dec_ret:
-	bic		r0, r3, #0xf
-	vmov.i32	q0, #0
-	vmov.i32	q1, #0
-#ifdef	XTS_CHAIN_TWEAK
-	ldr		r1, [r3, #0x20+VFP_ABI_FRAME]	@ chain tweak
-#endif
-.Lxts_dec_bzero:				@ wipe key schedule [if any]
-	vstmia		sp!, {q0-q1}
-	cmp		sp, r0
-	bne		.Lxts_dec_bzero
-
-	mov		sp, r3
-#ifdef	XTS_CHAIN_TWEAK
-	vst1.8		{q8}, [r1]
-#endif
-	VFP_ABI_POP
-	ldmia		sp!, {r4-r10, pc}	@ return
-
-.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
-#endif
diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl
deleted file mode 100644
index f3d96d9325..0000000000
--- a/crypto/aes/asm/bsaes-armv7.pl
+++ /dev/null
@@ -1,2467 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-#
-# Specific modes and adaptation for Linux kernel by Ard Biesheuvel
-# <ard.biesheuvel@linaro.org>. Permission to use under GPL terms is
-# granted.
-# ====================================================================
-
-# Bit-sliced AES for ARM NEON
-#
-# February 2012.
-#
-# This implementation is direct adaptation of bsaes-x86_64 module for
-# ARM NEON. Except that this module is endian-neutral [in sense that
-# it can be compiled for either endianness] by courtesy of vld1.8's
-# neutrality. Initial version doesn't implement interface to OpenSSL,
-# only low-level primitives and unsupported entry points, just enough
-# to collect performance results, which for Cortex-A8 core are:
-#
-# encrypt	19.5 cycles per byte processed with 128-bit key
-# decrypt	22.1 cycles per byte processed with 128-bit key
-# key conv.	440  cycles per 128-bit key/0.18 of 8x block
-#
-# Snapdragon S4 encrypts byte in 17.6 cycles and decrypts in 19.7,
-# which is [much] worse than anticipated (for further details see
-# http://www.openssl.org/~appro/Snapdragon-S4.html).
-#
-# Cortex-A15 manages in 14.2/16.1 cycles [when integer-only code
-# manages in 20.0 cycles].
-#
-# When comparing to x86_64 results keep in mind that NEON unit is
-# [mostly] single-issue and thus can't [fully] benefit from
-# instruction-level parallelism. And when comparing to aes-armv4
-# results keep in mind key schedule conversion overhead (see
-# bsaes-x86_64.pl for further details)...
-#
-#						<appro@openssl.org>
-
-# April-August 2013
-#
-# Add CBC, CTR and XTS subroutines, adapt for kernel use.
-#
-#					<ard.biesheuvel@linaro.org>
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-my ($inp,$out,$len,$key)=("r0","r1","r2","r3");
-my @XMM=map("q$_",(0..15));
-
-{
-my ($key,$rounds,$const)=("r4","r5","r6");
-
-sub Dlo()   { shift=~m|q([1]?[0-9])|?"d".($1*2):"";     }
-sub Dhi()   { shift=~m|q([1]?[0-9])|?"d".($1*2+1):"";   }
-
-sub Sbox {
-# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb
-my @b=@_[0..7];
-my @t=@_[8..11];
-my @s=@_[12..15];
-	&InBasisChange	(@b);
-	&Inv_GF256	(@b[6,5,0,3,7,1,4,2],@t,@s);
-	&OutBasisChange	(@b[7,1,4,2,6,5,0,3]);
-}
-
-sub InBasisChange {
-# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb 
-my @b=@_[0..7];
-$code.=<<___;
-	veor	@b[2], @b[2], @b[1]
-	veor	@b[5], @b[5], @b[6]
-	veor	@b[3], @b[3], @b[0]
-	veor	@b[6], @b[6], @b[2]
-	veor	@b[5], @b[5], @b[0]
-
-	veor	@b[6], @b[6], @b[3]
-	veor	@b[3], @b[3], @b[7]
-	veor	@b[7], @b[7], @b[5]
-	veor	@b[3], @b[3], @b[4]
-	veor	@b[4], @b[4], @b[5]
-
-	veor	@b[2], @b[2], @b[7]
-	veor	@b[3], @b[3], @b[1]
-	veor	@b[1], @b[1], @b[5]
-___
-}
-
-sub OutBasisChange {
-# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb
-my @b=@_[0..7];
-$code.=<<___;
-	veor	@b[0], @b[0], @b[6]
-	veor	@b[1], @b[1], @b[4]
-	veor	@b[4], @b[4], @b[6]
-	veor	@b[2], @b[2], @b[0]
-	veor	@b[6], @b[6], @b[1]
-
-	veor	@b[1], @b[1], @b[5]
-	veor	@b[5], @b[5], @b[3]
-	veor	@b[3], @b[3], @b[7]
-	veor	@b[7], @b[7], @b[5]
-	veor	@b[2], @b[2], @b[5]
-
-	veor	@b[4], @b[4], @b[7]
-___
-}
-
-sub InvSbox {
-# input in lsb 	> [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-# output in lsb	> [b0, b1, b6, b4, b2, b7, b3, b5] < msb
-my @b=@_[0..7];
-my @t=@_[8..11];
-my @s=@_[12..15];
-	&InvInBasisChange	(@b);
-	&Inv_GF256		(@b[5,1,2,6,3,7,0,4],@t,@s);
-	&InvOutBasisChange	(@b[3,7,0,4,5,1,2,6]);
-}
-
-sub InvInBasisChange {		# OutBasisChange in reverse (with twist)
-my @b=@_[5,1,2,6,3,7,0,4];
-$code.=<<___
-	 veor	@b[1], @b[1], @b[7]
-	veor	@b[4], @b[4], @b[7]
-
-	veor	@b[7], @b[7], @b[5]
-	 veor	@b[1], @b[1], @b[3]
-	veor	@b[2], @b[2], @b[5]
-	veor	@b[3], @b[3], @b[7]
-
-	veor	@b[6], @b[6], @b[1]
-	veor	@b[2], @b[2], @b[0]
-	 veor	@b[5], @b[5], @b[3]
-	veor	@b[4], @b[4], @b[6]
-	veor	@b[0], @b[0], @b[6]
-	veor	@b[1], @b[1], @b[4]
-___
-}
-
-sub InvOutBasisChange {		# InBasisChange in reverse
-my @b=@_[2,5,7,3,6,1,0,4];
-$code.=<<___;
-	veor	@b[1], @b[1], @b[5]
-	veor	@b[2], @b[2], @b[7]
-
-	veor	@b[3], @b[3], @b[1]
-	veor	@b[4], @b[4], @b[5]
-	veor	@b[7], @b[7], @b[5]
-	veor	@b[3], @b[3], @b[4]
-	 veor 	@b[5], @b[5], @b[0]
-	veor	@b[3], @b[3], @b[7]
-	 veor	@b[6], @b[6], @b[2]
-	 veor	@b[2], @b[2], @b[1]
-	veor	@b[6], @b[6], @b[3]
-
-	veor	@b[3], @b[3], @b[0]
-	veor	@b[5], @b[5], @b[6]
-___
-}
-
-sub Mul_GF4 {
-#;*************************************************************
-#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) *
-#;*************************************************************
-my ($x0,$x1,$y0,$y1,$t0,$t1)=@_;
-$code.=<<___;
-	veor 	$t0, $y0, $y1
-	vand	$t0, $t0, $x0
-	veor	$x0, $x0, $x1
-	vand	$t1, $x1, $y0
-	vand	$x0, $x0, $y1
-	veor	$x1, $t1, $t0
-	veor	$x0, $x0, $t1
-___
-}
-
-sub Mul_GF4_N {				# not used, see next subroutine
-# multiply and scale by N
-my ($x0,$x1,$y0,$y1,$t0)=@_;
-$code.=<<___;
-	veor	$t0, $y0, $y1
-	vand	$t0, $t0, $x0
-	veor	$x0, $x0, $x1
-	vand	$x1, $x1, $y0
-	vand	$x0, $x0, $y1
-	veor	$x1, $x1, $x0
-	veor	$x0, $x0, $t0
-___
-}
-
-sub Mul_GF4_N_GF4 {
-# interleaved Mul_GF4_N and Mul_GF4
-my ($x0,$x1,$y0,$y1,$t0,
-    $x2,$x3,$y2,$y3,$t1)=@_;
-$code.=<<___;
-	veor	$t0, $y0, $y1
-	 veor 	$t1, $y2, $y3
-	vand	$t0, $t0, $x0
-	 vand	$t1, $t1, $x2
-	veor	$x0, $x0, $x1
-	 veor	$x2, $x2, $x3
-	vand	$x1, $x1, $y0
-	 vand	$x3, $x3, $y2
-	vand	$x0, $x0, $y1
-	 vand	$x2, $x2, $y3
-	veor	$x1, $x1, $x0
-	 veor	$x2, $x2, $x3
-	veor	$x0, $x0, $t0
-	 veor	$x3, $x3, $t1
-___
-}
-sub Mul_GF16_2 {
-my @x=@_[0..7];
-my @y=@_[8..11];
-my @t=@_[12..15];
-$code.=<<___;
-	veor	@t[0], @x[0], @x[2]
-	veor	@t[1], @x[1], @x[3]
-___
-	&Mul_GF4  	(@x[0], @x[1], @y[0], @y[1], @t[2..3]);
-$code.=<<___;
-	veor	@y[0], @y[0], @y[2]
-	veor	@y[1], @y[1], @y[3]
-___
-	Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
-			 @x[2], @x[3], @y[2], @y[3], @t[2]);
-$code.=<<___;
-	veor	@x[0], @x[0], @t[0]
-	veor	@x[2], @x[2], @t[0]
-	veor	@x[1], @x[1], @t[1]
-	veor	@x[3], @x[3], @t[1]
-
-	veor	@t[0], @x[4], @x[6]
-	veor	@t[1], @x[5], @x[7]
-___
-	&Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
-			 @x[6], @x[7], @y[2], @y[3], @t[2]);
-$code.=<<___;
-	veor	@y[0], @y[0], @y[2]
-	veor	@y[1], @y[1], @y[3]
-___
-	&Mul_GF4  	(@x[4], @x[5], @y[0], @y[1], @t[2..3]);
-$code.=<<___;
-	veor	@x[4], @x[4], @t[0]
-	veor	@x[6], @x[6], @t[0]
-	veor	@x[5], @x[5], @t[1]
-	veor	@x[7], @x[7], @t[1]
-___
-}
-sub Inv_GF256 {
-#;********************************************************************
-#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144)       *
-#;********************************************************************
-my @x=@_[0..7];
-my @t=@_[8..11];
-my @s=@_[12..15];
-# direct optimizations from hardware
-$code.=<<___;
-	veor	@t[3], @x[4], @x[6]
-	veor	@t[2], @x[5], @x[7]
-	veor	@t[1], @x[1], @x[3]
-	veor	@s[1], @x[7], @x[6]
-	 vmov	@t[0], @t[2]
-	veor	@s[0], @x[0], @x[2]
-
-	vorr	@t[2], @t[2], @t[1]
-	veor	@s[3], @t[3], @t[0]
-	vand	@s[2], @t[3], @s[0]
-	vorr	@t[3], @t[3], @s[0]
-	veor	@s[0], @s[0], @t[1]
-	vand	@t[0], @t[0], @t[1]
-	veor	@t[1], @x[3], @x[2]
-	vand	@s[3], @s[3], @s[0]
-	vand	@s[1], @s[1], @t[1]
-	veor	@t[1], @x[4], @x[5]
-	veor	@s[0], @x[1], @x[0]
-	veor	@t[3], @t[3], @s[1]
-	veor	@t[2], @t[2], @s[1]
-	vand	@s[1], @t[1], @s[0]
-	vorr	@t[1], @t[1], @s[0]
-	veor	@t[3], @t[3], @s[3]
-	veor	@t[0], @t[0], @s[1]
-	veor	@t[2], @t[2], @s[2]
-	veor	@t[1], @t[1], @s[3]
-	veor	@t[0], @t[0], @s[2]
-	vand	@s[0], @x[7], @x[3]
-	veor	@t[1], @t[1], @s[2]
-	vand	@s[1], @x[6], @x[2]
-	vand	@s[2], @x[5], @x[1]
-	vorr	@s[3], @x[4], @x[0]
-	veor	@t[3], @t[3], @s[0]
-	veor	@t[1], @t[1], @s[2]
-	veor	@t[0], @t[0], @s[3]
-	veor	@t[2], @t[2], @s[1]
-
-	@ Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3
-
-	@ new smaller inversion
-
-	vand	@s[2], @t[3], @t[1]
-	vmov	@s[0], @t[0]
-
-	veor	@s[1], @t[2], @s[2]
-	veor	@s[3], @t[0], @s[2]
-	veor	@s[2], @t[0], @s[2]	@ @s[2]=@s[3]
-
-	vbsl	@s[1], @t[1], @t[0]
-	vbsl	@s[3], @t[3], @t[2]
-	veor	@t[3], @t[3], @t[2]
-
-	vbsl	@s[0], @s[1], @s[2]
-	vbsl	@t[0], @s[2], @s[1]
-
-	vand	@s[2], @s[0], @s[3]
-	veor	@t[1], @t[1], @t[0]
-
-	veor	@s[2], @s[2], @t[3]
-___
-# output in s3, s2, s1, t1
-
-# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3
-
-# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3
-	&Mul_GF16_2(@x,@s[3,2,1],@t[1],@s[0],@t[0,2,3]);
-
-### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb
-}
-
-# AES linear components
-
-sub ShiftRows {
-my @x=@_[0..7];
-my @t=@_[8..11];
-my $mask=pop;
-$code.=<<___;
-	vldmia	$key!, {@t[0]-@t[3]}
-	veor	@t[0], @t[0], @x[0]
-	veor	@t[1], @t[1], @x[1]
-	vtbl.8	`&Dlo(@x[0])`, {@t[0]}, `&Dlo($mask)`
-	vtbl.8	`&Dhi(@x[0])`, {@t[0]}, `&Dhi($mask)`
-	vldmia	$key!, {@t[0]}
-	veor	@t[2], @t[2], @x[2]
-	vtbl.8	`&Dlo(@x[1])`, {@t[1]}, `&Dlo($mask)`
-	vtbl.8	`&Dhi(@x[1])`, {@t[1]}, `&Dhi($mask)`
-	vldmia	$key!, {@t[1]}
-	veor	@t[3], @t[3], @x[3]
-	vtbl.8	`&Dlo(@x[2])`, {@t[2]}, `&Dlo($mask)`
-	vtbl.8	`&Dhi(@x[2])`, {@t[2]}, `&Dhi($mask)`
-	vldmia	$key!, {@t[2]}
-	vtbl.8	`&Dlo(@x[3])`, {@t[3]}, `&Dlo($mask)`
-	vtbl.8	`&Dhi(@x[3])`, {@t[3]}, `&Dhi($mask)`
-	vldmia	$key!, {@t[3]}
-	veor	@t[0], @t[0], @x[4]
-	veor	@t[1], @t[1], @x[5]
-	vtbl.8	`&Dlo(@x[4])`, {@t[0]}, `&Dlo($mask)`
-	vtbl.8	`&Dhi(@x[4])`, {@t[0]}, `&Dhi($mask)`
-	veor	@t[2], @t[2], @x[6]
-	vtbl.8	`&Dlo(@x[5])`, {@t[1]}, `&Dlo($mask)`
-	vtbl.8	`&Dhi(@x[5])`, {@t[1]}, `&Dhi($mask)`
-	veor	@t[3], @t[3], @x[7]
-	vtbl.8	`&Dlo(@x[6])`, {@t[2]}, `&Dlo($mask)`
-	vtbl.8	`&Dhi(@x[6])`, {@t[2]}, `&Dhi($mask)`
-	vtbl.8	`&Dlo(@x[7])`, {@t[3]}, `&Dlo($mask)`
-	vtbl.8	`&Dhi(@x[7])`, {@t[3]}, `&Dhi($mask)`
-___
-}
-
-sub MixColumns {
-# modified to emit output in order suitable for feeding back to aesenc[last]
-my @x=@_[0..7];
-my @t=@_[8..15];
-my $inv=@_[16];	# optional
-$code.=<<___;
-	vext.8	@t[0], @x[0], @x[0], #12	@ x0 <<< 32
-	vext.8	@t[1], @x[1], @x[1], #12
-	 veor	@x[0], @x[0], @t[0]		@ x0 ^ (x0 <<< 32)
-	vext.8	@t[2], @x[2], @x[2], #12
-	 veor	@x[1], @x[1], @t[1]
-	vext.8	@t[3], @x[3], @x[3], #12
-	 veor	@x[2], @x[2], @t[2]
-	vext.8	@t[4], @x[4], @x[4], #12
-	 veor	@x[3], @x[3], @t[3]
-	vext.8	@t[5], @x[5], @x[5], #12
-	 veor	@x[4], @x[4], @t[4]
-	vext.8	@t[6], @x[6], @x[6], #12
-	 veor	@x[5], @x[5], @t[5]
-	vext.8	@t[7], @x[7], @x[7], #12
-	 veor	@x[6], @x[6], @t[6]
-
-	veor	@t[1], @t[1], @x[0]
-	 veor	@x[7], @x[7], @t[7]
-	 vext.8	@x[0], @x[0], @x[0], #8		@ (x0 ^ (x0 <<< 32)) <<< 64)
-	veor	@t[2], @t[2], @x[1]
-	veor	@t[0], @t[0], @x[7]
-	veor	@t[1], @t[1], @x[7]
-	 vext.8	@x[1], @x[1], @x[1], #8
-	veor	@t[5], @t[5], @x[4]
-	 veor	@x[0], @x[0], @t[0]
-	veor	@t[6], @t[6], @x[5]
-	 veor	@x[1], @x[1], @t[1]
-	 vext.8	@t[0], @x[4], @x[4], #8
-	veor	@t[4], @t[4], @x[3]
-	 vext.8	@t[1], @x[5], @x[5], #8
-	veor	@t[7], @t[7], @x[6]
-	 vext.8	@x[4], @x[3], @x[3], #8
-	veor	@t[3], @t[3], @x[2]
-	 vext.8	@x[5], @x[7], @x[7], #8
-	veor	@t[4], @t[4], @x[7]
-	 vext.8	@x[3], @x[6], @x[6], #8
-	veor	@t[3], @t[3], @x[7]
-	 vext.8	@x[6], @x[2], @x[2], #8
-	veor	@x[7], @t[1], @t[5]
-___
-$code.=<<___ if (!$inv);
-	veor	@x[2], @t[0], @t[4]
-	veor	@x[4], @x[4], @t[3]
-	veor	@x[5], @x[5], @t[7]
-	veor	@x[3], @x[3], @t[6]
-	 @ vmov	@x[2], @t[0]
-	veor	@x[6], @x[6], @t[2]
-	 @ vmov	@x[7], @t[1]
-___
-$code.=<<___ if ($inv);
-	veor	@t[3], @t[3], @x[4]
-	veor	@x[5], @x[5], @t[7]
-	veor	@x[2], @x[3], @t[6]
-	veor	@x[3], @t[0], @t[4]
-	veor	@x[4], @x[6], @t[2]
-	vmov	@x[6], @t[3]
-	 @ vmov	@x[7], @t[1]
-___
-}
-
-sub InvMixColumns_orig {
-my @x=@_[0..7];
-my @t=@_[8..15];
-
-$code.=<<___;
-	@ multiplication by 0x0e
-	vext.8	@t[7], @x[7], @x[7], #12
-	vmov	@t[2], @x[2]
-	veor	@x[2], @x[2], @x[5]		@ 2 5
-	veor	@x[7], @x[7], @x[5]		@ 7 5
-	vext.8	@t[0], @x[0], @x[0], #12
-	vmov	@t[5], @x[5]
-	veor	@x[5], @x[5], @x[0]		@ 5 0		[1]
-	veor	@x[0], @x[0], @x[1]		@ 0 1
-	vext.8	@t[1], @x[1], @x[1], #12
-	veor	@x[1], @x[1], @x[2]		@ 1 25
-	veor	@x[0], @x[0], @x[6]		@ 01 6		[2]
-	vext.8	@t[3], @x[3], @x[3], #12
-	veor	@x[1], @x[1], @x[3]		@ 125 3		[4]
-	veor	@x[2], @x[2], @x[0]		@ 25 016	[3]
-	veor	@x[3], @x[3], @x[7]		@ 3 75
-	veor	@x[7], @x[7], @x[6]		@ 75 6		[0]
-	vext.8	@t[6], @x[6], @x[6], #12
-	vmov	@t[4], @x[4]
-	veor	@x[6], @x[6], @x[4]		@ 6 4
-	veor	@x[4], @x[4], @x[3]		@ 4 375		[6]
-	veor	@x[3], @x[3], @x[7]		@ 375 756=36
-	veor	@x[6], @x[6], @t[5]		@ 64 5		[7]
-	veor	@x[3], @x[3], @t[2]		@ 36 2
-	vext.8	@t[5], @t[5], @t[5], #12
-	veor	@x[3], @x[3], @t[4]		@ 362 4		[5]
-___
-					my @y = @x[7,5,0,2,1,3,4,6];
-$code.=<<___;
-	@ multiplication by 0x0b
-	veor	@y[1], @y[1], @y[0]
-	veor	@y[0], @y[0], @t[0]
-	vext.8	@t[2], @t[2], @t[2], #12
-	veor	@y[1], @y[1], @t[1]
-	veor	@y[0], @y[0], @t[5]
-	vext.8	@t[4], @t[4], @t[4], #12
-	veor	@y[1], @y[1], @t[6]
-	veor	@y[0], @y[0], @t[7]
-	veor	@t[7], @t[7], @t[6]		@ clobber t[7]
-
-	veor	@y[3], @y[3], @t[0]
-	 veor	@y[1], @y[1], @y[0]
-	vext.8	@t[0], @t[0], @t[0], #12
-	veor	@y[2], @y[2], @t[1]
-	veor	@y[4], @y[4], @t[1]
-	vext.8	@t[1], @t[1], @t[1], #12
-	veor	@y[2], @y[2], @t[2]
-	veor	@y[3], @y[3], @t[2]
-	veor	@y[5], @y[5], @t[2]
-	veor	@y[2], @y[2], @t[7]
-	vext.8	@t[2], @t[2], @t[2], #12
-	veor	@y[3], @y[3], @t[3]
-	veor	@y[6], @y[6], @t[3]
-	veor	@y[4], @y[4], @t[3]
-	veor	@y[7], @y[7], @t[4]
-	vext.8	@t[3], @t[3], @t[3], #12
-	veor	@y[5], @y[5], @t[4]
-	veor	@y[7], @y[7], @t[7]
-	veor	@t[7], @t[7], @t[5]		@ clobber t[7] even more
-	veor	@y[3], @y[3], @t[5]
-	veor	@y[4], @y[4], @t[4]
-
-	veor	@y[5], @y[5], @t[7]
-	vext.8	@t[4], @t[4], @t[4], #12
-	veor	@y[6], @y[6], @t[7]
-	veor	@y[4], @y[4], @t[7]
-
-	veor	@t[7], @t[7], @t[5]
-	vext.8	@t[5], @t[5], @t[5], #12
-
-	@ multiplication by 0x0d
-	veor	@y[4], @y[4], @y[7]
-	 veor	@t[7], @t[7], @t[6]		@ restore t[7]
-	veor	@y[7], @y[7], @t[4]
-	vext.8	@t[6], @t[6], @t[6], #12
-	veor	@y[2], @y[2], @t[0]
-	veor	@y[7], @y[7], @t[5]
-	vext.8	@t[7], @t[7], @t[7], #12
-	veor	@y[2], @y[2], @t[2]
-
-	veor	@y[3], @y[3], @y[1]
-	veor	@y[1], @y[1], @t[1]
-	veor	@y[0], @y[0], @t[0]
-	veor	@y[3], @y[3], @t[0]
-	veor	@y[1], @y[1], @t[5]
-	veor	@y[0], @y[0], @t[5]
-	vext.8	@t[0], @t[0], @t[0], #12
-	veor	@y[1], @y[1], @t[7]
-	veor	@y[0], @y[0], @t[6]
-	veor	@y[3], @y[3], @y[1]
-	veor	@y[4], @y[4], @t[1]
-	vext.8	@t[1], @t[1], @t[1], #12
-
-	veor	@y[7], @y[7], @t[7]
-	veor	@y[4], @y[4], @t[2]
-	veor	@y[5], @y[5], @t[2]
-	veor	@y[2], @y[2], @t[6]
-	veor	@t[6], @t[6], @t[3]		@ clobber t[6]
-	vext.8	@t[2], @t[2], @t[2], #12
-	veor	@y[4], @y[4], @y[7]
-	veor	@y[3], @y[3], @t[6]
-
-	veor	@y[6], @y[6], @t[6]
-	veor	@y[5], @y[5], @t[5]
-	vext.8	@t[5], @t[5], @t[5], #12
-	veor	@y[6], @y[6], @t[4]
-	vext.8	@t[4], @t[4], @t[4], #12
-	veor	@y[5], @y[5], @t[6]
-	veor	@y[6], @y[6], @t[7]
-	vext.8	@t[7], @t[7], @t[7], #12
-	veor	@t[6], @t[6], @t[3]		@ restore t[6]
-	vext.8	@t[3], @t[3], @t[3], #12
-
-	@ multiplication by 0x09
-	veor	@y[4], @y[4], @y[1]
-	veor	@t[1], @t[1], @y[1]		@ t[1]=y[1]
-	veor	@t[0], @t[0], @t[5]		@ clobber t[0]
-	vext.8	@t[6], @t[6], @t[6], #12
-	veor	@t[1], @t[1], @t[5]
-	veor	@y[3], @y[3], @t[0]
-	veor	@t[0], @t[0], @y[0]		@ t[0]=y[0]
-	veor	@t[1], @t[1], @t[6]
-	veor	@t[6], @t[6], @t[7]		@ clobber t[6]
-	veor	@y[4], @y[4], @t[1]
-	veor	@y[7], @y[7], @t[4]
-	veor	@y[6], @y[6], @t[3]
-	veor	@y[5], @y[5], @t[2]
-	veor	@t[4], @t[4], @y[4]		@ t[4]=y[4]
-	veor	@t[3], @t[3], @y[3]		@ t[3]=y[3]
-	veor	@t[5], @t[5], @y[5]		@ t[5]=y[5]
-	veor	@t[2], @t[2], @y[2]		@ t[2]=y[2]
-	veor	@t[3], @t[3], @t[7]
-	veor	@XMM[5], @t[5], @t[6]
-	veor	@XMM[6], @t[6], @y[6]		@ t[6]=y[6]
-	veor	@XMM[2], @t[2], @t[6]
-	veor	@XMM[7], @t[7], @y[7]		@ t[7]=y[7]
-
-	vmov	@XMM[0], @t[0]
-	vmov	@XMM[1], @t[1]
-	@ vmov	@XMM[2], @t[2]
-	vmov	@XMM[3], @t[3]
-	vmov	@XMM[4], @t[4]
-	@ vmov	@XMM[5], @t[5]
-	@ vmov	@XMM[6], @t[6]
-	@ vmov	@XMM[7], @t[7]
-___
-}
-
-sub InvMixColumns {
-my @x=@_[0..7];
-my @t=@_[8..15];
-
-# Thanks to Jussi Kivilinna for providing pointer to
-#
-# | 0e 0b 0d 09 |   | 02 03 01 01 |   | 05 00 04 00 |
-# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 |
-# | 0d 09 0e 0b |   | 01 01 02 03 |   | 04 00 05 00 |
-# | 0b 0d 09 0e |   | 03 01 01 02 |   | 00 04 00 05 |
-
-$code.=<<___;
-	@ multiplication by 0x05-0x00-0x04-0x00
-	vext.8	@t[0], @x[0], @x[0], #8
-	vext.8	@t[6], @x[6], @x[6], #8
-	vext.8	@t[7], @x[7], @x[7], #8
-	veor	@t[0], @t[0], @x[0]
-	vext.8	@t[1], @x[1], @x[1], #8
-	veor	@t[6], @t[6], @x[6]
-	vext.8	@t[2], @x[2], @x[2], #8
-	veor	@t[7], @t[7], @x[7]
-	vext.8	@t[3], @x[3], @x[3], #8
-	veor	@t[1], @t[1], @x[1]
-	vext.8	@t[4], @x[4], @x[4], #8
-	veor	@t[2], @t[2], @x[2]
-	vext.8	@t[5], @x[5], @x[5], #8
-	veor	@t[3], @t[3], @x[3]
-	veor	@t[4], @t[4], @x[4]
-	veor	@t[5], @t[5], @x[5]
-
-	 veor	@x[0], @x[0], @t[6]
-	 veor	@x[1], @x[1], @t[6]
-	 veor	@x[2], @x[2], @t[0]
-	 veor	@x[4], @x[4], @t[2]
-	 veor	@x[3], @x[3], @t[1]
-	 veor	@x[1], @x[1], @t[7]
-	 veor	@x[2], @x[2], @t[7]
-	 veor	@x[4], @x[4], @t[6]
-	 veor	@x[5], @x[5], @t[3]
-	 veor	@x[3], @x[3], @t[6]
-	 veor	@x[6], @x[6], @t[4]
-	 veor	@x[4], @x[4], @t[7]
-	 veor	@x[5], @x[5], @t[7]
-	 veor	@x[7], @x[7], @t[5]
-___
-	&MixColumns	(@x,@t,1);	# flipped 2<->3 and 4<->6
-}
-
-sub swapmove {
-my ($a,$b,$n,$mask,$t)=@_;
-$code.=<<___;
-	vshr.u64	$t, $b, #$n
-	veor		$t, $t, $a
-	vand		$t, $t, $mask
-	veor		$a, $a, $t
-	vshl.u64	$t, $t, #$n
-	veor		$b, $b, $t
-___
-}
-sub swapmove2x {
-my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_;
-$code.=<<___;
-	vshr.u64	$t0, $b0, #$n
-	 vshr.u64	$t1, $b1, #$n
-	veor		$t0, $t0, $a0
-	 veor		$t1, $t1, $a1
-	vand		$t0, $t0, $mask
-	 vand		$t1, $t1, $mask
-	veor		$a0, $a0, $t0
-	vshl.u64	$t0, $t0, #$n
-	 veor		$a1, $a1, $t1
-	 vshl.u64	$t1, $t1, #$n
-	veor		$b0, $b0, $t0
-	 veor		$b1, $b1, $t1
-___
-}
-
-sub bitslice {
-my @x=reverse(@_[0..7]);
-my ($t0,$t1,$t2,$t3)=@_[8..11];
-$code.=<<___;
-	vmov.i8	$t0,#0x55			@ compose .LBS0
-	vmov.i8	$t1,#0x33			@ compose .LBS1
-___
-	&swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3);
-	&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
-$code.=<<___;
-	vmov.i8	$t0,#0x0f			@ compose .LBS2
-___
-	&swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3);
-	&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
-
-	&swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3);
-	&swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3);
-}
-
-$code.=<<___;
-#ifndef __KERNEL__
-# include "arm_arch.h"
-
-# define VFP_ABI_PUSH	vstmdb	sp!,{d8-d15}
-# define VFP_ABI_POP	vldmia	sp!,{d8-d15}
-# define VFP_ABI_FRAME	0x40
-#else
-# define VFP_ABI_PUSH
-# define VFP_ABI_POP
-# define VFP_ABI_FRAME	0
-# define BSAES_ASM_EXTENDED_KEY
-# define XTS_CHAIN_TWEAK
-# define __ARM_ARCH__ __LINUX_ARM_ARCH__
-#endif
-
-#ifdef __thumb__
-# define adrl adr
-#endif
-
-#if __ARM_ARCH__>=7
-.text
-.syntax	unified 	@ ARMv7-capable assembler is expected to handle this
-#ifdef __thumb2__
-.thumb
-#else
-.code   32
-#endif
-
-.fpu	neon
-
-.type	_bsaes_decrypt8,%function
-.align	4
-_bsaes_decrypt8:
-	adr	$const,_bsaes_decrypt8
-	vldmia	$key!, {@XMM[9]}		@ round 0 key
-	add	$const,$const,#.LM0ISR-_bsaes_decrypt8
-
-	vldmia	$const!, {@XMM[8]}		@ .LM0ISR
-	veor	@XMM[10], @XMM[0], @XMM[9]	@ xor with round0 key
-	veor	@XMM[11], @XMM[1], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[0])`, {@XMM[10]}, `&Dhi(@XMM[8])`
-	veor	@XMM[12], @XMM[2], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[1])`, {@XMM[11]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[1])`, {@XMM[11]}, `&Dhi(@XMM[8])`
-	veor	@XMM[13], @XMM[3], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[2])`, {@XMM[12]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[2])`, {@XMM[12]}, `&Dhi(@XMM[8])`
-	veor	@XMM[14], @XMM[4], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[3])`, {@XMM[13]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[3])`, {@XMM[13]}, `&Dhi(@XMM[8])`
-	veor	@XMM[15], @XMM[5], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[4])`, {@XMM[14]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[4])`, {@XMM[14]}, `&Dhi(@XMM[8])`
-	veor	@XMM[10], @XMM[6], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[5])`, {@XMM[15]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[5])`, {@XMM[15]}, `&Dhi(@XMM[8])`
-	veor	@XMM[11], @XMM[7], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[6])`, {@XMM[10]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[6])`, {@XMM[10]}, `&Dhi(@XMM[8])`
-	 vtbl.8	`&Dlo(@XMM[7])`, {@XMM[11]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[7])`, {@XMM[11]}, `&Dhi(@XMM[8])`
-___
-	&bitslice	(@XMM[0..7, 8..11]);
-$code.=<<___;
-	sub	$rounds,$rounds,#1
-	b	.Ldec_sbox
-.align	4
-.Ldec_loop:
-___
-	&ShiftRows	(@XMM[0..7, 8..12]);
-$code.=".Ldec_sbox:\n";
-	&InvSbox	(@XMM[0..7, 8..15]);
-$code.=<<___;
-	subs	$rounds,$rounds,#1
-	bcc	.Ldec_done
-___
-	&InvMixColumns	(@XMM[0,1,6,4,2,7,3,5, 8..15]);
-$code.=<<___;
-	vldmia	$const, {@XMM[12]}		@ .LISR
-	ite	eq				@ Thumb2 thing, sanity check in ARM
-	addeq	$const,$const,#0x10
-	bne	.Ldec_loop
-	vldmia	$const, {@XMM[12]}		@ .LISRM0
-	b	.Ldec_loop
-.align	4
-.Ldec_done:
-___
-	&bitslice	(@XMM[0,1,6,4,2,7,3,5, 8..11]);
-$code.=<<___;
-	vldmia	$key, {@XMM[8]}			@ last round key
-	veor	@XMM[6], @XMM[6], @XMM[8]
-	veor	@XMM[4], @XMM[4], @XMM[8]
-	veor	@XMM[2], @XMM[2], @XMM[8]
-	veor	@XMM[7], @XMM[7], @XMM[8]
-	veor	@XMM[3], @XMM[3], @XMM[8]
-	veor	@XMM[5], @XMM[5], @XMM[8]
-	veor	@XMM[0], @XMM[0], @XMM[8]
-	veor	@XMM[1], @XMM[1], @XMM[8]
-	bx	lr
-.size	_bsaes_decrypt8,.-_bsaes_decrypt8
-
-.type	_bsaes_const,%object
-.align	6
-_bsaes_const:
-.LM0ISR:	@ InvShiftRows constants
-	.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
-.LISR:
-	.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
-.LISRM0:
-	.quad	0x01040b0e0205080f, 0x0306090c00070a0d
-.LM0SR:		@ ShiftRows constants
-	.quad	0x0a0e02060f03070b, 0x0004080c05090d01
-.LSR:
-	.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
-.LSRM0:
-	.quad	0x0304090e00050a0f, 0x01060b0c0207080d
-.LM0:
-	.quad	0x02060a0e03070b0f, 0x0004080c0105090d
-.LREVM0SR:
-	.quad	0x090d01050c000408, 0x03070b0f060a0e02
-.asciz	"Bit-sliced AES for NEON, CRYPTOGAMS by <appro\@openssl.org>"
-.align	6
-.size	_bsaes_const,.-_bsaes_const
-
-.type	_bsaes_encrypt8,%function
-.align	4
-_bsaes_encrypt8:
-	adr	$const,_bsaes_encrypt8
-	vldmia	$key!, {@XMM[9]}		@ round 0 key
-	sub	$const,$const,#_bsaes_encrypt8-.LM0SR
-
-	vldmia	$const!, {@XMM[8]}		@ .LM0SR
-_bsaes_encrypt8_alt:
-	veor	@XMM[10], @XMM[0], @XMM[9]	@ xor with round0 key
-	veor	@XMM[11], @XMM[1], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[0])`, {@XMM[10]}, `&Dhi(@XMM[8])`
-	veor	@XMM[12], @XMM[2], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[1])`, {@XMM[11]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[1])`, {@XMM[11]}, `&Dhi(@XMM[8])`
-	veor	@XMM[13], @XMM[3], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[2])`, {@XMM[12]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[2])`, {@XMM[12]}, `&Dhi(@XMM[8])`
-	veor	@XMM[14], @XMM[4], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[3])`, {@XMM[13]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[3])`, {@XMM[13]}, `&Dhi(@XMM[8])`
-	veor	@XMM[15], @XMM[5], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[4])`, {@XMM[14]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[4])`, {@XMM[14]}, `&Dhi(@XMM[8])`
-	veor	@XMM[10], @XMM[6], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[5])`, {@XMM[15]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[5])`, {@XMM[15]}, `&Dhi(@XMM[8])`
-	veor	@XMM[11], @XMM[7], @XMM[9]
-	 vtbl.8	`&Dlo(@XMM[6])`, {@XMM[10]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[6])`, {@XMM[10]}, `&Dhi(@XMM[8])`
-	 vtbl.8	`&Dlo(@XMM[7])`, {@XMM[11]}, `&Dlo(@XMM[8])`
-	 vtbl.8	`&Dhi(@XMM[7])`, {@XMM[11]}, `&Dhi(@XMM[8])`
-_bsaes_encrypt8_bitslice:
-___
-	&bitslice	(@XMM[0..7, 8..11]);
-$code.=<<___;
-	sub	$rounds,$rounds,#1
-	b	.Lenc_sbox
-.align	4
-.Lenc_loop:
-___
-	&ShiftRows	(@XMM[0..7, 8..12]);
-$code.=".Lenc_sbox:\n";
-	&Sbox		(@XMM[0..7, 8..15]);
-$code.=<<___;
-	subs	$rounds,$rounds,#1
-	bcc	.Lenc_done
-___
-	&MixColumns	(@XMM[0,1,4,6,3,7,2,5, 8..15]);
-$code.=<<___;
-	vldmia	$const, {@XMM[12]}		@ .LSR
-	ite	eq				@ Thumb2 thing, samity check in ARM
-	addeq	$const,$const,#0x10
-	bne	.Lenc_loop
-	vldmia	$const, {@XMM[12]}		@ .LSRM0
-	b	.Lenc_loop
-.align	4
-.Lenc_done:
-___
-	# output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb
-	&bitslice	(@XMM[0,1,4,6,3,7,2,5, 8..11]);
-$code.=<<___;
-	vldmia	$key, {@XMM[8]}			@ last round key
-	veor	@XMM[4], @XMM[4], @XMM[8]
-	veor	@XMM[6], @XMM[6], @XMM[8]
-	veor	@XMM[3], @XMM[3], @XMM[8]
-	veor	@XMM[7], @XMM[7], @XMM[8]
-	veor	@XMM[2], @XMM[2], @XMM[8]
-	veor	@XMM[5], @XMM[5], @XMM[8]
-	veor	@XMM[0], @XMM[0], @XMM[8]
-	veor	@XMM[1], @XMM[1], @XMM[8]
-	bx	lr
-.size	_bsaes_encrypt8,.-_bsaes_encrypt8
-___
-}
-{
-my ($out,$inp,$rounds,$const)=("r12","r4","r5","r6");
-
-sub bitslice_key {
-my @x=reverse(@_[0..7]);
-my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12];
-
-	&swapmove	(@x[0,1],1,$bs0,$t2,$t3);
-$code.=<<___;
-	@ &swapmove(@x[2,3],1,$t0,$t2,$t3);
-	vmov	@x[2], @x[0]
-	vmov	@x[3], @x[1]
-___
-	#&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
-
-	&swapmove2x	(@x[0,2,1,3],2,$bs1,$t2,$t3);
-$code.=<<___;
-	@ &swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
-	vmov	@x[4], @x[0]
-	vmov	@x[6], @x[2]
-	vmov	@x[5], @x[1]
-	vmov	@x[7], @x[3]
-___
-	&swapmove2x	(@x[0,4,1,5],4,$bs2,$t2,$t3);
-	&swapmove2x	(@x[2,6,3,7],4,$bs2,$t2,$t3);
-}
-
-$code.=<<___;
-.type	_bsaes_key_convert,%function
-.align	4
-_bsaes_key_convert:
-	adr	$const,_bsaes_key_convert
-	vld1.8	{@XMM[7]},  [$inp]!		@ load round 0 key
-	sub	$const,$const,#_bsaes_key_convert-.LM0
-	vld1.8	{@XMM[15]}, [$inp]!		@ load round 1 key
-
-	vmov.i8	@XMM[8],  #0x01			@ bit masks
-	vmov.i8	@XMM[9],  #0x02
-	vmov.i8	@XMM[10], #0x04
-	vmov.i8	@XMM[11], #0x08
-	vmov.i8	@XMM[12], #0x10
-	vmov.i8	@XMM[13], #0x20
-	vldmia	$const, {@XMM[14]}		@ .LM0
-
-#ifdef __ARMEL__
-	vrev32.8	@XMM[7],  @XMM[7]
-	vrev32.8	@XMM[15], @XMM[15]
-#endif
-	sub	$rounds,$rounds,#1
-	vstmia	$out!, {@XMM[7]}		@ save round 0 key
-	b	.Lkey_loop
-
-.align	4
-.Lkey_loop:
-	vtbl.8	`&Dlo(@XMM[7])`,{@XMM[15]},`&Dlo(@XMM[14])`
-	vtbl.8	`&Dhi(@XMM[7])`,{@XMM[15]},`&Dhi(@XMM[14])`
-	vmov.i8	@XMM[6],  #0x40
-	vmov.i8	@XMM[15], #0x80
-
-	vtst.8	@XMM[0], @XMM[7], @XMM[8]
-	vtst.8	@XMM[1], @XMM[7], @XMM[9]
-	vtst.8	@XMM[2], @XMM[7], @XMM[10]
-	vtst.8	@XMM[3], @XMM[7], @XMM[11]
-	vtst.8	@XMM[4], @XMM[7], @XMM[12]
-	vtst.8	@XMM[5], @XMM[7], @XMM[13]
-	vtst.8	@XMM[6], @XMM[7], @XMM[6]
-	vtst.8	@XMM[7], @XMM[7], @XMM[15]
-	vld1.8	{@XMM[15]}, [$inp]!		@ load next round key
-	vmvn	@XMM[0], @XMM[0]		@ "pnot"
-	vmvn	@XMM[1], @XMM[1]
-	vmvn	@XMM[5], @XMM[5]
-	vmvn	@XMM[6], @XMM[6]
-#ifdef __ARMEL__
-	vrev32.8	@XMM[15], @XMM[15]
-#endif
-	subs	$rounds,$rounds,#1
-	vstmia	$out!,{@XMM[0]-@XMM[7]}		@ write bit-sliced round key
-	bne	.Lkey_loop
-
-	vmov.i8	@XMM[7],#0x63			@ compose .L63
-	@ don't save last round key
-	bx	lr
-.size	_bsaes_key_convert,.-_bsaes_key_convert
-___
-}
-
-if (0) {		# following four functions are unsupported interface
-			# used for benchmarking...
-$code.=<<___;
-.globl	bsaes_enc_key_convert
-.type	bsaes_enc_key_convert,%function
-.align	4
-bsaes_enc_key_convert:
-	stmdb	sp!,{r4-r6,lr}
-	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-
-	ldr	r5,[$inp,#240]			@ pass rounds
-	mov	r4,$inp				@ pass key
-	mov	r12,$out			@ pass key schedule
-	bl	_bsaes_key_convert
-	veor	@XMM[7],@XMM[7],@XMM[15]	@ fix up last round key
-	vstmia	r12, {@XMM[7]}			@ save last round key
-
-	vldmia	sp!,{d8-d15}
-	ldmia	sp!,{r4-r6,pc}
-.size	bsaes_enc_key_convert,.-bsaes_enc_key_convert
-
-.globl	bsaes_encrypt_128
-.type	bsaes_encrypt_128,%function
-.align	4
-bsaes_encrypt_128:
-	stmdb	sp!,{r4-r6,lr}
-	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-.Lenc128_loop:
-	vld1.8	{@XMM[0]-@XMM[1]}, [$inp]!	@ load input
-	vld1.8	{@XMM[2]-@XMM[3]}, [$inp]!
-	mov	r4,$key				@ pass the key
-	vld1.8	{@XMM[4]-@XMM[5]}, [$inp]!
-	mov	r5,#10				@ pass rounds
-	vld1.8	{@XMM[6]-@XMM[7]}, [$inp]!
-
-	bl	_bsaes_encrypt8
-
-	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-	vst1.8	{@XMM[4]}, [$out]!
-	vst1.8	{@XMM[6]}, [$out]!
-	vst1.8	{@XMM[3]}, [$out]!
-	vst1.8	{@XMM[7]}, [$out]!
-	vst1.8	{@XMM[2]}, [$out]!
-	subs	$len,$len,#0x80
-	vst1.8	{@XMM[5]}, [$out]!
-	bhi	.Lenc128_loop
-
-	vldmia	sp!,{d8-d15}
-	ldmia	sp!,{r4-r6,pc}
-.size	bsaes_encrypt_128,.-bsaes_encrypt_128
-
-.globl	bsaes_dec_key_convert
-.type	bsaes_dec_key_convert,%function
-.align	4
-bsaes_dec_key_convert:
-	stmdb	sp!,{r4-r6,lr}
-	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-
-	ldr	r5,[$inp,#240]			@ pass rounds
-	mov	r4,$inp				@ pass key
-	mov	r12,$out			@ pass key schedule
-	bl	_bsaes_key_convert
-	vldmia	$out, {@XMM[6]}
-	vstmia	r12,  {@XMM[15]}		@ save last round key
-	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
-	vstmia	$out, {@XMM[7]}
-
-	vldmia	sp!,{d8-d15}
-	ldmia	sp!,{r4-r6,pc}
-.size	bsaes_dec_key_convert,.-bsaes_dec_key_convert
-
-.globl	bsaes_decrypt_128
-.type	bsaes_decrypt_128,%function
-.align	4
-bsaes_decrypt_128:
-	stmdb	sp!,{r4-r6,lr}
-	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-.Ldec128_loop:
-	vld1.8	{@XMM[0]-@XMM[1]}, [$inp]!	@ load input
-	vld1.8	{@XMM[2]-@XMM[3]}, [$inp]!
-	mov	r4,$key				@ pass the key
-	vld1.8	{@XMM[4]-@XMM[5]}, [$inp]!
-	mov	r5,#10				@ pass rounds
-	vld1.8	{@XMM[6]-@XMM[7]}, [$inp]!
-
-	bl	_bsaes_decrypt8
-
-	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-	vst1.8	{@XMM[6]}, [$out]!
-	vst1.8	{@XMM[4]}, [$out]!
-	vst1.8	{@XMM[2]}, [$out]!
-	vst1.8	{@XMM[7]}, [$out]!
-	vst1.8	{@XMM[3]}, [$out]!
-	subs	$len,$len,#0x80
-	vst1.8	{@XMM[5]}, [$out]!
-	bhi	.Ldec128_loop
-
-	vldmia	sp!,{d8-d15}
-	ldmia	sp!,{r4-r6,pc}
-.size	bsaes_decrypt_128,.-bsaes_decrypt_128
-___
-}
-{
-my ($inp,$out,$len,$key, $ivp,$fp,$rounds)=map("r$_",(0..3,8..10));
-my ($keysched)=("sp");
-
-$code.=<<___;
-.extern AES_cbc_encrypt
-.extern AES_decrypt
-
-.global	bsaes_cbc_encrypt
-.type	bsaes_cbc_encrypt,%function
-.align	5
-bsaes_cbc_encrypt:
-#ifndef	__KERNEL__
-	cmp	$len, #128
-#ifndef	__thumb__
-	blo	AES_cbc_encrypt
-#else
-	bhs	1f
-	b	AES_cbc_encrypt
-1:
-#endif
-#endif
-
-	@ it is up to the caller to make sure we are called with enc == 0
-
-	mov	ip, sp
-	stmdb	sp!, {r4-r10, lr}
-	VFP_ABI_PUSH
-	ldr	$ivp, [ip]			@ IV is 1st arg on the stack
-	mov	$len, $len, lsr#4		@ len in 16 byte blocks
-	sub	sp, #0x10			@ scratch space to carry over the IV
-	mov	$fp, sp				@ save sp
-
-	ldr	$rounds, [$key, #240]		@ get # of rounds
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	@ allocate the key schedule on the stack
-	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
-	add	r12, #`128-32`			@ sifze of bit-slices key schedule
-
-	@ populate the key schedule
-	mov	r4, $key			@ pass key
-	mov	r5, $rounds			@ pass # of rounds
-	mov	sp, r12				@ sp is $keysched
-	bl	_bsaes_key_convert
-	vldmia	$keysched, {@XMM[6]}
-	vstmia	r12,  {@XMM[15]}		@ save last round key
-	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
-	vstmia	$keysched, {@XMM[7]}
-#else
-	ldr	r12, [$key, #244]
-	eors	r12, #1
-	beq	0f
-
-	@ populate the key schedule
-	str	r12, [$key, #244]
-	mov	r4, $key			@ pass key
-	mov	r5, $rounds			@ pass # of rounds
-	add	r12, $key, #248			@ pass key schedule
-	bl	_bsaes_key_convert
-	add	r4, $key, #248
-	vldmia	r4, {@XMM[6]}
-	vstmia	r12, {@XMM[15]}			@ save last round key
-	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
-	vstmia	r4, {@XMM[7]}
-
-.align	2
-0:
-#endif
-
-	vld1.8	{@XMM[15]}, [$ivp]		@ load IV
-	b	.Lcbc_dec_loop
-
-.align	4
-.Lcbc_dec_loop:
-	subs	$len, $len, #0x8
-	bmi	.Lcbc_dec_loop_finish
-
-	vld1.8	{@XMM[0]-@XMM[1]}, [$inp]!	@ load input
-	vld1.8	{@XMM[2]-@XMM[3]}, [$inp]!
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	mov	r4, $keysched			@ pass the key
-#else
-	add	r4, $key, #248
-#endif
-	vld1.8	{@XMM[4]-@XMM[5]}, [$inp]!
-	mov	r5, $rounds
-	vld1.8	{@XMM[6]-@XMM[7]}, [$inp]
-	sub	$inp, $inp, #0x60
-	vstmia	$fp, {@XMM[15]}			@ put aside IV
-
-	bl	_bsaes_decrypt8
-
-	vldmia	$fp, {@XMM[14]}			@ reload IV
-	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
-	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
-	veor	@XMM[1], @XMM[1], @XMM[8]
-	veor	@XMM[6], @XMM[6], @XMM[9]
-	vld1.8	{@XMM[12]-@XMM[13]}, [$inp]!
-	veor	@XMM[4], @XMM[4], @XMM[10]
-	veor	@XMM[2], @XMM[2], @XMM[11]
-	vld1.8	{@XMM[14]-@XMM[15]}, [$inp]!
-	veor	@XMM[7], @XMM[7], @XMM[12]
-	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-	veor	@XMM[3], @XMM[3], @XMM[13]
-	vst1.8	{@XMM[6]}, [$out]!
-	veor	@XMM[5], @XMM[5], @XMM[14]
-	vst1.8	{@XMM[4]}, [$out]!
-	vst1.8	{@XMM[2]}, [$out]!
-	vst1.8	{@XMM[7]}, [$out]!
-	vst1.8	{@XMM[3]}, [$out]!
-	vst1.8	{@XMM[5]}, [$out]!
-
-	b	.Lcbc_dec_loop
-
-.Lcbc_dec_loop_finish:
-	adds	$len, $len, #8
-	beq	.Lcbc_dec_done
-
-	vld1.8	{@XMM[0]}, [$inp]!		@ load input
-	cmp	$len, #2
-	blo	.Lcbc_dec_one
-	vld1.8	{@XMM[1]}, [$inp]!
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	mov	r4, $keysched			@ pass the key
-#else
-	add	r4, $key, #248
-#endif
-	mov	r5, $rounds
-	vstmia	$fp, {@XMM[15]}			@ put aside IV
-	beq	.Lcbc_dec_two
-	vld1.8	{@XMM[2]}, [$inp]!
-	cmp	$len, #4
-	blo	.Lcbc_dec_three
-	vld1.8	{@XMM[3]}, [$inp]!
-	beq	.Lcbc_dec_four
-	vld1.8	{@XMM[4]}, [$inp]!
-	cmp	$len, #6
-	blo	.Lcbc_dec_five
-	vld1.8	{@XMM[5]}, [$inp]!
-	beq	.Lcbc_dec_six
-	vld1.8	{@XMM[6]}, [$inp]!
-	sub	$inp, $inp, #0x70
-
-	bl	_bsaes_decrypt8
-
-	vldmia	$fp, {@XMM[14]}			@ reload IV
-	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
-	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
-	veor	@XMM[1], @XMM[1], @XMM[8]
-	veor	@XMM[6], @XMM[6], @XMM[9]
-	vld1.8	{@XMM[12]-@XMM[13]}, [$inp]!
-	veor	@XMM[4], @XMM[4], @XMM[10]
-	veor	@XMM[2], @XMM[2], @XMM[11]
-	vld1.8	{@XMM[15]}, [$inp]!
-	veor	@XMM[7], @XMM[7], @XMM[12]
-	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-	veor	@XMM[3], @XMM[3], @XMM[13]
-	vst1.8	{@XMM[6]}, [$out]!
-	vst1.8	{@XMM[4]}, [$out]!
-	vst1.8	{@XMM[2]}, [$out]!
-	vst1.8	{@XMM[7]}, [$out]!
-	vst1.8	{@XMM[3]}, [$out]!
-	b	.Lcbc_dec_done
-.align	4
-.Lcbc_dec_six:
-	sub	$inp, $inp, #0x60
-	bl	_bsaes_decrypt8
-	vldmia	$fp,{@XMM[14]}			@ reload IV
-	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
-	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
-	veor	@XMM[1], @XMM[1], @XMM[8]
-	veor	@XMM[6], @XMM[6], @XMM[9]
-	vld1.8	{@XMM[12]}, [$inp]!
-	veor	@XMM[4], @XMM[4], @XMM[10]
-	veor	@XMM[2], @XMM[2], @XMM[11]
-	vld1.8	{@XMM[15]}, [$inp]!
-	veor	@XMM[7], @XMM[7], @XMM[12]
-	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-	vst1.8	{@XMM[6]}, [$out]!
-	vst1.8	{@XMM[4]}, [$out]!
-	vst1.8	{@XMM[2]}, [$out]!
-	vst1.8	{@XMM[7]}, [$out]!
-	b	.Lcbc_dec_done
-.align	4
-.Lcbc_dec_five:
-	sub	$inp, $inp, #0x50
-	bl	_bsaes_decrypt8
-	vldmia	$fp, {@XMM[14]}			@ reload IV
-	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
-	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
-	veor	@XMM[1], @XMM[1], @XMM[8]
-	veor	@XMM[6], @XMM[6], @XMM[9]
-	vld1.8	{@XMM[15]}, [$inp]!
-	veor	@XMM[4], @XMM[4], @XMM[10]
-	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-	veor	@XMM[2], @XMM[2], @XMM[11]
-	vst1.8	{@XMM[6]}, [$out]!
-	vst1.8	{@XMM[4]}, [$out]!
-	vst1.8	{@XMM[2]}, [$out]!
-	b	.Lcbc_dec_done
-.align	4
-.Lcbc_dec_four:
-	sub	$inp, $inp, #0x40
-	bl	_bsaes_decrypt8
-	vldmia	$fp, {@XMM[14]}			@ reload IV
-	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
-	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-	vld1.8	{@XMM[10]}, [$inp]!
-	veor	@XMM[1], @XMM[1], @XMM[8]
-	veor	@XMM[6], @XMM[6], @XMM[9]
-	vld1.8	{@XMM[15]}, [$inp]!
-	veor	@XMM[4], @XMM[4], @XMM[10]
-	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-	vst1.8	{@XMM[6]}, [$out]!
-	vst1.8	{@XMM[4]}, [$out]!
-	b	.Lcbc_dec_done
-.align	4
-.Lcbc_dec_three:
-	sub	$inp, $inp, #0x30
-	bl	_bsaes_decrypt8
-	vldmia	$fp, {@XMM[14]}			@ reload IV
-	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
-	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-	vld1.8	{@XMM[15]}, [$inp]!
-	veor	@XMM[1], @XMM[1], @XMM[8]
-	veor	@XMM[6], @XMM[6], @XMM[9]
-	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-	vst1.8	{@XMM[6]}, [$out]!
-	b	.Lcbc_dec_done
-.align	4
-.Lcbc_dec_two:
-	sub	$inp, $inp, #0x20
-	bl	_bsaes_decrypt8
-	vldmia	$fp, {@XMM[14]}			@ reload IV
-	vld1.8	{@XMM[8]}, [$inp]!		@ reload input
-	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-	vld1.8	{@XMM[15]}, [$inp]!		@ reload input
-	veor	@XMM[1], @XMM[1], @XMM[8]
-	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-	b	.Lcbc_dec_done
-.align	4
-.Lcbc_dec_one:
-	sub	$inp, $inp, #0x10
-	mov	$rounds, $out			@ save original out pointer
-	mov	$out, $fp			@ use the iv scratch space as out buffer
-	mov	r2, $key
-	vmov	@XMM[4],@XMM[15]		@ just in case ensure that IV
-	vmov	@XMM[5],@XMM[0]			@ and input are preserved
-	bl	AES_decrypt
-	vld1.8	{@XMM[0]}, [$fp,:64]		@ load result
-	veor	@XMM[0], @XMM[0], @XMM[4]	@ ^= IV
-	vmov	@XMM[15], @XMM[5]		@ @XMM[5] holds input
-	vst1.8	{@XMM[0]}, [$rounds]		@ write output
-
-.Lcbc_dec_done:
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	vmov.i32	q0, #0
-	vmov.i32	q1, #0
-.Lcbc_dec_bzero:				@ wipe key schedule [if any]
-	vstmia		$keysched!, {q0-q1}
-	cmp		$keysched, $fp
-	bne		.Lcbc_dec_bzero
-#endif
-
-	mov	sp, $fp
-	add	sp, #0x10			@ add sp,$fp,#0x10 is no good for thumb
-	vst1.8	{@XMM[15]}, [$ivp]		@ return IV
-	VFP_ABI_POP
-	ldmia	sp!, {r4-r10, pc}
-.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
-___
-}
-{
-my ($inp,$out,$len,$key, $ctr,$fp,$rounds)=(map("r$_",(0..3,8..10)));
-my $const = "r6";	# shared with _bsaes_encrypt8_alt
-my $keysched = "sp";
-
-$code.=<<___;
-.extern	AES_encrypt
-.global	bsaes_ctr32_encrypt_blocks
-.type	bsaes_ctr32_encrypt_blocks,%function
-.align	5
-bsaes_ctr32_encrypt_blocks:
-	cmp	$len, #8			@ use plain AES for
-	blo	.Lctr_enc_short			@ small sizes
-
-	mov	ip, sp
-	stmdb	sp!, {r4-r10, lr}
-	VFP_ABI_PUSH
-	ldr	$ctr, [ip]			@ ctr is 1st arg on the stack
-	sub	sp, sp, #0x10			@ scratch space to carry over the ctr
-	mov	$fp, sp				@ save sp
-
-	ldr	$rounds, [$key, #240]		@ get # of rounds
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	@ allocate the key schedule on the stack
-	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
-	add	r12, #`128-32`			@ size of bit-sliced key schedule
-
-	@ populate the key schedule
-	mov	r4, $key			@ pass key
-	mov	r5, $rounds			@ pass # of rounds
-	mov	sp, r12				@ sp is $keysched
-	bl	_bsaes_key_convert
-	veor	@XMM[7],@XMM[7],@XMM[15]	@ fix up last round key
-	vstmia	r12, {@XMM[7]}			@ save last round key
-
-	vld1.8	{@XMM[0]}, [$ctr]		@ load counter
-	add	$ctr, $const, #.LREVM0SR-.LM0	@ borrow $ctr
-	vldmia	$keysched, {@XMM[4]}		@ load round0 key
-#else
-	ldr	r12, [$key, #244]
-	eors	r12, #1
-	beq	0f
-
-	@ populate the key schedule
-	str	r12, [$key, #244]
-	mov	r4, $key			@ pass key
-	mov	r5, $rounds			@ pass # of rounds
-	add	r12, $key, #248			@ pass key schedule
-	bl	_bsaes_key_convert
-	veor	@XMM[7],@XMM[7],@XMM[15]	@ fix up last round key
-	vstmia	r12, {@XMM[7]}			@ save last round key
-
-.align	2
-0:	add	r12, $key, #248
-	vld1.8	{@XMM[0]}, [$ctr]		@ load counter
-	adrl	$ctr, .LREVM0SR			@ borrow $ctr
-	vldmia	r12, {@XMM[4]}			@ load round0 key
-	sub	sp, #0x10			@ place for adjusted round0 key
-#endif
-
-	vmov.i32	@XMM[8],#1		@ compose 1<<96
-	veor		@XMM[9],@XMM[9],@XMM[9]
-	vrev32.8	@XMM[0],@XMM[0]
-	vext.8		@XMM[8],@XMM[9],@XMM[8],#4
-	vrev32.8	@XMM[4],@XMM[4]
-	vadd.u32	@XMM[9],@XMM[8],@XMM[8]	@ compose 2<<96
-	vstmia	$keysched, {@XMM[4]}		@ save adjusted round0 key
-	b	.Lctr_enc_loop
-
-.align	4
-.Lctr_enc_loop:
-	vadd.u32	@XMM[10], @XMM[8], @XMM[9]	@ compose 3<<96
-	vadd.u32	@XMM[1], @XMM[0], @XMM[8]	@ +1
-	vadd.u32	@XMM[2], @XMM[0], @XMM[9]	@ +2
-	vadd.u32	@XMM[3], @XMM[0], @XMM[10]	@ +3
-	vadd.u32	@XMM[4], @XMM[1], @XMM[10]
-	vadd.u32	@XMM[5], @XMM[2], @XMM[10]
-	vadd.u32	@XMM[6], @XMM[3], @XMM[10]
-	vadd.u32	@XMM[7], @XMM[4], @XMM[10]
-	vadd.u32	@XMM[10], @XMM[5], @XMM[10]	@ next counter
-
-	@ Borrow prologue from _bsaes_encrypt8 to use the opportunity
-	@ to flip byte order in 32-bit counter
-
-	vldmia		$keysched, {@XMM[9]}		@ load round0 key
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, $keysched, #0x10		@ pass next round key
-#else
-	add		r4, $key, #`248+16`
-#endif
-	vldmia		$ctr, {@XMM[8]}			@ .LREVM0SR
-	mov		r5, $rounds			@ pass rounds
-	vstmia		$fp, {@XMM[10]}			@ save next counter
-	sub		$const, $ctr, #.LREVM0SR-.LSR	@ pass constants
-
-	bl		_bsaes_encrypt8_alt
-
-	subs		$len, $len, #8
-	blo		.Lctr_enc_loop_done
-
-	vld1.8		{@XMM[8]-@XMM[9]}, [$inp]!	@ load input
-	vld1.8		{@XMM[10]-@XMM[11]}, [$inp]!
-	veor		@XMM[0], @XMM[8]
-	veor		@XMM[1], @XMM[9]
-	vld1.8		{@XMM[12]-@XMM[13]}, [$inp]!
-	veor		@XMM[4], @XMM[10]
-	veor		@XMM[6], @XMM[11]
-	vld1.8		{@XMM[14]-@XMM[15]}, [$inp]!
-	veor		@XMM[3], @XMM[12]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-	veor		@XMM[7], @XMM[13]
-	veor		@XMM[2], @XMM[14]
-	vst1.8		{@XMM[4]}, [$out]!
-	veor		@XMM[5], @XMM[15]
-	vst1.8		{@XMM[6]}, [$out]!
-	vmov.i32	@XMM[8], #1			@ compose 1<<96
-	vst1.8		{@XMM[3]}, [$out]!
-	veor		@XMM[9], @XMM[9], @XMM[9]
-	vst1.8		{@XMM[7]}, [$out]!
-	vext.8		@XMM[8], @XMM[9], @XMM[8], #4
-	vst1.8		{@XMM[2]}, [$out]!
-	vadd.u32	@XMM[9],@XMM[8],@XMM[8]		@ compose 2<<96
-	vst1.8		{@XMM[5]}, [$out]!
-	vldmia		$fp, {@XMM[0]}			@ load counter
-
-	bne		.Lctr_enc_loop
-	b		.Lctr_enc_done
-
-.align	4
-.Lctr_enc_loop_done:
-	add		$len, $len, #8
-	vld1.8		{@XMM[8]}, [$inp]!	@ load input
-	veor		@XMM[0], @XMM[8]
-	vst1.8		{@XMM[0]}, [$out]!	@ write output
-	cmp		$len, #2
-	blo		.Lctr_enc_done
-	vld1.8		{@XMM[9]}, [$inp]!
-	veor		@XMM[1], @XMM[9]
-	vst1.8		{@XMM[1]}, [$out]!
-	beq		.Lctr_enc_done
-	vld1.8		{@XMM[10]}, [$inp]!
-	veor		@XMM[4], @XMM[10]
-	vst1.8		{@XMM[4]}, [$out]!
-	cmp		$len, #4
-	blo		.Lctr_enc_done
-	vld1.8		{@XMM[11]}, [$inp]!
-	veor		@XMM[6], @XMM[11]
-	vst1.8		{@XMM[6]}, [$out]!
-	beq		.Lctr_enc_done
-	vld1.8		{@XMM[12]}, [$inp]!
-	veor		@XMM[3], @XMM[12]
-	vst1.8		{@XMM[3]}, [$out]!
-	cmp		$len, #6
-	blo		.Lctr_enc_done
-	vld1.8		{@XMM[13]}, [$inp]!
-	veor		@XMM[7], @XMM[13]
-	vst1.8		{@XMM[7]}, [$out]!
-	beq		.Lctr_enc_done
-	vld1.8		{@XMM[14]}, [$inp]
-	veor		@XMM[2], @XMM[14]
-	vst1.8		{@XMM[2]}, [$out]!
-
-.Lctr_enc_done:
-	vmov.i32	q0, #0
-	vmov.i32	q1, #0
-#ifndef	BSAES_ASM_EXTENDED_KEY
-.Lctr_enc_bzero:			@ wipe key schedule [if any]
-	vstmia		$keysched!, {q0-q1}
-	cmp		$keysched, $fp
-	bne		.Lctr_enc_bzero
-#else
-	vstmia		$keysched, {q0-q1}
-#endif
-
-	mov	sp, $fp
-	add	sp, #0x10		@ add sp,$fp,#0x10 is no good for thumb
-	VFP_ABI_POP
-	ldmia	sp!, {r4-r10, pc}	@ return
-
-.align	4
-.Lctr_enc_short:
-	ldr	ip, [sp]		@ ctr pointer is passed on stack
-	stmdb	sp!, {r4-r8, lr}
-
-	mov	r4, $inp		@ copy arguments
-	mov	r5, $out
-	mov	r6, $len
-	mov	r7, $key
-	ldr	r8, [ip, #12]		@ load counter LSW
-	vld1.8	{@XMM[1]}, [ip]		@ load whole counter value
-#ifdef __ARMEL__
-	rev	r8, r8
-#endif
-	sub	sp, sp, #0x10
-	vst1.8	{@XMM[1]}, [sp,:64]	@ copy counter value
-	sub	sp, sp, #0x10
-
-.Lctr_enc_short_loop:
-	add	r0, sp, #0x10		@ input counter value
-	mov	r1, sp			@ output on the stack
-	mov	r2, r7			@ key
-
-	bl	AES_encrypt
-
-	vld1.8	{@XMM[0]}, [r4]!	@ load input
-	vld1.8	{@XMM[1]}, [sp,:64]	@ load encrypted counter
-	add	r8, r8, #1
-#ifdef __ARMEL__
-	rev	r0, r8
-	str	r0, [sp, #0x1c]		@ next counter value
-#else
-	str	r8, [sp, #0x1c]		@ next counter value
-#endif
-	veor	@XMM[0],@XMM[0],@XMM[1]
-	vst1.8	{@XMM[0]}, [r5]!	@ store output
-	subs	r6, r6, #1
-	bne	.Lctr_enc_short_loop
-
-	vmov.i32	q0, #0
-	vmov.i32	q1, #0
-	vstmia		sp!, {q0-q1}
-
-	ldmia	sp!, {r4-r8, pc}
-.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
-___
-}
-{
-######################################################################
-# void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len,
-#	const AES_KEY *key1, const AES_KEY *key2,
-#	const unsigned char iv[16]);
-#
-my ($inp,$out,$len,$key,$rounds,$magic,$fp)=(map("r$_",(7..10,1..3)));
-my $const="r6";		# returned by _bsaes_key_convert
-my $twmask=@XMM[5];
-my @T=@XMM[6..7];
-
-$code.=<<___;
-.globl	bsaes_xts_encrypt
-.type	bsaes_xts_encrypt,%function
-.align	4
-bsaes_xts_encrypt:
-	mov	ip, sp
-	stmdb	sp!, {r4-r10, lr}		@ 0x20
-	VFP_ABI_PUSH
-	mov	r6, sp				@ future $fp
-
-	mov	$inp, r0
-	mov	$out, r1
-	mov	$len, r2
-	mov	$key, r3
-
-	sub	r0, sp, #0x10			@ 0x10
-	bic	r0, #0xf			@ align at 16 bytes
-	mov	sp, r0
-
-#ifdef	XTS_CHAIN_TWEAK
-	ldr	r0, [ip]			@ pointer to input tweak
-#else
-	@ generate initial tweak
-	ldr	r0, [ip, #4]			@ iv[]
-	mov	r1, sp
-	ldr	r2, [ip, #0]			@ key2
-	bl	AES_encrypt
-	mov	r0,sp				@ pointer to initial tweak
-#endif
-
-	ldr	$rounds, [$key, #240]		@ get # of rounds
-	mov	$fp, r6
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	@ allocate the key schedule on the stack
-	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
-	@ add	r12, #`128-32`			@ size of bit-sliced key schedule
-	sub	r12, #`32+16`			@ place for tweak[9]
-
-	@ populate the key schedule
-	mov	r4, $key			@ pass key
-	mov	r5, $rounds			@ pass # of rounds
-	mov	sp, r12
-	add	r12, #0x90			@ pass key schedule
-	bl	_bsaes_key_convert
-	veor	@XMM[7], @XMM[7], @XMM[15]	@ fix up last round key
-	vstmia	r12, {@XMM[7]}			@ save last round key
-#else
-	ldr	r12, [$key, #244]
-	eors	r12, #1
-	beq	0f
-
-	str	r12, [$key, #244]
-	mov	r4, $key			@ pass key
-	mov	r5, $rounds			@ pass # of rounds
-	add	r12, $key, #248			@ pass key schedule
-	bl	_bsaes_key_convert
-	veor	@XMM[7], @XMM[7], @XMM[15]	@ fix up last round key
-	vstmia	r12, {@XMM[7]}
-
-.align	2
-0:	sub	sp, #0x90			@ place for tweak[9]
-#endif
-
-	vld1.8	{@XMM[8]}, [r0]			@ initial tweak
-	adr	$magic, .Lxts_magic
-
-	subs	$len, #0x80
-	blo	.Lxts_enc_short
-	b	.Lxts_enc_loop
-
-.align	4
-.Lxts_enc_loop:
-	vldmia		$magic, {$twmask}	@ load XTS magic
-	vshr.s64	@T[0], @XMM[8], #63
-	mov		r0, sp
-	vand		@T[0], @T[0], $twmask
-___
-for($i=9;$i<16;$i++) {
-$code.=<<___;
-	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
-	vst1.64		{@XMM[$i-1]}, [r0,:128]!
-	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
-	vshr.s64	@T[1], @XMM[$i], #63
-	veor		@XMM[$i], @XMM[$i], @T[0]
-	vand		@T[1], @T[1], $twmask
-___
-	@T=reverse(@T);
-
-$code.=<<___ if ($i>=10);
-	vld1.8		{@XMM[$i-10]}, [$inp]!
-___
-$code.=<<___ if ($i>=11);
-	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
-___
-}
-$code.=<<___;
-	vadd.u64	@XMM[8], @XMM[15], @XMM[15]
-	vst1.64		{@XMM[15]}, [r0,:128]!
-	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
-	veor		@XMM[8], @XMM[8], @T[0]
-	vst1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-
-	vld1.8		{@XMM[6]-@XMM[7]}, [$inp]!
-	veor		@XMM[5], @XMM[5], @XMM[13]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[6], @XMM[6], @XMM[14]
-	mov		r5, $rounds			@ pass rounds
-	veor		@XMM[7], @XMM[7], @XMM[15]
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	veor		@XMM[8], @XMM[4], @XMM[10]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-	veor		@XMM[9], @XMM[6], @XMM[11]
-	vld1.64		{@XMM[14]-@XMM[15]}, [r0,:128]!
-	veor		@XMM[10], @XMM[3], @XMM[12]
-	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-	veor		@XMM[11], @XMM[7], @XMM[13]
-	veor		@XMM[12], @XMM[2], @XMM[14]
-	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
-	veor		@XMM[13], @XMM[5], @XMM[15]
-	vst1.8		{@XMM[12]-@XMM[13]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-
-	subs		$len, #0x80
-	bpl		.Lxts_enc_loop
-
-.Lxts_enc_short:
-	adds		$len, #0x70
-	bmi		.Lxts_enc_done
-
-	vldmia		$magic, {$twmask}	@ load XTS magic
-	vshr.s64	@T[0], @XMM[8], #63
-	mov		r0, sp
-	vand		@T[0], @T[0], $twmask
-___
-for($i=9;$i<16;$i++) {
-$code.=<<___;
-	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
-	vst1.64		{@XMM[$i-1]}, [r0,:128]!
-	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
-	vshr.s64	@T[1], @XMM[$i], #63
-	veor		@XMM[$i], @XMM[$i], @T[0]
-	vand		@T[1], @T[1], $twmask
-___
-	@T=reverse(@T);
-
-$code.=<<___ if ($i>=10);
-	vld1.8		{@XMM[$i-10]}, [$inp]!
-	subs		$len, #0x10
-	bmi		.Lxts_enc_`$i-9`
-___
-$code.=<<___ if ($i>=11);
-	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
-___
-}
-$code.=<<___;
-	sub		$len, #0x10
-	vst1.64		{@XMM[15]}, [r0,:128]		@ next round tweak
-
-	vld1.8		{@XMM[6]}, [$inp]!
-	veor		@XMM[5], @XMM[5], @XMM[13]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[6], @XMM[6], @XMM[14]
-	mov		r5, $rounds			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	veor		@XMM[8], @XMM[4], @XMM[10]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-	veor		@XMM[9], @XMM[6], @XMM[11]
-	vld1.64		{@XMM[14]}, [r0,:128]!
-	veor		@XMM[10], @XMM[3], @XMM[12]
-	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-	veor		@XMM[11], @XMM[7], @XMM[13]
-	veor		@XMM[12], @XMM[2], @XMM[14]
-	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
-	vst1.8		{@XMM[12]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-	b		.Lxts_enc_done
-.align	4
-.Lxts_enc_6:
-	vst1.64		{@XMM[14]}, [r0,:128]		@ next round tweak
-
-	veor		@XMM[4], @XMM[4], @XMM[12]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[5], @XMM[5], @XMM[13]
-	mov		r5, $rounds			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	veor		@XMM[8], @XMM[4], @XMM[10]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-	veor		@XMM[9], @XMM[6], @XMM[11]
-	veor		@XMM[10], @XMM[3], @XMM[12]
-	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-	veor		@XMM[11], @XMM[7], @XMM[13]
-	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-	b		.Lxts_enc_done
-
-@ put this in range for both ARM and Thumb mode adr instructions
-.align	5
-.Lxts_magic:
-	.quad	1, 0x87
-
-.align	5
-.Lxts_enc_5:
-	vst1.64		{@XMM[13]}, [r0,:128]		@ next round tweak
-
-	veor		@XMM[3], @XMM[3], @XMM[11]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[4], @XMM[4], @XMM[12]
-	mov		r5, $rounds			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	vld1.64		{@XMM[12]}, [r0,:128]!
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	veor		@XMM[8], @XMM[4], @XMM[10]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-	veor		@XMM[9], @XMM[6], @XMM[11]
-	veor		@XMM[10], @XMM[3], @XMM[12]
-	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-	vst1.8		{@XMM[10]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-	b		.Lxts_enc_done
-.align	4
-.Lxts_enc_4:
-	vst1.64		{@XMM[12]}, [r0,:128]		@ next round tweak
-
-	veor		@XMM[2], @XMM[2], @XMM[10]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[3], @XMM[3], @XMM[11]
-	mov		r5, $rounds			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	veor		@XMM[8], @XMM[4], @XMM[10]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-	veor		@XMM[9], @XMM[6], @XMM[11]
-	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-	b		.Lxts_enc_done
-.align	4
-.Lxts_enc_3:
-	vst1.64		{@XMM[11]}, [r0,:128]		@ next round tweak
-
-	veor		@XMM[1], @XMM[1], @XMM[9]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[2], @XMM[2], @XMM[10]
-	mov		r5, $rounds			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
-	vld1.64		{@XMM[10]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	veor		@XMM[8], @XMM[4], @XMM[10]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-	vst1.8		{@XMM[8]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-	b		.Lxts_enc_done
-.align	4
-.Lxts_enc_2:
-	vst1.64		{@XMM[10]}, [r0,:128]		@ next round tweak
-
-	veor		@XMM[0], @XMM[0], @XMM[8]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[1], @XMM[1], @XMM[9]
-	mov		r5, $rounds			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_encrypt8
-
-	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-	b		.Lxts_enc_done
-.align	4
-.Lxts_enc_1:
-	mov		r0, sp
-	veor		@XMM[0], @XMM[8]
-	mov		r1, sp
-	vst1.8		{@XMM[0]}, [sp,:128]
-	mov		r2, $key
-	mov		r4, $fp				@ preserve fp
-
-	bl		AES_encrypt
-
-	vld1.8		{@XMM[0]}, [sp,:128]
-	veor		@XMM[0], @XMM[0], @XMM[8]
-	vst1.8		{@XMM[0]}, [$out]!
-	mov		$fp, r4
-
-	vmov		@XMM[8], @XMM[9]		@ next round tweak
-
-.Lxts_enc_done:
-#ifndef	XTS_CHAIN_TWEAK
-	adds		$len, #0x10
-	beq		.Lxts_enc_ret
-	sub		r6, $out, #0x10
-
-.Lxts_enc_steal:
-	ldrb		r0, [$inp], #1
-	ldrb		r1, [$out, #-0x10]
-	strb		r0, [$out, #-0x10]
-	strb		r1, [$out], #1
-
-	subs		$len, #1
-	bhi		.Lxts_enc_steal
-
-	vld1.8		{@XMM[0]}, [r6]
-	mov		r0, sp
-	veor		@XMM[0], @XMM[0], @XMM[8]
-	mov		r1, sp
-	vst1.8		{@XMM[0]}, [sp,:128]
-	mov		r2, $key
-	mov		r4, $fp			@ preserve fp
-
-	bl		AES_encrypt
-
-	vld1.8		{@XMM[0]}, [sp,:128]
-	veor		@XMM[0], @XMM[0], @XMM[8]
-	vst1.8		{@XMM[0]}, [r6]
-	mov		$fp, r4
-#endif
-
-.Lxts_enc_ret:
-	bic		r0, $fp, #0xf
-	vmov.i32	q0, #0
-	vmov.i32	q1, #0
-#ifdef	XTS_CHAIN_TWEAK
-	ldr		r1, [$fp, #0x20+VFP_ABI_FRAME]	@ chain tweak
-#endif
-.Lxts_enc_bzero:				@ wipe key schedule [if any]
-	vstmia		sp!, {q0-q1}
-	cmp		sp, r0
-	bne		.Lxts_enc_bzero
-
-	mov		sp, $fp
-#ifdef	XTS_CHAIN_TWEAK
-	vst1.8		{@XMM[8]}, [r1]
-#endif
-	VFP_ABI_POP
-	ldmia		sp!, {r4-r10, pc}	@ return
-
-.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt
-
-.globl	bsaes_xts_decrypt
-.type	bsaes_xts_decrypt,%function
-.align	4
-bsaes_xts_decrypt:
-	mov	ip, sp
-	stmdb	sp!, {r4-r10, lr}		@ 0x20
-	VFP_ABI_PUSH
-	mov	r6, sp				@ future $fp
-
-	mov	$inp, r0
-	mov	$out, r1
-	mov	$len, r2
-	mov	$key, r3
-
-	sub	r0, sp, #0x10			@ 0x10
-	bic	r0, #0xf			@ align at 16 bytes
-	mov	sp, r0
-
-#ifdef	XTS_CHAIN_TWEAK
-	ldr	r0, [ip]			@ pointer to input tweak
-#else
-	@ generate initial tweak
-	ldr	r0, [ip, #4]			@ iv[]
-	mov	r1, sp
-	ldr	r2, [ip, #0]			@ key2
-	bl	AES_encrypt
-	mov	r0, sp				@ pointer to initial tweak
-#endif
-
-	ldr	$rounds, [$key, #240]		@ get # of rounds
-	mov	$fp, r6
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	@ allocate the key schedule on the stack
-	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
-	@ add	r12, #`128-32`			@ size of bit-sliced key schedule
-	sub	r12, #`32+16`			@ place for tweak[9]
-
-	@ populate the key schedule
-	mov	r4, $key			@ pass key
-	mov	r5, $rounds			@ pass # of rounds
-	mov	sp, r12
-	add	r12, #0x90			@ pass key schedule
-	bl	_bsaes_key_convert
-	add	r4, sp, #0x90
-	vldmia	r4, {@XMM[6]}
-	vstmia	r12,  {@XMM[15]}		@ save last round key
-	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
-	vstmia	r4, {@XMM[7]}
-#else
-	ldr	r12, [$key, #244]
-	eors	r12, #1
-	beq	0f
-
-	str	r12, [$key, #244]
-	mov	r4, $key			@ pass key
-	mov	r5, $rounds			@ pass # of rounds
-	add	r12, $key, #248			@ pass key schedule
-	bl	_bsaes_key_convert
-	add	r4, $key, #248
-	vldmia	r4, {@XMM[6]}
-	vstmia	r12,  {@XMM[15]}		@ save last round key
-	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
-	vstmia	r4, {@XMM[7]}
-
-.align	2
-0:	sub	sp, #0x90			@ place for tweak[9]
-#endif
-	vld1.8	{@XMM[8]}, [r0]			@ initial tweak
-	adr	$magic, .Lxts_magic
-
-	tst	$len, #0xf			@ if not multiple of 16
-	it	ne				@ Thumb2 thing, sanity check in ARM
-	subne	$len, #0x10			@ subtract another 16 bytes
-	subs	$len, #0x80
-
-	blo	.Lxts_dec_short
-	b	.Lxts_dec_loop
-
-.align	4
-.Lxts_dec_loop:
-	vldmia		$magic, {$twmask}	@ load XTS magic
-	vshr.s64	@T[0], @XMM[8], #63
-	mov		r0, sp
-	vand		@T[0], @T[0], $twmask
-___
-for($i=9;$i<16;$i++) {
-$code.=<<___;
-	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
-	vst1.64		{@XMM[$i-1]}, [r0,:128]!
-	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
-	vshr.s64	@T[1], @XMM[$i], #63
-	veor		@XMM[$i], @XMM[$i], @T[0]
-	vand		@T[1], @T[1], $twmask
-___
-	@T=reverse(@T);
-
-$code.=<<___ if ($i>=10);
-	vld1.8		{@XMM[$i-10]}, [$inp]!
-___
-$code.=<<___ if ($i>=11);
-	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
-___
-}
-$code.=<<___;
-	vadd.u64	@XMM[8], @XMM[15], @XMM[15]
-	vst1.64		{@XMM[15]}, [r0,:128]!
-	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
-	veor		@XMM[8], @XMM[8], @T[0]
-	vst1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-
-	vld1.8		{@XMM[6]-@XMM[7]}, [$inp]!
-	veor		@XMM[5], @XMM[5], @XMM[13]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[6], @XMM[6], @XMM[14]
-	mov		r5, $rounds			@ pass rounds
-	veor		@XMM[7], @XMM[7], @XMM[15]
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	veor		@XMM[8], @XMM[6], @XMM[10]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-	veor		@XMM[9], @XMM[4], @XMM[11]
-	vld1.64		{@XMM[14]-@XMM[15]}, [r0,:128]!
-	veor		@XMM[10], @XMM[2], @XMM[12]
-	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-	veor		@XMM[11], @XMM[7], @XMM[13]
-	veor		@XMM[12], @XMM[3], @XMM[14]
-	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
-	veor		@XMM[13], @XMM[5], @XMM[15]
-	vst1.8		{@XMM[12]-@XMM[13]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-
-	subs		$len, #0x80
-	bpl		.Lxts_dec_loop
-
-.Lxts_dec_short:
-	adds		$len, #0x70
-	bmi		.Lxts_dec_done
-
-	vldmia		$magic, {$twmask}	@ load XTS magic
-	vshr.s64	@T[0], @XMM[8], #63
-	mov		r0, sp
-	vand		@T[0], @T[0], $twmask
-___
-for($i=9;$i<16;$i++) {
-$code.=<<___;
-	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
-	vst1.64		{@XMM[$i-1]}, [r0,:128]!
-	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
-	vshr.s64	@T[1], @XMM[$i], #63
-	veor		@XMM[$i], @XMM[$i], @T[0]
-	vand		@T[1], @T[1], $twmask
-___
-	@T=reverse(@T);
-
-$code.=<<___ if ($i>=10);
-	vld1.8		{@XMM[$i-10]}, [$inp]!
-	subs		$len, #0x10
-	bmi		.Lxts_dec_`$i-9`
-___
-$code.=<<___ if ($i>=11);
-	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
-___
-}
-$code.=<<___;
-	sub		$len, #0x10
-	vst1.64		{@XMM[15]}, [r0,:128]		@ next round tweak
-
-	vld1.8		{@XMM[6]}, [$inp]!
-	veor		@XMM[5], @XMM[5], @XMM[13]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[6], @XMM[6], @XMM[14]
-	mov		r5, $rounds			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	veor		@XMM[8], @XMM[6], @XMM[10]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-	veor		@XMM[9], @XMM[4], @XMM[11]
-	vld1.64		{@XMM[14]}, [r0,:128]!
-	veor		@XMM[10], @XMM[2], @XMM[12]
-	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-	veor		@XMM[11], @XMM[7], @XMM[13]
-	veor		@XMM[12], @XMM[3], @XMM[14]
-	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
-	vst1.8		{@XMM[12]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-	b		.Lxts_dec_done
-.align	4
-.Lxts_dec_6:
-	vst1.64		{@XMM[14]}, [r0,:128]		@ next round tweak
-
-	veor		@XMM[4], @XMM[4], @XMM[12]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[5], @XMM[5], @XMM[13]
-	mov		r5, $rounds			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	veor		@XMM[8], @XMM[6], @XMM[10]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-	veor		@XMM[9], @XMM[4], @XMM[11]
-	veor		@XMM[10], @XMM[2], @XMM[12]
-	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-	veor		@XMM[11], @XMM[7], @XMM[13]
-	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-	b		.Lxts_dec_done
-.align	4
-.Lxts_dec_5:
-	vst1.64		{@XMM[13]}, [r0,:128]		@ next round tweak
-
-	veor		@XMM[3], @XMM[3], @XMM[11]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[4], @XMM[4], @XMM[12]
-	mov		r5, $rounds			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	vld1.64		{@XMM[12]}, [r0,:128]!
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	veor		@XMM[8], @XMM[6], @XMM[10]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-	veor		@XMM[9], @XMM[4], @XMM[11]
-	veor		@XMM[10], @XMM[2], @XMM[12]
-	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-	vst1.8		{@XMM[10]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-	b		.Lxts_dec_done
-.align	4
-.Lxts_dec_4:
-	vst1.64		{@XMM[12]}, [r0,:128]		@ next round tweak
-
-	veor		@XMM[2], @XMM[2], @XMM[10]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[3], @XMM[3], @XMM[11]
-	mov		r5, $rounds			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	veor		@XMM[8], @XMM[6], @XMM[10]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-	veor		@XMM[9], @XMM[4], @XMM[11]
-	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-	b		.Lxts_dec_done
-.align	4
-.Lxts_dec_3:
-	vst1.64		{@XMM[11]}, [r0,:128]		@ next round tweak
-
-	veor		@XMM[1], @XMM[1], @XMM[9]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[2], @XMM[2], @XMM[10]
-	mov		r5, $rounds			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
-	vld1.64		{@XMM[10]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	veor		@XMM[8], @XMM[6], @XMM[10]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-	vst1.8		{@XMM[8]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-	b		.Lxts_dec_done
-.align	4
-.Lxts_dec_2:
-	vst1.64		{@XMM[10]}, [r0,:128]		@ next round tweak
-
-	veor		@XMM[0], @XMM[0], @XMM[8]
-#ifndef	BSAES_ASM_EXTENDED_KEY
-	add		r4, sp, #0x90			@ pass key schedule
-#else
-	add		r4, $key, #248			@ pass key schedule
-#endif
-	veor		@XMM[1], @XMM[1], @XMM[9]
-	mov		r5, $rounds			@ pass rounds
-	mov		r0, sp
-
-	bl		_bsaes_decrypt8
-
-	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
-	veor		@XMM[0], @XMM[0], @XMM[ 8]
-	veor		@XMM[1], @XMM[1], @XMM[ 9]
-	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-
-	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-	b		.Lxts_dec_done
-.align	4
-.Lxts_dec_1:
-	mov		r0, sp
-	veor		@XMM[0], @XMM[8]
-	mov		r1, sp
-	vst1.8		{@XMM[0]}, [sp,:128]
-	mov		r2, $key
-	mov		r4, $fp				@ preserve fp
-	mov		r5, $magic			@ preserve magic
-
-	bl		AES_decrypt
-
-	vld1.8		{@XMM[0]}, [sp,:128]
-	veor		@XMM[0], @XMM[0], @XMM[8]
-	vst1.8		{@XMM[0]}, [$out]!
-	mov		$fp, r4
-	mov		$magic, r5
-
-	vmov		@XMM[8], @XMM[9]		@ next round tweak
-
-.Lxts_dec_done:
-#ifndef	XTS_CHAIN_TWEAK
-	adds		$len, #0x10
-	beq		.Lxts_dec_ret
-
-	@ calculate one round of extra tweak for the stolen ciphertext
-	vldmia		$magic, {$twmask}
-	vshr.s64	@XMM[6], @XMM[8], #63
-	vand		@XMM[6], @XMM[6], $twmask
-	vadd.u64	@XMM[9], @XMM[8], @XMM[8]
-	vswp		`&Dhi("@XMM[6]")`,`&Dlo("@XMM[6]")`
-	veor		@XMM[9], @XMM[9], @XMM[6]
-
-	@ perform the final decryption with the last tweak value
-	vld1.8		{@XMM[0]}, [$inp]!
-	mov		r0, sp
-	veor		@XMM[0], @XMM[0], @XMM[9]
-	mov		r1, sp
-	vst1.8		{@XMM[0]}, [sp,:128]
-	mov		r2, $key
-	mov		r4, $fp			@ preserve fp
-
-	bl		AES_decrypt
-
-	vld1.8		{@XMM[0]}, [sp,:128]
-	veor		@XMM[0], @XMM[0], @XMM[9]
-	vst1.8		{@XMM[0]}, [$out]
-
-	mov		r6, $out
-.Lxts_dec_steal:
-	ldrb		r1, [$out]
-	ldrb		r0, [$inp], #1
-	strb		r1, [$out, #0x10]
-	strb		r0, [$out], #1
-
-	subs		$len, #1
-	bhi		.Lxts_dec_steal
-
-	vld1.8		{@XMM[0]}, [r6]
-	mov		r0, sp
-	veor		@XMM[0], @XMM[8]
-	mov		r1, sp
-	vst1.8		{@XMM[0]}, [sp,:128]
-	mov		r2, $key
-
-	bl		AES_decrypt
-
-	vld1.8		{@XMM[0]}, [sp,:128]
-	veor		@XMM[0], @XMM[0], @XMM[8]
-	vst1.8		{@XMM[0]}, [r6]
-	mov		$fp, r4
-#endif
-
-.Lxts_dec_ret:
-	bic		r0, $fp, #0xf
-	vmov.i32	q0, #0
-	vmov.i32	q1, #0
-#ifdef	XTS_CHAIN_TWEAK
-	ldr		r1, [$fp, #0x20+VFP_ABI_FRAME]	@ chain tweak
-#endif
-.Lxts_dec_bzero:				@ wipe key schedule [if any]
-	vstmia		sp!, {q0-q1}
-	cmp		sp, r0
-	bne		.Lxts_dec_bzero
-
-	mov		sp, $fp
-#ifdef	XTS_CHAIN_TWEAK
-	vst1.8		{@XMM[8]}, [r1]
-#endif
-	VFP_ABI_POP
-	ldmia		sp!, {r4-r10, pc}	@ return
-
-.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
-___
-}
-$code.=<<___;
-#endif
-___
-
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-
-open SELF,$0;
-while(<SELF>) {
-	next if (/^#!/);
-        last if (!s/^#/@/ and !/^$/);
-        print;
-}
-close SELF;
-
-print $code;
-
-close STDOUT;
diff --git a/crypto/aes/asm/bsaes-x86_64.S b/crypto/aes/asm/bsaes-x86_64.S
deleted file mode 100644
index dc92d4dad4..0000000000
--- a/crypto/aes/asm/bsaes-x86_64.S
+++ /dev/null
@@ -1,2498 +0,0 @@
-.text	
-
-
-
-
-.type	_bsaes_encrypt8,@function
-.align	64
-_bsaes_encrypt8:
-	leaq	.LBS0(%rip),%r11
-
-	movdqa	(%rax),%xmm8
-	leaq	16(%rax),%rax
-	movdqa	80(%r11),%xmm7
-	pxor	%xmm8,%xmm15
-	pxor	%xmm8,%xmm0
-.byte	102,68,15,56,0,255
-	pxor	%xmm8,%xmm1
-.byte	102,15,56,0,199
-	pxor	%xmm8,%xmm2
-.byte	102,15,56,0,207
-	pxor	%xmm8,%xmm3
-.byte	102,15,56,0,215
-	pxor	%xmm8,%xmm4
-.byte	102,15,56,0,223
-	pxor	%xmm8,%xmm5
-.byte	102,15,56,0,231
-	pxor	%xmm8,%xmm6
-.byte	102,15,56,0,239
-.byte	102,15,56,0,247
-_bsaes_encrypt8_bitslice:
-	movdqa	0(%r11),%xmm7
-	movdqa	16(%r11),%xmm8
-	movdqa	%xmm5,%xmm9
-	psrlq	$1,%xmm5
-	movdqa	%xmm3,%xmm10
-	psrlq	$1,%xmm3
-	pxor	%xmm6,%xmm5
-	pxor	%xmm4,%xmm3
-	pand	%xmm7,%xmm5
-	pand	%xmm7,%xmm3
-	pxor	%xmm5,%xmm6
-	psllq	$1,%xmm5
-	pxor	%xmm3,%xmm4
-	psllq	$1,%xmm3
-	pxor	%xmm9,%xmm5
-	pxor	%xmm10,%xmm3
-	movdqa	%xmm1,%xmm9
-	psrlq	$1,%xmm1
-	movdqa	%xmm15,%xmm10
-	psrlq	$1,%xmm15
-	pxor	%xmm2,%xmm1
-	pxor	%xmm0,%xmm15
-	pand	%xmm7,%xmm1
-	pand	%xmm7,%xmm15
-	pxor	%xmm1,%xmm2
-	psllq	$1,%xmm1
-	pxor	%xmm15,%xmm0
-	psllq	$1,%xmm15
-	pxor	%xmm9,%xmm1
-	pxor	%xmm10,%xmm15
-	movdqa	32(%r11),%xmm7
-	movdqa	%xmm4,%xmm9
-	psrlq	$2,%xmm4
-	movdqa	%xmm3,%xmm10
-	psrlq	$2,%xmm3
-	pxor	%xmm6,%xmm4
-	pxor	%xmm5,%xmm3
-	pand	%xmm8,%xmm4
-	pand	%xmm8,%xmm3
-	pxor	%xmm4,%xmm6
-	psllq	$2,%xmm4
-	pxor	%xmm3,%xmm5
-	psllq	$2,%xmm3
-	pxor	%xmm9,%xmm4
-	pxor	%xmm10,%xmm3
-	movdqa	%xmm0,%xmm9
-	psrlq	$2,%xmm0
-	movdqa	%xmm15,%xmm10
-	psrlq	$2,%xmm15
-	pxor	%xmm2,%xmm0
-	pxor	%xmm1,%xmm15
-	pand	%xmm8,%xmm0
-	pand	%xmm8,%xmm15
-	pxor	%xmm0,%xmm2
-	psllq	$2,%xmm0
-	pxor	%xmm15,%xmm1
-	psllq	$2,%xmm15
-	pxor	%xmm9,%xmm0
-	pxor	%xmm10,%xmm15
-	movdqa	%xmm2,%xmm9
-	psrlq	$4,%xmm2
-	movdqa	%xmm1,%xmm10
-	psrlq	$4,%xmm1
-	pxor	%xmm6,%xmm2
-	pxor	%xmm5,%xmm1
-	pand	%xmm7,%xmm2
-	pand	%xmm7,%xmm1
-	pxor	%xmm2,%xmm6
-	psllq	$4,%xmm2
-	pxor	%xmm1,%xmm5
-	psllq	$4,%xmm1
-	pxor	%xmm9,%xmm2
-	pxor	%xmm10,%xmm1
-	movdqa	%xmm0,%xmm9
-	psrlq	$4,%xmm0
-	movdqa	%xmm15,%xmm10
-	psrlq	$4,%xmm15
-	pxor	%xmm4,%xmm0
-	pxor	%xmm3,%xmm15
-	pand	%xmm7,%xmm0
-	pand	%xmm7,%xmm15
-	pxor	%xmm0,%xmm4
-	psllq	$4,%xmm0
-	pxor	%xmm15,%xmm3
-	psllq	$4,%xmm15
-	pxor	%xmm9,%xmm0
-	pxor	%xmm10,%xmm15
-	decl	%r10d
-	jmp	.Lenc_sbox
-.align	16
-.Lenc_loop:
-	pxor	0(%rax),%xmm15
-	pxor	16(%rax),%xmm0
-.byte	102,68,15,56,0,255
-	pxor	32(%rax),%xmm1
-.byte	102,15,56,0,199
-	pxor	48(%rax),%xmm2
-.byte	102,15,56,0,207
-	pxor	64(%rax),%xmm3
-.byte	102,15,56,0,215
-	pxor	80(%rax),%xmm4
-.byte	102,15,56,0,223
-	pxor	96(%rax),%xmm5
-.byte	102,15,56,0,231
-	pxor	112(%rax),%xmm6
-.byte	102,15,56,0,239
-	leaq	128(%rax),%rax
-.byte	102,15,56,0,247
-.Lenc_sbox:
-	pxor	%xmm5,%xmm4
-	pxor	%xmm0,%xmm1
-	pxor	%xmm15,%xmm2
-	pxor	%xmm1,%xmm5
-	pxor	%xmm15,%xmm4
-
-	pxor	%xmm2,%xmm5
-	pxor	%xmm6,%xmm2
-	pxor	%xmm4,%xmm6
-	pxor	%xmm3,%xmm2
-	pxor	%xmm4,%xmm3
-	pxor	%xmm0,%xmm2
-
-	pxor	%xmm6,%xmm1
-	pxor	%xmm4,%xmm0
-	movdqa	%xmm6,%xmm10
-	movdqa	%xmm0,%xmm9
-	movdqa	%xmm4,%xmm8
-	movdqa	%xmm1,%xmm12
-	movdqa	%xmm5,%xmm11
-
-	pxor	%xmm3,%xmm10
-	pxor	%xmm1,%xmm9
-	pxor	%xmm2,%xmm8
-	movdqa	%xmm10,%xmm13
-	pxor	%xmm3,%xmm12
-	movdqa	%xmm9,%xmm7
-	pxor	%xmm15,%xmm11
-	movdqa	%xmm10,%xmm14
-
-	por	%xmm8,%xmm9
-	por	%xmm11,%xmm10
-	pxor	%xmm7,%xmm14
-	pand	%xmm11,%xmm13
-	pxor	%xmm8,%xmm11
-	pand	%xmm8,%xmm7
-	pand	%xmm11,%xmm14
-	movdqa	%xmm2,%xmm11
-	pxor	%xmm15,%xmm11
-	pand	%xmm11,%xmm12
-	pxor	%xmm12,%xmm10
-	pxor	%xmm12,%xmm9
-	movdqa	%xmm6,%xmm12
-	movdqa	%xmm4,%xmm11
-	pxor	%xmm0,%xmm12
-	pxor	%xmm5,%xmm11
-	movdqa	%xmm12,%xmm8
-	pand	%xmm11,%xmm12
-	por	%xmm11,%xmm8
-	pxor	%xmm12,%xmm7
-	pxor	%xmm14,%xmm10
-	pxor	%xmm13,%xmm9
-	pxor	%xmm14,%xmm8
-	movdqa	%xmm1,%xmm11
-	pxor	%xmm13,%xmm7
-	movdqa	%xmm3,%xmm12
-	pxor	%xmm13,%xmm8
-	movdqa	%xmm0,%xmm13
-	pand	%xmm2,%xmm11
-	movdqa	%xmm6,%xmm14
-	pand	%xmm15,%xmm12
-	pand	%xmm4,%xmm13
-	por	%xmm5,%xmm14
-	pxor	%xmm11,%xmm10
-	pxor	%xmm12,%xmm9
-	pxor	%xmm13,%xmm8
-	pxor	%xmm14,%xmm7
-
-
-
-
-
-	movdqa	%xmm10,%xmm11
-	pand	%xmm8,%xmm10
-	pxor	%xmm9,%xmm11
-
-	movdqa	%xmm7,%xmm13
-	movdqa	%xmm11,%xmm14
-	pxor	%xmm10,%xmm13
-	pand	%xmm13,%xmm14
-
-	movdqa	%xmm8,%xmm12
-	pxor	%xmm9,%xmm14
-	pxor	%xmm7,%xmm12
-
-	pxor	%xmm9,%xmm10
-
-	pand	%xmm10,%xmm12
-
-	movdqa	%xmm13,%xmm9
-	pxor	%xmm7,%xmm12
-
-	pxor	%xmm12,%xmm9
-	pxor	%xmm12,%xmm8
-
-	pand	%xmm7,%xmm9
-
-	pxor	%xmm9,%xmm13
-	pxor	%xmm9,%xmm8
-
-	pand	%xmm14,%xmm13
-
-	pxor	%xmm11,%xmm13
-	movdqa	%xmm5,%xmm11
-	movdqa	%xmm4,%xmm7
-	movdqa	%xmm14,%xmm9
-	pxor	%xmm13,%xmm9
-	pand	%xmm5,%xmm9
-	pxor	%xmm4,%xmm5
-	pand	%xmm14,%xmm4
-	pand	%xmm13,%xmm5
-	pxor	%xmm4,%xmm5
-	pxor	%xmm9,%xmm4
-	pxor	%xmm15,%xmm11
-	pxor	%xmm2,%xmm7
-	pxor	%xmm12,%xmm14
-	pxor	%xmm8,%xmm13
-	movdqa	%xmm14,%xmm10
-	movdqa	%xmm12,%xmm9
-	pxor	%xmm13,%xmm10
-	pxor	%xmm8,%xmm9
-	pand	%xmm11,%xmm10
-	pand	%xmm15,%xmm9
-	pxor	%xmm7,%xmm11
-	pxor	%xmm2,%xmm15
-	pand	%xmm14,%xmm7
-	pand	%xmm12,%xmm2
-	pand	%xmm13,%xmm11
-	pand	%xmm8,%xmm15
-	pxor	%xmm11,%xmm7
-	pxor	%xmm2,%xmm15
-	pxor	%xmm10,%xmm11
-	pxor	%xmm9,%xmm2
-	pxor	%xmm11,%xmm5
-	pxor	%xmm11,%xmm15
-	pxor	%xmm7,%xmm4
-	pxor	%xmm7,%xmm2
-
-	movdqa	%xmm6,%xmm11
-	movdqa	%xmm0,%xmm7
-	pxor	%xmm3,%xmm11
-	pxor	%xmm1,%xmm7
-	movdqa	%xmm14,%xmm10
-	movdqa	%xmm12,%xmm9
-	pxor	%xmm13,%xmm10
-	pxor	%xmm8,%xmm9
-	pand	%xmm11,%xmm10
-	pand	%xmm3,%xmm9
-	pxor	%xmm7,%xmm11
-	pxor	%xmm1,%xmm3
-	pand	%xmm14,%xmm7
-	pand	%xmm12,%xmm1
-	pand	%xmm13,%xmm11
-	pand	%xmm8,%xmm3
-	pxor	%xmm11,%xmm7
-	pxor	%xmm1,%xmm3
-	pxor	%xmm10,%xmm11
-	pxor	%xmm9,%xmm1
-	pxor	%xmm12,%xmm14
-	pxor	%xmm8,%xmm13
-	movdqa	%xmm14,%xmm10
-	pxor	%xmm13,%xmm10
-	pand	%xmm6,%xmm10
-	pxor	%xmm0,%xmm6
-	pand	%xmm14,%xmm0
-	pand	%xmm13,%xmm6
-	pxor	%xmm0,%xmm6
-	pxor	%xmm10,%xmm0
-	pxor	%xmm11,%xmm6
-	pxor	%xmm11,%xmm3
-	pxor	%xmm7,%xmm0
-	pxor	%xmm7,%xmm1
-	pxor	%xmm15,%xmm6
-	pxor	%xmm5,%xmm0
-	pxor	%xmm6,%xmm3
-	pxor	%xmm15,%xmm5
-	pxor	%xmm0,%xmm15
-
-	pxor	%xmm4,%xmm0
-	pxor	%xmm1,%xmm4
-	pxor	%xmm2,%xmm1
-	pxor	%xmm4,%xmm2
-	pxor	%xmm4,%xmm3
-
-	pxor	%xmm2,%xmm5
-	decl	%r10d
-	jl	.Lenc_done
-	pshufd	$147,%xmm15,%xmm7
-	pshufd	$147,%xmm0,%xmm8
-	pxor	%xmm7,%xmm15
-	pshufd	$147,%xmm3,%xmm9
-	pxor	%xmm8,%xmm0
-	pshufd	$147,%xmm5,%xmm10
-	pxor	%xmm9,%xmm3
-	pshufd	$147,%xmm2,%xmm11
-	pxor	%xmm10,%xmm5
-	pshufd	$147,%xmm6,%xmm12
-	pxor	%xmm11,%xmm2
-	pshufd	$147,%xmm1,%xmm13
-	pxor	%xmm12,%xmm6
-	pshufd	$147,%xmm4,%xmm14
-	pxor	%xmm13,%xmm1
-	pxor	%xmm14,%xmm4
-
-	pxor	%xmm15,%xmm8
-	pxor	%xmm4,%xmm7
-	pxor	%xmm4,%xmm8
-	pshufd	$78,%xmm15,%xmm15
-	pxor	%xmm0,%xmm9
-	pshufd	$78,%xmm0,%xmm0
-	pxor	%xmm2,%xmm12
-	pxor	%xmm7,%xmm15
-	pxor	%xmm6,%xmm13
-	pxor	%xmm8,%xmm0
-	pxor	%xmm5,%xmm11
-	pshufd	$78,%xmm2,%xmm7
-	pxor	%xmm1,%xmm14
-	pshufd	$78,%xmm6,%xmm8
-	pxor	%xmm3,%xmm10
-	pshufd	$78,%xmm5,%xmm2
-	pxor	%xmm4,%xmm10
-	pshufd	$78,%xmm4,%xmm6
-	pxor	%xmm4,%xmm11
-	pshufd	$78,%xmm1,%xmm5
-	pxor	%xmm11,%xmm7
-	pshufd	$78,%xmm3,%xmm1
-	pxor	%xmm12,%xmm8
-	pxor	%xmm10,%xmm2
-	pxor	%xmm14,%xmm6
-	pxor	%xmm13,%xmm5
-	movdqa	%xmm7,%xmm3
-	pxor	%xmm9,%xmm1
-	movdqa	%xmm8,%xmm4
-	movdqa	48(%r11),%xmm7
-	jnz	.Lenc_loop
-	movdqa	64(%r11),%xmm7
-	jmp	.Lenc_loop
-.align	16
-.Lenc_done:
-	movdqa	0(%r11),%xmm7
-	movdqa	16(%r11),%xmm8
-	movdqa	%xmm1,%xmm9
-	psrlq	$1,%xmm1
-	movdqa	%xmm2,%xmm10
-	psrlq	$1,%xmm2
-	pxor	%xmm4,%xmm1
-	pxor	%xmm6,%xmm2
-	pand	%xmm7,%xmm1
-	pand	%xmm7,%xmm2
-	pxor	%xmm1,%xmm4
-	psllq	$1,%xmm1
-	pxor	%xmm2,%xmm6
-	psllq	$1,%xmm2
-	pxor	%xmm9,%xmm1
-	pxor	%xmm10,%xmm2
-	movdqa	%xmm3,%xmm9
-	psrlq	$1,%xmm3
-	movdqa	%xmm15,%xmm10
-	psrlq	$1,%xmm15
-	pxor	%xmm5,%xmm3
-	pxor	%xmm0,%xmm15
-	pand	%xmm7,%xmm3
-	pand	%xmm7,%xmm15
-	pxor	%xmm3,%xmm5
-	psllq	$1,%xmm3
-	pxor	%xmm15,%xmm0
-	psllq	$1,%xmm15
-	pxor	%xmm9,%xmm3
-	pxor	%xmm10,%xmm15
-	movdqa	32(%r11),%xmm7
-	movdqa	%xmm6,%xmm9
-	psrlq	$2,%xmm6
-	movdqa	%xmm2,%xmm10
-	psrlq	$2,%xmm2
-	pxor	%xmm4,%xmm6
-	pxor	%xmm1,%xmm2
-	pand	%xmm8,%xmm6
-	pand	%xmm8,%xmm2
-	pxor	%xmm6,%xmm4
-	psllq	$2,%xmm6
-	pxor	%xmm2,%xmm1
-	psllq	$2,%xmm2
-	pxor	%xmm9,%xmm6
-	pxor	%xmm10,%xmm2
-	movdqa	%xmm0,%xmm9
-	psrlq	$2,%xmm0
-	movdqa	%xmm15,%xmm10
-	psrlq	$2,%xmm15
-	pxor	%xmm5,%xmm0
-	pxor	%xmm3,%xmm15
-	pand	%xmm8,%xmm0
-	pand	%xmm8,%xmm15
-	pxor	%xmm0,%xmm5
-	psllq	$2,%xmm0
-	pxor	%xmm15,%xmm3
-	psllq	$2,%xmm15
-	pxor	%xmm9,%xmm0
-	pxor	%xmm10,%xmm15
-	movdqa	%xmm5,%xmm9
-	psrlq	$4,%xmm5
-	movdqa	%xmm3,%xmm10
-	psrlq	$4,%xmm3
-	pxor	%xmm4,%xmm5
-	pxor	%xmm1,%xmm3
-	pand	%xmm7,%xmm5
-	pand	%xmm7,%xmm3
-	pxor	%xmm5,%xmm4
-	psllq	$4,%xmm5
-	pxor	%xmm3,%xmm1
-	psllq	$4,%xmm3
-	pxor	%xmm9,%xmm5
-	pxor	%xmm10,%xmm3
-	movdqa	%xmm0,%xmm9
-	psrlq	$4,%xmm0
-	movdqa	%xmm15,%xmm10
-	psrlq	$4,%xmm15
-	pxor	%xmm6,%xmm0
-	pxor	%xmm2,%xmm15
-	pand	%xmm7,%xmm0
-	pand	%xmm7,%xmm15
-	pxor	%xmm0,%xmm6
-	psllq	$4,%xmm0
-	pxor	%xmm15,%xmm2
-	psllq	$4,%xmm15
-	pxor	%xmm9,%xmm0
-	pxor	%xmm10,%xmm15
-	movdqa	(%rax),%xmm7
-	pxor	%xmm7,%xmm3
-	pxor	%xmm7,%xmm5
-	pxor	%xmm7,%xmm2
-	pxor	%xmm7,%xmm6
-	pxor	%xmm7,%xmm1
-	pxor	%xmm7,%xmm4
-	pxor	%xmm7,%xmm15
-	pxor	%xmm7,%xmm0
-	.byte	0xf3,0xc3
-.size	_bsaes_encrypt8,.-_bsaes_encrypt8
-
-.type	_bsaes_decrypt8,@function
-.align	64
-_bsaes_decrypt8:
-	leaq	.LBS0(%rip),%r11
-
-	movdqa	(%rax),%xmm8
-	leaq	16(%rax),%rax
-	movdqa	-48(%r11),%xmm7
-	pxor	%xmm8,%xmm15
-	pxor	%xmm8,%xmm0
-.byte	102,68,15,56,0,255
-	pxor	%xmm8,%xmm1
-.byte	102,15,56,0,199
-	pxor	%xmm8,%xmm2
-.byte	102,15,56,0,207
-	pxor	%xmm8,%xmm3
-.byte	102,15,56,0,215
-	pxor	%xmm8,%xmm4
-.byte	102,15,56,0,223
-	pxor	%xmm8,%xmm5
-.byte	102,15,56,0,231
-	pxor	%xmm8,%xmm6
-.byte	102,15,56,0,239
-.byte	102,15,56,0,247
-	movdqa	0(%r11),%xmm7
-	movdqa	16(%r11),%xmm8
-	movdqa	%xmm5,%xmm9
-	psrlq	$1,%xmm5
-	movdqa	%xmm3,%xmm10
-	psrlq	$1,%xmm3
-	pxor	%xmm6,%xmm5
-	pxor	%xmm4,%xmm3
-	pand	%xmm7,%xmm5
-	pand	%xmm7,%xmm3
-	pxor	%xmm5,%xmm6
-	psllq	$1,%xmm5
-	pxor	%xmm3,%xmm4
-	psllq	$1,%xmm3
-	pxor	%xmm9,%xmm5
-	pxor	%xmm10,%xmm3
-	movdqa	%xmm1,%xmm9
-	psrlq	$1,%xmm1
-	movdqa	%xmm15,%xmm10
-	psrlq	$1,%xmm15
-	pxor	%xmm2,%xmm1
-	pxor	%xmm0,%xmm15
-	pand	%xmm7,%xmm1
-	pand	%xmm7,%xmm15
-	pxor	%xmm1,%xmm2
-	psllq	$1,%xmm1
-	pxor	%xmm15,%xmm0
-	psllq	$1,%xmm15
-	pxor	%xmm9,%xmm1
-	pxor	%xmm10,%xmm15
-	movdqa	32(%r11),%xmm7
-	movdqa	%xmm4,%xmm9
-	psrlq	$2,%xmm4
-	movdqa	%xmm3,%xmm10
-	psrlq	$2,%xmm3
-	pxor	%xmm6,%xmm4
-	pxor	%xmm5,%xmm3
-	pand	%xmm8,%xmm4
-	pand	%xmm8,%xmm3
-	pxor	%xmm4,%xmm6
-	psllq	$2,%xmm4
-	pxor	%xmm3,%xmm5
-	psllq	$2,%xmm3
-	pxor	%xmm9,%xmm4
-	pxor	%xmm10,%xmm3
-	movdqa	%xmm0,%xmm9
-	psrlq	$2,%xmm0
-	movdqa	%xmm15,%xmm10
-	psrlq	$2,%xmm15
-	pxor	%xmm2,%xmm0
-	pxor	%xmm1,%xmm15
-	pand	%xmm8,%xmm0
-	pand	%xmm8,%xmm15
-	pxor	%xmm0,%xmm2
-	psllq	$2,%xmm0
-	pxor	%xmm15,%xmm1
-	psllq	$2,%xmm15
-	pxor	%xmm9,%xmm0
-	pxor	%xmm10,%xmm15
-	movdqa	%xmm2,%xmm9
-	psrlq	$4,%xmm2
-	movdqa	%xmm1,%xmm10
-	psrlq	$4,%xmm1
-	pxor	%xmm6,%xmm2
-	pxor	%xmm5,%xmm1
-	pand	%xmm7,%xmm2
-	pand	%xmm7,%xmm1
-	pxor	%xmm2,%xmm6
-	psllq	$4,%xmm2
-	pxor	%xmm1,%xmm5
-	psllq	$4,%xmm1
-	pxor	%xmm9,%xmm2
-	pxor	%xmm10,%xmm1
-	movdqa	%xmm0,%xmm9
-	psrlq	$4,%xmm0
-	movdqa	%xmm15,%xmm10
-	psrlq	$4,%xmm15
-	pxor	%xmm4,%xmm0
-	pxor	%xmm3,%xmm15
-	pand	%xmm7,%xmm0
-	pand	%xmm7,%xmm15
-	pxor	%xmm0,%xmm4
-	psllq	$4,%xmm0
-	pxor	%xmm15,%xmm3
-	psllq	$4,%xmm15
-	pxor	%xmm9,%xmm0
-	pxor	%xmm10,%xmm15
-	decl	%r10d
-	jmp	.Ldec_sbox
-.align	16
-.Ldec_loop:
-	pxor	0(%rax),%xmm15
-	pxor	16(%rax),%xmm0
-.byte	102,68,15,56,0,255
-	pxor	32(%rax),%xmm1
-.byte	102,15,56,0,199
-	pxor	48(%rax),%xmm2
-.byte	102,15,56,0,207
-	pxor	64(%rax),%xmm3
-.byte	102,15,56,0,215
-	pxor	80(%rax),%xmm4
-.byte	102,15,56,0,223
-	pxor	96(%rax),%xmm5
-.byte	102,15,56,0,231
-	pxor	112(%rax),%xmm6
-.byte	102,15,56,0,239
-	leaq	128(%rax),%rax
-.byte	102,15,56,0,247
-.Ldec_sbox:
-	pxor	%xmm3,%xmm2
-
-	pxor	%xmm6,%xmm3
-	pxor	%xmm6,%xmm1
-	pxor	%xmm3,%xmm5
-	pxor	%xmm5,%xmm6
-	pxor	%xmm6,%xmm0
-
-	pxor	%xmm0,%xmm15
-	pxor	%xmm4,%xmm1
-	pxor	%xmm15,%xmm2
-	pxor	%xmm15,%xmm4
-	pxor	%xmm2,%xmm0
-	movdqa	%xmm2,%xmm10
-	movdqa	%xmm6,%xmm9
-	movdqa	%xmm0,%xmm8
-	movdqa	%xmm3,%xmm12
-	movdqa	%xmm4,%xmm11
-
-	pxor	%xmm15,%xmm10
-	pxor	%xmm3,%xmm9
-	pxor	%xmm5,%xmm8
-	movdqa	%xmm10,%xmm13
-	pxor	%xmm15,%xmm12
-	movdqa	%xmm9,%xmm7
-	pxor	%xmm1,%xmm11
-	movdqa	%xmm10,%xmm14
-
-	por	%xmm8,%xmm9
-	por	%xmm11,%xmm10
-	pxor	%xmm7,%xmm14
-	pand	%xmm11,%xmm13
-	pxor	%xmm8,%xmm11
-	pand	%xmm8,%xmm7
-	pand	%xmm11,%xmm14
-	movdqa	%xmm5,%xmm11
-	pxor	%xmm1,%xmm11
-	pand	%xmm11,%xmm12
-	pxor	%xmm12,%xmm10
-	pxor	%xmm12,%xmm9
-	movdqa	%xmm2,%xmm12
-	movdqa	%xmm0,%xmm11
-	pxor	%xmm6,%xmm12
-	pxor	%xmm4,%xmm11
-	movdqa	%xmm12,%xmm8
-	pand	%xmm11,%xmm12
-	por	%xmm11,%xmm8
-	pxor	%xmm12,%xmm7
-	pxor	%xmm14,%xmm10
-	pxor	%xmm13,%xmm9
-	pxor	%xmm14,%xmm8
-	movdqa	%xmm3,%xmm11
-	pxor	%xmm13,%xmm7
-	movdqa	%xmm15,%xmm12
-	pxor	%xmm13,%xmm8
-	movdqa	%xmm6,%xmm13
-	pand	%xmm5,%xmm11
-	movdqa	%xmm2,%xmm14
-	pand	%xmm1,%xmm12
-	pand	%xmm0,%xmm13
-	por	%xmm4,%xmm14
-	pxor	%xmm11,%xmm10
-	pxor	%xmm12,%xmm9
-	pxor	%xmm13,%xmm8
-	pxor	%xmm14,%xmm7
-
-
-
-
-
-	movdqa	%xmm10,%xmm11
-	pand	%xmm8,%xmm10
-	pxor	%xmm9,%xmm11
-
-	movdqa	%xmm7,%xmm13
-	movdqa	%xmm11,%xmm14
-	pxor	%xmm10,%xmm13
-	pand	%xmm13,%xmm14
-
-	movdqa	%xmm8,%xmm12
-	pxor	%xmm9,%xmm14
-	pxor	%xmm7,%xmm12
-
-	pxor	%xmm9,%xmm10
-
-	pand	%xmm10,%xmm12
-
-	movdqa	%xmm13,%xmm9
-	pxor	%xmm7,%xmm12
-
-	pxor	%xmm12,%xmm9
-	pxor	%xmm12,%xmm8
-
-	pand	%xmm7,%xmm9
-
-	pxor	%xmm9,%xmm13
-	pxor	%xmm9,%xmm8
-
-	pand	%xmm14,%xmm13
-
-	pxor	%xmm11,%xmm13
-	movdqa	%xmm4,%xmm11
-	movdqa	%xmm0,%xmm7
-	movdqa	%xmm14,%xmm9
-	pxor	%xmm13,%xmm9
-	pand	%xmm4,%xmm9
-	pxor	%xmm0,%xmm4
-	pand	%xmm14,%xmm0
-	pand	%xmm13,%xmm4
-	pxor	%xmm0,%xmm4
-	pxor	%xmm9,%xmm0
-	pxor	%xmm1,%xmm11
-	pxor	%xmm5,%xmm7
-	pxor	%xmm12,%xmm14
-	pxor	%xmm8,%xmm13
-	movdqa	%xmm14,%xmm10
-	movdqa	%xmm12,%xmm9
-	pxor	%xmm13,%xmm10
-	pxor	%xmm8,%xmm9
-	pand	%xmm11,%xmm10
-	pand	%xmm1,%xmm9
-	pxor	%xmm7,%xmm11
-	pxor	%xmm5,%xmm1
-	pand	%xmm14,%xmm7
-	pand	%xmm12,%xmm5
-	pand	%xmm13,%xmm11
-	pand	%xmm8,%xmm1
-	pxor	%xmm11,%xmm7
-	pxor	%xmm5,%xmm1
-	pxor	%xmm10,%xmm11
-	pxor	%xmm9,%xmm5
-	pxor	%xmm11,%xmm4
-	pxor	%xmm11,%xmm1
-	pxor	%xmm7,%xmm0
-	pxor	%xmm7,%xmm5
-
-	movdqa	%xmm2,%xmm11
-	movdqa	%xmm6,%xmm7
-	pxor	%xmm15,%xmm11
-	pxor	%xmm3,%xmm7
-	movdqa	%xmm14,%xmm10
-	movdqa	%xmm12,%xmm9
-	pxor	%xmm13,%xmm10
-	pxor	%xmm8,%xmm9
-	pand	%xmm11,%xmm10
-	pand	%xmm15,%xmm9
-	pxor	%xmm7,%xmm11
-	pxor	%xmm3,%xmm15
-	pand	%xmm14,%xmm7
-	pand	%xmm12,%xmm3
-	pand	%xmm13,%xmm11
-	pand	%xmm8,%xmm15
-	pxor	%xmm11,%xmm7
-	pxor	%xmm3,%xmm15
-	pxor	%xmm10,%xmm11
-	pxor	%xmm9,%xmm3
-	pxor	%xmm12,%xmm14
-	pxor	%xmm8,%xmm13
-	movdqa	%xmm14,%xmm10
-	pxor	%xmm13,%xmm10
-	pand	%xmm2,%xmm10
-	pxor	%xmm6,%xmm2
-	pand	%xmm14,%xmm6
-	pand	%xmm13,%xmm2
-	pxor	%xmm6,%xmm2
-	pxor	%xmm10,%xmm6
-	pxor	%xmm11,%xmm2
-	pxor	%xmm11,%xmm15
-	pxor	%xmm7,%xmm6
-	pxor	%xmm7,%xmm3
-	pxor	%xmm6,%xmm0
-	pxor	%xmm4,%xmm5
-
-	pxor	%xmm0,%xmm3
-	pxor	%xmm6,%xmm1
-	pxor	%xmm6,%xmm4
-	pxor	%xmm1,%xmm3
-	pxor	%xmm15,%xmm6
-	pxor	%xmm4,%xmm3
-	pxor	%xmm5,%xmm2
-	pxor	%xmm0,%xmm5
-	pxor	%xmm3,%xmm2
-
-	pxor	%xmm15,%xmm3
-	pxor	%xmm2,%xmm6
-	decl	%r10d
-	jl	.Ldec_done
-
-	pshufd	$78,%xmm15,%xmm7
-	pshufd	$78,%xmm2,%xmm13
-	pxor	%xmm15,%xmm7
-	pshufd	$78,%xmm4,%xmm14
-	pxor	%xmm2,%xmm13
-	pshufd	$78,%xmm0,%xmm8
-	pxor	%xmm4,%xmm14
-	pshufd	$78,%xmm5,%xmm9
-	pxor	%xmm0,%xmm8
-	pshufd	$78,%xmm3,%xmm10
-	pxor	%xmm5,%xmm9
-	pxor	%xmm13,%xmm15
-	pxor	%xmm13,%xmm0
-	pshufd	$78,%xmm1,%xmm11
-	pxor	%xmm3,%xmm10
-	pxor	%xmm7,%xmm5
-	pxor	%xmm8,%xmm3
-	pshufd	$78,%xmm6,%xmm12
-	pxor	%xmm1,%xmm11
-	pxor	%xmm14,%xmm0
-	pxor	%xmm9,%xmm1
-	pxor	%xmm6,%xmm12
-
-	pxor	%xmm14,%xmm5
-	pxor	%xmm13,%xmm3
-	pxor	%xmm13,%xmm1
-	pxor	%xmm10,%xmm6
-	pxor	%xmm11,%xmm2
-	pxor	%xmm14,%xmm1
-	pxor	%xmm14,%xmm6
-	pxor	%xmm12,%xmm4
-	pshufd	$147,%xmm15,%xmm7
-	pshufd	$147,%xmm0,%xmm8
-	pxor	%xmm7,%xmm15
-	pshufd	$147,%xmm5,%xmm9
-	pxor	%xmm8,%xmm0
-	pshufd	$147,%xmm3,%xmm10
-	pxor	%xmm9,%xmm5
-	pshufd	$147,%xmm1,%xmm11
-	pxor	%xmm10,%xmm3
-	pshufd	$147,%xmm6,%xmm12
-	pxor	%xmm11,%xmm1
-	pshufd	$147,%xmm2,%xmm13
-	pxor	%xmm12,%xmm6
-	pshufd	$147,%xmm4,%xmm14
-	pxor	%xmm13,%xmm2
-	pxor	%xmm14,%xmm4
-
-	pxor	%xmm15,%xmm8
-	pxor	%xmm4,%xmm7
-	pxor	%xmm4,%xmm8
-	pshufd	$78,%xmm15,%xmm15
-	pxor	%xmm0,%xmm9
-	pshufd	$78,%xmm0,%xmm0
-	pxor	%xmm1,%xmm12
-	pxor	%xmm7,%xmm15
-	pxor	%xmm6,%xmm13
-	pxor	%xmm8,%xmm0
-	pxor	%xmm3,%xmm11
-	pshufd	$78,%xmm1,%xmm7
-	pxor	%xmm2,%xmm14
-	pshufd	$78,%xmm6,%xmm8
-	pxor	%xmm5,%xmm10
-	pshufd	$78,%xmm3,%xmm1
-	pxor	%xmm4,%xmm10
-	pshufd	$78,%xmm4,%xmm6
-	pxor	%xmm4,%xmm11
-	pshufd	$78,%xmm2,%xmm3
-	pxor	%xmm11,%xmm7
-	pshufd	$78,%xmm5,%xmm2
-	pxor	%xmm12,%xmm8
-	pxor	%xmm1,%xmm10
-	pxor	%xmm14,%xmm6
-	pxor	%xmm3,%xmm13
-	movdqa	%xmm7,%xmm3
-	pxor	%xmm9,%xmm2
-	movdqa	%xmm13,%xmm5
-	movdqa	%xmm8,%xmm4
-	movdqa	%xmm2,%xmm1
-	movdqa	%xmm10,%xmm2
-	movdqa	-16(%r11),%xmm7
-	jnz	.Ldec_loop
-	movdqa	-32(%r11),%xmm7
-	jmp	.Ldec_loop
-.align	16
-.Ldec_done:
-	movdqa	0(%r11),%xmm7
-	movdqa	16(%r11),%xmm8
-	movdqa	%xmm2,%xmm9
-	psrlq	$1,%xmm2
-	movdqa	%xmm1,%xmm10
-	psrlq	$1,%xmm1
-	pxor	%xmm4,%xmm2
-	pxor	%xmm6,%xmm1
-	pand	%xmm7,%xmm2
-	pand	%xmm7,%xmm1
-	pxor	%xmm2,%xmm4
-	psllq	$1,%xmm2
-	pxor	%xmm1,%xmm6
-	psllq	$1,%xmm1
-	pxor	%xmm9,%xmm2
-	pxor	%xmm10,%xmm1
-	movdqa	%xmm5,%xmm9
-	psrlq	$1,%xmm5
-	movdqa	%xmm15,%xmm10
-	psrlq	$1,%xmm15
-	pxor	%xmm3,%xmm5
-	pxor	%xmm0,%xmm15
-	pand	%xmm7,%xmm5
-	pand	%xmm7,%xmm15
-	pxor	%xmm5,%xmm3
-	psllq	$1,%xmm5
-	pxor	%xmm15,%xmm0
-	psllq	$1,%xmm15
-	pxor	%xmm9,%xmm5
-	pxor	%xmm10,%xmm15
-	movdqa	32(%r11),%xmm7
-	movdqa	%xmm6,%xmm9
-	psrlq	$2,%xmm6
-	movdqa	%xmm1,%xmm10
-	psrlq	$2,%xmm1
-	pxor	%xmm4,%xmm6
-	pxor	%xmm2,%xmm1
-	pand	%xmm8,%xmm6
-	pand	%xmm8,%xmm1
-	pxor	%xmm6,%xmm4
-	psllq	$2,%xmm6
-	pxor	%xmm1,%xmm2
-	psllq	$2,%xmm1
-	pxor	%xmm9,%xmm6
-	pxor	%xmm10,%xmm1
-	movdqa	%xmm0,%xmm9
-	psrlq	$2,%xmm0
-	movdqa	%xmm15,%xmm10
-	psrlq	$2,%xmm15
-	pxor	%xmm3,%xmm0
-	pxor	%xmm5,%xmm15
-	pand	%xmm8,%xmm0
-	pand	%xmm8,%xmm15
-	pxor	%xmm0,%xmm3
-	psllq	$2,%xmm0
-	pxor	%xmm15,%xmm5
-	psllq	$2,%xmm15
-	pxor	%xmm9,%xmm0
-	pxor	%xmm10,%xmm15
-	movdqa	%xmm3,%xmm9
-	psrlq	$4,%xmm3
-	movdqa	%xmm5,%xmm10
-	psrlq	$4,%xmm5
-	pxor	%xmm4,%xmm3
-	pxor	%xmm2,%xmm5
-	pand	%xmm7,%xmm3
-	pand	%xmm7,%xmm5
-	pxor	%xmm3,%xmm4
-	psllq	$4,%xmm3
-	pxor	%xmm5,%xmm2
-	psllq	$4,%xmm5
-	pxor	%xmm9,%xmm3
-	pxor	%xmm10,%xmm5
-	movdqa	%xmm0,%xmm9
-	psrlq	$4,%xmm0
-	movdqa	%xmm15,%xmm10
-	psrlq	$4,%xmm15
-	pxor	%xmm6,%xmm0
-	pxor	%xmm1,%xmm15
-	pand	%xmm7,%xmm0
-	pand	%xmm7,%xmm15
-	pxor	%xmm0,%xmm6
-	psllq	$4,%xmm0
-	pxor	%xmm15,%xmm1
-	psllq	$4,%xmm15
-	pxor	%xmm9,%xmm0
-	pxor	%xmm10,%xmm15
-	movdqa	(%rax),%xmm7
-	pxor	%xmm7,%xmm5
-	pxor	%xmm7,%xmm3
-	pxor	%xmm7,%xmm1
-	pxor	%xmm7,%xmm6
-	pxor	%xmm7,%xmm2
-	pxor	%xmm7,%xmm4
-	pxor	%xmm7,%xmm15
-	pxor	%xmm7,%xmm0
-	.byte	0xf3,0xc3
-.size	_bsaes_decrypt8,.-_bsaes_decrypt8
-.type	_bsaes_key_convert,@function
-.align	16
-_bsaes_key_convert:
-	leaq	.Lmasks(%rip),%r11
-	movdqu	(%rcx),%xmm7
-	leaq	16(%rcx),%rcx
-	movdqa	0(%r11),%xmm0
-	movdqa	16(%r11),%xmm1
-	movdqa	32(%r11),%xmm2
-	movdqa	48(%r11),%xmm3
-	movdqa	64(%r11),%xmm4
-	pcmpeqd	%xmm5,%xmm5
-
-	movdqu	(%rcx),%xmm6
-	movdqa	%xmm7,(%rax)
-	leaq	16(%rax),%rax
-	decl	%r10d
-	jmp	.Lkey_loop
-.align	16
-.Lkey_loop:
-.byte	102,15,56,0,244
-
-	movdqa	%xmm0,%xmm8
-	movdqa	%xmm1,%xmm9
-
-	pand	%xmm6,%xmm8
-	pand	%xmm6,%xmm9
-	movdqa	%xmm2,%xmm10
-	pcmpeqb	%xmm0,%xmm8
-	psllq	$4,%xmm0
-	movdqa	%xmm3,%xmm11
-	pcmpeqb	%xmm1,%xmm9
-	psllq	$4,%xmm1
-
-	pand	%xmm6,%xmm10
-	pand	%xmm6,%xmm11
-	movdqa	%xmm0,%xmm12
-	pcmpeqb	%xmm2,%xmm10
-	psllq	$4,%xmm2
-	movdqa	%xmm1,%xmm13
-	pcmpeqb	%xmm3,%xmm11
-	psllq	$4,%xmm3
-
-	movdqa	%xmm2,%xmm14
-	movdqa	%xmm3,%xmm15
-	pxor	%xmm5,%xmm8
-	pxor	%xmm5,%xmm9
-
-	pand	%xmm6,%xmm12
-	pand	%xmm6,%xmm13
-	movdqa	%xmm8,0(%rax)
-	pcmpeqb	%xmm0,%xmm12
-	psrlq	$4,%xmm0
-	movdqa	%xmm9,16(%rax)
-	pcmpeqb	%xmm1,%xmm13
-	psrlq	$4,%xmm1
-	leaq	16(%rcx),%rcx
-
-	pand	%xmm6,%xmm14
-	pand	%xmm6,%xmm15
-	movdqa	%xmm10,32(%rax)
-	pcmpeqb	%xmm2,%xmm14
-	psrlq	$4,%xmm2
-	movdqa	%xmm11,48(%rax)
-	pcmpeqb	%xmm3,%xmm15
-	psrlq	$4,%xmm3
-	movdqu	(%rcx),%xmm6
-
-	pxor	%xmm5,%xmm13
-	pxor	%xmm5,%xmm14
-	movdqa	%xmm12,64(%rax)
-	movdqa	%xmm13,80(%rax)
-	movdqa	%xmm14,96(%rax)
-	movdqa	%xmm15,112(%rax)
-	leaq	128(%rax),%rax
-	decl	%r10d
-	jnz	.Lkey_loop
-
-	movdqa	80(%r11),%xmm7
-
-	.byte	0xf3,0xc3
-.size	_bsaes_key_convert,.-_bsaes_key_convert
-
-.globl	bsaes_cbc_encrypt
-.type	bsaes_cbc_encrypt,@function
-.align	16
-bsaes_cbc_encrypt:
-	cmpl	$0,%r9d
-	jne	asm_AES_cbc_encrypt
-	cmpq	$128,%rdx
-	jb	asm_AES_cbc_encrypt
-
-	movq	%rsp,%rax
-.Lcbc_dec_prologue:
-	pushq	%rbp
-	pushq	%rbx
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	leaq	-72(%rsp),%rsp
-	movq	%rsp,%rbp
-	movl	240(%rcx),%eax
-	movq	%rdi,%r12
-	movq	%rsi,%r13
-	movq	%rdx,%r14
-	movq	%rcx,%r15
-	movq	%r8,%rbx
-	shrq	$4,%r14
-
-	movl	%eax,%edx
-	shlq	$7,%rax
-	subq	$96,%rax
-	subq	%rax,%rsp
-
-	movq	%rsp,%rax
-	movq	%r15,%rcx
-	movl	%edx,%r10d
-	call	_bsaes_key_convert
-	pxor	(%rsp),%xmm7
-	movdqa	%xmm6,(%rax)
-	movdqa	%xmm7,(%rsp)
-
-	movdqu	(%rbx),%xmm14
-	subq	$8,%r14
-.Lcbc_dec_loop:
-	movdqu	0(%r12),%xmm15
-	movdqu	16(%r12),%xmm0
-	movdqu	32(%r12),%xmm1
-	movdqu	48(%r12),%xmm2
-	movdqu	64(%r12),%xmm3
-	movdqu	80(%r12),%xmm4
-	movq	%rsp,%rax
-	movdqu	96(%r12),%xmm5
-	movl	%edx,%r10d
-	movdqu	112(%r12),%xmm6
-	movdqa	%xmm14,32(%rbp)
-
-	call	_bsaes_decrypt8
-
-	pxor	32(%rbp),%xmm15
-	movdqu	0(%r12),%xmm7
-	movdqu	16(%r12),%xmm8
-	pxor	%xmm7,%xmm0
-	movdqu	32(%r12),%xmm9
-	pxor	%xmm8,%xmm5
-	movdqu	48(%r12),%xmm10
-	pxor	%xmm9,%xmm3
-	movdqu	64(%r12),%xmm11
-	pxor	%xmm10,%xmm1
-	movdqu	80(%r12),%xmm12
-	pxor	%xmm11,%xmm6
-	movdqu	96(%r12),%xmm13
-	pxor	%xmm12,%xmm2
-	movdqu	112(%r12),%xmm14
-	pxor	%xmm13,%xmm4
-	movdqu	%xmm15,0(%r13)
-	leaq	128(%r12),%r12
-	movdqu	%xmm0,16(%r13)
-	movdqu	%xmm5,32(%r13)
-	movdqu	%xmm3,48(%r13)
-	movdqu	%xmm1,64(%r13)
-	movdqu	%xmm6,80(%r13)
-	movdqu	%xmm2,96(%r13)
-	movdqu	%xmm4,112(%r13)
-	leaq	128(%r13),%r13
-	subq	$8,%r14
-	jnc	.Lcbc_dec_loop
-
-	addq	$8,%r14
-	jz	.Lcbc_dec_done
-
-	movdqu	0(%r12),%xmm15
-	movq	%rsp,%rax
-	movl	%edx,%r10d
-	cmpq	$2,%r14
-	jb	.Lcbc_dec_one
-	movdqu	16(%r12),%xmm0
-	je	.Lcbc_dec_two
-	movdqu	32(%r12),%xmm1
-	cmpq	$4,%r14
-	jb	.Lcbc_dec_three
-	movdqu	48(%r12),%xmm2
-	je	.Lcbc_dec_four
-	movdqu	64(%r12),%xmm3
-	cmpq	$6,%r14
-	jb	.Lcbc_dec_five
-	movdqu	80(%r12),%xmm4
-	je	.Lcbc_dec_six
-	movdqu	96(%r12),%xmm5
-	movdqa	%xmm14,32(%rbp)
-	call	_bsaes_decrypt8
-	pxor	32(%rbp),%xmm15
-	movdqu	0(%r12),%xmm7
-	movdqu	16(%r12),%xmm8
-	pxor	%xmm7,%xmm0
-	movdqu	32(%r12),%xmm9
-	pxor	%xmm8,%xmm5
-	movdqu	48(%r12),%xmm10
-	pxor	%xmm9,%xmm3
-	movdqu	64(%r12),%xmm11
-	pxor	%xmm10,%xmm1
-	movdqu	80(%r12),%xmm12
-	pxor	%xmm11,%xmm6
-	movdqu	96(%r12),%xmm14
-	pxor	%xmm12,%xmm2
-	movdqu	%xmm15,0(%r13)
-	movdqu	%xmm0,16(%r13)
-	movdqu	%xmm5,32(%r13)
-	movdqu	%xmm3,48(%r13)
-	movdqu	%xmm1,64(%r13)
-	movdqu	%xmm6,80(%r13)
-	movdqu	%xmm2,96(%r13)
-	jmp	.Lcbc_dec_done
-.align	16
-.Lcbc_dec_six:
-	movdqa	%xmm14,32(%rbp)
-	call	_bsaes_decrypt8
-	pxor	32(%rbp),%xmm15
-	movdqu	0(%r12),%xmm7
-	movdqu	16(%r12),%xmm8
-	pxor	%xmm7,%xmm0
-	movdqu	32(%r12),%xmm9
-	pxor	%xmm8,%xmm5
-	movdqu	48(%r12),%xmm10
-	pxor	%xmm9,%xmm3
-	movdqu	64(%r12),%xmm11
-	pxor	%xmm10,%xmm1
-	movdqu	80(%r12),%xmm14
-	pxor	%xmm11,%xmm6
-	movdqu	%xmm15,0(%r13)
-	movdqu	%xmm0,16(%r13)
-	movdqu	%xmm5,32(%r13)
-	movdqu	%xmm3,48(%r13)
-	movdqu	%xmm1,64(%r13)
-	movdqu	%xmm6,80(%r13)
-	jmp	.Lcbc_dec_done
-.align	16
-.Lcbc_dec_five:
-	movdqa	%xmm14,32(%rbp)
-	call	_bsaes_decrypt8
-	pxor	32(%rbp),%xmm15
-	movdqu	0(%r12),%xmm7
-	movdqu	16(%r12),%xmm8
-	pxor	%xmm7,%xmm0
-	movdqu	32(%r12),%xmm9
-	pxor	%xmm8,%xmm5
-	movdqu	48(%r12),%xmm10
-	pxor	%xmm9,%xmm3
-	movdqu	64(%r12),%xmm14
-	pxor	%xmm10,%xmm1
-	movdqu	%xmm15,0(%r13)
-	movdqu	%xmm0,16(%r13)
-	movdqu	%xmm5,32(%r13)
-	movdqu	%xmm3,48(%r13)
-	movdqu	%xmm1,64(%r13)
-	jmp	.Lcbc_dec_done
-.align	16
-.Lcbc_dec_four:
-	movdqa	%xmm14,32(%rbp)
-	call	_bsaes_decrypt8
-	pxor	32(%rbp),%xmm15
-	movdqu	0(%r12),%xmm7
-	movdqu	16(%r12),%xmm8
-	pxor	%xmm7,%xmm0
-	movdqu	32(%r12),%xmm9
-	pxor	%xmm8,%xmm5
-	movdqu	48(%r12),%xmm14
-	pxor	%xmm9,%xmm3
-	movdqu	%xmm15,0(%r13)
-	movdqu	%xmm0,16(%r13)
-	movdqu	%xmm5,32(%r13)
-	movdqu	%xmm3,48(%r13)
-	jmp	.Lcbc_dec_done
-.align	16
-.Lcbc_dec_three:
-	movdqa	%xmm14,32(%rbp)
-	call	_bsaes_decrypt8
-	pxor	32(%rbp),%xmm15
-	movdqu	0(%r12),%xmm7
-	movdqu	16(%r12),%xmm8
-	pxor	%xmm7,%xmm0
-	movdqu	32(%r12),%xmm14
-	pxor	%xmm8,%xmm5
-	movdqu	%xmm15,0(%r13)
-	movdqu	%xmm0,16(%r13)
-	movdqu	%xmm5,32(%r13)
-	jmp	.Lcbc_dec_done
-.align	16
-.Lcbc_dec_two:
-	movdqa	%xmm14,32(%rbp)
-	call	_bsaes_decrypt8
-	pxor	32(%rbp),%xmm15
-	movdqu	0(%r12),%xmm7
-	movdqu	16(%r12),%xmm14
-	pxor	%xmm7,%xmm0
-	movdqu	%xmm15,0(%r13)
-	movdqu	%xmm0,16(%r13)
-	jmp	.Lcbc_dec_done
-.align	16
-.Lcbc_dec_one:
-	leaq	(%r12),%rdi
-	leaq	32(%rbp),%rsi
-	leaq	(%r15),%rdx
-	call	asm_AES_decrypt		
-	pxor	32(%rbp),%xmm14
-	movdqu	%xmm14,(%r13)
-	movdqa	%xmm15,%xmm14
-
-.Lcbc_dec_done:
-	movdqu	%xmm14,(%rbx)
-	leaq	(%rsp),%rax
-	pxor	%xmm0,%xmm0
-.Lcbc_dec_bzero:
-	movdqa	%xmm0,0(%rax)
-	movdqa	%xmm0,16(%rax)
-	leaq	32(%rax),%rax
-	cmpq	%rax,%rbp
-	ja	.Lcbc_dec_bzero
-
-	leaq	(%rbp),%rsp
-	movq	72(%rsp),%r15
-	movq	80(%rsp),%r14
-	movq	88(%rsp),%r13
-	movq	96(%rsp),%r12
-	movq	104(%rsp),%rbx
-	movq	112(%rsp),%rax
-	leaq	120(%rsp),%rsp
-	movq	%rax,%rbp
-.Lcbc_dec_epilogue:
-	.byte	0xf3,0xc3
-.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
-
-.globl	bsaes_ctr32_encrypt_blocks
-.type	bsaes_ctr32_encrypt_blocks,@function
-.align	16
-bsaes_ctr32_encrypt_blocks:
-	movq	%rsp,%rax
-.Lctr_enc_prologue:
-	pushq	%rbp
-	pushq	%rbx
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	leaq	-72(%rsp),%rsp
-	movq	%rsp,%rbp
-	movdqu	(%r8),%xmm0
-	movl	240(%rcx),%eax
-	movq	%rdi,%r12
-	movq	%rsi,%r13
-	movq	%rdx,%r14
-	movq	%rcx,%r15
-	movdqa	%xmm0,32(%rbp)
-	cmpq	$8,%rdx
-	jb	.Lctr_enc_short
-
-	movl	%eax,%ebx
-	shlq	$7,%rax
-	subq	$96,%rax
-	subq	%rax,%rsp
-
-	movq	%rsp,%rax
-	movq	%r15,%rcx
-	movl	%ebx,%r10d
-	call	_bsaes_key_convert
-	pxor	%xmm6,%xmm7
-	movdqa	%xmm7,(%rax)
-
-	movdqa	(%rsp),%xmm8
-	leaq	.LADD1(%rip),%r11
-	movdqa	32(%rbp),%xmm15
-	movdqa	-32(%r11),%xmm7
-.byte	102,68,15,56,0,199
-.byte	102,68,15,56,0,255
-	movdqa	%xmm8,(%rsp)
-	jmp	.Lctr_enc_loop
-.align	16
-.Lctr_enc_loop:
-	movdqa	%xmm15,32(%rbp)
-	movdqa	%xmm15,%xmm0
-	movdqa	%xmm15,%xmm1
-	paddd	0(%r11),%xmm0
-	movdqa	%xmm15,%xmm2
-	paddd	16(%r11),%xmm1
-	movdqa	%xmm15,%xmm3
-	paddd	32(%r11),%xmm2
-	movdqa	%xmm15,%xmm4
-	paddd	48(%r11),%xmm3
-	movdqa	%xmm15,%xmm5
-	paddd	64(%r11),%xmm4
-	movdqa	%xmm15,%xmm6
-	paddd	80(%r11),%xmm5
-	paddd	96(%r11),%xmm6
-
-
-
-	movdqa	(%rsp),%xmm8
-	leaq	16(%rsp),%rax
-	movdqa	-16(%r11),%xmm7
-	pxor	%xmm8,%xmm15
-	pxor	%xmm8,%xmm0
-.byte	102,68,15,56,0,255
-	pxor	%xmm8,%xmm1
-.byte	102,15,56,0,199
-	pxor	%xmm8,%xmm2
-.byte	102,15,56,0,207
-	pxor	%xmm8,%xmm3
-.byte	102,15,56,0,215
-	pxor	%xmm8,%xmm4
-.byte	102,15,56,0,223
-	pxor	%xmm8,%xmm5
-.byte	102,15,56,0,231
-	pxor	%xmm8,%xmm6
-.byte	102,15,56,0,239
-	leaq	.LBS0(%rip),%r11
-.byte	102,15,56,0,247
-	movl	%ebx,%r10d
-
-	call	_bsaes_encrypt8_bitslice
-
-	subq	$8,%r14
-	jc	.Lctr_enc_loop_done
-
-	movdqu	0(%r12),%xmm7
-	movdqu	16(%r12),%xmm8
-	movdqu	32(%r12),%xmm9
-	movdqu	48(%r12),%xmm10
-	movdqu	64(%r12),%xmm11
-	movdqu	80(%r12),%xmm12
-	movdqu	96(%r12),%xmm13
-	movdqu	112(%r12),%xmm14
-	leaq	128(%r12),%r12
-	pxor	%xmm15,%xmm7
-	movdqa	32(%rbp),%xmm15
-	pxor	%xmm8,%xmm0
-	movdqu	%xmm7,0(%r13)
-	pxor	%xmm9,%xmm3
-	movdqu	%xmm0,16(%r13)
-	pxor	%xmm10,%xmm5
-	movdqu	%xmm3,32(%r13)
-	pxor	%xmm11,%xmm2
-	movdqu	%xmm5,48(%r13)
-	pxor	%xmm12,%xmm6
-	movdqu	%xmm2,64(%r13)
-	pxor	%xmm13,%xmm1
-	movdqu	%xmm6,80(%r13)
-	pxor	%xmm14,%xmm4
-	movdqu	%xmm1,96(%r13)
-	leaq	.LADD1(%rip),%r11
-	movdqu	%xmm4,112(%r13)
-	leaq	128(%r13),%r13
-	paddd	112(%r11),%xmm15
-	jnz	.Lctr_enc_loop
-
-	jmp	.Lctr_enc_done
-.align	16
-.Lctr_enc_loop_done:
-	addq	$8,%r14
-	movdqu	0(%r12),%xmm7
-	pxor	%xmm7,%xmm15
-	movdqu	%xmm15,0(%r13)
-	cmpq	$2,%r14
-	jb	.Lctr_enc_done
-	movdqu	16(%r12),%xmm8
-	pxor	%xmm8,%xmm0
-	movdqu	%xmm0,16(%r13)
-	je	.Lctr_enc_done
-	movdqu	32(%r12),%xmm9
-	pxor	%xmm9,%xmm3
-	movdqu	%xmm3,32(%r13)
-	cmpq	$4,%r14
-	jb	.Lctr_enc_done
-	movdqu	48(%r12),%xmm10
-	pxor	%xmm10,%xmm5
-	movdqu	%xmm5,48(%r13)
-	je	.Lctr_enc_done
-	movdqu	64(%r12),%xmm11
-	pxor	%xmm11,%xmm2
-	movdqu	%xmm2,64(%r13)
-	cmpq	$6,%r14
-	jb	.Lctr_enc_done
-	movdqu	80(%r12),%xmm12
-	pxor	%xmm12,%xmm6
-	movdqu	%xmm6,80(%r13)
-	je	.Lctr_enc_done
-	movdqu	96(%r12),%xmm13
-	pxor	%xmm13,%xmm1
-	movdqu	%xmm1,96(%r13)
-	jmp	.Lctr_enc_done
-
-.align	16
-.Lctr_enc_short:
-	leaq	32(%rbp),%rdi
-	leaq	48(%rbp),%rsi
-	leaq	(%r15),%rdx
-	call	asm_AES_encrypt
-	movdqu	(%r12),%xmm0
-	leaq	16(%r12),%r12
-	movl	44(%rbp),%eax
-	bswapl	%eax
-	pxor	48(%rbp),%xmm0
-	incl	%eax
-	movdqu	%xmm0,(%r13)
-	bswapl	%eax
-	leaq	16(%r13),%r13
-	movl	%eax,44(%rsp)
-	decq	%r14
-	jnz	.Lctr_enc_short
-
-.Lctr_enc_done:
-	leaq	(%rsp),%rax
-	pxor	%xmm0,%xmm0
-.Lctr_enc_bzero:
-	movdqa	%xmm0,0(%rax)
-	movdqa	%xmm0,16(%rax)
-	leaq	32(%rax),%rax
-	cmpq	%rax,%rbp
-	ja	.Lctr_enc_bzero
-
-	leaq	(%rbp),%rsp
-	movq	72(%rsp),%r15
-	movq	80(%rsp),%r14
-	movq	88(%rsp),%r13
-	movq	96(%rsp),%r12
-	movq	104(%rsp),%rbx
-	movq	112(%rsp),%rax
-	leaq	120(%rsp),%rsp
-	movq	%rax,%rbp
-.Lctr_enc_epilogue:
-	.byte	0xf3,0xc3
-.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
-.globl	bsaes_xts_encrypt
-.type	bsaes_xts_encrypt,@function
-.align	16
-bsaes_xts_encrypt:
-	movq	%rsp,%rax
-.Lxts_enc_prologue:
-	pushq	%rbp
-	pushq	%rbx
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	leaq	-72(%rsp),%rsp
-	movq	%rsp,%rbp
-	movq	%rdi,%r12
-	movq	%rsi,%r13
-	movq	%rdx,%r14
-	movq	%rcx,%r15
-
-	leaq	(%r9),%rdi
-	leaq	32(%rbp),%rsi
-	leaq	(%r8),%rdx
-	call	asm_AES_encrypt		
-
-	movl	240(%r15),%eax
-	movq	%r14,%rbx
-
-	movl	%eax,%edx
-	shlq	$7,%rax
-	subq	$96,%rax
-	subq	%rax,%rsp
-
-	movq	%rsp,%rax
-	movq	%r15,%rcx
-	movl	%edx,%r10d
-	call	_bsaes_key_convert
-	pxor	%xmm6,%xmm7
-	movdqa	%xmm7,(%rax)
-
-	andq	$-16,%r14
-	subq	$128,%rsp
-	movdqa	32(%rbp),%xmm6
-
-	pxor	%xmm14,%xmm14
-	movdqa	.Lxts_magic(%rip),%xmm12
-	pcmpgtd	%xmm6,%xmm14
-
-	subq	$128,%r14
-	jc	.Lxts_enc_short
-	jmp	.Lxts_enc_loop
-
-.align	16
-.Lxts_enc_loop:
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm15
-	movdqa	%xmm6,0(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm0
-	movdqa	%xmm6,16(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	0(%r12),%xmm7
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm1
-	movdqa	%xmm6,32(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	16(%r12),%xmm8
-	pxor	%xmm7,%xmm15
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm2
-	movdqa	%xmm6,48(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	32(%r12),%xmm9
-	pxor	%xmm8,%xmm0
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm3
-	movdqa	%xmm6,64(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	48(%r12),%xmm10
-	pxor	%xmm9,%xmm1
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm4
-	movdqa	%xmm6,80(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	64(%r12),%xmm11
-	pxor	%xmm10,%xmm2
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm5
-	movdqa	%xmm6,96(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	80(%r12),%xmm12
-	pxor	%xmm11,%xmm3
-	movdqu	96(%r12),%xmm13
-	pxor	%xmm12,%xmm4
-	movdqu	112(%r12),%xmm14
-	leaq	128(%r12),%r12
-	movdqa	%xmm6,112(%rsp)
-	pxor	%xmm13,%xmm5
-	leaq	128(%rsp),%rax
-	pxor	%xmm14,%xmm6
-	movl	%edx,%r10d
-
-	call	_bsaes_encrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	pxor	32(%rsp),%xmm3
-	movdqu	%xmm0,16(%r13)
-	pxor	48(%rsp),%xmm5
-	movdqu	%xmm3,32(%r13)
-	pxor	64(%rsp),%xmm2
-	movdqu	%xmm5,48(%r13)
-	pxor	80(%rsp),%xmm6
-	movdqu	%xmm2,64(%r13)
-	pxor	96(%rsp),%xmm1
-	movdqu	%xmm6,80(%r13)
-	pxor	112(%rsp),%xmm4
-	movdqu	%xmm1,96(%r13)
-	movdqu	%xmm4,112(%r13)
-	leaq	128(%r13),%r13
-
-	movdqa	112(%rsp),%xmm6
-	pxor	%xmm14,%xmm14
-	movdqa	.Lxts_magic(%rip),%xmm12
-	pcmpgtd	%xmm6,%xmm14
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-
-	subq	$128,%r14
-	jnc	.Lxts_enc_loop
-
-.Lxts_enc_short:
-	addq	$128,%r14
-	jz	.Lxts_enc_done
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm15
-	movdqa	%xmm6,0(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm0
-	movdqa	%xmm6,16(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	0(%r12),%xmm7
-	cmpq	$16,%r14
-	je	.Lxts_enc_1
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm1
-	movdqa	%xmm6,32(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	16(%r12),%xmm8
-	cmpq	$32,%r14
-	je	.Lxts_enc_2
-	pxor	%xmm7,%xmm15
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm2
-	movdqa	%xmm6,48(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	32(%r12),%xmm9
-	cmpq	$48,%r14
-	je	.Lxts_enc_3
-	pxor	%xmm8,%xmm0
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm3
-	movdqa	%xmm6,64(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	48(%r12),%xmm10
-	cmpq	$64,%r14
-	je	.Lxts_enc_4
-	pxor	%xmm9,%xmm1
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm4
-	movdqa	%xmm6,80(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	64(%r12),%xmm11
-	cmpq	$80,%r14
-	je	.Lxts_enc_5
-	pxor	%xmm10,%xmm2
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm5
-	movdqa	%xmm6,96(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	80(%r12),%xmm12
-	cmpq	$96,%r14
-	je	.Lxts_enc_6
-	pxor	%xmm11,%xmm3
-	movdqu	96(%r12),%xmm13
-	pxor	%xmm12,%xmm4
-	movdqa	%xmm6,112(%rsp)
-	leaq	112(%r12),%r12
-	pxor	%xmm13,%xmm5
-	leaq	128(%rsp),%rax
-	movl	%edx,%r10d
-
-	call	_bsaes_encrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	pxor	32(%rsp),%xmm3
-	movdqu	%xmm0,16(%r13)
-	pxor	48(%rsp),%xmm5
-	movdqu	%xmm3,32(%r13)
-	pxor	64(%rsp),%xmm2
-	movdqu	%xmm5,48(%r13)
-	pxor	80(%rsp),%xmm6
-	movdqu	%xmm2,64(%r13)
-	pxor	96(%rsp),%xmm1
-	movdqu	%xmm6,80(%r13)
-	movdqu	%xmm1,96(%r13)
-	leaq	112(%r13),%r13
-
-	movdqa	112(%rsp),%xmm6
-	jmp	.Lxts_enc_done
-.align	16
-.Lxts_enc_6:
-	pxor	%xmm11,%xmm3
-	leaq	96(%r12),%r12
-	pxor	%xmm12,%xmm4
-	leaq	128(%rsp),%rax
-	movl	%edx,%r10d
-
-	call	_bsaes_encrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	pxor	32(%rsp),%xmm3
-	movdqu	%xmm0,16(%r13)
-	pxor	48(%rsp),%xmm5
-	movdqu	%xmm3,32(%r13)
-	pxor	64(%rsp),%xmm2
-	movdqu	%xmm5,48(%r13)
-	pxor	80(%rsp),%xmm6
-	movdqu	%xmm2,64(%r13)
-	movdqu	%xmm6,80(%r13)
-	leaq	96(%r13),%r13
-
-	movdqa	96(%rsp),%xmm6
-	jmp	.Lxts_enc_done
-.align	16
-.Lxts_enc_5:
-	pxor	%xmm10,%xmm2
-	leaq	80(%r12),%r12
-	pxor	%xmm11,%xmm3
-	leaq	128(%rsp),%rax
-	movl	%edx,%r10d
-
-	call	_bsaes_encrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	pxor	32(%rsp),%xmm3
-	movdqu	%xmm0,16(%r13)
-	pxor	48(%rsp),%xmm5
-	movdqu	%xmm3,32(%r13)
-	pxor	64(%rsp),%xmm2
-	movdqu	%xmm5,48(%r13)
-	movdqu	%xmm2,64(%r13)
-	leaq	80(%r13),%r13
-
-	movdqa	80(%rsp),%xmm6
-	jmp	.Lxts_enc_done
-.align	16
-.Lxts_enc_4:
-	pxor	%xmm9,%xmm1
-	leaq	64(%r12),%r12
-	pxor	%xmm10,%xmm2
-	leaq	128(%rsp),%rax
-	movl	%edx,%r10d
-
-	call	_bsaes_encrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	pxor	32(%rsp),%xmm3
-	movdqu	%xmm0,16(%r13)
-	pxor	48(%rsp),%xmm5
-	movdqu	%xmm3,32(%r13)
-	movdqu	%xmm5,48(%r13)
-	leaq	64(%r13),%r13
-
-	movdqa	64(%rsp),%xmm6
-	jmp	.Lxts_enc_done
-.align	16
-.Lxts_enc_3:
-	pxor	%xmm8,%xmm0
-	leaq	48(%r12),%r12
-	pxor	%xmm9,%xmm1
-	leaq	128(%rsp),%rax
-	movl	%edx,%r10d
-
-	call	_bsaes_encrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	pxor	32(%rsp),%xmm3
-	movdqu	%xmm0,16(%r13)
-	movdqu	%xmm3,32(%r13)
-	leaq	48(%r13),%r13
-
-	movdqa	48(%rsp),%xmm6
-	jmp	.Lxts_enc_done
-.align	16
-.Lxts_enc_2:
-	pxor	%xmm7,%xmm15
-	leaq	32(%r12),%r12
-	pxor	%xmm8,%xmm0
-	leaq	128(%rsp),%rax
-	movl	%edx,%r10d
-
-	call	_bsaes_encrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	movdqu	%xmm0,16(%r13)
-	leaq	32(%r13),%r13
-
-	movdqa	32(%rsp),%xmm6
-	jmp	.Lxts_enc_done
-.align	16
-.Lxts_enc_1:
-	pxor	%xmm15,%xmm7
-	leaq	16(%r12),%r12
-	movdqa	%xmm7,32(%rbp)
-	leaq	32(%rbp),%rdi
-	leaq	32(%rbp),%rsi
-	leaq	(%r15),%rdx
-	call	asm_AES_encrypt		
-	pxor	32(%rbp),%xmm15
-
-
-
-
-
-	movdqu	%xmm15,0(%r13)
-	leaq	16(%r13),%r13
-
-	movdqa	16(%rsp),%xmm6
-
-.Lxts_enc_done:
-	andl	$15,%ebx
-	jz	.Lxts_enc_ret
-	movq	%r13,%rdx
-
-.Lxts_enc_steal:
-	movzbl	(%r12),%eax
-	movzbl	-16(%rdx),%ecx
-	leaq	1(%r12),%r12
-	movb	%al,-16(%rdx)
-	movb	%cl,0(%rdx)
-	leaq	1(%rdx),%rdx
-	subl	$1,%ebx
-	jnz	.Lxts_enc_steal
-
-	movdqu	-16(%r13),%xmm15
-	leaq	32(%rbp),%rdi
-	pxor	%xmm6,%xmm15
-	leaq	32(%rbp),%rsi
-	movdqa	%xmm15,32(%rbp)
-	leaq	(%r15),%rdx
-	call	asm_AES_encrypt		
-	pxor	32(%rbp),%xmm6
-	movdqu	%xmm6,-16(%r13)
-
-.Lxts_enc_ret:
-	leaq	(%rsp),%rax
-	pxor	%xmm0,%xmm0
-.Lxts_enc_bzero:
-	movdqa	%xmm0,0(%rax)
-	movdqa	%xmm0,16(%rax)
-	leaq	32(%rax),%rax
-	cmpq	%rax,%rbp
-	ja	.Lxts_enc_bzero
-
-	leaq	(%rbp),%rsp
-	movq	72(%rsp),%r15
-	movq	80(%rsp),%r14
-	movq	88(%rsp),%r13
-	movq	96(%rsp),%r12
-	movq	104(%rsp),%rbx
-	movq	112(%rsp),%rax
-	leaq	120(%rsp),%rsp
-	movq	%rax,%rbp
-.Lxts_enc_epilogue:
-	.byte	0xf3,0xc3
-.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt
-
-.globl	bsaes_xts_decrypt
-.type	bsaes_xts_decrypt,@function
-.align	16
-bsaes_xts_decrypt:
-	movq	%rsp,%rax
-.Lxts_dec_prologue:
-	pushq	%rbp
-	pushq	%rbx
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	leaq	-72(%rsp),%rsp
-	movq	%rsp,%rbp
-	movq	%rdi,%r12
-	movq	%rsi,%r13
-	movq	%rdx,%r14
-	movq	%rcx,%r15
-
-	leaq	(%r9),%rdi
-	leaq	32(%rbp),%rsi
-	leaq	(%r8),%rdx
-	call	asm_AES_encrypt		
-
-	movl	240(%r15),%eax
-	movq	%r14,%rbx
-
-	movl	%eax,%edx
-	shlq	$7,%rax
-	subq	$96,%rax
-	subq	%rax,%rsp
-
-	movq	%rsp,%rax
-	movq	%r15,%rcx
-	movl	%edx,%r10d
-	call	_bsaes_key_convert
-	pxor	(%rsp),%xmm7
-	movdqa	%xmm6,(%rax)
-	movdqa	%xmm7,(%rsp)
-
-	xorl	%eax,%eax
-	andq	$-16,%r14
-	testl	$15,%ebx
-	setnz	%al
-	shlq	$4,%rax
-	subq	%rax,%r14
-
-	subq	$128,%rsp
-	movdqa	32(%rbp),%xmm6
-
-	pxor	%xmm14,%xmm14
-	movdqa	.Lxts_magic(%rip),%xmm12
-	pcmpgtd	%xmm6,%xmm14
-
-	subq	$128,%r14
-	jc	.Lxts_dec_short
-	jmp	.Lxts_dec_loop
-
-.align	16
-.Lxts_dec_loop:
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm15
-	movdqa	%xmm6,0(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm0
-	movdqa	%xmm6,16(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	0(%r12),%xmm7
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm1
-	movdqa	%xmm6,32(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	16(%r12),%xmm8
-	pxor	%xmm7,%xmm15
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm2
-	movdqa	%xmm6,48(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	32(%r12),%xmm9
-	pxor	%xmm8,%xmm0
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm3
-	movdqa	%xmm6,64(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	48(%r12),%xmm10
-	pxor	%xmm9,%xmm1
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm4
-	movdqa	%xmm6,80(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	64(%r12),%xmm11
-	pxor	%xmm10,%xmm2
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm5
-	movdqa	%xmm6,96(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	80(%r12),%xmm12
-	pxor	%xmm11,%xmm3
-	movdqu	96(%r12),%xmm13
-	pxor	%xmm12,%xmm4
-	movdqu	112(%r12),%xmm14
-	leaq	128(%r12),%r12
-	movdqa	%xmm6,112(%rsp)
-	pxor	%xmm13,%xmm5
-	leaq	128(%rsp),%rax
-	pxor	%xmm14,%xmm6
-	movl	%edx,%r10d
-
-	call	_bsaes_decrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	pxor	32(%rsp),%xmm5
-	movdqu	%xmm0,16(%r13)
-	pxor	48(%rsp),%xmm3
-	movdqu	%xmm5,32(%r13)
-	pxor	64(%rsp),%xmm1
-	movdqu	%xmm3,48(%r13)
-	pxor	80(%rsp),%xmm6
-	movdqu	%xmm1,64(%r13)
-	pxor	96(%rsp),%xmm2
-	movdqu	%xmm6,80(%r13)
-	pxor	112(%rsp),%xmm4
-	movdqu	%xmm2,96(%r13)
-	movdqu	%xmm4,112(%r13)
-	leaq	128(%r13),%r13
-
-	movdqa	112(%rsp),%xmm6
-	pxor	%xmm14,%xmm14
-	movdqa	.Lxts_magic(%rip),%xmm12
-	pcmpgtd	%xmm6,%xmm14
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-
-	subq	$128,%r14
-	jnc	.Lxts_dec_loop
-
-.Lxts_dec_short:
-	addq	$128,%r14
-	jz	.Lxts_dec_done
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm15
-	movdqa	%xmm6,0(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm0
-	movdqa	%xmm6,16(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	0(%r12),%xmm7
-	cmpq	$16,%r14
-	je	.Lxts_dec_1
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm1
-	movdqa	%xmm6,32(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	16(%r12),%xmm8
-	cmpq	$32,%r14
-	je	.Lxts_dec_2
-	pxor	%xmm7,%xmm15
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm2
-	movdqa	%xmm6,48(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	32(%r12),%xmm9
-	cmpq	$48,%r14
-	je	.Lxts_dec_3
-	pxor	%xmm8,%xmm0
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm3
-	movdqa	%xmm6,64(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	48(%r12),%xmm10
-	cmpq	$64,%r14
-	je	.Lxts_dec_4
-	pxor	%xmm9,%xmm1
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm4
-	movdqa	%xmm6,80(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	64(%r12),%xmm11
-	cmpq	$80,%r14
-	je	.Lxts_dec_5
-	pxor	%xmm10,%xmm2
-	pshufd	$19,%xmm14,%xmm13
-	pxor	%xmm14,%xmm14
-	movdqa	%xmm6,%xmm5
-	movdqa	%xmm6,96(%rsp)
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	pcmpgtd	%xmm6,%xmm14
-	pxor	%xmm13,%xmm6
-	movdqu	80(%r12),%xmm12
-	cmpq	$96,%r14
-	je	.Lxts_dec_6
-	pxor	%xmm11,%xmm3
-	movdqu	96(%r12),%xmm13
-	pxor	%xmm12,%xmm4
-	movdqa	%xmm6,112(%rsp)
-	leaq	112(%r12),%r12
-	pxor	%xmm13,%xmm5
-	leaq	128(%rsp),%rax
-	movl	%edx,%r10d
-
-	call	_bsaes_decrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	pxor	32(%rsp),%xmm5
-	movdqu	%xmm0,16(%r13)
-	pxor	48(%rsp),%xmm3
-	movdqu	%xmm5,32(%r13)
-	pxor	64(%rsp),%xmm1
-	movdqu	%xmm3,48(%r13)
-	pxor	80(%rsp),%xmm6
-	movdqu	%xmm1,64(%r13)
-	pxor	96(%rsp),%xmm2
-	movdqu	%xmm6,80(%r13)
-	movdqu	%xmm2,96(%r13)
-	leaq	112(%r13),%r13
-
-	movdqa	112(%rsp),%xmm6
-	jmp	.Lxts_dec_done
-.align	16
-.Lxts_dec_6:
-	pxor	%xmm11,%xmm3
-	leaq	96(%r12),%r12
-	pxor	%xmm12,%xmm4
-	leaq	128(%rsp),%rax
-	movl	%edx,%r10d
-
-	call	_bsaes_decrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	pxor	32(%rsp),%xmm5
-	movdqu	%xmm0,16(%r13)
-	pxor	48(%rsp),%xmm3
-	movdqu	%xmm5,32(%r13)
-	pxor	64(%rsp),%xmm1
-	movdqu	%xmm3,48(%r13)
-	pxor	80(%rsp),%xmm6
-	movdqu	%xmm1,64(%r13)
-	movdqu	%xmm6,80(%r13)
-	leaq	96(%r13),%r13
-
-	movdqa	96(%rsp),%xmm6
-	jmp	.Lxts_dec_done
-.align	16
-.Lxts_dec_5:
-	pxor	%xmm10,%xmm2
-	leaq	80(%r12),%r12
-	pxor	%xmm11,%xmm3
-	leaq	128(%rsp),%rax
-	movl	%edx,%r10d
-
-	call	_bsaes_decrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	pxor	32(%rsp),%xmm5
-	movdqu	%xmm0,16(%r13)
-	pxor	48(%rsp),%xmm3
-	movdqu	%xmm5,32(%r13)
-	pxor	64(%rsp),%xmm1
-	movdqu	%xmm3,48(%r13)
-	movdqu	%xmm1,64(%r13)
-	leaq	80(%r13),%r13
-
-	movdqa	80(%rsp),%xmm6
-	jmp	.Lxts_dec_done
-.align	16
-.Lxts_dec_4:
-	pxor	%xmm9,%xmm1
-	leaq	64(%r12),%r12
-	pxor	%xmm10,%xmm2
-	leaq	128(%rsp),%rax
-	movl	%edx,%r10d
-
-	call	_bsaes_decrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	pxor	32(%rsp),%xmm5
-	movdqu	%xmm0,16(%r13)
-	pxor	48(%rsp),%xmm3
-	movdqu	%xmm5,32(%r13)
-	movdqu	%xmm3,48(%r13)
-	leaq	64(%r13),%r13
-
-	movdqa	64(%rsp),%xmm6
-	jmp	.Lxts_dec_done
-.align	16
-.Lxts_dec_3:
-	pxor	%xmm8,%xmm0
-	leaq	48(%r12),%r12
-	pxor	%xmm9,%xmm1
-	leaq	128(%rsp),%rax
-	movl	%edx,%r10d
-
-	call	_bsaes_decrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	pxor	32(%rsp),%xmm5
-	movdqu	%xmm0,16(%r13)
-	movdqu	%xmm5,32(%r13)
-	leaq	48(%r13),%r13
-
-	movdqa	48(%rsp),%xmm6
-	jmp	.Lxts_dec_done
-.align	16
-.Lxts_dec_2:
-	pxor	%xmm7,%xmm15
-	leaq	32(%r12),%r12
-	pxor	%xmm8,%xmm0
-	leaq	128(%rsp),%rax
-	movl	%edx,%r10d
-
-	call	_bsaes_decrypt8
-
-	pxor	0(%rsp),%xmm15
-	pxor	16(%rsp),%xmm0
-	movdqu	%xmm15,0(%r13)
-	movdqu	%xmm0,16(%r13)
-	leaq	32(%r13),%r13
-
-	movdqa	32(%rsp),%xmm6
-	jmp	.Lxts_dec_done
-.align	16
-.Lxts_dec_1:
-	pxor	%xmm15,%xmm7
-	leaq	16(%r12),%r12
-	movdqa	%xmm7,32(%rbp)
-	leaq	32(%rbp),%rdi
-	leaq	32(%rbp),%rsi
-	leaq	(%r15),%rdx
-	call	asm_AES_decrypt		
-	pxor	32(%rbp),%xmm15
-
-
-
-
-
-	movdqu	%xmm15,0(%r13)
-	leaq	16(%r13),%r13
-
-	movdqa	16(%rsp),%xmm6
-
-.Lxts_dec_done:
-	andl	$15,%ebx
-	jz	.Lxts_dec_ret
-
-	pxor	%xmm14,%xmm14
-	movdqa	.Lxts_magic(%rip),%xmm12
-	pcmpgtd	%xmm6,%xmm14
-	pshufd	$19,%xmm14,%xmm13
-	movdqa	%xmm6,%xmm5
-	paddq	%xmm6,%xmm6
-	pand	%xmm12,%xmm13
-	movdqu	(%r12),%xmm15
-	pxor	%xmm13,%xmm6
-
-	leaq	32(%rbp),%rdi
-	pxor	%xmm6,%xmm15
-	leaq	32(%rbp),%rsi
-	movdqa	%xmm15,32(%rbp)
-	leaq	(%r15),%rdx
-	call	asm_AES_decrypt		
-	pxor	32(%rbp),%xmm6
-	movq	%r13,%rdx
-	movdqu	%xmm6,(%r13)
-
-.Lxts_dec_steal:
-	movzbl	16(%r12),%eax
-	movzbl	(%rdx),%ecx
-	leaq	1(%r12),%r12
-	movb	%al,(%rdx)
-	movb	%cl,16(%rdx)
-	leaq	1(%rdx),%rdx
-	subl	$1,%ebx
-	jnz	.Lxts_dec_steal
-
-	movdqu	(%r13),%xmm15
-	leaq	32(%rbp),%rdi
-	pxor	%xmm5,%xmm15
-	leaq	32(%rbp),%rsi
-	movdqa	%xmm15,32(%rbp)
-	leaq	(%r15),%rdx
-	call	asm_AES_decrypt		
-	pxor	32(%rbp),%xmm5
-	movdqu	%xmm5,(%r13)
-
-.Lxts_dec_ret:
-	leaq	(%rsp),%rax
-	pxor	%xmm0,%xmm0
-.Lxts_dec_bzero:
-	movdqa	%xmm0,0(%rax)
-	movdqa	%xmm0,16(%rax)
-	leaq	32(%rax),%rax
-	cmpq	%rax,%rbp
-	ja	.Lxts_dec_bzero
-
-	leaq	(%rbp),%rsp
-	movq	72(%rsp),%r15
-	movq	80(%rsp),%r14
-	movq	88(%rsp),%r13
-	movq	96(%rsp),%r12
-	movq	104(%rsp),%rbx
-	movq	112(%rsp),%rax
-	leaq	120(%rsp),%rsp
-	movq	%rax,%rbp
-.Lxts_dec_epilogue:
-	.byte	0xf3,0xc3
-.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
-.type	_bsaes_const,@object
-.align	64
-_bsaes_const:
-.LM0ISR:
-.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
-.LISRM0:
-.quad	0x01040b0e0205080f, 0x0306090c00070a0d
-.LISR:
-.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
-.LBS0:
-.quad	0x5555555555555555, 0x5555555555555555
-.LBS1:
-.quad	0x3333333333333333, 0x3333333333333333
-.LBS2:
-.quad	0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
-.LSR:
-.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
-.LSRM0:
-.quad	0x0304090e00050a0f, 0x01060b0c0207080d
-.LM0SR:
-.quad	0x0a0e02060f03070b, 0x0004080c05090d01
-.LSWPUP:
-.quad	0x0706050403020100, 0x0c0d0e0f0b0a0908
-.LSWPUPM0SR:
-.quad	0x0a0d02060c03070b, 0x0004080f05090e01
-.LADD1:
-.quad	0x0000000000000000, 0x0000000100000000
-.LADD2:
-.quad	0x0000000000000000, 0x0000000200000000
-.LADD3:
-.quad	0x0000000000000000, 0x0000000300000000
-.LADD4:
-.quad	0x0000000000000000, 0x0000000400000000
-.LADD5:
-.quad	0x0000000000000000, 0x0000000500000000
-.LADD6:
-.quad	0x0000000000000000, 0x0000000600000000
-.LADD7:
-.quad	0x0000000000000000, 0x0000000700000000
-.LADD8:
-.quad	0x0000000000000000, 0x0000000800000000
-.Lxts_magic:
-.long	0x87,0,1,0
-.Lmasks:
-.quad	0x0101010101010101, 0x0101010101010101
-.quad	0x0202020202020202, 0x0202020202020202
-.quad	0x0404040404040404, 0x0404040404040404
-.quad	0x0808080808080808, 0x0808080808080808
-.LM0:
-.quad	0x02060a0e03070b0f, 0x0004080c0105090d
-.L63:
-.quad	0x6363636363636363, 0x6363636363636363
-.byte	66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,69,109,105,108,105,97,32,75,195,164,115,112,101,114,44,32,80,101,116,101,114,32,83,99,104,119,97,98,101,44,32,65,110,100,121,32,80,111,108,121,97,107,111,118,0
-.align	64
-.size	_bsaes_const,.-_bsaes_const
diff --git a/crypto/aes/asm/bsaes-x86_64.pl b/crypto/aes/asm/bsaes-x86_64.pl
deleted file mode 100644
index 41b90f0844..0000000000
--- a/crypto/aes/asm/bsaes-x86_64.pl
+++ /dev/null
@@ -1,3108 +0,0 @@
-#!/usr/bin/env perl
-
-###################################################################
-### AES-128 [originally in CTR mode]				###
-### bitsliced implementation for Intel Core 2 processors	###
-### requires support of SSE extensions up to SSSE3		###
-### Author: Emilia Käsper and Peter Schwabe			###
-### Date: 2009-03-19						###
-### Public domain						###
-###								###
-### See http://homes.esat.kuleuven.be/~ekasper/#software for	###
-### further information.					###
-###################################################################
-#
-# September 2011.
-#
-# Started as transliteration to "perlasm" the original code has
-# undergone following changes:
-#
-# - code was made position-independent;
-# - rounds were folded into a loop resulting in >5x size reduction
-#   from 12.5KB to 2.2KB;
-# - above was possibile thanks to mixcolumns() modification that
-#   allowed to feed its output back to aesenc[last], this was
-#   achieved at cost of two additional inter-registers moves;
-# - some instruction reordering and interleaving;
-# - this module doesn't implement key setup subroutine, instead it
-#   relies on conversion of "conventional" key schedule as returned
-#   by AES_set_encrypt_key (see discussion below);
-# - first and last round keys are treated differently, which allowed
-#   to skip one shiftrows(), reduce bit-sliced key schedule and
-#   speed-up conversion by 22%;
-# - support for 192- and 256-bit keys was added;
-#
-# Resulting performance in CPU cycles spent to encrypt one byte out
-# of 4096-byte buffer with 128-bit key is:
-#
-#		Emilia's	this(*)		difference
-#
-# Core 2    	9.30		8.69		+7%
-# Nehalem(**) 	7.63		6.98		+9%
-# Atom	    	17.1		17.4		-2%(***)
-#
-# (*)	Comparison is not completely fair, because "this" is ECB,
-#	i.e. no extra processing such as counter values calculation
-#	and xor-ing input as in Emilia's CTR implementation is
-#	performed. However, the CTR calculations stand for not more
-#	than 1% of total time, so comparison is *rather* fair.
-#
-# (**)	Results were collected on Westmere, which is considered to
-#	be equivalent to Nehalem for this code.
-#
-# (***)	Slowdown on Atom is rather strange per se, because original
-#	implementation has a number of 9+-bytes instructions, which
-#	are bad for Atom front-end, and which I eliminated completely.
-#	In attempt to address deterioration sbox() was tested in FP
-#	SIMD "domain" (movaps instead of movdqa, xorps instead of
-#	pxor, etc.). While it resulted in nominal 4% improvement on
-#	Atom, it hurted Westmere by more than 2x factor.
-#
-# As for key schedule conversion subroutine. Interface to OpenSSL
-# relies on per-invocation on-the-fly conversion. This naturally
-# has impact on performance, especially for short inputs. Conversion
-# time in CPU cycles and its ratio to CPU cycles spent in 8x block
-# function is:
-#
-# 		conversion	conversion/8x block
-# Core 2	240		0.22
-# Nehalem	180		0.20
-# Atom		430		0.19
-#
-# The ratio values mean that 128-byte blocks will be processed
-# 16-18% slower, 256-byte blocks - 9-10%, 384-byte blocks - 6-7%,
-# etc. Then keep in mind that input sizes not divisible by 128 are
-# *effectively* slower, especially shortest ones, e.g. consecutive
-# 144-byte blocks are processed 44% slower than one would expect,
-# 272 - 29%, 400 - 22%, etc. Yet, despite all these "shortcomings"
-# it's still faster than ["hyper-threading-safe" code path in]
-# aes-x86_64.pl on all lengths above 64 bytes...
-#
-# October 2011.
-#
-# Add decryption procedure. Performance in CPU cycles spent to decrypt
-# one byte out of 4096-byte buffer with 128-bit key is:
-#
-# Core 2	9.83
-# Nehalem	7.74
-# Atom		19.0
-#
-# November 2011.
-#
-# Add bsaes_xts_[en|de]crypt. Less-than-80-bytes-block performance is
-# suboptimal, but XTS is meant to be used with larger blocks...
-#
-#						<appro@openssl.org>
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx");
-my @XMM=map("%xmm$_",(15,0..14));	# best on Atom, +10% over (0..15)
-my $ecb=0;	# suppress unreferenced ECB subroutines, spare some space...
-
-{
-my ($key,$rounds,$const)=("%rax","%r10d","%r11");
-
-sub Sbox {
-# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb
-my @b=@_[0..7];
-my @t=@_[8..11];
-my @s=@_[12..15];
-	&InBasisChange	(@b);
-	&Inv_GF256	(@b[6,5,0,3,7,1,4,2],@t,@s);
-	&OutBasisChange	(@b[7,1,4,2,6,5,0,3]);
-}
-
-sub InBasisChange {
-# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb 
-my @b=@_[0..7];
-$code.=<<___;
-	pxor	@b[6], @b[5]
-	pxor	@b[1], @b[2]
-	pxor	@b[0], @b[3]
-	pxor	@b[2], @b[6]
-	pxor 	@b[0], @b[5]
-
-	pxor	@b[3], @b[6]
-	pxor	@b[7], @b[3]
-	pxor	@b[5], @b[7]
-	pxor	@b[4], @b[3]
-	pxor	@b[5], @b[4]
-	pxor	@b[1], @b[3]
-
-	pxor	@b[7], @b[2]
-	pxor	@b[5], @b[1]
-___
-}
-
-sub OutBasisChange {
-# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb
-my @b=@_[0..7];
-$code.=<<___;
-	pxor	@b[6], @b[0]
-	pxor	@b[4], @b[1]
-	pxor	@b[0], @b[2]
-	pxor	@b[6], @b[4]
-	pxor	@b[1], @b[6]
-
-	pxor	@b[5], @b[1]
-	pxor	@b[3], @b[5]
-	pxor	@b[7], @b[3]
-	pxor	@b[5], @b[7]
-	pxor	@b[5], @b[2]
-
-	pxor	@b[7], @b[4]
-___
-}
-
-sub InvSbox {
-# input in lsb 	> [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-# output in lsb	> [b0, b1, b6, b4, b2, b7, b3, b5] < msb
-my @b=@_[0..7];
-my @t=@_[8..11];
-my @s=@_[12..15];
-	&InvInBasisChange	(@b);
-	&Inv_GF256		(@b[5,1,2,6,3,7,0,4],@t,@s);
-	&InvOutBasisChange	(@b[3,7,0,4,5,1,2,6]);
-}
-
-sub InvInBasisChange {		# OutBasisChange in reverse
-my @b=@_[5,1,2,6,3,7,0,4];
-$code.=<<___
-	pxor	@b[7], @b[4]
-
-	pxor	@b[5], @b[7]
-	pxor	@b[5], @b[2]
-	pxor	@b[7], @b[3]
-	pxor	@b[3], @b[5]
-	pxor	@b[5], @b[1]
-
-	pxor	@b[1], @b[6]
-	pxor	@b[0], @b[2]
-	pxor	@b[6], @b[4]
-	pxor	@b[6], @b[0]
-	pxor	@b[4], @b[1]
-___
-}
-
-sub InvOutBasisChange {		# InBasisChange in reverse
-my @b=@_[2,5,7,3,6,1,0,4];
-$code.=<<___;
-	pxor	@b[5], @b[1]
-	pxor	@b[7], @b[2]
-
-	pxor	@b[1], @b[3]
-	pxor	@b[5], @b[4]
-	pxor	@b[5], @b[7]
-	pxor	@b[4], @b[3]
-	 pxor 	@b[0], @b[5]
-	pxor	@b[7], @b[3]
-	 pxor	@b[2], @b[6]
-	 pxor	@b[1], @b[2]
-	pxor	@b[3], @b[6]
-
-	pxor	@b[0], @b[3]
-	pxor	@b[6], @b[5]
-___
-}
-
-sub Mul_GF4 {
-#;*************************************************************
-#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) *
-#;*************************************************************
-my ($x0,$x1,$y0,$y1,$t0)=@_;
-$code.=<<___;
-	movdqa	$y0, $t0
-	pxor 	$y1, $t0
-	pand	$x0, $t0
-	pxor	$x1, $x0
-	pand	$y0, $x1
-	pand	$y1, $x0
-	pxor	$x1, $x0
-	pxor	$t0, $x1
-___
-}
-
-sub Mul_GF4_N {				# not used, see next subroutine
-# multiply and scale by N
-my ($x0,$x1,$y0,$y1,$t0)=@_;
-$code.=<<___;
-	movdqa	$y0, $t0
-	pxor	$y1, $t0
-	pand	$x0, $t0
-	pxor	$x1, $x0
-	pand	$y0, $x1
-	pand	$y1, $x0
-	pxor	$x0, $x1
-	pxor	$t0, $x0
-___
-}
-
-sub Mul_GF4_N_GF4 {
-# interleaved Mul_GF4_N and Mul_GF4
-my ($x0,$x1,$y0,$y1,$t0,
-    $x2,$x3,$y2,$y3,$t1)=@_;
-$code.=<<___;
-	movdqa	$y0, $t0
-	 movdqa	$y2, $t1
-	pxor	$y1, $t0
-	 pxor 	$y3, $t1
-	pand	$x0, $t0
-	 pand	$x2, $t1
-	pxor	$x1, $x0
-	 pxor	$x3, $x2
-	pand	$y0, $x1
-	 pand	$y2, $x3
-	pand	$y1, $x0
-	 pand	$y3, $x2
-	pxor	$x0, $x1
-	 pxor	$x3, $x2
-	pxor	$t0, $x0
-	 pxor	$t1, $x3
-___
-}
-sub Mul_GF16_2 {
-my @x=@_[0..7];
-my @y=@_[8..11];
-my @t=@_[12..15];
-$code.=<<___;
-	movdqa	@x[0], @t[0]
-	movdqa	@x[1], @t[1]
-___
-	&Mul_GF4  	(@x[0], @x[1], @y[0], @y[1], @t[2]);
-$code.=<<___;
-	pxor	@x[2], @t[0]
-	pxor	@x[3], @t[1]
-	pxor	@y[2], @y[0]
-	pxor	@y[3], @y[1]
-___
-	Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
-			 @x[2], @x[3], @y[2], @y[3], @t[2]);
-$code.=<<___;
-	pxor	@t[0], @x[0]
-	pxor	@t[0], @x[2]
-	pxor	@t[1], @x[1]
-	pxor	@t[1], @x[3]
-
-	movdqa	@x[4], @t[0]
-	movdqa	@x[5], @t[1]
-	pxor	@x[6], @t[0]
-	pxor	@x[7], @t[1]
-___
-	&Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
-			 @x[6], @x[7], @y[2], @y[3], @t[2]);
-$code.=<<___;
-	pxor	@y[2], @y[0]
-	pxor	@y[3], @y[1]
-___
-	&Mul_GF4  	(@x[4], @x[5], @y[0], @y[1], @t[3]);
-$code.=<<___;
-	pxor	@t[0], @x[4]
-	pxor	@t[0], @x[6]
-	pxor	@t[1], @x[5]
-	pxor	@t[1], @x[7]
-___
-}
-sub Inv_GF256 {
-#;********************************************************************
-#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144)       *
-#;********************************************************************
-my @x=@_[0..7];
-my @t=@_[8..11];
-my @s=@_[12..15];
-# direct optimizations from hardware
-$code.=<<___;
-	movdqa	@x[4], @t[3]
-	movdqa	@x[5], @t[2]
-	movdqa	@x[1], @t[1]
-	movdqa	@x[7], @s[1]
-	movdqa	@x[0], @s[0]
-
-	pxor	@x[6], @t[3]
-	pxor	@x[7], @t[2]
-	pxor	@x[3], @t[1]
-	 movdqa	@t[3], @s[2]
-	pxor	@x[6], @s[1]
-	 movdqa	@t[2], @t[0]
-	pxor	@x[2], @s[0]
-	 movdqa	@t[3], @s[3]
-
-	por	@t[1], @t[2]
-	por	@s[0], @t[3]
-	pxor	@t[0], @s[3]
-	pand	@s[0], @s[2]
-	pxor	@t[1], @s[0]
-	pand	@t[1], @t[0]
-	pand	@s[0], @s[3]
-	movdqa	@x[3], @s[0]
-	pxor	@x[2], @s[0]
-	pand	@s[0], @s[1]
-	pxor	@s[1], @t[3]
-	pxor	@s[1], @t[2]
-	movdqa	@x[4], @s[1]
-	movdqa	@x[1], @s[0]
-	pxor	@x[5], @s[1]
-	pxor	@x[0], @s[0]
-	movdqa	@s[1], @t[1]
-	pand	@s[0], @s[1]
-	por	@s[0], @t[1]
-	pxor	@s[1], @t[0]
-	pxor	@s[3], @t[3]
-	pxor	@s[2], @t[2]
-	pxor	@s[3], @t[1]
-	movdqa	@x[7], @s[0]
-	pxor	@s[2], @t[0]
-	movdqa	@x[6], @s[1]
-	pxor	@s[2], @t[1]
-	movdqa	@x[5], @s[2]
-	pand	@x[3], @s[0]
-	movdqa	@x[4], @s[3]
-	pand	@x[2], @s[1]
-	pand	@x[1], @s[2]
-	por	@x[0], @s[3]
-	pxor	@s[0], @t[3]
-	pxor	@s[1], @t[2]
-	pxor	@s[2], @t[1]
-	pxor	@s[3], @t[0] 
-
-	#Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3
-
-	# new smaller inversion
-
-	movdqa	@t[3], @s[0]
-	pand	@t[1], @t[3]
-	pxor	@t[2], @s[0]
-
-	movdqa	@t[0], @s[2]
-	movdqa	@s[0], @s[3]
-	pxor	@t[3], @s[2]
-	pand	@s[2], @s[3]
-
-	movdqa	@t[1], @s[1]
-	pxor	@t[2], @s[3]
-	pxor	@t[0], @s[1]
-
-	pxor	@t[2], @t[3]
-
-	pand	@t[3], @s[1]
-
-	movdqa	@s[2], @t[2]
-	pxor	@t[0], @s[1]
-
-	pxor	@s[1], @t[2]
-	pxor	@s[1], @t[1]
-
-	pand	@t[0], @t[2]
-
-	pxor	@t[2], @s[2]
-	pxor	@t[2], @t[1]
-
-	pand	@s[3], @s[2]
-
-	pxor	@s[0], @s[2]
-___
-# output in s3, s2, s1, t1
-
-# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3
-
-# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3
-	&Mul_GF16_2(@x,@s[3,2,1],@t[1],@s[0],@t[0,2,3]);
-
-### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb
-}
-
-# AES linear components
-
-sub ShiftRows {
-my @x=@_[0..7];
-my $mask=pop;
-$code.=<<___;
-	pxor	0x00($key),@x[0]
-	pxor	0x10($key),@x[1]
-	pshufb	$mask,@x[0]
-	pxor	0x20($key),@x[2]
-	pshufb	$mask,@x[1]
-	pxor	0x30($key),@x[3]
-	pshufb	$mask,@x[2]
-	pxor	0x40($key),@x[4]
-	pshufb	$mask,@x[3]
-	pxor	0x50($key),@x[5]
-	pshufb	$mask,@x[4]
-	pxor	0x60($key),@x[6]
-	pshufb	$mask,@x[5]
-	pxor	0x70($key),@x[7]
-	pshufb	$mask,@x[6]
-	lea	0x80($key),$key
-	pshufb	$mask,@x[7]
-___
-}
-
-sub MixColumns {
-# modified to emit output in order suitable for feeding back to aesenc[last]
-my @x=@_[0..7];
-my @t=@_[8..15];
-my $inv=@_[16];	# optional
-$code.=<<___;
-	pshufd	\$0x93, @x[0], @t[0]	# x0 <<< 32
-	pshufd	\$0x93, @x[1], @t[1]
-	 pxor	@t[0], @x[0]		# x0 ^ (x0 <<< 32)
-	pshufd	\$0x93, @x[2], @t[2]
-	 pxor	@t[1], @x[1]
-	pshufd	\$0x93, @x[3], @t[3]
-	 pxor	@t[2], @x[2]
-	pshufd	\$0x93, @x[4], @t[4]
-	 pxor	@t[3], @x[3]
-	pshufd	\$0x93, @x[5], @t[5]
-	 pxor	@t[4], @x[4]
-	pshufd	\$0x93, @x[6], @t[6]
-	 pxor	@t[5], @x[5]
-	pshufd	\$0x93, @x[7], @t[7]
-	 pxor	@t[6], @x[6]
-	 pxor	@t[7], @x[7]
-
-	pxor	@x[0], @t[1]
-	pxor	@x[7], @t[0]
-	pxor	@x[7], @t[1]
-	 pshufd	\$0x4E, @x[0], @x[0] 	# (x0 ^ (x0 <<< 32)) <<< 64)
-	pxor	@x[1], @t[2]
-	 pshufd	\$0x4E, @x[1], @x[1]
-	pxor	@x[4], @t[5]
-	 pxor	@t[0], @x[0]
-	pxor	@x[5], @t[6]
-	 pxor	@t[1], @x[1]
-	pxor	@x[3], @t[4]
-	 pshufd	\$0x4E, @x[4], @t[0]
-	pxor	@x[6], @t[7]
-	 pshufd	\$0x4E, @x[5], @t[1]
-	pxor	@x[2], @t[3]
-	 pshufd	\$0x4E, @x[3], @x[4]
-	pxor	@x[7], @t[3]
-	 pshufd	\$0x4E, @x[7], @x[5]
-	pxor	@x[7], @t[4]
-	 pshufd	\$0x4E, @x[6], @x[3]
-	pxor	@t[4], @t[0]
-	 pshufd	\$0x4E, @x[2], @x[6]
-	pxor	@t[5], @t[1]
-___
-$code.=<<___ if (!$inv);
-	pxor	@t[3], @x[4]
-	pxor	@t[7], @x[5]
-	pxor	@t[6], @x[3]
-	 movdqa	@t[0], @x[2]
-	pxor	@t[2], @x[6]
-	 movdqa	@t[1], @x[7]
-___
-$code.=<<___ if ($inv);
-	pxor	@x[4], @t[3]
-	pxor	@t[7], @x[5]
-	pxor	@x[3], @t[6]
-	 movdqa	@t[0], @x[3]
-	pxor	@t[2], @x[6]
-	 movdqa	@t[6], @x[2]
-	 movdqa	@t[1], @x[7]
-	 movdqa	@x[6], @x[4]
-	 movdqa	@t[3], @x[6]
-___
-}
-
-sub InvMixColumns_orig {
-my @x=@_[0..7];
-my @t=@_[8..15];
-
-$code.=<<___;
-	# multiplication by 0x0e
-	pshufd	\$0x93, @x[7], @t[7]
-	movdqa	@x[2], @t[2]
-	pxor	@x[5], @x[7]		# 7 5
-	pxor	@x[5], @x[2]		# 2 5
-	pshufd	\$0x93, @x[0], @t[0]
-	movdqa	@x[5], @t[5]
-	pxor	@x[0], @x[5]		# 5 0		[1]
-	pxor	@x[1], @x[0]		# 0 1
-	pshufd	\$0x93, @x[1], @t[1]
-	pxor	@x[2], @x[1]		# 1 25
-	pxor	@x[6], @x[0]		# 01 6		[2]
-	pxor	@x[3], @x[1]		# 125 3		[4]
-	pshufd	\$0x93, @x[3], @t[3]
-	pxor	@x[0], @x[2]		# 25 016	[3]
-	pxor	@x[7], @x[3]		# 3 75
-	pxor	@x[6], @x[7]		# 75 6		[0]
-	pshufd	\$0x93, @x[6], @t[6]
-	movdqa	@x[4], @t[4]
-	pxor	@x[4], @x[6]		# 6 4
-	pxor	@x[3], @x[4]		# 4 375		[6]
-	pxor	@x[7], @x[3]		# 375 756=36
-	pxor	@t[5], @x[6]		# 64 5		[7]
-	pxor	@t[2], @x[3]		# 36 2
-	pxor	@t[4], @x[3]		# 362 4		[5]
-	pshufd	\$0x93, @t[5], @t[5]
-___
-					my @y = @x[7,5,0,2,1,3,4,6];
-$code.=<<___;
-	# multiplication by 0x0b
-	pxor	@y[0], @y[1]
-	pxor	@t[0], @y[0]
-	pxor	@t[1], @y[1]
-	pshufd	\$0x93, @t[2], @t[2]
-	pxor	@t[5], @y[0]
-	pxor	@t[6], @y[1]
-	pxor	@t[7], @y[0]
-	pshufd	\$0x93, @t[4], @t[4]
-	pxor	@t[6], @t[7]		# clobber t[7]
-	pxor	@y[0], @y[1]
-
-	pxor	@t[0], @y[3]
-	pshufd	\$0x93, @t[0], @t[0]
-	pxor	@t[1], @y[2]
-	pxor	@t[1], @y[4]
-	pxor	@t[2], @y[2]
-	pshufd	\$0x93, @t[1], @t[1]
-	pxor	@t[2], @y[3]
-	pxor	@t[2], @y[5]
-	pxor	@t[7], @y[2]
-	pshufd	\$0x93, @t[2], @t[2]
-	pxor	@t[3], @y[3]
-	pxor	@t[3], @y[6]
-	pxor	@t[3], @y[4]
-	pshufd	\$0x93, @t[3], @t[3]
-	pxor	@t[4], @y[7]
-	pxor	@t[4], @y[5]
-	pxor	@t[7], @y[7]
-	pxor	@t[5], @y[3]
-	pxor	@t[4], @y[4]
-	pxor	@t[5], @t[7]		# clobber t[7] even more
-
-	pxor	@t[7], @y[5]
-	pshufd	\$0x93, @t[4], @t[4]
-	pxor	@t[7], @y[6]
-	pxor	@t[7], @y[4]
-
-	pxor	@t[5], @t[7]
-	pshufd	\$0x93, @t[5], @t[5]
-	pxor	@t[6], @t[7]		# restore t[7]
-
-	# multiplication by 0x0d
-	pxor	@y[7], @y[4]
-	pxor	@t[4], @y[7]
-	pshufd	\$0x93, @t[6], @t[6]
-	pxor	@t[0], @y[2]
-	pxor	@t[5], @y[7]
-	pxor	@t[2], @y[2]
-	pshufd	\$0x93, @t[7], @t[7]
-
-	pxor	@y[1], @y[3]
-	pxor	@t[1], @y[1]
-	pxor	@t[0], @y[0]
-	pxor	@t[0], @y[3]
-	pxor	@t[5], @y[1]
-	pxor	@t[5], @y[0]
-	pxor	@t[7], @y[1]
-	pshufd	\$0x93, @t[0], @t[0]
-	pxor	@t[6], @y[0]
-	pxor	@y[1], @y[3]
-	pxor	@t[1], @y[4]
-	pshufd	\$0x93, @t[1], @t[1]
-
-	pxor	@t[7], @y[7]
-	pxor	@t[2], @y[4]
-	pxor	@t[2], @y[5]
-	pshufd	\$0x93, @t[2], @t[2]
-	pxor	@t[6], @y[2]
-	pxor	@t[3], @t[6]		# clobber t[6]
-	pxor	@y[7], @y[4]
-	pxor	@t[6], @y[3]
-
-	pxor	@t[6], @y[6]
-	pxor	@t[5], @y[5]
-	pxor	@t[4], @y[6]
-	pshufd	\$0x93, @t[4], @t[4]
-	pxor	@t[6], @y[5]
-	pxor	@t[7], @y[6]
-	pxor	@t[3], @t[6]		# restore t[6]
-
-	pshufd	\$0x93, @t[5], @t[5]
-	pshufd	\$0x93, @t[6], @t[6]
-	pshufd	\$0x93, @t[7], @t[7]
-	pshufd	\$0x93, @t[3], @t[3]
-
-	# multiplication by 0x09
-	pxor	@y[1], @y[4]
-	pxor	@y[1], @t[1]		# t[1]=y[1]
-	pxor	@t[5], @t[0]		# clobber t[0]
-	pxor	@t[5], @t[1]
-	pxor	@t[0], @y[3]
-	pxor	@y[0], @t[0]		# t[0]=y[0]
-	pxor	@t[6], @t[1]
-	pxor	@t[7], @t[6]		# clobber t[6]
-	pxor	@t[1], @y[4]
-	pxor	@t[4], @y[7]
-	pxor	@y[4], @t[4]		# t[4]=y[4]
-	pxor	@t[3], @y[6]
-	pxor	@y[3], @t[3]		# t[3]=y[3]
-	pxor	@t[2], @y[5]
-	pxor	@y[2], @t[2]		# t[2]=y[2]
-	pxor	@t[7], @t[3]
-	pxor	@y[5], @t[5]		# t[5]=y[5]
-	pxor	@t[6], @t[2]
-	pxor	@t[6], @t[5]
-	pxor	@y[6], @t[6]		# t[6]=y[6]
-	pxor	@y[7], @t[7]		# t[7]=y[7]
-
-	movdqa	@t[0],@XMM[0]
-	movdqa	@t[1],@XMM[1]
-	movdqa	@t[2],@XMM[2]
-	movdqa	@t[3],@XMM[3]
-	movdqa	@t[4],@XMM[4]
-	movdqa	@t[5],@XMM[5]
-	movdqa	@t[6],@XMM[6]
-	movdqa	@t[7],@XMM[7]
-___
-}
-
-sub InvMixColumns {
-my @x=@_[0..7];
-my @t=@_[8..15];
-
-# Thanks to Jussi Kivilinna for providing pointer to
-#
-# | 0e 0b 0d 09 |   | 02 03 01 01 |   | 05 00 04 00 |
-# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 |
-# | 0d 09 0e 0b |   | 01 01 02 03 |   | 04 00 05 00 |
-# | 0b 0d 09 0e |   | 03 01 01 02 |   | 00 04 00 05 |
-
-$code.=<<___;
-	# multiplication by 0x05-0x00-0x04-0x00
-	pshufd	\$0x4E, @x[0], @t[0]
-	pshufd	\$0x4E, @x[6], @t[6]
-	pxor	@x[0], @t[0]
-	pshufd	\$0x4E, @x[7], @t[7]
-	pxor	@x[6], @t[6]
-	pshufd	\$0x4E, @x[1], @t[1]
-	pxor	@x[7], @t[7]
-	pshufd	\$0x4E, @x[2], @t[2]
-	pxor	@x[1], @t[1]
-	pshufd	\$0x4E, @x[3], @t[3]
-	pxor	@x[2], @t[2]
-	 pxor	@t[6], @x[0]
-	 pxor	@t[6], @x[1]
-	pshufd	\$0x4E, @x[4], @t[4]
-	pxor	@x[3], @t[3]
-	 pxor	@t[0], @x[2]
-	 pxor	@t[1], @x[3]
-	pshufd	\$0x4E, @x[5], @t[5]
-	pxor	@x[4], @t[4]
-	 pxor	@t[7], @x[1]
-	 pxor	@t[2], @x[4]
-	pxor	@x[5], @t[5]
-
-	 pxor	@t[7], @x[2]
-	 pxor	@t[6], @x[3]
-	 pxor	@t[6], @x[4]
-	 pxor	@t[3], @x[5]
-	 pxor	@t[4], @x[6]
-	 pxor	@t[7], @x[4]
-	 pxor	@t[7], @x[5]
-	 pxor	@t[5], @x[7]
-___
-	&MixColumns	(@x,@t,1);	# flipped 2<->3 and 4<->6
-}
-
-sub aesenc {				# not used
-my @b=@_[0..7];
-my @t=@_[8..15];
-$code.=<<___;
-	movdqa	0x30($const),@t[0]	# .LSR
-___
-	&ShiftRows	(@b,@t[0]);
-	&Sbox		(@b,@t);
-	&MixColumns	(@b[0,1,4,6,3,7,2,5],@t);
-}
-
-sub aesenclast {			# not used
-my @b=@_[0..7];
-my @t=@_[8..15];
-$code.=<<___;
-	movdqa	0x40($const),@t[0]	# .LSRM0
-___
-	&ShiftRows	(@b,@t[0]);
-	&Sbox		(@b,@t);
-$code.=<<___
-	pxor	0x00($key),@b[0]
-	pxor	0x10($key),@b[1]
-	pxor	0x20($key),@b[4]
-	pxor	0x30($key),@b[6]
-	pxor	0x40($key),@b[3]
-	pxor	0x50($key),@b[7]
-	pxor	0x60($key),@b[2]
-	pxor	0x70($key),@b[5]
-___
-}
-
-sub swapmove {
-my ($a,$b,$n,$mask,$t)=@_;
-$code.=<<___;
-	movdqa	$b,$t
-	psrlq	\$$n,$b
-	pxor  	$a,$b
-	pand	$mask,$b
-	pxor	$b,$a
-	psllq	\$$n,$b
-	pxor	$t,$b
-___
-}
-sub swapmove2x {
-my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_;
-$code.=<<___;
-	movdqa	$b0,$t0
-	psrlq	\$$n,$b0
-	 movdqa	$b1,$t1
-	 psrlq	\$$n,$b1
-	pxor  	$a0,$b0
-	 pxor  	$a1,$b1
-	pand	$mask,$b0
-	 pand	$mask,$b1
-	pxor	$b0,$a0
-	psllq	\$$n,$b0
-	 pxor	$b1,$a1
-	 psllq	\$$n,$b1
-	pxor	$t0,$b0
-	 pxor	$t1,$b1
-___
-}
-
-sub bitslice {
-my @x=reverse(@_[0..7]);
-my ($t0,$t1,$t2,$t3)=@_[8..11];
-$code.=<<___;
-	movdqa	0x00($const),$t0	# .LBS0
-	movdqa	0x10($const),$t1	# .LBS1
-___
-	&swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3);
-	&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
-$code.=<<___;
-	movdqa	0x20($const),$t0	# .LBS2
-___
-	&swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3);
-	&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
-
-	&swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3);
-	&swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3);
-}
-
-$code.=<<___;
-.text
-
-.extern	asm_AES_encrypt
-.extern	asm_AES_decrypt
-
-.type	_bsaes_encrypt8,\@abi-omnipotent
-.align	64
-_bsaes_encrypt8:
-	lea	.LBS0(%rip), $const	# constants table
-
-	movdqa	($key), @XMM[9]		# round 0 key
-	lea	0x10($key), $key
-	movdqa	0x50($const), @XMM[8]	# .LM0SR
-	pxor	@XMM[9], @XMM[0]	# xor with round0 key
-	pxor	@XMM[9], @XMM[1]
-	 pshufb	@XMM[8], @XMM[0]
-	pxor	@XMM[9], @XMM[2]
-	 pshufb	@XMM[8], @XMM[1]
-	pxor	@XMM[9], @XMM[3]
-	 pshufb	@XMM[8], @XMM[2]
-	pxor	@XMM[9], @XMM[4]
-	 pshufb	@XMM[8], @XMM[3]
-	pxor	@XMM[9], @XMM[5]
-	 pshufb	@XMM[8], @XMM[4]
-	pxor	@XMM[9], @XMM[6]
-	 pshufb	@XMM[8], @XMM[5]
-	pxor	@XMM[9], @XMM[7]
-	 pshufb	@XMM[8], @XMM[6]
-	 pshufb	@XMM[8], @XMM[7]
-_bsaes_encrypt8_bitslice:
-___
-	&bitslice	(@XMM[0..7, 8..11]);
-$code.=<<___;
-	dec	$rounds
-	jmp	.Lenc_sbox
-.align	16
-.Lenc_loop:
-___
-	&ShiftRows	(@XMM[0..7, 8]);
-$code.=".Lenc_sbox:\n";
-	&Sbox		(@XMM[0..7, 8..15]);
-$code.=<<___;
-	dec	$rounds
-	jl	.Lenc_done
-___
-	&MixColumns	(@XMM[0,1,4,6,3,7,2,5, 8..15]);
-$code.=<<___;
-	movdqa	0x30($const), @XMM[8]	# .LSR
-	jnz	.Lenc_loop
-	movdqa	0x40($const), @XMM[8]	# .LSRM0
-	jmp	.Lenc_loop
-.align	16
-.Lenc_done:
-___
-	# output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb
-	&bitslice	(@XMM[0,1,4,6,3,7,2,5, 8..11]);
-$code.=<<___;
-	movdqa	($key), @XMM[8]		# last round key
-	pxor	@XMM[8], @XMM[4]
-	pxor	@XMM[8], @XMM[6]
-	pxor	@XMM[8], @XMM[3]
-	pxor	@XMM[8], @XMM[7]
-	pxor	@XMM[8], @XMM[2]
-	pxor	@XMM[8], @XMM[5]
-	pxor	@XMM[8], @XMM[0]
-	pxor	@XMM[8], @XMM[1]
-	ret
-.size	_bsaes_encrypt8,.-_bsaes_encrypt8
-
-.type	_bsaes_decrypt8,\@abi-omnipotent
-.align	64
-_bsaes_decrypt8:
-	lea	.LBS0(%rip), $const	# constants table
-
-	movdqa	($key), @XMM[9]		# round 0 key
-	lea	0x10($key), $key
-	movdqa	-0x30($const), @XMM[8]	# .LM0ISR
-	pxor	@XMM[9], @XMM[0]	# xor with round0 key
-	pxor	@XMM[9], @XMM[1]
-	 pshufb	@XMM[8], @XMM[0]
-	pxor	@XMM[9], @XMM[2]
-	 pshufb	@XMM[8], @XMM[1]
-	pxor	@XMM[9], @XMM[3]
-	 pshufb	@XMM[8], @XMM[2]
-	pxor	@XMM[9], @XMM[4]
-	 pshufb	@XMM[8], @XMM[3]
-	pxor	@XMM[9], @XMM[5]
-	 pshufb	@XMM[8], @XMM[4]
-	pxor	@XMM[9], @XMM[6]
-	 pshufb	@XMM[8], @XMM[5]
-	pxor	@XMM[9], @XMM[7]
-	 pshufb	@XMM[8], @XMM[6]
-	 pshufb	@XMM[8], @XMM[7]
-___
-	&bitslice	(@XMM[0..7, 8..11]);
-$code.=<<___;
-	dec	$rounds
-	jmp	.Ldec_sbox
-.align	16
-.Ldec_loop:
-___
-	&ShiftRows	(@XMM[0..7, 8]);
-$code.=".Ldec_sbox:\n";
-	&InvSbox	(@XMM[0..7, 8..15]);
-$code.=<<___;
-	dec	$rounds
-	jl	.Ldec_done
-___
-	&InvMixColumns	(@XMM[0,1,6,4,2,7,3,5, 8..15]);
-$code.=<<___;
-	movdqa	-0x10($const), @XMM[8]	# .LISR
-	jnz	.Ldec_loop
-	movdqa	-0x20($const), @XMM[8]	# .LISRM0
-	jmp	.Ldec_loop
-.align	16
-.Ldec_done:
-___
-	&bitslice	(@XMM[0,1,6,4,2,7,3,5, 8..11]);
-$code.=<<___;
-	movdqa	($key), @XMM[8]		# last round key
-	pxor	@XMM[8], @XMM[6]
-	pxor	@XMM[8], @XMM[4]
-	pxor	@XMM[8], @XMM[2]
-	pxor	@XMM[8], @XMM[7]
-	pxor	@XMM[8], @XMM[3]
-	pxor	@XMM[8], @XMM[5]
-	pxor	@XMM[8], @XMM[0]
-	pxor	@XMM[8], @XMM[1]
-	ret
-.size	_bsaes_decrypt8,.-_bsaes_decrypt8
-___
-}
-{
-my ($out,$inp,$rounds,$const)=("%rax","%rcx","%r10d","%r11");
-
-sub bitslice_key {
-my @x=reverse(@_[0..7]);
-my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12];
-
-	&swapmove	(@x[0,1],1,$bs0,$t2,$t3);
-$code.=<<___;
-	#&swapmove(@x[2,3],1,$t0,$t2,$t3);
-	movdqa	@x[0], @x[2]
-	movdqa	@x[1], @x[3]
-___
-	#&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
-
-	&swapmove2x	(@x[0,2,1,3],2,$bs1,$t2,$t3);
-$code.=<<___;
-	#&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
-	movdqa	@x[0], @x[4]
-	movdqa	@x[2], @x[6]
-	movdqa	@x[1], @x[5]
-	movdqa	@x[3], @x[7]
-___
-	&swapmove2x	(@x[0,4,1,5],4,$bs2,$t2,$t3);
-	&swapmove2x	(@x[2,6,3,7],4,$bs2,$t2,$t3);
-}
-
-$code.=<<___;
-.type	_bsaes_key_convert,\@abi-omnipotent
-.align	16
-_bsaes_key_convert:
-	lea	.Lmasks(%rip), $const
-	movdqu	($inp), %xmm7		# load round 0 key
-	lea	0x10($inp), $inp
-	movdqa	0x00($const), %xmm0	# 0x01...
-	movdqa	0x10($const), %xmm1	# 0x02...
-	movdqa	0x20($const), %xmm2	# 0x04...
-	movdqa	0x30($const), %xmm3	# 0x08...
-	movdqa	0x40($const), %xmm4	# .LM0
-	pcmpeqd	%xmm5, %xmm5		# .LNOT
-
-	movdqu	($inp), %xmm6		# load round 1 key
-	movdqa	%xmm7, ($out)		# save round 0 key
-	lea	0x10($out), $out
-	dec	$rounds
-	jmp	.Lkey_loop
-.align	16
-.Lkey_loop:
-	pshufb	%xmm4, %xmm6		# .LM0
-
-	movdqa	%xmm0,	%xmm8
-	movdqa	%xmm1,	%xmm9
-
-	pand	%xmm6,	%xmm8
-	pand	%xmm6,	%xmm9
-	movdqa	%xmm2,	%xmm10
-	pcmpeqb	%xmm0,	%xmm8
-	psllq	\$4,	%xmm0		# 0x10...
-	movdqa	%xmm3,	%xmm11
-	pcmpeqb	%xmm1,	%xmm9
-	psllq	\$4,	%xmm1		# 0x20...
-
-	pand	%xmm6,	%xmm10
-	pand	%xmm6,	%xmm11
-	movdqa	%xmm0,	%xmm12
-	pcmpeqb	%xmm2,	%xmm10
-	psllq	\$4,	%xmm2		# 0x40...
-	movdqa	%xmm1,	%xmm13
-	pcmpeqb	%xmm3,	%xmm11
-	psllq	\$4,	%xmm3		# 0x80...
-
-	movdqa	%xmm2,	%xmm14
-	movdqa	%xmm3,	%xmm15
-	 pxor	%xmm5,	%xmm8		# "pnot"
-	 pxor	%xmm5,	%xmm9
-
-	pand	%xmm6,	%xmm12
-	pand	%xmm6,	%xmm13
-	 movdqa	%xmm8, 0x00($out)	# write bit-sliced round key
-	pcmpeqb	%xmm0,	%xmm12
-	psrlq	\$4,	%xmm0		# 0x01...
-	 movdqa	%xmm9, 0x10($out)
-	pcmpeqb	%xmm1,	%xmm13
-	psrlq	\$4,	%xmm1		# 0x02...
-	 lea	0x10($inp), $inp
-
-	pand	%xmm6,	%xmm14
-	pand	%xmm6,	%xmm15
-	 movdqa	%xmm10, 0x20($out)
-	pcmpeqb	%xmm2,	%xmm14
-	psrlq	\$4,	%xmm2		# 0x04...
-	 movdqa	%xmm11, 0x30($out)
-	pcmpeqb	%xmm3,	%xmm15
-	psrlq	\$4,	%xmm3		# 0x08...
-	 movdqu	($inp), %xmm6		# load next round key
-
-	pxor	%xmm5, %xmm13		# "pnot"
-	pxor	%xmm5, %xmm14
-	movdqa	%xmm12, 0x40($out)
-	movdqa	%xmm13, 0x50($out)
-	movdqa	%xmm14, 0x60($out)
-	movdqa	%xmm15, 0x70($out)
-	lea	0x80($out),$out
-	dec	$rounds
-	jnz	.Lkey_loop
-
-	movdqa	0x50($const), %xmm7	# .L63
-	#movdqa	%xmm6, ($out)		# don't save last round key
-	ret
-.size	_bsaes_key_convert,.-_bsaes_key_convert
-___
-}
-
-if (0 && !$win64) {	# following four functions are unsupported interface
-			# used for benchmarking...
-$code.=<<___;
-.globl	bsaes_enc_key_convert
-.type	bsaes_enc_key_convert,\@function,2
-.align	16
-bsaes_enc_key_convert:
-	mov	240($inp),%r10d		# pass rounds
-	mov	$inp,%rcx		# pass key
-	mov	$out,%rax		# pass key schedule
-	call	_bsaes_key_convert
-	pxor	%xmm6,%xmm7		# fix up last round key
-	movdqa	%xmm7,(%rax)		# save last round key
-	ret
-.size	bsaes_enc_key_convert,.-bsaes_enc_key_convert
-
-.globl	bsaes_encrypt_128
-.type	bsaes_encrypt_128,\@function,4
-.align	16
-bsaes_encrypt_128:
-.Lenc128_loop:
-	movdqu	0x00($inp), @XMM[0]	# load input
-	movdqu	0x10($inp), @XMM[1]
-	movdqu	0x20($inp), @XMM[2]
-	movdqu	0x30($inp), @XMM[3]
-	movdqu	0x40($inp), @XMM[4]
-	movdqu	0x50($inp), @XMM[5]
-	movdqu	0x60($inp), @XMM[6]
-	movdqu	0x70($inp), @XMM[7]
-	mov	$key, %rax		# pass the $key
-	lea	0x80($inp), $inp
-	mov	\$10,%r10d
-
-	call	_bsaes_encrypt8
-
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[4], 0x20($out)
-	movdqu	@XMM[6], 0x30($out)
-	movdqu	@XMM[3], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	movdqu	@XMM[2], 0x60($out)
-	movdqu	@XMM[5], 0x70($out)
-	lea	0x80($out), $out
-	sub	\$0x80,$len
-	ja	.Lenc128_loop
-	ret
-.size	bsaes_encrypt_128,.-bsaes_encrypt_128
-
-.globl	bsaes_dec_key_convert
-.type	bsaes_dec_key_convert,\@function,2
-.align	16
-bsaes_dec_key_convert:
-	mov	240($inp),%r10d		# pass rounds
-	mov	$inp,%rcx		# pass key
-	mov	$out,%rax		# pass key schedule
-	call	_bsaes_key_convert
-	pxor	($out),%xmm7		# fix up round 0 key
-	movdqa	%xmm6,(%rax)		# save last round key
-	movdqa	%xmm7,($out)
-	ret
-.size	bsaes_dec_key_convert,.-bsaes_dec_key_convert
-
-.globl	bsaes_decrypt_128
-.type	bsaes_decrypt_128,\@function,4
-.align	16
-bsaes_decrypt_128:
-.Ldec128_loop:
-	movdqu	0x00($inp), @XMM[0]	# load input
-	movdqu	0x10($inp), @XMM[1]
-	movdqu	0x20($inp), @XMM[2]
-	movdqu	0x30($inp), @XMM[3]
-	movdqu	0x40($inp), @XMM[4]
-	movdqu	0x50($inp), @XMM[5]
-	movdqu	0x60($inp), @XMM[6]
-	movdqu	0x70($inp), @XMM[7]
-	mov	$key, %rax		# pass the $key
-	lea	0x80($inp), $inp
-	mov	\$10,%r10d
-
-	call	_bsaes_decrypt8
-
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	movdqu	@XMM[4], 0x30($out)
-	movdqu	@XMM[2], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	movdqu	@XMM[3], 0x60($out)
-	movdqu	@XMM[5], 0x70($out)
-	lea	0x80($out), $out
-	sub	\$0x80,$len
-	ja	.Ldec128_loop
-	ret
-.size	bsaes_decrypt_128,.-bsaes_decrypt_128
-___
-}
-{
-######################################################################
-#
-# OpenSSL interface
-#
-my ($arg1,$arg2,$arg3,$arg4,$arg5,$arg6)=$win64	? ("%rcx","%rdx","%r8","%r9","%r10","%r11d")
-						: ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d");
-my ($inp,$out,$len,$key)=("%r12","%r13","%r14","%r15");
-
-if ($ecb) {
-$code.=<<___;
-.globl	bsaes_ecb_encrypt_blocks
-.type	bsaes_ecb_encrypt_blocks,\@abi-omnipotent
-.align	16
-bsaes_ecb_encrypt_blocks:
-	mov	%rsp, %rax
-.Lecb_enc_prologue:
-	push	%rbp
-	push	%rbx
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	lea	-0x48(%rsp),%rsp
-___
-$code.=<<___ if ($win64);
-	lea	-0xa0(%rsp), %rsp
-	movaps	%xmm6, 0x40(%rsp)
-	movaps	%xmm7, 0x50(%rsp)
-	movaps	%xmm8, 0x60(%rsp)
-	movaps	%xmm9, 0x70(%rsp)
-	movaps	%xmm10, 0x80(%rsp)
-	movaps	%xmm11, 0x90(%rsp)
-	movaps	%xmm12, 0xa0(%rsp)
-	movaps	%xmm13, 0xb0(%rsp)
-	movaps	%xmm14, 0xc0(%rsp)
-	movaps	%xmm15, 0xd0(%rsp)
-.Lecb_enc_body:
-___
-$code.=<<___;
-	mov	%rsp,%rbp		# backup %rsp
-	mov	240($arg4),%eax		# rounds
-	mov	$arg1,$inp		# backup arguments
-	mov	$arg2,$out
-	mov	$arg3,$len
-	mov	$arg4,$key
-	cmp	\$8,$arg3
-	jb	.Lecb_enc_short
-
-	mov	%eax,%ebx		# backup rounds
-	shl	\$7,%rax		# 128 bytes per inner round key
-	sub	\$`128-32`,%rax		# size of bit-sliced key schedule
-	sub	%rax,%rsp
-	mov	%rsp,%rax		# pass key schedule
-	mov	$key,%rcx		# pass key
-	mov	%ebx,%r10d		# pass rounds
-	call	_bsaes_key_convert
-	pxor	%xmm6,%xmm7		# fix up last round key
-	movdqa	%xmm7,(%rax)		# save last round key
-
-	sub	\$8,$len
-.Lecb_enc_loop:
-	movdqu	0x00($inp), @XMM[0]	# load input
-	movdqu	0x10($inp), @XMM[1]
-	movdqu	0x20($inp), @XMM[2]
-	movdqu	0x30($inp), @XMM[3]
-	movdqu	0x40($inp), @XMM[4]
-	movdqu	0x50($inp), @XMM[5]
-	mov	%rsp, %rax		# pass key schedule
-	movdqu	0x60($inp), @XMM[6]
-	mov	%ebx,%r10d		# pass rounds
-	movdqu	0x70($inp), @XMM[7]
-	lea	0x80($inp), $inp
-
-	call	_bsaes_encrypt8
-
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[4], 0x20($out)
-	movdqu	@XMM[6], 0x30($out)
-	movdqu	@XMM[3], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	movdqu	@XMM[2], 0x60($out)
-	movdqu	@XMM[5], 0x70($out)
-	lea	0x80($out), $out
-	sub	\$8,$len
-	jnc	.Lecb_enc_loop
-
-	add	\$8,$len
-	jz	.Lecb_enc_done
-
-	movdqu	0x00($inp), @XMM[0]	# load input
-	mov	%rsp, %rax		# pass key schedule
-	mov	%ebx,%r10d		# pass rounds
-	cmp	\$2,$len
-	jb	.Lecb_enc_one
-	movdqu	0x10($inp), @XMM[1]
-	je	.Lecb_enc_two
-	movdqu	0x20($inp), @XMM[2]
-	cmp	\$4,$len
-	jb	.Lecb_enc_three
-	movdqu	0x30($inp), @XMM[3]
-	je	.Lecb_enc_four
-	movdqu	0x40($inp), @XMM[4]
-	cmp	\$6,$len
-	jb	.Lecb_enc_five
-	movdqu	0x50($inp), @XMM[5]
-	je	.Lecb_enc_six
-	movdqu	0x60($inp), @XMM[6]
-	call	_bsaes_encrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[4], 0x20($out)
-	movdqu	@XMM[6], 0x30($out)
-	movdqu	@XMM[3], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	movdqu	@XMM[2], 0x60($out)
-	jmp	.Lecb_enc_done
-.align	16
-.Lecb_enc_six:
-	call	_bsaes_encrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[4], 0x20($out)
-	movdqu	@XMM[6], 0x30($out)
-	movdqu	@XMM[3], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	jmp	.Lecb_enc_done
-.align	16
-.Lecb_enc_five:
-	call	_bsaes_encrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[4], 0x20($out)
-	movdqu	@XMM[6], 0x30($out)
-	movdqu	@XMM[3], 0x40($out)
-	jmp	.Lecb_enc_done
-.align	16
-.Lecb_enc_four:
-	call	_bsaes_encrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[4], 0x20($out)
-	movdqu	@XMM[6], 0x30($out)
-	jmp	.Lecb_enc_done
-.align	16
-.Lecb_enc_three:
-	call	_bsaes_encrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[4], 0x20($out)
-	jmp	.Lecb_enc_done
-.align	16
-.Lecb_enc_two:
-	call	_bsaes_encrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	jmp	.Lecb_enc_done
-.align	16
-.Lecb_enc_one:
-	call	_bsaes_encrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	jmp	.Lecb_enc_done
-.align	16
-.Lecb_enc_short:
-	lea	($inp), $arg1
-	lea	($out), $arg2
-	lea	($key), $arg3
-	call	asm_AES_encrypt
-	lea	16($inp), $inp
-	lea	16($out), $out
-	dec	$len
-	jnz	.Lecb_enc_short
-
-.Lecb_enc_done:
-	lea	(%rsp),%rax
-	pxor	%xmm0, %xmm0
-.Lecb_enc_bzero:			# wipe key schedule [if any]
-	movdqa	%xmm0, 0x00(%rax)
-	movdqa	%xmm0, 0x10(%rax)
-	lea	0x20(%rax), %rax
-	cmp	%rax, %rbp
-	jb	.Lecb_enc_bzero
-
-	lea	(%rbp),%rsp		# restore %rsp
-___
-$code.=<<___ if ($win64);
-	movaps	0x40(%rbp), %xmm6
-	movaps	0x50(%rbp), %xmm7
-	movaps	0x60(%rbp), %xmm8
-	movaps	0x70(%rbp), %xmm9
-	movaps	0x80(%rbp), %xmm10
-	movaps	0x90(%rbp), %xmm11
-	movaps	0xa0(%rbp), %xmm12
-	movaps	0xb0(%rbp), %xmm13
-	movaps	0xc0(%rbp), %xmm14
-	movaps	0xd0(%rbp), %xmm15
-	lea	0xa0(%rbp), %rsp
-___
-$code.=<<___;
-	mov	0x48(%rsp), %r15
-	mov	0x50(%rsp), %r14
-	mov	0x58(%rsp), %r13
-	mov	0x60(%rsp), %r12
-	mov	0x68(%rsp), %rbx
-	mov	0x70(%rsp), %rax
-	lea	0x78(%rsp), %rsp
-	mov	%rax, %rbp
-.Lecb_enc_epilogue:
-	ret
-.size	bsaes_ecb_encrypt_blocks,.-bsaes_ecb_encrypt_blocks
-
-.globl	bsaes_ecb_decrypt_blocks
-.type	bsaes_ecb_decrypt_blocks,\@abi-omnipotent
-.align	16
-bsaes_ecb_decrypt_blocks:
-	mov	%rsp, %rax
-.Lecb_dec_prologue:
-	push	%rbp
-	push	%rbx
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	lea	-0x48(%rsp),%rsp
-___
-$code.=<<___ if ($win64);
-	lea	-0xa0(%rsp), %rsp
-	movaps	%xmm6, 0x40(%rsp)
-	movaps	%xmm7, 0x50(%rsp)
-	movaps	%xmm8, 0x60(%rsp)
-	movaps	%xmm9, 0x70(%rsp)
-	movaps	%xmm10, 0x80(%rsp)
-	movaps	%xmm11, 0x90(%rsp)
-	movaps	%xmm12, 0xa0(%rsp)
-	movaps	%xmm13, 0xb0(%rsp)
-	movaps	%xmm14, 0xc0(%rsp)
-	movaps	%xmm15, 0xd0(%rsp)
-.Lecb_dec_body:
-___
-$code.=<<___;
-	mov	%rsp,%rbp		# backup %rsp
-	mov	240($arg4),%eax		# rounds
-	mov	$arg1,$inp		# backup arguments
-	mov	$arg2,$out
-	mov	$arg3,$len
-	mov	$arg4,$key
-	cmp	\$8,$arg3
-	jb	.Lecb_dec_short
-
-	mov	%eax,%ebx		# backup rounds
-	shl	\$7,%rax		# 128 bytes per inner round key
-	sub	\$`128-32`,%rax		# size of bit-sliced key schedule
-	sub	%rax,%rsp
-	mov	%rsp,%rax		# pass key schedule
-	mov	$key,%rcx		# pass key
-	mov	%ebx,%r10d		# pass rounds
-	call	_bsaes_key_convert
-	pxor	(%rsp),%xmm7		# fix up 0 round key
-	movdqa	%xmm6,(%rax)		# save last round key
-	movdqa	%xmm7,(%rsp)
-
-	sub	\$8,$len
-.Lecb_dec_loop:
-	movdqu	0x00($inp), @XMM[0]	# load input
-	movdqu	0x10($inp), @XMM[1]
-	movdqu	0x20($inp), @XMM[2]
-	movdqu	0x30($inp), @XMM[3]
-	movdqu	0x40($inp), @XMM[4]
-	movdqu	0x50($inp), @XMM[5]
-	mov	%rsp, %rax		# pass key schedule
-	movdqu	0x60($inp), @XMM[6]
-	mov	%ebx,%r10d		# pass rounds
-	movdqu	0x70($inp), @XMM[7]
-	lea	0x80($inp), $inp
-
-	call	_bsaes_decrypt8
-
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	movdqu	@XMM[4], 0x30($out)
-	movdqu	@XMM[2], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	movdqu	@XMM[3], 0x60($out)
-	movdqu	@XMM[5], 0x70($out)
-	lea	0x80($out), $out
-	sub	\$8,$len
-	jnc	.Lecb_dec_loop
-
-	add	\$8,$len
-	jz	.Lecb_dec_done
-
-	movdqu	0x00($inp), @XMM[0]	# load input
-	mov	%rsp, %rax		# pass key schedule
-	mov	%ebx,%r10d		# pass rounds
-	cmp	\$2,$len
-	jb	.Lecb_dec_one
-	movdqu	0x10($inp), @XMM[1]
-	je	.Lecb_dec_two
-	movdqu	0x20($inp), @XMM[2]
-	cmp	\$4,$len
-	jb	.Lecb_dec_three
-	movdqu	0x30($inp), @XMM[3]
-	je	.Lecb_dec_four
-	movdqu	0x40($inp), @XMM[4]
-	cmp	\$6,$len
-	jb	.Lecb_dec_five
-	movdqu	0x50($inp), @XMM[5]
-	je	.Lecb_dec_six
-	movdqu	0x60($inp), @XMM[6]
-	call	_bsaes_decrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	movdqu	@XMM[4], 0x30($out)
-	movdqu	@XMM[2], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	movdqu	@XMM[3], 0x60($out)
-	jmp	.Lecb_dec_done
-.align	16
-.Lecb_dec_six:
-	call	_bsaes_decrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	movdqu	@XMM[4], 0x30($out)
-	movdqu	@XMM[2], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	jmp	.Lecb_dec_done
-.align	16
-.Lecb_dec_five:
-	call	_bsaes_decrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	movdqu	@XMM[4], 0x30($out)
-	movdqu	@XMM[2], 0x40($out)
-	jmp	.Lecb_dec_done
-.align	16
-.Lecb_dec_four:
-	call	_bsaes_decrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	movdqu	@XMM[4], 0x30($out)
-	jmp	.Lecb_dec_done
-.align	16
-.Lecb_dec_three:
-	call	_bsaes_decrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	jmp	.Lecb_dec_done
-.align	16
-.Lecb_dec_two:
-	call	_bsaes_decrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	jmp	.Lecb_dec_done
-.align	16
-.Lecb_dec_one:
-	call	_bsaes_decrypt8
-	movdqu	@XMM[0], 0x00($out)	# write output
-	jmp	.Lecb_dec_done
-.align	16
-.Lecb_dec_short:
-	lea	($inp), $arg1
-	lea	($out), $arg2
-	lea	($key), $arg3
-	call	asm_AES_decrypt
-	lea	16($inp), $inp
-	lea	16($out), $out
-	dec	$len
-	jnz	.Lecb_dec_short
-
-.Lecb_dec_done:
-	lea	(%rsp),%rax
-	pxor	%xmm0, %xmm0
-.Lecb_dec_bzero:			# wipe key schedule [if any]
-	movdqa	%xmm0, 0x00(%rax)
-	movdqa	%xmm0, 0x10(%rax)
-	lea	0x20(%rax), %rax
-	cmp	%rax, %rbp
-	jb	.Lecb_dec_bzero
-
-	lea	(%rbp),%rsp		# restore %rsp
-___
-$code.=<<___ if ($win64);
-	movaps	0x40(%rbp), %xmm6
-	movaps	0x50(%rbp), %xmm7
-	movaps	0x60(%rbp), %xmm8
-	movaps	0x70(%rbp), %xmm9
-	movaps	0x80(%rbp), %xmm10
-	movaps	0x90(%rbp), %xmm11
-	movaps	0xa0(%rbp), %xmm12
-	movaps	0xb0(%rbp), %xmm13
-	movaps	0xc0(%rbp), %xmm14
-	movaps	0xd0(%rbp), %xmm15
-	lea	0xa0(%rbp), %rsp
-___
-$code.=<<___;
-	mov	0x48(%rsp), %r15
-	mov	0x50(%rsp), %r14
-	mov	0x58(%rsp), %r13
-	mov	0x60(%rsp), %r12
-	mov	0x68(%rsp), %rbx
-	mov	0x70(%rsp), %rax
-	lea	0x78(%rsp), %rsp
-	mov	%rax, %rbp
-.Lecb_dec_epilogue:
-	ret
-.size	bsaes_ecb_decrypt_blocks,.-bsaes_ecb_decrypt_blocks
-___
-}
-$code.=<<___;
-.extern	asm_AES_cbc_encrypt
-.globl	bsaes_cbc_encrypt
-.type	bsaes_cbc_encrypt,\@abi-omnipotent
-.align	16
-bsaes_cbc_encrypt:
-___
-$code.=<<___ if ($win64);
-	mov	48(%rsp),$arg6		# pull direction flag
-___
-$code.=<<___;
-	cmp	\$0,$arg6
-	jne	asm_AES_cbc_encrypt
-	cmp	\$128,$arg3
-	jb	asm_AES_cbc_encrypt
-
-	mov	%rsp, %rax
-.Lcbc_dec_prologue:
-	push	%rbp
-	push	%rbx
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	lea	-0x48(%rsp), %rsp
-___
-$code.=<<___ if ($win64);
-	mov	0xa0(%rsp),$arg5	# pull ivp
-	lea	-0xa0(%rsp), %rsp
-	movaps	%xmm6, 0x40(%rsp)
-	movaps	%xmm7, 0x50(%rsp)
-	movaps	%xmm8, 0x60(%rsp)
-	movaps	%xmm9, 0x70(%rsp)
-	movaps	%xmm10, 0x80(%rsp)
-	movaps	%xmm11, 0x90(%rsp)
-	movaps	%xmm12, 0xa0(%rsp)
-	movaps	%xmm13, 0xb0(%rsp)
-	movaps	%xmm14, 0xc0(%rsp)
-	movaps	%xmm15, 0xd0(%rsp)
-.Lcbc_dec_body:
-___
-$code.=<<___;
-	mov	%rsp, %rbp		# backup %rsp
-	mov	240($arg4), %eax	# rounds
-	mov	$arg1, $inp		# backup arguments
-	mov	$arg2, $out
-	mov	$arg3, $len
-	mov	$arg4, $key
-	mov	$arg5, %rbx
-	shr	\$4, $len		# bytes to blocks
-
-	mov	%eax, %edx		# rounds
-	shl	\$7, %rax		# 128 bytes per inner round key
-	sub	\$`128-32`, %rax	# size of bit-sliced key schedule
-	sub	%rax, %rsp
-
-	mov	%rsp, %rax		# pass key schedule
-	mov	$key, %rcx		# pass key
-	mov	%edx, %r10d		# pass rounds
-	call	_bsaes_key_convert
-	pxor	(%rsp),%xmm7		# fix up 0 round key
-	movdqa	%xmm6,(%rax)		# save last round key
-	movdqa	%xmm7,(%rsp)
-
-	movdqu	(%rbx), @XMM[15]	# load IV
-	sub	\$8,$len
-.Lcbc_dec_loop:
-	movdqu	0x00($inp), @XMM[0]	# load input
-	movdqu	0x10($inp), @XMM[1]
-	movdqu	0x20($inp), @XMM[2]
-	movdqu	0x30($inp), @XMM[3]
-	movdqu	0x40($inp), @XMM[4]
-	movdqu	0x50($inp), @XMM[5]
-	mov	%rsp, %rax		# pass key schedule
-	movdqu	0x60($inp), @XMM[6]
-	mov	%edx,%r10d		# pass rounds
-	movdqu	0x70($inp), @XMM[7]
-	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
-
-	call	_bsaes_decrypt8
-
-	pxor	0x20(%rbp), @XMM[0]	# ^= IV
-	movdqu	0x00($inp), @XMM[8]	# re-load input
-	movdqu	0x10($inp), @XMM[9]
-	pxor	@XMM[8], @XMM[1]
-	movdqu	0x20($inp), @XMM[10]
-	pxor	@XMM[9], @XMM[6]
-	movdqu	0x30($inp), @XMM[11]
-	pxor	@XMM[10], @XMM[4]
-	movdqu	0x40($inp), @XMM[12]
-	pxor	@XMM[11], @XMM[2]
-	movdqu	0x50($inp), @XMM[13]
-	pxor	@XMM[12], @XMM[7]
-	movdqu	0x60($inp), @XMM[14]
-	pxor	@XMM[13], @XMM[3]
-	movdqu	0x70($inp), @XMM[15]	# IV
-	pxor	@XMM[14], @XMM[5]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	lea	0x80($inp), $inp
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	movdqu	@XMM[4], 0x30($out)
-	movdqu	@XMM[2], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	movdqu	@XMM[3], 0x60($out)
-	movdqu	@XMM[5], 0x70($out)
-	lea	0x80($out), $out
-	sub	\$8,$len
-	jnc	.Lcbc_dec_loop
-
-	add	\$8,$len
-	jz	.Lcbc_dec_done
-
-	movdqu	0x00($inp), @XMM[0]	# load input
-	mov	%rsp, %rax		# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-	cmp	\$2,$len
-	jb	.Lcbc_dec_one
-	movdqu	0x10($inp), @XMM[1]
-	je	.Lcbc_dec_two
-	movdqu	0x20($inp), @XMM[2]
-	cmp	\$4,$len
-	jb	.Lcbc_dec_three
-	movdqu	0x30($inp), @XMM[3]
-	je	.Lcbc_dec_four
-	movdqu	0x40($inp), @XMM[4]
-	cmp	\$6,$len
-	jb	.Lcbc_dec_five
-	movdqu	0x50($inp), @XMM[5]
-	je	.Lcbc_dec_six
-	movdqu	0x60($inp), @XMM[6]
-	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
-	call	_bsaes_decrypt8
-	pxor	0x20(%rbp), @XMM[0]	# ^= IV
-	movdqu	0x00($inp), @XMM[8]	# re-load input
-	movdqu	0x10($inp), @XMM[9]
-	pxor	@XMM[8], @XMM[1]
-	movdqu	0x20($inp), @XMM[10]
-	pxor	@XMM[9], @XMM[6]
-	movdqu	0x30($inp), @XMM[11]
-	pxor	@XMM[10], @XMM[4]
-	movdqu	0x40($inp), @XMM[12]
-	pxor	@XMM[11], @XMM[2]
-	movdqu	0x50($inp), @XMM[13]
-	pxor	@XMM[12], @XMM[7]
-	movdqu	0x60($inp), @XMM[15]	# IV
-	pxor	@XMM[13], @XMM[3]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	movdqu	@XMM[4], 0x30($out)
-	movdqu	@XMM[2], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	movdqu	@XMM[3], 0x60($out)
-	jmp	.Lcbc_dec_done
-.align	16
-.Lcbc_dec_six:
-	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
-	call	_bsaes_decrypt8
-	pxor	0x20(%rbp), @XMM[0]	# ^= IV
-	movdqu	0x00($inp), @XMM[8]	# re-load input
-	movdqu	0x10($inp), @XMM[9]
-	pxor	@XMM[8], @XMM[1]
-	movdqu	0x20($inp), @XMM[10]
-	pxor	@XMM[9], @XMM[6]
-	movdqu	0x30($inp), @XMM[11]
-	pxor	@XMM[10], @XMM[4]
-	movdqu	0x40($inp), @XMM[12]
-	pxor	@XMM[11], @XMM[2]
-	movdqu	0x50($inp), @XMM[15]	# IV
-	pxor	@XMM[12], @XMM[7]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	movdqu	@XMM[4], 0x30($out)
-	movdqu	@XMM[2], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	jmp	.Lcbc_dec_done
-.align	16
-.Lcbc_dec_five:
-	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
-	call	_bsaes_decrypt8
-	pxor	0x20(%rbp), @XMM[0]	# ^= IV
-	movdqu	0x00($inp), @XMM[8]	# re-load input
-	movdqu	0x10($inp), @XMM[9]
-	pxor	@XMM[8], @XMM[1]
-	movdqu	0x20($inp), @XMM[10]
-	pxor	@XMM[9], @XMM[6]
-	movdqu	0x30($inp), @XMM[11]
-	pxor	@XMM[10], @XMM[4]
-	movdqu	0x40($inp), @XMM[15]	# IV
-	pxor	@XMM[11], @XMM[2]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	movdqu	@XMM[4], 0x30($out)
-	movdqu	@XMM[2], 0x40($out)
-	jmp	.Lcbc_dec_done
-.align	16
-.Lcbc_dec_four:
-	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
-	call	_bsaes_decrypt8
-	pxor	0x20(%rbp), @XMM[0]	# ^= IV
-	movdqu	0x00($inp), @XMM[8]	# re-load input
-	movdqu	0x10($inp), @XMM[9]
-	pxor	@XMM[8], @XMM[1]
-	movdqu	0x20($inp), @XMM[10]
-	pxor	@XMM[9], @XMM[6]
-	movdqu	0x30($inp), @XMM[15]	# IV
-	pxor	@XMM[10], @XMM[4]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	movdqu	@XMM[4], 0x30($out)
-	jmp	.Lcbc_dec_done
-.align	16
-.Lcbc_dec_three:
-	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
-	call	_bsaes_decrypt8
-	pxor	0x20(%rbp), @XMM[0]	# ^= IV
-	movdqu	0x00($inp), @XMM[8]	# re-load input
-	movdqu	0x10($inp), @XMM[9]
-	pxor	@XMM[8], @XMM[1]
-	movdqu	0x20($inp), @XMM[15]	# IV
-	pxor	@XMM[9], @XMM[6]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	jmp	.Lcbc_dec_done
-.align	16
-.Lcbc_dec_two:
-	movdqa	@XMM[15], 0x20(%rbp)	# put aside IV
-	call	_bsaes_decrypt8
-	pxor	0x20(%rbp), @XMM[0]	# ^= IV
-	movdqu	0x00($inp), @XMM[8]	# re-load input
-	movdqu	0x10($inp), @XMM[15]	# IV
-	pxor	@XMM[8], @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	jmp	.Lcbc_dec_done
-.align	16
-.Lcbc_dec_one:
-	lea	($inp), $arg1
-	lea	0x20(%rbp), $arg2	# buffer output
-	lea	($key), $arg3
-	call	asm_AES_decrypt		# doesn't touch %xmm
-	pxor	0x20(%rbp), @XMM[15]	# ^= IV
-	movdqu	@XMM[15], ($out)	# write output
-	movdqa	@XMM[0], @XMM[15]	# IV
-
-.Lcbc_dec_done:
-	movdqu	@XMM[15], (%rbx)	# return IV
-	lea	(%rsp), %rax
-	pxor	%xmm0, %xmm0
-.Lcbc_dec_bzero:			# wipe key schedule [if any]
-	movdqa	%xmm0, 0x00(%rax)
-	movdqa	%xmm0, 0x10(%rax)
-	lea	0x20(%rax), %rax
-	cmp	%rax, %rbp
-	ja	.Lcbc_dec_bzero
-
-	lea	(%rbp),%rsp		# restore %rsp
-___
-$code.=<<___ if ($win64);
-	movaps	0x40(%rbp), %xmm6
-	movaps	0x50(%rbp), %xmm7
-	movaps	0x60(%rbp), %xmm8
-	movaps	0x70(%rbp), %xmm9
-	movaps	0x80(%rbp), %xmm10
-	movaps	0x90(%rbp), %xmm11
-	movaps	0xa0(%rbp), %xmm12
-	movaps	0xb0(%rbp), %xmm13
-	movaps	0xc0(%rbp), %xmm14
-	movaps	0xd0(%rbp), %xmm15
-	lea	0xa0(%rbp), %rsp
-___
-$code.=<<___;
-	mov	0x48(%rsp), %r15
-	mov	0x50(%rsp), %r14
-	mov	0x58(%rsp), %r13
-	mov	0x60(%rsp), %r12
-	mov	0x68(%rsp), %rbx
-	mov	0x70(%rsp), %rax
-	lea	0x78(%rsp), %rsp
-	mov	%rax, %rbp
-.Lcbc_dec_epilogue:
-	ret
-.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
-
-.globl	bsaes_ctr32_encrypt_blocks
-.type	bsaes_ctr32_encrypt_blocks,\@abi-omnipotent
-.align	16
-bsaes_ctr32_encrypt_blocks:
-	mov	%rsp, %rax
-.Lctr_enc_prologue:
-	push	%rbp
-	push	%rbx
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	lea	-0x48(%rsp), %rsp
-___
-$code.=<<___ if ($win64);
-	mov	0xa0(%rsp),$arg5	# pull ivp
-	lea	-0xa0(%rsp), %rsp
-	movaps	%xmm6, 0x40(%rsp)
-	movaps	%xmm7, 0x50(%rsp)
-	movaps	%xmm8, 0x60(%rsp)
-	movaps	%xmm9, 0x70(%rsp)
-	movaps	%xmm10, 0x80(%rsp)
-	movaps	%xmm11, 0x90(%rsp)
-	movaps	%xmm12, 0xa0(%rsp)
-	movaps	%xmm13, 0xb0(%rsp)
-	movaps	%xmm14, 0xc0(%rsp)
-	movaps	%xmm15, 0xd0(%rsp)
-.Lctr_enc_body:
-___
-$code.=<<___;
-	mov	%rsp, %rbp		# backup %rsp
-	movdqu	($arg5), %xmm0		# load counter
-	mov	240($arg4), %eax	# rounds
-	mov	$arg1, $inp		# backup arguments
-	mov	$arg2, $out
-	mov	$arg3, $len
-	mov	$arg4, $key
-	movdqa	%xmm0, 0x20(%rbp)	# copy counter
-	cmp	\$8, $arg3
-	jb	.Lctr_enc_short
-
-	mov	%eax, %ebx		# rounds
-	shl	\$7, %rax		# 128 bytes per inner round key
-	sub	\$`128-32`, %rax	# size of bit-sliced key schedule
-	sub	%rax, %rsp
-
-	mov	%rsp, %rax		# pass key schedule
-	mov	$key, %rcx		# pass key
-	mov	%ebx, %r10d		# pass rounds
-	call	_bsaes_key_convert
-	pxor	%xmm6,%xmm7		# fix up last round key
-	movdqa	%xmm7,(%rax)		# save last round key
-
-	movdqa	(%rsp), @XMM[9]		# load round0 key
-	lea	.LADD1(%rip), %r11
-	movdqa	0x20(%rbp), @XMM[0]	# counter copy
-	movdqa	-0x20(%r11), @XMM[8]	# .LSWPUP
-	pshufb	@XMM[8], @XMM[9]	# byte swap upper part
-	pshufb	@XMM[8], @XMM[0]
-	movdqa	@XMM[9], (%rsp)		# save adjusted round0 key
-	jmp	.Lctr_enc_loop
-.align	16
-.Lctr_enc_loop:
-	movdqa	@XMM[0], 0x20(%rbp)	# save counter
-	movdqa	@XMM[0], @XMM[1]	# prepare 8 counter values
-	movdqa	@XMM[0], @XMM[2]
-	paddd	0x00(%r11), @XMM[1]	# .LADD1
-	movdqa	@XMM[0], @XMM[3]
-	paddd	0x10(%r11), @XMM[2]	# .LADD2
-	movdqa	@XMM[0], @XMM[4]
-	paddd	0x20(%r11), @XMM[3]	# .LADD3
-	movdqa	@XMM[0], @XMM[5]
-	paddd	0x30(%r11), @XMM[4]	# .LADD4
-	movdqa	@XMM[0], @XMM[6]
-	paddd	0x40(%r11), @XMM[5]	# .LADD5
-	movdqa	@XMM[0], @XMM[7]
-	paddd	0x50(%r11), @XMM[6]	# .LADD6
-	paddd	0x60(%r11), @XMM[7]	# .LADD7
-
-	# Borrow prologue from _bsaes_encrypt8 to use the opportunity
-	# to flip byte order in 32-bit counter
-	movdqa	(%rsp), @XMM[9]		# round 0 key
-	lea	0x10(%rsp), %rax	# pass key schedule
-	movdqa	-0x10(%r11), @XMM[8]	# .LSWPUPM0SR
-	pxor	@XMM[9], @XMM[0]	# xor with round0 key
-	pxor	@XMM[9], @XMM[1]
-	 pshufb	@XMM[8], @XMM[0]
-	pxor	@XMM[9], @XMM[2]
-	 pshufb	@XMM[8], @XMM[1]
-	pxor	@XMM[9], @XMM[3]
-	 pshufb	@XMM[8], @XMM[2]
-	pxor	@XMM[9], @XMM[4]
-	 pshufb	@XMM[8], @XMM[3]
-	pxor	@XMM[9], @XMM[5]
-	 pshufb	@XMM[8], @XMM[4]
-	pxor	@XMM[9], @XMM[6]
-	 pshufb	@XMM[8], @XMM[5]
-	pxor	@XMM[9], @XMM[7]
-	 pshufb	@XMM[8], @XMM[6]
-	lea	.LBS0(%rip), %r11	# constants table
-	 pshufb	@XMM[8], @XMM[7]
-	mov	%ebx,%r10d		# pass rounds
-
-	call	_bsaes_encrypt8_bitslice
-
-	sub	\$8,$len
-	jc	.Lctr_enc_loop_done
-
-	movdqu	0x00($inp), @XMM[8]	# load input
-	movdqu	0x10($inp), @XMM[9]
-	movdqu	0x20($inp), @XMM[10]
-	movdqu	0x30($inp), @XMM[11]
-	movdqu	0x40($inp), @XMM[12]
-	movdqu	0x50($inp), @XMM[13]
-	movdqu	0x60($inp), @XMM[14]
-	movdqu	0x70($inp), @XMM[15]
-	lea	0x80($inp),$inp
-	pxor	@XMM[0], @XMM[8]
-	movdqa	0x20(%rbp), @XMM[0]	# load counter
-	pxor	@XMM[9], @XMM[1]
-	movdqu	@XMM[8], 0x00($out)	# write output
-	pxor	@XMM[10], @XMM[4]
-	movdqu	@XMM[1], 0x10($out)
-	pxor	@XMM[11], @XMM[6]
-	movdqu	@XMM[4], 0x20($out)
-	pxor	@XMM[12], @XMM[3]
-	movdqu	@XMM[6], 0x30($out)
-	pxor	@XMM[13], @XMM[7]
-	movdqu	@XMM[3], 0x40($out)
-	pxor	@XMM[14], @XMM[2]
-	movdqu	@XMM[7], 0x50($out)
-	pxor	@XMM[15], @XMM[5]
-	movdqu	@XMM[2], 0x60($out)
-	lea	.LADD1(%rip), %r11
-	movdqu	@XMM[5], 0x70($out)
-	lea	0x80($out), $out
-	paddd	0x70(%r11), @XMM[0]	# .LADD8
-	jnz	.Lctr_enc_loop
-
-	jmp	.Lctr_enc_done
-.align	16
-.Lctr_enc_loop_done:
-	add	\$8, $len
-	movdqu	0x00($inp), @XMM[8]	# load input
-	pxor	@XMM[8], @XMM[0]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	cmp	\$2,$len
-	jb	.Lctr_enc_done
-	movdqu	0x10($inp), @XMM[9]
-	pxor	@XMM[9], @XMM[1]
-	movdqu	@XMM[1], 0x10($out)
-	je	.Lctr_enc_done
-	movdqu	0x20($inp), @XMM[10]
-	pxor	@XMM[10], @XMM[4]
-	movdqu	@XMM[4], 0x20($out)
-	cmp	\$4,$len
-	jb	.Lctr_enc_done
-	movdqu	0x30($inp), @XMM[11]
-	pxor	@XMM[11], @XMM[6]
-	movdqu	@XMM[6], 0x30($out)
-	je	.Lctr_enc_done
-	movdqu	0x40($inp), @XMM[12]
-	pxor	@XMM[12], @XMM[3]
-	movdqu	@XMM[3], 0x40($out)
-	cmp	\$6,$len
-	jb	.Lctr_enc_done
-	movdqu	0x50($inp), @XMM[13]
-	pxor	@XMM[13], @XMM[7]
-	movdqu	@XMM[7], 0x50($out)
-	je	.Lctr_enc_done
-	movdqu	0x60($inp), @XMM[14]
-	pxor	@XMM[14], @XMM[2]
-	movdqu	@XMM[2], 0x60($out)
-	jmp	.Lctr_enc_done
-
-.align	16
-.Lctr_enc_short:
-	lea	0x20(%rbp), $arg1
-	lea	0x30(%rbp), $arg2
-	lea	($key), $arg3
-	call	asm_AES_encrypt
-	movdqu	($inp), @XMM[1]
-	lea	16($inp), $inp
-	mov	0x2c(%rbp), %eax	# load 32-bit counter
-	bswap	%eax
-	pxor	0x30(%rbp), @XMM[1]
-	inc	%eax			# increment
-	movdqu	@XMM[1], ($out)
-	bswap	%eax
-	lea	16($out), $out
-	mov	%eax, 0x2c(%rsp)	# save 32-bit counter
-	dec	$len
-	jnz	.Lctr_enc_short
-
-.Lctr_enc_done:
-	lea	(%rsp), %rax
-	pxor	%xmm0, %xmm0
-.Lctr_enc_bzero:			# wipe key schedule [if any]
-	movdqa	%xmm0, 0x00(%rax)
-	movdqa	%xmm0, 0x10(%rax)
-	lea	0x20(%rax), %rax
-	cmp	%rax, %rbp
-	ja	.Lctr_enc_bzero
-
-	lea	(%rbp),%rsp		# restore %rsp
-___
-$code.=<<___ if ($win64);
-	movaps	0x40(%rbp), %xmm6
-	movaps	0x50(%rbp), %xmm7
-	movaps	0x60(%rbp), %xmm8
-	movaps	0x70(%rbp), %xmm9
-	movaps	0x80(%rbp), %xmm10
-	movaps	0x90(%rbp), %xmm11
-	movaps	0xa0(%rbp), %xmm12
-	movaps	0xb0(%rbp), %xmm13
-	movaps	0xc0(%rbp), %xmm14
-	movaps	0xd0(%rbp), %xmm15
-	lea	0xa0(%rbp), %rsp
-___
-$code.=<<___;
-	mov	0x48(%rsp), %r15
-	mov	0x50(%rsp), %r14
-	mov	0x58(%rsp), %r13
-	mov	0x60(%rsp), %r12
-	mov	0x68(%rsp), %rbx
-	mov	0x70(%rsp), %rax
-	lea	0x78(%rsp), %rsp
-	mov	%rax, %rbp
-.Lctr_enc_epilogue:
-	ret
-.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
-___
-######################################################################
-# void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len,
-#	const AES_KEY *key1, const AES_KEY *key2,
-#	const unsigned char iv[16]);
-#
-my ($twmask,$twres,$twtmp)=@XMM[13..15];
-$arg6=~s/d$//;
-
-$code.=<<___;
-.globl	bsaes_xts_encrypt
-.type	bsaes_xts_encrypt,\@abi-omnipotent
-.align	16
-bsaes_xts_encrypt:
-	mov	%rsp, %rax
-.Lxts_enc_prologue:
-	push	%rbp
-	push	%rbx
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	lea	-0x48(%rsp), %rsp
-___
-$code.=<<___ if ($win64);
-	mov	0xa0(%rsp),$arg5	# pull key2
-	mov	0xa8(%rsp),$arg6	# pull ivp
-	lea	-0xa0(%rsp), %rsp
-	movaps	%xmm6, 0x40(%rsp)
-	movaps	%xmm7, 0x50(%rsp)
-	movaps	%xmm8, 0x60(%rsp)
-	movaps	%xmm9, 0x70(%rsp)
-	movaps	%xmm10, 0x80(%rsp)
-	movaps	%xmm11, 0x90(%rsp)
-	movaps	%xmm12, 0xa0(%rsp)
-	movaps	%xmm13, 0xb0(%rsp)
-	movaps	%xmm14, 0xc0(%rsp)
-	movaps	%xmm15, 0xd0(%rsp)
-.Lxts_enc_body:
-___
-$code.=<<___;
-	mov	%rsp, %rbp		# backup %rsp
-	mov	$arg1, $inp		# backup arguments
-	mov	$arg2, $out
-	mov	$arg3, $len
-	mov	$arg4, $key
-
-	lea	($arg6), $arg1
-	lea	0x20(%rbp), $arg2
-	lea	($arg5), $arg3
-	call	asm_AES_encrypt		# generate initial tweak
-
-	mov	240($key), %eax		# rounds
-	mov	$len, %rbx		# backup $len
-
-	mov	%eax, %edx		# rounds
-	shl	\$7, %rax		# 128 bytes per inner round key
-	sub	\$`128-32`, %rax	# size of bit-sliced key schedule
-	sub	%rax, %rsp
-
-	mov	%rsp, %rax		# pass key schedule
-	mov	$key, %rcx		# pass key
-	mov	%edx, %r10d		# pass rounds
-	call	_bsaes_key_convert
-	pxor	%xmm6, %xmm7		# fix up last round key
-	movdqa	%xmm7, (%rax)		# save last round key
-
-	and	\$-16, $len
-	sub	\$0x80, %rsp		# place for tweak[8]
-	movdqa	0x20(%rbp), @XMM[7]	# initial tweak
-
-	pxor	$twtmp, $twtmp
-	movdqa	.Lxts_magic(%rip), $twmask
-	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
-
-	sub	\$0x80, $len
-	jc	.Lxts_enc_short
-	jmp	.Lxts_enc_loop
-
-.align	16
-.Lxts_enc_loop:
-___
-    for ($i=0;$i<7;$i++) {
-    $code.=<<___;
-	pshufd	\$0x13, $twtmp, $twres
-	pxor	$twtmp, $twtmp
-	movdqa	@XMM[7], @XMM[$i]
-	movdqa	@XMM[7], `0x10*$i`(%rsp)# save tweak[$i]
-	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
-	pand	$twmask, $twres		# isolate carry and residue
-	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
-	pxor	$twres, @XMM[7]
-___
-    $code.=<<___ if ($i>=1);
-	movdqu	`0x10*($i-1)`($inp), @XMM[8+$i-1]
-___
-    $code.=<<___ if ($i>=2);
-	pxor	@XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[]
-___
-    }
-$code.=<<___;
-	movdqu	0x60($inp), @XMM[8+6]
-	pxor	@XMM[8+5], @XMM[5]
-	movdqu	0x70($inp), @XMM[8+7]
-	lea	0x80($inp), $inp
-	movdqa	@XMM[7], 0x70(%rsp)
-	pxor	@XMM[8+6], @XMM[6]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	pxor	@XMM[8+7], @XMM[7]
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_encrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	pxor	0x20(%rsp), @XMM[4]
-	movdqu	@XMM[1], 0x10($out)
-	pxor	0x30(%rsp), @XMM[6]
-	movdqu	@XMM[4], 0x20($out)
-	pxor	0x40(%rsp), @XMM[3]
-	movdqu	@XMM[6], 0x30($out)
-	pxor	0x50(%rsp), @XMM[7]
-	movdqu	@XMM[3], 0x40($out)
-	pxor	0x60(%rsp), @XMM[2]
-	movdqu	@XMM[7], 0x50($out)
-	pxor	0x70(%rsp), @XMM[5]
-	movdqu	@XMM[2], 0x60($out)
-	movdqu	@XMM[5], 0x70($out)
-	lea	0x80($out), $out
-
-	movdqa	0x70(%rsp), @XMM[7]	# prepare next iteration tweak
-	pxor	$twtmp, $twtmp
-	movdqa	.Lxts_magic(%rip), $twmask
-	pcmpgtd	@XMM[7], $twtmp
-	pshufd	\$0x13, $twtmp, $twres
-	pxor	$twtmp, $twtmp
-	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
-	pand	$twmask, $twres		# isolate carry and residue
-	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
-	pxor	$twres, @XMM[7]
-
-	sub	\$0x80,$len
-	jnc	.Lxts_enc_loop
-
-.Lxts_enc_short:
-	add	\$0x80, $len
-	jz	.Lxts_enc_done
-___
-    for ($i=0;$i<7;$i++) {
-    $code.=<<___;
-	pshufd	\$0x13, $twtmp, $twres
-	pxor	$twtmp, $twtmp
-	movdqa	@XMM[7], @XMM[$i]
-	movdqa	@XMM[7], `0x10*$i`(%rsp)# save tweak[$i]
-	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
-	pand	$twmask, $twres		# isolate carry and residue
-	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
-	pxor	$twres, @XMM[7]
-___
-    $code.=<<___ if ($i>=1);
-	movdqu	`0x10*($i-1)`($inp), @XMM[8+$i-1]
-	cmp	\$`0x10*$i`,$len
-	je	.Lxts_enc_$i
-___
-    $code.=<<___ if ($i>=2);
-	pxor	@XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[]
-___
-    }
-$code.=<<___;
-	movdqu	0x60($inp), @XMM[8+6]
-	pxor	@XMM[8+5], @XMM[5]
-	movdqa	@XMM[7], 0x70(%rsp)
-	lea	0x70($inp), $inp
-	pxor	@XMM[8+6], @XMM[6]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_encrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	pxor	0x20(%rsp), @XMM[4]
-	movdqu	@XMM[1], 0x10($out)
-	pxor	0x30(%rsp), @XMM[6]
-	movdqu	@XMM[4], 0x20($out)
-	pxor	0x40(%rsp), @XMM[3]
-	movdqu	@XMM[6], 0x30($out)
-	pxor	0x50(%rsp), @XMM[7]
-	movdqu	@XMM[3], 0x40($out)
-	pxor	0x60(%rsp), @XMM[2]
-	movdqu	@XMM[7], 0x50($out)
-	movdqu	@XMM[2], 0x60($out)
-	lea	0x70($out), $out
-
-	movdqa	0x70(%rsp), @XMM[7]	# next iteration tweak
-	jmp	.Lxts_enc_done
-.align	16
-.Lxts_enc_6:
-	pxor	@XMM[8+4], @XMM[4]
-	lea	0x60($inp), $inp
-	pxor	@XMM[8+5], @XMM[5]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_encrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	pxor	0x20(%rsp), @XMM[4]
-	movdqu	@XMM[1], 0x10($out)
-	pxor	0x30(%rsp), @XMM[6]
-	movdqu	@XMM[4], 0x20($out)
-	pxor	0x40(%rsp), @XMM[3]
-	movdqu	@XMM[6], 0x30($out)
-	pxor	0x50(%rsp), @XMM[7]
-	movdqu	@XMM[3], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	lea	0x60($out), $out
-
-	movdqa	0x60(%rsp), @XMM[7]	# next iteration tweak
-	jmp	.Lxts_enc_done
-.align	16
-.Lxts_enc_5:
-	pxor	@XMM[8+3], @XMM[3]
-	lea	0x50($inp), $inp
-	pxor	@XMM[8+4], @XMM[4]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_encrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	pxor	0x20(%rsp), @XMM[4]
-	movdqu	@XMM[1], 0x10($out)
-	pxor	0x30(%rsp), @XMM[6]
-	movdqu	@XMM[4], 0x20($out)
-	pxor	0x40(%rsp), @XMM[3]
-	movdqu	@XMM[6], 0x30($out)
-	movdqu	@XMM[3], 0x40($out)
-	lea	0x50($out), $out
-
-	movdqa	0x50(%rsp), @XMM[7]	# next iteration tweak
-	jmp	.Lxts_enc_done
-.align	16
-.Lxts_enc_4:
-	pxor	@XMM[8+2], @XMM[2]
-	lea	0x40($inp), $inp
-	pxor	@XMM[8+3], @XMM[3]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_encrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	pxor	0x20(%rsp), @XMM[4]
-	movdqu	@XMM[1], 0x10($out)
-	pxor	0x30(%rsp), @XMM[6]
-	movdqu	@XMM[4], 0x20($out)
-	movdqu	@XMM[6], 0x30($out)
-	lea	0x40($out), $out
-
-	movdqa	0x40(%rsp), @XMM[7]	# next iteration tweak
-	jmp	.Lxts_enc_done
-.align	16
-.Lxts_enc_3:
-	pxor	@XMM[8+1], @XMM[1]
-	lea	0x30($inp), $inp
-	pxor	@XMM[8+2], @XMM[2]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_encrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	pxor	0x20(%rsp), @XMM[4]
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[4], 0x20($out)
-	lea	0x30($out), $out
-
-	movdqa	0x30(%rsp), @XMM[7]	# next iteration tweak
-	jmp	.Lxts_enc_done
-.align	16
-.Lxts_enc_2:
-	pxor	@XMM[8+0], @XMM[0]
-	lea	0x20($inp), $inp
-	pxor	@XMM[8+1], @XMM[1]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_encrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	lea	0x20($out), $out
-
-	movdqa	0x20(%rsp), @XMM[7]	# next iteration tweak
-	jmp	.Lxts_enc_done
-.align	16
-.Lxts_enc_1:
-	pxor	@XMM[0], @XMM[8]
-	lea	0x10($inp), $inp
-	movdqa	@XMM[8], 0x20(%rbp)
-	lea	0x20(%rbp), $arg1
-	lea	0x20(%rbp), $arg2
-	lea	($key), $arg3
-	call	asm_AES_encrypt		# doesn't touch %xmm
-	pxor	0x20(%rbp), @XMM[0]	# ^= tweak[]
-	#pxor	@XMM[8], @XMM[0]
-	#lea	0x80(%rsp), %rax	# pass key schedule
-	#mov	%edx, %r10d		# pass rounds
-	#call	_bsaes_encrypt8
-	#pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	lea	0x10($out), $out
-
-	movdqa	0x10(%rsp), @XMM[7]	# next iteration tweak
-
-.Lxts_enc_done:
-	and	\$15, %ebx
-	jz	.Lxts_enc_ret
-	mov	$out, %rdx
-
-.Lxts_enc_steal:
-	movzb	($inp), %eax
-	movzb	-16(%rdx), %ecx
-	lea	1($inp), $inp
-	mov	%al, -16(%rdx)
-	mov	%cl, 0(%rdx)
-	lea	1(%rdx), %rdx
-	sub	\$1,%ebx
-	jnz	.Lxts_enc_steal
-
-	movdqu	-16($out), @XMM[0]
-	lea	0x20(%rbp), $arg1
-	pxor	@XMM[7], @XMM[0]
-	lea	0x20(%rbp), $arg2
-	movdqa	@XMM[0], 0x20(%rbp)
-	lea	($key), $arg3
-	call	asm_AES_encrypt		# doesn't touch %xmm
-	pxor	0x20(%rbp), @XMM[7]
-	movdqu	@XMM[7], -16($out)
-
-.Lxts_enc_ret:
-	lea	(%rsp), %rax
-	pxor	%xmm0, %xmm0
-.Lxts_enc_bzero:			# wipe key schedule [if any]
-	movdqa	%xmm0, 0x00(%rax)
-	movdqa	%xmm0, 0x10(%rax)
-	lea	0x20(%rax), %rax
-	cmp	%rax, %rbp
-	ja	.Lxts_enc_bzero
-
-	lea	(%rbp),%rsp		# restore %rsp
-___
-$code.=<<___ if ($win64);
-	movaps	0x40(%rbp), %xmm6
-	movaps	0x50(%rbp), %xmm7
-	movaps	0x60(%rbp), %xmm8
-	movaps	0x70(%rbp), %xmm9
-	movaps	0x80(%rbp), %xmm10
-	movaps	0x90(%rbp), %xmm11
-	movaps	0xa0(%rbp), %xmm12
-	movaps	0xb0(%rbp), %xmm13
-	movaps	0xc0(%rbp), %xmm14
-	movaps	0xd0(%rbp), %xmm15
-	lea	0xa0(%rbp), %rsp
-___
-$code.=<<___;
-	mov	0x48(%rsp), %r15
-	mov	0x50(%rsp), %r14
-	mov	0x58(%rsp), %r13
-	mov	0x60(%rsp), %r12
-	mov	0x68(%rsp), %rbx
-	mov	0x70(%rsp), %rax
-	lea	0x78(%rsp), %rsp
-	mov	%rax, %rbp
-.Lxts_enc_epilogue:
-	ret
-.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt
-
-.globl	bsaes_xts_decrypt
-.type	bsaes_xts_decrypt,\@abi-omnipotent
-.align	16
-bsaes_xts_decrypt:
-	mov	%rsp, %rax
-.Lxts_dec_prologue:
-	push	%rbp
-	push	%rbx
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	lea	-0x48(%rsp), %rsp
-___
-$code.=<<___ if ($win64);
-	mov	0xa0(%rsp),$arg5	# pull key2
-	mov	0xa8(%rsp),$arg6	# pull ivp
-	lea	-0xa0(%rsp), %rsp
-	movaps	%xmm6, 0x40(%rsp)
-	movaps	%xmm7, 0x50(%rsp)
-	movaps	%xmm8, 0x60(%rsp)
-	movaps	%xmm9, 0x70(%rsp)
-	movaps	%xmm10, 0x80(%rsp)
-	movaps	%xmm11, 0x90(%rsp)
-	movaps	%xmm12, 0xa0(%rsp)
-	movaps	%xmm13, 0xb0(%rsp)
-	movaps	%xmm14, 0xc0(%rsp)
-	movaps	%xmm15, 0xd0(%rsp)
-.Lxts_dec_body:
-___
-$code.=<<___;
-	mov	%rsp, %rbp		# backup %rsp
-	mov	$arg1, $inp		# backup arguments
-	mov	$arg2, $out
-	mov	$arg3, $len
-	mov	$arg4, $key
-
-	lea	($arg6), $arg1
-	lea	0x20(%rbp), $arg2
-	lea	($arg5), $arg3
-	call	asm_AES_encrypt		# generate initial tweak
-
-	mov	240($key), %eax		# rounds
-	mov	$len, %rbx		# backup $len
-
-	mov	%eax, %edx		# rounds
-	shl	\$7, %rax		# 128 bytes per inner round key
-	sub	\$`128-32`, %rax	# size of bit-sliced key schedule
-	sub	%rax, %rsp
-
-	mov	%rsp, %rax		# pass key schedule
-	mov	$key, %rcx		# pass key
-	mov	%edx, %r10d		# pass rounds
-	call	_bsaes_key_convert
-	pxor	(%rsp), %xmm7		# fix up round 0 key
-	movdqa	%xmm6, (%rax)		# save last round key
-	movdqa	%xmm7, (%rsp)
-
-	xor	%eax, %eax		# if ($len%16) len-=16;
-	and	\$-16, $len
-	test	\$15, %ebx
-	setnz	%al
-	shl	\$4, %rax
-	sub	%rax, $len
-
-	sub	\$0x80, %rsp		# place for tweak[8]
-	movdqa	0x20(%rbp), @XMM[7]	# initial tweak
-
-	pxor	$twtmp, $twtmp
-	movdqa	.Lxts_magic(%rip), $twmask
-	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
-
-	sub	\$0x80, $len
-	jc	.Lxts_dec_short
-	jmp	.Lxts_dec_loop
-
-.align	16
-.Lxts_dec_loop:
-___
-    for ($i=0;$i<7;$i++) {
-    $code.=<<___;
-	pshufd	\$0x13, $twtmp, $twres
-	pxor	$twtmp, $twtmp
-	movdqa	@XMM[7], @XMM[$i]
-	movdqa	@XMM[7], `0x10*$i`(%rsp)# save tweak[$i]
-	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
-	pand	$twmask, $twres		# isolate carry and residue
-	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
-	pxor	$twres, @XMM[7]
-___
-    $code.=<<___ if ($i>=1);
-	movdqu	`0x10*($i-1)`($inp), @XMM[8+$i-1]
-___
-    $code.=<<___ if ($i>=2);
-	pxor	@XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[]
-___
-    }
-$code.=<<___;
-	movdqu	0x60($inp), @XMM[8+6]
-	pxor	@XMM[8+5], @XMM[5]
-	movdqu	0x70($inp), @XMM[8+7]
-	lea	0x80($inp), $inp
-	movdqa	@XMM[7], 0x70(%rsp)
-	pxor	@XMM[8+6], @XMM[6]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	pxor	@XMM[8+7], @XMM[7]
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_decrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	pxor	0x20(%rsp), @XMM[6]
-	movdqu	@XMM[1], 0x10($out)
-	pxor	0x30(%rsp), @XMM[4]
-	movdqu	@XMM[6], 0x20($out)
-	pxor	0x40(%rsp), @XMM[2]
-	movdqu	@XMM[4], 0x30($out)
-	pxor	0x50(%rsp), @XMM[7]
-	movdqu	@XMM[2], 0x40($out)
-	pxor	0x60(%rsp), @XMM[3]
-	movdqu	@XMM[7], 0x50($out)
-	pxor	0x70(%rsp), @XMM[5]
-	movdqu	@XMM[3], 0x60($out)
-	movdqu	@XMM[5], 0x70($out)
-	lea	0x80($out), $out
-
-	movdqa	0x70(%rsp), @XMM[7]	# prepare next iteration tweak
-	pxor	$twtmp, $twtmp
-	movdqa	.Lxts_magic(%rip), $twmask
-	pcmpgtd	@XMM[7], $twtmp
-	pshufd	\$0x13, $twtmp, $twres
-	pxor	$twtmp, $twtmp
-	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
-	pand	$twmask, $twres		# isolate carry and residue
-	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
-	pxor	$twres, @XMM[7]
-
-	sub	\$0x80,$len
-	jnc	.Lxts_dec_loop
-
-.Lxts_dec_short:
-	add	\$0x80, $len
-	jz	.Lxts_dec_done
-___
-    for ($i=0;$i<7;$i++) {
-    $code.=<<___;
-	pshufd	\$0x13, $twtmp, $twres
-	pxor	$twtmp, $twtmp
-	movdqa	@XMM[7], @XMM[$i]
-	movdqa	@XMM[7], `0x10*$i`(%rsp)# save tweak[$i]
-	paddq	@XMM[7], @XMM[7]	# psllq	1,$tweak
-	pand	$twmask, $twres		# isolate carry and residue
-	pcmpgtd	@XMM[7], $twtmp		# broadcast upper bits
-	pxor	$twres, @XMM[7]
-___
-    $code.=<<___ if ($i>=1);
-	movdqu	`0x10*($i-1)`($inp), @XMM[8+$i-1]
-	cmp	\$`0x10*$i`,$len
-	je	.Lxts_dec_$i
-___
-    $code.=<<___ if ($i>=2);
-	pxor	@XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[]
-___
-    }
-$code.=<<___;
-	movdqu	0x60($inp), @XMM[8+6]
-	pxor	@XMM[8+5], @XMM[5]
-	movdqa	@XMM[7], 0x70(%rsp)
-	lea	0x70($inp), $inp
-	pxor	@XMM[8+6], @XMM[6]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_decrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	pxor	0x20(%rsp), @XMM[6]
-	movdqu	@XMM[1], 0x10($out)
-	pxor	0x30(%rsp), @XMM[4]
-	movdqu	@XMM[6], 0x20($out)
-	pxor	0x40(%rsp), @XMM[2]
-	movdqu	@XMM[4], 0x30($out)
-	pxor	0x50(%rsp), @XMM[7]
-	movdqu	@XMM[2], 0x40($out)
-	pxor	0x60(%rsp), @XMM[3]
-	movdqu	@XMM[7], 0x50($out)
-	movdqu	@XMM[3], 0x60($out)
-	lea	0x70($out), $out
-
-	movdqa	0x70(%rsp), @XMM[7]	# next iteration tweak
-	jmp	.Lxts_dec_done
-.align	16
-.Lxts_dec_6:
-	pxor	@XMM[8+4], @XMM[4]
-	lea	0x60($inp), $inp
-	pxor	@XMM[8+5], @XMM[5]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_decrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	pxor	0x20(%rsp), @XMM[6]
-	movdqu	@XMM[1], 0x10($out)
-	pxor	0x30(%rsp), @XMM[4]
-	movdqu	@XMM[6], 0x20($out)
-	pxor	0x40(%rsp), @XMM[2]
-	movdqu	@XMM[4], 0x30($out)
-	pxor	0x50(%rsp), @XMM[7]
-	movdqu	@XMM[2], 0x40($out)
-	movdqu	@XMM[7], 0x50($out)
-	lea	0x60($out), $out
-
-	movdqa	0x60(%rsp), @XMM[7]	# next iteration tweak
-	jmp	.Lxts_dec_done
-.align	16
-.Lxts_dec_5:
-	pxor	@XMM[8+3], @XMM[3]
-	lea	0x50($inp), $inp
-	pxor	@XMM[8+4], @XMM[4]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_decrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	pxor	0x20(%rsp), @XMM[6]
-	movdqu	@XMM[1], 0x10($out)
-	pxor	0x30(%rsp), @XMM[4]
-	movdqu	@XMM[6], 0x20($out)
-	pxor	0x40(%rsp), @XMM[2]
-	movdqu	@XMM[4], 0x30($out)
-	movdqu	@XMM[2], 0x40($out)
-	lea	0x50($out), $out
-
-	movdqa	0x50(%rsp), @XMM[7]	# next iteration tweak
-	jmp	.Lxts_dec_done
-.align	16
-.Lxts_dec_4:
-	pxor	@XMM[8+2], @XMM[2]
-	lea	0x40($inp), $inp
-	pxor	@XMM[8+3], @XMM[3]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_decrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	pxor	0x20(%rsp), @XMM[6]
-	movdqu	@XMM[1], 0x10($out)
-	pxor	0x30(%rsp), @XMM[4]
-	movdqu	@XMM[6], 0x20($out)
-	movdqu	@XMM[4], 0x30($out)
-	lea	0x40($out), $out
-
-	movdqa	0x40(%rsp), @XMM[7]	# next iteration tweak
-	jmp	.Lxts_dec_done
-.align	16
-.Lxts_dec_3:
-	pxor	@XMM[8+1], @XMM[1]
-	lea	0x30($inp), $inp
-	pxor	@XMM[8+2], @XMM[2]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_decrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	pxor	0x20(%rsp), @XMM[6]
-	movdqu	@XMM[1], 0x10($out)
-	movdqu	@XMM[6], 0x20($out)
-	lea	0x30($out), $out
-
-	movdqa	0x30(%rsp), @XMM[7]	# next iteration tweak
-	jmp	.Lxts_dec_done
-.align	16
-.Lxts_dec_2:
-	pxor	@XMM[8+0], @XMM[0]
-	lea	0x20($inp), $inp
-	pxor	@XMM[8+1], @XMM[1]
-	lea	0x80(%rsp), %rax	# pass key schedule
-	mov	%edx, %r10d		# pass rounds
-
-	call	_bsaes_decrypt8
-
-	pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	pxor	0x10(%rsp), @XMM[1]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	movdqu	@XMM[1], 0x10($out)
-	lea	0x20($out), $out
-
-	movdqa	0x20(%rsp), @XMM[7]	# next iteration tweak
-	jmp	.Lxts_dec_done
-.align	16
-.Lxts_dec_1:
-	pxor	@XMM[0], @XMM[8]
-	lea	0x10($inp), $inp
-	movdqa	@XMM[8], 0x20(%rbp)
-	lea	0x20(%rbp), $arg1
-	lea	0x20(%rbp), $arg2
-	lea	($key), $arg3
-	call	asm_AES_decrypt		# doesn't touch %xmm
-	pxor	0x20(%rbp), @XMM[0]	# ^= tweak[]
-	#pxor	@XMM[8], @XMM[0]
-	#lea	0x80(%rsp), %rax	# pass key schedule
-	#mov	%edx, %r10d		# pass rounds
-	#call	_bsaes_decrypt8
-	#pxor	0x00(%rsp), @XMM[0]	# ^= tweak[]
-	movdqu	@XMM[0], 0x00($out)	# write output
-	lea	0x10($out), $out
-
-	movdqa	0x10(%rsp), @XMM[7]	# next iteration tweak
-
-.Lxts_dec_done:
-	and	\$15, %ebx
-	jz	.Lxts_dec_ret
-
-	pxor	$twtmp, $twtmp
-	movdqa	.Lxts_magic(%rip), $twmask
-	pcmpgtd	@XMM[7], $twtmp
-	pshufd	\$0x13, $twtmp, $twres
-	movdqa	@XMM[7], @XMM[6]
-	paddq	@XMM[7], @XMM[7]	# psllq 1,$tweak
-	pand	$twmask, $twres		# isolate carry and residue
-	movdqu	($inp), @XMM[0]
-	pxor	$twres, @XMM[7]
-
-	lea	0x20(%rbp), $arg1
-	pxor	@XMM[7], @XMM[0]
-	lea	0x20(%rbp), $arg2
-	movdqa	@XMM[0], 0x20(%rbp)
-	lea	($key), $arg3
-	call	asm_AES_decrypt		# doesn't touch %xmm
-	pxor	0x20(%rbp), @XMM[7]
-	mov	$out, %rdx
-	movdqu	@XMM[7], ($out)
-
-.Lxts_dec_steal:
-	movzb	16($inp), %eax
-	movzb	(%rdx), %ecx
-	lea	1($inp), $inp
-	mov	%al, (%rdx)
-	mov	%cl, 16(%rdx)
-	lea	1(%rdx), %rdx
-	sub	\$1,%ebx
-	jnz	.Lxts_dec_steal
-
-	movdqu	($out), @XMM[0]
-	lea	0x20(%rbp), $arg1
-	pxor	@XMM[6], @XMM[0]
-	lea	0x20(%rbp), $arg2
-	movdqa	@XMM[0], 0x20(%rbp)
-	lea	($key), $arg3
-	call	asm_AES_decrypt		# doesn't touch %xmm
-	pxor	0x20(%rbp), @XMM[6]
-	movdqu	@XMM[6], ($out)
-
-.Lxts_dec_ret:
-	lea	(%rsp), %rax
-	pxor	%xmm0, %xmm0
-.Lxts_dec_bzero:			# wipe key schedule [if any]
-	movdqa	%xmm0, 0x00(%rax)
-	movdqa	%xmm0, 0x10(%rax)
-	lea	0x20(%rax), %rax
-	cmp	%rax, %rbp
-	ja	.Lxts_dec_bzero
-
-	lea	(%rbp),%rsp		# restore %rsp
-___
-$code.=<<___ if ($win64);
-	movaps	0x40(%rbp), %xmm6
-	movaps	0x50(%rbp), %xmm7
-	movaps	0x60(%rbp), %xmm8
-	movaps	0x70(%rbp), %xmm9
-	movaps	0x80(%rbp), %xmm10
-	movaps	0x90(%rbp), %xmm11
-	movaps	0xa0(%rbp), %xmm12
-	movaps	0xb0(%rbp), %xmm13
-	movaps	0xc0(%rbp), %xmm14
-	movaps	0xd0(%rbp), %xmm15
-	lea	0xa0(%rbp), %rsp
-___
-$code.=<<___;
-	mov	0x48(%rsp), %r15
-	mov	0x50(%rsp), %r14
-	mov	0x58(%rsp), %r13
-	mov	0x60(%rsp), %r12
-	mov	0x68(%rsp), %rbx
-	mov	0x70(%rsp), %rax
-	lea	0x78(%rsp), %rsp
-	mov	%rax, %rbp
-.Lxts_dec_epilogue:
-	ret
-.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
-___
-}
-$code.=<<___;
-.type	_bsaes_const,\@object
-.align	64
-_bsaes_const:
-.LM0ISR:	# InvShiftRows constants
-	.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
-.LISRM0:
-	.quad	0x01040b0e0205080f, 0x0306090c00070a0d
-.LISR:
-	.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
-.LBS0:		# bit-slice constants
-	.quad	0x5555555555555555, 0x5555555555555555
-.LBS1:
-	.quad	0x3333333333333333, 0x3333333333333333
-.LBS2:
-	.quad	0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
-.LSR:		# shiftrows constants
-	.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
-.LSRM0:
-	.quad	0x0304090e00050a0f, 0x01060b0c0207080d
-.LM0SR:
-	.quad	0x0a0e02060f03070b, 0x0004080c05090d01
-.LSWPUP:	# byte-swap upper dword
-	.quad	0x0706050403020100, 0x0c0d0e0f0b0a0908
-.LSWPUPM0SR:
-	.quad	0x0a0d02060c03070b, 0x0004080f05090e01
-.LADD1:		# counter increment constants
-	.quad	0x0000000000000000, 0x0000000100000000
-.LADD2:
-	.quad	0x0000000000000000, 0x0000000200000000
-.LADD3:
-	.quad	0x0000000000000000, 0x0000000300000000
-.LADD4:
-	.quad	0x0000000000000000, 0x0000000400000000
-.LADD5:
-	.quad	0x0000000000000000, 0x0000000500000000
-.LADD6:
-	.quad	0x0000000000000000, 0x0000000600000000
-.LADD7:
-	.quad	0x0000000000000000, 0x0000000700000000
-.LADD8:
-	.quad	0x0000000000000000, 0x0000000800000000
-.Lxts_magic:
-	.long	0x87,0,1,0
-.Lmasks:
-	.quad	0x0101010101010101, 0x0101010101010101
-	.quad	0x0202020202020202, 0x0202020202020202
-	.quad	0x0404040404040404, 0x0404040404040404
-	.quad	0x0808080808080808, 0x0808080808080808
-.LM0:
-	.quad	0x02060a0e03070b0f, 0x0004080c0105090d
-.L63:
-	.quad	0x6363636363636363, 0x6363636363636363
-.asciz	"Bit-sliced AES for x86_64/SSSE3, Emilia Käsper, Peter Schwabe, Andy Polyakov"
-.align	64
-.size	_bsaes_const,.-_bsaes_const
-___
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	se_handler,\@abi-omnipotent
-.align	16
-se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# prologue label
-	cmp	%r10,%rbx		# context->Rip<prologue label
-	jb	.Lin_prologue
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lin_prologue
-
-	mov	160($context),%rax	# pull context->Rbp
-
-	lea	0x40(%rax),%rsi		# %xmm save area
-	lea	512($context),%rdi	# &context.Xmm6
-	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
-	.long	0xa548f3fc		# cld; rep movsq
-	lea	0xa0(%rax),%rax		# adjust stack pointer
-
-	mov	0x70(%rax),%rbp
-	mov	0x68(%rax),%rbx
-	mov	0x60(%rax),%r12
-	mov	0x58(%rax),%r13
-	mov	0x50(%rax),%r14
-	mov	0x48(%rax),%r15
-	lea	0x78(%rax),%rax		# adjust stack pointer
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-.Lin_prologue:
-	mov	%rax,152($context)	# restore context->Rsp
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	se_handler,.-se_handler
-
-.section	.pdata
-.align	4
-___
-$code.=<<___ if ($ecb);
-	.rva	.Lecb_enc_prologue
-	.rva	.Lecb_enc_epilogue
-	.rva	.Lecb_enc_info
-
-	.rva	.Lecb_dec_prologue
-	.rva	.Lecb_dec_epilogue
-	.rva	.Lecb_dec_info
-___
-$code.=<<___;
-	.rva	.Lcbc_dec_prologue
-	.rva	.Lcbc_dec_epilogue
-	.rva	.Lcbc_dec_info
-
-	.rva	.Lctr_enc_prologue
-	.rva	.Lctr_enc_epilogue
-	.rva	.Lctr_enc_info
-
-	.rva	.Lxts_enc_prologue
-	.rva	.Lxts_enc_epilogue
-	.rva	.Lxts_enc_info
-
-	.rva	.Lxts_dec_prologue
-	.rva	.Lxts_dec_epilogue
-	.rva	.Lxts_dec_info
-
-.section	.xdata
-.align	8
-___
-$code.=<<___ if ($ecb);
-.Lecb_enc_info:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Lecb_enc_body,.Lecb_enc_epilogue	# HandlerData[]
-.Lecb_dec_info:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Lecb_dec_body,.Lecb_dec_epilogue	# HandlerData[]
-___
-$code.=<<___;
-.Lcbc_dec_info:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Lcbc_dec_body,.Lcbc_dec_epilogue	# HandlerData[]
-.Lctr_enc_info:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Lctr_enc_body,.Lctr_enc_epilogue	# HandlerData[]
-.Lxts_enc_info:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Lxts_enc_body,.Lxts_enc_epilogue	# HandlerData[]
-.Lxts_dec_info:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Lxts_dec_body,.Lxts_dec_epilogue	# HandlerData[]
-___
-}
-
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-
-print $code;
-
-close STDOUT;
diff --git a/crypto/aes/asm/vpaes-x86.S b/crypto/aes/asm/vpaes-x86.S
deleted file mode 100644
index c53a5074a6..0000000000
--- a/crypto/aes/asm/vpaes-x86.S
+++ /dev/null
@@ -1,661 +0,0 @@
-.file	"vpaes-x86.s"
-.text
-.align	64
-.L_vpaes_consts:
-.long	218628480,235210255,168496130,67568393
-.long	252381056,17041926,33884169,51187212
-.long	252645135,252645135,252645135,252645135
-.long	1512730624,3266504856,1377990664,3401244816
-.long	830229760,1275146365,2969422977,3447763452
-.long	3411033600,2979783055,338359620,2782886510
-.long	4209124096,907596821,221174255,1006095553
-.long	191964160,3799684038,3164090317,1589111125
-.long	182528256,1777043520,2877432650,3265356744
-.long	1874708224,3503451415,3305285752,363511674
-.long	1606117888,3487855781,1093350906,2384367825
-.long	197121,67569157,134941193,202313229
-.long	67569157,134941193,202313229,197121
-.long	134941193,202313229,197121,67569157
-.long	202313229,197121,67569157,134941193
-.long	33619971,100992007,168364043,235736079
-.long	235736079,33619971,100992007,168364043
-.long	168364043,235736079,33619971,100992007
-.long	100992007,168364043,235736079,33619971
-.long	50462976,117835012,185207048,252579084
-.long	252314880,51251460,117574920,184942860
-.long	184682752,252054788,50987272,118359308
-.long	118099200,185467140,251790600,50727180
-.long	2946363062,528716217,1300004225,1881839624
-.long	1532713819,1532713819,1532713819,1532713819
-.long	3602276352,4288629033,3737020424,4153884961
-.long	1354558464,32357713,2958822624,3775749553
-.long	1201988352,132424512,1572796698,503232858
-.long	2213177600,1597421020,4103937655,675398315
-.long	2749646592,4273543773,1511898873,121693092
-.long	3040248576,1103263732,2871565598,1608280554
-.long	2236667136,2588920351,482954393,64377734
-.long	3069987328,291237287,2117370568,3650299247
-.long	533321216,3573750986,2572112006,1401264716
-.long	1339849704,2721158661,548607111,3445553514
-.long	2128193280,3054596040,2183486460,1257083700
-.long	655635200,1165381986,3923443150,2344132524
-.long	190078720,256924420,290342170,357187870
-.long	1610966272,2263057382,4103205268,309794674
-.long	2592527872,2233205587,1335446729,3402964816
-.long	3973531904,3225098121,3002836325,1918774430
-.long	3870401024,2102906079,2284471353,4117666579
-.long	617007872,1021508343,366931923,691083277
-.long	2528395776,3491914898,2968704004,1613121270
-.long	3445188352,3247741094,844474987,4093578302
-.long	651481088,1190302358,1689581232,574775300
-.long	4289380608,206939853,2555985458,2489840491
-.long	2130264064,327674451,3566485037,3349835193
-.long	2470714624,316102159,3636825756,3393945945
-.byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105
-.byte	111,110,32,65,69,83,32,102,111,114,32,120,56,54,47,83
-.byte	83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117
-.byte	114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105
-.byte	118,101,114,115,105,116,121,41,0
-.align	64
-.type	_vpaes_preheat,@function
-.align	16
-_vpaes_preheat:
-	addl	(%esp),%ebp
-	movdqa	-48(%ebp),%xmm7
-	movdqa	-16(%ebp),%xmm6
-	ret
-.size	_vpaes_preheat,.-_vpaes_preheat
-.type	_vpaes_encrypt_core,@function
-.align	16
-_vpaes_encrypt_core:
-	movl	$16,%ecx
-	movl	240(%edx),%eax
-	movdqa	%xmm6,%xmm1
-	movdqa	(%ebp),%xmm2
-	pandn	%xmm0,%xmm1
-	movdqu	(%edx),%xmm5
-	psrld	$4,%xmm1
-	pand	%xmm6,%xmm0
-.byte	102,15,56,0,208
-	movdqa	16(%ebp),%xmm0
-.byte	102,15,56,0,193
-	pxor	%xmm5,%xmm2
-	pxor	%xmm2,%xmm0
-	addl	$16,%edx
-	leal	192(%ebp),%ebx
-	jmp	.L000enc_entry
-.align	16
-.L001enc_loop:
-	movdqa	32(%ebp),%xmm4
-.byte	102,15,56,0,226
-	pxor	%xmm5,%xmm4
-	movdqa	48(%ebp),%xmm0
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-	movdqa	64(%ebp),%xmm5
-.byte	102,15,56,0,234
-	movdqa	-64(%ebx,%ecx,1),%xmm1
-	movdqa	80(%ebp),%xmm2
-.byte	102,15,56,0,211
-	pxor	%xmm5,%xmm2
-	movdqa	(%ebx,%ecx,1),%xmm4
-	movdqa	%xmm0,%xmm3
-.byte	102,15,56,0,193
-	addl	$16,%edx
-	pxor	%xmm2,%xmm0
-.byte	102,15,56,0,220
-	addl	$16,%ecx
-	pxor	%xmm0,%xmm3
-.byte	102,15,56,0,193
-	andl	$48,%ecx
-	pxor	%xmm3,%xmm0
-	subl	$1,%eax
-.L000enc_entry:
-	movdqa	%xmm6,%xmm1
-	pandn	%xmm0,%xmm1
-	psrld	$4,%xmm1
-	pand	%xmm6,%xmm0
-	movdqa	-32(%ebp),%xmm5
-.byte	102,15,56,0,232
-	pxor	%xmm1,%xmm0
-	movdqa	%xmm7,%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm5,%xmm3
-	movdqa	%xmm7,%xmm4
-.byte	102,15,56,0,224
-	pxor	%xmm5,%xmm4
-	movdqa	%xmm7,%xmm2
-.byte	102,15,56,0,211
-	pxor	%xmm0,%xmm2
-	movdqa	%xmm7,%xmm3
-	movdqu	(%edx),%xmm5
-.byte	102,15,56,0,220
-	pxor	%xmm1,%xmm3
-	jnz	.L001enc_loop
-	movdqa	96(%ebp),%xmm4
-	movdqa	112(%ebp),%xmm0
-.byte	102,15,56,0,226
-	pxor	%xmm5,%xmm4
-.byte	102,15,56,0,195
-	movdqa	64(%ebx,%ecx,1),%xmm1
-	pxor	%xmm4,%xmm0
-.byte	102,15,56,0,193
-	ret
-.size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
-.type	_vpaes_decrypt_core,@function
-.align	16
-_vpaes_decrypt_core:
-	movl	240(%edx),%eax
-	leal	608(%ebp),%ebx
-	movdqa	%xmm6,%xmm1
-	movdqa	-64(%ebx),%xmm2
-	pandn	%xmm0,%xmm1
-	movl	%eax,%ecx
-	psrld	$4,%xmm1
-	movdqu	(%edx),%xmm5
-	shll	$4,%ecx
-	pand	%xmm6,%xmm0
-.byte	102,15,56,0,208
-	movdqa	-48(%ebx),%xmm0
-	xorl	$48,%ecx
-.byte	102,15,56,0,193
-	andl	$48,%ecx
-	pxor	%xmm5,%xmm2
-	movdqa	176(%ebp),%xmm5
-	pxor	%xmm2,%xmm0
-	addl	$16,%edx
-	leal	-352(%ebx,%ecx,1),%ecx
-	jmp	.L002dec_entry
-.align	16
-.L003dec_loop:
-	movdqa	-32(%ebx),%xmm4
-.byte	102,15,56,0,226
-	pxor	%xmm0,%xmm4
-	movdqa	-16(%ebx),%xmm0
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-	addl	$16,%edx
-.byte	102,15,56,0,197
-	movdqa	(%ebx),%xmm4
-.byte	102,15,56,0,226
-	pxor	%xmm0,%xmm4
-	movdqa	16(%ebx),%xmm0
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-	subl	$1,%eax
-.byte	102,15,56,0,197
-	movdqa	32(%ebx),%xmm4
-.byte	102,15,56,0,226
-	pxor	%xmm0,%xmm4
-	movdqa	48(%ebx),%xmm0
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-.byte	102,15,56,0,197
-	movdqa	64(%ebx),%xmm4
-.byte	102,15,56,0,226
-	pxor	%xmm0,%xmm4
-	movdqa	80(%ebx),%xmm0
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-.byte	102,15,58,15,237,12
-.L002dec_entry:
-	movdqa	%xmm6,%xmm1
-	pandn	%xmm0,%xmm1
-	psrld	$4,%xmm1
-	pand	%xmm6,%xmm0
-	movdqa	-32(%ebp),%xmm2
-.byte	102,15,56,0,208
-	pxor	%xmm1,%xmm0
-	movdqa	%xmm7,%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm2,%xmm3
-	movdqa	%xmm7,%xmm4
-.byte	102,15,56,0,224
-	pxor	%xmm2,%xmm4
-	movdqa	%xmm7,%xmm2
-.byte	102,15,56,0,211
-	pxor	%xmm0,%xmm2
-	movdqa	%xmm7,%xmm3
-.byte	102,15,56,0,220
-	pxor	%xmm1,%xmm3
-	movdqu	(%edx),%xmm0
-	jnz	.L003dec_loop
-	movdqa	96(%ebx),%xmm4
-.byte	102,15,56,0,226
-	pxor	%xmm0,%xmm4
-	movdqa	112(%ebx),%xmm0
-	movdqa	(%ecx),%xmm2
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-.byte	102,15,56,0,194
-	ret
-.size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
-.type	_vpaes_schedule_core,@function
-.align	16
-_vpaes_schedule_core:
-	addl	(%esp),%ebp
-	movdqu	(%esi),%xmm0
-	movdqa	320(%ebp),%xmm2
-	movdqa	%xmm0,%xmm3
-	leal	(%ebp),%ebx
-	movdqa	%xmm2,4(%esp)
-	call	_vpaes_schedule_transform
-	movdqa	%xmm0,%xmm7
-	testl	%edi,%edi
-	jnz	.L004schedule_am_decrypting
-	movdqu	%xmm0,(%edx)
-	jmp	.L005schedule_go
-.L004schedule_am_decrypting:
-	movdqa	256(%ebp,%ecx,1),%xmm1
-.byte	102,15,56,0,217
-	movdqu	%xmm3,(%edx)
-	xorl	$48,%ecx
-.L005schedule_go:
-	cmpl	$192,%eax
-	ja	.L006schedule_256
-	je	.L007schedule_192
-.L008schedule_128:
-	movl	$10,%eax
-.L009loop_schedule_128:
-	call	_vpaes_schedule_round
-	decl	%eax
-	jz	.L010schedule_mangle_last
-	call	_vpaes_schedule_mangle
-	jmp	.L009loop_schedule_128
-.align	16
-.L007schedule_192:
-	movdqu	8(%esi),%xmm0
-	call	_vpaes_schedule_transform
-	movdqa	%xmm0,%xmm6
-	pxor	%xmm4,%xmm4
-	movhlps	%xmm4,%xmm6
-	movl	$4,%eax
-.L011loop_schedule_192:
-	call	_vpaes_schedule_round
-.byte	102,15,58,15,198,8
-	call	_vpaes_schedule_mangle
-	call	_vpaes_schedule_192_smear
-	call	_vpaes_schedule_mangle
-	call	_vpaes_schedule_round
-	decl	%eax
-	jz	.L010schedule_mangle_last
-	call	_vpaes_schedule_mangle
-	call	_vpaes_schedule_192_smear
-	jmp	.L011loop_schedule_192
-.align	16
-.L006schedule_256:
-	movdqu	16(%esi),%xmm0
-	call	_vpaes_schedule_transform
-	movl	$7,%eax
-.L012loop_schedule_256:
-	call	_vpaes_schedule_mangle
-	movdqa	%xmm0,%xmm6
-	call	_vpaes_schedule_round
-	decl	%eax
-	jz	.L010schedule_mangle_last
-	call	_vpaes_schedule_mangle
-	pshufd	$255,%xmm0,%xmm0
-	movdqa	%xmm7,20(%esp)
-	movdqa	%xmm6,%xmm7
-	call	.L_vpaes_schedule_low_round
-	movdqa	20(%esp),%xmm7
-	jmp	.L012loop_schedule_256
-.align	16
-.L010schedule_mangle_last:
-	leal	384(%ebp),%ebx
-	testl	%edi,%edi
-	jnz	.L013schedule_mangle_last_dec
-	movdqa	256(%ebp,%ecx,1),%xmm1
-.byte	102,15,56,0,193
-	leal	352(%ebp),%ebx
-	addl	$32,%edx
-.L013schedule_mangle_last_dec:
-	addl	$-16,%edx
-	pxor	336(%ebp),%xmm0
-	call	_vpaes_schedule_transform
-	movdqu	%xmm0,(%edx)
-	pxor	%xmm0,%xmm0
-	pxor	%xmm1,%xmm1
-	pxor	%xmm2,%xmm2
-	pxor	%xmm3,%xmm3
-	pxor	%xmm4,%xmm4
-	pxor	%xmm5,%xmm5
-	pxor	%xmm6,%xmm6
-	pxor	%xmm7,%xmm7
-	ret
-.size	_vpaes_schedule_core,.-_vpaes_schedule_core
-.type	_vpaes_schedule_192_smear,@function
-.align	16
-_vpaes_schedule_192_smear:
-	pshufd	$128,%xmm6,%xmm0
-	pxor	%xmm0,%xmm6
-	pshufd	$254,%xmm7,%xmm0
-	pxor	%xmm0,%xmm6
-	movdqa	%xmm6,%xmm0
-	pxor	%xmm1,%xmm1
-	movhlps	%xmm1,%xmm6
-	ret
-.size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear
-.type	_vpaes_schedule_round,@function
-.align	16
-_vpaes_schedule_round:
-	movdqa	8(%esp),%xmm2
-	pxor	%xmm1,%xmm1
-.byte	102,15,58,15,202,15
-.byte	102,15,58,15,210,15
-	pxor	%xmm1,%xmm7
-	pshufd	$255,%xmm0,%xmm0
-.byte	102,15,58,15,192,1
-	movdqa	%xmm2,8(%esp)
-.L_vpaes_schedule_low_round:
-	movdqa	%xmm7,%xmm1
-	pslldq	$4,%xmm7
-	pxor	%xmm1,%xmm7
-	movdqa	%xmm7,%xmm1
-	pslldq	$8,%xmm7
-	pxor	%xmm1,%xmm7
-	pxor	336(%ebp),%xmm7
-	movdqa	-16(%ebp),%xmm4
-	movdqa	-48(%ebp),%xmm5
-	movdqa	%xmm4,%xmm1
-	pandn	%xmm0,%xmm1
-	psrld	$4,%xmm1
-	pand	%xmm4,%xmm0
-	movdqa	-32(%ebp),%xmm2
-.byte	102,15,56,0,208
-	pxor	%xmm1,%xmm0
-	movdqa	%xmm5,%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm2,%xmm3
-	movdqa	%xmm5,%xmm4
-.byte	102,15,56,0,224
-	pxor	%xmm2,%xmm4
-	movdqa	%xmm5,%xmm2
-.byte	102,15,56,0,211
-	pxor	%xmm0,%xmm2
-	movdqa	%xmm5,%xmm3
-.byte	102,15,56,0,220
-	pxor	%xmm1,%xmm3
-	movdqa	32(%ebp),%xmm4
-.byte	102,15,56,0,226
-	movdqa	48(%ebp),%xmm0
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-	pxor	%xmm7,%xmm0
-	movdqa	%xmm0,%xmm7
-	ret
-.size	_vpaes_schedule_round,.-_vpaes_schedule_round
-.type	_vpaes_schedule_transform,@function
-.align	16
-_vpaes_schedule_transform:
-	movdqa	-16(%ebp),%xmm2
-	movdqa	%xmm2,%xmm1
-	pandn	%xmm0,%xmm1
-	psrld	$4,%xmm1
-	pand	%xmm2,%xmm0
-	movdqa	(%ebx),%xmm2
-.byte	102,15,56,0,208
-	movdqa	16(%ebx),%xmm0
-.byte	102,15,56,0,193
-	pxor	%xmm2,%xmm0
-	ret
-.size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
-.type	_vpaes_schedule_mangle,@function
-.align	16
-_vpaes_schedule_mangle:
-	movdqa	%xmm0,%xmm4
-	movdqa	128(%ebp),%xmm5
-	testl	%edi,%edi
-	jnz	.L014schedule_mangle_dec
-	addl	$16,%edx
-	pxor	336(%ebp),%xmm4
-.byte	102,15,56,0,229
-	movdqa	%xmm4,%xmm3
-.byte	102,15,56,0,229
-	pxor	%xmm4,%xmm3
-.byte	102,15,56,0,229
-	pxor	%xmm4,%xmm3
-	jmp	.L015schedule_mangle_both
-.align	16
-.L014schedule_mangle_dec:
-	movdqa	-16(%ebp),%xmm2
-	leal	416(%ebp),%esi
-	movdqa	%xmm2,%xmm1
-	pandn	%xmm4,%xmm1
-	psrld	$4,%xmm1
-	pand	%xmm2,%xmm4
-	movdqa	(%esi),%xmm2
-.byte	102,15,56,0,212
-	movdqa	16(%esi),%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm2,%xmm3
-.byte	102,15,56,0,221
-	movdqa	32(%esi),%xmm2
-.byte	102,15,56,0,212
-	pxor	%xmm3,%xmm2
-	movdqa	48(%esi),%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm2,%xmm3
-.byte	102,15,56,0,221
-	movdqa	64(%esi),%xmm2
-.byte	102,15,56,0,212
-	pxor	%xmm3,%xmm2
-	movdqa	80(%esi),%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm2,%xmm3
-.byte	102,15,56,0,221
-	movdqa	96(%esi),%xmm2
-.byte	102,15,56,0,212
-	pxor	%xmm3,%xmm2
-	movdqa	112(%esi),%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm2,%xmm3
-	addl	$-16,%edx
-.L015schedule_mangle_both:
-	movdqa	256(%ebp,%ecx,1),%xmm1
-.byte	102,15,56,0,217
-	addl	$-16,%ecx
-	andl	$48,%ecx
-	movdqu	%xmm3,(%edx)
-	ret
-.size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle
-.globl	vpaes_set_encrypt_key
-.type	vpaes_set_encrypt_key,@function
-.align	16
-vpaes_set_encrypt_key:
-.L_vpaes_set_encrypt_key_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%esi
-	leal	-56(%esp),%ebx
-	movl	24(%esp),%eax
-	andl	$-16,%ebx
-	movl	28(%esp),%edx
-	xchgl	%esp,%ebx
-	movl	%ebx,48(%esp)
-	movl	%eax,%ebx
-	shrl	$5,%ebx
-	addl	$5,%ebx
-	movl	%ebx,240(%edx)
-	movl	$48,%ecx
-	movl	$0,%edi
-	leal	.L_vpaes_consts+0x30-.L016pic_point,%ebp
-	call	_vpaes_schedule_core
-.L016pic_point:
-	movl	48(%esp),%esp
-	xorl	%eax,%eax
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	vpaes_set_encrypt_key,.-.L_vpaes_set_encrypt_key_begin
-.globl	vpaes_set_decrypt_key
-.type	vpaes_set_decrypt_key,@function
-.align	16
-vpaes_set_decrypt_key:
-.L_vpaes_set_decrypt_key_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%esi
-	leal	-56(%esp),%ebx
-	movl	24(%esp),%eax
-	andl	$-16,%ebx
-	movl	28(%esp),%edx
-	xchgl	%esp,%ebx
-	movl	%ebx,48(%esp)
-	movl	%eax,%ebx
-	shrl	$5,%ebx
-	addl	$5,%ebx
-	movl	%ebx,240(%edx)
-	shll	$4,%ebx
-	leal	16(%edx,%ebx,1),%edx
-	movl	$1,%edi
-	movl	%eax,%ecx
-	shrl	$1,%ecx
-	andl	$32,%ecx
-	xorl	$32,%ecx
-	leal	.L_vpaes_consts+0x30-.L017pic_point,%ebp
-	call	_vpaes_schedule_core
-.L017pic_point:
-	movl	48(%esp),%esp
-	xorl	%eax,%eax
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	vpaes_set_decrypt_key,.-.L_vpaes_set_decrypt_key_begin
-.globl	vpaes_encrypt
-.type	vpaes_encrypt,@function
-.align	16
-vpaes_encrypt:
-.L_vpaes_encrypt_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	leal	.L_vpaes_consts+0x30-.L018pic_point,%ebp
-	call	_vpaes_preheat
-.L018pic_point:
-	movl	20(%esp),%esi
-	leal	-56(%esp),%ebx
-	movl	24(%esp),%edi
-	andl	$-16,%ebx
-	movl	28(%esp),%edx
-	xchgl	%esp,%ebx
-	movl	%ebx,48(%esp)
-	movdqu	(%esi),%xmm0
-	call	_vpaes_encrypt_core
-	movdqu	%xmm0,(%edi)
-	movl	48(%esp),%esp
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	vpaes_encrypt,.-.L_vpaes_encrypt_begin
-.globl	vpaes_decrypt
-.type	vpaes_decrypt,@function
-.align	16
-vpaes_decrypt:
-.L_vpaes_decrypt_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	leal	.L_vpaes_consts+0x30-.L019pic_point,%ebp
-	call	_vpaes_preheat
-.L019pic_point:
-	movl	20(%esp),%esi
-	leal	-56(%esp),%ebx
-	movl	24(%esp),%edi
-	andl	$-16,%ebx
-	movl	28(%esp),%edx
-	xchgl	%esp,%ebx
-	movl	%ebx,48(%esp)
-	movdqu	(%esi),%xmm0
-	call	_vpaes_decrypt_core
-	movdqu	%xmm0,(%edi)
-	movl	48(%esp),%esp
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	vpaes_decrypt,.-.L_vpaes_decrypt_begin
-.globl	vpaes_cbc_encrypt
-.type	vpaes_cbc_encrypt,@function
-.align	16
-vpaes_cbc_encrypt:
-.L_vpaes_cbc_encrypt_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%esi
-	movl	24(%esp),%edi
-	movl	28(%esp),%eax
-	movl	32(%esp),%edx
-	subl	$16,%eax
-	jc	.L020cbc_abort
-	leal	-56(%esp),%ebx
-	movl	36(%esp),%ebp
-	andl	$-16,%ebx
-	movl	40(%esp),%ecx
-	xchgl	%esp,%ebx
-	movdqu	(%ebp),%xmm1
-	subl	%esi,%edi
-	movl	%ebx,48(%esp)
-	movl	%edi,(%esp)
-	movl	%edx,4(%esp)
-	movl	%ebp,8(%esp)
-	movl	%eax,%edi
-	leal	.L_vpaes_consts+0x30-.L021pic_point,%ebp
-	call	_vpaes_preheat
-.L021pic_point:
-	cmpl	$0,%ecx
-	je	.L022cbc_dec_loop
-	jmp	.L023cbc_enc_loop
-.align	16
-.L023cbc_enc_loop:
-	movdqu	(%esi),%xmm0
-	pxor	%xmm1,%xmm0
-	call	_vpaes_encrypt_core
-	movl	(%esp),%ebx
-	movl	4(%esp),%edx
-	movdqa	%xmm0,%xmm1
-	movdqu	%xmm0,(%ebx,%esi,1)
-	leal	16(%esi),%esi
-	subl	$16,%edi
-	jnc	.L023cbc_enc_loop
-	jmp	.L024cbc_done
-.align	16
-.L022cbc_dec_loop:
-	movdqu	(%esi),%xmm0
-	movdqa	%xmm1,16(%esp)
-	movdqa	%xmm0,32(%esp)
-	call	_vpaes_decrypt_core
-	movl	(%esp),%ebx
-	movl	4(%esp),%edx
-	pxor	16(%esp),%xmm0
-	movdqa	32(%esp),%xmm1
-	movdqu	%xmm0,(%ebx,%esi,1)
-	leal	16(%esi),%esi
-	subl	$16,%edi
-	jnc	.L022cbc_dec_loop
-.L024cbc_done:
-	movl	8(%esp),%ebx
-	movl	48(%esp),%esp
-	movdqu	%xmm1,(%ebx)
-.L020cbc_abort:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	vpaes_cbc_encrypt,.-.L_vpaes_cbc_encrypt_begin
diff --git a/crypto/aes/asm/vpaes-x86.pl b/crypto/aes/asm/vpaes-x86.pl
deleted file mode 100644
index 1533e2c304..0000000000
--- a/crypto/aes/asm/vpaes-x86.pl
+++ /dev/null
@@ -1,903 +0,0 @@
-#!/usr/bin/env perl
-
-######################################################################
-## Constant-time SSSE3 AES core implementation.
-## version 0.1
-##
-## By Mike Hamburg (Stanford University), 2009
-## Public domain.
-##
-## For details see http://shiftleft.org/papers/vector_aes/ and
-## http://crypto.stanford.edu/vpaes/.
-
-######################################################################
-# September 2011.
-#
-# Port vpaes-x86_64.pl as 32-bit "almost" drop-in replacement for
-# aes-586.pl. "Almost" refers to the fact that AES_cbc_encrypt
-# doesn't handle partial vectors (doesn't have to if called from
-# EVP only). "Drop-in" implies that this module doesn't share key
-# schedule structure with the original nor does it make assumption
-# about its alignment...
-#
-# Performance summary. aes-586.pl column lists large-block CBC
-# encrypt/decrypt/with-hyper-threading-off(*) results in cycles per
-# byte processed with 128-bit key, and vpaes-x86.pl column - [also
-# large-block CBC] encrypt/decrypt.
-#
-#		aes-586.pl		vpaes-x86.pl
-#
-# Core 2(**)	29.1/42.3/18.3		22.0/25.6(***)
-# Nehalem	27.9/40.4/18.1		10.3/12.0
-# Atom		102./119./60.1		64.5/85.3(***)
-#
-# (*)	"Hyper-threading" in the context refers rather to cache shared
-#	among multiple cores, than to specifically Intel HTT. As vast
-#	majority of contemporary cores share cache, slower code path
-#	is common place. In other words "with-hyper-threading-off"
-#	results are presented mostly for reference purposes.
-#
-# (**)	"Core 2" refers to initial 65nm design, a.k.a. Conroe.
-#
-# (***)	Less impressive improvement on Core 2 and Atom is due to slow
-#	pshufb,	yet it's respectable +32%/65%  improvement on Core 2
-#	and +58%/40% on Atom (as implied, over "hyper-threading-safe"
-#	code path).
-#
-#						<appro@openssl.org>
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"vpaes-x86.pl",$x86only = $ARGV[$#ARGV] eq "386");
-
-$PREFIX="vpaes";
-
-my  ($round, $base, $magic, $key, $const, $inp, $out)=
-    ("eax",  "ebx", "ecx",  "edx","ebp",  "esi","edi");
-
-&static_label("_vpaes_consts");
-&static_label("_vpaes_schedule_low_round");
-
-&set_label("_vpaes_consts",64);
-$k_inv=-0x30;		# inv, inva
-	&data_word(0x0D080180,0x0E05060F,0x0A0B0C02,0x04070309);
-	&data_word(0x0F0B0780,0x01040A06,0x02050809,0x030D0E0C);
-
-$k_s0F=-0x10;		# s0F
-	&data_word(0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F);
-
-$k_ipt=0x00;		# input transform (lo, hi)
-	&data_word(0x5A2A7000,0xC2B2E898,0x52227808,0xCABAE090);
-	&data_word(0x317C4D00,0x4C01307D,0xB0FDCC81,0xCD80B1FC);
-
-$k_sb1=0x20;		# sb1u, sb1t
-	&data_word(0xCB503E00,0xB19BE18F,0x142AF544,0xA5DF7A6E);
-	&data_word(0xFAE22300,0x3618D415,0x0D2ED9EF,0x3BF7CCC1);
-$k_sb2=0x40;		# sb2u, sb2t
-	&data_word(0x0B712400,0xE27A93C6,0xBC982FCD,0x5EB7E955);
-	&data_word(0x0AE12900,0x69EB8840,0xAB82234A,0xC2A163C8);
-$k_sbo=0x60;		# sbou, sbot
-	&data_word(0x6FBDC700,0xD0D26D17,0xC502A878,0x15AABF7A);
-	&data_word(0x5FBB6A00,0xCFE474A5,0x412B35FA,0x8E1E90D1);
-
-$k_mc_forward=0x80;	# mc_forward
-	&data_word(0x00030201,0x04070605,0x080B0A09,0x0C0F0E0D);
-	&data_word(0x04070605,0x080B0A09,0x0C0F0E0D,0x00030201);
-	&data_word(0x080B0A09,0x0C0F0E0D,0x00030201,0x04070605);
-	&data_word(0x0C0F0E0D,0x00030201,0x04070605,0x080B0A09);
-
-$k_mc_backward=0xc0;	# mc_backward
-	&data_word(0x02010003,0x06050407,0x0A09080B,0x0E0D0C0F);
-	&data_word(0x0E0D0C0F,0x02010003,0x06050407,0x0A09080B);
-	&data_word(0x0A09080B,0x0E0D0C0F,0x02010003,0x06050407);
-	&data_word(0x06050407,0x0A09080B,0x0E0D0C0F,0x02010003);
-
-$k_sr=0x100;		# sr
-	&data_word(0x03020100,0x07060504,0x0B0A0908,0x0F0E0D0C);
-	&data_word(0x0F0A0500,0x030E0904,0x07020D08,0x0B06010C);
-	&data_word(0x0B020900,0x0F060D04,0x030A0108,0x070E050C);
-	&data_word(0x070A0D00,0x0B0E0104,0x0F020508,0x0306090C);
-
-$k_rcon=0x140;		# rcon
-	&data_word(0xAF9DEEB6,0x1F8391B9,0x4D7C7D81,0x702A9808);
-
-$k_s63=0x150;		# s63: all equal to 0x63 transformed
-	&data_word(0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B);
-
-$k_opt=0x160;		# output transform
-	&data_word(0xD6B66000,0xFF9F4929,0xDEBE6808,0xF7974121);
-	&data_word(0x50BCEC00,0x01EDBD51,0xB05C0CE0,0xE10D5DB1);
-
-$k_deskew=0x180;	# deskew tables: inverts the sbox's "skew"
-	&data_word(0x47A4E300,0x07E4A340,0x5DBEF91A,0x1DFEB95A);
-	&data_word(0x83EA6900,0x5F36B5DC,0xF49D1E77,0x2841C2AB);
-##
-##  Decryption stuff
-##  Key schedule constants
-##
-$k_dksd=0x1a0;		# decryption key schedule: invskew x*D
-	&data_word(0xA3E44700,0xFEB91A5D,0x5A1DBEF9,0x0740E3A4);
-	&data_word(0xB5368300,0x41C277F4,0xAB289D1E,0x5FDC69EA);
-$k_dksb=0x1c0;		# decryption key schedule: invskew x*B
-	&data_word(0x8550D500,0x9A4FCA1F,0x1CC94C99,0x03D65386);
-	&data_word(0xB6FC4A00,0x115BEDA7,0x7E3482C8,0xD993256F);
-$k_dkse=0x1e0;		# decryption key schedule: invskew x*E + 0x63
-	&data_word(0x1FC9D600,0xD5031CCA,0x994F5086,0x53859A4C);
-	&data_word(0x4FDC7BE8,0xA2319605,0x20B31487,0xCD5EF96A);
-$k_dks9=0x200;		# decryption key schedule: invskew x*9
-	&data_word(0x7ED9A700,0xB6116FC8,0x82255BFC,0x4AED9334);
-	&data_word(0x27143300,0x45765162,0xE9DAFDCE,0x8BB89FAC);
-
-##
-##  Decryption stuff
-##  Round function constants
-##
-$k_dipt=0x220;		# decryption input transform
-	&data_word(0x0B545F00,0x0F505B04,0x114E451A,0x154A411E);
-	&data_word(0x60056500,0x86E383E6,0xF491F194,0x12771772);
-
-$k_dsb9=0x240;		# decryption sbox output *9*u, *9*t
-	&data_word(0x9A86D600,0x851C0353,0x4F994CC9,0xCAD51F50);
-	&data_word(0xECD74900,0xC03B1789,0xB2FBA565,0x725E2C9E);
-$k_dsbd=0x260;		# decryption sbox output *D*u, *D*t
-	&data_word(0xE6B1A200,0x7D57CCDF,0x882A4439,0xF56E9B13);
-	&data_word(0x24C6CB00,0x3CE2FAF7,0x15DEEFD3,0x2931180D);
-$k_dsbb=0x280;		# decryption sbox output *B*u, *B*t
-	&data_word(0x96B44200,0xD0226492,0xB0F2D404,0x602646F6);
-	&data_word(0xCD596700,0xC19498A6,0x3255AA6B,0xF3FF0C3E);
-$k_dsbe=0x2a0;		# decryption sbox output *E*u, *E*t
-	&data_word(0x26D4D000,0x46F29296,0x64B4F6B0,0x22426004);
-	&data_word(0xFFAAC100,0x0C55A6CD,0x98593E32,0x9467F36B);
-$k_dsbo=0x2c0;		# decryption sbox final output
-	&data_word(0x7EF94000,0x1387EA53,0xD4943E2D,0xC7AA6DB9);
-	&data_word(0x93441D00,0x12D7560F,0xD8C58E9C,0xCA4B8159);
-&asciz	("Vector Permutation AES for x86/SSSE3, Mike Hamburg (Stanford University)");
-&align	(64);
-
-&function_begin_B("_vpaes_preheat");
-	&add	($const,&DWP(0,"esp"));
-	&movdqa	("xmm7",&QWP($k_inv,$const));
-	&movdqa	("xmm6",&QWP($k_s0F,$const));
-	&ret	();
-&function_end_B("_vpaes_preheat");
-
-##
-##  _aes_encrypt_core
-##
-##  AES-encrypt %xmm0.
-##
-##  Inputs:
-##     %xmm0 = input
-##     %xmm6-%xmm7 as in _vpaes_preheat
-##    (%edx) = scheduled keys
-##
-##  Output in %xmm0
-##  Clobbers  %xmm1-%xmm5, %eax, %ebx, %ecx, %edx
-##
-##
-&function_begin_B("_vpaes_encrypt_core");
-	&mov	($magic,16);
-	&mov	($round,&DWP(240,$key));
-	&movdqa	("xmm1","xmm6")
-	&movdqa	("xmm2",&QWP($k_ipt,$const));
-	&pandn	("xmm1","xmm0");
-	&movdqu	("xmm5",&QWP(0,$key));
-	&psrld	("xmm1",4);
-	&pand	("xmm0","xmm6");
-	&pshufb	("xmm2","xmm0");
-	&movdqa	("xmm0",&QWP($k_ipt+16,$const));
-	&pshufb	("xmm0","xmm1");
-	&pxor	("xmm2","xmm5");
-	&pxor	("xmm0","xmm2");
-	&add	($key,16);
-	&lea	($base,&DWP($k_mc_backward,$const));
-	&jmp	(&label("enc_entry"));
-
-
-&set_label("enc_loop",16);
-	# middle of middle round
-	&movdqa	("xmm4",&QWP($k_sb1,$const));	# 4 : sb1u
-	&pshufb	("xmm4","xmm2");		# 4 = sb1u
-	&pxor	("xmm4","xmm5");		# 4 = sb1u + k
-	&movdqa	("xmm0",&QWP($k_sb1+16,$const));# 0 : sb1t
-	&pshufb	("xmm0","xmm3");		# 0 = sb1t
-	&pxor	("xmm0","xmm4");		# 0 = A
-	&movdqa	("xmm5",&QWP($k_sb2,$const));	# 4 : sb2u
-	&pshufb	("xmm5","xmm2");		# 4 = sb2u
-	&movdqa	("xmm1",&QWP(-0x40,$base,$magic));# .Lk_mc_forward[]
-	&movdqa	("xmm2",&QWP($k_sb2+16,$const));# 2 : sb2t
-	&pshufb	("xmm2","xmm3");		# 2 = sb2t
-	&pxor	("xmm2","xmm5");		# 2 = 2A
-	&movdqa	("xmm4",&QWP(0,$base,$magic));	# .Lk_mc_backward[]
-	&movdqa	("xmm3","xmm0");		# 3 = A
-	&pshufb	("xmm0","xmm1");		# 0 = B
-	&add	($key,16);			# next key
-	&pxor	("xmm0","xmm2");		# 0 = 2A+B
-	&pshufb	("xmm3","xmm4");		# 3 = D
-	&add	($magic,16);			# next mc
-	&pxor	("xmm3","xmm0");		# 3 = 2A+B+D
-	&pshufb	("xmm0","xmm1");		# 0 = 2B+C
-	&and	($magic,0x30);			# ... mod 4
-	&pxor	("xmm0","xmm3");		# 0 = 2A+3B+C+D
-	&sub	($round,1);			# nr--
-
-&set_label("enc_entry");
-	# top of round
-	&movdqa	("xmm1","xmm6");		# 1 : i
-	&pandn	("xmm1","xmm0");		# 1 = i<<4
-	&psrld	("xmm1",4);			# 1 = i
-	&pand	("xmm0","xmm6");		# 0 = k
-	&movdqa	("xmm5",&QWP($k_inv+16,$const));# 2 : a/k
-	&pshufb	("xmm5","xmm0");		# 2 = a/k
-	&pxor	("xmm0","xmm1");		# 0 = j
-	&movdqa	("xmm3","xmm7");		# 3 : 1/i
-	&pshufb	("xmm3","xmm1");		# 3 = 1/i
-	&pxor	("xmm3","xmm5");		# 3 = iak = 1/i + a/k
-	&movdqa	("xmm4","xmm7");		# 4 : 1/j
-	&pshufb	("xmm4","xmm0");		# 4 = 1/j
-	&pxor	("xmm4","xmm5");		# 4 = jak = 1/j + a/k
-	&movdqa	("xmm2","xmm7");		# 2 : 1/iak
-	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
-	&pxor	("xmm2","xmm0");		# 2 = io
-	&movdqa	("xmm3","xmm7");		# 3 : 1/jak
-	&movdqu	("xmm5",&QWP(0,$key));
-	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
-	&pxor	("xmm3","xmm1");		# 3 = jo
-	&jnz	(&label("enc_loop"));
-
-	# middle of last round
-	&movdqa	("xmm4",&QWP($k_sbo,$const));	# 3 : sbou      .Lk_sbo
-	&movdqa	("xmm0",&QWP($k_sbo+16,$const));# 3 : sbot      .Lk_sbo+16
-	&pshufb	("xmm4","xmm2");		# 4 = sbou
-	&pxor	("xmm4","xmm5");		# 4 = sb1u + k
-	&pshufb	("xmm0","xmm3");		# 0 = sb1t
-	&movdqa	("xmm1",&QWP(0x40,$base,$magic));# .Lk_sr[]
-	&pxor	("xmm0","xmm4");		# 0 = A
-	&pshufb	("xmm0","xmm1");
-	&ret	();
-&function_end_B("_vpaes_encrypt_core");
-
-##
-##  Decryption core
-##
-##  Same API as encryption core.
-##
-&function_begin_B("_vpaes_decrypt_core");
-	&mov	($round,&DWP(240,$key));
-	&lea	($base,&DWP($k_dsbd,$const));
-	&movdqa	("xmm1","xmm6");
-	&movdqa	("xmm2",&QWP($k_dipt-$k_dsbd,$base));
-	&pandn	("xmm1","xmm0");
-	&mov	($magic,$round);
-	&psrld	("xmm1",4)
-	&movdqu	("xmm5",&QWP(0,$key));
-	&shl	($magic,4);
-	&pand	("xmm0","xmm6");
-	&pshufb	("xmm2","xmm0");
-	&movdqa	("xmm0",&QWP($k_dipt-$k_dsbd+16,$base));
-	&xor	($magic,0x30);
-	&pshufb	("xmm0","xmm1");
-	&and	($magic,0x30);
-	&pxor	("xmm2","xmm5");
-	&movdqa	("xmm5",&QWP($k_mc_forward+48,$const));
-	&pxor	("xmm0","xmm2");
-	&add	($key,16);
-	&lea	($magic,&DWP($k_sr-$k_dsbd,$base,$magic));
-	&jmp	(&label("dec_entry"));
-
-&set_label("dec_loop",16);
-##
-##  Inverse mix columns
-##
-	&movdqa	("xmm4",&QWP(-0x20,$base));	# 4 : sb9u
-	&pshufb	("xmm4","xmm2");		# 4 = sb9u
-	&pxor	("xmm4","xmm0");
-	&movdqa	("xmm0",&QWP(-0x10,$base));	# 0 : sb9t
-	&pshufb	("xmm0","xmm3");		# 0 = sb9t
-	&pxor	("xmm0","xmm4");		# 0 = ch
-	&add	($key,16);			# next round key
-
-	&pshufb	("xmm0","xmm5");		# MC ch
-	&movdqa	("xmm4",&QWP(0,$base));		# 4 : sbdu
-	&pshufb	("xmm4","xmm2");		# 4 = sbdu
-	&pxor	("xmm4","xmm0");		# 4 = ch
-	&movdqa	("xmm0",&QWP(0x10,$base));	# 0 : sbdt
-	&pshufb	("xmm0","xmm3");		# 0 = sbdt
-	&pxor	("xmm0","xmm4");		# 0 = ch
-	&sub	($round,1);			# nr--
-
-	&pshufb	("xmm0","xmm5");		# MC ch
-	&movdqa	("xmm4",&QWP(0x20,$base));	# 4 : sbbu
-	&pshufb	("xmm4","xmm2");		# 4 = sbbu
-	&pxor	("xmm4","xmm0");		# 4 = ch
-	&movdqa	("xmm0",&QWP(0x30,$base));	# 0 : sbbt
-	&pshufb	("xmm0","xmm3");		# 0 = sbbt
-	&pxor	("xmm0","xmm4");		# 0 = ch
-
-	&pshufb	("xmm0","xmm5");		# MC ch
-	&movdqa	("xmm4",&QWP(0x40,$base));	# 4 : sbeu
-	&pshufb	("xmm4","xmm2");		# 4 = sbeu
-	&pxor	("xmm4","xmm0");		# 4 = ch
-	&movdqa	("xmm0",&QWP(0x50,$base));	# 0 : sbet
-	&pshufb	("xmm0","xmm3");		# 0 = sbet
-	&pxor	("xmm0","xmm4");		# 0 = ch
-
-	&palignr("xmm5","xmm5",12);
-
-&set_label("dec_entry");
-	# top of round
-	&movdqa	("xmm1","xmm6");		# 1 : i
-	&pandn	("xmm1","xmm0");		# 1 = i<<4
-	&psrld	("xmm1",4);			# 1 = i
-	&pand	("xmm0","xmm6");		# 0 = k
-	&movdqa	("xmm2",&QWP($k_inv+16,$const));# 2 : a/k
-	&pshufb	("xmm2","xmm0");		# 2 = a/k
-	&pxor	("xmm0","xmm1");		# 0 = j
-	&movdqa	("xmm3","xmm7");		# 3 : 1/i
-	&pshufb	("xmm3","xmm1");		# 3 = 1/i
-	&pxor	("xmm3","xmm2");		# 3 = iak = 1/i + a/k
-	&movdqa	("xmm4","xmm7");		# 4 : 1/j
-	&pshufb	("xmm4","xmm0");		# 4 = 1/j
-	&pxor	("xmm4","xmm2");		# 4 = jak = 1/j + a/k
-	&movdqa	("xmm2","xmm7");		# 2 : 1/iak
-	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
-	&pxor	("xmm2","xmm0");		# 2 = io
-	&movdqa	("xmm3","xmm7");		# 3 : 1/jak
-	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
-	&pxor	("xmm3","xmm1");		# 3 = jo
-	&movdqu	("xmm0",&QWP(0,$key));
-	&jnz	(&label("dec_loop"));
-
-	# middle of last round
-	&movdqa	("xmm4",&QWP(0x60,$base));	# 3 : sbou
-	&pshufb	("xmm4","xmm2");		# 4 = sbou
-	&pxor	("xmm4","xmm0");		# 4 = sb1u + k
-	&movdqa	("xmm0",&QWP(0x70,$base));	# 0 : sbot
-	&movdqa	("xmm2",&QWP(0,$magic));
-	&pshufb	("xmm0","xmm3");		# 0 = sb1t
-	&pxor	("xmm0","xmm4");		# 0 = A
-	&pshufb	("xmm0","xmm2");
-	&ret	();
-&function_end_B("_vpaes_decrypt_core");
-
-########################################################
-##                                                    ##
-##                  AES key schedule                  ##
-##                                                    ##
-########################################################
-&function_begin_B("_vpaes_schedule_core");
-	&add	($const,&DWP(0,"esp"));
-	&movdqu	("xmm0",&QWP(0,$inp));		# load key (unaligned)
-	&movdqa	("xmm2",&QWP($k_rcon,$const));	# load rcon
-
-	# input transform
-	&movdqa	("xmm3","xmm0");
-	&lea	($base,&DWP($k_ipt,$const));
-	&movdqa	(&QWP(4,"esp"),"xmm2");		# xmm8
-	&call	("_vpaes_schedule_transform");
-	&movdqa	("xmm7","xmm0");
-
-	&test	($out,$out);
-	&jnz	(&label("schedule_am_decrypting"));
-
-	# encrypting, output zeroth round key after transform
-	&movdqu	(&QWP(0,$key),"xmm0");
-	&jmp	(&label("schedule_go"));
-
-&set_label("schedule_am_decrypting");
-	# decrypting, output zeroth round key after shiftrows
-	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
-	&pshufb	("xmm3","xmm1");
-	&movdqu	(&QWP(0,$key),"xmm3");
-	&xor	($magic,0x30);
-
-&set_label("schedule_go");
-	&cmp	($round,192);
-	&ja	(&label("schedule_256"));
-	&je	(&label("schedule_192"));
-	# 128: fall though
-
-##
-##  .schedule_128
-##
-##  128-bit specific part of key schedule.
-##
-##  This schedule is really simple, because all its parts
-##  are accomplished by the subroutines.
-##
-&set_label("schedule_128");
-	&mov	($round,10);
-
-&set_label("loop_schedule_128");
-	&call	("_vpaes_schedule_round");
-	&dec	($round);
-	&jz	(&label("schedule_mangle_last"));
-	&call	("_vpaes_schedule_mangle");	# write output
-	&jmp	(&label("loop_schedule_128"));
-
-##
-##  .aes_schedule_192
-##
-##  192-bit specific part of key schedule.
-##
-##  The main body of this schedule is the same as the 128-bit
-##  schedule, but with more smearing.  The long, high side is
-##  stored in %xmm7 as before, and the short, low side is in
-##  the high bits of %xmm6.
-##
-##  This schedule is somewhat nastier, however, because each
-##  round produces 192 bits of key material, or 1.5 round keys.
-##  Therefore, on each cycle we do 2 rounds and produce 3 round
-##  keys.
-##
-&set_label("schedule_192",16);
-	&movdqu	("xmm0",&QWP(8,$inp));		# load key part 2 (very unaligned)
-	&call	("_vpaes_schedule_transform");	# input transform	
-	&movdqa	("xmm6","xmm0");		# save short part
-	&pxor	("xmm4","xmm4");		# clear 4
-	&movhlps("xmm6","xmm4");		# clobber low side with zeros
-	&mov	($round,4);
-
-&set_label("loop_schedule_192");
-	&call	("_vpaes_schedule_round");
-	&palignr("xmm0","xmm6",8);
-	&call	("_vpaes_schedule_mangle");	# save key n
-	&call	("_vpaes_schedule_192_smear");
-	&call	("_vpaes_schedule_mangle");	# save key n+1
-	&call	("_vpaes_schedule_round");
-	&dec	($round);
-	&jz	(&label("schedule_mangle_last"));
-	&call	("_vpaes_schedule_mangle");	# save key n+2
-	&call	("_vpaes_schedule_192_smear");
-	&jmp	(&label("loop_schedule_192"));
-
-##
-##  .aes_schedule_256
-##
-##  256-bit specific part of key schedule.
-##
-##  The structure here is very similar to the 128-bit
-##  schedule, but with an additional "low side" in
-##  %xmm6.  The low side's rounds are the same as the
-##  high side's, except no rcon and no rotation.
-##
-&set_label("schedule_256",16);
-	&movdqu	("xmm0",&QWP(16,$inp));		# load key part 2 (unaligned)
-	&call	("_vpaes_schedule_transform");	# input transform	
-	&mov	($round,7);
-
-&set_label("loop_schedule_256");
-	&call	("_vpaes_schedule_mangle");	# output low result
-	&movdqa	("xmm6","xmm0");		# save cur_lo in xmm6
-
-	# high round
-	&call	("_vpaes_schedule_round");
-	&dec	($round);
-	&jz	(&label("schedule_mangle_last"));
-	&call	("_vpaes_schedule_mangle");	
-
-	# low round. swap xmm7 and xmm6
-	&pshufd	("xmm0","xmm0",0xFF);
-	&movdqa	(&QWP(20,"esp"),"xmm7");
-	&movdqa	("xmm7","xmm6");
-	&call	("_vpaes_schedule_low_round");
-	&movdqa	("xmm7",&QWP(20,"esp"));
-
-	&jmp	(&label("loop_schedule_256"));
-
-##
-##  .aes_schedule_mangle_last
-##
-##  Mangler for last round of key schedule
-##  Mangles %xmm0
-##    when encrypting, outputs out(%xmm0) ^ 63
-##    when decrypting, outputs unskew(%xmm0)
-##
-##  Always called right before return... jumps to cleanup and exits
-##
-&set_label("schedule_mangle_last",16);
-	# schedule last round key from xmm0
-	&lea	($base,&DWP($k_deskew,$const));
-	&test	($out,$out);
-	&jnz	(&label("schedule_mangle_last_dec"));
-
-	# encrypting
-	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
-	&pshufb	("xmm0","xmm1");		# output permute
-	&lea	($base,&DWP($k_opt,$const));	# prepare to output transform
-	&add	($key,32);
-
-&set_label("schedule_mangle_last_dec");
-	&add	($key,-16);
-	&pxor	("xmm0",&QWP($k_s63,$const));
-	&call	("_vpaes_schedule_transform");	# output transform
-	&movdqu	(&QWP(0,$key),"xmm0");		# save last key
-
-	# cleanup
-	&pxor	("xmm0","xmm0");
-	&pxor	("xmm1","xmm1");
-	&pxor	("xmm2","xmm2");
-	&pxor	("xmm3","xmm3");
-	&pxor	("xmm4","xmm4");
-	&pxor	("xmm5","xmm5");
-	&pxor	("xmm6","xmm6");
-	&pxor	("xmm7","xmm7");
-	&ret	();
-&function_end_B("_vpaes_schedule_core");
-
-##
-##  .aes_schedule_192_smear
-##
-##  Smear the short, low side in the 192-bit key schedule.
-##
-##  Inputs:
-##    %xmm7: high side, b  a  x  y
-##    %xmm6:  low side, d  c  0  0
-##    %xmm13: 0
-##
-##  Outputs:
-##    %xmm6: b+c+d  b+c  0  0
-##    %xmm0: b+c+d  b+c  b  a
-##
-&function_begin_B("_vpaes_schedule_192_smear");
-	&pshufd	("xmm0","xmm6",0x80);		# d c 0 0 -> c 0 0 0
-	&pxor	("xmm6","xmm0");		# -> c+d c 0 0
-	&pshufd	("xmm0","xmm7",0xFE);		# b a _ _ -> b b b a
-	&pxor	("xmm6","xmm0");		# -> b+c+d b+c b a
-	&movdqa	("xmm0","xmm6");
-	&pxor	("xmm1","xmm1");
-	&movhlps("xmm6","xmm1");		# clobber low side with zeros
-	&ret	();
-&function_end_B("_vpaes_schedule_192_smear");
-
-##
-##  .aes_schedule_round
-##
-##  Runs one main round of the key schedule on %xmm0, %xmm7
-##
-##  Specifically, runs subbytes on the high dword of %xmm0
-##  then rotates it by one byte and xors into the low dword of
-##  %xmm7.
-##
-##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
-##  next rcon.
-##
-##  Smears the dwords of %xmm7 by xoring the low into the
-##  second low, result into third, result into highest.
-##
-##  Returns results in %xmm7 = %xmm0.
-##  Clobbers %xmm1-%xmm5.
-##
-&function_begin_B("_vpaes_schedule_round");
-	# extract rcon from xmm8
-	&movdqa	("xmm2",&QWP(8,"esp"));		# xmm8
-	&pxor	("xmm1","xmm1");
-	&palignr("xmm1","xmm2",15);
-	&palignr("xmm2","xmm2",15);
-	&pxor	("xmm7","xmm1");
-
-	# rotate
-	&pshufd	("xmm0","xmm0",0xFF);
-	&palignr("xmm0","xmm0",1);
-
-	# fall through...
-	&movdqa	(&QWP(8,"esp"),"xmm2");		# xmm8
-
-	# low round: same as high round, but no rotation and no rcon.
-&set_label("_vpaes_schedule_low_round");
-	# smear xmm7
-	&movdqa	("xmm1","xmm7");
-	&pslldq	("xmm7",4);
-	&pxor	("xmm7","xmm1");
-	&movdqa	("xmm1","xmm7");
-	&pslldq	("xmm7",8);
-	&pxor	("xmm7","xmm1");
-	&pxor	("xmm7",&QWP($k_s63,$const));
-
-	# subbyte
-	&movdqa	("xmm4",&QWP($k_s0F,$const));
-	&movdqa	("xmm5",&QWP($k_inv,$const));	# 4 : 1/j
-	&movdqa	("xmm1","xmm4");	
-	&pandn	("xmm1","xmm0");
-	&psrld	("xmm1",4);			# 1 = i
-	&pand	("xmm0","xmm4");		# 0 = k
-	&movdqa	("xmm2",&QWP($k_inv+16,$const));# 2 : a/k
-	&pshufb	("xmm2","xmm0");		# 2 = a/k
-	&pxor	("xmm0","xmm1");		# 0 = j
-	&movdqa	("xmm3","xmm5");		# 3 : 1/i
-	&pshufb	("xmm3","xmm1");		# 3 = 1/i
-	&pxor	("xmm3","xmm2");		# 3 = iak = 1/i + a/k
-	&movdqa	("xmm4","xmm5");		# 4 : 1/j
-	&pshufb	("xmm4","xmm0");		# 4 = 1/j
-	&pxor	("xmm4","xmm2");		# 4 = jak = 1/j + a/k
-	&movdqa	("xmm2","xmm5");		# 2 : 1/iak
-	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
-	&pxor	("xmm2","xmm0");		# 2 = io
-	&movdqa	("xmm3","xmm5");		# 3 : 1/jak
-	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
-	&pxor	("xmm3","xmm1");		# 3 = jo
-	&movdqa	("xmm4",&QWP($k_sb1,$const));	# 4 : sbou
-	&pshufb	("xmm4","xmm2");		# 4 = sbou
-	&movdqa	("xmm0",&QWP($k_sb1+16,$const));# 0 : sbot
-	&pshufb	("xmm0","xmm3");		# 0 = sb1t
-	&pxor	("xmm0","xmm4");		# 0 = sbox output
-
-	# add in smeared stuff
-	&pxor	("xmm0","xmm7");
-	&movdqa	("xmm7","xmm0");
-	&ret	();
-&function_end_B("_vpaes_schedule_round");
-
-##
-##  .aes_schedule_transform
-##
-##  Linear-transform %xmm0 according to tables at (%ebx)
-##
-##  Output in %xmm0
-##  Clobbers %xmm1, %xmm2
-##
-&function_begin_B("_vpaes_schedule_transform");
-	&movdqa	("xmm2",&QWP($k_s0F,$const));
-	&movdqa	("xmm1","xmm2");
-	&pandn	("xmm1","xmm0");
-	&psrld	("xmm1",4);
-	&pand	("xmm0","xmm2");
-	&movdqa	("xmm2",&QWP(0,$base));
-	&pshufb	("xmm2","xmm0");
-	&movdqa	("xmm0",&QWP(16,$base));
-	&pshufb	("xmm0","xmm1");
-	&pxor	("xmm0","xmm2");
-	&ret	();
-&function_end_B("_vpaes_schedule_transform");
-
-##
-##  .aes_schedule_mangle
-##
-##  Mangle xmm0 from (basis-transformed) standard version
-##  to our version.
-##
-##  On encrypt,
-##    xor with 0x63
-##    multiply by circulant 0,1,1,1
-##    apply shiftrows transform
-##
-##  On decrypt,
-##    xor with 0x63
-##    multiply by "inverse mixcolumns" circulant E,B,D,9
-##    deskew
-##    apply shiftrows transform
-##
-##
-##  Writes out to (%edx), and increments or decrements it
-##  Keeps track of round number mod 4 in %ecx
-##  Preserves xmm0
-##  Clobbers xmm1-xmm5
-##
-&function_begin_B("_vpaes_schedule_mangle");
-	&movdqa	("xmm4","xmm0");	# save xmm0 for later
-	&movdqa	("xmm5",&QWP($k_mc_forward,$const));
-	&test	($out,$out);
-	&jnz	(&label("schedule_mangle_dec"));
-
-	# encrypting
-	&add	($key,16);
-	&pxor	("xmm4",&QWP($k_s63,$const));
-	&pshufb	("xmm4","xmm5");
-	&movdqa	("xmm3","xmm4");
-	&pshufb	("xmm4","xmm5");
-	&pxor	("xmm3","xmm4");
-	&pshufb	("xmm4","xmm5");
-	&pxor	("xmm3","xmm4");
-
-	&jmp	(&label("schedule_mangle_both"));
-
-&set_label("schedule_mangle_dec",16);
-	# inverse mix columns
-	&movdqa	("xmm2",&QWP($k_s0F,$const));
-	&lea	($inp,&DWP($k_dksd,$const));
-	&movdqa	("xmm1","xmm2");
-	&pandn	("xmm1","xmm4");
-	&psrld	("xmm1",4);			# 1 = hi
-	&pand	("xmm4","xmm2");		# 4 = lo
-
-	&movdqa	("xmm2",&QWP(0,$inp));
-	&pshufb	("xmm2","xmm4");
-	&movdqa	("xmm3",&QWP(0x10,$inp));
-	&pshufb	("xmm3","xmm1");
-	&pxor	("xmm3","xmm2");
-	&pshufb	("xmm3","xmm5");
-
-	&movdqa	("xmm2",&QWP(0x20,$inp));
-	&pshufb	("xmm2","xmm4");
-	&pxor	("xmm2","xmm3");
-	&movdqa	("xmm3",&QWP(0x30,$inp));
-	&pshufb	("xmm3","xmm1");
-	&pxor	("xmm3","xmm2");
-	&pshufb	("xmm3","xmm5");
-
-	&movdqa	("xmm2",&QWP(0x40,$inp));
-	&pshufb	("xmm2","xmm4");
-	&pxor	("xmm2","xmm3");
-	&movdqa	("xmm3",&QWP(0x50,$inp));
-	&pshufb	("xmm3","xmm1");
-	&pxor	("xmm3","xmm2");
-	&pshufb	("xmm3","xmm5");
-
-	&movdqa	("xmm2",&QWP(0x60,$inp));
-	&pshufb	("xmm2","xmm4");
-	&pxor	("xmm2","xmm3");
-	&movdqa	("xmm3",&QWP(0x70,$inp));
-	&pshufb	("xmm3","xmm1");
-	&pxor	("xmm3","xmm2");
-
-	&add	($key,-16);
-
-&set_label("schedule_mangle_both");
-	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
-	&pshufb	("xmm3","xmm1");
-	&add	($magic,-16);
-	&and	($magic,0x30);
-	&movdqu	(&QWP(0,$key),"xmm3");
-	&ret	();
-&function_end_B("_vpaes_schedule_mangle");
-
-#
-# Interface to OpenSSL
-#
-&function_begin("${PREFIX}_set_encrypt_key");
-	&mov	($inp,&wparam(0));		# inp
-	&lea	($base,&DWP(-56,"esp"));
-	&mov	($round,&wparam(1));		# bits
-	&and	($base,-16);
-	&mov	($key,&wparam(2));		# key
-	&xchg	($base,"esp");			# alloca
-	&mov	(&DWP(48,"esp"),$base);
-
-	&mov	($base,$round);
-	&shr	($base,5);
-	&add	($base,5);
-	&mov	(&DWP(240,$key),$base);		# AES_KEY->rounds = nbits/32+5;
-	&mov	($magic,0x30);
-	&mov	($out,0);
-
-	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
-	&call	("_vpaes_schedule_core");
-&set_label("pic_point");
-
-	&mov	("esp",&DWP(48,"esp"));
-	&xor	("eax","eax");
-&function_end("${PREFIX}_set_encrypt_key");
-
-&function_begin("${PREFIX}_set_decrypt_key");
-	&mov	($inp,&wparam(0));		# inp
-	&lea	($base,&DWP(-56,"esp"));
-	&mov	($round,&wparam(1));		# bits
-	&and	($base,-16);
-	&mov	($key,&wparam(2));		# key
-	&xchg	($base,"esp");			# alloca
-	&mov	(&DWP(48,"esp"),$base);
-
-	&mov	($base,$round);
-	&shr	($base,5);
-	&add	($base,5);
-	&mov	(&DWP(240,$key),$base);	# AES_KEY->rounds = nbits/32+5;
-	&shl	($base,4);
-	&lea	($key,&DWP(16,$key,$base));
-
-	&mov	($out,1);
-	&mov	($magic,$round);
-	&shr	($magic,1);
-	&and	($magic,32);
-	&xor	($magic,32);			# nbist==192?0:32;
-
-	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
-	&call	("_vpaes_schedule_core");
-&set_label("pic_point");
-
-	&mov	("esp",&DWP(48,"esp"));
-	&xor	("eax","eax");
-&function_end("${PREFIX}_set_decrypt_key");
-
-&function_begin("${PREFIX}_encrypt");
-	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
-	&call	("_vpaes_preheat");
-&set_label("pic_point");
-	&mov	($inp,&wparam(0));		# inp
-	&lea	($base,&DWP(-56,"esp"));
-	&mov	($out,&wparam(1));		# out
-	&and	($base,-16);
-	&mov	($key,&wparam(2));		# key
-	&xchg	($base,"esp");			# alloca
-	&mov	(&DWP(48,"esp"),$base);
-
-	&movdqu	("xmm0",&QWP(0,$inp));
-	&call	("_vpaes_encrypt_core");
-	&movdqu	(&QWP(0,$out),"xmm0");
-
-	&mov	("esp",&DWP(48,"esp"));
-&function_end("${PREFIX}_encrypt");
-
-&function_begin("${PREFIX}_decrypt");
-	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
-	&call	("_vpaes_preheat");
-&set_label("pic_point");
-	&mov	($inp,&wparam(0));		# inp
-	&lea	($base,&DWP(-56,"esp"));
-	&mov	($out,&wparam(1));		# out
-	&and	($base,-16);
-	&mov	($key,&wparam(2));		# key
-	&xchg	($base,"esp");			# alloca
-	&mov	(&DWP(48,"esp"),$base);
-
-	&movdqu	("xmm0",&QWP(0,$inp));
-	&call	("_vpaes_decrypt_core");
-	&movdqu	(&QWP(0,$out),"xmm0");
-
-	&mov	("esp",&DWP(48,"esp"));
-&function_end("${PREFIX}_decrypt");
-
-&function_begin("${PREFIX}_cbc_encrypt");
-	&mov	($inp,&wparam(0));		# inp
-	&mov	($out,&wparam(1));		# out
-	&mov	($round,&wparam(2));		# len
-	&mov	($key,&wparam(3));		# key
-	&sub	($round,16);
-	&jc	(&label("cbc_abort"));
-	&lea	($base,&DWP(-56,"esp"));
-	&mov	($const,&wparam(4));		# ivp
-	&and	($base,-16);
-	&mov	($magic,&wparam(5));		# enc
-	&xchg	($base,"esp");			# alloca
-	&movdqu	("xmm1",&QWP(0,$const));	# load IV
-	&sub	($out,$inp);
-	&mov	(&DWP(48,"esp"),$base);
-
-	&mov	(&DWP(0,"esp"),$out);		# save out
-	&mov	(&DWP(4,"esp"),$key)		# save key
-	&mov	(&DWP(8,"esp"),$const);		# save ivp
-	&mov	($out,$round);			# $out works as $len
-
-	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
-	&call	("_vpaes_preheat");
-&set_label("pic_point");
-	&cmp	($magic,0);
-	&je	(&label("cbc_dec_loop"));
-	&jmp	(&label("cbc_enc_loop"));
-
-&set_label("cbc_enc_loop",16);
-	&movdqu	("xmm0",&QWP(0,$inp));		# load input
-	&pxor	("xmm0","xmm1");		# inp^=iv
-	&call	("_vpaes_encrypt_core");
-	&mov	($base,&DWP(0,"esp"));		# restore out
-	&mov	($key,&DWP(4,"esp"));		# restore key
-	&movdqa	("xmm1","xmm0");
-	&movdqu	(&QWP(0,$base,$inp),"xmm0");	# write output
-	&lea	($inp,&DWP(16,$inp));
-	&sub	($out,16);
-	&jnc	(&label("cbc_enc_loop"));
-	&jmp	(&label("cbc_done"));
-
-&set_label("cbc_dec_loop",16);
-	&movdqu	("xmm0",&QWP(0,$inp));		# load input
-	&movdqa	(&QWP(16,"esp"),"xmm1");	# save IV
-	&movdqa	(&QWP(32,"esp"),"xmm0");	# save future IV
-	&call	("_vpaes_decrypt_core");
-	&mov	($base,&DWP(0,"esp"));		# restore out
-	&mov	($key,&DWP(4,"esp"));		# restore key
-	&pxor	("xmm0",&QWP(16,"esp"));	# out^=iv
-	&movdqa	("xmm1",&QWP(32,"esp"));	# load next IV
-	&movdqu	(&QWP(0,$base,$inp),"xmm0");	# write output
-	&lea	($inp,&DWP(16,$inp));
-	&sub	($out,16);
-	&jnc	(&label("cbc_dec_loop"));
-
-&set_label("cbc_done");
-	&mov	($base,&DWP(8,"esp"));		# restore ivp
-	&mov	("esp",&DWP(48,"esp"));
-	&movdqu	(&QWP(0,$base),"xmm1");		# write IV
-&set_label("cbc_abort");
-&function_end("${PREFIX}_cbc_encrypt");
-
-&asm_finish();
diff --git a/crypto/aes/asm/vpaes-x86_64.S b/crypto/aes/asm/vpaes-x86_64.S
deleted file mode 100644
index 0162631fb9..0000000000
--- a/crypto/aes/asm/vpaes-x86_64.S
+++ /dev/null
@@ -1,828 +0,0 @@
-.text	
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-.type	_vpaes_encrypt_core,@function
-.align	16
-_vpaes_encrypt_core:
-	movq	%rdx,%r9
-	movq	$16,%r11
-	movl	240(%rdx),%eax
-	movdqa	%xmm9,%xmm1
-	movdqa	.Lk_ipt(%rip),%xmm2
-	pandn	%xmm0,%xmm1
-	movdqu	(%r9),%xmm5
-	psrld	$4,%xmm1
-	pand	%xmm9,%xmm0
-.byte	102,15,56,0,208
-	movdqa	.Lk_ipt+16(%rip),%xmm0
-.byte	102,15,56,0,193
-	pxor	%xmm5,%xmm2
-	pxor	%xmm2,%xmm0
-	addq	$16,%r9
-	leaq	.Lk_mc_backward(%rip),%r10
-	jmp	.Lenc_entry
-
-.align	16
-.Lenc_loop:
-
-	movdqa	%xmm13,%xmm4
-.byte	102,15,56,0,226
-	pxor	%xmm5,%xmm4
-	movdqa	%xmm12,%xmm0
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-	movdqa	%xmm15,%xmm5
-.byte	102,15,56,0,234
-	movdqa	-64(%r11,%r10,1),%xmm1
-	movdqa	%xmm14,%xmm2
-.byte	102,15,56,0,211
-	pxor	%xmm5,%xmm2
-	movdqa	(%r11,%r10,1),%xmm4
-	movdqa	%xmm0,%xmm3
-.byte	102,15,56,0,193
-	addq	$16,%r9
-	pxor	%xmm2,%xmm0
-.byte	102,15,56,0,220
-	addq	$16,%r11
-	pxor	%xmm0,%xmm3
-.byte	102,15,56,0,193
-	andq	$48,%r11
-	pxor	%xmm3,%xmm0
-	subq	$1,%rax
-
-.Lenc_entry:
-
-	movdqa	%xmm9,%xmm1
-	pandn	%xmm0,%xmm1
-	psrld	$4,%xmm1
-	pand	%xmm9,%xmm0
-	movdqa	%xmm11,%xmm5
-.byte	102,15,56,0,232
-	pxor	%xmm1,%xmm0
-	movdqa	%xmm10,%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm5,%xmm3
-	movdqa	%xmm10,%xmm4
-.byte	102,15,56,0,224
-	pxor	%xmm5,%xmm4
-	movdqa	%xmm10,%xmm2
-.byte	102,15,56,0,211
-	pxor	%xmm0,%xmm2
-	movdqa	%xmm10,%xmm3
-	movdqu	(%r9),%xmm5
-.byte	102,15,56,0,220
-	pxor	%xmm1,%xmm3
-	jnz	.Lenc_loop
-
-
-	movdqa	-96(%r10),%xmm4
-	movdqa	-80(%r10),%xmm0
-.byte	102,15,56,0,226
-	pxor	%xmm5,%xmm4
-.byte	102,15,56,0,195
-	movdqa	64(%r11,%r10,1),%xmm1
-	pxor	%xmm4,%xmm0
-.byte	102,15,56,0,193
-	.byte	0xf3,0xc3
-.size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
-
-
-
-
-
-
-.type	_vpaes_decrypt_core,@function
-.align	16
-_vpaes_decrypt_core:
-	movq	%rdx,%r9
-	movl	240(%rdx),%eax
-	movdqa	%xmm9,%xmm1
-	movdqa	.Lk_dipt(%rip),%xmm2
-	pandn	%xmm0,%xmm1
-	movq	%rax,%r11
-	psrld	$4,%xmm1
-	movdqu	(%r9),%xmm5
-	shlq	$4,%r11
-	pand	%xmm9,%xmm0
-.byte	102,15,56,0,208
-	movdqa	.Lk_dipt+16(%rip),%xmm0
-	xorq	$48,%r11
-	leaq	.Lk_dsbd(%rip),%r10
-.byte	102,15,56,0,193
-	andq	$48,%r11
-	pxor	%xmm5,%xmm2
-	movdqa	.Lk_mc_forward+48(%rip),%xmm5
-	pxor	%xmm2,%xmm0
-	addq	$16,%r9
-	addq	%r10,%r11
-	jmp	.Ldec_entry
-
-.align	16
-.Ldec_loop:
-
-
-
-	movdqa	-32(%r10),%xmm4
-.byte	102,15,56,0,226
-	pxor	%xmm0,%xmm4
-	movdqa	-16(%r10),%xmm0
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-	addq	$16,%r9
-
-.byte	102,15,56,0,197
-	movdqa	0(%r10),%xmm4
-.byte	102,15,56,0,226
-	pxor	%xmm0,%xmm4
-	movdqa	16(%r10),%xmm0
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-	subq	$1,%rax
-
-.byte	102,15,56,0,197
-	movdqa	32(%r10),%xmm4
-.byte	102,15,56,0,226
-	pxor	%xmm0,%xmm4
-	movdqa	48(%r10),%xmm0
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-
-.byte	102,15,56,0,197
-	movdqa	64(%r10),%xmm4
-.byte	102,15,56,0,226
-	pxor	%xmm0,%xmm4
-	movdqa	80(%r10),%xmm0
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-
-.byte	102,15,58,15,237,12
-
-.Ldec_entry:
-
-	movdqa	%xmm9,%xmm1
-	pandn	%xmm0,%xmm1
-	psrld	$4,%xmm1
-	pand	%xmm9,%xmm0
-	movdqa	%xmm11,%xmm2
-.byte	102,15,56,0,208
-	pxor	%xmm1,%xmm0
-	movdqa	%xmm10,%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm2,%xmm3
-	movdqa	%xmm10,%xmm4
-.byte	102,15,56,0,224
-	pxor	%xmm2,%xmm4
-	movdqa	%xmm10,%xmm2
-.byte	102,15,56,0,211
-	pxor	%xmm0,%xmm2
-	movdqa	%xmm10,%xmm3
-.byte	102,15,56,0,220
-	pxor	%xmm1,%xmm3
-	movdqu	(%r9),%xmm0
-	jnz	.Ldec_loop
-
-
-	movdqa	96(%r10),%xmm4
-.byte	102,15,56,0,226
-	pxor	%xmm0,%xmm4
-	movdqa	112(%r10),%xmm0
-	movdqa	-352(%r11),%xmm2
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-.byte	102,15,56,0,194
-	.byte	0xf3,0xc3
-.size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
-
-
-
-
-
-
-.type	_vpaes_schedule_core,@function
-.align	16
-_vpaes_schedule_core:
-
-
-
-
-
-	call	_vpaes_preheat		
-	movdqa	.Lk_rcon(%rip),%xmm8
-	movdqu	(%rdi),%xmm0
-
-
-	movdqa	%xmm0,%xmm3
-	leaq	.Lk_ipt(%rip),%r11
-	call	_vpaes_schedule_transform
-	movdqa	%xmm0,%xmm7
-
-	leaq	.Lk_sr(%rip),%r10
-	testq	%rcx,%rcx
-	jnz	.Lschedule_am_decrypting
-
-
-	movdqu	%xmm0,(%rdx)
-	jmp	.Lschedule_go
-
-.Lschedule_am_decrypting:
-
-	movdqa	(%r8,%r10,1),%xmm1
-.byte	102,15,56,0,217
-	movdqu	%xmm3,(%rdx)
-	xorq	$48,%r8
-
-.Lschedule_go:
-	cmpl	$192,%esi
-	ja	.Lschedule_256
-	je	.Lschedule_192
-
-
-
-
-
-
-
-
-
-
-.Lschedule_128:
-	movl	$10,%esi
-
-.Loop_schedule_128:
-	call	_vpaes_schedule_round
-	decq	%rsi
-	jz	.Lschedule_mangle_last
-	call	_vpaes_schedule_mangle	
-	jmp	.Loop_schedule_128
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-.align	16
-.Lschedule_192:
-	movdqu	8(%rdi),%xmm0
-	call	_vpaes_schedule_transform	
-	movdqa	%xmm0,%xmm6
-	pxor	%xmm4,%xmm4
-	movhlps	%xmm4,%xmm6
-	movl	$4,%esi
-
-.Loop_schedule_192:
-	call	_vpaes_schedule_round
-.byte	102,15,58,15,198,8
-	call	_vpaes_schedule_mangle	
-	call	_vpaes_schedule_192_smear
-	call	_vpaes_schedule_mangle	
-	call	_vpaes_schedule_round
-	decq	%rsi
-	jz	.Lschedule_mangle_last
-	call	_vpaes_schedule_mangle	
-	call	_vpaes_schedule_192_smear
-	jmp	.Loop_schedule_192
-
-
-
-
-
-
-
-
-
-
-
-.align	16
-.Lschedule_256:
-	movdqu	16(%rdi),%xmm0
-	call	_vpaes_schedule_transform	
-	movl	$7,%esi
-
-.Loop_schedule_256:
-	call	_vpaes_schedule_mangle	
-	movdqa	%xmm0,%xmm6
-
-
-	call	_vpaes_schedule_round
-	decq	%rsi
-	jz	.Lschedule_mangle_last
-	call	_vpaes_schedule_mangle	
-
-
-	pshufd	$255,%xmm0,%xmm0
-	movdqa	%xmm7,%xmm5
-	movdqa	%xmm6,%xmm7
-	call	_vpaes_schedule_low_round
-	movdqa	%xmm5,%xmm7
-
-	jmp	.Loop_schedule_256
-
-
-
-
-
-
-
-
-
-
-
-
-.align	16
-.Lschedule_mangle_last:
-
-	leaq	.Lk_deskew(%rip),%r11
-	testq	%rcx,%rcx
-	jnz	.Lschedule_mangle_last_dec
-
-
-	movdqa	(%r8,%r10,1),%xmm1
-.byte	102,15,56,0,193
-	leaq	.Lk_opt(%rip),%r11
-	addq	$32,%rdx
-
-.Lschedule_mangle_last_dec:
-	addq	$-16,%rdx
-	pxor	.Lk_s63(%rip),%xmm0
-	call	_vpaes_schedule_transform 
-	movdqu	%xmm0,(%rdx)
-
-
-	pxor	%xmm0,%xmm0
-	pxor	%xmm1,%xmm1
-	pxor	%xmm2,%xmm2
-	pxor	%xmm3,%xmm3
-	pxor	%xmm4,%xmm4
-	pxor	%xmm5,%xmm5
-	pxor	%xmm6,%xmm6
-	pxor	%xmm7,%xmm7
-	.byte	0xf3,0xc3
-.size	_vpaes_schedule_core,.-_vpaes_schedule_core
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-.type	_vpaes_schedule_192_smear,@function
-.align	16
-_vpaes_schedule_192_smear:
-	pshufd	$128,%xmm6,%xmm0
-	pxor	%xmm0,%xmm6
-	pshufd	$254,%xmm7,%xmm0
-	pxor	%xmm0,%xmm6
-	movdqa	%xmm6,%xmm0
-	pxor	%xmm1,%xmm1
-	movhlps	%xmm1,%xmm6
-	.byte	0xf3,0xc3
-.size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-.type	_vpaes_schedule_round,@function
-.align	16
-_vpaes_schedule_round:
-
-	pxor	%xmm1,%xmm1
-.byte	102,65,15,58,15,200,15
-.byte	102,69,15,58,15,192,15
-	pxor	%xmm1,%xmm7
-
-
-	pshufd	$255,%xmm0,%xmm0
-.byte	102,15,58,15,192,1
-
-
-
-
-_vpaes_schedule_low_round:
-
-	movdqa	%xmm7,%xmm1
-	pslldq	$4,%xmm7
-	pxor	%xmm1,%xmm7
-	movdqa	%xmm7,%xmm1
-	pslldq	$8,%xmm7
-	pxor	%xmm1,%xmm7
-	pxor	.Lk_s63(%rip),%xmm7
-
-
-	movdqa	%xmm9,%xmm1
-	pandn	%xmm0,%xmm1
-	psrld	$4,%xmm1
-	pand	%xmm9,%xmm0
-	movdqa	%xmm11,%xmm2
-.byte	102,15,56,0,208
-	pxor	%xmm1,%xmm0
-	movdqa	%xmm10,%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm2,%xmm3
-	movdqa	%xmm10,%xmm4
-.byte	102,15,56,0,224
-	pxor	%xmm2,%xmm4
-	movdqa	%xmm10,%xmm2
-.byte	102,15,56,0,211
-	pxor	%xmm0,%xmm2
-	movdqa	%xmm10,%xmm3
-.byte	102,15,56,0,220
-	pxor	%xmm1,%xmm3
-	movdqa	%xmm13,%xmm4
-.byte	102,15,56,0,226
-	movdqa	%xmm12,%xmm0
-.byte	102,15,56,0,195
-	pxor	%xmm4,%xmm0
-
-
-	pxor	%xmm7,%xmm0
-	movdqa	%xmm0,%xmm7
-	.byte	0xf3,0xc3
-.size	_vpaes_schedule_round,.-_vpaes_schedule_round
-
-
-
-
-
-
-
-
-
-
-.type	_vpaes_schedule_transform,@function
-.align	16
-_vpaes_schedule_transform:
-	movdqa	%xmm9,%xmm1
-	pandn	%xmm0,%xmm1
-	psrld	$4,%xmm1
-	pand	%xmm9,%xmm0
-	movdqa	(%r11),%xmm2
-.byte	102,15,56,0,208
-	movdqa	16(%r11),%xmm0
-.byte	102,15,56,0,193
-	pxor	%xmm2,%xmm0
-	.byte	0xf3,0xc3
-.size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-.type	_vpaes_schedule_mangle,@function
-.align	16
-_vpaes_schedule_mangle:
-	movdqa	%xmm0,%xmm4
-	movdqa	.Lk_mc_forward(%rip),%xmm5
-	testq	%rcx,%rcx
-	jnz	.Lschedule_mangle_dec
-
-
-	addq	$16,%rdx
-	pxor	.Lk_s63(%rip),%xmm4
-.byte	102,15,56,0,229
-	movdqa	%xmm4,%xmm3
-.byte	102,15,56,0,229
-	pxor	%xmm4,%xmm3
-.byte	102,15,56,0,229
-	pxor	%xmm4,%xmm3
-
-	jmp	.Lschedule_mangle_both
-.align	16
-.Lschedule_mangle_dec:
-
-	leaq	.Lk_dksd(%rip),%r11
-	movdqa	%xmm9,%xmm1
-	pandn	%xmm4,%xmm1
-	psrld	$4,%xmm1
-	pand	%xmm9,%xmm4
-
-	movdqa	0(%r11),%xmm2
-.byte	102,15,56,0,212
-	movdqa	16(%r11),%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm2,%xmm3
-.byte	102,15,56,0,221
-
-	movdqa	32(%r11),%xmm2
-.byte	102,15,56,0,212
-	pxor	%xmm3,%xmm2
-	movdqa	48(%r11),%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm2,%xmm3
-.byte	102,15,56,0,221
-
-	movdqa	64(%r11),%xmm2
-.byte	102,15,56,0,212
-	pxor	%xmm3,%xmm2
-	movdqa	80(%r11),%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm2,%xmm3
-.byte	102,15,56,0,221
-
-	movdqa	96(%r11),%xmm2
-.byte	102,15,56,0,212
-	pxor	%xmm3,%xmm2
-	movdqa	112(%r11),%xmm3
-.byte	102,15,56,0,217
-	pxor	%xmm2,%xmm3
-
-	addq	$-16,%rdx
-
-.Lschedule_mangle_both:
-	movdqa	(%r8,%r10,1),%xmm1
-.byte	102,15,56,0,217
-	addq	$-16,%r8
-	andq	$48,%r8
-	movdqu	%xmm3,(%rdx)
-	.byte	0xf3,0xc3
-.size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle
-
-
-
-
-.globl	vpaes_set_encrypt_key
-.type	vpaes_set_encrypt_key,@function
-.align	16
-vpaes_set_encrypt_key:
-	movl	%esi,%eax
-	shrl	$5,%eax
-	addl	$5,%eax
-	movl	%eax,240(%rdx)
-
-	movl	$0,%ecx
-	movl	$48,%r8d
-	call	_vpaes_schedule_core
-	xorl	%eax,%eax
-	.byte	0xf3,0xc3
-.size	vpaes_set_encrypt_key,.-vpaes_set_encrypt_key
-
-.globl	vpaes_set_decrypt_key
-.type	vpaes_set_decrypt_key,@function
-.align	16
-vpaes_set_decrypt_key:
-	movl	%esi,%eax
-	shrl	$5,%eax
-	addl	$5,%eax
-	movl	%eax,240(%rdx)
-	shll	$4,%eax
-	leaq	16(%rdx,%rax,1),%rdx
-
-	movl	$1,%ecx
-	movl	%esi,%r8d
-	shrl	$1,%r8d
-	andl	$32,%r8d
-	xorl	$32,%r8d
-	call	_vpaes_schedule_core
-	xorl	%eax,%eax
-	.byte	0xf3,0xc3
-.size	vpaes_set_decrypt_key,.-vpaes_set_decrypt_key
-
-.globl	vpaes_encrypt
-.type	vpaes_encrypt,@function
-.align	16
-vpaes_encrypt:
-	movdqu	(%rdi),%xmm0
-	call	_vpaes_preheat
-	call	_vpaes_encrypt_core
-	movdqu	%xmm0,(%rsi)
-	.byte	0xf3,0xc3
-.size	vpaes_encrypt,.-vpaes_encrypt
-
-.globl	vpaes_decrypt
-.type	vpaes_decrypt,@function
-.align	16
-vpaes_decrypt:
-	movdqu	(%rdi),%xmm0
-	call	_vpaes_preheat
-	call	_vpaes_decrypt_core
-	movdqu	%xmm0,(%rsi)
-	.byte	0xf3,0xc3
-.size	vpaes_decrypt,.-vpaes_decrypt
-.globl	vpaes_cbc_encrypt
-.type	vpaes_cbc_encrypt,@function
-.align	16
-vpaes_cbc_encrypt:
-	xchgq	%rcx,%rdx
-	subq	$16,%rcx
-	jc	.Lcbc_abort
-	movdqu	(%r8),%xmm6
-	subq	%rdi,%rsi
-	call	_vpaes_preheat
-	cmpl	$0,%r9d
-	je	.Lcbc_dec_loop
-	jmp	.Lcbc_enc_loop
-.align	16
-.Lcbc_enc_loop:
-	movdqu	(%rdi),%xmm0
-	pxor	%xmm6,%xmm0
-	call	_vpaes_encrypt_core
-	movdqa	%xmm0,%xmm6
-	movdqu	%xmm0,(%rsi,%rdi,1)
-	leaq	16(%rdi),%rdi
-	subq	$16,%rcx
-	jnc	.Lcbc_enc_loop
-	jmp	.Lcbc_done
-.align	16
-.Lcbc_dec_loop:
-	movdqu	(%rdi),%xmm0
-	movdqa	%xmm0,%xmm7
-	call	_vpaes_decrypt_core
-	pxor	%xmm6,%xmm0
-	movdqa	%xmm7,%xmm6
-	movdqu	%xmm0,(%rsi,%rdi,1)
-	leaq	16(%rdi),%rdi
-	subq	$16,%rcx
-	jnc	.Lcbc_dec_loop
-.Lcbc_done:
-	movdqu	%xmm6,(%r8)
-.Lcbc_abort:
-	.byte	0xf3,0xc3
-.size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
-
-
-
-
-
-
-.type	_vpaes_preheat,@function
-.align	16
-_vpaes_preheat:
-	leaq	.Lk_s0F(%rip),%r10
-	movdqa	-32(%r10),%xmm10
-	movdqa	-16(%r10),%xmm11
-	movdqa	0(%r10),%xmm9
-	movdqa	48(%r10),%xmm13
-	movdqa	64(%r10),%xmm12
-	movdqa	80(%r10),%xmm15
-	movdqa	96(%r10),%xmm14
-	.byte	0xf3,0xc3
-.size	_vpaes_preheat,.-_vpaes_preheat
-
-
-
-
-
-.type	_vpaes_consts,@object
-.align	64
-_vpaes_consts:
-.Lk_inv:
-.quad	0x0E05060F0D080180, 0x040703090A0B0C02
-.quad	0x01040A060F0B0780, 0x030D0E0C02050809
-
-.Lk_s0F:
-.quad	0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F
-
-.Lk_ipt:
-.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
-.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81
-
-.Lk_sb1:
-.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
-.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
-.Lk_sb2:
-.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
-.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
-.Lk_sbo:
-.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
-.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA
-
-.Lk_mc_forward:
-.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
-.quad	0x080B0A0904070605, 0x000302010C0F0E0D
-.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
-.quad	0x000302010C0F0E0D, 0x080B0A0904070605
-
-.Lk_mc_backward:
-.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
-.quad	0x020100030E0D0C0F, 0x0A09080B06050407
-.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
-.quad	0x0A09080B06050407, 0x020100030E0D0C0F
-
-.Lk_sr:
-.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
-.quad	0x030E09040F0A0500, 0x0B06010C07020D08
-.quad	0x0F060D040B020900, 0x070E050C030A0108
-.quad	0x0B0E0104070A0D00, 0x0306090C0F020508
-
-.Lk_rcon:
-.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81
-
-.Lk_s63:
-.quad	0x5B5B5B5B5B5B5B5B, 0x5B5B5B5B5B5B5B5B
-
-.Lk_opt:
-.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
-.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0
-
-.Lk_deskew:
-.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
-.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77
-
-
-
-
-
-.Lk_dksd:
-.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
-.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
-.Lk_dksb:
-.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
-.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
-.Lk_dkse:
-.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
-.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
-.Lk_dks9:
-.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
-.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE
-
-
-
-
-
-.Lk_dipt:
-.quad	0x0F505B040B545F00, 0x154A411E114E451A
-.quad	0x86E383E660056500, 0x12771772F491F194
-
-.Lk_dsb9:
-.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
-.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
-.Lk_dsbd:
-.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
-.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
-.Lk_dsbb:
-.quad	0xD022649296B44200, 0x602646F6B0F2D404
-.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
-.Lk_dsbe:
-.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
-.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
-.Lk_dsbo:
-.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
-.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
-.byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
-.align	64
-.size	_vpaes_consts,.-_vpaes_consts
diff --git a/crypto/aes/asm/vpaes-x86_64.pl b/crypto/aes/asm/vpaes-x86_64.pl
deleted file mode 100644
index bd7f45b850..0000000000
--- a/crypto/aes/asm/vpaes-x86_64.pl
+++ /dev/null
@@ -1,1207 +0,0 @@
-#!/usr/bin/env perl
-
-######################################################################
-## Constant-time SSSE3 AES core implementation.
-## version 0.1
-##
-## By Mike Hamburg (Stanford University), 2009
-## Public domain.
-##
-## For details see http://shiftleft.org/papers/vector_aes/ and
-## http://crypto.stanford.edu/vpaes/.
-
-######################################################################
-# September 2011.
-#
-# Interface to OpenSSL as "almost" drop-in replacement for
-# aes-x86_64.pl. "Almost" refers to the fact that AES_cbc_encrypt
-# doesn't handle partial vectors (doesn't have to if called from
-# EVP only). "Drop-in" implies that this module doesn't share key
-# schedule structure with the original nor does it make assumption
-# about its alignment...
-#
-# Performance summary. aes-x86_64.pl column lists large-block CBC
-# encrypt/decrypt/with-hyper-threading-off(*) results in cycles per
-# byte processed with 128-bit key, and vpaes-x86_64.pl column -
-# [also large-block CBC] encrypt/decrypt.
-#
-#		aes-x86_64.pl		vpaes-x86_64.pl
-#
-# Core 2(**)	30.5/43.7/14.3		21.8/25.7(***)
-# Nehalem	30.5/42.2/14.6		 9.8/11.8
-# Atom		63.9/79.0/32.1		64.0/84.8(***)
-#
-# (*)	"Hyper-threading" in the context refers rather to cache shared
-#	among multiple cores, than to specifically Intel HTT. As vast
-#	majority of contemporary cores share cache, slower code path
-#	is common place. In other words "with-hyper-threading-off"
-#	results are presented mostly for reference purposes.
-#
-# (**)	"Core 2" refers to initial 65nm design, a.k.a. Conroe.
-#
-# (***)	Less impressive improvement on Core 2 and Atom is due to slow
-#	pshufb,	yet it's respectable +40%/78% improvement on Core 2
-#	(as implied, over "hyper-threading-safe" code path).
-#
-#						<appro@openssl.org>
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-$PREFIX="vpaes";
-
-$code.=<<___;
-.text
-
-##
-##  _aes_encrypt_core
-##
-##  AES-encrypt %xmm0.
-##
-##  Inputs:
-##     %xmm0 = input
-##     %xmm9-%xmm15 as in _vpaes_preheat
-##    (%rdx) = scheduled keys
-##
-##  Output in %xmm0
-##  Clobbers  %xmm1-%xmm5, %r9, %r10, %r11, %rax
-##  Preserves %xmm6 - %xmm8 so you get some local vectors
-##
-##
-.type	_vpaes_encrypt_core,\@abi-omnipotent
-.align 16
-_vpaes_encrypt_core:
-	mov	%rdx,	%r9
-	mov	\$16,	%r11
-	mov	240(%rdx),%eax
-	movdqa	%xmm9,	%xmm1
-	movdqa	.Lk_ipt(%rip), %xmm2	# iptlo
-	pandn	%xmm0,	%xmm1
-	movdqu	(%r9),	%xmm5		# round0 key
-	psrld	\$4,	%xmm1
-	pand	%xmm9,	%xmm0
-	pshufb	%xmm0,	%xmm2
-	movdqa	.Lk_ipt+16(%rip), %xmm0	# ipthi
-	pshufb	%xmm1,	%xmm0
-	pxor	%xmm5,	%xmm2
-	pxor	%xmm2,	%xmm0
-	add	\$16,	%r9
-	lea	.Lk_mc_backward(%rip),%r10
-	jmp	.Lenc_entry
-
-.align 16
-.Lenc_loop:
-	# middle of middle round
-	movdqa  %xmm13,	%xmm4	# 4 : sb1u
-	pshufb  %xmm2,	%xmm4	# 4 = sb1u
-	pxor	%xmm5,	%xmm4	# 4 = sb1u + k
-	movdqa  %xmm12,	%xmm0	# 0 : sb1t
-	pshufb  %xmm3,	%xmm0	# 0 = sb1t
-	pxor	%xmm4,	%xmm0	# 0 = A
-	movdqa  %xmm15,	%xmm5	# 4 : sb2u
-	pshufb	%xmm2,	%xmm5	# 4 = sb2u
-	movdqa	-0x40(%r11,%r10), %xmm1		# .Lk_mc_forward[]
-	movdqa	%xmm14, %xmm2	# 2 : sb2t
-	pshufb	%xmm3,  %xmm2	# 2 = sb2t
-	pxor	%xmm5,	%xmm2	# 2 = 2A
-	movdqa	(%r11,%r10), %xmm4		# .Lk_mc_backward[]
-	movdqa	%xmm0,  %xmm3	# 3 = A
-	pshufb  %xmm1,  %xmm0	# 0 = B
-	add	\$16,	%r9	# next key
-	pxor	%xmm2,  %xmm0	# 0 = 2A+B
-	pshufb	%xmm4,	%xmm3	# 3 = D
-	add	\$16,	%r11	# next mc
-	pxor	%xmm0,	%xmm3	# 3 = 2A+B+D
-	pshufb  %xmm1,	%xmm0	# 0 = 2B+C
-	and	\$0x30,	%r11	# ... mod 4
-	pxor	%xmm3,	%xmm0	# 0 = 2A+3B+C+D
-	sub	\$1,%rax	# nr--
-
-.Lenc_entry:
-	# top of round
-	movdqa  %xmm9, 	%xmm1	# 1 : i
-	pandn	%xmm0, 	%xmm1	# 1 = i<<4
-	psrld	\$4,   	%xmm1   # 1 = i
-	pand	%xmm9, 	%xmm0   # 0 = k
-	movdqa	%xmm11, %xmm5	# 2 : a/k
-	pshufb  %xmm0,  %xmm5	# 2 = a/k
-	pxor	%xmm1,	%xmm0	# 0 = j
-	movdqa	%xmm10,	%xmm3  	# 3 : 1/i
-	pshufb  %xmm1, 	%xmm3  	# 3 = 1/i
-	pxor	%xmm5, 	%xmm3  	# 3 = iak = 1/i + a/k
-	movdqa	%xmm10,	%xmm4  	# 4 : 1/j
-	pshufb	%xmm0, 	%xmm4  	# 4 = 1/j
-	pxor	%xmm5, 	%xmm4  	# 4 = jak = 1/j + a/k
-	movdqa	%xmm10,	%xmm2  	# 2 : 1/iak
-	pshufb  %xmm3,	%xmm2  	# 2 = 1/iak
-	pxor	%xmm0, 	%xmm2  	# 2 = io
-	movdqa	%xmm10, %xmm3   # 3 : 1/jak
-	movdqu	(%r9),	%xmm5
-	pshufb  %xmm4,  %xmm3   # 3 = 1/jak
-	pxor	%xmm1,  %xmm3   # 3 = jo
-	jnz	.Lenc_loop
-
-	# middle of last round
-	movdqa	-0x60(%r10), %xmm4	# 3 : sbou	.Lk_sbo
-	movdqa	-0x50(%r10), %xmm0	# 0 : sbot	.Lk_sbo+16
-	pshufb  %xmm2,  %xmm4	# 4 = sbou
-	pxor	%xmm5,  %xmm4	# 4 = sb1u + k
-	pshufb  %xmm3,	%xmm0	# 0 = sb1t
-	movdqa	0x40(%r11,%r10), %xmm1		# .Lk_sr[]
-	pxor	%xmm4,	%xmm0	# 0 = A
-	pshufb	%xmm1,	%xmm0
-	ret
-.size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
-	
-##
-##  Decryption core
-##
-##  Same API as encryption core.
-##
-.type	_vpaes_decrypt_core,\@abi-omnipotent
-.align	16
-_vpaes_decrypt_core:
-	mov	%rdx,	%r9		# load key
-	mov	240(%rdx),%eax
-	movdqa	%xmm9,	%xmm1
-	movdqa	.Lk_dipt(%rip), %xmm2	# iptlo
-	pandn	%xmm0,	%xmm1
-	mov	%rax,	%r11
-	psrld	\$4,	%xmm1
-	movdqu	(%r9),	%xmm5		# round0 key
-	shl	\$4,	%r11
-	pand	%xmm9,	%xmm0
-	pshufb	%xmm0,	%xmm2
-	movdqa	.Lk_dipt+16(%rip), %xmm0 # ipthi
-	xor	\$0x30,	%r11
-	lea	.Lk_dsbd(%rip),%r10
-	pshufb	%xmm1,	%xmm0
-	and	\$0x30,	%r11
-	pxor	%xmm5,	%xmm2
-	movdqa	.Lk_mc_forward+48(%rip), %xmm5
-	pxor	%xmm2,	%xmm0
-	add	\$16,	%r9
-	add	%r10,	%r11
-	jmp	.Ldec_entry
-
-.align 16
-.Ldec_loop:
-##
-##  Inverse mix columns
-##
-	movdqa  -0x20(%r10),%xmm4	# 4 : sb9u
-	pshufb	%xmm2,	%xmm4		# 4 = sb9u
-	pxor	%xmm0,	%xmm4
-	movdqa  -0x10(%r10),%xmm0	# 0 : sb9t
-	pshufb	%xmm3,	%xmm0		# 0 = sb9t
-	pxor	%xmm4,	%xmm0		# 0 = ch
-	add	\$16, %r9		# next round key
-
-	pshufb	%xmm5,	%xmm0		# MC ch
-	movdqa  0x00(%r10),%xmm4	# 4 : sbdu
-	pshufb	%xmm2,	%xmm4		# 4 = sbdu
-	pxor	%xmm0,	%xmm4		# 4 = ch
-	movdqa  0x10(%r10),%xmm0	# 0 : sbdt
-	pshufb	%xmm3,	%xmm0		# 0 = sbdt
-	pxor	%xmm4,	%xmm0		# 0 = ch
-	sub	\$1,%rax		# nr--
-	
-	pshufb	%xmm5,	%xmm0		# MC ch
-	movdqa  0x20(%r10),%xmm4	# 4 : sbbu
-	pshufb	%xmm2,	%xmm4		# 4 = sbbu
-	pxor	%xmm0,	%xmm4		# 4 = ch
-	movdqa  0x30(%r10),%xmm0	# 0 : sbbt
-	pshufb	%xmm3,	%xmm0		# 0 = sbbt
-	pxor	%xmm4,	%xmm0		# 0 = ch
-	
-	pshufb	%xmm5,	%xmm0		# MC ch
-	movdqa  0x40(%r10),%xmm4	# 4 : sbeu
-	pshufb	%xmm2,	%xmm4		# 4 = sbeu
-	pxor	%xmm0,	%xmm4		# 4 = ch
-	movdqa  0x50(%r10),%xmm0	# 0 : sbet
-	pshufb	%xmm3,	%xmm0		# 0 = sbet
-	pxor	%xmm4,	%xmm0		# 0 = ch
-
-	palignr	\$12,	%xmm5,	%xmm5
-	
-.Ldec_entry:
-	# top of round
-	movdqa  %xmm9, 	%xmm1	# 1 : i
-	pandn	%xmm0, 	%xmm1	# 1 = i<<4
-	psrld	\$4,    %xmm1	# 1 = i
-	pand	%xmm9, 	%xmm0	# 0 = k
-	movdqa	%xmm11, %xmm2	# 2 : a/k
-	pshufb  %xmm0,  %xmm2	# 2 = a/k
-	pxor	%xmm1,	%xmm0	# 0 = j
-	movdqa	%xmm10,	%xmm3	# 3 : 1/i
-	pshufb  %xmm1, 	%xmm3	# 3 = 1/i
-	pxor	%xmm2, 	%xmm3	# 3 = iak = 1/i + a/k
-	movdqa	%xmm10,	%xmm4	# 4 : 1/j
-	pshufb	%xmm0, 	%xmm4	# 4 = 1/j
-	pxor	%xmm2, 	%xmm4	# 4 = jak = 1/j + a/k
-	movdqa	%xmm10,	%xmm2	# 2 : 1/iak
-	pshufb  %xmm3,	%xmm2	# 2 = 1/iak
-	pxor	%xmm0, 	%xmm2	# 2 = io
-	movdqa	%xmm10, %xmm3	# 3 : 1/jak
-	pshufb  %xmm4,  %xmm3	# 3 = 1/jak
-	pxor	%xmm1,  %xmm3	# 3 = jo
-	movdqu	(%r9),	%xmm0
-	jnz	.Ldec_loop
-
-	# middle of last round
-	movdqa	0x60(%r10), %xmm4	# 3 : sbou
-	pshufb  %xmm2,  %xmm4	# 4 = sbou
-	pxor	%xmm0,  %xmm4	# 4 = sb1u + k
-	movdqa	0x70(%r10), %xmm0	# 0 : sbot
-	movdqa	-0x160(%r11), %xmm2	# .Lk_sr-.Lk_dsbd=-0x160
-	pshufb  %xmm3,	%xmm0	# 0 = sb1t
-	pxor	%xmm4,	%xmm0	# 0 = A
-	pshufb	%xmm2,	%xmm0
-	ret
-.size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
-
-########################################################
-##                                                    ##
-##                  AES key schedule                  ##
-##                                                    ##
-########################################################
-.type	_vpaes_schedule_core,\@abi-omnipotent
-.align	16
-_vpaes_schedule_core:
-	# rdi = key
-	# rsi = size in bits
-	# rdx = buffer
-	# rcx = direction.  0=encrypt, 1=decrypt
-
-	call	_vpaes_preheat		# load the tables
-	movdqa	.Lk_rcon(%rip), %xmm8	# load rcon
-	movdqu	(%rdi),	%xmm0		# load key (unaligned)
-
-	# input transform
-	movdqa	%xmm0,	%xmm3
-	lea	.Lk_ipt(%rip), %r11
-	call	_vpaes_schedule_transform
-	movdqa	%xmm0,	%xmm7
-
-	lea	.Lk_sr(%rip),%r10
-	test	%rcx,	%rcx
-	jnz	.Lschedule_am_decrypting
-
-	# encrypting, output zeroth round key after transform
-	movdqu	%xmm0,	(%rdx)
-	jmp	.Lschedule_go
-
-.Lschedule_am_decrypting:
-	# decrypting, output zeroth round key after shiftrows
-	movdqa	(%r8,%r10),%xmm1
-	pshufb  %xmm1,	%xmm3
-	movdqu	%xmm3,	(%rdx)
-	xor	\$0x30, %r8
-
-.Lschedule_go:
-	cmp	\$192,	%esi
-	ja	.Lschedule_256
-	je	.Lschedule_192
-	# 128: fall though
-
-##
-##  .schedule_128
-##
-##  128-bit specific part of key schedule.
-##
-##  This schedule is really simple, because all its parts
-##  are accomplished by the subroutines.
-##
-.Lschedule_128:
-	mov	\$10, %esi
-	
-.Loop_schedule_128:
-	call 	_vpaes_schedule_round
-	dec	%rsi
-	jz 	.Lschedule_mangle_last
-	call	_vpaes_schedule_mangle	# write output
-	jmp 	.Loop_schedule_128
-
-##
-##  .aes_schedule_192
-##
-##  192-bit specific part of key schedule.
-##
-##  The main body of this schedule is the same as the 128-bit
-##  schedule, but with more smearing.  The long, high side is
-##  stored in %xmm7 as before, and the short, low side is in
-##  the high bits of %xmm6.
-##
-##  This schedule is somewhat nastier, however, because each
-##  round produces 192 bits of key material, or 1.5 round keys.
-##  Therefore, on each cycle we do 2 rounds and produce 3 round
-##  keys.
-##
-.align	16
-.Lschedule_192:
-	movdqu	8(%rdi),%xmm0		# load key part 2 (very unaligned)
-	call	_vpaes_schedule_transform	# input transform
-	movdqa	%xmm0,	%xmm6		# save short part
-	pxor	%xmm4,	%xmm4		# clear 4
-	movhlps	%xmm4,	%xmm6		# clobber low side with zeros
-	mov	\$4,	%esi
-
-.Loop_schedule_192:
-	call	_vpaes_schedule_round
-	palignr	\$8,%xmm6,%xmm0	
-	call	_vpaes_schedule_mangle	# save key n
-	call	_vpaes_schedule_192_smear
-	call	_vpaes_schedule_mangle	# save key n+1
-	call	_vpaes_schedule_round
-	dec	%rsi
-	jz 	.Lschedule_mangle_last
-	call	_vpaes_schedule_mangle	# save key n+2
-	call	_vpaes_schedule_192_smear
-	jmp	.Loop_schedule_192
-
-##
-##  .aes_schedule_256
-##
-##  256-bit specific part of key schedule.
-##
-##  The structure here is very similar to the 128-bit
-##  schedule, but with an additional "low side" in
-##  %xmm6.  The low side's rounds are the same as the
-##  high side's, except no rcon and no rotation.
-##
-.align	16
-.Lschedule_256:
-	movdqu	16(%rdi),%xmm0		# load key part 2 (unaligned)
-	call	_vpaes_schedule_transform	# input transform
-	mov	\$7, %esi
-	
-.Loop_schedule_256:
-	call	_vpaes_schedule_mangle	# output low result
-	movdqa	%xmm0,	%xmm6		# save cur_lo in xmm6
-
-	# high round
-	call	_vpaes_schedule_round
-	dec	%rsi
-	jz 	.Lschedule_mangle_last
-	call	_vpaes_schedule_mangle	
-
-	# low round. swap xmm7 and xmm6
-	pshufd	\$0xFF,	%xmm0,	%xmm0
-	movdqa	%xmm7,	%xmm5
-	movdqa	%xmm6,	%xmm7
-	call	_vpaes_schedule_low_round
-	movdqa	%xmm5,	%xmm7
-	
-	jmp	.Loop_schedule_256
-
-	
-##
-##  .aes_schedule_mangle_last
-##
-##  Mangler for last round of key schedule
-##  Mangles %xmm0
-##    when encrypting, outputs out(%xmm0) ^ 63
-##    when decrypting, outputs unskew(%xmm0)
-##
-##  Always called right before return... jumps to cleanup and exits
-##
-.align	16
-.Lschedule_mangle_last:
-	# schedule last round key from xmm0
-	lea	.Lk_deskew(%rip),%r11	# prepare to deskew
-	test	%rcx, 	%rcx
-	jnz	.Lschedule_mangle_last_dec
-
-	# encrypting
-	movdqa	(%r8,%r10),%xmm1
-	pshufb	%xmm1,	%xmm0		# output permute
-	lea	.Lk_opt(%rip),	%r11	# prepare to output transform
-	add	\$32,	%rdx
-
-.Lschedule_mangle_last_dec:
-	add	\$-16,	%rdx
-	pxor	.Lk_s63(%rip),	%xmm0
-	call	_vpaes_schedule_transform # output transform
-	movdqu	%xmm0,	(%rdx)		# save last key
-
-	# cleanup
-	pxor	%xmm0,  %xmm0
-	pxor	%xmm1,  %xmm1
-	pxor	%xmm2,  %xmm2
-	pxor	%xmm3,  %xmm3
-	pxor	%xmm4,  %xmm4
-	pxor	%xmm5,  %xmm5
-	pxor	%xmm6,  %xmm6
-	pxor	%xmm7,  %xmm7
-	ret
-.size	_vpaes_schedule_core,.-_vpaes_schedule_core
-
-##
-##  .aes_schedule_192_smear
-##
-##  Smear the short, low side in the 192-bit key schedule.
-##
-##  Inputs:
-##    %xmm7: high side, b  a  x  y
-##    %xmm6:  low side, d  c  0  0
-##    %xmm13: 0
-##
-##  Outputs:
-##    %xmm6: b+c+d  b+c  0  0
-##    %xmm0: b+c+d  b+c  b  a
-##
-.type	_vpaes_schedule_192_smear,\@abi-omnipotent
-.align	16
-_vpaes_schedule_192_smear:
-	pshufd	\$0x80,	%xmm6,	%xmm0	# d c 0 0 -> c 0 0 0
-	pxor	%xmm0,	%xmm6		# -> c+d c 0 0
-	pshufd	\$0xFE,	%xmm7,	%xmm0	# b a _ _ -> b b b a
-	pxor	%xmm0,	%xmm6		# -> b+c+d b+c b a
-	movdqa	%xmm6,	%xmm0
-	pxor	%xmm1,	%xmm1
-	movhlps	%xmm1,	%xmm6		# clobber low side with zeros
-	ret
-.size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear
-
-##
-##  .aes_schedule_round
-##
-##  Runs one main round of the key schedule on %xmm0, %xmm7
-##
-##  Specifically, runs subbytes on the high dword of %xmm0
-##  then rotates it by one byte and xors into the low dword of
-##  %xmm7.
-##
-##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
-##  next rcon.
-##
-##  Smears the dwords of %xmm7 by xoring the low into the
-##  second low, result into third, result into highest.
-##
-##  Returns results in %xmm7 = %xmm0.
-##  Clobbers %xmm1-%xmm4, %r11.
-##
-.type	_vpaes_schedule_round,\@abi-omnipotent
-.align	16
-_vpaes_schedule_round:
-	# extract rcon from xmm8
-	pxor	%xmm1,	%xmm1
-	palignr	\$15,	%xmm8,	%xmm1
-	palignr	\$15,	%xmm8,	%xmm8
-	pxor	%xmm1,	%xmm7
-
-	# rotate
-	pshufd	\$0xFF,	%xmm0,	%xmm0
-	palignr	\$1,	%xmm0,	%xmm0
-	
-	# fall through...
-	
-	# low round: same as high round, but no rotation and no rcon.
-_vpaes_schedule_low_round:
-	# smear xmm7
-	movdqa	%xmm7,	%xmm1
-	pslldq	\$4,	%xmm7
-	pxor	%xmm1,	%xmm7
-	movdqa	%xmm7,	%xmm1
-	pslldq	\$8,	%xmm7
-	pxor	%xmm1,	%xmm7
-	pxor	.Lk_s63(%rip), %xmm7
-
-	# subbytes
-	movdqa  %xmm9, 	%xmm1
-	pandn	%xmm0, 	%xmm1
-	psrld	\$4,    %xmm1		# 1 = i
-	pand	%xmm9, 	%xmm0		# 0 = k
-	movdqa	%xmm11, %xmm2		# 2 : a/k
-	pshufb  %xmm0,  %xmm2		# 2 = a/k
-	pxor	%xmm1,	%xmm0		# 0 = j
-	movdqa	%xmm10,	%xmm3		# 3 : 1/i
-	pshufb  %xmm1, 	%xmm3		# 3 = 1/i
-	pxor	%xmm2, 	%xmm3		# 3 = iak = 1/i + a/k
-	movdqa	%xmm10,	%xmm4		# 4 : 1/j
-	pshufb	%xmm0, 	%xmm4		# 4 = 1/j
-	pxor	%xmm2, 	%xmm4		# 4 = jak = 1/j + a/k
-	movdqa	%xmm10,	%xmm2		# 2 : 1/iak
-	pshufb  %xmm3,	%xmm2		# 2 = 1/iak
-	pxor	%xmm0, 	%xmm2		# 2 = io
-	movdqa	%xmm10, %xmm3		# 3 : 1/jak
-	pshufb  %xmm4,  %xmm3		# 3 = 1/jak
-	pxor	%xmm1,  %xmm3		# 3 = jo
-	movdqa	%xmm13, %xmm4		# 4 : sbou
-	pshufb  %xmm2,  %xmm4		# 4 = sbou
-	movdqa	%xmm12, %xmm0		# 0 : sbot
-	pshufb  %xmm3,	%xmm0		# 0 = sb1t
-	pxor	%xmm4, 	%xmm0		# 0 = sbox output
-
-	# add in smeared stuff
-	pxor	%xmm7,	%xmm0	
-	movdqa	%xmm0,	%xmm7
-	ret
-.size	_vpaes_schedule_round,.-_vpaes_schedule_round
-
-##
-##  .aes_schedule_transform
-##
-##  Linear-transform %xmm0 according to tables at (%r11)
-##
-##  Requires that %xmm9 = 0x0F0F... as in preheat
-##  Output in %xmm0
-##  Clobbers %xmm1, %xmm2
-##
-.type	_vpaes_schedule_transform,\@abi-omnipotent
-.align	16
-_vpaes_schedule_transform:
-	movdqa	%xmm9,	%xmm1
-	pandn	%xmm0,	%xmm1
-	psrld	\$4,	%xmm1
-	pand	%xmm9,	%xmm0
-	movdqa	(%r11), %xmm2 	# lo
-	pshufb	%xmm0,	%xmm2
-	movdqa	16(%r11), %xmm0 # hi
-	pshufb	%xmm1,	%xmm0
-	pxor	%xmm2,	%xmm0
-	ret
-.size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
-
-##
-##  .aes_schedule_mangle
-##
-##  Mangle xmm0 from (basis-transformed) standard version
-##  to our version.
-##
-##  On encrypt,
-##    xor with 0x63
-##    multiply by circulant 0,1,1,1
-##    apply shiftrows transform
-##
-##  On decrypt,
-##    xor with 0x63
-##    multiply by "inverse mixcolumns" circulant E,B,D,9
-##    deskew
-##    apply shiftrows transform
-##
-##
-##  Writes out to (%rdx), and increments or decrements it
-##  Keeps track of round number mod 4 in %r8
-##  Preserves xmm0
-##  Clobbers xmm1-xmm5
-##
-.type	_vpaes_schedule_mangle,\@abi-omnipotent
-.align	16
-_vpaes_schedule_mangle:
-	movdqa	%xmm0,	%xmm4	# save xmm0 for later
-	movdqa	.Lk_mc_forward(%rip),%xmm5
-	test	%rcx, 	%rcx
-	jnz	.Lschedule_mangle_dec
-
-	# encrypting
-	add	\$16,	%rdx
-	pxor	.Lk_s63(%rip),%xmm4
-	pshufb	%xmm5,	%xmm4
-	movdqa	%xmm4,	%xmm3
-	pshufb	%xmm5,	%xmm4
-	pxor	%xmm4,	%xmm3
-	pshufb	%xmm5,	%xmm4
-	pxor	%xmm4,	%xmm3
-
-	jmp	.Lschedule_mangle_both
-.align	16
-.Lschedule_mangle_dec:
-	# inverse mix columns
-	lea	.Lk_dksd(%rip),%r11
-	movdqa	%xmm9,	%xmm1
-	pandn	%xmm4,	%xmm1
-	psrld	\$4,	%xmm1	# 1 = hi
-	pand	%xmm9,	%xmm4	# 4 = lo
-
-	movdqa	0x00(%r11), %xmm2
-	pshufb	%xmm4,	%xmm2
-	movdqa	0x10(%r11), %xmm3
-	pshufb	%xmm1,	%xmm3
-	pxor	%xmm2,	%xmm3
-	pshufb	%xmm5,	%xmm3
-
-	movdqa	0x20(%r11), %xmm2
-	pshufb	%xmm4,	%xmm2
-	pxor	%xmm3,	%xmm2
-	movdqa	0x30(%r11), %xmm3
-	pshufb	%xmm1,	%xmm3
-	pxor	%xmm2,	%xmm3
-	pshufb	%xmm5,	%xmm3
-
-	movdqa	0x40(%r11), %xmm2
-	pshufb	%xmm4,	%xmm2
-	pxor	%xmm3,	%xmm2
-	movdqa	0x50(%r11), %xmm3
-	pshufb	%xmm1,	%xmm3
-	pxor	%xmm2,	%xmm3
-	pshufb	%xmm5,	%xmm3
-
-	movdqa	0x60(%r11), %xmm2
-	pshufb	%xmm4,	%xmm2
-	pxor	%xmm3,	%xmm2
-	movdqa	0x70(%r11), %xmm3
-	pshufb	%xmm1,	%xmm3
-	pxor	%xmm2,	%xmm3
-
-	add	\$-16,	%rdx
-
-.Lschedule_mangle_both:
-	movdqa	(%r8,%r10),%xmm1
-	pshufb	%xmm1,%xmm3
-	add	\$-16,	%r8
-	and	\$0x30,	%r8
-	movdqu	%xmm3,	(%rdx)
-	ret
-.size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle
-
-#
-# Interface to OpenSSL
-#
-.globl	${PREFIX}_set_encrypt_key
-.type	${PREFIX}_set_encrypt_key,\@function,3
-.align	16
-${PREFIX}_set_encrypt_key:
-___
-$code.=<<___ if ($win64);
-	lea	-0xb8(%rsp),%rsp
-	movaps	%xmm6,0x10(%rsp)
-	movaps	%xmm7,0x20(%rsp)
-	movaps	%xmm8,0x30(%rsp)
-	movaps	%xmm9,0x40(%rsp)
-	movaps	%xmm10,0x50(%rsp)
-	movaps	%xmm11,0x60(%rsp)
-	movaps	%xmm12,0x70(%rsp)
-	movaps	%xmm13,0x80(%rsp)
-	movaps	%xmm14,0x90(%rsp)
-	movaps	%xmm15,0xa0(%rsp)
-.Lenc_key_body:
-___
-$code.=<<___;
-	mov	%esi,%eax
-	shr	\$5,%eax
-	add	\$5,%eax
-	mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
-
-	mov	\$0,%ecx
-	mov	\$0x30,%r8d
-	call	_vpaes_schedule_core
-___
-$code.=<<___ if ($win64);
-	movaps	0x10(%rsp),%xmm6
-	movaps	0x20(%rsp),%xmm7
-	movaps	0x30(%rsp),%xmm8
-	movaps	0x40(%rsp),%xmm9
-	movaps	0x50(%rsp),%xmm10
-	movaps	0x60(%rsp),%xmm11
-	movaps	0x70(%rsp),%xmm12
-	movaps	0x80(%rsp),%xmm13
-	movaps	0x90(%rsp),%xmm14
-	movaps	0xa0(%rsp),%xmm15
-	lea	0xb8(%rsp),%rsp
-.Lenc_key_epilogue:
-___
-$code.=<<___;
-	xor	%eax,%eax
-	ret
-.size	${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
-
-.globl	${PREFIX}_set_decrypt_key
-.type	${PREFIX}_set_decrypt_key,\@function,3
-.align	16
-${PREFIX}_set_decrypt_key:
-___
-$code.=<<___ if ($win64);
-	lea	-0xb8(%rsp),%rsp
-	movaps	%xmm6,0x10(%rsp)
-	movaps	%xmm7,0x20(%rsp)
-	movaps	%xmm8,0x30(%rsp)
-	movaps	%xmm9,0x40(%rsp)
-	movaps	%xmm10,0x50(%rsp)
-	movaps	%xmm11,0x60(%rsp)
-	movaps	%xmm12,0x70(%rsp)
-	movaps	%xmm13,0x80(%rsp)
-	movaps	%xmm14,0x90(%rsp)
-	movaps	%xmm15,0xa0(%rsp)
-.Ldec_key_body:
-___
-$code.=<<___;
-	mov	%esi,%eax
-	shr	\$5,%eax
-	add	\$5,%eax
-	mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
-	shl	\$4,%eax
-	lea	16(%rdx,%rax),%rdx
-
-	mov	\$1,%ecx
-	mov	%esi,%r8d
-	shr	\$1,%r8d
-	and	\$32,%r8d
-	xor	\$32,%r8d	# nbits==192?0:32
-	call	_vpaes_schedule_core
-___
-$code.=<<___ if ($win64);
-	movaps	0x10(%rsp),%xmm6
-	movaps	0x20(%rsp),%xmm7
-	movaps	0x30(%rsp),%xmm8
-	movaps	0x40(%rsp),%xmm9
-	movaps	0x50(%rsp),%xmm10
-	movaps	0x60(%rsp),%xmm11
-	movaps	0x70(%rsp),%xmm12
-	movaps	0x80(%rsp),%xmm13
-	movaps	0x90(%rsp),%xmm14
-	movaps	0xa0(%rsp),%xmm15
-	lea	0xb8(%rsp),%rsp
-.Ldec_key_epilogue:
-___
-$code.=<<___;
-	xor	%eax,%eax
-	ret
-.size	${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
-
-.globl	${PREFIX}_encrypt
-.type	${PREFIX}_encrypt,\@function,3
-.align	16
-${PREFIX}_encrypt:
-___
-$code.=<<___ if ($win64);
-	lea	-0xb8(%rsp),%rsp
-	movaps	%xmm6,0x10(%rsp)
-	movaps	%xmm7,0x20(%rsp)
-	movaps	%xmm8,0x30(%rsp)
-	movaps	%xmm9,0x40(%rsp)
-	movaps	%xmm10,0x50(%rsp)
-	movaps	%xmm11,0x60(%rsp)
-	movaps	%xmm12,0x70(%rsp)
-	movaps	%xmm13,0x80(%rsp)
-	movaps	%xmm14,0x90(%rsp)
-	movaps	%xmm15,0xa0(%rsp)
-.Lenc_body:
-___
-$code.=<<___;
-	movdqu	(%rdi),%xmm0
-	call	_vpaes_preheat
-	call	_vpaes_encrypt_core
-	movdqu	%xmm0,(%rsi)
-___
-$code.=<<___ if ($win64);
-	movaps	0x10(%rsp),%xmm6
-	movaps	0x20(%rsp),%xmm7
-	movaps	0x30(%rsp),%xmm8
-	movaps	0x40(%rsp),%xmm9
-	movaps	0x50(%rsp),%xmm10
-	movaps	0x60(%rsp),%xmm11
-	movaps	0x70(%rsp),%xmm12
-	movaps	0x80(%rsp),%xmm13
-	movaps	0x90(%rsp),%xmm14
-	movaps	0xa0(%rsp),%xmm15
-	lea	0xb8(%rsp),%rsp
-.Lenc_epilogue:
-___
-$code.=<<___;
-	ret
-.size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
-
-.globl	${PREFIX}_decrypt
-.type	${PREFIX}_decrypt,\@function,3
-.align	16
-${PREFIX}_decrypt:
-___
-$code.=<<___ if ($win64);
-	lea	-0xb8(%rsp),%rsp
-	movaps	%xmm6,0x10(%rsp)
-	movaps	%xmm7,0x20(%rsp)
-	movaps	%xmm8,0x30(%rsp)
-	movaps	%xmm9,0x40(%rsp)
-	movaps	%xmm10,0x50(%rsp)
-	movaps	%xmm11,0x60(%rsp)
-	movaps	%xmm12,0x70(%rsp)
-	movaps	%xmm13,0x80(%rsp)
-	movaps	%xmm14,0x90(%rsp)
-	movaps	%xmm15,0xa0(%rsp)
-.Ldec_body:
-___
-$code.=<<___;
-	movdqu	(%rdi),%xmm0
-	call	_vpaes_preheat
-	call	_vpaes_decrypt_core
-	movdqu	%xmm0,(%rsi)
-___
-$code.=<<___ if ($win64);
-	movaps	0x10(%rsp),%xmm6
-	movaps	0x20(%rsp),%xmm7
-	movaps	0x30(%rsp),%xmm8
-	movaps	0x40(%rsp),%xmm9
-	movaps	0x50(%rsp),%xmm10
-	movaps	0x60(%rsp),%xmm11
-	movaps	0x70(%rsp),%xmm12
-	movaps	0x80(%rsp),%xmm13
-	movaps	0x90(%rsp),%xmm14
-	movaps	0xa0(%rsp),%xmm15
-	lea	0xb8(%rsp),%rsp
-.Ldec_epilogue:
-___
-$code.=<<___;
-	ret
-.size	${PREFIX}_decrypt,.-${PREFIX}_decrypt
-___
-{
-my ($inp,$out,$len,$key,$ivp,$enc)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9");
-# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
-#                       size_t length, const AES_KEY *key,
-#                       unsigned char *ivp,const int enc);
-$code.=<<___;
-.globl	${PREFIX}_cbc_encrypt
-.type	${PREFIX}_cbc_encrypt,\@function,6
-.align	16
-${PREFIX}_cbc_encrypt:
-	xchg	$key,$len
-___
-($len,$key)=($key,$len);
-$code.=<<___;
-	sub	\$16,$len
-	jc	.Lcbc_abort
-___
-$code.=<<___ if ($win64);
-	lea	-0xb8(%rsp),%rsp
-	movaps	%xmm6,0x10(%rsp)
-	movaps	%xmm7,0x20(%rsp)
-	movaps	%xmm8,0x30(%rsp)
-	movaps	%xmm9,0x40(%rsp)
-	movaps	%xmm10,0x50(%rsp)
-	movaps	%xmm11,0x60(%rsp)
-	movaps	%xmm12,0x70(%rsp)
-	movaps	%xmm13,0x80(%rsp)
-	movaps	%xmm14,0x90(%rsp)
-	movaps	%xmm15,0xa0(%rsp)
-.Lcbc_body:
-___
-$code.=<<___;
-	movdqu	($ivp),%xmm6		# load IV
-	sub	$inp,$out
-	call	_vpaes_preheat
-	cmp	\$0,${enc}d
-	je	.Lcbc_dec_loop
-	jmp	.Lcbc_enc_loop
-.align	16
-.Lcbc_enc_loop:
-	movdqu	($inp),%xmm0
-	pxor	%xmm6,%xmm0
-	call	_vpaes_encrypt_core
-	movdqa	%xmm0,%xmm6
-	movdqu	%xmm0,($out,$inp)
-	lea	16($inp),$inp
-	sub	\$16,$len
-	jnc	.Lcbc_enc_loop
-	jmp	.Lcbc_done
-.align	16
-.Lcbc_dec_loop:
-	movdqu	($inp),%xmm0
-	movdqa	%xmm0,%xmm7
-	call	_vpaes_decrypt_core
-	pxor	%xmm6,%xmm0
-	movdqa	%xmm7,%xmm6
-	movdqu	%xmm0,($out,$inp)
-	lea	16($inp),$inp
-	sub	\$16,$len
-	jnc	.Lcbc_dec_loop
-.Lcbc_done:
-	movdqu	%xmm6,($ivp)		# save IV
-___
-$code.=<<___ if ($win64);
-	movaps	0x10(%rsp),%xmm6
-	movaps	0x20(%rsp),%xmm7
-	movaps	0x30(%rsp),%xmm8
-	movaps	0x40(%rsp),%xmm9
-	movaps	0x50(%rsp),%xmm10
-	movaps	0x60(%rsp),%xmm11
-	movaps	0x70(%rsp),%xmm12
-	movaps	0x80(%rsp),%xmm13
-	movaps	0x90(%rsp),%xmm14
-	movaps	0xa0(%rsp),%xmm15
-	lea	0xb8(%rsp),%rsp
-.Lcbc_epilogue:
-___
-$code.=<<___;
-.Lcbc_abort:
-	ret
-.size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
-___
-}
-$code.=<<___;
-##
-##  _aes_preheat
-##
-##  Fills register %r10 -> .aes_consts (so you can -fPIC)
-##  and %xmm9-%xmm15 as specified below.
-##
-.type	_vpaes_preheat,\@abi-omnipotent
-.align	16
-_vpaes_preheat:
-	lea	.Lk_s0F(%rip), %r10
-	movdqa	-0x20(%r10), %xmm10	# .Lk_inv
-	movdqa	-0x10(%r10), %xmm11	# .Lk_inv+16
-	movdqa	0x00(%r10), %xmm9	# .Lk_s0F
-	movdqa	0x30(%r10), %xmm13	# .Lk_sb1
-	movdqa	0x40(%r10), %xmm12	# .Lk_sb1+16
-	movdqa	0x50(%r10), %xmm15	# .Lk_sb2
-	movdqa	0x60(%r10), %xmm14	# .Lk_sb2+16
-	ret
-.size	_vpaes_preheat,.-_vpaes_preheat
-########################################################
-##                                                    ##
-##                     Constants                      ##
-##                                                    ##
-########################################################
-.type	_vpaes_consts,\@object
-.align	64
-_vpaes_consts:
-.Lk_inv:	# inv, inva
-	.quad	0x0E05060F0D080180, 0x040703090A0B0C02
-	.quad	0x01040A060F0B0780, 0x030D0E0C02050809
-
-.Lk_s0F:	# s0F
-	.quad	0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F
-
-.Lk_ipt:	# input transform (lo, hi)
-	.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
-	.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81
-
-.Lk_sb1:	# sb1u, sb1t
-	.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
-	.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
-.Lk_sb2:	# sb2u, sb2t
-	.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
-	.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
-.Lk_sbo:	# sbou, sbot
-	.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
-	.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA
-
-.Lk_mc_forward:	# mc_forward
-	.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
-	.quad	0x080B0A0904070605, 0x000302010C0F0E0D
-	.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
-	.quad	0x000302010C0F0E0D, 0x080B0A0904070605
-
-.Lk_mc_backward:# mc_backward
-	.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
-	.quad	0x020100030E0D0C0F, 0x0A09080B06050407
-	.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
-	.quad	0x0A09080B06050407, 0x020100030E0D0C0F
-
-.Lk_sr:		# sr
-	.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
-	.quad	0x030E09040F0A0500, 0x0B06010C07020D08
-	.quad	0x0F060D040B020900, 0x070E050C030A0108
-	.quad	0x0B0E0104070A0D00, 0x0306090C0F020508
-
-.Lk_rcon:	# rcon
-	.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81
-
-.Lk_s63:	# s63: all equal to 0x63 transformed
-	.quad	0x5B5B5B5B5B5B5B5B, 0x5B5B5B5B5B5B5B5B
-
-.Lk_opt:	# output transform
-	.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
-	.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0
-
-.Lk_deskew:	# deskew tables: inverts the sbox's "skew"
-	.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
-	.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77
-
-##
-##  Decryption stuff
-##  Key schedule constants
-##
-.Lk_dksd:	# decryption key schedule: invskew x*D
-	.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
-	.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
-.Lk_dksb:	# decryption key schedule: invskew x*B
-	.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
-	.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
-.Lk_dkse:	# decryption key schedule: invskew x*E + 0x63
-	.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
-	.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
-.Lk_dks9:	# decryption key schedule: invskew x*9
-	.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
-	.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE
-
-##
-##  Decryption stuff
-##  Round function constants
-##
-.Lk_dipt:	# decryption input transform
-	.quad	0x0F505B040B545F00, 0x154A411E114E451A
-	.quad	0x86E383E660056500, 0x12771772F491F194
-
-.Lk_dsb9:	# decryption sbox output *9*u, *9*t
-	.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
-	.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
-.Lk_dsbd:	# decryption sbox output *D*u, *D*t
-	.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
-	.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
-.Lk_dsbb:	# decryption sbox output *B*u, *B*t
-	.quad	0xD022649296B44200, 0x602646F6B0F2D404
-	.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
-.Lk_dsbe:	# decryption sbox output *E*u, *E*t
-	.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
-	.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
-.Lk_dsbo:	# decryption sbox final output
-	.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
-	.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
-.asciz	"Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
-.align	64
-.size	_vpaes_consts,.-_vpaes_consts
-___
-
-if ($win64) {
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	se_handler,\@abi-omnipotent
-.align	16
-se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# prologue label
-	cmp	%r10,%rbx		# context->Rip<prologue label
-	jb	.Lin_prologue
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lin_prologue
-
-	lea	16(%rax),%rsi		# %xmm save area
-	lea	512($context),%rdi	# &context.Xmm6
-	mov	\$20,%ecx		# 10*sizeof(%xmm0)/sizeof(%rax)
-	.long	0xa548f3fc		# cld; rep movsq
-	lea	0xb8(%rax),%rax		# adjust stack pointer
-
-.Lin_prologue:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	se_handler,.-se_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_${PREFIX}_set_encrypt_key
-	.rva	.LSEH_end_${PREFIX}_set_encrypt_key
-	.rva	.LSEH_info_${PREFIX}_set_encrypt_key
-
-	.rva	.LSEH_begin_${PREFIX}_set_decrypt_key
-	.rva	.LSEH_end_${PREFIX}_set_decrypt_key
-	.rva	.LSEH_info_${PREFIX}_set_decrypt_key
-
-	.rva	.LSEH_begin_${PREFIX}_encrypt
-	.rva	.LSEH_end_${PREFIX}_encrypt
-	.rva	.LSEH_info_${PREFIX}_encrypt
-
-	.rva	.LSEH_begin_${PREFIX}_decrypt
-	.rva	.LSEH_end_${PREFIX}_decrypt
-	.rva	.LSEH_info_${PREFIX}_decrypt
-
-	.rva	.LSEH_begin_${PREFIX}_cbc_encrypt
-	.rva	.LSEH_end_${PREFIX}_cbc_encrypt
-	.rva	.LSEH_info_${PREFIX}_cbc_encrypt
-
-.section	.xdata
-.align	8
-.LSEH_info_${PREFIX}_set_encrypt_key:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Lenc_key_body,.Lenc_key_epilogue	# HandlerData[]
-.LSEH_info_${PREFIX}_set_decrypt_key:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Ldec_key_body,.Ldec_key_epilogue	# HandlerData[]
-.LSEH_info_${PREFIX}_encrypt:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Lenc_body,.Lenc_epilogue		# HandlerData[]
-.LSEH_info_${PREFIX}_decrypt:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Ldec_body,.Ldec_epilogue		# HandlerData[]
-.LSEH_info_${PREFIX}_cbc_encrypt:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Lcbc_body,.Lcbc_epilogue		# HandlerData[]
-___
-}
-
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-
-print $code;
-
-close STDOUT;
diff --git a/crypto/alphacpuid.pl b/crypto/alphacpuid.pl
deleted file mode 100644
index 4b3cbb9827..0000000000
--- a/crypto/alphacpuid.pl
+++ /dev/null
@@ -1,126 +0,0 @@
-#!/usr/bin/env perl
-print <<'___';
-.text
-
-.set	noat
-
-.globl	OPENSSL_cpuid_setup
-.ent	OPENSSL_cpuid_setup
-OPENSSL_cpuid_setup:
-	.frame	$30,0,$26
-	.prologue 0
-	ret	($26)
-.end	OPENSSL_cpuid_setup
-
-.globl	OPENSSL_wipe_cpu
-.ent	OPENSSL_wipe_cpu
-OPENSSL_wipe_cpu:
-	.frame	$30,0,$26
-	.prologue 0
-	clr	$1
-	clr	$2
-	clr	$3
-	clr	$4
-	clr	$5
-	clr	$6
-	clr	$7
-	clr	$8
-	clr	$16
-	clr	$17
-	clr	$18
-	clr	$19
-	clr	$20
-	clr	$21
-	clr	$22
-	clr	$23
-	clr	$24
-	clr	$25
-	clr	$27
-	clr	$at
-	clr	$29
-	fclr	$f0
-	fclr	$f1
-	fclr	$f10
-	fclr	$f11
-	fclr	$f12
-	fclr	$f13
-	fclr	$f14
-	fclr	$f15
-	fclr	$f16
-	fclr	$f17
-	fclr	$f18
-	fclr	$f19
-	fclr	$f20
-	fclr	$f21
-	fclr	$f22
-	fclr	$f23
-	fclr	$f24
-	fclr	$f25
-	fclr	$f26
-	fclr	$f27
-	fclr	$f28
-	fclr	$f29
-	fclr	$f30
-	mov	$sp,$0
-	ret	($26)
-.end	OPENSSL_wipe_cpu
-
-.globl	OPENSSL_atomic_add
-.ent	OPENSSL_atomic_add
-OPENSSL_atomic_add:
-	.frame	$30,0,$26
-	.prologue 0
-1:	ldl_l	$0,0($16)
-	addl	$0,$17,$1
-	stl_c	$1,0($16)
-	beq	$1,1b
-	addl	$0,$17,$0
-	ret	($26)
-.end	OPENSSL_atomic_add
-
-.globl	OPENSSL_rdtsc
-.ent	OPENSSL_rdtsc
-OPENSSL_rdtsc:
-	.frame	$30,0,$26
-	.prologue 0
-	rpcc	$0
-	ret	($26)
-.end	OPENSSL_rdtsc
-
-.globl	OPENSSL_cleanse
-.ent	OPENSSL_cleanse
-OPENSSL_cleanse:
-	.frame	$30,0,$26
-	.prologue 0
-	beq	$17,.Ldone
-	and	$16,7,$0
-	bic	$17,7,$at
-	beq	$at,.Little
-	beq	$0,.Laligned
-
-.Little:
-	subq	$0,8,$0
-	ldq_u	$1,0($16)
-	mov	$16,$2
-.Lalign:
-	mskbl	$1,$16,$1
-	lda	$16,1($16)
-	subq	$17,1,$17
-	addq	$0,1,$0
-	beq	$17,.Lout
-	bne	$0,.Lalign
-.Lout:	stq_u	$1,0($2)
-	beq	$17,.Ldone
-	bic	$17,7,$at
-	beq	$at,.Little
-
-.Laligned:
-	stq	$31,0($16)
-	subq	$17,8,$17
-	lda	$16,8($16)
-	bic	$17,7,$at
-	bne	$at,.Laligned
-	bne	$17,.Little
-.Ldone: ret	($26)
-.end	OPENSSL_cleanse
-___
diff --git a/crypto/arm64cpuid.S b/crypto/arm64cpuid.S
deleted file mode 100644
index 4778ac1dea..0000000000
--- a/crypto/arm64cpuid.S
+++ /dev/null
@@ -1,46 +0,0 @@
-#include "arm_arch.h"
-
-.text
-.arch	armv8-a+crypto
-
-.align	5
-.global	_armv7_neon_probe
-.type	_armv7_neon_probe,%function
-_armv7_neon_probe:
-	orr	v15.16b, v15.16b, v15.16b
-	ret
-.size	_armv7_neon_probe,.-_armv7_neon_probe
-
-.global	_armv7_tick
-.type	_armv7_tick,%function
-_armv7_tick:
-	mrs	x0, CNTVCT_EL0
-	ret
-.size	_armv7_tick,.-_armv7_tick
-
-.global	_armv8_aes_probe
-.type	_armv8_aes_probe,%function
-_armv8_aes_probe:
-	aese	v0.16b, v0.16b
-	ret
-.size	_armv8_aes_probe,.-_armv8_aes_probe
-
-.global	_armv8_sha1_probe
-.type	_armv8_sha1_probe,%function
-_armv8_sha1_probe:
-	sha1h	s0, s0
-	ret
-.size	_armv8_sha1_probe,.-_armv8_sha1_probe
-
-.global	_armv8_sha256_probe
-.type	_armv8_sha256_probe,%function
-_armv8_sha256_probe:
-	sha256su0	v0.4s, v0.4s
-	ret
-.size	_armv8_sha256_probe,.-_armv8_sha256_probe
-.global	_armv8_pmull_probe
-.type	_armv8_pmull_probe,%function
-_armv8_pmull_probe:
-	pmull	v0.1q, v0.1d, v0.1d
-	ret
-.size	_armv8_pmull_probe,.-_armv8_pmull_probe
diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
deleted file mode 100644
index 6fa87244d1..0000000000
--- a/crypto/arm_arch.h
+++ /dev/null
@@ -1,66 +0,0 @@
-#ifndef __ARM_ARCH_H__
-#define __ARM_ARCH_H__
-
-#if !defined(__ARM_ARCH__)
-# if defined(__CC_ARM)
-#  define __ARM_ARCH__ __TARGET_ARCH_ARM
-#  if defined(__BIG_ENDIAN)
-#   define __ARMEB__
-#  else
-#   define __ARMEL__
-#  endif
-# elif defined(__GNUC__)
-#  if	defined(__aarch64__)
-#   define __ARM_ARCH__ 8
-#   if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-#    define __ARMEB__
-#   else
-#    define __ARMEL__
-#   endif
-  /*
-   * Why doesn't gcc define __ARM_ARCH__? Instead it defines
-   * bunch of below macros. See all_architectires[] table in
-   * gcc/config/arm/arm.c. On a side note it defines
-   * __ARMEL__/__ARMEB__ for little-/big-endian.
-   */
-#  elif defined(__ARM_ARCH)
-#   define __ARM_ARCH__ __ARM_ARCH
-#  elif	defined(__ARM_ARCH_8A__)
-#   define __ARM_ARCH__ 8
-#  elif	defined(__ARM_ARCH_7__)	|| defined(__ARM_ARCH_7A__)	|| \
-	defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__)	|| \
-	defined(__ARM_ARCH_7EM__)
-#   define __ARM_ARCH__ 7
-#  elif	defined(__ARM_ARCH_6__)	|| defined(__ARM_ARCH_6J__)	|| \
-	defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__)	|| \
-	defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__)	|| \
-	defined(__ARM_ARCH_6T2__)
-#   define __ARM_ARCH__ 6
-#  elif	defined(__ARM_ARCH_5__)	|| defined(__ARM_ARCH_5T__)	|| \
-	defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__)	|| \
-	defined(__ARM_ARCH_5TEJ__)
-#   define __ARM_ARCH__ 5
-#  elif	defined(__ARM_ARCH_4__)	|| defined(__ARM_ARCH_4T__)
-#   define __ARM_ARCH__ 4
-#  else
-#   error "unsupported ARM architecture"
-#  endif
-# endif
-#endif
-
-#ifdef OPENSSL_FIPSCANISTER
-#include <openssl/fipssyms.h>
-#endif
-
-#if !__ASSEMBLER__
-extern unsigned int OPENSSL_armcap_P;
-#endif
-                                     
-#define ARMV7_NEON      (1<<0)
-#define ARMV7_TICK      (1<<1)
-#define ARMV8_AES       (1<<2)
-#define ARMV8_SHA1      (1<<3)
-#define ARMV8_SHA256    (1<<4)
-#define ARMV8_PMULL     (1<<5)
-
-#endif
diff --git a/crypto/armcap.c b/crypto/armcap.c
deleted file mode 100644
index 59b7494831..0000000000
--- a/crypto/armcap.c
+++ /dev/null
@@ -1,165 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <setjmp.h>
-#include <signal.h>
-#include <crypto.h>
-
-#include "arm_arch.h"
-
-unsigned int OPENSSL_armcap_P;
-
-static sigset_t all_masked;
-
-static sigjmp_buf ill_jmp;
-static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
-
-/*
- * Following subroutines could have been inlined, but it's not all
- * ARM compilers support inline assembler...
- */
-void _armv7_neon_probe(void);
-void _armv8_aes_probe(void);
-void _armv8_sha1_probe(void);
-void _armv8_sha256_probe(void);
-void _armv8_pmull_probe(void);
-unsigned long _armv7_tick(void);
-
-unsigned long OPENSSL_rdtsc(void)
-	{
-	if (OPENSSL_armcap_P & ARMV7_TICK)
-		return _armv7_tick();
-	else
-		return 0;
-	}
-
-/*
- * Use a weak reference to getauxval() so we can use it if it is available but
- * don't break the build if it is not.
- */
-#if defined(__GNUC__) && __GNUC__>=2
-void OPENSSL_cpuid_setup(void) __attribute__((constructor));
-extern unsigned long getauxval(unsigned long type) __attribute__((weak));
-#else
-static unsigned long (*getauxval)(unsigned long) = NULL;
-#endif
-
-/*
- * ARM puts the the feature bits for Crypto Extensions in AT_HWCAP2, whereas
- * AArch64 used AT_HWCAP.
- */
-#if defined(__arm__) || defined (__arm)
-# define HWCAP			16	/* AT_HWCAP */
-# define HWCAP_NEON		(1 << 12)
-
-# define HWCAP_CE		26	/* AT_HWCAP2 */
-# define HWCAP_CE_AES		(1 << 0)
-# define HWCAP_CE_PMULL		(1 << 1)
-# define HWCAP_CE_SHA1		(1 << 2)
-# define HWCAP_CE_SHA256	(1 << 3)
-#elif defined(__aarch64__)
-# define HWCAP			16	/* AT_HWCAP */
-# define HWCAP_NEON		(1 << 1)
-
-# define HWCAP_CE		HWCAP
-# define HWCAP_CE_AES		(1 << 3)
-# define HWCAP_CE_PMULL		(1 << 4)
-# define HWCAP_CE_SHA1		(1 << 5)
-# define HWCAP_CE_SHA256	(1 << 6)
-#endif
-
-#ifdef ANDROID
-// Works around a bug where Android versions up to and including L don't
-// properly restore the signal mask when asked.
-#define sigsetjmp(env,savesigs) \
-	(sigprocmask(SIG_SETMASK,&ill_act.sa_mask,NULL), \
-	 sigsetjmp(env,savesigs))
-#endif
-
-void OPENSSL_cpuid_setup(void)
-	{
-	char *e;
-	struct sigaction	ill_oact,ill_act;
-	sigset_t		oset;
-	static int trigger=0;
-
-	if (trigger) return;
-	trigger=1;
- 
-	if ((e=getenv("OPENSSL_armcap")))
-		{
-		OPENSSL_armcap_P=(unsigned int)strtoul(e,NULL,0);
-		return;
-		}
-
-	sigfillset(&all_masked);
-	sigdelset(&all_masked,SIGILL);
-	sigdelset(&all_masked,SIGTRAP);
-	sigdelset(&all_masked,SIGFPE);
-	sigdelset(&all_masked,SIGBUS);
-	sigdelset(&all_masked,SIGSEGV);
-
-	OPENSSL_armcap_P = 0;
-
-	memset(&ill_act,0,sizeof(ill_act));
-	ill_act.sa_handler = ill_handler;
-	ill_act.sa_mask    = all_masked;
-
-	sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset);
-	sigaction(SIGILL,&ill_act,&ill_oact);
-
-	if (getauxval != NULL)
-		{
-		if (getauxval(HWCAP) & HWCAP_NEON)
-			{
-			unsigned long hwcap = getauxval(HWCAP_CE);
-
-			OPENSSL_armcap_P |= ARMV7_NEON;
-
-			if (hwcap & HWCAP_CE_AES)
-				OPENSSL_armcap_P |= ARMV8_AES;
-
-			if (hwcap & HWCAP_CE_PMULL)
-				OPENSSL_armcap_P |= ARMV8_PMULL;
-
-			if (hwcap & HWCAP_CE_SHA1)
-				OPENSSL_armcap_P |= ARMV8_SHA1;
-
-			if (hwcap & HWCAP_CE_SHA256)
-				OPENSSL_armcap_P |= ARMV8_SHA256;
-			}
-		}
-	else if (sigsetjmp(ill_jmp,1) == 0)
-		{
-		_armv7_neon_probe();
-		OPENSSL_armcap_P |= ARMV7_NEON;
-		if (sigsetjmp(ill_jmp,1) == 0)
-			{
-			_armv8_pmull_probe();
-			OPENSSL_armcap_P |= ARMV8_PMULL|ARMV8_AES;
-			}
-		else if (sigsetjmp(ill_jmp,1) == 0)
-			{
-			_armv8_aes_probe();
-			OPENSSL_armcap_P |= ARMV8_AES;
-			}
-		if (sigsetjmp(ill_jmp,1) == 0)
-			{
-			_armv8_sha1_probe();
-			OPENSSL_armcap_P |= ARMV8_SHA1;
-			}
-		if (sigsetjmp(ill_jmp,1) == 0)
-			{
-			_armv8_sha256_probe();
-			OPENSSL_armcap_P |= ARMV8_SHA256;
-			}
-		}
-	if (sigsetjmp(ill_jmp,1) == 0)
-		{
-		_armv7_tick();
-		OPENSSL_armcap_P |= ARMV7_TICK;
-		}
-
-	sigaction (SIGILL,&ill_oact,NULL);
-	sigprocmask(SIG_SETMASK,&oset,NULL);
-	}
diff --git a/crypto/armv4cpuid.S b/crypto/armv4cpuid.S
deleted file mode 100644
index add11d405e..0000000000
--- a/crypto/armv4cpuid.S
+++ /dev/null
@@ -1,202 +0,0 @@
-#include "arm_arch.h"
-
-.text
-.code	32
-
-.align	5
-.global	_armv7_neon_probe
-.type	_armv7_neon_probe,%function
-_armv7_neon_probe:
-	.byte	0xf0,0x01,0x60,0xf2	@ vorr	q8,q8,q8
-	.byte	0x1e,0xff,0x2f,0xe1	@ bx	lr
-.size	_armv7_neon_probe,.-_armv7_neon_probe
-
-.global	_armv7_tick
-.type	_armv7_tick,%function
-_armv7_tick:
-	mrrc	p15,1,r0,r1,c14		@ CNTVCT
-#if __ARM_ARCH__>=5
-	bx	lr
-#else
-	.word	0xe12fff1e		@ bx	lr
-#endif
-.size	_armv7_tick,.-_armv7_tick
-
-.global	_armv8_aes_probe
-.type	_armv8_aes_probe,%function
-_armv8_aes_probe:
-	.byte	0x00,0x03,0xb0,0xf3	@ aese.8	q0,q0
-	.byte	0x1e,0xff,0x2f,0xe1	@ bx	lr
-.size	_armv8_aes_probe,.-_armv8_aes_probe
-
-.global	_armv8_sha1_probe
-.type	_armv8_sha1_probe,%function
-_armv8_sha1_probe:
-	.byte	0x40,0x0c,0x00,0xf2	@ sha1c.32	q0,q0,q0
-	.byte	0x1e,0xff,0x2f,0xe1	@ bx	lr
-.size	_armv8_sha1_probe,.-_armv8_sha1_probe
-
-.global	_armv8_sha256_probe
-.type	_armv8_sha256_probe,%function
-_armv8_sha256_probe:
-	.byte	0x40,0x0c,0x00,0xf3	@ sha256h.32	q0,q0,q0
-	.byte	0x1e,0xff,0x2f,0xe1	@ bx lr
-.size	_armv8_sha256_probe,.-_armv8_sha256_probe
-.global	_armv8_pmull_probe
-.type	_armv8_pmull_probe,%function
-_armv8_pmull_probe:
-	.byte	0x00,0x0e,0xa0,0xf2	@ vmull.p64	q0,d0,d0
-	.byte	0x1e,0xff,0x2f,0xe1	@ bx	lr
-.size	_armv8_pmull_probe,.-_armv8_pmull_probe
-
-.align	5
-.global	OPENSSL_atomic_add
-.type	OPENSSL_atomic_add,%function
-OPENSSL_atomic_add:
-#if __ARM_ARCH__>=6
-.Ladd:	ldrex	r2,[r0]
-	add	r3,r2,r1
-	strex	r2,r3,[r0]
-	cmp	r2,#0
-	bne	.Ladd
-	mov	r0,r3
-	bx	lr
-#else
-	stmdb	sp!,{r4-r6,lr}
-	ldr	r2,.Lspinlock
-	adr	r3,.Lspinlock
-	mov	r4,r0
-	mov	r5,r1
-	add	r6,r3,r2	@ &spinlock
-	b	.+8
-.Lspin:	bl	sched_yield
-	mov	r0,#-1
-	swp	r0,r0,[r6]
-	cmp	r0,#0
-	bne	.Lspin
-
-	ldr	r2,[r4]
-	add	r2,r2,r5
-	str	r2,[r4]
-	str	r0,[r6]		@ release spinlock
-	ldmia	sp!,{r4-r6,lr}
-	tst	lr,#1
-	moveq	pc,lr
-	.word	0xe12fff1e	@ bx	lr
-#endif
-.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
-
-.global	OPENSSL_cleanse
-.type	OPENSSL_cleanse,%function
-OPENSSL_cleanse:
-	eor	ip,ip,ip
-	cmp	r1,#7
-	subhs	r1,r1,#4
-	bhs	.Lot
-	cmp	r1,#0
-	beq	.Lcleanse_done
-.Little:
-	strb	ip,[r0],#1
-	subs	r1,r1,#1
-	bhi	.Little
-	b	.Lcleanse_done
-
-.Lot:	tst	r0,#3
-	beq	.Laligned
-	strb	ip,[r0],#1
-	sub	r1,r1,#1
-	b	.Lot
-.Laligned:
-	str	ip,[r0],#4
-	subs	r1,r1,#4
-	bhs	.Laligned
-	adds	r1,r1,#4
-	bne	.Little
-.Lcleanse_done:
-#if __ARM_ARCH__>=5
-	bx	lr
-#else
-	tst	lr,#1
-	moveq	pc,lr
-	.word	0xe12fff1e	@ bx	lr
-#endif
-.size	OPENSSL_cleanse,.-OPENSSL_cleanse
-
-.global	OPENSSL_wipe_cpu
-.type	OPENSSL_wipe_cpu,%function
-OPENSSL_wipe_cpu:
-	ldr	r0,.LOPENSSL_armcap
-	adr	r1,.LOPENSSL_armcap
-	ldr	r0,[r1,r0]
-	eor	r2,r2,r2
-	eor	r3,r3,r3
-	eor	ip,ip,ip
-	tst	r0,#1
-	beq	.Lwipe_done
-	.byte	0x50,0x01,0x00,0xf3	@ veor	q0, q0, q0
-	.byte	0x52,0x21,0x02,0xf3	@ veor	q1, q1, q1
-	.byte	0x54,0x41,0x04,0xf3	@ veor	q2, q2, q2
-	.byte	0x56,0x61,0x06,0xf3	@ veor	q3, q3, q3
-	.byte	0xf0,0x01,0x40,0xf3	@ veor	q8, q8, q8
-	.byte	0xf2,0x21,0x42,0xf3	@ veor	q9, q9, q9
-	.byte	0xf4,0x41,0x44,0xf3	@ veor	q10, q10, q10
-	.byte	0xf6,0x61,0x46,0xf3	@ veor	q11, q11, q11
-	.byte	0xf8,0x81,0x48,0xf3	@ veor	q12, q12, q12
-	.byte	0xfa,0xa1,0x4a,0xf3	@ veor	q13, q13, q13
-	.byte	0xfc,0xc1,0x4c,0xf3	@ veor	q14, q14, q14
-	.byte	0xfe,0xe1,0x4e,0xf3	@ veor	q14, q14, q14
-.Lwipe_done:
-	mov	r0,sp
-#if __ARM_ARCH__>=5
-	bx	lr
-#else
-	tst	lr,#1
-	moveq	pc,lr
-	.word	0xe12fff1e	@ bx	lr
-#endif
-.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
-
-.global	OPENSSL_instrument_bus
-.type	OPENSSL_instrument_bus,%function
-OPENSSL_instrument_bus:
-	eor	r0,r0,r0
-#if __ARM_ARCH__>=5
-	bx	lr
-#else
-	tst	lr,#1
-	moveq	pc,lr
-	.word	0xe12fff1e	@ bx	lr
-#endif
-.size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
-
-.global	OPENSSL_instrument_bus2
-.type	OPENSSL_instrument_bus2,%function
-OPENSSL_instrument_bus2:
-	eor	r0,r0,r0
-#if __ARM_ARCH__>=5
-	bx	lr
-#else
-	tst	lr,#1
-	moveq	pc,lr
-	.word	0xe12fff1e	@ bx	lr
-#endif
-.size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
-
-.align	5
-.LOPENSSL_armcap:
-.word	OPENSSL_armcap_P-.LOPENSSL_armcap
-#if __ARM_ARCH__>=6
-.align	5
-#else
-.Lspinlock:
-.word	atomic_add_spinlock-.Lspinlock
-.align	5
-
-.data
-.align	2
-atomic_add_spinlock:
-.word	0
-#endif
-
-.comm	OPENSSL_armcap_P,4,4
-.hidden	OPENSSL_armcap_P
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
deleted file mode 100644
index 4117a67dc3..0000000000
--- a/crypto/asn1/a_bitstr.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/* crypto/asn1/a_bitstr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
-{ return M_ASN1_BIT_STRING_set(x, d, len); }
-
-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
-	{
-	int ret,j,bits,len;
-	unsigned char *p,*d;
-
-	if (a == NULL) return(0);
-
-	len=a->length;
-
-	if (len > 0)
-		{
-		if (a->flags & ASN1_STRING_FLAG_BITS_LEFT)
-			{
-			bits=(int)a->flags&0x07;
-			}
-		else
-			{
-			for ( ; len > 0; len--)
-				{
-				if (a->data[len-1]) break;
-				}
-			j=a->data[len-1];
-			if      (j & 0x01) bits=0;
-			else if (j & 0x02) bits=1;
-			else if (j & 0x04) bits=2;
-			else if (j & 0x08) bits=3;
-			else if (j & 0x10) bits=4;
-			else if (j & 0x20) bits=5;
-			else if (j & 0x40) bits=6;
-			else if (j & 0x80) bits=7;
-			else bits=0; /* should not happen */
-			}
-		}
-	else
-		bits=0;
-
-	ret=1+len;
-	if (pp == NULL) return(ret);
-
-	p= *pp;
-
-	*(p++)=(unsigned char)bits;
-	d=a->data;
-	memcpy(p,d,len);
-	p+=len;
-	if (len > 0) p[-1]&=(0xff<<bits);
-	*pp=p;
-	return(ret);
-	}
-
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
-	const unsigned char **pp, long len)
-	{
-	ASN1_BIT_STRING *ret=NULL;
-	const unsigned char *p;
-	unsigned char *s;
-	int i;
-
-	if (len < 1)
-		{
-		i=ASN1_R_STRING_TOO_SHORT;
-		goto err;
-		}
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
-	i= *(p++);
-	if (i > 7)
-		{
-		i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
-		goto err;
-		}
-	/* We do this to preserve the settings.  If we modify
-	 * the settings, via the _set_bit function, we will recalculate
-	 * on output */
-	ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
-	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */
-
-	if (len-- > 1) /* using one because of the bits left byte */
-		{
-		s=(unsigned char *)OPENSSL_malloc((int)len);
-		if (s == NULL)
-			{
-			i=ERR_R_MALLOC_FAILURE;
-			goto err;
-			}
-		memcpy(s,p,(int)len);
-		s[len-1]&=(0xff<<i);
-		p+=len;
-		}
-	else
-		s=NULL;
-
-	ret->length=(int)len;
-	if (ret->data != NULL) OPENSSL_free(ret->data);
-	ret->data=s;
-	ret->type=V_ASN1_BIT_STRING;
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		M_ASN1_BIT_STRING_free(ret);
-	return(NULL);
-	}
-
-/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
- */
-int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
-	{
-	int w,v,iv;
-	unsigned char *c;
-
-	w=n/8;
-	v=1<<(7-(n&0x07));
-	iv= ~v;
-	if (!value) v=0;
-
-	if (a == NULL)
-		return 0;
-
-	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
-
-	if ((a->length < (w+1)) || (a->data == NULL))
-		{
-		if (!value) return(1); /* Don't need to set */
-		if (a->data == NULL)
-			c=(unsigned char *)OPENSSL_malloc(w+1);
-		else
-			c=(unsigned char *)OPENSSL_realloc_clean(a->data,
-								 a->length,
-								 w+1);
-		if (c == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-  		if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
-		a->data=c;
-		a->length=w+1;
-	}
-	a->data[w]=((a->data[w])&iv)|v;
-	while ((a->length > 0) && (a->data[a->length-1] == 0))
-		a->length--;
-	return(1);
-	}
-
-int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
-	{
-	int w,v;
-
-	w=n/8;
-	v=1<<(7-(n&0x07));
-	if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL))
-		return(0);
-	return((a->data[w]&v) != 0);
-	}
-
-/*
- * Checks if the given bit string contains only bits specified by 
- * the flags vector. Returns 0 if there is at least one bit set in 'a'
- * which is not specified in 'flags', 1 otherwise.
- * 'len' is the length of 'flags'.
- */
-int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
-			  unsigned char *flags, int flags_len)
-	{
-	int i, ok;
-	/* Check if there is one bit set at all. */
-	if (!a || !a->data) return 1;
-
-	/* Check each byte of the internal representation of the bit string. */
-	ok = 1;
-	for (i = 0; i < a->length && ok; ++i)
-		{
-		unsigned char mask = i < flags_len ? ~flags[i] : 0xff;
-		/* We are done if there is an unneeded bit set. */
-		ok = (a->data[i] & mask) == 0;
-		}
-	return ok;
-	}
diff --git a/crypto/asn1/a_bool.c b/crypto/asn1/a_bool.c
deleted file mode 100644
index 331acdf053..0000000000
--- a/crypto/asn1/a_bool.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/* crypto/asn1/a_bool.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-
-int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
-	{
-	int r;
-	unsigned char *p;
-
-	r=ASN1_object_size(0,1,V_ASN1_BOOLEAN);
-	if (pp == NULL) return(r);
-	p= *pp;
-
-	ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL);
-	*(p++)= (unsigned char)a;
-	*pp=p;
-	return(r);
-	}
-
-int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
-	{
-	int ret= -1;
-	const unsigned char *p;
-	long len;
-	int inf,tag,xclass;
-	int i=0;
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_BOOLEAN)
-		{
-		i=ASN1_R_EXPECTING_A_BOOLEAN;
-		goto err;
-		}
-
-	if (len != 1)
-		{
-		i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
-		goto err;
-		}
-	ret= (int)*(p++);
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
-	return(ret);
-	}
-
-
diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c
deleted file mode 100644
index 92d630cdba..0000000000
--- a/crypto/asn1/a_bytes.c
+++ /dev/null
@@ -1,314 +0,0 @@
-/* crypto/asn1/a_bytes.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
-/* type is a 'bitmap' of acceptable string types.
- */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
-	     long length, int type)
-	{
-	ASN1_STRING *ret=NULL;
-	const unsigned char *p;
-	unsigned char *s;
-	long len;
-	int inf,tag,xclass;
-	int i=0;
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80) goto err;
-
-	if (tag >= 32)
-		{
-		i=ASN1_R_TAG_VALUE_TOO_HIGH;
-		goto err;
-		}
-	if (!(ASN1_tag2bit(tag) & type))
-		{
-		i=ASN1_R_WRONG_TYPE;
-		goto err;
-		}
-
-	/* If a bit-string, exit early */
-	if (tag == V_ASN1_BIT_STRING)
-		return(d2i_ASN1_BIT_STRING(a,pp,length));
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
-		}
-	else
-		ret=(*a);
-
-	if (len != 0)
-		{
-		s=(unsigned char *)OPENSSL_malloc((int)len+1);
-		if (s == NULL)
-			{
-			i=ERR_R_MALLOC_FAILURE;
-			goto err;
-			}
-		memcpy(s,p,(int)len);
-		s[len]='\0';
-		p+=len;
-		}
-	else
-		s=NULL;
-
-	if (ret->data != NULL) OPENSSL_free(ret->data);
-	ret->length=(int)len;
-	ret->data=s;
-	ret->type=tag;
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		ASN1_STRING_free(ret);
-	return(NULL);
-	}
-
-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
-	{
-	int ret,r,constructed;
-	unsigned char *p;
-
-	if (a == NULL)  return(0);
-
-	if (tag == V_ASN1_BIT_STRING)
-		return(i2d_ASN1_BIT_STRING(a,pp));
-		
-	ret=a->length;
-	r=ASN1_object_size(0,ret,tag);
-	if (pp == NULL) return(r);
-	p= *pp;
-
-	if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
-		constructed=1;
-	else
-		constructed=0;
-	ASN1_put_object(&p,constructed,ret,tag,xclass);
-	memcpy(p,a->data,a->length);
-	p+=a->length;
-	*pp= p;
-	return(r);
-	}
-
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
-	     long length, int Ptag, int Pclass)
-	{
-	ASN1_STRING *ret=NULL;
-	const unsigned char *p;
-	unsigned char *s;
-	long len;
-	int inf,tag,xclass;
-	int i=0;
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != Ptag)
-		{
-		i=ASN1_R_WRONG_TAG;
-		goto err;
-		}
-
-	if (inf & V_ASN1_CONSTRUCTED)
-		{
-		ASN1_const_CTX c;
-
-		c.pp=pp;
-		c.p=p;
-		c.inf=inf;
-		c.slen=len;
-		c.tag=Ptag;
-		c.xclass=Pclass;
-		c.max=(length == 0)?0:(p+length);
-		if (!asn1_collate_primitive(ret,&c)) 
-			goto err; 
-		else
-			{
-			p=c.p;
-			}
-		}
-	else
-		{
-		if (len != 0)
-			{
-			if ((ret->length < len) || (ret->data == NULL))
-				{
-				if (ret->data != NULL) OPENSSL_free(ret->data);
-				s=(unsigned char *)OPENSSL_malloc((int)len + 1);
-				if (s == NULL)
-					{
-					i=ERR_R_MALLOC_FAILURE;
-					goto err;
-					}
-				}
-			else
-				s=ret->data;
-			memcpy(s,p,(int)len);
-			s[len] = '\0';
-			p+=len;
-			}
-		else
-			{
-			s=NULL;
-			if (ret->data != NULL) OPENSSL_free(ret->data);
-			}
-
-		ret->length=(int)len;
-		ret->data=s;
-		ret->type=Ptag;
-		}
-
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		ASN1_STRING_free(ret);
-	ASN1err(ASN1_F_D2I_ASN1_BYTES,i);
-	return(NULL);
-	}
-
-
-/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse
- * them into the one structure that is then returned */
-/* There have been a few bug fixes for this function from
- * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
-	{
-	ASN1_STRING *os=NULL;
-	BUF_MEM b;
-	int num;
-
-	b.length=0;
-	b.max=0;
-	b.data=NULL;
-
-	if (a == NULL)
-		{
-		c->error=ERR_R_PASSED_NULL_PARAMETER;
-		goto err;
-		}
-
-	num=0;
-	for (;;)
-		{
-		if (c->inf & 1)
-			{
-			c->eos=ASN1_const_check_infinite_end(&c->p,
-				(long)(c->max-c->p));
-			if (c->eos) break;
-			}
-		else
-			{
-			if (c->slen <= 0) break;
-			}
-
-		c->q=c->p;
-		if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
-			== NULL)
-			{
-			c->error=ERR_R_ASN1_LIB;
-			goto err;
-			}
-
-		if (!BUF_MEM_grow_clean(&b,num+os->length))
-			{
-			c->error=ERR_R_BUF_LIB;
-			goto err;
-			}
-		memcpy(&(b.data[num]),os->data,os->length);
-		if (!(c->inf & 1))
-			c->slen-=(c->p-c->q);
-		num+=os->length;
-		}
-
-	if (!asn1_const_Finish(c)) goto err;
-
-	a->length=num;
-	if (a->data != NULL) OPENSSL_free(a->data);
-	a->data=(unsigned char *)b.data;
-	if (os != NULL) ASN1_STRING_free(os);
-	return(1);
-err:
-	ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
-	if (os != NULL) ASN1_STRING_free(os);
-	if (b.data != NULL) OPENSSL_free(b.data);
-	return(0);
-	}
-
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
deleted file mode 100644
index 52b2ebdb63..0000000000
--- a/crypto/asn1/a_d2i_fp.c
+++ /dev/null
@@ -1,286 +0,0 @@
-/* crypto/asn1/a_d2i_fp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1_mac.h>
-
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
-
-#ifndef NO_OLD_ASN1
-#ifndef OPENSSL_NO_FP_API
-
-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
-        {
-        BIO *b;
-        void *ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
-                return(NULL);
-		}
-        BIO_set_fp(b,in,BIO_NOCLOSE);
-        ret=ASN1_d2i_bio(xnew,d2i,b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
-	{
-	BUF_MEM *b = NULL;
-	const unsigned char *p;
-	void *ret=NULL;
-	int len;
-
-	len = asn1_d2i_read_bio(in, &b);
-	if(len < 0) goto err;
-
-	p=(unsigned char *)b->data;
-	ret=d2i(x,&p,len);
-err:
-	if (b != NULL) BUF_MEM_free(b);
-	return(ret);
-	}
-
-#endif
-
-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
-	{
-	BUF_MEM *b = NULL;
-	const unsigned char *p;
-	void *ret=NULL;
-	int len;
-
-	len = asn1_d2i_read_bio(in, &b);
-	if(len < 0) goto err;
-
-	p=(const unsigned char *)b->data;
-	ret=ASN1_item_d2i(x,&p,len, it);
-err:
-	if (b != NULL) BUF_MEM_free(b);
-	return(ret);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
-        {
-        BIO *b;
-        char *ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB);
-                return(NULL);
-		}
-        BIO_set_fp(b,in,BIO_NOCLOSE);
-        ret=ASN1_item_d2i_bio(it,b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-#define HEADER_SIZE   8
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
-	{
-	BUF_MEM *b;
-	unsigned char *p;
-	int i;
-	ASN1_const_CTX c;
-	size_t want=HEADER_SIZE;
-	int eos=0;
-	size_t off=0;
-	size_t len=0;
-
-	b=BUF_MEM_new();
-	if (b == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
-		return -1;
-		}
-
-	ERR_clear_error();
-	for (;;)
-		{
-		if (want >= (len-off))
-			{
-			want-=(len-off);
-
-			if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
-				{
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			i=BIO_read(in,&(b->data[len]),want);
-			if ((i < 0) && ((len-off) == 0))
-				{
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA);
-				goto err;
-				}
-			if (i > 0)
-				{
-				if (len+i < len)
-					{
-					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
-					goto err;
-					}
-				len+=i;
-				}
-			}
-		/* else data already loaded */
-
-		p=(unsigned char *)&(b->data[off]);
-		c.p=p;
-		c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),
-			len-off);
-		if (c.inf & 0x80)
-			{
-			unsigned long e;
-
-			e=ERR_GET_REASON(ERR_peek_error());
-			if (e != ASN1_R_TOO_LONG)
-				goto err;
-			else
-				ERR_clear_error(); /* clear error */
-			}
-		i=c.p-p;/* header length */
-		off+=i;	/* end of data */
-
-		if (c.inf & 1)
-			{
-			/* no data body so go round again */
-			eos++;
-			if (eos < 0)
-				{
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG);
-				goto err;
-				}
-			want=HEADER_SIZE;
-			}
-		else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
-			{
-			/* eos value, so go back and read another header */
-			eos--;
-			if (eos <= 0)
-				break;
-			else
-				want=HEADER_SIZE;
-			}
-		else 
-			{
-			/* suck in c.slen bytes of data */
-			want=c.slen;
-			if (want > (len-off))
-				{
-				want-=(len-off);
-				if (want > INT_MAX /* BIO_read takes an int length */ ||
-					len+want < len)
-						{
-						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
-						goto err;
-						}
-				if (!BUF_MEM_grow_clean(b,len+want))
-					{
-					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				while (want > 0)
-					{
-					i=BIO_read(in,&(b->data[len]),want);
-					if (i <= 0)
-						{
-						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-						    ASN1_R_NOT_ENOUGH_DATA);
-						goto err;
-						}
-					/* This can't overflow because
-					 * |len+want| didn't overflow. */
-					len+=i;
-					want-=i;
-					}
-				}
-			if (off + c.slen < off)
-				{
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
-				goto err;
-				}
-			off+=c.slen;
-			if (eos <= 0)
-				{
-				break;
-				}
-			else
-				want=HEADER_SIZE;
-			}
-		}
-
-	if (off > INT_MAX)
-		{
-		ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
-		goto err;
-		}
-
-	*pb = b;
-	return off;
-err:
-	if (b != NULL) BUF_MEM_free(b);
-	return -1;
-	}
diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
deleted file mode 100644
index cbdeea6ac0..0000000000
--- a/crypto/asn1/a_digest.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/* crypto/asn1/a_digest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include <openssl/x509.h>
-
-#ifndef NO_ASN1_OLD
-
-int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
-		unsigned char *md, unsigned int *len)
-	{
-	int i;
-	unsigned char *str,*p;
-
-	i=i2d(data,NULL);
-	if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	p=str;
-	i2d(data,&p);
-
-	if (!EVP_Digest(str, i, md, len, type, NULL))
-		return 0;
-	OPENSSL_free(str);
-	return(1);
-	}
-
-#endif
-
-
-int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
-		unsigned char *md, unsigned int *len)
-	{
-	int i;
-	unsigned char *str = NULL;
-
-	i=ASN1_item_i2d(asn,&str, it);
-	if (!str) return(0);
-
-	if (!EVP_Digest(str, i, md, len, type, NULL))
-		return 0;
-	OPENSSL_free(str);
-	return(1);
-	}
-
diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c
deleted file mode 100644
index d98992548a..0000000000
--- a/crypto/asn1/a_dup.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/* crypto/asn1/a_dup.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-#ifndef NO_OLD_ASN1
-
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
-	{
-	unsigned char *b,*p;
-	const unsigned char *p2;
-	int i;
-	char *ret;
-
-	if (x == NULL) return(NULL);
-
-	i=i2d(x,NULL);
-	b=OPENSSL_malloc(i+10);
-	if (b == NULL)
-		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
-	p= b;
-	i=i2d(x,&p);
-	p2= b;
-	ret=d2i(NULL,&p2,i);
-	OPENSSL_free(b);
-	return(ret);
-	}
-
-#endif
-
-/* ASN1_ITEM version of dup: this follows the model above except we don't need
- * to allocate the buffer. At some point this could be rewritten to directly dup
- * the underlying structure instead of doing and encode and decode.
- */
-
-void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
-	{
-	unsigned char *b = NULL;
-	const unsigned char *p;
-	long i;
-	void *ret;
-
-	if (x == NULL) return(NULL);
-
-	i=ASN1_item_i2d(x,&b,it);
-	if (b == NULL)
-		{ ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
-	p= b;
-	ret=ASN1_item_d2i(NULL,&p,i, it);
-	OPENSSL_free(b);
-	return(ret);
-	}
diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c
deleted file mode 100644
index fe9aa13b9c..0000000000
--- a/crypto/asn1/a_enum.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/* crypto/asn1/a_enum.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/bn.h>
-
-/* 
- * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
- * for comments on encoding see a_int.c
- */
-
-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
-	{
-	int j,k;
-	unsigned int i;
-	unsigned char buf[sizeof(long)+1];
-	long d;
-
-	a->type=V_ASN1_ENUMERATED;
-	if (a->length < (int)(sizeof(long)+1))
-		{
-		if (a->data != NULL)
-			OPENSSL_free(a->data);
-		if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
-			memset((char *)a->data,0,sizeof(long)+1);
-		}
-	if (a->data == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	d=v;
-	if (d < 0)
-		{
-		d= -d;
-		a->type=V_ASN1_NEG_ENUMERATED;
-		}
-
-	for (i=0; i<sizeof(long); i++)
-		{
-		if (d == 0) break;
-		buf[i]=(int)d&0xff;
-		d>>=8;
-		}
-	j=0;
-	for (k=i-1; k >=0; k--)
-		a->data[j++]=buf[k];
-	a->length=j;
-	return(1);
-	}
-
-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
-	{
-	int neg=0,i;
-	long r=0;
-
-	if (a == NULL) return(0L);
-	i=a->type;
-	if (i == V_ASN1_NEG_ENUMERATED)
-		neg=1;
-	else if (i != V_ASN1_ENUMERATED)
-		return -1;
-	
-	if (a->length > (int)sizeof(long))
-		{
-		/* hmm... a bit ugly */
-		return(0xffffffffL);
-		}
-	if (a->data == NULL)
-		return 0;
-
-	for (i=0; i<a->length; i++)
-		{
-		r<<=8;
-		r|=(unsigned char)a->data[i];
-		}
-	if (neg) r= -r;
-	return(r);
-	}
-
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
-	{
-	ASN1_ENUMERATED *ret;
-	int len,j;
-
-	if (ai == NULL)
-		ret=M_ASN1_ENUMERATED_new();
-	else
-		ret=ai;
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
-		goto err;
-		}
-	if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
-	else ret->type=V_ASN1_ENUMERATED;
-	j=BN_num_bits(bn);
-	len=((j == 0)?0:((j/8)+1));
-	if (ret->length < len+4)
-		{
-		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
-		if (!new_data)
-			{
-			ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		ret->data=new_data;
-		}
-
-	ret->length=BN_bn2bin(bn,ret->data);
-	return(ret);
-err:
-	if (ret != ai) M_ASN1_ENUMERATED_free(ret);
-	return(NULL);
-	}
-
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
-	{
-	BIGNUM *ret;
-
-	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
-		ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
-	else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1);
-	return(ret);
-	}
diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
deleted file mode 100644
index c79c6f538c..0000000000
--- a/crypto/asn1/a_gentm.c
+++ /dev/null
@@ -1,263 +0,0 @@
-/* crypto/asn1/a_gentm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "o_time.h"
-#include <openssl/asn1.h>
-
-#if 0
-
-int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
-	{
-#ifdef CHARSET_EBCDIC
-	/* KLUDGE! We convert to ascii before writing DER */
-	int len;
-	char tmp[24];
-	ASN1_STRING tmpstr = *(ASN1_STRING *)a;
-
-	len = tmpstr.length;
-	ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
-	tmpstr.data = tmp;
-
-	a = (ASN1_GENERALIZEDTIME *) &tmpstr;
-#endif
-	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
-		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
-	}
-
-
-ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
-	     unsigned char **pp, long length)
-	{
-	ASN1_GENERALIZEDTIME *ret=NULL;
-
-	ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
-		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL);
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR);
-		return(NULL);
-		}
-#ifdef CHARSET_EBCDIC
-	ascii2ebcdic(ret->data, ret->data, ret->length);
-#endif
-	if (!ASN1_GENERALIZEDTIME_check(ret))
-		{
-		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT);
-		goto err;
-		}
-
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		M_ASN1_GENERALIZEDTIME_free(ret);
-	return(NULL);
-	}
-
-#endif
-
-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
-	{
-	static const int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
-	static const int max[9]={99, 99,12,31,23,59,59,12,59};
-	char *a;
-	int n,i,l,o;
-
-	if (d->type != V_ASN1_GENERALIZEDTIME) return(0);
-	l=d->length;
-	a=(char *)d->data;
-	o=0;
-	/* GENERALIZEDTIME is similar to UTCTIME except the year is
-         * represented as YYYY. This stuff treats everything as a two digit
-         * field so make first two fields 00 to 99
-         */
-	if (l < 13) goto err;
-	for (i=0; i<7; i++)
-		{
-		if ((i == 6) && ((a[o] == 'Z') ||
-			(a[o] == '+') || (a[o] == '-')))
-			{ i++; break; }
-		if ((a[o] < '0') || (a[o] > '9')) goto err;
-		n= a[o]-'0';
-		if (++o > l) goto err;
-
-		if ((a[o] < '0') || (a[o] > '9')) goto err;
-		n=(n*10)+ a[o]-'0';
-		if (++o > l) goto err;
-
-		if ((n < min[i]) || (n > max[i])) goto err;
-		}
-	/* Optional fractional seconds: decimal point followed by one
-	 * or more digits.
-	 */
-	if (a[o] == '.')
-		{
-		if (++o > l) goto err;
-		i = o;
-		while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
-			o++;
-		/* Must have at least one digit after decimal point */
-		if (i == o) goto err;
-		}
-
-	if (a[o] == 'Z')
-		o++;
-	else if ((a[o] == '+') || (a[o] == '-'))
-		{
-		o++;
-		if (o+4 > l) goto err;
-		for (i=7; i<9; i++)
-			{
-			if ((a[o] < '0') || (a[o] > '9')) goto err;
-			n= a[o]-'0';
-			o++;
-			if ((a[o] < '0') || (a[o] > '9')) goto err;
-			n=(n*10)+ a[o]-'0';
-			if ((n < min[i]) || (n > max[i])) goto err;
-			o++;
-			}
-		}
-	else
-		{
-		/* Missing time zone information. */
-		goto err;
-		}
-	return(o == l);
-err:
-	return(0);
-	}
-
-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
-	{
-	ASN1_GENERALIZEDTIME t;
-
-	t.type=V_ASN1_GENERALIZEDTIME;
-	t.length=strlen(str);
-	t.data=(unsigned char *)str;
-	if (ASN1_GENERALIZEDTIME_check(&t))
-		{
-		if (s != NULL)
-			{
-			if (!ASN1_STRING_set((ASN1_STRING *)s,
-				(unsigned char *)str,t.length))
-				return 0;
-			s->type=V_ASN1_GENERALIZEDTIME;
-			}
-		return(1);
-		}
-	else
-		return(0);
-	}
-
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
-	     time_t t)
-	{
-		return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
-	}
-
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
-	     time_t t, int offset_day, long offset_sec)
-	{
-	char *p;
-	struct tm *ts;
-	struct tm data;
-	size_t len = 20; 
-
-	if (s == NULL)
-		s=M_ASN1_GENERALIZEDTIME_new();
-	if (s == NULL)
-		return(NULL);
-
-	ts=OPENSSL_gmtime(&t, &data);
-	if (ts == NULL)
-		return(NULL);
-
-	if (offset_day || offset_sec)
-		{ 
-		if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-			return NULL;
-		}
-
-	p=(char *)s->data;
-	if ((p == NULL) || ((size_t)s->length < len))
-		{
-		p=OPENSSL_malloc(len);
-		if (p == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		if (s->data != NULL)
-			OPENSSL_free(s->data);
-		s->data=(unsigned char *)p;
-		}
-
-	BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
-		     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
-	s->length=strlen(p);
-	s->type=V_ASN1_GENERALIZEDTIME;
-#ifdef CHARSET_EBCDIC_not
-	ebcdic2ascii(s->data, s->data, s->length);
-#endif
-	return(s);
-	}
diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c
deleted file mode 100644
index a3ad76d356..0000000000
--- a/crypto/asn1/a_i2d_fp.c
+++ /dev/null
@@ -1,163 +0,0 @@
-/* crypto/asn1/a_i2d_fp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-#ifndef NO_OLD_ASN1
-
-#ifndef OPENSSL_NO_FP_API
-int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,out,BIO_NOCLOSE);
-        ret=ASN1_i2d_bio(i2d,b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
-	{
-	char *b;
-	unsigned char *p;
-	int i,j=0,n,ret=1;
-
-	n=i2d(x,NULL);
-	b=(char *)OPENSSL_malloc(n);
-	if (b == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-
-	p=(unsigned char *)b;
-	i2d(x,&p);
-	
-	for (;;)
-		{
-		i=BIO_write(out,&(b[j]),n);
-		if (i == n) break;
-		if (i <= 0)
-			{
-			ret=0;
-			break;
-			}
-		j+=i;
-		n-=i;
-		}
-	OPENSSL_free(b);
-	return(ret);
-	}
-
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,out,BIO_NOCLOSE);
-        ret=ASN1_item_i2d_bio(it,b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
-	{
-	unsigned char *b = NULL;
-	int i,j=0,n,ret=1;
-
-	n = ASN1_item_i2d(x, &b, it);
-	if (b == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-
-	for (;;)
-		{
-		i=BIO_write(out,&(b[j]),n);
-		if (i == n) break;
-		if (i <= 0)
-			{
-			ret=0;
-			break;
-			}
-		j+=i;
-		n-=i;
-		}
-	OPENSSL_free(b);
-	return(ret);
-	}
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
deleted file mode 100644
index 297c45a9ff..0000000000
--- a/crypto/asn1/a_int.c
+++ /dev/null
@@ -1,458 +0,0 @@
-/* crypto/asn1/a_int.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/bn.h>
-
-ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
-{ return M_ASN1_INTEGER_dup(x);}
-
-int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
-	{ 
-	int neg, ret;
-	/* Compare signs */
-	neg = x->type & V_ASN1_NEG;
-	if (neg != (y->type & V_ASN1_NEG))
-		{
-		if (neg)
-			return -1;
-		else
-			return 1;
-		}
-
-	ret = ASN1_STRING_cmp(x, y);
-
-	if (neg)
-		return -ret;
-	else
-		return ret;
-	}
-	
-
-/* 
- * This converts an ASN1 INTEGER into its content encoding.
- * The internal representation is an ASN1_STRING whose data is a big endian
- * representation of the value, ignoring the sign. The sign is determined by
- * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. 
- *
- * Positive integers are no problem: they are almost the same as the DER
- * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
- *
- * Negative integers are a bit trickier...
- * The DER representation of negative integers is in 2s complement form.
- * The internal form is converted by complementing each octet and finally 
- * adding one to the result. This can be done less messily with a little trick.
- * If the internal form has trailing zeroes then they will become FF by the
- * complement and 0 by the add one (due to carry) so just copy as many trailing 
- * zeros to the destination as there are in the source. The carry will add one
- * to the last none zero octet: so complement this octet and add one and finally
- * complement any left over until you get to the start of the string.
- *
- * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
- * with 0xff. However if the first byte is 0x80 and one of the following bytes
- * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
- * followed by optional zeros isn't padded.
- */
-
-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
-	{
-	int pad=0,ret,i,neg;
-	unsigned char *p,*n,pb=0;
-
-	if (a == NULL) return(0);
-	neg=a->type & V_ASN1_NEG;
-	if (a->length == 0)
-		ret=1;
-	else
-		{
-		ret=a->length;
-		i=a->data[0];
-		if (!neg && (i > 127)) {
-			pad=1;
-			pb=0;
-		} else if(neg) {
-			if(i>128) {
-				pad=1;
-				pb=0xFF;
-			} else if(i == 128) {
-			/*
-			 * Special case: if any other bytes non zero we pad:
-			 * otherwise we don't.
-			 */
-				for(i = 1; i < a->length; i++) if(a->data[i]) {
-						pad=1;
-						pb=0xFF;
-						break;
-				}
-			}
-		}
-		ret+=pad;
-		}
-	if (pp == NULL) return(ret);
-	p= *pp;
-
-	if (pad) *(p++)=pb;
-	if (a->length == 0) *(p++)=0;
-	else if (!neg) memcpy(p,a->data,(unsigned int)a->length);
-	else {
-		/* Begin at the end of the encoding */
-		n=a->data + a->length - 1;
-		p += a->length - 1;
-		i = a->length;
-		/* Copy zeros to destination as long as source is zero */
-		while(!*n) {
-			*(p--) = 0;
-			n--;
-			i--;
-		}
-		/* Complement and increment next octet */
-		*(p--) = ((*(n--)) ^ 0xff) + 1;
-		i--;
-		/* Complement any octets left */
-		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
-	}
-
-	*pp+=ret;
-	return(ret);
-	}
-
-/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
-
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
-	     long len)
-	{
-	ASN1_INTEGER *ret=NULL;
-	const unsigned char *p, *pend;
-	unsigned char *to,*s;
-	int i;
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
-		ret->type=V_ASN1_INTEGER;
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
-	pend = p + len;
-
-	/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
-	 * signifies a missing NULL parameter. */
-	s=(unsigned char *)OPENSSL_malloc((int)len+1);
-	if (s == NULL)
-		{
-		i=ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-	to=s;
-	if(!len) {
-		/* Strictly speaking this is an illegal INTEGER but we
-		 * tolerate it.
-		 */
-		ret->type=V_ASN1_INTEGER;
-	} else if (*p & 0x80) /* a negative number */
-		{
-		ret->type=V_ASN1_NEG_INTEGER;
-		if ((*p == 0xff) && (len != 1)) {
-			p++;
-			len--;
-		}
-		i = len;
-		p += i - 1;
-		to += i - 1;
-		while((!*p) && i) {
-			*(to--) = 0;
-			i--;
-			p--;
-		}
-		/* Special case: if all zeros then the number will be of
-		 * the form FF followed by n zero bytes: this corresponds to
-		 * 1 followed by n zero bytes. We've already written n zeros
-		 * so we just append an extra one and set the first byte to
-		 * a 1. This is treated separately because it is the only case
-		 * where the number of bytes is larger than len.
-		 */
-		if(!i) {
-			*s = 1;
-			s[len] = 0;
-			len++;
-		} else {
-			*(to--) = (*(p--) ^ 0xff) + 1;
-			i--;
-			for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
-		}
-	} else {
-		ret->type=V_ASN1_INTEGER;
-		if ((*p == 0) && (len != 1))
-			{
-			p++;
-			len--;
-			}
-		memcpy(s,p,(int)len);
-	}
-
-	if (ret->data != NULL) OPENSSL_free(ret->data);
-	ret->data=s;
-	ret->length=(int)len;
-	if (a != NULL) (*a)=ret;
-	*pp=pend;
-	return(ret);
-err:
-	ASN1err(ASN1_F_C2I_ASN1_INTEGER,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		M_ASN1_INTEGER_free(ret);
-	return(NULL);
-	}
-
-
-/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
- * ASN1 integers: some broken software can encode a positive INTEGER
- * with its MSB set as negative (it doesn't add a padding zero).
- */
-
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
-	     long length)
-	{
-	ASN1_INTEGER *ret=NULL;
-	const unsigned char *p;
-	unsigned char *s;
-	long len;
-	int inf,tag,xclass;
-	int i;
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
-		ret->type=V_ASN1_INTEGER;
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_INTEGER)
-		{
-		i=ASN1_R_EXPECTING_AN_INTEGER;
-		goto err;
-		}
-
-	/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
-	 * signifies a missing NULL parameter. */
-	s=(unsigned char *)OPENSSL_malloc((int)len+1);
-	if (s == NULL)
-		{
-		i=ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-	ret->type=V_ASN1_INTEGER;
-	if(len) {
-		if ((*p == 0) && (len != 1))
-			{
-			p++;
-			len--;
-			}
-		memcpy(s,p,(int)len);
-		p+=len;
-	}
-
-	if (ret->data != NULL) OPENSSL_free(ret->data);
-	ret->data=s;
-	ret->length=(int)len;
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		M_ASN1_INTEGER_free(ret);
-	return(NULL);
-	}
-
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
-	{
-	int j,k;
-	unsigned int i;
-	unsigned char buf[sizeof(long)+1];
-	long d;
-
-	a->type=V_ASN1_INTEGER;
-	if (a->length < (int)(sizeof(long)+1))
-		{
-		if (a->data != NULL)
-			OPENSSL_free(a->data);
-		if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
-			memset((char *)a->data,0,sizeof(long)+1);
-		}
-	if (a->data == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	d=v;
-	if (d < 0)
-		{
-		d= -d;
-		a->type=V_ASN1_NEG_INTEGER;
-		}
-
-	for (i=0; i<sizeof(long); i++)
-		{
-		if (d == 0) break;
-		buf[i]=(int)d&0xff;
-		d>>=8;
-		}
-	j=0;
-	for (k=i-1; k >=0; k--)
-		a->data[j++]=buf[k];
-	a->length=j;
-	return(1);
-	}
-
-long ASN1_INTEGER_get(const ASN1_INTEGER *a)
-	{
-	int neg=0,i;
-	long r=0;
-
-	if (a == NULL) return(0L);
-	i=a->type;
-	if (i == V_ASN1_NEG_INTEGER)
-		neg=1;
-	else if (i != V_ASN1_INTEGER)
-		return -1;
-	
-	if (a->length > (int)sizeof(long))
-		{
-		/* hmm... a bit ugly, return all ones */
-		return -1;
-		}
-	if (a->data == NULL)
-		return 0;
-
-	for (i=0; i<a->length; i++)
-		{
-		r<<=8;
-		r|=(unsigned char)a->data[i];
-		}
-	if (neg) r= -r;
-	return(r);
-	}
-
-ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
-	{
-	ASN1_INTEGER *ret;
-	int len,j;
-
-	if (ai == NULL)
-		ret=M_ASN1_INTEGER_new();
-	else
-		ret=ai;
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
-		goto err;
-		}
-	if (BN_is_negative(bn))
-		ret->type = V_ASN1_NEG_INTEGER;
-	else ret->type=V_ASN1_INTEGER;
-	j=BN_num_bits(bn);
-	len=((j == 0)?0:((j/8)+1));
-	if (ret->length < len+4)
-		{
-		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
-		if (!new_data)
-			{
-			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		ret->data=new_data;
-		}
-	ret->length=BN_bn2bin(bn,ret->data);
-	/* Correct zero case */
-	if(!ret->length)
-		{
-		ret->data[0] = 0;
-		ret->length = 1;
-		}
-	return(ret);
-err:
-	if (ret != ai) M_ASN1_INTEGER_free(ret);
-	return(NULL);
-	}
-
-BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
-	{
-	BIGNUM *ret;
-
-	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
-		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
-	else if(ai->type == V_ASN1_NEG_INTEGER)
-		BN_set_negative(ret, 1);
-	return(ret);
-	}
-
-IMPLEMENT_STACK_OF(ASN1_INTEGER)
-IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c
deleted file mode 100644
index 1538e0a4fc..0000000000
--- a/crypto/asn1/a_mbstr.c
+++ /dev/null
@@ -1,400 +0,0 @@
-/* a_mbstr.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-static int traverse_string(const unsigned char *p, int len, int inform,
-		 int (*rfunc)(unsigned long value, void *in), void *arg);
-static int in_utf8(unsigned long value, void *arg);
-static int out_utf8(unsigned long value, void *arg);
-static int type_str(unsigned long value, void *arg);
-static int cpy_asc(unsigned long value, void *arg);
-static int cpy_bmp(unsigned long value, void *arg);
-static int cpy_univ(unsigned long value, void *arg);
-static int cpy_utf8(unsigned long value, void *arg);
-static int is_printable(unsigned long value);
-
-/* These functions take a string in UTF8, ASCII or multibyte form and
- * a mask of permissible ASN1 string types. It then works out the minimal
- * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8)
- * and creates a string of the correct type with the supplied data.
- * Yes this is horrible: it has to be :-(
- * The 'ncopy' form checks minimum and maximum size limits too.
- */
-
-int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
-					int inform, unsigned long mask)
-{
-	return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
-}
-
-int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
-					int inform, unsigned long mask, 
-					long minsize, long maxsize)
-{
-	int str_type;
-	int ret;
-	char free_out;
-	int outform, outlen = 0;
-	ASN1_STRING *dest;
-	unsigned char *p;
-	int nchar;
-	char strbuf[32];
-	int (*cpyfunc)(unsigned long,void *) = NULL;
-	if(len == -1) len = strlen((const char *)in);
-	if(!mask) mask = DIRSTRING_TYPE;
-
-	/* First do a string check and work out the number of characters */
-	switch(inform) {
-
-		case MBSTRING_BMP:
-		if(len & 1) {
-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-					 ASN1_R_INVALID_BMPSTRING_LENGTH);
-			return -1;
-		}
-		nchar = len >> 1;
-		break;
-
-		case MBSTRING_UNIV:
-		if(len & 3) {
-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-					 ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
-			return -1;
-		}
-		nchar = len >> 2;
-		break;
-
-		case MBSTRING_UTF8:
-		nchar = 0;
-		/* This counts the characters and does utf8 syntax checking */
-		ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
-		if(ret < 0) {
-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-						 ASN1_R_INVALID_UTF8STRING);
-			return -1;
-		}
-		break;
-
-		case MBSTRING_ASC:
-		nchar = len;
-		break;
-
-		default:
-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
-		return -1;
-	}
-
-	if((minsize > 0) && (nchar < minsize)) {
-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
-		BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
-		ERR_add_error_data(2, "minsize=", strbuf);
-		return -1;
-	}
-
-	if((maxsize > 0) && (nchar > maxsize)) {
-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
-		BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
-		ERR_add_error_data(2, "maxsize=", strbuf);
-		return -1;
-	}
-
-	/* Now work out minimal type (if any) */
-	if(traverse_string(in, len, inform, type_str, &mask) < 0) {
-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
-		return -1;
-	}
-
-
-	/* Now work out output format and string type */
-	outform = MBSTRING_ASC;
-	if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING;
-	else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING;
-	else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING;
-	else if(mask & B_ASN1_BMPSTRING) {
-		str_type = V_ASN1_BMPSTRING;
-		outform = MBSTRING_BMP;
-	} else if(mask & B_ASN1_UNIVERSALSTRING) {
-		str_type = V_ASN1_UNIVERSALSTRING;
-		outform = MBSTRING_UNIV;
-	} else {
-		str_type = V_ASN1_UTF8STRING;
-		outform = MBSTRING_UTF8;
-	}
-	if(!out) return str_type;
-	if(*out) {
-		free_out = 0;
-		dest = *out;
-		if(dest->data) {
-			dest->length = 0;
-			OPENSSL_free(dest->data);
-			dest->data = NULL;
-		}
-		dest->type = str_type;
-	} else {
-		free_out = 1;
-		dest = ASN1_STRING_type_new(str_type);
-		if(!dest) {
-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-							ERR_R_MALLOC_FAILURE);
-			return -1;
-		}
-		*out = dest;
-	}
-	/* If both the same type just copy across */
-	if(inform == outform) {
-		if(!ASN1_STRING_set(dest, in, len)) {
-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
-			return -1;
-		}
-		return str_type;
-	} 
-
-	/* Work out how much space the destination will need */
-	switch(outform) {
-		case MBSTRING_ASC:
-		outlen = nchar;
-		cpyfunc = cpy_asc;
-		break;
-
-		case MBSTRING_BMP:
-		outlen = nchar << 1;
-		cpyfunc = cpy_bmp;
-		break;
-
-		case MBSTRING_UNIV:
-		outlen = nchar << 2;
-		cpyfunc = cpy_univ;
-		break;
-
-		case MBSTRING_UTF8:
-		outlen = 0;
-		traverse_string(in, len, inform, out_utf8, &outlen);
-		cpyfunc = cpy_utf8;
-		break;
-	}
-	if(!(p = OPENSSL_malloc(outlen + 1))) {
-		if(free_out) ASN1_STRING_free(dest);
-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
-		return -1;
-	}
-	dest->length = outlen;
-	dest->data = p;
-	p[outlen] = 0;
-	traverse_string(in, len, inform, cpyfunc, &p);
-	return str_type;	
-}
-
-/* This function traverses a string and passes the value of each character
- * to an optional function along with a void * argument.
- */
-
-static int traverse_string(const unsigned char *p, int len, int inform,
-		 int (*rfunc)(unsigned long value, void *in), void *arg)
-{
-	unsigned long value;
-	int ret;
-	while(len) {
-		if(inform == MBSTRING_ASC) {
-			value = *p++;
-			len--;
-		} else if(inform == MBSTRING_BMP) {
-			value = *p++ << 8;
-			value |= *p++;
-			len -= 2;
-		} else if(inform == MBSTRING_UNIV) {
-			value = ((unsigned long)*p++) << 24;
-			value |= ((unsigned long)*p++) << 16;
-			value |= *p++ << 8;
-			value |= *p++;
-			len -= 4;
-		} else {
-			ret = UTF8_getc(p, len, &value);
-			if(ret < 0) return -1;
-			len -= ret;
-			p += ret;
-		}
-		if(rfunc) {
-			ret = rfunc(value, arg);
-			if(ret <= 0) return ret;
-		}
-	}
-	return 1;
-}
-
-/* Various utility functions for traverse_string */
-
-/* Just count number of characters */
-
-static int in_utf8(unsigned long value, void *arg)
-{
-	int *nchar;
-	nchar = arg;
-	(*nchar)++;
-	return 1;
-}
-
-/* Determine size of output as a UTF8 String */
-
-static int out_utf8(unsigned long value, void *arg)
-{
-	int *outlen;
-	outlen = arg;
-	*outlen += UTF8_putc(NULL, -1, value);
-	return 1;
-}
-
-/* Determine the "type" of a string: check each character against a
- * supplied "mask".
- */
-
-static int type_str(unsigned long value, void *arg)
-{
-	unsigned long types;
-	types = *((unsigned long *)arg);
-	if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
-					types &= ~B_ASN1_PRINTABLESTRING;
-	if((types & B_ASN1_IA5STRING) && (value > 127))
-					types &= ~B_ASN1_IA5STRING;
-	if((types & B_ASN1_T61STRING) && (value > 0xff))
-					types &= ~B_ASN1_T61STRING;
-	if((types & B_ASN1_BMPSTRING) && (value > 0xffff))
-					types &= ~B_ASN1_BMPSTRING;
-	if(!types) return -1;
-	*((unsigned long *)arg) = types;
-	return 1;
-}
-
-/* Copy one byte per character ASCII like strings */
-
-static int cpy_asc(unsigned long value, void *arg)
-{
-	unsigned char **p, *q;
-	p = arg;
-	q = *p;
-	*q = (unsigned char) value;
-	(*p)++;
-	return 1;
-}
-
-/* Copy two byte per character BMPStrings */
-
-static int cpy_bmp(unsigned long value, void *arg)
-{
-	unsigned char **p, *q;
-	p = arg;
-	q = *p;
-	*q++ = (unsigned char) ((value >> 8) & 0xff);
-	*q = (unsigned char) (value & 0xff);
-	*p += 2;
-	return 1;
-}
-
-/* Copy four byte per character UniversalStrings */
-
-static int cpy_univ(unsigned long value, void *arg)
-{
-	unsigned char **p, *q;
-	p = arg;
-	q = *p;
-	*q++ = (unsigned char) ((value >> 24) & 0xff);
-	*q++ = (unsigned char) ((value >> 16) & 0xff);
-	*q++ = (unsigned char) ((value >> 8) & 0xff);
-	*q = (unsigned char) (value & 0xff);
-	*p += 4;
-	return 1;
-}
-
-/* Copy to a UTF8String */
-
-static int cpy_utf8(unsigned long value, void *arg)
-{
-	unsigned char **p;
-	int ret;
-	p = arg;
-	/* We already know there is enough room so pass 0xff as the length */
-	ret = UTF8_putc(*p, 0xff, value);
-	*p += ret;
-	return 1;
-}
-
-/* Return 1 if the character is permitted in a PrintableString */
-static int is_printable(unsigned long value)
-{
-	int ch;
-	if(value > 0x7f) return 0;
-	ch = (int) value;
-	/* Note: we can't use 'isalnum' because certain accented 
-	 * characters may count as alphanumeric in some environments.
-	 */
-#ifndef CHARSET_EBCDIC
-	if((ch >= 'a') && (ch <= 'z')) return 1;
-	if((ch >= 'A') && (ch <= 'Z')) return 1;
-	if((ch >= '0') && (ch <= '9')) return 1;
-	if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
-#else /*CHARSET_EBCDIC*/
-	if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;
-	if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;
-	if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;
-	if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;
-#endif /*CHARSET_EBCDIC*/
-	return 0;
-}
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
deleted file mode 100644
index 77b2768967..0000000000
--- a/crypto/asn1/a_object.c
+++ /dev/null
@@ -1,415 +0,0 @@
-/* crypto/asn1/a_object.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/bn.h>
-
-int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
-	{
-	unsigned char *p;
-	int objsize;
-
-	if ((a == NULL) || (a->data == NULL)) return(0);
-
-	objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);
-	if (pp == NULL) return objsize;
-
-	p= *pp;
-	ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
-	memcpy(p,a->data,a->length);
-	p+=a->length;
-
-	*pp=p;
-	return(objsize);
-	}
-
-int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
-	{
-	int i,first,len=0,c, use_bn;
-	char ftmp[24], *tmp = ftmp;
-	int tmpsize = sizeof ftmp;
-	const char *p;
-	unsigned long l;
-	BIGNUM *bl = NULL;
-
-	if (num == 0)
-		return(0);
-	else if (num == -1)
-		num=strlen(buf);
-
-	p=buf;
-	c= *(p++);
-	num--;
-	if ((c >= '0') && (c <= '2'))
-		{
-		first= c-'0';
-		}
-	else
-		{
-		ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);
-		goto err;
-		}
-
-	if (num <= 0)
-		{
-		ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER);
-		goto err;
-		}
-	c= *(p++);
-	num--;
-	for (;;)
-		{
-		if (num <= 0) break;
-		if ((c != '.') && (c != ' '))
-			{
-			ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR);
-			goto err;
-			}
-		l=0;
-		use_bn = 0;
-		for (;;)
-			{
-			if (num <= 0) break;
-			num--;
-			c= *(p++);
-			if ((c == ' ') || (c == '.'))
-				break;
-			if ((c < '0') || (c > '9'))
-				{
-				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
-				goto err;
-				}
-			if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
-				{
-				use_bn = 1;
-				if (!bl)
-					bl = BN_new();
-				if (!bl || !BN_set_word(bl, l))
-					goto err;
-				}
-			if (use_bn)
-				{
-				if (!BN_mul_word(bl, 10L)
-					|| !BN_add_word(bl, c-'0'))
-					goto err;
-				}
-			else
-				l=l*10L+(long)(c-'0');
-			}
-		if (len == 0)
-			{
-			if ((first < 2) && (l >= 40))
-				{
-				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
-				goto err;
-				}
-			if (use_bn)
-				{
-				if (!BN_add_word(bl, first * 40))
-					goto err;
-				}
-			else
-				l+=(long)first*40;
-			}
-		i=0;
-		if (use_bn)
-			{
-			int blsize;
-			blsize = BN_num_bits(bl);
-			blsize = (blsize + 6)/7;
-			if (blsize > tmpsize)
-				{
-				if (tmp != ftmp)
-					OPENSSL_free(tmp);
-				tmpsize = blsize + 32;
-				tmp = OPENSSL_malloc(tmpsize);
-				if (!tmp)
-					goto err;
-				}
-			while(blsize--)
-				tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
-			}
-		else
-			{
-					
-			for (;;)
-				{
-				tmp[i++]=(unsigned char)l&0x7f;
-				l>>=7L;
-				if (l == 0L) break;
-				}
-
-			}
-		if (out != NULL)
-			{
-			if (len+i > olen)
-				{
-				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL);
-				goto err;
-				}
-			while (--i > 0)
-				out[len++]=tmp[i]|0x80;
-			out[len++]=tmp[0];
-			}
-		else
-			len+=i;
-		}
-	if (tmp != ftmp)
-		OPENSSL_free(tmp);
-	if (bl)
-		BN_free(bl);
-	return(len);
-err:
-	if (tmp != ftmp)
-		OPENSSL_free(tmp);
-	if (bl)
-		BN_free(bl);
-	return(0);
-	}
-
-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
-{
-	return OBJ_obj2txt(buf, buf_len, a, 0);
-}
-
-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
-	{
-	char buf[80], *p = buf;
-	int i;
-
-	if ((a == NULL) || (a->data == NULL))
-		return(BIO_write(bp,"NULL",4));
-	i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
-	if (i > (int)(sizeof(buf) - 1))
-		{
-		p = OPENSSL_malloc(i + 1);
-		if (!p)
-			return -1;
-		i2t_ASN1_OBJECT(p,i + 1,a);
-		}
-	if (i <= 0)
-		return BIO_write(bp, "<INVALID>", 9);
-	BIO_write(bp,p,i);
-	if (p != buf)
-		OPENSSL_free(p);
-	return(i);
-	}
-
-ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
-	     long length)
-{
-	const unsigned char *p;
-	long len;
-	int tag,xclass;
-	int inf,i;
-	ASN1_OBJECT *ret = NULL;
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_OBJECT)
-		{
-		i=ASN1_R_EXPECTING_AN_OBJECT;
-		goto err;
-		}
-	ret = c2i_ASN1_OBJECT(a, &p, len);
-	if(ret) *pp = p;
-	return ret;
-err:
-	ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
-	return(NULL);
-}
-
-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
-	     long len)
-	{
-	ASN1_OBJECT *ret=NULL;
-	const unsigned char *p;
-	unsigned char *data;
-	int i, length;
-
-	/* Sanity check OID encoding.
-	 * Need at least one content octet.
-	 * MSB must be clear in the last octet.
-	 * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
-	 */
-	if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
-	    p[len - 1] & 0x80)
-		{
-		ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
-		return NULL;
-		}
-	/* Now 0 < len <= INT_MAX, so the cast is safe. */
-	length = (int)len;
-	for (i = 0; i < length; i++, p++)
-		{
-		if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
-			{
-			ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
-			return NULL;
-			}
-		}
-
-	/* only the ASN1_OBJECTs from the 'table' will have values
-	 * for ->sn or ->ln */
-	if ((a == NULL) || ((*a) == NULL) ||
-		!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-		{
-		if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
-		}
-	else	ret=(*a);
-
-	p= *pp;
-	/* detach data from object */
-	data = (unsigned char *)ret->data;
-	ret->data = NULL;
-	/* once detached we can change it */
-	if ((data == NULL) || (ret->length < length))
-		{
-		ret->length=0;
-		if (data != NULL) OPENSSL_free(data);
-		data=(unsigned char *)OPENSSL_malloc(length);
-		if (data == NULL)
-			{ i=ERR_R_MALLOC_FAILURE; goto err; }
-		ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-		}
-	memcpy(data,p,length);
-	/* reattach data to object, after which it remains const */
-	ret->data  =data;
-	ret->length=length;
-	ret->sn=NULL;
-	ret->ln=NULL;
-	/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
-	p+=length;
-
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	ASN1err(ASN1_F_C2I_ASN1_OBJECT,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		ASN1_OBJECT_free(ret);
-	return(NULL);
-	}
-
-ASN1_OBJECT *ASN1_OBJECT_new(void)
-	{
-	ASN1_OBJECT *ret;
-
-	ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->length=0;
-	ret->data=NULL;
-	ret->nid=0;
-	ret->sn=NULL;
-	ret->ln=NULL;
-	ret->flags=ASN1_OBJECT_FLAG_DYNAMIC;
-	return(ret);
-	}
-
-void ASN1_OBJECT_free(ASN1_OBJECT *a)
-	{
-	if (a == NULL) return;
-	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
-		{
-#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
-		if (a->sn != NULL) OPENSSL_free((void *)a->sn);
-		if (a->ln != NULL) OPENSSL_free((void *)a->ln);
-#endif
-		a->sn=a->ln=NULL;
-		}
-	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
-		{
-		if (a->data != NULL) OPENSSL_free((void *)a->data);
-		a->data=NULL;
-		a->length=0;
-		}
-	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
-		OPENSSL_free(a);
-	}
-
-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
-	     const char *sn, const char *ln)
-	{
-	ASN1_OBJECT o;
-
-	o.sn=sn;
-	o.ln=ln;
-	o.data=data;
-	o.nid=nid;
-	o.length=len;
-	o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
-		ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-	return(OBJ_dup(&o));
-	}
-
-IMPLEMENT_STACK_OF(ASN1_OBJECT)
-IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c
deleted file mode 100644
index e8725e44f1..0000000000
--- a/crypto/asn1/a_octet.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/* crypto/asn1/a_octet.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
-{ return M_ASN1_OCTET_STRING_dup(x); }
-
-int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b)
-{ return M_ASN1_OCTET_STRING_cmp(a, b); }
-
-int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)
-{ return M_ASN1_OCTET_STRING_set(x, d, len); }
-
diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c
deleted file mode 100644
index d18e772320..0000000000
--- a/crypto/asn1/a_print.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* crypto/asn1/a_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-int ASN1_PRINTABLE_type(const unsigned char *s, int len)
-	{
-	int c;
-	int ia5=0;
-	int t61=0;
-
-	if (len <= 0) len= -1;
-	if (s == NULL) return(V_ASN1_PRINTABLESTRING);
-
-	while ((*s) && (len-- != 0))
-		{
-		c= *(s++);
-#ifndef CHARSET_EBCDIC
-		if (!(	((c >= 'a') && (c <= 'z')) ||
-			((c >= 'A') && (c <= 'Z')) ||
-			(c == ' ') ||
-			((c >= '0') && (c <= '9')) ||
-			(c == ' ') || (c == '\'') ||
-			(c == '(') || (c == ')') ||
-			(c == '+') || (c == ',') ||
-			(c == '-') || (c == '.') ||
-			(c == '/') || (c == ':') ||
-			(c == '=') || (c == '?')))
-			ia5=1;
-		if (c&0x80)
-			t61=1;
-#else
-		if (!isalnum(c) && (c != ' ') &&
-		    strchr("'()+,-./:=?", c) == NULL)
-			ia5=1;
-		if (os_toascii[c] & 0x80)
-			t61=1;
-#endif
-		}
-	if (t61) return(V_ASN1_T61STRING);
-	if (ia5) return(V_ASN1_IA5STRING);
-	return(V_ASN1_PRINTABLESTRING);
-	}
-
-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
-	{
-	int i;
-	unsigned char *p;
-
-	if (s->type != V_ASN1_UNIVERSALSTRING) return(0);
-	if ((s->length%4) != 0) return(0);
-	p=s->data;
-	for (i=0; i<s->length; i+=4)
-		{
-		if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
-			break;
-		else
-			p+=4;
-		}
-	if (i < s->length) return(0);
-	p=s->data;
-	for (i=3; i<s->length; i+=4)
-		{
-		*(p++)=s->data[i];
-		}
-	*(p)='\0';
-	s->length/=4;
-	s->type=ASN1_PRINTABLE_type(s->data,s->length);
-	return(1);
-	}
diff --git a/crypto/asn1/a_set.c b/crypto/asn1/a_set.c
deleted file mode 100644
index d726c8d3a8..0000000000
--- a/crypto/asn1/a_set.c
+++ /dev/null
@@ -1,241 +0,0 @@
-/* crypto/asn1/a_set.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-
-#ifndef NO_ASN1_OLD
-
-typedef struct
-    {
-    unsigned char *pbData;
-    int cbData;
-    } MYBLOB;
-
-/* SetBlobCmp
- * This function compares two elements of SET_OF block
- */
-static int SetBlobCmp(const void *elem1, const void *elem2 )
-    {
-    const MYBLOB *b1 = (const MYBLOB *)elem1;
-    const MYBLOB *b2 = (const MYBLOB *)elem2;
-    int r;
-
-    r = memcmp(b1->pbData, b2->pbData,
-	       b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
-    if(r != 0)
-	return r;
-    return b1->cbData-b2->cbData;
-    }
-
-/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
-int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
-		 i2d_of_void *i2d, int ex_tag, int ex_class,
-		 int is_set)
-	{
-	int ret=0,r;
-	int i;
-	unsigned char *p;
-        unsigned char *pStart, *pTempMem;
-        MYBLOB *rgSetBlob;
-        int totSize;
-
-	if (a == NULL) return(0);
-	for (i=sk_OPENSSL_BLOCK_num(a)-1; i>=0; i--)
-		ret+=i2d(sk_OPENSSL_BLOCK_value(a,i),NULL);
-	r=ASN1_object_size(1,ret,ex_tag);
-	if (pp == NULL) return(r);
-
-	p= *pp;
-	ASN1_put_object(&p,1,ret,ex_tag,ex_class);
-
-/* Modified by gp@nsj.co.jp */
-	/* And then again by Ben */
-	/* And again by Steve */
-
-	if(!is_set || (sk_OPENSSL_BLOCK_num(a) < 2))
-		{
-		for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
-                	i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
-
-		*pp=p;
-		return(r);
-		}
-
-        pStart  = p; /* Catch the beg of Setblobs*/
-		/* In this array we will store the SET blobs */
-		rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
-		if (rgSetBlob == NULL)
-			{
-			ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-
-        for (i=0; i<sk_OPENSSL_BLOCK_num(a); i++)
-	        {
-                rgSetBlob[i].pbData = p;  /* catch each set encode blob */
-                i2d(sk_OPENSSL_BLOCK_value(a,i),&p);
-                rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
-SetBlob
-*/
-		}
-        *pp=p;
-        totSize = p - pStart; /* This is the total size of all set blobs */
-
- /* Now we have to sort the blobs. I am using a simple algo.
-    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
-        qsort( rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp);
-		if (!(pTempMem = OPENSSL_malloc(totSize)))
-			{
-			ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-
-/* Copy to temp mem */
-        p = pTempMem;
-        for(i=0; i<sk_OPENSSL_BLOCK_num(a); ++i)
-		{
-                memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
-                p += rgSetBlob[i].cbData;
-		}
-
-/* Copy back to user mem*/
-        memcpy(pStart, pTempMem, totSize);
-        OPENSSL_free(pTempMem);
-        OPENSSL_free(rgSetBlob);
-
-        return(r);
-        }
-
-STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
-			      const unsigned char **pp,
-			      long length, d2i_of_void *d2i,
-			      void (*free_func)(OPENSSL_BLOCK), int ex_tag,
-			      int ex_class)
-	{
-	ASN1_const_CTX c;
-	STACK_OF(OPENSSL_BLOCK) *ret=NULL;
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=sk_OPENSSL_BLOCK_new_null()) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	else
-		ret=(*a);
-
-	c.p= *pp;
-	c.max=(length == 0)?0:(c.p+length);
-
-	c.inf=ASN1_get_object(&c.p,&c.slen,&c.tag,&c.xclass,c.max-c.p);
-	if (c.inf & 0x80) goto err;
-	if (ex_class != c.xclass)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_CLASS);
-		goto err;
-		}
-	if (ex_tag != c.tag)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_TAG);
-		goto err;
-		}
-	if ((c.slen+c.p) > c.max)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR);
-		goto err;
-		}
-	/* check for infinite constructed - it can be as long
-	 * as the amount of data passed to us */
-	if (c.inf == (V_ASN1_CONSTRUCTED+1))
-		c.slen=length+ *pp-c.p;
-	c.max=c.p+c.slen;
-
-	while (c.p < c.max)
-		{
-		char *s;
-
-		if (M_ASN1_D2I_end_sequence()) break;
-		/* XXX: This was called with 4 arguments, incorrectly, it seems
-		   if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */
-		if ((s=d2i(NULL,&c.p,c.slen)) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
-			asn1_add_error(*pp,(int)(c.p- *pp));
-			goto err;
-			}
-		if (!sk_OPENSSL_BLOCK_push(ret,s)) goto err;
-		}
-	if (a != NULL) (*a)=ret;
-	*pp=c.p;
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		{
-		if (free_func != NULL)
-			sk_OPENSSL_BLOCK_pop_free(ret,free_func);
-		else
-			sk_OPENSSL_BLOCK_free(ret);
-		}
-	return(NULL);
-	}
-
-#endif
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
deleted file mode 100644
index 7b4a193d6b..0000000000
--- a/crypto/asn1/a_sign.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/* crypto/asn1/a_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include "asn1_locl.h"
-
-#ifndef NO_ASN1_OLD
-
-int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
-	      ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
-	      const EVP_MD *type)
-	{
-	EVP_MD_CTX ctx;
-	unsigned char *p,*buf_in=NULL,*buf_out=NULL;
-	int i,inl=0,outl=0,outll=0;
-	X509_ALGOR *a;
-
-	EVP_MD_CTX_init(&ctx);
-	for (i=0; i<2; i++)
-		{
-		if (i == 0)
-			a=algor1;
-		else
-			a=algor2;
-		if (a == NULL) continue;
-                if (type->pkey_type == NID_dsaWithSHA1)
-			{
-			/* special case: RFC 2459 tells us to omit 'parameters'
-			 * with id-dsa-with-sha1 */
-			ASN1_TYPE_free(a->parameter);
-			a->parameter = NULL;
-			}
-		else if ((a->parameter == NULL) || 
-			(a->parameter->type != V_ASN1_NULL))
-			{
-			ASN1_TYPE_free(a->parameter);
-			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
-			a->parameter->type=V_ASN1_NULL;
-			}
-		ASN1_OBJECT_free(a->algorithm);
-		a->algorithm=OBJ_nid2obj(type->pkey_type);
-		if (a->algorithm == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
-			goto err;
-			}
-		if (a->algorithm->length == 0)
-			{
-			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-			goto err;
-			}
-		}
-	inl=i2d(data,NULL);
-	buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
-	outll=outl=EVP_PKEY_size(pkey);
-	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
-	if ((buf_in == NULL) || (buf_out == NULL))
-		{
-		outl=0;
-		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	p=buf_in;
-
-	i2d(data,&p);
-	if (!EVP_SignInit_ex(&ctx,type, NULL)
-		|| !EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl)
-		|| !EVP_SignFinal(&ctx,(unsigned char *)buf_out,
-			(unsigned int *)&outl,pkey))
-		{
-		outl=0;
-		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
-		goto err;
-		}
-	if (signature->data != NULL) OPENSSL_free(signature->data);
-	signature->data=buf_out;
-	buf_out=NULL;
-	signature->length=outl;
-	/* In the interests of compatibility, I'll make sure that
-	 * the bit string has a 'not-used bits' value of 0
-	 */
-	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-err:
-	EVP_MD_CTX_cleanup(&ctx);
-	if (buf_in != NULL)
-		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
-	if (buf_out != NULL)
-		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
-	return(outl);
-	}
-
-#endif
-
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
-	     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
-	     const EVP_MD *type)
-	{
-	EVP_MD_CTX ctx;
-	EVP_MD_CTX_init(&ctx);
-	if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey))
-		{
-		EVP_MD_CTX_cleanup(&ctx);
-		return 0;
-		}
-	return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
-	}
-		
-
-int ASN1_item_sign_ctx(const ASN1_ITEM *it,
-		X509_ALGOR *algor1, X509_ALGOR *algor2,
-	     	ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
-	{
-	const EVP_MD *type;
-	EVP_PKEY *pkey;
-	unsigned char *buf_in=NULL,*buf_out=NULL;
-	size_t inl=0,outl=0,outll=0;
-	int signid, paramtype;
-	int rv;
-
-	type = EVP_MD_CTX_md(ctx);
-	pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
-
-	if (!type || !pkey)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
-		return 0;
-		}
-
-	if (pkey->ameth->item_sign)
-		{
-		rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
-						signature);
-		if (rv == 1)
-			outl = signature->length;
-		/* Return value meanings:
-		 * <=0: error.
-		 *   1: method does everything.
-		 *   2: carry on as normal.
-		 *   3: ASN1 method sets algorithm identifiers: just sign.
-		 */
-		if (rv <= 0)
-			ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
-		if (rv <= 1)
-			goto err;
-		}
-	else
-		rv = 2;
-
-	if (rv == 2)
-		{
-		if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
-			{
-			if (!pkey->ameth ||
-				!OBJ_find_sigid_by_algs(&signid,
-							EVP_MD_nid(type),
-							pkey->ameth->pkey_id))
-				{
-				ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
-					ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
-				return 0;
-				}
-			}
-		else
-			signid = type->pkey_type;
-
-		if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
-			paramtype = V_ASN1_NULL;
-		else
-			paramtype = V_ASN1_UNDEF;
-
-		if (algor1)
-			X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
-		if (algor2)
-			X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
-
-		}
-
-	inl=ASN1_item_i2d(asn,&buf_in, it);
-	outll=outl=EVP_PKEY_size(pkey);
-	buf_out=OPENSSL_malloc((unsigned int)outl);
-	if ((buf_in == NULL) || (buf_out == NULL))
-		{
-		outl=0;
-		ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (!EVP_DigestSignUpdate(ctx, buf_in, inl)
-		|| !EVP_DigestSignFinal(ctx, buf_out, &outl))
-		{
-		outl=0;
-		ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_EVP_LIB);
-		goto err;
-		}
-	if (signature->data != NULL) OPENSSL_free(signature->data);
-	signature->data=buf_out;
-	buf_out=NULL;
-	signature->length=outl;
-	/* In the interests of compatibility, I'll make sure that
-	 * the bit string has a 'not-used bits' value of 0
-	 */
-	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-err:
-	EVP_MD_CTX_cleanup(ctx);
-	if (buf_in != NULL)
-		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
-	if (buf_out != NULL)
-		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
-	return(outl);
-	}
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
deleted file mode 100644
index 8fb4193bc0..0000000000
--- a/crypto/asn1/a_strex.c
+++ /dev/null
@@ -1,576 +0,0 @@
-/* a_strex.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-
-#include "charmap.h"
-
-/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
- * Enhanced string and name printing routines handling
- * multibyte characters, RFC2253 and a host of other
- * options.
- */
-
-
-#define CHARTYPE_BS_ESC		(ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
-
-#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
-		  ASN1_STRFLGS_ESC_QUOTE | \
-		  ASN1_STRFLGS_ESC_CTRL | \
-		  ASN1_STRFLGS_ESC_MSB)
-
-
-/* Three IO functions for sending data to memory, a BIO and
- * and a FILE pointer.
- */
-#if 0				/* never used */
-static int send_mem_chars(void *arg, const void *buf, int len)
-{
-	unsigned char **out = arg;
-	if(!out) return 1;
-	memcpy(*out, buf, len);
-	*out += len;
-	return 1;
-}
-#endif
-
-static int send_bio_chars(void *arg, const void *buf, int len)
-{
-	if(!arg) return 1;
-	if(BIO_write(arg, buf, len) != len) return 0;
-	return 1;
-}
-
-static int send_fp_chars(void *arg, const void *buf, int len)
-{
-	if(!arg) return 1;
-	if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
-	return 1;
-}
-
-typedef int char_io(void *arg, const void *buf, int len);
-
-/* This function handles display of
- * strings, one character at a time.
- * It is passed an unsigned long for each
- * character because it could come from 2 or even
- * 4 byte forms.
- */
-
-static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
-{
-	unsigned char chflgs, chtmp;
-	char tmphex[HEX_SIZE(long)+3];
-
-	if(c > 0xffffffffL)
-		return -1;
-	if(c > 0xffff) {
-		BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
-		if(!io_ch(arg, tmphex, 10)) return -1;
-		return 10;
-	}
-	if(c > 0xff) {
-		BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
-		if(!io_ch(arg, tmphex, 6)) return -1;
-		return 6;
-	}
-	chtmp = (unsigned char)c;
-	if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB;
-	else chflgs = char_type[chtmp] & flags;
-	if(chflgs & CHARTYPE_BS_ESC) {
-		/* If we don't escape with quotes, signal we need quotes */
-		if(chflgs & ASN1_STRFLGS_ESC_QUOTE) {
-			if(do_quotes) *do_quotes = 1;
-			if(!io_ch(arg, &chtmp, 1)) return -1;
-			return 1;
-		}
-		if(!io_ch(arg, "\\", 1)) return -1;
-		if(!io_ch(arg, &chtmp, 1)) return -1;
-		return 2;
-	}
-	if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {
-		BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
-		if(!io_ch(arg, tmphex, 3)) return -1;
-		return 3;
-	}
-	/* If we get this far and do any escaping at all must escape 
-	 * the escape character itself: backslash.
-	 */
-	if (chtmp == '\\' && flags & ESC_FLAGS) {
-		if(!io_ch(arg, "\\\\", 2)) return -1;
-		return 2;
-	}
-	if(!io_ch(arg, &chtmp, 1)) return -1;
-	return 1;
-}
-
-#define BUF_TYPE_WIDTH_MASK	0x7
-#define BUF_TYPE_CONVUTF8	0x8
-
-/* This function sends each character in a buffer to
- * do_esc_char(). It interprets the content formats
- * and converts to or from UTF8 as appropriate.
- */
-
-static int do_buf(unsigned char *buf, int buflen,
-			int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg)
-{
-	int i, outlen, len;
-	unsigned char orflags, *p, *q;
-	unsigned long c;
-	p = buf;
-	q = buf + buflen;
-	outlen = 0;
-	while(p != q) {
-		if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253;
-		else orflags = 0;
-		switch(type & BUF_TYPE_WIDTH_MASK) {
-			case 4:
-			c = ((unsigned long)*p++) << 24;
-			c |= ((unsigned long)*p++) << 16;
-			c |= ((unsigned long)*p++) << 8;
-			c |= *p++;
-			break;
-
-			case 2:
-			c = ((unsigned long)*p++) << 8;
-			c |= *p++;
-			break;
-
-			case 1:
-			c = *p++;
-			break;
-			
-			case 0:
-			i = UTF8_getc(p, buflen, &c);
-			if(i < 0) return -1;	/* Invalid UTF8String */
-			p += i;
-			break;
-			default:
-			return -1;	/* invalid width */
-		}
-		if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253;
-		if(type & BUF_TYPE_CONVUTF8) {
-			unsigned char utfbuf[6];
-			int utflen;
-			utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
-			for(i = 0; i < utflen; i++) {
-				/* We don't need to worry about setting orflags correctly
-				 * because if utflen==1 its value will be correct anyway 
-				 * otherwise each character will be > 0x7f and so the 
-				 * character will never be escaped on first and last.
-				 */
-				len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg);
-				if(len < 0) return -1;
-				outlen += len;
-			}
-		} else {
-			len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg);
-			if(len < 0) return -1;
-			outlen += len;
-		}
-	}
-	return outlen;
-}
-
-/* This function hex dumps a buffer of characters */
-
-static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
-{
-	static const char hexdig[] = "0123456789ABCDEF";
-	unsigned char *p, *q;
-	char hextmp[2];
-	if(arg) {
-		p = buf;
-		q = buf + buflen;
-		while(p != q) {
-			hextmp[0] = hexdig[*p >> 4];
-			hextmp[1] = hexdig[*p & 0xf];
-			if(!io_ch(arg, hextmp, 2)) return -1;
-			p++;
-		}
-	}
-	return buflen << 1;
-}
-
-/* "dump" a string. This is done when the type is unknown,
- * or the flags request it. We can either dump the content
- * octets or the entire DER encoding. This uses the RFC2253
- * #01234 format.
- */
-
-static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
-{
-	/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
-	 * the DER encoding to readily obtained
-	 */
-	ASN1_TYPE t;
-	unsigned char *der_buf, *p;
-	int outlen, der_len;
-
-	if(!io_ch(arg, "#", 1)) return -1;
-	/* If we don't dump DER encoding just dump content octets */
-	if(!(lflags & ASN1_STRFLGS_DUMP_DER)) {
-		outlen = do_hex_dump(io_ch, arg, str->data, str->length);
-		if(outlen < 0) return -1;
-		return outlen + 1;
-	}
-	t.type = str->type;
-	t.value.ptr = (char *)str;
-	der_len = i2d_ASN1_TYPE(&t, NULL);
-	der_buf = OPENSSL_malloc(der_len);
-	if(!der_buf) return -1;
-	p = der_buf;
-	i2d_ASN1_TYPE(&t, &p);
-	outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
-	OPENSSL_free(der_buf);
-	if(outlen < 0) return -1;
-	return outlen + 1;
-}
-
-/* Lookup table to convert tags to character widths,
- * 0 = UTF8 encoded, -1 is used for non string types
- * otherwise it is the number of bytes per character
- */
-
-static const signed char tag2nbyte[] = {
-	-1, -1, -1, -1, -1,	/* 0-4 */
-	-1, -1, -1, -1, -1,	/* 5-9 */
-	-1, -1, 0, -1,		/* 10-13 */
-	-1, -1, -1, -1,		/* 15-17 */
-	-1, 1, 1,		/* 18-20 */
-	-1, 1, 1, 1,		/* 21-24 */
-	-1, 1, -1,		/* 25-27 */
-	4, -1, 2		/* 28-30 */
-};
-
-/* This is the main function, print out an
- * ASN1_STRING taking note of various escape
- * and display options. Returns number of
- * characters written or -1 if an error
- * occurred.
- */
-
-static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str)
-{
-	int outlen, len;
-	int type;
-	char quotes;
-	unsigned char flags;
-	quotes = 0;
-	/* Keep a copy of escape flags */
-	flags = (unsigned char)(lflags & ESC_FLAGS);
-
-	type = str->type;
-
-	outlen = 0;
-
-
-	if(lflags & ASN1_STRFLGS_SHOW_TYPE) {
-		const char *tagname;
-		tagname = ASN1_tag2str(type);
-		outlen += strlen(tagname);
-		if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; 
-		outlen++;
-	}
-
-	/* Decide what to do with type, either dump content or display it */
-
-	/* Dump everything */
-	if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1;
-	/* Ignore the string type */
-	else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1;
-	else {
-		/* Else determine width based on type */
-		if((type > 0) && (type < 31)) type = tag2nbyte[type];
-		else type = -1;
-		if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;
-	}
-
-	if(type == -1) {
-		len = do_dump(lflags, io_ch, arg, str);
-		if(len < 0) return -1;
-		outlen += len;
-		return outlen;
-	}
-
-	if(lflags & ASN1_STRFLGS_UTF8_CONVERT) {
-		/* Note: if string is UTF8 and we want
-		 * to convert to UTF8 then we just interpret
-		 * it as 1 byte per character to avoid converting
-		 * twice.
-		 */
-		if(!type) type = 1;
-		else type |= BUF_TYPE_CONVUTF8;
-	}
-
-	len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
-	if(len < 0) return -1;
-	outlen += len;
-	if(quotes) outlen += 2;
-	if(!arg) return outlen;
-	if(quotes && !io_ch(arg, "\"", 1)) return -1;
-	if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
-		return -1;
-	if(quotes && !io_ch(arg, "\"", 1)) return -1;
-	return outlen;
-}
-
-/* Used for line indenting: print 'indent' spaces */
-
-static int do_indent(char_io *io_ch, void *arg, int indent)
-{
-	int i;
-	for(i = 0; i < indent; i++)
-			if(!io_ch(arg, " ", 1)) return 0;
-	return 1;
-}
-
-#define FN_WIDTH_LN	25
-#define FN_WIDTH_SN	10
-
-static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
-				int indent, unsigned long flags)
-{
-	int i, prev = -1, orflags, cnt;
-	int fn_opt, fn_nid;
-	ASN1_OBJECT *fn;
-	ASN1_STRING *val;
-	X509_NAME_ENTRY *ent;
-	char objtmp[80];
-	const char *objbuf;
-	int outlen, len;
-	char *sep_dn, *sep_mv, *sep_eq;
-	int sep_dn_len, sep_mv_len, sep_eq_len;
-	if(indent < 0) indent = 0;
-	outlen = indent;
-	if(!do_indent(io_ch, arg, indent)) return -1;
-	switch (flags & XN_FLAG_SEP_MASK)
-	{
-		case XN_FLAG_SEP_MULTILINE:
-		sep_dn = "\n";
-		sep_dn_len = 1;
-		sep_mv = " + ";
-		sep_mv_len = 3;
-		break;
-
-		case XN_FLAG_SEP_COMMA_PLUS:
-		sep_dn = ",";
-		sep_dn_len = 1;
-		sep_mv = "+";
-		sep_mv_len = 1;
-		indent = 0;
-		break;
-
-		case XN_FLAG_SEP_CPLUS_SPC:
-		sep_dn = ", ";
-		sep_dn_len = 2;
-		sep_mv = " + ";
-		sep_mv_len = 3;
-		indent = 0;
-		break;
-
-		case XN_FLAG_SEP_SPLUS_SPC:
-		sep_dn = "; ";
-		sep_dn_len = 2;
-		sep_mv = " + ";
-		sep_mv_len = 3;
-		indent = 0;
-		break;
-
-		default:
-		return -1;
-	}
-
-	if(flags & XN_FLAG_SPC_EQ) {
-		sep_eq = " = ";
-		sep_eq_len = 3;
-	} else {
-		sep_eq = "=";
-		sep_eq_len = 1;
-	}
-
-	fn_opt = flags & XN_FLAG_FN_MASK;
-
-	cnt = X509_NAME_entry_count(n);	
-	for(i = 0; i < cnt; i++) {
-		if(flags & XN_FLAG_DN_REV)
-				ent = X509_NAME_get_entry(n, cnt - i - 1);
-		else ent = X509_NAME_get_entry(n, i);
-		if(prev != -1) {
-			if(prev == ent->set) {
-				if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;
-				outlen += sep_mv_len;
-			} else {
-				if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;
-				outlen += sep_dn_len;
-				if(!do_indent(io_ch, arg, indent)) return -1;
-				outlen += indent;
-			}
-		}
-		prev = ent->set;
-		fn = X509_NAME_ENTRY_get_object(ent);
-		val = X509_NAME_ENTRY_get_data(ent);
-		fn_nid = OBJ_obj2nid(fn);
-		if(fn_opt != XN_FLAG_FN_NONE) {
-			int objlen, fld_len;
-			if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
-				OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
-				fld_len = 0; /* XXX: what should this be? */
-				objbuf = objtmp;
-			} else {
-				if(fn_opt == XN_FLAG_FN_SN) {
-					fld_len = FN_WIDTH_SN;
-					objbuf = OBJ_nid2sn(fn_nid);
-				} else if(fn_opt == XN_FLAG_FN_LN) {
-					fld_len = FN_WIDTH_LN;
-					objbuf = OBJ_nid2ln(fn_nid);
-				} else {
-					fld_len = 0; /* XXX: what should this be? */
-					objbuf = "";
-				}
-			}
-			objlen = strlen(objbuf);
-			if(!io_ch(arg, objbuf, objlen)) return -1;
-			if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
-				if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;
-				outlen += fld_len - objlen;
-			}
-			if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
-			outlen += objlen + sep_eq_len;
-		}
-		/* If the field name is unknown then fix up the DER dump
-		 * flag. We might want to limit this further so it will
- 		 * DER dump on anything other than a few 'standard' fields.
-		 */
-		if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) 
-					orflags = ASN1_STRFLGS_DUMP_ALL;
-		else orflags = 0;
-     
-		len = do_print_ex(io_ch, arg, flags | orflags, val);
-		if(len < 0) return -1;
-		outlen += len;
-	}
-	return outlen;
-}
-
-/* Wrappers round the main functions */
-
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
-{
-	if(flags == XN_FLAG_COMPAT)
-		return X509_NAME_print(out, nm, indent);
-	return do_name_ex(send_bio_chars, out, nm, indent, flags);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
-{
-	if(flags == XN_FLAG_COMPAT)
-		{
-		BIO *btmp;
-		int ret;
-		btmp = BIO_new_fp(fp, BIO_NOCLOSE);
-		if(!btmp) return -1;
-		ret = X509_NAME_print(btmp, nm, indent);
-		BIO_free(btmp);
-		return ret;
-		}
-	return do_name_ex(send_fp_chars, fp, nm, indent, flags);
-}
-#endif
-
-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
-{
-	return do_print_ex(send_bio_chars, out, flags, str);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
-{
-	return do_print_ex(send_fp_chars, fp, flags, str);
-}
-#endif
-
-/* Utility function: convert any string type to UTF8, returns number of bytes
- * in output string or a negative error code
- */
-
-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
-{
-	ASN1_STRING stmp, *str = &stmp;
-	int mbflag, type, ret;
-	if(!in) return -1;
-	type = in->type;
-	if((type < 0) || (type > 30)) return -1;
-	mbflag = tag2nbyte[type];
-	if(mbflag == -1) return -1;
-	mbflag |= MBSTRING_FLAG;
-	stmp.data = NULL;
-	stmp.length = 0;
-	stmp.flags = 0;
-	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
-	if(ret < 0) return ret;
-	*out = stmp.data;
-	return stmp.length;
-}
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
deleted file mode 100644
index 2afd5a4136..0000000000
--- a/crypto/asn1/a_strnid.c
+++ /dev/null
@@ -1,290 +0,0 @@
-/* a_strnid.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-
-
-static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
-static void st_free(ASN1_STRING_TABLE *tbl);
-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
-			const ASN1_STRING_TABLE * const *b);
-
-
-/* This is the global mask for the mbstring functions: this is use to
- * mask out certain types (such as BMPString and UTF8String) because
- * certain software (e.g. Netscape) has problems with them.
- */
-
-static unsigned long global_mask = B_ASN1_UTF8STRING;
-
-void ASN1_STRING_set_default_mask(unsigned long mask)
-{
-	global_mask = mask;
-}
-
-unsigned long ASN1_STRING_get_default_mask(void)
-{
-	return global_mask;
-}
-
-/* This function sets the default to various "flavours" of configuration.
- * based on an ASCII string. Currently this is:
- * MASK:XXXX : a numerical mask value.
- * nobmp : Don't use BMPStrings (just Printable, T61).
- * pkix : PKIX recommendation in RFC2459.
- * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
- * default:   the default value, Printable, T61, BMP.
- */
-
-int ASN1_STRING_set_default_mask_asc(const char *p)
-{
-	unsigned long mask;
-	char *end;
-	if(!strncmp(p, "MASK:", 5)) {
-		if(!p[5]) return 0;
-		mask = strtoul(p + 5, &end, 0);
-		if(*end) return 0;
-	} else if(!strcmp(p, "nombstr"))
-			 mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
-	else if(!strcmp(p, "pkix"))
-			mask = ~((unsigned long)B_ASN1_T61STRING);
-	else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
-	else if(!strcmp(p, "default"))
-	    mask = 0xFFFFFFFFL;
-	else return 0;
-	ASN1_STRING_set_default_mask(mask);
-	return 1;
-}
-
-/* The following function generates an ASN1_STRING based on limits in a table.
- * Frequently the types and length of an ASN1_STRING are restricted by a 
- * corresponding OID. For example certificates and certificate requests.
- */
-
-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
-					int inlen, int inform, int nid)
-{
-	ASN1_STRING_TABLE *tbl;
-	ASN1_STRING *str = NULL;
-	unsigned long mask;
-	int ret;
-	if(!out) out = &str;
-	tbl = ASN1_STRING_TABLE_get(nid);
-	if(tbl) {
-		mask = tbl->mask;
-		if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
-		ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
-					tbl->minsize, tbl->maxsize);
-	} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
-	if(ret <= 0) return NULL;
-	return *out;
-}
-
-/* Now the tables and helper functions for the string table:
- */
-
-/* size limits: this stuff is taken straight from RFC3280 */
-
-#define ub_name				32768
-#define ub_common_name			64
-#define ub_locality_name		128
-#define ub_state_name			128
-#define ub_organization_name		64
-#define ub_organization_unit_name	64
-#define ub_title			64
-#define ub_email_address		128
-#define ub_serial_number		64
-
-
-/* This table must be kept in NID order */
-
-static const ASN1_STRING_TABLE tbl_standard[] = {
-{NID_commonName,		1, ub_common_name, DIRSTRING_TYPE, 0},
-{NID_countryName,		2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_localityName,		1, ub_locality_name, DIRSTRING_TYPE, 0},
-{NID_stateOrProvinceName,	1, ub_state_name, DIRSTRING_TYPE, 0},
-{NID_organizationName,		1, ub_organization_name, DIRSTRING_TYPE, 0},
-{NID_organizationalUnitName,	1, ub_organization_unit_name, DIRSTRING_TYPE, 0},
-{NID_pkcs9_emailAddress,	1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},
-{NID_pkcs9_unstructuredName,	1, -1, PKCS9STRING_TYPE, 0},
-{NID_pkcs9_challengePassword,	1, -1, PKCS9STRING_TYPE, 0},
-{NID_pkcs9_unstructuredAddress,	1, -1, DIRSTRING_TYPE, 0},
-{NID_givenName,			1, ub_name, DIRSTRING_TYPE, 0},
-{NID_surname,			1, ub_name, DIRSTRING_TYPE, 0},
-{NID_initials,			1, ub_name, DIRSTRING_TYPE, 0},
-{NID_serialNumber,		1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_friendlyName,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
-{NID_name,			1, ub_name, DIRSTRING_TYPE, 0},
-{NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_domainComponent,		1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
-{NID_ms_csp_name,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
-};
-
-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
-			const ASN1_STRING_TABLE * const *b)
-{
-	return (*a)->nid - (*b)->nid;
-}
-
-DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
-
-static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
-{
-	return a->nid - b->nid;
-}
-
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
-
-ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
-{
-	int idx;
-	ASN1_STRING_TABLE *ttmp;
-	ASN1_STRING_TABLE fnd;
-	fnd.nid = nid;
-	ttmp = OBJ_bsearch_table(&fnd, tbl_standard, 
-			   sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE));
-	if(ttmp) return ttmp;
-	if(!stable) return NULL;
-	idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
-	if(idx < 0) return NULL;
-	return sk_ASN1_STRING_TABLE_value(stable, idx);
-}
-	
-int ASN1_STRING_TABLE_add(int nid,
-		 long minsize, long maxsize, unsigned long mask,
-				unsigned long flags)
-{
-	ASN1_STRING_TABLE *tmp;
-	char new_nid = 0;
-	flags &= ~STABLE_FLAGS_MALLOC;
-	if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
-	if(!stable) {
-		ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
-		tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
-		if(!tmp) {
-			ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
-							ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		tmp->flags = flags | STABLE_FLAGS_MALLOC;
-		tmp->nid = nid;
-		new_nid = 1;
-	} else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
-	if(minsize != -1) tmp->minsize = minsize;
-	if(maxsize != -1) tmp->maxsize = maxsize;
-	tmp->mask = mask;
-	if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp);
-	return 1;
-}
-
-void ASN1_STRING_TABLE_cleanup(void)
-{
-	STACK_OF(ASN1_STRING_TABLE) *tmp;
-	tmp = stable;
-	if(!tmp) return;
-	stable = NULL;
-	sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
-}
-
-static void st_free(ASN1_STRING_TABLE *tbl)
-{
-	if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
-}
-
-
-IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
-
-#ifdef STRING_TABLE_TEST
-
-main()
-{
-	ASN1_STRING_TABLE *tmp;
-	int i, last_nid = -1;
-
-	for (tmp = tbl_standard, i = 0;
-		i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
-		{
-			if (tmp->nid < last_nid)
-				{
-				last_nid = 0;
-				break;
-				}
-			last_nid = tmp->nid;
-		}
-
-	if (last_nid != 0)
-		{
-		printf("Table order OK\n");
-		exit(0);
-		}
-
-	for (tmp = tbl_standard, i = 0;
-		i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
-			printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
-							OBJ_nid2ln(tmp->nid));
-
-}
-
-#endif
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
deleted file mode 100644
index e2eb9b243e..0000000000
--- a/crypto/asn1/a_time.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/* crypto/asn1/a_time.c */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-/* This is an implementation of the ASN1 Time structure which is:
- *    Time ::= CHOICE {
- *      utcTime        UTCTime,
- *      generalTime    GeneralizedTime }
- * written by Steve Henson.
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "o_time.h"
-#include <openssl/asn1t.h>
-
-IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
-
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
-
-#if 0
-int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
-	{
-#ifdef CHARSET_EBCDIC
-	/* KLUDGE! We convert to ascii before writing DER */
-	char tmp[24];
-	ASN1_STRING tmpstr;
-
-	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
-	    int len;
-
-	    tmpstr = *(ASN1_STRING *)a;
-	    len = tmpstr.length;
-	    ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
-	    tmpstr.data = tmp;
-	    a = (ASN1_GENERALIZEDTIME *) &tmpstr;
-	}
-#endif
-	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
-				return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
-				     a->type ,V_ASN1_UNIVERSAL));
-	ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
-	return -1;
-	}
-#endif
-
-
-ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
-	{
-	return ASN1_TIME_adj(s, t, 0, 0);
-	}
-
-ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
-				int offset_day, long offset_sec)
-	{
-	struct tm *ts;
-	struct tm data;
-
-	ts=OPENSSL_gmtime(&t,&data);
-	if (ts == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
-		return NULL;
-		}
-	if (offset_day || offset_sec)
-		{ 
-		if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-			return NULL;
-		}
-	if((ts->tm_year >= 50) && (ts->tm_year < 150))
-			return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
-	return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
-	}
-
-int ASN1_TIME_check(ASN1_TIME *t)
-	{
-	if (t->type == V_ASN1_GENERALIZEDTIME)
-		return ASN1_GENERALIZEDTIME_check(t);
-	else if (t->type == V_ASN1_UTCTIME)
-		return ASN1_UTCTIME_check(t);
-	return 0;
-	}
-
-/* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
-	{
-	ASN1_GENERALIZEDTIME *ret;
-	char *str;
-	int newlen;
-
-	if (!ASN1_TIME_check(t)) return NULL;
-
-	if (!out || !*out)
-		{
-		if (!(ret = ASN1_GENERALIZEDTIME_new ()))
-			return NULL;
-		if (out) *out = ret;
-		}
-	else ret = *out;
-
-	/* If already GeneralizedTime just copy across */
-	if (t->type == V_ASN1_GENERALIZEDTIME)
-		{
-		if(!ASN1_STRING_set(ret, t->data, t->length))
-			return NULL;
-		return ret;
-		}
-
-	/* grow the string */
-	if (!ASN1_STRING_set(ret, NULL, t->length + 2))
-		return NULL;
-	/* ASN1_STRING_set() allocated 'len + 1' bytes. */
-	newlen = t->length + 2 + 1;
-	str = (char *)ret->data;
-	/* Work out the century and prepend */
-	if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
-	else BUF_strlcpy(str, "20", newlen);
-
-	BUF_strlcat(str, (char *)t->data, newlen);
-
-	return ret;
-	}
-
-int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
-	{
-	ASN1_TIME t;
-
-	t.length = strlen(str);
-	t.data = (unsigned char *)str;
-	t.flags = 0;
-	
-	t.type = V_ASN1_UTCTIME;
-
-	if (!ASN1_TIME_check(&t))
-		{
-		t.type = V_ASN1_GENERALIZEDTIME;
-		if (!ASN1_TIME_check(&t))
-			return 0;
-		}
-	
-	if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
-			return 0;
-
-	return 1;
-	}
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
deleted file mode 100644
index 5e1bc762d0..0000000000
--- a/crypto/asn1/a_type.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/* crypto/asn1/a_type.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-int ASN1_TYPE_get(ASN1_TYPE *a)
-	{
-	if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
-		return(a->type);
-	else
-		return(0);
-	}
-
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
-	{
-	if (a->value.ptr != NULL)
-		{
-		ASN1_TYPE **tmp_a = &a;
-		ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
-		}
-	a->type=type;
-	if (type == V_ASN1_BOOLEAN)
-		a->value.boolean = value ? 0xff : 0;
-	else
-		a->value.ptr=value;
-	}
-
-int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
-	{
-	if (!value || (type == V_ASN1_BOOLEAN))
-		{
-		void *p = (void *)value;
-		ASN1_TYPE_set(a, type, p);
-		}
-	else if (type == V_ASN1_OBJECT)
-		{
-		ASN1_OBJECT *odup;
-		odup = OBJ_dup(value);
-		if (!odup)
-			return 0;
-		ASN1_TYPE_set(a, type, odup);
-		}
-	else
-		{
-		ASN1_STRING *sdup;
-		sdup = ASN1_STRING_dup(value);
-		if (!sdup)
-			return 0;
-		ASN1_TYPE_set(a, type, sdup);
-		}
-	return 1;
-	}
-
-IMPLEMENT_STACK_OF(ASN1_TYPE)
-IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
-
-/* Returns 0 if they are equal, != 0 otherwise. */
-int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
-	{
-	int result = -1;
-
-	if (!a || !b || a->type != b->type) return -1;
-
-	switch (a->type)
-		{
-	case V_ASN1_OBJECT:
-		result = OBJ_cmp(a->value.object, b->value.object);
-		break;
-	case V_ASN1_NULL:
-		result = 0;	/* They do not have content. */
-		break;
-	case V_ASN1_INTEGER:
-	case V_ASN1_NEG_INTEGER:
-	case V_ASN1_ENUMERATED:
-	case V_ASN1_NEG_ENUMERATED:
-	case V_ASN1_BIT_STRING:
-	case V_ASN1_OCTET_STRING:
-	case V_ASN1_SEQUENCE:
-	case V_ASN1_SET:
-	case V_ASN1_NUMERICSTRING:
-	case V_ASN1_PRINTABLESTRING:
-	case V_ASN1_T61STRING:
-	case V_ASN1_VIDEOTEXSTRING:
-	case V_ASN1_IA5STRING:
-	case V_ASN1_UTCTIME:
-	case V_ASN1_GENERALIZEDTIME:
-	case V_ASN1_GRAPHICSTRING:
-	case V_ASN1_VISIBLESTRING:
-	case V_ASN1_GENERALSTRING:
-	case V_ASN1_UNIVERSALSTRING:
-	case V_ASN1_BMPSTRING:
-	case V_ASN1_UTF8STRING:
-	case V_ASN1_OTHER:
-	default:
-		result = ASN1_STRING_cmp((ASN1_STRING *) a->value.ptr,
-					 (ASN1_STRING *) b->value.ptr);
-		break;
-		}
-
-	return result;
-	}
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
deleted file mode 100644
index bbdc9b3222..0000000000
--- a/crypto/asn1/a_utctm.c
+++ /dev/null
@@ -1,332 +0,0 @@
-/* crypto/asn1/a_utctm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "o_time.h"
-#include <openssl/asn1.h>
-
-#if 0
-int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
-	{
-#ifndef CHARSET_EBCDIC
-	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
-		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
-#else
-	/* KLUDGE! We convert to ascii before writing DER */
-	int len;
-	char tmp[24];
-	ASN1_STRING x = *(ASN1_STRING *)a;
-
-	len = x.length;
-	ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
-	x.data = tmp;
-	return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
-#endif
-	}
-
-
-ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
-	     long length)
-	{
-	ASN1_UTCTIME *ret=NULL;
-
-	ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
-		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR);
-		return(NULL);
-		}
-#ifdef CHARSET_EBCDIC
-	ascii2ebcdic(ret->data, ret->data, ret->length);
-#endif
-	if (!ASN1_UTCTIME_check(ret))
-		{
-		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
-		goto err;
-		}
-
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		M_ASN1_UTCTIME_free(ret);
-	return(NULL);
-	}
-
-#endif
-
-int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
-	{
-	static const int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
-	static const int max[8]={99,12,31,23,59,59,12,59};
-	char *a;
-	int n,i,l,o;
-
-	if (d->type != V_ASN1_UTCTIME) return(0);
-	l=d->length;
-	a=(char *)d->data;
-	o=0;
-
-	if (l < 11) goto err;
-	for (i=0; i<6; i++)
-		{
-		if ((i == 5) && ((a[o] == 'Z') ||
-			(a[o] == '+') || (a[o] == '-')))
-			{ i++; break; }
-		if ((a[o] < '0') || (a[o] > '9')) goto err;
-		n= a[o]-'0';
-		if (++o > l) goto err;
-
-		if ((a[o] < '0') || (a[o] > '9')) goto err;
-		n=(n*10)+ a[o]-'0';
-		if (++o > l) goto err;
-
-		if ((n < min[i]) || (n > max[i])) goto err;
-		}
-	if (a[o] == 'Z')
-		o++;
-	else if ((a[o] == '+') || (a[o] == '-'))
-		{
-		o++;
-		if (o+4 > l) goto err;
-		for (i=6; i<8; i++)
-			{
-			if ((a[o] < '0') || (a[o] > '9')) goto err;
-			n= a[o]-'0';
-			o++;
-			if ((a[o] < '0') || (a[o] > '9')) goto err;
-			n=(n*10)+ a[o]-'0';
-			if ((n < min[i]) || (n > max[i])) goto err;
-			o++;
-			}
-		}
-	return(o == l);
-err:
-	return(0);
-	}
-
-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
-	{
-	ASN1_UTCTIME t;
-
-	t.type=V_ASN1_UTCTIME;
-	t.length=strlen(str);
-	t.data=(unsigned char *)str;
-	if (ASN1_UTCTIME_check(&t))
-		{
-		if (s != NULL)
-			{
-			if (!ASN1_STRING_set((ASN1_STRING *)s,
-				(unsigned char *)str,t.length))
-				return 0;
-			s->type = V_ASN1_UTCTIME;
-			}
-		return(1);
-		}
-	else
-		return(0);
-	}
-
-ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
-	{
-	return ASN1_UTCTIME_adj(s, t, 0, 0);
-	}
-
-ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
-				int offset_day, long offset_sec)
-	{
-	char *p;
-	struct tm *ts;
-	struct tm data;
-	size_t len = 20;
-	int free_s = 0;
-
-	if (s == NULL)
-		{
-		free_s = 1;
-		s=M_ASN1_UTCTIME_new();
-		}
-	if (s == NULL)
-		goto err;
-
-
-	ts=OPENSSL_gmtime(&t, &data);
-	if (ts == NULL)
-		goto err;
-
-	if (offset_day || offset_sec)
-		{ 
-		if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
-			goto err;
-		}
-
-	if((ts->tm_year < 50) || (ts->tm_year >= 150))
-		goto err;
-
-	p=(char *)s->data;
-	if ((p == NULL) || ((size_t)s->length < len))
-		{
-		p=OPENSSL_malloc(len);
-		if (p == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_UTCTIME_ADJ,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (s->data != NULL)
-			OPENSSL_free(s->data);
-		s->data=(unsigned char *)p;
-		}
-
-	BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
-		     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
-	s->length=strlen(p);
-	s->type=V_ASN1_UTCTIME;
-#ifdef CHARSET_EBCDIC_not
-	ebcdic2ascii(s->data, s->data, s->length);
-#endif
-	return(s);
-	err:
-	if (free_s && s)
-		M_ASN1_UTCTIME_free(s);
-	return NULL;
-	}
-
-
-int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
-	{
-	struct tm *tm;
-	struct tm data;
-	int offset;
-	int year;
-
-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
-
-	if (s->data[12] == 'Z')
-		offset=0;
-	else
-		{
-		offset = g2(s->data+13)*60+g2(s->data+15);
-		if (s->data[12] == '-')
-			offset = -offset;
-		}
-
-	t -= offset*60; /* FIXME: may overflow in extreme cases */
-
-	tm = OPENSSL_gmtime(&t, &data);
-	/* NB: -1, 0, 1 already valid return values so use -2 to
-	 * indicate error.
-	 */
-	if (tm == NULL)
-		return -2;
-	
-#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
-	year = g2(s->data);
-	if (year < 50)
-		year += 100;
-	return_cmp(year,              tm->tm_year);
-	return_cmp(g2(s->data+2) - 1, tm->tm_mon);
-	return_cmp(g2(s->data+4),     tm->tm_mday);
-	return_cmp(g2(s->data+6),     tm->tm_hour);
-	return_cmp(g2(s->data+8),     tm->tm_min);
-	return_cmp(g2(s->data+10),    tm->tm_sec);
-#undef g2
-#undef return_cmp
-
-	return 0;
-	}
-
-
-#if 0
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
-	{
-	struct tm tm;
-	int offset;
-
-	memset(&tm,'\0',sizeof tm);
-
-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
-	tm.tm_year=g2(s->data);
-	if(tm.tm_year < 50)
-		tm.tm_year+=100;
-	tm.tm_mon=g2(s->data+2)-1;
-	tm.tm_mday=g2(s->data+4);
-	tm.tm_hour=g2(s->data+6);
-	tm.tm_min=g2(s->data+8);
-	tm.tm_sec=g2(s->data+10);
-	if(s->data[12] == 'Z')
-		offset=0;
-	else
-		{
-		offset=g2(s->data+13)*60+g2(s->data+15);
-		if(s->data[12] == '-')
-			offset= -offset;
-		}
-#undef g2
-
-	return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
-	                               * instead of UTC, and unless we rewrite OpenSSL
-				       * in Lisp we cannot locally change the timezone
-				       * without possibly interfering with other parts
-	                               * of the program. timegm, which uses UTC, is
-				       * non-standard.
-	                               * Also time_t is inappropriate for general
-	                               * UTC times because it may a 32 bit type. */
-	}
-#endif
diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c
deleted file mode 100644
index 508e11e527..0000000000
--- a/crypto/asn1/a_utf8.c
+++ /dev/null
@@ -1,211 +0,0 @@
-/* crypto/asn1/a_utf8.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-
-/* UTF8 utilities */
-
-/* This parses a UTF8 string one character at a time. It is passed a pointer
- * to the string and the length of the string. It sets 'value' to the value of
- * the current character. It returns the number of characters read or a
- * negative error code:
- * -1 = string too short
- * -2 = illegal character
- * -3 = subsequent characters not of the form 10xxxxxx
- * -4 = character encoded incorrectly (not minimal length).
- */
-
-int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
-{
-	const unsigned char *p;
-	unsigned long value;
-	int ret;
-	if(len <= 0) return 0;
-	p = str;
-
-	/* Check syntax and work out the encoded value (if correct) */
-	if((*p & 0x80) == 0) {
-		value = *p++ & 0x7f;
-		ret = 1;
-	} else if((*p & 0xe0) == 0xc0) {
-		if(len < 2) return -1;
-		if((p[1] & 0xc0) != 0x80) return -3;
-		value = (*p++ & 0x1f) << 6;
-		value |= *p++ & 0x3f;
-		if(value < 0x80) return -4;
-		ret = 2;
-	} else if((*p & 0xf0) == 0xe0) {
-		if(len < 3) return -1;
-		if( ((p[1] & 0xc0) != 0x80)
-		   || ((p[2] & 0xc0) != 0x80) ) return -3;
-		value = (*p++ & 0xf) << 12;
-		value |= (*p++ & 0x3f) << 6;
-		value |= *p++ & 0x3f;
-		if(value < 0x800) return -4;
-		ret = 3;
-	} else if((*p & 0xf8) == 0xf0) {
-		if(len < 4) return -1;
-		if( ((p[1] & 0xc0) != 0x80)
-		   || ((p[2] & 0xc0) != 0x80) 
-		   || ((p[3] & 0xc0) != 0x80) ) return -3;
-		value = ((unsigned long)(*p++ & 0x7)) << 18;
-		value |= (*p++ & 0x3f) << 12;
-		value |= (*p++ & 0x3f) << 6;
-		value |= *p++ & 0x3f;
-		if(value < 0x10000) return -4;
-		ret = 4;
-	} else if((*p & 0xfc) == 0xf8) {
-		if(len < 5) return -1;
-		if( ((p[1] & 0xc0) != 0x80)
-		   || ((p[2] & 0xc0) != 0x80) 
-		   || ((p[3] & 0xc0) != 0x80) 
-		   || ((p[4] & 0xc0) != 0x80) ) return -3;
-		value = ((unsigned long)(*p++ & 0x3)) << 24;
-		value |= ((unsigned long)(*p++ & 0x3f)) << 18;
-		value |= ((unsigned long)(*p++ & 0x3f)) << 12;
-		value |= (*p++ & 0x3f) << 6;
-		value |= *p++ & 0x3f;
-		if(value < 0x200000) return -4;
-		ret = 5;
-	} else if((*p & 0xfe) == 0xfc) {
-		if(len < 6) return -1;
-		if( ((p[1] & 0xc0) != 0x80)
-		   || ((p[2] & 0xc0) != 0x80) 
-		   || ((p[3] & 0xc0) != 0x80) 
-		   || ((p[4] & 0xc0) != 0x80) 
-		   || ((p[5] & 0xc0) != 0x80) ) return -3;
-		value = ((unsigned long)(*p++ & 0x1)) << 30;
-		value |= ((unsigned long)(*p++ & 0x3f)) << 24;
-		value |= ((unsigned long)(*p++ & 0x3f)) << 18;
-		value |= ((unsigned long)(*p++ & 0x3f)) << 12;
-		value |= (*p++ & 0x3f) << 6;
-		value |= *p++ & 0x3f;
-		if(value < 0x4000000) return -4;
-		ret = 6;
-	} else return -2;
-	*val = value;
-	return ret;
-}
-
-/* This takes a character 'value' and writes the UTF8 encoded value in
- * 'str' where 'str' is a buffer containing 'len' characters. Returns
- * the number of characters written or -1 if 'len' is too small. 'str' can
- * be set to NULL in which case it just returns the number of characters.
- * It will need at most 6 characters.
- */
-
-int UTF8_putc(unsigned char *str, int len, unsigned long value)
-{
-	if(!str) len = 6;	/* Maximum we will need */
-	else if(len <= 0) return -1;
-	if(value < 0x80) {
-		if(str) *str = (unsigned char)value;
-		return 1;
-	}
-	if(value < 0x800) {
-		if(len < 2) return -1;
-		if(str) {
-			*str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
-			*str = (unsigned char)((value & 0x3f) | 0x80);
-		}
-		return 2;
-	}
-	if(value < 0x10000) {
-		if(len < 3) return -1;
-		if(str) {
-			*str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
-			*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-			*str = (unsigned char)((value & 0x3f) | 0x80);
-		}
-		return 3;
-	}
-	if(value < 0x200000) {
-		if(len < 4) return -1;
-		if(str) {
-			*str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
-			*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
-			*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-			*str = (unsigned char)((value & 0x3f) | 0x80);
-		}
-		return 4;
-	}
-	if(value < 0x4000000) {
-		if(len < 5) return -1;
-		if(str) {
-			*str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
-			*str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
-			*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
-			*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-			*str = (unsigned char)((value & 0x3f) | 0x80);
-		}
-		return 5;
-	}
-	if(len < 6) return -1;
-	if(str) {
-		*str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
-		*str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
-		*str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
-		*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
-		*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-		*str = (unsigned char)((value & 0x3f) | 0x80);
-	}
-	return 6;
-}
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
deleted file mode 100644
index 78dde1d053..0000000000
--- a/crypto/asn1/a_verify.c
+++ /dev/null
@@ -1,246 +0,0 @@
-/* crypto/asn1/a_verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-
-#include "cryptlib.h"
-#include "asn1_locl.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-#ifndef NO_ASN1_OLD
-
-int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
-		char *data, EVP_PKEY *pkey)
-	{
-	EVP_MD_CTX ctx;
-	const EVP_MD *type;
-	unsigned char *p,*buf_in=NULL;
-	int ret= -1,i,inl;
-
-	EVP_MD_CTX_init(&ctx);
-	i=OBJ_obj2nid(a->algorithm);
-	type=EVP_get_digestbyname(OBJ_nid2sn(i));
-	if (type == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-		goto err;
-		}
-
-	if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
-		goto err;
-		}
-	
-	inl=i2d(data,NULL);
-	buf_in=OPENSSL_malloc((unsigned int)inl);
-	if (buf_in == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	p=buf_in;
-
-	i2d(data,&p);
-	if (!EVP_VerifyInit_ex(&ctx,type, NULL)
-		|| !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl))
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
-		goto err;
-		}
-
-	OPENSSL_cleanse(buf_in,(unsigned int)inl);
-	OPENSSL_free(buf_in);
-
-	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
-			(unsigned int)signature->length,pkey) <= 0)
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
-		goto err;
-		}
-	/* we don't need to zero the 'ctx' because we just checked
-	 * public information */
-	/* memset(&ctx,0,sizeof(ctx)); */
-	ret=1;
-err:
-	EVP_MD_CTX_cleanup(&ctx);
-	return(ret);
-	}
-
-#endif
-
-
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
-		ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
-	{
-	EVP_MD_CTX ctx;
-	unsigned char *buf_in=NULL;
-	int ret= -1,inl;
-
-	int mdnid, pknid;
-
-	if (!pkey)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-		return -1;
-		}
-
-	if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
-		return -1;
-		}
-
-	EVP_MD_CTX_init(&ctx);
-
-	/* Convert signature OID into digest and public key OIDs */
-	if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid))
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
-		goto err;
-		}
-	if (mdnid == NID_undef)
-		{
-		if (!pkey->ameth || !pkey->ameth->item_verify)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
-			goto err;
-			}
-		ret = pkey->ameth->item_verify(&ctx, it, asn, a,
-							signature, pkey);
-		/* Return value of 2 means carry on, anything else means we
-		 * exit straight away: either a fatal error of the underlying
-		 * verification routine handles all verification.
-		 */
-		if (ret != 2)
-			goto err;
-		ret = -1;
-		}
-	else
-		{
-		const EVP_MD *type;
-		type=EVP_get_digestbynid(mdnid);
-		if (type == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-			goto err;
-			}
-
-		/* Check public key OID matches public key type */
-		if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
-			goto err;
-			}
-
-		if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey))
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
-			ret=0;
-			goto err;
-			}
-
-		}
-
-	inl = ASN1_item_i2d(asn, &buf_in, it);
-	
-	if (buf_in == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl))
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
-		goto err;
-		}
-
-	OPENSSL_cleanse(buf_in,(unsigned int)inl);
-	OPENSSL_free(buf_in);
-
-	if (EVP_DigestVerifyFinal(&ctx,signature->data,
-			(size_t)signature->length) <= 0)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
-		goto err;
-		}
-	/* we don't need to zero the 'ctx' because we just checked
-	 * public information */
-	/* memset(&ctx,0,sizeof(ctx)); */
-	ret=1;
-err:
-	EVP_MD_CTX_cleanup(&ctx);
-	return(ret);
-	}
-
-
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
deleted file mode 100644
index ef153d4615..0000000000
--- a/crypto/asn1/ameth_lib.c
+++ /dev/null
@@ -1,465 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include "asn1_locl.h"
-
-extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[];
-extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
-extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
-extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
-
-/* Keep this sorted in type order !! */
-static const EVP_PKEY_ASN1_METHOD *standard_methods[] = 
-	{
-#ifndef OPENSSL_NO_RSA
-	&rsa_asn1_meths[0],
-	&rsa_asn1_meths[1],
-#endif
-#ifndef OPENSSL_NO_DH
-	&dh_asn1_meth,
-#endif
-#ifndef OPENSSL_NO_DSA
-	&dsa_asn1_meths[0],
-	&dsa_asn1_meths[1],
-	&dsa_asn1_meths[2],
-	&dsa_asn1_meths[3],
-	&dsa_asn1_meths[4],
-#endif
-#ifndef OPENSSL_NO_EC
-	&eckey_asn1_meth,
-#endif
-	&hmac_asn1_meth,
-	&cmac_asn1_meth
-	};
-
-typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
-DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD)
-static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;
-
-
-
-#ifdef TEST
-void main()
-	{
-	int i;
-	for (i = 0;
-		i < sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
-		i++)
-		fprintf(stderr, "Number %d id=%d (%s)\n", i,
-			standard_methods[i]->pkey_id,
-			OBJ_nid2sn(standard_methods[i]->pkey_id));
-	}
-#endif
-
-DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
-			   const EVP_PKEY_ASN1_METHOD *, ameth);
-
-static int ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a,
-		     const EVP_PKEY_ASN1_METHOD * const *b)
-	{
-        return ((*a)->pkey_id - (*b)->pkey_id);
-	}
-
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
-			     const EVP_PKEY_ASN1_METHOD *, ameth);
-
-int EVP_PKEY_asn1_get_count(void)
-	{
-	int num = sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
-	if (app_methods)
-		num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
-	return num;
-	}
-
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
-	{
-	int num = sizeof(standard_methods)/sizeof(EVP_PKEY_ASN1_METHOD *);
-	if (idx < 0)
-		return NULL; 
-	if (idx < num)
-		return standard_methods[idx];
-	idx -= num;
-	return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
-	}
-
-static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
-	{
-	EVP_PKEY_ASN1_METHOD tmp;
-	const EVP_PKEY_ASN1_METHOD *t = &tmp, **ret;
-	tmp.pkey_id = type;
-	if (app_methods)
-		{
-		int idx;
-		idx = sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp);
-		if (idx >= 0)
-			return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
-		}
-	ret = OBJ_bsearch_ameth(&t, standard_methods,
-			  sizeof(standard_methods)
-			  /sizeof(EVP_PKEY_ASN1_METHOD *));
-	if (!ret || !*ret)
-		return NULL;
-	return *ret;
-	}
-
-/* Find an implementation of an ASN1 algorithm. If 'pe' is not NULL
- * also search through engines and set *pe to a functional reference
- * to the engine implementing 'type' or NULL if no engine implements 
- * it.
- */
-
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
-	{
-	const EVP_PKEY_ASN1_METHOD *t;
-
-	for (;;)
-		{
-		t = pkey_asn1_find(type);
-		if (!t || !(t->pkey_flags & ASN1_PKEY_ALIAS))
-			break;
-		type = t->pkey_base_id;
-		}
-	if (pe)
-		{
-#ifndef OPENSSL_NO_ENGINE
-		ENGINE *e;
-		/* type will contain the final unaliased type */
-		e = ENGINE_get_pkey_asn1_meth_engine(type);
-		if (e)
-			{
-			*pe = e;
-			return ENGINE_get_pkey_asn1_meth(e, type);
-			}
-#endif
-		*pe = NULL;
-		}
-	return t;
-	}
-
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
-					const char *str, int len)
-	{
-	int i;
-	const EVP_PKEY_ASN1_METHOD *ameth;
-	if (len == -1)
-		len = strlen(str);
-	if (pe)
-		{
-#ifndef OPENSSL_NO_ENGINE
-		ENGINE *e;
-		ameth = ENGINE_pkey_asn1_find_str(&e, str, len);
-		if (ameth)
-			{
-			/* Convert structural into
-			 * functional reference
-			 */
-			if (!ENGINE_init(e))
-				ameth = NULL;
-			ENGINE_free(e);
-			*pe = e;
-			return ameth;
-			}
-#endif
-		*pe = NULL;
-		}
-	for (i = 0; i < EVP_PKEY_asn1_get_count(); i++)
-		{
-		ameth = EVP_PKEY_asn1_get0(i);
-		if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
-			continue;
-		if (((int)strlen(ameth->pem_str) == len) && 
-			!strncasecmp(ameth->pem_str, str, len))
-			return ameth;
-		}
-	return NULL;
-	}
-
-int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
-	{
-	if (app_methods == NULL)
-		{
-		app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
-		if (!app_methods)
-			return 0;
-		}
-	if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
-		return 0;
-	sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
-	return 1;
-	}
-
-int EVP_PKEY_asn1_add_alias(int to, int from)
-	{
-	EVP_PKEY_ASN1_METHOD *ameth;
-	ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL);
-	if (!ameth)
-		return 0;
-	ameth->pkey_base_id = to;
-	if (!EVP_PKEY_asn1_add0(ameth))
-		{
-		EVP_PKEY_asn1_free(ameth);
-		return 0;
-		}
-	return 1;
-	}
-
-int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
-				const char **pinfo, const char **ppem_str,
-					const EVP_PKEY_ASN1_METHOD *ameth)
-	{
-	if (!ameth)
-		return 0;
-	if (ppkey_id)
-		*ppkey_id = ameth->pkey_id;
-	if (ppkey_base_id)
-		*ppkey_base_id = ameth->pkey_base_id;
-	if (ppkey_flags)
-		*ppkey_flags = ameth->pkey_flags;
-	if (pinfo)
-		*pinfo = ameth->info;
-	if (ppem_str)
-		*ppem_str = ameth->pem_str;
-	return 1;
-	}
-
-const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey)
-	{
-	return pkey->ameth;
-	}
-
-EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
-					const char *pem_str, const char *info)
-	{
-	EVP_PKEY_ASN1_METHOD *ameth;
-	ameth = OPENSSL_malloc(sizeof(EVP_PKEY_ASN1_METHOD));
-	if (!ameth)
-		return NULL;
-
-	memset(ameth, 0, sizeof(EVP_PKEY_ASN1_METHOD));
-
-	ameth->pkey_id = id;
-	ameth->pkey_base_id = id;
-	ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC;
-
-	if (info)
-		{
-		ameth->info = BUF_strdup(info);
-		if (!ameth->info)
-			goto err;
-		}
-	else
-		ameth->info = NULL;
-
-	if (pem_str)
-		{
-		ameth->pem_str = BUF_strdup(pem_str);
-		if (!ameth->pem_str)
-			goto err;
-		}
-	else
-		ameth->pem_str = NULL;
-
-	ameth->pub_decode = 0;
-	ameth->pub_encode = 0;
-	ameth->pub_cmp = 0;
-	ameth->pub_print = 0;
-
-	ameth->priv_decode = 0;
-	ameth->priv_encode = 0;
-	ameth->priv_print = 0;
-
-	ameth->old_priv_encode = 0;
-	ameth->old_priv_decode = 0;
-
-	ameth->item_verify = 0;
-	ameth->item_sign = 0;
-
-	ameth->pkey_size = 0;
-	ameth->pkey_bits = 0;
-
-	ameth->param_decode = 0;
-	ameth->param_encode = 0;
-	ameth->param_missing = 0;
-	ameth->param_copy = 0;
-	ameth->param_cmp = 0;
-	ameth->param_print = 0;
-
-	ameth->pkey_free = 0;
-	ameth->pkey_ctrl = 0;
-
-	return ameth;
-
-	err:
-
-	EVP_PKEY_asn1_free(ameth);
-	return NULL;
-
-	}
-
-void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, 
-			const EVP_PKEY_ASN1_METHOD *src)
-	{
-
-	dst->pub_decode = src->pub_decode;
-	dst->pub_encode = src->pub_encode;
-	dst->pub_cmp = src->pub_cmp;
-	dst->pub_print = src->pub_print;
-
-	dst->priv_decode = src->priv_decode;
-	dst->priv_encode = src->priv_encode;
-	dst->priv_print = src->priv_print;
-
-	dst->old_priv_encode = src->old_priv_encode;
-	dst->old_priv_decode = src->old_priv_decode;
-
-	dst->pkey_size = src->pkey_size;
-	dst->pkey_bits = src->pkey_bits;
-
-	dst->param_decode = src->param_decode;
-	dst->param_encode = src->param_encode;
-	dst->param_missing = src->param_missing;
-	dst->param_copy = src->param_copy;
-	dst->param_cmp = src->param_cmp;
-	dst->param_print = src->param_print;
-
-	dst->pkey_free = src->pkey_free;
-	dst->pkey_ctrl = src->pkey_ctrl;
-
-	dst->item_sign = src->item_sign;
-	dst->item_verify = src->item_verify;
-
-	}
-
-void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
-	{
-	if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC))
-		{
-		if (ameth->pem_str)
-			OPENSSL_free(ameth->pem_str);
-		if (ameth->info)
-			OPENSSL_free(ameth->info);
-		OPENSSL_free(ameth);
-		}
-	}
-
-void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
-		int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub),
-		int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk),
-		int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
-		int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *pctx),
-		int (*pkey_size)(const EVP_PKEY *pk),
-		int (*pkey_bits)(const EVP_PKEY *pk))
-	{
-	ameth->pub_decode = pub_decode;
-	ameth->pub_encode = pub_encode;
-	ameth->pub_cmp = pub_cmp;
-	ameth->pub_print = pub_print;
-	ameth->pkey_size = pkey_size;
-	ameth->pkey_bits = pkey_bits;
-	}
-
-void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
-		int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf),
-		int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk),
-		int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *pctx))
-	{
-	ameth->priv_decode = priv_decode;
-	ameth->priv_encode = priv_encode;
-	ameth->priv_print = priv_print;
-	}
-
-void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
-		int (*param_decode)(EVP_PKEY *pkey,
-				const unsigned char **pder, int derlen),
-		int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder),
-		int (*param_missing)(const EVP_PKEY *pk),
-		int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from),
-		int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
-		int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *pctx))
-	{
-	ameth->param_decode = param_decode;
-	ameth->param_encode = param_encode;
-	ameth->param_missing = param_missing;
-	ameth->param_copy = param_copy;
-	ameth->param_cmp = param_cmp;
-	ameth->param_print = param_print;
-	}
-
-void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
-		void (*pkey_free)(EVP_PKEY *pkey))
-	{
-	ameth->pkey_free = pkey_free;
-	}
-
-void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
-		int (*pkey_ctrl)(EVP_PKEY *pkey, int op,
-							long arg1, void *arg2))
-	{
-	ameth->pkey_ctrl = pkey_ctrl;
-	}
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
deleted file mode 100644
index 3c45d5d03f..0000000000
--- a/crypto/asn1/asn1.h
+++ /dev/null
@@ -1,1406 +0,0 @@
-/* crypto/asn1/asn1.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ASN1_H
-#define HEADER_ASN1_H
-
-#include <time.h>
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/stack.h>
-#include <openssl/safestack.h>
-
-#include <openssl/symhacks.h>
-
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define V_ASN1_UNIVERSAL		0x00
-#define	V_ASN1_APPLICATION		0x40
-#define V_ASN1_CONTEXT_SPECIFIC		0x80
-#define V_ASN1_PRIVATE			0xc0
-
-#define V_ASN1_CONSTRUCTED		0x20
-#define V_ASN1_PRIMITIVE_TAG		0x1f
-#define V_ASN1_PRIMATIVE_TAG		0x1f
-
-#define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */
-#define V_ASN1_OTHER			-3	/* used in ASN1_TYPE */
-#define V_ASN1_ANY			-4	/* used in ASN1 template code */
-
-#define V_ASN1_NEG			0x100	/* negative flag */
-
-#define V_ASN1_UNDEF			-1
-#define V_ASN1_EOC			0
-#define V_ASN1_BOOLEAN			1	/**/
-#define V_ASN1_INTEGER			2
-#define V_ASN1_NEG_INTEGER		(2 | V_ASN1_NEG)
-#define V_ASN1_BIT_STRING		3
-#define V_ASN1_OCTET_STRING		4
-#define V_ASN1_NULL			5
-#define V_ASN1_OBJECT			6
-#define V_ASN1_OBJECT_DESCRIPTOR	7
-#define V_ASN1_EXTERNAL			8
-#define V_ASN1_REAL			9
-#define V_ASN1_ENUMERATED		10
-#define V_ASN1_NEG_ENUMERATED		(10 | V_ASN1_NEG)
-#define V_ASN1_UTF8STRING		12
-#define V_ASN1_SEQUENCE			16
-#define V_ASN1_SET			17
-#define V_ASN1_NUMERICSTRING		18	/**/
-#define V_ASN1_PRINTABLESTRING		19
-#define V_ASN1_T61STRING		20
-#define V_ASN1_TELETEXSTRING		20	/* alias */
-#define V_ASN1_VIDEOTEXSTRING		21	/**/
-#define V_ASN1_IA5STRING		22
-#define V_ASN1_UTCTIME			23
-#define V_ASN1_GENERALIZEDTIME		24	/**/
-#define V_ASN1_GRAPHICSTRING		25	/**/
-#define V_ASN1_ISO64STRING		26	/**/
-#define V_ASN1_VISIBLESTRING		26	/* alias */
-#define V_ASN1_GENERALSTRING		27	/**/
-#define V_ASN1_UNIVERSALSTRING		28	/**/
-#define V_ASN1_BMPSTRING		30
-
-/* For use with d2i_ASN1_type_bytes() */
-#define B_ASN1_NUMERICSTRING	0x0001
-#define B_ASN1_PRINTABLESTRING	0x0002
-#define B_ASN1_T61STRING	0x0004
-#define B_ASN1_TELETEXSTRING	0x0004
-#define B_ASN1_VIDEOTEXSTRING	0x0008
-#define B_ASN1_IA5STRING	0x0010
-#define B_ASN1_GRAPHICSTRING	0x0020
-#define B_ASN1_ISO64STRING	0x0040
-#define B_ASN1_VISIBLESTRING	0x0040
-#define B_ASN1_GENERALSTRING	0x0080
-#define B_ASN1_UNIVERSALSTRING	0x0100
-#define B_ASN1_OCTET_STRING	0x0200
-#define B_ASN1_BIT_STRING	0x0400
-#define B_ASN1_BMPSTRING	0x0800
-#define B_ASN1_UNKNOWN		0x1000
-#define B_ASN1_UTF8STRING	0x2000
-#define B_ASN1_UTCTIME		0x4000
-#define B_ASN1_GENERALIZEDTIME	0x8000
-#define B_ASN1_SEQUENCE		0x10000
-
-/* For use with ASN1_mbstring_copy() */
-#define MBSTRING_FLAG		0x1000
-#define MBSTRING_UTF8		(MBSTRING_FLAG)
-#define MBSTRING_ASC		(MBSTRING_FLAG|1)
-#define MBSTRING_BMP		(MBSTRING_FLAG|2)
-#define MBSTRING_UNIV		(MBSTRING_FLAG|4)
-
-#define SMIME_OLDMIME		0x400
-#define SMIME_CRLFEOL		0x800
-#define SMIME_STREAM		0x1000
-
-struct X509_algor_st;
-DECLARE_STACK_OF(X509_ALGOR)
-
-#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
-#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
-
-/* We MUST make sure that, except for constness, asn1_ctx_st and
-   asn1_const_ctx are exactly the same.  Fortunately, as soon as
-   the old ASN1 parsing macros are gone, we can throw this away
-   as well... */
-typedef struct asn1_ctx_st
-	{
-	unsigned char *p;/* work char pointer */
-	int eos;	/* end of sequence read for indefinite encoding */
-	int error;	/* error code to use when returning an error */
-	int inf;	/* constructed if 0x20, indefinite is 0x21 */
-	int tag;	/* tag from last 'get object' */
-	int xclass;	/* class from last 'get object' */
-	long slen;	/* length of last 'get object' */
-	unsigned char *max; /* largest value of p allowed */
-	unsigned char *q;/* temporary variable */
-	unsigned char **pp;/* variable */
-	int line;	/* used in error processing */
-	} ASN1_CTX;
-
-typedef struct asn1_const_ctx_st
-	{
-	const unsigned char *p;/* work char pointer */
-	int eos;	/* end of sequence read for indefinite encoding */
-	int error;	/* error code to use when returning an error */
-	int inf;	/* constructed if 0x20, indefinite is 0x21 */
-	int tag;	/* tag from last 'get object' */
-	int xclass;	/* class from last 'get object' */
-	long slen;	/* length of last 'get object' */
-	const unsigned char *max; /* largest value of p allowed */
-	const unsigned char *q;/* temporary variable */
-	const unsigned char **pp;/* variable */
-	int line;	/* used in error processing */
-	} ASN1_const_CTX;
-
-/* These are used internally in the ASN1_OBJECT to keep track of
- * whether the names and data need to be free()ed */
-#define ASN1_OBJECT_FLAG_DYNAMIC	 0x01	/* internal use */
-#define ASN1_OBJECT_FLAG_CRITICAL	 0x02	/* critical x509v3 object id */
-#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04	/* internal use */
-#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 	 0x08	/* internal use */
-typedef struct asn1_object_st
-	{
-	const char *sn,*ln;
-	int nid;
-	int length;
-	const unsigned char *data;	/* data remains const after init */
-	int flags;	/* Should we free this one */
-	} ASN1_OBJECT;
-
-#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
-/* This indicates that the ASN1_STRING is not a real value but just a place
- * holder for the location where indefinite length constructed data should
- * be inserted in the memory buffer 
- */
-#define ASN1_STRING_FLAG_NDEF 0x010 
-
-/* This flag is used by the CMS code to indicate that a string is not
- * complete and is a place holder for content when it had all been 
- * accessed. The flag will be reset when content has been written to it.
- */
-
-#define ASN1_STRING_FLAG_CONT 0x020 
-/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
- * type.
- */
-#define ASN1_STRING_FLAG_MSTRING 0x040 
-/* This is the base type that holds just about everything :-) */
-struct asn1_string_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	/* The value of the following field depends on the type being
-	 * held.  It is mostly being used for BIT_STRING so if the
-	 * input data has a non-zero 'unused bits' value, it will be
-	 * handled correctly */
-	long flags;
-	};
-
-/* ASN1_ENCODING structure: this is used to save the received
- * encoding of an ASN1 type. This is useful to get round
- * problems with invalid encodings which can break signatures.
- */
-
-typedef struct ASN1_ENCODING_st
-	{
-	unsigned char *enc;	/* DER encoding */
-	long len;		/* Length of encoding */
-	int modified;		 /* set to 1 if 'enc' is invalid */
-	} ASN1_ENCODING;
-
-/* Used with ASN1 LONG type: if a long is set to this it is omitted */
-#define ASN1_LONG_UNDEF	0x7fffffffL
-
-#define STABLE_FLAGS_MALLOC	0x01
-#define STABLE_NO_MASK		0x02
-#define DIRSTRING_TYPE	\
- (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
-#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
-
-typedef struct asn1_string_table_st {
-	int nid;
-	long minsize;
-	long maxsize;
-	unsigned long mask;
-	unsigned long flags;
-} ASN1_STRING_TABLE;
-
-DECLARE_STACK_OF(ASN1_STRING_TABLE)
-
-/* size limits: this stuff is taken straight from RFC2459 */
-
-#define ub_name				32768
-#define ub_common_name			64
-#define ub_locality_name		128
-#define ub_state_name			128
-#define ub_organization_name		64
-#define ub_organization_unit_name	64
-#define ub_title			64
-#define ub_email_address		128
-
-/* Declarations for template structures: for full definitions
- * see asn1t.h
- */
-typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
-typedef struct ASN1_TLC_st ASN1_TLC;
-/* This is just an opaque pointer */
-typedef struct ASN1_VALUE_st ASN1_VALUE;
-
-/* Declare ASN1 functions: the implement macro in in asn1t.h */
-
-#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
-
-#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
-
-#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
-
-#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
-
-#define	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
-	type *d2i_##name(type **a, const unsigned char **in, long len); \
-	int i2d_##name(type *a, unsigned char **out); \
-	DECLARE_ASN1_ITEM(itname)
-
-#define	DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
-	type *d2i_##name(type **a, const unsigned char **in, long len); \
-	int i2d_##name(const type *a, unsigned char **out); \
-	DECLARE_ASN1_ITEM(name)
-
-#define	DECLARE_ASN1_NDEF_FUNCTION(name) \
-	int i2d_##name##_NDEF(name *a, unsigned char **out);
-
-#define DECLARE_ASN1_FUNCTIONS_const(name) \
-	DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
-	DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
-
-#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-	type *name##_new(void); \
-	void name##_free(type *a);
-
-#define DECLARE_ASN1_PRINT_FUNCTION(stname) \
-	DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
-
-#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
-	int fname##_print_ctx(BIO *out, stname *x, int indent, \
-					 const ASN1_PCTX *pctx);
-
-#define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
-#define I2D_OF(type) int (*)(type *,unsigned char **)
-#define I2D_OF_const(type) int (*)(const type *,unsigned char **)
-
-#define CHECKED_D2I_OF(type, d2i) \
-    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
-#define CHECKED_I2D_OF(type, i2d) \
-    ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
-#define CHECKED_NEW_OF(type, xnew) \
-    ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
-#define CHECKED_PTR_OF(type, p) \
-    ((void*) (1 ? p : (type*)0))
-#define CHECKED_PPTR_OF(type, p) \
-    ((void**) (1 ? p : (type**)0))
-
-#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
-#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
-#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
-
-TYPEDEF_D2I2D_OF(void);
-
-/* The following macros and typedefs allow an ASN1_ITEM
- * to be embedded in a structure and referenced. Since
- * the ASN1_ITEM pointers need to be globally accessible
- * (possibly from shared libraries) they may exist in
- * different forms. On platforms that support it the
- * ASN1_ITEM structure itself will be globally exported.
- * Other platforms will export a function that returns
- * an ASN1_ITEM pointer.
- *
- * To handle both cases transparently the macros below
- * should be used instead of hard coding an ASN1_ITEM
- * pointer in a structure.
- *
- * The structure will look like this:
- *
- * typedef struct SOMETHING_st {
- *      ...
- *      ASN1_ITEM_EXP *iptr;
- *      ...
- * } SOMETHING; 
- *
- * It would be initialised as e.g.:
- *
- * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
- *
- * and the actual pointer extracted with:
- *
- * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
- *
- * Finally an ASN1_ITEM pointer can be extracted from an
- * appropriate reference with: ASN1_ITEM_rptr(X509). This
- * would be used when a function takes an ASN1_ITEM * argument.
- *
- */
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM ASN1_ITEM_EXP;
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#define ASN1_ITEM_ptr(iptr) (iptr)
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
-
-#define ASN1_ITEM_rptr(ref) (&(ref##_it))
-
-#define DECLARE_ASN1_ITEM(name) \
-	OPENSSL_EXTERN const ASN1_ITEM name##_it;
-
-#else
-
-/* Platforms that can't easily handle shared global variables are declared
- * as functions returning ASN1_ITEM pointers.
- */
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#define ASN1_ITEM_ptr(iptr) (iptr())
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#define ASN1_ITEM_ref(iptr) (iptr##_it)
-
-#define ASN1_ITEM_rptr(ref) (ref##_it())
-
-#define DECLARE_ASN1_ITEM(name) \
-	const ASN1_ITEM * name##_it(void);
-
-#endif
-
-/* Parameters used by ASN1_STRING_print_ex() */
-
-/* These determine which characters to escape:
- * RFC2253 special characters, control characters and
- * MSB set characters
- */
-
-#define ASN1_STRFLGS_ESC_2253		1
-#define ASN1_STRFLGS_ESC_CTRL		2
-#define ASN1_STRFLGS_ESC_MSB		4
-
-
-/* This flag determines how we do escaping: normally
- * RC2253 backslash only, set this to use backslash and
- * quote.
- */
-
-#define ASN1_STRFLGS_ESC_QUOTE		8
-
-
-/* These three flags are internal use only. */
-
-/* Character is a valid PrintableString character */
-#define CHARTYPE_PRINTABLESTRING	0x10
-/* Character needs escaping if it is the first character */
-#define CHARTYPE_FIRST_ESC_2253		0x20
-/* Character needs escaping if it is the last character */
-#define CHARTYPE_LAST_ESC_2253		0x40
-
-/* NB the internal flags are safely reused below by flags
- * handled at the top level.
- */
-
-/* If this is set we convert all character strings
- * to UTF8 first 
- */
-
-#define ASN1_STRFLGS_UTF8_CONVERT	0x10
-
-/* If this is set we don't attempt to interpret content:
- * just assume all strings are 1 byte per character. This
- * will produce some pretty odd looking output!
- */
-
-#define ASN1_STRFLGS_IGNORE_TYPE	0x20
-
-/* If this is set we include the string type in the output */
-#define ASN1_STRFLGS_SHOW_TYPE		0x40
-
-/* This determines which strings to display and which to
- * 'dump' (hex dump of content octets or DER encoding). We can
- * only dump non character strings or everything. If we
- * don't dump 'unknown' they are interpreted as character
- * strings with 1 octet per character and are subject to
- * the usual escaping options.
- */
-
-#define ASN1_STRFLGS_DUMP_ALL		0x80
-#define ASN1_STRFLGS_DUMP_UNKNOWN	0x100
-
-/* These determine what 'dumping' does, we can dump the
- * content octets or the DER encoding: both use the
- * RFC2253 #XXXXX notation.
- */
-
-#define ASN1_STRFLGS_DUMP_DER		0x200
-
-/* All the string flags consistent with RFC2253,
- * escaping control characters isn't essential in
- * RFC2253 but it is advisable anyway.
- */
-
-#define ASN1_STRFLGS_RFC2253	(ASN1_STRFLGS_ESC_2253 | \
-				ASN1_STRFLGS_ESC_CTRL | \
-				ASN1_STRFLGS_ESC_MSB | \
-				ASN1_STRFLGS_UTF8_CONVERT | \
-				ASN1_STRFLGS_DUMP_UNKNOWN | \
-				ASN1_STRFLGS_DUMP_DER)
-
-DECLARE_STACK_OF(ASN1_INTEGER)
-DECLARE_ASN1_SET_OF(ASN1_INTEGER)
-
-DECLARE_STACK_OF(ASN1_GENERALSTRING)
-
-typedef struct asn1_type_st
-	{
-	int type;
-	union	{
-		char *ptr;
-		ASN1_BOOLEAN		boolean;
-		ASN1_STRING *		asn1_string;
-		ASN1_OBJECT *		object;
-		ASN1_INTEGER *		integer;
-		ASN1_ENUMERATED *	enumerated;
-		ASN1_BIT_STRING *	bit_string;
-		ASN1_OCTET_STRING *	octet_string;
-		ASN1_PRINTABLESTRING *	printablestring;
-		ASN1_T61STRING *	t61string;
-		ASN1_IA5STRING *	ia5string;
-		ASN1_GENERALSTRING *	generalstring;
-		ASN1_BMPSTRING *	bmpstring;
-		ASN1_UNIVERSALSTRING *	universalstring;
-		ASN1_UTCTIME *		utctime;
-		ASN1_GENERALIZEDTIME *	generalizedtime;
-		ASN1_VISIBLESTRING *	visiblestring;
-		ASN1_UTF8STRING *	utf8string;
-		/* set and sequence are left complete and still
-		 * contain the set or sequence bytes */
-		ASN1_STRING *		set;
-		ASN1_STRING *		sequence;
-		ASN1_VALUE *		asn1_value;
-		} value;
-	} ASN1_TYPE;
-
-DECLARE_STACK_OF(ASN1_TYPE)
-DECLARE_ASN1_SET_OF(ASN1_TYPE)
-
-typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
-
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
-
-typedef struct NETSCAPE_X509_st
-	{
-	ASN1_OCTET_STRING *header;
-	X509 *cert;
-	} NETSCAPE_X509;
-
-/* This is used to contain a list of bit names */
-typedef struct BIT_STRING_BITNAME_st {
-	int bitnum;
-	const char *lname;
-	const char *sname;
-} BIT_STRING_BITNAME;
-
-
-#define M_ASN1_STRING_length(x)	((x)->length)
-#define M_ASN1_STRING_length_set(x, n)	((x)->length = (n))
-#define M_ASN1_STRING_type(x)	((x)->type)
-#define M_ASN1_STRING_data(x)	((x)->data)
-
-/* Macros for string operations */
-#define M_ASN1_BIT_STRING_new()	(ASN1_BIT_STRING *)\
-		ASN1_STRING_type_new(V_ASN1_BIT_STRING)
-#define M_ASN1_BIT_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
-		ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
-		(const ASN1_STRING *)a,(const ASN1_STRING *)b)
-#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
-
-#define M_ASN1_INTEGER_new()	(ASN1_INTEGER *)\
-		ASN1_STRING_type_new(V_ASN1_INTEGER)
-#define M_ASN1_INTEGER_free(a)		ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\
-		ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_ASN1_INTEGER_cmp(a,b)	ASN1_STRING_cmp(\
-		(const ASN1_STRING *)a,(const ASN1_STRING *)b)
-
-#define M_ASN1_ENUMERATED_new()	(ASN1_ENUMERATED *)\
-		ASN1_STRING_type_new(V_ASN1_ENUMERATED)
-#define M_ASN1_ENUMERATED_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\
-		ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_cmp(a,b)	ASN1_STRING_cmp(\
-		(const ASN1_STRING *)a,(const ASN1_STRING *)b)
-
-#define M_ASN1_OCTET_STRING_new()	(ASN1_OCTET_STRING *)\
-		ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
-#define M_ASN1_OCTET_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
-		ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
-		(const ASN1_STRING *)a,(const ASN1_STRING *)b)
-#define M_ASN1_OCTET_STRING_set(a,b,c)	ASN1_STRING_set((ASN1_STRING *)a,b,c)
-#define M_ASN1_OCTET_STRING_print(a,b)	ASN1_STRING_print(a,(ASN1_STRING *)b)
-#define M_i2d_ASN1_OCTET_STRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
-		V_ASN1_UNIVERSAL)
-
-#define B_ASN1_TIME \
-			B_ASN1_UTCTIME | \
-			B_ASN1_GENERALIZEDTIME
-
-#define B_ASN1_PRINTABLE \
-			B_ASN1_NUMERICSTRING| \
-			B_ASN1_PRINTABLESTRING| \
-			B_ASN1_T61STRING| \
-			B_ASN1_IA5STRING| \
-			B_ASN1_BIT_STRING| \
-			B_ASN1_UNIVERSALSTRING|\
-			B_ASN1_BMPSTRING|\
-			B_ASN1_UTF8STRING|\
-			B_ASN1_SEQUENCE|\
-			B_ASN1_UNKNOWN
-
-#define B_ASN1_DIRECTORYSTRING \
-			B_ASN1_PRINTABLESTRING| \
-			B_ASN1_TELETEXSTRING|\
-			B_ASN1_BMPSTRING|\
-			B_ASN1_UNIVERSALSTRING|\
-			B_ASN1_UTF8STRING
-
-#define B_ASN1_DISPLAYTEXT \
-			B_ASN1_IA5STRING| \
-			B_ASN1_VISIBLESTRING| \
-			B_ASN1_BMPSTRING|\
-			B_ASN1_UTF8STRING
-
-#define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-		pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_PRINTABLE)
-
-#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-#define M_DIRECTORYSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-						pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_DIRECTORYSTRING(a,pp,l) \
-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_DIRECTORYSTRING)
-
-#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-						pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_DISPLAYTEXT(a,pp,l) \
-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_DISPLAYTEXT)
-
-#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
-		ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-#define M_ASN1_PRINTABLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
-		V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
-		(ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
-
-#define M_ASN1_T61STRING_new()	(ASN1_T61STRING *)\
-		ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_T61STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_T61STRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
-		V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_T61STRING(a,pp,l) \
-		(ASN1_T61STRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
-
-#define M_ASN1_IA5STRING_new()	(ASN1_IA5STRING *)\
-		ASN1_STRING_type_new(V_ASN1_IA5STRING)
-#define M_ASN1_IA5STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_IA5STRING_dup(a)	\
-		(ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_i2d_ASN1_IA5STRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
-			V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_IA5STRING(a,pp,l) \
-		(ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
-			B_ASN1_IA5STRING)
-
-#define M_ASN1_UTCTIME_new()	(ASN1_UTCTIME *)\
-		ASN1_STRING_type_new(V_ASN1_UTCTIME)
-#define M_ASN1_UTCTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\
-		ASN1_STRING_dup((const ASN1_STRING *)a)
-
-#define M_ASN1_GENERALIZEDTIME_new()	(ASN1_GENERALIZEDTIME *)\
-		ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
-#define M_ASN1_GENERALIZEDTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
-	(const ASN1_STRING *)a)
-
-#define M_ASN1_TIME_new()	(ASN1_TIME *)\
-		ASN1_STRING_type_new(V_ASN1_UTCTIME)
-#define M_ASN1_TIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)\
-	ASN1_STRING_dup((const ASN1_STRING *)a)
-
-#define M_ASN1_GENERALSTRING_new()	(ASN1_GENERALSTRING *)\
-		ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
-#define M_ASN1_GENERALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_GENERALSTRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
-			V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
-		(ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
-
-#define M_ASN1_UNIVERSALSTRING_new()	(ASN1_UNIVERSALSTRING *)\
-		ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
-#define M_ASN1_UNIVERSALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
-			V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
-		(ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
-
-#define M_ASN1_BMPSTRING_new()	(ASN1_BMPSTRING *)\
-		ASN1_STRING_type_new(V_ASN1_BMPSTRING)
-#define M_ASN1_BMPSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_BMPSTRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
-			V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_BMPSTRING(a,pp,l) \
-		(ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
-
-#define M_ASN1_VISIBLESTRING_new()	(ASN1_VISIBLESTRING *)\
-		ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-#define M_ASN1_VISIBLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_VISIBLESTRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
-			V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
-		(ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
-
-#define M_ASN1_UTF8STRING_new()	(ASN1_UTF8STRING *)\
-		ASN1_STRING_type_new(V_ASN1_UTF8STRING)
-#define M_ASN1_UTF8STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_UTF8STRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
-			V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
-		(ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
-
-  /* for the is_set parameter to i2d_ASN1_SET */
-#define IS_SEQUENCE	0
-#define IS_SET		1
-
-DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
-
-int ASN1_TYPE_get(ASN1_TYPE *a);
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
-int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
-int            ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
-
-ASN1_OBJECT *	ASN1_OBJECT_new(void );
-void		ASN1_OBJECT_free(ASN1_OBJECT *a);
-int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
-ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
-			long length);
-ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
-			long length);
-
-DECLARE_ASN1_ITEM(ASN1_OBJECT)
-
-DECLARE_STACK_OF(ASN1_OBJECT)
-DECLARE_ASN1_SET_OF(ASN1_OBJECT)
-
-ASN1_STRING *	ASN1_STRING_new(void);
-void		ASN1_STRING_free(ASN1_STRING *a);
-int		ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
-ASN1_STRING *	ASN1_STRING_dup(const ASN1_STRING *a);
-ASN1_STRING *	ASN1_STRING_type_new(int type );
-int 		ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
-  /* Since this is used to store all sorts of things, via macros, for now, make
-     its data void * */
-int 		ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
-void		ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
-int ASN1_STRING_length(const ASN1_STRING *x);
-void ASN1_STRING_length_set(ASN1_STRING *x, int n);
-int ASN1_STRING_type(ASN1_STRING *x);
-unsigned char * ASN1_STRING_data(ASN1_STRING *x);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-int		i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp,
-			long length);
-int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
-			int length );
-int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
-int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
-int            ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
-                                     unsigned char *flags, int flags_len);
-
-#ifndef OPENSSL_NO_BIO
-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
-				BIT_STRING_BITNAME *tbl, int indent);
-#endif
-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
-				BIT_STRING_BITNAME *tbl);
-
-int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
-int 		d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
-int		i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,
-			long length);
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp,
-			long length);
-ASN1_INTEGER *	ASN1_INTEGER_dup(const ASN1_INTEGER *x);
-int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
-
-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
-ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
-ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
-				int offset_day, long offset_sec);
-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
-int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
-#if 0
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
-#endif
-
-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
-	     time_t t, int offset_day, long offset_sec);
-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-ASN1_OCTET_STRING *	ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
-int 	ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b);
-int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
-DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
-
-int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
-int UTF8_putc(unsigned char *str, int len, unsigned long value);
-
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
-
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
-DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
-
-DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
-
-ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
-ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t,
-				int offset_day, long offset_sec);
-int ASN1_TIME_check(ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
-int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
-
-int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
-		 i2d_of_void *i2d, int ex_tag, int ex_class,
-		 int is_set);
-STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
-			      const unsigned char **pp,
-			      long length, d2i_of_void *d2i,
-			      void (*free_func)(OPENSSL_BLOCK), int ex_tag,
-			      int ex_class);
-
-#ifndef OPENSSL_NO_BIO
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
-int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
-int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);
-int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
-int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
-#endif
-int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
-
-int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
-	const char *sn, const char *ln);
-
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
-long ASN1_INTEGER_get(const ASN1_INTEGER *a);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
-BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai,BIGNUM *bn);
-
-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
-
-/* General */
-/* given a string, return the correct type, max is the maximum length */
-int ASN1_PRINTABLE_type(const unsigned char *s, int max);
-
-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
-	long length, int Ptag, int Pclass);
-unsigned long ASN1_tag2bit(int tag);
-/* type is one or more of the B_ASN1_ values. */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp,
-		long length,int type);
-
-/* PARSING */
-int asn1_Finish(ASN1_CTX *c);
-int asn1_const_Finish(ASN1_const_CTX *c);
-
-/* SPECIALS */
-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
-	int *pclass, long omax);
-int ASN1_check_infinite_end(unsigned char **p,long len);
-int ASN1_const_check_infinite_end(const unsigned char **p,long len);
-void ASN1_put_object(unsigned char **pp, int constructed, int length,
-	int tag, int xclass);
-int ASN1_put_eoc(unsigned char **pp);
-int ASN1_object_size(int constructed, int length, int tag);
-
-/* Used to implement other functions */
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
-
-#define ASN1_dup_of(type,i2d,d2i,x) \
-    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
-		     CHECKED_D2I_OF(type, d2i), \
-		     CHECKED_PTR_OF(type, x)))
-
-#define ASN1_dup_of_const(type,i2d,d2i,x) \
-    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
-		     CHECKED_D2I_OF(type, d2i), \
-		     CHECKED_PTR_OF(const type, x)))
-
-void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
-
-/* ASN1 alloc/free macros for when a type is only used internally */
-
-#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
-#define M_ASN1_free_of(x, type) \
-		ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
-
-#ifndef OPENSSL_NO_FP_API
-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
-
-#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
-    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
-			CHECKED_D2I_OF(type, d2i), \
-			in, \
-			CHECKED_PPTR_OF(type, x)))
-
-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
-int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x);
-
-#define ASN1_i2d_fp_of(type,i2d,out,x) \
-    (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
-		 out, \
-		 CHECKED_PTR_OF(type, x)))
-
-#define ASN1_i2d_fp_of_const(type,i2d,out,x) \
-    (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
-		 out, \
-		 CHECKED_PTR_OF(const type, x)))
-
-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
-#endif
-
-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
-
-#ifndef OPENSSL_NO_BIO
-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);
-
-#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
-    ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
-			  CHECKED_D2I_OF(type, d2i), \
-			  in, \
-			  CHECKED_PPTR_OF(type, x)))
-
-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
-int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
-
-#define ASN1_i2d_bio_of(type,i2d,out,x) \
-    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
-		  out, \
-		  CHECKED_PTR_OF(type, x)))
-
-#define ASN1_i2d_bio_of_const(type,i2d,out,x) \
-    (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
-		  out, \
-		  CHECKED_PTR_OF(const type, x)))
-
-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
-int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
-int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
-int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
-int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
-int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
-				unsigned char *buf, int off);
-int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);
-int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);
-#endif
-const char *ASN1_tag2str(int tag);
-
-/* Used to load and write netscape format cert */
-
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)
-
-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
-
-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
-	unsigned char *data, int len);
-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,
-	unsigned char *data, int max_len);
-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
-	unsigned char *data, int len);
-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
-	unsigned char *data, int max_len);
-
-STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
-				 d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK));
-unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
-			     unsigned char **buf, int *len );
-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
-			      ASN1_OCTET_STRING **oct);
-
-#define ASN1_pack_string_of(type,obj,i2d,oct) \
-    (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \
-		      CHECKED_I2D_OF(type, i2d), \
-		      oct))
-
-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
-
-void ASN1_STRING_set_default_mask(unsigned long mask);
-int ASN1_STRING_set_default_mask_asc(const char *p);
-unsigned long ASN1_STRING_get_default_mask(void);
-int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
-					int inform, unsigned long mask);
-int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
-					int inform, unsigned long mask, 
-					long minsize, long maxsize);
-
-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, 
-		const unsigned char *in, int inlen, int inform, int nid);
-ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
-int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
-void ASN1_STRING_TABLE_cleanup(void);
-
-/* ASN1 template functions */
-
-/* Old API compatible functions */
-ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
-void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
-ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it);
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-
-void ASN1_add_oid_module(void);
-
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-
-/* ASN1 Print flags */
-
-/* Indicate missing OPTIONAL fields */
-#define ASN1_PCTX_FLAGS_SHOW_ABSENT		0x001	
-/* Mark start and end of SEQUENCE */
-#define ASN1_PCTX_FLAGS_SHOW_SEQUENCE		0x002
-/* Mark start and end of SEQUENCE/SET OF */
-#define ASN1_PCTX_FLAGS_SHOW_SSOF		0x004
-/* Show the ASN1 type of primitives */
-#define ASN1_PCTX_FLAGS_SHOW_TYPE		0x008
-/* Don't show ASN1 type of ANY */
-#define ASN1_PCTX_FLAGS_NO_ANY_TYPE		0x010
-/* Don't show ASN1 type of MSTRINGs */
-#define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE		0x020
-/* Don't show field names in SEQUENCE */
-#define ASN1_PCTX_FLAGS_NO_FIELD_NAME		0x040
-/* Show structure names of each SEQUENCE field */
-#define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME	0x080
-/* Don't show structure name even at top level */
-#define ASN1_PCTX_FLAGS_NO_STRUCT_NAME		0x100
-
-int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
-				const ASN1_ITEM *it, const ASN1_PCTX *pctx);
-ASN1_PCTX *ASN1_PCTX_new(void);
-void ASN1_PCTX_free(ASN1_PCTX *p);
-unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
-
-BIO_METHOD *BIO_f_asn1(void);
-
-BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
-
-int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-				const ASN1_ITEM *it);
-int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-				const char *hdr,
-				const ASN1_ITEM *it);
-int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
-				int ctype_nid, int econt_nid,
-				STACK_OF(X509_ALGOR) *mdalgs,
-				const ASN1_ITEM *it);
-ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
-int SMIME_text(BIO *in, BIO *out);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ASN1_strings(void);
-
-/* Error codes for the ASN1 functions. */
-
-/* Function codes. */
-#define ASN1_F_A2D_ASN1_OBJECT				 100
-#define ASN1_F_A2I_ASN1_ENUMERATED			 101
-#define ASN1_F_A2I_ASN1_INTEGER				 102
-#define ASN1_F_A2I_ASN1_STRING				 103
-#define ASN1_F_APPEND_EXP				 176
-#define ASN1_F_ASN1_BIT_STRING_SET_BIT			 183
-#define ASN1_F_ASN1_CB					 177
-#define ASN1_F_ASN1_CHECK_TLEN				 104
-#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 105
-#define ASN1_F_ASN1_COLLECT				 106
-#define ASN1_F_ASN1_D2I_EX_PRIMITIVE			 108
-#define ASN1_F_ASN1_D2I_FP				 109
-#define ASN1_F_ASN1_D2I_READ_BIO			 107
-#define ASN1_F_ASN1_DIGEST				 184
-#define ASN1_F_ASN1_DO_ADB				 110
-#define ASN1_F_ASN1_DUP					 111
-#define ASN1_F_ASN1_ENUMERATED_SET			 112
-#define ASN1_F_ASN1_ENUMERATED_TO_BN			 113
-#define ASN1_F_ASN1_EX_C2I				 204
-#define ASN1_F_ASN1_FIND_END				 190
-#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ			 216
-#define ASN1_F_ASN1_GENERALIZEDTIME_SET			 185
-#define ASN1_F_ASN1_GENERATE_V3				 178
-#define ASN1_F_ASN1_GET_OBJECT				 114
-#define ASN1_F_ASN1_HEADER_NEW				 115
-#define ASN1_F_ASN1_I2D_BIO				 116
-#define ASN1_F_ASN1_I2D_FP				 117
-#define ASN1_F_ASN1_INTEGER_SET				 118
-#define ASN1_F_ASN1_INTEGER_TO_BN			 119
-#define ASN1_F_ASN1_ITEM_D2I_FP				 206
-#define ASN1_F_ASN1_ITEM_DUP				 191
-#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW			 121
-#define ASN1_F_ASN1_ITEM_EX_D2I				 120
-#define ASN1_F_ASN1_ITEM_I2D_BIO			 192
-#define ASN1_F_ASN1_ITEM_I2D_FP				 193
-#define ASN1_F_ASN1_ITEM_PACK				 198
-#define ASN1_F_ASN1_ITEM_SIGN				 195
-#define ASN1_F_ASN1_ITEM_SIGN_CTX			 220
-#define ASN1_F_ASN1_ITEM_UNPACK				 199
-#define ASN1_F_ASN1_ITEM_VERIFY				 197
-#define ASN1_F_ASN1_MBSTRING_NCOPY			 122
-#define ASN1_F_ASN1_OBJECT_NEW				 123
-#define ASN1_F_ASN1_OUTPUT_DATA				 214
-#define ASN1_F_ASN1_PACK_STRING				 124
-#define ASN1_F_ASN1_PCTX_NEW				 205
-#define ASN1_F_ASN1_PKCS5_PBE_SET			 125
-#define ASN1_F_ASN1_SEQ_PACK				 126
-#define ASN1_F_ASN1_SEQ_UNPACK				 127
-#define ASN1_F_ASN1_SIGN				 128
-#define ASN1_F_ASN1_STR2TYPE				 179
-#define ASN1_F_ASN1_STRING_SET				 186
-#define ASN1_F_ASN1_STRING_TABLE_ADD			 129
-#define ASN1_F_ASN1_STRING_TYPE_NEW			 130
-#define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
-#define ASN1_F_ASN1_TEMPLATE_NEW			 133
-#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I			 131
-#define ASN1_F_ASN1_TIME_ADJ				 217
-#define ASN1_F_ASN1_TIME_SET				 175
-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
-#define ASN1_F_ASN1_UNPACK_STRING			 136
-#define ASN1_F_ASN1_UTCTIME_ADJ				 218
-#define ASN1_F_ASN1_UTCTIME_SET				 187
-#define ASN1_F_ASN1_VERIFY				 137
-#define ASN1_F_B64_READ_ASN1				 209
-#define ASN1_F_B64_WRITE_ASN1				 210
-#define ASN1_F_BIO_NEW_NDEF				 208
-#define ASN1_F_BITSTR_CB				 180
-#define ASN1_F_BN_TO_ASN1_ENUMERATED			 138
-#define ASN1_F_BN_TO_ASN1_INTEGER			 139
-#define ASN1_F_C2I_ASN1_BIT_STRING			 189
-#define ASN1_F_C2I_ASN1_INTEGER				 194
-#define ASN1_F_C2I_ASN1_OBJECT				 196
-#define ASN1_F_COLLECT_DATA				 140
-#define ASN1_F_D2I_ASN1_BIT_STRING			 141
-#define ASN1_F_D2I_ASN1_BOOLEAN				 142
-#define ASN1_F_D2I_ASN1_BYTES				 143
-#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 144
-#define ASN1_F_D2I_ASN1_HEADER				 145
-#define ASN1_F_D2I_ASN1_INTEGER				 146
-#define ASN1_F_D2I_ASN1_OBJECT				 147
-#define ASN1_F_D2I_ASN1_SET				 148
-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 149
-#define ASN1_F_D2I_ASN1_UINTEGER			 150
-#define ASN1_F_D2I_ASN1_UTCTIME				 151
-#define ASN1_F_D2I_AUTOPRIVATEKEY			 207
-#define ASN1_F_D2I_NETSCAPE_RSA				 152
-#define ASN1_F_D2I_NETSCAPE_RSA_2			 153
-#define ASN1_F_D2I_PRIVATEKEY				 154
-#define ASN1_F_D2I_PUBLICKEY				 155
-#define ASN1_F_D2I_RSA_NET				 200
-#define ASN1_F_D2I_RSA_NET_2				 201
-#define ASN1_F_D2I_X509					 156
-#define ASN1_F_D2I_X509_CINF				 157
-#define ASN1_F_D2I_X509_PKEY				 159
-#define ASN1_F_I2D_ASN1_BIO_STREAM			 211
-#define ASN1_F_I2D_ASN1_SET				 188
-#define ASN1_F_I2D_ASN1_TIME				 160
-#define ASN1_F_I2D_DSA_PUBKEY				 161
-#define ASN1_F_I2D_EC_PUBKEY				 181
-#define ASN1_F_I2D_PRIVATEKEY				 163
-#define ASN1_F_I2D_PUBLICKEY				 164
-#define ASN1_F_I2D_RSA_NET				 162
-#define ASN1_F_I2D_RSA_PUBKEY				 165
-#define ASN1_F_LONG_C2I					 166
-#define ASN1_F_OID_MODULE_INIT				 174
-#define ASN1_F_PARSE_TAGGING				 182
-#define ASN1_F_PKCS5_PBE2_SET_IV			 167
-#define ASN1_F_PKCS5_PBE_SET				 202
-#define ASN1_F_PKCS5_PBE_SET0_ALGOR			 215
-#define ASN1_F_PKCS5_PBKDF2_SET				 219
-#define ASN1_F_SMIME_READ_ASN1				 212
-#define ASN1_F_SMIME_TEXT				 213
-#define ASN1_F_X509_CINF_NEW				 168
-#define ASN1_F_X509_CRL_ADD0_REVOKED			 169
-#define ASN1_F_X509_INFO_NEW				 170
-#define ASN1_F_X509_NAME_ENCODE				 203
-#define ASN1_F_X509_NAME_EX_D2I				 158
-#define ASN1_F_X509_NAME_EX_NEW				 171
-#define ASN1_F_X509_NEW					 172
-#define ASN1_F_X509_PKEY_NEW				 173
-
-/* Reason codes. */
-#define ASN1_R_ADDING_OBJECT				 171
-#define ASN1_R_ASN1_PARSE_ERROR				 203
-#define ASN1_R_ASN1_SIG_PARSE_ERROR			 204
-#define ASN1_R_AUX_ERROR				 100
-#define ASN1_R_BAD_CLASS				 101
-#define ASN1_R_BAD_OBJECT_HEADER			 102
-#define ASN1_R_BAD_PASSWORD_READ			 103
-#define ASN1_R_BAD_TAG					 104
-#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 214
-#define ASN1_R_BN_LIB					 105
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
-#define ASN1_R_BUFFER_TOO_SMALL				 107
-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 108
-#define ASN1_R_CONTEXT_NOT_INITIALISED			 217
-#define ASN1_R_DATA_IS_WRONG				 109
-#define ASN1_R_DECODE_ERROR				 110
-#define ASN1_R_DECODING_ERROR				 111
-#define ASN1_R_DEPTH_EXCEEDED				 174
-#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED	 198
-#define ASN1_R_ENCODE_ERROR				 112
-#define ASN1_R_ERROR_GETTING_TIME			 173
-#define ASN1_R_ERROR_LOADING_SECTION			 172
-#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113
-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114
-#define ASN1_R_EXPECTING_AN_INTEGER			 115
-#define ASN1_R_EXPECTING_AN_OBJECT			 116
-#define ASN1_R_EXPECTING_A_BOOLEAN			 117
-#define ASN1_R_EXPECTING_A_TIME				 118
-#define ASN1_R_EXPLICIT_LENGTH_MISMATCH			 119
-#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED		 120
-#define ASN1_R_FIELD_MISSING				 121
-#define ASN1_R_FIRST_NUM_TOO_LARGE			 122
-#define ASN1_R_HEADER_TOO_LONG				 123
-#define ASN1_R_ILLEGAL_BITSTRING_FORMAT			 175
-#define ASN1_R_ILLEGAL_BOOLEAN				 176
-#define ASN1_R_ILLEGAL_CHARACTERS			 124
-#define ASN1_R_ILLEGAL_FORMAT				 177
-#define ASN1_R_ILLEGAL_HEX				 178
-#define ASN1_R_ILLEGAL_IMPLICIT_TAG			 179
-#define ASN1_R_ILLEGAL_INTEGER				 180
-#define ASN1_R_ILLEGAL_NESTED_TAGGING			 181
-#define ASN1_R_ILLEGAL_NULL				 125
-#define ASN1_R_ILLEGAL_NULL_VALUE			 182
-#define ASN1_R_ILLEGAL_OBJECT				 183
-#define ASN1_R_ILLEGAL_OPTIONAL_ANY			 126
-#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE		 170
-#define ASN1_R_ILLEGAL_TAGGED_ANY			 127
-#define ASN1_R_ILLEGAL_TIME_VALUE			 184
-#define ASN1_R_INTEGER_NOT_ASCII_FORMAT			 185
-#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
-#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT		 220
-#define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
-#define ASN1_R_INVALID_DIGIT				 130
-#define ASN1_R_INVALID_MIME_TYPE			 205
-#define ASN1_R_INVALID_MODIFIER				 186
-#define ASN1_R_INVALID_NUMBER				 187
-#define ASN1_R_INVALID_OBJECT_ENCODING			 216
-#define ASN1_R_INVALID_SEPARATOR			 131
-#define ASN1_R_INVALID_TIME_FORMAT			 132
-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133
-#define ASN1_R_INVALID_UTF8STRING			 134
-#define ASN1_R_IV_TOO_LARGE				 135
-#define ASN1_R_LENGTH_ERROR				 136
-#define ASN1_R_LIST_ERROR				 188
-#define ASN1_R_MIME_NO_CONTENT_TYPE			 206
-#define ASN1_R_MIME_PARSE_ERROR				 207
-#define ASN1_R_MIME_SIG_PARSE_ERROR			 208
-#define ASN1_R_MISSING_EOC				 137
-#define ASN1_R_MISSING_SECOND_NUMBER			 138
-#define ASN1_R_MISSING_VALUE				 189
-#define ASN1_R_MSTRING_NOT_UNIVERSAL			 139
-#define ASN1_R_MSTRING_WRONG_TAG			 140
-#define ASN1_R_NESTED_ASN1_STRING			 197
-#define ASN1_R_NON_HEX_CHARACTERS			 141
-#define ASN1_R_NOT_ASCII_FORMAT				 190
-#define ASN1_R_NOT_ENOUGH_DATA				 142
-#define ASN1_R_NO_CONTENT_TYPE				 209
-#define ASN1_R_NO_DEFAULT_DIGEST			 201
-#define ASN1_R_NO_MATCHING_CHOICE_TYPE			 143
-#define ASN1_R_NO_MULTIPART_BODY_FAILURE		 210
-#define ASN1_R_NO_MULTIPART_BOUNDARY			 211
-#define ASN1_R_NO_SIG_CONTENT_TYPE			 212
-#define ASN1_R_NULL_IS_WRONG_LENGTH			 144
-#define ASN1_R_OBJECT_NOT_ASCII_FORMAT			 191
-#define ASN1_R_ODD_NUMBER_OF_CHARS			 145
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 146
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 147
-#define ASN1_R_SEQUENCE_LENGTH_MISMATCH			 148
-#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED			 149
-#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG		 192
-#define ASN1_R_SHORT_LINE				 150
-#define ASN1_R_SIG_INVALID_MIME_TYPE			 213
-#define ASN1_R_STREAMING_NOT_SUPPORTED			 202
-#define ASN1_R_STRING_TOO_LONG				 151
-#define ASN1_R_STRING_TOO_SHORT				 152
-#define ASN1_R_TAG_VALUE_TOO_HIGH			 153
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
-#define ASN1_R_TIME_NOT_ASCII_FORMAT			 193
-#define ASN1_R_TOO_LONG					 155
-#define ASN1_R_TYPE_NOT_CONSTRUCTED			 156
-#define ASN1_R_TYPE_NOT_PRIMITIVE			 218
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
-#define ASN1_R_UNEXPECTED_EOC				 159
-#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 215
-#define ASN1_R_UNKNOWN_FORMAT				 160
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 163
-#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM		 199
-#define ASN1_R_UNKNOWN_TAG				 194
-#define ASN1_R_UNKOWN_FORMAT				 195
-#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE		 164
-#define ASN1_R_UNSUPPORTED_CIPHER			 165
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167
-#define ASN1_R_UNSUPPORTED_TYPE				 196
-#define ASN1_R_WRONG_PUBLIC_KEY_TYPE			 200
-#define ASN1_R_WRONG_TAG				 168
-#define ASN1_R_WRONG_TYPE				 169
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
deleted file mode 100644
index 568a8416b8..0000000000
--- a/crypto/asn1/asn1_err.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/* crypto/asn1/asn1_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/asn1.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
-
-static ERR_STRING_DATA ASN1_str_functs[]=
-	{
-{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT),	"a2d_ASN1_OBJECT"},
-{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED),	"a2i_ASN1_ENUMERATED"},
-{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER),	"a2i_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_A2I_ASN1_STRING),	"a2i_ASN1_STRING"},
-{ERR_FUNC(ASN1_F_APPEND_EXP),	"APPEND_EXP"},
-{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT),	"ASN1_BIT_STRING_set_bit"},
-{ERR_FUNC(ASN1_F_ASN1_CB),	"ASN1_CB"},
-{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN),	"ASN1_CHECK_TLEN"},
-{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE),	"ASN1_COLLATE_PRIMITIVE"},
-{ERR_FUNC(ASN1_F_ASN1_COLLECT),	"ASN1_COLLECT"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE),	"ASN1_D2I_EX_PRIMITIVE"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_FP),	"ASN1_d2i_fp"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO),	"ASN1_D2I_READ_BIO"},
-{ERR_FUNC(ASN1_F_ASN1_DIGEST),	"ASN1_digest"},
-{ERR_FUNC(ASN1_F_ASN1_DO_ADB),	"ASN1_DO_ADB"},
-{ERR_FUNC(ASN1_F_ASN1_DUP),	"ASN1_dup"},
-{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET),	"ASN1_ENUMERATED_set"},
-{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN),	"ASN1_ENUMERATED_to_BN"},
-{ERR_FUNC(ASN1_F_ASN1_EX_C2I),	"ASN1_EX_C2I"},
-{ERR_FUNC(ASN1_F_ASN1_FIND_END),	"ASN1_FIND_END"},
-{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ),	"ASN1_GENERALIZEDTIME_adj"},
-{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET),	"ASN1_GENERALIZEDTIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3),	"ASN1_generate_v3"},
-{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT),	"ASN1_get_object"},
-{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),	"ASN1_HEADER_NEW"},
-{ERR_FUNC(ASN1_F_ASN1_I2D_BIO),	"ASN1_i2d_bio"},
-{ERR_FUNC(ASN1_F_ASN1_I2D_FP),	"ASN1_i2d_fp"},
-{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET),	"ASN1_INTEGER_set"},
-{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN),	"ASN1_INTEGER_to_BN"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP),	"ASN1_item_d2i_fp"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP),	"ASN1_item_dup"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW),	"ASN1_ITEM_EX_COMBINE_NEW"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I),	"ASN1_ITEM_EX_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO),	"ASN1_item_i2d_bio"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP),	"ASN1_item_i2d_fp"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK),	"ASN1_item_pack"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN),	"ASN1_item_sign"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN_CTX),	"ASN1_item_sign_ctx"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK),	"ASN1_item_unpack"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY),	"ASN1_item_verify"},
-{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY),	"ASN1_mbstring_ncopy"},
-{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),	"ASN1_OBJECT_new"},
-{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA),	"ASN1_OUTPUT_DATA"},
-{ERR_FUNC(ASN1_F_ASN1_PACK_STRING),	"ASN1_pack_string"},
-{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),	"ASN1_PCTX_new"},
-{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),	"ASN1_PKCS5_PBE_SET"},
-{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK),	"ASN1_seq_pack"},
-{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK),	"ASN1_seq_unpack"},
-{ERR_FUNC(ASN1_F_ASN1_SIGN),	"ASN1_sign"},
-{ERR_FUNC(ASN1_F_ASN1_STR2TYPE),	"ASN1_STR2TYPE"},
-{ERR_FUNC(ASN1_F_ASN1_STRING_SET),	"ASN1_STRING_set"},
-{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD),	"ASN1_STRING_TABLE_add"},
-{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW),	"ASN1_STRING_type_new"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I),	"ASN1_TEMPLATE_EX_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),	"ASN1_TEMPLATE_NEW"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I),	"ASN1_TEMPLATE_NOEXP_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_TIME_ADJ),	"ASN1_TIME_adj"},
-{ERR_FUNC(ASN1_F_ASN1_TIME_SET),	"ASN1_TIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),	"ASN1_TYPE_get_int_octetstring"},
-{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),	"ASN1_TYPE_get_octetstring"},
-{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),	"ASN1_unpack_string"},
-{ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ),	"ASN1_UTCTIME_adj"},
-{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),	"ASN1_UTCTIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_VERIFY),	"ASN1_verify"},
-{ERR_FUNC(ASN1_F_B64_READ_ASN1),	"B64_READ_ASN1"},
-{ERR_FUNC(ASN1_F_B64_WRITE_ASN1),	"B64_WRITE_ASN1"},
-{ERR_FUNC(ASN1_F_BIO_NEW_NDEF),	"BIO_new_NDEF"},
-{ERR_FUNC(ASN1_F_BITSTR_CB),	"BITSTR_CB"},
-{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),	"BN_to_ASN1_ENUMERATED"},
-{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),	"BN_to_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING),	"c2i_ASN1_BIT_STRING"},
-{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER),	"c2i_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT),	"c2i_ASN1_OBJECT"},
-{ERR_FUNC(ASN1_F_COLLECT_DATA),	"COLLECT_DATA"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING),	"D2I_ASN1_BIT_STRING"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN),	"d2i_ASN1_BOOLEAN"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES),	"d2i_ASN1_bytes"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME),	"D2I_ASN1_GENERALIZEDTIME"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER),	"D2I_ASN1_HEADER"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER),	"D2I_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT),	"d2i_ASN1_OBJECT"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_SET),	"d2i_ASN1_SET"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES),	"d2i_ASN1_type_bytes"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER),	"d2i_ASN1_UINTEGER"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME),	"D2I_ASN1_UTCTIME"},
-{ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY),	"d2i_AutoPrivateKey"},
-{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA),	"d2i_Netscape_RSA"},
-{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2),	"D2I_NETSCAPE_RSA_2"},
-{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY),	"d2i_PrivateKey"},
-{ERR_FUNC(ASN1_F_D2I_PUBLICKEY),	"d2i_PublicKey"},
-{ERR_FUNC(ASN1_F_D2I_RSA_NET),	"d2i_RSA_NET"},
-{ERR_FUNC(ASN1_F_D2I_RSA_NET_2),	"D2I_RSA_NET_2"},
-{ERR_FUNC(ASN1_F_D2I_X509),	"D2I_X509"},
-{ERR_FUNC(ASN1_F_D2I_X509_CINF),	"D2I_X509_CINF"},
-{ERR_FUNC(ASN1_F_D2I_X509_PKEY),	"d2i_X509_PKEY"},
-{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM),	"i2d_ASN1_bio_stream"},
-{ERR_FUNC(ASN1_F_I2D_ASN1_SET),	"i2d_ASN1_SET"},
-{ERR_FUNC(ASN1_F_I2D_ASN1_TIME),	"I2D_ASN1_TIME"},
-{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY),	"i2d_DSA_PUBKEY"},
-{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY),	"i2d_EC_PUBKEY"},
-{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY),	"i2d_PrivateKey"},
-{ERR_FUNC(ASN1_F_I2D_PUBLICKEY),	"i2d_PublicKey"},
-{ERR_FUNC(ASN1_F_I2D_RSA_NET),	"i2d_RSA_NET"},
-{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY),	"i2d_RSA_PUBKEY"},
-{ERR_FUNC(ASN1_F_LONG_C2I),	"LONG_C2I"},
-{ERR_FUNC(ASN1_F_OID_MODULE_INIT),	"OID_MODULE_INIT"},
-{ERR_FUNC(ASN1_F_PARSE_TAGGING),	"PARSE_TAGGING"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV),	"PKCS5_pbe2_set_iv"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE_SET),	"PKCS5_pbe_set"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR),	"PKCS5_pbe_set0_algor"},
-{ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET),	"PKCS5_pbkdf2_set"},
-{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),	"SMIME_read_ASN1"},
-{ERR_FUNC(ASN1_F_SMIME_TEXT),	"SMIME_text"},
-{ERR_FUNC(ASN1_F_X509_CINF_NEW),	"X509_CINF_NEW"},
-{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),	"X509_CRL_add0_revoked"},
-{ERR_FUNC(ASN1_F_X509_INFO_NEW),	"X509_INFO_new"},
-{ERR_FUNC(ASN1_F_X509_NAME_ENCODE),	"X509_NAME_ENCODE"},
-{ERR_FUNC(ASN1_F_X509_NAME_EX_D2I),	"X509_NAME_EX_D2I"},
-{ERR_FUNC(ASN1_F_X509_NAME_EX_NEW),	"X509_NAME_EX_NEW"},
-{ERR_FUNC(ASN1_F_X509_NEW),	"X509_NEW"},
-{ERR_FUNC(ASN1_F_X509_PKEY_NEW),	"X509_PKEY_new"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA ASN1_str_reasons[]=
-	{
-{ERR_REASON(ASN1_R_ADDING_OBJECT)        ,"adding object"},
-{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR)     ,"asn1 parse error"},
-{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"},
-{ERR_REASON(ASN1_R_AUX_ERROR)            ,"aux error"},
-{ERR_REASON(ASN1_R_BAD_CLASS)            ,"bad class"},
-{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
-{ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},
-{ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},
-{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
-{ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},
-{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
-{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
-{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
-{ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED),"context not initialised"},
-{ERR_REASON(ASN1_R_DATA_IS_WRONG)        ,"data is wrong"},
-{ERR_REASON(ASN1_R_DECODE_ERROR)         ,"decode error"},
-{ERR_REASON(ASN1_R_DECODING_ERROR)       ,"decoding error"},
-{ERR_REASON(ASN1_R_DEPTH_EXCEEDED)       ,"depth exceeded"},
-{ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),"digest and key type not supported"},
-{ERR_REASON(ASN1_R_ENCODE_ERROR)         ,"encode error"},
-{ERR_REASON(ASN1_R_ERROR_GETTING_TIME)   ,"error getting time"},
-{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
-{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"},
-{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"},
-{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"},
-{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT)  ,"expecting an object"},
-{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN)  ,"expecting a boolean"},
-{ERR_REASON(ASN1_R_EXPECTING_A_TIME)     ,"expecting a time"},
-{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"},
-{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"},
-{ERR_REASON(ASN1_R_FIELD_MISSING)        ,"field missing"},
-{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE)  ,"first num too large"},
-{ERR_REASON(ASN1_R_HEADER_TOO_LONG)      ,"header too long"},
-{ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT),"illegal bitstring format"},
-{ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN)      ,"illegal boolean"},
-{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS)   ,"illegal characters"},
-{ERR_REASON(ASN1_R_ILLEGAL_FORMAT)       ,"illegal format"},
-{ERR_REASON(ASN1_R_ILLEGAL_HEX)          ,"illegal hex"},
-{ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) ,"illegal implicit tag"},
-{ERR_REASON(ASN1_R_ILLEGAL_INTEGER)      ,"illegal integer"},
-{ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING),"illegal nested tagging"},
-{ERR_REASON(ASN1_R_ILLEGAL_NULL)         ,"illegal null"},
-{ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE)   ,"illegal null value"},
-{ERR_REASON(ASN1_R_ILLEGAL_OBJECT)       ,"illegal object"},
-{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},
-{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},
-{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY)   ,"illegal tagged any"},
-{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE)   ,"illegal time value"},
-{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
-{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
-{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"},
-{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
-{ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},
-{ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
-{ERR_REASON(ASN1_R_INVALID_MODIFIER)     ,"invalid modifier"},
-{ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
-{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
-{ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
-{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},
-{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
-{ERR_REASON(ASN1_R_INVALID_UTF8STRING)   ,"invalid utf8string"},
-{ERR_REASON(ASN1_R_IV_TOO_LARGE)         ,"iv too large"},
-{ERR_REASON(ASN1_R_LENGTH_ERROR)         ,"length error"},
-{ERR_REASON(ASN1_R_LIST_ERROR)           ,"list error"},
-{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"},
-{ERR_REASON(ASN1_R_MIME_PARSE_ERROR)     ,"mime parse error"},
-{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"},
-{ERR_REASON(ASN1_R_MISSING_EOC)          ,"missing eoc"},
-{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
-{ERR_REASON(ASN1_R_MISSING_VALUE)        ,"missing value"},
-{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
-{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG)    ,"mstring wrong tag"},
-{ERR_REASON(ASN1_R_NESTED_ASN1_STRING)   ,"nested asn1 string"},
-{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS)   ,"non hex characters"},
-{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT)     ,"not ascii format"},
-{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},
-{ERR_REASON(ASN1_R_NO_CONTENT_TYPE)      ,"no content type"},
-{ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST)    ,"no default digest"},
-{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
-{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
-{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
-{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE)  ,"no sig content type"},
-{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
-{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"},
-{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS)  ,"odd number of chars"},
-{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},
-{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},
-{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},
-{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
-{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"},
-{ERR_REASON(ASN1_R_SHORT_LINE)           ,"short line"},
-{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
-{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"},
-{ERR_REASON(ASN1_R_STRING_TOO_LONG)      ,"string too long"},
-{ERR_REASON(ASN1_R_STRING_TOO_SHORT)     ,"string too short"},
-{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH)   ,"tag value too high"},
-{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
-{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},
-{ERR_REASON(ASN1_R_TOO_LONG)             ,"too long"},
-{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
-{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE)   ,"type not primitive"},
-{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
-{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
-{ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
-{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
-{ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},
-{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
-{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
-{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
-{ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
-{ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unknown format"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE)     ,"unsupported type"},
-{ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE),"wrong public key type"},
-{ERR_REASON(ASN1_R_WRONG_TAG)            ,"wrong tag"},
-{ERR_REASON(ASN1_R_WRONG_TYPE)           ,"wrong type"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_ASN1_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,ASN1_str_functs);
-		ERR_load_strings(0,ASN1_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
deleted file mode 100644
index 4fc241908f..0000000000
--- a/crypto/asn1/asn1_gen.c
+++ /dev/null
@@ -1,854 +0,0 @@
-/* asn1_gen.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2002.
- */
-/* ====================================================================
- * Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/x509v3.h>
-
-#define ASN1_GEN_FLAG		0x10000
-#define ASN1_GEN_FLAG_IMP	(ASN1_GEN_FLAG|1)
-#define ASN1_GEN_FLAG_EXP	(ASN1_GEN_FLAG|2)
-#define ASN1_GEN_FLAG_TAG	(ASN1_GEN_FLAG|3)
-#define ASN1_GEN_FLAG_BITWRAP	(ASN1_GEN_FLAG|4)
-#define ASN1_GEN_FLAG_OCTWRAP	(ASN1_GEN_FLAG|5)
-#define ASN1_GEN_FLAG_SEQWRAP	(ASN1_GEN_FLAG|6)
-#define ASN1_GEN_FLAG_SETWRAP	(ASN1_GEN_FLAG|7)
-#define ASN1_GEN_FLAG_FORMAT	(ASN1_GEN_FLAG|8)
-
-#define ASN1_GEN_STR(str,val)	{str, sizeof(str) - 1, val}
-
-#define ASN1_FLAG_EXP_MAX	20
-
-/* Input formats */
-
-/* ASCII: default */
-#define ASN1_GEN_FORMAT_ASCII	1
-/* UTF8 */
-#define ASN1_GEN_FORMAT_UTF8	2
-/* Hex */
-#define ASN1_GEN_FORMAT_HEX	3
-/* List of bits */
-#define ASN1_GEN_FORMAT_BITLIST	4
-
-
-struct tag_name_st
-	{
-	const char *strnam;
-	int len;
-	int tag;
-	};
-
-typedef struct
-	{
-	int exp_tag;
-	int exp_class;
-	int exp_constructed;
-	int exp_pad;
-	long exp_len;
-	} tag_exp_type;
-
-typedef struct
-	{
-	int imp_tag;
-	int imp_class;
-	int utype;
-	int format;
-	const char *str;
-	tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
-	int exp_count;
-	} tag_exp_arg;
-
-static int bitstr_cb(const char *elem, int len, void *bitstr);
-static int asn1_cb(const char *elem, int len, void *bitstr);
-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);
-static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
-static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
-static int asn1_str2tag(const char *tagstr, int len);
-
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
-	{
-	X509V3_CTX cnf;
-
-	if (!nconf)
-		return ASN1_generate_v3(str, NULL);
-
-	X509V3_set_nconf(&cnf, nconf);
-	return ASN1_generate_v3(str, &cnf);
-	}
-
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
-	{
-	ASN1_TYPE *ret;
-	tag_exp_arg asn1_tags;
-	tag_exp_type *etmp;
-
-	int i, len;
-
-	unsigned char *orig_der = NULL, *new_der = NULL;
-	const unsigned char *cpy_start;
-	unsigned char *p;
-	const unsigned char *cp;
-	int cpy_len;
-	long hdr_len;
-	int hdr_constructed = 0, hdr_tag, hdr_class;
-	int r;
-
-	asn1_tags.imp_tag = -1;
-	asn1_tags.imp_class = -1;
-	asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
-	asn1_tags.exp_count = 0;
-	if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
-		return NULL;
-
-	if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))
-		{
-		if (!cnf)
-			{
-			ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
-			return NULL;
-			}
-		ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
-		}
-	else
-		ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
-
-	if (!ret)
-		return NULL;
-
-	/* If no tagging return base type */
-	if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
-		return ret;
-
-	/* Generate the encoding */
-	cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
-	ASN1_TYPE_free(ret);
-	ret = NULL;
-	/* Set point to start copying for modified encoding */
-	cpy_start = orig_der;
-
-	/* Do we need IMPLICIT tagging? */
-	if (asn1_tags.imp_tag != -1)
-		{
-		/* If IMPLICIT we will replace the underlying tag */
-		/* Skip existing tag+len */
-		r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
-		if (r & 0x80)
-			goto err;
-		/* Update copy length */
-		cpy_len -= cpy_start - orig_der;
-		/* For IMPLICIT tagging the length should match the
-		 * original length and constructed flag should be
-		 * consistent.
-		 */
-		if (r & 0x1)
-			{
-			/* Indefinite length constructed */
-			hdr_constructed = 2;
-			hdr_len = 0;
-			}
-		else
-			/* Just retain constructed flag */
-			hdr_constructed = r & V_ASN1_CONSTRUCTED;
-		/* Work out new length with IMPLICIT tag: ignore constructed
-		 * because it will mess up if indefinite length
-		 */
-		len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
-		}
-	else
-		len = cpy_len;
-
-	/* Work out length in any EXPLICIT, starting from end */
-
-	for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)
-		{
-		/* Content length: number of content octets + any padding */
-		len += etmp->exp_pad;
-		etmp->exp_len = len;
-		/* Total object length: length including new header */
-		len = ASN1_object_size(0, len, etmp->exp_tag);
-		}
-
-	/* Allocate buffer for new encoding */
-
-	new_der = OPENSSL_malloc(len);
-	if (!new_der)
-		goto err;
-
-	/* Generate tagged encoding */
-
-	p = new_der;
-
-	/* Output explicit tags first */
-
-	for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)
-		{
-		ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
-					etmp->exp_tag, etmp->exp_class);
-		if (etmp->exp_pad)
-			*p++ = 0;
-		}
-
-	/* If IMPLICIT, output tag */
-
-	if (asn1_tags.imp_tag != -1)
-		{
-		if (asn1_tags.imp_class == V_ASN1_UNIVERSAL 
-		    && (asn1_tags.imp_tag == V_ASN1_SEQUENCE
-		     || asn1_tags.imp_tag == V_ASN1_SET) )
-			hdr_constructed = V_ASN1_CONSTRUCTED;
-		ASN1_put_object(&p, hdr_constructed, hdr_len,
-					asn1_tags.imp_tag, asn1_tags.imp_class);
-		}
-
-	/* Copy across original encoding */
-	memcpy(p, cpy_start, cpy_len);
-
-	cp = new_der;
-
-	/* Obtain new ASN1_TYPE structure */
-	ret = d2i_ASN1_TYPE(NULL, &cp, len);
-
-	err:
-	if (orig_der)
-		OPENSSL_free(orig_der);
-	if (new_der)
-		OPENSSL_free(new_der);
-
-	return ret;
-
-	}
-
-static int asn1_cb(const char *elem, int len, void *bitstr)
-	{
-	tag_exp_arg *arg = bitstr;
-	int i;
-	int utype;
-	int vlen = 0;
-	const char *p, *vstart = NULL;
-
-	int tmp_tag, tmp_class;
-
-	for(i = 0, p = elem; i < len; p++, i++)
-		{
-		/* Look for the ':' in name value pairs */
-		if (*p == ':')
-			{
-			vstart = p + 1;
-			vlen = len - (vstart - elem);
-			len = p - elem;
-			break;
-			}
-		}
-
-	utype = asn1_str2tag(elem, len);
-
-	if (utype == -1)
-		{
-		ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
-		ERR_add_error_data(2, "tag=", elem);
-		return -1;
-		}
-
-	/* If this is not a modifier mark end of string and exit */
-	if (!(utype & ASN1_GEN_FLAG))
-		{
-		arg->utype = utype;
-		arg->str = vstart;
-		/* If no value and not end of string, error */
-		if (!vstart && elem[len])
-			{
-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
-			return -1;
-			}
-		return 0;
-		}
-
-	switch(utype)
-		{
-
-		case ASN1_GEN_FLAG_IMP:
-		/* Check for illegal multiple IMPLICIT tagging */
-		if (arg->imp_tag != -1)
-			{
-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
-			return -1;
-			}
-		if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_EXP:
-
-		if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
-			return -1;
-		if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_SEQWRAP:
-		if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_SETWRAP:
-		if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_BITWRAP:
-		if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_OCTWRAP:
-		if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_FORMAT:
-		if (!strncmp(vstart, "ASCII", 5))
-			arg->format = ASN1_GEN_FORMAT_ASCII;
-		else if (!strncmp(vstart, "UTF8", 4))
-			arg->format = ASN1_GEN_FORMAT_UTF8;
-		else if (!strncmp(vstart, "HEX", 3))
-			arg->format = ASN1_GEN_FORMAT_HEX;
-		else if (!strncmp(vstart, "BITLIST", 3))
-			arg->format = ASN1_GEN_FORMAT_BITLIST;
-		else
-			{
-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
-			return -1;
-			}
-		break;
-
-		}
-
-	return 1;
-
-	}
-
-static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
-	{
-	char erch[2];
-	long tag_num;
-	char *eptr;
-	if (!vstart)
-		return 0;
-	tag_num = strtoul(vstart, &eptr, 10);
-	/* Check we haven't gone past max length: should be impossible */
-	if (eptr && *eptr && (eptr > vstart + vlen))
-		return 0;
-	if (tag_num < 0)
-		{
-		ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
-		return 0;
-		}
-	*ptag = tag_num;
-	/* If we have non numeric characters, parse them */
-	if (eptr)
-		vlen -= eptr - vstart;
-	else 
-		vlen = 0;
-	if (vlen)
-		{
-		switch (*eptr)
-			{
-
-			case 'U':
-			*pclass = V_ASN1_UNIVERSAL;
-			break;
-
-			case 'A':
-			*pclass = V_ASN1_APPLICATION;
-			break;
-
-			case 'P':
-			*pclass = V_ASN1_PRIVATE;
-			break;
-
-			case 'C':
-			*pclass = V_ASN1_CONTEXT_SPECIFIC;
-			break;
-
-			default:
-			erch[0] = *eptr;
-			erch[1] = 0;
-			ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
-			ERR_add_error_data(2, "Char=", erch);
-			return 0;
-			break;
-
-			}
-		}
-	else
-		*pclass = V_ASN1_CONTEXT_SPECIFIC;
-
-	return 1;
-
-	}
-
-/* Handle multiple types: SET and SEQUENCE */
-
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
-	{
-	ASN1_TYPE *ret = NULL;
-	STACK_OF(ASN1_TYPE) *sk = NULL;
-	STACK_OF(CONF_VALUE) *sect = NULL;
-	unsigned char *der = NULL;
-	int derlen;
-	int i;
-	sk = sk_ASN1_TYPE_new_null();
-	if (!sk)
-		goto bad;
-	if (section)
-		{
-		if (!cnf)
-			goto bad;
-		sect = X509V3_get_section(cnf, (char *)section);
-		if (!sect)
-			goto bad;
-		for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
-			{
-			ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
-			if (!typ)
-				goto bad;
-			if (!sk_ASN1_TYPE_push(sk, typ))
-				goto bad;
-			}
-		}
-
-	/* Now we has a STACK of the components, convert to the correct form */
-
-	if (utype == V_ASN1_SET)
-		derlen = i2d_ASN1_SET_ANY(sk, &der);
-	else
-		derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
-
-	if (derlen < 0)
-		goto bad;
-
-	if (!(ret = ASN1_TYPE_new()))
-		goto bad;
-
-	if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
-		goto bad;
-
-	ret->type = utype;
-
-	ret->value.asn1_string->data = der;
-	ret->value.asn1_string->length = derlen;
-
-	der = NULL;
-
-	bad:
-
-	if (der)
-		OPENSSL_free(der);
-
-	if (sk)
-		sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
-	if (sect)
-		X509V3_section_free(cnf, sect);
-
-	return ret;
-	}
-
-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)
-	{
-	tag_exp_type *exp_tmp;
-	/* Can only have IMPLICIT if permitted */
-	if ((arg->imp_tag != -1) && !imp_ok)
-		{
-		ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
-		return 0;
-		}
-
-	if (arg->exp_count == ASN1_FLAG_EXP_MAX)
-		{
-		ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
-		return 0;
-		}
-
-	exp_tmp = &arg->exp_list[arg->exp_count++];
-
-	/* If IMPLICIT set tag to implicit value then
-	 * reset implicit tag since it has been used.
-	 */
-	if (arg->imp_tag != -1)
-		{
-		exp_tmp->exp_tag = arg->imp_tag;
-		exp_tmp->exp_class = arg->imp_class;
-		arg->imp_tag = -1;
-		arg->imp_class = -1;
-		}
-	else
-		{
-		exp_tmp->exp_tag = exp_tag;
-		exp_tmp->exp_class = exp_class;
-		}
-	exp_tmp->exp_constructed = exp_constructed;
-	exp_tmp->exp_pad = exp_pad;
-
-	return 1;
-	}
-
-
-static int asn1_str2tag(const char *tagstr, int len)
-	{
-	unsigned int i;
-	static const struct tag_name_st *tntmp, tnst [] = {
-		ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
-		ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
-		ASN1_GEN_STR("NULL", V_ASN1_NULL),
-		ASN1_GEN_STR("INT", V_ASN1_INTEGER),
-		ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
-		ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
-		ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
-		ASN1_GEN_STR("OID", V_ASN1_OBJECT),
-		ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
-		ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
-		ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
-		ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
-		ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
-		ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
-		ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
-		ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
-		ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
-		ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
-		ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
-		ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
-		ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
-		ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
-		ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
-		ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
-		ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
-		ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
-		ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
-		ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
-		ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
-		ASN1_GEN_STR("T61", V_ASN1_T61STRING),
-		ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
-		ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
-		ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
-		ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
-		ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
-		ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
-
-		/* Special cases */
-		ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
-		ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
-		ASN1_GEN_STR("SET", V_ASN1_SET),
-		/* type modifiers */
-		/* Explicit tag */
-		ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
-		ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
-		/* Implicit tag */
-		ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
-		ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
-		/* OCTET STRING wrapper */
-		ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
-		/* SEQUENCE wrapper */
-		ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
-		/* SET wrapper */
-		ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
-		/* BIT STRING wrapper */
-		ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
-		ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
-		ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
-	};
-
-	if (len == -1)
-		len = strlen(tagstr);
-	
-	tntmp = tnst;	
-	for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)
-		{
-		if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
-			return tntmp->tag;
-		}
-	
-	return -1;
-	}
-
-static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
-	{
-	ASN1_TYPE *atmp = NULL;
-
-	CONF_VALUE vtmp;
-
-	unsigned char *rdata;
-	long rdlen;
-
-	int no_unused = 1;
-
-	if (!(atmp = ASN1_TYPE_new()))
-		{
-		ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	if (!str)
-		str = "";
-
-	switch(utype)
-		{
-
-		case V_ASN1_NULL:
-		if (str && *str)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
-			goto bad_form;
-			}
-		break;
-		
-		case V_ASN1_BOOLEAN:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		vtmp.name = NULL;
-		vtmp.section = NULL;
-		vtmp.value = (char *)str;
-		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
-			goto bad_str;
-			}
-		break;
-
-		case V_ASN1_INTEGER:
-		case V_ASN1_ENUMERATED:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
-			goto bad_str;
-			}
-		break;
-
-		case V_ASN1_OBJECT:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		if (!(atmp->value.object = OBJ_txt2obj(str, 0)))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
-			goto bad_str;
-			}
-		break;
-
-		case V_ASN1_UTCTIME:
-		case V_ASN1_GENERALIZEDTIME:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		if (!(atmp->value.asn1_string = ASN1_STRING_new()))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_str;
-			}
-		if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_str;
-			}
-		atmp->value.asn1_string->type = utype;
-		if (!ASN1_TIME_check(atmp->value.asn1_string))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
-			goto bad_str;
-			}
-
-		break;
-
-		case V_ASN1_BMPSTRING:
-		case V_ASN1_PRINTABLESTRING:
-		case V_ASN1_IA5STRING:
-		case V_ASN1_T61STRING:
-		case V_ASN1_UTF8STRING:
-		case V_ASN1_VISIBLESTRING:
-		case V_ASN1_UNIVERSALSTRING:
-		case V_ASN1_GENERALSTRING:
-		case V_ASN1_NUMERICSTRING:
-
-		if (format == ASN1_GEN_FORMAT_ASCII)
-			format = MBSTRING_ASC;
-		else if (format == ASN1_GEN_FORMAT_UTF8)
-			format = MBSTRING_UTF8;
-		else
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
-			goto bad_form;
-			}
-
-
-		if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
-						-1, format, ASN1_tag2bit(utype)) <= 0)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_str;
-			}
-		
-
-		break;
-
-		case V_ASN1_BIT_STRING:
-
-		case V_ASN1_OCTET_STRING:
-
-		if (!(atmp->value.asn1_string = ASN1_STRING_new()))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_form;
-			}
-
-		if (format == ASN1_GEN_FORMAT_HEX)
-			{
-
-			if (!(rdata = string_to_hex((char *)str, &rdlen)))
-				{
-				ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
-				goto bad_str;
-				}
-
-			atmp->value.asn1_string->data = rdata;
-			atmp->value.asn1_string->length = rdlen;
-			atmp->value.asn1_string->type = utype;
-
-			}
-		else if (format == ASN1_GEN_FORMAT_ASCII)
-			ASN1_STRING_set(atmp->value.asn1_string, str, -1);
-		else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))
-			{
-			if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))
-				{
-				ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
-				goto bad_str;
-				}
-			no_unused = 0;
-			
-			}
-		else 
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
-			goto bad_form;
-			}
-
-		if ((utype == V_ASN1_BIT_STRING) && no_unused)
-			{
-			atmp->value.asn1_string->flags
-				&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-        		atmp->value.asn1_string->flags
-				|= ASN1_STRING_FLAG_BITS_LEFT;
-			}
-
-
-		break;
-
-		default:
-		ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
-		goto bad_str;
-		break;
-		}
-
-
-	atmp->type = utype;
-	return atmp;
-
-
-	bad_str:
-	ERR_add_error_data(2, "string=", str);
-	bad_form:
-
-	ASN1_TYPE_free(atmp);
-	return NULL;
-
-	}
-
-static int bitstr_cb(const char *elem, int len, void *bitstr)
-	{
-	long bitnum;
-	char *eptr;
-	if (!elem)
-		return 0;
-	bitnum = strtoul(elem, &eptr, 10);
-	if (eptr && *eptr && (eptr != elem + len))
-		return 0;
-	if (bitnum < 0)
-		{
-		ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
-		return 0;
-		}
-	if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))
-		{
-		ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	return 1;
-	}
-
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
deleted file mode 100644
index fa04b08ed6..0000000000
--- a/crypto/asn1/asn1_lib.c
+++ /dev/null
@@ -1,485 +0,0 @@
-/* crypto/asn1/asn1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
-
-static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max);
-static void asn1_put_length(unsigned char **pp, int length);
-const char ASN1_version[]="ASN.1" OPENSSL_VERSION_PTEXT;
-
-static int _asn1_check_infinite_end(const unsigned char **p, long len)
-	{
-	/* If there is 0 or 1 byte left, the length check should pick
-	 * things up */
-	if (len <= 0)
-		return(1);
-	else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0))
-		{
-		(*p)+=2;
-		return(1);
-		}
-	return(0);
-	}
-
-int ASN1_check_infinite_end(unsigned char **p, long len)
-	{
-	return _asn1_check_infinite_end((const unsigned char **)p, len);
-	}
-
-int ASN1_const_check_infinite_end(const unsigned char **p, long len)
-	{
-	return _asn1_check_infinite_end(p, len);
-	}
-
-
-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
-	int *pclass, long omax)
-	{
-	int i,ret;
-	long l;
-	const unsigned char *p= *pp;
-	int tag,xclass,inf;
-	long max=omax;
-
-	if (!max) goto err;
-	ret=(*p&V_ASN1_CONSTRUCTED);
-	xclass=(*p&V_ASN1_PRIVATE);
-	i= *p&V_ASN1_PRIMITIVE_TAG;
-	if (i == V_ASN1_PRIMITIVE_TAG)
-		{		/* high-tag */
-		p++;
-		if (--max == 0) goto err;
-		l=0;
-		while (*p&0x80)
-			{
-			l<<=7L;
-			l|= *(p++)&0x7f;
-			if (--max == 0) goto err;
-			if (l > (INT_MAX >> 7L)) goto err;
-			}
-		l<<=7L;
-		l|= *(p++)&0x7f;
-		tag=(int)l;
-		if (--max == 0) goto err;
-		}
-	else
-		{ 
-		tag=i;
-		p++;
-		if (--max == 0) goto err;
-		}
-	*ptag=tag;
-	*pclass=xclass;
-	if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
-
-	if (inf && !(ret & V_ASN1_CONSTRUCTED))
-		goto err;
-
-#if 0
-	fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
-		(int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
-		(int)(omax+ *pp));
-
-#endif
-	if (*plength > (omax - (p - *pp)))
-		{
-		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
-		/* Set this so that even if things are not long enough
-		 * the values are set correctly */
-		ret|=0x80;
-		}
-	*pp=p;
-	return(ret|inf);
-err:
-	ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG);
-	return(0x80);
-	}
-
-static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max)
-	{
-	const unsigned char *p= *pp;
-	unsigned long ret=0;
-	unsigned int i;
-
-	if (max-- < 1) return(0);
-	if (*p == 0x80)
-		{
-		*inf=1;
-		ret=0;
-		p++;
-		}
-	else
-		{
-		*inf=0;
-		i= *p&0x7f;
-		if (*(p++) & 0x80)
-			{
-			if (i > sizeof(long))
-				return 0;
-			if (max-- == 0) return(0);
-			while (i-- > 0)
-				{
-				ret<<=8L;
-				ret|= *(p++);
-				if (max-- == 0) return(0);
-				}
-			}
-		else
-			ret=i;
-		}
-	if (ret > LONG_MAX)
-		return 0;
-	*pp=p;
-	*rl=(long)ret;
-	return(1);
-	}
-
-/* class 0 is constructed
- * constructed == 2 for indefinite length constructed */
-void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
-	     int xclass)
-	{
-	unsigned char *p= *pp;
-	int i, ttag;
-
-	i=(constructed)?V_ASN1_CONSTRUCTED:0;
-	i|=(xclass&V_ASN1_PRIVATE);
-	if (tag < 31)
-		*(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG);
-	else
-		{
-		*(p++)=i|V_ASN1_PRIMITIVE_TAG;
-		for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;
-		ttag = i;
-		while(i-- > 0)
-			{
-			p[i] = tag & 0x7f;
-			if(i != (ttag - 1)) p[i] |= 0x80;
-			tag >>= 7;
-			}
-		p += ttag;
-		}
-	if (constructed == 2)
-		*(p++)=0x80;
-	else
-		asn1_put_length(&p,length);
-	*pp=p;
-	}
-
-int ASN1_put_eoc(unsigned char **pp)
-	{
-	unsigned char *p = *pp;
-	*p++ = 0;
-	*p++ = 0;
-	*pp = p;
-	return 2;
-	}
-
-static void asn1_put_length(unsigned char **pp, int length)
-	{
-	unsigned char *p= *pp;
-	int i,l;
-	if (length <= 127)
-		*(p++)=(unsigned char)length;
-	else
-		{
-		l=length;
-		for (i=0; l > 0; i++)
-			l>>=8;
-		*(p++)=i|0x80;
-		l=i;
-		while (i-- > 0)
-			{
-			p[i]=length&0xff;
-			length>>=8;
-			}
-		p+=l;
-		}
-	*pp=p;
-	}
-
-int ASN1_object_size(int constructed, int length, int tag)
-	{
-	int ret;
-
-	ret=length;
-	ret++;
-	if (tag >= 31)
-		{
-		while (tag > 0)
-			{
-			tag>>=7;
-			ret++;
-			}
-		}
-	if (constructed == 2)
-		return ret + 3;
-	ret++;
-	if (length > 127)
-		{
-		while (length > 0)
-			{
-			length>>=8;
-			ret++;
-			}
-		}
-	return(ret);
-	}
-
-static int _asn1_Finish(ASN1_const_CTX *c)
-	{
-	if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
-		{
-		if (!ASN1_const_check_infinite_end(&c->p,c->slen))
-			{
-			c->error=ERR_R_MISSING_ASN1_EOS;
-			return(0);
-			}
-		}
-	if (	((c->slen != 0) && !(c->inf & 1)) ||
-		((c->slen < 0) && (c->inf & 1)))
-		{
-		c->error=ERR_R_ASN1_LENGTH_MISMATCH;
-		return(0);
-		}
-	return(1);
-	}
-
-int asn1_Finish(ASN1_CTX *c)
-	{
-	return _asn1_Finish((ASN1_const_CTX *)c);
-	}
-
-int asn1_const_Finish(ASN1_const_CTX *c)
-	{
-	return _asn1_Finish(c);
-	}
-
-int asn1_GetSequence(ASN1_const_CTX *c, long *length)
-	{
-	const unsigned char *q;
-
-	q=c->p;
-	c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),
-		*length);
-	if (c->inf & 0x80)
-		{
-		c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL;
-		return(0);
-		}
-	if (c->tag != V_ASN1_SEQUENCE)
-		{
-		c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
-		return(0);
-		}
-	(*length)-=(c->p-q);
-	if (c->max && (*length < 0))
-		{
-		c->error=ERR_R_ASN1_LENGTH_MISMATCH;
-		return(0);
-		}
-	if (c->inf == (1|V_ASN1_CONSTRUCTED))
-		c->slen= *length+ *(c->pp)-c->p;
-	c->eos=0;
-	return(1);
-	}
-
-int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str)
-	{
-	if (str == NULL)
-		return 0;
-	dst->type = str->type;
-	if (!ASN1_STRING_set(dst,str->data,str->length))
-		return 0;
-	dst->flags = str->flags;
-	return 1;
-	}
-
-ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str)
-	{
-	ASN1_STRING *ret;
-	if (!str)
-		 return NULL;
-	ret=ASN1_STRING_new();
-	if (!ret)
-		return NULL;
-	if (!ASN1_STRING_copy(ret,str))
-		{
-		ASN1_STRING_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
-
-int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
-	{
-	unsigned char *c;
-	const char *data=_data;
-
-	if (len < 0)
-		{
-		if (data == NULL)
-			return(0);
-		else
-			len=strlen(data);
-		}
-	if ((str->length < len) || (str->data == NULL))
-		{
-		c=str->data;
-		if (c == NULL)
-			str->data=OPENSSL_malloc(len+1);
-		else
-			str->data=OPENSSL_realloc(c,len+1);
-
-		if (str->data == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE);
-			str->data=c;
-			return(0);
-			}
-		}
-	str->length=len;
-	if (data != NULL)
-		{
-		memcpy(str->data,data,len);
-		/* an allowance for strings :-) */
-		str->data[len]='\0';
-		}
-	return(1);
-	}
-
-void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
-	{
-	if (str->data)
-		OPENSSL_free(str->data);
-	str->data = data;
-	str->length = len;
-	}
-
-ASN1_STRING *ASN1_STRING_new(void)
-	{
-	return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
-	}
-
-
-ASN1_STRING *ASN1_STRING_type_new(int type)
-	{
-	ASN1_STRING *ret;
-
-	ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->length=0;
-	ret->type=type;
-	ret->data=NULL;
-	ret->flags=0;
-	return(ret);
-	}
-
-void ASN1_STRING_free(ASN1_STRING *a)
-	{
-	if (a == NULL) return;
-	if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
-		OPENSSL_free(a->data);
-	OPENSSL_free(a);
-	}
-
-int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
-	{
-	int i;
-
-	i=(a->length-b->length);
-	if (i == 0)
-		{
-		i=memcmp(a->data,b->data,a->length);
-		if (i == 0)
-			return(a->type-b->type);
-		else
-			return(i);
-		}
-	else
-		return(i);
-	}
-
-void asn1_add_error(const unsigned char *address, int offset)
-	{
-	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
-
-	BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
-	BIO_snprintf(buf2,sizeof buf2,"%d",offset);
-	ERR_add_error_data(4,"address=",buf1," offset=",buf2);
-	}
-
-int ASN1_STRING_length(const ASN1_STRING *x)
-{ return M_ASN1_STRING_length(x); }
-
-void ASN1_STRING_length_set(ASN1_STRING *x, int len)
-{ M_ASN1_STRING_length_set(x, len); return; }
-
-int ASN1_STRING_type(ASN1_STRING *x)
-{ return M_ASN1_STRING_type(x); }
-
-unsigned char * ASN1_STRING_data(ASN1_STRING *x)
-{ return M_ASN1_STRING_data(x); }
diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h
deleted file mode 100644
index 9fcf0d9530..0000000000
--- a/crypto/asn1/asn1_locl.h
+++ /dev/null
@@ -1,145 +0,0 @@
-/* asn1t.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Internal ASN1 structures and functions: not for application use */
-
-/* ASN1 print context structure */
-
-struct asn1_pctx_st
-	{
-	unsigned long flags;
-	unsigned long nm_flags;
-	unsigned long cert_flags;
-	unsigned long oid_flags;
-	unsigned long str_flags;
-	} /* ASN1_PCTX */;
-
-/* ASN1 public key method structure */
-
-struct evp_pkey_asn1_method_st
-	{
-	int pkey_id;
-	int pkey_base_id;
-	unsigned long pkey_flags;
-
-	char *pem_str;
-	char *info;
-
-	int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub);
-	int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk);
-	int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
-	int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *pctx);
-
-	int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf);
-	int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
-	int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *pctx);
-
-	int (*pkey_size)(const EVP_PKEY *pk);
-	int (*pkey_bits)(const EVP_PKEY *pk);
-
-	int (*param_decode)(EVP_PKEY *pkey,
-				const unsigned char **pder, int derlen);
-	int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);
-	int (*param_missing)(const EVP_PKEY *pk);
-	int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from);
-	int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
-	int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *pctx);
-	int (*sig_print)(BIO *out,
-			 const X509_ALGOR *sigalg, const ASN1_STRING *sig,
-					 int indent, ASN1_PCTX *pctx);
-
-
-	void (*pkey_free)(EVP_PKEY *pkey);
-	int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2);
-
-	/* Legacy functions for old PEM */
-
-	int (*old_priv_decode)(EVP_PKEY *pkey,
-				const unsigned char **pder, int derlen);
-	int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder);
-	/* Custom ASN1 signature verification */
-	int (*item_verify)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-				X509_ALGOR *a, ASN1_BIT_STRING *sig,
-				EVP_PKEY *pkey);
-	int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-				X509_ALGOR *alg1, X509_ALGOR *alg2, 
-				ASN1_BIT_STRING *sig);
-
-	} /* EVP_PKEY_ASN1_METHOD */;
-
-/* Method to handle CRL access.
- * In general a CRL could be very large (several Mb) and can consume large
- * amounts of resources if stored in memory by multiple processes.
- * This method allows general CRL operations to be redirected to more
- * efficient callbacks: for example a CRL entry database.
- */
-
-#define X509_CRL_METHOD_DYNAMIC		1
-
-struct x509_crl_method_st
-	{
-	int flags;
-	int (*crl_init)(X509_CRL *crl);
-	int (*crl_free)(X509_CRL *crl);
-	int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
-				ASN1_INTEGER *ser, X509_NAME *issuer);
-	int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk);
-	};
diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
deleted file mode 100644
index 87bd0e9e1d..0000000000
--- a/crypto/asn1/asn1_mac.h
+++ /dev/null
@@ -1,578 +0,0 @@
-/* crypto/asn1/asn1_mac.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ASN1_MAC_H
-#define HEADER_ASN1_MAC_H
-
-#include <openssl/asn1.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifndef ASN1_MAC_ERR_LIB
-#define ASN1_MAC_ERR_LIB	ERR_LIB_ASN1
-#endif 
-
-#define ASN1_MAC_H_err(f,r,line) \
-	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
-
-#define M_ASN1_D2I_vars(a,type,func) \
-	ASN1_const_CTX c; \
-	type ret=NULL; \
-	\
-	c.pp=(const unsigned char **)pp; \
-	c.q= *(const unsigned char **)pp; \
-	c.error=ERR_R_NESTED_ASN1_ERROR; \
-	if ((a == NULL) || ((*a) == NULL)) \
-		{ if ((ret=(type)func()) == NULL) \
-			{ c.line=__LINE__; goto err; } } \
-	else	ret=(*a);
-
-#define M_ASN1_D2I_Init() \
-	c.p= *(const unsigned char **)pp; \
-	c.max=(length == 0)?0:(c.p+length);
-
-#define M_ASN1_D2I_Finish_2(a) \
-	if (!asn1_const_Finish(&c)) \
-		{ c.line=__LINE__; goto err; } \
-	*(const unsigned char **)pp=c.p; \
-	if (a != NULL) (*a)=ret; \
-	return(ret);
-
-#define M_ASN1_D2I_Finish(a,func,e) \
-	M_ASN1_D2I_Finish_2(a); \
-err:\
-	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
-	return(NULL)
-
-#define M_ASN1_D2I_start_sequence() \
-	if (!asn1_GetSequence(&c,&length)) \
-		{ c.line=__LINE__; goto err; }
-/* Begin reading ASN1 without a surrounding sequence */
-#define M_ASN1_D2I_begin() \
-	c.slen = length;
-
-/* End reading ASN1 with no check on length */
-#define M_ASN1_D2I_Finish_nolen(a, func, e) \
-	*pp=c.p; \
-	if (a != NULL) (*a)=ret; \
-	return(ret); \
-err:\
-	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*pp,(int)(c.q- *pp)); \
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
-	return(NULL)
-
-#define M_ASN1_D2I_end_sequence() \
-	(((c.inf&1) == 0)?(c.slen <= 0): \
-		(c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get(b, func) \
-	c.q=c.p; \
-	if (func(&(b),&c.p,c.slen) == NULL) \
-		{c.line=__LINE__; goto err; } \
-	c.slen-=(c.p-c.q);
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get_x(type,b,func) \
-	c.q=c.p; \
-	if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
-		{c.line=__LINE__; goto err; } \
-	c.slen-=(c.p-c.q);
-
-/* use this instead () */
-#define M_ASN1_D2I_get_int(b,func) \
-	c.q=c.p; \
-	if (func(&(b),&c.p,c.slen) < 0) \
-		{c.line=__LINE__; goto err; } \
-	c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_opt(b,func,type) \
-	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
-		== (V_ASN1_UNIVERSAL|(type)))) \
-		{ \
-		M_ASN1_D2I_get(b,func); \
-		}
-
-#define M_ASN1_D2I_get_int_opt(b,func,type) \
-	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
-		== (V_ASN1_UNIVERSAL|(type)))) \
-		{ \
-		M_ASN1_D2I_get_int(b,func); \
-		}
-
-#define M_ASN1_D2I_get_imp(b,func, type) \
-	M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
-	c.q=c.p; \
-	if (func(&(b),&c.p,c.slen) == NULL) \
-		{c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
-	c.slen-=(c.p-c.q);\
-	M_ASN1_next_prev=_tmp;
-
-#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
-	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
-		(V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
-		{ \
-		unsigned char _tmp = M_ASN1_next; \
-		M_ASN1_D2I_get_imp(b,func, type);\
-		}
-
-#define M_ASN1_D2I_get_set(r,func,free_func) \
-		M_ASN1_D2I_get_imp_set(r,func,free_func, \
-			V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
-		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
-			V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_set_opt(r,func,free_func) \
-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
-		{ M_ASN1_D2I_get_set(r,func,free_func); }
-
-#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
-		{ M_ASN1_D2I_get_set_type(type,r,func,free_func); }
-
-#define M_ASN1_I2D_len_SET_opt(a,f) \
-	if ((a != NULL) && (sk_num(a) != 0)) \
-		M_ASN1_I2D_len_SET(a,f);
-
-#define M_ASN1_I2D_put_SET_opt(a,f) \
-	if ((a != NULL) && (sk_num(a) != 0)) \
-		M_ASN1_I2D_put_SET(a,f);
-
-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
-	if ((a != NULL) && (sk_num(a) != 0)) \
-		M_ASN1_I2D_put_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
-	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
-
-#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
-	if ((c.slen != 0) && \
-		(M_ASN1_next == \
-		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
-		{ \
-		M_ASN1_D2I_get_imp_set(b,func,free_func,\
-			tag,V_ASN1_CONTEXT_SPECIFIC); \
-		}
-
-#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
-	if ((c.slen != 0) && \
-		(M_ASN1_next == \
-		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
-		{ \
-		M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
-			tag,V_ASN1_CONTEXT_SPECIFIC); \
-		}
-
-#define M_ASN1_D2I_get_seq(r,func,free_func) \
-		M_ASN1_D2I_get_imp_set(r,func,free_func,\
-			V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
-		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
-					    V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
-		{ M_ASN1_D2I_get_seq(r,func,free_func); }
-
-#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
-		{ M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
-
-#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
-		M_ASN1_D2I_get_imp_set(r,func,free_func,\
-			x,V_ASN1_CONTEXT_SPECIFIC);
-
-#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
-		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
-			x,V_ASN1_CONTEXT_SPECIFIC);
-
-#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
-	c.q=c.p; \
-	if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
-		(void (*)())free_func,a,b) == NULL) \
-		{ c.line=__LINE__; goto err; } \
-	c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
-	c.q=c.p; \
-	if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
-				   free_func,a,b) == NULL) \
-		{ c.line=__LINE__; goto err; } \
-	c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_set_strings(r,func,a,b) \
-	c.q=c.p; \
-	if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
-		{ c.line=__LINE__; goto err; } \
-	c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
-	if ((c.slen != 0L) && (M_ASN1_next == \
-		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
-		{ \
-		int Tinf,Ttag,Tclass; \
-		long Tlen; \
-		\
-		c.q=c.p; \
-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
-		if (Tinf & 0x80) \
-			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-			c.line=__LINE__; goto err; } \
-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
-					Tlen = c.slen - (c.p - c.q) - 2; \
-		if (func(&(r),&c.p,Tlen) == NULL) \
-			{ c.line=__LINE__; goto err; } \
-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
-			Tlen = c.slen - (c.p - c.q); \
-			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
-				{ c.error=ERR_R_MISSING_ASN1_EOS; \
-				c.line=__LINE__; goto err; } \
-		}\
-		c.slen-=(c.p-c.q); \
-		}
-
-#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \
-	if ((c.slen != 0) && (M_ASN1_next == \
-		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
-		{ \
-		int Tinf,Ttag,Tclass; \
-		long Tlen; \
-		\
-		c.q=c.p; \
-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
-		if (Tinf & 0x80) \
-			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-			c.line=__LINE__; goto err; } \
-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
-					Tlen = c.slen - (c.p - c.q) - 2; \
-		if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
-			(void (*)())free_func, \
-			b,V_ASN1_UNIVERSAL) == NULL) \
-			{ c.line=__LINE__; goto err; } \
-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
-			Tlen = c.slen - (c.p - c.q); \
-			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
-				{ c.error=ERR_R_MISSING_ASN1_EOS; \
-				c.line=__LINE__; goto err; } \
-		}\
-		c.slen-=(c.p-c.q); \
-		}
-
-#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
-	if ((c.slen != 0) && (M_ASN1_next == \
-		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
-		{ \
-		int Tinf,Ttag,Tclass; \
-		long Tlen; \
-		\
-		c.q=c.p; \
-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
-		if (Tinf & 0x80) \
-			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-			c.line=__LINE__; goto err; } \
-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
-					Tlen = c.slen - (c.p - c.q) - 2; \
-		if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
-			free_func,b,V_ASN1_UNIVERSAL) == NULL) \
-			{ c.line=__LINE__; goto err; } \
-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
-			Tlen = c.slen - (c.p - c.q); \
-			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
-				{ c.error=ERR_R_MISSING_ASN1_EOS; \
-				c.line=__LINE__; goto err; } \
-		}\
-		c.slen-=(c.p-c.q); \
-		}
-
-/* New macros */
-#define M_ASN1_New_Malloc(ret,type) \
-	if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
-		{ c.line=__LINE__; goto err2; }
-
-#define M_ASN1_New(arg,func) \
-	if (((arg)=func()) == NULL) return(NULL)
-
-#define M_ASN1_New_Error(a) \
-/*	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
-		return(NULL);*/ \
-	err2:	ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
-		return(NULL)
-
-
-/* BIG UGLY WARNING!  This is so damn ugly I wanna puke.  Unfortunately,
-   some macros that use ASN1_const_CTX still insist on writing in the input
-   stream.  ARGH!  ARGH!  ARGH!  Let's get rid of this macro package.
-   Please?						-- Richard Levitte */
-#define M_ASN1_next		(*((unsigned char *)(c.p)))
-#define M_ASN1_next_prev	(*((unsigned char *)(c.q)))
-
-/*************************************************/
-
-#define M_ASN1_I2D_vars(a)	int r=0,ret=0; \
-				unsigned char *p; \
-				if (a == NULL) return(0)
-
-/* Length Macros */
-#define M_ASN1_I2D_len(a,f)	ret+=f(a,NULL)
-#define M_ASN1_I2D_len_IMP_opt(a,f)	if (a != NULL) M_ASN1_I2D_len(a,f)
-
-#define M_ASN1_I2D_len_SET(a,f) \
-		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-
-#define M_ASN1_I2D_len_SET_type(type,a,f) \
-		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
-					    V_ASN1_UNIVERSAL,IS_SET);
-
-#define M_ASN1_I2D_len_SEQUENCE(a,f) \
-		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
-				  IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
-		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
-					    V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			M_ASN1_I2D_len_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
-
-#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
-		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
-		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
-					    V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-					  IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
-					       V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
-		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-				  IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-					  IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
-						    V_ASN1_CONTEXT_SPECIFIC, \
-						    IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
-		if (a != NULL)\
-			{ \
-			v=f(a,NULL); \
-			ret+=ASN1_object_size(1,v,mtag); \
-			}
-
-#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
-		if ((a != NULL) && (sk_num(a) != 0))\
-			{ \
-			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
-			ret+=ASN1_object_size(1,v,mtag); \
-			}
-
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
-		if ((a != NULL) && (sk_num(a) != 0))\
-			{ \
-			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
-				       IS_SEQUENCE); \
-			ret+=ASN1_object_size(1,v,mtag); \
-			}
-
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0))\
-			{ \
-			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
-						 V_ASN1_UNIVERSAL, \
-						 IS_SEQUENCE); \
-			ret+=ASN1_object_size(1,v,mtag); \
-			}
-
-/* Put Macros */
-#define M_ASN1_I2D_put(a,f)	f(a,&p)
-
-#define M_ASN1_I2D_put_IMP_opt(a,f,t)	\
-		if (a != NULL) \
-			{ \
-			unsigned char *q=p; \
-			f(a,&p); \
-			*q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
-			}
-
-#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
-			V_ASN1_UNIVERSAL,IS_SET)
-#define M_ASN1_I2D_put_SET_type(type,a,f) \
-     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
-#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
-			V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
-     i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
-			V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
-					     V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
-     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
-			    IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			M_ASN1_I2D_put_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-				       IS_SET); }
-
-#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \
-						 V_ASN1_CONTEXT_SPECIFIC, \
-						 IS_SET); }
-
-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-				       IS_SEQUENCE); }
-
-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \
-						 V_ASN1_CONTEXT_SPECIFIC, \
-						 IS_SEQUENCE); }
-
-#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
-		if (a != NULL) \
-			{ \
-			ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
-			f(a,&p); \
-			}
-
-#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			{ \
-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
-			}
-
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			{ \
-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
-			}
-
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-			{ \
-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
-					       IS_SEQUENCE); \
-			}
-
-#define M_ASN1_I2D_seq_total() \
-		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
-		if (pp == NULL) return(r); \
-		p= *pp; \
-		ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-#define M_ASN1_I2D_INF_seq_start(tag,ctx) \
-		*(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
-		*(p++)=0x80
-
-#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
-
-#define M_ASN1_I2D_finish()	*pp=p; \
-				return(r);
-
-int asn1_GetSequence(ASN1_const_CTX *c, long *length);
-void asn1_add_error(const unsigned char *address,int offset);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
deleted file mode 100644
index aaca69aebd..0000000000
--- a/crypto/asn1/asn1_par.c
+++ /dev/null
@@ -1,437 +0,0 @@
-/* crypto/asn1/asn1_par.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/asn1.h>
-
-static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
-	int indent);
-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
-	int offset, int depth, int indent, int dump);
-static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
-	     int indent)
-	{
-	static const char fmt[]="%-18s";
-	char str[128];
-	const char *p;
-
-	if (constructed & V_ASN1_CONSTRUCTED)
-		p="cons: ";
-	else
-		p="prim: ";
-	if (BIO_write(bp,p,6) < 6) goto err;
-	BIO_indent(bp,indent,128);
-
-	p=str;
-	if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
-		BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
-	else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
-		BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
-	else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
-		BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
-	else if (tag > 30)
-		BIO_snprintf(str,sizeof str,"<ASN1 %d>",tag);
-	else
-		p = ASN1_tag2str(tag);
-
-	if (BIO_printf(bp,fmt,p) <= 0)
-		goto err;
-	return(1);
-err:
-	return(0);
-	}
-
-int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
-	{
-	return(asn1_parse2(bp,&pp,len,0,0,indent,0));
-	}
-
-int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump)
-	{
-	return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
-	}
-
-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset,
-	     int depth, int indent, int dump)
-	{
-	const unsigned char *p,*ep,*tot,*op,*opp;
-	long len;
-	int tag,xclass,ret=0;
-	int nl,hl,j,r;
-	ASN1_OBJECT *o=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-	/* ASN1_BMPSTRING *bmp=NULL;*/
-	int dump_indent;
-
-#if 0
-	dump_indent = indent;
-#else
-	dump_indent = 6;	/* Because we know BIO_dump_indent() */
-#endif
-	p= *pp;
-	tot=p+length;
-	op=p-1;
-	while ((p < tot) && (op < p))
-		{
-		op=p;
-		j=ASN1_get_object(&p,&len,&tag,&xclass,length);
-#ifdef LINT
-		j=j;
-#endif
-		if (j & 0x80)
-			{
-			if (BIO_write(bp,"Error in encoding\n",18) <= 0)
-				goto end;
-			ret=0;
-			goto end;
-			}
-		hl=(p-op);
-		length-=hl;
-		/* if j == 0x21 it is a constructed indefinite length object */
-		if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
-			<= 0) goto end;
-
-		if (j != (V_ASN1_CONSTRUCTED | 1))
-			{
-			if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
-				depth,(long)hl,len) <= 0)
-				goto end;
-			}
-		else
-			{
-			if (BIO_printf(bp,"d=%-2d hl=%ld l=inf  ",
-				depth,(long)hl) <= 0)
-				goto end;
-			}
-		if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
-			goto end;
-		if (j & V_ASN1_CONSTRUCTED)
-			{
-			ep=p+len;
-			if (BIO_write(bp,"\n",1) <= 0) goto end;
-			if (len > length)
-				{
-				BIO_printf(bp,
-					"length is greater than %ld\n",length);
-				ret=0;
-				goto end;
-				}
-			if ((j == 0x21) && (len == 0))
-				{
-				for (;;)
-					{
-					r=asn1_parse2(bp,&p,(long)(tot-p),
-						offset+(p - *pp),depth+1,
-						indent,dump);
-					if (r == 0) { ret=0; goto end; }
-					if ((r == 2) || (p >= tot)) break;
-					}
-				}
-			else
-				while (p < ep)
-					{
-					r=asn1_parse2(bp,&p,(long)len,
-						offset+(p - *pp),depth+1,
-						indent,dump);
-					if (r == 0) { ret=0; goto end; }
-					}
-			}
-		else if (xclass != 0)
-			{
-			p+=len;
-			if (BIO_write(bp,"\n",1) <= 0) goto end;
-			}
-		else
-			{
-			nl=0;
-			if (	(tag == V_ASN1_PRINTABLESTRING) ||
-				(tag == V_ASN1_T61STRING) ||
-				(tag == V_ASN1_IA5STRING) ||
-				(tag == V_ASN1_VISIBLESTRING) ||
-				(tag == V_ASN1_NUMERICSTRING) ||
-				(tag == V_ASN1_UTF8STRING) ||
-				(tag == V_ASN1_UTCTIME) ||
-				(tag == V_ASN1_GENERALIZEDTIME))
-				{
-				if (BIO_write(bp,":",1) <= 0) goto end;
-				if ((len > 0) &&
-					BIO_write(bp,(const char *)p,(int)len)
-					!= (int)len)
-					goto end;
-				}
-			else if (tag == V_ASN1_OBJECT)
-				{
-				opp=op;
-				if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
-					{
-					if (BIO_write(bp,":",1) <= 0) goto end;
-					i2a_ASN1_OBJECT(bp,o);
-					}
-				else
-					{
-					if (BIO_write(bp,":BAD OBJECT",11) <= 0)
-						goto end;
-					}
-				}
-			else if (tag == V_ASN1_BOOLEAN)
-				{
-				int ii;
-
-				opp=op;
-				ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
-				if (ii < 0)
-					{
-					if (BIO_write(bp,"Bad boolean\n",12) <= 0)
-						goto end;
-					}
-				BIO_printf(bp,":%d",ii);
-				}
-			else if (tag == V_ASN1_BMPSTRING)
-				{
-				/* do the BMP thang */
-				}
-			else if (tag == V_ASN1_OCTET_STRING)
-				{
-				int i,printable=1;
-
-				opp=op;
-				os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
-				if (os != NULL && os->length > 0)
-					{
-					opp = os->data;
-					/* testing whether the octet string is
-					 * printable */
-					for (i=0; i<os->length; i++)
-						{
-						if ((	(opp[i] < ' ') &&
-							(opp[i] != '\n') &&
-							(opp[i] != '\r') &&
-							(opp[i] != '\t')) ||
-							(opp[i] > '~'))
-							{
-							printable=0;
-							break;
-							}
-						}
-					if (printable)
-					/* printable string */
-						{
-						if (BIO_write(bp,":",1) <= 0)
-							goto end;
-						if (BIO_write(bp,(const char *)opp,
-							os->length) <= 0)
-							goto end;
-						}
-					else if (!dump)
-					/* not printable => print octet string
-					 * as hex dump */
-						{
-						if (BIO_write(bp,"[HEX DUMP]:",11) <= 0)
-							goto end;
-						for (i=0; i<os->length; i++)
-							{
-							if (BIO_printf(bp,"%02X"
-								, opp[i]) <= 0)
-								goto end;
-							}
-						}
-					else
-					/* print the normal dump */
-						{
-						if (!nl) 
-							{
-							if (BIO_write(bp,"\n",1) <= 0)
-								goto end;
-							}
-						if (BIO_dump_indent(bp,
-							(const char *)opp,
-							((dump == -1 || dump > 
-							os->length)?os->length:dump),
-							dump_indent) <= 0)
-							goto end;
-						nl=1;
-						}
-					}
-				if (os != NULL)
-					{
-					M_ASN1_OCTET_STRING_free(os);
-					os=NULL;
-					}
-				}
-			else if (tag == V_ASN1_INTEGER)
-				{
-				ASN1_INTEGER *bs;
-				int i;
-
-				opp=op;
-				bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
-				if (bs != NULL)
-					{
-					if (BIO_write(bp,":",1) <= 0) goto end;
-					if (bs->type == V_ASN1_NEG_INTEGER)
-						if (BIO_write(bp,"-",1) <= 0)
-							goto end;
-					for (i=0; i<bs->length; i++)
-						{
-						if (BIO_printf(bp,"%02X",
-							bs->data[i]) <= 0)
-							goto end;
-						}
-					if (bs->length == 0)
-						{
-						if (BIO_write(bp,"00",2) <= 0)
-							goto end;
-						}
-					}
-				else
-					{
-					if (BIO_write(bp,"BAD INTEGER",11) <= 0)
-						goto end;
-					}
-				M_ASN1_INTEGER_free(bs);
-				}
-			else if (tag == V_ASN1_ENUMERATED)
-				{
-				ASN1_ENUMERATED *bs;
-				int i;
-
-				opp=op;
-				bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
-				if (bs != NULL)
-					{
-					if (BIO_write(bp,":",1) <= 0) goto end;
-					if (bs->type == V_ASN1_NEG_ENUMERATED)
-						if (BIO_write(bp,"-",1) <= 0)
-							goto end;
-					for (i=0; i<bs->length; i++)
-						{
-						if (BIO_printf(bp,"%02X",
-							bs->data[i]) <= 0)
-							goto end;
-						}
-					if (bs->length == 0)
-						{
-						if (BIO_write(bp,"00",2) <= 0)
-							goto end;
-						}
-					}
-				else
-					{
-					if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)
-						goto end;
-					}
-				M_ASN1_ENUMERATED_free(bs);
-				}
-			else if (len > 0 && dump)
-				{
-				if (!nl) 
-					{
-					if (BIO_write(bp,"\n",1) <= 0)
-						goto end;
-					}
-				if (BIO_dump_indent(bp,(const char *)p,
-					((dump == -1 || dump > len)?len:dump),
-					dump_indent) <= 0)
-					goto end;
-				nl=1;
-				}
-
-			if (!nl) 
-				{
-				if (BIO_write(bp,"\n",1) <= 0) goto end;
-				}
-			p+=len;
-			if ((tag == V_ASN1_EOC) && (xclass == 0))
-				{
-				ret=2; /* End of sequence */
-				goto end;
-				}
-			}
-		length-=len;
-		}
-	ret=1;
-end:
-	if (o != NULL) ASN1_OBJECT_free(o);
-	if (os != NULL) M_ASN1_OCTET_STRING_free(os);
-	*pp=p;
-	return(ret);
-	}
-
-const char *ASN1_tag2str(int tag)
-{
-	static const char * const tag2str[] = {
-	 "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
-	 "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
-	 "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>", 	    /* 10-13 */
-	"<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET", 		    /* 15-17 */
-	"NUMERICSTRING", "PRINTABLESTRING", "T61STRING",	    /* 18-20 */
-	"VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */
-	"GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",	    /* 25-27 */
-	"UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"		    /* 28-30 */
-	};
-
-	if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
-							tag &= ~0x100;
-
-	if(tag < 0 || tag > 30) return "(unknown)";
-	return tag2str[tag];
-}
-
diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h
deleted file mode 100644
index d230e4bf70..0000000000
--- a/crypto/asn1/asn1t.h
+++ /dev/null
@@ -1,960 +0,0 @@
-/* asn1t.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_ASN1T_H
-#define HEADER_ASN1T_H
-
-#include <stddef.h>
-#include <openssl/e_os2.h>
-#include <openssl/asn1.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-/* ASN1 template defines, structures and functions */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
-
-
-/* Macros for start and end of ASN1_ITEM definition */
-
-#define ASN1_ITEM_start(itname) \
-	OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
-
-#define ASN1_ITEM_end(itname) \
-		};
-
-#else
-
-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
-
-
-/* Macros for start and end of ASN1_ITEM definition */
-
-#define ASN1_ITEM_start(itname) \
-	const ASN1_ITEM * itname##_it(void) \
-	{ \
-		static const ASN1_ITEM local_it = { 
-
-#define ASN1_ITEM_end(itname) \
-		}; \
-	return &local_it; \
-	}
-
-#endif
-
-
-/* Macros to aid ASN1 template writing */
-
-#define ASN1_ITEM_TEMPLATE(tname) \
-	static const ASN1_TEMPLATE tname##_item_tt 
-
-#define ASN1_ITEM_TEMPLATE_END(tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_PRIMITIVE,\
-		-1,\
-		&tname##_item_tt,\
-		0,\
-		NULL,\
-		0,\
-		#tname \
-	ASN1_ITEM_end(tname)
-
-
-/* This is a ASN1 type which just embeds a template */
- 
-/* This pair helps declare a SEQUENCE. We can do:
- *
- * 	ASN1_SEQUENCE(stname) = {
- * 		... SEQUENCE components ...
- * 	} ASN1_SEQUENCE_END(stname)
- *
- * 	This will produce an ASN1_ITEM called stname_it
- *	for a structure called stname.
- *
- * 	If you want the same structure but a different
- *	name then use:
- *
- * 	ASN1_SEQUENCE(itname) = {
- * 		... SEQUENCE components ...
- * 	} ASN1_SEQUENCE_END_name(stname, itname)
- *
- *	This will create an item called itname_it using
- *	a structure called stname.
- */
-
-#define ASN1_SEQUENCE(tname) \
-	static const ASN1_TEMPLATE tname##_seq_tt[] 
-
-#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
-
-#define ASN1_SEQUENCE_END_name(stname, tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_SEQUENCE,\
-		V_ASN1_SEQUENCE,\
-		tname##_seq_tt,\
-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-		NULL,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-#define ASN1_NDEF_SEQUENCE(tname) \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
-	ASN1_SEQUENCE_cb(tname, cb)
-
-#define ASN1_SEQUENCE_cb(tname, cb) \
-	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_BROKEN_SEQUENCE(tname) \
-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_SEQUENCE_ref(tname, cb, lck) \
-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_SEQUENCE_enc(tname, enc, cb) \
-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_NDEF_SEQUENCE_END(tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_NDEF_SEQUENCE,\
-		V_ASN1_SEQUENCE,\
-		tname##_seq_tt,\
-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-		NULL,\
-		sizeof(tname),\
-		#tname \
-	ASN1_ITEM_end(tname)
-
-#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
-
-#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-
-#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-
-#define ASN1_SEQUENCE_END_ref(stname, tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_SEQUENCE,\
-		V_ASN1_SEQUENCE,\
-		tname##_seq_tt,\
-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-		&tname##_aux,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_NDEF_SEQUENCE,\
-		V_ASN1_SEQUENCE,\
-		tname##_seq_tt,\
-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-		&tname##_aux,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-
-/* This pair helps declare a CHOICE type. We can do:
- *
- * 	ASN1_CHOICE(chname) = {
- * 		... CHOICE options ...
- * 	ASN1_CHOICE_END(chname)
- *
- * 	This will produce an ASN1_ITEM called chname_it
- *	for a structure called chname. The structure
- *	definition must look like this:
- *	typedef struct {
- *		int type;
- *		union {
- *			ASN1_SOMETHING *opt1;
- *			ASN1_SOMEOTHER *opt2;
- *		} value;
- *	} chname;
- *	
- *	the name of the selector must be 'type'.
- * 	to use an alternative selector name use the
- *      ASN1_CHOICE_END_selector() version.
- */
-
-#define ASN1_CHOICE(tname) \
-	static const ASN1_TEMPLATE tname##_ch_tt[] 
-
-#define ASN1_CHOICE_cb(tname, cb) \
-	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
-	ASN1_CHOICE(tname)
-
-#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
-
-#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
-
-#define ASN1_CHOICE_END_selector(stname, tname, selname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_CHOICE,\
-		offsetof(stname,selname) ,\
-		tname##_ch_tt,\
-		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
-		NULL,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-#define ASN1_CHOICE_END_cb(stname, tname, selname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_CHOICE,\
-		offsetof(stname,selname) ,\
-		tname##_ch_tt,\
-		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
-		&tname##_aux,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-/* This helps with the template wrapper form of ASN1_ITEM */
-
-#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
-	(flags), (tag), 0,\
-	#name, ASN1_ITEM_ref(type) }
-
-/* These help with SEQUENCE or CHOICE components */
-
-/* used to declare other types */
-
-#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
-	(flags), (tag), offsetof(stname, field),\
-	#field, ASN1_ITEM_ref(type) }
-
-/* used when the structure is combined with the parent */
-
-#define ASN1_EX_COMBINE(flags, tag, type) { \
-	(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
-
-/* implicit and explicit helper macros */
-
-#define ASN1_IMP_EX(stname, field, type, tag, ex) \
-		ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
-
-#define ASN1_EXP_EX(stname, field, type, tag, ex) \
-		ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
-
-/* Any defined by macros: the field used is in the table itself */
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
-#else
-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
-#endif
-/* Plain simple type */
-#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
-
-/* OPTIONAL simple type */
-#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* IMPLICIT tagged simple type */
-#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
-
-/* IMPLICIT tagged OPTIONAL simple type */
-#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
-
-/* Same as above but EXPLICIT */
-
-#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
-#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
-
-/* SEQUENCE OF type */
-#define ASN1_SEQUENCE_OF(stname, field, type) \
-		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
-
-/* OPTIONAL SEQUENCE OF */
-#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
-		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* Same as above but for SET OF */
-
-#define ASN1_SET_OF(stname, field, type) \
-		ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
-
-#define ASN1_SET_OF_OPT(stname, field, type) \
-		ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
-
-#define ASN1_IMP_SET_OF(stname, field, type, tag) \
-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
-
-#define ASN1_EXP_SET_OF(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
-
-#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
-
-#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
-
-#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
-
-/* EXPLICIT using indefinite length constructed form */
-#define ASN1_NDEF_EXP(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
-
-/* EXPLICIT OPTIONAL using indefinite length constructed form */
-#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
-
-/* Macros for the ASN1_ADB structure */
-
-#define ASN1_ADB(name) \
-	static const ASN1_ADB_TABLE name##_adbtbl[] 
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
-	;\
-	static const ASN1_ADB name##_adb = {\
-		flags,\
-		offsetof(name, field),\
-		app_table,\
-		name##_adbtbl,\
-		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
-		def,\
-		none\
-	}
-
-#else
-
-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
-	;\
-	static const ASN1_ITEM *name##_adb(void) \
-	{ \
-	static const ASN1_ADB internal_adb = \
-		{\
-		flags,\
-		offsetof(name, field),\
-		app_table,\
-		name##_adbtbl,\
-		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
-		def,\
-		none\
-		}; \
-		return (const ASN1_ITEM *) &internal_adb; \
-	} \
-	void dummy_function(void)
-
-#endif
-
-#define ADB_ENTRY(val, template) {val, template}
-
-#define ASN1_ADB_TEMPLATE(name) \
-	static const ASN1_TEMPLATE name##_tt 
-
-/* This is the ASN1 template structure that defines
- * a wrapper round the actual type. It determines the
- * actual position of the field in the value structure,
- * various flags such as OPTIONAL and the field name.
- */
-
-struct ASN1_TEMPLATE_st {
-unsigned long flags;		/* Various flags */
-long tag;			/* tag, not used if no tagging */
-unsigned long offset;		/* Offset of this field in structure */
-#ifndef NO_ASN1_FIELD_NAMES
-const char *field_name;		/* Field name */
-#endif
-ASN1_ITEM_EXP *item;		/* Relevant ASN1_ITEM or ASN1_ADB */
-};
-
-/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
-
-#define ASN1_TEMPLATE_item(t) (t->item_ptr)
-#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
-
-typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
-typedef struct ASN1_ADB_st ASN1_ADB;
-
-struct ASN1_ADB_st {
-	unsigned long flags;	/* Various flags */
-	unsigned long offset;	/* Offset of selector field */
-	STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
-	const ASN1_ADB_TABLE *tbl;	/* Table of possible types */
-	long tblcount;		/* Number of entries in tbl */
-	const ASN1_TEMPLATE *default_tt;  /* Type to use if no match */
-	const ASN1_TEMPLATE *null_tt;  /* Type to use if selector is NULL */
-};
-
-struct ASN1_ADB_TABLE_st {
-	long value;		/* NID for an object or value for an int */
-	const ASN1_TEMPLATE tt;		/* item for this value */
-};
-
-/* template flags */
-
-/* Field is optional */
-#define ASN1_TFLG_OPTIONAL	(0x1)
-
-/* Field is a SET OF */
-#define ASN1_TFLG_SET_OF	(0x1 << 1)
-
-/* Field is a SEQUENCE OF */
-#define ASN1_TFLG_SEQUENCE_OF	(0x2 << 1)
-
-/* Special case: this refers to a SET OF that
- * will be sorted into DER order when encoded *and*
- * the corresponding STACK will be modified to match
- * the new order.
- */
-#define ASN1_TFLG_SET_ORDER	(0x3 << 1)
-
-/* Mask for SET OF or SEQUENCE OF */
-#define ASN1_TFLG_SK_MASK	(0x3 << 1)
-
-/* These flags mean the tag should be taken from the
- * tag field. If EXPLICIT then the underlying type
- * is used for the inner tag.
- */
-
-/* IMPLICIT tagging */
-#define ASN1_TFLG_IMPTAG	(0x1 << 3)
-
-
-/* EXPLICIT tagging, inner tag from underlying type */
-#define ASN1_TFLG_EXPTAG	(0x2 << 3)
-
-#define ASN1_TFLG_TAG_MASK	(0x3 << 3)
-
-/* context specific IMPLICIT */
-#define ASN1_TFLG_IMPLICIT	ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
-
-/* context specific EXPLICIT */
-#define ASN1_TFLG_EXPLICIT	ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
-
-/* If tagging is in force these determine the
- * type of tag to use. Otherwise the tag is
- * determined by the underlying type. These 
- * values reflect the actual octet format.
- */
-
-/* Universal tag */ 
-#define ASN1_TFLG_UNIVERSAL	(0x0<<6)
-/* Application tag */ 
-#define ASN1_TFLG_APPLICATION	(0x1<<6)
-/* Context specific tag */ 
-#define ASN1_TFLG_CONTEXT	(0x2<<6)
-/* Private tag */ 
-#define ASN1_TFLG_PRIVATE	(0x3<<6)
-
-#define ASN1_TFLG_TAG_CLASS	(0x3<<6)
-
-/* These are for ANY DEFINED BY type. In this case
- * the 'item' field points to an ASN1_ADB structure
- * which contains a table of values to decode the
- * relevant type
- */
-
-#define ASN1_TFLG_ADB_MASK	(0x3<<8)
-
-#define ASN1_TFLG_ADB_OID	(0x1<<8)
-
-#define ASN1_TFLG_ADB_INT	(0x1<<9)
-
-/* This flag means a parent structure is passed
- * instead of the field: this is useful is a
- * SEQUENCE is being combined with a CHOICE for
- * example. Since this means the structure and
- * item name will differ we need to use the
- * ASN1_CHOICE_END_name() macro for example.
- */
-
-#define ASN1_TFLG_COMBINE	(0x1<<10)
-
-/* This flag when present in a SEQUENCE OF, SET OF
- * or EXPLICIT causes indefinite length constructed
- * encoding to be used if required.
- */
-
-#define ASN1_TFLG_NDEF		(0x1<<11)
-
-/* This is the actual ASN1 item itself */
-
-struct ASN1_ITEM_st {
-char itype;			/* The item type, primitive, SEQUENCE, CHOICE or extern */
-long utype;			/* underlying type */
-const ASN1_TEMPLATE *templates;	/* If SEQUENCE or CHOICE this contains the contents */
-long tcount;			/* Number of templates if SEQUENCE or CHOICE */
-const void *funcs;		/* functions that handle this type */
-long size;			/* Structure size (usually)*/
-#ifndef NO_ASN1_FIELD_NAMES
-const char *sname;		/* Structure name */
-#endif
-};
-
-/* These are values for the itype field and
- * determine how the type is interpreted.
- *
- * For PRIMITIVE types the underlying type
- * determines the behaviour if items is NULL.
- *
- * Otherwise templates must contain a single 
- * template and the type is treated in the
- * same way as the type specified in the template.
- *
- * For SEQUENCE types the templates field points
- * to the members, the size field is the
- * structure size.
- *
- * For CHOICE types the templates field points
- * to each possible member (typically a union)
- * and the 'size' field is the offset of the
- * selector.
- *
- * The 'funcs' field is used for application
- * specific functions. 
- *
- * For COMPAT types the funcs field gives a
- * set of functions that handle this type, this
- * supports the old d2i, i2d convention.
- *
- * The EXTERN type uses a new style d2i/i2d.
- * The new style should be used where possible
- * because it avoids things like the d2i IMPLICIT
- * hack.
- *
- * MSTRING is a multiple string type, it is used
- * for a CHOICE of character strings where the
- * actual strings all occupy an ASN1_STRING
- * structure. In this case the 'utype' field
- * has a special meaning, it is used as a mask
- * of acceptable types using the B_ASN1 constants.
- *
- * NDEF_SEQUENCE is the same as SEQUENCE except
- * that it will use indefinite length constructed
- * encoding if requested.
- *
- */
-
-#define ASN1_ITYPE_PRIMITIVE		0x0
-
-#define ASN1_ITYPE_SEQUENCE		0x1
-
-#define ASN1_ITYPE_CHOICE		0x2
-
-#define ASN1_ITYPE_COMPAT		0x3
-
-#define ASN1_ITYPE_EXTERN		0x4
-
-#define ASN1_ITYPE_MSTRING		0x5
-
-#define ASN1_ITYPE_NDEF_SEQUENCE	0x6
-
-/* Cache for ASN1 tag and length, so we
- * don't keep re-reading it for things
- * like CHOICE
- */
-
-struct ASN1_TLC_st{
-	char valid;	/* Values below are valid */
-	int ret;	/* return value */
-	long plen;	/* length */
-	int ptag;	/* class value */
-	int pclass;	/* class value */
-	int hdrlen;	/* header length */
-};
-
-/* Typedefs for ASN1 function pointers */
-
-typedef ASN1_VALUE * ASN1_new_func(void);
-typedef void ASN1_free_func(ASN1_VALUE *a);
-typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);
-typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
-
-typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
-					int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
-typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, 
-						int indent, const char *fname, 
-						const ASN1_PCTX *pctx);
-
-typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx);
-
-typedef struct ASN1_COMPAT_FUNCS_st {
-	ASN1_new_func *asn1_new;
-	ASN1_free_func *asn1_free;
-	ASN1_d2i_func *asn1_d2i;
-	ASN1_i2d_func *asn1_i2d;
-} ASN1_COMPAT_FUNCS;
-
-typedef struct ASN1_EXTERN_FUNCS_st {
-	void *app_data;
-	ASN1_ex_new_func *asn1_ex_new;
-	ASN1_ex_free_func *asn1_ex_free;
-	ASN1_ex_free_func *asn1_ex_clear;
-	ASN1_ex_d2i *asn1_ex_d2i;
-	ASN1_ex_i2d *asn1_ex_i2d;
-	ASN1_ex_print_func *asn1_ex_print;
-} ASN1_EXTERN_FUNCS;
-
-typedef struct ASN1_PRIMITIVE_FUNCS_st {
-	void *app_data;
-	unsigned long flags;
-	ASN1_ex_new_func *prim_new;
-	ASN1_ex_free_func *prim_free;
-	ASN1_ex_free_func *prim_clear;
-	ASN1_primitive_c2i *prim_c2i;
-	ASN1_primitive_i2c *prim_i2c;
-	ASN1_primitive_print *prim_print;
-} ASN1_PRIMITIVE_FUNCS;
-
-/* This is the ASN1_AUX structure: it handles various
- * miscellaneous requirements. For example the use of
- * reference counts and an informational callback.
- *
- * The "informational callback" is called at various
- * points during the ASN1 encoding and decoding. It can
- * be used to provide minor customisation of the structures
- * used. This is most useful where the supplied routines
- * *almost* do the right thing but need some extra help
- * at a few points. If the callback returns zero then
- * it is assumed a fatal error has occurred and the 
- * main operation should be abandoned.
- *
- * If major changes in the default behaviour are required
- * then an external type is more appropriate.
- */
-
-typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
-				void *exarg);
-
-typedef struct ASN1_AUX_st {
-	void *app_data;
-	int flags;
-	int ref_offset;		/* Offset of reference value */
-	int ref_lock;		/* Lock type to use */
-	ASN1_aux_cb *asn1_cb;
-	int enc_offset;		/* Offset of ASN1_ENCODING structure */
-} ASN1_AUX;
-
-/* For print related callbacks exarg points to this structure */
-typedef struct ASN1_PRINT_ARG_st {
-	BIO *out;
-	int indent;
-	const ASN1_PCTX *pctx;
-} ASN1_PRINT_ARG;
-
-/* For streaming related callbacks exarg points to this structure */
-typedef struct ASN1_STREAM_ARG_st {
-	/* BIO to stream through */
-	BIO *out;
-	/* BIO with filters appended */
-	BIO *ndef_bio;
-	/* Streaming I/O boundary */
-	unsigned char **boundary;
-} ASN1_STREAM_ARG;
-
-/* Flags in ASN1_AUX */
-
-/* Use a reference count */
-#define ASN1_AFLG_REFCOUNT	1
-/* Save the encoding of structure (useful for signatures) */
-#define ASN1_AFLG_ENCODING	2
-/* The Sequence length is invalid */
-#define ASN1_AFLG_BROKEN	4
-
-/* operation values for asn1_cb */
-
-#define ASN1_OP_NEW_PRE		0
-#define ASN1_OP_NEW_POST	1
-#define ASN1_OP_FREE_PRE	2
-#define ASN1_OP_FREE_POST	3
-#define ASN1_OP_D2I_PRE		4
-#define ASN1_OP_D2I_POST	5
-#define ASN1_OP_I2D_PRE		6
-#define ASN1_OP_I2D_POST	7
-#define ASN1_OP_PRINT_PRE	8
-#define ASN1_OP_PRINT_POST	9
-#define ASN1_OP_STREAM_PRE	10
-#define ASN1_OP_STREAM_POST	11
-#define ASN1_OP_DETACHED_PRE	12
-#define ASN1_OP_DETACHED_POST	13
-
-/* Macro to implement a primitive type */
-#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
-#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
-				ASN1_ITEM_start(itname) \
-					ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
-				ASN1_ITEM_end(itname)
-
-/* Macro to implement a multi string type */
-#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
-				ASN1_ITEM_start(itname) \
-					ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
-				ASN1_ITEM_end(itname)
-
-/* Macro to implement an ASN1_ITEM in terms of old style funcs */
-
-#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
-
-#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
-	static const ASN1_COMPAT_FUNCS sname##_ff = { \
-		(ASN1_new_func *)sname##_new, \
-		(ASN1_free_func *)sname##_free, \
-		(ASN1_d2i_func *)d2i_##sname, \
-		(ASN1_i2d_func *)i2d_##sname, \
-	}; \
-	ASN1_ITEM_start(sname) \
-		ASN1_ITYPE_COMPAT, \
-		tag, \
-		NULL, \
-		0, \
-		&sname##_ff, \
-		0, \
-		#sname \
-	ASN1_ITEM_end(sname)
-
-#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
-	ASN1_ITEM_start(sname) \
-		ASN1_ITYPE_EXTERN, \
-		tag, \
-		NULL, \
-		0, \
-		&fptrs, \
-		0, \
-		#sname \
-	ASN1_ITEM_end(sname)
-
-/* Macro to implement standard functions in terms of ASN1_ITEM structures */
-
-#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
-			IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
-
-#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
-		IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
-
-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
-		IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
-
-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
-	pre stname *fname##_new(void) \
-	{ \
-		return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
-	} \
-	pre void fname##_free(stname *a) \
-	{ \
-		ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
-	}
-
-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
-	stname *fname##_new(void) \
-	{ \
-		return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
-	} \
-	void fname##_free(stname *a) \
-	{ \
-		ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
-	}
-
-#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
-	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
-	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
-
-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
-	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
-	{ \
-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
-	} \
-	int i2d_##fname(stname *a, unsigned char **out) \
-	{ \
-		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
-	} 
-
-#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
-	int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
-	{ \
-		return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
-	} 
-
-/* This includes evil casts to remove const: they will go away when full
- * ASN1 constification is done.
- */
-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
-	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
-	{ \
-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
-	} \
-	int i2d_##fname(const stname *a, unsigned char **out) \
-	{ \
-		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
-	} 
-
-#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
-	stname * stname##_dup(stname *x) \
-        { \
-        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
-        }
-
-#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
-	IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
-
-#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
-	int fname##_print_ctx(BIO *out, stname *x, int indent, \
-						const ASN1_PCTX *pctx) \
-	{ \
-		return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
-			ASN1_ITEM_rptr(itname), pctx); \
-	} 
-
-#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
-		IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
-	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
-	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
-
-/* external definitions for primitive types */
-
-DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
-DECLARE_ASN1_ITEM(CBIGNUM)
-DECLARE_ASN1_ITEM(BIGNUM)
-DECLARE_ASN1_ITEM(LONG)
-DECLARE_ASN1_ITEM(ZLONG)
-
-DECLARE_STACK_OF(ASN1_VALUE)
-
-/* Functions used internally by the ASN1 code */
-
-int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt);
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
-				int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
-
-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-
-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
-
-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
-
-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
deleted file mode 100644
index 13d003bce3..0000000000
--- a/crypto/asn1/asn_mime.c
+++ /dev/null
@@ -1,953 +0,0 @@
-/* asn_mime.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include "asn1_locl.h"
-
-/* Generalised MIME like utilities for streaming ASN1. Although many
- * have a PKCS7/CMS like flavour others are more general purpose.
- */
-
-/* MIME format structures
- * Note that all are translated to lower case apart from
- * parameter values. Quotes are stripped off
- */
-
-typedef struct {
-char *param_name;			/* Param name e.g. "micalg" */
-char *param_value;			/* Param value e.g. "sha1" */
-} MIME_PARAM;
-
-DECLARE_STACK_OF(MIME_PARAM)
-IMPLEMENT_STACK_OF(MIME_PARAM)
-
-typedef struct {
-char *name;				/* Name of line e.g. "content-type" */
-char *value;				/* Value of line e.g. "text/plain" */
-STACK_OF(MIME_PARAM) *params;		/* Zero or more parameters */
-} MIME_HEADER;
-
-DECLARE_STACK_OF(MIME_HEADER)
-IMPLEMENT_STACK_OF(MIME_HEADER)
-
-static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-					const ASN1_ITEM *it);
-static char * strip_ends(char *name);
-static char * strip_start(char *name);
-static char * strip_end(char *name);
-static MIME_HEADER *mime_hdr_new(char *name, char *value);
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
-			const MIME_HEADER * const *b);
-static int mime_param_cmp(const MIME_PARAM * const *a,
-			const MIME_PARAM * const *b);
-static void mime_param_free(MIME_PARAM *param);
-static int mime_bound_check(char *line, int linelen, char *bound, int blen);
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
-static int strip_eol(char *linebuf, int *plen);
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
-static void mime_hdr_free(MIME_HEADER *hdr);
-
-#define MAX_SMLEN 1024
-#define mime_debug(x) /* x */
-
-/* Output an ASN1 structure in BER format streaming if necessary */
-
-int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-				const ASN1_ITEM *it)
-	{
-	/* If streaming create stream BIO and copy all content through it */
-	if (flags & SMIME_STREAM)
-		{
-		BIO *bio, *tbio;
-		bio = BIO_new_NDEF(out, val, it);
-		if (!bio)
-			{
-			ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		SMIME_crlf_copy(in, bio, flags);
-		(void)BIO_flush(bio);
-		/* Free up successive BIOs until we hit the old output BIO */
-		do
-			{
-			tbio = BIO_pop(bio);
-			BIO_free(bio);
-			bio = tbio;
-			} while (bio != out);
-		}
-	/* else just write out ASN1 structure which will have all content
-	 * stored internally
-	 */
-	else
-		ASN1_item_i2d_bio(it, out, val);
-	return 1;
-	}
-
-/* Base 64 read and write of ASN1 structure */
-
-static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-				const ASN1_ITEM *it)
-	{
-	BIO *b64;
-	int r;
-	b64 = BIO_new(BIO_f_base64());
-	if(!b64)
-		{
-		ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	/* prepend the b64 BIO so all data is base64 encoded.
-	 */
-	out = BIO_push(b64, out);
-	r = i2d_ASN1_bio_stream(out, val, in, flags, it);
-	(void)BIO_flush(out);
-	BIO_pop(out);
-	BIO_free(b64);
-	return r;
-	}
-
-/* Streaming ASN1 PEM write */
-
-int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-				const char *hdr,
-				const ASN1_ITEM *it)
-	{
-	int r;
-	BIO_printf(out, "-----BEGIN %s-----\n", hdr);
-	r = B64_write_ASN1(out, val, in, flags, it);
-	BIO_printf(out, "-----END %s-----\n", hdr);
-	return r;
-	}
-
-static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
-{
-	BIO *b64;
-	ASN1_VALUE *val;
-	if(!(b64 = BIO_new(BIO_f_base64()))) {
-		ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	bio = BIO_push(b64, bio);
-	val = ASN1_item_d2i_bio(it, bio, NULL);
-	if(!val)
-		ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR);
-	(void)BIO_flush(bio);
-	bio = BIO_pop(bio);
-	BIO_free(b64);
-	return val;
-}
-
-/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
-
-static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
-	{
-	const EVP_MD *md;
-	int i, have_unknown = 0, write_comma, ret = 0, md_nid;
-	have_unknown = 0;
-	write_comma = 0;
-	for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
-		{
-		if (write_comma)
-			BIO_write(out, ",", 1);
-		write_comma = 1;
-		md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
-		md = EVP_get_digestbynid(md_nid);
-		if (md && md->md_ctrl)
-			{
-			int rv;
-			char *micstr;
-			rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr);
-			if (rv > 0)
-				{
-				BIO_puts(out, micstr);
-				OPENSSL_free(micstr);
-				continue;
-				}
-			if (rv != -2)
-				goto err;
-			}
-		switch(md_nid)
-			{
-			case NID_sha1:
-			BIO_puts(out, "sha1");
-			break;
-
-			case NID_md5:
-			BIO_puts(out, "md5");
-			break;
-
-			case NID_sha256:
-			BIO_puts(out, "sha-256");
-			break;
-
-			case NID_sha384:
-			BIO_puts(out, "sha-384");
-			break;
-
-			case NID_sha512:
-			BIO_puts(out, "sha-512");
-			break;
-
-			case NID_id_GostR3411_94:
-			BIO_puts(out, "gostr3411-94");
-				goto err;
-			break;
-
-			default:
-			if (have_unknown)
-				write_comma = 0;
-			else
-				{
-				BIO_puts(out, "unknown");
-				have_unknown = 1;
-				}
-			break;
-
-			}
-		}
-
-	ret = 1;
-	err:
-
-	return ret;
-
-	}
-
-/* SMIME sender */
-
-int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
-				int ctype_nid, int econt_nid,
-				STACK_OF(X509_ALGOR) *mdalgs,
-				const ASN1_ITEM *it)
-{
-	char bound[33], c;
-	int i;
-	const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
-	const char *msg_type=NULL;
-	if (flags & SMIME_OLDMIME)
-		mime_prefix = "application/x-pkcs7-";
-	else
-		mime_prefix = "application/pkcs7-";
-
-	if (flags & SMIME_CRLFEOL)
-		mime_eol = "\r\n";
-	else
-		mime_eol = "\n";
-	if((flags & SMIME_DETACHED) && data) {
-	/* We want multipart/signed */
-		/* Generate a random boundary */
-		RAND_pseudo_bytes((unsigned char *)bound, 32);
-		for(i = 0; i < 32; i++) {
-			c = bound[i] & 0xf;
-			if(c < 10) c += '0';
-			else c += 'A' - 10;
-			bound[i] = c;
-		}
-		bound[32] = 0;
-		BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-		BIO_printf(bio, "Content-Type: multipart/signed;");
-		BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
-		BIO_puts(bio, " micalg=\"");
-		asn1_write_micalg(bio, mdalgs);
-		BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
-						bound, mime_eol, mime_eol);
-		BIO_printf(bio, "This is an S/MIME signed message%s%s",
-						mime_eol, mime_eol);
-		/* Now write out the first part */
-		BIO_printf(bio, "------%s%s", bound, mime_eol);
-		if (!asn1_output_data(bio, data, val, flags, it))
-			return 0;
-		BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
-
-		/* Headers for signature */
-
-		BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
-		BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
-		BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
-								mime_eol);
-		BIO_printf(bio, "Content-Disposition: attachment;");
-		BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
-							mime_eol, mime_eol);
-		B64_write_ASN1(bio, val, NULL, 0, it);
-		BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
-							mime_eol, mime_eol);
-		return 1;
-	}
-
-	/* Determine smime-type header */
-
-	if (ctype_nid == NID_pkcs7_enveloped)
-		msg_type = "enveloped-data";
-	else if (ctype_nid == NID_pkcs7_signed)
-		{
-		if (econt_nid == NID_id_smime_ct_receipt)
-			msg_type = "signed-receipt";
-		else if (sk_X509_ALGOR_num(mdalgs) >= 0)
-			msg_type = "signed-data";
-		else
-			msg_type = "certs-only";
-		}
-	else if (ctype_nid == NID_id_smime_ct_compressedData)
-		{
-		msg_type = "compressed-data";
-		cname = "smime.p7z";
-		}
-	/* MIME headers */
-	BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-	BIO_printf(bio, "Content-Disposition: attachment;");
-	BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
-	BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
-	if (msg_type)
-		BIO_printf(bio, " smime-type=%s;", msg_type);
-	BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
-	BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
-						mime_eol, mime_eol);
-	if (!B64_write_ASN1(bio, val, data, flags, it))
-		return 0;
-	BIO_printf(bio, "%s", mime_eol);
-	return 1;
-}
-
-/* Handle output of ASN1 data */
-
-
-static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-					const ASN1_ITEM *it)
-	{
-	BIO *tmpbio;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_STREAM_ARG sarg;
-	int rv = 1;
-
-	/* If data is not deteched or resigning then the output BIO is
-	 * already set up to finalise when it is written through.
-	 */
-	if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST))
-		{
-		SMIME_crlf_copy(data, out, flags);
-		return 1;
-		}
-
-	if (!aux || !aux->asn1_cb)
-		{
-		ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
-					ASN1_R_STREAMING_NOT_SUPPORTED);
-		return 0;
-		}
-
-	sarg.out = out;
-	sarg.ndef_bio = NULL;
-	sarg.boundary = NULL;
-
-	/* Let ASN1 code prepend any needed BIOs */
-
-	if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
-		return 0;
-
-	/* Copy data across, passing through filter BIOs for processing */
-	SMIME_crlf_copy(data, sarg.ndef_bio, flags);
-
-	/* Finalize structure */
-	if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
-		rv = 0;
-
-	/* Now remove any digests prepended to the BIO */
-
-	while (sarg.ndef_bio != out)
-		{
-		tmpbio = BIO_pop(sarg.ndef_bio);
-		BIO_free(sarg.ndef_bio);
-		sarg.ndef_bio = tmpbio;
-		}
-
-	return rv;
-
-	}
-
-/* SMIME reader: handle multipart/signed and opaque signing.
- * in multipart case the content is placed in a memory BIO
- * pointed to by "bcont". In opaque this is set to NULL
- */
-
-ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
-{
-	BIO *asnin;
-	STACK_OF(MIME_HEADER) *headers = NULL;
-	STACK_OF(BIO) *parts = NULL;
-	MIME_HEADER *hdr;
-	MIME_PARAM *prm;
-	ASN1_VALUE *val;
-	int ret;
-
-	if(bcont) *bcont = NULL;
-
-	if (!(headers = mime_parse_hdr(bio))) {
-		ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR);
-		return NULL;
-	}
-
-	if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
-		return NULL;
-	}
-
-	/* Handle multipart/signed */
-
-	if(!strcmp(hdr->value, "multipart/signed")) {
-		/* Split into two parts */
-		prm = mime_param_find(hdr, "boundary");
-		if(!prm || !prm->param_value) {
-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-			ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
-			return NULL;
-		}
-		ret = multi_split(bio, prm->param_value, &parts);
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		if(!ret || (sk_BIO_num(parts) != 2) ) {
-			ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
-			sk_BIO_pop_free(parts, BIO_vfree);
-			return NULL;
-		}
-
-		/* Parse the signature piece */
-		asnin = sk_BIO_value(parts, 1);
-
-		if (!(headers = mime_parse_hdr(asnin))) {
-			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR);
-			sk_BIO_pop_free(parts, BIO_vfree);
-			return NULL;
-		}
-
-		/* Get content type */
-
-		if(!(hdr = mime_hdr_find(headers, "content-type")) ||
-								 !hdr->value) {
-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-			ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
-			return NULL;
-		}
-
-		if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
-			strcmp(hdr->value, "application/pkcs7-signature")) {
-			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
-			ERR_add_error_data(2, "type: ", hdr->value);
-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-			sk_BIO_pop_free(parts, BIO_vfree);
-			return NULL;
-		}
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		/* Read in ASN1 */
-		if(!(val = b64_read_asn1(asnin, it))) {
-			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR);
-			sk_BIO_pop_free(parts, BIO_vfree);
-			return NULL;
-		}
-
-		if(bcont) {
-			*bcont = sk_BIO_value(parts, 0);
-			BIO_free(asnin);
-			sk_BIO_free(parts);
-		} else sk_BIO_pop_free(parts, BIO_vfree);
-		return val;
-	}
-		
-	/* OK, if not multipart/signed try opaque signature */
-
-	if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
-	    strcmp (hdr->value, "application/pkcs7-mime")) {
-		ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE);
-		ERR_add_error_data(2, "type: ", hdr->value);
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		return NULL;
-	}
-
-	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-	
-	if(!(val = b64_read_asn1(bio, it))) {
-		ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
-		return NULL;
-	}
-	return val;
-
-}
-
-/* Copy text from one BIO to another making the output CRLF at EOL */
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
-{
-	BIO *bf;
-	char eol;
-	int len;
-	char linebuf[MAX_SMLEN];
-	/* Buffer output so we don't write one line at a time. This is
-	 * useful when streaming as we don't end up with one OCTET STRING
-	 * per line.
-	 */
-	bf = BIO_new(BIO_f_buffer());
-	if (!bf)
-		return 0;
-	out = BIO_push(bf, out);
-	if(flags & SMIME_BINARY)
-		{
-		while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
-						BIO_write(out, linebuf, len);
-		}
-	else
-		{
-		if(flags & SMIME_TEXT)
-			BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
-		while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0)
-			{
-			eol = strip_eol(linebuf, &len);
-			if (len)
-				BIO_write(out, linebuf, len);
-			if(eol) BIO_write(out, "\r\n", 2);
-			}
-		}
-	(void)BIO_flush(out);
-	BIO_pop(out);
-	BIO_free(bf);
-	return 1;
-}
-
-/* Strip off headers if they are text/plain */
-int SMIME_text(BIO *in, BIO *out)
-{
-	char iobuf[4096];
-	int len;
-	STACK_OF(MIME_HEADER) *headers;
-	MIME_HEADER *hdr;
-
-	if (!(headers = mime_parse_hdr(in))) {
-		ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR);
-		return 0;
-	}
-	if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-		ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE);
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		return 0;
-	}
-	if (strcmp (hdr->value, "text/plain")) {
-		ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE);
-		ERR_add_error_data(2, "type: ", hdr->value);
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		return 0;
-	}
-	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-	while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
-						BIO_write(out, iobuf, len);
-	if (len < 0)
-		return 0;
-	return 1;
-}
-
-/* Split a multipart/XXX message body into component parts: result is
- * canonical parts in a STACK of bios
- */
-
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
-{
-	char linebuf[MAX_SMLEN];
-	int len, blen;
-	int eol = 0, next_eol = 0;
-	BIO *bpart = NULL;
-	STACK_OF(BIO) *parts;
-	char state, part, first;
-
-	blen = strlen(bound);
-	part = 0;
-	state = 0;
-	first = 1;
-	parts = sk_BIO_new_null();
-	*ret = parts;
-	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-		state = mime_bound_check(linebuf, len, bound, blen);
-		if(state == 1) {
-			first = 1;
-			part++;
-		} else if(state == 2) {
-			sk_BIO_push(parts, bpart);
-			return 1;
-		} else if(part) {
-			/* Strip CR+LF from linebuf */
-			next_eol = strip_eol(linebuf, &len);
-			if(first) {
-				first = 0;
-				if(bpart) sk_BIO_push(parts, bpart);
-				bpart = BIO_new(BIO_s_mem());
-				BIO_set_mem_eof_return(bpart, 0);
-			} else if (eol)
-				BIO_write(bpart, "\r\n", 2);
-			eol = next_eol;
-			if (len)
-				BIO_write(bpart, linebuf, len);
-		}
-	}
-	return 0;
-}
-
-/* This is the big one: parse MIME header lines up to message body */
-
-#define MIME_INVALID	0
-#define MIME_START	1
-#define MIME_TYPE	2
-#define MIME_NAME	3
-#define MIME_VALUE	4
-#define MIME_QUOTE	5
-#define MIME_COMMENT	6
-
-
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
-{
-	char *p, *q, c;
-	char *ntmp;
-	char linebuf[MAX_SMLEN];
-	MIME_HEADER *mhdr = NULL;
-	STACK_OF(MIME_HEADER) *headers;
-	int len, state, save_state = 0;
-
-	headers = sk_MIME_HEADER_new(mime_hdr_cmp);
-	if (!headers)
-		return NULL;
-	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-	/* If whitespace at line start then continuation line */
-	if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
-	else state = MIME_START;
-	ntmp = NULL;
-	/* Go through all characters */
-	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
-
-	/* State machine to handle MIME headers
-	 * if this looks horrible that's because it *is*
-         */
-
-		switch(state) {
-			case MIME_START:
-			if(c == ':') {
-				state = MIME_TYPE;
-				*p = 0;
-				ntmp = strip_ends(q);
-				q = p + 1;
-			}
-			break;
-
-			case MIME_TYPE:
-			if(c == ';') {
-				mime_debug("Found End Value\n");
-				*p = 0;
-				mhdr = mime_hdr_new(ntmp, strip_ends(q));
-				sk_MIME_HEADER_push(headers, mhdr);
-				ntmp = NULL;
-				q = p + 1;
-				state = MIME_NAME;
-			} else if(c == '(') {
-				save_state = state;
-				state = MIME_COMMENT;
-			}
-			break;
-
-			case MIME_COMMENT:
-			if(c == ')') {
-				state = save_state;
-			}
-			break;
-
-			case MIME_NAME:
-			if(c == '=') {
-				state = MIME_VALUE;
-				*p = 0;
-				ntmp = strip_ends(q);
-				q = p + 1;
-			}
-			break ;
-
-			case MIME_VALUE:
-			if(c == ';') {
-				state = MIME_NAME;
-				*p = 0;
-				mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-				ntmp = NULL;
-				q = p + 1;
-			} else if (c == '"') {
-				mime_debug("Found Quote\n");
-				state = MIME_QUOTE;
-			} else if(c == '(') {
-				save_state = state;
-				state = MIME_COMMENT;
-			}
-			break;
-
-			case MIME_QUOTE:
-			if(c == '"') {
-				mime_debug("Found Match Quote\n");
-				state = MIME_VALUE;
-			}
-			break;
-		}
-	}
-
-	if(state == MIME_TYPE) {
-		mhdr = mime_hdr_new(ntmp, strip_ends(q));
-		sk_MIME_HEADER_push(headers, mhdr);
-	} else if(state == MIME_VALUE)
-			 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-	if(p == linebuf) break;	/* Blank line means end of headers */
-}
-
-return headers;
-
-}
-
-static char *strip_ends(char *name)
-{
-	return strip_end(strip_start(name));
-}
-
-/* Strip a parameter of whitespace from start of param */
-static char *strip_start(char *name)
-{
-	char *p, c;
-	/* Look for first non white space or quote */
-	for(p = name; (c = *p) ;p++) {
-		if(c == '"') {
-			/* Next char is start of string if non null */
-			if(p[1]) return p + 1;
-			/* Else null string */
-			return NULL;
-		}
-		if(!isspace((unsigned char)c)) return p;
-	}
-	return NULL;
-}
-
-/* As above but strip from end of string : maybe should handle brackets? */
-static char *strip_end(char *name)
-{
-	char *p, c;
-	if(!name) return NULL;
-	/* Look for first non white space or quote */
-	for(p = name + strlen(name) - 1; p >= name ;p--) {
-		c = *p;
-		if(c == '"') {
-			if(p - 1 == name) return NULL;
-			*p = 0;
-			return name;
-		}
-		if(isspace((unsigned char)c)) *p = 0;	
-		else return name;
-	}
-	return NULL;
-}
-
-static MIME_HEADER *mime_hdr_new(char *name, char *value)
-{
-	MIME_HEADER *mhdr;
-	char *tmpname, *tmpval, *p;
-	int c;
-	if(name) {
-		if(!(tmpname = BUF_strdup(name))) return NULL;
-		for(p = tmpname ; *p; p++) {
-			c = (unsigned char)*p;
-			if(isupper(c)) {
-				c = tolower(c);
-				*p = c;
-			}
-		}
-	} else tmpname = NULL;
-	if(value) {
-		if(!(tmpval = BUF_strdup(value))) return NULL;
-		for(p = tmpval ; *p; p++) {
-			c = (unsigned char)*p;
-			if(isupper(c)) {
-				c = tolower(c);
-				*p = c;
-			}
-		}
-	} else tmpval = NULL;
-	mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
-	if(!mhdr) return NULL;
-	mhdr->name = tmpname;
-	mhdr->value = tmpval;
-	if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
-	return mhdr;
-}
-		
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
-{
-	char *tmpname, *tmpval, *p;
-	int c;
-	MIME_PARAM *mparam;
-	if(name) {
-		tmpname = BUF_strdup(name);
-		if(!tmpname) return 0;
-		for(p = tmpname ; *p; p++) {
-			c = (unsigned char)*p;
-			if(isupper(c)) {
-				c = tolower(c);
-				*p = c;
-			}
-		}
-	} else tmpname = NULL;
-	if(value) {
-		tmpval = BUF_strdup(value);
-		if(!tmpval) return 0;
-	} else tmpval = NULL;
-	/* Parameter values are case sensitive so leave as is */
-	mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
-	if(!mparam) return 0;
-	mparam->param_name = tmpname;
-	mparam->param_value = tmpval;
-	sk_MIME_PARAM_push(mhdr->params, mparam);
-	return 1;
-}
-
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
-			const MIME_HEADER * const *b)
-{
-	if (!(*a)->name || !(*b)->name)
-		return !!(*a)->name - !!(*b)->name;
-
-	return(strcmp((*a)->name, (*b)->name));
-}
-
-static int mime_param_cmp(const MIME_PARAM * const *a,
-			const MIME_PARAM * const *b)
-{
-	if (!(*a)->param_name || !(*b)->param_name)
-		return !!(*a)->param_name - !!(*b)->param_name;
-	return(strcmp((*a)->param_name, (*b)->param_name));
-}
-
-/* Find a header with a given name (if possible) */
-
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
-{
-	MIME_HEADER htmp;
-	int idx;
-	htmp.name = name;
-	idx = sk_MIME_HEADER_find(hdrs, &htmp);
-	if(idx < 0) return NULL;
-	return sk_MIME_HEADER_value(hdrs, idx);
-}
-
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
-{
-	MIME_PARAM param;
-	int idx;
-	param.param_name = name;
-	idx = sk_MIME_PARAM_find(hdr->params, &param);
-	if(idx < 0) return NULL;
-	return sk_MIME_PARAM_value(hdr->params, idx);
-}
-
-static void mime_hdr_free(MIME_HEADER *hdr)
-{
-	if(hdr->name) OPENSSL_free(hdr->name);
-	if(hdr->value) OPENSSL_free(hdr->value);
-	if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
-	OPENSSL_free(hdr);
-}
-
-static void mime_param_free(MIME_PARAM *param)
-{
-	if(param->param_name) OPENSSL_free(param->param_name);
-	if(param->param_value) OPENSSL_free(param->param_value);
-	OPENSSL_free(param);
-}
-
-/* Check for a multipart boundary. Returns:
- * 0 : no boundary
- * 1 : part boundary
- * 2 : final boundary
- */
-static int mime_bound_check(char *line, int linelen, char *bound, int blen)
-{
-	if(linelen == -1) linelen = strlen(line);
-	if(blen == -1) blen = strlen(bound);
-	/* Quickly eliminate if line length too short */
-	if(blen + 2 > linelen) return 0;
-	/* Check for part boundary */
-	if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
-		if(!strncmp(line + blen + 2, "--", 2)) return 2;
-		else return 1;
-	}
-	return 0;
-}
-
-static int strip_eol(char *linebuf, int *plen)
-	{
-	int len = *plen;
-	char *p, c;
-	int is_eol = 0;
-	p = linebuf + len - 1;
-	for (p = linebuf + len - 1; len > 0; len--, p--)
-		{
-		c = *p;
-		if (c == '\n')
-			is_eol = 1;
-		else if (c != '\r')
-			break;
-		}
-	*plen = len;
-	return is_eol;
-	}
diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
deleted file mode 100644
index 1ea6a59248..0000000000
--- a/crypto/asn1/asn_moid.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/* asn_moid.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-
-/* Simple ASN1 OID module: add all objects in a given section */
-
-static int do_create(char *value, char *name);
-
-static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
-	{
-	int i;
-	const char *oid_section;
-	STACK_OF(CONF_VALUE) *sktmp;
-	CONF_VALUE *oval;
-	oid_section = CONF_imodule_get_value(md);
-	if(!(sktmp = NCONF_get_section(cnf, oid_section)))
-		{
-		ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
-		return 0;
-		}
-	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
-		{
-		oval = sk_CONF_VALUE_value(sktmp, i);
-		if(!do_create(oval->value, oval->name))
-			{
-			ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
-			return 0;
-			}
-		}
-	return 1;
-	}
-
-static void oid_module_finish(CONF_IMODULE *md)
-	{
-	OBJ_cleanup();
-	}
-
-void ASN1_add_oid_module(void)
-	{
-	CONF_module_add("oid_section", oid_module_init, oid_module_finish);
-	}
-
-/* Create an OID based on a name value pair. Accept two formats.
- * shortname = 1.2.3.4
- * shortname = some long name, 1.2.3.4
- */
-
-
-static int do_create(char *value, char *name)
-	{
-	int nid;
-	ASN1_OBJECT *oid;
-	char *ln, *ostr, *p, *lntmp;
-	p = strrchr(value, ',');
-	if (!p)
-		{
-		ln = name;
-		ostr = value;
-		}
-	else
-		{
-		ln = NULL;
-		ostr = p + 1;
-		if (!*ostr)
-			return 0;
-		while(isspace((unsigned char)*ostr)) ostr++;
-		}
-
-	nid = OBJ_create(ostr, name, ln);
-
-	if (nid == NID_undef)
-		return 0;
-
-	if (p)
-		{
-		ln = value;
-		while(isspace((unsigned char)*ln)) ln++;
-		p--;
-		while(isspace((unsigned char)*p))
-			{
-			if (p == ln)
-				return 0;
-			p--;
-			}
-		p++;
-		lntmp = OPENSSL_malloc((p - ln) + 1);
-		if (lntmp == NULL)
-			return 0;
-		memcpy(lntmp, ln, p - ln);
-		lntmp[p - ln] = 0;
-		oid = OBJ_nid2obj(nid);
-		oid->ln = lntmp;
-		}
-
-	return 1;
-	}
-		
-		
diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
deleted file mode 100644
index 00dbf5ad3c..0000000000
--- a/crypto/asn1/asn_pack.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/* asn_pack.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-#ifndef NO_ASN1_OLD
-
-/* ASN1 packing and unpacking functions */
-
-/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
-
-STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
-			 d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK))
-{
-    STACK_OF(OPENSSL_BLOCK) *sk;
-    const unsigned char *pbuf;
-    pbuf =  buf;
-    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
-					V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
-		 ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
-    return sk;
-}
-
-/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
- * OPENSSL_malloc'ed buffer
- */
-
-unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
-			     unsigned char **buf, int *len)
-{
-	int safelen;
-	unsigned char *safe, *p;
-	if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
-					      V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
-		ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
-		return NULL;
-	}
-	if (!(safe = OPENSSL_malloc (safelen))) {
-		ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	p = safe;
-	i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
-								 IS_SEQUENCE);
-	if (len) *len = safelen;
-	if (buf) *buf = safe;
-	return safe;
-}
-
-/* Extract an ASN1 object from an ASN1_STRING */
-
-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
-{
-	const unsigned char *p;
-	char *ret;
-
-	p = oct->data;
-	if(!(ret = d2i(NULL, &p, oct->length)))
-		ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
-	return ret;
-}
-
-/* Pack an ASN1 object into an ASN1_STRING */
-
-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
-{
-	unsigned char *p;
-	ASN1_STRING *octmp;
-
-	if (!oct || !*oct) {
-		if (!(octmp = ASN1_STRING_new ())) {
-			ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-			return NULL;
-		}
-		if (oct) *oct = octmp;
-	} else octmp = *oct;
-		
-	if (!(octmp->length = i2d(obj, NULL))) {
-		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
-		goto err;
-	}
-	if (!(p = OPENSSL_malloc (octmp->length))) {
-		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	octmp->data = p;
-	i2d (obj, &p);
-	return octmp;
-	err:
-	if (!oct || !*oct)
-		{
-		ASN1_STRING_free(octmp);
-		if (oct)
-			*oct = NULL;
-		}
-	return NULL;
-}
-
-#endif
-
-/* ASN1_ITEM versions of the above */
-
-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
-{
-	ASN1_STRING *octmp;
-
-	if (!oct || !*oct) {
-		if (!(octmp = ASN1_STRING_new ())) {
-			ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);
-			return NULL;
-		}
-		if (oct) *oct = octmp;
-	} else octmp = *oct;
-
-	if(octmp->data) {
-		OPENSSL_free(octmp->data);
-		octmp->data = NULL;
-	}
-		
-	if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
-		ASN1err(ASN1_F_ASN1_ITEM_PACK,ASN1_R_ENCODE_ERROR);
-		return NULL;
-	}
-	if (!octmp->data) {
-		ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	return octmp;
-}
-
-/* Extract an ASN1 object from an ASN1_STRING */
-
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
-{
-	const unsigned char *p;
-	void *ret;
-
-	p = oct->data;
-	if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
-		ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR);
-	return ret;
-}
diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c
deleted file mode 100644
index bca4eebf6d..0000000000
--- a/crypto/asn1/bio_asn1.c
+++ /dev/null
@@ -1,498 +0,0 @@
-/* bio_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Experimental ASN1 BIO. When written through the data is converted
- * to an ASN1 string type: default is OCTET STRING. Additional functions
- * can be provided to add prefix and suffix data.
- */
-
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-
-/* Must be large enough for biggest tag+length */
-#define DEFAULT_ASN1_BUF_SIZE 20
-
-typedef enum 
-	{
-	ASN1_STATE_START,
-	ASN1_STATE_PRE_COPY,
-	ASN1_STATE_HEADER,
-	ASN1_STATE_HEADER_COPY,
-	ASN1_STATE_DATA_COPY,
-	ASN1_STATE_POST_COPY,
-	ASN1_STATE_DONE
-	} asn1_bio_state_t;
-
-typedef struct BIO_ASN1_EX_FUNCS_st
-	{
-	asn1_ps_func	*ex_func;
-	asn1_ps_func	*ex_free_func;
-	} BIO_ASN1_EX_FUNCS;
-
-typedef struct BIO_ASN1_BUF_CTX_t
-	{
-	/* Internal state */
-	asn1_bio_state_t state;
-	/* Internal buffer */
-	unsigned char *buf;
-	/* Size of buffer */
-	int bufsize;
-	/* Current position in buffer */
-	int bufpos;
-	/* Current buffer length */
-	int buflen;
-	/* Amount of data to copy */
-	int copylen;
-	/* Class and tag to use */
-	int asn1_class, asn1_tag;
-	asn1_ps_func *prefix, *prefix_free, *suffix, *suffix_free;
-	/* Extra buffer for prefix and suffix data */
-	unsigned char *ex_buf;
-	int ex_len;
-	int ex_pos;
-	void *ex_arg;
-	} BIO_ASN1_BUF_CTX;
-
-
-static int asn1_bio_write(BIO *h, const char *buf,int num);
-static int asn1_bio_read(BIO *h, char *buf, int size);
-static int asn1_bio_puts(BIO *h, const char *str);
-static int asn1_bio_gets(BIO *h, char *str, int size);
-static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int asn1_bio_new(BIO *h);
-static int asn1_bio_free(BIO *data);
-static long asn1_bio_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-
-static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size);
-static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
-				asn1_ps_func *cleanup, asn1_bio_state_t next);
-static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
-				asn1_ps_func *setup, 
-				asn1_bio_state_t ex_state,
-				asn1_bio_state_t other_state);
-
-static BIO_METHOD methods_asn1=
-	{
-	BIO_TYPE_ASN1,
-	"asn1",
-	asn1_bio_write,
-	asn1_bio_read,
-	asn1_bio_puts,
-	asn1_bio_gets,
-	asn1_bio_ctrl,
-	asn1_bio_new,
-	asn1_bio_free,
-	asn1_bio_callback_ctrl,
-	};
-
-BIO_METHOD *BIO_f_asn1(void)
-	{
-	return(&methods_asn1);
-	}
-
-
-static int asn1_bio_new(BIO *b)
-	{
-	BIO_ASN1_BUF_CTX *ctx;
-	ctx = OPENSSL_malloc(sizeof(BIO_ASN1_BUF_CTX));
-	if (!ctx)
-		return 0;
-	if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE))
-		{
-		OPENSSL_free(ctx);
-		return 0;
-		}
-	b->init = 1;
-	b->ptr = (char *)ctx;
-	b->flags = 0;
-	return 1;
-	}
-
-static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
-	{
-	ctx->buf = OPENSSL_malloc(size);
-	if (!ctx->buf)
-		return 0;
-	ctx->bufsize = size;
-	ctx->bufpos = 0;
-	ctx->buflen = 0;
-	ctx->copylen = 0;
-	ctx->asn1_class = V_ASN1_UNIVERSAL;
-	ctx->asn1_tag = V_ASN1_OCTET_STRING;
-	ctx->ex_buf = 0;
-	ctx->ex_pos = 0;
-	ctx->ex_len = 0;
-	ctx->state = ASN1_STATE_START;
-	return 1;
-	}
-
-static int asn1_bio_free(BIO *b)
-	{
-	BIO_ASN1_BUF_CTX *ctx;
-	ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
-	if (ctx == NULL)
-		return 0;
-	if (ctx->buf)
-		OPENSSL_free(ctx->buf);
-	OPENSSL_free(ctx);
-	b->init = 0;
-	b->ptr = NULL;
-	b->flags = 0;
-	return 1;
-	}
-
-static int asn1_bio_write(BIO *b, const char *in , int inl)
-	{
-	BIO_ASN1_BUF_CTX *ctx;
-	int wrmax, wrlen, ret;
-	unsigned char *p;
-	if (!in || (inl < 0) || (b->next_bio == NULL))
-		return 0;
-	ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
-	if (ctx == NULL)
-		return 0;
-
-	wrlen = 0;
-	ret = -1;
-
-	for(;;)
-		{
-		switch (ctx->state)
-			{
-
-			/* Setup prefix data, call it */
-			case ASN1_STATE_START:
-			if (!asn1_bio_setup_ex(b, ctx, ctx->prefix,
-				ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER))
-				return 0;
-			break;
-
-			/* Copy any pre data first */
-			case ASN1_STATE_PRE_COPY:
-
-			ret = asn1_bio_flush_ex(b, ctx, ctx->prefix_free,
-							ASN1_STATE_HEADER);
-
-			if (ret <= 0)
-				goto done;
-
-			break;
-
-			case ASN1_STATE_HEADER:
-			ctx->buflen =
-				ASN1_object_size(0, inl, ctx->asn1_tag) - inl;
-			OPENSSL_assert(ctx->buflen <= ctx->bufsize);
-			p = ctx->buf;
-			ASN1_put_object(&p, 0, inl,
-					ctx->asn1_tag, ctx->asn1_class);
-			ctx->copylen = inl;
-			ctx->state = ASN1_STATE_HEADER_COPY;
-
-			break;
-
-			case ASN1_STATE_HEADER_COPY:	
-			ret = BIO_write(b->next_bio,
-					ctx->buf + ctx->bufpos, ctx->buflen);
-			if (ret <= 0)
-				goto done;
-
-			ctx->buflen -= ret;
-			if (ctx->buflen)
-				ctx->bufpos += ret;
-			else
-				{
-				ctx->bufpos = 0;
-				ctx->state = ASN1_STATE_DATA_COPY;
-				}
-
-			break;
-
-			case ASN1_STATE_DATA_COPY:
-
-			if (inl > ctx->copylen)
-				wrmax = ctx->copylen;
-			else
-				wrmax = inl;
-			ret = BIO_write(b->next_bio, in, wrmax);
-			if (ret <= 0)
-				break;
-			wrlen += ret;
-			ctx->copylen -= ret;
-			in += ret;
-			inl -= ret;
-
-			if (ctx->copylen == 0)
-				ctx->state = ASN1_STATE_HEADER;
-
-			if (inl == 0)
-				goto done;
-
-			break;
-
-			default:
-			BIO_clear_retry_flags(b);
-			return 0;
-
-			}
-
-		}
-
-	done:
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-
-	return (wrlen > 0) ? wrlen : ret;
-
-	}
-
-static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
-				asn1_ps_func *cleanup, asn1_bio_state_t next)
-	{
-	int ret;
-	if (ctx->ex_len <= 0)
-		return 1;
-	for(;;)
-		{
-		ret = BIO_write(b->next_bio, ctx->ex_buf + ctx->ex_pos,
-								ctx->ex_len);
-		if (ret <= 0)
-			break;
-		ctx->ex_len -= ret;
-		if (ctx->ex_len > 0)
-			ctx->ex_pos += ret;
-		else
-			{
-			if(cleanup)
-				cleanup(b, &ctx->ex_buf, &ctx->ex_len,
-								&ctx->ex_arg);
-			ctx->state = next;
-			ctx->ex_pos = 0;
-			break;
-			}
-		}
-	return ret;
-	}
-
-static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
-				asn1_ps_func *setup, 
-				asn1_bio_state_t ex_state,
-				asn1_bio_state_t other_state)
-	{
-	if (setup && !setup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg))
-		{
-		BIO_clear_retry_flags(b);
-		return 0;
-		}
-	if (ctx->ex_len > 0)
-		ctx->state = ex_state;
-	else
-		ctx->state = other_state;
-	return 1;
-	}
-
-static int asn1_bio_read(BIO *b, char *in , int inl)
-	{
-	if (!b->next_bio)
-		return 0;
-	return BIO_read(b->next_bio, in , inl);
-	}
-
-static int asn1_bio_puts(BIO *b, const char *str)
-	{
-	return asn1_bio_write(b, str, strlen(str));
-	}
-
-static int asn1_bio_gets(BIO *b, char *str, int size)
-	{
-	if (!b->next_bio)
-		return 0;
-	return BIO_gets(b->next_bio, str , size);
-	}
-
-static long asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	if (b->next_bio == NULL) return(0);
-	return BIO_callback_ctrl(b->next_bio,cmd,fp);
-	}
-
-static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
-	{
-	BIO_ASN1_BUF_CTX *ctx;
-	BIO_ASN1_EX_FUNCS *ex_func;
-	long ret = 1;
-	ctx = (BIO_ASN1_BUF_CTX *) b->ptr;
-	if (ctx == NULL)
-		return 0;
-	switch(cmd)
-		{
-
-		case BIO_C_SET_PREFIX:
-		ex_func = arg2;
-		ctx->prefix  = ex_func->ex_func;
-		ctx->prefix_free  = ex_func->ex_free_func;
-		break;
-
-		case BIO_C_GET_PREFIX:
-		ex_func = arg2;
-		ex_func->ex_func = ctx->prefix;
-		ex_func->ex_free_func = ctx->prefix_free;
-		break;
-
-		case BIO_C_SET_SUFFIX:
-		ex_func = arg2;
-		ctx->suffix  = ex_func->ex_func;
-		ctx->suffix_free  = ex_func->ex_free_func;
-		break;
-
-		case BIO_C_GET_SUFFIX:
-		ex_func = arg2;
-		ex_func->ex_func = ctx->suffix;
-		ex_func->ex_free_func = ctx->suffix_free;
-		break;
-
-		case BIO_C_SET_EX_ARG:
-		ctx->ex_arg = arg2;
-		break;
-
-		case BIO_C_GET_EX_ARG:
-		*(void **)arg2 = ctx->ex_arg;
-		break;
-
-		case BIO_CTRL_FLUSH:
-		if (!b->next_bio)
-			return 0;
-
-		/* Call post function if possible */
-		if (ctx->state == ASN1_STATE_HEADER)
-			{
-			if (!asn1_bio_setup_ex(b, ctx, ctx->suffix,
-				ASN1_STATE_POST_COPY, ASN1_STATE_DONE))
-				return 0;
-			}
-
-		if (ctx->state == ASN1_STATE_POST_COPY)
-			{
-			ret = asn1_bio_flush_ex(b, ctx, ctx->suffix_free,
-							ASN1_STATE_DONE);
-			if (ret <= 0)
-				return ret;
-			}
-
-		if (ctx->state == ASN1_STATE_DONE)
-			return BIO_ctrl(b->next_bio, cmd, arg1, arg2);
-		else
-			{
-			BIO_clear_retry_flags(b);
-			return 0;
-			}
-		break;
-
-
-		default:
-		if (!b->next_bio)
-			return 0;
-		return BIO_ctrl(b->next_bio, cmd, arg1, arg2);
-
-		}
-
-	return ret;
-	}
-
-static int asn1_bio_set_ex(BIO *b, int cmd,
-		asn1_ps_func *ex_func, asn1_ps_func *ex_free_func)
-	{
-	BIO_ASN1_EX_FUNCS extmp;
-	extmp.ex_func = ex_func;
-	extmp.ex_free_func = ex_free_func;
-	return BIO_ctrl(b, cmd, 0, &extmp);
-	}
-
-static int asn1_bio_get_ex(BIO *b, int cmd,
-		asn1_ps_func **ex_func, asn1_ps_func **ex_free_func)
-	{
-	BIO_ASN1_EX_FUNCS extmp;
-	int ret;
-	ret = BIO_ctrl(b, cmd, 0, &extmp);
-	if (ret > 0)
-		{
-		*ex_func = extmp.ex_func;
-		*ex_free_func = extmp.ex_free_func;
-		}
-	return ret;
-	}
-
-int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, asn1_ps_func *prefix_free)
-	{
-	return asn1_bio_set_ex(b, BIO_C_SET_PREFIX, prefix, prefix_free);
-	}
-
-int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, asn1_ps_func **pprefix_free)
-	{
-	return asn1_bio_get_ex(b, BIO_C_GET_PREFIX, pprefix, pprefix_free);
-	}
-
-int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, asn1_ps_func *suffix_free)
-	{
-	return asn1_bio_set_ex(b, BIO_C_SET_SUFFIX, suffix, suffix_free);
-	}
-
-int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, asn1_ps_func **psuffix_free)
-	{
-	return asn1_bio_get_ex(b, BIO_C_GET_SUFFIX, psuffix, psuffix_free);
-	}
diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c
deleted file mode 100644
index b91f97a1b1..0000000000
--- a/crypto/asn1/bio_ndef.c
+++ /dev/null
@@ -1,243 +0,0 @@
-/* bio_ndef.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-
-#include <stdio.h>
-
-/* Experimental NDEF ASN1 BIO support routines */
-
-/* The usage is quite simple, initialize an ASN1 structure,
- * get a BIO from it then any data written through the BIO
- * will end up translated to approptiate format on the fly.
- * The data is streamed out and does *not* need to be
- * all held in memory at once.
- *
- * When the BIO is flushed the output is finalized and any
- * signatures etc written out.
- *
- * The BIO is a 'proper' BIO and can handle non blocking I/O
- * correctly.
- *
- * The usage is simple. The implementation is *not*...
- */
-
-/* BIO support data stored in the ASN1 BIO ex_arg */
-
-typedef struct ndef_aux_st
-	{
-	/* ASN1 structure this BIO refers to */
-	ASN1_VALUE *val;
-	const ASN1_ITEM *it;
-	/* Top of the BIO chain */
-	BIO *ndef_bio;
-	/* Output BIO */
-	BIO *out;
-	/* Boundary where content is inserted */
-	unsigned char **boundary;
-	/* DER buffer start */
-	unsigned char *derbuf;
-	} NDEF_SUPPORT;
-
-static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
-static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);
-static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
-static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);
-
-BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
-	{
-	NDEF_SUPPORT *ndef_aux = NULL;
-	BIO *asn_bio = NULL;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_STREAM_ARG sarg;
-
-	if (!aux || !aux->asn1_cb)
-		{
-		ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
-		return NULL;
-		}
-	ndef_aux = OPENSSL_malloc(sizeof(NDEF_SUPPORT));
-	asn_bio = BIO_new(BIO_f_asn1());
-
-	/* ASN1 bio needs to be next to output BIO */
-
-	out = BIO_push(asn_bio, out);
-
-	if (!ndef_aux || !asn_bio || !out)
-		goto err;
-
-	BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
-	BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
-
-	/* Now let callback prepend any digest, cipher etc BIOs
-	 * ASN1 structure needs.
-	 */
-
-	sarg.out = out;
-	sarg.ndef_bio = NULL;
-	sarg.boundary = NULL;
-
-	if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
-		goto err;
-
-	ndef_aux->val = val;
-	ndef_aux->it = it;
-	ndef_aux->ndef_bio = sarg.ndef_bio;
-	ndef_aux->boundary = sarg.boundary;
-	ndef_aux->out = out;
-
-	BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
-
-	return sarg.ndef_bio;
-
-	err:
-	if (asn_bio)
-		BIO_free(asn_bio);
-	if (ndef_aux)
-		OPENSSL_free(ndef_aux);
-	return NULL;
-	}
-
-static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
-	{
-	NDEF_SUPPORT *ndef_aux;
-	unsigned char *p;
-	int derlen;
-
-	if (!parg)
-		return 0;
-
-	ndef_aux = *(NDEF_SUPPORT **)parg;
-
-	derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
-	p = OPENSSL_malloc(derlen);
-	ndef_aux->derbuf = p;
-	*pbuf = p;
-	derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
-
-	if (!*ndef_aux->boundary)
-		return 0;
-
-	*plen = *ndef_aux->boundary - *pbuf;
-
-	return 1;
-	}
-
-static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)
-	{
-	NDEF_SUPPORT *ndef_aux;
-
-	if (!parg)
-		return 0;
-
-	ndef_aux = *(NDEF_SUPPORT **)parg;
-
-	if (ndef_aux->derbuf)
-		OPENSSL_free(ndef_aux->derbuf);
-
-	ndef_aux->derbuf = NULL;
-	*pbuf = NULL;
-	*plen = 0;
-	return 1;
-	}
-
-static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)
-	{
-	NDEF_SUPPORT **pndef_aux = (NDEF_SUPPORT **)parg;
-	if (!ndef_prefix_free(b, pbuf, plen, parg))
-		return 0;
-	OPENSSL_free(*pndef_aux);
-	*pndef_aux = NULL;
-	return 1;
-	}
-
-static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
-	{
-	NDEF_SUPPORT *ndef_aux;
-	unsigned char *p;
-	int derlen;
-	const ASN1_AUX *aux;
-	ASN1_STREAM_ARG sarg;
-
-	if (!parg)
-		return 0;
-
-	ndef_aux = *(NDEF_SUPPORT **)parg;
-
-	aux = ndef_aux->it->funcs;
-
-	/* Finalize structures */
-	sarg.ndef_bio = ndef_aux->ndef_bio;
-	sarg.out = ndef_aux->out;
-	sarg.boundary = ndef_aux->boundary;
-	if (aux->asn1_cb(ASN1_OP_STREAM_POST,
-				&ndef_aux->val, ndef_aux->it, &sarg) <= 0)
-		return 0;
-
-	derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
-	p = OPENSSL_malloc(derlen);
-	ndef_aux->derbuf = p;
-	*pbuf = p;
-	derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
-
-	if (!*ndef_aux->boundary)
-		return 0;
-	*pbuf = *ndef_aux->boundary;
-	*plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf);
-
-	return 1;
-	}
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
deleted file mode 100644
index b55e638725..0000000000
--- a/crypto/asn1/charmap.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/* Auto generated with chartype.pl script.
- * Mask of various character properties
- */
-
-static const unsigned char char_type[] = {
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
-120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
-16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16,
- 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
-16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0,
- 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
-16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2
-};
-
diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
deleted file mode 100644
index 25ebf2c205..0000000000
--- a/crypto/asn1/charmap.pl
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/local/bin/perl -w
-
-# Written by Dr Stephen N Henson (steve@openssl.org).
-# Licensed under the terms of the OpenSSL license.
-
-use strict;
-
-my ($i, @arr);
-
-# Set up an array with the type of ASCII characters
-# Each set bit represents a character property.
-
-# RFC2253 character properties
-my $RFC2253_ESC = 1;	# Character escaped with \
-my $ESC_CTRL	= 2;	# Escaped control character
-# These are used with RFC1779 quoting using "
-my $NOESC_QUOTE	= 8;	# Not escaped if quoted
-my $PSTRING_CHAR = 0x10;	# Valid PrintableString character
-my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
-my $RFC2253_LAST_ESC = 0x40;  # Escaped with \ if last character
-
-for($i = 0; $i < 128; $i++) {
-	# Set the RFC2253 escape characters (control)
-	$arr[$i] = 0;
-	if(($i < 32) || ($i > 126)) {
-		$arr[$i] |= $ESC_CTRL;
-	}
-
-	# Some PrintableString characters
-	if(		   ( ( $i >= ord("a")) && ( $i <= ord("z")) )
-			|| (  ( $i >= ord("A")) && ( $i <= ord("Z")) )
-			|| (  ( $i >= ord("0")) && ( $i <= ord("9")) )  ) {
-		$arr[$i] |= $PSTRING_CHAR;
-	}
-}
-
-# Now setup the rest
-
-# Remaining RFC2253 escaped characters
-
-$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
-$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
-
-$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;
-$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;
-$arr[ord("\"")] |= $RFC2253_ESC;
-$arr[ord("\\")] |= $RFC2253_ESC;
-$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
-$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
-$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
-
-# Remaining PrintableString characters
-
-$arr[ord(" ")] |= $PSTRING_CHAR;
-$arr[ord("'")] |= $PSTRING_CHAR;
-$arr[ord("(")] |= $PSTRING_CHAR;
-$arr[ord(")")] |= $PSTRING_CHAR;
-$arr[ord("+")] |= $PSTRING_CHAR;
-$arr[ord(",")] |= $PSTRING_CHAR;
-$arr[ord("-")] |= $PSTRING_CHAR;
-$arr[ord(".")] |= $PSTRING_CHAR;
-$arr[ord("/")] |= $PSTRING_CHAR;
-$arr[ord(":")] |= $PSTRING_CHAR;
-$arr[ord("=")] |= $PSTRING_CHAR;
-$arr[ord("?")] |= $PSTRING_CHAR;
-
-# Now generate the C code
-
-print <<EOF;
-/* Auto generated with chartype.pl script.
- * Mask of various character properties
- */
-
-static unsigned char char_type[] = {
-EOF
-
-for($i = 0; $i < 128; $i++) {
-	print("\n") if($i && (($i % 16) == 0));
-	printf("%2d", $arr[$i]);
-	print(",") if ($i != 127);
-}
-print("\n};\n\n");
-
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
deleted file mode 100644
index 2828944777..0000000000
--- a/crypto/asn1/d2i_pr.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/* crypto/asn1/d2i_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include "asn1_locl.h"
-
-EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
-	     long length)
-	{
-	EVP_PKEY *ret;
-
-	if ((a == NULL) || (*a == NULL))
-		{
-		if ((ret=EVP_PKEY_new()) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB);
-			return(NULL);
-			}
-		}
-	else
-		{
-		ret= *a;
-#ifndef OPENSSL_NO_ENGINE
-		if (ret->engine)
-			{
-			ENGINE_finish(ret->engine);
-			ret->engine = NULL;
-			}
-#endif
-		}
-
-	if (!EVP_PKEY_set_type(ret, type))
-		{
-		ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
-		goto err;
-		}
-
-	if (!ret->ameth->old_priv_decode ||
-			!ret->ameth->old_priv_decode(ret, pp, length))
-		{
-		if (ret->ameth->priv_decode) 
-			{
-			PKCS8_PRIV_KEY_INFO *p8=NULL;
-			p8=d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length);
-			if (!p8) goto err;
-			EVP_PKEY_free(ret);
-			ret = EVP_PKCS82PKEY(p8);
-			PKCS8_PRIV_KEY_INFO_free(p8);
-
-			} 
-		else 
-			{
-			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
-			goto err;
-			}
-		}	
-	if (a != NULL) (*a)=ret;
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
-	return(NULL);
-	}
-
-/* This works like d2i_PrivateKey() except it automatically works out the type */
-
-EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
-	     long length)
-{
-	STACK_OF(ASN1_TYPE) *inkey;
-	const unsigned char *p;
-	int keytype;
-	p = *pp;
-	/* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
-	 * by analyzing it we can determine the passed structure: this
-	 * assumes the input is surrounded by an ASN1 SEQUENCE.
-	 */
-	inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
-	/* Since we only need to discern "traditional format" RSA and DSA
-	 * keys we can just count the elements.
-         */
-	if(sk_ASN1_TYPE_num(inkey) == 6) 
-		keytype = EVP_PKEY_DSA;
-	else if (sk_ASN1_TYPE_num(inkey) == 4)
-		keytype = EVP_PKEY_EC;
-	else if (sk_ASN1_TYPE_num(inkey) == 3)  
-		{ /* This seems to be PKCS8, not traditional format */
-			PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL,pp,length);
-			EVP_PKEY *ret;
-
-			sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
-			if (!p8) 
-				{
-				ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-				return NULL;
-				}
-			ret = EVP_PKCS82PKEY(p8);
-			PKCS8_PRIV_KEY_INFO_free(p8);
-			if (a) {
-				*a = ret;
-			}	
-			return ret;
-		}
-	else keytype = EVP_PKEY_RSA;
-	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
-	return d2i_PrivateKey(keytype, a, pp, length);
-}
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
deleted file mode 100644
index c8f39ceb03..0000000000
--- a/crypto/asn1/d2i_pu.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/* crypto/asn1/d2i_pu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-
-EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
-	     long length)
-	{
-	EVP_PKEY *ret;
-
-	if ((a == NULL) || (*a == NULL))
-		{
-		if ((ret=EVP_PKEY_new()) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
-			return(NULL);
-			}
-		}
-	else	ret= *a;
-
-	if (!EVP_PKEY_set_type(ret, type))
-		{
-		ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
-		goto err;
-		}
-
-	switch (EVP_PKEY_id(ret))
-		{
-#ifndef OPENSSL_NO_RSA
-	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
-			{
-			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
-			goto err;
-			}
-		break;
-#endif
-#ifndef OPENSSL_NO_DSA
-	case EVP_PKEY_DSA:
-		if (!d2i_DSAPublicKey(&(ret->pkey.dsa),
-			(const unsigned char **)pp,length)) /* TMP UGLY CAST */
-			{
-			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
-			goto err;
-			}
-		break;
-#endif
-#ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		if (!o2i_ECPublicKey(&(ret->pkey.ec),
-				     (const unsigned char **)pp, length))
-			{
-			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-	break;
-#endif
-	default:
-		ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
-		goto err;
-		/* break; */
-		}
-	if (a != NULL) (*a)=ret;
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
-	return(NULL);
-	}
-
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
deleted file mode 100644
index 1b9445973e..0000000000
--- a/crypto/asn1/evp_asn1.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/* crypto/asn1/evp_asn1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
-
-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
-	{
-	ASN1_STRING *os;
-
-	if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
-	if (!M_ASN1_OCTET_STRING_set(os,data,len))
-		{
-		M_ASN1_OCTET_STRING_free(os);
-		return 0;
-		}
-	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
-	return(1);
-	}
-
-/* int max_len:  for returned value    */
-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data,
-	     int max_len)
-	{
-	int ret,num;
-	unsigned char *p;
-
-	if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL))
-		{
-		ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
-		return(-1);
-		}
-	p=M_ASN1_STRING_data(a->value.octet_string);
-	ret=M_ASN1_STRING_length(a->value.octet_string);
-	if (ret < max_len)
-		num=ret;
-	else
-		num=max_len;
-	memcpy(data,p,num);
-	return(ret);
-	}
-
-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
-	     int len)
-	{
-	int n,size;
-	ASN1_OCTET_STRING os,*osp;
-	ASN1_INTEGER in;
-	unsigned char *p;
-	unsigned char buf[32]; /* when they have 256bit longs, 
-				* I'll be in trouble */
-	in.data=buf;
-	in.length=32;
-	os.data=data;
-	os.type=V_ASN1_OCTET_STRING;
-	os.length=len;
-	ASN1_INTEGER_set(&in,num);
-	n =  i2d_ASN1_INTEGER(&in,NULL);
-	n+=M_i2d_ASN1_OCTET_STRING(&os,NULL);
-
-	size=ASN1_object_size(1,n,V_ASN1_SEQUENCE);
-
-	if ((osp=ASN1_STRING_new()) == NULL) return(0);
-	/* Grow the 'string' */
-	if (!ASN1_STRING_set(osp,NULL,size))
-		{
-		ASN1_STRING_free(osp);
-		return(0);
-		}
-
-	M_ASN1_STRING_length_set(osp, size);
-	p=M_ASN1_STRING_data(osp);
-
-	ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	  i2d_ASN1_INTEGER(&in,&p);
-	M_i2d_ASN1_OCTET_STRING(&os,&p);
-
-	ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
-	return(1);
-	}
-
-/* we return the actual length..., num may be missing, in which
- * case, set it to zero */
-/* int max_len:  for returned value    */
-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
-	     int max_len)
-	{
-	int ret= -1,n;
-	ASN1_INTEGER *ai=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-	const unsigned char *p;
-	long length;
-	ASN1_const_CTX c;
-
-	if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL))
-		{
-		goto err;
-		}
-	p=M_ASN1_STRING_data(a->value.sequence);
-	length=M_ASN1_STRING_length(a->value.sequence);
-
-	c.pp= &p;
-	c.p=p;
-	c.max=p+length;
-	c.error=ASN1_R_DATA_IS_WRONG;
-
-	M_ASN1_D2I_start_sequence();
-	c.q=c.p;
-	if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err;
-        c.slen-=(c.p-c.q);
-	c.q=c.p;
-	if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err;
-        c.slen-=(c.p-c.q);
-	if (!M_ASN1_D2I_end_sequence()) goto err;
-
-	if (num != NULL)
-		*num=ASN1_INTEGER_get(ai);
-
-	ret=M_ASN1_STRING_length(os);
-	if (max_len > ret)
-		n=ret;
-	else
-		n=max_len;
-
-	if (data != NULL)
-		memcpy(data,M_ASN1_STRING_data(os),n);
-	if (0)
-		{
-err:
-		ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
-		}
-	if (os != NULL) M_ASN1_OCTET_STRING_free(os);
-	if (ai != NULL) M_ASN1_INTEGER_free(ai);
-	return(ret);
-	}
-
diff --git a/crypto/asn1/f_enum.c b/crypto/asn1/f_enum.c
deleted file mode 100644
index 56e3cc8df2..0000000000
--- a/crypto/asn1/f_enum.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/* crypto/asn1/f_enum.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-/* Based on a_int.c: equivalent ENUMERATED functions */
-
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
-	{
-	int i,n=0;
-	static const char *h="0123456789ABCDEF";
-	char buf[2];
-
-	if (a == NULL) return(0);
-
-	if (a->length == 0)
-		{
-		if (BIO_write(bp,"00",2) != 2) goto err;
-		n=2;
-		}
-	else
-		{
-		for (i=0; i<a->length; i++)
-			{
-			if ((i != 0) && (i%35 == 0))
-				{
-				if (BIO_write(bp,"\\\n",2) != 2) goto err;
-				n+=2;
-				}
-			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
-			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
-			if (BIO_write(bp,buf,2) != 2) goto err;
-			n+=2;
-			}
-		}
-	return(n);
-err:
-	return(-1);
-	}
-
-int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
-	{
-	int ret=0;
-	int i,j,k,m,n,again,bufsize;
-	unsigned char *s=NULL,*sp;
-	unsigned char *bufp;
-	int num=0,slen=0,first=1;
-
-	bs->type=V_ASN1_ENUMERATED;
-
-	bufsize=BIO_gets(bp,buf,size);
-	for (;;)
-		{
-		if (bufsize < 1) goto err_sl;
-		i=bufsize;
-		if (buf[i-1] == '\n') buf[--i]='\0';
-		if (i == 0) goto err_sl;
-		if (buf[i-1] == '\r') buf[--i]='\0';
-		if (i == 0) goto err_sl;
-		again=(buf[i-1] == '\\');
-
-		for (j=0; j<i; j++)
-			{
-			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
-				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-				((buf[j] >= 'A') && (buf[j] <= 'F'))))
-				{
-				i=j;
-				break;
-				}
-			}
-		buf[i]='\0';
-		/* We have now cleared all the crap off the end of the
-		 * line */
-		if (i < 2) goto err_sl;
-
-		bufp=(unsigned char *)buf;
-		if (first)
-			{
-			first=0;
-			if ((bufp[0] == '0') && (buf[1] == '0'))
-				{
-				bufp+=2;
-				i-=2;
-				}
-			}
-		k=0;
-		i-=again;
-		if (i%2 != 0)
-			{
-			ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS);
-			goto err;
-			}
-		i/=2;
-		if (num+i > slen)
-			{
-			if (s == NULL)
-				sp=(unsigned char *)OPENSSL_malloc(
-					(unsigned int)num+i*2);
-			else
-				sp=(unsigned char *)OPENSSL_realloc(s,
-					(unsigned int)num+i*2);
-			if (sp == NULL)
-				{
-				ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
-				if (s != NULL) OPENSSL_free(s);
-				goto err;
-				}
-			s=sp;
-			slen=num+i*2;
-			}
-		for (j=0; j<i; j++,k+=2)
-			{
-			for (n=0; n<2; n++)
-				{
-				m=bufp[k+n];
-				if ((m >= '0') && (m <= '9'))
-					m-='0';
-				else if ((m >= 'a') && (m <= 'f'))
-					m=m-'a'+10;
-				else if ((m >= 'A') && (m <= 'F'))
-					m=m-'A'+10;
-				else
-					{
-					ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS);
-					goto err;
-					}
-				s[num+j]<<=4;
-				s[num+j]|=m;
-				}
-			}
-		num+=i;
-		if (again)
-			bufsize=BIO_gets(bp,buf,size);
-		else
-			break;
-		}
-	bs->length=num;
-	bs->data=s;
-	ret=1;
-err:
-	if (0)
-		{
-err_sl:
-		ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE);
-		}
-	return(ret);
-	}
-
diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c
deleted file mode 100644
index 9494e597ab..0000000000
--- a/crypto/asn1/f_int.c
+++ /dev/null
@@ -1,219 +0,0 @@
-/* crypto/asn1/f_int.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
-	{
-	int i,n=0;
-	static const char *h="0123456789ABCDEF";
-	char buf[2];
-
-	if (a == NULL) return(0);
-
-	if (a->type & V_ASN1_NEG)
-		{
-		if (BIO_write(bp, "-", 1) != 1) goto err;
-		n = 1;
-		}
-
-	if (a->length == 0)
-		{
-		if (BIO_write(bp,"00",2) != 2) goto err;
-		n += 2;
-		}
-	else
-		{
-		for (i=0; i<a->length; i++)
-			{
-			if ((i != 0) && (i%35 == 0))
-				{
-				if (BIO_write(bp,"\\\n",2) != 2) goto err;
-				n+=2;
-				}
-			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
-			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
-			if (BIO_write(bp,buf,2) != 2) goto err;
-			n+=2;
-			}
-		}
-	return(n);
-err:
-	return(-1);
-	}
-
-int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
-	{
-	int ret=0;
-	int i,j,k,m,n,again,bufsize;
-	unsigned char *s=NULL,*sp;
-	unsigned char *bufp;
-	int num=0,slen=0,first=1;
-
-	bs->type=V_ASN1_INTEGER;
-
-	bufsize=BIO_gets(bp,buf,size);
-	for (;;)
-		{
-		if (bufsize < 1) goto err_sl;
-		i=bufsize;
-		if (buf[i-1] == '\n') buf[--i]='\0';
-		if (i == 0) goto err_sl;
-		if (buf[i-1] == '\r') buf[--i]='\0';
-		if (i == 0) goto err_sl;
-		again=(buf[i-1] == '\\');
-
-		for (j=0; j<i; j++)
-			{
-#ifndef CHARSET_EBCDIC
-			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
-				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-				((buf[j] >= 'A') && (buf[j] <= 'F'))))
-#else
-			/* This #ifdef is not strictly necessary, since
-			 * the characters A...F a...f 0...9 are contiguous
-			 * (yes, even in EBCDIC - but not the whole alphabet).
-			 * Nevertheless, isxdigit() is faster.
-			 */
-			if (!isxdigit(buf[j]))
-#endif
-				{
-				i=j;
-				break;
-				}
-			}
-		buf[i]='\0';
-		/* We have now cleared all the crap off the end of the
-		 * line */
-		if (i < 2) goto err_sl;
-
-		bufp=(unsigned char *)buf;
-		if (first)
-			{
-			first=0;
-			if ((bufp[0] == '0') && (buf[1] == '0'))
-				{
-				bufp+=2;
-				i-=2;
-				}
-			}
-		k=0;
-		i-=again;
-		if (i%2 != 0)
-			{
-			ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS);
-			goto err;
-			}
-		i/=2;
-		if (num+i > slen)
-			{
-			if (s == NULL)
-				sp=(unsigned char *)OPENSSL_malloc(
-					(unsigned int)num+i*2);
-			else
-				sp=OPENSSL_realloc_clean(s,slen,num+i*2);
-			if (sp == NULL)
-				{
-				ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-				if (s != NULL) OPENSSL_free(s);
-				goto err;
-				}
-			s=sp;
-			slen=num+i*2;
-			}
-		for (j=0; j<i; j++,k+=2)
-			{
-			for (n=0; n<2; n++)
-				{
-				m=bufp[k+n];
-				if ((m >= '0') && (m <= '9'))
-					m-='0';
-				else if ((m >= 'a') && (m <= 'f'))
-					m=m-'a'+10;
-				else if ((m >= 'A') && (m <= 'F'))
-					m=m-'A'+10;
-				else
-					{
-					ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS);
-					goto err;
-					}
-				s[num+j]<<=4;
-				s[num+j]|=m;
-				}
-			}
-		num+=i;
-		if (again)
-			bufsize=BIO_gets(bp,buf,size);
-		else
-			break;
-		}
-	bs->length=num;
-	bs->data=s;
-	ret=1;
-err:
-	if (0)
-		{
-err_sl:
-		ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE);
-		}
-	return(ret);
-	}
-
diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c
deleted file mode 100644
index 968698a798..0000000000
--- a/crypto/asn1/f_string.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/* crypto/asn1/f_string.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
-	{
-	int i,n=0;
-	static const char *h="0123456789ABCDEF";
-	char buf[2];
-
-	if (a == NULL) return(0);
-
-	if (a->length == 0)
-		{
-		if (BIO_write(bp,"0",1) != 1) goto err;
-		n=1;
-		}
-	else
-		{
-		for (i=0; i<a->length; i++)
-			{
-			if ((i != 0) && (i%35 == 0))
-				{
-				if (BIO_write(bp,"\\\n",2) != 2) goto err;
-				n+=2;
-				}
-			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
-			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
-			if (BIO_write(bp,buf,2) != 2) goto err;
-			n+=2;
-			}
-		}
-	return(n);
-err:
-	return(-1);
-	}
-
-int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
-	{
-	int ret=0;
-	int i,j,k,m,n,again,bufsize;
-	unsigned char *s=NULL,*sp;
-	unsigned char *bufp;
-	int num=0,slen=0,first=1;
-
-	bufsize=BIO_gets(bp,buf,size);
-	for (;;)
-		{
-		if (bufsize < 1)
-			{
-			if (first)
-				break;
-			else
-				goto err_sl;
-			}
-		first=0;
-
-		i=bufsize;
-		if (buf[i-1] == '\n') buf[--i]='\0';
-		if (i == 0) goto err_sl;
-		if (buf[i-1] == '\r') buf[--i]='\0';
-		if (i == 0) goto err_sl;
-		again=(buf[i-1] == '\\');
-
-		for (j=i-1; j>0; j--)
-			{
-#ifndef CHARSET_EBCDIC
-			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
-				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-				((buf[j] >= 'A') && (buf[j] <= 'F'))))
-#else
-			/* This #ifdef is not strictly necessary, since
-			 * the characters A...F a...f 0...9 are contiguous
-			 * (yes, even in EBCDIC - but not the whole alphabet).
-			 * Nevertheless, isxdigit() is faster.
-			 */
-			if (!isxdigit(buf[j]))
-#endif
-				{
-				i=j;
-				break;
-				}
-			}
-		buf[i]='\0';
-		/* We have now cleared all the crap off the end of the
-		 * line */
-		if (i < 2) goto err_sl;
-
-		bufp=(unsigned char *)buf;
-
-		k=0;
-		i-=again;
-		if (i%2 != 0)
-			{
-			ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS);
-			goto err;
-			}
-		i/=2;
-		if (num+i > slen)
-			{
-			if (s == NULL)
-				sp=(unsigned char *)OPENSSL_malloc(
-					(unsigned int)num+i*2);
-			else
-				sp=(unsigned char *)OPENSSL_realloc(s,
-					(unsigned int)num+i*2);
-			if (sp == NULL)
-				{
-				ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
-				if (s != NULL) OPENSSL_free(s);
-				goto err;
-				}
-			s=sp;
-			slen=num+i*2;
-			}
-		for (j=0; j<i; j++,k+=2)
-			{
-			for (n=0; n<2; n++)
-				{
-				m=bufp[k+n];
-				if ((m >= '0') && (m <= '9'))
-					m-='0';
-				else if ((m >= 'a') && (m <= 'f'))
-					m=m-'a'+10;
-				else if ((m >= 'A') && (m <= 'F'))
-					m=m-'A'+10;
-				else
-					{
-					ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS);
-					goto err;
-					}
-				s[num+j]<<=4;
-				s[num+j]|=m;
-				}
-			}
-		num+=i;
-		if (again)
-			bufsize=BIO_gets(bp,buf,size);
-		else
-			break;
-		}
-	bs->length=num;
-	bs->data=s;
-	ret=1;
-err:
-	if (0)
-		{
-err_sl:
-		ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE);
-		}
-	return(ret);
-	}
-
diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c
deleted file mode 100644
index e398b62666..0000000000
--- a/crypto/asn1/i2d_pr.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* crypto/asn1/i2d_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include "asn1_locl.h"
-
-int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
-	{
-	if (a->ameth && a->ameth->old_priv_encode)
-		{
-		return a->ameth->old_priv_encode(a, pp);
-		}
-	if (a->ameth && a->ameth->priv_encode) {
-		PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
-		int ret = i2d_PKCS8_PRIV_KEY_INFO(p8,pp);
-		PKCS8_PRIV_KEY_INFO_free(p8);
-		return ret;
-	}	
-	ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-	return(-1);
-	}
-
diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c
deleted file mode 100644
index 34286dbd35..0000000000
--- a/crypto/asn1/i2d_pu.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/* crypto/asn1/i2d_pu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-
-int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
-	{
-	switch (a->type)
-		{
-#ifndef OPENSSL_NO_RSA
-	case EVP_PKEY_RSA:
-		return(i2d_RSAPublicKey(a->pkey.rsa,pp));
-#endif
-#ifndef OPENSSL_NO_DSA
-	case EVP_PKEY_DSA:
-		return(i2d_DSAPublicKey(a->pkey.dsa,pp));
-#endif
-#ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		return(i2o_ECPublicKey(a->pkey.ec, pp));
-#endif
-	default:
-		ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-		return(-1);
-		}
-	}
-
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
deleted file mode 100644
index e251739933..0000000000
--- a/crypto/asn1/n_pkey.c
+++ /dev/null
@@ -1,353 +0,0 @@
-/* crypto/asn1/n_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#include <openssl/objects.h>
-#include <openssl/asn1t.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-
-#ifndef OPENSSL_NO_RC4
-
-typedef struct netscape_pkey_st
-	{
-	long version;
-	X509_ALGOR *algor;
-	ASN1_OCTET_STRING *private_key;
-	} NETSCAPE_PKEY;
-
-typedef struct netscape_encrypted_pkey_st
-	{
-	ASN1_OCTET_STRING *os;
-	/* This is the same structure as DigestInfo so use it:
-	 * although this isn't really anything to do with
-	 * digests.
-	 */
-	X509_SIG *enckey;
-	} NETSCAPE_ENCRYPTED_PKEY;
-
-
-ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
-	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
-} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
-
-DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
-IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
-
-ASN1_SEQUENCE(NETSCAPE_PKEY) = {
-	ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
-	ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
-	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
-
-DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
-IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
-
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-			  int (*cb)(char *buf, int len, const char *prompt,
-				    int verify),
-			  int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-		     int (*cb)(char *buf, int len, const char *prompt,
-			       int verify))
-{
-	return i2d_RSA_NET(a, pp, cb, 0);
-}
-
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
-		int (*cb)(char *buf, int len, const char *prompt, int verify),
-		int sgckey)
-	{
-	int i, j, ret = 0;
-	int rsalen, pkeylen, olen;
-	NETSCAPE_PKEY *pkey = NULL;
-	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-	unsigned char buf[256],*zz;
-	unsigned char key[EVP_MAX_KEY_LENGTH];
-	EVP_CIPHER_CTX ctx;
-	EVP_CIPHER_CTX_init(&ctx);
-
-	if (a == NULL) return(0);
-
-	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
-	if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
-	pkey->version = 0;
-
-	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
-	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
-	pkey->algor->parameter->type=V_ASN1_NULL;
-
-	rsalen = i2d_RSAPrivateKey(a, NULL);
-
-	/* Fake some octet strings just for the initial length
-	 * calculation.
- 	 */
-
-	pkey->private_key->length=rsalen;
-
-	pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
-
-	enckey->enckey->digest->length = pkeylen;
-
-	enckey->os->length = 11;	/* "private-key" */
-
-	enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
-	if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
-	enckey->enckey->algor->parameter->type=V_ASN1_NULL;
-
-	if (pp == NULL)
-		{
-		olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
-		NETSCAPE_PKEY_free(pkey);
-		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-		return olen;
-		}
-
-
-	/* Since its RC4 encrypted length is actual length */
-	if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
-		{
-		ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	pkey->private_key->data = zz;
-	/* Write out private key encoding */
-	i2d_RSAPrivateKey(a,&zz);
-
-	if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
-		{
-		ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
-		{
-		ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	enckey->enckey->digest->data = zz;
-	i2d_NETSCAPE_PKEY(pkey,&zz);
-
-	/* Wipe the private key encoding */
-	OPENSSL_cleanse(pkey->private_key->data, rsalen);
-		
-	if (cb == NULL)
-		cb=EVP_read_pw_string;
-	i=cb((char *)buf,256,"Enter Private Key password:",1);
-	if (i != 0)
-		{
-		ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);
-		goto err;
-		}
-	i = strlen((char *)buf);
-	/* If the key is used for SGC the algorithm is modified a little. */
-	if(sgckey) {
-		if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
-			goto err;
-		memcpy(buf + 16, "SGCKEYSALT", 10);
-		i = 26;
-	}
-
-	if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
-		goto err;
-	OPENSSL_cleanse(buf,256);
-
-	/* Encrypt private key in place */
-	zz = enckey->enckey->digest->data;
-	if (!EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL))
-		goto err;
-	if (!EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen))
-		goto err;
-	if (!EVP_EncryptFinal_ex(&ctx,zz + i,&j))
-		goto err;
-
-	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
-err:
-	EVP_CIPHER_CTX_cleanup(&ctx);
-	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-	NETSCAPE_PKEY_free(pkey);
-	return(ret);
-	}
-
-
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-		      int (*cb)(char *buf, int len, const char *prompt,
-				int verify))
-{
-	return d2i_RSA_NET(a, pp, length, cb, 0);
-}
-
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-		 int (*cb)(char *buf, int len, const char *prompt, int verify),
-		 int sgckey)
-	{
-	RSA *ret=NULL;
-	const unsigned char *p;
-	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-
-	p = *pp;
-
-	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
-	if(!enckey) {
-		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);
-		return NULL;
-	}
-
-	if ((enckey->os->length != 11) || (strncmp("private-key",
-		(char *)enckey->os->data,11) != 0))
-		{
-		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
-		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-		return NULL;
-		}
-	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
-		{
-		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-		goto err;
-	}
-	if (cb == NULL)
-		cb=EVP_read_pw_string;
-	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
-
-	*pp = p;
-
-	err:
-	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-	return ret;
-
-	}
-
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-			  int (*cb)(char *buf, int len, const char *prompt,
-				    int verify), int sgckey)
-	{
-	NETSCAPE_PKEY *pkey=NULL;
-	RSA *ret=NULL;
-	int i,j;
-	unsigned char buf[256];
-	const unsigned char *zz;
-	unsigned char key[EVP_MAX_KEY_LENGTH];
-	EVP_CIPHER_CTX ctx;
-	EVP_CIPHER_CTX_init(&ctx);
-
-	i=cb((char *)buf,256,"Enter Private Key password:",0);
-	if (i != 0)
-		{
-		ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);
-		goto err;
-		}
-
-	i = strlen((char *)buf);
-	if(sgckey){
-		if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
-			goto err;
-		memcpy(buf + 16, "SGCKEYSALT", 10);
-		i = 26;
-	}
-		
-	if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
-		goto err;
-	OPENSSL_cleanse(buf,256);
-
-	if (!EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL))
-		goto err;
-	if (!EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length))
-		goto err;
-	if (!EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j))
-		goto err;
-	os->length=i+j;
-
-	zz=os->data;
-
-	if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
-		{
-		ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
-		goto err;
-		}
-		
-	zz=pkey->private_key->data;
-	if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
-		{
-		ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
-		goto err;
-		}
-err:
-	EVP_CIPHER_CTX_cleanup(&ctx);
-	NETSCAPE_PKEY_free(pkey);
-	return(ret);
-	}
-
-#endif /* OPENSSL_NO_RC4 */
-
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/asn1/nsseq.c b/crypto/asn1/nsseq.c
deleted file mode 100644
index b8c4202230..0000000000
--- a/crypto/asn1/nsseq.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/* nsseq.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-
-static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
-{
-	if(operation == ASN1_OP_NEW_POST) {
-		NETSCAPE_CERT_SEQUENCE *nsseq;
-		nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
-		nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
-	}
-	return 1;
-}
-
-/* Netscape certificate sequence structure */
-
-ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
-	ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
-	ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
-} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
deleted file mode 100644
index 94bc38b99f..0000000000
--- a/crypto/asn1/p5_pbe.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/* p5_pbe.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-
-/* PKCS#5 password based encryption structure */
-
-ASN1_SEQUENCE(PBEPARAM) = {
-	ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(PBEPARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
-
-
-/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
-
-int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
-				const unsigned char *salt, int saltlen)
-	{
-	PBEPARAM *pbe=NULL;
-	ASN1_STRING *pbe_str=NULL;
-	unsigned char *sstr;
-
-	pbe = PBEPARAM_new();
-	if (!pbe)
-		{
-		ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if(iter <= 0)
-		iter = PKCS5_DEFAULT_ITER;
-	if (!ASN1_INTEGER_set(pbe->iter, iter))
-		{
-		ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if (!saltlen)
-		saltlen = PKCS5_SALT_LEN;
-	if (!ASN1_STRING_set(pbe->salt, NULL, saltlen))
-		{
-		ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	sstr = ASN1_STRING_data(pbe->salt);
-	if (salt)
-		memcpy(sstr, salt, saltlen);
-	else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
-		goto err;
-
-	if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str))
-		{
-		ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	PBEPARAM_free(pbe);
-	pbe = NULL;
-
-	if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
-		return 1;
-
-err:
-	if (pbe != NULL)
-		PBEPARAM_free(pbe);
-	if (pbe_str != NULL)
-		ASN1_STRING_free(pbe_str);
-	return 0;
-	}
-
-/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
-
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
-				const unsigned char *salt, int saltlen)
-	{
-	X509_ALGOR *ret;
-	ret = X509_ALGOR_new();
-	if (!ret)
-		{
-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) 
-		return ret;
-
-	X509_ALGOR_free(ret);
-	return NULL;
-	}
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
deleted file mode 100644
index 4ea683036b..0000000000
--- a/crypto/asn1/p5_pbev2.c
+++ /dev/null
@@ -1,280 +0,0 @@
-/* p5_pbev2.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999-2004.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-
-/* PKCS#5 v2.0 password based encryption structures */
-
-ASN1_SEQUENCE(PBE2PARAM) = {
-	ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
-	ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
-} ASN1_SEQUENCE_END(PBE2PARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
-
-ASN1_SEQUENCE(PBKDF2PARAM) = {
-	ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
-	ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
-	ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
-	ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
-} ASN1_SEQUENCE_END(PBKDF2PARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
-
-/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
- * yes I know this is horrible!
- *
- * Extended version to allow application supplied PRF NID and IV.
- */
-
-X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
-				 unsigned char *salt, int saltlen,
-				 unsigned char *aiv, int prf_nid)
-{
-	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
-	int alg_nid, keylen;
-	EVP_CIPHER_CTX ctx;
-	unsigned char iv[EVP_MAX_IV_LENGTH];
-	PBE2PARAM *pbe2 = NULL;
-	ASN1_OBJECT *obj;
-
-	alg_nid = EVP_CIPHER_type(cipher);
-	if(alg_nid == NID_undef) {
-		ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
-				ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
-		goto err;
-	}
-	obj = OBJ_nid2obj(alg_nid);
-
-	if(!(pbe2 = PBE2PARAM_new())) goto merr;
-
-	/* Setup the AlgorithmIdentifier for the encryption scheme */
-	scheme = pbe2->encryption;
-
-	scheme->algorithm = obj;
-	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
-
-	/* Create random IV */
-	if (EVP_CIPHER_iv_length(cipher))
-		{
-		if (aiv)
-			memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
-		else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
-  			goto err;
-		}
-
-	EVP_CIPHER_CTX_init(&ctx);
-
-	/* Dummy cipherinit to just setup the IV, and PRF */
-	if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
-		goto err;
-	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
-		ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
-					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
-		EVP_CIPHER_CTX_cleanup(&ctx);
-		goto err;
-	}
-	/* If prf NID unspecified see if cipher has a preference.
-	 * An error is OK here: just means use default PRF.
-	 */
-	if ((prf_nid == -1) && 
-	EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0)
-		{
-		ERR_clear_error();
-		prf_nid = NID_hmacWithSHA1;
-		}
-	EVP_CIPHER_CTX_cleanup(&ctx);
-
-	/* If its RC2 then we'd better setup the key length */
-
-	if(alg_nid == NID_rc2_cbc)
-		keylen = EVP_CIPHER_key_length(cipher);
-	else
-		keylen = -1;
-
-	/* Setup keyfunc */
-
-	X509_ALGOR_free(pbe2->keyfunc);
-
-	pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
-
-	if (!pbe2->keyfunc)
-		goto merr;
-
-	/* Now set up top level AlgorithmIdentifier */
-
-	if(!(ret = X509_ALGOR_new())) goto merr;
-	if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
-
-	ret->algorithm = OBJ_nid2obj(NID_pbes2);
-
-	/* Encode PBE2PARAM into parameter */
-
-	if(!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
-				 &ret->parameter->value.sequence)) goto merr;
-	ret->parameter->type = V_ASN1_SEQUENCE;
-
-	PBE2PARAM_free(pbe2);
-	pbe2 = NULL;
-
-	return ret;
-
-	merr:
-	ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,ERR_R_MALLOC_FAILURE);
-
-	err:
-	PBE2PARAM_free(pbe2);
-	/* Note 'scheme' is freed as part of pbe2 */
-	X509_ALGOR_free(kalg);
-	X509_ALGOR_free(ret);
-
-	return NULL;
-
-}
-
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-				 unsigned char *salt, int saltlen)
-	{
-	return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
-	}
-
-X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
-				int prf_nid, int keylen)
-	{
-	X509_ALGOR *keyfunc = NULL;
-	PBKDF2PARAM *kdf = NULL;
-	ASN1_OCTET_STRING *osalt = NULL;
-
-	if(!(kdf = PBKDF2PARAM_new()))
-		goto merr;
-	if(!(osalt = M_ASN1_OCTET_STRING_new()))
-		goto merr;
-
-	kdf->salt->value.octet_string = osalt;
-	kdf->salt->type = V_ASN1_OCTET_STRING;
-
-	if (!saltlen)
-		saltlen = PKCS5_SALT_LEN;
-	if (!(osalt->data = OPENSSL_malloc (saltlen)))
-		goto merr;
-
-	osalt->length = saltlen;
-
-	if (salt)
-		memcpy (osalt->data, salt, saltlen);
-	else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0)
-		goto merr;
-
-	if(iter <= 0)
-		iter = PKCS5_DEFAULT_ITER;
-
-	if(!ASN1_INTEGER_set(kdf->iter, iter))
-		goto merr;
-
-	/* If have a key len set it up */
-
-	if(keylen > 0) 
-		{
-		if(!(kdf->keylength = M_ASN1_INTEGER_new()))
-			goto merr;
-		if(!ASN1_INTEGER_set (kdf->keylength, keylen))
-			goto merr;
-		}
-
-	/* prf can stay NULL if we are using hmacWithSHA1 */
-	if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1)
-		{
-		kdf->prf = X509_ALGOR_new();
-		if (!kdf->prf)
-			goto merr;
-		X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
-					V_ASN1_NULL, NULL);
-		}
-
-	/* Finally setup the keyfunc structure */
-
-	keyfunc = X509_ALGOR_new();
-	if (!keyfunc)
-		goto merr;
-
-	keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
-
-	/* Encode PBKDF2PARAM into parameter of pbe2 */
-
-	if(!(keyfunc->parameter = ASN1_TYPE_new()))
-		goto merr;
-
-	if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
-			 &keyfunc->parameter->value.sequence))
-		goto merr;
-	keyfunc->parameter->type = V_ASN1_SEQUENCE;
-
-	PBKDF2PARAM_free(kdf);
-	return keyfunc;
-
-	merr:
-	ASN1err(ASN1_F_PKCS5_PBKDF2_SET,ERR_R_MALLOC_FAILURE);
-	PBKDF2PARAM_free(kdf);
-	X509_ALGOR_free(keyfunc);
-	return NULL;
-	}
-
diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c
deleted file mode 100644
index 17b68d386d..0000000000
--- a/crypto/asn1/p8_pkey.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/* p8_pkey.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* Minor tweak to operation: zero private key data */
-static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
-{
-	/* Since the structure must still be valid use ASN1_OP_FREE_PRE */
-	if(operation == ASN1_OP_FREE_PRE) {
-		PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
-		if (key->pkey->value.octet_string)
-		OPENSSL_cleanse(key->pkey->value.octet_string->data,
-			key->pkey->value.octet_string->length);
-	}
-	return 1;
-}
-
-ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
-	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
-	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
-	ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
-} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
-
-int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
-					int version,
-					int ptype, void *pval,
-					unsigned char *penc, int penclen)
-	{
-	unsigned char **ppenc = NULL;
-	if (version >= 0)
-		{
-		if (!ASN1_INTEGER_set(priv->version, version))
-			return 0;
-		}
-	if (penc)
-		{
-		int pmtype;
-		ASN1_OCTET_STRING *oct;
-		oct = ASN1_OCTET_STRING_new();
-		if (!oct)
-			return 0;
-		oct->data = penc;
-		ppenc = &oct->data;
-		oct->length = penclen;
-		if (priv->broken == PKCS8_NO_OCTET)
-			pmtype = V_ASN1_SEQUENCE;
-		else
-			pmtype = V_ASN1_OCTET_STRING;
-		ASN1_TYPE_set(priv->pkey, pmtype, oct);
-		}
-	if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))
-		{
-		/* If call fails do not swallow 'enc' */
-		if (ppenc)
-			*ppenc = NULL;
-		return 0;
-		}
-	return 1;
-	}
-
-int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
-		const unsigned char **pk, int *ppklen,
-		X509_ALGOR **pa,
-		PKCS8_PRIV_KEY_INFO *p8)
-	{
-	if (ppkalg)
-		*ppkalg = p8->pkeyalg->algorithm;
-	if(p8->pkey->type == V_ASN1_OCTET_STRING)
-		{
-		p8->broken = PKCS8_OK;
-		if (pk)
-			{
-			*pk = p8->pkey->value.octet_string->data;
-			*ppklen = p8->pkey->value.octet_string->length;
-			}
-		}
-	else if (p8->pkey->type == V_ASN1_SEQUENCE)
-		{
-		p8->broken = PKCS8_NO_OCTET;
-		if (pk)
-			{
-			*pk = p8->pkey->value.sequence->data;
-			*ppklen = p8->pkey->value.sequence->length;
-			}
-		}
-	else
-		return 0;
-	if (pa)
-		*pa = p8->pkeyalg;
-	return 1;
-	}
-
diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c
deleted file mode 100644
index 2e59a25fa1..0000000000
--- a/crypto/asn1/t_bitst.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* t_bitst.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
-				BIT_STRING_BITNAME *tbl, int indent)
-{
-	BIT_STRING_BITNAME *bnam;
-	char first = 1;
-	BIO_printf(out, "%*s", indent, "");
-	for(bnam = tbl; bnam->lname; bnam++) {
-		if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
-			if(!first) BIO_puts(out, ", ");
-			BIO_puts(out, bnam->lname);
-			first = 0;
-		}
-	}
-	BIO_puts(out, "\n");
-	return 1;
-}
-
-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
-				BIT_STRING_BITNAME *tbl)
-{
-	int bitnum;
-	bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
-	if(bitnum < 0) return 0;
-	if(bs) {
-		if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
-			return 0;
-	}
-	return 1;
-}
-
-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)
-{
-	BIT_STRING_BITNAME *bnam;
-	for(bnam = tbl; bnam->lname; bnam++) {
-		if(!strcmp(bnam->sname, name) ||
-			!strcmp(bnam->lname, name) ) return bnam->bitnum;
-	}
-	return -1;
-}
diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c
deleted file mode 100644
index c61169208a..0000000000
--- a/crypto/asn1/t_crl.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/* t_crl.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_NO_FP_API
-int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		X509err(X509_F_X509_CRL_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_CRL_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int X509_CRL_print(BIO *out, X509_CRL *x)
-{
-	STACK_OF(X509_REVOKED) *rev;
-	X509_REVOKED *r;
-	long l;
-	int i;
-	char *p;
-
-	BIO_printf(out, "Certificate Revocation List (CRL):\n");
-	l = X509_CRL_get_version(x);
-	BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
-	i = OBJ_obj2nid(x->sig_alg->algorithm);
-	X509_signature_print(out, x->sig_alg, NULL);
-	p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
-	BIO_printf(out,"%8sIssuer: %s\n","",p);
-	OPENSSL_free(p);
-	BIO_printf(out,"%8sLast Update: ","");
-	ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
-	BIO_printf(out,"\n%8sNext Update: ","");
-	if (X509_CRL_get_nextUpdate(x))
-		 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
-	else BIO_printf(out,"NONE");
-	BIO_printf(out,"\n");
-
-	X509V3_extensions_print(out, "CRL extensions",
-						x->crl->extensions, 0, 8);
-
-	rev = X509_CRL_get_REVOKED(x);
-
-	if(sk_X509_REVOKED_num(rev) > 0)
-	    BIO_printf(out, "Revoked Certificates:\n");
-	else BIO_printf(out, "No Revoked Certificates.\n");
-
-	for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
-		r = sk_X509_REVOKED_value(rev, i);
-		BIO_printf(out,"    Serial Number: ");
-		i2a_ASN1_INTEGER(out,r->serialNumber);
-		BIO_printf(out,"\n        Revocation Date: ");
-		ASN1_TIME_print(out,r->revocationDate);
-		BIO_printf(out,"\n");
-		X509V3_extensions_print(out, "CRL entry extensions",
-						r->extensions, 0, 8);
-	}
-	X509_signature_print(out, x->sig_alg, x->signature);
-
-	return 1;
-
-}
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
deleted file mode 100644
index 9dd18f6579..0000000000
--- a/crypto/asn1/t_pkey.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/* crypto/asn1/t_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-
-int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
-			unsigned char *buf, int off)
-	{
-	int n,i;
-	const char *neg;
-
-	if (num == NULL) return(1);
-	neg = (BN_is_negative(num))?"-":"";
-	if(!BIO_indent(bp,off,128))
-		return 0;
-	if (BN_is_zero(num))
-		{
-		if (BIO_printf(bp, "%s 0\n", number) <= 0)
-			return 0;
-		return 1;
-		}
-
-	if (BN_num_bytes(num) <= BN_BYTES)
-		{
-		if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
-			(unsigned long)num->d[0],neg,(unsigned long)num->d[0])
-			<= 0) return(0);
-		}
-	else
-		{
-		buf[0]=0;
-		if (BIO_printf(bp,"%s%s",number,
-			(neg[0] == '-')?" (Negative)":"") <= 0)
-			return(0);
-		n=BN_bn2bin(num,&buf[1]);
-	
-		if (buf[1] & 0x80)
-			n++;
-		else	buf++;
-
-		for (i=0; i<n; i++)
-			{
-			if ((i%15) == 0)
-				{
-				if(BIO_puts(bp,"\n") <= 0
-				   || !BIO_indent(bp,off+4,128))
-				    return 0;
-				}
-			if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
-				<= 0) return(0);
-			}
-		if (BIO_write(bp,"\n",1) <= 0) return(0);
-		}
-	return(1);
-	}
diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
deleted file mode 100644
index ea1794e3e0..0000000000
--- a/crypto/asn1/t_req.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/* crypto/asn1/t_req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_REQ_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
-	{
-	unsigned long l;
-	int i;
-	const char *neg;
-	X509_REQ_INFO *ri;
-	EVP_PKEY *pkey;
-	STACK_OF(X509_ATTRIBUTE) *sk;
-	STACK_OF(X509_EXTENSION) *exts;
-	char mlch = ' ';
-	int nmindent = 0;
-
-	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-		mlch = '\n';
-		nmindent = 12;
-	}
-
-	if(nmflags == X509_FLAG_COMPAT)
-		nmindent = 16;
-
-
-	ri=x->req_info;
-	if(!(cflag & X509_FLAG_NO_HEADER))
-		{
-		if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
-		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_VERSION))
-		{
-		neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
-		l=0;
-		for (i=0; i<ri->version->length; i++)
-			{ l<<=8; l+=ri->version->data[i]; }
-		if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
-			      l) <= 0)
-		    goto err;
-		}
-        if(!(cflag & X509_FLAG_NO_SUBJECT))
-                {
-                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
-                if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
-                if (BIO_write(bp,"\n",1) <= 0) goto err;
-                }
-	if(!(cflag & X509_FLAG_NO_PUBKEY))
-		{
-		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
-			goto err;
-		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
-			goto err;
-		if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
-			goto err;
-		if (BIO_puts(bp, "\n") <= 0)
-			goto err;
-
-		pkey=X509_REQ_get_pubkey(x);
-		if (pkey == NULL)
-			{
-			BIO_printf(bp,"%12sUnable to load Public Key\n","");
-			ERR_print_errors(bp);
-			}
-		else
-			{
-			EVP_PKEY_print_public(bp, pkey, 16, NULL);
-			EVP_PKEY_free(pkey);
-			}
-		}
-
-	if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
-		{
-		/* may not be */
-		if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
-		    goto err;
-
-		sk=x->req_info->attributes;
-		if (sk_X509_ATTRIBUTE_num(sk) == 0)
-			{
-			if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
-			    goto err;
-			}
-		else
-			{
-			for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-				{
-				ASN1_TYPE *at;
-				X509_ATTRIBUTE *a;
-				ASN1_BIT_STRING *bs=NULL;
-				ASN1_TYPE *t;
-				int j,type=0,count=1,ii=0;
-
-				a=sk_X509_ATTRIBUTE_value(sk,i);
-				if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
-									continue;
-				if(BIO_printf(bp,"%12s","") <= 0)
-				    goto err;
-				if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
-				{
-				if (a->single)
-					{
-					t=a->value.single;
-					type=t->type;
-					bs=t->value.bit_string;
-					}
-				else
-					{
-					ii=0;
-					count=sk_ASN1_TYPE_num(a->value.set);
-get_next:
-					at=sk_ASN1_TYPE_value(a->value.set,ii);
-					type=at->type;
-					bs=at->value.asn1_string;
-					}
-				}
-				for (j=25-j; j>0; j--)
-					if (BIO_write(bp," ",1) != 1) goto err;
-				if (BIO_puts(bp,":") <= 0) goto err;
-				if (	(type == V_ASN1_PRINTABLESTRING) ||
-					(type == V_ASN1_T61STRING) ||
-					(type == V_ASN1_IA5STRING))
-					{
-					if (BIO_write(bp,(char *)bs->data,bs->length)
-						!= bs->length)
-						goto err;
-					BIO_puts(bp,"\n");
-					}
-				else
-					{
-					BIO_puts(bp,"unable to print attribute\n");
-					}
-				if (++ii < count) goto get_next;
-				}
-			}
-		}
-	if(!(cflag & X509_FLAG_NO_EXTENSIONS))
-		{
-		exts = X509_REQ_get_extensions(x);
-		if(exts)
-			{
-			BIO_printf(bp,"%8sRequested Extensions:\n","");
-			for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
-				{
-				ASN1_OBJECT *obj;
-				X509_EXTENSION *ex;
-				int j;
-				ex=sk_X509_EXTENSION_value(exts, i);
-				if (BIO_printf(bp,"%12s","") <= 0) goto err;
-				obj=X509_EXTENSION_get_object(ex);
-				i2a_ASN1_OBJECT(bp,obj);
-				j=X509_EXTENSION_get_critical(ex);
-				if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
-					goto err;
-				if(!X509V3_EXT_print(bp, ex, cflag, 16))
-					{
-					BIO_printf(bp, "%16s", "");
-					M_ASN1_OCTET_STRING_print(bp,ex->value);
-					}
-				if (BIO_write(bp,"\n",1) <= 0) goto err;
-				}
-			sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-			}
-		}
-
-	if(!(cflag & X509_FLAG_NO_SIGDUMP))
-		{
-		if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
-		}
-
-	return(1);
-err:
-	X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB);
-	return(0);
-	}
-
-int X509_REQ_print(BIO *bp, X509_REQ *x)
-	{
-	return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-	}
diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c
deleted file mode 100644
index 079c081a81..0000000000
--- a/crypto/asn1/t_spki.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/* t_spki.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/bn.h>
-
-/* Print out an SPKI */
-
-int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
-{
-	EVP_PKEY *pkey;
-	ASN1_IA5STRING *chal;
-	int i, n;
-	char *s;
-	BIO_printf(out, "Netscape SPKI:\n");
-	i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
-	BIO_printf(out,"  Public Key Algorithm: %s\n",
-				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-	pkey = X509_PUBKEY_get(spki->spkac->pubkey);
-	if(!pkey) BIO_printf(out, "  Unable to load public key\n");
-	else
-		{
-		EVP_PKEY_print_public(out, pkey, 4, NULL);
-		EVP_PKEY_free(pkey);
-		}
-	chal = spki->spkac->challenge;
-	if(chal->length)
-		BIO_printf(out, "  Challenge String: %s\n", chal->data);
-	i=OBJ_obj2nid(spki->sig_algor->algorithm);
-	BIO_printf(out,"  Signature Algorithm: %s",
-				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-
-	n=spki->signature->length;
-	s=(char *)spki->signature->data;
-	for (i=0; i<n; i++)
-		{
-		if ((i%18) == 0) BIO_write(out,"\n      ",7);
-		BIO_printf(out,"%02x%s",(unsigned char)s[i],
-						((i+1) == n)?"":":");
-		}
-	BIO_write(out,"\n",1);
-	return 1;
-}
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
deleted file mode 100644
index 8e961f5e7d..0000000000
--- a/crypto/asn1/t_x509.c
+++ /dev/null
@@ -1,530 +0,0 @@
-/* crypto/asn1/t_x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include "asn1_locl.h"
-
-#ifndef OPENSSL_NO_FP_API
-int X509_print_fp(FILE *fp, X509 *x)
-	{
-	return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-	}
-
-int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		X509err(X509_F_X509_PRINT_EX_FP,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_print_ex(b, x, nmflag, cflag);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int X509_print(BIO *bp, X509 *x)
-{
-	return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-}
-
-int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
-	{
-	long l;
-	int ret=0,i;
-	char *m=NULL,mlch = ' ';
-	int nmindent = 0;
-	X509_CINF *ci;
-	ASN1_INTEGER *bs;
-	EVP_PKEY *pkey=NULL;
-	const char *neg;
-
-	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-			mlch = '\n';
-			nmindent = 12;
-	}
-
-	if(nmflags == X509_FLAG_COMPAT)
-		nmindent = 16;
-
-	ci=x->cert_info;
-	if(!(cflag & X509_FLAG_NO_HEADER))
-		{
-		if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
-		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_VERSION))
-		{
-		l=X509_get_version(x);
-		if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_SERIAL))
-		{
-
-		if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
-
-		bs=X509_get_serialNumber(x);
-		if (bs->length <= (int)sizeof(long))
-			{
-			l=ASN1_INTEGER_get(bs);
-			if (bs->type == V_ASN1_NEG_INTEGER)
-				{
-				l= -l;
-				neg="-";
-				}
-			else
-				neg="";
-			if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
-				goto err;
-			}
-		else
-			{
-			neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
-			if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
-
-			for (i=0; i<bs->length; i++)
-				{
-				if (BIO_printf(bp,"%02x%c",bs->data[i],
-					((i+1 == bs->length)?'\n':':')) <= 0)
-					goto err;
-				}
-			}
-
-		}
-
-	if(!(cflag & X509_FLAG_NO_SIGNAME))
-		{
-		if(X509_signature_print(bp, x->sig_alg, NULL) <= 0)
-			goto err;
-#if 0
-		if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) 
-			goto err;
-		if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
-			goto err;
-		if (BIO_puts(bp, "\n") <= 0)
-			goto err;
-#endif
-		}
-
-	if(!(cflag & X509_FLAG_NO_ISSUER))
-		{
-		if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
-		if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
-		if (BIO_write(bp,"\n",1) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_VALIDITY))
-		{
-		if (BIO_write(bp,"        Validity\n",17) <= 0) goto err;
-		if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-		if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
-		if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-		if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
-		if (BIO_write(bp,"\n",1) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_SUBJECT))
-		{
-		if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
-		if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
-		if (BIO_write(bp,"\n",1) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_PUBKEY))
-		{
-		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
-			goto err;
-		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
-			goto err;
-		if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
-			goto err;
-		if (BIO_puts(bp, "\n") <= 0)
-			goto err;
-
-		pkey=X509_get_pubkey(x);
-		if (pkey == NULL)
-			{
-			BIO_printf(bp,"%12sUnable to load Public Key\n","");
-			ERR_print_errors(bp);
-			}
-		else
-			{
-			EVP_PKEY_print_public(bp, pkey, 16, NULL);
-			EVP_PKEY_free(pkey);
-			}
-		}
-
-	if (!(cflag & X509_FLAG_NO_EXTENSIONS))
-		X509V3_extensions_print(bp, "X509v3 extensions",
-					ci->extensions, cflag, 8);
-
-	if(!(cflag & X509_FLAG_NO_SIGDUMP))
-		{
-		if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_AUX))
-		{
-		if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
-		}
-	ret=1;
-err:
-	if (m != NULL) OPENSSL_free(m);
-	return(ret);
-	}
-
-int X509_ocspid_print (BIO *bp, X509 *x)
-	{
-	unsigned char *der=NULL ;
-	unsigned char *dertmp;
-	int derlen;
-	int i;
-	unsigned char SHA1md[SHA_DIGEST_LENGTH];
-
-	/* display the hash of the subject as it would appear
-	   in OCSP requests */
-	if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
-		goto err;
-	derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
-	if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
-		goto err;
-	i2d_X509_NAME(x->cert_info->subject, &dertmp);
-
-	if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
-		goto err;
-	for (i=0; i < SHA_DIGEST_LENGTH; i++)
-		{
-		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
-		}
-	OPENSSL_free (der);
-	der=NULL;
-
-	/* display the hash of the public key as it would appear
-	   in OCSP requests */
-	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
-		goto err;
-
-	if (!EVP_Digest(x->cert_info->key->public_key->data,
-			x->cert_info->key->public_key->length,
-			SHA1md, NULL, EVP_sha1(), NULL))
-		goto err;
-	for (i=0; i < SHA_DIGEST_LENGTH; i++)
-		{
-		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
-			goto err;
-		}
-	BIO_printf(bp,"\n");
-
-	return (1);
-err:
-	if (der != NULL) OPENSSL_free(der);
-	return(0);
-	}
-
-int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
-{
-	const unsigned char *s;
-	int i, n;
-
-	n=sig->length;
-	s=sig->data;
-	for (i=0; i<n; i++)
-		{
-		if ((i%18) == 0)
-			{
-			if (BIO_write(bp,"\n",1) <= 0) return 0;
-			if (BIO_indent(bp, indent, indent) <= 0) return 0;
-			}
-			if (BIO_printf(bp,"%02x%s",s[i],
-				((i+1) == n)?"":":") <= 0) return 0;
-		}
-	if (BIO_write(bp,"\n",1) != 1) return 0;
-
-	return 1;
-}
-
-int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
-{
-	int sig_nid;
-	if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;
-	if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
-
-	sig_nid = OBJ_obj2nid(sigalg->algorithm);
-	if (sig_nid != NID_undef)
-		{
-		int pkey_nid, dig_nid;
-		const EVP_PKEY_ASN1_METHOD *ameth;
-		if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid))
-			{
-			ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
-			if (ameth && ameth->sig_print)
-				return ameth->sig_print(bp, sigalg, sig, 9, 0);
-			}
-		}
-	if (sig)
-		return X509_signature_dump(bp, sig, 9);
-	else if (BIO_puts(bp, "\n") <= 0)
-		return 0;
-	return 1;
-}
-
-int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
-	{
-	int i,n;
-	char buf[80];
-	const char *p;
-
-	if (v == NULL) return(0);
-	n=0;
-	p=(const char *)v->data;
-	for (i=0; i<v->length; i++)
-		{
-		if ((p[i] > '~') || ((p[i] < ' ') &&
-			(p[i] != '\n') && (p[i] != '\r')))
-			buf[n]='.';
-		else
-			buf[n]=p[i];
-		n++;
-		if (n >= 80)
-			{
-			if (BIO_write(bp,buf,n) <= 0)
-				return(0);
-			n=0;
-			}
-		}
-	if (n > 0)
-		if (BIO_write(bp,buf,n) <= 0)
-			return(0);
-	return(1);
-	}
-
-int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
-{
-	if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
-	if(tm->type == V_ASN1_GENERALIZEDTIME)
-				return ASN1_GENERALIZEDTIME_print(bp, tm);
-	BIO_write(bp,"Bad time value",14);
-	return(0);
-}
-
-static const char *mon[12]=
-    {
-    "Jan","Feb","Mar","Apr","May","Jun",
-    "Jul","Aug","Sep","Oct","Nov","Dec"
-    };
-
-int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
-	{
-	char *v;
-	int gmt=0;
-	int i;
-	int y=0,M=0,d=0,h=0,m=0,s=0;
-	char *f = NULL;
-	int f_len = 0;
-
-	i=tm->length;
-	v=(char *)tm->data;
-
-	if (i < 12) goto err;
-	if (v[i-1] == 'Z') gmt=1;
-	for (i=0; i<12; i++)
-		if ((v[i] > '9') || (v[i] < '0')) goto err;
-	y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
-	M= (v[4]-'0')*10+(v[5]-'0');
-	if ((M > 12) || (M < 1)) goto err;
-	d= (v[6]-'0')*10+(v[7]-'0');
-	h= (v[8]-'0')*10+(v[9]-'0');
-	m=  (v[10]-'0')*10+(v[11]-'0');
-	if (tm->length >= 14 &&
-	    (v[12] >= '0') && (v[12] <= '9') &&
-	    (v[13] >= '0') && (v[13] <= '9'))
-		{
-		s=  (v[12]-'0')*10+(v[13]-'0');
-		/* Check for fractions of seconds. */
-		if (tm->length >= 15 && v[14] == '.')
-			{
-			int l = tm->length;
-			f = &v[14];	/* The decimal point. */
-			f_len = 1;
-			while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
-				++f_len;
-			}
-		}
-
-	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s",
-		mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0)
-		return(0);
-	else
-		return(1);
-err:
-	BIO_write(bp,"Bad time value",14);
-	return(0);
-	}
-
-int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
-	{
-	const char *v;
-	int gmt=0;
-	int i;
-	int y=0,M=0,d=0,h=0,m=0,s=0;
-
-	i=tm->length;
-	v=(const char *)tm->data;
-
-	if (i < 10) goto err;
-	if (v[i-1] == 'Z') gmt=1;
-	for (i=0; i<10; i++)
-		if ((v[i] > '9') || (v[i] < '0')) goto err;
-	y= (v[0]-'0')*10+(v[1]-'0');
-	if (y < 50) y+=100;
-	M= (v[2]-'0')*10+(v[3]-'0');
-	if ((M > 12) || (M < 1)) goto err;
-	d= (v[4]-'0')*10+(v[5]-'0');
-	h= (v[6]-'0')*10+(v[7]-'0');
-	m=  (v[8]-'0')*10+(v[9]-'0');
-	if (tm->length >=12 &&
-	    (v[10] >= '0') && (v[10] <= '9') &&
-	    (v[11] >= '0') && (v[11] <= '9'))
-		s=  (v[10]-'0')*10+(v[11]-'0');
-
-	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
-		mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0)
-		return(0);
-	else
-		return(1);
-err:
-	BIO_write(bp,"Bad time value",14);
-	return(0);
-	}
-
-int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
-	{
-	char *s,*c,*b;
-	int ret=0,l,i;
-
-	l=80-2-obase;
-
-	b=X509_NAME_oneline(name,NULL,0);
-	if (!b)
-		return 0;
-	if (!*b)
-		{
-		OPENSSL_free(b);
-		return 1;
-		}
-	s=b+1; /* skip the first slash */
-
-	c=s;
-	for (;;)
-		{
-#ifndef CHARSET_EBCDIC
-		if (	((*s == '/') &&
-				((s[1] >= 'A') && (s[1] <= 'Z') && (
-					(s[2] == '=') ||
-					((s[2] >= 'A') && (s[2] <= 'Z') &&
-					(s[3] == '='))
-				 ))) ||
-			(*s == '\0'))
-#else
-		if (	((*s == '/') &&
-				(isupper(s[1]) && (
-					(s[2] == '=') ||
-					(isupper(s[2]) &&
-					(s[3] == '='))
-				 ))) ||
-			(*s == '\0'))
-#endif
-			{
-			i=s-c;
-			if (BIO_write(bp,c,i) != i) goto err;
-			c=s+1;	/* skip following slash */
-			if (*s != '\0')
-				{
-				if (BIO_write(bp,", ",2) != 2) goto err;
-				}
-			l--;
-			}
-		if (*s == '\0') break;
-		s++;
-		l--;
-		}
-	
-	ret=1;
-	if (0)
-		{
-err:
-		X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
-		}
-	OPENSSL_free(b);
-	return(ret);
-	}
diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c
deleted file mode 100644
index 8b18801a17..0000000000
--- a/crypto/asn1/t_x509a.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/* t_x509a.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-
-/* X509_CERT_AUX and string set routines
- */
-
-int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
-{
-	char oidstr[80], first;
-	int i;
-	if(!aux) return 1;
-	if(aux->trust) {
-		first = 1;
-		BIO_printf(out, "%*sTrusted Uses:\n%*s",
-						indent, "", indent + 2, "");
-		for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
-			if(!first) BIO_puts(out, ", ");
-			else first = 0;
-			OBJ_obj2txt(oidstr, sizeof oidstr,
-				sk_ASN1_OBJECT_value(aux->trust, i), 0);
-			BIO_puts(out, oidstr);
-		}
-		BIO_puts(out, "\n");
-	} else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
-	if(aux->reject) {
-		first = 1;
-		BIO_printf(out, "%*sRejected Uses:\n%*s",
-						indent, "", indent + 2, "");
-		for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
-			if(!first) BIO_puts(out, ", ");
-			else first = 0;
-			OBJ_obj2txt(oidstr, sizeof oidstr,
-				sk_ASN1_OBJECT_value(aux->reject, i), 0);
-			BIO_puts(out, oidstr);
-		}
-		BIO_puts(out, "\n");
-	} else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
-	if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
-							aux->alias->data);
-	if(aux->keyid) {
-		BIO_printf(out, "%*sKey Id: ", indent, "");
-		for(i = 0; i < aux->keyid->length; i++) 
-			BIO_printf(out, "%s%02X", 
-				i ? ":" : "",
-				aux->keyid->data[i]);
-		BIO_write(out,"\n",1);
-	}
-	return 1;
-}
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
deleted file mode 100644
index 2cbfa81475..0000000000
--- a/crypto/asn1/tasn_dec.c
+++ /dev/null
@@ -1,1355 +0,0 @@
-/* tasn_dec.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <string.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-static int asn1_check_eoc(const unsigned char **in, long len);
-static int asn1_find_end(const unsigned char **in, long len, char inf);
-
-static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
-			char inf, int tag, int aclass, int depth);
-
-static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
-
-static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
-				char *inf, char *cst,
-				const unsigned char **in, long len,
-				int exptag, int expclass, char opt,
-				ASN1_TLC *ctx);
-
-static int asn1_template_ex_d2i(ASN1_VALUE **pval,
-				const unsigned char **in, long len,
-				const ASN1_TEMPLATE *tt, char opt,
-				ASN1_TLC *ctx);
-static int asn1_template_noexp_d2i(ASN1_VALUE **val,
-				const unsigned char **in, long len,
-				const ASN1_TEMPLATE *tt, char opt,
-				ASN1_TLC *ctx);
-static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
-				const unsigned char **in, long len,
-				const ASN1_ITEM *it,
-				int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-/* Table to convert tags to bit values, used for MSTRING type */
-static const unsigned long tag2bit[32] = {
-0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
-B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
-B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
-B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
-B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,			       /* tags 23-24 */	
-B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
-	};
-
-unsigned long ASN1_tag2bit(int tag)
-	{
-	if ((tag < 0) || (tag > 30)) return 0;
-	return tag2bit[tag];
-	}
-
-/* Macro to initialize and invalidate the cache */
-
-#define asn1_tlc_clear(c)	if (c) (c)->valid = 0
-/* Version to avoid compiler warning about 'c' always non-NULL */
-#define asn1_tlc_clear_nc(c)	(c)->valid = 0
-
-/* Decode an ASN1 item, this currently behaves just 
- * like a standard 'd2i' function. 'in' points to 
- * a buffer to read the data from, in future we will
- * have more advanced versions that can input data
- * a piece at a time and this will simply be a special
- * case.
- */
-
-ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
-		const unsigned char **in, long len, const ASN1_ITEM *it)
-	{
-	ASN1_TLC c;
-	ASN1_VALUE *ptmpval = NULL;
-	if (!pval)
-		pval = &ptmpval;
-	asn1_tlc_clear_nc(&c);
-	if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
-		return *pval;
-	return NULL;
-	}
-
-int ASN1_template_d2i(ASN1_VALUE **pval,
-		const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
-	{
-	ASN1_TLC c;
-	asn1_tlc_clear_nc(&c);
-	return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
-	}
-
-
-/* Decode an item, taking care of IMPLICIT tagging, if any.
- * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
- */
-
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
-			const ASN1_ITEM *it,
-			int tag, int aclass, char opt, ASN1_TLC *ctx)
-	{
-	const ASN1_TEMPLATE *tt, *errtt = NULL;
-	const ASN1_COMPAT_FUNCS *cf;
-	const ASN1_EXTERN_FUNCS *ef;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_aux_cb *asn1_cb;
-	const unsigned char *p = NULL, *q;
-	unsigned char *wp=NULL;	/* BIG FAT WARNING!  BREAKS CONST WHERE USED */
-	unsigned char imphack = 0, oclass;
-	char seq_eoc, seq_nolen, cst, isopt;
-	long tmplen;
-	int i;
-	int otag;
-	int ret = 0;
-	ASN1_VALUE **pchptr, *ptmpval;
-	if (!pval)
-		return 0;
-	if (aux && aux->asn1_cb)
-		asn1_cb = aux->asn1_cb;
-	else asn1_cb = 0;
-
-	switch(it->itype)
-		{
-		case ASN1_ITYPE_PRIMITIVE:
-		if (it->templates)
-			{
-			/* tagging or OPTIONAL is currently illegal on an item
-			 * template because the flags can't get passed down.
-			 * In practice this isn't a problem: we include the
-			 * relevant flags from the item template in the
-			 * template itself.
-			 */
-			if ((tag != -1) || opt)
-				{
-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-				ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
-				goto err;
-				}
-			return asn1_template_ex_d2i(pval, in, len,
-					it->templates, opt, ctx);
-		}
-		return asn1_d2i_ex_primitive(pval, in, len, it,
-						tag, aclass, opt, ctx);
-		break;
-
-		case ASN1_ITYPE_MSTRING:
-		p = *in;
-		/* Just read in tag and class */
-		ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
-						&p, len, -1, 0, 1, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-
-		/* Must be UNIVERSAL class */
-		if (oclass != V_ASN1_UNIVERSAL)
-			{
-			/* If OPTIONAL, assume this is OK */
-			if (opt) return -1;
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ASN1_R_MSTRING_NOT_UNIVERSAL);
-			goto err;
-			}
-		/* Check tag matches bit map */
-		if (!(ASN1_tag2bit(otag) & it->utype))
-			{
-			/* If OPTIONAL, assume this is OK */
-			if (opt)
-				return -1;
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ASN1_R_MSTRING_WRONG_TAG);
-			goto err;
-			}
-		return asn1_d2i_ex_primitive(pval, in, len,
-						it, otag, 0, 0, ctx);
-
-		case ASN1_ITYPE_EXTERN:
-		/* Use new style d2i */
-		ef = it->funcs;
-		return ef->asn1_ex_d2i(pval, in, len,
-						it, tag, aclass, opt, ctx);
-
-		case ASN1_ITYPE_COMPAT:
-		/* we must resort to old style evil hackery */
-		cf = it->funcs;
-
-		/* If OPTIONAL see if it is there */
-		if (opt)
-			{
-			int exptag;
-			p = *in;
-			if (tag == -1)
-				exptag = it->utype;
-			else exptag = tag;
-			/* Don't care about anything other than presence
-			 * of expected tag */
-
-			ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
-					&p, len, exptag, aclass, 1, ctx);
-			if (!ret)
-				{
-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-				goto err;
-				}
-			if (ret == -1)
-				return -1;
-			}
-
-		/* This is the old style evil hack IMPLICIT handling:
-		 * since the underlying code is expecting a tag and
-		 * class other than the one present we change the
-		 * buffer temporarily then change it back afterwards.
-		 * This doesn't and never did work for tags > 30.
-		 *
-		 * Yes this is *horrible* but it is only needed for
-		 * old style d2i which will hopefully not be around
-		 * for much longer.
-		 * FIXME: should copy the buffer then modify it so
-		 * the input buffer can be const: we should *always*
-		 * copy because the old style d2i might modify the
-		 * buffer.
-		 */
-
-		if (tag != -1)
-			{
-			wp = *(unsigned char **)in;
-			imphack = *wp;
-			if (p == NULL)
-				{
-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-				goto err;
-				}
-			*wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
-								| it->utype);
-			}
-
-		ptmpval = cf->asn1_d2i(pval, in, len);
-
-		if (tag != -1)
-			*wp = imphack;
-
-		if (ptmpval)
-			return 1;
-
-		ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-		goto err;
-
-
-		case ASN1_ITYPE_CHOICE:
-		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
-				goto auxerr;
-
-		/* Allocate structure */
-		if (!*pval && !ASN1_item_ex_new(pval, it))
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-						ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-		/* CHOICE type, try each possibility in turn */
-		p = *in;
-		for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
-			{
-			pchptr = asn1_get_field_ptr(pval, tt);
-			/* We mark field as OPTIONAL so its absence
-			 * can be recognised.
-			 */
-			ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
-			/* If field not present, try the next one */
-			if (ret == -1)
-				continue;
-			/* If positive return, read OK, break loop */
-			if (ret > 0)
-				break;
-			/* Otherwise must be an ASN1 parsing error */
-			errtt = tt;
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-						ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-
-		/* Did we fall off the end without reading anything? */
-		if (i == it->tcount)
-			{
-			/* If OPTIONAL, this is OK */
-			if (opt)
-				{
-				/* Free and zero it */
-				ASN1_item_ex_free(pval, it);
-				return -1;
-				}
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ASN1_R_NO_MATCHING_CHOICE_TYPE);
-			goto err;
-			}
-
-		asn1_set_choice_selector(pval, i, it);
-		*in = p;
-		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
-				goto auxerr;
-		return 1;
-
-		case ASN1_ITYPE_NDEF_SEQUENCE:
-		case ASN1_ITYPE_SEQUENCE:
-		p = *in;
-		tmplen = len;
-
-		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
-		if (tag == -1)
-			{
-			tag = V_ASN1_SEQUENCE;
-			aclass = V_ASN1_UNIVERSAL;
-			}
-		/* Get SEQUENCE length and update len, p */
-		ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
-					&p, len, tag, aclass, opt, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-		else if (ret == -1)
-			return -1;
-		if (aux && (aux->flags & ASN1_AFLG_BROKEN))
-			{
-			len = tmplen - (p - *in);
-			seq_nolen = 1;
-			}
-		/* If indefinite we don't do a length check */
-		else seq_nolen = seq_eoc;
-		if (!cst)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-				ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
-			goto err;
-			}
-
-		if (!*pval && !ASN1_item_ex_new(pval, it))
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-				ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-
-		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
-				goto auxerr;
-
-		/* Get each field entry */
-		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
-			{
-			const ASN1_TEMPLATE *seqtt;
-			ASN1_VALUE **pseqval;
-			seqtt = asn1_do_adb(pval, tt, 1);
-			if (!seqtt)
-				goto err;
-			pseqval = asn1_get_field_ptr(pval, seqtt);
-			/* Have we ran out of data? */
-			if (!len)
-				break;
-			q = p;
-			if (asn1_check_eoc(&p, len))
-				{
-				if (!seq_eoc)
-					{
-					ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-							ASN1_R_UNEXPECTED_EOC);
-					goto err;
-					}
-				len -= p - q;
-				seq_eoc = 0;
-				q = p;
-				break;
-				}
-			/* This determines the OPTIONAL flag value. The field
-			 * cannot be omitted if it is the last of a SEQUENCE
-			 * and there is still data to be read. This isn't
-			 * strictly necessary but it increases efficiency in
-			 * some cases.
-			 */
-			if (i == (it->tcount - 1))
-				isopt = 0;
-			else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
-			/* attempt to read in field, allowing each to be
-			 * OPTIONAL */
-
-			ret = asn1_template_ex_d2i(pseqval, &p, len,
-							seqtt, isopt, ctx);
-			if (!ret)
-				{
-				errtt = seqtt;
-				goto err;
-				}
-			else if (ret == -1)
-				{
-				/* OPTIONAL component absent.
-				 * Free and zero the field.
-				 */
-				ASN1_template_free(pseqval, seqtt);
-				continue;
-				}
-			/* Update length */
-			len -= p - q;
-			}
-
-		/* Check for EOC if expecting one */
-		if (seq_eoc && !asn1_check_eoc(&p, len))
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
-			goto err;
-			}
-		/* Check all data read */
-		if (!seq_nolen && len)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ASN1_R_SEQUENCE_LENGTH_MISMATCH);
-			goto err;
-			}
-
-		/* If we get here we've got no more data in the SEQUENCE,
-		 * however we may not have read all fields so check all
-		 * remaining are OPTIONAL and clear any that are.
-		 */
-		for (; i < it->tcount; tt++, i++)
-			{
-			const ASN1_TEMPLATE *seqtt;
-			seqtt = asn1_do_adb(pval, tt, 1);
-			if (!seqtt)
-				goto err;
-			if (seqtt->flags & ASN1_TFLG_OPTIONAL)
-				{
-				ASN1_VALUE **pseqval;
-				pseqval = asn1_get_field_ptr(pval, seqtt);
-				ASN1_template_free(pseqval, seqtt);
-				}
-			else
-				{
-				errtt = seqtt;
-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-							ASN1_R_FIELD_MISSING);
-				goto err;
-				}
-			}
-		/* Save encoding */
-		if (!asn1_enc_save(pval, *in, p - *in, it))
-			goto auxerr;
-		*in = p;
-		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
-				goto auxerr;
-		return 1;
-
-		default:
-		return 0;
-		}
-	auxerr:
-	ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
-	err:
-	ASN1_item_ex_free(pval, it);
-	if (errtt)
-		ERR_add_error_data(4, "Field=", errtt->field_name,
-					", Type=", it->sname);
-	else
-		ERR_add_error_data(2, "Type=", it->sname);
-	return 0;
-	}
-
-/* Templates are handled with two separate functions.
- * One handles any EXPLICIT tag and the other handles the rest.
- */
-
-static int asn1_template_ex_d2i(ASN1_VALUE **val,
-				const unsigned char **in, long inlen,
-				const ASN1_TEMPLATE *tt, char opt,
-							ASN1_TLC *ctx)
-	{
-	int flags, aclass;
-	int ret;
-	long len;
-	const unsigned char *p, *q;
-	char exp_eoc;
-	if (!val)
-		return 0;
-	flags = tt->flags;
-	aclass = flags & ASN1_TFLG_TAG_CLASS;
-
-	p = *in;
-
-	/* Check if EXPLICIT tag expected */
-	if (flags & ASN1_TFLG_EXPTAG)
-		{
-		char cst;
-		/* Need to work out amount of data available to the inner
-		 * content and where it starts: so read in EXPLICIT header to
-		 * get the info.
-		 */
-		ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
-					&p, inlen, tt->tag, aclass, opt, ctx);
-		q = p;
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-			return 0;
-			}
-		else if (ret == -1)
-			return -1;
-		if (!cst)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-					ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
-			return 0;
-			}
-		/* We've found the field so it can't be OPTIONAL now */
-		ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-			return 0;
-			}
-		/* We read the field in OK so update length */
-		len -= p - q;
-		if (exp_eoc)
-			{
-			/* If NDEF we must have an EOC here */
-			if (!asn1_check_eoc(&p, len))
-				{
-				ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-						ASN1_R_MISSING_EOC);
-				goto err;
-				}
-			}
-		else
-			{
-			/* Otherwise we must hit the EXPLICIT tag end or its
-			 * an error */
-			if (len)
-				{
-				ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-					ASN1_R_EXPLICIT_LENGTH_MISMATCH);
-				goto err;
-				}
-			}
-		}
-		else 
-			return asn1_template_noexp_d2i(val, in, inlen,
-								tt, opt, ctx);
-
-	*in = p;
-	return 1;
-
-	err:
-	ASN1_template_free(val, tt);
-	return 0;
-	}
-
-static int asn1_template_noexp_d2i(ASN1_VALUE **val,
-				const unsigned char **in, long len,
-				const ASN1_TEMPLATE *tt, char opt,
-				ASN1_TLC *ctx)
-	{
-	int flags, aclass;
-	int ret;
-	const unsigned char *p, *q;
-	if (!val)
-		return 0;
-	flags = tt->flags;
-	aclass = flags & ASN1_TFLG_TAG_CLASS;
-
-	p = *in;
-	q = p;
-
-	if (flags & ASN1_TFLG_SK_MASK)
-		{
-		/* SET OF, SEQUENCE OF */
-		int sktag, skaclass;
-		char sk_eoc;
-		/* First work out expected inner tag value */
-		if (flags & ASN1_TFLG_IMPTAG)
-			{
-			sktag = tt->tag;
-			skaclass = aclass;
-			}
-		else
-			{
-			skaclass = V_ASN1_UNIVERSAL;
-			if (flags & ASN1_TFLG_SET_OF)
-				sktag = V_ASN1_SET;
-			else
-				sktag = V_ASN1_SEQUENCE;
-			}
-		/* Get the tag */
-		ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
-					&p, len, sktag, skaclass, opt, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-						ERR_R_NESTED_ASN1_ERROR);
-			return 0;
-			}
-		else if (ret == -1)
-			return -1;
-		if (!*val)
-			*val = (ASN1_VALUE *)sk_new_null();
-		else
-			{
-			/* We've got a valid STACK: free up any items present */
-			STACK_OF(ASN1_VALUE) *sktmp
-			    = (STACK_OF(ASN1_VALUE) *)*val;
-			ASN1_VALUE *vtmp;
-			while(sk_ASN1_VALUE_num(sktmp) > 0)
-				{
-				vtmp = sk_ASN1_VALUE_pop(sktmp);
-				ASN1_item_ex_free(&vtmp,
-						ASN1_ITEM_ptr(tt->item));
-				}
-			}
-				
-		if (!*val)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-						ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		/* Read as many items as we can */
-		while(len > 0)
-			{
-			ASN1_VALUE *skfield;
-			q = p;
-			/* See if EOC found */
-			if (asn1_check_eoc(&p, len))
-				{
-				if (!sk_eoc)
-					{
-					ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-							ASN1_R_UNEXPECTED_EOC);
-					goto err;
-					}
-				len -= p - q;
-				sk_eoc = 0;
-				break;
-				}
-			skfield = NULL;
-			if (!ASN1_item_ex_d2i(&skfield, &p, len,
-						ASN1_ITEM_ptr(tt->item),
-						-1, 0, 0, ctx))
-				{
-				ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-				goto err;
-				}
-			len -= p - q;
-			if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val,
-						skfield))
-				{
-				ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-						ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			}
-		if (sk_eoc)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
-			goto err;
-			}
-		}
-	else if (flags & ASN1_TFLG_IMPTAG)
-		{
-		/* IMPLICIT tagging */
-		ret = ASN1_item_ex_d2i(val, &p, len,
-			ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-						ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-		else if (ret == -1)
-			return -1;
-		}
-	else
-		{
-		/* Nothing special */
-		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-							-1, 0, opt, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-		else if (ret == -1)
-			return -1;
-		}
-
-	*in = p;
-	return 1;
-
-	err:
-	ASN1_template_free(val, tt);
-	return 0;
-	}
-
-static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
-				const unsigned char **in, long inlen, 
-				const ASN1_ITEM *it,
-				int tag, int aclass, char opt, ASN1_TLC *ctx)
-	{
-	int ret = 0, utype;
-	long plen;
-	char cst, inf, free_cont = 0;
-	const unsigned char *p;
-	BUF_MEM buf;
-	const unsigned char *cont = NULL;
-	long len; 
-	if (!pval)
-		{
-		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
-		return 0; /* Should never happen */
-		}
-
-	if (it->itype == ASN1_ITYPE_MSTRING)
-		{
-		utype = tag;
-		tag = -1;
-		}
-	else
-		utype = it->utype;
-
-	if (utype == V_ASN1_ANY)
-		{
-		/* If type is ANY need to figure out type from tag */
-		unsigned char oclass;
-		if (tag >= 0)
-			{
-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-					ASN1_R_ILLEGAL_TAGGED_ANY);
-			return 0;
-			}
-		if (opt)
-			{
-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-					ASN1_R_ILLEGAL_OPTIONAL_ANY);
-			return 0;
-			}
-		p = *in;
-		ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
-					&p, inlen, -1, 0, 0, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-					ERR_R_NESTED_ASN1_ERROR);
-			return 0;
-			}
-		if (oclass != V_ASN1_UNIVERSAL)
-			utype = V_ASN1_OTHER;
-		}
-	if (tag == -1)
-		{
-		tag = utype;
-		aclass = V_ASN1_UNIVERSAL;
-		}
-	p = *in;
-	/* Check header */
-	ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
-				&p, inlen, tag, aclass, opt, ctx);
-	if (!ret)
-		{
-		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
-		return 0;
-		}
-	else if (ret == -1)
-		return -1;
-        ret = 0;
-	/* SEQUENCE, SET and "OTHER" are left in encoded form */
-	if ((utype == V_ASN1_SEQUENCE)
-		|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
-		{
-		/* Clear context cache for type OTHER because the auto clear
-		 * when we have a exact match wont work
-		 */
-		if (utype == V_ASN1_OTHER)
-			{
-			asn1_tlc_clear(ctx);
-			}
-		/* SEQUENCE and SET must be constructed */
-		else if (!cst)
-			{
-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-				ASN1_R_TYPE_NOT_CONSTRUCTED);
-			return 0;
-			}
-
-		cont = *in;
-		/* If indefinite length constructed find the real end */
-		if (inf)
-			{
-			if (!asn1_find_end(&p, plen, inf))
-				 goto err;
-			len = p - cont;
-			}
-		else
-			{
-			len = p - cont + plen;
-			p += plen;
-			buf.data = NULL;
-			}
-		}
-	else if (cst)
-		{
-		if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
-			|| utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
-			|| utype == V_ASN1_ENUMERATED)
-			{
-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-				ASN1_R_TYPE_NOT_PRIMITIVE);
-			return 0;
-			}
-		buf.length = 0;
-		buf.max = 0;
-		buf.data = NULL;
-		/* Should really check the internal tags are correct but
-		 * some things may get this wrong. The relevant specs
-		 * say that constructed string types should be OCTET STRINGs
-		 * internally irrespective of the type. So instead just check
-		 * for UNIVERSAL class and ignore the tag.
-		 */
-		if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0))
-			{
-			free_cont = 1;
-			goto err;
-			}
-		len = buf.length;
-		/* Append a final null to string */
-		if (!BUF_MEM_grow_clean(&buf, len + 1))
-			{
-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-						ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		buf.data[len] = 0;
-		cont = (const unsigned char *)buf.data;
-		free_cont = 1;
-		}
-	else
-		{
-		cont = p;
-		len = plen;
-		p += plen;
-		}
-
-	/* We now have content length and type: translate into a structure */
-	if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
-		goto err;
-
-	*in = p;
-	ret = 1;
-	err:
-	if (free_cont && buf.data) OPENSSL_free(buf.data);
-	return ret;
-	}
-
-/* Translate ASN1 content octets into a structure */
-
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-			int utype, char *free_cont, const ASN1_ITEM *it)
-	{
-	ASN1_VALUE **opval = NULL;
-	ASN1_STRING *stmp;
-	ASN1_TYPE *typ = NULL;
-	int ret = 0;
-	const ASN1_PRIMITIVE_FUNCS *pf;
-	ASN1_INTEGER **tint;
-	pf = it->funcs;
-
-	if (pf && pf->prim_c2i)
-		return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
-	/* If ANY type clear type and set pointer to internal value */
-	if (it->utype == V_ASN1_ANY)
-		{
-		if (!*pval)
-			{
-			typ = ASN1_TYPE_new();
-			if (typ == NULL)
-				goto err;
-			*pval = (ASN1_VALUE *)typ;
-			}
-		else
-			typ = (ASN1_TYPE *)*pval;
-
-		if (utype != typ->type)
-			ASN1_TYPE_set(typ, utype, NULL);
-		opval = pval;
-		pval = &typ->value.asn1_value;
-		}
-	switch(utype)
-		{
-		case V_ASN1_OBJECT:
-		if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
-			goto err;
-		break;
-
-		case V_ASN1_NULL:
-		if (len)
-			{
-			ASN1err(ASN1_F_ASN1_EX_C2I,
-						ASN1_R_NULL_IS_WRONG_LENGTH);
-			goto err;
-			}
-		*pval = (ASN1_VALUE *)1;
-		break;
-
-		case V_ASN1_BOOLEAN:
-		if (len != 1)
-			{
-			ASN1err(ASN1_F_ASN1_EX_C2I,
-						ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
-			goto err;
-			}
-		else
-			{
-			ASN1_BOOLEAN *tbool;
-			tbool = (ASN1_BOOLEAN *)pval;
-			*tbool = *cont;
-			}
-		break;
-
-		case V_ASN1_BIT_STRING:
-		if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
-			goto err;
-		break;
-
-		case V_ASN1_INTEGER:
-		case V_ASN1_NEG_INTEGER:
-		case V_ASN1_ENUMERATED:
-		case V_ASN1_NEG_ENUMERATED:
-		tint = (ASN1_INTEGER **)pval;
-		if (!c2i_ASN1_INTEGER(tint, &cont, len))
-			goto err;
-		/* Fixup type to match the expected form */
-		(*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
-		break;
-
-		case V_ASN1_OCTET_STRING:
-		case V_ASN1_NUMERICSTRING:
-		case V_ASN1_PRINTABLESTRING:
-		case V_ASN1_T61STRING:
-		case V_ASN1_VIDEOTEXSTRING:
-		case V_ASN1_IA5STRING:
-		case V_ASN1_UTCTIME:
-		case V_ASN1_GENERALIZEDTIME:
-		case V_ASN1_GRAPHICSTRING:
-		case V_ASN1_VISIBLESTRING:
-		case V_ASN1_GENERALSTRING:
-		case V_ASN1_UNIVERSALSTRING:
-		case V_ASN1_BMPSTRING:
-		case V_ASN1_UTF8STRING:
-		case V_ASN1_OTHER:
-		case V_ASN1_SET:
-		case V_ASN1_SEQUENCE:
-		default:
-		if (utype == V_ASN1_BMPSTRING && (len & 1))
-			{
-			ASN1err(ASN1_F_ASN1_EX_C2I,
-					ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
-			goto err;
-			}
-		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
-			{
-			ASN1err(ASN1_F_ASN1_EX_C2I,
-					ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
-			goto err;
-			}
-		/* All based on ASN1_STRING and handled the same */
-		if (!*pval)
-			{
-			stmp = ASN1_STRING_type_new(utype);
-			if (!stmp)
-				{
-				ASN1err(ASN1_F_ASN1_EX_C2I,
-							ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			*pval = (ASN1_VALUE *)stmp;
-			}
-		else
-			{
-			stmp = (ASN1_STRING *)*pval;
-			stmp->type = utype;
-			}
-		/* If we've already allocated a buffer use it */
-		if (*free_cont)
-			{
-			if (stmp->data)
-				OPENSSL_free(stmp->data);
-			stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
-			stmp->length = len;
-			*free_cont = 0;
-			}
-		else
-			{
-			if (!ASN1_STRING_set(stmp, cont, len))
-				{
-				ASN1err(ASN1_F_ASN1_EX_C2I,
-							ERR_R_MALLOC_FAILURE);
-				ASN1_STRING_free(stmp);	
-				*pval = NULL;
-				goto err;
-				}
-			}
-		break;
-		}
-	/* If ASN1_ANY and NULL type fix up value */
-	if (typ && (utype == V_ASN1_NULL))
-		 typ->value.ptr = NULL;
-
-	ret = 1;
-	err:
-	if (!ret)
-		{
-		ASN1_TYPE_free(typ);
-		if (opval)
-			*opval = NULL;
-		}
-	return ret;
-	}
-
-
-/* This function finds the end of an ASN1 structure when passed its maximum
- * length, whether it is indefinite length and a pointer to the content.
- * This is more efficient than calling asn1_collect because it does not
- * recurse on each indefinite length header.
- */
-
-static int asn1_find_end(const unsigned char **in, long len, char inf)
-	{
-	int expected_eoc;
-	long plen;
-	const unsigned char *p = *in, *q;
-	/* If not indefinite length constructed just add length */
-	if (inf == 0)
-		{
-		*in += len;
-		return 1;
-		}
-	expected_eoc = 1;
-	/* Indefinite length constructed form. Find the end when enough EOCs
-	 * are found. If more indefinite length constructed headers
-	 * are encountered increment the expected eoc count otherwise just
-	 * skip to the end of the data.
-	 */
-	while (len > 0)
-		{
-		if(asn1_check_eoc(&p, len))
-			{
-			expected_eoc--;
-			if (expected_eoc == 0)
-				break;
-			len -= 2;
-			continue;
-			}
-		q = p;
-		/* Just read in a header: only care about the length */
-		if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
-				-1, 0, 0, NULL))
-			{
-			ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
-			return 0;
-			}
-		if (inf)
-			expected_eoc++;
-		else
-			p += plen;
-		len -= p - q;
-		}
-	if (expected_eoc)
-		{
-		ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
-		return 0;
-		}
-	*in = p;
-	return 1;
-	}
-/* This function collects the asn1 data from a constructred string
- * type into a buffer. The values of 'in' and 'len' should refer
- * to the contents of the constructed type and 'inf' should be set
- * if it is indefinite length.
- */
-
-#ifndef ASN1_MAX_STRING_NEST
-/* This determines how many levels of recursion are permitted in ASN1
- * string types. If it is not limited stack overflows can occur. If set
- * to zero no recursion is allowed at all. Although zero should be adequate
- * examples exist that require a value of 1. So 5 should be more than enough.
- */
-#define ASN1_MAX_STRING_NEST 5
-#endif
-
-
-static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
-			char inf, int tag, int aclass, int depth)
-	{
-	const unsigned char *p, *q;
-	long plen;
-	char cst, ininf;
-	p = *in;
-	inf &= 1;
-	/* If no buffer and not indefinite length constructed just pass over
-	 * the encoded data */
-	if (!buf && !inf)
-		{
-		*in += len;
-		return 1;
-		}
-	while(len > 0)
-		{
-		q = p;
-		/* Check for EOC */
-		if (asn1_check_eoc(&p, len))
-			{
-			/* EOC is illegal outside indefinite length
-			 * constructed form */
-			if (!inf)
-				{
-				ASN1err(ASN1_F_ASN1_COLLECT,
-					ASN1_R_UNEXPECTED_EOC);
-				return 0;
-				}
-			inf = 0;
-			break;
-			}
-
-		if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
-					len, tag, aclass, 0, NULL))
-			{
-			ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
-			return 0;
-			}
-
-		/* If indefinite length constructed update max length */
-		if (cst)
-			{
-			if (depth >= ASN1_MAX_STRING_NEST)
-				{
-				ASN1err(ASN1_F_ASN1_COLLECT,
-					ASN1_R_NESTED_ASN1_STRING);
-				return 0;
-				}
-			if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
-						depth + 1))
-				return 0;
-			}
-		else if (plen && !collect_data(buf, &p, plen))
-			return 0;
-		len -= p - q;
-		}
-	if (inf)
-		{
-		ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
-		return 0;
-		}
-	*in = p;
-	return 1;
-	}
-
-static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
-	{
-	int len;
-	if (buf)
-		{
-		len = buf->length;
-		if (!BUF_MEM_grow_clean(buf, len + plen))
-			{
-			ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		memcpy(buf->data + len, *p, plen);
-		}
-	*p += plen;
-	return 1;
-	}
-
-/* Check for ASN1 EOC and swallow it if found */
-
-static int asn1_check_eoc(const unsigned char **in, long len)
-	{
-	const unsigned char *p;
-	if (len < 2) return 0;
-	p = *in;
-	if (!p[0] && !p[1])
-		{
-		*in += 2;
-		return 1;
-		}
-	return 0;
-	}
-
-/* Check an ASN1 tag and length: a bit like ASN1_get_object
- * but it sets the length for indefinite length constructed
- * form, we don't know the exact length but we can set an
- * upper bound to the amount of data available minus the
- * header length just read.
- */
-
-static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
-				char *inf, char *cst,
-				const unsigned char **in, long len,
-				int exptag, int expclass, char opt,
-				ASN1_TLC *ctx)
-	{
-	int i;
-	int ptag, pclass;
-	long plen;
-	const unsigned char *p, *q;
-	p = *in;
-	q = p;
-
-	if (ctx && ctx->valid)
-		{
-		i = ctx->ret;
-		plen = ctx->plen;
-		pclass = ctx->pclass;
-		ptag = ctx->ptag;
-		p += ctx->hdrlen;
-		}
-	else
-		{
-		i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
-		if (ctx)
-			{
-			ctx->ret = i;
-			ctx->plen = plen;
-			ctx->pclass = pclass;
-			ctx->ptag = ptag;
-			ctx->hdrlen = p - q;
-			ctx->valid = 1;
-			/* If definite length, and no error, length +
-			 * header can't exceed total amount of data available. 
-			 */
-			if (!(i & 0x81) && ((plen + ctx->hdrlen) > len))
-				{
-				ASN1err(ASN1_F_ASN1_CHECK_TLEN,
-							ASN1_R_TOO_LONG);
-				asn1_tlc_clear(ctx);
-				return 0;
-				}
-			}
-		}
-
-	if (i & 0x80)
-		{
-		ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
-		asn1_tlc_clear(ctx);
-		return 0;
-		}
-	if (exptag >= 0)
-		{
-		if ((exptag != ptag) || (expclass != pclass))
-			{
-			/* If type is OPTIONAL, not an error:
-			 * indicate missing type.
-			 */
-			if (opt) return -1;
-			asn1_tlc_clear(ctx);
-			ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
-			return 0;
-			}
-		/* We have a tag and class match:
-		 * assume we are going to do something with it */
-		asn1_tlc_clear(ctx);
-		}
-
-	if (i & 1)
-		plen = len - (p - q);
-
-	if (inf)
-		*inf = i & 1;
-
-	if (cst)
-		*cst = i & V_ASN1_CONSTRUCTED;
-
-	if (olen)
-		*olen = plen;
-
-	if (oclass)
-		*oclass = pclass;
-
-	if (otag)
-		*otag = ptag;
-
-	*in = p;
-	return 1;
-	}
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
deleted file mode 100644
index 1390e5e6ae..0000000000
--- a/crypto/asn1/tasn_enc.c
+++ /dev/null
@@ -1,696 +0,0 @@
-/* tasn_enc.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
-					const ASN1_ITEM *it,
-					int tag, int aclass);
-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
-					int skcontlen, const ASN1_ITEM *item,
-					int do_sort, int iclass);
-static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-					const ASN1_TEMPLATE *tt,
-					int tag, int aclass);
-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
-					const ASN1_ITEM *it, int flags);
-
-/* Top level i2d equivalents: the 'ndef' variant instructs the encoder
- * to use indefinite length constructed encoding, where appropriate
- */
-
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
-						const ASN1_ITEM *it)
-	{
-	return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
-	}
-
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
-	{
-	return asn1_item_flags_i2d(val, out, it, 0);
-	}
-
-/* Encode an ASN1 item, this is use by the
- * standard 'i2d' function. 'out' points to 
- * a buffer to output the data to.
- *
- * The new i2d has one additional feature. If the output
- * buffer is NULL (i.e. *out == NULL) then a buffer is
- * allocated and populated with the encoding.
- */
-
-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
-					const ASN1_ITEM *it, int flags)
-	{
-	if (out && !*out)
-		{
-		unsigned char *p, *buf;
-		int len;
-		len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
-		if (len <= 0)
-			return len;
-		buf = OPENSSL_malloc(len);
-		if (!buf)
-			return -1;
-		p = buf;
-		ASN1_item_ex_i2d(&val, &p, it, -1, flags);
-		*out = buf;
-		return len;
-		}
-
-	return ASN1_item_ex_i2d(&val, out, it, -1, flags);
-	}
-
-/* Encode an item, taking care of IMPLICIT tagging (if any).
- * This function performs the normal item handling: it can be
- * used in external types.
- */
-
-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-			const ASN1_ITEM *it, int tag, int aclass)
-	{
-	const ASN1_TEMPLATE *tt = NULL;
-	unsigned char *p = NULL;
-	int i, seqcontlen, seqlen, ndef = 1;
-	const ASN1_COMPAT_FUNCS *cf;
-	const ASN1_EXTERN_FUNCS *ef;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_aux_cb *asn1_cb = 0;
-
-	if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
-		return 0;
-
-	if (aux && aux->asn1_cb)
-		 asn1_cb = aux->asn1_cb;
-
-	switch(it->itype)
-		{
-
-		case ASN1_ITYPE_PRIMITIVE:
-		if (it->templates)
-			return asn1_template_ex_i2d(pval, out, it->templates,
-								tag, aclass);
-		return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
-		break;
-
-		case ASN1_ITYPE_MSTRING:
-		return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
-
-		case ASN1_ITYPE_CHOICE:
-		if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
-				return 0;
-		i = asn1_get_choice_selector(pval, it);
-		if ((i >= 0) && (i < it->tcount))
-			{
-			ASN1_VALUE **pchval;
-			const ASN1_TEMPLATE *chtt;
-			chtt = it->templates + i;
-			pchval = asn1_get_field_ptr(pval, chtt);
-			return asn1_template_ex_i2d(pchval, out, chtt,
-								-1, aclass);
-			}
-		/* Fixme: error condition if selector out of range */
-		if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
-				return 0;
-		break;
-
-		case ASN1_ITYPE_EXTERN:
-		/* If new style i2d it does all the work */
-		ef = it->funcs;
-		return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
-
-		case ASN1_ITYPE_COMPAT:
-		/* old style hackery... */
-		cf = it->funcs;
-		if (out)
-			p = *out;
-		i = cf->asn1_i2d(*pval, out);
-		/* Fixup for IMPLICIT tag: note this messes up for tags > 30,
-		 * but so did the old code. Tags > 30 are very rare anyway.
-		 */
-		if (out && (tag != -1))
-			*p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
-		return i;
-		
-		case ASN1_ITYPE_NDEF_SEQUENCE:
-		/* Use indefinite length constructed if requested */
-		if (aclass & ASN1_TFLG_NDEF) ndef = 2;
-		/* fall through */
-
-		case ASN1_ITYPE_SEQUENCE:
-		i = asn1_enc_restore(&seqcontlen, out, pval, it);
-		/* An error occurred */
-		if (i < 0)
-			return 0;
-		/* We have a valid cached encoding... */
-		if (i > 0)
-			return seqcontlen;
-		/* Otherwise carry on */
-		seqcontlen = 0;
-		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
-		if (tag == -1)
-			{
-			tag = V_ASN1_SEQUENCE;
-			/* Retain any other flags in aclass */
-			aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
-					| V_ASN1_UNIVERSAL;
-			}
-		if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
-				return 0;
-		/* First work out sequence content length */
-		for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
-			{
-			const ASN1_TEMPLATE *seqtt;
-			ASN1_VALUE **pseqval;
-			seqtt = asn1_do_adb(pval, tt, 1);
-			if (!seqtt)
-				return 0;
-			pseqval = asn1_get_field_ptr(pval, seqtt);
-			/* FIXME: check for errors in enhanced version */
-			seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
-								-1, aclass);
-			}
-
-		seqlen = ASN1_object_size(ndef, seqcontlen, tag);
-		if (!out)
-			return seqlen;
-		/* Output SEQUENCE header */
-		ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
-		for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
-			{
-			const ASN1_TEMPLATE *seqtt;
-			ASN1_VALUE **pseqval;
-			seqtt = asn1_do_adb(pval, tt, 1);
-			if (!seqtt)
-				return 0;
-			pseqval = asn1_get_field_ptr(pval, seqtt);
-			/* FIXME: check for errors in enhanced version */
-			asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
-			}
-		if (ndef == 2)
-			ASN1_put_eoc(out);
-		if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
-				return 0;
-		return seqlen;
-
-		default:
-		return 0;
-
-		}
-	return 0;
-	}
-
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
-							const ASN1_TEMPLATE *tt)
-	{
-	return asn1_template_ex_i2d(pval, out, tt, -1, 0);
-	}
-
-static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-				const ASN1_TEMPLATE *tt, int tag, int iclass)
-	{
-	int i, ret, flags, ttag, tclass, ndef;
-	flags = tt->flags;
-	/* Work out tag and class to use: tagging may come
-	 * either from the template or the arguments, not both
-	 * because this would create ambiguity. Additionally
-	 * the iclass argument may contain some additional flags
-	 * which should be noted and passed down to other levels.
-	 */
-	if (flags & ASN1_TFLG_TAG_MASK)
-		{
-		/* Error if argument and template tagging */
-		if (tag != -1)
-			/* FIXME: error code here */
-			return -1;
-		/* Get tagging from template */
-		ttag = tt->tag;
-		tclass = flags & ASN1_TFLG_TAG_CLASS;
-		}
-	else if (tag != -1)
-		{
-		/* No template tagging, get from arguments */
-		ttag = tag;
-		tclass = iclass & ASN1_TFLG_TAG_CLASS;
-		}
-	else
-		{
-		ttag = -1;
-		tclass = 0;
-		}
-	/* 
-	 * Remove any class mask from iflag.
-	 */
-	iclass &= ~ASN1_TFLG_TAG_CLASS;
-
-	/* At this point 'ttag' contains the outer tag to use,
-	 * 'tclass' is the class and iclass is any flags passed
-	 * to this function.
-	 */
-
-	/* if template and arguments require ndef, use it */
-	if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
-		ndef = 2;
-	else ndef = 1;
-
-	if (flags & ASN1_TFLG_SK_MASK)
-		{
-		/* SET OF, SEQUENCE OF */
-		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
-		int isset, sktag, skaclass;
-		int skcontlen, sklen;
-		ASN1_VALUE *skitem;
-
-		if (!*pval)
-			return 0;
-
-		if (flags & ASN1_TFLG_SET_OF)
-			{
-			isset = 1;
-			/* 2 means we reorder */
-			if (flags & ASN1_TFLG_SEQUENCE_OF)
-				isset = 2;
-			}
-		else isset = 0;
-
-		/* Work out inner tag value: if EXPLICIT
-		 * or no tagging use underlying type.
-		 */
-		if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG))
-			{
-			sktag = ttag;
-			skaclass = tclass;
-			}
-		else
-			{
-			skaclass = V_ASN1_UNIVERSAL;
-			if (isset)
-				sktag = V_ASN1_SET;
-			else sktag = V_ASN1_SEQUENCE;
-			}
-
-		/* Determine total length of items */
-		skcontlen = 0;
-		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
-			{
-			skitem = sk_ASN1_VALUE_value(sk, i);
-			skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
-						ASN1_ITEM_ptr(tt->item),
-							-1, iclass);
-			}
-		sklen = ASN1_object_size(ndef, skcontlen, sktag);
-		/* If EXPLICIT need length of surrounding tag */
-		if (flags & ASN1_TFLG_EXPTAG)
-			ret = ASN1_object_size(ndef, sklen, ttag);
-		else ret = sklen;
-
-		if (!out)
-			return ret;
-
-		/* Now encode this lot... */
-		/* EXPLICIT tag */
-		if (flags & ASN1_TFLG_EXPTAG)
-			ASN1_put_object(out, ndef, sklen, ttag, tclass);
-		/* SET or SEQUENCE and IMPLICIT tag */
-		ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
-		/* And the stuff itself */
-		asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
-								isset, iclass);
-		if (ndef == 2)
-			{
-			ASN1_put_eoc(out);
-			if (flags & ASN1_TFLG_EXPTAG)
-				ASN1_put_eoc(out);
-			}
-
-		return ret;
-		}
-
-	if (flags & ASN1_TFLG_EXPTAG)
-		{
-		/* EXPLICIT tagging */
-		/* Find length of tagged item */
-		i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item),
-								-1, iclass);
-		if (!i)
-			return 0;
-		/* Find length of EXPLICIT tag */
-		ret = ASN1_object_size(ndef, i, ttag);
-		if (out)
-			{
-			/* Output tag and item */
-			ASN1_put_object(out, ndef, i, ttag, tclass);
-			ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
-								-1, iclass);
-			if (ndef == 2)
-				ASN1_put_eoc(out);
-			}
-		return ret;
-		}
-
-	/* Either normal or IMPLICIT tagging: combine class and flags */
-	return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
-						ttag, tclass | iclass);
-
-}
-
-/* Temporary structure used to hold DER encoding of items for SET OF */
-
-typedef	struct {
-	unsigned char *data;
-	int length;
-	ASN1_VALUE *field;
-} DER_ENC;
-
-static int der_cmp(const void *a, const void *b)
-	{
-	const DER_ENC *d1 = a, *d2 = b;
-	int cmplen, i;
-	cmplen = (d1->length < d2->length) ? d1->length : d2->length;
-	i = memcmp(d1->data, d2->data, cmplen);
-	if (i)
-		return i;
-	return d1->length - d2->length;
-	}
-
-/* Output the content octets of SET OF or SEQUENCE OF */
-
-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
-					int skcontlen, const ASN1_ITEM *item,
-					int do_sort, int iclass)
-	{
-	int i;
-	ASN1_VALUE *skitem;
-	unsigned char *tmpdat = NULL, *p = NULL;
-	DER_ENC *derlst = NULL, *tder;
-	if (do_sort)
-		 {
-		/* Don't need to sort less than 2 items */
-		if (sk_ASN1_VALUE_num(sk) < 2)
-			do_sort = 0;
-		else
-			{
-			derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
-						* sizeof(*derlst));
-			if (!derlst)
-				return 0;
-			tmpdat = OPENSSL_malloc(skcontlen);
-			if (!tmpdat)
-				{
-				OPENSSL_free(derlst);
-				return 0;
-				}
-			}
-		}
-	/* If not sorting just output each item */
-	if (!do_sort)
-		{
-		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
-			{
-			skitem = sk_ASN1_VALUE_value(sk, i);
-			ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
-			}
-		return 1;
-		}
-	p = tmpdat;
-
-	/* Doing sort: build up a list of each member's DER encoding */
-	for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
-		{
-		skitem = sk_ASN1_VALUE_value(sk, i);
-		tder->data = p;
-		tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
-		tder->field = skitem;
-		}
-
-	/* Now sort them */
-	qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
-	/* Output sorted DER encoding */	
-	p = *out;
-	for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
-		{
-		memcpy(p, tder->data, tder->length);
-		p += tder->length;
-		}
-	*out = p;
-	/* If do_sort is 2 then reorder the STACK */
-	if (do_sort == 2)
-		{
-		for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk);
-							i++, tder++)
-			(void)sk_ASN1_VALUE_set(sk, i, tder->field);
-		}
-	OPENSSL_free(derlst);
-	OPENSSL_free(tmpdat);
-	return 1;
-	}
-
-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
-				const ASN1_ITEM *it, int tag, int aclass)
-	{
-	int len;
-	int utype;
-	int usetag;
-	int ndef = 0;
-
-	utype = it->utype;
-
-	/* Get length of content octets and maybe find
-	 * out the underlying type.
-	 */
-
-	len = asn1_ex_i2c(pval, NULL, &utype, it);
-
-	/* If SEQUENCE, SET or OTHER then header is
-	 * included in pseudo content octets so don't
-	 * include tag+length. We need to check here
-	 * because the call to asn1_ex_i2c() could change
-	 * utype.
-	 */
-	if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
-	   (utype == V_ASN1_OTHER))
-		usetag = 0;
-	else usetag = 1;
-
-	/* -1 means omit type */
-
-	if (len == -1)
-		return 0;
-
-	/* -2 return is special meaning use ndef */
-	if (len == -2)
-		{
-		ndef = 2;
-		len = 0;
-		}
-
-	/* If not implicitly tagged get tag from underlying type */
-	if (tag == -1) tag = utype;
-
-	/* Output tag+length followed by content octets */
-	if (out)
-		{
-		if (usetag)
-			ASN1_put_object(out, ndef, len, tag, aclass);
-		asn1_ex_i2c(pval, *out, &utype, it);
-		if (ndef)
-			ASN1_put_eoc(out);
-		else
-			*out += len;
-		}
-
-	if (usetag)
-		return ASN1_object_size(ndef, len, tag);
-	return len;
-	}
-
-/* Produce content octets from a structure */
-
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
-				const ASN1_ITEM *it)
-	{
-	ASN1_BOOLEAN *tbool = NULL;
-	ASN1_STRING *strtmp;
-	ASN1_OBJECT *otmp;
-	int utype;
-	const unsigned char *cont;
-	unsigned char c;
-	int len;
-	const ASN1_PRIMITIVE_FUNCS *pf;
-	pf = it->funcs;
-	if (pf && pf->prim_i2c)
-		return pf->prim_i2c(pval, cout, putype, it);
-
-	/* Should type be omitted? */
-	if ((it->itype != ASN1_ITYPE_PRIMITIVE)
-		|| (it->utype != V_ASN1_BOOLEAN))
-		{
-		if (!*pval) return -1;
-		}
-
-	if (it->itype == ASN1_ITYPE_MSTRING)
-		{
-		/* If MSTRING type set the underlying type */
-		strtmp = (ASN1_STRING *)*pval;
-		utype = strtmp->type;
-		*putype = utype;
-		}
-	else if (it->utype == V_ASN1_ANY)
-		{
-		/* If ANY set type and pointer to value */
-		ASN1_TYPE *typ;
-		typ = (ASN1_TYPE *)*pval;
-		utype = typ->type;
-		*putype = utype;
-		pval = &typ->value.asn1_value;
-		}
-	else utype = *putype;
-
-	switch(utype)
-		{
-		case V_ASN1_OBJECT:
-		otmp = (ASN1_OBJECT *)*pval;
-		cont = otmp->data;
-		len = otmp->length;
-		break;
-
-		case V_ASN1_NULL:
-		cont = NULL;
-		len = 0;
-		break;
-
-		case V_ASN1_BOOLEAN:
-		tbool = (ASN1_BOOLEAN *)pval;
-		if (*tbool == -1)
-			return -1;
-		if (it->utype != V_ASN1_ANY)
-			{
-			/* Default handling if value == size field then omit */
-			if (*tbool && (it->size > 0))
-				return -1;
-			if (!*tbool && !it->size)
-				return -1;
-			}
-		c = (unsigned char)*tbool;
-		cont = &c;
-		len = 1;
-		break;
-
-		case V_ASN1_BIT_STRING:
-		return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
-							cout ? &cout : NULL);
-		break;
-
-		case V_ASN1_INTEGER:
-		case V_ASN1_NEG_INTEGER:
-		case V_ASN1_ENUMERATED:
-		case V_ASN1_NEG_ENUMERATED:
-		/* These are all have the same content format
-		 * as ASN1_INTEGER
-		 */
-		return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval,
-							cout ? &cout : NULL);
-		break;
-
-		case V_ASN1_OCTET_STRING:
-		case V_ASN1_NUMERICSTRING:
-		case V_ASN1_PRINTABLESTRING:
-		case V_ASN1_T61STRING:
-		case V_ASN1_VIDEOTEXSTRING:
-		case V_ASN1_IA5STRING:
-		case V_ASN1_UTCTIME:
-		case V_ASN1_GENERALIZEDTIME:
-		case V_ASN1_GRAPHICSTRING:
-		case V_ASN1_VISIBLESTRING:
-		case V_ASN1_GENERALSTRING:
-		case V_ASN1_UNIVERSALSTRING:
-		case V_ASN1_BMPSTRING:
-		case V_ASN1_UTF8STRING:
-		case V_ASN1_SEQUENCE:
-		case V_ASN1_SET:
-		default:
-		/* All based on ASN1_STRING and handled the same */
-		strtmp = (ASN1_STRING *)*pval;
-		/* Special handling for NDEF */
-		if ((it->size == ASN1_TFLG_NDEF)
-			&& (strtmp->flags & ASN1_STRING_FLAG_NDEF))
-			{
-			if (cout)
-				{
-				strtmp->data = cout;
-				strtmp->length = 0;
-				}
-			/* Special return code */
-			return -2;
-			}
-		cont = strtmp->data;
-		len = strtmp->length;
-
-		break;
-
-		}
-	if (cout && len)
-		memcpy(cout, cont, len);
-	return len;
-	}
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
deleted file mode 100644
index 77d3092d31..0000000000
--- a/crypto/asn1/tasn_fre.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/* tasn_fre.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
-
-/* Free up an ASN1 structure */
-
-void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
-	{
-	asn1_item_combine_free(&val, it, 0);
-	}
-
-void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	asn1_item_combine_free(pval, it, 0);
-	}
-
-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
-	{
-	const ASN1_TEMPLATE *tt = NULL, *seqtt;
-	const ASN1_EXTERN_FUNCS *ef;
-	const ASN1_COMPAT_FUNCS *cf;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_aux_cb *asn1_cb;
-	int i;
-	if (!pval)
-		return;
-	if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
-		return;
-	if (aux && aux->asn1_cb)
-		asn1_cb = aux->asn1_cb;
-	else
-		asn1_cb = 0;
-
-	switch(it->itype)
-		{
-
-		case ASN1_ITYPE_PRIMITIVE:
-		if (it->templates)
-			ASN1_template_free(pval, it->templates);
-		else
-			ASN1_primitive_free(pval, it);
-		break;
-
-		case ASN1_ITYPE_MSTRING:
-		ASN1_primitive_free(pval, it);
-		break;
-
-		case ASN1_ITYPE_CHOICE:
-		if (asn1_cb)
-			{
-			i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
-			if (i == 2)
-				return;
-			}
-		i = asn1_get_choice_selector(pval, it);
-		if ((i >= 0) && (i < it->tcount))
-			{
-			ASN1_VALUE **pchval;
-			tt = it->templates + i;
-			pchval = asn1_get_field_ptr(pval, tt);
-			ASN1_template_free(pchval, tt);
-			}
-		if (asn1_cb)
-			asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
-		if (!combine)
-			{
-			OPENSSL_free(*pval);
-			*pval = NULL;
-			}
-		break;
-
-		case ASN1_ITYPE_COMPAT:
-		cf = it->funcs;
-		if (cf && cf->asn1_free)
-			cf->asn1_free(*pval);
-		break;
-
-		case ASN1_ITYPE_EXTERN:
-		ef = it->funcs;
-		if (ef && ef->asn1_ex_free)
-			ef->asn1_ex_free(pval, it);
-		break;
-
-		case ASN1_ITYPE_NDEF_SEQUENCE:
-		case ASN1_ITYPE_SEQUENCE:
-		if (asn1_do_lock(pval, -1, it) > 0)
-			return;
-		if (asn1_cb)
-			{
-			i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
-			if (i == 2)
-				return;
-			}		
-		asn1_enc_free(pval, it);
-		/* If we free up as normal we will invalidate any
-		 * ANY DEFINED BY field and we wont be able to 
-		 * determine the type of the field it defines. So
-		 * free up in reverse order.
-		 */
-		tt = it->templates + it->tcount - 1;
-		for (i = 0; i < it->tcount; tt--, i++)
-			{
-			ASN1_VALUE **pseqval;
-			seqtt = asn1_do_adb(pval, tt, 0);
-			if (!seqtt)
-				continue;
-			pseqval = asn1_get_field_ptr(pval, seqtt);
-			ASN1_template_free(pseqval, seqtt);
-			}
-		if (asn1_cb)
-			asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
-		if (!combine)
-			{
-			OPENSSL_free(*pval);
-			*pval = NULL;
-			}
-		break;
-		}
-	}
-
-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-	{
-	int i;
-	if (tt->flags & ASN1_TFLG_SK_MASK)
-		{
-		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
-		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
-			{
-			ASN1_VALUE *vtmp;
-			vtmp = sk_ASN1_VALUE_value(sk, i);
-			asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item),
-									0);
-			}
-		sk_ASN1_VALUE_free(sk);
-		*pval = NULL;
-		}
-	else
-		asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
-						tt->flags & ASN1_TFLG_COMBINE);
-	}
-
-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	int utype;
-	if (it)
-		{
-		const ASN1_PRIMITIVE_FUNCS *pf;
-		pf = it->funcs;
-		if (pf && pf->prim_free)
-			{
-			pf->prim_free(pval, it);
-			return;
-			}
-		}
-	/* Special case: if 'it' is NULL free contents of ASN1_TYPE */
-	if (!it)
-		{
-		ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
-		utype = typ->type;
-		pval = &typ->value.asn1_value;
-		if (!*pval)
-			return;
-		}
-	else if (it->itype == ASN1_ITYPE_MSTRING)
-		{
-		utype = -1;
-		if (!*pval)
-			return;
-		}
-	else
-		{
-		utype = it->utype;
-		if ((utype != V_ASN1_BOOLEAN) && !*pval)
-			return;
-		}
-
-	switch(utype)
-		{
-		case V_ASN1_OBJECT:
-		ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
-		break;
-
-		case V_ASN1_BOOLEAN:
-		if (it)
-			*(ASN1_BOOLEAN *)pval = it->size;
-		else
-			*(ASN1_BOOLEAN *)pval = -1;
-		return;
-
-		case V_ASN1_NULL:
-		break;
-
-		case V_ASN1_ANY:
-		ASN1_primitive_free(pval, NULL);
-		OPENSSL_free(*pval);
-		break;
-
-		default:
-		ASN1_STRING_free((ASN1_STRING *)*pval);
-		*pval = NULL;
-		break;
-		}
-	*pval = NULL;
-	}
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
deleted file mode 100644
index 0d9e78cc7c..0000000000
--- a/crypto/asn1/tasn_new.c
+++ /dev/null
@@ -1,396 +0,0 @@
-/* tasn_new.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/err.h>
-#include <openssl/asn1t.h>
-#include <string.h>
-
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
-								int combine);
-static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
-static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
-	{
-	ASN1_VALUE *ret = NULL;
-	if (ASN1_item_ex_new(&ret, it) > 0)
-		return ret;
-	return NULL;
-	}
-
-/* Allocate an ASN1 structure */
-
-int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	return asn1_item_ex_combine_new(pval, it, 0);
-	}
-
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
-								int combine)
-	{
-	const ASN1_TEMPLATE *tt = NULL;
-	const ASN1_COMPAT_FUNCS *cf;
-	const ASN1_EXTERN_FUNCS *ef;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_aux_cb *asn1_cb;
-	ASN1_VALUE **pseqval;
-	int i;
-	if (aux && aux->asn1_cb)
-		asn1_cb = aux->asn1_cb;
-	else
-		asn1_cb = 0;
-
-	if (!combine) *pval = NULL;
-
-#ifdef CRYPTO_MDEBUG
-	if (it->sname)
-		CRYPTO_push_info(it->sname);
-#endif
-
-	switch(it->itype)
-		{
-
-		case ASN1_ITYPE_EXTERN:
-		ef = it->funcs;
-		if (ef && ef->asn1_ex_new)
-			{
-			if (!ef->asn1_ex_new(pval, it))
-				goto memerr;
-			}
-		break;
-
-		case ASN1_ITYPE_COMPAT:
-		cf = it->funcs;
-		if (cf && cf->asn1_new) {
-			*pval = cf->asn1_new();
-			if (!*pval)
-				goto memerr;
-		}
-		break;
-
-		case ASN1_ITYPE_PRIMITIVE:
-		if (it->templates)
-			{
-			if (!ASN1_template_new(pval, it->templates))
-				goto memerr;
-			}
-		else if (!ASN1_primitive_new(pval, it))
-				goto memerr;
-		break;
-
-		case ASN1_ITYPE_MSTRING:
-		if (!ASN1_primitive_new(pval, it))
-				goto memerr;
-		break;
-
-		case ASN1_ITYPE_CHOICE:
-		if (asn1_cb)
-			{
-			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
-			if (!i)
-				goto auxerr;
-			if (i==2)
-				{
-#ifdef CRYPTO_MDEBUG
-				if (it->sname)
-					CRYPTO_pop_info();
-#endif
-				return 1;
-				}
-			}
-		if (!combine)
-			{
-			*pval = OPENSSL_malloc(it->size);
-			if (!*pval)
-				goto memerr;
-			memset(*pval, 0, it->size);
-			}
-		asn1_set_choice_selector(pval, -1, it);
-		if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
-				goto auxerr;
-		break;
-
-		case ASN1_ITYPE_NDEF_SEQUENCE:
-		case ASN1_ITYPE_SEQUENCE:
-		if (asn1_cb)
-			{
-			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
-			if (!i)
-				goto auxerr;
-			if (i==2)
-				{
-#ifdef CRYPTO_MDEBUG
-				if (it->sname)
-					CRYPTO_pop_info();
-#endif
-				return 1;
-				}
-			}
-		if (!combine)
-			{
-			*pval = OPENSSL_malloc(it->size);
-			if (!*pval)
-				goto memerr;
-			memset(*pval, 0, it->size);
-			asn1_do_lock(pval, 0, it);
-			asn1_enc_init(pval, it);
-			}
-		for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
-			{
-			pseqval = asn1_get_field_ptr(pval, tt);
-			if (!ASN1_template_new(pseqval, tt))
-				goto memerr;
-			}
-		if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
-				goto auxerr;
-		break;
-	}
-#ifdef CRYPTO_MDEBUG
-	if (it->sname) CRYPTO_pop_info();
-#endif
-	return 1;
-
-	memerr:
-	ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
-#ifdef CRYPTO_MDEBUG
-	if (it->sname) CRYPTO_pop_info();
-#endif
-	return 0;
-
-	auxerr:
-	ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
-	ASN1_item_ex_free(pval, it);
-#ifdef CRYPTO_MDEBUG
-	if (it->sname) CRYPTO_pop_info();
-#endif
-	return 0;
-
-	}
-
-static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	const ASN1_EXTERN_FUNCS *ef;
-
-	switch(it->itype)
-		{
-
-		case ASN1_ITYPE_EXTERN:
-		ef = it->funcs;
-		if (ef && ef->asn1_ex_clear) 
-			ef->asn1_ex_clear(pval, it);
-		else *pval = NULL;
-		break;
-
-
-		case ASN1_ITYPE_PRIMITIVE:
-		if (it->templates) 
-			asn1_template_clear(pval, it->templates);
-		else
-			asn1_primitive_clear(pval, it);
-		break;
-
-		case ASN1_ITYPE_MSTRING:
-		asn1_primitive_clear(pval, it);
-		break;
-
-		case ASN1_ITYPE_COMPAT:
-		case ASN1_ITYPE_CHOICE:
-		case ASN1_ITYPE_SEQUENCE:
-		case ASN1_ITYPE_NDEF_SEQUENCE:
-		*pval = NULL;
-		break;
-		}
-	}
-
-
-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-	{
-	const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
-	int ret;
-	if (tt->flags & ASN1_TFLG_OPTIONAL)
-		{
-		asn1_template_clear(pval, tt);
-		return 1;
-		}
-	/* If ANY DEFINED BY nothing to do */
-
-	if (tt->flags & ASN1_TFLG_ADB_MASK)
-		{
-		*pval = NULL;
-		return 1;
-		}
-#ifdef CRYPTO_MDEBUG
-	if (tt->field_name)
-		CRYPTO_push_info(tt->field_name);
-#endif
-	/* If SET OF or SEQUENCE OF, its a STACK */
-	if (tt->flags & ASN1_TFLG_SK_MASK)
-		{
-		STACK_OF(ASN1_VALUE) *skval;
-		skval = sk_ASN1_VALUE_new_null();
-		if (!skval)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
-			ret = 0;
-			goto done;
-			}
-		*pval = (ASN1_VALUE *)skval;
-		ret = 1;
-		goto done;
-		}
-	/* Otherwise pass it back to the item routine */
-	ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
-	done:
-#ifdef CRYPTO_MDEBUG
-	if (it->sname)
-		CRYPTO_pop_info();
-#endif
-	return ret;
-	}
-
-static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-	{
-	/* If ADB or STACK just NULL the field */
-	if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) 
-		*pval = NULL;
-	else
-		asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
-	}
-
-
-/* NB: could probably combine most of the real XXX_new() behaviour and junk
- * all the old functions.
- */
-
-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	ASN1_TYPE *typ;
-	ASN1_STRING *str;
-	int utype;
-
-	if (it && it->funcs)
-		{
-		const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
-		if (pf->prim_new)
-			return pf->prim_new(pval, it);
-		}
-
-	if (!it || (it->itype == ASN1_ITYPE_MSTRING))
-		utype = -1;
-	else
-		utype = it->utype;
-	switch(utype)
-		{
-		case V_ASN1_OBJECT:
-		*pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
-		return 1;
-
-		case V_ASN1_BOOLEAN:
-		*(ASN1_BOOLEAN *)pval = it->size;
-		return 1;
-
-		case V_ASN1_NULL:
-		*pval = (ASN1_VALUE *)1;
-		return 1;
-
-		case V_ASN1_ANY:
-		typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
-		if (!typ)
-			return 0;
-		typ->value.ptr = NULL;
-		typ->type = -1;
-		*pval = (ASN1_VALUE *)typ;
-		break;
-
-		default:
-		str = ASN1_STRING_type_new(utype);
-		if (it->itype == ASN1_ITYPE_MSTRING && str)
-			str->flags |= ASN1_STRING_FLAG_MSTRING;
-		*pval = (ASN1_VALUE *)str;
-		break;
-		}
-	if (*pval)
-		return 1;
-	return 0;
-	}
-
-static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	int utype;
-	if (it && it->funcs)
-		{
-		const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
-		if (pf->prim_clear)
-			pf->prim_clear(pval, it);
-		else 
-			*pval = NULL;
-		return;
-		}
-	if (!it || (it->itype == ASN1_ITYPE_MSTRING))
-		utype = -1;
-	else
-		utype = it->utype;
-	if (utype == V_ASN1_BOOLEAN)
-		*(ASN1_BOOLEAN *)pval = it->size;
-	else *pval = NULL;
-	}
diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c
deleted file mode 100644
index 542a091a66..0000000000
--- a/crypto/asn1/tasn_prn.c
+++ /dev/null
@@ -1,627 +0,0 @@
-/* tasn_prn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000,2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-#include "asn1_locl.h"
-
-/* Print routines.
- */
-
-/* ASN1_PCTX routines */
-
-ASN1_PCTX default_pctx = 
-	{
-	ASN1_PCTX_FLAGS_SHOW_ABSENT,	/* flags */
-	0,	/* nm_flags */
-	0,	/* cert_flags */
-	0,	/* oid_flags */
-	0	/* str_flags */
-	};
-	
-
-ASN1_PCTX *ASN1_PCTX_new(void)
-	{
-	ASN1_PCTX *ret;
-	ret = OPENSSL_malloc(sizeof(ASN1_PCTX));
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	ret->flags = 0;
-	ret->nm_flags = 0;
-	ret->cert_flags = 0;
-	ret->oid_flags = 0;
-	ret->str_flags = 0;
-	return ret;
-	}
-
-void ASN1_PCTX_free(ASN1_PCTX *p)
-	{
-	OPENSSL_free(p);
-	}
-
-unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p)
-	{
-	return p->flags;
-	}
-
-void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags)
-	{
-	p->flags = flags;
-	}
-
-unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p)
-	{
-	return p->nm_flags;
-	}
-
-void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags)
-	{
-	p->nm_flags = flags;
-	}
-
-unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p)
-	{
-	return p->cert_flags;
-	}
-
-void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags)
-	{
-	p->cert_flags = flags;
-	}
-
-unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p)
-	{
-	return p->oid_flags;
-	}
-
-void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags)
-	{
-	p->oid_flags = flags;
-	}
-
-unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p)
-	{
-	return p->str_flags;
-	}
-
-void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags)
-	{
-	p->str_flags = flags;
-	}
-
-/* Main print routines */
-
-static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
-				const ASN1_ITEM *it,
-				const char *fname, const char *sname,
-				int nohdr, const ASN1_PCTX *pctx);
-
-int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
-				const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx);
-
-static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
-				const ASN1_ITEM *it, int indent,
-				const char *fname, const char *sname,
-				const ASN1_PCTX *pctx);
-
-static int asn1_print_fsname(BIO *out, int indent,
-			const char *fname, const char *sname,
-			const ASN1_PCTX *pctx);
-
-int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
-				const ASN1_ITEM *it, const ASN1_PCTX *pctx)
-	{
-	const char *sname;
-	if (pctx == NULL)
-		pctx = &default_pctx;
-	if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
-		sname = NULL;
-	else
-		sname = it->sname;
-	return asn1_item_print_ctx(out, &ifld, indent, it,
-							NULL, sname, 0, pctx);
-	}
-
-static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
-				const ASN1_ITEM *it,
-				const char *fname, const char *sname,
-				int nohdr, const ASN1_PCTX *pctx)
-	{
-	const ASN1_TEMPLATE *tt;
-	const ASN1_EXTERN_FUNCS *ef;
-	ASN1_VALUE **tmpfld;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_aux_cb *asn1_cb;
-	ASN1_PRINT_ARG parg;
-	int i;
-	if (aux && aux->asn1_cb)
-		{
-		parg.out = out;
-		parg.indent = indent;
-		parg.pctx = pctx;
-		asn1_cb = aux->asn1_cb;
-		}
-	else asn1_cb = 0;
-
-	if(*fld == NULL)
-		{
-		if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT)
-			{
-			if (!nohdr && !asn1_print_fsname(out, indent,
-							fname, sname, pctx))
-				return 0;
-			if (BIO_puts(out, "<ABSENT>\n") <= 0)
-				return 0;
-			}
-		return 1;
-		}
-
-	switch(it->itype)
-		{
-		case ASN1_ITYPE_PRIMITIVE:
-		if(it->templates)
-			{
-			if (!asn1_template_print_ctx(out, fld, indent,
-							it->templates, pctx))
-				return 0;
-			}
-		/* fall thru */
-		case ASN1_ITYPE_MSTRING:
-		if (!asn1_primitive_print(out, fld, it,
-				indent, fname, sname,pctx))
-			return 0;
-		break;
-
-		case ASN1_ITYPE_EXTERN:
-		if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
-			return 0;
-		/* Use new style print routine if possible */
-		ef = it->funcs;
-		if (ef && ef->asn1_ex_print)
-			{
-			i = ef->asn1_ex_print(out, fld, indent, "", pctx);
-			if (!i)
-				return 0;
-			if ((i == 2) && (BIO_puts(out, "\n") <= 0))
-				return 0;
-			return 1;
-			}
-		else if (sname && 
-			BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0)
-			return 0;
-		break;
-
-		case ASN1_ITYPE_CHOICE:
-#if 0
-		if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
-			return 0;
-#endif
-		/* CHOICE type, get selector */
-		i = asn1_get_choice_selector(fld, it);
-		/* This should never happen... */
-		if((i < 0) || (i >= it->tcount))
-			{
-			if (BIO_printf(out,
-				"ERROR: selector [%d] invalid\n", i) <= 0)
-				return 0;
-			return 1;
-			}
-		tt = it->templates + i;
-		tmpfld = asn1_get_field_ptr(fld, tt);
-		if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx))
-			return 0;
-		break;
-
-		case ASN1_ITYPE_SEQUENCE:
-		case ASN1_ITYPE_NDEF_SEQUENCE:
-		if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
-			return 0;
-		if (fname || sname)
-			{
-			if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE)
-				{
-				if (BIO_puts(out, " {\n") <= 0)
-					return 0;
-				}
-			else
-				{
-				if (BIO_puts(out, "\n") <= 0)
-					return 0;
-				}
-			}
-
-		if (asn1_cb)
-			{
-			i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg);
-			if (i == 0)
-				return 0;
-			if (i == 2)
-				return 1;
-			}
-
-		/* Print each field entry */
-		for(i = 0, tt = it->templates; i < it->tcount; i++, tt++)
-			{
-			const ASN1_TEMPLATE *seqtt;
-			seqtt = asn1_do_adb(fld, tt, 1);
-			tmpfld = asn1_get_field_ptr(fld, seqtt);
-			if (!asn1_template_print_ctx(out, tmpfld,
-						indent + 2, seqtt, pctx))
-				return 0;
-			}
-		if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE)
-			{
-			if (BIO_printf(out, "%*s}\n", indent, "") < 0)
-				return 0;
-			}
-
-		if (asn1_cb)
-			{
-			i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg);
-			if (i == 0)
-				return 0;
-			}
-		break;
-
-		default:
-		BIO_printf(out, "Unprocessed type %d\n", it->itype);
-		return 0;
-		}
-
-	return 1;
-	}
-
-int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
-				const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
-	{
-	int i, flags;
-	const char *sname, *fname;
-	flags = tt->flags;
-	if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
-		sname = ASN1_ITEM_ptr(tt->item)->sname;
-	else
-		sname = NULL;
-	if(pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
-		fname = NULL;
-	else
-		fname = tt->field_name;
-	if(flags & ASN1_TFLG_SK_MASK)
-		{
-		char *tname;
-		ASN1_VALUE *skitem;
-		STACK_OF(ASN1_VALUE) *stack;
-
-		/* SET OF, SEQUENCE OF */
-		if (fname)
-			{
-			if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF)
-				{
-				if(flags & ASN1_TFLG_SET_OF)
-					tname = "SET";
-				else
-					tname = "SEQUENCE";
-				if (BIO_printf(out, "%*s%s OF %s {\n",
-					indent, "", tname, tt->field_name) <= 0)
-					return 0;
-				}
-			else if (BIO_printf(out, "%*s%s:\n", indent, "",
-					fname) <= 0)
-				return 0;
-			}
-		stack = (STACK_OF(ASN1_VALUE) *)*fld;
-		for(i = 0; i < sk_ASN1_VALUE_num(stack); i++)
-			{
-			if ((i > 0) && (BIO_puts(out, "\n") <= 0))
-				return 0;
-
-			skitem = sk_ASN1_VALUE_value(stack, i);
-			if (!asn1_item_print_ctx(out, &skitem, indent + 2,
-				ASN1_ITEM_ptr(tt->item), NULL, NULL, 1, pctx))
-				return 0;
-			}
-		if (!i && BIO_printf(out, "%*s<EMPTY>\n", indent + 2, "") <= 0)
-				return 0;
-		if(pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE)
-			{
-			if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
-				return 0;
-			}
-		return 1;
-		}
-	return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item),
-							fname, sname, 0, pctx);
-	}
-
-static int asn1_print_fsname(BIO *out, int indent,
-			const char *fname, const char *sname,
-			const ASN1_PCTX *pctx)
-	{
-	static char spaces[] = "                    ";
-	const int nspaces = sizeof(spaces) - 1;
-
-#if 0
-	if (!sname && !fname)
-		return 1;
-#endif
-
-	while (indent > nspaces)
-		{
-		if (BIO_write(out, spaces, nspaces) != nspaces)
-			return 0;
-		indent -= nspaces;
-		}
-	if (BIO_write(out, spaces, indent) != indent)
-		return 0;
-	if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
-		sname = NULL;
-	if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
-		fname = NULL;
-	if (!sname && !fname)
-		return 1;
-	if (fname)
-		{
-		if (BIO_puts(out, fname) <= 0)
-			return 0;
-		}
-	if (sname)
-		{
-		if (fname)
-			{
-			if (BIO_printf(out, " (%s)", sname) <= 0)
-				return 0;
-			}
-		else
-			{
-			if (BIO_puts(out, sname) <= 0)
-				return 0;
-			}
-		}
-	if (BIO_write(out, ": ", 2) != 2)
-		return 0;
-	return 1;
-	}
-
-static int asn1_print_boolean_ctx(BIO *out, int boolval,
-							const ASN1_PCTX *pctx)
-	{
-	const char *str;
-	switch (boolval)
-		{
-		case -1:
-		str = "BOOL ABSENT";
-		break;
-
-		case 0:
-		str = "FALSE";
-		break;
-
-		default:
-		str = "TRUE";
-		break;
-
-		}
-
-	if (BIO_puts(out, str) <= 0)
-		return 0;
-	return 1;
-
-	}
-
-static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str,
-						const ASN1_PCTX *pctx)
-	{
-	char *s;
-	int ret = 1;
-	s = i2s_ASN1_INTEGER(NULL, str);
-	if (BIO_puts(out, s) <= 0)
-		ret = 0;
-	OPENSSL_free(s);
-	return ret;
-	}
-
-static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid,
-						const ASN1_PCTX *pctx)
-	{
-	char objbuf[80];
-	const char *ln;
-	ln = OBJ_nid2ln(OBJ_obj2nid(oid));
-	if(!ln)
-		ln = "";
-	OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1);
-	if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
-		return 0;
-	return 1;
-	}
-
-static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent,
-						const ASN1_PCTX *pctx)
-	{
-	if (str->type == V_ASN1_BIT_STRING)
-		{
-		if (BIO_printf(out, " (%ld unused bits)\n",
-					str->flags & 0x7) <= 0)
-				return 0;
-		}
-	else if (BIO_puts(out, "\n") <= 0)
-		return 0;
-	if ((str->length > 0)
-		&& BIO_dump_indent(out, (char *)str->data, str->length,
-				indent + 2) <= 0)
-		return 0;
-	return 1;
-	}
-
-static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
-				const ASN1_ITEM *it, int indent,
-				const char *fname, const char *sname,
-				const ASN1_PCTX *pctx)
-	{
-	long utype;
-	ASN1_STRING *str;
-	int ret = 1, needlf = 1;
-	const char *pname;
-	const ASN1_PRIMITIVE_FUNCS *pf;
-	pf = it->funcs;
-	if (!asn1_print_fsname(out, indent, fname, sname, pctx))
-			return 0;
-	if (pf && pf->prim_print)
-		return pf->prim_print(out, fld, it, indent, pctx);
-	str = (ASN1_STRING *)*fld;
-	if (it->itype == ASN1_ITYPE_MSTRING)
-		utype = str->type & ~V_ASN1_NEG;
-	else
-		utype = it->utype;
-	if (utype == V_ASN1_ANY)
-		{
-		ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
-		utype = atype->type;
-		fld = &atype->value.asn1_value;
-		str = (ASN1_STRING *)*fld;
-		if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE)
-			pname = NULL;
-		else 
-			pname = ASN1_tag2str(utype);
-		}
-	else
-		{
-		if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE)
-			pname = ASN1_tag2str(utype);
-		else 
-			pname = NULL;
-		}
-
-	if (utype == V_ASN1_NULL)
-		{
-		if (BIO_puts(out, "NULL\n") <= 0)
-			return 0;
-		return 1;
-		}
-
-	if (pname)
-		{
-		if (BIO_puts(out, pname) <= 0)
-			return 0;
-		if (BIO_puts(out, ":") <= 0)
-			return 0;
-		}
-
-	switch (utype)
-		{
-		case V_ASN1_BOOLEAN:
-			{
-			int boolval = *(int *)fld;
-			if (boolval == -1)
-				boolval = it->size;
-			ret = asn1_print_boolean_ctx(out, boolval, pctx);
-			}
-		break;
-
-		case V_ASN1_INTEGER:
-		case V_ASN1_ENUMERATED:
-		ret = asn1_print_integer_ctx(out, str, pctx);
-		break;
-
-		case V_ASN1_UTCTIME:
-		ret = ASN1_UTCTIME_print(out, str);
-		break;
-
-		case V_ASN1_GENERALIZEDTIME:
-		ret = ASN1_GENERALIZEDTIME_print(out, str);
-		break;
-
-		case V_ASN1_OBJECT:
-		ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx);
-		break;
-
-		case V_ASN1_OCTET_STRING:
-		case V_ASN1_BIT_STRING:
-		ret = asn1_print_obstring_ctx(out, str, indent, pctx);
-		needlf = 0;
-		break;
-
-		case V_ASN1_SEQUENCE:
-		case V_ASN1_SET:
-		case V_ASN1_OTHER:
-		if (BIO_puts(out, "\n") <= 0)
-			return 0;
-		if (ASN1_parse_dump(out, str->data, str->length,
-						indent, 0) <= 0)
-			ret = 0;
-		needlf = 0;
-		break;
-
-		default:
-		ret = ASN1_STRING_print_ex(out, str, pctx->str_flags);
-
-		}
-	if (!ret)
-		return 0;
-	if (needlf && BIO_puts(out, "\n") <= 0)
-		return 0;
-	return 1;
-	}
diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.c
deleted file mode 100644
index 6fb1c372da..0000000000
--- a/crypto/asn1/tasn_typ.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/* tasn_typ.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-/* Declarations for string types */
-
-
-IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)
-
-IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)
-
-IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_NULL)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
-
-IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
-
-IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)
-
-IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
-
-IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_ANY)
-
-/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
-IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
-
-IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
-
-/* Multistring types */
-
-IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
-IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
-
-IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
-IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
-
-IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
-IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
-
-/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
-IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
-IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
-IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
-
-/* Special, OCTET STRING with indefinite length constructed support */
-
-IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
-
-ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY)
-ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY)
-
-ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY)
-ASN1_ITEM_TEMPLATE_END(ASN1_SET_ANY)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN1_SET_ANY)
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
deleted file mode 100644
index ca9ec7a32f..0000000000
--- a/crypto/asn1/tasn_utl.c
+++ /dev/null
@@ -1,279 +0,0 @@
-/* tasn_utl.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <string.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-#include <openssl/err.h>
-
-/* Utility functions for manipulating fields and offsets */
-
-/* Add 'offset' to 'addr' */
-#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
-
-/* Given an ASN1_ITEM CHOICE type return
- * the selector value
- */
-
-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	int *sel = offset2ptr(*pval, it->utype);
-	return *sel;
-	}
-
-/* Given an ASN1_ITEM CHOICE type set
- * the selector value, return old value.
- */
-
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
-	{	
-	int *sel, ret;
-	sel = offset2ptr(*pval, it->utype);
-	ret = *sel;
-	*sel = value;
-	return ret;
-	}
-
-/* Do reference counting. The value 'op' decides what to do. 
- * if it is +1 then the count is incremented. If op is 0 count is
- * set to 1. If op is -1 count is decremented and the return value
- * is the current refrence count or 0 if no reference count exists.
- */
-
-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
-	{
-	const ASN1_AUX *aux;
-	int *lck, ret;
-	if ((it->itype != ASN1_ITYPE_SEQUENCE)
-	   && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
-		return 0;
-	aux = it->funcs;
-	if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
-		return 0;
-	lck = offset2ptr(*pval, aux->ref_offset);
-	if (op == 0)
-		{
-		*lck = 1;
-		return 1;
-		}
-	ret = CRYPTO_add(lck, op, aux->ref_lock);
-#ifdef REF_PRINT
-	fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
-#endif
-#ifdef REF_CHECK
-	if (ret < 0) 
-		fprintf(stderr, "%s, bad reference count\n", it->sname);
-#endif
-	return ret;
-	}
-
-static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	const ASN1_AUX *aux;
-	if (!pval || !*pval)
-		return NULL;
-	aux = it->funcs;
-	if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
-		return NULL;
-	return offset2ptr(*pval, aux->enc_offset);
-	}
-
-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	ASN1_ENCODING *enc;
-	enc = asn1_get_enc_ptr(pval, it);
-	if (enc)
-		{
-		enc->enc = NULL;
-		enc->len = 0;
-		enc->modified = 1;
-		}
-	}
-
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	ASN1_ENCODING *enc;
-	enc = asn1_get_enc_ptr(pval, it);
-	if (enc)
-		{
-		if (enc->enc)
-			OPENSSL_free(enc->enc);
-		enc->enc = NULL;
-		enc->len = 0;
-		enc->modified = 1;
-		}
-	}
-
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
-							 const ASN1_ITEM *it)
-	{
-	ASN1_ENCODING *enc;
-	enc = asn1_get_enc_ptr(pval, it);
-	if (!enc)
-		return 1;
-
-	if (enc->enc)
-		OPENSSL_free(enc->enc);
-	enc->enc = OPENSSL_malloc(inlen);
-	if (!enc->enc)
-		return 0;
-	memcpy(enc->enc, in, inlen);
-	enc->len = inlen;
-	enc->modified = 0;
-
-	return 1;
-	}
-		
-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
-							const ASN1_ITEM *it)
-	{
-	ASN1_ENCODING *enc;
-	enc = asn1_get_enc_ptr(pval, it);
-	if (!enc || enc->modified)
-		return 0;
-	if (out)
-		{
-		memcpy(*out, enc->enc, enc->len);
-		*out += enc->len;
-		}
-	if (len)
-		*len = enc->len;
-	return 1;
-	}
-
-/* Given an ASN1_TEMPLATE get a pointer to a field */
-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-	{
-	ASN1_VALUE **pvaltmp;
-	if (tt->flags & ASN1_TFLG_COMBINE)
-		return pval;
-	pvaltmp = offset2ptr(*pval, tt->offset);
-	/* NOTE for BOOLEAN types the field is just a plain
- 	 * int so we can't return int **, so settle for
-	 * (int *).
-	 */
-	return pvaltmp;
-	}
-
-/* Handle ANY DEFINED BY template, find the selector, look up
- * the relevant ASN1_TEMPLATE in the table and return it.
- */
-
-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
-								int nullerr)
-	{
-	const ASN1_ADB *adb;
-	const ASN1_ADB_TABLE *atbl;
-	long selector;
-	ASN1_VALUE **sfld;
-	int i;
-	if (!(tt->flags & ASN1_TFLG_ADB_MASK))
-		return tt;
-
-	/* Else ANY DEFINED BY ... get the table */
-	adb = ASN1_ADB_ptr(tt->item);
-
-	/* Get the selector field */
-	sfld = offset2ptr(*pval, adb->offset);
-
-	/* Check if NULL */
-	if (!sfld)
-		{
-		if (!adb->null_tt)
-			goto err;
-		return adb->null_tt;
-		}
-
-	/* Convert type to a long:
-	 * NB: don't check for NID_undef here because it
-	 * might be a legitimate value in the table
-	 */
-	if (tt->flags & ASN1_TFLG_ADB_OID) 
-		selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
-	else 
-		selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
-
-	/* Try to find matching entry in table
-	 * Maybe should check application types first to
-	 * allow application override? Might also be useful
-	 * to have a flag which indicates table is sorted and
-	 * we can do a binary search. For now stick to a
-	 * linear search.
-	 */
-
-	for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
-		if (atbl->value == selector)
-			return &atbl->tt;
-
-	/* FIXME: need to search application table too */
-
-	/* No match, return default type */
-	if (!adb->default_tt)
-		goto err;		
-	return adb->default_tt;
-	
-	err:
-	/* FIXME: should log the value or OID of unsupported type */
-	if (nullerr)
-		ASN1err(ASN1_F_ASN1_DO_ADB,
-			ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
-	return NULL;
-	}
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
deleted file mode 100644
index 57cc956c20..0000000000
--- a/crypto/asn1/x_algor.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/* x_algor.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(X509_ALGOR) = {
-	ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
-	ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
-} ASN1_SEQUENCE_END(X509_ALGOR)
-
-ASN1_ITEM_TEMPLATE(X509_ALGORS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
-ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
-
-IMPLEMENT_STACK_OF(X509_ALGOR)
-IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
-
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
-	{
-	if (!alg)
-		return 0;
-	if (ptype != V_ASN1_UNDEF)
-		{
-		if (alg->parameter == NULL)
-			alg->parameter = ASN1_TYPE_new();
-		if (alg->parameter == NULL)
-			return 0;
-		}
-	if (alg)
-		{
-		if (alg->algorithm)
-			ASN1_OBJECT_free(alg->algorithm);
-		alg->algorithm = aobj;
-		}
-	if (ptype == 0)
-		return 1;	
-	if (ptype == V_ASN1_UNDEF)
-		{
-		if (alg->parameter)
-			{
-			ASN1_TYPE_free(alg->parameter);
-			alg->parameter = NULL;
-			}
-		}
-	else
-		ASN1_TYPE_set(alg->parameter, ptype, pval);
-	return 1;
-	}
-
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-						X509_ALGOR *algor)
-	{
-	if (paobj)
-		*paobj = algor->algorithm;
-	if (pptype)
-		{
-		if (algor->parameter == NULL)
-			{
-			*pptype = V_ASN1_UNDEF;
-			return;
-			}
-		else
-			*pptype = algor->parameter->type;
-		if (ppval)
-			*ppval = algor->parameter->value.ptr;
-		}
-	}
-
-/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
-
-void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
-	{
-	int param_type;
-
-	if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
-		param_type = V_ASN1_UNDEF;
-	else
-		param_type = V_ASN1_NULL;
-
-	X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
-
-	}
-
-int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
-	{
-	int rv;
-	rv = OBJ_cmp(a->algorithm, b->algorithm);
-	if (rv)
-		return rv;
-	if (!a->parameter && !b->parameter)
-		return 0;
-	return ASN1_TYPE_cmp(a->parameter, b->parameter);
-	}
diff --git a/crypto/asn1/x_attrib.c b/crypto/asn1/x_attrib.c
deleted file mode 100644
index 1e3713f18f..0000000000
--- a/crypto/asn1/x_attrib.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* crypto/asn1/x_attrib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* X509_ATTRIBUTE: this has the following form:
- *
- * typedef struct x509_attributes_st
- *	{
- *	ASN1_OBJECT *object;
- *	int single;
- *	union	{
- *		char		*ptr;
- * 		STACK_OF(ASN1_TYPE) *set;
- * 		ASN1_TYPE	*single;
- *		} value;
- *	} X509_ATTRIBUTE;
- *
- * this needs some extra thought because the CHOICE type is
- * merged with the main structure and because the value can
- * be anything at all we *must* try the SET OF first because
- * the ASN1_ANY type will swallow anything including the whole
- * SET OF structure.
- */
-
-ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
-	ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
-	ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
-} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
-
-ASN1_SEQUENCE(X509_ATTRIBUTE) = {
-	ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
-	/* CHOICE type merged with parent */
-	ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
-} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
-	{
-	X509_ATTRIBUTE *ret=NULL;
-	ASN1_TYPE *val=NULL;
-
-	if ((ret=X509_ATTRIBUTE_new()) == NULL)
-		return(NULL);
-	ret->object=OBJ_nid2obj(nid);
-	ret->single=0;
-	if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
-	if ((val=ASN1_TYPE_new()) == NULL) goto err;
-	if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
-
-	ASN1_TYPE_set(val,atrtype,value);
-	return(ret);
-err:
-	if (ret != NULL) X509_ATTRIBUTE_free(ret);
-	if (val != NULL) ASN1_TYPE_free(val);
-	return(NULL);
-	}
diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c
deleted file mode 100644
index 9cf3204a1b..0000000000
--- a/crypto/asn1/x_bignum.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/* x_bignum.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/bn.h>
-
-/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
- * BIGNUM directly. Currently it ignores the sign which isn't a problem since all
- * BIGNUMs used are non negative and anything that looks negative is normally due
- * to an encoding error.
- */
-
-#define BN_SENSITIVE	1
-
-static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-static ASN1_PRIMITIVE_FUNCS bignum_pf = {
-	NULL, 0,
-	bn_new,
-	bn_free,
-	0,
-	bn_c2i,
-	bn_i2c
-};
-
-ASN1_ITEM_start(BIGNUM)
-	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
-ASN1_ITEM_end(BIGNUM)
-
-ASN1_ITEM_start(CBIGNUM)
-	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
-ASN1_ITEM_end(CBIGNUM)
-
-static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-	*pval = (ASN1_VALUE *)BN_new();
-	if(*pval) return 1;
-	else return 0;
-}
-
-static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-	if(!*pval) return;
-	if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
-	else BN_free((BIGNUM *)*pval);
-	*pval = NULL;
-}
-
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
-{
-	BIGNUM *bn;
-	int pad;
-	if(!*pval) return -1;
-	bn = (BIGNUM *)*pval;
-	/* If MSB set in an octet we need a padding byte */
-	if(BN_num_bits(bn) & 0x7) pad = 0;
-	else pad = 1;
-	if(cont) {
-		if(pad) *cont++ = 0;
-		BN_bn2bin(bn, cont);
-	}
-	return pad + BN_num_bytes(bn);
-}
-
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-		  int utype, char *free_cont, const ASN1_ITEM *it)
-{
-	BIGNUM *bn;
-	if(!*pval) bn_new(pval, it);
-	bn  = (BIGNUM *)*pval;
-	if(!BN_bin2bn(cont, len, bn)) {
-		bn_free(pval, it);
-		return 0;
-	}
-	return 1;
-}
-
-
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
deleted file mode 100644
index 3f03efbe60..0000000000
--- a/crypto/asn1/x_crl.c
+++ /dev/null
@@ -1,528 +0,0 @@
-/* crypto/asn1/x_crl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1_locl.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
-				const X509_REVOKED * const *b);
-static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
-
-ASN1_SEQUENCE(X509_REVOKED) = {
-	ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
-	ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
-	ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
-} ASN1_SEQUENCE_END(X509_REVOKED)
-
-static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
-static int def_crl_lookup(X509_CRL *crl,
-		X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer);
-
-static X509_CRL_METHOD int_crl_meth =
-	{
-	0,
-	0,0,
-	def_crl_lookup,
-	def_crl_verify
-	};
-
-static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
-
-/* The X509_CRL_INFO structure needs a bit of customisation.
- * Since we cache the original encoding the signature wont be affected by
- * reordering of the revoked field.
- */
-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-								void *exarg)
-{
-	X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
-
-	if(!a || !a->revoked) return 1;
-	switch(operation) {
-		/* Just set cmp function here. We don't sort because that
-		 * would affect the output of X509_CRL_print().
-		 */
-		case ASN1_OP_D2I_POST:
-		(void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
-		break;
-	}
-	return 1;
-}
-
-
-ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
-	ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
-	ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
-	ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
-	ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
-	ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
-	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
-
-/* Set CRL entry issuer according to CRL certificate issuer extension.
- * Check for unhandled critical CRL entry extensions.
- */
-
-static int crl_set_issuers(X509_CRL *crl)
-	{
-
-	int i, j;
-	GENERAL_NAMES *gens, *gtmp;
-	STACK_OF(X509_REVOKED) *revoked;
-
-	revoked = X509_CRL_get_REVOKED(crl);
-
-	gens = NULL;
-	for (i = 0; i < sk_X509_REVOKED_num(revoked); i++)
-		{
-		X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i);
-		STACK_OF(X509_EXTENSION) *exts;
-		ASN1_ENUMERATED *reason;
-		X509_EXTENSION *ext;
-		gtmp = X509_REVOKED_get_ext_d2i(rev, 
-						NID_certificate_issuer,
-						&j, NULL);
-		if (!gtmp && (j != -1))
-			{
-			crl->flags |= EXFLAG_INVALID;
-			return 1;
-			}
-
-		if (gtmp)
-			{
-			gens = gtmp;
-			if (!crl->issuers)
-				{
-				crl->issuers = sk_GENERAL_NAMES_new_null();
-				if (!crl->issuers)
-					return 0;
-				}
-			if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
-				return 0;
-			}
-		rev->issuer = gens;
-
-		reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason,
-								&j, NULL);
-		if (!reason && (j != -1))
-			{
-			crl->flags |= EXFLAG_INVALID;
-			return 1;
-			}
-
-		if (reason)
-			{
-			rev->reason = ASN1_ENUMERATED_get(reason);
-			ASN1_ENUMERATED_free(reason);
-			}
-		else
-			rev->reason = CRL_REASON_NONE;	
-
-		/* Check for critical CRL entry extensions */
-
-		exts = rev->extensions;
-
-		for (j = 0; j < sk_X509_EXTENSION_num(exts); j++)
-			{
-			ext = sk_X509_EXTENSION_value(exts, j);
-			if (ext->critical > 0)
-				{
-				if (OBJ_obj2nid(ext->object) ==
-					NID_certificate_issuer)
-					continue;
-				crl->flags |= EXFLAG_CRITICAL;
-				break;
-				}
-			}
-
-
-		}
-
-	return 1;
-
-	}
-
-/* The X509_CRL structure needs a bit of customisation. Cache some extensions
- * and hash of the whole CRL.
- */
-static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-								void *exarg)
-	{
-	X509_CRL *crl = (X509_CRL *)*pval;
-	STACK_OF(X509_EXTENSION) *exts;
-	X509_EXTENSION *ext;
-	int idx;
-
-	switch(operation)
-		{
-		case ASN1_OP_NEW_POST:
-		crl->idp = NULL;
-		crl->akid = NULL;
-		crl->flags = 0;
-		crl->idp_flags = 0;
-		crl->idp_reasons = CRLDP_ALL_REASONS;
-		crl->meth = default_crl_method;
-		crl->meth_data = NULL;
-		crl->issuers = NULL;
-		crl->crl_number = NULL;
-		crl->base_crl_number = NULL;
-		break;
-
-		case ASN1_OP_D2I_POST:
-#ifndef OPENSSL_NO_SHA
-		X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
-#endif
-		crl->idp = X509_CRL_get_ext_d2i(crl,
-				NID_issuing_distribution_point, NULL, NULL);
-		if (crl->idp)
-			setup_idp(crl, crl->idp);
-
-		crl->akid = X509_CRL_get_ext_d2i(crl,
-				NID_authority_key_identifier, NULL, NULL);	
-
-		crl->crl_number = X509_CRL_get_ext_d2i(crl,
-				NID_crl_number, NULL, NULL);	
-
-		crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
-				NID_delta_crl, NULL, NULL);	
-		/* Delta CRLs must have CRL number */
-		if (crl->base_crl_number && !crl->crl_number)
-			crl->flags |= EXFLAG_INVALID;
-
-		/* See if we have any unhandled critical CRL extensions and 
-		 * indicate this in a flag. We only currently handle IDP so
-		 * anything else critical sets the flag.
-		 *
-		 * This code accesses the X509_CRL structure directly:
-		 * applications shouldn't do this.
-		 */
-
-		exts = crl->crl->extensions;
-
-		for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
-			{
-			int nid;
-			ext = sk_X509_EXTENSION_value(exts, idx);
-			nid = OBJ_obj2nid(ext->object);
-			if (nid == NID_freshest_crl)
-				crl->flags |= EXFLAG_FRESHEST;
-			if (ext->critical > 0)
-				{
-				/* We handle IDP and deltas */
-				if ((nid == NID_issuing_distribution_point)
-					|| (nid == NID_authority_key_identifier)
-					|| (nid == NID_delta_crl))
-					break;;
-				crl->flags |= EXFLAG_CRITICAL;
-				break;
-				}
-			}
-
-
-		if (!crl_set_issuers(crl))
-			return 0;
-
-		if (crl->meth->crl_init)
-			{
-			if (crl->meth->crl_init(crl) == 0)
-				return 0;
-			}
-		break;
-
-		case ASN1_OP_FREE_POST:
-		if (crl->meth->crl_free)
-			{
-			if (!crl->meth->crl_free(crl))
-				return 0;
-			}
-		if (crl->akid)
-			AUTHORITY_KEYID_free(crl->akid);
-		if (crl->idp)
-			ISSUING_DIST_POINT_free(crl->idp);
-		ASN1_INTEGER_free(crl->crl_number);
-		ASN1_INTEGER_free(crl->base_crl_number);
-		sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
-		break;
-		}
-	return 1;
-	}
-
-/* Convert IDP into a more convenient form */
-
-static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
-	{
-	int idp_only = 0;
-	/* Set various flags according to IDP */
-	crl->idp_flags |= IDP_PRESENT;
-	if (idp->onlyuser > 0)
-		{
-		idp_only++;
-		crl->idp_flags |= IDP_ONLYUSER;
-		}
-	if (idp->onlyCA > 0)
-		{
-		idp_only++;
-		crl->idp_flags |= IDP_ONLYCA;
-		}
-	if (idp->onlyattr > 0)
-		{
-		idp_only++;
-		crl->idp_flags |= IDP_ONLYATTR;
-		}
-
-	if (idp_only > 1)
-		crl->idp_flags |= IDP_INVALID;
-
-	if (idp->indirectCRL > 0)
-		crl->idp_flags |= IDP_INDIRECT;
-
-	if (idp->onlysomereasons)
-		{
-		crl->idp_flags |= IDP_REASONS;
-		if (idp->onlysomereasons->length > 0)
-			crl->idp_reasons = idp->onlysomereasons->data[0];
-		if (idp->onlysomereasons->length > 1)
-			crl->idp_reasons |=
-				(idp->onlysomereasons->data[1] << 8);
-		crl->idp_reasons &= CRLDP_ALL_REASONS;
-		}
-
-	DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
-	}
-
-ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = {
-	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
-	ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
-	ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
-IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
-IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
-
-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
-			const X509_REVOKED * const *b)
-	{
-	return(ASN1_STRING_cmp(
-		(ASN1_STRING *)(*a)->serialNumber,
-		(ASN1_STRING *)(*b)->serialNumber));
-	}
-
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
-{
-	X509_CRL_INFO *inf;
-	inf = crl->crl;
-	if(!inf->revoked)
-		inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
-	if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
-		ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	inf->enc.modified = 1;
-	return 1;
-}
-
-int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
-	{
-	if (crl->meth->crl_verify)
-		return crl->meth->crl_verify(crl, r);
-	return 0;
-	}
-
-int X509_CRL_get0_by_serial(X509_CRL *crl,
-		X509_REVOKED **ret, ASN1_INTEGER *serial)
-	{
-	if (crl->meth->crl_lookup)
-		return crl->meth->crl_lookup(crl, ret, serial, NULL);
-	return 0;
-	}
-
-int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
-	{
-	if (crl->meth->crl_lookup)
-		return crl->meth->crl_lookup(crl, ret,
-						X509_get_serialNumber(x),
-						X509_get_issuer_name(x));
-	return 0;
-	}
-
-static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
-	{
-	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-		crl->sig_alg, crl->signature,crl->crl,r));
-	}
-
-static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
-						X509_REVOKED *rev)
-	{
-	int i;
-
-	if (!rev->issuer)
-		{
-		if (!nm)
-			return 1;
-		if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
-			return 1;
-		return 0;
-		}
-
-	if (!nm)
-		nm = X509_CRL_get_issuer(crl);
-
-	for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++)
-		{
-		GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i);
-		if (gen->type != GEN_DIRNAME)
-			continue;
-		if (!X509_NAME_cmp(nm, gen->d.directoryName))
-			return 1;
-		}
-	return 0;
-
-	}
-
-static int def_crl_lookup(X509_CRL *crl,
-		X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer)
-	{
-	X509_REVOKED rtmp, *rev;
-	int idx;
-	rtmp.serialNumber = serial;
-	/* Sort revoked into serial number order if not already sorted.
-	 * Do this under a lock to avoid race condition.
- 	 */
-	if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
-		sk_X509_REVOKED_sort(crl->crl->revoked);
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
-		}
-	idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
-	if(idx < 0)
-		return 0;
-	/* Need to look for matching name */
-	for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++)
-		{
-		rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
-		if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
-			return 0;
-		if (crl_revoked_issuer_match(crl, issuer, rev))
-			{
-			if (ret)
-				*ret = rev;
-			if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
-				return 2;
-			return 1;
-			}
-		}
-	return 0;
-	}
-
-void X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
-	{
-	if (meth == NULL)
-		default_crl_method = &int_crl_meth;
-	else 
-		default_crl_method = meth;
-	}
-
-X509_CRL_METHOD *X509_CRL_METHOD_new(
-	int (*crl_init)(X509_CRL *crl),
-	int (*crl_free)(X509_CRL *crl),
-	int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
-				ASN1_INTEGER *ser, X509_NAME *issuer),
-	int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
-	{
-	X509_CRL_METHOD *m;
-	m = OPENSSL_malloc(sizeof(X509_CRL_METHOD));
-	if (!m)
-		return NULL;
-	m->crl_init = crl_init;
-	m->crl_free = crl_free;
-	m->crl_lookup = crl_lookup;
-	m->crl_verify = crl_verify;
-	m->flags = X509_CRL_METHOD_DYNAMIC;
-	return m;
-	}
-
-void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
-	{
-	if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
-		return;
-	OPENSSL_free(m);
-	}
-
-void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
-	{
-	crl->meth_data = dat;
-	}
-
-void *X509_CRL_get_meth_data(X509_CRL *crl)
-	{
-	return crl->meth_data;
-	}
-
-IMPLEMENT_STACK_OF(X509_REVOKED)
-IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
-IMPLEMENT_STACK_OF(X509_CRL)
-IMPLEMENT_ASN1_SET_OF(X509_CRL)
diff --git a/crypto/asn1/x_exten.c b/crypto/asn1/x_exten.c
deleted file mode 100644
index 3a21239926..0000000000
--- a/crypto/asn1/x_exten.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/* x_exten.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(X509_EXTENSION) = {
-	ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
-	ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
-	ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(X509_EXTENSION)
-
-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
-ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c
deleted file mode 100644
index d44f6cdb01..0000000000
--- a/crypto/asn1/x_info.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/* crypto/asn1/x_info.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-
-X509_INFO *X509_INFO_new(void)
-	{
-	X509_INFO *ret=NULL;
-
-	ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
- 
-        ret->enc_cipher.cipher=NULL;
-        ret->enc_len=0;
-        ret->enc_data=NULL;
- 
-	ret->references=1;
-	ret->x509=NULL;
-	ret->crl=NULL;
-	ret->x_pkey=NULL;
-	return(ret);
-	}
-
-void X509_INFO_free(X509_INFO *x)
-	{
-	int i;
-
-	if (x == NULL) return;
-
-	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
-#ifdef REF_PRINT
-	REF_PRINT("X509_INFO",x);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_INFO_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	if (x->x509 != NULL) X509_free(x->x509);
-	if (x->crl != NULL) X509_CRL_free(x->crl);
-	if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
-	if (x->enc_data != NULL) OPENSSL_free(x->enc_data);
-	OPENSSL_free(x);
-	}
-
-IMPLEMENT_STACK_OF(X509_INFO)
-
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
deleted file mode 100644
index 75317418e1..0000000000
--- a/crypto/asn1/x_long.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* x_long.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/bn.h>
-
-/* Custom primitive type for long handling. This converts between an ASN1_INTEGER
- * and a long directly.
- */
-
-
-static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx);
-
-static ASN1_PRIMITIVE_FUNCS long_pf = {
-	NULL, 0,
-	long_new,
-	long_free,
-	long_free,	/* Clear should set to initial value */
-	long_c2i,
-	long_i2c,
-	long_print
-};
-
-ASN1_ITEM_start(LONG)
-	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
-ASN1_ITEM_end(LONG)
-
-ASN1_ITEM_start(ZLONG)
-	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
-ASN1_ITEM_end(ZLONG)
-
-static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-	*(long *)pval = it->size;
-	return 1;
-}
-
-static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-	*(long *)pval = it->size;
-}
-
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
-{
-	long ltmp;
-	unsigned long utmp;
-	int clen, pad, i;
-	/* this exists to bypass broken gcc optimization */
-	char *cp = (char *)pval;
-
-	/* use memcpy, because we may not be long aligned */
-	memcpy(&ltmp, cp, sizeof(long));
-
-	if(ltmp == it->size) return -1;
-	/* Convert the long to positive: we subtract one if negative so
-	 * we can cleanly handle the padding if only the MSB of the leading
-	 * octet is set. 
-	 */
-	if(ltmp < 0) utmp = -ltmp - 1;
-	else utmp = ltmp;
-	clen = BN_num_bits_word(utmp);
-	/* If MSB of leading octet set we need to pad */
-	if(!(clen & 0x7)) pad = 1;
-	else pad = 0;
-
-	/* Convert number of bits to number of octets */
-	clen = (clen + 7) >> 3;
-
-	if(cont) {
-		if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
-		for(i = clen - 1; i >= 0; i--) {
-			cont[i] = (unsigned char)(utmp & 0xff);
-			if(ltmp < 0) cont[i] ^= 0xff;
-			utmp >>= 8;
-		}
-	}
-	return clen + pad;
-}
-
-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-		    int utype, char *free_cont, const ASN1_ITEM *it)
-{
-	int neg, i;
-	long ltmp;
-	unsigned long utmp = 0;
-	char *cp = (char *)pval;
-	if(len > (int)sizeof(long)) {
-		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
-		return 0;
-	}
-	/* Is it negative? */
-	if(len && (cont[0] & 0x80)) neg = 1;
-	else neg = 0;
-	utmp = 0;
-	for(i = 0; i < len; i++) {
-		utmp <<= 8;
-		if(neg) utmp |= cont[i] ^ 0xff;
-		else utmp |= cont[i];
-	}
-	ltmp = (long)utmp;
-	if(neg) {
-		ltmp++;
-		ltmp = -ltmp;
-	}
-	if(ltmp == it->size) {
-		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
-		return 0;
-	}
-	memcpy(cp, &ltmp, sizeof(long));
-	return 1;
-}
-
-static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
-			int indent, const ASN1_PCTX *pctx)
-	{
-	return BIO_printf(out, "%ld\n", *(long *)pval);
-	}
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
deleted file mode 100644
index 22da57040e..0000000000
--- a/crypto/asn1/x_name.c
+++ /dev/null
@@ -1,521 +0,0 @@
-/* crypto/asn1/x_name.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include "asn1_locl.h"
-
-typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
-DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
-
-static int x509_name_ex_d2i(ASN1_VALUE **val,
-				const unsigned char **in, long len,
-				const ASN1_ITEM *it,
-				int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
-				const ASN1_ITEM *it, int tag, int aclass);
-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
-static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
-
-static int x509_name_encode(X509_NAME *a);
-static int x509_name_canon(X509_NAME *a);
-static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
-static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname,
-			  unsigned char **in);
-
-
-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
-						int indent,
-						const char *fname, 
-						const ASN1_PCTX *pctx);
-
-ASN1_SEQUENCE(X509_NAME_ENTRY) = {
-	ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
-	ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
-} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
-
-/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
- * so declare two template wrappers for this
- */
-
-ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
-ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
-
-ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
-ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
-
-/* Normally that's where it would end: we'd have two nested STACK structures
- * representing the ASN1. Unfortunately X509_NAME uses a completely different
- * form and caches encodings so we have to process the internal form and convert
- * to the external form.
- */
-
-const ASN1_EXTERN_FUNCS x509_name_ff = {
-	NULL,
-	x509_name_ex_new,
-	x509_name_ex_free,
-	0,	/* Default clear behaviour is OK */
-	x509_name_ex_d2i,
-	x509_name_ex_i2d,
-	x509_name_ex_print
-};
-
-IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
-
-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
-{
-	X509_NAME *ret = NULL;
-	ret = OPENSSL_malloc(sizeof(X509_NAME));
-	if(!ret) goto memerr;
-	if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
-		goto memerr;
-	if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
-	ret->canon_enc = NULL;
-	ret->canon_enclen = 0;
-	ret->modified=1;
-	*val = (ASN1_VALUE *)ret;
-	return 1;
-
- memerr:
-	ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
-	if (ret)
-		{
-		if (ret->entries)
-			sk_X509_NAME_ENTRY_free(ret->entries);
-		OPENSSL_free(ret);
-		}
-	return 0;
-}
-
-static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
-	X509_NAME *a;
-	if(!pval || !*pval)
-	    return;
-	a = (X509_NAME *)*pval;
-
-	BUF_MEM_free(a->bytes);
-	sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
-	if (a->canon_enc)
-		OPENSSL_free(a->canon_enc);
-	OPENSSL_free(a);
-	*pval = NULL;
-}
-
-static int x509_name_ex_d2i(ASN1_VALUE **val,
-			const unsigned char **in, long len, const ASN1_ITEM *it,
-				int tag, int aclass, char opt, ASN1_TLC *ctx)
-{
-	const unsigned char *p = *in, *q;
-	union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
-		ASN1_VALUE *a; } intname = {NULL};
-	union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
-	int i, j, ret;
-	STACK_OF(X509_NAME_ENTRY) *entries;
-	X509_NAME_ENTRY *entry;
-	q = p;
-
-	/* Get internal representation of Name */
-	ret = ASN1_item_ex_d2i(&intname.a,
-			       &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
-			       tag, aclass, opt, ctx);
-	
-	if(ret <= 0) return ret;
-
-	if(*val) x509_name_ex_free(val, NULL);
-	if(!x509_name_ex_new(&nm.a, NULL)) goto err;
-	/* We've decoded it: now cache encoding */
-	if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;
-	memcpy(nm.x->bytes->data, q, p - q);
-
-	/* Convert internal representation to X509_NAME structure */
-	for(i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
-		entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
-		for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
-			entry = sk_X509_NAME_ENTRY_value(entries, j);
-			entry->set = i;
-			if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
-				goto err;
-		}
-		sk_X509_NAME_ENTRY_free(entries);
-	}
-	sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
-	ret = x509_name_canon(nm.x);
-	if (!ret)
-		goto err;
-	nm.x->modified = 0;
-	*val = nm.a;
-	*in = p;
-	return ret;
-err:
-        if (nm.x != NULL)
-		X509_NAME_free(nm.x);
-	ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-	return 0;
-}
-
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
-{
-	int ret;
-	X509_NAME *a = (X509_NAME *)*val;
-	if(a->modified) {
-		ret = x509_name_encode(a);
-		if(ret < 0)
-			return ret;
-		ret = x509_name_canon(a);
-		if(ret < 0)
-			return ret;
-	}
-	ret = a->bytes->length;
-	if(out != NULL) {
-		memcpy(*out,a->bytes->data,ret);
-		*out+=ret;
-	}
-	return ret;
-}
-
-static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
-	{
-	sk_X509_NAME_ENTRY_free(ne);
-	}
-
-static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
-	{
-	sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
-	}
-
-static int x509_name_encode(X509_NAME *a)
-{
-	union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
-		ASN1_VALUE *a; } intname = {NULL};
-	int len;
-	unsigned char *p;
-	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
-	X509_NAME_ENTRY *entry;
-	int i, set = -1;
-	intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-	if(!intname.s) goto memerr;
-	for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
-		entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-		if(entry->set != set) {
-			entries = sk_X509_NAME_ENTRY_new_null();
-			if(!entries) goto memerr;
-			if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
-							     entries))
-				goto memerr;
-			set = entry->set;
-		}
-		if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
-	}
-	len = ASN1_item_ex_i2d(&intname.a, NULL,
-			       ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-	if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
-	p=(unsigned char *)a->bytes->data;
-	ASN1_item_ex_i2d(&intname.a,
-			 &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
-					     local_sk_X509_NAME_ENTRY_free);
-	a->modified = 0;
-	return len;
-memerr:
-	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
-					     local_sk_X509_NAME_ENTRY_free);
-	ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
-	return -1;
-}
-
-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
-						int indent,
-						const char *fname, 
-						const ASN1_PCTX *pctx)
-	{
-	if (X509_NAME_print_ex(out, (X509_NAME *)*pval,
-					indent, pctx->nm_flags) <= 0)
-		return 0;
-	return 2;
-	}
-
-/* This function generates the canonical encoding of the Name structure.
- * In it all strings are converted to UTF8, leading, trailing and
- * multiple spaces collapsed, converted to lower case and the leading
- * SEQUENCE header removed.
- *
- * In future we could also normalize the UTF8 too.
- *
- * By doing this comparison of Name structures can be rapidly
- * perfomed by just using memcmp() of the canonical encoding.
- * By omitting the leading SEQUENCE name constraints of type
- * dirName can also be checked with a simple memcmp().
- */
-
-static int x509_name_canon(X509_NAME *a)
-	{
-	unsigned char *p;
-	STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
-	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
-	X509_NAME_ENTRY *entry, *tmpentry = NULL;
-	int i, set = -1, ret = 0;
-
-	if (a->canon_enc)
-		{
-		OPENSSL_free(a->canon_enc);
-		a->canon_enc = NULL;
-		}
-	/* Special case: empty X509_NAME => null encoding */
-	if (sk_X509_NAME_ENTRY_num(a->entries) == 0)
-		{
-		a->canon_enclen = 0;
-		return 1;
-		}
-	intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-	if(!intname)
-		goto err;
-	for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++)
-		{
-		entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-		if(entry->set != set)
-			{
-			entries = sk_X509_NAME_ENTRY_new_null();
-			if(!entries)
-				goto err;
-			if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
-				goto err;
-			set = entry->set;
-			}
-		tmpentry = X509_NAME_ENTRY_new();
-		if (!tmpentry)
-			goto err;
-		tmpentry->object = OBJ_dup(entry->object);
-		if (!asn1_string_canon(tmpentry->value, entry->value))
-			goto err;
-		if(!sk_X509_NAME_ENTRY_push(entries, tmpentry))
-			goto err;
-		tmpentry = NULL;
-		}
-
-	/* Finally generate encoding */
-
-	a->canon_enclen = i2d_name_canon(intname, NULL);
-
-	p = OPENSSL_malloc(a->canon_enclen);
-
-	if (!p)
-		goto err;
-
-	a->canon_enc = p;
-
-	i2d_name_canon(intname, &p);
-
-	ret = 1;
-
-	err:
-
-	if (tmpentry)
-		X509_NAME_ENTRY_free(tmpentry);
-	if (intname)
-		sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
-					local_sk_X509_NAME_ENTRY_pop_free);
-	return ret;
-	}
-
-/* Bitmap of all the types of string that will be canonicalized. */
-
-#define ASN1_MASK_CANON	\
-	(B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
-	| B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
-	| B_ASN1_VISIBLESTRING)
-	
-
-static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
-	{
-	unsigned char *to, *from;
-	int len, i;
-
-	/* If type not in bitmask just copy string across */
-	if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON))
-		{
-		if (!ASN1_STRING_copy(out, in))
-			return 0;
-		return 1;
-		}
-
-	out->type = V_ASN1_UTF8STRING;
-	out->length = ASN1_STRING_to_UTF8(&out->data, in);
-	if (out->length == -1)
-		return 0;
-
-	to = out->data;
-	from = to;
-
-	len = out->length;
-
-	/* Convert string in place to canonical form.
-	 * Ultimately we may need to handle a wider range of characters
-	 * but for now ignore anything with MSB set and rely on the
-	 * isspace() and tolower() functions.
-	 */
-
-	/* Ignore leading spaces */
-	while((len > 0) && !(*from & 0x80) && isspace(*from))
-		{
-		from++;
-		len--;
-		}
-
-	to = from + len - 1;
-
-	/* Ignore trailing spaces */
-	while ((len > 0) && !(*to & 0x80) && isspace(*to))
-		{
-		to--;
-		len--;
-		}
-
-	to = out->data;
-
-	i = 0;
-	while(i < len)
-		{
-		/* If MSB set just copy across */
-		if (*from & 0x80)
-			{
-			*to++ = *from++;
-			i++;
-			}
-		/* Collapse multiple spaces */
-		else if (isspace(*from))
-			{
-			/* Copy one space across */
-			*to++ = ' ';
-			/* Ignore subsequent spaces. Note: don't need to
-			 * check len here because we know the last 
-			 * character is a non-space so we can't overflow.
-			 */
-			do
-				{
-				from++;
-				i++;
-				}
-			while(!(*from & 0x80) && isspace(*from));
-			}
-		else
-			{
-			*to++ = tolower(*from);
-			from++;
-			i++;
-			}
-		}
-
-	out->length = to - out->data;
-
-	return 1;
-
-	}
-
-static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
-			  unsigned char **in)
-	{
-	int i, len, ltmp;
-	ASN1_VALUE *v;
-	STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;
-
-	len = 0;
-	for (i = 0; i < sk_ASN1_VALUE_num(intname); i++)
-		{
-		v = sk_ASN1_VALUE_value(intname, i);
-		ltmp = ASN1_item_ex_i2d(&v, in,
-			ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
-		if (ltmp < 0)
-			return ltmp;
-		len += ltmp;
-		}
-	return len;
-	}
-
-int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
-	{
-	X509_NAME *in;
-
-	if (!xn || !name) return(0);
-
-	if (*xn != name)
-		{
-		in=X509_NAME_dup(name);
-		if (in != NULL)
-			{
-			X509_NAME_free(*xn);
-			*xn=in;
-			}
-		}
-	return(*xn != NULL);
-	}
-	
-IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
-IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/crypto/asn1/x_nx509.c b/crypto/asn1/x_nx509.c
deleted file mode 100644
index fbd9a22db3..0000000000
--- a/crypto/asn1/x_nx509.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/* x_nx509.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-/* Old netscape certificate wrapper format */
-
-ASN1_SEQUENCE(NETSCAPE_X509) = {
-	ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING),
-	ASN1_OPT(NETSCAPE_X509, cert, X509)
-} ASN1_SEQUENCE_END(NETSCAPE_X509)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509)
-
diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
deleted file mode 100644
index 8453618426..0000000000
--- a/crypto/asn1/x_pkey.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/* crypto/asn1/x_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/x509.h>
-
-/* need to implement */
-int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
-	{
-	return(0);
-	}
-
-X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
-	{
-	int i;
-	M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING);
-
-	ret->cipher.cipher=EVP_get_cipherbyname(
-		OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
-	if (ret->cipher.cipher == NULL)
-		{
-		c.error=ASN1_R_UNSUPPORTED_CIPHER;
-		c.line=__LINE__;
-		goto err;
-		}
-	if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) 
-		{
-		i=ret->enc_algor->parameter->value.octet_string->length;
-		if (i > EVP_MAX_IV_LENGTH)
-			{
-			c.error=ASN1_R_IV_TOO_LARGE;
-			c.line=__LINE__;
-			goto err;
-			}
-		memcpy(ret->cipher.iv,
-			ret->enc_algor->parameter->value.octet_string->data,i);
-		}
-	else
-		memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
-	M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
-	}
-
-X509_PKEY *X509_PKEY_new(void)
-	{
-	X509_PKEY *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_PKEY);
-	ret->version=0;
-	M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
-	M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);
-	ret->dec_pkey=NULL;
-	ret->key_length=0;
-	ret->key_data=NULL;
-	ret->key_free=0;
-	ret->cipher.cipher=NULL;
-	memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
-	ret->references=1;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
-	}
-
-void X509_PKEY_free(X509_PKEY *x)
-	{
-	int i;
-
-	if (x == NULL) return;
-
-	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
-#ifdef REF_PRINT
-	REF_PRINT("X509_PKEY",x);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_PKEY_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
-	if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
-	if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
-	if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data);
-	OPENSSL_free(x);
-	}
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
deleted file mode 100644
index b649e1fcf9..0000000000
--- a/crypto/asn1/x_pubkey.c
+++ /dev/null
@@ -1,385 +0,0 @@
-/* crypto/asn1/x_pubkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include "asn1_locl.h"
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-/* Minor tweak to operation: free up EVP_PKEY */
-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-			void *exarg)
-	{
-	if (operation == ASN1_OP_FREE_POST)
-		{
-		X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
-		EVP_PKEY_free(pubkey->pkey);
-		}
-	return 1;
-	}
-
-ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
-	ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
-	ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
-
-int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
-	{
-	X509_PUBKEY *pk=NULL;
-
-	if (x == NULL) return(0);
-
-	if ((pk=X509_PUBKEY_new()) == NULL) goto error;
-
-	if (pkey->ameth)
-		{
-		if (pkey->ameth->pub_encode)
-			{
-			if (!pkey->ameth->pub_encode(pk, pkey))
-				{
-				X509err(X509_F_X509_PUBKEY_SET,
-					X509_R_PUBLIC_KEY_ENCODE_ERROR);
-				goto error;
-				}
-			}
-		else
-			{
-			X509err(X509_F_X509_PUBKEY_SET,
-				X509_R_METHOD_NOT_SUPPORTED);
-			goto error;
-			}
-		}
-	else
-		{
-		X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
-		goto error;
-		}
-
-	if (*x != NULL)
-		X509_PUBKEY_free(*x);
-
-	*x=pk;
-
-	return 1;
-error:
-	if (pk != NULL) X509_PUBKEY_free(pk);
-	return 0;
-	}
-
-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
-	{
-	EVP_PKEY *ret=NULL;
-
-	if (key == NULL) goto error;
-
-	if (key->pkey != NULL)
-		{
-		CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-		return key->pkey;
-		}
-
-	if (key->public_key == NULL) goto error;
-
-	if ((ret = EVP_PKEY_new()) == NULL)
-		{
-		X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-		goto error;
-		}
-
-	if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm)))
-		{
-		X509err(X509_F_X509_PUBKEY_GET,X509_R_UNSUPPORTED_ALGORITHM);
-		goto error;
-		}
-
-	if (ret->ameth->pub_decode)
-		{
-		if (!ret->ameth->pub_decode(ret, key))
-			{
-			X509err(X509_F_X509_PUBKEY_GET,
-						X509_R_PUBLIC_KEY_DECODE_ERROR);
-			goto error;
-			}
-		}
-	else
-		{
-		X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED);
-		goto error;
-		}
-
-	/* Check to see if another thread set key->pkey first */
-	CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
-	if (key->pkey)
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
-		EVP_PKEY_free(ret);
-		ret = key->pkey;
-		}
-	else
-		{
-		key->pkey = ret;
-		CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
-		}
-	CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
-
-	return ret;
-
-	error:
-	if (ret != NULL)
-		EVP_PKEY_free(ret);
-	return(NULL);
-	}
-
-/* Now two pseudo ASN1 routines that take an EVP_PKEY structure
- * and encode or decode as X509_PUBKEY
- */
-
-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
-	     long length)
-	{
-	X509_PUBKEY *xpk;
-	EVP_PKEY *pktmp;
-	xpk = d2i_X509_PUBKEY(NULL, pp, length);
-	if(!xpk) return NULL;
-	pktmp = X509_PUBKEY_get(xpk);
-	X509_PUBKEY_free(xpk);
-	if(!pktmp) return NULL;
-	if(a)
-		{
-		EVP_PKEY_free(*a);
-		*a = pktmp;
-		}
-	return pktmp;
-	}
-
-int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
-	{
-	X509_PUBKEY *xpk=NULL;
-	int ret;
-	if(!a) return 0;
-	if(!X509_PUBKEY_set(&xpk, a)) return 0;
-	ret = i2d_X509_PUBKEY(xpk, pp);
-	X509_PUBKEY_free(xpk);
-	return ret;
-	}
-
-/* The following are equivalents but which return RSA and DSA
- * keys
- */
-#ifndef OPENSSL_NO_RSA
-RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
-	     long length)
-	{
-	EVP_PKEY *pkey;
-	RSA *key;
-	const unsigned char *q;
-	q = *pp;
-	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return NULL;
-	key = EVP_PKEY_get1_RSA(pkey);
-	EVP_PKEY_free(pkey);
-	if (!key) return NULL;
-	*pp = q;
-	if (a)
-		{
-		RSA_free(*a);
-		*a = key;
-		}
-	return key;
-	}
-
-int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
-	{
-	EVP_PKEY *pktmp;
-	int ret;
-	if (!a) return 0;
-	pktmp = EVP_PKEY_new();
-	if (!pktmp)
-		{
-		ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	EVP_PKEY_set1_RSA(pktmp, a);
-	ret = i2d_PUBKEY(pktmp, pp);
-	EVP_PKEY_free(pktmp);
-	return ret;
-	}
-#endif
-
-#ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
-	     long length)
-	{
-	EVP_PKEY *pkey;
-	DSA *key;
-	const unsigned char *q;
-	q = *pp;
-	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return NULL;
-	key = EVP_PKEY_get1_DSA(pkey);
-	EVP_PKEY_free(pkey);
-	if (!key) return NULL;
-	*pp = q;
-	if (a)
-		{
-		DSA_free(*a);
-		*a = key;
-		}
-	return key;
-	}
-
-int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
-	{
-	EVP_PKEY *pktmp;
-	int ret;
-	if(!a) return 0;
-	pktmp = EVP_PKEY_new();
-	if(!pktmp)
-		{
-		ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	EVP_PKEY_set1_DSA(pktmp, a);
-	ret = i2d_PUBKEY(pktmp, pp);
-	EVP_PKEY_free(pktmp);
-	return ret;
-	}
-#endif
-
-#ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
-	{
-	EVP_PKEY *pkey;
-	EC_KEY *key;
-	const unsigned char *q;
-	q = *pp;
-	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return(NULL);
-	key = EVP_PKEY_get1_EC_KEY(pkey);
-	EVP_PKEY_free(pkey);
-	if (!key)  return(NULL);
-	*pp = q;
-	if (a)
-		{
-		EC_KEY_free(*a);
-		*a = key;
-		}
-	return(key);
-	}
-
-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
-	{
-	EVP_PKEY *pktmp;
-	int ret;
-	if (!a)	return(0);
-	if ((pktmp = EVP_PKEY_new()) == NULL)
-		{
-		ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	EVP_PKEY_set1_EC_KEY(pktmp, a);
-	ret = i2d_PUBKEY(pktmp, pp);
-	EVP_PKEY_free(pktmp);
-	return(ret);
-	}
-#endif
-
-int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
-					int ptype, void *pval,
-					unsigned char *penc, int penclen)
-	{
-	if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
-		return 0;
-	if (penc)
-		{
-		if (pub->public_key->data)
-			OPENSSL_free(pub->public_key->data);
-		pub->public_key->data = penc;
-		pub->public_key->length = penclen;
-  		/* Set number of unused bits to zero */
-		pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-		pub->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-		}
-	return 1;
-	}
-
-int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
-		const unsigned char **pk, int *ppklen,
-		X509_ALGOR **pa,
-		X509_PUBKEY *pub)
-	{
-	if (ppkalg)
-		*ppkalg = pub->algor->algorithm;
-	if (pk)
-		{
-		*pk = pub->public_key->data;
-		*ppklen = pub->public_key->length;
-		}
-	if (pa)
-		*pa = pub->algor;
-	return 1;
-	}
diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c
deleted file mode 100644
index d57555827c..0000000000
--- a/crypto/asn1/x_req.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/* crypto/asn1/x_req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* X509_REQ_INFO is handled in an unusual way to get round
- * invalid encodings. Some broken certificate requests don't
- * encode the attributes field if it is empty. This is in
- * violation of PKCS#10 but we need to tolerate it. We do
- * this by making the attributes field OPTIONAL then using
- * the callback to initialise it to an empty STACK. 
- *
- * This means that the field will be correctly encoded unless
- * we NULL out the field.
- *
- * As a result we no longer need the req_kludge field because
- * the information is now contained in the attributes field:
- * 1. If it is NULL then it's the invalid omission.
- * 2. If it is empty it is the correct encoding.
- * 3. If it is not empty then some attributes are present.
- *
- */
-
-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
-{
-	X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
-
-	if(operation == ASN1_OP_NEW_POST) {
-		rinf->attributes = sk_X509_ATTRIBUTE_new_null();
-		if(!rinf->attributes) return 0;
-	}
-	return 1;
-}
-
-ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
-	ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
-	ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
-	/* This isn't really OPTIONAL but it gets round invalid
-	 * encodings
-	 */
-	ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
-} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
-
-ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
-	ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
-	ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
-	ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c
deleted file mode 100644
index 42efa86c1c..0000000000
--- a/crypto/asn1/x_sig.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/* crypto/asn1/x_sig.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-ASN1_SEQUENCE(X509_SIG) = {
-	ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
-	ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(X509_SIG)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
diff --git a/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c
deleted file mode 100644
index 2aece077c5..0000000000
--- a/crypto/asn1/x_spki.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* crypto/asn1/x_spki.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
- /* This module was send to me my Pat Richards <patr@x509.com> who
-  * wrote it.  It is under my Copyright with his permission
-  */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
-	ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
-	ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
-
-ASN1_SEQUENCE(NETSCAPE_SPKI) = {
-	ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
-	ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
-	ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
diff --git a/crypto/asn1/x_val.c b/crypto/asn1/x_val.c
deleted file mode 100644
index dc17c67758..0000000000
--- a/crypto/asn1/x_val.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/* crypto/asn1/x_val.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-ASN1_SEQUENCE(X509_VAL) = {
-	ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
-	ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
-} ASN1_SEQUENCE_END(X509_VAL)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
deleted file mode 100644
index de3df9eb51..0000000000
--- a/crypto/asn1/x_x509.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/* crypto/asn1/x_x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
-	ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
-	ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
-	ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
-	ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
-	ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
-	ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
-	ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
-	ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
-	ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
-	ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
-} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
-/* X509 top level structure needs a bit of customisation */
-
-extern void policy_cache_free(X509_POLICY_CACHE *cache);
-
-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-								void *exarg)
-{
-	X509 *ret = (X509 *)*pval;
-
-	switch(operation) {
-
-		case ASN1_OP_NEW_POST:
-		ret->valid=0;
-		ret->name = NULL;
-		ret->ex_flags = 0;
-		ret->ex_pathlen = -1;
-		ret->skid = NULL;
-		ret->akid = NULL;
-#ifndef OPENSSL_NO_RFC3779
-		ret->rfc3779_addr = NULL;
-		ret->rfc3779_asid = NULL;
-#endif
-		ret->aux = NULL;
-		ret->crldp = NULL;
-		CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
-		break;
-
-		case ASN1_OP_D2I_POST:
-		if (ret->name != NULL) OPENSSL_free(ret->name);
-		ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
-		break;
-
-		case ASN1_OP_FREE_POST:
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
-		X509_CERT_AUX_free(ret->aux);
-		ASN1_OCTET_STRING_free(ret->skid);
-		AUTHORITY_KEYID_free(ret->akid);
-		CRL_DIST_POINTS_free(ret->crldp);
-		policy_cache_free(ret->policy_cache);
-		GENERAL_NAMES_free(ret->altname);
-		NAME_CONSTRAINTS_free(ret->nc);
-#ifndef OPENSSL_NO_RFC3779
-		sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
-		ASIdentifiers_free(ret->rfc3779_asid);
-#endif
-
-		if (ret->name != NULL) OPENSSL_free(ret->name);
-		break;
-
-	}
-
-	return 1;
-
-}
-
-ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
-	ASN1_SIMPLE(X509, cert_info, X509_CINF),
-	ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
-	ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509, X509)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509)
-
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
-				new_func, dup_func, free_func);
-        }
-
-int X509_set_ex_data(X509 *r, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
-	}
-
-void *X509_get_ex_data(X509 *r, int idx)
-	{
-	return(CRYPTO_get_ex_data(&r->ex_data,idx));
-	}
-
-/* X509_AUX ASN1 routines. X509_AUX is the name given to
- * a certificate with extra info tagged on the end. Since these
- * functions set how a certificate is trusted they should only
- * be used when the certificate comes from a reliable source
- * such as local storage.
- *
- */
-
-X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
-{
-	const unsigned char *q;
-	X509 *ret;
-	/* Save start position */
-	q = *pp;
-	ret = d2i_X509(a, pp, length);
-	/* If certificate unreadable then forget it */
-	if(!ret) return NULL;
-	/* update length */
-	length -= *pp - q;
-	if(!length) return ret;
-	if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
-	return ret;
-	err:
-	X509_free(ret);
-	return NULL;
-}
-
-int i2d_X509_AUX(X509 *a, unsigned char **pp)
-{
-	int length;
-	length = i2d_X509(a, pp);
-	if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
-	return length;
-}
diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c
deleted file mode 100644
index b603f82de7..0000000000
--- a/crypto/asn1/x_x509a.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/* a_x509a.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* X509_CERT_AUX routines. These are used to encode additional
- * user modifiable data about a certificate. This data is
- * appended to the X509 encoding when the *_X509_AUX routines
- * are used. This means that the "traditional" X509 routines
- * will simply ignore the extra data. 
- */
-
-static X509_CERT_AUX *aux_get(X509 *x);
-
-ASN1_SEQUENCE(X509_CERT_AUX) = {
-	ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
-	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
-	ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
-	ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
-	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
-} ASN1_SEQUENCE_END(X509_CERT_AUX)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
-
-static X509_CERT_AUX *aux_get(X509 *x)
-{
-	if(!x) return NULL;
-	if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
-	return x->aux;
-}
-
-int X509_alias_set1(X509 *x, unsigned char *name, int len)
-{
-	X509_CERT_AUX *aux;
-	if (!name)
-		{
-		if (!x || !x->aux || !x->aux->alias)
-			return 1;
-		ASN1_UTF8STRING_free(x->aux->alias);
-		x->aux->alias = NULL;
-		return 1;
-		}
-	if(!(aux = aux_get(x))) return 0;
-	if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
-	return ASN1_STRING_set(aux->alias, name, len);
-}
-
-int X509_keyid_set1(X509 *x, unsigned char *id, int len)
-{
-	X509_CERT_AUX *aux;
-	if (!id)
-		{
-		if (!x || !x->aux || !x->aux->keyid)
-			return 1;
-		ASN1_OCTET_STRING_free(x->aux->keyid);
-		x->aux->keyid = NULL;
-		return 1;
-		}
-	if(!(aux = aux_get(x))) return 0;
-	if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
-	return ASN1_STRING_set(aux->keyid, id, len);
-}
-
-unsigned char *X509_alias_get0(X509 *x, int *len)
-{
-	if(!x->aux || !x->aux->alias) return NULL;
-	if(len) *len = x->aux->alias->length;
-	return x->aux->alias->data;
-}
-
-unsigned char *X509_keyid_get0(X509 *x, int *len)
-{
-	if(!x->aux || !x->aux->keyid) return NULL;
-	if(len) *len = x->aux->keyid->length;
-	return x->aux->keyid->data;
-}
-
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
-{
-	X509_CERT_AUX *aux;
-	ASN1_OBJECT *objtmp;
-	if(!(objtmp = OBJ_dup(obj))) return 0;
-	if(!(aux = aux_get(x))) return 0;
-	if(!aux->trust
-		&& !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
-	return sk_ASN1_OBJECT_push(aux->trust, objtmp);
-}
-
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
-{
-	X509_CERT_AUX *aux;
-	ASN1_OBJECT *objtmp;
-	if(!(objtmp = OBJ_dup(obj))) return 0;
-	if(!(aux = aux_get(x))) return 0;
-	if(!aux->reject
-		&& !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
-	return sk_ASN1_OBJECT_push(aux->reject, objtmp);
-}
-
-void X509_trust_clear(X509 *x)
-{
-	if(x->aux && x->aux->trust) {
-		sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
-		x->aux->trust = NULL;
-	}
-}
-
-void X509_reject_clear(X509 *x)
-{
-	if(x->aux && x->aux->reject) {
-		sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
-		x->aux->reject = NULL;
-	}
-}
-
-ASN1_SEQUENCE(X509_CERT_PAIR) = {
-	ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
-	ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
-} ASN1_SEQUENCE_END(X509_CERT_PAIR)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)
diff --git a/crypto/bf/COPYRIGHT b/crypto/bf/COPYRIGHT
deleted file mode 100644
index 6857223506..0000000000
--- a/crypto/bf/COPYRIGHT
+++ /dev/null
@@ -1,46 +0,0 @@
-Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
-All rights reserved.
-
-This package is an Blowfish implementation written
-by Eric Young (eay@cryptsoft.com).
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to.  The following conditions
-apply to all code found in this distribution.
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-   This product includes software developed by Eric Young (eay@cryptsoft.com)
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-The license and distribution terms for any publically available version or
-derivative of this code cannot be changed.  i.e. this code cannot simply be
-copied and put under another distrubution license
-[including the GNU Public License.]
-
-The reason behind this being stated in this direct manner is past
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.
diff --git a/crypto/bf/asm/bf-586.S b/crypto/bf/asm/bf-586.S
deleted file mode 100644
index aa718d40cd..0000000000
--- a/crypto/bf/asm/bf-586.S
+++ /dev/null
@@ -1,896 +0,0 @@
-.file	"bf-586.s"
-.text
-.globl	BF_encrypt
-.type	BF_encrypt,@function
-.align	16
-BF_encrypt:
-.L_BF_encrypt_begin:
-
-	pushl	%ebp
-	pushl	%ebx
-	movl	12(%esp),%ebx
-	movl	16(%esp),%ebp
-	pushl	%esi
-	pushl	%edi
-
-	movl	(%ebx),%edi
-	movl	4(%ebx),%esi
-	xorl	%eax,%eax
-	movl	(%ebp),%ebx
-	xorl	%ecx,%ecx
-	xorl	%ebx,%edi
-
-
-	movl	4(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	8(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	12(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	16(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	20(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	24(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	28(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	32(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	36(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	40(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	44(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	48(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	52(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	56(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	60(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	64(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-
-	movl	20(%esp),%eax
-	xorl	%ebx,%edi
-	movl	68(%ebp),%edx
-	xorl	%edx,%esi
-	movl	%edi,4(%eax)
-	movl	%esi,(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	BF_encrypt,.-.L_BF_encrypt_begin
-.globl	BF_decrypt
-.type	BF_decrypt,@function
-.align	16
-BF_decrypt:
-.L_BF_decrypt_begin:
-
-	pushl	%ebp
-	pushl	%ebx
-	movl	12(%esp),%ebx
-	movl	16(%esp),%ebp
-	pushl	%esi
-	pushl	%edi
-
-	movl	(%ebx),%edi
-	movl	4(%ebx),%esi
-	xorl	%eax,%eax
-	movl	68(%ebp),%ebx
-	xorl	%ecx,%ecx
-	xorl	%ebx,%edi
-
-
-	movl	64(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	60(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	56(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	52(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	48(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	44(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	40(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	36(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	32(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	28(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	24(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	20(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	16(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	12(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%edi
-
-
-	movl	8(%ebp),%edx
-	movl	%edi,%ebx
-	xorl	%edx,%esi
-	shrl	$16,%ebx
-	movl	%edi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-	xorl	%eax,%eax
-	xorl	%ebx,%esi
-
-
-	movl	4(%ebp),%edx
-	movl	%esi,%ebx
-	xorl	%edx,%edi
-	shrl	$16,%ebx
-	movl	%esi,%edx
-	movb	%bh,%al
-	andl	$255,%ebx
-	movb	%dh,%cl
-	andl	$255,%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,%ebx
-
-	movl	20(%esp),%eax
-	xorl	%ebx,%edi
-	movl	(%ebp),%edx
-	xorl	%edx,%esi
-	movl	%edi,4(%eax)
-	movl	%esi,(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	BF_decrypt,.-.L_BF_decrypt_begin
-.globl	BF_cbc_encrypt
-.type	BF_cbc_encrypt,@function
-.align	16
-BF_cbc_encrypt:
-.L_BF_cbc_encrypt_begin:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),%ebp
-
-	movl	36(%esp),%ebx
-	movl	(%ebx),%esi
-	movl	4(%ebx),%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,%ebx
-	movl	36(%esp),%esi
-	movl	40(%esp),%edi
-
-	movl	56(%esp),%ecx
-
-	movl	48(%esp),%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,%ecx
-	jz	.L000decrypt
-	andl	$4294967288,%ebp
-	movl	8(%esp),%eax
-	movl	12(%esp),%ebx
-	jz	.L001encrypt_finish
-.L002encrypt_loop:
-	movl	(%esi),%ecx
-	movl	4(%esi),%edx
-	xorl	%ecx,%eax
-	xorl	%edx,%ebx
-	bswap	%eax
-	bswap	%ebx
-	movl	%eax,8(%esp)
-	movl	%ebx,12(%esp)
-	call	.L_BF_encrypt_begin
-	movl	8(%esp),%eax
-	movl	12(%esp),%ebx
-	bswap	%eax
-	bswap	%ebx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	addl	$8,%esi
-	addl	$8,%edi
-	subl	$8,%ebp
-	jnz	.L002encrypt_loop
-.L001encrypt_finish:
-	movl	52(%esp),%ebp
-	andl	$7,%ebp
-	jz	.L003finish
-	call	.L004PIC_point
-.L004PIC_point:
-	popl	%edx
-	leal	.L005cbc_enc_jmp_table-.L004PIC_point(%edx),%ecx
-	movl	(%ecx,%ebp,4),%ebp
-	addl	%edx,%ebp
-	xorl	%ecx,%ecx
-	xorl	%edx,%edx
-	jmp	*%ebp
-.L006ej7:
-	movb	6(%esi),%dh
-	shll	$8,%edx
-.L007ej6:
-	movb	5(%esi),%dh
-.L008ej5:
-	movb	4(%esi),%dl
-.L009ej4:
-	movl	(%esi),%ecx
-	jmp	.L010ejend
-.L011ej3:
-	movb	2(%esi),%ch
-	shll	$8,%ecx
-.L012ej2:
-	movb	1(%esi),%ch
-.L013ej1:
-	movb	(%esi),%cl
-.L010ejend:
-	xorl	%ecx,%eax
-	xorl	%edx,%ebx
-	bswap	%eax
-	bswap	%ebx
-	movl	%eax,8(%esp)
-	movl	%ebx,12(%esp)
-	call	.L_BF_encrypt_begin
-	movl	8(%esp),%eax
-	movl	12(%esp),%ebx
-	bswap	%eax
-	bswap	%ebx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	jmp	.L003finish
-.L000decrypt:
-	andl	$4294967288,%ebp
-	movl	16(%esp),%eax
-	movl	20(%esp),%ebx
-	jz	.L014decrypt_finish
-.L015decrypt_loop:
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	bswap	%eax
-	bswap	%ebx
-	movl	%eax,8(%esp)
-	movl	%ebx,12(%esp)
-	call	.L_BF_decrypt_begin
-	movl	8(%esp),%eax
-	movl	12(%esp),%ebx
-	bswap	%eax
-	bswap	%ebx
-	movl	16(%esp),%ecx
-	movl	20(%esp),%edx
-	xorl	%eax,%ecx
-	xorl	%ebx,%edx
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	%ecx,(%edi)
-	movl	%edx,4(%edi)
-	movl	%eax,16(%esp)
-	movl	%ebx,20(%esp)
-	addl	$8,%esi
-	addl	$8,%edi
-	subl	$8,%ebp
-	jnz	.L015decrypt_loop
-.L014decrypt_finish:
-	movl	52(%esp),%ebp
-	andl	$7,%ebp
-	jz	.L003finish
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	bswap	%eax
-	bswap	%ebx
-	movl	%eax,8(%esp)
-	movl	%ebx,12(%esp)
-	call	.L_BF_decrypt_begin
-	movl	8(%esp),%eax
-	movl	12(%esp),%ebx
-	bswap	%eax
-	bswap	%ebx
-	movl	16(%esp),%ecx
-	movl	20(%esp),%edx
-	xorl	%eax,%ecx
-	xorl	%ebx,%edx
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-.L016dj7:
-	rorl	$16,%edx
-	movb	%dl,6(%edi)
-	shrl	$16,%edx
-.L017dj6:
-	movb	%dh,5(%edi)
-.L018dj5:
-	movb	%dl,4(%edi)
-.L019dj4:
-	movl	%ecx,(%edi)
-	jmp	.L020djend
-.L021dj3:
-	rorl	$16,%ecx
-	movb	%cl,2(%edi)
-	shll	$16,%ecx
-.L022dj2:
-	movb	%ch,1(%esi)
-.L023dj1:
-	movb	%cl,(%esi)
-.L020djend:
-	jmp	.L003finish
-.L003finish:
-	movl	60(%esp),%ecx
-	addl	$24,%esp
-	movl	%eax,(%ecx)
-	movl	%ebx,4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align	64
-.L005cbc_enc_jmp_table:
-.long	0
-.long	.L013ej1-.L004PIC_point
-.long	.L012ej2-.L004PIC_point
-.long	.L011ej3-.L004PIC_point
-.long	.L009ej4-.L004PIC_point
-.long	.L008ej5-.L004PIC_point
-.long	.L007ej6-.L004PIC_point
-.long	.L006ej7-.L004PIC_point
-.align	64
-.size	BF_cbc_encrypt,.-.L_BF_cbc_encrypt_begin
diff --git a/crypto/bf/asm/bf-586.pl b/crypto/bf/asm/bf-586.pl
deleted file mode 100644
index b74cfbafd4..0000000000
--- a/crypto/bf/asm/bf-586.pl
+++ /dev/null
@@ -1,137 +0,0 @@
-#!/usr/local/bin/perl
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-require "cbc.pl";
-
-&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386");
-
-$BF_ROUNDS=16;
-$BF_OFF=($BF_ROUNDS+2)*4;
-$L="edi";
-$R="esi";
-$P="ebp";
-$tmp1="eax";
-$tmp2="ebx";
-$tmp3="ecx";
-$tmp4="edx";
-
-&BF_encrypt("BF_encrypt",1);
-&BF_encrypt("BF_decrypt",0);
-&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
-&asm_finish();
-
-sub BF_encrypt
-	{
-	local($name,$enc)=@_;
-
-	&function_begin_B($name,"");
-
-	&comment("");
-
-	&push("ebp");
-	&push("ebx");
-	&mov($tmp2,&wparam(0));
-	&mov($P,&wparam(1));
-	&push("esi");
-	&push("edi");
-
-	&comment("Load the 2 words");
-	&mov($L,&DWP(0,$tmp2,"",0));
-	&mov($R,&DWP(4,$tmp2,"",0));
-
-	&xor(	$tmp1,	$tmp1);
-
-	# encrypting part
-
-	if ($enc)
-		{
-		 &mov($tmp2,&DWP(0,$P,"",0));
-		&xor(	$tmp3,	$tmp3);
-
-		&xor($L,$tmp2);
-		for ($i=0; $i<$BF_ROUNDS; $i+=2)
-			{
-			&comment("");
-			&comment("Round $i");
-			&BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
-
-			&comment("");
-			&comment("Round ".sprintf("%d",$i+1));
-			&BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1);
-			}
-		# &mov($tmp1,&wparam(0)); In last loop
-		&mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
-		}
-	else
-		{
-		 &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
-		&xor(	$tmp3,	$tmp3);
-
-		&xor($L,$tmp2);
-		for ($i=$BF_ROUNDS; $i>0; $i-=2)
-			{
-			&comment("");
-			&comment("Round $i");
-			&BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
-			&comment("");
-			&comment("Round ".sprintf("%d",$i-1));
-			&BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0);
-			}
-		# &mov($tmp1,&wparam(0)); In last loop
-		&mov($tmp4,&DWP(0,$P,"",0));
-		}
-
-	&xor($R,$tmp4);
-	&mov(&DWP(4,$tmp1,"",0),$L);
-
-	&mov(&DWP(0,$tmp1,"",0),$R);
-	&function_end($name);
-	}
-
-sub BF_ENCRYPT
-	{
-	local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_;
-
-	&mov(	$tmp4,		&DWP(&n2a($i*4),$P,"",0)); # for next round
-
-	&mov(	$tmp2,		$R);
-	&xor(	$L,		$tmp4);
-
-	&shr(	$tmp2,		16);
-	&mov(	$tmp4,		$R);
-
-	&movb(	&LB($tmp1),	&HB($tmp2));	# A
-	&and(	$tmp2,		0xff);		# B
-
-	&movb(	&LB($tmp3),	&HB($tmp4));	# C
-	&and(	$tmp4,		0xff);		# D
-
-	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
-	&mov(	$tmp2,		&DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
-
-	&add(	$tmp2,		$tmp1);
-	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4));
-
-	&xor(	$tmp2,		$tmp1);
-	&mov(	$tmp4,		&DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4));
-
-	&add(	$tmp2,		$tmp4);
-	if (($enc && ($i != 16)) || ((!$enc) && ($i != 1)))
-		{ &xor(	$tmp1,		$tmp1); }
-	else
-		{
-		&comment("Load parameter 0 ($i) enc=$enc");
-		&mov($tmp1,&wparam(0));
-		} # In last loop
-
-	&xor(	$L,		$tmp2);
-	# delay
-	}
-
-sub n2a
-	{
-	sprintf("%d",$_[0]);
-	}
-
diff --git a/crypto/bf/asm/bf-686.pl b/crypto/bf/asm/bf-686.pl
deleted file mode 100644
index 8e4c25f598..0000000000
--- a/crypto/bf/asm/bf-686.pl
+++ /dev/null
@@ -1,127 +0,0 @@
-#!/usr/local/bin/perl
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-require "cbc.pl";
-
-&asm_init($ARGV[0],"bf-686.pl");
-
-$BF_ROUNDS=16;
-$BF_OFF=($BF_ROUNDS+2)*4;
-$L="ecx";
-$R="edx";
-$P="edi";
-$tot="esi";
-$tmp1="eax";
-$tmp2="ebx";
-$tmp3="ebp";
-
-&des_encrypt("BF_encrypt",1);
-&des_encrypt("BF_decrypt",0);
-&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
-
-&asm_finish();
-
-&file_end();
-
-sub des_encrypt
-	{
-	local($name,$enc)=@_;
-
-	&function_begin($name,"");
-
-	&comment("");
-	&comment("Load the 2 words");
-	&mov("eax",&wparam(0));
-	&mov($L,&DWP(0,"eax","",0));
-	&mov($R,&DWP(4,"eax","",0));
-
-	&comment("");
-	&comment("P pointer, s and enc flag");
-	&mov($P,&wparam(1));
-
-	&xor(	$tmp1,	$tmp1);
-	&xor(	$tmp2,	$tmp2);
-
-	# encrypting part
-
-	if ($enc)
-		{
-		&xor($L,&DWP(0,$P,"",0));
-		for ($i=0; $i<$BF_ROUNDS; $i+=2)
-			{
-			&comment("");
-			&comment("Round $i");
-			&BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
-
-			&comment("");
-			&comment("Round ".sprintf("%d",$i+1));
-			&BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
-			}
-		&xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
-
-		&mov("eax",&wparam(0));
-		&mov(&DWP(0,"eax","",0),$R);
-		&mov(&DWP(4,"eax","",0),$L);
-		&function_end_A($name);
-		}
-	else
-		{
-		&xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
-		for ($i=$BF_ROUNDS; $i>0; $i-=2)
-			{
-			&comment("");
-			&comment("Round $i");
-			&BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
-			&comment("");
-			&comment("Round ".sprintf("%d",$i-1));
-			&BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
-			}
-		&xor($R,&DWP(0,$P,"",0));
-
-		&mov("eax",&wparam(0));
-		&mov(&DWP(0,"eax","",0),$R);
-		&mov(&DWP(4,"eax","",0),$L);
-		&function_end_A($name);
-		}
-
-	&function_end_B($name);
-	}
-
-sub BF_ENCRYPT
-	{
-	local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_;
-
-	&rotr(	$R,		16);
-	&mov(	$tot,		&DWP(&n2a($i*4),$P,"",0));
-
-	&movb(	&LB($tmp1),	&HB($R));
-	&movb(	&LB($tmp2),	&LB($R));
-
-	&rotr(	$R,		16);
-	&xor(	$L,		$tot);
-
-	&mov(	$tot,		&DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
-	&mov(	$tmp3,		&DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
-
-	&movb(	&LB($tmp1),	&HB($R));
-	&movb(	&LB($tmp2),	&LB($R));
-
-	&add(	$tot,		$tmp3);
-	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay
-
-	&xor(	$tot,		$tmp1);
-	&mov(	$tmp3,		&DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4));
-
-	&add(	$tot,		$tmp3);
-	&xor(	$tmp1,		$tmp1);
-
-	&xor(	$L,		$tot);					
-	# delay
-	}
-
-sub n2a
-	{
-	sprintf("%d",$_[0]);
-	}
-
diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c
deleted file mode 100644
index 6451c8d407..0000000000
--- a/crypto/bf/bf_cfb64.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/bf/bf_cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
-	{
-	register BF_LONG v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	BF_LONG ti[2];
-	unsigned char *iv,c,cc;
-
-	iv=(unsigned char *)ivec;
-	if (encrypt)
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				n2l(iv,v0); ti[0]=v0;
-				n2l(iv,v1); ti[1]=v1;
-				BF_encrypt((BF_LONG *)ti,schedule);
-				iv=(unsigned char *)ivec;
-				t=ti[0]; l2n(t,iv);
-				t=ti[1]; l2n(t,iv);
-				iv=(unsigned char *)ivec;
-				}
-			c= *(in++)^iv[n];
-			*(out++)=c;
-			iv[n]=c;
-			n=(n+1)&0x07;
-			}
-		}
-	else
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				n2l(iv,v0); ti[0]=v0;
-				n2l(iv,v1); ti[1]=v1;
-				BF_encrypt((BF_LONG *)ti,schedule);
-				iv=(unsigned char *)ivec;
-				t=ti[0]; l2n(t,iv);
-				t=ti[1]; l2n(t,iv);
-				iv=(unsigned char *)ivec;
-				}
-			cc= *(in++);
-			c=iv[n];
-			iv[n]=cc;
-			*(out++)=c^cc;
-			n=(n+1)&0x07;
-			}
-		}
-	v0=v1=ti[0]=ti[1]=t=c=cc=0;
-	*num=n;
-	}
-
diff --git a/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c
deleted file mode 100644
index 1607cefa32..0000000000
--- a/crypto/bf/bf_ecb.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/* crypto/bf/bf_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-#include <openssl/opensslv.h>
-
-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
- */
-
-const char BF_version[]="Blowfish" OPENSSL_VERSION_PTEXT;
-
-const char *BF_options(void)
-	{
-#ifdef BF_PTR
-	return("blowfish(ptr)");
-#elif defined(BF_PTR2)
-	return("blowfish(ptr2)");
-#else
-	return("blowfish(idx)");
-#endif
-	}
-
-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-	     const BF_KEY *key, int encrypt)
-	{
-	BF_LONG l,d[2];
-
-	n2l(in,l); d[0]=l;
-	n2l(in,l); d[1]=l;
-	if (encrypt)
-		BF_encrypt(d,key);
-	else
-		BF_decrypt(d,key);
-	l=d[0]; l2n(l,out);
-	l=d[1]; l2n(l,out);
-	l=d[0]=d[1]=0;
-	}
-
diff --git a/crypto/bf/bf_enc.c b/crypto/bf/bf_enc.c
deleted file mode 100644
index 2d21d09f42..0000000000
--- a/crypto/bf/bf_enc.c
+++ /dev/null
@@ -1,306 +0,0 @@
-/* crypto/bf/bf_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-
-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
- */
-
-#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
-#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
-to modify the code.
-#endif
-
-void BF_encrypt(BF_LONG *data, const BF_KEY *key)
-	{
-#ifndef BF_PTR2
-	register BF_LONG l,r;
-	register const BF_LONG *p,*s;
-
-	p=key->P;
-	s= &(key->S[0]);
-	l=data[0];
-	r=data[1];
-
-	l^=p[0];
-	BF_ENC(r,l,s,p[ 1]);
-	BF_ENC(l,r,s,p[ 2]);
-	BF_ENC(r,l,s,p[ 3]);
-	BF_ENC(l,r,s,p[ 4]);
-	BF_ENC(r,l,s,p[ 5]);
-	BF_ENC(l,r,s,p[ 6]);
-	BF_ENC(r,l,s,p[ 7]);
-	BF_ENC(l,r,s,p[ 8]);
-	BF_ENC(r,l,s,p[ 9]);
-	BF_ENC(l,r,s,p[10]);
-	BF_ENC(r,l,s,p[11]);
-	BF_ENC(l,r,s,p[12]);
-	BF_ENC(r,l,s,p[13]);
-	BF_ENC(l,r,s,p[14]);
-	BF_ENC(r,l,s,p[15]);
-	BF_ENC(l,r,s,p[16]);
-#if BF_ROUNDS == 20
-	BF_ENC(r,l,s,p[17]);
-	BF_ENC(l,r,s,p[18]);
-	BF_ENC(r,l,s,p[19]);
-	BF_ENC(l,r,s,p[20]);
-#endif
-	r^=p[BF_ROUNDS+1];
-
-	data[1]=l&0xffffffffL;
-	data[0]=r&0xffffffffL;
-#else
-	register BF_LONG l,r,t,*k;
-
-	l=data[0];
-	r=data[1];
-	k=(BF_LONG*)key;
-
-	l^=k[0];
-	BF_ENC(r,l,k, 1);
-	BF_ENC(l,r,k, 2);
-	BF_ENC(r,l,k, 3);
-	BF_ENC(l,r,k, 4);
-	BF_ENC(r,l,k, 5);
-	BF_ENC(l,r,k, 6);
-	BF_ENC(r,l,k, 7);
-	BF_ENC(l,r,k, 8);
-	BF_ENC(r,l,k, 9);
-	BF_ENC(l,r,k,10);
-	BF_ENC(r,l,k,11);
-	BF_ENC(l,r,k,12);
-	BF_ENC(r,l,k,13);
-	BF_ENC(l,r,k,14);
-	BF_ENC(r,l,k,15);
-	BF_ENC(l,r,k,16);
-#if BF_ROUNDS == 20
-	BF_ENC(r,l,k,17);
-	BF_ENC(l,r,k,18);
-	BF_ENC(r,l,k,19);
-	BF_ENC(l,r,k,20);
-#endif
-	r^=k[BF_ROUNDS+1];
-
-	data[1]=l&0xffffffffL;
-	data[0]=r&0xffffffffL;
-#endif
-	}
-
-#ifndef BF_DEFAULT_OPTIONS
-
-void BF_decrypt(BF_LONG *data, const BF_KEY *key)
-	{
-#ifndef BF_PTR2
-	register BF_LONG l,r;
-	register const BF_LONG *p,*s;
-
-	p=key->P;
-	s= &(key->S[0]);
-	l=data[0];
-	r=data[1];
-
-	l^=p[BF_ROUNDS+1];
-#if BF_ROUNDS == 20
-	BF_ENC(r,l,s,p[20]);
-	BF_ENC(l,r,s,p[19]);
-	BF_ENC(r,l,s,p[18]);
-	BF_ENC(l,r,s,p[17]);
-#endif
-	BF_ENC(r,l,s,p[16]);
-	BF_ENC(l,r,s,p[15]);
-	BF_ENC(r,l,s,p[14]);
-	BF_ENC(l,r,s,p[13]);
-	BF_ENC(r,l,s,p[12]);
-	BF_ENC(l,r,s,p[11]);
-	BF_ENC(r,l,s,p[10]);
-	BF_ENC(l,r,s,p[ 9]);
-	BF_ENC(r,l,s,p[ 8]);
-	BF_ENC(l,r,s,p[ 7]);
-	BF_ENC(r,l,s,p[ 6]);
-	BF_ENC(l,r,s,p[ 5]);
-	BF_ENC(r,l,s,p[ 4]);
-	BF_ENC(l,r,s,p[ 3]);
-	BF_ENC(r,l,s,p[ 2]);
-	BF_ENC(l,r,s,p[ 1]);
-	r^=p[0];
-
-	data[1]=l&0xffffffffL;
-	data[0]=r&0xffffffffL;
-#else
-	register BF_LONG l,r,t,*k;
-
-	l=data[0];
-	r=data[1];
-	k=(BF_LONG *)key;
-
-	l^=k[BF_ROUNDS+1];
-#if BF_ROUNDS == 20
-	BF_ENC(r,l,k,20);
-	BF_ENC(l,r,k,19);
-	BF_ENC(r,l,k,18);
-	BF_ENC(l,r,k,17);
-#endif
-	BF_ENC(r,l,k,16);
-	BF_ENC(l,r,k,15);
-	BF_ENC(r,l,k,14);
-	BF_ENC(l,r,k,13);
-	BF_ENC(r,l,k,12);
-	BF_ENC(l,r,k,11);
-	BF_ENC(r,l,k,10);
-	BF_ENC(l,r,k, 9);
-	BF_ENC(r,l,k, 8);
-	BF_ENC(l,r,k, 7);
-	BF_ENC(r,l,k, 6);
-	BF_ENC(l,r,k, 5);
-	BF_ENC(r,l,k, 4);
-	BF_ENC(l,r,k, 3);
-	BF_ENC(r,l,k, 2);
-	BF_ENC(l,r,k, 1);
-	r^=k[0];
-
-	data[1]=l&0xffffffffL;
-	data[0]=r&0xffffffffL;
-#endif
-	}
-
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     const BF_KEY *schedule, unsigned char *ivec, int encrypt)
-	{
-	register BF_LONG tin0,tin1;
-	register BF_LONG tout0,tout1,xor0,xor1;
-	register long l=length;
-	BF_LONG tin[2];
-
-	if (encrypt)
-		{
-		n2l(ivec,tout0);
-		n2l(ivec,tout1);
-		ivec-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			BF_encrypt(tin,schedule);
-			tout0=tin[0];
-			tout1=tin[1];
-			l2n(tout0,out);
-			l2n(tout1,out);
-			}
-		if (l != -8)
-			{
-			n2ln(in,tin0,tin1,l+8);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			BF_encrypt(tin,schedule);
-			tout0=tin[0];
-			tout1=tin[1];
-			l2n(tout0,out);
-			l2n(tout1,out);
-			}
-		l2n(tout0,ivec);
-		l2n(tout1,ivec);
-		}
-	else
-		{
-		n2l(ivec,xor0);
-		n2l(ivec,xor1);
-		ivec-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin[0]=tin0;
-			tin[1]=tin1;
-			BF_decrypt(tin,schedule);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2n(tout0,out);
-			l2n(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin[0]=tin0;
-			tin[1]=tin1;
-			BF_decrypt(tin,schedule);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2nn(tout0,tout1,out,l+8);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		l2n(xor0,ivec);
-		l2n(xor1,ivec);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
-
-#endif
diff --git a/crypto/bf/bf_locl.h b/crypto/bf/bf_locl.h
deleted file mode 100644
index cc7c3ec992..0000000000
--- a/crypto/bf/bf_locl.h
+++ /dev/null
@@ -1,219 +0,0 @@
-/* crypto/bf/bf_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BF_LOCL_H
-#define HEADER_BF_LOCL_H
-#include <openssl/opensslconf.h> /* BF_PTR, BF_PTR2 */
-
-#undef c2l
-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
-			 l|=((unsigned long)(*((c)++)))<< 8L, \
-			 l|=((unsigned long)(*((c)++)))<<16L, \
-			 l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#undef c2ln
-#define c2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
-			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
-			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-			case 5: l2|=((unsigned long)(*(--(c))));     \
-			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
-			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
-			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-			case 1: l1|=((unsigned long)(*(--(c))));     \
-				} \
-			}
-
-#undef l2c
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-				} \
-			}
-
-/* NOTE - c is not incremented as per n2l */
-#define n2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))    ; \
-			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
-			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
-			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
-			case 4: l1 =((unsigned long)(*(--(c))))    ; \
-			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
-			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
-			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
-				} \
-			}
-
-/* NOTE - c is not incremented as per l2n */
-#define l2nn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-				} \
-			}
-
-#undef n2l
-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++))))
-
-#undef l2n
-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)     )&0xff))
-
-/* This is actually a big endian algorithm, the most significant byte
- * is used to lookup array 0 */
-
-#if defined(BF_PTR2)
-
-/*
- * This is basically a special Intel version. Point is that Intel
- * doesn't have many registers, but offers a reach choice of addressing
- * modes. So we spare some registers by directly traversing BF_KEY
- * structure and hiring the most decorated addressing mode. The code
- * generated by EGCS is *perfectly* competitive with assembler
- * implementation!
- */
-#define BF_ENC(LL,R,KEY,Pi) (\
-	LL^=KEY[Pi], \
-	t=  KEY[BF_ROUNDS+2 +   0 + ((R>>24)&0xFF)], \
-	t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \
-	t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \
-	t+= KEY[BF_ROUNDS+2 + 768 + ((R    )&0xFF)], \
-	LL^=t \
-	)
-
-#elif defined(BF_PTR)
-
-#ifndef BF_LONG_LOG2
-#define BF_LONG_LOG2  2       /* default to BF_LONG being 32 bits */
-#endif
-#define BF_M  (0xFF<<BF_LONG_LOG2)
-#define BF_0  (24-BF_LONG_LOG2)
-#define BF_1  (16-BF_LONG_LOG2)
-#define BF_2  ( 8-BF_LONG_LOG2)
-#define BF_3  BF_LONG_LOG2 /* left shift */
-
-/*
- * This is normally very good on RISC platforms where normally you
- * have to explicitly "multiply" array index by sizeof(BF_LONG)
- * in order to calculate the effective address. This implementation
- * excuses CPU from this extra work. Power[PC] uses should have most
- * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely
- * rlwinm. So let'em double-check if their compiler does it.
- */
-
-#define BF_ENC(LL,R,S,P) ( \
-	LL^=P, \
-	LL^= (((*(BF_LONG *)((unsigned char *)&(S[  0])+((R>>BF_0)&BF_M))+ \
-		*(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
-		*(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
-		*(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M))) \
-	)
-#else
-
-/*
- * This is a *generic* version. Seem to perform best on platforms that
- * offer explicit support for extraction of 8-bit nibbles preferably
- * complemented with "multiplying" of array index by sizeof(BF_LONG).
- * For the moment of this writing the list comprises Alpha CPU featuring
- * extbl and s[48]addq instructions.
- */
-
-#define BF_ENC(LL,R,S,P) ( \
-	LL^=P, \
-	LL^=(((	S[       ((int)(R>>24)&0xff)] + \
-		S[0x0100+((int)(R>>16)&0xff)])^ \
-		S[0x0200+((int)(R>> 8)&0xff)])+ \
-		S[0x0300+((int)(R    )&0xff)])&0xffffffffL \
-	)
-#endif
-
-#endif
diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c
deleted file mode 100644
index f2a9ff6e41..0000000000
--- a/crypto/bf/bf_ofb64.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/* crypto/bf/bf_ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     const BF_KEY *schedule, unsigned char *ivec, int *num)
-	{
-	register BF_LONG v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	unsigned char d[8];
-	register char *dp;
-	BF_LONG ti[2];
-	unsigned char *iv;
-	int save=0;
-
-	iv=(unsigned char *)ivec;
-	n2l(iv,v0);
-	n2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	dp=(char *)d;
-	l2n(v0,dp);
-	l2n(v1,dp);
-	while (l--)
-		{
-		if (n == 0)
-			{
-			BF_encrypt((BF_LONG *)ti,schedule);
-			dp=(char *)d;
-			t=ti[0]; l2n(t,dp);
-			t=ti[1]; l2n(t,dp);
-			save++;
-			}
-		*(out++)= *(in++)^d[n];
-		n=(n+1)&0x07;
-		}
-	if (save)
-		{
-		v0=ti[0];
-		v1=ti[1];
-		iv=(unsigned char *)ivec;
-		l2n(v0,iv);
-		l2n(v1,iv);
-		}
-	t=v0=v1=ti[0]=ti[1]=0;
-	*num=n;
-	}
-
diff --git a/crypto/bf/bf_pi.h b/crypto/bf/bf_pi.h
deleted file mode 100644
index 9949513c68..0000000000
--- a/crypto/bf/bf_pi.h
+++ /dev/null
@@ -1,325 +0,0 @@
-/* crypto/bf/bf_pi.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-static const BF_KEY bf_init= {
-	{
-	0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
-	0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
-	0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
-	0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
-	0x9216d5d9L, 0x8979fb1b
-	},{
-	0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 
-	0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 
-	0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, 
-	0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, 
-	0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, 
-	0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 
-	0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, 
-	0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, 
-	0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, 
-	0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, 
-	0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 
-	0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 
-	0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, 
-	0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, 
-	0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, 
-	0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 
-	0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 
-	0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, 
-	0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, 
-	0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, 
-	0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 
-	0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 
-	0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, 
-	0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, 
-	0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, 
-	0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 
-	0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 
-	0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, 
-	0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, 
-	0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, 
-	0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 
-	0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 
-	0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, 
-	0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, 
-	0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, 
-	0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 
-	0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 
-	0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, 
-	0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, 
-	0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, 
-	0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 
-	0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 
-	0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, 
-	0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, 
-	0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, 
-	0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 
-	0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 
-	0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, 
-	0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, 
-	0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, 
-	0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 
-	0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 
-	0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, 
-	0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, 
-	0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, 
-	0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 
-	0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 
-	0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, 
-	0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, 
-	0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, 
-	0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 
-	0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 
-	0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, 
-	0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, 
-	0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, 
-	0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 
-	0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 
-	0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, 
-	0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, 
-	0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, 
-	0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 
-	0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 
-	0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, 
-	0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, 
-	0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, 
-	0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 
-	0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 
-	0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, 
-	0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, 
-	0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, 
-	0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 
-	0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 
-	0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, 
-	0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, 
-	0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, 
-	0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 
-	0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 
-	0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, 
-	0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, 
-	0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, 
-	0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 
-	0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 
-	0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, 
-	0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, 
-	0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, 
-	0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 
-	0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 
-	0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, 
-	0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, 
-	0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, 
-	0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 
-	0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 
-	0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, 
-	0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, 
-	0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, 
-	0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 
-	0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 
-	0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, 
-	0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, 
-	0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, 
-	0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 
-	0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 
-	0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, 
-	0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, 
-	0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, 
-	0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 
-	0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 
-	0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, 
-	0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, 
-	0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, 
-	0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 
-	0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 
-	0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, 
-	0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, 
-	0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, 
-	0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 
-	0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 
-	0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, 
-	0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, 
-	0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, 
-	0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 
-	0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, 
-	0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, 
-	0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, 
-	0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, 
-	0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 
-	0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 
-	0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, 
-	0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, 
-	0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, 
-	0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 
-	0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 
-	0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, 
-	0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, 
-	0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, 
-	0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 
-	0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 
-	0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, 
-	0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, 
-	0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, 
-	0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 
-	0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 
-	0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, 
-	0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, 
-	0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, 
-	0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 
-	0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 
-	0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, 
-	0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, 
-	0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, 
-	0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 
-	0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 
-	0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, 
-	0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, 
-	0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, 
-	0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 
-	0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 
-	0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, 
-	0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, 
-	0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, 
-	0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 
-	0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 
-	0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, 
-	0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, 
-	0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, 
-	0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 
-	0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 
-	0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, 
-	0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, 
-	0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, 
-	0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 
-	0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 
-	0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, 
-	0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, 
-	0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, 
-	0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 
-	0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 
-	0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, 
-	0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, 
-	0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, 
-	0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 
-	0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, 
-	0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, 
-	0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, 
-	0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, 
-	0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 
-	0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 
-	0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, 
-	0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, 
-	0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, 
-	0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 
-	0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 
-	0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, 
-	0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, 
-	0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, 
-	0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 
-	0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 
-	0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, 
-	0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, 
-	0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, 
-	0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 
-	0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 
-	0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, 
-	0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, 
-	0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, 
-	0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 
-	0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 
-	0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, 
-	0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, 
-	0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, 
-	0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 
-	0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 
-	0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, 
-	0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, 
-	0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, 
-	0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 
-	0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 
-	0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, 
-	0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, 
-	0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, 
-	0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 
-	0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 
-	0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, 
-	0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, 
-	0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, 
-	0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 
-	0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 
-	0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, 
-	0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, 
-	0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, 
-	0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 
-	0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 
-	0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, 
-	0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, 
-	0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, 
-	0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 
-	0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 
-	0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, 
-	0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, 
-	0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, 
-	0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 
-	0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 
-	0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, 
-	0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, 
-	0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, 
-	0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, 
-	}
-	};
-
diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c
deleted file mode 100644
index 3b0bca41ae..0000000000
--- a/crypto/bf/bf_skey.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/* crypto/bf/bf_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-#include "bf_pi.h"
-
-void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
-#ifdef OPENSSL_FIPS
-	{
-	fips_cipher_abort(BLOWFISH);
-	private_BF_set_key(key, len, data);
-	}
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data)
-#endif
-	{
-	int i;
-	BF_LONG *p,ri,in[2];
-	const unsigned char *d,*end;
-
-
-	memcpy(key,&bf_init,sizeof(BF_KEY));
-	p=key->P;
-
-	if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
-
-	d=data;
-	end= &(data[len]);
-	for (i=0; i<(BF_ROUNDS+2); i++)
-		{
-		ri= *(d++);
-		if (d >= end) d=data;
-
-		ri<<=8;
-		ri|= *(d++);
-		if (d >= end) d=data;
-
-		ri<<=8;
-		ri|= *(d++);
-		if (d >= end) d=data;
-
-		ri<<=8;
-		ri|= *(d++);
-		if (d >= end) d=data;
-
-		p[i]^=ri;
-		}
-
-	in[0]=0L;
-	in[1]=0L;
-	for (i=0; i<(BF_ROUNDS+2); i+=2)
-		{
-		BF_encrypt(in,key);
-		p[i  ]=in[0];
-		p[i+1]=in[1];
-		}
-
-	p=key->S;
-	for (i=0; i<4*256; i+=2)
-		{
-		BF_encrypt(in,key);
-		p[i  ]=in[0];
-		p[i+1]=in[1];
-		}
-	}
-
diff --git a/crypto/bf/blowfish.h b/crypto/bf/blowfish.h
deleted file mode 100644
index 4b6c8920a4..0000000000
--- a/crypto/bf/blowfish.h
+++ /dev/null
@@ -1,129 +0,0 @@
-/* crypto/bf/blowfish.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BLOWFISH_H
-#define HEADER_BLOWFISH_H
-
-#include <openssl/e_os2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_BF
-#error BF is disabled.
-#endif
-
-#define BF_ENCRYPT	1
-#define BF_DECRYPT	0
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! BF_LONG_LOG2 has to be defined along.                        !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(__LP32__)
-#define BF_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define BF_LONG unsigned long
-#define BF_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- *					<appro@fy.chalmers.se>
- */
-#else
-#define BF_LONG unsigned int
-#endif
-
-#define BF_ROUNDS	16
-#define BF_BLOCK	8
-
-typedef struct bf_key_st
-	{
-	BF_LONG P[BF_ROUNDS+2];
-	BF_LONG S[4*256];
-	} BF_KEY;
-
-#ifdef OPENSSL_FIPS 
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-#endif
-void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-
-void BF_encrypt(BF_LONG *data,const BF_KEY *key);
-void BF_decrypt(BF_LONG *data,const BF_KEY *key);
-
-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-	const BF_KEY *key, int enc);
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	const BF_KEY *schedule, unsigned char *ivec, int enc);
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-	const BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-	const BF_KEY *schedule, unsigned char *ivec, int *num);
-const char *BF_options(void);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c
deleted file mode 100644
index c80ecc4295..0000000000
--- a/crypto/bio/b_dump.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/* crypto/bio/b_dump.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 
- * Stolen from tjh's ssl/ssl_trc.c stuff.
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bio_lcl.h"
-
-#define TRUNCATE
-#define DUMP_WIDTH	16
-#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
-
-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
-	void *u, const char *s, int len)
-	{
-	return BIO_dump_indent_cb(cb, u, s, len, 0);
-	}
-
-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
-	void *u, const char *s, int len, int indent)
-	{
-	int ret=0;
-	char buf[288+1],tmp[20],str[128+1];
-	int i,j,rows,trc;
-	unsigned char ch;
-	int dump_width;
-
-	trc=0;
-
-#ifdef TRUNCATE
-	for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--)
-		trc++;
-#endif
-
-	if (indent < 0)
-		indent = 0;
-	if (indent)
-		{
-		if (indent > 128) indent=128;
-		memset(str,' ',indent);
-		}
-	str[indent]='\0';
-
-	dump_width=DUMP_WIDTH_LESS_INDENT(indent);
-	rows=(len/dump_width);
-	if ((rows*dump_width)<len)
-		rows++;
-	for(i=0;i<rows;i++)
-		{
-		buf[0]='\0';	/* start with empty string */
-		BUF_strlcpy(buf,str,sizeof buf);
-		BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
-		BUF_strlcat(buf,tmp,sizeof buf);
-		for(j=0;j<dump_width;j++)
-			{
-			if (((i*dump_width)+j)>=len)
-				{
-				BUF_strlcat(buf,"   ",sizeof buf);
-				}
-			else
-				{
-				ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
-				BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
-					j==7?'-':' ');
-				BUF_strlcat(buf,tmp,sizeof buf);
-				}
-			}
-		BUF_strlcat(buf,"  ",sizeof buf);
-		for(j=0;j<dump_width;j++)
-			{
-			if (((i*dump_width)+j)>=len)
-				break;
-			ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
-#ifndef CHARSET_EBCDIC
-			BIO_snprintf(tmp,sizeof tmp,"%c",
-				((ch>=' ')&&(ch<='~'))?ch:'.');
-#else
-			BIO_snprintf(tmp,sizeof tmp,"%c",
-				((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
-				? os_toebcdic[ch]
-				: '.');
-#endif
-			BUF_strlcat(buf,tmp,sizeof buf);
-			}
-		BUF_strlcat(buf,"\n",sizeof buf);
-		/* if this is the last call then update the ddt_dump thing so
-		 * that we will move the selection point in the debug window
-		 */
-		ret+=cb((void *)buf,strlen(buf),u);
-		}
-#ifdef TRUNCATE
-	if (trc > 0)
-		{
-		BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
-			len+trc);
-		ret+=cb((void *)buf,strlen(buf),u);
-		}
-#endif
-	return(ret);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-static int write_fp(const void *data, size_t len, void *fp)
-	{
-	return UP_fwrite(data, len, 1, fp);
-	}
-int BIO_dump_fp(FILE *fp, const char *s, int len)
-	{
-	return BIO_dump_cb(write_fp, fp, s, len);
-	}
-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)
-	{
-	return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
-	}
-#endif
-
-static int write_bio(const void *data, size_t len, void *bp)
-	{
-	return BIO_write((BIO *)bp, (const char *)data, len);
-	}
-int BIO_dump(BIO *bp, const char *s, int len)
-	{
-	return BIO_dump_cb(write_bio, bp, s, len);
-	}
-int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
-	{
-	return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
-	}
-
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
deleted file mode 100644
index 143a7cfefa..0000000000
--- a/crypto/bio/b_print.c
+++ /dev/null
@@ -1,842 +0,0 @@
-/* crypto/bio/b_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* disable assert() unless BIO_DEBUG has been defined */
-#ifndef BIO_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
-/* 
- * Stolen from tjh's ssl/ssl_trc.c stuff.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include <assert.h>
-#include <limits.h>
-#include "cryptlib.h"
-#ifndef NO_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#include <openssl/bn.h>         /* To get BN_LLONG properly defined */
-#include <openssl/bio.h>
-
-#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT)
-# ifndef HAVE_LONG_LONG
-#  define HAVE_LONG_LONG 1
-# endif
-#endif
-
-/***************************************************************************/
-
-/*
- * Copyright Patrick Powell 1995
- * This code is based on code written by Patrick Powell <papowell@astart.com>
- * It may be used for any purpose as long as this notice remains intact
- * on all source code distributions.
- */
-
-/*
- * This code contains numerious changes and enhancements which were
- * made by lots of contributors over the last years to Patrick Powell's
- * original code:
- *
- * o Patrick Powell <papowell@astart.com>      (1995)
- * o Brandon Long <blong@fiction.net>          (1996, for Mutt)
- * o Thomas Roessler <roessler@guug.de>        (1998, for Mutt)
- * o Michael Elkins <me@cs.hmc.edu>            (1998, for Mutt)
- * o Andrew Tridgell <tridge@samba.org>        (1998, for Samba)
- * o Luke Mewburn <lukem@netbsd.org>           (1999, for LukemFTP)
- * o Ralf S. Engelschall <rse@engelschall.com> (1999, for Pth)
- * o ...                                       (for OpenSSL)
- */
-
-#ifdef HAVE_LONG_DOUBLE
-#define LDOUBLE long double
-#else
-#define LDOUBLE double
-#endif
-
-#ifdef HAVE_LONG_LONG
-# if defined(_WIN32) && !defined(__GNUC__)
-# define LLONG __int64
-# else
-# define LLONG long long
-# endif
-#else
-#define LLONG long
-#endif
-
-static void fmtstr     (char **, char **, size_t *, size_t *,
-			const char *, int, int, int);
-static void fmtint     (char **, char **, size_t *, size_t *,
-			LLONG, int, int, int, int);
-static void fmtfp      (char **, char **, size_t *, size_t *,
-			LDOUBLE, int, int, int);
-static void doapr_outch (char **, char **, size_t *, size_t *, int);
-static void _dopr(char **sbuffer, char **buffer,
-		  size_t *maxlen, size_t *retlen, int *truncated,
-		  const char *format, va_list args);
-
-/* format read states */
-#define DP_S_DEFAULT    0
-#define DP_S_FLAGS      1
-#define DP_S_MIN        2
-#define DP_S_DOT        3
-#define DP_S_MAX        4
-#define DP_S_MOD        5
-#define DP_S_CONV       6
-#define DP_S_DONE       7
-
-/* format flags - Bits */
-#define DP_F_MINUS      (1 << 0)
-#define DP_F_PLUS       (1 << 1)
-#define DP_F_SPACE      (1 << 2)
-#define DP_F_NUM        (1 << 3)
-#define DP_F_ZERO       (1 << 4)
-#define DP_F_UP         (1 << 5)
-#define DP_F_UNSIGNED   (1 << 6)
-
-/* conversion flags */
-#define DP_C_SHORT      1
-#define DP_C_LONG       2
-#define DP_C_LDOUBLE    3
-#define DP_C_LLONG      4
-
-/* some handy macros */
-#define char_to_int(p) (p - '0')
-#define OSSL_MAX(p,q) ((p >= q) ? p : q)
-
-static void
-_dopr(
-    char **sbuffer,
-    char **buffer,
-    size_t *maxlen,
-    size_t *retlen,
-    int *truncated,
-    const char *format,
-    va_list args)
-{
-    char ch;
-    LLONG value;
-    LDOUBLE fvalue;
-    char *strvalue;
-    int min;
-    int max;
-    int state;
-    int flags;
-    int cflags;
-    size_t currlen;
-
-    state = DP_S_DEFAULT;
-    flags = currlen = cflags = min = 0;
-    max = -1;
-    ch = *format++;
-
-    while (state != DP_S_DONE) {
-        if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
-            state = DP_S_DONE;
-
-        switch (state) {
-        case DP_S_DEFAULT:
-            if (ch == '%')
-                state = DP_S_FLAGS;
-            else
-                doapr_outch(sbuffer,buffer, &currlen, maxlen, ch);
-            ch = *format++;
-            break;
-        case DP_S_FLAGS:
-            switch (ch) {
-            case '-':
-                flags |= DP_F_MINUS;
-                ch = *format++;
-                break;
-            case '+':
-                flags |= DP_F_PLUS;
-                ch = *format++;
-                break;
-            case ' ':
-                flags |= DP_F_SPACE;
-                ch = *format++;
-                break;
-            case '#':
-                flags |= DP_F_NUM;
-                ch = *format++;
-                break;
-            case '0':
-                flags |= DP_F_ZERO;
-                ch = *format++;
-                break;
-            default:
-                state = DP_S_MIN;
-                break;
-            }
-            break;
-        case DP_S_MIN:
-            if (isdigit((unsigned char)ch)) {
-                min = 10 * min + char_to_int(ch);
-                ch = *format++;
-            } else if (ch == '*') {
-                min = va_arg(args, int);
-                ch = *format++;
-                state = DP_S_DOT;
-            } else
-                state = DP_S_DOT;
-            break;
-        case DP_S_DOT:
-            if (ch == '.') {
-                state = DP_S_MAX;
-                ch = *format++;
-            } else
-                state = DP_S_MOD;
-            break;
-        case DP_S_MAX:
-            if (isdigit((unsigned char)ch)) {
-                if (max < 0)
-                    max = 0;
-                max = 10 * max + char_to_int(ch);
-                ch = *format++;
-            } else if (ch == '*') {
-                max = va_arg(args, int);
-                ch = *format++;
-                state = DP_S_MOD;
-            } else
-                state = DP_S_MOD;
-            break;
-        case DP_S_MOD:
-            switch (ch) {
-            case 'h':
-                cflags = DP_C_SHORT;
-                ch = *format++;
-                break;
-            case 'l':
-                if (*format == 'l') {
-                    cflags = DP_C_LLONG;
-                    format++;
-                } else
-                    cflags = DP_C_LONG;
-                ch = *format++;
-                break;
-            case 'q':
-                cflags = DP_C_LLONG;
-                ch = *format++;
-                break;
-            case 'L':
-                cflags = DP_C_LDOUBLE;
-                ch = *format++;
-                break;
-            default:
-                break;
-            }
-            state = DP_S_CONV;
-            break;
-        case DP_S_CONV:
-            switch (ch) {
-            case 'd':
-            case 'i':
-                switch (cflags) {
-                case DP_C_SHORT:
-                    value = (short int)va_arg(args, int);
-                    break;
-                case DP_C_LONG:
-                    value = va_arg(args, long int);
-                    break;
-                case DP_C_LLONG:
-                    value = va_arg(args, LLONG);
-                    break;
-                default:
-                    value = va_arg(args, int);
-                    break;
-                }
-                fmtint(sbuffer, buffer, &currlen, maxlen,
-                       value, 10, min, max, flags);
-                break;
-            case 'X':
-                flags |= DP_F_UP;
-                /* FALLTHROUGH */
-            case 'x':
-            case 'o':
-            case 'u':
-                flags |= DP_F_UNSIGNED;
-                switch (cflags) {
-                case DP_C_SHORT:
-                    value = (unsigned short int)va_arg(args, unsigned int);
-                    break;
-                case DP_C_LONG:
-                    value = (LLONG) va_arg(args,
-                        unsigned long int);
-                    break;
-                case DP_C_LLONG:
-                    value = va_arg(args, unsigned LLONG);
-                    break;
-                default:
-                    value = (LLONG) va_arg(args,
-                        unsigned int);
-                    break;
-                }
-                fmtint(sbuffer, buffer, &currlen, maxlen, value,
-                       ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
-                       min, max, flags);
-                break;
-            case 'f':
-                if (cflags == DP_C_LDOUBLE)
-                    fvalue = va_arg(args, LDOUBLE);
-                else
-                    fvalue = va_arg(args, double);
-                fmtfp(sbuffer, buffer, &currlen, maxlen,
-                      fvalue, min, max, flags);
-                break;
-            case 'E':
-                flags |= DP_F_UP;
-            case 'e':
-                if (cflags == DP_C_LDOUBLE)
-                    fvalue = va_arg(args, LDOUBLE);
-                else
-                    fvalue = va_arg(args, double);
-                break;
-            case 'G':
-                flags |= DP_F_UP;
-            case 'g':
-                if (cflags == DP_C_LDOUBLE)
-                    fvalue = va_arg(args, LDOUBLE);
-                else
-                    fvalue = va_arg(args, double);
-                break;
-            case 'c':
-                doapr_outch(sbuffer, buffer, &currlen, maxlen,
-                    va_arg(args, int));
-                break;
-            case 's':
-                strvalue = va_arg(args, char *);
-                if (max < 0) {
-		    if (buffer)
-			max = INT_MAX;
-		    else
-			max = *maxlen;
-		}
-                fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
-                       flags, min, max);
-                break;
-            case 'p':
-                value = (long)va_arg(args, void *);
-                fmtint(sbuffer, buffer, &currlen, maxlen,
-                    value, 16, min, max, flags|DP_F_NUM);
-                break;
-            case 'n': /* XXX */
-                if (cflags == DP_C_SHORT) {
-                    short int *num;
-                    num = va_arg(args, short int *);
-                    *num = currlen;
-                } else if (cflags == DP_C_LONG) { /* XXX */
-                    long int *num;
-                    num = va_arg(args, long int *);
-                    *num = (long int) currlen;
-                } else if (cflags == DP_C_LLONG) { /* XXX */
-                    LLONG *num;
-                    num = va_arg(args, LLONG *);
-                    *num = (LLONG) currlen;
-                } else {
-                    int    *num;
-                    num = va_arg(args, int *);
-                    *num = currlen;
-                }
-                break;
-            case '%':
-                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
-                break;
-            case 'w':
-                /* not supported yet, treat as next char */
-                ch = *format++;
-                break;
-            default:
-                /* unknown, skip */
-                break;
-            }
-            ch = *format++;
-            state = DP_S_DEFAULT;
-            flags = cflags = min = 0;
-            max = -1;
-            break;
-        case DP_S_DONE:
-            break;
-        default:
-            break;
-        }
-    }
-    *truncated = (currlen > *maxlen - 1);
-    if (*truncated)
-        currlen = *maxlen - 1;
-    doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
-    *retlen = currlen - 1;
-    return;
-}
-
-static void
-fmtstr(
-    char **sbuffer,
-    char **buffer,
-    size_t *currlen,
-    size_t *maxlen,
-    const char *value,
-    int flags,
-    int min,
-    int max)
-{
-    int padlen, strln;
-    int cnt = 0;
-
-    if (value == 0)
-        value = "<NULL>";
-    for (strln = 0; value[strln]; ++strln)
-        ;
-    padlen = min - strln;
-    if (padlen < 0)
-        padlen = 0;
-    if (flags & DP_F_MINUS)
-        padlen = -padlen;
-
-    while ((padlen > 0) && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        --padlen;
-        ++cnt;
-    }
-    while (*value && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
-        ++cnt;
-    }
-    while ((padlen < 0) && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        ++padlen;
-        ++cnt;
-    }
-}
-
-static void
-fmtint(
-    char **sbuffer,
-    char **buffer,
-    size_t *currlen,
-    size_t *maxlen,
-    LLONG value,
-    int base,
-    int min,
-    int max,
-    int flags)
-{
-    int signvalue = 0;
-    const char *prefix = "";
-    unsigned LLONG uvalue;
-    char convert[DECIMAL_SIZE(value)+3];
-    int place = 0;
-    int spadlen = 0;
-    int zpadlen = 0;
-    int caps = 0;
-
-    if (max < 0)
-        max = 0;
-    uvalue = value;
-    if (!(flags & DP_F_UNSIGNED)) {
-        if (value < 0) {
-            signvalue = '-';
-            uvalue = -value;
-        } else if (flags & DP_F_PLUS)
-            signvalue = '+';
-        else if (flags & DP_F_SPACE)
-            signvalue = ' ';
-    }
-    if (flags & DP_F_NUM) {
-	if (base == 8) prefix = "0";
-	if (base == 16) prefix = "0x";
-    }
-    if (flags & DP_F_UP)
-        caps = 1;
-    do {
-        convert[place++] =
-            (caps ? "0123456789ABCDEF" : "0123456789abcdef")
-            [uvalue % (unsigned) base];
-        uvalue = (uvalue / (unsigned) base);
-    } while (uvalue && (place < (int)sizeof(convert)));
-    if (place == sizeof(convert))
-        place--;
-    convert[place] = 0;
-
-    zpadlen = max - place;
-    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
-    if (zpadlen < 0)
-        zpadlen = 0;
-    if (spadlen < 0)
-        spadlen = 0;
-    if (flags & DP_F_ZERO) {
-        zpadlen = OSSL_MAX(zpadlen, spadlen);
-        spadlen = 0;
-    }
-    if (flags & DP_F_MINUS)
-        spadlen = -spadlen;
-
-    /* spaces */
-    while (spadlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        --spadlen;
-    }
-
-    /* sign */
-    if (signvalue)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-
-    /* prefix */
-    while (*prefix) {
-	doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
-	prefix++;
-    }
-
-    /* zeros */
-    if (zpadlen > 0) {
-        while (zpadlen > 0) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
-            --zpadlen;
-        }
-    }
-    /* digits */
-    while (place > 0)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
-
-    /* left justified spaces */
-    while (spadlen < 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        ++spadlen;
-    }
-    return;
-}
-
-static LDOUBLE
-abs_val(LDOUBLE value)
-{
-    LDOUBLE result = value;
-    if (value < 0)
-        result = -value;
-    return result;
-}
-
-static LDOUBLE
-pow_10(int in_exp)
-{
-    LDOUBLE result = 1;
-    while (in_exp) {
-        result *= 10;
-        in_exp--;
-    }
-    return result;
-}
-
-static long
-roundv(LDOUBLE value)
-{
-    long intpart;
-    intpart = (long) value;
-    value = value - intpart;
-    if (value >= 0.5)
-        intpart++;
-    return intpart;
-}
-
-static void
-fmtfp(
-    char **sbuffer,
-    char **buffer,
-    size_t *currlen,
-    size_t *maxlen,
-    LDOUBLE fvalue,
-    int min,
-    int max,
-    int flags)
-{
-    int signvalue = 0;
-    LDOUBLE ufvalue;
-    char iconvert[20];
-    char fconvert[20];
-    int iplace = 0;
-    int fplace = 0;
-    int padlen = 0;
-    int zpadlen = 0;
-    int caps = 0;
-    long intpart;
-    long fracpart;
-    long max10;
-
-    if (max < 0)
-        max = 6;
-    ufvalue = abs_val(fvalue);
-    if (fvalue < 0)
-        signvalue = '-';
-    else if (flags & DP_F_PLUS)
-        signvalue = '+';
-    else if (flags & DP_F_SPACE)
-        signvalue = ' ';
-
-    intpart = (long)ufvalue;
-
-    /* sorry, we only support 9 digits past the decimal because of our
-       conversion method */
-    if (max > 9)
-        max = 9;
-
-    /* we "cheat" by converting the fractional part to integer by
-       multiplying by a factor of 10 */
-    max10 = roundv(pow_10(max));
-    fracpart = roundv(pow_10(max) * (ufvalue - intpart));
-
-    if (fracpart >= max10) {
-        intpart++;
-        fracpart -= max10;
-    }
-
-    /* convert integer part */
-    do {
-        iconvert[iplace++] =
-            (caps ? "0123456789ABCDEF"
-              : "0123456789abcdef")[intpart % 10];
-        intpart = (intpart / 10);
-    } while (intpart && (iplace < (int)sizeof(iconvert)));
-    if (iplace == sizeof iconvert)
-        iplace--;
-    iconvert[iplace] = 0;
-
-    /* convert fractional part */
-    do {
-        fconvert[fplace++] =
-            (caps ? "0123456789ABCDEF"
-              : "0123456789abcdef")[fracpart % 10];
-        fracpart = (fracpart / 10);
-    } while (fplace < max);
-    if (fplace == sizeof fconvert)
-        fplace--;
-    fconvert[fplace] = 0;
-
-    /* -1 for decimal point, another -1 if we are printing a sign */
-    padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
-    zpadlen = max - fplace;
-    if (zpadlen < 0)
-        zpadlen = 0;
-    if (padlen < 0)
-        padlen = 0;
-    if (flags & DP_F_MINUS)
-        padlen = -padlen;
-
-    if ((flags & DP_F_ZERO) && (padlen > 0)) {
-        if (signvalue) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-            --padlen;
-            signvalue = 0;
-        }
-        while (padlen > 0) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
-            --padlen;
-        }
-    }
-    while (padlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        --padlen;
-    }
-    if (signvalue)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-
-    while (iplace > 0)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
-
-    /*
-     * Decimal point. This should probably use locale to find the correct
-     * char to print out.
-     */
-    if (max > 0 || (flags & DP_F_NUM)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
-
-        while (fplace > 0)
-            doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
-    }
-    while (zpadlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
-        --zpadlen;
-    }
-
-    while (padlen < 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
-        ++padlen;
-    }
-}
-
-static void
-doapr_outch(
-    char **sbuffer,
-    char **buffer,
-    size_t *currlen,
-    size_t *maxlen,
-    int c)
-{
-    /* If we haven't at least one buffer, someone has doe a big booboo */
-    assert(*sbuffer != NULL || buffer != NULL);
-
-    if (buffer) {
-	while (*currlen >= *maxlen) {
-	    if (*buffer == NULL) {
-		if (*maxlen == 0)
-		    *maxlen = 1024;
-		*buffer = OPENSSL_malloc(*maxlen);
-		if (*currlen > 0) {
-		    assert(*sbuffer != NULL);
-		    memcpy(*buffer, *sbuffer, *currlen);
-		}
-		*sbuffer = NULL;
-	    } else {
-		*maxlen += 1024;
-		*buffer = OPENSSL_realloc(*buffer, *maxlen);
-	    }
-	}
-	/* What to do if *buffer is NULL? */
-	assert(*sbuffer != NULL || *buffer != NULL);
-    }
-
-    if (*currlen < *maxlen) {
-	if (*sbuffer)
-	    (*sbuffer)[(*currlen)++] = (char)c;
-	else
-	    (*buffer)[(*currlen)++] = (char)c;
-    }
-
-    return;
-}
-
-/***************************************************************************/
-
-int BIO_printf (BIO *bio, const char *format, ...)
-	{
-	va_list args;
-	int ret;
-
-	va_start(args, format);
-
-	ret = BIO_vprintf(bio, format, args);
-
-	va_end(args);
-	return(ret);
-	}
-
-int BIO_vprintf (BIO *bio, const char *format, va_list args)
-	{
-	int ret;
-	size_t retlen;
-	char hugebuf[1024*2];	/* Was previously 10k, which is unreasonable
-				   in small-stack environments, like threads
-				   or DOS programs. */
-	char *hugebufp = hugebuf;
-	size_t hugebufsize = sizeof(hugebuf);
-	char *dynbuf = NULL;
-	int ignored;
-
-	dynbuf = NULL;
-	CRYPTO_push_info("doapr()");
-	_dopr(&hugebufp, &dynbuf, &hugebufsize,
-		&retlen, &ignored, format, args);
-	if (dynbuf)
-		{
-		ret=BIO_write(bio, dynbuf, (int)retlen);
-		OPENSSL_free(dynbuf);
-		}
-	else
-		{
-		ret=BIO_write(bio, hugebuf, (int)retlen);
-		}
-	CRYPTO_pop_info();
-	return(ret);
-	}
-
-/* As snprintf is not available everywhere, we provide our own implementation.
- * This function has nothing to do with BIOs, but it's closely related
- * to BIO_printf, and we need *some* name prefix ...
- * (XXX  the function should be renamed, but to what?) */
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-	{
-	va_list args;
-	int ret;
-
-	va_start(args, format);
-
-	ret = BIO_vsnprintf(buf, n, format, args);
-
-	va_end(args);
-	return(ret);
-	}
-
-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
-	{
-	size_t retlen;
-	int truncated;
-
-	_dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
-
-	if (truncated)
-		/* In case of truncation, return -1 like traditional snprintf.
-		 * (Current drafts for ISO/IEC 9899 say snprintf should return
-		 * the number of characters that would have been written,
-		 * had the buffer been large enough.) */
-		return -1;
-	else
-		return (retlen <= INT_MAX) ? (int)retlen : -1;
-	}
diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
deleted file mode 100644
index 470b1a0042..0000000000
--- a/crypto/bio/b_sock.c
+++ /dev/null
@@ -1,976 +0,0 @@
-/* crypto/bio/b_sock.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
-#include <netdb.h>
-#if defined(NETWARE_CLIB)
-#include <sys/ioctl.h>
-NETDB_DEFINE_CONTEXT
-#endif
-#endif
-
-#ifndef OPENSSL_NO_SOCK
-
-#include <openssl/dso.h>
-
-#define SOCKET_PROTOCOL IPPROTO_TCP
-
-#ifdef SO_MAXCONN
-#define MAX_LISTEN  SO_MAXCONN
-#elif defined(SOMAXCONN)
-#define MAX_LISTEN  SOMAXCONN
-#else
-#define MAX_LISTEN  32
-#endif
-
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
-static int wsa_init_done=0;
-#endif
-
-/*
- * WSAAPI specifier is required to make indirect calls to run-time
- * linked WinSock 2 functions used in this module, to be specific
- * [get|free]addrinfo and getnameinfo. This is because WinSock uses
- * uses non-C calling convention, __stdcall vs. __cdecl, on x86
- * Windows. On non-WinSock platforms WSAAPI needs to be void.
- */
-#ifndef WSAAPI
-#define WSAAPI
-#endif
-
-#if 0
-static unsigned long BIO_ghbn_hits=0L;
-static unsigned long BIO_ghbn_miss=0L;
-
-#define GHBN_NUM	4
-static struct ghbn_cache_st
-	{
-	char name[129];
-	struct hostent *ent;
-	unsigned long order;
-	} ghbn_cache[GHBN_NUM];
-#endif
-
-static int get_ip(const char *str,unsigned char *ip);
-#if 0
-static void ghbn_free(struct hostent *a);
-static struct hostent *ghbn_dup(struct hostent *a);
-#endif
-int BIO_get_host_ip(const char *str, unsigned char *ip)
-	{
-	int i;
-	int err = 1;
-	int locked = 0;
-	struct hostent *he;
-
-	i=get_ip(str,ip);
-	if (i < 0)
-		{
-		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
-		goto err;
-		}
-
-	/* At this point, we have something that is most probably correct
-	   in some way, so let's init the socket. */
-	if (BIO_sock_init() != 1)
-		return 0; /* don't generate another error code here */
-
-	/* If the string actually contained an IP address, we need not do
-	   anything more */
-	if (i > 0) return(1);
-
-	/* do a gethostbyname */
-	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
-	locked = 1;
-	he=BIO_gethostbyname(str);
-	if (he == NULL)
-		{
-		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
-		goto err;
-		}
-
-	/* cast to short because of win16 winsock definition */
-	if ((short)he->h_addrtype != AF_INET)
-		{
-		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
-		goto err;
-		}
-	for (i=0; i<4; i++)
-		ip[i]=he->h_addr_list[0][i];
-	err = 0;
-
- err:
-	if (locked)
-		CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
-	if (err)
-		{
-		ERR_add_error_data(2,"host=",str);
-		return 0;
-		}
-	else
-		return 1;
-	}
-
-int BIO_get_port(const char *str, unsigned short *port_ptr)
-	{
-	int i;
-	struct servent *s;
-
-	if (str == NULL)
-		{
-		BIOerr(BIO_F_BIO_GET_PORT,BIO_R_NO_PORT_DEFINED);
-		return(0);
-		}
-	i=atoi(str);
-	if (i != 0)
-		*port_ptr=(unsigned short)i;
-	else
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);
-		/* Note: under VMS with SOCKETSHR, it seems like the first
-		 * parameter is 'char *', instead of 'const char *'
-		 */
-#ifndef CONST_STRICT
-		s=getservbyname((char *)str,"tcp");
-#else
-		s=getservbyname(str,"tcp");
-#endif
-		if(s != NULL)
-			*port_ptr=ntohs((unsigned short)s->s_port);
-		CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
-		if(s == NULL)
-			{
-			if (strcmp(str,"http") == 0)
-				*port_ptr=80;
-			else if (strcmp(str,"telnet") == 0)
-				*port_ptr=23;
-			else if (strcmp(str,"socks") == 0)
-				*port_ptr=1080;
-			else if (strcmp(str,"https") == 0)
-				*port_ptr=443;
-			else if (strcmp(str,"ssl") == 0)
-				*port_ptr=443;
-			else if (strcmp(str,"ftp") == 0)
-				*port_ptr=21;
-			else if (strcmp(str,"gopher") == 0)
-				*port_ptr=70;
-#if 0
-			else if (strcmp(str,"wais") == 0)
-				*port_ptr=21;
-#endif
-			else
-				{
-				SYSerr(SYS_F_GETSERVBYNAME,get_last_socket_error());
-				ERR_add_error_data(3,"service='",str,"'");
-				return(0);
-				}
-			}
-		}
-	return(1);
-	}
-
-int BIO_sock_error(int sock)
-	{
-	int j,i;
-	int size;
-		 
-#if defined(OPENSSL_SYS_BEOS_R5)
-	return 0;
-#endif
-		 
-	size=sizeof(int);
-	/* Note: under Windows the third parameter is of type (char *)
-	 * whereas under other systems it is (void *) if you don't have
-	 * a cast it will choke the compiler: if you do have a cast then
-	 * you can either go for (char *) or (void *).
-	 */
-	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(void *)&j,(void *)&size);
-	if (i < 0)
-		return(1);
-	else
-		return(j);
-	}
-
-#if 0
-long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
-	{
-	int i;
-	char **p;
-
-	switch (cmd)
-		{
-	case BIO_GHBN_CTRL_HITS:
-		return(BIO_ghbn_hits);
-		/* break; */
-	case BIO_GHBN_CTRL_MISSES:
-		return(BIO_ghbn_miss);
-		/* break; */
-	case BIO_GHBN_CTRL_CACHE_SIZE:
-		return(GHBN_NUM);
-		/* break; */
-	case BIO_GHBN_CTRL_GET_ENTRY:
-		if ((iarg >= 0) && (iarg <GHBN_NUM) &&
-			(ghbn_cache[iarg].order > 0))
-			{
-			p=(char **)parg;
-			if (p == NULL) return(0);
-			*p=ghbn_cache[iarg].name;
-			ghbn_cache[iarg].name[128]='\0';
-			return(1);
-			}
-		return(0);
-		/* break; */
-	case BIO_GHBN_CTRL_FLUSH:
-		for (i=0; i<GHBN_NUM; i++)
-			ghbn_cache[i].order=0;
-		break;
-	default:
-		return(0);
-		}
-	return(1);
-	}
-#endif
-
-#if 0
-static struct hostent *ghbn_dup(struct hostent *a)
-	{
-	struct hostent *ret;
-	int i,j;
-
-	MemCheck_off();
-	ret=(struct hostent *)OPENSSL_malloc(sizeof(struct hostent));
-	if (ret == NULL) return(NULL);
-	memset(ret,0,sizeof(struct hostent));
-
-	for (i=0; a->h_aliases[i] != NULL; i++)
-		;
-	i++;
-	ret->h_aliases = (char **)OPENSSL_malloc(i*sizeof(char *));
-	if (ret->h_aliases == NULL)
-		goto err;
-	memset(ret->h_aliases, 0, i*sizeof(char *));
-
-	for (i=0; a->h_addr_list[i] != NULL; i++)
-		;
-	i++;
-	ret->h_addr_list=(char **)OPENSSL_malloc(i*sizeof(char *));
-	if (ret->h_addr_list == NULL)
-		goto err;
-	memset(ret->h_addr_list, 0, i*sizeof(char *));
-
-	j=strlen(a->h_name)+1;
-	if ((ret->h_name=OPENSSL_malloc(j)) == NULL) goto err;
-	memcpy((char *)ret->h_name,a->h_name,j);
-	for (i=0; a->h_aliases[i] != NULL; i++)
-		{
-		j=strlen(a->h_aliases[i])+1;
-		if ((ret->h_aliases[i]=OPENSSL_malloc(j)) == NULL) goto err;
-		memcpy(ret->h_aliases[i],a->h_aliases[i],j);
-		}
-	ret->h_length=a->h_length;
-	ret->h_addrtype=a->h_addrtype;
-	for (i=0; a->h_addr_list[i] != NULL; i++)
-		{
-		if ((ret->h_addr_list[i]=OPENSSL_malloc(a->h_length)) == NULL)
-			goto err;
-		memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);
-		}
-	if (0)
-		{
-err:	
-		if (ret != NULL)
-			ghbn_free(ret);
-		ret=NULL;
-		}
-	MemCheck_on();
-	return(ret);
-	}
-
-static void ghbn_free(struct hostent *a)
-	{
-	int i;
-
-	if(a == NULL)
-	    return;
-
-	if (a->h_aliases != NULL)
-		{
-		for (i=0; a->h_aliases[i] != NULL; i++)
-			OPENSSL_free(a->h_aliases[i]);
-		OPENSSL_free(a->h_aliases);
-		}
-	if (a->h_addr_list != NULL)
-		{
-		for (i=0; a->h_addr_list[i] != NULL; i++)
-			OPENSSL_free(a->h_addr_list[i]);
-		OPENSSL_free(a->h_addr_list);
-		}
-	if (a->h_name != NULL) OPENSSL_free(a->h_name);
-	OPENSSL_free(a);
-	}
-
-#endif
-
-struct hostent *BIO_gethostbyname(const char *name)
-	{
-#if 1
-	/* Caching gethostbyname() results forever is wrong,
-	 * so we have to let the true gethostbyname() worry about this */
-#if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
-	return gethostbyname((char*)name);
-#else
-	return gethostbyname(name);
-#endif
-#else
-	struct hostent *ret;
-	int i,lowi=0,j;
-	unsigned long low= (unsigned long)-1;
-
-
-#  if 0
-	/* It doesn't make sense to use locking here: The function interface
-	 * is not thread-safe, because threads can never be sure when
-	 * some other thread destroys the data they were given a pointer to.
-	 */
-	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
-#  endif
-	j=strlen(name);
-	if (j < 128)
-		{
-		for (i=0; i<GHBN_NUM; i++)
-			{
-			if (low > ghbn_cache[i].order)
-				{
-				low=ghbn_cache[i].order;
-				lowi=i;
-				}
-			if (ghbn_cache[i].order > 0)
-				{
-				if (strncmp(name,ghbn_cache[i].name,128) == 0)
-					break;
-				}
-			}
-		}
-	else
-		i=GHBN_NUM;
-
-	if (i == GHBN_NUM) /* no hit*/
-		{
-		BIO_ghbn_miss++;
-		/* Note: under VMS with SOCKETSHR, it seems like the first
-		 * parameter is 'char *', instead of 'const char *'
-		 */
-#  ifndef CONST_STRICT
-		ret=gethostbyname((char *)name);
-#  else
-		ret=gethostbyname(name);
-#  endif
-
-		if (ret == NULL)
-			goto end;
-		if (j > 128) /* too big to cache */
-			{
-#  if 0
-			/* If we were trying to make this function thread-safe (which
-			 * is bound to fail), we'd have to give up in this case
-			 * (or allocate more memory). */
-			ret = NULL;
-#  endif
-			goto end;
-			}
-
-		/* else add to cache */
-		if (ghbn_cache[lowi].ent != NULL)
-			ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */
-		ghbn_cache[lowi].name[0] = '\0';
-
-		if((ret=ghbn_cache[lowi].ent=ghbn_dup(ret)) == NULL)
-			{
-			BIOerr(BIO_F_BIO_GETHOSTBYNAME,ERR_R_MALLOC_FAILURE);
-			goto end;
-			}
-		strncpy(ghbn_cache[lowi].name,name,128);
-		ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;
-		}
-	else
-		{
-		BIO_ghbn_hits++;
-		ret= ghbn_cache[i].ent;
-		ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
-		}
-end:
-#  if 0
-	CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
-#  endif
-	return(ret);
-#endif
-	}
-
-
-int BIO_sock_init(void)
-	{
-#ifdef OPENSSL_SYS_WINDOWS
-	static struct WSAData wsa_state;
-
-	if (!wsa_init_done)
-		{
-		int err;
-	  
-		wsa_init_done=1;
-		memset(&wsa_state,0,sizeof(wsa_state));
-		/* Not making wsa_state available to the rest of the
-		 * code is formally wrong. But the structures we use
-		 * are [beleived to be] invariable among Winsock DLLs,
-		 * while API availability is [expected to be] probed
-		 * at run-time with DSO_global_lookup. */
-		if (WSAStartup(0x0202,&wsa_state)!=0)
-			{
-			err=WSAGetLastError();
-			SYSerr(SYS_F_WSASTARTUP,err);
-			BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);
-			return(-1);
-			}
-		}
-#endif /* OPENSSL_SYS_WINDOWS */
-#ifdef WATT32
-	extern int _watt_do_exit;
-	_watt_do_exit = 0;    /* don't make sock_init() call exit() */
-	if (sock_init())
-		return (-1);
-#endif
-
-#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-    WORD wVerReq;
-    WSADATA wsaData;
-    int err;
-
-    if (!wsa_init_done)
-    {
-        wsa_init_done=1;
-        wVerReq = MAKEWORD( 2, 0 );
-        err = WSAStartup(wVerReq,&wsaData);
-        if (err != 0)
-        {
-            SYSerr(SYS_F_WSASTARTUP,err);
-            BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);
-            return(-1);
-			}
-		}
-#endif
-
-	return(1);
-	}
-
-void BIO_sock_cleanup(void)
-	{
-#ifdef OPENSSL_SYS_WINDOWS
-	if (wsa_init_done)
-		{
-		wsa_init_done=0;
-#if 0		/* this call is claimed to be non-present in Winsock2 */
-		WSACancelBlockingCall();
-#endif
-		WSACleanup();
-		}
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-   if (wsa_init_done)
-        {
-        wsa_init_done=0;
-        WSACleanup();
-		}
-#endif
-	}
-
-#if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
-
-int BIO_socket_ioctl(int fd, long type, void *arg)
-	{
-	int i;
-
-#ifdef __DJGPP__
-	i=ioctlsocket(fd,type,(char *)arg);
-#else
-# if defined(OPENSSL_SYS_VMS)
-	/* 2011-02-18 SMS.
-	 * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
-	 * observe that all the consumers pass in an "unsigned long *",
-	 * so we arrange a local copy with a short pointer, and use
-	 * that, instead.
-	 */
-#  if __INITIAL_POINTER_SIZE == 64
-#   define ARG arg_32p
-#   pragma pointer_size save
-#   pragma pointer_size 32
-	unsigned long arg_32;
-	unsigned long *arg_32p;
-#   pragma pointer_size restore
-	arg_32p = &arg_32;
-	arg_32 = *((unsigned long *) arg);
-#  else /* __INITIAL_POINTER_SIZE == 64 */
-#   define ARG arg
-#  endif /* __INITIAL_POINTER_SIZE == 64 [else] */
-# else /* defined(OPENSSL_SYS_VMS) */
-#  define ARG arg
-# endif /* defined(OPENSSL_SYS_VMS) [else] */
-
-	i=ioctlsocket(fd,type,ARG);
-#endif /* __DJGPP__ */
-	if (i < 0)
-		SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
-	return(i);
-	}
-#endif /* __VMS_VER */
-
-/* The reason I have implemented this instead of using sscanf is because
- * Visual C 1.52c gives an unresolved external when linking a DLL :-( */
-static int get_ip(const char *str, unsigned char ip[4])
-	{
-	unsigned int tmp[4];
-	int num=0,c,ok=0;
-
-	tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
-
-	for (;;)
-		{
-		c= *(str++);
-		if ((c >= '0') && (c <= '9'))
-			{
-			ok=1;
-			tmp[num]=tmp[num]*10+c-'0';
-			if (tmp[num] > 255) return(0);
-			}
-		else if (c == '.')
-			{
-			if (!ok) return(-1);
-			if (num == 3) return(0);
-			num++;
-			ok=0;
-			}
-		else if (c == '\0' && (num == 3) && ok)
-			break;
-		else
-			return(0);
-		}
-	ip[0]=tmp[0];
-	ip[1]=tmp[1];
-	ip[2]=tmp[2];
-	ip[3]=tmp[3];
-	return(1);
-	}
-
-int BIO_get_accept_socket(char *host, int bind_mode)
-	{
-	int ret=0;
-	union {
-		struct sockaddr sa;
-		struct sockaddr_in sa_in;
-#if OPENSSL_USE_IPV6
-		struct sockaddr_in6 sa_in6;
-#endif
-	} server,client;
-	int s=INVALID_SOCKET,cs;
-	socklen_t addrlen;
-	unsigned char ip[4];
-	unsigned short port;
-	char *str=NULL,*e;
-	char *h,*p;
-	unsigned long l;
-	int err_num;
-
-	if (BIO_sock_init() != 1) return(INVALID_SOCKET);
-
-	if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
-
-	h=p=NULL;
-	h=str;
-	for (e=str; *e; e++)
-		{
-		if (*e == ':')
-			{
-			p=e;
-			}
-		else if (*e == '/')
-			{
-			*e='\0';
-			break;
-			}
-		}
-	if (p)	*p++='\0';	/* points at last ':', '::port' is special [see below] */
-	else	p=h,h=NULL;
-
-#ifdef EAI_FAMILY
-	do {
-	static union {	void *p;
-			int (WSAAPI *f)(const char *,const char *,
-				 const struct addrinfo *,
-				 struct addrinfo **);
-			} p_getaddrinfo = {NULL};
-	static union {	void *p;
-			void (WSAAPI *f)(struct addrinfo *);
-			} p_freeaddrinfo = {NULL};
-	struct addrinfo *res,hint;
-
-	if (p_getaddrinfo.p==NULL)
-		{
-		if ((p_getaddrinfo.p=DSO_global_lookup("getaddrinfo"))==NULL ||
-		    (p_freeaddrinfo.p=DSO_global_lookup("freeaddrinfo"))==NULL)
-			p_getaddrinfo.p=(void*)-1;
-		}
-	if (p_getaddrinfo.p==(void *)-1) break;
-
-	/* '::port' enforces IPv6 wildcard listener. Some OSes,
-	 * e.g. Solaris, default to IPv6 without any hint. Also
-	 * note that commonly IPv6 wildchard socket can service
-	 * IPv4 connections just as well...  */
-	memset(&hint,0,sizeof(hint));
-	hint.ai_flags = AI_PASSIVE;
-	if (h)
-		{
-		if (strchr(h,':'))
-			{
-			if (h[1]=='\0') h=NULL;
-#if OPENSSL_USE_IPV6
-			hint.ai_family = AF_INET6;
-#else
-			h=NULL;
-#endif
-			}
-	    	else if (h[0]=='*' && h[1]=='\0')
-			{
-			hint.ai_family = AF_INET;
-			h=NULL;
-			}
-		}
-
-	if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;
-
-	addrlen = res->ai_addrlen <= (socklen_t)sizeof(server) ?
-			res->ai_addrlen :
-			(socklen_t)sizeof(server);
-	memcpy(&server, res->ai_addr, (size_t)addrlen);
-
-	(*p_freeaddrinfo.f)(res);
-	goto again;
-	} while (0);
-#endif
-
-	if (!BIO_get_port(p,&port)) goto err;
-
-	memset((char *)&server,0,sizeof(server));
-	server.sa_in.sin_family=AF_INET;
-	server.sa_in.sin_port=htons(port);
-	addrlen = (socklen_t)sizeof(server.sa_in);
-
-	if (h == NULL || strcmp(h,"*") == 0)
-		server.sa_in.sin_addr.s_addr=INADDR_ANY;
-	else
-		{
-                if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
-		l=(unsigned long)
-			((unsigned long)ip[0]<<24L)|
-			((unsigned long)ip[1]<<16L)|
-			((unsigned long)ip[2]<< 8L)|
-			((unsigned long)ip[3]);
-		server.sa_in.sin_addr.s_addr=htonl(l);
-		}
-
-again:
-	s=socket(server.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
-	if (s == INVALID_SOCKET)
-		{
-		SYSerr(SYS_F_SOCKET,get_last_socket_error());
-		ERR_add_error_data(3,"port='",host,"'");
-		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET);
-		goto err;
-		}
-
-#ifdef SO_REUSEADDR
-	if (bind_mode == BIO_BIND_REUSEADDR)
-		{
-		int i=1;
-
-		ret=setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char *)&i,sizeof(i));
-		bind_mode=BIO_BIND_NORMAL;
-		}
-#endif
-	if (bind(s,&server.sa,addrlen) == -1)
-		{
-#ifdef SO_REUSEADDR
-		err_num=get_last_socket_error();
-		if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
-#ifdef OPENSSL_SYS_WINDOWS
-			/* Some versions of Windows define EADDRINUSE to
-			 * a dummy value.
-			 */
-			(err_num == WSAEADDRINUSE))
-#else
-			(err_num == EADDRINUSE))
-#endif
-			{
-			client = server;
-			if (h == NULL || strcmp(h,"*") == 0)
-				{
-#if OPENSSL_USE_IPV6
-				if (client.sa.sa_family == AF_INET6)
-					{
-					memset(&client.sa_in6.sin6_addr,0,sizeof(client.sa_in6.sin6_addr));
-					client.sa_in6.sin6_addr.s6_addr[15]=1;
-					}
-				else
-#endif
-				if (client.sa.sa_family == AF_INET)
-					{
-					client.sa_in.sin_addr.s_addr=htonl(0x7F000001);
-					}
-				else	goto err;
-				}
-			cs=socket(client.sa.sa_family,SOCK_STREAM,SOCKET_PROTOCOL);
-			if (cs != INVALID_SOCKET)
-				{
-				int ii;
-				ii=connect(cs,&client.sa,addrlen);
-				closesocket(cs);
-				if (ii == INVALID_SOCKET)
-					{
-					bind_mode=BIO_BIND_REUSEADDR;
-					closesocket(s);
-					goto again;
-					}
-				/* else error */
-				}
-			/* else error */
-			}
-#endif
-		SYSerr(SYS_F_BIND,err_num);
-		ERR_add_error_data(3,"port='",host,"'");
-		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);
-		goto err;
-		}
-	if (listen(s,MAX_LISTEN) == -1)
-		{
-		SYSerr(SYS_F_BIND,get_last_socket_error());
-		ERR_add_error_data(3,"port='",host,"'");
-		BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_LISTEN_SOCKET);
-		goto err;
-		}
-	ret=1;
-err:
-	if (str != NULL) OPENSSL_free(str);
-	if ((ret == 0) && (s != INVALID_SOCKET))
-		{
-		closesocket(s);
-		s= INVALID_SOCKET;
-		}
-	return(s);
-	}
-
-int BIO_accept(int sock, char **addr)
-	{
-	int ret=INVALID_SOCKET;
-	unsigned long l;
-	unsigned short port;
-	char *p;
-
-	struct {
-	/*
-	 * As for following union. Trouble is that there are platforms
-	 * that have socklen_t and there are platforms that don't, on
-	 * some platforms socklen_t is int and on some size_t. So what
-	 * one can do? One can cook #ifdef spaghetti, which is nothing
-	 * but masochistic. Or one can do union between int and size_t.
-	 * One naturally does it primarily for 64-bit platforms where
-	 * sizeof(int) != sizeof(size_t). But would it work? Note that
-	 * if size_t member is initialized to 0, then later int member
-	 * assignment naturally does the job on little-endian platforms
-	 * regardless accept's expectations! What about big-endians?
-	 * If accept expects int*, then it works, and if size_t*, then
-	 * length value would appear as unreasonably large. But this
-	 * won't prevent it from filling in the address structure. The
-	 * trouble of course would be if accept returns more data than
-	 * actual buffer can accomodate and overwrite stack... That's
-	 * where early OPENSSL_assert comes into picture. Besides, the
-	 * only 64-bit big-endian platform found so far that expects
-	 * size_t* is HP-UX, where stack grows towards higher address.
-	 * <appro>
-	 */
-	union { size_t s; int i; } len;
-	union {
-		struct sockaddr sa;
-		struct sockaddr_in sa_in;
-#if OPENSSL_USE_IPV6
-		struct sockaddr_in6 sa_in6;
-#endif
-		} from;
-	} sa;
-
-	sa.len.s=0;
-	sa.len.i=sizeof(sa.from);
-	memset(&sa.from,0,sizeof(sa.from));
-	ret=accept(sock,&sa.from.sa,(void *)&sa.len);
-	if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
-		{
-		OPENSSL_assert(sa.len.s<=sizeof(sa.from));
-		sa.len.i = (int)sa.len.s;
-		/* use sa.len.i from this point */
-		}
-	if (ret == INVALID_SOCKET)
-		{
-		if(BIO_sock_should_retry(ret)) return -2;
-		SYSerr(SYS_F_ACCEPT,get_last_socket_error());
-		BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
-		goto end;
-		}
-
-	if (addr == NULL) goto end;
-
-#ifdef EAI_FAMILY
-	do {
-	char   h[NI_MAXHOST],s[NI_MAXSERV];
-	size_t nl;
-	static union {	void *p;
-			int (WSAAPI *f)(const struct sockaddr *,size_t/*socklen_t*/,
-				 char *,size_t,char *,size_t,int);
-			} p_getnameinfo = {NULL};
-			/* 2nd argument to getnameinfo is specified to
-			 * be socklen_t. Unfortunately there is a number
-			 * of environments where socklen_t is not defined.
-			 * As it's passed by value, it's safe to pass it
-			 * as size_t... <appro> */
-
-	if (p_getnameinfo.p==NULL)
-		{
-		if ((p_getnameinfo.p=DSO_global_lookup("getnameinfo"))==NULL)
-			p_getnameinfo.p=(void*)-1;
-		}
-	if (p_getnameinfo.p==(void *)-1) break;
-
-	if ((*p_getnameinfo.f)(&sa.from.sa,sa.len.i,h,sizeof(h),s,sizeof(s),
-	    NI_NUMERICHOST|NI_NUMERICSERV)) break;
-	nl = strlen(h)+strlen(s)+2;
-	p = *addr;
-	if (p)	{ *p = '\0'; p = OPENSSL_realloc(p,nl);	}
-	else	{ p = OPENSSL_malloc(nl);		}
-	if (p==NULL)
-		{
-		BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
-		goto end;
-		}
-	*addr = p;
-	BIO_snprintf(*addr,nl,"%s:%s",h,s);
-	goto end;
-	} while(0);
-#endif
-	if (sa.from.sa.sa_family != AF_INET) goto end;
-	l=ntohl(sa.from.sa_in.sin_addr.s_addr);
-	port=ntohs(sa.from.sa_in.sin_port);
-	if (*addr == NULL)
-		{
-		if ((p=OPENSSL_malloc(24)) == NULL)
-			{
-			BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
-			goto end;
-			}
-		*addr=p;
-		}
-	BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
-		     (unsigned char)(l>>24L)&0xff,
-		     (unsigned char)(l>>16L)&0xff,
-		     (unsigned char)(l>> 8L)&0xff,
-		     (unsigned char)(l     )&0xff,
-		     port);
-end:
-	return(ret);
-	}
-
-int BIO_set_tcp_ndelay(int s, int on)
-	{
-	int ret=0;
-#if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
-	int opt;
-
-#ifdef SOL_TCP
-	opt=SOL_TCP;
-#else
-#ifdef IPPROTO_TCP
-	opt=IPPROTO_TCP;
-#endif
-#endif
-	
-	ret=setsockopt(s,opt,TCP_NODELAY,(char *)&on,sizeof(on));
-#endif
-	return(ret == 0);
-	}
-
-int BIO_socket_nbio(int s, int mode)
-	{
-	int ret= -1;
-	int l;
-
-	l=mode;
-#ifdef FIONBIO
-	ret=BIO_socket_ioctl(s,FIONBIO,&l);
-#endif
-	return(ret == 0);
-	}
-#endif
diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c
deleted file mode 100644
index 4b5a132d8a..0000000000
--- a/crypto/bio/bf_buff.c
+++ /dev/null
@@ -1,512 +0,0 @@
-/* crypto/bio/bf_buff.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-static int buffer_write(BIO *h, const char *buf,int num);
-static int buffer_read(BIO *h, char *buf, int size);
-static int buffer_puts(BIO *h, const char *str);
-static int buffer_gets(BIO *h, char *str, int size);
-static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int buffer_new(BIO *h);
-static int buffer_free(BIO *data);
-static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-#define DEFAULT_BUFFER_SIZE	4096
-
-static BIO_METHOD methods_buffer=
-	{
-	BIO_TYPE_BUFFER,
-	"buffer",
-	buffer_write,
-	buffer_read,
-	buffer_puts,
-	buffer_gets,
-	buffer_ctrl,
-	buffer_new,
-	buffer_free,
-	buffer_callback_ctrl,
-	};
-
-BIO_METHOD *BIO_f_buffer(void)
-	{
-	return(&methods_buffer);
-	}
-
-static int buffer_new(BIO *bi)
-	{
-	BIO_F_BUFFER_CTX *ctx;
-
-	ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));
-	if (ctx == NULL) return(0);
-	ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
-	if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); }
-	ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
-	if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); }
-	ctx->ibuf_size=DEFAULT_BUFFER_SIZE;
-	ctx->obuf_size=DEFAULT_BUFFER_SIZE;
-	ctx->ibuf_len=0;
-	ctx->ibuf_off=0;
-	ctx->obuf_len=0;
-	ctx->obuf_off=0;
-
-	bi->init=1;
-	bi->ptr=(char *)ctx;
-	bi->flags=0;
-	return(1);
-	}
-
-static int buffer_free(BIO *a)
-	{
-	BIO_F_BUFFER_CTX *b;
-
-	if (a == NULL) return(0);
-	b=(BIO_F_BUFFER_CTX *)a->ptr;
-	if (b->ibuf != NULL) OPENSSL_free(b->ibuf);
-	if (b->obuf != NULL) OPENSSL_free(b->obuf);
-	OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
-static int buffer_read(BIO *b, char *out, int outl)
-	{
-	int i,num=0;
-	BIO_F_BUFFER_CTX *ctx;
-
-	if (out == NULL) return(0);
-	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-
-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-	num=0;
-	BIO_clear_retry_flags(b);
-
-start:
-	i=ctx->ibuf_len;
-	/* If there is stuff left over, grab it */
-	if (i != 0)
-		{
-		if (i > outl) i=outl;
-		memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i);
-		ctx->ibuf_off+=i;
-		ctx->ibuf_len-=i;
-		num+=i;
-		if (outl == i)  return(num);
-		outl-=i;
-		out+=i;
-		}
-
-	/* We may have done a partial read. try to do more.
-	 * We have nothing in the buffer.
-	 * If we get an error and have read some data, just return it
-	 * and let them retry to get the error again.
-	 * copy direct to parent address space */
-	if (outl > ctx->ibuf_size)
-		{
-		for (;;)
-			{
-			i=BIO_read(b->next_bio,out,outl);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-				if (i < 0) return((num > 0)?num:i);
-				if (i == 0) return(num);
-				}
-			num+=i;
-			if (outl == i) return(num);
-			out+=i;
-			outl-=i;
-			}
-		}
-	/* else */
-
-	/* we are going to be doing some buffering */
-	i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
-	if (i <= 0)
-		{
-		BIO_copy_next_retry(b);
-		if (i < 0) return((num > 0)?num:i);
-		if (i == 0) return(num);
-		}
-	ctx->ibuf_off=0;
-	ctx->ibuf_len=i;
-
-	/* Lets re-read using ourselves :-) */
-	goto start;
-	}
-
-static int buffer_write(BIO *b, const char *in, int inl)
-	{
-	int i,num=0;
-	BIO_F_BUFFER_CTX *ctx;
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-	BIO_clear_retry_flags(b);
-start:
-	i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off);
-	/* add to buffer and return */
-	if (i >= inl)
-		{
-		memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,inl);
-		ctx->obuf_len+=inl;
-		return(num+inl);
-		}
-	/* else */
-	/* stuff already in buffer, so add to it first, then flush */
-	if (ctx->obuf_len != 0)
-		{
-		if (i > 0) /* lets fill it up if we can */
-			{
-			memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,i);
-			in+=i;
-			inl-=i;
-			num+=i;
-			ctx->obuf_len+=i;
-			}
-		/* we now have a full buffer needing flushing */
-		for (;;)
-			{
-			i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]),
-				ctx->obuf_len);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-
-				if (i < 0) return((num > 0)?num:i);
-				if (i == 0) return(num);
-				}
-			ctx->obuf_off+=i;
-			ctx->obuf_len-=i;
-			if (ctx->obuf_len == 0) break;
-			}
-		}
-	/* we only get here if the buffer has been flushed and we
-	 * still have stuff to write */
-	ctx->obuf_off=0;
-
-	/* we now have inl bytes to write */
-	while (inl >= ctx->obuf_size)
-		{
-		i=BIO_write(b->next_bio,in,inl);
-		if (i <= 0)
-			{
-			BIO_copy_next_retry(b);
-			if (i < 0) return((num > 0)?num:i);
-			if (i == 0) return(num);
-			}
-		num+=i;
-		in+=i;
-		inl-=i;
-		if (inl == 0) return(num);
-		}
-
-	/* copy the rest into the buffer since we have only a small 
-	 * amount left */
-	goto start;
-	}
-
-static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	BIO *dbio;
-	BIO_F_BUFFER_CTX *ctx;
-	long ret=1;
-	char *p1,*p2;
-	int r,i,*ip;
-	int ibs,obs;
-
-	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ctx->ibuf_off=0;
-		ctx->ibuf_len=0;
-		ctx->obuf_off=0;
-		ctx->obuf_len=0;
-		if (b->next_bio == NULL) return(0);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_INFO:
-		ret=(long)ctx->obuf_len;
-		break;
-	case BIO_C_GET_BUFF_NUM_LINES:
-		ret=0;
-		p1=ctx->ibuf;
-		for (i=0; i<ctx->ibuf_len; i++)
-			{
-			if (p1[ctx->ibuf_off + i] == '\n') ret++;
-			}
-		break;
-	case BIO_CTRL_WPENDING:
-		ret=(long)ctx->obuf_len;
-		if (ret == 0)
-			{
-			if (b->next_bio == NULL) return(0);
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-			}
-		break;
-	case BIO_CTRL_PENDING:
-		ret=(long)ctx->ibuf_len;
-		if (ret == 0)
-			{
-			if (b->next_bio == NULL) return(0);
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-			}
-		break;
-	case BIO_C_SET_BUFF_READ_DATA:
-		if (num > ctx->ibuf_size)
-			{
-			p1=OPENSSL_malloc((int)num);
-			if (p1 == NULL) goto malloc_error;
-			if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf);
-			ctx->ibuf=p1;
-			}
-		ctx->ibuf_off=0;
-		ctx->ibuf_len=(int)num;
-		memcpy(ctx->ibuf,ptr,(int)num);
-		ret=1;
-		break;
-	case BIO_C_SET_BUFF_SIZE:
-		if (ptr != NULL)
-			{
-			ip=(int *)ptr;
-			if (*ip == 0)
-				{
-				ibs=(int)num;
-				obs=ctx->obuf_size;
-				}
-			else /* if (*ip == 1) */
-				{
-				ibs=ctx->ibuf_size;
-				obs=(int)num;
-				}
-			}
-		else
-			{
-			ibs=(int)num;
-			obs=(int)num;
-			}
-		p1=ctx->ibuf;
-		p2=ctx->obuf;
-		if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))
-			{
-			p1=(char *)OPENSSL_malloc((int)num);
-			if (p1 == NULL) goto malloc_error;
-			}
-		if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))
-			{
-			p2=(char *)OPENSSL_malloc((int)num);
-			if (p2 == NULL)
-				{
-				if (p1 != ctx->ibuf) OPENSSL_free(p1);
-				goto malloc_error;
-				}
-			}
-		if (ctx->ibuf != p1)
-			{
-			OPENSSL_free(ctx->ibuf);
-			ctx->ibuf=p1;
-			ctx->ibuf_off=0;
-			ctx->ibuf_len=0;
-			ctx->ibuf_size=ibs;
-			}
-		if (ctx->obuf != p2)
-			{
-			OPENSSL_free(ctx->obuf);
-			ctx->obuf=p2;
-			ctx->obuf_off=0;
-			ctx->obuf_len=0;
-			ctx->obuf_size=obs;
-			}
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		if (b->next_bio == NULL) return(0);
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-
-	case BIO_CTRL_FLUSH:
-		if (b->next_bio == NULL) return(0);
-		if (ctx->obuf_len <= 0)
-			{
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-			break;
-			}
-
-		for (;;)
-			{
-			BIO_clear_retry_flags(b);
-			if (ctx->obuf_len > 0)
-				{
-				r=BIO_write(b->next_bio,
-					&(ctx->obuf[ctx->obuf_off]),
-					ctx->obuf_len);
-#if 0
-fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r);
-#endif
-				BIO_copy_next_retry(b);
-				if (r <= 0) return((long)r);
-				ctx->obuf_off+=r;
-				ctx->obuf_len-=r;
-				}
-			else
-				{
-				ctx->obuf_len=0;
-				ctx->obuf_off=0;
-				ret=1;
-				break;
-				}
-			}
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_DUP:
-		dbio=(BIO *)ptr;
-		if (	!BIO_set_read_buffer_size(dbio,ctx->ibuf_size) ||
-			!BIO_set_write_buffer_size(dbio,ctx->obuf_size))
-			ret=0;
-		break;
-	default:
-		if (b->next_bio == NULL) return(0);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-malloc_error:
-	BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE);
-	return(0);
-	}
-
-static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
-
-static int buffer_gets(BIO *b, char *buf, int size)
-	{
-	BIO_F_BUFFER_CTX *ctx;
-	int num=0,i,flag;
-	char *p;
-
-	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-	size--; /* reserve space for a '\0' */
-	BIO_clear_retry_flags(b);
-
-	for (;;)
-		{
-		if (ctx->ibuf_len > 0)
-			{
-			p= &(ctx->ibuf[ctx->ibuf_off]);
-			flag=0;
-			for (i=0; (i<ctx->ibuf_len) && (i<size); i++)
-				{
-				*(buf++)=p[i];
-				if (p[i] == '\n')
-					{
-					flag=1;
-					i++;
-					break;
-					}
-				}
-			num+=i;
-			size-=i;
-			ctx->ibuf_len-=i;
-			ctx->ibuf_off+=i;
-			if (flag || size == 0)
-				{
-				*buf='\0';
-				return(num);
-				}
-			}
-		else	/* read another chunk */
-			{
-			i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-				*buf='\0';
-				if (i < 0) return((num > 0)?num:i);
-				if (i == 0) return(num);
-				}
-			ctx->ibuf_len=i;
-			ctx->ibuf_off=0;
-			}
-		}
-	}
-
-static int buffer_puts(BIO *b, const char *str)
-	{
-	return(buffer_write(b,str,strlen(str)));
-	}
-
diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c
deleted file mode 100644
index ec0f7eb0b7..0000000000
--- a/crypto/bio/bf_lbuf.c
+++ /dev/null
@@ -1,397 +0,0 @@
-/* crypto/bio/bf_buff.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-
-static int linebuffer_write(BIO *h, const char *buf,int num);
-static int linebuffer_read(BIO *h, char *buf, int size);
-static int linebuffer_puts(BIO *h, const char *str);
-static int linebuffer_gets(BIO *h, char *str, int size);
-static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int linebuffer_new(BIO *h);
-static int linebuffer_free(BIO *data);
-static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-
-/* A 10k maximum should be enough for most purposes */
-#define DEFAULT_LINEBUFFER_SIZE	1024*10
-
-/* #define DEBUG */
-
-static BIO_METHOD methods_linebuffer=
-	{
-	BIO_TYPE_LINEBUFFER,
-	"linebuffer",
-	linebuffer_write,
-	linebuffer_read,
-	linebuffer_puts,
-	linebuffer_gets,
-	linebuffer_ctrl,
-	linebuffer_new,
-	linebuffer_free,
-	linebuffer_callback_ctrl,
-	};
-
-BIO_METHOD *BIO_f_linebuffer(void)
-	{
-	return(&methods_linebuffer);
-	}
-
-typedef struct bio_linebuffer_ctx_struct
-	{
-	char *obuf;		/* the output char array */
-	int obuf_size;		/* how big is the output buffer */
-	int obuf_len;		/* how many bytes are in it */
-	} BIO_LINEBUFFER_CTX;
-
-static int linebuffer_new(BIO *bi)
-	{
-	BIO_LINEBUFFER_CTX *ctx;
-
-	ctx=(BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX));
-	if (ctx == NULL) return(0);
-	ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
-	if (ctx->obuf == NULL) { OPENSSL_free(ctx); return(0); }
-	ctx->obuf_size=DEFAULT_LINEBUFFER_SIZE;
-	ctx->obuf_len=0;
-
-	bi->init=1;
-	bi->ptr=(char *)ctx;
-	bi->flags=0;
-	return(1);
-	}
-
-static int linebuffer_free(BIO *a)
-	{
-	BIO_LINEBUFFER_CTX *b;
-
-	if (a == NULL) return(0);
-	b=(BIO_LINEBUFFER_CTX *)a->ptr;
-	if (b->obuf != NULL) OPENSSL_free(b->obuf);
-	OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
-static int linebuffer_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
- 
-	if (out == NULL) return(0);
-	if (b->next_bio == NULL) return(0);
-	ret=BIO_read(b->next_bio,out,outl);
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
-
-static int linebuffer_write(BIO *b, const char *in, int inl)
-	{
-	int i,num=0,foundnl;
-	BIO_LINEBUFFER_CTX *ctx;
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-	ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-	BIO_clear_retry_flags(b);
-
-	do
-		{
-		const char *p;
-
-		for(p = in; p < in + inl && *p != '\n'; p++)
-			;
-		if (*p == '\n')
-			{
-			p++;
-			foundnl = 1;
-			}
-		else
-			foundnl = 0;
-
-		/* If a NL was found and we already have text in the save
-		   buffer, concatenate them and write */
-		while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
-			&& ctx->obuf_len > 0)
-			{
-			int orig_olen = ctx->obuf_len;
-			
-			i = ctx->obuf_size - ctx->obuf_len;
-			if (p - in > 0)
-				{
-				if (i >= p - in)
-					{
-					memcpy(&(ctx->obuf[ctx->obuf_len]),
-						in,p - in);
-					ctx->obuf_len += p - in;
-					inl -= p - in;
-					num += p - in;
-					in = p;
-					}
-				else
-					{
-					memcpy(&(ctx->obuf[ctx->obuf_len]),
-						in,i);
-					ctx->obuf_len += i;
-					inl -= i;
-					in += i;
-					num += i;
-					}
-				}
-
-#if 0
-BIO_write(b->next_bio, "<*<", 3);
-#endif
-			i=BIO_write(b->next_bio,
-				ctx->obuf, ctx->obuf_len);
-			if (i <= 0)
-				{
-				ctx->obuf_len = orig_olen;
-				BIO_copy_next_retry(b);
-
-#if 0
-BIO_write(b->next_bio, ">*>", 3);
-#endif
-				if (i < 0) return((num > 0)?num:i);
-				if (i == 0) return(num);
-				}
-#if 0
-BIO_write(b->next_bio, ">*>", 3);
-#endif
-			if (i < ctx->obuf_len)
-				memmove(ctx->obuf, ctx->obuf + i,
-					ctx->obuf_len - i);
-			ctx->obuf_len-=i;
-			}
-
-		/* Now that the save buffer is emptied, let's write the input
-		   buffer if a NL was found and there is anything to write. */
-		if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
-			{
-#if 0
-BIO_write(b->next_bio, "<*<", 3);
-#endif
-			i=BIO_write(b->next_bio,in,p - in);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-#if 0
-BIO_write(b->next_bio, ">*>", 3);
-#endif
-				if (i < 0) return((num > 0)?num:i);
-				if (i == 0) return(num);
-				}
-#if 0
-BIO_write(b->next_bio, ">*>", 3);
-#endif
-			num+=i;
-			in+=i;
-			inl-=i;
-			}
-		}
-	while(foundnl && inl > 0);
-	/* We've written as much as we can.  The rest of the input buffer, if
-	   any, is text that doesn't and with a NL and therefore needs to be
-	   saved for the next trip. */
-	if (inl > 0)
-		{
-		memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
-		ctx->obuf_len += inl;
-		num += inl;
-		}
-	return num;
-	}
-
-static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	BIO *dbio;
-	BIO_LINEBUFFER_CTX *ctx;
-	long ret=1;
-	char *p;
-	int r;
-	int obs;
-
-	ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ctx->obuf_len=0;
-		if (b->next_bio == NULL) return(0);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_INFO:
-		ret=(long)ctx->obuf_len;
-		break;
-	case BIO_CTRL_WPENDING:
-		ret=(long)ctx->obuf_len;
-		if (ret == 0)
-			{
-			if (b->next_bio == NULL) return(0);
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-			}
-		break;
-	case BIO_C_SET_BUFF_SIZE:
-		obs=(int)num;
-		p=ctx->obuf;
-		if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size))
-			{
-			p=(char *)OPENSSL_malloc((int)num);
-			if (p == NULL)
-				goto malloc_error;
-			}
-		if (ctx->obuf != p)
-			{
-			if (ctx->obuf_len > obs)
-				{
-				ctx->obuf_len = obs;
-				}
-			memcpy(p, ctx->obuf, ctx->obuf_len);
-			OPENSSL_free(ctx->obuf);
-			ctx->obuf=p;
-			ctx->obuf_size=obs;
-			}
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		if (b->next_bio == NULL) return(0);
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-
-	case BIO_CTRL_FLUSH:
-		if (b->next_bio == NULL) return(0);
-		if (ctx->obuf_len <= 0)
-			{
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-			break;
-			}
-
-		for (;;)
-			{
-			BIO_clear_retry_flags(b);
-			if (ctx->obuf_len > 0)
-				{
-				r=BIO_write(b->next_bio,
-					ctx->obuf, ctx->obuf_len);
-#if 0
-fprintf(stderr,"FLUSH %3d -> %3d\n",ctx->obuf_len,r);
-#endif
-				BIO_copy_next_retry(b);
-				if (r <= 0) return((long)r);
-				if (r < ctx->obuf_len)
-					memmove(ctx->obuf, ctx->obuf + r,
-						ctx->obuf_len - r);
-				ctx->obuf_len-=r;
-				}
-			else
-				{
-				ctx->obuf_len=0;
-				ret=1;
-				break;
-				}
-			}
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_DUP:
-		dbio=(BIO *)ptr;
-		if (	!BIO_set_write_buffer_size(dbio,ctx->obuf_size))
-			ret=0;
-		break;
-	default:
-		if (b->next_bio == NULL) return(0);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-malloc_error:
-	BIOerr(BIO_F_LINEBUFFER_CTRL,ERR_R_MALLOC_FAILURE);
-	return(0);
-	}
-
-static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
-
-static int linebuffer_gets(BIO *b, char *buf, int size)
-	{
-	if (b->next_bio == NULL) return(0);
-	return(BIO_gets(b->next_bio,buf,size));
-	}
-
-static int linebuffer_puts(BIO *b, const char *str)
-	{
-	return(linebuffer_write(b,str,strlen(str)));
-	}
-
diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
deleted file mode 100644
index 028616c064..0000000000
--- a/crypto/bio/bf_nbio.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/* crypto/bio/bf_nbio.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/bio.h>
-
-/* BIO_put and BIO_get both add to the digest,
- * BIO_gets returns the digest */
-
-static int nbiof_write(BIO *h,const char *buf,int num);
-static int nbiof_read(BIO *h,char *buf,int size);
-static int nbiof_puts(BIO *h,const char *str);
-static int nbiof_gets(BIO *h,char *str,int size);
-static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2);
-static int nbiof_new(BIO *h);
-static int nbiof_free(BIO *data);
-static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
-typedef struct nbio_test_st
-	{
-	/* only set if we sent a 'should retry' error */
-	int lrn;
-	int lwn;
-	} NBIO_TEST;
-
-static BIO_METHOD methods_nbiof=
-	{
-	BIO_TYPE_NBIO_TEST,
-	"non-blocking IO test filter",
-	nbiof_write,
-	nbiof_read,
-	nbiof_puts,
-	nbiof_gets,
-	nbiof_ctrl,
-	nbiof_new,
-	nbiof_free,
-	nbiof_callback_ctrl,
-	};
-
-BIO_METHOD *BIO_f_nbio_test(void)
-	{
-	return(&methods_nbiof);
-	}
-
-static int nbiof_new(BIO *bi)
-	{
-	NBIO_TEST *nt;
-
-	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
-	nt->lrn= -1;
-	nt->lwn= -1;
-	bi->ptr=(char *)nt;
-	bi->init=1;
-	bi->flags=0;
-	return(1);
-	}
-
-static int nbiof_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	if (a->ptr != NULL)
-		OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
-static int nbiof_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
-#if 1
-	int num;
-	unsigned char n;
-#endif
-
-	if (out == NULL) return(0);
-	if (b->next_bio == NULL) return(0);
-
-	BIO_clear_retry_flags(b);
-#if 1
-	RAND_pseudo_bytes(&n,1);
-	num=(n&0x07);
-
-	if (outl > num) outl=num;
-
-	if (num == 0)
-		{
-		ret= -1;
-		BIO_set_retry_read(b);
-		}
-	else
-#endif
-		{
-		ret=BIO_read(b->next_bio,out,outl);
-		if (ret < 0)
-			BIO_copy_next_retry(b);
-		}
-	return(ret);
-	}
-
-static int nbiof_write(BIO *b, const char *in, int inl)
-	{
-	NBIO_TEST *nt;
-	int ret=0;
-	int num;
-	unsigned char n;
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-	if (b->next_bio == NULL) return(0);
-	nt=(NBIO_TEST *)b->ptr;
-
-	BIO_clear_retry_flags(b);
-
-#if 1
-	if (nt->lwn > 0)
-		{
-		num=nt->lwn;
-		nt->lwn=0;
-		}
-	else
-		{
-		RAND_pseudo_bytes(&n,1);
-		num=(n&7);
-		}
-
-	if (inl > num) inl=num;
-
-	if (num == 0)
-		{
-		ret= -1;
-		BIO_set_retry_write(b);
-		}
-	else
-#endif
-		{
-		ret=BIO_write(b->next_bio,in,inl);
-		if (ret < 0)
-			{
-			BIO_copy_next_retry(b);
-			nt->lwn=inl;
-			}
-		}
-	return(ret);
-	}
-
-static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-        case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-	case BIO_CTRL_DUP:
-		ret=0L;
-		break;
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-	}
-
-static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
-
-static int nbiof_gets(BIO *bp, char *buf, int size)
-	{
-	if (bp->next_bio == NULL) return(0);
-	return(BIO_gets(bp->next_bio,buf,size));
-	}
-
-
-static int nbiof_puts(BIO *bp, const char *str)
-	{
-	if (bp->next_bio == NULL) return(0);
-	return(BIO_puts(bp->next_bio,str));
-	}
-
-
diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c
deleted file mode 100644
index c1bf39a904..0000000000
--- a/crypto/bio/bf_null.c
+++ /dev/null
@@ -1,183 +0,0 @@
-/* crypto/bio/bf_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-/* BIO_put and BIO_get both add to the digest,
- * BIO_gets returns the digest */
-
-static int nullf_write(BIO *h, const char *buf, int num);
-static int nullf_read(BIO *h, char *buf, int size);
-static int nullf_puts(BIO *h, const char *str);
-static int nullf_gets(BIO *h, char *str, int size);
-static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int nullf_new(BIO *h);
-static int nullf_free(BIO *data);
-static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-static BIO_METHOD methods_nullf=
-	{
-	BIO_TYPE_NULL_FILTER,
-	"NULL filter",
-	nullf_write,
-	nullf_read,
-	nullf_puts,
-	nullf_gets,
-	nullf_ctrl,
-	nullf_new,
-	nullf_free,
-	nullf_callback_ctrl,
-	};
-
-BIO_METHOD *BIO_f_null(void)
-	{
-	return(&methods_nullf);
-	}
-
-static int nullf_new(BIO *bi)
-	{
-	bi->init=1;
-	bi->ptr=NULL;
-	bi->flags=0;
-	return(1);
-	}
-
-static int nullf_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-/*	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;*/
-	return(1);
-	}
-	
-static int nullf_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
- 
-	if (out == NULL) return(0);
-	if (b->next_bio == NULL) return(0);
-	ret=BIO_read(b->next_bio,out,outl);
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
-
-static int nullf_write(BIO *b, const char *in, int inl)
-	{
-	int ret=0;
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-	if (b->next_bio == NULL) return(0);
-	ret=BIO_write(b->next_bio,in,inl);
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
-
-static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret;
-
-	if (b->next_bio == NULL) return(0);
-	switch(cmd)
-		{
-        case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-	case BIO_CTRL_DUP:
-		ret=0L;
-		break;
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		}
-	return(ret);
-	}
-
-static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
-
-static int nullf_gets(BIO *bp, char *buf, int size)
-	{
-	if (bp->next_bio == NULL) return(0);
-	return(BIO_gets(bp->next_bio,buf,size));
-	}
-
-
-static int nullf_puts(BIO *bp, const char *str)
-	{
-	if (bp->next_bio == NULL) return(0);
-	return(BIO_puts(bp->next_bio,str));
-	}
-
-
diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h
deleted file mode 100644
index ae144a98cb..0000000000
--- a/crypto/bio/bio.h
+++ /dev/null
@@ -1,855 +0,0 @@
-/* crypto/bio/bio.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BIO_H
-#define HEADER_BIO_H
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_FP_API
-# include <stdio.h>
-#endif
-#include <stdarg.h>
-
-#include <openssl/crypto.h>
-
-#ifndef OPENSSL_NO_SCTP
-# ifndef OPENSSL_SYS_VMS
-# include <stdint.h>
-# else
-# include <inttypes.h>
-# endif
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* These are the 'types' of BIOs */
-#define BIO_TYPE_NONE		0
-#define BIO_TYPE_MEM		(1|0x0400)
-#define BIO_TYPE_FILE		(2|0x0400)
-
-#define BIO_TYPE_FD		(4|0x0400|0x0100)
-#define BIO_TYPE_SOCKET		(5|0x0400|0x0100)
-#define BIO_TYPE_NULL		(6|0x0400)
-#define BIO_TYPE_SSL		(7|0x0200)
-#define BIO_TYPE_MD		(8|0x0200)		/* passive filter */
-#define BIO_TYPE_BUFFER		(9|0x0200)		/* filter */
-#define BIO_TYPE_CIPHER		(10|0x0200)		/* filter */
-#define BIO_TYPE_BASE64		(11|0x0200)		/* filter */
-#define BIO_TYPE_CONNECT	(12|0x0400|0x0100)	/* socket - connect */
-#define BIO_TYPE_ACCEPT		(13|0x0400|0x0100)	/* socket for accept */
-#define BIO_TYPE_PROXY_CLIENT	(14|0x0200)		/* client proxy BIO */
-#define BIO_TYPE_PROXY_SERVER	(15|0x0200)		/* server proxy BIO */
-#define BIO_TYPE_NBIO_TEST	(16|0x0200)		/* server proxy BIO */
-#define BIO_TYPE_NULL_FILTER	(17|0x0200)
-#define BIO_TYPE_BER		(18|0x0200)		/* BER -> bin filter */
-#define BIO_TYPE_BIO		(19|0x0400)		/* (half a) BIO pair */
-#define BIO_TYPE_LINEBUFFER	(20|0x0200)		/* filter */
-#define BIO_TYPE_DGRAM		(21|0x0400|0x0100)
-#ifndef OPENSSL_NO_SCTP
-#define BIO_TYPE_DGRAM_SCTP	(24|0x0400|0x0100)
-#endif
-#define BIO_TYPE_ASN1 		(22|0x0200)		/* filter */
-#define BIO_TYPE_COMP 		(23|0x0200)		/* filter */
-
-#define BIO_TYPE_DESCRIPTOR	0x0100	/* socket, fd, connect or accept */
-#define BIO_TYPE_FILTER		0x0200
-#define BIO_TYPE_SOURCE_SINK	0x0400
-
-/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
- * BIO_set_fp(in,stdin,BIO_NOCLOSE); */
-#define BIO_NOCLOSE		0x00
-#define BIO_CLOSE		0x01
-
-/* These are used in the following macros and are passed to
- * BIO_ctrl() */
-#define BIO_CTRL_RESET		1  /* opt - rewind/zero etc */
-#define BIO_CTRL_EOF		2  /* opt - are we at the eof */
-#define BIO_CTRL_INFO		3  /* opt - extra tit-bits */
-#define BIO_CTRL_SET		4  /* man - set the 'IO' type */
-#define BIO_CTRL_GET		5  /* man - get the 'IO' type */
-#define BIO_CTRL_PUSH		6  /* opt - internal, used to signify change */
-#define BIO_CTRL_POP		7  /* opt - internal, used to signify change */
-#define BIO_CTRL_GET_CLOSE	8  /* man - set the 'close' on free */
-#define BIO_CTRL_SET_CLOSE	9  /* man - set the 'close' on free */
-#define BIO_CTRL_PENDING	10  /* opt - is their more data buffered */
-#define BIO_CTRL_FLUSH		11  /* opt - 'flush' buffered output */
-#define BIO_CTRL_DUP		12  /* man - extra stuff for 'duped' BIO */
-#define BIO_CTRL_WPENDING	13  /* opt - number of bytes still to write */
-/* callback is int cb(BIO *bio,state,ret); */
-#define BIO_CTRL_SET_CALLBACK	14  /* opt - set callback function */
-#define BIO_CTRL_GET_CALLBACK	15  /* opt - set callback function */
-
-#define BIO_CTRL_SET_FILENAME	30	/* BIO_s_file special */
-
-/* dgram BIO stuff */
-#define BIO_CTRL_DGRAM_CONNECT       31  /* BIO dgram special */
-#define BIO_CTRL_DGRAM_SET_CONNECTED 32  /* allow for an externally
-					  * connected socket to be
-					  * passed in */ 
-#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */
-#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */
-#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */
-#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */
-
-#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */
-#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */
-					
-/* #ifdef IP_MTU_DISCOVER */
-#define BIO_CTRL_DGRAM_MTU_DISCOVER       39 /* set DF bit on egress packets */
-/* #endif */
-
-#define BIO_CTRL_DGRAM_QUERY_MTU          40 /* as kernel for current MTU */
-#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
-#define BIO_CTRL_DGRAM_GET_MTU            41 /* get cached value for MTU */
-#define BIO_CTRL_DGRAM_SET_MTU            42 /* set cached value for
-					      * MTU. want to use this
-					      * if asking the kernel
-					      * fails */
-
-#define BIO_CTRL_DGRAM_MTU_EXCEEDED       43 /* check whether the MTU
-					      * was exceed in the
-					      * previous write
-					      * operation */
-
-#define BIO_CTRL_DGRAM_GET_PEER           46
-#define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */
-
-#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45 /* Next DTLS handshake timeout to
-                                              * adjust socket timeouts */
-
-#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD   49
-
-#ifndef OPENSSL_NO_SCTP
-/* SCTP stuff */
-#define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE	50
-#define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY		51
-#define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY		52
-#define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD		53
-#define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO		60
-#define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO		61
-#define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO		62
-#define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO		63
-#define BIO_CTRL_DGRAM_SCTP_GET_PRINFO			64
-#define BIO_CTRL_DGRAM_SCTP_SET_PRINFO			65
-#define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN		70
-#endif
-
-/* modifiers */
-#define BIO_FP_READ		0x02
-#define BIO_FP_WRITE		0x04
-#define BIO_FP_APPEND		0x08
-#define BIO_FP_TEXT		0x10
-
-#define BIO_FLAGS_READ		0x01
-#define BIO_FLAGS_WRITE		0x02
-#define BIO_FLAGS_IO_SPECIAL	0x04
-#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
-#define BIO_FLAGS_SHOULD_RETRY	0x08
-#ifndef	BIO_FLAGS_UPLINK
-/* "UPLINK" flag denotes file descriptors provided by application.
-   It defaults to 0, as most platforms don't require UPLINK interface. */
-#define	BIO_FLAGS_UPLINK	0
-#endif
-
-/* Used in BIO_gethostbyname() */
-#define BIO_GHBN_CTRL_HITS		1
-#define BIO_GHBN_CTRL_MISSES		2
-#define BIO_GHBN_CTRL_CACHE_SIZE	3
-#define BIO_GHBN_CTRL_GET_ENTRY		4
-#define BIO_GHBN_CTRL_FLUSH		5
-
-/* Mostly used in the SSL BIO */
-/* Not used anymore
- * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
- * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
- * #define BIO_FLAGS_PROTOCOL_STARTUP	0x40
- */
-
-#define BIO_FLAGS_BASE64_NO_NL	0x100
-
-/* This is used with memory BIOs: it means we shouldn't free up or change the
- * data in any way.
- */
-#define BIO_FLAGS_MEM_RDONLY	0x200
-
-typedef struct bio_st BIO;
-
-void BIO_set_flags(BIO *b, int flags);
-int  BIO_test_flags(const BIO *b, int flags);
-void BIO_clear_flags(BIO *b, int flags);
-
-#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
-#define BIO_set_retry_special(b) \
-		BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
-#define BIO_set_retry_read(b) \
-		BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
-#define BIO_set_retry_write(b) \
-		BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
-
-/* These are normally used internally in BIOs */
-#define BIO_clear_retry_flags(b) \
-		BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
-#define BIO_get_retry_flags(b) \
-		BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
-
-/* These should be used by the application to tell why we should retry */
-#define BIO_should_read(a)		BIO_test_flags(a, BIO_FLAGS_READ)
-#define BIO_should_write(a)		BIO_test_flags(a, BIO_FLAGS_WRITE)
-#define BIO_should_io_special(a)	BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
-#define BIO_retry_type(a)		BIO_test_flags(a, BIO_FLAGS_RWS)
-#define BIO_should_retry(a)		BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
-
-/* The next three are used in conjunction with the
- * BIO_should_io_special() condition.  After this returns true,
- * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
- * stack and return the 'reason' for the special and the offending BIO.
- * Given a BIO, BIO_get_retry_reason(bio) will return the code. */
-/* Returned from the SSL bio when the certificate retrieval code had an error */
-#define BIO_RR_SSL_X509_LOOKUP		0x01
-/* Returned from the connect BIO when a connect would have blocked */
-#define BIO_RR_CONNECT			0x02
-/* Returned from the accept BIO when an accept would have blocked */
-#define BIO_RR_ACCEPT			0x03
-/* Returned from the SSL bio when the channel id retrieval code cannot find the
- * private key. */
-#define BIO_RR_SSL_CHANNEL_ID_LOOKUP	0x04
-
-/* These are passed by the BIO callback */
-#define BIO_CB_FREE	0x01
-#define BIO_CB_READ	0x02
-#define BIO_CB_WRITE	0x03
-#define BIO_CB_PUTS	0x04
-#define BIO_CB_GETS	0x05
-#define BIO_CB_CTRL	0x06
-
-/* The callback is called before and after the underling operation,
- * The BIO_CB_RETURN flag indicates if it is after the call */
-#define BIO_CB_RETURN	0x80
-#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
-#define BIO_cb_pre(a)	(!((a)&BIO_CB_RETURN))
-#define BIO_cb_post(a)	((a)&BIO_CB_RETURN)
-
-long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long);
-void BIO_set_callback(BIO *b, 
-	long (*callback)(struct bio_st *,int,const char *,int, long,long));
-char *BIO_get_callback_arg(const BIO *b);
-void BIO_set_callback_arg(BIO *b, char *arg);
-
-const char * BIO_method_name(const BIO *b);
-int BIO_method_type(const BIO *b);
-
-typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
-
-typedef struct bio_method_st
-	{
-	int type;
-	const char *name;
-	int (*bwrite)(BIO *, const char *, int);
-	int (*bread)(BIO *, char *, int);
-	int (*bputs)(BIO *, const char *);
-	int (*bgets)(BIO *, char *, int);
-	long (*ctrl)(BIO *, int, long, void *);
-	int (*create)(BIO *);
-	int (*destroy)(BIO *);
-        long (*callback_ctrl)(BIO *, int, bio_info_cb *);
-	} BIO_METHOD;
-
-struct bio_st
-	{
-	BIO_METHOD *method;
-	/* bio, mode, argp, argi, argl, ret */
-	long (*callback)(struct bio_st *,int,const char *,int, long,long);
-	char *cb_arg; /* first argument for the callback */
-
-	int init;
-	int shutdown;
-	int flags;	/* extra storage */
-	int retry_reason;
-	int num;
-	void *ptr;
-	struct bio_st *next_bio;	/* used by filter BIOs */
-	struct bio_st *prev_bio;	/* used by filter BIOs */
-	int references;
-	unsigned long num_read;
-	unsigned long num_write;
-
-	CRYPTO_EX_DATA ex_data;
-	};
-
-DECLARE_STACK_OF(BIO)
-
-typedef struct bio_f_buffer_ctx_struct
-	{
-	/* Buffers are setup like this:
-	 *
-	 * <---------------------- size ----------------------->
-	 * +---------------------------------------------------+
-	 * | consumed | remaining          | free space        |
-	 * +---------------------------------------------------+
-	 * <-- off --><------- len ------->
-	 */
-
-	/* BIO *bio; */ /* this is now in the BIO struct */
-	int ibuf_size;	/* how big is the input buffer */
-	int obuf_size;	/* how big is the output buffer */
-
-	char *ibuf;		/* the char array */
-	int ibuf_len;		/* how many bytes are in it */
-	int ibuf_off;		/* write/read offset */
-
-	char *obuf;		/* the char array */
-	int obuf_len;		/* how many bytes are in it */
-	int obuf_off;		/* write/read offset */
-	} BIO_F_BUFFER_CTX;
-
-/* Prefix and suffix callback in ASN1 BIO */
-typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
-
-#ifndef OPENSSL_NO_SCTP
-/* SCTP parameter structs */
-struct bio_dgram_sctp_sndinfo
-	{
-	uint16_t snd_sid;
-	uint16_t snd_flags;
-	uint32_t snd_ppid;
-	uint32_t snd_context;
-	};
-
-struct bio_dgram_sctp_rcvinfo
-	{
-	uint16_t rcv_sid;
-	uint16_t rcv_ssn;
-	uint16_t rcv_flags;
-	uint32_t rcv_ppid;
-	uint32_t rcv_tsn;
-	uint32_t rcv_cumtsn;
-	uint32_t rcv_context;
-	};
-
-struct bio_dgram_sctp_prinfo
-	{
-	uint16_t pr_policy;
-	uint32_t pr_value;
-	};
-#endif
-
-/* connect BIO stuff */
-#define BIO_CONN_S_BEFORE		1
-#define BIO_CONN_S_GET_IP		2
-#define BIO_CONN_S_GET_PORT		3
-#define BIO_CONN_S_CREATE_SOCKET	4
-#define BIO_CONN_S_CONNECT		5
-#define BIO_CONN_S_OK			6
-#define BIO_CONN_S_BLOCKED_CONNECT	7
-#define BIO_CONN_S_NBIO			8
-/*#define BIO_CONN_get_param_hostname	BIO_ctrl */
-
-#define BIO_C_SET_CONNECT			100
-#define BIO_C_DO_STATE_MACHINE			101
-#define BIO_C_SET_NBIO				102
-#define BIO_C_SET_PROXY_PARAM			103
-#define BIO_C_SET_FD				104
-#define BIO_C_GET_FD				105
-#define BIO_C_SET_FILE_PTR			106
-#define BIO_C_GET_FILE_PTR			107
-#define BIO_C_SET_FILENAME			108
-#define BIO_C_SET_SSL				109
-#define BIO_C_GET_SSL				110
-#define BIO_C_SET_MD				111
-#define BIO_C_GET_MD				112
-#define BIO_C_GET_CIPHER_STATUS			113
-#define BIO_C_SET_BUF_MEM			114
-#define BIO_C_GET_BUF_MEM_PTR			115
-#define BIO_C_GET_BUFF_NUM_LINES		116
-#define BIO_C_SET_BUFF_SIZE			117
-#define BIO_C_SET_ACCEPT			118
-#define BIO_C_SSL_MODE				119
-#define BIO_C_GET_MD_CTX			120
-#define BIO_C_GET_PROXY_PARAM			121
-#define BIO_C_SET_BUFF_READ_DATA		122 /* data to read first */
-#define BIO_C_GET_CONNECT			123
-#define BIO_C_GET_ACCEPT			124
-#define BIO_C_SET_SSL_RENEGOTIATE_BYTES		125
-#define BIO_C_GET_SSL_NUM_RENEGOTIATES		126
-#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT	127
-#define BIO_C_FILE_SEEK				128
-#define BIO_C_GET_CIPHER_CTX			129
-#define BIO_C_SET_BUF_MEM_EOF_RETURN		130/*return end of input value*/
-#define BIO_C_SET_BIND_MODE			131
-#define BIO_C_GET_BIND_MODE			132
-#define BIO_C_FILE_TELL				133
-#define BIO_C_GET_SOCKS				134
-#define BIO_C_SET_SOCKS				135
-
-#define BIO_C_SET_WRITE_BUF_SIZE		136/* for BIO_s_bio */
-#define BIO_C_GET_WRITE_BUF_SIZE		137
-#define BIO_C_MAKE_BIO_PAIR			138
-#define BIO_C_DESTROY_BIO_PAIR			139
-#define BIO_C_GET_WRITE_GUARANTEE		140
-#define BIO_C_GET_READ_REQUEST			141
-#define BIO_C_SHUTDOWN_WR			142
-#define BIO_C_NREAD0				143
-#define BIO_C_NREAD				144
-#define BIO_C_NWRITE0				145
-#define BIO_C_NWRITE				146
-#define BIO_C_RESET_READ_REQUEST		147
-#define BIO_C_SET_MD_CTX			148
-
-#define BIO_C_SET_PREFIX			149
-#define BIO_C_GET_PREFIX			150
-#define BIO_C_SET_SUFFIX			151
-#define BIO_C_GET_SUFFIX			152
-
-#define BIO_C_SET_EX_ARG			153
-#define BIO_C_GET_EX_ARG			154
-
-#define BIO_set_app_data(s,arg)		BIO_set_ex_data(s,0,arg)
-#define BIO_get_app_data(s)		BIO_get_ex_data(s,0)
-
-/* BIO_s_connect() and BIO_s_socks4a_connect() */
-#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
-#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
-#define BIO_set_conn_ip(b,ip)	  BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
-#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
-#define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
-#define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
-#define BIO_get_conn_ip(b) 		 BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
-
-
-#define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-
-/* BIO_s_accept_socket() */
-#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
-#define BIO_get_accept_port(b)	BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
-/* #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
-#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL)
-#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
-
-#define BIO_BIND_NORMAL			0
-#define BIO_BIND_REUSEADDR_IF_UNUSED	1
-#define BIO_BIND_REUSEADDR		2
-#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
-#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
-
-#define BIO_do_connect(b)	BIO_do_handshake(b)
-#define BIO_do_accept(b)	BIO_do_handshake(b)
-#define BIO_do_handshake(b)	BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
-
-/* BIO_s_proxy_client() */
-#define BIO_set_url(b,url)	BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
-#define BIO_set_proxies(b,p)	BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
-/* BIO_set_nbio(b,n) */
-#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
-/* BIO *BIO_get_filter_bio(BIO *bio); */
-#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))
-#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
-#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
-
-#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
-#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
-#define BIO_get_url(b,url)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
-#define BIO_get_no_connect_return(b)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
-
-#define BIO_set_fd(b,fd,c)	BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
-#define BIO_get_fd(b,c)		BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
-
-#define BIO_set_fp(b,fp,c)	BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
-#define BIO_get_fp(b,fpp)	BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
-
-#define BIO_seek(b,ofs)	(int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
-#define BIO_tell(b)	(int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
-
-/* name is cast to lose const, but might be better to route through a function
-   so we can do it safely */
-#ifdef CONST_STRICT
-/* If you are wondering why this isn't defined, its because CONST_STRICT is
- * purely a compile-time kludge to allow const to be checked.
- */
-int BIO_read_filename(BIO *b,const char *name);
-#else
-#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-		BIO_CLOSE|BIO_FP_READ,(char *)name)
-#endif
-#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-		BIO_CLOSE|BIO_FP_WRITE,name)
-#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-		BIO_CLOSE|BIO_FP_APPEND,name)
-#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-		BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
-
-/* WARNING WARNING, this ups the reference count on the read bio of the
- * SSL structure.  This is because the ssl read BIO is now pointed to by
- * the next_bio field in the bio.  So when you free the BIO, make sure
- * you are doing a BIO_free_all() to catch the underlying BIO. */
-#define BIO_set_ssl(b,ssl,c)	BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
-#define BIO_get_ssl(b,sslp)	BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
-#define BIO_set_ssl_mode(b,client)	BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
-#define BIO_set_ssl_renegotiate_bytes(b,num) \
-	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
-#define BIO_get_num_renegotiates(b) \
-	BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
-#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
-	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
-
-/* defined in evp.h */
-/* #define BIO_set_md(b,md)	BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
-
-#define BIO_get_mem_data(b,pp)	BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
-#define BIO_set_mem_buf(b,bm,c)	BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
-#define BIO_get_mem_ptr(b,pp)	BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
-#define BIO_set_mem_eof_return(b,v) \
-				BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
-
-/* For the BIO_f_buffer() type */
-#define BIO_get_buffer_num_lines(b)	BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
-#define BIO_set_buffer_size(b,size)	BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
-#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
-#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
-#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
-
-/* Don't use the next one unless you know what you are doing :-) */
-#define BIO_dup_state(b,ret)	BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
-
-#define BIO_reset(b)		(int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
-#define BIO_eof(b)		(int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
-#define BIO_set_close(b,c)	(int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
-#define BIO_get_close(b)	(int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
-#define BIO_pending(b)		(int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
-#define BIO_wpending(b)		(int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
-/* ...pending macros have inappropriate return type */
-size_t BIO_ctrl_pending(BIO *b);
-size_t BIO_ctrl_wpending(BIO *b);
-#define BIO_flush(b)		(int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
-#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
-						   cbp)
-#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
-
-/* For the BIO_f_buffer() type */
-#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
-
-/* For BIO_s_bio() */
-#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
-#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
-#define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
-#define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
-#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
-/* macros with inappropriate type -- but ...pending macros use int too: */
-#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
-#define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
-size_t BIO_ctrl_get_write_guarantee(BIO *b);
-size_t BIO_ctrl_get_read_request(BIO *b);
-int BIO_ctrl_reset_read_request(BIO *b);
-
-/* ctrl macros for dgram */
-#define BIO_ctrl_dgram_connect(b,peer)  \
-                     (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer)
-#define BIO_ctrl_set_connected(b, state, peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer)
-#define BIO_dgram_recv_timedout(b) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
-#define BIO_dgram_send_timedout(b) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
-#define BIO_dgram_get_peer(b,peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
-#define BIO_dgram_set_peer(b,peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
-#define BIO_dgram_get_mtu_overhead(b) \
-         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
-
-/* These two aren't currently implemented */
-/* int BIO_get_ex_num(BIO *bio); */
-/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
-int BIO_set_ex_data(BIO *bio,int idx,void *data);
-void *BIO_get_ex_data(BIO *bio,int idx);
-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-unsigned long BIO_number_read(BIO *bio);
-unsigned long BIO_number_written(BIO *bio);
-
-/* For BIO_f_asn1() */
-int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
-					asn1_ps_func *prefix_free);
-int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
-					asn1_ps_func **pprefix_free);
-int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
-					asn1_ps_func *suffix_free);
-int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
-					asn1_ps_func **psuffix_free);
-
-# ifndef OPENSSL_NO_FP_API
-BIO_METHOD *BIO_s_file(void );
-BIO *BIO_new_file(const char *filename, const char *mode);
-BIO *BIO_new_fp(FILE *stream, int close_flag);
-# define BIO_s_file_internal	BIO_s_file
-# endif
-BIO *	BIO_new(BIO_METHOD *type);
-int	BIO_set(BIO *a,BIO_METHOD *type);
-int	BIO_free(BIO *a);
-void	BIO_vfree(BIO *a);
-BIO *	BIO_up_ref(BIO *bio);
-int	BIO_read(BIO *b, void *data, int len);
-int	BIO_gets(BIO *bp,char *buf, int size);
-int	BIO_write(BIO *b, const void *data, int len);
-int	BIO_puts(BIO *bp,const char *buf);
-int	BIO_indent(BIO *b,int indent,int max);
-long	BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
-char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
-long	BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
-BIO *	BIO_push(BIO *b,BIO *append);
-BIO *	BIO_pop(BIO *b);
-void	BIO_free_all(BIO *a);
-BIO *	BIO_find_type(BIO *b,int bio_type);
-BIO *	BIO_next(BIO *b);
-BIO *	BIO_get_retry_BIO(BIO *bio, int *reason);
-int	BIO_get_retry_reason(BIO *bio);
-BIO *	BIO_dup_chain(BIO *in);
-
-int BIO_nread0(BIO *bio, char **buf);
-int BIO_nread(BIO *bio, char **buf, int num);
-int BIO_nwrite0(BIO *bio, char **buf);
-int BIO_nwrite(BIO *bio, char **buf, int num);
-
-long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
-	long argl,long ret);
-
-BIO_METHOD *BIO_s_mem(void);
-BIO *BIO_new_mem_buf(void *buf, int len);
-BIO_METHOD *BIO_s_socket(void);
-BIO_METHOD *BIO_s_connect(void);
-BIO_METHOD *BIO_s_accept(void);
-BIO_METHOD *BIO_s_fd(void);
-#ifndef OPENSSL_SYS_OS2
-BIO_METHOD *BIO_s_log(void);
-#endif
-BIO_METHOD *BIO_s_bio(void);
-BIO_METHOD *BIO_s_null(void);
-BIO_METHOD *BIO_f_null(void);
-BIO_METHOD *BIO_f_buffer(void);
-#ifdef OPENSSL_SYS_VMS
-BIO_METHOD *BIO_f_linebuffer(void);
-#endif
-BIO_METHOD *BIO_f_nbio_test(void);
-#ifndef OPENSSL_NO_DGRAM
-BIO_METHOD *BIO_s_datagram(void);
-#ifndef OPENSSL_NO_SCTP
-BIO_METHOD *BIO_s_datagram_sctp(void);
-#endif
-#endif
-
-/* BIO_METHOD *BIO_f_ber(void); */
-
-int BIO_sock_should_retry(int i);
-int BIO_sock_non_fatal_error(int error);
-int BIO_dgram_non_fatal_error(int error);
-
-int BIO_fd_should_retry(int i);
-int BIO_fd_non_fatal_error(int error);
-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
-		void *u, const char *s, int len);
-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
-		       void *u, const char *s, int len, int indent);
-int BIO_dump(BIO *b,const char *bytes,int len);
-int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
-#ifndef OPENSSL_NO_FP_API
-int BIO_dump_fp(FILE *fp, const char *s, int len);
-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
-#endif
-struct hostent *BIO_gethostbyname(const char *name);
-/* We might want a thread-safe interface too:
- * struct hostent *BIO_gethostbyname_r(const char *name,
- *     struct hostent *result, void *buffer, size_t buflen);
- * or something similar (caller allocates a struct hostent,
- * pointed to by "result", and additional buffer space for the various
- * substructures; if the buffer does not suffice, NULL is returned
- * and an appropriate error code is set).
- */
-int BIO_sock_error(int sock);
-int BIO_socket_ioctl(int fd, long type, void *arg);
-int BIO_socket_nbio(int fd,int mode);
-int BIO_get_port(const char *str, unsigned short *port_ptr);
-int BIO_get_host_ip(const char *str, unsigned char *ip);
-int BIO_get_accept_socket(char *host_port,int mode);
-int BIO_accept(int sock,char **ip_port);
-int BIO_sock_init(void );
-void BIO_sock_cleanup(void);
-int BIO_set_tcp_ndelay(int sock,int turn_on);
-
-BIO *BIO_new_socket(int sock, int close_flag);
-BIO *BIO_new_dgram(int fd, int close_flag);
-#ifndef OPENSSL_NO_SCTP
-BIO *BIO_new_dgram_sctp(int fd, int close_flag);
-int BIO_dgram_is_sctp(BIO *bio);
-int BIO_dgram_sctp_notification_cb(BIO *b,
-                                   void (*handle_notifications)(BIO *bio, void *context, void *buf),
-                                   void *context);
-int BIO_dgram_sctp_wait_for_dry(BIO *b);
-int BIO_dgram_sctp_msg_waiting(BIO *b);
-#endif
-BIO *BIO_new_fd(int fd, int close_flag);
-BIO *BIO_new_connect(char *host_port);
-BIO *BIO_new_accept(char *host_port);
-
-int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
-	BIO **bio2, size_t writebuf2);
-/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
- * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.
- * Size 0 uses default value.
- */
-
-void BIO_copy_next_retry(BIO *b);
-
-/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
-
-#ifdef __GNUC__
-#  define __bio_h__attr__ __attribute__
-#else
-#  define __bio_h__attr__(x)
-#endif
-int BIO_printf(BIO *bio, const char *format, ...)
-	__bio_h__attr__((__format__(__printf__,2,3)));
-int BIO_vprintf(BIO *bio, const char *format, va_list args)
-	__bio_h__attr__((__format__(__printf__,2,0)));
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-	__bio_h__attr__((__format__(__printf__,3,4)));
-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
-	__bio_h__attr__((__format__(__printf__,3,0)));
-#undef __bio_h__attr__
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BIO_strings(void);
-
-/* Error codes for the BIO functions. */
-
-/* Function codes. */
-#define BIO_F_ACPT_STATE				 100
-#define BIO_F_BIO_ACCEPT				 101
-#define BIO_F_BIO_BER_GET_HEADER			 102
-#define BIO_F_BIO_CALLBACK_CTRL				 131
-#define BIO_F_BIO_CTRL					 103
-#define BIO_F_BIO_GETHOSTBYNAME				 120
-#define BIO_F_BIO_GETS					 104
-#define BIO_F_BIO_GET_ACCEPT_SOCKET			 105
-#define BIO_F_BIO_GET_HOST_IP				 106
-#define BIO_F_BIO_GET_PORT				 107
-#define BIO_F_BIO_MAKE_PAIR				 121
-#define BIO_F_BIO_NEW					 108
-#define BIO_F_BIO_NEW_FILE				 109
-#define BIO_F_BIO_NEW_MEM_BUF				 126
-#define BIO_F_BIO_NREAD					 123
-#define BIO_F_BIO_NREAD0				 124
-#define BIO_F_BIO_NWRITE				 125
-#define BIO_F_BIO_NWRITE0				 122
-#define BIO_F_BIO_PUTS					 110
-#define BIO_F_BIO_READ					 111
-#define BIO_F_BIO_SOCK_INIT				 112
-#define BIO_F_BIO_WRITE					 113
-#define BIO_F_BUFFER_CTRL				 114
-#define BIO_F_CONN_CTRL					 127
-#define BIO_F_CONN_STATE				 115
-#define BIO_F_DGRAM_SCTP_READ				 132
-#define BIO_F_FILE_CTRL					 116
-#define BIO_F_FILE_READ					 130
-#define BIO_F_LINEBUFFER_CTRL				 129
-#define BIO_F_MEM_READ					 128
-#define BIO_F_MEM_WRITE					 117
-#define BIO_F_SSL_NEW					 118
-#define BIO_F_WSASTARTUP				 119
-
-/* Reason codes. */
-#define BIO_R_ACCEPT_ERROR				 100
-#define BIO_R_BAD_FOPEN_MODE				 101
-#define BIO_R_BAD_HOSTNAME_LOOKUP			 102
-#define BIO_R_BROKEN_PIPE				 124
-#define BIO_R_CONNECT_ERROR				 103
-#define BIO_R_EOF_ON_MEMORY_BIO				 127
-#define BIO_R_ERROR_SETTING_NBIO			 104
-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET	 105
-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106
-#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107
-#define BIO_R_INVALID_ARGUMENT				 125
-#define BIO_R_INVALID_IP_ADDRESS			 108
-#define BIO_R_IN_USE					 123
-#define BIO_R_KEEPALIVE					 109
-#define BIO_R_NBIO_CONNECT_ERROR			 110
-#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 111
-#define BIO_R_NO_HOSTNAME_SPECIFIED			 112
-#define BIO_R_NO_PORT_DEFINED				 113
-#define BIO_R_NO_PORT_SPECIFIED				 114
-#define BIO_R_NO_SUCH_FILE				 128
-#define BIO_R_NULL_PARAMETER				 115
-#define BIO_R_TAG_MISMATCH				 116
-#define BIO_R_UNABLE_TO_BIND_SOCKET			 117
-#define BIO_R_UNABLE_TO_CREATE_SOCKET			 118
-#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 119
-#define BIO_R_UNINITIALIZED				 120
-#define BIO_R_UNSUPPORTED_METHOD			 121
-#define BIO_R_WRITE_TO_READ_ONLY_BIO			 126
-#define BIO_R_WSASTARTUP				 122
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c
deleted file mode 100644
index 9bcbc321d9..0000000000
--- a/crypto/bio/bio_cb.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/* crypto/bio/bio_cb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-
-long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
-	     int argi, long argl, long ret)
-	{
-	BIO *b;
-	MS_STATIC char buf[256];
-	char *p;
-	long r=1;
-	size_t p_maxlen;
-
-	if (BIO_CB_RETURN & cmd)
-		r=ret;
-
-	BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
-	p= &(buf[14]);
-	p_maxlen = sizeof buf - 14;
-	switch (cmd)
-		{
-	case BIO_CB_FREE:
-		BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
-		break;
-	case BIO_CB_READ:
-		if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-			BIO_snprintf(p,p_maxlen,"read(%d,%lu) - %s fd=%d\n",
-				 bio->num,(unsigned long)argi,
-				 bio->method->name,bio->num);
-		else
-			BIO_snprintf(p,p_maxlen,"read(%d,%lu) - %s\n",
-				 bio->num,(unsigned long)argi,
-				 bio->method->name);
-		break;
-	case BIO_CB_WRITE:
-		if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-			BIO_snprintf(p,p_maxlen,"write(%d,%lu) - %s fd=%d\n",
-				 bio->num,(unsigned long)argi,
-				 bio->method->name,bio->num);
-		else
-			BIO_snprintf(p,p_maxlen,"write(%d,%lu) - %s\n",
-				 bio->num,(unsigned long)argi,
-				 bio->method->name);
-		break;
-	case BIO_CB_PUTS:
-		BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
-		break;
-	case BIO_CB_GETS:
-		BIO_snprintf(p,p_maxlen,"gets(%lu) - %s\n",(unsigned long)argi,bio->method->name);
-		break;
-	case BIO_CB_CTRL:
-		BIO_snprintf(p,p_maxlen,"ctrl(%lu) - %s\n",(unsigned long)argi,bio->method->name);
-		break;
-	case BIO_CB_RETURN|BIO_CB_READ:
-		BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
-		break;
-	case BIO_CB_RETURN|BIO_CB_WRITE:
-		BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
-		break;
-	case BIO_CB_RETURN|BIO_CB_GETS:
-		BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
-		break;
-	case BIO_CB_RETURN|BIO_CB_PUTS:
-		BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
-		break;
-	case BIO_CB_RETURN|BIO_CB_CTRL:
-		BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
-		break;
-	default:
-		BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
-		break;
-		}
-
-	b=(BIO *)bio->cb_arg;
-	if (b != NULL)
-		BIO_write(b,buf,strlen(buf));
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
-	else
-		fputs(buf,stderr);
-#endif
-	return(r);
-	}
diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c
deleted file mode 100644
index 0dbfbd80d3..0000000000
--- a/crypto/bio/bio_err.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/* crypto/bio/bio_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/bio.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
-
-static ERR_STRING_DATA BIO_str_functs[]=
-	{
-{ERR_FUNC(BIO_F_ACPT_STATE),	"ACPT_STATE"},
-{ERR_FUNC(BIO_F_BIO_ACCEPT),	"BIO_accept"},
-{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER),	"BIO_BER_GET_HEADER"},
-{ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL),	"BIO_callback_ctrl"},
-{ERR_FUNC(BIO_F_BIO_CTRL),	"BIO_ctrl"},
-{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME),	"BIO_gethostbyname"},
-{ERR_FUNC(BIO_F_BIO_GETS),	"BIO_gets"},
-{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET),	"BIO_get_accept_socket"},
-{ERR_FUNC(BIO_F_BIO_GET_HOST_IP),	"BIO_get_host_ip"},
-{ERR_FUNC(BIO_F_BIO_GET_PORT),	"BIO_get_port"},
-{ERR_FUNC(BIO_F_BIO_MAKE_PAIR),	"BIO_MAKE_PAIR"},
-{ERR_FUNC(BIO_F_BIO_NEW),	"BIO_new"},
-{ERR_FUNC(BIO_F_BIO_NEW_FILE),	"BIO_new_file"},
-{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF),	"BIO_new_mem_buf"},
-{ERR_FUNC(BIO_F_BIO_NREAD),	"BIO_nread"},
-{ERR_FUNC(BIO_F_BIO_NREAD0),	"BIO_nread0"},
-{ERR_FUNC(BIO_F_BIO_NWRITE),	"BIO_nwrite"},
-{ERR_FUNC(BIO_F_BIO_NWRITE0),	"BIO_nwrite0"},
-{ERR_FUNC(BIO_F_BIO_PUTS),	"BIO_puts"},
-{ERR_FUNC(BIO_F_BIO_READ),	"BIO_read"},
-{ERR_FUNC(BIO_F_BIO_SOCK_INIT),	"BIO_sock_init"},
-{ERR_FUNC(BIO_F_BIO_WRITE),	"BIO_write"},
-{ERR_FUNC(BIO_F_BUFFER_CTRL),	"BUFFER_CTRL"},
-{ERR_FUNC(BIO_F_CONN_CTRL),	"CONN_CTRL"},
-{ERR_FUNC(BIO_F_CONN_STATE),	"CONN_STATE"},
-{ERR_FUNC(BIO_F_DGRAM_SCTP_READ),	"DGRAM_SCTP_READ"},
-{ERR_FUNC(BIO_F_FILE_CTRL),	"FILE_CTRL"},
-{ERR_FUNC(BIO_F_FILE_READ),	"FILE_READ"},
-{ERR_FUNC(BIO_F_LINEBUFFER_CTRL),	"LINEBUFFER_CTRL"},
-{ERR_FUNC(BIO_F_MEM_READ),	"MEM_READ"},
-{ERR_FUNC(BIO_F_MEM_WRITE),	"MEM_WRITE"},
-{ERR_FUNC(BIO_F_SSL_NEW),	"SSL_new"},
-{ERR_FUNC(BIO_F_WSASTARTUP),	"WSASTARTUP"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA BIO_str_reasons[]=
-	{
-{ERR_REASON(BIO_R_ACCEPT_ERROR)          ,"accept error"},
-{ERR_REASON(BIO_R_BAD_FOPEN_MODE)        ,"bad fopen mode"},
-{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP)   ,"bad hostname lookup"},
-{ERR_REASON(BIO_R_BROKEN_PIPE)           ,"broken pipe"},
-{ERR_REASON(BIO_R_CONNECT_ERROR)         ,"connect error"},
-{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO)     ,"EOF on memory BIO"},
-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO)    ,"error setting nbio"},
-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"},
-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"},
-{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"},
-{ERR_REASON(BIO_R_INVALID_ARGUMENT)      ,"invalid argument"},
-{ERR_REASON(BIO_R_INVALID_IP_ADDRESS)    ,"invalid ip address"},
-{ERR_REASON(BIO_R_IN_USE)                ,"in use"},
-{ERR_REASON(BIO_R_KEEPALIVE)             ,"keepalive"},
-{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR)    ,"nbio connect error"},
-{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"},
-{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"},
-{ERR_REASON(BIO_R_NO_PORT_DEFINED)       ,"no port defined"},
-{ERR_REASON(BIO_R_NO_PORT_SPECIFIED)     ,"no port specified"},
-{ERR_REASON(BIO_R_NO_SUCH_FILE)          ,"no such file"},
-{ERR_REASON(BIO_R_NULL_PARAMETER)        ,"null parameter"},
-{ERR_REASON(BIO_R_TAG_MISMATCH)          ,"tag mismatch"},
-{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"},
-{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"},
-{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"},
-{ERR_REASON(BIO_R_UNINITIALIZED)         ,"uninitialized"},
-{ERR_REASON(BIO_R_UNSUPPORTED_METHOD)    ,"unsupported method"},
-{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"},
-{ERR_REASON(BIO_R_WSASTARTUP)            ,"WSAStartup"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_BIO_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(BIO_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,BIO_str_functs);
-		ERR_load_strings(0,BIO_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/bio/bio_lcl.h b/crypto/bio/bio_lcl.h
deleted file mode 100644
index e7f7ec8d8b..0000000000
--- a/crypto/bio/bio_lcl.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#include <openssl/bio.h>
-
-#if BIO_FLAGS_UPLINK==0
-/* Shortcut UPLINK calls on most platforms... */
-#define	UP_stdin	stdin
-#define	UP_stdout	stdout
-#define	UP_stderr	stderr
-#define	UP_fprintf	fprintf
-#define	UP_fgets	fgets
-#define	UP_fread	fread
-#define	UP_fwrite	fwrite
-#undef	UP_fsetmod
-#define	UP_feof		feof
-#define	UP_fclose	fclose
-
-#define	UP_fopen	fopen
-#define	UP_fseek	fseek
-#define	UP_ftell	ftell
-#define	UP_fflush	fflush
-#define	UP_ferror	ferror
-#ifdef _WIN32
-#define	UP_fileno	_fileno
-#define	UP_open		_open
-#define	UP_read		_read
-#define	UP_write	_write
-#define	UP_lseek	_lseek
-#define	UP_close	_close
-#else
-#define	UP_fileno	fileno
-#define	UP_open		open
-#define	UP_read		read
-#define	UP_write	write
-#define	UP_lseek	lseek
-#define	UP_close	close
-#endif
-#endif
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
deleted file mode 100644
index 7f1e8a4252..0000000000
--- a/crypto/bio/bio_lib.c
+++ /dev/null
@@ -1,608 +0,0 @@
-/* crypto/bio/bio_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/stack.h>
-
-BIO *BIO_new(BIO_METHOD *method)
-	{
-	BIO *ret=NULL;
-
-	ret=(BIO *)OPENSSL_malloc(sizeof(BIO));
-	if (ret == NULL)
-		{
-		BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	if (!BIO_set(ret,method))
-		{
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
-
-int BIO_set(BIO *bio, BIO_METHOD *method)
-	{
-	bio->method=method;
-	bio->callback=NULL;
-	bio->cb_arg=NULL;
-	bio->init=0;
-	bio->shutdown=1;
-	bio->flags=0;
-	bio->retry_reason=0;
-	bio->num=0;
-	bio->ptr=NULL;
-	bio->prev_bio=NULL;
-	bio->next_bio=NULL;
-	bio->references=1;
-	bio->num_read=0L;
-	bio->num_write=0L;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
-	if (method->create != NULL)
-		if (!method->create(bio))
-			{
-			CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,
-					&bio->ex_data);
-			return(0);
-			}
-	return(1);
-	}
-
-int BIO_free(BIO *a)
-	{
-	int i;
-
-	if (a == NULL) return(0);
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO);
-#ifdef REF_PRINT
-	REF_PRINT("BIO",a);
-#endif
-	if (i > 0) return(1);
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"BIO_free, bad reference count\n");
-		abort();
-		}
-#endif
-	if ((a->callback != NULL) &&
-		((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
-			return(i);
-
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
-
-	if ((a->method != NULL) && (a->method->destroy != NULL))
-		a->method->destroy(a);
-	OPENSSL_free(a);
-	return(1);
-	}
-
-void BIO_vfree(BIO *a)
-    { BIO_free(a); }
-
-BIO *BIO_up_ref(BIO *bio)
-{
-    CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
-    return bio;
-}
-
-void BIO_clear_flags(BIO *b, int flags)
-	{
-	b->flags &= ~flags;
-	}
-
-int	BIO_test_flags(const BIO *b, int flags)
-	{
-	return (b->flags & flags);
-	}
-
-void	BIO_set_flags(BIO *b, int flags)
-	{
-	b->flags |= flags;
-	}
-
-long (*BIO_get_callback(const BIO *b))(struct bio_st *,int,const char *,int, long,long)
-	{
-	return b->callback;
-	}
-
-void BIO_set_callback(BIO *b, long (*cb)(struct bio_st *,int,const char *,int, long,long))
-	{
-	b->callback = cb;
-	}
-
-void BIO_set_callback_arg(BIO *b, char *arg)
-	{
-	b->cb_arg = arg;
-	}
-
-char * BIO_get_callback_arg(const BIO *b)
-	{
-	return b->cb_arg;
-	}
-
-const char * BIO_method_name(const BIO *b)
-	{
-	return b->method->name;
-	}
-
-int BIO_method_type(const BIO *b)
-	{
-	return b->method->type;
-	}
-
-
-int BIO_read(BIO *b, void *out, int outl)
-	{
-	int i;
-	long (*cb)(BIO *,int,const char *,int,long,long);
-
-	if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL))
-		{
-		BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD);
-		return(-2);
-		}
-
-	cb=b->callback;
-	if ((cb != NULL) &&
-		((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0))
-			return(i);
-
-	if (!b->init)
-		{
-		BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED);
-		return(-2);
-		}
-
-	i=b->method->bread(b,out,outl);
-
-	if (i > 0) b->num_read+=(unsigned long)i;
-
-	if (cb != NULL)
-		i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl,
-			0L,(long)i);
-	return(i);
-	}
-
-int BIO_write(BIO *b, const void *in, int inl)
-	{
-	int i;
-	long (*cb)(BIO *,int,const char *,int,long,long);
-
-	if (b == NULL)
-		return(0);
-
-	cb=b->callback;
-	if ((b->method == NULL) || (b->method->bwrite == NULL))
-		{
-		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD);
-		return(-2);
-		}
-
-	if ((cb != NULL) &&
-		((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0))
-			return(i);
-
-	if (!b->init)
-		{
-		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED);
-		return(-2);
-		}
-
-	i=b->method->bwrite(b,in,inl);
-
-	if (i > 0) b->num_write+=(unsigned long)i;
-
-	if (cb != NULL)
-		i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
-			0L,(long)i);
-	return(i);
-	}
-
-int BIO_puts(BIO *b, const char *in)
-	{
-	int i;
-	long (*cb)(BIO *,int,const char *,int,long,long);
-
-	if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL))
-		{
-		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD);
-		return(-2);
-		}
-
-	cb=b->callback;
-
-	if ((cb != NULL) &&
-		((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0))
-			return(i);
-
-	if (!b->init)
-		{
-		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED);
-		return(-2);
-		}
-
-	i=b->method->bputs(b,in);
-
-	if (i > 0) b->num_write+=(unsigned long)i;
-
-	if (cb != NULL)
-		i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
-			0L,(long)i);
-	return(i);
-	}
-
-int BIO_gets(BIO *b, char *in, int inl)
-	{
-	int i;
-	long (*cb)(BIO *,int,const char *,int,long,long);
-
-	if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL))
-		{
-		BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD);
-		return(-2);
-		}
-
-	cb=b->callback;
-
-	if ((cb != NULL) &&
-		((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0))
-			return(i);
-
-	if (!b->init)
-		{
-		BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED);
-		return(-2);
-		}
-
-	i=b->method->bgets(b,in,inl);
-
-	if (cb != NULL)
-		i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl,
-			0L,(long)i);
-	return(i);
-	}
-
-int BIO_indent(BIO *b,int indent,int max)
-	{
-	if(indent < 0)
-		indent=0;
-	if(indent > max)
-		indent=max;
-	while(indent--)
-		if(BIO_puts(b," ") != 1)
-			return 0;
-	return 1;
-	}
-
-long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
-	{
-	int i;
-
-	i=iarg;
-	return(BIO_ctrl(b,cmd,larg,(char *)&i));
-	}
-
-char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
-	{
-	char *p=NULL;
-
-	if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0)
-		return(NULL);
-	else
-		return(p);
-	}
-
-long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
-	{
-	long ret;
-	long (*cb)(BIO *,int,const char *,int,long,long);
-
-	if (b == NULL) return(0);
-
-	if ((b->method == NULL) || (b->method->ctrl == NULL))
-		{
-		BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
-		return(-2);
-		}
-
-	cb=b->callback;
-
-	if ((cb != NULL) &&
-		((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
-		return(ret);
-
-	ret=b->method->ctrl(b,cmd,larg,parg);
-
-	if (cb != NULL)
-		ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd,
-			larg,ret);
-	return(ret);
-	}
-
-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long))
-	{
-	long ret;
-	long (*cb)(BIO *,int,const char *,int,long,long);
-
-	if (b == NULL) return(0);
-
-	if ((b->method == NULL) || (b->method->callback_ctrl == NULL))
-		{
-		BIOerr(BIO_F_BIO_CALLBACK_CTRL,BIO_R_UNSUPPORTED_METHOD);
-		return(-2);
-		}
-
-	cb=b->callback;
-
-	if ((cb != NULL) &&
-		((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0))
-		return(ret);
-
-	ret=b->method->callback_ctrl(b,cmd,fp);
-
-	if (cb != NULL)
-		ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd,
-			0,ret);
-	return(ret);
-	}
-
-/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros
- * do; but those macros have inappropriate return type, and for interfacing
- * from other programming languages, C macros aren't much of a help anyway. */
-size_t BIO_ctrl_pending(BIO *bio)
-	{
-	return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
-	}
-
-size_t BIO_ctrl_wpending(BIO *bio)
-	{
-	return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
-	}
-
-
-/* put the 'bio' on the end of b's list of operators */
-BIO *BIO_push(BIO *b, BIO *bio)
-	{
-	BIO *lb;
-
-	if (b == NULL) return(bio);
-	lb=b;
-	while (lb->next_bio != NULL)
-		lb=lb->next_bio;
-	lb->next_bio=bio;
-	if (bio != NULL)
-		bio->prev_bio=lb;
-	/* called to do internal processing */
-	BIO_ctrl(b,BIO_CTRL_PUSH,0,lb);
-	return(b);
-	}
-
-/* Remove the first and return the rest */
-BIO *BIO_pop(BIO *b)
-	{
-	BIO *ret;
-
-	if (b == NULL) return(NULL);
-	ret=b->next_bio;
-
-	BIO_ctrl(b,BIO_CTRL_POP,0,b);
-
-	if (b->prev_bio != NULL)
-		b->prev_bio->next_bio=b->next_bio;
-	if (b->next_bio != NULL)
-		b->next_bio->prev_bio=b->prev_bio;
-
-	b->next_bio=NULL;
-	b->prev_bio=NULL;
-	return(ret);
-	}
-
-BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
-	{
-	BIO *b,*last;
-
-	b=last=bio;
-	for (;;)
-		{
-		if (!BIO_should_retry(b)) break;
-		last=b;
-		b=b->next_bio;
-		if (b == NULL) break;
-		}
-	if (reason != NULL) *reason=last->retry_reason;
-	return(last);
-	}
-
-int BIO_get_retry_reason(BIO *bio)
-	{
-	return(bio->retry_reason);
-	}
-
-BIO *BIO_find_type(BIO *bio, int type)
-	{
-	int mt,mask;
-
-	if(!bio) return NULL;
-	mask=type&0xff;
-	do	{
-		if (bio->method != NULL)
-			{
-			mt=bio->method->type;
-
-			if (!mask)
-				{
-				if (mt & type) return(bio);
-				}
-			else if (mt == type)
-				return(bio);
-			}
-		bio=bio->next_bio;
-		} while (bio != NULL);
-	return(NULL);
-	}
-
-BIO *BIO_next(BIO *b)
-	{
-	if(!b) return NULL;
-	return b->next_bio;
-	}
-
-void BIO_free_all(BIO *bio)
-	{
-	BIO *b;
-	int ref;
-
-	while (bio != NULL)
-		{
-		b=bio;
-		ref=b->references;
-		bio=bio->next_bio;
-		BIO_free(b);
-		/* Since ref count > 1, don't free anyone else. */
-		if (ref > 1) break;
-		}
-	}
-
-BIO *BIO_dup_chain(BIO *in)
-	{
-	BIO *ret=NULL,*eoc=NULL,*bio,*new_bio;
-
-	for (bio=in; bio != NULL; bio=bio->next_bio)
-		{
-		if ((new_bio=BIO_new(bio->method)) == NULL) goto err;
-		new_bio->callback=bio->callback;
-		new_bio->cb_arg=bio->cb_arg;
-		new_bio->init=bio->init;
-		new_bio->shutdown=bio->shutdown;
-		new_bio->flags=bio->flags;
-
-		/* This will let SSL_s_sock() work with stdin/stdout */
-		new_bio->num=bio->num;
-
-		if (!BIO_dup_state(bio,(char *)new_bio))
-			{
-			BIO_free(new_bio);
-			goto err;
-			}
-
-		/* copy app data */
-		if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
-					&bio->ex_data))
-			goto err;
-
-		if (ret == NULL)
-			{
-			eoc=new_bio;
-			ret=eoc;
-			}
-		else
-			{
-			BIO_push(eoc,new_bio);
-			eoc=new_bio;
-			}
-		}
-	return(ret);
-err:
-	if (ret != NULL)
-		BIO_free(ret);
-	return(NULL);	
-	}
-
-void BIO_copy_next_retry(BIO *b)
-	{
-	BIO_set_flags(b,BIO_get_retry_flags(b->next_bio));
-	b->retry_reason=b->next_bio->retry_reason;
-	}
-
-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-	{
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
-				new_func, dup_func, free_func);
-	}
-
-int BIO_set_ex_data(BIO *bio, int idx, void *data)
-	{
-	return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data));
-	}
-
-void *BIO_get_ex_data(BIO *bio, int idx)
-	{
-	return(CRYPTO_get_ex_data(&(bio->ex_data),idx));
-	}
-
-unsigned long BIO_number_read(BIO *bio)
-{
-	if(bio) return bio->num_read;
-	return 0;
-}
-
-unsigned long BIO_number_written(BIO *bio)
-{
-	if(bio) return bio->num_write;
-	return 0;
-}
-
-IMPLEMENT_STACK_OF(BIO)
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
deleted file mode 100644
index 5d49e1a72b..0000000000
--- a/crypto/bio/bss_acpt.c
+++ /dev/null
@@ -1,478 +0,0 @@
-/* crypto/bio/bss_acpt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-#ifndef OPENSSL_NO_SOCK
-
-#ifdef OPENSSL_SYS_WIN16
-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-#else
-#define SOCKET_PROTOCOL IPPROTO_TCP
-#endif
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-
-typedef struct bio_accept_st
-	{
-	int state;
-	char *param_addr;
-
-	int accept_sock;
-	int accept_nbio;
-
-	char *addr;
-	int nbio;
-	/* If 0, it means normal, if 1, do a connect on bind failure,
-	 * and if there is no-one listening, bind with SO_REUSEADDR.
-	 * If 2, always use SO_REUSEADDR. */
-	int bind_mode;
-	BIO *bio_chain;
-	} BIO_ACCEPT;
-
-static int acpt_write(BIO *h, const char *buf, int num);
-static int acpt_read(BIO *h, char *buf, int size);
-static int acpt_puts(BIO *h, const char *str);
-static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int acpt_new(BIO *h);
-static int acpt_free(BIO *data);
-static int acpt_state(BIO *b, BIO_ACCEPT *c);
-static void acpt_close_socket(BIO *data);
-static BIO_ACCEPT *BIO_ACCEPT_new(void );
-static void BIO_ACCEPT_free(BIO_ACCEPT *a);
-
-#define ACPT_S_BEFORE			1
-#define ACPT_S_GET_ACCEPT_SOCKET	2
-#define ACPT_S_OK			3
-
-static BIO_METHOD methods_acceptp=
-	{
-	BIO_TYPE_ACCEPT,
-	"socket accept",
-	acpt_write,
-	acpt_read,
-	acpt_puts,
-	NULL, /* connect_gets, */
-	acpt_ctrl,
-	acpt_new,
-	acpt_free,
-	NULL,
-	};
-
-BIO_METHOD *BIO_s_accept(void)
-	{
-	return(&methods_acceptp);
-	}
-
-static int acpt_new(BIO *bi)
-	{
-	BIO_ACCEPT *ba;
-
-	bi->init=0;
-	bi->num=INVALID_SOCKET;
-	bi->flags=0;
-	if ((ba=BIO_ACCEPT_new()) == NULL)
-		return(0);
-	bi->ptr=(char *)ba;
-	ba->state=ACPT_S_BEFORE;
-	bi->shutdown=1;
-	return(1);
-	}
-
-static BIO_ACCEPT *BIO_ACCEPT_new(void)
-	{
-	BIO_ACCEPT *ret;
-
-	if ((ret=(BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL)
-		return(NULL);
-
-	memset(ret,0,sizeof(BIO_ACCEPT));
-	ret->accept_sock=INVALID_SOCKET;
-	ret->bind_mode=BIO_BIND_NORMAL;
-	return(ret);
-	}
-
-static void BIO_ACCEPT_free(BIO_ACCEPT *a)
-	{
-	if(a == NULL)
-	    return;
-
-	if (a->param_addr != NULL) OPENSSL_free(a->param_addr);
-	if (a->addr != NULL) OPENSSL_free(a->addr);
-	if (a->bio_chain != NULL) BIO_free(a->bio_chain);
-	OPENSSL_free(a);
-	}
-
-static void acpt_close_socket(BIO *bio)
-	{
-	BIO_ACCEPT *c;
-
-	c=(BIO_ACCEPT *)bio->ptr;
-	if (c->accept_sock != INVALID_SOCKET)
-		{
-		shutdown(c->accept_sock,2);
-		closesocket(c->accept_sock);
-		c->accept_sock=INVALID_SOCKET;
-		bio->num=INVALID_SOCKET;
-		}
-	}
-
-static int acpt_free(BIO *a)
-	{
-	BIO_ACCEPT *data;
-
-	if (a == NULL) return(0);
-	data=(BIO_ACCEPT *)a->ptr;
-	 
-	if (a->shutdown)
-		{
-		acpt_close_socket(a);
-		BIO_ACCEPT_free(data);
-		a->ptr=NULL;
-		a->flags=0;
-		a->init=0;
-		}
-	return(1);
-	}
-	
-static int acpt_state(BIO *b, BIO_ACCEPT *c)
-	{
-	BIO *bio=NULL,*dbio;
-	int s= -1;
-	int i;
-
-again:
-	switch (c->state)
-		{
-	case ACPT_S_BEFORE:
-		if (c->param_addr == NULL)
-			{
-			BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED);
-			return(-1);
-			}
-		s=BIO_get_accept_socket(c->param_addr,c->bind_mode);
-		if (s == INVALID_SOCKET)
-			return(-1);
-
-		if (c->accept_nbio)
-			{
-			if (!BIO_socket_nbio(s,1))
-				{
-				closesocket(s);
-				BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
-				return(-1);
-				}
-			}
-		c->accept_sock=s;
-		b->num=s;
-		c->state=ACPT_S_GET_ACCEPT_SOCKET;
-		return(1);
-		/* break; */
-	case ACPT_S_GET_ACCEPT_SOCKET:
-		if (b->next_bio != NULL)
-			{
-			c->state=ACPT_S_OK;
-			goto again;
-			}
-		BIO_clear_retry_flags(b);
-		b->retry_reason=0;
-		i=BIO_accept(c->accept_sock,&(c->addr));
-
-		/* -2 return means we should retry */
-		if(i == -2)
-			{
-			BIO_set_retry_special(b);
-			b->retry_reason=BIO_RR_ACCEPT;
-			return -1;
-			}
-
-		if (i < 0) return(i);
-
-		bio=BIO_new_socket(i,BIO_CLOSE);
-		if (bio == NULL) goto err;
-
-		BIO_set_callback(bio,BIO_get_callback(b));
-		BIO_set_callback_arg(bio,BIO_get_callback_arg(b));
-
-		if (c->nbio)
-			{
-			if (!BIO_socket_nbio(i,1))
-				{
-				BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
-				goto err;
-				}
-			}
-
-		/* If the accept BIO has an bio_chain, we dup it and
-		 * put the new socket at the end. */
-		if (c->bio_chain != NULL)
-			{
-			if ((dbio=BIO_dup_chain(c->bio_chain)) == NULL)
-				goto err;
-			if (!BIO_push(dbio,bio)) goto err;
-			bio=dbio;
-			}
-		if (BIO_push(b,bio) == NULL) goto err;
-
-		c->state=ACPT_S_OK;
-		return(1);
-err:
-		if (bio != NULL)
-			BIO_free(bio);
-		else if (s >= 0)
-			closesocket(s);
-		return(0);
-		/* break; */
-	case ACPT_S_OK:
-		if (b->next_bio == NULL)
-			{
-			c->state=ACPT_S_GET_ACCEPT_SOCKET;
-			goto again;
-			}
-		return(1);
-		/* break; */
-	default:	
-		return(0);
-		/* break; */
-		}
-
-	}
-
-static int acpt_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
-	BIO_ACCEPT *data;
-
-	BIO_clear_retry_flags(b);
-	data=(BIO_ACCEPT *)b->ptr;
-
-	while (b->next_bio == NULL)
-		{
-		ret=acpt_state(b,data);
-		if (ret <= 0) return(ret);
-		}
-
-	ret=BIO_read(b->next_bio,out,outl);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
-
-static int acpt_write(BIO *b, const char *in, int inl)
-	{
-	int ret;
-	BIO_ACCEPT *data;
-
-	BIO_clear_retry_flags(b);
-	data=(BIO_ACCEPT *)b->ptr;
-
-	while (b->next_bio == NULL)
-		{
-		ret=acpt_state(b,data);
-		if (ret <= 0) return(ret);
-		}
-
-	ret=BIO_write(b->next_bio,in,inl);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
-
-static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	int *ip;
-	long ret=1;
-	BIO_ACCEPT *data;
-	char **pp;
-
-	data=(BIO_ACCEPT *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ret=0;
-		data->state=ACPT_S_BEFORE;
-		acpt_close_socket(b);
-		b->flags=0;
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		/* use this one to start the connection */
-		ret=(long)acpt_state(b,data);
-		break;
-	case BIO_C_SET_ACCEPT:
-		if (ptr != NULL)
-			{
-			if (num == 0)
-				{
-				b->init=1;
-				if (data->param_addr != NULL)
-					OPENSSL_free(data->param_addr);
-				data->param_addr=BUF_strdup(ptr);
-				}
-			else if (num == 1)
-				{
-				data->accept_nbio=(ptr != NULL);
-				}
-			else if (num == 2)
-				{
-				if (data->bio_chain != NULL)
-					BIO_free(data->bio_chain);
-				data->bio_chain=(BIO *)ptr;
-				}
-			}
-		break;
-	case BIO_C_SET_NBIO:
-		data->nbio=(int)num;
-		break;
-	case BIO_C_SET_FD:
-		b->init=1;
-		b->num= *((int *)ptr);
-		data->accept_sock=b->num;
-		data->state=ACPT_S_GET_ACCEPT_SOCKET;
-		b->shutdown=(int)num;
-		b->init=1;
-		break;
-	case BIO_C_GET_FD:
-		if (b->init)
-			{
-			ip=(int *)ptr;
-			if (ip != NULL)
-				*ip=data->accept_sock;
-			ret=data->accept_sock;
-			}
-		else
-			ret= -1;
-		break;
-	case BIO_C_GET_ACCEPT:
-		if (b->init)
-			{
-			if (ptr != NULL)
-				{
-				pp=(char **)ptr;
-				*pp=data->param_addr;
-				}
-			else
-				ret= -1;
-			}
-		else
-			ret= -1;
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_WPENDING:
-		ret=0;
-		break;
-	case BIO_CTRL_FLUSH:
-		break;
-	case BIO_C_SET_BIND_MODE:
-		data->bind_mode=(int)num;
-		break;
-	case BIO_C_GET_BIND_MODE:
-		ret=(long)data->bind_mode;
-		break;
-	case BIO_CTRL_DUP:
-/*		dbio=(BIO *)ptr;
-		if (data->param_port) EAY EAY
-			BIO_set_port(dbio,data->param_port);
-		if (data->param_hostname)
-			BIO_set_hostname(dbio,data->param_hostname);
-		BIO_set_nbio(dbio,data->nbio); */
-		break;
-
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static int acpt_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=acpt_write(bp,str,n);
-	return(ret);
-	}
-
-BIO *BIO_new_accept(char *str)
-	{
-	BIO *ret;
-
-	ret=BIO_new(BIO_s_accept());
-	if (ret == NULL) return(NULL);
-	if (BIO_set_accept_port(ret,str))
-		return(ret);
-	else
-		{
-		BIO_free(ret);
-		return(NULL);
-		}
-	}
-
-#endif
diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c
deleted file mode 100644
index 52ef0ebcb3..0000000000
--- a/crypto/bio/bss_bio.c
+++ /dev/null
@@ -1,924 +0,0 @@
-/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Special method for a BIO where the other endpoint is also a BIO
- * of this kind, handled by the same thread (i.e. the "peer" is actually
- * ourselves, wearing a different hat).
- * Such "BIO pairs" are mainly for using the SSL library with I/O interfaces
- * for which no specific BIO method is available.
- * See ssl/ssltest.c for some hints on how this can be used. */
-
-/* BIO_DEBUG implies BIO_PAIR_DEBUG */
-#ifdef BIO_DEBUG
-# ifndef BIO_PAIR_DEBUG
-#  define BIO_PAIR_DEBUG
-# endif
-#endif
-
-/* disable assert() unless BIO_PAIR_DEBUG has been defined */
-#ifndef BIO_PAIR_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-
-#include <assert.h>
-#include <limits.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/crypto.h>
-
-#include "e_os.h"
-
-/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */
-#if defined(OPENSSL_SYS_VXWORKS)
-# undef SSIZE_MAX
-#endif
-#ifndef SSIZE_MAX
-# define SSIZE_MAX INT_MAX
-#endif
-
-static int bio_new(BIO *bio);
-static int bio_free(BIO *bio);
-static int bio_read(BIO *bio, char *buf, int size);
-static int bio_write(BIO *bio, const char *buf, int num);
-static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
-static int bio_puts(BIO *bio, const char *str);
-
-static int bio_make_pair(BIO *bio1, BIO *bio2);
-static void bio_destroy_pair(BIO *bio);
-
-static BIO_METHOD methods_biop =
-{
-	BIO_TYPE_BIO,
-	"BIO pair",
-	bio_write,
-	bio_read,
-	bio_puts,
-	NULL /* no bio_gets */,
-	bio_ctrl,
-	bio_new,
-	bio_free,
-	NULL /* no bio_callback_ctrl */
-};
-
-BIO_METHOD *BIO_s_bio(void)
-	{
-	return &methods_biop;
-	}
-
-struct bio_bio_st
-{
-	BIO *peer;     /* NULL if buf == NULL.
-	                * If peer != NULL, then peer->ptr is also a bio_bio_st,
-	                * and its "peer" member points back to us.
-	                * peer != NULL iff init != 0 in the BIO. */
-	
-	/* This is for what we write (i.e. reading uses peer's struct): */
-	int closed;     /* valid iff peer != NULL */
-	size_t len;     /* valid iff buf != NULL; 0 if peer == NULL */
-	size_t offset;  /* valid iff buf != NULL; 0 if len == 0 */
-	size_t size;
-	char *buf;      /* "size" elements (if != NULL) */
-
-	size_t request; /* valid iff peer != NULL; 0 if len != 0,
-	                 * otherwise set by peer to number of bytes
-	                 * it (unsuccessfully) tried to read,
-	                 * never more than buffer space (size-len) warrants. */
-};
-
-static int bio_new(BIO *bio)
-	{
-	struct bio_bio_st *b;
-	
-	b = OPENSSL_malloc(sizeof *b);
-	if (b == NULL)
-		return 0;
-
-	b->peer = NULL;
-	b->size = 17*1024; /* enough for one TLS record (just a default) */
-	b->buf = NULL;
-
-	bio->ptr = b;
-	return 1;
-	}
-
-
-static int bio_free(BIO *bio)
-	{
-	struct bio_bio_st *b;
-
-	if (bio == NULL)
-		return 0;
-	b = bio->ptr;
-
-	assert(b != NULL);
-
-	if (b->peer)
-		bio_destroy_pair(bio);
-	
-	if (b->buf != NULL)
-		{
-		OPENSSL_free(b->buf);
-		}
-
-	OPENSSL_free(b);
-
-	return 1;
-	}
-
-
-
-static int bio_read(BIO *bio, char *buf, int size_)
-	{
-	size_t size = size_;
-	size_t rest;
-	struct bio_bio_st *b, *peer_b;
-
-	BIO_clear_retry_flags(bio);
-
-	if (!bio->init)
-		return 0;
-
-	b = bio->ptr;
-	assert(b != NULL);
-	assert(b->peer != NULL);
-	peer_b = b->peer->ptr;
-	assert(peer_b != NULL);
-	assert(peer_b->buf != NULL);
-
-	peer_b->request = 0; /* will be set in "retry_read" situation */
-
-	if (buf == NULL || size == 0)
-		return 0;
-
-	if (peer_b->len == 0)
-		{
-		if (peer_b->closed)
-			return 0; /* writer has closed, and no data is left */
-		else
-			{
-			BIO_set_retry_read(bio); /* buffer is empty */
-			if (size <= peer_b->size)
-				peer_b->request = size;
-			else
-				/* don't ask for more than the peer can
-				 * deliver in one write */
-				peer_b->request = peer_b->size;
-			return -1;
-			}
-		}
-
-	/* we can read */
-	if (peer_b->len < size)
-		size = peer_b->len;
-
-	/* now read "size" bytes */
-	
-	rest = size;
-	
-	assert(rest > 0);
-	do /* one or two iterations */
-		{
-		size_t chunk;
-		
-		assert(rest <= peer_b->len);
-		if (peer_b->offset + rest <= peer_b->size)
-			chunk = rest;
-		else
-			/* wrap around ring buffer */
-			chunk = peer_b->size - peer_b->offset;
-		assert(peer_b->offset + chunk <= peer_b->size);
-		
-		memcpy(buf, peer_b->buf + peer_b->offset, chunk);
-		
-		peer_b->len -= chunk;
-		if (peer_b->len)
-			{
-			peer_b->offset += chunk;
-			assert(peer_b->offset <= peer_b->size);
-			if (peer_b->offset == peer_b->size)
-				peer_b->offset = 0;
-			buf += chunk;
-			}
-		else
-			{
-			/* buffer now empty, no need to advance "buf" */
-			assert(chunk == rest);
-			peer_b->offset = 0;
-			}
-		rest -= chunk;
-		}
-	while (rest);
-	
-	return size;
-	}
-
-/* non-copying interface: provide pointer to available data in buffer
- *    bio_nread0:  return number of available bytes
- *    bio_nread:   also advance index
- * (example usage:  bio_nread0(), read from buffer, bio_nread()
- *  or just         bio_nread(), read from buffer)
- */
-/* WARNING: The non-copying interface is largely untested as of yet
- * and may contain bugs. */
-static ossl_ssize_t bio_nread0(BIO *bio, char **buf)
-	{
-	struct bio_bio_st *b, *peer_b;
-	ossl_ssize_t num;
-	
-	BIO_clear_retry_flags(bio);
-
-	if (!bio->init)
-		return 0;
-	
-	b = bio->ptr;
-	assert(b != NULL);
-	assert(b->peer != NULL);
-	peer_b = b->peer->ptr;
-	assert(peer_b != NULL);
-	assert(peer_b->buf != NULL);
-	
-	peer_b->request = 0;
-	
-	if (peer_b->len == 0)
-		{
-		char dummy;
-		
-		/* avoid code duplication -- nothing available for reading */
-		return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
-		}
-
-	num = peer_b->len;
-	if (peer_b->size < peer_b->offset + num)
-		/* no ring buffer wrap-around for non-copying interface */
-		num = peer_b->size - peer_b->offset;
-	assert(num > 0);
-
-	if (buf != NULL)
-		*buf = peer_b->buf + peer_b->offset;
-	return num;
-	}
-
-static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
-	{
-	struct bio_bio_st *b, *peer_b;
-	ossl_ssize_t num, available;
-
-	if (num_ > SSIZE_MAX)
-		num = SSIZE_MAX;
-	else
-		num = (ossl_ssize_t)num_;
-
-	available = bio_nread0(bio, buf);
-	if (num > available)
-		num = available;
-	if (num <= 0)
-		return num;
-
-	b = bio->ptr;
-	peer_b = b->peer->ptr;
-
-	peer_b->len -= num;
-	if (peer_b->len) 
-		{
-		peer_b->offset += num;
-		assert(peer_b->offset <= peer_b->size);
-		if (peer_b->offset == peer_b->size)
-			peer_b->offset = 0;
-		}
-	else
-		peer_b->offset = 0;
-
-	return num;
-	}
-
-
-static int bio_write(BIO *bio, const char *buf, int num_)
-	{
-	size_t num = num_;
-	size_t rest;
-	struct bio_bio_st *b;
-
-	BIO_clear_retry_flags(bio);
-
-	if (!bio->init || buf == NULL || num == 0)
-		return 0;
-
-	b = bio->ptr;		
-	assert(b != NULL);
-	assert(b->peer != NULL);
-	assert(b->buf != NULL);
-
-	b->request = 0;
-	if (b->closed)
-		{
-		/* we already closed */
-		BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
-		return -1;
-		}
-
-	assert(b->len <= b->size);
-
-	if (b->len == b->size)
-		{
-		BIO_set_retry_write(bio); /* buffer is full */
-		return -1;
-		}
-
-	/* we can write */
-	if (num > b->size - b->len)
-		num = b->size - b->len;
-	
-	/* now write "num" bytes */
-
-	rest = num;
-	
-	assert(rest > 0);
-	do /* one or two iterations */
-		{
-		size_t write_offset;
-		size_t chunk;
-
-		assert(b->len + rest <= b->size);
-
-		write_offset = b->offset + b->len;
-		if (write_offset >= b->size)
-			write_offset -= b->size;
-		/* b->buf[write_offset] is the first byte we can write to. */
-
-		if (write_offset + rest <= b->size)
-			chunk = rest;
-		else
-			/* wrap around ring buffer */
-			chunk = b->size - write_offset;
-		
-		memcpy(b->buf + write_offset, buf, chunk);
-		
-		b->len += chunk;
-
-		assert(b->len <= b->size);
-		
-		rest -= chunk;
-		buf += chunk;
-		}
-	while (rest);
-
-	return num;
-	}
-
-/* non-copying interface: provide pointer to region to write to
- *   bio_nwrite0:  check how much space is available
- *   bio_nwrite:   also increase length
- * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
- *  or just         bio_nwrite(), write to buffer)
- */
-static ossl_ssize_t bio_nwrite0(BIO *bio, char **buf)
-	{
-	struct bio_bio_st *b;
-	size_t num;
-	size_t write_offset;
-
-	BIO_clear_retry_flags(bio);
-
-	if (!bio->init)
-		return 0;
-
-	b = bio->ptr;		
-	assert(b != NULL);
-	assert(b->peer != NULL);
-	assert(b->buf != NULL);
-
-	b->request = 0;
-	if (b->closed)
-		{
-		BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
-		return -1;
-		}
-
-	assert(b->len <= b->size);
-
-	if (b->len == b->size)
-		{
-		BIO_set_retry_write(bio);
-		return -1;
-		}
-
-	num = b->size - b->len;
-	write_offset = b->offset + b->len;
-	if (write_offset >= b->size)
-		write_offset -= b->size;
-	if (write_offset + num > b->size)
-		/* no ring buffer wrap-around for non-copying interface
-		 * (to fulfil the promise by BIO_ctrl_get_write_guarantee,
-		 * BIO_nwrite may have to be called twice) */
-		num = b->size - write_offset;
-
-	if (buf != NULL)
-		*buf = b->buf + write_offset;
-	assert(write_offset + num <= b->size);
-
-	return num;
-	}
-
-static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
-	{
-	struct bio_bio_st *b;
-	ossl_ssize_t num, space;
-
-	if (num_ > SSIZE_MAX)
-		num = SSIZE_MAX;
-	else
-		num = (ossl_ssize_t)num_;
-
-	space = bio_nwrite0(bio, buf);
-	if (num > space)
-		num = space;
-	if (num <= 0)
-		return num;
-	b = bio->ptr;
-	assert(b != NULL);
-	b->len += num;
-	assert(b->len <= b->size);
-
-	return num;
-	}
-
-
-static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
-	{
-	long ret;
-	struct bio_bio_st *b = bio->ptr;
-	
-	assert(b != NULL);
-
-	switch (cmd)
-		{
-	/* specific CTRL codes */
-
-	case BIO_C_SET_WRITE_BUF_SIZE:
-		if (b->peer)
-			{
-			BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
-			ret = 0;
-			}
-		else if (num == 0)
-			{
-			BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
-			ret = 0;
-			}
-		else
-			{
-			size_t new_size = num;
-
-			if (b->size != new_size)
-				{
-				if (b->buf) 
-					{
-					OPENSSL_free(b->buf);
-					b->buf = NULL;
-					}
-				b->size = new_size;
-				}
-			ret = 1;
-			}
-		break;
-
-	case BIO_C_GET_WRITE_BUF_SIZE:
-		ret = (long) b->size;
-		break;
-
-	case BIO_C_MAKE_BIO_PAIR:
-		{
-		BIO *other_bio = ptr;
-		
-		if (bio_make_pair(bio, other_bio))
-			ret = 1;
-		else
-			ret = 0;
-		}
-		break;
-		
-	case BIO_C_DESTROY_BIO_PAIR:
-		/* Affects both BIOs in the pair -- call just once!
-		 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
-		bio_destroy_pair(bio);
-		ret = 1;
-		break;
-
-	case BIO_C_GET_WRITE_GUARANTEE:
-		/* How many bytes can the caller feed to the next write
-		 * without having to keep any? */
-		if (b->peer == NULL || b->closed)
-			ret = 0;
-		else
-			ret = (long) b->size - b->len;
-		break;
-
-	case BIO_C_GET_READ_REQUEST:
-		/* If the peer unsuccessfully tried to read, how many bytes
-		 * were requested?  (As with BIO_CTRL_PENDING, that number
-		 * can usually be treated as boolean.) */
-		ret = (long) b->request;
-		break;
-
-	case BIO_C_RESET_READ_REQUEST:
-		/* Reset request.  (Can be useful after read attempts
-		 * at the other side that are meant to be non-blocking,
-		 * e.g. when probing SSL_read to see if any data is
-		 * available.) */
-		b->request = 0;
-		ret = 1;
-		break;
-
-	case BIO_C_SHUTDOWN_WR:
-		/* similar to shutdown(..., SHUT_WR) */
-		b->closed = 1;
-		ret = 1;
-		break;
-
-	case BIO_C_NREAD0:
-		/* prepare for non-copying read */
-		ret = (long) bio_nread0(bio, ptr);
-		break;
-		
-	case BIO_C_NREAD:
-		/* non-copying read */
-		ret = (long) bio_nread(bio, ptr, (size_t) num);
-		break;
-		
-	case BIO_C_NWRITE0:
-		/* prepare for non-copying write */
-		ret = (long) bio_nwrite0(bio, ptr);
-		break;
-
-	case BIO_C_NWRITE:
-		/* non-copying write */
-		ret = (long) bio_nwrite(bio, ptr, (size_t) num);
-		break;
-		
-
-	/* standard CTRL codes follow */
-
-	case BIO_CTRL_RESET:
-		if (b->buf != NULL)
-			{
-			b->len = 0;
-			b->offset = 0;
-			}
-		ret = 0;
-		break;		
-
-	case BIO_CTRL_GET_CLOSE:
-		ret = bio->shutdown;
-		break;
-
-	case BIO_CTRL_SET_CLOSE:
-		bio->shutdown = (int) num;
-		ret = 1;
-		break;
-
-	case BIO_CTRL_PENDING:
-		if (b->peer != NULL)
-			{
-			struct bio_bio_st *peer_b = b->peer->ptr;
-			
-			ret = (long) peer_b->len;
-			}
-		else
-			ret = 0;
-		break;
-
-	case BIO_CTRL_WPENDING:
-		if (b->buf != NULL)
-			ret = (long) b->len;
-		else
-			ret = 0;
-		break;
-
-	case BIO_CTRL_DUP:
-		/* See BIO_dup_chain for circumstances we have to expect. */
-		{
-		BIO *other_bio = ptr;
-		struct bio_bio_st *other_b;
-		
-		assert(other_bio != NULL);
-		other_b = other_bio->ptr;
-		assert(other_b != NULL);
-		
-		assert(other_b->buf == NULL); /* other_bio is always fresh */
-
-		other_b->size = b->size;
-		}
-
-		ret = 1;
-		break;
-
-	case BIO_CTRL_FLUSH:
-		ret = 1;
-		break;
-
-	case BIO_CTRL_EOF:
-		{
-		BIO *other_bio = ptr;
-		
-		if (other_bio)
-			{
-			struct bio_bio_st *other_b = other_bio->ptr;
-			
-			assert(other_b != NULL);
-			ret = other_b->len == 0 && other_b->closed;
-			}
-		else
-			ret = 1;
-		}
-		break;
-
-	default:
-		ret = 0;
-		}
-	return ret;
-	}
-
-static int bio_puts(BIO *bio, const char *str)
-	{
-	return bio_write(bio, str, strlen(str));
-	}
-
-
-static int bio_make_pair(BIO *bio1, BIO *bio2)
-	{
-	struct bio_bio_st *b1, *b2;
-
-	assert(bio1 != NULL);
-	assert(bio2 != NULL);
-
-	b1 = bio1->ptr;
-	b2 = bio2->ptr;
-	
-	if (b1->peer != NULL || b2->peer != NULL)
-		{
-		BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
-		return 0;
-		}
-	
-	if (b1->buf == NULL)
-		{
-		b1->buf = OPENSSL_malloc(b1->size);
-		if (b1->buf == NULL)
-			{
-			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		b1->len = 0;
-		b1->offset = 0;
-		}
-	
-	if (b2->buf == NULL)
-		{
-		b2->buf = OPENSSL_malloc(b2->size);
-		if (b2->buf == NULL)
-			{
-			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		b2->len = 0;
-		b2->offset = 0;
-		}
-	
-	b1->peer = bio2;
-	b1->closed = 0;
-	b1->request = 0;
-	b2->peer = bio1;
-	b2->closed = 0;
-	b2->request = 0;
-
-	bio1->init = 1;
-	bio2->init = 1;
-
-	return 1;
-	}
-
-static void bio_destroy_pair(BIO *bio)
-	{
-	struct bio_bio_st *b = bio->ptr;
-
-	if (b != NULL)
-		{
-		BIO *peer_bio = b->peer;
-
-		if (peer_bio != NULL)
-			{
-			struct bio_bio_st *peer_b = peer_bio->ptr;
-
-			assert(peer_b != NULL);
-			assert(peer_b->peer == bio);
-
-			peer_b->peer = NULL;
-			peer_bio->init = 0;
-			assert(peer_b->buf != NULL);
-			peer_b->len = 0;
-			peer_b->offset = 0;
-			
-			b->peer = NULL;
-			bio->init = 0;
-			assert(b->buf != NULL);
-			b->len = 0;
-			b->offset = 0;
-			}
-		}
-	}
- 
-
-/* Exported convenience functions */
-int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
-	BIO **bio2_p, size_t writebuf2)
-	 {
-	 BIO *bio1 = NULL, *bio2 = NULL;
-	 long r;
-	 int ret = 0;
-
-	 bio1 = BIO_new(BIO_s_bio());
-	 if (bio1 == NULL)
-		 goto err;
-	 bio2 = BIO_new(BIO_s_bio());
-	 if (bio2 == NULL)
-		 goto err;
-
-	 if (writebuf1)
-		 {
-		 r = BIO_set_write_buf_size(bio1, writebuf1);
-		 if (!r)
-			 goto err;
-		 }
-	 if (writebuf2)
-		 {
-		 r = BIO_set_write_buf_size(bio2, writebuf2);
-		 if (!r)
-			 goto err;
-		 }
-
-	 r = BIO_make_bio_pair(bio1, bio2);
-	 if (!r)
-		 goto err;
-	 ret = 1;
-
- err:
-	 if (ret == 0)
-		 {
-		 if (bio1)
-			 {
-			 BIO_free(bio1);
-			 bio1 = NULL;
-			 }
-		 if (bio2)
-			 {
-			 BIO_free(bio2);
-			 bio2 = NULL;
-			 }
-		 }
-
-	 *bio1_p = bio1;
-	 *bio2_p = bio2;
-	 return ret;
-	 }
-
-size_t BIO_ctrl_get_write_guarantee(BIO *bio)
-	{
-	return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
-	}
-
-size_t BIO_ctrl_get_read_request(BIO *bio)
-	{
-	return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
-	}
-
-int BIO_ctrl_reset_read_request(BIO *bio)
-	{
-	return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
-	}
-
-
-/* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
- * (conceivably some other BIOs could allow non-copying reads and writes too.)
- */
-int BIO_nread0(BIO *bio, char **buf)
-	{
-	long ret;
-
-	if (!bio->init)
-		{
-		BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
-		return -2;
-		}
-
-	ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
-	if (ret > INT_MAX)
-		return INT_MAX;
-	else
-		return (int) ret;
-	}
-
-int BIO_nread(BIO *bio, char **buf, int num)
-	{
-	int ret;
-
-	if (!bio->init)
-		{
-		BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
-		return -2;
-		}
-
-	ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf);
-	if (ret > 0)
-		bio->num_read += ret;
-	return ret;
-	}
-
-int BIO_nwrite0(BIO *bio, char **buf)
-	{
-	long ret;
-
-	if (!bio->init)
-		{
-		BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
-		return -2;
-		}
-
-	ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
-	if (ret > INT_MAX)
-		return INT_MAX;
-	else
-		return (int) ret;
-	}
-
-int BIO_nwrite(BIO *bio, char **buf, int num)
-	{
-	int ret;
-
-	if (!bio->init)
-		{
-		BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
-		return -2;
-		}
-
-	ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
-	if (ret > 0)
-		bio->num_write += ret;
-	return ret;
-	}
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
deleted file mode 100644
index c14727855b..0000000000
--- a/crypto/bio/bss_conn.c
+++ /dev/null
@@ -1,652 +0,0 @@
-/* crypto/bio/bss_conn.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-#ifndef OPENSSL_NO_SOCK
-
-#ifdef OPENSSL_SYS_WIN16
-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-#else
-#define SOCKET_PROTOCOL IPPROTO_TCP
-#endif
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-
-
-typedef struct bio_connect_st
-	{
-	int state;
-
-	char *param_hostname;
-	char *param_port;
-	int nbio;
-
-	unsigned char ip[4];
-	unsigned short port;
-
-	struct sockaddr_in them;
-
-	/* int socket; this will be kept in bio->num so that it is
-	 * compatible with the bss_sock bio */ 
-
-	/* called when the connection is initially made
-	 *  callback(BIO,state,ret);  The callback should return
-	 * 'ret'.  state is for compatibility with the ssl info_callback */
-	int (*info_callback)(const BIO *bio,int state,int ret);
-	} BIO_CONNECT;
-
-static int conn_write(BIO *h, const char *buf, int num);
-static int conn_read(BIO *h, char *buf, int size);
-static int conn_puts(BIO *h, const char *str);
-static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int conn_new(BIO *h);
-static int conn_free(BIO *data);
-static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *);
-
-static int conn_state(BIO *b, BIO_CONNECT *c);
-static void conn_close_socket(BIO *data);
-BIO_CONNECT *BIO_CONNECT_new(void );
-void BIO_CONNECT_free(BIO_CONNECT *a);
-
-static BIO_METHOD methods_connectp=
-	{
-	BIO_TYPE_CONNECT,
-	"socket connect",
-	conn_write,
-	conn_read,
-	conn_puts,
-	NULL, /* connect_gets, */
-	conn_ctrl,
-	conn_new,
-	conn_free,
-	conn_callback_ctrl,
-	};
-
-static int conn_state(BIO *b, BIO_CONNECT *c)
-	{
-	int ret= -1,i;
-	unsigned long l;
-	char *p,*q;
-	int (*cb)(const BIO *,int,int)=NULL;
-
-	if (c->info_callback != NULL)
-		cb=c->info_callback;
-
-	for (;;)
-		{
-		switch (c->state)
-			{
-		case BIO_CONN_S_BEFORE:
-			p=c->param_hostname;
-			if (p == NULL)
-				{
-				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTNAME_SPECIFIED);
-				goto exit_loop;
-				}
-			for ( ; *p != '\0'; p++)
-				{
-				if ((*p == ':') || (*p == '/')) break;
-				}
-
-			i= *p;
-			if ((i == ':') || (i == '/'))
-				{
-
-				*(p++)='\0';
-				if (i == ':')
-					{
-					for (q=p; *q; q++)
-						if (*q == '/')
-							{
-							*q='\0';
-							break;
-							}
-					if (c->param_port != NULL)
-						OPENSSL_free(c->param_port);
-					c->param_port=BUF_strdup(p);
-					}
-				}
-
-			if (c->param_port == NULL)
-				{
-				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED);
-				ERR_add_error_data(2,"host=",c->param_hostname);
-				goto exit_loop;
-				}
-			c->state=BIO_CONN_S_GET_IP;
-			break;
-
-		case BIO_CONN_S_GET_IP:
-			if (BIO_get_host_ip(c->param_hostname,&(c->ip[0])) <= 0)
-				goto exit_loop;
-			c->state=BIO_CONN_S_GET_PORT;
-			break;
-
-		case BIO_CONN_S_GET_PORT:
-			if (c->param_port == NULL)
-				{
-				/* abort(); */
-				goto exit_loop;
-				}
-			else if (BIO_get_port(c->param_port,&c->port) <= 0)
-				goto exit_loop;
-			c->state=BIO_CONN_S_CREATE_SOCKET;
-			break;
-
-		case BIO_CONN_S_CREATE_SOCKET:
-			/* now setup address */
-			memset((char *)&c->them,0,sizeof(c->them));
-			c->them.sin_family=AF_INET;
-			c->them.sin_port=htons((unsigned short)c->port);
-			l=(unsigned long)
-				((unsigned long)c->ip[0]<<24L)|
-				((unsigned long)c->ip[1]<<16L)|
-				((unsigned long)c->ip[2]<< 8L)|
-				((unsigned long)c->ip[3]);
-			c->them.sin_addr.s_addr=htonl(l);
-			c->state=BIO_CONN_S_CREATE_SOCKET;
-
-			ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-			if (ret == INVALID_SOCKET)
-				{
-				SYSerr(SYS_F_SOCKET,get_last_socket_error());
-				ERR_add_error_data(4,"host=",c->param_hostname,
-					":",c->param_port);
-				BIOerr(BIO_F_CONN_STATE,BIO_R_UNABLE_TO_CREATE_SOCKET);
-				goto exit_loop;
-				}
-			b->num=ret;
-			c->state=BIO_CONN_S_NBIO;
-			break;
-
-		case BIO_CONN_S_NBIO:
-			if (c->nbio)
-				{
-				if (!BIO_socket_nbio(b->num,1))
-					{
-					BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO);
-					ERR_add_error_data(4,"host=",
-						c->param_hostname,
-						":",c->param_port);
-					goto exit_loop;
-					}
-				}
-			c->state=BIO_CONN_S_CONNECT;
-
-#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
-			i=1;
-			i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-			if (i < 0)
-				{
-				SYSerr(SYS_F_SOCKET,get_last_socket_error());
-				ERR_add_error_data(4,"host=",c->param_hostname,
-					":",c->param_port);
-				BIOerr(BIO_F_CONN_STATE,BIO_R_KEEPALIVE);
-				goto exit_loop;
-				}
-#endif
-			break;
-
-		case BIO_CONN_S_CONNECT:
-			BIO_clear_retry_flags(b);
-			ret=connect(b->num,
-				(struct sockaddr *)&c->them,
-				sizeof(c->them));
-			b->retry_reason=0;
-			if (ret < 0)
-				{
-				if (BIO_sock_should_retry(ret))
-					{
-					BIO_set_retry_special(b);
-					c->state=BIO_CONN_S_BLOCKED_CONNECT;
-					b->retry_reason=BIO_RR_CONNECT;
-					}
-				else
-					{
-					SYSerr(SYS_F_CONNECT,get_last_socket_error());
-					ERR_add_error_data(4,"host=",
-						c->param_hostname,
-						":",c->param_port);
-					BIOerr(BIO_F_CONN_STATE,BIO_R_CONNECT_ERROR);
-					}
-				goto exit_loop;
-				}
-			else
-				c->state=BIO_CONN_S_OK;
-			break;
-
-		case BIO_CONN_S_BLOCKED_CONNECT:
-			i=BIO_sock_error(b->num);
-			if (i)
-				{
-				BIO_clear_retry_flags(b);
-				SYSerr(SYS_F_CONNECT,i);
-				ERR_add_error_data(4,"host=",
-					c->param_hostname,
-					":",c->param_port);
-				BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR);
-				ret=0;
-				goto exit_loop;
-				}
-			else
-				c->state=BIO_CONN_S_OK;
-			break;
-
-		case BIO_CONN_S_OK:
-			ret=1;
-			goto exit_loop;
-		default:
-			/* abort(); */
-			goto exit_loop;
-			}
-
-		if (cb != NULL)
-			{
-			if (!(ret=cb((BIO *)b,c->state,ret)))
-				goto end;
-			}
-		}
-
-	/* Loop does not exit */
-exit_loop:
-	if (cb != NULL)
-		ret=cb((BIO *)b,c->state,ret);
-end:
-	return(ret);
-	}
-
-BIO_CONNECT *BIO_CONNECT_new(void)
-	{
-	BIO_CONNECT *ret;
-
-	if ((ret=(BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL)
-		return(NULL);
-	ret->state=BIO_CONN_S_BEFORE;
-	ret->param_hostname=NULL;
-	ret->param_port=NULL;
-	ret->info_callback=NULL;
-	ret->nbio=0;
-	ret->ip[0]=0;
-	ret->ip[1]=0;
-	ret->ip[2]=0;
-	ret->ip[3]=0;
-	ret->port=0;
-	memset((char *)&ret->them,0,sizeof(ret->them));
-	return(ret);
-	}
-
-void BIO_CONNECT_free(BIO_CONNECT *a)
-	{
-	if(a == NULL)
-	    return;
-
-	if (a->param_hostname != NULL)
-		OPENSSL_free(a->param_hostname);
-	if (a->param_port != NULL)
-		OPENSSL_free(a->param_port);
-	OPENSSL_free(a);
-	}
-
-BIO_METHOD *BIO_s_connect(void)
-	{
-	return(&methods_connectp);
-	}
-
-static int conn_new(BIO *bi)
-	{
-	bi->init=0;
-	bi->num=INVALID_SOCKET;
-	bi->flags=0;
-	if ((bi->ptr=(char *)BIO_CONNECT_new()) == NULL)
-		return(0);
-	else
-		return(1);
-	}
-
-static void conn_close_socket(BIO *bio)
-	{
-	BIO_CONNECT *c;
-
-	c=(BIO_CONNECT *)bio->ptr;
-	if (bio->num != INVALID_SOCKET)
-		{
-		/* Only do a shutdown if things were established */
-		if (c->state == BIO_CONN_S_OK)
-			shutdown(bio->num,2);
-		closesocket(bio->num);
-		bio->num=INVALID_SOCKET;
-		}
-	}
-
-static int conn_free(BIO *a)
-	{
-	BIO_CONNECT *data;
-
-	if (a == NULL) return(0);
-	data=(BIO_CONNECT *)a->ptr;
-	 
-	if (a->shutdown)
-		{
-		conn_close_socket(a);
-		BIO_CONNECT_free(data);
-		a->ptr=NULL;
-		a->flags=0;
-		a->init=0;
-		}
-	return(1);
-	}
-	
-static int conn_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
-	BIO_CONNECT *data;
-
-	data=(BIO_CONNECT *)b->ptr;
-	if (data->state != BIO_CONN_S_OK)
-		{
-		ret=conn_state(b,data);
-		if (ret <= 0)
-				return(ret);
-		}
-
-	if (out != NULL)
-		{
-		clear_socket_error();
-		ret=readsocket(b->num,out,outl);
-		BIO_clear_retry_flags(b);
-		if (ret <= 0)
-			{
-			if (BIO_sock_should_retry(ret))
-				BIO_set_retry_read(b);
-			}
-		}
-	return(ret);
-	}
-
-static int conn_write(BIO *b, const char *in, int inl)
-	{
-	int ret;
-	BIO_CONNECT *data;
-
-	data=(BIO_CONNECT *)b->ptr;
-	if (data->state != BIO_CONN_S_OK)
-		{
-		ret=conn_state(b,data);
-		if (ret <= 0) return(ret);
-		}
-
-	clear_socket_error();
-	ret=writesocket(b->num,in,inl);
-	BIO_clear_retry_flags(b);
-	if (ret <= 0)
-		{
-		if (BIO_sock_should_retry(ret))
-			BIO_set_retry_write(b);
-		}
-	return(ret);
-	}
-
-static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	BIO *dbio;
-	int *ip;
-	const char **pptr;
-	long ret=1;
-	BIO_CONNECT *data;
-
-	data=(BIO_CONNECT *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ret=0;
-		data->state=BIO_CONN_S_BEFORE;
-		conn_close_socket(b);
-		b->flags=0;
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		/* use this one to start the connection */
-		if (data->state != BIO_CONN_S_OK)
-			ret=(long)conn_state(b,data);
-		else
-			ret=1;
-		break;
-	case BIO_C_GET_CONNECT:
-		if (ptr != NULL)
-			{
-			pptr=(const char **)ptr;
-			if (num == 0)
-				{
-				*pptr=data->param_hostname;
-
-				}
-			else if (num == 1)
-				{
-				*pptr=data->param_port;
-				}
-			else if (num == 2)
-				{
-				*pptr= (char *)&(data->ip[0]);
-				}
-			else if (num == 3)
-				{
-				*((int *)ptr)=data->port;
-				}
-			if ((!b->init) || (ptr == NULL))
-				*pptr="not initialized";
-			ret=1;
-			}
-		break;
-	case BIO_C_SET_CONNECT:
-		if (ptr != NULL)
-			{
-			b->init=1;
-			if (num == 0)
-				{
-				if (data->param_hostname != NULL)
-					OPENSSL_free(data->param_hostname);
-				data->param_hostname=BUF_strdup(ptr);
-				}
-			else if (num == 1)
-				{
-				if (data->param_port != NULL)
-					OPENSSL_free(data->param_port);
-				data->param_port=BUF_strdup(ptr);
-				}
-			else if (num == 2)
-				{
-				char buf[16];
-				unsigned char *p = ptr;
-
-				BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
-					     p[0],p[1],p[2],p[3]);
-				if (data->param_hostname != NULL)
-					OPENSSL_free(data->param_hostname);
-				data->param_hostname=BUF_strdup(buf);
-				memcpy(&(data->ip[0]),ptr,4);
-				}
-			else if (num == 3)
-				{
-				char buf[DECIMAL_SIZE(int)+1];
-
-				BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
-				if (data->param_port != NULL)
-					OPENSSL_free(data->param_port);
-				data->param_port=BUF_strdup(buf);
-				data->port= *(int *)ptr;
-				}
-			}
-		break;
-	case BIO_C_SET_NBIO:
-		data->nbio=(int)num;
-		break;
-	case BIO_C_GET_FD:
-		if (b->init)
-			{
-			ip=(int *)ptr;
-			if (ip != NULL)
-				*ip=b->num;
-			ret=b->num;
-			}
-		else
-			ret= -1;
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_WPENDING:
-		ret=0;
-		break;
-	case BIO_CTRL_FLUSH:
-		break;
-	case BIO_CTRL_DUP:
-		{
-		dbio=(BIO *)ptr;
-		if (data->param_port)
-			BIO_set_conn_port(dbio,data->param_port);
-		if (data->param_hostname)
-			BIO_set_conn_hostname(dbio,data->param_hostname);
-		BIO_set_nbio(dbio,data->nbio);
-		/* FIXME: the cast of the function seems unlikely to be a good idea */
-                (void)BIO_set_info_callback(dbio,(bio_info_cb *)data->info_callback);
-		}
-		break;
-	case BIO_CTRL_SET_CALLBACK:
-		{
-#if 0 /* FIXME: Should this be used?  -- Richard Levitte */
-		BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		ret = -1;
-#else
-		ret=0;
-#endif
-		}
-		break;
-	case BIO_CTRL_GET_CALLBACK:
-		{
-		int (**fptr)(const BIO *bio,int state,int xret);
-
-		fptr=(int (**)(const BIO *bio,int state,int xret))ptr;
-		*fptr=data->info_callback;
-		}
-		break;
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-	BIO_CONNECT *data;
-
-	data=(BIO_CONNECT *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_SET_CALLBACK:
-		{
-		data->info_callback=(int (*)(const struct bio_st *, int, int))fp;
-		}
-		break;
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static int conn_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=conn_write(bp,str,n);
-	return(ret);
-	}
-
-BIO *BIO_new_connect(char *str)
-	{
-	BIO *ret;
-
-	ret=BIO_new(BIO_s_connect());
-	if (ret == NULL) return(NULL);
-	if (BIO_set_conn_hostname(ret,str))
-		return(ret);
-	else
-		{
-		BIO_free(ret);
-		return(NULL);
-		}
-	}
-
-#endif
-
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
deleted file mode 100644
index 0decf9449b..0000000000
--- a/crypto/bio/bss_dgram.c
+++ /dev/null
@@ -1,1960 +0,0 @@
-/* crypto/bio/bio_dgram.c */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-
-#include <openssl/bio.h>
-#ifndef OPENSSL_NO_DGRAM
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
-#include <sys/timeb.h>
-#endif
-
-#ifndef OPENSSL_NO_SCTP
-#include <netinet/sctp.h>
-#include <fcntl.h>
-#define OPENSSL_SCTP_DATA_CHUNK_TYPE            0x00
-#define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
-#endif
-
-#if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
-#define IP_MTU      14 /* linux is lame */
-#endif
-
-#if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
-/* Standard definition causes type-punning problems. */
-#undef IN6_IS_ADDR_V4MAPPED
-#define s6_addr32 __u6_addr.__u6_addr32
-#define IN6_IS_ADDR_V4MAPPED(a)               \
-        (((a)->s6_addr32[0] == 0) &&          \
-         ((a)->s6_addr32[1] == 0) &&          \
-         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
-#endif
-
-#ifdef WATT32
-#define sock_write SockWrite  /* Watt-32 uses same names */
-#define sock_read  SockRead
-#define sock_puts  SockPuts
-#endif
-
-static int dgram_write(BIO *h, const char *buf, int num);
-static int dgram_read(BIO *h, char *buf, int size);
-static int dgram_puts(BIO *h, const char *str);
-static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int dgram_new(BIO *h);
-static int dgram_free(BIO *data);
-static int dgram_clear(BIO *bio);
-
-#ifndef OPENSSL_NO_SCTP
-static int dgram_sctp_write(BIO *h, const char *buf, int num);
-static int dgram_sctp_read(BIO *h, char *buf, int size);
-static int dgram_sctp_puts(BIO *h, const char *str);
-static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int dgram_sctp_new(BIO *h);
-static int dgram_sctp_free(BIO *data);
-#ifdef SCTP_AUTHENTICATION_EVENT
-static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp);
-#endif
-#endif
-
-static int BIO_dgram_should_retry(int s);
-
-static void get_current_time(struct timeval *t);
-
-static BIO_METHOD methods_dgramp=
-	{
-	BIO_TYPE_DGRAM,
-	"datagram socket",
-	dgram_write,
-	dgram_read,
-	dgram_puts,
-	NULL, /* dgram_gets, */
-	dgram_ctrl,
-	dgram_new,
-	dgram_free,
-	NULL,
-	};
-
-#ifndef OPENSSL_NO_SCTP
-static BIO_METHOD methods_dgramp_sctp=
-	{
-	BIO_TYPE_DGRAM_SCTP,
-	"datagram sctp socket",
-	dgram_sctp_write,
-	dgram_sctp_read,
-	dgram_sctp_puts,
-	NULL, /* dgram_gets, */
-	dgram_sctp_ctrl,
-	dgram_sctp_new,
-	dgram_sctp_free,
-	NULL,
-	};
-#endif
-
-typedef struct bio_dgram_data_st
-	{
-	union {
-		struct sockaddr sa;
-		struct sockaddr_in sa_in;
-#if OPENSSL_USE_IPV6
-		struct sockaddr_in6 sa_in6;
-#endif
-	} peer;
-	unsigned int connected;
-	unsigned int _errno;
-	unsigned int mtu;
-	struct timeval next_timeout;
-	struct timeval socket_timeout;
-	} bio_dgram_data;
-
-#ifndef OPENSSL_NO_SCTP
-typedef struct bio_dgram_sctp_save_message_st
-	{
-        BIO *bio;
-        char *data;
-        int length;
-	} bio_dgram_sctp_save_message;
-
-typedef struct bio_dgram_sctp_data_st
-	{
-	union {
-		struct sockaddr sa;
-		struct sockaddr_in sa_in;
-#if OPENSSL_USE_IPV6
-		struct sockaddr_in6 sa_in6;
-#endif
-	} peer;
-	unsigned int connected;
-	unsigned int _errno;
-	unsigned int mtu;
-	struct bio_dgram_sctp_sndinfo sndinfo;
-	struct bio_dgram_sctp_rcvinfo rcvinfo;
-	struct bio_dgram_sctp_prinfo prinfo;
-	void (*handle_notifications)(BIO *bio, void *context, void *buf);
-	void* notification_context;
-	int in_handshake;
-	int ccs_rcvd;
-	int ccs_sent;
-	int save_shutdown;
-	int peer_auth_tested;
-	bio_dgram_sctp_save_message saved_message;
-	} bio_dgram_sctp_data;
-#endif
-
-BIO_METHOD *BIO_s_datagram(void)
-	{
-	return(&methods_dgramp);
-	}
-
-BIO *BIO_new_dgram(int fd, int close_flag)
-	{
-	BIO *ret;
-
-	ret=BIO_new(BIO_s_datagram());
-	if (ret == NULL) return(NULL);
-	BIO_set_fd(ret,fd,close_flag);
-	return(ret);
-	}
-
-static int dgram_new(BIO *bi)
-	{
-	bio_dgram_data *data = NULL;
-
-	bi->init=0;
-	bi->num=0;
-	data = OPENSSL_malloc(sizeof(bio_dgram_data));
-	if (data == NULL)
-		return 0;
-	memset(data, 0x00, sizeof(bio_dgram_data));
-    bi->ptr = data;
-
-	bi->flags=0;
-	return(1);
-	}
-
-static int dgram_free(BIO *a)
-	{
-	bio_dgram_data *data;
-
-	if (a == NULL) return(0);
-	if ( ! dgram_clear(a))
-		return 0;
-
-	data = (bio_dgram_data *)a->ptr;
-	if(data != NULL) OPENSSL_free(data);
-
-	return(1);
-	}
-
-static int dgram_clear(BIO *a)
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if (a->init)
-			{
-			SHUTDOWN2(a->num);
-			}
-		a->init=0;
-		a->flags=0;
-		}
-	return(1);
-	}
-
-static void dgram_adjust_rcv_timeout(BIO *b)
-	{
-#if defined(SO_RCVTIMEO)
-	bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-	union { size_t s; int i; } sz = {0};
-
-	/* Is a timer active? */
-	if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
-		{
-		struct timeval timenow, timeleft;
-
-		/* Read current socket timeout */
-#ifdef OPENSSL_SYS_WINDOWS
-		int timeout;
-
-		sz.i = sizeof(timeout);
-		if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-					   (void*)&timeout, &sz.i) < 0)
-			{ perror("getsockopt"); }
-		else
-			{
-			data->socket_timeout.tv_sec = timeout / 1000;
-			data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
-			}
-#else
-		sz.i = sizeof(data->socket_timeout);
-		if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
-						&(data->socket_timeout), (void *)&sz) < 0)
-			{ perror("getsockopt"); }
-		else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
-			OPENSSL_assert(sz.s<=sizeof(data->socket_timeout));
-#endif
-
-		/* Get current time */
-		get_current_time(&timenow);
-
-		/* Calculate time left until timer expires */
-		memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
-		timeleft.tv_sec -= timenow.tv_sec;
-		timeleft.tv_usec -= timenow.tv_usec;
-		if (timeleft.tv_usec < 0)
-			{
-			timeleft.tv_sec--;
-			timeleft.tv_usec += 1000000;
-			}
-
-		if (timeleft.tv_sec < 0)
-			{
-			timeleft.tv_sec = 0;
-			timeleft.tv_usec = 1;
-			}
-
-		/* Adjust socket timeout if next handhake message timer
-		 * will expire earlier.
-		 */
-		if ((data->socket_timeout.tv_sec == 0 && data->socket_timeout.tv_usec == 0) ||
-			(data->socket_timeout.tv_sec > timeleft.tv_sec) ||
-			(data->socket_timeout.tv_sec == timeleft.tv_sec &&
-			 data->socket_timeout.tv_usec >= timeleft.tv_usec))
-			{
-#ifdef OPENSSL_SYS_WINDOWS
-			timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
-			if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-						   (void*)&timeout, sizeof(timeout)) < 0)
-				{ perror("setsockopt"); }
-#else
-			if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
-							sizeof(struct timeval)) < 0)
-				{ perror("setsockopt"); }
-#endif
-			}
-		}
-#endif
-	}
-
-static void dgram_reset_rcv_timeout(BIO *b)
-	{
-#if defined(SO_RCVTIMEO)
-	bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-
-	/* Is a timer active? */
-	if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
-		{
-#ifdef OPENSSL_SYS_WINDOWS
-		int timeout = data->socket_timeout.tv_sec * 1000 +
-					  data->socket_timeout.tv_usec / 1000;
-		if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-					   (void*)&timeout, sizeof(timeout)) < 0)
-			{ perror("setsockopt"); }
-#else
-		if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
-						sizeof(struct timeval)) < 0)
-			{ perror("setsockopt"); }
-#endif
-		}
-#endif
-	}
-
-static int dgram_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
-	bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-
-	struct	{
-	/*
-	 * See commentary in b_sock.c. <appro>
-	 */
-	union	{ size_t s; int i; } len;
-	union	{
-		struct sockaddr sa;
-		struct sockaddr_in sa_in;
-#if OPENSSL_USE_IPV6
-		struct sockaddr_in6 sa_in6;
-#endif
-		} peer;
-	} sa;
-
-	sa.len.s=0;
-	sa.len.i=sizeof(sa.peer);
-
-	if (out != NULL)
-		{
-		clear_socket_error();
-		memset(&sa.peer, 0x00, sizeof(sa.peer));
-		dgram_adjust_rcv_timeout(b);
-		ret=recvfrom(b->num,out,outl,0,&sa.peer.sa,(void *)&sa.len);
-		if (sizeof(sa.len.i)!=sizeof(sa.len.s) && sa.len.i==0)
-			{
-			OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
-			sa.len.i = (int)sa.len.s;
-			}
-
-		if ( ! data->connected  && ret >= 0)
-			BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
-
-		BIO_clear_retry_flags(b);
-		if (ret < 0)
-			{
-			if (BIO_dgram_should_retry(ret))
-				{
-				BIO_set_retry_read(b);
-				data->_errno = get_last_socket_error();
-				}
-			}
-
-		dgram_reset_rcv_timeout(b);
-		}
-	return(ret);
-	}
-
-static int dgram_write(BIO *b, const char *in, int inl)
-	{
-	int ret;
-	bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-	clear_socket_error();
-
-	if ( data->connected )
-		ret=writesocket(b->num,in,inl);
-	else
-		{
-		int peerlen = sizeof(data->peer);
-
-		if (data->peer.sa.sa_family == AF_INET)
-			peerlen = sizeof(data->peer.sa_in);
-#if OPENSSL_USE_IPV6
-		else if (data->peer.sa.sa_family == AF_INET6)
-			peerlen = sizeof(data->peer.sa_in6);
-#endif
-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
-		ret=sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen);
-#else
-		ret=sendto(b->num, in, inl, 0, &data->peer.sa, peerlen);
-#endif
-		}
-
-	BIO_clear_retry_flags(b);
-	if (ret <= 0)
-		{
-		if (BIO_dgram_should_retry(ret))
-			{
-			BIO_set_retry_write(b);  
-			data->_errno = get_last_socket_error();
-
-#if 0 /* higher layers are responsible for querying MTU, if necessary */
-			if ( data->_errno == EMSGSIZE)
-				/* retrieve the new MTU */
-				BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-#endif
-			}
-		}
-	return(ret);
-	}
-
-static long dgram_get_mtu_overhead(bio_dgram_data *data)
-	{
-	long ret;
-
-	switch (data->peer.sa.sa_family)
-		{
-		case AF_INET:
-			/* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
-			ret = 28;
-			break;
-#if OPENSSL_USE_IPV6
-		case AF_INET6:
-#ifdef IN6_IS_ADDR_V4MAPPED
-			if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
-				/* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
-				ret = 28;
-			else
-#endif
-				/* Assume this is UDP - 40 bytes for IP, 8 bytes for UDP */
-				ret = 48;
-			break;
-#endif
-		default:
-			/* We don't know. Go with the historical default */
-			ret = 28;
-			break;
-		}
-	return ret;
-	}
-
-static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret=1;
-	int *ip;
-	struct sockaddr *to = NULL;
-	bio_dgram_data *data = NULL;
-#if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
-	int sockopt_val = 0;
-	socklen_t sockopt_len;	/* assume that system supporting IP_MTU is
-				 * modern enough to define socklen_t */
-	socklen_t addr_len;
-	union	{
-		struct sockaddr	sa;
-		struct sockaddr_in s4;
-#if OPENSSL_USE_IPV6
-		struct sockaddr_in6 s6;
-#endif
-		} addr;
-#endif
-
-	data = (bio_dgram_data *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		num=0;
-	case BIO_C_FILE_SEEK:
-		ret=0;
-		break;
-	case BIO_C_FILE_TELL:
-	case BIO_CTRL_INFO:
-		ret=0;
-		break;
-	case BIO_C_SET_FD:
-		dgram_clear(b);
-		b->num= *((int *)ptr);
-		b->shutdown=(int)num;
-		b->init=1;
-		break;
-	case BIO_C_GET_FD:
-		if (b->init)
-			{
-			ip=(int *)ptr;
-			if (ip != NULL) *ip=b->num;
-			ret=b->num;
-			}
-		else
-			ret= -1;
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_WPENDING:
-		ret=0;
-		break;
-	case BIO_CTRL_DUP:
-	case BIO_CTRL_FLUSH:
-		ret=1;
-		break;
-	case BIO_CTRL_DGRAM_CONNECT:
-		to = (struct sockaddr *)ptr;
-#if 0
-		if (connect(b->num, to, sizeof(struct sockaddr)) < 0)
-			{ perror("connect"); ret = 0; }
-		else
-			{
-#endif
-			switch (to->sa_family)
-				{
-				case AF_INET:
-					memcpy(&data->peer,to,sizeof(data->peer.sa_in));
-					break;
-#if OPENSSL_USE_IPV6
-				case AF_INET6:
-					memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
-					break;
-#endif
-				default:
-					memcpy(&data->peer,to,sizeof(data->peer.sa));
-					break;
-				}
-#if 0
-			}
-#endif
-		break;
-		/* (Linux)kernel sets DF bit on outgoing IP packets */
-	case BIO_CTRL_DGRAM_MTU_DISCOVER:
-#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
-		addr_len = (socklen_t)sizeof(addr);
-		memset((void *)&addr, 0, sizeof(addr));
-		if (getsockname(b->num, &addr.sa, &addr_len) < 0)
-			{
-			ret = 0;
-			break;
-			}
-		switch (addr.sa.sa_family)
-			{
-		case AF_INET:
-			sockopt_val = IP_PMTUDISC_DO;
-			if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
-				&sockopt_val, sizeof(sockopt_val))) < 0)
-				perror("setsockopt");
-			break;
-#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
-		case AF_INET6:
-			sockopt_val = IPV6_PMTUDISC_DO;
-			if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
-				&sockopt_val, sizeof(sockopt_val))) < 0)
-				perror("setsockopt");
-			break;
-#endif
-		default:
-			ret = -1;
-			break;
-			}
-		ret = -1;
-#else
-		break;
-#endif
-	case BIO_CTRL_DGRAM_QUERY_MTU:
-#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
-		addr_len = (socklen_t)sizeof(addr);
-		memset((void *)&addr, 0, sizeof(addr));
-		if (getsockname(b->num, &addr.sa, &addr_len) < 0)
-			{
-			ret = 0;
-			break;
-			}
-		sockopt_len = sizeof(sockopt_val);
-		switch (addr.sa.sa_family)
-			{
-		case AF_INET:
-			if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
-				&sockopt_len)) < 0 || sockopt_val < 0)
-				{
-				ret = 0;
-				}
-			else
-				{
-				/* we assume that the transport protocol is UDP and no
-				 * IP options are used.
-				 */
-				data->mtu = sockopt_val - 8 - 20;
-				ret = data->mtu;
-				}
-			break;
-#if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
-		case AF_INET6:
-			if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val,
-				&sockopt_len)) < 0 || sockopt_val < 0)
-				{
-				ret = 0;
-				}
-			else
-				{
-				/* we assume that the transport protocol is UDP and no
-				 * IPV6 options are used.
-				 */
-				data->mtu = sockopt_val - 8 - 40;
-				ret = data->mtu;
-				}
-			break;
-#endif
-		default:
-			ret = 0;
-			break;
-			}
-#else
-		ret = 0;
-#endif
-		break;
-	case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
-		ret = -dgram_get_mtu_overhead(data);
-		switch (data->peer.sa.sa_family)
-			{
-			case AF_INET:
-				ret += 576;
-				break;
-#if OPENSSL_USE_IPV6
-			case AF_INET6:
-#ifdef IN6_IS_ADDR_V4MAPPED
-				if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
-					ret += 576;
-				else
-#endif
-					ret += 1280;
-				break;
-#endif
-			default:
-				ret += 576;
-				break;
-			}
-		break;
-	case BIO_CTRL_DGRAM_GET_MTU:
-		return data->mtu;
-		break;
-	case BIO_CTRL_DGRAM_SET_MTU:
-		data->mtu = num;
-		ret = num;
-		break;
-	case BIO_CTRL_DGRAM_SET_CONNECTED:
-		to = (struct sockaddr *)ptr;
-
-		if ( to != NULL)
-			{
-			data->connected = 1;
-			switch (to->sa_family)
-				{
-				case AF_INET:
-					memcpy(&data->peer,to,sizeof(data->peer.sa_in));
-					break;
-#if OPENSSL_USE_IPV6
-				case AF_INET6:
-					memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
-					break;
-#endif
-				default:
-					memcpy(&data->peer,to,sizeof(data->peer.sa));
-					break;
-				}
-			}
-		else
-			{
-			data->connected = 0;
-			memset(&(data->peer), 0x00, sizeof(data->peer));
-			}
-		break;
-	case BIO_CTRL_DGRAM_GET_PEER:
-		switch (data->peer.sa.sa_family)
-			{
-			case AF_INET:
-				ret=sizeof(data->peer.sa_in);
-				break;
-#if OPENSSL_USE_IPV6
-			case AF_INET6:
-				ret=sizeof(data->peer.sa_in6);
-				break;
-#endif
-			default:
-				ret=sizeof(data->peer.sa);
-				break;
-			}
-		if (num==0 || num>ret)
-			num=ret;
-		memcpy(ptr,&data->peer,(ret=num));
-		break;
-	case BIO_CTRL_DGRAM_SET_PEER:
-		to = (struct sockaddr *) ptr;
-		switch (to->sa_family)
-			{
-			case AF_INET:
-				memcpy(&data->peer,to,sizeof(data->peer.sa_in));
-				break;
-#if OPENSSL_USE_IPV6
-			case AF_INET6:
-				memcpy(&data->peer,to,sizeof(data->peer.sa_in6));
-				break;
-#endif
-			default:
-				memcpy(&data->peer,to,sizeof(data->peer.sa));
-				break;
-			}
-		break;
-	case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
-		memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
-		break;
-#if defined(SO_RCVTIMEO)
-	case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
-		{
-		struct timeval *tv = (struct timeval *)ptr;
-		int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000;
-		if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-			(void*)&timeout, sizeof(timeout)) < 0)
-			{ perror("setsockopt"); ret = -1; }
-		}
-#else
-		if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
-			sizeof(struct timeval)) < 0)
-			{ perror("setsockopt");	ret = -1; }
-#endif
-		break;
-	case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
-		{
-		union { size_t s; int i; } sz = {0};
-#ifdef OPENSSL_SYS_WINDOWS
-		int timeout;
-		struct timeval *tv = (struct timeval *)ptr;
-
-		sz.i = sizeof(timeout);
-		if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-			(void*)&timeout, &sz.i) < 0)
-			{ perror("getsockopt"); ret = -1; }
-		else
-			{
-			tv->tv_sec = timeout / 1000;
-			tv->tv_usec = (timeout % 1000) * 1000;
-			ret = sizeof(*tv);
-			}
-#else
-		sz.i = sizeof(struct timeval);
-		if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
-			ptr, (void *)&sz) < 0)
-			{ perror("getsockopt"); ret = -1; }
-		else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
-			{
-			OPENSSL_assert(sz.s<=sizeof(struct timeval));
-			ret = (int)sz.s;
-			}
-		else
-			ret = sz.i;
-#endif
-		}
-		break;
-#endif
-#if defined(SO_SNDTIMEO)
-	case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
-		{
-		struct timeval *tv = (struct timeval *)ptr;
-		int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000;
-		if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-			(void*)&timeout, sizeof(timeout)) < 0)
-			{ perror("setsockopt"); ret = -1; }
-		}
-#else
-		if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
-			sizeof(struct timeval)) < 0)
-			{ perror("setsockopt");	ret = -1; }
-#endif
-		break;
-	case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
-		{
-		union { size_t s; int i; } sz = {0};
-#ifdef OPENSSL_SYS_WINDOWS
-		int timeout;
-		struct timeval *tv = (struct timeval *)ptr;
-
-		sz.i = sizeof(timeout);
-		if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-			(void*)&timeout, &sz.i) < 0)
-			{ perror("getsockopt"); ret = -1; }
-		else
-			{
-			tv->tv_sec = timeout / 1000;
-			tv->tv_usec = (timeout % 1000) * 1000;
-			ret = sizeof(*tv);
-			}
-#else
-		sz.i = sizeof(struct timeval);
-		if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 
-			ptr, (void *)&sz) < 0)
-			{ perror("getsockopt"); ret = -1; }
-		else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
-			{
-			OPENSSL_assert(sz.s<=sizeof(struct timeval));
-			ret = (int)sz.s;
-			}
-		else
-			ret = sz.i;
-#endif
-		}
-		break;
-#endif
-	case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
-		/* fall-through */
-	case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
-#ifdef OPENSSL_SYS_WINDOWS
-		if ( data->_errno == WSAETIMEDOUT)
-#else
-		if ( data->_errno == EAGAIN)
-#endif
-			{
-			ret = 1;
-			data->_errno = 0;
-			}
-		else
-			ret = 0;
-		break;
-#ifdef EMSGSIZE
-	case BIO_CTRL_DGRAM_MTU_EXCEEDED:
-		if ( data->_errno == EMSGSIZE)
-			{
-			ret = 1;
-			data->_errno = 0;
-			}
-		else
-			ret = 0;
-		break;
-#endif
-	case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
-		ret = dgram_get_mtu_overhead(data);
-		break;
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static int dgram_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=dgram_write(bp,str,n);
-	return(ret);
-	}
-
-#ifndef OPENSSL_NO_SCTP
-BIO_METHOD *BIO_s_datagram_sctp(void)
-	{
-	return(&methods_dgramp_sctp);
-	}
-
-BIO *BIO_new_dgram_sctp(int fd, int close_flag)
-	{
-	BIO *bio;
-	int ret, optval = 20000;
-	int auth_data = 0, auth_forward = 0;
-	unsigned char *p;
-	struct sctp_authchunk auth;
-	struct sctp_authchunks *authchunks;
-	socklen_t sockopt_len;
-#ifdef SCTP_AUTHENTICATION_EVENT
-#ifdef SCTP_EVENT
-	struct sctp_event event;
-#else
-	struct sctp_event_subscribe event;
-#endif
-#endif
-
-	bio=BIO_new(BIO_s_datagram_sctp());
-	if (bio == NULL) return(NULL);
-	BIO_set_fd(bio,fd,close_flag);
-
-	/* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
-	auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
-	ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk));
-	if (ret < 0)
-		{
-		BIO_vfree(bio);
-		return(NULL);
-		}
-	auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
-	ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk));
-	if (ret < 0)
-		{
-		BIO_vfree(bio);
-		return(NULL);
-		}
-
-	/* Test if activation was successful. When using accept(),
-	 * SCTP-AUTH has to be activated for the listening socket
-	 * already, otherwise the connected socket won't use it. */
-	sockopt_len = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
-	authchunks = OPENSSL_malloc(sockopt_len);
-	memset(authchunks, 0, sizeof(sockopt_len));
-	ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
-
-	if (ret < 0)
-		{
-		OPENSSL_free(authchunks);
-		BIO_vfree(bio);
-		return(NULL);
-		}
-
-	for (p = (unsigned char*) authchunks->gauth_chunks;
-	     p < (unsigned char*) authchunks + sockopt_len;
-	     p += sizeof(uint8_t))
-		{
-		if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) auth_data = 1;
-		if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) auth_forward = 1;
-		}
-		
-	OPENSSL_free(authchunks);
-
-	OPENSSL_assert(auth_data);
-	OPENSSL_assert(auth_forward);
-
-#ifdef SCTP_AUTHENTICATION_EVENT
-#ifdef SCTP_EVENT
-	memset(&event, 0, sizeof(struct sctp_event));
-	event.se_assoc_id = 0;
-	event.se_type = SCTP_AUTHENTICATION_EVENT;
-	event.se_on = 1;
-	ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
-	if (ret < 0)
-		{
-		BIO_vfree(bio);
-		return(NULL);
-		}
-#else
-	sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
-	ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
-	if (ret < 0)
-		{
-		BIO_vfree(bio);
-		return(NULL);
-		}
-
-	event.sctp_authentication_event = 1;
-
-	ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
-	if (ret < 0)
-		{
-		BIO_vfree(bio);
-		return(NULL);
-		}
-#endif
-#endif
-
-	/* Disable partial delivery by setting the min size
-	 * larger than the max record size of 2^14 + 2048 + 13
-	 */
-	ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, sizeof(optval));
-	if (ret < 0)
-		{
-		BIO_vfree(bio);
-		return(NULL);
-		}
-
-	return(bio);
-	}
-
-int BIO_dgram_is_sctp(BIO *bio)
-	{
-	return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
-	}
-
-static int dgram_sctp_new(BIO *bi)
-	{
-	bio_dgram_sctp_data *data = NULL;
-
-	bi->init=0;
-	bi->num=0;
-	data = OPENSSL_malloc(sizeof(bio_dgram_sctp_data));
-	if (data == NULL)
-		return 0;
-	memset(data, 0x00, sizeof(bio_dgram_sctp_data));
-#ifdef SCTP_PR_SCTP_NONE
-	data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
-#endif
-    bi->ptr = data;
-
-	bi->flags=0;
-	return(1);
-	}
-
-static int dgram_sctp_free(BIO *a)
-	{
-	bio_dgram_sctp_data *data;
-
-	if (a == NULL) return(0);
-	if ( ! dgram_clear(a))
-		return 0;
-
-	data = (bio_dgram_sctp_data *)a->ptr;
-	if(data != NULL)
-		{
-		if(data->saved_message.data != NULL)
-			OPENSSL_free(data->saved_message.data);
-		OPENSSL_free(data);
-		}
-
-	return(1);
-	}
-
-#ifdef SCTP_AUTHENTICATION_EVENT
-void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp)
-	{
-	int ret;
-	struct sctp_authkey_event* authkeyevent = &snp->sn_auth_event;
-
-	if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY)
-		{
-		struct sctp_authkeyid authkeyid;
-
-		/* delete key */
-		authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
-		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
-		      &authkeyid, sizeof(struct sctp_authkeyid));
-		}
-	}
-#endif
-
-static int dgram_sctp_read(BIO *b, char *out, int outl)
-	{
-	int ret = 0, n = 0, i, optval;
-	socklen_t optlen;
-	bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
-	union sctp_notification *snp;
-	struct msghdr msg;
-	struct iovec iov;
-	struct cmsghdr *cmsg;
-	char cmsgbuf[512];
-
-	if (out != NULL)
-		{
-		clear_socket_error();
-
-		do
-			{
-			memset(&data->rcvinfo, 0x00, sizeof(struct bio_dgram_sctp_rcvinfo));
-			iov.iov_base = out;
-			iov.iov_len = outl;
-			msg.msg_name = NULL;
-			msg.msg_namelen = 0;
-			msg.msg_iov = &iov;
-			msg.msg_iovlen = 1;
-			msg.msg_control = cmsgbuf;
-			msg.msg_controllen = 512;
-			msg.msg_flags = 0;
-			n = recvmsg(b->num, &msg, 0);
-
-			if (n <= 0)
-				{
-				if (n < 0)
-					ret = n;
-				break;
-				}
-
-			if (msg.msg_controllen > 0)
-				{
-				for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
-					{
-					if (cmsg->cmsg_level != IPPROTO_SCTP)
-						continue;
-#ifdef SCTP_RCVINFO
-					if (cmsg->cmsg_type == SCTP_RCVINFO)
-						{
-						struct sctp_rcvinfo *rcvinfo;
-
-						rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
-						data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
-						data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
-						data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
-						data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
-						data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
-						data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
-						data->rcvinfo.rcv_context = rcvinfo->rcv_context;
-						}
-#endif
-#ifdef SCTP_SNDRCV
-					if (cmsg->cmsg_type == SCTP_SNDRCV)
-						{
-						struct sctp_sndrcvinfo *sndrcvinfo;
-
-						sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
-						data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
-						data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
-						data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
-						data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
-						data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
-						data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
-						data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
-						}
-#endif
-					}
-				}
-
-			if (msg.msg_flags & MSG_NOTIFICATION)
-				{
-				snp = (union sctp_notification*) out;
-				if (snp->sn_header.sn_type == SCTP_SENDER_DRY_EVENT)
-					{
-#ifdef SCTP_EVENT
-					struct sctp_event event;
-#else
-					struct sctp_event_subscribe event;
-					socklen_t eventsize;
-#endif
-					/* If a message has been delayed until the socket
-					 * is dry, it can be sent now.
-					 */
-					if (data->saved_message.length > 0)
-						{
-						dgram_sctp_write(data->saved_message.bio, data->saved_message.data,
-						                 data->saved_message.length);
-						OPENSSL_free(data->saved_message.data);
-						data->saved_message.data = NULL;
-						data->saved_message.length = 0;
-						}
-
-					/* disable sender dry event */
-#ifdef SCTP_EVENT
-					memset(&event, 0, sizeof(struct sctp_event));
-					event.se_assoc_id = 0;
-					event.se_type = SCTP_SENDER_DRY_EVENT;
-					event.se_on = 0;
-					i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
-					if (i < 0)
-						{
-						ret = i;
-						break;
-						}
-#else
-					eventsize = sizeof(struct sctp_event_subscribe);
-					i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
-					if (i < 0)
-						{
-						ret = i;
-						break;
-						}
-
-					event.sctp_sender_dry_event = 0;
-
-					i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
-					if (i < 0)
-						{
-						ret = i;
-						break;
-						}
-#endif
-					}
-
-#ifdef SCTP_AUTHENTICATION_EVENT
-				if (snp->sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
-					dgram_sctp_handle_auth_free_key_event(b, snp);
-#endif
-
-				if (data->handle_notifications != NULL)
-					data->handle_notifications(b, data->notification_context, (void*) out);
-
-				memset(out, 0, outl);
-				}
-			else
-				ret += n;
-			}
-		while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR) && (ret < outl));
-
-		if (ret > 0 && !(msg.msg_flags & MSG_EOR))
-			{
-			/* Partial message read, this should never happen! */
-
-			/* The buffer was too small, this means the peer sent
-			 * a message that was larger than allowed. */
-			if (ret == outl)
-				return -1;
-
-			/* Test if socket buffer can handle max record
-			 * size (2^14 + 2048 + 13)
-			 */
-			optlen = (socklen_t) sizeof(int);
-			ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
-			if (ret >= 0)
-				OPENSSL_assert(optval >= 18445);
-
-			/* Test if SCTP doesn't partially deliver below
-			 * max record size (2^14 + 2048 + 13)
-			 */
-			optlen = (socklen_t) sizeof(int);
-			ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
-			                 &optval, &optlen);
-			if (ret >= 0)
-				OPENSSL_assert(optval >= 18445);
-
-			/* Partially delivered notification??? Probably a bug.... */
-			OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
-
-			/* Everything seems ok till now, so it's most likely
-			 * a message dropped by PR-SCTP.
-			 */
-			memset(out, 0, outl);
-			BIO_set_retry_read(b);
-			return -1;
-			}
-
-		BIO_clear_retry_flags(b);
-		if (ret < 0)
-			{
-			if (BIO_dgram_should_retry(ret))
-				{
-				BIO_set_retry_read(b);
-				data->_errno = get_last_socket_error();
-				}
-			}
-
-		/* Test if peer uses SCTP-AUTH before continuing */
-		if (!data->peer_auth_tested)
-			{
-			int ii, auth_data = 0, auth_forward = 0;
-			unsigned char *p;
-			struct sctp_authchunks *authchunks;
-
-			optlen = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
-			authchunks = OPENSSL_malloc(optlen);
-			memset(authchunks, 0, sizeof(optlen));
-			ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
-
-			if (ii >= 0)
-				for (p = (unsigned char*) authchunks->gauth_chunks;
-				     p < (unsigned char*) authchunks + optlen;
-				     p += sizeof(uint8_t))
-					{
-					if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) auth_data = 1;
-					if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) auth_forward = 1;
-					}
-
-			OPENSSL_free(authchunks);
-
-			if (!auth_data || !auth_forward)
-				{
-				BIOerr(BIO_F_DGRAM_SCTP_READ,BIO_R_CONNECT_ERROR);
-				return -1;
-				}
-
-			data->peer_auth_tested = 1;
-			}
-		}
-	return(ret);
-	}
-
-static int dgram_sctp_write(BIO *b, const char *in, int inl)
-	{
-	int ret;
-	bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
-	struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
-	struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
-	struct bio_dgram_sctp_sndinfo handshake_sinfo;
-	struct iovec iov[1];
-	struct msghdr msg;
-	struct cmsghdr *cmsg;
-#if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
-	char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + CMSG_SPACE(sizeof(struct sctp_prinfo))];
-	struct sctp_sndinfo *sndinfo;
-	struct sctp_prinfo *prinfo;
-#else
-	char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
-	struct sctp_sndrcvinfo *sndrcvinfo;
-#endif
-
-	clear_socket_error();
-
-	/* If we're send anything else than application data,
-	 * disable all user parameters and flags.
-	 */
-	if (in[0] != 23) {
-		memset(&handshake_sinfo, 0x00, sizeof(struct bio_dgram_sctp_sndinfo));
-#ifdef SCTP_SACK_IMMEDIATELY
-		handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
-#endif
-		sinfo = &handshake_sinfo;
-	}
-
-	/* If we have to send a shutdown alert message and the
-	 * socket is not dry yet, we have to save it and send it
-	 * as soon as the socket gets dry.
-	 */
-	if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b))
-	{
-		data->saved_message.bio = b;
-		if (data->saved_message.data)
-			OPENSSL_free(data->saved_message.data);
-		data->saved_message.data = OPENSSL_malloc(inl);
-		memcpy(data->saved_message.data, in, inl);
-		data->saved_message.length = inl;
-		return inl;
-	}
-
-	iov[0].iov_base = (char *)in;
-	iov[0].iov_len = inl;
-	msg.msg_name = NULL;
-	msg.msg_namelen = 0;
-	msg.msg_iov = iov;
-	msg.msg_iovlen = 1;
-	msg.msg_control = (caddr_t)cmsgbuf;
-	msg.msg_controllen = 0;
-	msg.msg_flags = 0;
-#if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
-	cmsg = (struct cmsghdr *)cmsgbuf;
-	cmsg->cmsg_level = IPPROTO_SCTP;
-	cmsg->cmsg_type = SCTP_SNDINFO;
-	cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
-	sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
-	memset(sndinfo, 0, sizeof(struct sctp_sndinfo));
-	sndinfo->snd_sid = sinfo->snd_sid;
-	sndinfo->snd_flags = sinfo->snd_flags;
-	sndinfo->snd_ppid = sinfo->snd_ppid;
-	sndinfo->snd_context = sinfo->snd_context;
-	msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
-
-	cmsg = (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
-	cmsg->cmsg_level = IPPROTO_SCTP;
-	cmsg->cmsg_type = SCTP_PRINFO;
-	cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
-	prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
-	memset(prinfo, 0, sizeof(struct sctp_prinfo));
-	prinfo->pr_policy = pinfo->pr_policy;
-	prinfo->pr_value = pinfo->pr_value;
-	msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
-#else
-	cmsg = (struct cmsghdr *)cmsgbuf;
-	cmsg->cmsg_level = IPPROTO_SCTP;
-	cmsg->cmsg_type = SCTP_SNDRCV;
-	cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
-	sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
-	memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo));
-	sndrcvinfo->sinfo_stream = sinfo->snd_sid;
-	sndrcvinfo->sinfo_flags = sinfo->snd_flags;
-#ifdef __FreeBSD__
-	sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
-#endif
-	sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
-	sndrcvinfo->sinfo_context = sinfo->snd_context;
-	sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
-	msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
-#endif
-
-	ret = sendmsg(b->num, &msg, 0);
-
-	BIO_clear_retry_flags(b);
-	if (ret <= 0)
-		{
-		if (BIO_dgram_should_retry(ret))
-			{
-			BIO_set_retry_write(b);  
-			data->_errno = get_last_socket_error();
-			}
-		}
-	return(ret);
-	}
-
-static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret=1;
-	bio_dgram_sctp_data *data = NULL;
-	socklen_t sockopt_len = 0;
-	struct sctp_authkeyid authkeyid;
-	struct sctp_authkey *authkey = NULL;
-
-	data = (bio_dgram_sctp_data *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_DGRAM_QUERY_MTU:
-		/* Set to maximum (2^14)
-		 * and ignore user input to enable transport
-		 * protocol fragmentation.
-		 * Returns always 2^14.
-		 */
-		data->mtu = 16384;
-		ret = data->mtu;
-		break;
-	case BIO_CTRL_DGRAM_SET_MTU:
-		/* Set to maximum (2^14)
-		 * and ignore input to enable transport
-		 * protocol fragmentation.
-		 * Returns always 2^14.
-		 */
-		data->mtu = 16384;
-		ret = data->mtu;
-		break;
-	case BIO_CTRL_DGRAM_SET_CONNECTED:
-	case BIO_CTRL_DGRAM_CONNECT:
-		/* Returns always -1. */
-		ret = -1;
-		break;
-	case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
-		/* SCTP doesn't need the DTLS timer
-		 * Returns always 1.
-		 */
-		break;
-	case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
-		/* We allow transport protocol fragmentation so this is irrelevant */
-		ret = 0;
-		break;
-	case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
-		if (num > 0)
-			data->in_handshake = 1;
-		else
-			data->in_handshake = 0;
-
-		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, &data->in_handshake, sizeof(int));
-		break;
-	case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
-		/* New shared key for SCTP AUTH.
-		 * Returns 0 on success, -1 otherwise.
-		 */
-
-		/* Get active key */
-		sockopt_len = sizeof(struct sctp_authkeyid);
-		ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
-		if (ret < 0) break;
-
-		/* Add new key */
-		sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
-		authkey = OPENSSL_malloc(sockopt_len);
-		if (authkey == NULL)
-			{
-			ret = -1;
-			break;
-			}
-		memset(authkey, 0x00, sockopt_len);
-		authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
-#ifndef __FreeBSD__
-		/* This field is missing in FreeBSD 8.2 and earlier,
-		 * and FreeBSD 8.3 and higher work without it.
-		 */
-		authkey->sca_keylength = 64;
-#endif
-		memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
-
-		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, sockopt_len);
-		OPENSSL_free(authkey);
-		authkey = NULL;
-		if (ret < 0) break;
-
-		/* Reset active key */
-		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
-		      &authkeyid, sizeof(struct sctp_authkeyid));
-		if (ret < 0) break;
-
-		break;
-	case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
-		/* Returns 0 on success, -1 otherwise. */
-
-		/* Get active key */
-		sockopt_len = sizeof(struct sctp_authkeyid);
-		ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
-		if (ret < 0) break;
-
-		/* Set active key */
-		authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
-		ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
-		      &authkeyid, sizeof(struct sctp_authkeyid));
-		if (ret < 0) break;
-
-		/* CCS has been sent, so remember that and fall through
-		 * to check if we need to deactivate an old key
-		 */
-		data->ccs_sent = 1;
-
-	case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
-		/* Returns 0 on success, -1 otherwise. */
-
-		/* Has this command really been called or is this just a fall-through? */
-		if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
-			data->ccs_rcvd = 1;
-
-		/* CSS has been both, received and sent, so deactivate an old key */
-		if (data->ccs_rcvd == 1 && data->ccs_sent == 1)
-			{
-			/* Get active key */
-			sockopt_len = sizeof(struct sctp_authkeyid);
-			ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
-			if (ret < 0) break;
-
-			/* Deactivate key or delete second last key if
-			 * SCTP_AUTHENTICATION_EVENT is not available.
-			 */
-			authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
-#ifdef SCTP_AUTH_DEACTIVATE_KEY
-			sockopt_len = sizeof(struct sctp_authkeyid);
-			ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
-			      &authkeyid, sockopt_len);
-			if (ret < 0) break;
-#endif
-#ifndef SCTP_AUTHENTICATION_EVENT
-			if (authkeyid.scact_keynumber > 0)
-				{
-				authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
-				ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
-					  &authkeyid, sizeof(struct sctp_authkeyid));
-				if (ret < 0) break;
-				}
-#endif
-
-			data->ccs_rcvd = 0;
-			data->ccs_sent = 0;
-			}
-		break;
-	case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
-		/* Returns the size of the copied struct. */
-		if (num > (long) sizeof(struct bio_dgram_sctp_sndinfo))
-			num = sizeof(struct bio_dgram_sctp_sndinfo);
-
-		memcpy(ptr, &(data->sndinfo), num);
-		ret = num;
-		break;
-	case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
-		/* Returns the size of the copied struct. */
-		if (num > (long) sizeof(struct bio_dgram_sctp_sndinfo))
-			num = sizeof(struct bio_dgram_sctp_sndinfo);
-
-		memcpy(&(data->sndinfo), ptr, num);
-		break;
-	case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
-		/* Returns the size of the copied struct. */
-		if (num > (long) sizeof(struct bio_dgram_sctp_rcvinfo))
-			num = sizeof(struct bio_dgram_sctp_rcvinfo);
-
-		memcpy(ptr, &data->rcvinfo, num);
-
-		ret = num;
-		break;
-	case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
-		/* Returns the size of the copied struct. */
-		if (num > (long) sizeof(struct bio_dgram_sctp_rcvinfo))
-			num = sizeof(struct bio_dgram_sctp_rcvinfo);
-
-		memcpy(&(data->rcvinfo), ptr, num);
-		break;
-	case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
-		/* Returns the size of the copied struct. */
-		if (num > (long) sizeof(struct bio_dgram_sctp_prinfo))
-			num = sizeof(struct bio_dgram_sctp_prinfo);
-
-		memcpy(ptr, &(data->prinfo), num);
-		ret = num;
-		break;
-	case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
-		/* Returns the size of the copied struct. */
-		if (num > (long) sizeof(struct bio_dgram_sctp_prinfo))
-			num = sizeof(struct bio_dgram_sctp_prinfo);
-
-		memcpy(&(data->prinfo), ptr, num);
-		break;
-	case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
-		/* Returns always 1. */
-		if (num > 0)
-			data->save_shutdown = 1;
-		else
-			data->save_shutdown = 0;
-		break;
-
-	default:
-		/* Pass to default ctrl function to
-		 * process SCTP unspecific commands
-		 */
-		ret=dgram_ctrl(b, cmd, num, ptr);
-		break;
-		}
-	return(ret);
-	}
-
-int BIO_dgram_sctp_notification_cb(BIO *b,
-                                   void (*handle_notifications)(BIO *bio, void *context, void *buf),
-                                   void *context)
-	{
-	bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
-
-	if (handle_notifications != NULL)
-		{
-		data->handle_notifications = handle_notifications;
-		data->notification_context = context;
-		}
-	else
-		return -1;
-
-	return 0;
-	}
-
-int BIO_dgram_sctp_wait_for_dry(BIO *b)
-{
-	int is_dry = 0;
-	int n, sockflags, ret;
-	union sctp_notification snp;
-	struct msghdr msg;
-	struct iovec iov;
-#ifdef SCTP_EVENT
-	struct sctp_event event;
-#else
-	struct sctp_event_subscribe event;
-	socklen_t eventsize;
-#endif
-	bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
-
-	/* set sender dry event */
-#ifdef SCTP_EVENT
-	memset(&event, 0, sizeof(struct sctp_event));
-	event.se_assoc_id = 0;
-	event.se_type = SCTP_SENDER_DRY_EVENT;
-	event.se_on = 1;
-	ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
-#else
-	eventsize = sizeof(struct sctp_event_subscribe);
-	ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
-	if (ret < 0)
-		return -1;
-	
-	event.sctp_sender_dry_event = 1;
-	
-	ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
-#endif
-	if (ret < 0)
-		return -1;
-
-	/* peek for notification */
-	memset(&snp, 0x00, sizeof(union sctp_notification));
-	iov.iov_base = (char *)&snp;
-	iov.iov_len = sizeof(union sctp_notification);
-	msg.msg_name = NULL;
-	msg.msg_namelen = 0;
-	msg.msg_iov = &iov;
-	msg.msg_iovlen = 1;
-	msg.msg_control = NULL;
-	msg.msg_controllen = 0;
-	msg.msg_flags = 0;
-
-	n = recvmsg(b->num, &msg, MSG_PEEK);
-	if (n <= 0)
-		{
-		if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
-			return -1;
-		else
-			return 0;
-		}
-
-	/* if we find a notification, process it and try again if necessary */
-	while (msg.msg_flags & MSG_NOTIFICATION)
-		{
-		memset(&snp, 0x00, sizeof(union sctp_notification));
-		iov.iov_base = (char *)&snp;
-		iov.iov_len = sizeof(union sctp_notification);
-		msg.msg_name = NULL;
-		msg.msg_namelen = 0;
-		msg.msg_iov = &iov;
-		msg.msg_iovlen = 1;
-		msg.msg_control = NULL;
-		msg.msg_controllen = 0;
-		msg.msg_flags = 0;
-
-		n = recvmsg(b->num, &msg, 0);
-		if (n <= 0)
-			{
-			if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
-				return -1;
-			else
-				return is_dry;
-			}
-		
-		if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT)
-			{
-			is_dry = 1;
-
-			/* disable sender dry event */
-#ifdef SCTP_EVENT
-			memset(&event, 0, sizeof(struct sctp_event));
-			event.se_assoc_id = 0;
-			event.se_type = SCTP_SENDER_DRY_EVENT;
-			event.se_on = 0;
-			ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
-#else
-			eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
-			ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
-			if (ret < 0)
-				return -1;
-
-			event.sctp_sender_dry_event = 0;
-
-			ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
-#endif
-			if (ret < 0)
-				return -1;
-			}
-
-#ifdef SCTP_AUTHENTICATION_EVENT
-		if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
-			dgram_sctp_handle_auth_free_key_event(b, &snp);
-#endif
-
-		if (data->handle_notifications != NULL)
-			data->handle_notifications(b, data->notification_context, (void*) &snp);
-
-		/* found notification, peek again */
-		memset(&snp, 0x00, sizeof(union sctp_notification));
-		iov.iov_base = (char *)&snp;
-		iov.iov_len = sizeof(union sctp_notification);
-		msg.msg_name = NULL;
-		msg.msg_namelen = 0;
-		msg.msg_iov = &iov;
-		msg.msg_iovlen = 1;
-		msg.msg_control = NULL;
-		msg.msg_controllen = 0;
-		msg.msg_flags = 0;
-
-		/* if we have seen the dry already, don't wait */
-		if (is_dry)
-			{
-			sockflags = fcntl(b->num, F_GETFL, 0);
-			fcntl(b->num, F_SETFL, O_NONBLOCK);
-			}
-
-		n = recvmsg(b->num, &msg, MSG_PEEK);
-
-		if (is_dry)
-			{
-			fcntl(b->num, F_SETFL, sockflags);
-			}
-
-		if (n <= 0)
-			{
-			if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
-				return -1;
-			else
-				return is_dry;
-			}
-		}
-
-	/* read anything else */
-	return is_dry;
-}
-
-int BIO_dgram_sctp_msg_waiting(BIO *b)
-	{
-	int n, sockflags;
-	union sctp_notification snp;
-	struct msghdr msg;
-	struct iovec iov;
-	bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
-
-	/* Check if there are any messages waiting to be read */
-	do
-		{
-		memset(&snp, 0x00, sizeof(union sctp_notification));
-		iov.iov_base = (char *)&snp;
-		iov.iov_len = sizeof(union sctp_notification);
-		msg.msg_name = NULL;
-		msg.msg_namelen = 0;
-		msg.msg_iov = &iov;
-		msg.msg_iovlen = 1;
-		msg.msg_control = NULL;
-		msg.msg_controllen = 0;
-		msg.msg_flags = 0;
-
-		sockflags = fcntl(b->num, F_GETFL, 0);
-		fcntl(b->num, F_SETFL, O_NONBLOCK);
-		n = recvmsg(b->num, &msg, MSG_PEEK);
-		fcntl(b->num, F_SETFL, sockflags);
-
-		/* if notification, process and try again */
-		if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION))
-			{
-#ifdef SCTP_AUTHENTICATION_EVENT
-			if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
-				dgram_sctp_handle_auth_free_key_event(b, &snp);
-#endif
-
-			memset(&snp, 0x00, sizeof(union sctp_notification));
-			iov.iov_base = (char *)&snp;
-			iov.iov_len = sizeof(union sctp_notification);
-			msg.msg_name = NULL;
-			msg.msg_namelen = 0;
-			msg.msg_iov = &iov;
-			msg.msg_iovlen = 1;
-			msg.msg_control = NULL;
-			msg.msg_controllen = 0;
-			msg.msg_flags = 0;
-			n = recvmsg(b->num, &msg, 0);
-
-			if (data->handle_notifications != NULL)
-				data->handle_notifications(b, data->notification_context, (void*) &snp);
-			}
-
-		} while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
-
-	/* Return 1 if there is a message to be read, return 0 otherwise. */
-	if (n > 0)
-		return 1;
-	else
-		return 0;
-	}
-
-static int dgram_sctp_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=dgram_sctp_write(bp,str,n);
-	return(ret);
-	}
-#endif
-
-static int BIO_dgram_should_retry(int i)
-	{
-	int err;
-
-	if ((i == 0) || (i == -1))
-		{
-		err=get_last_socket_error();
-
-#if defined(OPENSSL_SYS_WINDOWS)
-	/* If the socket return value (i) is -1
-	 * and err is unexpectedly 0 at this point,
-	 * the error code was overwritten by
-	 * another system call before this error
-	 * handling is called.
-	 */
-#endif
-
-		return(BIO_dgram_non_fatal_error(err));
-		}
-	return(0);
-	}
-
-int BIO_dgram_non_fatal_error(int err)
-	{
-	switch (err)
-		{
-#if defined(OPENSSL_SYS_WINDOWS)
-# if defined(WSAEWOULDBLOCK)
-	case WSAEWOULDBLOCK:
-# endif
-
-# if 0 /* This appears to always be an error */
-#  if defined(WSAENOTCONN)
-	case WSAENOTCONN:
-#  endif
-# endif
-#endif
-
-#ifdef EWOULDBLOCK
-# ifdef WSAEWOULDBLOCK
-#  if WSAEWOULDBLOCK != EWOULDBLOCK
-	case EWOULDBLOCK:
-#  endif
-# else
-	case EWOULDBLOCK:
-# endif
-#endif
-
-#ifdef EINTR
-	case EINTR:
-#endif
-
-#ifdef EAGAIN
-#if EWOULDBLOCK != EAGAIN
-	case EAGAIN:
-# endif
-#endif
-
-#ifdef EPROTO
-	case EPROTO:
-#endif
-
-#ifdef EINPROGRESS
-	case EINPROGRESS:
-#endif
-
-#ifdef EALREADY
-	case EALREADY:
-#endif
-
-		return(1);
-		/* break; */
-	default:
-		break;
-		}
-	return(0);
-	}
-
-static void get_current_time(struct timeval *t)
-	{
-#ifdef OPENSSL_SYS_WIN32
-	struct _timeb tb;
-	_ftime(&tb);
-	t->tv_sec = (long)tb.time;
-	t->tv_usec = (long)tb.millitm * 1000;
-#elif defined(OPENSSL_SYS_VMS)
-	struct timeb tb;
-	ftime(&tb);
-	t->tv_sec = (long)tb.time;
-	t->tv_usec = (long)tb.millitm * 1000;
-#else
-	gettimeofday(t, NULL);
-#endif
-	}
-
-#endif
diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c
deleted file mode 100644
index d1bf85aae1..0000000000
--- a/crypto/bio/bss_fd.c
+++ /dev/null
@@ -1,319 +0,0 @@
-/* crypto/bio/bss_fd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-
-#if defined(OPENSSL_NO_POSIX_IO)
-/*
- * One can argue that one should implement dummy placeholder for
- * BIO_s_fd here...
- */
-#else
-/*
- * As for unconditional usage of "UPLINK" interface in this module.
- * Trouble is that unlike Unix file descriptors [which are indexes
- * in kernel-side per-process table], corresponding descriptors on
- * platforms which require "UPLINK" interface seem to be indexes
- * in a user-land, non-global table. Well, in fact they are indexes
- * in stdio _iob[], and recall that _iob[] was the very reason why
- * "UPLINK" interface was introduced in first place. But one way on
- * another. Neither libcrypto or libssl use this BIO meaning that
- * file descriptors can only be provided by application. Therefore
- * "UPLINK" calls are due...
- */
-#include "bio_lcl.h"
-
-static int fd_write(BIO *h, const char *buf, int num);
-static int fd_read(BIO *h, char *buf, int size);
-static int fd_puts(BIO *h, const char *str);
-static int fd_gets(BIO *h, char *buf, int size);
-static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int fd_new(BIO *h);
-static int fd_free(BIO *data);
-int BIO_fd_should_retry(int s);
-
-static BIO_METHOD methods_fdp=
-	{
-	BIO_TYPE_FD,"file descriptor",
-	fd_write,
-	fd_read,
-	fd_puts,
-	fd_gets,
-	fd_ctrl,
-	fd_new,
-	fd_free,
-	NULL,
-	};
-
-BIO_METHOD *BIO_s_fd(void)
-	{
-	return(&methods_fdp);
-	}
-
-BIO *BIO_new_fd(int fd,int close_flag)
-	{
-	BIO *ret;
-	ret=BIO_new(BIO_s_fd());
-	if (ret == NULL) return(NULL);
-	BIO_set_fd(ret,fd,close_flag);
-	return(ret);
-	}
-
-static int fd_new(BIO *bi)
-	{
-	bi->init=0;
-	bi->num=-1;
-	bi->ptr=NULL;
-	bi->flags=BIO_FLAGS_UPLINK; /* essentially redundant */
-	return(1);
-	}
-
-static int fd_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if (a->init)
-			{
-			UP_close(a->num);
-			}
-		a->init=0;
-		a->flags=BIO_FLAGS_UPLINK;
-		}
-	return(1);
-	}
-	
-static int fd_read(BIO *b, char *out,int outl)
-	{
-	int ret=0;
-
-	if (out != NULL)
-		{
-		clear_sys_error();
-		ret=UP_read(b->num,out,outl);
-		BIO_clear_retry_flags(b);
-		if (ret <= 0)
-			{
-			if (BIO_fd_should_retry(ret))
-				BIO_set_retry_read(b);
-			}
-		}
-	return(ret);
-	}
-
-static int fd_write(BIO *b, const char *in, int inl)
-	{
-	int ret;
-	clear_sys_error();
-	ret=UP_write(b->num,in,inl);
-	BIO_clear_retry_flags(b);
-	if (ret <= 0)
-		{
-		if (BIO_fd_should_retry(ret))
-			BIO_set_retry_write(b);
-		}
-	return(ret);
-	}
-
-static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret=1;
-	int *ip;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		num=0;
-	case BIO_C_FILE_SEEK:
-		ret=(long)UP_lseek(b->num,num,0);
-		break;
-	case BIO_C_FILE_TELL:
-	case BIO_CTRL_INFO:
-		ret=(long)UP_lseek(b->num,0,1);
-		break;
-	case BIO_C_SET_FD:
-		fd_free(b);
-		b->num= *((int *)ptr);
-		b->shutdown=(int)num;
-		b->init=1;
-		break;
-	case BIO_C_GET_FD:
-		if (b->init)
-			{
-			ip=(int *)ptr;
-			if (ip != NULL) *ip=b->num;
-			ret=b->num;
-			}
-		else
-			ret= -1;
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_WPENDING:
-		ret=0;
-		break;
-	case BIO_CTRL_DUP:
-	case BIO_CTRL_FLUSH:
-		ret=1;
-		break;
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static int fd_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=fd_write(bp,str,n);
-	return(ret);
-	}
-
-static int fd_gets(BIO *bp, char *buf, int size)
-        {
-	int ret=0;
-	char *ptr=buf;
-	char *end=buf+size-1;
-
-	while ( (ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n') )
-		ptr++;
-
-	ptr[0]='\0';
-
-	if (buf[0] != '\0')
-		ret=strlen(buf);
-	return(ret);
-        }
-
-int BIO_fd_should_retry(int i)
-	{
-	int err;
-
-	if ((i == 0) || (i == -1))
-		{
-		err=get_last_sys_error();
-
-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
-		if ((i == -1) && (err == 0))
-			return(1);
-#endif
-
-		return(BIO_fd_non_fatal_error(err));
-		}
-	return(0);
-	}
-
-int BIO_fd_non_fatal_error(int err)
-	{
-	switch (err)
-		{
-
-#ifdef EWOULDBLOCK
-# ifdef WSAEWOULDBLOCK
-#  if WSAEWOULDBLOCK != EWOULDBLOCK
-	case EWOULDBLOCK:
-#  endif
-# else
-	case EWOULDBLOCK:
-# endif
-#endif
-
-#if defined(ENOTCONN)
-	case ENOTCONN:
-#endif
-
-#ifdef EINTR
-	case EINTR:
-#endif
-
-#ifdef EAGAIN
-#if EWOULDBLOCK != EAGAIN
-	case EAGAIN:
-# endif
-#endif
-
-#ifdef EPROTO
-	case EPROTO:
-#endif
-
-#ifdef EINPROGRESS
-	case EINPROGRESS:
-#endif
-
-#ifdef EALREADY
-	case EALREADY:
-#endif
-		return(1);
-		/* break; */
-	default:
-		break;
-		}
-	return(0);
-	}
-#endif
diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
deleted file mode 100644
index b954fe7ebc..0000000000
--- a/crypto/bio/bss_file.c
+++ /dev/null
@@ -1,477 +0,0 @@
-/* crypto/bio/bss_file.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * 03-Dec-1997	rdenny@dc3.com  Fix bug preventing use of stdin/stdout
- *		with binary data (e.g. asn1parse -inform DER < xxx) under
- *		Windows
- */
-
-#ifndef HEADER_BSS_FILE_C
-#define HEADER_BSS_FILE_C
-
-#if defined(__linux) || defined(__sun) || defined(__hpux)
-/* Following definition aliases fopen to fopen64 on above mentioned
- * platforms. This makes it possible to open and sequentially access
- * files larger than 2GB from 32-bit application. It does not allow to
- * traverse them beyond 2GB with fseek/ftell, but on the other hand *no*
- * 32-bit platform permits that, not with fseek/ftell. Not to mention
- * that breaking 2GB limit for seeking would require surgery to *our*
- * API. But sequential access suffices for practical cases when you
- * can run into large files, such as fingerprinting, so we can let API
- * alone. For reference, the list of 32-bit platforms which allow for
- * sequential access of large files without extra "magic" comprise *BSD,
- * Darwin, IRIX...
- */
-#ifndef _FILE_OFFSET_BITS
-#define _FILE_OFFSET_BITS 64
-#endif
-#endif
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include "bio_lcl.h"
-#include <openssl/err.h>
-
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-#include <nwfileio.h>
-#endif
-
-#if !defined(OPENSSL_NO_STDIO)
-
-static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
-static int MS_CALLBACK file_read(BIO *h, char *buf, int size);
-static int MS_CALLBACK file_puts(BIO *h, const char *str);
-static int MS_CALLBACK file_gets(BIO *h, char *str, int size);
-static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int MS_CALLBACK file_new(BIO *h);
-static int MS_CALLBACK file_free(BIO *data);
-static BIO_METHOD methods_filep=
-	{
-	BIO_TYPE_FILE,
-	"FILE pointer",
-	file_write,
-	file_read,
-	file_puts,
-	file_gets,
-	file_ctrl,
-	file_new,
-	file_free,
-	NULL,
-	};
-
-BIO *BIO_new_file(const char *filename, const char *mode)
-	{
-	BIO  *ret;
-	FILE *file=NULL;
-
-#if defined(_WIN32) && defined(CP_UTF8)
-	int sz, len_0 = (int)strlen(filename)+1;
-	DWORD flags;
-
-	/*
-	 * Basically there are three cases to cover: a) filename is
-	 * pure ASCII string; b) actual UTF-8 encoded string and
-	 * c) locale-ized string, i.e. one containing 8-bit
-	 * characters that are meaningful in current system locale.
-	 * If filename is pure ASCII or real UTF-8 encoded string,
-	 * MultiByteToWideChar succeeds and _wfopen works. If
-	 * filename is locale-ized string, chances are that
-	 * MultiByteToWideChar fails reporting
-	 * ERROR_NO_UNICODE_TRANSLATION, in which case we fall
-	 * back to fopen...
-	 */
-	if ((sz=MultiByteToWideChar(CP_UTF8,(flags=MB_ERR_INVALID_CHARS),
-					filename,len_0,NULL,0))>0 ||
-	    (GetLastError()==ERROR_INVALID_FLAGS &&
-	     (sz=MultiByteToWideChar(CP_UTF8,(flags=0),
-					filename,len_0,NULL,0))>0)
-	   )
-		{
-		WCHAR  wmode[8];
-		WCHAR *wfilename = _alloca(sz*sizeof(WCHAR));
-
-		if (MultiByteToWideChar(CP_UTF8,flags,
-					filename,len_0,wfilename,sz) &&
-		    MultiByteToWideChar(CP_UTF8,0,mode,strlen(mode)+1,
-			    		wmode,sizeof(wmode)/sizeof(wmode[0])) &&
-		    (file=_wfopen(wfilename,wmode))==NULL &&
-		    (errno==ENOENT || errno==EBADF)
-		   )	/* UTF-8 decode succeeded, but no file, filename
-			 * could still have been locale-ized... */
-			file = fopen(filename,mode);
-		}
-	else if (GetLastError()==ERROR_NO_UNICODE_TRANSLATION)
-		{
-		file = fopen(filename,mode);
-		}
-#else
-	file=fopen(filename,mode);	
-#endif
-	if (file == NULL)
-		{
-		SYSerr(SYS_F_FOPEN,get_last_sys_error());
-		ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
-		if (errno == ENOENT)
-			BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
-		else
-			BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
-		return(NULL);
-		}
-	if ((ret=BIO_new(BIO_s_file())) == NULL)
-		{
-		fclose(file);
-		return(NULL);
-		}
-
-	BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
-	BIO_set_fp(ret,file,BIO_CLOSE);
-	return(ret);
-	}
-
-BIO *BIO_new_fp(FILE *stream, int close_flag)
-	{
-	BIO *ret;
-
-	if ((ret=BIO_new(BIO_s_file())) == NULL)
-		return(NULL);
-
-	BIO_set_flags(ret,BIO_FLAGS_UPLINK); /* redundant, left for documentation puposes */
-	BIO_set_fp(ret,stream,close_flag);
-	return(ret);
-	}
-
-BIO_METHOD *BIO_s_file(void)
-	{
-	return(&methods_filep);
-	}
-
-static int MS_CALLBACK file_new(BIO *bi)
-	{
-	bi->init=0;
-	bi->num=0;
-	bi->ptr=NULL;
-	bi->flags=BIO_FLAGS_UPLINK; /* default to UPLINK */
-	return(1);
-	}
-
-static int MS_CALLBACK file_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if ((a->init) && (a->ptr != NULL))
-			{
-			if (a->flags&BIO_FLAGS_UPLINK)
-				UP_fclose (a->ptr);
-			else
-				fclose (a->ptr);
-			a->ptr=NULL;
-			a->flags=BIO_FLAGS_UPLINK;
-			}
-		a->init=0;
-		}
-	return(1);
-	}
-	
-static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
-
-	if (b->init && (out != NULL))
-		{
-		if (b->flags&BIO_FLAGS_UPLINK)
-			ret=UP_fread(out,1,(int)outl,b->ptr);
-		else
-			ret=fread(out,1,(int)outl,(FILE *)b->ptr);
-		if(ret == 0 && (b->flags&BIO_FLAGS_UPLINK)?UP_ferror((FILE *)b->ptr):ferror((FILE *)b->ptr))
-			{
-			SYSerr(SYS_F_FREAD,get_last_sys_error());
-			BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB);
-			ret=-1;
-			}
-		}
-	return(ret);
-	}
-
-static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
-	{
-	int ret=0;
-
-	if (b->init && (in != NULL))
-		{
-		if (b->flags&BIO_FLAGS_UPLINK)
-			ret=UP_fwrite(in,(int)inl,1,b->ptr);
-		else
-			ret=fwrite(in,(int)inl,1,(FILE *)b->ptr);
-		if (ret)
-			ret=inl;
-		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
-		/* according to Tim Hudson <tjh@cryptsoft.com>, the commented
-		 * out version above can cause 'inl' write calls under
-		 * some stupid stdio implementations (VMS) */
-		}
-	return(ret);
-	}
-
-static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret=1;
-	FILE *fp=(FILE *)b->ptr;
-	FILE **fpp;
-	char p[4];
-
-	switch (cmd)
-		{
-	case BIO_C_FILE_SEEK:
-	case BIO_CTRL_RESET:
-		if (b->flags&BIO_FLAGS_UPLINK)
-			ret=(long)UP_fseek(b->ptr,num,0);
-		else
-			ret=(long)fseek(fp,num,0);
-		break;
-	case BIO_CTRL_EOF:
-		if (b->flags&BIO_FLAGS_UPLINK)
-			ret=(long)UP_feof(fp);
-		else
-			ret=(long)feof(fp);
-		break;
-	case BIO_C_FILE_TELL:
-	case BIO_CTRL_INFO:
-		if (b->flags&BIO_FLAGS_UPLINK)
-			ret=UP_ftell(b->ptr);
-		else
-			ret=ftell(fp);
-		break;
-	case BIO_C_SET_FILE_PTR:
-		file_free(b);
-		b->shutdown=(int)num&BIO_CLOSE;
-		b->ptr=ptr;
-		b->init=1;
-#if BIO_FLAGS_UPLINK!=0
-#if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
-#define _IOB_ENTRIES 20
-#endif
-#if defined(_IOB_ENTRIES)
-		/* Safety net to catch purely internal BIO_set_fp calls */
-		if ((size_t)ptr >= (size_t)stdin &&
-		    (size_t)ptr <  (size_t)(stdin+_IOB_ENTRIES))
-			BIO_clear_flags(b,BIO_FLAGS_UPLINK);
-#endif
-#endif
-#ifdef UP_fsetmod
-		if (b->flags&BIO_FLAGS_UPLINK)
-			UP_fsetmod(b->ptr,(char)((num&BIO_FP_TEXT)?'t':'b'));
-		else
-#endif
-		{
-#if defined(OPENSSL_SYS_WINDOWS)
-		int fd = _fileno((FILE*)ptr);
-		if (num & BIO_FP_TEXT)
-			_setmode(fd,_O_TEXT);
-		else
-			_setmode(fd,_O_BINARY);
-#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-		int fd = fileno((FILE*)ptr);
-		/* Under CLib there are differences in file modes */
-		if (num & BIO_FP_TEXT)
-			setmode(fd,O_TEXT);
-		else
-			setmode(fd,O_BINARY);
-#elif defined(OPENSSL_SYS_MSDOS)
-		int fd = fileno((FILE*)ptr);
-		/* Set correct text/binary mode */
-		if (num & BIO_FP_TEXT)
-			_setmode(fd,_O_TEXT);
-		/* Dangerous to set stdin/stdout to raw (unless redirected) */
-		else
-			{
-			if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
-				{
-				if (isatty(fd) <= 0)
-					_setmode(fd,_O_BINARY);
-				}
-			else
-				_setmode(fd,_O_BINARY);
-			}
-#elif defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
-		int fd = fileno((FILE*)ptr);
-		if (num & BIO_FP_TEXT)
-			setmode(fd, O_TEXT);
-		else
-			setmode(fd, O_BINARY);
-#endif
-		}
-		break;
-	case BIO_C_SET_FILENAME:
-		file_free(b);
-		b->shutdown=(int)num&BIO_CLOSE;
-		if (num & BIO_FP_APPEND)
-			{
-			if (num & BIO_FP_READ)
-				BUF_strlcpy(p,"a+",sizeof p);
-			else	BUF_strlcpy(p,"a",sizeof p);
-			}
-		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
-			BUF_strlcpy(p,"r+",sizeof p);
-		else if (num & BIO_FP_WRITE)
-			BUF_strlcpy(p,"w",sizeof p);
-		else if (num & BIO_FP_READ)
-			BUF_strlcpy(p,"r",sizeof p);
-		else
-			{
-			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
-			ret=0;
-			break;
-			}
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
-		if (!(num & BIO_FP_TEXT))
-			strcat(p,"b");
-		else
-			strcat(p,"t");
-#endif
-#if defined(OPENSSL_SYS_NETWARE)
-		if (!(num & BIO_FP_TEXT))
-			strcat(p,"b");
-		else
-			strcat(p,"t");
-#endif
-		fp=fopen(ptr,p);
-		if (fp == NULL)
-			{
-			SYSerr(SYS_F_FOPEN,get_last_sys_error());
-			ERR_add_error_data(5,"fopen('",ptr,"','",p,"')");
-			BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
-			ret=0;
-			break;
-			}
-		b->ptr=fp;
-		b->init=1;
-		BIO_clear_flags(b,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
-		break;
-	case BIO_C_GET_FILE_PTR:
-		/* the ptr parameter is actually a FILE ** in this case. */
-		if (ptr != NULL)
-			{
-			fpp=(FILE **)ptr;
-			*fpp=(FILE *)b->ptr;
-			}
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=(long)b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_FLUSH:
-		if (b->flags&BIO_FLAGS_UPLINK)
-			UP_fflush(b->ptr);
-		else
-			fflush((FILE *)b->ptr);
-		break;
-	case BIO_CTRL_DUP:
-		ret=1;
-		break;
-
-	case BIO_CTRL_WPENDING:
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_PUSH:
-	case BIO_CTRL_POP:
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
-	{
-	int ret=0;
-
-	buf[0]='\0';
-	if (bp->flags&BIO_FLAGS_UPLINK)
-		{
-		if (!UP_fgets(buf,size,bp->ptr))
-			goto err;
-		}
-	else
-		{
-		if (!fgets(buf,size,(FILE *)bp->ptr))
-			goto err;
-		}
-	if (buf[0] != '\0')
-		ret=strlen(buf);
-	err:
-	return(ret);
-	}
-
-static int MS_CALLBACK file_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=file_write(bp,str,n);
-	return(ret);
-	}
-
-#endif /* OPENSSL_NO_STDIO */
-
-#endif /* HEADER_BSS_FILE_C */
-
-
diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c
deleted file mode 100644
index 2227b2b52d..0000000000
--- a/crypto/bio/bss_log.c
+++ /dev/null
@@ -1,399 +0,0 @@
-/* crypto/bio/bss_log.c */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
-	Why BIO_s_log?
-
-	BIO_s_log is useful for system daemons (or services under NT).
-	It is one-way BIO, it sends all stuff to syslogd (on system that
-	commonly use that), or event log (on NT), or OPCOM (on OpenVMS).
-
-*/
-
-
-#include <stdio.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-
-#if defined(OPENSSL_SYS_WINCE)
-#elif defined(OPENSSL_SYS_WIN32)
-#elif defined(OPENSSL_SYS_VMS)
-#  include <opcdef.h>
-#  include <descrip.h>
-#  include <lib$routines.h>
-#  include <starlet.h>
-/* Some compiler options may mask the declaration of "_malloc32". */
-#  if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
-#    if __INITIAL_POINTER_SIZE == 64
-#      pragma pointer_size save
-#      pragma pointer_size 32
-    void * _malloc32  (__size_t);
-#      pragma pointer_size restore
-#    endif /* __INITIAL_POINTER_SIZE == 64 */
-#  endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */
-#elif defined(__ultrix)
-#  include <sys/syslog.h>
-#elif defined(OPENSSL_SYS_NETWARE)
-#  define NO_SYSLOG
-#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
-#  include <syslog.h>
-#endif
-
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-#ifndef NO_SYSLOG
-
-#if defined(OPENSSL_SYS_WIN32)
-#define LOG_EMERG	0
-#define LOG_ALERT	1
-#define LOG_CRIT	2
-#define LOG_ERR		3
-#define LOG_WARNING	4
-#define LOG_NOTICE	5
-#define LOG_INFO	6
-#define LOG_DEBUG	7
-
-#define LOG_DAEMON	(3<<3)
-#elif defined(OPENSSL_SYS_VMS)
-/* On VMS, we don't really care about these, but we need them to compile */
-#define LOG_EMERG	0
-#define LOG_ALERT	1
-#define LOG_CRIT	2
-#define LOG_ERR		3
-#define LOG_WARNING	4
-#define LOG_NOTICE	5
-#define LOG_INFO	6
-#define LOG_DEBUG	7
-
-#define LOG_DAEMON	OPC$M_NM_NTWORK
-#endif
-
-static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num);
-static int MS_CALLBACK slg_puts(BIO *h, const char *str);
-static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int MS_CALLBACK slg_new(BIO *h);
-static int MS_CALLBACK slg_free(BIO *data);
-static void xopenlog(BIO* bp, char* name, int level);
-static void xsyslog(BIO* bp, int priority, const char* string);
-static void xcloselog(BIO* bp);
-
-static BIO_METHOD methods_slg=
-	{
-	BIO_TYPE_MEM,"syslog",
-	slg_write,
-	NULL,
-	slg_puts,
-	NULL,
-	slg_ctrl,
-	slg_new,
-	slg_free,
-	NULL,
-	};
-
-BIO_METHOD *BIO_s_log(void)
-	{
-	return(&methods_slg);
-	}
-
-static int MS_CALLBACK slg_new(BIO *bi)
-	{
-	bi->init=1;
-	bi->num=0;
-	bi->ptr=NULL;
-	xopenlog(bi, "application", LOG_DAEMON);
-	return(1);
-	}
-
-static int MS_CALLBACK slg_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	xcloselog(a);
-	return(1);
-	}
-	
-static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
-	{
-	int ret= inl;
-	char* buf;
-	char* pp;
-	int priority, i;
-	static const struct
-		{
-		int strl;
-		char str[10];
-		int log_level;
-		}
-	mapping[] =
-		{
-		{ 6, "PANIC ", LOG_EMERG },
-		{ 6, "EMERG ", LOG_EMERG },
-		{ 4, "EMR ", LOG_EMERG },
-		{ 6, "ALERT ", LOG_ALERT },
-		{ 4, "ALR ", LOG_ALERT },
-		{ 5, "CRIT ", LOG_CRIT },
-		{ 4, "CRI ", LOG_CRIT },
-		{ 6, "ERROR ", LOG_ERR },
-		{ 4, "ERR ", LOG_ERR },
-		{ 8, "WARNING ", LOG_WARNING },
-		{ 5, "WARN ", LOG_WARNING },
-		{ 4, "WAR ", LOG_WARNING },
-		{ 7, "NOTICE ", LOG_NOTICE },
-		{ 5, "NOTE ", LOG_NOTICE },
-		{ 4, "NOT ", LOG_NOTICE },
-		{ 5, "INFO ", LOG_INFO },
-		{ 4, "INF ", LOG_INFO },
-		{ 6, "DEBUG ", LOG_DEBUG },
-		{ 4, "DBG ", LOG_DEBUG },
-		{ 0, "", LOG_ERR } /* The default */
-		};
-
-	if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){
-		return(0);
-	}
-	strncpy(buf, in, inl);
-	buf[inl]= '\0';
-
-	i = 0;
-	while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++;
-	priority = mapping[i].log_level;
-	pp = buf + mapping[i].strl;
-
-	xsyslog(b, priority, pp);
-
-	OPENSSL_free(buf);
-	return(ret);
-	}
-
-static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	switch (cmd)
-		{
-	case BIO_CTRL_SET:
-		xcloselog(b);
-		xopenlog(b, ptr, num);
-		break;
-	default:
-		break;
-		}
-	return(0);
-	}
-
-static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=slg_write(bp,str,n);
-	return(ret);
-	}
-
-#if defined(OPENSSL_SYS_WIN32)
-
-static void xopenlog(BIO* bp, char* name, int level)
-{
-	if (check_winnt())
-		bp->ptr = RegisterEventSourceA(NULL,name);
-	else
-		bp->ptr = NULL;
-}
-
-static void xsyslog(BIO *bp, int priority, const char *string)
-{
-	LPCSTR lpszStrings[2];
-	WORD evtype= EVENTLOG_ERROR_TYPE;
-	char pidbuf[DECIMAL_SIZE(DWORD)+4];
-
-	if (bp->ptr == NULL)
-		return;
-
-	switch (priority)
-		{
-	case LOG_EMERG:
-	case LOG_ALERT:
-	case LOG_CRIT:
-	case LOG_ERR:
-		evtype = EVENTLOG_ERROR_TYPE;
-		break;
-	case LOG_WARNING:
-		evtype = EVENTLOG_WARNING_TYPE;
-		break;
-	case LOG_NOTICE:
-	case LOG_INFO:
-	case LOG_DEBUG:
-		evtype = EVENTLOG_INFORMATION_TYPE;
-		break;
-	default:		/* Should never happen, but set it
-				   as error anyway. */
-		evtype = EVENTLOG_ERROR_TYPE;
-		break;
-		}
-
-	sprintf(pidbuf, "[%u] ", GetCurrentProcessId());
-	lpszStrings[0] = pidbuf;
-	lpszStrings[1] = string;
-
-	ReportEventA(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
-				lpszStrings, NULL);
-}
-	
-static void xcloselog(BIO* bp)
-{
-	if(bp->ptr)
-		DeregisterEventSource((HANDLE)(bp->ptr));
-	bp->ptr= NULL;
-}
-
-#elif defined(OPENSSL_SYS_VMS)
-
-static int VMS_OPC_target = LOG_DAEMON;
-
-static void xopenlog(BIO* bp, char* name, int level)
-{
-	VMS_OPC_target = level; 
-}
-
-static void xsyslog(BIO *bp, int priority, const char *string)
-{
-	struct dsc$descriptor_s opc_dsc;
-
-/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */
-#if __INITIAL_POINTER_SIZE == 64
-# pragma pointer_size save
-# pragma pointer_size 32
-# define OPCDEF_TYPE __char_ptr32
-# define OPCDEF_MALLOC _malloc32
-#else /* __INITIAL_POINTER_SIZE == 64 */
-# define OPCDEF_TYPE char *
-# define OPCDEF_MALLOC OPENSSL_malloc
-#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
-
-	struct opcdef *opcdef_p;
-
-#if __INITIAL_POINTER_SIZE == 64
-# pragma pointer_size restore
-#endif /* __INITIAL_POINTER_SIZE == 64 */
-
-	char buf[10240];
-	unsigned int len;
-        struct dsc$descriptor_s buf_dsc;
-	$DESCRIPTOR(fao_cmd, "!AZ: !AZ");
-	char *priority_tag;
-
-	switch (priority)
-	  {
-	  case LOG_EMERG: priority_tag = "Emergency"; break;
-	  case LOG_ALERT: priority_tag = "Alert"; break;
-	  case LOG_CRIT: priority_tag = "Critical"; break;
-	  case LOG_ERR: priority_tag = "Error"; break;
-	  case LOG_WARNING: priority_tag = "Warning"; break;
-	  case LOG_NOTICE: priority_tag = "Notice"; break;
-	  case LOG_INFO: priority_tag = "Info"; break;
-	  case LOG_DEBUG: priority_tag = "DEBUG"; break;
-	  }
-
-	buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-	buf_dsc.dsc$b_class = DSC$K_CLASS_S;
-	buf_dsc.dsc$a_pointer = buf;
-	buf_dsc.dsc$w_length = sizeof(buf) - 1;
-
-	lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
-
-	/* We know there's an 8-byte header.  That's documented. */
-	opcdef_p = OPCDEF_MALLOC( 8+ len);
-	opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
-	memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
-	opcdef_p->opc$l_ms_rqstid = 0;
-	memcpy(&opcdef_p->opc$l_ms_text, buf, len);
-
-	opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-	opc_dsc.dsc$b_class = DSC$K_CLASS_S;
-	opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p;
-	opc_dsc.dsc$w_length = len + 8;
-
-	sys$sndopr(opc_dsc, 0);
-
-	OPENSSL_free(opcdef_p);
-}
-
-static void xcloselog(BIO* bp)
-{
-}
-
-#else /* Unix/Watt32 */
-
-static void xopenlog(BIO* bp, char* name, int level)
-{
-#ifdef WATT32   /* djgpp/DOS */
-	openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level);
-#else
-	openlog(name, LOG_PID|LOG_CONS, level);
-#endif
-}
-
-static void xsyslog(BIO *bp, int priority, const char *string)
-{
-	syslog(priority, "%s", string);
-}
-
-static void xcloselog(BIO* bp)
-{
-	closelog();
-}
-
-#endif /* Unix */
-
-#endif /* NO_SYSLOG */
diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
deleted file mode 100644
index 37d4194e4b..0000000000
--- a/crypto/bio/bss_mem.c
+++ /dev/null
@@ -1,319 +0,0 @@
-/* crypto/bio/bss_mem.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-static int mem_write(BIO *h, const char *buf, int num);
-static int mem_read(BIO *h, char *buf, int size);
-static int mem_puts(BIO *h, const char *str);
-static int mem_gets(BIO *h, char *str, int size);
-static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int mem_new(BIO *h);
-static int mem_free(BIO *data);
-static BIO_METHOD mem_method=
-	{
-	BIO_TYPE_MEM,
-	"memory buffer",
-	mem_write,
-	mem_read,
-	mem_puts,
-	mem_gets,
-	mem_ctrl,
-	mem_new,
-	mem_free,
-	NULL,
-	};
-
-/* bio->num is used to hold the value to return on 'empty', if it is
- * 0, should_retry is not set */
-
-BIO_METHOD *BIO_s_mem(void)
-	{
-	return(&mem_method);
-	}
-
-BIO *BIO_new_mem_buf(void *buf, int len)
-{
-	BIO *ret;
-	BUF_MEM *b;
-	size_t sz;
-
-	if (!buf) {
-		BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER);
-		return NULL;
-	}
-	sz = (len<0) ? strlen(buf) : (size_t)len;
-	if(!(ret = BIO_new(BIO_s_mem())) ) return NULL;
-	b = (BUF_MEM *)ret->ptr;
-	b->data = buf;
-	b->length = sz;
-	b->max = sz;
-	ret->flags |= BIO_FLAGS_MEM_RDONLY;
-	/* Since this is static data retrying wont help */
-	ret->num = 0;
-	return ret;
-}
-
-static int mem_new(BIO *bi)
-	{
-	BUF_MEM *b;
-
-	if ((b=BUF_MEM_new()) == NULL)
-		return(0);
-	bi->shutdown=1;
-	bi->init=1;
-	bi->num= -1;
-	bi->ptr=(char *)b;
-	return(1);
-	}
-
-static int mem_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if ((a->init) && (a->ptr != NULL))
-			{
-			BUF_MEM *b;
-			b = (BUF_MEM *)a->ptr;
-			if(a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL;
-			BUF_MEM_free(b);
-			a->ptr=NULL;
-			}
-		}
-	return(1);
-	}
-	
-static int mem_read(BIO *b, char *out, int outl)
-	{
-	int ret= -1;
-	BUF_MEM *bm;
-
-	bm=(BUF_MEM *)b->ptr;
-	BIO_clear_retry_flags(b);
-	ret=(outl >=0 && (size_t)outl > bm->length)?(int)bm->length:outl;
-	if ((out != NULL) && (ret > 0)) {
-		memcpy(out,bm->data,ret);
-		bm->length-=ret;
-		if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret;
-		else {
-			memmove(&(bm->data[0]),&(bm->data[ret]),bm->length);
-		}
-	} else if (bm->length == 0)
-		{
-		ret = b->num;
-		if (ret != 0)
-			BIO_set_retry_read(b);
-		}
-	return(ret);
-	}
-
-static int mem_write(BIO *b, const char *in, int inl)
-	{
-	int ret= -1;
-	int blen;
-	BUF_MEM *bm;
-
-	bm=(BUF_MEM *)b->ptr;
-	if (in == NULL)
-		{
-		BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER);
-		goto end;
-		}
-
-	if(b->flags & BIO_FLAGS_MEM_RDONLY) {
-		BIOerr(BIO_F_MEM_WRITE,BIO_R_WRITE_TO_READ_ONLY_BIO);
-		goto end;
-	}
-
-	BIO_clear_retry_flags(b);
-	blen=bm->length;
-	if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl))
-		goto end;
-	memcpy(&(bm->data[blen]),in,inl);
-	ret=inl;
-end:
-	return(ret);
-	}
-
-static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret=1;
-	char **pptr;
-
-	BUF_MEM *bm=(BUF_MEM *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		if (bm->data != NULL)
-			{
-			/* For read only case reset to the start again */
-			if(b->flags & BIO_FLAGS_MEM_RDONLY) 
-				{
-				bm->data -= bm->max - bm->length;
-				bm->length = bm->max;
-				}
-			else
-				{
-				memset(bm->data,0,bm->max);
-				bm->length=0;
-				}
-			}
-		break;
-	case BIO_CTRL_EOF:
-		ret=(long)(bm->length == 0);
-		break;
-	case BIO_C_SET_BUF_MEM_EOF_RETURN:
-		b->num=(int)num;
-		break;
-	case BIO_CTRL_INFO:
-		ret=(long)bm->length;
-		if (ptr != NULL)
-			{
-			pptr=(char **)ptr;
-			*pptr=(char *)&(bm->data[0]);
-			}
-		break;
-	case BIO_C_SET_BUF_MEM:
-		mem_free(b);
-		b->shutdown=(int)num;
-		b->ptr=ptr;
-		break;
-	case BIO_C_GET_BUF_MEM_PTR:
-		if (ptr != NULL)
-			{
-			pptr=(char **)ptr;
-			*pptr=(char *)bm;
-			}
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=(long)b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-
-	case BIO_CTRL_WPENDING:
-		ret=0L;
-		break;
-	case BIO_CTRL_PENDING:
-		ret=(long)bm->length;
-		break;
-	case BIO_CTRL_DUP:
-	case BIO_CTRL_FLUSH:
-		ret=1;
-		break;
-	case BIO_CTRL_PUSH:
-	case BIO_CTRL_POP:
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static int mem_gets(BIO *bp, char *buf, int size)
-	{
-	int i,j;
-	int ret= -1;
-	char *p;
-	BUF_MEM *bm=(BUF_MEM *)bp->ptr;
-
-	BIO_clear_retry_flags(bp);
-	j=bm->length;
-	if ((size-1) < j) j=size-1;
-	if (j <= 0)
-		{
-		*buf='\0';
-		return 0;
-		}
-	p=bm->data;
-	for (i=0; i<j; i++)
-		{
-		if (p[i] == '\n')
-			{
-			i++;
-			break;
-			}
-		}
-
-	/*
-	 * i is now the max num of bytes to copy, either j or up to
-	 * and including the first newline
-	 */ 
-
-	i=mem_read(bp,buf,i);
-	if (i > 0) buf[i]='\0';
-	ret=i;
-	return(ret);
-	}
-
-static int mem_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=mem_write(bp,str,n);
-	/* memory semantics is that it will always work */
-	return(ret);
-	}
-
diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c
deleted file mode 100644
index 46b73339df..0000000000
--- a/crypto/bio/bss_null.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/* crypto/bio/bss_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-static int null_write(BIO *h, const char *buf, int num);
-static int null_read(BIO *h, char *buf, int size);
-static int null_puts(BIO *h, const char *str);
-static int null_gets(BIO *h, char *str, int size);
-static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int null_new(BIO *h);
-static int null_free(BIO *data);
-static BIO_METHOD null_method=
-	{
-	BIO_TYPE_NULL,
-	"NULL",
-	null_write,
-	null_read,
-	null_puts,
-	null_gets,
-	null_ctrl,
-	null_new,
-	null_free,
-	NULL,
-	};
-
-BIO_METHOD *BIO_s_null(void)
-	{
-	return(&null_method);
-	}
-
-static int null_new(BIO *bi)
-	{
-	bi->init=1;
-	bi->num=0;
-	bi->ptr=(NULL);
-	return(1);
-	}
-
-static int null_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	return(1);
-	}
-	
-static int null_read(BIO *b, char *out, int outl)
-	{
-	return(0);
-	}
-
-static int null_write(BIO *b, const char *in, int inl)
-	{
-	return(inl);
-	}
-
-static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret=1;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-	case BIO_CTRL_EOF:
-	case BIO_CTRL_SET:
-	case BIO_CTRL_SET_CLOSE:
-	case BIO_CTRL_FLUSH:
-	case BIO_CTRL_DUP:
-		ret=1;
-		break;
-	case BIO_CTRL_GET_CLOSE:
-	case BIO_CTRL_INFO:
-	case BIO_CTRL_GET:
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_WPENDING:
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static int null_gets(BIO *bp, char *buf, int size)
-	{
-	return(0);
-	}
-
-static int null_puts(BIO *bp, const char *str)
-	{
-	if (str == NULL) return(0);
-	return(strlen(str));
-	}
-
diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
deleted file mode 100644
index 3df31938c1..0000000000
--- a/crypto/bio/bss_sock.c
+++ /dev/null
@@ -1,294 +0,0 @@
-/* crypto/bio/bss_sock.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_SOCK
-
-#include <openssl/bio.h>
-
-#ifdef WATT32
-#define sock_write SockWrite  /* Watt-32 uses same names */
-#define sock_read  SockRead
-#define sock_puts  SockPuts
-#endif
-
-static int sock_write(BIO *h, const char *buf, int num);
-static int sock_read(BIO *h, char *buf, int size);
-static int sock_puts(BIO *h, const char *str);
-static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int sock_new(BIO *h);
-static int sock_free(BIO *data);
-int BIO_sock_should_retry(int s);
-
-static BIO_METHOD methods_sockp=
-	{
-	BIO_TYPE_SOCKET,
-	"socket",
-	sock_write,
-	sock_read,
-	sock_puts,
-	NULL, /* sock_gets, */
-	sock_ctrl,
-	sock_new,
-	sock_free,
-	NULL,
-	};
-
-BIO_METHOD *BIO_s_socket(void)
-	{
-	return(&methods_sockp);
-	}
-
-BIO *BIO_new_socket(int fd, int close_flag)
-	{
-	BIO *ret;
-
-	ret=BIO_new(BIO_s_socket());
-	if (ret == NULL) return(NULL);
-	BIO_set_fd(ret,fd,close_flag);
-	return(ret);
-	}
-
-static int sock_new(BIO *bi)
-	{
-	bi->init=0;
-	bi->num=0;
-	bi->ptr=NULL;
-	bi->flags=0;
-	return(1);
-	}
-
-static int sock_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if (a->init)
-			{
-			SHUTDOWN2(a->num);
-			}
-		a->init=0;
-		a->flags=0;
-		}
-	return(1);
-	}
-	
-static int sock_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
-
-	if (out != NULL)
-		{
-		clear_socket_error();
-		ret=readsocket(b->num,out,outl);
-		BIO_clear_retry_flags(b);
-		if (ret <= 0)
-			{
-			if (BIO_sock_should_retry(ret))
-				BIO_set_retry_read(b);
-			}
-		}
-	return(ret);
-	}
-
-static int sock_write(BIO *b, const char *in, int inl)
-	{
-	int ret;
-	
-	clear_socket_error();
-	ret=writesocket(b->num,in,inl);
-	BIO_clear_retry_flags(b);
-	if (ret <= 0)
-		{
-		if (BIO_sock_should_retry(ret))
-			BIO_set_retry_write(b);
-		}
-	return(ret);
-	}
-
-static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret=1;
-	int *ip;
-
-	switch (cmd)
-		{
-	case BIO_C_SET_FD:
-		sock_free(b);
-		b->num= *((int *)ptr);
-		b->shutdown=(int)num;
-		b->init=1;
-		break;
-	case BIO_C_GET_FD:
-		if (b->init)
-			{
-			ip=(int *)ptr;
-			if (ip != NULL) *ip=b->num;
-			ret=b->num;
-			}
-		else
-			ret= -1;
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_DUP:
-	case BIO_CTRL_FLUSH:
-		ret=1;
-		break;
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static int sock_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=sock_write(bp,str,n);
-	return(ret);
-	}
-
-int BIO_sock_should_retry(int i)
-	{
-	int err;
-
-	if ((i == 0) || (i == -1))
-		{
-		err=get_last_socket_error();
-
-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
-		if ((i == -1) && (err == 0))
-			return(1);
-#endif
-
-		return(BIO_sock_non_fatal_error(err));
-		}
-	return(0);
-	}
-
-int BIO_sock_non_fatal_error(int err)
-	{
-	switch (err)
-		{
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
-# if defined(WSAEWOULDBLOCK)
-	case WSAEWOULDBLOCK:
-# endif
-
-# if 0 /* This appears to always be an error */
-#  if defined(WSAENOTCONN)
-	case WSAENOTCONN:
-#  endif
-# endif
-#endif
-
-#ifdef EWOULDBLOCK
-# ifdef WSAEWOULDBLOCK
-#  if WSAEWOULDBLOCK != EWOULDBLOCK
-	case EWOULDBLOCK:
-#  endif
-# else
-	case EWOULDBLOCK:
-# endif
-#endif
-
-#if defined(ENOTCONN)
-	case ENOTCONN:
-#endif
-
-#ifdef EINTR
-	case EINTR:
-#endif
-
-#ifdef EAGAIN
-# if EWOULDBLOCK != EAGAIN
-	case EAGAIN:
-# endif
-#endif
-
-#ifdef EPROTO
-	case EPROTO:
-#endif
-
-#ifdef EINPROGRESS
-	case EINPROGRESS:
-#endif
-
-#ifdef EALREADY
-	case EALREADY:
-#endif
-		return(1);
-		/* break; */
-	default:
-		break;
-		}
-	return(0);
-	}
-
-#endif  /* #ifndef OPENSSL_NO_SOCK */
diff --git a/crypto/bn/asm/README b/crypto/bn/asm/README
deleted file mode 100644
index b0f3a68a06..0000000000
--- a/crypto/bn/asm/README
+++ /dev/null
@@ -1,27 +0,0 @@
-<OBSOLETE>
-
-All assember in this directory are just version of the file
-crypto/bn/bn_asm.c.
-
-Quite a few of these files are just the assember output from gcc since on 
-quite a few machines they are 2 times faster than the system compiler.
-
-For the x86, I have hand written assember because of the bad job all
-compilers seem to do on it.  This normally gives a 2 time speed up in the RSA
-routines.
-
-For the DEC alpha, I also hand wrote the assember (except the division which
-is just the output from the C compiler pasted on the end of the file).
-On the 2 alpha C compilers I had access to, it was not possible to do
-64b x 64b -> 128b calculations (both long and the long long data types
-were 64 bits).  So the hand assember gives access to the 128 bit result and
-a 2 times speedup :-).
-
-There are 3 versions of assember for the HP PA-RISC.
-
-pa-risc.s is the origional one which works fine and generated using gcc :-)
-
-pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations
-by Chris Ruemmler from HP (with some help from the HP C compiler).
-
-</OBSOLETE>
diff --git a/crypto/bn/asm/alpha-mont.pl b/crypto/bn/asm/alpha-mont.pl
deleted file mode 100644
index 03596e2014..0000000000
--- a/crypto/bn/asm/alpha-mont.pl
+++ /dev/null
@@ -1,321 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# On 21264 RSA sign performance improves by 70/35/20/15 percent for
-# 512/1024/2048/4096 bit key lengths. This is against vendor compiler
-# instructed to '-tune host' code with in-line assembler. Other
-# benchmarks improve by 15-20%. To anchor it to something else, the
-# code provides approximately the same performance per GHz as AMD64.
-# I.e. if you compare 1GHz 21264 and 2GHz Opteron, you'll observe ~2x
-# difference.
-
-# int bn_mul_mont(
-$rp="a0";	# BN_ULONG *rp,
-$ap="a1";	# const BN_ULONG *ap,
-$bp="a2";	# const BN_ULONG *bp,
-$np="a3";	# const BN_ULONG *np,
-$n0="a4";	# const BN_ULONG *n0,
-$num="a5";	# int num);
-
-$lo0="t0";
-$hi0="t1";
-$lo1="t2";
-$hi1="t3";
-$aj="t4";
-$bi="t5";
-$nj="t6";
-$tp="t7";
-$alo="t8";
-$ahi="t9";
-$nlo="t10";
-$nhi="t11";
-$tj="t12";
-$i="s3";
-$j="s4";
-$m1="s5";
-
-$code=<<___;
-#ifdef __linux__
-#include <asm/regdef.h>
-#else
-#include <asm.h>
-#include <regdef.h>
-#endif
-
-.text
-
-.set	noat
-.set	noreorder
-
-.globl	bn_mul_mont
-.align	5
-.ent	bn_mul_mont
-bn_mul_mont:
-	lda	sp,-48(sp)
-	stq	ra,0(sp)
-	stq	s3,8(sp)
-	stq	s4,16(sp)
-	stq	s5,24(sp)
-	stq	fp,32(sp)
-	mov	sp,fp
-	.mask	0x0400f000,-48
-	.frame	fp,48,ra
-	.prologue 0
-
-	.align	4
-	.set	reorder
-	sextl	$num,$num
-	mov	0,v0
-	cmplt	$num,4,AT
-	bne	AT,.Lexit
-
-	ldq	$hi0,0($ap)	# ap[0]
-	s8addq	$num,16,AT
-	ldq	$aj,8($ap)
-	subq	sp,AT,sp
-	ldq	$bi,0($bp)	# bp[0]
-	lda	AT,-4096(zero)	# mov	-4096,AT
-	ldq	$n0,0($n0)
-	and	sp,AT,sp
-
-	mulq	$hi0,$bi,$lo0
-	ldq	$hi1,0($np)	# np[0]
-	umulh	$hi0,$bi,$hi0
-	ldq	$nj,8($np)
-
-	mulq	$lo0,$n0,$m1
-
-	mulq	$hi1,$m1,$lo1
-	umulh	$hi1,$m1,$hi1
-
-	addq	$lo1,$lo0,$lo1
-	cmpult	$lo1,$lo0,AT
-	addq	$hi1,AT,$hi1
-
-	mulq	$aj,$bi,$alo
-	mov	2,$j
-	umulh	$aj,$bi,$ahi
-	mov	sp,$tp
-
-	mulq	$nj,$m1,$nlo
-	s8addq	$j,$ap,$aj
-	umulh	$nj,$m1,$nhi
-	s8addq	$j,$np,$nj
-.align	4
-.L1st:
-	.set	noreorder
-	ldq	$aj,0($aj)
-	addl	$j,1,$j
-	ldq	$nj,0($nj)
-	lda	$tp,8($tp)
-
-	addq	$alo,$hi0,$lo0
-	mulq	$aj,$bi,$alo
-	cmpult	$lo0,$hi0,AT
-	addq	$nlo,$hi1,$lo1
-
-	mulq	$nj,$m1,$nlo
-	addq	$ahi,AT,$hi0
-	cmpult	$lo1,$hi1,v0
-	cmplt	$j,$num,$tj
-
-	umulh	$aj,$bi,$ahi
-	addq	$nhi,v0,$hi1
-	addq	$lo1,$lo0,$lo1
-	s8addq	$j,$ap,$aj
-
-	umulh	$nj,$m1,$nhi
-	cmpult	$lo1,$lo0,v0
-	addq	$hi1,v0,$hi1
-	s8addq	$j,$np,$nj
-
-	stq	$lo1,-8($tp)
-	nop
-	unop
-	bne	$tj,.L1st
-	.set	reorder
-
-	addq	$alo,$hi0,$lo0
-	addq	$nlo,$hi1,$lo1
-	cmpult	$lo0,$hi0,AT
-	cmpult	$lo1,$hi1,v0
-	addq	$ahi,AT,$hi0
-	addq	$nhi,v0,$hi1
-
-	addq	$lo1,$lo0,$lo1
-	cmpult	$lo1,$lo0,v0
-	addq	$hi1,v0,$hi1
-
-	stq	$lo1,0($tp)
-
-	addq	$hi1,$hi0,$hi1
-	cmpult	$hi1,$hi0,AT
-	stq	$hi1,8($tp)
-	stq	AT,16($tp)
-
-	mov	1,$i
-.align	4
-.Louter:
-	s8addq	$i,$bp,$bi
-	ldq	$hi0,0($ap)
-	ldq	$aj,8($ap)
-	ldq	$bi,0($bi)
-	ldq	$hi1,0($np)
-	ldq	$nj,8($np)
-	ldq	$tj,0(sp)
-
-	mulq	$hi0,$bi,$lo0
-	umulh	$hi0,$bi,$hi0
-
-	addq	$lo0,$tj,$lo0
-	cmpult	$lo0,$tj,AT
-	addq	$hi0,AT,$hi0
-
-	mulq	$lo0,$n0,$m1
-
-	mulq	$hi1,$m1,$lo1
-	umulh	$hi1,$m1,$hi1
-
-	addq	$lo1,$lo0,$lo1
-	cmpult	$lo1,$lo0,AT
-	mov	2,$j
-	addq	$hi1,AT,$hi1
-
-	mulq	$aj,$bi,$alo
-	mov	sp,$tp
-	umulh	$aj,$bi,$ahi
-
-	mulq	$nj,$m1,$nlo
-	s8addq	$j,$ap,$aj
-	umulh	$nj,$m1,$nhi
-.align	4
-.Linner:
-	.set	noreorder
-	ldq	$tj,8($tp)	#L0
-	nop			#U1
-	ldq	$aj,0($aj)	#L1
-	s8addq	$j,$np,$nj	#U0
-
-	ldq	$nj,0($nj)	#L0
-	nop			#U1
-	addq	$alo,$hi0,$lo0	#L1
-	lda	$tp,8($tp)
-
-	mulq	$aj,$bi,$alo	#U1
-	cmpult	$lo0,$hi0,AT	#L0
-	addq	$nlo,$hi1,$lo1	#L1
-	addl	$j,1,$j
-
-	mulq	$nj,$m1,$nlo	#U1
-	addq	$ahi,AT,$hi0	#L0
-	addq	$lo0,$tj,$lo0	#L1
-	cmpult	$lo1,$hi1,v0	#U0
-
-	umulh	$aj,$bi,$ahi	#U1
-	cmpult	$lo0,$tj,AT	#L0
-	addq	$lo1,$lo0,$lo1	#L1
-	addq	$nhi,v0,$hi1	#U0
-
-	umulh	$nj,$m1,$nhi	#U1
-	s8addq	$j,$ap,$aj	#L0
-	cmpult	$lo1,$lo0,v0	#L1
-	cmplt	$j,$num,$tj	#U0	# borrow $tj
-
-	addq	$hi0,AT,$hi0	#L0
-	addq	$hi1,v0,$hi1	#U1
-	stq	$lo1,-8($tp)	#L1
-	bne	$tj,.Linner	#U0
-	.set	reorder
-
-	ldq	$tj,8($tp)
-	addq	$alo,$hi0,$lo0
-	addq	$nlo,$hi1,$lo1
-	cmpult	$lo0,$hi0,AT
-	cmpult	$lo1,$hi1,v0
-	addq	$ahi,AT,$hi0
-	addq	$nhi,v0,$hi1
-
-	addq	$lo0,$tj,$lo0
-	cmpult	$lo0,$tj,AT
-	addq	$hi0,AT,$hi0
-
-	ldq	$tj,16($tp)
-	addq	$lo1,$lo0,$j
-	cmpult	$j,$lo0,v0
-	addq	$hi1,v0,$hi1
-
-	addq	$hi1,$hi0,$lo1
-	stq	$j,0($tp)
-	cmpult	$lo1,$hi0,$hi1
-	addq	$lo1,$tj,$lo1
-	cmpult	$lo1,$tj,AT
-	addl	$i,1,$i
-	addq	$hi1,AT,$hi1
-	stq	$lo1,8($tp)
-	cmplt	$i,$num,$tj	# borrow $tj
-	stq	$hi1,16($tp)
-	bne	$tj,.Louter
-
-	s8addq	$num,sp,$tj	# &tp[num]
-	mov	$rp,$bp		# put rp aside
-	mov	sp,$tp
-	mov	sp,$ap
-	mov	0,$hi0		# clear borrow bit
-
-.align	4
-.Lsub:	ldq	$lo0,0($tp)
-	ldq	$lo1,0($np)
-	lda	$tp,8($tp)
-	lda	$np,8($np)
-	subq	$lo0,$lo1,$lo1	# tp[i]-np[i]
-	cmpult	$lo0,$lo1,AT
-	subq	$lo1,$hi0,$lo0
-	cmpult	$lo1,$lo0,$hi0
-	or	$hi0,AT,$hi0
-	stq	$lo0,0($rp)
-	cmpult	$tp,$tj,v0
-	lda	$rp,8($rp)
-	bne	v0,.Lsub
-
-	subq	$hi1,$hi0,$hi0	# handle upmost overflow bit
-	mov	sp,$tp
-	mov	$bp,$rp		# restore rp
-
-	and	sp,$hi0,$ap
-	bic	$bp,$hi0,$bp
-	bis	$bp,$ap,$ap	# ap=borrow?tp:rp
-
-.align	4
-.Lcopy:	ldq	$aj,0($ap)	# copy or in-place refresh
-	lda	$tp,8($tp)
-	lda	$rp,8($rp)
-	lda	$ap,8($ap)
-	stq	zero,-8($tp)	# zap tp
-	cmpult	$tp,$tj,AT
-	stq	$aj,-8($rp)
-	bne	AT,.Lcopy
-	mov	1,v0
-
-.Lexit:
-	.set	noreorder
-	mov	fp,sp
-	/*ldq	ra,0(sp)*/
-	ldq	s3,8(sp)
-	ldq	s4,16(sp)
-	ldq	s5,24(sp)
-	ldq	fp,32(sp)
-	lda	sp,48(sp)
-	ret	(ra)
-.end	bn_mul_mont
-.ascii	"Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
-.align	2
-___
-
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/armv4-gf2m.S b/crypto/bn/asm/armv4-gf2m.S
deleted file mode 100644
index 0fa25b2695..0000000000
--- a/crypto/bn/asm/armv4-gf2m.S
+++ /dev/null
@@ -1,201 +0,0 @@
-#include "arm_arch.h"
-
-.text
-.code	32
-
-#if __ARM_ARCH__>=7
-.fpu	neon
-#endif
-.type	mul_1x1_ialu,%function
-.align	5
-mul_1x1_ialu:
-	mov	r4,#0
-	bic	r5,r1,#3<<30		@ a1=a&0x3fffffff
-	str	r4,[sp,#0]		@ tab[0]=0
-	add	r6,r5,r5		@ a2=a1<<1
-	str	r5,[sp,#4]		@ tab[1]=a1
-	eor	r7,r5,r6		@ a1^a2
-	str	r6,[sp,#8]		@ tab[2]=a2
-	mov	r8,r5,lsl#2		@ a4=a1<<2
-	str	r7,[sp,#12]		@ tab[3]=a1^a2
-	eor	r9,r5,r8		@ a1^a4
-	str	r8,[sp,#16]		@ tab[4]=a4
-	eor	r4,r6,r8		@ a2^a4
-	str	r9,[sp,#20]		@ tab[5]=a1^a4
-	eor	r7,r7,r8		@ a1^a2^a4
-	str	r4,[sp,#24]		@ tab[6]=a2^a4
-	and	r8,r12,r0,lsl#2
-	str	r7,[sp,#28]		@ tab[7]=a1^a2^a4
-
-	and	r9,r12,r0,lsr#1
-	ldr	r5,[sp,r8]		@ tab[b       & 0x7]
-	and	r8,r12,r0,lsr#4
-	ldr	r7,[sp,r9]		@ tab[b >>  3 & 0x7]
-	and	r9,r12,r0,lsr#7
-	ldr	r6,[sp,r8]		@ tab[b >>  6 & 0x7]
-	eor	r5,r5,r7,lsl#3	@ stall
-	mov	r4,r7,lsr#29
-	ldr	r7,[sp,r9]		@ tab[b >>  9 & 0x7]
-
-	and	r8,r12,r0,lsr#10
-	eor	r5,r5,r6,lsl#6
-	eor	r4,r4,r6,lsr#26
-	ldr	r6,[sp,r8]		@ tab[b >> 12 & 0x7]
-
-	and	r9,r12,r0,lsr#13
-	eor	r5,r5,r7,lsl#9
-	eor	r4,r4,r7,lsr#23
-	ldr	r7,[sp,r9]		@ tab[b >> 15 & 0x7]
-
-	and	r8,r12,r0,lsr#16
-	eor	r5,r5,r6,lsl#12
-	eor	r4,r4,r6,lsr#20
-	ldr	r6,[sp,r8]		@ tab[b >> 18 & 0x7]
-
-	and	r9,r12,r0,lsr#19
-	eor	r5,r5,r7,lsl#15
-	eor	r4,r4,r7,lsr#17
-	ldr	r7,[sp,r9]		@ tab[b >> 21 & 0x7]
-
-	and	r8,r12,r0,lsr#22
-	eor	r5,r5,r6,lsl#18
-	eor	r4,r4,r6,lsr#14
-	ldr	r6,[sp,r8]		@ tab[b >> 24 & 0x7]
-
-	and	r9,r12,r0,lsr#25
-	eor	r5,r5,r7,lsl#21
-	eor	r4,r4,r7,lsr#11
-	ldr	r7,[sp,r9]		@ tab[b >> 27 & 0x7]
-
-	tst	r1,#1<<30
-	and	r8,r12,r0,lsr#28
-	eor	r5,r5,r6,lsl#24
-	eor	r4,r4,r6,lsr#8
-	ldr	r6,[sp,r8]		@ tab[b >> 30      ]
-
-	eorne	r5,r5,r0,lsl#30
-	eorne	r4,r4,r0,lsr#2
-	tst	r1,#1<<31
-	eor	r5,r5,r7,lsl#27
-	eor	r4,r4,r7,lsr#5
-	eorne	r5,r5,r0,lsl#31
-	eorne	r4,r4,r0,lsr#1
-	eor	r5,r5,r6,lsl#30
-	eor	r4,r4,r6,lsr#2
-
-	mov	pc,lr
-.size	mul_1x1_ialu,.-mul_1x1_ialu
-.global	bn_GF2m_mul_2x2
-.type	bn_GF2m_mul_2x2,%function
-.align	5
-bn_GF2m_mul_2x2:
-#if __ARM_ARCH__>=7
-	ldr	r12,.LOPENSSL_armcap
-.Lpic:	ldr	r12,[pc,r12]
-	tst	r12,#1
-	beq	.Lialu
-
-	ldr		r12, [sp]		@ 5th argument
-	vmov.32		d26, r2, r1
-	vmov.32		d27, r12, r3
-	vmov.i64	d28, #0x0000ffffffffffff
-	vmov.i64	d29, #0x00000000ffffffff
-	vmov.i64	d30, #0x000000000000ffff
-
-	vext.8		d2, d26, d26, #1	@ A1
-	vmull.p8	q1, d2, d27		@ F = A1*B
-	vext.8		d0, d27, d27, #1	@ B1
-	vmull.p8	q0, d26, d0		@ E = A*B1
-	vext.8		d4, d26, d26, #2	@ A2
-	vmull.p8	q2, d4, d27		@ H = A2*B
-	vext.8		d16, d27, d27, #2	@ B2
-	vmull.p8	q8, d26, d16		@ G = A*B2
-	vext.8		d6, d26, d26, #3	@ A3
-	veor		q1, q1, q0		@ L = E + F
-	vmull.p8	q3, d6, d27		@ J = A3*B
-	vext.8		d0, d27, d27, #3	@ B3
-	veor		q2, q2, q8		@ M = G + H
-	vmull.p8	q0, d26, d0		@ I = A*B3
-	veor		d2, d2, d3	@ t0 = (L) (P0 + P1) << 8
-	vand		d3, d3, d28
-	vext.8		d16, d27, d27, #4	@ B4
-	veor		d4, d4, d5	@ t1 = (M) (P2 + P3) << 16
-	vand		d5, d5, d29
-	vmull.p8	q8, d26, d16		@ K = A*B4
-	veor		q3, q3, q0		@ N = I + J
-	veor		d2, d2, d3
-	veor		d4, d4, d5
-	veor		d6, d6, d7	@ t2 = (N) (P4 + P5) << 24
-	vand		d7, d7, d30
-	vext.8		q1, q1, q1, #15
-	veor		d16, d16, d17	@ t3 = (K) (P6 + P7) << 32
-	vmov.i64	d17, #0
-	vext.8		q2, q2, q2, #14
-	veor		d6, d6, d7
-	vmull.p8	q0, d26, d27		@ D = A*B
-	vext.8		q8, q8, q8, #12
-	vext.8		q3, q3, q3, #13
-	veor		q1, q1, q2
-	veor		q3, q3, q8
-	veor		q0, q0, q1
-	veor		q0, q0, q3
-
-	vst1.32		{q0}, [r0]
-	bx	lr		@ bx lr
-.align	4
-.Lialu:
-#endif
-	stmdb	sp!,{r4-r10,lr}
-	mov	r10,r0			@ reassign 1st argument
-	mov	r0,r3			@ r0=b1
-	ldr	r3,[sp,#32]		@ load b0
-	mov	r12,#7<<2
-	sub	sp,sp,#32		@ allocate tab[8]
-
-	bl	mul_1x1_ialu		@ a1·b1
-	str	r5,[r10,#8]
-	str	r4,[r10,#12]
-
-	eor	r0,r0,r3		@ flip b0 and b1
-	 eor	r1,r1,r2		@ flip a0 and a1
-	eor	r3,r3,r0
-	 eor	r2,r2,r1
-	eor	r0,r0,r3
-	 eor	r1,r1,r2
-	bl	mul_1x1_ialu		@ a0·b0
-	str	r5,[r10]
-	str	r4,[r10,#4]
-
-	eor	r1,r1,r2
-	eor	r0,r0,r3
-	bl	mul_1x1_ialu		@ (a1+a0)·(b1+b0)
-	ldmia	r10,{r6-r9}
-	eor	r5,r5,r4
-	eor	r4,r4,r7
-	eor	r5,r5,r6
-	eor	r4,r4,r8
-	eor	r5,r5,r9
-	eor	r4,r4,r9
-	str	r4,[r10,#8]
-	eor	r5,r5,r4
-	add	sp,sp,#32		@ destroy tab[8]
-	str	r5,[r10,#4]
-
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r10,pc}
-#else
-	ldmia	sp!,{r4-r10,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
-#endif
-.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
-#if __ARM_ARCH__>=7
-.align	5
-.LOPENSSL_armcap:
-.word	OPENSSL_armcap_P-(.Lpic+8)
-#endif
-.asciz	"GF(2^m) Multiplication for ARMv4/NEON, CRYPTOGAMS by <appro@openssl.org>"
-.align	5
-
-.comm	OPENSSL_armcap_P,4,4
diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl
deleted file mode 100644
index 3f1f4f67f5..0000000000
--- a/crypto/bn/asm/armv4-gf2m.pl
+++ /dev/null
@@ -1,281 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# May 2011
-#
-# The module implements bn_GF2m_mul_2x2 polynomial multiplication
-# used in bn_gf2m.c. It's kind of low-hanging mechanical port from
-# C for the time being... Except that it has two code paths: pure
-# integer code suitable for any ARMv4 and later CPU and NEON code
-# suitable for ARMv7. Pure integer 1x1 multiplication subroutine runs
-# in ~45 cycles on dual-issue core such as Cortex A8, which is ~50%
-# faster than compiler-generated code. For ECDH and ECDSA verify (but
-# not for ECDSA sign) it means 25%-45% improvement depending on key
-# length, more for longer keys. Even though NEON 1x1 multiplication
-# runs in even less cycles, ~30, improvement is measurable only on
-# longer keys. One has to optimize code elsewhere to get NEON glow...
-#
-# April 2014
-#
-# Double bn_GF2m_mul_2x2 performance by using algorithm from paper
-# referred below, which improves ECDH and ECDSA verify benchmarks
-# by 18-40%.
-#
-# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
-# Polynomial Multiplication on ARM Processors using the NEON Engine.
-# 
-# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$code=<<___;
-#include "arm_arch.h"
-
-.text
-.code	32
-
-#if __ARM_ARCH__>=7
-.fpu	neon
-#endif
-___
-################
-# private interface to mul_1x1_ialu
-#
-$a="r1";
-$b="r0";
-
-($a0,$a1,$a2,$a12,$a4,$a14)=
-($hi,$lo,$t0,$t1, $i0,$i1 )=map("r$_",(4..9),12);
-
-$mask="r12";
-
-$code.=<<___;
-.type	mul_1x1_ialu,%function
-.align	5
-mul_1x1_ialu:
-	mov	$a0,#0
-	bic	$a1,$a,#3<<30		@ a1=a&0x3fffffff
-	str	$a0,[sp,#0]		@ tab[0]=0
-	add	$a2,$a1,$a1		@ a2=a1<<1
-	str	$a1,[sp,#4]		@ tab[1]=a1
-	eor	$a12,$a1,$a2		@ a1^a2
-	str	$a2,[sp,#8]		@ tab[2]=a2
-	mov	$a4,$a1,lsl#2		@ a4=a1<<2
-	str	$a12,[sp,#12]		@ tab[3]=a1^a2
-	eor	$a14,$a1,$a4		@ a1^a4
-	str	$a4,[sp,#16]		@ tab[4]=a4
-	eor	$a0,$a2,$a4		@ a2^a4
-	str	$a14,[sp,#20]		@ tab[5]=a1^a4
-	eor	$a12,$a12,$a4		@ a1^a2^a4
-	str	$a0,[sp,#24]		@ tab[6]=a2^a4
-	and	$i0,$mask,$b,lsl#2
-	str	$a12,[sp,#28]		@ tab[7]=a1^a2^a4
-
-	and	$i1,$mask,$b,lsr#1
-	ldr	$lo,[sp,$i0]		@ tab[b       & 0x7]
-	and	$i0,$mask,$b,lsr#4
-	ldr	$t1,[sp,$i1]		@ tab[b >>  3 & 0x7]
-	and	$i1,$mask,$b,lsr#7
-	ldr	$t0,[sp,$i0]		@ tab[b >>  6 & 0x7]
-	eor	$lo,$lo,$t1,lsl#3	@ stall
-	mov	$hi,$t1,lsr#29
-	ldr	$t1,[sp,$i1]		@ tab[b >>  9 & 0x7]
-
-	and	$i0,$mask,$b,lsr#10
-	eor	$lo,$lo,$t0,lsl#6
-	eor	$hi,$hi,$t0,lsr#26
-	ldr	$t0,[sp,$i0]		@ tab[b >> 12 & 0x7]
-
-	and	$i1,$mask,$b,lsr#13
-	eor	$lo,$lo,$t1,lsl#9
-	eor	$hi,$hi,$t1,lsr#23
-	ldr	$t1,[sp,$i1]		@ tab[b >> 15 & 0x7]
-
-	and	$i0,$mask,$b,lsr#16
-	eor	$lo,$lo,$t0,lsl#12
-	eor	$hi,$hi,$t0,lsr#20
-	ldr	$t0,[sp,$i0]		@ tab[b >> 18 & 0x7]
-
-	and	$i1,$mask,$b,lsr#19
-	eor	$lo,$lo,$t1,lsl#15
-	eor	$hi,$hi,$t1,lsr#17
-	ldr	$t1,[sp,$i1]		@ tab[b >> 21 & 0x7]
-
-	and	$i0,$mask,$b,lsr#22
-	eor	$lo,$lo,$t0,lsl#18
-	eor	$hi,$hi,$t0,lsr#14
-	ldr	$t0,[sp,$i0]		@ tab[b >> 24 & 0x7]
-
-	and	$i1,$mask,$b,lsr#25
-	eor	$lo,$lo,$t1,lsl#21
-	eor	$hi,$hi,$t1,lsr#11
-	ldr	$t1,[sp,$i1]		@ tab[b >> 27 & 0x7]
-
-	tst	$a,#1<<30
-	and	$i0,$mask,$b,lsr#28
-	eor	$lo,$lo,$t0,lsl#24
-	eor	$hi,$hi,$t0,lsr#8
-	ldr	$t0,[sp,$i0]		@ tab[b >> 30      ]
-
-	eorne	$lo,$lo,$b,lsl#30
-	eorne	$hi,$hi,$b,lsr#2
-	tst	$a,#1<<31
-	eor	$lo,$lo,$t1,lsl#27
-	eor	$hi,$hi,$t1,lsr#5
-	eorne	$lo,$lo,$b,lsl#31
-	eorne	$hi,$hi,$b,lsr#1
-	eor	$lo,$lo,$t0,lsl#30
-	eor	$hi,$hi,$t0,lsr#2
-
-	mov	pc,lr
-.size	mul_1x1_ialu,.-mul_1x1_ialu
-___
-################
-# void	bn_GF2m_mul_2x2(BN_ULONG *r,
-#	BN_ULONG a1,BN_ULONG a0,
-#	BN_ULONG b1,BN_ULONG b0);	# r[3..0]=a1a0·b1b0
-{
-my ($r,$t0,$t1,$t2,$t3)=map("q$_",(0..3,8..12));
-my ($a,$b,$k48,$k32,$k16)=map("d$_",(26..31));
-
-$code.=<<___;
-.global	bn_GF2m_mul_2x2
-.type	bn_GF2m_mul_2x2,%function
-.align	5
-bn_GF2m_mul_2x2:
-#if __ARM_ARCH__>=7
-	ldr	r12,.LOPENSSL_armcap
-.Lpic:	ldr	r12,[pc,r12]
-	tst	r12,#1
-	beq	.Lialu
-
-	ldr		r12, [sp]		@ 5th argument
-	vmov.32		$a, r2, r1
-	vmov.32		$b, r12, r3
-	vmov.i64	$k48, #0x0000ffffffffffff
-	vmov.i64	$k32, #0x00000000ffffffff
-	vmov.i64	$k16, #0x000000000000ffff
-
-	vext.8		$t0#lo, $a, $a, #1	@ A1
-	vmull.p8	$t0, $t0#lo, $b		@ F = A1*B
-	vext.8		$r#lo, $b, $b, #1	@ B1
-	vmull.p8	$r, $a, $r#lo		@ E = A*B1
-	vext.8		$t1#lo, $a, $a, #2	@ A2
-	vmull.p8	$t1, $t1#lo, $b		@ H = A2*B
-	vext.8		$t3#lo, $b, $b, #2	@ B2
-	vmull.p8	$t3, $a, $t3#lo		@ G = A*B2
-	vext.8		$t2#lo, $a, $a, #3	@ A3
-	veor		$t0, $t0, $r		@ L = E + F
-	vmull.p8	$t2, $t2#lo, $b		@ J = A3*B
-	vext.8		$r#lo, $b, $b, #3	@ B3
-	veor		$t1, $t1, $t3		@ M = G + H
-	vmull.p8	$r, $a, $r#lo		@ I = A*B3
-	veor		$t0#lo, $t0#lo, $t0#hi	@ t0 = (L) (P0 + P1) << 8
-	vand		$t0#hi, $t0#hi, $k48
-	vext.8		$t3#lo, $b, $b, #4	@ B4
-	veor		$t1#lo, $t1#lo, $t1#hi	@ t1 = (M) (P2 + P3) << 16
-	vand		$t1#hi, $t1#hi, $k32
-	vmull.p8	$t3, $a, $t3#lo		@ K = A*B4
-	veor		$t2, $t2, $r		@ N = I + J
-	veor		$t0#lo, $t0#lo, $t0#hi
-	veor		$t1#lo, $t1#lo, $t1#hi
-	veor		$t2#lo, $t2#lo, $t2#hi	@ t2 = (N) (P4 + P5) << 24
-	vand		$t2#hi, $t2#hi, $k16
-	vext.8		$t0, $t0, $t0, #15
-	veor		$t3#lo, $t3#lo, $t3#hi	@ t3 = (K) (P6 + P7) << 32
-	vmov.i64	$t3#hi, #0
-	vext.8		$t1, $t1, $t1, #14
-	veor		$t2#lo, $t2#lo, $t2#hi
-	vmull.p8	$r, $a, $b		@ D = A*B
-	vext.8		$t3, $t3, $t3, #12
-	vext.8		$t2, $t2, $t2, #13
-	veor		$t0, $t0, $t1
-	veor		$t2, $t2, $t3
-	veor		$r, $r, $t0
-	veor		$r, $r, $t2
-
-	vst1.32		{$r}, [r0]
-	ret		@ bx lr
-.align	4
-.Lialu:
-#endif
-___
-}
-$ret="r10";	# reassigned 1st argument
-$code.=<<___;
-	stmdb	sp!,{r4-r10,lr}
-	mov	$ret,r0			@ reassign 1st argument
-	mov	$b,r3			@ $b=b1
-	ldr	r3,[sp,#32]		@ load b0
-	mov	$mask,#7<<2
-	sub	sp,sp,#32		@ allocate tab[8]
-
-	bl	mul_1x1_ialu		@ a1·b1
-	str	$lo,[$ret,#8]
-	str	$hi,[$ret,#12]
-
-	eor	$b,$b,r3		@ flip b0 and b1
-	 eor	$a,$a,r2		@ flip a0 and a1
-	eor	r3,r3,$b
-	 eor	r2,r2,$a
-	eor	$b,$b,r3
-	 eor	$a,$a,r2
-	bl	mul_1x1_ialu		@ a0·b0
-	str	$lo,[$ret]
-	str	$hi,[$ret,#4]
-
-	eor	$a,$a,r2
-	eor	$b,$b,r3
-	bl	mul_1x1_ialu		@ (a1+a0)·(b1+b0)
-___
-@r=map("r$_",(6..9));
-$code.=<<___;
-	ldmia	$ret,{@r[0]-@r[3]}
-	eor	$lo,$lo,$hi
-	eor	$hi,$hi,@r[1]
-	eor	$lo,$lo,@r[0]
-	eor	$hi,$hi,@r[2]
-	eor	$lo,$lo,@r[3]
-	eor	$hi,$hi,@r[3]
-	str	$hi,[$ret,#8]
-	eor	$lo,$lo,$hi
-	add	sp,sp,#32		@ destroy tab[8]
-	str	$lo,[$ret,#4]
-
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r10,pc}
-#else
-	ldmia	sp!,{r4-r10,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	bx	lr			@ interoperable with Thumb ISA:-)
-#endif
-.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
-#if __ARM_ARCH__>=7
-.align	5
-.LOPENSSL_armcap:
-.word	OPENSSL_armcap_P-(.Lpic+8)
-#endif
-.asciz	"GF(2^m) Multiplication for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
-.align	5
-
-.comm	OPENSSL_armcap_P,4,4
-___
-
-foreach (split("\n",$code)) {
-	s/\`([^\`]*)\`/eval $1/geo;
-
-	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
-	s/\bret\b/bx	lr/go		or
-	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;    # make it possible to compile with -march=armv4
-
-	print $_,"\n";
-}
-close STDOUT;   # enforce flush
diff --git a/crypto/bn/asm/armv4-mont.S b/crypto/bn/asm/armv4-mont.S
deleted file mode 100644
index fecae15ee0..0000000000
--- a/crypto/bn/asm/armv4-mont.S
+++ /dev/null
@@ -1,579 +0,0 @@
-#include "arm_arch.h"
-
-.text
-.code	32
-
-#if __ARM_ARCH__>=7
-.align	5
-.LOPENSSL_armcap:
-.word	OPENSSL_armcap_P-bn_mul_mont
-#endif
-
-.global	bn_mul_mont
-.type	bn_mul_mont,%function
-
-.align	5
-bn_mul_mont:
-	ldr	ip,[sp,#4]		@ load num
-	stmdb	sp!,{r0,r2}		@ sp points at argument block
-#if __ARM_ARCH__>=7
-	tst	ip,#7
-	bne	.Lialu
-	adr	r0,bn_mul_mont
-	ldr	r2,.LOPENSSL_armcap
-	ldr	r0,[r0,r2]
-	tst	r0,#1			@ NEON available?
-	ldmia	sp, {r0,r2}
-	beq	.Lialu
-	add	sp,sp,#8
-	b	bn_mul8x_mont_neon
-.align	4
-.Lialu:
-#endif
-	cmp	ip,#2
-	mov	r0,ip			@ load num
-	movlt	r0,#0
-	addlt	sp,sp,#2*4
-	blt	.Labrt
-
-	stmdb	sp!,{r4-r12,lr}		@ save 10 registers
-
-	mov	r0,r0,lsl#2		@ rescale r0 for byte count
-	sub	sp,sp,r0		@ alloca(4*num)
-	sub	sp,sp,#4		@ +extra dword
-	sub	r0,r0,#4		@ "num=num-1"
-	add	r4,r2,r0		@ &bp[num-1]
-
-	add	r0,sp,r0		@ r0 to point at &tp[num-1]
-	ldr	r8,[r0,#14*4]		@ &n0
-	ldr	r2,[r2]		@ bp[0]
-	ldr	r5,[r1],#4		@ ap[0],ap++
-	ldr	r6,[r3],#4		@ np[0],np++
-	ldr	r8,[r8]		@ *n0
-	str	r4,[r0,#15*4]		@ save &bp[num]
-
-	umull	r10,r11,r5,r2	@ ap[0]*bp[0]
-	str	r8,[r0,#14*4]		@ save n0 value
-	mul	r8,r10,r8		@ "tp[0]"*n0
-	mov	r12,#0
-	umlal	r10,r12,r6,r8	@ np[0]*n0+"t[0]"
-	mov	r4,sp
-
-.L1st:
-	ldr	r5,[r1],#4		@ ap[j],ap++
-	mov	r10,r11
-	ldr	r6,[r3],#4		@ np[j],np++
-	mov	r11,#0
-	umlal	r10,r11,r5,r2	@ ap[j]*bp[0]
-	mov	r14,#0
-	umlal	r12,r14,r6,r8	@ np[j]*n0
-	adds	r12,r12,r10
-	str	r12,[r4],#4		@ tp[j-1]=,tp++
-	adc	r12,r14,#0
-	cmp	r4,r0
-	bne	.L1st
-
-	adds	r12,r12,r11
-	ldr	r4,[r0,#13*4]		@ restore bp
-	mov	r14,#0
-	ldr	r8,[r0,#14*4]		@ restore n0
-	adc	r14,r14,#0
-	str	r12,[r0]		@ tp[num-1]=
-	str	r14,[r0,#4]		@ tp[num]=
-
-.Louter:
-	sub	r7,r0,sp		@ "original" r0-1 value
-	sub	r1,r1,r7		@ "rewind" ap to &ap[1]
-	ldr	r2,[r4,#4]!		@ *(++bp)
-	sub	r3,r3,r7		@ "rewind" np to &np[1]
-	ldr	r5,[r1,#-4]		@ ap[0]
-	ldr	r10,[sp]		@ tp[0]
-	ldr	r6,[r3,#-4]		@ np[0]
-	ldr	r7,[sp,#4]		@ tp[1]
-
-	mov	r11,#0
-	umlal	r10,r11,r5,r2	@ ap[0]*bp[i]+tp[0]
-	str	r4,[r0,#13*4]		@ save bp
-	mul	r8,r10,r8
-	mov	r12,#0
-	umlal	r10,r12,r6,r8	@ np[0]*n0+"tp[0]"
-	mov	r4,sp
-
-.Linner:
-	ldr	r5,[r1],#4		@ ap[j],ap++
-	adds	r10,r11,r7		@ +=tp[j]
-	ldr	r6,[r3],#4		@ np[j],np++
-	mov	r11,#0
-	umlal	r10,r11,r5,r2	@ ap[j]*bp[i]
-	mov	r14,#0
-	umlal	r12,r14,r6,r8	@ np[j]*n0
-	adc	r11,r11,#0
-	ldr	r7,[r4,#8]		@ tp[j+1]
-	adds	r12,r12,r10
-	str	r12,[r4],#4		@ tp[j-1]=,tp++
-	adc	r12,r14,#0
-	cmp	r4,r0
-	bne	.Linner
-
-	adds	r12,r12,r11
-	mov	r14,#0
-	ldr	r4,[r0,#13*4]		@ restore bp
-	adc	r14,r14,#0
-	ldr	r8,[r0,#14*4]		@ restore n0
-	adds	r12,r12,r7
-	ldr	r7,[r0,#15*4]		@ restore &bp[num]
-	adc	r14,r14,#0
-	str	r12,[r0]		@ tp[num-1]=
-	str	r14,[r0,#4]		@ tp[num]=
-
-	cmp	r4,r7
-	bne	.Louter
-
-	ldr	r2,[r0,#12*4]		@ pull rp
-	add	r0,r0,#4		@ r0 to point at &tp[num]
-	sub	r5,r0,sp		@ "original" num value
-	mov	r4,sp			@ "rewind" r4
-	mov	r1,r4			@ "borrow" r1
-	sub	r3,r3,r5		@ "rewind" r3 to &np[0]
-
-	subs	r7,r7,r7		@ "clear" carry flag
-.Lsub:	ldr	r7,[r4],#4
-	ldr	r6,[r3],#4
-	sbcs	r7,r7,r6		@ tp[j]-np[j]
-	str	r7,[r2],#4		@ rp[j]=
-	teq	r4,r0		@ preserve carry
-	bne	.Lsub
-	sbcs	r14,r14,#0		@ upmost carry
-	mov	r4,sp			@ "rewind" r4
-	sub	r2,r2,r5		@ "rewind" r2
-
-	and	r1,r4,r14
-	bic	r3,r2,r14
-	orr	r1,r1,r3		@ ap=borrow?tp:rp
-
-.Lcopy:	ldr	r7,[r1],#4		@ copy or in-place refresh
-	str	sp,[r4],#4		@ zap tp
-	str	r7,[r2],#4
-	cmp	r4,r0
-	bne	.Lcopy
-
-	add	sp,r0,#4		@ skip over tp[num+1]
-	ldmia	sp!,{r4-r12,lr}		@ restore registers
-	add	sp,sp,#2*4		@ skip over {r0,r2}
-	mov	r0,#1
-.Labrt:
-#if __ARM_ARCH__>=5
-	bx	lr				@ .word	0xe12fff1e
-#else
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
-#endif
-.size	bn_mul_mont,.-bn_mul_mont
-#if __ARM_ARCH__>=7
-.fpu	neon
-
-.type	bn_mul8x_mont_neon,%function
-.align	5
-bn_mul8x_mont_neon:
-	mov	ip,sp
-	stmdb	sp!,{r4-r11}
-	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-	ldmia	ip,{r4-r5}		@ load rest of parameter block
-
-	sub		r7,sp,#16
-	vld1.32		{d28[0]}, [r2,:32]!
-	sub		r7,r7,r5,lsl#4
-	vld1.32		{d0-d3},  [r1]!		@ can't specify :32 :-(
-	and		r7,r7,#-64
-	vld1.32		{d30[0]}, [r4,:32]
-	mov		sp,r7			@ alloca
-	veor		d8,d8,d8
-	subs		r8,r5,#8
-	vzip.16		d28,d8
-
-	vmull.u32	q6,d28,d0[0]
-	vmull.u32	q7,d28,d0[1]
-	vmull.u32	q8,d28,d1[0]
-	vshl.i64	d10,d13,#16
-	vmull.u32	q9,d28,d1[1]
-
-	vadd.u64	d10,d10,d12
-	veor		d8,d8,d8
-	vmul.u32	d29,d10,d30
-
-	vmull.u32	q10,d28,d2[0]
-	 vld1.32	{d4-d7}, [r3]!
-	vmull.u32	q11,d28,d2[1]
-	vmull.u32	q12,d28,d3[0]
-	vzip.16		d29,d8
-	vmull.u32	q13,d28,d3[1]
-
-	bne	.LNEON_1st
-
-	@ special case for num=8, everything is in register bank...
-
-	vmlal.u32	q6,d29,d4[0]
-	sub		r9,r5,#1
-	vmlal.u32	q7,d29,d4[1]
-	vmlal.u32	q8,d29,d5[0]
-	vmlal.u32	q9,d29,d5[1]
-
-	vmlal.u32	q10,d29,d6[0]
-	vmov		q5,q6
-	vmlal.u32	q11,d29,d6[1]
-	vmov		q6,q7
-	vmlal.u32	q12,d29,d7[0]
-	vmov		q7,q8
-	vmlal.u32	q13,d29,d7[1]
-	vmov		q8,q9
-	vmov		q9,q10
-	vshr.u64	d10,d10,#16
-	vmov		q10,q11
-	vmov		q11,q12
-	vadd.u64	d10,d10,d11
-	vmov		q12,q13
-	veor		q13,q13
-	vshr.u64	d10,d10,#16
-
-	b	.LNEON_outer8
-
-.align	4
-.LNEON_outer8:
-	vld1.32		{d28[0]}, [r2,:32]!
-	veor		d8,d8,d8
-	vzip.16		d28,d8
-	vadd.u64	d12,d12,d10
-
-	vmlal.u32	q6,d28,d0[0]
-	vmlal.u32	q7,d28,d0[1]
-	vmlal.u32	q8,d28,d1[0]
-	vshl.i64	d10,d13,#16
-	vmlal.u32	q9,d28,d1[1]
-
-	vadd.u64	d10,d10,d12
-	veor		d8,d8,d8
-	subs		r9,r9,#1
-	vmul.u32	d29,d10,d30
-
-	vmlal.u32	q10,d28,d2[0]
-	vmlal.u32	q11,d28,d2[1]
-	vmlal.u32	q12,d28,d3[0]
-	vzip.16		d29,d8
-	vmlal.u32	q13,d28,d3[1]
-
-	vmlal.u32	q6,d29,d4[0]
-	vmlal.u32	q7,d29,d4[1]
-	vmlal.u32	q8,d29,d5[0]
-	vmlal.u32	q9,d29,d5[1]
-
-	vmlal.u32	q10,d29,d6[0]
-	vmov		q5,q6
-	vmlal.u32	q11,d29,d6[1]
-	vmov		q6,q7
-	vmlal.u32	q12,d29,d7[0]
-	vmov		q7,q8
-	vmlal.u32	q13,d29,d7[1]
-	vmov		q8,q9
-	vmov		q9,q10
-	vshr.u64	d10,d10,#16
-	vmov		q10,q11
-	vmov		q11,q12
-	vadd.u64	d10,d10,d11
-	vmov		q12,q13
-	veor		q13,q13
-	vshr.u64	d10,d10,#16
-
-	bne	.LNEON_outer8
-
-	vadd.u64	d12,d12,d10
-	mov		r7,sp
-	vshr.u64	d10,d12,#16
-	mov		r8,r5
-	vadd.u64	d13,d13,d10
-	add		r6,sp,#16
-	vshr.u64	d10,d13,#16
-	vzip.16		d12,d13
-
-	b	.LNEON_tail2
-
-.align	4
-.LNEON_1st:
-	vmlal.u32	q6,d29,d4[0]
-	 vld1.32	{d0-d3}, [r1]!
-	vmlal.u32	q7,d29,d4[1]
-	subs		r8,r8,#8
-	vmlal.u32	q8,d29,d5[0]
-	vmlal.u32	q9,d29,d5[1]
-
-	vmlal.u32	q10,d29,d6[0]
-	 vld1.32	{d4-d5}, [r3]!
-	vmlal.u32	q11,d29,d6[1]
-	 vst1.64	{q6-q7}, [r7,:256]!
-	vmlal.u32	q12,d29,d7[0]
-	vmlal.u32	q13,d29,d7[1]
-	 vst1.64	{q8-q9}, [r7,:256]!
-
-	vmull.u32	q6,d28,d0[0]
-	 vld1.32	{d6-d7}, [r3]!
-	vmull.u32	q7,d28,d0[1]
-	 vst1.64	{q10-q11}, [r7,:256]!
-	vmull.u32	q8,d28,d1[0]
-	vmull.u32	q9,d28,d1[1]
-	 vst1.64	{q12-q13}, [r7,:256]!
-
-	vmull.u32	q10,d28,d2[0]
-	vmull.u32	q11,d28,d2[1]
-	vmull.u32	q12,d28,d3[0]
-	vmull.u32	q13,d28,d3[1]
-
-	bne	.LNEON_1st
-
-	vmlal.u32	q6,d29,d4[0]
-	add		r6,sp,#16
-	vmlal.u32	q7,d29,d4[1]
-	sub		r1,r1,r5,lsl#2		@ rewind r1
-	vmlal.u32	q8,d29,d5[0]
-	 vld1.64	{q5}, [sp,:128]
-	vmlal.u32	q9,d29,d5[1]
-	sub		r9,r5,#1
-
-	vmlal.u32	q10,d29,d6[0]
-	vst1.64		{q6-q7}, [r7,:256]!
-	vmlal.u32	q11,d29,d6[1]
-	vshr.u64	d10,d10,#16
-	 vld1.64	{q6},       [r6, :128]!
-	vmlal.u32	q12,d29,d7[0]
-	vst1.64		{q8-q9}, [r7,:256]!
-	vmlal.u32	q13,d29,d7[1]
-
-	vst1.64		{q10-q11}, [r7,:256]!
-	vadd.u64	d10,d10,d11
-	veor		q4,q4,q4
-	vst1.64		{q12-q13}, [r7,:256]!
-	 vld1.64	{q7-q8}, [r6, :256]!
-	vst1.64		{q4},          [r7,:128]
-	vshr.u64	d10,d10,#16
-
-	b		.LNEON_outer
-
-.align	4
-.LNEON_outer:
-	vld1.32		{d28[0]}, [r2,:32]!
-	sub		r3,r3,r5,lsl#2		@ rewind r3
-	vld1.32		{d0-d3},  [r1]!
-	veor		d8,d8,d8
-	mov		r7,sp
-	vzip.16		d28,d8
-	sub		r8,r5,#8
-	vadd.u64	d12,d12,d10
-
-	vmlal.u32	q6,d28,d0[0]
-	 vld1.64	{q9-q10},[r6,:256]!
-	vmlal.u32	q7,d28,d0[1]
-	vmlal.u32	q8,d28,d1[0]
-	 vld1.64	{q11-q12},[r6,:256]!
-	vmlal.u32	q9,d28,d1[1]
-
-	vshl.i64	d10,d13,#16
-	veor		d8,d8,d8
-	vadd.u64	d10,d10,d12
-	 vld1.64	{q13},[r6,:128]!
-	vmul.u32	d29,d10,d30
-
-	vmlal.u32	q10,d28,d2[0]
-	 vld1.32	{d4-d7}, [r3]!
-	vmlal.u32	q11,d28,d2[1]
-	vmlal.u32	q12,d28,d3[0]
-	vzip.16		d29,d8
-	vmlal.u32	q13,d28,d3[1]
-
-.LNEON_inner:
-	vmlal.u32	q6,d29,d4[0]
-	 vld1.32	{d0-d3}, [r1]!
-	vmlal.u32	q7,d29,d4[1]
-	 subs		r8,r8,#8
-	vmlal.u32	q8,d29,d5[0]
-	vmlal.u32	q9,d29,d5[1]
-	vst1.64		{q6-q7}, [r7,:256]!
-
-	vmlal.u32	q10,d29,d6[0]
-	 vld1.64	{q6},       [r6, :128]!
-	vmlal.u32	q11,d29,d6[1]
-	vst1.64		{q8-q9}, [r7,:256]!
-	vmlal.u32	q12,d29,d7[0]
-	 vld1.64	{q7-q8}, [r6, :256]!
-	vmlal.u32	q13,d29,d7[1]
-	vst1.64		{q10-q11}, [r7,:256]!
-
-	vmlal.u32	q6,d28,d0[0]
-	 vld1.64	{q9-q10}, [r6, :256]!
-	vmlal.u32	q7,d28,d0[1]
-	vst1.64		{q12-q13}, [r7,:256]!
-	vmlal.u32	q8,d28,d1[0]
-	 vld1.64	{q11-q12}, [r6, :256]!
-	vmlal.u32	q9,d28,d1[1]
-	 vld1.32	{d4-d7}, [r3]!
-
-	vmlal.u32	q10,d28,d2[0]
-	 vld1.64	{q13},       [r6, :128]!
-	vmlal.u32	q11,d28,d2[1]
-	vmlal.u32	q12,d28,d3[0]
-	vmlal.u32	q13,d28,d3[1]
-
-	bne	.LNEON_inner
-
-	vmlal.u32	q6,d29,d4[0]
-	add		r6,sp,#16
-	vmlal.u32	q7,d29,d4[1]
-	sub		r1,r1,r5,lsl#2		@ rewind r1
-	vmlal.u32	q8,d29,d5[0]
-	 vld1.64	{q5}, [sp,:128]
-	vmlal.u32	q9,d29,d5[1]
-	subs		r9,r9,#1
-
-	vmlal.u32	q10,d29,d6[0]
-	vst1.64		{q6-q7}, [r7,:256]!
-	vmlal.u32	q11,d29,d6[1]
-	 vld1.64	{q6},       [r6, :128]!
-	vshr.u64	d10,d10,#16
-	vst1.64		{q8-q9}, [r7,:256]!
-	vmlal.u32	q12,d29,d7[0]
-	 vld1.64	{q7-q8}, [r6, :256]!
-	vmlal.u32	q13,d29,d7[1]
-
-	vst1.64		{q10-q11}, [r7,:256]!
-	vadd.u64	d10,d10,d11
-	vst1.64		{q12-q13}, [r7,:256]!
-	vshr.u64	d10,d10,#16
-
-	bne	.LNEON_outer
-
-	mov		r7,sp
-	mov		r8,r5
-
-.LNEON_tail:
-	vadd.u64	d12,d12,d10
-	vld1.64		{q9-q10}, [r6, :256]!
-	vshr.u64	d10,d12,#16
-	vadd.u64	d13,d13,d10
-	vld1.64		{q11-q12}, [r6, :256]!
-	vshr.u64	d10,d13,#16
-	vld1.64		{q13},       [r6, :128]!
-	vzip.16		d12,d13
-
-.LNEON_tail2:
-	vadd.u64	d14,d14,d10
-	vst1.32		{d12[0]}, [r7, :32]!
-	vshr.u64	d10,d14,#16
-	vadd.u64	d15,d15,d10
-	vshr.u64	d10,d15,#16
-	vzip.16		d14,d15
-
-	vadd.u64	d16,d16,d10
-	vst1.32		{d14[0]}, [r7, :32]!
-	vshr.u64	d10,d16,#16
-	vadd.u64	d17,d17,d10
-	vshr.u64	d10,d17,#16
-	vzip.16		d16,d17
-
-	vadd.u64	d18,d18,d10
-	vst1.32		{d16[0]}, [r7, :32]!
-	vshr.u64	d10,d18,#16
-	vadd.u64	d19,d19,d10
-	vshr.u64	d10,d19,#16
-	vzip.16		d18,d19
-
-	vadd.u64	d20,d20,d10
-	vst1.32		{d18[0]}, [r7, :32]!
-	vshr.u64	d10,d20,#16
-	vadd.u64	d21,d21,d10
-	vshr.u64	d10,d21,#16
-	vzip.16		d20,d21
-
-	vadd.u64	d22,d22,d10
-	vst1.32		{d20[0]}, [r7, :32]!
-	vshr.u64	d10,d22,#16
-	vadd.u64	d23,d23,d10
-	vshr.u64	d10,d23,#16
-	vzip.16		d22,d23
-
-	vadd.u64	d24,d24,d10
-	vst1.32		{d22[0]}, [r7, :32]!
-	vshr.u64	d10,d24,#16
-	vadd.u64	d25,d25,d10
-	vld1.64		{q6}, [r6, :128]!
-	vshr.u64	d10,d25,#16
-	vzip.16		d24,d25
-
-	vadd.u64	d26,d26,d10
-	vst1.32		{d24[0]}, [r7, :32]!
-	vshr.u64	d10,d26,#16
-	vadd.u64	d27,d27,d10
-	vld1.64		{q7-q8},	[r6, :256]!
-	vshr.u64	d10,d27,#16
-	vzip.16		d26,d27
-	subs		r8,r8,#8
-	vst1.32		{d26[0]}, [r7, :32]!
-
-	bne	.LNEON_tail
-
-	vst1.32	{d10[0]}, [r7, :32]		@ top-most bit
-	sub	r3,r3,r5,lsl#2			@ rewind r3
-	subs	r1,sp,#0				@ clear carry flag
-	add	r2,sp,r5,lsl#2
-
-.LNEON_sub:
-	ldmia	r1!, {r4-r7}
-	ldmia	r3!, {r8-r11}
-	sbcs	r8, r4,r8
-	sbcs	r9, r5,r9
-	sbcs	r10,r6,r10
-	sbcs	r11,r7,r11
-	teq	r1,r2				@ preserves carry
-	stmia	r0!, {r8-r11}
-	bne	.LNEON_sub
-
-	ldr	r10, [r1]				@ load top-most bit
-	veor	q0,q0,q0
-	sub	r11,r2,sp				@ this is num*4
-	veor	q1,q1,q1
-	mov	r1,sp
-	sub	r0,r0,r11				@ rewind r0
-	mov	r3,r2				@ second 3/4th of frame
-	sbcs	r10,r10,#0				@ result is carry flag
-
-.LNEON_copy_n_zap:
-	ldmia	r1!, {r4-r7}
-	ldmia	r0,  {r8-r11}
-	movcc	r8, r4
-	vst1.64	{q0-q1}, [r3,:256]!			@ wipe
-	movcc	r9, r5
-	movcc	r10,r6
-	vst1.64	{q0-q1}, [r3,:256]!			@ wipe
-	movcc	r11,r7
-	ldmia	r1, {r4-r7}
-	stmia	r0!, {r8-r11}
-	sub	r1,r1,#16
-	ldmia	r0, {r8-r11}
-	movcc	r8, r4
-	vst1.64	{q0-q1}, [r1,:256]!			@ wipe
-	movcc	r9, r5
-	movcc	r10,r6
-	vst1.64	{q0-q1}, [r3,:256]!			@ wipe
-	movcc	r11,r7
-	teq	r1,r2				@ preserves carry
-	stmia	r0!, {r8-r11}
-	bne	.LNEON_copy_n_zap
-
-	sub	sp,ip,#96
-        vldmia  sp!,{d8-d15}
-        ldmia   sp!,{r4-r11}
-	bx	lr						@ .word	0xe12fff1e
-.size	bn_mul8x_mont_neon,.-bn_mul8x_mont_neon
-#endif
-.asciz	"Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by <appro@openssl.org>"
-.align	2
-#if __ARM_ARCH__>=7
-.comm	OPENSSL_armcap_P,4,4
-#endif
diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl
deleted file mode 100644
index 72bad8e308..0000000000
--- a/crypto/bn/asm/armv4-mont.pl
+++ /dev/null
@@ -1,675 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# January 2007.
-
-# Montgomery multiplication for ARMv4.
-#
-# Performance improvement naturally varies among CPU implementations
-# and compilers. The code was observed to provide +65-35% improvement
-# [depending on key length, less for longer keys] on ARM920T, and
-# +115-80% on Intel IXP425. This is compared to pre-bn_mul_mont code
-# base and compiler generated code with in-lined umull and even umlal
-# instructions. The latter means that this code didn't really have an 
-# "advantage" of utilizing some "secret" instruction.
-#
-# The code is interoperable with Thumb ISA and is rather compact, less
-# than 1/2KB. Windows CE port would be trivial, as it's exclusively
-# about decorations, ABI and instruction syntax are identical.
-
-# November 2013
-#
-# Add NEON code path, which handles lengths divisible by 8. RSA/DSA
-# performance improvement on Cortex-A8 is ~45-100% depending on key
-# length, more for longer keys. On Cortex-A15 the span is ~10-105%.
-# On Snapdragon S4 improvement was measured to vary from ~70% to
-# incredible ~380%, yes, 4.8x faster, for RSA4096 sign. But this is
-# rather because original integer-only code seems to perform
-# suboptimally on S4. Situation on Cortex-A9 is unfortunately
-# different. It's being looked into, but the trouble is that
-# performance for vectors longer than 256 bits is actually couple
-# of percent worse than for integer-only code. The code is chosen
-# for execution on all NEON-capable processors, because gain on
-# others outweighs the marginal loss on Cortex-A9.
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$num="r0";	# starts as num argument, but holds &tp[num-1]
-$ap="r1";
-$bp="r2"; $bi="r2"; $rp="r2";
-$np="r3";
-$tp="r4";
-$aj="r5";
-$nj="r6";
-$tj="r7";
-$n0="r8";
-###########	# r9 is reserved by ELF as platform specific, e.g. TLS pointer
-$alo="r10";	# sl, gcc uses it to keep @GOT
-$ahi="r11";	# fp
-$nlo="r12";	# ip
-###########	# r13 is stack pointer
-$nhi="r14";	# lr
-###########	# r15 is program counter
-
-#### argument block layout relative to &tp[num-1], a.k.a. $num
-$_rp="$num,#12*4";
-# ap permanently resides in r1
-$_bp="$num,#13*4";
-# np permanently resides in r3
-$_n0="$num,#14*4";
-$_num="$num,#15*4";	$_bpend=$_num;
-
-$code=<<___;
-#include "arm_arch.h"
-
-.text
-.code	32
-
-#if __ARM_ARCH__>=7
-.align	5
-.LOPENSSL_armcap:
-.word	OPENSSL_armcap_P-bn_mul_mont
-#endif
-
-.global	bn_mul_mont
-.type	bn_mul_mont,%function
-
-.align	5
-bn_mul_mont:
-	ldr	ip,[sp,#4]		@ load num
-	stmdb	sp!,{r0,r2}		@ sp points at argument block
-#if __ARM_ARCH__>=7
-	tst	ip,#7
-	bne	.Lialu
-	adr	r0,bn_mul_mont
-	ldr	r2,.LOPENSSL_armcap
-	ldr	r0,[r0,r2]
-	tst	r0,#1			@ NEON available?
-	ldmia	sp, {r0,r2}
-	beq	.Lialu
-	add	sp,sp,#8
-	b	bn_mul8x_mont_neon
-.align	4
-.Lialu:
-#endif
-	cmp	ip,#2
-	mov	$num,ip			@ load num
-	movlt	r0,#0
-	addlt	sp,sp,#2*4
-	blt	.Labrt
-
-	stmdb	sp!,{r4-r12,lr}		@ save 10 registers
-
-	mov	$num,$num,lsl#2		@ rescale $num for byte count
-	sub	sp,sp,$num		@ alloca(4*num)
-	sub	sp,sp,#4		@ +extra dword
-	sub	$num,$num,#4		@ "num=num-1"
-	add	$tp,$bp,$num		@ &bp[num-1]
-
-	add	$num,sp,$num		@ $num to point at &tp[num-1]
-	ldr	$n0,[$_n0]		@ &n0
-	ldr	$bi,[$bp]		@ bp[0]
-	ldr	$aj,[$ap],#4		@ ap[0],ap++
-	ldr	$nj,[$np],#4		@ np[0],np++
-	ldr	$n0,[$n0]		@ *n0
-	str	$tp,[$_bpend]		@ save &bp[num]
-
-	umull	$alo,$ahi,$aj,$bi	@ ap[0]*bp[0]
-	str	$n0,[$_n0]		@ save n0 value
-	mul	$n0,$alo,$n0		@ "tp[0]"*n0
-	mov	$nlo,#0
-	umlal	$alo,$nlo,$nj,$n0	@ np[0]*n0+"t[0]"
-	mov	$tp,sp
-
-.L1st:
-	ldr	$aj,[$ap],#4		@ ap[j],ap++
-	mov	$alo,$ahi
-	ldr	$nj,[$np],#4		@ np[j],np++
-	mov	$ahi,#0
-	umlal	$alo,$ahi,$aj,$bi	@ ap[j]*bp[0]
-	mov	$nhi,#0
-	umlal	$nlo,$nhi,$nj,$n0	@ np[j]*n0
-	adds	$nlo,$nlo,$alo
-	str	$nlo,[$tp],#4		@ tp[j-1]=,tp++
-	adc	$nlo,$nhi,#0
-	cmp	$tp,$num
-	bne	.L1st
-
-	adds	$nlo,$nlo,$ahi
-	ldr	$tp,[$_bp]		@ restore bp
-	mov	$nhi,#0
-	ldr	$n0,[$_n0]		@ restore n0
-	adc	$nhi,$nhi,#0
-	str	$nlo,[$num]		@ tp[num-1]=
-	str	$nhi,[$num,#4]		@ tp[num]=
-
-.Louter:
-	sub	$tj,$num,sp		@ "original" $num-1 value
-	sub	$ap,$ap,$tj		@ "rewind" ap to &ap[1]
-	ldr	$bi,[$tp,#4]!		@ *(++bp)
-	sub	$np,$np,$tj		@ "rewind" np to &np[1]
-	ldr	$aj,[$ap,#-4]		@ ap[0]
-	ldr	$alo,[sp]		@ tp[0]
-	ldr	$nj,[$np,#-4]		@ np[0]
-	ldr	$tj,[sp,#4]		@ tp[1]
-
-	mov	$ahi,#0
-	umlal	$alo,$ahi,$aj,$bi	@ ap[0]*bp[i]+tp[0]
-	str	$tp,[$_bp]		@ save bp
-	mul	$n0,$alo,$n0
-	mov	$nlo,#0
-	umlal	$alo,$nlo,$nj,$n0	@ np[0]*n0+"tp[0]"
-	mov	$tp,sp
-
-.Linner:
-	ldr	$aj,[$ap],#4		@ ap[j],ap++
-	adds	$alo,$ahi,$tj		@ +=tp[j]
-	ldr	$nj,[$np],#4		@ np[j],np++
-	mov	$ahi,#0
-	umlal	$alo,$ahi,$aj,$bi	@ ap[j]*bp[i]
-	mov	$nhi,#0
-	umlal	$nlo,$nhi,$nj,$n0	@ np[j]*n0
-	adc	$ahi,$ahi,#0
-	ldr	$tj,[$tp,#8]		@ tp[j+1]
-	adds	$nlo,$nlo,$alo
-	str	$nlo,[$tp],#4		@ tp[j-1]=,tp++
-	adc	$nlo,$nhi,#0
-	cmp	$tp,$num
-	bne	.Linner
-
-	adds	$nlo,$nlo,$ahi
-	mov	$nhi,#0
-	ldr	$tp,[$_bp]		@ restore bp
-	adc	$nhi,$nhi,#0
-	ldr	$n0,[$_n0]		@ restore n0
-	adds	$nlo,$nlo,$tj
-	ldr	$tj,[$_bpend]		@ restore &bp[num]
-	adc	$nhi,$nhi,#0
-	str	$nlo,[$num]		@ tp[num-1]=
-	str	$nhi,[$num,#4]		@ tp[num]=
-
-	cmp	$tp,$tj
-	bne	.Louter
-
-	ldr	$rp,[$_rp]		@ pull rp
-	add	$num,$num,#4		@ $num to point at &tp[num]
-	sub	$aj,$num,sp		@ "original" num value
-	mov	$tp,sp			@ "rewind" $tp
-	mov	$ap,$tp			@ "borrow" $ap
-	sub	$np,$np,$aj		@ "rewind" $np to &np[0]
-
-	subs	$tj,$tj,$tj		@ "clear" carry flag
-.Lsub:	ldr	$tj,[$tp],#4
-	ldr	$nj,[$np],#4
-	sbcs	$tj,$tj,$nj		@ tp[j]-np[j]
-	str	$tj,[$rp],#4		@ rp[j]=
-	teq	$tp,$num		@ preserve carry
-	bne	.Lsub
-	sbcs	$nhi,$nhi,#0		@ upmost carry
-	mov	$tp,sp			@ "rewind" $tp
-	sub	$rp,$rp,$aj		@ "rewind" $rp
-
-	and	$ap,$tp,$nhi
-	bic	$np,$rp,$nhi
-	orr	$ap,$ap,$np		@ ap=borrow?tp:rp
-
-.Lcopy:	ldr	$tj,[$ap],#4		@ copy or in-place refresh
-	str	sp,[$tp],#4		@ zap tp
-	str	$tj,[$rp],#4
-	cmp	$tp,$num
-	bne	.Lcopy
-
-	add	sp,$num,#4		@ skip over tp[num+1]
-	ldmia	sp!,{r4-r12,lr}		@ restore registers
-	add	sp,sp,#2*4		@ skip over {r0,r2}
-	mov	r0,#1
-.Labrt:
-#if __ARM_ARCH__>=5
-	ret				@ bx lr
-#else
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	bx	lr			@ interoperable with Thumb ISA:-)
-#endif
-.size	bn_mul_mont,.-bn_mul_mont
-___
-{
-sub Dlo()   { shift=~m|q([1]?[0-9])|?"d".($1*2):"";     }
-sub Dhi()   { shift=~m|q([1]?[0-9])|?"d".($1*2+1):"";   }
-
-my ($A0,$A1,$A2,$A3)=map("d$_",(0..3));
-my ($N0,$N1,$N2,$N3)=map("d$_",(4..7));
-my ($Z,$Temp)=("q4","q5");
-my ($A0xB,$A1xB,$A2xB,$A3xB,$A4xB,$A5xB,$A6xB,$A7xB)=map("q$_",(6..13));
-my ($Bi,$Ni,$M0)=map("d$_",(28..31));
-my $zero=&Dlo($Z);
-my $temp=&Dlo($Temp);
-
-my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("r$_",(0..5));
-my ($tinptr,$toutptr,$inner,$outer)=map("r$_",(6..9));
-
-$code.=<<___;
-#if __ARM_ARCH__>=7
-.fpu	neon
-
-.type	bn_mul8x_mont_neon,%function
-.align	5
-bn_mul8x_mont_neon:
-	mov	ip,sp
-	stmdb	sp!,{r4-r11}
-	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-	ldmia	ip,{r4-r5}		@ load rest of parameter block
-
-	sub		$toutptr,sp,#16
-	vld1.32		{${Bi}[0]}, [$bptr,:32]!
-	sub		$toutptr,$toutptr,$num,lsl#4
-	vld1.32		{$A0-$A3},  [$aptr]!		@ can't specify :32 :-(
-	and		$toutptr,$toutptr,#-64
-	vld1.32		{${M0}[0]}, [$n0,:32]
-	mov		sp,$toutptr			@ alloca
-	veor		$zero,$zero,$zero
-	subs		$inner,$num,#8
-	vzip.16		$Bi,$zero
-
-	vmull.u32	$A0xB,$Bi,${A0}[0]
-	vmull.u32	$A1xB,$Bi,${A0}[1]
-	vmull.u32	$A2xB,$Bi,${A1}[0]
-	vshl.i64	$temp,`&Dhi("$A0xB")`,#16
-	vmull.u32	$A3xB,$Bi,${A1}[1]
-
-	vadd.u64	$temp,$temp,`&Dlo("$A0xB")`
-	veor		$zero,$zero,$zero
-	vmul.u32	$Ni,$temp,$M0
-
-	vmull.u32	$A4xB,$Bi,${A2}[0]
-	 vld1.32	{$N0-$N3}, [$nptr]!
-	vmull.u32	$A5xB,$Bi,${A2}[1]
-	vmull.u32	$A6xB,$Bi,${A3}[0]
-	vzip.16		$Ni,$zero
-	vmull.u32	$A7xB,$Bi,${A3}[1]
-
-	bne	.LNEON_1st
-
-	@ special case for num=8, everything is in register bank...
-
-	vmlal.u32	$A0xB,$Ni,${N0}[0]
-	sub		$outer,$num,#1
-	vmlal.u32	$A1xB,$Ni,${N0}[1]
-	vmlal.u32	$A2xB,$Ni,${N1}[0]
-	vmlal.u32	$A3xB,$Ni,${N1}[1]
-
-	vmlal.u32	$A4xB,$Ni,${N2}[0]
-	vmov		$Temp,$A0xB
-	vmlal.u32	$A5xB,$Ni,${N2}[1]
-	vmov		$A0xB,$A1xB
-	vmlal.u32	$A6xB,$Ni,${N3}[0]
-	vmov		$A1xB,$A2xB
-	vmlal.u32	$A7xB,$Ni,${N3}[1]
-	vmov		$A2xB,$A3xB
-	vmov		$A3xB,$A4xB
-	vshr.u64	$temp,$temp,#16
-	vmov		$A4xB,$A5xB
-	vmov		$A5xB,$A6xB
-	vadd.u64	$temp,$temp,`&Dhi("$Temp")`
-	vmov		$A6xB,$A7xB
-	veor		$A7xB,$A7xB
-	vshr.u64	$temp,$temp,#16
-
-	b	.LNEON_outer8
-
-.align	4
-.LNEON_outer8:
-	vld1.32		{${Bi}[0]}, [$bptr,:32]!
-	veor		$zero,$zero,$zero
-	vzip.16		$Bi,$zero
-	vadd.u64	`&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp
-
-	vmlal.u32	$A0xB,$Bi,${A0}[0]
-	vmlal.u32	$A1xB,$Bi,${A0}[1]
-	vmlal.u32	$A2xB,$Bi,${A1}[0]
-	vshl.i64	$temp,`&Dhi("$A0xB")`,#16
-	vmlal.u32	$A3xB,$Bi,${A1}[1]
-
-	vadd.u64	$temp,$temp,`&Dlo("$A0xB")`
-	veor		$zero,$zero,$zero
-	subs		$outer,$outer,#1
-	vmul.u32	$Ni,$temp,$M0
-
-	vmlal.u32	$A4xB,$Bi,${A2}[0]
-	vmlal.u32	$A5xB,$Bi,${A2}[1]
-	vmlal.u32	$A6xB,$Bi,${A3}[0]
-	vzip.16		$Ni,$zero
-	vmlal.u32	$A7xB,$Bi,${A3}[1]
-
-	vmlal.u32	$A0xB,$Ni,${N0}[0]
-	vmlal.u32	$A1xB,$Ni,${N0}[1]
-	vmlal.u32	$A2xB,$Ni,${N1}[0]
-	vmlal.u32	$A3xB,$Ni,${N1}[1]
-
-	vmlal.u32	$A4xB,$Ni,${N2}[0]
-	vmov		$Temp,$A0xB
-	vmlal.u32	$A5xB,$Ni,${N2}[1]
-	vmov		$A0xB,$A1xB
-	vmlal.u32	$A6xB,$Ni,${N3}[0]
-	vmov		$A1xB,$A2xB
-	vmlal.u32	$A7xB,$Ni,${N3}[1]
-	vmov		$A2xB,$A3xB
-	vmov		$A3xB,$A4xB
-	vshr.u64	$temp,$temp,#16
-	vmov		$A4xB,$A5xB
-	vmov		$A5xB,$A6xB
-	vadd.u64	$temp,$temp,`&Dhi("$Temp")`
-	vmov		$A6xB,$A7xB
-	veor		$A7xB,$A7xB
-	vshr.u64	$temp,$temp,#16
-
-	bne	.LNEON_outer8
-
-	vadd.u64	`&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp
-	mov		$toutptr,sp
-	vshr.u64	$temp,`&Dlo("$A0xB")`,#16
-	mov		$inner,$num
-	vadd.u64	`&Dhi("$A0xB")`,`&Dhi("$A0xB")`,$temp
-	add		$tinptr,sp,#16
-	vshr.u64	$temp,`&Dhi("$A0xB")`,#16
-	vzip.16		`&Dlo("$A0xB")`,`&Dhi("$A0xB")`
-
-	b	.LNEON_tail2
-
-.align	4
-.LNEON_1st:
-	vmlal.u32	$A0xB,$Ni,${N0}[0]
-	 vld1.32	{$A0-$A3}, [$aptr]!
-	vmlal.u32	$A1xB,$Ni,${N0}[1]
-	subs		$inner,$inner,#8
-	vmlal.u32	$A2xB,$Ni,${N1}[0]
-	vmlal.u32	$A3xB,$Ni,${N1}[1]
-
-	vmlal.u32	$A4xB,$Ni,${N2}[0]
-	 vld1.32	{$N0-$N1}, [$nptr]!
-	vmlal.u32	$A5xB,$Ni,${N2}[1]
-	 vst1.64	{$A0xB-$A1xB}, [$toutptr,:256]!
-	vmlal.u32	$A6xB,$Ni,${N3}[0]
-	vmlal.u32	$A7xB,$Ni,${N3}[1]
-	 vst1.64	{$A2xB-$A3xB}, [$toutptr,:256]!
-
-	vmull.u32	$A0xB,$Bi,${A0}[0]
-	 vld1.32	{$N2-$N3}, [$nptr]!
-	vmull.u32	$A1xB,$Bi,${A0}[1]
-	 vst1.64	{$A4xB-$A5xB}, [$toutptr,:256]!
-	vmull.u32	$A2xB,$Bi,${A1}[0]
-	vmull.u32	$A3xB,$Bi,${A1}[1]
-	 vst1.64	{$A6xB-$A7xB}, [$toutptr,:256]!
-
-	vmull.u32	$A4xB,$Bi,${A2}[0]
-	vmull.u32	$A5xB,$Bi,${A2}[1]
-	vmull.u32	$A6xB,$Bi,${A3}[0]
-	vmull.u32	$A7xB,$Bi,${A3}[1]
-
-	bne	.LNEON_1st
-
-	vmlal.u32	$A0xB,$Ni,${N0}[0]
-	add		$tinptr,sp,#16
-	vmlal.u32	$A1xB,$Ni,${N0}[1]
-	sub		$aptr,$aptr,$num,lsl#2		@ rewind $aptr
-	vmlal.u32	$A2xB,$Ni,${N1}[0]
-	 vld1.64	{$Temp}, [sp,:128]
-	vmlal.u32	$A3xB,$Ni,${N1}[1]
-	sub		$outer,$num,#1
-
-	vmlal.u32	$A4xB,$Ni,${N2}[0]
-	vst1.64		{$A0xB-$A1xB}, [$toutptr,:256]!
-	vmlal.u32	$A5xB,$Ni,${N2}[1]
-	vshr.u64	$temp,$temp,#16
-	 vld1.64	{$A0xB},       [$tinptr, :128]!
-	vmlal.u32	$A6xB,$Ni,${N3}[0]
-	vst1.64		{$A2xB-$A3xB}, [$toutptr,:256]!
-	vmlal.u32	$A7xB,$Ni,${N3}[1]
-
-	vst1.64		{$A4xB-$A5xB}, [$toutptr,:256]!
-	vadd.u64	$temp,$temp,`&Dhi("$Temp")`
-	veor		$Z,$Z,$Z
-	vst1.64		{$A6xB-$A7xB}, [$toutptr,:256]!
-	 vld1.64	{$A1xB-$A2xB}, [$tinptr, :256]!
-	vst1.64		{$Z},          [$toutptr,:128]
-	vshr.u64	$temp,$temp,#16
-
-	b		.LNEON_outer
-
-.align	4
-.LNEON_outer:
-	vld1.32		{${Bi}[0]}, [$bptr,:32]!
-	sub		$nptr,$nptr,$num,lsl#2		@ rewind $nptr
-	vld1.32		{$A0-$A3},  [$aptr]!
-	veor		$zero,$zero,$zero
-	mov		$toutptr,sp
-	vzip.16		$Bi,$zero
-	sub		$inner,$num,#8
-	vadd.u64	`&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp
-
-	vmlal.u32	$A0xB,$Bi,${A0}[0]
-	 vld1.64	{$A3xB-$A4xB},[$tinptr,:256]!
-	vmlal.u32	$A1xB,$Bi,${A0}[1]
-	vmlal.u32	$A2xB,$Bi,${A1}[0]
-	 vld1.64	{$A5xB-$A6xB},[$tinptr,:256]!
-	vmlal.u32	$A3xB,$Bi,${A1}[1]
-
-	vshl.i64	$temp,`&Dhi("$A0xB")`,#16
-	veor		$zero,$zero,$zero
-	vadd.u64	$temp,$temp,`&Dlo("$A0xB")`
-	 vld1.64	{$A7xB},[$tinptr,:128]!
-	vmul.u32	$Ni,$temp,$M0
-
-	vmlal.u32	$A4xB,$Bi,${A2}[0]
-	 vld1.32	{$N0-$N3}, [$nptr]!
-	vmlal.u32	$A5xB,$Bi,${A2}[1]
-	vmlal.u32	$A6xB,$Bi,${A3}[0]
-	vzip.16		$Ni,$zero
-	vmlal.u32	$A7xB,$Bi,${A3}[1]
-
-.LNEON_inner:
-	vmlal.u32	$A0xB,$Ni,${N0}[0]
-	 vld1.32	{$A0-$A3}, [$aptr]!
-	vmlal.u32	$A1xB,$Ni,${N0}[1]
-	 subs		$inner,$inner,#8
-	vmlal.u32	$A2xB,$Ni,${N1}[0]
-	vmlal.u32	$A3xB,$Ni,${N1}[1]
-	vst1.64		{$A0xB-$A1xB}, [$toutptr,:256]!
-
-	vmlal.u32	$A4xB,$Ni,${N2}[0]
-	 vld1.64	{$A0xB},       [$tinptr, :128]!
-	vmlal.u32	$A5xB,$Ni,${N2}[1]
-	vst1.64		{$A2xB-$A3xB}, [$toutptr,:256]!
-	vmlal.u32	$A6xB,$Ni,${N3}[0]
-	 vld1.64	{$A1xB-$A2xB}, [$tinptr, :256]!
-	vmlal.u32	$A7xB,$Ni,${N3}[1]
-	vst1.64		{$A4xB-$A5xB}, [$toutptr,:256]!
-
-	vmlal.u32	$A0xB,$Bi,${A0}[0]
-	 vld1.64	{$A3xB-$A4xB}, [$tinptr, :256]!
-	vmlal.u32	$A1xB,$Bi,${A0}[1]
-	vst1.64		{$A6xB-$A7xB}, [$toutptr,:256]!
-	vmlal.u32	$A2xB,$Bi,${A1}[0]
-	 vld1.64	{$A5xB-$A6xB}, [$tinptr, :256]!
-	vmlal.u32	$A3xB,$Bi,${A1}[1]
-	 vld1.32	{$N0-$N3}, [$nptr]!
-
-	vmlal.u32	$A4xB,$Bi,${A2}[0]
-	 vld1.64	{$A7xB},       [$tinptr, :128]!
-	vmlal.u32	$A5xB,$Bi,${A2}[1]
-	vmlal.u32	$A6xB,$Bi,${A3}[0]
-	vmlal.u32	$A7xB,$Bi,${A3}[1]
-
-	bne	.LNEON_inner
-
-	vmlal.u32	$A0xB,$Ni,${N0}[0]
-	add		$tinptr,sp,#16
-	vmlal.u32	$A1xB,$Ni,${N0}[1]
-	sub		$aptr,$aptr,$num,lsl#2		@ rewind $aptr
-	vmlal.u32	$A2xB,$Ni,${N1}[0]
-	 vld1.64	{$Temp}, [sp,:128]
-	vmlal.u32	$A3xB,$Ni,${N1}[1]
-	subs		$outer,$outer,#1
-
-	vmlal.u32	$A4xB,$Ni,${N2}[0]
-	vst1.64		{$A0xB-$A1xB}, [$toutptr,:256]!
-	vmlal.u32	$A5xB,$Ni,${N2}[1]
-	 vld1.64	{$A0xB},       [$tinptr, :128]!
-	vshr.u64	$temp,$temp,#16
-	vst1.64		{$A2xB-$A3xB}, [$toutptr,:256]!
-	vmlal.u32	$A6xB,$Ni,${N3}[0]
-	 vld1.64	{$A1xB-$A2xB}, [$tinptr, :256]!
-	vmlal.u32	$A7xB,$Ni,${N3}[1]
-
-	vst1.64		{$A4xB-$A5xB}, [$toutptr,:256]!
-	vadd.u64	$temp,$temp,`&Dhi("$Temp")`
-	vst1.64		{$A6xB-$A7xB}, [$toutptr,:256]!
-	vshr.u64	$temp,$temp,#16
-
-	bne	.LNEON_outer
-
-	mov		$toutptr,sp
-	mov		$inner,$num
-
-.LNEON_tail:
-	vadd.u64	`&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp
-	vld1.64		{$A3xB-$A4xB}, [$tinptr, :256]!
-	vshr.u64	$temp,`&Dlo("$A0xB")`,#16
-	vadd.u64	`&Dhi("$A0xB")`,`&Dhi("$A0xB")`,$temp
-	vld1.64		{$A5xB-$A6xB}, [$tinptr, :256]!
-	vshr.u64	$temp,`&Dhi("$A0xB")`,#16
-	vld1.64		{$A7xB},       [$tinptr, :128]!
-	vzip.16		`&Dlo("$A0xB")`,`&Dhi("$A0xB")`
-
-.LNEON_tail2:
-	vadd.u64	`&Dlo("$A1xB")`,`&Dlo("$A1xB")`,$temp
-	vst1.32		{`&Dlo("$A0xB")`[0]}, [$toutptr, :32]!
-	vshr.u64	$temp,`&Dlo("$A1xB")`,#16
-	vadd.u64	`&Dhi("$A1xB")`,`&Dhi("$A1xB")`,$temp
-	vshr.u64	$temp,`&Dhi("$A1xB")`,#16
-	vzip.16		`&Dlo("$A1xB")`,`&Dhi("$A1xB")`
-
-	vadd.u64	`&Dlo("$A2xB")`,`&Dlo("$A2xB")`,$temp
-	vst1.32		{`&Dlo("$A1xB")`[0]}, [$toutptr, :32]!
-	vshr.u64	$temp,`&Dlo("$A2xB")`,#16
-	vadd.u64	`&Dhi("$A2xB")`,`&Dhi("$A2xB")`,$temp
-	vshr.u64	$temp,`&Dhi("$A2xB")`,#16
-	vzip.16		`&Dlo("$A2xB")`,`&Dhi("$A2xB")`
-
-	vadd.u64	`&Dlo("$A3xB")`,`&Dlo("$A3xB")`,$temp
-	vst1.32		{`&Dlo("$A2xB")`[0]}, [$toutptr, :32]!
-	vshr.u64	$temp,`&Dlo("$A3xB")`,#16
-	vadd.u64	`&Dhi("$A3xB")`,`&Dhi("$A3xB")`,$temp
-	vshr.u64	$temp,`&Dhi("$A3xB")`,#16
-	vzip.16		`&Dlo("$A3xB")`,`&Dhi("$A3xB")`
-
-	vadd.u64	`&Dlo("$A4xB")`,`&Dlo("$A4xB")`,$temp
-	vst1.32		{`&Dlo("$A3xB")`[0]}, [$toutptr, :32]!
-	vshr.u64	$temp,`&Dlo("$A4xB")`,#16
-	vadd.u64	`&Dhi("$A4xB")`,`&Dhi("$A4xB")`,$temp
-	vshr.u64	$temp,`&Dhi("$A4xB")`,#16
-	vzip.16		`&Dlo("$A4xB")`,`&Dhi("$A4xB")`
-
-	vadd.u64	`&Dlo("$A5xB")`,`&Dlo("$A5xB")`,$temp
-	vst1.32		{`&Dlo("$A4xB")`[0]}, [$toutptr, :32]!
-	vshr.u64	$temp,`&Dlo("$A5xB")`,#16
-	vadd.u64	`&Dhi("$A5xB")`,`&Dhi("$A5xB")`,$temp
-	vshr.u64	$temp,`&Dhi("$A5xB")`,#16
-	vzip.16		`&Dlo("$A5xB")`,`&Dhi("$A5xB")`
-
-	vadd.u64	`&Dlo("$A6xB")`,`&Dlo("$A6xB")`,$temp
-	vst1.32		{`&Dlo("$A5xB")`[0]}, [$toutptr, :32]!
-	vshr.u64	$temp,`&Dlo("$A6xB")`,#16
-	vadd.u64	`&Dhi("$A6xB")`,`&Dhi("$A6xB")`,$temp
-	vld1.64		{$A0xB}, [$tinptr, :128]!
-	vshr.u64	$temp,`&Dhi("$A6xB")`,#16
-	vzip.16		`&Dlo("$A6xB")`,`&Dhi("$A6xB")`
-
-	vadd.u64	`&Dlo("$A7xB")`,`&Dlo("$A7xB")`,$temp
-	vst1.32		{`&Dlo("$A6xB")`[0]}, [$toutptr, :32]!
-	vshr.u64	$temp,`&Dlo("$A7xB")`,#16
-	vadd.u64	`&Dhi("$A7xB")`,`&Dhi("$A7xB")`,$temp
-	vld1.64		{$A1xB-$A2xB},	[$tinptr, :256]!
-	vshr.u64	$temp,`&Dhi("$A7xB")`,#16
-	vzip.16		`&Dlo("$A7xB")`,`&Dhi("$A7xB")`
-	subs		$inner,$inner,#8
-	vst1.32		{`&Dlo("$A7xB")`[0]}, [$toutptr, :32]!
-
-	bne	.LNEON_tail
-
-	vst1.32	{${temp}[0]}, [$toutptr, :32]		@ top-most bit
-	sub	$nptr,$nptr,$num,lsl#2			@ rewind $nptr
-	subs	$aptr,sp,#0				@ clear carry flag
-	add	$bptr,sp,$num,lsl#2
-
-.LNEON_sub:
-	ldmia	$aptr!, {r4-r7}
-	ldmia	$nptr!, {r8-r11}
-	sbcs	r8, r4,r8
-	sbcs	r9, r5,r9
-	sbcs	r10,r6,r10
-	sbcs	r11,r7,r11
-	teq	$aptr,$bptr				@ preserves carry
-	stmia	$rptr!, {r8-r11}
-	bne	.LNEON_sub
-
-	ldr	r10, [$aptr]				@ load top-most bit
-	veor	q0,q0,q0
-	sub	r11,$bptr,sp				@ this is num*4
-	veor	q1,q1,q1
-	mov	$aptr,sp
-	sub	$rptr,$rptr,r11				@ rewind $rptr
-	mov	$nptr,$bptr				@ second 3/4th of frame
-	sbcs	r10,r10,#0				@ result is carry flag
-
-.LNEON_copy_n_zap:
-	ldmia	$aptr!, {r4-r7}
-	ldmia	$rptr,  {r8-r11}
-	movcc	r8, r4
-	vst1.64	{q0-q1}, [$nptr,:256]!			@ wipe
-	movcc	r9, r5
-	movcc	r10,r6
-	vst1.64	{q0-q1}, [$nptr,:256]!			@ wipe
-	movcc	r11,r7
-	ldmia	$aptr, {r4-r7}
-	stmia	$rptr!, {r8-r11}
-	sub	$aptr,$aptr,#16
-	ldmia	$rptr, {r8-r11}
-	movcc	r8, r4
-	vst1.64	{q0-q1}, [$aptr,:256]!			@ wipe
-	movcc	r9, r5
-	movcc	r10,r6
-	vst1.64	{q0-q1}, [$nptr,:256]!			@ wipe
-	movcc	r11,r7
-	teq	$aptr,$bptr				@ preserves carry
-	stmia	$rptr!, {r8-r11}
-	bne	.LNEON_copy_n_zap
-
-	sub	sp,ip,#96
-        vldmia  sp!,{d8-d15}
-        ldmia   sp!,{r4-r11}
-	ret						@ bx lr
-.size	bn_mul8x_mont_neon,.-bn_mul8x_mont_neon
-#endif
-___
-}
-$code.=<<___;
-.asciz	"Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
-.align	2
-#if __ARM_ARCH__>=7
-.comm	OPENSSL_armcap_P,4,4
-#endif
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
-$code =~ s/\bret\b/bx	lr/gm;
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/bn-586.S b/crypto/bn/asm/bn-586.S
deleted file mode 100644
index 66695e266c..0000000000
--- a/crypto/bn/asm/bn-586.S
+++ /dev/null
@@ -1,1533 +0,0 @@
-.file	"crypto/bn/asm/bn-586.s"
-.text
-.globl	bn_mul_add_words
-.type	bn_mul_add_words,@function
-.align	16
-bn_mul_add_words:
-.L_bn_mul_add_words_begin:
-	call	.L000PIC_me_up
-.L000PIC_me_up:
-	popl	%eax
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L000PIC_me_up](%eax),%eax
-	movl	OPENSSL_ia32cap_P@GOT(%eax),%eax
-	btl	$26,(%eax)
-	jnc	.L001maw_non_sse2
-	movl	4(%esp),%eax
-	movl	8(%esp),%edx
-	movl	12(%esp),%ecx
-	movd	16(%esp),%mm0
-	pxor	%mm1,%mm1
-	jmp	.L002maw_sse2_entry
-.align	16
-.L003maw_sse2_unrolled:
-	movd	(%eax),%mm3
-	paddq	%mm3,%mm1
-	movd	(%edx),%mm2
-	pmuludq	%mm0,%mm2
-	movd	4(%edx),%mm4
-	pmuludq	%mm0,%mm4
-	movd	8(%edx),%mm6
-	pmuludq	%mm0,%mm6
-	movd	12(%edx),%mm7
-	pmuludq	%mm0,%mm7
-	paddq	%mm2,%mm1
-	movd	4(%eax),%mm3
-	paddq	%mm4,%mm3
-	movd	8(%eax),%mm5
-	paddq	%mm6,%mm5
-	movd	12(%eax),%mm4
-	paddq	%mm4,%mm7
-	movd	%mm1,(%eax)
-	movd	16(%edx),%mm2
-	pmuludq	%mm0,%mm2
-	psrlq	$32,%mm1
-	movd	20(%edx),%mm4
-	pmuludq	%mm0,%mm4
-	paddq	%mm3,%mm1
-	movd	24(%edx),%mm6
-	pmuludq	%mm0,%mm6
-	movd	%mm1,4(%eax)
-	psrlq	$32,%mm1
-	movd	28(%edx),%mm3
-	addl	$32,%edx
-	pmuludq	%mm0,%mm3
-	paddq	%mm5,%mm1
-	movd	16(%eax),%mm5
-	paddq	%mm5,%mm2
-	movd	%mm1,8(%eax)
-	psrlq	$32,%mm1
-	paddq	%mm7,%mm1
-	movd	20(%eax),%mm5
-	paddq	%mm5,%mm4
-	movd	%mm1,12(%eax)
-	psrlq	$32,%mm1
-	paddq	%mm2,%mm1
-	movd	24(%eax),%mm5
-	paddq	%mm5,%mm6
-	movd	%mm1,16(%eax)
-	psrlq	$32,%mm1
-	paddq	%mm4,%mm1
-	movd	28(%eax),%mm5
-	paddq	%mm5,%mm3
-	movd	%mm1,20(%eax)
-	psrlq	$32,%mm1
-	paddq	%mm6,%mm1
-	movd	%mm1,24(%eax)
-	psrlq	$32,%mm1
-	paddq	%mm3,%mm1
-	movd	%mm1,28(%eax)
-	leal	32(%eax),%eax
-	psrlq	$32,%mm1
-	subl	$8,%ecx
-	jz	.L004maw_sse2_exit
-.L002maw_sse2_entry:
-	testl	$4294967288,%ecx
-	jnz	.L003maw_sse2_unrolled
-.align	4
-.L005maw_sse2_loop:
-	movd	(%edx),%mm2
-	movd	(%eax),%mm3
-	pmuludq	%mm0,%mm2
-	leal	4(%edx),%edx
-	paddq	%mm3,%mm1
-	paddq	%mm2,%mm1
-	movd	%mm1,(%eax)
-	subl	$1,%ecx
-	psrlq	$32,%mm1
-	leal	4(%eax),%eax
-	jnz	.L005maw_sse2_loop
-.L004maw_sse2_exit:
-	movd	%mm1,%eax
-	emms
-	ret
-.align	16
-.L001maw_non_sse2:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-	xorl	%esi,%esi
-	movl	20(%esp),%edi
-	movl	28(%esp),%ecx
-	movl	24(%esp),%ebx
-	andl	$4294967288,%ecx
-	movl	32(%esp),%ebp
-	pushl	%ecx
-	jz	.L006maw_finish
-.align	16
-.L007maw_loop:
-
-	movl	(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	(%edi),%eax
-	adcl	$0,%edx
-	movl	%eax,(%edi)
-	movl	%edx,%esi
-
-	movl	4(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	4(%edi),%eax
-	adcl	$0,%edx
-	movl	%eax,4(%edi)
-	movl	%edx,%esi
-
-	movl	8(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	8(%edi),%eax
-	adcl	$0,%edx
-	movl	%eax,8(%edi)
-	movl	%edx,%esi
-
-	movl	12(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	12(%edi),%eax
-	adcl	$0,%edx
-	movl	%eax,12(%edi)
-	movl	%edx,%esi
-
-	movl	16(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	16(%edi),%eax
-	adcl	$0,%edx
-	movl	%eax,16(%edi)
-	movl	%edx,%esi
-
-	movl	20(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	20(%edi),%eax
-	adcl	$0,%edx
-	movl	%eax,20(%edi)
-	movl	%edx,%esi
-
-	movl	24(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	24(%edi),%eax
-	adcl	$0,%edx
-	movl	%eax,24(%edi)
-	movl	%edx,%esi
-
-	movl	28(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	28(%edi),%eax
-	adcl	$0,%edx
-	movl	%eax,28(%edi)
-	movl	%edx,%esi
-
-	subl	$8,%ecx
-	leal	32(%ebx),%ebx
-	leal	32(%edi),%edi
-	jnz	.L007maw_loop
-.L006maw_finish:
-	movl	32(%esp),%ecx
-	andl	$7,%ecx
-	jnz	.L008maw_finish2
-	jmp	.L009maw_end
-.L008maw_finish2:
-
-	movl	(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	(%edi),%eax
-	adcl	$0,%edx
-	decl	%ecx
-	movl	%eax,(%edi)
-	movl	%edx,%esi
-	jz	.L009maw_end
-
-	movl	4(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	4(%edi),%eax
-	adcl	$0,%edx
-	decl	%ecx
-	movl	%eax,4(%edi)
-	movl	%edx,%esi
-	jz	.L009maw_end
-
-	movl	8(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	8(%edi),%eax
-	adcl	$0,%edx
-	decl	%ecx
-	movl	%eax,8(%edi)
-	movl	%edx,%esi
-	jz	.L009maw_end
-
-	movl	12(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	12(%edi),%eax
-	adcl	$0,%edx
-	decl	%ecx
-	movl	%eax,12(%edi)
-	movl	%edx,%esi
-	jz	.L009maw_end
-
-	movl	16(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	16(%edi),%eax
-	adcl	$0,%edx
-	decl	%ecx
-	movl	%eax,16(%edi)
-	movl	%edx,%esi
-	jz	.L009maw_end
-
-	movl	20(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	20(%edi),%eax
-	adcl	$0,%edx
-	decl	%ecx
-	movl	%eax,20(%edi)
-	movl	%edx,%esi
-	jz	.L009maw_end
-
-	movl	24(%ebx),%eax
-	mull	%ebp
-	addl	%esi,%eax
-	adcl	$0,%edx
-	addl	24(%edi),%eax
-	adcl	$0,%edx
-	movl	%eax,24(%edi)
-	movl	%edx,%esi
-.L009maw_end:
-	movl	%esi,%eax
-	popl	%ecx
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	bn_mul_add_words,.-.L_bn_mul_add_words_begin
-.globl	bn_mul_words
-.type	bn_mul_words,@function
-.align	16
-bn_mul_words:
-.L_bn_mul_words_begin:
-	call	.L010PIC_me_up
-.L010PIC_me_up:
-	popl	%eax
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L010PIC_me_up](%eax),%eax
-	movl	OPENSSL_ia32cap_P@GOT(%eax),%eax
-	btl	$26,(%eax)
-	jnc	.L011mw_non_sse2
-	movl	4(%esp),%eax
-	movl	8(%esp),%edx
-	movl	12(%esp),%ecx
-	movd	16(%esp),%mm0
-	pxor	%mm1,%mm1
-.align	16
-.L012mw_sse2_loop:
-	movd	(%edx),%mm2
-	pmuludq	%mm0,%mm2
-	leal	4(%edx),%edx
-	paddq	%mm2,%mm1
-	movd	%mm1,(%eax)
-	subl	$1,%ecx
-	psrlq	$32,%mm1
-	leal	4(%eax),%eax
-	jnz	.L012mw_sse2_loop
-	movd	%mm1,%eax
-	emms
-	ret
-.align	16
-.L011mw_non_sse2:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-	xorl	%esi,%esi
-	movl	20(%esp),%edi
-	movl	24(%esp),%ebx
-	movl	28(%esp),%ebp
-	movl	32(%esp),%ecx
-	andl	$4294967288,%ebp
-	jz	.L013mw_finish
-.L014mw_loop:
-
-	movl	(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,(%edi)
-	movl	%edx,%esi
-
-	movl	4(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,4(%edi)
-	movl	%edx,%esi
-
-	movl	8(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,8(%edi)
-	movl	%edx,%esi
-
-	movl	12(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,12(%edi)
-	movl	%edx,%esi
-
-	movl	16(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,16(%edi)
-	movl	%edx,%esi
-
-	movl	20(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,20(%edi)
-	movl	%edx,%esi
-
-	movl	24(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,24(%edi)
-	movl	%edx,%esi
-
-	movl	28(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,28(%edi)
-	movl	%edx,%esi
-
-	addl	$32,%ebx
-	addl	$32,%edi
-	subl	$8,%ebp
-	jz	.L013mw_finish
-	jmp	.L014mw_loop
-.L013mw_finish:
-	movl	28(%esp),%ebp
-	andl	$7,%ebp
-	jnz	.L015mw_finish2
-	jmp	.L016mw_end
-.L015mw_finish2:
-
-	movl	(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,(%edi)
-	movl	%edx,%esi
-	decl	%ebp
-	jz	.L016mw_end
-
-	movl	4(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,4(%edi)
-	movl	%edx,%esi
-	decl	%ebp
-	jz	.L016mw_end
-
-	movl	8(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,8(%edi)
-	movl	%edx,%esi
-	decl	%ebp
-	jz	.L016mw_end
-
-	movl	12(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,12(%edi)
-	movl	%edx,%esi
-	decl	%ebp
-	jz	.L016mw_end
-
-	movl	16(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,16(%edi)
-	movl	%edx,%esi
-	decl	%ebp
-	jz	.L016mw_end
-
-	movl	20(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,20(%edi)
-	movl	%edx,%esi
-	decl	%ebp
-	jz	.L016mw_end
-
-	movl	24(%ebx),%eax
-	mull	%ecx
-	addl	%esi,%eax
-	adcl	$0,%edx
-	movl	%eax,24(%edi)
-	movl	%edx,%esi
-.L016mw_end:
-	movl	%esi,%eax
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	bn_mul_words,.-.L_bn_mul_words_begin
-.globl	bn_sqr_words
-.type	bn_sqr_words,@function
-.align	16
-bn_sqr_words:
-.L_bn_sqr_words_begin:
-	call	.L017PIC_me_up
-.L017PIC_me_up:
-	popl	%eax
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L017PIC_me_up](%eax),%eax
-	movl	OPENSSL_ia32cap_P@GOT(%eax),%eax
-	btl	$26,(%eax)
-	jnc	.L018sqr_non_sse2
-	movl	4(%esp),%eax
-	movl	8(%esp),%edx
-	movl	12(%esp),%ecx
-.align	16
-.L019sqr_sse2_loop:
-	movd	(%edx),%mm0
-	pmuludq	%mm0,%mm0
-	leal	4(%edx),%edx
-	movq	%mm0,(%eax)
-	subl	$1,%ecx
-	leal	8(%eax),%eax
-	jnz	.L019sqr_sse2_loop
-	emms
-	ret
-.align	16
-.L018sqr_non_sse2:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-	movl	20(%esp),%esi
-	movl	24(%esp),%edi
-	movl	28(%esp),%ebx
-	andl	$4294967288,%ebx
-	jz	.L020sw_finish
-.L021sw_loop:
-
-	movl	(%edi),%eax
-	mull	%eax
-	movl	%eax,(%esi)
-	movl	%edx,4(%esi)
-
-	movl	4(%edi),%eax
-	mull	%eax
-	movl	%eax,8(%esi)
-	movl	%edx,12(%esi)
-
-	movl	8(%edi),%eax
-	mull	%eax
-	movl	%eax,16(%esi)
-	movl	%edx,20(%esi)
-
-	movl	12(%edi),%eax
-	mull	%eax
-	movl	%eax,24(%esi)
-	movl	%edx,28(%esi)
-
-	movl	16(%edi),%eax
-	mull	%eax
-	movl	%eax,32(%esi)
-	movl	%edx,36(%esi)
-
-	movl	20(%edi),%eax
-	mull	%eax
-	movl	%eax,40(%esi)
-	movl	%edx,44(%esi)
-
-	movl	24(%edi),%eax
-	mull	%eax
-	movl	%eax,48(%esi)
-	movl	%edx,52(%esi)
-
-	movl	28(%edi),%eax
-	mull	%eax
-	movl	%eax,56(%esi)
-	movl	%edx,60(%esi)
-
-	addl	$32,%edi
-	addl	$64,%esi
-	subl	$8,%ebx
-	jnz	.L021sw_loop
-.L020sw_finish:
-	movl	28(%esp),%ebx
-	andl	$7,%ebx
-	jz	.L022sw_end
-
-	movl	(%edi),%eax
-	mull	%eax
-	movl	%eax,(%esi)
-	decl	%ebx
-	movl	%edx,4(%esi)
-	jz	.L022sw_end
-
-	movl	4(%edi),%eax
-	mull	%eax
-	movl	%eax,8(%esi)
-	decl	%ebx
-	movl	%edx,12(%esi)
-	jz	.L022sw_end
-
-	movl	8(%edi),%eax
-	mull	%eax
-	movl	%eax,16(%esi)
-	decl	%ebx
-	movl	%edx,20(%esi)
-	jz	.L022sw_end
-
-	movl	12(%edi),%eax
-	mull	%eax
-	movl	%eax,24(%esi)
-	decl	%ebx
-	movl	%edx,28(%esi)
-	jz	.L022sw_end
-
-	movl	16(%edi),%eax
-	mull	%eax
-	movl	%eax,32(%esi)
-	decl	%ebx
-	movl	%edx,36(%esi)
-	jz	.L022sw_end
-
-	movl	20(%edi),%eax
-	mull	%eax
-	movl	%eax,40(%esi)
-	decl	%ebx
-	movl	%edx,44(%esi)
-	jz	.L022sw_end
-
-	movl	24(%edi),%eax
-	mull	%eax
-	movl	%eax,48(%esi)
-	movl	%edx,52(%esi)
-.L022sw_end:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	bn_sqr_words,.-.L_bn_sqr_words_begin
-.globl	bn_div_words
-.type	bn_div_words,@function
-.align	16
-bn_div_words:
-.L_bn_div_words_begin:
-	movl	4(%esp),%edx
-	movl	8(%esp),%eax
-	movl	12(%esp),%ecx
-	divl	%ecx
-	ret
-.size	bn_div_words,.-.L_bn_div_words_begin
-.globl	bn_add_words
-.type	bn_add_words,@function
-.align	16
-bn_add_words:
-.L_bn_add_words_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-	movl	20(%esp),%ebx
-	movl	24(%esp),%esi
-	movl	28(%esp),%edi
-	movl	32(%esp),%ebp
-	xorl	%eax,%eax
-	andl	$4294967288,%ebp
-	jz	.L023aw_finish
-.L024aw_loop:
-
-	movl	(%esi),%ecx
-	movl	(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,(%ebx)
-
-	movl	4(%esi),%ecx
-	movl	4(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,4(%ebx)
-
-	movl	8(%esi),%ecx
-	movl	8(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,8(%ebx)
-
-	movl	12(%esi),%ecx
-	movl	12(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,12(%ebx)
-
-	movl	16(%esi),%ecx
-	movl	16(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,16(%ebx)
-
-	movl	20(%esi),%ecx
-	movl	20(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,20(%ebx)
-
-	movl	24(%esi),%ecx
-	movl	24(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,24(%ebx)
-
-	movl	28(%esi),%ecx
-	movl	28(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,28(%ebx)
-
-	addl	$32,%esi
-	addl	$32,%edi
-	addl	$32,%ebx
-	subl	$8,%ebp
-	jnz	.L024aw_loop
-.L023aw_finish:
-	movl	32(%esp),%ebp
-	andl	$7,%ebp
-	jz	.L025aw_end
-
-	movl	(%esi),%ecx
-	movl	(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,(%ebx)
-	jz	.L025aw_end
-
-	movl	4(%esi),%ecx
-	movl	4(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,4(%ebx)
-	jz	.L025aw_end
-
-	movl	8(%esi),%ecx
-	movl	8(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,8(%ebx)
-	jz	.L025aw_end
-
-	movl	12(%esi),%ecx
-	movl	12(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,12(%ebx)
-	jz	.L025aw_end
-
-	movl	16(%esi),%ecx
-	movl	16(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,16(%ebx)
-	jz	.L025aw_end
-
-	movl	20(%esi),%ecx
-	movl	20(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,20(%ebx)
-	jz	.L025aw_end
-
-	movl	24(%esi),%ecx
-	movl	24(%edi),%edx
-	addl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	addl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,24(%ebx)
-.L025aw_end:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	bn_add_words,.-.L_bn_add_words_begin
-.globl	bn_sub_words
-.type	bn_sub_words,@function
-.align	16
-bn_sub_words:
-.L_bn_sub_words_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-	movl	20(%esp),%ebx
-	movl	24(%esp),%esi
-	movl	28(%esp),%edi
-	movl	32(%esp),%ebp
-	xorl	%eax,%eax
-	andl	$4294967288,%ebp
-	jz	.L026aw_finish
-.L027aw_loop:
-
-	movl	(%esi),%ecx
-	movl	(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,(%ebx)
-
-	movl	4(%esi),%ecx
-	movl	4(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,4(%ebx)
-
-	movl	8(%esi),%ecx
-	movl	8(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,8(%ebx)
-
-	movl	12(%esi),%ecx
-	movl	12(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,12(%ebx)
-
-	movl	16(%esi),%ecx
-	movl	16(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,16(%ebx)
-
-	movl	20(%esi),%ecx
-	movl	20(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,20(%ebx)
-
-	movl	24(%esi),%ecx
-	movl	24(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,24(%ebx)
-
-	movl	28(%esi),%ecx
-	movl	28(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,28(%ebx)
-
-	addl	$32,%esi
-	addl	$32,%edi
-	addl	$32,%ebx
-	subl	$8,%ebp
-	jnz	.L027aw_loop
-.L026aw_finish:
-	movl	32(%esp),%ebp
-	andl	$7,%ebp
-	jz	.L028aw_end
-
-	movl	(%esi),%ecx
-	movl	(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,(%ebx)
-	jz	.L028aw_end
-
-	movl	4(%esi),%ecx
-	movl	4(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,4(%ebx)
-	jz	.L028aw_end
-
-	movl	8(%esi),%ecx
-	movl	8(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,8(%ebx)
-	jz	.L028aw_end
-
-	movl	12(%esi),%ecx
-	movl	12(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,12(%ebx)
-	jz	.L028aw_end
-
-	movl	16(%esi),%ecx
-	movl	16(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,16(%ebx)
-	jz	.L028aw_end
-
-	movl	20(%esi),%ecx
-	movl	20(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,20(%ebx)
-	jz	.L028aw_end
-
-	movl	24(%esi),%ecx
-	movl	24(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,24(%ebx)
-.L028aw_end:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	bn_sub_words,.-.L_bn_sub_words_begin
-.globl	bn_sub_part_words
-.type	bn_sub_part_words,@function
-.align	16
-bn_sub_part_words:
-.L_bn_sub_part_words_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-	movl	20(%esp),%ebx
-	movl	24(%esp),%esi
-	movl	28(%esp),%edi
-	movl	32(%esp),%ebp
-	xorl	%eax,%eax
-	andl	$4294967288,%ebp
-	jz	.L029aw_finish
-.L030aw_loop:
-
-	movl	(%esi),%ecx
-	movl	(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,(%ebx)
-
-	movl	4(%esi),%ecx
-	movl	4(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,4(%ebx)
-
-	movl	8(%esi),%ecx
-	movl	8(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,8(%ebx)
-
-	movl	12(%esi),%ecx
-	movl	12(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,12(%ebx)
-
-	movl	16(%esi),%ecx
-	movl	16(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,16(%ebx)
-
-	movl	20(%esi),%ecx
-	movl	20(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,20(%ebx)
-
-	movl	24(%esi),%ecx
-	movl	24(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,24(%ebx)
-
-	movl	28(%esi),%ecx
-	movl	28(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,28(%ebx)
-
-	addl	$32,%esi
-	addl	$32,%edi
-	addl	$32,%ebx
-	subl	$8,%ebp
-	jnz	.L030aw_loop
-.L029aw_finish:
-	movl	32(%esp),%ebp
-	andl	$7,%ebp
-	jz	.L031aw_end
-
-	movl	(%esi),%ecx
-	movl	(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,(%ebx)
-	addl	$4,%esi
-	addl	$4,%edi
-	addl	$4,%ebx
-	decl	%ebp
-	jz	.L031aw_end
-
-	movl	(%esi),%ecx
-	movl	(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,(%ebx)
-	addl	$4,%esi
-	addl	$4,%edi
-	addl	$4,%ebx
-	decl	%ebp
-	jz	.L031aw_end
-
-	movl	(%esi),%ecx
-	movl	(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,(%ebx)
-	addl	$4,%esi
-	addl	$4,%edi
-	addl	$4,%ebx
-	decl	%ebp
-	jz	.L031aw_end
-
-	movl	(%esi),%ecx
-	movl	(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,(%ebx)
-	addl	$4,%esi
-	addl	$4,%edi
-	addl	$4,%ebx
-	decl	%ebp
-	jz	.L031aw_end
-
-	movl	(%esi),%ecx
-	movl	(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,(%ebx)
-	addl	$4,%esi
-	addl	$4,%edi
-	addl	$4,%ebx
-	decl	%ebp
-	jz	.L031aw_end
-
-	movl	(%esi),%ecx
-	movl	(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,(%ebx)
-	addl	$4,%esi
-	addl	$4,%edi
-	addl	$4,%ebx
-	decl	%ebp
-	jz	.L031aw_end
-
-	movl	(%esi),%ecx
-	movl	(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,(%ebx)
-	addl	$4,%esi
-	addl	$4,%edi
-	addl	$4,%ebx
-.L031aw_end:
-	cmpl	$0,36(%esp)
-	je	.L032pw_end
-	movl	36(%esp),%ebp
-	cmpl	$0,%ebp
-	je	.L032pw_end
-	jge	.L033pw_pos
-
-	movl	$0,%edx
-	subl	%ebp,%edx
-	movl	%edx,%ebp
-	andl	$4294967288,%ebp
-	jz	.L034pw_neg_finish
-.L035pw_neg_loop:
-
-	movl	$0,%ecx
-	movl	(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,(%ebx)
-
-	movl	$0,%ecx
-	movl	4(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,4(%ebx)
-
-	movl	$0,%ecx
-	movl	8(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,8(%ebx)
-
-	movl	$0,%ecx
-	movl	12(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,12(%ebx)
-
-	movl	$0,%ecx
-	movl	16(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,16(%ebx)
-
-	movl	$0,%ecx
-	movl	20(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,20(%ebx)
-
-	movl	$0,%ecx
-	movl	24(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,24(%ebx)
-
-	movl	$0,%ecx
-	movl	28(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,28(%ebx)
-
-	addl	$32,%edi
-	addl	$32,%ebx
-	subl	$8,%ebp
-	jnz	.L035pw_neg_loop
-.L034pw_neg_finish:
-	movl	36(%esp),%edx
-	movl	$0,%ebp
-	subl	%edx,%ebp
-	andl	$7,%ebp
-	jz	.L032pw_end
-
-	movl	$0,%ecx
-	movl	(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,(%ebx)
-	jz	.L032pw_end
-
-	movl	$0,%ecx
-	movl	4(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,4(%ebx)
-	jz	.L032pw_end
-
-	movl	$0,%ecx
-	movl	8(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,8(%ebx)
-	jz	.L032pw_end
-
-	movl	$0,%ecx
-	movl	12(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,12(%ebx)
-	jz	.L032pw_end
-
-	movl	$0,%ecx
-	movl	16(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,16(%ebx)
-	jz	.L032pw_end
-
-	movl	$0,%ecx
-	movl	20(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	decl	%ebp
-	movl	%ecx,20(%ebx)
-	jz	.L032pw_end
-
-	movl	$0,%ecx
-	movl	24(%edi),%edx
-	subl	%eax,%ecx
-	movl	$0,%eax
-	adcl	%eax,%eax
-	subl	%edx,%ecx
-	adcl	$0,%eax
-	movl	%ecx,24(%ebx)
-	jmp	.L032pw_end
-.L033pw_pos:
-	andl	$4294967288,%ebp
-	jz	.L036pw_pos_finish
-.L037pw_pos_loop:
-
-	movl	(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,(%ebx)
-	jnc	.L038pw_nc0
-
-	movl	4(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,4(%ebx)
-	jnc	.L039pw_nc1
-
-	movl	8(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,8(%ebx)
-	jnc	.L040pw_nc2
-
-	movl	12(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,12(%ebx)
-	jnc	.L041pw_nc3
-
-	movl	16(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,16(%ebx)
-	jnc	.L042pw_nc4
-
-	movl	20(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,20(%ebx)
-	jnc	.L043pw_nc5
-
-	movl	24(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,24(%ebx)
-	jnc	.L044pw_nc6
-
-	movl	28(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,28(%ebx)
-	jnc	.L045pw_nc7
-
-	addl	$32,%esi
-	addl	$32,%ebx
-	subl	$8,%ebp
-	jnz	.L037pw_pos_loop
-.L036pw_pos_finish:
-	movl	36(%esp),%ebp
-	andl	$7,%ebp
-	jz	.L032pw_end
-
-	movl	(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,(%ebx)
-	jnc	.L046pw_tail_nc0
-	decl	%ebp
-	jz	.L032pw_end
-
-	movl	4(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,4(%ebx)
-	jnc	.L047pw_tail_nc1
-	decl	%ebp
-	jz	.L032pw_end
-
-	movl	8(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,8(%ebx)
-	jnc	.L048pw_tail_nc2
-	decl	%ebp
-	jz	.L032pw_end
-
-	movl	12(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,12(%ebx)
-	jnc	.L049pw_tail_nc3
-	decl	%ebp
-	jz	.L032pw_end
-
-	movl	16(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,16(%ebx)
-	jnc	.L050pw_tail_nc4
-	decl	%ebp
-	jz	.L032pw_end
-
-	movl	20(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,20(%ebx)
-	jnc	.L051pw_tail_nc5
-	decl	%ebp
-	jz	.L032pw_end
-
-	movl	24(%esi),%ecx
-	subl	%eax,%ecx
-	movl	%ecx,24(%ebx)
-	jnc	.L052pw_tail_nc6
-	movl	$1,%eax
-	jmp	.L032pw_end
-.L053pw_nc_loop:
-	movl	(%esi),%ecx
-	movl	%ecx,(%ebx)
-.L038pw_nc0:
-	movl	4(%esi),%ecx
-	movl	%ecx,4(%ebx)
-.L039pw_nc1:
-	movl	8(%esi),%ecx
-	movl	%ecx,8(%ebx)
-.L040pw_nc2:
-	movl	12(%esi),%ecx
-	movl	%ecx,12(%ebx)
-.L041pw_nc3:
-	movl	16(%esi),%ecx
-	movl	%ecx,16(%ebx)
-.L042pw_nc4:
-	movl	20(%esi),%ecx
-	movl	%ecx,20(%ebx)
-.L043pw_nc5:
-	movl	24(%esi),%ecx
-	movl	%ecx,24(%ebx)
-.L044pw_nc6:
-	movl	28(%esi),%ecx
-	movl	%ecx,28(%ebx)
-.L045pw_nc7:
-
-	addl	$32,%esi
-	addl	$32,%ebx
-	subl	$8,%ebp
-	jnz	.L053pw_nc_loop
-	movl	36(%esp),%ebp
-	andl	$7,%ebp
-	jz	.L054pw_nc_end
-	movl	(%esi),%ecx
-	movl	%ecx,(%ebx)
-.L046pw_tail_nc0:
-	decl	%ebp
-	jz	.L054pw_nc_end
-	movl	4(%esi),%ecx
-	movl	%ecx,4(%ebx)
-.L047pw_tail_nc1:
-	decl	%ebp
-	jz	.L054pw_nc_end
-	movl	8(%esi),%ecx
-	movl	%ecx,8(%ebx)
-.L048pw_tail_nc2:
-	decl	%ebp
-	jz	.L054pw_nc_end
-	movl	12(%esi),%ecx
-	movl	%ecx,12(%ebx)
-.L049pw_tail_nc3:
-	decl	%ebp
-	jz	.L054pw_nc_end
-	movl	16(%esi),%ecx
-	movl	%ecx,16(%ebx)
-.L050pw_tail_nc4:
-	decl	%ebp
-	jz	.L054pw_nc_end
-	movl	20(%esi),%ecx
-	movl	%ecx,20(%ebx)
-.L051pw_tail_nc5:
-	decl	%ebp
-	jz	.L054pw_nc_end
-	movl	24(%esi),%ecx
-	movl	%ecx,24(%ebx)
-.L052pw_tail_nc6:
-.L054pw_nc_end:
-	movl	$0,%eax
-.L032pw_end:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	bn_sub_part_words,.-.L_bn_sub_part_words_begin
-.comm	OPENSSL_ia32cap_P,8,4
diff --git a/crypto/bn/asm/bn-586.pl b/crypto/bn/asm/bn-586.pl
deleted file mode 100644
index 332ef3e91d..0000000000
--- a/crypto/bn/asm/bn-586.pl
+++ /dev/null
@@ -1,774 +0,0 @@
-#!/usr/local/bin/perl
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],$0);
-
-$sse2=0;
-for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-
-&external_label("OPENSSL_ia32cap_P") if ($sse2);
-
-&bn_mul_add_words("bn_mul_add_words");
-&bn_mul_words("bn_mul_words");
-&bn_sqr_words("bn_sqr_words");
-&bn_div_words("bn_div_words");
-&bn_add_words("bn_add_words");
-&bn_sub_words("bn_sub_words");
-&bn_sub_part_words("bn_sub_part_words");
-
-&asm_finish();
-
-sub bn_mul_add_words
-	{
-	local($name)=@_;
-
-	&function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
-
-	$r="eax";
-	$a="edx";
-	$c="ecx";
-
-	if ($sse2) {
-		&picmeup("eax","OPENSSL_ia32cap_P");
-		&bt(&DWP(0,"eax"),26);
-		&jnc(&label("maw_non_sse2"));
-
-		&mov($r,&wparam(0));
-		&mov($a,&wparam(1));
-		&mov($c,&wparam(2));
-		&movd("mm0",&wparam(3));	# mm0 = w
-		&pxor("mm1","mm1");		# mm1 = carry_in
-		&jmp(&label("maw_sse2_entry"));
-		
-	&set_label("maw_sse2_unrolled",16);
-		&movd("mm3",&DWP(0,$r,"",0));	# mm3 = r[0]
-		&paddq("mm1","mm3");		# mm1 = carry_in + r[0]
-		&movd("mm2",&DWP(0,$a,"",0));	# mm2 = a[0]
-		&pmuludq("mm2","mm0");		# mm2 = w*a[0]
-		&movd("mm4",&DWP(4,$a,"",0));	# mm4 = a[1]
-		&pmuludq("mm4","mm0");		# mm4 = w*a[1]
-		&movd("mm6",&DWP(8,$a,"",0));	# mm6 = a[2]
-		&pmuludq("mm6","mm0");		# mm6 = w*a[2]
-		&movd("mm7",&DWP(12,$a,"",0));	# mm7 = a[3]
-		&pmuludq("mm7","mm0");		# mm7 = w*a[3]
-		&paddq("mm1","mm2");		# mm1 = carry_in + r[0] + w*a[0]
-		&movd("mm3",&DWP(4,$r,"",0));	# mm3 = r[1]
-		&paddq("mm3","mm4");		# mm3 = r[1] + w*a[1]
-		&movd("mm5",&DWP(8,$r,"",0));	# mm5 = r[2]
-		&paddq("mm5","mm6");		# mm5 = r[2] + w*a[2]
-		&movd("mm4",&DWP(12,$r,"",0));	# mm4 = r[3]
-		&paddq("mm7","mm4");		# mm7 = r[3] + w*a[3]
-		&movd(&DWP(0,$r,"",0),"mm1");
-		&movd("mm2",&DWP(16,$a,"",0));	# mm2 = a[4]
-		&pmuludq("mm2","mm0");		# mm2 = w*a[4]
-		&psrlq("mm1",32);		# mm1 = carry0
-		&movd("mm4",&DWP(20,$a,"",0));	# mm4 = a[5]
-		&pmuludq("mm4","mm0");		# mm4 = w*a[5]
-		&paddq("mm1","mm3");		# mm1 = carry0 + r[1] + w*a[1]
-		&movd("mm6",&DWP(24,$a,"",0));	# mm6 = a[6]
-		&pmuludq("mm6","mm0");		# mm6 = w*a[6]
-		&movd(&DWP(4,$r,"",0),"mm1");
-		&psrlq("mm1",32);		# mm1 = carry1
-		&movd("mm3",&DWP(28,$a,"",0));	# mm3 = a[7]
-		&add($a,32);
-		&pmuludq("mm3","mm0");		# mm3 = w*a[7]
-		&paddq("mm1","mm5");		# mm1 = carry1 + r[2] + w*a[2]
-		&movd("mm5",&DWP(16,$r,"",0));	# mm5 = r[4]
-		&paddq("mm2","mm5");		# mm2 = r[4] + w*a[4]
-		&movd(&DWP(8,$r,"",0),"mm1");
-		&psrlq("mm1",32);		# mm1 = carry2
-		&paddq("mm1","mm7");		# mm1 = carry2 + r[3] + w*a[3]
-		&movd("mm5",&DWP(20,$r,"",0));	# mm5 = r[5]
-		&paddq("mm4","mm5");		# mm4 = r[5] + w*a[5]
-		&movd(&DWP(12,$r,"",0),"mm1");
-		&psrlq("mm1",32);		# mm1 = carry3
-		&paddq("mm1","mm2");		# mm1 = carry3 + r[4] + w*a[4]
-		&movd("mm5",&DWP(24,$r,"",0));	# mm5 = r[6]
-		&paddq("mm6","mm5");		# mm6 = r[6] + w*a[6]
-		&movd(&DWP(16,$r,"",0),"mm1");
-		&psrlq("mm1",32);		# mm1 = carry4
-		&paddq("mm1","mm4");		# mm1 = carry4 + r[5] + w*a[5]
-		&movd("mm5",&DWP(28,$r,"",0));	# mm5 = r[7]
-		&paddq("mm3","mm5");		# mm3 = r[7] + w*a[7]
-		&movd(&DWP(20,$r,"",0),"mm1");
-		&psrlq("mm1",32);		# mm1 = carry5
-		&paddq("mm1","mm6");		# mm1 = carry5 + r[6] + w*a[6]
-		&movd(&DWP(24,$r,"",0),"mm1");
-		&psrlq("mm1",32);		# mm1 = carry6
-		&paddq("mm1","mm3");		# mm1 = carry6 + r[7] + w*a[7]
-		&movd(&DWP(28,$r,"",0),"mm1");
-		&lea($r,&DWP(32,$r));
-		&psrlq("mm1",32);		# mm1 = carry_out
-
-		&sub($c,8);
-		&jz(&label("maw_sse2_exit"));
-	&set_label("maw_sse2_entry");
-		&test($c,0xfffffff8);
-		&jnz(&label("maw_sse2_unrolled"));
-
-	&set_label("maw_sse2_loop",4);
-		&movd("mm2",&DWP(0,$a));	# mm2 = a[i]
-		&movd("mm3",&DWP(0,$r));	# mm3 = r[i]
-		&pmuludq("mm2","mm0");		# a[i] *= w
-		&lea($a,&DWP(4,$a));
-		&paddq("mm1","mm3");		# carry += r[i]
-		&paddq("mm1","mm2");		# carry += a[i]*w
-		&movd(&DWP(0,$r),"mm1");	# r[i] = carry_low
-		&sub($c,1);
-		&psrlq("mm1",32);		# carry = carry_high
-		&lea($r,&DWP(4,$r));
-		&jnz(&label("maw_sse2_loop"));
-	&set_label("maw_sse2_exit");
-		&movd("eax","mm1");		# c = carry_out
-		&emms();
-		&ret();
-
-	&set_label("maw_non_sse2",16);
-	}
-
-	# function_begin prologue
-	&push("ebp");
-	&push("ebx");
-	&push("esi");
-	&push("edi");
-
-	&comment("");
-	$Low="eax";
-	$High="edx";
-	$a="ebx";
-	$w="ebp";
-	$r="edi";
-	$c="esi";
-
-	&xor($c,$c);		# clear carry
-	&mov($r,&wparam(0));	#
-
-	&mov("ecx",&wparam(2));	#
-	&mov($a,&wparam(1));	#
-
-	&and("ecx",0xfffffff8);	# num / 8
-	&mov($w,&wparam(3));	#
-
-	&push("ecx");		# Up the stack for a tmp variable
-
-	&jz(&label("maw_finish"));
-
-	&set_label("maw_loop",16);
-
-	for ($i=0; $i<32; $i+=4)
-		{
-		&comment("Round $i");
-
-		 &mov("eax",&DWP($i,$a)); 	# *a
-		&mul($w);			# *a * w
-		&add("eax",$c);			# L(t)+= c
-		&adc("edx",0);			# H(t)+=carry
-		 &add("eax",&DWP($i,$r));	# L(t)+= *r
-		&adc("edx",0);			# H(t)+=carry
-		 &mov(&DWP($i,$r),"eax");	# *r= L(t);
-		&mov($c,"edx");			# c=  H(t);
-		}
-
-	&comment("");
-	&sub("ecx",8);
-	&lea($a,&DWP(32,$a));
-	&lea($r,&DWP(32,$r));
-	&jnz(&label("maw_loop"));
-
-	&set_label("maw_finish",0);
-	&mov("ecx",&wparam(2));	# get num
-	&and("ecx",7);
-	&jnz(&label("maw_finish2"));	# helps branch prediction
-	&jmp(&label("maw_end"));
-
-	&set_label("maw_finish2",1);
-	for ($i=0; $i<7; $i++)
-		{
-		&comment("Tail Round $i");
-		 &mov("eax",&DWP($i*4,$a));	# *a
-		&mul($w);			# *a * w
-		&add("eax",$c);			# L(t)+=c
-		&adc("edx",0);			# H(t)+=carry
-		 &add("eax",&DWP($i*4,$r));	# L(t)+= *r
-		&adc("edx",0);			# H(t)+=carry
-		 &dec("ecx") if ($i != 7-1);
-		&mov(&DWP($i*4,$r),"eax");	# *r= L(t);
-		 &mov($c,"edx");		# c=  H(t);
-		&jz(&label("maw_end")) if ($i != 7-1);
-		}
-	&set_label("maw_end",0);
-	&mov("eax",$c);
-
-	&pop("ecx");	# clear variable from
-
-	&function_end($name);
-	}
-
-sub bn_mul_words
-	{
-	local($name)=@_;
-
-	&function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
-
-	$r="eax";
-	$a="edx";
-	$c="ecx";
-
-	if ($sse2) {
-		&picmeup("eax","OPENSSL_ia32cap_P");
-		&bt(&DWP(0,"eax"),26);
-		&jnc(&label("mw_non_sse2"));
-
-		&mov($r,&wparam(0));
-		&mov($a,&wparam(1));
-		&mov($c,&wparam(2));
-		&movd("mm0",&wparam(3));	# mm0 = w
-		&pxor("mm1","mm1");		# mm1 = carry = 0
-
-	&set_label("mw_sse2_loop",16);
-		&movd("mm2",&DWP(0,$a));	# mm2 = a[i]
-		&pmuludq("mm2","mm0");		# a[i] *= w
-		&lea($a,&DWP(4,$a));
-		&paddq("mm1","mm2");		# carry += a[i]*w
-		&movd(&DWP(0,$r),"mm1");	# r[i] = carry_low
-		&sub($c,1);
-		&psrlq("mm1",32);		# carry = carry_high
-		&lea($r,&DWP(4,$r));
-		&jnz(&label("mw_sse2_loop"));
-
-		&movd("eax","mm1");		# return carry
-		&emms();
-		&ret();
-	&set_label("mw_non_sse2",16);
-	}
-
-	# function_begin prologue
-	&push("ebp");
-	&push("ebx");
-	&push("esi");
-	&push("edi");
-
-	&comment("");
-	$Low="eax";
-	$High="edx";
-	$a="ebx";
-	$w="ecx";
-	$r="edi";
-	$c="esi";
-	$num="ebp";
-
-	&xor($c,$c);		# clear carry
-	&mov($r,&wparam(0));	#
-	&mov($a,&wparam(1));	#
-	&mov($num,&wparam(2));	#
-	&mov($w,&wparam(3));	#
-
-	&and($num,0xfffffff8);	# num / 8
-	&jz(&label("mw_finish"));
-
-	&set_label("mw_loop",0);
-	for ($i=0; $i<32; $i+=4)
-		{
-		&comment("Round $i");
-
-		 &mov("eax",&DWP($i,$a,"",0)); 	# *a
-		&mul($w);			# *a * w
-		&add("eax",$c);			# L(t)+=c
-		 # XXX
-
-		&adc("edx",0);			# H(t)+=carry
-		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);
-
-		&mov($c,"edx");			# c=  H(t);
-		}
-
-	&comment("");
-	&add($a,32);
-	&add($r,32);
-	&sub($num,8);
-	&jz(&label("mw_finish"));
-	&jmp(&label("mw_loop"));
-
-	&set_label("mw_finish",0);
-	&mov($num,&wparam(2));	# get num
-	&and($num,7);
-	&jnz(&label("mw_finish2"));
-	&jmp(&label("mw_end"));
-
-	&set_label("mw_finish2",1);
-	for ($i=0; $i<7; $i++)
-		{
-		&comment("Tail Round $i");
-		 &mov("eax",&DWP($i*4,$a,"",0));# *a
-		&mul($w);			# *a * w
-		&add("eax",$c);			# L(t)+=c
-		 # XXX
-		&adc("edx",0);			# H(t)+=carry
-		 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
-		&mov($c,"edx");			# c=  H(t);
-		 &dec($num) if ($i != 7-1);
-		&jz(&label("mw_end")) if ($i != 7-1);
-		}
-	&set_label("mw_end",0);
-	&mov("eax",$c);
-
-	&function_end($name);
-	}
-
-sub bn_sqr_words
-	{
-	local($name)=@_;
-
-	&function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
-
-	$r="eax";
-	$a="edx";
-	$c="ecx";
-
-	if ($sse2) {
-		&picmeup("eax","OPENSSL_ia32cap_P");
-		&bt(&DWP(0,"eax"),26);
-		&jnc(&label("sqr_non_sse2"));
-
-		&mov($r,&wparam(0));
-		&mov($a,&wparam(1));
-		&mov($c,&wparam(2));
-
-	&set_label("sqr_sse2_loop",16);
-		&movd("mm0",&DWP(0,$a));	# mm0 = a[i]
-		&pmuludq("mm0","mm0");		# a[i] *= a[i]
-		&lea($a,&DWP(4,$a));		# a++
-		&movq(&QWP(0,$r),"mm0");	# r[i] = a[i]*a[i]
-		&sub($c,1);
-		&lea($r,&DWP(8,$r));		# r += 2
-		&jnz(&label("sqr_sse2_loop"));
-
-		&emms();
-		&ret();
-	&set_label("sqr_non_sse2",16);
-	}
-
-	# function_begin prologue
-	&push("ebp");
-	&push("ebx");
-	&push("esi");
-	&push("edi");
-
-	&comment("");
-	$r="esi";
-	$a="edi";
-	$num="ebx";
-
-	&mov($r,&wparam(0));	#
-	&mov($a,&wparam(1));	#
-	&mov($num,&wparam(2));	#
-
-	&and($num,0xfffffff8);	# num / 8
-	&jz(&label("sw_finish"));
-
-	&set_label("sw_loop",0);
-	for ($i=0; $i<32; $i+=4)
-		{
-		&comment("Round $i");
-		&mov("eax",&DWP($i,$a,"",0)); 	# *a
-		 # XXX
-		&mul("eax");			# *a * *a
-		&mov(&DWP($i*2,$r,"",0),"eax");	#
-		 &mov(&DWP($i*2+4,$r,"",0),"edx");#
-		}
-
-	&comment("");
-	&add($a,32);
-	&add($r,64);
-	&sub($num,8);
-	&jnz(&label("sw_loop"));
-
-	&set_label("sw_finish",0);
-	&mov($num,&wparam(2));	# get num
-	&and($num,7);
-	&jz(&label("sw_end"));
-
-	for ($i=0; $i<7; $i++)
-		{
-		&comment("Tail Round $i");
-		&mov("eax",&DWP($i*4,$a,"",0));	# *a
-		 # XXX
-		&mul("eax");			# *a * *a
-		&mov(&DWP($i*8,$r,"",0),"eax");	#
-		 &dec($num) if ($i != 7-1);
-		&mov(&DWP($i*8+4,$r,"",0),"edx");
-		 &jz(&label("sw_end")) if ($i != 7-1);
-		}
-	&set_label("sw_end",0);
-
-	&function_end($name);
-	}
-
-sub bn_div_words
-	{
-	local($name)=@_;
-
-	&function_begin_B($name,"");
-	&mov("edx",&wparam(0));	#
-	&mov("eax",&wparam(1));	#
-	&mov("ecx",&wparam(2));	#
-	&div("ecx");
-	&ret();
-	&function_end_B($name);
-	}
-
-sub bn_add_words
-	{
-	local($name)=@_;
-
-	&function_begin($name,"");
-
-	&comment("");
-	$a="esi";
-	$b="edi";
-	$c="eax";
-	$r="ebx";
-	$tmp1="ecx";
-	$tmp2="edx";
-	$num="ebp";
-
-	&mov($r,&wparam(0));	# get r
-	 &mov($a,&wparam(1));	# get a
-	&mov($b,&wparam(2));	# get b
-	 &mov($num,&wparam(3));	# get num
-	&xor($c,$c);		# clear carry
-	 &and($num,0xfffffff8);	# num / 8
-
-	&jz(&label("aw_finish"));
-
-	&set_label("aw_loop",0);
-	for ($i=0; $i<8; $i++)
-		{
-		&comment("Round $i");
-
-		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
-		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
-		&add($tmp1,$c);
-		 &mov($c,0);
-		&adc($c,$c);
-		 &add($tmp1,$tmp2);
-		&adc($c,0);
-		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
-		}
-
-	&comment("");
-	&add($a,32);
-	 &add($b,32);
-	&add($r,32);
-	 &sub($num,8);
-	&jnz(&label("aw_loop"));
-
-	&set_label("aw_finish",0);
-	&mov($num,&wparam(3));	# get num
-	&and($num,7);
-	 &jz(&label("aw_end"));
-
-	for ($i=0; $i<7; $i++)
-		{
-		&comment("Tail Round $i");
-		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
-		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
-		&add($tmp1,$c);
-		 &mov($c,0);
-		&adc($c,$c);
-		 &add($tmp1,$tmp2);
-		&adc($c,0);
-		 &dec($num) if ($i != 6);
-		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
-		 &jz(&label("aw_end")) if ($i != 6);
-		}
-	&set_label("aw_end",0);
-
-#	&mov("eax",$c);		# $c is "eax"
-
-	&function_end($name);
-	}
-
-sub bn_sub_words
-	{
-	local($name)=@_;
-
-	&function_begin($name,"");
-
-	&comment("");
-	$a="esi";
-	$b="edi";
-	$c="eax";
-	$r="ebx";
-	$tmp1="ecx";
-	$tmp2="edx";
-	$num="ebp";
-
-	&mov($r,&wparam(0));	# get r
-	 &mov($a,&wparam(1));	# get a
-	&mov($b,&wparam(2));	# get b
-	 &mov($num,&wparam(3));	# get num
-	&xor($c,$c);		# clear carry
-	 &and($num,0xfffffff8);	# num / 8
-
-	&jz(&label("aw_finish"));
-
-	&set_label("aw_loop",0);
-	for ($i=0; $i<8; $i++)
-		{
-		&comment("Round $i");
-
-		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
-		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
-		&sub($tmp1,$c);
-		 &mov($c,0);
-		&adc($c,$c);
-		 &sub($tmp1,$tmp2);
-		&adc($c,0);
-		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
-		}
-
-	&comment("");
-	&add($a,32);
-	 &add($b,32);
-	&add($r,32);
-	 &sub($num,8);
-	&jnz(&label("aw_loop"));
-
-	&set_label("aw_finish",0);
-	&mov($num,&wparam(3));	# get num
-	&and($num,7);
-	 &jz(&label("aw_end"));
-
-	for ($i=0; $i<7; $i++)
-		{
-		&comment("Tail Round $i");
-		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
-		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
-		&sub($tmp1,$c);
-		 &mov($c,0);
-		&adc($c,$c);
-		 &sub($tmp1,$tmp2);
-		&adc($c,0);
-		 &dec($num) if ($i != 6);
-		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
-		 &jz(&label("aw_end")) if ($i != 6);
-		}
-	&set_label("aw_end",0);
-
-#	&mov("eax",$c);		# $c is "eax"
-
-	&function_end($name);
-	}
-
-sub bn_sub_part_words
-	{
-	local($name)=@_;
-
-	&function_begin($name,"");
-
-	&comment("");
-	$a="esi";
-	$b="edi";
-	$c="eax";
-	$r="ebx";
-	$tmp1="ecx";
-	$tmp2="edx";
-	$num="ebp";
-
-	&mov($r,&wparam(0));	# get r
-	 &mov($a,&wparam(1));	# get a
-	&mov($b,&wparam(2));	# get b
-	 &mov($num,&wparam(3));	# get num
-	&xor($c,$c);		# clear carry
-	 &and($num,0xfffffff8);	# num / 8
-
-	&jz(&label("aw_finish"));
-
-	&set_label("aw_loop",0);
-	for ($i=0; $i<8; $i++)
-		{
-		&comment("Round $i");
-
-		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
-		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
-		&sub($tmp1,$c);
-		 &mov($c,0);
-		&adc($c,$c);
-		 &sub($tmp1,$tmp2);
-		&adc($c,0);
-		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
-		}
-
-	&comment("");
-	&add($a,32);
-	 &add($b,32);
-	&add($r,32);
-	 &sub($num,8);
-	&jnz(&label("aw_loop"));
-
-	&set_label("aw_finish",0);
-	&mov($num,&wparam(3));	# get num
-	&and($num,7);
-	 &jz(&label("aw_end"));
-
-	for ($i=0; $i<7; $i++)
-		{
-		&comment("Tail Round $i");
-		&mov($tmp1,&DWP(0,$a,"",0));	# *a
-		 &mov($tmp2,&DWP(0,$b,"",0));# *b
-		&sub($tmp1,$c);
-		 &mov($c,0);
-		&adc($c,$c);
-		 &sub($tmp1,$tmp2);
-		&adc($c,0);
-		&mov(&DWP(0,$r,"",0),$tmp1);	# *r
-		&add($a, 4);
-		&add($b, 4);
-		&add($r, 4);
-		 &dec($num) if ($i != 6);
-		 &jz(&label("aw_end")) if ($i != 6);
-		}
-	&set_label("aw_end",0);
-
-	&cmp(&wparam(4),0);
-	&je(&label("pw_end"));
-
-	&mov($num,&wparam(4));	# get dl
-	&cmp($num,0);
-	&je(&label("pw_end"));
-	&jge(&label("pw_pos"));
-
-	&comment("pw_neg");
-	&mov($tmp2,0);
-	&sub($tmp2,$num);
-	&mov($num,$tmp2);
-	&and($num,0xfffffff8);	# num / 8
-	&jz(&label("pw_neg_finish"));
-
-	&set_label("pw_neg_loop",0);
-	for ($i=0; $i<8; $i++)
-	{
-	    &comment("dl<0 Round $i");
-
-	    &mov($tmp1,0);
-	    &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
-	    &sub($tmp1,$c);
-	    &mov($c,0);
-	    &adc($c,$c);
-	    &sub($tmp1,$tmp2);
-	    &adc($c,0);
-	    &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
-	}
-	    
-	&comment("");
-	&add($b,32);
-	&add($r,32);
-	&sub($num,8);
-	&jnz(&label("pw_neg_loop"));
-	    
-	&set_label("pw_neg_finish",0);
-	&mov($tmp2,&wparam(4));	# get dl
-	&mov($num,0);
-	&sub($num,$tmp2);
-	&and($num,7);
-	&jz(&label("pw_end"));
-	    
-	for ($i=0; $i<7; $i++)
-	{
-	    &comment("dl<0 Tail Round $i");
-	    &mov($tmp1,0);
-	    &mov($tmp2,&DWP($i*4,$b,"",0));# *b
-	    &sub($tmp1,$c);
-	    &mov($c,0);
-	    &adc($c,$c);
-	    &sub($tmp1,$tmp2);
-	    &adc($c,0);
-	    &dec($num) if ($i != 6);
-	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
-	    &jz(&label("pw_end")) if ($i != 6);
-	}
-
-	&jmp(&label("pw_end"));
-	
-	&set_label("pw_pos",0);
-	
-	&and($num,0xfffffff8);	# num / 8
-	&jz(&label("pw_pos_finish"));
-
-	&set_label("pw_pos_loop",0);
-
-	for ($i=0; $i<8; $i++)
-	{
-	    &comment("dl>0 Round $i");
-
-	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
-	    &sub($tmp1,$c);
-	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
-	    &jnc(&label("pw_nc".$i));
-	}
-	    
-	&comment("");
-	&add($a,32);
-	&add($r,32);
-	&sub($num,8);
-	&jnz(&label("pw_pos_loop"));
-	    
-	&set_label("pw_pos_finish",0);
-	&mov($num,&wparam(4));	# get dl
-	&and($num,7);
-	&jz(&label("pw_end"));
-	    
-	for ($i=0; $i<7; $i++)
-	{
-	    &comment("dl>0 Tail Round $i");
-	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
-	    &sub($tmp1,$c);
-	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
-	    &jnc(&label("pw_tail_nc".$i));
-	    &dec($num) if ($i != 6);
-	    &jz(&label("pw_end")) if ($i != 6);
-	}
-	&mov($c,1);
-	&jmp(&label("pw_end"));
-
-	&set_label("pw_nc_loop",0);
-	for ($i=0; $i<8; $i++)
-	{
-	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
-	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
-	    &set_label("pw_nc".$i,0);
-	}
-	    
-	&comment("");
-	&add($a,32);
-	&add($r,32);
-	&sub($num,8);
-	&jnz(&label("pw_nc_loop"));
-	    
-	&mov($num,&wparam(4));	# get dl
-	&and($num,7);
-	&jz(&label("pw_nc_end"));
-	    
-	for ($i=0; $i<7; $i++)
-	{
-	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
-	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
-	    &set_label("pw_tail_nc".$i,0);
-	    &dec($num) if ($i != 6);
-	    &jz(&label("pw_nc_end")) if ($i != 6);
-	}
-
-	&set_label("pw_nc_end",0);
-	&mov($c,0);
-
-	&set_label("pw_end",0);
-
-#	&mov("eax",$c);		# $c is "eax"
-
-	&function_end($name);
-	}
-
diff --git a/crypto/bn/asm/bn-mips.S b/crypto/bn/asm/bn-mips.S
deleted file mode 100644
index 6213680254..0000000000
--- a/crypto/bn/asm/bn-mips.S
+++ /dev/null
@@ -1,2159 +0,0 @@
-.set	mips2
-.rdata
-.asciiz	"mips3.s, Version 1.2"
-.asciiz	"MIPS II/III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-
-.text
-.set	noat
-
-.align	5
-.globl	bn_mul_add_words
-.ent	bn_mul_add_words
-bn_mul_add_words:
-	.set	noreorder
-	bgtz	$6,bn_mul_add_words_internal
-	move	$2,$0
-	jr	$31
-	move	$4,$2
-.end	bn_mul_add_words
-
-.align	5
-.ent	bn_mul_add_words_internal
-bn_mul_add_words_internal:
-	.set	reorder
-	li	$3,-4
-	and	$8,$6,$3
-	beqz	$8,.L_bn_mul_add_words_tail
-
-.L_bn_mul_add_words_loop:
-	lw	$12,0($5)
-	multu	$12,$7
-	lw	$13,0($4)
-	lw	$14,4($5)
-	lw	$15,4($4)
-	lw	$8,2*4($5)
-	lw	$9,2*4($4)
-	addu	$13,$2
-	sltu	$2,$13,$2	# All manuals say it "compares 32-bit
-				# values", but it seems to work fine
-				# even on 64-bit registers.
-	mflo	$1
-	mfhi	$12
-	addu	$13,$1
-	addu	$2,$12
-	 multu	$14,$7
-	sltu	$1,$13,$1
-	sw	$13,0($4)
-	addu	$2,$1
-
-	lw	$10,3*4($5)
-	lw	$11,3*4($4)
-	addu	$15,$2
-	sltu	$2,$15,$2
-	mflo	$1
-	mfhi	$14
-	addu	$15,$1
-	addu	$2,$14
-	 multu	$8,$7
-	sltu	$1,$15,$1
-	sw	$15,4($4)
-	addu	$2,$1
-
-	subu	$6,4
-	addu $4,4*4
-	addu $5,4*4
-	addu	$9,$2
-	sltu	$2,$9,$2
-	mflo	$1
-	mfhi	$8
-	addu	$9,$1
-	addu	$2,$8
-	 multu	$10,$7
-	sltu	$1,$9,$1
-	sw	$9,-2*4($4)
-	addu	$2,$1
-
-
-	and	$8,$6,$3
-	addu	$11,$2
-	sltu	$2,$11,$2
-	mflo	$1
-	mfhi	$10
-	addu	$11,$1
-	addu	$2,$10
-	sltu	$1,$11,$1
-	sw	$11,-4($4)
-	.set	noreorder
-	bgtz	$8,.L_bn_mul_add_words_loop
-	addu	$2,$1
-
-	beqz	$6,.L_bn_mul_add_words_return
-	nop
-
-.L_bn_mul_add_words_tail:
-	.set	reorder
-	lw	$12,0($5)
-	multu	$12,$7
-	lw	$13,0($4)
-	subu	$6,1
-	addu	$13,$2
-	sltu	$2,$13,$2
-	mflo	$1
-	mfhi	$12
-	addu	$13,$1
-	addu	$2,$12
-	sltu	$1,$13,$1
-	sw	$13,0($4)
-	addu	$2,$1
-	beqz	$6,.L_bn_mul_add_words_return
-
-	lw	$12,4($5)
-	multu	$12,$7
-	lw	$13,4($4)
-	subu	$6,1
-	addu	$13,$2
-	sltu	$2,$13,$2
-	mflo	$1
-	mfhi	$12
-	addu	$13,$1
-	addu	$2,$12
-	sltu	$1,$13,$1
-	sw	$13,4($4)
-	addu	$2,$1
-	beqz	$6,.L_bn_mul_add_words_return
-
-	lw	$12,2*4($5)
-	multu	$12,$7
-	lw	$13,2*4($4)
-	addu	$13,$2
-	sltu	$2,$13,$2
-	mflo	$1
-	mfhi	$12
-	addu	$13,$1
-	addu	$2,$12
-	sltu	$1,$13,$1
-	sw	$13,2*4($4)
-	addu	$2,$1
-
-.L_bn_mul_add_words_return:
-	.set	noreorder
-	jr	$31
-	move	$4,$2
-.end	bn_mul_add_words_internal
-
-.align	5
-.globl	bn_mul_words
-.ent	bn_mul_words
-bn_mul_words:
-	.set	noreorder
-	bgtz	$6,bn_mul_words_internal
-	move	$2,$0
-	jr	$31
-	move	$4,$2
-.end	bn_mul_words
-
-.align	5
-.ent	bn_mul_words_internal
-bn_mul_words_internal:
-	.set	reorder
-	li	$3,-4
-	and	$8,$6,$3
-	beqz	$8,.L_bn_mul_words_tail
-
-.L_bn_mul_words_loop:
-	lw	$12,0($5)
-	multu	$12,$7
-	lw	$14,4($5)
-	lw	$8,2*4($5)
-	lw	$10,3*4($5)
-	mflo	$1
-	mfhi	$12
-	addu	$2,$1
-	sltu	$13,$2,$1
-	 multu	$14,$7
-	sw	$2,0($4)
-	addu	$2,$13,$12
-
-	subu	$6,4
-	addu $4,4*4
-	addu $5,4*4
-	mflo	$1
-	mfhi	$14
-	addu	$2,$1
-	sltu	$15,$2,$1
-	 multu	$8,$7
-	sw	$2,-3*4($4)
-	addu	$2,$15,$14
-
-	mflo	$1
-	mfhi	$8
-	addu	$2,$1
-	sltu	$9,$2,$1
-	 multu	$10,$7
-	sw	$2,-2*4($4)
-	addu	$2,$9,$8
-
-	and	$8,$6,$3
-	mflo	$1
-	mfhi	$10
-	addu	$2,$1
-	sltu	$11,$2,$1
-	sw	$2,-4($4)
-	.set	noreorder
-	bgtz	$8,.L_bn_mul_words_loop
-	addu	$2,$11,$10
-
-	beqz	$6,.L_bn_mul_words_return
-	nop
-
-.L_bn_mul_words_tail:
-	.set	reorder
-	lw	$12,0($5)
-	multu	$12,$7
-	subu	$6,1
-	mflo	$1
-	mfhi	$12
-	addu	$2,$1
-	sltu	$13,$2,$1
-	sw	$2,0($4)
-	addu	$2,$13,$12
-	beqz	$6,.L_bn_mul_words_return
-
-	lw	$12,4($5)
-	multu	$12,$7
-	subu	$6,1
-	mflo	$1
-	mfhi	$12
-	addu	$2,$1
-	sltu	$13,$2,$1
-	sw	$2,4($4)
-	addu	$2,$13,$12
-	beqz	$6,.L_bn_mul_words_return
-
-	lw	$12,2*4($5)
-	multu	$12,$7
-	mflo	$1
-	mfhi	$12
-	addu	$2,$1
-	sltu	$13,$2,$1
-	sw	$2,2*4($4)
-	addu	$2,$13,$12
-
-.L_bn_mul_words_return:
-	.set	noreorder
-	jr	$31
-	move	$4,$2
-.end	bn_mul_words_internal
-
-.align	5
-.globl	bn_sqr_words
-.ent	bn_sqr_words
-bn_sqr_words:
-	.set	noreorder
-	bgtz	$6,bn_sqr_words_internal
-	move	$2,$0
-	jr	$31
-	move	$4,$2
-.end	bn_sqr_words
-
-.align	5
-.ent	bn_sqr_words_internal
-bn_sqr_words_internal:
-	.set	reorder
-	li	$3,-4
-	and	$8,$6,$3
-	beqz	$8,.L_bn_sqr_words_tail
-
-.L_bn_sqr_words_loop:
-	lw	$12,0($5)
-	multu	$12,$12
-	lw	$14,4($5)
-	lw	$8,2*4($5)
-	lw	$10,3*4($5)
-	mflo	$13
-	mfhi	$12
-	sw	$13,0($4)
-	sw	$12,4($4)
-
-	multu	$14,$14
-	subu	$6,4
-	addu $4,8*4
-	addu $5,4*4
-	mflo	$15
-	mfhi	$14
-	sw	$15,-6*4($4)
-	sw	$14,-5*4($4)
-
-	multu	$8,$8
-	mflo	$9
-	mfhi	$8
-	sw	$9,-4*4($4)
-	sw	$8,-3*4($4)
-
-
-	multu	$10,$10
-	and	$8,$6,$3
-	mflo	$11
-	mfhi	$10
-	sw	$11,-2*4($4)
-
-	.set	noreorder
-	bgtz	$8,.L_bn_sqr_words_loop
-	sw	$10,-4($4)
-
-	beqz	$6,.L_bn_sqr_words_return
-	nop
-
-.L_bn_sqr_words_tail:
-	.set	reorder
-	lw	$12,0($5)
-	multu	$12,$12
-	subu	$6,1
-	mflo	$13
-	mfhi	$12
-	sw	$13,0($4)
-	sw	$12,4($4)
-	beqz	$6,.L_bn_sqr_words_return
-
-	lw	$12,4($5)
-	multu	$12,$12
-	subu	$6,1
-	mflo	$13
-	mfhi	$12
-	sw	$13,2*4($4)
-	sw	$12,3*4($4)
-	beqz	$6,.L_bn_sqr_words_return
-
-	lw	$12,2*4($5)
-	multu	$12,$12
-	mflo	$13
-	mfhi	$12
-	sw	$13,4*4($4)
-	sw	$12,5*4($4)
-
-.L_bn_sqr_words_return:
-	.set	noreorder
-	jr	$31
-	move	$4,$2
-
-.end	bn_sqr_words_internal
-
-.align	5
-.globl	bn_add_words
-.ent	bn_add_words
-bn_add_words:
-	.set	noreorder
-	bgtz	$7,bn_add_words_internal
-	move	$2,$0
-	jr	$31
-	move	$4,$2
-.end	bn_add_words
-
-.align	5
-.ent	bn_add_words_internal
-bn_add_words_internal:
-	.set	reorder
-	li	$3,-4
-	and	$1,$7,$3
-	beqz	$1,.L_bn_add_words_tail
-
-.L_bn_add_words_loop:
-	lw	$12,0($5)
-	lw	$8,0($6)
-	subu	$7,4
-	lw	$13,4($5)
-	and	$1,$7,$3
-	lw	$14,2*4($5)
-	addu $6,4*4
-	lw	$15,3*4($5)
-	addu $4,4*4
-	lw	$9,-3*4($6)
-	addu $5,4*4
-	lw	$10,-2*4($6)
-	lw	$11,-4($6)
-	addu	$8,$12
-	sltu	$24,$8,$12
-	addu	$12,$8,$2
-	sltu	$2,$12,$8
-	sw	$12,-4*4($4)
-	addu	$2,$24
-
-	addu	$9,$13
-	sltu	$25,$9,$13
-	addu	$13,$9,$2
-	sltu	$2,$13,$9
-	sw	$13,-3*4($4)
-	addu	$2,$25
-
-	addu	$10,$14
-	sltu	$24,$10,$14
-	addu	$14,$10,$2
-	sltu	$2,$14,$10
-	sw	$14,-2*4($4)
-	addu	$2,$24
-	
-	addu	$11,$15
-	sltu	$25,$11,$15
-	addu	$15,$11,$2
-	sltu	$2,$15,$11
-	sw	$15,-4($4)
-	
-	.set	noreorder
-	bgtz	$1,.L_bn_add_words_loop
-	addu	$2,$25
-
-	beqz	$7,.L_bn_add_words_return
-	nop
-
-.L_bn_add_words_tail:
-	.set	reorder
-	lw	$12,0($5)
-	lw	$8,0($6)
-	addu	$8,$12
-	subu	$7,1
-	sltu	$24,$8,$12
-	addu	$12,$8,$2
-	sltu	$2,$12,$8
-	sw	$12,0($4)
-	addu	$2,$24
-	beqz	$7,.L_bn_add_words_return
-
-	lw	$13,4($5)
-	lw	$9,4($6)
-	addu	$9,$13
-	subu	$7,1
-	sltu	$25,$9,$13
-	addu	$13,$9,$2
-	sltu	$2,$13,$9
-	sw	$13,4($4)
-	addu	$2,$25
-	beqz	$7,.L_bn_add_words_return
-
-	lw	$14,2*4($5)
-	lw	$10,2*4($6)
-	addu	$10,$14
-	sltu	$24,$10,$14
-	addu	$14,$10,$2
-	sltu	$2,$14,$10
-	sw	$14,2*4($4)
-	addu	$2,$24
-
-.L_bn_add_words_return:
-	.set	noreorder
-	jr	$31
-	move	$4,$2
-
-.end	bn_add_words_internal
-
-.align	5
-.globl	bn_sub_words
-.ent	bn_sub_words
-bn_sub_words:
-	.set	noreorder
-	bgtz	$7,bn_sub_words_internal
-	move	$2,$0
-	jr	$31
-	move	$4,$0
-.end	bn_sub_words
-
-.align	5
-.ent	bn_sub_words_internal
-bn_sub_words_internal:
-	.set	reorder
-	li	$3,-4
-	and	$1,$7,$3
-	beqz	$1,.L_bn_sub_words_tail
-
-.L_bn_sub_words_loop:
-	lw	$12,0($5)
-	lw	$8,0($6)
-	subu	$7,4
-	lw	$13,4($5)
-	and	$1,$7,$3
-	lw	$14,2*4($5)
-	addu $6,4*4
-	lw	$15,3*4($5)
-	addu $4,4*4
-	lw	$9,-3*4($6)
-	addu $5,4*4
-	lw	$10,-2*4($6)
-	lw	$11,-4($6)
-	sltu	$24,$12,$8
-	subu	$8,$12,$8
-	subu	$12,$8,$2
-	sgtu	$2,$12,$8
-	sw	$12,-4*4($4)
-	addu	$2,$24
-
-	sltu	$25,$13,$9
-	subu	$9,$13,$9
-	subu	$13,$9,$2
-	sgtu	$2,$13,$9
-	sw	$13,-3*4($4)
-	addu	$2,$25
-
-
-	sltu	$24,$14,$10
-	subu	$10,$14,$10
-	subu	$14,$10,$2
-	sgtu	$2,$14,$10
-	sw	$14,-2*4($4)
-	addu	$2,$24
-
-	sltu	$25,$15,$11
-	subu	$11,$15,$11
-	subu	$15,$11,$2
-	sgtu	$2,$15,$11
-	sw	$15,-4($4)
-
-	.set	noreorder
-	bgtz	$1,.L_bn_sub_words_loop
-	addu	$2,$25
-
-	beqz	$7,.L_bn_sub_words_return
-	nop
-
-.L_bn_sub_words_tail:
-	.set	reorder
-	lw	$12,0($5)
-	lw	$8,0($6)
-	subu	$7,1
-	sltu	$24,$12,$8
-	subu	$8,$12,$8
-	subu	$12,$8,$2
-	sgtu	$2,$12,$8
-	sw	$12,0($4)
-	addu	$2,$24
-	beqz	$7,.L_bn_sub_words_return
-
-	lw	$13,4($5)
-	subu	$7,1
-	lw	$9,4($6)
-	sltu	$25,$13,$9
-	subu	$9,$13,$9
-	subu	$13,$9,$2
-	sgtu	$2,$13,$9
-	sw	$13,4($4)
-	addu	$2,$25
-	beqz	$7,.L_bn_sub_words_return
-
-	lw	$14,2*4($5)
-	lw	$10,2*4($6)
-	sltu	$24,$14,$10
-	subu	$10,$14,$10
-	subu	$14,$10,$2
-	sgtu	$2,$14,$10
-	sw	$14,2*4($4)
-	addu	$2,$24
-
-.L_bn_sub_words_return:
-	.set	noreorder
-	jr	$31
-	move	$4,$2
-.end	bn_sub_words_internal
-
-.align 5
-.globl	bn_div_3_words
-.ent	bn_div_3_words
-bn_div_3_words:
-	.set	noreorder
-	move	$7,$4		# we know that bn_div_words does not
-				# touch $7, $10, $11 and preserves $6
-				# so that we can save two arguments
-				# and return address in registers
-				# instead of stack:-)
-				
-	lw	$4,($7)
-	move	$10,$5
-	bne	$4,$6,bn_div_3_words_internal
-	lw	$5,-4($7)
-	li	$2,-1
-	jr	$31
-	move	$4,$2
-.end	bn_div_3_words
-
-.align	5
-.ent	bn_div_3_words_internal
-bn_div_3_words_internal:
-	.set	reorder
-	move	$11,$31
-	bal	bn_div_words_internal
-	move	$31,$11
-	multu	$10,$2
-	lw	$14,-2*4($7)
-	move	$8,$0
-	mfhi	$13
-	mflo	$12
-	sltu	$24,$13,$5
-.L_bn_div_3_words_inner_loop:
-	bnez	$24,.L_bn_div_3_words_inner_loop_done
-	sgeu	$1,$14,$12
-	seq	$25,$13,$5
-	and	$1,$25
-	sltu	$15,$12,$10
-	addu	$5,$6
-	subu	$13,$15
-	subu	$12,$10
-	sltu	$24,$13,$5
-	sltu	$8,$5,$6
-	or	$24,$8
-	.set	noreorder
-	beqz	$1,.L_bn_div_3_words_inner_loop
-	subu	$2,1
-	addu	$2,1
-	.set	reorder
-.L_bn_div_3_words_inner_loop_done:
-	.set	noreorder
-	jr	$31
-	move	$4,$2
-.end	bn_div_3_words_internal
-
-.align	5
-.globl	bn_div_words
-.ent	bn_div_words
-bn_div_words:
-	.set	noreorder
-	bnez	$6,bn_div_words_internal
-	li	$2,-1		# I would rather signal div-by-zero
-				# which can be done with 'break 7'
-	jr	$31
-	move	$4,$2
-.end	bn_div_words
-
-.align	5
-.ent	bn_div_words_internal
-bn_div_words_internal:
-	move	$3,$0
-	bltz	$6,.L_bn_div_words_body
-	move	$25,$3
-	sll	$6,1
-	bgtz	$6,.-4
-	addu	$25,1
-
-	.set	reorder
-	negu	$13,$25
-	li	$14,-1
-	sll	$14,$13
-	and	$14,$4
-	srl	$1,$5,$13
-	.set	noreorder
-	beqz	$14,.+12
-	nop
-	break	6		# signal overflow
-	.set	reorder
-	sll	$4,$25
-	sll	$5,$25
-	or	$4,$1
-.L_bn_div_words_body:
-	srl	$3,$6,4*4	# bits
-	sgeu	$1,$4,$6
-	.set	noreorder
-	beqz	$1,.+12
-	nop
-	subu	$4,$6
-	.set	reorder
-
-	li	$8,-1
-	srl	$9,$4,4*4	# bits
-	srl	$8,4*4	# q=0xffffffff
-	beq	$3,$9,.L_bn_div_words_skip_div1
-	divu	$0,$4,$3
-	mflo	$8
-.L_bn_div_words_skip_div1:
-	multu	$6,$8
-	sll	$15,$4,4*4	# bits
-	srl	$1,$5,4*4	# bits
-	or	$15,$1
-	mflo	$12
-	mfhi	$13
-.L_bn_div_words_inner_loop1:
-	sltu	$14,$15,$12
-	seq	$24,$9,$13
-	sltu	$1,$9,$13
-	and	$14,$24
-	sltu	$2,$12,$6
-	or	$1,$14
-	.set	noreorder
-	beqz	$1,.L_bn_div_words_inner_loop1_done
-	subu	$13,$2
-	subu	$12,$6
-	b	.L_bn_div_words_inner_loop1
-	subu	$8,1
-	.set	reorder
-.L_bn_div_words_inner_loop1_done:
-
-	sll	$5,4*4	# bits
-	subu	$4,$15,$12
-	sll	$2,$8,4*4	# bits
-
-	li	$8,-1
-	srl	$9,$4,4*4	# bits
-	srl	$8,4*4	# q=0xffffffff
-	beq	$3,$9,.L_bn_div_words_skip_div2
-	divu	$0,$4,$3
-	mflo	$8
-.L_bn_div_words_skip_div2:
-	multu	$6,$8
-	sll	$15,$4,4*4	# bits
-	srl	$1,$5,4*4	# bits
-	or	$15,$1
-	mflo	$12
-	mfhi	$13
-.L_bn_div_words_inner_loop2:
-	sltu	$14,$15,$12
-	seq	$24,$9,$13
-	sltu	$1,$9,$13
-	and	$14,$24
-	sltu	$3,$12,$6
-	or	$1,$14
-	.set	noreorder
-	beqz	$1,.L_bn_div_words_inner_loop2_done
-	subu	$13,$3
-	subu	$12,$6
-	b	.L_bn_div_words_inner_loop2
-	subu	$8,1
-	.set	reorder
-.L_bn_div_words_inner_loop2_done:
-
-	subu	$4,$15,$12
-	or	$2,$8
-	srl	$3,$4,$25	# $3 contains remainder if anybody wants it
-	srl	$6,$25		# restore $6
-
-	.set	noreorder
-	move	$5,$3
-	jr	$31
-	move	$4,$2
-.end	bn_div_words_internal
-
-.align	5
-.globl	bn_mul_comba8
-.ent	bn_mul_comba8
-bn_mul_comba8:
-	.set	noreorder
-	.frame	$29,6*4,$31
-	.mask	0x003f0000,-4
-	subu $29,6*4
-	sw	$21,5*4($29)
-	sw	$20,4*4($29)
-	sw	$19,3*4($29)
-	sw	$18,2*4($29)
-	sw	$17,1*4($29)
-	sw	$16,0*4($29)
-
-	.set	reorder
-	lw	$12,0($5)	# If compiled with -mips3 option on
-				# R5000 box assembler barks on this
-				# 1ine with "should not have mult/div
-				# as last instruction in bb (R10K
-				# bug)" warning. If anybody out there
-				# has a clue about how to circumvent
-				# this do send me a note.
-				#		<appro@fy.chalmers.se>
-
-	lw	$8,0($6)
-	lw	$13,4($5)
-	lw	$14,2*4($5)
-	multu	$12,$8		# mul_add_c(a[0],b[0],c1,c2,c3);
-	lw	$15,3*4($5)
-	lw	$9,4($6)
-	lw	$10,2*4($6)
-	lw	$11,3*4($6)
-	mflo	$2
-	mfhi	$3
-
-	lw	$16,4*4($5)
-	lw	$18,5*4($5)
-	multu	$12,$9		# mul_add_c(a[0],b[1],c2,c3,c1);
-	lw	$20,6*4($5)
-	lw	$5,7*4($5)
-	lw	$17,4*4($6)
-	lw	$19,5*4($6)
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$13,$8		# mul_add_c(a[1],b[0],c2,c3,c1);
-	addu	$7,$25,$1
-	lw	$21,6*4($6)
-	lw	$6,7*4($6)
-	sw	$2,0($4)	# r[0]=c1;
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$14,$8		# mul_add_c(a[2],b[0],c3,c1,c2);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$2,$7,$25
-	sw	$3,4($4)	# r[1]=c2;
-
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$13,$9		# mul_add_c(a[1],b[1],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$12,$10		# mul_add_c(a[0],b[2],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$3,$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$12,$11		# mul_add_c(a[0],b[3],c1,c2,c3);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	sw	$7,2*4($4)	# r[2]=c3;
-
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$13,$10		# mul_add_c(a[1],b[2],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$7,$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$14,$9		# mul_add_c(a[2],b[1],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$15,$8		# mul_add_c(a[3],b[0],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$16,$8		# mul_add_c(a[4],b[0],c2,c3,c1);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	sw	$2,3*4($4)	# r[3]=c1;
-
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$15,$9		# mul_add_c(a[3],b[1],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$2,$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$14,$10		# mul_add_c(a[2],b[2],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$13,$11		# mul_add_c(a[1],b[3],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$12,$17		# mul_add_c(a[0],b[4],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$12,$19		# mul_add_c(a[0],b[5],c3,c1,c2);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	sw	$3,4*4($4)	# r[4]=c2;
-
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$13,$17		# mul_add_c(a[1],b[4],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$3,$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$14,$11		# mul_add_c(a[2],b[3],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$15,$10		# mul_add_c(a[3],b[2],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$16,$9		# mul_add_c(a[4],b[1],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$18,$8		# mul_add_c(a[5],b[0],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$20,$8		# mul_add_c(a[6],b[0],c1,c2,c3);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	sw	$7,5*4($4)	# r[5]=c3;
-
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$18,$9		# mul_add_c(a[5],b[1],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$7,$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$16,$10		# mul_add_c(a[4],b[2],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$15,$11		# mul_add_c(a[3],b[3],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$14,$17		# mul_add_c(a[2],b[4],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$13,$19		# mul_add_c(a[1],b[5],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$12,$21		# mul_add_c(a[0],b[6],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$12,$6		# mul_add_c(a[0],b[7],c2,c3,c1);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	sw	$2,6*4($4)	# r[6]=c1;
-
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$13,$21		# mul_add_c(a[1],b[6],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$2,$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$14,$19		# mul_add_c(a[2],b[5],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$15,$17		# mul_add_c(a[3],b[4],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$16,$11		# mul_add_c(a[4],b[3],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$18,$10		# mul_add_c(a[5],b[2],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$20,$9		# mul_add_c(a[6],b[1],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$5,$8		# mul_add_c(a[7],b[0],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$5,$9		# mul_add_c(a[7],b[1],c3,c1,c2);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	sw	$3,7*4($4)	# r[7]=c2;
-
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$20,$10		# mul_add_c(a[6],b[2],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$3,$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$18,$11		# mul_add_c(a[5],b[3],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$16,$17		# mul_add_c(a[4],b[4],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$15,$19		# mul_add_c(a[3],b[5],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$14,$21		# mul_add_c(a[2],b[6],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$13,$6		# mul_add_c(a[1],b[7],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$14,$6		# mul_add_c(a[2],b[7],c1,c2,c3);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	sw	$7,8*4($4)	# r[8]=c3;
-
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$15,$21		# mul_add_c(a[3],b[6],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$7,$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$16,$19		# mul_add_c(a[4],b[5],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$18,$17		# mul_add_c(a[5],b[4],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$20,$11		# mul_add_c(a[6],b[3],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$5,$10		# mul_add_c(a[7],b[2],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$5,$11		# mul_add_c(a[7],b[3],c2,c3,c1);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	sw	$2,9*4($4)	# r[9]=c1;
-
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$20,$17		# mul_add_c(a[6],b[4],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$2,$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$18,$19		# mul_add_c(a[5],b[5],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$16,$21		# mul_add_c(a[4],b[6],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$15,$6		# mul_add_c(a[3],b[7],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$16,$6		# mul_add_c(a[4],b[7],c3,c1,c2);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	sw	$3,10*4($4)	# r[10]=c2;
-
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$18,$21		# mul_add_c(a[5],b[6],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$3,$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$20,$19		# mul_add_c(a[6],b[5],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$5,$17		# mul_add_c(a[7],b[4],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$5,$19		# mul_add_c(a[7],b[5],c1,c2,c3);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	sw	$7,11*4($4)	# r[11]=c3;
-
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$20,$21		# mul_add_c(a[6],b[6],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$7,$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$18,$6		# mul_add_c(a[5],b[7],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$20,$6		# mul_add_c(a[6],b[7],c2,c3,c1);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	sw	$2,12*4($4)	# r[12]=c1;
-
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$5,$21		# mul_add_c(a[7],b[6],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$2,$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$5,$6		# mul_add_c(a[7],b[7],c3,c1,c2);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	sw	$3,13*4($4)	# r[13]=c2;
-
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	addu	$25,$1
-	addu	$2,$25
-	sw	$7,14*4($4)	# r[14]=c3;
-	sw	$2,15*4($4)	# r[15]=c1;
-
-	.set	noreorder
-	lw	$21,5*4($29)
-	lw	$20,4*4($29)
-	lw	$19,3*4($29)
-	lw	$18,2*4($29)
-	lw	$17,1*4($29)
-	lw	$16,0*4($29)
-	jr	$31
-	addu $29,6*4
-.end	bn_mul_comba8
-
-.align	5
-.globl	bn_mul_comba4
-.ent	bn_mul_comba4
-bn_mul_comba4:
-	.set	reorder
-	lw	$12,0($5)
-	lw	$8,0($6)
-	lw	$13,4($5)
-	lw	$14,2*4($5)
-	multu	$12,$8		# mul_add_c(a[0],b[0],c1,c2,c3);
-	lw	$15,3*4($5)
-	lw	$9,4($6)
-	lw	$10,2*4($6)
-	lw	$11,3*4($6)
-	mflo	$2
-	mfhi	$3
-	sw	$2,0($4)
-
-	multu	$12,$9		# mul_add_c(a[0],b[1],c2,c3,c1);
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$13,$8		# mul_add_c(a[1],b[0],c2,c3,c1);
-	addu	$7,$25,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$14,$8		# mul_add_c(a[2],b[0],c3,c1,c2);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$2,$7,$25
-	sw	$3,4($4)
-
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$13,$9		# mul_add_c(a[1],b[1],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$12,$10		# mul_add_c(a[0],b[2],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$3,$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$12,$11		# mul_add_c(a[0],b[3],c1,c2,c3);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	sw	$7,2*4($4)
-
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$13,$10		# mul_add_c(a[1],b[2],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$7,$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$14,$9		# mul_add_c(a[2],b[1],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	multu	$15,$8		# mul_add_c(a[3],b[0],c1,c2,c3);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$15,$9		# mul_add_c(a[3],b[1],c2,c3,c1);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	sw	$2,3*4($4)
-
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$14,$10		# mul_add_c(a[2],b[2],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$2,$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	multu	$13,$11		# mul_add_c(a[1],b[3],c2,c3,c1);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$14,$11		# mul_add_c(a[2],b[3],c3,c1,c2);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	sw	$3,4*4($4)
-
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	multu	$15,$10		# mul_add_c(a[3],b[2],c3,c1,c2);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$3,$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$15,$11		# mul_add_c(a[3],b[3],c1,c2,c3);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	sw	$7,5*4($4)
-
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	addu	$25,$1
-	addu	$3,$25
-	sw	$2,6*4($4)
-	sw	$3,7*4($4)
-
-	.set	noreorder
-	jr	$31
-	nop
-.end	bn_mul_comba4
-
-.align	5
-.globl	bn_sqr_comba8
-.ent	bn_sqr_comba8
-bn_sqr_comba8:
-	.set	reorder
-	lw	$12,0($5)
-	lw	$13,4($5)
-	lw	$14,2*4($5)
-	lw	$15,3*4($5)
-
-	multu	$12,$12		# mul_add_c(a[0],b[0],c1,c2,c3);
-	lw	$8,4*4($5)
-	lw	$9,5*4($5)
-	lw	$10,6*4($5)
-	lw	$11,7*4($5)
-	mflo	$2
-	mfhi	$3
-	sw	$2,0($4)
-
-	multu	$12,$13		# mul_add_c2(a[0],b[1],c2,c3,c1);
-	mflo	$24
-	mfhi	$25
-	slt	$2,$25,$0
-	sll	$25,1
-	 multu	$14,$12		# mul_add_c2(a[2],b[0],c3,c1,c2);
-	slt	$6,$24,$0
-	addu	$25,$6
-	sll	$24,1
-	addu	$3,$24
-	sltu	$1,$3,$24
-	addu	$7,$25,$1
-	sw	$3,4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$13,$13			# forward multiplication
-	addu	$7,$24
-	addu	$1,$25
-	sltu	$24,$7,$24
-	addu	$2,$1
-	addu	$25,$24
-	sltu	$3,$2,$1
-	addu	$2,$25
-	sltu	$25,$2,$25
-	addu	$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$12,$15		# mul_add_c2(a[0],b[3],c1,c2,c3);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	sw	$7,2*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$13,$14			# forward multiplication
-	addu	$2,$24
-	addu	$1,$25
-	sltu	$24,$2,$24
-	addu	$3,$1
-	addu	$25,$24
-	sltu	$7,$3,$1
-	addu	$3,$25
-	sltu	$25,$3,$25
-	addu	$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$8,$12			# forward multiplication
-	addu	$2,$24
-	addu	$1,$25
-	sltu	$24,$2,$24
-	addu	$3,$1
-	addu	$25,$24
-	sltu	$1,$3,$1
-	addu	$3,$25
-	addu	$7,$1
-	sltu	$25,$3,$25
-	addu	$7,$25
-	sw	$2,3*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$15,$13			# forward multiplication
-	addu	$3,$24
-	addu	$1,$25
-	sltu	$24,$3,$24
-	addu	$7,$1
-	addu	$25,$24
-	sltu	$2,$7,$1
-	addu	$7,$25
-	sltu	$25,$7,$25
-	addu	$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$14,$14			# forward multiplication
-	addu	$3,$24
-	addu	$1,$25
-	sltu	$24,$3,$24
-	addu	$7,$1
-	addu	$25,$24
-	sltu	$1,$7,$1
-	addu	$7,$25
-	addu	$2,$1
-	sltu	$25,$7,$25
-	addu	$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$12,$9		# mul_add_c2(a[0],b[5],c3,c1,c2);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	sw	$3,4*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$13,$8			# forward multiplication
-	addu	$7,$24
-	addu	$1,$25
-	sltu	$24,$7,$24
-	addu	$2,$1
-	addu	$25,$24
-	sltu	$3,$2,$1
-	addu	$2,$25
-	sltu	$25,$2,$25
-	addu	$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$14,$15			# forward multiplication
-	addu	$7,$24
-	addu	$1,$25
-	sltu	$24,$7,$24
-	addu	$2,$1
-	addu	$25,$24
-	sltu	$1,$2,$1
-	addu	$2,$25
-	addu	$3,$1
-	sltu	$25,$2,$25
-	addu	$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$10,$12			# forward multiplication
-	addu	$7,$24
-	addu	$1,$25
-	sltu	$24,$7,$24
-	addu	$2,$1
-	addu	$25,$24
-	sltu	$1,$2,$1
-	addu	$2,$25
-	addu	$3,$1
-	sltu	$25,$2,$25
-	addu	$3,$25
-	sw	$7,5*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$9,$13			# forward multiplication
-	addu	$2,$24
-	addu	$1,$25
-	sltu	$24,$2,$24
-	addu	$3,$1
-	addu	$25,$24
-	sltu	$7,$3,$1
-	addu	$3,$25
-	sltu	$25,$3,$25
-	addu	$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$8,$14			# forward multiplication
-	addu	$2,$24
-	addu	$1,$25
-	sltu	$24,$2,$24
-	addu	$3,$1
-	addu	$25,$24
-	sltu	$1,$3,$1
-	addu	$3,$25
-	addu	$7,$1
-	sltu	$25,$3,$25
-	addu	$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$15,$15			# forward multiplication
-	addu	$2,$24
-	addu	$1,$25
-	sltu	$24,$2,$24
-	addu	$3,$1
-	addu	$25,$24
-	sltu	$1,$3,$1
-	addu	$3,$25
-	addu	$7,$1
-	sltu	$25,$3,$25
-	addu	$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$12,$11		# mul_add_c2(a[0],b[7],c2,c3,c1);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	sw	$2,6*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$13,$10			# forward multiplication
-	addu	$3,$24
-	addu	$1,$25
-	sltu	$24,$3,$24
-	addu	$7,$1
-	addu	$25,$24
-	sltu	$2,$7,$1
-	addu	$7,$25
-	sltu	$25,$7,$25
-	addu	$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$14,$9			# forward multiplication
-	addu	$3,$24
-	addu	$1,$25
-	sltu	$24,$3,$24
-	addu	$7,$1
-	addu	$25,$24
-	sltu	$1,$7,$1
-	addu	$7,$25
-	addu	$2,$1
-	sltu	$25,$7,$25
-	addu	$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$15,$8			# forward multiplication
-	addu	$3,$24
-	addu	$1,$25
-	sltu	$24,$3,$24
-	addu	$7,$1
-	addu	$25,$24
-	sltu	$1,$7,$1
-	addu	$7,$25
-	addu	$2,$1
-	sltu	$25,$7,$25
-	addu	$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$11,$13			# forward multiplication
-	addu	$3,$24
-	addu	$1,$25
-	sltu	$24,$3,$24
-	addu	$7,$1
-	addu	$25,$24
-	sltu	$1,$7,$1
-	addu	$7,$25
-	addu	$2,$1
-	sltu	$25,$7,$25
-	addu	$2,$25
-	sw	$3,7*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$10,$14			# forward multiplication
-	addu	$7,$24
-	addu	$1,$25
-	sltu	$24,$7,$24
-	addu	$2,$1
-	addu	$25,$24
-	sltu	$3,$2,$1
-	addu	$2,$25
-	sltu	$25,$2,$25
-	addu	$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$9,$15			# forward multiplication
-	addu	$7,$24
-	addu	$1,$25
-	sltu	$24,$7,$24
-	addu	$2,$1
-	addu	$25,$24
-	sltu	$1,$2,$1
-	addu	$2,$25
-	addu	$3,$1
-	sltu	$25,$2,$25
-	addu	$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$8,$8			# forward multiplication
-	addu	$7,$24
-	addu	$1,$25
-	sltu	$24,$7,$24
-	addu	$2,$1
-	addu	$25,$24
-	sltu	$1,$2,$1
-	addu	$2,$25
-	addu	$3,$1
-	sltu	$25,$2,$25
-	addu	$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$14,$11		# mul_add_c2(a[2],b[7],c1,c2,c3);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	sw	$7,8*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$15,$10			# forward multiplication
-	addu	$2,$24
-	addu	$1,$25
-	sltu	$24,$2,$24
-	addu	$3,$1
-	addu	$25,$24
-	sltu	$7,$3,$1
-	addu	$3,$25
-	sltu	$25,$3,$25
-	addu	$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$8,$9			# forward multiplication
-	addu	$2,$24
-	addu	$1,$25
-	sltu	$24,$2,$24
-	addu	$3,$1
-	addu	$25,$24
-	sltu	$1,$3,$1
-	addu	$3,$25
-	addu	$7,$1
-	sltu	$25,$3,$25
-	addu	$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$11,$15			# forward multiplication
-	addu	$2,$24
-	addu	$1,$25
-	sltu	$24,$2,$24
-	addu	$3,$1
-	addu	$25,$24
-	sltu	$1,$3,$1
-	addu	$3,$25
-	addu	$7,$1
-	sltu	$25,$3,$25
-	addu	$7,$25
-	sw	$2,9*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$10,$8			# forward multiplication
-	addu	$3,$24
-	addu	$1,$25
-	sltu	$24,$3,$24
-	addu	$7,$1
-	addu	$25,$24
-	sltu	$2,$7,$1
-	addu	$7,$25
-	sltu	$25,$7,$25
-	addu	$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$9,$9			# forward multiplication
-	addu	$3,$24
-	addu	$1,$25
-	sltu	$24,$3,$24
-	addu	$7,$1
-	addu	$25,$24
-	sltu	$1,$7,$1
-	addu	$7,$25
-	addu	$2,$1
-	sltu	$25,$7,$25
-	addu	$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$8,$11		# mul_add_c2(a[4],b[7],c3,c1,c2);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	sw	$3,10*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$9,$10			# forward multiplication
-	addu	$7,$24
-	addu	$1,$25
-	sltu	$24,$7,$24
-	addu	$2,$1
-	addu	$25,$24
-	sltu	$3,$2,$1
-	addu	$2,$25
-	sltu	$25,$2,$25
-	addu	$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$11,$9			# forward multiplication
-	addu	$7,$24
-	addu	$1,$25
-	sltu	$24,$7,$24
-	addu	$2,$1
-	addu	$25,$24
-	sltu	$1,$2,$1
-	addu	$2,$25
-	addu	$3,$1
-	sltu	$25,$2,$25
-	addu	$3,$25
-	sw	$7,11*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$10,$10			# forward multiplication
-	addu	$2,$24
-	addu	$1,$25
-	sltu	$24,$2,$24
-	addu	$3,$1
-	addu	$25,$24
-	sltu	$7,$3,$1
-	addu	$3,$25
-	sltu	$25,$3,$25
-	addu	$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$10,$11		# mul_add_c2(a[6],b[7],c2,c3,c1);
-	addu	$25,$1
-	addu	$3,$25
-	sltu	$1,$3,$25
-	addu	$7,$1
-	sw	$2,12*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$11,$11			# forward multiplication
-	addu	$3,$24
-	addu	$1,$25
-	sltu	$24,$3,$24
-	addu	$7,$1
-	addu	$25,$24
-	sltu	$2,$7,$1
-	addu	$7,$25
-	sltu	$25,$7,$25
-	addu	$2,$25
-	sw	$3,13*4($4)
-
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	addu	$25,$1
-	addu	$2,$25
-	sw	$7,14*4($4)
-	sw	$2,15*4($4)
-
-	.set	noreorder
-	jr	$31
-	nop
-.end	bn_sqr_comba8
-
-.align	5
-.globl	bn_sqr_comba4
-.ent	bn_sqr_comba4
-bn_sqr_comba4:
-	.set	reorder
-	lw	$12,0($5)
-	lw	$13,4($5)
-	multu	$12,$12		# mul_add_c(a[0],b[0],c1,c2,c3);
-	lw	$14,2*4($5)
-	lw	$15,3*4($5)
-	mflo	$2
-	mfhi	$3
-	sw	$2,0($4)
-
-	multu	$12,$13		# mul_add_c2(a[0],b[1],c2,c3,c1);
-	mflo	$24
-	mfhi	$25
-	slt	$2,$25,$0
-	sll	$25,1
-	 multu	$14,$12		# mul_add_c2(a[2],b[0],c3,c1,c2);
-	slt	$6,$24,$0
-	addu	$25,$6
-	sll	$24,1
-	addu	$3,$24
-	sltu	$1,$3,$24
-	addu	$7,$25,$1
-	sw	$3,4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$13,$13			# forward multiplication
-	addu	$7,$24
-	addu	$1,$25
-	sltu	$24,$7,$24
-	addu	$2,$1
-	addu	$25,$24
-	sltu	$3,$2,$1
-	addu	$2,$25
-	sltu	$25,$2,$25
-	addu	$3,$25
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$12,$15		# mul_add_c2(a[0],b[3],c1,c2,c3);
-	addu	$25,$1
-	addu	$2,$25
-	sltu	$1,$2,$25
-	addu	$3,$1
-	sw	$7,2*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$13,$14			# forward multiplication
-	addu	$2,$24
-	addu	$1,$25
-	sltu	$24,$2,$24
-	addu	$3,$1
-	addu	$25,$24
-	sltu	$7,$3,$1
-	addu	$3,$25
-	sltu	$25,$3,$25
-	addu	$7,$25
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	 multu	$15,$13			# forward multiplication
-	addu	$2,$24
-	addu	$1,$25
-	sltu	$24,$2,$24
-	addu	$3,$1
-	addu	$25,$24
-	sltu	$1,$3,$1
-	addu	$3,$25
-	addu	$7,$1
-	sltu	$25,$3,$25
-	addu	$7,$25
-	sw	$2,3*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$14,$14			# forward multiplication
-	addu	$3,$24
-	addu	$1,$25
-	sltu	$24,$3,$24
-	addu	$7,$1
-	addu	$25,$24
-	sltu	$2,$7,$1
-	addu	$7,$25
-	sltu	$25,$7,$25
-	addu	$2,$25
-	mflo	$24
-	mfhi	$25
-	addu	$3,$24
-	sltu	$1,$3,$24
-	 multu	$14,$15		# mul_add_c2(a[2],b[3],c3,c1,c2);
-	addu	$25,$1
-	addu	$7,$25
-	sltu	$1,$7,$25
-	addu	$2,$1
-	sw	$3,4*4($4)
-	mflo	$24
-	mfhi	$25
-	addu	$7,$24
-	sltu	$1,$7,$24
-	 multu	$15,$15			# forward multiplication
-	addu	$7,$24
-	addu	$1,$25
-	sltu	$24,$7,$24
-	addu	$2,$1
-	addu	$25,$24
-	sltu	$3,$2,$1
-	addu	$2,$25
-	sltu	$25,$2,$25
-	addu	$3,$25
-	sw	$7,5*4($4)
-
-	mflo	$24
-	mfhi	$25
-	addu	$2,$24
-	sltu	$1,$2,$24
-	addu	$25,$1
-	addu	$3,$25
-	sw	$2,6*4($4)
-	sw	$3,7*4($4)
-
-	.set	noreorder
-	jr	$31
-	nop
-.end	bn_sqr_comba4
diff --git a/crypto/bn/asm/co-586.S b/crypto/bn/asm/co-586.S
deleted file mode 100644
index 3cb8073524..0000000000
--- a/crypto/bn/asm/co-586.S
+++ /dev/null
@@ -1,1254 +0,0 @@
-.file	"crypto/bn/asm/co-586.s"
-.text
-.globl	bn_mul_comba8
-.type	bn_mul_comba8,@function
-.align	16
-bn_mul_comba8:
-.L_bn_mul_comba8_begin:
-	pushl	%esi
-	movl	12(%esp),%esi
-	pushl	%edi
-	movl	20(%esp),%edi
-	pushl	%ebp
-	pushl	%ebx
-	xorl	%ebx,%ebx
-	movl	(%esi),%eax
-	xorl	%ecx,%ecx
-	movl	(%edi),%edx
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	20(%esp),%eax
-	adcl	%edx,%ecx
-	movl	(%edi),%edx
-	adcl	$0,%ebp
-	movl	%ebx,(%eax)
-	movl	4(%esi),%eax
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	(%esi),%eax
-	adcl	%edx,%ebp
-	movl	4(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	20(%esp),%eax
-	adcl	%edx,%ebp
-	movl	(%edi),%edx
-	adcl	$0,%ebx
-	movl	%ecx,4(%eax)
-	movl	8(%esi),%eax
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	4(%esi),%eax
-	adcl	%edx,%ebx
-	movl	4(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	(%esi),%eax
-	adcl	%edx,%ebx
-	movl	8(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	20(%esp),%eax
-	adcl	%edx,%ebx
-	movl	(%edi),%edx
-	adcl	$0,%ecx
-	movl	%ebp,8(%eax)
-	movl	12(%esi),%eax
-
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	8(%esi),%eax
-	adcl	%edx,%ecx
-	movl	4(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	4(%esi),%eax
-	adcl	%edx,%ecx
-	movl	8(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	(%esi),%eax
-	adcl	%edx,%ecx
-	movl	12(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	20(%esp),%eax
-	adcl	%edx,%ecx
-	movl	(%edi),%edx
-	adcl	$0,%ebp
-	movl	%ebx,12(%eax)
-	movl	16(%esi),%eax
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	12(%esi),%eax
-	adcl	%edx,%ebp
-	movl	4(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	8(%esi),%eax
-	adcl	%edx,%ebp
-	movl	8(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	4(%esi),%eax
-	adcl	%edx,%ebp
-	movl	12(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	(%esi),%eax
-	adcl	%edx,%ebp
-	movl	16(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	20(%esp),%eax
-	adcl	%edx,%ebp
-	movl	(%edi),%edx
-	adcl	$0,%ebx
-	movl	%ecx,16(%eax)
-	movl	20(%esi),%eax
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	16(%esi),%eax
-	adcl	%edx,%ebx
-	movl	4(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	12(%esi),%eax
-	adcl	%edx,%ebx
-	movl	8(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	8(%esi),%eax
-	adcl	%edx,%ebx
-	movl	12(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	4(%esi),%eax
-	adcl	%edx,%ebx
-	movl	16(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	(%esi),%eax
-	adcl	%edx,%ebx
-	movl	20(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	20(%esp),%eax
-	adcl	%edx,%ebx
-	movl	(%edi),%edx
-	adcl	$0,%ecx
-	movl	%ebp,20(%eax)
-	movl	24(%esi),%eax
-
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	20(%esi),%eax
-	adcl	%edx,%ecx
-	movl	4(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	16(%esi),%eax
-	adcl	%edx,%ecx
-	movl	8(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	12(%esi),%eax
-	adcl	%edx,%ecx
-	movl	12(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	8(%esi),%eax
-	adcl	%edx,%ecx
-	movl	16(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	4(%esi),%eax
-	adcl	%edx,%ecx
-	movl	20(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	(%esi),%eax
-	adcl	%edx,%ecx
-	movl	24(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	20(%esp),%eax
-	adcl	%edx,%ecx
-	movl	(%edi),%edx
-	adcl	$0,%ebp
-	movl	%ebx,24(%eax)
-	movl	28(%esi),%eax
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	24(%esi),%eax
-	adcl	%edx,%ebp
-	movl	4(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	20(%esi),%eax
-	adcl	%edx,%ebp
-	movl	8(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	16(%esi),%eax
-	adcl	%edx,%ebp
-	movl	12(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	12(%esi),%eax
-	adcl	%edx,%ebp
-	movl	16(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	8(%esi),%eax
-	adcl	%edx,%ebp
-	movl	20(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	4(%esi),%eax
-	adcl	%edx,%ebp
-	movl	24(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	(%esi),%eax
-	adcl	%edx,%ebp
-	movl	28(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	20(%esp),%eax
-	adcl	%edx,%ebp
-	movl	4(%edi),%edx
-	adcl	$0,%ebx
-	movl	%ecx,28(%eax)
-	movl	28(%esi),%eax
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	24(%esi),%eax
-	adcl	%edx,%ebx
-	movl	8(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	20(%esi),%eax
-	adcl	%edx,%ebx
-	movl	12(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	16(%esi),%eax
-	adcl	%edx,%ebx
-	movl	16(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	12(%esi),%eax
-	adcl	%edx,%ebx
-	movl	20(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	8(%esi),%eax
-	adcl	%edx,%ebx
-	movl	24(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	4(%esi),%eax
-	adcl	%edx,%ebx
-	movl	28(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	20(%esp),%eax
-	adcl	%edx,%ebx
-	movl	8(%edi),%edx
-	adcl	$0,%ecx
-	movl	%ebp,32(%eax)
-	movl	28(%esi),%eax
-
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	24(%esi),%eax
-	adcl	%edx,%ecx
-	movl	12(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	20(%esi),%eax
-	adcl	%edx,%ecx
-	movl	16(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	16(%esi),%eax
-	adcl	%edx,%ecx
-	movl	20(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	12(%esi),%eax
-	adcl	%edx,%ecx
-	movl	24(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	8(%esi),%eax
-	adcl	%edx,%ecx
-	movl	28(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	20(%esp),%eax
-	adcl	%edx,%ecx
-	movl	12(%edi),%edx
-	adcl	$0,%ebp
-	movl	%ebx,36(%eax)
-	movl	28(%esi),%eax
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	24(%esi),%eax
-	adcl	%edx,%ebp
-	movl	16(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	20(%esi),%eax
-	adcl	%edx,%ebp
-	movl	20(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	16(%esi),%eax
-	adcl	%edx,%ebp
-	movl	24(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	12(%esi),%eax
-	adcl	%edx,%ebp
-	movl	28(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	20(%esp),%eax
-	adcl	%edx,%ebp
-	movl	16(%edi),%edx
-	adcl	$0,%ebx
-	movl	%ecx,40(%eax)
-	movl	28(%esi),%eax
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	24(%esi),%eax
-	adcl	%edx,%ebx
-	movl	20(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	20(%esi),%eax
-	adcl	%edx,%ebx
-	movl	24(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	16(%esi),%eax
-	adcl	%edx,%ebx
-	movl	28(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	20(%esp),%eax
-	adcl	%edx,%ebx
-	movl	20(%edi),%edx
-	adcl	$0,%ecx
-	movl	%ebp,44(%eax)
-	movl	28(%esi),%eax
-
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	24(%esi),%eax
-	adcl	%edx,%ecx
-	movl	24(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	20(%esi),%eax
-	adcl	%edx,%ecx
-	movl	28(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	20(%esp),%eax
-	adcl	%edx,%ecx
-	movl	24(%edi),%edx
-	adcl	$0,%ebp
-	movl	%ebx,48(%eax)
-	movl	28(%esi),%eax
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	24(%esi),%eax
-	adcl	%edx,%ebp
-	movl	28(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	20(%esp),%eax
-	adcl	%edx,%ebp
-	movl	28(%edi),%edx
-	adcl	$0,%ebx
-	movl	%ecx,52(%eax)
-	movl	28(%esi),%eax
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	20(%esp),%eax
-	adcl	%edx,%ebx
-	adcl	$0,%ecx
-	movl	%ebp,56(%eax)
-
-
-	movl	%ebx,60(%eax)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.size	bn_mul_comba8,.-.L_bn_mul_comba8_begin
-.globl	bn_mul_comba4
-.type	bn_mul_comba4,@function
-.align	16
-bn_mul_comba4:
-.L_bn_mul_comba4_begin:
-	pushl	%esi
-	movl	12(%esp),%esi
-	pushl	%edi
-	movl	20(%esp),%edi
-	pushl	%ebp
-	pushl	%ebx
-	xorl	%ebx,%ebx
-	movl	(%esi),%eax
-	xorl	%ecx,%ecx
-	movl	(%edi),%edx
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	20(%esp),%eax
-	adcl	%edx,%ecx
-	movl	(%edi),%edx
-	adcl	$0,%ebp
-	movl	%ebx,(%eax)
-	movl	4(%esi),%eax
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	(%esi),%eax
-	adcl	%edx,%ebp
-	movl	4(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	20(%esp),%eax
-	adcl	%edx,%ebp
-	movl	(%edi),%edx
-	adcl	$0,%ebx
-	movl	%ecx,4(%eax)
-	movl	8(%esi),%eax
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	4(%esi),%eax
-	adcl	%edx,%ebx
-	movl	4(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	(%esi),%eax
-	adcl	%edx,%ebx
-	movl	8(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	20(%esp),%eax
-	adcl	%edx,%ebx
-	movl	(%edi),%edx
-	adcl	$0,%ecx
-	movl	%ebp,8(%eax)
-	movl	12(%esi),%eax
-
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	8(%esi),%eax
-	adcl	%edx,%ecx
-	movl	4(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	4(%esi),%eax
-	adcl	%edx,%ecx
-	movl	8(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	(%esi),%eax
-	adcl	%edx,%ecx
-	movl	12(%edi),%edx
-	adcl	$0,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	20(%esp),%eax
-	adcl	%edx,%ecx
-	movl	4(%edi),%edx
-	adcl	$0,%ebp
-	movl	%ebx,12(%eax)
-	movl	12(%esi),%eax
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	8(%esi),%eax
-	adcl	%edx,%ebp
-	movl	8(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	4(%esi),%eax
-	adcl	%edx,%ebp
-	movl	12(%edi),%edx
-	adcl	$0,%ebx
-
-	mull	%edx
-	addl	%eax,%ecx
-	movl	20(%esp),%eax
-	adcl	%edx,%ebp
-	movl	8(%edi),%edx
-	adcl	$0,%ebx
-	movl	%ecx,16(%eax)
-	movl	12(%esi),%eax
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	8(%esi),%eax
-	adcl	%edx,%ebx
-	movl	12(%edi),%edx
-	adcl	$0,%ecx
-
-	mull	%edx
-	addl	%eax,%ebp
-	movl	20(%esp),%eax
-	adcl	%edx,%ebx
-	movl	12(%edi),%edx
-	adcl	$0,%ecx
-	movl	%ebp,20(%eax)
-	movl	12(%esi),%eax
-
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%ebx
-	movl	20(%esp),%eax
-	adcl	%edx,%ecx
-	adcl	$0,%ebp
-	movl	%ebx,24(%eax)
-
-
-	movl	%ecx,28(%eax)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.size	bn_mul_comba4,.-.L_bn_mul_comba4_begin
-.globl	bn_sqr_comba8
-.type	bn_sqr_comba8,@function
-.align	16
-bn_sqr_comba8:
-.L_bn_sqr_comba8_begin:
-	pushl	%esi
-	pushl	%edi
-	pushl	%ebp
-	pushl	%ebx
-	movl	20(%esp),%edi
-	movl	24(%esp),%esi
-	xorl	%ebx,%ebx
-	xorl	%ecx,%ecx
-	movl	(%esi),%eax
-
-	xorl	%ebp,%ebp
-
-	mull	%eax
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	(%esi),%edx
-	adcl	$0,%ebp
-	movl	%ebx,(%edi)
-	movl	4(%esi),%eax
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebx
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	8(%esi),%eax
-	adcl	$0,%ebx
-	movl	%ecx,4(%edi)
-	movl	(%esi),%edx
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ecx
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	4(%esi),%eax
-	adcl	$0,%ecx
-
-	mull	%eax
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	(%esi),%edx
-	adcl	$0,%ecx
-	movl	%ebp,8(%edi)
-	movl	12(%esi),%eax
-
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebp
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	8(%esi),%eax
-	adcl	$0,%ebp
-	movl	4(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebp
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	16(%esi),%eax
-	adcl	$0,%ebp
-	movl	%ebx,12(%edi)
-	movl	(%esi),%edx
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebx
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	12(%esi),%eax
-	adcl	$0,%ebx
-	movl	4(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebx
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	8(%esi),%eax
-	adcl	$0,%ebx
-
-	mull	%eax
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	(%esi),%edx
-	adcl	$0,%ebx
-	movl	%ecx,16(%edi)
-	movl	20(%esi),%eax
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ecx
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	16(%esi),%eax
-	adcl	$0,%ecx
-	movl	4(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ecx
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	12(%esi),%eax
-	adcl	$0,%ecx
-	movl	8(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ecx
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	24(%esi),%eax
-	adcl	$0,%ecx
-	movl	%ebp,20(%edi)
-	movl	(%esi),%edx
-
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebp
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	20(%esi),%eax
-	adcl	$0,%ebp
-	movl	4(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebp
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	16(%esi),%eax
-	adcl	$0,%ebp
-	movl	8(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebp
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	12(%esi),%eax
-	adcl	$0,%ebp
-
-	mull	%eax
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	(%esi),%edx
-	adcl	$0,%ebp
-	movl	%ebx,24(%edi)
-	movl	28(%esi),%eax
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebx
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	24(%esi),%eax
-	adcl	$0,%ebx
-	movl	4(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebx
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	20(%esi),%eax
-	adcl	$0,%ebx
-	movl	8(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebx
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	16(%esi),%eax
-	adcl	$0,%ebx
-	movl	12(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebx
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	28(%esi),%eax
-	adcl	$0,%ebx
-	movl	%ecx,28(%edi)
-	movl	4(%esi),%edx
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ecx
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	24(%esi),%eax
-	adcl	$0,%ecx
-	movl	8(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ecx
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	20(%esi),%eax
-	adcl	$0,%ecx
-	movl	12(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ecx
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	16(%esi),%eax
-	adcl	$0,%ecx
-
-	mull	%eax
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	8(%esi),%edx
-	adcl	$0,%ecx
-	movl	%ebp,32(%edi)
-	movl	28(%esi),%eax
-
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebp
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	24(%esi),%eax
-	adcl	$0,%ebp
-	movl	12(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebp
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	20(%esi),%eax
-	adcl	$0,%ebp
-	movl	16(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebp
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	28(%esi),%eax
-	adcl	$0,%ebp
-	movl	%ebx,36(%edi)
-	movl	12(%esi),%edx
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebx
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	24(%esi),%eax
-	adcl	$0,%ebx
-	movl	16(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebx
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	20(%esi),%eax
-	adcl	$0,%ebx
-
-	mull	%eax
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	16(%esi),%edx
-	adcl	$0,%ebx
-	movl	%ecx,40(%edi)
-	movl	28(%esi),%eax
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ecx
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	24(%esi),%eax
-	adcl	$0,%ecx
-	movl	20(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ecx
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	28(%esi),%eax
-	adcl	$0,%ecx
-	movl	%ebp,44(%edi)
-	movl	20(%esi),%edx
-
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebp
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	24(%esi),%eax
-	adcl	$0,%ebp
-
-	mull	%eax
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	24(%esi),%edx
-	adcl	$0,%ebp
-	movl	%ebx,48(%edi)
-	movl	28(%esi),%eax
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebx
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	28(%esi),%eax
-	adcl	$0,%ebx
-	movl	%ecx,52(%edi)
-
-
-	xorl	%ecx,%ecx
-
-	mull	%eax
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	adcl	$0,%ecx
-	movl	%ebp,56(%edi)
-
-	movl	%ebx,60(%edi)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.size	bn_sqr_comba8,.-.L_bn_sqr_comba8_begin
-.globl	bn_sqr_comba4
-.type	bn_sqr_comba4,@function
-.align	16
-bn_sqr_comba4:
-.L_bn_sqr_comba4_begin:
-	pushl	%esi
-	pushl	%edi
-	pushl	%ebp
-	pushl	%ebx
-	movl	20(%esp),%edi
-	movl	24(%esp),%esi
-	xorl	%ebx,%ebx
-	xorl	%ecx,%ecx
-	movl	(%esi),%eax
-
-	xorl	%ebp,%ebp
-
-	mull	%eax
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	(%esi),%edx
-	adcl	$0,%ebp
-	movl	%ebx,(%edi)
-	movl	4(%esi),%eax
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebx
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	8(%esi),%eax
-	adcl	$0,%ebx
-	movl	%ecx,4(%edi)
-	movl	(%esi),%edx
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ecx
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	4(%esi),%eax
-	adcl	$0,%ecx
-
-	mull	%eax
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	(%esi),%edx
-	adcl	$0,%ecx
-	movl	%ebp,8(%edi)
-	movl	12(%esi),%eax
-
-
-	xorl	%ebp,%ebp
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebp
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	8(%esi),%eax
-	adcl	$0,%ebp
-	movl	4(%esi),%edx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebp
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	movl	12(%esi),%eax
-	adcl	$0,%ebp
-	movl	%ebx,12(%edi)
-	movl	4(%esi),%edx
-
-
-	xorl	%ebx,%ebx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ebx
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	8(%esi),%eax
-	adcl	$0,%ebx
-
-	mull	%eax
-	addl	%eax,%ecx
-	adcl	%edx,%ebp
-	movl	8(%esi),%edx
-	adcl	$0,%ebx
-	movl	%ecx,16(%edi)
-	movl	12(%esi),%eax
-
-
-	xorl	%ecx,%ecx
-
-	mull	%edx
-	addl	%eax,%eax
-	adcl	%edx,%edx
-	adcl	$0,%ecx
-	addl	%eax,%ebp
-	adcl	%edx,%ebx
-	movl	12(%esi),%eax
-	adcl	$0,%ecx
-	movl	%ebp,20(%edi)
-
-
-	xorl	%ebp,%ebp
-
-	mull	%eax
-	addl	%eax,%ebx
-	adcl	%edx,%ecx
-	adcl	$0,%ebp
-	movl	%ebx,24(%edi)
-
-	movl	%ecx,28(%edi)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.size	bn_sqr_comba4,.-.L_bn_sqr_comba4_begin
diff --git a/crypto/bn/asm/co-586.pl b/crypto/bn/asm/co-586.pl
deleted file mode 100644
index 57101a6bd7..0000000000
--- a/crypto/bn/asm/co-586.pl
+++ /dev/null
@@ -1,287 +0,0 @@
-#!/usr/local/bin/perl
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],$0);
-
-&bn_mul_comba("bn_mul_comba8",8);
-&bn_mul_comba("bn_mul_comba4",4);
-&bn_sqr_comba("bn_sqr_comba8",8);
-&bn_sqr_comba("bn_sqr_comba4",4);
-
-&asm_finish();
-
-sub mul_add_c
-	{
-	local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
-
-	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
-	# words, and 1 if load return value
-
-	&comment("mul a[$ai]*b[$bi]");
-
-	# "eax" and "edx" will always be pre-loaded.
-	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
-	# &mov("edx",&DWP($bi*4,$b,"",0));
-
-	&mul("edx");
-	&add($c0,"eax");
-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# laod next a
-	 &mov("eax",&wparam(0)) if $pos > 0;			# load r[]
-	 ###
-	&adc($c1,"edx");
-	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;	# laod next b
-	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;	# laod next b
-	 ###
-	&adc($c2,0);
-	 # is pos > 1, it means it is the last loop 
-	 &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;		# save r[];
-	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# laod next a
-	}
-
-sub sqr_add_c
-	{
-	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
-
-	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
-	# words, and 1 if load return value
-
-	&comment("sqr a[$ai]*a[$bi]");
-
-	# "eax" and "edx" will always be pre-loaded.
-	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
-	# &mov("edx",&DWP($bi*4,$b,"",0));
-
-	if ($ai == $bi)
-		{ &mul("eax");}
-	else
-		{ &mul("edx");}
-	&add($c0,"eax");
-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
-	 ###
-	&adc($c1,"edx");
-	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
-	 ###
-	&adc($c2,0);
-	 # is pos > 1, it means it is the last loop 
-	 &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
-	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# load next b
-	}
-
-sub sqr_add_c2
-	{
-	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
-
-	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
-	# words, and 1 if load return value
-
-	&comment("sqr a[$ai]*a[$bi]");
-
-	# "eax" and "edx" will always be pre-loaded.
-	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
-	# &mov("edx",&DWP($bi*4,$a,"",0));
-
-	if ($ai == $bi)
-		{ &mul("eax");}
-	else
-		{ &mul("edx");}
-	&add("eax","eax");
-	 ###
-	&adc("edx","edx");
-	 ###
-	&adc($c2,0);
-	 &add($c0,"eax");
-	&adc($c1,"edx");
-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;	# load next b
-	&adc($c2,0);
-	&mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
-	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
-	 ###
-	}
-
-sub bn_mul_comba
-	{
-	local($name,$num)=@_;
-	local($a,$b,$c0,$c1,$c2);
-	local($i,$as,$ae,$bs,$be,$ai,$bi);
-	local($tot,$end);
-
-	&function_begin_B($name,"");
-
-	$c0="ebx";
-	$c1="ecx";
-	$c2="ebp";
-	$a="esi";
-	$b="edi";
-	
-	$as=0;
-	$ae=0;
-	$bs=0;
-	$be=0;
-	$tot=$num+$num-1;
-
-	&push("esi");
-	 &mov($a,&wparam(1));
-	&push("edi");
-	 &mov($b,&wparam(2));
-	&push("ebp");
-	 &push("ebx");
-
-	&xor($c0,$c0);
-	 &mov("eax",&DWP(0,$a,"",0));	# load the first word 
-	&xor($c1,$c1);
-	 &mov("edx",&DWP(0,$b,"",0));	# load the first second 
-
-	for ($i=0; $i<$tot; $i++)
-		{
-		$ai=$as;
-		$bi=$bs;
-		$end=$be+1;
-
-		&comment("################## Calculate word $i"); 
-
-		for ($j=$bs; $j<$end; $j++)
-			{
-			&xor($c2,$c2) if ($j == $bs);
-			if (($j+1) == $end)
-				{
-				$v=1;
-				$v=2 if (($i+1) == $tot);
-				}
-			else
-				{ $v=0; }
-			if (($j+1) != $end)
-				{
-				$na=($ai-1);
-				$nb=($bi+1);
-				}
-			else
-				{
-				$na=$as+($i < ($num-1));
-				$nb=$bs+($i >= ($num-1));
-				}
-#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
-			&mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
-			if ($v)
-				{
-				&comment("saved r[$i]");
-				# &mov("eax",&wparam(0));
-				# &mov(&DWP($i*4,"eax","",0),$c0);
-				($c0,$c1,$c2)=($c1,$c2,$c0);
-				}
-			$ai--;
-			$bi++;
-			}
-		$as++ if ($i < ($num-1));
-		$ae++ if ($i >= ($num-1));
-
-		$bs++ if ($i >= ($num-1));
-		$be++ if ($i < ($num-1));
-		}
-	&comment("save r[$i]");
-	# &mov("eax",&wparam(0));
-	&mov(&DWP($i*4,"eax","",0),$c0);
-
-	&pop("ebx");
-	&pop("ebp");
-	&pop("edi");
-	&pop("esi");
-	&ret();
-	&function_end_B($name);
-	}
-
-sub bn_sqr_comba
-	{
-	local($name,$num)=@_;
-	local($r,$a,$c0,$c1,$c2)=@_;
-	local($i,$as,$ae,$bs,$be,$ai,$bi);
-	local($b,$tot,$end,$half);
-
-	&function_begin_B($name,"");
-
-	$c0="ebx";
-	$c1="ecx";
-	$c2="ebp";
-	$a="esi";
-	$r="edi";
-
-	&push("esi");
-	 &push("edi");
-	&push("ebp");
-	 &push("ebx");
-	&mov($r,&wparam(0));
-	 &mov($a,&wparam(1));
-	&xor($c0,$c0);
-	 &xor($c1,$c1);
-	&mov("eax",&DWP(0,$a,"",0)); # load the first word
-
-	$as=0;
-	$ae=0;
-	$bs=0;
-	$be=0;
-	$tot=$num+$num-1;
-
-	for ($i=0; $i<$tot; $i++)
-		{
-		$ai=$as;
-		$bi=$bs;
-		$end=$be+1;
-
-		&comment("############### Calculate word $i");
-		for ($j=$bs; $j<$end; $j++)
-			{
-			&xor($c2,$c2) if ($j == $bs);
-			if (($ai-1) < ($bi+1))
-				{
-				$v=1;
-				$v=2 if ($i+1) == $tot;
-				}
-			else
-				{ $v=0; }
-			if (!$v)
-				{
-				$na=$ai-1;
-				$nb=$bi+1;
-				}
-			else
-				{
-				$na=$as+($i < ($num-1));
-				$nb=$bs+($i >= ($num-1));
-				}
-			if ($ai == $bi)
-				{
-				&sqr_add_c($r,$a,$ai,$bi,
-					$c0,$c1,$c2,$v,$i,$na,$nb);
-				}
-			else
-				{
-				&sqr_add_c2($r,$a,$ai,$bi,
-					$c0,$c1,$c2,$v,$i,$na,$nb);
-				}
-			if ($v)
-				{
-				&comment("saved r[$i]");
-				#&mov(&DWP($i*4,$r,"",0),$c0);
-				($c0,$c1,$c2)=($c1,$c2,$c0);
-				last;
-				}
-			$ai--;
-			$bi++;
-			}
-		$as++ if ($i < ($num-1));
-		$ae++ if ($i >= ($num-1));
-
-		$bs++ if ($i >= ($num-1));
-		$be++ if ($i < ($num-1));
-		}
-	&mov(&DWP($i*4,$r,"",0),$c0);
-	&pop("ebx");
-	&pop("ebp");
-	&pop("edi");
-	&pop("esi");
-	&ret();
-	&function_end_B($name);
-	}
diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl
deleted file mode 100644
index e258658428..0000000000
--- a/crypto/bn/asm/ia64-mont.pl
+++ /dev/null
@@ -1,851 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# January 2010
-#
-# "Teaser" Montgomery multiplication module for IA-64. There are
-# several possibilities for improvement:
-#
-# - modulo-scheduling outer loop would eliminate quite a number of
-#   stalls after ldf8, xma and getf.sig outside inner loop and
-#   improve shorter key performance;
-# - shorter vector support [with input vectors being fetched only
-#   once] should be added;
-# - 2x unroll with help of n0[1] would make the code scalable on
-#   "wider" IA-64, "wider" than Itanium 2 that is, which is not of
-#   acute interest, because upcoming Tukwila's individual cores are
-#   reportedly based on Itanium 2 design;
-# - dedicated squaring procedure(?);
-#
-# January 2010
-#
-# Shorter vector support is implemented by zero-padding ap and np
-# vectors up to 8 elements, or 512 bits. This means that 256-bit
-# inputs will be processed only 2 times faster than 512-bit inputs,
-# not 4 [as one would expect, because algorithm complexity is n^2].
-# The reason for padding is that inputs shorter than 512 bits won't
-# be processed faster anyway, because minimal critical path of the
-# core loop happens to match 512-bit timing. Either way, it resulted
-# in >100% improvement of 512-bit RSA sign benchmark and 50% - of
-# 1024-bit one [in comparison to original version of *this* module].
-#
-# So far 'openssl speed rsa dsa' output on 900MHz Itanium 2 *with*
-# this module is:
-#                   sign    verify    sign/s verify/s
-# rsa  512 bits 0.000290s 0.000024s   3452.8  42031.4
-# rsa 1024 bits 0.000793s 0.000058s   1261.7  17172.0
-# rsa 2048 bits 0.005908s 0.000148s    169.3   6754.0
-# rsa 4096 bits 0.033456s 0.000469s     29.9   2133.6
-# dsa  512 bits 0.000253s 0.000198s   3949.9   5057.0
-# dsa 1024 bits 0.000585s 0.000607s   1708.4   1647.4
-# dsa 2048 bits 0.001453s 0.001703s    688.1    587.4
-#
-# ... and *without* (but still with ia64.S):
-#
-# rsa  512 bits 0.000670s 0.000041s   1491.8  24145.5
-# rsa 1024 bits 0.001988s 0.000080s    502.9  12499.3
-# rsa 2048 bits 0.008702s 0.000189s    114.9   5293.9
-# rsa 4096 bits 0.043860s 0.000533s     22.8   1875.9
-# dsa  512 bits 0.000441s 0.000427s   2265.3   2340.6
-# dsa 1024 bits 0.000823s 0.000867s   1215.6   1153.2
-# dsa 2048 bits 0.001894s 0.002179s    528.1    458.9
-#
-# As it can be seen, RSA sign performance improves by 130-30%,
-# hereafter less for longer keys, while verify - by 74-13%.
-# DSA performance improves by 115-30%.
-
-if ($^O eq "hpux") {
-    $ADDP="addp4";
-    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
-} else { $ADDP="add"; }
-
-$code=<<___;
-.explicit
-.text
-
-// int bn_mul_mont (BN_ULONG *rp,const BN_ULONG *ap,
-//		    const BN_ULONG *bp,const BN_ULONG *np,
-//		    const BN_ULONG *n0p,int num);			
-.align	64
-.global	bn_mul_mont#
-.proc	bn_mul_mont#
-bn_mul_mont:
-	.prologue
-	.body
-{ .mmi;	cmp4.le		p6,p7=2,r37;;
-(p6)	cmp4.lt.unc	p8,p9=8,r37
-	mov		ret0=r0		};;
-{ .bbb;
-(p9)	br.cond.dptk.many	bn_mul_mont_8
-(p8)	br.cond.dpnt.many	bn_mul_mont_general
-(p7)	br.ret.spnt.many	b0	};;
-.endp	bn_mul_mont#
-
-prevfs=r2;	prevpr=r3;	prevlc=r10;	prevsp=r11;
-
-rptr=r8;	aptr=r9;	bptr=r14;	nptr=r15;
-tptr=r16;	// &tp[0]
-tp_1=r17;	// &tp[-1]
-num=r18;	len=r19;	lc=r20;
-topbit=r21;	// carry bit from tmp[num]
-
-n0=f6;
-m0=f7;
-bi=f8;
-
-.align	64
-.local	bn_mul_mont_general#
-.proc	bn_mul_mont_general#
-bn_mul_mont_general:
-	.prologue
-{ .mmi;	.save	ar.pfs,prevfs
-	alloc	prevfs=ar.pfs,6,2,0,8
-	$ADDP	aptr=0,in1
-	.save	ar.lc,prevlc
-	mov	prevlc=ar.lc		}
-{ .mmi;	.vframe	prevsp
-	mov	prevsp=sp
-	$ADDP	bptr=0,in2
-	.save	pr,prevpr
-	mov	prevpr=pr		};;
-
-	.body
-	.rotf		alo[6],nlo[4],ahi[8],nhi[6]
-	.rotr		a[3],n[3],t[2]
-
-{ .mmi;	ldf8		bi=[bptr],8		// (*bp++)
-	ldf8		alo[4]=[aptr],16	// ap[0]
-	$ADDP		r30=8,in1	};;
-{ .mmi;	ldf8		alo[3]=[r30],16		// ap[1]
-	ldf8		alo[2]=[aptr],16	// ap[2]
-	$ADDP		in4=0,in4	};;
-{ .mmi;	ldf8		alo[1]=[r30]		// ap[3]
-	ldf8		n0=[in4]		// n0
-	$ADDP		rptr=0,in0		}
-{ .mmi;	$ADDP		nptr=0,in3
-	mov		r31=16
-	zxt4		num=in5		};;
-{ .mmi;	ldf8		nlo[2]=[nptr],8		// np[0]
-	shladd		len=num,3,r0
-	shladd		r31=num,3,r31	};;
-{ .mmi;	ldf8		nlo[1]=[nptr],8		// np[1]
-	add		lc=-5,num
-	sub		r31=sp,r31	};;
-{ .mfb;	and		sp=-16,r31		// alloca
-	xmpy.hu		ahi[2]=alo[4],bi	// ap[0]*bp[0]
-	nop.b		0		}
-{ .mfb;	nop.m		0
-	xmpy.lu		alo[4]=alo[4],bi
-	brp.loop.imp	.L1st_ctop,.L1st_cend-16
-					};;
-{ .mfi;	nop.m		0
-	xma.hu		ahi[1]=alo[3],bi,ahi[2]	// ap[1]*bp[0]
-	add		tp_1=8,sp	}
-{ .mfi;	nop.m		0
-	xma.lu		alo[3]=alo[3],bi,ahi[2]
-	mov		pr.rot=0x20001f<<16
-			// ------^----- (p40) at first (p23)
-			// ----------^^ p[16:20]=1
-					};;
-{ .mfi;	nop.m		0
-	xmpy.lu		m0=alo[4],n0		// (ap[0]*bp[0])*n0
-	mov		ar.lc=lc	}
-{ .mfi;	nop.m		0
-	fcvt.fxu.s1	nhi[1]=f0
-	mov		ar.ec=8		};;
-
-.align	32
-.L1st_ctop:
-.pred.rel	"mutex",p40,p42
-{ .mfi;	(p16)	ldf8		alo[0]=[aptr],8		    // *(aptr++)
-	(p18)	xma.hu		ahi[0]=alo[2],bi,ahi[1]
-	(p40)	add		n[2]=n[2],a[2]		}   // (p23)					}
-{ .mfi;	(p18)	ldf8		nlo[0]=[nptr],8		    // *(nptr++)(p16)
-	(p18)	xma.lu		alo[2]=alo[2],bi,ahi[1]
-	(p42)	add		n[2]=n[2],a[2],1	};; // (p23)
-{ .mfi;	(p21)	getf.sig	a[0]=alo[5]
-	(p20)	xma.hu		nhi[0]=nlo[2],m0,nhi[1]
-	(p42)	cmp.leu		p41,p39=n[2],a[2]   	}   // (p23)
-{ .mfi;	(p23)	st8		[tp_1]=n[2],8
-	(p20)	xma.lu		nlo[2]=nlo[2],m0,nhi[1]
-	(p40)	cmp.ltu		p41,p39=n[2],a[2]	}   // (p23)
-{ .mmb;	(p21)	getf.sig	n[0]=nlo[3]
-	(p16)	nop.m		0
-	br.ctop.sptk	.L1st_ctop			};;
-.L1st_cend:
-
-{ .mmi;	getf.sig	a[0]=ahi[6]		// (p24)
-	getf.sig	n[0]=nhi[4]
-	add		num=-1,num	};;	// num--
-{ .mmi;	.pred.rel	"mutex",p40,p42
-(p40)	add		n[0]=n[0],a[0]
-(p42)	add		n[0]=n[0],a[0],1
-	sub		aptr=aptr,len	};;	// rewind
-{ .mmi;	.pred.rel	"mutex",p40,p42
-(p40)	cmp.ltu		p41,p39=n[0],a[0]
-(p42)	cmp.leu		p41,p39=n[0],a[0]
-	sub		nptr=nptr,len	};;
-{ .mmi;	.pred.rel	"mutex",p39,p41
-(p39)	add		topbit=r0,r0
-(p41)	add		topbit=r0,r0,1
-	nop.i		0		}	
-{ .mmi;	st8		[tp_1]=n[0]
-	add		tptr=16,sp
-	add		tp_1=8,sp	};;
-
-.Louter:
-{ .mmi;	ldf8		bi=[bptr],8		// (*bp++)
-	ldf8		ahi[3]=[tptr]		// tp[0]
-	add		r30=8,aptr	};;
-{ .mmi;	ldf8		alo[4]=[aptr],16	// ap[0]
-	ldf8		alo[3]=[r30],16		// ap[1]
-	add		r31=8,nptr	};;
-{ .mfb;	ldf8		alo[2]=[aptr],16	// ap[2]
-	xma.hu		ahi[2]=alo[4],bi,ahi[3]	// ap[0]*bp[i]+tp[0]
-	brp.loop.imp	.Linner_ctop,.Linner_cend-16
-					}
-{ .mfb;	ldf8		alo[1]=[r30]		// ap[3]
-	xma.lu		alo[4]=alo[4],bi,ahi[3]
-	clrrrb.pr			};;
-{ .mfi;	ldf8		nlo[2]=[nptr],16	// np[0]
-	xma.hu		ahi[1]=alo[3],bi,ahi[2]	// ap[1]*bp[i]
-	nop.i		0		}
-{ .mfi;	ldf8		nlo[1]=[r31]		// np[1]
-	xma.lu		alo[3]=alo[3],bi,ahi[2]
-	mov		pr.rot=0x20101f<<16
-			// ------^----- (p40) at first (p23)
-			// --------^--- (p30) at first (p22)
-			// ----------^^ p[16:20]=1
-					};;
-{ .mfi;	st8		[tptr]=r0		// tp[0] is already accounted
-	xmpy.lu		m0=alo[4],n0		// (ap[0]*bp[i]+tp[0])*n0
-	mov		ar.lc=lc	}
-{ .mfi;
-	fcvt.fxu.s1	nhi[1]=f0
-	mov		ar.ec=8		};;
-
-// This loop spins in 4*(n+7) ticks on Itanium 2 and should spin in
-// 7*(n+7) ticks on Itanium (the one codenamed Merced). Factor of 7
-// in latter case accounts for two-tick pipeline stall, which means
-// that its performance would be ~20% lower than optimal one. No
-// attempt was made to address this, because original Itanium is
-// hardly represented out in the wild...
-.align	32
-.Linner_ctop:
-.pred.rel	"mutex",p40,p42
-.pred.rel	"mutex",p30,p32
-{ .mfi;	(p16)	ldf8		alo[0]=[aptr],8		    // *(aptr++)
-	(p18)	xma.hu		ahi[0]=alo[2],bi,ahi[1]
-	(p40)	add		n[2]=n[2],a[2]		}   // (p23)
-{ .mfi;	(p16)	nop.m		0
-	(p18)	xma.lu		alo[2]=alo[2],bi,ahi[1]
-	(p42)	add		n[2]=n[2],a[2],1	};; // (p23)
-{ .mfi;	(p21)	getf.sig	a[0]=alo[5]
-	(p16)	nop.f		0
-	(p40)	cmp.ltu		p41,p39=n[2],a[2]	}   // (p23)
-{ .mfi;	(p21)	ld8		t[0]=[tptr],8
-	(p16)	nop.f		0
-	(p42)	cmp.leu		p41,p39=n[2],a[2]	};; // (p23)
-{ .mfi;	(p18)	ldf8		nlo[0]=[nptr],8		    // *(nptr++)
-	(p20)	xma.hu		nhi[0]=nlo[2],m0,nhi[1]
-	(p30)	add		a[1]=a[1],t[1]		}   // (p22)
-{ .mfi;	(p16)	nop.m		0
-	(p20)	xma.lu		nlo[2]=nlo[2],m0,nhi[1]
-	(p32)	add		a[1]=a[1],t[1],1	};; // (p22)
-{ .mmi;	(p21)	getf.sig	n[0]=nlo[3]
-	(p16)	nop.m		0
-	(p30)	cmp.ltu		p31,p29=a[1],t[1]	}   // (p22)
-{ .mmb;	(p23)	st8		[tp_1]=n[2],8
-	(p32)	cmp.leu		p31,p29=a[1],t[1]	    // (p22)
-	br.ctop.sptk	.Linner_ctop			};;
-.Linner_cend:
-
-{ .mmi;	getf.sig	a[0]=ahi[6]		// (p24)
-	getf.sig	n[0]=nhi[4]
-	nop.i		0		};;
-
-{ .mmi;	.pred.rel	"mutex",p31,p33
-(p31)	add		a[0]=a[0],topbit
-(p33)	add		a[0]=a[0],topbit,1
-	mov		topbit=r0	};;
-{ .mfi; .pred.rel	"mutex",p31,p33
-(p31)	cmp.ltu		p32,p30=a[0],topbit
-(p33)	cmp.leu		p32,p30=a[0],topbit
-					}
-{ .mfi;	.pred.rel	"mutex",p40,p42
-(p40)	add		n[0]=n[0],a[0]
-(p42)	add		n[0]=n[0],a[0],1
-					};;
-{ .mmi;	.pred.rel	"mutex",p44,p46
-(p40)	cmp.ltu		p41,p39=n[0],a[0]
-(p42)	cmp.leu		p41,p39=n[0],a[0]
-(p32)	add		topbit=r0,r0,1	}
-
-{ .mmi;	st8		[tp_1]=n[0],8
-	cmp4.ne		p6,p0=1,num
-	sub		aptr=aptr,len	};;	// rewind
-{ .mmi;	sub		nptr=nptr,len
-(p41)	add		topbit=r0,r0,1
-	add		tptr=16,sp	}
-{ .mmb;	add		tp_1=8,sp
-	add		num=-1,num		// num--
-(p6)	br.cond.sptk.many	.Louter	};;
-
-{ .mbb;	add		lc=4,lc
-	brp.loop.imp	.Lsub_ctop,.Lsub_cend-16
-	clrrrb.pr			};;
-{ .mii;	nop.m		0
-	mov		pr.rot=0x10001<<16
-			// ------^---- (p33) at first (p17)
-	mov		ar.lc=lc	}
-{ .mii;	nop.m		0
-	mov		ar.ec=3
-	nop.i		0		};;
-
-.Lsub_ctop:
-.pred.rel	"mutex",p33,p35
-{ .mfi;	(p16)	ld8		t[0]=[tptr],8		    // t=*(tp++)
-	(p16)	nop.f		0
-	(p33)	sub		n[1]=t[1],n[1]		}   // (p17)
-{ .mfi;	(p16)	ld8		n[0]=[nptr],8		    // n=*(np++)
-	(p16)	nop.f		0
-	(p35)	sub		n[1]=t[1],n[1],1	};; // (p17)
-{ .mib;	(p18)	st8		[rptr]=n[2],8		    // *(rp++)=r
-	(p33)	cmp.gtu		p34,p32=n[1],t[1]	    // (p17)
-	(p18)	nop.b		0			}
-{ .mib;	(p18)	nop.m		0
-	(p35)	cmp.geu		p34,p32=n[1],t[1]	    // (p17)
-	br.ctop.sptk	.Lsub_ctop			};;
-.Lsub_cend:
-
-{ .mmb;	.pred.rel	"mutex",p34,p36
-(p34)	sub	topbit=topbit,r0	// (p19)
-(p36)	sub	topbit=topbit,r0,1
-	brp.loop.imp	.Lcopy_ctop,.Lcopy_cend-16
-					}
-{ .mmb;	sub	rptr=rptr,len		// rewind
-	sub	tptr=tptr,len
-	clrrrb.pr			};;
-{ .mmi;	and	aptr=tptr,topbit
-	andcm	bptr=rptr,topbit
-	mov	pr.rot=1<<16		};;
-{ .mii;	or	nptr=aptr,bptr
-	mov	ar.lc=lc
-	mov	ar.ec=3			};;
-
-.Lcopy_ctop:
-{ .mmb;	(p16)	ld8	n[0]=[nptr],8
-	(p18)	st8	[tptr]=r0,8
-	(p16)	nop.b	0		}
-{ .mmb;	(p16)	nop.m	0
-	(p18)	st8	[rptr]=n[2],8
-	br.ctop.sptk	.Lcopy_ctop	};;
-.Lcopy_cend:
-
-{ .mmi;	mov		ret0=1			// signal "handled"
-	rum		1<<5			// clear um.mfh
-	mov		ar.lc=prevlc	}
-{ .mib;	.restore	sp
-	mov		sp=prevsp
-	mov		pr=prevpr,0x1ffff
-	br.ret.sptk.many	b0	};;
-.endp	bn_mul_mont_general#
-
-a1=r16;  a2=r17;  a3=r18;  a4=r19;  a5=r20;  a6=r21;  a7=r22;  a8=r23;
-n1=r24;  n2=r25;  n3=r26;  n4=r27;  n5=r28;  n6=r29;  n7=r30;  n8=r31;
-t0=r15;
-
-ai0=f8;  ai1=f9;  ai2=f10; ai3=f11; ai4=f12; ai5=f13; ai6=f14; ai7=f15;
-ni0=f16; ni1=f17; ni2=f18; ni3=f19; ni4=f20; ni5=f21; ni6=f22; ni7=f23;
-
-.align	64
-.skip	48		// aligns loop body
-.local	bn_mul_mont_8#
-.proc	bn_mul_mont_8#
-bn_mul_mont_8:
-	.prologue
-{ .mmi;	.save		ar.pfs,prevfs
-	alloc		prevfs=ar.pfs,6,2,0,8
-	.vframe		prevsp
-	mov		prevsp=sp
-	.save		ar.lc,prevlc
-	mov		prevlc=ar.lc	}
-{ .mmi;	add		r17=-6*16,sp
-	add		sp=-7*16,sp
-	.save		pr,prevpr
-	mov		prevpr=pr	};;
-
-{ .mmi;	.save.gf	0,0x10
-	stf.spill	[sp]=f16,-16
-	.save.gf	0,0x20
-	stf.spill	[r17]=f17,32
-	add		r16=-5*16,prevsp};;
-{ .mmi;	.save.gf	0,0x40
-	stf.spill	[r16]=f18,32
-	.save.gf	0,0x80
-	stf.spill	[r17]=f19,32
-	$ADDP		aptr=0,in1	};;
-{ .mmi;	.save.gf	0,0x100
-	stf.spill	[r16]=f20,32
-	.save.gf	0,0x200
-	stf.spill	[r17]=f21,32
-	$ADDP		r29=8,in1	};;
-{ .mmi;	.save.gf	0,0x400
-	stf.spill	[r16]=f22
-	.save.gf	0,0x800
-	stf.spill	[r17]=f23
-	$ADDP		rptr=0,in0	};;
-
-	.body
-	.rotf		bj[8],mj[2],tf[2],alo[10],ahi[10],nlo[10],nhi[10]
-	.rotr		t[8]
-
-// load input vectors padding them to 8 elements
-{ .mmi;	ldf8		ai0=[aptr],16		// ap[0]
-	ldf8		ai1=[r29],16		// ap[1]
-	$ADDP		bptr=0,in2	}
-{ .mmi;	$ADDP		r30=8,in2
-	$ADDP		nptr=0,in3
-	$ADDP		r31=8,in3	};;
-{ .mmi;	ldf8		bj[7]=[bptr],16		// bp[0]
-	ldf8		bj[6]=[r30],16		// bp[1]
-	cmp4.le		p4,p5=3,in5	}
-{ .mmi;	ldf8		ni0=[nptr],16		// np[0]
-	ldf8		ni1=[r31],16		// np[1]
-	cmp4.le		p6,p7=4,in5	};;
-
-{ .mfi;	(p4)ldf8	ai2=[aptr],16		// ap[2]
-	(p5)fcvt.fxu	ai2=f0
-	cmp4.le		p8,p9=5,in5	}
-{ .mfi;	(p6)ldf8	ai3=[r29],16		// ap[3]
-	(p7)fcvt.fxu	ai3=f0
-	cmp4.le		p10,p11=6,in5	}
-{ .mfi;	(p4)ldf8	bj[5]=[bptr],16		// bp[2]
-	(p5)fcvt.fxu	bj[5]=f0
-	cmp4.le		p12,p13=7,in5	}
-{ .mfi;	(p6)ldf8	bj[4]=[r30],16		// bp[3]
-	(p7)fcvt.fxu	bj[4]=f0
-	cmp4.le		p14,p15=8,in5	}
-{ .mfi;	(p4)ldf8	ni2=[nptr],16		// np[2]
-	(p5)fcvt.fxu	ni2=f0
-	addp4		r28=-1,in5	}
-{ .mfi;	(p6)ldf8	ni3=[r31],16		// np[3]
-	(p7)fcvt.fxu	ni3=f0
-	$ADDP		in4=0,in4	};;
-
-{ .mfi;	ldf8		n0=[in4]
-	fcvt.fxu	tf[1]=f0
-	nop.i		0		}
-
-{ .mfi;	(p8)ldf8	ai4=[aptr],16		// ap[4]
-	(p9)fcvt.fxu	ai4=f0
-	mov		t[0]=r0		}
-{ .mfi;	(p10)ldf8	ai5=[r29],16		// ap[5]
-	(p11)fcvt.fxu	ai5=f0
-	mov		t[1]=r0		}
-{ .mfi;	(p8)ldf8	bj[3]=[bptr],16		// bp[4]
-	(p9)fcvt.fxu	bj[3]=f0
-	mov		t[2]=r0		}
-{ .mfi;	(p10)ldf8	bj[2]=[r30],16		// bp[5]
-	(p11)fcvt.fxu	bj[2]=f0
-	mov		t[3]=r0		}
-{ .mfi;	(p8)ldf8	ni4=[nptr],16		// np[4]
-	(p9)fcvt.fxu	ni4=f0
-	mov		t[4]=r0		}
-{ .mfi;	(p10)ldf8	ni5=[r31],16		// np[5]
-	(p11)fcvt.fxu	ni5=f0
-	mov		t[5]=r0		};;
-
-{ .mfi;	(p12)ldf8	ai6=[aptr],16		// ap[6]
-	(p13)fcvt.fxu	ai6=f0
-	mov		t[6]=r0		}
-{ .mfi;	(p14)ldf8	ai7=[r29],16		// ap[7]
-	(p15)fcvt.fxu	ai7=f0
-	mov		t[7]=r0		}
-{ .mfi;	(p12)ldf8	bj[1]=[bptr],16		// bp[6]
-	(p13)fcvt.fxu	bj[1]=f0
-	mov		ar.lc=r28	}
-{ .mfi;	(p14)ldf8	bj[0]=[r30],16		// bp[7]
-	(p15)fcvt.fxu	bj[0]=f0
-	mov		ar.ec=1		}
-{ .mfi;	(p12)ldf8	ni6=[nptr],16		// np[6]
-	(p13)fcvt.fxu	ni6=f0
-	mov		pr.rot=1<<16	}
-{ .mfb;	(p14)ldf8	ni7=[r31],16		// np[7]
-	(p15)fcvt.fxu	ni7=f0
-	brp.loop.imp	.Louter_8_ctop,.Louter_8_cend-16
-					};;
-
-// The loop is scheduled for 32*n ticks on Itanium 2. Actual attempt
-// to measure with help of Interval Time Counter indicated that the
-// factor is a tad higher: 33 or 34, if not 35. Exact measurement and
-// addressing the issue is problematic, because I don't have access
-// to platform-specific instruction-level profiler. On Itanium it
-// should run in 56*n ticks, because of higher xma latency...
-.Louter_8_ctop:
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mfi;	(p16)	nop.m		0			// 0:
-	(p16)	xma.hu		ahi[0]=ai0,bj[7],tf[1]	//	ap[0]*b[i]+t[0]
-	(p40)	add		a3=a3,n3	}	//	(p17) a3+=n3
-{ .mfi;	(p42)	add		a3=a3,n3,1
-	(p16)	xma.lu		alo[0]=ai0,bj[7],tf[1]
-	(p16)	nop.i		0		};;
-{ .mii;	(p17)	getf.sig	a7=alo[8]		// 1:
-	(p48)	add		t[6]=t[6],a3		//	(p17) t[6]+=a3
-	(p50)	add		t[6]=t[6],a3,1	};;
-{ .mfi;	(p17)	getf.sig	a8=ahi[8]		// 2:
-	(p17)	xma.hu		nhi[7]=ni6,mj[1],nhi[6]	//	np[6]*m0
-	(p40)	cmp.ltu		p43,p41=a3,n3	}
-{ .mfi;	(p42)	cmp.leu		p43,p41=a3,n3
-	(p17)	xma.lu		nlo[7]=ni6,mj[1],nhi[6]
-	(p16)	nop.i		0		};;
-{ .mii;	(p17)	getf.sig	n5=nlo[6]		// 3:
-	(p48)	cmp.ltu		p51,p49=t[6],a3
-	(p50)	cmp.leu		p51,p49=t[6],a3	};;
-	.pred.rel		"mutex",p41,p43
-	.pred.rel		"mutex",p49,p51
-{ .mfi;	(p16)	nop.m		0			// 4:
-	(p16)	xma.hu		ahi[1]=ai1,bj[7],ahi[0]	//	ap[1]*b[i]
-	(p41)	add		a4=a4,n4	}	//	(p17) a4+=n4
-{ .mfi;	(p43)	add		a4=a4,n4,1
-	(p16)	xma.lu		alo[1]=ai1,bj[7],ahi[0]
-	(p16)	nop.i		0		};;
-{ .mfi;	(p49)	add		t[5]=t[5],a4		// 5:	(p17) t[5]+=a4
-	(p16)	xmpy.lu		mj[0]=alo[0],n0		//	(ap[0]*b[i]+t[0])*n0
-	(p51)	add		t[5]=t[5],a4,1	};;
-{ .mfi;	(p16)	nop.m		0			// 6:
-	(p17)	xma.hu		nhi[8]=ni7,mj[1],nhi[7]	//	np[7]*m0
-	(p41)	cmp.ltu		p42,p40=a4,n4	}
-{ .mfi;	(p43)	cmp.leu		p42,p40=a4,n4
-	(p17)	xma.lu		nlo[8]=ni7,mj[1],nhi[7]
-	(p16)	nop.i		0		};;
-{ .mii;	(p17)	getf.sig	n6=nlo[7]		// 7:
-	(p49)	cmp.ltu		p50,p48=t[5],a4
-	(p51)	cmp.leu		p50,p48=t[5],a4	};;
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mfi;	(p16)	nop.m		0			// 8:
-	(p16)	xma.hu		ahi[2]=ai2,bj[7],ahi[1]	//	ap[2]*b[i]
-	(p40)	add		a5=a5,n5	}	//	(p17) a5+=n5
-{ .mfi;	(p42)	add		a5=a5,n5,1
-	(p16)	xma.lu		alo[2]=ai2,bj[7],ahi[1]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	a1=alo[1]		// 9:
-	(p48)	add		t[4]=t[4],a5		//	p(17) t[4]+=a5
-	(p50)	add		t[4]=t[4],a5,1	};;
-{ .mfi;	(p16)	nop.m		0			// 10:
-	(p16)	xma.hu		nhi[0]=ni0,mj[0],alo[0]	//	np[0]*m0
-	(p40)	cmp.ltu		p43,p41=a5,n5	}
-{ .mfi;	(p42)	cmp.leu		p43,p41=a5,n5
-	(p16)	xma.lu		nlo[0]=ni0,mj[0],alo[0]
-	(p16)	nop.i		0		};;
-{ .mii;	(p17)	getf.sig	n7=nlo[8]		// 11:
-	(p48)	cmp.ltu		p51,p49=t[4],a5
-	(p50)	cmp.leu		p51,p49=t[4],a5	};;
-	.pred.rel		"mutex",p41,p43
-	.pred.rel		"mutex",p49,p51
-{ .mfi;	(p17)	getf.sig	n8=nhi[8]		// 12:
-	(p16)	xma.hu		ahi[3]=ai3,bj[7],ahi[2]	//	ap[3]*b[i]
-	(p41)	add		a6=a6,n6	}	//	(p17) a6+=n6
-{ .mfi;	(p43)	add		a6=a6,n6,1
-	(p16)	xma.lu		alo[3]=ai3,bj[7],ahi[2]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	a2=alo[2]		// 13:
-	(p49)	add		t[3]=t[3],a6		//	(p17) t[3]+=a6
-	(p51)	add		t[3]=t[3],a6,1	};;
-{ .mfi;	(p16)	nop.m		0			// 14:
-	(p16)	xma.hu		nhi[1]=ni1,mj[0],nhi[0]	//	np[1]*m0
-	(p41)	cmp.ltu		p42,p40=a6,n6	}
-{ .mfi;	(p43)	cmp.leu		p42,p40=a6,n6
-	(p16)	xma.lu		nlo[1]=ni1,mj[0],nhi[0]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	nop.m		0			// 15:
-	(p49)	cmp.ltu		p50,p48=t[3],a6
-	(p51)	cmp.leu		p50,p48=t[3],a6	};;
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mfi;	(p16)	nop.m		0			// 16:
-	(p16)	xma.hu		ahi[4]=ai4,bj[7],ahi[3]	//	ap[4]*b[i]
-	(p40)	add		a7=a7,n7	}	//	(p17) a7+=n7
-{ .mfi;	(p42)	add		a7=a7,n7,1
-	(p16)	xma.lu		alo[4]=ai4,bj[7],ahi[3]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	a3=alo[3]		// 17:
-	(p48)	add		t[2]=t[2],a7		//	(p17) t[2]+=a7
-	(p50)	add		t[2]=t[2],a7,1	};;
-{ .mfi;	(p16)	nop.m		0			// 18:
-	(p16)	xma.hu		nhi[2]=ni2,mj[0],nhi[1]	//	np[2]*m0
-	(p40)	cmp.ltu		p43,p41=a7,n7	}
-{ .mfi;	(p42)	cmp.leu		p43,p41=a7,n7
-	(p16)	xma.lu		nlo[2]=ni2,mj[0],nhi[1]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	n1=nlo[1]		// 19:
-	(p48)	cmp.ltu		p51,p49=t[2],a7
-	(p50)	cmp.leu		p51,p49=t[2],a7	};;
-	.pred.rel		"mutex",p41,p43
-	.pred.rel		"mutex",p49,p51
-{ .mfi;	(p16)	nop.m		0			// 20:
-	(p16)	xma.hu		ahi[5]=ai5,bj[7],ahi[4]	//	ap[5]*b[i]
-	(p41)	add		a8=a8,n8	}	//	(p17) a8+=n8
-{ .mfi;	(p43)	add		a8=a8,n8,1
-	(p16)	xma.lu		alo[5]=ai5,bj[7],ahi[4]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	a4=alo[4]		// 21:
-	(p49)	add		t[1]=t[1],a8		//	(p17) t[1]+=a8
-	(p51)	add		t[1]=t[1],a8,1	};;
-{ .mfi;	(p16)	nop.m		0			// 22:
-	(p16)	xma.hu		nhi[3]=ni3,mj[0],nhi[2]	//	np[3]*m0
-	(p41)	cmp.ltu		p42,p40=a8,n8	}
-{ .mfi;	(p43)	cmp.leu		p42,p40=a8,n8
-	(p16)	xma.lu		nlo[3]=ni3,mj[0],nhi[2]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	n2=nlo[2]		// 23:
-	(p49)	cmp.ltu		p50,p48=t[1],a8
-	(p51)	cmp.leu		p50,p48=t[1],a8	};;
-{ .mfi;	(p16)	nop.m		0			// 24:
-	(p16)	xma.hu		ahi[6]=ai6,bj[7],ahi[5]	//	ap[6]*b[i]
-	(p16)	add		a1=a1,n1	}	//	(p16) a1+=n1
-{ .mfi;	(p16)	nop.m		0
-	(p16)	xma.lu		alo[6]=ai6,bj[7],ahi[5]
-	(p17)	mov		t[0]=r0		};;
-{ .mii;	(p16)	getf.sig	a5=alo[5]		// 25:
-	(p16)	add		t0=t[7],a1		//	(p16) t[7]+=a1
-	(p42)	add		t[0]=t[0],r0,1	};;
-{ .mfi;	(p16)	setf.sig	tf[0]=t0		// 26:
-	(p16)	xma.hu		nhi[4]=ni4,mj[0],nhi[3]	//	np[4]*m0
-	(p50)	add		t[0]=t[0],r0,1	}
-{ .mfi;	(p16)	cmp.ltu.unc	p42,p40=a1,n1
-	(p16)	xma.lu		nlo[4]=ni4,mj[0],nhi[3]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	n3=nlo[3]		// 27:
-	(p16)	cmp.ltu.unc	p50,p48=t0,a1
-	(p16)	nop.i		0		};;
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mfi;	(p16)	nop.m		0			// 28:
-	(p16)	xma.hu		ahi[7]=ai7,bj[7],ahi[6]	//	ap[7]*b[i]
-	(p40)	add		a2=a2,n2	}	//	(p16) a2+=n2
-{ .mfi;	(p42)	add		a2=a2,n2,1
-	(p16)	xma.lu		alo[7]=ai7,bj[7],ahi[6]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	a6=alo[6]		// 29:
-	(p48)	add		t[6]=t[6],a2		//	(p16) t[6]+=a2
-	(p50)	add		t[6]=t[6],a2,1	};;
-{ .mfi;	(p16)	nop.m		0			// 30:
-	(p16)	xma.hu		nhi[5]=ni5,mj[0],nhi[4]	//	np[5]*m0
-	(p40)	cmp.ltu		p41,p39=a2,n2	}
-{ .mfi;	(p42)	cmp.leu		p41,p39=a2,n2
-	(p16)	xma.lu		nlo[5]=ni5,mj[0],nhi[4]
-	(p16)	nop.i		0		};;
-{ .mfi;	(p16)	getf.sig	n4=nlo[4]		// 31:
-	(p16)	nop.f		0
-	(p48)	cmp.ltu		p49,p47=t[6],a2	}
-{ .mfb;	(p50)	cmp.leu		p49,p47=t[6],a2
-	(p16)	nop.f		0
-	br.ctop.sptk.many	.Louter_8_ctop	};;
-.Louter_8_cend:
-
-// above loop has to execute one more time, without (p16), which is
-// replaced with merged move of np[8] to GPR bank
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mmi;	(p0)	getf.sig	n1=ni0			// 0:
-	(p40)	add		a3=a3,n3		//	(p17) a3+=n3
-	(p42)	add		a3=a3,n3,1	};;
-{ .mii;	(p17)	getf.sig	a7=alo[8]		// 1:
-	(p48)	add		t[6]=t[6],a3		//	(p17) t[6]+=a3
-	(p50)	add		t[6]=t[6],a3,1	};;
-{ .mfi;	(p17)	getf.sig	a8=ahi[8]		// 2:
-	(p17)	xma.hu		nhi[7]=ni6,mj[1],nhi[6]	//	np[6]*m0
-	(p40)	cmp.ltu		p43,p41=a3,n3	}
-{ .mfi;	(p42)	cmp.leu		p43,p41=a3,n3
-	(p17)	xma.lu		nlo[7]=ni6,mj[1],nhi[6]
-	(p0)	nop.i		0		};;
-{ .mii;	(p17)	getf.sig	n5=nlo[6]		// 3:
-	(p48)	cmp.ltu		p51,p49=t[6],a3
-	(p50)	cmp.leu		p51,p49=t[6],a3	};;
-	.pred.rel		"mutex",p41,p43
-	.pred.rel		"mutex",p49,p51
-{ .mmi;	(p0)	getf.sig	n2=ni1			// 4:
-	(p41)	add		a4=a4,n4		//	(p17) a4+=n4
-	(p43)	add		a4=a4,n4,1	};;
-{ .mfi;	(p49)	add		t[5]=t[5],a4		// 5:	(p17) t[5]+=a4
-	(p0)	nop.f		0
-	(p51)	add		t[5]=t[5],a4,1	};;
-{ .mfi;	(p0)	getf.sig	n3=ni2			// 6:
-	(p17)	xma.hu		nhi[8]=ni7,mj[1],nhi[7]	//	np[7]*m0
-	(p41)	cmp.ltu		p42,p40=a4,n4	}
-{ .mfi;	(p43)	cmp.leu		p42,p40=a4,n4
-	(p17)	xma.lu		nlo[8]=ni7,mj[1],nhi[7]
-	(p0)	nop.i		0		};;
-{ .mii;	(p17)	getf.sig	n6=nlo[7]		// 7:
-	(p49)	cmp.ltu		p50,p48=t[5],a4
-	(p51)	cmp.leu		p50,p48=t[5],a4	};;
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mii;	(p0)	getf.sig	n4=ni3			// 8:
-	(p40)	add		a5=a5,n5		//	(p17) a5+=n5
-	(p42)	add		a5=a5,n5,1	};;
-{ .mii;	(p0)	nop.m		0			// 9:
-	(p48)	add		t[4]=t[4],a5		//	p(17) t[4]+=a5
-	(p50)	add		t[4]=t[4],a5,1	};;
-{ .mii;	(p0)	nop.m		0			// 10:
-	(p40)	cmp.ltu		p43,p41=a5,n5
-	(p42)	cmp.leu		p43,p41=a5,n5	};;
-{ .mii;	(p17)	getf.sig	n7=nlo[8]		// 11:
-	(p48)	cmp.ltu		p51,p49=t[4],a5
-	(p50)	cmp.leu		p51,p49=t[4],a5	};;
-	.pred.rel		"mutex",p41,p43
-	.pred.rel		"mutex",p49,p51
-{ .mii;	(p17)	getf.sig	n8=nhi[8]		// 12:
-	(p41)	add		a6=a6,n6		//	(p17) a6+=n6
-	(p43)	add		a6=a6,n6,1	};;
-{ .mii;	(p0)	getf.sig	n5=ni4			// 13:
-	(p49)	add		t[3]=t[3],a6		//	(p17) t[3]+=a6
-	(p51)	add		t[3]=t[3],a6,1	};;
-{ .mii;	(p0)	nop.m		0			// 14:
-	(p41)	cmp.ltu		p42,p40=a6,n6
-	(p43)	cmp.leu		p42,p40=a6,n6	};;
-{ .mii;	(p0)	getf.sig	n6=ni5			// 15:
-	(p49)	cmp.ltu		p50,p48=t[3],a6
-	(p51)	cmp.leu		p50,p48=t[3],a6	};;
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mii;	(p0)	nop.m		0			// 16:
-	(p40)	add		a7=a7,n7		//	(p17) a7+=n7
-	(p42)	add		a7=a7,n7,1	};;
-{ .mii;	(p0)	nop.m		0			// 17:
-	(p48)	add		t[2]=t[2],a7		//	(p17) t[2]+=a7
-	(p50)	add		t[2]=t[2],a7,1	};;
-{ .mii;	(p0)	nop.m		0			// 18:
-	(p40)	cmp.ltu		p43,p41=a7,n7
-	(p42)	cmp.leu		p43,p41=a7,n7	};;
-{ .mii;	(p0)	getf.sig	n7=ni6			// 19:
-	(p48)	cmp.ltu		p51,p49=t[2],a7
-	(p50)	cmp.leu		p51,p49=t[2],a7	};;
-	.pred.rel		"mutex",p41,p43
-	.pred.rel		"mutex",p49,p51
-{ .mii;	(p0)	nop.m		0			// 20:
-	(p41)	add		a8=a8,n8		//	(p17) a8+=n8
-	(p43)	add		a8=a8,n8,1	};;
-{ .mmi;	(p0)	nop.m		0			// 21:
-	(p49)	add		t[1]=t[1],a8		//	(p17) t[1]+=a8
-	(p51)	add		t[1]=t[1],a8,1	}
-{ .mmi;	(p17)	mov		t[0]=r0
-	(p41)	cmp.ltu		p42,p40=a8,n8
-	(p43)	cmp.leu		p42,p40=a8,n8	};;
-{ .mmi;	(p0)	getf.sig	n8=ni7			// 22:
-	(p49)	cmp.ltu		p50,p48=t[1],a8
-	(p51)	cmp.leu		p50,p48=t[1],a8	}
-{ .mmi;	(p42)	add		t[0]=t[0],r0,1
-	(p0)	add		r16=-7*16,prevsp
-	(p0)	add		r17=-6*16,prevsp	};;
-
-// subtract np[8] from carrybit|tmp[8]
-// carrybit|tmp[8] layout upon exit from above loop is:
-//	t[0]|t[1]|t[2]|t[3]|t[4]|t[5]|t[6]|t[7]|t0 (least significant)
-{ .mmi;	(p50)add	t[0]=t[0],r0,1
-	add		r18=-5*16,prevsp
-	sub		n1=t0,n1	};;
-{ .mmi;	cmp.gtu		p34,p32=n1,t0;;
-	.pred.rel	"mutex",p32,p34
-	(p32)sub	n2=t[7],n2
-	(p34)sub	n2=t[7],n2,1	};;
-{ .mii;	(p32)cmp.gtu	p35,p33=n2,t[7]
-	(p34)cmp.geu	p35,p33=n2,t[7];;
-	.pred.rel	"mutex",p33,p35
-	(p33)sub	n3=t[6],n3	}
-{ .mmi;	(p35)sub	n3=t[6],n3,1;;
-	(p33)cmp.gtu	p34,p32=n3,t[6]
-	(p35)cmp.geu	p34,p32=n3,t[6]	};;
-	.pred.rel	"mutex",p32,p34
-{ .mii;	(p32)sub	n4=t[5],n4
-	(p34)sub	n4=t[5],n4,1;;
-	(p32)cmp.gtu	p35,p33=n4,t[5]	}
-{ .mmi;	(p34)cmp.geu	p35,p33=n4,t[5];;
-	.pred.rel	"mutex",p33,p35
-	(p33)sub	n5=t[4],n5
-	(p35)sub	n5=t[4],n5,1	};;
-{ .mii;	(p33)cmp.gtu	p34,p32=n5,t[4]
-	(p35)cmp.geu	p34,p32=n5,t[4];;
-	.pred.rel	"mutex",p32,p34
-	(p32)sub	n6=t[3],n6	}
-{ .mmi;	(p34)sub	n6=t[3],n6,1;;
-	(p32)cmp.gtu	p35,p33=n6,t[3]
-	(p34)cmp.geu	p35,p33=n6,t[3]	};;
-	.pred.rel	"mutex",p33,p35
-{ .mii;	(p33)sub	n7=t[2],n7
-	(p35)sub	n7=t[2],n7,1;;
-	(p33)cmp.gtu	p34,p32=n7,t[2]	}
-{ .mmi;	(p35)cmp.geu	p34,p32=n7,t[2];;
-	.pred.rel	"mutex",p32,p34
-	(p32)sub	n8=t[1],n8
-	(p34)sub	n8=t[1],n8,1	};;
-{ .mii;	(p32)cmp.gtu	p35,p33=n8,t[1]
-	(p34)cmp.geu	p35,p33=n8,t[1];;
-	.pred.rel	"mutex",p33,p35
-	(p33)sub	a8=t[0],r0	}
-{ .mmi;	(p35)sub	a8=t[0],r0,1;;
-	(p33)cmp.gtu	p34,p32=a8,t[0]
-	(p35)cmp.geu	p34,p32=a8,t[0]	};;
-
-// save the result, either tmp[num] or tmp[num]-np[num]
-	.pred.rel	"mutex",p32,p34
-{ .mmi;	(p32)st8	[rptr]=n1,8
-	(p34)st8	[rptr]=t0,8
-	add		r19=-4*16,prevsp};;
-{ .mmb;	(p32)st8	[rptr]=n2,8
-	(p34)st8	[rptr]=t[7],8
-	(p5)br.cond.dpnt.few	.Ldone	};;
-{ .mmb;	(p32)st8	[rptr]=n3,8
-	(p34)st8	[rptr]=t[6],8
-	(p7)br.cond.dpnt.few	.Ldone	};;
-{ .mmb;	(p32)st8	[rptr]=n4,8
-	(p34)st8	[rptr]=t[5],8
-	(p9)br.cond.dpnt.few	.Ldone	};;
-{ .mmb;	(p32)st8	[rptr]=n5,8
-	(p34)st8	[rptr]=t[4],8
-	(p11)br.cond.dpnt.few	.Ldone	};;
-{ .mmb;	(p32)st8	[rptr]=n6,8
-	(p34)st8	[rptr]=t[3],8
-	(p13)br.cond.dpnt.few	.Ldone	};;
-{ .mmb;	(p32)st8	[rptr]=n7,8
-	(p34)st8	[rptr]=t[2],8
-	(p15)br.cond.dpnt.few	.Ldone	};;
-{ .mmb;	(p32)st8	[rptr]=n8,8
-	(p34)st8	[rptr]=t[1],8
-	nop.b		0		};;
-.Ldone:						// epilogue
-{ .mmi;	ldf.fill	f16=[r16],64
-	ldf.fill	f17=[r17],64
-	nop.i		0		}
-{ .mmi;	ldf.fill	f18=[r18],64
-	ldf.fill	f19=[r19],64
-	mov		pr=prevpr,0x1ffff	};;
-{ .mmi;	ldf.fill	f20=[r16]
-	ldf.fill	f21=[r17]
-	mov		ar.lc=prevlc	}
-{ .mmi;	ldf.fill	f22=[r18]
-	ldf.fill	f23=[r19]
-	mov		ret0=1		}	// signal "handled"
-{ .mib;	rum		1<<5
-	.restore	sp
-	mov		sp=prevsp
-	br.ret.sptk.many	b0	};;
-.endp	bn_mul_mont_8#
-
-.type	copyright#,\@object
-copyright:
-stringz	"Montgomery multiplication for IA-64, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-$output=shift and open STDOUT,">$output";
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S
deleted file mode 100644
index c0cee8211c..0000000000
--- a/crypto/bn/asm/ia64.S
+++ /dev/null
@@ -1,1555 +0,0 @@
-.explicit
-.text
-.ident	"ia64.S, Version 2.1"
-.ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-
-//
-// ====================================================================
-// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-// project.
-//
-// Rights for redistribution and usage in source and binary forms are
-// granted according to the OpenSSL license. Warranty of any kind is
-// disclaimed.
-// ====================================================================
-//
-// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is
-// different from Itanium to this module viewpoint. Most notably, is it
-// "wider" than Itanium? Can you experience loop scalability as
-// discussed in commentary sections? Not really:-( Itanium2 has 6
-// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to
-// spin twice as fast, as I need 8 IALU ports. Amount of floating point
-// ports is the same, i.e. 2, while I need 4. In other words, to this
-// module Itanium2 remains effectively as "wide" as Itanium. Yet it's
-// essentially different in respect to this module, and a re-tune was
-// required. Well, because some intruction latencies has changed. Most
-// noticeably those intensively used:
-//
-//			Itanium	Itanium2
-//	ldf8		9	6		L2 hit
-//	ld8		2	1		L1 hit
-//	getf		2	5
-//	xma[->getf]	7[+1]	4[+0]
-//	add[->st8]	1[+1]	1[+0]
-//
-// What does it mean? You might ratiocinate that the original code
-// should run just faster... Because sum of latencies is smaller...
-// Wrong! Note that getf latency increased. This means that if a loop is
-// scheduled for lower latency (as they were), then it will suffer from
-// stall condition and the code will therefore turn anti-scalable, e.g.
-// original bn_mul_words spun at 5*n or 2.5 times slower than expected
-// on Itanium2! What to do? Reschedule loops for Itanium2? But then
-// Itanium would exhibit anti-scalability. So I've chosen to reschedule
-// for worst latency for every instruction aiming for best *all-round*
-// performance.  
-
-// Q.	How much faster does it get?
-// A.	Here is the output from 'openssl speed rsa dsa' for vanilla
-//	0.9.6a compiled with gcc version 2.96 20000731 (Red Hat
-//	Linux 7.1 2.96-81):
-//
-//	                  sign    verify    sign/s verify/s
-//	rsa  512 bits   0.0036s   0.0003s    275.3   2999.2
-//	rsa 1024 bits   0.0203s   0.0011s     49.3    894.1
-//	rsa 2048 bits   0.1331s   0.0040s      7.5    250.9
-//	rsa 4096 bits   0.9270s   0.0147s      1.1     68.1
-//	                  sign    verify    sign/s verify/s
-//	dsa  512 bits   0.0035s   0.0043s    288.3    234.8
-//	dsa 1024 bits   0.0111s   0.0135s     90.0     74.2
-//
-//	And here is similar output but for this assembler
-//	implementation:-)
-//
-//	                  sign    verify    sign/s verify/s
-//	rsa  512 bits   0.0021s   0.0001s    549.4   9638.5
-//	rsa 1024 bits   0.0055s   0.0002s    183.8   4481.1
-//	rsa 2048 bits   0.0244s   0.0006s     41.4   1726.3
-//	rsa 4096 bits   0.1295s   0.0018s      7.7    561.5
-//	                  sign    verify    sign/s verify/s
-//	dsa  512 bits   0.0012s   0.0013s    891.9    756.6
-//	dsa 1024 bits   0.0023s   0.0028s    440.4    376.2
-//	
-//	Yes, you may argue that it's not fair comparison as it's
-//	possible to craft the C implementation with BN_UMULT_HIGH
-//	inline assembler macro. But of course! Here is the output
-//	with the macro:
-//
-//	                  sign    verify    sign/s verify/s
-//	rsa  512 bits   0.0020s   0.0002s    495.0   6561.0
-//	rsa 1024 bits   0.0086s   0.0004s    116.2   2235.7
-//	rsa 2048 bits   0.0519s   0.0015s     19.3    667.3
-//	rsa 4096 bits   0.3464s   0.0053s      2.9    187.7
-//	                  sign    verify    sign/s verify/s
-//	dsa  512 bits   0.0016s   0.0020s    613.1    510.5
-//	dsa 1024 bits   0.0045s   0.0054s    221.0    183.9
-//
-//	My code is still way faster, huh:-) And I believe that even
-//	higher performance can be achieved. Note that as keys get
-//	longer, performance gain is larger. Why? According to the
-//	profiler there is another player in the field, namely
-//	BN_from_montgomery consuming larger and larger portion of CPU
-//	time as keysize decreases. I therefore consider putting effort
-//	to assembler implementation of the following routine:
-//
-//	void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0)
-//	{
-//	int      i,j;
-//	BN_ULONG v;
-//
-//	for (i=0; i<nl; i++)
-//		{
-//		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-//		nrp++;
-//		rp++;
-//		if (((nrp[-1]+=v)&BN_MASK2) < v)
-//			for (j=0; ((++nrp[j])&BN_MASK2) == 0; j++) ;
-//		}
-//	}
-//
-//	It might as well be beneficial to implement even combaX
-//	variants, as it appears as it can literally unleash the
-//	performance (see comment section to bn_mul_comba8 below).
-//
-//	And finally for your reference the output for 0.9.6a compiled
-//	with SGIcc version 0.01.0-12 (keep in mind that for the moment
-//	of this writing it's not possible to convince SGIcc to use
-//	BN_UMULT_HIGH inline assembler macro, yet the code is fast,
-//	i.e. for a compiler generated one:-):
-//
-//	                  sign    verify    sign/s verify/s
-//	rsa  512 bits   0.0022s   0.0002s    452.7   5894.3
-//	rsa 1024 bits   0.0097s   0.0005s    102.7   2002.9
-//	rsa 2048 bits   0.0578s   0.0017s     17.3    600.2
-//	rsa 4096 bits   0.3838s   0.0061s      2.6    164.5
-//	                  sign    verify    sign/s verify/s
-//	dsa  512 bits   0.0018s   0.0022s    547.3    459.6
-//	dsa 1024 bits   0.0051s   0.0062s    196.6    161.3
-//
-//	Oh! Benchmarks were performed on 733MHz Lion-class Itanium
-//	system running Redhat Linux 7.1 (very special thanks to Ray
-//	McCaffity of Williams Communications for providing an account).
-//
-// Q.	What's the heck with 'rum 1<<5' at the end of every function?
-// A.	Well, by clearing the "upper FP registers written" bit of the
-//	User Mask I want to excuse the kernel from preserving upper
-//	(f32-f128) FP register bank over process context switch, thus
-//	minimizing bus bandwidth consumption during the switch (i.e.
-//	after PKI opration completes and the program is off doing
-//	something else like bulk symmetric encryption). Having said
-//	this, I also want to point out that it might be good idea
-//	to compile the whole toolkit (as well as majority of the
-//	programs for that matter) with -mfixed-range=f32-f127 command
-//	line option. No, it doesn't prevent the compiler from writing
-//	to upper bank, but at least discourages to do so. If you don't
-//	like the idea you have the option to compile the module with
-//	-Drum=nop.m in command line.
-//
-
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-#define	ADDP	addp4
-#else
-#define	ADDP	add
-#endif
-
-#if 1
-//
-// bn_[add|sub]_words routines.
-//
-// Loops are spinning in 2*(n+5) ticks on Itanuim (provided that the
-// data reside in L1 cache, i.e. 2 ticks away). It's possible to
-// compress the epilogue and get down to 2*n+6, but at the cost of
-// scalability (the neat feature of this implementation is that it
-// shall automagically spin in n+5 on "wider" IA-64 implementations:-)
-// I consider that the epilogue is short enough as it is to trade tiny
-// performance loss on Itanium for scalability.
-//
-// BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
-//
-.global	bn_add_words#
-.proc	bn_add_words#
-.align	64
-.skip	32	// makes the loop body aligned at 64-byte boundary
-bn_add_words:
-	.prologue
-	.save	ar.pfs,r2
-{ .mii;	alloc		r2=ar.pfs,4,12,0,16
-	cmp4.le		p6,p0=r35,r0	};;
-{ .mfb;	mov		r8=r0			// return value
-(p6)	br.ret.spnt.many	b0	};;
-
-{ .mib;	sub		r10=r35,r0,1
-	.save	ar.lc,r3
-	mov		r3=ar.lc
-	brp.loop.imp	.L_bn_add_words_ctop,.L_bn_add_words_cend-16
-					}
-{ .mib;	ADDP		r14=0,r32		// rp
-	.save	pr,r9
-	mov		r9=pr		};;
-	.body
-{ .mii;	ADDP		r15=0,r33		// ap
-	mov		ar.lc=r10
-	mov		ar.ec=6		}
-{ .mib;	ADDP		r16=0,r34		// bp
-	mov		pr.rot=1<<16	};;
-
-.L_bn_add_words_ctop:
-{ .mii;	(p16)	ld8		r32=[r16],8	  // b=*(bp++)
-	(p18)	add		r39=r37,r34
-	(p19)	cmp.ltu.unc	p56,p0=r40,r38	}
-{ .mfb;	(p0)	nop.m		0x0
-	(p0)	nop.f		0x0
-	(p0)	nop.b		0x0		}
-{ .mii;	(p16)	ld8		r35=[r15],8	  // a=*(ap++)
-	(p58)	cmp.eq.or	p57,p0=-1,r41	  // (p20)
-	(p58)	add		r41=1,r41	} // (p20)
-{ .mfb;	(p21)	st8		[r14]=r42,8	  // *(rp++)=r
-	(p0)	nop.f		0x0
-	br.ctop.sptk	.L_bn_add_words_ctop	};;
-.L_bn_add_words_cend:
-
-{ .mii;
-(p59)	add		r8=1,r8		// return value
-	mov		pr=r9,0x1ffff
-	mov		ar.lc=r3	}
-{ .mbb;	nop.b		0x0
-	br.ret.sptk.many	b0	};;
-.endp	bn_add_words#
-
-//
-// BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
-//
-.global	bn_sub_words#
-.proc	bn_sub_words#
-.align	64
-.skip	32	// makes the loop body aligned at 64-byte boundary
-bn_sub_words:
-	.prologue
-	.save	ar.pfs,r2
-{ .mii;	alloc		r2=ar.pfs,4,12,0,16
-	cmp4.le		p6,p0=r35,r0	};;
-{ .mfb;	mov		r8=r0			// return value
-(p6)	br.ret.spnt.many	b0	};;
-
-{ .mib;	sub		r10=r35,r0,1
-	.save	ar.lc,r3
-	mov		r3=ar.lc
-	brp.loop.imp	.L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
-					}
-{ .mib;	ADDP		r14=0,r32		// rp
-	.save	pr,r9
-	mov		r9=pr		};;
-	.body
-{ .mii;	ADDP		r15=0,r33		// ap
-	mov		ar.lc=r10
-	mov		ar.ec=6		}
-{ .mib;	ADDP		r16=0,r34		// bp
-	mov		pr.rot=1<<16	};;
-
-.L_bn_sub_words_ctop:
-{ .mii;	(p16)	ld8		r32=[r16],8	  // b=*(bp++)
-	(p18)	sub		r39=r37,r34
-	(p19)	cmp.gtu.unc	p56,p0=r40,r38	}
-{ .mfb;	(p0)	nop.m		0x0
-	(p0)	nop.f		0x0
-	(p0)	nop.b		0x0		}
-{ .mii;	(p16)	ld8		r35=[r15],8	  // a=*(ap++)
-	(p58)	cmp.eq.or	p57,p0=0,r41	  // (p20)
-	(p58)	add		r41=-1,r41	} // (p20)
-{ .mbb;	(p21)	st8		[r14]=r42,8	  // *(rp++)=r
-	(p0)	nop.b		0x0
-	br.ctop.sptk	.L_bn_sub_words_ctop	};;
-.L_bn_sub_words_cend:
-
-{ .mii;
-(p59)	add		r8=1,r8		// return value
-	mov		pr=r9,0x1ffff
-	mov		ar.lc=r3	}
-{ .mbb;	nop.b		0x0
-	br.ret.sptk.many	b0	};;
-.endp	bn_sub_words#
-#endif
-
-#if 0
-#define XMA_TEMPTATION
-#endif
-
-#if 1
-//
-// BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-//
-.global	bn_mul_words#
-.proc	bn_mul_words#
-.align	64
-.skip	32	// makes the loop body aligned at 64-byte boundary
-bn_mul_words:
-	.prologue
-	.save	ar.pfs,r2
-#ifdef XMA_TEMPTATION
-{ .mfi;	alloc		r2=ar.pfs,4,0,0,0	};;
-#else
-{ .mfi;	alloc		r2=ar.pfs,4,12,0,16	};;
-#endif
-{ .mib;	mov		r8=r0			// return value
-	cmp4.le		p6,p0=r34,r0
-(p6)	br.ret.spnt.many	b0		};;
-
-{ .mii;	sub	r10=r34,r0,1
-	.save	ar.lc,r3
-	mov	r3=ar.lc
-	.save	pr,r9
-	mov	r9=pr			};;
-
-	.body
-{ .mib;	setf.sig	f8=r35	// w
-	mov		pr.rot=0x800001<<16
-			// ------^----- serves as (p50) at first (p27)
-	brp.loop.imp	.L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
-					}
-
-#ifndef XMA_TEMPTATION
-
-{ .mmi;	ADDP		r14=0,r32	// rp
-	ADDP		r15=0,r33	// ap
-	mov		ar.lc=r10	}
-{ .mmi;	mov		r40=0		// serves as r35 at first (p27)
-	mov		ar.ec=13	};;
-
-// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium
-// L2 cache (i.e. 9 ticks away) as floating point load/store instructions
-// bypass L1 cache and L2 latency is actually best-case scenario for
-// ldf8. The loop is not scalable and shall run in 2*(n+12) even on
-// "wider" IA-64 implementations. It's a trade-off here. n+24 loop
-// would give us ~5% in *overall* performance improvement on "wider"
-// IA-64, but would hurt Itanium for about same because of longer
-// epilogue. As it's a matter of few percents in either case I've
-// chosen to trade the scalability for development time (you can see
-// this very instruction sequence in bn_mul_add_words loop which in
-// turn is scalable).
-.L_bn_mul_words_ctop:
-{ .mfi;	(p25)	getf.sig	r36=f52			// low
-	(p21)	xmpy.lu		f48=f37,f8
-	(p28)	cmp.ltu		p54,p50=r41,r39	}
-{ .mfi;	(p16)	ldf8		f32=[r15],8
-	(p21)	xmpy.hu		f40=f37,f8
-	(p0)	nop.i		0x0		};;
-{ .mii;	(p25)	getf.sig	r32=f44			// high
-	.pred.rel	"mutex",p50,p54
-	(p50)	add		r40=r38,r35		// (p27)
-	(p54)	add		r40=r38,r35,1	}	// (p27)
-{ .mfb;	(p28)	st8		[r14]=r41,8
-	(p0)	nop.f		0x0
-	br.ctop.sptk	.L_bn_mul_words_ctop	};;
-.L_bn_mul_words_cend:
-
-{ .mii;	nop.m		0x0
-.pred.rel	"mutex",p51,p55
-(p51)	add		r8=r36,r0
-(p55)	add		r8=r36,r0,1	}
-{ .mfb;	nop.m	0x0
-	nop.f	0x0
-	nop.b	0x0			}
-
-#else	// XMA_TEMPTATION
-
-	setf.sig	f37=r0	// serves as carry at (p18) tick
-	mov		ar.lc=r10
-	mov		ar.ec=5;;
-
-// Most of you examining this code very likely wonder why in the name
-// of Intel the following loop is commented out? Indeed, it looks so
-// neat that you find it hard to believe that it's something wrong
-// with it, right? The catch is that every iteration depends on the
-// result from previous one and the latter isn't available instantly.
-// The loop therefore spins at the latency of xma minus 1, or in other
-// words at 6*(n+4) ticks:-( Compare to the "production" loop above
-// that runs in 2*(n+11) where the low latency problem is worked around
-// by moving the dependency to one-tick latent interger ALU. Note that
-// "distance" between ldf8 and xma is not latency of ldf8, but the
-// *difference* between xma and ldf8 latencies.
-.L_bn_mul_words_ctop:
-{ .mfi;	(p16)	ldf8		f32=[r33],8
-	(p18)	xma.hu		f38=f34,f8,f39	}
-{ .mfb;	(p20)	stf8		[r32]=f37,8
-	(p18)	xma.lu		f35=f34,f8,f39
-	br.ctop.sptk	.L_bn_mul_words_ctop	};;
-.L_bn_mul_words_cend:
-
-	getf.sig	r8=f41		// the return value
-
-#endif	// XMA_TEMPTATION
-
-{ .mii;	nop.m		0x0
-	mov		pr=r9,0x1ffff
-	mov		ar.lc=r3	}
-{ .mfb;	rum		1<<5		// clear um.mfh
-	nop.f		0x0
-	br.ret.sptk.many	b0	};;
-.endp	bn_mul_words#
-#endif
-
-#if 1
-//
-// BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-//
-.global	bn_mul_add_words#
-.proc	bn_mul_add_words#
-.align	64
-.skip	48	// makes the loop body aligned at 64-byte boundary
-bn_mul_add_words:
-	.prologue
-	.save	ar.pfs,r2
-{ .mmi;	alloc		r2=ar.pfs,4,4,0,8
-	cmp4.le		p6,p0=r34,r0
-	.save	ar.lc,r3
-	mov		r3=ar.lc	};;
-{ .mib;	mov		r8=r0		// return value
-	sub		r10=r34,r0,1
-(p6)	br.ret.spnt.many	b0	};;
-
-{ .mib;	setf.sig	f8=r35		// w
-	.save	pr,r9
-	mov		r9=pr
-	brp.loop.imp	.L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
-					}
-	.body
-{ .mmi;	ADDP		r14=0,r32	// rp
-	ADDP		r15=0,r33	// ap
-	mov		ar.lc=r10	}
-{ .mii;	ADDP		r16=0,r32	// rp copy
-	mov		pr.rot=0x2001<<16
-			// ------^----- serves as (p40) at first (p27)
-	mov		ar.ec=11	};;
-
-// This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on
-// Itanium 2. Yes, unlike previous versions it scales:-) Previous
-// version was peforming *all* additions in IALU and was starving
-// for those even on Itanium 2. In this version one addition is
-// moved to FPU and is folded with multiplication. This is at cost
-// of propogating the result from previous call to this subroutine
-// to L2 cache... In other words negligible even for shorter keys.
-// *Overall* performance improvement [over previous version] varies
-// from 11 to 22 percent depending on key length.
-.L_bn_mul_add_words_ctop:
-.pred.rel	"mutex",p40,p42
-{ .mfi;	(p23)	getf.sig	r36=f45			// low
-	(p20)	xma.lu		f42=f36,f8,f50		// low
-	(p40)	add		r39=r39,r35	}	// (p27)
-{ .mfi;	(p16)	ldf8		f32=[r15],8		// *(ap++)
-	(p20)	xma.hu		f36=f36,f8,f50		// high
-	(p42)	add		r39=r39,r35,1	};;	// (p27)
-{ .mmi;	(p24)	getf.sig	r32=f40			// high
-	(p16)	ldf8		f46=[r16],8		// *(rp1++)
-	(p40)	cmp.ltu		p41,p39=r39,r35	}	// (p27)
-{ .mib;	(p26)	st8		[r14]=r39,8		// *(rp2++)
-	(p42)	cmp.leu		p41,p39=r39,r35		// (p27)
-	br.ctop.sptk	.L_bn_mul_add_words_ctop};;
-.L_bn_mul_add_words_cend:
-
-{ .mmi;	.pred.rel	"mutex",p40,p42
-(p40)	add		r8=r35,r0
-(p42)	add		r8=r35,r0,1
-	mov		pr=r9,0x1ffff	}
-{ .mib;	rum		1<<5		// clear um.mfh
-	mov		ar.lc=r3
-	br.ret.sptk.many	b0	};;
-.endp	bn_mul_add_words#
-#endif
-
-#if 1
-//
-// void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
-//
-.global	bn_sqr_words#
-.proc	bn_sqr_words#
-.align	64
-.skip	32	// makes the loop body aligned at 64-byte boundary 
-bn_sqr_words:
-	.prologue
-	.save	ar.pfs,r2
-{ .mii;	alloc		r2=ar.pfs,3,0,0,0
-	sxt4		r34=r34		};;
-{ .mii;	cmp.le		p6,p0=r34,r0
-	mov		r8=r0		}	// return value
-{ .mfb;	ADDP		r32=0,r32
-	nop.f		0x0
-(p6)	br.ret.spnt.many	b0	};;
-
-{ .mii;	sub	r10=r34,r0,1
-	.save	ar.lc,r3
-	mov	r3=ar.lc
-	.save	pr,r9
-	mov	r9=pr			};;
-
-	.body
-{ .mib;	ADDP		r33=0,r33
-	mov		pr.rot=1<<16
-	brp.loop.imp	.L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
-					}
-{ .mii;	add		r34=8,r32
-	mov		ar.lc=r10
-	mov		ar.ec=18	};;
-
-// 2*(n+17) on Itanium, (n+17) on "wider" IA-64 implementations. It's
-// possible to compress the epilogue (I'm getting tired to write this
-// comment over and over) and get down to 2*n+16 at the cost of
-// scalability. The decision will very likely be reconsidered after the
-// benchmark program is profiled. I.e. if perfomance gain on Itanium
-// will appear larger than loss on "wider" IA-64, then the loop should
-// be explicitely split and the epilogue compressed.
-.L_bn_sqr_words_ctop:
-{ .mfi;	(p16)	ldf8		f32=[r33],8
-	(p25)	xmpy.lu		f42=f41,f41
-	(p0)	nop.i		0x0		}
-{ .mib;	(p33)	stf8		[r32]=f50,16
-	(p0)	nop.i		0x0
-	(p0)	nop.b		0x0		}
-{ .mfi;	(p0)	nop.m		0x0
-	(p25)	xmpy.hu		f52=f41,f41
-	(p0)	nop.i		0x0		}
-{ .mib;	(p33)	stf8		[r34]=f60,16
-	(p0)	nop.i		0x0
-	br.ctop.sptk	.L_bn_sqr_words_ctop	};;
-.L_bn_sqr_words_cend:
-
-{ .mii;	nop.m		0x0
-	mov		pr=r9,0x1ffff
-	mov		ar.lc=r3	}
-{ .mfb;	rum		1<<5		// clear um.mfh
-	nop.f		0x0
-	br.ret.sptk.many	b0	};;
-.endp	bn_sqr_words#
-#endif
-
-#if 1
-// Apparently we win nothing by implementing special bn_sqr_comba8.
-// Yes, it is possible to reduce the number of multiplications by
-// almost factor of two, but then the amount of additions would
-// increase by factor of two (as we would have to perform those
-// otherwise performed by xma ourselves). Normally we would trade
-// anyway as multiplications are way more expensive, but not this
-// time... Multiplication kernel is fully pipelined and as we drain
-// one 128-bit multiplication result per clock cycle multiplications
-// are effectively as inexpensive as additions. Special implementation
-// might become of interest for "wider" IA-64 implementation as you'll
-// be able to get through the multiplication phase faster (there won't
-// be any stall issues as discussed in the commentary section below and
-// you therefore will be able to employ all 4 FP units)... But these
-// Itanium days it's simply too hard to justify the effort so I just
-// drop down to bn_mul_comba8 code:-)
-//
-// void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-//
-.global	bn_sqr_comba8#
-.proc	bn_sqr_comba8#
-.align	64
-bn_sqr_comba8:
-	.prologue
-	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mii;	alloc	r2=ar.pfs,2,1,0,0
-	addp4	r33=0,r33
-	addp4	r32=0,r32		};;
-{ .mii;
-#else
-{ .mii;	alloc	r2=ar.pfs,2,1,0,0
-#endif
-	mov	r34=r33
-	add	r14=8,r33		};;
-	.body
-{ .mii;	add	r17=8,r34
-	add	r15=16,r33
-	add	r18=16,r34		}
-{ .mfb;	add	r16=24,r33
-	br	.L_cheat_entry_point8	};;
-.endp	bn_sqr_comba8#
-#endif
-
-#if 1
-// I've estimated this routine to run in ~120 ticks, but in reality
-// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra
-// cycles consumed for instructions fetch? Or did I misinterpret some
-// clause in Itanium µ-architecture manual? Comments are welcomed and
-// highly appreciated.
-//
-// On Itanium 2 it takes ~190 ticks. This is because of stalls on
-// result from getf.sig. I do nothing about it at this point for
-// reasons depicted below.
-//
-// However! It should be noted that even 160 ticks is darn good result
-// as it's over 10 (yes, ten, spelled as t-e-n) times faster than the
-// C version (compiled with gcc with inline assembler). I really
-// kicked compiler's butt here, didn't I? Yeah! This brings us to the
-// following statement. It's damn shame that this routine isn't called
-// very often nowadays! According to the profiler most CPU time is
-// consumed by bn_mul_add_words called from BN_from_montgomery. In
-// order to estimate what we're missing, I've compared the performance
-// of this routine against "traditional" implementation, i.e. against
-// following routine:
-//
-// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-// {	r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
-//	r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
-//	r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
-//	r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
-//	r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
-//	r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
-//	r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
-//	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
-// }
-//
-// The one below is over 8 times faster than the one above:-( Even
-// more reasons to "combafy" bn_mul_add_mont...
-//
-// And yes, this routine really made me wish there were an optimizing
-// assembler! It also feels like it deserves a dedication.
-//
-//	To my wife for being there and to my kids...
-//
-// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-//
-#define	carry1	r14
-#define	carry2	r15
-#define	carry3	r34
-.global	bn_mul_comba8#
-.proc	bn_mul_comba8#
-.align	64
-bn_mul_comba8:
-	.prologue
-	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mii;	alloc	r2=ar.pfs,3,0,0,0
-	addp4	r33=0,r33
-	addp4	r34=0,r34		};;
-{ .mii;	addp4	r32=0,r32
-#else
-{ .mii;	alloc   r2=ar.pfs,3,0,0,0
-#endif
-	add	r14=8,r33
-	add	r17=8,r34		}
-	.body
-{ .mii;	add	r15=16,r33
-	add	r18=16,r34
-	add	r16=24,r33		}
-.L_cheat_entry_point8:
-{ .mmi;	add	r19=24,r34
-
-	ldf8	f32=[r33],32		};;
-
-{ .mmi;	ldf8	f120=[r34],32
-	ldf8	f121=[r17],32		}
-{ .mmi;	ldf8	f122=[r18],32
-	ldf8	f123=[r19],32		};;
-{ .mmi;	ldf8	f124=[r34]
-	ldf8	f125=[r17]		}
-{ .mmi;	ldf8	f126=[r18]
-	ldf8	f127=[r19]		}
-
-{ .mmi;	ldf8	f33=[r14],32
-	ldf8	f34=[r15],32		}
-{ .mmi;	ldf8	f35=[r16],32;;
-	ldf8	f36=[r33]		}
-{ .mmi;	ldf8	f37=[r14]
-	ldf8	f38=[r15]		}
-{ .mfi;	ldf8	f39=[r16]
-// -------\ Entering multiplier's heaven /-------
-// ------------\                    /------------
-// -----------------\          /-----------------
-// ----------------------\/----------------------
-		xma.hu	f41=f32,f120,f0		}
-{ .mfi;		xma.lu	f40=f32,f120,f0		};; // (*)
-{ .mfi;		xma.hu	f51=f32,f121,f0		}
-{ .mfi;		xma.lu	f50=f32,f121,f0		};;
-{ .mfi;		xma.hu	f61=f32,f122,f0		}
-{ .mfi;		xma.lu	f60=f32,f122,f0		};;
-{ .mfi;		xma.hu	f71=f32,f123,f0		}
-{ .mfi;		xma.lu	f70=f32,f123,f0		};;
-{ .mfi;		xma.hu	f81=f32,f124,f0		}
-{ .mfi;		xma.lu	f80=f32,f124,f0		};;
-{ .mfi;		xma.hu	f91=f32,f125,f0		}
-{ .mfi;		xma.lu	f90=f32,f125,f0		};;
-{ .mfi;		xma.hu	f101=f32,f126,f0	}
-{ .mfi;		xma.lu	f100=f32,f126,f0	};;
-{ .mfi;		xma.hu	f111=f32,f127,f0	}
-{ .mfi;		xma.lu	f110=f32,f127,f0	};;//
-// (*)	You can argue that splitting at every second bundle would
-//	prevent "wider" IA-64 implementations from achieving the peak
-//	performance. Well, not really... The catch is that if you
-//	intend to keep 4 FP units busy by splitting at every fourth
-//	bundle and thus perform these 16 multiplications in 4 ticks,
-//	the first bundle *below* would stall because the result from
-//	the first xma bundle *above* won't be available for another 3
-//	ticks (if not more, being an optimist, I assume that "wider"
-//	implementation will have same latency:-). This stall will hold
-//	you back and the performance would be as if every second bundle
-//	were split *anyway*...
-{ .mfi;	getf.sig	r16=f40
-		xma.hu	f42=f33,f120,f41
-	add		r33=8,r32		}
-{ .mfi;		xma.lu	f41=f33,f120,f41	};;
-{ .mfi;	getf.sig	r24=f50
-		xma.hu	f52=f33,f121,f51	}
-{ .mfi;		xma.lu	f51=f33,f121,f51	};;
-{ .mfi;	st8		[r32]=r16,16
-		xma.hu	f62=f33,f122,f61	}
-{ .mfi;		xma.lu	f61=f33,f122,f61	};;
-{ .mfi;		xma.hu	f72=f33,f123,f71	}
-{ .mfi;		xma.lu	f71=f33,f123,f71	};;
-{ .mfi;		xma.hu	f82=f33,f124,f81	}
-{ .mfi;		xma.lu	f81=f33,f124,f81	};;
-{ .mfi;		xma.hu	f92=f33,f125,f91	}
-{ .mfi;		xma.lu	f91=f33,f125,f91	};;
-{ .mfi;		xma.hu	f102=f33,f126,f101	}
-{ .mfi;		xma.lu	f101=f33,f126,f101	};;
-{ .mfi;		xma.hu	f112=f33,f127,f111	}
-{ .mfi;		xma.lu	f111=f33,f127,f111	};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r25=f41
-		xma.hu	f43=f34,f120,f42	}
-{ .mfi;		xma.lu	f42=f34,f120,f42	};;
-{ .mfi;	getf.sig	r16=f60
-		xma.hu	f53=f34,f121,f52	}
-{ .mfi;		xma.lu	f52=f34,f121,f52	};;
-{ .mfi;	getf.sig	r17=f51
-		xma.hu	f63=f34,f122,f62
-	add		r25=r25,r24		}
-{ .mfi;		xma.lu	f62=f34,f122,f62
-	mov		carry1=0		};;
-{ .mfi;	cmp.ltu		p6,p0=r25,r24
-		xma.hu	f73=f34,f123,f72	}
-{ .mfi;		xma.lu	f72=f34,f123,f72	};;
-{ .mfi;	st8		[r33]=r25,16
-		xma.hu	f83=f34,f124,f82
-(p6)	add		carry1=1,carry1		}
-{ .mfi;		xma.lu	f82=f34,f124,f82	};;
-{ .mfi;		xma.hu	f93=f34,f125,f92	}
-{ .mfi;		xma.lu	f92=f34,f125,f92	};;
-{ .mfi;		xma.hu	f103=f34,f126,f102	}
-{ .mfi;		xma.lu	f102=f34,f126,f102	};;
-{ .mfi;		xma.hu	f113=f34,f127,f112	}
-{ .mfi;		xma.lu	f112=f34,f127,f112	};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r18=f42
-		xma.hu	f44=f35,f120,f43
-	add		r17=r17,r16		}
-{ .mfi;		xma.lu	f43=f35,f120,f43	};;
-{ .mfi;	getf.sig	r24=f70
-		xma.hu	f54=f35,f121,f53	}
-{ .mfi;	mov		carry2=0
-		xma.lu	f53=f35,f121,f53	};;
-{ .mfi;	getf.sig	r25=f61
-		xma.hu	f64=f35,f122,f63
-	cmp.ltu		p7,p0=r17,r16		}
-{ .mfi;	add		r18=r18,r17
-		xma.lu	f63=f35,f122,f63	};;
-{ .mfi;	getf.sig	r26=f52
-		xma.hu	f74=f35,f123,f73
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r18,r17
-		xma.lu	f73=f35,f123,f73
-	add		r18=r18,carry1		};;
-{ .mfi;
-		xma.hu	f84=f35,f124,f83
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r18,carry1
-		xma.lu	f83=f35,f124,f83	};;
-{ .mfi;	st8		[r32]=r18,16
-		xma.hu	f94=f35,f125,f93
-(p7)	add		carry2=1,carry2		}
-{ .mfi;		xma.lu	f93=f35,f125,f93	};;
-{ .mfi;		xma.hu	f104=f35,f126,f103	}
-{ .mfi;		xma.lu	f103=f35,f126,f103	};;
-{ .mfi;		xma.hu	f114=f35,f127,f113	}
-{ .mfi;	mov		carry1=0
-		xma.lu	f113=f35,f127,f113
-	add		r25=r25,r24		};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r27=f43
-		xma.hu	f45=f36,f120,f44
-	cmp.ltu		p6,p0=r25,r24		}
-{ .mfi;		xma.lu	f44=f36,f120,f44	
-	add		r26=r26,r25		};;
-{ .mfi;	getf.sig	r16=f80
-		xma.hu	f55=f36,f121,f54
-(p6)	add		carry1=1,carry1		}
-{ .mfi;		xma.lu	f54=f36,f121,f54	};;
-{ .mfi;	getf.sig	r17=f71
-		xma.hu	f65=f36,f122,f64
-	cmp.ltu		p6,p0=r26,r25		}
-{ .mfi;		xma.lu	f64=f36,f122,f64
-	add		r27=r27,r26		};;
-{ .mfi;	getf.sig	r18=f62
-		xma.hu	f75=f36,f123,f74
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	cmp.ltu		p6,p0=r27,r26
-		xma.lu	f74=f36,f123,f74
-	add		r27=r27,carry2		};;
-{ .mfi;	getf.sig	r19=f53
-		xma.hu	f85=f36,f124,f84
-(p6)	add		carry1=1,carry1		}
-{ .mfi;		xma.lu	f84=f36,f124,f84
-	cmp.ltu		p6,p0=r27,carry2	};;
-{ .mfi;	st8		[r33]=r27,16
-		xma.hu	f95=f36,f125,f94
-(p6)	add		carry1=1,carry1		}
-{ .mfi;		xma.lu	f94=f36,f125,f94	};;
-{ .mfi;		xma.hu	f105=f36,f126,f104	}
-{ .mfi;	mov		carry2=0
-		xma.lu	f104=f36,f126,f104
-	add		r17=r17,r16		};;
-{ .mfi;		xma.hu	f115=f36,f127,f114
-	cmp.ltu		p7,p0=r17,r16		}
-{ .mfi;		xma.lu	f114=f36,f127,f114
-	add		r18=r18,r17		};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r20=f44
-		xma.hu	f46=f37,f120,f45
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r18,r17
-		xma.lu	f45=f37,f120,f45
-	add		r19=r19,r18		};;
-{ .mfi;	getf.sig	r24=f90
-		xma.hu	f56=f37,f121,f55	}
-{ .mfi;		xma.lu	f55=f37,f121,f55	};;
-{ .mfi;	getf.sig	r25=f81
-		xma.hu	f66=f37,f122,f65
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r19,r18
-		xma.lu	f65=f37,f122,f65
-	add		r20=r20,r19		};;
-{ .mfi;	getf.sig	r26=f72
-		xma.hu	f76=f37,f123,f75
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r20,r19
-		xma.lu	f75=f37,f123,f75
-	add		r20=r20,carry1		};;
-{ .mfi;	getf.sig	r27=f63
-		xma.hu	f86=f37,f124,f85
-(p7)	add		carry2=1,carry2		}
-{ .mfi;		xma.lu	f85=f37,f124,f85
-	cmp.ltu		p7,p0=r20,carry1	};;
-{ .mfi;	getf.sig	r28=f54
-		xma.hu	f96=f37,f125,f95
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	st8		[r32]=r20,16
-		xma.lu	f95=f37,f125,f95	};;
-{ .mfi;		xma.hu	f106=f37,f126,f105	}
-{ .mfi;	mov		carry1=0
-		xma.lu	f105=f37,f126,f105
-	add		r25=r25,r24		};;
-{ .mfi;		xma.hu	f116=f37,f127,f115
-	cmp.ltu		p6,p0=r25,r24		}
-{ .mfi;		xma.lu	f115=f37,f127,f115
-	add		r26=r26,r25		};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r29=f45
-		xma.hu	f47=f38,f120,f46
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	cmp.ltu		p6,p0=r26,r25
-		xma.lu	f46=f38,f120,f46
-	add		r27=r27,r26		};;
-{ .mfi;	getf.sig	r16=f100
-		xma.hu	f57=f38,f121,f56
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	cmp.ltu		p6,p0=r27,r26
-		xma.lu	f56=f38,f121,f56
-	add		r28=r28,r27		};;
-{ .mfi;	getf.sig	r17=f91
-		xma.hu	f67=f38,f122,f66
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	cmp.ltu		p6,p0=r28,r27
-		xma.lu	f66=f38,f122,f66
-	add		r29=r29,r28		};;
-{ .mfi;	getf.sig	r18=f82
-		xma.hu	f77=f38,f123,f76
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	cmp.ltu		p6,p0=r29,r28
-		xma.lu	f76=f38,f123,f76
-	add		r29=r29,carry2		};;
-{ .mfi;	getf.sig	r19=f73
-		xma.hu	f87=f38,f124,f86
-(p6)	add		carry1=1,carry1		}
-{ .mfi;		xma.lu	f86=f38,f124,f86
-	cmp.ltu		p6,p0=r29,carry2	};;
-{ .mfi;	getf.sig	r20=f64
-		xma.hu	f97=f38,f125,f96
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	st8		[r33]=r29,16
-		xma.lu	f96=f38,f125,f96	};;
-{ .mfi;	getf.sig	r21=f55
-		xma.hu	f107=f38,f126,f106	}
-{ .mfi;	mov		carry2=0
-		xma.lu	f106=f38,f126,f106
-	add		r17=r17,r16		};;
-{ .mfi;		xma.hu	f117=f38,f127,f116
-	cmp.ltu		p7,p0=r17,r16		}
-{ .mfi;		xma.lu	f116=f38,f127,f116
-	add		r18=r18,r17		};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r22=f46
-		xma.hu	f48=f39,f120,f47
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r18,r17
-		xma.lu	f47=f39,f120,f47
-	add		r19=r19,r18		};;
-{ .mfi;	getf.sig	r24=f110
-		xma.hu	f58=f39,f121,f57
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r19,r18
-		xma.lu	f57=f39,f121,f57
-	add		r20=r20,r19		};;
-{ .mfi;	getf.sig	r25=f101
-		xma.hu	f68=f39,f122,f67
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r20,r19
-		xma.lu	f67=f39,f122,f67
-	add		r21=r21,r20		};;
-{ .mfi;	getf.sig	r26=f92
-		xma.hu	f78=f39,f123,f77
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r21,r20
-		xma.lu	f77=f39,f123,f77
-	add		r22=r22,r21		};;
-{ .mfi;	getf.sig	r27=f83
-		xma.hu	f88=f39,f124,f87
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r22,r21
-		xma.lu	f87=f39,f124,f87
-	add		r22=r22,carry1		};;
-{ .mfi;	getf.sig	r28=f74
-		xma.hu	f98=f39,f125,f97
-(p7)	add		carry2=1,carry2		}
-{ .mfi;		xma.lu	f97=f39,f125,f97
-	cmp.ltu		p7,p0=r22,carry1	};;
-{ .mfi;	getf.sig	r29=f65
-		xma.hu	f108=f39,f126,f107
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	st8		[r32]=r22,16
-		xma.lu	f107=f39,f126,f107	};;
-{ .mfi;	getf.sig	r30=f56
-		xma.hu	f118=f39,f127,f117	}
-{ .mfi;		xma.lu	f117=f39,f127,f117	};;//
-//-------------------------------------------------//
-// Leaving muliplier's heaven... Quite a ride, huh?
-
-{ .mii;	getf.sig	r31=f47
-	add		r25=r25,r24
-	mov		carry1=0		};;
-{ .mii;		getf.sig	r16=f111
-	cmp.ltu		p6,p0=r25,r24
-	add		r26=r26,r25		};;
-{ .mfb;		getf.sig	r17=f102	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,r25
-	add		r27=r27,r26		};;
-{ .mfb;	nop.m	0x0				}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r27,r26
-	add		r28=r28,r27		};;
-{ .mii;		getf.sig	r18=f93
-		add		r17=r17,r16
-		mov		carry3=0	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r28,r27
-	add		r29=r29,r28		};;
-{ .mii;		getf.sig	r19=f84
-		cmp.ltu		p7,p0=r17,r16	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r29,r28
-	add		r30=r30,r29		};;
-{ .mii;		getf.sig	r20=f75
-		add		r18=r18,r17	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r30,r29
-	add		r31=r31,r30		};;
-{ .mfb;		getf.sig	r21=f66		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r18,r17
-		add		r19=r19,r18	}
-{ .mfb;	nop.m	0x0				}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r31,r30
-	add		r31=r31,carry2		};;
-{ .mfb;		getf.sig	r22=f57		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r19,r18
-		add		r20=r20,r19	}
-{ .mfb;	nop.m	0x0				}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r31,carry2	};;
-{ .mfb;		getf.sig	r23=f48		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r20,r19
-		add		r21=r21,r20	}
-{ .mii;
-(p6)	add		carry1=1,carry1		}
-{ .mfb;	st8		[r33]=r31,16		};;
-
-{ .mfb;	getf.sig	r24=f112		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r21,r20
-		add		r22=r22,r21	};;
-{ .mfb;	getf.sig	r25=f103		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r22,r21
-		add		r23=r23,r22	};;
-{ .mfb;	getf.sig	r26=f94			}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r23,r22
-		add		r23=r23,carry1	};;
-{ .mfb;	getf.sig	r27=f85			}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p8=r23,carry1};;
-{ .mii;	getf.sig	r28=f76
-	add		r25=r25,r24
-	mov		carry1=0		}
-{ .mii;		st8		[r32]=r23,16
-	(p7)	add		carry2=1,carry3
-	(p8)	add		carry2=0,carry3	};;
-
-{ .mfb;	nop.m	0x0				}
-{ .mii;	getf.sig	r29=f67
-	cmp.ltu		p6,p0=r25,r24
-	add		r26=r26,r25		};;
-{ .mfb;	getf.sig	r30=f58			}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,r25
-	add		r27=r27,r26		};;
-{ .mfb;		getf.sig	r16=f113	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r27,r26
-	add		r28=r28,r27		};;
-{ .mfb;		getf.sig	r17=f104	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r28,r27
-	add		r29=r29,r28		};;
-{ .mfb;		getf.sig	r18=f95		}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r29,r28
-	add		r30=r30,r29		};;
-{ .mii;		getf.sig	r19=f86
-		add		r17=r17,r16
-		mov		carry3=0	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r30,r29
-	add		r30=r30,carry2		};;
-{ .mii;		getf.sig	r20=f77
-		cmp.ltu		p7,p0=r17,r16
-		add		r18=r18,r17	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r30,carry2	};;
-{ .mfb;		getf.sig	r21=f68		}
-{ .mii;	st8		[r33]=r30,16
-(p6)	add		carry1=1,carry1		};;
-
-{ .mfb;	getf.sig	r24=f114		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r18,r17
-		add		r19=r19,r18	};;
-{ .mfb;	getf.sig	r25=f105		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r19,r18
-		add		r20=r20,r19	};;
-{ .mfb;	getf.sig	r26=f96			}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r20,r19
-		add		r21=r21,r20	};;
-{ .mfb;	getf.sig	r27=f87			}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r21,r20
-		add		r21=r21,carry1	};;
-{ .mib;	getf.sig	r28=f78			
-	add		r25=r25,r24		}
-{ .mib;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p8=r21,carry1};;
-{ .mii;		st8		[r32]=r21,16
-	(p7)	add		carry2=1,carry3
-	(p8)	add		carry2=0,carry3	}
-
-{ .mii;	mov		carry1=0
-	cmp.ltu		p6,p0=r25,r24
-	add		r26=r26,r25		};;
-{ .mfb;		getf.sig	r16=f115	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,r25
-	add		r27=r27,r26		};;
-{ .mfb;		getf.sig	r17=f106	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r27,r26
-	add		r28=r28,r27		};;
-{ .mfb;		getf.sig	r18=f97		}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r28,r27
-	add		r28=r28,carry2		};;
-{ .mib;		getf.sig	r19=f88
-		add		r17=r17,r16	}
-{ .mib;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r28,carry2	};;
-{ .mii;	st8		[r33]=r28,16
-(p6)	add		carry1=1,carry1		}
-
-{ .mii;		mov		carry2=0
-		cmp.ltu		p7,p0=r17,r16
-		add		r18=r18,r17	};;
-{ .mfb;	getf.sig	r24=f116		}
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r18,r17
-		add		r19=r19,r18	};;
-{ .mfb;	getf.sig	r25=f107		}
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r19,r18
-		add		r19=r19,carry1	};;
-{ .mfb;	getf.sig	r26=f98			}
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r19,carry1};;
-{ .mii;		st8		[r32]=r19,16
-	(p7)	add		carry2=1,carry2	}
-
-{ .mfb;	add		r25=r25,r24		};;
-
-{ .mfb;		getf.sig	r16=f117	}
-{ .mii;	mov		carry1=0
-	cmp.ltu		p6,p0=r25,r24
-	add		r26=r26,r25		};;
-{ .mfb;		getf.sig	r17=f108	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,r25
-	add		r26=r26,carry2		};;
-{ .mfb;	nop.m	0x0				}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,carry2	};;
-{ .mii;	st8		[r33]=r26,16
-(p6)	add		carry1=1,carry1		}
-
-{ .mfb;		add		r17=r17,r16	};;
-{ .mfb;	getf.sig	r24=f118		}
-{ .mii;		mov		carry2=0
-		cmp.ltu		p7,p0=r17,r16
-		add		r17=r17,carry1	};;
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r17,carry1};;
-{ .mii;		st8		[r32]=r17
-	(p7)	add		carry2=1,carry2	};;
-{ .mfb;	add		r24=r24,carry2		};;
-{ .mib;	st8		[r33]=r24		}
-
-{ .mib;	rum		1<<5		// clear um.mfh
-	br.ret.sptk.many	b0	};;
-.endp	bn_mul_comba8#
-#undef	carry3
-#undef	carry2
-#undef	carry1
-#endif
-
-#if 1
-// It's possible to make it faster (see comment to bn_sqr_comba8), but
-// I reckon it doesn't worth the effort. Basically because the routine
-// (actually both of them) practically never called... So I just play
-// same trick as with bn_sqr_comba8.
-//
-// void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-//
-.global	bn_sqr_comba4#
-.proc	bn_sqr_comba4#
-.align	64
-bn_sqr_comba4:
-	.prologue
-	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mii;	alloc   r2=ar.pfs,2,1,0,0
-	addp4	r32=0,r32
-	addp4	r33=0,r33		};;
-{ .mii;
-#else
-{ .mii;	alloc	r2=ar.pfs,2,1,0,0
-#endif
-	mov	r34=r33
-	add	r14=8,r33		};;
-	.body
-{ .mii;	add	r17=8,r34
-	add	r15=16,r33
-	add	r18=16,r34		}
-{ .mfb;	add	r16=24,r33
-	br	.L_cheat_entry_point4	};;
-.endp	bn_sqr_comba4#
-#endif
-
-#if 1
-// Runs in ~115 cycles and ~4.5 times faster than C. Well, whatever...
-//
-// void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-//
-#define	carry1	r14
-#define	carry2	r15
-.global	bn_mul_comba4#
-.proc	bn_mul_comba4#
-.align	64
-bn_mul_comba4:
-	.prologue
-	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mii;	alloc   r2=ar.pfs,3,0,0,0
-	addp4	r33=0,r33
-	addp4	r34=0,r34		};;
-{ .mii;	addp4	r32=0,r32
-#else
-{ .mii;	alloc	r2=ar.pfs,3,0,0,0
-#endif
-	add	r14=8,r33
-	add	r17=8,r34		}
-	.body
-{ .mii;	add	r15=16,r33
-	add	r18=16,r34
-	add	r16=24,r33		};;
-.L_cheat_entry_point4:
-{ .mmi;	add	r19=24,r34
-
-	ldf8	f32=[r33]		}
-
-{ .mmi;	ldf8	f120=[r34]
-	ldf8	f121=[r17]		};;
-{ .mmi;	ldf8	f122=[r18]
-	ldf8	f123=[r19]		}
-
-{ .mmi;	ldf8	f33=[r14]
-	ldf8	f34=[r15]		}
-{ .mfi;	ldf8	f35=[r16]
-
-		xma.hu	f41=f32,f120,f0		}
-{ .mfi;		xma.lu	f40=f32,f120,f0		};;
-{ .mfi;		xma.hu	f51=f32,f121,f0		}
-{ .mfi;		xma.lu	f50=f32,f121,f0		};;
-{ .mfi;		xma.hu	f61=f32,f122,f0		}
-{ .mfi;		xma.lu	f60=f32,f122,f0		};;
-{ .mfi;		xma.hu	f71=f32,f123,f0		}
-{ .mfi;		xma.lu	f70=f32,f123,f0		};;//
-// Major stall takes place here, and 3 more places below. Result from
-// first xma is not available for another 3 ticks.
-{ .mfi;	getf.sig	r16=f40
-		xma.hu	f42=f33,f120,f41
-	add		r33=8,r32		}
-{ .mfi;		xma.lu	f41=f33,f120,f41	};;
-{ .mfi;	getf.sig	r24=f50
-		xma.hu	f52=f33,f121,f51	}
-{ .mfi;		xma.lu	f51=f33,f121,f51	};;
-{ .mfi;	st8		[r32]=r16,16
-		xma.hu	f62=f33,f122,f61	}
-{ .mfi;		xma.lu	f61=f33,f122,f61	};;
-{ .mfi;		xma.hu	f72=f33,f123,f71	}
-{ .mfi;		xma.lu	f71=f33,f123,f71	};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r25=f41
-		xma.hu	f43=f34,f120,f42	}
-{ .mfi;		xma.lu	f42=f34,f120,f42	};;
-{ .mfi;	getf.sig	r16=f60
-		xma.hu	f53=f34,f121,f52	}
-{ .mfi;		xma.lu	f52=f34,f121,f52	};;
-{ .mfi;	getf.sig	r17=f51
-		xma.hu	f63=f34,f122,f62
-	add		r25=r25,r24		}
-{ .mfi;	mov		carry1=0
-		xma.lu	f62=f34,f122,f62	};;
-{ .mfi;	st8		[r33]=r25,16
-		xma.hu	f73=f34,f123,f72
-	cmp.ltu		p6,p0=r25,r24		}
-{ .mfi;		xma.lu	f72=f34,f123,f72	};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r18=f42
-		xma.hu	f44=f35,f120,f43
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	add		r17=r17,r16
-		xma.lu	f43=f35,f120,f43
-	mov		carry2=0		};;
-{ .mfi;	getf.sig	r24=f70
-		xma.hu	f54=f35,f121,f53
-	cmp.ltu		p7,p0=r17,r16		}
-{ .mfi;		xma.lu	f53=f35,f121,f53	};;
-{ .mfi;	getf.sig	r25=f61
-		xma.hu	f64=f35,f122,f63
-	add		r18=r18,r17		}
-{ .mfi;		xma.lu	f63=f35,f122,f63
-(p7)	add		carry2=1,carry2		};;
-{ .mfi;	getf.sig	r26=f52
-		xma.hu	f74=f35,f123,f73
-	cmp.ltu		p7,p0=r18,r17		}
-{ .mfi;		xma.lu	f73=f35,f123,f73
-	add		r18=r18,carry1		};;
-//-------------------------------------------------//
-{ .mii;	st8		[r32]=r18,16
-(p7)	add		carry2=1,carry2
-	cmp.ltu		p7,p0=r18,carry1	};;
-
-{ .mfi;	getf.sig	r27=f43	// last major stall
-(p7)	add		carry2=1,carry2		};;
-{ .mii;		getf.sig	r16=f71
-	add		r25=r25,r24
-	mov		carry1=0		};;
-{ .mii;		getf.sig	r17=f62	
-	cmp.ltu		p6,p0=r25,r24
-	add		r26=r26,r25		};;
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,r25
-	add		r27=r27,r26		};;
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r27,r26
-	add		r27=r27,carry2		};;
-{ .mii;		getf.sig	r18=f53
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r27,carry2	};;
-{ .mfi;	st8		[r33]=r27,16
-(p6)	add		carry1=1,carry1		}
-
-{ .mii;		getf.sig	r19=f44
-		add		r17=r17,r16
-		mov		carry2=0	};;
-{ .mii;	getf.sig	r24=f72
-		cmp.ltu		p7,p0=r17,r16
-		add		r18=r18,r17	};;
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r18,r17
-		add		r19=r19,r18	};;
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r19,r18
-		add		r19=r19,carry1	};;
-{ .mii;	getf.sig	r25=f63
-	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r19,carry1};;
-{ .mii;		st8		[r32]=r19,16
-	(p7)	add		carry2=1,carry2	}
-
-{ .mii;	getf.sig	r26=f54
-	add		r25=r25,r24
-	mov		carry1=0		};;
-{ .mii;		getf.sig	r16=f73
-	cmp.ltu		p6,p0=r25,r24
-	add		r26=r26,r25		};;
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,r25
-	add		r26=r26,carry2		};;
-{ .mii;		getf.sig	r17=f64
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,carry2	};;
-{ .mii;	st8		[r33]=r26,16
-(p6)	add		carry1=1,carry1		}
-
-{ .mii;	getf.sig	r24=f74
-		add		r17=r17,r16	
-		mov		carry2=0	};;
-{ .mii;		cmp.ltu		p7,p0=r17,r16
-		add		r17=r17,carry1	};;
-
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r17,carry1};;
-{ .mii;		st8		[r32]=r17,16
-	(p7)	add		carry2=1,carry2	};;
-
-{ .mii;	add		r24=r24,carry2		};;
-{ .mii;	st8		[r33]=r24		}
-
-{ .mib;	rum		1<<5		// clear um.mfh
-	br.ret.sptk.many	b0	};;
-.endp	bn_mul_comba4#
-#undef	carry2
-#undef	carry1
-#endif
-
-#if 1
-//
-// BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-//
-// In the nutshell it's a port of my MIPS III/IV implementation.
-//
-#define	AT	r14
-#define	H	r16
-#define	HH	r20
-#define	L	r17
-#define	D	r18
-#define	DH	r22
-#define	I	r21
-
-#if 0
-// Some preprocessors (most notably HP-UX) appear to be allergic to
-// macros enclosed to parenthesis [as these three were].
-#define	cont	p16
-#define	break	p0	// p20
-#define	equ	p24
-#else
-cont=p16
-break=p0
-equ=p24
-#endif
-
-.global	abort#
-.global	bn_div_words#
-.proc	bn_div_words#
-.align	64
-bn_div_words:
-	.prologue
-	.save	ar.pfs,r2
-{ .mii;	alloc		r2=ar.pfs,3,5,0,8
-	.save	b0,r3
-	mov		r3=b0
-	.save	pr,r10
-	mov		r10=pr		};;
-{ .mmb;	cmp.eq		p6,p0=r34,r0
-	mov		r8=-1
-(p6)	br.ret.spnt.many	b0	};;
-
-	.body
-{ .mii;	mov		H=r32		// save h
-	mov		ar.ec=0		// don't rotate at exit
-	mov		pr.rot=0	}
-{ .mii;	mov		L=r33		// save l
-	mov		r36=r0		};;
-
-.L_divw_shift:	// -vv- note signed comparison
-{ .mfi;	(p0)	cmp.lt		p16,p0=r0,r34	// d
-	(p0)	shladd		r33=r34,1,r0	}
-{ .mfb;	(p0)	add		r35=1,r36
-	(p0)	nop.f		0x0
-(p16)	br.wtop.dpnt		.L_divw_shift	};;
-
-{ .mii;	mov		D=r34
-	shr.u		DH=r34,32
-	sub		r35=64,r36		};;
-{ .mii;	setf.sig	f7=DH
-	shr.u		AT=H,r35
-	mov		I=r36			};;
-{ .mib;	cmp.ne		p6,p0=r0,AT
-	shl		H=H,r36
-(p6)	br.call.spnt.clr	b0=abort	};;	// overflow, die...
-
-{ .mfi;	fcvt.xuf.s1	f7=f7
-	shr.u		AT=L,r35		};;
-{ .mii;	shl		L=L,r36
-	or		H=H,AT			};;
-
-{ .mii;	nop.m		0x0
-	cmp.leu		p6,p0=D,H;;
-(p6)	sub		H=H,D			}
-
-{ .mlx;	setf.sig	f14=D
-	movl		AT=0xffffffff		};;
-///////////////////////////////////////////////////////////
-{ .mii;	setf.sig	f6=H
-	shr.u		HH=H,32;;
-	cmp.eq		p6,p7=HH,DH		};;
-{ .mfb;
-(p6)	setf.sig	f8=AT
-(p7)	fcvt.xuf.s1	f6=f6
-(p7)	br.call.sptk	b6=.L_udiv64_32_b6	};;
-
-{ .mfi;	getf.sig	r33=f8				// q
-	xmpy.lu		f9=f8,f14		}
-{ .mfi;	xmpy.hu		f10=f8,f14
-	shrp		H=H,L,32		};;
-
-{ .mmi;	getf.sig	r35=f9				// tl
-	getf.sig	r31=f10			};;	// th
-
-.L_divw_1st_iter:
-{ .mii;	(p0)	add		r32=-1,r33
-	(p0)	cmp.eq		equ,cont=HH,r31		};;
-{ .mii;	(p0)	cmp.ltu		p8,p0=r35,D
-	(p0)	sub		r34=r35,D
-	(equ)	cmp.leu		break,cont=r35,H	};;
-{ .mib;	(cont)	cmp.leu		cont,break=HH,r31
-	(p8)	add		r31=-1,r31
-(cont)	br.wtop.spnt		.L_divw_1st_iter	};;
-///////////////////////////////////////////////////////////
-{ .mii;	sub		H=H,r35
-	shl		r8=r33,32
-	shl		L=L,32			};;
-///////////////////////////////////////////////////////////
-{ .mii;	setf.sig	f6=H
-	shr.u		HH=H,32;;
-	cmp.eq		p6,p7=HH,DH		};;
-{ .mfb;
-(p6)	setf.sig	f8=AT
-(p7)	fcvt.xuf.s1	f6=f6
-(p7)	br.call.sptk	b6=.L_udiv64_32_b6	};;
-
-{ .mfi;	getf.sig	r33=f8				// q
-	xmpy.lu		f9=f8,f14		}
-{ .mfi;	xmpy.hu		f10=f8,f14
-	shrp		H=H,L,32		};;
-
-{ .mmi;	getf.sig	r35=f9				// tl
-	getf.sig	r31=f10			};;	// th
-
-.L_divw_2nd_iter:
-{ .mii;	(p0)	add		r32=-1,r33
-	(p0)	cmp.eq		equ,cont=HH,r31		};;
-{ .mii;	(p0)	cmp.ltu		p8,p0=r35,D
-	(p0)	sub		r34=r35,D
-	(equ)	cmp.leu		break,cont=r35,H	};;
-{ .mib;	(cont)	cmp.leu		cont,break=HH,r31
-	(p8)	add		r31=-1,r31
-(cont)	br.wtop.spnt		.L_divw_2nd_iter	};;
-///////////////////////////////////////////////////////////
-{ .mii;	sub	H=H,r35
-	or	r8=r8,r33
-	mov	ar.pfs=r2		};;
-{ .mii;	shr.u	r9=H,I			// remainder if anybody wants it
-	mov	pr=r10,0x1ffff		}
-{ .mfb;	br.ret.sptk.many	b0	};;
-
-// Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
-// procedure.
-//
-// inputs:	f6 = (double)a, f7 = (double)b
-// output:	f8 = (int)(a/b)
-// clobbered:	f8,f9,f10,f11,pred
-pred=p15
-// One can argue that this snippet is copyrighted to Intel
-// Corporation, as it's essentially identical to one of those
-// found in "Divide, Square Root and Remainder" section at
-// http://www.intel.com/software/products/opensource/libraries/num.htm.
-// Yes, I admit that the referred code was used as template,
-// but after I realized that there hardly is any other instruction
-// sequence which would perform this operation. I mean I figure that
-// any independent attempt to implement high-performance division
-// will result in code virtually identical to the Intel code. It
-// should be noted though that below division kernel is 1 cycle
-// faster than Intel one (note commented splits:-), not to mention
-// original prologue (rather lack of one) and epilogue.
-.align	32
-.skip	16
-.L_udiv64_32_b6:
-	frcpa.s1	f8,pred=f6,f7;;		// [0]  y0 = 1 / b
-
-(pred)	fnma.s1		f9=f7,f8,f1		// [5]  e0 = 1 - b * y0
-(pred)	fmpy.s1		f10=f6,f8;;		// [5]  q0 = a * y0
-(pred)	fmpy.s1		f11=f9,f9		// [10] e1 = e0 * e0
-(pred)	fma.s1		f10=f9,f10,f10;;	// [10] q1 = q0 + e0 * q0
-(pred)	fma.s1		f8=f9,f8,f8	//;;	// [15] y1 = y0 + e0 * y0
-(pred)	fma.s1		f9=f11,f10,f10;;	// [15] q2 = q1 + e1 * q1
-(pred)	fma.s1		f8=f11,f8,f8	//;;	// [20] y2 = y1 + e1 * y1
-(pred)	fnma.s1		f10=f7,f9,f6;;		// [20] r2 = a - b * q2
-(pred)	fma.s1		f8=f10,f8,f9;;		// [25] q3 = q2 + r2 * y2
-
-	fcvt.fxu.trunc.s1	f8=f8		// [30] q = trunc(q3)
-	br.ret.sptk.many	b6;;
-.endp	bn_div_words#
-#endif
diff --git a/crypto/bn/asm/mips-mont.S b/crypto/bn/asm/mips-mont.S
deleted file mode 100644
index 1b875a2a1f..0000000000
--- a/crypto/bn/asm/mips-mont.S
+++ /dev/null
@@ -1,284 +0,0 @@
-.text
-
-.set	noat
-.set	noreorder
-
-.align	5
-.globl	bn_mul_mont
-.ent	bn_mul_mont
-bn_mul_mont:
-	lw	$8,16($29)
-	lw	$9,20($29)
-	slt	$1,$9,4
-	bnez	$1,1f
-	li	$2,0
-	slt	$1,$9,17	# on in-order CPU
-	bnez	$1,bn_mul_mont_internal
-	nop
-1:	jr	$31
-	li	$4,0
-.end	bn_mul_mont
-
-.align	5
-.ent	bn_mul_mont_internal
-bn_mul_mont_internal:
-	.frame	$30,14*4,$31
-	.mask	0x40000000|16711680,-4
-	sub $29,14*4
-	sw	$30,(14-1)*4($29)
-	sw	$23,(14-2)*4($29)
-	sw	$22,(14-3)*4($29)
-	sw	$21,(14-4)*4($29)
-	sw	$20,(14-5)*4($29)
-	sw	$19,(14-6)*4($29)
-	sw	$18,(14-7)*4($29)
-	sw	$17,(14-8)*4($29)
-	sw	$16,(14-9)*4($29)
-	move	$30,$29
-
-	.set	reorder
-	lw	$8,0($8)
-	lw	$13,0($6)	# bp[0]
-	lw	$12,0($5)	# ap[0]
-	lw	$14,0($7)	# np[0]
-
-	sub $29,2*4	# place for two extra words
-	sll	$9,2
-	li	$1,-4096
-	sub $29,$9
-	and	$29,$1
-
-	multu	$12,$13
-	lw	$16,4($5)
-	lw	$18,4($7)
-	mflo	$10
-	mfhi	$11
-	multu	$10,$8
-	mflo	$23
-
-	multu	$16,$13
-	mflo	$16
-	mfhi	$17
-
-	multu	$14,$23
-	mflo	$24
-	mfhi	$25
-	multu	$18,$23
-	addu	$24,$10
-	sltu	$1,$24,$10
-	addu	$25,$1
-	mflo	$18
-	mfhi	$19
-
-	move	$15,$29
-	li	$22,2*4
-.align	4
-.L1st:
-	.set	noreorder
-	add $12,$5,$22
-	add $14,$7,$22
-	lw	$12,($12)
-	lw	$14,($14)
-
-	multu	$12,$13
-	addu	$10,$16,$11
-	addu	$24,$18,$25
-	sltu	$1,$10,$11
-	sltu	$2,$24,$25
-	addu	$11,$17,$1
-	addu	$25,$19,$2
-	mflo	$16
-	mfhi	$17
-
-	addu	$24,$10
-	sltu	$1,$24,$10
-	multu	$14,$23
-	addu	$25,$1
-	addu	$22,4
-	sw	$24,($15)
-	sltu	$2,$22,$9
-	mflo	$18
-	mfhi	$19
-
-	bnez	$2,.L1st
-	add $15,4
-	.set	reorder
-
-	addu	$10,$16,$11
-	sltu	$1,$10,$11
-	addu	$11,$17,$1
-
-	addu	$24,$18,$25
-	sltu	$2,$24,$25
-	addu	$25,$19,$2
-	addu	$24,$10
-	sltu	$1,$24,$10
-	addu	$25,$1
-
-	sw	$24,($15)
-
-	addu	$25,$11
-	sltu	$1,$25,$11
-	sw	$25,4($15)
-	sw	$1,2*4($15)
-
-	li	$21,4
-.align	4
-.Louter:
-	add $13,$6,$21
-	lw	$13,($13)
-	lw	$12,($5)
-	lw	$16,4($5)
-	lw	$20,($29)
-
-	multu	$12,$13
-	lw	$14,($7)
-	lw	$18,4($7)
-	mflo	$10
-	mfhi	$11
-	addu	$10,$20
-	multu	$10,$8
-	sltu	$1,$10,$20
-	addu	$11,$1
-	mflo	$23
-
-	multu	$16,$13
-	mflo	$16
-	mfhi	$17
-
-	multu	$14,$23
-	mflo	$24
-	mfhi	$25
-
-	multu	$18,$23
-	addu	$24,$10
-	sltu	$1,$24,$10
-	addu	$25,$1
-	mflo	$18
-	mfhi	$19
-
-	move	$15,$29
-	li	$22,2*4
-	lw	$20,4($15)
-.align	4
-.Linner:
-	.set	noreorder
-	add $12,$5,$22
-	add $14,$7,$22
-	lw	$12,($12)
-	lw	$14,($14)
-
-	multu	$12,$13
-	addu	$10,$16,$11
-	addu	$24,$18,$25
-	sltu	$1,$10,$11
-	sltu	$2,$24,$25
-	addu	$11,$17,$1
-	addu	$25,$19,$2
-	mflo	$16
-	mfhi	$17
-
-	addu	$10,$20
-	addu	$22,4
-	multu	$14,$23
-	sltu	$1,$10,$20
-	addu	$24,$10
-	addu	$11,$1
-	sltu	$2,$24,$10
-	lw	$20,2*4($15)
-	addu	$25,$2
-	sltu	$1,$22,$9
-	mflo	$18
-	mfhi	$19
-	sw	$24,($15)
-	bnez	$1,.Linner
-	add $15,4
-	.set	reorder
-
-	addu	$10,$16,$11
-	sltu	$1,$10,$11
-	addu	$11,$17,$1
-	addu	$10,$20
-	sltu	$2,$10,$20
-	addu	$11,$2
-
-	lw	$20,2*4($15)
-	addu	$24,$18,$25
-	sltu	$1,$24,$25
-	addu	$25,$19,$1
-	addu	$24,$10
-	sltu	$2,$24,$10
-	addu	$25,$2
-	sw	$24,($15)
-
-	addu	$24,$25,$11
-	sltu	$25,$24,$11
-	addu	$24,$20
-	sltu	$1,$24,$20
-	addu	$25,$1
-	sw	$24,4($15)
-	sw	$25,2*4($15)
-
-	addu	$21,4
-	sltu	$2,$21,$9
-	bnez	$2,.Louter
-
-	.set	noreorder
-	add $20,$29,$9	# &tp[num]
-	move	$15,$29
-	move	$5,$29
-	li	$11,0		# clear borrow bit
-
-.align	4
-.Lsub:	lw	$10,($15)
-	lw	$24,($7)
-	add $15,4
-	add $7,4
-	subu	$24,$10,$24	# tp[i]-np[i]
-	sgtu	$1,$24,$10
-	subu	$10,$24,$11
-	sgtu	$11,$10,$24
-	sw	$10,($4)
-	or	$11,$1
-	sltu	$1,$15,$20
-	bnez	$1,.Lsub
-	add $4,4
-
-	subu	$11,$25,$11	# handle upmost overflow bit
-	move	$15,$29
-	sub $4,$9	# restore rp
-	not	$25,$11
-
-	and	$5,$11,$29
-	and	$6,$25,$4
-	or	$5,$5,$6	# ap=borrow?tp:rp
-
-.align	4
-.Lcopy:	lw	$12,($5)
-	add $5,4
-	sw	$0,($15)
-	add $15,4
-	sltu	$1,$15,$20
-	sw	$12,($4)
-	bnez	$1,.Lcopy
-	add $4,4
-
-	li	$4,1
-	li	$2,1
-
-	.set	noreorder
-	move	$29,$30
-	lw	$30,(14-1)*4($29)
-	lw	$23,(14-2)*4($29)
-	lw	$22,(14-3)*4($29)
-	lw	$21,(14-4)*4($29)
-	lw	$20,(14-5)*4($29)
-	lw	$19,(14-6)*4($29)
-	lw	$18,(14-7)*4($29)
-	lw	$17,(14-8)*4($29)
-	lw	$16,(14-9)*4($29)
-	jr	$31
-	add $29,14*4
-.end	bn_mul_mont_internal
-.rdata
-.asciiz	"Montgomery Multiplication for MIPS, CRYPTOGAMS by <appro@openssl.org>"
diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl
deleted file mode 100644
index caae04ed3a..0000000000
--- a/crypto/bn/asm/mips-mont.pl
+++ /dev/null
@@ -1,426 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# This module doesn't present direct interest for OpenSSL, because it
-# doesn't provide better performance for longer keys, at least not on
-# in-order-execution cores. While 512-bit RSA sign operations can be
-# 65% faster in 64-bit mode, 1024-bit ones are only 15% faster, and
-# 4096-bit ones are up to 15% slower. In 32-bit mode it varies from
-# 16% improvement for 512-bit RSA sign to -33% for 4096-bit RSA
-# verify:-( All comparisons are against bn_mul_mont-free assembler.
-# The module might be of interest to embedded system developers, as
-# the code is smaller than 1KB, yet offers >3x improvement on MIPS64
-# and 75-30% [less for longer keys] on MIPS32 over compiler-generated
-# code.
-
-######################################################################
-# There is a number of MIPS ABI in use, O32 and N32/64 are most
-# widely used. Then there is a new contender: NUBI. It appears that if
-# one picks the latter, it's possible to arrange code in ABI neutral
-# manner. Therefore let's stick to NUBI register layout:
-#
-($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
-($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
-($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
-($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
-#
-# The return value is placed in $a0. Following coding rules facilitate
-# interoperability:
-#
-# - never ever touch $tp, "thread pointer", former $gp;
-# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
-#   old code];
-# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
-#
-# For reference here is register layout for N32/64 MIPS ABIs:
-#
-# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
-# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
-# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
-# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
-# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
-#
-$flavour = shift; # supported flavours are o32,n32,64,nubi32,nubi64
-
-if ($flavour =~ /64|n32/i) {
-	$PTR_ADD="dadd";	# incidentally works even on n32
-	$PTR_SUB="dsub";	# incidentally works even on n32
-	$REG_S="sd";
-	$REG_L="ld";
-	$SZREG=8;
-} else {
-	$PTR_ADD="add";
-	$PTR_SUB="sub";
-	$REG_S="sw";
-	$REG_L="lw";
-	$SZREG=4;
-}
-$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0x00fff000 : 0x00ff0000;
-#
-# <appro@openssl.org>
-#
-######################################################################
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-if ($flavour =~ /64|n32/i) {
-	$LD="ld";
-	$ST="sd";
-	$MULTU="dmultu";
-	$ADDU="daddu";
-	$SUBU="dsubu";
-	$BNSZ=8;
-} else {
-	$LD="lw";
-	$ST="sw";
-	$MULTU="multu";
-	$ADDU="addu";
-	$SUBU="subu";
-	$BNSZ=4;
-}
-
-# int bn_mul_mont(
-$rp=$a0;	# BN_ULONG *rp,
-$ap=$a1;	# const BN_ULONG *ap,
-$bp=$a2;	# const BN_ULONG *bp,
-$np=$a3;	# const BN_ULONG *np,
-$n0=$a4;	# const BN_ULONG *n0,
-$num=$a5;	# int num);
-
-$lo0=$a6;
-$hi0=$a7;
-$lo1=$t1;
-$hi1=$t2;
-$aj=$s0;
-$bi=$s1;
-$nj=$s2;
-$tp=$s3;
-$alo=$s4;
-$ahi=$s5;
-$nlo=$s6;
-$nhi=$s7;
-$tj=$s8;
-$i=$s9;
-$j=$s10;
-$m1=$s11;
-
-$FRAMESIZE=14;
-
-$code=<<___;
-.text
-
-.set	noat
-.set	noreorder
-
-.align	5
-.globl	bn_mul_mont
-.ent	bn_mul_mont
-bn_mul_mont:
-___
-$code.=<<___ if ($flavour =~ /o32/i);
-	lw	$n0,16($sp)
-	lw	$num,20($sp)
-___
-$code.=<<___;
-	slt	$at,$num,4
-	bnez	$at,1f
-	li	$t0,0
-	slt	$at,$num,17	# on in-order CPU
-	bnez	$at,bn_mul_mont_internal
-	nop
-1:	jr	$ra
-	li	$a0,0
-.end	bn_mul_mont
-
-.align	5
-.ent	bn_mul_mont_internal
-bn_mul_mont_internal:
-	.frame	$fp,$FRAMESIZE*$SZREG,$ra
-	.mask	0x40000000|$SAVED_REGS_MASK,-$SZREG
-	$PTR_SUB $sp,$FRAMESIZE*$SZREG
-	$REG_S	$fp,($FRAMESIZE-1)*$SZREG($sp)
-	$REG_S	$s11,($FRAMESIZE-2)*$SZREG($sp)
-	$REG_S	$s10,($FRAMESIZE-3)*$SZREG($sp)
-	$REG_S	$s9,($FRAMESIZE-4)*$SZREG($sp)
-	$REG_S	$s8,($FRAMESIZE-5)*$SZREG($sp)
-	$REG_S	$s7,($FRAMESIZE-6)*$SZREG($sp)
-	$REG_S	$s6,($FRAMESIZE-7)*$SZREG($sp)
-	$REG_S	$s5,($FRAMESIZE-8)*$SZREG($sp)
-	$REG_S	$s4,($FRAMESIZE-9)*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_S	$s3,($FRAMESIZE-10)*$SZREG($sp)
-	$REG_S	$s2,($FRAMESIZE-11)*$SZREG($sp)
-	$REG_S	$s1,($FRAMESIZE-12)*$SZREG($sp)
-	$REG_S	$s0,($FRAMESIZE-13)*$SZREG($sp)
-___
-$code.=<<___;
-	move	$fp,$sp
-
-	.set	reorder
-	$LD	$n0,0($n0)
-	$LD	$bi,0($bp)	# bp[0]
-	$LD	$aj,0($ap)	# ap[0]
-	$LD	$nj,0($np)	# np[0]
-
-	$PTR_SUB $sp,2*$BNSZ	# place for two extra words
-	sll	$num,`log($BNSZ)/log(2)`
-	li	$at,-4096
-	$PTR_SUB $sp,$num
-	and	$sp,$at
-
-	$MULTU	$aj,$bi
-	$LD	$alo,$BNSZ($ap)
-	$LD	$nlo,$BNSZ($np)
-	mflo	$lo0
-	mfhi	$hi0
-	$MULTU	$lo0,$n0
-	mflo	$m1
-
-	$MULTU	$alo,$bi
-	mflo	$alo
-	mfhi	$ahi
-
-	$MULTU	$nj,$m1
-	mflo	$lo1
-	mfhi	$hi1
-	$MULTU	$nlo,$m1
-	$ADDU	$lo1,$lo0
-	sltu	$at,$lo1,$lo0
-	$ADDU	$hi1,$at
-	mflo	$nlo
-	mfhi	$nhi
-
-	move	$tp,$sp
-	li	$j,2*$BNSZ
-.align	4
-.L1st:
-	.set	noreorder
-	$PTR_ADD $aj,$ap,$j
-	$PTR_ADD $nj,$np,$j
-	$LD	$aj,($aj)
-	$LD	$nj,($nj)
-
-	$MULTU	$aj,$bi
-	$ADDU	$lo0,$alo,$hi0
-	$ADDU	$lo1,$nlo,$hi1
-	sltu	$at,$lo0,$hi0
-	sltu	$t0,$lo1,$hi1
-	$ADDU	$hi0,$ahi,$at
-	$ADDU	$hi1,$nhi,$t0
-	mflo	$alo
-	mfhi	$ahi
-
-	$ADDU	$lo1,$lo0
-	sltu	$at,$lo1,$lo0
-	$MULTU	$nj,$m1
-	$ADDU	$hi1,$at
-	addu	$j,$BNSZ
-	$ST	$lo1,($tp)
-	sltu	$t0,$j,$num
-	mflo	$nlo
-	mfhi	$nhi
-
-	bnez	$t0,.L1st
-	$PTR_ADD $tp,$BNSZ
-	.set	reorder
-
-	$ADDU	$lo0,$alo,$hi0
-	sltu	$at,$lo0,$hi0
-	$ADDU	$hi0,$ahi,$at
-
-	$ADDU	$lo1,$nlo,$hi1
-	sltu	$t0,$lo1,$hi1
-	$ADDU	$hi1,$nhi,$t0
-	$ADDU	$lo1,$lo0
-	sltu	$at,$lo1,$lo0
-	$ADDU	$hi1,$at
-
-	$ST	$lo1,($tp)
-
-	$ADDU	$hi1,$hi0
-	sltu	$at,$hi1,$hi0
-	$ST	$hi1,$BNSZ($tp)
-	$ST	$at,2*$BNSZ($tp)
-
-	li	$i,$BNSZ
-.align	4
-.Louter:
-	$PTR_ADD $bi,$bp,$i
-	$LD	$bi,($bi)
-	$LD	$aj,($ap)
-	$LD	$alo,$BNSZ($ap)
-	$LD	$tj,($sp)
-
-	$MULTU	$aj,$bi
-	$LD	$nj,($np)
-	$LD	$nlo,$BNSZ($np)
-	mflo	$lo0
-	mfhi	$hi0
-	$ADDU	$lo0,$tj
-	$MULTU	$lo0,$n0
-	sltu	$at,$lo0,$tj
-	$ADDU	$hi0,$at
-	mflo	$m1
-
-	$MULTU	$alo,$bi
-	mflo	$alo
-	mfhi	$ahi
-
-	$MULTU	$nj,$m1
-	mflo	$lo1
-	mfhi	$hi1
-
-	$MULTU	$nlo,$m1
-	$ADDU	$lo1,$lo0
-	sltu	$at,$lo1,$lo0
-	$ADDU	$hi1,$at
-	mflo	$nlo
-	mfhi	$nhi
-
-	move	$tp,$sp
-	li	$j,2*$BNSZ
-	$LD	$tj,$BNSZ($tp)
-.align	4
-.Linner:
-	.set	noreorder
-	$PTR_ADD $aj,$ap,$j
-	$PTR_ADD $nj,$np,$j
-	$LD	$aj,($aj)
-	$LD	$nj,($nj)
-
-	$MULTU	$aj,$bi
-	$ADDU	$lo0,$alo,$hi0
-	$ADDU	$lo1,$nlo,$hi1
-	sltu	$at,$lo0,$hi0
-	sltu	$t0,$lo1,$hi1
-	$ADDU	$hi0,$ahi,$at
-	$ADDU	$hi1,$nhi,$t0
-	mflo	$alo
-	mfhi	$ahi
-
-	$ADDU	$lo0,$tj
-	addu	$j,$BNSZ
-	$MULTU	$nj,$m1
-	sltu	$at,$lo0,$tj
-	$ADDU	$lo1,$lo0
-	$ADDU	$hi0,$at
-	sltu	$t0,$lo1,$lo0
-	$LD	$tj,2*$BNSZ($tp)
-	$ADDU	$hi1,$t0
-	sltu	$at,$j,$num
-	mflo	$nlo
-	mfhi	$nhi
-	$ST	$lo1,($tp)
-	bnez	$at,.Linner
-	$PTR_ADD $tp,$BNSZ
-	.set	reorder
-
-	$ADDU	$lo0,$alo,$hi0
-	sltu	$at,$lo0,$hi0
-	$ADDU	$hi0,$ahi,$at
-	$ADDU	$lo0,$tj
-	sltu	$t0,$lo0,$tj
-	$ADDU	$hi0,$t0
-
-	$LD	$tj,2*$BNSZ($tp)
-	$ADDU	$lo1,$nlo,$hi1
-	sltu	$at,$lo1,$hi1
-	$ADDU	$hi1,$nhi,$at
-	$ADDU	$lo1,$lo0
-	sltu	$t0,$lo1,$lo0
-	$ADDU	$hi1,$t0
-	$ST	$lo1,($tp)
-
-	$ADDU	$lo1,$hi1,$hi0
-	sltu	$hi1,$lo1,$hi0
-	$ADDU	$lo1,$tj
-	sltu	$at,$lo1,$tj
-	$ADDU	$hi1,$at
-	$ST	$lo1,$BNSZ($tp)
-	$ST	$hi1,2*$BNSZ($tp)
-
-	addu	$i,$BNSZ
-	sltu	$t0,$i,$num
-	bnez	$t0,.Louter
-
-	.set	noreorder
-	$PTR_ADD $tj,$sp,$num	# &tp[num]
-	move	$tp,$sp
-	move	$ap,$sp
-	li	$hi0,0		# clear borrow bit
-
-.align	4
-.Lsub:	$LD	$lo0,($tp)
-	$LD	$lo1,($np)
-	$PTR_ADD $tp,$BNSZ
-	$PTR_ADD $np,$BNSZ
-	$SUBU	$lo1,$lo0,$lo1	# tp[i]-np[i]
-	sgtu	$at,$lo1,$lo0
-	$SUBU	$lo0,$lo1,$hi0
-	sgtu	$hi0,$lo0,$lo1
-	$ST	$lo0,($rp)
-	or	$hi0,$at
-	sltu	$at,$tp,$tj
-	bnez	$at,.Lsub
-	$PTR_ADD $rp,$BNSZ
-
-	$SUBU	$hi0,$hi1,$hi0	# handle upmost overflow bit
-	move	$tp,$sp
-	$PTR_SUB $rp,$num	# restore rp
-	not	$hi1,$hi0
-
-	and	$ap,$hi0,$sp
-	and	$bp,$hi1,$rp
-	or	$ap,$ap,$bp	# ap=borrow?tp:rp
-
-.align	4
-.Lcopy:	$LD	$aj,($ap)
-	$PTR_ADD $ap,$BNSZ
-	$ST	$zero,($tp)
-	$PTR_ADD $tp,$BNSZ
-	sltu	$at,$tp,$tj
-	$ST	$aj,($rp)
-	bnez	$at,.Lcopy
-	$PTR_ADD $rp,$BNSZ
-
-	li	$a0,1
-	li	$t0,1
-
-	.set	noreorder
-	move	$sp,$fp
-	$REG_L	$fp,($FRAMESIZE-1)*$SZREG($sp)
-	$REG_L	$s11,($FRAMESIZE-2)*$SZREG($sp)
-	$REG_L	$s10,($FRAMESIZE-3)*$SZREG($sp)
-	$REG_L	$s9,($FRAMESIZE-4)*$SZREG($sp)
-	$REG_L	$s8,($FRAMESIZE-5)*$SZREG($sp)
-	$REG_L	$s7,($FRAMESIZE-6)*$SZREG($sp)
-	$REG_L	$s6,($FRAMESIZE-7)*$SZREG($sp)
-	$REG_L	$s5,($FRAMESIZE-8)*$SZREG($sp)
-	$REG_L	$s4,($FRAMESIZE-9)*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$s3,($FRAMESIZE-10)*$SZREG($sp)
-	$REG_L	$s2,($FRAMESIZE-11)*$SZREG($sp)
-	$REG_L	$s1,($FRAMESIZE-12)*$SZREG($sp)
-	$REG_L	$s0,($FRAMESIZE-13)*$SZREG($sp)
-___
-$code.=<<___;
-	jr	$ra
-	$PTR_ADD $sp,$FRAMESIZE*$SZREG
-.end	bn_mul_mont_internal
-.rdata
-.asciiz	"Montgomery Multiplication for MIPS, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
deleted file mode 100644
index 215c9a7483..0000000000
--- a/crypto/bn/asm/mips.pl
+++ /dev/null
@@ -1,2234 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project.
-#
-# Rights for redistribution and usage in source and binary forms are
-# granted according to the OpenSSL license. Warranty of any kind is
-# disclaimed.
-# ====================================================================
-
-
-# July 1999
-#
-# This is drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c.
-#
-# The module is designed to work with either of the "new" MIPS ABI(5),
-# namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
-# IRIX 5.x not only because it doesn't support new ABIs but also
-# because 5.x kernels put R4x00 CPU into 32-bit mode and all those
-# 64-bit instructions (daddu, dmultu, etc.) found below gonna only
-# cause illegal instruction exception:-(
-#
-# In addition the code depends on preprocessor flags set up by MIPSpro
-# compiler driver (either as or cc) and therefore (probably?) can't be
-# compiled by the GNU assembler. GNU C driver manages fine though...
-# I mean as long as -mmips-as is specified or is the default option,
-# because then it simply invokes /usr/bin/as which in turn takes
-# perfect care of the preprocessor definitions. Another neat feature
-# offered by the MIPSpro assembler is an optimization pass. This gave
-# me the opportunity to have the code looking more regular as all those
-# architecture dependent instruction rescheduling details were left to
-# the assembler. Cool, huh?
-#
-# Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
-# goes way over 3 times faster!
-#
-#					<appro@fy.chalmers.se>
-
-# October 2010
-#
-# Adapt the module even for 32-bit ABIs and other OSes. The former was
-# achieved by mechanical replacement of 64-bit arithmetic instructions
-# such as dmultu, daddu, etc. with their 32-bit counterparts and
-# adjusting offsets denoting multiples of BN_ULONG. Above mentioned
-# >3x performance improvement naturally does not apply to 32-bit code
-# [because there is no instruction 32-bit compiler can't use], one
-# has to content with 40-85% improvement depending on benchmark and
-# key length, more for longer keys.
-
-$flavour = shift;
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-if ($flavour =~ /64|n32/i) {
-	$LD="ld";
-	$ST="sd";
-	$MULTU="dmultu";
-	$DIVU="ddivu";
-	$ADDU="daddu";
-	$SUBU="dsubu";
-	$SRL="dsrl";
-	$SLL="dsll";
-	$BNSZ=8;
-	$PTR_ADD="daddu";
-	$PTR_SUB="dsubu";
-	$SZREG=8;
-	$REG_S="sd";
-	$REG_L="ld";
-} else {
-	$LD="lw";
-	$ST="sw";
-	$MULTU="multu";
-	$DIVU="divu";
-	$ADDU="addu";
-	$SUBU="subu";
-	$SRL="srl";
-	$SLL="sll";
-	$BNSZ=4;
-	$PTR_ADD="addu";
-	$PTR_SUB="subu";
-	$SZREG=4;
-	$REG_S="sw";
-	$REG_L="lw";
-	$code=".set	mips2\n";
-}
-
-# Below is N32/64 register layout used in the original module.
-#
-($zero,$at,$v0,$v1)=map("\$$_",(0..3));
-($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
-($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
-($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
-($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
-($ta0,$ta1,$ta2,$ta3)=($a4,$a5,$a6,$a7);
-#
-# No special adaptation is required for O32. NUBI on the other hand
-# is treated by saving/restoring ($v1,$t0..$t3).
-
-$gp=$v1 if ($flavour =~ /nubi/i);
-
-$minus4=$v1;
-
-$code.=<<___;
-.rdata
-.asciiz	"mips3.s, Version 1.2"
-.asciiz	"MIPS II/III/IV ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>"
-
-.text
-.set	noat
-
-.align	5
-.globl	bn_mul_add_words
-.ent	bn_mul_add_words
-bn_mul_add_words:
-	.set	noreorder
-	bgtz	$a2,bn_mul_add_words_internal
-	move	$v0,$zero
-	jr	$ra
-	move	$a0,$v0
-.end	bn_mul_add_words
-
-.align	5
-.ent	bn_mul_add_words_internal
-bn_mul_add_words_internal:
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	.frame	$sp,6*$SZREG,$ra
-	.mask	0x8000f008,-$SZREG
-	.set	noreorder
-	$PTR_SUB $sp,6*$SZREG
-	$REG_S	$ra,5*$SZREG($sp)
-	$REG_S	$t3,4*$SZREG($sp)
-	$REG_S	$t2,3*$SZREG($sp)
-	$REG_S	$t1,2*$SZREG($sp)
-	$REG_S	$t0,1*$SZREG($sp)
-	$REG_S	$gp,0*$SZREG($sp)
-___
-$code.=<<___;
-	.set	reorder
-	li	$minus4,-4
-	and	$ta0,$a2,$minus4
-	beqz	$ta0,.L_bn_mul_add_words_tail
-
-.L_bn_mul_add_words_loop:
-	$LD	$t0,0($a1)
-	$MULTU	$t0,$a3
-	$LD	$t1,0($a0)
-	$LD	$t2,$BNSZ($a1)
-	$LD	$t3,$BNSZ($a0)
-	$LD	$ta0,2*$BNSZ($a1)
-	$LD	$ta1,2*$BNSZ($a0)
-	$ADDU	$t1,$v0
-	sltu	$v0,$t1,$v0	# All manuals say it "compares 32-bit
-				# values", but it seems to work fine
-				# even on 64-bit registers.
-	mflo	$at
-	mfhi	$t0
-	$ADDU	$t1,$at
-	$ADDU	$v0,$t0
-	 $MULTU	$t2,$a3
-	sltu	$at,$t1,$at
-	$ST	$t1,0($a0)
-	$ADDU	$v0,$at
-
-	$LD	$ta2,3*$BNSZ($a1)
-	$LD	$ta3,3*$BNSZ($a0)
-	$ADDU	$t3,$v0
-	sltu	$v0,$t3,$v0
-	mflo	$at
-	mfhi	$t2
-	$ADDU	$t3,$at
-	$ADDU	$v0,$t2
-	 $MULTU	$ta0,$a3
-	sltu	$at,$t3,$at
-	$ST	$t3,$BNSZ($a0)
-	$ADDU	$v0,$at
-
-	subu	$a2,4
-	$PTR_ADD $a0,4*$BNSZ
-	$PTR_ADD $a1,4*$BNSZ
-	$ADDU	$ta1,$v0
-	sltu	$v0,$ta1,$v0
-	mflo	$at
-	mfhi	$ta0
-	$ADDU	$ta1,$at
-	$ADDU	$v0,$ta0
-	 $MULTU	$ta2,$a3
-	sltu	$at,$ta1,$at
-	$ST	$ta1,-2*$BNSZ($a0)
-	$ADDU	$v0,$at
-
-
-	and	$ta0,$a2,$minus4
-	$ADDU	$ta3,$v0
-	sltu	$v0,$ta3,$v0
-	mflo	$at
-	mfhi	$ta2
-	$ADDU	$ta3,$at
-	$ADDU	$v0,$ta2
-	sltu	$at,$ta3,$at
-	$ST	$ta3,-$BNSZ($a0)
-	.set	noreorder
-	bgtz	$ta0,.L_bn_mul_add_words_loop
-	$ADDU	$v0,$at
-
-	beqz	$a2,.L_bn_mul_add_words_return
-	nop
-
-.L_bn_mul_add_words_tail:
-	.set	reorder
-	$LD	$t0,0($a1)
-	$MULTU	$t0,$a3
-	$LD	$t1,0($a0)
-	subu	$a2,1
-	$ADDU	$t1,$v0
-	sltu	$v0,$t1,$v0
-	mflo	$at
-	mfhi	$t0
-	$ADDU	$t1,$at
-	$ADDU	$v0,$t0
-	sltu	$at,$t1,$at
-	$ST	$t1,0($a0)
-	$ADDU	$v0,$at
-	beqz	$a2,.L_bn_mul_add_words_return
-
-	$LD	$t0,$BNSZ($a1)
-	$MULTU	$t0,$a3
-	$LD	$t1,$BNSZ($a0)
-	subu	$a2,1
-	$ADDU	$t1,$v0
-	sltu	$v0,$t1,$v0
-	mflo	$at
-	mfhi	$t0
-	$ADDU	$t1,$at
-	$ADDU	$v0,$t0
-	sltu	$at,$t1,$at
-	$ST	$t1,$BNSZ($a0)
-	$ADDU	$v0,$at
-	beqz	$a2,.L_bn_mul_add_words_return
-
-	$LD	$t0,2*$BNSZ($a1)
-	$MULTU	$t0,$a3
-	$LD	$t1,2*$BNSZ($a0)
-	$ADDU	$t1,$v0
-	sltu	$v0,$t1,$v0
-	mflo	$at
-	mfhi	$t0
-	$ADDU	$t1,$at
-	$ADDU	$v0,$t0
-	sltu	$at,$t1,$at
-	$ST	$t1,2*$BNSZ($a0)
-	$ADDU	$v0,$at
-
-.L_bn_mul_add_words_return:
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$t3,4*$SZREG($sp)
-	$REG_L	$t2,3*$SZREG($sp)
-	$REG_L	$t1,2*$SZREG($sp)
-	$REG_L	$t0,1*$SZREG($sp)
-	$REG_L	$gp,0*$SZREG($sp)
-	$PTR_ADD $sp,6*$SZREG
-___
-$code.=<<___;
-	jr	$ra
-	move	$a0,$v0
-.end	bn_mul_add_words_internal
-
-.align	5
-.globl	bn_mul_words
-.ent	bn_mul_words
-bn_mul_words:
-	.set	noreorder
-	bgtz	$a2,bn_mul_words_internal
-	move	$v0,$zero
-	jr	$ra
-	move	$a0,$v0
-.end	bn_mul_words
-
-.align	5
-.ent	bn_mul_words_internal
-bn_mul_words_internal:
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	.frame	$sp,6*$SZREG,$ra
-	.mask	0x8000f008,-$SZREG
-	.set	noreorder
-	$PTR_SUB $sp,6*$SZREG
-	$REG_S	$ra,5*$SZREG($sp)
-	$REG_S	$t3,4*$SZREG($sp)
-	$REG_S	$t2,3*$SZREG($sp)
-	$REG_S	$t1,2*$SZREG($sp)
-	$REG_S	$t0,1*$SZREG($sp)
-	$REG_S	$gp,0*$SZREG($sp)
-___
-$code.=<<___;
-	.set	reorder
-	li	$minus4,-4
-	and	$ta0,$a2,$minus4
-	beqz	$ta0,.L_bn_mul_words_tail
-
-.L_bn_mul_words_loop:
-	$LD	$t0,0($a1)
-	$MULTU	$t0,$a3
-	$LD	$t2,$BNSZ($a1)
-	$LD	$ta0,2*$BNSZ($a1)
-	$LD	$ta2,3*$BNSZ($a1)
-	mflo	$at
-	mfhi	$t0
-	$ADDU	$v0,$at
-	sltu	$t1,$v0,$at
-	 $MULTU	$t2,$a3
-	$ST	$v0,0($a0)
-	$ADDU	$v0,$t1,$t0
-
-	subu	$a2,4
-	$PTR_ADD $a0,4*$BNSZ
-	$PTR_ADD $a1,4*$BNSZ
-	mflo	$at
-	mfhi	$t2
-	$ADDU	$v0,$at
-	sltu	$t3,$v0,$at
-	 $MULTU	$ta0,$a3
-	$ST	$v0,-3*$BNSZ($a0)
-	$ADDU	$v0,$t3,$t2
-
-	mflo	$at
-	mfhi	$ta0
-	$ADDU	$v0,$at
-	sltu	$ta1,$v0,$at
-	 $MULTU	$ta2,$a3
-	$ST	$v0,-2*$BNSZ($a0)
-	$ADDU	$v0,$ta1,$ta0
-
-	and	$ta0,$a2,$minus4
-	mflo	$at
-	mfhi	$ta2
-	$ADDU	$v0,$at
-	sltu	$ta3,$v0,$at
-	$ST	$v0,-$BNSZ($a0)
-	.set	noreorder
-	bgtz	$ta0,.L_bn_mul_words_loop
-	$ADDU	$v0,$ta3,$ta2
-
-	beqz	$a2,.L_bn_mul_words_return
-	nop
-
-.L_bn_mul_words_tail:
-	.set	reorder
-	$LD	$t0,0($a1)
-	$MULTU	$t0,$a3
-	subu	$a2,1
-	mflo	$at
-	mfhi	$t0
-	$ADDU	$v0,$at
-	sltu	$t1,$v0,$at
-	$ST	$v0,0($a0)
-	$ADDU	$v0,$t1,$t0
-	beqz	$a2,.L_bn_mul_words_return
-
-	$LD	$t0,$BNSZ($a1)
-	$MULTU	$t0,$a3
-	subu	$a2,1
-	mflo	$at
-	mfhi	$t0
-	$ADDU	$v0,$at
-	sltu	$t1,$v0,$at
-	$ST	$v0,$BNSZ($a0)
-	$ADDU	$v0,$t1,$t0
-	beqz	$a2,.L_bn_mul_words_return
-
-	$LD	$t0,2*$BNSZ($a1)
-	$MULTU	$t0,$a3
-	mflo	$at
-	mfhi	$t0
-	$ADDU	$v0,$at
-	sltu	$t1,$v0,$at
-	$ST	$v0,2*$BNSZ($a0)
-	$ADDU	$v0,$t1,$t0
-
-.L_bn_mul_words_return:
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$t3,4*$SZREG($sp)
-	$REG_L	$t2,3*$SZREG($sp)
-	$REG_L	$t1,2*$SZREG($sp)
-	$REG_L	$t0,1*$SZREG($sp)
-	$REG_L	$gp,0*$SZREG($sp)
-	$PTR_ADD $sp,6*$SZREG
-___
-$code.=<<___;
-	jr	$ra
-	move	$a0,$v0
-.end	bn_mul_words_internal
-
-.align	5
-.globl	bn_sqr_words
-.ent	bn_sqr_words
-bn_sqr_words:
-	.set	noreorder
-	bgtz	$a2,bn_sqr_words_internal
-	move	$v0,$zero
-	jr	$ra
-	move	$a0,$v0
-.end	bn_sqr_words
-
-.align	5
-.ent	bn_sqr_words_internal
-bn_sqr_words_internal:
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	.frame	$sp,6*$SZREG,$ra
-	.mask	0x8000f008,-$SZREG
-	.set	noreorder
-	$PTR_SUB $sp,6*$SZREG
-	$REG_S	$ra,5*$SZREG($sp)
-	$REG_S	$t3,4*$SZREG($sp)
-	$REG_S	$t2,3*$SZREG($sp)
-	$REG_S	$t1,2*$SZREG($sp)
-	$REG_S	$t0,1*$SZREG($sp)
-	$REG_S	$gp,0*$SZREG($sp)
-___
-$code.=<<___;
-	.set	reorder
-	li	$minus4,-4
-	and	$ta0,$a2,$minus4
-	beqz	$ta0,.L_bn_sqr_words_tail
-
-.L_bn_sqr_words_loop:
-	$LD	$t0,0($a1)
-	$MULTU	$t0,$t0
-	$LD	$t2,$BNSZ($a1)
-	$LD	$ta0,2*$BNSZ($a1)
-	$LD	$ta2,3*$BNSZ($a1)
-	mflo	$t1
-	mfhi	$t0
-	$ST	$t1,0($a0)
-	$ST	$t0,$BNSZ($a0)
-
-	$MULTU	$t2,$t2
-	subu	$a2,4
-	$PTR_ADD $a0,8*$BNSZ
-	$PTR_ADD $a1,4*$BNSZ
-	mflo	$t3
-	mfhi	$t2
-	$ST	$t3,-6*$BNSZ($a0)
-	$ST	$t2,-5*$BNSZ($a0)
-
-	$MULTU	$ta0,$ta0
-	mflo	$ta1
-	mfhi	$ta0
-	$ST	$ta1,-4*$BNSZ($a0)
-	$ST	$ta0,-3*$BNSZ($a0)
-
-
-	$MULTU	$ta2,$ta2
-	and	$ta0,$a2,$minus4
-	mflo	$ta3
-	mfhi	$ta2
-	$ST	$ta3,-2*$BNSZ($a0)
-
-	.set	noreorder
-	bgtz	$ta0,.L_bn_sqr_words_loop
-	$ST	$ta2,-$BNSZ($a0)
-
-	beqz	$a2,.L_bn_sqr_words_return
-	nop
-
-.L_bn_sqr_words_tail:
-	.set	reorder
-	$LD	$t0,0($a1)
-	$MULTU	$t0,$t0
-	subu	$a2,1
-	mflo	$t1
-	mfhi	$t0
-	$ST	$t1,0($a0)
-	$ST	$t0,$BNSZ($a0)
-	beqz	$a2,.L_bn_sqr_words_return
-
-	$LD	$t0,$BNSZ($a1)
-	$MULTU	$t0,$t0
-	subu	$a2,1
-	mflo	$t1
-	mfhi	$t0
-	$ST	$t1,2*$BNSZ($a0)
-	$ST	$t0,3*$BNSZ($a0)
-	beqz	$a2,.L_bn_sqr_words_return
-
-	$LD	$t0,2*$BNSZ($a1)
-	$MULTU	$t0,$t0
-	mflo	$t1
-	mfhi	$t0
-	$ST	$t1,4*$BNSZ($a0)
-	$ST	$t0,5*$BNSZ($a0)
-
-.L_bn_sqr_words_return:
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$t3,4*$SZREG($sp)
-	$REG_L	$t2,3*$SZREG($sp)
-	$REG_L	$t1,2*$SZREG($sp)
-	$REG_L	$t0,1*$SZREG($sp)
-	$REG_L	$gp,0*$SZREG($sp)
-	$PTR_ADD $sp,6*$SZREG
-___
-$code.=<<___;
-	jr	$ra
-	move	$a0,$v0
-
-.end	bn_sqr_words_internal
-
-.align	5
-.globl	bn_add_words
-.ent	bn_add_words
-bn_add_words:
-	.set	noreorder
-	bgtz	$a3,bn_add_words_internal
-	move	$v0,$zero
-	jr	$ra
-	move	$a0,$v0
-.end	bn_add_words
-
-.align	5
-.ent	bn_add_words_internal
-bn_add_words_internal:
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	.frame	$sp,6*$SZREG,$ra
-	.mask	0x8000f008,-$SZREG
-	.set	noreorder
-	$PTR_SUB $sp,6*$SZREG
-	$REG_S	$ra,5*$SZREG($sp)
-	$REG_S	$t3,4*$SZREG($sp)
-	$REG_S	$t2,3*$SZREG($sp)
-	$REG_S	$t1,2*$SZREG($sp)
-	$REG_S	$t0,1*$SZREG($sp)
-	$REG_S	$gp,0*$SZREG($sp)
-___
-$code.=<<___;
-	.set	reorder
-	li	$minus4,-4
-	and	$at,$a3,$minus4
-	beqz	$at,.L_bn_add_words_tail
-
-.L_bn_add_words_loop:
-	$LD	$t0,0($a1)
-	$LD	$ta0,0($a2)
-	subu	$a3,4
-	$LD	$t1,$BNSZ($a1)
-	and	$at,$a3,$minus4
-	$LD	$t2,2*$BNSZ($a1)
-	$PTR_ADD $a2,4*$BNSZ
-	$LD	$t3,3*$BNSZ($a1)
-	$PTR_ADD $a0,4*$BNSZ
-	$LD	$ta1,-3*$BNSZ($a2)
-	$PTR_ADD $a1,4*$BNSZ
-	$LD	$ta2,-2*$BNSZ($a2)
-	$LD	$ta3,-$BNSZ($a2)
-	$ADDU	$ta0,$t0
-	sltu	$t8,$ta0,$t0
-	$ADDU	$t0,$ta0,$v0
-	sltu	$v0,$t0,$ta0
-	$ST	$t0,-4*$BNSZ($a0)
-	$ADDU	$v0,$t8
-
-	$ADDU	$ta1,$t1
-	sltu	$t9,$ta1,$t1
-	$ADDU	$t1,$ta1,$v0
-	sltu	$v0,$t1,$ta1
-	$ST	$t1,-3*$BNSZ($a0)
-	$ADDU	$v0,$t9
-
-	$ADDU	$ta2,$t2
-	sltu	$t8,$ta2,$t2
-	$ADDU	$t2,$ta2,$v0
-	sltu	$v0,$t2,$ta2
-	$ST	$t2,-2*$BNSZ($a0)
-	$ADDU	$v0,$t8
-	
-	$ADDU	$ta3,$t3
-	sltu	$t9,$ta3,$t3
-	$ADDU	$t3,$ta3,$v0
-	sltu	$v0,$t3,$ta3
-	$ST	$t3,-$BNSZ($a0)
-	
-	.set	noreorder
-	bgtz	$at,.L_bn_add_words_loop
-	$ADDU	$v0,$t9
-
-	beqz	$a3,.L_bn_add_words_return
-	nop
-
-.L_bn_add_words_tail:
-	.set	reorder
-	$LD	$t0,0($a1)
-	$LD	$ta0,0($a2)
-	$ADDU	$ta0,$t0
-	subu	$a3,1
-	sltu	$t8,$ta0,$t0
-	$ADDU	$t0,$ta0,$v0
-	sltu	$v0,$t0,$ta0
-	$ST	$t0,0($a0)
-	$ADDU	$v0,$t8
-	beqz	$a3,.L_bn_add_words_return
-
-	$LD	$t1,$BNSZ($a1)
-	$LD	$ta1,$BNSZ($a2)
-	$ADDU	$ta1,$t1
-	subu	$a3,1
-	sltu	$t9,$ta1,$t1
-	$ADDU	$t1,$ta1,$v0
-	sltu	$v0,$t1,$ta1
-	$ST	$t1,$BNSZ($a0)
-	$ADDU	$v0,$t9
-	beqz	$a3,.L_bn_add_words_return
-
-	$LD	$t2,2*$BNSZ($a1)
-	$LD	$ta2,2*$BNSZ($a2)
-	$ADDU	$ta2,$t2
-	sltu	$t8,$ta2,$t2
-	$ADDU	$t2,$ta2,$v0
-	sltu	$v0,$t2,$ta2
-	$ST	$t2,2*$BNSZ($a0)
-	$ADDU	$v0,$t8
-
-.L_bn_add_words_return:
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$t3,4*$SZREG($sp)
-	$REG_L	$t2,3*$SZREG($sp)
-	$REG_L	$t1,2*$SZREG($sp)
-	$REG_L	$t0,1*$SZREG($sp)
-	$REG_L	$gp,0*$SZREG($sp)
-	$PTR_ADD $sp,6*$SZREG
-___
-$code.=<<___;
-	jr	$ra
-	move	$a0,$v0
-
-.end	bn_add_words_internal
-
-.align	5
-.globl	bn_sub_words
-.ent	bn_sub_words
-bn_sub_words:
-	.set	noreorder
-	bgtz	$a3,bn_sub_words_internal
-	move	$v0,$zero
-	jr	$ra
-	move	$a0,$zero
-.end	bn_sub_words
-
-.align	5
-.ent	bn_sub_words_internal
-bn_sub_words_internal:
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	.frame	$sp,6*$SZREG,$ra
-	.mask	0x8000f008,-$SZREG
-	.set	noreorder
-	$PTR_SUB $sp,6*$SZREG
-	$REG_S	$ra,5*$SZREG($sp)
-	$REG_S	$t3,4*$SZREG($sp)
-	$REG_S	$t2,3*$SZREG($sp)
-	$REG_S	$t1,2*$SZREG($sp)
-	$REG_S	$t0,1*$SZREG($sp)
-	$REG_S	$gp,0*$SZREG($sp)
-___
-$code.=<<___;
-	.set	reorder
-	li	$minus4,-4
-	and	$at,$a3,$minus4
-	beqz	$at,.L_bn_sub_words_tail
-
-.L_bn_sub_words_loop:
-	$LD	$t0,0($a1)
-	$LD	$ta0,0($a2)
-	subu	$a3,4
-	$LD	$t1,$BNSZ($a1)
-	and	$at,$a3,$minus4
-	$LD	$t2,2*$BNSZ($a1)
-	$PTR_ADD $a2,4*$BNSZ
-	$LD	$t3,3*$BNSZ($a1)
-	$PTR_ADD $a0,4*$BNSZ
-	$LD	$ta1,-3*$BNSZ($a2)
-	$PTR_ADD $a1,4*$BNSZ
-	$LD	$ta2,-2*$BNSZ($a2)
-	$LD	$ta3,-$BNSZ($a2)
-	sltu	$t8,$t0,$ta0
-	$SUBU	$ta0,$t0,$ta0
-	$SUBU	$t0,$ta0,$v0
-	sgtu	$v0,$t0,$ta0
-	$ST	$t0,-4*$BNSZ($a0)
-	$ADDU	$v0,$t8
-
-	sltu	$t9,$t1,$ta1
-	$SUBU	$ta1,$t1,$ta1
-	$SUBU	$t1,$ta1,$v0
-	sgtu	$v0,$t1,$ta1
-	$ST	$t1,-3*$BNSZ($a0)
-	$ADDU	$v0,$t9
-
-
-	sltu	$t8,$t2,$ta2
-	$SUBU	$ta2,$t2,$ta2
-	$SUBU	$t2,$ta2,$v0
-	sgtu	$v0,$t2,$ta2
-	$ST	$t2,-2*$BNSZ($a0)
-	$ADDU	$v0,$t8
-
-	sltu	$t9,$t3,$ta3
-	$SUBU	$ta3,$t3,$ta3
-	$SUBU	$t3,$ta3,$v0
-	sgtu	$v0,$t3,$ta3
-	$ST	$t3,-$BNSZ($a0)
-
-	.set	noreorder
-	bgtz	$at,.L_bn_sub_words_loop
-	$ADDU	$v0,$t9
-
-	beqz	$a3,.L_bn_sub_words_return
-	nop
-
-.L_bn_sub_words_tail:
-	.set	reorder
-	$LD	$t0,0($a1)
-	$LD	$ta0,0($a2)
-	subu	$a3,1
-	sltu	$t8,$t0,$ta0
-	$SUBU	$ta0,$t0,$ta0
-	$SUBU	$t0,$ta0,$v0
-	sgtu	$v0,$t0,$ta0
-	$ST	$t0,0($a0)
-	$ADDU	$v0,$t8
-	beqz	$a3,.L_bn_sub_words_return
-
-	$LD	$t1,$BNSZ($a1)
-	subu	$a3,1
-	$LD	$ta1,$BNSZ($a2)
-	sltu	$t9,$t1,$ta1
-	$SUBU	$ta1,$t1,$ta1
-	$SUBU	$t1,$ta1,$v0
-	sgtu	$v0,$t1,$ta1
-	$ST	$t1,$BNSZ($a0)
-	$ADDU	$v0,$t9
-	beqz	$a3,.L_bn_sub_words_return
-
-	$LD	$t2,2*$BNSZ($a1)
-	$LD	$ta2,2*$BNSZ($a2)
-	sltu	$t8,$t2,$ta2
-	$SUBU	$ta2,$t2,$ta2
-	$SUBU	$t2,$ta2,$v0
-	sgtu	$v0,$t2,$ta2
-	$ST	$t2,2*$BNSZ($a0)
-	$ADDU	$v0,$t8
-
-.L_bn_sub_words_return:
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$t3,4*$SZREG($sp)
-	$REG_L	$t2,3*$SZREG($sp)
-	$REG_L	$t1,2*$SZREG($sp)
-	$REG_L	$t0,1*$SZREG($sp)
-	$REG_L	$gp,0*$SZREG($sp)
-	$PTR_ADD $sp,6*$SZREG
-___
-$code.=<<___;
-	jr	$ra
-	move	$a0,$v0
-.end	bn_sub_words_internal
-
-.align 5
-.globl	bn_div_3_words
-.ent	bn_div_3_words
-bn_div_3_words:
-	.set	noreorder
-	move	$a3,$a0		# we know that bn_div_words does not
-				# touch $a3, $ta2, $ta3 and preserves $a2
-				# so that we can save two arguments
-				# and return address in registers
-				# instead of stack:-)
-				
-	$LD	$a0,($a3)
-	move	$ta2,$a1
-	bne	$a0,$a2,bn_div_3_words_internal
-	$LD	$a1,-$BNSZ($a3)
-	li	$v0,-1
-	jr	$ra
-	move	$a0,$v0
-.end	bn_div_3_words
-
-.align	5
-.ent	bn_div_3_words_internal
-bn_div_3_words_internal:
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	.frame	$sp,6*$SZREG,$ra
-	.mask	0x8000f008,-$SZREG
-	.set	noreorder
-	$PTR_SUB $sp,6*$SZREG
-	$REG_S	$ra,5*$SZREG($sp)
-	$REG_S	$t3,4*$SZREG($sp)
-	$REG_S	$t2,3*$SZREG($sp)
-	$REG_S	$t1,2*$SZREG($sp)
-	$REG_S	$t0,1*$SZREG($sp)
-	$REG_S	$gp,0*$SZREG($sp)
-___
-$code.=<<___;
-	.set	reorder
-	move	$ta3,$ra
-	bal	bn_div_words_internal
-	move	$ra,$ta3
-	$MULTU	$ta2,$v0
-	$LD	$t2,-2*$BNSZ($a3)
-	move	$ta0,$zero
-	mfhi	$t1
-	mflo	$t0
-	sltu	$t8,$t1,$a1
-.L_bn_div_3_words_inner_loop:
-	bnez	$t8,.L_bn_div_3_words_inner_loop_done
-	sgeu	$at,$t2,$t0
-	seq	$t9,$t1,$a1
-	and	$at,$t9
-	sltu	$t3,$t0,$ta2
-	$ADDU	$a1,$a2
-	$SUBU	$t1,$t3
-	$SUBU	$t0,$ta2
-	sltu	$t8,$t1,$a1
-	sltu	$ta0,$a1,$a2
-	or	$t8,$ta0
-	.set	noreorder
-	beqz	$at,.L_bn_div_3_words_inner_loop
-	$SUBU	$v0,1
-	$ADDU	$v0,1
-	.set	reorder
-.L_bn_div_3_words_inner_loop_done:
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$t3,4*$SZREG($sp)
-	$REG_L	$t2,3*$SZREG($sp)
-	$REG_L	$t1,2*$SZREG($sp)
-	$REG_L	$t0,1*$SZREG($sp)
-	$REG_L	$gp,0*$SZREG($sp)
-	$PTR_ADD $sp,6*$SZREG
-___
-$code.=<<___;
-	jr	$ra
-	move	$a0,$v0
-.end	bn_div_3_words_internal
-
-.align	5
-.globl	bn_div_words
-.ent	bn_div_words
-bn_div_words:
-	.set	noreorder
-	bnez	$a2,bn_div_words_internal
-	li	$v0,-1		# I would rather signal div-by-zero
-				# which can be done with 'break 7'
-	jr	$ra
-	move	$a0,$v0
-.end	bn_div_words
-
-.align	5
-.ent	bn_div_words_internal
-bn_div_words_internal:
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	.frame	$sp,6*$SZREG,$ra
-	.mask	0x8000f008,-$SZREG
-	.set	noreorder
-	$PTR_SUB $sp,6*$SZREG
-	$REG_S	$ra,5*$SZREG($sp)
-	$REG_S	$t3,4*$SZREG($sp)
-	$REG_S	$t2,3*$SZREG($sp)
-	$REG_S	$t1,2*$SZREG($sp)
-	$REG_S	$t0,1*$SZREG($sp)
-	$REG_S	$gp,0*$SZREG($sp)
-___
-$code.=<<___;
-	move	$v1,$zero
-	bltz	$a2,.L_bn_div_words_body
-	move	$t9,$v1
-	$SLL	$a2,1
-	bgtz	$a2,.-4
-	addu	$t9,1
-
-	.set	reorder
-	negu	$t1,$t9
-	li	$t2,-1
-	$SLL	$t2,$t1
-	and	$t2,$a0
-	$SRL	$at,$a1,$t1
-	.set	noreorder
-	beqz	$t2,.+12
-	nop
-	break	6		# signal overflow
-	.set	reorder
-	$SLL	$a0,$t9
-	$SLL	$a1,$t9
-	or	$a0,$at
-___
-$QT=$ta0;
-$HH=$ta1;
-$DH=$v1;
-$code.=<<___;
-.L_bn_div_words_body:
-	$SRL	$DH,$a2,4*$BNSZ	# bits
-	sgeu	$at,$a0,$a2
-	.set	noreorder
-	beqz	$at,.+12
-	nop
-	$SUBU	$a0,$a2
-	.set	reorder
-
-	li	$QT,-1
-	$SRL	$HH,$a0,4*$BNSZ	# bits
-	$SRL	$QT,4*$BNSZ	# q=0xffffffff
-	beq	$DH,$HH,.L_bn_div_words_skip_div1
-	$DIVU	$zero,$a0,$DH
-	mflo	$QT
-.L_bn_div_words_skip_div1:
-	$MULTU	$a2,$QT
-	$SLL	$t3,$a0,4*$BNSZ	# bits
-	$SRL	$at,$a1,4*$BNSZ	# bits
-	or	$t3,$at
-	mflo	$t0
-	mfhi	$t1
-.L_bn_div_words_inner_loop1:
-	sltu	$t2,$t3,$t0
-	seq	$t8,$HH,$t1
-	sltu	$at,$HH,$t1
-	and	$t2,$t8
-	sltu	$v0,$t0,$a2
-	or	$at,$t2
-	.set	noreorder
-	beqz	$at,.L_bn_div_words_inner_loop1_done
-	$SUBU	$t1,$v0
-	$SUBU	$t0,$a2
-	b	.L_bn_div_words_inner_loop1
-	$SUBU	$QT,1
-	.set	reorder
-.L_bn_div_words_inner_loop1_done:
-
-	$SLL	$a1,4*$BNSZ	# bits
-	$SUBU	$a0,$t3,$t0
-	$SLL	$v0,$QT,4*$BNSZ	# bits
-
-	li	$QT,-1
-	$SRL	$HH,$a0,4*$BNSZ	# bits
-	$SRL	$QT,4*$BNSZ	# q=0xffffffff
-	beq	$DH,$HH,.L_bn_div_words_skip_div2
-	$DIVU	$zero,$a0,$DH
-	mflo	$QT
-.L_bn_div_words_skip_div2:
-	$MULTU	$a2,$QT
-	$SLL	$t3,$a0,4*$BNSZ	# bits
-	$SRL	$at,$a1,4*$BNSZ	# bits
-	or	$t3,$at
-	mflo	$t0
-	mfhi	$t1
-.L_bn_div_words_inner_loop2:
-	sltu	$t2,$t3,$t0
-	seq	$t8,$HH,$t1
-	sltu	$at,$HH,$t1
-	and	$t2,$t8
-	sltu	$v1,$t0,$a2
-	or	$at,$t2
-	.set	noreorder
-	beqz	$at,.L_bn_div_words_inner_loop2_done
-	$SUBU	$t1,$v1
-	$SUBU	$t0,$a2
-	b	.L_bn_div_words_inner_loop2
-	$SUBU	$QT,1
-	.set	reorder
-.L_bn_div_words_inner_loop2_done:
-
-	$SUBU	$a0,$t3,$t0
-	or	$v0,$QT
-	$SRL	$v1,$a0,$t9	# $v1 contains remainder if anybody wants it
-	$SRL	$a2,$t9		# restore $a2
-
-	.set	noreorder
-	move	$a1,$v1
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$t3,4*$SZREG($sp)
-	$REG_L	$t2,3*$SZREG($sp)
-	$REG_L	$t1,2*$SZREG($sp)
-	$REG_L	$t0,1*$SZREG($sp)
-	$REG_L	$gp,0*$SZREG($sp)
-	$PTR_ADD $sp,6*$SZREG
-___
-$code.=<<___;
-	jr	$ra
-	move	$a0,$v0
-.end	bn_div_words_internal
-___
-undef $HH; undef $QT; undef $DH;
-
-($a_0,$a_1,$a_2,$a_3)=($t0,$t1,$t2,$t3);
-($b_0,$b_1,$b_2,$b_3)=($ta0,$ta1,$ta2,$ta3);
-
-($a_4,$a_5,$a_6,$a_7)=($s0,$s2,$s4,$a1); # once we load a[7], no use for $a1
-($b_4,$b_5,$b_6,$b_7)=($s1,$s3,$s5,$a2); # once we load b[7], no use for $a2
-
-($t_1,$t_2,$c_1,$c_2,$c_3)=($t8,$t9,$v0,$v1,$a3);
-
-$code.=<<___;
-
-.align	5
-.globl	bn_mul_comba8
-.ent	bn_mul_comba8
-bn_mul_comba8:
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	.frame	$sp,12*$SZREG,$ra
-	.mask	0x803ff008,-$SZREG
-	$PTR_SUB $sp,12*$SZREG
-	$REG_S	$ra,11*$SZREG($sp)
-	$REG_S	$s5,10*$SZREG($sp)
-	$REG_S	$s4,9*$SZREG($sp)
-	$REG_S	$s3,8*$SZREG($sp)
-	$REG_S	$s2,7*$SZREG($sp)
-	$REG_S	$s1,6*$SZREG($sp)
-	$REG_S	$s0,5*$SZREG($sp)
-	$REG_S	$t3,4*$SZREG($sp)
-	$REG_S	$t2,3*$SZREG($sp)
-	$REG_S	$t1,2*$SZREG($sp)
-	$REG_S	$t0,1*$SZREG($sp)
-	$REG_S	$gp,0*$SZREG($sp)
-___
-$code.=<<___ if ($flavour !~ /nubi/i);
-	.frame	$sp,6*$SZREG,$ra
-	.mask	0x003f0000,-$SZREG
-	$PTR_SUB $sp,6*$SZREG
-	$REG_S	$s5,5*$SZREG($sp)
-	$REG_S	$s4,4*$SZREG($sp)
-	$REG_S	$s3,3*$SZREG($sp)
-	$REG_S	$s2,2*$SZREG($sp)
-	$REG_S	$s1,1*$SZREG($sp)
-	$REG_S	$s0,0*$SZREG($sp)
-___
-$code.=<<___;
-
-	.set	reorder
-	$LD	$a_0,0($a1)	# If compiled with -mips3 option on
-				# R5000 box assembler barks on this
-				# 1ine with "should not have mult/div
-				# as last instruction in bb (R10K
-				# bug)" warning. If anybody out there
-				# has a clue about how to circumvent
-				# this do send me a note.
-				#		<appro\@fy.chalmers.se>
-
-	$LD	$b_0,0($a2)
-	$LD	$a_1,$BNSZ($a1)
-	$LD	$a_2,2*$BNSZ($a1)
-	$MULTU	$a_0,$b_0		# mul_add_c(a[0],b[0],c1,c2,c3);
-	$LD	$a_3,3*$BNSZ($a1)
-	$LD	$b_1,$BNSZ($a2)
-	$LD	$b_2,2*$BNSZ($a2)
-	$LD	$b_3,3*$BNSZ($a2)
-	mflo	$c_1
-	mfhi	$c_2
-
-	$LD	$a_4,4*$BNSZ($a1)
-	$LD	$a_5,5*$BNSZ($a1)
-	$MULTU	$a_0,$b_1		# mul_add_c(a[0],b[1],c2,c3,c1);
-	$LD	$a_6,6*$BNSZ($a1)
-	$LD	$a_7,7*$BNSZ($a1)
-	$LD	$b_4,4*$BNSZ($a2)
-	$LD	$b_5,5*$BNSZ($a2)
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_1,$b_0		# mul_add_c(a[1],b[0],c2,c3,c1);
-	$ADDU	$c_3,$t_2,$at
-	$LD	$b_6,6*$BNSZ($a2)
-	$LD	$b_7,7*$BNSZ($a2)
-	$ST	$c_1,0($a0)	# r[0]=c1;
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_2,$b_0		# mul_add_c(a[2],b[0],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$c_1,$c_3,$t_2
-	$ST	$c_2,$BNSZ($a0)	# r[1]=c2;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_1,$b_1		# mul_add_c(a[1],b[1],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_0,$b_2		# mul_add_c(a[0],b[2],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$c_2,$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_0,$b_3		# mul_add_c(a[0],b[3],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	$ST	$c_3,2*$BNSZ($a0)	# r[2]=c3;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_1,$b_2		# mul_add_c(a[1],b[2],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$c_3,$c_2,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_2,$b_1		# mul_add_c(a[2],b[1],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_3,$b_0		# mul_add_c(a[3],b[0],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_4,$b_0		# mul_add_c(a[4],b[0],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	$ST	$c_1,3*$BNSZ($a0)	# r[3]=c1;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_3,$b_1		# mul_add_c(a[3],b[1],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$c_1,$c_3,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_2,$b_2		# mul_add_c(a[2],b[2],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_1,$b_3		# mul_add_c(a[1],b[3],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_0,$b_4		# mul_add_c(a[0],b[4],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_0,$b_5		# mul_add_c(a[0],b[5],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	$ST	$c_2,4*$BNSZ($a0)	# r[4]=c2;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_1,$b_4		# mul_add_c(a[1],b[4],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$c_2,$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_2,$b_3		# mul_add_c(a[2],b[3],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_3,$b_2		# mul_add_c(a[3],b[2],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_4,$b_1		# mul_add_c(a[4],b[1],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_5,$b_0		# mul_add_c(a[5],b[0],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_6,$b_0		# mul_add_c(a[6],b[0],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	$ST	$c_3,5*$BNSZ($a0)	# r[5]=c3;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_5,$b_1		# mul_add_c(a[5],b[1],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$c_3,$c_2,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_4,$b_2		# mul_add_c(a[4],b[2],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_3,$b_3		# mul_add_c(a[3],b[3],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_2,$b_4		# mul_add_c(a[2],b[4],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_1,$b_5		# mul_add_c(a[1],b[5],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_0,$b_6		# mul_add_c(a[0],b[6],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_0,$b_7		# mul_add_c(a[0],b[7],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	$ST	$c_1,6*$BNSZ($a0)	# r[6]=c1;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_1,$b_6		# mul_add_c(a[1],b[6],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$c_1,$c_3,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_2,$b_5		# mul_add_c(a[2],b[5],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_3,$b_4		# mul_add_c(a[3],b[4],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_4,$b_3		# mul_add_c(a[4],b[3],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_5,$b_2		# mul_add_c(a[5],b[2],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_6,$b_1		# mul_add_c(a[6],b[1],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_7,$b_0		# mul_add_c(a[7],b[0],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_7,$b_1		# mul_add_c(a[7],b[1],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	$ST	$c_2,7*$BNSZ($a0)	# r[7]=c2;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_6,$b_2		# mul_add_c(a[6],b[2],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$c_2,$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_5,$b_3		# mul_add_c(a[5],b[3],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_4,$b_4		# mul_add_c(a[4],b[4],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_3,$b_5		# mul_add_c(a[3],b[5],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_2,$b_6		# mul_add_c(a[2],b[6],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_1,$b_7		# mul_add_c(a[1],b[7],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_2,$b_7		# mul_add_c(a[2],b[7],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	$ST	$c_3,8*$BNSZ($a0)	# r[8]=c3;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_3,$b_6		# mul_add_c(a[3],b[6],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$c_3,$c_2,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_4,$b_5		# mul_add_c(a[4],b[5],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_5,$b_4		# mul_add_c(a[5],b[4],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_6,$b_3		# mul_add_c(a[6],b[3],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_7,$b_2		# mul_add_c(a[7],b[2],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_7,$b_3		# mul_add_c(a[7],b[3],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	$ST	$c_1,9*$BNSZ($a0)	# r[9]=c1;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_6,$b_4		# mul_add_c(a[6],b[4],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$c_1,$c_3,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_5,$b_5		# mul_add_c(a[5],b[5],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_4,$b_6		# mul_add_c(a[4],b[6],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_3,$b_7		# mul_add_c(a[3],b[7],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_4,$b_7		# mul_add_c(a[4],b[7],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	$ST	$c_2,10*$BNSZ($a0)	# r[10]=c2;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_5,$b_6		# mul_add_c(a[5],b[6],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$c_2,$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_6,$b_5		# mul_add_c(a[6],b[5],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_7,$b_4		# mul_add_c(a[7],b[4],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_7,$b_5		# mul_add_c(a[7],b[5],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	$ST	$c_3,11*$BNSZ($a0)	# r[11]=c3;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_6,$b_6		# mul_add_c(a[6],b[6],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$c_3,$c_2,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_5,$b_7		# mul_add_c(a[5],b[7],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_6,$b_7		# mul_add_c(a[6],b[7],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	$ST	$c_1,12*$BNSZ($a0)	# r[12]=c1;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_7,$b_6		# mul_add_c(a[7],b[6],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$c_1,$c_3,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_7,$b_7		# mul_add_c(a[7],b[7],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	$ST	$c_2,13*$BNSZ($a0)	# r[13]=c2;
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	$ST	$c_3,14*$BNSZ($a0)	# r[14]=c3;
-	$ST	$c_1,15*$BNSZ($a0)	# r[15]=c1;
-
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$s5,10*$SZREG($sp)
-	$REG_L	$s4,9*$SZREG($sp)
-	$REG_L	$s3,8*$SZREG($sp)
-	$REG_L	$s2,7*$SZREG($sp)
-	$REG_L	$s1,6*$SZREG($sp)
-	$REG_L	$s0,5*$SZREG($sp)
-	$REG_L	$t3,4*$SZREG($sp)
-	$REG_L	$t2,3*$SZREG($sp)
-	$REG_L	$t1,2*$SZREG($sp)
-	$REG_L	$t0,1*$SZREG($sp)
-	$REG_L	$gp,0*$SZREG($sp)
-	jr	$ra
-	$PTR_ADD $sp,12*$SZREG
-___
-$code.=<<___ if ($flavour !~ /nubi/i);
-	$REG_L	$s5,5*$SZREG($sp)
-	$REG_L	$s4,4*$SZREG($sp)
-	$REG_L	$s3,3*$SZREG($sp)
-	$REG_L	$s2,2*$SZREG($sp)
-	$REG_L	$s1,1*$SZREG($sp)
-	$REG_L	$s0,0*$SZREG($sp)
-	jr	$ra
-	$PTR_ADD $sp,6*$SZREG
-___
-$code.=<<___;
-.end	bn_mul_comba8
-
-.align	5
-.globl	bn_mul_comba4
-.ent	bn_mul_comba4
-bn_mul_comba4:
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	.frame	$sp,6*$SZREG,$ra
-	.mask	0x8000f008,-$SZREG
-	.set	noreorder
-	$PTR_SUB $sp,6*$SZREG
-	$REG_S	$ra,5*$SZREG($sp)
-	$REG_S	$t3,4*$SZREG($sp)
-	$REG_S	$t2,3*$SZREG($sp)
-	$REG_S	$t1,2*$SZREG($sp)
-	$REG_S	$t0,1*$SZREG($sp)
-	$REG_S	$gp,0*$SZREG($sp)
-___
-$code.=<<___;
-	.set	reorder
-	$LD	$a_0,0($a1)
-	$LD	$b_0,0($a2)
-	$LD	$a_1,$BNSZ($a1)
-	$LD	$a_2,2*$BNSZ($a1)
-	$MULTU	$a_0,$b_0		# mul_add_c(a[0],b[0],c1,c2,c3);
-	$LD	$a_3,3*$BNSZ($a1)
-	$LD	$b_1,$BNSZ($a2)
-	$LD	$b_2,2*$BNSZ($a2)
-	$LD	$b_3,3*$BNSZ($a2)
-	mflo	$c_1
-	mfhi	$c_2
-	$ST	$c_1,0($a0)
-
-	$MULTU	$a_0,$b_1		# mul_add_c(a[0],b[1],c2,c3,c1);
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_1,$b_0		# mul_add_c(a[1],b[0],c2,c3,c1);
-	$ADDU	$c_3,$t_2,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_2,$b_0		# mul_add_c(a[2],b[0],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$c_1,$c_3,$t_2
-	$ST	$c_2,$BNSZ($a0)
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_1,$b_1		# mul_add_c(a[1],b[1],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_0,$b_2		# mul_add_c(a[0],b[2],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$c_2,$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_0,$b_3		# mul_add_c(a[0],b[3],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	$ST	$c_3,2*$BNSZ($a0)
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_1,$b_2		# mul_add_c(a[1],b[2],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$c_3,$c_2,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_2,$b_1		# mul_add_c(a[2],b[1],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$MULTU	$a_3,$b_0		# mul_add_c(a[3],b[0],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_3,$b_1		# mul_add_c(a[3],b[1],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	$ST	$c_1,3*$BNSZ($a0)
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_2,$b_2		# mul_add_c(a[2],b[2],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$c_1,$c_3,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$MULTU	$a_1,$b_3		# mul_add_c(a[1],b[3],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_2,$b_3		# mul_add_c(a[2],b[3],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	$ST	$c_2,4*$BNSZ($a0)
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$MULTU	$a_3,$b_2		# mul_add_c(a[3],b[2],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$c_2,$c_1,$t_2
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_3,$b_3		# mul_add_c(a[3],b[3],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	$ST	$c_3,5*$BNSZ($a0)
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	$ST	$c_1,6*$BNSZ($a0)
-	$ST	$c_2,7*$BNSZ($a0)
-
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$t3,4*$SZREG($sp)
-	$REG_L	$t2,3*$SZREG($sp)
-	$REG_L	$t1,2*$SZREG($sp)
-	$REG_L	$t0,1*$SZREG($sp)
-	$REG_L	$gp,0*$SZREG($sp)
-	$PTR_ADD $sp,6*$SZREG
-___
-$code.=<<___;
-	jr	$ra
-	nop
-.end	bn_mul_comba4
-___
-
-($a_4,$a_5,$a_6,$a_7)=($b_0,$b_1,$b_2,$b_3);
-
-sub add_c2 () {
-my ($hi,$lo,$c0,$c1,$c2,
-    $warm,      # !$warm denotes first call with specific sequence of
-                # $c_[XYZ] when there is no Z-carry to accumulate yet;
-    $an,$bn     # these two are arguments for multiplication which
-                # result is used in *next* step [which is why it's
-                # commented as "forward multiplication" below];
-    )=@_;
-$code.=<<___;
-	mflo	$lo
-	mfhi	$hi
-	$ADDU	$c0,$lo
-	sltu	$at,$c0,$lo
-	 $MULTU	$an,$bn			# forward multiplication
-	$ADDU	$c0,$lo
-	$ADDU	$at,$hi
-	sltu	$lo,$c0,$lo
-	$ADDU	$c1,$at
-	$ADDU	$hi,$lo
-___
-$code.=<<___	if (!$warm);
-	sltu	$c2,$c1,$at
-	$ADDU	$c1,$hi
-	sltu	$hi,$c1,$hi
-	$ADDU	$c2,$hi
-___
-$code.=<<___	if ($warm);
-	sltu	$at,$c1,$at
-	$ADDU	$c1,$hi
-	$ADDU	$c2,$at
-	sltu	$hi,$c1,$hi
-	$ADDU	$c2,$hi
-___
-}
-
-$code.=<<___;
-
-.align	5
-.globl	bn_sqr_comba8
-.ent	bn_sqr_comba8
-bn_sqr_comba8:
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	.frame	$sp,6*$SZREG,$ra
-	.mask	0x8000f008,-$SZREG
-	.set	noreorder
-	$PTR_SUB $sp,6*$SZREG
-	$REG_S	$ra,5*$SZREG($sp)
-	$REG_S	$t3,4*$SZREG($sp)
-	$REG_S	$t2,3*$SZREG($sp)
-	$REG_S	$t1,2*$SZREG($sp)
-	$REG_S	$t0,1*$SZREG($sp)
-	$REG_S	$gp,0*$SZREG($sp)
-___
-$code.=<<___;
-	.set	reorder
-	$LD	$a_0,0($a1)
-	$LD	$a_1,$BNSZ($a1)
-	$LD	$a_2,2*$BNSZ($a1)
-	$LD	$a_3,3*$BNSZ($a1)
-
-	$MULTU	$a_0,$a_0		# mul_add_c(a[0],b[0],c1,c2,c3);
-	$LD	$a_4,4*$BNSZ($a1)
-	$LD	$a_5,5*$BNSZ($a1)
-	$LD	$a_6,6*$BNSZ($a1)
-	$LD	$a_7,7*$BNSZ($a1)
-	mflo	$c_1
-	mfhi	$c_2
-	$ST	$c_1,0($a0)
-
-	$MULTU	$a_0,$a_1		# mul_add_c2(a[0],b[1],c2,c3,c1);
-	mflo	$t_1
-	mfhi	$t_2
-	slt	$c_1,$t_2,$zero
-	$SLL	$t_2,1
-	 $MULTU	$a_2,$a_0		# mul_add_c2(a[2],b[0],c3,c1,c2);
-	slt	$a2,$t_1,$zero
-	$ADDU	$t_2,$a2
-	$SLL	$t_1,1
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$ADDU	$c_3,$t_2,$at
-	$ST	$c_2,$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
-		$a_1,$a_1);		# mul_add_c(a[1],b[1],c3,c1,c2);
-$code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_0,$a_3		# mul_add_c2(a[0],b[3],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	$ST	$c_3,2*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
-		$a_1,$a_2);		# mul_add_c2(a[1],b[2],c1,c2,c3);
-	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
-		$a_4,$a_0);		# mul_add_c2(a[4],b[0],c2,c3,c1);
-$code.=<<___;
-	$ST	$c_1,3*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
-		$a_3,$a_1);		# mul_add_c2(a[3],b[1],c2,c3,c1);
-	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
-		$a_2,$a_2);		# mul_add_c(a[2],b[2],c2,c3,c1);
-$code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_0,$a_5		# mul_add_c2(a[0],b[5],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	$ST	$c_2,4*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
-		$a_1,$a_4);		# mul_add_c2(a[1],b[4],c3,c1,c2);
-	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
-		$a_2,$a_3);		# mul_add_c2(a[2],b[3],c3,c1,c2);
-	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
-		$a_6,$a_0);		# mul_add_c2(a[6],b[0],c1,c2,c3);
-$code.=<<___;
-	$ST	$c_3,5*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
-		$a_5,$a_1);		# mul_add_c2(a[5],b[1],c1,c2,c3);
-	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
-		$a_4,$a_2);		# mul_add_c2(a[4],b[2],c1,c2,c3);
-	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
-		$a_3,$a_3);		# mul_add_c(a[3],b[3],c1,c2,c3);
-$code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_0,$a_7		# mul_add_c2(a[0],b[7],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	$ST	$c_1,6*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
-		$a_1,$a_6);		# mul_add_c2(a[1],b[6],c2,c3,c1);
-	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
-		$a_2,$a_5);		# mul_add_c2(a[2],b[5],c2,c3,c1);
-	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
-		$a_3,$a_4);		# mul_add_c2(a[3],b[4],c2,c3,c1);
-	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
-		$a_7,$a_1);		# mul_add_c2(a[7],b[1],c3,c1,c2);
-$code.=<<___;
-	$ST	$c_2,7*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
-		$a_6,$a_2);		# mul_add_c2(a[6],b[2],c3,c1,c2);
-	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
-		$a_5,$a_3);		# mul_add_c2(a[5],b[3],c3,c1,c2);
-	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
-		$a_4,$a_4);		# mul_add_c(a[4],b[4],c3,c1,c2);
-$code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_2,$a_7		# mul_add_c2(a[2],b[7],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	$ST	$c_3,8*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
-		$a_3,$a_6);		# mul_add_c2(a[3],b[6],c1,c2,c3);
-	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
-		$a_4,$a_5);		# mul_add_c2(a[4],b[5],c1,c2,c3);
-	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
-		$a_7,$a_3);		# mul_add_c2(a[7],b[3],c2,c3,c1);
-$code.=<<___;
-	$ST	$c_1,9*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
-		$a_6,$a_4);		# mul_add_c2(a[6],b[4],c2,c3,c1);
-	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
-		$a_5,$a_5);		# mul_add_c(a[5],b[5],c2,c3,c1);
-$code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_4,$a_7		# mul_add_c2(a[4],b[7],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	$ST	$c_2,10*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
-		$a_5,$a_6);		# mul_add_c2(a[5],b[6],c3,c1,c2);
-	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
-		$a_7,$a_5);		# mul_add_c2(a[7],b[5],c1,c2,c3);
-$code.=<<___;
-	$ST	$c_3,11*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
-		$a_6,$a_6);		# mul_add_c(a[6],b[6],c1,c2,c3);
-$code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	 $MULTU	$a_6,$a_7		# mul_add_c2(a[6],b[7],c2,c3,c1);
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	sltu	$at,$c_2,$t_2
-	$ADDU	$c_3,$at
-	$ST	$c_1,12*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
-		$a_7,$a_7);		# mul_add_c(a[7],b[7],c3,c1,c2);
-$code.=<<___;
-	$ST	$c_2,13*$BNSZ($a0)
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	$ST	$c_3,14*$BNSZ($a0)
-	$ST	$c_1,15*$BNSZ($a0)
-
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$t3,4*$SZREG($sp)
-	$REG_L	$t2,3*$SZREG($sp)
-	$REG_L	$t1,2*$SZREG($sp)
-	$REG_L	$t0,1*$SZREG($sp)
-	$REG_L	$gp,0*$SZREG($sp)
-	$PTR_ADD $sp,6*$SZREG
-___
-$code.=<<___;
-	jr	$ra
-	nop
-.end	bn_sqr_comba8
-
-.align	5
-.globl	bn_sqr_comba4
-.ent	bn_sqr_comba4
-bn_sqr_comba4:
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	.frame	$sp,6*$SZREG,$ra
-	.mask	0x8000f008,-$SZREG
-	.set	noreorder
-	$PTR_SUB $sp,6*$SZREG
-	$REG_S	$ra,5*$SZREG($sp)
-	$REG_S	$t3,4*$SZREG($sp)
-	$REG_S	$t2,3*$SZREG($sp)
-	$REG_S	$t1,2*$SZREG($sp)
-	$REG_S	$t0,1*$SZREG($sp)
-	$REG_S	$gp,0*$SZREG($sp)
-___
-$code.=<<___;
-	.set	reorder
-	$LD	$a_0,0($a1)
-	$LD	$a_1,$BNSZ($a1)
-	$MULTU	$a_0,$a_0		# mul_add_c(a[0],b[0],c1,c2,c3);
-	$LD	$a_2,2*$BNSZ($a1)
-	$LD	$a_3,3*$BNSZ($a1)
-	mflo	$c_1
-	mfhi	$c_2
-	$ST	$c_1,0($a0)
-
-	$MULTU	$a_0,$a_1		# mul_add_c2(a[0],b[1],c2,c3,c1);
-	mflo	$t_1
-	mfhi	$t_2
-	slt	$c_1,$t_2,$zero
-	$SLL	$t_2,1
-	 $MULTU	$a_2,$a_0		# mul_add_c2(a[2],b[0],c3,c1,c2);
-	slt	$a2,$t_1,$zero
-	$ADDU	$t_2,$a2
-	$SLL	$t_1,1
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	$ADDU	$c_3,$t_2,$at
-	$ST	$c_2,$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
-		$a_1,$a_1);		# mul_add_c(a[1],b[1],c3,c1,c2);
-$code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_3,$t_1
-	sltu	$at,$c_3,$t_1
-	 $MULTU	$a_0,$a_3		# mul_add_c2(a[0],b[3],c1,c2,c3);
-	$ADDU	$t_2,$at
-	$ADDU	$c_1,$t_2
-	sltu	$at,$c_1,$t_2
-	$ADDU	$c_2,$at
-	$ST	$c_3,2*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
-		$a_1,$a_2);		# mul_add_c2(a2[1],b[2],c1,c2,c3);
-	&add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
-		$a_3,$a_1);		# mul_add_c2(a[3],b[1],c2,c3,c1);
-$code.=<<___;
-	$ST	$c_1,3*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
-		$a_2,$a_2);		# mul_add_c(a[2],b[2],c2,c3,c1);
-$code.=<<___;
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_2,$t_1
-	sltu	$at,$c_2,$t_1
-	 $MULTU	$a_2,$a_3		# mul_add_c2(a[2],b[3],c3,c1,c2);
-	$ADDU	$t_2,$at
-	$ADDU	$c_3,$t_2
-	sltu	$at,$c_3,$t_2
-	$ADDU	$c_1,$at
-	$ST	$c_2,4*$BNSZ($a0)
-___
-	&add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
-		$a_3,$a_3);		# mul_add_c(a[3],b[3],c1,c2,c3);
-$code.=<<___;
-	$ST	$c_3,5*$BNSZ($a0)
-
-	mflo	$t_1
-	mfhi	$t_2
-	$ADDU	$c_1,$t_1
-	sltu	$at,$c_1,$t_1
-	$ADDU	$t_2,$at
-	$ADDU	$c_2,$t_2
-	$ST	$c_1,6*$BNSZ($a0)
-	$ST	$c_2,7*$BNSZ($a0)
-
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$t3,4*$SZREG($sp)
-	$REG_L	$t2,3*$SZREG($sp)
-	$REG_L	$t1,2*$SZREG($sp)
-	$REG_L	$t0,1*$SZREG($sp)
-	$REG_L	$gp,0*$SZREG($sp)
-	$PTR_ADD $sp,6*$SZREG
-___
-$code.=<<___;
-	jr	$ra
-	nop
-.end	bn_sqr_comba4
-___
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/mips3-mont.pl b/crypto/bn/asm/mips3-mont.pl
deleted file mode 100644
index 8f9156e02a..0000000000
--- a/crypto/bn/asm/mips3-mont.pl
+++ /dev/null
@@ -1,327 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# This module doesn't present direct interest for OpenSSL, because it
-# doesn't provide better performance for longer keys. While 512-bit
-# RSA private key operations are 40% faster, 1024-bit ones are hardly
-# faster at all, while longer key operations are slower by up to 20%.
-# It might be of interest to embedded system developers though, as
-# it's smaller than 1KB, yet offers ~3x improvement over compiler
-# generated code.
-#
-# The module targets N32 and N64 MIPS ABIs and currently is a bit
-# IRIX-centric, i.e. is likely to require adaptation for other OSes.
-
-# int bn_mul_mont(
-$rp="a0";	# BN_ULONG *rp,
-$ap="a1";	# const BN_ULONG *ap,
-$bp="a2";	# const BN_ULONG *bp,
-$np="a3";	# const BN_ULONG *np,
-$n0="a4";	# const BN_ULONG *n0,
-$num="a5";	# int num);
-
-$lo0="a6";
-$hi0="a7";
-$lo1="v0";
-$hi1="v1";
-$aj="t0";
-$bi="t1";
-$nj="t2";
-$tp="t3";
-$alo="s0";
-$ahi="s1";
-$nlo="s2";
-$nhi="s3";
-$tj="s4";
-$i="s5";
-$j="s6";
-$fp="t8";
-$m1="t9";
-
-$FRAME=8*(2+8);
-
-$code=<<___;
-#include <asm.h>
-#include <regdef.h>
-
-.text
-
-.set	noat
-.set	reorder
-
-.align	5
-.globl	bn_mul_mont
-.ent	bn_mul_mont
-bn_mul_mont:
-	.set	noreorder
-	PTR_SUB	sp,64
-	move	$fp,sp
-	.frame	$fp,64,ra
-	slt	AT,$num,4
-	li	v0,0
-	beqzl	AT,.Lproceed
-	nop
-	jr	ra
-	PTR_ADD	sp,$fp,64
-	.set	reorder
-.align	5
-.Lproceed:
-	ld	$n0,0($n0)
-	ld	$bi,0($bp)	# bp[0]
-	ld	$aj,0($ap)	# ap[0]
-	ld	$nj,0($np)	# np[0]
-	PTR_SUB	sp,16		# place for two extra words
-	sll	$num,3
-	li	AT,-4096
-	PTR_SUB	sp,$num
-	and	sp,AT
-
-	sd	s0,0($fp)
-	sd	s1,8($fp)
-	sd	s2,16($fp)
-	sd	s3,24($fp)
-	sd	s4,32($fp)
-	sd	s5,40($fp)
-	sd	s6,48($fp)
-	sd	s7,56($fp)
-
-	dmultu	$aj,$bi
-	ld	$alo,8($ap)
-	ld	$nlo,8($np)
-	mflo	$lo0
-	mfhi	$hi0
-	dmultu	$lo0,$n0
-	mflo	$m1
-
-	dmultu	$alo,$bi
-	mflo	$alo
-	mfhi	$ahi
-
-	dmultu	$nj,$m1
-	mflo	$lo1
-	mfhi	$hi1
-	dmultu	$nlo,$m1
-	daddu	$lo1,$lo0
-	sltu	AT,$lo1,$lo0
-	daddu	$hi1,AT
-	mflo	$nlo
-	mfhi	$nhi
-
-	move	$tp,sp
-	li	$j,16
-.align	4
-.L1st:
-	.set	noreorder
-	PTR_ADD	$aj,$ap,$j
-	ld	$aj,($aj)
-	PTR_ADD	$nj,$np,$j
-	ld	$nj,($nj)
-
-	dmultu	$aj,$bi
-	daddu	$lo0,$alo,$hi0
-	daddu	$lo1,$nlo,$hi1
-	sltu	AT,$lo0,$hi0
-	sltu	s7,$lo1,$hi1
-	daddu	$hi0,$ahi,AT
-	daddu	$hi1,$nhi,s7
-	mflo	$alo
-	mfhi	$ahi
-
-	daddu	$lo1,$lo0
-	sltu	AT,$lo1,$lo0
-	dmultu	$nj,$m1
-	daddu	$hi1,AT
-	addu	$j,8
-	sd	$lo1,($tp)
-	sltu	s7,$j,$num
-	mflo	$nlo
-	mfhi	$nhi
-
-	bnez	s7,.L1st
-	PTR_ADD	$tp,8
-	.set	reorder
-
-	daddu	$lo0,$alo,$hi0
-	sltu	AT,$lo0,$hi0
-	daddu	$hi0,$ahi,AT
-
-	daddu	$lo1,$nlo,$hi1
-	sltu	s7,$lo1,$hi1
-	daddu	$hi1,$nhi,s7
-	daddu	$lo1,$lo0
-	sltu	AT,$lo1,$lo0
-	daddu	$hi1,AT
-
-	sd	$lo1,($tp)
-
-	daddu	$hi1,$hi0
-	sltu	AT,$hi1,$hi0
-	sd	$hi1,8($tp)
-	sd	AT,16($tp)
-
-	li	$i,8
-.align	4
-.Louter:
-	PTR_ADD	$bi,$bp,$i
-	ld	$bi,($bi)
-	ld	$aj,($ap)
-	ld	$alo,8($ap)
-	ld	$tj,(sp)
-
-	dmultu	$aj,$bi
-	ld	$nj,($np)
-	ld	$nlo,8($np)
-	mflo	$lo0
-	mfhi	$hi0
-	daddu	$lo0,$tj
-	dmultu	$lo0,$n0
-	sltu	AT,$lo0,$tj
-	daddu	$hi0,AT
-	mflo	$m1
-
-	dmultu	$alo,$bi
-	mflo	$alo
-	mfhi	$ahi
-
-	dmultu	$nj,$m1
-	mflo	$lo1
-	mfhi	$hi1
-
-	dmultu	$nlo,$m1
-	daddu	$lo1,$lo0
-	sltu	AT,$lo1,$lo0
-	daddu	$hi1,AT
-	mflo	$nlo
-	mfhi	$nhi
-
-	move	$tp,sp
-	li	$j,16
-	ld	$tj,8($tp)
-.align	4
-.Linner:
-	.set	noreorder
-	PTR_ADD	$aj,$ap,$j
-	ld	$aj,($aj)
-	PTR_ADD	$nj,$np,$j
-	ld	$nj,($nj)
-
-	dmultu	$aj,$bi
-	daddu	$lo0,$alo,$hi0
-	daddu	$lo1,$nlo,$hi1
-	sltu	AT,$lo0,$hi0
-	sltu	s7,$lo1,$hi1
-	daddu	$hi0,$ahi,AT
-	daddu	$hi1,$nhi,s7
-	mflo	$alo
-	mfhi	$ahi
-
-	daddu	$lo0,$tj
-	addu	$j,8
-	dmultu	$nj,$m1
-	sltu	AT,$lo0,$tj
-	daddu	$lo1,$lo0
-	daddu	$hi0,AT
-	sltu	s7,$lo1,$lo0
-	ld	$tj,16($tp)
-	daddu	$hi1,s7
-	sltu	AT,$j,$num
-	mflo	$nlo
-	mfhi	$nhi
-	sd	$lo1,($tp)
-	bnez	AT,.Linner
-	PTR_ADD	$tp,8
-	.set	reorder
-
-	daddu	$lo0,$alo,$hi0
-	sltu	AT,$lo0,$hi0
-	daddu	$hi0,$ahi,AT
-	daddu	$lo0,$tj
-	sltu	s7,$lo0,$tj
-	daddu	$hi0,s7
-
-	ld	$tj,16($tp)
-	daddu	$lo1,$nlo,$hi1
-	sltu	AT,$lo1,$hi1
-	daddu	$hi1,$nhi,AT
-	daddu	$lo1,$lo0
-	sltu	s7,$lo1,$lo0
-	daddu	$hi1,s7
-	sd	$lo1,($tp)
-
-	daddu	$lo1,$hi1,$hi0
-	sltu	$hi1,$lo1,$hi0
-	daddu	$lo1,$tj
-	sltu	AT,$lo1,$tj
-	daddu	$hi1,AT
-	sd	$lo1,8($tp)
-	sd	$hi1,16($tp)
-
-	addu	$i,8
-	sltu	s7,$i,$num
-	bnez	s7,.Louter
-
-	.set	noreorder
-	PTR_ADD	$tj,sp,$num	# &tp[num]
-	move	$tp,sp
-	move	$ap,sp
-	li	$hi0,0		# clear borrow bit
-
-.align	4
-.Lsub:	ld	$lo0,($tp)
-	ld	$lo1,($np)
-	PTR_ADD	$tp,8
-	PTR_ADD	$np,8
-	dsubu	$lo1,$lo0,$lo1	# tp[i]-np[i]
-	sgtu	AT,$lo1,$lo0
-	dsubu	$lo0,$lo1,$hi0
-	sgtu	$hi0,$lo0,$lo1
-	sd	$lo0,($rp)
-	or	$hi0,AT
-	sltu	AT,$tp,$tj
-	bnez	AT,.Lsub
-	PTR_ADD	$rp,8
-
-	dsubu	$hi0,$hi1,$hi0	# handle upmost overflow bit
-	move	$tp,sp
-	PTR_SUB	$rp,$num	# restore rp
-	not	$hi1,$hi0
-
-	and	$ap,$hi0,sp
-	and	$bp,$hi1,$rp
-	or	$ap,$ap,$bp	# ap=borrow?tp:rp
-
-.align	4
-.Lcopy:	ld	$aj,($ap)
-	PTR_ADD	$ap,8
-	PTR_ADD	$tp,8
-	sd	zero,-8($tp)
-	sltu	AT,$tp,$tj
-	sd	$aj,($rp)
-	bnez	AT,.Lcopy
-	PTR_ADD	$rp,8
-
-	ld	s0,0($fp)
-	ld	s1,8($fp)
-	ld	s2,16($fp)
-	ld	s3,24($fp)
-	ld	s4,32($fp)
-	ld	s5,40($fp)
-	ld	s6,48($fp)
-	ld	s7,56($fp)
-	li	v0,1
-	jr	ra
-	PTR_ADD	sp,$fp,64
-	.set	reorder
-END(bn_mul_mont)
-.rdata
-.asciiz	"Montgomery Multiplication for MIPS III/IV, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/modexp512-x86_64.S b/crypto/bn/asm/modexp512-x86_64.S
deleted file mode 100644
index 6cccafb868..0000000000
--- a/crypto/bn/asm/modexp512-x86_64.S
+++ /dev/null
@@ -1,1773 +0,0 @@
-.text	
-
-.type	MULADD_128x512,@function
-.align	16
-MULADD_128x512:
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	movq	%r8,0(%rcx)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	addq	%rbx,%r9
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	addq	%rbx,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%rbx,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%rbx,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%rbx,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%rbx,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%rbx,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%r8
-	movq	8(%rdi),%rbp
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	movq	%r9,8(%rcx)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	addq	%rbx,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%rbx,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%rbx,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%rbx,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%rbx,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%rbx,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	addq	%rbx,%r8
-	adcq	$0,%rdx
-	movq	%rdx,%r9
-	.byte	0xf3,0xc3
-.size	MULADD_128x512,.-MULADD_128x512
-.type	mont_reduce,@function
-.align	16
-mont_reduce:
-	leaq	192(%rsp),%rdi
-	movq	32(%rsp),%rsi
-	addq	$576,%rsi
-	leaq	520(%rsp),%rcx
-
-	movq	96(%rcx),%rbp
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	movq	(%rcx),%r8
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	movq	%r8,0(%rdi)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	movq	8(%rcx),%r9
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	addq	%rbx,%r9
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	movq	16(%rcx),%r10
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	addq	%rbx,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	movq	24(%rcx),%r11
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%rbx,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	movq	32(%rcx),%r12
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%rbx,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	movq	40(%rcx),%r13
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%rbx,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	movq	48(%rcx),%r14
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%rbx,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	movq	56(%rcx),%r15
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%rbx,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%r8
-	movq	104(%rcx),%rbp
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	movq	%r9,8(%rdi)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	addq	%rbx,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%rbx,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%rbx,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%rbx,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%rbx,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%rbx,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	addq	%rbx,%r8
-	adcq	$0,%rdx
-	movq	%rdx,%r9
-	movq	112(%rcx),%rbp
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	movq	%r10,16(%rdi)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%rbx,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%rbx,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%rbx,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%rbx,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%rbx,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	addq	%rbx,%r8
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	addq	%rbx,%r9
-	adcq	$0,%rdx
-	movq	%rdx,%r10
-	movq	120(%rcx),%rbp
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	movq	%r11,24(%rdi)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%rbx,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%rbx,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%rbx,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%rbx,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	addq	%rbx,%r8
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	addq	%rbx,%r9
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	addq	%rbx,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-	xorq	%rax,%rax
-
-	addq	64(%rcx),%r8
-	adcq	72(%rcx),%r9
-	adcq	80(%rcx),%r10
-	adcq	88(%rcx),%r11
-	adcq	$0,%rax
-
-
-
-
-	movq	%r8,64(%rdi)
-	movq	%r9,72(%rdi)
-	movq	%r10,%rbp
-	movq	%r11,88(%rdi)
-
-	movq	%rax,384(%rsp)
-
-	movq	0(%rdi),%r8
-	movq	8(%rdi),%r9
-	movq	16(%rdi),%r10
-	movq	24(%rdi),%r11
-
-
-
-
-
-
-
-
-	addq	$80,%rdi
-
-	addq	$64,%rsi
-	leaq	296(%rsp),%rcx
-
-	call	MULADD_128x512			
-
-	movq	384(%rsp),%rax
-
-
-	addq	-16(%rdi),%r8
-	adcq	-8(%rdi),%r9
-	movq	%r8,64(%rcx)
-	movq	%r9,72(%rcx)
-
-	adcq	%rax,%rax
-	movq	%rax,384(%rsp)
-
-	leaq	192(%rsp),%rdi
-	addq	$64,%rsi
-
-
-
-
-
-	movq	(%rsi),%r8
-	movq	8(%rsi),%rbx
-
-	movq	(%rcx),%rax
-	mulq	%r8
-	movq	%rax,%rbp
-	movq	%rdx,%r9
-
-	movq	8(%rcx),%rax
-	mulq	%r8
-	addq	%rax,%r9
-
-	movq	(%rcx),%rax
-	mulq	%rbx
-	addq	%rax,%r9
-
-	movq	%r9,8(%rdi)
-
-
-	subq	$192,%rsi
-
-	movq	(%rcx),%r8
-	movq	8(%rcx),%r9
-
-	call	MULADD_128x512			
-
-
-
-
-	movq	0(%rsi),%rax
-	movq	8(%rsi),%rbx
-	movq	16(%rsi),%rdi
-	movq	24(%rsi),%rdx
-
-
-	movq	384(%rsp),%rbp
-
-	addq	64(%rcx),%r8
-	adcq	72(%rcx),%r9
-
-
-	adcq	%rbp,%rbp
-
-
-
-	shlq	$3,%rbp
-	movq	32(%rsp),%rcx
-	addq	%rcx,%rbp
-
-
-	xorq	%rsi,%rsi
-
-	addq	0(%rbp),%r10
-	adcq	64(%rbp),%r11
-	adcq	128(%rbp),%r12
-	adcq	192(%rbp),%r13
-	adcq	256(%rbp),%r14
-	adcq	320(%rbp),%r15
-	adcq	384(%rbp),%r8
-	adcq	448(%rbp),%r9
-
-
-
-	sbbq	$0,%rsi
-
-
-	andq	%rsi,%rax
-	andq	%rsi,%rbx
-	andq	%rsi,%rdi
-	andq	%rsi,%rdx
-
-	movq	$1,%rbp
-	subq	%rax,%r10
-	sbbq	%rbx,%r11
-	sbbq	%rdi,%r12
-	sbbq	%rdx,%r13
-
-
-
-
-	sbbq	$0,%rbp
-
-
-
-	addq	$512,%rcx
-	movq	32(%rcx),%rax
-	movq	40(%rcx),%rbx
-	movq	48(%rcx),%rdi
-	movq	56(%rcx),%rdx
-
-
-
-	andq	%rsi,%rax
-	andq	%rsi,%rbx
-	andq	%rsi,%rdi
-	andq	%rsi,%rdx
-
-
-
-	subq	$1,%rbp
-
-	sbbq	%rax,%r14
-	sbbq	%rbx,%r15
-	sbbq	%rdi,%r8
-	sbbq	%rdx,%r9
-
-
-
-	movq	144(%rsp),%rsi
-	movq	%r10,0(%rsi)
-	movq	%r11,8(%rsi)
-	movq	%r12,16(%rsi)
-	movq	%r13,24(%rsi)
-	movq	%r14,32(%rsi)
-	movq	%r15,40(%rsi)
-	movq	%r8,48(%rsi)
-	movq	%r9,56(%rsi)
-
-	.byte	0xf3,0xc3
-.size	mont_reduce,.-mont_reduce
-.type	mont_mul_a3b,@function
-.align	16
-mont_mul_a3b:
-
-
-
-
-	movq	0(%rdi),%rbp
-
-	movq	%r10,%rax
-	mulq	%rbp
-	movq	%rax,520(%rsp)
-	movq	%rdx,%r10
-	movq	%r11,%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-	movq	%r12,%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%r12
-	movq	%r13,%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%r13
-	movq	%r14,%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%r14
-	movq	%r15,%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%r15
-	movq	%r8,%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%r8
-	movq	%r9,%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	movq	%rdx,%r9
-	movq	8(%rdi),%rbp
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	movq	%r10,528(%rsp)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%rbx,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%rbx,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%rbx,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%rbx,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%rbx,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	addq	%rbx,%r8
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	addq	%rbx,%r9
-	adcq	$0,%rdx
-	movq	%rdx,%r10
-	movq	16(%rdi),%rbp
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	movq	%r11,536(%rsp)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%rbx,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%rbx,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%rbx,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%rbx,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	addq	%rbx,%r8
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	addq	%rbx,%r9
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	addq	%rbx,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-	movq	24(%rdi),%rbp
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	movq	%r12,544(%rsp)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%rbx,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%rbx,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%rbx,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	addq	%rbx,%r8
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	addq	%rbx,%r9
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	addq	%rbx,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%rbx,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%r12
-	movq	32(%rdi),%rbp
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	movq	%r13,552(%rsp)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%rbx,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%rbx,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	addq	%rbx,%r8
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	addq	%rbx,%r9
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	addq	%rbx,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%rbx,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%rbx,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%r13
-	movq	40(%rdi),%rbp
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	movq	%r14,560(%rsp)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%rbx,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	addq	%rbx,%r8
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	addq	%rbx,%r9
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	addq	%rbx,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%rbx,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%rbx,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%rbx,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%r14
-	movq	48(%rdi),%rbp
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	movq	%r15,568(%rsp)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	addq	%rbx,%r8
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	addq	%rbx,%r9
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	addq	%rbx,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%rbx,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%rbx,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%rbx,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%rbx,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%r15
-	movq	56(%rdi),%rbp
-	movq	0(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r8
-	adcq	$0,%rdx
-	movq	%r8,576(%rsp)
-	movq	%rdx,%rbx
-
-	movq	8(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r9
-	adcq	$0,%rdx
-	addq	%rbx,%r9
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	16(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	addq	%rbx,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	24(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%rbx,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	32(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%rbx,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	40(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%rbx,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	48(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%rbx,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%rbx
-
-	movq	56(%rsi),%rax
-	mulq	%rbp
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%rbx,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%r8
-	movq	%r9,584(%rsp)
-	movq	%r10,592(%rsp)
-	movq	%r11,600(%rsp)
-	movq	%r12,608(%rsp)
-	movq	%r13,616(%rsp)
-	movq	%r14,624(%rsp)
-	movq	%r15,632(%rsp)
-	movq	%r8,640(%rsp)
-
-
-
-
-
-	jmp	mont_reduce
-
-
-.size	mont_mul_a3b,.-mont_mul_a3b
-.type	sqr_reduce,@function
-.align	16
-sqr_reduce:
-	movq	16(%rsp),%rcx
-
-
-
-	movq	%r10,%rbx
-
-	movq	%r11,%rax
-	mulq	%rbx
-	movq	%rax,528(%rsp)
-	movq	%rdx,%r10
-	movq	%r12,%rax
-	mulq	%rbx
-	addq	%rax,%r10
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-	movq	%r13,%rax
-	mulq	%rbx
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	movq	%rdx,%r12
-	movq	%r14,%rax
-	mulq	%rbx
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	movq	%rdx,%r13
-	movq	%r15,%rax
-	mulq	%rbx
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	movq	%rdx,%r14
-	movq	%r8,%rax
-	mulq	%rbx
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	movq	%rdx,%r15
-	movq	%r9,%rax
-	mulq	%rbx
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	movq	%rdx,%rsi
-
-	movq	%r10,536(%rsp)
-
-
-
-
-
-	movq	8(%rcx),%rbx
-
-	movq	16(%rcx),%rax
-	mulq	%rbx
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	movq	%r11,544(%rsp)
-
-	movq	%rdx,%r10
-	movq	24(%rcx),%rax
-	mulq	%rbx
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%r10,%r12
-	adcq	$0,%rdx
-	movq	%r12,552(%rsp)
-
-	movq	%rdx,%r10
-	movq	32(%rcx),%rax
-	mulq	%rbx
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-
-	movq	%rdx,%r10
-	movq	40(%rcx),%rax
-	mulq	%rbx
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%r10,%r14
-	adcq	$0,%rdx
-
-	movq	%rdx,%r10
-	movq	%r8,%rax
-	mulq	%rbx
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%r10,%r15
-	adcq	$0,%rdx
-
-	movq	%rdx,%r10
-	movq	%r9,%rax
-	mulq	%rbx
-	addq	%rax,%rsi
-	adcq	$0,%rdx
-	addq	%r10,%rsi
-	adcq	$0,%rdx
-
-	movq	%rdx,%r11
-
-
-
-
-	movq	16(%rcx),%rbx
-
-	movq	24(%rcx),%rax
-	mulq	%rbx
-	addq	%rax,%r13
-	adcq	$0,%rdx
-	movq	%r13,560(%rsp)
-
-	movq	%rdx,%r10
-	movq	32(%rcx),%rax
-	mulq	%rbx
-	addq	%rax,%r14
-	adcq	$0,%rdx
-	addq	%r10,%r14
-	adcq	$0,%rdx
-	movq	%r14,568(%rsp)
-
-	movq	%rdx,%r10
-	movq	40(%rcx),%rax
-	mulq	%rbx
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%r10,%r15
-	adcq	$0,%rdx
-
-	movq	%rdx,%r10
-	movq	%r8,%rax
-	mulq	%rbx
-	addq	%rax,%rsi
-	adcq	$0,%rdx
-	addq	%r10,%rsi
-	adcq	$0,%rdx
-
-	movq	%rdx,%r10
-	movq	%r9,%rax
-	mulq	%rbx
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%r10,%r11
-	adcq	$0,%rdx
-
-	movq	%rdx,%r12
-
-
-
-
-
-	movq	24(%rcx),%rbx
-
-	movq	32(%rcx),%rax
-	mulq	%rbx
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	movq	%r15,576(%rsp)
-
-	movq	%rdx,%r10
-	movq	40(%rcx),%rax
-	mulq	%rbx
-	addq	%rax,%rsi
-	adcq	$0,%rdx
-	addq	%r10,%rsi
-	adcq	$0,%rdx
-	movq	%rsi,584(%rsp)
-
-	movq	%rdx,%r10
-	movq	%r8,%rax
-	mulq	%rbx
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%r10,%r11
-	adcq	$0,%rdx
-
-	movq	%rdx,%r10
-	movq	%r9,%rax
-	mulq	%rbx
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%r10,%r12
-	adcq	$0,%rdx
-
-	movq	%rdx,%r15
-
-
-
-
-	movq	32(%rcx),%rbx
-
-	movq	40(%rcx),%rax
-	mulq	%rbx
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	movq	%r11,592(%rsp)
-
-	movq	%rdx,%r10
-	movq	%r8,%rax
-	mulq	%rbx
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	addq	%r10,%r12
-	adcq	$0,%rdx
-	movq	%r12,600(%rsp)
-
-	movq	%rdx,%r10
-	movq	%r9,%rax
-	mulq	%rbx
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	addq	%r10,%r15
-	adcq	$0,%rdx
-
-	movq	%rdx,%r11
-
-
-
-
-	movq	40(%rcx),%rbx
-
-	movq	%r8,%rax
-	mulq	%rbx
-	addq	%rax,%r15
-	adcq	$0,%rdx
-	movq	%r15,608(%rsp)
-
-	movq	%rdx,%r10
-	movq	%r9,%rax
-	mulq	%rbx
-	addq	%rax,%r11
-	adcq	$0,%rdx
-	addq	%r10,%r11
-	adcq	$0,%rdx
-	movq	%r11,616(%rsp)
-
-	movq	%rdx,%r12
-
-
-
-
-	movq	%r8,%rbx
-
-	movq	%r9,%rax
-	mulq	%rbx
-	addq	%rax,%r12
-	adcq	$0,%rdx
-	movq	%r12,624(%rsp)
-
-	movq	%rdx,632(%rsp)
-
-
-	movq	528(%rsp),%r10
-	movq	536(%rsp),%r11
-	movq	544(%rsp),%r12
-	movq	552(%rsp),%r13
-	movq	560(%rsp),%r14
-	movq	568(%rsp),%r15
-
-	movq	24(%rcx),%rax
-	mulq	%rax
-	movq	%rax,%rdi
-	movq	%rdx,%r8
-
-	addq	%r10,%r10
-	adcq	%r11,%r11
-	adcq	%r12,%r12
-	adcq	%r13,%r13
-	adcq	%r14,%r14
-	adcq	%r15,%r15
-	adcq	$0,%r8
-
-	movq	0(%rcx),%rax
-	mulq	%rax
-	movq	%rax,520(%rsp)
-	movq	%rdx,%rbx
-
-	movq	8(%rcx),%rax
-	mulq	%rax
-
-	addq	%rbx,%r10
-	adcq	%rax,%r11
-	adcq	$0,%rdx
-
-	movq	%rdx,%rbx
-	movq	%r10,528(%rsp)
-	movq	%r11,536(%rsp)
-
-	movq	16(%rcx),%rax
-	mulq	%rax
-
-	addq	%rbx,%r12
-	adcq	%rax,%r13
-	adcq	$0,%rdx
-
-	movq	%rdx,%rbx
-
-	movq	%r12,544(%rsp)
-	movq	%r13,552(%rsp)
-
-	xorq	%rbp,%rbp
-	addq	%rbx,%r14
-	adcq	%rdi,%r15
-	adcq	$0,%rbp
-
-	movq	%r14,560(%rsp)
-	movq	%r15,568(%rsp)
-
-
-
-
-	movq	576(%rsp),%r10
-	movq	584(%rsp),%r11
-	movq	592(%rsp),%r12
-	movq	600(%rsp),%r13
-	movq	608(%rsp),%r14
-	movq	616(%rsp),%r15
-	movq	624(%rsp),%rdi
-	movq	632(%rsp),%rsi
-
-	movq	%r9,%rax
-	mulq	%rax
-	movq	%rax,%r9
-	movq	%rdx,%rbx
-
-	addq	%r10,%r10
-	adcq	%r11,%r11
-	adcq	%r12,%r12
-	adcq	%r13,%r13
-	adcq	%r14,%r14
-	adcq	%r15,%r15
-	adcq	%rdi,%rdi
-	adcq	%rsi,%rsi
-	adcq	$0,%rbx
-
-	addq	%rbp,%r10
-
-	movq	32(%rcx),%rax
-	mulq	%rax
-
-	addq	%r8,%r10
-	adcq	%rax,%r11
-	adcq	$0,%rdx
-
-	movq	%rdx,%rbp
-
-	movq	%r10,576(%rsp)
-	movq	%r11,584(%rsp)
-
-	movq	40(%rcx),%rax
-	mulq	%rax
-
-	addq	%rbp,%r12
-	adcq	%rax,%r13
-	adcq	$0,%rdx
-
-	movq	%rdx,%rbp
-
-	movq	%r12,592(%rsp)
-	movq	%r13,600(%rsp)
-
-	movq	48(%rcx),%rax
-	mulq	%rax
-
-	addq	%rbp,%r14
-	adcq	%rax,%r15
-	adcq	$0,%rdx
-
-	movq	%r14,608(%rsp)
-	movq	%r15,616(%rsp)
-
-	addq	%rdx,%rdi
-	adcq	%r9,%rsi
-	adcq	$0,%rbx
-
-	movq	%rdi,624(%rsp)
-	movq	%rsi,632(%rsp)
-	movq	%rbx,640(%rsp)
-
-	jmp	mont_reduce
-
-
-.size	sqr_reduce,.-sqr_reduce
-.globl	mod_exp_512
-.type	mod_exp_512,@function
-mod_exp_512:
-	pushq	%rbp
-	pushq	%rbx
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-
-
-	movq	%rsp,%r8
-	subq	$2688,%rsp
-	andq	$-64,%rsp
-
-
-	movq	%r8,0(%rsp)
-	movq	%rdi,8(%rsp)
-	movq	%rsi,16(%rsp)
-	movq	%rcx,24(%rsp)
-.Lbody:
-
-
-
-	pxor	%xmm4,%xmm4
-	movdqu	0(%rsi),%xmm0
-	movdqu	16(%rsi),%xmm1
-	movdqu	32(%rsi),%xmm2
-	movdqu	48(%rsi),%xmm3
-	movdqa	%xmm4,512(%rsp)
-	movdqa	%xmm4,528(%rsp)
-	movdqa	%xmm4,608(%rsp)
-	movdqa	%xmm4,624(%rsp)
-	movdqa	%xmm0,544(%rsp)
-	movdqa	%xmm1,560(%rsp)
-	movdqa	%xmm2,576(%rsp)
-	movdqa	%xmm3,592(%rsp)
-
-
-	movdqu	0(%rdx),%xmm0
-	movdqu	16(%rdx),%xmm1
-	movdqu	32(%rdx),%xmm2
-	movdqu	48(%rdx),%xmm3
-
-	leaq	384(%rsp),%rbx
-	movq	%rbx,136(%rsp)
-	call	mont_reduce
-
-
-	leaq	448(%rsp),%rcx
-	xorq	%rax,%rax
-	movq	%rax,0(%rcx)
-	movq	%rax,8(%rcx)
-	movq	%rax,24(%rcx)
-	movq	%rax,32(%rcx)
-	movq	%rax,40(%rcx)
-	movq	%rax,48(%rcx)
-	movq	%rax,56(%rcx)
-	movq	%rax,128(%rsp)
-	movq	$1,16(%rcx)
-
-	leaq	640(%rsp),%rbp
-	movq	%rcx,%rsi
-	movq	%rbp,%rdi
-	movq	$8,%rax
-loop_0:
-	movq	(%rcx),%rbx
-	movw	%bx,(%rdi)
-	shrq	$16,%rbx
-	movw	%bx,64(%rdi)
-	shrq	$16,%rbx
-	movw	%bx,128(%rdi)
-	shrq	$16,%rbx
-	movw	%bx,192(%rdi)
-	leaq	8(%rcx),%rcx
-	leaq	256(%rdi),%rdi
-	decq	%rax
-	jnz	loop_0
-	movq	$31,%rax
-	movq	%rax,32(%rsp)
-	movq	%rbp,40(%rsp)
-
-	movq	%rsi,136(%rsp)
-	movq	0(%rsi),%r10
-	movq	8(%rsi),%r11
-	movq	16(%rsi),%r12
-	movq	24(%rsi),%r13
-	movq	32(%rsi),%r14
-	movq	40(%rsi),%r15
-	movq	48(%rsi),%r8
-	movq	56(%rsi),%r9
-init_loop:
-	leaq	384(%rsp),%rdi
-	call	mont_mul_a3b
-	leaq	448(%rsp),%rsi
-	movq	40(%rsp),%rbp
-	addq	$2,%rbp
-	movq	%rbp,40(%rsp)
-	movq	%rsi,%rcx
-	movq	$8,%rax
-loop_1:
-	movq	(%rcx),%rbx
-	movw	%bx,(%rbp)
-	shrq	$16,%rbx
-	movw	%bx,64(%rbp)
-	shrq	$16,%rbx
-	movw	%bx,128(%rbp)
-	shrq	$16,%rbx
-	movw	%bx,192(%rbp)
-	leaq	8(%rcx),%rcx
-	leaq	256(%rbp),%rbp
-	decq	%rax
-	jnz	loop_1
-	movq	32(%rsp),%rax
-	subq	$1,%rax
-	movq	%rax,32(%rsp)
-	jne	init_loop
-
-
-
-	movdqa	%xmm0,64(%rsp)
-	movdqa	%xmm1,80(%rsp)
-	movdqa	%xmm2,96(%rsp)
-	movdqa	%xmm3,112(%rsp)
-
-
-
-
-
-	movl	126(%rsp),%eax
-	movq	%rax,%rdx
-	shrq	$11,%rax
-	andl	$2047,%edx
-	movl	%edx,126(%rsp)
-	leaq	640(%rsp,%rax,2),%rsi
-	movq	8(%rsp),%rdx
-	movq	$4,%rbp
-loop_2:
-	movzwq	192(%rsi),%rbx
-	movzwq	448(%rsi),%rax
-	shlq	$16,%rbx
-	shlq	$16,%rax
-	movw	128(%rsi),%bx
-	movw	384(%rsi),%ax
-	shlq	$16,%rbx
-	shlq	$16,%rax
-	movw	64(%rsi),%bx
-	movw	320(%rsi),%ax
-	shlq	$16,%rbx
-	shlq	$16,%rax
-	movw	0(%rsi),%bx
-	movw	256(%rsi),%ax
-	movq	%rbx,0(%rdx)
-	movq	%rax,8(%rdx)
-	leaq	512(%rsi),%rsi
-	leaq	16(%rdx),%rdx
-	subq	$1,%rbp
-	jnz	loop_2
-	movq	$505,48(%rsp)
-
-	movq	8(%rsp),%rcx
-	movq	%rcx,136(%rsp)
-	movq	0(%rcx),%r10
-	movq	8(%rcx),%r11
-	movq	16(%rcx),%r12
-	movq	24(%rcx),%r13
-	movq	32(%rcx),%r14
-	movq	40(%rcx),%r15
-	movq	48(%rcx),%r8
-	movq	56(%rcx),%r9
-	jmp	sqr_2
-
-main_loop_a3b:
-	call	sqr_reduce
-	call	sqr_reduce
-	call	sqr_reduce
-sqr_2:
-	call	sqr_reduce
-	call	sqr_reduce
-
-
-
-	movq	48(%rsp),%rcx
-	movq	%rcx,%rax
-	shrq	$4,%rax
-	movl	64(%rsp,%rax,2),%edx
-	andq	$15,%rcx
-	shrq	%cl,%rdx
-	andq	$31,%rdx
-
-	leaq	640(%rsp,%rdx,2),%rsi
-	leaq	448(%rsp),%rdx
-	movq	%rdx,%rdi
-	movq	$4,%rbp
-loop_3:
-	movzwq	192(%rsi),%rbx
-	movzwq	448(%rsi),%rax
-	shlq	$16,%rbx
-	shlq	$16,%rax
-	movw	128(%rsi),%bx
-	movw	384(%rsi),%ax
-	shlq	$16,%rbx
-	shlq	$16,%rax
-	movw	64(%rsi),%bx
-	movw	320(%rsi),%ax
-	shlq	$16,%rbx
-	shlq	$16,%rax
-	movw	0(%rsi),%bx
-	movw	256(%rsi),%ax
-	movq	%rbx,0(%rdx)
-	movq	%rax,8(%rdx)
-	leaq	512(%rsi),%rsi
-	leaq	16(%rdx),%rdx
-	subq	$1,%rbp
-	jnz	loop_3
-	movq	8(%rsp),%rsi
-	call	mont_mul_a3b
-
-
-
-	movq	48(%rsp),%rcx
-	subq	$5,%rcx
-	movq	%rcx,48(%rsp)
-	jge	main_loop_a3b
-
-
-
-end_main_loop_a3b:
-
-
-	movq	8(%rsp),%rdx
-	pxor	%xmm4,%xmm4
-	movdqu	0(%rdx),%xmm0
-	movdqu	16(%rdx),%xmm1
-	movdqu	32(%rdx),%xmm2
-	movdqu	48(%rdx),%xmm3
-	movdqa	%xmm4,576(%rsp)
-	movdqa	%xmm4,592(%rsp)
-	movdqa	%xmm4,608(%rsp)
-	movdqa	%xmm4,624(%rsp)
-	movdqa	%xmm0,512(%rsp)
-	movdqa	%xmm1,528(%rsp)
-	movdqa	%xmm2,544(%rsp)
-	movdqa	%xmm3,560(%rsp)
-	call	mont_reduce
-
-
-
-	movq	8(%rsp),%rax
-	movq	0(%rax),%r8
-	movq	8(%rax),%r9
-	movq	16(%rax),%r10
-	movq	24(%rax),%r11
-	movq	32(%rax),%r12
-	movq	40(%rax),%r13
-	movq	48(%rax),%r14
-	movq	56(%rax),%r15
-
-
-	movq	24(%rsp),%rbx
-	addq	$512,%rbx
-
-	subq	0(%rbx),%r8
-	sbbq	8(%rbx),%r9
-	sbbq	16(%rbx),%r10
-	sbbq	24(%rbx),%r11
-	sbbq	32(%rbx),%r12
-	sbbq	40(%rbx),%r13
-	sbbq	48(%rbx),%r14
-	sbbq	56(%rbx),%r15
-
-
-	movq	0(%rax),%rsi
-	movq	8(%rax),%rdi
-	movq	16(%rax),%rcx
-	movq	24(%rax),%rdx
-	cmovncq	%r8,%rsi
-	cmovncq	%r9,%rdi
-	cmovncq	%r10,%rcx
-	cmovncq	%r11,%rdx
-	movq	%rsi,0(%rax)
-	movq	%rdi,8(%rax)
-	movq	%rcx,16(%rax)
-	movq	%rdx,24(%rax)
-
-	movq	32(%rax),%rsi
-	movq	40(%rax),%rdi
-	movq	48(%rax),%rcx
-	movq	56(%rax),%rdx
-	cmovncq	%r12,%rsi
-	cmovncq	%r13,%rdi
-	cmovncq	%r14,%rcx
-	cmovncq	%r15,%rdx
-	movq	%rsi,32(%rax)
-	movq	%rdi,40(%rax)
-	movq	%rcx,48(%rax)
-	movq	%rdx,56(%rax)
-
-	movq	0(%rsp),%rsi
-	movq	0(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbx
-	movq	40(%rsi),%rbp
-	leaq	48(%rsi),%rsp
-.Lepilogue:
-	.byte	0xf3,0xc3
-.size	mod_exp_512, . - mod_exp_512
diff --git a/crypto/bn/asm/modexp512-x86_64.pl b/crypto/bn/asm/modexp512-x86_64.pl
deleted file mode 100644
index bfd6e97541..0000000000
--- a/crypto/bn/asm/modexp512-x86_64.pl
+++ /dev/null
@@ -1,1497 +0,0 @@
-#!/usr/bin/env perl
-#
-# Copyright (c) 2010-2011 Intel Corp.
-#   Author: Vinodh.Gopal@intel.com
-#           Jim Guilford
-#           Erdinc.Ozturk@intel.com
-#           Maxim.Perminov@intel.com
-#
-# More information about algorithm used can be found at:
-#   http://www.cse.buffalo.edu/srds2009/escs2009_submission_Gopal.pdf
-#
-# ====================================================================
-# Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# 3. All advertising materials mentioning features or use of this
-#    software must display the following acknowledgment:
-#    "This product includes software developed by the OpenSSL Project
-#    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-#
-# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-#    endorse or promote products derived from this software without
-#    prior written permission. For written permission, please contact
-#    licensing@OpenSSL.org.
-#
-# 5. Products derived from this software may not be called "OpenSSL"
-#    nor may "OpenSSL" appear in their names without prior written
-#    permission of the OpenSSL Project.
-#
-# 6. Redistributions of any form whatsoever must retain the following
-#    acknowledgment:
-#    "This product includes software developed by the OpenSSL Project
-#    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-#
-# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-# OF THE POSSIBILITY OF SUCH DAMAGE.
-# ====================================================================
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-use strict;
-my $code=".text\n\n";
-my $m=0;
-
-#
-# Define x512 macros
-#
-
-#MULSTEP_512_ADD	MACRO	x7, x6, x5, x4, x3, x2, x1, x0, dst, src1, src2, add_src, tmp1, tmp2
-#
-# uses rax, rdx, and args
-sub MULSTEP_512_ADD
-{
- my ($x, $DST, $SRC2, $ASRC, $OP, $TMP)=@_;
- my @X=@$x;	# make a copy
-$code.=<<___;
-	 mov	(+8*0)($SRC2), %rax
-	 mul	$OP			# rdx:rax = %OP * [0]
-	 mov	($ASRC), $X[0]
-	 add	%rax, $X[0]
-	 adc	\$0, %rdx
-	 mov	$X[0], $DST
-___
-for(my $i=1;$i<8;$i++) {
-$code.=<<___;
-	 mov	%rdx, $TMP
-
-	 mov	(+8*$i)($SRC2), %rax
-	 mul	$OP			# rdx:rax = %OP * [$i]
-	 mov	(+8*$i)($ASRC), $X[$i]
-	 add	%rax, $X[$i]
-	 adc	\$0, %rdx
-	 add	$TMP, $X[$i]
-	 adc	\$0, %rdx
-___
-}
-$code.=<<___;
-	 mov	%rdx, $X[0]
-___
-}
-
-#MULSTEP_512	MACRO	x7, x6, x5, x4, x3, x2, x1, x0, dst, src2, src1_val, tmp
-#
-# uses rax, rdx, and args
-sub MULSTEP_512
-{
- my ($x, $DST, $SRC2, $OP, $TMP)=@_;
- my @X=@$x;	# make a copy
-$code.=<<___;
-	 mov	(+8*0)($SRC2), %rax
-	 mul	$OP			# rdx:rax = %OP * [0]
-	 add	%rax, $X[0]
-	 adc	\$0, %rdx
-	 mov	$X[0], $DST
-___
-for(my $i=1;$i<8;$i++) {
-$code.=<<___;
-	 mov	%rdx, $TMP
-
-	 mov	(+8*$i)($SRC2), %rax
-	 mul	$OP			# rdx:rax = %OP * [$i]
-	 add	%rax, $X[$i]
-	 adc	\$0, %rdx
-	 add	$TMP, $X[$i]
-	 adc	\$0, %rdx
-___
-}
-$code.=<<___;
-	 mov	%rdx, $X[0]
-___
-}
-
-#
-# Swizzle Macros
-#
-
-# macro to copy data from flat space to swizzled table
-#MACRO swizzle	pDst, pSrc, tmp1, tmp2
-# pDst and pSrc are modified
-sub swizzle
-{
- my ($pDst, $pSrc, $cnt, $d0)=@_;
-$code.=<<___;
-	 mov	\$8, $cnt
-loop_$m:
-	 mov	($pSrc), $d0
-	 mov	$d0#w, ($pDst)
-	 shr	\$16, $d0
-	 mov	$d0#w, (+64*1)($pDst)
-	 shr	\$16, $d0
-	 mov	$d0#w, (+64*2)($pDst)
-	 shr	\$16, $d0
-	 mov	$d0#w, (+64*3)($pDst)
-	 lea	8($pSrc), $pSrc
-	 lea	64*4($pDst), $pDst
-	 dec	$cnt
-	 jnz	loop_$m
-___
-
- $m++;
-}
-
-# macro to copy data from swizzled table to  flat space
-#MACRO unswizzle	pDst, pSrc, tmp*3
-sub unswizzle
-{
- my ($pDst, $pSrc, $cnt, $d0, $d1)=@_;
-$code.=<<___;
-	 mov	\$4, $cnt
-loop_$m:
-	 movzxw	(+64*3+256*0)($pSrc), $d0
-	 movzxw	(+64*3+256*1)($pSrc), $d1
-	 shl	\$16, $d0
-	 shl	\$16, $d1
-	 mov	(+64*2+256*0)($pSrc), $d0#w
-	 mov	(+64*2+256*1)($pSrc), $d1#w
-	 shl	\$16, $d0
-	 shl	\$16, $d1
-	 mov	(+64*1+256*0)($pSrc), $d0#w
-	 mov	(+64*1+256*1)($pSrc), $d1#w
-	 shl	\$16, $d0
-	 shl	\$16, $d1
-	 mov	(+64*0+256*0)($pSrc), $d0#w
-	 mov	(+64*0+256*1)($pSrc), $d1#w
-	 mov	$d0, (+8*0)($pDst)
-	 mov	$d1, (+8*1)($pDst)
-	 lea	256*2($pSrc), $pSrc
-	 lea	8*2($pDst), $pDst
-	 sub	\$1, $cnt
-	 jnz	loop_$m
-___
-
- $m++;
-}
-
-#
-# Data Structures
-#
-
-# Reduce Data
-#
-#
-# Offset  Value
-# 0C0     Carries
-# 0B8     X2[10]
-# 0B0     X2[9]
-# 0A8     X2[8]
-# 0A0     X2[7]
-# 098     X2[6]
-# 090     X2[5]
-# 088     X2[4]
-# 080     X2[3]
-# 078     X2[2]
-# 070     X2[1]
-# 068     X2[0]
-# 060     X1[12]  P[10]
-# 058     X1[11]  P[9]  Z[8]
-# 050     X1[10]  P[8]  Z[7]
-# 048     X1[9]   P[7]  Z[6]
-# 040     X1[8]   P[6]  Z[5]
-# 038     X1[7]   P[5]  Z[4]
-# 030     X1[6]   P[4]  Z[3]
-# 028     X1[5]   P[3]  Z[2]
-# 020     X1[4]   P[2]  Z[1]
-# 018     X1[3]   P[1]  Z[0]
-# 010     X1[2]   P[0]  Y[2]
-# 008     X1[1]   Q[1]  Y[1]
-# 000     X1[0]   Q[0]  Y[0]
-
-my $X1_offset           =  0;			# 13 qwords
-my $X2_offset           =  $X1_offset + 13*8;			# 11 qwords
-my $Carries_offset      =  $X2_offset + 11*8;			# 1 qword
-my $Q_offset            =  0;			# 2 qwords
-my $P_offset            =  $Q_offset + 2*8;			# 11 qwords
-my $Y_offset            =  0;			# 3 qwords
-my $Z_offset            =  $Y_offset + 3*8;			# 9 qwords
-
-my $Red_Data_Size       =  $Carries_offset + 1*8;			# (25 qwords)
-
-#
-# Stack Frame
-#
-#
-# offset	value
-# ...		<old stack contents>
-# ...
-# 280		Garray
-
-# 278		tmp16[15]
-# ...		...
-# 200		tmp16[0]
-
-# 1F8		tmp[7]
-# ...		...
-# 1C0		tmp[0]
-
-# 1B8		GT[7]
-# ...		...
-# 180		GT[0]
-
-# 178		Reduce Data
-# ...		...
-# 0B8		Reduce Data
-# 0B0		reserved
-# 0A8		reserved
-# 0A0		reserved
-# 098		reserved
-# 090		reserved
-# 088		reduce result addr
-# 080		exp[8]
-
-# ...
-# 048		exp[1]
-# 040		exp[0]
-
-# 038		reserved
-# 030		loop_idx
-# 028		pg
-# 020		i
-# 018		pData	; arg 4
-# 010		pG	; arg 2
-# 008		pResult	; arg 1
-# 000		rsp	; stack pointer before subtract
-
-my $rsp_offset          =  0;
-my $pResult_offset      =  8*1 + $rsp_offset;
-my $pG_offset           =  8*1 + $pResult_offset;
-my $pData_offset        =  8*1 + $pG_offset;
-my $i_offset            =  8*1 + $pData_offset;
-my $pg_offset           =  8*1 + $i_offset;
-my $loop_idx_offset     =  8*1 + $pg_offset;
-my $reserved1_offset    =  8*1 + $loop_idx_offset;
-my $exp_offset          =  8*1 + $reserved1_offset;
-my $red_result_addr_offset=  8*9 + $exp_offset;
-my $reserved2_offset    =  8*1 + $red_result_addr_offset;
-my $Reduce_Data_offset  =  8*5 + $reserved2_offset;
-my $GT_offset           =  $Red_Data_Size + $Reduce_Data_offset;
-my $tmp_offset          =  8*8 + $GT_offset;
-my $tmp16_offset        =  8*8 + $tmp_offset;
-my $garray_offset       =  8*16 + $tmp16_offset;
-my $mem_size            =  8*8*32 + $garray_offset;
-
-#
-# Offsets within Reduce Data
-#
-#
-#	struct MODF_2FOLD_MONT_512_C1_DATA {
-#	UINT64 t[8][8];
-#	UINT64 m[8];
-#	UINT64 m1[8]; /* 2^768 % m */
-#	UINT64 m2[8]; /* 2^640 % m */
-#	UINT64 k1[2]; /* (- 1/m) % 2^128 */
-#	};
-
-my $T                   =  0;
-my $M                   =  512;			# = 8 * 8 * 8
-my $M1                  =  576;			# = 8 * 8 * 9 /* += 8 * 8 */
-my $M2                  =  640;			# = 8 * 8 * 10 /* += 8 * 8 */
-my $K1                  =  704;			# = 8 * 8 * 11 /* += 8 * 8 */
-
-#
-#   FUNCTIONS
-#
-
-{{{
-#
-# MULADD_128x512 : Function to multiply 128-bits (2 qwords) by 512-bits (8 qwords)
-#                       and add 512-bits (8 qwords)
-#                       to get 640 bits (10 qwords)
-# Input: 128-bit mul source: [rdi+8*1], rbp
-#        512-bit mul source: [rsi+8*n]
-#        512-bit add source: r15, r14, ..., r9, r8
-# Output: r9, r8, r15, r14, r13, r12, r11, r10, [rcx+8*1], [rcx+8*0]
-# Clobbers all regs except: rcx, rsi, rdi
-$code.=<<___;
-.type	MULADD_128x512,\@abi-omnipotent
-.align	16
-MULADD_128x512:
-___
-	&MULSTEP_512([map("%r$_",(8..15))], "(+8*0)(%rcx)", "%rsi", "%rbp", "%rbx");
-$code.=<<___;
-	 mov	(+8*1)(%rdi), %rbp
-___
-	&MULSTEP_512([map("%r$_",(9..15,8))], "(+8*1)(%rcx)", "%rsi", "%rbp", "%rbx");
-$code.=<<___;
-	 ret
-.size	MULADD_128x512,.-MULADD_128x512
-___
-}}}
-
-{{{
-#MULADD_256x512	MACRO	pDst, pA, pB, OP, TMP, X7, X6, X5, X4, X3, X2, X1, X0
-#
-# Inputs: pDst: Destination  (768 bits, 12 qwords)
-#         pA:   Multiplicand (1024 bits, 16 qwords)
-#         pB:   Multiplicand (512 bits, 8 qwords)
-# Dst = Ah * B + Al
-# where Ah is (in qwords) A[15:12] (256 bits) and Al is A[7:0] (512 bits)
-# Results in X3 X2 X1 X0 X7 X6 X5 X4 Dst[3:0]
-# Uses registers: arguments, RAX, RDX
-sub MULADD_256x512
-{
- my ($pDst, $pA, $pB, $OP, $TMP, $X)=@_;
-$code.=<<___;
-	mov	(+8*12)($pA), $OP
-___
-	&MULSTEP_512_ADD($X, "(+8*0)($pDst)", $pB, $pA, $OP, $TMP);
-	push(@$X,shift(@$X));
-
-$code.=<<___;
-	 mov	(+8*13)($pA), $OP
-___
-	&MULSTEP_512($X, "(+8*1)($pDst)", $pB, $OP, $TMP);
-	push(@$X,shift(@$X));
-
-$code.=<<___;
-	 mov	(+8*14)($pA), $OP
-___
-	&MULSTEP_512($X, "(+8*2)($pDst)", $pB, $OP, $TMP);
-	push(@$X,shift(@$X));
-
-$code.=<<___;
-	 mov	(+8*15)($pA), $OP
-___
-	&MULSTEP_512($X, "(+8*3)($pDst)", $pB, $OP, $TMP);
-	push(@$X,shift(@$X));
-}
-
-#
-# mont_reduce(UINT64 *x,  /* 1024 bits, 16 qwords */
-#	       UINT64 *m,  /*  512 bits,  8 qwords */
-#	       MODF_2FOLD_MONT_512_C1_DATA *data,
-#             UINT64 *r)  /*  512 bits,  8 qwords */
-# Input:  x (number to be reduced): tmp16 (Implicit)
-#         m (modulus):              [pM]  (Implicit)
-#         data (reduce data):       [pData] (Implicit)
-# Output: r (result):		     Address in [red_res_addr]
-#         result also in: r9, r8, r15, r14, r13, r12, r11, r10
-
-my @X=map("%r$_",(8..15));
-
-$code.=<<___;
-.type	mont_reduce,\@abi-omnipotent
-.align	16
-mont_reduce:
-___
-
-my $STACK_DEPTH         =  8;
-	#
-	# X1 = Xh * M1 + Xl
-$code.=<<___;
-	 lea	(+$Reduce_Data_offset+$X1_offset+$STACK_DEPTH)(%rsp), %rdi			# pX1 (Dst) 769 bits, 13 qwords
-	 mov	(+$pData_offset+$STACK_DEPTH)(%rsp), %rsi			# pM1 (Bsrc) 512 bits, 8 qwords
-	 add	\$$M1, %rsi
-	 lea	(+$tmp16_offset+$STACK_DEPTH)(%rsp), %rcx			# X (Asrc) 1024 bits, 16 qwords
-
-___
-
-	&MULADD_256x512("%rdi", "%rcx", "%rsi", "%rbp", "%rbx", \@X);	# rotates @X 4 times
-	# results in r11, r10, r9, r8, r15, r14, r13, r12, X1[3:0]
-
-$code.=<<___;
-	 xor	%rax, %rax
-	# X1 += xl
-	 add	(+8*8)(%rcx), $X[4]
-	 adc	(+8*9)(%rcx), $X[5]
-	 adc	(+8*10)(%rcx), $X[6]
-	 adc	(+8*11)(%rcx), $X[7]
-	 adc	\$0, %rax
-	# X1 is now rax, r11-r8, r15-r12, tmp16[3:0]
-
-	#
-	# check for carry ;; carry stored in rax
-	 mov	$X[4], (+8*8)(%rdi)			# rdi points to X1
-	 mov	$X[5], (+8*9)(%rdi)
-	 mov	$X[6], %rbp
-	 mov	$X[7], (+8*11)(%rdi)
-
-	 mov	%rax, (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp)
-
-	 mov	(+8*0)(%rdi), $X[4]
-	 mov	(+8*1)(%rdi), $X[5]
-	 mov	(+8*2)(%rdi), $X[6]
-	 mov	(+8*3)(%rdi), $X[7]
-
-	# X1 is now stored in: X1[11], rbp, X1[9:8], r15-r8
-	# rdi -> X1
-	# rsi -> M1
-
-	#
-	# X2 = Xh * M2 + Xl
-	# do first part (X2 = Xh * M2)
-	 add	\$8*10, %rdi			# rdi -> pXh ; 128 bits, 2 qwords
-				#        Xh is actually { [rdi+8*1], rbp }
-	 add	\$`$M2-$M1`, %rsi			# rsi -> M2
-	 lea	(+$Reduce_Data_offset+$X2_offset+$STACK_DEPTH)(%rsp), %rcx			# rcx -> pX2 ; 641 bits, 11 qwords
-___
-	unshift(@X,pop(@X));	unshift(@X,pop(@X));
-$code.=<<___;
-
-	 call	MULADD_128x512			# args in rcx, rdi / rbp, rsi, r15-r8
-	# result in r9, r8, r15, r14, r13, r12, r11, r10, X2[1:0]
-	 mov	(+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp), %rax
-
-	# X2 += Xl
-	 add	(+8*8-8*10)(%rdi), $X[6]		# (-8*10) is to adjust rdi -> Xh to Xl
-	 adc	(+8*9-8*10)(%rdi), $X[7]
-	 mov	$X[6], (+8*8)(%rcx)
-	 mov	$X[7], (+8*9)(%rcx)
-
-	 adc	%rax, %rax
-	 mov	%rax, (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp)
-
-	 lea	(+$Reduce_Data_offset+$Q_offset+$STACK_DEPTH)(%rsp), %rdi			# rdi -> pQ ; 128 bits, 2 qwords
-	 add	\$`$K1-$M2`, %rsi			# rsi -> pK1 ; 128 bits, 2 qwords
-
-	# MUL_128x128t128	rdi, rcx, rsi	; Q = X2 * K1 (bottom half)
-	# B1:B0 = rsi[1:0] = K1[1:0]
-	# A1:A0 = rcx[1:0] = X2[1:0]
-	# Result = rdi[1],rbp = Q[1],rbp
-	 mov	(%rsi), %r8			# B0
-	 mov	(+8*1)(%rsi), %rbx			# B1
-
-	 mov	(%rcx), %rax			# A0
-	 mul	%r8			# B0
-	 mov	%rax, %rbp
-	 mov	%rdx, %r9
-
-	 mov	(+8*1)(%rcx), %rax			# A1
-	 mul	%r8			# B0
-	 add	%rax, %r9
-
-	 mov	(%rcx), %rax			# A0
-	 mul	%rbx			# B1
-	 add	%rax, %r9
-
-	 mov	%r9, (+8*1)(%rdi)
-	# end MUL_128x128t128
-
-	 sub	\$`$K1-$M`, %rsi
-
-	 mov	(%rcx), $X[6]
-	 mov	(+8*1)(%rcx), $X[7]			# r9:r8 = X2[1:0]
-
-	 call	MULADD_128x512			# args in rcx, rdi / rbp, rsi, r15-r8
-	# result in r9, r8, r15, r14, r13, r12, r11, r10, X2[1:0]
-
-	# load first half of m to rdx, rdi, rbx, rax
-	# moved this here for efficiency
-	 mov	(+8*0)(%rsi), %rax
-	 mov	(+8*1)(%rsi), %rbx
-	 mov	(+8*2)(%rsi), %rdi
-	 mov	(+8*3)(%rsi), %rdx
-
-	# continue with reduction
-	 mov	(+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp), %rbp
-
-	 add	(+8*8)(%rcx), $X[6]
-	 adc	(+8*9)(%rcx), $X[7]
-
-	#accumulate the final carry to rbp
-	 adc	%rbp, %rbp
-
-	# Add in overflow corrections: R = (X2>>128) += T[overflow]
-	# R = {r9, r8, r15, r14, ..., r10}
-	 shl	\$3, %rbp
-	 mov	(+$pData_offset+$STACK_DEPTH)(%rsp), %rcx			# rsi -> Data (and points to T)
-	 add	%rcx, %rbp			# pT ; 512 bits, 8 qwords, spread out
-
-	# rsi will be used to generate a mask after the addition
-	 xor	%rsi, %rsi
-
-	 add	(+8*8*0)(%rbp), $X[0]
-	 adc	(+8*8*1)(%rbp), $X[1]
-	 adc	(+8*8*2)(%rbp), $X[2]
-	 adc	(+8*8*3)(%rbp), $X[3]
-	 adc	(+8*8*4)(%rbp), $X[4]
-	 adc	(+8*8*5)(%rbp), $X[5]
-	 adc	(+8*8*6)(%rbp), $X[6]
-	 adc	(+8*8*7)(%rbp), $X[7]
-
-	# if there is a carry:	rsi = 0xFFFFFFFFFFFFFFFF
-	# if carry is clear:	rsi = 0x0000000000000000
-	 sbb	\$0, %rsi
-
-	# if carry is clear, subtract 0. Otherwise, subtract 256 bits of m
-	 and	%rsi, %rax
-	 and	%rsi, %rbx
-	 and	%rsi, %rdi
-	 and	%rsi, %rdx
-
-	 mov	\$1, %rbp
-	 sub	%rax, $X[0]
-	 sbb	%rbx, $X[1]
-	 sbb	%rdi, $X[2]
-	 sbb	%rdx, $X[3]
-
-	# if there is a borrow:		rbp = 0
-	# if there is no borrow:	rbp = 1
-	# this is used to save the borrows in between the first half and the 2nd half of the subtraction of m
-	 sbb	\$0, %rbp
-
-	#load second half of m to rdx, rdi, rbx, rax
-
-	 add	\$$M, %rcx
-	 mov	(+8*4)(%rcx), %rax
-	 mov	(+8*5)(%rcx), %rbx
-	 mov	(+8*6)(%rcx), %rdi
-	 mov	(+8*7)(%rcx), %rdx
-
-	# use the rsi mask as before
-	# if carry is clear, subtract 0. Otherwise, subtract 256 bits of m
-	 and	%rsi, %rax
-	 and	%rsi, %rbx
-	 and	%rsi, %rdi
-	 and	%rsi, %rdx
-
-	# if rbp = 0, there was a borrow before, it is moved to the carry flag
-	# if rbp = 1, there was not a borrow before, carry flag is cleared
-	 sub	\$1, %rbp
-
-	 sbb	%rax, $X[4]
-	 sbb	%rbx, $X[5]
-	 sbb	%rdi, $X[6]
-	 sbb	%rdx, $X[7]
-
-	# write R back to memory
-
-	 mov	(+$red_result_addr_offset+$STACK_DEPTH)(%rsp), %rsi
-	 mov	$X[0], (+8*0)(%rsi)
-	 mov	$X[1], (+8*1)(%rsi)
-	 mov	$X[2], (+8*2)(%rsi)
-	 mov	$X[3], (+8*3)(%rsi)
-	 mov	$X[4], (+8*4)(%rsi)
-	 mov	$X[5], (+8*5)(%rsi)
-	 mov	$X[6], (+8*6)(%rsi)
-	 mov	$X[7], (+8*7)(%rsi)
-
-	 ret
-.size	mont_reduce,.-mont_reduce
-___
-}}}
-
-{{{
-#MUL_512x512	MACRO	pDst, pA, pB, x7, x6, x5, x4, x3, x2, x1, x0, tmp*2
-#
-# Inputs: pDst: Destination  (1024 bits, 16 qwords)
-#         pA:   Multiplicand (512 bits, 8 qwords)
-#         pB:   Multiplicand (512 bits, 8 qwords)
-# Uses registers rax, rdx, args
-#   B operand in [pB] and also in x7...x0
-sub MUL_512x512
-{
- my ($pDst, $pA, $pB, $x, $OP, $TMP, $pDst_o)=@_;
- my ($pDst,  $pDst_o) = ($pDst =~ m/([^+]*)\+?(.*)?/);
- my @X=@$x;	# make a copy
-
-$code.=<<___;
-	 mov	(+8*0)($pA), $OP
-
-	 mov	$X[0], %rax
-	 mul	$OP			# rdx:rax = %OP * [0]
-	 mov	%rax, (+$pDst_o+8*0)($pDst)
-	 mov	%rdx, $X[0]
-___
-for(my $i=1;$i<8;$i++) {
-$code.=<<___;
-	 mov	$X[$i], %rax
-	 mul	$OP			# rdx:rax = %OP * [$i]
-	 add	%rax, $X[$i-1]
-	 adc	\$0, %rdx
-	 mov	%rdx, $X[$i]
-___
-}
-
-for(my $i=1;$i<8;$i++) {
-$code.=<<___;
-	 mov	(+8*$i)($pA), $OP
-___
-
-	&MULSTEP_512(\@X, "(+$pDst_o+8*$i)($pDst)", $pB, $OP, $TMP);
-	push(@X,shift(@X));
-}
-
-$code.=<<___;
-	 mov	$X[0], (+$pDst_o+8*8)($pDst)
-	 mov	$X[1], (+$pDst_o+8*9)($pDst)
-	 mov	$X[2], (+$pDst_o+8*10)($pDst)
-	 mov	$X[3], (+$pDst_o+8*11)($pDst)
-	 mov	$X[4], (+$pDst_o+8*12)($pDst)
-	 mov	$X[5], (+$pDst_o+8*13)($pDst)
-	 mov	$X[6], (+$pDst_o+8*14)($pDst)
-	 mov	$X[7], (+$pDst_o+8*15)($pDst)
-___
-}
-
-#
-# mont_mul_a3b : subroutine to compute (Src1 * Src2) % M (all 512-bits)
-# Input:  src1: Address of source 1: rdi
-#         src2: Address of source 2: rsi
-# Output: dst:  Address of destination: [red_res_addr]
-#    src2 and result also in: r9, r8, r15, r14, r13, r12, r11, r10
-# Temp:   Clobbers [tmp16], all registers
-$code.=<<___;
-.type	mont_mul_a3b,\@abi-omnipotent
-.align	16
-mont_mul_a3b:
-	#
-	# multiply tmp = src1 * src2
-	# For multiply: dst = rcx, src1 = rdi, src2 = rsi
-	# stack depth is extra 8 from call
-___
-	&MUL_512x512("%rsp+$tmp16_offset+8", "%rdi", "%rsi", [map("%r$_",(10..15,8..9))], "%rbp", "%rbx");
-$code.=<<___;
-	#
-	# Dst = tmp % m
-	# Call reduce(tmp, m, data, dst)
-
-	# tail recursion optimization: jmp to mont_reduce and return from there
-	 jmp	mont_reduce
-	# call	mont_reduce
-	# ret
-.size	mont_mul_a3b,.-mont_mul_a3b
-___
-}}}
-
-{{{
-#SQR_512 MACRO pDest, pA, x7, x6, x5, x4, x3, x2, x1, x0, tmp*4
-#
-# Input in memory [pA] and also in x7...x0
-# Uses all argument registers plus rax and rdx
-#
-# This version computes all of the off-diagonal terms into memory,
-# and then it adds in the diagonal terms
-
-sub SQR_512
-{
- my ($pDst, $pA, $x, $A, $tmp, $x7, $x6, $pDst_o)=@_;
- my ($pDst,  $pDst_o) = ($pDst =~ m/([^+]*)\+?(.*)?/);
- my @X=@$x;	# make a copy
-$code.=<<___;
-	# ------------------
-	# first pass 01...07
-	# ------------------
-	 mov	$X[0], $A
-
-	 mov	$X[1],%rax
-	 mul	$A
-	 mov	%rax, (+$pDst_o+8*1)($pDst)
-___
-for(my $i=2;$i<8;$i++) {
-$code.=<<___;
-	 mov	%rdx, $X[$i-2]
-	 mov	$X[$i],%rax
-	 mul	$A
-	 add	%rax, $X[$i-2]
-	 adc	\$0, %rdx
-___
-}
-$code.=<<___;
-	 mov	%rdx, $x7
-
-	 mov	$X[0], (+$pDst_o+8*2)($pDst)
-
-	# ------------------
-	# second pass 12...17
-	# ------------------
-
-	 mov	(+8*1)($pA), $A
-
-	 mov	(+8*2)($pA),%rax
-	 mul	$A
-	 add	%rax, $X[1]
-	 adc	\$0, %rdx
-	 mov	$X[1], (+$pDst_o+8*3)($pDst)
-
-	 mov	%rdx, $X[0]
-	 mov	(+8*3)($pA),%rax
-	 mul	$A
-	 add	%rax, $X[2]
-	 adc	\$0, %rdx
-	 add	$X[0], $X[2]
-	 adc	\$0, %rdx
-	 mov	$X[2], (+$pDst_o+8*4)($pDst)
-
-	 mov	%rdx, $X[0]
-	 mov	(+8*4)($pA),%rax
-	 mul	$A
-	 add	%rax, $X[3]
-	 adc	\$0, %rdx
-	 add	$X[0], $X[3]
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $X[0]
-	 mov	(+8*5)($pA),%rax
-	 mul	$A
-	 add	%rax, $X[4]
-	 adc	\$0, %rdx
-	 add	$X[0], $X[4]
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $X[0]
-	 mov	$X[6],%rax
-	 mul	$A
-	 add	%rax, $X[5]
-	 adc	\$0, %rdx
-	 add	$X[0], $X[5]
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $X[0]
-	 mov	$X[7],%rax
-	 mul	$A
-	 add	%rax, $x7
-	 adc	\$0, %rdx
-	 add	$X[0], $x7
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $X[1]
-
-	# ------------------
-	# third pass 23...27
-	# ------------------
-	 mov	(+8*2)($pA), $A
-
-	 mov	(+8*3)($pA),%rax
-	 mul	$A
-	 add	%rax, $X[3]
-	 adc	\$0, %rdx
-	 mov	$X[3], (+$pDst_o+8*5)($pDst)
-
-	 mov	%rdx, $X[0]
-	 mov	(+8*4)($pA),%rax
-	 mul	$A
-	 add	%rax, $X[4]
-	 adc	\$0, %rdx
-	 add	$X[0], $X[4]
-	 adc	\$0, %rdx
-	 mov	$X[4], (+$pDst_o+8*6)($pDst)
-
-	 mov	%rdx, $X[0]
-	 mov	(+8*5)($pA),%rax
-	 mul	$A
-	 add	%rax, $X[5]
-	 adc	\$0, %rdx
-	 add	$X[0], $X[5]
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $X[0]
-	 mov	$X[6],%rax
-	 mul	$A
-	 add	%rax, $x7
-	 adc	\$0, %rdx
-	 add	$X[0], $x7
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $X[0]
-	 mov	$X[7],%rax
-	 mul	$A
-	 add	%rax, $X[1]
-	 adc	\$0, %rdx
-	 add	$X[0], $X[1]
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $X[2]
-
-	# ------------------
-	# fourth pass 34...37
-	# ------------------
-
-	 mov	(+8*3)($pA), $A
-
-	 mov	(+8*4)($pA),%rax
-	 mul	$A
-	 add	%rax, $X[5]
-	 adc	\$0, %rdx
-	 mov	$X[5], (+$pDst_o+8*7)($pDst)
-
-	 mov	%rdx, $X[0]
-	 mov	(+8*5)($pA),%rax
-	 mul	$A
-	 add	%rax, $x7
-	 adc	\$0, %rdx
-	 add	$X[0], $x7
-	 adc	\$0, %rdx
-	 mov	$x7, (+$pDst_o+8*8)($pDst)
-
-	 mov	%rdx, $X[0]
-	 mov	$X[6],%rax
-	 mul	$A
-	 add	%rax, $X[1]
-	 adc	\$0, %rdx
-	 add	$X[0], $X[1]
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $X[0]
-	 mov	$X[7],%rax
-	 mul	$A
-	 add	%rax, $X[2]
-	 adc	\$0, %rdx
-	 add	$X[0], $X[2]
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $X[5]
-
-	# ------------------
-	# fifth pass 45...47
-	# ------------------
-	 mov	(+8*4)($pA), $A
-
-	 mov	(+8*5)($pA),%rax
-	 mul	$A
-	 add	%rax, $X[1]
-	 adc	\$0, %rdx
-	 mov	$X[1], (+$pDst_o+8*9)($pDst)
-
-	 mov	%rdx, $X[0]
-	 mov	$X[6],%rax
-	 mul	$A
-	 add	%rax, $X[2]
-	 adc	\$0, %rdx
-	 add	$X[0], $X[2]
-	 adc	\$0, %rdx
-	 mov	$X[2], (+$pDst_o+8*10)($pDst)
-
-	 mov	%rdx, $X[0]
-	 mov	$X[7],%rax
-	 mul	$A
-	 add	%rax, $X[5]
-	 adc	\$0, %rdx
-	 add	$X[0], $X[5]
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $X[1]
-
-	# ------------------
-	# sixth pass 56...57
-	# ------------------
-	 mov	(+8*5)($pA), $A
-
-	 mov	$X[6],%rax
-	 mul	$A
-	 add	%rax, $X[5]
-	 adc	\$0, %rdx
-	 mov	$X[5], (+$pDst_o+8*11)($pDst)
-
-	 mov	%rdx, $X[0]
-	 mov	$X[7],%rax
-	 mul	$A
-	 add	%rax, $X[1]
-	 adc	\$0, %rdx
-	 add	$X[0], $X[1]
-	 adc	\$0, %rdx
-	 mov	$X[1], (+$pDst_o+8*12)($pDst)
-
-	 mov	%rdx, $X[2]
-
-	# ------------------
-	# seventh pass 67
-	# ------------------
-	 mov	$X[6], $A
-
-	 mov	$X[7],%rax
-	 mul	$A
-	 add	%rax, $X[2]
-	 adc	\$0, %rdx
-	 mov	$X[2], (+$pDst_o+8*13)($pDst)
-
-	 mov	%rdx, (+$pDst_o+8*14)($pDst)
-
-	# start finalize (add	in squares, and double off-terms)
-	 mov	(+$pDst_o+8*1)($pDst), $X[0]
-	 mov	(+$pDst_o+8*2)($pDst), $X[1]
-	 mov	(+$pDst_o+8*3)($pDst), $X[2]
-	 mov	(+$pDst_o+8*4)($pDst), $X[3]
-	 mov	(+$pDst_o+8*5)($pDst), $X[4]
-	 mov	(+$pDst_o+8*6)($pDst), $X[5]
-
-	 mov	(+8*3)($pA), %rax
-	 mul	%rax
-	 mov	%rax, $x6
-	 mov	%rdx, $X[6]
-
-	 add	$X[0], $X[0]
-	 adc	$X[1], $X[1]
-	 adc	$X[2], $X[2]
-	 adc	$X[3], $X[3]
-	 adc	$X[4], $X[4]
-	 adc	$X[5], $X[5]
-	 adc	\$0, $X[6]
-
-	 mov	(+8*0)($pA), %rax
-	 mul	%rax
-	 mov	%rax, (+$pDst_o+8*0)($pDst)
-	 mov	%rdx, $A
-
-	 mov	(+8*1)($pA), %rax
-	 mul	%rax
-
-	 add	$A, $X[0]
-	 adc	%rax, $X[1]
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $A
-	 mov	$X[0], (+$pDst_o+8*1)($pDst)
-	 mov	$X[1], (+$pDst_o+8*2)($pDst)
-
-	 mov	(+8*2)($pA), %rax
-	 mul	%rax
-
-	 add	$A, $X[2]
-	 adc	%rax, $X[3]
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $A
-
-	 mov	$X[2], (+$pDst_o+8*3)($pDst)
-	 mov	$X[3], (+$pDst_o+8*4)($pDst)
-
-	 xor	$tmp, $tmp
-	 add	$A, $X[4]
-	 adc	$x6, $X[5]
-	 adc	\$0, $tmp
-
-	 mov	$X[4], (+$pDst_o+8*5)($pDst)
-	 mov	$X[5], (+$pDst_o+8*6)($pDst)
-
-	# %%tmp has 0/1 in column 7
-	# %%A6 has a full value in column 7
-
-	 mov	(+$pDst_o+8*7)($pDst), $X[0]
-	 mov	(+$pDst_o+8*8)($pDst), $X[1]
-	 mov	(+$pDst_o+8*9)($pDst), $X[2]
-	 mov	(+$pDst_o+8*10)($pDst), $X[3]
-	 mov	(+$pDst_o+8*11)($pDst), $X[4]
-	 mov	(+$pDst_o+8*12)($pDst), $X[5]
-	 mov	(+$pDst_o+8*13)($pDst), $x6
-	 mov	(+$pDst_o+8*14)($pDst), $x7
-
-	 mov	$X[7], %rax
-	 mul	%rax
-	 mov	%rax, $X[7]
-	 mov	%rdx, $A
-
-	 add	$X[0], $X[0]
-	 adc	$X[1], $X[1]
-	 adc	$X[2], $X[2]
-	 adc	$X[3], $X[3]
-	 adc	$X[4], $X[4]
-	 adc	$X[5], $X[5]
-	 adc	$x6, $x6
-	 adc	$x7, $x7
-	 adc	\$0, $A
-
-	 add	$tmp, $X[0]
-
-	 mov	(+8*4)($pA), %rax
-	 mul	%rax
-
-	 add	$X[6], $X[0]
-	 adc	%rax, $X[1]
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $tmp
-
-	 mov	$X[0], (+$pDst_o+8*7)($pDst)
-	 mov	$X[1], (+$pDst_o+8*8)($pDst)
-
-	 mov	(+8*5)($pA), %rax
-	 mul	%rax
-
-	 add	$tmp, $X[2]
-	 adc	%rax, $X[3]
-	 adc	\$0, %rdx
-
-	 mov	%rdx, $tmp
-
-	 mov	$X[2], (+$pDst_o+8*9)($pDst)
-	 mov	$X[3], (+$pDst_o+8*10)($pDst)
-
-	 mov	(+8*6)($pA), %rax
-	 mul	%rax
-
-	 add	$tmp, $X[4]
-	 adc	%rax, $X[5]
-	 adc	\$0, %rdx
-
-	 mov	$X[4], (+$pDst_o+8*11)($pDst)
-	 mov	$X[5], (+$pDst_o+8*12)($pDst)
-
-	 add	%rdx, $x6
-	 adc	$X[7], $x7
-	 adc	\$0, $A
-
-	 mov	$x6, (+$pDst_o+8*13)($pDst)
-	 mov	$x7, (+$pDst_o+8*14)($pDst)
-	 mov	$A, (+$pDst_o+8*15)($pDst)
-___
-}
-
-#
-# sqr_reduce: subroutine to compute Result = reduce(Result * Result)
-#
-# input and result also in: r9, r8, r15, r14, r13, r12, r11, r10
-#
-$code.=<<___;
-.type	sqr_reduce,\@abi-omnipotent
-.align	16
-sqr_reduce:
-	 mov	(+$pResult_offset+8)(%rsp), %rcx
-___
-	&SQR_512("%rsp+$tmp16_offset+8", "%rcx", [map("%r$_",(10..15,8..9))], "%rbx", "%rbp", "%rsi", "%rdi");
-$code.=<<___;
-	# tail recursion optimization: jmp to mont_reduce and return from there
-	 jmp	mont_reduce
-	# call	mont_reduce
-	# ret
-.size	sqr_reduce,.-sqr_reduce
-___
-}}}
-
-#
-# MAIN FUNCTION
-#
-
-#mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */
-#           UINT64 *g,   /* 512 bits, 8 qwords */
-#           UINT64 *exp, /* 512 bits, 8 qwords */
-#           struct mod_ctx_512 *data)
-
-# window size = 5
-# table size = 2^5 = 32
-#table_entries	equ	32
-#table_size	equ	table_entries * 8
-$code.=<<___;
-.globl	mod_exp_512
-.type	mod_exp_512,\@function,4
-mod_exp_512:
-	 push	%rbp
-	 push	%rbx
-	 push	%r12
-	 push	%r13
-	 push	%r14
-	 push	%r15
-
-	# adjust stack down and then align it with cache boundary
-	 mov	%rsp, %r8
-	 sub	\$$mem_size, %rsp
-	 and	\$-64, %rsp
-
-	# store previous stack pointer and arguments
-	 mov	%r8, (+$rsp_offset)(%rsp)
-	 mov	%rdi, (+$pResult_offset)(%rsp)
-	 mov	%rsi, (+$pG_offset)(%rsp)
-	 mov	%rcx, (+$pData_offset)(%rsp)
-.Lbody:
-	# transform g into montgomery space
-	# GT = reduce(g * C2) = reduce(g * (2^256))
-	# reduce expects to have the input in [tmp16]
-	 pxor	%xmm4, %xmm4
-	 movdqu	(+16*0)(%rsi), %xmm0
-	 movdqu	(+16*1)(%rsi), %xmm1
-	 movdqu	(+16*2)(%rsi), %xmm2
-	 movdqu	(+16*3)(%rsi), %xmm3
-	 movdqa	%xmm4, (+$tmp16_offset+16*0)(%rsp)
-	 movdqa	%xmm4, (+$tmp16_offset+16*1)(%rsp)
-	 movdqa	%xmm4, (+$tmp16_offset+16*6)(%rsp)
-	 movdqa	%xmm4, (+$tmp16_offset+16*7)(%rsp)
-	 movdqa	%xmm0, (+$tmp16_offset+16*2)(%rsp)
-	 movdqa	%xmm1, (+$tmp16_offset+16*3)(%rsp)
-	 movdqa	%xmm2, (+$tmp16_offset+16*4)(%rsp)
-	 movdqa	%xmm3, (+$tmp16_offset+16*5)(%rsp)
-
-	# load pExp before rdx gets blown away
-	 movdqu	(+16*0)(%rdx), %xmm0
-	 movdqu	(+16*1)(%rdx), %xmm1
-	 movdqu	(+16*2)(%rdx), %xmm2
-	 movdqu	(+16*3)(%rdx), %xmm3
-
-	 lea	(+$GT_offset)(%rsp), %rbx
-	 mov	%rbx, (+$red_result_addr_offset)(%rsp)
-	 call	mont_reduce
-
-	# Initialize tmp = C
-	 lea	(+$tmp_offset)(%rsp), %rcx
-	 xor	%rax, %rax
-	 mov	%rax, (+8*0)(%rcx)
-	 mov	%rax, (+8*1)(%rcx)
-	 mov	%rax, (+8*3)(%rcx)
-	 mov	%rax, (+8*4)(%rcx)
-	 mov	%rax, (+8*5)(%rcx)
-	 mov	%rax, (+8*6)(%rcx)
-	 mov	%rax, (+8*7)(%rcx)
-	 mov	%rax, (+$exp_offset+8*8)(%rsp)
-	 movq	\$1, (+8*2)(%rcx)
-
-	 lea	(+$garray_offset)(%rsp), %rbp
-	 mov	%rcx, %rsi			# pTmp
-	 mov	%rbp, %rdi			# Garray[][0]
-___
-
-	&swizzle("%rdi", "%rcx", "%rax", "%rbx");
-
-	# for (rax = 31; rax != 0; rax--) {
-	#     tmp = reduce(tmp * G)
-	#     swizzle(pg, tmp);
-	#     pg += 2; }
-$code.=<<___;
-	 mov	\$31, %rax
-	 mov	%rax, (+$i_offset)(%rsp)
-	 mov	%rbp, (+$pg_offset)(%rsp)
-	# rsi -> pTmp
-	 mov	%rsi, (+$red_result_addr_offset)(%rsp)
-	 mov	(+8*0)(%rsi), %r10
-	 mov	(+8*1)(%rsi), %r11
-	 mov	(+8*2)(%rsi), %r12
-	 mov	(+8*3)(%rsi), %r13
-	 mov	(+8*4)(%rsi), %r14
-	 mov	(+8*5)(%rsi), %r15
-	 mov	(+8*6)(%rsi), %r8
-	 mov	(+8*7)(%rsi), %r9
-init_loop:
-	 lea	(+$GT_offset)(%rsp), %rdi
-	 call	mont_mul_a3b
-	 lea	(+$tmp_offset)(%rsp), %rsi
-	 mov	(+$pg_offset)(%rsp), %rbp
-	 add	\$2, %rbp
-	 mov	%rbp, (+$pg_offset)(%rsp)
-	 mov	%rsi, %rcx			# rcx = rsi = addr of tmp
-___
-
-	&swizzle("%rbp", "%rcx", "%rax", "%rbx");
-$code.=<<___;
-	 mov	(+$i_offset)(%rsp), %rax
-	 sub	\$1, %rax
-	 mov	%rax, (+$i_offset)(%rsp)
-	 jne	init_loop
-
-	#
-	# Copy exponent onto stack
-	 movdqa	%xmm0, (+$exp_offset+16*0)(%rsp)
-	 movdqa	%xmm1, (+$exp_offset+16*1)(%rsp)
-	 movdqa	%xmm2, (+$exp_offset+16*2)(%rsp)
-	 movdqa	%xmm3, (+$exp_offset+16*3)(%rsp)
-
-
-	#
-	# Do exponentiation
-	# Initialize result to G[exp{511:507}]
-	 mov	(+$exp_offset+62)(%rsp), %eax
-	 mov	%rax, %rdx
-	 shr	\$11, %rax
-	 and	\$0x07FF, %edx
-	 mov	%edx, (+$exp_offset+62)(%rsp)
-	 lea	(+$garray_offset)(%rsp,%rax,2), %rsi
-	 mov	(+$pResult_offset)(%rsp), %rdx
-___
-
-	&unswizzle("%rdx", "%rsi", "%rbp", "%rbx", "%rax");
-
-	#
-	# Loop variables
-	# rcx = [loop_idx] = index: 510-5 to 0 by 5
-$code.=<<___;
-	 movq	\$505, (+$loop_idx_offset)(%rsp)
-
-	 mov	(+$pResult_offset)(%rsp), %rcx
-	 mov	%rcx, (+$red_result_addr_offset)(%rsp)
-	 mov	(+8*0)(%rcx), %r10
-	 mov	(+8*1)(%rcx), %r11
-	 mov	(+8*2)(%rcx), %r12
-	 mov	(+8*3)(%rcx), %r13
-	 mov	(+8*4)(%rcx), %r14
-	 mov	(+8*5)(%rcx), %r15
-	 mov	(+8*6)(%rcx), %r8
-	 mov	(+8*7)(%rcx), %r9
-	 jmp	sqr_2
-
-main_loop_a3b:
-	 call	sqr_reduce
-	 call	sqr_reduce
-	 call	sqr_reduce
-sqr_2:
-	 call	sqr_reduce
-	 call	sqr_reduce
-
-	#
-	# Do multiply, first look up proper value in Garray
-	 mov	(+$loop_idx_offset)(%rsp), %rcx			# bit index
-	 mov	%rcx, %rax
-	 shr	\$4, %rax			# rax is word pointer
-	 mov	(+$exp_offset)(%rsp,%rax,2), %edx
-	 and	\$15, %rcx
-	 shrq	%cl, %rdx
-	 and	\$0x1F, %rdx
-
-	 lea	(+$garray_offset)(%rsp,%rdx,2), %rsi
-	 lea	(+$tmp_offset)(%rsp), %rdx
-	 mov	%rdx, %rdi
-___
-
-	&unswizzle("%rdx", "%rsi", "%rbp", "%rbx", "%rax");
-	# rdi = tmp = pG
-
-	#
-	# Call mod_mul_a1(pDst,  pSrc1, pSrc2, pM, pData)
-	#                 result result pG     M   Data
-$code.=<<___;
-	 mov	(+$pResult_offset)(%rsp), %rsi
-	 call	mont_mul_a3b
-
-	#
-	# finish loop
-	 mov	(+$loop_idx_offset)(%rsp), %rcx
-	 sub	\$5, %rcx
-	 mov	%rcx, (+$loop_idx_offset)(%rsp)
-	 jge	main_loop_a3b
-
-	#
-
-end_main_loop_a3b:
-	# transform result out of Montgomery space
-	# result = reduce(result)
-	 mov	(+$pResult_offset)(%rsp), %rdx
-	 pxor	%xmm4, %xmm4
-	 movdqu	(+16*0)(%rdx), %xmm0
-	 movdqu	(+16*1)(%rdx), %xmm1
-	 movdqu	(+16*2)(%rdx), %xmm2
-	 movdqu	(+16*3)(%rdx), %xmm3
-	 movdqa	%xmm4, (+$tmp16_offset+16*4)(%rsp)
-	 movdqa	%xmm4, (+$tmp16_offset+16*5)(%rsp)
-	 movdqa	%xmm4, (+$tmp16_offset+16*6)(%rsp)
-	 movdqa	%xmm4, (+$tmp16_offset+16*7)(%rsp)
-	 movdqa	%xmm0, (+$tmp16_offset+16*0)(%rsp)
-	 movdqa	%xmm1, (+$tmp16_offset+16*1)(%rsp)
-	 movdqa	%xmm2, (+$tmp16_offset+16*2)(%rsp)
-	 movdqa	%xmm3, (+$tmp16_offset+16*3)(%rsp)
-	 call	mont_reduce
-
-	# If result > m, subract m
-	# load result into r15:r8
-	 mov	(+$pResult_offset)(%rsp), %rax
-	 mov	(+8*0)(%rax), %r8
-	 mov	(+8*1)(%rax), %r9
-	 mov	(+8*2)(%rax), %r10
-	 mov	(+8*3)(%rax), %r11
-	 mov	(+8*4)(%rax), %r12
-	 mov	(+8*5)(%rax), %r13
-	 mov	(+8*6)(%rax), %r14
-	 mov	(+8*7)(%rax), %r15
-
-	# subtract m
-	 mov	(+$pData_offset)(%rsp), %rbx
-	 add	\$$M, %rbx
-
-	 sub	(+8*0)(%rbx), %r8
-	 sbb	(+8*1)(%rbx), %r9
-	 sbb	(+8*2)(%rbx), %r10
-	 sbb	(+8*3)(%rbx), %r11
-	 sbb	(+8*4)(%rbx), %r12
-	 sbb	(+8*5)(%rbx), %r13
-	 sbb	(+8*6)(%rbx), %r14
-	 sbb	(+8*7)(%rbx), %r15
-
-	# if Carry is clear, replace result with difference
-	 mov	(+8*0)(%rax), %rsi
-	 mov	(+8*1)(%rax), %rdi
-	 mov	(+8*2)(%rax), %rcx
-	 mov	(+8*3)(%rax), %rdx
-	 cmovnc	%r8, %rsi
-	 cmovnc	%r9, %rdi
-	 cmovnc	%r10, %rcx
-	 cmovnc	%r11, %rdx
-	 mov	%rsi, (+8*0)(%rax)
-	 mov	%rdi, (+8*1)(%rax)
-	 mov	%rcx, (+8*2)(%rax)
-	 mov	%rdx, (+8*3)(%rax)
-
-	 mov	(+8*4)(%rax), %rsi
-	 mov	(+8*5)(%rax), %rdi
-	 mov	(+8*6)(%rax), %rcx
-	 mov	(+8*7)(%rax), %rdx
-	 cmovnc	%r12, %rsi
-	 cmovnc	%r13, %rdi
-	 cmovnc	%r14, %rcx
-	 cmovnc	%r15, %rdx
-	 mov	%rsi, (+8*4)(%rax)
-	 mov	%rdi, (+8*5)(%rax)
-	 mov	%rcx, (+8*6)(%rax)
-	 mov	%rdx, (+8*7)(%rax)
-
-	 mov	(+$rsp_offset)(%rsp), %rsi
-	 mov	0(%rsi),%r15
-	 mov	8(%rsi),%r14
-	 mov	16(%rsi),%r13
-	 mov	24(%rsi),%r12
-	 mov	32(%rsi),%rbx
-	 mov	40(%rsi),%rbp
-	 lea	48(%rsi),%rsp
-.Lepilogue:
-	 ret
-.size mod_exp_512, . - mod_exp_512
-___
-
-if ($win64) {
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-my $rec="%rcx";
-my $frame="%rdx";
-my $context="%r8";
-my $disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	mod_exp_512_se_handler,\@abi-omnipotent
-.align	16
-mod_exp_512_se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	lea	.Lbody(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<prologue label
-	jb	.Lin_prologue
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	lea	.Lepilogue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lin_prologue
-
-	mov	$rsp_offset(%rax),%rax	# pull saved Rsp
-
-	mov	32(%rax),%rbx
-	mov	40(%rax),%rbp
-	mov	24(%rax),%r12
-	mov	16(%rax),%r13
-	mov	8(%rax),%r14
-	mov	0(%rax),%r15
-	lea	48(%rax),%rax
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-.Lin_prologue:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	mod_exp_512_se_handler,.-mod_exp_512_se_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_mod_exp_512
-	.rva	.LSEH_end_mod_exp_512
-	.rva	.LSEH_info_mod_exp_512
-
-.section	.xdata
-.align	8
-.LSEH_info_mod_exp_512:
-	.byte	9,0,0,0
-	.rva	mod_exp_512_se_handler
-___
-}
-
-sub reg_part {
-my ($reg,$conv)=@_;
-    if ($reg =~ /%r[0-9]+/)	{ $reg .= $conv; }
-    elsif ($conv eq "b")	{ $reg =~ s/%[er]([^x]+)x?/%$1l/;	}
-    elsif ($conv eq "w")	{ $reg =~ s/%[er](.+)/%$1/;		}
-    elsif ($conv eq "d")	{ $reg =~ s/%[er](.+)/%e$1/;		}
-    return $reg;
-}
-
-$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem;
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/(\(\+[^)]+\))/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s
deleted file mode 100644
index f3b16290eb..0000000000
--- a/crypto/bn/asm/pa-risc2.s
+++ /dev/null
@@ -1,1618 +0,0 @@
-;
-; PA-RISC 2.0 implementation of bn_asm code, based on the
-; 64-bit version of the code.  This code is effectively the
-; same as the 64-bit version except the register model is
-; slightly different given all values must be 32-bit between
-; function calls.  Thus the 64-bit return values are returned
-; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit
-;
-;
-; This code is approximately 2x faster than the C version
-; for RSA/DSA.
-;
-; See http://devresource.hp.com/  for more details on the PA-RISC
-; architecture.  Also see the book "PA-RISC 2.0 Architecture"
-; by Gerry Kane for information on the instruction set architecture.
-;
-; Code written by Chris Ruemmler (with some help from the HP C
-; compiler).
-;
-; The code compiles with HP's assembler
-;
-
-	.level	2.0N
-	.space	$TEXT$
-	.subspa	$CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
-
-;
-; Global Register definitions used for the routines.
-;
-; Some information about HP's runtime architecture for 32-bits.
-;
-; "Caller save" means the calling function must save the register
-; if it wants the register to be preserved.
-; "Callee save" means if a function uses the register, it must save
-; the value before using it.
-;
-; For the floating point registers 
-;
-;    "caller save" registers: fr4-fr11, fr22-fr31
-;    "callee save" registers: fr12-fr21
-;    "special" registers: fr0-fr3 (status and exception registers)
-;
-; For the integer registers
-;     value zero             :  r0
-;     "caller save" registers: r1,r19-r26
-;     "callee save" registers: r3-r18
-;     return register        :  r2  (rp)
-;     return values          ; r28,r29  (ret0,ret1)
-;     Stack pointer          ; r30  (sp) 
-;     millicode return ptr   ; r31  (also a caller save register)
-
-
-;
-; Arguments to the routines
-;
-r_ptr       .reg %r26
-a_ptr       .reg %r25
-b_ptr       .reg %r24
-num         .reg %r24
-n           .reg %r23
-
-;
-; Note that the "w" argument for bn_mul_add_words and bn_mul_words
-; is passed on the stack at a delta of -56 from the top of stack
-; as the routine is entered.
-;
-
-;
-; Globals used in some routines
-;
-
-top_overflow .reg %r23
-high_mask    .reg %r22    ; value 0xffffffff80000000L
-
-
-;------------------------------------------------------------------------------
-;
-; bn_mul_add_words
-;
-;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
-;								int num, BN_ULONG w)
-;
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg3 = num
-; -56(sp) =  w
-;
-; Local register definitions
-;
-
-fm1          .reg %fr22
-fm           .reg %fr23
-ht_temp      .reg %fr24
-ht_temp_1    .reg %fr25
-lt_temp      .reg %fr26
-lt_temp_1    .reg %fr27
-fm1_1        .reg %fr28
-fm_1         .reg %fr29
-
-fw_h         .reg %fr7L
-fw_l         .reg %fr7R
-fw           .reg %fr7
-
-fht_0        .reg %fr8L
-flt_0        .reg %fr8R
-t_float_0    .reg %fr8
-
-fht_1        .reg %fr9L
-flt_1        .reg %fr9R
-t_float_1    .reg %fr9
-
-tmp_0        .reg %r31
-tmp_1        .reg %r21
-m_0          .reg %r20 
-m_1          .reg %r19 
-ht_0         .reg %r1  
-ht_1         .reg %r3
-lt_0         .reg %r4
-lt_1         .reg %r5
-m1_0         .reg %r6 
-m1_1         .reg %r7 
-rp_val       .reg %r8
-rp_val_1     .reg %r9
-
-bn_mul_add_words
-	.export	bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
-	.proc
-	.callinfo frame=128
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP                         ; Needed to make the loop 16-byte aligned
-	NOP                         ; needed to make the loop 16-byte aligned
-
-    STD     %r5,16(%sp)         ; save r5  
-	NOP
-    STD     %r6,24(%sp)         ; save r6  
-    STD     %r7,32(%sp)         ; save r7  
-
-    STD     %r8,40(%sp)         ; save r8  
-    STD     %r9,48(%sp)         ; save r9  
-    COPY    %r0,%ret1           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-
-    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
-	LDO     128(%sp),%sp        ; bump stack
-
-	;
-	; The loop is unrolled twice, so if there is only 1 number
-    ; then go straight to the cleanup code.
-	;
-	CMPIB,= 1,num,bn_mul_add_words_single_top
-	FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_add_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val          ; rp[0]
-    LDD     8(r_ptr),rp_val_1        ; rp[1]
-
-    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
-    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
-    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
-
-    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
-    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
-    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
-    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
-
-    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
-    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
-    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
-
-    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
-    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
-
-    LDD     -8(%sp),m_0              ; m[0] 
-    LDD     -40(%sp),m_1             ; m[1]
-    LDD     -16(%sp),m1_0            ; m1[0]
-    LDD     -48(%sp),m1_1            ; m1[1]
-
-    LDD     -24(%sp),ht_0            ; ht[0]
-    LDD     -56(%sp),ht_1            ; ht[1]
-    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
-    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
-
-    LDD     -32(%sp),lt_0            
-    LDD     -64(%sp),lt_1            
-    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
-    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
-
-    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
-    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
-    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
-    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
-
-    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
-    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
-    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
-    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
-
-    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-
-    ADD    %ret1,lt_0,lt_0           ; lt[0] = lt[0] + c;
-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
-    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-
-	LDO    -2(num),num               ; num = num - 2;
-    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
-
-    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
-    ADD,DC  ht_1,%r0,%ret1           ; ht[1]++
-    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
-
-    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
-	CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
-    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
-
-    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_mul_add_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val           ; rp[0]
-    LDO     8(a_ptr),a_ptr            ; a_ptr++
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              ; m1 = temp1 
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     %ret1,tmp_0,lt_0          ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
-    ADD,DC  ht_0,%r0,%ret1            ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_add_words_exit
-    .EXIT
-	
-    EXTRD,U %ret1,31,32,%ret0         ; for 32-bit, return in ret0/ret1
-    LDD     -80(%sp),%r9              ; restore r9  
-    LDD     -88(%sp),%r8              ; restore r8  
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-;
-; arg0 = rp
-; arg1 = ap
-; arg3 = num
-; w on stack at -56(sp)
-
-bn_mul_words
-	.proc
-	.callinfo frame=128
-    .entry
-	.EXPORT	bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP
-    STD     %r5,16(%sp)         ; save r5  
-
-    STD     %r6,24(%sp)         ; save r6  
-    STD     %r7,32(%sp)         ; save r7  
-    COPY    %r0,%ret1           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-
-    CMPIB,>= 0,num,bn_mul_words_exit
-	LDO     128(%sp),%sp    ; bump stack
-
-	;
-	; See if only 1 word to do, thus just do cleanup
-	;
-	CMPIB,= 1,num,bn_mul_words_single_top
-	FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
-
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
-
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
-
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
-
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
-    LDD     -8(%sp),m_0               
-    LDD     -40(%sp),m_1              
-
-    LDD    -16(%sp),m1_0              
-    LDD    -48(%sp),m1_1              
-    LDD     -24(%sp),ht_0             
-    LDD     -56(%sp),ht_1             
-
-    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
-    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
-    LDD     -32(%sp),lt_0             
-    LDD     -64(%sp),lt_1             
-
-    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
-    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
-    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
-	ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    ADD    %ret1,lt_0,lt_0            ; lt = lt + c (ret1);
-	ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     lt_1,8(r_ptr)             ; rp[1] = lt
-
-	COPY    ht_1,%ret1                ; carry = ht
-	LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-	CMPIB,<= 2,num,bn_mul_words_unroll2
-    LDO     16(r_ptr),r_ptr           ; rp++
-
-    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_mul_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     %ret1,lt_0,lt_0           ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    COPY    ht_0,%ret1                ; copy carry
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_words_exit
-    .EXIT
-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-	.PROCEND	
-
-;----------------------------------------------------------------------------
-;
-;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
-;
-; arg0 = rp
-; arg1 = ap
-; arg2 = num
-;
-
-bn_sqr_words
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP
-    STD     %r5,16(%sp)         ; save r5  
-
-    CMPIB,>= 0,num,bn_sqr_words_exit
-	LDO     128(%sp),%sp       ; bump stack
-
-	;
-	; If only 1, the goto straight to cleanup
-	;
-	CMPIB,= 1,num,bn_sqr_words_single_top
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-
-bn_sqr_words_unroll2
-    FLDD    0(a_ptr),t_float_0        ; a[0]
-    FLDD    8(a_ptr),t_float_1        ; a[1]
-    XMPYU   fht_0,flt_0,fm            ; m[0]
-    XMPYU   fht_1,flt_1,fm_1          ; m[1]
-
-    FSTD    fm,-24(%sp)               ; store m[0]
-    FSTD    fm_1,-56(%sp)             ; store m[1]
-    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
-    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
-
-    FSTD    lt_temp,-16(%sp)          ; store lt[0]
-    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
-    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
-    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
-
-    FSTD    ht_temp,-8(%sp)           ; store ht[0]
-    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
-    LDD     -24(%sp),m_0             
-    LDD     -56(%sp),m_1              
-
-    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
-    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
-    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
-
-    LDD     -16(%sp),lt_0        
-    LDD     -48(%sp),lt_1        
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
-    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
-
-    LDD     -8(%sp),ht_0            
-    LDD     -40(%sp),ht_1           
-    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
-    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
-
-    ADD     lt_0,m_0,lt_0             ; lt = lt+m
-    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
-
-    ADD     lt_1,m_1,lt_1             ; lt = lt+m
-    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
-    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
-    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
-
-	LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-	CMPIB,<= 2,num,bn_sqr_words_unroll2
-    LDO     32(r_ptr),r_ptr           ; rp += 4
-
-    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_sqr_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,flt_0,fm            ; m
-    FSTD    fm,-24(%sp)               ; store m
-
-    XMPYU   flt_0,flt_0,lt_temp       ; lt
-    FSTD    lt_temp,-16(%sp)          ; store lt
-
-    XMPYU   fht_0,fht_0,ht_temp       ; ht
-    FSTD    ht_temp,-8(%sp)           ; store ht
-
-    LDD     -24(%sp),m_0              ; load m
-    AND     m_0,high_mask,tmp_0       ; m & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
-    LDD     -16(%sp),lt_0             ; lt
-
-    LDD     -8(%sp),ht_0              ; ht
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
-    ADD     m_0,lt_0,lt_0             ; lt = lt+m
-    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht
-
-bn_sqr_words_exit
-    .EXIT
-    LDD     -112(%sp),%r5       ; restore r5  
-    LDD     -120(%sp),%r4       ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3 
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t  .reg %r22
-b  .reg %r21
-l  .reg %r20
-
-bn_add_words
-	.proc
-    .entry
-	.callinfo
-	.EXPORT	bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.align 64
-
-    CMPIB,>= 0,n,bn_add_words_exit
-    COPY    %r0,%ret1           ; return 0 by default
-
-	;
-	; If 2 or more numbers do the loop
-	;
-	CMPIB,= 1,n,bn_add_words_single_top
-	NOP
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-bn_add_words_unroll2
-	LDD     0(a_ptr),t
-	LDD     0(b_ptr),b
-	ADD     t,%ret1,t                    ; t = t+c;
-	ADD,DC  %r0,%r0,%ret1                ; set c to carry
-	ADD     t,b,l                        ; l = t + b[0]
-	ADD,DC  %ret1,%r0,%ret1              ; c+= carry
-	STD     l,0(r_ptr)
-
-	LDD     8(a_ptr),t
-	LDD     8(b_ptr),b
-	ADD     t,%ret1,t                     ; t = t+c;
-	ADD,DC  %r0,%r0,%ret1                 ; set c to carry
-	ADD     t,b,l                         ; l = t + b[0]
-	ADD,DC  %ret1,%r0,%ret1               ; c+= carry
-	STD     l,8(r_ptr)
-
-	LDO     -2(n),n
-	LDO     16(a_ptr),a_ptr
-	LDO     16(b_ptr),b_ptr
-
-	CMPIB,<= 2,n,bn_add_words_unroll2
-	LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
-
-bn_add_words_single_top
-	LDD     0(a_ptr),t
-	LDD     0(b_ptr),b
-
-	ADD     t,%ret1,t                 ; t = t+c;
-	ADD,DC  %r0,%r0,%ret1             ; set c to carry (could use CMPCLR??)
-	ADD     t,b,l                     ; l = t + b[0]
-	ADD,DC  %ret1,%r0,%ret1           ; c+= carry
-	STD     l,0(r_ptr)
-
-bn_add_words_exit
-    .EXIT
-    BVE     (%rp)
-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t1       .reg %r22
-t2       .reg %r21
-sub_tmp1 .reg %r20
-sub_tmp2 .reg %r19
-
-
-bn_sub_words
-	.proc
-	.callinfo 
-	.EXPORT	bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    CMPIB,>=  0,n,bn_sub_words_exit
-    COPY    %r0,%ret1           ; return 0 by default
-
-	;
-	; If 2 or more numbers do the loop
-	;
-	CMPIB,= 1,n,bn_sub_words_single_top
-	NOP
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-bn_sub_words_unroll2
-	LDD     0(a_ptr),t1
-	LDD     0(b_ptr),t2
-	SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret1,sub_tmp1  ; t3 = t3- c; 
-
-	CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret1
-	STD     sub_tmp1,0(r_ptr)
-
-	LDD     8(a_ptr),t1
-	LDD     8(b_ptr),t2
-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret1
-	STD     sub_tmp1,8(r_ptr)
-
-	LDO     -2(n),n
-	LDO     16(a_ptr),a_ptr
-	LDO     16(b_ptr),b_ptr
-
-	CMPIB,<= 2,n,bn_sub_words_unroll2
-	LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
-
-bn_sub_words_single_top
-	LDD     0(a_ptr),t1
-	LDD     0(b_ptr),t2
-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret1
-
-	STD     sub_tmp1,0(r_ptr)
-
-bn_sub_words_exit
-    .EXIT
-    BVE     (%rp)
-    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;------------------------------------------------------------------------------
-;
-; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
-;
-; arg0 = h
-; arg1 = l
-; arg2 = d
-;
-; This is mainly just output from the HP C compiler.  
-;
-;------------------------------------------------------------------------------
-bn_div_words
-	.PROC
-	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
-	.IMPORT	BN_num_bits_word,CODE
-	;--- not PIC	.IMPORT	__iob,DATA
-	;--- not PIC	.IMPORT	fprintf,CODE
-	.IMPORT	abort,CODE
-	.IMPORT	$$div2U,MILLICODE
-	.CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
-        .ENTRY
-        STW     %r2,-20(%r30)   ;offset 0x8ec
-        STW,MA  %r3,192(%r30)   ;offset 0x8f0
-        STW     %r4,-188(%r30)  ;offset 0x8f4
-        DEPD    %r5,31,32,%r6   ;offset 0x8f8
-        STD     %r6,-184(%r30)  ;offset 0x8fc
-        DEPD    %r7,31,32,%r8   ;offset 0x900
-        STD     %r8,-176(%r30)  ;offset 0x904
-        STW     %r9,-168(%r30)  ;offset 0x908
-        LDD     -248(%r30),%r3  ;offset 0x90c
-        COPY    %r26,%r4        ;offset 0x910
-        COPY    %r24,%r5        ;offset 0x914
-        DEPD    %r25,31,32,%r4  ;offset 0x918
-        CMPB,*<>        %r3,%r0,$0006000C       ;offset 0x91c
-        DEPD    %r23,31,32,%r5  ;offset 0x920
-        MOVIB,TR        -1,%r29,$00060002       ;offset 0x924
-        EXTRD,U %r29,31,32,%r28 ;offset 0x928
-$0006002A
-        LDO     -1(%r29),%r29   ;offset 0x92c
-        SUB     %r23,%r7,%r23   ;offset 0x930
-$00060024
-        SUB     %r4,%r31,%r25   ;offset 0x934
-        AND     %r25,%r19,%r26  ;offset 0x938
-        CMPB,*<>,N      %r0,%r26,$00060046      ;offset 0x93c
-        DEPD,Z  %r25,31,32,%r20 ;offset 0x940
-        OR      %r20,%r24,%r21  ;offset 0x944
-        CMPB,*<<,N      %r21,%r23,$0006002A     ;offset 0x948
-        SUB     %r31,%r2,%r31   ;offset 0x94c
-$00060046
-$0006002E
-        DEPD,Z  %r23,31,32,%r25 ;offset 0x950
-        EXTRD,U %r23,31,32,%r26 ;offset 0x954
-        AND     %r25,%r19,%r24  ;offset 0x958
-        ADD,L   %r31,%r26,%r31  ;offset 0x95c
-        CMPCLR,*>>=     %r5,%r24,%r0    ;offset 0x960
-        LDO     1(%r31),%r31    ;offset 0x964
-$00060032
-        CMPB,*<<=,N     %r31,%r4,$00060036      ;offset 0x968
-        LDO     -1(%r29),%r29   ;offset 0x96c
-        ADD,L   %r4,%r3,%r4     ;offset 0x970
-$00060036
-        ADDIB,=,N       -1,%r8,$D0      ;offset 0x974
-        SUB     %r5,%r24,%r28   ;offset 0x978
-$0006003A
-        SUB     %r4,%r31,%r24   ;offset 0x97c
-        SHRPD   %r24,%r28,32,%r4        ;offset 0x980
-        DEPD,Z  %r29,31,32,%r9  ;offset 0x984
-        DEPD,Z  %r28,31,32,%r5  ;offset 0x988
-$0006001C
-        EXTRD,U %r4,31,32,%r31  ;offset 0x98c
-        CMPB,*<>,N      %r31,%r2,$00060020      ;offset 0x990
-        MOVB,TR %r6,%r29,$D1    ;offset 0x994
-        STD     %r29,-152(%r30) ;offset 0x998
-$0006000C
-        EXTRD,U %r3,31,32,%r25  ;offset 0x99c
-        COPY    %r3,%r26        ;offset 0x9a0
-        EXTRD,U %r3,31,32,%r9   ;offset 0x9a4
-        EXTRD,U %r4,31,32,%r8   ;offset 0x9a8
-        .CALL   ARGW0=GR,ARGW1=GR,RTNVAL=GR     ;in=25,26;out=28;
-        B,L     BN_num_bits_word,%r2    ;offset 0x9ac
-        EXTRD,U %r5,31,32,%r7   ;offset 0x9b0
-        LDI     64,%r20 ;offset 0x9b4
-        DEPD    %r7,31,32,%r5   ;offset 0x9b8
-        DEPD    %r8,31,32,%r4   ;offset 0x9bc
-        DEPD    %r9,31,32,%r3   ;offset 0x9c0
-        CMPB,=  %r28,%r20,$00060012     ;offset 0x9c4
-        COPY    %r28,%r24       ;offset 0x9c8
-        MTSARCM %r24    ;offset 0x9cc
-        DEPDI,Z -1,%sar,1,%r19  ;offset 0x9d0
-        CMPB,*>>,N      %r4,%r19,$D2    ;offset 0x9d4
-$00060012
-        SUBI    64,%r24,%r31    ;offset 0x9d8
-        CMPCLR,*<<      %r4,%r3,%r0     ;offset 0x9dc
-        SUB     %r4,%r3,%r4     ;offset 0x9e0
-$00060016
-        CMPB,=  %r31,%r0,$0006001A      ;offset 0x9e4
-        COPY    %r0,%r9 ;offset 0x9e8
-        MTSARCM %r31    ;offset 0x9ec
-        DEPD,Z  %r3,%sar,64,%r3 ;offset 0x9f0
-        SUBI    64,%r31,%r26    ;offset 0x9f4
-        MTSAR   %r26    ;offset 0x9f8
-        SHRPD   %r4,%r5,%sar,%r4        ;offset 0x9fc
-        MTSARCM %r31    ;offset 0xa00
-        DEPD,Z  %r5,%sar,64,%r5 ;offset 0xa04
-$0006001A
-        DEPDI,Z -1,31,32,%r19   ;offset 0xa08
-        AND     %r3,%r19,%r29   ;offset 0xa0c
-        EXTRD,U %r29,31,32,%r2  ;offset 0xa10
-        DEPDI,Z -1,63,32,%r6    ;offset 0xa14
-        MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
-        EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
-$D2
-        ;--- not PIC	ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
-        ;--- not PIC	LDIL    LR'C$7,%r21     ;offset 0xa24
-        ;--- not PIC	LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
-        ;--- not PIC	.CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
-        ;--- not PIC	B,L     fprintf,%r2     ;offset 0xa2c
-        ;--- not PIC	LDO     RR'C$7(%r21),%r25       ;offset 0xa30
-        .CALL           ;
-        B,L     abort,%r2       ;offset 0xa34
-        NOP             ;offset 0xa38
-        B       $D3     ;offset 0xa3c
-        LDW     -212(%r30),%r2  ;offset 0xa40
-$00060020
-        COPY    %r4,%r26        ;offset 0xa44
-        EXTRD,U %r4,31,32,%r25  ;offset 0xa48
-        COPY    %r2,%r24        ;offset 0xa4c
-        .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
-        B,L     $$div2U,%r31    ;offset 0xa50
-        EXTRD,U %r2,31,32,%r23  ;offset 0xa54
-        DEPD    %r28,31,32,%r29 ;offset 0xa58
-$00060022
-        STD     %r29,-152(%r30) ;offset 0xa5c
-$D1
-        AND     %r5,%r19,%r24   ;offset 0xa60
-        EXTRD,U %r24,31,32,%r24 ;offset 0xa64
-        STW     %r2,-160(%r30)  ;offset 0xa68
-        STW     %r7,-128(%r30)  ;offset 0xa6c
-        FLDD    -152(%r30),%fr4 ;offset 0xa70
-        FLDD    -152(%r30),%fr7 ;offset 0xa74
-        FLDW    -160(%r30),%fr8L        ;offset 0xa78
-        FLDW    -128(%r30),%fr5L        ;offset 0xa7c
-        XMPYU   %fr8L,%fr7L,%fr10       ;offset 0xa80
-        FSTD    %fr10,-136(%r30)        ;offset 0xa84
-        XMPYU   %fr8L,%fr7R,%fr22       ;offset 0xa88
-        FSTD    %fr22,-144(%r30)        ;offset 0xa8c
-        XMPYU   %fr5L,%fr4L,%fr11       ;offset 0xa90
-        XMPYU   %fr5L,%fr4R,%fr23       ;offset 0xa94
-        FSTD    %fr11,-112(%r30)        ;offset 0xa98
-        FSTD    %fr23,-120(%r30)        ;offset 0xa9c
-        LDD     -136(%r30),%r28 ;offset 0xaa0
-        DEPD,Z  %r28,31,32,%r31 ;offset 0xaa4
-        LDD     -144(%r30),%r20 ;offset 0xaa8
-        ADD,L   %r20,%r31,%r31  ;offset 0xaac
-        LDD     -112(%r30),%r22 ;offset 0xab0
-        DEPD,Z  %r22,31,32,%r22 ;offset 0xab4
-        LDD     -120(%r30),%r21 ;offset 0xab8
-        B       $00060024       ;offset 0xabc
-        ADD,L   %r21,%r22,%r23  ;offset 0xac0
-$D0
-        OR      %r9,%r29,%r29   ;offset 0xac4
-$00060040
-        EXTRD,U %r29,31,32,%r28 ;offset 0xac8
-$00060002
-$L2
-        LDW     -212(%r30),%r2  ;offset 0xacc
-$D3
-        LDW     -168(%r30),%r9  ;offset 0xad0
-        LDD     -176(%r30),%r8  ;offset 0xad4
-        EXTRD,U %r8,31,32,%r7   ;offset 0xad8
-        LDD     -184(%r30),%r6  ;offset 0xadc
-        EXTRD,U %r6,31,32,%r5   ;offset 0xae0
-        LDW     -188(%r30),%r4  ;offset 0xae4
-        BVE     (%r2)   ;offset 0xae8
-        .EXIT
-        LDW,MB  -192(%r30),%r3  ;offset 0xaec
-	.PROCEND	;in=23,25;out=28,29;fpin=105,107;
-
-
-
-
-;----------------------------------------------------------------------------
-;
-; Registers to hold 64-bit values to manipulate.  The "L" part
-; of the register corresponds to the upper 32-bits, while the "R"
-; part corresponds to the lower 32-bits
-; 
-; Note, that when using b6 and b7, the code must save these before
-; using them because they are callee save registers 
-; 
-;
-; Floating point registers to use to save values that
-; are manipulated.  These don't collide with ftemp1-6 and
-; are all caller save registers
-;
-a0        .reg %fr22
-a0L       .reg %fr22L
-a0R       .reg %fr22R
-
-a1        .reg %fr23
-a1L       .reg %fr23L
-a1R       .reg %fr23R
-
-a2        .reg %fr24
-a2L       .reg %fr24L
-a2R       .reg %fr24R
-
-a3        .reg %fr25
-a3L       .reg %fr25L
-a3R       .reg %fr25R
-
-a4        .reg %fr26
-a4L       .reg %fr26L
-a4R       .reg %fr26R
-
-a5        .reg %fr27
-a5L       .reg %fr27L
-a5R       .reg %fr27R
-
-a6        .reg %fr28
-a6L       .reg %fr28L
-a6R       .reg %fr28R
-
-a7        .reg %fr29
-a7L       .reg %fr29L
-a7R       .reg %fr29R
-
-b0        .reg %fr30
-b0L       .reg %fr30L
-b0R       .reg %fr30R
-
-b1        .reg %fr31
-b1L       .reg %fr31L
-b1R       .reg %fr31R
-
-;
-; Temporary floating point variables, these are all caller save
-; registers
-;
-ftemp1    .reg %fr4
-ftemp2    .reg %fr5
-ftemp3    .reg %fr6
-ftemp4    .reg %fr7
-
-;
-; The B set of registers when used.
-;
-
-b2        .reg %fr8
-b2L       .reg %fr8L
-b2R       .reg %fr8R
-
-b3        .reg %fr9
-b3L       .reg %fr9L
-b3R       .reg %fr9R
-
-b4        .reg %fr10
-b4L       .reg %fr10L
-b4R       .reg %fr10R
-
-b5        .reg %fr11
-b5L       .reg %fr11L
-b5R       .reg %fr11R
-
-b6        .reg %fr12
-b6L       .reg %fr12L
-b6R       .reg %fr12R
-
-b7        .reg %fr13
-b7L       .reg %fr13L
-b7R       .reg %fr13R
-
-c1           .reg %r21   ; only reg
-temp1        .reg %r20   ; only reg
-temp2        .reg %r19   ; only reg
-temp3        .reg %r31   ; only reg
-
-m1           .reg %r28   
-c2           .reg %r23   
-high_one     .reg %r1
-ht           .reg %r6
-lt           .reg %r5
-m            .reg %r4
-c3           .reg %r3
-
-SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
-    XMPYU   A0L,A0R,ftemp1       ; m
-    FSTD    ftemp1,-24(%sp)      ; store m
-
-    XMPYU   A0R,A0R,ftemp2       ; lt
-    FSTD    ftemp2,-16(%sp)      ; store lt
-
-    XMPYU   A0L,A0L,ftemp3       ; ht
-    FSTD    ftemp3,-8(%sp)       ; store ht
-
-    LDD     -24(%sp),m           ; load m
-    AND     m,high_mask,temp2    ; m & Mask
-    DEPD,Z  m,30,31,temp3        ; m << 32+1
-    LDD     -16(%sp),lt          ; lt
-
-    LDD     -8(%sp),ht           ; ht
-    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
-    ADD     temp3,lt,lt          ; lt = lt+m
-    ADD,L   ht,temp1,ht          ; ht += temp1
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C1,lt,C1             ; c1=c1+lt
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C2,ht,C2             ; c2=c2+ht
-    ADD,DC  C3,%r0,C3            ; c3++
-.endm
-
-SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
-    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)         ;
-    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)          ;
-    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)         ;
-
-    LDD     -8(%sp),m               ; r21 = m
-    LDD     -16(%sp),m1             ; r19 = m1
-    ADD,L   m,m1,m                  ; m+m1
-
-    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
-    LDD     -24(%sp),ht             ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
-    ADD,L   ht,high_one,ht          ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1           ; m >> 32
-    LDD     -32(%sp),lt             ; lt
-    ADD,L   ht,temp1,ht             ; ht+= m>>32
-    ADD     lt,temp3,lt             ; lt = lt+m1
-    ADD,DC  ht,%r0,ht               ; ht++
-
-    ADD     ht,ht,ht                ; ht=ht+ht;
-    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
-
-    ADD     lt,lt,lt                ; lt=lt+lt;
-    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
-
-    ADD     C1,lt,C1                ; c1=c1+lt
-    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
-    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2                ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-;
-;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba8
-	.PROC
-	.CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .ENTRY
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-	SQR_ADD_C a0L,a0R,c1,c2,c3
-	STD     c1,0(r_ptr)          ; r[0] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-	STD     c2,8(r_ptr)          ; r[1] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-	STD     c3,16(r_ptr)            ; r[2] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-	STD     c1,24(r_ptr)           ; r[3] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-	SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
-	STD     c2,32(r_ptr)          ; r[4] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
-	SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-	STD     c3,40(r_ptr)          ; r[5] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C a3L,a3R,c1,c2,c3
-	SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
-	SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
-	SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
-	STD     c1,48(r_ptr)          ; r[6] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
-	SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
-	SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
-	STD     c2,56(r_ptr)          ; r[7] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a4L,a4R,c3,c1,c2
-	SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
-	SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
-	SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
-	STD     c3,64(r_ptr)          ; r[8] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
-	SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
-	SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
-	STD     c1,72(r_ptr)          ; r[9] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a5L,a5R,c2,c3,c1
-	SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
-	SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
-	STD     c2,80(r_ptr)          ; r[10] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
-	SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
-	STD     c3,88(r_ptr)          ; r[11] = c3;
-	COPY    %r0,c3
-	
-	SQR_ADD_C a6L,a6R,c1,c2,c3
-	SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
-	STD     c1,96(r_ptr)          ; r[12] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
-	STD     c2,104(r_ptr)         ; r[13] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a7L,a7R,c3,c1,c2
-	STD     c3, 112(r_ptr)       ; r[14] = c3
-	STD     c1, 120(r_ptr)       ; r[15] = c1
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-;-----------------------------------------------------------------------------
-;
-;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba4
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-	SQR_ADD_C a0L,a0R,c1,c2,c3
-
-	STD     c1,0(r_ptr)          ; r[0] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-
-	STD     c2,8(r_ptr)          ; r[1] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-
-	STD     c3,16(r_ptr)            ; r[2] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-
-	STD     c1,24(r_ptr)           ; r[3] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-
-	STD     c2,32(r_ptr)           ; r[4] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-	STD     c3,40(r_ptr)           ; r[5] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C a3L,a3R,c1,c2,c3
-	STD     c1,48(r_ptr)           ; r[6] = c1;
-	STD     c2,56(r_ptr)           ; r[7] = c2;
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-
-;---------------------------------------------------------------------------
-
-MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
-    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)       ;
-    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)        ;
-    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)       ;
-
-    LDD     -8(%sp),m             ; r21 = m
-    LDD     -16(%sp),m1           ; r19 = m1
-    ADD,L   m,m1,m                ; m+m1
-
-    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
-    LDD     -24(%sp),ht           ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
-    ADD,L   ht,high_one,ht        ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1         ; m >> 32
-    LDD     -32(%sp),lt           ; lt
-    ADD,L   ht,temp1,ht           ; ht+= m>>32
-    ADD     lt,temp3,lt           ; lt = lt+m1
-    ADD,DC  ht,%r0,ht             ; ht++
-
-    ADD     C1,lt,C1              ; c1=c1+lt
-    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2              ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-
-;
-;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba8
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-    FLDD     32(a_ptr),a4       
-    FLDD     40(a_ptr),a5       
-    FLDD     48(a_ptr),a6       
-    FLDD     56(a_ptr),a7       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-    FLDD     32(b_ptr),b4       
-    FLDD     40(b_ptr),b5       
-    FLDD     48(b_ptr),b6       
-    FLDD     56(b_ptr),b7       
-
-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-	STD       c1,0(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-	STD       c2,8(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-	STD       c3,16(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-	STD       c1,24(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
-	STD       c2,32(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-	MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
-	STD       c3,40(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
-	STD       c1,48(r_ptr)
-	COPY      %r0,c1
-	
-	MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
-	MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
-	STD       c2,56(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
-	STD       c3,64(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
-	MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
-	MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
-	STD       c1,72(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
-	MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
-	MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
-	STD       c2,80(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
-	MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
-	STD       c3,88(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
-	STD       c1,96(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
-	MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
-	STD       c2,104(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
-	STD       c3,112(r_ptr)
-	STD       c1,120(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-;-----------------------------------------------------------------------------
-;
-;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba4
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-
-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-	STD       c1,0(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-	STD       c2,8(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-	STD       c3,16(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-	STD       c1,24(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-	STD       c2,32(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-	STD       c3,40(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-	STD       c1,48(r_ptr)
-	STD       c2,56(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-
-;--- not PIC	.SPACE	$TEXT$
-;--- not PIC	.SUBSPA	$CODE$
-;--- not PIC	.SPACE	$PRIVATE$,SORT=16
-;--- not PIC	.IMPORT	$global$,DATA
-;--- not PIC	.SPACE	$TEXT$
-;--- not PIC	.SUBSPA	$CODE$
-;--- not PIC	.SUBSPA	$LIT$,ACCESS=0x2c
-;--- not PIC	C$7
-;--- not PIC	.ALIGN	8
-;--- not PIC	.STRINGZ	"Division would overflow (%d)\n"
-	.END
diff --git a/crypto/bn/asm/pa-risc2W.s b/crypto/bn/asm/pa-risc2W.s
deleted file mode 100644
index a99545754d..0000000000
--- a/crypto/bn/asm/pa-risc2W.s
+++ /dev/null
@@ -1,1605 +0,0 @@
-;
-; PA-RISC 64-bit implementation of bn_asm code
-;
-; This code is approximately 2x faster than the C version
-; for RSA/DSA.
-;
-; See http://devresource.hp.com/  for more details on the PA-RISC
-; architecture.  Also see the book "PA-RISC 2.0 Architecture"
-; by Gerry Kane for information on the instruction set architecture.
-;
-; Code written by Chris Ruemmler (with some help from the HP C
-; compiler).
-;
-; The code compiles with HP's assembler
-;
-
-	.level	2.0W
-	.space	$TEXT$
-	.subspa	$CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
-
-;
-; Global Register definitions used for the routines.
-;
-; Some information about HP's runtime architecture for 64-bits.
-;
-; "Caller save" means the calling function must save the register
-; if it wants the register to be preserved.
-; "Callee save" means if a function uses the register, it must save
-; the value before using it.
-;
-; For the floating point registers 
-;
-;    "caller save" registers: fr4-fr11, fr22-fr31
-;    "callee save" registers: fr12-fr21
-;    "special" registers: fr0-fr3 (status and exception registers)
-;
-; For the integer registers
-;     value zero             :  r0
-;     "caller save" registers: r1,r19-r26
-;     "callee save" registers: r3-r18
-;     return register        :  r2  (rp)
-;     return values          ; r28  (ret0,ret1)
-;     Stack pointer          ; r30  (sp) 
-;     global data pointer    ; r27  (dp)
-;     argument pointer       ; r29  (ap)
-;     millicode return ptr   ; r31  (also a caller save register)
-
-
-;
-; Arguments to the routines
-;
-r_ptr       .reg %r26
-a_ptr       .reg %r25
-b_ptr       .reg %r24
-num         .reg %r24
-w           .reg %r23
-n           .reg %r23
-
-
-;
-; Globals used in some routines
-;
-
-top_overflow .reg %r29
-high_mask    .reg %r22    ; value 0xffffffff80000000L
-
-
-;------------------------------------------------------------------------------
-;
-; bn_mul_add_words
-;
-;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
-;								int num, BN_ULONG w)
-;
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = num
-; arg3 = w
-;
-; Local register definitions
-;
-
-fm1          .reg %fr22
-fm           .reg %fr23
-ht_temp      .reg %fr24
-ht_temp_1    .reg %fr25
-lt_temp      .reg %fr26
-lt_temp_1    .reg %fr27
-fm1_1        .reg %fr28
-fm_1         .reg %fr29
-
-fw_h         .reg %fr7L
-fw_l         .reg %fr7R
-fw           .reg %fr7
-
-fht_0        .reg %fr8L
-flt_0        .reg %fr8R
-t_float_0    .reg %fr8
-
-fht_1        .reg %fr9L
-flt_1        .reg %fr9R
-t_float_1    .reg %fr9
-
-tmp_0        .reg %r31
-tmp_1        .reg %r21
-m_0          .reg %r20 
-m_1          .reg %r19 
-ht_0         .reg %r1  
-ht_1         .reg %r3
-lt_0         .reg %r4
-lt_1         .reg %r5
-m1_0         .reg %r6 
-m1_1         .reg %r7 
-rp_val       .reg %r8
-rp_val_1     .reg %r9
-
-bn_mul_add_words
-	.export	bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
-	.proc
-	.callinfo frame=128
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP                         ; Needed to make the loop 16-byte aligned
-	NOP                         ; Needed to make the loop 16-byte aligned
-
-    STD     %r5,16(%sp)         ; save r5  
-    STD     %r6,24(%sp)         ; save r6  
-    STD     %r7,32(%sp)         ; save r7  
-    STD     %r8,40(%sp)         ; save r8  
-
-    STD     %r9,48(%sp)         ; save r9  
-    COPY    %r0,%ret0           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-	STD     w,56(%sp)           ; store w on stack
-
-    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
-	LDO     128(%sp),%sp       ; bump stack
-
-	;
-	; The loop is unrolled twice, so if there is only 1 number
-    ; then go straight to the cleanup code.
-	;
-	CMPIB,= 1,num,bn_mul_add_words_single_top
-	FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_add_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val          ; rp[0]
-    LDD     8(r_ptr),rp_val_1        ; rp[1]
-
-    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
-    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
-    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
-
-    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
-    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
-    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
-    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
-
-    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
-    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
-    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
-
-    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
-    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
-
-    LDD     -8(%sp),m_0              ; m[0] 
-    LDD     -40(%sp),m_1             ; m[1]
-    LDD     -16(%sp),m1_0            ; m1[0]
-    LDD     -48(%sp),m1_1            ; m1[1]
-
-    LDD     -24(%sp),ht_0            ; ht[0]
-    LDD     -56(%sp),ht_1            ; ht[1]
-    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
-    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
-
-    LDD     -32(%sp),lt_0            
-    LDD     -64(%sp),lt_1            
-    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
-    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
-
-    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
-    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
-    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
-    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
-
-    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
-    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
-    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
-    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
-
-    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-
-    ADD    %ret0,lt_0,lt_0           ; lt[0] = lt[0] + c;
-	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
-    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
-
-	LDO    -2(num),num               ; num = num - 2;
-    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
-    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
-    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
-
-    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
-    ADD,DC  ht_1,%r0,%ret0           ; ht[1]++
-    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
-
-    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
-	CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
-    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
-
-    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_mul_add_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    LDD     0(r_ptr),rp_val           ; rp[0]
-    LDO     8(a_ptr),a_ptr            ; a_ptr++
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              ; m1 = temp1 
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     %ret0,tmp_0,lt_0          ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
-    ADD,DC  ht_0,%r0,%ret0            ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_add_words_exit
-    .EXIT
-    LDD     -80(%sp),%r9              ; restore r9  
-    LDD     -88(%sp),%r8              ; restore r8  
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-;
-; arg0 = rp
-; arg1 = ap
-; arg2 = num
-; arg3 = w
-
-bn_mul_words
-	.proc
-	.callinfo frame=128
-    .entry
-	.EXPORT	bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-    STD     %r5,16(%sp)         ; save r5  
-    STD     %r6,24(%sp)         ; save r6  
-
-    STD     %r7,32(%sp)         ; save r7  
-    COPY    %r0,%ret0           ; return 0 by default
-    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
-	STD     w,56(%sp)           ; w on stack
-
-    CMPIB,>= 0,num,bn_mul_words_exit
-	LDO     128(%sp),%sp       ; bump stack
-
-	;
-	; See if only 1 word to do, thus just do cleanup
-	;
-	CMPIB,= 1,num,bn_mul_words_single_top
-	FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
-    ; two 32-bit mutiplies can be issued per cycle.
-    ; 
-bn_mul_words_unroll2
-
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
-    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
-
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
-
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
-    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
-
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
-
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
-    LDD     -8(%sp),m_0               
-    LDD     -40(%sp),m_1              
-
-    LDD    -16(%sp),m1_0              
-    LDD    -48(%sp),m1_1              
-    LDD     -24(%sp),ht_0             
-    LDD     -56(%sp),ht_1             
-
-    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
-    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
-    LDD     -32(%sp),lt_0             
-    LDD     -64(%sp),lt_1             
-
-    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
-    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
-    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
-	ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    ADD    %ret0,lt_0,lt_0            ; lt = lt + c (ret0);
-	ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
-    ADD,DC  ht_1,%r0,ht_1             ; ht++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     lt_1,8(r_ptr)             ; rp[1] = lt
-
-	COPY    ht_1,%ret0                ; carry = ht
-	LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-	CMPIB,<= 2,num,bn_mul_words_unroll2
-    LDO     16(r_ptr),r_ptr           ; rp++
-
-    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_mul_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
-    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
-    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
-    FSTD    fm,-8(%sp)                ; -8(sp) = m
-    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
-    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
-    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
-    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
-
-    LDD     -8(%sp),m_0               
-    LDD    -16(%sp),m1_0              
-    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
-    LDD     -24(%sp),ht_0             
-    LDD     -32(%sp),lt_0             
-
-    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
-    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
-
-    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
-    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
-
-    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
-    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    ADD     %ret0,lt_0,lt_0           ; lt = lt + c;
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    COPY    ht_0,%ret0                ; copy carry
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-
-bn_mul_words_exit
-    .EXIT
-    LDD     -96(%sp),%r7              ; restore r7  
-    LDD     -104(%sp),%r6             ; restore r6  
-    LDD     -112(%sp),%r5             ; restore r5  
-    LDD     -120(%sp),%r4             ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3             ; restore r3
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
-;
-; arg0 = rp
-; arg1 = ap
-; arg2 = num
-;
-
-bn_sqr_words
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3  
-    STD     %r4,8(%sp)          ; save r4  
-	NOP
-    STD     %r5,16(%sp)         ; save r5  
-
-    CMPIB,>= 0,num,bn_sqr_words_exit
-	LDO     128(%sp),%sp       ; bump stack
-
-	;
-	; If only 1, the goto straight to cleanup
-	;
-	CMPIB,= 1,num,bn_sqr_words_single_top
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-
-bn_sqr_words_unroll2
-    FLDD    0(a_ptr),t_float_0        ; a[0]
-    FLDD    8(a_ptr),t_float_1        ; a[1]
-    XMPYU   fht_0,flt_0,fm            ; m[0]
-    XMPYU   fht_1,flt_1,fm_1          ; m[1]
-
-    FSTD    fm,-24(%sp)               ; store m[0]
-    FSTD    fm_1,-56(%sp)             ; store m[1]
-    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
-    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
-
-    FSTD    lt_temp,-16(%sp)          ; store lt[0]
-    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
-    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
-    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
-
-    FSTD    ht_temp,-8(%sp)           ; store ht[0]
-    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
-    LDD     -24(%sp),m_0             
-    LDD     -56(%sp),m_1              
-
-    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
-    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
-    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
-
-    LDD     -16(%sp),lt_0        
-    LDD     -48(%sp),lt_1        
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
-    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
-
-    LDD     -8(%sp),ht_0            
-    LDD     -40(%sp),ht_1           
-    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
-    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
-
-    ADD     lt_0,m_0,lt_0             ; lt = lt+m
-    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
-
-    ADD     lt_1,m_1,lt_1             ; lt = lt+m
-    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
-    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
-    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
-
-	LDO    -2(num),num                ; num = num - 2;
-    LDO     16(a_ptr),a_ptr           ; ap += 2
-	CMPIB,<= 2,num,bn_sqr_words_unroll2
-    LDO     32(r_ptr),r_ptr           ; rp += 4
-
-    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
-
-	;
-	; Top of loop aligned on 64-byte boundary
-	;
-bn_sqr_words_single_top
-    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
-
-    XMPYU   fht_0,flt_0,fm            ; m
-    FSTD    fm,-24(%sp)               ; store m
-
-    XMPYU   flt_0,flt_0,lt_temp       ; lt
-    FSTD    lt_temp,-16(%sp)          ; store lt
-
-    XMPYU   fht_0,fht_0,ht_temp       ; ht
-    FSTD    ht_temp,-8(%sp)           ; store ht
-
-    LDD     -24(%sp),m_0              ; load m
-    AND     m_0,high_mask,tmp_0       ; m & Mask
-    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
-    LDD     -16(%sp),lt_0             ; lt
-
-    LDD     -8(%sp),ht_0              ; ht
-    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
-    ADD     m_0,lt_0,lt_0             ; lt = lt+m
-    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
-    ADD,DC  ht_0,%r0,ht_0             ; ht++
-
-    STD     lt_0,0(r_ptr)             ; rp[0] = lt
-    STD     ht_0,8(r_ptr)             ; rp[1] = ht
-
-bn_sqr_words_exit
-    .EXIT
-    LDD     -112(%sp),%r5       ; restore r5  
-    LDD     -120(%sp),%r4       ; restore r4  
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3 
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t  .reg %r22
-b  .reg %r21
-l  .reg %r20
-
-bn_add_words
-	.proc
-    .entry
-	.callinfo
-	.EXPORT	bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.align 64
-
-    CMPIB,>= 0,n,bn_add_words_exit
-    COPY    %r0,%ret0           ; return 0 by default
-
-	;
-	; If 2 or more numbers do the loop
-	;
-	CMPIB,= 1,n,bn_add_words_single_top
-	NOP
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-bn_add_words_unroll2
-	LDD     0(a_ptr),t
-	LDD     0(b_ptr),b
-	ADD     t,%ret0,t                    ; t = t+c;
-	ADD,DC  %r0,%r0,%ret0                ; set c to carry
-	ADD     t,b,l                        ; l = t + b[0]
-	ADD,DC  %ret0,%r0,%ret0              ; c+= carry
-	STD     l,0(r_ptr)
-
-	LDD     8(a_ptr),t
-	LDD     8(b_ptr),b
-	ADD     t,%ret0,t                     ; t = t+c;
-	ADD,DC  %r0,%r0,%ret0                 ; set c to carry
-	ADD     t,b,l                         ; l = t + b[0]
-	ADD,DC  %ret0,%r0,%ret0               ; c+= carry
-	STD     l,8(r_ptr)
-
-	LDO     -2(n),n
-	LDO     16(a_ptr),a_ptr
-	LDO     16(b_ptr),b_ptr
-
-	CMPIB,<= 2,n,bn_add_words_unroll2
-	LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
-
-bn_add_words_single_top
-	LDD     0(a_ptr),t
-	LDD     0(b_ptr),b
-
-	ADD     t,%ret0,t                 ; t = t+c;
-	ADD,DC  %r0,%r0,%ret0             ; set c to carry (could use CMPCLR??)
-	ADD     t,b,l                     ; l = t + b[0]
-	ADD,DC  %ret0,%r0,%ret0           ; c+= carry
-	STD     l,0(r_ptr)
-
-bn_add_words_exit
-    .EXIT
-    BVE     (%rp)
-	NOP
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-;
-; arg0 = rp 
-; arg1 = ap
-; arg2 = bp 
-; arg3 = n
-
-t1       .reg %r22
-t2       .reg %r21
-sub_tmp1 .reg %r20
-sub_tmp2 .reg %r19
-
-
-bn_sub_words
-	.proc
-	.callinfo 
-	.EXPORT	bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    CMPIB,>=  0,n,bn_sub_words_exit
-    COPY    %r0,%ret0           ; return 0 by default
-
-	;
-	; If 2 or more numbers do the loop
-	;
-	CMPIB,= 1,n,bn_sub_words_single_top
-	NOP
-
-	;
-	; This loop is unrolled 2 times (64-byte aligned as well)
-	;
-bn_sub_words_unroll2
-	LDD     0(a_ptr),t1
-	LDD     0(b_ptr),t2
-	SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret0,sub_tmp1  ; t3 = t3- c; 
-
-	CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret0
-	STD     sub_tmp1,0(r_ptr)
-
-	LDD     8(a_ptr),t1
-	LDD     8(b_ptr),t2
-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret0
-	STD     sub_tmp1,8(r_ptr)
-
-	LDO     -2(n),n
-	LDO     16(a_ptr),a_ptr
-	LDO     16(b_ptr),b_ptr
-
-	CMPIB,<= 2,n,bn_sub_words_unroll2
-	LDO     16(r_ptr),r_ptr
-
-    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
-
-bn_sub_words_single_top
-	LDD     0(a_ptr),t1
-	LDD     0(b_ptr),t2
-	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
-	SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
-	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
-	LDO      1(%r0),sub_tmp2
-	
-	CMPCLR,*= t1,t2,%r0
-	COPY    sub_tmp2,%ret0
-
-	STD     sub_tmp1,0(r_ptr)
-
-bn_sub_words_exit
-    .EXIT
-    BVE     (%rp)
-	NOP
-	.PROCEND	;in=23,24,25,26,29;out=28;
-
-;------------------------------------------------------------------------------
-;
-; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
-;
-; arg0 = h
-; arg1 = l
-; arg2 = d
-;
-; This is mainly just modified assembly from the compiler, thus the
-; lack of variable names.
-;
-;------------------------------------------------------------------------------
-bn_div_words
-	.proc
-	.callinfo CALLER,FRAME=272,ENTRY_GR=%r10,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-	.IMPORT	BN_num_bits_word,CODE,NO_RELOCATION
-	.IMPORT	__iob,DATA
-	.IMPORT	fprintf,CODE,NO_RELOCATION
-	.IMPORT	abort,CODE,NO_RELOCATION
-	.IMPORT	$$div2U,MILLICODE
-    .entry
-    STD     %r2,-16(%r30)   
-    STD,MA  %r3,352(%r30)   
-    STD     %r4,-344(%r30)  
-    STD     %r5,-336(%r30)  
-    STD     %r6,-328(%r30)  
-    STD     %r7,-320(%r30)  
-    STD     %r8,-312(%r30)  
-    STD     %r9,-304(%r30)  
-    STD     %r10,-296(%r30)
-
-    STD     %r27,-288(%r30)             ; save gp
-
-    COPY    %r24,%r3           ; save d 
-    COPY    %r26,%r4           ; save h (high 64-bits)
-    LDO      -1(%r0),%ret0     ; return -1 by default	
-
-    CMPB,*=  %r0,%arg2,$D3     ; if (d == 0)
-    COPY    %r25,%r5           ; save l (low 64-bits)
-
-    LDO     -48(%r30),%r29     ; create ap 
-    .CALL   ;in=26,29;out=28;
-    B,L     BN_num_bits_word,%r2 
-    COPY    %r3,%r26        
-    LDD     -288(%r30),%r27    ; restore gp 
-    LDI     64,%r21 
-
-    CMPB,=  %r21,%ret0,$00000012   ;if (i == 64) (forward) 
-    COPY    %ret0,%r24             ; i   
-    MTSARCM %r24    
-    DEPDI,Z -1,%sar,1,%r29  
-    CMPB,*<<,N %r29,%r4,bn_div_err_case ; if (h > 1<<i) (forward) 
-
-$00000012
-    SUBI    64,%r24,%r31                       ; i = 64 - i;
-    CMPCLR,*<< %r4,%r3,%r0                     ; if (h >= d)
-    SUB     %r4,%r3,%r4                        ; h -= d
-    CMPB,=  %r31,%r0,$0000001A                 ; if (i)
-    COPY    %r0,%r10                           ; ret = 0
-    MTSARCM %r31                               ; i to shift
-    DEPD,Z  %r3,%sar,64,%r3                    ; d <<= i;
-    SUBI    64,%r31,%r19                       ; 64 - i; redundent
-    MTSAR   %r19                               ; (64 -i) to shift
-    SHRPD   %r4,%r5,%sar,%r4                   ; l>> (64-i)
-    MTSARCM %r31                               ; i to shift
-    DEPD,Z  %r5,%sar,64,%r5                    ; l <<= i;
-
-$0000001A
-    DEPDI,Z -1,31,32,%r19                      
-    EXTRD,U %r3,31,32,%r6                      ; dh=(d&0xfff)>>32
-    EXTRD,U %r3,63,32,%r8                      ; dl = d&0xffffff
-    LDO     2(%r0),%r9
-    STD    %r3,-280(%r30)                      ; "d" to stack
-
-$0000001C
-    DEPDI,Z -1,63,32,%r29                      ; 
-    EXTRD,U %r4,31,32,%r31                     ; h >> 32
-    CMPB,*=,N  %r31,%r6,$D2     	       ; if ((h>>32) != dh)(forward) div
-    COPY    %r4,%r26       
-    EXTRD,U %r4,31,32,%r25 
-    COPY    %r6,%r24      
-    .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
-    B,L     $$div2U,%r2     
-    EXTRD,U %r6,31,32,%r23  
-    DEPD    %r28,31,32,%r29 
-$D2
-    STD     %r29,-272(%r30)                   ; q
-    AND     %r5,%r19,%r24                   ; t & 0xffffffff00000000;
-    EXTRD,U %r24,31,32,%r24                 ; ??? 
-    FLDD    -272(%r30),%fr7                 ; q
-    FLDD    -280(%r30),%fr8                 ; d
-    XMPYU   %fr8L,%fr7L,%fr10  
-    FSTD    %fr10,-256(%r30)   
-    XMPYU   %fr8L,%fr7R,%fr22  
-    FSTD    %fr22,-264(%r30)   
-    XMPYU   %fr8R,%fr7L,%fr11 
-    XMPYU   %fr8R,%fr7R,%fr23
-    FSTD    %fr11,-232(%r30)
-    FSTD    %fr23,-240(%r30)
-    LDD     -256(%r30),%r28
-    DEPD,Z  %r28,31,32,%r2 
-    LDD     -264(%r30),%r20
-    ADD,L   %r20,%r2,%r31   
-    LDD     -232(%r30),%r22 
-    DEPD,Z  %r22,31,32,%r22 
-    LDD     -240(%r30),%r21 
-    B       $00000024       ; enter loop  
-    ADD,L   %r21,%r22,%r23 
-
-$0000002A
-    LDO     -1(%r29),%r29   
-    SUB     %r23,%r8,%r23   
-$00000024
-    SUB     %r4,%r31,%r25   
-    AND     %r25,%r19,%r26  
-    CMPB,*<>,N      %r0,%r26,$00000046  ; (forward)
-    DEPD,Z  %r25,31,32,%r20 
-    OR      %r20,%r24,%r21  
-    CMPB,*<<,N  %r21,%r23,$0000002A ;(backward) 
-    SUB     %r31,%r6,%r31   
-;-------------Break path---------------------
-
-$00000046
-    DEPD,Z  %r23,31,32,%r25              ;tl
-    EXTRD,U %r23,31,32,%r26              ;t
-    AND     %r25,%r19,%r24               ;tl = (tl<<32)&0xfffffff0000000L
-    ADD,L   %r31,%r26,%r31               ;th += t; 
-    CMPCLR,*>>=     %r5,%r24,%r0         ;if (l<tl)
-    LDO     1(%r31),%r31                 ; th++;
-    CMPB,*<<=,N     %r31,%r4,$00000036   ;if (n < th) (forward)
-    LDO     -1(%r29),%r29                ;q--; 
-    ADD,L   %r4,%r3,%r4                  ;h += d;
-$00000036
-    ADDIB,=,N       -1,%r9,$D1 ;if (--count == 0) break (forward) 
-    SUB     %r5,%r24,%r28                ; l -= tl;
-    SUB     %r4,%r31,%r24                ; h -= th;
-    SHRPD   %r24,%r28,32,%r4             ; h = ((h<<32)|(l>>32));
-    DEPD,Z  %r29,31,32,%r10              ; ret = q<<32
-    b      $0000001C
-    DEPD,Z  %r28,31,32,%r5               ; l = l << 32 
-
-$D1
-    OR      %r10,%r29,%r28           ; ret |= q
-$D3
-    LDD     -368(%r30),%r2  
-$D0
-    LDD     -296(%r30),%r10 
-    LDD     -304(%r30),%r9  
-    LDD     -312(%r30),%r8  
-    LDD     -320(%r30),%r7  
-    LDD     -328(%r30),%r6  
-    LDD     -336(%r30),%r5  
-    LDD     -344(%r30),%r4  
-    BVE     (%r2)   
-        .EXIT
-    LDD,MB  -352(%r30),%r3 
-
-bn_div_err_case
-    MFIA    %r6     
-    ADDIL   L'bn_div_words-bn_div_err_case,%r6,%r1 
-    LDO     R'bn_div_words-bn_div_err_case(%r1),%r6  
-    ADDIL   LT'__iob,%r27,%r1       
-    LDD     RT'__iob(%r1),%r26      
-    ADDIL   L'C$4-bn_div_words,%r6,%r1    
-    LDO     R'C$4-bn_div_words(%r1),%r25  
-    LDO     64(%r26),%r26   
-    .CALL           ;in=24,25,26,29;out=28;
-    B,L     fprintf,%r2    
-    LDO     -48(%r30),%r29 
-    LDD     -288(%r30),%r27
-    .CALL           ;in=29;
-    B,L     abort,%r2      
-    LDO     -48(%r30),%r29 
-    LDD     -288(%r30),%r27
-    B       $D0         
-    LDD     -368(%r30),%r2  
-	.PROCEND	;in=24,25,26,29;out=28;
-
-;----------------------------------------------------------------------------
-;
-; Registers to hold 64-bit values to manipulate.  The "L" part
-; of the register corresponds to the upper 32-bits, while the "R"
-; part corresponds to the lower 32-bits
-; 
-; Note, that when using b6 and b7, the code must save these before
-; using them because they are callee save registers 
-; 
-;
-; Floating point registers to use to save values that
-; are manipulated.  These don't collide with ftemp1-6 and
-; are all caller save registers
-;
-a0        .reg %fr22
-a0L       .reg %fr22L
-a0R       .reg %fr22R
-
-a1        .reg %fr23
-a1L       .reg %fr23L
-a1R       .reg %fr23R
-
-a2        .reg %fr24
-a2L       .reg %fr24L
-a2R       .reg %fr24R
-
-a3        .reg %fr25
-a3L       .reg %fr25L
-a3R       .reg %fr25R
-
-a4        .reg %fr26
-a4L       .reg %fr26L
-a4R       .reg %fr26R
-
-a5        .reg %fr27
-a5L       .reg %fr27L
-a5R       .reg %fr27R
-
-a6        .reg %fr28
-a6L       .reg %fr28L
-a6R       .reg %fr28R
-
-a7        .reg %fr29
-a7L       .reg %fr29L
-a7R       .reg %fr29R
-
-b0        .reg %fr30
-b0L       .reg %fr30L
-b0R       .reg %fr30R
-
-b1        .reg %fr31
-b1L       .reg %fr31L
-b1R       .reg %fr31R
-
-;
-; Temporary floating point variables, these are all caller save
-; registers
-;
-ftemp1    .reg %fr4
-ftemp2    .reg %fr5
-ftemp3    .reg %fr6
-ftemp4    .reg %fr7
-
-;
-; The B set of registers when used.
-;
-
-b2        .reg %fr8
-b2L       .reg %fr8L
-b2R       .reg %fr8R
-
-b3        .reg %fr9
-b3L       .reg %fr9L
-b3R       .reg %fr9R
-
-b4        .reg %fr10
-b4L       .reg %fr10L
-b4R       .reg %fr10R
-
-b5        .reg %fr11
-b5L       .reg %fr11L
-b5R       .reg %fr11R
-
-b6        .reg %fr12
-b6L       .reg %fr12L
-b6R       .reg %fr12R
-
-b7        .reg %fr13
-b7L       .reg %fr13L
-b7R       .reg %fr13R
-
-c1           .reg %r21   ; only reg
-temp1        .reg %r20   ; only reg
-temp2        .reg %r19   ; only reg
-temp3        .reg %r31   ; only reg
-
-m1           .reg %r28   
-c2           .reg %r23   
-high_one     .reg %r1
-ht           .reg %r6
-lt           .reg %r5
-m            .reg %r4
-c3           .reg %r3
-
-SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
-    XMPYU   A0L,A0R,ftemp1       ; m
-    FSTD    ftemp1,-24(%sp)      ; store m
-
-    XMPYU   A0R,A0R,ftemp2       ; lt
-    FSTD    ftemp2,-16(%sp)      ; store lt
-
-    XMPYU   A0L,A0L,ftemp3       ; ht
-    FSTD    ftemp3,-8(%sp)       ; store ht
-
-    LDD     -24(%sp),m           ; load m
-    AND     m,high_mask,temp2    ; m & Mask
-    DEPD,Z  m,30,31,temp3        ; m << 32+1
-    LDD     -16(%sp),lt          ; lt
-
-    LDD     -8(%sp),ht           ; ht
-    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
-    ADD     temp3,lt,lt          ; lt = lt+m
-    ADD,L   ht,temp1,ht          ; ht += temp1
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C1,lt,C1             ; c1=c1+lt
-    ADD,DC  ht,%r0,ht            ; ht++
-
-    ADD     C2,ht,C2             ; c2=c2+ht
-    ADD,DC  C3,%r0,C3            ; c3++
-.endm
-
-SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
-    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)         ;
-    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)          ;
-    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)         ;
-
-    LDD     -8(%sp),m               ; r21 = m
-    LDD     -16(%sp),m1             ; r19 = m1
-    ADD,L   m,m1,m                  ; m+m1
-
-    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
-    LDD     -24(%sp),ht             ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
-    ADD,L   ht,high_one,ht          ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1           ; m >> 32
-    LDD     -32(%sp),lt             ; lt
-    ADD,L   ht,temp1,ht             ; ht+= m>>32
-    ADD     lt,temp3,lt             ; lt = lt+m1
-    ADD,DC  ht,%r0,ht               ; ht++
-
-    ADD     ht,ht,ht                ; ht=ht+ht;
-    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
-
-    ADD     lt,lt,lt                ; lt=lt+lt;
-    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
-
-    ADD     C1,lt,C1                ; c1=c1+lt
-    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
-    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2                ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-;
-;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba8
-	.PROC
-	.CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .ENTRY
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-	SQR_ADD_C a0L,a0R,c1,c2,c3
-	STD     c1,0(r_ptr)          ; r[0] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-	STD     c2,8(r_ptr)          ; r[1] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-	STD     c3,16(r_ptr)            ; r[2] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-	STD     c1,24(r_ptr)           ; r[3] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-	SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
-	STD     c2,32(r_ptr)          ; r[4] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
-	SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-	STD     c3,40(r_ptr)          ; r[5] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C a3L,a3R,c1,c2,c3
-	SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
-	SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
-	SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
-	STD     c1,48(r_ptr)          ; r[6] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
-	SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
-	SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
-	STD     c2,56(r_ptr)          ; r[7] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a4L,a4R,c3,c1,c2
-	SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
-	SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
-	SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
-	STD     c3,64(r_ptr)          ; r[8] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
-	SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
-	SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
-	STD     c1,72(r_ptr)          ; r[9] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a5L,a5R,c2,c3,c1
-	SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
-	SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
-	STD     c2,80(r_ptr)          ; r[10] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
-	SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
-	STD     c3,88(r_ptr)          ; r[11] = c3;
-	COPY    %r0,c3
-	
-	SQR_ADD_C a6L,a6R,c1,c2,c3
-	SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
-	STD     c1,96(r_ptr)          ; r[12] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
-	STD     c2,104(r_ptr)         ; r[13] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a7L,a7R,c3,c1,c2
-	STD     c3, 112(r_ptr)       ; r[14] = c3
-	STD     c1, 120(r_ptr)       ; r[15] = c1
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-;-----------------------------------------------------------------------------
-;
-;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-; arg0 = r_ptr
-; arg1 = a_ptr
-;
-
-bn_sqr_comba4
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD     0(a_ptr),a0       
-    FLDD     8(a_ptr),a1       
-    FLDD    16(a_ptr),a2       
-    FLDD    24(a_ptr),a3       
-    FLDD    32(a_ptr),a4       
-    FLDD    40(a_ptr),a5       
-    FLDD    48(a_ptr),a6       
-    FLDD    56(a_ptr),a7       
-
-	SQR_ADD_C a0L,a0R,c1,c2,c3
-
-	STD     c1,0(r_ptr)          ; r[0] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
-
-	STD     c2,8(r_ptr)          ; r[1] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C a1L,a1R,c3,c1,c2
-	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
-
-	STD     c3,16(r_ptr)            ; r[2] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
-	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
-
-	STD     c1,24(r_ptr)           ; r[3] = c1;
-	COPY    %r0,c1
-
-	SQR_ADD_C a2L,a2R,c2,c3,c1
-	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
-
-	STD     c2,32(r_ptr)           ; r[4] = c2;
-	COPY    %r0,c2
-
-	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
-	STD     c3,40(r_ptr)           ; r[5] = c3;
-	COPY    %r0,c3
-
-	SQR_ADD_C a3L,a3R,c1,c2,c3
-	STD     c1,48(r_ptr)           ; r[6] = c1;
-	STD     c2,56(r_ptr)           ; r[7] = c2;
-
-    .EXIT
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-
-;---------------------------------------------------------------------------
-
-MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
-    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
-    FSTD    ftemp1,-16(%sp)       ;
-    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
-    FSTD    ftemp2,-8(%sp)        ;
-    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
-    FSTD    ftemp3,-32(%sp)
-    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
-    FSTD    ftemp4,-24(%sp)       ;
-
-    LDD     -8(%sp),m             ; r21 = m
-    LDD     -16(%sp),m1           ; r19 = m1
-    ADD,L   m,m1,m                ; m+m1
-
-    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
-    LDD     -24(%sp),ht           ; r24 = ht
-
-    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
-    ADD,L   ht,high_one,ht        ; ht+=high_one
-
-    EXTRD,U m,31,32,temp1         ; m >> 32
-    LDD     -32(%sp),lt           ; lt
-    ADD,L   ht,temp1,ht           ; ht+= m>>32
-    ADD     lt,temp3,lt           ; lt = lt+m1
-    ADD,DC  ht,%r0,ht             ; ht++
-
-    ADD     C1,lt,C1              ; c1=c1+lt
-    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
-
-    ADD     C2,ht,C2              ; c2 = c2 + ht
-    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
-.endm
-
-
-;
-;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba8
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-    FLDD     32(a_ptr),a4       
-    FLDD     40(a_ptr),a5       
-    FLDD     48(a_ptr),a6       
-    FLDD     56(a_ptr),a7       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-    FLDD     32(b_ptr),b4       
-    FLDD     40(b_ptr),b5       
-    FLDD     48(b_ptr),b6       
-    FLDD     56(b_ptr),b7       
-
-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-	STD       c1,0(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-	STD       c2,8(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-	STD       c3,16(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-	STD       c1,24(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
-	STD       c2,32(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-	MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
-	STD       c3,40(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
-	STD       c1,48(r_ptr)
-	COPY      %r0,c1
-	
-	MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
-	MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
-	STD       c2,56(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
-	STD       c3,64(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
-	MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
-	MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
-	STD       c1,72(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
-	MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
-	MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
-	MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
-	MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
-	STD       c2,80(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
-	MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
-	MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
-	MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
-	STD       c3,88(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
-	MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
-	MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
-	STD       c1,96(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
-	MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
-	STD       c2,104(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
-	STD       c3,112(r_ptr)
-	STD       c1,120(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-;-----------------------------------------------------------------------------
-;
-;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-; arg0 = r_ptr
-; arg1 = a_ptr
-; arg2 = b_ptr
-;
-
-bn_mul_comba4
-	.proc
-	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
-	.EXPORT	bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
-    .entry
-	.align 64
-
-    STD     %r3,0(%sp)          ; save r3
-    STD     %r4,8(%sp)          ; save r4
-    STD     %r5,16(%sp)         ; save r5
-    STD     %r6,24(%sp)         ; save r6
-    FSTD    %fr12,32(%sp)       ; save r6
-    FSTD    %fr13,40(%sp)       ; save r7
-
-	;
-	; Zero out carries
-	;
-	COPY     %r0,c1
-	COPY     %r0,c2
-	COPY     %r0,c3
-
-	LDO      128(%sp),%sp       ; bump stack
-    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
-
-	;
-	; Load up all of the values we are going to use
-	;
-    FLDD      0(a_ptr),a0       
-    FLDD      8(a_ptr),a1       
-    FLDD     16(a_ptr),a2       
-    FLDD     24(a_ptr),a3       
-
-    FLDD      0(b_ptr),b0       
-    FLDD      8(b_ptr),b1       
-    FLDD     16(b_ptr),b2       
-    FLDD     24(b_ptr),b3       
-
-	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
-	STD       c1,0(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
-	STD       c2,8(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
-	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
-	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
-	STD       c3,16(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
-	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
-	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
-	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
-	STD       c1,24(r_ptr)
-	COPY      %r0,c1
-
-	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
-	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
-	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
-	STD       c2,32(r_ptr)
-	COPY      %r0,c2
-
-	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
-	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
-	STD       c3,40(r_ptr)
-	COPY      %r0,c3
-
-	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
-	STD       c1,48(r_ptr)
-	STD       c2,56(r_ptr)
-
-    .EXIT
-    FLDD    -88(%sp),%fr13 
-    FLDD    -96(%sp),%fr12 
-    LDD     -104(%sp),%r6        ; restore r6
-    LDD     -112(%sp),%r5        ; restore r5
-    LDD     -120(%sp),%r4        ; restore r4
-    BVE     (%rp)
-    LDD,MB  -128(%sp),%r3
-
-	.PROCEND	
-
-
-	.SPACE	$TEXT$
-	.SUBSPA	$CODE$
-	.SPACE	$PRIVATE$,SORT=16
-	.IMPORT	$global$,DATA
-	.SPACE	$TEXT$
-	.SUBSPA	$CODE$
-	.SUBSPA	$LIT$,ACCESS=0x2c
-C$4
-	.ALIGN	8
-	.STRINGZ	"Division would overflow (%d)\n"
-	.END
diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl
deleted file mode 100644
index c02ef6f014..0000000000
--- a/crypto/bn/asm/parisc-mont.pl
+++ /dev/null
@@ -1,995 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# On PA-7100LC this module performs ~90-50% better, less for longer
-# keys, than code generated by gcc 3.2 for PA-RISC 1.1. Latter means
-# that compiler utilized xmpyu instruction to perform 32x32=64-bit
-# multiplication, which in turn means that "baseline" performance was
-# optimal in respect to instruction set capabilities. Fair comparison
-# with vendor compiler is problematic, because OpenSSL doesn't define
-# BN_LLONG [presumably] for historical reasons, which drives compiler
-# toward 4 times 16x16=32-bit multiplicatons [plus complementary
-# shifts and additions] instead. This means that you should observe
-# several times improvement over code generated by vendor compiler
-# for PA-RISC 1.1, but the "baseline" is far from optimal. The actual
-# improvement coefficient was never collected on PA-7100LC, or any
-# other 1.1 CPU, because I don't have access to such machine with
-# vendor compiler. But to give you a taste, PA-RISC 1.1 code path
-# reportedly outperformed code generated by cc +DA1.1 +O3 by factor
-# of ~5x on PA-8600.
-#
-# On PA-RISC 2.0 it has to compete with pa-risc2[W].s, which is
-# reportedly ~2x faster than vendor compiler generated code [according
-# to comment in pa-risc2[W].s]. Here comes a catch. Execution core of
-# this implementation is actually 32-bit one, in the sense that it
-# operates on 32-bit values. But pa-risc2[W].s operates on arrays of
-# 64-bit BN_LONGs... How do they interoperate then? No problem. This
-# module picks halves of 64-bit values in reverse order and pretends
-# they were 32-bit BN_LONGs. But can 32-bit core compete with "pure"
-# 64-bit code such as pa-risc2[W].s then? Well, the thing is that
-# 32x32=64-bit multiplication is the best even PA-RISC 2.0 can do,
-# i.e. there is no "wider" multiplication like on most other 64-bit
-# platforms. This means that even being effectively 32-bit, this
-# implementation performs "64-bit" computational task in same amount
-# of arithmetic operations, most notably multiplications. It requires
-# more memory references, most notably to tp[num], but this doesn't
-# seem to exhaust memory port capacity. And indeed, dedicated PA-RISC
-# 2.0 code path provides virtually same performance as pa-risc2[W].s:
-# it's ~10% better for shortest key length and ~10% worse for longest
-# one.
-#
-# In case it wasn't clear. The module has two distinct code paths:
-# PA-RISC 1.1 and PA-RISC 2.0 ones. Latter features carry-free 64-bit
-# additions and 64-bit integer loads, not to mention specific
-# instruction scheduling. In 64-bit build naturally only 2.0 code path
-# is assembled. In 32-bit application context both code paths are
-# assembled, PA-RISC 2.0 CPU is detected at run-time and proper path
-# is taken automatically. Also, in 32-bit build the module imposes
-# couple of limitations: vector lengths has to be even and vector
-# addresses has to be 64-bit aligned. Normally neither is a problem:
-# most common key lengths are even and vectors are commonly malloc-ed,
-# which ensures alignment.
-#
-# Special thanks to polarhome.com for providing HP-UX account on
-# PA-RISC 1.1 machine, and to correspondent who chose to remain
-# anonymous for testing the code on PA-RISC 2.0 machine.
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-
-$flavour = shift;
-$output = shift;
-
-open STDOUT,">$output";
-
-if ($flavour =~ /64/) {
-	$LEVEL		="2.0W";
-	$SIZE_T		=8;
-	$FRAME_MARKER	=80;
-	$SAVED_RP	=16;
-	$PUSH		="std";
-	$PUSHMA		="std,ma";
-	$POP		="ldd";
-	$POPMB		="ldd,mb";
-	$BN_SZ		=$SIZE_T;
-} else {
-	$LEVEL		="1.1";	#$LEVEL.="\n\t.ALLOW\t2.0";
-	$SIZE_T		=4;
-	$FRAME_MARKER	=48;
-	$SAVED_RP	=20;
-	$PUSH		="stw";
-	$PUSHMA		="stwm";
-	$POP		="ldw";
-	$POPMB		="ldwm";
-	$BN_SZ		=$SIZE_T;
-	if (open CONF,"<${dir}../../opensslconf.h") {
-	    while(<CONF>) {
-		if (m/#\s*define\s+SIXTY_FOUR_BIT/) {
-		    $BN_SZ=8;
-		    $LEVEL="2.0";
-		    last;
-		}
-	    }
-	    close CONF;
-	}
-}
-
-$FRAME=8*$SIZE_T+$FRAME_MARKER;	# 8 saved regs + frame marker
-				#                [+ argument transfer]
-$LOCALS=$FRAME-$FRAME_MARKER;
-$FRAME+=32;			# local variables
-
-$tp="%r31";
-$ti1="%r29";
-$ti0="%r28";
-
-$rp="%r26";
-$ap="%r25";
-$bp="%r24";
-$np="%r23";
-$n0="%r22";	# passed through stack in 32-bit
-$num="%r21";	# passed through stack in 32-bit
-$idx="%r20";
-$arrsz="%r19";
-
-$nm1="%r7";
-$nm0="%r6";
-$ab1="%r5";
-$ab0="%r4";
-
-$fp="%r3";
-$hi1="%r2";
-$hi0="%r1";
-
-$xfer=$n0;	# accomodates [-16..15] offset in fld[dw]s
-
-$fm0="%fr4";	$fti=$fm0;
-$fbi="%fr5L";
-$fn0="%fr5R";
-$fai="%fr6";	$fab0="%fr7";	$fab1="%fr8";
-$fni="%fr9";	$fnm0="%fr10";	$fnm1="%fr11";
-
-$code=<<___;
-	.LEVEL	$LEVEL
-	.SPACE	\$TEXT\$
-	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
-
-	.EXPORT	bn_mul_mont,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR
-	.ALIGN	64
-bn_mul_mont
-	.PROC
-	.CALLINFO	FRAME=`$FRAME-8*$SIZE_T`,NO_CALLS,SAVE_RP,SAVE_SP,ENTRY_GR=6
-	.ENTRY
-	$PUSH	%r2,-$SAVED_RP(%sp)		; standard prologue
-	$PUSHMA	%r3,$FRAME(%sp)
-	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
-	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
-	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
-	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
-	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
-	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
-	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
-	ldo	-$FRAME(%sp),$fp
-___
-$code.=<<___ if ($SIZE_T==4);
-	ldw	`-$FRAME_MARKER-4`($fp),$n0
-	ldw	`-$FRAME_MARKER-8`($fp),$num
-	nop
-	nop					; alignment
-___
-$code.=<<___ if ($BN_SZ==4);
-	comiclr,<=	6,$num,%r0		; are vectors long enough?
-	b		L\$abort
-	ldi		0,%r28			; signal "unhandled"
-	add,ev		%r0,$num,$num		; is $num even?
-	b		L\$abort
-	nop
-	or		$ap,$np,$ti1
-	extru,=		$ti1,31,3,%r0		; are ap and np 64-bit aligned?
-	b		L\$abort
-	nop
-	nop					; alignment
-	nop
-
-	fldws		0($n0),${fn0}
-	fldws,ma	4($bp),${fbi}		; bp[0]
-___
-$code.=<<___ if ($BN_SZ==8);
-	comib,>		3,$num,L\$abort		; are vectors long enough?
-	ldi		0,%r28			; signal "unhandled"
-	addl		$num,$num,$num		; I operate on 32-bit values
-
-	fldws		4($n0),${fn0}		; only low part of n0
-	fldws		4($bp),${fbi}		; bp[0] in flipped word order
-___
-$code.=<<___;
-	fldds		0($ap),${fai}		; ap[0,1]
-	fldds		0($np),${fni}		; np[0,1]
-
-	sh2addl		$num,%r0,$arrsz
-	ldi		31,$hi0
-	ldo		36($arrsz),$hi1		; space for tp[num+1]
-	andcm		$hi1,$hi0,$hi1		; align
-	addl		$hi1,%sp,%sp
-	$PUSH		$fp,-$SIZE_T(%sp)
-
-	ldo		`$LOCALS+16`($fp),$xfer
-	ldo		`$LOCALS+32+4`($fp),$tp
-
-	xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[0]
-	xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[0]
-	xmpyu		${fn0},${fab0}R,${fm0}
-
-	addl		$arrsz,$ap,$ap		; point at the end
-	addl		$arrsz,$np,$np
-	subi		0,$arrsz,$idx		; j=0
-	ldo		8($idx),$idx		; j++++
-
-	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[0]*m
-	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[1]*m
-	fstds		${fab0},-16($xfer)
-	fstds		${fnm0},-8($xfer)
-	fstds		${fab1},0($xfer)
-	fstds		${fnm1},8($xfer)
-	 flddx		$idx($ap),${fai}	; ap[2,3]
-	 flddx		$idx($np),${fni}	; np[2,3]
-___
-$code.=<<___ if ($BN_SZ==4);
-	mtctl		$hi0,%cr11		; $hi0 still holds 31
-	extrd,u,*=	$hi0,%sar,1,$hi0	; executes on PA-RISC 1.0
-	b		L\$parisc11
-	nop
-___
-$code.=<<___;					# PA-RISC 2.0 code-path
-	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[0]
-	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
-	ldd		-16($xfer),$ab0
-	fstds		${fab0},-16($xfer)
-
-	extrd,u		$ab0,31,32,$hi0
-	extrd,u		$ab0,63,32,$ab0
-	ldd		-8($xfer),$nm0
-	fstds		${fnm0},-8($xfer)
-	 ldo		8($idx),$idx		; j++++
-	 addl		$ab0,$nm0,$nm0		; low part is discarded
-	 extrd,u	$nm0,31,32,$hi1
-
-L\$1st
-	xmpyu		${fai}R,${fbi},${fab1}	; ap[j+1]*bp[0]
-	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j+1]*m
-	ldd		0($xfer),$ab1
-	fstds		${fab1},0($xfer)
-	 addl		$hi0,$ab1,$ab1
-	 extrd,u	$ab1,31,32,$hi0
-	ldd		8($xfer),$nm1
-	fstds		${fnm1},8($xfer)
-	 extrd,u	$ab1,63,32,$ab1
-	 addl		$hi1,$nm1,$nm1
-	flddx		$idx($ap),${fai}	; ap[j,j+1]
-	flddx		$idx($np),${fni}	; np[j,j+1]
-	 addl		$ab1,$nm1,$nm1
-	 extrd,u	$nm1,31,32,$hi1
-
-	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[0]
-	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
-	ldd		-16($xfer),$ab0
-	fstds		${fab0},-16($xfer)
-	 addl		$hi0,$ab0,$ab0
-	 extrd,u	$ab0,31,32,$hi0
-	ldd		-8($xfer),$nm0
-	fstds		${fnm0},-8($xfer)
-	 extrd,u	$ab0,63,32,$ab0
-	 addl		$hi1,$nm0,$nm0
-	stw		$nm1,-4($tp)		; tp[j-1]
-	 addl		$ab0,$nm0,$nm0
-	 stw,ma		$nm0,8($tp)		; tp[j-1]
-	addib,<>	8,$idx,L\$1st		; j++++
-	 extrd,u	$nm0,31,32,$hi1
-
-	xmpyu		${fai}R,${fbi},${fab1}	; ap[j]*bp[0]
-	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j]*m
-	ldd		0($xfer),$ab1
-	fstds		${fab1},0($xfer)
-	 addl		$hi0,$ab1,$ab1
-	 extrd,u	$ab1,31,32,$hi0
-	ldd		8($xfer),$nm1
-	fstds		${fnm1},8($xfer)
-	 extrd,u	$ab1,63,32,$ab1
-	 addl		$hi1,$nm1,$nm1
-	ldd		-16($xfer),$ab0
-	 addl		$ab1,$nm1,$nm1
-	ldd		-8($xfer),$nm0
-	 extrd,u	$nm1,31,32,$hi1
-
-	 addl		$hi0,$ab0,$ab0
-	 extrd,u	$ab0,31,32,$hi0
-	stw		$nm1,-4($tp)		; tp[j-1]
-	 extrd,u	$ab0,63,32,$ab0
-	 addl		$hi1,$nm0,$nm0
-	ldd		0($xfer),$ab1
-	 addl		$ab0,$nm0,$nm0
-	ldd,mb		8($xfer),$nm1
-	 extrd,u	$nm0,31,32,$hi1
-	stw,ma		$nm0,8($tp)		; tp[j-1]
-
-	ldo		-1($num),$num		; i--
-	subi		0,$arrsz,$idx		; j=0
-___
-$code.=<<___ if ($BN_SZ==4);
-	fldws,ma	4($bp),${fbi}		; bp[1]
-___
-$code.=<<___ if ($BN_SZ==8);
-	fldws		0($bp),${fbi}		; bp[1] in flipped word order
-___
-$code.=<<___;
-	 flddx		$idx($ap),${fai}	; ap[0,1]
-	 flddx		$idx($np),${fni}	; np[0,1]
-	 fldws		8($xfer),${fti}R	; tp[0]
-	addl		$hi0,$ab1,$ab1
-	 extrd,u	$ab1,31,32,$hi0
-	 extrd,u	$ab1,63,32,$ab1
-	 ldo		8($idx),$idx		; j++++
-	 xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[1]
-	 xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[1]
-	addl		$hi1,$nm1,$nm1
-	addl		$ab1,$nm1,$nm1
-	extrd,u		$nm1,31,32,$hi1
-	 fstws,mb	${fab0}L,-8($xfer)	; save high part
-	stw		$nm1,-4($tp)		; tp[j-1]
-
-	 fcpy,sgl	%fr0,${fti}L		; zero high part
-	 fcpy,sgl	%fr0,${fab0}L
-	addl		$hi1,$hi0,$hi0
-	extrd,u		$hi0,31,32,$hi1
-	 fcnvxf,dbl,dbl	${fti},${fti}		; 32-bit unsigned int -> double
-	 fcnvxf,dbl,dbl	${fab0},${fab0}
-	stw		$hi0,0($tp)
-	stw		$hi1,4($tp)
-
-	fadd,dbl	${fti},${fab0},${fab0}	; add tp[0]
-	fcnvfx,dbl,dbl	${fab0},${fab0}		; double -> 33-bit unsigned int
-	xmpyu		${fn0},${fab0}R,${fm0}
-	ldo		`$LOCALS+32+4`($fp),$tp
-L\$outer
-	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[0]*m
-	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[1]*m
-	fstds		${fab0},-16($xfer)	; 33-bit value
-	fstds		${fnm0},-8($xfer)
-	 flddx		$idx($ap),${fai}	; ap[2]
-	 flddx		$idx($np),${fni}	; np[2]
-	 ldo		8($idx),$idx		; j++++
-	ldd		-16($xfer),$ab0		; 33-bit value
-	ldd		-8($xfer),$nm0
-	ldw		0($xfer),$hi0		; high part
-
-	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[i]
-	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
-	 extrd,u	$ab0,31,32,$ti0		; carry bit
-	 extrd,u	$ab0,63,32,$ab0
-	fstds		${fab1},0($xfer)
-	 addl		$ti0,$hi0,$hi0		; account carry bit
-	fstds		${fnm1},8($xfer)
-	 addl		$ab0,$nm0,$nm0		; low part is discarded
-	ldw		0($tp),$ti1		; tp[1]
-	 extrd,u	$nm0,31,32,$hi1
-	fstds		${fab0},-16($xfer)
-	fstds		${fnm0},-8($xfer)
-
-L\$inner
-	xmpyu		${fai}R,${fbi},${fab1}	; ap[j+1]*bp[i]
-	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j+1]*m
-	ldd		0($xfer),$ab1
-	fstds		${fab1},0($xfer)
-	 addl		$hi0,$ti1,$ti1
-	 addl		$ti1,$ab1,$ab1
-	ldd		8($xfer),$nm1
-	fstds		${fnm1},8($xfer)
-	 extrd,u	$ab1,31,32,$hi0
-	 extrd,u	$ab1,63,32,$ab1
-	flddx		$idx($ap),${fai}	; ap[j,j+1]
-	flddx		$idx($np),${fni}	; np[j,j+1]
-	 addl		$hi1,$nm1,$nm1
-	 addl		$ab1,$nm1,$nm1
-	ldw		4($tp),$ti0		; tp[j]
-	stw		$nm1,-4($tp)		; tp[j-1]
-
-	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[i]
-	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
-	ldd		-16($xfer),$ab0
-	fstds		${fab0},-16($xfer)
-	 addl		$hi0,$ti0,$ti0
-	 addl		$ti0,$ab0,$ab0
-	ldd		-8($xfer),$nm0
-	fstds		${fnm0},-8($xfer)
-	 extrd,u	$ab0,31,32,$hi0
-	 extrd,u	$nm1,31,32,$hi1
-	ldw		8($tp),$ti1		; tp[j]
-	 extrd,u	$ab0,63,32,$ab0
-	 addl		$hi1,$nm0,$nm0
-	 addl		$ab0,$nm0,$nm0
-	 stw,ma		$nm0,8($tp)		; tp[j-1]
-	addib,<>	8,$idx,L\$inner		; j++++
-	 extrd,u	$nm0,31,32,$hi1
-
-	xmpyu		${fai}R,${fbi},${fab1}	; ap[j]*bp[i]
-	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j]*m
-	ldd		0($xfer),$ab1
-	fstds		${fab1},0($xfer)
-	 addl		$hi0,$ti1,$ti1
-	 addl		$ti1,$ab1,$ab1
-	ldd		8($xfer),$nm1
-	fstds		${fnm1},8($xfer)
-	 extrd,u	$ab1,31,32,$hi0
-	 extrd,u	$ab1,63,32,$ab1
-	ldw		4($tp),$ti0		; tp[j]
-	 addl		$hi1,$nm1,$nm1
-	 addl		$ab1,$nm1,$nm1
-	ldd		-16($xfer),$ab0
-	ldd		-8($xfer),$nm0
-	 extrd,u	$nm1,31,32,$hi1
-
-	addl		$hi0,$ab0,$ab0
-	 addl		$ti0,$ab0,$ab0
-	 stw		$nm1,-4($tp)		; tp[j-1]
-	 extrd,u	$ab0,31,32,$hi0
-	ldw		8($tp),$ti1		; tp[j]
-	 extrd,u	$ab0,63,32,$ab0
-	 addl		$hi1,$nm0,$nm0
-	ldd		0($xfer),$ab1
-	 addl		$ab0,$nm0,$nm0
-	ldd,mb		8($xfer),$nm1
-	 extrd,u	$nm0,31,32,$hi1
-	 stw,ma		$nm0,8($tp)		; tp[j-1]
-
-	addib,=		-1,$num,L\$outerdone	; i--
-	subi		0,$arrsz,$idx		; j=0
-___
-$code.=<<___ if ($BN_SZ==4);
-	fldws,ma	4($bp),${fbi}		; bp[i]
-___
-$code.=<<___ if ($BN_SZ==8);
-	ldi		12,$ti0			; bp[i] in flipped word order
-	addl,ev		%r0,$num,$num
-	ldi		-4,$ti0
-	addl		$ti0,$bp,$bp
-	fldws		0($bp),${fbi}
-___
-$code.=<<___;
-	 flddx		$idx($ap),${fai}	; ap[0]
-	addl		$hi0,$ab1,$ab1
-	 flddx		$idx($np),${fni}	; np[0]
-	 fldws		8($xfer),${fti}R	; tp[0]
-	addl		$ti1,$ab1,$ab1
-	extrd,u		$ab1,31,32,$hi0
-	extrd,u		$ab1,63,32,$ab1
-
-	 ldo		8($idx),$idx		; j++++
-	 xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[i]
-	 xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[i]
-	ldw		4($tp),$ti0		; tp[j]
-
-	addl		$hi1,$nm1,$nm1
-	 fstws,mb	${fab0}L,-8($xfer)	; save high part
-	addl		$ab1,$nm1,$nm1
-	extrd,u		$nm1,31,32,$hi1
-	 fcpy,sgl	%fr0,${fti}L		; zero high part
-	 fcpy,sgl	%fr0,${fab0}L
-	stw		$nm1,-4($tp)		; tp[j-1]
-
-	 fcnvxf,dbl,dbl	${fti},${fti}		; 32-bit unsigned int -> double
-	 fcnvxf,dbl,dbl	${fab0},${fab0}
-	addl		$hi1,$hi0,$hi0
-	 fadd,dbl	${fti},${fab0},${fab0}	; add tp[0]
-	addl		$ti0,$hi0,$hi0
-	extrd,u		$hi0,31,32,$hi1
-	 fcnvfx,dbl,dbl	${fab0},${fab0}		; double -> 33-bit unsigned int
-	stw		$hi0,0($tp)
-	stw		$hi1,4($tp)
-	 xmpyu		${fn0},${fab0}R,${fm0}
-
-	b		L\$outer
-	ldo		`$LOCALS+32+4`($fp),$tp
-
-L\$outerdone
-	addl		$hi0,$ab1,$ab1
-	addl		$ti1,$ab1,$ab1
-	extrd,u		$ab1,31,32,$hi0
-	extrd,u		$ab1,63,32,$ab1
-
-	ldw		4($tp),$ti0		; tp[j]
-
-	addl		$hi1,$nm1,$nm1
-	addl		$ab1,$nm1,$nm1
-	extrd,u		$nm1,31,32,$hi1
-	stw		$nm1,-4($tp)		; tp[j-1]
-
-	addl		$hi1,$hi0,$hi0
-	addl		$ti0,$hi0,$hi0
-	extrd,u		$hi0,31,32,$hi1
-	stw		$hi0,0($tp)
-	stw		$hi1,4($tp)
-
-	ldo		`$LOCALS+32`($fp),$tp
-	sub		%r0,%r0,%r0		; clear borrow
-___
-$code.=<<___ if ($BN_SZ==4);
-	ldws,ma		4($tp),$ti0
-	extru,=		$rp,31,3,%r0		; is rp 64-bit aligned?
-	b		L\$sub_pa11
-	addl		$tp,$arrsz,$tp
-L\$sub
-	ldwx		$idx($np),$hi0
-	subb		$ti0,$hi0,$hi1
-	ldwx		$idx($tp),$ti0
-	addib,<>	4,$idx,L\$sub
-	stws,ma		$hi1,4($rp)
-
-	subb		$ti0,%r0,$hi1
-	ldo		-4($tp),$tp
-___
-$code.=<<___ if ($BN_SZ==8);
-	ldd,ma		8($tp),$ti0
-L\$sub
-	ldd		$idx($np),$hi0
-	shrpd		$ti0,$ti0,32,$ti0	; flip word order
-	std		$ti0,-8($tp)		; save flipped value
-	sub,db		$ti0,$hi0,$hi1
-	ldd,ma		8($tp),$ti0
-	addib,<>	8,$idx,L\$sub
-	std,ma		$hi1,8($rp)
-
-	extrd,u		$ti0,31,32,$ti0		; carry in flipped word order
-	sub,db		$ti0,%r0,$hi1
-	ldo		-8($tp),$tp
-___
-$code.=<<___;
-	and		$tp,$hi1,$ap
-	andcm		$rp,$hi1,$bp
-	or		$ap,$bp,$np
-
-	sub		$rp,$arrsz,$rp		; rewind rp
-	subi		0,$arrsz,$idx
-	ldo		`$LOCALS+32`($fp),$tp
-L\$copy
-	ldd		$idx($np),$hi0
-	std,ma		%r0,8($tp)
-	addib,<>	8,$idx,.-8		; L\$copy
-	std,ma		$hi0,8($rp)	
-___
-
-if ($BN_SZ==4) {				# PA-RISC 1.1 code-path
-$ablo=$ab0;
-$abhi=$ab1;
-$nmlo0=$nm0;
-$nmhi0=$nm1;
-$nmlo1="%r9";
-$nmhi1="%r8";
-
-$code.=<<___;
-	b		L\$done
-	nop
-
-	.ALIGN		8
-L\$parisc11
-	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[0]
-	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
-	ldw		-12($xfer),$ablo
-	ldw		-16($xfer),$hi0
-	ldw		-4($xfer),$nmlo0
-	ldw		-8($xfer),$nmhi0
-	fstds		${fab0},-16($xfer)
-	fstds		${fnm0},-8($xfer)
-
-	 ldo		8($idx),$idx		; j++++
-	 add		$ablo,$nmlo0,$nmlo0	; discarded
-	 addc		%r0,$nmhi0,$hi1
-	ldw		4($xfer),$ablo
-	ldw		0($xfer),$abhi
-	nop
-
-L\$1st_pa11
-	xmpyu		${fai}R,${fbi},${fab1}	; ap[j+1]*bp[0]
-	flddx		$idx($ap),${fai}	; ap[j,j+1]
-	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j+1]*m
-	flddx		$idx($np),${fni}	; np[j,j+1]
-	 add		$hi0,$ablo,$ablo
-	ldw		12($xfer),$nmlo1
-	 addc		%r0,$abhi,$hi0
-	ldw		8($xfer),$nmhi1
-	 add		$ablo,$nmlo1,$nmlo1
-	fstds		${fab1},0($xfer)
-	 addc		%r0,$nmhi1,$nmhi1
-	fstds		${fnm1},8($xfer)
-	 add		$hi1,$nmlo1,$nmlo1
-	ldw		-12($xfer),$ablo
-	 addc		%r0,$nmhi1,$hi1
-	ldw		-16($xfer),$abhi
-
-	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[0]
-	ldw		-4($xfer),$nmlo0
-	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
-	ldw		-8($xfer),$nmhi0
-	 add		$hi0,$ablo,$ablo
-	stw		$nmlo1,-4($tp)		; tp[j-1]
-	 addc		%r0,$abhi,$hi0
-	fstds		${fab0},-16($xfer)
-	 add		$ablo,$nmlo0,$nmlo0
-	fstds		${fnm0},-8($xfer)
-	 addc		%r0,$nmhi0,$nmhi0
-	ldw		0($xfer),$abhi
-	 add		$hi1,$nmlo0,$nmlo0
-	ldw		4($xfer),$ablo
-	 stws,ma	$nmlo0,8($tp)		; tp[j-1]
-	addib,<>	8,$idx,L\$1st_pa11	; j++++
-	 addc		%r0,$nmhi0,$hi1
-
-	 ldw		8($xfer),$nmhi1
-	 ldw		12($xfer),$nmlo1
-	xmpyu		${fai}R,${fbi},${fab1}	; ap[j]*bp[0]
-	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j]*m
-	 add		$hi0,$ablo,$ablo
-	fstds		${fab1},0($xfer)
-	 addc		%r0,$abhi,$hi0
-	fstds		${fnm1},8($xfer)
-	 add		$ablo,$nmlo1,$nmlo1
-	ldw		-16($xfer),$abhi
-	 addc		%r0,$nmhi1,$nmhi1
-	ldw		-12($xfer),$ablo
-	 add		$hi1,$nmlo1,$nmlo1
-	ldw		-8($xfer),$nmhi0
-	 addc		%r0,$nmhi1,$hi1
-	ldw		-4($xfer),$nmlo0
-
-	 add		$hi0,$ablo,$ablo
-	stw		$nmlo1,-4($tp)		; tp[j-1]
-	 addc		%r0,$abhi,$hi0
-	ldw		0($xfer),$abhi
-	 add		$ablo,$nmlo0,$nmlo0
-	ldw		4($xfer),$ablo
-	 addc		%r0,$nmhi0,$nmhi0
-	ldws,mb		8($xfer),$nmhi1
-	 add		$hi1,$nmlo0,$nmlo0
-	ldw		4($xfer),$nmlo1
-	 addc		%r0,$nmhi0,$hi1
-	stws,ma		$nmlo0,8($tp)		; tp[j-1]
-
-	ldo		-1($num),$num		; i--
-	subi		0,$arrsz,$idx		; j=0
-
-	 fldws,ma	4($bp),${fbi}		; bp[1]
-	 flddx		$idx($ap),${fai}	; ap[0,1]
-	 flddx		$idx($np),${fni}	; np[0,1]
-	 fldws		8($xfer),${fti}R	; tp[0]
-	add		$hi0,$ablo,$ablo
-	addc		%r0,$abhi,$hi0
-	 ldo		8($idx),$idx		; j++++
-	 xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[1]
-	 xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[1]
-	add		$hi1,$nmlo1,$nmlo1
-	addc		%r0,$nmhi1,$nmhi1
-	add		$ablo,$nmlo1,$nmlo1
-	addc		%r0,$nmhi1,$hi1
-	 fstws,mb	${fab0}L,-8($xfer)	; save high part
-	stw		$nmlo1,-4($tp)		; tp[j-1]
-
-	 fcpy,sgl	%fr0,${fti}L		; zero high part
-	 fcpy,sgl	%fr0,${fab0}L
-	add		$hi1,$hi0,$hi0
-	addc		%r0,%r0,$hi1
-	 fcnvxf,dbl,dbl	${fti},${fti}		; 32-bit unsigned int -> double
-	 fcnvxf,dbl,dbl	${fab0},${fab0}
-	stw		$hi0,0($tp)
-	stw		$hi1,4($tp)
-
-	fadd,dbl	${fti},${fab0},${fab0}	; add tp[0]
-	fcnvfx,dbl,dbl	${fab0},${fab0}		; double -> 33-bit unsigned int
-	xmpyu		${fn0},${fab0}R,${fm0}
-	ldo		`$LOCALS+32+4`($fp),$tp
-L\$outer_pa11
-	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[0]*m
-	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[1]*m
-	fstds		${fab0},-16($xfer)	; 33-bit value
-	fstds		${fnm0},-8($xfer)
-	 flddx		$idx($ap),${fai}	; ap[2,3]
-	 flddx		$idx($np),${fni}	; np[2,3]
-	ldw		-16($xfer),$abhi	; carry bit actually
-	 ldo		8($idx),$idx		; j++++
-	ldw		-12($xfer),$ablo
-	ldw		-8($xfer),$nmhi0
-	ldw		-4($xfer),$nmlo0
-	ldw		0($xfer),$hi0		; high part
-
-	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[i]
-	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
-	fstds		${fab1},0($xfer)
-	 addl		$abhi,$hi0,$hi0		; account carry bit
-	fstds		${fnm1},8($xfer)
-	 add		$ablo,$nmlo0,$nmlo0	; discarded
-	ldw		0($tp),$ti1		; tp[1]
-	 addc		%r0,$nmhi0,$hi1
-	fstds		${fab0},-16($xfer)
-	fstds		${fnm0},-8($xfer)
-	ldw		4($xfer),$ablo
-	ldw		0($xfer),$abhi
-
-L\$inner_pa11
-	xmpyu		${fai}R,${fbi},${fab1}	; ap[j+1]*bp[i]
-	flddx		$idx($ap),${fai}	; ap[j,j+1]
-	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j+1]*m
-	flddx		$idx($np),${fni}	; np[j,j+1]
-	 add		$hi0,$ablo,$ablo
-	ldw		4($tp),$ti0		; tp[j]
-	 addc		%r0,$abhi,$abhi
-	ldw		12($xfer),$nmlo1
-	 add		$ti1,$ablo,$ablo
-	ldw		8($xfer),$nmhi1
-	 addc		%r0,$abhi,$hi0
-	fstds		${fab1},0($xfer)
-	 add		$ablo,$nmlo1,$nmlo1
-	fstds		${fnm1},8($xfer)
-	 addc		%r0,$nmhi1,$nmhi1
-	ldw		-12($xfer),$ablo
-	 add		$hi1,$nmlo1,$nmlo1
-	ldw		-16($xfer),$abhi
-	 addc		%r0,$nmhi1,$hi1
-
-	xmpyu		${fai}L,${fbi},${fab0}	; ap[j]*bp[i]
-	ldw		8($tp),$ti1		; tp[j]
-	xmpyu		${fni}L,${fm0}R,${fnm0}	; np[j]*m
-	ldw		-4($xfer),$nmlo0
-	 add		$hi0,$ablo,$ablo
-	ldw		-8($xfer),$nmhi0
-	 addc		%r0,$abhi,$abhi
-	stw		$nmlo1,-4($tp)		; tp[j-1]
-	 add		$ti0,$ablo,$ablo
-	fstds		${fab0},-16($xfer)
-	 addc		%r0,$abhi,$hi0
-	fstds		${fnm0},-8($xfer)
-	 add		$ablo,$nmlo0,$nmlo0
-	ldw		4($xfer),$ablo
-	 addc		%r0,$nmhi0,$nmhi0
-	ldw		0($xfer),$abhi
-	 add		$hi1,$nmlo0,$nmlo0
-	 stws,ma	$nmlo0,8($tp)		; tp[j-1]
-	addib,<>	8,$idx,L\$inner_pa11	; j++++
-	 addc		%r0,$nmhi0,$hi1
-
-	xmpyu		${fai}R,${fbi},${fab1}	; ap[j]*bp[i]
-	ldw		12($xfer),$nmlo1
-	xmpyu		${fni}R,${fm0}R,${fnm1}	; np[j]*m
-	ldw		8($xfer),$nmhi1
-	 add		$hi0,$ablo,$ablo
-	ldw		4($tp),$ti0		; tp[j]
-	 addc		%r0,$abhi,$abhi
-	fstds		${fab1},0($xfer)
-	 add		$ti1,$ablo,$ablo
-	fstds		${fnm1},8($xfer)
-	 addc		%r0,$abhi,$hi0
-	ldw		-16($xfer),$abhi
-	 add		$ablo,$nmlo1,$nmlo1
-	ldw		-12($xfer),$ablo
-	 addc		%r0,$nmhi1,$nmhi1
-	ldw		-8($xfer),$nmhi0
-	 add		$hi1,$nmlo1,$nmlo1
-	ldw		-4($xfer),$nmlo0
-	 addc		%r0,$nmhi1,$hi1
-
-	add		$hi0,$ablo,$ablo
-	 stw		$nmlo1,-4($tp)		; tp[j-1]
-	addc		%r0,$abhi,$abhi
-	 add		$ti0,$ablo,$ablo
-	ldw		8($tp),$ti1		; tp[j]
-	 addc		%r0,$abhi,$hi0
-	ldw		0($xfer),$abhi
-	 add		$ablo,$nmlo0,$nmlo0
-	ldw		4($xfer),$ablo
-	 addc		%r0,$nmhi0,$nmhi0
-	ldws,mb		8($xfer),$nmhi1
-	 add		$hi1,$nmlo0,$nmlo0
-	ldw		4($xfer),$nmlo1
-	 addc		%r0,$nmhi0,$hi1
-	 stws,ma	$nmlo0,8($tp)		; tp[j-1]
-
-	addib,=		-1,$num,L\$outerdone_pa11; i--
-	subi		0,$arrsz,$idx		; j=0
-
-	 fldws,ma	4($bp),${fbi}		; bp[i]
-	 flddx		$idx($ap),${fai}	; ap[0]
-	add		$hi0,$ablo,$ablo
-	addc		%r0,$abhi,$abhi
-	 flddx		$idx($np),${fni}	; np[0]
-	 fldws		8($xfer),${fti}R	; tp[0]
-	add		$ti1,$ablo,$ablo
-	addc		%r0,$abhi,$hi0
-
-	 ldo		8($idx),$idx		; j++++
-	 xmpyu		${fai}L,${fbi},${fab0}	; ap[0]*bp[i]
-	 xmpyu		${fai}R,${fbi},${fab1}	; ap[1]*bp[i]
-	ldw		4($tp),$ti0		; tp[j]
-
-	add		$hi1,$nmlo1,$nmlo1
-	addc		%r0,$nmhi1,$nmhi1
-	 fstws,mb	${fab0}L,-8($xfer)	; save high part
-	add		$ablo,$nmlo1,$nmlo1
-	addc		%r0,$nmhi1,$hi1
-	 fcpy,sgl	%fr0,${fti}L		; zero high part
-	 fcpy,sgl	%fr0,${fab0}L
-	stw		$nmlo1,-4($tp)		; tp[j-1]
-
-	 fcnvxf,dbl,dbl	${fti},${fti}		; 32-bit unsigned int -> double
-	 fcnvxf,dbl,dbl	${fab0},${fab0}
-	add		$hi1,$hi0,$hi0
-	addc		%r0,%r0,$hi1
-	 fadd,dbl	${fti},${fab0},${fab0}	; add tp[0]
-	add		$ti0,$hi0,$hi0
-	addc		%r0,$hi1,$hi1
-	 fcnvfx,dbl,dbl	${fab0},${fab0}		; double -> 33-bit unsigned int
-	stw		$hi0,0($tp)
-	stw		$hi1,4($tp)
-	 xmpyu		${fn0},${fab0}R,${fm0}
-
-	b		L\$outer_pa11
-	ldo		`$LOCALS+32+4`($fp),$tp
-
-L\$outerdone_pa11
-	add		$hi0,$ablo,$ablo
-	addc		%r0,$abhi,$abhi
-	add		$ti1,$ablo,$ablo
-	addc		%r0,$abhi,$hi0
-
-	ldw		4($tp),$ti0		; tp[j]
-
-	add		$hi1,$nmlo1,$nmlo1
-	addc		%r0,$nmhi1,$nmhi1
-	add		$ablo,$nmlo1,$nmlo1
-	addc		%r0,$nmhi1,$hi1
-	stw		$nmlo1,-4($tp)		; tp[j-1]
-
-	add		$hi1,$hi0,$hi0
-	addc		%r0,%r0,$hi1
-	add		$ti0,$hi0,$hi0
-	addc		%r0,$hi1,$hi1
-	stw		$hi0,0($tp)
-	stw		$hi1,4($tp)
-
-	ldo		`$LOCALS+32+4`($fp),$tp
-	sub		%r0,%r0,%r0		; clear borrow
-	ldw		-4($tp),$ti0
-	addl		$tp,$arrsz,$tp
-L\$sub_pa11
-	ldwx		$idx($np),$hi0
-	subb		$ti0,$hi0,$hi1
-	ldwx		$idx($tp),$ti0
-	addib,<>	4,$idx,L\$sub_pa11
-	stws,ma		$hi1,4($rp)
-
-	subb		$ti0,%r0,$hi1
-	ldo		-4($tp),$tp
-	and		$tp,$hi1,$ap
-	andcm		$rp,$hi1,$bp
-	or		$ap,$bp,$np
-
-	sub		$rp,$arrsz,$rp		; rewind rp
-	subi		0,$arrsz,$idx
-	ldo		`$LOCALS+32`($fp),$tp
-L\$copy_pa11
-	ldwx		$idx($np),$hi0
-	stws,ma		%r0,4($tp)
-	addib,<>	4,$idx,L\$copy_pa11
-	stws,ma		$hi0,4($rp)	
-
-	nop					; alignment
-L\$done
-___
-}
-
-$code.=<<___;
-	ldi		1,%r28			; signal "handled"
-	ldo		$FRAME($fp),%sp		; destroy tp[num+1]
-
-	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2	; standard epilogue
-	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
-	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
-	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
-	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
-	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
-	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
-	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
-L\$abort
-	bv	(%r2)
-	.EXIT
-	$POPMB	-$FRAME(%sp),%r3
-	.PROCEND
-	.STRINGZ "Montgomery Multiplication for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-# Explicitly encode PA-RISC 2.0 instructions used in this module, so
-# that it can be compiled with .LEVEL 1.0. It should be noted that I
-# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0
-# directive...
-
-my $ldd = sub {
-  my ($mod,$args) = @_;
-  my $orig = "ldd$mod\t$args";
-
-    if ($args =~ /%r([0-9]+)\(%r([0-9]+)\),%r([0-9]+)/)		# format 4
-    {	my $opcode=(0x03<<26)|($2<<21)|($1<<16)|(3<<6)|$3;
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    elsif ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/)	# format 5
-    {	my $opcode=(0x03<<26)|($2<<21)|(1<<12)|(3<<6)|$3;
-	$opcode|=(($1&0xF)<<17)|(($1&0x10)<<12);		# encode offset
-	$opcode|=(1<<5)  if ($mod =~ /^,m/);
-	$opcode|=(1<<13) if ($mod =~ /^,mb/);
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-my $std = sub {
-  my ($mod,$args) = @_;
-  my $orig = "std$mod\t$args";
-
-    if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/)	# format 6
-    {	my $opcode=(0x03<<26)|($3<<21)|($1<<16)|(1<<12)|(0xB<<6);
-	$opcode|=(($2&0xF)<<1)|(($2&0x10)>>4);			# encode offset
-	$opcode|=(1<<5)  if ($mod =~ /^,m/);
-	$opcode|=(1<<13) if ($mod =~ /^,mb/);
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-my $extrd = sub {
-  my ($mod,$args) = @_;
-  my $orig = "extrd$mod\t$args";
-
-    # I only have ",u" completer, it's implicitly encoded...
-    if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 15
-    {	my $opcode=(0x36<<26)|($1<<21)|($4<<16);
-	my $len=32-$3;
-	$opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5);		# encode pos
-	$opcode |= (($len&0x20)<<7)|($len&0x1f);		# encode len
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/)	# format 12
-    {	my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9);
-	my $len=32-$2;
-	$opcode |= (($len&0x20)<<3)|($len&0x1f);		# encode len
-	$opcode |= (1<<13) if ($mod =~ /,\**=/);
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-my $shrpd = sub {
-  my ($mod,$args) = @_;
-  my $orig = "shrpd$mod\t$args";
-
-    if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/)	# format 14
-    {	my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4;
-	my $cpos=63-$3;
-	$opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5);		# encode sa
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-my $sub = sub {
-  my ($mod,$args) = @_;
-  my $orig = "sub$mod\t$args";
-
-    if ($mod eq ",db" && $args =~ /%r([0-9]+),%r([0-9]+),%r([0-9]+)/) {
-	my $opcode=(0x02<<26)|($2<<21)|($1<<16)|$3;
-	$opcode|=(1<<10);	# e1
-	$opcode|=(1<<8);	# e2
-	$opcode|=(1<<5);	# d
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig
-    }
-    else { "\t".$orig; }
-};
-
-sub assemble {
-  my ($mnemonic,$mod,$args)=@_;
-  my $opcode = eval("\$$mnemonic");
-
-    ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
-}
-
-foreach (split("\n",$code)) {
-	s/\`([^\`]*)\`/eval $1/ge;
-	# flip word order in 64-bit mode...
-	s/(xmpyu\s+)($fai|$fni)([LR])/$1.$2.($3 eq "L"?"R":"L")/e if ($BN_SZ==8);
-	# assemble 2.0 instructions in 32-bit mode...
-	s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4);
-
-	s/\bbv\b/bve/gm	if ($SIZE_T==8);
-
-	print $_,"\n";
-}
-close STDOUT;
diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl
deleted file mode 100644
index f9b6992ccc..0000000000
--- a/crypto/bn/asm/ppc-mont.pl
+++ /dev/null
@@ -1,334 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# April 2006
-
-# "Teaser" Montgomery multiplication module for PowerPC. It's possible
-# to gain a bit more by modulo-scheduling outer loop, then dedicated
-# squaring procedure should give further 20% and code can be adapted
-# for 32-bit application running on 64-bit CPU. As for the latter.
-# It won't be able to achieve "native" 64-bit performance, because in
-# 32-bit application context every addc instruction will have to be
-# expanded as addc, twice right shift by 32 and finally adde, etc.
-# So far RSA *sign* performance improvement over pre-bn_mul_mont asm
-# for 64-bit application running on PPC970/G5 is:
-#
-# 512-bit	+65%	
-# 1024-bit	+35%
-# 2048-bit	+18%
-# 4096-bit	+4%
-
-$flavour = shift;
-
-if ($flavour =~ /32/) {
-	$BITS=	32;
-	$BNSZ=	$BITS/8;
-	$SIZE_T=4;
-	$RZONE=	224;
-
-	$LD=	"lwz";		# load
-	$LDU=	"lwzu";		# load and update
-	$LDX=	"lwzx";		# load indexed
-	$ST=	"stw";		# store
-	$STU=	"stwu";		# store and update
-	$STX=	"stwx";		# store indexed
-	$STUX=	"stwux";	# store indexed and update
-	$UMULL=	"mullw";	# unsigned multiply low
-	$UMULH=	"mulhwu";	# unsigned multiply high
-	$UCMP=	"cmplw";	# unsigned compare
-	$SHRI=	"srwi";		# unsigned shift right by immediate	
-	$PUSH=	$ST;
-	$POP=	$LD;
-} elsif ($flavour =~ /64/) {
-	$BITS=	64;
-	$BNSZ=	$BITS/8;
-	$SIZE_T=8;
-	$RZONE=	288;
-
-	# same as above, but 64-bit mnemonics...
-	$LD=	"ld";		# load
-	$LDU=	"ldu";		# load and update
-	$LDX=	"ldx";		# load indexed
-	$ST=	"std";		# store
-	$STU=	"stdu";		# store and update
-	$STX=	"stdx";		# store indexed
-	$STUX=	"stdux";	# store indexed and update
-	$UMULL=	"mulld";	# unsigned multiply low
-	$UMULH=	"mulhdu";	# unsigned multiply high
-	$UCMP=	"cmpld";	# unsigned compare
-	$SHRI=	"srdi";		# unsigned shift right by immediate	
-	$PUSH=	$ST;
-	$POP=	$LD;
-} else { die "nonsense $flavour"; }
-
-$FRAME=8*$SIZE_T+$RZONE;
-$LOCALS=8*$SIZE_T;
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
-die "can't locate ppc-xlate.pl";
-
-open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
-
-$sp="r1";
-$toc="r2";
-$rp="r3";	$ovf="r3";
-$ap="r4";
-$bp="r5";
-$np="r6";
-$n0="r7";
-$num="r8";
-$rp="r9";	# $rp is reassigned
-$aj="r10";
-$nj="r11";
-$tj="r12";
-# non-volatile registers
-$i="r20";
-$j="r21";
-$tp="r22";
-$m0="r23";
-$m1="r24";
-$lo0="r25";
-$hi0="r26";
-$lo1="r27";
-$hi1="r28";
-$alo="r29";
-$ahi="r30";
-$nlo="r31";
-#
-$nhi="r0";
-
-$code=<<___;
-.machine "any"
-.text
-
-.globl	.bn_mul_mont_int
-.align	4
-.bn_mul_mont_int:
-	cmpwi	$num,4
-	mr	$rp,r3		; $rp is reassigned
-	li	r3,0
-	bltlr
-___
-$code.=<<___ if ($BNSZ==4);
-	cmpwi	$num,32		; longer key performance is not better
-	bgelr
-___
-$code.=<<___;
-	slwi	$num,$num,`log($BNSZ)/log(2)`
-	li	$tj,-4096
-	addi	$ovf,$num,$FRAME
-	subf	$ovf,$ovf,$sp	; $sp-$ovf
-	and	$ovf,$ovf,$tj	; minimize TLB usage
-	subf	$ovf,$sp,$ovf	; $ovf-$sp
-	mr	$tj,$sp
-	srwi	$num,$num,`log($BNSZ)/log(2)`
-	$STUX	$sp,$sp,$ovf
-
-	$PUSH	r20,`-12*$SIZE_T`($tj)
-	$PUSH	r21,`-11*$SIZE_T`($tj)
-	$PUSH	r22,`-10*$SIZE_T`($tj)
-	$PUSH	r23,`-9*$SIZE_T`($tj)
-	$PUSH	r24,`-8*$SIZE_T`($tj)
-	$PUSH	r25,`-7*$SIZE_T`($tj)
-	$PUSH	r26,`-6*$SIZE_T`($tj)
-	$PUSH	r27,`-5*$SIZE_T`($tj)
-	$PUSH	r28,`-4*$SIZE_T`($tj)
-	$PUSH	r29,`-3*$SIZE_T`($tj)
-	$PUSH	r30,`-2*$SIZE_T`($tj)
-	$PUSH	r31,`-1*$SIZE_T`($tj)
-
-	$LD	$n0,0($n0)	; pull n0[0] value
-	addi	$num,$num,-2	; adjust $num for counter register
-
-	$LD	$m0,0($bp)	; m0=bp[0]
-	$LD	$aj,0($ap)	; ap[0]
-	addi	$tp,$sp,$LOCALS
-	$UMULL	$lo0,$aj,$m0	; ap[0]*bp[0]
-	$UMULH	$hi0,$aj,$m0
-
-	$LD	$aj,$BNSZ($ap)	; ap[1]
-	$LD	$nj,0($np)	; np[0]
-
-	$UMULL	$m1,$lo0,$n0	; "tp[0]"*n0
-
-	$UMULL	$alo,$aj,$m0	; ap[1]*bp[0]
-	$UMULH	$ahi,$aj,$m0
-
-	$UMULL	$lo1,$nj,$m1	; np[0]*m1
-	$UMULH	$hi1,$nj,$m1
-	$LD	$nj,$BNSZ($np)	; np[1]
-	addc	$lo1,$lo1,$lo0
-	addze	$hi1,$hi1
-
-	$UMULL	$nlo,$nj,$m1	; np[1]*m1
-	$UMULH	$nhi,$nj,$m1
-
-	mtctr	$num
-	li	$j,`2*$BNSZ`
-.align	4
-L1st:
-	$LDX	$aj,$ap,$j	; ap[j]
-	addc	$lo0,$alo,$hi0
-	$LDX	$nj,$np,$j	; np[j]
-	addze	$hi0,$ahi
-	$UMULL	$alo,$aj,$m0	; ap[j]*bp[0]
-	addc	$lo1,$nlo,$hi1
-	$UMULH	$ahi,$aj,$m0
-	addze	$hi1,$nhi
-	$UMULL	$nlo,$nj,$m1	; np[j]*m1
-	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[0]
-	$UMULH	$nhi,$nj,$m1
-	addze	$hi1,$hi1
-	$ST	$lo1,0($tp)	; tp[j-1]
-
-	addi	$j,$j,$BNSZ	; j++
-	addi	$tp,$tp,$BNSZ	; tp++
-	bdnz-	L1st
-;L1st
-	addc	$lo0,$alo,$hi0
-	addze	$hi0,$ahi
-
-	addc	$lo1,$nlo,$hi1
-	addze	$hi1,$nhi
-	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[0]
-	addze	$hi1,$hi1
-	$ST	$lo1,0($tp)	; tp[j-1]
-
-	li	$ovf,0
-	addc	$hi1,$hi1,$hi0
-	addze	$ovf,$ovf	; upmost overflow bit
-	$ST	$hi1,$BNSZ($tp)
-
-	li	$i,$BNSZ
-.align	4
-Louter:
-	$LDX	$m0,$bp,$i	; m0=bp[i]
-	$LD	$aj,0($ap)	; ap[0]
-	addi	$tp,$sp,$LOCALS
-	$LD	$tj,$LOCALS($sp); tp[0]
-	$UMULL	$lo0,$aj,$m0	; ap[0]*bp[i]
-	$UMULH	$hi0,$aj,$m0
-	$LD	$aj,$BNSZ($ap)	; ap[1]
-	$LD	$nj,0($np)	; np[0]
-	addc	$lo0,$lo0,$tj	; ap[0]*bp[i]+tp[0]
-	$UMULL	$alo,$aj,$m0	; ap[j]*bp[i]
-	addze	$hi0,$hi0
-	$UMULL	$m1,$lo0,$n0	; tp[0]*n0
-	$UMULH	$ahi,$aj,$m0
-	$UMULL	$lo1,$nj,$m1	; np[0]*m1
-	$UMULH	$hi1,$nj,$m1
-	$LD	$nj,$BNSZ($np)	; np[1]
-	addc	$lo1,$lo1,$lo0
-	$UMULL	$nlo,$nj,$m1	; np[1]*m1
-	addze	$hi1,$hi1
-	$UMULH	$nhi,$nj,$m1
-
-	mtctr	$num
-	li	$j,`2*$BNSZ`
-.align	4
-Linner:
-	$LDX	$aj,$ap,$j	; ap[j]
-	addc	$lo0,$alo,$hi0
-	$LD	$tj,$BNSZ($tp)	; tp[j]
-	addze	$hi0,$ahi
-	$LDX	$nj,$np,$j	; np[j]
-	addc	$lo1,$nlo,$hi1
-	$UMULL	$alo,$aj,$m0	; ap[j]*bp[i]
-	addze	$hi1,$nhi
-	$UMULH	$ahi,$aj,$m0
-	addc	$lo0,$lo0,$tj	; ap[j]*bp[i]+tp[j]
-	$UMULL	$nlo,$nj,$m1	; np[j]*m1
-	addze	$hi0,$hi0
-	$UMULH	$nhi,$nj,$m1
-	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[i]+tp[j]
-	addi	$j,$j,$BNSZ	; j++
-	addze	$hi1,$hi1
-	$ST	$lo1,0($tp)	; tp[j-1]
-	addi	$tp,$tp,$BNSZ	; tp++
-	bdnz-	Linner
-;Linner
-	$LD	$tj,$BNSZ($tp)	; tp[j]
-	addc	$lo0,$alo,$hi0
-	addze	$hi0,$ahi
-	addc	$lo0,$lo0,$tj	; ap[j]*bp[i]+tp[j]
-	addze	$hi0,$hi0
-
-	addc	$lo1,$nlo,$hi1
-	addze	$hi1,$nhi
-	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[i]+tp[j]
-	addze	$hi1,$hi1
-	$ST	$lo1,0($tp)	; tp[j-1]
-
-	addic	$ovf,$ovf,-1	; move upmost overflow to XER[CA]
-	li	$ovf,0
-	adde	$hi1,$hi1,$hi0
-	addze	$ovf,$ovf
-	$ST	$hi1,$BNSZ($tp)
-;
-	slwi	$tj,$num,`log($BNSZ)/log(2)`
-	$UCMP	$i,$tj
-	addi	$i,$i,$BNSZ
-	ble-	Louter
-
-	addi	$num,$num,2	; restore $num
-	subfc	$j,$j,$j	; j=0 and "clear" XER[CA]
-	addi	$tp,$sp,$LOCALS
-	mtctr	$num
-
-.align	4
-Lsub:	$LDX	$tj,$tp,$j
-	$LDX	$nj,$np,$j
-	subfe	$aj,$nj,$tj	; tp[j]-np[j]
-	$STX	$aj,$rp,$j
-	addi	$j,$j,$BNSZ
-	bdnz-	Lsub
-
-	li	$j,0
-	mtctr	$num
-	subfe	$ovf,$j,$ovf	; handle upmost overflow bit
-	and	$ap,$tp,$ovf
-	andc	$np,$rp,$ovf
-	or	$ap,$ap,$np	; ap=borrow?tp:rp
-
-.align	4
-Lcopy:				; copy or in-place refresh
-	$LDX	$tj,$ap,$j
-	$STX	$tj,$rp,$j
-	$STX	$j,$tp,$j	; zap at once
-	addi	$j,$j,$BNSZ
-	bdnz-	Lcopy
-
-	$POP	$tj,0($sp)
-	li	r3,1
-	$POP	r20,`-12*$SIZE_T`($tj)
-	$POP	r21,`-11*$SIZE_T`($tj)
-	$POP	r22,`-10*$SIZE_T`($tj)
-	$POP	r23,`-9*$SIZE_T`($tj)
-	$POP	r24,`-8*$SIZE_T`($tj)
-	$POP	r25,`-7*$SIZE_T`($tj)
-	$POP	r26,`-6*$SIZE_T`($tj)
-	$POP	r27,`-5*$SIZE_T`($tj)
-	$POP	r28,`-4*$SIZE_T`($tj)
-	$POP	r29,`-3*$SIZE_T`($tj)
-	$POP	r30,`-2*$SIZE_T`($tj)
-	$POP	r31,`-1*$SIZE_T`($tj)
-	mr	$sp,$tj
-	blr
-	.long	0
-	.byte	0,12,4,0,0x80,12,6,0
-	.long	0
-
-.asciz  "Montgomery Multiplication for PPC, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/ppc.pl b/crypto/bn/asm/ppc.pl
deleted file mode 100644
index 1249ce2299..0000000000
--- a/crypto/bn/asm/ppc.pl
+++ /dev/null
@@ -1,1998 +0,0 @@
-#!/usr/bin/env perl
-#
-# Implemented as a Perl wrapper as we want to support several different
-# architectures with single file. We pick up the target based on the
-# file name we are asked to generate.
-#
-# It should be noted though that this perl code is nothing like
-# <openssl>/crypto/perlasm/x86*. In this case perl is used pretty much
-# as pre-processor to cover for platform differences in name decoration,
-# linker tables, 32-/64-bit instruction sets...
-#
-# As you might know there're several PowerPC ABI in use. Most notably
-# Linux and AIX use different 32-bit ABIs. Good news are that these ABIs
-# are similar enough to implement leaf(!) functions, which would be ABI
-# neutral. And that's what you find here: ABI neutral leaf functions.
-# In case you wonder what that is...
-#
-#       AIX performance
-#
-#	MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e.
-#
-#	The following is the performance of 32-bit compiler
-#	generated code:
-#
-#	OpenSSL 0.9.6c 21 dec 2001
-#	built on: Tue Jun 11 11:06:51 EDT 2002
-#	options:bn(64,32) ...
-#compiler: cc -DTHREADS  -DAIX -DB_ENDIAN -DBN_LLONG -O3
-#                  sign    verify    sign/s verify/s
-#rsa  512 bits   0.0098s   0.0009s    102.0   1170.6
-#rsa 1024 bits   0.0507s   0.0026s     19.7    387.5
-#rsa 2048 bits   0.3036s   0.0085s      3.3    117.1
-#rsa 4096 bits   2.0040s   0.0299s      0.5     33.4
-#dsa  512 bits   0.0087s   0.0106s    114.3     94.5
-#dsa 1024 bits   0.0256s   0.0313s     39.0     32.0	
-#
-#	Same bechmark with this assembler code:
-#
-#rsa  512 bits   0.0056s   0.0005s    178.6   2049.2
-#rsa 1024 bits   0.0283s   0.0015s     35.3    674.1
-#rsa 2048 bits   0.1744s   0.0050s      5.7    201.2
-#rsa 4096 bits   1.1644s   0.0179s      0.9     55.7
-#dsa  512 bits   0.0052s   0.0062s    191.6    162.0
-#dsa 1024 bits   0.0149s   0.0180s     67.0     55.5
-#
-#	Number of operations increases by at almost 75%
-#
-#	Here are performance numbers for 64-bit compiler
-#	generated code:
-#
-#	OpenSSL 0.9.6g [engine] 9 Aug 2002
-#	built on: Fri Apr 18 16:59:20 EDT 2003
-#	options:bn(64,64) ...
-#	compiler: cc -DTHREADS -D_REENTRANT -q64 -DB_ENDIAN -O3
-#                  sign    verify    sign/s verify/s
-#rsa  512 bits   0.0028s   0.0003s    357.1   3844.4
-#rsa 1024 bits   0.0148s   0.0008s     67.5   1239.7
-#rsa 2048 bits   0.0963s   0.0028s     10.4    353.0
-#rsa 4096 bits   0.6538s   0.0102s      1.5     98.1
-#dsa  512 bits   0.0026s   0.0032s    382.5    313.7
-#dsa 1024 bits   0.0081s   0.0099s    122.8    100.6
-#
-#	Same benchmark with this assembler code:
-#
-#rsa  512 bits   0.0020s   0.0002s    510.4   6273.7
-#rsa 1024 bits   0.0088s   0.0005s    114.1   2128.3
-#rsa 2048 bits   0.0540s   0.0016s     18.5    622.5
-#rsa 4096 bits   0.3700s   0.0058s      2.7    171.0
-#dsa  512 bits   0.0016s   0.0020s    610.7    507.1
-#dsa 1024 bits   0.0047s   0.0058s    212.5    173.2
-#	
-#	Again, performance increases by at about 75%
-#
-#       Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code)
-#       OpenSSL 0.9.7c 30 Sep 2003
-#
-#       Original code.
-#
-#rsa  512 bits   0.0011s   0.0001s    906.1  11012.5
-#rsa 1024 bits   0.0060s   0.0003s    166.6   3363.1
-#rsa 2048 bits   0.0370s   0.0010s     27.1    982.4
-#rsa 4096 bits   0.2426s   0.0036s      4.1    280.4
-#dsa  512 bits   0.0010s   0.0012s   1038.1    841.5
-#dsa 1024 bits   0.0030s   0.0037s    329.6    269.7
-#dsa 2048 bits   0.0101s   0.0127s     98.9     78.6
-#
-#       Same benchmark with this assembler code:
-#
-#rsa  512 bits   0.0007s   0.0001s   1416.2  16645.9
-#rsa 1024 bits   0.0036s   0.0002s    274.4   5380.6
-#rsa 2048 bits   0.0222s   0.0006s     45.1   1589.5
-#rsa 4096 bits   0.1469s   0.0022s      6.8    449.6
-#dsa  512 bits   0.0006s   0.0007s   1664.2   1376.2
-#dsa 1024 bits   0.0018s   0.0023s    545.0    442.2
-#dsa 2048 bits   0.0061s   0.0075s    163.5    132.8
-#
-#        Performance increase of ~60%
-#
-#	If you have comments or suggestions to improve code send
-#	me a note at schari@us.ibm.com
-#
-
-$flavour = shift;
-
-if ($flavour =~ /32/) {
-	$BITS=	32;
-	$BNSZ=	$BITS/8;
-	$ISA=	"\"ppc\"";
-
-	$LD=	"lwz";		# load
-	$LDU=	"lwzu";		# load and update
-	$ST=	"stw";		# store
-	$STU=	"stwu";		# store and update
-	$UMULL=	"mullw";	# unsigned multiply low
-	$UMULH=	"mulhwu";	# unsigned multiply high
-	$UDIV=	"divwu";	# unsigned divide
-	$UCMPI=	"cmplwi";	# unsigned compare with immediate
-	$UCMP=	"cmplw";	# unsigned compare
-	$CNTLZ=	"cntlzw";	# count leading zeros
-	$SHL=	"slw";		# shift left
-	$SHR=	"srw";		# unsigned shift right
-	$SHRI=	"srwi";		# unsigned shift right by immediate	
-	$SHLI=	"slwi";		# shift left by immediate
-	$CLRU=	"clrlwi";	# clear upper bits
-	$INSR=	"insrwi";	# insert right
-	$ROTL=	"rotlwi";	# rotate left by immediate
-	$TR=	"tw";		# conditional trap
-} elsif ($flavour =~ /64/) {
-	$BITS=	64;
-	$BNSZ=	$BITS/8;
-	$ISA=	"\"ppc64\"";
-
-	# same as above, but 64-bit mnemonics...
-	$LD=	"ld";		# load
-	$LDU=	"ldu";		# load and update
-	$ST=	"std";		# store
-	$STU=	"stdu";		# store and update
-	$UMULL=	"mulld";	# unsigned multiply low
-	$UMULH=	"mulhdu";	# unsigned multiply high
-	$UDIV=	"divdu";	# unsigned divide
-	$UCMPI=	"cmpldi";	# unsigned compare with immediate
-	$UCMP=	"cmpld";	# unsigned compare
-	$CNTLZ=	"cntlzd";	# count leading zeros
-	$SHL=	"sld";		# shift left
-	$SHR=	"srd";		# unsigned shift right
-	$SHRI=	"srdi";		# unsigned shift right by immediate	
-	$SHLI=	"sldi";		# shift left by immediate
-	$CLRU=	"clrldi";	# clear upper bits
-	$INSR=	"insrdi";	# insert right 
-	$ROTL=	"rotldi";	# rotate left by immediate
-	$TR=	"td";		# conditional trap
-} else { die "nonsense $flavour"; }
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
-die "can't locate ppc-xlate.pl";
-
-open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
-
-$data=<<EOF;
-#--------------------------------------------------------------------
-#
-#
-#
-#
-#	File:		ppc32.s
-#
-#	Created by:	Suresh Chari
-#			IBM Thomas J. Watson Research Library
-#			Hawthorne, NY
-#
-#
-#	Description:	Optimized assembly routines for OpenSSL crypto
-#			on the 32 bitPowerPC platform.
-#
-#
-#	Version History
-#
-#	2. Fixed bn_add,bn_sub and bn_div_words, added comments,
-#	   cleaned up code. Also made a single version which can
-#	   be used for both the AIX and Linux compilers. See NOTE
-#	   below.
-#				12/05/03		Suresh Chari
-#			(with lots of help from)        Andy Polyakov
-##	
-#	1. Initial version	10/20/02		Suresh Chari
-#
-#
-#	The following file works for the xlc,cc
-#	and gcc compilers.
-#
-#	NOTE:	To get the file to link correctly with the gcc compiler
-#	        you have to change the names of the routines and remove
-#		the first .(dot) character. This should automatically
-#		be done in the build process.
-#
-#	Hand optimized assembly code for the following routines
-#	
-#	bn_sqr_comba4
-#	bn_sqr_comba8
-#	bn_mul_comba4
-#	bn_mul_comba8
-#	bn_sub_words
-#	bn_add_words
-#	bn_div_words
-#	bn_sqr_words
-#	bn_mul_words
-#	bn_mul_add_words
-#
-#	NOTE:	It is possible to optimize this code more for
-#	specific PowerPC or Power architectures. On the Northstar
-#	architecture the optimizations in this file do
-#	 NOT provide much improvement.
-#
-#	If you have comments or suggestions to improve code send
-#	me a note at schari\@us.ibm.com
-#
-#--------------------------------------------------------------------------
-#
-#	Defines to be used in the assembly code.
-#	
-#.set r0,0	# we use it as storage for value of 0
-#.set SP,1	# preserved
-#.set RTOC,2	# preserved 
-#.set r3,3	# 1st argument/return value
-#.set r4,4	# 2nd argument/volatile register
-#.set r5,5	# 3rd argument/volatile register
-#.set r6,6	# ...
-#.set r7,7
-#.set r8,8
-#.set r9,9
-#.set r10,10
-#.set r11,11
-#.set r12,12
-#.set r13,13	# not used, nor any other "below" it...
-
-#	Declare function names to be global
-#	NOTE:	For gcc these names MUST be changed to remove
-#	        the first . i.e. for example change ".bn_sqr_comba4"
-#		to "bn_sqr_comba4". This should be automatically done
-#		in the build.
-	
-	.globl	.bn_sqr_comba4
-	.globl	.bn_sqr_comba8
-	.globl	.bn_mul_comba4
-	.globl	.bn_mul_comba8
-	.globl	.bn_sub_words
-	.globl	.bn_add_words
-	.globl	.bn_div_words
-	.globl	.bn_sqr_words
-	.globl	.bn_mul_words
-	.globl	.bn_mul_add_words
-	
-# .text section
-	
-	.machine	"any"
-
-#
-#	NOTE:	The following label name should be changed to
-#		"bn_sqr_comba4" i.e. remove the first dot
-#		for the gcc compiler. This should be automatically
-#		done in the build
-#
-
-.align	4
-.bn_sqr_comba4:
-#
-# Optimized version of bn_sqr_comba4.
-#
-# void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-# r3 contains r
-# r4 contains a
-#
-# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:	
-# 
-# r5,r6 are the two BN_ULONGs being multiplied.
-# r7,r8 are the results of the 32x32 giving 64 bit multiply.
-# r9,r10, r11 are the equivalents of c1,c2, c3.
-# Here's the assembly
-#
-#
-	xor		r0,r0,r0		# set r0 = 0. Used in the addze
-						# instructions below
-	
-						#sqr_add_c(a,0,c1,c2,c3)
-	$LD		r5,`0*$BNSZ`(r4)		
-	$UMULL		r9,r5,r5		
-	$UMULH		r10,r5,r5		#in first iteration. No need
-						#to add since c1=c2=c3=0.
-						# Note c3(r11) is NOT set to 0
-						# but will be.
-
-	$ST		r9,`0*$BNSZ`(r3)	# r[0]=c1;
-						# sqr_add_c2(a,1,0,c2,c3,c1);
-	$LD		r6,`1*$BNSZ`(r4)		
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-					
-	addc		r7,r7,r7		# compute (r7,r8)=2*(r7,r8)
-	adde		r8,r8,r8
-	addze		r9,r0			# catch carry if any.
-						# r9= r0(=0) and carry 
-	
-	addc		r10,r7,r10		# now add to temp result.
-	addze		r11,r8                  # r8 added to r11 which is 0 
-	addze		r9,r9
-	
-	$ST		r10,`1*$BNSZ`(r3)	#r[1]=c2; 
-						#sqr_add_c(a,1,c3,c1,c2)
-	$UMULL		r7,r6,r6
-	$UMULH		r8,r6,r6
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r0
-						#sqr_add_c2(a,2,0,c3,c1,c2)
-	$LD		r6,`2*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r7,r7,r7
-	adde		r8,r8,r8
-	addze		r10,r10
-	
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3 
-						#sqr_add_c2(a,3,0,c1,c2,c3);
-	$LD		r6,`3*$BNSZ`(r4)		
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r7,r7,r7
-	adde		r8,r8,r8
-	addze		r11,r0
-	
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-						#sqr_add_c2(a,2,1,c1,c2,c3);
-	$LD		r5,`1*$BNSZ`(r4)
-	$LD		r6,`2*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r7,r7,r7
-	adde		r8,r8,r8
-	addze		r11,r11
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-	$ST		r9,`3*$BNSZ`(r3)	#r[3]=c1
-						#sqr_add_c(a,2,c2,c3,c1);
-	$UMULL		r7,r6,r6
-	$UMULH		r8,r6,r6
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r0
-						#sqr_add_c2(a,3,1,c2,c3,c1);
-	$LD		r6,`3*$BNSZ`(r4)		
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r7,r7,r7
-	adde		r8,r8,r8
-	addze		r9,r9
-	
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-	$ST		r10,`4*$BNSZ`(r3)	#r[4]=c2
-						#sqr_add_c2(a,3,2,c3,c1,c2);
-	$LD		r5,`2*$BNSZ`(r4)		
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r7,r7,r7
-	adde		r8,r8,r8
-	addze		r10,r0
-	
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	$ST		r11,`5*$BNSZ`(r3)	#r[5] = c3
-						#sqr_add_c(a,3,c1,c2,c3);
-	$UMULL		r7,r6,r6		
-	$UMULH		r8,r6,r6
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-
-	$ST		r9,`6*$BNSZ`(r3)	#r[6]=c1
-	$ST		r10,`7*$BNSZ`(r3)	#r[7]=c2
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,2,0
-	.long	0
-
-#
-#	NOTE:	The following label name should be changed to
-#		"bn_sqr_comba8" i.e. remove the first dot
-#		for the gcc compiler. This should be automatically
-#		done in the build
-#
-	
-.align	4
-.bn_sqr_comba8:
-#
-# This is an optimized version of the bn_sqr_comba8 routine.
-# Tightly uses the adde instruction
-#
-#
-# void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-# r3 contains r
-# r4 contains a
-#
-# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:	
-# 
-# r5,r6 are the two BN_ULONGs being multiplied.
-# r7,r8 are the results of the 32x32 giving 64 bit multiply.
-# r9,r10, r11 are the equivalents of c1,c2, c3.
-#
-# Possible optimization of loading all 8 longs of a into registers
-# doesnt provide any speedup
-# 
-
-	xor		r0,r0,r0		#set r0 = 0.Used in addze
-						#instructions below.
-
-						#sqr_add_c(a,0,c1,c2,c3);
-	$LD		r5,`0*$BNSZ`(r4)
-	$UMULL		r9,r5,r5		#1st iteration:	no carries.
-	$UMULH		r10,r5,r5
-	$ST		r9,`0*$BNSZ`(r3)	# r[0]=c1;
-						#sqr_add_c2(a,1,0,c2,c3,c1);
-	$LD		r6,`1*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6	
-	
-	addc		r10,r7,r10		#add the two register number
-	adde		r11,r8,r0 		# (r8,r7) to the three register
-	addze		r9,r0			# number (r9,r11,r10).NOTE:r0=0
-	
-	addc		r10,r7,r10		#add the two register number
-	adde		r11,r8,r11 		# (r8,r7) to the three register
-	addze		r9,r9			# number (r9,r11,r10).
-	
-	$ST		r10,`1*$BNSZ`(r3)	# r[1]=c2
-				
-						#sqr_add_c(a,1,c3,c1,c2);
-	$UMULL		r7,r6,r6
-	$UMULH		r8,r6,r6
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r0
-						#sqr_add_c2(a,2,0,c3,c1,c2);
-	$LD		r6,`2*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	
-	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3
-						#sqr_add_c2(a,3,0,c1,c2,c3);
-	$LD		r6,`3*$BNSZ`(r4)	#r6 = a[3]. r5 is already a[0].
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r0
-	
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-						#sqr_add_c2(a,2,1,c1,c2,c3);
-	$LD		r5,`1*$BNSZ`(r4)
-	$LD		r6,`2*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-	
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-	
-	$ST		r9,`3*$BNSZ`(r3)	#r[3]=c1;
-						#sqr_add_c(a,2,c2,c3,c1);
-	$UMULL		r7,r6,r6
-	$UMULH		r8,r6,r6
-	
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r0
-						#sqr_add_c2(a,3,1,c2,c3,c1);
-	$LD		r6,`3*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-	
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-						#sqr_add_c2(a,4,0,c2,c3,c1);
-	$LD		r5,`0*$BNSZ`(r4)
-	$LD		r6,`4*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-	
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-	$ST		r10,`4*$BNSZ`(r3)	#r[4]=c2;
-						#sqr_add_c2(a,5,0,c3,c1,c2);
-	$LD		r6,`5*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r0
-	
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-						#sqr_add_c2(a,4,1,c3,c1,c2);
-	$LD		r5,`1*$BNSZ`(r4)
-	$LD		r6,`4*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-						#sqr_add_c2(a,3,2,c3,c1,c2);
-	$LD		r5,`2*$BNSZ`(r4)
-	$LD		r6,`3*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	$ST		r11,`5*$BNSZ`(r3)	#r[5]=c3;
-						#sqr_add_c(a,3,c1,c2,c3);
-	$UMULL		r7,r6,r6
-	$UMULH		r8,r6,r6
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r0
-						#sqr_add_c2(a,4,2,c1,c2,c3);
-	$LD		r6,`4*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-	
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-						#sqr_add_c2(a,5,1,c1,c2,c3);
-	$LD		r5,`1*$BNSZ`(r4)
-	$LD		r6,`5*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-	
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-						#sqr_add_c2(a,6,0,c1,c2,c3);
-	$LD		r5,`0*$BNSZ`(r4)
-	$LD		r6,`6*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-	$ST		r9,`6*$BNSZ`(r3)	#r[6]=c1;
-						#sqr_add_c2(a,7,0,c2,c3,c1);
-	$LD		r6,`7*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r0
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-						#sqr_add_c2(a,6,1,c2,c3,c1);
-	$LD		r5,`1*$BNSZ`(r4)
-	$LD		r6,`6*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-						#sqr_add_c2(a,5,2,c2,c3,c1);
-	$LD		r5,`2*$BNSZ`(r4)
-	$LD		r6,`5*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-						#sqr_add_c2(a,4,3,c2,c3,c1);
-	$LD		r5,`3*$BNSZ`(r4)
-	$LD		r6,`4*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-	$ST		r10,`7*$BNSZ`(r3)	#r[7]=c2;
-						#sqr_add_c(a,4,c3,c1,c2);
-	$UMULL		r7,r6,r6
-	$UMULH		r8,r6,r6
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r0
-						#sqr_add_c2(a,5,3,c3,c1,c2);
-	$LD		r6,`5*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-						#sqr_add_c2(a,6,2,c3,c1,c2);
-	$LD		r5,`2*$BNSZ`(r4)
-	$LD		r6,`6*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-						#sqr_add_c2(a,7,1,c3,c1,c2);
-	$LD		r5,`1*$BNSZ`(r4)
-	$LD		r6,`7*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	$ST		r11,`8*$BNSZ`(r3)	#r[8]=c3;
-						#sqr_add_c2(a,7,2,c1,c2,c3);
-	$LD		r5,`2*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r0
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-						#sqr_add_c2(a,6,3,c1,c2,c3);
-	$LD		r5,`3*$BNSZ`(r4)
-	$LD		r6,`6*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-						#sqr_add_c2(a,5,4,c1,c2,c3);
-	$LD		r5,`4*$BNSZ`(r4)
-	$LD		r6,`5*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-	$ST		r9,`9*$BNSZ`(r3)	#r[9]=c1;
-						#sqr_add_c(a,5,c2,c3,c1);
-	$UMULL		r7,r6,r6
-	$UMULH		r8,r6,r6
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r0
-						#sqr_add_c2(a,6,4,c2,c3,c1);
-	$LD		r6,`6*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-						#sqr_add_c2(a,7,3,c2,c3,c1);
-	$LD		r5,`3*$BNSZ`(r4)
-	$LD		r6,`7*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-	$ST		r10,`10*$BNSZ`(r3)	#r[10]=c2;
-						#sqr_add_c2(a,7,4,c3,c1,c2);
-	$LD		r5,`4*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r0
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-						#sqr_add_c2(a,6,5,c3,c1,c2);
-	$LD		r5,`5*$BNSZ`(r4)
-	$LD		r6,`6*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	addze		r10,r10
-	$ST		r11,`11*$BNSZ`(r3)	#r[11]=c3;
-						#sqr_add_c(a,6,c1,c2,c3);
-	$UMULL		r7,r6,r6
-	$UMULH		r8,r6,r6
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r0
-						#sqr_add_c2(a,7,5,c1,c2,c3)
-	$LD		r6,`7*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-	addc		r9,r7,r9
-	adde		r10,r8,r10
-	addze		r11,r11
-	$ST		r9,`12*$BNSZ`(r3)	#r[12]=c1;
-	
-						#sqr_add_c2(a,7,6,c2,c3,c1)
-	$LD		r5,`6*$BNSZ`(r4)
-	$UMULL		r7,r5,r6
-	$UMULH		r8,r5,r6
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r0
-	addc		r10,r7,r10
-	adde		r11,r8,r11
-	addze		r9,r9
-	$ST		r10,`13*$BNSZ`(r3)	#r[13]=c2;
-						#sqr_add_c(a,7,c3,c1,c2);
-	$UMULL		r7,r6,r6
-	$UMULH		r8,r6,r6
-	addc		r11,r7,r11
-	adde		r9,r8,r9
-	$ST		r11,`14*$BNSZ`(r3)	#r[14]=c3;
-	$ST		r9, `15*$BNSZ`(r3)	#r[15]=c1;
-
-
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,2,0
-	.long	0
-
-#
-#	NOTE:	The following label name should be changed to
-#		"bn_mul_comba4" i.e. remove the first dot
-#		for the gcc compiler. This should be automatically
-#		done in the build
-#
-
-.align	4
-.bn_mul_comba4:
-#
-# This is an optimized version of the bn_mul_comba4 routine.
-#
-# void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-# r3 contains r
-# r4 contains a
-# r5 contains b
-# r6, r7 are the 2 BN_ULONGs being multiplied.
-# r8, r9 are the results of the 32x32 giving 64 multiply.
-# r10, r11, r12 are the equivalents of c1, c2, and c3.
-#
-	xor	r0,r0,r0		#r0=0. Used in addze below.
-					#mul_add_c(a[0],b[0],c1,c2,c3);
-	$LD	r6,`0*$BNSZ`(r4)		
-	$LD	r7,`0*$BNSZ`(r5)		
-	$UMULL	r10,r6,r7		
-	$UMULH	r11,r6,r7		
-	$ST	r10,`0*$BNSZ`(r3)	#r[0]=c1
-					#mul_add_c(a[0],b[1],c2,c3,c1);
-	$LD	r7,`1*$BNSZ`(r5)		
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r8,r11
-	adde	r12,r9,r0
-	addze	r10,r0
-					#mul_add_c(a[1],b[0],c2,c3,c1);
-	$LD	r6, `1*$BNSZ`(r4)		
-	$LD	r7, `0*$BNSZ`(r5)		
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r8,r11
-	adde	r12,r9,r12
-	addze	r10,r10
-	$ST	r11,`1*$BNSZ`(r3)	#r[1]=c2
-					#mul_add_c(a[2],b[0],c3,c1,c2);
-	$LD	r6,`2*$BNSZ`(r4)		
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r8,r12
-	adde	r10,r9,r10
-	addze	r11,r0
-					#mul_add_c(a[1],b[1],c3,c1,c2);
-	$LD	r6,`1*$BNSZ`(r4)		
-	$LD	r7,`1*$BNSZ`(r5)		
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r8,r12
-	adde	r10,r9,r10
-	addze	r11,r11
-					#mul_add_c(a[0],b[2],c3,c1,c2);
-	$LD	r6,`0*$BNSZ`(r4)		
-	$LD	r7,`2*$BNSZ`(r5)		
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r8,r12
-	adde	r10,r9,r10
-	addze	r11,r11
-	$ST	r12,`2*$BNSZ`(r3)	#r[2]=c3
-					#mul_add_c(a[0],b[3],c1,c2,c3);
-	$LD	r7,`3*$BNSZ`(r5)		
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r8,r10
-	adde	r11,r9,r11
-	addze	r12,r0
-					#mul_add_c(a[1],b[2],c1,c2,c3);
-	$LD	r6,`1*$BNSZ`(r4)
-	$LD	r7,`2*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r8,r10
-	adde	r11,r9,r11
-	addze	r12,r12
-					#mul_add_c(a[2],b[1],c1,c2,c3);
-	$LD	r6,`2*$BNSZ`(r4)
-	$LD	r7,`1*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r8,r10
-	adde	r11,r9,r11
-	addze	r12,r12
-					#mul_add_c(a[3],b[0],c1,c2,c3);
-	$LD	r6,`3*$BNSZ`(r4)
-	$LD	r7,`0*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r8,r10
-	adde	r11,r9,r11
-	addze	r12,r12
-	$ST	r10,`3*$BNSZ`(r3)	#r[3]=c1
-					#mul_add_c(a[3],b[1],c2,c3,c1);
-	$LD	r7,`1*$BNSZ`(r5)		
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r8,r11
-	adde	r12,r9,r12
-	addze	r10,r0
-					#mul_add_c(a[2],b[2],c2,c3,c1);
-	$LD	r6,`2*$BNSZ`(r4)
-	$LD	r7,`2*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r8,r11
-	adde	r12,r9,r12
-	addze	r10,r10
-					#mul_add_c(a[1],b[3],c2,c3,c1);
-	$LD	r6,`1*$BNSZ`(r4)
-	$LD	r7,`3*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r8,r11
-	adde	r12,r9,r12
-	addze	r10,r10
-	$ST	r11,`4*$BNSZ`(r3)	#r[4]=c2
-					#mul_add_c(a[2],b[3],c3,c1,c2);
-	$LD	r6,`2*$BNSZ`(r4)		
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r8,r12
-	adde	r10,r9,r10
-	addze	r11,r0
-					#mul_add_c(a[3],b[2],c3,c1,c2);
-	$LD	r6,`3*$BNSZ`(r4)
-	$LD	r7,`2*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r8,r12
-	adde	r10,r9,r10
-	addze	r11,r11
-	$ST	r12,`5*$BNSZ`(r3)	#r[5]=c3
-					#mul_add_c(a[3],b[3],c1,c2,c3);
-	$LD	r7,`3*$BNSZ`(r5)		
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r8,r10
-	adde	r11,r9,r11
-
-	$ST	r10,`6*$BNSZ`(r3)	#r[6]=c1
-	$ST	r11,`7*$BNSZ`(r3)	#r[7]=c2
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,3,0
-	.long	0
-
-#
-#	NOTE:	The following label name should be changed to
-#		"bn_mul_comba8" i.e. remove the first dot
-#		for the gcc compiler. This should be automatically
-#		done in the build
-#
-	
-.align	4
-.bn_mul_comba8:
-#
-# Optimized version of the bn_mul_comba8 routine.
-#
-# void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-# r3 contains r
-# r4 contains a
-# r5 contains b
-# r6, r7 are the 2 BN_ULONGs being multiplied.
-# r8, r9 are the results of the 32x32 giving 64 multiply.
-# r10, r11, r12 are the equivalents of c1, c2, and c3.
-#
-	xor	r0,r0,r0		#r0=0. Used in addze below.
-	
-					#mul_add_c(a[0],b[0],c1,c2,c3);
-	$LD	r6,`0*$BNSZ`(r4)	#a[0]
-	$LD	r7,`0*$BNSZ`(r5)	#b[0]
-	$UMULL	r10,r6,r7
-	$UMULH	r11,r6,r7
-	$ST	r10,`0*$BNSZ`(r3)	#r[0]=c1;
-					#mul_add_c(a[0],b[1],c2,c3,c1);
-	$LD	r7,`1*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	addze	r12,r9			# since we didnt set r12 to zero before.
-	addze	r10,r0
-					#mul_add_c(a[1],b[0],c2,c3,c1);
-	$LD	r6,`1*$BNSZ`(r4)
-	$LD	r7,`0*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-	$ST	r11,`1*$BNSZ`(r3)	#r[1]=c2;
-					#mul_add_c(a[2],b[0],c3,c1,c2);
-	$LD	r6,`2*$BNSZ`(r4)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r0
-					#mul_add_c(a[1],b[1],c3,c1,c2);
-	$LD	r6,`1*$BNSZ`(r4)
-	$LD	r7,`1*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-					#mul_add_c(a[0],b[2],c3,c1,c2);
-	$LD	r6,`0*$BNSZ`(r4)
-	$LD	r7,`2*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-	$ST	r12,`2*$BNSZ`(r3)	#r[2]=c3;
-					#mul_add_c(a[0],b[3],c1,c2,c3);
-	$LD	r7,`3*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r0
-					#mul_add_c(a[1],b[2],c1,c2,c3);
-	$LD	r6,`1*$BNSZ`(r4)
-	$LD	r7,`2*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-		
-					#mul_add_c(a[2],b[1],c1,c2,c3);
-	$LD	r6,`2*$BNSZ`(r4)
-	$LD	r7,`1*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-					#mul_add_c(a[3],b[0],c1,c2,c3);
-	$LD	r6,`3*$BNSZ`(r4)
-	$LD	r7,`0*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-	$ST	r10,`3*$BNSZ`(r3)	#r[3]=c1;
-					#mul_add_c(a[4],b[0],c2,c3,c1);
-	$LD	r6,`4*$BNSZ`(r4)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r0
-					#mul_add_c(a[3],b[1],c2,c3,c1);
-	$LD	r6,`3*$BNSZ`(r4)
-	$LD	r7,`1*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-					#mul_add_c(a[2],b[2],c2,c3,c1);
-	$LD	r6,`2*$BNSZ`(r4)
-	$LD	r7,`2*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-					#mul_add_c(a[1],b[3],c2,c3,c1);
-	$LD	r6,`1*$BNSZ`(r4)
-	$LD	r7,`3*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-					#mul_add_c(a[0],b[4],c2,c3,c1);
-	$LD	r6,`0*$BNSZ`(r4)
-	$LD	r7,`4*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-	$ST	r11,`4*$BNSZ`(r3)	#r[4]=c2;
-					#mul_add_c(a[0],b[5],c3,c1,c2);
-	$LD	r7,`5*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r0
-					#mul_add_c(a[1],b[4],c3,c1,c2);
-	$LD	r6,`1*$BNSZ`(r4)		
-	$LD	r7,`4*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-					#mul_add_c(a[2],b[3],c3,c1,c2);
-	$LD	r6,`2*$BNSZ`(r4)		
-	$LD	r7,`3*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-					#mul_add_c(a[3],b[2],c3,c1,c2);
-	$LD	r6,`3*$BNSZ`(r4)		
-	$LD	r7,`2*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-					#mul_add_c(a[4],b[1],c3,c1,c2);
-	$LD	r6,`4*$BNSZ`(r4)		
-	$LD	r7,`1*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-					#mul_add_c(a[5],b[0],c3,c1,c2);
-	$LD	r6,`5*$BNSZ`(r4)		
-	$LD	r7,`0*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-	$ST	r12,`5*$BNSZ`(r3)	#r[5]=c3;
-					#mul_add_c(a[6],b[0],c1,c2,c3);
-	$LD	r6,`6*$BNSZ`(r4)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r0
-					#mul_add_c(a[5],b[1],c1,c2,c3);
-	$LD	r6,`5*$BNSZ`(r4)
-	$LD	r7,`1*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-					#mul_add_c(a[4],b[2],c1,c2,c3);
-	$LD	r6,`4*$BNSZ`(r4)
-	$LD	r7,`2*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-					#mul_add_c(a[3],b[3],c1,c2,c3);
-	$LD	r6,`3*$BNSZ`(r4)
-	$LD	r7,`3*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-					#mul_add_c(a[2],b[4],c1,c2,c3);
-	$LD	r6,`2*$BNSZ`(r4)
-	$LD	r7,`4*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-					#mul_add_c(a[1],b[5],c1,c2,c3);
-	$LD	r6,`1*$BNSZ`(r4)
-	$LD	r7,`5*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-					#mul_add_c(a[0],b[6],c1,c2,c3);
-	$LD	r6,`0*$BNSZ`(r4)
-	$LD	r7,`6*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-	$ST	r10,`6*$BNSZ`(r3)	#r[6]=c1;
-					#mul_add_c(a[0],b[7],c2,c3,c1);
-	$LD	r7,`7*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r0
-					#mul_add_c(a[1],b[6],c2,c3,c1);
-	$LD	r6,`1*$BNSZ`(r4)
-	$LD	r7,`6*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-					#mul_add_c(a[2],b[5],c2,c3,c1);
-	$LD	r6,`2*$BNSZ`(r4)
-	$LD	r7,`5*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-					#mul_add_c(a[3],b[4],c2,c3,c1);
-	$LD	r6,`3*$BNSZ`(r4)
-	$LD	r7,`4*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-					#mul_add_c(a[4],b[3],c2,c3,c1);
-	$LD	r6,`4*$BNSZ`(r4)
-	$LD	r7,`3*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-					#mul_add_c(a[5],b[2],c2,c3,c1);
-	$LD	r6,`5*$BNSZ`(r4)
-	$LD	r7,`2*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-					#mul_add_c(a[6],b[1],c2,c3,c1);
-	$LD	r6,`6*$BNSZ`(r4)
-	$LD	r7,`1*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-					#mul_add_c(a[7],b[0],c2,c3,c1);
-	$LD	r6,`7*$BNSZ`(r4)
-	$LD	r7,`0*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-	$ST	r11,`7*$BNSZ`(r3)	#r[7]=c2;
-					#mul_add_c(a[7],b[1],c3,c1,c2);
-	$LD	r7,`1*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r0
-					#mul_add_c(a[6],b[2],c3,c1,c2);
-	$LD	r6,`6*$BNSZ`(r4)
-	$LD	r7,`2*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-					#mul_add_c(a[5],b[3],c3,c1,c2);
-	$LD	r6,`5*$BNSZ`(r4)
-	$LD	r7,`3*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-					#mul_add_c(a[4],b[4],c3,c1,c2);
-	$LD	r6,`4*$BNSZ`(r4)
-	$LD	r7,`4*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-					#mul_add_c(a[3],b[5],c3,c1,c2);
-	$LD	r6,`3*$BNSZ`(r4)
-	$LD	r7,`5*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-					#mul_add_c(a[2],b[6],c3,c1,c2);
-	$LD	r6,`2*$BNSZ`(r4)
-	$LD	r7,`6*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-					#mul_add_c(a[1],b[7],c3,c1,c2);
-	$LD	r6,`1*$BNSZ`(r4)
-	$LD	r7,`7*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-	$ST	r12,`8*$BNSZ`(r3)	#r[8]=c3;
-					#mul_add_c(a[2],b[7],c1,c2,c3);
-	$LD	r6,`2*$BNSZ`(r4)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r0
-					#mul_add_c(a[3],b[6],c1,c2,c3);
-	$LD	r6,`3*$BNSZ`(r4)
-	$LD	r7,`6*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-					#mul_add_c(a[4],b[5],c1,c2,c3);
-	$LD	r6,`4*$BNSZ`(r4)
-	$LD	r7,`5*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-					#mul_add_c(a[5],b[4],c1,c2,c3);
-	$LD	r6,`5*$BNSZ`(r4)
-	$LD	r7,`4*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-					#mul_add_c(a[6],b[3],c1,c2,c3);
-	$LD	r6,`6*$BNSZ`(r4)
-	$LD	r7,`3*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-					#mul_add_c(a[7],b[2],c1,c2,c3);
-	$LD	r6,`7*$BNSZ`(r4)
-	$LD	r7,`2*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-	$ST	r10,`9*$BNSZ`(r3)	#r[9]=c1;
-					#mul_add_c(a[7],b[3],c2,c3,c1);
-	$LD	r7,`3*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r0
-					#mul_add_c(a[6],b[4],c2,c3,c1);
-	$LD	r6,`6*$BNSZ`(r4)
-	$LD	r7,`4*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-					#mul_add_c(a[5],b[5],c2,c3,c1);
-	$LD	r6,`5*$BNSZ`(r4)
-	$LD	r7,`5*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-					#mul_add_c(a[4],b[6],c2,c3,c1);
-	$LD	r6,`4*$BNSZ`(r4)
-	$LD	r7,`6*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-					#mul_add_c(a[3],b[7],c2,c3,c1);
-	$LD	r6,`3*$BNSZ`(r4)
-	$LD	r7,`7*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-	$ST	r11,`10*$BNSZ`(r3)	#r[10]=c2;
-					#mul_add_c(a[4],b[7],c3,c1,c2);
-	$LD	r6,`4*$BNSZ`(r4)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r0
-					#mul_add_c(a[5],b[6],c3,c1,c2);
-	$LD	r6,`5*$BNSZ`(r4)
-	$LD	r7,`6*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-					#mul_add_c(a[6],b[5],c3,c1,c2);
-	$LD	r6,`6*$BNSZ`(r4)
-	$LD	r7,`5*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-					#mul_add_c(a[7],b[4],c3,c1,c2);
-	$LD	r6,`7*$BNSZ`(r4)
-	$LD	r7,`4*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	addze	r11,r11
-	$ST	r12,`11*$BNSZ`(r3)	#r[11]=c3;
-					#mul_add_c(a[7],b[5],c1,c2,c3);
-	$LD	r7,`5*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r0
-					#mul_add_c(a[6],b[6],c1,c2,c3);
-	$LD	r6,`6*$BNSZ`(r4)
-	$LD	r7,`6*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-					#mul_add_c(a[5],b[7],c1,c2,c3);
-	$LD	r6,`5*$BNSZ`(r4)
-	$LD	r7,`7*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r10,r10,r8
-	adde	r11,r11,r9
-	addze	r12,r12
-	$ST	r10,`12*$BNSZ`(r3)	#r[12]=c1;
-					#mul_add_c(a[6],b[7],c2,c3,c1);
-	$LD	r6,`6*$BNSZ`(r4)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r0
-					#mul_add_c(a[7],b[6],c2,c3,c1);
-	$LD	r6,`7*$BNSZ`(r4)
-	$LD	r7,`6*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r11,r11,r8
-	adde	r12,r12,r9
-	addze	r10,r10
-	$ST	r11,`13*$BNSZ`(r3)	#r[13]=c2;
-					#mul_add_c(a[7],b[7],c3,c1,c2);
-	$LD	r7,`7*$BNSZ`(r5)
-	$UMULL	r8,r6,r7
-	$UMULH	r9,r6,r7
-	addc	r12,r12,r8
-	adde	r10,r10,r9
-	$ST	r12,`14*$BNSZ`(r3)	#r[14]=c3;
-	$ST	r10,`15*$BNSZ`(r3)	#r[15]=c1;
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,3,0
-	.long	0
-
-#
-#	NOTE:	The following label name should be changed to
-#		"bn_sub_words" i.e. remove the first dot
-#		for the gcc compiler. This should be automatically
-#		done in the build
-#
-#
-.align	4
-.bn_sub_words:
-#
-#	Handcoded version of bn_sub_words
-#
-#BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-#
-#	r3 = r
-#	r4 = a
-#	r5 = b
-#	r6 = n
-#
-#       Note:	No loop unrolling done since this is not a performance
-#               critical loop.
-
-	xor	r0,r0,r0	#set r0 = 0
-#
-#	check for r6 = 0 AND set carry bit.
-#
-	subfc.	r7,r0,r6        # If r6 is 0 then result is 0.
-				# if r6 > 0 then result !=0
-				# In either case carry bit is set.
-	beq	Lppcasm_sub_adios
-	addi	r4,r4,-$BNSZ
-	addi	r3,r3,-$BNSZ
-	addi	r5,r5,-$BNSZ
-	mtctr	r6
-Lppcasm_sub_mainloop:	
-	$LDU	r7,$BNSZ(r4)
-	$LDU	r8,$BNSZ(r5)
-	subfe	r6,r8,r7	# r6 = r7+carry bit + onescomplement(r8)
-				# if carry = 1 this is r7-r8. Else it
-				# is r7-r8 -1 as we need.
-	$STU	r6,$BNSZ(r3)
-	bdnz-	Lppcasm_sub_mainloop
-Lppcasm_sub_adios:	
-	subfze	r3,r0		# if carry bit is set then r3 = 0 else -1
-	andi.	r3,r3,1         # keep only last bit.
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,4,0
-	.long	0
-
-#
-#	NOTE:	The following label name should be changed to
-#		"bn_add_words" i.e. remove the first dot
-#		for the gcc compiler. This should be automatically
-#		done in the build
-#
-
-.align	4
-.bn_add_words:
-#
-#	Handcoded version of bn_add_words
-#
-#BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-#
-#	r3 = r
-#	r4 = a
-#	r5 = b
-#	r6 = n
-#
-#       Note:	No loop unrolling done since this is not a performance
-#               critical loop.
-
-	xor	r0,r0,r0
-#
-#	check for r6 = 0. Is this needed?
-#
-	addic.	r6,r6,0		#test r6 and clear carry bit.
-	beq	Lppcasm_add_adios
-	addi	r4,r4,-$BNSZ
-	addi	r3,r3,-$BNSZ
-	addi	r5,r5,-$BNSZ
-	mtctr	r6
-Lppcasm_add_mainloop:	
-	$LDU	r7,$BNSZ(r4)
-	$LDU	r8,$BNSZ(r5)
-	adde	r8,r7,r8
-	$STU	r8,$BNSZ(r3)
-	bdnz-	Lppcasm_add_mainloop
-Lppcasm_add_adios:	
-	addze	r3,r0			#return carry bit.
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,4,0
-	.long	0
-
-#
-#	NOTE:	The following label name should be changed to
-#		"bn_div_words" i.e. remove the first dot
-#		for the gcc compiler. This should be automatically
-#		done in the build
-#
-
-.align	4
-.bn_div_words:
-#
-#	This is a cleaned up version of code generated by
-#	the AIX compiler. The only optimization is to use
-#	the PPC instruction to count leading zeros instead
-#	of call to num_bits_word. Since this was compiled
-#	only at level -O2 we can possibly squeeze it more?
-#	
-#	r3 = h
-#	r4 = l
-#	r5 = d
-	
-	$UCMPI	0,r5,0			# compare r5 and 0
-	bne	Lppcasm_div1		# proceed if d!=0
-	li	r3,-1			# d=0 return -1
-	blr
-Lppcasm_div1:
-	xor	r0,r0,r0		#r0=0
-	li	r8,$BITS
-	$CNTLZ.	r7,r5			#r7 = num leading 0s in d.
-	beq	Lppcasm_div2		#proceed if no leading zeros
-	subf	r8,r7,r8		#r8 = BN_num_bits_word(d)
-	$SHR.	r9,r3,r8		#are there any bits above r8'th?
-	$TR	16,r9,r0		#if there're, signal to dump core...
-Lppcasm_div2:
-	$UCMP	0,r3,r5			#h>=d?
-	blt	Lppcasm_div3		#goto Lppcasm_div3 if not
-	subf	r3,r5,r3		#h-=d ; 
-Lppcasm_div3:				#r7 = BN_BITS2-i. so r7=i
-	cmpi	0,0,r7,0		# is (i == 0)?
-	beq	Lppcasm_div4
-	$SHL	r3,r3,r7		# h = (h<< i)
-	$SHR	r8,r4,r8		# r8 = (l >> BN_BITS2 -i)
-	$SHL	r5,r5,r7		# d<<=i
-	or	r3,r3,r8		# h = (h<<i)|(l>>(BN_BITS2-i))
-	$SHL	r4,r4,r7		# l <<=i
-Lppcasm_div4:
-	$SHRI	r9,r5,`$BITS/2`		# r9 = dh
-					# dl will be computed when needed
-					# as it saves registers.
-	li	r6,2			#r6=2
-	mtctr	r6			#counter will be in count.
-Lppcasm_divouterloop: 
-	$SHRI	r8,r3,`$BITS/2`		#r8 = (h>>BN_BITS4)
-	$SHRI	r11,r4,`$BITS/2`	#r11= (l&BN_MASK2h)>>BN_BITS4
-					# compute here for innerloop.
-	$UCMP	0,r8,r9			# is (h>>BN_BITS4)==dh
-	bne	Lppcasm_div5		# goto Lppcasm_div5 if not
-
-	li	r8,-1
-	$CLRU	r8,r8,`$BITS/2`		#q = BN_MASK2l 
-	b	Lppcasm_div6
-Lppcasm_div5:
-	$UDIV	r8,r3,r9		#q = h/dh
-Lppcasm_div6:
-	$UMULL	r12,r9,r8		#th = q*dh
-	$CLRU	r10,r5,`$BITS/2`	#r10=dl
-	$UMULL	r6,r8,r10		#tl = q*dl
-	
-Lppcasm_divinnerloop:
-	subf	r10,r12,r3		#t = h -th
-	$SHRI	r7,r10,`$BITS/2`	#r7= (t &BN_MASK2H), sort of...
-	addic.	r7,r7,0			#test if r7 == 0. used below.
-					# now want to compute
-					# r7 = (t<<BN_BITS4)|((l&BN_MASK2h)>>BN_BITS4)
-					# the following 2 instructions do that
-	$SHLI	r7,r10,`$BITS/2`	# r7 = (t<<BN_BITS4)
-	or	r7,r7,r11		# r7|=((l&BN_MASK2h)>>BN_BITS4)
-	$UCMP	cr1,r6,r7		# compare (tl <= r7)
-	bne	Lppcasm_divinnerexit
-	ble	cr1,Lppcasm_divinnerexit
-	addi	r8,r8,-1		#q--
-	subf	r12,r9,r12		#th -=dh
-	$CLRU	r10,r5,`$BITS/2`	#r10=dl. t is no longer needed in loop.
-	subf	r6,r10,r6		#tl -=dl
-	b	Lppcasm_divinnerloop
-Lppcasm_divinnerexit:
-	$SHRI	r10,r6,`$BITS/2`	#t=(tl>>BN_BITS4)
-	$SHLI	r11,r6,`$BITS/2`	#tl=(tl<<BN_BITS4)&BN_MASK2h;
-	$UCMP	cr1,r4,r11		# compare l and tl
-	add	r12,r12,r10		# th+=t
-	bge	cr1,Lppcasm_div7	# if (l>=tl) goto Lppcasm_div7
-	addi	r12,r12,1		# th++
-Lppcasm_div7:
-	subf	r11,r11,r4		#r11=l-tl
-	$UCMP	cr1,r3,r12		#compare h and th
-	bge	cr1,Lppcasm_div8	#if (h>=th) goto Lppcasm_div8
-	addi	r8,r8,-1		# q--
-	add	r3,r5,r3		# h+=d
-Lppcasm_div8:
-	subf	r12,r12,r3		#r12 = h-th
-	$SHLI	r4,r11,`$BITS/2`	#l=(l&BN_MASK2l)<<BN_BITS4
-					# want to compute
-					# h = ((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2
-					# the following 2 instructions will do this.
-	$INSR	r11,r12,`$BITS/2`,`$BITS/2`	# r11 is the value we want rotated $BITS/2.
-	$ROTL	r3,r11,`$BITS/2`	# rotate by $BITS/2 and store in r3
-	bdz	Lppcasm_div9		#if (count==0) break ;
-	$SHLI	r0,r8,`$BITS/2`		#ret =q<<BN_BITS4
-	b	Lppcasm_divouterloop
-Lppcasm_div9:
-	or	r3,r8,r0
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,3,0
-	.long	0
-
-#
-#	NOTE:	The following label name should be changed to
-#		"bn_sqr_words" i.e. remove the first dot
-#		for the gcc compiler. This should be automatically
-#		done in the build
-#
-.align	4
-.bn_sqr_words:
-#
-#	Optimized version of bn_sqr_words
-#
-#	void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
-#
-#	r3 = r
-#	r4 = a
-#	r5 = n
-#
-#	r6 = a[i].
-#	r7,r8 = product.
-#
-#	No unrolling done here. Not performance critical.
-
-	addic.	r5,r5,0			#test r5.
-	beq	Lppcasm_sqr_adios
-	addi	r4,r4,-$BNSZ
-	addi	r3,r3,-$BNSZ
-	mtctr	r5
-Lppcasm_sqr_mainloop:	
-					#sqr(r[0],r[1],a[0]);
-	$LDU	r6,$BNSZ(r4)
-	$UMULL	r7,r6,r6
-	$UMULH  r8,r6,r6
-	$STU	r7,$BNSZ(r3)
-	$STU	r8,$BNSZ(r3)
-	bdnz-	Lppcasm_sqr_mainloop
-Lppcasm_sqr_adios:	
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,3,0
-	.long	0
-
-#
-#	NOTE:	The following label name should be changed to
-#		"bn_mul_words" i.e. remove the first dot
-#		for the gcc compiler. This should be automatically
-#		done in the build
-#
-
-.align	4	
-.bn_mul_words:
-#
-# BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-#
-# r3 = rp
-# r4 = ap
-# r5 = num
-# r6 = w
-	xor	r0,r0,r0
-	xor	r12,r12,r12		# used for carry
-	rlwinm.	r7,r5,30,2,31		# num >> 2
-	beq	Lppcasm_mw_REM
-	mtctr	r7
-Lppcasm_mw_LOOP:	
-					#mul(rp[0],ap[0],w,c1);
-	$LD	r8,`0*$BNSZ`(r4)
-	$UMULL	r9,r6,r8
-	$UMULH  r10,r6,r8
-	addc	r9,r9,r12
-	#addze	r10,r10			#carry is NOT ignored.
-					#will be taken care of
-					#in second spin below
-					#using adde.
-	$ST	r9,`0*$BNSZ`(r3)
-					#mul(rp[1],ap[1],w,c1);
-	$LD	r8,`1*$BNSZ`(r4)	
-	$UMULL	r11,r6,r8
-	$UMULH  r12,r6,r8
-	adde	r11,r11,r10
-	#addze	r12,r12
-	$ST	r11,`1*$BNSZ`(r3)
-					#mul(rp[2],ap[2],w,c1);
-	$LD	r8,`2*$BNSZ`(r4)
-	$UMULL	r9,r6,r8
-	$UMULH  r10,r6,r8
-	adde	r9,r9,r12
-	#addze	r10,r10
-	$ST	r9,`2*$BNSZ`(r3)
-					#mul_add(rp[3],ap[3],w,c1);
-	$LD	r8,`3*$BNSZ`(r4)
-	$UMULL	r11,r6,r8
-	$UMULH  r12,r6,r8
-	adde	r11,r11,r10
-	addze	r12,r12			#this spin we collect carry into
-					#r12
-	$ST	r11,`3*$BNSZ`(r3)
-	
-	addi	r3,r3,`4*$BNSZ`
-	addi	r4,r4,`4*$BNSZ`
-	bdnz-	Lppcasm_mw_LOOP
-
-Lppcasm_mw_REM:
-	andi.	r5,r5,0x3
-	beq	Lppcasm_mw_OVER
-					#mul(rp[0],ap[0],w,c1);
-	$LD	r8,`0*$BNSZ`(r4)
-	$UMULL	r9,r6,r8
-	$UMULH  r10,r6,r8
-	addc	r9,r9,r12
-	addze	r10,r10
-	$ST	r9,`0*$BNSZ`(r3)
-	addi	r12,r10,0
-	
-	addi	r5,r5,-1
-	cmpli	0,0,r5,0
-	beq	Lppcasm_mw_OVER
-
-	
-					#mul(rp[1],ap[1],w,c1);
-	$LD	r8,`1*$BNSZ`(r4)	
-	$UMULL	r9,r6,r8
-	$UMULH  r10,r6,r8
-	addc	r9,r9,r12
-	addze	r10,r10
-	$ST	r9,`1*$BNSZ`(r3)
-	addi	r12,r10,0
-	
-	addi	r5,r5,-1
-	cmpli	0,0,r5,0
-	beq	Lppcasm_mw_OVER
-	
-					#mul_add(rp[2],ap[2],w,c1);
-	$LD	r8,`2*$BNSZ`(r4)
-	$UMULL	r9,r6,r8
-	$UMULH  r10,r6,r8
-	addc	r9,r9,r12
-	addze	r10,r10
-	$ST	r9,`2*$BNSZ`(r3)
-	addi	r12,r10,0
-		
-Lppcasm_mw_OVER:	
-	addi	r3,r12,0
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,4,0
-	.long	0
-
-#
-#	NOTE:	The following label name should be changed to
-#		"bn_mul_add_words" i.e. remove the first dot
-#		for the gcc compiler. This should be automatically
-#		done in the build
-#
-
-.align	4
-.bn_mul_add_words:
-#
-# BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-#
-# r3 = rp
-# r4 = ap
-# r5 = num
-# r6 = w
-#
-# empirical evidence suggests that unrolled version performs best!!
-#
-	xor	r0,r0,r0		#r0 = 0
-	xor	r12,r12,r12  		#r12 = 0 . used for carry		
-	rlwinm.	r7,r5,30,2,31		# num >> 2
-	beq	Lppcasm_maw_leftover	# if (num < 4) go LPPCASM_maw_leftover
-	mtctr	r7
-Lppcasm_maw_mainloop:	
-					#mul_add(rp[0],ap[0],w,c1);
-	$LD	r8,`0*$BNSZ`(r4)
-	$LD	r11,`0*$BNSZ`(r3)
-	$UMULL	r9,r6,r8
-	$UMULH  r10,r6,r8
-	addc	r9,r9,r12		#r12 is carry.
-	addze	r10,r10
-	addc	r9,r9,r11
-	#addze	r10,r10
-					#the above instruction addze
-					#is NOT needed. Carry will NOT
-					#be ignored. It's not affected
-					#by multiply and will be collected
-					#in the next spin
-	$ST	r9,`0*$BNSZ`(r3)
-	
-					#mul_add(rp[1],ap[1],w,c1);
-	$LD	r8,`1*$BNSZ`(r4)	
-	$LD	r9,`1*$BNSZ`(r3)
-	$UMULL	r11,r6,r8
-	$UMULH  r12,r6,r8
-	adde	r11,r11,r10		#r10 is carry.
-	addze	r12,r12
-	addc	r11,r11,r9
-	#addze	r12,r12
-	$ST	r11,`1*$BNSZ`(r3)
-	
-					#mul_add(rp[2],ap[2],w,c1);
-	$LD	r8,`2*$BNSZ`(r4)
-	$UMULL	r9,r6,r8
-	$LD	r11,`2*$BNSZ`(r3)
-	$UMULH  r10,r6,r8
-	adde	r9,r9,r12
-	addze	r10,r10
-	addc	r9,r9,r11
-	#addze	r10,r10
-	$ST	r9,`2*$BNSZ`(r3)
-	
-					#mul_add(rp[3],ap[3],w,c1);
-	$LD	r8,`3*$BNSZ`(r4)
-	$UMULL	r11,r6,r8
-	$LD	r9,`3*$BNSZ`(r3)
-	$UMULH  r12,r6,r8
-	adde	r11,r11,r10
-	addze	r12,r12
-	addc	r11,r11,r9
-	addze	r12,r12
-	$ST	r11,`3*$BNSZ`(r3)
-	addi	r3,r3,`4*$BNSZ`
-	addi	r4,r4,`4*$BNSZ`
-	bdnz-	Lppcasm_maw_mainloop
-	
-Lppcasm_maw_leftover:
-	andi.	r5,r5,0x3
-	beq	Lppcasm_maw_adios
-	addi	r3,r3,-$BNSZ
-	addi	r4,r4,-$BNSZ
-					#mul_add(rp[0],ap[0],w,c1);
-	mtctr	r5
-	$LDU	r8,$BNSZ(r4)
-	$UMULL	r9,r6,r8
-	$UMULH  r10,r6,r8
-	$LDU	r11,$BNSZ(r3)
-	addc	r9,r9,r11
-	addze	r10,r10
-	addc	r9,r9,r12
-	addze	r12,r10
-	$ST	r9,0(r3)
-	
-	bdz	Lppcasm_maw_adios
-					#mul_add(rp[1],ap[1],w,c1);
-	$LDU	r8,$BNSZ(r4)	
-	$UMULL	r9,r6,r8
-	$UMULH  r10,r6,r8
-	$LDU	r11,$BNSZ(r3)
-	addc	r9,r9,r11
-	addze	r10,r10
-	addc	r9,r9,r12
-	addze	r12,r10
-	$ST	r9,0(r3)
-	
-	bdz	Lppcasm_maw_adios
-					#mul_add(rp[2],ap[2],w,c1);
-	$LDU	r8,$BNSZ(r4)
-	$UMULL	r9,r6,r8
-	$UMULH  r10,r6,r8
-	$LDU	r11,$BNSZ(r3)
-	addc	r9,r9,r11
-	addze	r10,r10
-	addc	r9,r9,r12
-	addze	r12,r10
-	$ST	r9,0(r3)
-		
-Lppcasm_maw_adios:	
-	addi	r3,r12,0
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,4,0
-	.long	0
-	.align	4
-EOF
-$data =~ s/\`([^\`]*)\`/eval $1/gem;
-print $data;
-close STDOUT;
diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl
deleted file mode 100644
index a14e769ad0..0000000000
--- a/crypto/bn/asm/ppc64-mont.pl
+++ /dev/null
@@ -1,1088 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# December 2007
-
-# The reason for undertaken effort is basically following. Even though
-# Power 6 CPU operates at incredible 4.7GHz clock frequency, its PKI
-# performance was observed to be less than impressive, essentially as
-# fast as 1.8GHz PPC970, or 2.6 times(!) slower than one would hope.
-# Well, it's not surprising that IBM had to make some sacrifices to
-# boost the clock frequency that much, but no overall improvement?
-# Having observed how much difference did switching to FPU make on
-# UltraSPARC, playing same stunt on Power 6 appeared appropriate...
-# Unfortunately the resulting performance improvement is not as
-# impressive, ~30%, and in absolute terms is still very far from what
-# one would expect from 4.7GHz CPU. There is a chance that I'm doing
-# something wrong, but in the lack of assembler level micro-profiling
-# data or at least decent platform guide I can't tell... Or better
-# results might be achieved with VMX... Anyway, this module provides
-# *worse* performance on other PowerPC implementations, ~40-15% slower
-# on PPC970 depending on key length and ~40% slower on Power 5 for all
-# key lengths. As it's obviously inappropriate as "best all-round"
-# alternative, it has to be complemented with run-time CPU family
-# detection. Oh! It should also be noted that unlike other PowerPC
-# implementation IALU ppc-mont.pl module performs *suboptimaly* on
-# >=1024-bit key lengths on Power 6. It should also be noted that
-# *everything* said so far applies to 64-bit builds! As far as 32-bit
-# application executed on 64-bit CPU goes, this module is likely to
-# become preferred choice, because it's easy to adapt it for such
-# case and *is* faster than 32-bit ppc-mont.pl on *all* processors.
-
-# February 2008
-
-# Micro-profiling assisted optimization results in ~15% improvement
-# over original ppc64-mont.pl version, or overall ~50% improvement
-# over ppc.pl module on Power 6. If compared to ppc-mont.pl on same
-# Power 6 CPU, this module is 5-150% faster depending on key length,
-# [hereafter] more for longer keys. But if compared to ppc-mont.pl
-# on 1.8GHz PPC970, it's only 5-55% faster. Still far from impressive
-# in absolute terms, but it's apparently the way Power 6 is...
-
-# December 2009
-
-# Adapted for 32-bit build this module delivers 25-120%, yes, more
-# than *twice* for longer keys, performance improvement over 32-bit
-# ppc-mont.pl on 1.8GHz PPC970. However! This implementation utilizes
-# even 64-bit integer operations and the trouble is that most PPC
-# operating systems don't preserve upper halves of general purpose
-# registers upon 32-bit signal delivery. They do preserve them upon
-# context switch, but not signalling:-( This means that asynchronous
-# signals have to be blocked upon entry to this subroutine. Signal
-# masking (and of course complementary unmasking) has quite an impact
-# on performance, naturally larger for shorter keys. It's so severe
-# that 512-bit key performance can be as low as 1/3 of expected one.
-# This is why this routine can be engaged for longer key operations
-# only on these OSes, see crypto/ppccap.c for further details. MacOS X
-# is an exception from this and doesn't require signal masking, and
-# that's where above improvement coefficients were collected. For
-# others alternative would be to break dependence on upper halves of
-# GPRs by sticking to 32-bit integer operations...
-
-$flavour = shift;
-
-if ($flavour =~ /32/) {
-	$SIZE_T=4;
-	$RZONE=	224;
-	$fname=	"bn_mul_mont_fpu64";
-
-	$STUX=	"stwux";	# store indexed and update
-	$PUSH=	"stw";
-	$POP=	"lwz";
-} elsif ($flavour =~ /64/) {
-	$SIZE_T=8;
-	$RZONE=	288;
-	$fname=	"bn_mul_mont_fpu64";
-
-	# same as above, but 64-bit mnemonics...
-	$STUX=	"stdux";	# store indexed and update
-	$PUSH=	"std";
-	$POP=	"ld";
-} else { die "nonsense $flavour"; }
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
-die "can't locate ppc-xlate.pl";
-
-open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
-
-$FRAME=64;	# padded frame header
-$TRANSFER=16*8;
-
-$carry="r0";
-$sp="r1";
-$toc="r2";
-$rp="r3";	$ovf="r3";
-$ap="r4";
-$bp="r5";
-$np="r6";
-$n0="r7";
-$num="r8";
-$rp="r9";	# $rp is reassigned
-$tp="r10";
-$j="r11";
-$i="r12";
-# non-volatile registers
-$nap_d="r22";	# interleaved ap and np in double format
-$a0="r23";	# ap[0]
-$t0="r24";	# temporary registers
-$t1="r25";
-$t2="r26";
-$t3="r27";
-$t4="r28";
-$t5="r29";
-$t6="r30";
-$t7="r31";
-
-# PPC offers enough register bank capacity to unroll inner loops twice
-#
-#     ..A3A2A1A0
-#           dcba
-#    -----------
-#            A0a
-#           A0b
-#          A0c
-#         A0d
-#          A1a
-#         A1b
-#        A1c
-#       A1d
-#        A2a
-#       A2b
-#      A2c
-#     A2d
-#      A3a
-#     A3b
-#    A3c
-#   A3d
-#    ..a
-#   ..b
-#
-$ba="f0";	$bb="f1";	$bc="f2";	$bd="f3";
-$na="f4";	$nb="f5";	$nc="f6";	$nd="f7";
-$dota="f8";	$dotb="f9";
-$A0="f10";	$A1="f11";	$A2="f12";	$A3="f13";
-$N0="f20";	$N1="f21";	$N2="f22";	$N3="f23";
-$T0a="f24";	$T0b="f25";
-$T1a="f26";	$T1b="f27";
-$T2a="f28";	$T2b="f29";
-$T3a="f30";	$T3b="f31";
-
-# sp----------->+-------------------------------+
-#		| saved sp			|
-#		+-------------------------------+
-#		.				.
-#   +64		+-------------------------------+
-#		| 16 gpr<->fpr transfer zone	|
-#		.				.
-#		.				.
-#   +16*8	+-------------------------------+
-#		| __int64 tmp[-1]		|
-#		+-------------------------------+
-#		| __int64 tmp[num]		|
-#		.				.
-#		.				.
-#		.				.
-#   +(num+1)*8	+-------------------------------+
-#		| padding to 64 byte boundary	|
-#		.				.
-#   +X		+-------------------------------+
-#		| double nap_d[4*num]		|
-#		.				.
-#		.				.
-#		.				.
-#		+-------------------------------+
-#		.				.
-#   -12*size_t	+-------------------------------+
-#		| 10 saved gpr, r22-r31		|
-#		.				.
-#		.				.
-#   -12*8	+-------------------------------+
-#		| 12 saved fpr, f20-f31		|
-#		.				.
-#		.				.
-#		+-------------------------------+
-
-$code=<<___;
-.machine "any"
-.text
-
-.globl	.$fname
-.align	5
-.$fname:
-	cmpwi	$num,`3*8/$SIZE_T`
-	mr	$rp,r3		; $rp is reassigned
-	li	r3,0		; possible "not handled" return code
-	bltlr-
-	andi.	r0,$num,`16/$SIZE_T-1`		; $num has to be "even"
-	bnelr-
-
-	slwi	$num,$num,`log($SIZE_T)/log(2)`	; num*=sizeof(BN_LONG)
-	li	$i,-4096
-	slwi	$tp,$num,2	; place for {an}p_{lh}[num], i.e. 4*num
-	add	$tp,$tp,$num	; place for tp[num+1]
-	addi	$tp,$tp,`$FRAME+$TRANSFER+8+64+$RZONE`
-	subf	$tp,$tp,$sp	; $sp-$tp
-	and	$tp,$tp,$i	; minimize TLB usage
-	subf	$tp,$sp,$tp	; $tp-$sp
-	mr	$i,$sp
-	$STUX	$sp,$sp,$tp	; alloca
-
-	$PUSH	r22,`-12*8-10*$SIZE_T`($i)
-	$PUSH	r23,`-12*8-9*$SIZE_T`($i)
-	$PUSH	r24,`-12*8-8*$SIZE_T`($i)
-	$PUSH	r25,`-12*8-7*$SIZE_T`($i)
-	$PUSH	r26,`-12*8-6*$SIZE_T`($i)
-	$PUSH	r27,`-12*8-5*$SIZE_T`($i)
-	$PUSH	r28,`-12*8-4*$SIZE_T`($i)
-	$PUSH	r29,`-12*8-3*$SIZE_T`($i)
-	$PUSH	r30,`-12*8-2*$SIZE_T`($i)
-	$PUSH	r31,`-12*8-1*$SIZE_T`($i)
-	stfd	f20,`-12*8`($i)
-	stfd	f21,`-11*8`($i)
-	stfd	f22,`-10*8`($i)
-	stfd	f23,`-9*8`($i)
-	stfd	f24,`-8*8`($i)
-	stfd	f25,`-7*8`($i)
-	stfd	f26,`-6*8`($i)
-	stfd	f27,`-5*8`($i)
-	stfd	f28,`-4*8`($i)
-	stfd	f29,`-3*8`($i)
-	stfd	f30,`-2*8`($i)
-	stfd	f31,`-1*8`($i)
-___
-$code.=<<___ if ($SIZE_T==8);
-	ld	$a0,0($ap)	; pull ap[0] value
-	ld	$n0,0($n0)	; pull n0[0] value
-	ld	$t3,0($bp)	; bp[0]
-___
-$code.=<<___ if ($SIZE_T==4);
-	mr	$t1,$n0
-	lwz	$a0,0($ap)	; pull ap[0,1] value
-	lwz	$t0,4($ap)
-	lwz	$n0,0($t1)	; pull n0[0,1] value
-	lwz	$t1,4($t1)
-	lwz	$t3,0($bp)	; bp[0,1]
-	lwz	$t2,4($bp)
-	insrdi	$a0,$t0,32,0
-	insrdi	$n0,$t1,32,0
-	insrdi	$t3,$t2,32,0
-___
-$code.=<<___;
-	addi	$tp,$sp,`$FRAME+$TRANSFER+8+64`
-	li	$i,-64
-	add	$nap_d,$tp,$num
-	and	$nap_d,$nap_d,$i	; align to 64 bytes
-
-	mulld	$t7,$a0,$t3	; ap[0]*bp[0]
-	; nap_d is off by 1, because it's used with stfdu/lfdu
-	addi	$nap_d,$nap_d,-8
-	srwi	$j,$num,`3+1`	; counter register, num/2
-	mulld	$t7,$t7,$n0	; tp[0]*n0
-	addi	$j,$j,-1
-	addi	$tp,$sp,`$FRAME+$TRANSFER-8`
-	li	$carry,0
-	mtctr	$j
-
-	; transfer bp[0] to FPU as 4x16-bit values
-	extrdi	$t0,$t3,16,48
-	extrdi	$t1,$t3,16,32
-	extrdi	$t2,$t3,16,16
-	extrdi	$t3,$t3,16,0
-	std	$t0,`$FRAME+0`($sp)
-	std	$t1,`$FRAME+8`($sp)
-	std	$t2,`$FRAME+16`($sp)
-	std	$t3,`$FRAME+24`($sp)
-	; transfer (ap[0]*bp[0])*n0 to FPU as 4x16-bit values
-	extrdi	$t4,$t7,16,48
-	extrdi	$t5,$t7,16,32
-	extrdi	$t6,$t7,16,16
-	extrdi	$t7,$t7,16,0
-	std	$t4,`$FRAME+32`($sp)
-	std	$t5,`$FRAME+40`($sp)
-	std	$t6,`$FRAME+48`($sp)
-	std	$t7,`$FRAME+56`($sp)
-___
-$code.=<<___ if ($SIZE_T==8);
-	lwz	$t0,4($ap)		; load a[j] as 32-bit word pair
-	lwz	$t1,0($ap)
-	lwz	$t2,12($ap)		; load a[j+1] as 32-bit word pair
-	lwz	$t3,8($ap)
-	lwz	$t4,4($np)		; load n[j] as 32-bit word pair
-	lwz	$t5,0($np)
-	lwz	$t6,12($np)		; load n[j+1] as 32-bit word pair
-	lwz	$t7,8($np)
-___
-$code.=<<___ if ($SIZE_T==4);
-	lwz	$t0,0($ap)		; load a[j..j+3] as 32-bit word pairs
-	lwz	$t1,4($ap)
-	lwz	$t2,8($ap)
-	lwz	$t3,12($ap)
-	lwz	$t4,0($np)		; load n[j..j+3] as 32-bit word pairs
-	lwz	$t5,4($np)
-	lwz	$t6,8($np)
-	lwz	$t7,12($np)
-___
-$code.=<<___;
-	lfd	$ba,`$FRAME+0`($sp)
-	lfd	$bb,`$FRAME+8`($sp)
-	lfd	$bc,`$FRAME+16`($sp)
-	lfd	$bd,`$FRAME+24`($sp)
-	lfd	$na,`$FRAME+32`($sp)
-	lfd	$nb,`$FRAME+40`($sp)
-	lfd	$nc,`$FRAME+48`($sp)
-	lfd	$nd,`$FRAME+56`($sp)
-	std	$t0,`$FRAME+64`($sp)
-	std	$t1,`$FRAME+72`($sp)
-	std	$t2,`$FRAME+80`($sp)
-	std	$t3,`$FRAME+88`($sp)
-	std	$t4,`$FRAME+96`($sp)
-	std	$t5,`$FRAME+104`($sp)
-	std	$t6,`$FRAME+112`($sp)
-	std	$t7,`$FRAME+120`($sp)
-	fcfid	$ba,$ba
-	fcfid	$bb,$bb
-	fcfid	$bc,$bc
-	fcfid	$bd,$bd
-	fcfid	$na,$na
-	fcfid	$nb,$nb
-	fcfid	$nc,$nc
-	fcfid	$nd,$nd
-
-	lfd	$A0,`$FRAME+64`($sp)
-	lfd	$A1,`$FRAME+72`($sp)
-	lfd	$A2,`$FRAME+80`($sp)
-	lfd	$A3,`$FRAME+88`($sp)
-	lfd	$N0,`$FRAME+96`($sp)
-	lfd	$N1,`$FRAME+104`($sp)
-	lfd	$N2,`$FRAME+112`($sp)
-	lfd	$N3,`$FRAME+120`($sp)
-	fcfid	$A0,$A0
-	fcfid	$A1,$A1
-	fcfid	$A2,$A2
-	fcfid	$A3,$A3
-	fcfid	$N0,$N0
-	fcfid	$N1,$N1
-	fcfid	$N2,$N2
-	fcfid	$N3,$N3
-	addi	$ap,$ap,16
-	addi	$np,$np,16
-
-	fmul	$T1a,$A1,$ba
-	fmul	$T1b,$A1,$bb
-	stfd	$A0,8($nap_d)		; save a[j] in double format
-	stfd	$A1,16($nap_d)
-	fmul	$T2a,$A2,$ba
-	fmul	$T2b,$A2,$bb
-	stfd	$A2,24($nap_d)		; save a[j+1] in double format
-	stfd	$A3,32($nap_d)
-	fmul	$T3a,$A3,$ba
-	fmul	$T3b,$A3,$bb
-	stfd	$N0,40($nap_d)		; save n[j] in double format
-	stfd	$N1,48($nap_d)
-	fmul	$T0a,$A0,$ba
-	fmul	$T0b,$A0,$bb
-	stfd	$N2,56($nap_d)		; save n[j+1] in double format
-	stfdu	$N3,64($nap_d)
-
-	fmadd	$T1a,$A0,$bc,$T1a
-	fmadd	$T1b,$A0,$bd,$T1b
-	fmadd	$T2a,$A1,$bc,$T2a
-	fmadd	$T2b,$A1,$bd,$T2b
-	fmadd	$T3a,$A2,$bc,$T3a
-	fmadd	$T3b,$A2,$bd,$T3b
-	fmul	$dota,$A3,$bc
-	fmul	$dotb,$A3,$bd
-
-	fmadd	$T1a,$N1,$na,$T1a
-	fmadd	$T1b,$N1,$nb,$T1b
-	fmadd	$T2a,$N2,$na,$T2a
-	fmadd	$T2b,$N2,$nb,$T2b
-	fmadd	$T3a,$N3,$na,$T3a
-	fmadd	$T3b,$N3,$nb,$T3b
-	fmadd	$T0a,$N0,$na,$T0a
-	fmadd	$T0b,$N0,$nb,$T0b
-
-	fmadd	$T1a,$N0,$nc,$T1a
-	fmadd	$T1b,$N0,$nd,$T1b
-	fmadd	$T2a,$N1,$nc,$T2a
-	fmadd	$T2b,$N1,$nd,$T2b
-	fmadd	$T3a,$N2,$nc,$T3a
-	fmadd	$T3b,$N2,$nd,$T3b
-	fmadd	$dota,$N3,$nc,$dota
-	fmadd	$dotb,$N3,$nd,$dotb
-
-	fctid	$T0a,$T0a
-	fctid	$T0b,$T0b
-	fctid	$T1a,$T1a
-	fctid	$T1b,$T1b
-	fctid	$T2a,$T2a
-	fctid	$T2b,$T2b
-	fctid	$T3a,$T3a
-	fctid	$T3b,$T3b
-
-	stfd	$T0a,`$FRAME+0`($sp)
-	stfd	$T0b,`$FRAME+8`($sp)
-	stfd	$T1a,`$FRAME+16`($sp)
-	stfd	$T1b,`$FRAME+24`($sp)
-	stfd	$T2a,`$FRAME+32`($sp)
-	stfd	$T2b,`$FRAME+40`($sp)
-	stfd	$T3a,`$FRAME+48`($sp)
-	stfd	$T3b,`$FRAME+56`($sp)
-
-.align	5
-L1st:
-___
-$code.=<<___ if ($SIZE_T==8);
-	lwz	$t0,4($ap)		; load a[j] as 32-bit word pair
-	lwz	$t1,0($ap)
-	lwz	$t2,12($ap)		; load a[j+1] as 32-bit word pair
-	lwz	$t3,8($ap)
-	lwz	$t4,4($np)		; load n[j] as 32-bit word pair
-	lwz	$t5,0($np)
-	lwz	$t6,12($np)		; load n[j+1] as 32-bit word pair
-	lwz	$t7,8($np)
-___
-$code.=<<___ if ($SIZE_T==4);
-	lwz	$t0,0($ap)		; load a[j..j+3] as 32-bit word pairs
-	lwz	$t1,4($ap)
-	lwz	$t2,8($ap)
-	lwz	$t3,12($ap)
-	lwz	$t4,0($np)		; load n[j..j+3] as 32-bit word pairs
-	lwz	$t5,4($np)
-	lwz	$t6,8($np)
-	lwz	$t7,12($np)
-___
-$code.=<<___;
-	std	$t0,`$FRAME+64`($sp)
-	std	$t1,`$FRAME+72`($sp)
-	std	$t2,`$FRAME+80`($sp)
-	std	$t3,`$FRAME+88`($sp)
-	std	$t4,`$FRAME+96`($sp)
-	std	$t5,`$FRAME+104`($sp)
-	std	$t6,`$FRAME+112`($sp)
-	std	$t7,`$FRAME+120`($sp)
-	ld	$t0,`$FRAME+0`($sp)
-	ld	$t1,`$FRAME+8`($sp)
-	ld	$t2,`$FRAME+16`($sp)
-	ld	$t3,`$FRAME+24`($sp)
-	ld	$t4,`$FRAME+32`($sp)
-	ld	$t5,`$FRAME+40`($sp)
-	ld	$t6,`$FRAME+48`($sp)
-	ld	$t7,`$FRAME+56`($sp)
-	lfd	$A0,`$FRAME+64`($sp)
-	lfd	$A1,`$FRAME+72`($sp)
-	lfd	$A2,`$FRAME+80`($sp)
-	lfd	$A3,`$FRAME+88`($sp)
-	lfd	$N0,`$FRAME+96`($sp)
-	lfd	$N1,`$FRAME+104`($sp)
-	lfd	$N2,`$FRAME+112`($sp)
-	lfd	$N3,`$FRAME+120`($sp)
-	fcfid	$A0,$A0
-	fcfid	$A1,$A1
-	fcfid	$A2,$A2
-	fcfid	$A3,$A3
-	fcfid	$N0,$N0
-	fcfid	$N1,$N1
-	fcfid	$N2,$N2
-	fcfid	$N3,$N3
-	addi	$ap,$ap,16
-	addi	$np,$np,16
-
-	fmul	$T1a,$A1,$ba
-	fmul	$T1b,$A1,$bb
-	fmul	$T2a,$A2,$ba
-	fmul	$T2b,$A2,$bb
-	stfd	$A0,8($nap_d)		; save a[j] in double format
-	stfd	$A1,16($nap_d)
-	fmul	$T3a,$A3,$ba
-	fmul	$T3b,$A3,$bb
-	fmadd	$T0a,$A0,$ba,$dota
-	fmadd	$T0b,$A0,$bb,$dotb
-	stfd	$A2,24($nap_d)		; save a[j+1] in double format
-	stfd	$A3,32($nap_d)
-
-	fmadd	$T1a,$A0,$bc,$T1a
-	fmadd	$T1b,$A0,$bd,$T1b
-	fmadd	$T2a,$A1,$bc,$T2a
-	fmadd	$T2b,$A1,$bd,$T2b
-	stfd	$N0,40($nap_d)		; save n[j] in double format
-	stfd	$N1,48($nap_d)
-	fmadd	$T3a,$A2,$bc,$T3a
-	fmadd	$T3b,$A2,$bd,$T3b
-	 add	$t0,$t0,$carry		; can not overflow
-	fmul	$dota,$A3,$bc
-	fmul	$dotb,$A3,$bd
-	stfd	$N2,56($nap_d)		; save n[j+1] in double format
-	stfdu	$N3,64($nap_d)
-	 srdi	$carry,$t0,16
-	 add	$t1,$t1,$carry
-	 srdi	$carry,$t1,16
-
-	fmadd	$T1a,$N1,$na,$T1a
-	fmadd	$T1b,$N1,$nb,$T1b
-	 insrdi	$t0,$t1,16,32
-	fmadd	$T2a,$N2,$na,$T2a
-	fmadd	$T2b,$N2,$nb,$T2b
-	 add	$t2,$t2,$carry
-	fmadd	$T3a,$N3,$na,$T3a
-	fmadd	$T3b,$N3,$nb,$T3b
-	 srdi	$carry,$t2,16
-	fmadd	$T0a,$N0,$na,$T0a
-	fmadd	$T0b,$N0,$nb,$T0b
-	 insrdi	$t0,$t2,16,16
-	 add	$t3,$t3,$carry
-	 srdi	$carry,$t3,16
-
-	fmadd	$T1a,$N0,$nc,$T1a
-	fmadd	$T1b,$N0,$nd,$T1b
-	 insrdi	$t0,$t3,16,0		; 0..63 bits
-	fmadd	$T2a,$N1,$nc,$T2a
-	fmadd	$T2b,$N1,$nd,$T2b
-	 add	$t4,$t4,$carry
-	fmadd	$T3a,$N2,$nc,$T3a
-	fmadd	$T3b,$N2,$nd,$T3b
-	 srdi	$carry,$t4,16
-	fmadd	$dota,$N3,$nc,$dota
-	fmadd	$dotb,$N3,$nd,$dotb
-	 add	$t5,$t5,$carry
-	 srdi	$carry,$t5,16
-	 insrdi	$t4,$t5,16,32
-
-	fctid	$T0a,$T0a
-	fctid	$T0b,$T0b
-	 add	$t6,$t6,$carry
-	fctid	$T1a,$T1a
-	fctid	$T1b,$T1b
-	 srdi	$carry,$t6,16
-	fctid	$T2a,$T2a
-	fctid	$T2b,$T2b
-	 insrdi	$t4,$t6,16,16
-	fctid	$T3a,$T3a
-	fctid	$T3b,$T3b
-	 add	$t7,$t7,$carry
-	 insrdi	$t4,$t7,16,0		; 64..127 bits
-	 srdi	$carry,$t7,16		; upper 33 bits
-
-	stfd	$T0a,`$FRAME+0`($sp)
-	stfd	$T0b,`$FRAME+8`($sp)
-	stfd	$T1a,`$FRAME+16`($sp)
-	stfd	$T1b,`$FRAME+24`($sp)
-	stfd	$T2a,`$FRAME+32`($sp)
-	stfd	$T2b,`$FRAME+40`($sp)
-	stfd	$T3a,`$FRAME+48`($sp)
-	stfd	$T3b,`$FRAME+56`($sp)
-	 std	$t0,8($tp)		; tp[j-1]
-	 stdu	$t4,16($tp)		; tp[j]
-	bdnz-	L1st
-
-	fctid	$dota,$dota
-	fctid	$dotb,$dotb
-
-	ld	$t0,`$FRAME+0`($sp)
-	ld	$t1,`$FRAME+8`($sp)
-	ld	$t2,`$FRAME+16`($sp)
-	ld	$t3,`$FRAME+24`($sp)
-	ld	$t4,`$FRAME+32`($sp)
-	ld	$t5,`$FRAME+40`($sp)
-	ld	$t6,`$FRAME+48`($sp)
-	ld	$t7,`$FRAME+56`($sp)
-	stfd	$dota,`$FRAME+64`($sp)
-	stfd	$dotb,`$FRAME+72`($sp)
-
-	add	$t0,$t0,$carry		; can not overflow
-	srdi	$carry,$t0,16
-	add	$t1,$t1,$carry
-	srdi	$carry,$t1,16
-	insrdi	$t0,$t1,16,32
-	add	$t2,$t2,$carry
-	srdi	$carry,$t2,16
-	insrdi	$t0,$t2,16,16
-	add	$t3,$t3,$carry
-	srdi	$carry,$t3,16
-	insrdi	$t0,$t3,16,0		; 0..63 bits
-	add	$t4,$t4,$carry
-	srdi	$carry,$t4,16
-	add	$t5,$t5,$carry
-	srdi	$carry,$t5,16
-	insrdi	$t4,$t5,16,32
-	add	$t6,$t6,$carry
-	srdi	$carry,$t6,16
-	insrdi	$t4,$t6,16,16
-	add	$t7,$t7,$carry
-	insrdi	$t4,$t7,16,0		; 64..127 bits
-	srdi	$carry,$t7,16		; upper 33 bits
-	ld	$t6,`$FRAME+64`($sp)
-	ld	$t7,`$FRAME+72`($sp)
-
-	std	$t0,8($tp)		; tp[j-1]
-	stdu	$t4,16($tp)		; tp[j]
-
-	add	$t6,$t6,$carry		; can not overflow
-	srdi	$carry,$t6,16
-	add	$t7,$t7,$carry
-	insrdi	$t6,$t7,48,0
-	srdi	$ovf,$t7,48
-	std	$t6,8($tp)		; tp[num-1]
-
-	slwi	$t7,$num,2
-	subf	$nap_d,$t7,$nap_d	; rewind pointer
-
-	li	$i,8			; i=1
-.align	5
-Louter:
-___
-$code.=<<___ if ($SIZE_T==8);
-	ldx	$t3,$bp,$i	; bp[i]
-___
-$code.=<<___ if ($SIZE_T==4);
-	add	$t0,$bp,$i
-	lwz	$t3,0($t0)		; bp[i,i+1]
-	lwz	$t0,4($t0)
-	insrdi	$t3,$t0,32,0
-___
-$code.=<<___;
-	ld	$t6,`$FRAME+$TRANSFER+8`($sp)	; tp[0]
-	mulld	$t7,$a0,$t3	; ap[0]*bp[i]
-
-	addi	$tp,$sp,`$FRAME+$TRANSFER`
-	add	$t7,$t7,$t6	; ap[0]*bp[i]+tp[0]
-	li	$carry,0
-	mulld	$t7,$t7,$n0	; tp[0]*n0
-	mtctr	$j
-
-	; transfer bp[i] to FPU as 4x16-bit values
-	extrdi	$t0,$t3,16,48
-	extrdi	$t1,$t3,16,32
-	extrdi	$t2,$t3,16,16
-	extrdi	$t3,$t3,16,0
-	std	$t0,`$FRAME+0`($sp)
-	std	$t1,`$FRAME+8`($sp)
-	std	$t2,`$FRAME+16`($sp)
-	std	$t3,`$FRAME+24`($sp)
-	; transfer (ap[0]*bp[i]+tp[0])*n0 to FPU as 4x16-bit values
-	extrdi	$t4,$t7,16,48
-	extrdi	$t5,$t7,16,32
-	extrdi	$t6,$t7,16,16
-	extrdi	$t7,$t7,16,0
-	std	$t4,`$FRAME+32`($sp)
-	std	$t5,`$FRAME+40`($sp)
-	std	$t6,`$FRAME+48`($sp)
-	std	$t7,`$FRAME+56`($sp)
-
-	lfd	$A0,8($nap_d)		; load a[j] in double format
-	lfd	$A1,16($nap_d)
-	lfd	$A2,24($nap_d)		; load a[j+1] in double format
-	lfd	$A3,32($nap_d)
-	lfd	$N0,40($nap_d)		; load n[j] in double format
-	lfd	$N1,48($nap_d)
-	lfd	$N2,56($nap_d)		; load n[j+1] in double format
-	lfdu	$N3,64($nap_d)
-
-	lfd	$ba,`$FRAME+0`($sp)
-	lfd	$bb,`$FRAME+8`($sp)
-	lfd	$bc,`$FRAME+16`($sp)
-	lfd	$bd,`$FRAME+24`($sp)
-	lfd	$na,`$FRAME+32`($sp)
-	lfd	$nb,`$FRAME+40`($sp)
-	lfd	$nc,`$FRAME+48`($sp)
-	lfd	$nd,`$FRAME+56`($sp)
-
-	fcfid	$ba,$ba
-	fcfid	$bb,$bb
-	fcfid	$bc,$bc
-	fcfid	$bd,$bd
-	fcfid	$na,$na
-	fcfid	$nb,$nb
-	fcfid	$nc,$nc
-	fcfid	$nd,$nd
-
-	fmul	$T1a,$A1,$ba
-	fmul	$T1b,$A1,$bb
-	fmul	$T2a,$A2,$ba
-	fmul	$T2b,$A2,$bb
-	fmul	$T3a,$A3,$ba
-	fmul	$T3b,$A3,$bb
-	fmul	$T0a,$A0,$ba
-	fmul	$T0b,$A0,$bb
-
-	fmadd	$T1a,$A0,$bc,$T1a
-	fmadd	$T1b,$A0,$bd,$T1b
-	fmadd	$T2a,$A1,$bc,$T2a
-	fmadd	$T2b,$A1,$bd,$T2b
-	fmadd	$T3a,$A2,$bc,$T3a
-	fmadd	$T3b,$A2,$bd,$T3b
-	fmul	$dota,$A3,$bc
-	fmul	$dotb,$A3,$bd
-
-	fmadd	$T1a,$N1,$na,$T1a
-	fmadd	$T1b,$N1,$nb,$T1b
-	 lfd	$A0,8($nap_d)		; load a[j] in double format
-	 lfd	$A1,16($nap_d)
-	fmadd	$T2a,$N2,$na,$T2a
-	fmadd	$T2b,$N2,$nb,$T2b
-	 lfd	$A2,24($nap_d)		; load a[j+1] in double format
-	 lfd	$A3,32($nap_d)
-	fmadd	$T3a,$N3,$na,$T3a
-	fmadd	$T3b,$N3,$nb,$T3b
-	fmadd	$T0a,$N0,$na,$T0a
-	fmadd	$T0b,$N0,$nb,$T0b
-
-	fmadd	$T1a,$N0,$nc,$T1a
-	fmadd	$T1b,$N0,$nd,$T1b
-	fmadd	$T2a,$N1,$nc,$T2a
-	fmadd	$T2b,$N1,$nd,$T2b
-	fmadd	$T3a,$N2,$nc,$T3a
-	fmadd	$T3b,$N2,$nd,$T3b
-	fmadd	$dota,$N3,$nc,$dota
-	fmadd	$dotb,$N3,$nd,$dotb
-
-	fctid	$T0a,$T0a
-	fctid	$T0b,$T0b
-	fctid	$T1a,$T1a
-	fctid	$T1b,$T1b
-	fctid	$T2a,$T2a
-	fctid	$T2b,$T2b
-	fctid	$T3a,$T3a
-	fctid	$T3b,$T3b
-
-	stfd	$T0a,`$FRAME+0`($sp)
-	stfd	$T0b,`$FRAME+8`($sp)
-	stfd	$T1a,`$FRAME+16`($sp)
-	stfd	$T1b,`$FRAME+24`($sp)
-	stfd	$T2a,`$FRAME+32`($sp)
-	stfd	$T2b,`$FRAME+40`($sp)
-	stfd	$T3a,`$FRAME+48`($sp)
-	stfd	$T3b,`$FRAME+56`($sp)
-
-.align	5
-Linner:
-	fmul	$T1a,$A1,$ba
-	fmul	$T1b,$A1,$bb
-	fmul	$T2a,$A2,$ba
-	fmul	$T2b,$A2,$bb
-	lfd	$N0,40($nap_d)		; load n[j] in double format
-	lfd	$N1,48($nap_d)
-	fmul	$T3a,$A3,$ba
-	fmul	$T3b,$A3,$bb
-	fmadd	$T0a,$A0,$ba,$dota
-	fmadd	$T0b,$A0,$bb,$dotb
-	lfd	$N2,56($nap_d)		; load n[j+1] in double format
-	lfdu	$N3,64($nap_d)
-
-	fmadd	$T1a,$A0,$bc,$T1a
-	fmadd	$T1b,$A0,$bd,$T1b
-	fmadd	$T2a,$A1,$bc,$T2a
-	fmadd	$T2b,$A1,$bd,$T2b
-	 lfd	$A0,8($nap_d)		; load a[j] in double format
-	 lfd	$A1,16($nap_d)
-	fmadd	$T3a,$A2,$bc,$T3a
-	fmadd	$T3b,$A2,$bd,$T3b
-	fmul	$dota,$A3,$bc
-	fmul	$dotb,$A3,$bd
-	 lfd	$A2,24($nap_d)		; load a[j+1] in double format
-	 lfd	$A3,32($nap_d)
-
-	fmadd	$T1a,$N1,$na,$T1a
-	fmadd	$T1b,$N1,$nb,$T1b
-	 ld	$t0,`$FRAME+0`($sp)
-	 ld	$t1,`$FRAME+8`($sp)
-	fmadd	$T2a,$N2,$na,$T2a
-	fmadd	$T2b,$N2,$nb,$T2b
-	 ld	$t2,`$FRAME+16`($sp)
-	 ld	$t3,`$FRAME+24`($sp)
-	fmadd	$T3a,$N3,$na,$T3a
-	fmadd	$T3b,$N3,$nb,$T3b
-	 add	$t0,$t0,$carry		; can not overflow
-	 ld	$t4,`$FRAME+32`($sp)
-	 ld	$t5,`$FRAME+40`($sp)
-	fmadd	$T0a,$N0,$na,$T0a
-	fmadd	$T0b,$N0,$nb,$T0b
-	 srdi	$carry,$t0,16
-	 add	$t1,$t1,$carry
-	 srdi	$carry,$t1,16
-	 ld	$t6,`$FRAME+48`($sp)
-	 ld	$t7,`$FRAME+56`($sp)
-
-	fmadd	$T1a,$N0,$nc,$T1a
-	fmadd	$T1b,$N0,$nd,$T1b
-	 insrdi	$t0,$t1,16,32
-	 ld	$t1,8($tp)		; tp[j]
-	fmadd	$T2a,$N1,$nc,$T2a
-	fmadd	$T2b,$N1,$nd,$T2b
-	 add	$t2,$t2,$carry
-	fmadd	$T3a,$N2,$nc,$T3a
-	fmadd	$T3b,$N2,$nd,$T3b
-	 srdi	$carry,$t2,16
-	 insrdi	$t0,$t2,16,16
-	fmadd	$dota,$N3,$nc,$dota
-	fmadd	$dotb,$N3,$nd,$dotb
-	 add	$t3,$t3,$carry
-	 ldu	$t2,16($tp)		; tp[j+1]
-	 srdi	$carry,$t3,16
-	 insrdi	$t0,$t3,16,0		; 0..63 bits
-	 add	$t4,$t4,$carry
-
-	fctid	$T0a,$T0a
-	fctid	$T0b,$T0b
-	 srdi	$carry,$t4,16
-	fctid	$T1a,$T1a
-	fctid	$T1b,$T1b
-	 add	$t5,$t5,$carry
-	fctid	$T2a,$T2a
-	fctid	$T2b,$T2b
-	 srdi	$carry,$t5,16
-	 insrdi	$t4,$t5,16,32
-	fctid	$T3a,$T3a
-	fctid	$T3b,$T3b
-	 add	$t6,$t6,$carry
-	 srdi	$carry,$t6,16
-	 insrdi	$t4,$t6,16,16
-
-	stfd	$T0a,`$FRAME+0`($sp)
-	stfd	$T0b,`$FRAME+8`($sp)
-	 add	$t7,$t7,$carry
-	 addc	$t3,$t0,$t1
-___
-$code.=<<___ if ($SIZE_T==4);		# adjust XER[CA]
-	extrdi	$t0,$t0,32,0
-	extrdi	$t1,$t1,32,0
-	adde	$t0,$t0,$t1
-___
-$code.=<<___;
-	stfd	$T1a,`$FRAME+16`($sp)
-	stfd	$T1b,`$FRAME+24`($sp)
-	 insrdi	$t4,$t7,16,0		; 64..127 bits
-	 srdi	$carry,$t7,16		; upper 33 bits
-	stfd	$T2a,`$FRAME+32`($sp)
-	stfd	$T2b,`$FRAME+40`($sp)
-	 adde	$t5,$t4,$t2
-___
-$code.=<<___ if ($SIZE_T==4);		# adjust XER[CA]
-	extrdi	$t4,$t4,32,0
-	extrdi	$t2,$t2,32,0
-	adde	$t4,$t4,$t2
-___
-$code.=<<___;
-	stfd	$T3a,`$FRAME+48`($sp)
-	stfd	$T3b,`$FRAME+56`($sp)
-	 addze	$carry,$carry
-	 std	$t3,-16($tp)		; tp[j-1]
-	 std	$t5,-8($tp)		; tp[j]
-	bdnz-	Linner
-
-	fctid	$dota,$dota
-	fctid	$dotb,$dotb
-	ld	$t0,`$FRAME+0`($sp)
-	ld	$t1,`$FRAME+8`($sp)
-	ld	$t2,`$FRAME+16`($sp)
-	ld	$t3,`$FRAME+24`($sp)
-	ld	$t4,`$FRAME+32`($sp)
-	ld	$t5,`$FRAME+40`($sp)
-	ld	$t6,`$FRAME+48`($sp)
-	ld	$t7,`$FRAME+56`($sp)
-	stfd	$dota,`$FRAME+64`($sp)
-	stfd	$dotb,`$FRAME+72`($sp)
-
-	add	$t0,$t0,$carry		; can not overflow
-	srdi	$carry,$t0,16
-	add	$t1,$t1,$carry
-	srdi	$carry,$t1,16
-	insrdi	$t0,$t1,16,32
-	add	$t2,$t2,$carry
-	ld	$t1,8($tp)		; tp[j]
-	srdi	$carry,$t2,16
-	insrdi	$t0,$t2,16,16
-	add	$t3,$t3,$carry
-	ldu	$t2,16($tp)		; tp[j+1]
-	srdi	$carry,$t3,16
-	insrdi	$t0,$t3,16,0		; 0..63 bits
-	add	$t4,$t4,$carry
-	srdi	$carry,$t4,16
-	add	$t5,$t5,$carry
-	srdi	$carry,$t5,16
-	insrdi	$t4,$t5,16,32
-	add	$t6,$t6,$carry
-	srdi	$carry,$t6,16
-	insrdi	$t4,$t6,16,16
-	add	$t7,$t7,$carry
-	insrdi	$t4,$t7,16,0		; 64..127 bits
-	srdi	$carry,$t7,16		; upper 33 bits
-	ld	$t6,`$FRAME+64`($sp)
-	ld	$t7,`$FRAME+72`($sp)
-
-	addc	$t3,$t0,$t1
-___
-$code.=<<___ if ($SIZE_T==4);		# adjust XER[CA]
-	extrdi	$t0,$t0,32,0
-	extrdi	$t1,$t1,32,0
-	adde	$t0,$t0,$t1
-___
-$code.=<<___;
-	adde	$t5,$t4,$t2
-___
-$code.=<<___ if ($SIZE_T==4);		# adjust XER[CA]
-	extrdi	$t4,$t4,32,0
-	extrdi	$t2,$t2,32,0
-	adde	$t4,$t4,$t2
-___
-$code.=<<___;
-	addze	$carry,$carry
-
-	std	$t3,-16($tp)		; tp[j-1]
-	std	$t5,-8($tp)		; tp[j]
-
-	add	$carry,$carry,$ovf	; comsume upmost overflow
-	add	$t6,$t6,$carry		; can not overflow
-	srdi	$carry,$t6,16
-	add	$t7,$t7,$carry
-	insrdi	$t6,$t7,48,0
-	srdi	$ovf,$t7,48
-	std	$t6,0($tp)		; tp[num-1]
-
-	slwi	$t7,$num,2
-	addi	$i,$i,8
-	subf	$nap_d,$t7,$nap_d	; rewind pointer
-	cmpw	$i,$num
-	blt-	Louter
-___
-
-$code.=<<___ if ($SIZE_T==8);
-	subf	$np,$num,$np	; rewind np
-	addi	$j,$j,1		; restore counter
-	subfc	$i,$i,$i	; j=0 and "clear" XER[CA]
-	addi	$tp,$sp,`$FRAME+$TRANSFER+8`
-	addi	$t4,$sp,`$FRAME+$TRANSFER+16`
-	addi	$t5,$np,8
-	addi	$t6,$rp,8
-	mtctr	$j
-
-.align	4
-Lsub:	ldx	$t0,$tp,$i
-	ldx	$t1,$np,$i
-	ldx	$t2,$t4,$i
-	ldx	$t3,$t5,$i
-	subfe	$t0,$t1,$t0	; tp[j]-np[j]
-	subfe	$t2,$t3,$t2	; tp[j+1]-np[j+1]
-	stdx	$t0,$rp,$i
-	stdx	$t2,$t6,$i
-	addi	$i,$i,16
-	bdnz-	Lsub
-
-	li	$i,0
-	subfe	$ovf,$i,$ovf	; handle upmost overflow bit
-	and	$ap,$tp,$ovf
-	andc	$np,$rp,$ovf
-	or	$ap,$ap,$np	; ap=borrow?tp:rp
-	addi	$t7,$ap,8
-	mtctr	$j
-
-.align	4
-Lcopy:				; copy or in-place refresh
-	ldx	$t0,$ap,$i
-	ldx	$t1,$t7,$i
-	std	$i,8($nap_d)	; zap nap_d
-	std	$i,16($nap_d)
-	std	$i,24($nap_d)
-	std	$i,32($nap_d)
-	std	$i,40($nap_d)
-	std	$i,48($nap_d)
-	std	$i,56($nap_d)
-	stdu	$i,64($nap_d)
-	stdx	$t0,$rp,$i
-	stdx	$t1,$t6,$i
-	stdx	$i,$tp,$i	; zap tp at once
-	stdx	$i,$t4,$i
-	addi	$i,$i,16
-	bdnz-	Lcopy
-___
-$code.=<<___ if ($SIZE_T==4);
-	subf	$np,$num,$np	; rewind np
-	addi	$j,$j,1		; restore counter
-	subfc	$i,$i,$i	; j=0 and "clear" XER[CA]
-	addi	$tp,$sp,`$FRAME+$TRANSFER`
-	addi	$np,$np,-4
-	addi	$rp,$rp,-4
-	addi	$ap,$sp,`$FRAME+$TRANSFER+4`
-	mtctr	$j
-
-.align	4
-Lsub:	ld	$t0,8($tp)	; load tp[j..j+3] in 64-bit word order
-	ldu	$t2,16($tp)
-	lwz	$t4,4($np)	; load np[j..j+3] in 32-bit word order
-	lwz	$t5,8($np)
-	lwz	$t6,12($np)
-	lwzu	$t7,16($np)
-	extrdi	$t1,$t0,32,0
-	extrdi	$t3,$t2,32,0
-	subfe	$t4,$t4,$t0	; tp[j]-np[j]
-	 stw	$t0,4($ap)	; save tp[j..j+3] in 32-bit word order
-	subfe	$t5,$t5,$t1	; tp[j+1]-np[j+1]
-	 stw	$t1,8($ap)
-	subfe	$t6,$t6,$t2	; tp[j+2]-np[j+2]
-	 stw	$t2,12($ap)
-	subfe	$t7,$t7,$t3	; tp[j+3]-np[j+3]
-	 stwu	$t3,16($ap)
-	stw	$t4,4($rp)
-	stw	$t5,8($rp)
-	stw	$t6,12($rp)
-	stwu	$t7,16($rp)
-	bdnz-	Lsub
-
-	li	$i,0
-	subfe	$ovf,$i,$ovf	; handle upmost overflow bit
-	addi	$tp,$sp,`$FRAME+$TRANSFER+4`
-	subf	$rp,$num,$rp	; rewind rp
-	and	$ap,$tp,$ovf
-	andc	$np,$rp,$ovf
-	or	$ap,$ap,$np	; ap=borrow?tp:rp
-	addi	$tp,$sp,`$FRAME+$TRANSFER`
-	mtctr	$j
-
-.align	4
-Lcopy:				; copy or in-place refresh
-	lwz	$t0,4($ap)
-	lwz	$t1,8($ap)
-	lwz	$t2,12($ap)
-	lwzu	$t3,16($ap)
-	std	$i,8($nap_d)	; zap nap_d
-	std	$i,16($nap_d)
-	std	$i,24($nap_d)
-	std	$i,32($nap_d)
-	std	$i,40($nap_d)
-	std	$i,48($nap_d)
-	std	$i,56($nap_d)
-	stdu	$i,64($nap_d)
-	stw	$t0,4($rp)
-	stw	$t1,8($rp)
-	stw	$t2,12($rp)
-	stwu	$t3,16($rp)
-	std	$i,8($tp)	; zap tp at once
-	stdu	$i,16($tp)
-	bdnz-	Lcopy
-___
-
-$code.=<<___;
-	$POP	$i,0($sp)
-	li	r3,1	; signal "handled"
-	$POP	r22,`-12*8-10*$SIZE_T`($i)
-	$POP	r23,`-12*8-9*$SIZE_T`($i)
-	$POP	r24,`-12*8-8*$SIZE_T`($i)
-	$POP	r25,`-12*8-7*$SIZE_T`($i)
-	$POP	r26,`-12*8-6*$SIZE_T`($i)
-	$POP	r27,`-12*8-5*$SIZE_T`($i)
-	$POP	r28,`-12*8-4*$SIZE_T`($i)
-	$POP	r29,`-12*8-3*$SIZE_T`($i)
-	$POP	r30,`-12*8-2*$SIZE_T`($i)
-	$POP	r31,`-12*8-1*$SIZE_T`($i)
-	lfd	f20,`-12*8`($i)
-	lfd	f21,`-11*8`($i)
-	lfd	f22,`-10*8`($i)
-	lfd	f23,`-9*8`($i)
-	lfd	f24,`-8*8`($i)
-	lfd	f25,`-7*8`($i)
-	lfd	f26,`-6*8`($i)
-	lfd	f27,`-5*8`($i)
-	lfd	f28,`-4*8`($i)
-	lfd	f29,`-3*8`($i)
-	lfd	f30,`-2*8`($i)
-	lfd	f31,`-1*8`($i)
-	mr	$sp,$i
-	blr
-	.long	0
-	.byte	0,12,4,0,0x8c,10,6,0
-	.long	0
-
-.asciz  "Montgomery Multiplication for PPC64, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl
deleted file mode 100644
index 9d18d40e77..0000000000
--- a/crypto/bn/asm/s390x-gf2m.pl
+++ /dev/null
@@ -1,221 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# May 2011
-#
-# The module implements bn_GF2m_mul_2x2 polynomial multiplication used
-# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
-# the time being... gcc 4.3 appeared to generate poor code, therefore
-# the effort. And indeed, the module delivers 55%-90%(*) improvement
-# on haviest ECDSA verify and ECDH benchmarks for 163- and 571-bit
-# key lengths on z990, 30%-55%(*) - on z10, and 70%-110%(*) - on z196.
-# This is for 64-bit build. In 32-bit "highgprs" case improvement is
-# even higher, for example on z990 it was measured 80%-150%. ECDSA
-# sign is modest 9%-12% faster. Keep in mind that these coefficients
-# are not ones for bn_GF2m_mul_2x2 itself, as not all CPU time is
-# burnt in it...
-#
-# (*)	gcc 4.1 was observed to deliver better results than gcc 4.3,
-#	so that improvement coefficients can vary from one specific
-#	setup to another.
-
-$flavour = shift;
-
-if ($flavour =~ /3[12]/) {
-        $SIZE_T=4;
-        $g="";
-} else {
-        $SIZE_T=8;
-        $g="g";
-}
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$stdframe=16*$SIZE_T+4*8;
-
-$rp="%r2";
-$a1="%r3";
-$a0="%r4";
-$b1="%r5";
-$b0="%r6";
-
-$ra="%r14";
-$sp="%r15";
-
-@T=("%r0","%r1");
-@i=("%r12","%r13");
-
-($a1,$a2,$a4,$a8,$a12,$a48)=map("%r$_",(6..11));
-($lo,$hi,$b)=map("%r$_",(3..5)); $a=$lo; $mask=$a8;
-
-$code.=<<___;
-.text
-
-.type	_mul_1x1,\@function
-.align	16
-_mul_1x1:
-	lgr	$a1,$a
-	sllg	$a2,$a,1
-	sllg	$a4,$a,2
-	sllg	$a8,$a,3
-
-	srag	$lo,$a1,63			# broadcast 63rd bit
-	nihh	$a1,0x1fff
-	srag	@i[0],$a2,63			# broadcast 62nd bit
-	nihh	$a2,0x3fff
-	srag	@i[1],$a4,63			# broadcast 61st bit
-	nihh	$a4,0x7fff
-	ngr	$lo,$b
-	ngr	@i[0],$b
-	ngr	@i[1],$b
-
-	lghi	@T[0],0
-	lgr	$a12,$a1
-	stg	@T[0],`$stdframe+0*8`($sp)	# tab[0]=0
-	xgr	$a12,$a2
-	stg	$a1,`$stdframe+1*8`($sp)	# tab[1]=a1
-	 lgr	$a48,$a4
-	stg	$a2,`$stdframe+2*8`($sp)	# tab[2]=a2
-	 xgr	$a48,$a8
-	stg	$a12,`$stdframe+3*8`($sp)	# tab[3]=a1^a2
-	 xgr	$a1,$a4
-
-	stg	$a4,`$stdframe+4*8`($sp)	# tab[4]=a4
-	xgr	$a2,$a4
-	stg	$a1,`$stdframe+5*8`($sp)	# tab[5]=a1^a4
-	xgr	$a12,$a4
-	stg	$a2,`$stdframe+6*8`($sp)	# tab[6]=a2^a4
-	 xgr	$a1,$a48
-	stg	$a12,`$stdframe+7*8`($sp)	# tab[7]=a1^a2^a4
-	 xgr	$a2,$a48
-
-	stg	$a8,`$stdframe+8*8`($sp)	# tab[8]=a8
-	xgr	$a12,$a48
-	stg	$a1,`$stdframe+9*8`($sp)	# tab[9]=a1^a8
-	 xgr	$a1,$a4
-	stg	$a2,`$stdframe+10*8`($sp)	# tab[10]=a2^a8
-	 xgr	$a2,$a4
-	stg	$a12,`$stdframe+11*8`($sp)	# tab[11]=a1^a2^a8
-
-	xgr	$a12,$a4
-	stg	$a48,`$stdframe+12*8`($sp)	# tab[12]=a4^a8
-	 srlg	$hi,$lo,1
-	stg	$a1,`$stdframe+13*8`($sp)	# tab[13]=a1^a4^a8
-	 sllg	$lo,$lo,63
-	stg	$a2,`$stdframe+14*8`($sp)	# tab[14]=a2^a4^a8
-	 srlg	@T[0],@i[0],2
-	stg	$a12,`$stdframe+15*8`($sp)	# tab[15]=a1^a2^a4^a8
-
-	lghi	$mask,`0xf<<3`
-	sllg	$a1,@i[0],62
-	 sllg	@i[0],$b,3
-	srlg	@T[1],@i[1],3
-	 ngr	@i[0],$mask
-	sllg	$a2,@i[1],61
-	 srlg	@i[1],$b,4-3
-	xgr	$hi,@T[0]
-	 ngr	@i[1],$mask
-	xgr	$lo,$a1
-	xgr	$hi,@T[1]
-	xgr	$lo,$a2
-
-	xg	$lo,$stdframe(@i[0],$sp)
-	srlg	@i[0],$b,8-3
-	ngr	@i[0],$mask
-___
-for($n=1;$n<14;$n++) {
-$code.=<<___;
-	lg	@T[1],$stdframe(@i[1],$sp)
-	srlg	@i[1],$b,`($n+2)*4`-3
-	sllg	@T[0],@T[1],`$n*4`
-	ngr	@i[1],$mask
-	srlg	@T[1],@T[1],`64-$n*4`
-	xgr	$lo,@T[0]
-	xgr	$hi,@T[1]
-___
-	push(@i,shift(@i)); push(@T,shift(@T));
-}
-$code.=<<___;
-	lg	@T[1],$stdframe(@i[1],$sp)
-	sllg	@T[0],@T[1],`$n*4`
-	srlg	@T[1],@T[1],`64-$n*4`
-	xgr	$lo,@T[0]
-	xgr	$hi,@T[1]
-
-	lg	@T[0],$stdframe(@i[0],$sp)
-	sllg	@T[1],@T[0],`($n+1)*4`
-	srlg	@T[0],@T[0],`64-($n+1)*4`
-	xgr	$lo,@T[1]
-	xgr	$hi,@T[0]
-
-	br	$ra
-.size	_mul_1x1,.-_mul_1x1
-
-.globl	bn_GF2m_mul_2x2
-.type	bn_GF2m_mul_2x2,\@function
-.align	16
-bn_GF2m_mul_2x2:
-	stm${g}	%r3,%r15,3*$SIZE_T($sp)
-
-	lghi	%r1,-$stdframe-128
-	la	%r0,0($sp)
-	la	$sp,0(%r1,$sp)			# alloca
-	st${g}	%r0,0($sp)			# back chain
-___
-if ($SIZE_T==8) {
-my @r=map("%r$_",(6..9));
-$code.=<<___;
-	bras	$ra,_mul_1x1			# a1·b1
-	stmg	$lo,$hi,16($rp)
-
-	lg	$a,`$stdframe+128+4*$SIZE_T`($sp)
-	lg	$b,`$stdframe+128+6*$SIZE_T`($sp)
-	bras	$ra,_mul_1x1			# a0·b0
-	stmg	$lo,$hi,0($rp)
-
-	lg	$a,`$stdframe+128+3*$SIZE_T`($sp)
-	lg	$b,`$stdframe+128+5*$SIZE_T`($sp)
-	xg	$a,`$stdframe+128+4*$SIZE_T`($sp)
-	xg	$b,`$stdframe+128+6*$SIZE_T`($sp)
-	bras	$ra,_mul_1x1			# (a0+a1)·(b0+b1)
-	lmg	@r[0],@r[3],0($rp)
-
-	xgr	$lo,$hi
-	xgr	$hi,@r[1]
-	xgr	$lo,@r[0]
-	xgr	$hi,@r[2]
-	xgr	$lo,@r[3]	
-	xgr	$hi,@r[3]
-	xgr	$lo,$hi
-	stg	$hi,16($rp)
-	stg	$lo,8($rp)
-___
-} else {
-$code.=<<___;
-	sllg	%r3,%r3,32
-	sllg	%r5,%r5,32
-	or	%r3,%r4
-	or	%r5,%r6
-	bras	$ra,_mul_1x1
-	rllg	$lo,$lo,32
-	rllg	$hi,$hi,32
-	stmg	$lo,$hi,0($rp)
-___
-}
-$code.=<<___;
-	lm${g}	%r6,%r15,`$stdframe+128+6*$SIZE_T`($sp)
-	br	$ra
-.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
-.string	"GF(2^m) Multiplication for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl
deleted file mode 100644
index 9fd64e81ee..0000000000
--- a/crypto/bn/asm/s390x-mont.pl
+++ /dev/null
@@ -1,277 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# April 2007.
-#
-# Performance improvement over vanilla C code varies from 85% to 45%
-# depending on key length and benchmark. Unfortunately in this context
-# these are not very impressive results [for code that utilizes "wide"
-# 64x64=128-bit multiplication, which is not commonly available to C
-# programmers], at least hand-coded bn_asm.c replacement is known to
-# provide 30-40% better results for longest keys. Well, on a second
-# thought it's not very surprising, because z-CPUs are single-issue
-# and _strictly_ in-order execution, while bn_mul_mont is more or less
-# dependent on CPU ability to pipe-line instructions and have several
-# of them "in-flight" at the same time. I mean while other methods,
-# for example Karatsuba, aim to minimize amount of multiplications at
-# the cost of other operations increase, bn_mul_mont aim to neatly
-# "overlap" multiplications and the other operations [and on most
-# platforms even minimize the amount of the other operations, in
-# particular references to memory]. But it's possible to improve this
-# module performance by implementing dedicated squaring code-path and
-# possibly by unrolling loops...
-
-# January 2009.
-#
-# Reschedule to minimize/avoid Address Generation Interlock hazard,
-# make inner loops counter-based.
-
-# November 2010.
-#
-# Adapt for -m31 build. If kernel supports what's called "highgprs"
-# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
-# instructions and achieve "64-bit" performance even in 31-bit legacy
-# application context. The feature is not specific to any particular
-# processor, as long as it's "z-CPU". Latter implies that the code
-# remains z/Architecture specific. Compatibility with 32-bit BN_ULONG
-# is achieved by swapping words after 64-bit loads, follow _dswap-s.
-# On z990 it was measured to perform 2.6-2.2 times better than
-# compiler-generated code, less for longer keys...
-
-$flavour = shift;
-
-if ($flavour =~ /3[12]/) {
-	$SIZE_T=4;
-	$g="";
-} else {
-	$SIZE_T=8;
-	$g="g";
-}
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$stdframe=16*$SIZE_T+4*8;
-
-$mn0="%r0";
-$num="%r1";
-
-# int bn_mul_mont(
-$rp="%r2";		# BN_ULONG *rp,
-$ap="%r3";		# const BN_ULONG *ap,
-$bp="%r4";		# const BN_ULONG *bp,
-$np="%r5";		# const BN_ULONG *np,
-$n0="%r6";		# const BN_ULONG *n0,
-#$num="160(%r15)"	# int num);
-
-$bi="%r2";	# zaps rp
-$j="%r7";
-
-$ahi="%r8";
-$alo="%r9";
-$nhi="%r10";
-$nlo="%r11";
-$AHI="%r12";
-$NHI="%r13";
-$count="%r14";
-$sp="%r15";
-
-$code.=<<___;
-.text
-.globl	bn_mul_mont
-.type	bn_mul_mont,\@function
-bn_mul_mont:
-	lgf	$num,`$stdframe+$SIZE_T-4`($sp)	# pull $num
-	sla	$num,`log($SIZE_T)/log(2)`	# $num to enumerate bytes
-	la	$bp,0($num,$bp)
-
-	st${g}	%r2,2*$SIZE_T($sp)
-
-	cghi	$num,16		#
-	lghi	%r2,0		#
-	blr	%r14		# if($num<16) return 0;
-___
-$code.=<<___ if ($flavour =~ /3[12]/);
-	tmll	$num,4
-	bnzr	%r14		# if ($num&1) return 0;
-___
-$code.=<<___ if ($flavour !~ /3[12]/);
-	cghi	$num,96		#
-	bhr	%r14		# if($num>96) return 0;
-___
-$code.=<<___;
-	stm${g}	%r3,%r15,3*$SIZE_T($sp)
-
-	lghi	$rp,-$stdframe-8	# leave room for carry bit
-	lcgr	$j,$num		# -$num
-	lgr	%r0,$sp
-	la	$rp,0($rp,$sp)
-	la	$sp,0($j,$rp)	# alloca
-	st${g}	%r0,0($sp)	# back chain
-
-	sra	$num,3		# restore $num
-	la	$bp,0($j,$bp)	# restore $bp
-	ahi	$num,-1		# adjust $num for inner loop
-	lg	$n0,0($n0)	# pull n0
-	_dswap	$n0
-
-	lg	$bi,0($bp)
-	_dswap	$bi
-	lg	$alo,0($ap)
-	_dswap	$alo
-	mlgr	$ahi,$bi	# ap[0]*bp[0]
-	lgr	$AHI,$ahi
-
-	lgr	$mn0,$alo	# "tp[0]"*n0
-	msgr	$mn0,$n0
-
-	lg	$nlo,0($np)	#
-	_dswap	$nlo
-	mlgr	$nhi,$mn0	# np[0]*m1
-	algr	$nlo,$alo	# +="tp[0]"
-	lghi	$NHI,0
-	alcgr	$NHI,$nhi
-
-	la	$j,8(%r0)	# j=1
-	lr	$count,$num
-
-.align	16
-.L1st:
-	lg	$alo,0($j,$ap)
-	_dswap	$alo
-	mlgr	$ahi,$bi	# ap[j]*bp[0]
-	algr	$alo,$AHI
-	lghi	$AHI,0
-	alcgr	$AHI,$ahi
-
-	lg	$nlo,0($j,$np)
-	_dswap	$nlo
-	mlgr	$nhi,$mn0	# np[j]*m1
-	algr	$nlo,$NHI
-	lghi	$NHI,0
-	alcgr	$nhi,$NHI	# +="tp[j]"
-	algr	$nlo,$alo
-	alcgr	$NHI,$nhi
-
-	stg	$nlo,$stdframe-8($j,$sp)	# tp[j-1]=
-	la	$j,8($j)	# j++
-	brct	$count,.L1st
-
-	algr	$NHI,$AHI
-	lghi	$AHI,0
-	alcgr	$AHI,$AHI	# upmost overflow bit
-	stg	$NHI,$stdframe-8($j,$sp)
-	stg	$AHI,$stdframe($j,$sp)
-	la	$bp,8($bp)	# bp++
-
-.Louter:
-	lg	$bi,0($bp)	# bp[i]
-	_dswap	$bi
-	lg	$alo,0($ap)
-	_dswap	$alo
-	mlgr	$ahi,$bi	# ap[0]*bp[i]
-	alg	$alo,$stdframe($sp)	# +=tp[0]
-	lghi	$AHI,0
-	alcgr	$AHI,$ahi
-
-	lgr	$mn0,$alo
-	msgr	$mn0,$n0	# tp[0]*n0
-
-	lg	$nlo,0($np)	# np[0]
-	_dswap	$nlo
-	mlgr	$nhi,$mn0	# np[0]*m1
-	algr	$nlo,$alo	# +="tp[0]"
-	lghi	$NHI,0
-	alcgr	$NHI,$nhi
-
-	la	$j,8(%r0)	# j=1
-	lr	$count,$num
-
-.align	16
-.Linner:
-	lg	$alo,0($j,$ap)
-	_dswap	$alo
-	mlgr	$ahi,$bi	# ap[j]*bp[i]
-	algr	$alo,$AHI
-	lghi	$AHI,0
-	alcgr	$ahi,$AHI
-	alg	$alo,$stdframe($j,$sp)# +=tp[j]
-	alcgr	$AHI,$ahi
-
-	lg	$nlo,0($j,$np)
-	_dswap	$nlo
-	mlgr	$nhi,$mn0	# np[j]*m1
-	algr	$nlo,$NHI
-	lghi	$NHI,0
-	alcgr	$nhi,$NHI
-	algr	$nlo,$alo	# +="tp[j]"
-	alcgr	$NHI,$nhi
-
-	stg	$nlo,$stdframe-8($j,$sp)	# tp[j-1]=
-	la	$j,8($j)	# j++
-	brct	$count,.Linner
-
-	algr	$NHI,$AHI
-	lghi	$AHI,0
-	alcgr	$AHI,$AHI
-	alg	$NHI,$stdframe($j,$sp)# accumulate previous upmost overflow bit
-	lghi	$ahi,0
-	alcgr	$AHI,$ahi	# new upmost overflow bit
-	stg	$NHI,$stdframe-8($j,$sp)
-	stg	$AHI,$stdframe($j,$sp)
-
-	la	$bp,8($bp)	# bp++
-	cl${g}	$bp,`$stdframe+8+4*$SIZE_T`($j,$sp)	# compare to &bp[num]
-	jne	.Louter
-
-	l${g}	$rp,`$stdframe+8+2*$SIZE_T`($j,$sp)	# reincarnate rp
-	la	$ap,$stdframe($sp)
-	ahi	$num,1		# restore $num, incidentally clears "borrow"
-
-	la	$j,0(%r0)
-	lr	$count,$num
-.Lsub:	lg	$alo,0($j,$ap)
-	lg	$nlo,0($j,$np)
-	_dswap	$nlo
-	slbgr	$alo,$nlo
-	stg	$alo,0($j,$rp)
-	la	$j,8($j)
-	brct	$count,.Lsub
-	lghi	$ahi,0
-	slbgr	$AHI,$ahi	# handle upmost carry
-
-	ngr	$ap,$AHI
-	lghi	$np,-1
-	xgr	$np,$AHI
-	ngr	$np,$rp
-	ogr	$ap,$np		# ap=borrow?tp:rp
-
-	la	$j,0(%r0)
-	lgr	$count,$num
-.Lcopy:	lg	$alo,0($j,$ap)		# copy or in-place refresh
-	_dswap	$alo
-	stg	$j,$stdframe($j,$sp)	# zap tp
-	stg	$alo,0($j,$rp)
-	la	$j,8($j)
-	brct	$count,.Lcopy
-
-	la	%r1,`$stdframe+8+6*$SIZE_T`($j,$sp)
-	lm${g}	%r6,%r15,0(%r1)
-	lghi	%r2,1		# signal "processed"
-	br	%r14
-.size	bn_mul_mont,.-bn_mul_mont
-.string	"Montgomery Multiplication for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-foreach (split("\n",$code)) {
-	s/\`([^\`]*)\`/eval $1/ge;
-	s/_dswap\s+(%r[0-9]+)/sprintf("rllg\t%s,%s,32",$1,$1) if($SIZE_T==4)/e;
-	print $_,"\n";
-}
-close STDOUT;
diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S
deleted file mode 100755
index 43fcb79bc0..0000000000
--- a/crypto/bn/asm/s390x.S
+++ /dev/null
@@ -1,678 +0,0 @@
-.ident "s390x.S, version 1.1"
-// ====================================================================
-// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-// project.
-//
-// Rights for redistribution and usage in source and binary forms are
-// granted according to the OpenSSL license. Warranty of any kind is
-// disclaimed.
-// ====================================================================
-
-.text
-
-#define zero	%r0
-
-// BN_ULONG bn_mul_add_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5);
-.globl	bn_mul_add_words
-.type	bn_mul_add_words,@function
-.align	4
-bn_mul_add_words:
-	lghi	zero,0		// zero = 0
-	la	%r1,0(%r2)	// put rp aside
-	lghi	%r2,0		// i=0;
-	ltgfr	%r4,%r4
-	bler	%r14		// if (len<=0) return 0;
-
-	stmg	%r6,%r10,48(%r15)
-	lghi	%r10,3
-	lghi	%r8,0		// carry = 0
-	nr	%r10,%r4	// len%4
-	sra	%r4,2		// cnt=len/4
-	jz	.Loop1_madd	// carry is incidentally cleared if branch taken
-	algr	zero,zero	// clear carry
-
-.Loop4_madd:
-	lg	%r7,0(%r2,%r3)	// ap[i]
-	mlgr	%r6,%r5		// *=w
-	alcgr	%r7,%r8		// +=carry
-	alcgr	%r6,zero
-	alg	%r7,0(%r2,%r1)	// +=rp[i]
-	stg	%r7,0(%r2,%r1)	// rp[i]=
-
-	lg	%r9,8(%r2,%r3)
-	mlgr	%r8,%r5
-	alcgr	%r9,%r6
-	alcgr	%r8,zero
-	alg	%r9,8(%r2,%r1)
-	stg	%r9,8(%r2,%r1)
-
-	lg	%r7,16(%r2,%r3)
-	mlgr	%r6,%r5
-	alcgr	%r7,%r8
-	alcgr	%r6,zero
-	alg	%r7,16(%r2,%r1)
-	stg	%r7,16(%r2,%r1)
-
-	lg	%r9,24(%r2,%r3)
-	mlgr	%r8,%r5
-	alcgr	%r9,%r6
-	alcgr	%r8,zero
-	alg	%r9,24(%r2,%r1)
-	stg	%r9,24(%r2,%r1)
-
-	la	%r2,32(%r2)	// i+=4
-	brct	%r4,.Loop4_madd
-
-	la	%r10,1(%r10)		// see if len%4 is zero ...
-	brct	%r10,.Loop1_madd	// without touching condition code:-)
-
-.Lend_madd:
-	alcgr	%r8,zero	// collect carry bit
-	lgr	%r2,%r8
-	lmg	%r6,%r10,48(%r15)
-	br	%r14
-
-.Loop1_madd:
-	lg	%r7,0(%r2,%r3)	// ap[i]
-	mlgr	%r6,%r5		// *=w
-	alcgr	%r7,%r8		// +=carry
-	alcgr	%r6,zero
-	alg	%r7,0(%r2,%r1)	// +=rp[i]
-	stg	%r7,0(%r2,%r1)	// rp[i]=
-
-	lgr	%r8,%r6
-	la	%r2,8(%r2)	// i++
-	brct	%r10,.Loop1_madd
-
-	j	.Lend_madd
-.size	bn_mul_add_words,.-bn_mul_add_words
-
-// BN_ULONG bn_mul_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5);
-.globl	bn_mul_words
-.type	bn_mul_words,@function
-.align	4
-bn_mul_words:
-	lghi	zero,0		// zero = 0
-	la	%r1,0(%r2)	// put rp aside
-	lghi	%r2,0		// i=0;
-	ltgfr	%r4,%r4
-	bler	%r14		// if (len<=0) return 0;
-
-	stmg	%r6,%r10,48(%r15)
-	lghi	%r10,3
-	lghi	%r8,0		// carry = 0
-	nr	%r10,%r4	// len%4
-	sra	%r4,2		// cnt=len/4
-	jz	.Loop1_mul	// carry is incidentally cleared if branch taken
-	algr	zero,zero	// clear carry
-
-.Loop4_mul:
-	lg	%r7,0(%r2,%r3)	// ap[i]
-	mlgr	%r6,%r5		// *=w
-	alcgr	%r7,%r8		// +=carry
-	stg	%r7,0(%r2,%r1)	// rp[i]=
-
-	lg	%r9,8(%r2,%r3)
-	mlgr	%r8,%r5
-	alcgr	%r9,%r6
-	stg	%r9,8(%r2,%r1)
-
-	lg	%r7,16(%r2,%r3)
-	mlgr	%r6,%r5
-	alcgr	%r7,%r8
-	stg	%r7,16(%r2,%r1)
-
-	lg	%r9,24(%r2,%r3)
-	mlgr	%r8,%r5
-	alcgr	%r9,%r6
-	stg	%r9,24(%r2,%r1)
-
-	la	%r2,32(%r2)	// i+=4
-	brct	%r4,.Loop4_mul
-
-	la	%r10,1(%r10)		// see if len%4 is zero ...
-	brct	%r10,.Loop1_mul		// without touching condition code:-)
-
-.Lend_mul:
-	alcgr	%r8,zero	// collect carry bit
-	lgr	%r2,%r8
-	lmg	%r6,%r10,48(%r15)
-	br	%r14
-
-.Loop1_mul:
-	lg	%r7,0(%r2,%r3)	// ap[i]
-	mlgr	%r6,%r5		// *=w
-	alcgr	%r7,%r8		// +=carry
-	stg	%r7,0(%r2,%r1)	// rp[i]=
-
-	lgr	%r8,%r6
-	la	%r2,8(%r2)	// i++
-	brct	%r10,.Loop1_mul
-
-	j	.Lend_mul
-.size	bn_mul_words,.-bn_mul_words
-
-// void bn_sqr_words(BN_ULONG *r2,BN_ULONG *r2,int r4)
-.globl	bn_sqr_words
-.type	bn_sqr_words,@function
-.align	4
-bn_sqr_words:
-	ltgfr	%r4,%r4
-	bler	%r14
-
-	stmg	%r6,%r7,48(%r15)
-	srag	%r1,%r4,2	// cnt=len/4
-	jz	.Loop1_sqr
-
-.Loop4_sqr:
-	lg	%r7,0(%r3)
-	mlgr	%r6,%r7
-	stg	%r7,0(%r2)
-	stg	%r6,8(%r2)
-
-	lg	%r7,8(%r3)
-	mlgr	%r6,%r7
-	stg	%r7,16(%r2)
-	stg	%r6,24(%r2)
-
-	lg	%r7,16(%r3)
-	mlgr	%r6,%r7
-	stg	%r7,32(%r2)
-	stg	%r6,40(%r2)
-
-	lg	%r7,24(%r3)
-	mlgr	%r6,%r7
-	stg	%r7,48(%r2)
-	stg	%r6,56(%r2)
-
-	la	%r3,32(%r3)
-	la	%r2,64(%r2)
-	brct	%r1,.Loop4_sqr
-
-	lghi	%r1,3
-	nr	%r4,%r1		// cnt=len%4
-	jz	.Lend_sqr
-
-.Loop1_sqr:
-	lg	%r7,0(%r3)
-	mlgr	%r6,%r7
-	stg	%r7,0(%r2)
-	stg	%r6,8(%r2)
-
-	la	%r3,8(%r3)
-	la	%r2,16(%r2)
-	brct	%r4,.Loop1_sqr
-
-.Lend_sqr:
-	lmg	%r6,%r7,48(%r15)
-	br	%r14
-.size	bn_sqr_words,.-bn_sqr_words
-
-// BN_ULONG bn_div_words(BN_ULONG h,BN_ULONG l,BN_ULONG d);
-.globl	bn_div_words
-.type	bn_div_words,@function
-.align	4
-bn_div_words:
-	dlgr	%r2,%r4
-	lgr	%r2,%r3
-	br	%r14
-.size	bn_div_words,.-bn_div_words
-
-// BN_ULONG bn_add_words(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4,int r5);
-.globl	bn_add_words
-.type	bn_add_words,@function
-.align	4
-bn_add_words:
-	la	%r1,0(%r2)	// put rp aside
-	lghi	%r2,0		// i=0
-	ltgfr	%r5,%r5
-	bler	%r14		// if (len<=0) return 0;
-
-	stg	%r6,48(%r15)
-	lghi	%r6,3
-	nr	%r6,%r5		// len%4
-	sra	%r5,2		// len/4, use sra because it sets condition code
-	jz	.Loop1_add	// carry is incidentally cleared if branch taken
-	algr	%r2,%r2		// clear carry
-
-.Loop4_add:
-	lg	%r0,0(%r2,%r3)
-	alcg	%r0,0(%r2,%r4)
-	stg	%r0,0(%r2,%r1)
-	lg	%r0,8(%r2,%r3)
-	alcg	%r0,8(%r2,%r4)
-	stg	%r0,8(%r2,%r1)
-	lg	%r0,16(%r2,%r3)
-	alcg	%r0,16(%r2,%r4)
-	stg	%r0,16(%r2,%r1)
-	lg	%r0,24(%r2,%r3)
-	alcg	%r0,24(%r2,%r4)
-	stg	%r0,24(%r2,%r1)
-
-	la	%r2,32(%r2)	// i+=4
-	brct	%r5,.Loop4_add
-
-	la	%r6,1(%r6)	// see if len%4 is zero ...
-	brct	%r6,.Loop1_add	// without touching condition code:-)
-
-.Lexit_add:
-	lghi	%r2,0
-	alcgr	%r2,%r2
-	lg	%r6,48(%r15)
-	br	%r14
-
-.Loop1_add:
-	lg	%r0,0(%r2,%r3)
-	alcg	%r0,0(%r2,%r4)
-	stg	%r0,0(%r2,%r1)
-
-	la	%r2,8(%r2)	// i++
-	brct	%r6,.Loop1_add
-
-	j	.Lexit_add
-.size	bn_add_words,.-bn_add_words
-
-// BN_ULONG bn_sub_words(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4,int r5);
-.globl	bn_sub_words
-.type	bn_sub_words,@function
-.align	4
-bn_sub_words:
-	la	%r1,0(%r2)	// put rp aside
-	lghi	%r2,0		// i=0
-	ltgfr	%r5,%r5
-	bler	%r14		// if (len<=0) return 0;
-
-	stg	%r6,48(%r15)
-	lghi	%r6,3
-	nr	%r6,%r5		// len%4
-	sra	%r5,2		// len/4, use sra because it sets condition code
-	jnz	.Loop4_sub	// borrow is incidentally cleared if branch taken
-	slgr	%r2,%r2		// clear borrow
-
-.Loop1_sub:
-	lg	%r0,0(%r2,%r3)
-	slbg	%r0,0(%r2,%r4)
-	stg	%r0,0(%r2,%r1)
-
-	la	%r2,8(%r2)	// i++
-	brct	%r6,.Loop1_sub
-	j	.Lexit_sub
-
-.Loop4_sub:
-	lg	%r0,0(%r2,%r3)
-	slbg	%r0,0(%r2,%r4)
-	stg	%r0,0(%r2,%r1)
-	lg	%r0,8(%r2,%r3)
-	slbg	%r0,8(%r2,%r4)
-	stg	%r0,8(%r2,%r1)
-	lg	%r0,16(%r2,%r3)
-	slbg	%r0,16(%r2,%r4)
-	stg	%r0,16(%r2,%r1)
-	lg	%r0,24(%r2,%r3)
-	slbg	%r0,24(%r2,%r4)
-	stg	%r0,24(%r2,%r1)
-
-	la	%r2,32(%r2)	// i+=4
-	brct	%r5,.Loop4_sub
-
-	la	%r6,1(%r6)	// see if len%4 is zero ...
-	brct	%r6,.Loop1_sub	// without touching condition code:-)
-
-.Lexit_sub:
-	lghi	%r2,0
-	slbgr	%r2,%r2
-	lcgr	%r2,%r2
-	lg	%r6,48(%r15)
-	br	%r14
-.size	bn_sub_words,.-bn_sub_words
-
-#define c1	%r1
-#define c2	%r5
-#define c3	%r8
-
-#define mul_add_c(ai,bi,c1,c2,c3)	\
-	lg	%r7,ai*8(%r3);		\
-	mlg	%r6,bi*8(%r4);		\
-	algr	c1,%r7;			\
-	alcgr	c2,%r6;			\
-	alcgr	c3,zero
-
-// void bn_mul_comba8(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4);
-.globl	bn_mul_comba8
-.type	bn_mul_comba8,@function
-.align	4
-bn_mul_comba8:
-	stmg	%r6,%r8,48(%r15)
-
-	lghi	c1,0
-	lghi	c2,0
-	lghi	c3,0
-	lghi	zero,0
-
-	mul_add_c(0,0,c1,c2,c3);
-	stg	c1,0*8(%r2)
-	lghi	c1,0
-
-	mul_add_c(0,1,c2,c3,c1);
-	mul_add_c(1,0,c2,c3,c1);
-	stg	c2,1*8(%r2)
-	lghi	c2,0
-
-	mul_add_c(2,0,c3,c1,c2);
-	mul_add_c(1,1,c3,c1,c2);
-	mul_add_c(0,2,c3,c1,c2);
-	stg	c3,2*8(%r2)
-	lghi	c3,0
-
-	mul_add_c(0,3,c1,c2,c3);
-	mul_add_c(1,2,c1,c2,c3);
-	mul_add_c(2,1,c1,c2,c3);
-	mul_add_c(3,0,c1,c2,c3);
-	stg	c1,3*8(%r2)
-	lghi	c1,0
-
-	mul_add_c(4,0,c2,c3,c1);
-	mul_add_c(3,1,c2,c3,c1);
-	mul_add_c(2,2,c2,c3,c1);
-	mul_add_c(1,3,c2,c3,c1);
-	mul_add_c(0,4,c2,c3,c1);
-	stg	c2,4*8(%r2)
-	lghi	c2,0
-
-	mul_add_c(0,5,c3,c1,c2);
-	mul_add_c(1,4,c3,c1,c2);
-	mul_add_c(2,3,c3,c1,c2);
-	mul_add_c(3,2,c3,c1,c2);
-	mul_add_c(4,1,c3,c1,c2);
-	mul_add_c(5,0,c3,c1,c2);
-	stg	c3,5*8(%r2)
-	lghi	c3,0
-
-	mul_add_c(6,0,c1,c2,c3);
-	mul_add_c(5,1,c1,c2,c3);
-	mul_add_c(4,2,c1,c2,c3);
-	mul_add_c(3,3,c1,c2,c3);
-	mul_add_c(2,4,c1,c2,c3);
-	mul_add_c(1,5,c1,c2,c3);
-	mul_add_c(0,6,c1,c2,c3);
-	stg	c1,6*8(%r2)
-	lghi	c1,0
-
-	mul_add_c(0,7,c2,c3,c1);
-	mul_add_c(1,6,c2,c3,c1);
-	mul_add_c(2,5,c2,c3,c1);
-	mul_add_c(3,4,c2,c3,c1);
-	mul_add_c(4,3,c2,c3,c1);
-	mul_add_c(5,2,c2,c3,c1);
-	mul_add_c(6,1,c2,c3,c1);
-	mul_add_c(7,0,c2,c3,c1);
-	stg	c2,7*8(%r2)
-	lghi	c2,0
-
-	mul_add_c(7,1,c3,c1,c2);
-	mul_add_c(6,2,c3,c1,c2);
-	mul_add_c(5,3,c3,c1,c2);
-	mul_add_c(4,4,c3,c1,c2);
-	mul_add_c(3,5,c3,c1,c2);
-	mul_add_c(2,6,c3,c1,c2);
-	mul_add_c(1,7,c3,c1,c2);
-	stg	c3,8*8(%r2)
-	lghi	c3,0
-
-	mul_add_c(2,7,c1,c2,c3);
-	mul_add_c(3,6,c1,c2,c3);
-	mul_add_c(4,5,c1,c2,c3);
-	mul_add_c(5,4,c1,c2,c3);
-	mul_add_c(6,3,c1,c2,c3);
-	mul_add_c(7,2,c1,c2,c3);
-	stg	c1,9*8(%r2)
-	lghi	c1,0
-
-	mul_add_c(7,3,c2,c3,c1);
-	mul_add_c(6,4,c2,c3,c1);
-	mul_add_c(5,5,c2,c3,c1);
-	mul_add_c(4,6,c2,c3,c1);
-	mul_add_c(3,7,c2,c3,c1);
-	stg	c2,10*8(%r2)
-	lghi	c2,0
-
-	mul_add_c(4,7,c3,c1,c2);
-	mul_add_c(5,6,c3,c1,c2);
-	mul_add_c(6,5,c3,c1,c2);
-	mul_add_c(7,4,c3,c1,c2);
-	stg	c3,11*8(%r2)
-	lghi	c3,0
-
-	mul_add_c(7,5,c1,c2,c3);
-	mul_add_c(6,6,c1,c2,c3);
-	mul_add_c(5,7,c1,c2,c3);
-	stg	c1,12*8(%r2)
-	lghi	c1,0
-
-
-	mul_add_c(6,7,c2,c3,c1);
-	mul_add_c(7,6,c2,c3,c1);
-	stg	c2,13*8(%r2)
-	lghi	c2,0
-
-	mul_add_c(7,7,c3,c1,c2);
-	stg	c3,14*8(%r2)
-	stg	c1,15*8(%r2)
-
-	lmg	%r6,%r8,48(%r15)
-	br	%r14
-.size	bn_mul_comba8,.-bn_mul_comba8
-
-// void bn_mul_comba4(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4);
-.globl	bn_mul_comba4
-.type	bn_mul_comba4,@function
-.align	4
-bn_mul_comba4:
-	stmg	%r6,%r8,48(%r15)
-
-	lghi	c1,0
-	lghi	c2,0
-	lghi	c3,0
-	lghi	zero,0
-
-	mul_add_c(0,0,c1,c2,c3);
-	stg	c1,0*8(%r3)
-	lghi	c1,0
-
-	mul_add_c(0,1,c2,c3,c1);
-	mul_add_c(1,0,c2,c3,c1);
-	stg	c2,1*8(%r2)
-	lghi	c2,0
-
-	mul_add_c(2,0,c3,c1,c2);
-	mul_add_c(1,1,c3,c1,c2);
-	mul_add_c(0,2,c3,c1,c2);
-	stg	c3,2*8(%r2)
-	lghi	c3,0
-
-	mul_add_c(0,3,c1,c2,c3);
-	mul_add_c(1,2,c1,c2,c3);
-	mul_add_c(2,1,c1,c2,c3);
-	mul_add_c(3,0,c1,c2,c3);
-	stg	c1,3*8(%r2)
-	lghi	c1,0
-
-	mul_add_c(3,1,c2,c3,c1);
-	mul_add_c(2,2,c2,c3,c1);
-	mul_add_c(1,3,c2,c3,c1);
-	stg	c2,4*8(%r2)
-	lghi	c2,0
-
-	mul_add_c(2,3,c3,c1,c2);
-	mul_add_c(3,2,c3,c1,c2);
-	stg	c3,5*8(%r2)
-	lghi	c3,0
-
-	mul_add_c(3,3,c1,c2,c3);
-	stg	c1,6*8(%r2)
-	stg	c2,7*8(%r2)
-
-	stmg	%r6,%r8,48(%r15)
-	br	%r14
-.size	bn_mul_comba4,.-bn_mul_comba4
-
-#define sqr_add_c(ai,c1,c2,c3)		\
-	lg	%r7,ai*8(%r3);		\
-	mlgr	%r6,%r7;		\
-	algr	c1,%r7;			\
-	alcgr	c2,%r6;			\
-	alcgr	c3,zero
-
-#define sqr_add_c2(ai,aj,c1,c2,c3)	\
-	lg	%r7,ai*8(%r3);		\
-	mlg	%r6,aj*8(%r3);		\
-	algr	c1,%r7;			\
-	alcgr	c2,%r6;			\
-	alcgr	c3,zero;		\
-	algr	c1,%r7;			\
-	alcgr	c2,%r6;			\
-	alcgr	c3,zero
-
-// void bn_sqr_comba8(BN_ULONG *r2,BN_ULONG *r3);
-.globl	bn_sqr_comba8
-.type	bn_sqr_comba8,@function
-.align	4
-bn_sqr_comba8:
-	stmg	%r6,%r8,48(%r15)
-
-	lghi	c1,0
-	lghi	c2,0
-	lghi	c3,0
-	lghi	zero,0
-
-	sqr_add_c(0,c1,c2,c3);
-	stg	c1,0*8(%r2)
-	lghi	c1,0
-
-	sqr_add_c2(1,0,c2,c3,c1);
-	stg	c2,1*8(%r2)
-	lghi	c2,0
-
-	sqr_add_c(1,c3,c1,c2);
-	sqr_add_c2(2,0,c3,c1,c2);
-	stg	c3,2*8(%r2)
-	lghi	c3,0
-
-	sqr_add_c2(3,0,c1,c2,c3);
-	sqr_add_c2(2,1,c1,c2,c3);
-	stg	c1,3*8(%r2)
-	lghi	c1,0
-
-	sqr_add_c(2,c2,c3,c1);
-	sqr_add_c2(3,1,c2,c3,c1);
-	sqr_add_c2(4,0,c2,c3,c1);
-	stg	c2,4*8(%r2)
-	lghi	c2,0
-
-	sqr_add_c2(5,0,c3,c1,c2);
-	sqr_add_c2(4,1,c3,c1,c2);
-	sqr_add_c2(3,2,c3,c1,c2);
-	stg	c3,5*8(%r2)
-	lghi	c3,0
-
-	sqr_add_c(3,c1,c2,c3);
-	sqr_add_c2(4,2,c1,c2,c3);
-	sqr_add_c2(5,1,c1,c2,c3);
-	sqr_add_c2(6,0,c1,c2,c3);
-	stg	c1,6*8(%r2)
-	lghi	c1,0
-
-	sqr_add_c2(7,0,c2,c3,c1);
-	sqr_add_c2(6,1,c2,c3,c1);
-	sqr_add_c2(5,2,c2,c3,c1);
-	sqr_add_c2(4,3,c2,c3,c1);
-	stg	c2,7*8(%r2)
-	lghi	c2,0
-
-	sqr_add_c(4,c3,c1,c2);
-	sqr_add_c2(5,3,c3,c1,c2);
-	sqr_add_c2(6,2,c3,c1,c2);
-	sqr_add_c2(7,1,c3,c1,c2);
-	stg	c3,8*8(%r2)
-	lghi	c3,0
-
-	sqr_add_c2(7,2,c1,c2,c3);
-	sqr_add_c2(6,3,c1,c2,c3);
-	sqr_add_c2(5,4,c1,c2,c3);
-	stg	c1,9*8(%r2)
-	lghi	c1,0
-
-	sqr_add_c(5,c2,c3,c1);
-	sqr_add_c2(6,4,c2,c3,c1);
-	sqr_add_c2(7,3,c2,c3,c1);
-	stg	c2,10*8(%r2)
-	lghi	c2,0
-
-	sqr_add_c2(7,4,c3,c1,c2);
-	sqr_add_c2(6,5,c3,c1,c2);
-	stg	c3,11*8(%r2)
-	lghi	c3,0
-
-	sqr_add_c(6,c1,c2,c3);
-	sqr_add_c2(7,5,c1,c2,c3);
-	stg	c1,12*8(%r2)
-	lghi	c1,0
-
-	sqr_add_c2(7,6,c2,c3,c1);
-	stg	c2,13*8(%r2)
-	lghi	c2,0
-
-	sqr_add_c(7,c3,c1,c2);
-	stg	c3,14*8(%r2)
-	stg	c1,15*8(%r2)
-
-	lmg	%r6,%r8,48(%r15)
-	br	%r14
-.size	bn_sqr_comba8,.-bn_sqr_comba8
-
-// void bn_sqr_comba4(BN_ULONG *r2,BN_ULONG *r3);
-.globl bn_sqr_comba4
-.type	bn_sqr_comba4,@function
-.align	4
-bn_sqr_comba4:
-	stmg	%r6,%r8,48(%r15)
-
-	lghi	c1,0
-	lghi	c2,0
-	lghi	c3,0
-	lghi	zero,0
-
-	sqr_add_c(0,c1,c2,c3);
-	stg	c1,0*8(%r2)
-	lghi	c1,0
-
-	sqr_add_c2(1,0,c2,c3,c1);
-	stg	c2,1*8(%r2)
-	lghi	c2,0
-
-	sqr_add_c(1,c3,c1,c2);
-	sqr_add_c2(2,0,c3,c1,c2);
-	stg	c3,2*8(%r2)
-	lghi	c3,0
-
-	sqr_add_c2(3,0,c1,c2,c3);
-	sqr_add_c2(2,1,c1,c2,c3);
-	stg	c1,3*8(%r2)
-	lghi	c1,0
-
-	sqr_add_c(2,c2,c3,c1);
-	sqr_add_c2(3,1,c2,c3,c1);
-	stg	c2,4*8(%r2)
-	lghi	c2,0
-
-	sqr_add_c2(3,2,c3,c1,c2);
-	stg	c3,5*8(%r2)
-	lghi	c3,0
-
-	sqr_add_c(3,c1,c2,c3);
-	stg	c1,6*8(%r2)
-	stg	c2,7*8(%r2)
-
-	lmg	%r6,%r8,48(%r15)
-	br	%r14
-.size	bn_sqr_comba4,.-bn_sqr_comba4
diff --git a/crypto/bn/asm/sparcv8.S b/crypto/bn/asm/sparcv8.S
deleted file mode 100644
index 88c5dc480a..0000000000
--- a/crypto/bn/asm/sparcv8.S
+++ /dev/null
@@ -1,1458 +0,0 @@
-.ident	"sparcv8.s, Version 1.4"
-.ident	"SPARC v8 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-
-/*
- * ====================================================================
- * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- * ====================================================================
- */
-
-/*
- * This is my modest contributon to OpenSSL project (see
- * http://www.openssl.org/ for more information about it) and is
- * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c
- * module. For updates see http://fy.chalmers.se/~appro/hpe/.
- *
- * See bn_asm.sparc.v8plus.S for more details.
- */
-
-/*
- * Revision history.
- *
- * 1.1	- new loop unrolling model(*);
- * 1.2	- made gas friendly;
- * 1.3	- fixed problem with /usr/ccs/lib/cpp;
- * 1.4	- some retunes;
- *
- * (*)	see bn_asm.sparc.v8plus.S for details
- */
-
-.section	".text",#alloc,#execinstr
-.file		"bn_asm.sparc.v8.S"
-
-.align	32
-
-.global bn_mul_add_words
-/*
- * BN_ULONG bn_mul_add_words(rp,ap,num,w)
- * BN_ULONG *rp,*ap;
- * int num;
- * BN_ULONG w;
- */
-bn_mul_add_words:
-	cmp	%o2,0
-	bg,a	.L_bn_mul_add_words_proceed
-	ld	[%o1],%g2
-	retl
-	clr	%o0
-
-.L_bn_mul_add_words_proceed:
-	andcc	%o2,-4,%g0
-	bz	.L_bn_mul_add_words_tail
-	clr	%o5
-
-.L_bn_mul_add_words_loop:
-	ld	[%o0],%o4
-	ld	[%o1+4],%g3
-	umul	%o3,%g2,%g2
-	rd	%y,%g1
-	addcc	%o4,%o5,%o4
-	addx	%g1,0,%g1
-	addcc	%o4,%g2,%o4
-	st	%o4,[%o0]
-	addx	%g1,0,%o5
-
-	ld	[%o0+4],%o4
-	ld	[%o1+8],%g2
-	umul	%o3,%g3,%g3
-	dec	4,%o2
-	rd	%y,%g1
-	addcc	%o4,%o5,%o4
-	addx	%g1,0,%g1
-	addcc	%o4,%g3,%o4
-	st	%o4,[%o0+4]
-	addx	%g1,0,%o5
-
-	ld	[%o0+8],%o4
-	ld	[%o1+12],%g3
-	umul	%o3,%g2,%g2
-	inc	16,%o1
-	rd	%y,%g1
-	addcc	%o4,%o5,%o4
-	addx	%g1,0,%g1
-	addcc	%o4,%g2,%o4
-	st	%o4,[%o0+8]
-	addx	%g1,0,%o5
-
-	ld	[%o0+12],%o4
-	umul	%o3,%g3,%g3
-	inc	16,%o0
-	rd	%y,%g1
-	addcc	%o4,%o5,%o4
-	addx	%g1,0,%g1
-	addcc	%o4,%g3,%o4
-	st	%o4,[%o0-4]
-	addx	%g1,0,%o5
-	andcc	%o2,-4,%g0
-	bnz,a	.L_bn_mul_add_words_loop
-	ld	[%o1],%g2
-
-	tst	%o2
-	bnz,a	.L_bn_mul_add_words_tail
-	ld	[%o1],%g2
-.L_bn_mul_add_words_return:
-	retl
-	mov	%o5,%o0
-	nop
-
-.L_bn_mul_add_words_tail:
-	ld	[%o0],%o4
-	umul	%o3,%g2,%g2
-	addcc	%o4,%o5,%o4
-	rd	%y,%g1
-	addx	%g1,0,%g1
-	addcc	%o4,%g2,%o4
-	addx	%g1,0,%o5
-	deccc	%o2
-	bz	.L_bn_mul_add_words_return
-	st	%o4,[%o0]
-
-	ld	[%o1+4],%g2
-	ld	[%o0+4],%o4
-	umul	%o3,%g2,%g2
-	rd	%y,%g1
-	addcc	%o4,%o5,%o4
-	addx	%g1,0,%g1
-	addcc	%o4,%g2,%o4
-	addx	%g1,0,%o5
-	deccc	%o2
-	bz	.L_bn_mul_add_words_return
-	st	%o4,[%o0+4]
-
-	ld	[%o1+8],%g2
-	ld	[%o0+8],%o4
-	umul	%o3,%g2,%g2
-	rd	%y,%g1
-	addcc	%o4,%o5,%o4
-	addx	%g1,0,%g1
-	addcc	%o4,%g2,%o4
-	st	%o4,[%o0+8]
-	retl
-	addx	%g1,0,%o0
-
-.type	bn_mul_add_words,#function
-.size	bn_mul_add_words,(.-bn_mul_add_words)
-
-.align	32
-
-.global bn_mul_words
-/*
- * BN_ULONG bn_mul_words(rp,ap,num,w)
- * BN_ULONG *rp,*ap;
- * int num;
- * BN_ULONG w;
- */
-bn_mul_words:
-	cmp	%o2,0
-	bg,a	.L_bn_mul_words_proceeed
-	ld	[%o1],%g2
-	retl
-	clr	%o0
-
-.L_bn_mul_words_proceeed:
-	andcc	%o2,-4,%g0
-	bz	.L_bn_mul_words_tail
-	clr	%o5
-
-.L_bn_mul_words_loop:
-	ld	[%o1+4],%g3
-	umul	%o3,%g2,%g2
-	addcc	%g2,%o5,%g2
-	rd	%y,%g1
-	addx	%g1,0,%o5
-	st	%g2,[%o0]
-
-	ld	[%o1+8],%g2
-	umul	%o3,%g3,%g3
-	addcc	%g3,%o5,%g3
-	rd	%y,%g1
-	dec	4,%o2
-	addx	%g1,0,%o5
-	st	%g3,[%o0+4]
-
-	ld	[%o1+12],%g3
-	umul	%o3,%g2,%g2
-	addcc	%g2,%o5,%g2
-	rd	%y,%g1
-	inc	16,%o1
-	st	%g2,[%o0+8]
-	addx	%g1,0,%o5
-
-	umul	%o3,%g3,%g3
-	addcc	%g3,%o5,%g3
-	rd	%y,%g1
-	inc	16,%o0
-	addx	%g1,0,%o5
-	st	%g3,[%o0-4]
-	andcc	%o2,-4,%g0
-	nop
-	bnz,a	.L_bn_mul_words_loop
-	ld	[%o1],%g2
-
-	tst	%o2
-	bnz,a	.L_bn_mul_words_tail
-	ld	[%o1],%g2
-.L_bn_mul_words_return:
-	retl
-	mov	%o5,%o0
-	nop
-
-.L_bn_mul_words_tail:
-	umul	%o3,%g2,%g2
-	addcc	%g2,%o5,%g2
-	rd	%y,%g1
-	addx	%g1,0,%o5
-	deccc	%o2
-	bz	.L_bn_mul_words_return
-	st	%g2,[%o0]
-	nop
-
-	ld	[%o1+4],%g2
-	umul	%o3,%g2,%g2
-	addcc	%g2,%o5,%g2
-	rd	%y,%g1
-	addx	%g1,0,%o5
-	deccc	%o2
-	bz	.L_bn_mul_words_return
-	st	%g2,[%o0+4]
-
-	ld	[%o1+8],%g2
-	umul	%o3,%g2,%g2
-	addcc	%g2,%o5,%g2
-	rd	%y,%g1
-	st	%g2,[%o0+8]
-	retl
-	addx	%g1,0,%o0
-
-.type	bn_mul_words,#function
-.size	bn_mul_words,(.-bn_mul_words)
-
-.align  32
-.global	bn_sqr_words
-/*
- * void bn_sqr_words(r,a,n)
- * BN_ULONG *r,*a;
- * int n;
- */
-bn_sqr_words:
-	cmp	%o2,0
-	bg,a	.L_bn_sqr_words_proceeed
-	ld	[%o1],%g2
-	retl
-	clr	%o0
-
-.L_bn_sqr_words_proceeed:
-	andcc	%o2,-4,%g0
-	bz	.L_bn_sqr_words_tail
-	clr	%o5
-
-.L_bn_sqr_words_loop:
-	ld	[%o1+4],%g3
-	umul	%g2,%g2,%o4
-	st	%o4,[%o0]
-	rd	%y,%o5
-	st	%o5,[%o0+4]
-
-	ld	[%o1+8],%g2
-	umul	%g3,%g3,%o4
-	dec	4,%o2
-	st	%o4,[%o0+8]
-	rd	%y,%o5
-	st	%o5,[%o0+12]
-	nop
-
-	ld	[%o1+12],%g3
-	umul	%g2,%g2,%o4
-	st	%o4,[%o0+16]
-	rd	%y,%o5
-	inc	16,%o1
-	st	%o5,[%o0+20]
-
-	umul	%g3,%g3,%o4
-	inc	32,%o0
-	st	%o4,[%o0-8]
-	rd	%y,%o5
-	st	%o5,[%o0-4]
-	andcc	%o2,-4,%g2
-	bnz,a	.L_bn_sqr_words_loop
-	ld	[%o1],%g2
-
-	tst	%o2
-	nop
-	bnz,a	.L_bn_sqr_words_tail
-	ld	[%o1],%g2
-.L_bn_sqr_words_return:
-	retl
-	clr	%o0
-
-.L_bn_sqr_words_tail:
-	umul	%g2,%g2,%o4
-	st	%o4,[%o0]
-	deccc	%o2
-	rd	%y,%o5
-	bz	.L_bn_sqr_words_return
-	st	%o5,[%o0+4]
-
-	ld	[%o1+4],%g2
-	umul	%g2,%g2,%o4
-	st	%o4,[%o0+8]
-	deccc	%o2
-	rd	%y,%o5
-	nop
-	bz	.L_bn_sqr_words_return
-	st	%o5,[%o0+12]
-
-	ld	[%o1+8],%g2
-	umul	%g2,%g2,%o4
-	st	%o4,[%o0+16]
-	rd	%y,%o5
-	st	%o5,[%o0+20]
-	retl
-	clr	%o0
-
-.type	bn_sqr_words,#function
-.size	bn_sqr_words,(.-bn_sqr_words)
-
-.align	32
-
-.global bn_div_words
-/*
- * BN_ULONG bn_div_words(h,l,d)
- * BN_ULONG h,l,d;
- */
-bn_div_words:
-	wr	%o0,%y
-	udiv	%o1,%o2,%o0
-	retl
-	nop
-
-.type	bn_div_words,#function
-.size	bn_div_words,(.-bn_div_words)
-
-.align	32
-
-.global bn_add_words
-/*
- * BN_ULONG bn_add_words(rp,ap,bp,n)
- * BN_ULONG *rp,*ap,*bp;
- * int n;
- */
-bn_add_words:
-	cmp	%o3,0
-	bg,a	.L_bn_add_words_proceed
-	ld	[%o1],%o4
-	retl
-	clr	%o0
-
-.L_bn_add_words_proceed:
-	andcc	%o3,-4,%g0
-	bz	.L_bn_add_words_tail
-	clr	%g1
-	ba	.L_bn_add_words_warn_loop
-	addcc	%g0,0,%g0	! clear carry flag
-
-.L_bn_add_words_loop:
-	ld	[%o1],%o4
-.L_bn_add_words_warn_loop:
-	ld	[%o2],%o5
-	ld	[%o1+4],%g3
-	ld	[%o2+4],%g4
-	dec	4,%o3
-	addxcc	%o5,%o4,%o5
-	st	%o5,[%o0]
-
-	ld	[%o1+8],%o4
-	ld	[%o2+8],%o5
-	inc	16,%o1
-	addxcc	%g3,%g4,%g3
-	st	%g3,[%o0+4]
-	
-	ld	[%o1-4],%g3
-	ld	[%o2+12],%g4
-	inc	16,%o2
-	addxcc	%o5,%o4,%o5
-	st	%o5,[%o0+8]
-
-	inc	16,%o0
-	addxcc	%g3,%g4,%g3
-	st	%g3,[%o0-4]
-	addx	%g0,0,%g1
-	andcc	%o3,-4,%g0
-	bnz,a	.L_bn_add_words_loop
-	addcc	%g1,-1,%g0
-
-	tst	%o3
-	bnz,a	.L_bn_add_words_tail
-	ld	[%o1],%o4
-.L_bn_add_words_return:
-	retl
-	mov	%g1,%o0
-
-.L_bn_add_words_tail:
-	addcc	%g1,-1,%g0
-	ld	[%o2],%o5
-	addxcc	%o5,%o4,%o5
-	addx	%g0,0,%g1
-	deccc	%o3
-	bz	.L_bn_add_words_return
-	st	%o5,[%o0]
-
-	ld	[%o1+4],%o4
-	addcc	%g1,-1,%g0
-	ld	[%o2+4],%o5
-	addxcc	%o5,%o4,%o5
-	addx	%g0,0,%g1
-	deccc	%o3
-	bz	.L_bn_add_words_return
-	st	%o5,[%o0+4]
-
-	ld	[%o1+8],%o4
-	addcc	%g1,-1,%g0
-	ld	[%o2+8],%o5
-	addxcc	%o5,%o4,%o5
-	st	%o5,[%o0+8]
-	retl
-	addx	%g0,0,%o0
-
-.type	bn_add_words,#function
-.size	bn_add_words,(.-bn_add_words)
-
-.align	32
-
-.global bn_sub_words
-/*
- * BN_ULONG bn_sub_words(rp,ap,bp,n)
- * BN_ULONG *rp,*ap,*bp;
- * int n;
- */
-bn_sub_words:
-	cmp	%o3,0
-	bg,a	.L_bn_sub_words_proceed
-	ld	[%o1],%o4
-	retl
-	clr	%o0
-
-.L_bn_sub_words_proceed:
-	andcc	%o3,-4,%g0
-	bz	.L_bn_sub_words_tail
-	clr	%g1
-	ba	.L_bn_sub_words_warm_loop
-	addcc	%g0,0,%g0	! clear carry flag
-
-.L_bn_sub_words_loop:
-	ld	[%o1],%o4
-.L_bn_sub_words_warm_loop:
-	ld	[%o2],%o5
-	ld	[%o1+4],%g3
-	ld	[%o2+4],%g4
-	dec	4,%o3
-	subxcc	%o4,%o5,%o5
-	st	%o5,[%o0]
-
-	ld	[%o1+8],%o4
-	ld	[%o2+8],%o5
-	inc	16,%o1
-	subxcc	%g3,%g4,%g4
-	st	%g4,[%o0+4]
-	
-	ld	[%o1-4],%g3
-	ld	[%o2+12],%g4
-	inc	16,%o2
-	subxcc	%o4,%o5,%o5
-	st	%o5,[%o0+8]
-
-	inc	16,%o0
-	subxcc	%g3,%g4,%g4
-	st	%g4,[%o0-4]
-	addx	%g0,0,%g1
-	andcc	%o3,-4,%g0
-	bnz,a	.L_bn_sub_words_loop
-	addcc	%g1,-1,%g0
-
-	tst	%o3
-	nop
-	bnz,a	.L_bn_sub_words_tail
-	ld	[%o1],%o4
-.L_bn_sub_words_return:
-	retl
-	mov	%g1,%o0
-
-.L_bn_sub_words_tail:
-	addcc	%g1,-1,%g0
-	ld	[%o2],%o5
-	subxcc	%o4,%o5,%o5
-	addx	%g0,0,%g1
-	deccc	%o3
-	bz	.L_bn_sub_words_return
-	st	%o5,[%o0]
-	nop
-
-	ld	[%o1+4],%o4
-	addcc	%g1,-1,%g0
-	ld	[%o2+4],%o5
-	subxcc	%o4,%o5,%o5
-	addx	%g0,0,%g1
-	deccc	%o3
-	bz	.L_bn_sub_words_return
-	st	%o5,[%o0+4]
-
-	ld	[%o1+8],%o4
-	addcc	%g1,-1,%g0
-	ld	[%o2+8],%o5
-	subxcc	%o4,%o5,%o5
-	st	%o5,[%o0+8]
-	retl
-	addx	%g0,0,%o0
-
-.type	bn_sub_words,#function
-.size	bn_sub_words,(.-bn_sub_words)
-
-#define FRAME_SIZE	-96
-
-/*
- * Here is register usage map for *all* routines below.
- */
-#define t_1	%o0
-#define	t_2	%o1
-#define c_1	%o2
-#define c_2	%o3
-#define c_3	%o4
-
-#define ap(I)	[%i1+4*I]
-#define bp(I)	[%i2+4*I]
-#define rp(I)	[%i0+4*I]
-
-#define	a_0	%l0
-#define	a_1	%l1
-#define	a_2	%l2
-#define	a_3	%l3
-#define	a_4	%l4
-#define	a_5	%l5
-#define	a_6	%l6
-#define	a_7	%l7
-
-#define	b_0	%i3
-#define	b_1	%i4
-#define	b_2	%i5
-#define	b_3	%o5
-#define	b_4	%g1
-#define	b_5	%g2
-#define	b_6	%g3
-#define	b_7	%g4
-
-.align	32
-.global bn_mul_comba8
-/*
- * void bn_mul_comba8(r,a,b)
- * BN_ULONG *r,*a,*b;
- */
-bn_mul_comba8:
-	save	%sp,FRAME_SIZE,%sp
-	ld	ap(0),a_0
-	ld	bp(0),b_0
-	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);
-	ld	bp(1),b_1
-	rd	%y,c_2
-	st	c_1,rp(0)	!r[0]=c1;
-
-	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);
-	ld	ap(1),a_1
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	%g0,t_2,c_3	!=
-	addx	%g0,%g0,c_1
-	ld	ap(2),a_2
-	umul	a_1,b_0,t_1	!mul_add_c(a[1],b[0],c2,c3,c1);
-	addcc	c_2,t_1,c_2	!=
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	st	c_2,rp(1)	!r[1]=c2;
-	addx	c_1,%g0,c_1	!=
-
-	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1	!=
-	addx	%g0,%g0,c_2
-	ld	bp(2),b_2
-	umul	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
-	addcc	c_3,t_1,c_3	!=
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	ld	bp(3),b_3
-	addx	c_2,%g0,c_2	!=
-	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1	!=
-	addx	c_2,%g0,c_2
-	st	c_3,rp(2)	!r[2]=c3;
-
-	umul	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
-	addcc	c_1,t_1,c_1	!=
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	%g0,%g0,c_3
-	umul	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	ld	ap(3),a_3
-	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2		!=
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3
-	ld	ap(4),a_4
-	umul	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	st	c_1,rp(3)	!r[3]=c1;
-
-	umul	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	%g0,%g0,c_1
-	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
-	addcc	c_2,t_1,c_2	!=
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	umul	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1	!=
-	ld	bp(4),b_4
-	umul	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	ld	bp(5),b_5
-	umul	a_0,b_4,t_1	!=!mul_add_c(a[0],b[4],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1	!=
-	st	c_2,rp(4)	!r[4]=c2;
-
-	umul	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2		!=
-	addxcc	c_1,t_2,c_1
-	addx	%g0,%g0,c_2
-	umul	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);
-	addcc	c_3,t_1,c_3	!=
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	umul	a_2,b_3,t_1	!=!mul_add_c(a[2],b[3],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2	!=
-	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1	!=
-	addx	c_2,%g0,c_2
-	ld	ap(5),a_5
-	umul	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);
-	addcc	c_3,t_1,c_3	!=
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	ld	ap(6),a_6
-	addx	c_2,%g0,c_2	!=
-	umul	a_5,b_0,t_1	!mul_add_c(a[5],b[0],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1	!=
-	addx	c_2,%g0,c_2
-	st	c_3,rp(5)	!r[5]=c3;
-
-	umul	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);
-	addcc	c_1,t_1,c_1	!=
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	%g0,%g0,c_3
-	umul	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	umul	a_4,b_2,t_1	!mul_add_c(a[4],b[2],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	c_3,%g0,c_3
-	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2		!=
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3
-	umul	a_2,b_4,t_1	!mul_add_c(a[2],b[4],c1,c2,c3);
-	addcc	c_1,t_1,c_1	!=
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	ld	bp(6),b_6
-	addx	c_3,%g0,c_3	!=
-	umul	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	c_3,%g0,c_3
-	ld	bp(7),b_7
-	umul	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);
-	addcc	c_1,t_1,c_1	!=
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	st	c_1,rp(6)	!r[6]=c1;
-	addx	c_3,%g0,c_3	!=
-
-	umul	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	%g0,%g0,c_1
-	umul	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	umul	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);
-	addcc	c_2,t_1,c_2	!=
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	umul	a_3,b_4,t_1	!=!mul_add_c(a[3],b[4],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1	!=
-	umul	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	c_1,%g0,c_1
-	umul	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	ld	ap(7),a_7
-	umul	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1	!=
-	umul	a_7,b_0,t_1	!mul_add_c(a[7],b[0],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	c_1,%g0,c_1
-	st	c_2,rp(7)	!r[7]=c2;
-
-	umul	a_7,b_1,t_1	!mul_add_c(a[7],b[1],c3,c1,c2);
-	addcc	c_3,t_1,c_3	!=
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	%g0,%g0,c_2
-	umul	a_6,b_2,t_1	!=!mul_add_c(a[6],b[2],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2	!=
-	umul	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1	!=
-	addx	c_2,%g0,c_2
-	umul	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2		!=
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	umul	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);
-	addcc	c_3,t_1,c_3	!=
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	umul	a_2,b_6,t_1	!=!mul_add_c(a[2],b[6],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2	!=
-	umul	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1	!
-	addx	c_2,%g0,c_2
-	st	c_3,rp(8)	!r[8]=c3;
-
-	umul	a_2,b_7,t_1	!mul_add_c(a[2],b[7],c1,c2,c3);
-	addcc	c_1,t_1,c_1	!=
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	%g0,%g0,c_3
-	umul	a_3,b_6,t_1	!=!mul_add_c(a[3],b[6],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	umul	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	c_3,%g0,c_3
-	umul	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2		!=
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3
-	umul	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);
-	addcc	c_1,t_1,c_1	!=
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3
-	umul	a_7,b_2,t_1	!=!mul_add_c(a[7],b[2],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	st	c_1,rp(9)	!r[9]=c1;
-
-	umul	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	%g0,%g0,c_1
-	umul	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);
-	addcc	c_2,t_1,c_2	!=
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	umul	a_5,b_5,t_1	!=!mul_add_c(a[5],b[5],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1	!=
-	umul	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	c_1,%g0,c_1
-	umul	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	st	c_2,rp(10)	!r[10]=c2;
-
-	umul	a_4,b_7,t_1	!=!mul_add_c(a[4],b[7],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	%g0,%g0,c_2	!=
-	umul	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1	!=
-	addx	c_2,%g0,c_2
-	umul	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2		!=
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	umul	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);
-	addcc	c_3,t_1,c_3	!=
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	st	c_3,rp(11)	!r[11]=c3;
-	addx	c_2,%g0,c_2	!=
-
-	umul	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	%g0,%g0,c_3
-	umul	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2		!=
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3
-	umul	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);
-	addcc	c_1,t_1,c_1	!=
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	st	c_1,rp(12)	!r[12]=c1;
-	addx	c_3,%g0,c_3	!=
-
-	umul	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	%g0,%g0,c_1
-	umul	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	st	c_2,rp(13)	!r[13]=c2;
-
-	umul	a_7,b_7,t_1	!=!mul_add_c(a[7],b[7],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	nop			!=
-	st	c_3,rp(14)	!r[14]=c3;
-	st	c_1,rp(15)	!r[15]=c1;
-
-	ret
-	restore	%g0,%g0,%o0
-
-.type	bn_mul_comba8,#function
-.size	bn_mul_comba8,(.-bn_mul_comba8)
-
-.align	32
-
-.global bn_mul_comba4
-/*
- * void bn_mul_comba4(r,a,b)
- * BN_ULONG *r,*a,*b;
- */
-bn_mul_comba4:
-	save	%sp,FRAME_SIZE,%sp
-	ld	ap(0),a_0
-	ld	bp(0),b_0
-	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);
-	ld	bp(1),b_1
-	rd	%y,c_2
-	st	c_1,rp(0)	!r[0]=c1;
-
-	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);
-	ld	ap(1),a_1
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	%g0,t_2,c_3
-	addx	%g0,%g0,c_1
-	ld	ap(2),a_2
-	umul	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1	!=
-	st	c_2,rp(1)	!r[1]=c2;
-
-	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2		!=
-	addxcc	c_1,t_2,c_1
-	addx	%g0,%g0,c_2
-	ld	bp(2),b_2
-	umul	a_1,b_1,t_1	!=!mul_add_c(a[1],b[1],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2	!=
-	ld	bp(3),b_3
-	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2		!=
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	st	c_3,rp(2)	!r[2]=c3;
-
-	umul	a_0,b_3,t_1	!=!mul_add_c(a[0],b[3],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	%g0,%g0,c_3	!=
-	umul	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	c_3,%g0,c_3
-	ld	ap(3),a_3
-	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
-	addcc	c_1,t_1,c_1	!=
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3
-	umul	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	st	c_1,rp(3)	!r[3]=c1;
-
-	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	%g0,%g0,c_1
-	umul	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);
-	addcc	c_2,t_1,c_2	!=
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	umul	a_1,b_3,t_1	!=!mul_add_c(a[1],b[3],c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1	!=
-	st	c_2,rp(4)	!r[4]=c2;
-
-	umul	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2		!=
-	addxcc	c_1,t_2,c_1
-	addx	%g0,%g0,c_2
-	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
-	addcc	c_3,t_1,c_3	!=
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	st	c_3,rp(5)	!r[5]=c3;
-	addx	c_2,%g0,c_2	!=
-
-	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	st	c_1,rp(6)	!r[6]=c1;
-	st	c_2,rp(7)	!r[7]=c2;
-	
-	ret
-	restore	%g0,%g0,%o0
-
-.type	bn_mul_comba4,#function
-.size	bn_mul_comba4,(.-bn_mul_comba4)
-
-.align	32
-
-.global bn_sqr_comba8
-bn_sqr_comba8:
-	save	%sp,FRAME_SIZE,%sp
-	ld	ap(0),a_0
-	ld	ap(1),a_1
-	umul	a_0,a_0,c_1	!=!sqr_add_c(a,0,c1,c2,c3);
-	rd	%y,c_2
-	st	c_1,rp(0)	!r[0]=c1;
-
-	ld	ap(2),a_2
-	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	%g0,t_2,c_3
-	addx	%g0,%g0,c_1	!=
-	addcc	c_2,t_1,c_2
-	addxcc	c_3,t_2,c_3
-	st	c_2,rp(1)	!r[1]=c2;
-	addx	c_1,%g0,c_1	!=
-
-	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1	!=
-	addx	%g0,%g0,c_2
-	addcc	c_3,t_1,c_3
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2	!=
-	ld	ap(3),a_3
-	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2		!=
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	st	c_3,rp(2)	!r[2]=c3;
-
-	umul	a_0,a_3,t_1	!=!sqr_add_c2(a,3,0,c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	%g0,%g0,c_3	!=
-	addcc	c_1,t_1,c_1
-	addxcc	c_2,t_2,c_2
-	ld	ap(4),a_4
-	addx	c_3,%g0,c_3	!=
-	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	c_3,%g0,c_3
-	addcc	c_1,t_1,c_1
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	st	c_1,rp(3)	!r[3]=c1;
-
-	umul	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	%g0,%g0,c_1
-	addcc	c_2,t_1,c_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	c_1,%g0,c_1
-	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	addcc	c_2,t_1,c_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	c_1,%g0,c_1
-	ld	ap(5),a_5
-	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
-	addcc	c_2,t_1,c_2	!=
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	st	c_2,rp(4)	!r[4]=c2;
-	addx	c_1,%g0,c_1	!=
-
-	umul	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1	!=
-	addx	%g0,%g0,c_2
-	addcc	c_3,t_1,c_3
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2	!=
-	umul	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1	!=
-	addx	c_2,%g0,c_2
-	addcc	c_3,t_1,c_3
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2	!=
-	ld	ap(6),a_6
-	umul	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2		!=
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	addcc	c_3,t_1,c_3
-	addxcc	c_1,t_2,c_1	!=
-	addx	c_2,%g0,c_2
-	st	c_3,rp(5)	!r[5]=c3;
-
-	umul	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);
-	addcc	c_1,t_1,c_1	!=
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	%g0,%g0,c_3
-	addcc	c_1,t_1,c_1	!=
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3
-	umul	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);
-	addcc	c_1,t_1,c_1	!=
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3
-	addcc	c_1,t_1,c_1	!=
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3
-	umul	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);
-	addcc	c_1,t_1,c_1	!=
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3
-	addcc	c_1,t_1,c_1	!=
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3
-	ld	ap(7),a_7
-	umul	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	st	c_1,rp(6)	!r[6]=c1;
-
-	umul	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	%g0,%g0,c_1
-	addcc	c_2,t_1,c_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	c_1,%g0,c_1
-	umul	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	addcc	c_2,t_1,c_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	c_1,%g0,c_1
-	umul	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	addcc	c_2,t_1,c_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	c_1,%g0,c_1
-	umul	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	addcc	c_2,t_1,c_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	c_1,%g0,c_1
-	st	c_2,rp(7)	!r[7]=c2;
-
-	umul	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);
-	addcc	c_3,t_1,c_3	!=
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	%g0,%g0,c_2
-	addcc	c_3,t_1,c_3	!=
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	umul	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);
-	addcc	c_3,t_1,c_3	!=
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	addcc	c_3,t_1,c_3	!=
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	umul	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);
-	addcc	c_3,t_1,c_3	!=
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	addcc	c_3,t_1,c_3	!=
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	umul	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);
-	addcc	c_3,t_1,c_3	!=
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	st	c_3,rp(8)	!r[8]=c3;
-	addx	c_2,%g0,c_2	!=
-
-	umul	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	%g0,%g0,c_3
-	addcc	c_1,t_1,c_1
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	umul	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	c_3,%g0,c_3
-	addcc	c_1,t_1,c_1
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	umul	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	c_3,%g0,c_3
-	addcc	c_1,t_1,c_1
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	st	c_1,rp(9)	!r[9]=c1;
-
-	umul	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	%g0,%g0,c_1
-	addcc	c_2,t_1,c_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	c_1,%g0,c_1
-	umul	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	addcc	c_2,t_1,c_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	c_1,%g0,c_1
-	umul	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	st	c_2,rp(10)	!r[10]=c2;
-
-	umul	a_4,a_7,t_1	!=!sqr_add_c2(a,7,4,c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	%g0,%g0,c_2	!=
-	addcc	c_3,t_1,c_3
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2
-	umul	a_5,a_6,t_1	!=!sqr_add_c2(a,6,5,c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	c_2,%g0,c_2	!=
-	addcc	c_3,t_1,c_3
-	addxcc	c_1,t_2,c_1
-	st	c_3,rp(11)	!r[11]=c3;
-	addx	c_2,%g0,c_2	!=
-
-	umul	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	%g0,%g0,c_3
-	addcc	c_1,t_1,c_1
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	umul	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	c_3,%g0,c_3
-	st	c_1,rp(12)	!r[12]=c1;
-
-	umul	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);
-	addcc	c_2,t_1,c_2	!=
-	rd	%y,t_2
-	addxcc	c_3,t_2,c_3
-	addx	%g0,%g0,c_1
-	addcc	c_2,t_1,c_2	!=
-	addxcc	c_3,t_2,c_3
-	st	c_2,rp(13)	!r[13]=c2;
-	addx	c_1,%g0,c_1	!=
-
-	umul	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1	!=
-	st	c_3,rp(14)	!r[14]=c3;
-	st	c_1,rp(15)	!r[15]=c1;
-
-	ret
-	restore	%g0,%g0,%o0
-
-.type	bn_sqr_comba8,#function
-.size	bn_sqr_comba8,(.-bn_sqr_comba8)
-
-.align	32
-
-.global bn_sqr_comba4
-/*
- * void bn_sqr_comba4(r,a)
- * BN_ULONG *r,*a;
- */
-bn_sqr_comba4:
-	save	%sp,FRAME_SIZE,%sp
-	ld	ap(0),a_0
-	umul	a_0,a_0,c_1	!sqr_add_c(a,0,c1,c2,c3);
-	ld	ap(1),a_1	!=
-	rd	%y,c_2
-	st	c_1,rp(0)	!r[0]=c1;
-
-	ld	ap(2),a_2
-	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2
-	addxcc	%g0,t_2,c_3
-	addx	%g0,%g0,c_1	!=
-	addcc	c_2,t_1,c_2
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1	!=
-	st	c_2,rp(1)	!r[1]=c2;
-
-	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2		!=
-	addxcc	c_1,t_2,c_1
-	addx	%g0,%g0,c_2
-	addcc	c_3,t_1,c_3
-	addxcc	c_1,t_2,c_1	!=
-	addx	c_2,%g0,c_2
-	ld	ap(3),a_3
-	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
-	addcc	c_3,t_1,c_3	!=
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	st	c_3,rp(2)	!r[2]=c3;
-	addx	c_2,%g0,c_2	!=
-
-	umul	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	%g0,%g0,c_3
-	addcc	c_1,t_1,c_1
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	addx	c_3,%g0,c_3
-	addcc	c_1,t_1,c_1
-	addxcc	c_2,t_2,c_2
-	addx	c_3,%g0,c_3	!=
-	st	c_1,rp(3)	!r[3]=c1;
-
-	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	%g0,%g0,c_1
-	addcc	c_2,t_1,c_2
-	addxcc	c_3,t_2,c_3	!=
-	addx	c_1,%g0,c_1
-	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
-	addcc	c_2,t_1,c_2
-	rd	%y,t_2		!=
-	addxcc	c_3,t_2,c_3
-	addx	c_1,%g0,c_1
-	st	c_2,rp(4)	!r[4]=c2;
-
-	umul	a_2,a_3,t_1	!=!sqr_add_c2(a,3,2,c3,c1,c2);
-	addcc	c_3,t_1,c_3
-	rd	%y,t_2
-	addxcc	c_1,t_2,c_1
-	addx	%g0,%g0,c_2	!=
-	addcc	c_3,t_1,c_3
-	addxcc	c_1,t_2,c_1
-	st	c_3,rp(5)	!r[5]=c3;
-	addx	c_2,%g0,c_2	!=
-
-	umul	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);
-	addcc	c_1,t_1,c_1
-	rd	%y,t_2
-	addxcc	c_2,t_2,c_2	!=
-	st	c_1,rp(6)	!r[6]=c1;
-	st	c_2,rp(7)	!r[7]=c2;
-	
-	ret
-	restore	%g0,%g0,%o0
-
-.type	bn_sqr_comba4,#function
-.size	bn_sqr_comba4,(.-bn_sqr_comba4)
-
-.align	32
diff --git a/crypto/bn/asm/sparcv8plus.S b/crypto/bn/asm/sparcv8plus.S
deleted file mode 100644
index 63de1860f2..0000000000
--- a/crypto/bn/asm/sparcv8plus.S
+++ /dev/null
@@ -1,1558 +0,0 @@
-.ident	"sparcv8plus.s, Version 1.4"
-.ident	"SPARC v9 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-
-/*
- * ====================================================================
- * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- * ====================================================================
- */
-
-/*
- * This is my modest contributon to OpenSSL project (see
- * http://www.openssl.org/ for more information about it) and is
- * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c
- * module. For updates see http://fy.chalmers.se/~appro/hpe/.
- *
- * Questions-n-answers.
- *
- * Q. How to compile?
- * A. With SC4.x/SC5.x:
- *
- *	cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
- *
- *    and with gcc:
- *
- *	gcc -mcpu=ultrasparc -c bn_asm.sparc.v8plus.S -o bn_asm.o
- *
- *    or if above fails (it does if you have gas installed):
- *
- *	gcc -E bn_asm.sparc.v8plus.S | as -xarch=v8plus /dev/fd/0 -o bn_asm.o
- *
- *    Quick-n-dirty way to fuse the module into the library.
- *    Provided that the library is already configured and built
- *    (in 0.9.2 case with no-asm option):
- *
- *	# cd crypto/bn
- *	# cp /some/place/bn_asm.sparc.v8plus.S .
- *	# cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
- *	# make
- *	# cd ../..
- *	# make; make test
- *
- *    Quick-n-dirty way to get rid of it:
- *
- *	# cd crypto/bn
- *	# touch bn_asm.c
- *	# make
- *	# cd ../..
- *	# make; make test
- *
- * Q. V8plus achitecture? What kind of beast is that?
- * A. Well, it's rather a programming model than an architecture...
- *    It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under
- *    special conditions, namely when kernel doesn't preserve upper
- *    32 bits of otherwise 64-bit registers during a context switch.
- *
- * Q. Why just UltraSPARC? What about SuperSPARC?
- * A. Original release did target UltraSPARC only. Now SuperSPARC
- *    version is provided along. Both version share bn_*comba[48]
- *    implementations (see comment later in code for explanation).
- *    But what's so special about this UltraSPARC implementation?
- *    Why didn't I let compiler do the job? Trouble is that most of
- *    available compilers (well, SC5.0 is the only exception) don't
- *    attempt to take advantage of UltraSPARC's 64-bitness under
- *    32-bit kernels even though it's perfectly possible (see next
- *    question).
- *
- * Q. 64-bit registers under 32-bit kernels? Didn't you just say it
- *    doesn't work?
- * A. You can't adress *all* registers as 64-bit wide:-( The catch is
- *    that you actually may rely upon %o0-%o5 and %g1-%g4 being fully
- *    preserved if you're in a leaf function, i.e. such never calling
- *    any other functions. All functions in this module are leaf and
- *    10 registers is a handful. And as a matter of fact none-"comba"
- *    routines don't require even that much and I could even afford to
- *    not allocate own stack frame for 'em:-)
- *
- * Q. What about 64-bit kernels?
- * A. What about 'em? Just kidding:-) Pure 64-bit version is currently
- *    under evaluation and development...
- *
- * Q. What about shared libraries?
- * A. What about 'em? Kidding again:-) Code does *not* contain any
- *    code position dependencies and it's safe to include it into
- *    shared library as is.
- *
- * Q. How much faster does it go?
- * A. Do you have a good benchmark? In either case below is what I
- *    experience with crypto/bn/expspeed.c test program:
- *
- *	v8plus module on U10/300MHz against bn_asm.c compiled with:
- *
- *	cc-5.0 -xarch=v8plus -xO5 -xdepend	+7-12%
- *	cc-4.2 -xarch=v8plus -xO5 -xdepend	+25-35%
- *	egcs-1.1.2 -mcpu=ultrasparc -O3		+35-45%
- *
- *	v8 module on SS10/60MHz against bn_asm.c compiled with:
- *
- *	cc-5.0 -xarch=v8 -xO5 -xdepend		+7-10%
- *	cc-4.2 -xarch=v8 -xO5 -xdepend		+10%
- *	egcs-1.1.2 -mv8 -O3			+35-45%
- *
- *    As you can see it's damn hard to beat the new Sun C compiler
- *    and it's in first place GNU C users who will appreciate this
- *    assembler implementation:-)	
- */
-
-/*
- * Revision history.
- *
- * 1.0	- initial release;
- * 1.1	- new loop unrolling model(*);
- *	- some more fine tuning;
- * 1.2	- made gas friendly;
- *	- updates to documentation concerning v9;
- *	- new performance comparison matrix;
- * 1.3	- fixed problem with /usr/ccs/lib/cpp;
- * 1.4	- native V9 bn_*_comba[48] implementation (15% more efficient)
- *	  resulting in slight overall performance kick;
- *	- some retunes;
- *	- support for GNU as added;
- *
- * (*)	Originally unrolled loop looked like this:
- *	    for (;;) {
- *		op(p+0); if (--n==0) break;
- *		op(p+1); if (--n==0) break;
- *		op(p+2); if (--n==0) break;
- *		op(p+3); if (--n==0) break;
- *		p+=4;
- *	    }
- *	I unroll according to following:
- *	    while (n&~3) {
- *		op(p+0); op(p+1); op(p+2); op(p+3);
- *		p+=4; n=-4;
- *	    }
- *	    if (n) {
- *		op(p+0); if (--n==0) return;
- *		op(p+2); if (--n==0) return;
- *		op(p+3); return;
- *	    }
- */
-
-#if defined(__SUNPRO_C) && defined(__sparcv9)
-  /* They've said -xarch=v9 at command line */
-  .register	%g2,#scratch
-  .register	%g3,#scratch
-# define	FRAME_SIZE	-192
-#elif defined(__GNUC__) && defined(__arch64__)
-  /* They've said -m64 at command line */
-  .register	%g2,#scratch
-  .register	%g3,#scratch
-# define	FRAME_SIZE	-192
-#else 
-# define	FRAME_SIZE	-96
-#endif 
-/*
- * GNU assembler can't stand stuw:-(
- */
-#define stuw st
-
-.section	".text",#alloc,#execinstr
-.file		"bn_asm.sparc.v8plus.S"
-
-.align	32
-
-.global bn_mul_add_words
-/*
- * BN_ULONG bn_mul_add_words(rp,ap,num,w)
- * BN_ULONG *rp,*ap;
- * int num;
- * BN_ULONG w;
- */
-bn_mul_add_words:
-	sra	%o2,%g0,%o2	! signx %o2
-	brgz,a	%o2,.L_bn_mul_add_words_proceed
-	lduw	[%o1],%g2
-	retl
-	clr	%o0
-	nop
-	nop
-	nop
-
-.L_bn_mul_add_words_proceed:
-	srl	%o3,%g0,%o3	! clruw	%o3
-	andcc	%o2,-4,%g0
-	bz,pn	%icc,.L_bn_mul_add_words_tail
-	clr	%o5
-
-.L_bn_mul_add_words_loop:	! wow! 32 aligned!
-	lduw	[%o0],%g1
-	lduw	[%o1+4],%g3
-	mulx	%o3,%g2,%g2
-	add	%g1,%o5,%o4
-	nop
-	add	%o4,%g2,%o4
-	stuw	%o4,[%o0]
-	srlx	%o4,32,%o5
-
-	lduw	[%o0+4],%g1
-	lduw	[%o1+8],%g2
-	mulx	%o3,%g3,%g3
-	add	%g1,%o5,%o4
-	dec	4,%o2
-	add	%o4,%g3,%o4
-	stuw	%o4,[%o0+4]
-	srlx	%o4,32,%o5
-
-	lduw	[%o0+8],%g1
-	lduw	[%o1+12],%g3
-	mulx	%o3,%g2,%g2
-	add	%g1,%o5,%o4
-	inc	16,%o1
-	add	%o4,%g2,%o4
-	stuw	%o4,[%o0+8]
-	srlx	%o4,32,%o5
-
-	lduw	[%o0+12],%g1
-	mulx	%o3,%g3,%g3
-	add	%g1,%o5,%o4
-	inc	16,%o0
-	add	%o4,%g3,%o4
-	andcc	%o2,-4,%g0
-	stuw	%o4,[%o0-4]
-	srlx	%o4,32,%o5
-	bnz,a,pt	%icc,.L_bn_mul_add_words_loop
-	lduw	[%o1],%g2
-
-	brnz,a,pn	%o2,.L_bn_mul_add_words_tail
-	lduw	[%o1],%g2
-.L_bn_mul_add_words_return:
-	retl
-	mov	%o5,%o0
-
-.L_bn_mul_add_words_tail:
-	lduw	[%o0],%g1
-	mulx	%o3,%g2,%g2
-	add	%g1,%o5,%o4
-	dec	%o2
-	add	%o4,%g2,%o4
-	srlx	%o4,32,%o5
-	brz,pt	%o2,.L_bn_mul_add_words_return
-	stuw	%o4,[%o0]
-
-	lduw	[%o1+4],%g2
-	lduw	[%o0+4],%g1
-	mulx	%o3,%g2,%g2
-	add	%g1,%o5,%o4
-	dec	%o2
-	add	%o4,%g2,%o4
-	srlx	%o4,32,%o5
-	brz,pt	%o2,.L_bn_mul_add_words_return
-	stuw	%o4,[%o0+4]
-
-	lduw	[%o1+8],%g2
-	lduw	[%o0+8],%g1
-	mulx	%o3,%g2,%g2
-	add	%g1,%o5,%o4
-	add	%o4,%g2,%o4
-	stuw	%o4,[%o0+8]
-	retl
-	srlx	%o4,32,%o0
-
-.type	bn_mul_add_words,#function
-.size	bn_mul_add_words,(.-bn_mul_add_words)
-
-.align	32
-
-.global bn_mul_words
-/*
- * BN_ULONG bn_mul_words(rp,ap,num,w)
- * BN_ULONG *rp,*ap;
- * int num;
- * BN_ULONG w;
- */
-bn_mul_words:
-	sra	%o2,%g0,%o2	! signx %o2
-	brgz,a	%o2,.L_bn_mul_words_proceeed
-	lduw	[%o1],%g2
-	retl
-	clr	%o0
-	nop
-	nop
-	nop
-
-.L_bn_mul_words_proceeed:
-	srl	%o3,%g0,%o3	! clruw	%o3
-	andcc	%o2,-4,%g0
-	bz,pn	%icc,.L_bn_mul_words_tail
-	clr	%o5
-
-.L_bn_mul_words_loop:		! wow! 32 aligned!
-	lduw	[%o1+4],%g3
-	mulx	%o3,%g2,%g2
-	add	%g2,%o5,%o4
-	nop
-	stuw	%o4,[%o0]
-	srlx	%o4,32,%o5
-
-	lduw	[%o1+8],%g2
-	mulx	%o3,%g3,%g3
-	add	%g3,%o5,%o4
-	dec	4,%o2
-	stuw	%o4,[%o0+4]
-	srlx	%o4,32,%o5
-
-	lduw	[%o1+12],%g3
-	mulx	%o3,%g2,%g2
-	add	%g2,%o5,%o4
-	inc	16,%o1
-	stuw	%o4,[%o0+8]
-	srlx	%o4,32,%o5
-
-	mulx	%o3,%g3,%g3
-	add	%g3,%o5,%o4
-	inc	16,%o0
-	stuw	%o4,[%o0-4]
-	srlx	%o4,32,%o5
-	andcc	%o2,-4,%g0
-	bnz,a,pt	%icc,.L_bn_mul_words_loop
-	lduw	[%o1],%g2
-	nop
-	nop
-
-	brnz,a,pn	%o2,.L_bn_mul_words_tail
-	lduw	[%o1],%g2
-.L_bn_mul_words_return:
-	retl
-	mov	%o5,%o0
-
-.L_bn_mul_words_tail:
-	mulx	%o3,%g2,%g2
-	add	%g2,%o5,%o4
-	dec	%o2
-	srlx	%o4,32,%o5
-	brz,pt	%o2,.L_bn_mul_words_return
-	stuw	%o4,[%o0]
-
-	lduw	[%o1+4],%g2
-	mulx	%o3,%g2,%g2
-	add	%g2,%o5,%o4
-	dec	%o2
-	srlx	%o4,32,%o5
-	brz,pt	%o2,.L_bn_mul_words_return
-	stuw	%o4,[%o0+4]
-
-	lduw	[%o1+8],%g2
-	mulx	%o3,%g2,%g2
-	add	%g2,%o5,%o4
-	stuw	%o4,[%o0+8]
-	retl
-	srlx	%o4,32,%o0
-
-.type	bn_mul_words,#function
-.size	bn_mul_words,(.-bn_mul_words)
-
-.align  32
-.global	bn_sqr_words
-/*
- * void bn_sqr_words(r,a,n)
- * BN_ULONG *r,*a;
- * int n;
- */
-bn_sqr_words:
-	sra	%o2,%g0,%o2	! signx %o2
-	brgz,a	%o2,.L_bn_sqr_words_proceeed
-	lduw	[%o1],%g2
-	retl
-	clr	%o0
-	nop
-	nop
-	nop
-
-.L_bn_sqr_words_proceeed:
-	andcc	%o2,-4,%g0
-	nop
-	bz,pn	%icc,.L_bn_sqr_words_tail
-	nop
-
-.L_bn_sqr_words_loop:		! wow! 32 aligned!
-	lduw	[%o1+4],%g3
-	mulx	%g2,%g2,%o4
-	stuw	%o4,[%o0]
-	srlx	%o4,32,%o5
-	stuw	%o5,[%o0+4]
-	nop
-
-	lduw	[%o1+8],%g2
-	mulx	%g3,%g3,%o4
-	dec	4,%o2
-	stuw	%o4,[%o0+8]
-	srlx	%o4,32,%o5
-	stuw	%o5,[%o0+12]
-
-	lduw	[%o1+12],%g3
-	mulx	%g2,%g2,%o4
-	srlx	%o4,32,%o5
-	stuw	%o4,[%o0+16]
-	inc	16,%o1
-	stuw	%o5,[%o0+20]
-
-	mulx	%g3,%g3,%o4
-	inc	32,%o0
-	stuw	%o4,[%o0-8]
-	srlx	%o4,32,%o5
-	andcc	%o2,-4,%g2
-	stuw	%o5,[%o0-4]
-	bnz,a,pt	%icc,.L_bn_sqr_words_loop
-	lduw	[%o1],%g2
-	nop
-
-	brnz,a,pn	%o2,.L_bn_sqr_words_tail
-	lduw	[%o1],%g2
-.L_bn_sqr_words_return:
-	retl
-	clr	%o0
-
-.L_bn_sqr_words_tail:
-	mulx	%g2,%g2,%o4
-	dec	%o2
-	stuw	%o4,[%o0]
-	srlx	%o4,32,%o5
-	brz,pt	%o2,.L_bn_sqr_words_return
-	stuw	%o5,[%o0+4]
-
-	lduw	[%o1+4],%g2
-	mulx	%g2,%g2,%o4
-	dec	%o2
-	stuw	%o4,[%o0+8]
-	srlx	%o4,32,%o5
-	brz,pt	%o2,.L_bn_sqr_words_return
-	stuw	%o5,[%o0+12]
-
-	lduw	[%o1+8],%g2
-	mulx	%g2,%g2,%o4
-	srlx	%o4,32,%o5
-	stuw	%o4,[%o0+16]
-	stuw	%o5,[%o0+20]
-	retl
-	clr	%o0
-
-.type	bn_sqr_words,#function
-.size	bn_sqr_words,(.-bn_sqr_words)
-
-.align	32
-.global bn_div_words
-/*
- * BN_ULONG bn_div_words(h,l,d)
- * BN_ULONG h,l,d;
- */
-bn_div_words:
-	sllx	%o0,32,%o0
-	or	%o0,%o1,%o0
-	udivx	%o0,%o2,%o0
-	retl
-	srl	%o0,%g0,%o0	! clruw	%o0
-
-.type	bn_div_words,#function
-.size	bn_div_words,(.-bn_div_words)
-
-.align	32
-
-.global bn_add_words
-/*
- * BN_ULONG bn_add_words(rp,ap,bp,n)
- * BN_ULONG *rp,*ap,*bp;
- * int n;
- */
-bn_add_words:
-	sra	%o3,%g0,%o3	! signx %o3
-	brgz,a	%o3,.L_bn_add_words_proceed
-	lduw	[%o1],%o4
-	retl
-	clr	%o0
-
-.L_bn_add_words_proceed:
-	andcc	%o3,-4,%g0
-	bz,pn	%icc,.L_bn_add_words_tail
-	addcc	%g0,0,%g0	! clear carry flag
-
-.L_bn_add_words_loop:		! wow! 32 aligned!
-	dec	4,%o3
-	lduw	[%o2],%o5
-	lduw	[%o1+4],%g1
-	lduw	[%o2+4],%g2
-	lduw	[%o1+8],%g3
-	lduw	[%o2+8],%g4
-	addccc	%o5,%o4,%o5
-	stuw	%o5,[%o0]
-
-	lduw	[%o1+12],%o4
-	lduw	[%o2+12],%o5
-	inc	16,%o1
-	addccc	%g1,%g2,%g1
-	stuw	%g1,[%o0+4]
-	
-	inc	16,%o2
-	addccc	%g3,%g4,%g3
-	stuw	%g3,[%o0+8]
-
-	inc	16,%o0
-	addccc	%o5,%o4,%o5
-	stuw	%o5,[%o0-4]
-	and	%o3,-4,%g1
-	brnz,a,pt	%g1,.L_bn_add_words_loop
-	lduw	[%o1],%o4
-
-	brnz,a,pn	%o3,.L_bn_add_words_tail
-	lduw	[%o1],%o4
-.L_bn_add_words_return:
-	clr	%o0
-	retl
-	movcs	%icc,1,%o0
-	nop
-
-.L_bn_add_words_tail:
-	lduw	[%o2],%o5
-	dec	%o3
-	addccc	%o5,%o4,%o5
-	brz,pt	%o3,.L_bn_add_words_return
-	stuw	%o5,[%o0]
-
-	lduw	[%o1+4],%o4
-	lduw	[%o2+4],%o5
-	dec	%o3
-	addccc	%o5,%o4,%o5
-	brz,pt	%o3,.L_bn_add_words_return
-	stuw	%o5,[%o0+4]
-
-	lduw	[%o1+8],%o4
-	lduw	[%o2+8],%o5
-	addccc	%o5,%o4,%o5
-	stuw	%o5,[%o0+8]
-	clr	%o0
-	retl
-	movcs	%icc,1,%o0
-
-.type	bn_add_words,#function
-.size	bn_add_words,(.-bn_add_words)
-
-.global bn_sub_words
-/*
- * BN_ULONG bn_sub_words(rp,ap,bp,n)
- * BN_ULONG *rp,*ap,*bp;
- * int n;
- */
-bn_sub_words:
-	sra	%o3,%g0,%o3	! signx %o3
-	brgz,a	%o3,.L_bn_sub_words_proceed
-	lduw	[%o1],%o4
-	retl
-	clr	%o0
-
-.L_bn_sub_words_proceed:
-	andcc	%o3,-4,%g0
-	bz,pn	%icc,.L_bn_sub_words_tail
-	addcc	%g0,0,%g0	! clear carry flag
-
-.L_bn_sub_words_loop:		! wow! 32 aligned!
-	dec	4,%o3
-	lduw	[%o2],%o5
-	lduw	[%o1+4],%g1
-	lduw	[%o2+4],%g2
-	lduw	[%o1+8],%g3
-	lduw	[%o2+8],%g4
-	subccc	%o4,%o5,%o5
-	stuw	%o5,[%o0]
-
-	lduw	[%o1+12],%o4
-	lduw	[%o2+12],%o5
-	inc	16,%o1
-	subccc	%g1,%g2,%g2
-	stuw	%g2,[%o0+4]
-
-	inc	16,%o2
-	subccc	%g3,%g4,%g4
-	stuw	%g4,[%o0+8]
-
-	inc	16,%o0
-	subccc	%o4,%o5,%o5
-	stuw	%o5,[%o0-4]
-	and	%o3,-4,%g1
-	brnz,a,pt	%g1,.L_bn_sub_words_loop
-	lduw	[%o1],%o4
-
-	brnz,a,pn	%o3,.L_bn_sub_words_tail
-	lduw	[%o1],%o4
-.L_bn_sub_words_return:
-	clr	%o0
-	retl
-	movcs	%icc,1,%o0
-	nop
-
-.L_bn_sub_words_tail:		! wow! 32 aligned!
-	lduw	[%o2],%o5
-	dec	%o3
-	subccc	%o4,%o5,%o5
-	brz,pt	%o3,.L_bn_sub_words_return
-	stuw	%o5,[%o0]
-
-	lduw	[%o1+4],%o4
-	lduw	[%o2+4],%o5
-	dec	%o3
-	subccc	%o4,%o5,%o5
-	brz,pt	%o3,.L_bn_sub_words_return
-	stuw	%o5,[%o0+4]
-
-	lduw	[%o1+8],%o4
-	lduw	[%o2+8],%o5
-	subccc	%o4,%o5,%o5
-	stuw	%o5,[%o0+8]
-	clr	%o0
-	retl
-	movcs	%icc,1,%o0
-
-.type	bn_sub_words,#function
-.size	bn_sub_words,(.-bn_sub_words)
-
-/*
- * Code below depends on the fact that upper parts of the %l0-%l7
- * and %i0-%i7 are zeroed by kernel after context switch. In
- * previous versions this comment stated that "the trouble is that
- * it's not feasible to implement the mumbo-jumbo in less V9
- * instructions:-(" which apparently isn't true thanks to
- * 'bcs,a %xcc,.+8; inc %rd' pair. But the performance improvement
- * results not from the shorter code, but from elimination of
- * multicycle none-pairable 'rd %y,%rd' instructions.
- *
- *							Andy.
- */
-
-/*
- * Here is register usage map for *all* routines below.
- */
-#define t_1	%o0
-#define	t_2	%o1
-#define c_12	%o2
-#define c_3	%o3
-
-#define ap(I)	[%i1+4*I]
-#define bp(I)	[%i2+4*I]
-#define rp(I)	[%i0+4*I]
-
-#define	a_0	%l0
-#define	a_1	%l1
-#define	a_2	%l2
-#define	a_3	%l3
-#define	a_4	%l4
-#define	a_5	%l5
-#define	a_6	%l6
-#define	a_7	%l7
-
-#define	b_0	%i3
-#define	b_1	%i4
-#define	b_2	%i5
-#define	b_3	%o4
-#define	b_4	%o5
-#define	b_5	%o7
-#define	b_6	%g1
-#define	b_7	%g4
-
-.align	32
-.global bn_mul_comba8
-/*
- * void bn_mul_comba8(r,a,b)
- * BN_ULONG *r,*a,*b;
- */
-bn_mul_comba8:
-	save	%sp,FRAME_SIZE,%sp
-	mov	1,t_2
-	lduw	ap(0),a_0
-	sllx	t_2,32,t_2
-	lduw	bp(0),b_0	!=
-	lduw	bp(1),b_1
-	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(0)	!=!r[0]=c1;
-
-	lduw	ap(1),a_1
-	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3		!=
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	ap(2),a_2
-	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12	!=
-	stuw	t_1,rp(1)	!r[1]=c2;
-	or	c_12,c_3,c_12
-
-	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
-	addcc	c_12,t_1,c_12	!=
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	bp(2),b_2	!=
-	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3	!=
-	lduw	bp(3),b_3
-	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(2)	!r[2]=c3;
-	or	c_12,c_3,c_12	!=
-
-	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	lduw	ap(3),a_3
-	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
-	addcc	c_12,t_1,c_12	!=
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	ap(4),a_4
-	mulx	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);!=
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12	!=
-	stuw	t_1,rp(3)	!r[3]=c1;
-	or	c_12,c_3,c_12
-
-	mulx	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);
-	addcc	c_12,t_1,c_12	!=
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_3,b_1,t_1	!=!mul_add_c(a[3],b[1],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	bp(4),b_4	!=
-	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3	!=
-	lduw	bp(5),b_5
-	mulx	a_0,b_4,t_1	!mul_add_c(a[0],b[4],c2,c3,c1);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(4)	!r[4]=c2;
-	or	c_12,c_3,c_12	!=
-
-	mulx	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	lduw	ap(5),a_5
-	mulx	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);
-	addcc	c_12,t_1,c_12	!=
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	ap(6),a_6
-	mulx	a_5,b_0,t_1	!=!mul_add_c(a[5],b[0],c3,c1,c2);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12	!=
-	stuw	t_1,rp(5)	!r[5]=c3;
-	or	c_12,c_3,c_12
-
-	mulx	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);
-	addcc	c_12,t_1,c_12	!=
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_4,b_2,t_1	!=!mul_add_c(a[4],b[2],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_3,b_3,t_1	!=!mul_add_c(a[3],b[3],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_2,b_4,t_1	!=!mul_add_c(a[2],b[4],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	bp(6),b_6	!=
-	mulx	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3	!=
-	lduw	bp(7),b_7
-	mulx	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(6)	!r[6]=c1;
-	or	c_12,c_3,c_12	!=
-
-	mulx	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_3,b_4,t_1	!mul_add_c(a[3],b[4],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	lduw	ap(7),a_7
-	mulx	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_7,b_0,t_1	!=!mul_add_c(a[7],b[0],c2,c3,c1);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12	!=
-	stuw	t_1,rp(7)	!r[7]=c2;
-	or	c_12,c_3,c_12
-
-	mulx	a_7,b_1,t_1	!=!mul_add_c(a[7],b[1],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3	!=
-	mulx	a_6,b_2,t_1	!mul_add_c(a[6],b[2],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3	!=
-	mulx	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3	!=
-	mulx	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3	!=
-	mulx	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3	!=
-	mulx	a_2,b_6,t_1	!mul_add_c(a[2],b[6],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3	!=
-	mulx	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3	!=
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(8)	!r[8]=c3;
-	or	c_12,c_3,c_12
-
-	mulx	a_2,b_7,t_1	!=!mul_add_c(a[2],b[7],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3	!=
-	mulx	a_3,b_6,t_1	!mul_add_c(a[3],b[6],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_7,b_2,t_1	!mul_add_c(a[7],b[2],c1,c2,c3);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(9)	!r[9]=c1;
-	or	c_12,c_3,c_12	!=
-
-	mulx	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_5,b_5,t_1	!mul_add_c(a[5],b[5],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(10)	!r[10]=c2;
-	or	c_12,c_3,c_12	!=
-
-	mulx	a_4,b_7,t_1	!mul_add_c(a[4],b[7],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(11)	!r[11]=c3;
-	or	c_12,c_3,c_12	!=
-
-	mulx	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(12)	!r[12]=c1;
-	or	c_12,c_3,c_12	!=
-
-	mulx	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	st	t_1,rp(13)	!r[13]=c2;
-	or	c_12,c_3,c_12	!=
-
-	mulx	a_7,b_7,t_1	!mul_add_c(a[7],b[7],c3,c1,c2);
-	addcc	c_12,t_1,t_1
-	srlx	t_1,32,c_12	!=
-	stuw	t_1,rp(14)	!r[14]=c3;
-	stuw	c_12,rp(15)	!r[15]=c1;
-
-	ret
-	restore	%g0,%g0,%o0	!=
-
-.type	bn_mul_comba8,#function
-.size	bn_mul_comba8,(.-bn_mul_comba8)
-
-.align	32
-
-.global bn_mul_comba4
-/*
- * void bn_mul_comba4(r,a,b)
- * BN_ULONG *r,*a,*b;
- */
-bn_mul_comba4:
-	save	%sp,FRAME_SIZE,%sp
-	lduw	ap(0),a_0
-	mov	1,t_2
-	lduw	bp(0),b_0
-	sllx	t_2,32,t_2	!=
-	lduw	bp(1),b_1
-	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(0)	!=!r[0]=c1;
-
-	lduw	ap(1),a_1
-	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3		!=
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	ap(2),a_2
-	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12	!=
-	stuw	t_1,rp(1)	!r[1]=c2;
-	or	c_12,c_3,c_12
-
-	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
-	addcc	c_12,t_1,c_12	!=
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	bp(2),b_2	!=
-	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3	!=
-	lduw	bp(3),b_3
-	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(2)	!r[2]=c3;
-	or	c_12,c_3,c_12	!=
-
-	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	mulx	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8	!=
-	add	c_3,t_2,c_3
-	lduw	ap(3),a_3
-	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
-	addcc	c_12,t_1,c_12	!=
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=
-	addcc	c_12,t_1,t_1	!=
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(3)	!=!r[3]=c1;
-	or	c_12,c_3,c_12
-
-	mulx	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3		!=
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);
-	addcc	c_12,t_1,c_12	!=
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
-	addcc	c_12,t_1,t_1	!=
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(4)	!=!r[4]=c2;
-	or	c_12,c_3,c_12
-
-	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	clr	c_3		!=
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
-	addcc	c_12,t_1,t_1	!=
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(5)	!=!r[5]=c3;
-	or	c_12,c_3,c_12
-
-	mulx	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
-	addcc	c_12,t_1,t_1
-	srlx	t_1,32,c_12	!=
-	stuw	t_1,rp(6)	!r[6]=c1;
-	stuw	c_12,rp(7)	!r[7]=c2;
-	
-	ret
-	restore	%g0,%g0,%o0
-
-.type	bn_mul_comba4,#function
-.size	bn_mul_comba4,(.-bn_mul_comba4)
-
-.align	32
-
-.global bn_sqr_comba8
-bn_sqr_comba8:
-	save	%sp,FRAME_SIZE,%sp
-	mov	1,t_2
-	lduw	ap(0),a_0
-	sllx	t_2,32,t_2
-	lduw	ap(1),a_1
-	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(0)	!r[0]=c1;
-
-	lduw	ap(2),a_2
-	mulx	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(1)	!r[1]=c2;
-	or	c_12,c_3,c_12
-
-	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	ap(3),a_3
-	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(2)	!r[2]=c3;
-	or	c_12,c_3,c_12
-
-	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	ap(4),a_4
-	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	st	t_1,rp(3)	!r[3]=c1;
-	or	c_12,c_3,c_12
-
-	mulx	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	ap(5),a_5
-	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(4)	!r[4]=c2;
-	or	c_12,c_3,c_12
-
-	mulx	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	ap(6),a_6
-	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(5)	!r[5]=c3;
-	or	c_12,c_3,c_12
-
-	mulx	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	ap(7),a_7
-	mulx	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(6)	!r[6]=c1;
-	or	c_12,c_3,c_12
-
-	mulx	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(7)	!r[7]=c2;
-	or	c_12,c_3,c_12
-
-	mulx	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(8)	!r[8]=c3;
-	or	c_12,c_3,c_12
-
-	mulx	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(9)	!r[9]=c1;
-	or	c_12,c_3,c_12
-
-	mulx	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(10)	!r[10]=c2;
-	or	c_12,c_3,c_12
-
-	mulx	a_4,a_7,t_1	!sqr_add_c2(a,7,4,c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_5,a_6,t_1	!sqr_add_c2(a,6,5,c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(11)	!r[11]=c3;
-	or	c_12,c_3,c_12
-
-	mulx	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(12)	!r[12]=c1;
-	or	c_12,c_3,c_12
-
-	mulx	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(13)	!r[13]=c2;
-	or	c_12,c_3,c_12
-
-	mulx	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);
-	addcc	c_12,t_1,t_1
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(14)	!r[14]=c3;
-	stuw	c_12,rp(15)	!r[15]=c1;
-
-	ret
-	restore	%g0,%g0,%o0
-
-.type	bn_sqr_comba8,#function
-.size	bn_sqr_comba8,(.-bn_sqr_comba8)
-
-.align	32
-
-.global bn_sqr_comba4
-/*
- * void bn_sqr_comba4(r,a)
- * BN_ULONG *r,*a;
- */
-bn_sqr_comba4:
-	save	%sp,FRAME_SIZE,%sp
-	mov	1,t_2
-	lduw	ap(0),a_0
-	sllx	t_2,32,t_2
-	lduw	ap(1),a_1
-	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(0)	!r[0]=c1;
-
-	lduw	ap(2),a_2
-	mulx	a_0,a_1,t_1	!sqr_add_c2(a,1,0,c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(1)	!r[1]=c2;
-	or	c_12,c_3,c_12
-
-	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	lduw	ap(3),a_3
-	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(2)	!r[2]=c3;
-	or	c_12,c_3,c_12
-
-	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(3)	!r[3]=c1;
-	or	c_12,c_3,c_12
-
-	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,c_12
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(4)	!r[4]=c2;
-	or	c_12,c_3,c_12
-
-	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
-	addcc	c_12,t_1,c_12
-	clr	c_3
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	addcc	c_12,t_1,t_1
-	bcs,a	%xcc,.+8
-	add	c_3,t_2,c_3
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(5)	!r[5]=c3;
-	or	c_12,c_3,c_12
-
-	mulx	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);
-	addcc	c_12,t_1,t_1
-	srlx	t_1,32,c_12
-	stuw	t_1,rp(6)	!r[6]=c1;
-	stuw	c_12,rp(7)	!r[7]=c2;
-	
-	ret
-	restore	%g0,%g0,%o0
-
-.type	bn_sqr_comba4,#function
-.size	bn_sqr_comba4,(.-bn_sqr_comba4)
-
-.align	32
diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl
deleted file mode 100644
index b8fb1e8a25..0000000000
--- a/crypto/bn/asm/sparcv9-mont.pl
+++ /dev/null
@@ -1,606 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# December 2005
-#
-# Pure SPARCv9/8+ and IALU-only bn_mul_mont implementation. The reasons
-# for undertaken effort are multiple. First of all, UltraSPARC is not
-# the whole SPARCv9 universe and other VIS-free implementations deserve
-# optimized code as much. Secondly, newly introduced UltraSPARC T1,
-# a.k.a. Niagara, has shared FPU and concurrent FPU-intensive pathes,
-# such as sparcv9a-mont, will simply sink it. Yes, T1 is equipped with
-# several integrated RSA/DSA accelerator circuits accessible through
-# kernel driver [only(*)], but having decent user-land software
-# implementation is important too. Finally, reasons like desire to
-# experiment with dedicated squaring procedure. Yes, this module
-# implements one, because it was easiest to draft it in SPARCv9
-# instructions...
-
-# (*)	Engine accessing the driver in question is on my TODO list.
-#	For reference, acceleator is estimated to give 6 to 10 times
-#	improvement on single-threaded RSA sign. It should be noted
-#	that 6-10x improvement coefficient does not actually mean
-#	something extraordinary in terms of absolute [single-threaded]
-#	performance, as SPARCv9 instruction set is by all means least
-#	suitable for high performance crypto among other 64 bit
-#	platforms. 6-10x factor simply places T1 in same performance
-#	domain as say AMD64 and IA-64. Improvement of RSA verify don't
-#	appear impressive at all, but it's the sign operation which is
-#	far more critical/interesting.
-
-# You might notice that inner loops are modulo-scheduled:-) This has
-# essentially negligible impact on UltraSPARC performance, it's
-# Fujitsu SPARC64 V users who should notice and hopefully appreciate
-# the advantage... Currently this module surpasses sparcv9a-mont.pl
-# by ~20% on UltraSPARC-III and later cores, but recall that sparcv9a
-# module still have hidden potential [see TODO list there], which is
-# estimated to be larger than 20%...
-
-# int bn_mul_mont(
-$rp="%i0";	# BN_ULONG *rp,
-$ap="%i1";	# const BN_ULONG *ap,
-$bp="%i2";	# const BN_ULONG *bp,
-$np="%i3";	# const BN_ULONG *np,
-$n0="%i4";	# const BN_ULONG *n0,
-$num="%i5";	# int num);
-
-$bits=32;
-for (@ARGV)	{ $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
-if ($bits==64)	{ $bias=2047; $frame=192; }
-else		{ $bias=0;    $frame=128; }
-
-$car0="%o0";
-$car1="%o1";
-$car2="%o2";	# 1 bit
-$acc0="%o3";
-$acc1="%o4";
-$mask="%g1";	# 32 bits, what a waste...
-$tmp0="%g4";
-$tmp1="%g5";
-
-$i="%l0";
-$j="%l1";
-$mul0="%l2";
-$mul1="%l3";
-$tp="%l4";
-$apj="%l5";
-$npj="%l6";
-$tpj="%l7";
-
-$fname="bn_mul_mont_int";
-
-$code=<<___;
-.section	".text",#alloc,#execinstr
-
-.global	$fname
-.align	32
-$fname:
-	cmp	%o5,4			! 128 bits minimum
-	bge,pt	%icc,.Lenter
-	sethi	%hi(0xffffffff),$mask
-	retl
-	clr	%o0
-.align	32
-.Lenter:
-	save	%sp,-$frame,%sp
-	sll	$num,2,$num		! num*=4
-	or	$mask,%lo(0xffffffff),$mask
-	ld	[$n0],$n0
-	cmp	$ap,$bp
-	and	$num,$mask,$num
-	ld	[$bp],$mul0		! bp[0]
-	nop
-
-	add	%sp,$bias,%o7		! real top of stack
-	ld	[$ap],$car0		! ap[0] ! redundant in squaring context
-	sub	%o7,$num,%o7
-	ld	[$ap+4],$apj		! ap[1]
-	and	%o7,-1024,%o7
-	ld	[$np],$car1		! np[0]
-	sub	%o7,$bias,%sp		! alloca
-	ld	[$np+4],$npj		! np[1]
-	be,pt	`$bits==32?"%icc":"%xcc"`,.Lbn_sqr_mont
-	mov	12,$j
-
-	mulx	$car0,$mul0,$car0	! ap[0]*bp[0]
-	mulx	$apj,$mul0,$tmp0	!prologue! ap[1]*bp[0]
-	and	$car0,$mask,$acc0
-	add	%sp,$bias+$frame,$tp
-	ld	[$ap+8],$apj		!prologue!
-
-	mulx	$n0,$acc0,$mul1		! "t[0]"*n0
-	and	$mul1,$mask,$mul1
-
-	mulx	$car1,$mul1,$car1	! np[0]*"t[0]"*n0
-	mulx	$npj,$mul1,$acc1	!prologue! np[1]*"t[0]"*n0
-	srlx	$car0,32,$car0
-	add	$acc0,$car1,$car1
-	ld	[$np+8],$npj		!prologue!
-	srlx	$car1,32,$car1
-	mov	$tmp0,$acc0		!prologue!
-
-.L1st:
-	mulx	$apj,$mul0,$tmp0
-	mulx	$npj,$mul1,$tmp1
-	add	$acc0,$car0,$car0
-	ld	[$ap+$j],$apj		! ap[j]
-	and	$car0,$mask,$acc0
-	add	$acc1,$car1,$car1
-	ld	[$np+$j],$npj		! np[j]
-	srlx	$car0,32,$car0
-	add	$acc0,$car1,$car1
-	add	$j,4,$j			! j++
-	mov	$tmp0,$acc0
-	st	$car1,[$tp]
-	cmp	$j,$num
-	mov	$tmp1,$acc1
-	srlx	$car1,32,$car1
-	bl	%icc,.L1st
-	add	$tp,4,$tp		! tp++
-!.L1st
-
-	mulx	$apj,$mul0,$tmp0	!epilogue!
-	mulx	$npj,$mul1,$tmp1
-	add	$acc0,$car0,$car0
-	and	$car0,$mask,$acc0
-	add	$acc1,$car1,$car1
-	srlx	$car0,32,$car0
-	add	$acc0,$car1,$car1
-	st	$car1,[$tp]
-	srlx	$car1,32,$car1
-
-	add	$tmp0,$car0,$car0
-	and	$car0,$mask,$acc0
-	add	$tmp1,$car1,$car1
-	srlx	$car0,32,$car0
-	add	$acc0,$car1,$car1
-	st	$car1,[$tp+4]
-	srlx	$car1,32,$car1
-
-	add	$car0,$car1,$car1
-	st	$car1,[$tp+8]
-	srlx	$car1,32,$car2
-
-	mov	4,$i			! i++
-	ld	[$bp+4],$mul0		! bp[1]
-.Louter:
-	add	%sp,$bias+$frame,$tp
-	ld	[$ap],$car0		! ap[0]
-	ld	[$ap+4],$apj		! ap[1]
-	ld	[$np],$car1		! np[0]
-	ld	[$np+4],$npj		! np[1]
-	ld	[$tp],$tmp1		! tp[0]
-	ld	[$tp+4],$tpj		! tp[1]
-	mov	12,$j
-
-	mulx	$car0,$mul0,$car0
-	mulx	$apj,$mul0,$tmp0	!prologue!
-	add	$tmp1,$car0,$car0
-	ld	[$ap+8],$apj		!prologue!
-	and	$car0,$mask,$acc0
-
-	mulx	$n0,$acc0,$mul1
-	and	$mul1,$mask,$mul1
-
-	mulx	$car1,$mul1,$car1
-	mulx	$npj,$mul1,$acc1	!prologue!
-	srlx	$car0,32,$car0
-	add	$acc0,$car1,$car1
-	ld	[$np+8],$npj		!prologue!
-	srlx	$car1,32,$car1
-	mov	$tmp0,$acc0		!prologue!
-
-.Linner:
-	mulx	$apj,$mul0,$tmp0
-	mulx	$npj,$mul1,$tmp1
-	add	$tpj,$car0,$car0
-	ld	[$ap+$j],$apj		! ap[j]
-	add	$acc0,$car0,$car0
-	add	$acc1,$car1,$car1
-	ld	[$np+$j],$npj		! np[j]
-	and	$car0,$mask,$acc0
-	ld	[$tp+8],$tpj		! tp[j]
-	srlx	$car0,32,$car0
-	add	$acc0,$car1,$car1
-	add	$j,4,$j			! j++
-	mov	$tmp0,$acc0
-	st	$car1,[$tp]		! tp[j-1]
-	srlx	$car1,32,$car1
-	mov	$tmp1,$acc1
-	cmp	$j,$num
-	bl	%icc,.Linner
-	add	$tp,4,$tp		! tp++
-!.Linner
-
-	mulx	$apj,$mul0,$tmp0	!epilogue!
-	mulx	$npj,$mul1,$tmp1
-	add	$tpj,$car0,$car0
-	add	$acc0,$car0,$car0
-	ld	[$tp+8],$tpj		! tp[j]
-	and	$car0,$mask,$acc0
-	add	$acc1,$car1,$car1
-	srlx	$car0,32,$car0
-	add	$acc0,$car1,$car1
-	st	$car1,[$tp]		! tp[j-1]
-	srlx	$car1,32,$car1
-
-	add	$tpj,$car0,$car0
-	add	$tmp0,$car0,$car0
-	and	$car0,$mask,$acc0
-	add	$tmp1,$car1,$car1
-	add	$acc0,$car1,$car1
-	st	$car1,[$tp+4]		! tp[j-1]
-	srlx	$car0,32,$car0
-	add	$i,4,$i			! i++
-	srlx	$car1,32,$car1
-
-	add	$car0,$car1,$car1
-	cmp	$i,$num
-	add	$car2,$car1,$car1
-	st	$car1,[$tp+8]
-
-	srlx	$car1,32,$car2
-	bl,a	%icc,.Louter
-	ld	[$bp+$i],$mul0		! bp[i]
-!.Louter
-
-	add	$tp,12,$tp
-
-.Ltail:
-	add	$np,$num,$np
-	add	$rp,$num,$rp
-	mov	$tp,$ap
-	sub	%g0,$num,%o7		! k=-num
-	ba	.Lsub
-	subcc	%g0,%g0,%g0		! clear %icc.c
-.align	16
-.Lsub:
-	ld	[$tp+%o7],%o0
-	ld	[$np+%o7],%o1
-	subccc	%o0,%o1,%o1		! tp[j]-np[j]
-	add	$rp,%o7,$i
-	add	%o7,4,%o7
-	brnz	%o7,.Lsub
-	st	%o1,[$i]
-	subc	$car2,0,$car2		! handle upmost overflow bit
-	and	$tp,$car2,$ap
-	andn	$rp,$car2,$np
-	or	$ap,$np,$ap
-	sub	%g0,$num,%o7
-
-.Lcopy:
-	ld	[$ap+%o7],%o0		! copy or in-place refresh
-	st	%g0,[$tp+%o7]		! zap tp
-	st	%o0,[$rp+%o7]
-	add	%o7,4,%o7
-	brnz	%o7,.Lcopy
-	nop
-	mov	1,%i0
-	ret
-	restore
-___
-
-########
-######## .Lbn_sqr_mont gives up to 20% *overall* improvement over
-######## code without following dedicated squaring procedure.
-########
-$sbit="%i2";		# re-use $bp!
-
-$code.=<<___;
-.align	32
-.Lbn_sqr_mont:
-	mulx	$mul0,$mul0,$car0		! ap[0]*ap[0]
-	mulx	$apj,$mul0,$tmp0		!prologue!
-	and	$car0,$mask,$acc0
-	add	%sp,$bias+$frame,$tp
-	ld	[$ap+8],$apj			!prologue!
-
-	mulx	$n0,$acc0,$mul1			! "t[0]"*n0
-	srlx	$car0,32,$car0
-	and	$mul1,$mask,$mul1
-
-	mulx	$car1,$mul1,$car1		! np[0]*"t[0]"*n0
-	mulx	$npj,$mul1,$acc1		!prologue!
-	and	$car0,1,$sbit
-	ld	[$np+8],$npj			!prologue!
-	srlx	$car0,1,$car0
-	add	$acc0,$car1,$car1
-	srlx	$car1,32,$car1
-	mov	$tmp0,$acc0			!prologue!
-
-.Lsqr_1st:
-	mulx	$apj,$mul0,$tmp0
-	mulx	$npj,$mul1,$tmp1
-	add	$acc0,$car0,$car0		! ap[j]*a0+c0
-	add	$acc1,$car1,$car1
-	ld	[$ap+$j],$apj			! ap[j]
-	and	$car0,$mask,$acc0
-	ld	[$np+$j],$npj			! np[j]
-	srlx	$car0,32,$car0
-	add	$acc0,$acc0,$acc0
-	or	$sbit,$acc0,$acc0
-	mov	$tmp1,$acc1
-	srlx	$acc0,32,$sbit
-	add	$j,4,$j				! j++
-	and	$acc0,$mask,$acc0
-	cmp	$j,$num
-	add	$acc0,$car1,$car1
-	st	$car1,[$tp]
-	mov	$tmp0,$acc0
-	srlx	$car1,32,$car1
-	bl	%icc,.Lsqr_1st
-	add	$tp,4,$tp			! tp++
-!.Lsqr_1st
-
-	mulx	$apj,$mul0,$tmp0		! epilogue
-	mulx	$npj,$mul1,$tmp1
-	add	$acc0,$car0,$car0		! ap[j]*a0+c0
-	add	$acc1,$car1,$car1
-	and	$car0,$mask,$acc0
-	srlx	$car0,32,$car0
-	add	$acc0,$acc0,$acc0
-	or	$sbit,$acc0,$acc0
-	srlx	$acc0,32,$sbit
-	and	$acc0,$mask,$acc0
-	add	$acc0,$car1,$car1
-	st	$car1,[$tp]
-	srlx	$car1,32,$car1
-
-	add	$tmp0,$car0,$car0		! ap[j]*a0+c0
-	add	$tmp1,$car1,$car1
-	and	$car0,$mask,$acc0
-	srlx	$car0,32,$car0
-	add	$acc0,$acc0,$acc0
-	or	$sbit,$acc0,$acc0
-	srlx	$acc0,32,$sbit
-	and	$acc0,$mask,$acc0
-	add	$acc0,$car1,$car1
-	st	$car1,[$tp+4]
-	srlx	$car1,32,$car1
-
-	add	$car0,$car0,$car0
-	or	$sbit,$car0,$car0
-	add	$car0,$car1,$car1
-	st	$car1,[$tp+8]
-	srlx	$car1,32,$car2
-
-	ld	[%sp+$bias+$frame],$tmp0	! tp[0]
-	ld	[%sp+$bias+$frame+4],$tmp1	! tp[1]
-	ld	[%sp+$bias+$frame+8],$tpj	! tp[2]
-	ld	[$ap+4],$mul0			! ap[1]
-	ld	[$ap+8],$apj			! ap[2]
-	ld	[$np],$car1			! np[0]
-	ld	[$np+4],$npj			! np[1]
-	mulx	$n0,$tmp0,$mul1
-
-	mulx	$mul0,$mul0,$car0
-	and	$mul1,$mask,$mul1
-
-	mulx	$car1,$mul1,$car1
-	mulx	$npj,$mul1,$acc1
-	add	$tmp0,$car1,$car1
-	and	$car0,$mask,$acc0
-	ld	[$np+8],$npj			! np[2]
-	srlx	$car1,32,$car1
-	add	$tmp1,$car1,$car1
-	srlx	$car0,32,$car0
-	add	$acc0,$car1,$car1
-	and	$car0,1,$sbit
-	add	$acc1,$car1,$car1
-	srlx	$car0,1,$car0
-	mov	12,$j
-	st	$car1,[%sp+$bias+$frame]	! tp[0]=
-	srlx	$car1,32,$car1
-	add	%sp,$bias+$frame+4,$tp
-
-.Lsqr_2nd:
-	mulx	$apj,$mul0,$acc0
-	mulx	$npj,$mul1,$acc1
-	add	$acc0,$car0,$car0
-	add	$tpj,$car1,$car1
-	ld	[$ap+$j],$apj			! ap[j]
-	and	$car0,$mask,$acc0
-	ld	[$np+$j],$npj			! np[j]
-	srlx	$car0,32,$car0
-	add	$acc1,$car1,$car1
-	ld	[$tp+8],$tpj			! tp[j]
-	add	$acc0,$acc0,$acc0
-	add	$j,4,$j				! j++
-	or	$sbit,$acc0,$acc0
-	srlx	$acc0,32,$sbit
-	and	$acc0,$mask,$acc0
-	cmp	$j,$num
-	add	$acc0,$car1,$car1
-	st	$car1,[$tp]			! tp[j-1]
-	srlx	$car1,32,$car1
-	bl	%icc,.Lsqr_2nd
-	add	$tp,4,$tp			! tp++
-!.Lsqr_2nd
-
-	mulx	$apj,$mul0,$acc0
-	mulx	$npj,$mul1,$acc1
-	add	$acc0,$car0,$car0
-	add	$tpj,$car1,$car1
-	and	$car0,$mask,$acc0
-	srlx	$car0,32,$car0
-	add	$acc1,$car1,$car1
-	add	$acc0,$acc0,$acc0
-	or	$sbit,$acc0,$acc0
-	srlx	$acc0,32,$sbit
-	and	$acc0,$mask,$acc0
-	add	$acc0,$car1,$car1
-	st	$car1,[$tp]			! tp[j-1]
-	srlx	$car1,32,$car1
-
-	add	$car0,$car0,$car0
-	or	$sbit,$car0,$car0
-	add	$car0,$car1,$car1
-	add	$car2,$car1,$car1
-	st	$car1,[$tp+4]
-	srlx	$car1,32,$car2
-
-	ld	[%sp+$bias+$frame],$tmp1	! tp[0]
-	ld	[%sp+$bias+$frame+4],$tpj	! tp[1]
-	ld	[$ap+8],$mul0			! ap[2]
-	ld	[$np],$car1			! np[0]
-	ld	[$np+4],$npj			! np[1]
-	mulx	$n0,$tmp1,$mul1
-	and	$mul1,$mask,$mul1
-	mov	8,$i
-
-	mulx	$mul0,$mul0,$car0
-	mulx	$car1,$mul1,$car1
-	and	$car0,$mask,$acc0
-	add	$tmp1,$car1,$car1
-	srlx	$car0,32,$car0
-	add	%sp,$bias+$frame,$tp
-	srlx	$car1,32,$car1
-	and	$car0,1,$sbit
-	srlx	$car0,1,$car0
-	mov	4,$j
-
-.Lsqr_outer:
-.Lsqr_inner1:
-	mulx	$npj,$mul1,$acc1
-	add	$tpj,$car1,$car1
-	add	$j,4,$j
-	ld	[$tp+8],$tpj
-	cmp	$j,$i
-	add	$acc1,$car1,$car1
-	ld	[$np+$j],$npj
-	st	$car1,[$tp]
-	srlx	$car1,32,$car1
-	bl	%icc,.Lsqr_inner1
-	add	$tp,4,$tp
-!.Lsqr_inner1
-
-	add	$j,4,$j
-	ld	[$ap+$j],$apj			! ap[j]
-	mulx	$npj,$mul1,$acc1
-	add	$tpj,$car1,$car1
-	ld	[$np+$j],$npj			! np[j]
-	add	$acc0,$car1,$car1
-	ld	[$tp+8],$tpj			! tp[j]
-	add	$acc1,$car1,$car1
-	st	$car1,[$tp]
-	srlx	$car1,32,$car1
-
-	add	$j,4,$j
-	cmp	$j,$num
-	be,pn	%icc,.Lsqr_no_inner2
-	add	$tp,4,$tp
-
-.Lsqr_inner2:
-	mulx	$apj,$mul0,$acc0
-	mulx	$npj,$mul1,$acc1
-	add	$tpj,$car1,$car1
-	add	$acc0,$car0,$car0
-	ld	[$ap+$j],$apj			! ap[j]
-	and	$car0,$mask,$acc0
-	ld	[$np+$j],$npj			! np[j]
-	srlx	$car0,32,$car0
-	add	$acc0,$acc0,$acc0
-	ld	[$tp+8],$tpj			! tp[j]
-	or	$sbit,$acc0,$acc0
-	add	$j,4,$j				! j++
-	srlx	$acc0,32,$sbit
-	and	$acc0,$mask,$acc0
-	cmp	$j,$num
-	add	$acc0,$car1,$car1
-	add	$acc1,$car1,$car1
-	st	$car1,[$tp]			! tp[j-1]
-	srlx	$car1,32,$car1
-	bl	%icc,.Lsqr_inner2
-	add	$tp,4,$tp			! tp++
-
-.Lsqr_no_inner2:
-	mulx	$apj,$mul0,$acc0
-	mulx	$npj,$mul1,$acc1
-	add	$tpj,$car1,$car1
-	add	$acc0,$car0,$car0
-	and	$car0,$mask,$acc0
-	srlx	$car0,32,$car0
-	add	$acc0,$acc0,$acc0
-	or	$sbit,$acc0,$acc0
-	srlx	$acc0,32,$sbit
-	and	$acc0,$mask,$acc0
-	add	$acc0,$car1,$car1
-	add	$acc1,$car1,$car1
-	st	$car1,[$tp]			! tp[j-1]
-	srlx	$car1,32,$car1
-
-	add	$car0,$car0,$car0
-	or	$sbit,$car0,$car0
-	add	$car0,$car1,$car1
-	add	$car2,$car1,$car1
-	st	$car1,[$tp+4]
-	srlx	$car1,32,$car2
-
-	add	$i,4,$i				! i++
-	ld	[%sp+$bias+$frame],$tmp1	! tp[0]
-	ld	[%sp+$bias+$frame+4],$tpj	! tp[1]
-	ld	[$ap+$i],$mul0			! ap[j]
-	ld	[$np],$car1			! np[0]
-	ld	[$np+4],$npj			! np[1]
-	mulx	$n0,$tmp1,$mul1
-	and	$mul1,$mask,$mul1
-	add	$i,4,$tmp0
-
-	mulx	$mul0,$mul0,$car0
-	mulx	$car1,$mul1,$car1
-	and	$car0,$mask,$acc0
-	add	$tmp1,$car1,$car1
-	srlx	$car0,32,$car0
-	add	%sp,$bias+$frame,$tp
-	srlx	$car1,32,$car1
-	and	$car0,1,$sbit
-	srlx	$car0,1,$car0
-
-	cmp	$tmp0,$num			! i<num-1
-	bl	%icc,.Lsqr_outer
-	mov	4,$j
-
-.Lsqr_last:
-	mulx	$npj,$mul1,$acc1
-	add	$tpj,$car1,$car1
-	add	$j,4,$j
-	ld	[$tp+8],$tpj
-	cmp	$j,$i
-	add	$acc1,$car1,$car1
-	ld	[$np+$j],$npj
-	st	$car1,[$tp]
-	srlx	$car1,32,$car1
-	bl	%icc,.Lsqr_last
-	add	$tp,4,$tp
-!.Lsqr_last
-
-	mulx	$npj,$mul1,$acc1
-	add	$tpj,$car1,$car1
-	add	$acc0,$car1,$car1
-	add	$acc1,$car1,$car1
-	st	$car1,[$tp]
-	srlx	$car1,32,$car1
-
-	add	$car0,$car0,$car0		! recover $car0
-	or	$sbit,$car0,$car0
-	add	$car0,$car1,$car1
-	add	$car2,$car1,$car1
-	st	$car1,[$tp+4]
-	srlx	$car1,32,$car2
-
-	ba	.Ltail
-	add	$tp,8,$tp
-.type	$fname,#function
-.size	$fname,(.-$fname)
-.asciz	"Montgomery Multipltication for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
-.align	32
-___
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/sparcv9a-mont.pl b/crypto/bn/asm/sparcv9a-mont.pl
deleted file mode 100755
index a14205f2f0..0000000000
--- a/crypto/bn/asm/sparcv9a-mont.pl
+++ /dev/null
@@ -1,882 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# October 2005
-#
-# "Teaser" Montgomery multiplication module for UltraSPARC. Why FPU?
-# Because unlike integer multiplier, which simply stalls whole CPU,
-# FPU is fully pipelined and can effectively emit 48 bit partial
-# product every cycle. Why not blended SPARC v9? One can argue that
-# making this module dependent on UltraSPARC VIS extension limits its
-# binary compatibility. Well yes, it does exclude SPARC64 prior-V(!)
-# implementations from compatibility matrix. But the rest, whole Sun
-# UltraSPARC family and brand new Fujitsu's SPARC64 V, all support
-# VIS extension instructions used in this module. This is considered
-# good enough to not care about HAL SPARC64 users [if any] who have
-# integer-only pure SPARCv9 module to "fall down" to.
-
-# USI&II cores currently exhibit uniform 2x improvement [over pre-
-# bn_mul_mont codebase] for all key lengths and benchmarks. On USIII
-# performance improves few percents for shorter keys and worsens few
-# percents for longer keys. This is because USIII integer multiplier
-# is >3x faster than USI&II one, which is harder to match [but see
-# TODO list below]. It should also be noted that SPARC64 V features
-# out-of-order execution, which *might* mean that integer multiplier
-# is pipelined, which in turn *might* be impossible to match... On
-# additional note, SPARC64 V implements FP Multiply-Add instruction,
-# which is perfectly usable in this context... In other words, as far
-# as Fujitsu SPARC64 V goes, talk to the author:-)
-
-# The implementation implies following "non-natural" limitations on
-# input arguments:
-# - num may not be less than 4;
-# - num has to be even;
-# Failure to meet either condition has no fatal effects, simply
-# doesn't give any performance gain.
-
-# TODO:
-# - modulo-schedule inner loop for better performance (on in-order
-#   execution core such as UltraSPARC this shall result in further
-#   noticeable(!) improvement);
-# - dedicated squaring procedure[?];
-
-######################################################################
-# November 2006
-#
-# Modulo-scheduled inner loops allow to interleave floating point and
-# integer instructions and minimize Read-After-Write penalties. This
-# results in *further* 20-50% perfromance improvement [depending on
-# key length, more for longer keys] on USI&II cores and 30-80% - on
-# USIII&IV.
-
-$fname="bn_mul_mont_fpu";
-$bits=32;
-for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
-
-if ($bits==64) {
-	$bias=2047;
-	$frame=192;
-} else {
-	$bias=0;
-	$frame=128;	# 96 rounded up to largest known cache-line
-}
-$locals=64;
-
-# In order to provide for 32-/64-bit ABI duality, I keep integers wider
-# than 32 bit in %g1-%g4 and %o0-%o5. %l0-%l7 and %i0-%i5 are used
-# exclusively for pointers, indexes and other small values...
-# int bn_mul_mont(
-$rp="%i0";	# BN_ULONG *rp,
-$ap="%i1";	# const BN_ULONG *ap,
-$bp="%i2";	# const BN_ULONG *bp,
-$np="%i3";	# const BN_ULONG *np,
-$n0="%i4";	# const BN_ULONG *n0,
-$num="%i5";	# int num);
-
-$tp="%l0";	# t[num]
-$ap_l="%l1";	# a[num],n[num] are smashed to 32-bit words and saved
-$ap_h="%l2";	# to these four vectors as double-precision FP values.
-$np_l="%l3";	# This way a bunch of fxtods are eliminated in second
-$np_h="%l4";	# loop and L1-cache aliasing is minimized...
-$i="%l5";
-$j="%l6";
-$mask="%l7";	# 16-bit mask, 0xffff
-
-$n0="%g4";	# reassigned(!) to "64-bit" register
-$carry="%i4";	# %i4 reused(!) for a carry bit
-
-# FP register naming chart
-#
-#     ..HILO
-#       dcba
-#   --------
-#        LOa
-#       LOb
-#      LOc
-#     LOd
-#      HIa
-#     HIb
-#    HIc
-#   HId
-#    ..a
-#   ..b
-$ba="%f0";    $bb="%f2";    $bc="%f4";    $bd="%f6";
-$na="%f8";    $nb="%f10";   $nc="%f12";   $nd="%f14";
-$alo="%f16";  $alo_="%f17"; $ahi="%f18";  $ahi_="%f19";
-$nlo="%f20";  $nlo_="%f21"; $nhi="%f22";  $nhi_="%f23";
-
-$dota="%f24"; $dotb="%f26";
-
-$aloa="%f32"; $alob="%f34"; $aloc="%f36"; $alod="%f38";
-$ahia="%f40"; $ahib="%f42"; $ahic="%f44"; $ahid="%f46";
-$nloa="%f48"; $nlob="%f50"; $nloc="%f52"; $nlod="%f54";
-$nhia="%f56"; $nhib="%f58"; $nhic="%f60"; $nhid="%f62";
-
-$ASI_FL16_P=0xD2;	# magic ASI value to engage 16-bit FP load
-
-$code=<<___;
-.section	".text",#alloc,#execinstr
-
-.global $fname
-.align  32
-$fname:
-	save	%sp,-$frame-$locals,%sp
-
-	cmp	$num,4
-	bl,a,pn %icc,.Lret
-	clr	%i0
-	andcc	$num,1,%g0		! $num has to be even...
-	bnz,a,pn %icc,.Lret
-	clr	%i0			! signal "unsupported input value"
-
-	srl	$num,1,$num
-	sethi	%hi(0xffff),$mask
-	ld	[%i4+0],$n0		! $n0 reassigned, remember?
-	or	$mask,%lo(0xffff),$mask
-	ld	[%i4+4],%o0
-	sllx	%o0,32,%o0
-	or	%o0,$n0,$n0		! $n0=n0[1].n0[0]
-
-	sll	$num,3,$num		! num*=8
-
-	add	%sp,$bias,%o0		! real top of stack
-	sll	$num,2,%o1
-	add	%o1,$num,%o1		! %o1=num*5
-	sub	%o0,%o1,%o0
-	and	%o0,-2048,%o0		! optimize TLB utilization
-	sub	%o0,$bias,%sp		! alloca(5*num*8)
-
-	rd	%asi,%o7		! save %asi
-	add	%sp,$bias+$frame+$locals,$tp
-	add	$tp,$num,$ap_l
-	add	$ap_l,$num,$ap_l	! [an]p_[lh] point at the vectors' ends !
-	add	$ap_l,$num,$ap_h
-	add	$ap_h,$num,$np_l
-	add	$np_l,$num,$np_h
-
-	wr	%g0,$ASI_FL16_P,%asi	! setup %asi for 16-bit FP loads
-
-	add	$rp,$num,$rp		! readjust input pointers to point
-	add	$ap,$num,$ap		! at the ends too...
-	add	$bp,$num,$bp
-	add	$np,$num,$np
-
-	stx	%o7,[%sp+$bias+$frame+48]	! save %asi
-
-	sub	%g0,$num,$i		! i=-num
-	sub	%g0,$num,$j		! j=-num
-
-	add	$ap,$j,%o3
-	add	$bp,$i,%o4
-
-	ld	[%o3+4],%g1		! bp[0]
-	ld	[%o3+0],%o0
-	ld	[%o4+4],%g5		! ap[0]
-	sllx	%g1,32,%g1
-	ld	[%o4+0],%o1
-	sllx	%g5,32,%g5
-	or	%g1,%o0,%o0
-	or	%g5,%o1,%o1
-
-	add	$np,$j,%o5
-
-	mulx	%o1,%o0,%o0		! ap[0]*bp[0]
-	mulx	$n0,%o0,%o0		! ap[0]*bp[0]*n0
-	stx	%o0,[%sp+$bias+$frame+0]
-
-	ld	[%o3+0],$alo_	! load a[j] as pair of 32-bit words
-	fzeros	$alo
-	ld	[%o3+4],$ahi_
-	fzeros	$ahi
-	ld	[%o5+0],$nlo_	! load n[j] as pair of 32-bit words
-	fzeros	$nlo
-	ld	[%o5+4],$nhi_
-	fzeros	$nhi
-
-	! transfer b[i] to FPU as 4x16-bit values
-	ldda	[%o4+2]%asi,$ba
-	fxtod	$alo,$alo
-	ldda	[%o4+0]%asi,$bb
-	fxtod	$ahi,$ahi
-	ldda	[%o4+6]%asi,$bc
-	fxtod	$nlo,$nlo
-	ldda	[%o4+4]%asi,$bd
-	fxtod	$nhi,$nhi
-
-	! transfer ap[0]*b[0]*n0 to FPU as 4x16-bit values
-	ldda	[%sp+$bias+$frame+6]%asi,$na
-	fxtod	$ba,$ba
-	ldda	[%sp+$bias+$frame+4]%asi,$nb
-	fxtod	$bb,$bb
-	ldda	[%sp+$bias+$frame+2]%asi,$nc
-	fxtod	$bc,$bc
-	ldda	[%sp+$bias+$frame+0]%asi,$nd
-	fxtod	$bd,$bd
-
-	std	$alo,[$ap_l+$j]		! save smashed ap[j] in double format
-	fxtod	$na,$na
-	std	$ahi,[$ap_h+$j]
-	fxtod	$nb,$nb
-	std	$nlo,[$np_l+$j]		! save smashed np[j] in double format
-	fxtod	$nc,$nc
-	std	$nhi,[$np_h+$j]
-	fxtod	$nd,$nd
-
-		fmuld	$alo,$ba,$aloa
-		fmuld	$nlo,$na,$nloa
-		fmuld	$alo,$bb,$alob
-		fmuld	$nlo,$nb,$nlob
-		fmuld	$alo,$bc,$aloc
-	faddd	$aloa,$nloa,$nloa
-		fmuld	$nlo,$nc,$nloc
-		fmuld	$alo,$bd,$alod
-	faddd	$alob,$nlob,$nlob
-		fmuld	$nlo,$nd,$nlod
-		fmuld	$ahi,$ba,$ahia
-	faddd	$aloc,$nloc,$nloc
-		fmuld	$nhi,$na,$nhia
-		fmuld	$ahi,$bb,$ahib
-	faddd	$alod,$nlod,$nlod
-		fmuld	$nhi,$nb,$nhib
-		fmuld	$ahi,$bc,$ahic
-	faddd	$ahia,$nhia,$nhia
-		fmuld	$nhi,$nc,$nhic
-		fmuld	$ahi,$bd,$ahid
-	faddd	$ahib,$nhib,$nhib
-		fmuld	$nhi,$nd,$nhid
-
-	faddd	$ahic,$nhic,$dota	! $nhic
-	faddd	$ahid,$nhid,$dotb	! $nhid
-
-	faddd	$nloc,$nhia,$nloc
-	faddd	$nlod,$nhib,$nlod
-
-	fdtox	$nloa,$nloa
-	fdtox	$nlob,$nlob
-	fdtox	$nloc,$nloc
-	fdtox	$nlod,$nlod
-
-	std	$nloa,[%sp+$bias+$frame+0]
-	add	$j,8,$j
-	std	$nlob,[%sp+$bias+$frame+8]
-	add	$ap,$j,%o4
-	std	$nloc,[%sp+$bias+$frame+16]
-	add	$np,$j,%o5
-	std	$nlod,[%sp+$bias+$frame+24]
-
-	ld	[%o4+0],$alo_	! load a[j] as pair of 32-bit words
-	fzeros	$alo
-	ld	[%o4+4],$ahi_
-	fzeros	$ahi
-	ld	[%o5+0],$nlo_	! load n[j] as pair of 32-bit words
-	fzeros	$nlo
-	ld	[%o5+4],$nhi_
-	fzeros	$nhi
-
-	fxtod	$alo,$alo
-	fxtod	$ahi,$ahi
-	fxtod	$nlo,$nlo
-	fxtod	$nhi,$nhi
-
-	ldx	[%sp+$bias+$frame+0],%o0
-		fmuld	$alo,$ba,$aloa
-	ldx	[%sp+$bias+$frame+8],%o1
-		fmuld	$nlo,$na,$nloa
-	ldx	[%sp+$bias+$frame+16],%o2
-		fmuld	$alo,$bb,$alob
-	ldx	[%sp+$bias+$frame+24],%o3
-		fmuld	$nlo,$nb,$nlob
-
-	srlx	%o0,16,%o7
-	std	$alo,[$ap_l+$j]		! save smashed ap[j] in double format
-		fmuld	$alo,$bc,$aloc
-	add	%o7,%o1,%o1
-	std	$ahi,[$ap_h+$j]
-		faddd	$aloa,$nloa,$nloa
-		fmuld	$nlo,$nc,$nloc
-	srlx	%o1,16,%o7
-	std	$nlo,[$np_l+$j]		! save smashed np[j] in double format
-		fmuld	$alo,$bd,$alod
-	add	%o7,%o2,%o2
-	std	$nhi,[$np_h+$j]
-		faddd	$alob,$nlob,$nlob
-		fmuld	$nlo,$nd,$nlod
-	srlx	%o2,16,%o7
-		fmuld	$ahi,$ba,$ahia
-	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
-		faddd	$aloc,$nloc,$nloc
-		fmuld	$nhi,$na,$nhia
-	!and	%o0,$mask,%o0
-	!and	%o1,$mask,%o1
-	!and	%o2,$mask,%o2
-	!sllx	%o1,16,%o1
-	!sllx	%o2,32,%o2
-	!sllx	%o3,48,%o7
-	!or	%o1,%o0,%o0
-	!or	%o2,%o0,%o0
-	!or	%o7,%o0,%o0		! 64-bit result
-	srlx	%o3,16,%g1		! 34-bit carry
-		fmuld	$ahi,$bb,$ahib
-
-	faddd	$alod,$nlod,$nlod
-		fmuld	$nhi,$nb,$nhib
-		fmuld	$ahi,$bc,$ahic
-	faddd	$ahia,$nhia,$nhia
-		fmuld	$nhi,$nc,$nhic
-		fmuld	$ahi,$bd,$ahid
-	faddd	$ahib,$nhib,$nhib
-		fmuld	$nhi,$nd,$nhid
-
-	faddd	$dota,$nloa,$nloa
-	faddd	$dotb,$nlob,$nlob
-	faddd	$ahic,$nhic,$dota	! $nhic
-	faddd	$ahid,$nhid,$dotb	! $nhid
-
-	faddd	$nloc,$nhia,$nloc
-	faddd	$nlod,$nhib,$nlod
-
-	fdtox	$nloa,$nloa
-	fdtox	$nlob,$nlob
-	fdtox	$nloc,$nloc
-	fdtox	$nlod,$nlod
-
-	std	$nloa,[%sp+$bias+$frame+0]
-	std	$nlob,[%sp+$bias+$frame+8]
-	addcc	$j,8,$j
-	std	$nloc,[%sp+$bias+$frame+16]
-	bz,pn	%icc,.L1stskip
-	std	$nlod,[%sp+$bias+$frame+24]
-
-.align	32			! incidentally already aligned !
-.L1st:
-	add	$ap,$j,%o4
-	add	$np,$j,%o5
-	ld	[%o4+0],$alo_	! load a[j] as pair of 32-bit words
-	fzeros	$alo
-	ld	[%o4+4],$ahi_
-	fzeros	$ahi
-	ld	[%o5+0],$nlo_	! load n[j] as pair of 32-bit words
-	fzeros	$nlo
-	ld	[%o5+4],$nhi_
-	fzeros	$nhi
-
-	fxtod	$alo,$alo
-	fxtod	$ahi,$ahi
-	fxtod	$nlo,$nlo
-	fxtod	$nhi,$nhi
-
-	ldx	[%sp+$bias+$frame+0],%o0
-		fmuld	$alo,$ba,$aloa
-	ldx	[%sp+$bias+$frame+8],%o1
-		fmuld	$nlo,$na,$nloa
-	ldx	[%sp+$bias+$frame+16],%o2
-		fmuld	$alo,$bb,$alob
-	ldx	[%sp+$bias+$frame+24],%o3
-		fmuld	$nlo,$nb,$nlob
-
-	srlx	%o0,16,%o7
-	std	$alo,[$ap_l+$j]		! save smashed ap[j] in double format
-		fmuld	$alo,$bc,$aloc
-	add	%o7,%o1,%o1
-	std	$ahi,[$ap_h+$j]
-		faddd	$aloa,$nloa,$nloa
-		fmuld	$nlo,$nc,$nloc
-	srlx	%o1,16,%o7
-	std	$nlo,[$np_l+$j]		! save smashed np[j] in double format
-		fmuld	$alo,$bd,$alod
-	add	%o7,%o2,%o2
-	std	$nhi,[$np_h+$j]
-		faddd	$alob,$nlob,$nlob
-		fmuld	$nlo,$nd,$nlod
-	srlx	%o2,16,%o7
-		fmuld	$ahi,$ba,$ahia
-	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
-	and	%o0,$mask,%o0
-		faddd	$aloc,$nloc,$nloc
-		fmuld	$nhi,$na,$nhia
-	and	%o1,$mask,%o1
-	and	%o2,$mask,%o2
-		fmuld	$ahi,$bb,$ahib
-	sllx	%o1,16,%o1
-		faddd	$alod,$nlod,$nlod
-		fmuld	$nhi,$nb,$nhib
-	sllx	%o2,32,%o2
-		fmuld	$ahi,$bc,$ahic
-	sllx	%o3,48,%o7
-	or	%o1,%o0,%o0
-		faddd	$ahia,$nhia,$nhia
-		fmuld	$nhi,$nc,$nhic
-	or	%o2,%o0,%o0
-		fmuld	$ahi,$bd,$ahid
-	or	%o7,%o0,%o0		! 64-bit result
-		faddd	$ahib,$nhib,$nhib
-		fmuld	$nhi,$nd,$nhid
-	addcc	%g1,%o0,%o0
-		faddd	$dota,$nloa,$nloa
-	srlx	%o3,16,%g1		! 34-bit carry
-		faddd	$dotb,$nlob,$nlob
-	bcs,a	%xcc,.+8
-	add	%g1,1,%g1
-
-	stx	%o0,[$tp]		! tp[j-1]=
-
-	faddd	$ahic,$nhic,$dota	! $nhic
-	faddd	$ahid,$nhid,$dotb	! $nhid
-
-	faddd	$nloc,$nhia,$nloc
-	faddd	$nlod,$nhib,$nlod
-
-	fdtox	$nloa,$nloa
-	fdtox	$nlob,$nlob
-	fdtox	$nloc,$nloc
-	fdtox	$nlod,$nlod
-
-	std	$nloa,[%sp+$bias+$frame+0]
-	std	$nlob,[%sp+$bias+$frame+8]
-	std	$nloc,[%sp+$bias+$frame+16]
-	std	$nlod,[%sp+$bias+$frame+24]
-
-	addcc	$j,8,$j
-	bnz,pt	%icc,.L1st
-	add	$tp,8,$tp
-
-.L1stskip:
-	fdtox	$dota,$dota
-	fdtox	$dotb,$dotb
-
-	ldx	[%sp+$bias+$frame+0],%o0
-	ldx	[%sp+$bias+$frame+8],%o1
-	ldx	[%sp+$bias+$frame+16],%o2
-	ldx	[%sp+$bias+$frame+24],%o3
-
-	srlx	%o0,16,%o7
-	std	$dota,[%sp+$bias+$frame+32]
-	add	%o7,%o1,%o1
-	std	$dotb,[%sp+$bias+$frame+40]
-	srlx	%o1,16,%o7
-	add	%o7,%o2,%o2
-	srlx	%o2,16,%o7
-	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
-	and	%o0,$mask,%o0
-	and	%o1,$mask,%o1
-	and	%o2,$mask,%o2
-	sllx	%o1,16,%o1
-	sllx	%o2,32,%o2
-	sllx	%o3,48,%o7
-	or	%o1,%o0,%o0
-	or	%o2,%o0,%o0
-	or	%o7,%o0,%o0		! 64-bit result
-	ldx	[%sp+$bias+$frame+32],%o4
-	addcc	%g1,%o0,%o0
-	ldx	[%sp+$bias+$frame+40],%o5
-	srlx	%o3,16,%g1		! 34-bit carry
-	bcs,a	%xcc,.+8
-	add	%g1,1,%g1
-
-	stx	%o0,[$tp]		! tp[j-1]=
-	add	$tp,8,$tp
-
-	srlx	%o4,16,%o7
-	add	%o7,%o5,%o5
-	and	%o4,$mask,%o4
-	sllx	%o5,16,%o7
-	or	%o7,%o4,%o4
-	addcc	%g1,%o4,%o4
-	srlx	%o5,48,%g1
-	bcs,a	%xcc,.+8
-	add	%g1,1,%g1
-
-	mov	%g1,$carry
-	stx	%o4,[$tp]		! tp[num-1]=
-
-	ba	.Louter
-	add	$i,8,$i
-.align	32
-.Louter:
-	sub	%g0,$num,$j		! j=-num
-	add	%sp,$bias+$frame+$locals,$tp
-
-	add	$ap,$j,%o3
-	add	$bp,$i,%o4
-
-	ld	[%o3+4],%g1		! bp[i]
-	ld	[%o3+0],%o0
-	ld	[%o4+4],%g5		! ap[0]
-	sllx	%g1,32,%g1
-	ld	[%o4+0],%o1
-	sllx	%g5,32,%g5
-	or	%g1,%o0,%o0
-	or	%g5,%o1,%o1
-
-	ldx	[$tp],%o2		! tp[0]
-	mulx	%o1,%o0,%o0
-	addcc	%o2,%o0,%o0
-	mulx	$n0,%o0,%o0		! (ap[0]*bp[i]+t[0])*n0
-	stx	%o0,[%sp+$bias+$frame+0]
-
-	! transfer b[i] to FPU as 4x16-bit values
-	ldda	[%o4+2]%asi,$ba
-	ldda	[%o4+0]%asi,$bb
-	ldda	[%o4+6]%asi,$bc
-	ldda	[%o4+4]%asi,$bd
-
-	! transfer (ap[0]*b[i]+t[0])*n0 to FPU as 4x16-bit values
-	ldda	[%sp+$bias+$frame+6]%asi,$na
-	fxtod	$ba,$ba
-	ldda	[%sp+$bias+$frame+4]%asi,$nb
-	fxtod	$bb,$bb
-	ldda	[%sp+$bias+$frame+2]%asi,$nc
-	fxtod	$bc,$bc
-	ldda	[%sp+$bias+$frame+0]%asi,$nd
-	fxtod	$bd,$bd
-	ldd	[$ap_l+$j],$alo		! load a[j] in double format
-	fxtod	$na,$na
-	ldd	[$ap_h+$j],$ahi
-	fxtod	$nb,$nb
-	ldd	[$np_l+$j],$nlo		! load n[j] in double format
-	fxtod	$nc,$nc
-	ldd	[$np_h+$j],$nhi
-	fxtod	$nd,$nd
-
-		fmuld	$alo,$ba,$aloa
-		fmuld	$nlo,$na,$nloa
-		fmuld	$alo,$bb,$alob
-		fmuld	$nlo,$nb,$nlob
-		fmuld	$alo,$bc,$aloc
-	faddd	$aloa,$nloa,$nloa
-		fmuld	$nlo,$nc,$nloc
-		fmuld	$alo,$bd,$alod
-	faddd	$alob,$nlob,$nlob
-		fmuld	$nlo,$nd,$nlod
-		fmuld	$ahi,$ba,$ahia
-	faddd	$aloc,$nloc,$nloc
-		fmuld	$nhi,$na,$nhia
-		fmuld	$ahi,$bb,$ahib
-	faddd	$alod,$nlod,$nlod
-		fmuld	$nhi,$nb,$nhib
-		fmuld	$ahi,$bc,$ahic
-	faddd	$ahia,$nhia,$nhia
-		fmuld	$nhi,$nc,$nhic
-		fmuld	$ahi,$bd,$ahid
-	faddd	$ahib,$nhib,$nhib
-		fmuld	$nhi,$nd,$nhid
-
-	faddd	$ahic,$nhic,$dota	! $nhic
-	faddd	$ahid,$nhid,$dotb	! $nhid
-
-	faddd	$nloc,$nhia,$nloc
-	faddd	$nlod,$nhib,$nlod
-
-	fdtox	$nloa,$nloa
-	fdtox	$nlob,$nlob
-	fdtox	$nloc,$nloc
-	fdtox	$nlod,$nlod
-
-	std	$nloa,[%sp+$bias+$frame+0]
-	std	$nlob,[%sp+$bias+$frame+8]
-	std	$nloc,[%sp+$bias+$frame+16]
-	add	$j,8,$j
-	std	$nlod,[%sp+$bias+$frame+24]
-
-	ldd	[$ap_l+$j],$alo		! load a[j] in double format
-	ldd	[$ap_h+$j],$ahi
-	ldd	[$np_l+$j],$nlo		! load n[j] in double format
-	ldd	[$np_h+$j],$nhi
-
-		fmuld	$alo,$ba,$aloa
-		fmuld	$nlo,$na,$nloa
-		fmuld	$alo,$bb,$alob
-		fmuld	$nlo,$nb,$nlob
-		fmuld	$alo,$bc,$aloc
-	ldx	[%sp+$bias+$frame+0],%o0
-		faddd	$aloa,$nloa,$nloa
-		fmuld	$nlo,$nc,$nloc
-	ldx	[%sp+$bias+$frame+8],%o1
-		fmuld	$alo,$bd,$alod
-	ldx	[%sp+$bias+$frame+16],%o2
-		faddd	$alob,$nlob,$nlob
-		fmuld	$nlo,$nd,$nlod
-	ldx	[%sp+$bias+$frame+24],%o3
-		fmuld	$ahi,$ba,$ahia
-
-	srlx	%o0,16,%o7
-		faddd	$aloc,$nloc,$nloc
-		fmuld	$nhi,$na,$nhia
-	add	%o7,%o1,%o1
-		fmuld	$ahi,$bb,$ahib
-	srlx	%o1,16,%o7
-		faddd	$alod,$nlod,$nlod
-		fmuld	$nhi,$nb,$nhib
-	add	%o7,%o2,%o2
-		fmuld	$ahi,$bc,$ahic
-	srlx	%o2,16,%o7
-		faddd	$ahia,$nhia,$nhia
-		fmuld	$nhi,$nc,$nhic
-	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
-	! why?
-	and	%o0,$mask,%o0
-		fmuld	$ahi,$bd,$ahid
-	and	%o1,$mask,%o1
-	and	%o2,$mask,%o2
-		faddd	$ahib,$nhib,$nhib
-		fmuld	$nhi,$nd,$nhid
-	sllx	%o1,16,%o1
-		faddd	$dota,$nloa,$nloa
-	sllx	%o2,32,%o2
-		faddd	$dotb,$nlob,$nlob
-	sllx	%o3,48,%o7
-	or	%o1,%o0,%o0
-		faddd	$ahic,$nhic,$dota	! $nhic
-	or	%o2,%o0,%o0
-		faddd	$ahid,$nhid,$dotb	! $nhid
-	or	%o7,%o0,%o0		! 64-bit result
-	ldx	[$tp],%o7
-		faddd	$nloc,$nhia,$nloc
-	addcc	%o7,%o0,%o0
-	! end-of-why?
-		faddd	$nlod,$nhib,$nlod
-	srlx	%o3,16,%g1		! 34-bit carry
-		fdtox	$nloa,$nloa
-	bcs,a	%xcc,.+8
-	add	%g1,1,%g1
-
-	fdtox	$nlob,$nlob
-	fdtox	$nloc,$nloc
-	fdtox	$nlod,$nlod
-
-	std	$nloa,[%sp+$bias+$frame+0]
-	std	$nlob,[%sp+$bias+$frame+8]
-	addcc	$j,8,$j
-	std	$nloc,[%sp+$bias+$frame+16]
-	bz,pn	%icc,.Linnerskip
-	std	$nlod,[%sp+$bias+$frame+24]
-
-	ba	.Linner
-	nop
-.align	32
-.Linner:
-	ldd	[$ap_l+$j],$alo		! load a[j] in double format
-	ldd	[$ap_h+$j],$ahi
-	ldd	[$np_l+$j],$nlo		! load n[j] in double format
-	ldd	[$np_h+$j],$nhi
-
-		fmuld	$alo,$ba,$aloa
-		fmuld	$nlo,$na,$nloa
-		fmuld	$alo,$bb,$alob
-		fmuld	$nlo,$nb,$nlob
-		fmuld	$alo,$bc,$aloc
-	ldx	[%sp+$bias+$frame+0],%o0
-		faddd	$aloa,$nloa,$nloa
-		fmuld	$nlo,$nc,$nloc
-	ldx	[%sp+$bias+$frame+8],%o1
-		fmuld	$alo,$bd,$alod
-	ldx	[%sp+$bias+$frame+16],%o2
-		faddd	$alob,$nlob,$nlob
-		fmuld	$nlo,$nd,$nlod
-	ldx	[%sp+$bias+$frame+24],%o3
-		fmuld	$ahi,$ba,$ahia
-
-	srlx	%o0,16,%o7
-		faddd	$aloc,$nloc,$nloc
-		fmuld	$nhi,$na,$nhia
-	add	%o7,%o1,%o1
-		fmuld	$ahi,$bb,$ahib
-	srlx	%o1,16,%o7
-		faddd	$alod,$nlod,$nlod
-		fmuld	$nhi,$nb,$nhib
-	add	%o7,%o2,%o2
-		fmuld	$ahi,$bc,$ahic
-	srlx	%o2,16,%o7
-		faddd	$ahia,$nhia,$nhia
-		fmuld	$nhi,$nc,$nhic
-	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
-	and	%o0,$mask,%o0
-		fmuld	$ahi,$bd,$ahid
-	and	%o1,$mask,%o1
-	and	%o2,$mask,%o2
-		faddd	$ahib,$nhib,$nhib
-		fmuld	$nhi,$nd,$nhid
-	sllx	%o1,16,%o1
-		faddd	$dota,$nloa,$nloa
-	sllx	%o2,32,%o2
-		faddd	$dotb,$nlob,$nlob
-	sllx	%o3,48,%o7
-	or	%o1,%o0,%o0
-		faddd	$ahic,$nhic,$dota	! $nhic
-	or	%o2,%o0,%o0
-		faddd	$ahid,$nhid,$dotb	! $nhid
-	or	%o7,%o0,%o0		! 64-bit result
-		faddd	$nloc,$nhia,$nloc
-	addcc	%g1,%o0,%o0
-	ldx	[$tp+8],%o7		! tp[j]
-		faddd	$nlod,$nhib,$nlod
-	srlx	%o3,16,%g1		! 34-bit carry
-		fdtox	$nloa,$nloa
-	bcs,a	%xcc,.+8
-	add	%g1,1,%g1
-		fdtox	$nlob,$nlob
-	addcc	%o7,%o0,%o0
-		fdtox	$nloc,$nloc
-	bcs,a	%xcc,.+8
-	add	%g1,1,%g1
-
-	stx	%o0,[$tp]		! tp[j-1]
-		fdtox	$nlod,$nlod
-
-	std	$nloa,[%sp+$bias+$frame+0]
-	std	$nlob,[%sp+$bias+$frame+8]
-	std	$nloc,[%sp+$bias+$frame+16]
-	addcc	$j,8,$j
-	std	$nlod,[%sp+$bias+$frame+24]
-	bnz,pt	%icc,.Linner
-	add	$tp,8,$tp
-
-.Linnerskip:
-	fdtox	$dota,$dota
-	fdtox	$dotb,$dotb
-
-	ldx	[%sp+$bias+$frame+0],%o0
-	ldx	[%sp+$bias+$frame+8],%o1
-	ldx	[%sp+$bias+$frame+16],%o2
-	ldx	[%sp+$bias+$frame+24],%o3
-
-	srlx	%o0,16,%o7
-	std	$dota,[%sp+$bias+$frame+32]
-	add	%o7,%o1,%o1
-	std	$dotb,[%sp+$bias+$frame+40]
-	srlx	%o1,16,%o7
-	add	%o7,%o2,%o2
-	srlx	%o2,16,%o7
-	add	%o7,%o3,%o3		! %o3.%o2[0..15].%o1[0..15].%o0[0..15]
-	and	%o0,$mask,%o0
-	and	%o1,$mask,%o1
-	and	%o2,$mask,%o2
-	sllx	%o1,16,%o1
-	sllx	%o2,32,%o2
-	sllx	%o3,48,%o7
-	or	%o1,%o0,%o0
-	or	%o2,%o0,%o0
-	ldx	[%sp+$bias+$frame+32],%o4
-	or	%o7,%o0,%o0		! 64-bit result
-	ldx	[%sp+$bias+$frame+40],%o5
-	addcc	%g1,%o0,%o0
-	ldx	[$tp+8],%o7		! tp[j]
-	srlx	%o3,16,%g1		! 34-bit carry
-	bcs,a	%xcc,.+8
-	add	%g1,1,%g1
-
-	addcc	%o7,%o0,%o0
-	bcs,a	%xcc,.+8
-	add	%g1,1,%g1
-
-	stx	%o0,[$tp]		! tp[j-1]
-	add	$tp,8,$tp
-
-	srlx	%o4,16,%o7
-	add	%o7,%o5,%o5
-	and	%o4,$mask,%o4
-	sllx	%o5,16,%o7
-	or	%o7,%o4,%o4
-	addcc	%g1,%o4,%o4
-	srlx	%o5,48,%g1
-	bcs,a	%xcc,.+8
-	add	%g1,1,%g1
-
-	addcc	$carry,%o4,%o4
-	stx	%o4,[$tp]		! tp[num-1]
-	mov	%g1,$carry
-	bcs,a	%xcc,.+8
-	add	$carry,1,$carry
-
-	addcc	$i,8,$i
-	bnz	%icc,.Louter
-	nop
-
-	add	$tp,8,$tp		! adjust tp to point at the end
-	orn	%g0,%g0,%g4
-	sub	%g0,$num,%o7		! n=-num
-	ba	.Lsub
-	subcc	%g0,%g0,%g0		! clear %icc.c
-
-.align	32
-.Lsub:
-	ldx	[$tp+%o7],%o0
-	add	$np,%o7,%g1
-	ld	[%g1+0],%o2
-	ld	[%g1+4],%o3
-	srlx	%o0,32,%o1
-	subccc	%o0,%o2,%o2
-	add	$rp,%o7,%g1
-	subccc	%o1,%o3,%o3
-	st	%o2,[%g1+0]
-	add	%o7,8,%o7
-	brnz,pt	%o7,.Lsub
-	st	%o3,[%g1+4]
-	subc	$carry,0,%g4
-	sub	%g0,$num,%o7		! n=-num
-	ba	.Lcopy
-	nop
-
-.align	32
-.Lcopy:
-	ldx	[$tp+%o7],%o0
-	add	$rp,%o7,%g1
-	ld	[%g1+0],%o2
-	ld	[%g1+4],%o3
-	stx	%g0,[$tp+%o7]
-	and	%o0,%g4,%o0
-	srlx	%o0,32,%o1
-	andn	%o2,%g4,%o2
-	andn	%o3,%g4,%o3
-	or	%o2,%o0,%o0
-	or	%o3,%o1,%o1
-	st	%o0,[%g1+0]
-	add	%o7,8,%o7
-	brnz,pt	%o7,.Lcopy
-	st	%o1,[%g1+4]
-	sub	%g0,$num,%o7		! n=-num
-
-.Lzap:
-	stx	%g0,[$ap_l+%o7]
-	stx	%g0,[$ap_h+%o7]
-	stx	%g0,[$np_l+%o7]
-	stx	%g0,[$np_h+%o7]
-	add	%o7,8,%o7
-	brnz,pt	%o7,.Lzap
-	nop
-
-	ldx	[%sp+$bias+$frame+48],%o7
-	wr	%g0,%o7,%asi		! restore %asi
-
-	mov	1,%i0
-.Lret:
-	ret
-	restore
-.type   $fname,#function
-.size	$fname,(.-$fname)
-.asciz	"Montgomery Multipltication for UltraSPARC, CRYPTOGAMS by <appro\@openssl.org>"
-.align	32
-___
-
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-
-# Below substitution makes it possible to compile without demanding
-# VIS extentions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I
-# dare to do this, because VIS capability is detected at run-time now
-# and this routine is not called on CPU not capable to execute it. Do
-# note that fzeros is not the only VIS dependency! Another dependency
-# is implicit and is just _a_ numerical value loaded to %asi register,
-# which assembler can't recognize as VIS specific...
-$code =~ s/fzeros\s+%f([0-9]+)/
-	   sprintf(".word\t0x%x\t! fzeros %%f%d",0x81b00c20|($1<<25),$1)
-	  /gem;
-
-print $code;
-# flush
-close STDOUT;
diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl
deleted file mode 100644
index c046a514c8..0000000000
--- a/crypto/bn/asm/via-mont.pl
+++ /dev/null
@@ -1,242 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# Wrapper around 'rep montmul', VIA-specific instruction accessing
-# PadLock Montgomery Multiplier. The wrapper is designed as drop-in
-# replacement for OpenSSL bn_mul_mont [first implemented in 0.9.9].
-#
-# Below are interleaved outputs from 'openssl speed rsa dsa' for 4
-# different software configurations on 1.5GHz VIA Esther processor.
-# Lines marked with "software integer" denote performance of hand-
-# coded integer-only assembler found in OpenSSL 0.9.7. "Software SSE2"
-# refers to hand-coded SSE2 Montgomery multiplication procedure found
-# OpenSSL 0.9.9. "Hardware VIA SDK" refers to padlock_pmm routine from
-# Padlock SDK 2.0.1 available for download from VIA, which naturally
-# utilizes the magic 'repz montmul' instruction. And finally "hardware
-# this" refers to *this* implementation which also uses 'repz montmul'
-#
-#                   sign    verify    sign/s verify/s
-# rsa  512 bits 0.001720s 0.000140s    581.4   7149.7	software integer
-# rsa  512 bits 0.000690s 0.000086s   1450.3  11606.0	software SSE2
-# rsa  512 bits 0.006136s 0.000201s    163.0   4974.5	hardware VIA SDK
-# rsa  512 bits 0.000712s 0.000050s   1404.9  19858.5	hardware this
-#
-# rsa 1024 bits 0.008518s 0.000413s    117.4   2420.8	software integer
-# rsa 1024 bits 0.004275s 0.000277s    233.9   3609.7	software SSE2
-# rsa 1024 bits 0.012136s 0.000260s     82.4   3844.5	hardware VIA SDK
-# rsa 1024 bits 0.002522s 0.000116s    396.5   8650.9	hardware this
-#
-# rsa 2048 bits 0.050101s 0.001371s     20.0    729.6	software integer
-# rsa 2048 bits 0.030273s 0.001008s     33.0    991.9	software SSE2
-# rsa 2048 bits 0.030833s 0.000976s     32.4   1025.1	hardware VIA SDK
-# rsa 2048 bits 0.011879s 0.000342s     84.2   2921.7	hardware this
-#
-# rsa 4096 bits 0.327097s 0.004859s      3.1    205.8	software integer
-# rsa 4096 bits 0.229318s 0.003859s      4.4    259.2	software SSE2
-# rsa 4096 bits 0.233953s 0.003274s      4.3    305.4	hardware VIA SDK
-# rsa 4096 bits 0.070493s 0.001166s     14.2    857.6	hardware this
-#
-# dsa  512 bits 0.001342s 0.001651s    745.2    605.7	software integer
-# dsa  512 bits 0.000844s 0.000987s   1185.3   1013.1	software SSE2
-# dsa  512 bits 0.001902s 0.002247s    525.6    444.9	hardware VIA SDK
-# dsa  512 bits 0.000458s 0.000524s   2182.2   1909.1	hardware this
-#
-# dsa 1024 bits 0.003964s 0.004926s    252.3    203.0	software integer
-# dsa 1024 bits 0.002686s 0.003166s    372.3    315.8	software SSE2
-# dsa 1024 bits 0.002397s 0.002823s    417.1    354.3	hardware VIA SDK
-# dsa 1024 bits 0.000978s 0.001170s   1022.2    855.0	hardware this
-#
-# dsa 2048 bits 0.013280s 0.016518s     75.3     60.5	software integer
-# dsa 2048 bits 0.009911s 0.011522s    100.9     86.8	software SSE2
-# dsa 2048 bits 0.009542s 0.011763s    104.8     85.0	hardware VIA SDK
-# dsa 2048 bits 0.002884s 0.003352s    346.8    298.3	hardware this
-#
-# To give you some other reference point here is output for 2.4GHz P4
-# running hand-coded SSE2 bn_mul_mont found in 0.9.9, i.e. "software
-# SSE2" in above terms.
-#
-# rsa  512 bits 0.000407s 0.000047s   2454.2  21137.0
-# rsa 1024 bits 0.002426s 0.000141s    412.1   7100.0
-# rsa 2048 bits 0.015046s 0.000491s     66.5   2034.9
-# rsa 4096 bits 0.109770s 0.002379s      9.1    420.3
-# dsa  512 bits 0.000438s 0.000525s   2281.1   1904.1
-# dsa 1024 bits 0.001346s 0.001595s    742.7    627.0
-# dsa 2048 bits 0.004745s 0.005582s    210.7    179.1
-#
-# Conclusions: 
-# - VIA SDK leaves a *lot* of room for improvement (which this
-#   implementation successfully fills:-);
-# - 'rep montmul' gives up to >3x performance improvement depending on
-#   key length;
-# - in terms of absolute performance it delivers approximately as much
-#   as modern out-of-order 32-bit cores [again, for longer keys].
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"via-mont.pl");
-
-# int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
-$func="bn_mul_mont_padlock";
-
-$pad=16*1;	# amount of reserved bytes on top of every vector
-
-# stack layout
-$mZeroPrime=&DWP(0,"esp");		# these are specified by VIA
-$A=&DWP(4,"esp");
-$B=&DWP(8,"esp");
-$T=&DWP(12,"esp");
-$M=&DWP(16,"esp");
-$scratch=&DWP(20,"esp");
-$rp=&DWP(24,"esp");			# these are mine
-$sp=&DWP(28,"esp");
-# &DWP(32,"esp")			# 32 byte scratch area
-# &DWP(64+(4*$num+$pad)*0,"esp")	# padded tp[num]
-# &DWP(64+(4*$num+$pad)*1,"esp")	# padded copy of ap[num]
-# &DWP(64+(4*$num+$pad)*2,"esp")	# padded copy of bp[num]
-# &DWP(64+(4*$num+$pad)*3,"esp")	# padded copy of np[num]
-# Note that SDK suggests to unconditionally allocate 2K per vector. This
-# has quite an impact on performance. It naturally depends on key length,
-# but to give an example 1024 bit private RSA key operations suffer >30%
-# penalty. I allocate only as much as actually required...
-
-&function_begin($func);
-	&xor	("eax","eax");
-	&mov	("ecx",&wparam(5));	# num
-	# meet VIA's limitations for num [note that the specification
-	# expresses them in bits, while we work with amount of 32-bit words]
-	&test	("ecx",3);
-	&jnz	(&label("leave"));	# num % 4 != 0
-	&cmp	("ecx",8);
-	&jb	(&label("leave"));	# num < 8
-	&cmp	("ecx",1024);
-	&ja	(&label("leave"));	# num > 1024
-
-	&pushf	();
-	&cld	();
-
-	&mov	("edi",&wparam(0));	# rp
-	&mov	("eax",&wparam(1));	# ap
-	&mov	("ebx",&wparam(2));	# bp
-	&mov	("edx",&wparam(3));	# np
-	&mov	("esi",&wparam(4));	# n0
-	&mov	("esi",&DWP(0,"esi"));	# *n0
-
-	&lea	("ecx",&DWP($pad,"","ecx",4));	# ecx becomes vector size in bytes
-	&lea	("ebp",&DWP(64,"","ecx",4));	# allocate 4 vectors + 64 bytes
-	&neg	("ebp");
-	&add	("ebp","esp");
-	&and	("ebp",-64);		# align to cache-line
-	&xchg	("ebp","esp");		# alloca
-
-	&mov	($rp,"edi");		# save rp
-	&mov	($sp,"ebp");		# save esp
-
-	&mov	($mZeroPrime,"esi");
-	&lea	("esi",&DWP(64,"esp"));	# tp
-	&mov	($T,"esi");
-	&lea	("edi",&DWP(32,"esp"));	# scratch area
-	&mov	($scratch,"edi");
-	&mov	("esi","eax");
-
-	&lea	("ebp",&DWP(-$pad,"ecx"));
-	&shr	("ebp",2);		# restore original num value in ebp
-
-	&xor	("eax","eax");
-
-	&mov	("ecx","ebp");
-	&lea	("ecx",&DWP((32+$pad)/4,"ecx"));# padded tp + scratch
-	&data_byte(0xf3,0xab);		# rep stosl, bzero
-
-	&mov	("ecx","ebp");
-	&lea	("edi",&DWP(64+$pad,"esp","ecx",4));# pointer to ap copy
-	&mov	($A,"edi");
-	&data_byte(0xf3,0xa5);		# rep movsl, memcpy
-	&mov	("ecx",$pad/4);
-	&data_byte(0xf3,0xab);		# rep stosl, bzero pad
-	# edi points at the end of padded ap copy...
-
-	&mov	("ecx","ebp");
-	&mov	("esi","ebx");
-	&mov	($B,"edi");
-	&data_byte(0xf3,0xa5);		# rep movsl, memcpy
-	&mov	("ecx",$pad/4);
-	&data_byte(0xf3,0xab);		# rep stosl, bzero pad
-	# edi points at the end of padded bp copy...
-
-	&mov	("ecx","ebp");
-	&mov	("esi","edx");
-	&mov	($M,"edi");
-	&data_byte(0xf3,0xa5);		# rep movsl, memcpy
-	&mov	("ecx",$pad/4);
-	&data_byte(0xf3,0xab);		# rep stosl, bzero pad
-	# edi points at the end of padded np copy...
-
-	# let magic happen...
-	&mov	("ecx","ebp");
-	&mov	("esi","esp");
-	&shl	("ecx",5);		# convert word counter to bit counter
-	&align	(4);
-	&data_byte(0xf3,0x0f,0xa6,0xc0);# rep montmul
-
-	&mov	("ecx","ebp");
-	&lea	("esi",&DWP(64,"esp"));		# tp
-	# edi still points at the end of padded np copy...
-	&neg	("ebp");
-	&lea	("ebp",&DWP(-$pad,"edi","ebp",4));	# so just "rewind"
-	&mov	("edi",$rp);			# restore rp
-	&xor	("edx","edx");			# i=0 and clear CF
-
-&set_label("sub",8);
-	&mov	("eax",&DWP(0,"esi","edx",4));
-	&sbb	("eax",&DWP(0,"ebp","edx",4));
-	&mov	(&DWP(0,"edi","edx",4),"eax");	# rp[i]=tp[i]-np[i]
-	&lea	("edx",&DWP(1,"edx"));		# i++
-	&loop	(&label("sub"));		# doesn't affect CF!
-
-	&mov	("eax",&DWP(0,"esi","edx",4));	# upmost overflow bit
-	&sbb	("eax",0);
-	&and	("esi","eax");
-	&not	("eax");
-	&mov	("ebp","edi");
-	&and	("ebp","eax");
-	&or	("esi","ebp");			# tp=carry?tp:rp
-
-	&mov	("ecx","edx");			# num
-	&xor	("edx","edx");			# i=0
-
-&set_label("copy",8);
-	&mov	("eax",&DWP(0,"esi","edx",4));
-	&mov	(&DWP(64,"esp","edx",4),"ecx");	# zap tp
-	&mov	(&DWP(0,"edi","edx",4),"eax");
-	&lea	("edx",&DWP(1,"edx"));		# i++
-	&loop	(&label("copy"));
-
-	&mov	("ebp",$sp);
-	&xor	("eax","eax");
-
-	&mov	("ecx",64/4);
-	&mov	("edi","esp");		# zap frame including scratch area
-	&data_byte(0xf3,0xab);		# rep stosl, bzero
-
-	# zap copies of ap, bp and np
-	&lea	("edi",&DWP(64+$pad,"esp","edx",4));# pointer to ap
-	&lea	("ecx",&DWP(3*$pad/4,"edx","edx",2));
-	&data_byte(0xf3,0xab);		# rep stosl, bzero
-
-	&mov	("esp","ebp");
-	&inc	("eax");		# signal "done"
-	&popf	();
-&set_label("leave");
-&function_end($func);
-
-&asciz("Padlock Montgomery Multiplication, CRYPTOGAMS by <appro\@openssl.org>");
-
-&asm_finish();
diff --git a/crypto/bn/asm/x86-gf2m.S b/crypto/bn/asm/x86-gf2m.S
deleted file mode 100644
index 9ed29ae00e..0000000000
--- a/crypto/bn/asm/x86-gf2m.S
+++ /dev/null
@@ -1,347 +0,0 @@
-.file	"crypto/bn/asm/x86-gf2m.s"
-.text
-.type	_mul_1x1_mmx,@function
-.align	16
-_mul_1x1_mmx:
-	subl	$36,%esp
-	movl	%eax,%ecx
-	leal	(%eax,%eax,1),%edx
-	andl	$1073741823,%ecx
-	leal	(%edx,%edx,1),%ebp
-	movl	$0,(%esp)
-	andl	$2147483647,%edx
-	movd	%eax,%mm2
-	movd	%ebx,%mm3
-	movl	%ecx,4(%esp)
-	xorl	%edx,%ecx
-	pxor	%mm5,%mm5
-	pxor	%mm4,%mm4
-	movl	%edx,8(%esp)
-	xorl	%ebp,%edx
-	movl	%ecx,12(%esp)
-	pcmpgtd	%mm2,%mm5
-	paddd	%mm2,%mm2
-	xorl	%edx,%ecx
-	movl	%ebp,16(%esp)
-	xorl	%edx,%ebp
-	pand	%mm3,%mm5
-	pcmpgtd	%mm2,%mm4
-	movl	%ecx,20(%esp)
-	xorl	%ecx,%ebp
-	psllq	$31,%mm5
-	pand	%mm3,%mm4
-	movl	%edx,24(%esp)
-	movl	$7,%esi
-	movl	%ebp,28(%esp)
-	movl	%esi,%ebp
-	andl	%ebx,%esi
-	shrl	$3,%ebx
-	movl	%ebp,%edi
-	psllq	$30,%mm4
-	andl	%ebx,%edi
-	shrl	$3,%ebx
-	movd	(%esp,%esi,4),%mm0
-	movl	%ebp,%esi
-	andl	%ebx,%esi
-	shrl	$3,%ebx
-	movd	(%esp,%edi,4),%mm2
-	movl	%ebp,%edi
-	psllq	$3,%mm2
-	andl	%ebx,%edi
-	shrl	$3,%ebx
-	pxor	%mm2,%mm0
-	movd	(%esp,%esi,4),%mm1
-	movl	%ebp,%esi
-	psllq	$6,%mm1
-	andl	%ebx,%esi
-	shrl	$3,%ebx
-	pxor	%mm1,%mm0
-	movd	(%esp,%edi,4),%mm2
-	movl	%ebp,%edi
-	psllq	$9,%mm2
-	andl	%ebx,%edi
-	shrl	$3,%ebx
-	pxor	%mm2,%mm0
-	movd	(%esp,%esi,4),%mm1
-	movl	%ebp,%esi
-	psllq	$12,%mm1
-	andl	%ebx,%esi
-	shrl	$3,%ebx
-	pxor	%mm1,%mm0
-	movd	(%esp,%edi,4),%mm2
-	movl	%ebp,%edi
-	psllq	$15,%mm2
-	andl	%ebx,%edi
-	shrl	$3,%ebx
-	pxor	%mm2,%mm0
-	movd	(%esp,%esi,4),%mm1
-	movl	%ebp,%esi
-	psllq	$18,%mm1
-	andl	%ebx,%esi
-	shrl	$3,%ebx
-	pxor	%mm1,%mm0
-	movd	(%esp,%edi,4),%mm2
-	movl	%ebp,%edi
-	psllq	$21,%mm2
-	andl	%ebx,%edi
-	shrl	$3,%ebx
-	pxor	%mm2,%mm0
-	movd	(%esp,%esi,4),%mm1
-	movl	%ebp,%esi
-	psllq	$24,%mm1
-	andl	%ebx,%esi
-	shrl	$3,%ebx
-	pxor	%mm1,%mm0
-	movd	(%esp,%edi,4),%mm2
-	pxor	%mm4,%mm0
-	psllq	$27,%mm2
-	pxor	%mm2,%mm0
-	movd	(%esp,%esi,4),%mm1
-	pxor	%mm5,%mm0
-	psllq	$30,%mm1
-	addl	$36,%esp
-	pxor	%mm1,%mm0
-	ret
-.size	_mul_1x1_mmx,.-_mul_1x1_mmx
-.type	_mul_1x1_ialu,@function
-.align	16
-_mul_1x1_ialu:
-	subl	$36,%esp
-	movl	%eax,%ecx
-	leal	(%eax,%eax,1),%edx
-	leal	(,%eax,4),%ebp
-	andl	$1073741823,%ecx
-	leal	(%eax,%eax,1),%edi
-	sarl	$31,%eax
-	movl	$0,(%esp)
-	andl	$2147483647,%edx
-	movl	%ecx,4(%esp)
-	xorl	%edx,%ecx
-	movl	%edx,8(%esp)
-	xorl	%ebp,%edx
-	movl	%ecx,12(%esp)
-	xorl	%edx,%ecx
-	movl	%ebp,16(%esp)
-	xorl	%edx,%ebp
-	movl	%ecx,20(%esp)
-	xorl	%ecx,%ebp
-	sarl	$31,%edi
-	andl	%ebx,%eax
-	movl	%edx,24(%esp)
-	andl	%ebx,%edi
-	movl	%ebp,28(%esp)
-	movl	%eax,%edx
-	shll	$31,%eax
-	movl	%edi,%ecx
-	shrl	$1,%edx
-	movl	$7,%esi
-	shll	$30,%edi
-	andl	%ebx,%esi
-	shrl	$2,%ecx
-	xorl	%edi,%eax
-	shrl	$3,%ebx
-	movl	$7,%edi
-	andl	%ebx,%edi
-	shrl	$3,%ebx
-	xorl	%ecx,%edx
-	xorl	(%esp,%esi,4),%eax
-	movl	$7,%esi
-	andl	%ebx,%esi
-	shrl	$3,%ebx
-	movl	(%esp,%edi,4),%ebp
-	movl	$7,%edi
-	movl	%ebp,%ecx
-	shll	$3,%ebp
-	andl	%ebx,%edi
-	shrl	$29,%ecx
-	xorl	%ebp,%eax
-	shrl	$3,%ebx
-	xorl	%ecx,%edx
-	movl	(%esp,%esi,4),%ecx
-	movl	$7,%esi
-	movl	%ecx,%ebp
-	shll	$6,%ecx
-	andl	%ebx,%esi
-	shrl	$26,%ebp
-	xorl	%ecx,%eax
-	shrl	$3,%ebx
-	xorl	%ebp,%edx
-	movl	(%esp,%edi,4),%ebp
-	movl	$7,%edi
-	movl	%ebp,%ecx
-	shll	$9,%ebp
-	andl	%ebx,%edi
-	shrl	$23,%ecx
-	xorl	%ebp,%eax
-	shrl	$3,%ebx
-	xorl	%ecx,%edx
-	movl	(%esp,%esi,4),%ecx
-	movl	$7,%esi
-	movl	%ecx,%ebp
-	shll	$12,%ecx
-	andl	%ebx,%esi
-	shrl	$20,%ebp
-	xorl	%ecx,%eax
-	shrl	$3,%ebx
-	xorl	%ebp,%edx
-	movl	(%esp,%edi,4),%ebp
-	movl	$7,%edi
-	movl	%ebp,%ecx
-	shll	$15,%ebp
-	andl	%ebx,%edi
-	shrl	$17,%ecx
-	xorl	%ebp,%eax
-	shrl	$3,%ebx
-	xorl	%ecx,%edx
-	movl	(%esp,%esi,4),%ecx
-	movl	$7,%esi
-	movl	%ecx,%ebp
-	shll	$18,%ecx
-	andl	%ebx,%esi
-	shrl	$14,%ebp
-	xorl	%ecx,%eax
-	shrl	$3,%ebx
-	xorl	%ebp,%edx
-	movl	(%esp,%edi,4),%ebp
-	movl	$7,%edi
-	movl	%ebp,%ecx
-	shll	$21,%ebp
-	andl	%ebx,%edi
-	shrl	$11,%ecx
-	xorl	%ebp,%eax
-	shrl	$3,%ebx
-	xorl	%ecx,%edx
-	movl	(%esp,%esi,4),%ecx
-	movl	$7,%esi
-	movl	%ecx,%ebp
-	shll	$24,%ecx
-	andl	%ebx,%esi
-	shrl	$8,%ebp
-	xorl	%ecx,%eax
-	shrl	$3,%ebx
-	xorl	%ebp,%edx
-	movl	(%esp,%edi,4),%ebp
-	movl	%ebp,%ecx
-	shll	$27,%ebp
-	movl	(%esp,%esi,4),%edi
-	shrl	$5,%ecx
-	movl	%edi,%esi
-	xorl	%ebp,%eax
-	shll	$30,%edi
-	xorl	%ecx,%edx
-	shrl	$2,%esi
-	xorl	%edi,%eax
-	xorl	%esi,%edx
-	addl	$36,%esp
-	ret
-.size	_mul_1x1_ialu,.-_mul_1x1_ialu
-.globl	bn_GF2m_mul_2x2
-.type	bn_GF2m_mul_2x2,@function
-.align	16
-bn_GF2m_mul_2x2:
-.L_bn_GF2m_mul_2x2_begin:
-	call	.L000PIC_me_up
-.L000PIC_me_up:
-	popl	%edx
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L000PIC_me_up](%edx),%edx
-	movl	OPENSSL_ia32cap_P@GOT(%edx),%edx
-	movl	(%edx),%eax
-	movl	4(%edx),%edx
-	testl	$8388608,%eax
-	jz	.L001ialu
-	testl	$16777216,%eax
-	jz	.L002mmx
-	testl	$2,%edx
-	jz	.L002mmx
-	movups	8(%esp),%xmm0
-	shufps	$177,%xmm0,%xmm0
-.byte	102,15,58,68,192,1
-	movl	4(%esp),%eax
-	movups	%xmm0,(%eax)
-	ret
-.align	16
-.L002mmx:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	24(%esp),%eax
-	movl	32(%esp),%ebx
-	call	_mul_1x1_mmx
-	movq	%mm0,%mm7
-	movl	28(%esp),%eax
-	movl	36(%esp),%ebx
-	call	_mul_1x1_mmx
-	movq	%mm0,%mm6
-	movl	24(%esp),%eax
-	movl	32(%esp),%ebx
-	xorl	28(%esp),%eax
-	xorl	36(%esp),%ebx
-	call	_mul_1x1_mmx
-	pxor	%mm7,%mm0
-	movl	20(%esp),%eax
-	pxor	%mm6,%mm0
-	movq	%mm0,%mm2
-	psllq	$32,%mm0
-	popl	%edi
-	psrlq	$32,%mm2
-	popl	%esi
-	pxor	%mm6,%mm0
-	popl	%ebx
-	pxor	%mm7,%mm2
-	movq	%mm0,(%eax)
-	popl	%ebp
-	movq	%mm2,8(%eax)
-	emms
-	ret
-.align	16
-.L001ialu:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	subl	$20,%esp
-	movl	44(%esp),%eax
-	movl	52(%esp),%ebx
-	call	_mul_1x1_ialu
-	movl	%eax,8(%esp)
-	movl	%edx,12(%esp)
-	movl	48(%esp),%eax
-	movl	56(%esp),%ebx
-	call	_mul_1x1_ialu
-	movl	%eax,(%esp)
-	movl	%edx,4(%esp)
-	movl	44(%esp),%eax
-	movl	52(%esp),%ebx
-	xorl	48(%esp),%eax
-	xorl	56(%esp),%ebx
-	call	_mul_1x1_ialu
-	movl	40(%esp),%ebp
-	movl	(%esp),%ebx
-	movl	4(%esp),%ecx
-	movl	8(%esp),%edi
-	movl	12(%esp),%esi
-	xorl	%edx,%eax
-	xorl	%ecx,%edx
-	xorl	%ebx,%eax
-	movl	%ebx,(%ebp)
-	xorl	%edi,%edx
-	movl	%esi,12(%ebp)
-	xorl	%esi,%eax
-	addl	$20,%esp
-	xorl	%esi,%edx
-	popl	%edi
-	xorl	%edx,%eax
-	popl	%esi
-	movl	%edx,8(%ebp)
-	popl	%ebx
-	movl	%eax,4(%ebp)
-	popl	%ebp
-	ret
-.size	bn_GF2m_mul_2x2,.-.L_bn_GF2m_mul_2x2_begin
-.byte	71,70,40,50,94,109,41,32,77,117,108,116,105,112,108,105
-.byte	99,97,116,105,111,110,32,102,111,114,32,120,56,54,44,32
-.byte	67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97
-.byte	112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103
-.byte	62,0
-.comm	OPENSSL_ia32cap_P,8,4
diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl
deleted file mode 100644
index b579530272..0000000000
--- a/crypto/bn/asm/x86-gf2m.pl
+++ /dev/null
@@ -1,313 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# May 2011
-#
-# The module implements bn_GF2m_mul_2x2 polynomial multiplication used
-# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
-# the time being... Except that it has three code paths: pure integer
-# code suitable for any x86 CPU, MMX code suitable for PIII and later
-# and PCLMULQDQ suitable for Westmere and later. Improvement varies
-# from one benchmark and µ-arch to another. Below are interval values
-# for 163- and 571-bit ECDH benchmarks relative to compiler-generated
-# code:
-#
-# PIII		16%-30%
-# P4		12%-12%
-# Opteron	18%-40%
-# Core2		19%-44%
-# Atom		38%-64%
-# Westmere	53%-121%(PCLMULQDQ)/20%-32%(MMX)
-# Sandy Bridge	72%-127%(PCLMULQDQ)/27%-23%(MMX)
-#
-# Note that above improvement coefficients are not coefficients for
-# bn_GF2m_mul_2x2 itself. For example 120% ECDH improvement is result
-# of bn_GF2m_mul_2x2 being >4x faster. As it gets faster, benchmark
-# is more and more dominated by other subroutines, most notably by
-# BN_GF2m_mod[_mul]_arr...
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],$0,$x86only = $ARGV[$#ARGV] eq "386");
-
-$sse2=0;
-for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-
-&external_label("OPENSSL_ia32cap_P") if ($sse2);
-
-$a="eax";
-$b="ebx";
-($a1,$a2,$a4)=("ecx","edx","ebp");
-
-$R="mm0";
-@T=("mm1","mm2");
-($A,$B,$B30,$B31)=("mm2","mm3","mm4","mm5");
-@i=("esi","edi");
-
-					if (!$x86only) {
-&function_begin_B("_mul_1x1_mmx");
-	&sub	("esp",32+4);
-	 &mov	($a1,$a);
-	 &lea	($a2,&DWP(0,$a,$a));
-	 &and	($a1,0x3fffffff);
-	 &lea	($a4,&DWP(0,$a2,$a2));
-	 &mov	(&DWP(0*4,"esp"),0);
-	 &and	($a2,0x7fffffff);
-	&movd	($A,$a);
-	&movd	($B,$b);
-	 &mov	(&DWP(1*4,"esp"),$a1);	# a1
-	 &xor	($a1,$a2);		# a1^a2
-	&pxor	($B31,$B31);
-	&pxor	($B30,$B30);
-	 &mov	(&DWP(2*4,"esp"),$a2);	# a2
-	 &xor	($a2,$a4);		# a2^a4
-	 &mov	(&DWP(3*4,"esp"),$a1);	# a1^a2
-	&pcmpgtd($B31,$A);		# broadcast 31st bit
-	&paddd	($A,$A);		# $A<<=1
-	 &xor	($a1,$a2);		# a1^a4=a1^a2^a2^a4
-	 &mov	(&DWP(4*4,"esp"),$a4);	# a4
-	 &xor	($a4,$a2);		# a2=a4^a2^a4
-	&pand	($B31,$B);
-	&pcmpgtd($B30,$A);		# broadcast 30th bit
-	 &mov	(&DWP(5*4,"esp"),$a1);	# a1^a4
-	 &xor	($a4,$a1);		# a1^a2^a4
-	&psllq	($B31,31);
-	&pand	($B30,$B);
-	 &mov	(&DWP(6*4,"esp"),$a2);	# a2^a4
-	&mov	(@i[0],0x7);
-	 &mov	(&DWP(7*4,"esp"),$a4);	# a1^a2^a4
-	 &mov	($a4,@i[0]);
-	&and	(@i[0],$b);
-	&shr	($b,3);
-	&mov	(@i[1],$a4);
-	&psllq	($B30,30);
-	&and	(@i[1],$b);
-	&shr	($b,3);
-	&movd	($R,&DWP(0,"esp",@i[0],4));
-	&mov	(@i[0],$a4);
-	&and	(@i[0],$b);
-	&shr	($b,3);
-	for($n=1;$n<9;$n++) {
-		&movd	(@T[1],&DWP(0,"esp",@i[1],4));
-		&mov	(@i[1],$a4);
-		&psllq	(@T[1],3*$n);
-		&and	(@i[1],$b);
-		&shr	($b,3);
-		&pxor	($R,@T[1]);
-
-		push(@i,shift(@i)); push(@T,shift(@T));
-	}
-	&movd	(@T[1],&DWP(0,"esp",@i[1],4));
-	&pxor	($R,$B30);
-	&psllq	(@T[1],3*$n++);
-	&pxor	($R,@T[1]);
-
-	&movd	(@T[0],&DWP(0,"esp",@i[0],4));
-	&pxor	($R,$B31);
-	&psllq	(@T[0],3*$n);
-	&add	("esp",32+4);
-	&pxor	($R,@T[0]);
-	&ret	();
-&function_end_B("_mul_1x1_mmx");
-					}
-
-($lo,$hi)=("eax","edx");
-@T=("ecx","ebp");
-
-&function_begin_B("_mul_1x1_ialu");
-	&sub	("esp",32+4);
-	 &mov	($a1,$a);
-	 &lea	($a2,&DWP(0,$a,$a));
-	 &lea	($a4,&DWP(0,"",$a,4));
-	 &and	($a1,0x3fffffff);
-	&lea	(@i[1],&DWP(0,$lo,$lo));
-	&sar	($lo,31);		# broadcast 31st bit
-	 &mov	(&DWP(0*4,"esp"),0);
-	 &and	($a2,0x7fffffff);
-	 &mov	(&DWP(1*4,"esp"),$a1);	# a1
-	 &xor	($a1,$a2);		# a1^a2
-	 &mov	(&DWP(2*4,"esp"),$a2);	# a2
-	 &xor	($a2,$a4);		# a2^a4
-	 &mov	(&DWP(3*4,"esp"),$a1);	# a1^a2
-	 &xor	($a1,$a2);		# a1^a4=a1^a2^a2^a4
-	 &mov	(&DWP(4*4,"esp"),$a4);	# a4
-	 &xor	($a4,$a2);		# a2=a4^a2^a4
-	 &mov	(&DWP(5*4,"esp"),$a1);	# a1^a4
-	 &xor	($a4,$a1);		# a1^a2^a4
-	&sar	(@i[1],31);		# broardcast 30th bit
-	&and	($lo,$b);
-	 &mov	(&DWP(6*4,"esp"),$a2);	# a2^a4
-	&and	(@i[1],$b);
-	 &mov	(&DWP(7*4,"esp"),$a4);	# a1^a2^a4
-	&mov	($hi,$lo);
-	&shl	($lo,31);
-	&mov	(@T[0],@i[1]);
-	&shr	($hi,1);
-
-	 &mov	(@i[0],0x7);
-	&shl	(@i[1],30);
-	 &and	(@i[0],$b);
-	&shr	(@T[0],2);
-	&xor	($lo,@i[1]);
-
-	&shr	($b,3);
-	&mov	(@i[1],0x7);		# 5-byte instruction!?
-	&and	(@i[1],$b);
-	&shr	($b,3);
-	 &xor	($hi,@T[0]);
-	&xor	($lo,&DWP(0,"esp",@i[0],4));
-	&mov	(@i[0],0x7);
-	&and	(@i[0],$b);
-	&shr	($b,3);
-	for($n=1;$n<9;$n++) {
-		&mov	(@T[1],&DWP(0,"esp",@i[1],4));
-		&mov	(@i[1],0x7);
-		&mov	(@T[0],@T[1]);
-		&shl	(@T[1],3*$n);
-		&and	(@i[1],$b);
-		&shr	(@T[0],32-3*$n);
-		&xor	($lo,@T[1]);
-		&shr	($b,3);
-		&xor	($hi,@T[0]);
-
-		push(@i,shift(@i)); push(@T,shift(@T));
-	}
-	&mov	(@T[1],&DWP(0,"esp",@i[1],4));
-	&mov	(@T[0],@T[1]);
-	&shl	(@T[1],3*$n);
-	&mov	(@i[1],&DWP(0,"esp",@i[0],4));
-	&shr	(@T[0],32-3*$n);	$n++;
-	&mov	(@i[0],@i[1]);
-	&xor	($lo,@T[1]);
-	&shl	(@i[1],3*$n);
-	&xor	($hi,@T[0]);
-	&shr	(@i[0],32-3*$n);
-	&xor	($lo,@i[1]);
-	&xor	($hi,@i[0]);
-
-	&add	("esp",32+4);
-	&ret	();
-&function_end_B("_mul_1x1_ialu");
-
-# void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, BN_ULONG b0);
-&function_begin_B("bn_GF2m_mul_2x2");
-if (!$x86only) {
-	&picmeup("edx","OPENSSL_ia32cap_P");
-	&mov	("eax",&DWP(0,"edx"));
-	&mov	("edx",&DWP(4,"edx"));
-	&test	("eax",1<<23);		# check MMX bit
-	&jz	(&label("ialu"));
-if ($sse2) {
-	&test	("eax",1<<24);		# check FXSR bit
-	&jz	(&label("mmx"));
-	&test	("edx",1<<1);		# check PCLMULQDQ bit
-	&jz	(&label("mmx"));
-
-	&movups		("xmm0",&QWP(8,"esp"));
-	&shufps		("xmm0","xmm0",0b10110001);
-	&pclmulqdq	("xmm0","xmm0",1);
-	&mov		("eax",&DWP(4,"esp"));
-	&movups		(&QWP(0,"eax"),"xmm0");
-	&ret	();
-
-&set_label("mmx",16);
-}
-	&push	("ebp");
-	&push	("ebx");
-	&push	("esi");
-	&push	("edi");
-	&mov	($a,&wparam(1));
-	&mov	($b,&wparam(3));
-	&call	("_mul_1x1_mmx");	# a1·b1
-	&movq	("mm7",$R);
-
-	&mov	($a,&wparam(2));
-	&mov	($b,&wparam(4));
-	&call	("_mul_1x1_mmx");	# a0·b0
-	&movq	("mm6",$R);
-
-	&mov	($a,&wparam(1));
-	&mov	($b,&wparam(3));
-	&xor	($a,&wparam(2));
-	&xor	($b,&wparam(4));
-	&call	("_mul_1x1_mmx");	# (a0+a1)·(b0+b1)
-	&pxor	($R,"mm7");
-	&mov	($a,&wparam(0));
-	&pxor	($R,"mm6");		# (a0+a1)·(b0+b1)-a1·b1-a0·b0
-
-	&movq	($A,$R);
-	&psllq	($R,32);
-	&pop	("edi");
-	&psrlq	($A,32);
-	&pop	("esi");
-	&pxor	($R,"mm6");
-	&pop	("ebx");
-	&pxor	($A,"mm7");
-	&movq	(&QWP(0,$a),$R);
-	&pop	("ebp");
-	&movq	(&QWP(8,$a),$A);
-	&emms	();
-	&ret	();
-&set_label("ialu",16);
-}
-	&push	("ebp");
-	&push	("ebx");
-	&push	("esi");
-	&push	("edi");
-	&stack_push(4+1);
-
-	&mov	($a,&wparam(1));
-	&mov	($b,&wparam(3));
-	&call	("_mul_1x1_ialu");	# a1·b1
-	&mov	(&DWP(8,"esp"),$lo);
-	&mov	(&DWP(12,"esp"),$hi);
-
-	&mov	($a,&wparam(2));
-	&mov	($b,&wparam(4));
-	&call	("_mul_1x1_ialu");	# a0·b0
-	&mov	(&DWP(0,"esp"),$lo);
-	&mov	(&DWP(4,"esp"),$hi);
-
-	&mov	($a,&wparam(1));
-	&mov	($b,&wparam(3));
-	&xor	($a,&wparam(2));
-	&xor	($b,&wparam(4));
-	&call	("_mul_1x1_ialu");	# (a0+a1)·(b0+b1)
-
-	&mov	("ebp",&wparam(0));
-		 @r=("ebx","ecx","edi","esi");
-	&mov	(@r[0],&DWP(0,"esp"));
-	&mov	(@r[1],&DWP(4,"esp"));
-	&mov	(@r[2],&DWP(8,"esp"));
-	&mov	(@r[3],&DWP(12,"esp"));
-
-	&xor	($lo,$hi);
-	&xor	($hi,@r[1]);
-	&xor	($lo,@r[0]);
-	&mov	(&DWP(0,"ebp"),@r[0]);
-	&xor	($hi,@r[2]);
-	&mov	(&DWP(12,"ebp"),@r[3]);
-	&xor	($lo,@r[3]);
-	&stack_pop(4+1);
-	&xor	($hi,@r[3]);
-	&pop	("edi");
-	&xor	($lo,$hi);
-	&pop	("esi");
-	&mov	(&DWP(8,"ebp"),$hi);
-	&pop	("ebx");
-	&mov	(&DWP(4,"ebp"),$lo);
-	&pop	("ebp");
-	&ret	();
-&function_end_B("bn_GF2m_mul_2x2");
-
-&asciz	("GF(2^m) Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>");
-
-&asm_finish();
diff --git a/crypto/bn/asm/x86-mont.S b/crypto/bn/asm/x86-mont.S
deleted file mode 100644
index c701e9e390..0000000000
--- a/crypto/bn/asm/x86-mont.S
+++ /dev/null
@@ -1,460 +0,0 @@
-.file	"crypto/bn/asm/x86-mont.s"
-.text
-.globl	bn_mul_mont
-.type	bn_mul_mont,@function
-.align	16
-bn_mul_mont:
-.L_bn_mul_mont_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	xorl	%eax,%eax
-	movl	40(%esp),%edi
-	cmpl	$4,%edi
-	jl	.L000just_leave
-	leal	20(%esp),%esi
-	leal	24(%esp),%edx
-	movl	%esp,%ebp
-	addl	$2,%edi
-	negl	%edi
-	leal	-32(%esp,%edi,4),%esp
-	negl	%edi
-	movl	%esp,%eax
-	subl	%edx,%eax
-	andl	$2047,%eax
-	subl	%eax,%esp
-	xorl	%esp,%edx
-	andl	$2048,%edx
-	xorl	$2048,%edx
-	subl	%edx,%esp
-	andl	$-64,%esp
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	movl	16(%esi),%esi
-	movl	(%esi),%esi
-	movl	%eax,4(%esp)
-	movl	%ebx,8(%esp)
-	movl	%ecx,12(%esp)
-	movl	%edx,16(%esp)
-	movl	%esi,20(%esp)
-	leal	-3(%edi),%ebx
-	movl	%ebp,24(%esp)
-	call	.L001PIC_me_up
-.L001PIC_me_up:
-	popl	%eax
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L001PIC_me_up](%eax),%eax
-	movl	OPENSSL_ia32cap_P@GOT(%eax),%eax
-	btl	$26,(%eax)
-	jnc	.L002non_sse2
-	movl	$-1,%eax
-	movd	%eax,%mm7
-	movl	8(%esp),%esi
-	movl	12(%esp),%edi
-	movl	16(%esp),%ebp
-	xorl	%edx,%edx
-	xorl	%ecx,%ecx
-	movd	(%edi),%mm4
-	movd	(%esi),%mm5
-	movd	(%ebp),%mm3
-	pmuludq	%mm4,%mm5
-	movq	%mm5,%mm2
-	movq	%mm5,%mm0
-	pand	%mm7,%mm0
-	pmuludq	20(%esp),%mm5
-	pmuludq	%mm5,%mm3
-	paddq	%mm0,%mm3
-	movd	4(%ebp),%mm1
-	movd	4(%esi),%mm0
-	psrlq	$32,%mm2
-	psrlq	$32,%mm3
-	incl	%ecx
-.align	16
-.L0031st:
-	pmuludq	%mm4,%mm0
-	pmuludq	%mm5,%mm1
-	paddq	%mm0,%mm2
-	paddq	%mm1,%mm3
-	movq	%mm2,%mm0
-	pand	%mm7,%mm0
-	movd	4(%ebp,%ecx,4),%mm1
-	paddq	%mm0,%mm3
-	movd	4(%esi,%ecx,4),%mm0
-	psrlq	$32,%mm2
-	movd	%mm3,28(%esp,%ecx,4)
-	psrlq	$32,%mm3
-	leal	1(%ecx),%ecx
-	cmpl	%ebx,%ecx
-	jl	.L0031st
-	pmuludq	%mm4,%mm0
-	pmuludq	%mm5,%mm1
-	paddq	%mm0,%mm2
-	paddq	%mm1,%mm3
-	movq	%mm2,%mm0
-	pand	%mm7,%mm0
-	paddq	%mm0,%mm3
-	movd	%mm3,28(%esp,%ecx,4)
-	psrlq	$32,%mm2
-	psrlq	$32,%mm3
-	paddq	%mm2,%mm3
-	movq	%mm3,32(%esp,%ebx,4)
-	incl	%edx
-.L004outer:
-	xorl	%ecx,%ecx
-	movd	(%edi,%edx,4),%mm4
-	movd	(%esi),%mm5
-	movd	32(%esp),%mm6
-	movd	(%ebp),%mm3
-	pmuludq	%mm4,%mm5
-	paddq	%mm6,%mm5
-	movq	%mm5,%mm0
-	movq	%mm5,%mm2
-	pand	%mm7,%mm0
-	pmuludq	20(%esp),%mm5
-	pmuludq	%mm5,%mm3
-	paddq	%mm0,%mm3
-	movd	36(%esp),%mm6
-	movd	4(%ebp),%mm1
-	movd	4(%esi),%mm0
-	psrlq	$32,%mm2
-	psrlq	$32,%mm3
-	paddq	%mm6,%mm2
-	incl	%ecx
-	decl	%ebx
-.L005inner:
-	pmuludq	%mm4,%mm0
-	pmuludq	%mm5,%mm1
-	paddq	%mm0,%mm2
-	paddq	%mm1,%mm3
-	movq	%mm2,%mm0
-	movd	36(%esp,%ecx,4),%mm6
-	pand	%mm7,%mm0
-	movd	4(%ebp,%ecx,4),%mm1
-	paddq	%mm0,%mm3
-	movd	4(%esi,%ecx,4),%mm0
-	psrlq	$32,%mm2
-	movd	%mm3,28(%esp,%ecx,4)
-	psrlq	$32,%mm3
-	paddq	%mm6,%mm2
-	decl	%ebx
-	leal	1(%ecx),%ecx
-	jnz	.L005inner
-	movl	%ecx,%ebx
-	pmuludq	%mm4,%mm0
-	pmuludq	%mm5,%mm1
-	paddq	%mm0,%mm2
-	paddq	%mm1,%mm3
-	movq	%mm2,%mm0
-	pand	%mm7,%mm0
-	paddq	%mm0,%mm3
-	movd	%mm3,28(%esp,%ecx,4)
-	psrlq	$32,%mm2
-	psrlq	$32,%mm3
-	movd	36(%esp,%ebx,4),%mm6
-	paddq	%mm2,%mm3
-	paddq	%mm6,%mm3
-	movq	%mm3,32(%esp,%ebx,4)
-	leal	1(%edx),%edx
-	cmpl	%ebx,%edx
-	jle	.L004outer
-	emms
-	jmp	.L006common_tail
-.align	16
-.L002non_sse2:
-	movl	8(%esp),%esi
-	leal	1(%ebx),%ebp
-	movl	12(%esp),%edi
-	xorl	%ecx,%ecx
-	movl	%esi,%edx
-	andl	$1,%ebp
-	subl	%edi,%edx
-	leal	4(%edi,%ebx,4),%eax
-	orl	%edx,%ebp
-	movl	(%edi),%edi
-	jz	.L007bn_sqr_mont
-	movl	%eax,28(%esp)
-	movl	(%esi),%eax
-	xorl	%edx,%edx
-.align	16
-.L008mull:
-	movl	%edx,%ebp
-	mull	%edi
-	addl	%eax,%ebp
-	leal	1(%ecx),%ecx
-	adcl	$0,%edx
-	movl	(%esi,%ecx,4),%eax
-	cmpl	%ebx,%ecx
-	movl	%ebp,28(%esp,%ecx,4)
-	jl	.L008mull
-	movl	%edx,%ebp
-	mull	%edi
-	movl	20(%esp),%edi
-	addl	%ebp,%eax
-	movl	16(%esp),%esi
-	adcl	$0,%edx
-	imull	32(%esp),%edi
-	movl	%eax,32(%esp,%ebx,4)
-	xorl	%ecx,%ecx
-	movl	%edx,36(%esp,%ebx,4)
-	movl	%ecx,40(%esp,%ebx,4)
-	movl	(%esi),%eax
-	mull	%edi
-	addl	32(%esp),%eax
-	movl	4(%esi),%eax
-	adcl	$0,%edx
-	incl	%ecx
-	jmp	.L0092ndmadd
-.align	16
-.L0101stmadd:
-	movl	%edx,%ebp
-	mull	%edi
-	addl	32(%esp,%ecx,4),%ebp
-	leal	1(%ecx),%ecx
-	adcl	$0,%edx
-	addl	%eax,%ebp
-	movl	(%esi,%ecx,4),%eax
-	adcl	$0,%edx
-	cmpl	%ebx,%ecx
-	movl	%ebp,28(%esp,%ecx,4)
-	jl	.L0101stmadd
-	movl	%edx,%ebp
-	mull	%edi
-	addl	32(%esp,%ebx,4),%eax
-	movl	20(%esp),%edi
-	adcl	$0,%edx
-	movl	16(%esp),%esi
-	addl	%eax,%ebp
-	adcl	$0,%edx
-	imull	32(%esp),%edi
-	xorl	%ecx,%ecx
-	addl	36(%esp,%ebx,4),%edx
-	movl	%ebp,32(%esp,%ebx,4)
-	adcl	$0,%ecx
-	movl	(%esi),%eax
-	movl	%edx,36(%esp,%ebx,4)
-	movl	%ecx,40(%esp,%ebx,4)
-	mull	%edi
-	addl	32(%esp),%eax
-	movl	4(%esi),%eax
-	adcl	$0,%edx
-	movl	$1,%ecx
-.align	16
-.L0092ndmadd:
-	movl	%edx,%ebp
-	mull	%edi
-	addl	32(%esp,%ecx,4),%ebp
-	leal	1(%ecx),%ecx
-	adcl	$0,%edx
-	addl	%eax,%ebp
-	movl	(%esi,%ecx,4),%eax
-	adcl	$0,%edx
-	cmpl	%ebx,%ecx
-	movl	%ebp,24(%esp,%ecx,4)
-	jl	.L0092ndmadd
-	movl	%edx,%ebp
-	mull	%edi
-	addl	32(%esp,%ebx,4),%ebp
-	adcl	$0,%edx
-	addl	%eax,%ebp
-	adcl	$0,%edx
-	movl	%ebp,28(%esp,%ebx,4)
-	xorl	%eax,%eax
-	movl	12(%esp),%ecx
-	addl	36(%esp,%ebx,4),%edx
-	adcl	40(%esp,%ebx,4),%eax
-	leal	4(%ecx),%ecx
-	movl	%edx,32(%esp,%ebx,4)
-	cmpl	28(%esp),%ecx
-	movl	%eax,36(%esp,%ebx,4)
-	je	.L006common_tail
-	movl	(%ecx),%edi
-	movl	8(%esp),%esi
-	movl	%ecx,12(%esp)
-	xorl	%ecx,%ecx
-	xorl	%edx,%edx
-	movl	(%esi),%eax
-	jmp	.L0101stmadd
-.align	16
-.L007bn_sqr_mont:
-	movl	%ebx,(%esp)
-	movl	%ecx,12(%esp)
-	movl	%edi,%eax
-	mull	%edi
-	movl	%eax,32(%esp)
-	movl	%edx,%ebx
-	shrl	$1,%edx
-	andl	$1,%ebx
-	incl	%ecx
-.align	16
-.L011sqr:
-	movl	(%esi,%ecx,4),%eax
-	movl	%edx,%ebp
-	mull	%edi
-	addl	%ebp,%eax
-	leal	1(%ecx),%ecx
-	adcl	$0,%edx
-	leal	(%ebx,%eax,2),%ebp
-	shrl	$31,%eax
-	cmpl	(%esp),%ecx
-	movl	%eax,%ebx
-	movl	%ebp,28(%esp,%ecx,4)
-	jl	.L011sqr
-	movl	(%esi,%ecx,4),%eax
-	movl	%edx,%ebp
-	mull	%edi
-	addl	%ebp,%eax
-	movl	20(%esp),%edi
-	adcl	$0,%edx
-	movl	16(%esp),%esi
-	leal	(%ebx,%eax,2),%ebp
-	imull	32(%esp),%edi
-	shrl	$31,%eax
-	movl	%ebp,32(%esp,%ecx,4)
-	leal	(%eax,%edx,2),%ebp
-	movl	(%esi),%eax
-	shrl	$31,%edx
-	movl	%ebp,36(%esp,%ecx,4)
-	movl	%edx,40(%esp,%ecx,4)
-	mull	%edi
-	addl	32(%esp),%eax
-	movl	%ecx,%ebx
-	adcl	$0,%edx
-	movl	4(%esi),%eax
-	movl	$1,%ecx
-.align	16
-.L0123rdmadd:
-	movl	%edx,%ebp
-	mull	%edi
-	addl	32(%esp,%ecx,4),%ebp
-	adcl	$0,%edx
-	addl	%eax,%ebp
-	movl	4(%esi,%ecx,4),%eax
-	adcl	$0,%edx
-	movl	%ebp,28(%esp,%ecx,4)
-	movl	%edx,%ebp
-	mull	%edi
-	addl	36(%esp,%ecx,4),%ebp
-	leal	2(%ecx),%ecx
-	adcl	$0,%edx
-	addl	%eax,%ebp
-	movl	(%esi,%ecx,4),%eax
-	adcl	$0,%edx
-	cmpl	%ebx,%ecx
-	movl	%ebp,24(%esp,%ecx,4)
-	jl	.L0123rdmadd
-	movl	%edx,%ebp
-	mull	%edi
-	addl	32(%esp,%ebx,4),%ebp
-	adcl	$0,%edx
-	addl	%eax,%ebp
-	adcl	$0,%edx
-	movl	%ebp,28(%esp,%ebx,4)
-	movl	12(%esp),%ecx
-	xorl	%eax,%eax
-	movl	8(%esp),%esi
-	addl	36(%esp,%ebx,4),%edx
-	adcl	40(%esp,%ebx,4),%eax
-	movl	%edx,32(%esp,%ebx,4)
-	cmpl	%ebx,%ecx
-	movl	%eax,36(%esp,%ebx,4)
-	je	.L006common_tail
-	movl	4(%esi,%ecx,4),%edi
-	leal	1(%ecx),%ecx
-	movl	%edi,%eax
-	movl	%ecx,12(%esp)
-	mull	%edi
-	addl	32(%esp,%ecx,4),%eax
-	adcl	$0,%edx
-	movl	%eax,32(%esp,%ecx,4)
-	xorl	%ebp,%ebp
-	cmpl	%ebx,%ecx
-	leal	1(%ecx),%ecx
-	je	.L013sqrlast
-	movl	%edx,%ebx
-	shrl	$1,%edx
-	andl	$1,%ebx
-.align	16
-.L014sqradd:
-	movl	(%esi,%ecx,4),%eax
-	movl	%edx,%ebp
-	mull	%edi
-	addl	%ebp,%eax
-	leal	(%eax,%eax,1),%ebp
-	adcl	$0,%edx
-	shrl	$31,%eax
-	addl	32(%esp,%ecx,4),%ebp
-	leal	1(%ecx),%ecx
-	adcl	$0,%eax
-	addl	%ebx,%ebp
-	adcl	$0,%eax
-	cmpl	(%esp),%ecx
-	movl	%ebp,28(%esp,%ecx,4)
-	movl	%eax,%ebx
-	jle	.L014sqradd
-	movl	%edx,%ebp
-	addl	%edx,%edx
-	shrl	$31,%ebp
-	addl	%ebx,%edx
-	adcl	$0,%ebp
-.L013sqrlast:
-	movl	20(%esp),%edi
-	movl	16(%esp),%esi
-	imull	32(%esp),%edi
-	addl	32(%esp,%ecx,4),%edx
-	movl	(%esi),%eax
-	adcl	$0,%ebp
-	movl	%edx,32(%esp,%ecx,4)
-	movl	%ebp,36(%esp,%ecx,4)
-	mull	%edi
-	addl	32(%esp),%eax
-	leal	-1(%ecx),%ebx
-	adcl	$0,%edx
-	movl	$1,%ecx
-	movl	4(%esi),%eax
-	jmp	.L0123rdmadd
-.align	16
-.L006common_tail:
-	movl	16(%esp),%ebp
-	movl	4(%esp),%edi
-	leal	32(%esp),%esi
-	movl	(%esi),%eax
-	movl	%ebx,%ecx
-	xorl	%edx,%edx
-.align	16
-.L015sub:
-	sbbl	(%ebp,%edx,4),%eax
-	movl	%eax,(%edi,%edx,4)
-	decl	%ecx
-	movl	4(%esi,%edx,4),%eax
-	leal	1(%edx),%edx
-	jge	.L015sub
-	sbbl	$0,%eax
-	andl	%eax,%esi
-	notl	%eax
-	movl	%edi,%ebp
-	andl	%eax,%ebp
-	orl	%ebp,%esi
-.align	16
-.L016copy:
-	movl	(%esi,%ebx,4),%eax
-	movl	%eax,(%edi,%ebx,4)
-	movl	%ecx,32(%esp,%ebx,4)
-	decl	%ebx
-	jge	.L016copy
-	movl	24(%esp),%esp
-	movl	$1,%eax
-.L000just_leave:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	bn_mul_mont,.-.L_bn_mul_mont_begin
-.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105
-.byte	112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56
-.byte	54,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121
-.byte	32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46
-.byte	111,114,103,62,0
-.comm	OPENSSL_ia32cap_P,8,4
diff --git a/crypto/bn/asm/x86-mont.pl b/crypto/bn/asm/x86-mont.pl
deleted file mode 100755
index e8f6b05084..0000000000
--- a/crypto/bn/asm/x86-mont.pl
+++ /dev/null
@@ -1,593 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# October 2005
-#
-# This is a "teaser" code, as it can be improved in several ways...
-# First of all non-SSE2 path should be implemented (yes, for now it
-# performs Montgomery multiplication/convolution only on SSE2-capable
-# CPUs such as P4, others fall down to original code). Then inner loop
-# can be unrolled and modulo-scheduled to improve ILP and possibly
-# moved to 128-bit XMM register bank (though it would require input
-# rearrangement and/or increase bus bandwidth utilization). Dedicated
-# squaring procedure should give further performance improvement...
-# Yet, for being draft, the code improves rsa512 *sign* benchmark by
-# 110%(!), rsa1024 one - by 70% and rsa4096 - by 20%:-)
-
-# December 2006
-#
-# Modulo-scheduling SSE2 loops results in further 15-20% improvement.
-# Integer-only code [being equipped with dedicated squaring procedure]
-# gives ~40% on rsa512 sign benchmark...
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],$0);
-
-$sse2=0;
-for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-
-&external_label("OPENSSL_ia32cap_P") if ($sse2);
-
-&function_begin("bn_mul_mont");
-
-$i="edx";
-$j="ecx";
-$ap="esi";	$tp="esi";		# overlapping variables!!!
-$rp="edi";	$bp="edi";		# overlapping variables!!!
-$np="ebp";
-$num="ebx";
-
-$_num=&DWP(4*0,"esp");			# stack top layout
-$_rp=&DWP(4*1,"esp");
-$_ap=&DWP(4*2,"esp");
-$_bp=&DWP(4*3,"esp");
-$_np=&DWP(4*4,"esp");
-$_n0=&DWP(4*5,"esp");	$_n0q=&QWP(4*5,"esp");
-$_sp=&DWP(4*6,"esp");
-$_bpend=&DWP(4*7,"esp");
-$frame=32;				# size of above frame rounded up to 16n
-
-	&xor	("eax","eax");
-	&mov	("edi",&wparam(5));	# int num
-	&cmp	("edi",4);
-	&jl	(&label("just_leave"));
-
-	&lea	("esi",&wparam(0));	# put aside pointer to argument block
-	&lea	("edx",&wparam(1));	# load ap
-	&mov	("ebp","esp");		# saved stack pointer!
-	&add	("edi",2);		# extra two words on top of tp
-	&neg	("edi");
-	&lea	("esp",&DWP(-$frame,"esp","edi",4));	# alloca($frame+4*(num+2))
-	&neg	("edi");
-
-	# minimize cache contention by arraning 2K window between stack
-	# pointer and ap argument [np is also position sensitive vector,
-	# but it's assumed to be near ap, as it's allocated at ~same
-	# time].
-	&mov	("eax","esp");
-	&sub	("eax","edx");
-	&and	("eax",2047);
-	&sub	("esp","eax");		# this aligns sp and ap modulo 2048
-
-	&xor	("edx","esp");
-	&and	("edx",2048);
-	&xor	("edx",2048);
-	&sub	("esp","edx");		# this splits them apart modulo 4096
-
-	&and	("esp",-64);		# align to cache line
-
-	################################# load argument block...
-	&mov	("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
-	&mov	("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
-	&mov	("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp
-	&mov	("edx",&DWP(3*4,"esi"));# const BN_ULONG *np
-	&mov	("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0
-	#&mov	("edi",&DWP(5*4,"esi"));# int num
-
-	&mov	("esi",&DWP(0,"esi"));	# pull n0[0]
-	&mov	($_rp,"eax");		# ... save a copy of argument block
-	&mov	($_ap,"ebx");
-	&mov	($_bp,"ecx");
-	&mov	($_np,"edx");
-	&mov	($_n0,"esi");
-	&lea	($num,&DWP(-3,"edi"));	# num=num-1 to assist modulo-scheduling
-	#&mov	($_num,$num);		# redundant as $num is not reused
-	&mov	($_sp,"ebp");		# saved stack pointer!
-
-if($sse2) {
-$acc0="mm0";	# mmx register bank layout
-$acc1="mm1";
-$car0="mm2";
-$car1="mm3";
-$mul0="mm4";
-$mul1="mm5";
-$temp="mm6";
-$mask="mm7";
-
-	&picmeup("eax","OPENSSL_ia32cap_P");
-	&bt	(&DWP(0,"eax"),26);
-	&jnc	(&label("non_sse2"));
-
-	&mov	("eax",-1);
-	&movd	($mask,"eax");		# mask 32 lower bits
-
-	&mov	($ap,$_ap);		# load input pointers
-	&mov	($bp,$_bp);
-	&mov	($np,$_np);
-
-	&xor	($i,$i);		# i=0
-	&xor	($j,$j);		# j=0
-
-	&movd	($mul0,&DWP(0,$bp));		# bp[0]
-	&movd	($mul1,&DWP(0,$ap));		# ap[0]
-	&movd	($car1,&DWP(0,$np));		# np[0]
-
-	&pmuludq($mul1,$mul0);			# ap[0]*bp[0]
-	&movq	($car0,$mul1);
-	&movq	($acc0,$mul1);			# I wish movd worked for
-	&pand	($acc0,$mask);			# inter-register transfers
-
-	&pmuludq($mul1,$_n0q);			# *=n0
-
-	&pmuludq($car1,$mul1);			# "t[0]"*np[0]*n0
-	&paddq	($car1,$acc0);
-
-	&movd	($acc1,&DWP(4,$np));		# np[1]
-	&movd	($acc0,&DWP(4,$ap));		# ap[1]
-
-	&psrlq	($car0,32);
-	&psrlq	($car1,32);
-
-	&inc	($j);				# j++
-&set_label("1st",16);
-	&pmuludq($acc0,$mul0);			# ap[j]*bp[0]
-	&pmuludq($acc1,$mul1);			# np[j]*m1
-	&paddq	($car0,$acc0);			# +=c0
-	&paddq	($car1,$acc1);			# +=c1
-
-	&movq	($acc0,$car0);
-	&pand	($acc0,$mask);
-	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
-	&paddq	($car1,$acc0);			# +=ap[j]*bp[0];
-	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
-	&psrlq	($car0,32);
-	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[j-1]=
-	&psrlq	($car1,32);
-
-	&lea	($j,&DWP(1,$j));
-	&cmp	($j,$num);
-	&jl	(&label("1st"));
-
-	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[0]
-	&pmuludq($acc1,$mul1);			# np[num-1]*m1
-	&paddq	($car0,$acc0);			# +=c0
-	&paddq	($car1,$acc1);			# +=c1
-
-	&movq	($acc0,$car0);
-	&pand	($acc0,$mask);
-	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[0];
-	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
-
-	&psrlq	($car0,32);
-	&psrlq	($car1,32);
-
-	&paddq	($car1,$car0);
-	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
-
-	&inc	($i);				# i++
-&set_label("outer");
-	&xor	($j,$j);			# j=0
-
-	&movd	($mul0,&DWP(0,$bp,$i,4));	# bp[i]
-	&movd	($mul1,&DWP(0,$ap));		# ap[0]
-	&movd	($temp,&DWP($frame,"esp"));	# tp[0]
-	&movd	($car1,&DWP(0,$np));		# np[0]
-	&pmuludq($mul1,$mul0);			# ap[0]*bp[i]
-
-	&paddq	($mul1,$temp);			# +=tp[0]
-	&movq	($acc0,$mul1);
-	&movq	($car0,$mul1);
-	&pand	($acc0,$mask);
-
-	&pmuludq($mul1,$_n0q);			# *=n0
-
-	&pmuludq($car1,$mul1);
-	&paddq	($car1,$acc0);
-
-	&movd	($temp,&DWP($frame+4,"esp"));	# tp[1]
-	&movd	($acc1,&DWP(4,$np));		# np[1]
-	&movd	($acc0,&DWP(4,$ap));		# ap[1]
-
-	&psrlq	($car0,32);
-	&psrlq	($car1,32);
-	&paddq	($car0,$temp);			# +=tp[1]
-
-	&inc	($j);				# j++
-	&dec	($num);
-&set_label("inner");
-	&pmuludq($acc0,$mul0);			# ap[j]*bp[i]
-	&pmuludq($acc1,$mul1);			# np[j]*m1
-	&paddq	($car0,$acc0);			# +=c0
-	&paddq	($car1,$acc1);			# +=c1
-
-	&movq	($acc0,$car0);
-	&movd	($temp,&DWP($frame+4,"esp",$j,4));# tp[j+1]
-	&pand	($acc0,$mask);
-	&movd	($acc1,&DWP(4,$np,$j,4));	# np[j+1]
-	&paddq	($car1,$acc0);			# +=ap[j]*bp[i]+tp[j]
-	&movd	($acc0,&DWP(4,$ap,$j,4));	# ap[j+1]
-	&psrlq	($car0,32);
-	&movd	(&DWP($frame-4,"esp",$j,4),$car1);# tp[j-1]=
-	&psrlq	($car1,32);
-	&paddq	($car0,$temp);			# +=tp[j+1]
-
-	&dec	($num);
-	&lea	($j,&DWP(1,$j));		# j++
-	&jnz	(&label("inner"));
-
-	&mov	($num,$j);
-	&pmuludq($acc0,$mul0);			# ap[num-1]*bp[i]
-	&pmuludq($acc1,$mul1);			# np[num-1]*m1
-	&paddq	($car0,$acc0);			# +=c0
-	&paddq	($car1,$acc1);			# +=c1
-
-	&movq	($acc0,$car0);
-	&pand	($acc0,$mask);
-	&paddq	($car1,$acc0);			# +=ap[num-1]*bp[i]+tp[num-1]
-	&movd	(&DWP($frame-4,"esp",$j,4),$car1);	# tp[num-2]=
-	&psrlq	($car0,32);
-	&psrlq	($car1,32);
-
-	&movd	($temp,&DWP($frame+4,"esp",$num,4));	# += tp[num]
-	&paddq	($car1,$car0);
-	&paddq	($car1,$temp);
-	&movq	(&QWP($frame,"esp",$num,4),$car1);	# tp[num].tp[num-1]
-
-	&lea	($i,&DWP(1,$i));		# i++
-	&cmp	($i,$num);
-	&jle	(&label("outer"));
-
-	&emms	();				# done with mmx bank
-	&jmp	(&label("common_tail"));
-
-&set_label("non_sse2",16);
-}
-
-if (0) {
-	&mov	("esp",$_sp);
-	&xor	("eax","eax");	# signal "not fast enough [yet]"
-	&jmp	(&label("just_leave"));
-	# While the below code provides competitive performance for
-	# all key lengthes on modern Intel cores, it's still more
-	# than 10% slower for 4096-bit key elsewhere:-( "Competitive"
-	# means compared to the original integer-only assembler.
-	# 512-bit RSA sign is better by ~40%, but that's about all
-	# one can say about all CPUs...
-} else {
-$inp="esi";	# integer path uses these registers differently
-$word="edi";
-$carry="ebp";
-
-	&mov	($inp,$_ap);
-	&lea	($carry,&DWP(1,$num));
-	&mov	($word,$_bp);
-	&xor	($j,$j);				# j=0
-	&mov	("edx",$inp);
-	&and	($carry,1);				# see if num is even
-	&sub	("edx",$word);				# see if ap==bp
-	&lea	("eax",&DWP(4,$word,$num,4));		# &bp[num]
-	&or	($carry,"edx");
-	&mov	($word,&DWP(0,$word));			# bp[0]
-	&jz	(&label("bn_sqr_mont"));
-	&mov	($_bpend,"eax");
-	&mov	("eax",&DWP(0,$inp));
-	&xor	("edx","edx");
-
-&set_label("mull",16);
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[j]*bp[0]
-	&add	($carry,"eax");
-	&lea	($j,&DWP(1,$j));
-	&adc	("edx",0);
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
-	&cmp	($j,$num);
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
-	&jl	(&label("mull"));
-
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[num-1]*bp[0]
-	 &mov	($word,$_n0);
-	&add	("eax",$carry);
-	 &mov	($inp,$_np);
-	&adc	("edx",0);
-	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
-
-	&mov	(&DWP($frame,"esp",$num,4),"eax");	# tp[num-1]=
-	&xor	($j,$j);
-	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
-	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
-
-	&mov	("eax",&DWP(0,$inp));			# np[0]
-	&mul	($word);				# np[0]*m
-	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
-	&mov	("eax",&DWP(4,$inp));			# np[1]
-	&adc	("edx",0);
-	&inc	($j);
-
-	&jmp	(&label("2ndmadd"));
-
-&set_label("1stmadd",16);
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[j]*bp[i]
-	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
-	&lea	($j,&DWP(1,$j));
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j+1]
-	&adc	("edx",0);
-	&cmp	($j,$num);
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
-	&jl	(&label("1stmadd"));
-
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[num-1]*bp[i]
-	&add	("eax",&DWP($frame,"esp",$num,4));	# +=tp[num-1]
-	 &mov	($word,$_n0);
-	&adc	("edx",0);
-	 &mov	($inp,$_np);
-	&add	($carry,"eax");
-	&adc	("edx",0);
-	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
-
-	&xor	($j,$j);
-	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
-	&mov	(&DWP($frame,"esp",$num,4),$carry);	# tp[num-1]=
-	&adc	($j,0);
-	 &mov	("eax",&DWP(0,$inp));			# np[0]
-	&mov	(&DWP($frame+4,"esp",$num,4),"edx");	# tp[num]=
-	&mov	(&DWP($frame+8,"esp",$num,4),$j);	# tp[num+1]=
-
-	&mul	($word);				# np[0]*m
-	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
-	&mov	("eax",&DWP(4,$inp));			# np[1]
-	&adc	("edx",0);
-	&mov	($j,1);
-
-&set_label("2ndmadd",16);
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j]*m
-	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
-	&lea	($j,&DWP(1,$j));
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+1]
-	&adc	("edx",0);
-	&cmp	($j,$num);
-	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j-1]=
-	&jl	(&label("2ndmadd"));
-
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j]*m
-	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&adc	("edx",0);
-	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
-
-	&xor	("eax","eax");
-	 &mov	($j,$_bp);				# &bp[i]
-	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
-	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
-	 &lea	($j,&DWP(4,$j));
-	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
-	 &cmp	($j,$_bpend);
-	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
-	&je	(&label("common_tail"));
-
-	&mov	($word,&DWP(0,$j));			# bp[i+1]
-	&mov	($inp,$_ap);
-	&mov	($_bp,$j);				# &bp[++i]
-	&xor	($j,$j);
-	&xor	("edx","edx");
-	&mov	("eax",&DWP(0,$inp));
-	&jmp	(&label("1stmadd"));
-
-&set_label("bn_sqr_mont",16);
-$sbit=$num;
-	&mov	($_num,$num);
-	&mov	($_bp,$j);				# i=0
-
-	&mov	("eax",$word);				# ap[0]
-	&mul	($word);				# ap[0]*ap[0]
-	&mov	(&DWP($frame,"esp"),"eax");		# tp[0]=
-	&mov	($sbit,"edx");
-	&shr	("edx",1);
-	&and	($sbit,1);
-	&inc	($j);
-&set_label("sqr",16);
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[j]*ap[0]
-	&add	("eax",$carry);
-	&lea	($j,&DWP(1,$j));
-	&adc	("edx",0);
-	&lea	($carry,&DWP(0,$sbit,"eax",2));
-	&shr	("eax",31);
-	&cmp	($j,$_num);
-	&mov	($sbit,"eax");
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
-	&jl	(&label("sqr"));
-
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[num-1]
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[num-1]*ap[0]
-	&add	("eax",$carry);
-	 &mov	($word,$_n0);
-	&adc	("edx",0);
-	 &mov	($inp,$_np);
-	&lea	($carry,&DWP(0,$sbit,"eax",2));
-	 &imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
-	&shr	("eax",31);
-	&mov	(&DWP($frame,"esp",$j,4),$carry);	# tp[num-1]=
-
-	&lea	($carry,&DWP(0,"eax","edx",2));
-	 &mov	("eax",&DWP(0,$inp));			# np[0]
-	&shr	("edx",31);
-	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num]=
-	&mov	(&DWP($frame+8,"esp",$j,4),"edx");	# tp[num+1]=
-
-	&mul	($word);				# np[0]*m
-	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
-	&mov	($num,$j);
-	&adc	("edx",0);
-	&mov	("eax",&DWP(4,$inp));			# np[1]
-	&mov	($j,1);
-
-&set_label("3rdmadd",16);
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j]*m
-	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&mov	("eax",&DWP(4,$inp,$j,4));		# np[j+1]
-	&adc	("edx",0);
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j-1]=
-
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j+1]*m
-	&add	($carry,&DWP($frame+4,"esp",$j,4));	# +=tp[j+1]
-	&lea	($j,&DWP(2,$j));
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&mov	("eax",&DWP(0,$inp,$j,4));		# np[j+2]
-	&adc	("edx",0);
-	&cmp	($j,$num);
-	&mov	(&DWP($frame-8,"esp",$j,4),$carry);	# tp[j]=
-	&jl	(&label("3rdmadd"));
-
-	&mov	($carry,"edx");
-	&mul	($word);				# np[j]*m
-	&add	($carry,&DWP($frame,"esp",$num,4));	# +=tp[num-1]
-	&adc	("edx",0);
-	&add	($carry,"eax");
-	&adc	("edx",0);
-	&mov	(&DWP($frame-4,"esp",$num,4),$carry);	# tp[num-2]=
-
-	&mov	($j,$_bp);				# i
-	&xor	("eax","eax");
-	&mov	($inp,$_ap);
-	&add	("edx",&DWP($frame+4,"esp",$num,4));	# carry+=tp[num]
-	&adc	("eax",&DWP($frame+8,"esp",$num,4));	# +=tp[num+1]
-	&mov	(&DWP($frame,"esp",$num,4),"edx");	# tp[num-1]=
-	&cmp	($j,$num);
-	&mov	(&DWP($frame+4,"esp",$num,4),"eax");	# tp[num]=
-	&je	(&label("common_tail"));
-
-	&mov	($word,&DWP(4,$inp,$j,4));		# ap[i]
-	&lea	($j,&DWP(1,$j));
-	&mov	("eax",$word);
-	&mov	($_bp,$j);				# ++i
-	&mul	($word);				# ap[i]*ap[i]
-	&add	("eax",&DWP($frame,"esp",$j,4));	# +=tp[i]
-	&adc	("edx",0);
-	&mov	(&DWP($frame,"esp",$j,4),"eax");	# tp[i]=
-	&xor	($carry,$carry);
-	&cmp	($j,$num);
-	&lea	($j,&DWP(1,$j));
-	&je	(&label("sqrlast"));
-
-	&mov	($sbit,"edx");				# zaps $num
-	&shr	("edx",1);
-	&and	($sbit,1);
-&set_label("sqradd",16);
-	&mov	("eax",&DWP(0,$inp,$j,4));		# ap[j]
-	&mov	($carry,"edx");
-	&mul	($word);				# ap[j]*ap[i]
-	&add	("eax",$carry);
-	&lea	($carry,&DWP(0,"eax","eax"));
-	&adc	("edx",0);
-	&shr	("eax",31);
-	&add	($carry,&DWP($frame,"esp",$j,4));	# +=tp[j]
-	&lea	($j,&DWP(1,$j));
-	&adc	("eax",0);
-	&add	($carry,$sbit);
-	&adc	("eax",0);
-	&cmp	($j,$_num);
-	&mov	(&DWP($frame-4,"esp",$j,4),$carry);	# tp[j]=
-	&mov	($sbit,"eax");
-	&jle	(&label("sqradd"));
-
-	&mov	($carry,"edx");
-	&add	("edx","edx");
-	&shr	($carry,31);
-	&add	("edx",$sbit);
-	&adc	($carry,0);
-&set_label("sqrlast");
-	&mov	($word,$_n0);
-	&mov	($inp,$_np);
-	&imul	($word,&DWP($frame,"esp"));		# n0*tp[0]
-
-	&add	("edx",&DWP($frame,"esp",$j,4));	# +=tp[num]
-	&mov	("eax",&DWP(0,$inp));			# np[0]
-	&adc	($carry,0);
-	&mov	(&DWP($frame,"esp",$j,4),"edx");	# tp[num]=
-	&mov	(&DWP($frame+4,"esp",$j,4),$carry);	# tp[num+1]=
-
-	&mul	($word);				# np[0]*m
-	&add	("eax",&DWP($frame,"esp"));		# +=tp[0]
-	&lea	($num,&DWP(-1,$j));
-	&adc	("edx",0);
-	&mov	($j,1);
-	&mov	("eax",&DWP(4,$inp));			# np[1]
-
-	&jmp	(&label("3rdmadd"));
-}
-
-&set_label("common_tail",16);
-	&mov	($np,$_np);			# load modulus pointer
-	&mov	($rp,$_rp);			# load result pointer
-	&lea	($tp,&DWP($frame,"esp"));	# [$ap and $bp are zapped]
-
-	&mov	("eax",&DWP(0,$tp));		# tp[0]
-	&mov	($j,$num);			# j=num-1
-	&xor	($i,$i);			# i=0 and clear CF!
-
-&set_label("sub",16);
-	&sbb	("eax",&DWP(0,$np,$i,4));
-	&mov	(&DWP(0,$rp,$i,4),"eax");	# rp[i]=tp[i]-np[i]
-	&dec	($j);				# doesn't affect CF!
-	&mov	("eax",&DWP(4,$tp,$i,4));	# tp[i+1]
-	&lea	($i,&DWP(1,$i));		# i++
-	&jge	(&label("sub"));
-
-	&sbb	("eax",0);			# handle upmost overflow bit
-	&and	($tp,"eax");
-	&not	("eax");
-	&mov	($np,$rp);
-	&and	($np,"eax");
-	&or	($tp,$np);			# tp=carry?tp:rp
-
-&set_label("copy",16);				# copy or in-place refresh
-	&mov	("eax",&DWP(0,$tp,$num,4));
-	&mov	(&DWP(0,$rp,$num,4),"eax");	# rp[i]=tp[i]
-	&mov	(&DWP($frame,"esp",$num,4),$j);	# zap temporary vector
-	&dec	($num);
-	&jge	(&label("copy"));
-
-	&mov	("esp",$_sp);		# pull saved stack pointer
-	&mov	("eax",1);
-&set_label("just_leave");
-&function_end("bn_mul_mont");
-
-&asciz("Montgomery Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>");
-
-&asm_finish();
diff --git a/crypto/bn/asm/x86.pl b/crypto/bn/asm/x86.pl
deleted file mode 100644
index 1bc4f1bb27..0000000000
--- a/crypto/bn/asm/x86.pl
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/local/bin/perl
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-require("x86/mul_add.pl");
-require("x86/mul.pl");
-require("x86/sqr.pl");
-require("x86/div.pl");
-require("x86/add.pl");
-require("x86/sub.pl");
-require("x86/comba.pl");
-
-&asm_init($ARGV[0],$0);
-
-&bn_mul_add_words("bn_mul_add_words");
-&bn_mul_words("bn_mul_words");
-&bn_sqr_words("bn_sqr_words");
-&bn_div_words("bn_div_words");
-&bn_add_words("bn_add_words");
-&bn_sub_words("bn_sub_words");
-&bn_mul_comba("bn_mul_comba8",8);
-&bn_mul_comba("bn_mul_comba4",4);
-&bn_sqr_comba("bn_sqr_comba8",8);
-&bn_sqr_comba("bn_sqr_comba4",4);
-
-&asm_finish();
-
diff --git a/crypto/bn/asm/x86/add.pl b/crypto/bn/asm/x86/add.pl
deleted file mode 100644
index 0b5cf583e3..0000000000
--- a/crypto/bn/asm/x86/add.pl
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub bn_add_words
-	{
-	local($name)=@_;
-
-	&function_begin($name,"");
-
-	&comment("");
-	$a="esi";
-	$b="edi";
-	$c="eax";
-	$r="ebx";
-	$tmp1="ecx";
-	$tmp2="edx";
-	$num="ebp";
-
-	&mov($r,&wparam(0));	# get r
-	 &mov($a,&wparam(1));	# get a
-	&mov($b,&wparam(2));	# get b
-	 &mov($num,&wparam(3));	# get num
-	&xor($c,$c);		# clear carry
-	 &and($num,0xfffffff8);	# num / 8
-
-	&jz(&label("aw_finish"));
-
-	&set_label("aw_loop",0);
-	for ($i=0; $i<8; $i++)
-		{
-		&comment("Round $i");
-
-		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
-		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
-		&add($tmp1,$c);
-		 &mov($c,0);
-		&adc($c,$c);
-		 &add($tmp1,$tmp2);
-		&adc($c,0);
-		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
-		}
-
-	&comment("");
-	&add($a,32);
-	 &add($b,32);
-	&add($r,32);
-	 &sub($num,8);
-	&jnz(&label("aw_loop"));
-
-	&set_label("aw_finish",0);
-	&mov($num,&wparam(3));	# get num
-	&and($num,7);
-	 &jz(&label("aw_end"));
-
-	for ($i=0; $i<7; $i++)
-		{
-		&comment("Tail Round $i");
-		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
-		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
-		&add($tmp1,$c);
-		 &mov($c,0);
-		&adc($c,$c);
-		 &add($tmp1,$tmp2);
-		&adc($c,0);
-		 &dec($num) if ($i != 6);
-		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a
-		 &jz(&label("aw_end")) if ($i != 6);
-		}
-	&set_label("aw_end",0);
-
-#	&mov("eax",$c);		# $c is "eax"
-
-	&function_end($name);
-	}
-
-1;
diff --git a/crypto/bn/asm/x86/comba.pl b/crypto/bn/asm/x86/comba.pl
deleted file mode 100644
index 2291253629..0000000000
--- a/crypto/bn/asm/x86/comba.pl
+++ /dev/null
@@ -1,277 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub mul_add_c
-	{
-	local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
-
-	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
-	# words, and 1 if load return value
-
-	&comment("mul a[$ai]*b[$bi]");
-
-	# "eax" and "edx" will always be pre-loaded.
-	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
-	# &mov("edx",&DWP($bi*4,$b,"",0));
-
-	&mul("edx");
-	&add($c0,"eax");
-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# laod next a
-	 &mov("eax",&wparam(0)) if $pos > 0;			# load r[]
-	 ###
-	&adc($c1,"edx");
-	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;	# laod next b
-	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;	# laod next b
-	 ###
-	&adc($c2,0);
-	 # is pos > 1, it means it is the last loop 
-	 &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;		# save r[];
-	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# laod next a
-	}
-
-sub sqr_add_c
-	{
-	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
-
-	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
-	# words, and 1 if load return value
-
-	&comment("sqr a[$ai]*a[$bi]");
-
-	# "eax" and "edx" will always be pre-loaded.
-	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
-	# &mov("edx",&DWP($bi*4,$b,"",0));
-
-	if ($ai == $bi)
-		{ &mul("eax");}
-	else
-		{ &mul("edx");}
-	&add($c0,"eax");
-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
-	 ###
-	&adc($c1,"edx");
-	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb);
-	 ###
-	&adc($c2,0);
-	 # is pos > 1, it means it is the last loop 
-	 &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
-	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# load next b
-	}
-
-sub sqr_add_c2
-	{
-	local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_;
-
-	# pos == -1 if eax and edx are pre-loaded, 0 to load from next
-	# words, and 1 if load return value
-
-	&comment("sqr a[$ai]*a[$bi]");
-
-	# "eax" and "edx" will always be pre-loaded.
-	# &mov("eax",&DWP($ai*4,$a,"",0)) ;
-	# &mov("edx",&DWP($bi*4,$a,"",0));
-
-	if ($ai == $bi)
-		{ &mul("eax");}
-	else
-		{ &mul("edx");}
-	&add("eax","eax");
-	 ###
-	&adc("edx","edx");
-	 ###
-	&adc($c2,0);
-	 &add($c0,"eax");
-	&adc($c1,"edx");
-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;	# load next b
-	&adc($c2,0);
-	&mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0;		# save r[];
-	 &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb);
-	 ###
-	}
-
-sub bn_mul_comba
-	{
-	local($name,$num)=@_;
-	local($a,$b,$c0,$c1,$c2);
-	local($i,$as,$ae,$bs,$be,$ai,$bi);
-	local($tot,$end);
-
-	&function_begin_B($name,"");
-
-	$c0="ebx";
-	$c1="ecx";
-	$c2="ebp";
-	$a="esi";
-	$b="edi";
-	
-	$as=0;
-	$ae=0;
-	$bs=0;
-	$be=0;
-	$tot=$num+$num-1;
-
-	&push("esi");
-	 &mov($a,&wparam(1));
-	&push("edi");
-	 &mov($b,&wparam(2));
-	&push("ebp");
-	 &push("ebx");
-
-	&xor($c0,$c0);
-	 &mov("eax",&DWP(0,$a,"",0));	# load the first word 
-	&xor($c1,$c1);
-	 &mov("edx",&DWP(0,$b,"",0));	# load the first second 
-
-	for ($i=0; $i<$tot; $i++)
-		{
-		$ai=$as;
-		$bi=$bs;
-		$end=$be+1;
-
-		&comment("################## Calculate word $i"); 
-
-		for ($j=$bs; $j<$end; $j++)
-			{
-			&xor($c2,$c2) if ($j == $bs);
-			if (($j+1) == $end)
-				{
-				$v=1;
-				$v=2 if (($i+1) == $tot);
-				}
-			else
-				{ $v=0; }
-			if (($j+1) != $end)
-				{
-				$na=($ai-1);
-				$nb=($bi+1);
-				}
-			else
-				{
-				$na=$as+($i < ($num-1));
-				$nb=$bs+($i >= ($num-1));
-				}
-#printf STDERR "[$ai,$bi] -> [$na,$nb]\n";
-			&mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb);
-			if ($v)
-				{
-				&comment("saved r[$i]");
-				# &mov("eax",&wparam(0));
-				# &mov(&DWP($i*4,"eax","",0),$c0);
-				($c0,$c1,$c2)=($c1,$c2,$c0);
-				}
-			$ai--;
-			$bi++;
-			}
-		$as++ if ($i < ($num-1));
-		$ae++ if ($i >= ($num-1));
-
-		$bs++ if ($i >= ($num-1));
-		$be++ if ($i < ($num-1));
-		}
-	&comment("save r[$i]");
-	# &mov("eax",&wparam(0));
-	&mov(&DWP($i*4,"eax","",0),$c0);
-
-	&pop("ebx");
-	&pop("ebp");
-	&pop("edi");
-	&pop("esi");
-	&ret();
-	&function_end_B($name);
-	}
-
-sub bn_sqr_comba
-	{
-	local($name,$num)=@_;
-	local($r,$a,$c0,$c1,$c2)=@_;
-	local($i,$as,$ae,$bs,$be,$ai,$bi);
-	local($b,$tot,$end,$half);
-
-	&function_begin_B($name,"");
-
-	$c0="ebx";
-	$c1="ecx";
-	$c2="ebp";
-	$a="esi";
-	$r="edi";
-
-	&push("esi");
-	 &push("edi");
-	&push("ebp");
-	 &push("ebx");
-	&mov($r,&wparam(0));
-	 &mov($a,&wparam(1));
-	&xor($c0,$c0);
-	 &xor($c1,$c1);
-	&mov("eax",&DWP(0,$a,"",0)); # load the first word
-
-	$as=0;
-	$ae=0;
-	$bs=0;
-	$be=0;
-	$tot=$num+$num-1;
-
-	for ($i=0; $i<$tot; $i++)
-		{
-		$ai=$as;
-		$bi=$bs;
-		$end=$be+1;
-
-		&comment("############### Calculate word $i");
-		for ($j=$bs; $j<$end; $j++)
-			{
-			&xor($c2,$c2) if ($j == $bs);
-			if (($ai-1) < ($bi+1))
-				{
-				$v=1;
-				$v=2 if ($i+1) == $tot;
-				}
-			else
-				{ $v=0; }
-			if (!$v)
-				{
-				$na=$ai-1;
-				$nb=$bi+1;
-				}
-			else
-				{
-				$na=$as+($i < ($num-1));
-				$nb=$bs+($i >= ($num-1));
-				}
-			if ($ai == $bi)
-				{
-				&sqr_add_c($r,$a,$ai,$bi,
-					$c0,$c1,$c2,$v,$i,$na,$nb);
-				}
-			else
-				{
-				&sqr_add_c2($r,$a,$ai,$bi,
-					$c0,$c1,$c2,$v,$i,$na,$nb);
-				}
-			if ($v)
-				{
-				&comment("saved r[$i]");
-				#&mov(&DWP($i*4,$r,"",0),$c0);
-				($c0,$c1,$c2)=($c1,$c2,$c0);
-				last;
-				}
-			$ai--;
-			$bi++;
-			}
-		$as++ if ($i < ($num-1));
-		$ae++ if ($i >= ($num-1));
-
-		$bs++ if ($i >= ($num-1));
-		$be++ if ($i < ($num-1));
-		}
-	&mov(&DWP($i*4,$r,"",0),$c0);
-	&pop("ebx");
-	&pop("ebp");
-	&pop("edi");
-	&pop("esi");
-	&ret();
-	&function_end_B($name);
-	}
-
-1;
diff --git a/crypto/bn/asm/x86/div.pl b/crypto/bn/asm/x86/div.pl
deleted file mode 100644
index 0e90152caa..0000000000
--- a/crypto/bn/asm/x86/div.pl
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub bn_div_words
-	{
-	local($name)=@_;
-
-	&function_begin($name,"");
-	&mov("edx",&wparam(0));	#
-	&mov("eax",&wparam(1));	#
-	&mov("ebx",&wparam(2));	#
-	&div("ebx");
-	&function_end($name);
-	}
-1;
diff --git a/crypto/bn/asm/x86/f b/crypto/bn/asm/x86/f
deleted file mode 100644
index 22e4112224..0000000000
--- a/crypto/bn/asm/x86/f
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
diff --git a/crypto/bn/asm/x86/mul.pl b/crypto/bn/asm/x86/mul.pl
deleted file mode 100644
index 674cb9b055..0000000000
--- a/crypto/bn/asm/x86/mul.pl
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub bn_mul_words
-	{
-	local($name)=@_;
-
-	&function_begin($name,"");
-
-	&comment("");
-	$Low="eax";
-	$High="edx";
-	$a="ebx";
-	$w="ecx";
-	$r="edi";
-	$c="esi";
-	$num="ebp";
-
-	&xor($c,$c);		# clear carry
-	&mov($r,&wparam(0));	#
-	&mov($a,&wparam(1));	#
-	&mov($num,&wparam(2));	#
-	&mov($w,&wparam(3));	#
-
-	&and($num,0xfffffff8);	# num / 8
-	&jz(&label("mw_finish"));
-
-	&set_label("mw_loop",0);
-	for ($i=0; $i<32; $i+=4)
-		{
-		&comment("Round $i");
-
-		 &mov("eax",&DWP($i,$a,"",0)); 	# *a
-		&mul($w);			# *a * w
-		&add("eax",$c);			# L(t)+=c
-		 # XXX
-
-		&adc("edx",0);			# H(t)+=carry
-		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);
-
-		&mov($c,"edx");			# c=  H(t);
-		}
-
-	&comment("");
-	&add($a,32);
-	&add($r,32);
-	&sub($num,8);
-	&jz(&label("mw_finish"));
-	&jmp(&label("mw_loop"));
-
-	&set_label("mw_finish",0);
-	&mov($num,&wparam(2));	# get num
-	&and($num,7);
-	&jnz(&label("mw_finish2"));
-	&jmp(&label("mw_end"));
-
-	&set_label("mw_finish2",1);
-	for ($i=0; $i<7; $i++)
-		{
-		&comment("Tail Round $i");
-		 &mov("eax",&DWP($i*4,$a,"",0));# *a
-		&mul($w);			# *a * w
-		&add("eax",$c);			# L(t)+=c
-		 # XXX
-		&adc("edx",0);			# H(t)+=carry
-		 &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t);
-		&mov($c,"edx");			# c=  H(t);
-		 &dec($num) if ($i != 7-1);
-		&jz(&label("mw_end")) if ($i != 7-1);
-		}
-	&set_label("mw_end",0);
-	&mov("eax",$c);
-
-	&function_end($name);
-	}
-
-1;
diff --git a/crypto/bn/asm/x86/mul_add.pl b/crypto/bn/asm/x86/mul_add.pl
deleted file mode 100644
index 61830d3a90..0000000000
--- a/crypto/bn/asm/x86/mul_add.pl
+++ /dev/null
@@ -1,87 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub bn_mul_add_words
-	{
-	local($name)=@_;
-
-	&function_begin($name,"");
-
-	&comment("");
-	$Low="eax";
-	$High="edx";
-	$a="ebx";
-	$w="ebp";
-	$r="edi";
-	$c="esi";
-
-	&xor($c,$c);		# clear carry
-	&mov($r,&wparam(0));	#
-
-	&mov("ecx",&wparam(2));	#
-	&mov($a,&wparam(1));	#
-
-	&and("ecx",0xfffffff8);	# num / 8
-	&mov($w,&wparam(3));	#
-
-	&push("ecx");		# Up the stack for a tmp variable
-
-	&jz(&label("maw_finish"));
-
-	&set_label("maw_loop",0);
-
-	&mov(&swtmp(0),"ecx");	#
-
-	for ($i=0; $i<32; $i+=4)
-		{
-		&comment("Round $i");
-
-		 &mov("eax",&DWP($i,$a,"",0)); 	# *a
-		&mul($w);			# *a * w
-		&add("eax",$c);		# L(t)+= *r
-		 &mov($c,&DWP($i,$r,"",0));	# L(t)+= *r
-		&adc("edx",0);			# H(t)+=carry
-		 &add("eax",$c);		# L(t)+=c
-		&adc("edx",0);			# H(t)+=carry
-		 &mov(&DWP($i,$r,"",0),"eax");	# *r= L(t);
-		&mov($c,"edx");			# c=  H(t);
-		}
-
-	&comment("");
-	&mov("ecx",&swtmp(0));	#
-	&add($a,32);
-	&add($r,32);
-	&sub("ecx",8);
-	&jnz(&label("maw_loop"));
-
-	&set_label("maw_finish",0);
-	&mov("ecx",&wparam(2));	# get num
-	&and("ecx",7);
-	&jnz(&label("maw_finish2"));	# helps branch prediction
-	&jmp(&label("maw_end"));
-
-	&set_label("maw_finish2",1);
-	for ($i=0; $i<7; $i++)
-		{
-		&comment("Tail Round $i");
-		 &mov("eax",&DWP($i*4,$a,"",0));# *a
-		&mul($w);			# *a * w
-		&add("eax",$c);			# L(t)+=c
-		 &mov($c,&DWP($i*4,$r,"",0));	# L(t)+= *r
-		&adc("edx",0);			# H(t)+=carry
-		 &add("eax",$c);
-		&adc("edx",0);			# H(t)+=carry
-		 &dec("ecx") if ($i != 7-1);
-		&mov(&DWP($i*4,$r,"",0),"eax");	# *r= L(t);
-		 &mov($c,"edx");			# c=  H(t);
-		&jz(&label("maw_end")) if ($i != 7-1);
-		}
-	&set_label("maw_end",0);
-	&mov("eax",$c);
-
-	&pop("ecx");	# clear variable from
-
-	&function_end($name);
-	}
-
-1;
diff --git a/crypto/bn/asm/x86/sqr.pl b/crypto/bn/asm/x86/sqr.pl
deleted file mode 100644
index 1f90993cf6..0000000000
--- a/crypto/bn/asm/x86/sqr.pl
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub bn_sqr_words
-	{
-	local($name)=@_;
-
-	&function_begin($name,"");
-
-	&comment("");
-	$r="esi";
-	$a="edi";
-	$num="ebx";
-
-	&mov($r,&wparam(0));	#
-	&mov($a,&wparam(1));	#
-	&mov($num,&wparam(2));	#
-
-	&and($num,0xfffffff8);	# num / 8
-	&jz(&label("sw_finish"));
-
-	&set_label("sw_loop",0);
-	for ($i=0; $i<32; $i+=4)
-		{
-		&comment("Round $i");
-		&mov("eax",&DWP($i,$a,"",0)); 	# *a
-		 # XXX
-		&mul("eax");			# *a * *a
-		&mov(&DWP($i*2,$r,"",0),"eax");	#
-		 &mov(&DWP($i*2+4,$r,"",0),"edx");#
-		}
-
-	&comment("");
-	&add($a,32);
-	&add($r,64);
-	&sub($num,8);
-	&jnz(&label("sw_loop"));
-
-	&set_label("sw_finish",0);
-	&mov($num,&wparam(2));	# get num
-	&and($num,7);
-	&jz(&label("sw_end"));
-
-	for ($i=0; $i<7; $i++)
-		{
-		&comment("Tail Round $i");
-		&mov("eax",&DWP($i*4,$a,"",0));	# *a
-		 # XXX
-		&mul("eax");			# *a * *a
-		&mov(&DWP($i*8,$r,"",0),"eax");	#
-		 &dec($num) if ($i != 7-1);
-		&mov(&DWP($i*8+4,$r,"",0),"edx");
-		 &jz(&label("sw_end")) if ($i != 7-1);
-		}
-	&set_label("sw_end",0);
-
-	&function_end($name);
-	}
-
-1;
diff --git a/crypto/bn/asm/x86/sub.pl b/crypto/bn/asm/x86/sub.pl
deleted file mode 100644
index 837b0e1b07..0000000000
--- a/crypto/bn/asm/x86/sub.pl
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/usr/local/bin/perl
-# x86 assember
-
-sub bn_sub_words
-	{
-	local($name)=@_;
-
-	&function_begin($name,"");
-
-	&comment("");
-	$a="esi";
-	$b="edi";
-	$c="eax";
-	$r="ebx";
-	$tmp1="ecx";
-	$tmp2="edx";
-	$num="ebp";
-
-	&mov($r,&wparam(0));	# get r
-	 &mov($a,&wparam(1));	# get a
-	&mov($b,&wparam(2));	# get b
-	 &mov($num,&wparam(3));	# get num
-	&xor($c,$c);		# clear carry
-	 &and($num,0xfffffff8);	# num / 8
-
-	&jz(&label("aw_finish"));
-
-	&set_label("aw_loop",0);
-	for ($i=0; $i<8; $i++)
-		{
-		&comment("Round $i");
-
-		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
-		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
-		&sub($tmp1,$c);
-		 &mov($c,0);
-		&adc($c,$c);
-		 &sub($tmp1,$tmp2);
-		&adc($c,0);
-		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
-		}
-
-	&comment("");
-	&add($a,32);
-	 &add($b,32);
-	&add($r,32);
-	 &sub($num,8);
-	&jnz(&label("aw_loop"));
-
-	&set_label("aw_finish",0);
-	&mov($num,&wparam(3));	# get num
-	&and($num,7);
-	 &jz(&label("aw_end"));
-
-	for ($i=0; $i<7; $i++)
-		{
-		&comment("Tail Round $i");
-		&mov($tmp1,&DWP($i*4,$a,"",0));	# *a
-		 &mov($tmp2,&DWP($i*4,$b,"",0));# *b
-		&sub($tmp1,$c);
-		 &mov($c,0);
-		&adc($c,$c);
-		 &sub($tmp1,$tmp2);
-		&adc($c,0);
-		 &dec($num) if ($i != 6);
-		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a
-		 &jz(&label("aw_end")) if ($i != 6);
-		}
-	&set_label("aw_end",0);
-
-#	&mov("eax",$c);		# $c is "eax"
-
-	&function_end($name);
-	}
-
-1;
diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c
deleted file mode 100644
index e85ee8ceeb..0000000000
--- a/crypto/bn/asm/x86_64-gcc.c
+++ /dev/null
@@ -1,602 +0,0 @@
-#include "../bn_lcl.h"
-#if !(defined(__GNUC__) && __GNUC__>=2)
-# include "../bn_asm.c"	/* kind of dirty hack for Sun Studio */
-#else
-/*
- * x86_64 BIGNUM accelerator version 0.1, December 2002.
- *
- * Implemented by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- *
- * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
- *    versions, like 1.0...
- * A. Well, that's because this code is basically a quick-n-dirty
- *    proof-of-concept hack. As you can see it's implemented with
- *    inline assembler, which means that you're bound to GCC and that
- *    there might be enough room for further improvement.
- *
- * Q. Why inline assembler?
- * A. x86_64 features own ABI which I'm not familiar with. This is
- *    why I decided to let the compiler take care of subroutine
- *    prologue/epilogue as well as register allocation. For reference.
- *    Win64 implements different ABI for AMD64, different from Linux.
- *
- * Q. How much faster does it get?
- * A. 'apps/openssl speed rsa dsa' output with no-asm:
- *
- *	                  sign    verify    sign/s verify/s
- *	rsa  512 bits   0.0006s   0.0001s   1683.8  18456.2
- *	rsa 1024 bits   0.0028s   0.0002s    356.0   6407.0
- *	rsa 2048 bits   0.0172s   0.0005s     58.0   1957.8
- *	rsa 4096 bits   0.1155s   0.0018s      8.7    555.6
- *	                  sign    verify    sign/s verify/s
- *	dsa  512 bits   0.0005s   0.0006s   2100.8   1768.3
- *	dsa 1024 bits   0.0014s   0.0018s    692.3    559.2
- *	dsa 2048 bits   0.0049s   0.0061s    204.7    165.0
- *
- *    'apps/openssl speed rsa dsa' output with this module:
- *
- *	                  sign    verify    sign/s verify/s
- *	rsa  512 bits   0.0004s   0.0000s   2767.1  33297.9
- *	rsa 1024 bits   0.0012s   0.0001s    867.4  14674.7
- *	rsa 2048 bits   0.0061s   0.0002s    164.0   5270.0
- *	rsa 4096 bits   0.0384s   0.0006s     26.1   1650.8
- *	                  sign    verify    sign/s verify/s
- *	dsa  512 bits   0.0002s   0.0003s   4442.2   3786.3
- *	dsa 1024 bits   0.0005s   0.0007s   1835.1   1497.4
- *	dsa 2048 bits   0.0016s   0.0020s    620.4    504.6
- *
- *    For the reference. IA-32 assembler implementation performs
- *    very much like 64-bit code compiled with no-asm on the same
- *    machine.
- */
-
-#ifdef _WIN64
-#define BN_ULONG unsigned long long
-#else
-#define BN_ULONG unsigned long
-#endif
-
-#undef mul
-#undef mul_add
-#undef sqr
-
-/*
- * "m"(a), "+m"(r)	is the way to favor DirectPath µ-code;
- * "g"(0)		let the compiler to decide where does it
- *			want to keep the value of zero;
- */
-#define mul_add(r,a,word,carry) do {	\
-	register BN_ULONG high,low;	\
-	asm ("mulq %3"			\
-		: "=a"(low),"=d"(high)	\
-		: "a"(word),"m"(a)	\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(carry),"+d"(high)\
-		: "a"(low),"g"(0)	\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+m"(r),"+d"(high)	\
-		: "r"(carry),"g"(0)	\
-		: "cc");		\
-	carry=high;			\
-	} while (0)
-
-#define mul(r,a,word,carry) do {	\
-	register BN_ULONG high,low;	\
-	asm ("mulq %3"			\
-		: "=a"(low),"=d"(high)	\
-		: "a"(word),"g"(a)	\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(carry),"+d"(high)\
-		: "a"(low),"g"(0)	\
-		: "cc");		\
-	(r)=carry, carry=high;		\
-	} while (0)
-
-#define sqr(r0,r1,a)			\
-	asm ("mulq %2"			\
-		: "=a"(r0),"=d"(r1)	\
-		: "a"(a)		\
-		: "cc");
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-	{
-	BN_ULONG c1=0;
-
-	if (num <= 0) return(c1);
-
-	while (num&~3)
-		{
-		mul_add(rp[0],ap[0],w,c1);
-		mul_add(rp[1],ap[1],w,c1);
-		mul_add(rp[2],ap[2],w,c1);
-		mul_add(rp[3],ap[3],w,c1);
-		ap+=4; rp+=4; num-=4;
-		}
-	if (num)
-		{
-		mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
-		mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
-		mul_add(rp[2],ap[2],w,c1); return c1;
-		}
-	
-	return(c1);
-	} 
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-	{
-	BN_ULONG c1=0;
-
-	if (num <= 0) return(c1);
-
-	while (num&~3)
-		{
-		mul(rp[0],ap[0],w,c1);
-		mul(rp[1],ap[1],w,c1);
-		mul(rp[2],ap[2],w,c1);
-		mul(rp[3],ap[3],w,c1);
-		ap+=4; rp+=4; num-=4;
-		}
-	if (num)
-		{
-		mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
-		mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
-		mul(rp[2],ap[2],w,c1);
-		}
-	return(c1);
-	} 
-
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
-        {
-	if (n <= 0) return;
-
-	while (n&~3)
-		{
-		sqr(r[0],r[1],a[0]);
-		sqr(r[2],r[3],a[1]);
-		sqr(r[4],r[5],a[2]);
-		sqr(r[6],r[7],a[3]);
-		a+=4; r+=8; n-=4;
-		}
-	if (n)
-		{
-		sqr(r[0],r[1],a[0]); if (--n == 0) return;
-		sqr(r[2],r[3],a[1]); if (--n == 0) return;
-		sqr(r[4],r[5],a[2]);
-		}
-	}
-
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-{	BN_ULONG ret,waste;
-
-	asm ("divq	%4"
-		: "=a"(ret),"=d"(waste)
-		: "a"(l),"d"(h),"g"(d)
-		: "cc");
-
-	return ret;
-}
-
-BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
-{ BN_ULONG ret=0,i=0;
-
-	if (n <= 0) return 0;
-
-	asm volatile (
-	"	subq	%2,%2		\n"
-	".p2align 4			\n"
-	"1:	movq	(%4,%2,8),%0	\n"
-	"	adcq	(%5,%2,8),%0	\n"
-	"	movq	%0,(%3,%2,8)	\n"
-	"	leaq	1(%2),%2	\n"
-	"	loop	1b		\n"
-	"	sbbq	%0,%0		\n"
-		: "=&a"(ret),"+c"(n),"=&r"(i)
-		: "r"(rp),"r"(ap),"r"(bp)
-		: "cc", "memory"
-	);
-
-  return ret&1;
-}
-
-#ifndef SIMICS
-BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
-{ BN_ULONG ret=0,i=0;
-
-	if (n <= 0) return 0;
-
-	asm volatile (
-	"	subq	%2,%2		\n"
-	".p2align 4			\n"
-	"1:	movq	(%4,%2,8),%0	\n"
-	"	sbbq	(%5,%2,8),%0	\n"
-	"	movq	%0,(%3,%2,8)	\n"
-	"	leaq	1(%2),%2	\n"
-	"	loop	1b		\n"
-	"	sbbq	%0,%0		\n"
-		: "=&a"(ret),"+c"(n),"=&r"(i)
-		: "r"(rp),"r"(ap),"r"(bp)
-		: "cc", "memory"
-	);
-
-  return ret&1;
-}
-#else
-/* Simics 1.4<7 has buggy sbbq:-( */
-#define BN_MASK2 0xffffffffffffffffL
-BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-        {
-	BN_ULONG t1,t2;
-	int c=0;
-
-	if (n <= 0) return((BN_ULONG)0);
-
-	for (;;)
-		{
-		t1=a[0]; t2=b[0];
-		r[0]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		if (--n <= 0) break;
-
-		t1=a[1]; t2=b[1];
-		r[1]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		if (--n <= 0) break;
-
-		t1=a[2]; t2=b[2];
-		r[2]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		if (--n <= 0) break;
-
-		t1=a[3]; t2=b[3];
-		r[3]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		if (--n <= 0) break;
-
-		a+=4;
-		b+=4;
-		r+=4;
-		}
-	return(c);
-	}
-#endif
-
-/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
-/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
-/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
-/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
-
-/*
- * Keep in mind that carrying into high part of multiplication result
- * can not overflow, because it cannot be all-ones.
- */
-#if 0
-/* original macros are kept for reference purposes */
-#define mul_add_c(a,b,c0,c1,c2) {	\
-	BN_ULONG ta=(a),tb=(b);		\
-	t1 = ta * tb;			\
-	t2 = BN_UMULT_HIGH(ta,tb);	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-
-#define mul_add_c2(a,b,c0,c1,c2) {	\
-	BN_ULONG ta=(a),tb=(b),t0;	\
-	t1 = BN_UMULT_HIGH(ta,tb);	\
-	t0 = ta * tb;			\
-	c0 += t0; t2 = t1+((c0<t0)?1:0);\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	c0 += t0; t1 += (c0<t0)?1:0;	\
-	c1 += t1; c2 += (c1<t1)?1:0;	\
-	}
-#else
-#define mul_add_c(a,b,c0,c1,c2)	do {	\
-	asm ("mulq %3"			\
-		: "=a"(t1),"=d"(t2)	\
-		: "a"(a),"m"(b)		\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(c0),"+d"(t2)	\
-		: "a"(t1),"g"(0)	\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(c1),"+r"(c2)	\
-		: "d"(t2),"g"(0)	\
-		: "cc");		\
-	} while (0)
-
-#define sqr_add_c(a,i,c0,c1,c2)	do {	\
-	asm ("mulq %2"			\
-		: "=a"(t1),"=d"(t2)	\
-		: "a"(a[i])		\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(c0),"+d"(t2)	\
-		: "a"(t1),"g"(0)	\
-		: "cc");		\
-	asm ("addq %2,%0; adcq %3,%1"	\
-		: "+r"(c1),"+r"(c2)	\
-		: "d"(t2),"g"(0)	\
-		: "cc");		\
-	} while (0)
-
-#define mul_add_c2(a,b,c0,c1,c2) do {	\
-	asm ("mulq %3"			\
-		: "=a"(t1),"=d"(t2)	\
-		: "a"(a),"m"(b)		\
-		: "cc");		\
-	asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"	\
-		: "+r"(c0),"+r"(c1),"+r"(c2)		\
-		: "r"(t1),"r"(t2),"g"(0)		\
-		: "cc");				\
-	asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"	\
-		: "+r"(c0),"+r"(c1),"+r"(c2)		\
-		: "r"(t1),"r"(t2),"g"(0)		\
-		: "cc");				\
-	} while (0)
-#endif
-
-#define sqr_add_c2(a,i,j,c0,c1,c2)	\
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	mul_add_c(a[0],b[0],c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	mul_add_c(a[0],b[1],c2,c3,c1);
-	mul_add_c(a[1],b[0],c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	mul_add_c(a[2],b[0],c3,c1,c2);
-	mul_add_c(a[1],b[1],c3,c1,c2);
-	mul_add_c(a[0],b[2],c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	mul_add_c(a[0],b[3],c1,c2,c3);
-	mul_add_c(a[1],b[2],c1,c2,c3);
-	mul_add_c(a[2],b[1],c1,c2,c3);
-	mul_add_c(a[3],b[0],c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	mul_add_c(a[4],b[0],c2,c3,c1);
-	mul_add_c(a[3],b[1],c2,c3,c1);
-	mul_add_c(a[2],b[2],c2,c3,c1);
-	mul_add_c(a[1],b[3],c2,c3,c1);
-	mul_add_c(a[0],b[4],c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	mul_add_c(a[0],b[5],c3,c1,c2);
-	mul_add_c(a[1],b[4],c3,c1,c2);
-	mul_add_c(a[2],b[3],c3,c1,c2);
-	mul_add_c(a[3],b[2],c3,c1,c2);
-	mul_add_c(a[4],b[1],c3,c1,c2);
-	mul_add_c(a[5],b[0],c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	mul_add_c(a[6],b[0],c1,c2,c3);
-	mul_add_c(a[5],b[1],c1,c2,c3);
-	mul_add_c(a[4],b[2],c1,c2,c3);
-	mul_add_c(a[3],b[3],c1,c2,c3);
-	mul_add_c(a[2],b[4],c1,c2,c3);
-	mul_add_c(a[1],b[5],c1,c2,c3);
-	mul_add_c(a[0],b[6],c1,c2,c3);
-	r[6]=c1;
-	c1=0;
-	mul_add_c(a[0],b[7],c2,c3,c1);
-	mul_add_c(a[1],b[6],c2,c3,c1);
-	mul_add_c(a[2],b[5],c2,c3,c1);
-	mul_add_c(a[3],b[4],c2,c3,c1);
-	mul_add_c(a[4],b[3],c2,c3,c1);
-	mul_add_c(a[5],b[2],c2,c3,c1);
-	mul_add_c(a[6],b[1],c2,c3,c1);
-	mul_add_c(a[7],b[0],c2,c3,c1);
-	r[7]=c2;
-	c2=0;
-	mul_add_c(a[7],b[1],c3,c1,c2);
-	mul_add_c(a[6],b[2],c3,c1,c2);
-	mul_add_c(a[5],b[3],c3,c1,c2);
-	mul_add_c(a[4],b[4],c3,c1,c2);
-	mul_add_c(a[3],b[5],c3,c1,c2);
-	mul_add_c(a[2],b[6],c3,c1,c2);
-	mul_add_c(a[1],b[7],c3,c1,c2);
-	r[8]=c3;
-	c3=0;
-	mul_add_c(a[2],b[7],c1,c2,c3);
-	mul_add_c(a[3],b[6],c1,c2,c3);
-	mul_add_c(a[4],b[5],c1,c2,c3);
-	mul_add_c(a[5],b[4],c1,c2,c3);
-	mul_add_c(a[6],b[3],c1,c2,c3);
-	mul_add_c(a[7],b[2],c1,c2,c3);
-	r[9]=c1;
-	c1=0;
-	mul_add_c(a[7],b[3],c2,c3,c1);
-	mul_add_c(a[6],b[4],c2,c3,c1);
-	mul_add_c(a[5],b[5],c2,c3,c1);
-	mul_add_c(a[4],b[6],c2,c3,c1);
-	mul_add_c(a[3],b[7],c2,c3,c1);
-	r[10]=c2;
-	c2=0;
-	mul_add_c(a[4],b[7],c3,c1,c2);
-	mul_add_c(a[5],b[6],c3,c1,c2);
-	mul_add_c(a[6],b[5],c3,c1,c2);
-	mul_add_c(a[7],b[4],c3,c1,c2);
-	r[11]=c3;
-	c3=0;
-	mul_add_c(a[7],b[5],c1,c2,c3);
-	mul_add_c(a[6],b[6],c1,c2,c3);
-	mul_add_c(a[5],b[7],c1,c2,c3);
-	r[12]=c1;
-	c1=0;
-	mul_add_c(a[6],b[7],c2,c3,c1);
-	mul_add_c(a[7],b[6],c2,c3,c1);
-	r[13]=c2;
-	c2=0;
-	mul_add_c(a[7],b[7],c3,c1,c2);
-	r[14]=c3;
-	r[15]=c1;
-	}
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	mul_add_c(a[0],b[0],c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	mul_add_c(a[0],b[1],c2,c3,c1);
-	mul_add_c(a[1],b[0],c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	mul_add_c(a[2],b[0],c3,c1,c2);
-	mul_add_c(a[1],b[1],c3,c1,c2);
-	mul_add_c(a[0],b[2],c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	mul_add_c(a[0],b[3],c1,c2,c3);
-	mul_add_c(a[1],b[2],c1,c2,c3);
-	mul_add_c(a[2],b[1],c1,c2,c3);
-	mul_add_c(a[3],b[0],c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	mul_add_c(a[3],b[1],c2,c3,c1);
-	mul_add_c(a[2],b[2],c2,c3,c1);
-	mul_add_c(a[1],b[3],c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	mul_add_c(a[2],b[3],c3,c1,c2);
-	mul_add_c(a[3],b[2],c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	mul_add_c(a[3],b[3],c1,c2,c3);
-	r[6]=c1;
-	r[7]=c2;
-	}
-
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
-	{
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	sqr_add_c(a,0,c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	sqr_add_c2(a,1,0,c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	sqr_add_c(a,1,c3,c1,c2);
-	sqr_add_c2(a,2,0,c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	sqr_add_c2(a,3,0,c1,c2,c3);
-	sqr_add_c2(a,2,1,c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	sqr_add_c(a,2,c2,c3,c1);
-	sqr_add_c2(a,3,1,c2,c3,c1);
-	sqr_add_c2(a,4,0,c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	sqr_add_c2(a,5,0,c3,c1,c2);
-	sqr_add_c2(a,4,1,c3,c1,c2);
-	sqr_add_c2(a,3,2,c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	sqr_add_c(a,3,c1,c2,c3);
-	sqr_add_c2(a,4,2,c1,c2,c3);
-	sqr_add_c2(a,5,1,c1,c2,c3);
-	sqr_add_c2(a,6,0,c1,c2,c3);
-	r[6]=c1;
-	c1=0;
-	sqr_add_c2(a,7,0,c2,c3,c1);
-	sqr_add_c2(a,6,1,c2,c3,c1);
-	sqr_add_c2(a,5,2,c2,c3,c1);
-	sqr_add_c2(a,4,3,c2,c3,c1);
-	r[7]=c2;
-	c2=0;
-	sqr_add_c(a,4,c3,c1,c2);
-	sqr_add_c2(a,5,3,c3,c1,c2);
-	sqr_add_c2(a,6,2,c3,c1,c2);
-	sqr_add_c2(a,7,1,c3,c1,c2);
-	r[8]=c3;
-	c3=0;
-	sqr_add_c2(a,7,2,c1,c2,c3);
-	sqr_add_c2(a,6,3,c1,c2,c3);
-	sqr_add_c2(a,5,4,c1,c2,c3);
-	r[9]=c1;
-	c1=0;
-	sqr_add_c(a,5,c2,c3,c1);
-	sqr_add_c2(a,6,4,c2,c3,c1);
-	sqr_add_c2(a,7,3,c2,c3,c1);
-	r[10]=c2;
-	c2=0;
-	sqr_add_c2(a,7,4,c3,c1,c2);
-	sqr_add_c2(a,6,5,c3,c1,c2);
-	r[11]=c3;
-	c3=0;
-	sqr_add_c(a,6,c1,c2,c3);
-	sqr_add_c2(a,7,5,c1,c2,c3);
-	r[12]=c1;
-	c1=0;
-	sqr_add_c2(a,7,6,c2,c3,c1);
-	r[13]=c2;
-	c2=0;
-	sqr_add_c(a,7,c3,c1,c2);
-	r[14]=c3;
-	r[15]=c1;
-	}
-
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
-	{
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	sqr_add_c(a,0,c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	sqr_add_c2(a,1,0,c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	sqr_add_c(a,1,c3,c1,c2);
-	sqr_add_c2(a,2,0,c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	sqr_add_c2(a,3,0,c1,c2,c3);
-	sqr_add_c2(a,2,1,c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	sqr_add_c(a,2,c2,c3,c1);
-	sqr_add_c2(a,3,1,c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	sqr_add_c2(a,3,2,c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	sqr_add_c(a,3,c1,c2,c3);
-	r[6]=c1;
-	r[7]=c2;
-	}
-#endif
diff --git a/crypto/bn/asm/x86_64-gf2m.S b/crypto/bn/asm/x86_64-gf2m.S
deleted file mode 100644
index ccd2ed701c..0000000000
--- a/crypto/bn/asm/x86_64-gf2m.S
+++ /dev/null
@@ -1,291 +0,0 @@
-.text	
-
-.type	_mul_1x1,@function
-.align	16
-_mul_1x1:
-	subq	$128+8,%rsp
-	movq	$-1,%r9
-	leaq	(%rax,%rax,1),%rsi
-	shrq	$3,%r9
-	leaq	(,%rax,4),%rdi
-	andq	%rax,%r9
-	leaq	(,%rax,8),%r12
-	sarq	$63,%rax
-	leaq	(%r9,%r9,1),%r10
-	sarq	$63,%rsi
-	leaq	(,%r9,4),%r11
-	andq	%rbp,%rax
-	sarq	$63,%rdi
-	movq	%rax,%rdx
-	shlq	$63,%rax
-	andq	%rbp,%rsi
-	shrq	$1,%rdx
-	movq	%rsi,%rcx
-	shlq	$62,%rsi
-	andq	%rbp,%rdi
-	shrq	$2,%rcx
-	xorq	%rsi,%rax
-	movq	%rdi,%rbx
-	shlq	$61,%rdi
-	xorq	%rcx,%rdx
-	shrq	$3,%rbx
-	xorq	%rdi,%rax
-	xorq	%rbx,%rdx
-
-	movq	%r9,%r13
-	movq	$0,0(%rsp)
-	xorq	%r10,%r13
-	movq	%r9,8(%rsp)
-	movq	%r11,%r14
-	movq	%r10,16(%rsp)
-	xorq	%r12,%r14
-	movq	%r13,24(%rsp)
-
-	xorq	%r11,%r9
-	movq	%r11,32(%rsp)
-	xorq	%r11,%r10
-	movq	%r9,40(%rsp)
-	xorq	%r11,%r13
-	movq	%r10,48(%rsp)
-	xorq	%r14,%r9
-	movq	%r13,56(%rsp)
-	xorq	%r14,%r10
-
-	movq	%r12,64(%rsp)
-	xorq	%r14,%r13
-	movq	%r9,72(%rsp)
-	xorq	%r11,%r9
-	movq	%r10,80(%rsp)
-	xorq	%r11,%r10
-	movq	%r13,88(%rsp)
-
-	xorq	%r11,%r13
-	movq	%r14,96(%rsp)
-	movq	%r8,%rsi
-	movq	%r9,104(%rsp)
-	andq	%rbp,%rsi
-	movq	%r10,112(%rsp)
-	shrq	$4,%rbp
-	movq	%r13,120(%rsp)
-	movq	%r8,%rdi
-	andq	%rbp,%rdi
-	shrq	$4,%rbp
-
-	movq	(%rsp,%rsi,8),%xmm0
-	movq	%r8,%rsi
-	andq	%rbp,%rsi
-	shrq	$4,%rbp
-	movq	(%rsp,%rdi,8),%rcx
-	movq	%r8,%rdi
-	movq	%rcx,%rbx
-	shlq	$4,%rcx
-	andq	%rbp,%rdi
-	movq	(%rsp,%rsi,8),%xmm1
-	shrq	$60,%rbx
-	xorq	%rcx,%rax
-	pslldq	$1,%xmm1
-	movq	%r8,%rsi
-	shrq	$4,%rbp
-	xorq	%rbx,%rdx
-	andq	%rbp,%rsi
-	shrq	$4,%rbp
-	pxor	%xmm1,%xmm0
-	movq	(%rsp,%rdi,8),%rcx
-	movq	%r8,%rdi
-	movq	%rcx,%rbx
-	shlq	$12,%rcx
-	andq	%rbp,%rdi
-	movq	(%rsp,%rsi,8),%xmm1
-	shrq	$52,%rbx
-	xorq	%rcx,%rax
-	pslldq	$2,%xmm1
-	movq	%r8,%rsi
-	shrq	$4,%rbp
-	xorq	%rbx,%rdx
-	andq	%rbp,%rsi
-	shrq	$4,%rbp
-	pxor	%xmm1,%xmm0
-	movq	(%rsp,%rdi,8),%rcx
-	movq	%r8,%rdi
-	movq	%rcx,%rbx
-	shlq	$20,%rcx
-	andq	%rbp,%rdi
-	movq	(%rsp,%rsi,8),%xmm1
-	shrq	$44,%rbx
-	xorq	%rcx,%rax
-	pslldq	$3,%xmm1
-	movq	%r8,%rsi
-	shrq	$4,%rbp
-	xorq	%rbx,%rdx
-	andq	%rbp,%rsi
-	shrq	$4,%rbp
-	pxor	%xmm1,%xmm0
-	movq	(%rsp,%rdi,8),%rcx
-	movq	%r8,%rdi
-	movq	%rcx,%rbx
-	shlq	$28,%rcx
-	andq	%rbp,%rdi
-	movq	(%rsp,%rsi,8),%xmm1
-	shrq	$36,%rbx
-	xorq	%rcx,%rax
-	pslldq	$4,%xmm1
-	movq	%r8,%rsi
-	shrq	$4,%rbp
-	xorq	%rbx,%rdx
-	andq	%rbp,%rsi
-	shrq	$4,%rbp
-	pxor	%xmm1,%xmm0
-	movq	(%rsp,%rdi,8),%rcx
-	movq	%r8,%rdi
-	movq	%rcx,%rbx
-	shlq	$36,%rcx
-	andq	%rbp,%rdi
-	movq	(%rsp,%rsi,8),%xmm1
-	shrq	$28,%rbx
-	xorq	%rcx,%rax
-	pslldq	$5,%xmm1
-	movq	%r8,%rsi
-	shrq	$4,%rbp
-	xorq	%rbx,%rdx
-	andq	%rbp,%rsi
-	shrq	$4,%rbp
-	pxor	%xmm1,%xmm0
-	movq	(%rsp,%rdi,8),%rcx
-	movq	%r8,%rdi
-	movq	%rcx,%rbx
-	shlq	$44,%rcx
-	andq	%rbp,%rdi
-	movq	(%rsp,%rsi,8),%xmm1
-	shrq	$20,%rbx
-	xorq	%rcx,%rax
-	pslldq	$6,%xmm1
-	movq	%r8,%rsi
-	shrq	$4,%rbp
-	xorq	%rbx,%rdx
-	andq	%rbp,%rsi
-	shrq	$4,%rbp
-	pxor	%xmm1,%xmm0
-	movq	(%rsp,%rdi,8),%rcx
-	movq	%r8,%rdi
-	movq	%rcx,%rbx
-	shlq	$52,%rcx
-	andq	%rbp,%rdi
-	movq	(%rsp,%rsi,8),%xmm1
-	shrq	$12,%rbx
-	xorq	%rcx,%rax
-	pslldq	$7,%xmm1
-	movq	%r8,%rsi
-	shrq	$4,%rbp
-	xorq	%rbx,%rdx
-	andq	%rbp,%rsi
-	shrq	$4,%rbp
-	pxor	%xmm1,%xmm0
-	movq	(%rsp,%rdi,8),%rcx
-	movq	%rcx,%rbx
-	shlq	$60,%rcx
-.byte	102,72,15,126,198
-	shrq	$4,%rbx
-	xorq	%rcx,%rax
-	psrldq	$8,%xmm0
-	xorq	%rbx,%rdx
-.byte	102,72,15,126,199
-	xorq	%rsi,%rax
-	xorq	%rdi,%rdx
-
-	addq	$128+8,%rsp
-	.byte	0xf3,0xc3
-.Lend_mul_1x1:
-.size	_mul_1x1,.-_mul_1x1
-
-.globl	bn_GF2m_mul_2x2
-.type	bn_GF2m_mul_2x2,@function
-.align	16
-bn_GF2m_mul_2x2:
-	movq	OPENSSL_ia32cap_P(%rip),%rax
-	btq	$33,%rax
-	jnc	.Lvanilla_mul_2x2
-
-.byte	102,72,15,110,198
-.byte	102,72,15,110,201
-.byte	102,72,15,110,210
-.byte	102,73,15,110,216
-	movdqa	%xmm0,%xmm4
-	movdqa	%xmm1,%xmm5
-.byte	102,15,58,68,193,0
-	pxor	%xmm2,%xmm4
-	pxor	%xmm3,%xmm5
-.byte	102,15,58,68,211,0
-.byte	102,15,58,68,229,0
-	xorps	%xmm0,%xmm4
-	xorps	%xmm2,%xmm4
-	movdqa	%xmm4,%xmm5
-	pslldq	$8,%xmm4
-	psrldq	$8,%xmm5
-	pxor	%xmm4,%xmm2
-	pxor	%xmm5,%xmm0
-	movdqu	%xmm2,0(%rdi)
-	movdqu	%xmm0,16(%rdi)
-	.byte	0xf3,0xc3
-
-.align	16
-.Lvanilla_mul_2x2:
-	leaq	-136(%rsp),%rsp
-	movq	%r14,80(%rsp)
-	movq	%r13,88(%rsp)
-	movq	%r12,96(%rsp)
-	movq	%rbp,104(%rsp)
-	movq	%rbx,112(%rsp)
-.Lbody_mul_2x2:
-	movq	%rdi,32(%rsp)
-	movq	%rsi,40(%rsp)
-	movq	%rdx,48(%rsp)
-	movq	%rcx,56(%rsp)
-	movq	%r8,64(%rsp)
-
-	movq	$15,%r8
-	movq	%rsi,%rax
-	movq	%rcx,%rbp
-	call	_mul_1x1		
-	movq	%rax,16(%rsp)
-	movq	%rdx,24(%rsp)
-
-	movq	48(%rsp),%rax
-	movq	64(%rsp),%rbp
-	call	_mul_1x1		
-	movq	%rax,0(%rsp)
-	movq	%rdx,8(%rsp)
-
-	movq	40(%rsp),%rax
-	movq	56(%rsp),%rbp
-	xorq	48(%rsp),%rax
-	xorq	64(%rsp),%rbp
-	call	_mul_1x1		
-	movq	0(%rsp),%rbx
-	movq	8(%rsp),%rcx
-	movq	16(%rsp),%rdi
-	movq	24(%rsp),%rsi
-	movq	32(%rsp),%rbp
-
-	xorq	%rdx,%rax
-	xorq	%rcx,%rdx
-	xorq	%rbx,%rax
-	movq	%rbx,0(%rbp)
-	xorq	%rdi,%rdx
-	movq	%rsi,24(%rbp)
-	xorq	%rsi,%rax
-	xorq	%rsi,%rdx
-	xorq	%rdx,%rax
-	movq	%rdx,16(%rbp)
-	movq	%rax,8(%rbp)
-
-	movq	80(%rsp),%r14
-	movq	88(%rsp),%r13
-	movq	96(%rsp),%r12
-	movq	104(%rsp),%rbp
-	movq	112(%rsp),%rbx
-	leaq	136(%rsp),%rsp
-	.byte	0xf3,0xc3
-.Lend_mul_2x2:
-.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
-.byte	71,70,40,50,94,109,41,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.align	16
diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl
deleted file mode 100644
index 42bbec2fb7..0000000000
--- a/crypto/bn/asm/x86_64-gf2m.pl
+++ /dev/null
@@ -1,390 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# May 2011
-#
-# The module implements bn_GF2m_mul_2x2 polynomial multiplication used
-# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for
-# the time being... Except that it has two code paths: code suitable
-# for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and
-# later. Improvement varies from one benchmark and µ-arch to another.
-# Vanilla code path is at most 20% faster than compiler-generated code
-# [not very impressive], while PCLMULQDQ - whole 85%-160% better on
-# 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that
-# these coefficients are not ones for bn_GF2m_mul_2x2 itself, as not
-# all CPU time is burnt in it...
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-($lo,$hi)=("%rax","%rdx");	$a=$lo;
-($i0,$i1)=("%rsi","%rdi");
-($t0,$t1)=("%rbx","%rcx");
-($b,$mask)=("%rbp","%r8");
-($a1,$a2,$a4,$a8,$a12,$a48)=map("%r$_",(9..15));
-($R,$Tx)=("%xmm0","%xmm1");
-
-$code.=<<___;
-.text
-
-.type	_mul_1x1,\@abi-omnipotent
-.align	16
-_mul_1x1:
-	sub	\$128+8,%rsp
-	mov	\$-1,$a1
-	lea	($a,$a),$i0
-	shr	\$3,$a1
-	lea	(,$a,4),$i1
-	and	$a,$a1			# a1=a&0x1fffffffffffffff
-	lea	(,$a,8),$a8
-	sar	\$63,$a			# broadcast 63rd bit
-	lea	($a1,$a1),$a2
-	sar	\$63,$i0		# broadcast 62nd bit
-	lea	(,$a1,4),$a4
-	and	$b,$a
-	sar	\$63,$i1		# boardcast 61st bit
-	mov	$a,$hi			# $a is $lo
-	shl	\$63,$lo
-	and	$b,$i0
-	shr	\$1,$hi
-	mov	$i0,$t1
-	shl	\$62,$i0
-	and	$b,$i1
-	shr	\$2,$t1
-	xor	$i0,$lo
-	mov	$i1,$t0
-	shl	\$61,$i1
-	xor	$t1,$hi
-	shr	\$3,$t0
-	xor	$i1,$lo
-	xor	$t0,$hi
-
-	mov	$a1,$a12
-	movq	\$0,0(%rsp)		# tab[0]=0
-	xor	$a2,$a12		# a1^a2
-	mov	$a1,8(%rsp)		# tab[1]=a1
-	 mov	$a4,$a48
-	mov	$a2,16(%rsp)		# tab[2]=a2
-	 xor	$a8,$a48		# a4^a8
-	mov	$a12,24(%rsp)		# tab[3]=a1^a2
-
-	xor	$a4,$a1
-	mov	$a4,32(%rsp)		# tab[4]=a4
-	xor	$a4,$a2
-	mov	$a1,40(%rsp)		# tab[5]=a1^a4
-	xor	$a4,$a12
-	mov	$a2,48(%rsp)		# tab[6]=a2^a4
-	 xor	$a48,$a1		# a1^a4^a4^a8=a1^a8
-	mov	$a12,56(%rsp)		# tab[7]=a1^a2^a4
-	 xor	$a48,$a2		# a2^a4^a4^a8=a1^a8
-
-	mov	$a8,64(%rsp)		# tab[8]=a8
-	xor	$a48,$a12		# a1^a2^a4^a4^a8=a1^a2^a8
-	mov	$a1,72(%rsp)		# tab[9]=a1^a8
-	 xor	$a4,$a1			# a1^a8^a4
-	mov	$a2,80(%rsp)		# tab[10]=a2^a8
-	 xor	$a4,$a2			# a2^a8^a4
-	mov	$a12,88(%rsp)		# tab[11]=a1^a2^a8
-
-	xor	$a4,$a12		# a1^a2^a8^a4
-	mov	$a48,96(%rsp)		# tab[12]=a4^a8
-	 mov	$mask,$i0
-	mov	$a1,104(%rsp)		# tab[13]=a1^a4^a8
-	 and	$b,$i0
-	mov	$a2,112(%rsp)		# tab[14]=a2^a4^a8
-	 shr	\$4,$b
-	mov	$a12,120(%rsp)		# tab[15]=a1^a2^a4^a8
-	 mov	$mask,$i1
-	 and	$b,$i1
-	 shr	\$4,$b
-
-	movq	(%rsp,$i0,8),$R		# half of calculations is done in SSE2
-	mov	$mask,$i0
-	and	$b,$i0
-	shr	\$4,$b
-___
-    for ($n=1;$n<8;$n++) {
-	$code.=<<___;
-	mov	(%rsp,$i1,8),$t1
-	mov	$mask,$i1
-	mov	$t1,$t0
-	shl	\$`8*$n-4`,$t1
-	and	$b,$i1
-	 movq	(%rsp,$i0,8),$Tx
-	shr	\$`64-(8*$n-4)`,$t0
-	xor	$t1,$lo
-	 pslldq	\$$n,$Tx
-	 mov	$mask,$i0
-	shr	\$4,$b
-	xor	$t0,$hi
-	 and	$b,$i0
-	 shr	\$4,$b
-	 pxor	$Tx,$R
-___
-    }
-$code.=<<___;
-	mov	(%rsp,$i1,8),$t1
-	mov	$t1,$t0
-	shl	\$`8*$n-4`,$t1
-	movq	$R,$i0
-	shr	\$`64-(8*$n-4)`,$t0
-	xor	$t1,$lo
-	psrldq	\$8,$R
-	xor	$t0,$hi
-	movq	$R,$i1
-	xor	$i0,$lo
-	xor	$i1,$hi
-
-	add	\$128+8,%rsp
-	ret
-.Lend_mul_1x1:
-.size	_mul_1x1,.-_mul_1x1
-___
-
-($rp,$a1,$a0,$b1,$b0) = $win64?	("%rcx","%rdx","%r8", "%r9","%r10") :	# Win64 order
-				("%rdi","%rsi","%rdx","%rcx","%r8");	# Unix order
-
-$code.=<<___;
-.extern	OPENSSL_ia32cap_P
-.globl	bn_GF2m_mul_2x2
-.type	bn_GF2m_mul_2x2,\@abi-omnipotent
-.align	16
-bn_GF2m_mul_2x2:
-	mov	OPENSSL_ia32cap_P(%rip),%rax
-	bt	\$33,%rax
-	jnc	.Lvanilla_mul_2x2
-
-	movq		$a1,%xmm0
-	movq		$b1,%xmm1
-	movq		$a0,%xmm2
-___
-$code.=<<___ if ($win64);
-	movq		40(%rsp),%xmm3
-___
-$code.=<<___ if (!$win64);
-	movq		$b0,%xmm3
-___
-$code.=<<___;
-	movdqa		%xmm0,%xmm4
-	movdqa		%xmm1,%xmm5
-	pclmulqdq	\$0,%xmm1,%xmm0	# a1·b1
-	pxor		%xmm2,%xmm4
-	pxor		%xmm3,%xmm5
-	pclmulqdq	\$0,%xmm3,%xmm2	# a0·b0
-	pclmulqdq	\$0,%xmm5,%xmm4	# (a0+a1)·(b0+b1)
-	xorps		%xmm0,%xmm4
-	xorps		%xmm2,%xmm4	# (a0+a1)·(b0+b1)-a0·b0-a1·b1
-	movdqa		%xmm4,%xmm5
-	pslldq		\$8,%xmm4
-	psrldq		\$8,%xmm5
-	pxor		%xmm4,%xmm2
-	pxor		%xmm5,%xmm0
-	movdqu		%xmm2,0($rp)
-	movdqu		%xmm0,16($rp)
-	ret
-
-.align	16
-.Lvanilla_mul_2x2:
-	lea	-8*17(%rsp),%rsp
-___
-$code.=<<___ if ($win64);
-	mov	`8*17+40`(%rsp),$b0
-	mov	%rdi,8*15(%rsp)
-	mov	%rsi,8*16(%rsp)
-___
-$code.=<<___;
-	mov	%r14,8*10(%rsp)
-	mov	%r13,8*11(%rsp)
-	mov	%r12,8*12(%rsp)
-	mov	%rbp,8*13(%rsp)
-	mov	%rbx,8*14(%rsp)
-.Lbody_mul_2x2:
-	mov	$rp,32(%rsp)		# save the arguments
-	mov	$a1,40(%rsp)
-	mov	$a0,48(%rsp)
-	mov	$b1,56(%rsp)
-	mov	$b0,64(%rsp)
-
-	mov	\$0xf,$mask
-	mov	$a1,$a
-	mov	$b1,$b
-	call	_mul_1x1		# a1·b1
-	mov	$lo,16(%rsp)
-	mov	$hi,24(%rsp)
-
-	mov	48(%rsp),$a
-	mov	64(%rsp),$b
-	call	_mul_1x1		# a0·b0
-	mov	$lo,0(%rsp)
-	mov	$hi,8(%rsp)
-
-	mov	40(%rsp),$a
-	mov	56(%rsp),$b
-	xor	48(%rsp),$a
-	xor	64(%rsp),$b
-	call	_mul_1x1		# (a0+a1)·(b0+b1)
-___
-	@r=("%rbx","%rcx","%rdi","%rsi");
-$code.=<<___;
-	mov	0(%rsp),@r[0]
-	mov	8(%rsp),@r[1]
-	mov	16(%rsp),@r[2]
-	mov	24(%rsp),@r[3]
-	mov	32(%rsp),%rbp
-
-	xor	$hi,$lo
-	xor	@r[1],$hi
-	xor	@r[0],$lo
-	mov	@r[0],0(%rbp)
-	xor	@r[2],$hi
-	mov	@r[3],24(%rbp)
-	xor	@r[3],$lo
-	xor	@r[3],$hi
-	xor	$hi,$lo
-	mov	$hi,16(%rbp)
-	mov	$lo,8(%rbp)
-
-	mov	8*10(%rsp),%r14
-	mov	8*11(%rsp),%r13
-	mov	8*12(%rsp),%r12
-	mov	8*13(%rsp),%rbp
-	mov	8*14(%rsp),%rbx
-___
-$code.=<<___ if ($win64);
-	mov	8*15(%rsp),%rdi
-	mov	8*16(%rsp),%rsi
-___
-$code.=<<___;
-	lea	8*17(%rsp),%rsp
-	ret
-.Lend_mul_2x2:
-.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
-.asciz	"GF(2^m) Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-.align	16
-___
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#               CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern __imp_RtlVirtualUnwind
-
-.type	se_handler,\@abi-omnipotent
-.align	16
-se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	152($context),%rax	# pull context->Rsp
-	mov	248($context),%rbx	# pull context->Rip
-
-	lea	.Lbody_mul_2x2(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<"prologue" label
-	jb	.Lin_prologue
-
-	mov	8*10(%rax),%r14		# mimic epilogue
-	mov	8*11(%rax),%r13
-	mov	8*12(%rax),%r12
-	mov	8*13(%rax),%rbp
-	mov	8*14(%rax),%rbx
-	mov	8*15(%rax),%rdi
-	mov	8*16(%rax),%rsi
-
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-
-.Lin_prologue:
-	lea	8*17(%rax),%rax
-	mov	%rax,152($context)	# restore context->Rsp
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	se_handler,.-se_handler
-
-.section	.pdata
-.align	4
-	.rva	_mul_1x1
-	.rva	.Lend_mul_1x1
-	.rva	.LSEH_info_1x1
-
-	.rva	.Lvanilla_mul_2x2
-	.rva	.Lend_mul_2x2
-	.rva	.LSEH_info_2x2
-.section	.xdata
-.align	8
-.LSEH_info_1x1:
-	.byte	0x01,0x07,0x02,0x00
-	.byte	0x07,0x01,0x11,0x00	# sub rsp,128+8
-.LSEH_info_2x2:
-	.byte	9,0,0,0
-	.rva	se_handler
-___
-}
-
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/x86_64-mont.S b/crypto/bn/asm/x86_64-mont.S
deleted file mode 100644
index 95e2905287..0000000000
--- a/crypto/bn/asm/x86_64-mont.S
+++ /dev/null
@@ -1,1374 +0,0 @@
-.text	
-
-.globl	bn_mul_mont
-.type	bn_mul_mont,@function
-.align	16
-bn_mul_mont:
-	testl	$3,%r9d
-	jnz	.Lmul_enter
-	cmpl	$8,%r9d
-	jb	.Lmul_enter
-	cmpq	%rsi,%rdx
-	jne	.Lmul4x_enter
-	jmp	.Lsqr4x_enter
-
-.align	16
-.Lmul_enter:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-
-	movl	%r9d,%r9d
-	leaq	2(%r9),%r10
-	movq	%rsp,%r11
-	negq	%r10
-	leaq	(%rsp,%r10,8),%rsp
-	andq	$-1024,%rsp
-
-	movq	%r11,8(%rsp,%r9,8)
-.Lmul_body:
-	movq	%rdx,%r12
-	movq	(%r8),%r8
-	movq	(%r12),%rbx
-	movq	(%rsi),%rax
-
-	xorq	%r14,%r14
-	xorq	%r15,%r15
-
-	movq	%r8,%rbp
-	mulq	%rbx
-	movq	%rax,%r10
-	movq	(%rcx),%rax
-
-	imulq	%r10,%rbp
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r10
-	movq	8(%rsi),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r13
-
-	leaq	1(%r15),%r15
-	jmp	.L1st_enter
-
-.align	16
-.L1st:
-	addq	%rax,%r13
-	movq	(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r11,%r13
-	movq	%r10,%r11
-	adcq	$0,%rdx
-	movq	%r13,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-.L1st_enter:
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	leaq	1(%r15),%r15
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	cmpq	%r9,%r15
-	jne	.L1st
-
-	addq	%rax,%r13
-	movq	(%rsi),%rax
-	adcq	$0,%rdx
-	addq	%r11,%r13
-	adcq	$0,%rdx
-	movq	%r13,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-	movq	%r10,%r11
-
-	xorq	%rdx,%rdx
-	addq	%r11,%r13
-	adcq	$0,%rdx
-	movq	%r13,-8(%rsp,%r9,8)
-	movq	%rdx,(%rsp,%r9,8)
-
-	leaq	1(%r14),%r14
-	jmp	.Louter
-.align	16
-.Louter:
-	movq	(%r12,%r14,8),%rbx
-	xorq	%r15,%r15
-	movq	%r8,%rbp
-	movq	(%rsp),%r10
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	(%rcx),%rax
-	adcq	$0,%rdx
-
-	imulq	%r10,%rbp
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r10
-	movq	8(%rsi),%rax
-	adcq	$0,%rdx
-	movq	8(%rsp),%r10
-	movq	%rdx,%r13
-
-	leaq	1(%r15),%r15
-	jmp	.Linner_enter
-
-.align	16
-.Linner:
-	addq	%rax,%r13
-	movq	(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	movq	(%rsp,%r15,8),%r10
-	adcq	$0,%rdx
-	movq	%r13,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-.Linner_enter:
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r11,%r10
-	movq	%rdx,%r11
-	adcq	$0,%r11
-	leaq	1(%r15),%r15
-
-	mulq	%rbp
-	cmpq	%r9,%r15
-	jne	.Linner
-
-	addq	%rax,%r13
-	movq	(%rsi),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	movq	(%rsp,%r15,8),%r10
-	adcq	$0,%rdx
-	movq	%r13,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-	xorq	%rdx,%rdx
-	addq	%r11,%r13
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%r13,-8(%rsp,%r9,8)
-	movq	%rdx,(%rsp,%r9,8)
-
-	leaq	1(%r14),%r14
-	cmpq	%r9,%r14
-	jl	.Louter
-
-	xorq	%r14,%r14
-	movq	(%rsp),%rax
-	leaq	(%rsp),%rsi
-	movq	%r9,%r15
-	jmp	.Lsub
-.align	16
-.Lsub:	sbbq	(%rcx,%r14,8),%rax
-	movq	%rax,(%rdi,%r14,8)
-	movq	8(%rsi,%r14,8),%rax
-	leaq	1(%r14),%r14
-	decq	%r15
-	jnz	.Lsub
-
-	sbbq	$0,%rax
-	xorq	%r14,%r14
-	andq	%rax,%rsi
-	notq	%rax
-	movq	%rdi,%rcx
-	andq	%rax,%rcx
-	movq	%r9,%r15
-	orq	%rcx,%rsi
-.align	16
-.Lcopy:
-	movq	(%rsi,%r14,8),%rax
-	movq	%r14,(%rsp,%r14,8)
-	movq	%rax,(%rdi,%r14,8)
-	leaq	1(%r14),%r14
-	subq	$1,%r15
-	jnz	.Lcopy
-
-	movq	8(%rsp,%r9,8),%rsi
-	movq	$1,%rax
-	movq	(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbp
-	movq	40(%rsi),%rbx
-	leaq	48(%rsi),%rsp
-.Lmul_epilogue:
-	.byte	0xf3,0xc3
-.size	bn_mul_mont,.-bn_mul_mont
-.type	bn_mul4x_mont,@function
-.align	16
-bn_mul4x_mont:
-.Lmul4x_enter:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-
-	movl	%r9d,%r9d
-	leaq	4(%r9),%r10
-	movq	%rsp,%r11
-	negq	%r10
-	leaq	(%rsp,%r10,8),%rsp
-	andq	$-1024,%rsp
-
-	movq	%r11,8(%rsp,%r9,8)
-.Lmul4x_body:
-	movq	%rdi,16(%rsp,%r9,8)
-	movq	%rdx,%r12
-	movq	(%r8),%r8
-	movq	(%r12),%rbx
-	movq	(%rsi),%rax
-
-	xorq	%r14,%r14
-	xorq	%r15,%r15
-
-	movq	%r8,%rbp
-	mulq	%rbx
-	movq	%rax,%r10
-	movq	(%rcx),%rax
-
-	imulq	%r10,%rbp
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r10
-	movq	8(%rsi),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	8(%rcx),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	16(%rsi),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	leaq	4(%r15),%r15
-	adcq	$0,%rdx
-	movq	%rdi,(%rsp)
-	movq	%rdx,%r13
-	jmp	.L1st4x
-.align	16
-.L1st4x:
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	-16(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r13
-	movq	-8(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%r13,-24(%rsp,%r15,8)
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	-8(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	adcq	$0,%rdx
-	movq	%rdi,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r13
-	movq	8(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%r13,-8(%rsp,%r15,8)
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	8(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	leaq	4(%r15),%r15
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	-16(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	adcq	$0,%rdx
-	movq	%rdi,-32(%rsp,%r15,8)
-	movq	%rdx,%r13
-	cmpq	%r9,%r15
-	jl	.L1st4x
-
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	-16(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r13
-	movq	-8(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%r13,-24(%rsp,%r15,8)
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	-8(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	(%rsi),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	adcq	$0,%rdx
-	movq	%rdi,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-	xorq	%rdi,%rdi
-	addq	%r10,%r13
-	adcq	$0,%rdi
-	movq	%r13,-8(%rsp,%r15,8)
-	movq	%rdi,(%rsp,%r15,8)
-
-	leaq	1(%r14),%r14
-.align	4
-.Louter4x:
-	movq	(%r12,%r14,8),%rbx
-	xorq	%r15,%r15
-	movq	(%rsp),%r10
-	movq	%r8,%rbp
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	(%rcx),%rax
-	adcq	$0,%rdx
-
-	imulq	%r10,%rbp
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r10
-	movq	8(%rsi),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	8(%rcx),%rax
-	adcq	$0,%rdx
-	addq	8(%rsp),%r11
-	adcq	$0,%rdx
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	16(%rsi),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	leaq	4(%r15),%r15
-	adcq	$0,%rdx
-	movq	%rdi,(%rsp)
-	movq	%rdx,%r13
-	jmp	.Linner4x
-.align	16
-.Linner4x:
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	-16(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	-16(%rsp,%r15,8),%r10
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r13
-	movq	-8(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%r13,-24(%rsp,%r15,8)
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	-8(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	-8(%rsp,%r15,8),%r11
-	adcq	$0,%rdx
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	adcq	$0,%rdx
-	movq	%rdi,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	(%rsp,%r15,8),%r10
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r13
-	movq	8(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%r13,-8(%rsp,%r15,8)
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	8(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	8(%rsp,%r15,8),%r11
-	adcq	$0,%rdx
-	leaq	4(%r15),%r15
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	-16(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	adcq	$0,%rdx
-	movq	%rdi,-32(%rsp,%r15,8)
-	movq	%rdx,%r13
-	cmpq	%r9,%r15
-	jl	.Linner4x
-
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	-16(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	-16(%rsp,%r15,8),%r10
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r13
-	movq	-8(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%r13,-24(%rsp,%r15,8)
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	-8(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	-8(%rsp,%r15,8),%r11
-	adcq	$0,%rdx
-	leaq	1(%r14),%r14
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	(%rsi),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	adcq	$0,%rdx
-	movq	%rdi,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-	xorq	%rdi,%rdi
-	addq	%r10,%r13
-	adcq	$0,%rdi
-	addq	(%rsp,%r9,8),%r13
-	adcq	$0,%rdi
-	movq	%r13,-8(%rsp,%r15,8)
-	movq	%rdi,(%rsp,%r15,8)
-
-	cmpq	%r9,%r14
-	jl	.Louter4x
-	movq	16(%rsp,%r9,8),%rdi
-	movq	0(%rsp),%rax
-	pxor	%xmm0,%xmm0
-	movq	8(%rsp),%rdx
-	shrq	$2,%r9
-	leaq	(%rsp),%rsi
-	xorq	%r14,%r14
-
-	subq	0(%rcx),%rax
-	movq	16(%rsi),%rbx
-	movq	24(%rsi),%rbp
-	sbbq	8(%rcx),%rdx
-	leaq	-1(%r9),%r15
-	jmp	.Lsub4x
-.align	16
-.Lsub4x:
-	movq	%rax,0(%rdi,%r14,8)
-	movq	%rdx,8(%rdi,%r14,8)
-	sbbq	16(%rcx,%r14,8),%rbx
-	movq	32(%rsi,%r14,8),%rax
-	movq	40(%rsi,%r14,8),%rdx
-	sbbq	24(%rcx,%r14,8),%rbp
-	movq	%rbx,16(%rdi,%r14,8)
-	movq	%rbp,24(%rdi,%r14,8)
-	sbbq	32(%rcx,%r14,8),%rax
-	movq	48(%rsi,%r14,8),%rbx
-	movq	56(%rsi,%r14,8),%rbp
-	sbbq	40(%rcx,%r14,8),%rdx
-	leaq	4(%r14),%r14
-	decq	%r15
-	jnz	.Lsub4x
-
-	movq	%rax,0(%rdi,%r14,8)
-	movq	32(%rsi,%r14,8),%rax
-	sbbq	16(%rcx,%r14,8),%rbx
-	movq	%rdx,8(%rdi,%r14,8)
-	sbbq	24(%rcx,%r14,8),%rbp
-	movq	%rbx,16(%rdi,%r14,8)
-
-	sbbq	$0,%rax
-	movq	%rbp,24(%rdi,%r14,8)
-	xorq	%r14,%r14
-	andq	%rax,%rsi
-	notq	%rax
-	movq	%rdi,%rcx
-	andq	%rax,%rcx
-	leaq	-1(%r9),%r15
-	orq	%rcx,%rsi
-
-	movdqu	(%rsi),%xmm1
-	movdqa	%xmm0,(%rsp)
-	movdqu	%xmm1,(%rdi)
-	jmp	.Lcopy4x
-.align	16
-.Lcopy4x:
-	movdqu	16(%rsi,%r14,1),%xmm2
-	movdqu	32(%rsi,%r14,1),%xmm1
-	movdqa	%xmm0,16(%rsp,%r14,1)
-	movdqu	%xmm2,16(%rdi,%r14,1)
-	movdqa	%xmm0,32(%rsp,%r14,1)
-	movdqu	%xmm1,32(%rdi,%r14,1)
-	leaq	32(%r14),%r14
-	decq	%r15
-	jnz	.Lcopy4x
-
-	shlq	$2,%r9
-	movdqu	16(%rsi,%r14,1),%xmm2
-	movdqa	%xmm0,16(%rsp,%r14,1)
-	movdqu	%xmm2,16(%rdi,%r14,1)
-	movq	8(%rsp,%r9,8),%rsi
-	movq	$1,%rax
-	movq	(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbp
-	movq	40(%rsi),%rbx
-	leaq	48(%rsi),%rsp
-.Lmul4x_epilogue:
-	.byte	0xf3,0xc3
-.size	bn_mul4x_mont,.-bn_mul4x_mont
-.type	bn_sqr4x_mont,@function
-.align	16
-bn_sqr4x_mont:
-.Lsqr4x_enter:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-
-	shll	$3,%r9d
-	xorq	%r10,%r10
-	movq	%rsp,%r11
-	subq	%r9,%r10
-	movq	(%r8),%r8
-	leaq	-72(%rsp,%r10,2),%rsp
-	andq	$-1024,%rsp
-
-
-
-
-
-
-
-
-
-
-
-	movq	%rdi,32(%rsp)
-	movq	%rcx,40(%rsp)
-	movq	%r8,48(%rsp)
-	movq	%r11,56(%rsp)
-.Lsqr4x_body:
-
-
-
-
-
-
-
-	leaq	32(%r10),%rbp
-	leaq	(%rsi,%r9,1),%rsi
-
-	movq	%r9,%rcx
-
-
-	movq	-32(%rsi,%rbp,1),%r14
-	leaq	64(%rsp,%r9,2),%rdi
-	movq	-24(%rsi,%rbp,1),%rax
-	leaq	-32(%rdi,%rbp,1),%rdi
-	movq	-16(%rsi,%rbp,1),%rbx
-	movq	%rax,%r15
-
-	mulq	%r14
-	movq	%rax,%r10
-	movq	%rbx,%rax
-	movq	%rdx,%r11
-	movq	%r10,-24(%rdi,%rbp,1)
-
-	xorq	%r10,%r10
-	mulq	%r14
-	addq	%rax,%r11
-	movq	%rbx,%rax
-	adcq	%rdx,%r10
-	movq	%r11,-16(%rdi,%rbp,1)
-
-	leaq	-16(%rbp),%rcx
-
-
-	movq	8(%rsi,%rcx,1),%rbx
-	mulq	%r15
-	movq	%rax,%r12
-	movq	%rbx,%rax
-	movq	%rdx,%r13
-
-	xorq	%r11,%r11
-	addq	%r12,%r10
-	leaq	16(%rcx),%rcx
-	adcq	$0,%r11
-	mulq	%r14
-	addq	%rax,%r10
-	movq	%rbx,%rax
-	adcq	%rdx,%r11
-	movq	%r10,-8(%rdi,%rcx,1)
-	jmp	.Lsqr4x_1st
-
-.align	16
-.Lsqr4x_1st:
-	movq	(%rsi,%rcx,1),%rbx
-	xorq	%r12,%r12
-	mulq	%r15
-	addq	%rax,%r13
-	movq	%rbx,%rax
-	adcq	%rdx,%r12
-
-	xorq	%r10,%r10
-	addq	%r13,%r11
-	adcq	$0,%r10
-	mulq	%r14
-	addq	%rax,%r11
-	movq	%rbx,%rax
-	adcq	%rdx,%r10
-	movq	%r11,(%rdi,%rcx,1)
-
-
-	movq	8(%rsi,%rcx,1),%rbx
-	xorq	%r13,%r13
-	mulq	%r15
-	addq	%rax,%r12
-	movq	%rbx,%rax
-	adcq	%rdx,%r13
-
-	xorq	%r11,%r11
-	addq	%r12,%r10
-	adcq	$0,%r11
-	mulq	%r14
-	addq	%rax,%r10
-	movq	%rbx,%rax
-	adcq	%rdx,%r11
-	movq	%r10,8(%rdi,%rcx,1)
-
-	movq	16(%rsi,%rcx,1),%rbx
-	xorq	%r12,%r12
-	mulq	%r15
-	addq	%rax,%r13
-	movq	%rbx,%rax
-	adcq	%rdx,%r12
-
-	xorq	%r10,%r10
-	addq	%r13,%r11
-	adcq	$0,%r10
-	mulq	%r14
-	addq	%rax,%r11
-	movq	%rbx,%rax
-	adcq	%rdx,%r10
-	movq	%r11,16(%rdi,%rcx,1)
-
-
-	movq	24(%rsi,%rcx,1),%rbx
-	xorq	%r13,%r13
-	mulq	%r15
-	addq	%rax,%r12
-	movq	%rbx,%rax
-	adcq	%rdx,%r13
-
-	xorq	%r11,%r11
-	addq	%r12,%r10
-	leaq	32(%rcx),%rcx
-	adcq	$0,%r11
-	mulq	%r14
-	addq	%rax,%r10
-	movq	%rbx,%rax
-	adcq	%rdx,%r11
-	movq	%r10,-8(%rdi,%rcx,1)
-
-	cmpq	$0,%rcx
-	jne	.Lsqr4x_1st
-
-	xorq	%r12,%r12
-	addq	%r11,%r13
-	adcq	$0,%r12
-	mulq	%r15
-	addq	%rax,%r13
-	adcq	%rdx,%r12
-
-	movq	%r13,(%rdi)
-	leaq	16(%rbp),%rbp
-	movq	%r12,8(%rdi)
-	jmp	.Lsqr4x_outer
-
-.align	16
-.Lsqr4x_outer:
-	movq	-32(%rsi,%rbp,1),%r14
-	leaq	64(%rsp,%r9,2),%rdi
-	movq	-24(%rsi,%rbp,1),%rax
-	leaq	-32(%rdi,%rbp,1),%rdi
-	movq	-16(%rsi,%rbp,1),%rbx
-	movq	%rax,%r15
-
-	movq	-24(%rdi,%rbp,1),%r10
-	xorq	%r11,%r11
-	mulq	%r14
-	addq	%rax,%r10
-	movq	%rbx,%rax
-	adcq	%rdx,%r11
-	movq	%r10,-24(%rdi,%rbp,1)
-
-	xorq	%r10,%r10
-	addq	-16(%rdi,%rbp,1),%r11
-	adcq	$0,%r10
-	mulq	%r14
-	addq	%rax,%r11
-	movq	%rbx,%rax
-	adcq	%rdx,%r10
-	movq	%r11,-16(%rdi,%rbp,1)
-
-	leaq	-16(%rbp),%rcx
-	xorq	%r12,%r12
-
-
-	movq	8(%rsi,%rcx,1),%rbx
-	xorq	%r13,%r13
-	addq	8(%rdi,%rcx,1),%r12
-	adcq	$0,%r13
-	mulq	%r15
-	addq	%rax,%r12
-	movq	%rbx,%rax
-	adcq	%rdx,%r13
-
-	xorq	%r11,%r11
-	addq	%r12,%r10
-	adcq	$0,%r11
-	mulq	%r14
-	addq	%rax,%r10
-	movq	%rbx,%rax
-	adcq	%rdx,%r11
-	movq	%r10,8(%rdi,%rcx,1)
-
-	leaq	16(%rcx),%rcx
-	jmp	.Lsqr4x_inner
-
-.align	16
-.Lsqr4x_inner:
-	movq	(%rsi,%rcx,1),%rbx
-	xorq	%r12,%r12
-	addq	(%rdi,%rcx,1),%r13
-	adcq	$0,%r12
-	mulq	%r15
-	addq	%rax,%r13
-	movq	%rbx,%rax
-	adcq	%rdx,%r12
-
-	xorq	%r10,%r10
-	addq	%r13,%r11
-	adcq	$0,%r10
-	mulq	%r14
-	addq	%rax,%r11
-	movq	%rbx,%rax
-	adcq	%rdx,%r10
-	movq	%r11,(%rdi,%rcx,1)
-
-	movq	8(%rsi,%rcx,1),%rbx
-	xorq	%r13,%r13
-	addq	8(%rdi,%rcx,1),%r12
-	adcq	$0,%r13
-	mulq	%r15
-	addq	%rax,%r12
-	movq	%rbx,%rax
-	adcq	%rdx,%r13
-
-	xorq	%r11,%r11
-	addq	%r12,%r10
-	leaq	16(%rcx),%rcx
-	adcq	$0,%r11
-	mulq	%r14
-	addq	%rax,%r10
-	movq	%rbx,%rax
-	adcq	%rdx,%r11
-	movq	%r10,-8(%rdi,%rcx,1)
-
-	cmpq	$0,%rcx
-	jne	.Lsqr4x_inner
-
-	xorq	%r12,%r12
-	addq	%r11,%r13
-	adcq	$0,%r12
-	mulq	%r15
-	addq	%rax,%r13
-	adcq	%rdx,%r12
-
-	movq	%r13,(%rdi)
-	movq	%r12,8(%rdi)
-
-	addq	$16,%rbp
-	jnz	.Lsqr4x_outer
-
-
-	movq	-32(%rsi),%r14
-	leaq	64(%rsp,%r9,2),%rdi
-	movq	-24(%rsi),%rax
-	leaq	-32(%rdi,%rbp,1),%rdi
-	movq	-16(%rsi),%rbx
-	movq	%rax,%r15
-
-	xorq	%r11,%r11
-	mulq	%r14
-	addq	%rax,%r10
-	movq	%rbx,%rax
-	adcq	%rdx,%r11
-	movq	%r10,-24(%rdi)
-
-	xorq	%r10,%r10
-	addq	%r13,%r11
-	adcq	$0,%r10
-	mulq	%r14
-	addq	%rax,%r11
-	movq	%rbx,%rax
-	adcq	%rdx,%r10
-	movq	%r11,-16(%rdi)
-
-	movq	-8(%rsi),%rbx
-	mulq	%r15
-	addq	%rax,%r12
-	movq	%rbx,%rax
-	adcq	$0,%rdx
-
-	xorq	%r11,%r11
-	addq	%r12,%r10
-	movq	%rdx,%r13
-	adcq	$0,%r11
-	mulq	%r14
-	addq	%rax,%r10
-	movq	%rbx,%rax
-	adcq	%rdx,%r11
-	movq	%r10,-8(%rdi)
-
-	xorq	%r12,%r12
-	addq	%r11,%r13
-	adcq	$0,%r12
-	mulq	%r15
-	addq	%rax,%r13
-	movq	-16(%rsi),%rax
-	adcq	%rdx,%r12
-
-	movq	%r13,(%rdi)
-	movq	%r12,8(%rdi)
-
-	mulq	%rbx
-	addq	$16,%rbp
-	xorq	%r14,%r14
-	subq	%r9,%rbp
-	xorq	%r15,%r15
-
-	addq	%r12,%rax
-	adcq	$0,%rdx
-	movq	%rax,8(%rdi)
-	movq	%rdx,16(%rdi)
-	movq	%r15,24(%rdi)
-
-	movq	-16(%rsi,%rbp,1),%rax
-	leaq	64(%rsp,%r9,2),%rdi
-	xorq	%r10,%r10
-	movq	-24(%rdi,%rbp,2),%r11
-
-	leaq	(%r14,%r10,2),%r12
-	shrq	$63,%r10
-	leaq	(%rcx,%r11,2),%r13
-	shrq	$63,%r11
-	orq	%r10,%r13
-	movq	-16(%rdi,%rbp,2),%r10
-	movq	%r11,%r14
-	mulq	%rax
-	negq	%r15
-	movq	-8(%rdi,%rbp,2),%r11
-	adcq	%rax,%r12
-	movq	-8(%rsi,%rbp,1),%rax
-	movq	%r12,-32(%rdi,%rbp,2)
-	adcq	%rdx,%r13
-
-	leaq	(%r14,%r10,2),%rbx
-	movq	%r13,-24(%rdi,%rbp,2)
-	sbbq	%r15,%r15
-	shrq	$63,%r10
-	leaq	(%rcx,%r11,2),%r8
-	shrq	$63,%r11
-	orq	%r10,%r8
-	movq	0(%rdi,%rbp,2),%r10
-	movq	%r11,%r14
-	mulq	%rax
-	negq	%r15
-	movq	8(%rdi,%rbp,2),%r11
-	adcq	%rax,%rbx
-	movq	0(%rsi,%rbp,1),%rax
-	movq	%rbx,-16(%rdi,%rbp,2)
-	adcq	%rdx,%r8
-	leaq	16(%rbp),%rbp
-	movq	%r8,-40(%rdi,%rbp,2)
-	sbbq	%r15,%r15
-	jmp	.Lsqr4x_shift_n_add
-
-.align	16
-.Lsqr4x_shift_n_add:
-	leaq	(%r14,%r10,2),%r12
-	shrq	$63,%r10
-	leaq	(%rcx,%r11,2),%r13
-	shrq	$63,%r11
-	orq	%r10,%r13
-	movq	-16(%rdi,%rbp,2),%r10
-	movq	%r11,%r14
-	mulq	%rax
-	negq	%r15
-	movq	-8(%rdi,%rbp,2),%r11
-	adcq	%rax,%r12
-	movq	-8(%rsi,%rbp,1),%rax
-	movq	%r12,-32(%rdi,%rbp,2)
-	adcq	%rdx,%r13
-
-	leaq	(%r14,%r10,2),%rbx
-	movq	%r13,-24(%rdi,%rbp,2)
-	sbbq	%r15,%r15
-	shrq	$63,%r10
-	leaq	(%rcx,%r11,2),%r8
-	shrq	$63,%r11
-	orq	%r10,%r8
-	movq	0(%rdi,%rbp,2),%r10
-	movq	%r11,%r14
-	mulq	%rax
-	negq	%r15
-	movq	8(%rdi,%rbp,2),%r11
-	adcq	%rax,%rbx
-	movq	0(%rsi,%rbp,1),%rax
-	movq	%rbx,-16(%rdi,%rbp,2)
-	adcq	%rdx,%r8
-
-	leaq	(%r14,%r10,2),%r12
-	movq	%r8,-8(%rdi,%rbp,2)
-	sbbq	%r15,%r15
-	shrq	$63,%r10
-	leaq	(%rcx,%r11,2),%r13
-	shrq	$63,%r11
-	orq	%r10,%r13
-	movq	16(%rdi,%rbp,2),%r10
-	movq	%r11,%r14
-	mulq	%rax
-	negq	%r15
-	movq	24(%rdi,%rbp,2),%r11
-	adcq	%rax,%r12
-	movq	8(%rsi,%rbp,1),%rax
-	movq	%r12,0(%rdi,%rbp,2)
-	adcq	%rdx,%r13
-
-	leaq	(%r14,%r10,2),%rbx
-	movq	%r13,8(%rdi,%rbp,2)
-	sbbq	%r15,%r15
-	shrq	$63,%r10
-	leaq	(%rcx,%r11,2),%r8
-	shrq	$63,%r11
-	orq	%r10,%r8
-	movq	32(%rdi,%rbp,2),%r10
-	movq	%r11,%r14
-	mulq	%rax
-	negq	%r15
-	movq	40(%rdi,%rbp,2),%r11
-	adcq	%rax,%rbx
-	movq	16(%rsi,%rbp,1),%rax
-	movq	%rbx,16(%rdi,%rbp,2)
-	adcq	%rdx,%r8
-	movq	%r8,24(%rdi,%rbp,2)
-	sbbq	%r15,%r15
-	addq	$32,%rbp
-	jnz	.Lsqr4x_shift_n_add
-
-	leaq	(%r14,%r10,2),%r12
-	shrq	$63,%r10
-	leaq	(%rcx,%r11,2),%r13
-	shrq	$63,%r11
-	orq	%r10,%r13
-	movq	-16(%rdi),%r10
-	movq	%r11,%r14
-	mulq	%rax
-	negq	%r15
-	movq	-8(%rdi),%r11
-	adcq	%rax,%r12
-	movq	-8(%rsi),%rax
-	movq	%r12,-32(%rdi)
-	adcq	%rdx,%r13
-
-	leaq	(%r14,%r10,2),%rbx
-	movq	%r13,-24(%rdi)
-	sbbq	%r15,%r15
-	shrq	$63,%r10
-	leaq	(%rcx,%r11,2),%r8
-	shrq	$63,%r11
-	orq	%r10,%r8
-	mulq	%rax
-	negq	%r15
-	adcq	%rax,%rbx
-	adcq	%rdx,%r8
-	movq	%rbx,-16(%rdi)
-	movq	%r8,-8(%rdi)
-	movq	40(%rsp),%rsi
-	movq	48(%rsp),%r8
-	xorq	%rcx,%rcx
-	movq	%r9,0(%rsp)
-	subq	%r9,%rcx
-	movq	64(%rsp),%r10
-	movq	%r8,%r14
-	leaq	64(%rsp,%r9,2),%rax
-	leaq	64(%rsp,%r9,1),%rdi
-	movq	%rax,8(%rsp)
-	leaq	(%rsi,%r9,1),%rsi
-	xorq	%rbp,%rbp
-
-	movq	0(%rsi,%rcx,1),%rax
-	movq	8(%rsi,%rcx,1),%r9
-	imulq	%r10,%r14
-	movq	%rax,%rbx
-	jmp	.Lsqr4x_mont_outer
-
-.align	16
-.Lsqr4x_mont_outer:
-	xorq	%r11,%r11
-	mulq	%r14
-	addq	%rax,%r10
-	movq	%r9,%rax
-	adcq	%rdx,%r11
-	movq	%r8,%r15
-
-	xorq	%r10,%r10
-	addq	8(%rdi,%rcx,1),%r11
-	adcq	$0,%r10
-	mulq	%r14
-	addq	%rax,%r11
-	movq	%rbx,%rax
-	adcq	%rdx,%r10
-
-	imulq	%r11,%r15
-
-	movq	16(%rsi,%rcx,1),%rbx
-	xorq	%r13,%r13
-	addq	%r11,%r12
-	adcq	$0,%r13
-	mulq	%r15
-	addq	%rax,%r12
-	movq	%rbx,%rax
-	adcq	%rdx,%r13
-	movq	%r12,8(%rdi,%rcx,1)
-
-	xorq	%r11,%r11
-	addq	16(%rdi,%rcx,1),%r10
-	adcq	$0,%r11
-	mulq	%r14
-	addq	%rax,%r10
-	movq	%r9,%rax
-	adcq	%rdx,%r11
-
-	movq	24(%rsi,%rcx,1),%r9
-	xorq	%r12,%r12
-	addq	%r10,%r13
-	adcq	$0,%r12
-	mulq	%r15
-	addq	%rax,%r13
-	movq	%r9,%rax
-	adcq	%rdx,%r12
-	movq	%r13,16(%rdi,%rcx,1)
-
-	xorq	%r10,%r10
-	addq	24(%rdi,%rcx,1),%r11
-	leaq	32(%rcx),%rcx
-	adcq	$0,%r10
-	mulq	%r14
-	addq	%rax,%r11
-	movq	%rbx,%rax
-	adcq	%rdx,%r10
-	jmp	.Lsqr4x_mont_inner
-
-.align	16
-.Lsqr4x_mont_inner:
-	movq	(%rsi,%rcx,1),%rbx
-	xorq	%r13,%r13
-	addq	%r11,%r12
-	adcq	$0,%r13
-	mulq	%r15
-	addq	%rax,%r12
-	movq	%rbx,%rax
-	adcq	%rdx,%r13
-	movq	%r12,-8(%rdi,%rcx,1)
-
-	xorq	%r11,%r11
-	addq	(%rdi,%rcx,1),%r10
-	adcq	$0,%r11
-	mulq	%r14
-	addq	%rax,%r10
-	movq	%r9,%rax
-	adcq	%rdx,%r11
-
-	movq	8(%rsi,%rcx,1),%r9
-	xorq	%r12,%r12
-	addq	%r10,%r13
-	adcq	$0,%r12
-	mulq	%r15
-	addq	%rax,%r13
-	movq	%r9,%rax
-	adcq	%rdx,%r12
-	movq	%r13,(%rdi,%rcx,1)
-
-	xorq	%r10,%r10
-	addq	8(%rdi,%rcx,1),%r11
-	adcq	$0,%r10
-	mulq	%r14
-	addq	%rax,%r11
-	movq	%rbx,%rax
-	adcq	%rdx,%r10
-
-
-	movq	16(%rsi,%rcx,1),%rbx
-	xorq	%r13,%r13
-	addq	%r11,%r12
-	adcq	$0,%r13
-	mulq	%r15
-	addq	%rax,%r12
-	movq	%rbx,%rax
-	adcq	%rdx,%r13
-	movq	%r12,8(%rdi,%rcx,1)
-
-	xorq	%r11,%r11
-	addq	16(%rdi,%rcx,1),%r10
-	adcq	$0,%r11
-	mulq	%r14
-	addq	%rax,%r10
-	movq	%r9,%rax
-	adcq	%rdx,%r11
-
-	movq	24(%rsi,%rcx,1),%r9
-	xorq	%r12,%r12
-	addq	%r10,%r13
-	adcq	$0,%r12
-	mulq	%r15
-	addq	%rax,%r13
-	movq	%r9,%rax
-	adcq	%rdx,%r12
-	movq	%r13,16(%rdi,%rcx,1)
-
-	xorq	%r10,%r10
-	addq	24(%rdi,%rcx,1),%r11
-	leaq	32(%rcx),%rcx
-	adcq	$0,%r10
-	mulq	%r14
-	addq	%rax,%r11
-	movq	%rbx,%rax
-	adcq	%rdx,%r10
-	cmpq	$0,%rcx
-	jne	.Lsqr4x_mont_inner
-
-	subq	0(%rsp),%rcx
-	movq	%r8,%r14
-
-	xorq	%r13,%r13
-	addq	%r11,%r12
-	adcq	$0,%r13
-	mulq	%r15
-	addq	%rax,%r12
-	movq	%r9,%rax
-	adcq	%rdx,%r13
-	movq	%r12,-8(%rdi)
-
-	xorq	%r11,%r11
-	addq	(%rdi),%r10
-	adcq	$0,%r11
-	movq	0(%rsi,%rcx,1),%rbx
-	addq	%rbp,%r10
-	adcq	$0,%r11
-
-	imulq	16(%rdi,%rcx,1),%r14
-	xorq	%r12,%r12
-	movq	8(%rsi,%rcx,1),%r9
-	addq	%r10,%r13
-	movq	16(%rdi,%rcx,1),%r10
-	adcq	$0,%r12
-	mulq	%r15
-	addq	%rax,%r13
-	movq	%rbx,%rax
-	adcq	%rdx,%r12
-	movq	%r13,(%rdi)
-
-	xorq	%rbp,%rbp
-	addq	8(%rdi),%r12
-	adcq	%rbp,%rbp
-	addq	%r11,%r12
-	leaq	16(%rdi),%rdi
-	adcq	$0,%rbp
-	movq	%r12,-8(%rdi)
-	cmpq	8(%rsp),%rdi
-	jb	.Lsqr4x_mont_outer
-
-	movq	0(%rsp),%r9
-	movq	%rbp,(%rdi)
-	movq	64(%rsp,%r9,1),%rax
-	leaq	64(%rsp,%r9,1),%rbx
-	movq	40(%rsp),%rsi
-	shrq	$5,%r9
-	movq	8(%rbx),%rdx
-	xorq	%rbp,%rbp
-
-	movq	32(%rsp),%rdi
-	subq	0(%rsi),%rax
-	movq	16(%rbx),%r10
-	movq	24(%rbx),%r11
-	sbbq	8(%rsi),%rdx
-	leaq	-1(%r9),%rcx
-	jmp	.Lsqr4x_sub
-.align	16
-.Lsqr4x_sub:
-	movq	%rax,0(%rdi,%rbp,8)
-	movq	%rdx,8(%rdi,%rbp,8)
-	sbbq	16(%rsi,%rbp,8),%r10
-	movq	32(%rbx,%rbp,8),%rax
-	movq	40(%rbx,%rbp,8),%rdx
-	sbbq	24(%rsi,%rbp,8),%r11
-	movq	%r10,16(%rdi,%rbp,8)
-	movq	%r11,24(%rdi,%rbp,8)
-	sbbq	32(%rsi,%rbp,8),%rax
-	movq	48(%rbx,%rbp,8),%r10
-	movq	56(%rbx,%rbp,8),%r11
-	sbbq	40(%rsi,%rbp,8),%rdx
-	leaq	4(%rbp),%rbp
-	decq	%rcx
-	jnz	.Lsqr4x_sub
-
-	movq	%rax,0(%rdi,%rbp,8)
-	movq	32(%rbx,%rbp,8),%rax
-	sbbq	16(%rsi,%rbp,8),%r10
-	movq	%rdx,8(%rdi,%rbp,8)
-	sbbq	24(%rsi,%rbp,8),%r11
-	movq	%r10,16(%rdi,%rbp,8)
-
-	sbbq	$0,%rax
-	movq	%r11,24(%rdi,%rbp,8)
-	xorq	%rbp,%rbp
-	andq	%rax,%rbx
-	notq	%rax
-	movq	%rdi,%rsi
-	andq	%rax,%rsi
-	leaq	-1(%r9),%rcx
-	orq	%rsi,%rbx
-
-	pxor	%xmm0,%xmm0
-	leaq	64(%rsp,%r9,8),%rsi
-	movdqu	(%rbx),%xmm1
-	leaq	(%rsi,%r9,8),%rsi
-	movdqa	%xmm0,64(%rsp)
-	movdqa	%xmm0,(%rsi)
-	movdqu	%xmm1,(%rdi)
-	jmp	.Lsqr4x_copy
-.align	16
-.Lsqr4x_copy:
-	movdqu	16(%rbx,%rbp,1),%xmm2
-	movdqu	32(%rbx,%rbp,1),%xmm1
-	movdqa	%xmm0,80(%rsp,%rbp,1)
-	movdqa	%xmm0,96(%rsp,%rbp,1)
-	movdqa	%xmm0,16(%rsi,%rbp,1)
-	movdqa	%xmm0,32(%rsi,%rbp,1)
-	movdqu	%xmm2,16(%rdi,%rbp,1)
-	movdqu	%xmm1,32(%rdi,%rbp,1)
-	leaq	32(%rbp),%rbp
-	decq	%rcx
-	jnz	.Lsqr4x_copy
-
-	movdqu	16(%rbx,%rbp,1),%xmm2
-	movdqa	%xmm0,80(%rsp,%rbp,1)
-	movdqa	%xmm0,16(%rsi,%rbp,1)
-	movdqu	%xmm2,16(%rdi,%rbp,1)
-	movq	56(%rsp),%rsi
-	movq	$1,%rax
-	movq	0(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbp
-	movq	40(%rsi),%rbx
-	leaq	48(%rsi),%rsp
-.Lsqr4x_epilogue:
-	.byte	0xf3,0xc3
-.size	bn_sqr4x_mont,.-bn_sqr4x_mont
-.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.align	16
diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl
deleted file mode 100755
index 17fb94c84c..0000000000
--- a/crypto/bn/asm/x86_64-mont.pl
+++ /dev/null
@@ -1,1681 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# October 2005.
-#
-# Montgomery multiplication routine for x86_64. While it gives modest
-# 9% improvement of rsa4096 sign on Opteron, rsa512 sign runs more
-# than twice, >2x, as fast. Most common rsa1024 sign is improved by
-# respectful 50%. It remains to be seen if loop unrolling and
-# dedicated squaring routine can provide further improvement...
-
-# July 2011.
-#
-# Add dedicated squaring procedure. Performance improvement varies
-# from platform to platform, but in average it's ~5%/15%/25%/33%
-# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
-
-# August 2011.
-#
-# Unroll and modulo-schedule inner loops in such manner that they
-# are "fallen through" for input lengths of 8, which is critical for
-# 1024-bit RSA *sign*. Average performance improvement in comparison
-# to *initial* version of this module from 2005 is ~0%/30%/40%/45%
-# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-# int bn_mul_mont(
-$rp="%rdi";	# BN_ULONG *rp,
-$ap="%rsi";	# const BN_ULONG *ap,
-$bp="%rdx";	# const BN_ULONG *bp,
-$np="%rcx";	# const BN_ULONG *np,
-$n0="%r8";	# const BN_ULONG *n0,
-$num="%r9";	# int num);
-$lo0="%r10";
-$hi0="%r11";
-$hi1="%r13";
-$i="%r14";
-$j="%r15";
-$m0="%rbx";
-$m1="%rbp";
-
-$code=<<___;
-.text
-
-.globl	bn_mul_mont
-.type	bn_mul_mont,\@function,6
-.align	16
-bn_mul_mont:
-	test	\$3,${num}d
-	jnz	.Lmul_enter
-	cmp	\$8,${num}d
-	jb	.Lmul_enter
-	cmp	$ap,$bp
-	jne	.Lmul4x_enter
-	jmp	.Lsqr4x_enter
-
-.align	16
-.Lmul_enter:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-
-	mov	${num}d,${num}d
-	lea	2($num),%r10
-	mov	%rsp,%r11
-	neg	%r10
-	lea	(%rsp,%r10,8),%rsp	# tp=alloca(8*(num+2))
-	and	\$-1024,%rsp		# minimize TLB usage
-
-	mov	%r11,8(%rsp,$num,8)	# tp[num+1]=%rsp
-.Lmul_body:
-	mov	$bp,%r12		# reassign $bp
-___
-		$bp="%r12";
-$code.=<<___;
-	mov	($n0),$n0		# pull n0[0] value
-	mov	($bp),$m0		# m0=bp[0]
-	mov	($ap),%rax
-
-	xor	$i,$i			# i=0
-	xor	$j,$j			# j=0
-
-	mov	$n0,$m1
-	mulq	$m0			# ap[0]*bp[0]
-	mov	%rax,$lo0
-	mov	($np),%rax
-
-	imulq	$lo0,$m1		# "tp[0]"*n0
-	mov	%rdx,$hi0
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$lo0		# discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$hi1
-
-	lea	1($j),$j		# j++
-	jmp	.L1st_enter
-
-.align	16
-.L1st:
-	add	%rax,$hi1
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
-	mov	$lo0,$hi0
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-
-.L1st_enter:
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$hi0
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	lea	1($j),$j		# j++
-	mov	%rdx,$lo0
-
-	mulq	$m1			# np[j]*m1
-	cmp	$num,$j
-	jne	.L1st
-
-	add	%rax,$hi1
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-	mov	$lo0,$hi0
-
-	xor	%rdx,%rdx
-	add	$hi0,$hi1
-	adc	\$0,%rdx
-	mov	$hi1,-8(%rsp,$num,8)
-	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-	jmp	.Louter
-.align	16
-.Louter:
-	mov	($bp,$i,8),$m0		# m0=bp[i]
-	xor	$j,$j			# j=0
-	mov	$n0,$m1
-	mov	(%rsp),$lo0
-	mulq	$m0			# ap[0]*bp[i]
-	add	%rax,$lo0		# ap[0]*bp[i]+tp[0]
-	mov	($np),%rax
-	adc	\$0,%rdx
-
-	imulq	$lo0,$m1		# tp[0]*n0
-	mov	%rdx,$hi0
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$lo0		# discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	8(%rsp),$lo0		# tp[1]
-	mov	%rdx,$hi1
-
-	lea	1($j),$j		# j++
-	jmp	.Linner_enter
-
-.align	16
-.Linner:
-	add	%rax,$hi1
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	mov	(%rsp,$j,8),$lo0
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-
-.Linner_enter:
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$hi0
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	$hi0,$lo0		# ap[j]*bp[i]+tp[j]
-	mov	%rdx,$hi0
-	adc	\$0,$hi0
-	lea	1($j),$j		# j++
-
-	mulq	$m1			# np[j]*m1
-	cmp	$num,$j
-	jne	.Linner
-
-	add	%rax,$hi1
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	mov	(%rsp,$j,8),$lo0
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-
-	xor	%rdx,%rdx
-	add	$hi0,$hi1
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# pull upmost overflow bit
-	adc	\$0,%rdx
-	mov	$hi1,-8(%rsp,$num,8)
-	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-	cmp	$num,$i
-	jl	.Louter
-
-	xor	$i,$i			# i=0 and clear CF!
-	mov	(%rsp),%rax		# tp[0]
-	lea	(%rsp),$ap		# borrow ap for tp
-	mov	$num,$j			# j=num
-	jmp	.Lsub
-.align	16
-.Lsub:	sbb	($np,$i,8),%rax
-	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
-	mov	8($ap,$i,8),%rax	# tp[i+1]
-	lea	1($i),$i		# i++
-	dec	$j			# doesnn't affect CF!
-	jnz	.Lsub
-
-	sbb	\$0,%rax		# handle upmost overflow bit
-	xor	$i,$i
-	and	%rax,$ap
-	not	%rax
-	mov	$rp,$np
-	and	%rax,$np
-	mov	$num,$j			# j=num
-	or	$np,$ap			# ap=borrow?tp:rp
-.align	16
-.Lcopy:					# copy or in-place refresh
-	mov	($ap,$i,8),%rax
-	mov	$i,(%rsp,$i,8)		# zap temporary vector
-	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]
-	lea	1($i),$i
-	sub	\$1,$j
-	jnz	.Lcopy
-
-	mov	8(%rsp,$num,8),%rsi	# restore %rsp
-	mov	\$1,%rax
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lmul_epilogue:
-	ret
-.size	bn_mul_mont,.-bn_mul_mont
-___
-{{{
-my @A=("%r10","%r11");
-my @N=("%r13","%rdi");
-$code.=<<___;
-.type	bn_mul4x_mont,\@function,6
-.align	16
-bn_mul4x_mont:
-.Lmul4x_enter:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-
-	mov	${num}d,${num}d
-	lea	4($num),%r10
-	mov	%rsp,%r11
-	neg	%r10
-	lea	(%rsp,%r10,8),%rsp	# tp=alloca(8*(num+4))
-	and	\$-1024,%rsp		# minimize TLB usage
-
-	mov	%r11,8(%rsp,$num,8)	# tp[num+1]=%rsp
-.Lmul4x_body:
-	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
-	mov	%rdx,%r12		# reassign $bp
-___
-		$bp="%r12";
-$code.=<<___;
-	mov	($n0),$n0		# pull n0[0] value
-	mov	($bp),$m0		# m0=bp[0]
-	mov	($ap),%rax
-
-	xor	$i,$i			# i=0
-	xor	$j,$j			# j=0
-
-	mov	$n0,$m1
-	mulq	$m0			# ap[0]*bp[0]
-	mov	%rax,$A[0]
-	mov	($np),%rax
-
-	imulq	$A[0],$m1		# "tp[0]"*n0
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$A[0]		# discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$N[1]
-
-	mulq	$m0
-	add	%rax,$A[1]
-	mov	8($np),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1
-	add	%rax,$N[1]
-	mov	16($ap),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	lea	4($j),$j		# j++
-	adc	\$0,%rdx
-	mov	$N[1],(%rsp)
-	mov	%rdx,$N[0]
-	jmp	.L1st4x
-.align	16
-.L1st4x:
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[0]
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[1]
-	mov	8($np,$j,8),%rax
-	adc	\$0,%rdx
-	lea	4($j),$j		# j++
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	-16($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-	cmp	$num,$j
-	jl	.L1st4x
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	xor	$N[1],$N[1]
-	add	$A[0],$N[0]
-	adc	\$0,$N[1]
-	mov	$N[0],-8(%rsp,$j,8)
-	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-.align	4
-.Louter4x:
-	mov	($bp,$i,8),$m0		# m0=bp[i]
-	xor	$j,$j			# j=0
-	mov	(%rsp),$A[0]
-	mov	$n0,$m1
-	mulq	$m0			# ap[0]*bp[i]
-	add	%rax,$A[0]		# ap[0]*bp[i]+tp[0]
-	mov	($np),%rax
-	adc	\$0,%rdx
-
-	imulq	$A[0],$m1		# tp[0]*n0
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$A[0]		# "$N[0]", discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	8($np),%rax
-	adc	\$0,%rdx
-	add	8(%rsp),$A[1]		# +tp[1]
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	16($ap),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	lea	4($j),$j		# j+=2
-	adc	\$0,%rdx
-	mov	$N[1],(%rsp)		# tp[j-1]
-	mov	%rdx,$N[0]
-	jmp	.Linner4x
-.align	16
-.Linner4x:
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-8(%rsp,$j,8),$A[1]
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[0]
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]
-	adc	\$0,%rdx
-	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	8($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	8(%rsp,$j,8),$A[1]
-	adc	\$0,%rdx
-	lea	4($j),$j		# j++
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	-16($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	adc	\$0,%rdx
-	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-	cmp	$num,$j
-	jl	.Linner4x
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-8(%rsp,$j,8),$A[1]
-	adc	\$0,%rdx
-	lea	1($i),$i		# i++
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	xor	$N[1],$N[1]
-	add	$A[0],$N[0]
-	adc	\$0,$N[1]
-	add	(%rsp,$num,8),$N[0]	# pull upmost overflow bit
-	adc	\$0,$N[1]
-	mov	$N[0],-8(%rsp,$j,8)
-	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
-
-	cmp	$num,$i
-	jl	.Louter4x
-___
-{
-my @ri=("%rax","%rdx",$m0,$m1);
-$code.=<<___;
-	mov	16(%rsp,$num,8),$rp	# restore $rp
-	mov	0(%rsp),@ri[0]		# tp[0]
-	pxor	%xmm0,%xmm0
-	mov	8(%rsp),@ri[1]		# tp[1]
-	shr	\$2,$num		# num/=4
-	lea	(%rsp),$ap		# borrow ap for tp
-	xor	$i,$i			# i=0 and clear CF!
-
-	sub	0($np),@ri[0]
-	mov	16($ap),@ri[2]		# tp[2]
-	mov	24($ap),@ri[3]		# tp[3]
-	sbb	8($np),@ri[1]
-	lea	-1($num),$j		# j=num/4-1
-	jmp	.Lsub4x
-.align	16
-.Lsub4x:
-	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	16($np,$i,8),@ri[2]
-	mov	32($ap,$i,8),@ri[0]	# tp[i+1]
-	mov	40($ap,$i,8),@ri[1]
-	sbb	24($np,$i,8),@ri[3]
-	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	32($np,$i,8),@ri[0]
-	mov	48($ap,$i,8),@ri[2]
-	mov	56($ap,$i,8),@ri[3]
-	sbb	40($np,$i,8),@ri[1]
-	lea	4($i),$i		# i++
-	dec	$j			# doesnn't affect CF!
-	jnz	.Lsub4x
-
-	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	32($ap,$i,8),@ri[0]	# load overflow bit
-	sbb	16($np,$i,8),@ri[2]
-	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	24($np,$i,8),@ri[3]
-	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
-
-	sbb	\$0,@ri[0]		# handle upmost overflow bit
-	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	xor	$i,$i			# i=0
-	and	@ri[0],$ap
-	not	@ri[0]
-	mov	$rp,$np
-	and	@ri[0],$np
-	lea	-1($num),$j
-	or	$np,$ap			# ap=borrow?tp:rp
-
-	movdqu	($ap),%xmm1
-	movdqa	%xmm0,(%rsp)
-	movdqu	%xmm1,($rp)
-	jmp	.Lcopy4x
-.align	16
-.Lcopy4x:					# copy or in-place refresh
-	movdqu	16($ap,$i),%xmm2
-	movdqu	32($ap,$i),%xmm1
-	movdqa	%xmm0,16(%rsp,$i)
-	movdqu	%xmm2,16($rp,$i)
-	movdqa	%xmm0,32(%rsp,$i)
-	movdqu	%xmm1,32($rp,$i)
-	lea	32($i),$i
-	dec	$j
-	jnz	.Lcopy4x
-
-	shl	\$2,$num
-	movdqu	16($ap,$i),%xmm2
-	movdqa	%xmm0,16(%rsp,$i)
-	movdqu	%xmm2,16($rp,$i)
-___
-}
-$code.=<<___;
-	mov	8(%rsp,$num,8),%rsi	# restore %rsp
-	mov	\$1,%rax
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lmul4x_epilogue:
-	ret
-.size	bn_mul4x_mont,.-bn_mul4x_mont
-___
-}}}
-{{{
-######################################################################
-# void bn_sqr4x_mont(
-my $rptr="%rdi";	# const BN_ULONG *rptr,
-my $aptr="%rsi";	# const BN_ULONG *aptr,
-my $bptr="%rdx";	# not used
-my $nptr="%rcx";	# const BN_ULONG *nptr,
-my $n0  ="%r8";		# const BN_ULONG *n0);
-my $num ="%r9";		# int num, has to be divisible by 4 and
-			# not less than 8
-
-my ($i,$j,$tptr)=("%rbp","%rcx",$rptr);
-my @A0=("%r10","%r11");
-my @A1=("%r12","%r13");
-my ($a0,$a1,$ai)=("%r14","%r15","%rbx");
-
-$code.=<<___;
-.type	bn_sqr4x_mont,\@function,6
-.align	16
-bn_sqr4x_mont:
-.Lsqr4x_enter:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-
-	shl	\$3,${num}d		# convert $num to bytes
-	xor	%r10,%r10
-	mov	%rsp,%r11		# put aside %rsp
-	sub	$num,%r10		# -$num
-	mov	($n0),$n0		# *n0
-	lea	-72(%rsp,%r10,2),%rsp	# alloca(frame+2*$num)
-	and	\$-1024,%rsp		# minimize TLB usage
-	##############################################################
-	# Stack layout
-	#
-	# +0	saved $num, used in reduction section
-	# +8	&t[2*$num], used in reduction section
-	# +32	saved $rptr
-	# +40	saved $nptr
-	# +48	saved *n0
-	# +56	saved %rsp
-	# +64	t[2*$num]
-	#
-	mov	$rptr,32(%rsp)		# save $rptr
-	mov	$nptr,40(%rsp)
-	mov	$n0,  48(%rsp)
-	mov	%r11, 56(%rsp)		# save original %rsp
-.Lsqr4x_body:
-	##############################################################
-	# Squaring part:
-	#
-	# a) multiply-n-add everything but a[i]*a[i];
-	# b) shift result of a) by 1 to the left and accumulate
-	#    a[i]*a[i] products;
-	#
-	lea	32(%r10),$i		# $i=-($num-32)
-	lea	($aptr,$num),$aptr	# end of a[] buffer, ($aptr,$i)=&ap[2]
-
-	mov	$num,$j			# $j=$num
-
-					# comments apply to $num==8 case
-	mov	-32($aptr,$i),$a0	# a[0]
-	lea	64(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
-	mov	-24($aptr,$i),%rax	# a[1]
-	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
-	mov	-16($aptr,$i),$ai	# a[2]
-	mov	%rax,$a1
-
-	mul	$a0			# a[1]*a[0]
-	mov	%rax,$A0[0]		# a[1]*a[0]
-	 mov	$ai,%rax		# a[2]
-	mov	%rdx,$A0[1]
-	mov	$A0[0],-24($tptr,$i)	# t[1]
-
-	xor	$A0[0],$A0[0]
-	mul	$a0			# a[2]*a[0]
-	add	%rax,$A0[1]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[0]
-	mov	$A0[1],-16($tptr,$i)	# t[2]
-
-	lea	-16($i),$j		# j=-16
-
-
-	 mov	8($aptr,$j),$ai		# a[3]
-	mul	$a1			# a[2]*a[1]
-	mov	%rax,$A1[0]		# a[2]*a[1]+t[3]
-	 mov	$ai,%rax
-	mov	%rdx,$A1[1]
-
-	xor	$A0[1],$A0[1]
-	add	$A1[0],$A0[0]
-	 lea	16($j),$j
-	adc	\$0,$A0[1]
-	mul	$a0			# a[3]*a[0]
-	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[1]
-	mov	$A0[0],-8($tptr,$j)	# t[3]
-	jmp	.Lsqr4x_1st
-
-.align	16
-.Lsqr4x_1st:
-	 mov	($aptr,$j),$ai		# a[4]
-	xor	$A1[0],$A1[0]
-	mul	$a1			# a[3]*a[1]
-	add	%rax,$A1[1]		# a[3]*a[1]+t[4]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[0]
-
-	xor	$A0[0],$A0[0]
-	add	$A1[1],$A0[1]
-	adc	\$0,$A0[0]
-	mul	$a0			# a[4]*a[0]
-	add	%rax,$A0[1]		# a[4]*a[0]+a[3]*a[1]+t[4]
-	 mov	$ai,%rax		# a[3]
-	adc	%rdx,$A0[0]
-	mov	$A0[1],($tptr,$j)	# t[4]
-
-
-	 mov	8($aptr,$j),$ai		# a[5]
-	xor	$A1[1],$A1[1]
-	mul	$a1			# a[4]*a[3]
-	add	%rax,$A1[0]		# a[4]*a[3]+t[5]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[1]
-
-	xor	$A0[1],$A0[1]
-	add	$A1[0],$A0[0]
-	adc	\$0,$A0[1]
-	mul	$a0			# a[5]*a[2]
-	add	%rax,$A0[0]		# a[5]*a[2]+a[4]*a[3]+t[5]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[1]
-	mov	$A0[0],8($tptr,$j)	# t[5]
-
-	 mov	16($aptr,$j),$ai	# a[6]
-	xor	$A1[0],$A1[0]
-	mul	$a1			# a[5]*a[3]
-	add	%rax,$A1[1]		# a[5]*a[3]+t[6]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[0]
-
-	xor	$A0[0],$A0[0]
-	add	$A1[1],$A0[1]
-	adc	\$0,$A0[0]
-	mul	$a0			# a[6]*a[2]
-	add	%rax,$A0[1]		# a[6]*a[2]+a[5]*a[3]+t[6]
-	 mov	$ai,%rax		# a[3]
-	adc	%rdx,$A0[0]
-	mov	$A0[1],16($tptr,$j)	# t[6]
-
-
-	 mov	24($aptr,$j),$ai	# a[7]
-	xor	$A1[1],$A1[1]
-	mul	$a1			# a[6]*a[5]
-	add	%rax,$A1[0]		# a[6]*a[5]+t[7]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[1]
-
-	xor	$A0[1],$A0[1]
-	add	$A1[0],$A0[0]
-	 lea	32($j),$j
-	adc	\$0,$A0[1]
-	mul	$a0			# a[7]*a[4]
-	add	%rax,$A0[0]		# a[7]*a[4]+a[6]*a[5]+t[6]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[1]
-	mov	$A0[0],-8($tptr,$j)	# t[7]
-
-	cmp	\$0,$j
-	jne	.Lsqr4x_1st
-
-	xor	$A1[0],$A1[0]
-	add	$A0[1],$A1[1]
-	adc	\$0,$A1[0]
-	mul	$a1			# a[7]*a[5]
-	add	%rax,$A1[1]
-	adc	%rdx,$A1[0]
-
-	mov	$A1[1],($tptr)		# t[8]
-	lea	16($i),$i
-	mov	$A1[0],8($tptr)		# t[9]
-	jmp	.Lsqr4x_outer
-
-.align	16
-.Lsqr4x_outer:				# comments apply to $num==6 case
-	mov	-32($aptr,$i),$a0	# a[0]
-	lea	64(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
-	mov	-24($aptr,$i),%rax	# a[1]
-	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
-	mov	-16($aptr,$i),$ai	# a[2]
-	mov	%rax,$a1
-
-	mov	-24($tptr,$i),$A0[0]	# t[1]
-	xor	$A0[1],$A0[1]
-	mul	$a0			# a[1]*a[0]
-	add	%rax,$A0[0]		# a[1]*a[0]+t[1]
-	 mov	$ai,%rax		# a[2]
-	adc	%rdx,$A0[1]
-	mov	$A0[0],-24($tptr,$i)	# t[1]
-
-	xor	$A0[0],$A0[0]
-	add	-16($tptr,$i),$A0[1]	# a[2]*a[0]+t[2]
-	adc	\$0,$A0[0]
-	mul	$a0			# a[2]*a[0]
-	add	%rax,$A0[1]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[0]
-	mov	$A0[1],-16($tptr,$i)	# t[2]
-
-	lea	-16($i),$j		# j=-16
-	xor	$A1[0],$A1[0]
-
-
-	 mov	8($aptr,$j),$ai		# a[3]
-	xor	$A1[1],$A1[1]
-	add	8($tptr,$j),$A1[0]
-	adc	\$0,$A1[1]
-	mul	$a1			# a[2]*a[1]
-	add	%rax,$A1[0]		# a[2]*a[1]+t[3]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[1]
-
-	xor	$A0[1],$A0[1]
-	add	$A1[0],$A0[0]
-	adc	\$0,$A0[1]
-	mul	$a0			# a[3]*a[0]
-	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[1]
-	mov	$A0[0],8($tptr,$j)	# t[3]
-
-	lea	16($j),$j
-	jmp	.Lsqr4x_inner
-
-.align	16
-.Lsqr4x_inner:
-	 mov	($aptr,$j),$ai		# a[4]
-	xor	$A1[0],$A1[0]
-	add	($tptr,$j),$A1[1]
-	adc	\$0,$A1[0]
-	mul	$a1			# a[3]*a[1]
-	add	%rax,$A1[1]		# a[3]*a[1]+t[4]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[0]
-
-	xor	$A0[0],$A0[0]
-	add	$A1[1],$A0[1]
-	adc	\$0,$A0[0]
-	mul	$a0			# a[4]*a[0]
-	add	%rax,$A0[1]		# a[4]*a[0]+a[3]*a[1]+t[4]
-	 mov	$ai,%rax		# a[3]
-	adc	%rdx,$A0[0]
-	mov	$A0[1],($tptr,$j)	# t[4]
-
-	 mov	8($aptr,$j),$ai		# a[5]
-	xor	$A1[1],$A1[1]
-	add	8($tptr,$j),$A1[0]
-	adc	\$0,$A1[1]
-	mul	$a1			# a[4]*a[3]
-	add	%rax,$A1[0]		# a[4]*a[3]+t[5]
-	 mov	$ai,%rax
-	adc	%rdx,$A1[1]
-
-	xor	$A0[1],$A0[1]
-	add	$A1[0],$A0[0]
-	lea	16($j),$j		# j++
-	adc	\$0,$A0[1]
-	mul	$a0			# a[5]*a[2]
-	add	%rax,$A0[0]		# a[5]*a[2]+a[4]*a[3]+t[5]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[1]
-	mov	$A0[0],-8($tptr,$j)	# t[5], "preloaded t[1]" below
-
-	cmp	\$0,$j
-	jne	.Lsqr4x_inner
-
-	xor	$A1[0],$A1[0]
-	add	$A0[1],$A1[1]
-	adc	\$0,$A1[0]
-	mul	$a1			# a[5]*a[3]
-	add	%rax,$A1[1]
-	adc	%rdx,$A1[0]
-
-	mov	$A1[1],($tptr)		# t[6], "preloaded t[2]" below
-	mov	$A1[0],8($tptr)		# t[7], "preloaded t[3]" below
-
-	add	\$16,$i
-	jnz	.Lsqr4x_outer
-
-					# comments apply to $num==4 case
-	mov	-32($aptr),$a0		# a[0]
-	lea	64(%rsp,$num,2),$tptr	# end of tp[] buffer, &tp[2*$num]
-	mov	-24($aptr),%rax		# a[1]
-	lea	-32($tptr,$i),$tptr	# end of tp[] window, &tp[2*$num-"$i"]
-	mov	-16($aptr),$ai		# a[2]
-	mov	%rax,$a1
-
-	xor	$A0[1],$A0[1]
-	mul	$a0			# a[1]*a[0]
-	add	%rax,$A0[0]		# a[1]*a[0]+t[1], preloaded t[1]
-	 mov	$ai,%rax		# a[2]
-	adc	%rdx,$A0[1]
-	mov	$A0[0],-24($tptr)	# t[1]
-
-	xor	$A0[0],$A0[0]
-	add	$A1[1],$A0[1]		# a[2]*a[0]+t[2], preloaded t[2]
-	adc	\$0,$A0[0]
-	mul	$a0			# a[2]*a[0]
-	add	%rax,$A0[1]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[0]
-	mov	$A0[1],-16($tptr)	# t[2]
-
-	 mov	-8($aptr),$ai		# a[3]
-	mul	$a1			# a[2]*a[1]
-	add	%rax,$A1[0]		# a[2]*a[1]+t[3], preloaded t[3]
-	 mov	$ai,%rax
-	adc	\$0,%rdx
-
-	xor	$A0[1],$A0[1]
-	add	$A1[0],$A0[0]
-	 mov	%rdx,$A1[1]
-	adc	\$0,$A0[1]
-	mul	$a0			# a[3]*a[0]
-	add	%rax,$A0[0]		# a[3]*a[0]+a[2]*a[1]+t[3]
-	 mov	$ai,%rax
-	adc	%rdx,$A0[1]
-	mov	$A0[0],-8($tptr)	# t[3]
-
-	xor	$A1[0],$A1[0]
-	add	$A0[1],$A1[1]
-	adc	\$0,$A1[0]
-	mul	$a1			# a[3]*a[1]
-	add	%rax,$A1[1]
-	 mov	-16($aptr),%rax		# a[2]
-	adc	%rdx,$A1[0]
-
-	mov	$A1[1],($tptr)		# t[4]
-	mov	$A1[0],8($tptr)		# t[5]
-
-	mul	$ai			# a[2]*a[3]
-___
-{
-my ($shift,$carry)=($a0,$a1);
-my @S=(@A1,$ai,$n0);
-$code.=<<___;
-	 add	\$16,$i
-	 xor	$shift,$shift
-	 sub	$num,$i			# $i=16-$num
-	 xor	$carry,$carry
-
-	add	$A1[0],%rax		# t[5]
-	adc	\$0,%rdx
-	mov	%rax,8($tptr)		# t[5]
-	mov	%rdx,16($tptr)		# t[6]
-	mov	$carry,24($tptr)	# t[7]
-
-	 mov	-16($aptr,$i),%rax	# a[0]
-	lea	64(%rsp,$num,2),$tptr
-	 xor	$A0[0],$A0[0]		# t[0]
-	 mov	-24($tptr,$i,2),$A0[1]	# t[1]
-
-	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[1]		# | t[2*i]>>63
-	 mov	-16($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	-8($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[0]
-	 mov	-8($aptr,$i),%rax	# a[i+1]	# prefetch
-	mov	$S[0],-32($tptr,$i,2)
-	adc	%rdx,$S[1]
-
-	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
-	 mov	$S[1],-24($tptr,$i,2)
-	 sbb	$carry,$carry		# mov cf,$carry
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[3]		# | t[2*i]>>63
-	 mov	0($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	8($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[2]
-	 mov	0($aptr,$i),%rax	# a[i+1]	# prefetch
-	mov	$S[2],-16($tptr,$i,2)
-	adc	%rdx,$S[3]
-	lea	16($i),$i
-	mov	$S[3],-40($tptr,$i,2)
-	sbb	$carry,$carry		# mov cf,$carry
-	jmp	.Lsqr4x_shift_n_add
-
-.align	16
-.Lsqr4x_shift_n_add:
-	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[1]		# | t[2*i]>>63
-	 mov	-16($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	-8($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[0]
-	 mov	-8($aptr,$i),%rax	# a[i+1]	# prefetch
-	mov	$S[0],-32($tptr,$i,2)
-	adc	%rdx,$S[1]
-
-	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
-	 mov	$S[1],-24($tptr,$i,2)
-	 sbb	$carry,$carry		# mov cf,$carry
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[3]		# | t[2*i]>>63
-	 mov	0($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	8($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[2]
-	 mov	0($aptr,$i),%rax	# a[i+1]	# prefetch
-	mov	$S[2],-16($tptr,$i,2)
-	adc	%rdx,$S[3]
-
-	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
-	 mov	$S[3],-8($tptr,$i,2)
-	 sbb	$carry,$carry		# mov cf,$carry
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[1]		# | t[2*i]>>63
-	 mov	16($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	24($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[0]
-	 mov	8($aptr,$i),%rax	# a[i+1]	# prefetch
-	mov	$S[0],0($tptr,$i,2)
-	adc	%rdx,$S[1]
-
-	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1 | shift
-	 mov	$S[1],8($tptr,$i,2)
-	 sbb	$carry,$carry		# mov cf,$carry
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[3]		# | t[2*i]>>63
-	 mov	32($tptr,$i,2),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	40($tptr,$i,2),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[2]
-	 mov	16($aptr,$i),%rax	# a[i+1]	# prefetch
-	mov	$S[2],16($tptr,$i,2)
-	adc	%rdx,$S[3]
-	mov	$S[3],24($tptr,$i,2)
-	sbb	$carry,$carry		# mov cf,$carry
-	add	\$32,$i
-	jnz	.Lsqr4x_shift_n_add
-
-	lea	($shift,$A0[0],2),$S[0]	# t[2*i]<<1 | shift
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[1]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[1]		# | t[2*i]>>63
-	 mov	-16($tptr),$A0[0]	# t[2*i+2]	# prefetch
-	mov	$A0[1],$shift		# shift=t[2*i+1]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	 mov	-8($tptr),$A0[1]	# t[2*i+2+1]	# prefetch
-	adc	%rax,$S[0]
-	 mov	-8($aptr),%rax		# a[i+1]	# prefetch
-	mov	$S[0],-32($tptr)
-	adc	%rdx,$S[1]
-
-	lea	($shift,$A0[0],2),$S[2]	# t[2*i]<<1|shift
-	 mov	$S[1],-24($tptr)
-	 sbb	$carry,$carry		# mov cf,$carry
-	shr	\$63,$A0[0]
-	lea	($j,$A0[1],2),$S[3]	# t[2*i+1]<<1 |
-	shr	\$63,$A0[1]
-	or	$A0[0],$S[3]		# | t[2*i]>>63
-	mul	%rax			# a[i]*a[i]
-	neg	$carry			# mov $carry,cf
-	adc	%rax,$S[2]
-	adc	%rdx,$S[3]
-	mov	$S[2],-16($tptr)
-	mov	$S[3],-8($tptr)
-___
-}
-##############################################################
-# Montgomery reduction part, "word-by-word" algorithm.
-#
-{
-my ($topbit,$nptr)=("%rbp",$aptr);
-my ($m0,$m1)=($a0,$a1);
-my @Ni=("%rbx","%r9");
-$code.=<<___;
-	mov	40(%rsp),$nptr		# restore $nptr
-	mov	48(%rsp),$n0		# restore *n0
-	xor	$j,$j
-	mov	$num,0(%rsp)		# save $num
-	sub	$num,$j			# $j=-$num
-	 mov	64(%rsp),$A0[0]		# t[0]		# modsched #
-	 mov	$n0,$m0			#		# modsched #
-	lea	64(%rsp,$num,2),%rax	# end of t[] buffer
-	lea	64(%rsp,$num),$tptr	# end of t[] window
-	mov	%rax,8(%rsp)		# save end of t[] buffer
-	lea	($nptr,$num),$nptr	# end of n[] buffer
-	xor	$topbit,$topbit		# $topbit=0
-
-	mov	0($nptr,$j),%rax	# n[0]		# modsched #
-	mov	8($nptr,$j),$Ni[1]	# n[1]		# modsched #
-	 imulq	$A0[0],$m0		# m0=t[0]*n0	# modsched #
-	 mov	%rax,$Ni[0]		#		# modsched #
-	jmp	.Lsqr4x_mont_outer
-
-.align	16
-.Lsqr4x_mont_outer:
-	xor	$A0[1],$A0[1]
-	mul	$m0			# n[0]*m0
-	add	%rax,$A0[0]		# n[0]*m0+t[0]
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A0[1]
-	mov	$n0,$m1
-
-	xor	$A0[0],$A0[0]
-	add	8($tptr,$j),$A0[1]
-	adc	\$0,$A0[0]
-	mul	$m0			# n[1]*m0
-	add	%rax,$A0[1]		# n[1]*m0+t[1]
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A0[0]
-
-	imulq	$A0[1],$m1
-
-	mov	16($nptr,$j),$Ni[0]	# n[2]
-	xor	$A1[1],$A1[1]
-	add	$A0[1],$A1[0]
-	adc	\$0,$A1[1]
-	mul	$m1			# n[0]*m1
-	add	%rax,$A1[0]		# n[0]*m1+"t[1]"
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A1[1]
-	mov	$A1[0],8($tptr,$j)	# "t[1]"
-
-	xor	$A0[1],$A0[1]
-	add	16($tptr,$j),$A0[0]
-	adc	\$0,$A0[1]
-	mul	$m0			# n[2]*m0
-	add	%rax,$A0[0]		# n[2]*m0+t[2]
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A0[1]
-
-	mov	24($nptr,$j),$Ni[1]	# n[3]
-	xor	$A1[0],$A1[0]
-	add	$A0[0],$A1[1]
-	adc	\$0,$A1[0]
-	mul	$m1			# n[1]*m1
-	add	%rax,$A1[1]		# n[1]*m1+"t[2]"
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A1[0]
-	mov	$A1[1],16($tptr,$j)	# "t[2]"
-
-	xor	$A0[0],$A0[0]
-	add	24($tptr,$j),$A0[1]
-	lea	32($j),$j
-	adc	\$0,$A0[0]
-	mul	$m0			# n[3]*m0
-	add	%rax,$A0[1]		# n[3]*m0+t[3]
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A0[0]
-	jmp	.Lsqr4x_mont_inner
-
-.align	16
-.Lsqr4x_mont_inner:
-	mov	($nptr,$j),$Ni[0]	# n[4]
-	xor	$A1[1],$A1[1]
-	add	$A0[1],$A1[0]
-	adc	\$0,$A1[1]
-	mul	$m1			# n[2]*m1
-	add	%rax,$A1[0]		# n[2]*m1+"t[3]"
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A1[1]
-	mov	$A1[0],-8($tptr,$j)	# "t[3]"
-
-	xor	$A0[1],$A0[1]
-	add	($tptr,$j),$A0[0]
-	adc	\$0,$A0[1]
-	mul	$m0			# n[4]*m0
-	add	%rax,$A0[0]		# n[4]*m0+t[4]
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A0[1]
-
-	mov	8($nptr,$j),$Ni[1]	# n[5]
-	xor	$A1[0],$A1[0]
-	add	$A0[0],$A1[1]
-	adc	\$0,$A1[0]
-	mul	$m1			# n[3]*m1
-	add	%rax,$A1[1]		# n[3]*m1+"t[4]"
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A1[0]
-	mov	$A1[1],($tptr,$j)	# "t[4]"
-
-	xor	$A0[0],$A0[0]
-	add	8($tptr,$j),$A0[1]
-	adc	\$0,$A0[0]
-	mul	$m0			# n[5]*m0
-	add	%rax,$A0[1]		# n[5]*m0+t[5]
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A0[0]
-
-
-	mov	16($nptr,$j),$Ni[0]	# n[6]
-	xor	$A1[1],$A1[1]
-	add	$A0[1],$A1[0]
-	adc	\$0,$A1[1]
-	mul	$m1			# n[4]*m1
-	add	%rax,$A1[0]		# n[4]*m1+"t[5]"
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A1[1]
-	mov	$A1[0],8($tptr,$j)	# "t[5]"
-
-	xor	$A0[1],$A0[1]
-	add	16($tptr,$j),$A0[0]
-	adc	\$0,$A0[1]
-	mul	$m0			# n[6]*m0
-	add	%rax,$A0[0]		# n[6]*m0+t[6]
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A0[1]
-
-	mov	24($nptr,$j),$Ni[1]	# n[7]
-	xor	$A1[0],$A1[0]
-	add	$A0[0],$A1[1]
-	adc	\$0,$A1[0]
-	mul	$m1			# n[5]*m1
-	add	%rax,$A1[1]		# n[5]*m1+"t[6]"
-	 mov	$Ni[1],%rax
-	adc	%rdx,$A1[0]
-	mov	$A1[1],16($tptr,$j)	# "t[6]"
-
-	xor	$A0[0],$A0[0]
-	add	24($tptr,$j),$A0[1]
-	lea	32($j),$j
-	adc	\$0,$A0[0]
-	mul	$m0			# n[7]*m0
-	add	%rax,$A0[1]		# n[7]*m0+t[7]
-	 mov	$Ni[0],%rax
-	adc	%rdx,$A0[0]
-	cmp	\$0,$j
-	jne	.Lsqr4x_mont_inner
-
-	 sub	0(%rsp),$j		# $j=-$num	# modsched #
-	 mov	$n0,$m0			#		# modsched #
-
-	xor	$A1[1],$A1[1]
-	add	$A0[1],$A1[0]
-	adc	\$0,$A1[1]
-	mul	$m1			# n[6]*m1
-	add	%rax,$A1[0]		# n[6]*m1+"t[7]"
-	mov	$Ni[1],%rax
-	adc	%rdx,$A1[1]
-	mov	$A1[0],-8($tptr)	# "t[7]"
-
-	xor	$A0[1],$A0[1]
-	add	($tptr),$A0[0]		# +t[8]
-	adc	\$0,$A0[1]
-	 mov	0($nptr,$j),$Ni[0]	# n[0]		# modsched #
-	add	$topbit,$A0[0]
-	adc	\$0,$A0[1]
-
-	 imulq	16($tptr,$j),$m0	# m0=t[0]*n0	# modsched #
-	xor	$A1[0],$A1[0]
-	 mov	8($nptr,$j),$Ni[1]	# n[1]		# modsched #
-	add	$A0[0],$A1[1]
-	 mov	16($tptr,$j),$A0[0]	# t[0]		# modsched #
-	adc	\$0,$A1[0]
-	mul	$m1			# n[7]*m1
-	add	%rax,$A1[1]		# n[7]*m1+"t[8]"
-	 mov	$Ni[0],%rax		#		# modsched #
-	adc	%rdx,$A1[0]
-	mov	$A1[1],($tptr)		# "t[8]"
-
-	xor	$topbit,$topbit
-	add	8($tptr),$A1[0]		# +t[9]
-	adc	$topbit,$topbit
-	add	$A0[1],$A1[0]
-	lea	16($tptr),$tptr		# "t[$num]>>128"
-	adc	\$0,$topbit
-	mov	$A1[0],-8($tptr)	# "t[9]"
-	cmp	8(%rsp),$tptr		# are we done?
-	jb	.Lsqr4x_mont_outer
-
-	mov	0(%rsp),$num		# restore $num
-	mov	$topbit,($tptr)		# save $topbit
-___
-}
-##############################################################
-# Post-condition, 4x unrolled copy from bn_mul_mont
-#
-{
-my ($tptr,$nptr)=("%rbx",$aptr);
-my @ri=("%rax","%rdx","%r10","%r11");
-$code.=<<___;
-	mov	64(%rsp,$num),@ri[0]	# tp[0]
-	lea	64(%rsp,$num),$tptr	# upper half of t[2*$num] holds result
-	mov	40(%rsp),$nptr		# restore $nptr
-	shr	\$5,$num		# num/4
-	mov	8($tptr),@ri[1]		# t[1]
-	xor	$i,$i			# i=0 and clear CF!
-
-	mov	32(%rsp),$rptr		# restore $rptr
-	sub	0($nptr),@ri[0]
-	mov	16($tptr),@ri[2]	# t[2]
-	mov	24($tptr),@ri[3]	# t[3]
-	sbb	8($nptr),@ri[1]
-	lea	-1($num),$j		# j=num/4-1
-	jmp	.Lsqr4x_sub
-.align	16
-.Lsqr4x_sub:
-	mov	@ri[0],0($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	@ri[1],8($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	16($nptr,$i,8),@ri[2]
-	mov	32($tptr,$i,8),@ri[0]	# tp[i+1]
-	mov	40($tptr,$i,8),@ri[1]
-	sbb	24($nptr,$i,8),@ri[3]
-	mov	@ri[2],16($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	@ri[3],24($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	32($nptr,$i,8),@ri[0]
-	mov	48($tptr,$i,8),@ri[2]
-	mov	56($tptr,$i,8),@ri[3]
-	sbb	40($nptr,$i,8),@ri[1]
-	lea	4($i),$i		# i++
-	dec	$j			# doesn't affect CF!
-	jnz	.Lsqr4x_sub
-
-	mov	@ri[0],0($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	32($tptr,$i,8),@ri[0]	# load overflow bit
-	sbb	16($nptr,$i,8),@ri[2]
-	mov	@ri[1],8($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	24($nptr,$i,8),@ri[3]
-	mov	@ri[2],16($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-
-	sbb	\$0,@ri[0]		# handle upmost overflow bit
-	mov	@ri[3],24($rptr,$i,8)	# rp[i]=tp[i]-np[i]
-	xor	$i,$i			# i=0
-	and	@ri[0],$tptr
-	not	@ri[0]
-	mov	$rptr,$nptr
-	and	@ri[0],$nptr
-	lea	-1($num),$j
-	or	$nptr,$tptr		# tp=borrow?tp:rp
-
-	pxor	%xmm0,%xmm0
-	lea	64(%rsp,$num,8),$nptr
-	movdqu	($tptr),%xmm1
-	lea	($nptr,$num,8),$nptr
-	movdqa	%xmm0,64(%rsp)		# zap lower half of temporary vector
-	movdqa	%xmm0,($nptr)		# zap upper half of temporary vector
-	movdqu	%xmm1,($rptr)
-	jmp	.Lsqr4x_copy
-.align	16
-.Lsqr4x_copy:				# copy or in-place refresh
-	movdqu	16($tptr,$i),%xmm2
-	movdqu	32($tptr,$i),%xmm1
-	movdqa	%xmm0,80(%rsp,$i)	# zap lower half of temporary vector
-	movdqa	%xmm0,96(%rsp,$i)	# zap lower half of temporary vector
-	movdqa	%xmm0,16($nptr,$i)	# zap upper half of temporary vector
-	movdqa	%xmm0,32($nptr,$i)	# zap upper half of temporary vector
-	movdqu	%xmm2,16($rptr,$i)
-	movdqu	%xmm1,32($rptr,$i)
-	lea	32($i),$i
-	dec	$j
-	jnz	.Lsqr4x_copy
-
-	movdqu	16($tptr,$i),%xmm2
-	movdqa	%xmm0,80(%rsp,$i)	# zap lower half of temporary vector
-	movdqa	%xmm0,16($nptr,$i)	# zap upper half of temporary vector
-	movdqu	%xmm2,16($rptr,$i)
-___
-}
-$code.=<<___;
-	mov	56(%rsp),%rsi		# restore %rsp
-	mov	\$1,%rax
-	mov	0(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lsqr4x_epilogue:
-	ret
-.size	bn_sqr4x_mont,.-bn_sqr4x_mont
-___
-}}}
-$code.=<<___;
-.asciz	"Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-.align	16
-___
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	mul_handler,\@abi-omnipotent
-.align	16
-mul_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# end of prologue label
-	cmp	%r10,%rbx		# context->Rip<end of prologue label
-	jb	.Lcommon_seh_tail
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lcommon_seh_tail
-
-	mov	192($context),%r10	# pull $num
-	mov	8(%rax,%r10,8),%rax	# pull saved stack pointer
-	lea	48(%rax),%rax
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%rbp
-	mov	-24(%rax),%r12
-	mov	-32(%rax),%r13
-	mov	-40(%rax),%r14
-	mov	-48(%rax),%r15
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-	jmp	.Lcommon_seh_tail
-.size	mul_handler,.-mul_handler
-
-.type	sqr_handler,\@abi-omnipotent
-.align	16
-sqr_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	lea	.Lsqr4x_body(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<.Lsqr_body
-	jb	.Lcommon_seh_tail
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	lea	.Lsqr4x_epilogue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip>=.Lsqr_epilogue
-	jae	.Lcommon_seh_tail
-
-	mov	56(%rax),%rax		# pull saved stack pointer
-	lea	48(%rax),%rax
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%rbp
-	mov	-24(%rax),%r12
-	mov	-32(%rax),%r13
-	mov	-40(%rax),%r14
-	mov	-48(%rax),%r15
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-.Lcommon_seh_tail:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	sqr_handler,.-sqr_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_bn_mul_mont
-	.rva	.LSEH_end_bn_mul_mont
-	.rva	.LSEH_info_bn_mul_mont
-
-	.rva	.LSEH_begin_bn_mul4x_mont
-	.rva	.LSEH_end_bn_mul4x_mont
-	.rva	.LSEH_info_bn_mul4x_mont
-
-	.rva	.LSEH_begin_bn_sqr4x_mont
-	.rva	.LSEH_end_bn_sqr4x_mont
-	.rva	.LSEH_info_bn_sqr4x_mont
-
-.section	.xdata
-.align	8
-.LSEH_info_bn_mul_mont:
-	.byte	9,0,0,0
-	.rva	mul_handler
-	.rva	.Lmul_body,.Lmul_epilogue	# HandlerData[]
-.LSEH_info_bn_mul4x_mont:
-	.byte	9,0,0,0
-	.rva	mul_handler
-	.rva	.Lmul4x_body,.Lmul4x_epilogue	# HandlerData[]
-.LSEH_info_bn_sqr4x_mont:
-	.byte	9,0,0,0
-	.rva	sqr_handler
-___
-}
-
-print $code;
-close STDOUT;
diff --git a/crypto/bn/asm/x86_64-mont5.S b/crypto/bn/asm/x86_64-mont5.S
deleted file mode 100644
index 49ec6ac67b..0000000000
--- a/crypto/bn/asm/x86_64-mont5.S
+++ /dev/null
@@ -1,784 +0,0 @@
-.text	
-
-.globl	bn_mul_mont_gather5
-.type	bn_mul_mont_gather5,@function
-.align	64
-bn_mul_mont_gather5:
-	testl	$3,%r9d
-	jnz	.Lmul_enter
-	cmpl	$8,%r9d
-	jb	.Lmul_enter
-	jmp	.Lmul4x_enter
-
-.align	16
-.Lmul_enter:
-	movl	%r9d,%r9d
-	movl	8(%rsp),%r10d
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	movq	%rsp,%rax
-	leaq	2(%r9),%r11
-	negq	%r11
-	leaq	(%rsp,%r11,8),%rsp
-	andq	$-1024,%rsp
-
-	movq	%rax,8(%rsp,%r9,8)
-.Lmul_body:
-	movq	%rdx,%r12
-	movq	%r10,%r11
-	shrq	$3,%r10
-	andq	$7,%r11
-	notq	%r10
-	leaq	.Lmagic_masks(%rip),%rax
-	andq	$3,%r10
-	leaq	96(%r12,%r11,8),%r12
-	movq	0(%rax,%r10,8),%xmm4
-	movq	8(%rax,%r10,8),%xmm5
-	movq	16(%rax,%r10,8),%xmm6
-	movq	24(%rax,%r10,8),%xmm7
-
-	movq	-96(%r12),%xmm0
-	movq	-32(%r12),%xmm1
-	pand	%xmm4,%xmm0
-	movq	32(%r12),%xmm2
-	pand	%xmm5,%xmm1
-	movq	96(%r12),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-	por	%xmm2,%xmm0
-	leaq	256(%r12),%r12
-	por	%xmm3,%xmm0
-
-.byte	102,72,15,126,195
-
-	movq	(%r8),%r8
-	movq	(%rsi),%rax
-
-	xorq	%r14,%r14
-	xorq	%r15,%r15
-
-	movq	-96(%r12),%xmm0
-	movq	-32(%r12),%xmm1
-	pand	%xmm4,%xmm0
-	movq	32(%r12),%xmm2
-	pand	%xmm5,%xmm1
-
-	movq	%r8,%rbp
-	mulq	%rbx
-	movq	%rax,%r10
-	movq	(%rcx),%rax
-
-	movq	96(%r12),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-
-	imulq	%r10,%rbp
-	movq	%rdx,%r11
-
-	por	%xmm2,%xmm0
-	leaq	256(%r12),%r12
-	por	%xmm3,%xmm0
-
-	mulq	%rbp
-	addq	%rax,%r10
-	movq	8(%rsi),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r13
-
-	leaq	1(%r15),%r15
-	jmp	.L1st_enter
-
-.align	16
-.L1st:
-	addq	%rax,%r13
-	movq	(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r11,%r13
-	movq	%r10,%r11
-	adcq	$0,%rdx
-	movq	%r13,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-.L1st_enter:
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	leaq	1(%r15),%r15
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	cmpq	%r9,%r15
-	jne	.L1st
-
-.byte	102,72,15,126,195
-
-	addq	%rax,%r13
-	movq	(%rsi),%rax
-	adcq	$0,%rdx
-	addq	%r11,%r13
-	adcq	$0,%rdx
-	movq	%r13,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-	movq	%r10,%r11
-
-	xorq	%rdx,%rdx
-	addq	%r11,%r13
-	adcq	$0,%rdx
-	movq	%r13,-8(%rsp,%r9,8)
-	movq	%rdx,(%rsp,%r9,8)
-
-	leaq	1(%r14),%r14
-	jmp	.Louter
-.align	16
-.Louter:
-	xorq	%r15,%r15
-	movq	%r8,%rbp
-	movq	(%rsp),%r10
-
-	movq	-96(%r12),%xmm0
-	movq	-32(%r12),%xmm1
-	pand	%xmm4,%xmm0
-	movq	32(%r12),%xmm2
-	pand	%xmm5,%xmm1
-
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	(%rcx),%rax
-	adcq	$0,%rdx
-
-	movq	96(%r12),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-
-	imulq	%r10,%rbp
-	movq	%rdx,%r11
-
-	por	%xmm2,%xmm0
-	leaq	256(%r12),%r12
-	por	%xmm3,%xmm0
-
-	mulq	%rbp
-	addq	%rax,%r10
-	movq	8(%rsi),%rax
-	adcq	$0,%rdx
-	movq	8(%rsp),%r10
-	movq	%rdx,%r13
-
-	leaq	1(%r15),%r15
-	jmp	.Linner_enter
-
-.align	16
-.Linner:
-	addq	%rax,%r13
-	movq	(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	movq	(%rsp,%r15,8),%r10
-	adcq	$0,%rdx
-	movq	%r13,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-.Linner_enter:
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r11,%r10
-	movq	%rdx,%r11
-	adcq	$0,%r11
-	leaq	1(%r15),%r15
-
-	mulq	%rbp
-	cmpq	%r9,%r15
-	jne	.Linner
-
-.byte	102,72,15,126,195
-
-	addq	%rax,%r13
-	movq	(%rsi),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	movq	(%rsp,%r15,8),%r10
-	adcq	$0,%rdx
-	movq	%r13,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-	xorq	%rdx,%rdx
-	addq	%r11,%r13
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%r13,-8(%rsp,%r9,8)
-	movq	%rdx,(%rsp,%r9,8)
-
-	leaq	1(%r14),%r14
-	cmpq	%r9,%r14
-	jl	.Louter
-
-	xorq	%r14,%r14
-	movq	(%rsp),%rax
-	leaq	(%rsp),%rsi
-	movq	%r9,%r15
-	jmp	.Lsub
-.align	16
-.Lsub:	sbbq	(%rcx,%r14,8),%rax
-	movq	%rax,(%rdi,%r14,8)
-	movq	8(%rsi,%r14,8),%rax
-	leaq	1(%r14),%r14
-	decq	%r15
-	jnz	.Lsub
-
-	sbbq	$0,%rax
-	xorq	%r14,%r14
-	andq	%rax,%rsi
-	notq	%rax
-	movq	%rdi,%rcx
-	andq	%rax,%rcx
-	movq	%r9,%r15
-	orq	%rcx,%rsi
-.align	16
-.Lcopy:
-	movq	(%rsi,%r14,8),%rax
-	movq	%r14,(%rsp,%r14,8)
-	movq	%rax,(%rdi,%r14,8)
-	leaq	1(%r14),%r14
-	subq	$1,%r15
-	jnz	.Lcopy
-
-	movq	8(%rsp,%r9,8),%rsi
-	movq	$1,%rax
-	movq	(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbp
-	movq	40(%rsi),%rbx
-	leaq	48(%rsi),%rsp
-.Lmul_epilogue:
-	.byte	0xf3,0xc3
-.size	bn_mul_mont_gather5,.-bn_mul_mont_gather5
-.type	bn_mul4x_mont_gather5,@function
-.align	16
-bn_mul4x_mont_gather5:
-.Lmul4x_enter:
-	movl	%r9d,%r9d
-	movl	8(%rsp),%r10d
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	movq	%rsp,%rax
-	leaq	4(%r9),%r11
-	negq	%r11
-	leaq	(%rsp,%r11,8),%rsp
-	andq	$-1024,%rsp
-
-	movq	%rax,8(%rsp,%r9,8)
-.Lmul4x_body:
-	movq	%rdi,16(%rsp,%r9,8)
-	movq	%rdx,%r12
-	movq	%r10,%r11
-	shrq	$3,%r10
-	andq	$7,%r11
-	notq	%r10
-	leaq	.Lmagic_masks(%rip),%rax
-	andq	$3,%r10
-	leaq	96(%r12,%r11,8),%r12
-	movq	0(%rax,%r10,8),%xmm4
-	movq	8(%rax,%r10,8),%xmm5
-	movq	16(%rax,%r10,8),%xmm6
-	movq	24(%rax,%r10,8),%xmm7
-
-	movq	-96(%r12),%xmm0
-	movq	-32(%r12),%xmm1
-	pand	%xmm4,%xmm0
-	movq	32(%r12),%xmm2
-	pand	%xmm5,%xmm1
-	movq	96(%r12),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-	por	%xmm2,%xmm0
-	leaq	256(%r12),%r12
-	por	%xmm3,%xmm0
-
-.byte	102,72,15,126,195
-	movq	(%r8),%r8
-	movq	(%rsi),%rax
-
-	xorq	%r14,%r14
-	xorq	%r15,%r15
-
-	movq	-96(%r12),%xmm0
-	movq	-32(%r12),%xmm1
-	pand	%xmm4,%xmm0
-	movq	32(%r12),%xmm2
-	pand	%xmm5,%xmm1
-
-	movq	%r8,%rbp
-	mulq	%rbx
-	movq	%rax,%r10
-	movq	(%rcx),%rax
-
-	movq	96(%r12),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-
-	imulq	%r10,%rbp
-	movq	%rdx,%r11
-
-	por	%xmm2,%xmm0
-	leaq	256(%r12),%r12
-	por	%xmm3,%xmm0
-
-	mulq	%rbp
-	addq	%rax,%r10
-	movq	8(%rsi),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	8(%rcx),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	16(%rsi),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	leaq	4(%r15),%r15
-	adcq	$0,%rdx
-	movq	%rdi,(%rsp)
-	movq	%rdx,%r13
-	jmp	.L1st4x
-.align	16
-.L1st4x:
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	-16(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r13
-	movq	-8(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%r13,-24(%rsp,%r15,8)
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	-8(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	adcq	$0,%rdx
-	movq	%rdi,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r13
-	movq	8(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%r13,-8(%rsp,%r15,8)
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	8(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	leaq	4(%r15),%r15
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	-16(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	adcq	$0,%rdx
-	movq	%rdi,-32(%rsp,%r15,8)
-	movq	%rdx,%r13
-	cmpq	%r9,%r15
-	jl	.L1st4x
-
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	-16(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r13
-	movq	-8(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%r13,-24(%rsp,%r15,8)
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	-8(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	(%rsi),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	adcq	$0,%rdx
-	movq	%rdi,-16(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-.byte	102,72,15,126,195
-
-	xorq	%rdi,%rdi
-	addq	%r10,%r13
-	adcq	$0,%rdi
-	movq	%r13,-8(%rsp,%r15,8)
-	movq	%rdi,(%rsp,%r15,8)
-
-	leaq	1(%r14),%r14
-.align	4
-.Louter4x:
-	xorq	%r15,%r15
-	movq	-96(%r12),%xmm0
-	movq	-32(%r12),%xmm1
-	pand	%xmm4,%xmm0
-	movq	32(%r12),%xmm2
-	pand	%xmm5,%xmm1
-
-	movq	(%rsp),%r10
-	movq	%r8,%rbp
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	(%rcx),%rax
-	adcq	$0,%rdx
-
-	movq	96(%r12),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-
-	imulq	%r10,%rbp
-	movq	%rdx,%r11
-
-	por	%xmm2,%xmm0
-	leaq	256(%r12),%r12
-	por	%xmm3,%xmm0
-
-	mulq	%rbp
-	addq	%rax,%r10
-	movq	8(%rsi),%rax
-	adcq	$0,%rdx
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	8(%rcx),%rax
-	adcq	$0,%rdx
-	addq	8(%rsp),%r11
-	adcq	$0,%rdx
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	16(%rsi),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	leaq	4(%r15),%r15
-	adcq	$0,%rdx
-	movq	%rdx,%r13
-	jmp	.Linner4x
-.align	16
-.Linner4x:
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	-16(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	-16(%rsp,%r15,8),%r10
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r13
-	movq	-8(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%rdi,-32(%rsp,%r15,8)
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	-8(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	-8(%rsp,%r15,8),%r11
-	adcq	$0,%rdx
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	adcq	$0,%rdx
-	movq	%r13,-24(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	(%rsp,%r15,8),%r10
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r13
-	movq	8(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%rdi,-16(%rsp,%r15,8)
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	8(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	8(%rsp,%r15,8),%r11
-	adcq	$0,%rdx
-	leaq	4(%r15),%r15
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	-16(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	adcq	$0,%rdx
-	movq	%r13,-40(%rsp,%r15,8)
-	movq	%rdx,%r13
-	cmpq	%r9,%r15
-	jl	.Linner4x
-
-	mulq	%rbx
-	addq	%rax,%r10
-	movq	-16(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	-16(%rsp,%r15,8),%r10
-	adcq	$0,%rdx
-	movq	%rdx,%r11
-
-	mulq	%rbp
-	addq	%rax,%r13
-	movq	-8(%rsi,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	%r10,%r13
-	adcq	$0,%rdx
-	movq	%rdi,-32(%rsp,%r15,8)
-	movq	%rdx,%rdi
-
-	mulq	%rbx
-	addq	%rax,%r11
-	movq	-8(%rcx,%r15,8),%rax
-	adcq	$0,%rdx
-	addq	-8(%rsp,%r15,8),%r11
-	adcq	$0,%rdx
-	leaq	1(%r14),%r14
-	movq	%rdx,%r10
-
-	mulq	%rbp
-	addq	%rax,%rdi
-	movq	(%rsi),%rax
-	adcq	$0,%rdx
-	addq	%r11,%rdi
-	adcq	$0,%rdx
-	movq	%r13,-24(%rsp,%r15,8)
-	movq	%rdx,%r13
-
-.byte	102,72,15,126,195
-	movq	%rdi,-16(%rsp,%r15,8)
-
-	xorq	%rdi,%rdi
-	addq	%r10,%r13
-	adcq	$0,%rdi
-	addq	(%rsp,%r9,8),%r13
-	adcq	$0,%rdi
-	movq	%r13,-8(%rsp,%r15,8)
-	movq	%rdi,(%rsp,%r15,8)
-
-	cmpq	%r9,%r14
-	jl	.Louter4x
-	movq	16(%rsp,%r9,8),%rdi
-	movq	0(%rsp),%rax
-	pxor	%xmm0,%xmm0
-	movq	8(%rsp),%rdx
-	shrq	$2,%r9
-	leaq	(%rsp),%rsi
-	xorq	%r14,%r14
-
-	subq	0(%rcx),%rax
-	movq	16(%rsi),%rbx
-	movq	24(%rsi),%rbp
-	sbbq	8(%rcx),%rdx
-	leaq	-1(%r9),%r15
-	jmp	.Lsub4x
-.align	16
-.Lsub4x:
-	movq	%rax,0(%rdi,%r14,8)
-	movq	%rdx,8(%rdi,%r14,8)
-	sbbq	16(%rcx,%r14,8),%rbx
-	movq	32(%rsi,%r14,8),%rax
-	movq	40(%rsi,%r14,8),%rdx
-	sbbq	24(%rcx,%r14,8),%rbp
-	movq	%rbx,16(%rdi,%r14,8)
-	movq	%rbp,24(%rdi,%r14,8)
-	sbbq	32(%rcx,%r14,8),%rax
-	movq	48(%rsi,%r14,8),%rbx
-	movq	56(%rsi,%r14,8),%rbp
-	sbbq	40(%rcx,%r14,8),%rdx
-	leaq	4(%r14),%r14
-	decq	%r15
-	jnz	.Lsub4x
-
-	movq	%rax,0(%rdi,%r14,8)
-	movq	32(%rsi,%r14,8),%rax
-	sbbq	16(%rcx,%r14,8),%rbx
-	movq	%rdx,8(%rdi,%r14,8)
-	sbbq	24(%rcx,%r14,8),%rbp
-	movq	%rbx,16(%rdi,%r14,8)
-
-	sbbq	$0,%rax
-	movq	%rbp,24(%rdi,%r14,8)
-	xorq	%r14,%r14
-	andq	%rax,%rsi
-	notq	%rax
-	movq	%rdi,%rcx
-	andq	%rax,%rcx
-	leaq	-1(%r9),%r15
-	orq	%rcx,%rsi
-
-	movdqu	(%rsi),%xmm1
-	movdqa	%xmm0,(%rsp)
-	movdqu	%xmm1,(%rdi)
-	jmp	.Lcopy4x
-.align	16
-.Lcopy4x:
-	movdqu	16(%rsi,%r14,1),%xmm2
-	movdqu	32(%rsi,%r14,1),%xmm1
-	movdqa	%xmm0,16(%rsp,%r14,1)
-	movdqu	%xmm2,16(%rdi,%r14,1)
-	movdqa	%xmm0,32(%rsp,%r14,1)
-	movdqu	%xmm1,32(%rdi,%r14,1)
-	leaq	32(%r14),%r14
-	decq	%r15
-	jnz	.Lcopy4x
-
-	shlq	$2,%r9
-	movdqu	16(%rsi,%r14,1),%xmm2
-	movdqa	%xmm0,16(%rsp,%r14,1)
-	movdqu	%xmm2,16(%rdi,%r14,1)
-	movq	8(%rsp,%r9,8),%rsi
-	movq	$1,%rax
-	movq	(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbp
-	movq	40(%rsi),%rbx
-	leaq	48(%rsi),%rsp
-.Lmul4x_epilogue:
-	.byte	0xf3,0xc3
-.size	bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5
-.globl	bn_scatter5
-.type	bn_scatter5,@function
-.align	16
-bn_scatter5:
-	cmpq	$0,%rsi
-	jz	.Lscatter_epilogue
-	leaq	(%rdx,%rcx,8),%rdx
-.Lscatter:
-	movq	(%rdi),%rax
-	leaq	8(%rdi),%rdi
-	movq	%rax,(%rdx)
-	leaq	256(%rdx),%rdx
-	subq	$1,%rsi
-	jnz	.Lscatter
-.Lscatter_epilogue:
-	.byte	0xf3,0xc3
-.size	bn_scatter5,.-bn_scatter5
-
-.globl	bn_gather5
-.type	bn_gather5,@function
-.align	16
-bn_gather5:
-	movq	%rcx,%r11
-	shrq	$3,%rcx
-	andq	$7,%r11
-	notq	%rcx
-	leaq	.Lmagic_masks(%rip),%rax
-	andq	$3,%rcx
-	leaq	96(%rdx,%r11,8),%rdx
-	movq	0(%rax,%rcx,8),%xmm4
-	movq	8(%rax,%rcx,8),%xmm5
-	movq	16(%rax,%rcx,8),%xmm6
-	movq	24(%rax,%rcx,8),%xmm7
-	jmp	.Lgather
-.align	16
-.Lgather:
-	movq	-96(%rdx),%xmm0
-	movq	-32(%rdx),%xmm1
-	pand	%xmm4,%xmm0
-	movq	32(%rdx),%xmm2
-	pand	%xmm5,%xmm1
-	movq	96(%rdx),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-	por	%xmm2,%xmm0
-	leaq	256(%rdx),%rdx
-	por	%xmm3,%xmm0
-
-	movq	%xmm0,(%rdi)
-	leaq	8(%rdi),%rdi
-	subq	$1,%rsi
-	jnz	.Lgather
-	.byte	0xf3,0xc3
-.LSEH_end_bn_gather5:
-.size	bn_gather5,.-bn_gather5
-.align	64
-.Lmagic_masks:
-.long	0,0, 0,0, 0,0, -1,-1
-.long	0,0, 0,0, 0,0,  0,0
-.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115,99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
deleted file mode 100755
index dae0fe2453..0000000000
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ /dev/null
@@ -1,1071 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# August 2011.
-#
-# Companion to x86_64-mont.pl that optimizes cache-timing attack
-# countermeasures. The subroutines are produced by replacing bp[i]
-# references in their x86_64-mont.pl counterparts with cache-neutral
-# references to powers table computed in BN_mod_exp_mont_consttime.
-# In addition subroutine that scatters elements of the powers table
-# is implemented, so that scatter-/gathering can be tuned without
-# bn_exp.c modifications.
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-# int bn_mul_mont_gather5(
-$rp="%rdi";	# BN_ULONG *rp,
-$ap="%rsi";	# const BN_ULONG *ap,
-$bp="%rdx";	# const BN_ULONG *bp,
-$np="%rcx";	# const BN_ULONG *np,
-$n0="%r8";	# const BN_ULONG *n0,
-$num="%r9";	# int num,
-		# int idx);	# 0 to 2^5-1, "index" in $bp holding
-				# pre-computed powers of a', interlaced
-				# in such manner that b[0] is $bp[idx],
-				# b[1] is [2^5+idx], etc.
-$lo0="%r10";
-$hi0="%r11";
-$hi1="%r13";
-$i="%r14";
-$j="%r15";
-$m0="%rbx";
-$m1="%rbp";
-
-$code=<<___;
-.text
-
-.globl	bn_mul_mont_gather5
-.type	bn_mul_mont_gather5,\@function,6
-.align	64
-bn_mul_mont_gather5:
-	test	\$3,${num}d
-	jnz	.Lmul_enter
-	cmp	\$8,${num}d
-	jb	.Lmul_enter
-	jmp	.Lmul4x_enter
-
-.align	16
-.Lmul_enter:
-	mov	${num}d,${num}d
-	mov	`($win64?56:8)`(%rsp),%r10d	# load 7th argument
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-___
-$code.=<<___ if ($win64);
-	lea	-0x28(%rsp),%rsp
-	movaps	%xmm6,(%rsp)
-	movaps	%xmm7,0x10(%rsp)
-.Lmul_alloca:
-___
-$code.=<<___;
-	mov	%rsp,%rax
-	lea	2($num),%r11
-	neg	%r11
-	lea	(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+2))
-	and	\$-1024,%rsp		# minimize TLB usage
-
-	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
-.Lmul_body:
-	mov	$bp,%r12		# reassign $bp
-___
-		$bp="%r12";
-		$STRIDE=2**5*8;		# 5 is "window size"
-		$N=$STRIDE/4;		# should match cache line size
-$code.=<<___;
-	mov	%r10,%r11
-	shr	\$`log($N/8)/log(2)`,%r10
-	and	\$`$N/8-1`,%r11
-	not	%r10
-	lea	.Lmagic_masks(%rip),%rax
-	and	\$`2**5/($N/8)-1`,%r10	# 5 is "window size"
-	lea	96($bp,%r11,8),$bp	# pointer within 1st cache line
-	movq	0(%rax,%r10,8),%xmm4	# set of masks denoting which
-	movq	8(%rax,%r10,8),%xmm5	# cache line contains element
-	movq	16(%rax,%r10,8),%xmm6	# denoted by 7th argument
-	movq	24(%rax,%r10,8),%xmm7
-
-	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($bp),%xmm2
-	pand	%xmm5,%xmm1
-	movq	`3*$STRIDE/4-96`($bp),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-	por	%xmm2,%xmm0
-	lea	$STRIDE($bp),$bp
-	por	%xmm3,%xmm0
-
-	movq	%xmm0,$m0		# m0=bp[0]
-
-	mov	($n0),$n0		# pull n0[0] value
-	mov	($ap),%rax
-
-	xor	$i,$i			# i=0
-	xor	$j,$j			# j=0
-
-	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($bp),%xmm2
-	pand	%xmm5,%xmm1
-
-	mov	$n0,$m1
-	mulq	$m0			# ap[0]*bp[0]
-	mov	%rax,$lo0
-	mov	($np),%rax
-
-	movq	`3*$STRIDE/4-96`($bp),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-
-	imulq	$lo0,$m1		# "tp[0]"*n0
-	mov	%rdx,$hi0
-
-	por	%xmm2,%xmm0
-	lea	$STRIDE($bp),$bp
-	por	%xmm3,%xmm0
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$lo0		# discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$hi1
-
-	lea	1($j),$j		# j++
-	jmp	.L1st_enter
-
-.align	16
-.L1st:
-	add	%rax,$hi1
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
-	mov	$lo0,$hi0
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-
-.L1st_enter:
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$hi0
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	lea	1($j),$j		# j++
-	mov	%rdx,$lo0
-
-	mulq	$m1			# np[j]*m1
-	cmp	$num,$j
-	jne	.L1st
-
-	movq	%xmm0,$m0		# bp[1]
-
-	add	%rax,$hi1
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$hi0,$hi1		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-	mov	$lo0,$hi0
-
-	xor	%rdx,%rdx
-	add	$hi0,$hi1
-	adc	\$0,%rdx
-	mov	$hi1,-8(%rsp,$num,8)
-	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-	jmp	.Louter
-.align	16
-.Louter:
-	xor	$j,$j			# j=0
-	mov	$n0,$m1
-	mov	(%rsp),$lo0
-
-	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($bp),%xmm2
-	pand	%xmm5,%xmm1
-
-	mulq	$m0			# ap[0]*bp[i]
-	add	%rax,$lo0		# ap[0]*bp[i]+tp[0]
-	mov	($np),%rax
-	adc	\$0,%rdx
-
-	movq	`3*$STRIDE/4-96`($bp),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-
-	imulq	$lo0,$m1		# tp[0]*n0
-	mov	%rdx,$hi0
-
-	por	%xmm2,%xmm0
-	lea	$STRIDE($bp),$bp
-	por	%xmm3,%xmm0
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$lo0		# discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	8(%rsp),$lo0		# tp[1]
-	mov	%rdx,$hi1
-
-	lea	1($j),$j		# j++
-	jmp	.Linner_enter
-
-.align	16
-.Linner:
-	add	%rax,$hi1
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	mov	(%rsp,$j,8),$lo0
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-
-.Linner_enter:
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$hi0
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	$hi0,$lo0		# ap[j]*bp[i]+tp[j]
-	mov	%rdx,$hi0
-	adc	\$0,$hi0
-	lea	1($j),$j		# j++
-
-	mulq	$m1			# np[j]*m1
-	cmp	$num,$j
-	jne	.Linner
-
-	movq	%xmm0,$m0		# bp[i+1]
-
-	add	%rax,$hi1
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	mov	(%rsp,$j,8),$lo0
-	adc	\$0,%rdx
-	mov	$hi1,-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$hi1
-
-	xor	%rdx,%rdx
-	add	$hi0,$hi1
-	adc	\$0,%rdx
-	add	$lo0,$hi1		# pull upmost overflow bit
-	adc	\$0,%rdx
-	mov	$hi1,-8(%rsp,$num,8)
-	mov	%rdx,(%rsp,$num,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-	cmp	$num,$i
-	jl	.Louter
-
-	xor	$i,$i			# i=0 and clear CF!
-	mov	(%rsp),%rax		# tp[0]
-	lea	(%rsp),$ap		# borrow ap for tp
-	mov	$num,$j			# j=num
-	jmp	.Lsub
-.align	16
-.Lsub:	sbb	($np,$i,8),%rax
-	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]-np[i]
-	mov	8($ap,$i,8),%rax	# tp[i+1]
-	lea	1($i),$i		# i++
-	dec	$j			# doesnn't affect CF!
-	jnz	.Lsub
-
-	sbb	\$0,%rax		# handle upmost overflow bit
-	xor	$i,$i
-	and	%rax,$ap
-	not	%rax
-	mov	$rp,$np
-	and	%rax,$np
-	mov	$num,$j			# j=num
-	or	$np,$ap			# ap=borrow?tp:rp
-.align	16
-.Lcopy:					# copy or in-place refresh
-	mov	($ap,$i,8),%rax
-	mov	$i,(%rsp,$i,8)		# zap temporary vector
-	mov	%rax,($rp,$i,8)		# rp[i]=tp[i]
-	lea	1($i),$i
-	sub	\$1,$j
-	jnz	.Lcopy
-
-	mov	8(%rsp,$num,8),%rsi	# restore %rsp
-	mov	\$1,%rax
-___
-$code.=<<___ if ($win64);
-	movaps	(%rsi),%xmm6
-	movaps	0x10(%rsi),%xmm7
-	lea	0x28(%rsi),%rsi
-___
-$code.=<<___;
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lmul_epilogue:
-	ret
-.size	bn_mul_mont_gather5,.-bn_mul_mont_gather5
-___
-{{{
-my @A=("%r10","%r11");
-my @N=("%r13","%rdi");
-$code.=<<___;
-.type	bn_mul4x_mont_gather5,\@function,6
-.align	16
-bn_mul4x_mont_gather5:
-.Lmul4x_enter:
-	mov	${num}d,${num}d
-	mov	`($win64?56:8)`(%rsp),%r10d	# load 7th argument
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-___
-$code.=<<___ if ($win64);
-	lea	-0x28(%rsp),%rsp
-	movaps	%xmm6,(%rsp)
-	movaps	%xmm7,0x10(%rsp)
-.Lmul4x_alloca:
-___
-$code.=<<___;
-	mov	%rsp,%rax
-	lea	4($num),%r11
-	neg	%r11
-	lea	(%rsp,%r11,8),%rsp	# tp=alloca(8*(num+4))
-	and	\$-1024,%rsp		# minimize TLB usage
-
-	mov	%rax,8(%rsp,$num,8)	# tp[num+1]=%rsp
-.Lmul4x_body:
-	mov	$rp,16(%rsp,$num,8)	# tp[num+2]=$rp
-	mov	%rdx,%r12		# reassign $bp
-___
-		$bp="%r12";
-		$STRIDE=2**5*8;		# 5 is "window size"
-		$N=$STRIDE/4;		# should match cache line size
-$code.=<<___;
-	mov	%r10,%r11
-	shr	\$`log($N/8)/log(2)`,%r10
-	and	\$`$N/8-1`,%r11
-	not	%r10
-	lea	.Lmagic_masks(%rip),%rax
-	and	\$`2**5/($N/8)-1`,%r10	# 5 is "window size"
-	lea	96($bp,%r11,8),$bp	# pointer within 1st cache line
-	movq	0(%rax,%r10,8),%xmm4	# set of masks denoting which
-	movq	8(%rax,%r10,8),%xmm5	# cache line contains element
-	movq	16(%rax,%r10,8),%xmm6	# denoted by 7th argument
-	movq	24(%rax,%r10,8),%xmm7
-
-	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($bp),%xmm2
-	pand	%xmm5,%xmm1
-	movq	`3*$STRIDE/4-96`($bp),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-	por	%xmm2,%xmm0
-	lea	$STRIDE($bp),$bp
-	por	%xmm3,%xmm0
-
-	movq	%xmm0,$m0		# m0=bp[0]
-	mov	($n0),$n0		# pull n0[0] value
-	mov	($ap),%rax
-
-	xor	$i,$i			# i=0
-	xor	$j,$j			# j=0
-
-	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($bp),%xmm2
-	pand	%xmm5,%xmm1
-
-	mov	$n0,$m1
-	mulq	$m0			# ap[0]*bp[0]
-	mov	%rax,$A[0]
-	mov	($np),%rax
-
-	movq	`3*$STRIDE/4-96`($bp),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-
-	imulq	$A[0],$m1		# "tp[0]"*n0
-	mov	%rdx,$A[1]
-
-	por	%xmm2,%xmm0
-	lea	$STRIDE($bp),$bp
-	por	%xmm3,%xmm0
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$A[0]		# discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$N[1]
-
-	mulq	$m0
-	add	%rax,$A[1]
-	mov	8($np),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1
-	add	%rax,$N[1]
-	mov	16($ap),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	lea	4($j),$j		# j++
-	adc	\$0,%rdx
-	mov	$N[1],(%rsp)
-	mov	%rdx,$N[0]
-	jmp	.L1st4x
-.align	16
-.L1st4x:
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[0]
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[0],-8(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[1]
-	mov	8($np,$j,8),%rax
-	adc	\$0,%rdx
-	lea	4($j),$j		# j++
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	-16($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-	cmp	$num,$j
-	jl	.L1st4x
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[0]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[0]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	movq	%xmm0,$m0		# bp[1]
-
-	xor	$N[1],$N[1]
-	add	$A[0],$N[0]
-	adc	\$0,$N[1]
-	mov	$N[0],-8(%rsp,$j,8)
-	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
-
-	lea	1($i),$i		# i++
-.align	4
-.Louter4x:
-	xor	$j,$j			# j=0
-	movq	`0*$STRIDE/4-96`($bp),%xmm0
-	movq	`1*$STRIDE/4-96`($bp),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($bp),%xmm2
-	pand	%xmm5,%xmm1
-
-	mov	(%rsp),$A[0]
-	mov	$n0,$m1
-	mulq	$m0			# ap[0]*bp[i]
-	add	%rax,$A[0]		# ap[0]*bp[i]+tp[0]
-	mov	($np),%rax
-	adc	\$0,%rdx
-
-	movq	`3*$STRIDE/4-96`($bp),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-
-	imulq	$A[0],$m1		# tp[0]*n0
-	mov	%rdx,$A[1]
-
-	por	%xmm2,%xmm0
-	lea	$STRIDE($bp),$bp
-	por	%xmm3,%xmm0
-
-	mulq	$m1			# np[0]*m1
-	add	%rax,$A[0]		# "$N[0]", discarded
-	mov	8($ap),%rax
-	adc	\$0,%rdx
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	8($np),%rax
-	adc	\$0,%rdx
-	add	8(%rsp),$A[1]		# +tp[1]
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	16($ap),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]		# np[j]*m1+ap[j]*bp[i]+tp[j]
-	lea	4($j),$j		# j+=2
-	adc	\$0,%rdx
-	mov	%rdx,$N[0]
-	jmp	.Linner4x
-.align	16
-.Linner4x:
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]
-	adc	\$0,%rdx
-	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-8(%rsp,$j,8),$A[1]
-	adc	\$0,%rdx
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[0]
-	mov	($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]
-	adc	\$0,%rdx
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	8($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	8(%rsp,$j,8),$A[1]
-	adc	\$0,%rdx
-	lea	4($j),$j		# j++
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	-16($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	adc	\$0,%rdx
-	mov	$N[0],-40(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-	cmp	$num,$j
-	jl	.Linner4x
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[0]
-	mov	-16($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-16(%rsp,$j,8),$A[0]	# ap[j]*bp[i]+tp[j]
-	adc	\$0,%rdx
-	mov	%rdx,$A[1]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[0]
-	mov	-8($ap,$j,8),%rax
-	adc	\$0,%rdx
-	add	$A[0],$N[0]
-	adc	\$0,%rdx
-	mov	$N[1],-32(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[1]
-
-	mulq	$m0			# ap[j]*bp[i]
-	add	%rax,$A[1]
-	mov	-8($np,$j,8),%rax
-	adc	\$0,%rdx
-	add	-8(%rsp,$j,8),$A[1]
-	adc	\$0,%rdx
-	lea	1($i),$i		# i++
-	mov	%rdx,$A[0]
-
-	mulq	$m1			# np[j]*m1
-	add	%rax,$N[1]
-	mov	($ap),%rax		# ap[0]
-	adc	\$0,%rdx
-	add	$A[1],$N[1]
-	adc	\$0,%rdx
-	mov	$N[0],-24(%rsp,$j,8)	# tp[j-1]
-	mov	%rdx,$N[0]
-
-	movq	%xmm0,$m0		# bp[i+1]
-	mov	$N[1],-16(%rsp,$j,8)	# tp[j-1]
-
-	xor	$N[1],$N[1]
-	add	$A[0],$N[0]
-	adc	\$0,$N[1]
-	add	(%rsp,$num,8),$N[0]	# pull upmost overflow bit
-	adc	\$0,$N[1]
-	mov	$N[0],-8(%rsp,$j,8)
-	mov	$N[1],(%rsp,$j,8)	# store upmost overflow bit
-
-	cmp	$num,$i
-	jl	.Louter4x
-___
-{
-my @ri=("%rax","%rdx",$m0,$m1);
-$code.=<<___;
-	mov	16(%rsp,$num,8),$rp	# restore $rp
-	mov	0(%rsp),@ri[0]		# tp[0]
-	pxor	%xmm0,%xmm0
-	mov	8(%rsp),@ri[1]		# tp[1]
-	shr	\$2,$num		# num/=4
-	lea	(%rsp),$ap		# borrow ap for tp
-	xor	$i,$i			# i=0 and clear CF!
-
-	sub	0($np),@ri[0]
-	mov	16($ap),@ri[2]		# tp[2]
-	mov	24($ap),@ri[3]		# tp[3]
-	sbb	8($np),@ri[1]
-	lea	-1($num),$j		# j=num/4-1
-	jmp	.Lsub4x
-.align	16
-.Lsub4x:
-	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	16($np,$i,8),@ri[2]
-	mov	32($ap,$i,8),@ri[0]	# tp[i+1]
-	mov	40($ap,$i,8),@ri[1]
-	sbb	24($np,$i,8),@ri[3]
-	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	32($np,$i,8),@ri[0]
-	mov	48($ap,$i,8),@ri[2]
-	mov	56($ap,$i,8),@ri[3]
-	sbb	40($np,$i,8),@ri[1]
-	lea	4($i),$i		# i++
-	dec	$j			# doesnn't affect CF!
-	jnz	.Lsub4x
-
-	mov	@ri[0],0($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	mov	32($ap,$i,8),@ri[0]	# load overflow bit
-	sbb	16($np,$i,8),@ri[2]
-	mov	@ri[1],8($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	sbb	24($np,$i,8),@ri[3]
-	mov	@ri[2],16($rp,$i,8)	# rp[i]=tp[i]-np[i]
-
-	sbb	\$0,@ri[0]		# handle upmost overflow bit
-	mov	@ri[3],24($rp,$i,8)	# rp[i]=tp[i]-np[i]
-	xor	$i,$i			# i=0
-	and	@ri[0],$ap
-	not	@ri[0]
-	mov	$rp,$np
-	and	@ri[0],$np
-	lea	-1($num),$j
-	or	$np,$ap			# ap=borrow?tp:rp
-
-	movdqu	($ap),%xmm1
-	movdqa	%xmm0,(%rsp)
-	movdqu	%xmm1,($rp)
-	jmp	.Lcopy4x
-.align	16
-.Lcopy4x:					# copy or in-place refresh
-	movdqu	16($ap,$i),%xmm2
-	movdqu	32($ap,$i),%xmm1
-	movdqa	%xmm0,16(%rsp,$i)
-	movdqu	%xmm2,16($rp,$i)
-	movdqa	%xmm0,32(%rsp,$i)
-	movdqu	%xmm1,32($rp,$i)
-	lea	32($i),$i
-	dec	$j
-	jnz	.Lcopy4x
-
-	shl	\$2,$num
-	movdqu	16($ap,$i),%xmm2
-	movdqa	%xmm0,16(%rsp,$i)
-	movdqu	%xmm2,16($rp,$i)
-___
-}
-$code.=<<___;
-	mov	8(%rsp,$num,8),%rsi	# restore %rsp
-	mov	\$1,%rax
-___
-$code.=<<___ if ($win64);
-	movaps	(%rsi),%xmm6
-	movaps	0x10(%rsi),%xmm7
-	lea	0x28(%rsi),%rsi
-___
-$code.=<<___;
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lmul4x_epilogue:
-	ret
-.size	bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5
-___
-}}}
-
-{
-my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
-				("%rdi","%rsi","%rdx","%rcx"); # Unix order
-my $out=$inp;
-my $STRIDE=2**5*8;
-my $N=$STRIDE/4;
-
-$code.=<<___;
-.globl	bn_scatter5
-.type	bn_scatter5,\@abi-omnipotent
-.align	16
-bn_scatter5:
-	cmp	\$0, $num
-	jz	.Lscatter_epilogue
-	lea	($tbl,$idx,8),$tbl
-.Lscatter:
-	mov	($inp),%rax
-	lea	8($inp),$inp
-	mov	%rax,($tbl)
-	lea	32*8($tbl),$tbl
-	sub	\$1,$num
-	jnz	.Lscatter
-.Lscatter_epilogue:
-	ret
-.size	bn_scatter5,.-bn_scatter5
-
-.globl	bn_gather5
-.type	bn_gather5,\@abi-omnipotent
-.align	16
-bn_gather5:
-___
-$code.=<<___ if ($win64);
-.LSEH_begin_bn_gather5:
-	# I can't trust assembler to use specific encoding:-(
-	.byte	0x48,0x83,0xec,0x28		#sub	\$0x28,%rsp
-	.byte	0x0f,0x29,0x34,0x24		#movaps	%xmm6,(%rsp)
-	.byte	0x0f,0x29,0x7c,0x24,0x10	#movdqa	%xmm7,0x10(%rsp)
-___
-$code.=<<___;
-	mov	$idx,%r11
-	shr	\$`log($N/8)/log(2)`,$idx
-	and	\$`$N/8-1`,%r11
-	not	$idx
-	lea	.Lmagic_masks(%rip),%rax
-	and	\$`2**5/($N/8)-1`,$idx	# 5 is "window size"
-	lea	96($tbl,%r11,8),$tbl	# pointer within 1st cache line
-	movq	0(%rax,$idx,8),%xmm4	# set of masks denoting which
-	movq	8(%rax,$idx,8),%xmm5	# cache line contains element
-	movq	16(%rax,$idx,8),%xmm6	# denoted by 7th argument
-	movq	24(%rax,$idx,8),%xmm7
-	jmp	.Lgather
-.align	16
-.Lgather:
-	movq	`0*$STRIDE/4-96`($tbl),%xmm0
-	movq	`1*$STRIDE/4-96`($tbl),%xmm1
-	pand	%xmm4,%xmm0
-	movq	`2*$STRIDE/4-96`($tbl),%xmm2
-	pand	%xmm5,%xmm1
-	movq	`3*$STRIDE/4-96`($tbl),%xmm3
-	pand	%xmm6,%xmm2
-	por	%xmm1,%xmm0
-	pand	%xmm7,%xmm3
-	por	%xmm2,%xmm0
-	lea	$STRIDE($tbl),$tbl
-	por	%xmm3,%xmm0
-
-	movq	%xmm0,($out)		# m0=bp[0]
-	lea	8($out),$out
-	sub	\$1,$num
-	jnz	.Lgather
-___
-$code.=<<___ if ($win64);
-	movaps	(%rsp),%xmm6
-	movaps	0x10(%rsp),%xmm7
-	lea	0x28(%rsp),%rsp
-___
-$code.=<<___;
-	ret
-.LSEH_end_bn_gather5:
-.size	bn_gather5,.-bn_gather5
-___
-}
-$code.=<<___;
-.align	64
-.Lmagic_masks:
-	.long	0,0, 0,0, 0,0, -1,-1
-	.long	0,0, 0,0, 0,0,  0,0
-.asciz	"Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	mul_handler,\@abi-omnipotent
-.align	16
-mul_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# end of prologue label
-	cmp	%r10,%rbx		# context->Rip<end of prologue label
-	jb	.Lcommon_seh_tail
-
-	lea	`40+48`(%rax),%rax
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# end of alloca label
-	cmp	%r10,%rbx		# context->Rip<end of alloca label
-	jb	.Lcommon_seh_tail
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	8(%r11),%r10d		# HandlerData[2]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lcommon_seh_tail
-
-	mov	192($context),%r10	# pull $num
-	mov	8(%rax,%r10,8),%rax	# pull saved stack pointer
-
-	movaps	(%rax),%xmm0
-	movaps	16(%rax),%xmm1
-	lea	`40+48`(%rax),%rax
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%rbp
-	mov	-24(%rax),%r12
-	mov	-32(%rax),%r13
-	mov	-40(%rax),%r14
-	mov	-48(%rax),%r15
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-	movups	%xmm0,512($context)	# restore context->Xmm6
-	movups	%xmm1,528($context)	# restore context->Xmm7
-
-.Lcommon_seh_tail:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	mul_handler,.-mul_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_bn_mul_mont_gather5
-	.rva	.LSEH_end_bn_mul_mont_gather5
-	.rva	.LSEH_info_bn_mul_mont_gather5
-
-	.rva	.LSEH_begin_bn_mul4x_mont_gather5
-	.rva	.LSEH_end_bn_mul4x_mont_gather5
-	.rva	.LSEH_info_bn_mul4x_mont_gather5
-
-	.rva	.LSEH_begin_bn_gather5
-	.rva	.LSEH_end_bn_gather5
-	.rva	.LSEH_info_bn_gather5
-
-.section	.xdata
-.align	8
-.LSEH_info_bn_mul_mont_gather5:
-	.byte	9,0,0,0
-	.rva	mul_handler
-	.rva	.Lmul_alloca,.Lmul_body,.Lmul_epilogue		# HandlerData[]
-.align	8
-.LSEH_info_bn_mul4x_mont_gather5:
-	.byte	9,0,0,0
-	.rva	mul_handler
-	.rva	.Lmul4x_alloca,.Lmul4x_body,.Lmul4x_epilogue	# HandlerData[]
-.align	8
-.LSEH_info_bn_gather5:
-        .byte   0x01,0x0d,0x05,0x00
-        .byte   0x0d,0x78,0x01,0x00	#movaps	0x10(rsp),xmm7
-        .byte   0x08,0x68,0x00,0x00	#movaps	(rsp),xmm6
-        .byte   0x04,0x42,0x00,0x00	#sub	rsp,0x28
-.align	8
-___
-}
-
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-
-print $code;
-close STDOUT;
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
deleted file mode 100644
index 0dd8d889f8..0000000000
--- a/crypto/bn/bn.h
+++ /dev/null
@@ -1,910 +0,0 @@
-/* crypto/bn/bn.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the Eric Young open source
- * license provided above.
- *
- * The binary polynomial arithmetic software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#ifndef HEADER_BN_H
-#define HEADER_BN_H
-
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h> /* FILE */
-#endif
-#include <openssl/ossl_typ.h>
-#include <openssl/crypto.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* These preprocessor symbols control various aspects of the bignum headers and
- * library code. They're not defined by any "normal" configuration, as they are
- * intended for development and testing purposes. NB: defining all three can be
- * useful for debugging application code as well as openssl itself.
- *
- * BN_DEBUG - turn on various debugging alterations to the bignum code
- * BN_DEBUG_RAND - uses random poisoning of unused words to trip up
- * mismanagement of bignum internals. You must also define BN_DEBUG.
- */
-/* #define BN_DEBUG */
-/* #define BN_DEBUG_RAND */
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-#define BN_MUL_COMBA
-#define BN_SQR_COMBA
-#define BN_RECURSION
-#endif
-
-/* This next option uses the C libraries (2 word)/(1 word) function.
- * If it is not defined, I use my C version (which is slower).
- * The reason for this flag is that when the particular C compiler
- * library routine is used, and the library is linked with a different
- * compiler, the library is missing.  This mostly happens when the
- * library is built with gcc and then linked using normal cc.  This would
- * be a common occurrence because gcc normally produces code that is
- * 2 times faster than system compilers for the big number stuff.
- * For machines with only one compiler (or shared libraries), this should
- * be on.  Again this in only really a problem on machines
- * using "long long's", are 32bit, and are not using my assembler code. */
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
-    defined(OPENSSL_SYS_WIN32) || defined(linux)
-# ifndef BN_DIV2W
-#  define BN_DIV2W
-# endif
-#endif
-
-/* assuming long is 64bit - this is the DEC Alpha
- * unsigned long long is only 64 bits :-(, don't define
- * BN_LLONG for the DEC Alpha */
-#ifdef SIXTY_FOUR_BIT_LONG
-#define BN_ULLONG	unsigned long long
-#define BN_ULONG	unsigned long
-#define BN_LONG		long
-#define BN_BITS		128
-#define BN_BYTES	8
-#define BN_BITS2	64
-#define BN_BITS4	32
-#define BN_MASK		(0xffffffffffffffffffffffffffffffffLL)
-#define BN_MASK2	(0xffffffffffffffffL)
-#define BN_MASK2l	(0xffffffffL)
-#define BN_MASK2h	(0xffffffff00000000L)
-#define BN_MASK2h1	(0xffffffff80000000L)
-#define BN_TBIT		(0x8000000000000000L)
-#define BN_DEC_CONV	(10000000000000000000UL)
-#define BN_DEC_FMT1	"%lu"
-#define BN_DEC_FMT2	"%019lu"
-#define BN_DEC_NUM	19
-#define BN_HEX_FMT1	"%lX"
-#define BN_HEX_FMT2	"%016lX"
-#endif
-
-/* This is where the long long data type is 64 bits, but long is 32.
- * For machines where there are 64bit registers, this is the mode to use.
- * IRIX, on R4000 and above should use this mode, along with the relevant
- * assembler code :-).  Do NOT define BN_LLONG.
- */
-#ifdef SIXTY_FOUR_BIT
-#undef BN_LLONG
-#undef BN_ULLONG
-#define BN_ULONG	unsigned long long
-#define BN_LONG		long long
-#define BN_BITS		128
-#define BN_BYTES	8
-#define BN_BITS2	64
-#define BN_BITS4	32
-#define BN_MASK2	(0xffffffffffffffffLL)
-#define BN_MASK2l	(0xffffffffL)
-#define BN_MASK2h	(0xffffffff00000000LL)
-#define BN_MASK2h1	(0xffffffff80000000LL)
-#define BN_TBIT		(0x8000000000000000LL)
-#define BN_DEC_CONV	(10000000000000000000ULL)
-#define BN_DEC_FMT1	"%llu"
-#define BN_DEC_FMT2	"%019llu"
-#define BN_DEC_NUM	19
-#define BN_HEX_FMT1	"%llX"
-#define BN_HEX_FMT2	"%016llX"
-#endif
-
-#ifdef THIRTY_TWO_BIT
-#ifdef BN_LLONG
-# if defined(_WIN32) && !defined(__GNUC__)
-#  define BN_ULLONG	unsigned __int64
-#  define BN_MASK	(0xffffffffffffffffI64)
-# else
-#  define BN_ULLONG	unsigned long long
-#  define BN_MASK	(0xffffffffffffffffLL)
-# endif
-#endif
-#define BN_ULONG	unsigned int
-#define BN_LONG		int
-#define BN_BITS		64
-#define BN_BYTES	4
-#define BN_BITS2	32
-#define BN_BITS4	16
-#define BN_MASK2	(0xffffffffL)
-#define BN_MASK2l	(0xffff)
-#define BN_MASK2h1	(0xffff8000L)
-#define BN_MASK2h	(0xffff0000L)
-#define BN_TBIT		(0x80000000L)
-#define BN_DEC_CONV	(1000000000L)
-#define BN_DEC_FMT1	"%u"
-#define BN_DEC_FMT2	"%09u"
-#define BN_DEC_NUM	9
-#define BN_HEX_FMT1	"%X"
-#define BN_HEX_FMT2	"%08X"
-#endif
-
-/* 2011-02-22 SMS.
- * In various places, a size_t variable or a type cast to size_t was
- * used to perform integer-only operations on pointers.  This failed on
- * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is
- * still only 32 bits.  What's needed in these cases is an integer type
- * with the same size as a pointer, which size_t is not certain to be. 
- * The only fix here is VMS-specific.
- */
-#if defined(OPENSSL_SYS_VMS)
-# if __INITIAL_POINTER_SIZE == 64
-#  define PTR_SIZE_INT long long
-# else /* __INITIAL_POINTER_SIZE == 64 */
-#  define PTR_SIZE_INT int
-# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
-#else /* defined(OPENSSL_SYS_VMS) */
-# define PTR_SIZE_INT size_t
-#endif /* defined(OPENSSL_SYS_VMS) [else] */
-
-#define BN_DEFAULT_BITS	1280
-
-#define BN_FLG_MALLOCED		0x01
-#define BN_FLG_STATIC_DATA	0x02
-#define BN_FLG_CONSTTIME	0x04 /* avoid leaking exponent information through timing,
-                                      * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
-                                      * BN_div() will call BN_div_no_branch,
-                                      * BN_mod_inverse() will call BN_mod_inverse_no_branch.
-                                      */
-
-#ifndef OPENSSL_NO_DEPRECATED
-#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */
-                                      /* avoid leaking exponent information through timings
-                                      * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
-#endif
-
-#ifndef OPENSSL_NO_DEPRECATED
-#define BN_FLG_FREE		0x8000	/* used for debuging */
-#endif
-#define BN_set_flags(b,n)	((b)->flags|=(n))
-#define BN_get_flags(b,n)	((b)->flags&(n))
-
-/* get a clone of a BIGNUM with changed flags, for *temporary* use only
- * (the two BIGNUMs cannot not be used in parallel!) */
-#define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
-                                  (dest)->top=(b)->top, \
-                                  (dest)->dmax=(b)->dmax, \
-                                  (dest)->neg=(b)->neg, \
-                                  (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
-                                                 |  ((b)->flags & ~BN_FLG_MALLOCED) \
-                                                 |  BN_FLG_STATIC_DATA \
-                                                 |  (n)))
-
-/* Already declared in ossl_typ.h */
-#if 0
-typedef struct bignum_st BIGNUM;
-/* Used for temp variables (declaration hidden in bn_lcl.h) */
-typedef struct bignum_ctx BN_CTX;
-typedef struct bn_blinding_st BN_BLINDING;
-typedef struct bn_mont_ctx_st BN_MONT_CTX;
-typedef struct bn_recp_ctx_st BN_RECP_CTX;
-typedef struct bn_gencb_st BN_GENCB;
-#endif
-
-struct bignum_st
-	{
-	BN_ULONG *d;	/* Pointer to an array of 'BN_BITS2' bit chunks. */
-	int top;	/* Index of last used d +1. */
-	/* The next are internal book keeping for bn_expand. */
-	int dmax;	/* Size of the d array. */
-	int neg;	/* one if the number is negative */
-	int flags;
-	};
-
-/* Used for montgomery multiplication */
-struct bn_mont_ctx_st
-	{
-	int ri;        /* number of bits in R */
-	BIGNUM RR;     /* used to convert to montgomery form */
-	BIGNUM N;      /* The modulus */
-	BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
-	                * (Ni is only stored for bignum algorithm) */
-	BN_ULONG n0[2];/* least significant word(s) of Ni;
-	                  (type changed with 0.9.9, was "BN_ULONG n0;" before) */
-	int flags;
-	};
-
-/* Used for reciprocal division/mod functions
- * It cannot be shared between threads
- */
-struct bn_recp_ctx_st
-	{
-	BIGNUM N;	/* the divisor */
-	BIGNUM Nr;	/* the reciprocal */
-	int num_bits;
-	int shift;
-	int flags;
-	};
-
-/* Used for slow "generation" functions. */
-struct bn_gencb_st
-	{
-	unsigned int ver;	/* To handle binary (in)compatibility */
-	void *arg;		/* callback-specific data */
-	union
-		{
-		/* if(ver==1) - handles old style callbacks */
-		void (*cb_1)(int, int, void *);
-		/* if(ver==2) - new callback style */
-		int (*cb_2)(int, int, BN_GENCB *);
-		} cb;
-	};
-/* Wrapper function to make using BN_GENCB easier,  */
-int BN_GENCB_call(BN_GENCB *cb, int a, int b);
-/* Macro to populate a BN_GENCB structure with an "old"-style callback */
-#define BN_GENCB_set_old(gencb, callback, cb_arg) { \
-		BN_GENCB *tmp_gencb = (gencb); \
-		tmp_gencb->ver = 1; \
-		tmp_gencb->arg = (cb_arg); \
-		tmp_gencb->cb.cb_1 = (callback); }
-/* Macro to populate a BN_GENCB structure with a "new"-style callback */
-#define BN_GENCB_set(gencb, callback, cb_arg) { \
-		BN_GENCB *tmp_gencb = (gencb); \
-		tmp_gencb->ver = 2; \
-		tmp_gencb->arg = (cb_arg); \
-		tmp_gencb->cb.cb_2 = (callback); }
-
-#define BN_prime_checks 0 /* default: select number of iterations
-			     based on the size of the number */
-
-/* number of Miller-Rabin iterations for an error rate  of less than 2^-80
- * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
- * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
- * original paper: Damgaard, Landrock, Pomerance: Average case error estimates
- * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
-#define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \
-                                (b) >=  850 ?  3 : \
-                                (b) >=  650 ?  4 : \
-                                (b) >=  550 ?  5 : \
-                                (b) >=  450 ?  6 : \
-                                (b) >=  400 ?  7 : \
-                                (b) >=  350 ?  8 : \
-                                (b) >=  300 ?  9 : \
-                                (b) >=  250 ? 12 : \
-                                (b) >=  200 ? 15 : \
-                                (b) >=  150 ? 18 : \
-                                /* b >= 100 */ 27)
-
-#define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)
-
-/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
-#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
-				(((w) == 0) && ((a)->top == 0)))
-#define BN_is_zero(a)       ((a)->top == 0)
-#define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)
-#define BN_is_word(a,w)     (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
-#define BN_is_odd(a)	    (((a)->top > 0) && ((a)->d[0] & 1))
-
-#define BN_one(a)	(BN_set_word((a),1))
-#define BN_zero_ex(a) \
-	do { \
-		BIGNUM *_tmp_bn = (a); \
-		_tmp_bn->top = 0; \
-		_tmp_bn->neg = 0; \
-	} while(0)
-#ifdef OPENSSL_NO_DEPRECATED
-#define BN_zero(a)	BN_zero_ex(a)
-#else
-#define BN_zero(a)	(BN_set_word((a),0))
-#endif
-
-const BIGNUM *BN_value_one(void);
-char *	BN_options(void);
-BN_CTX *BN_CTX_new(void);
-#ifndef OPENSSL_NO_DEPRECATED
-void	BN_CTX_init(BN_CTX *c);
-#endif
-void	BN_CTX_free(BN_CTX *c);
-void	BN_CTX_start(BN_CTX *ctx);
-BIGNUM *BN_CTX_get(BN_CTX *ctx);
-void	BN_CTX_end(BN_CTX *ctx);
-int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int	BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int	BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int	BN_num_bits(const BIGNUM *a);
-int	BN_num_bits_word(BN_ULONG);
-BIGNUM *BN_new(void);
-void	BN_init(BIGNUM *);
-void	BN_clear_free(BIGNUM *a);
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
-void	BN_swap(BIGNUM *a, BIGNUM *b);
-BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
-int	BN_bn2bin(const BIGNUM *a, unsigned char *to);
-BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);
-int	BN_bn2mpi(const BIGNUM *a, unsigned char *to);
-int	BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int	BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int	BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int	BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int	BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int	BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
-/** BN_set_negative sets sign of a BIGNUM
- * \param  b  pointer to the BIGNUM object
- * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise 
- */
-void	BN_set_negative(BIGNUM *b, int n);
-/** BN_is_negative returns 1 if the BIGNUM is negative
- * \param  a  pointer to the BIGNUM object
- * \return 1 if a < 0 and 0 otherwise
- */
-#define BN_is_negative(a) ((a)->neg != 0)
-
-int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
-	BN_CTX *ctx);
-#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
-int	BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
-int	BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-int	BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
-int	BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-int	BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
-int	BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *m, BN_CTX *ctx);
-int	BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-int	BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-int	BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
-int	BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);
-int	BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
-
-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
-int	BN_mul_word(BIGNUM *a, BN_ULONG w);
-int	BN_add_word(BIGNUM *a, BN_ULONG w);
-int	BN_sub_word(BIGNUM *a, BN_ULONG w);
-int	BN_set_word(BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_get_word(const BIGNUM *a);
-
-int	BN_cmp(const BIGNUM *a, const BIGNUM *b);
-void	BN_free(BIGNUM *a);
-int	BN_is_bit_set(const BIGNUM *a, int n);
-int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
-int	BN_lshift1(BIGNUM *r, const BIGNUM *a);
-int	BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
-
-int	BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m,BN_CTX *ctx);
-int	BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
-int	BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int	BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
-	const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
-	BN_CTX *ctx,BN_MONT_CTX *m_ctx);
-int	BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m,BN_CTX *ctx);
-
-int	BN_mask_bits(BIGNUM *a,int n);
-#ifndef OPENSSL_NO_FP_API
-int	BN_print_fp(FILE *fp, const BIGNUM *a);
-#endif
-#ifdef HEADER_BIO_H
-int	BN_print(BIO *fp, const BIGNUM *a);
-#else
-int	BN_print(void *fp, const BIGNUM *a);
-#endif
-int	BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
-int	BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
-int	BN_rshift1(BIGNUM *r, const BIGNUM *a);
-void	BN_clear(BIGNUM *a);
-BIGNUM *BN_dup(const BIGNUM *a);
-int	BN_ucmp(const BIGNUM *a, const BIGNUM *b);
-int	BN_set_bit(BIGNUM *a, int n);
-int	BN_clear_bit(BIGNUM *a, int n);
-char *	BN_bn2hex(const BIGNUM *a);
-char *	BN_bn2dec(const BIGNUM *a);
-int 	BN_hex2bn(BIGNUM **a, const char *str);
-int 	BN_dec2bn(BIGNUM **a, const char *str);
-int	BN_asc2bn(BIGNUM **a, const char *str);
-int	BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
-int	BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
-BIGNUM *BN_mod_inverse(BIGNUM *ret,
-	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-BIGNUM *BN_mod_sqrt(BIGNUM *ret,
-	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-
-void	BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
-
-/* Deprecated versions */
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
-	const BIGNUM *add, const BIGNUM *rem,
-	void (*callback)(int,int,void *),void *cb_arg);
-int	BN_is_prime(const BIGNUM *p,int nchecks,
-	void (*callback)(int,int,void *),
-	BN_CTX *ctx,void *cb_arg);
-int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
-	void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
-	int do_trial_division);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* Newer versions */
-int	BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
-		const BIGNUM *rem, BN_GENCB *cb);
-int	BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
-int	BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
-		int do_trial_division, BN_GENCB *cb);
-
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
-
-int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-			const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
-			const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-			BIGNUM *Xp1, BIGNUM *Xp2,
-			const BIGNUM *Xp,
-			const BIGNUM *e, BN_CTX *ctx,
-			BN_GENCB *cb);
-
-BN_MONT_CTX *BN_MONT_CTX_new(void );
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
-	BN_MONT_CTX *mont, BN_CTX *ctx);
-#define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\
-	(r),(a),&((mont)->RR),(mont),(ctx))
-int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
-	BN_MONT_CTX *mont, BN_CTX *ctx);
-void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
-					const BIGNUM *mod, BN_CTX *ctx);
-
-/* BN_BLINDING flags */
-#define	BN_BLINDING_NO_UPDATE	0x00000001
-#define	BN_BLINDING_NO_RECREATE	0x00000002
-
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
-void BN_BLINDING_free(BN_BLINDING *b);
-int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-#ifndef OPENSSL_NO_DEPRECATED
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
-void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
-#endif
-CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
-void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-	const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-	BN_MONT_CTX *m_ctx);
-
-#ifndef OPENSSL_NO_DEPRECATED
-void BN_set_params(int mul,int high,int low,int mont);
-int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
-#endif
-
-void	BN_RECP_CTX_init(BN_RECP_CTX *recp);
-BN_RECP_CTX *BN_RECP_CTX_new(void);
-void	BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int	BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
-int	BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
-	BN_RECP_CTX *recp,BN_CTX *ctx);
-int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx);
-int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
-	BN_RECP_CTX *recp, BN_CTX *ctx);
-
-#ifndef OPENSSL_NO_EC2M
-
-/* Functions for arithmetic over binary polynomials represented by BIGNUMs. 
- *
- * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
- * ignored.
- *
- * Note that input arguments are not const so that their bit arrays can
- * be expanded to the appropriate size if needed.
- */
-
-int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/
-#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
-int	BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/
-int	BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */
-int	BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	BN_CTX *ctx); /* r = (a * a) mod p */
-int	BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
-	BN_CTX *ctx); /* r = (1 / b) mod p */
-int	BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */
-int	BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */
-int	BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	BN_CTX *ctx); /* r = sqrt(a) mod p */
-int	BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	BN_CTX *ctx); /* r^2 + r = a mod p */
-#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/* Some functions allow for representation of the irreducible polynomials
- * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
- *     t^p[0] + t^p[1] + ... + t^p[k]
- * where m = p[0] > p[1] > ... > p[k] = 0.
- */
-int	BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
-	/* r = a mod p */
-int	BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const int p[], BN_CTX *ctx); /* r = (a * b) mod p */
-int	BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
-	BN_CTX *ctx); /* r = (a * a) mod p */
-int	BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
-	BN_CTX *ctx); /* r = (1 / b) mod p */
-int	BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const int p[], BN_CTX *ctx); /* r = (a / b) mod p */
-int	BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
-int	BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
-	const int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
-int	BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
-	const int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
-int	BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
-int	BN_GF2m_arr2poly(const int p[], BIGNUM *a);
-
-#endif
-
-/* faster mod functions for the 'NIST primes' 
- * 0 <= a < p^2 */
-int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-
-const BIGNUM *BN_get0_nist_prime_192(void);
-const BIGNUM *BN_get0_nist_prime_224(void);
-const BIGNUM *BN_get0_nist_prime_256(void);
-const BIGNUM *BN_get0_nist_prime_384(void);
-const BIGNUM *BN_get0_nist_prime_521(void);
-
-int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv,
-			  const unsigned char *message, size_t message_len,
-			  BN_CTX *ctx);
-
-/* library internal functions */
-
-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
-	(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
-#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
-BIGNUM *bn_expand2(BIGNUM *a, int words);
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
-#endif
-
-/* Bignum consistency macros
- * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
- * bignum data after direct manipulations on the data. There is also an
- * "internal" macro, bn_check_top(), for verifying that there are no leading
- * zeroes. Unfortunately, some auditing is required due to the fact that
- * bn_fix_top() has become an overabused duct-tape because bignum data is
- * occasionally passed around in an inconsistent state. So the following
- * changes have been made to sort this out;
- * - bn_fix_top()s implementation has been moved to bn_correct_top()
- * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
- *   bn_check_top() is as before.
- * - if BN_DEBUG *is* defined;
- *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
- *     consistent. (ed: only if BN_DEBUG_RAND is defined)
- *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
- * The idea is to have debug builds flag up inconsistent bignums when they
- * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
- * the use of bn_fix_top() was appropriate (ie. it follows directly after code
- * that manipulates the bignum) it is converted to bn_correct_top(), and if it
- * was not appropriate, we convert it permanently to bn_check_top() and track
- * down the cause of the bug. Eventually, no internal code should be using the
- * bn_fix_top() macro. External applications and libraries should try this with
- * their own code too, both in terms of building against the openssl headers
- * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
- * defined. This not only improves external code, it provides more test
- * coverage for openssl's own code.
- */
-
-#ifdef BN_DEBUG
-
-/* We only need assert() when debugging */
-#include <assert.h>
-
-#ifdef BN_DEBUG_RAND
-/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
-#ifndef RAND_pseudo_bytes
-int RAND_pseudo_bytes(unsigned char *buf,int num);
-#define BN_DEBUG_TRIX
-#endif
-#define bn_pollute(a) \
-	do { \
-		const BIGNUM *_bnum1 = (a); \
-		if(_bnum1->top < _bnum1->dmax) { \
-			unsigned char _tmp_char; \
-			/* We cast away const without the compiler knowing, any \
-			 * *genuinely* constant variables that aren't mutable \
-			 * wouldn't be constructed with top!=dmax. */ \
-			BN_ULONG *_not_const; \
-			memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
-			RAND_pseudo_bytes(&_tmp_char, 1); \
-			memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
-				(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
-		} \
-	} while(0)
-#ifdef BN_DEBUG_TRIX
-#undef RAND_pseudo_bytes
-#endif
-#else
-#define bn_pollute(a)
-#endif
-#define bn_check_top(a) \
-	do { \
-		const BIGNUM *_bnum2 = (a); \
-		if (_bnum2 != NULL) { \
-			assert((_bnum2->top == 0) || \
-				(_bnum2->d[_bnum2->top - 1] != 0)); \
-			bn_pollute(_bnum2); \
-		} \
-	} while(0)
-
-#define bn_fix_top(a)		bn_check_top(a)
-
-#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
-#define bn_wcheck_size(bn, words) \
-	do { \
-		const BIGNUM *_bnum2 = (bn); \
-		assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \
-		/* avoid unused variable warning with NDEBUG */ \
-		(void)(_bnum2); \
-	} while(0)
-
-#else /* !BN_DEBUG */
-
-#define bn_pollute(a)
-#define bn_check_top(a)
-#define bn_fix_top(a)		bn_correct_top(a)
-#define bn_check_size(bn, bits)
-#define bn_wcheck_size(bn, words)
-
-#endif
-
-#define bn_correct_top(a) \
-        { \
-        BN_ULONG *ftl; \
-	int tmp_top = (a)->top; \
-	if (tmp_top > 0) \
-		{ \
-		for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
-			if (*(ftl--)) break; \
-		(a)->top = tmp_top; \
-		} \
-	bn_pollute(a); \
-	}
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
-
-/* Primes from RFC 2409 */
-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
-
-/* Primes from RFC 3526 */
-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
-
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BN_strings(void);
-
-/* Error codes for the BN functions. */
-
-/* Function codes. */
-#define BN_F_BNRAND					 127
-#define BN_F_BN_BLINDING_CONVERT_EX			 100
-#define BN_F_BN_BLINDING_CREATE_PARAM			 128
-#define BN_F_BN_BLINDING_INVERT_EX			 101
-#define BN_F_BN_BLINDING_NEW				 102
-#define BN_F_BN_BLINDING_UPDATE				 103
-#define BN_F_BN_BN2DEC					 104
-#define BN_F_BN_BN2HEX					 105
-#define BN_F_BN_CTX_GET					 116
-#define BN_F_BN_CTX_NEW					 106
-#define BN_F_BN_CTX_START				 129
-#define BN_F_BN_DIV					 107
-#define BN_F_BN_DIV_NO_BRANCH				 138
-#define BN_F_BN_DIV_RECP				 130
-#define BN_F_BN_EXP					 123
-#define BN_F_BN_EXPAND2					 108
-#define BN_F_BN_EXPAND_INTERNAL				 120
-#define BN_F_BN_GENERATE_DSA_NONCE			 140
-#define BN_F_BN_GF2M_MOD				 131
-#define BN_F_BN_GF2M_MOD_EXP				 132
-#define BN_F_BN_GF2M_MOD_MUL				 133
-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD			 134
-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR			 135
-#define BN_F_BN_GF2M_MOD_SQR				 136
-#define BN_F_BN_GF2M_MOD_SQRT				 137
-#define BN_F_BN_MOD_EXP2_MONT				 118
-#define BN_F_BN_MOD_EXP_MONT				 109
-#define BN_F_BN_MOD_EXP_MONT_CONSTTIME			 124
-#define BN_F_BN_MOD_EXP_MONT_WORD			 117
-#define BN_F_BN_MOD_EXP_RECP				 125
-#define BN_F_BN_MOD_EXP_SIMPLE				 126
-#define BN_F_BN_MOD_INVERSE				 110
-#define BN_F_BN_MOD_INVERSE_NO_BRANCH			 139
-#define BN_F_BN_MOD_LSHIFT_QUICK			 119
-#define BN_F_BN_MOD_MUL_RECIPROCAL			 111
-#define BN_F_BN_MOD_SQRT				 121
-#define BN_F_BN_MPI2BN					 112
-#define BN_F_BN_NEW					 113
-#define BN_F_BN_RAND					 114
-#define BN_F_BN_RAND_RANGE				 122
-#define BN_F_BN_USUB					 115
-
-/* Reason codes. */
-#define BN_R_ARG2_LT_ARG3				 100
-#define BN_R_BAD_RECIPROCAL				 101
-#define BN_R_BIGNUM_TOO_LONG				 114
-#define BN_R_CALLED_WITH_EVEN_MODULUS			 102
-#define BN_R_DIV_BY_ZERO				 103
-#define BN_R_ENCODING_ERROR				 104
-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
-#define BN_R_INPUT_NOT_REDUCED				 110
-#define BN_R_INVALID_LENGTH				 106
-#define BN_R_INVALID_RANGE				 115
-#define BN_R_NOT_A_SQUARE				 111
-#define BN_R_NOT_INITIALIZED				 107
-#define BN_R_NO_INVERSE					 108
-#define BN_R_NO_SOLUTION				 116
-#define BN_R_PRIVATE_KEY_TOO_LARGE			 117
-#define BN_R_P_IS_NOT_PRIME				 112
-#define BN_R_TOO_MANY_ITERATIONS			 113
-#define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/bn/bn.mul b/crypto/bn/bn.mul
deleted file mode 100644
index 9728870d38..0000000000
--- a/crypto/bn/bn.mul
+++ /dev/null
@@ -1,19 +0,0 @@
-We need
-
-* bn_mul_comba8
-* bn_mul_comba4
-* bn_mul_normal
-* bn_mul_recursive
-
-* bn_sqr_comba8
-* bn_sqr_comba4
-bn_sqr_normal -> BN_sqr
-* bn_sqr_recursive
-
-* bn_mul_low_recursive
-* bn_mul_low_normal
-* bn_mul_high
-
-* bn_mul_part_recursive	# symetric but not power of 2
-
-bn_mul_asymetric_recursive # uneven, but do the chop up.
diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c
deleted file mode 100644
index 9405163706..0000000000
--- a/crypto/bn/bn_add.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/* crypto/bn/bn_add.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* r can == a or b */
-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-	{
-	const BIGNUM *tmp;
-	int a_neg = a->neg, ret;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	/*  a +  b	a+b
-	 *  a + -b	a-b
-	 * -a +  b	b-a
-	 * -a + -b	-(a+b)
-	 */
-	if (a_neg ^ b->neg)
-		{
-		/* only one is negative */
-		if (a_neg)
-			{ tmp=a; a=b; b=tmp; }
-
-		/* we are now a - b */
-
-		if (BN_ucmp(a,b) < 0)
-			{
-			if (!BN_usub(r,b,a)) return(0);
-			r->neg=1;
-			}
-		else
-			{
-			if (!BN_usub(r,a,b)) return(0);
-			r->neg=0;
-			}
-		return(1);
-		}
-
-	ret = BN_uadd(r,a,b);
-	r->neg = a_neg;
-	bn_check_top(r);
-	return ret;
-	}
-
-/* unsigned add of b to a */
-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-	{
-	int max,min,dif;
-	BN_ULONG *ap,*bp,*rp,carry,t1,t2;
-	const BIGNUM *tmp;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	if (a->top < b->top)
-		{ tmp=a; a=b; b=tmp; }
-	max = a->top;
-	min = b->top;
-	dif = max - min;
-
-	if (bn_wexpand(r,max+1) == NULL)
-		return 0;
-
-	r->top=max;
-
-
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
-
-	carry=bn_add_words(rp,ap,bp,min);
-	rp+=min;
-	ap+=min;
-	bp+=min;
-
-	if (carry)
-		{
-		while (dif)
-			{
-			dif--;
-			t1 = *(ap++);
-			t2 = (t1+1) & BN_MASK2;
-			*(rp++) = t2;
-			if (t2)
-				{
-				carry=0;
-				break;
-				}
-			}
-		if (carry)
-			{
-			/* carry != 0 => dif == 0 */
-			*rp = 1;
-			r->top++;
-			}
-		}
-	if (dif && rp != ap)
-		while (dif--)
-			/* copy remaining words if ap != rp */
-			*(rp++) = *(ap++);
-	r->neg = 0;
-	bn_check_top(r);
-	return 1;
-	}
-
-/* unsigned subtraction of b from a, a must be larger than b. */
-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-	{
-	int max,min,dif;
-	register BN_ULONG t1,t2,*ap,*bp,*rp;
-	int i,carry;
-#if defined(IRIX_CC_BUG) && !defined(LINT)
-	int dummy;
-#endif
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	max = a->top;
-	min = b->top;
-	dif = max - min;
-
-	if (dif < 0)	/* hmm... should not be happening */
-		{
-		BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3);
-		return(0);
-		}
-
-	if (bn_wexpand(r,max) == NULL) return(0);
-
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
-
-#if 1
-	carry=0;
-	for (i = min; i != 0; i--)
-		{
-		t1= *(ap++);
-		t2= *(bp++);
-		if (carry)
-			{
-			carry=(t1 <= t2);
-			t1=(t1-t2-1)&BN_MASK2;
-			}
-		else
-			{
-			carry=(t1 < t2);
-			t1=(t1-t2)&BN_MASK2;
-			}
-#if defined(IRIX_CC_BUG) && !defined(LINT)
-		dummy=t1;
-#endif
-		*(rp++)=t1&BN_MASK2;
-		}
-#else
-	carry=bn_sub_words(rp,ap,bp,min);
-	ap+=min;
-	bp+=min;
-	rp+=min;
-#endif
-	if (carry) /* subtracted */
-		{
-		if (!dif)
-			/* error: a < b */
-			return 0;
-		while (dif)
-			{
-			dif--;
-			t1 = *(ap++);
-			t2 = (t1-1)&BN_MASK2;
-			*(rp++) = t2;
-			if (t1)
-				break;
-			}
-		}
-#if 0
-	memcpy(rp,ap,sizeof(*rp)*(max-i));
-#else
-	if (rp != ap)
-		{
-		for (;;)
-			{
-			if (!dif--) break;
-			rp[0]=ap[0];
-			if (!dif--) break;
-			rp[1]=ap[1];
-			if (!dif--) break;
-			rp[2]=ap[2];
-			if (!dif--) break;
-			rp[3]=ap[3];
-			rp+=4;
-			ap+=4;
-			}
-		}
-#endif
-
-	r->top=max;
-	r->neg=0;
-	bn_correct_top(r);
-	return(1);
-	}
-
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-	{
-	int max;
-	int add=0,neg=0;
-	const BIGNUM *tmp;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	/*  a -  b	a-b
-	 *  a - -b	a+b
-	 * -a -  b	-(a+b)
-	 * -a - -b	b-a
-	 */
-	if (a->neg)
-		{
-		if (b->neg)
-			{ tmp=a; a=b; b=tmp; }
-		else
-			{ add=1; neg=1; }
-		}
-	else
-		{
-		if (b->neg) { add=1; neg=0; }
-		}
-
-	if (add)
-		{
-		if (!BN_uadd(r,a,b)) return(0);
-		r->neg=neg;
-		return(1);
-		}
-
-	/* We are actually doing a - b :-) */
-
-	max=(a->top > b->top)?a->top:b->top;
-	if (bn_wexpand(r,max) == NULL) return(0);
-	if (BN_ucmp(a,b) < 0)
-		{
-		if (!BN_usub(r,b,a)) return(0);
-		r->neg=1;
-		}
-	else
-		{
-		if (!BN_usub(r,a,b)) return(0);
-		r->neg=0;
-		}
-	bn_check_top(r);
-	return(1);
-	}
-
diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c
deleted file mode 100644
index a33b63411b..0000000000
--- a/crypto/bn/bn_asm.c
+++ /dev/null
@@ -1,1034 +0,0 @@
-/* crypto/bn/bn_asm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-	{
-	BN_ULONG c1=0;
-
-	assert(num >= 0);
-	if (num <= 0) return(c1);
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-	while (num&~3)
-		{
-		mul_add(rp[0],ap[0],w,c1);
-		mul_add(rp[1],ap[1],w,c1);
-		mul_add(rp[2],ap[2],w,c1);
-		mul_add(rp[3],ap[3],w,c1);
-		ap+=4; rp+=4; num-=4;
-		}
-#endif
-	while (num)
-		{
-		mul_add(rp[0],ap[0],w,c1);
-		ap++; rp++; num--;
-		}
-	
-	return(c1);
-	} 
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-	{
-	BN_ULONG c1=0;
-
-	assert(num >= 0);
-	if (num <= 0) return(c1);
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-	while (num&~3)
-		{
-		mul(rp[0],ap[0],w,c1);
-		mul(rp[1],ap[1],w,c1);
-		mul(rp[2],ap[2],w,c1);
-		mul(rp[3],ap[3],w,c1);
-		ap+=4; rp+=4; num-=4;
-		}
-#endif
-	while (num)
-		{
-		mul(rp[0],ap[0],w,c1);
-		ap++; rp++; num--;
-		}
-	return(c1);
-	} 
-
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
-        {
-	assert(n >= 0);
-	if (n <= 0) return;
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-	while (n&~3)
-		{
-		sqr(r[0],r[1],a[0]);
-		sqr(r[2],r[3],a[1]);
-		sqr(r[4],r[5],a[2]);
-		sqr(r[6],r[7],a[3]);
-		a+=4; r+=8; n-=4;
-		}
-#endif
-	while (n)
-		{
-		sqr(r[0],r[1],a[0]);
-		a++; r+=2; n--;
-		}
-	}
-
-#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-	{
-	BN_ULONG c=0;
-	BN_ULONG bl,bh;
-
-	assert(num >= 0);
-	if (num <= 0) return((BN_ULONG)0);
-
-	bl=LBITS(w);
-	bh=HBITS(w);
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-	while (num&~3)
-		{
-		mul_add(rp[0],ap[0],bl,bh,c);
-		mul_add(rp[1],ap[1],bl,bh,c);
-		mul_add(rp[2],ap[2],bl,bh,c);
-		mul_add(rp[3],ap[3],bl,bh,c);
-		ap+=4; rp+=4; num-=4;
-		}
-#endif
-	while (num)
-		{
-		mul_add(rp[0],ap[0],bl,bh,c);
-		ap++; rp++; num--;
-		}
-	return(c);
-	} 
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-	{
-	BN_ULONG carry=0;
-	BN_ULONG bl,bh;
-
-	assert(num >= 0);
-	if (num <= 0) return((BN_ULONG)0);
-
-	bl=LBITS(w);
-	bh=HBITS(w);
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-	while (num&~3)
-		{
-		mul(rp[0],ap[0],bl,bh,carry);
-		mul(rp[1],ap[1],bl,bh,carry);
-		mul(rp[2],ap[2],bl,bh,carry);
-		mul(rp[3],ap[3],bl,bh,carry);
-		ap+=4; rp+=4; num-=4;
-		}
-#endif
-	while (num)
-		{
-		mul(rp[0],ap[0],bl,bh,carry);
-		ap++; rp++; num--;
-		}
-	return(carry);
-	} 
-
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
-        {
-	assert(n >= 0);
-	if (n <= 0) return;
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-	while (n&~3)
-		{
-		sqr64(r[0],r[1],a[0]);
-		sqr64(r[2],r[3],a[1]);
-		sqr64(r[4],r[5],a[2]);
-		sqr64(r[6],r[7],a[3]);
-		a+=4; r+=8; n-=4;
-		}
-#endif
-	while (n)
-		{
-		sqr64(r[0],r[1],a[0]);
-		a++; r+=2; n--;
-		}
-	}
-
-#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
-
-#if defined(BN_LLONG) && defined(BN_DIV2W)
-
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-	{
-	return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
-	}
-
-#else
-
-/* Divide h,l by d and return the result. */
-/* I need to test this some more :-( */
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-	{
-	BN_ULONG dh,dl,q,ret=0,th,tl,t;
-	int i,count=2;
-
-	if (d == 0) return(BN_MASK2);
-
-	i=BN_num_bits_word(d);
-	assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));
-
-	i=BN_BITS2-i;
-	if (h >= d) h-=d;
-
-	if (i)
-		{
-		d<<=i;
-		h=(h<<i)|(l>>(BN_BITS2-i));
-		l<<=i;
-		}
-	dh=(d&BN_MASK2h)>>BN_BITS4;
-	dl=(d&BN_MASK2l);
-	for (;;)
-		{
-		if ((h>>BN_BITS4) == dh)
-			q=BN_MASK2l;
-		else
-			q=h/dh;
-
-		th=q*dh;
-		tl=dl*q;
-		for (;;)
-			{
-			t=h-th;
-			if ((t&BN_MASK2h) ||
-				((tl) <= (
-					(t<<BN_BITS4)|
-					((l&BN_MASK2h)>>BN_BITS4))))
-				break;
-			q--;
-			th-=dh;
-			tl-=dl;
-			}
-		t=(tl>>BN_BITS4);
-		tl=(tl<<BN_BITS4)&BN_MASK2h;
-		th+=t;
-
-		if (l < tl) th++;
-		l-=tl;
-		if (h < th)
-			{
-			h+=d;
-			q--;
-			}
-		h-=th;
-
-		if (--count == 0) break;
-
-		ret=q<<BN_BITS4;
-		h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
-		l=(l&BN_MASK2l)<<BN_BITS4;
-		}
-	ret|=q;
-	return(ret);
-	}
-#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
-
-#ifdef BN_LLONG
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
-        {
-	BN_ULLONG ll=0;
-
-	assert(n >= 0);
-	if (n <= 0) return((BN_ULONG)0);
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-	while (n&~3)
-		{
-		ll+=(BN_ULLONG)a[0]+b[0];
-		r[0]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		ll+=(BN_ULLONG)a[1]+b[1];
-		r[1]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		ll+=(BN_ULLONG)a[2]+b[2];
-		r[2]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		ll+=(BN_ULLONG)a[3]+b[3];
-		r[3]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		a+=4; b+=4; r+=4; n-=4;
-		}
-#endif
-	while (n)
-		{
-		ll+=(BN_ULLONG)a[0]+b[0];
-		r[0]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		a++; b++; r++; n--;
-		}
-	return((BN_ULONG)ll);
-	}
-#else /* !BN_LLONG */
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
-        {
-	BN_ULONG c,l,t;
-
-	assert(n >= 0);
-	if (n <= 0) return((BN_ULONG)0);
-
-	c=0;
-#ifndef OPENSSL_SMALL_FOOTPRINT
-	while (n&~3)
-		{
-		t=a[0];
-		t=(t+c)&BN_MASK2;
-		c=(t < c);
-		l=(t+b[0])&BN_MASK2;
-		c+=(l < t);
-		r[0]=l;
-		t=a[1];
-		t=(t+c)&BN_MASK2;
-		c=(t < c);
-		l=(t+b[1])&BN_MASK2;
-		c+=(l < t);
-		r[1]=l;
-		t=a[2];
-		t=(t+c)&BN_MASK2;
-		c=(t < c);
-		l=(t+b[2])&BN_MASK2;
-		c+=(l < t);
-		r[2]=l;
-		t=a[3];
-		t=(t+c)&BN_MASK2;
-		c=(t < c);
-		l=(t+b[3])&BN_MASK2;
-		c+=(l < t);
-		r[3]=l;
-		a+=4; b+=4; r+=4; n-=4;
-		}
-#endif
-	while(n)
-		{
-		t=a[0];
-		t=(t+c)&BN_MASK2;
-		c=(t < c);
-		l=(t+b[0])&BN_MASK2;
-		c+=(l < t);
-		r[0]=l;
-		a++; b++; r++; n--;
-		}
-	return((BN_ULONG)c);
-	}
-#endif /* !BN_LLONG */
-
-BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
-        {
-	BN_ULONG t1,t2;
-	int c=0;
-
-	assert(n >= 0);
-	if (n <= 0) return((BN_ULONG)0);
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-	while (n&~3)
-		{
-		t1=a[0]; t2=b[0];
-		r[0]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		t1=a[1]; t2=b[1];
-		r[1]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		t1=a[2]; t2=b[2];
-		r[2]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		t1=a[3]; t2=b[3];
-		r[3]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		a+=4; b+=4; r+=4; n-=4;
-		}
-#endif
-	while (n)
-		{
-		t1=a[0]; t2=b[0];
-		r[0]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		a++; b++; r++; n--;
-		}
-	return(c);
-	}
-
-#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
-
-#undef bn_mul_comba8
-#undef bn_mul_comba4
-#undef bn_sqr_comba8
-#undef bn_sqr_comba4
-
-/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
-/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
-/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
-/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
-
-/*
- * Keep in mind that carrying into high part of multiplication result
- * can not overflow, because it cannot be all-ones.
- */
-#ifdef BN_LLONG
-#define mul_add_c(a,b,c0,c1,c2) \
-	t=(BN_ULLONG)a*b; \
-	t1=(BN_ULONG)Lw(t); \
-	t2=(BN_ULONG)Hw(t); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \
-	t=(BN_ULLONG)a*b; \
-	tt=(t+t)&BN_MASK; \
-	if (tt < t) c2++; \
-	t1=(BN_ULONG)Lw(tt); \
-	t2=(BN_ULONG)Hw(tt); \
-	c0=(c0+t1)&BN_MASK2;  \
-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \
-	t=(BN_ULLONG)a[i]*a[i]; \
-	t1=(BN_ULONG)Lw(t); \
-	t2=(BN_ULONG)Hw(t); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#elif defined(BN_UMULT_LOHI)
-
-#define mul_add_c(a,b,c0,c1,c2)	{	\
-	BN_ULONG ta=(a),tb=(b);		\
-	BN_UMULT_LOHI(t1,t2,ta,tb);	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-
-#define mul_add_c2(a,b,c0,c1,c2) {	\
-	BN_ULONG ta=(a),tb=(b),t0;	\
-	BN_UMULT_LOHI(t0,t1,ta,tb);	\
-	c0 += t0; t2 = t1+((c0<t0)?1:0);\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	c0 += t0; t1 += (c0<t0)?1:0;	\
-	c1 += t1; c2 += (c1<t1)?1:0;	\
-	}
-
-#define sqr_add_c(a,i,c0,c1,c2)	{	\
-	BN_ULONG ta=(a)[i];		\
-	BN_UMULT_LOHI(t1,t2,ta,ta);	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-
-#define sqr_add_c2(a,i,j,c0,c1,c2)	\
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#elif defined(BN_UMULT_HIGH)
-
-#define mul_add_c(a,b,c0,c1,c2)	{	\
-	BN_ULONG ta=(a),tb=(b);		\
-	t1 = ta * tb;			\
-	t2 = BN_UMULT_HIGH(ta,tb);	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-
-#define mul_add_c2(a,b,c0,c1,c2) {	\
-	BN_ULONG ta=(a),tb=(b),t0;	\
-	t1 = BN_UMULT_HIGH(ta,tb);	\
-	t0 = ta * tb;			\
-	c0 += t0; t2 = t1+((c0<t0)?1:0);\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	c0 += t0; t1 += (c0<t0)?1:0;	\
-	c1 += t1; c2 += (c1<t1)?1:0;	\
-	}
-
-#define sqr_add_c(a,i,c0,c1,c2)	{	\
-	BN_ULONG ta=(a)[i];		\
-	t1 = ta * ta;			\
-	t2 = BN_UMULT_HIGH(ta,ta);	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-
-#define sqr_add_c2(a,i,j,c0,c1,c2)	\
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#else /* !BN_LLONG */
-#define mul_add_c(a,b,c0,c1,c2) \
-	t1=LBITS(a); t2=HBITS(a); \
-	bl=LBITS(b); bh=HBITS(b); \
-	mul64(t1,t2,bl,bh); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \
-	t1=LBITS(a); t2=HBITS(a); \
-	bl=LBITS(b); bh=HBITS(b); \
-	mul64(t1,t2,bl,bh); \
-	if (t2 & BN_TBIT) c2++; \
-	t2=(t2+t2)&BN_MASK2; \
-	if (t1 & BN_TBIT) t2++; \
-	t1=(t1+t1)&BN_MASK2; \
-	c0=(c0+t1)&BN_MASK2;  \
-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \
-	sqr64(t1,t2,(a)[i]); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#endif /* !BN_LLONG */
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	mul_add_c(a[0],b[0],c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	mul_add_c(a[0],b[1],c2,c3,c1);
-	mul_add_c(a[1],b[0],c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	mul_add_c(a[2],b[0],c3,c1,c2);
-	mul_add_c(a[1],b[1],c3,c1,c2);
-	mul_add_c(a[0],b[2],c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	mul_add_c(a[0],b[3],c1,c2,c3);
-	mul_add_c(a[1],b[2],c1,c2,c3);
-	mul_add_c(a[2],b[1],c1,c2,c3);
-	mul_add_c(a[3],b[0],c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	mul_add_c(a[4],b[0],c2,c3,c1);
-	mul_add_c(a[3],b[1],c2,c3,c1);
-	mul_add_c(a[2],b[2],c2,c3,c1);
-	mul_add_c(a[1],b[3],c2,c3,c1);
-	mul_add_c(a[0],b[4],c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	mul_add_c(a[0],b[5],c3,c1,c2);
-	mul_add_c(a[1],b[4],c3,c1,c2);
-	mul_add_c(a[2],b[3],c3,c1,c2);
-	mul_add_c(a[3],b[2],c3,c1,c2);
-	mul_add_c(a[4],b[1],c3,c1,c2);
-	mul_add_c(a[5],b[0],c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	mul_add_c(a[6],b[0],c1,c2,c3);
-	mul_add_c(a[5],b[1],c1,c2,c3);
-	mul_add_c(a[4],b[2],c1,c2,c3);
-	mul_add_c(a[3],b[3],c1,c2,c3);
-	mul_add_c(a[2],b[4],c1,c2,c3);
-	mul_add_c(a[1],b[5],c1,c2,c3);
-	mul_add_c(a[0],b[6],c1,c2,c3);
-	r[6]=c1;
-	c1=0;
-	mul_add_c(a[0],b[7],c2,c3,c1);
-	mul_add_c(a[1],b[6],c2,c3,c1);
-	mul_add_c(a[2],b[5],c2,c3,c1);
-	mul_add_c(a[3],b[4],c2,c3,c1);
-	mul_add_c(a[4],b[3],c2,c3,c1);
-	mul_add_c(a[5],b[2],c2,c3,c1);
-	mul_add_c(a[6],b[1],c2,c3,c1);
-	mul_add_c(a[7],b[0],c2,c3,c1);
-	r[7]=c2;
-	c2=0;
-	mul_add_c(a[7],b[1],c3,c1,c2);
-	mul_add_c(a[6],b[2],c3,c1,c2);
-	mul_add_c(a[5],b[3],c3,c1,c2);
-	mul_add_c(a[4],b[4],c3,c1,c2);
-	mul_add_c(a[3],b[5],c3,c1,c2);
-	mul_add_c(a[2],b[6],c3,c1,c2);
-	mul_add_c(a[1],b[7],c3,c1,c2);
-	r[8]=c3;
-	c3=0;
-	mul_add_c(a[2],b[7],c1,c2,c3);
-	mul_add_c(a[3],b[6],c1,c2,c3);
-	mul_add_c(a[4],b[5],c1,c2,c3);
-	mul_add_c(a[5],b[4],c1,c2,c3);
-	mul_add_c(a[6],b[3],c1,c2,c3);
-	mul_add_c(a[7],b[2],c1,c2,c3);
-	r[9]=c1;
-	c1=0;
-	mul_add_c(a[7],b[3],c2,c3,c1);
-	mul_add_c(a[6],b[4],c2,c3,c1);
-	mul_add_c(a[5],b[5],c2,c3,c1);
-	mul_add_c(a[4],b[6],c2,c3,c1);
-	mul_add_c(a[3],b[7],c2,c3,c1);
-	r[10]=c2;
-	c2=0;
-	mul_add_c(a[4],b[7],c3,c1,c2);
-	mul_add_c(a[5],b[6],c3,c1,c2);
-	mul_add_c(a[6],b[5],c3,c1,c2);
-	mul_add_c(a[7],b[4],c3,c1,c2);
-	r[11]=c3;
-	c3=0;
-	mul_add_c(a[7],b[5],c1,c2,c3);
-	mul_add_c(a[6],b[6],c1,c2,c3);
-	mul_add_c(a[5],b[7],c1,c2,c3);
-	r[12]=c1;
-	c1=0;
-	mul_add_c(a[6],b[7],c2,c3,c1);
-	mul_add_c(a[7],b[6],c2,c3,c1);
-	r[13]=c2;
-	c2=0;
-	mul_add_c(a[7],b[7],c3,c1,c2);
-	r[14]=c3;
-	r[15]=c1;
-	}
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	mul_add_c(a[0],b[0],c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	mul_add_c(a[0],b[1],c2,c3,c1);
-	mul_add_c(a[1],b[0],c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	mul_add_c(a[2],b[0],c3,c1,c2);
-	mul_add_c(a[1],b[1],c3,c1,c2);
-	mul_add_c(a[0],b[2],c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	mul_add_c(a[0],b[3],c1,c2,c3);
-	mul_add_c(a[1],b[2],c1,c2,c3);
-	mul_add_c(a[2],b[1],c1,c2,c3);
-	mul_add_c(a[3],b[0],c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	mul_add_c(a[3],b[1],c2,c3,c1);
-	mul_add_c(a[2],b[2],c2,c3,c1);
-	mul_add_c(a[1],b[3],c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	mul_add_c(a[2],b[3],c3,c1,c2);
-	mul_add_c(a[3],b[2],c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	mul_add_c(a[3],b[3],c1,c2,c3);
-	r[6]=c1;
-	r[7]=c2;
-	}
-
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t,tt;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	sqr_add_c(a,0,c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	sqr_add_c2(a,1,0,c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	sqr_add_c(a,1,c3,c1,c2);
-	sqr_add_c2(a,2,0,c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	sqr_add_c2(a,3,0,c1,c2,c3);
-	sqr_add_c2(a,2,1,c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	sqr_add_c(a,2,c2,c3,c1);
-	sqr_add_c2(a,3,1,c2,c3,c1);
-	sqr_add_c2(a,4,0,c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	sqr_add_c2(a,5,0,c3,c1,c2);
-	sqr_add_c2(a,4,1,c3,c1,c2);
-	sqr_add_c2(a,3,2,c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	sqr_add_c(a,3,c1,c2,c3);
-	sqr_add_c2(a,4,2,c1,c2,c3);
-	sqr_add_c2(a,5,1,c1,c2,c3);
-	sqr_add_c2(a,6,0,c1,c2,c3);
-	r[6]=c1;
-	c1=0;
-	sqr_add_c2(a,7,0,c2,c3,c1);
-	sqr_add_c2(a,6,1,c2,c3,c1);
-	sqr_add_c2(a,5,2,c2,c3,c1);
-	sqr_add_c2(a,4,3,c2,c3,c1);
-	r[7]=c2;
-	c2=0;
-	sqr_add_c(a,4,c3,c1,c2);
-	sqr_add_c2(a,5,3,c3,c1,c2);
-	sqr_add_c2(a,6,2,c3,c1,c2);
-	sqr_add_c2(a,7,1,c3,c1,c2);
-	r[8]=c3;
-	c3=0;
-	sqr_add_c2(a,7,2,c1,c2,c3);
-	sqr_add_c2(a,6,3,c1,c2,c3);
-	sqr_add_c2(a,5,4,c1,c2,c3);
-	r[9]=c1;
-	c1=0;
-	sqr_add_c(a,5,c2,c3,c1);
-	sqr_add_c2(a,6,4,c2,c3,c1);
-	sqr_add_c2(a,7,3,c2,c3,c1);
-	r[10]=c2;
-	c2=0;
-	sqr_add_c2(a,7,4,c3,c1,c2);
-	sqr_add_c2(a,6,5,c3,c1,c2);
-	r[11]=c3;
-	c3=0;
-	sqr_add_c(a,6,c1,c2,c3);
-	sqr_add_c2(a,7,5,c1,c2,c3);
-	r[12]=c1;
-	c1=0;
-	sqr_add_c2(a,7,6,c2,c3,c1);
-	r[13]=c2;
-	c2=0;
-	sqr_add_c(a,7,c3,c1,c2);
-	r[14]=c3;
-	r[15]=c1;
-	}
-
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t,tt;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	sqr_add_c(a,0,c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	sqr_add_c2(a,1,0,c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	sqr_add_c(a,1,c3,c1,c2);
-	sqr_add_c2(a,2,0,c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	sqr_add_c2(a,3,0,c1,c2,c3);
-	sqr_add_c2(a,2,1,c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	sqr_add_c(a,2,c2,c3,c1);
-	sqr_add_c2(a,3,1,c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	sqr_add_c2(a,3,2,c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	sqr_add_c(a,3,c1,c2,c3);
-	r[6]=c1;
-	r[7]=c2;
-	}
-
-#ifdef OPENSSL_NO_ASM
-#ifdef OPENSSL_BN_ASM_MONT
-#include <alloca.h>
-/*
- * This is essentially reference implementation, which may or may not
- * result in performance improvement. E.g. on IA-32 this routine was
- * observed to give 40% faster rsa1024 private key operations and 10%
- * faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only
- * by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a
- * reference implementation, one to be used as starting point for
- * platform-specific assembler. Mentioned numbers apply to compiler
- * generated code compiled with and without -DOPENSSL_BN_ASM_MONT and
- * can vary not only from platform to platform, but even for compiler
- * versions. Assembler vs. assembler improvement coefficients can
- * [and are known to] differ and are to be documented elsewhere.
- */
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num)
-	{
-	BN_ULONG c0,c1,ml,*tp,n0;
-#ifdef mul64
-	BN_ULONG mh;
-#endif
-	volatile BN_ULONG *vp;
-	int i=0,j;
-
-#if 0	/* template for platform-specific implementation */
-	if (ap==bp)	return bn_sqr_mont(rp,ap,np,n0p,num);
-#endif
-	vp = tp = alloca((num+2)*sizeof(BN_ULONG));
-
-	n0 = *n0p;
-
-	c0 = 0;
-	ml = bp[0];
-#ifdef mul64
-	mh = HBITS(ml);
-	ml = LBITS(ml);
-	for (j=0;j<num;++j)
-		mul(tp[j],ap[j],ml,mh,c0);
-#else
-	for (j=0;j<num;++j)
-		mul(tp[j],ap[j],ml,c0);
-#endif
-
-	tp[num]   = c0;
-	tp[num+1] = 0;
-	goto enter;
-
-	for(i=0;i<num;i++)
-		{
-		c0 = 0;
-		ml = bp[i];
-#ifdef mul64
-		mh = HBITS(ml);
-		ml = LBITS(ml);
-		for (j=0;j<num;++j)
-			mul_add(tp[j],ap[j],ml,mh,c0);
-#else
-		for (j=0;j<num;++j)
-			mul_add(tp[j],ap[j],ml,c0);
-#endif
-		c1 = (tp[num] + c0)&BN_MASK2;
-		tp[num]   = c1;
-		tp[num+1] = (c1<c0?1:0);
-	enter:
-		c1  = tp[0];
-		ml = (c1*n0)&BN_MASK2;
-		c0 = 0;
-#ifdef mul64
-		mh = HBITS(ml);
-		ml = LBITS(ml);
-		mul_add(c1,np[0],ml,mh,c0);
-#else
-		mul_add(c1,ml,np[0],c0);
-#endif
-		for(j=1;j<num;j++)
-			{
-			c1 = tp[j];
-#ifdef mul64
-			mul_add(c1,np[j],ml,mh,c0);
-#else
-			mul_add(c1,ml,np[j],c0);
-#endif
-			tp[j-1] = c1&BN_MASK2;
-			}
-		c1        = (tp[num] + c0)&BN_MASK2;
-		tp[num-1] = c1;
-		tp[num]   = tp[num+1] + (c1<c0?1:0);
-		}
-
-	if (tp[num]!=0 || tp[num-1]>=np[num-1])
-		{
-		c0 = bn_sub_words(rp,tp,np,num);
-		if (tp[num]!=0 || c0==0)
-			{
-			for(i=0;i<num+2;i++)	vp[i] = 0;
-			return 1;
-			}
-		}
-	for(i=0;i<num;i++)	rp[i] = tp[i],	vp[i] = 0;
-	vp[num]   = 0;
-	vp[num+1] = 0;
-	return 1;
-	}
-#else
-/*
- * Return value of 0 indicates that multiplication/convolution was not
- * performed to signal the caller to fall down to alternative/original
- * code-path.
- */
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
-{	return 0;	}
-#endif /* OPENSSL_BN_ASM_MONT */
-#endif
-
-#else /* !BN_MUL_COMBA */
-
-/* hmm... is it faster just to do a multiply? */
-#undef bn_sqr_comba4
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
-	{
-	BN_ULONG t[8];
-	bn_sqr_normal(r,a,4,t);
-	}
-
-#undef bn_sqr_comba8
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
-	{
-	BN_ULONG t[16];
-	bn_sqr_normal(r,a,8,t);
-	}
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-	r[4]=bn_mul_words(    &(r[0]),a,4,b[0]);
-	r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]);
-	r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]);
-	r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]);
-	}
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-	r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
-	r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
-	r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
-	r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
-	r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
-	r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
-	r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
-	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
-	}
-
-#ifdef OPENSSL_NO_ASM
-#ifdef OPENSSL_BN_ASM_MONT
-#include <alloca.h>
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0p, int num)
-	{
-	BN_ULONG c0,c1,*tp,n0=*n0p;
-	volatile BN_ULONG *vp;
-	int i=0,j;
-
-	vp = tp = alloca((num+2)*sizeof(BN_ULONG));
-
-	for(i=0;i<=num;i++)	tp[i]=0;
-
-	for(i=0;i<num;i++)
-		{
-		c0         = bn_mul_add_words(tp,ap,num,bp[i]);
-		c1         = (tp[num] + c0)&BN_MASK2;
-		tp[num]    = c1;
-		tp[num+1]  = (c1<c0?1:0);
-
-		c0         = bn_mul_add_words(tp,np,num,tp[0]*n0);
-		c1         = (tp[num] + c0)&BN_MASK2;
-		tp[num]    = c1;
-		tp[num+1] += (c1<c0?1:0);
-		for(j=0;j<=num;j++)	tp[j]=tp[j+1];
-		}
-
-	if (tp[num]!=0 || tp[num-1]>=np[num-1])
-		{
-		c0 = bn_sub_words(rp,tp,np,num);
-		if (tp[num]!=0 || c0==0)
-			{
-			for(i=0;i<num+2;i++)	vp[i] = 0;
-			return 1;
-			}
-		}
-	for(i=0;i<num;i++)	rp[i] = tp[i],	vp[i] = 0;
-	vp[num]   = 0;
-	vp[num+1] = 0;
-	return 1;
-	}
-#else
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
-{	return 0;	}
-#endif /* OPENSSL_BN_ASM_MONT */
-#endif
-
-#endif /* !BN_MUL_COMBA */
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
deleted file mode 100644
index 9ed8bc2b40..0000000000
--- a/crypto/bn/bn_blind.c
+++ /dev/null
@@ -1,385 +0,0 @@
-/* crypto/bn/bn_blind.c */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define BN_BLINDING_COUNTER	32
-
-struct bn_blinding_st
-	{
-	BIGNUM *A;
-	BIGNUM *Ai;
-	BIGNUM *e;
-	BIGNUM *mod; /* just a reference */
-#ifndef OPENSSL_NO_DEPRECATED
-	unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
-				  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
-#endif
-	CRYPTO_THREADID tid;
-	int counter;
-	unsigned long flags;
-	BN_MONT_CTX *m_ctx;
-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-			  const BIGNUM *m, BN_CTX *ctx,
-			  BN_MONT_CTX *m_ctx);
-	};
-
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
-	{
-	BN_BLINDING *ret=NULL;
-
-	bn_check_top(mod);
-
-	if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL)
-		{
-		BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	memset(ret,0,sizeof(BN_BLINDING));
-	if (A != NULL)
-		{
-		if ((ret->A  = BN_dup(A))  == NULL) goto err;
-		}
-	if (Ai != NULL)
-		{
-		if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;
-		}
-
-	/* save a copy of mod in the BN_BLINDING structure */
-	if ((ret->mod = BN_dup(mod)) == NULL) goto err;
-	if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
-		BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
-
-	/* Set the counter to the special value -1
-	 * to indicate that this is never-used fresh blinding
-	 * that does not need updating before first use. */
-	ret->counter = -1;
-	CRYPTO_THREADID_current(&ret->tid);
-	return(ret);
-err:
-	if (ret != NULL) BN_BLINDING_free(ret);
-	return(NULL);
-	}
-
-void BN_BLINDING_free(BN_BLINDING *r)
-	{
-	if(r == NULL)
-	    return;
-
-	if (r->A  != NULL) BN_free(r->A );
-	if (r->Ai != NULL) BN_free(r->Ai);
-	if (r->e  != NULL) BN_free(r->e );
-	if (r->mod != NULL) BN_free(r->mod); 
-	OPENSSL_free(r);
-	}
-
-int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
-	{
-	int ret=0;
-
-	if ((b->A == NULL) || (b->Ai == NULL))
-		{
-		BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
-		goto err;
-		}
-
-	if (b->counter == -1)
-		b->counter = 0;
-
-	if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
-		!(b->flags & BN_BLINDING_NO_RECREATE))
-		{
-		/* re-create blinding parameters */
-		if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
-			goto err;
-		}
-	else if (!(b->flags & BN_BLINDING_NO_UPDATE))
-		{
-		if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
-		if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
-		}
-
-	ret=1;
-err:
-	if (b->counter == BN_BLINDING_COUNTER)
-		b->counter = 0;
-	return(ret);
-	}
-
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
-	{
-	return BN_BLINDING_convert_ex(n, NULL, b, ctx);
-	}
-
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
-	{
-	int ret = 1;
-
-	bn_check_top(n);
-
-	if ((b->A == NULL) || (b->Ai == NULL))
-		{
-		BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED);
-		return(0);
-		}
-
-	if (b->counter == -1)
-		/* Fresh blinding, doesn't need updating. */
-		b->counter = 0;
-	else if (!BN_BLINDING_update(b,ctx))
-		return(0);
-
-	if (r != NULL)
-		{
-		if (!BN_copy(r, b->Ai)) ret=0;
-		}
-
-	if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0;
-	
-	return ret;
-	}
-
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
-	{
-	return BN_BLINDING_invert_ex(n, NULL, b, ctx);
-	}
-
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
-	{
-	int ret;
-
-	bn_check_top(n);
-
-	if (r != NULL)
-		ret = BN_mod_mul(n, n, r, b->mod, ctx);
-	else
-		{
-		if (b->Ai == NULL)
-			{
-			BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
-			return(0);
-			}
-		ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
-		}
-
-	bn_check_top(n);
-	return(ret);
-	}
-
-#ifndef OPENSSL_NO_DEPRECATED
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
-	{
-	return b->thread_id;
-	}
-
-void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
-	{
-	b->thread_id = n;
-	}
-#endif
-
-CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b)
-	{
-	return &b->tid;
-	}
-
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
-	{
-	return b->flags;
-	}
-
-void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
-	{
-	b->flags = flags;
-	}
-
-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-	const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-	BN_MONT_CTX *m_ctx)
-{
-	int    retry_counter = 32;
-	BN_BLINDING *ret = NULL;
-
-	if (b == NULL)
-		ret = BN_BLINDING_new(NULL, NULL, m);
-	else
-		ret = b;
-
-	if (ret == NULL)
-		goto err;
-
-	if (ret->A  == NULL && (ret->A  = BN_new()) == NULL)
-		goto err;
-	if (ret->Ai == NULL && (ret->Ai	= BN_new()) == NULL)
-		goto err;
-
-	if (e != NULL)
-		{
-		if (ret->e != NULL)
-			BN_free(ret->e);
-		ret->e = BN_dup(e);
-		}
-	if (ret->e == NULL)
-		goto err;
-
-	if (bn_mod_exp != NULL)
-		ret->bn_mod_exp = bn_mod_exp;
-	if (m_ctx != NULL)
-		ret->m_ctx = m_ctx;
-
-	do {
-		if (!BN_rand_range(ret->A, ret->mod)) goto err;
-		if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL)
-			{
-			/* this should almost never happen for good RSA keys */
-			unsigned long error = ERR_peek_last_error();
-			if (ERR_GET_REASON(error) == BN_R_NO_INVERSE)
-				{
-				if (retry_counter-- == 0)
-				{
-					BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
-						BN_R_TOO_MANY_ITERATIONS);
-					goto err;
-				}
-				ERR_clear_error();
-				}
-			else
-				goto err;
-			}
-		else
-			break;
-	} while (1);
-
-	if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL)
-		{
-		if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
-			goto err;
-		}
-	else
-		{
-		if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
-			goto err;
-		}
-
-	return ret;
-err:
-	if (b == NULL && ret != NULL)
-		{
-		BN_BLINDING_free(ret);
-		ret = NULL;
-		}
-
-	return ret;
-}
diff --git a/crypto/bn/bn_const.c b/crypto/bn/bn_const.c
deleted file mode 100755
index eb60a25b3c..0000000000
--- a/crypto/bn/bn_const.c
+++ /dev/null
@@ -1,402 +0,0 @@
-/* crypto/bn/knownprimes.c */
-/* Insert boilerplate */
-
-#include "bn.h"
-
-/* "First Oakley Default Group" from RFC2409, section 6.1.
- *
- * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
- *
- * RFC2409 specifies a generator of 2.
- * RFC2412 specifies a generator of of 22.
- */
-
-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
-	{
-	static const unsigned char RFC2409_PRIME_768[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
-	}
-
-/* "Second Oakley Default Group" from RFC2409, section 6.2.
- *
- * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
- *
- * RFC2409 specifies a generator of 2.
- * RFC2412 specifies a generator of 22.
- */
-
-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
-	{
-	static const unsigned char RFC2409_PRIME_1024[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
-	}
-
-/* "1536-bit MODP Group" from RFC3526, Section 2.
- *
- * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
- *
- * RFC3526 specifies a generator of 2.
- * RFC2312 specifies a generator of 22.
- */
-
-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
-	{
-	static const unsigned char RFC3526_PRIME_1536[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
-	}
-
-/* "2048-bit MODP Group" from RFC3526, Section 3.
- *
- * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
-	{
-	static const unsigned char RFC3526_PRIME_2048[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,
-		0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
-	}
-
-/* "3072-bit MODP Group" from RFC3526, Section 4.
- *
- * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
-	{
-	static const unsigned char RFC3526_PRIME_3072[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
-		0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
-	}
-
-/* "4096-bit MODP Group" from RFC3526, Section 5.
- *
- * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
-	{
-	static const unsigned char RFC3526_PRIME_4096[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
-		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
-		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
-		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
-		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
-		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
-		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
-		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
-		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
-	}
-
-/* "6144-bit MODP Group" from RFC3526, Section 6.
- *
- * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
-	{
-	static const unsigned char RFC3526_PRIME_6144[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
-		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
-		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
-		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
-		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
-		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
-		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
-		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
-		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
-		0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
-		0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
-		0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
-		0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
-		0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
-		0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
-		0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
-		0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
-		0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
-		0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
-		0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
-		0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
-		0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
-		0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
-		0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
-		0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
-		0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
-		0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
-		0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
-		0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
-		0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
-		0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
-	}
-
-/* "8192-bit MODP Group" from RFC3526, Section 7.
- *
- * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)
-	{
-	static const unsigned char RFC3526_PRIME_8192[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
-		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
-		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
-		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
-		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
-		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
-		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
-		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
-		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
-		0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
-		0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
-		0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
-		0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
-		0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
-		0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
-		0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
-		0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
-		0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
-		0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
-		0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
-		0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
-		0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
-		0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
-		0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
-		0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
-		0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
-		0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
-		0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
-		0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
-		0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
-		0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
-		0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,
-		0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,
-		0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93,
-		0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
-		0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,
-		0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,
-		0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8,
-		0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
-		0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,
-		0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,
-		0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8,
-		0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
-		0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,
-		0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,
-		0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3,
-		0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
-		0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,
-		0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,
-		0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2,
-		0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
-		0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,
-		0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn);
-	}
-
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
deleted file mode 100644
index 90aa3aeb9f..0000000000
--- a/crypto/bn/bn_ctx.c
+++ /dev/null
@@ -1,454 +0,0 @@
-/* crypto/bn/bn_ctx.c */
-/* Written by Ulf Moeller for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
-#ifndef NDEBUG
-#define NDEBUG
-#endif
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* TODO list
- *
- * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
- * check they can be safely removed.
- *  - Check +1 and other ugliness in BN_from_montgomery()
- *
- * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an
- * appropriate 'block' size that will be honoured by bn_expand_internal() to
- * prevent piddly little reallocations. OTOH, profiling bignum expansions in
- * BN_CTX doesn't show this to be a big issue.
- */
-
-/* How many bignums are in each "pool item"; */
-#define BN_CTX_POOL_SIZE	16
-/* The stack frame info is resizing, set a first-time expansion size; */
-#define BN_CTX_START_FRAMES	32
-
-/***********/
-/* BN_POOL */
-/***********/
-
-/* A bundle of bignums that can be linked with other bundles */
-typedef struct bignum_pool_item
-	{
-	/* The bignum values */
-	BIGNUM vals[BN_CTX_POOL_SIZE];
-	/* Linked-list admin */
-	struct bignum_pool_item *prev, *next;
-	} BN_POOL_ITEM;
-/* A linked-list of bignums grouped in bundles */
-typedef struct bignum_pool
-	{
-	/* Linked-list admin */
-	BN_POOL_ITEM *head, *current, *tail;
-	/* Stack depth and allocation size */
-	unsigned used, size;
-	} BN_POOL;
-static void		BN_POOL_init(BN_POOL *);
-static void		BN_POOL_finish(BN_POOL *);
-#ifndef OPENSSL_NO_DEPRECATED
-static void		BN_POOL_reset(BN_POOL *);
-#endif
-static BIGNUM *		BN_POOL_get(BN_POOL *);
-static void		BN_POOL_release(BN_POOL *, unsigned int);
-
-/************/
-/* BN_STACK */
-/************/
-
-/* A wrapper to manage the "stack frames" */
-typedef struct bignum_ctx_stack
-	{
-	/* Array of indexes into the bignum stack */
-	unsigned int *indexes;
-	/* Number of stack frames, and the size of the allocated array */
-	unsigned int depth, size;
-	} BN_STACK;
-static void		BN_STACK_init(BN_STACK *);
-static void		BN_STACK_finish(BN_STACK *);
-#ifndef OPENSSL_NO_DEPRECATED
-static void		BN_STACK_reset(BN_STACK *);
-#endif
-static int		BN_STACK_push(BN_STACK *, unsigned int);
-static unsigned int	BN_STACK_pop(BN_STACK *);
-
-/**********/
-/* BN_CTX */
-/**********/
-
-/* The opaque BN_CTX type */
-struct bignum_ctx
-	{
-	/* The bignum bundles */
-	BN_POOL pool;
-	/* The "stack frames", if you will */
-	BN_STACK stack;
-	/* The number of bignums currently assigned */
-	unsigned int used;
-	/* Depth of stack overflow */
-	int err_stack;
-	/* Block "gets" until an "end" (compatibility behaviour) */
-	int too_many;
-	};
-
-/* Enable this to find BN_CTX bugs */
-#ifdef BN_CTX_DEBUG
-static const char *ctxdbg_cur = NULL;
-static void ctxdbg(BN_CTX *ctx)
-	{
-	unsigned int bnidx = 0, fpidx = 0;
-	BN_POOL_ITEM *item = ctx->pool.head;
-	BN_STACK *stack = &ctx->stack;
-	fprintf(stderr,"(%16p): ", ctx);
-	while(bnidx < ctx->used)
-		{
-		fprintf(stderr,"%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
-		if(!(bnidx % BN_CTX_POOL_SIZE))
-			item = item->next;
-		}
-	fprintf(stderr,"\n");
-	bnidx = 0;
-	fprintf(stderr,"          : ");
-	while(fpidx < stack->depth)
-		{
-		while(bnidx++ < stack->indexes[fpidx])
-			fprintf(stderr,"    ");
-		fprintf(stderr,"^^^ ");
-		bnidx++;
-		fpidx++;
-		}
-	fprintf(stderr,"\n");
-	}
-#define CTXDBG_ENTRY(str, ctx)	do { \
-				ctxdbg_cur = (str); \
-				fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
-				ctxdbg(ctx); \
-				} while(0)
-#define CTXDBG_EXIT(ctx)	do { \
-				fprintf(stderr,"Ending %s\n", ctxdbg_cur); \
-				ctxdbg(ctx); \
-				} while(0)
-#define CTXDBG_RET(ctx,ret)
-#else
-#define CTXDBG_ENTRY(str, ctx)
-#define CTXDBG_EXIT(ctx)
-#define CTXDBG_RET(ctx,ret)
-#endif
-
-/* This function is an evil legacy and should not be used. This implementation
- * is WYSIWYG, though I've done my best. */
-#ifndef OPENSSL_NO_DEPRECATED
-void BN_CTX_init(BN_CTX *ctx)
-	{
-	/* Assume the caller obtained the context via BN_CTX_new() and so is
-	 * trying to reset it for use. Nothing else makes sense, least of all
-	 * binary compatibility from a time when they could declare a static
-	 * variable. */
-	BN_POOL_reset(&ctx->pool);
-	BN_STACK_reset(&ctx->stack);
-	ctx->used = 0;
-	ctx->err_stack = 0;
-	ctx->too_many = 0;
-	}
-#endif
-
-BN_CTX *BN_CTX_new(void)
-	{
-	BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));
-	if(!ret)
-		{
-		BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	/* Initialise the structure */
-	BN_POOL_init(&ret->pool);
-	BN_STACK_init(&ret->stack);
-	ret->used = 0;
-	ret->err_stack = 0;
-	ret->too_many = 0;
-	return ret;
-	}
-
-void BN_CTX_free(BN_CTX *ctx)
-	{
-	if (ctx == NULL)
-		return;
-#ifdef BN_CTX_DEBUG
-	{
-	BN_POOL_ITEM *pool = ctx->pool.head;
-	fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
-		ctx->stack.size, ctx->pool.size);
-	fprintf(stderr,"dmaxs: ");
-	while(pool) {
-		unsigned loop = 0;
-		while(loop < BN_CTX_POOL_SIZE)
-			fprintf(stderr,"%02x ", pool->vals[loop++].dmax);
-		pool = pool->next;
-	}
-	fprintf(stderr,"\n");
-	}
-#endif
-	BN_STACK_finish(&ctx->stack);
-	BN_POOL_finish(&ctx->pool);
-	OPENSSL_free(ctx);
-	}
-
-void BN_CTX_start(BN_CTX *ctx)
-	{
-	CTXDBG_ENTRY("BN_CTX_start", ctx);
-	/* If we're already overflowing ... */
-	if(ctx->err_stack || ctx->too_many)
-		ctx->err_stack++;
-	/* (Try to) get a new frame pointer */
-	else if(!BN_STACK_push(&ctx->stack, ctx->used))
-		{
-		BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
-		ctx->err_stack++;
-		}
-	CTXDBG_EXIT(ctx);
-	}
-
-void BN_CTX_end(BN_CTX *ctx)
-	{
-	CTXDBG_ENTRY("BN_CTX_end", ctx);
-	if(ctx->err_stack)
-		ctx->err_stack--;
-	else
-		{
-		unsigned int fp = BN_STACK_pop(&ctx->stack);
-		/* Does this stack frame have anything to release? */
-		if(fp < ctx->used)
-			BN_POOL_release(&ctx->pool, ctx->used - fp);
-		ctx->used = fp;
-		/* Unjam "too_many" in case "get" had failed */
-		ctx->too_many = 0;
-		}
-	CTXDBG_EXIT(ctx);
-	}
-
-BIGNUM *BN_CTX_get(BN_CTX *ctx)
-	{
-	BIGNUM *ret;
-	CTXDBG_ENTRY("BN_CTX_get", ctx);
-	if(ctx->err_stack || ctx->too_many) return NULL;
-	if((ret = BN_POOL_get(&ctx->pool)) == NULL)
-		{
-		/* Setting too_many prevents repeated "get" attempts from
-		 * cluttering the error stack. */
-		ctx->too_many = 1;
-		BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
-		return NULL;
-		}
-	/* OK, make sure the returned bignum is "zero" */
-	BN_zero(ret);
-	ctx->used++;
-	CTXDBG_RET(ctx, ret);
-	return ret;
-	}
-
-/************/
-/* BN_STACK */
-/************/
-
-static void BN_STACK_init(BN_STACK *st)
-	{
-	st->indexes = NULL;
-	st->depth = st->size = 0;
-	}
-
-static void BN_STACK_finish(BN_STACK *st)
-	{
-	if(st->size) OPENSSL_free(st->indexes);
-	}
-
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_STACK_reset(BN_STACK *st)
-	{
-	st->depth = 0;
-	}
-#endif
-
-static int BN_STACK_push(BN_STACK *st, unsigned int idx)
-	{
-	if(st->depth == st->size)
-		/* Need to expand */
-		{
-		unsigned int newsize = (st->size ?
-				(st->size * 3 / 2) : BN_CTX_START_FRAMES);
-		unsigned int *newitems = OPENSSL_malloc(newsize *
-						sizeof(unsigned int));
-		if(!newitems) return 0;
-		if(st->depth)
-			memcpy(newitems, st->indexes, st->depth *
-						sizeof(unsigned int));
-		if(st->size) OPENSSL_free(st->indexes);
-		st->indexes = newitems;
-		st->size = newsize;
-		}
-	st->indexes[(st->depth)++] = idx;
-	return 1;
-	}
-
-static unsigned int BN_STACK_pop(BN_STACK *st)
-	{
-	return st->indexes[--(st->depth)];
-	}
-
-/***********/
-/* BN_POOL */
-/***********/
-
-static void BN_POOL_init(BN_POOL *p)
-	{
-	p->head = p->current = p->tail = NULL;
-	p->used = p->size = 0;
-	}
-
-static void BN_POOL_finish(BN_POOL *p)
-	{
-	while(p->head)
-		{
-		unsigned int loop = 0;
-		BIGNUM *bn = p->head->vals;
-		while(loop++ < BN_CTX_POOL_SIZE)
-			{
-			if(bn->d) BN_clear_free(bn);
-			bn++;
-			}
-		p->current = p->head->next;
-		OPENSSL_free(p->head);
-		p->head = p->current;
-		}
-	}
-
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_POOL_reset(BN_POOL *p)
-	{
-	BN_POOL_ITEM *item = p->head;
-	while(item)
-		{
-		unsigned int loop = 0;
-		BIGNUM *bn = item->vals;
-		while(loop++ < BN_CTX_POOL_SIZE)
-			{
-			if(bn->d) BN_clear(bn);
-			bn++;
-			}
-		item = item->next;
-		}
-	p->current = p->head;
-	p->used = 0;
-	}
-#endif
-
-static BIGNUM *BN_POOL_get(BN_POOL *p)
-	{
-	if(p->used == p->size)
-		{
-		BIGNUM *bn;
-		unsigned int loop = 0;
-		BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM));
-		if(!item) return NULL;
-		/* Initialise the structure */
-		bn = item->vals;
-		while(loop++ < BN_CTX_POOL_SIZE)
-			BN_init(bn++);
-		item->prev = p->tail;
-		item->next = NULL;
-		/* Link it in */
-		if(!p->head)
-			p->head = p->current = p->tail = item;
-		else
-			{
-			p->tail->next = item;
-			p->tail = item;
-			p->current = item;
-			}
-		p->size += BN_CTX_POOL_SIZE;
-		p->used++;
-		/* Return the first bignum from the new pool */
-		return item->vals;
-		}
-	if(!p->used)
-		p->current = p->head;
-	else if((p->used % BN_CTX_POOL_SIZE) == 0)
-		p->current = p->current->next;
-	return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
-	}
-
-static void BN_POOL_release(BN_POOL *p, unsigned int num)
-	{
-	unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
-	p->used -= num;
-	while(num--)
-		{
-		bn_check_top(p->current->vals + offset);
-		if(!offset)
-			{
-			offset = BN_CTX_POOL_SIZE - 1;
-			p->current = p->current->prev;
-			}
-		else
-			offset--;
-		}
-	}
-
diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c
deleted file mode 100644
index 27535e4fca..0000000000
--- a/crypto/bn/bn_depr.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/* crypto/bn/bn_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Support for deprecated functions goes here - static linkage will only slurp
- * this code if applications are using them directly. */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-
-static void *dummy=&dummy;
-
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
-	const BIGNUM *add, const BIGNUM *rem,
-	void (*callback)(int,int,void *), void *cb_arg)
-	{
-	BN_GENCB cb;
-	BIGNUM *rnd=NULL;
-	int found = 0;
-
-	BN_GENCB_set_old(&cb, callback, cb_arg);
-
-	if (ret == NULL)
-		{
-		if ((rnd=BN_new()) == NULL) goto err;
-		}
-	else
-		rnd=ret;
-	if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
-		goto err;
-
-	/* we have a prime :-) */
-	found = 1;
-err:
-	if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
-	return(found ? rnd : NULL);
-	}
-
-int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
-	BN_CTX *ctx_passed, void *cb_arg)
-	{
-	BN_GENCB cb;
-	BN_GENCB_set_old(&cb, callback, cb_arg);
-	return BN_is_prime_ex(a, checks, ctx_passed, &cb);
-	}
-
-int BN_is_prime_fasttest(const BIGNUM *a, int checks,
-		void (*callback)(int,int,void *),
-		BN_CTX *ctx_passed, void *cb_arg,
-		int do_trial_division)
-	{
-	BN_GENCB cb;
-	BN_GENCB_set_old(&cb, callback, cb_arg);
-	return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
-				do_trial_division, &cb);
-	}
-#endif
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
deleted file mode 100644
index 0ec90e805c..0000000000
--- a/crypto/bn/bn_div.c
+++ /dev/null
@@ -1,450 +0,0 @@
-/* crypto/bn/bn_div.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-
-/* The old slow way */
-#if 0
-int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
-	   BN_CTX *ctx)
-	{
-	int i,nm,nd;
-	int ret = 0;
-	BIGNUM *D;
-
-	bn_check_top(m);
-	bn_check_top(d);
-	if (BN_is_zero(d))
-		{
-		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
-		return(0);
-		}
-
-	if (BN_ucmp(m,d) < 0)
-		{
-		if (rem != NULL)
-			{ if (BN_copy(rem,m) == NULL) return(0); }
-		if (dv != NULL) BN_zero(dv);
-		return(1);
-		}
-
-	BN_CTX_start(ctx);
-	D = BN_CTX_get(ctx);
-	if (dv == NULL) dv = BN_CTX_get(ctx);
-	if (rem == NULL) rem = BN_CTX_get(ctx);
-	if (D == NULL || dv == NULL || rem == NULL)
-		goto end;
-
-	nd=BN_num_bits(d);
-	nm=BN_num_bits(m);
-	if (BN_copy(D,d) == NULL) goto end;
-	if (BN_copy(rem,m) == NULL) goto end;
-
-	/* The next 2 are needed so we can do a dv->d[0]|=1 later
-	 * since BN_lshift1 will only work once there is a value :-) */
-	BN_zero(dv);
-	if(bn_wexpand(dv,1) == NULL) goto end;
-	dv->top=1;
-
-	if (!BN_lshift(D,D,nm-nd)) goto end;
-	for (i=nm-nd; i>=0; i--)
-		{
-		if (!BN_lshift1(dv,dv)) goto end;
-		if (BN_ucmp(rem,D) >= 0)
-			{
-			dv->d[0]|=1;
-			if (!BN_usub(rem,rem,D)) goto end;
-			}
-/* CAN IMPROVE (and have now :=) */
-		if (!BN_rshift1(D,D)) goto end;
-		}
-	rem->neg=BN_is_zero(rem)?0:m->neg;
-	dv->neg=m->neg^d->neg;
-	ret = 1;
- end:
-	BN_CTX_end(ctx);
-	return(ret);
-	}
-
-#else
-
-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
-    && !defined(PEDANTIC) && !defined(BN_DIV3W)
-# if defined(__GNUC__) && __GNUC__>=2
-#  if defined(__i386) || defined (__i386__)
-   /*
-    * There were two reasons for implementing this template:
-    * - GNU C generates a call to a function (__udivdi3 to be exact)
-    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
-    *   understand why...);
-    * - divl doesn't only calculate quotient, but also leaves
-    *   remainder in %edx which we can definitely use here:-)
-    *
-    *					<appro@fy.chalmers.se>
-    */
-#undef bn_div_words
-#  define bn_div_words(n0,n1,d0)		\
-	({  asm volatile (			\
-		"divl	%4"			\
-		: "=a"(q), "=d"(rem)		\
-		: "a"(n1), "d"(n0), "g"(d0)	\
-		: "cc");			\
-	    q;					\
-	})
-#  define REMAINDER_IS_ALREADY_CALCULATED
-#  elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
-   /*
-    * Same story here, but it's 128-bit by 64-bit division. Wow!
-    *					<appro@fy.chalmers.se>
-    */
-#  undef bn_div_words
-#  define bn_div_words(n0,n1,d0)		\
-	({  asm volatile (			\
-		"divq	%4"			\
-		: "=a"(q), "=d"(rem)		\
-		: "a"(n1), "d"(n0), "g"(d0)	\
-		: "cc");			\
-	    q;					\
-	})
-#  define REMAINDER_IS_ALREADY_CALCULATED
-#  endif /* __<cpu> */
-# endif /* __GNUC__ */
-#endif /* OPENSSL_NO_ASM */
-
-
-/* BN_div computes  dv := num / divisor,  rounding towards
- * zero, and sets up rm  such that  dv*divisor + rm = num  holds.
- * Thus:
- *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
- *     rm->neg == num->neg                 (unless the remainder is zero)
- * If 'dv' or 'rm' is NULL, the respective value is not returned.
- */
-int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
-	   BN_CTX *ctx)
-	{
-	int norm_shift,i,loop;
-	BIGNUM *tmp,wnum,*snum,*sdiv,*res;
-	BN_ULONG *resp,*wnump;
-	BN_ULONG d0,d1;
-	int num_n,div_n;
-	int no_branch=0;
-
-	/* Invalid zero-padding would have particularly bad consequences
-	 * so don't just rely on bn_check_top() here
-	 * (bn_check_top() works only for BN_DEBUG builds) */
-	if ((num->top > 0 && num->d[num->top - 1] == 0) ||
-		(divisor->top > 0 && divisor->d[divisor->top - 1] == 0))
-		{
-		BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED);
-		return 0;
-		}
-
-	bn_check_top(num);
-	bn_check_top(divisor);
-
-	if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
-		{
-		no_branch=1;
-		}
-
-	bn_check_top(dv);
-	bn_check_top(rm);
-	/* bn_check_top(num); */ /* 'num' has been checked already */
-	/* bn_check_top(divisor); */ /* 'divisor' has been checked already */
-
-	if (BN_is_zero(divisor))
-		{
-		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
-		return(0);
-		}
-
-	if (!no_branch && BN_ucmp(num,divisor) < 0)
-		{
-		if (rm != NULL)
-			{ if (BN_copy(rm,num) == NULL) return(0); }
-		if (dv != NULL) BN_zero(dv);
-		return(1);
-		}
-
-	BN_CTX_start(ctx);
-	tmp=BN_CTX_get(ctx);
-	snum=BN_CTX_get(ctx);
-	sdiv=BN_CTX_get(ctx);
-	if (dv == NULL)
-		res=BN_CTX_get(ctx);
-	else	res=dv;
-	if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
-		goto err;
-
-	/* First we normalise the numbers */
-	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
-	sdiv->neg=0;
-	norm_shift+=BN_BITS2;
-	if (!(BN_lshift(snum,num,norm_shift))) goto err;
-	snum->neg=0;
-
-	if (no_branch)
-		{
-		/* Since we don't know whether snum is larger than sdiv,
-		 * we pad snum with enough zeroes without changing its
-		 * value. 
-		 */
-		if (snum->top <= sdiv->top+1) 
-			{
-			if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err;
-			for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0;
-			snum->top = sdiv->top + 2;
-			}
-		else
-			{
-			if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;
-			snum->d[snum->top] = 0;
-			snum->top ++;
-			}
-		}
-
-	div_n=sdiv->top;
-	num_n=snum->top;
-	loop=num_n-div_n;
-	/* Lets setup a 'window' into snum
-	 * This is the part that corresponds to the current
-	 * 'area' being divided */
-	wnum.neg   = 0;
-	wnum.d     = &(snum->d[loop]);
-	wnum.top   = div_n;
-	/* only needed when BN_ucmp messes up the values between top and max */
-	wnum.dmax  = snum->dmax - loop; /* so we don't step out of bounds */
-
-	/* Get the top 2 words of sdiv */
-	/* div_n=sdiv->top; */
-	d0=sdiv->d[div_n-1];
-	d1=(div_n == 1)?0:sdiv->d[div_n-2];
-
-	/* pointer to the 'top' of snum */
-	wnump= &(snum->d[num_n-1]);
-
-	/* Setup to 'res' */
-	res->neg= (num->neg^divisor->neg);
-	if (!bn_wexpand(res,(loop+1))) goto err;
-	res->top=loop-no_branch;
-	resp= &(res->d[loop-1]);
-
-	/* space for temp */
-	if (!bn_wexpand(tmp,(div_n+1))) goto err;
-
-	if (!no_branch)
-		{
-		if (BN_ucmp(&wnum,sdiv) >= 0)
-			{
-			/* If BN_DEBUG_RAND is defined BN_ucmp changes (via
-			 * bn_pollute) the const bignum arguments =>
-			 * clean the values between top and max again */
-			bn_clear_top2max(&wnum);
-			bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
-			*resp=1;
-			}
-		else
-			res->top--;
-		}
-
-	/* if res->top == 0 then clear the neg value otherwise decrease
-	 * the resp pointer */
-	if (res->top == 0)
-		res->neg = 0;
-	else
-		resp--;
-
-	for (i=0; i<loop-1; i++, wnump--, resp--)
-		{
-		BN_ULONG q,l0;
-		/* the first part of the loop uses the top two words of
-		 * snum and sdiv to calculate a BN_ULONG q such that
-		 * | wnum - sdiv * q | < sdiv */
-#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
-		BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
-		q=bn_div_3_words(wnump,d1,d0);
-#else
-		BN_ULONG n0,n1,rem=0;
-
-		n0=wnump[0];
-		n1=wnump[-1];
-		if (n0 == d0)
-			q=BN_MASK2;
-		else 			/* n0 < d0 */
-			{
-#ifdef BN_LLONG
-			BN_ULLONG t2;
-
-#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
-			q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
-#else
-			q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-				n0, n1, d0, q);
-#endif
-#endif
-
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
-			/*
-			 * rem doesn't have to be BN_ULLONG. The least we
-			 * know it's less that d0, isn't it?
-			 */
-			rem=(n1-q*d0)&BN_MASK2;
-#endif
-			t2=(BN_ULLONG)d1*q;
-
-			for (;;)
-				{
-				if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
-					break;
-				q--;
-				rem += d0;
-				if (rem < d0) break; /* don't let rem overflow */
-				t2 -= d1;
-				}
-#else /* !BN_LLONG */
-			BN_ULONG t2l,t2h;
-
-			q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-				n0, n1, d0, q);
-#endif
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
-			rem=(n1-q*d0)&BN_MASK2;
-#endif
-
-#if defined(BN_UMULT_LOHI)
-			BN_UMULT_LOHI(t2l,t2h,d1,q);
-#elif defined(BN_UMULT_HIGH)
-			t2l = d1 * q;
-			t2h = BN_UMULT_HIGH(d1,q);
-#else
-			{
-			BN_ULONG ql, qh;
-			t2l=LBITS(d1); t2h=HBITS(d1);
-			ql =LBITS(q);  qh =HBITS(q);
-			mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
-			}
-#endif
-
-			for (;;)
-				{
-				if ((t2h < rem) ||
-					((t2h == rem) && (t2l <= wnump[-2])))
-					break;
-				q--;
-				rem += d0;
-				if (rem < d0) break; /* don't let rem overflow */
-				if (t2l < d1) t2h--; t2l -= d1;
-				}
-#endif /* !BN_LLONG */
-			}
-#endif /* !BN_DIV3W */
-
-		l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
-		tmp->d[div_n]=l0;
-		wnum.d--;
-		/* ingore top values of the bignums just sub the two 
-		 * BN_ULONG arrays with bn_sub_words */
-		if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
-			{
-			/* Note: As we have considered only the leading
-			 * two BN_ULONGs in the calculation of q, sdiv * q
-			 * might be greater than wnum (but then (q-1) * sdiv
-			 * is less or equal than wnum)
-			 */
-			q--;
-			if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
-				/* we can't have an overflow here (assuming
-				 * that q != 0, but if q == 0 then tmp is
-				 * zero anyway) */
-				(*wnump)++;
-			}
-		/* store part of the result */
-		*resp = q;
-		}
-	bn_correct_top(snum);
-	if (rm != NULL)
-		{
-		/* Keep a copy of the neg flag in num because if rm==num
-		 * BN_rshift() will overwrite it.
-		 */
-		int neg = num->neg;
-		BN_rshift(rm,snum,norm_shift);
-		if (!BN_is_zero(rm))
-			rm->neg = neg;
-		bn_check_top(rm);
-		}
-	if (no_branch)	bn_correct_top(res);
-	BN_CTX_end(ctx);
-	return(1);
-err:
-	bn_check_top(rm);
-	BN_CTX_end(ctx);
-	return(0);
-	}
-#endif
diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
deleted file mode 100644
index f722b52564..0000000000
--- a/crypto/bn/bn_err.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/* crypto/bn/bn_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
-
-static ERR_STRING_DATA BN_str_functs[]=
-	{
-{ERR_FUNC(BN_F_BNRAND),	"BNRAND"},
-{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX),	"BN_BLINDING_convert_ex"},
-{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM),	"BN_BLINDING_create_param"},
-{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX),	"BN_BLINDING_invert_ex"},
-{ERR_FUNC(BN_F_BN_BLINDING_NEW),	"BN_BLINDING_new"},
-{ERR_FUNC(BN_F_BN_BLINDING_UPDATE),	"BN_BLINDING_update"},
-{ERR_FUNC(BN_F_BN_BN2DEC),	"BN_bn2dec"},
-{ERR_FUNC(BN_F_BN_BN2HEX),	"BN_bn2hex"},
-{ERR_FUNC(BN_F_BN_CTX_GET),	"BN_CTX_get"},
-{ERR_FUNC(BN_F_BN_CTX_NEW),	"BN_CTX_new"},
-{ERR_FUNC(BN_F_BN_CTX_START),	"BN_CTX_start"},
-{ERR_FUNC(BN_F_BN_DIV),	"BN_div"},
-{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH),	"BN_div_no_branch"},
-{ERR_FUNC(BN_F_BN_DIV_RECP),	"BN_div_recp"},
-{ERR_FUNC(BN_F_BN_EXP),	"BN_exp"},
-{ERR_FUNC(BN_F_BN_EXPAND2),	"bn_expand2"},
-{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL),	"BN_EXPAND_INTERNAL"},
-{ERR_FUNC(BN_F_BN_GENERATE_DSA_NONCE),	"BN_generate_dsa_nonce"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD),	"BN_GF2m_mod"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP),	"BN_GF2m_mod_exp"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL),	"BN_GF2m_mod_mul"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD),	"BN_GF2m_mod_solve_quad"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR),	"BN_GF2m_mod_solve_quad_arr"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR),	"BN_GF2m_mod_sqr"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT),	"BN_GF2m_mod_sqrt"},
-{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT),	"BN_mod_exp2_mont"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT),	"BN_mod_exp_mont"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME),	"BN_mod_exp_mont_consttime"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD),	"BN_mod_exp_mont_word"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_RECP),	"BN_mod_exp_recp"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE),	"BN_mod_exp_simple"},
-{ERR_FUNC(BN_F_BN_MOD_INVERSE),	"BN_mod_inverse"},
-{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH),	"BN_mod_inverse_no_branch"},
-{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK),	"BN_mod_lshift_quick"},
-{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL),	"BN_mod_mul_reciprocal"},
-{ERR_FUNC(BN_F_BN_MOD_SQRT),	"BN_mod_sqrt"},
-{ERR_FUNC(BN_F_BN_MPI2BN),	"BN_mpi2bn"},
-{ERR_FUNC(BN_F_BN_NEW),	"BN_new"},
-{ERR_FUNC(BN_F_BN_RAND),	"BN_rand"},
-{ERR_FUNC(BN_F_BN_RAND_RANGE),	"BN_rand_range"},
-{ERR_FUNC(BN_F_BN_USUB),	"BN_usub"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA BN_str_reasons[]=
-	{
-{ERR_REASON(BN_R_ARG2_LT_ARG3)           ,"arg2 lt arg3"},
-{ERR_REASON(BN_R_BAD_RECIPROCAL)         ,"bad reciprocal"},
-{ERR_REASON(BN_R_BIGNUM_TOO_LONG)        ,"bignum too long"},
-{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},
-{ERR_REASON(BN_R_DIV_BY_ZERO)            ,"div by zero"},
-{ERR_REASON(BN_R_ENCODING_ERROR)         ,"encoding error"},
-{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"},
-{ERR_REASON(BN_R_INPUT_NOT_REDUCED)      ,"input not reduced"},
-{ERR_REASON(BN_R_INVALID_LENGTH)         ,"invalid length"},
-{ERR_REASON(BN_R_INVALID_RANGE)          ,"invalid range"},
-{ERR_REASON(BN_R_NOT_A_SQUARE)           ,"not a square"},
-{ERR_REASON(BN_R_NOT_INITIALIZED)        ,"not initialized"},
-{ERR_REASON(BN_R_NO_INVERSE)             ,"no inverse"},
-{ERR_REASON(BN_R_NO_SOLUTION)            ,"no solution"},
-{ERR_REASON(BN_R_PRIVATE_KEY_TOO_LARGE)  ,"private key too large"},
-{ERR_REASON(BN_R_P_IS_NOT_PRIME)         ,"p is not prime"},
-{ERR_REASON(BN_R_TOO_MANY_ITERATIONS)    ,"too many iterations"},
-{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_BN_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(BN_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,BN_str_functs);
-		ERR_load_strings(0,BN_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
deleted file mode 100644
index 611fa3262b..0000000000
--- a/crypto/bn/bn_exp.c
+++ /dev/null
@@ -1,1104 +0,0 @@
-/* crypto/bn/bn_exp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#include <stdlib.h>
-#ifdef _WIN32
-# include <malloc.h>
-# ifndef alloca
-#  define alloca _alloca
-# endif
-#elif defined(__GNUC__)
-# ifndef alloca
-#  define alloca(s) __builtin_alloca((s))
-# endif
-#endif
-
-/* maximum precomputation table size for *variable* sliding windows */
-#define TABLE_SIZE	32
-
-/* this one works - simple but works */
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-	{
-	int i,bits,ret=0;
-	BIGNUM *v,*rr;
-
-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
-		{
-		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-		BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return -1;
-		}
-
-	BN_CTX_start(ctx);
-	if ((r == a) || (r == p))
-		rr = BN_CTX_get(ctx);
-	else
-		rr = r;
-	v = BN_CTX_get(ctx);
-	if (rr == NULL || v == NULL) goto err;
-
-	if (BN_copy(v,a) == NULL) goto err;
-	bits=BN_num_bits(p);
-
-	if (BN_is_odd(p))
-		{ if (BN_copy(rr,a) == NULL) goto err; }
-	else	{ if (!BN_one(rr)) goto err; }
-
-	for (i=1; i<bits; i++)
-		{
-		if (!BN_sqr(v,v,ctx)) goto err;
-		if (BN_is_bit_set(p,i))
-			{
-			if (!BN_mul(rr,rr,v,ctx)) goto err;
-			}
-		}
-	ret=1;
-err:
-	if (r != rr) BN_copy(r,rr);
-	BN_CTX_end(ctx);
-	bn_check_top(r);
-	return(ret);
-	}
-
-
-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
-	       BN_CTX *ctx)
-	{
-	int ret;
-
-	bn_check_top(a);
-	bn_check_top(p);
-	bn_check_top(m);
-
-	/* For even modulus  m = 2^k*m_odd,  it might make sense to compute
-	 * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
-	 * exponentiation for the odd part), using appropriate exponent
-	 * reductions, and combine the results using the CRT.
-	 *
-	 * For now, we use Montgomery only if the modulus is odd; otherwise,
-	 * exponentiation using the reciprocal-based quick remaindering
-	 * algorithm is used.
-	 *
-	 * (Timing obtained with expspeed.c [computations  a^p mod m
-	 * where  a, p, m  are of the same length: 256, 512, 1024, 2048,
-	 * 4096, 8192 bits], compared to the running time of the
-	 * standard algorithm:
-	 *
-	 *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]
-         *                     55 .. 77 %  [UltraSparc processor, but
-	 *                                  debug-solaris-sparcv8-gcc conf.]
-	 * 
-	 *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]
-	 *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
-	 *
-	 * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
-	 * at 2048 and more bits, but at 512 and 1024 bits, it was
-	 * slower even than the standard algorithm!
-	 *
-	 * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
-	 * should be obtained when the new Montgomery reduction code
-	 * has been integrated into OpenSSL.)
-	 */
-
-#define MONT_MUL_MOD
-#define MONT_EXP_WORD
-#define RECP_MUL_MOD
-
-#ifdef MONT_MUL_MOD
-	/* I have finally been able to take out this pre-condition of
-	 * the top bit being set.  It was caused by an error in BN_div
-	 * with negatives.  There was also another problem when for a^b%m
-	 * a >= m.  eay 07-May-97 */
-/*	if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
-
-	if (BN_is_odd(m))
-		{
-#  ifdef MONT_EXP_WORD
-		if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0))
-			{
-			BN_ULONG A = a->d[0];
-			ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
-			}
-		else
-#  endif
-			ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
-		}
-	else
-#endif
-#ifdef RECP_MUL_MOD
-		{ ret=BN_mod_exp_recp(r,a,p,m,ctx); }
-#else
-		{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
-#endif
-
-	bn_check_top(r);
-	return(ret);
-	}
-
-
-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-		    const BIGNUM *m, BN_CTX *ctx)
-	{
-	int i,j,bits,ret=0,wstart,wend,window,wvalue;
-	int start=1;
-	BIGNUM *aa;
-	/* Table of variables obtained from 'ctx' */
-	BIGNUM *val[TABLE_SIZE];
-	BN_RECP_CTX recp;
-
-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
-		{
-		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-		BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return -1;
-		}
-
-	bits=BN_num_bits(p);
-
-	if (bits == 0)
-		{
-		ret = BN_one(r);
-		return ret;
-		}
-
-	BN_CTX_start(ctx);
-	aa = BN_CTX_get(ctx);
-	val[0] = BN_CTX_get(ctx);
-	if(!aa || !val[0]) goto err;
-
-	BN_RECP_CTX_init(&recp);
-	if (m->neg)
-		{
-		/* ignore sign of 'm' */
-		if (!BN_copy(aa, m)) goto err;
-		aa->neg = 0;
-		if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err;
-		}
-	else
-		{
-		if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
-		}
-
-	if (!BN_nnmod(val[0],a,m,ctx)) goto err;		/* 1 */
-	if (BN_is_zero(val[0]))
-		{
-		BN_zero(r);
-		ret = 1;
-		goto err;
-		}
-
-	window = BN_window_bits_for_exponent_size(bits);
-	if (window > 1)
-		{
-		if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx))
-			goto err;				/* 2 */
-		j=1<<(window-1);
-		for (i=1; i<j; i++)
-			{
-			if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
-					!BN_mod_mul_reciprocal(val[i],val[i-1],
-						aa,&recp,ctx))
-				goto err;
-			}
-		}
-		
-	start=1;	/* This is used to avoid multiplication etc
-			 * when there is only the value '1' in the
-			 * buffer. */
-	wvalue=0;	/* The 'value' of the window */
-	wstart=bits-1;	/* The top bit of the window */
-	wend=0;		/* The bottom bit of the window */
-
-	if (!BN_one(r)) goto err;
-
-	for (;;)
-		{
-		if (BN_is_bit_set(p,wstart) == 0)
-			{
-			if (!start)
-				if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
-				goto err;
-			if (wstart == 0) break;
-			wstart--;
-			continue;
-			}
-		/* We now have wstart on a 'set' bit, we now need to work out
-		 * how bit a window to do.  To do this we need to scan
-		 * forward until the last set bit before the end of the
-		 * window */
-		j=wstart;
-		wvalue=1;
-		wend=0;
-		for (i=1; i<window; i++)
-			{
-			if (wstart-i < 0) break;
-			if (BN_is_bit_set(p,wstart-i))
-				{
-				wvalue<<=(i-wend);
-				wvalue|=1;
-				wend=i;
-				}
-			}
-
-		/* wend is the size of the current window */
-		j=wend+1;
-		/* add the 'bytes above' */
-		if (!start)
-			for (i=0; i<j; i++)
-				{
-				if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
-					goto err;
-				}
-		
-		/* wvalue will be an odd number < 2^window */
-		if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],&recp,ctx))
-			goto err;
-
-		/* move the 'window' down further */
-		wstart-=wend+1;
-		wvalue=0;
-		start=0;
-		if (wstart < 0) break;
-		}
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	BN_RECP_CTX_free(&recp);
-	bn_check_top(r);
-	return(ret);
-	}
-
-
-int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-		    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-	{
-	int i,j,bits,ret=0,wstart,wend,window,wvalue;
-	int start=1;
-	BIGNUM *d,*r;
-	const BIGNUM *aa;
-	/* Table of variables obtained from 'ctx' */
-	BIGNUM *val[TABLE_SIZE];
-	BN_MONT_CTX *mont=NULL;
-
-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
-		{
-		return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
-		}
-
-	bn_check_top(a);
-	bn_check_top(p);
-	bn_check_top(m);
-
-	if (!BN_is_odd(m))
-		{
-		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
-		return(0);
-		}
-	bits=BN_num_bits(p);
-	if (bits == 0)
-		{
-		ret = BN_one(rr);
-		return ret;
-		}
-
-	BN_CTX_start(ctx);
-	d = BN_CTX_get(ctx);
-	r = BN_CTX_get(ctx);
-	val[0] = BN_CTX_get(ctx);
-	if (!d || !r || !val[0]) goto err;
-
-	/* If this is not done, things will break in the montgomery
-	 * part */
-
-	if (in_mont != NULL)
-		mont=in_mont;
-	else
-		{
-		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
-		}
-
-	if (a->neg || BN_ucmp(a,m) >= 0)
-		{
-		if (!BN_nnmod(val[0],a,m,ctx))
-			goto err;
-		aa= val[0];
-		}
-	else
-		aa=a;
-	if (BN_is_zero(aa))
-		{
-		BN_zero(rr);
-		ret = 1;
-		goto err;
-		}
-	if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */
-
-	window = BN_window_bits_for_exponent_size(bits);
-	if (window > 1)
-		{
-		if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */
-		j=1<<(window-1);
-		for (i=1; i<j; i++)
-			{
-			if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
-					!BN_mod_mul_montgomery(val[i],val[i-1],
-						d,mont,ctx))
-				goto err;
-			}
-		}
-
-	start=1;	/* This is used to avoid multiplication etc
-			 * when there is only the value '1' in the
-			 * buffer. */
-	wvalue=0;	/* The 'value' of the window */
-	wstart=bits-1;	/* The top bit of the window */
-	wend=0;		/* The bottom bit of the window */
-
-	if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
-	for (;;)
-		{
-		if (BN_is_bit_set(p,wstart) == 0)
-			{
-			if (!start)
-				{
-				if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-				goto err;
-				}
-			if (wstart == 0) break;
-			wstart--;
-			continue;
-			}
-		/* We now have wstart on a 'set' bit, we now need to work out
-		 * how bit a window to do.  To do this we need to scan
-		 * forward until the last set bit before the end of the
-		 * window */
-		j=wstart;
-		wvalue=1;
-		wend=0;
-		for (i=1; i<window; i++)
-			{
-			if (wstart-i < 0) break;
-			if (BN_is_bit_set(p,wstart-i))
-				{
-				wvalue<<=(i-wend);
-				wvalue|=1;
-				wend=i;
-				}
-			}
-
-		/* wend is the size of the current window */
-		j=wend+1;
-		/* add the 'bytes above' */
-		if (!start)
-			for (i=0; i<j; i++)
-				{
-				if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-					goto err;
-				}
-		
-		/* wvalue will be an odd number < 2^window */
-		if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx))
-			goto err;
-
-		/* move the 'window' down further */
-		wstart-=wend+1;
-		wvalue=0;
-		start=0;
-		if (wstart < 0) break;
-		}
-	if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
-	ret=1;
-err:
-	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-	BN_CTX_end(ctx);
-	bn_check_top(rr);
-	return(ret);
-	}
-
-
-/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
- * so that accessing any of these table values shows the same access pattern as far
- * as cache lines are concerned.  The following functions are used to transfer a BIGNUM
- * from/to that table. */
-
-static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, unsigned char *buf, int idx, int width)
-	{
-	size_t i, j;
-
-	if (top > b->top)
-		top = b->top; /* this works because 'buf' is explicitly zeroed */
-	for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
-		{
-		buf[j] = ((unsigned char*)b->d)[i];
-		}
-
-	return 1;
-	}
-
-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
-	{
-	size_t i, j;
-
-	if (bn_wexpand(b, top) == NULL)
-		return 0;
-
-	for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
-		{
-		((unsigned char*)b->d)[i] = buf[j];
-		}
-
-	b->top = top;
-	bn_correct_top(b);
-	return 1;
-	}	
-
-/* Given a pointer value, compute the next address that is a cache line multiple. */
-#define MOD_EXP_CTIME_ALIGN(x_) \
-	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-
-/* This variant of BN_mod_exp_mont() uses fixed windows and the special
- * precomputation memory layout to limit data-dependency to a minimum
- * to protect secret exponents (cf. the hyper-threading timing attacks
- * pointed out by Colin Percival,
- * http://www.daemonology.net/hyperthreading-considered-harmful/)
- */
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-		    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-	{
-	int i,bits,ret=0,window,wvalue;
-	int top;
-	BN_MONT_CTX *mont=NULL;
-
-	int numPowers;
-	unsigned char *powerbufFree=NULL;
-	int powerbufLen = 0;
-	unsigned char *powerbuf=NULL;
-	BIGNUM tmp, am;
-
-	bn_check_top(a);
-	bn_check_top(p);
-	bn_check_top(m);
-
-	top = m->top;
-
-	if (!(m->d[0] & 1))
-		{
-		BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS);
-		return(0);
-		}
-	bits=BN_num_bits(p);
-	if (bits == 0)
-		{
-		ret = BN_one(rr);
-		return ret;
-		}
-
-	BN_CTX_start(ctx);
-
-	/* Allocate a montgomery context if it was not supplied by the caller.
-	 * If this is not done, things will break in the montgomery part.
- 	 */
-	if (in_mont != NULL)
-		mont=in_mont;
-	else
-		{
-		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
-		}
-
-	/* Get the window size to use with size of p. */
-	window = BN_window_bits_for_ctime_exponent_size(bits);
-#if defined(OPENSSL_BN_ASM_MONT5)
-	if (window==6 && bits<=1024) window=5;	/* ~5% improvement of 2048-bit RSA sign */
-#endif
-
-	/* Allocate a buffer large enough to hold all of the pre-computed
-	 * powers of am, am itself and tmp.
-	 */
-	numPowers = 1 << window;
-	powerbufLen = sizeof(m->d[0])*(top*numPowers +
-				((2*top)>numPowers?(2*top):numPowers));
-#ifdef alloca
-	if (powerbufLen < 3072)
-		powerbufFree = alloca(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
-	else
-#endif
-	if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
-		goto err;
-		
-	powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
-	memset(powerbuf, 0, powerbufLen);
-
-#ifdef alloca
-	if (powerbufLen < 3072)
-		powerbufFree = NULL;
-#endif
-
-	/* lay down tmp and am right after powers table */
-	tmp.d     = (BN_ULONG *)(powerbuf + sizeof(m->d[0])*top*numPowers);
-	am.d      = tmp.d + top;
-	tmp.top   = am.top  = 0;
-	tmp.dmax  = am.dmax = top;
-	tmp.neg   = am.neg  = 0;
-	tmp.flags = am.flags = BN_FLG_STATIC_DATA;
-
-	/* prepare a^0 in Montgomery domain */
-#if 1
- 	if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx))	goto err;
-#else
-	tmp.d[0] = (0-m->d[0])&BN_MASK2;	/* 2^(top*BN_BITS2) - m */
-	for (i=1;i<top;i++)
-		tmp.d[i] = (~m->d[i])&BN_MASK2;
-	tmp.top = top;
-#endif
-
-	/* prepare a^1 in Montgomery domain */
-	if (a->neg || BN_ucmp(a,m) >= 0)
-		{
-		if (!BN_mod(&am,a,m,ctx))			goto err;
-		if (!BN_to_montgomery(&am,&am,mont,ctx))	goto err;
-		}
-	else	if (!BN_to_montgomery(&am,a,mont,ctx))		goto err;
-
-#if defined(OPENSSL_BN_ASM_MONT5)
-    /* This optimization uses ideas from http://eprint.iacr.org/2011/239,
-     * specifically optimization of cache-timing attack countermeasures
-     * and pre-computation optimization. */
-
-    /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
-     * 512-bit RSA is hardly relevant, we omit it to spare size... */ 
-    if (window==5 && top>1)
-	{
-	void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap,
-			const void *table,const BN_ULONG *np,
-			const BN_ULONG *n0,int num,int power);
-	void bn_scatter5(const BN_ULONG *inp,size_t num,
-			void *table,size_t power);
-	void bn_gather5(BN_ULONG *out,size_t num,
-			void *table,size_t power);
-
-	BN_ULONG *np=mont->N.d, *n0=mont->n0;
-
-	/* BN_to_montgomery can contaminate words above .top
-	 * [in BN_DEBUG[_DEBUG] build]... */
-	for (i=am.top; i<top; i++)	am.d[i]=0;
-	for (i=tmp.top; i<top; i++)	tmp.d[i]=0;
-
-	bn_scatter5(tmp.d,top,powerbuf,0);
-	bn_scatter5(am.d,am.top,powerbuf,1);
-	bn_mul_mont(tmp.d,am.d,am.d,np,n0,top);
-	bn_scatter5(tmp.d,top,powerbuf,2);
-
-#if 0
-	for (i=3; i<32; i++)
-		{
-		/* Calculate a^i = a^(i-1) * a */
-		bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
-		bn_scatter5(tmp.d,top,powerbuf,i);
-		}
-#else
-	/* same as above, but uses squaring for 1/2 of operations */
-	for (i=4; i<32; i*=2)
-		{
-		bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
-		bn_scatter5(tmp.d,top,powerbuf,i);
-		}
-	for (i=3; i<8; i+=2)
-		{
-		int j;
-		bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
-		bn_scatter5(tmp.d,top,powerbuf,i);
-		for (j=2*i; j<32; j*=2)
-			{
-			bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
-			bn_scatter5(tmp.d,top,powerbuf,j);
-			}
-		}
-	for (; i<16; i+=2)
-		{
-		bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
-		bn_scatter5(tmp.d,top,powerbuf,i);
-		bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
-		bn_scatter5(tmp.d,top,powerbuf,2*i);
-		}
-	for (; i<32; i+=2)
-		{
-		bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
-		bn_scatter5(tmp.d,top,powerbuf,i);
-		}
-#endif
-	bits--;
-	for (wvalue=0, i=bits%5; i>=0; i--,bits--)
-		wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
-	bn_gather5(tmp.d,top,powerbuf,wvalue);
-
-	/* Scan the exponent one window at a time starting from the most
-	 * significant bits.
-	 */
-	while (bits >= 0)
-		{
-		for (wvalue=0, i=0; i<5; i++,bits--)
-			wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
-
-		bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
-		bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
-		bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
-		bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
-		bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
-		bn_mul_mont_gather5(tmp.d,tmp.d,powerbuf,np,n0,top,wvalue);
-		}
-
-	tmp.top=top;
-	bn_correct_top(&tmp);
-	}
-    else
-#endif
-	{
-	if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers)) goto err;
-	if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am,  top, powerbuf, 1, numPowers)) goto err;
-
-	/* If the window size is greater than 1, then calculate
-	 * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
-	 * (even powers could instead be computed as (a^(i/2))^2
-	 * to use the slight performance advantage of sqr over mul).
-	 */
-	if (window > 1)
-		{
-		if (!BN_mod_mul_montgomery(&tmp,&am,&am,mont,ctx))	goto err;
-		if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, numPowers)) goto err;
-		for (i=3; i<numPowers; i++)
-			{
-			/* Calculate a^i = a^(i-1) * a */
-			if (!BN_mod_mul_montgomery(&tmp,&am,&tmp,mont,ctx))
-				goto err;
-			if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, numPowers)) goto err;
-			}
-		}
-
-	bits--;
-	for (wvalue=0, i=bits%window; i>=0; i--,bits--)
-		wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
-	if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp,top,powerbuf,wvalue,numPowers)) goto err;
- 
-	/* Scan the exponent one window at a time starting from the most
-	 * significant bits.
-	 */
- 	while (bits >= 0)
-  		{
- 		wvalue=0; /* The 'value' of the window */
- 		
- 		/* Scan the window, squaring the result as we go */
- 		for (i=0; i<window; i++,bits--)
- 			{
-			if (!BN_mod_mul_montgomery(&tmp,&tmp,&tmp,mont,ctx))	goto err;
-			wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
-  			}
- 		
-		/* Fetch the appropriate pre-computed value from the pre-buf */
-		if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue, numPowers)) goto err;
-
- 		/* Multiply the result into the intermediate result */
- 		if (!BN_mod_mul_montgomery(&tmp,&tmp,&am,mont,ctx)) goto err;
-  		}
-	}
-
- 	/* Convert the final result from montgomery to standard format */
-	if (!BN_from_montgomery(rr,&tmp,mont,ctx)) goto err;
-	ret=1;
-err:
-	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-	if (powerbuf!=NULL)
-		{
-		OPENSSL_cleanse(powerbuf,powerbufLen);
-		if (powerbufFree) OPENSSL_free(powerbufFree);
-		}
-	BN_CTX_end(ctx);
-	return(ret);
-	}
-
-int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
-                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-	{
-	BN_MONT_CTX *mont = NULL;
-	int b, bits, ret=0;
-	int r_is_one;
-	BN_ULONG w, next_w;
-	BIGNUM *d, *r, *t;
-	BIGNUM *swap_tmp;
-#define BN_MOD_MUL_WORD(r, w, m) \
-		(BN_mul_word(r, (w)) && \
-		(/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
-			(BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
-		/* BN_MOD_MUL_WORD is only used with 'w' large,
-		 * so the BN_ucmp test is probably more overhead
-		 * than always using BN_mod (which uses BN_copy if
-		 * a similar test returns true). */
-		/* We can use BN_mod and do not need BN_nnmod because our
-		 * accumulator is never negative (the result of BN_mod does
-		 * not depend on the sign of the modulus).
-		 */
-#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
-		(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
-
-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
-		{
-		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-		BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return -1;
-		}
-
-	bn_check_top(p);
-	bn_check_top(m);
-
-	if (!BN_is_odd(m))
-		{
-		BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
-		return(0);
-		}
-	if (m->top == 1)
-		a %= m->d[0]; /* make sure that 'a' is reduced */
-
-	bits = BN_num_bits(p);
-	if (bits == 0)
-		{
-		/* x**0 mod 1 is still zero. */
-		if (BN_is_one(m))
-			{
-			ret = 1;
-			BN_zero(rr);
-			}
-		else
-			ret = BN_one(rr);
-		return ret;
-		}
-	if (a == 0)
-		{
-		BN_zero(rr);
-		ret = 1;
-		return ret;
-		}
-
-	BN_CTX_start(ctx);
-	d = BN_CTX_get(ctx);
-	r = BN_CTX_get(ctx);
-	t = BN_CTX_get(ctx);
-	if (d == NULL || r == NULL || t == NULL) goto err;
-
-	if (in_mont != NULL)
-		mont=in_mont;
-	else
-		{
-		if ((mont = BN_MONT_CTX_new()) == NULL) goto err;
-		if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;
-		}
-
-	r_is_one = 1; /* except for Montgomery factor */
-
-	/* bits-1 >= 0 */
-
-	/* The result is accumulated in the product r*w. */
-	w = a; /* bit 'bits-1' of 'p' is always set */
-	for (b = bits-2; b >= 0; b--)
-		{
-		/* First, square r*w. */
-		next_w = w*w;
-		if ((next_w/w) != w) /* overflow */
-			{
-			if (r_is_one)
-				{
-				if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
-				r_is_one = 0;
-				}
-			else
-				{
-				if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
-				}
-			next_w = 1;
-			}
-		w = next_w;
-		if (!r_is_one)
-			{
-			if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;
-			}
-
-		/* Second, multiply r*w by 'a' if exponent bit is set. */
-		if (BN_is_bit_set(p, b))
-			{
-			next_w = w*a;
-			if ((next_w/a) != w) /* overflow */
-				{
-				if (r_is_one)
-					{
-					if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
-					r_is_one = 0;
-					}
-				else
-					{
-					if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
-					}
-				next_w = a;
-				}
-			w = next_w;
-			}
-		}
-
-	/* Finally, set r:=r*w. */
-	if (w != 1)
-		{
-		if (r_is_one)
-			{
-			if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
-			r_is_one = 0;
-			}
-		else
-			{
-			if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
-			}
-		}
-
-	if (r_is_one) /* can happen only if a == 1*/
-		{
-		if (!BN_one(rr)) goto err;
-		}
-	else
-		{
-		if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;
-		}
-	ret = 1;
-err:
-	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-	BN_CTX_end(ctx);
-	bn_check_top(rr);
-	return(ret);
-	}
-
-
-/* The old fallback, simple version :-) */
-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx)
-	{
-	int i,j,bits,ret=0,wstart,wend,window,wvalue;
-	int start=1;
-	BIGNUM *d;
-	/* Table of variables obtained from 'ctx' */
-	BIGNUM *val[TABLE_SIZE];
-
-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
-		{
-		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-		BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return -1;
-		}
-
-	bits=BN_num_bits(p);
-
-	if (bits == 0)
-		{
-		ret = BN_one(r);
-		return ret;
-		}
-
-	BN_CTX_start(ctx);
-	d = BN_CTX_get(ctx);
-	val[0] = BN_CTX_get(ctx);
-	if(!d || !val[0]) goto err;
-
-	if (!BN_nnmod(val[0],a,m,ctx)) goto err;		/* 1 */
-	if (BN_is_zero(val[0]))
-		{
-		BN_zero(r);
-		ret = 1;
-		goto err;
-		}
-
-	window = BN_window_bits_for_exponent_size(bits);
-	if (window > 1)
-		{
-		if (!BN_mod_mul(d,val[0],val[0],m,ctx))
-			goto err;				/* 2 */
-		j=1<<(window-1);
-		for (i=1; i<j; i++)
-			{
-			if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
-					!BN_mod_mul(val[i],val[i-1],d,m,ctx))
-				goto err;
-			}
-		}
-
-	start=1;	/* This is used to avoid multiplication etc
-			 * when there is only the value '1' in the
-			 * buffer. */
-	wvalue=0;	/* The 'value' of the window */
-	wstart=bits-1;	/* The top bit of the window */
-	wend=0;		/* The bottom bit of the window */
-
-	if (!BN_one(r)) goto err;
-
-	for (;;)
-		{
-		if (BN_is_bit_set(p,wstart) == 0)
-			{
-			if (!start)
-				if (!BN_mod_mul(r,r,r,m,ctx))
-				goto err;
-			if (wstart == 0) break;
-			wstart--;
-			continue;
-			}
-		/* We now have wstart on a 'set' bit, we now need to work out
-		 * how bit a window to do.  To do this we need to scan
-		 * forward until the last set bit before the end of the
-		 * window */
-		j=wstart;
-		wvalue=1;
-		wend=0;
-		for (i=1; i<window; i++)
-			{
-			if (wstart-i < 0) break;
-			if (BN_is_bit_set(p,wstart-i))
-				{
-				wvalue<<=(i-wend);
-				wvalue|=1;
-				wend=i;
-				}
-			}
-
-		/* wend is the size of the current window */
-		j=wend+1;
-		/* add the 'bytes above' */
-		if (!start)
-			for (i=0; i<j; i++)
-				{
-				if (!BN_mod_mul(r,r,r,m,ctx))
-					goto err;
-				}
-		
-		/* wvalue will be an odd number < 2^window */
-		if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx))
-			goto err;
-
-		/* move the 'window' down further */
-		wstart-=wend+1;
-		wvalue=0;
-		start=0;
-		if (wstart < 0) break;
-		}
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	bn_check_top(r);
-	return(ret);
-	}
diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c
deleted file mode 100644
index bd0c34b91b..0000000000
--- a/crypto/bn/bn_exp2.c
+++ /dev/null
@@ -1,312 +0,0 @@
-/* crypto/bn/bn_exp2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define TABLE_SIZE	32
-
-int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
-	const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
-	BN_CTX *ctx, BN_MONT_CTX *in_mont)
-	{
-	int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
-	int r_is_one=1;
-	BIGNUM *d,*r;
-	const BIGNUM *a_mod_m;
-	/* Tables of variables obtained from 'ctx' */
-	BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
-	BN_MONT_CTX *mont=NULL;
-
-	bn_check_top(a1);
-	bn_check_top(p1);
-	bn_check_top(a2);
-	bn_check_top(p2);
-	bn_check_top(m);
-
-	if (!(m->d[0] & 1))
-		{
-		BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
-		return(0);
-		}
-	bits1=BN_num_bits(p1);
-	bits2=BN_num_bits(p2);
-	if ((bits1 == 0) && (bits2 == 0))
-		{
-		ret = BN_one(rr);
-		return ret;
-		}
-	
-	bits=(bits1 > bits2)?bits1:bits2;
-
-	BN_CTX_start(ctx);
-	d = BN_CTX_get(ctx);
-	r = BN_CTX_get(ctx);
-	val1[0] = BN_CTX_get(ctx);
-	val2[0] = BN_CTX_get(ctx);
-	if(!d || !r || !val1[0] || !val2[0]) goto err;
-
-	if (in_mont != NULL)
-		mont=in_mont;
-	else
-		{
-		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
-		}
-
-	window1 = BN_window_bits_for_exponent_size(bits1);
-	window2 = BN_window_bits_for_exponent_size(bits2);
-
-	/*
-	 * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
-	 */
-	if (a1->neg || BN_ucmp(a1,m) >= 0)
-		{
-		if (!BN_mod(val1[0],a1,m,ctx))
-			goto err;
-		a_mod_m = val1[0];
-		}
-	else
-		a_mod_m = a1;
-	if (BN_is_zero(a_mod_m))
-		{
-		BN_zero(rr);
-		ret = 1;
-		goto err;
-		}
-
-	if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err;
-	if (window1 > 1)
-		{
-		if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err;
-
-		j=1<<(window1-1);
-		for (i=1; i<j; i++)
-			{
-			if(((val1[i] = BN_CTX_get(ctx)) == NULL) ||
-					!BN_mod_mul_montgomery(val1[i],val1[i-1],
-						d,mont,ctx))
-				goto err;
-			}
-		}
-
-
-	/*
-	 * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
-	 */
-	if (a2->neg || BN_ucmp(a2,m) >= 0)
-		{
-		if (!BN_mod(val2[0],a2,m,ctx))
-			goto err;
-		a_mod_m = val2[0];
-		}
-	else
-		a_mod_m = a2;
-	if (BN_is_zero(a_mod_m))
-		{
-		BN_zero(rr);
-		ret = 1;
-		goto err;
-		}
-	if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err;
-	if (window2 > 1)
-		{
-		if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err;
-
-		j=1<<(window2-1);
-		for (i=1; i<j; i++)
-			{
-			if(((val2[i] = BN_CTX_get(ctx)) == NULL) ||
-					!BN_mod_mul_montgomery(val2[i],val2[i-1],
-						d,mont,ctx))
-				goto err;
-			}
-		}
-
-
-	/* Now compute the power product, using independent windows. */
-	r_is_one=1;
-	wvalue1=0;  /* The 'value' of the first window */
-	wvalue2=0;  /* The 'value' of the second window */
-	wpos1=0;    /* If wvalue1 > 0, the bottom bit of the first window */
-	wpos2=0;    /* If wvalue2 > 0, the bottom bit of the second window */
-
-	if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
-	for (b=bits-1; b>=0; b--)
-		{
-		if (!r_is_one)
-			{
-			if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-				goto err;
-			}
-		
-		if (!wvalue1)
-			if (BN_is_bit_set(p1, b))
-				{
-				/* consider bits b-window1+1 .. b for this window */
-				i = b-window1+1;
-				while (!BN_is_bit_set(p1, i)) /* works for i<0 */
-					i++;
-				wpos1 = i;
-				wvalue1 = 1;
-				for (i = b-1; i >= wpos1; i--)
-					{
-					wvalue1 <<= 1;
-					if (BN_is_bit_set(p1, i))
-						wvalue1++;
-					}
-				}
-		
-		if (!wvalue2)
-			if (BN_is_bit_set(p2, b))
-				{
-				/* consider bits b-window2+1 .. b for this window */
-				i = b-window2+1;
-				while (!BN_is_bit_set(p2, i))
-					i++;
-				wpos2 = i;
-				wvalue2 = 1;
-				for (i = b-1; i >= wpos2; i--)
-					{
-					wvalue2 <<= 1;
-					if (BN_is_bit_set(p2, i))
-						wvalue2++;
-					}
-				}
-
-		if (wvalue1 && b == wpos1)
-			{
-			/* wvalue1 is odd and < 2^window1 */
-			if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx))
-				goto err;
-			wvalue1 = 0;
-			r_is_one = 0;
-			}
-		
-		if (wvalue2 && b == wpos2)
-			{
-			/* wvalue2 is odd and < 2^window2 */
-			if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx))
-				goto err;
-			wvalue2 = 0;
-			r_is_one = 0;
-			}
-		}
-	if (!BN_from_montgomery(rr,r,mont,ctx))
-		goto err;
-	ret=1;
-err:
-	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-	BN_CTX_end(ctx);
-	bn_check_top(rr);
-	return(ret);
-	}
diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
deleted file mode 100644
index a808f53178..0000000000
--- a/crypto/bn/bn_gcd.c
+++ /dev/null
@@ -1,655 +0,0 @@
-/* crypto/bn/bn_gcd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
-
-int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
-	{
-	BIGNUM *a,*b,*t;
-	int ret=0;
-
-	bn_check_top(in_a);
-	bn_check_top(in_b);
-
-	BN_CTX_start(ctx);
-	a = BN_CTX_get(ctx);
-	b = BN_CTX_get(ctx);
-	if (a == NULL || b == NULL) goto err;
-
-	if (BN_copy(a,in_a) == NULL) goto err;
-	if (BN_copy(b,in_b) == NULL) goto err;
-	a->neg = 0;
-	b->neg = 0;
-
-	if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
-	t=euclid(a,b);
-	if (t == NULL) goto err;
-
-	if (BN_copy(r,t) == NULL) goto err;
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	bn_check_top(r);
-	return(ret);
-	}
-
-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
-	{
-	BIGNUM *t;
-	int shifts=0;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	/* 0 <= b <= a */
-	while (!BN_is_zero(b))
-		{
-		/* 0 < b <= a */
-
-		if (BN_is_odd(a))
-			{
-			if (BN_is_odd(b))
-				{
-				if (!BN_sub(a,a,b)) goto err;
-				if (!BN_rshift1(a,a)) goto err;
-				if (BN_cmp(a,b) < 0)
-					{ t=a; a=b; b=t; }
-				}
-			else		/* a odd - b even */
-				{
-				if (!BN_rshift1(b,b)) goto err;
-				if (BN_cmp(a,b) < 0)
-					{ t=a; a=b; b=t; }
-				}
-			}
-		else			/* a is even */
-			{
-			if (BN_is_odd(b))
-				{
-				if (!BN_rshift1(a,a)) goto err;
-				if (BN_cmp(a,b) < 0)
-					{ t=a; a=b; b=t; }
-				}
-			else		/* a even - b even */
-				{
-				if (!BN_rshift1(a,a)) goto err;
-				if (!BN_rshift1(b,b)) goto err;
-				shifts++;
-				}
-			}
-		/* 0 <= b <= a */
-		}
-
-	if (shifts)
-		{
-		if (!BN_lshift(a,a,shifts)) goto err;
-		}
-	bn_check_top(a);
-	return(a);
-err:
-	return(NULL);
-	}
-
-
-/* solves ax == 1 (mod n) */
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
-        const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
-
-BIGNUM *BN_mod_inverse(BIGNUM *in,
-	const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
-	{
-	BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
-	BIGNUM *ret=NULL;
-	int sign;
-
-	if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0))
-		{
-		return BN_mod_inverse_no_branch(in, a, n, ctx);
-		}
-
-	bn_check_top(a);
-	bn_check_top(n);
-
-	BN_CTX_start(ctx);
-	A = BN_CTX_get(ctx);
-	B = BN_CTX_get(ctx);
-	X = BN_CTX_get(ctx);
-	D = BN_CTX_get(ctx);
-	M = BN_CTX_get(ctx);
-	Y = BN_CTX_get(ctx);
-	T = BN_CTX_get(ctx);
-	if (T == NULL) goto err;
-
-	if (in == NULL)
-		R=BN_new();
-	else
-		R=in;
-	if (R == NULL) goto err;
-
-	BN_one(X);
-	BN_zero(Y);
-	if (BN_copy(B,a) == NULL) goto err;
-	if (BN_copy(A,n) == NULL) goto err;
-	A->neg = 0;
-	if (B->neg || (BN_ucmp(B, A) >= 0))
-		{
-		if (!BN_nnmod(B, B, A, ctx)) goto err;
-		}
-	sign = -1;
-	/* From  B = a mod |n|,  A = |n|  it follows that
-	 *
-	 *      0 <= B < A,
-	 *     -sign*X*a  ==  B   (mod |n|),
-	 *      sign*Y*a  ==  A   (mod |n|).
-	 */
-
-	if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
-		{
-		/* Binary inversion algorithm; requires odd modulus.
-		 * This is faster than the general algorithm if the modulus
-		 * is sufficiently small (about 400 .. 500 bits on 32-bit
-		 * sytems, but much more on 64-bit systems) */
-		int shift;
-		
-		while (!BN_is_zero(B))
-			{
-			/*
-			 *      0 < B < |n|,
-			 *      0 < A <= |n|,
-			 * (1) -sign*X*a  ==  B   (mod |n|),
-			 * (2)  sign*Y*a  ==  A   (mod |n|)
-			 */
-
-			/* Now divide  B  by the maximum possible power of two in the integers,
-			 * and divide  X  by the same value mod |n|.
-			 * When we're done, (1) still holds. */
-			shift = 0;
-			while (!BN_is_bit_set(B, shift)) /* note that 0 < B */
-				{
-				shift++;
-				
-				if (BN_is_odd(X))
-					{
-					if (!BN_uadd(X, X, n)) goto err;
-					}
-				/* now X is even, so we can easily divide it by two */
-				if (!BN_rshift1(X, X)) goto err;
-				}
-			if (shift > 0)
-				{
-				if (!BN_rshift(B, B, shift)) goto err;
-				}
-
-
-			/* Same for  A  and  Y.  Afterwards, (2) still holds. */
-			shift = 0;
-			while (!BN_is_bit_set(A, shift)) /* note that 0 < A */
-				{
-				shift++;
-				
-				if (BN_is_odd(Y))
-					{
-					if (!BN_uadd(Y, Y, n)) goto err;
-					}
-				/* now Y is even */
-				if (!BN_rshift1(Y, Y)) goto err;
-				}
-			if (shift > 0)
-				{
-				if (!BN_rshift(A, A, shift)) goto err;
-				}
-
-			
-			/* We still have (1) and (2).
-			 * Both  A  and  B  are odd.
-			 * The following computations ensure that
-			 *
-			 *     0 <= B < |n|,
-			 *      0 < A < |n|,
-			 * (1) -sign*X*a  ==  B   (mod |n|),
-			 * (2)  sign*Y*a  ==  A   (mod |n|),
-			 *
-			 * and that either  A  or  B  is even in the next iteration.
-			 */
-			if (BN_ucmp(B, A) >= 0)
-				{
-				/* -sign*(X + Y)*a == B - A  (mod |n|) */
-				if (!BN_uadd(X, X, Y)) goto err;
-				/* NB: we could use BN_mod_add_quick(X, X, Y, n), but that
-				 * actually makes the algorithm slower */
-				if (!BN_usub(B, B, A)) goto err;
-				}
-			else
-				{
-				/*  sign*(X + Y)*a == A - B  (mod |n|) */
-				if (!BN_uadd(Y, Y, X)) goto err;
-				/* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */
-				if (!BN_usub(A, A, B)) goto err;
-				}
-			}
-		}
-	else
-		{
-		/* general inversion algorithm */
-
-		while (!BN_is_zero(B))
-			{
-			BIGNUM *tmp;
-			
-			/*
-			 *      0 < B < A,
-			 * (*) -sign*X*a  ==  B   (mod |n|),
-			 *      sign*Y*a  ==  A   (mod |n|)
-			 */
-			
-			/* (D, M) := (A/B, A%B) ... */
-			if (BN_num_bits(A) == BN_num_bits(B))
-				{
-				if (!BN_one(D)) goto err;
-				if (!BN_sub(M,A,B)) goto err;
-				}
-			else if (BN_num_bits(A) == BN_num_bits(B) + 1)
-				{
-				/* A/B is 1, 2, or 3 */
-				if (!BN_lshift1(T,B)) goto err;
-				if (BN_ucmp(A,T) < 0)
-					{
-					/* A < 2*B, so D=1 */
-					if (!BN_one(D)) goto err;
-					if (!BN_sub(M,A,B)) goto err;
-					}
-				else
-					{
-					/* A >= 2*B, so D=2 or D=3 */
-					if (!BN_sub(M,A,T)) goto err;
-					if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */
-					if (BN_ucmp(A,D) < 0)
-						{
-						/* A < 3*B, so D=2 */
-						if (!BN_set_word(D,2)) goto err;
-						/* M (= A - 2*B) already has the correct value */
-						}
-					else
-						{
-						/* only D=3 remains */
-						if (!BN_set_word(D,3)) goto err;
-						/* currently  M = A - 2*B,  but we need  M = A - 3*B */
-						if (!BN_sub(M,M,B)) goto err;
-						}
-					}
-				}
-			else
-				{
-				if (!BN_div(D,M,A,B,ctx)) goto err;
-				}
-			
-			/* Now
-			 *      A = D*B + M;
-			 * thus we have
-			 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
-			 */
-			
-			tmp=A; /* keep the BIGNUM object, the value does not matter */
-			
-			/* (A, B) := (B, A mod B) ... */
-			A=B;
-			B=M;
-			/* ... so we have  0 <= B < A  again */
-			
-			/* Since the former  M  is now  B  and the former  B  is now  A,
-			 * (**) translates into
-			 *       sign*Y*a  ==  D*A + B    (mod |n|),
-			 * i.e.
-			 *       sign*Y*a - D*A  ==  B    (mod |n|).
-			 * Similarly, (*) translates into
-			 *      -sign*X*a  ==  A          (mod |n|).
-			 *
-			 * Thus,
-			 *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
-			 * i.e.
-			 *        sign*(Y + D*X)*a  ==  B  (mod |n|).
-			 *
-			 * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
-			 *      -sign*X*a  ==  B   (mod |n|),
-			 *       sign*Y*a  ==  A   (mod |n|).
-			 * Note that  X  and  Y  stay non-negative all the time.
-			 */
-			
-			/* most of the time D is very small, so we can optimize tmp := D*X+Y */
-			if (BN_is_one(D))
-				{
-				if (!BN_add(tmp,X,Y)) goto err;
-				}
-			else
-				{
-				if (BN_is_word(D,2))
-					{
-					if (!BN_lshift1(tmp,X)) goto err;
-					}
-				else if (BN_is_word(D,4))
-					{
-					if (!BN_lshift(tmp,X,2)) goto err;
-					}
-				else if (D->top == 1)
-					{
-					if (!BN_copy(tmp,X)) goto err;
-					if (!BN_mul_word(tmp,D->d[0])) goto err;
-					}
-				else
-					{
-					if (!BN_mul(tmp,D,X,ctx)) goto err;
-					}
-				if (!BN_add(tmp,tmp,Y)) goto err;
-				}
-			
-			M=Y; /* keep the BIGNUM object, the value does not matter */
-			Y=X;
-			X=tmp;
-			sign = -sign;
-			}
-		}
-		
-	/*
-	 * The while loop (Euclid's algorithm) ends when
-	 *      A == gcd(a,n);
-	 * we have
-	 *       sign*Y*a  ==  A  (mod |n|),
-	 * where  Y  is non-negative.
-	 */
-
-	if (sign < 0)
-		{
-		if (!BN_sub(Y,n,Y)) goto err;
-		}
-	/* Now  Y*a  ==  A  (mod |n|).  */
-	
-
-	if (BN_is_one(A))
-		{
-		/* Y*a == 1  (mod |n|) */
-		if (!Y->neg && BN_ucmp(Y,n) < 0)
-			{
-			if (!BN_copy(R,Y)) goto err;
-			}
-		else
-			{
-			if (!BN_nnmod(R,Y,n,ctx)) goto err;
-			}
-		}
-	else
-		{
-		BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
-		goto err;
-		}
-	ret=R;
-err:
-	if ((ret == NULL) && (in == NULL)) BN_free(R);
-	BN_CTX_end(ctx);
-	bn_check_top(ret);
-	return(ret);
-	}
-
-
-/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. 
- * It does not contain branches that may leak sensitive information.
- */
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
-	const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
-	{
-	BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
-	BIGNUM local_A, local_B;
-	BIGNUM *pA, *pB;
-	BIGNUM *ret=NULL;
-	int sign;
-
-	bn_check_top(a);
-	bn_check_top(n);
-
-	BN_CTX_start(ctx);
-	A = BN_CTX_get(ctx);
-	B = BN_CTX_get(ctx);
-	X = BN_CTX_get(ctx);
-	D = BN_CTX_get(ctx);
-	M = BN_CTX_get(ctx);
-	Y = BN_CTX_get(ctx);
-	T = BN_CTX_get(ctx);
-	if (T == NULL) goto err;
-
-	if (in == NULL)
-		R=BN_new();
-	else
-		R=in;
-	if (R == NULL) goto err;
-
-	BN_one(X);
-	BN_zero(Y);
-	if (BN_copy(B,a) == NULL) goto err;
-	if (BN_copy(A,n) == NULL) goto err;
-	A->neg = 0;
-
-	if (B->neg || (BN_ucmp(B, A) >= 0))
-		{
-		/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
-	 	 * BN_div_no_branch will be called eventually.
-	 	 */
-		pB = &local_B;
-		BN_with_flags(pB, B, BN_FLG_CONSTTIME);	
-		if (!BN_nnmod(B, pB, A, ctx)) goto err;
-		}
-	sign = -1;
-	/* From  B = a mod |n|,  A = |n|  it follows that
-	 *
-	 *      0 <= B < A,
-	 *     -sign*X*a  ==  B   (mod |n|),
-	 *      sign*Y*a  ==  A   (mod |n|).
-	 */
-
-	while (!BN_is_zero(B))
-		{
-		BIGNUM *tmp;
-		
-		/*
-		 *      0 < B < A,
-		 * (*) -sign*X*a  ==  B   (mod |n|),
-		 *      sign*Y*a  ==  A   (mod |n|)
-		 */
-
-		/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
-	 	 * BN_div_no_branch will be called eventually.
-	 	 */
-		pA = &local_A;
-		BN_with_flags(pA, A, BN_FLG_CONSTTIME);	
-		
-		/* (D, M) := (A/B, A%B) ... */		
-		if (!BN_div(D,M,pA,B,ctx)) goto err;
-		
-		/* Now
-		 *      A = D*B + M;
-		 * thus we have
-		 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
-		 */
-		
-		tmp=A; /* keep the BIGNUM object, the value does not matter */
-		
-		/* (A, B) := (B, A mod B) ... */
-		A=B;
-		B=M;
-		/* ... so we have  0 <= B < A  again */
-		
-		/* Since the former  M  is now  B  and the former  B  is now  A,
-		 * (**) translates into
-		 *       sign*Y*a  ==  D*A + B    (mod |n|),
-		 * i.e.
-		 *       sign*Y*a - D*A  ==  B    (mod |n|).
-		 * Similarly, (*) translates into
-		 *      -sign*X*a  ==  A          (mod |n|).
-		 *
-		 * Thus,
-		 *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
-		 * i.e.
-		 *        sign*(Y + D*X)*a  ==  B  (mod |n|).
-		 *
-		 * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
-		 *      -sign*X*a  ==  B   (mod |n|),
-		 *       sign*Y*a  ==  A   (mod |n|).
-		 * Note that  X  and  Y  stay non-negative all the time.
-		 */
-			
-		if (!BN_mul(tmp,D,X,ctx)) goto err;
-		if (!BN_add(tmp,tmp,Y)) goto err;
-
-		M=Y; /* keep the BIGNUM object, the value does not matter */
-		Y=X;
-		X=tmp;
-		sign = -sign;
-		}
-		
-	/*
-	 * The while loop (Euclid's algorithm) ends when
-	 *      A == gcd(a,n);
-	 * we have
-	 *       sign*Y*a  ==  A  (mod |n|),
-	 * where  Y  is non-negative.
-	 */
-
-	if (sign < 0)
-		{
-		if (!BN_sub(Y,n,Y)) goto err;
-		}
-	/* Now  Y*a  ==  A  (mod |n|).  */
-
-	if (BN_is_one(A))
-		{
-		/* Y*a == 1  (mod |n|) */
-		if (!Y->neg && BN_ucmp(Y,n) < 0)
-			{
-			if (!BN_copy(R,Y)) goto err;
-			}
-		else
-			{
-			if (!BN_nnmod(R,Y,n,ctx)) goto err;
-			}
-		}
-	else
-		{
-		BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE);
-		goto err;
-		}
-	ret=R;
-err:
-	if ((ret == NULL) && (in == NULL)) BN_free(R);
-	BN_CTX_end(ctx);
-	bn_check_top(ret);
-	return(ret);
-	}
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
deleted file mode 100644
index 8a4dc20ad9..0000000000
--- a/crypto/bn/bn_gf2m.c
+++ /dev/null
@@ -1,1113 +0,0 @@
-/* crypto/bn/bn_gf2m.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * In addition, Sun covenants to all licensees who provide a reciprocal
- * covenant with respect to their own patents if any, not to sue under
- * current and future patent claims necessarily infringed by the making,
- * using, practicing, selling, offering for sale and/or otherwise
- * disposing of the ECC Code as delivered hereunder (or portions thereof),
- * provided that such covenant shall not apply:
- *  1) for code that a licensee deletes from the ECC Code;
- *  2) separates from the ECC Code; or
- *  3) for infringements caused by:
- *       i) the modification of the ECC Code or
- *      ii) the combination of the ECC Code with other software or
- *          devices where such combination causes the infringement.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-/* NOTE: This file is licensed pursuant to the OpenSSL license below
- * and may be modified; but after modifications, the above covenant
- * may no longer apply!  In such cases, the corresponding paragraph
- * ["In addition, Sun covenants ... causes the infringement."] and
- * this note can be edited out; but please keep the Sun copyright
- * notice and attribution. */
-
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <assert.h>
-#include <limits.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#ifndef OPENSSL_NO_EC2M
-
-/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */
-#define MAX_ITERATIONS 50
-
-static const BN_ULONG SQR_tb[16] =
-  {     0,     1,     4,     5,    16,    17,    20,    21,
-       64,    65,    68,    69,    80,    81,    84,    85 };
-/* Platform-specific macros to accelerate squaring. */
-#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-#define SQR1(w) \
-    SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
-    SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
-    SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
-    SQR_tb[(w) >> 36 & 0xF] <<  8 | SQR_tb[(w) >> 32 & 0xF]
-#define SQR0(w) \
-    SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
-    SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
-    SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \
-    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
-#endif
-#ifdef THIRTY_TWO_BIT
-#define SQR1(w) \
-    SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
-    SQR_tb[(w) >> 20 & 0xF] <<  8 | SQR_tb[(w) >> 16 & 0xF]
-#define SQR0(w) \
-    SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \
-    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
-#endif
-
-#if !defined(OPENSSL_BN_ASM_GF2m)
-/* Product of two polynomials a, b each with degree < BN_BITS2 - 1,
- * result is a polynomial r with degree < 2 * BN_BITS - 1
- * The caller MUST ensure that the variables have the right amount
- * of space allocated.
- */
-#ifdef THIRTY_TWO_BIT
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
-	{
-	register BN_ULONG h, l, s;
-	BN_ULONG tab[8], top2b = a >> 30; 
-	register BN_ULONG a1, a2, a4;
-
-	a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1;
-
-	tab[0] =  0; tab[1] = a1;    tab[2] = a2;    tab[3] = a1^a2;
-	tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4;
-
-	s = tab[b       & 0x7]; l  = s;
-	s = tab[b >>  3 & 0x7]; l ^= s <<  3; h  = s >> 29;
-	s = tab[b >>  6 & 0x7]; l ^= s <<  6; h ^= s >> 26;
-	s = tab[b >>  9 & 0x7]; l ^= s <<  9; h ^= s >> 23;
-	s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20;
-	s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17;
-	s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14;
-	s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11;
-	s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >>  8;
-	s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >>  5;
-	s = tab[b >> 30      ]; l ^= s << 30; h ^= s >>  2;
-
-	/* compensate for the top two bits of a */
-
-	if (top2b & 01) { l ^= b << 30; h ^= b >> 2; } 
-	if (top2b & 02) { l ^= b << 31; h ^= b >> 1; } 
-
-	*r1 = h; *r0 = l;
-	} 
-#endif
-#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
-	{
-	register BN_ULONG h, l, s;
-	BN_ULONG tab[16], top3b = a >> 61;
-	register BN_ULONG a1, a2, a4, a8;
-
-	a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1;
-
-	tab[ 0] = 0;     tab[ 1] = a1;       tab[ 2] = a2;       tab[ 3] = a1^a2;
-	tab[ 4] = a4;    tab[ 5] = a1^a4;    tab[ 6] = a2^a4;    tab[ 7] = a1^a2^a4;
-	tab[ 8] = a8;    tab[ 9] = a1^a8;    tab[10] = a2^a8;    tab[11] = a1^a2^a8;
-	tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8;
-
-	s = tab[b       & 0xF]; l  = s;
-	s = tab[b >>  4 & 0xF]; l ^= s <<  4; h  = s >> 60;
-	s = tab[b >>  8 & 0xF]; l ^= s <<  8; h ^= s >> 56;
-	s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52;
-	s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48;
-	s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44;
-	s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40;
-	s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36;
-	s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32;
-	s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28;
-	s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24;
-	s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20;
-	s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16;
-	s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12;
-	s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >>  8;
-	s = tab[b >> 60      ]; l ^= s << 60; h ^= s >>  4;
-
-	/* compensate for the top three bits of a */
-
-	if (top3b & 01) { l ^= b << 61; h ^= b >> 3; } 
-	if (top3b & 02) { l ^= b << 62; h ^= b >> 2; } 
-	if (top3b & 04) { l ^= b << 63; h ^= b >> 1; } 
-
-	*r1 = h; *r0 = l;
-	} 
-#endif
-
-/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
- * result is a polynomial r with degree < 4 * BN_BITS2 - 1
- * The caller MUST ensure that the variables have the right amount
- * of space allocated.
- */
-static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, const BN_ULONG b1, const BN_ULONG b0)
-	{
-	BN_ULONG m1, m0;
-	/* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
-	bn_GF2m_mul_1x1(r+3, r+2, a1, b1);
-	bn_GF2m_mul_1x1(r+1, r, a0, b0);
-	bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
-	/* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
-	r[2] ^= m1 ^ r[1] ^ r[3];  /* h0 ^= m1 ^ l1 ^ h1; */
-	r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0;  /* l1 ^= l0 ^ h0 ^ m0; */
-	}
-#else
-void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, BN_ULONG b0);
-#endif 
-
-/* Add polynomials a and b and store result in r; r could be a or b, a and b 
- * could be equal; r is the bitwise XOR of a and b.
- */
-int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-	{
-	int i;
-	const BIGNUM *at, *bt;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	if (a->top < b->top) { at = b; bt = a; }
-	else { at = a; bt = b; }
-
-	if(bn_wexpand(r, at->top) == NULL)
-		return 0;
-
-	for (i = 0; i < bt->top; i++)
-		{
-		r->d[i] = at->d[i] ^ bt->d[i];
-		}
-	for (; i < at->top; i++)
-		{
-		r->d[i] = at->d[i];
-		}
-	
-	r->top = at->top;
-	bn_correct_top(r);
-	
-	return 1;
-	}
-
-
-/* Some functions allow for representation of the irreducible polynomials
- * as an int[], say p.  The irreducible f(t) is then of the form:
- *     t^p[0] + t^p[1] + ... + t^p[k]
- * where m = p[0] > p[1] > ... > p[k] = 0.
- */
-
-
-/* Performs modular reduction of a and store result in r.  r could be a. */
-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
-	{
-	int j, k;
-	int n, dN, d0, d1;
-	BN_ULONG zz, *z;
-
-	bn_check_top(a);
-
-	if (!p[0])
-		{
-		/* reduction mod 1 => return 0 */
-		BN_zero(r);
-		return 1;
-		}
-
-	/* Since the algorithm does reduction in the r value, if a != r, copy
-	 * the contents of a into r so we can do reduction in r. 
-	 */
-	if (a != r)
-		{
-		if (!bn_wexpand(r, a->top)) return 0;
-		for (j = 0; j < a->top; j++)
-			{
-			r->d[j] = a->d[j];
-			}
-		r->top = a->top;
-		}
-	z = r->d;
-
-	/* start reduction */
-	dN = p[0] / BN_BITS2;  
-	for (j = r->top - 1; j > dN;)
-		{
-		zz = z[j];
-		if (z[j] == 0) { j--; continue; }
-		z[j] = 0;
-
-		for (k = 1; p[k] != 0; k++)
-			{
-			/* reducing component t^p[k] */
-			n = p[0] - p[k];
-			d0 = n % BN_BITS2;  d1 = BN_BITS2 - d0;
-			n /= BN_BITS2; 
-			z[j-n] ^= (zz>>d0);
-			if (d0) z[j-n-1] ^= (zz<<d1);
-			}
-
-		/* reducing component t^0 */
-		n = dN;  
-		d0 = p[0] % BN_BITS2;
-		d1 = BN_BITS2 - d0;
-		z[j-n] ^= (zz >> d0);
-		if (d0) z[j-n-1] ^= (zz << d1);
-		}
-
-	/* final round of reduction */
-	while (j == dN)
-		{
-
-		d0 = p[0] % BN_BITS2;
-		zz = z[dN] >> d0;
-		if (zz == 0) break;
-		d1 = BN_BITS2 - d0;
-		
-		/* clear up the top d1 bits */
-		if (d0)
-			z[dN] = (z[dN] << d1) >> d1;
-		else
-			z[dN] = 0;
-		z[0] ^= zz; /* reduction t^0 component */
-
-		for (k = 1; p[k] != 0; k++)
-			{
-			BN_ULONG tmp_ulong;
-
-			/* reducing component t^p[k]*/
-			n = p[k] / BN_BITS2;   
-			d0 = p[k] % BN_BITS2;
-			d1 = BN_BITS2 - d0;
-			z[n] ^= (zz << d0);
-			tmp_ulong = zz >> d1;
-                        if (d0 && tmp_ulong)
-                                z[n+1] ^= tmp_ulong;
-			}
-
-		
-		}
-
-	bn_correct_top(r);
-	return 1;
-	}
-
-/* Performs modular reduction of a by p and store result in r.  r could be a.
- *
- * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_arr function.
- */
-int	BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
-	{
-	int ret = 0;
-	int arr[6];
-	bn_check_top(a);
-	bn_check_top(p);
-	ret = BN_GF2m_poly2arr(p, arr, sizeof(arr)/sizeof(arr[0]));
-	if (!ret || ret > (int)(sizeof(arr)/sizeof(arr[0])))
-		{
-		BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);
-		return 0;
-		}
-	ret = BN_GF2m_mod_arr(r, a, arr);
-	bn_check_top(r);
-	return ret;
-	}
-
-
-/* Compute the product of two polynomials a and b, reduce modulo p, and store
- * the result in r.  r could be a or b; a could be b.
- */
-int	BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], BN_CTX *ctx)
-	{
-	int zlen, i, j, k, ret = 0;
-	BIGNUM *s;
-	BN_ULONG x1, x0, y1, y0, zz[4];
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	if (a == b)
-		{
-		return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
-		}
-
-	BN_CTX_start(ctx);
-	if ((s = BN_CTX_get(ctx)) == NULL) goto err;
-	
-	zlen = a->top + b->top + 4;
-	if (!bn_wexpand(s, zlen)) goto err;
-	s->top = zlen;
-
-	for (i = 0; i < zlen; i++) s->d[i] = 0;
-
-	for (j = 0; j < b->top; j += 2)
-		{
-		y0 = b->d[j];
-		y1 = ((j+1) == b->top) ? 0 : b->d[j+1];
-		for (i = 0; i < a->top; i += 2)
-			{
-			x0 = a->d[i];
-			x1 = ((i+1) == a->top) ? 0 : a->d[i+1];
-			bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
-			for (k = 0; k < 4; k++) s->d[i+j+k] ^= zz[k];
-			}
-		}
-
-	bn_correct_top(s);
-	if (BN_GF2m_mod_arr(r, s, p))
-		ret = 1;
-	bn_check_top(r);
-
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Compute the product of two polynomials a and b, reduce modulo p, and store
- * the result in r.  r could be a or b; a could equal b.
- *
- * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_mul_arr function.
- */
-int	BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
-	{
-	int ret = 0;
-	const int max = BN_num_bits(p) + 1;
-	int *arr=NULL;
-	bn_check_top(a);
-	bn_check_top(b);
-	bn_check_top(p);
-	if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
-	ret = BN_GF2m_poly2arr(p, arr, max);
-	if (!ret || ret > max)
-		{
-		BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH);
-		goto err;
-		}
-	ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
-	bn_check_top(r);
-err:
-	if (arr) OPENSSL_free(arr);
-	return ret;
-	}
-
-
-/* Square a, reduce the result mod p, and store it in a.  r could be a. */
-int	BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
-	{
-	int i, ret = 0;
-	BIGNUM *s;
-
-	bn_check_top(a);
-	BN_CTX_start(ctx);
-	if ((s = BN_CTX_get(ctx)) == NULL) return 0;
-	if (!bn_wexpand(s, 2 * a->top)) goto err;
-
-	for (i = a->top - 1; i >= 0; i--)
-		{
-		s->d[2*i+1] = SQR1(a->d[i]);
-		s->d[2*i  ] = SQR0(a->d[i]);
-		}
-
-	s->top = 2 * a->top;
-	bn_correct_top(s);
-	if (!BN_GF2m_mod_arr(r, s, p)) goto err;
-	bn_check_top(r);
-	ret = 1;
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Square a, reduce the result mod p, and store it in a.  r could be a.
- *
- * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_sqr_arr function.
- */
-int	BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-	{
-	int ret = 0;
-	const int max = BN_num_bits(p) + 1;
-	int *arr=NULL;
-
-	bn_check_top(a);
-	bn_check_top(p);
-	if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
-	ret = BN_GF2m_poly2arr(p, arr, max);
-	if (!ret || ret > max)
-		{
-		BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH);
-		goto err;
-		}
-	ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
-	bn_check_top(r);
-err:
-	if (arr) OPENSSL_free(arr);
-	return ret;
-	}
-
-
-/* Invert a, reduce modulo p, and store the result in r. r could be a. 
- * Uses Modified Almost Inverse Algorithm (Algorithm 10) from
- *     Hankerson, D., Hernandez, J.L., and Menezes, A.  "Software Implementation
- *     of Elliptic Curve Cryptography Over Binary Fields".
- */
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-	{
-	BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
-	int ret = 0;
-
-	bn_check_top(a);
-	bn_check_top(p);
-
-	BN_CTX_start(ctx);
-	
-	if ((b = BN_CTX_get(ctx))==NULL) goto err;
-	if ((c = BN_CTX_get(ctx))==NULL) goto err;
-	if ((u = BN_CTX_get(ctx))==NULL) goto err;
-	if ((v = BN_CTX_get(ctx))==NULL) goto err;
-
-	if (!BN_GF2m_mod(u, a, p)) goto err;
-	if (BN_is_zero(u)) goto err;
-
-	if (!BN_copy(v, p)) goto err;
-#if 0
-	if (!BN_one(b)) goto err;
-
-	while (1)
-		{
-		while (!BN_is_odd(u))
-			{
-			if (BN_is_zero(u)) goto err;
-			if (!BN_rshift1(u, u)) goto err;
-			if (BN_is_odd(b))
-				{
-				if (!BN_GF2m_add(b, b, p)) goto err;
-				}
-			if (!BN_rshift1(b, b)) goto err;
-			}
-
-		if (BN_abs_is_word(u, 1)) break;
-
-		if (BN_num_bits(u) < BN_num_bits(v))
-			{
-			tmp = u; u = v; v = tmp;
-			tmp = b; b = c; c = tmp;
-			}
-		
-		if (!BN_GF2m_add(u, u, v)) goto err;
-		if (!BN_GF2m_add(b, b, c)) goto err;
-		}
-#else
-	{
-	int i,	ubits = BN_num_bits(u),
-		vbits = BN_num_bits(v),	/* v is copy of p */
-		top = p->top;
-	BN_ULONG *udp,*bdp,*vdp,*cdp;
-
-	bn_wexpand(u,top);	udp = u->d;
-				for (i=u->top;i<top;i++) udp[i] = 0;
-				u->top = top;
-	bn_wexpand(b,top);	bdp = b->d;
-				bdp[0] = 1;
-				for (i=1;i<top;i++) bdp[i] = 0;
-				b->top = top;
-	bn_wexpand(c,top);	cdp = c->d;
-				for (i=0;i<top;i++) cdp[i] = 0;
-				c->top = top;
-	vdp = v->d;	/* It pays off to "cache" *->d pointers, because
-			 * it allows optimizer to be more aggressive.
-			 * But we don't have to "cache" p->d, because *p
-			 * is declared 'const'... */
-	while (1)
-		{
-		while (ubits && !(udp[0]&1))
-			{
-			BN_ULONG u0,u1,b0,b1,mask;
-
-			u0   = udp[0];
-			b0   = bdp[0];
-			mask = (BN_ULONG)0-(b0&1);
-			b0  ^= p->d[0]&mask;
-			for (i=0;i<top-1;i++)
-				{
-				u1 = udp[i+1];
-				udp[i] = ((u0>>1)|(u1<<(BN_BITS2-1)))&BN_MASK2;
-				u0 = u1;
-				b1 = bdp[i+1]^(p->d[i+1]&mask);
-				bdp[i] = ((b0>>1)|(b1<<(BN_BITS2-1)))&BN_MASK2;
-				b0 = b1;
-				}
-			udp[i] = u0>>1;
-			bdp[i] = b0>>1;
-			ubits--;
-			}
-
-		if (ubits<=BN_BITS2 && udp[0]==1) break;
-
-		if (ubits<vbits)
-			{
-			i = ubits; ubits = vbits; vbits = i;
-			tmp = u; u = v; v = tmp;
-			tmp = b; b = c; c = tmp;
-			udp = vdp; vdp = v->d;
-			bdp = cdp; cdp = c->d;
-			}
-		for(i=0;i<top;i++)
-			{
-			udp[i] ^= vdp[i];
-			bdp[i] ^= cdp[i];
-			}
-		if (ubits==vbits)
-			{
-			BN_ULONG ul;
-			int utop = (ubits-1)/BN_BITS2;
-
-			while ((ul=udp[utop])==0 && utop) utop--;
-			ubits = utop*BN_BITS2 + BN_num_bits_word(ul);
-			}
-		}
-	bn_correct_top(b);
-	}
-#endif
-
-	if (!BN_copy(r, b)) goto err;
-	bn_check_top(r);
-	ret = 1;
-
-err:
-#ifdef BN_DEBUG /* BN_CTX_end would complain about the expanded form */
-        bn_correct_top(c);
-        bn_correct_top(u);
-        bn_correct_top(v);
-#endif
-  	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Invert xx, reduce modulo p, and store the result in r. r could be xx. 
- *
- * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_inv function.
- */
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx)
-	{
-	BIGNUM *field;
-	int ret = 0;
-
-	bn_check_top(xx);
-	BN_CTX_start(ctx);
-	if ((field = BN_CTX_get(ctx)) == NULL) goto err;
-	if (!BN_GF2m_arr2poly(p, field)) goto err;
-	
-	ret = BN_GF2m_mod_inv(r, xx, field, ctx);
-	bn_check_top(r);
-
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-
-#ifndef OPENSSL_SUN_GF2M_DIV
-/* Divide y by x, reduce modulo p, and store the result in r. r could be x 
- * or y, x could equal y.
- */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
-	{
-	BIGNUM *xinv = NULL;
-	int ret = 0;
-
-	bn_check_top(y);
-	bn_check_top(x);
-	bn_check_top(p);
-
-	BN_CTX_start(ctx);
-	xinv = BN_CTX_get(ctx);
-	if (xinv == NULL) goto err;
-	
-	if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err;
-	if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err;
-	bn_check_top(r);
-	ret = 1;
-
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-#else
-/* Divide y by x, reduce modulo p, and store the result in r. r could be x 
- * or y, x could equal y.
- * Uses algorithm Modular_Division_GF(2^m) from 
- *     Chang-Shantz, S.  "From Euclid's GCD to Montgomery Multiplication to 
- *     the Great Divide".
- */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
-	{
-	BIGNUM *a, *b, *u, *v;
-	int ret = 0;
-
-	bn_check_top(y);
-	bn_check_top(x);
-	bn_check_top(p);
-
-	BN_CTX_start(ctx);
-	
-	a = BN_CTX_get(ctx);
-	b = BN_CTX_get(ctx);
-	u = BN_CTX_get(ctx);
-	v = BN_CTX_get(ctx);
-	if (v == NULL) goto err;
-
-	/* reduce x and y mod p */
-	if (!BN_GF2m_mod(u, y, p)) goto err;
-	if (!BN_GF2m_mod(a, x, p)) goto err;
-	if (!BN_copy(b, p)) goto err;
-	
-	while (!BN_is_odd(a))
-		{
-		if (!BN_rshift1(a, a)) goto err;
-		if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
-		if (!BN_rshift1(u, u)) goto err;
-		}
-
-	do
-		{
-		if (BN_GF2m_cmp(b, a) > 0)
-			{
-			if (!BN_GF2m_add(b, b, a)) goto err;
-			if (!BN_GF2m_add(v, v, u)) goto err;
-			do
-				{
-				if (!BN_rshift1(b, b)) goto err;
-				if (BN_is_odd(v)) if (!BN_GF2m_add(v, v, p)) goto err;
-				if (!BN_rshift1(v, v)) goto err;
-				} while (!BN_is_odd(b));
-			}
-		else if (BN_abs_is_word(a, 1))
-			break;
-		else
-			{
-			if (!BN_GF2m_add(a, a, b)) goto err;
-			if (!BN_GF2m_add(u, u, v)) goto err;
-			do
-				{
-				if (!BN_rshift1(a, a)) goto err;
-				if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
-				if (!BN_rshift1(u, u)) goto err;
-				} while (!BN_is_odd(a));
-			}
-		} while (1);
-
-	if (!BN_copy(r, u)) goto err;
-	bn_check_top(r);
-	ret = 1;
-
-err:
-  	BN_CTX_end(ctx);
-	return ret;
-	}
-#endif
-
-/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx 
- * or yy, xx could equal yy.
- *
- * This function calls down to the BN_GF2m_mod_div implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_div function.
- */
-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const int p[], BN_CTX *ctx)
-	{
-	BIGNUM *field;
-	int ret = 0;
-
-	bn_check_top(yy);
-	bn_check_top(xx);
-
-	BN_CTX_start(ctx);
-	if ((field = BN_CTX_get(ctx)) == NULL) goto err;
-	if (!BN_GF2m_arr2poly(p, field)) goto err;
-	
-	ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
-	bn_check_top(r);
-
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-
-/* Compute the bth power of a, reduce modulo p, and store
- * the result in r.  r could be a.
- * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363.
- */
-int	BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], BN_CTX *ctx)
-	{
-	int ret = 0, i, n;
-	BIGNUM *u;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	if (BN_is_zero(b))
-		return(BN_one(r));
-
-	if (BN_abs_is_word(b, 1))
-		return (BN_copy(r, a) != NULL);
-
-	BN_CTX_start(ctx);
-	if ((u = BN_CTX_get(ctx)) == NULL) goto err;
-	
-	if (!BN_GF2m_mod_arr(u, a, p)) goto err;
-	
-	n = BN_num_bits(b) - 1;
-	for (i = n - 1; i >= 0; i--)
-		{
-		if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) goto err;
-		if (BN_is_bit_set(b, i))
-			{
-			if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) goto err;
-			}
-		}
-	if (!BN_copy(r, u)) goto err;
-	bn_check_top(r);
-	ret = 1;
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Compute the bth power of a, reduce modulo p, and store
- * the result in r.  r could be a.
- *
- * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_exp_arr function.
- */
-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
-	{
-	int ret = 0;
-	const int max = BN_num_bits(p) + 1;
-	int *arr=NULL;
-	bn_check_top(a);
-	bn_check_top(b);
-	bn_check_top(p);
-	if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
-	ret = BN_GF2m_poly2arr(p, arr, max);
-	if (!ret || ret > max)
-		{
-		BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH);
-		goto err;
-		}
-	ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
-	bn_check_top(r);
-err:
-	if (arr) OPENSSL_free(arr);
-	return ret;
-	}
-
-/* Compute the square root of a, reduce modulo p, and store
- * the result in r.  r could be a.
- * Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
- */
-int	BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx)
-	{
-	int ret = 0;
-	BIGNUM *u;
-
-	bn_check_top(a);
-
-	if (!p[0])
-		{
-		/* reduction mod 1 => return 0 */
-		BN_zero(r);
-		return 1;
-		}
-
-	BN_CTX_start(ctx);
-	if ((u = BN_CTX_get(ctx)) == NULL) goto err;
-	
-	if (!BN_set_bit(u, p[0] - 1)) goto err;
-	ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
-	bn_check_top(r);
-
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Compute the square root of a, reduce modulo p, and store
- * the result in r.  r could be a.
- *
- * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_sqrt_arr function.
- */
-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-	{
-	int ret = 0;
-	const int max = BN_num_bits(p) + 1;
-	int *arr=NULL;
-	bn_check_top(a);
-	bn_check_top(p);
-	if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
-	ret = BN_GF2m_poly2arr(p, arr, max);
-	if (!ret || ret > max)
-		{
-		BNerr(BN_F_BN_GF2M_MOD_SQRT,BN_R_INVALID_LENGTH);
-		goto err;
-		}
-	ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
-	bn_check_top(r);
-err:
-	if (arr) OPENSSL_free(arr);
-	return ret;
-	}
-
-/* Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns 0.
- * Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
- */
-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], BN_CTX *ctx)
-	{
-	int ret = 0, count = 0, j;
-	BIGNUM *a, *z, *rho, *w, *w2, *tmp;
-
-	bn_check_top(a_);
-
-	if (!p[0])
-		{
-		/* reduction mod 1 => return 0 */
-		BN_zero(r);
-		return 1;
-		}
-
-	BN_CTX_start(ctx);
-	a = BN_CTX_get(ctx);
-	z = BN_CTX_get(ctx);
-	w = BN_CTX_get(ctx);
-	if (w == NULL) goto err;
-
-	if (!BN_GF2m_mod_arr(a, a_, p)) goto err;
-	
-	if (BN_is_zero(a))
-		{
-		BN_zero(r);
-		ret = 1;
-		goto err;
-		}
-
-	if (p[0] & 0x1) /* m is odd */
-		{
-		/* compute half-trace of a */
-		if (!BN_copy(z, a)) goto err;
-		for (j = 1; j <= (p[0] - 1) / 2; j++)
-			{
-			if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
-			if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
-			if (!BN_GF2m_add(z, z, a)) goto err;
-			}
-		
-		}
-	else /* m is even */
-		{
-		rho = BN_CTX_get(ctx);
-		w2 = BN_CTX_get(ctx);
-		tmp = BN_CTX_get(ctx);
-		if (tmp == NULL) goto err;
-		do
-			{
-			if (!BN_rand(rho, p[0], 0, 0)) goto err;
-			if (!BN_GF2m_mod_arr(rho, rho, p)) goto err;
-			BN_zero(z);
-			if (!BN_copy(w, rho)) goto err;
-			for (j = 1; j <= p[0] - 1; j++)
-				{
-				if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
-				if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err;
-				if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) goto err;
-				if (!BN_GF2m_add(z, z, tmp)) goto err;
-				if (!BN_GF2m_add(w, w2, rho)) goto err;
-				}
-			count++;
-			} while (BN_is_zero(w) && (count < MAX_ITERATIONS));
-		if (BN_is_zero(w))
-			{
-			BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,BN_R_TOO_MANY_ITERATIONS);
-			goto err;
-			}
-		}
-	
-	if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err;
-	if (!BN_GF2m_add(w, z, w)) goto err;
-	if (BN_GF2m_cmp(w, a))
-		{
-		BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
-		goto err;
-		}
-
-	if (!BN_copy(r, z)) goto err;
-	bn_check_top(r);
-
-	ret = 1;
-
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns 0.
- *
- * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_solve_quad_arr function.
- */
-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-	{
-	int ret = 0;
-	const int max = BN_num_bits(p) + 1;
-	int *arr=NULL;
-	bn_check_top(a);
-	bn_check_top(p);
-	if ((arr = (int *)OPENSSL_malloc(sizeof(int) *
-						max)) == NULL) goto err;
-	ret = BN_GF2m_poly2arr(p, arr, max);
-	if (!ret || ret > max)
-		{
-		BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH);
-		goto err;
-		}
-	ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
-	bn_check_top(r);
-err:
-	if (arr) OPENSSL_free(arr);
-	return ret;
-	}
-
-/* Convert the bit-string representation of a polynomial
- * ( \sum_{i=0}^n a_i * x^i) into an array of integers corresponding 
- * to the bits with non-zero coefficient.  Array is terminated with -1.
- * Up to max elements of the array will be filled.  Return value is total
- * number of array elements that would be filled if array was large enough.
- */
-int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
-	{
-	int i, j, k = 0;
-	BN_ULONG mask;
-
-	if (BN_is_zero(a))
-		return 0;
-
-	for (i = a->top - 1; i >= 0; i--)
-		{
-		if (!a->d[i])
-			/* skip word if a->d[i] == 0 */
-			continue;
-		mask = BN_TBIT;
-		for (j = BN_BITS2 - 1; j >= 0; j--)
-			{
-			if (a->d[i] & mask) 
-				{
-				if (k < max) p[k] = BN_BITS2 * i + j;
-				k++;
-				}
-			mask >>= 1;
-			}
-		}
-
-	if (k < max) {
-		p[k] = -1;
-		k++;
-	}
-
-	return k;
-	}
-
-/* Convert the coefficient array representation of a polynomial to a 
- * bit-string.  The array must be terminated by -1.
- */
-int BN_GF2m_arr2poly(const int p[], BIGNUM *a)
-	{
-	int i;
-
-	bn_check_top(a);
-	BN_zero(a);
-	for (i = 0; p[i] != -1; i++)
-		{
-		if (BN_set_bit(a, p[i]) == 0)
-			return 0;
-		}
-	bn_check_top(a);
-
-	return 1;
-	}
-
-#endif
diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c
deleted file mode 100644
index 740359b752..0000000000
--- a/crypto/bn/bn_kron.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/* crypto/bn/bn_kron.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* least significant word */
-#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
-
-/* Returns -2 for errors because both -1 and 0 are valid results. */
-int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	int i;
-	int ret = -2; /* avoid 'uninitialized' warning */
-	int err = 0;
-	BIGNUM *A, *B, *tmp;
-	/* In 'tab', only odd-indexed entries are relevant:
-	 * For any odd BIGNUM n,
-	 *     tab[BN_lsw(n) & 7]
-	 * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
-	 * Note that the sign of n does not matter.
-	 */
-	static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1};
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	BN_CTX_start(ctx);
-	A = BN_CTX_get(ctx);
-	B = BN_CTX_get(ctx);
-	if (B == NULL) goto end;
-	
-	err = !BN_copy(A, a);
-	if (err) goto end;
-	err = !BN_copy(B, b);
-	if (err) goto end;
-
-	/*
-	 * Kronecker symbol, imlemented according to Henri Cohen,
-	 * "A Course in Computational Algebraic Number Theory"
-	 * (algorithm 1.4.10).
-	 */
-
-	/* Cohen's step 1: */
-
-	if (BN_is_zero(B))
-		{
-		ret = BN_abs_is_word(A, 1);
-		goto end;
- 		}
-	
-	/* Cohen's step 2: */
-
-	if (!BN_is_odd(A) && !BN_is_odd(B))
-		{
-		ret = 0;
-		goto end;
-		}
-
-	/* now  B  is non-zero */
-	i = 0;
-	while (!BN_is_bit_set(B, i))
-		i++;
-	err = !BN_rshift(B, B, i);
-	if (err) goto end;
-	if (i & 1)
-		{
-		/* i is odd */
-		/* (thus  B  was even, thus  A  must be odd!)  */
-
-		/* set 'ret' to $(-1)^{(A^2-1)/8}$ */
-		ret = tab[BN_lsw(A) & 7];
-		}
-	else
-		{
-		/* i is even */
-		ret = 1;
-		}
-	
-	if (B->neg)
-		{
-		B->neg = 0;
-		if (A->neg)
-			ret = -ret;
-		}
-
-	/* now  B  is positive and odd, so what remains to be done is
-	 * to compute the Jacobi symbol  (A/B)  and multiply it by 'ret' */
-
-	while (1)
-		{
-		/* Cohen's step 3: */
-
-		/*  B  is positive and odd */
-
-		if (BN_is_zero(A))
-			{
-			ret = BN_is_one(B) ? ret : 0;
-			goto end;
-			}
-
-		/* now  A  is non-zero */
-		i = 0;
-		while (!BN_is_bit_set(A, i))
-			i++;
-		err = !BN_rshift(A, A, i);
-		if (err) goto end;
-		if (i & 1)
-			{
-			/* i is odd */
-			/* multiply 'ret' by  $(-1)^{(B^2-1)/8}$ */
-			ret = ret * tab[BN_lsw(B) & 7];
-			}
-	
-		/* Cohen's step 4: */
-		/* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */
-		if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
-			ret = -ret;
-		
-		/* (A, B) := (B mod |A|, |A|) */
-		err = !BN_nnmod(B, B, A, ctx);
-		if (err) goto end;
-		tmp = A; A = B; B = tmp;
-		tmp->neg = 0;
-		}
-end:
-	BN_CTX_end(ctx);
-	if (err)
-		return -2;
-	else
-		return ret;
-	}
diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
deleted file mode 100644
index 817c773b65..0000000000
--- a/crypto/bn/bn_lcl.h
+++ /dev/null
@@ -1,515 +0,0 @@
-/* crypto/bn/bn_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_BN_LCL_H
-#define HEADER_BN_LCL_H
-
-#include <openssl/bn.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-/*
- * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
- *
- *
- * For window size 'w' (w >= 2) and a random 'b' bits exponent,
- * the number of multiplications is a constant plus on average
- *
- *    2^(w-1) + (b-w)/(w+1);
- *
- * here  2^(w-1)  is for precomputing the table (we actually need
- * entries only for windows that have the lowest bit set), and
- * (b-w)/(w+1)  is an approximation for the expected number of
- * w-bit windows, not counting the first one.
- *
- * Thus we should use
- *
- *    w >= 6  if        b > 671
- *     w = 5  if  671 > b > 239
- *     w = 4  if  239 > b >  79
- *     w = 3  if   79 > b >  23
- *    w <= 2  if   23 > b
- *
- * (with draws in between).  Very small exponents are often selected
- * with low Hamming weight, so we use  w = 1  for b <= 23.
- */
-#if 1
-#define BN_window_bits_for_exponent_size(b) \
-		((b) > 671 ? 6 : \
-		 (b) > 239 ? 5 : \
-		 (b) >  79 ? 4 : \
-		 (b) >  23 ? 3 : 1)
-#else
-/* Old SSLeay/OpenSSL table.
- * Maximum window size was 5, so this table differs for b==1024;
- * but it coincides for other interesting values (b==160, b==512).
- */
-#define BN_window_bits_for_exponent_size(b) \
-		((b) > 255 ? 5 : \
-		 (b) > 127 ? 4 : \
-		 (b) >  17 ? 3 : 1)
-#endif	 
-
-
-
-/* BN_mod_exp_mont_conttime is based on the assumption that the
- * L1 data cache line width of the target processor is at least
- * the following value.
- */
-#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH	( 64 )
-#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK	(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
-
-/* Window sizes optimized for fixed window size modular exponentiation
- * algorithm (BN_mod_exp_mont_consttime).
- *
- * To achieve the security goals of BN_mode_exp_mont_consttime, the
- * maximum size of the window must not exceed
- * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). 
- *
- * Window size thresholds are defined for cache line sizes of 32 and 64,
- * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
- * window size of 7 should only be used on processors that have a 128
- * byte or greater cache line size.
- */
-#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
-
-#  define BN_window_bits_for_ctime_exponent_size(b) \
-		((b) > 937 ? 6 : \
-		 (b) > 306 ? 5 : \
-		 (b) >  89 ? 4 : \
-		 (b) >  22 ? 3 : 1)
-#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE	(6)
-
-#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
-
-#  define BN_window_bits_for_ctime_exponent_size(b) \
-		((b) > 306 ? 5 : \
-		 (b) >  89 ? 4 : \
-		 (b) >  22 ? 3 : 1)
-#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE	(5)
-
-#endif
-
-
-/* Pentium pro 16,16,16,32,64 */
-/* Alpha       16,16,16,16.64 */
-#define BN_MULL_SIZE_NORMAL			(16) /* 32 */
-#define BN_MUL_RECURSIVE_SIZE_NORMAL		(16) /* 32 less than */
-#define BN_SQR_RECURSIVE_SIZE_NORMAL		(16) /* 32 */
-#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL	(32) /* 32 */
-#define BN_MONT_CTX_SET_SIZE_WORD		(64) /* 32 */
-
-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
-/*
- * BN_UMULT_HIGH section.
- *
- * No, I'm not trying to overwhelm you when stating that the
- * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
- * you to be impressed when I say that if the compiler doesn't
- * support 2*N integer type, then you have to replace every N*N
- * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
- * and additions which unavoidably results in severe performance
- * penalties. Of course provided that the hardware is capable of
- * producing 2*N result... That's when you normally start
- * considering assembler implementation. However! It should be
- * pointed out that some CPUs (most notably Alpha, PowerPC and
- * upcoming IA-64 family:-) provide *separate* instruction
- * calculating the upper half of the product placing the result
- * into a general purpose register. Now *if* the compiler supports
- * inline assembler, then it's not impossible to implement the
- * "bignum" routines (and have the compiler optimize 'em)
- * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
- * macro is about:-)
- *
- *					<appro@fy.chalmers.se>
- */
-# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
-#  if defined(__DECC)
-#   include <c_asm.h>
-#   define BN_UMULT_HIGH(a,b)	(BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
-#  elif defined(__GNUC__) && __GNUC__>=2
-#   define BN_UMULT_HIGH(a,b)	({	\
-	register BN_ULONG ret;		\
-	asm ("umulh	%1,%2,%0"	\
-	     : "=r"(ret)		\
-	     : "r"(a), "r"(b));		\
-	ret;			})
-#  endif	/* compiler */
-# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
-#  if defined(__GNUC__) && __GNUC__>=2
-#   define BN_UMULT_HIGH(a,b)	({	\
-	register BN_ULONG ret;		\
-	asm ("mulhdu	%0,%1,%2"	\
-	     : "=r"(ret)		\
-	     : "r"(a), "r"(b));		\
-	ret;			})
-#  endif	/* compiler */
-# elif (defined(__x86_64) || defined(__x86_64__)) && \
-       (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
-#  if defined(__GNUC__) && __GNUC__>=2
-#   define BN_UMULT_HIGH(a,b)	({	\
-	register BN_ULONG ret,discard;	\
-	asm ("mulq	%3"		\
-	     : "=a"(discard),"=d"(ret)	\
-	     : "a"(a), "g"(b)		\
-	     : "cc");			\
-	ret;			})
-#   define BN_UMULT_LOHI(low,high,a,b)	\
-	asm ("mulq	%3"		\
-		: "=a"(low),"=d"(high)	\
-		: "a"(a),"g"(b)		\
-		: "cc");
-#  endif
-# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT)
-#  if defined(_MSC_VER) && _MSC_VER>=1400
-    unsigned __int64 __umulh	(unsigned __int64 a,unsigned __int64 b);
-    unsigned __int64 _umul128	(unsigned __int64 a,unsigned __int64 b,
-				 unsigned __int64 *h);
-#   pragma intrinsic(__umulh,_umul128)
-#   define BN_UMULT_HIGH(a,b)		__umulh((a),(b))
-#   define BN_UMULT_LOHI(low,high,a,b)	((low)=_umul128((a),(b),&(high)))
-#  endif
-# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
-#  if defined(__GNUC__) && __GNUC__>=2
-#   if __GNUC__>=4 && __GNUC_MINOR__>=4 /* "h" constraint is no more since 4.4 */
-#     define BN_UMULT_HIGH(a,b)		 (((__uint128_t)(a)*(b))>>64)
-#     define BN_UMULT_LOHI(low,high,a,b) ({	\
-	__uint128_t ret=(__uint128_t)(a)*(b);	\
-	(high)=ret>>64; (low)=ret;	 })
-#   else
-#     define BN_UMULT_HIGH(a,b)	({	\
-	register BN_ULONG ret;		\
-	asm ("dmultu	%1,%2"		\
-	     : "=h"(ret)		\
-	     : "r"(a), "r"(b) : "l");	\
-	ret;			})
-#     define BN_UMULT_LOHI(low,high,a,b)\
-	asm ("dmultu	%2,%3"		\
-	     : "=l"(low),"=h"(high)	\
-	     : "r"(a), "r"(b));
-#    endif
-#  endif
-# endif		/* cpu */
-#endif		/* OPENSSL_NO_ASM */
-
-/*************************************************************
- * Using the long long type
- */
-#define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
-#define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
-
-#ifdef BN_DEBUG_RAND
-#define bn_clear_top2max(a) \
-	{ \
-	int      ind = (a)->dmax - (a)->top; \
-	BN_ULONG *ftl = &(a)->d[(a)->top-1]; \
-	for (; ind != 0; ind--) \
-		*(++ftl) = 0x0; \
-	}
-#else
-#define bn_clear_top2max(a)
-#endif
-
-#ifdef BN_LLONG
-#define mul_add(r,a,w,c) { \
-	BN_ULLONG t; \
-	t=(BN_ULLONG)w * (a) + (r) + (c); \
-	(r)= Lw(t); \
-	(c)= Hw(t); \
-	}
-
-#define mul(r,a,w,c) { \
-	BN_ULLONG t; \
-	t=(BN_ULLONG)w * (a) + (c); \
-	(r)= Lw(t); \
-	(c)= Hw(t); \
-	}
-
-#define sqr(r0,r1,a) { \
-	BN_ULLONG t; \
-	t=(BN_ULLONG)(a)*(a); \
-	(r0)=Lw(t); \
-	(r1)=Hw(t); \
-	}
-
-#elif defined(BN_UMULT_LOHI)
-#define mul_add(r,a,w,c) {		\
-	BN_ULONG high,low,ret,tmp=(a);	\
-	ret =  (r);			\
-	BN_UMULT_LOHI(low,high,w,tmp);	\
-	ret += (c);			\
-	(c) =  (ret<(c))?1:0;		\
-	(c) += high;			\
-	ret += low;			\
-	(c) += (ret<low)?1:0;		\
-	(r) =  ret;			\
-	}
-
-#define mul(r,a,w,c)	{		\
-	BN_ULONG high,low,ret,ta=(a);	\
-	BN_UMULT_LOHI(low,high,w,ta);	\
-	ret =  low + (c);		\
-	(c) =  high;			\
-	(c) += (ret<low)?1:0;		\
-	(r) =  ret;			\
-	}
-
-#define sqr(r0,r1,a)	{		\
-	BN_ULONG tmp=(a);		\
-	BN_UMULT_LOHI(r0,r1,tmp,tmp);	\
-	}
-
-#elif defined(BN_UMULT_HIGH)
-#define mul_add(r,a,w,c) {		\
-	BN_ULONG high,low,ret,tmp=(a);	\
-	ret =  (r);			\
-	high=  BN_UMULT_HIGH(w,tmp);	\
-	ret += (c);			\
-	low =  (w) * tmp;		\
-	(c) =  (ret<(c))?1:0;		\
-	(c) += high;			\
-	ret += low;			\
-	(c) += (ret<low)?1:0;		\
-	(r) =  ret;			\
-	}
-
-#define mul(r,a,w,c)	{		\
-	BN_ULONG high,low,ret,ta=(a);	\
-	low =  (w) * ta;		\
-	high=  BN_UMULT_HIGH(w,ta);	\
-	ret =  low + (c);		\
-	(c) =  high;			\
-	(c) += (ret<low)?1:0;		\
-	(r) =  ret;			\
-	}
-
-#define sqr(r0,r1,a)	{		\
-	BN_ULONG tmp=(a);		\
-	(r0) = tmp * tmp;		\
-	(r1) = BN_UMULT_HIGH(tmp,tmp);	\
-	}
-
-#else
-/*************************************************************
- * No long long type
- */
-
-#define LBITS(a)	((a)&BN_MASK2l)
-#define HBITS(a)	(((a)>>BN_BITS4)&BN_MASK2l)
-#define	L2HBITS(a)	(((a)<<BN_BITS4)&BN_MASK2)
-
-#define LLBITS(a)	((a)&BN_MASKl)
-#define LHBITS(a)	(((a)>>BN_BITS2)&BN_MASKl)
-#define	LL2HBITS(a)	((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
-
-#define mul64(l,h,bl,bh) \
-	{ \
-	BN_ULONG m,m1,lt,ht; \
- \
-	lt=l; \
-	ht=h; \
-	m =(bh)*(lt); \
-	lt=(bl)*(lt); \
-	m1=(bl)*(ht); \
-	ht =(bh)*(ht); \
-	m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
-	ht+=HBITS(m); \
-	m1=L2HBITS(m); \
-	lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
-	(l)=lt; \
-	(h)=ht; \
-	}
-
-#define sqr64(lo,ho,in) \
-	{ \
-	BN_ULONG l,h,m; \
- \
-	h=(in); \
-	l=LBITS(h); \
-	h=HBITS(h); \
-	m =(l)*(h); \
-	l*=l; \
-	h*=h; \
-	h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
-	m =(m&BN_MASK2l)<<(BN_BITS4+1); \
-	l=(l+m)&BN_MASK2; if (l < m) h++; \
-	(lo)=l; \
-	(ho)=h; \
-	}
-
-#define mul_add(r,a,bl,bh,c) { \
-	BN_ULONG l,h; \
- \
-	h= (a); \
-	l=LBITS(h); \
-	h=HBITS(h); \
-	mul64(l,h,(bl),(bh)); \
- \
-	/* non-multiply part */ \
-	l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
-	(c)=(r); \
-	l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
-	(c)=h&BN_MASK2; \
-	(r)=l; \
-	}
-
-#define mul(r,a,bl,bh,c) { \
-	BN_ULONG l,h; \
- \
-	h= (a); \
-	l=LBITS(h); \
-	h=HBITS(h); \
-	mul64(l,h,(bl),(bh)); \
- \
-	/* non-multiply part */ \
-	l+=(c); if ((l&BN_MASK2) < (c)) h++; \
-	(c)=h&BN_MASK2; \
-	(r)=l&BN_MASK2; \
-	}
-#endif /* !BN_LLONG */
-
-#if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS)
-#undef bn_div_words
-#endif
-
-void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
-void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
-void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a);
-void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
-int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
-	int cl, int dl);
-void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
-	int dna,int dnb,BN_ULONG *t);
-void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
-	int n,int tna,int tnb,BN_ULONG *t);
-void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
-void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
-	BN_ULONG *t);
-void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
-	BN_ULONG *t);
-BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
-	int cl, int dl);
-BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
-	int cl, int dl);
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
deleted file mode 100644
index d5a211e288..0000000000
--- a/crypto/bn/bn_lib.c
+++ /dev/null
@@ -1,887 +0,0 @@
-/* crypto/bn/bn_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <assert.h>
-#include <limits.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
-
-/* This stuff appears to be completely unused, so is deprecated */
-#ifndef OPENSSL_NO_DEPRECATED
-/* For a 32 bit machine
- * 2 -   4 ==  128
- * 3 -   8 ==  256
- * 4 -  16 ==  512
- * 5 -  32 == 1024
- * 6 -  64 == 2048
- * 7 - 128 == 4096
- * 8 - 256 == 8192
- */
-static int bn_limit_bits=0;
-static int bn_limit_num=8;        /* (1<<bn_limit_bits) */
-static int bn_limit_bits_low=0;
-static int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */
-static int bn_limit_bits_high=0;
-static int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */
-static int bn_limit_bits_mont=0;
-static int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */
-
-void BN_set_params(int mult, int high, int low, int mont)
-	{
-	if (mult >= 0)
-		{
-		if (mult > (int)(sizeof(int)*8)-1)
-			mult=sizeof(int)*8-1;
-		bn_limit_bits=mult;
-		bn_limit_num=1<<mult;
-		}
-	if (high >= 0)
-		{
-		if (high > (int)(sizeof(int)*8)-1)
-			high=sizeof(int)*8-1;
-		bn_limit_bits_high=high;
-		bn_limit_num_high=1<<high;
-		}
-	if (low >= 0)
-		{
-		if (low > (int)(sizeof(int)*8)-1)
-			low=sizeof(int)*8-1;
-		bn_limit_bits_low=low;
-		bn_limit_num_low=1<<low;
-		}
-	if (mont >= 0)
-		{
-		if (mont > (int)(sizeof(int)*8)-1)
-			mont=sizeof(int)*8-1;
-		bn_limit_bits_mont=mont;
-		bn_limit_num_mont=1<<mont;
-		}
-	}
-
-int BN_get_params(int which)
-	{
-	if      (which == 0) return(bn_limit_bits);
-	else if (which == 1) return(bn_limit_bits_high);
-	else if (which == 2) return(bn_limit_bits_low);
-	else if (which == 3) return(bn_limit_bits_mont);
-	else return(0);
-	}
-#endif
-
-const BIGNUM *BN_value_one(void)
-	{
-	static const BN_ULONG data_one=1L;
-	static const BIGNUM const_one={(BN_ULONG *)&data_one,1,1,0,BN_FLG_STATIC_DATA};
-
-	return(&const_one);
-	}
-
-int BN_num_bits_word(BN_ULONG l)
-	{
-	static const unsigned char bits[256]={
-		0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
-		5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
-		6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
-		6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
-		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
-		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
-		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
-		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		};
-
-#if defined(SIXTY_FOUR_BIT_LONG)
-	if (l & 0xffffffff00000000L)
-		{
-		if (l & 0xffff000000000000L)
-			{
-			if (l & 0xff00000000000000L)
-				{
-				return(bits[(int)(l>>56)]+56);
-				}
-			else	return(bits[(int)(l>>48)]+48);
-			}
-		else
-			{
-			if (l & 0x0000ff0000000000L)
-				{
-				return(bits[(int)(l>>40)]+40);
-				}
-			else	return(bits[(int)(l>>32)]+32);
-			}
-		}
-	else
-#else
-#ifdef SIXTY_FOUR_BIT
-	if (l & 0xffffffff00000000LL)
-		{
-		if (l & 0xffff000000000000LL)
-			{
-			if (l & 0xff00000000000000LL)
-				{
-				return(bits[(int)(l>>56)]+56);
-				}
-			else	return(bits[(int)(l>>48)]+48);
-			}
-		else
-			{
-			if (l & 0x0000ff0000000000LL)
-				{
-				return(bits[(int)(l>>40)]+40);
-				}
-			else	return(bits[(int)(l>>32)]+32);
-			}
-		}
-	else
-#endif
-#endif
-		{
-#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-		if (l & 0xffff0000L)
-			{
-			if (l & 0xff000000L)
-				return(bits[(int)(l>>24L)]+24);
-			else	return(bits[(int)(l>>16L)]+16);
-			}
-		else
-#endif
-			{
-#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-			if (l & 0xff00L)
-				return(bits[(int)(l>>8)]+8);
-			else	
-#endif
-				return(bits[(int)(l   )]  );
-			}
-		}
-	}
-
-int BN_num_bits(const BIGNUM *a)
-	{
-	int i = a->top - 1;
-	bn_check_top(a);
-
-	if (BN_is_zero(a)) return 0;
-	return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));
-	}
-
-void BN_clear_free(BIGNUM *a)
-	{
-	int i;
-
-	if (a == NULL) return;
-	bn_check_top(a);
-	if (a->d != NULL)
-		{
-		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
-		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
-			OPENSSL_free(a->d);
-		}
-	i=BN_get_flags(a,BN_FLG_MALLOCED);
-	OPENSSL_cleanse(a,sizeof(BIGNUM));
-	if (i)
-		OPENSSL_free(a);
-	}
-
-void BN_free(BIGNUM *a)
-	{
-	if (a == NULL) return;
-	bn_check_top(a);
-	if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
-		OPENSSL_free(a->d);
-	if (a->flags & BN_FLG_MALLOCED)
-		OPENSSL_free(a);
-	else
-		{
-#ifndef OPENSSL_NO_DEPRECATED
-		a->flags|=BN_FLG_FREE;
-#endif
-		a->d = NULL;
-		}
-	}
-
-void BN_init(BIGNUM *a)
-	{
-	memset(a,0,sizeof(BIGNUM));
-	bn_check_top(a);
-	}
-
-BIGNUM *BN_new(void)
-	{
-	BIGNUM *ret;
-
-	if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
-		{
-		BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->flags=BN_FLG_MALLOCED;
-	ret->top=0;
-	ret->neg=0;
-	ret->dmax=0;
-	ret->d=NULL;
-	bn_check_top(ret);
-	return(ret);
-	}
-
-/* This is used both by bn_expand2() and bn_dup_expand() */
-/* The caller MUST check that words > b->dmax before calling this */
-static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
-	{
-	BN_ULONG *A,*a = NULL;
-	const BN_ULONG *B;
-	int i;
-
-	bn_check_top(b);
-
-	if (words > (INT_MAX/(4*BN_BITS2)))
-		{
-		BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
-		return NULL;
-		}
-	if (BN_get_flags(b,BN_FLG_STATIC_DATA))
-		{
-		BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
-		return(NULL);
-		}
-	a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words);
-	if (A == NULL)
-		{
-		BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-#ifdef PURIFY
-	/* Valgrind complains in BN_consttime_swap because we process the whole
-	 * array even if it's not initialised yet. This doesn't matter in that
-	 * function - what's important is constant time operation (we're not
-	 * actually going to use the data)
-	*/
-	memset(a, 0, sizeof(BN_ULONG)*words);
-#endif
-
-#if 1
-	B=b->d;
-	/* Check if the previous number needs to be copied */
-	if (B != NULL)
-		{
-		for (i=b->top>>2; i>0; i--,A+=4,B+=4)
-			{
-			/*
-			 * The fact that the loop is unrolled
-			 * 4-wise is a tribute to Intel. It's
-			 * the one that doesn't have enough
-			 * registers to accomodate more data.
-			 * I'd unroll it 8-wise otherwise:-)
-			 *
-			 *		<appro@fy.chalmers.se>
-			 */
-			BN_ULONG a0,a1,a2,a3;
-			a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
-			A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
-			}
-		switch (b->top&3)
-			{
-		case 3:	A[2]=B[2];
-		case 2:	A[1]=B[1];
-		case 1:	A[0]=B[0];
-		case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
-		         * the switch table by doing a=top&3; a--; goto jump_table[a];
-		         * which fails for top== 0 */
-			;
-			}
-		}
-
-#else
-	memset(A,0,sizeof(BN_ULONG)*words);
-	memcpy(A,b->d,sizeof(b->d[0])*b->top);
-#endif
-		
-	return(a);
-	}
-
-/* This is an internal function that can be used instead of bn_expand2()
- * when there is a need to copy BIGNUMs instead of only expanding the
- * data part, while still expanding them.
- * Especially useful when needing to expand BIGNUMs that are declared
- * 'const' and should therefore not be changed.
- * The reason to use this instead of a BN_dup() followed by a bn_expand2()
- * is memory allocation overhead.  A BN_dup() followed by a bn_expand2()
- * will allocate new memory for the BIGNUM data twice, and free it once,
- * while bn_dup_expand() makes sure allocation is made only once.
- */
-
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
-	{
-	BIGNUM *r = NULL;
-
-	bn_check_top(b);
-
-	/* This function does not work if
-	 *      words <= b->dmax && top < words
-	 * because BN_dup() does not preserve 'dmax'!
-	 * (But bn_dup_expand() is not used anywhere yet.)
-	 */
-
-	if (words > b->dmax)
-		{
-		BN_ULONG *a = bn_expand_internal(b, words);
-
-		if (a)
-			{
-			r = BN_new();
-			if (r)
-				{
-				r->top = b->top;
-				r->dmax = words;
-				r->neg = b->neg;
-				r->d = a;
-				}
-			else
-				{
-				/* r == NULL, BN_new failure */
-				OPENSSL_free(a);
-				}
-			}
-		/* If a == NULL, there was an error in allocation in
-		   bn_expand_internal(), and NULL should be returned */
-		}
-	else
-		{
-		r = BN_dup(b);
-		}
-
-	bn_check_top(r);
-	return r;
-	}
-#endif
-
-/* This is an internal function that should not be used in applications.
- * It ensures that 'b' has enough room for a 'words' word number
- * and initialises any unused part of b->d with leading zeros.
- * It is mostly used by the various BIGNUM routines. If there is an error,
- * NULL is returned. If not, 'b' is returned. */
-
-BIGNUM *bn_expand2(BIGNUM *b, int words)
-	{
-	bn_check_top(b);
-
-	if (words > b->dmax)
-		{
-		BN_ULONG *a = bn_expand_internal(b, words);
-		if(!a) return NULL;
-		if(b->d) OPENSSL_free(b->d);
-		b->d=a;
-		b->dmax=words;
-		}
-
-/* None of this should be necessary because of what b->top means! */
-#if 0
-	/* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
-	if (b->top < b->dmax)
-		{
-		int i;
-		BN_ULONG *A = &(b->d[b->top]);
-		for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
-			{
-			A[0]=0; A[1]=0; A[2]=0; A[3]=0;
-			A[4]=0; A[5]=0; A[6]=0; A[7]=0;
-			}
-		for (i=(b->dmax - b->top)&7; i>0; i--,A++)
-			A[0]=0;
-		assert(A == &(b->d[b->dmax]));
-		}
-#endif
-	bn_check_top(b);
-	return b;
-	}
-
-BIGNUM *BN_dup(const BIGNUM *a)
-	{
-	BIGNUM *t;
-
-	if (a == NULL) return NULL;
-	bn_check_top(a);
-
-	t = BN_new();
-	if (t == NULL) return NULL;
-	if(!BN_copy(t, a))
-		{
-		BN_free(t);
-		return NULL;
-		}
-	bn_check_top(t);
-	return t;
-	}
-
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
-	{
-	int i;
-	BN_ULONG *A;
-	const BN_ULONG *B;
-
-	bn_check_top(b);
-
-	if (a == b) return(a);
-	if (bn_wexpand(a,b->top) == NULL) return(NULL);
-
-#if 1
-	A=a->d;
-	B=b->d;
-	for (i=b->top>>2; i>0; i--,A+=4,B+=4)
-		{
-		BN_ULONG a0,a1,a2,a3;
-		a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
-		A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
-		}
-	switch (b->top&3)
-		{
-		case 3: A[2]=B[2];
-		case 2: A[1]=B[1];
-		case 1: A[0]=B[0];
-		case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
-		}
-#else
-	memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
-#endif
-
-	a->top=b->top;
-	a->neg=b->neg;
-	bn_check_top(a);
-	return(a);
-	}
-
-void BN_swap(BIGNUM *a, BIGNUM *b)
-	{
-	int flags_old_a, flags_old_b;
-	BN_ULONG *tmp_d;
-	int tmp_top, tmp_dmax, tmp_neg;
-	
-	bn_check_top(a);
-	bn_check_top(b);
-
-	flags_old_a = a->flags;
-	flags_old_b = b->flags;
-
-	tmp_d = a->d;
-	tmp_top = a->top;
-	tmp_dmax = a->dmax;
-	tmp_neg = a->neg;
-	
-	a->d = b->d;
-	a->top = b->top;
-	a->dmax = b->dmax;
-	a->neg = b->neg;
-	
-	b->d = tmp_d;
-	b->top = tmp_top;
-	b->dmax = tmp_dmax;
-	b->neg = tmp_neg;
-	
-	a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
-	b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
-	bn_check_top(a);
-	bn_check_top(b);
-	}
-
-void BN_clear(BIGNUM *a)
-	{
-	bn_check_top(a);
-	if (a->d != NULL)
-		memset(a->d,0,a->dmax*sizeof(a->d[0]));
-	a->top=0;
-	a->neg=0;
-	}
-
-BN_ULONG BN_get_word(const BIGNUM *a)
-	{
-	if (a->top > 1)
-		return BN_MASK2;
-	else if (a->top == 1)
-		return a->d[0];
-	/* a->top == 0 */
-	return 0;
-	}
-
-int BN_set_word(BIGNUM *a, BN_ULONG w)
-	{
-	bn_check_top(a);
-	if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);
-	a->neg = 0;
-	a->d[0] = w;
-	a->top = (w ? 1 : 0);
-	bn_check_top(a);
-	return(1);
-	}
-
-BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
-	{
-	unsigned int i,m;
-	unsigned int n;
-	BN_ULONG l;
-	BIGNUM  *bn = NULL;
-
-	if (ret == NULL)
-		ret = bn = BN_new();
-	if (ret == NULL) return(NULL);
-	bn_check_top(ret);
-	l=0;
-	n=len;
-	if (n == 0)
-		{
-		ret->top=0;
-		return(ret);
-		}
-	i=((n-1)/BN_BYTES)+1;
-	m=((n-1)%(BN_BYTES));
-	if (bn_wexpand(ret, (int)i) == NULL)
-		{
-		if (bn) BN_free(bn);
-		return NULL;
-		}
-	ret->top=i;
-	ret->neg=0;
-	while (n--)
-		{
-		l=(l<<8L)| *(s++);
-		if (m-- == 0)
-			{
-			ret->d[--i]=l;
-			l=0;
-			m=BN_BYTES-1;
-			}
-		}
-	/* need to call this due to clear byte at top if avoiding
-	 * having the top bit set (-ve number) */
-	bn_correct_top(ret);
-	return(ret);
-	}
-
-/* ignore negative */
-int BN_bn2bin(const BIGNUM *a, unsigned char *to)
-	{
-	int n,i;
-	BN_ULONG l;
-
-	bn_check_top(a);
-	n=i=BN_num_bytes(a);
-	while (i--)
-		{
-		l=a->d[i/BN_BYTES];
-		*(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
-		}
-	return(n);
-	}
-
-int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
-	{
-	int i;
-	BN_ULONG t1,t2,*ap,*bp;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	i=a->top-b->top;
-	if (i != 0) return(i);
-	ap=a->d;
-	bp=b->d;
-	for (i=a->top-1; i>=0; i--)
-		{
-		t1= ap[i];
-		t2= bp[i];
-		if (t1 != t2)
-			return((t1 > t2) ? 1 : -1);
-		}
-	return(0);
-	}
-
-int BN_cmp(const BIGNUM *a, const BIGNUM *b)
-	{
-	int i;
-	int gt,lt;
-	BN_ULONG t1,t2;
-
-	if ((a == NULL) || (b == NULL))
-		{
-		if (a != NULL)
-			return(-1);
-		else if (b != NULL)
-			return(1);
-		else
-			return(0);
-		}
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	if (a->neg != b->neg)
-		{
-		if (a->neg)
-			return(-1);
-		else	return(1);
-		}
-	if (a->neg == 0)
-		{ gt=1; lt= -1; }
-	else	{ gt= -1; lt=1; }
-
-	if (a->top > b->top) return(gt);
-	if (a->top < b->top) return(lt);
-	for (i=a->top-1; i>=0; i--)
-		{
-		t1=a->d[i];
-		t2=b->d[i];
-		if (t1 > t2) return(gt);
-		if (t1 < t2) return(lt);
-		}
-	return(0);
-	}
-
-int BN_set_bit(BIGNUM *a, int n)
-	{
-	int i,j,k;
-
-	if (n < 0)
-		return 0;
-
-	i=n/BN_BITS2;
-	j=n%BN_BITS2;
-	if (a->top <= i)
-		{
-		if (bn_wexpand(a,i+1) == NULL) return(0);
-		for(k=a->top; k<i+1; k++)
-			a->d[k]=0;
-		a->top=i+1;
-		}
-
-	a->d[i]|=(((BN_ULONG)1)<<j);
-	bn_check_top(a);
-	return(1);
-	}
-
-int BN_clear_bit(BIGNUM *a, int n)
-	{
-	int i,j;
-
-	bn_check_top(a);
-	if (n < 0) return 0;
-
-	i=n/BN_BITS2;
-	j=n%BN_BITS2;
-	if (a->top <= i) return(0);
-
-	a->d[i]&=(~(((BN_ULONG)1)<<j));
-	bn_correct_top(a);
-	return(1);
-	}
-
-int BN_is_bit_set(const BIGNUM *a, int n)
-	{
-	int i,j;
-
-	bn_check_top(a);
-	if (n < 0) return 0;
-	i=n/BN_BITS2;
-	j=n%BN_BITS2;
-	if (a->top <= i) return 0;
-	return (int)(((a->d[i])>>j)&((BN_ULONG)1));
-	}
-
-int BN_mask_bits(BIGNUM *a, int n)
-	{
-	int b,w;
-
-	bn_check_top(a);
-	if (n < 0) return 0;
-
-	w=n/BN_BITS2;
-	b=n%BN_BITS2;
-	if (w >= a->top) return 0;
-	if (b == 0)
-		a->top=w;
-	else
-		{
-		a->top=w+1;
-		a->d[w]&= ~(BN_MASK2<<b);
-		}
-	bn_correct_top(a);
-	return(1);
-	}
-
-void BN_set_negative(BIGNUM *a, int b)
-	{
-	if (b && !BN_is_zero(a))
-		a->neg = 1;
-	else
-		a->neg = 0;
-	}
-
-int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
-	{
-	int i;
-	BN_ULONG aa,bb;
-
-	aa=a[n-1];
-	bb=b[n-1];
-	if (aa != bb) return((aa > bb)?1:-1);
-	for (i=n-2; i>=0; i--)
-		{
-		aa=a[i];
-		bb=b[i];
-		if (aa != bb) return((aa > bb)?1:-1);
-		}
-	return(0);
-	}
-
-/* Here follows a specialised variants of bn_cmp_words().  It has the
-   property of performing the operation on arrays of different sizes.
-   The sizes of those arrays is expressed through cl, which is the
-   common length ( basicall, min(len(a),len(b)) ), and dl, which is the
-   delta between the two lengths, calculated as len(a)-len(b).
-   All lengths are the number of BN_ULONGs...  */
-
-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
-	int cl, int dl)
-	{
-	int n,i;
-	n = cl-1;
-
-	if (dl < 0)
-		{
-		for (i=dl; i<0; i++)
-			{
-			if (b[n-i] != 0)
-				return -1; /* a < b */
-			}
-		}
-	if (dl > 0)
-		{
-		for (i=dl; i>0; i--)
-			{
-			if (a[n+i] != 0)
-				return 1; /* a > b */
-			}
-		}
-	return bn_cmp_words(a,b,cl);
-	}
-
-/* 
- * Constant-time conditional swap of a and b.  
- * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
- * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
- * and that no more than nwords are used by either a or b.
- * a and b cannot be the same number
- */
-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
-	{
-	BN_ULONG t;
-	int i;
-
-	bn_wcheck_size(a, nwords);
-	bn_wcheck_size(b, nwords);
-
-	assert(a != b);
-	assert((condition & (condition - 1)) == 0);
-	assert(sizeof(BN_ULONG) >= sizeof(int));
-
-	condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
-
-	t = (a->top^b->top) & condition;
-	a->top ^= t;
-	b->top ^= t;
-
-#define BN_CONSTTIME_SWAP(ind) \
-	do { \
-		t = (a->d[ind] ^ b->d[ind]) & condition; \
-		a->d[ind] ^= t; \
-		b->d[ind] ^= t; \
-	} while (0)
-
-
-	switch (nwords) {
-	default:
-		for (i = 10; i < nwords; i++) 
-			BN_CONSTTIME_SWAP(i);
-		/* Fallthrough */
-	case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
-	case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
-	case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
-	case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
-	case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
-	case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
-	case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
-	case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
-	case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
-	case 1: BN_CONSTTIME_SWAP(0);
-	}
-#undef BN_CONSTTIME_SWAP
-}
diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c
deleted file mode 100644
index 77d6ddb91a..0000000000
--- a/crypto/bn/bn_mod.c
+++ /dev/null
@@ -1,301 +0,0 @@
-/* crypto/bn/bn_mod.c */
-/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-
-#if 0 /* now just a #define */
-int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-	{
-	return(BN_div(NULL,rem,m,d,ctx));
-	/* note that  rem->neg == m->neg  (unless the remainder is zero) */
-	}
-#endif
-
-
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-	{
-	/* like BN_mod, but returns non-negative remainder
-	 * (i.e.,  0 <= r < |d|  always holds) */
-
-	if (!(BN_mod(r,m,d,ctx)))
-		return 0;
-	if (!r->neg)
-		return 1;
-	/* now   -|d| < r < 0,  so we have to set  r := r + |d| */
-	return (d->neg ? BN_sub : BN_add)(r, r, d);
-}
-
-
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-	{
-	if (!BN_add(r, a, b)) return 0;
-	return BN_nnmod(r, r, m, ctx);
-	}
-
-
-/* BN_mod_add variant that may be used if both  a  and  b  are non-negative
- * and less than  m */
-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
-	{
-	if (!BN_uadd(r, a, b)) return 0;
-	if (BN_ucmp(r, m) >= 0)
-		return BN_usub(r, r, m);
-	return 1;
-	}
-
-
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-	{
-	if (!BN_sub(r, a, b)) return 0;
-	return BN_nnmod(r, r, m, ctx);
-	}
-
-
-/* BN_mod_sub variant that may be used if both  a  and  b  are non-negative
- * and less than  m */
-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
-	{
-	if (!BN_sub(r, a, b)) return 0;
-	if (r->neg)
-		return BN_add(r, r, m);
-	return 1;
-	}
-
-
-/* slow but works */
-int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-	BN_CTX *ctx)
-	{
-	BIGNUM *t;
-	int ret=0;
-
-	bn_check_top(a);
-	bn_check_top(b);
-	bn_check_top(m);
-
-	BN_CTX_start(ctx);
-	if ((t = BN_CTX_get(ctx)) == NULL) goto err;
-	if (a == b)
-		{ if (!BN_sqr(t,a,ctx)) goto err; }
-	else
-		{ if (!BN_mul(t,a,b,ctx)) goto err; }
-	if (!BN_nnmod(r,t,m,ctx)) goto err;
-	bn_check_top(r);
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	return(ret);
-	}
-
-
-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
-	{
-	if (!BN_sqr(r, a, ctx)) return 0;
-	/* r->neg == 0,  thus we don't need BN_nnmod */
-	return BN_mod(r, r, m, ctx);
-	}
-
-
-int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
-	{
-	if (!BN_lshift1(r, a)) return 0;
-	bn_check_top(r);
-	return BN_nnmod(r, r, m, ctx);
-	}
-
-
-/* BN_mod_lshift1 variant that may be used if  a  is non-negative
- * and less than  m */
-int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
-	{
-	if (!BN_lshift1(r, a)) return 0;
-	bn_check_top(r);
-	if (BN_cmp(r, m) >= 0)
-		return BN_sub(r, r, m);
-	return 1;
-	}
-
-
-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
-	{
-	BIGNUM *abs_m = NULL;
-	int ret;
-
-	if (!BN_nnmod(r, a, m, ctx)) return 0;
-
-	if (m->neg)
-		{
-		abs_m = BN_dup(m);
-		if (abs_m == NULL) return 0;
-		abs_m->neg = 0;
-		}
-	
-	ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
-	bn_check_top(r);
-
-	if (abs_m)
-		BN_free(abs_m);
-	return ret;
-	}
-
-
-/* BN_mod_lshift variant that may be used if  a  is non-negative
- * and less than  m */
-int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
-	{
-	if (r != a)
-		{
-		if (BN_copy(r, a) == NULL) return 0;
-		}
-
-	while (n > 0)
-		{
-		int max_shift;
-		
-		/* 0 < r < m */
-		max_shift = BN_num_bits(m) - BN_num_bits(r);
-		/* max_shift >= 0 */
-
-		if (max_shift < 0)
-			{
-			BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
-			return 0;
-			}
-
-		if (max_shift > n)
-			max_shift = n;
-
-		if (max_shift)
-			{
-			if (!BN_lshift(r, r, max_shift)) return 0;
-			n -= max_shift;
-			}
-		else
-			{
-			if (!BN_lshift1(r, r)) return 0;
-			--n;
-			}
-
-		/* BN_num_bits(r) <= BN_num_bits(m) */
-
-		if (BN_cmp(r, m) >= 0) 
-			{
-			if (!BN_sub(r, r, m)) return 0;
-			}
-		}
-	bn_check_top(r);
-	
-	return 1;
-	}
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
deleted file mode 100644
index ee8532c7dc..0000000000
--- a/crypto/bn/bn_mont.c
+++ /dev/null
@@ -1,515 +0,0 @@
-/* crypto/bn/bn_mont.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * Details about Montgomery multiplication algorithms can be found at
- * http://security.ece.orst.edu/publications.html, e.g.
- * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
- * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define MONT_WORD /* use the faster word-based algorithm */
-
-#ifdef MONT_WORD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
-#endif
-
-int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-			  BN_MONT_CTX *mont, BN_CTX *ctx)
-	{
-	BIGNUM *tmp;
-	int ret=0;
-#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
-	int num = mont->N.top;
-
-	if (num>1 && a->top==num && b->top==num)
-		{
-		if (bn_wexpand(r,num) == NULL) return(0);
-		if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num))
-			{
-			r->neg = a->neg^b->neg;
-			r->top = num;
-			bn_correct_top(r);
-			return(1);
-			}
-		}
-#endif
-
-	BN_CTX_start(ctx);
-	tmp = BN_CTX_get(ctx);
-	if (tmp == NULL) goto err;
-
-	bn_check_top(tmp);
-	if (a == b)
-		{
-		if (!BN_sqr(tmp,a,ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_mul(tmp,a,b,ctx)) goto err;
-		}
-	/* reduce from aRR to aR */
-#ifdef MONT_WORD
-	if (!BN_from_montgomery_word(r,tmp,mont)) goto err;
-#else
-	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
-#endif
-	bn_check_top(r);
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	return(ret);
-	}
-
-#ifdef MONT_WORD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
-	{
-	BIGNUM *n;
-	BN_ULONG *ap,*np,*rp,n0,v,carry;
-	int nl,max,i;
-
-	n= &(mont->N);
-	nl=n->top;
-	if (nl == 0) { ret->top=0; return(1); }
-
-	max=(2*nl); /* carry is stored separately */
-	if (bn_wexpand(r,max) == NULL) return(0);
-
-	r->neg^=n->neg;
-	np=n->d;
-	rp=r->d;
-
-	/* clear the top words of T */
-#if 1
-	for (i=r->top; i<max; i++) /* memset? XXX */
-		rp[i]=0;
-#else
-	memset(&(rp[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
-#endif
-
-	r->top=max;
-	n0=mont->n0[0];
-
-#ifdef BN_COUNT
-	fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl);
-#endif
-	for (carry=0, i=0; i<nl; i++, rp++)
-		{
-#ifdef __TANDEM
-                {
-                   long long t1;
-                   long long t2;
-                   long long t3;
-                   t1 = rp[0] * (n0 & 0177777);
-                   t2 = 037777600000l;
-                   t2 = n0 & t2;
-                   t3 = rp[0] & 0177777;
-                   t2 = (t3 * t2) & BN_MASK2;
-                   t1 = t1 + t2;
-                   v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
-                }
-#else
-		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-#endif
-		v = (v+carry+rp[nl])&BN_MASK2;
-		carry |= (v != rp[nl]);
-		carry &= (v <= rp[nl]);
-		rp[nl]=v;
-		}
-
-	if (bn_wexpand(ret,nl) == NULL) return(0);
-	ret->top=nl;
-	ret->neg=r->neg;
-
-	rp=ret->d;
-	ap=&(r->d[nl]);
-
-#define BRANCH_FREE 1
-#if BRANCH_FREE
-	{
-	BN_ULONG *nrp;
-	size_t m;
-
-	v=bn_sub_words(rp,ap,np,nl)-carry;
-	/* if subtraction result is real, then
-	 * trick unconditional memcpy below to perform in-place
-	 * "refresh" instead of actual copy. */
-	m=(0-(size_t)v);
-	nrp=(BN_ULONG *)(((PTR_SIZE_INT)rp&~m)|((PTR_SIZE_INT)ap&m));
-
-	for (i=0,nl-=4; i<nl; i+=4)
-		{
-		BN_ULONG t1,t2,t3,t4;
-		
-		t1=nrp[i+0];
-		t2=nrp[i+1];
-		t3=nrp[i+2];	ap[i+0]=0;
-		t4=nrp[i+3];	ap[i+1]=0;
-		rp[i+0]=t1;	ap[i+2]=0;
-		rp[i+1]=t2;	ap[i+3]=0;
-		rp[i+2]=t3;
-		rp[i+3]=t4;
-		}
-	for (nl+=4; i<nl; i++)
-		rp[i]=nrp[i], ap[i]=0;
-	}
-#else
-	if (bn_sub_words (rp,ap,np,nl)-carry)
-		memcpy(rp,ap,nl*sizeof(BN_ULONG));
-#endif
-	bn_correct_top(r);
-	bn_correct_top(ret);
-	bn_check_top(ret);
-
-	return(1);
-	}
-#endif	/* MONT_WORD */
-
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
-	     BN_CTX *ctx)
-	{
-	int retn=0;
-#ifdef MONT_WORD
-	BIGNUM *t;
-
-	BN_CTX_start(ctx);
-	if ((t = BN_CTX_get(ctx)) && BN_copy(t,a))
-		retn = BN_from_montgomery_word(ret,t,mont);
-	BN_CTX_end(ctx);
-#else /* !MONT_WORD */
-	BIGNUM *t1,*t2;
-
-	BN_CTX_start(ctx);
-	t1 = BN_CTX_get(ctx);
-	t2 = BN_CTX_get(ctx);
-	if (t1 == NULL || t2 == NULL) goto err;
-	
-	if (!BN_copy(t1,a)) goto err;
-	BN_mask_bits(t1,mont->ri);
-
-	if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err;
-	BN_mask_bits(t2,mont->ri);
-
-	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
-	if (!BN_add(t2,a,t1)) goto err;
-	if (!BN_rshift(ret,t2,mont->ri)) goto err;
-
-	if (BN_ucmp(ret, &(mont->N)) >= 0)
-		{
-		if (!BN_usub(ret,ret,&(mont->N))) goto err;
-		}
-	retn=1;
-	bn_check_top(ret);
- err:
-	BN_CTX_end(ctx);
-#endif /* MONT_WORD */
-	return(retn);
-	}
-
-BN_MONT_CTX *BN_MONT_CTX_new(void)
-	{
-	BN_MONT_CTX *ret;
-
-	if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)
-		return(NULL);
-
-	BN_MONT_CTX_init(ret);
-	ret->flags=BN_FLG_MALLOCED;
-	return(ret);
-	}
-
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
-	{
-	ctx->ri=0;
-	BN_init(&(ctx->RR));
-	BN_init(&(ctx->N));
-	BN_init(&(ctx->Ni));
-	ctx->n0[0] = ctx->n0[1] = 0;
-	ctx->flags=0;
-	}
-
-void BN_MONT_CTX_free(BN_MONT_CTX *mont)
-	{
-	if(mont == NULL)
-	    return;
-
-	BN_free(&(mont->RR));
-	BN_free(&(mont->N));
-	BN_free(&(mont->Ni));
-	if (mont->flags & BN_FLG_MALLOCED)
-		OPENSSL_free(mont);
-	}
-
-int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BIGNUM *Ri,*R;
-
-	BN_CTX_start(ctx);
-	if((Ri = BN_CTX_get(ctx)) == NULL) goto err;
-	R= &(mont->RR);					/* grab RR as a temp */
-	if (!BN_copy(&(mont->N),mod)) goto err;		/* Set N */
-	mont->N.neg = 0;
-
-#ifdef MONT_WORD
-		{
-		BIGNUM tmod;
-		BN_ULONG buf[2];
-
-		BN_init(&tmod);
-		tmod.d=buf;
-		tmod.dmax=2;
-		tmod.neg=0;
-
-		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-
-#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
-		/* Only certain BN_BITS2<=32 platforms actually make use of
-		 * n0[1], and we could use the #else case (with a shorter R
-		 * value) for the others.  However, currently only the assembler
-		 * files do know which is which. */
-
-		BN_zero(R);
-		if (!(BN_set_bit(R,2*BN_BITS2))) goto err;
-
-								tmod.top=0;
-		if ((buf[0] = mod->d[0]))			tmod.top=1;
-		if ((buf[1] = mod->top>1 ? mod->d[1] : 0))	tmod.top=2;
-
-		if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
-			goto err;
-		if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */
-		if (!BN_is_zero(Ri))
-			{
-			if (!BN_sub_word(Ri,1)) goto err;
-			}
-		else /* if N mod word size == 1 */
-			{
-			if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL)
-				goto err;
-			/* Ri-- (mod double word size) */
-			Ri->neg=0;
-			Ri->d[0]=BN_MASK2;
-			Ri->d[1]=BN_MASK2;
-			Ri->top=2;
-			}
-		if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
-		/* Ni = (R*Ri-1)/N,
-		 * keep only couple of least significant words: */
-		mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
-		mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
-#else
-		BN_zero(R);
-		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */
-
-		buf[0]=mod->d[0]; /* tmod = N mod word size */
-		buf[1]=0;
-		tmod.top = buf[0] != 0 ? 1 : 0;
-							/* Ri = R^-1 mod N*/
-		if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
-			goto err;
-		if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */
-		if (!BN_is_zero(Ri))
-			{
-			if (!BN_sub_word(Ri,1)) goto err;
-			}
-		else /* if N mod word size == 1 */
-			{
-			if (!BN_set_word(Ri,BN_MASK2)) goto err;  /* Ri-- (mod word size) */
-			}
-		if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
-		/* Ni = (R*Ri-1)/N,
-		 * keep only least significant word: */
-		mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
-		mont->n0[1] = 0;
-#endif
-		}
-#else /* !MONT_WORD */
-		{ /* bignum version */
-		mont->ri=BN_num_bits(&mont->N);
-		BN_zero(R);
-		if (!BN_set_bit(R,mont->ri)) goto err;  /* R = 2^ri */
-		                                        /* Ri = R^-1 mod N*/
-		if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL)
-			goto err;
-		if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */
-		if (!BN_sub_word(Ri,1)) goto err;
-							/* Ni = (R*Ri-1) / N */
-		if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err;
-		}
-#endif
-
-	/* setup RR for conversions */
-	BN_zero(&(mont->RR));
-	if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;
-	if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;
-
-	ret = 1;
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
-	{
-	if (to == from) return(to);
-
-	if (!BN_copy(&(to->RR),&(from->RR))) return NULL;
-	if (!BN_copy(&(to->N),&(from->N))) return NULL;
-	if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
-	to->ri=from->ri;
-	to->n0[0]=from->n0[0];
-	to->n0[1]=from->n0[1];
-	return(to);
-	}
-
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
-					const BIGNUM *mod, BN_CTX *ctx)
-	{
-	BN_MONT_CTX *ret;
-
-	CRYPTO_r_lock(lock);
-	ret = *pmont;
-	CRYPTO_r_unlock(lock);
-	if (ret)
-		return ret;
-
-	/* We don't want to serialise globally while doing our lazy-init math in
-	 * BN_MONT_CTX_set. That punishes threads that are doing independent
-	 * things. Instead, punish the case where more than one thread tries to
-	 * lazy-init the same 'pmont', by having each do the lazy-init math work
-	 * independently and only use the one from the thread that wins the race
-	 * (the losers throw away the work they've done). */
-	ret = BN_MONT_CTX_new();
-	if (!ret)
-		return NULL;
-	if (!BN_MONT_CTX_set(ret, mod, ctx))
-		{
-		BN_MONT_CTX_free(ret);
-		return NULL;
-		}
-
-	/* The locked compare-and-set, after the local work is done. */
-	CRYPTO_w_lock(lock);
-	if (*pmont)
-		{
-		BN_MONT_CTX_free(ret);
-		ret = *pmont;
-		}
-	else
-		*pmont = ret;
-	CRYPTO_w_unlock(lock);
-	return ret;
-	}
diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c
deleted file mode 100644
index a054d21aed..0000000000
--- a/crypto/bn/bn_mpi.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/* crypto/bn/bn_mpi.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
-	{
-	int bits;
-	int num=0;
-	int ext=0;
-	long l;
-
-	bits=BN_num_bits(a);
-	num=(bits+7)/8;
-	if (bits > 0)
-		{
-		ext=((bits & 0x07) == 0);
-		}
-	if (d == NULL)
-		return(num+4+ext);
-
-	l=num+ext;
-	d[0]=(unsigned char)(l>>24)&0xff;
-	d[1]=(unsigned char)(l>>16)&0xff;
-	d[2]=(unsigned char)(l>> 8)&0xff;
-	d[3]=(unsigned char)(l    )&0xff;
-	if (ext) d[4]=0;
-	num=BN_bn2bin(a,&(d[4+ext]));
-	if (a->neg)
-		d[4]|=0x80;
-	return(num+4+ext);
-	}
-
-BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
-	{
-	long len;
-	int neg=0;
-
-	if (n < 4)
-		{
-		BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH);
-		return(NULL);
-		}
-	len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3];
-	if ((len+4) != n)
-		{
-		BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR);
-		return(NULL);
-		}
-
-	if (a == NULL) a=BN_new();
-	if (a == NULL) return(NULL);
-
-	if (len == 0)
-		{
-		a->neg=0;
-		a->top=0;
-		return(a);
-		}
-	d+=4;
-	if ((*d) & 0x80)
-		neg=1;
-	if (BN_bin2bn(d,(int)len,a) == NULL)
-		return(NULL);
-	a->neg=neg;
-	if (neg)
-		{
-		BN_clear_bit(a,BN_num_bits(a)-1);
-		}
-	bn_check_top(a);
-	return(a);
-	}
-
diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c
deleted file mode 100644
index 12e5be80eb..0000000000
--- a/crypto/bn/bn_mul.c
+++ /dev/null
@@ -1,1166 +0,0 @@
-/* crypto/bn/bn_mul.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
-/* Here follows specialised variants of bn_add_words() and
-   bn_sub_words().  They have the property performing operations on
-   arrays of different sizes.  The sizes of those arrays is expressed through
-   cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl,
-   which is the delta between the two lengths, calculated as len(a)-len(b).
-   All lengths are the number of BN_ULONGs...  For the operations that require
-   a result array as parameter, it must have the length cl+abs(dl).
-   These functions should probably end up in bn_asm.c as soon as there are
-   assembler counterparts for the systems that use assembler files.  */
-
-BN_ULONG bn_sub_part_words(BN_ULONG *r,
-	const BN_ULONG *a, const BN_ULONG *b,
-	int cl, int dl)
-	{
-	BN_ULONG c, t;
-
-	assert(cl >= 0);
-	c = bn_sub_words(r, a, b, cl);
-
-	if (dl == 0)
-		return c;
-
-	r += cl;
-	a += cl;
-	b += cl;
-
-	if (dl < 0)
-		{
-#ifdef BN_COUNT
-		fprintf(stderr, "  bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
-#endif
-		for (;;)
-			{
-			t = b[0];
-			r[0] = (0-t-c)&BN_MASK2;
-			if (t != 0) c=1;
-			if (++dl >= 0) break;
-
-			t = b[1];
-			r[1] = (0-t-c)&BN_MASK2;
-			if (t != 0) c=1;
-			if (++dl >= 0) break;
-
-			t = b[2];
-			r[2] = (0-t-c)&BN_MASK2;
-			if (t != 0) c=1;
-			if (++dl >= 0) break;
-
-			t = b[3];
-			r[3] = (0-t-c)&BN_MASK2;
-			if (t != 0) c=1;
-			if (++dl >= 0) break;
-
-			b += 4;
-			r += 4;
-			}
-		}
-	else
-		{
-		int save_dl = dl;
-#ifdef BN_COUNT
-		fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c);
-#endif
-		while(c)
-			{
-			t = a[0];
-			r[0] = (t-c)&BN_MASK2;
-			if (t != 0) c=0;
-			if (--dl <= 0) break;
-
-			t = a[1];
-			r[1] = (t-c)&BN_MASK2;
-			if (t != 0) c=0;
-			if (--dl <= 0) break;
-
-			t = a[2];
-			r[2] = (t-c)&BN_MASK2;
-			if (t != 0) c=0;
-			if (--dl <= 0) break;
-
-			t = a[3];
-			r[3] = (t-c)&BN_MASK2;
-			if (t != 0) c=0;
-			if (--dl <= 0) break;
-
-			save_dl = dl;
-			a += 4;
-			r += 4;
-			}
-		if (dl > 0)
-			{
-#ifdef BN_COUNT
-			fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
-#endif
-			if (save_dl > dl)
-				{
-				switch (save_dl - dl)
-					{
-				case 1:
-					r[1] = a[1];
-					if (--dl <= 0) break;
-				case 2:
-					r[2] = a[2];
-					if (--dl <= 0) break;
-				case 3:
-					r[3] = a[3];
-					if (--dl <= 0) break;
-					}
-				a += 4;
-				r += 4;
-				}
-			}
-		if (dl > 0)
-			{
-#ifdef BN_COUNT
-			fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl);
-#endif
-			for(;;)
-				{
-				r[0] = a[0];
-				if (--dl <= 0) break;
-				r[1] = a[1];
-				if (--dl <= 0) break;
-				r[2] = a[2];
-				if (--dl <= 0) break;
-				r[3] = a[3];
-				if (--dl <= 0) break;
-
-				a += 4;
-				r += 4;
-				}
-			}
-		}
-	return c;
-	}
-#endif
-
-BN_ULONG bn_add_part_words(BN_ULONG *r,
-	const BN_ULONG *a, const BN_ULONG *b,
-	int cl, int dl)
-	{
-	BN_ULONG c, l, t;
-
-	assert(cl >= 0);
-	c = bn_add_words(r, a, b, cl);
-
-	if (dl == 0)
-		return c;
-
-	r += cl;
-	a += cl;
-	b += cl;
-
-	if (dl < 0)
-		{
-		int save_dl = dl;
-#ifdef BN_COUNT
-		fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
-#endif
-		while (c)
-			{
-			l=(c+b[0])&BN_MASK2;
-			c=(l < c);
-			r[0]=l;
-			if (++dl >= 0) break;
-
-			l=(c+b[1])&BN_MASK2;
-			c=(l < c);
-			r[1]=l;
-			if (++dl >= 0) break;
-
-			l=(c+b[2])&BN_MASK2;
-			c=(l < c);
-			r[2]=l;
-			if (++dl >= 0) break;
-
-			l=(c+b[3])&BN_MASK2;
-			c=(l < c);
-			r[3]=l;
-			if (++dl >= 0) break;
-
-			save_dl = dl;
-			b+=4;
-			r+=4;
-			}
-		if (dl < 0)
-			{
-#ifdef BN_COUNT
-			fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl);
-#endif
-			if (save_dl < dl)
-				{
-				switch (dl - save_dl)
-					{
-				case 1:
-					r[1] = b[1];
-					if (++dl >= 0) break;
-				case 2:
-					r[2] = b[2];
-					if (++dl >= 0) break;
-				case 3:
-					r[3] = b[3];
-					if (++dl >= 0) break;
-					}
-				b += 4;
-				r += 4;
-				}
-			}
-		if (dl < 0)
-			{
-#ifdef BN_COUNT
-			fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl);
-#endif
-			for(;;)
-				{
-				r[0] = b[0];
-				if (++dl >= 0) break;
-				r[1] = b[1];
-				if (++dl >= 0) break;
-				r[2] = b[2];
-				if (++dl >= 0) break;
-				r[3] = b[3];
-				if (++dl >= 0) break;
-
-				b += 4;
-				r += 4;
-				}
-			}
-		}
-	else
-		{
-		int save_dl = dl;
-#ifdef BN_COUNT
-		fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
-#endif
-		while (c)
-			{
-			t=(a[0]+c)&BN_MASK2;
-			c=(t < c);
-			r[0]=t;
-			if (--dl <= 0) break;
-
-			t=(a[1]+c)&BN_MASK2;
-			c=(t < c);
-			r[1]=t;
-			if (--dl <= 0) break;
-
-			t=(a[2]+c)&BN_MASK2;
-			c=(t < c);
-			r[2]=t;
-			if (--dl <= 0) break;
-
-			t=(a[3]+c)&BN_MASK2;
-			c=(t < c);
-			r[3]=t;
-			if (--dl <= 0) break;
-
-			save_dl = dl;
-			a+=4;
-			r+=4;
-			}
-#ifdef BN_COUNT
-		fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
-#endif
-		if (dl > 0)
-			{
-			if (save_dl > dl)
-				{
-				switch (save_dl - dl)
-					{
-				case 1:
-					r[1] = a[1];
-					if (--dl <= 0) break;
-				case 2:
-					r[2] = a[2];
-					if (--dl <= 0) break;
-				case 3:
-					r[3] = a[3];
-					if (--dl <= 0) break;
-					}
-				a += 4;
-				r += 4;
-				}
-			}
-		if (dl > 0)
-			{
-#ifdef BN_COUNT
-			fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl);
-#endif
-			for(;;)
-				{
-				r[0] = a[0];
-				if (--dl <= 0) break;
-				r[1] = a[1];
-				if (--dl <= 0) break;
-				r[2] = a[2];
-				if (--dl <= 0) break;
-				r[3] = a[3];
-				if (--dl <= 0) break;
-
-				a += 4;
-				r += 4;
-				}
-			}
-		}
-	return c;
-	}
-
-#ifdef BN_RECURSION
-/* Karatsuba recursive multiplication algorithm
- * (cf. Knuth, The Art of Computer Programming, Vol. 2) */
-
-/* r is 2*n2 words in size,
- * a and b are both n2 words in size.
- * n2 must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n2 words in size
- * We calculate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-/* dnX may not be positive, but n2/2+dnX has to be */
-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-	int dna, int dnb, BN_ULONG *t)
-	{
-	int n=n2/2,c1,c2;
-	int tna=n+dna, tnb=n+dnb;
-	unsigned int neg,zero;
-	BN_ULONG ln,lo,*p;
-
-# ifdef BN_COUNT
-	fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
-# endif
-# ifdef BN_MUL_COMBA
-#  if 0
-	if (n2 == 4)
-		{
-		bn_mul_comba4(r,a,b);
-		return;
-		}
-#  endif
-	/* Only call bn_mul_comba 8 if n2 == 8 and the
-	 * two arrays are complete [steve]
-	 */
-	if (n2 == 8 && dna == 0 && dnb == 0)
-		{
-		bn_mul_comba8(r,a,b);
-		return; 
-		}
-# endif /* BN_MUL_COMBA */
-	/* Else do normal multiply */
-	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
-		{
-		bn_mul_normal(r,a,n2+dna,b,n2+dnb);
-		if ((dna + dnb) < 0)
-			memset(&r[2*n2 + dna + dnb], 0,
-				sizeof(BN_ULONG) * -(dna + dnb));
-		return;
-		}
-	/* r=(a[0]-a[1])*(b[1]-b[0]) */
-	c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
-	c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
-	zero=neg=0;
-	switch (c1*3+c2)
-		{
-	case -4:
-		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
-		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
-		break;
-	case -3:
-		zero=1;
-		break;
-	case -2:
-		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
-		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n); /* + */
-		neg=1;
-		break;
-	case -1:
-	case 0:
-	case 1:
-		zero=1;
-		break;
-	case 2:
-		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna); /* + */
-		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
-		neg=1;
-		break;
-	case 3:
-		zero=1;
-		break;
-	case 4:
-		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna);
-		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n);
-		break;
-		}
-
-# ifdef BN_MUL_COMBA
-	if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take
-					       extra args to do this well */
-		{
-		if (!zero)
-			bn_mul_comba4(&(t[n2]),t,&(t[n]));
-		else
-			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
-		
-		bn_mul_comba4(r,a,b);
-		bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
-		}
-	else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could
-						    take extra args to do this
-						    well */
-		{
-		if (!zero)
-			bn_mul_comba8(&(t[n2]),t,&(t[n]));
-		else
-			memset(&(t[n2]),0,16*sizeof(BN_ULONG));
-		
-		bn_mul_comba8(r,a,b);
-		bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
-		}
-	else
-# endif /* BN_MUL_COMBA */
-		{
-		p= &(t[n2*2]);
-		if (!zero)
-			bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
-		else
-			memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
-		bn_mul_recursive(r,a,b,n,0,0,p);
-		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p);
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 */
-
-	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-
-	if (neg) /* if t[32] is negative */
-		{
-		c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
-		}
-	else
-		{
-		/* Might have a carry */
-		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 * c1 holds the carry bits
-	 */
-	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
-	if (c1)
-		{
-		p= &(r[n+n2]);
-		lo= *p;
-		ln=(lo+c1)&BN_MASK2;
-		*p=ln;
-
-		/* The overflow will stop before we over write
-		 * words we should not overwrite */
-		if (ln < (BN_ULONG)c1)
-			{
-			do	{
-				p++;
-				lo= *p;
-				ln=(lo+1)&BN_MASK2;
-				*p=ln;
-				} while (ln == 0);
-			}
-		}
-	}
-
-/* n+tn is the word length
- * t needs to be n*4 is size, as does r */
-/* tnX may not be negative but less than n */
-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
-	     int tna, int tnb, BN_ULONG *t)
-	{
-	int i,j,n2=n*2;
-	int c1,c2,neg;
-	BN_ULONG ln,lo,*p;
-
-# ifdef BN_COUNT
-	fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
-		n, tna, n, tnb);
-# endif
-	if (n < 8)
-		{
-		bn_mul_normal(r,a,n+tna,b,n+tnb);
-		return;
-		}
-
-	/* r=(a[0]-a[1])*(b[1]-b[0]) */
-	c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
-	c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
-	neg=0;
-	switch (c1*3+c2)
-		{
-	case -4:
-		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
-		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
-		break;
-	case -3:
-		/* break; */
-	case -2:
-		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
-		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n); /* + */
-		neg=1;
-		break;
-	case -1:
-	case 0:
-	case 1:
-		/* break; */
-	case 2:
-		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna); /* + */
-		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
-		neg=1;
-		break;
-	case 3:
-		/* break; */
-	case 4:
-		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna);
-		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n);
-		break;
-		}
-		/* The zero case isn't yet implemented here. The speedup
-		   would probably be negligible. */
-# if 0
-	if (n == 4)
-		{
-		bn_mul_comba4(&(t[n2]),t,&(t[n]));
-		bn_mul_comba4(r,a,b);
-		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
-		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
-		}
-	else
-# endif
-	if (n == 8)
-		{
-		bn_mul_comba8(&(t[n2]),t,&(t[n]));
-		bn_mul_comba8(r,a,b);
-		bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
-		memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb));
-		}
-	else
-		{
-		p= &(t[n2*2]);
-		bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
-		bn_mul_recursive(r,a,b,n,0,0,p);
-		i=n/2;
-		/* If there is only a bottom half to the number,
-		 * just do it */
-		if (tna > tnb)
-			j = tna - i;
-		else
-			j = tnb - i;
-		if (j == 0)
-			{
-			bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),
-				i,tna-i,tnb-i,p);
-			memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
-			}
-		else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
-				{
-				bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
-					i,tna-i,tnb-i,p);
-				memset(&(r[n2+tna+tnb]),0,
-					sizeof(BN_ULONG)*(n2-tna-tnb));
-				}
-		else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
-			{
-			memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
-			if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
-				&& tnb < BN_MUL_RECURSIVE_SIZE_NORMAL)
-				{
-				bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
-				}
-			else
-				{
-				for (;;)
-					{
-					i/=2;
-					/* these simplified conditions work
-					 * exclusively because difference
-					 * between tna and tnb is 1 or 0 */
-					if (i < tna || i < tnb)
-						{
-						bn_mul_part_recursive(&(r[n2]),
-							&(a[n]),&(b[n]),
-							i,tna-i,tnb-i,p);
-						break;
-						}
-					else if (i == tna || i == tnb)
-						{
-						bn_mul_recursive(&(r[n2]),
-							&(a[n]),&(b[n]),
-							i,tna-i,tnb-i,p);
-						break;
-						}
-					}
-				}
-			}
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 */
-
-	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-
-	if (neg) /* if t[32] is negative */
-		{
-		c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
-		}
-	else
-		{
-		/* Might have a carry */
-		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 * c1 holds the carry bits
-	 */
-	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
-	if (c1)
-		{
-		p= &(r[n+n2]);
-		lo= *p;
-		ln=(lo+c1)&BN_MASK2;
-		*p=ln;
-
-		/* The overflow will stop before we over write
-		 * words we should not overwrite */
-		if (ln < (BN_ULONG)c1)
-			{
-			do	{
-				p++;
-				lo= *p;
-				ln=(lo+1)&BN_MASK2;
-				*p=ln;
-				} while (ln == 0);
-			}
-		}
-	}
-
-/* a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- */
-void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-	     BN_ULONG *t)
-	{
-	int n=n2/2;
-
-# ifdef BN_COUNT
-	fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2);
-# endif
-
-	bn_mul_recursive(r,a,b,n,0,0,&(t[0]));
-	if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
-		{
-		bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-		bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-		}
-	else
-		{
-		bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
-		bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-		bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
-		}
-	}
-
-/* a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- * l is the low words of the output.
- * t needs to be n2*3
- */
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
-	     BN_ULONG *t)
-	{
-	int i,n;
-	int c1,c2;
-	int neg,oneg,zero;
-	BN_ULONG ll,lc,*lp,*mp;
-
-# ifdef BN_COUNT
-	fprintf(stderr," bn_mul_high %d * %d\n",n2,n2);
-# endif
-	n=n2/2;
-
-	/* Calculate (al-ah)*(bh-bl) */
-	neg=zero=0;
-	c1=bn_cmp_words(&(a[0]),&(a[n]),n);
-	c2=bn_cmp_words(&(b[n]),&(b[0]),n);
-	switch (c1*3+c2)
-		{
-	case -4:
-		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
-		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
-		break;
-	case -3:
-		zero=1;
-		break;
-	case -2:
-		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
-		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
-		neg=1;
-		break;
-	case -1:
-	case 0:
-	case 1:
-		zero=1;
-		break;
-	case 2:
-		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
-		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
-		neg=1;
-		break;
-	case 3:
-		zero=1;
-		break;
-	case 4:
-		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
-		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
-		break;
-		}
-		
-	oneg=neg;
-	/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
-	/* r[10] = (a[1]*b[1]) */
-# ifdef BN_MUL_COMBA
-	if (n == 8)
-		{
-		bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
-		bn_mul_comba8(r,&(a[n]),&(b[n]));
-		}
-	else
-# endif
-		{
-		bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2]));
-		bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2]));
-		}
-
-	/* s0 == low(al*bl)
-	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
-	 * We know s0 and s1 so the only unknown is high(al*bl)
-	 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
-	 * high(al*bl) == s1 - (r[0]+l[0]+t[0])
-	 */
-	if (l != NULL)
-		{
-		lp= &(t[n2+n]);
-		c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
-		}
-	else
-		{
-		c1=0;
-		lp= &(r[0]);
-		}
-
-	if (neg)
-		neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
-	else
-		{
-		bn_add_words(&(t[n2]),lp,&(t[0]),n);
-		neg=0;
-		}
-
-	if (l != NULL)
-		{
-		bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
-		}
-	else
-		{
-		lp= &(t[n2+n]);
-		mp= &(t[n2]);
-		for (i=0; i<n; i++)
-			lp[i]=((~mp[i])+1)&BN_MASK2;
-		}
-
-	/* s[0] = low(al*bl)
-	 * t[3] = high(al*bl)
-	 * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
-	 * r[10] = (a[1]*b[1])
-	 */
-	/* R[10] = al*bl
-	 * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
-	 * R[32] = ah*bh
-	 */
-	/* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
-	 * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
-	 * R[3]=r[1]+(carry/borrow)
-	 */
-	if (l != NULL)
-		{
-		lp= &(t[n2]);
-		c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
-		}
-	else
-		{
-		lp= &(t[n2+n]);
-		c1=0;
-		}
-	c1+=(int)(bn_add_words(&(t[n2]),lp,  &(r[0]),n));
-	if (oneg)
-		c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));
-	else
-		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));
-
-	c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));
-	c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));
-	if (oneg)
-		c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));
-	else
-		c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));
-	
-	if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
-		{
-		i=0;
-		if (c1 > 0)
-			{
-			lc=c1;
-			do	{
-				ll=(r[i]+lc)&BN_MASK2;
-				r[i++]=ll;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		else
-			{
-			lc= -c1;
-			do	{
-				ll=r[i];
-				r[i++]=(ll-lc)&BN_MASK2;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		}
-	if (c2 != 0) /* Add starting at r[1] */
-		{
-		i=n;
-		if (c2 > 0)
-			{
-			lc=c2;
-			do	{
-				ll=(r[i]+lc)&BN_MASK2;
-				r[i++]=ll;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		else
-			{
-			lc= -c2;
-			do	{
-				ll=r[i];
-				r[i++]=(ll-lc)&BN_MASK2;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		}
-	}
-#endif /* BN_RECURSION */
-
-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	int ret=0;
-	int top,al,bl;
-	BIGNUM *rr;
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-	int i;
-#endif
-#ifdef BN_RECURSION
-	BIGNUM *t=NULL;
-	int j=0,k;
-#endif
-
-#ifdef BN_COUNT
-	fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top);
-#endif
-
-	bn_check_top(a);
-	bn_check_top(b);
-	bn_check_top(r);
-
-	al=a->top;
-	bl=b->top;
-
-	if ((al == 0) || (bl == 0))
-		{
-		BN_zero(r);
-		return(1);
-		}
-	top=al+bl;
-
-	BN_CTX_start(ctx);
-	if ((r == a) || (r == b))
-		{
-		if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
-		}
-	else
-		rr = r;
-	rr->neg=a->neg^b->neg;
-
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-	i = al-bl;
-#endif
-#ifdef BN_MUL_COMBA
-	if (i == 0)
-		{
-# if 0
-		if (al == 4)
-			{
-			if (bn_wexpand(rr,8) == NULL) goto err;
-			rr->top=8;
-			bn_mul_comba4(rr->d,a->d,b->d);
-			goto end;
-			}
-# endif
-		if (al == 8)
-			{
-			if (bn_wexpand(rr,16) == NULL) goto err;
-			rr->top=16;
-			bn_mul_comba8(rr->d,a->d,b->d);
-			goto end;
-			}
-		}
-#endif /* BN_MUL_COMBA */
-#ifdef BN_RECURSION
-	if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
-		{
-		if (i >= -1 && i <= 1)
-			{
-			/* Find out the power of two lower or equal
-			   to the longest of the two numbers */
-			if (i >= 0)
-				{
-				j = BN_num_bits_word((BN_ULONG)al);
-				}
-			if (i == -1)
-				{
-				j = BN_num_bits_word((BN_ULONG)bl);
-				}
-			j = 1<<(j-1);
-			assert(j <= al || j <= bl);
-			k = j+j;
-			t = BN_CTX_get(ctx);
-			if (t == NULL)
-				goto err;
-			if (al > j || bl > j)
-				{
-				if (bn_wexpand(t,k*4) == NULL) goto err;
-				if (bn_wexpand(rr,k*4) == NULL) goto err;
-				bn_mul_part_recursive(rr->d,a->d,b->d,
-					j,al-j,bl-j,t->d);
-				}
-			else	/* al <= j || bl <= j */
-				{
-				if (bn_wexpand(t,k*2) == NULL) goto err;
-				if (bn_wexpand(rr,k*2) == NULL) goto err;
-				bn_mul_recursive(rr->d,a->d,b->d,
-					j,al-j,bl-j,t->d);
-				}
-			rr->top=top;
-			goto end;
-			}
-#if 0
-		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
-			{
-			BIGNUM *tmp_bn = (BIGNUM *)b;
-			if (bn_wexpand(tmp_bn,al) == NULL) goto err;
-			tmp_bn->d[bl]=0;
-			bl++;
-			i--;
-			}
-		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
-			{
-			BIGNUM *tmp_bn = (BIGNUM *)a;
-			if (bn_wexpand(tmp_bn,bl) == NULL) goto err;
-			tmp_bn->d[al]=0;
-			al++;
-			i++;
-			}
-		if (i == 0)
-			{
-			/* symmetric and > 4 */
-			/* 16 or larger */
-			j=BN_num_bits_word((BN_ULONG)al);
-			j=1<<(j-1);
-			k=j+j;
-			t = BN_CTX_get(ctx);
-			if (al == j) /* exact multiple */
-				{
-				if (bn_wexpand(t,k*2) == NULL) goto err;
-				if (bn_wexpand(rr,k*2) == NULL) goto err;
-				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
-				}
-			else
-				{
-				if (bn_wexpand(t,k*4) == NULL) goto err;
-				if (bn_wexpand(rr,k*4) == NULL) goto err;
-				bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
-				}
-			rr->top=top;
-			goto end;
-			}
-#endif
-		}
-#endif /* BN_RECURSION */
-	if (bn_wexpand(rr,top) == NULL) goto err;
-	rr->top=top;
-	bn_mul_normal(rr->d,a->d,al,b->d,bl);
-
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-end:
-#endif
-	bn_correct_top(rr);
-	if (r != rr) BN_copy(r,rr);
-	ret=1;
-err:
-	bn_check_top(r);
-	BN_CTX_end(ctx);
-	return(ret);
-	}
-
-void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
-	{
-	BN_ULONG *rr;
-
-#ifdef BN_COUNT
-	fprintf(stderr," bn_mul_normal %d * %d\n",na,nb);
-#endif
-
-	if (na < nb)
-		{
-		int itmp;
-		BN_ULONG *ltmp;
-
-		itmp=na; na=nb; nb=itmp;
-		ltmp=a;   a=b;   b=ltmp;
-
-		}
-	rr= &(r[na]);
-	if (nb <= 0)
-		{
-		(void)bn_mul_words(r,a,na,0);
-		return;
-		}
-	else
-		rr[0]=bn_mul_words(r,a,na,b[0]);
-
-	for (;;)
-		{
-		if (--nb <= 0) return;
-		rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
-		if (--nb <= 0) return;
-		rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
-		if (--nb <= 0) return;
-		rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
-		if (--nb <= 0) return;
-		rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
-		rr+=4;
-		r+=4;
-		b+=4;
-		}
-	}
-
-void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-	{
-#ifdef BN_COUNT
-	fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n);
-#endif
-	bn_mul_words(r,a,n,b[0]);
-
-	for (;;)
-		{
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[1]),a,n,b[1]);
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[2]),a,n,b[2]);
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[3]),a,n,b[3]);
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[4]),a,n,b[4]);
-		r+=4;
-		b+=4;
-		}
-	}
diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c
deleted file mode 100644
index abb1570853..0000000000
--- a/crypto/bn/bn_nist.c
+++ /dev/null
@@ -1,1109 +0,0 @@
-/* crypto/bn/bn_nist.c */
-/*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "bn_lcl.h"
-#include "cryptlib.h"
-
-
-#define BN_NIST_192_TOP	(192+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_224_TOP	(224+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_256_TOP	(256+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_384_TOP	(384+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_521_TOP	(521+BN_BITS2-1)/BN_BITS2
-
-/* pre-computed tables are "carry-less" values of modulus*(i+1) */
-#if BN_BITS2 == 64
-static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
-	{0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL},
-	{0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL},
-	{0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFCULL,0xFFFFFFFFFFFFFFFFULL}
-	};
-static const BN_ULONG _nist_p_192_sqr[] = {
-	0x0000000000000001ULL,0x0000000000000002ULL,0x0000000000000001ULL,
-	0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL
-	};
-static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
-	{0x0000000000000001ULL,0xFFFFFFFF00000000ULL,
-	 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL},
-	{0x0000000000000002ULL,0xFFFFFFFE00000000ULL,
-	 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFFULL} /* this one is "carry-full" */
-	};
-static const BN_ULONG _nist_p_224_sqr[] = {
-	0x0000000000000001ULL,0xFFFFFFFE00000000ULL,
-	0xFFFFFFFFFFFFFFFFULL,0x0000000200000000ULL,
-	0x0000000000000000ULL,0xFFFFFFFFFFFFFFFEULL,
-	0xFFFFFFFFFFFFFFFFULL
-	};
-static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
-	{0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL,
-	 0x0000000000000000ULL,0xFFFFFFFF00000001ULL},
-	{0xFFFFFFFFFFFFFFFEULL,0x00000001FFFFFFFFULL,
-	 0x0000000000000000ULL,0xFFFFFFFE00000002ULL},
-	{0xFFFFFFFFFFFFFFFDULL,0x00000002FFFFFFFFULL,
-	 0x0000000000000000ULL,0xFFFFFFFD00000003ULL},
-	{0xFFFFFFFFFFFFFFFCULL,0x00000003FFFFFFFFULL,
-	 0x0000000000000000ULL,0xFFFFFFFC00000004ULL},
-	{0xFFFFFFFFFFFFFFFBULL,0x00000004FFFFFFFFULL,
-	 0x0000000000000000ULL,0xFFFFFFFB00000005ULL},
-	};
-static const BN_ULONG _nist_p_256_sqr[] = {
-	0x0000000000000001ULL,0xFFFFFFFE00000000ULL,
-	0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFEULL,
-	0x00000001FFFFFFFEULL,0x00000001FFFFFFFEULL,
-	0xFFFFFFFE00000001ULL,0xFFFFFFFE00000002ULL
-	};
-static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
-	{0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,0xFFFFFFFFFFFFFFFEULL,
-	 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
-	{0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL,
-	 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
-	{0x00000002FFFFFFFDULL,0xFFFFFFFD00000000ULL,0xFFFFFFFFFFFFFFFCULL,
-	 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
-	{0x00000003FFFFFFFCULL,0xFFFFFFFC00000000ULL,0xFFFFFFFFFFFFFFFBULL,
-	 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
-	{0x00000004FFFFFFFBULL,0xFFFFFFFB00000000ULL,0xFFFFFFFFFFFFFFFAULL,
-	 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
-	};
-static const BN_ULONG _nist_p_384_sqr[] = {
-	0xFFFFFFFE00000001ULL,0x0000000200000000ULL,0xFFFFFFFE00000000ULL,
-	0x0000000200000000ULL,0x0000000000000001ULL,0x0000000000000000ULL,
-	0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL,
-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL
-	};
-static const BN_ULONG _nist_p_521[] =
-	{0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
-	0x00000000000001FFULL};
-static const BN_ULONG _nist_p_521_sqr[] = {
-	0x0000000000000001ULL,0x0000000000000000ULL,0x0000000000000000ULL,
-	0x0000000000000000ULL,0x0000000000000000ULL,0x0000000000000000ULL,
-	0x0000000000000000ULL,0x0000000000000000ULL,0xFFFFFFFFFFFFFC00ULL,
-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
-	0xFFFFFFFFFFFFFFFFULL,0x000000000003FFFFULL
-	};
-#elif BN_BITS2 == 32
-static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
-	{0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}
-	};
-static const BN_ULONG _nist_p_192_sqr[] = {
-	0x00000001,0x00000000,0x00000002,0x00000000,0x00000001,0x00000000,
-	0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
-	};
-static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
-	{0x00000001,0x00000000,0x00000000,0xFFFFFFFF,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0x00000002,0x00000000,0x00000000,0xFFFFFFFE,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}
-	};
-static const BN_ULONG _nist_p_224_sqr[] = {
-	0x00000001,0x00000000,0x00000000,0xFFFFFFFE,
-	0xFFFFFFFF,0xFFFFFFFF,0x00000000,0x00000002,
-	0x00000000,0x00000000,0xFFFFFFFE,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF
-	};
-static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
-	{0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0x00000000,
-	 0x00000000,0x00000000,0x00000001,0xFFFFFFFF},
-	{0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0x00000001,
-	 0x00000000,0x00000000,0x00000002,0xFFFFFFFE},
-	{0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0x00000002,
-	 0x00000000,0x00000000,0x00000003,0xFFFFFFFD},
-	{0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0x00000003,
-	 0x00000000,0x00000000,0x00000004,0xFFFFFFFC},
-	{0xFFFFFFFB,0xFFFFFFFF,0xFFFFFFFF,0x00000004,
-	 0x00000000,0x00000000,0x00000005,0xFFFFFFFB},
-	};
-static const BN_ULONG _nist_p_256_sqr[] = {
-	0x00000001,0x00000000,0x00000000,0xFFFFFFFE,
-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0x00000001,
-	0xFFFFFFFE,0x00000001,0xFFFFFFFE,0x00000001,
-	0x00000001,0xFFFFFFFE,0x00000002,0xFFFFFFFE
-	};
-static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
-	{0xFFFFFFFF,0x00000000,0x00000000,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0xFFFFFFFD,0x00000002,0x00000000,0xFFFFFFFD,0xFFFFFFFC,0xFFFFFFFF,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0xFFFFFFFC,0x00000003,0x00000000,0xFFFFFFFC,0xFFFFFFFB,0xFFFFFFFF,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0xFFFFFFFB,0x00000004,0x00000000,0xFFFFFFFB,0xFFFFFFFA,0xFFFFFFFF,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	};
-static const BN_ULONG _nist_p_384_sqr[] = {
-	0x00000001,0xFFFFFFFE,0x00000000,0x00000002,0x00000000,0xFFFFFFFE,
-	0x00000000,0x00000002,0x00000001,0x00000000,0x00000000,0x00000000,
-	0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
-	};
-static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
-	0xFFFFFFFF,0x000001FF};
-static const BN_ULONG _nist_p_521_sqr[] = {
-	0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
-	0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
-	0x00000000,0x00000000,0x00000000,0x00000000,0xFFFFFC00,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF,0x0003FFFF
-	};
-#else
-#error "unsupported BN_BITS2"
-#endif
-
-
-static const BIGNUM _bignum_nist_p_192 =
-	{
-	(BN_ULONG *)_nist_p_192[0],
-	BN_NIST_192_TOP,
-	BN_NIST_192_TOP,
-	0,
-	BN_FLG_STATIC_DATA
-	};
-
-static const BIGNUM _bignum_nist_p_224 =
-	{
-	(BN_ULONG *)_nist_p_224[0],
-	BN_NIST_224_TOP,
-	BN_NIST_224_TOP,
-	0,
-	BN_FLG_STATIC_DATA
-	};
-
-static const BIGNUM _bignum_nist_p_256 =
-	{
-	(BN_ULONG *)_nist_p_256[0],
-	BN_NIST_256_TOP,
-	BN_NIST_256_TOP,
-	0,
-	BN_FLG_STATIC_DATA
-	};
-
-static const BIGNUM _bignum_nist_p_384 =
-	{
-	(BN_ULONG *)_nist_p_384[0],
-	BN_NIST_384_TOP,
-	BN_NIST_384_TOP,
-	0,
-	BN_FLG_STATIC_DATA
-	};
-
-static const BIGNUM _bignum_nist_p_521 =
-	{
-	(BN_ULONG *)_nist_p_521,
-	BN_NIST_521_TOP,
-	BN_NIST_521_TOP,
-	0,
-	BN_FLG_STATIC_DATA
-	};
-
-
-const BIGNUM *BN_get0_nist_prime_192(void)
-	{
-	return &_bignum_nist_p_192;
-	}
-
-const BIGNUM *BN_get0_nist_prime_224(void)
-	{
-	return &_bignum_nist_p_224;
-	}
-
-const BIGNUM *BN_get0_nist_prime_256(void)
-	{
-	return &_bignum_nist_p_256;
-	}
-
-const BIGNUM *BN_get0_nist_prime_384(void)
-	{
-	return &_bignum_nist_p_384;
-	}
-
-const BIGNUM *BN_get0_nist_prime_521(void)
-	{
-	return &_bignum_nist_p_521;
-	}
-
-
-static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
-	{
-	int i;
-
-#ifdef BN_DEBUG
-	OPENSSL_assert(top <= max);
-#endif
-	for (i = 0; i < top; i++)
-		dst[i] = src[i];
-	for (; i < max; i++)
-		dst[i] = 0;
-	}
-
-static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
-	{ 
-	int i;
-
-	for (i = 0; i < top; i++)
-		dst[i] = src[i];
-	}
-
-#if BN_BITS2 == 64
-#define bn_cp_64(to, n, from, m)	(to)[n] = (m>=0)?((from)[m]):0;
-#define bn_64_set_0(to, n)		(to)[n] = (BN_ULONG)0;
-/*
- * two following macros are implemented under assumption that they
- * are called in a sequence with *ascending* n, i.e. as they are...
- */
-#define bn_cp_32_naked(to, n, from, m)	(((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\
-						:(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
-#define bn_32_set_0(to, n)		(((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
-#define bn_cp_32(to,n,from,m)		((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
-# if defined(L_ENDIAN)
-#  if defined(__arch64__)
-#   define NIST_INT64 long
-#  else
-#   define NIST_INT64 long long
-#  endif
-# endif
-#else
-#define bn_cp_64(to, n, from, m) \
-	{ \
-	bn_cp_32(to, (n)*2, from, (m)*2); \
-	bn_cp_32(to, (n)*2+1, from, (m)*2+1); \
-	}
-#define bn_64_set_0(to, n) \
-	{ \
-	bn_32_set_0(to, (n)*2); \
-	bn_32_set_0(to, (n)*2+1); \
-	}
-#define bn_cp_32(to, n, from, m)	(to)[n] = (m>=0)?((from)[m]):0;
-#define bn_32_set_0(to, n)		(to)[n] = (BN_ULONG)0;
-# if defined(_WIN32) && !defined(__GNUC__)
-#  define NIST_INT64 __int64
-# elif defined(BN_LLONG)
-#  define NIST_INT64 long long
-# endif
-#endif /* BN_BITS2 != 64 */
-
-#define nist_set_192(to, from, a1, a2, a3) \
-	{ \
-	bn_cp_64(to, 0, from, (a3) - 3) \
-	bn_cp_64(to, 1, from, (a2) - 3) \
-	bn_cp_64(to, 2, from, (a1) - 3) \
-	}
-
-int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
-	BN_CTX *ctx)
-	{
-	int      top = a->top, i;
-	int      carry;
-	register BN_ULONG *r_d, *a_d = a->d;
-	union	{
-		BN_ULONG	bn[BN_NIST_192_TOP];
-		unsigned int	ui[BN_NIST_192_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
-		} buf;
-	BN_ULONG c_d[BN_NIST_192_TOP],
-		*res;
-	PTR_SIZE_INT mask;
-	static const BIGNUM _bignum_nist_p_192_sqr = {
-		(BN_ULONG *)_nist_p_192_sqr,
-		sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
-		sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
-		0,BN_FLG_STATIC_DATA };
-
-	field = &_bignum_nist_p_192; /* just to make sure */
-
- 	if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0)
-		return BN_nnmod(r, a, field, ctx);
-
-	i = BN_ucmp(field, a);
-	if (i == 0)
-		{
-		BN_zero(r);
-		return 1;
-		}
-	else if (i > 0)
-		return (r == a) ? 1 : (BN_copy(r ,a) != NULL);
-
-	if (r != a)
-		{
-		if (!bn_wexpand(r, BN_NIST_192_TOP))
-			return 0;
-		r_d = r->d;
-		nist_cp_bn(r_d, a_d, BN_NIST_192_TOP);
-		}
-	else
-		r_d = a_d;
-
-	nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP);
-
-#if defined(NIST_INT64)
-	{
-	NIST_INT64		acc;	/* accumulator */
-	unsigned int		*rp=(unsigned int *)r_d;
-	const unsigned int	*bp=(const unsigned int *)buf.ui;
-
-	acc  = rp[0];	acc += bp[3*2-6];
-			acc += bp[5*2-6]; rp[0] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[1];	acc += bp[3*2-5];
-			acc += bp[5*2-5]; rp[1] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[2];	acc += bp[3*2-6];
-			acc += bp[4*2-6];
-			acc += bp[5*2-6]; rp[2] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[3];	acc += bp[3*2-5];
-			acc += bp[4*2-5];
-			acc += bp[5*2-5]; rp[3] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[4];	acc += bp[4*2-6];
-			acc += bp[5*2-6]; rp[4] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[5];	acc += bp[4*2-5];
-			acc += bp[5*2-5]; rp[5] = (unsigned int)acc;
-
-	carry = (int)(acc>>32);
-	}
-#else
-	{
-	BN_ULONG t_d[BN_NIST_192_TOP];
-
-	nist_set_192(t_d, buf.bn, 0, 3, 3);
-	carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
-	nist_set_192(t_d, buf.bn, 4, 4, 0);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
-	nist_set_192(t_d, buf.bn, 5, 5, 5)
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
-	}
-#endif
-	if (carry > 0)
-		carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP);
-	else
-		carry = 1;
-
-	/*
-	 * we need 'if (carry==0 || result>=modulus) result-=modulus;'
-	 * as comparison implies subtraction, we can write
-	 * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
-	 * this is what happens below, but without explicit if:-) a.
-	 */
-	mask  = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
-	mask &= 0-(PTR_SIZE_INT)carry;
-	res   = c_d;
-	res   = (BN_ULONG *)
-	 (((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask));
-	nist_cp_bn(r_d, res, BN_NIST_192_TOP);
-	r->top = BN_NIST_192_TOP;
-	bn_correct_top(r);
-
-	return 1;
-	}
-
-typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int);
-
-#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \
-	{ \
-	bn_cp_32(to, 0, from, (a7) - 7) \
-	bn_cp_32(to, 1, from, (a6) - 7) \
-	bn_cp_32(to, 2, from, (a5) - 7) \
-	bn_cp_32(to, 3, from, (a4) - 7) \
-	bn_cp_32(to, 4, from, (a3) - 7) \
-	bn_cp_32(to, 5, from, (a2) - 7) \
-	bn_cp_32(to, 6, from, (a1) - 7) \
-	}
-
-int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
-	BN_CTX *ctx)
-	{
-	int	top = a->top, i;
-	int	carry;
-	BN_ULONG *r_d, *a_d = a->d;
-	union	{
-		BN_ULONG	bn[BN_NIST_224_TOP];
-		unsigned int	ui[BN_NIST_224_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
-		} buf;
-	BN_ULONG c_d[BN_NIST_224_TOP],
-		*res;
-	PTR_SIZE_INT mask;
-	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
-	static const BIGNUM _bignum_nist_p_224_sqr = {
-		(BN_ULONG *)_nist_p_224_sqr,
-		sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
-		sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
-		0,BN_FLG_STATIC_DATA };
-
-
-	field = &_bignum_nist_p_224; /* just to make sure */
-
- 	if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0)
-		return BN_nnmod(r, a, field, ctx);
-
-	i = BN_ucmp(field, a);
-	if (i == 0)
-		{
-		BN_zero(r);
-		return 1;
-		}
-	else if (i > 0)
-		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
-
-	if (r != a)
-		{
-		if (!bn_wexpand(r, BN_NIST_224_TOP))
-			return 0;
-		r_d = r->d;
-		nist_cp_bn(r_d, a_d, BN_NIST_224_TOP);
-		}
-	else
-		r_d = a_d;
-
-#if BN_BITS2==64
-	/* copy upper 256 bits of 448 bit number ... */
-	nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
-	/* ... and right shift by 32 to obtain upper 224 bits */
-	nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);
-	/* truncate lower part to 224 bits too */
-	r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
-#else
-	nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
-#endif
-
-#if defined(NIST_INT64) && BN_BITS2!=64
-	{
-	NIST_INT64		acc;	/* accumulator */
-	unsigned int		*rp=(unsigned int *)r_d;
-	const unsigned int	*bp=(const unsigned int *)buf.ui;
-
-	acc  = rp[0];	acc -= bp[7-7];
-			acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[1];	acc -= bp[8-7];
-			acc -= bp[12-7]; rp[1] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[2];	acc -= bp[9-7];
-			acc -= bp[13-7]; rp[2] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[3];	acc += bp[7-7];
-			acc += bp[11-7];
-			acc -= bp[10-7]; rp[3] = (unsigned int)acc; acc>>= 32;
-
-	acc += rp[4];	acc += bp[8-7];
-			acc += bp[12-7];
-			acc -= bp[11-7]; rp[4] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[5];	acc += bp[9-7];
-			acc += bp[13-7];
-			acc -= bp[12-7]; rp[5] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[6];	acc += bp[10-7];
-			acc -= bp[13-7]; rp[6] = (unsigned int)acc;
-
-	carry = (int)(acc>>32);
-# if BN_BITS2==64
-	rp[7] = carry;
-# endif
-	}	
-#else
-	{
-	BN_ULONG t_d[BN_NIST_224_TOP];
-
-	nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
-	carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-	nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-	nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-	nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-
-#if BN_BITS2==64
-	carry = (int)(r_d[BN_NIST_224_TOP-1]>>32);
-#endif
-	}
-#endif
-	u.f = bn_sub_words;
-	if (carry > 0)
-		{
-		carry = (int)bn_sub_words(r_d,r_d,_nist_p_224[carry-1],BN_NIST_224_TOP);
-#if BN_BITS2==64
-		carry=(int)(~(r_d[BN_NIST_224_TOP-1]>>32))&1;
-#endif
-		}
-	else if (carry < 0)
-		{
-		/* it's a bit more comlicated logic in this case.
-		 * if bn_add_words yields no carry, then result
-		 * has to be adjusted by unconditionally *adding*
-		 * the modulus. but if it does, then result has
-		 * to be compared to the modulus and conditionally
-		 * adjusted by *subtracting* the latter. */
-		carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP);
-		mask = 0-(PTR_SIZE_INT)carry;
-		u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
-		 ((PTR_SIZE_INT)bn_add_words&~mask);
-		}
-	else
-		carry = 1;
-
-	/* otherwise it's effectively same as in BN_nist_mod_192... */
-	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
-	mask &= 0-(PTR_SIZE_INT)carry;
-	res   = c_d;
-	res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
-	 ((PTR_SIZE_INT)r_d&mask));
-	nist_cp_bn(r_d, res, BN_NIST_224_TOP);
-	r->top = BN_NIST_224_TOP;
-	bn_correct_top(r);
-
-	return 1;
-	}
-
-#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \
-	{ \
-	bn_cp_32(to, 0, from, (a8) - 8) \
-	bn_cp_32(to, 1, from, (a7) - 8) \
-	bn_cp_32(to, 2, from, (a6) - 8) \
-	bn_cp_32(to, 3, from, (a5) - 8) \
-	bn_cp_32(to, 4, from, (a4) - 8) \
-	bn_cp_32(to, 5, from, (a3) - 8) \
-	bn_cp_32(to, 6, from, (a2) - 8) \
-	bn_cp_32(to, 7, from, (a1) - 8) \
-	}
-
-int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
-	BN_CTX *ctx)
-	{
-	int	i, top = a->top;
-	int	carry = 0;
-	register BN_ULONG *a_d = a->d, *r_d;
-	union	{
-		BN_ULONG bn[BN_NIST_256_TOP];
-		unsigned int ui[BN_NIST_256_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
-		} buf;
-	BN_ULONG c_d[BN_NIST_256_TOP],
-		*res;
-	PTR_SIZE_INT mask;
-	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
-	static const BIGNUM _bignum_nist_p_256_sqr = {
-		(BN_ULONG *)_nist_p_256_sqr,
-		sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
-		sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
-		0,BN_FLG_STATIC_DATA };
-
-	field = &_bignum_nist_p_256; /* just to make sure */
-
- 	if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0)
-		return BN_nnmod(r, a, field, ctx);
-
-	i = BN_ucmp(field, a);
-	if (i == 0)
-		{
-		BN_zero(r);
-		return 1;
-		}
-	else if (i > 0)
-		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
-
-	if (r != a)
-		{
-		if (!bn_wexpand(r, BN_NIST_256_TOP))
-			return 0;
-		r_d = r->d;
-		nist_cp_bn(r_d, a_d, BN_NIST_256_TOP);
-		}
-	else
-		r_d = a_d;
-
-	nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP);
-
-#if defined(NIST_INT64)
-	{
-	NIST_INT64		acc;	/* accumulator */
-	unsigned int		*rp=(unsigned int *)r_d;
-	const unsigned int	*bp=(const unsigned int *)buf.ui;
-
-	acc = rp[0];	acc += bp[8-8];
-			acc += bp[9-8];
-			acc -= bp[11-8];
-			acc -= bp[12-8];
-			acc -= bp[13-8];
-			acc -= bp[14-8]; rp[0] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[1];	acc += bp[9-8];
-			acc += bp[10-8];
-			acc -= bp[12-8];
-			acc -= bp[13-8];
-			acc -= bp[14-8];
-			acc -= bp[15-8]; rp[1] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[2];	acc += bp[10-8];
-			acc += bp[11-8];
-			acc -= bp[13-8];
-			acc -= bp[14-8];
-			acc -= bp[15-8]; rp[2] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[3];	acc += bp[11-8];
-			acc += bp[11-8];
-			acc += bp[12-8];
-			acc += bp[12-8];
-			acc += bp[13-8];
-			acc -= bp[15-8];
-			acc -= bp[8-8];
-			acc -= bp[9-8];  rp[3] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[4];	acc += bp[12-8];
-			acc += bp[12-8];
-			acc += bp[13-8];
-			acc += bp[13-8];
-			acc += bp[14-8];
-			acc -= bp[9-8];
-			acc -= bp[10-8]; rp[4] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[5];	acc += bp[13-8];
-			acc += bp[13-8];
-			acc += bp[14-8];
-			acc += bp[14-8];
-			acc += bp[15-8];
-			acc -= bp[10-8];
-			acc -= bp[11-8]; rp[5] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[6];	acc += bp[14-8];
-			acc += bp[14-8];
-			acc += bp[15-8];
-			acc += bp[15-8];
-			acc += bp[14-8];
-			acc += bp[13-8];
-			acc -= bp[8-8];
-			acc -= bp[9-8];  rp[6] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[7];	acc += bp[15-8];
-			acc += bp[15-8];
-			acc += bp[15-8];
-			acc += bp[8 -8];
-			acc -= bp[10-8];
-			acc -= bp[11-8];
-			acc -= bp[12-8];
-			acc -= bp[13-8]; rp[7] = (unsigned int)acc;
-
-	carry = (int)(acc>>32);
-	}
-#else
-	{
-	BN_ULONG t_d[BN_NIST_256_TOP];
-
-	/*S1*/
-	nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0);
-	/*S2*/
-	nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0);
-	carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
-	/* left shift */
-		{
-		register BN_ULONG *ap,t,c;
-		ap = t_d;
-		c=0;
-		for (i = BN_NIST_256_TOP; i != 0; --i)
-			{
-			t= *ap;
-			*(ap++)=((t<<1)|c)&BN_MASK2;
-			c=(t & BN_TBIT)?1:0;
-			}
-		carry <<= 1;
-		carry  |= c;
-		}
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-	/*S3*/
-	nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-	/*S4*/
-	nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-	/*D1*/
-	nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-	/*D2*/
-	nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-	/*D3*/
-	nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-	/*D4*/
-	nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-
-	}
-#endif
-	/* see BN_nist_mod_224 for explanation */
-	u.f = bn_sub_words;
-	if (carry > 0)
-		carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_256_TOP);
-	else if (carry < 0)
-		{
-		carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP);
-		mask = 0-(PTR_SIZE_INT)carry;
-		u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
-		 ((PTR_SIZE_INT)bn_add_words&~mask);
-		}
-	else
-		carry = 1;
-
-	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
-	mask &= 0-(PTR_SIZE_INT)carry;
-	res   = c_d;
-	res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
-	 ((PTR_SIZE_INT)r_d&mask));
-	nist_cp_bn(r_d, res, BN_NIST_256_TOP);
-	r->top = BN_NIST_256_TOP;
-	bn_correct_top(r);
-
-	return 1;
-	}
-
-#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
-	{ \
-	bn_cp_32(to, 0, from,  (a12) - 12) \
-	bn_cp_32(to, 1, from,  (a11) - 12) \
-	bn_cp_32(to, 2, from,  (a10) - 12) \
-	bn_cp_32(to, 3, from,  (a9) - 12)  \
-	bn_cp_32(to, 4, from,  (a8) - 12)  \
-	bn_cp_32(to, 5, from,  (a7) - 12)  \
-	bn_cp_32(to, 6, from,  (a6) - 12)  \
-	bn_cp_32(to, 7, from,  (a5) - 12)  \
-	bn_cp_32(to, 8, from,  (a4) - 12)  \
-	bn_cp_32(to, 9, from,  (a3) - 12)  \
-	bn_cp_32(to, 10, from, (a2) - 12)  \
-	bn_cp_32(to, 11, from, (a1) - 12)  \
-	}
-
-int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
-	BN_CTX *ctx)
-	{
-	int	i, top = a->top;
-	int	carry = 0;
-	register BN_ULONG *r_d, *a_d = a->d;
-	union	{
-		BN_ULONG bn[BN_NIST_384_TOP];
-		unsigned int ui[BN_NIST_384_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
-		} buf;
-	BN_ULONG c_d[BN_NIST_384_TOP],
-		*res;
-	PTR_SIZE_INT mask;
-	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
-	static const BIGNUM _bignum_nist_p_384_sqr = {
-		(BN_ULONG *)_nist_p_384_sqr,
-		sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
-		sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
-		0,BN_FLG_STATIC_DATA };
-
-
-	field = &_bignum_nist_p_384; /* just to make sure */
-
- 	if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0)
-		return BN_nnmod(r, a, field, ctx);
-
-	i = BN_ucmp(field, a);
-	if (i == 0)
-		{
-		BN_zero(r);
-		return 1;
-		}
-	else if (i > 0)
-		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
-
-	if (r != a)
-		{
-		if (!bn_wexpand(r, BN_NIST_384_TOP))
-			return 0;
-		r_d = r->d;
-		nist_cp_bn(r_d, a_d, BN_NIST_384_TOP);
-		}
-	else
-		r_d = a_d;
-
-	nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP);
-
-#if defined(NIST_INT64)
-	{
-	NIST_INT64		acc;	/* accumulator */
-	unsigned int		*rp=(unsigned int *)r_d;
-	const unsigned int	*bp=(const unsigned int *)buf.ui;
-
-	acc = rp[0];	acc += bp[12-12];
-			acc += bp[21-12];
-			acc += bp[20-12];
-			acc -= bp[23-12]; rp[0] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[1];	acc += bp[13-12];
-			acc += bp[22-12];
-			acc += bp[23-12];
-			acc -= bp[12-12];
-			acc -= bp[20-12]; rp[1] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[2];	acc += bp[14-12];
-			acc += bp[23-12];
-			acc -= bp[13-12];
-			acc -= bp[21-12]; rp[2] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[3];	acc += bp[15-12];
-			acc += bp[12-12];
-			acc += bp[20-12];
-			acc += bp[21-12];
-			acc -= bp[14-12];
-			acc -= bp[22-12];
-			acc -= bp[23-12]; rp[3] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[4];	acc += bp[21-12];
-			acc += bp[21-12];
-			acc += bp[16-12];
-			acc += bp[13-12];
-			acc += bp[12-12];
-			acc += bp[20-12];
-			acc += bp[22-12];
-			acc -= bp[15-12];
-			acc -= bp[23-12];
-			acc -= bp[23-12]; rp[4] = (unsigned int)acc; acc >>= 32;
-
-	acc += rp[5];	acc += bp[22-12];
-			acc += bp[22-12];
-			acc += bp[17-12];
-			acc += bp[14-12];
-			acc += bp[13-12];
-			acc += bp[21-12];
-			acc += bp[23-12];
-			acc -= bp[16-12]; rp[5] = (unsigned int)acc; acc >>= 32;
-			
-	acc += rp[6];	acc += bp[23-12];
-			acc += bp[23-12];
-			acc += bp[18-12];
-			acc += bp[15-12];
-			acc += bp[14-12];
-			acc += bp[22-12];
-			acc -= bp[17-12]; rp[6] = (unsigned int)acc; acc >>= 32;
-			
-	acc += rp[7];	acc += bp[19-12];
-			acc += bp[16-12];
-			acc += bp[15-12];
-			acc += bp[23-12];
-			acc -= bp[18-12]; rp[7] = (unsigned int)acc; acc >>= 32;
-			
-	acc += rp[8];	acc += bp[20-12];
-			acc += bp[17-12];
-			acc += bp[16-12];
-			acc -= bp[19-12]; rp[8] = (unsigned int)acc; acc >>= 32;
-			
-	acc += rp[9];	acc += bp[21-12];
-			acc += bp[18-12];
-			acc += bp[17-12];
-			acc -= bp[20-12]; rp[9] = (unsigned int)acc; acc >>= 32;
-			
-	acc += rp[10];	acc += bp[22-12];
-			acc += bp[19-12];
-			acc += bp[18-12];
-			acc -= bp[21-12]; rp[10] = (unsigned int)acc; acc >>= 32;
-			
-	acc += rp[11];	acc += bp[23-12];
-			acc += bp[20-12];
-			acc += bp[19-12];
-			acc -= bp[22-12]; rp[11] = (unsigned int)acc;
-
-	carry = (int)(acc>>32);
-	}
-#else
-	{
-	BN_ULONG t_d[BN_NIST_384_TOP];
-
-	/*S1*/
-	nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4);
-		/* left shift */
-		{
-		register BN_ULONG *ap,t,c;
-		ap = t_d;
-		c=0;
-		for (i = 3; i != 0; --i)
-			{
-			t= *ap;
-			*(ap++)=((t<<1)|c)&BN_MASK2;
-			c=(t & BN_TBIT)?1:0;
-			}
-		*ap=c;
-		}
-	carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), 
-		t_d, BN_NIST_256_TOP);
-	/*S2 */
-	carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP);
-	/*S3*/
-	nist_set_384(t_d,buf.bn,20,19,18,17,16,15,14,13,12,23,22,21);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-	/*S4*/
-	nist_set_384(t_d,buf.bn,19,18,17,16,15,14,13,12,20,0,23,0);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-	/*S5*/
-	nist_set_384(t_d, buf.bn,0,0,0,0,23,22,21,20,0,0,0,0);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-	/*S6*/
-	nist_set_384(t_d,buf.bn,0,0,0,0,0,0,23,22,21,0,0,20);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-	/*D1*/
-	nist_set_384(t_d,buf.bn,22,21,20,19,18,17,16,15,14,13,12,23);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-	/*D2*/
-	nist_set_384(t_d,buf.bn,0,0,0,0,0,0,0,23,22,21,20,0);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-	/*D3*/
-	nist_set_384(t_d,buf.bn,0,0,0,0,0,0,0,23,23,0,0,0);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-
-	}
-#endif
-	/* see BN_nist_mod_224 for explanation */
-	u.f = bn_sub_words;
-	if (carry > 0)
-		carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_384_TOP);
-	else if (carry < 0)
-		{
-		carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP);
-		mask = 0-(PTR_SIZE_INT)carry;
-		u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
-		 ((PTR_SIZE_INT)bn_add_words&~mask);
-		}
-	else
-		carry = 1;
-
-	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
-	mask &= 0-(PTR_SIZE_INT)carry;
-	res   = c_d;
-	res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
-	 ((PTR_SIZE_INT)r_d&mask));
-	nist_cp_bn(r_d, res, BN_NIST_384_TOP);
-	r->top = BN_NIST_384_TOP;
-	bn_correct_top(r);
-
-	return 1;
-	}
-
-#define BN_NIST_521_RSHIFT	(521%BN_BITS2)
-#define BN_NIST_521_LSHIFT	(BN_BITS2-BN_NIST_521_RSHIFT)
-#define BN_NIST_521_TOP_MASK	((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)
-
-int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
-	BN_CTX *ctx)
-	{
-	int	top = a->top, i;
-	BN_ULONG *r_d, *a_d = a->d,
-		 t_d[BN_NIST_521_TOP],
-		 val,tmp,*res;
-	PTR_SIZE_INT mask;
-	static const BIGNUM _bignum_nist_p_521_sqr = {
-		(BN_ULONG *)_nist_p_521_sqr,
-		sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
-		sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
-		0,BN_FLG_STATIC_DATA };
-
-	field = &_bignum_nist_p_521; /* just to make sure */
-
- 	if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0)
-		return BN_nnmod(r, a, field, ctx);
-
-	i = BN_ucmp(field, a);
-	if (i == 0)
-		{
-		BN_zero(r);
-		return 1;
-		}
-	else if (i > 0)
-		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
-
-	if (r != a)
-		{
-		if (!bn_wexpand(r,BN_NIST_521_TOP))
-			return 0;
-		r_d = r->d;
-		nist_cp_bn(r_d,a_d, BN_NIST_521_TOP);
-		}
-	else
-		r_d = a_d;
-
-	/* upper 521 bits, copy ... */
-	nist_cp_bn_0(t_d,a_d + (BN_NIST_521_TOP-1), top - (BN_NIST_521_TOP-1),BN_NIST_521_TOP);
-	/* ... and right shift */
-	for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
-		{
-		t_d[i] = ( val>>BN_NIST_521_RSHIFT |
-			  (tmp=t_d[i+1])<<BN_NIST_521_LSHIFT ) & BN_MASK2;
-		val=tmp;
-		}
-	t_d[i] = val>>BN_NIST_521_RSHIFT;
-	/* lower 521 bits */
-	r_d[i] &= BN_NIST_521_TOP_MASK;
-
-	bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
-	mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-	res  = t_d;
-	res  = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
-	 ((PTR_SIZE_INT)r_d&mask));
-	nist_cp_bn(r_d,res,BN_NIST_521_TOP);
-	r->top = BN_NIST_521_TOP;
-	bn_correct_top(r);
-
-	return 1;
-	}
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
deleted file mode 100644
index 7b25979dd1..0000000000
--- a/crypto/bn/bn_prime.c
+++ /dev/null
@@ -1,494 +0,0 @@
-/* crypto/bn/bn_prime.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-
-/* NB: these functions have been "upgraded", the deprecated versions (which are
- * compatibility wrappers using these functions) are in bn_depr.c.
- * - Geoff
- */
-
-/* The quick sieve algorithm approach to weeding out primes is
- * Philip Zimmermann's, as implemented in PGP.  I have had a read of
- * his comments and implemented my own version.
- */
-#include "bn_prime.h"
-
-static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
-	const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
-static int probable_prime(BIGNUM *rnd, int bits);
-static int probable_prime_dh(BIGNUM *rnd, int bits,
-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-
-int BN_GENCB_call(BN_GENCB *cb, int a, int b)
-	{
-	/* No callback means continue */
-	if(!cb) return 1;
-	switch(cb->ver)
-		{
-	case 1:
-		/* Deprecated-style callbacks */
-		if(!cb->cb.cb_1)
-			return 1;
-		cb->cb.cb_1(a, b, cb->arg);
-		return 1;
-	case 2:
-		/* New-style callbacks */
-		return cb->cb.cb_2(a, b, cb);
-	default:
-		break;
-		}
-	/* Unrecognised callback type */
-	return 0;
-	}
-
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
-	const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
-	{
-	BIGNUM *t;
-	int found=0;
-	int i,j,c1=0;
-	BN_CTX *ctx;
-	int checks = BN_prime_checks_for_size(bits);
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-	BN_CTX_start(ctx);
-	t = BN_CTX_get(ctx);
-	if(!t) goto err;
-loop: 
-	/* make a random number and set the top and bottom bits */
-	if (add == NULL)
-		{
-		if (!probable_prime(ret,bits)) goto err;
-		}
-	else
-		{
-		if (safe)
-			{
-			if (!probable_prime_dh_safe(ret,bits,add,rem,ctx))
-				 goto err;
-			}
-		else
-			{
-			if (!probable_prime_dh(ret,bits,add,rem,ctx))
-				goto err;
-			}
-		}
-	/* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
-	if(!BN_GENCB_call(cb, 0, c1++))
-		/* aborted */
-		goto err;
-
-	if (!safe)
-		{
-		i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb);
-		if (i == -1) goto err;
-		if (i == 0) goto loop;
-		}
-	else
-		{
-		/* for "safe prime" generation,
-		 * check that (p-1)/2 is prime.
-		 * Since a prime is odd, We just
-		 * need to divide by 2 */
-		if (!BN_rshift1(t,ret)) goto err;
-
-		for (i=0; i<checks; i++)
-			{
-			j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb);
-			if (j == -1) goto err;
-			if (j == 0) goto loop;
-
-			j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb);
-			if (j == -1) goto err;
-			if (j == 0) goto loop;
-
-			if(!BN_GENCB_call(cb, 2, c1-1))
-				goto err;
-			/* We have a safe prime test pass */
-			}
-		}
-	/* we have a prime :-) */
-	found = 1;
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	bn_check_top(ret);
-	return found;
-	}
-
-int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
-	{
-	return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
-	}
-
-int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
-		int do_trial_division, BN_GENCB *cb)
-	{
-	int i, j, ret = -1;
-	int k;
-	BN_CTX *ctx = NULL;
-	BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
-	BN_MONT_CTX *mont = NULL;
-	const BIGNUM *A = NULL;
-
-	if (BN_cmp(a, BN_value_one()) <= 0)
-		return 0;
-	
-	if (checks == BN_prime_checks)
-		checks = BN_prime_checks_for_size(BN_num_bits(a));
-
-	/* first look for small factors */
-	if (!BN_is_odd(a))
-		/* a is even => a is prime if and only if a == 2 */
-		return BN_is_word(a, 2);
-	if (do_trial_division)
-		{
-		for (i = 1; i < NUMPRIMES; i++)
-			if (BN_mod_word(a, primes[i]) == 0) 
-				return 0;
-		if(!BN_GENCB_call(cb, 1, -1))
-			goto err;
-		}
-
-	if (ctx_passed != NULL)
-		ctx = ctx_passed;
-	else
-		if ((ctx=BN_CTX_new()) == NULL)
-			goto err;
-	BN_CTX_start(ctx);
-
-	/* A := abs(a) */
-	if (a->neg)
-		{
-		BIGNUM *t;
-		if ((t = BN_CTX_get(ctx)) == NULL) goto err;
-		BN_copy(t, a);
-		t->neg = 0;
-		A = t;
-		}
-	else
-		A = a;
-	A1 = BN_CTX_get(ctx);
-	A1_odd = BN_CTX_get(ctx);
-	check = BN_CTX_get(ctx);
-	if (check == NULL) goto err;
-
-	/* compute A1 := A - 1 */
-	if (!BN_copy(A1, A))
-		goto err;
-	if (!BN_sub_word(A1, 1))
-		goto err;
-	if (BN_is_zero(A1))
-		{
-		ret = 0;
-		goto err;
-		}
-
-	/* write  A1  as  A1_odd * 2^k */
-	k = 1;
-	while (!BN_is_bit_set(A1, k))
-		k++;
-	if (!BN_rshift(A1_odd, A1, k))
-		goto err;
-
-	/* Montgomery setup for computations mod A */
-	mont = BN_MONT_CTX_new();
-	if (mont == NULL)
-		goto err;
-	if (!BN_MONT_CTX_set(mont, A, ctx))
-		goto err;
-	
-	for (i = 0; i < checks; i++)
-		{
-		if (!BN_pseudo_rand_range(check, A1))
-			goto err;
-		if (!BN_add_word(check, 1))
-			goto err;
-		/* now 1 <= check < A */
-
-		j = witness(check, A, A1, A1_odd, k, ctx, mont);
-		if (j == -1) goto err;
-		if (j)
-			{
-			ret=0;
-			goto err;
-			}
-		if(!BN_GENCB_call(cb, 1, i))
-			goto err;
-		}
-	ret=1;
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		if (ctx_passed == NULL)
-			BN_CTX_free(ctx);
-		}
-	if (mont != NULL)
-		BN_MONT_CTX_free(mont);
-
-	return(ret);
-	}
-
-static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
-	const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont)
-	{
-	if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
-		return -1;
-	if (BN_is_one(w))
-		return 0; /* probably prime */
-	if (BN_cmp(w, a1) == 0)
-		return 0; /* w == -1 (mod a),  'a' is probably prime */
-	while (--k)
-		{
-		if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
-			return -1;
-		if (BN_is_one(w))
-			return 1; /* 'a' is composite, otherwise a previous 'w' would
-			           * have been == -1 (mod 'a') */
-		if (BN_cmp(w, a1) == 0)
-			return 0; /* w == -1 (mod a), 'a' is probably prime */
-		}
-	/* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
-	 * and it is neither -1 nor +1 -- so 'a' cannot be prime */
-	bn_check_top(w);
-	return 1;
-	}
-
-static int probable_prime(BIGNUM *rnd, int bits)
-	{
-	int i;
-	prime_t mods[NUMPRIMES];
-	BN_ULONG delta,maxdelta;
-
-again:
-	if (!BN_rand(rnd,bits,1,1)) return(0);
-	/* we now have a random number 'rand' to test. */
-	for (i=1; i<NUMPRIMES; i++)
-		mods[i]=(prime_t)BN_mod_word(rnd,(BN_ULONG)primes[i]);
-	maxdelta=BN_MASK2 - primes[NUMPRIMES-1];
-	delta=0;
-	loop: for (i=1; i<NUMPRIMES; i++)
-		{
-		/* check that rnd is not a prime and also
-		 * that gcd(rnd-1,primes) == 1 (except for 2) */
-		if (((mods[i]+delta)%primes[i]) <= 1)
-			{
-			delta+=2;
-			if (delta > maxdelta) goto again;
-			goto loop;
-			}
-		}
-	if (!BN_add_word(rnd,delta)) return(0);
-	bn_check_top(rnd);
-	return(1);
-	}
-
-static int probable_prime_dh(BIGNUM *rnd, int bits,
-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
-	{
-	int i,ret=0;
-	BIGNUM *t1;
-
-	BN_CTX_start(ctx);
-	if ((t1 = BN_CTX_get(ctx)) == NULL) goto err;
-
-	if (!BN_rand(rnd,bits,0,1)) goto err;
-
-	/* we need ((rnd-rem) % add) == 0 */
-
-	if (!BN_mod(t1,rnd,add,ctx)) goto err;
-	if (!BN_sub(rnd,rnd,t1)) goto err;
-	if (rem == NULL)
-		{ if (!BN_add_word(rnd,1)) goto err; }
-	else
-		{ if (!BN_add(rnd,rnd,rem)) goto err; }
-
-	/* we now have a random number 'rand' to test. */
-
-	loop: for (i=1; i<NUMPRIMES; i++)
-		{
-		/* check that rnd is a prime */
-		if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1)
-			{
-			if (!BN_add(rnd,rnd,add)) goto err;
-			goto loop;
-			}
-		}
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	bn_check_top(rnd);
-	return(ret);
-	}
-
-static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
-	const BIGNUM *rem, BN_CTX *ctx)
-	{
-	int i,ret=0;
-	BIGNUM *t1,*qadd,*q;
-
-	bits--;
-	BN_CTX_start(ctx);
-	t1 = BN_CTX_get(ctx);
-	q = BN_CTX_get(ctx);
-	qadd = BN_CTX_get(ctx);
-	if (qadd == NULL) goto err;
-
-	if (!BN_rshift1(qadd,padd)) goto err;
-		
-	if (!BN_rand(q,bits,0,1)) goto err;
-
-	/* we need ((rnd-rem) % add) == 0 */
-	if (!BN_mod(t1,q,qadd,ctx)) goto err;
-	if (!BN_sub(q,q,t1)) goto err;
-	if (rem == NULL)
-		{ if (!BN_add_word(q,1)) goto err; }
-	else
-		{
-		if (!BN_rshift1(t1,rem)) goto err;
-		if (!BN_add(q,q,t1)) goto err;
-		}
-
-	/* we now have a random number 'rand' to test. */
-	if (!BN_lshift1(p,q)) goto err;
-	if (!BN_add_word(p,1)) goto err;
-
-	loop: for (i=1; i<NUMPRIMES; i++)
-		{
-		/* check that p and q are prime */
-		/* check that for p and q
-		 * gcd(p-1,primes) == 1 (except for 2) */
-		if (	(BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||
-			(BN_mod_word(q,(BN_ULONG)primes[i]) == 0))
-			{
-			if (!BN_add(p,p,padd)) goto err;
-			if (!BN_add(q,q,qadd)) goto err;
-			goto loop;
-			}
-		}
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	bn_check_top(p);
-	return(ret);
-	}
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
deleted file mode 100644
index 51d2194feb..0000000000
--- a/crypto/bn/bn_prime.h
+++ /dev/null
@@ -1,327 +0,0 @@
-/* Auto generated by bn_prime.pl */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef EIGHT_BIT
-#define NUMPRIMES 2048
-typedef unsigned short prime_t;
-#else
-#define NUMPRIMES 54
-typedef unsigned char prime_t;
-#endif
-static const prime_t primes[NUMPRIMES]=
-	{
-	   2,   3,   5,   7,  11,  13,  17,  19,
-	  23,  29,  31,  37,  41,  43,  47,  53,
-	  59,  61,  67,  71,  73,  79,  83,  89,
-	  97, 101, 103, 107, 109, 113, 127, 131,
-	 137, 139, 149, 151, 157, 163, 167, 173,
-	 179, 181, 191, 193, 197, 199, 211, 223,
-	 227, 229, 233, 239, 241, 251,
-#ifndef EIGHT_BIT
-	 257, 263,
-	 269, 271, 277, 281, 283, 293, 307, 311,
-	 313, 317, 331, 337, 347, 349, 353, 359,
-	 367, 373, 379, 383, 389, 397, 401, 409,
-	 419, 421, 431, 433, 439, 443, 449, 457,
-	 461, 463, 467, 479, 487, 491, 499, 503,
-	 509, 521, 523, 541, 547, 557, 563, 569,
-	 571, 577, 587, 593, 599, 601, 607, 613,
-	 617, 619, 631, 641, 643, 647, 653, 659,
-	 661, 673, 677, 683, 691, 701, 709, 719,
-	 727, 733, 739, 743, 751, 757, 761, 769,
-	 773, 787, 797, 809, 811, 821, 823, 827,
-	 829, 839, 853, 857, 859, 863, 877, 881,
-	 883, 887, 907, 911, 919, 929, 937, 941,
-	 947, 953, 967, 971, 977, 983, 991, 997,
-	1009,1013,1019,1021,1031,1033,1039,1049,
-	1051,1061,1063,1069,1087,1091,1093,1097,
-	1103,1109,1117,1123,1129,1151,1153,1163,
-	1171,1181,1187,1193,1201,1213,1217,1223,
-	1229,1231,1237,1249,1259,1277,1279,1283,
-	1289,1291,1297,1301,1303,1307,1319,1321,
-	1327,1361,1367,1373,1381,1399,1409,1423,
-	1427,1429,1433,1439,1447,1451,1453,1459,
-	1471,1481,1483,1487,1489,1493,1499,1511,
-	1523,1531,1543,1549,1553,1559,1567,1571,
-	1579,1583,1597,1601,1607,1609,1613,1619,
-	1621,1627,1637,1657,1663,1667,1669,1693,
-	1697,1699,1709,1721,1723,1733,1741,1747,
-	1753,1759,1777,1783,1787,1789,1801,1811,
-	1823,1831,1847,1861,1867,1871,1873,1877,
-	1879,1889,1901,1907,1913,1931,1933,1949,
-	1951,1973,1979,1987,1993,1997,1999,2003,
-	2011,2017,2027,2029,2039,2053,2063,2069,
-	2081,2083,2087,2089,2099,2111,2113,2129,
-	2131,2137,2141,2143,2153,2161,2179,2203,
-	2207,2213,2221,2237,2239,2243,2251,2267,
-	2269,2273,2281,2287,2293,2297,2309,2311,
-	2333,2339,2341,2347,2351,2357,2371,2377,
-	2381,2383,2389,2393,2399,2411,2417,2423,
-	2437,2441,2447,2459,2467,2473,2477,2503,
-	2521,2531,2539,2543,2549,2551,2557,2579,
-	2591,2593,2609,2617,2621,2633,2647,2657,
-	2659,2663,2671,2677,2683,2687,2689,2693,
-	2699,2707,2711,2713,2719,2729,2731,2741,
-	2749,2753,2767,2777,2789,2791,2797,2801,
-	2803,2819,2833,2837,2843,2851,2857,2861,
-	2879,2887,2897,2903,2909,2917,2927,2939,
-	2953,2957,2963,2969,2971,2999,3001,3011,
-	3019,3023,3037,3041,3049,3061,3067,3079,
-	3083,3089,3109,3119,3121,3137,3163,3167,
-	3169,3181,3187,3191,3203,3209,3217,3221,
-	3229,3251,3253,3257,3259,3271,3299,3301,
-	3307,3313,3319,3323,3329,3331,3343,3347,
-	3359,3361,3371,3373,3389,3391,3407,3413,
-	3433,3449,3457,3461,3463,3467,3469,3491,
-	3499,3511,3517,3527,3529,3533,3539,3541,
-	3547,3557,3559,3571,3581,3583,3593,3607,
-	3613,3617,3623,3631,3637,3643,3659,3671,
-	3673,3677,3691,3697,3701,3709,3719,3727,
-	3733,3739,3761,3767,3769,3779,3793,3797,
-	3803,3821,3823,3833,3847,3851,3853,3863,
-	3877,3881,3889,3907,3911,3917,3919,3923,
-	3929,3931,3943,3947,3967,3989,4001,4003,
-	4007,4013,4019,4021,4027,4049,4051,4057,
-	4073,4079,4091,4093,4099,4111,4127,4129,
-	4133,4139,4153,4157,4159,4177,4201,4211,
-	4217,4219,4229,4231,4241,4243,4253,4259,
-	4261,4271,4273,4283,4289,4297,4327,4337,
-	4339,4349,4357,4363,4373,4391,4397,4409,
-	4421,4423,4441,4447,4451,4457,4463,4481,
-	4483,4493,4507,4513,4517,4519,4523,4547,
-	4549,4561,4567,4583,4591,4597,4603,4621,
-	4637,4639,4643,4649,4651,4657,4663,4673,
-	4679,4691,4703,4721,4723,4729,4733,4751,
-	4759,4783,4787,4789,4793,4799,4801,4813,
-	4817,4831,4861,4871,4877,4889,4903,4909,
-	4919,4931,4933,4937,4943,4951,4957,4967,
-	4969,4973,4987,4993,4999,5003,5009,5011,
-	5021,5023,5039,5051,5059,5077,5081,5087,
-	5099,5101,5107,5113,5119,5147,5153,5167,
-	5171,5179,5189,5197,5209,5227,5231,5233,
-	5237,5261,5273,5279,5281,5297,5303,5309,
-	5323,5333,5347,5351,5381,5387,5393,5399,
-	5407,5413,5417,5419,5431,5437,5441,5443,
-	5449,5471,5477,5479,5483,5501,5503,5507,
-	5519,5521,5527,5531,5557,5563,5569,5573,
-	5581,5591,5623,5639,5641,5647,5651,5653,
-	5657,5659,5669,5683,5689,5693,5701,5711,
-	5717,5737,5741,5743,5749,5779,5783,5791,
-	5801,5807,5813,5821,5827,5839,5843,5849,
-	5851,5857,5861,5867,5869,5879,5881,5897,
-	5903,5923,5927,5939,5953,5981,5987,6007,
-	6011,6029,6037,6043,6047,6053,6067,6073,
-	6079,6089,6091,6101,6113,6121,6131,6133,
-	6143,6151,6163,6173,6197,6199,6203,6211,
-	6217,6221,6229,6247,6257,6263,6269,6271,
-	6277,6287,6299,6301,6311,6317,6323,6329,
-	6337,6343,6353,6359,6361,6367,6373,6379,
-	6389,6397,6421,6427,6449,6451,6469,6473,
-	6481,6491,6521,6529,6547,6551,6553,6563,
-	6569,6571,6577,6581,6599,6607,6619,6637,
-	6653,6659,6661,6673,6679,6689,6691,6701,
-	6703,6709,6719,6733,6737,6761,6763,6779,
-	6781,6791,6793,6803,6823,6827,6829,6833,
-	6841,6857,6863,6869,6871,6883,6899,6907,
-	6911,6917,6947,6949,6959,6961,6967,6971,
-	6977,6983,6991,6997,7001,7013,7019,7027,
-	7039,7043,7057,7069,7079,7103,7109,7121,
-	7127,7129,7151,7159,7177,7187,7193,7207,
-	7211,7213,7219,7229,7237,7243,7247,7253,
-	7283,7297,7307,7309,7321,7331,7333,7349,
-	7351,7369,7393,7411,7417,7433,7451,7457,
-	7459,7477,7481,7487,7489,7499,7507,7517,
-	7523,7529,7537,7541,7547,7549,7559,7561,
-	7573,7577,7583,7589,7591,7603,7607,7621,
-	7639,7643,7649,7669,7673,7681,7687,7691,
-	7699,7703,7717,7723,7727,7741,7753,7757,
-	7759,7789,7793,7817,7823,7829,7841,7853,
-	7867,7873,7877,7879,7883,7901,7907,7919,
-	7927,7933,7937,7949,7951,7963,7993,8009,
-	8011,8017,8039,8053,8059,8069,8081,8087,
-	8089,8093,8101,8111,8117,8123,8147,8161,
-	8167,8171,8179,8191,8209,8219,8221,8231,
-	8233,8237,8243,8263,8269,8273,8287,8291,
-	8293,8297,8311,8317,8329,8353,8363,8369,
-	8377,8387,8389,8419,8423,8429,8431,8443,
-	8447,8461,8467,8501,8513,8521,8527,8537,
-	8539,8543,8563,8573,8581,8597,8599,8609,
-	8623,8627,8629,8641,8647,8663,8669,8677,
-	8681,8689,8693,8699,8707,8713,8719,8731,
-	8737,8741,8747,8753,8761,8779,8783,8803,
-	8807,8819,8821,8831,8837,8839,8849,8861,
-	8863,8867,8887,8893,8923,8929,8933,8941,
-	8951,8963,8969,8971,8999,9001,9007,9011,
-	9013,9029,9041,9043,9049,9059,9067,9091,
-	9103,9109,9127,9133,9137,9151,9157,9161,
-	9173,9181,9187,9199,9203,9209,9221,9227,
-	9239,9241,9257,9277,9281,9283,9293,9311,
-	9319,9323,9337,9341,9343,9349,9371,9377,
-	9391,9397,9403,9413,9419,9421,9431,9433,
-	9437,9439,9461,9463,9467,9473,9479,9491,
-	9497,9511,9521,9533,9539,9547,9551,9587,
-	9601,9613,9619,9623,9629,9631,9643,9649,
-	9661,9677,9679,9689,9697,9719,9721,9733,
-	9739,9743,9749,9767,9769,9781,9787,9791,
-	9803,9811,9817,9829,9833,9839,9851,9857,
-	9859,9871,9883,9887,9901,9907,9923,9929,
-	9931,9941,9949,9967,9973,10007,10009,10037,
-	10039,10061,10067,10069,10079,10091,10093,10099,
-	10103,10111,10133,10139,10141,10151,10159,10163,
-	10169,10177,10181,10193,10211,10223,10243,10247,
-	10253,10259,10267,10271,10273,10289,10301,10303,
-	10313,10321,10331,10333,10337,10343,10357,10369,
-	10391,10399,10427,10429,10433,10453,10457,10459,
-	10463,10477,10487,10499,10501,10513,10529,10531,
-	10559,10567,10589,10597,10601,10607,10613,10627,
-	10631,10639,10651,10657,10663,10667,10687,10691,
-	10709,10711,10723,10729,10733,10739,10753,10771,
-	10781,10789,10799,10831,10837,10847,10853,10859,
-	10861,10867,10883,10889,10891,10903,10909,10937,
-	10939,10949,10957,10973,10979,10987,10993,11003,
-	11027,11047,11057,11059,11069,11071,11083,11087,
-	11093,11113,11117,11119,11131,11149,11159,11161,
-	11171,11173,11177,11197,11213,11239,11243,11251,
-	11257,11261,11273,11279,11287,11299,11311,11317,
-	11321,11329,11351,11353,11369,11383,11393,11399,
-	11411,11423,11437,11443,11447,11467,11471,11483,
-	11489,11491,11497,11503,11519,11527,11549,11551,
-	11579,11587,11593,11597,11617,11621,11633,11657,
-	11677,11681,11689,11699,11701,11717,11719,11731,
-	11743,11777,11779,11783,11789,11801,11807,11813,
-	11821,11827,11831,11833,11839,11863,11867,11887,
-	11897,11903,11909,11923,11927,11933,11939,11941,
-	11953,11959,11969,11971,11981,11987,12007,12011,
-	12037,12041,12043,12049,12071,12073,12097,12101,
-	12107,12109,12113,12119,12143,12149,12157,12161,
-	12163,12197,12203,12211,12227,12239,12241,12251,
-	12253,12263,12269,12277,12281,12289,12301,12323,
-	12329,12343,12347,12373,12377,12379,12391,12401,
-	12409,12413,12421,12433,12437,12451,12457,12473,
-	12479,12487,12491,12497,12503,12511,12517,12527,
-	12539,12541,12547,12553,12569,12577,12583,12589,
-	12601,12611,12613,12619,12637,12641,12647,12653,
-	12659,12671,12689,12697,12703,12713,12721,12739,
-	12743,12757,12763,12781,12791,12799,12809,12821,
-	12823,12829,12841,12853,12889,12893,12899,12907,
-	12911,12917,12919,12923,12941,12953,12959,12967,
-	12973,12979,12983,13001,13003,13007,13009,13033,
-	13037,13043,13049,13063,13093,13099,13103,13109,
-	13121,13127,13147,13151,13159,13163,13171,13177,
-	13183,13187,13217,13219,13229,13241,13249,13259,
-	13267,13291,13297,13309,13313,13327,13331,13337,
-	13339,13367,13381,13397,13399,13411,13417,13421,
-	13441,13451,13457,13463,13469,13477,13487,13499,
-	13513,13523,13537,13553,13567,13577,13591,13597,
-	13613,13619,13627,13633,13649,13669,13679,13681,
-	13687,13691,13693,13697,13709,13711,13721,13723,
-	13729,13751,13757,13759,13763,13781,13789,13799,
-	13807,13829,13831,13841,13859,13873,13877,13879,
-	13883,13901,13903,13907,13913,13921,13931,13933,
-	13963,13967,13997,13999,14009,14011,14029,14033,
-	14051,14057,14071,14081,14083,14087,14107,14143,
-	14149,14153,14159,14173,14177,14197,14207,14221,
-	14243,14249,14251,14281,14293,14303,14321,14323,
-	14327,14341,14347,14369,14387,14389,14401,14407,
-	14411,14419,14423,14431,14437,14447,14449,14461,
-	14479,14489,14503,14519,14533,14537,14543,14549,
-	14551,14557,14561,14563,14591,14593,14621,14627,
-	14629,14633,14639,14653,14657,14669,14683,14699,
-	14713,14717,14723,14731,14737,14741,14747,14753,
-	14759,14767,14771,14779,14783,14797,14813,14821,
-	14827,14831,14843,14851,14867,14869,14879,14887,
-	14891,14897,14923,14929,14939,14947,14951,14957,
-	14969,14983,15013,15017,15031,15053,15061,15073,
-	15077,15083,15091,15101,15107,15121,15131,15137,
-	15139,15149,15161,15173,15187,15193,15199,15217,
-	15227,15233,15241,15259,15263,15269,15271,15277,
-	15287,15289,15299,15307,15313,15319,15329,15331,
-	15349,15359,15361,15373,15377,15383,15391,15401,
-	15413,15427,15439,15443,15451,15461,15467,15473,
-	15493,15497,15511,15527,15541,15551,15559,15569,
-	15581,15583,15601,15607,15619,15629,15641,15643,
-	15647,15649,15661,15667,15671,15679,15683,15727,
-	15731,15733,15737,15739,15749,15761,15767,15773,
-	15787,15791,15797,15803,15809,15817,15823,15859,
-	15877,15881,15887,15889,15901,15907,15913,15919,
-	15923,15937,15959,15971,15973,15991,16001,16007,
-	16033,16057,16061,16063,16067,16069,16073,16087,
-	16091,16097,16103,16111,16127,16139,16141,16183,
-	16187,16189,16193,16217,16223,16229,16231,16249,
-	16253,16267,16273,16301,16319,16333,16339,16349,
-	16361,16363,16369,16381,16411,16417,16421,16427,
-	16433,16447,16451,16453,16477,16481,16487,16493,
-	16519,16529,16547,16553,16561,16567,16573,16603,
-	16607,16619,16631,16633,16649,16651,16657,16661,
-	16673,16691,16693,16699,16703,16729,16741,16747,
-	16759,16763,16787,16811,16823,16829,16831,16843,
-	16871,16879,16883,16889,16901,16903,16921,16927,
-	16931,16937,16943,16963,16979,16981,16987,16993,
-	17011,17021,17027,17029,17033,17041,17047,17053,
-	17077,17093,17099,17107,17117,17123,17137,17159,
-	17167,17183,17189,17191,17203,17207,17209,17231,
-	17239,17257,17291,17293,17299,17317,17321,17327,
-	17333,17341,17351,17359,17377,17383,17387,17389,
-	17393,17401,17417,17419,17431,17443,17449,17467,
-	17471,17477,17483,17489,17491,17497,17509,17519,
-	17539,17551,17569,17573,17579,17581,17597,17599,
-	17609,17623,17627,17657,17659,17669,17681,17683,
-	17707,17713,17729,17737,17747,17749,17761,17783,
-	17789,17791,17807,17827,17837,17839,17851,17863,
-#endif
-	};
diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl
deleted file mode 100644
index 3fafb6f3e9..0000000000
--- a/crypto/bn/bn_prime.pl
+++ /dev/null
@@ -1,119 +0,0 @@
-#!/usr/local/bin/perl
-# bn_prime.pl
-
-$num=2048;
-$num=$ARGV[0] if ($#ARGV >= 0);
-
-push(@primes,2);
-$p=1;
-loop: while ($#primes < $num-1)
-	{
-	$p+=2;
-	$s=int(sqrt($p));
-
-	for ($i=0; defined($primes[$i]) && $primes[$i]<=$s; $i++)
-		{
-		next loop if (($p%$primes[$i]) == 0);
-		}
-	push(@primes,$p);
-	}
-
-# print <<"EOF";
-# /* Auto generated by bn_prime.pl */
-# /* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au).
-#  * All rights reserved.
-#  * Copyright remains Eric Young's, and as such any Copyright notices in
-#  * the code are not to be removed.
-#  * See the COPYRIGHT file in the SSLeay distribution for more details.
-#  */
-# 
-# EOF
-
-print <<\EOF;
-/* Auto generated by bn_prime.pl */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-EOF
-
-for ($i=0; $i <= $#primes; $i++)
-	{
-	if ($primes[$i] > 256)
-		{
-		$eight=$i;
-		last;
-		}
-	}
-
-printf "#ifndef EIGHT_BIT\n";
-printf "#define NUMPRIMES %d\n",$num;
-printf "typedef unsigned short prime_t;\n";
-printf "#else\n";
-printf "#define NUMPRIMES %d\n",$eight;
-printf "typedef unsigned char prime_t;\n";
-printf "#endif\n";
-print "static const prime_t primes[NUMPRIMES]=\n\t{\n\t";
-$init=0;
-for ($i=0; $i <= $#primes; $i++)
-	{
-	printf "\n#ifndef EIGHT_BIT\n\t" if ($primes[$i] > 256) && !($init++);
-	printf("\n\t") if (($i%8) == 0) && ($i != 0);
-	printf("%4d,",$primes[$i]);
-	}
-print "\n#endif\n\t};\n";
-
-
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
deleted file mode 100644
index 1743b6a7e2..0000000000
--- a/crypto/bn/bn_print.c
+++ /dev/null
@@ -1,378 +0,0 @@
-/* crypto/bn/bn_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include "bn_lcl.h"
-
-static const char Hex[]="0123456789ABCDEF";
-
-/* Must 'OPENSSL_free' the returned data */
-char *BN_bn2hex(const BIGNUM *a)
-	{
-	int i,j,v,z=0;
-	char *buf;
-	char *p;
-
-	buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
-	if (buf == NULL)
-		{
-		BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	p=buf;
-	if (a->neg) *(p++)='-';
-	if (BN_is_zero(a)) *(p++)='0';
-	for (i=a->top-1; i >=0; i--)
-		{
-		for (j=BN_BITS2-8; j >= 0; j-=8)
-			{
-			/* strip leading zeros */
-			v=((int)(a->d[i]>>(long)j))&0xff;
-			if (z || (v != 0))
-				{
-				*(p++)=Hex[v>>4];
-				*(p++)=Hex[v&0x0f];
-				z=1;
-				}
-			}
-		}
-	*p='\0';
-err:
-	return(buf);
-	}
-
-/* Must 'OPENSSL_free' the returned data */
-char *BN_bn2dec(const BIGNUM *a)
-	{
-	int i=0,num, ok = 0;
-	char *buf=NULL;
-	char *p;
-	BIGNUM *t=NULL;
-	BN_ULONG *bn_data=NULL,*lp;
-
-	/* get an upper bound for the length of the decimal integer
-	 * num <= (BN_num_bits(a) + 1) * log(2)
-	 *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)
-	 *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 
-	 */
-	i=BN_num_bits(a)*3;
-	num=(i/10+i/1000+1)+1;
-	bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
-	buf=(char *)OPENSSL_malloc(num+3);
-	if ((buf == NULL) || (bn_data == NULL))
-		{
-		BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if ((t=BN_dup(a)) == NULL) goto err;
-
-#define BUF_REMAIN (num+3 - (size_t)(p - buf))
-	p=buf;
-	lp=bn_data;
-	if (BN_is_zero(t))
-		{
-		*(p++)='0';
-		*(p++)='\0';
-		}
-	else
-		{
-		if (BN_is_negative(t))
-			*p++ = '-';
-
-		i=0;
-		while (!BN_is_zero(t))
-			{
-			*lp=BN_div_word(t,BN_DEC_CONV);
-			lp++;
-			}
-		lp--;
-		/* We now have a series of blocks, BN_DEC_NUM chars
-		 * in length, where the last one needs truncation.
-		 * The blocks need to be reversed in order. */
-		BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
-		while (*p) p++;
-		while (lp != bn_data)
-			{
-			lp--;
-			BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
-			while (*p) p++;
-			}
-		}
-	ok = 1;
-err:
-	if (bn_data != NULL) OPENSSL_free(bn_data);
-	if (t != NULL) BN_free(t);
-	if (!ok && buf)
-		{
-		OPENSSL_free(buf);
-		buf = NULL;
-		}
-
-	return(buf);
-	}
-
-int BN_hex2bn(BIGNUM **bn, const char *a)
-	{
-	BIGNUM *ret=NULL;
-	BN_ULONG l=0;
-	int neg=0,h,m,i,j,k,c;
-	int num;
-
-	if ((a == NULL) || (*a == '\0')) return(0);
-
-	if (*a == '-') { neg=1; a++; }
-
-	for (i=0; isxdigit((unsigned char) a[i]); i++)
-		;
-
-	num=i+neg;
-	if (bn == NULL) return(num);
-
-	/* a is the start of the hex digits, and it is 'i' long */
-	if (*bn == NULL)
-		{
-		if ((ret=BN_new()) == NULL) return(0);
-		}
-	else
-		{
-		ret= *bn;
-		BN_zero(ret);
-		}
-
-	/* i is the number of hex digests; */
-	if (bn_expand(ret,i*4) == NULL) goto err;
-
-	j=i; /* least significant 'hex' */
-	m=0;
-	h=0;
-	while (j > 0)
-		{
-		m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;
-		l=0;
-		for (;;)
-			{
-			c=a[j-m];
-			if ((c >= '0') && (c <= '9')) k=c-'0';
-			else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;
-			else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;
-			else k=0; /* paranoia */
-			l=(l<<4)|k;
-
-			if (--m <= 0)
-				{
-				ret->d[h++]=l;
-				break;
-				}
-			}
-		j-=(BN_BYTES*2);
-		}
-	ret->top=h;
-	bn_correct_top(ret);
-	ret->neg=neg;
-
-	*bn=ret;
-	bn_check_top(ret);
-	return(num);
-err:
-	if (*bn == NULL) BN_free(ret);
-	return(0);
-	}
-
-int BN_dec2bn(BIGNUM **bn, const char *a)
-	{
-	BIGNUM *ret=NULL;
-	BN_ULONG l=0;
-	int neg=0,i,j;
-	int num;
-
-	if ((a == NULL) || (*a == '\0')) return(0);
-	if (*a == '-') { neg=1; a++; }
-
-	for (i=0; isdigit((unsigned char) a[i]); i++)
-		;
-
-	num=i+neg;
-	if (bn == NULL) return(num);
-
-	/* a is the start of the digits, and it is 'i' long.
-	 * We chop it into BN_DEC_NUM digits at a time */
-	if (*bn == NULL)
-		{
-		if ((ret=BN_new()) == NULL) return(0);
-		}
-	else
-		{
-		ret= *bn;
-		BN_zero(ret);
-		}
-
-	/* i is the number of digests, a bit of an over expand; */
-	if (bn_expand(ret,i*4) == NULL) goto err;
-
-	j=BN_DEC_NUM-(i%BN_DEC_NUM);
-	if (j == BN_DEC_NUM) j=0;
-	l=0;
-	while (*a)
-		{
-		l*=10;
-		l+= *a-'0';
-		a++;
-		if (++j == BN_DEC_NUM)
-			{
-			BN_mul_word(ret,BN_DEC_CONV);
-			BN_add_word(ret,l);
-			l=0;
-			j=0;
-			}
-		}
-	ret->neg=neg;
-
-	bn_correct_top(ret);
-	*bn=ret;
-	bn_check_top(ret);
-	return(num);
-err:
-	if (*bn == NULL) BN_free(ret);
-	return(0);
-	}
-
-int BN_asc2bn(BIGNUM **bn, const char *a)
-	{
-	const char *p = a;
-	if (*p == '-')
-		p++;
-
-	if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x'))
-		{		
-		if (!BN_hex2bn(bn, p + 2))
-			return 0;
-		}
-	else
-		{
-		if (!BN_dec2bn(bn, p))
-			return 0;
-		}
-	if (*a == '-')
-		(*bn)->neg = 1;
-	return 1;
-	}
-
-#ifndef OPENSSL_NO_BIO
-#ifndef OPENSSL_NO_FP_API
-int BN_print_fp(FILE *fp, const BIGNUM *a)
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		return(0);
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=BN_print(b,a);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
-
-int BN_print(BIO *bp, const BIGNUM *a)
-	{
-	int i,j,v,z=0;
-	int ret=0;
-
-	if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
-	if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end;
-	for (i=a->top-1; i >=0; i--)
-		{
-		for (j=BN_BITS2-4; j >= 0; j-=4)
-			{
-			/* strip leading zeros */
-			v=((int)(a->d[i]>>(long)j))&0x0f;
-			if (z || (v != 0))
-				{
-				if (BIO_write(bp,&(Hex[v]),1) != 1)
-					goto end;
-				z=1;
-				}
-			}
-		}
-	ret=1;
-end:
-	return(ret);
-	}
-#endif
-
-char *BN_options(void)
-	{
-	static int init=0;
-	static char data[16];
-
-	if (!init)
-		{
-		init++;
-#ifdef BN_LLONG
-		BIO_snprintf(data,sizeof data,"bn(%d,%d)",
-			     (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
-#else
-		BIO_snprintf(data,sizeof data,"bn(%d,%d)",
-			     (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
-#endif
-		}
-	return(data);
-	}
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
deleted file mode 100644
index 55676f075b..0000000000
--- a/crypto/bn/bn_rand.c
+++ /dev/null
@@ -1,375 +0,0 @@
-/* crypto/bn/bn_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
-	{
-	unsigned char *buf=NULL;
-	int ret=0,bit,bytes,mask;
-	time_t tim;
-
-	if (bits == 0)
-		{
-		BN_zero(rnd);
-		return 1;
-		}
-
-	bytes=(bits+7)/8;
-	bit=(bits-1)%8;
-	mask=0xff<<(bit+1);
-
-	buf=(unsigned char *)OPENSSL_malloc(bytes);
-	if (buf == NULL)
-		{
-		BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	/* make a random number and set the top and bottom bits */
-	time(&tim);
-	RAND_add(&tim,sizeof(tim),0.0);
-
-	if (pseudorand)
-		{
-		if (RAND_pseudo_bytes(buf, bytes) == -1)
-			goto err;
-		}
-	else
-		{
-		if (RAND_bytes(buf, bytes) <= 0)
-			goto err;
-		}
-
-#if 1
-	if (pseudorand == 2)
-		{
-		/* generate patterns that are more likely to trigger BN
-		   library bugs */
-		int i;
-		unsigned char c;
-
-		for (i = 0; i < bytes; i++)
-			{
-			RAND_pseudo_bytes(&c, 1);
-			if (c >= 128 && i > 0)
-				buf[i] = buf[i-1];
-			else if (c < 42)
-				buf[i] = 0;
-			else if (c < 84)
-				buf[i] = 255;
-			}
-		}
-#endif
-
-	if (top != -1)
-		{
-		if (top)
-			{
-			if (bit == 0)
-				{
-				buf[0]=1;
-				buf[1]|=0x80;
-				}
-			else
-				{
-				buf[0]|=(3<<(bit-1));
-				}
-			}
-		else
-			{
-			buf[0]|=(1<<bit);
-			}
-		}
-	buf[0] &= ~mask;
-	if (bottom) /* set bottom bit if requested */
-		buf[bytes-1]|=1;
-	if (!BN_bin2bn(buf,bytes,rnd)) goto err;
-	ret=1;
-err:
-	if (buf != NULL)
-		{
-		OPENSSL_cleanse(buf,bytes);
-		OPENSSL_free(buf);
-		}
-	bn_check_top(rnd);
-	return(ret);
-	}
-
-int     BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
-	{
-	return bnrand(0, rnd, bits, top, bottom);
-	}
-
-int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
-	{
-	return bnrand(1, rnd, bits, top, bottom);
-	}
-
-#if 1
-int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
-	{
-	return bnrand(2, rnd, bits, top, bottom);
-	}
-#endif
-
-
-/* random number r:  0 <= r < range */
-static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
-	{
-	int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
-	int n;
-	int count = 100;
-
-	if (range->neg || BN_is_zero(range))
-		{
-		BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
-		return 0;
-		}
-
-	n = BN_num_bits(range); /* n > 0 */
-
-	/* BN_is_bit_set(range, n - 1) always holds */
-
-	if (n == 1)
-		BN_zero(r);
-	else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
-		{
-		/* range = 100..._2,
-		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
-		do
-			{
-			if (!bn_rand(r, n + 1, -1, 0)) return 0;
-			/* If  r < 3*range,  use  r := r MOD range
-			 * (which is either  r, r - range,  or  r - 2*range).
-			 * Otherwise, iterate once more.
-			 * Since  3*range = 11..._2, each iteration succeeds with
-			 * probability >= .75. */
-			if (BN_cmp(r ,range) >= 0)
-				{
-				if (!BN_sub(r, r, range)) return 0;
-				if (BN_cmp(r, range) >= 0)
-					if (!BN_sub(r, r, range)) return 0;
-				}
-
-			if (!--count)
-				{
-				BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
-				return 0;
-				}
-			
-			}
-		while (BN_cmp(r, range) >= 0);
-		}
-	else
-		{
-		do
-			{
-			/* range = 11..._2  or  range = 101..._2 */
-			if (!bn_rand(r, n, -1, 0)) return 0;
-
-			if (!--count)
-				{
-				BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
-				return 0;
-				}
-			}
-		while (BN_cmp(r, range) >= 0);
-		}
-
-	bn_check_top(r);
-	return 1;
-	}
-
-
-int	BN_rand_range(BIGNUM *r, const BIGNUM *range)
-	{
-	return bn_rand_range(0, r, range);
-	}
-
-int	BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
-	{
-	return bn_rand_range(1, r, range);
-	}
-
-#ifndef OPENSSL_NO_SHA512
-/* BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
- * BN_rand_range, it also includes the contents of |priv| and |message| in the
- * generation so that an RNG failure isn't fatal as long as |priv| remains
- * secret. This is intended for use in DSA and ECDSA where an RNG weakness
- * leads directly to private key exposure unless this function is used. */
-int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM* priv,
-			  const unsigned char *message, size_t message_len,
-			  BN_CTX *ctx)
-	{
-	SHA512_CTX sha;
-	/* We use 512 bits of random data per iteration to
-	 * ensure that we have at least |range| bits of randomness. */
-	unsigned char random_bytes[64];
-	unsigned char digest[SHA512_DIGEST_LENGTH];
-	unsigned done, todo;
-	/* We generate |range|+8 bytes of random output. */
-	const unsigned num_k_bytes = BN_num_bytes(range) + 8;
-	unsigned char private_bytes[96];
-	unsigned char *k_bytes;
-	int ret = 0;
-
-	k_bytes = OPENSSL_malloc(num_k_bytes);
-	if (!k_bytes)
-		goto err;
-
-	/* We copy |priv| into a local buffer to avoid exposing its length. */
-	todo = sizeof(priv->d[0])*priv->top;
-	if (todo > sizeof(private_bytes))
-		{
-		/* No reasonable DSA or ECDSA key should have a private key
-		 * this large and we don't handle this case in order to avoid
-		 * leaking the length of the private key. */
-		BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
-		goto err;
-		}
-	memcpy(private_bytes, priv->d, todo);
-	memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
-
-	for (done = 0; done < num_k_bytes;) {
-		if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1)
-			goto err;
-		SHA512_Init(&sha);
-		SHA512_Update(&sha, &done, sizeof(done));
-		SHA512_Update(&sha, private_bytes, sizeof(private_bytes));
-		SHA512_Update(&sha, message, message_len);
-		SHA512_Update(&sha, random_bytes, sizeof(random_bytes));
-		SHA512_Final(digest, &sha);
-
-		todo = num_k_bytes - done;
-		if (todo > SHA512_DIGEST_LENGTH)
-			todo = SHA512_DIGEST_LENGTH;
-		memcpy(k_bytes + done, digest, todo);
-		done += todo;
-	}
-
-	if (!BN_bin2bn(k_bytes, num_k_bytes, out))
-		goto err;
-	if (BN_mod(out, out, range, ctx) != 1)
-		goto err;
-	ret = 1;
-
-err:
-	if (k_bytes)
-		OPENSSL_free(k_bytes);
-	return ret;
-	}
-#endif  /* OPENSSL_NO_SHA512 */
diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
deleted file mode 100644
index 2e8efb8dae..0000000000
--- a/crypto/bn/bn_recp.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/* crypto/bn/bn_recp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-void BN_RECP_CTX_init(BN_RECP_CTX *recp)
-	{
-	BN_init(&(recp->N));
-	BN_init(&(recp->Nr));
-	recp->num_bits=0;
-	recp->flags=0;
-	}
-
-BN_RECP_CTX *BN_RECP_CTX_new(void)
-	{
-	BN_RECP_CTX *ret;
-
-	if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
-		return(NULL);
-
-	BN_RECP_CTX_init(ret);
-	ret->flags=BN_FLG_MALLOCED;
-	return(ret);
-	}
-
-void BN_RECP_CTX_free(BN_RECP_CTX *recp)
-	{
-	if(recp == NULL)
-	    return;
-
-	BN_free(&(recp->N));
-	BN_free(&(recp->Nr));
-	if (recp->flags & BN_FLG_MALLOCED)
-		OPENSSL_free(recp);
-	}
-
-int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
-	{
-	if (!BN_copy(&(recp->N),d)) return 0;
-	BN_zero(&(recp->Nr));
-	recp->num_bits=BN_num_bits(d);
-	recp->shift=0;
-	return(1);
-	}
-
-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
-	BN_RECP_CTX *recp, BN_CTX *ctx)
-	{
-	int ret=0;
-	BIGNUM *a;
-	const BIGNUM *ca;
-
-	BN_CTX_start(ctx);
-	if ((a = BN_CTX_get(ctx)) == NULL) goto err;
-	if (y != NULL)
-		{
-		if (x == y)
-			{ if (!BN_sqr(a,x,ctx)) goto err; }
-		else
-			{ if (!BN_mul(a,x,y,ctx)) goto err; }
-		ca = a;
-		}
-	else
-		ca=x; /* Just do the mod */
-
-	ret = BN_div_recp(NULL,r,ca,recp,ctx);
-err:
-	BN_CTX_end(ctx);
-	bn_check_top(r);
-	return(ret);
-	}
-
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
-	BN_RECP_CTX *recp, BN_CTX *ctx)
-	{
-	int i,j,ret=0;
-	BIGNUM *a,*b,*d,*r;
-
-	BN_CTX_start(ctx);
-	a=BN_CTX_get(ctx);
-	b=BN_CTX_get(ctx);
-	if (dv != NULL)
-		d=dv;
-	else
-		d=BN_CTX_get(ctx);
-	if (rem != NULL)
-		r=rem;
-	else
-		r=BN_CTX_get(ctx);
-	if (a == NULL || b == NULL || d == NULL || r == NULL) goto err;
-
-	if (BN_ucmp(m,&(recp->N)) < 0)
-		{
-		BN_zero(d);
-		if (!BN_copy(r,m)) return 0;
-		BN_CTX_end(ctx);
-		return(1);
-		}
-
-	/* We want the remainder
-	 * Given input of ABCDEF / ab
-	 * we need multiply ABCDEF by 3 digests of the reciprocal of ab
-	 *
-	 */
-
-	/* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
-	i=BN_num_bits(m);
-	j=recp->num_bits<<1;
-	if (j>i) i=j;
-
-	/* Nr := round(2^i / N) */
-	if (i != recp->shift)
-		recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
-			i,ctx); /* BN_reciprocal returns i, or -1 for an error */
-	if (recp->shift == -1) goto err;
-
-	/* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
-	 *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
-	 *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
-	 *    = |m/N|
-	 */
-	if (!BN_rshift(a,m,recp->num_bits)) goto err;
-	if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
-	if (!BN_rshift(d,b,i-recp->num_bits)) goto err;
-	d->neg=0;
-
-	if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
-	if (!BN_usub(r,m,b)) goto err;
-	r->neg=0;
-
-#if 1
-	j=0;
-	while (BN_ucmp(r,&(recp->N)) >= 0)
-		{
-		if (j++ > 2)
-			{
-			BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL);
-			goto err;
-			}
-		if (!BN_usub(r,r,&(recp->N))) goto err;
-		if (!BN_add_word(d,1)) goto err;
-		}
-#endif
-
-	r->neg=BN_is_zero(r)?0:m->neg;
-	d->neg=m->neg^recp->N.neg;
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	bn_check_top(dv);
-	bn_check_top(rem);
-	return(ret);
-	} 
-
-/* len is the expected size of the result
- * We actually calculate with an extra word of precision, so
- * we can do faster division if the remainder is not required.
- */
-/* r := 2^len / m */
-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
-	{
-	int ret= -1;
-	BIGNUM *t;
-
-	BN_CTX_start(ctx);
-	if((t = BN_CTX_get(ctx)) == NULL) goto err;
-
-	if (!BN_set_bit(t,len)) goto err;
-
-	if (!BN_div(r,NULL,t,m,ctx)) goto err;
-
-	ret=len;
-err:
-	bn_check_top(r);
-	BN_CTX_end(ctx);
-	return(ret);
-	}
diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c
deleted file mode 100644
index a6fca2c424..0000000000
--- a/crypto/bn/bn_shift.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/* crypto/bn/bn_shift.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-int BN_lshift1(BIGNUM *r, const BIGNUM *a)
-	{
-	register BN_ULONG *ap,*rp,t,c;
-	int i;
-
-	bn_check_top(r);
-	bn_check_top(a);
-
-	if (r != a)
-		{
-		r->neg=a->neg;
-		if (bn_wexpand(r,a->top+1) == NULL) return(0);
-		r->top=a->top;
-		}
-	else
-		{
-		if (bn_wexpand(r,a->top+1) == NULL) return(0);
-		}
-	ap=a->d;
-	rp=r->d;
-	c=0;
-	for (i=0; i<a->top; i++)
-		{
-		t= *(ap++);
-		*(rp++)=((t<<1)|c)&BN_MASK2;
-		c=(t & BN_TBIT)?1:0;
-		}
-	if (c)
-		{
-		*rp=1;
-		r->top++;
-		}
-	bn_check_top(r);
-	return(1);
-	}
-
-int BN_rshift1(BIGNUM *r, const BIGNUM *a)
-	{
-	BN_ULONG *ap,*rp,t,c;
-	int i,j;
-
-	bn_check_top(r);
-	bn_check_top(a);
-
-	if (BN_is_zero(a))
-		{
-		BN_zero(r);
-		return(1);
-		}
-	i = a->top;
-	ap= a->d;
-	j = i-(ap[i-1]==1);
-	if (a != r)
-		{
-		if (bn_wexpand(r,j) == NULL) return(0);
-		r->neg=a->neg;
-		}
-	rp=r->d;
-	t=ap[--i];
-	c=(t&1)?BN_TBIT:0;
-	if (t>>=1) rp[i]=t;
-	while (i>0)
-		{
-		t=ap[--i];
-		rp[i]=((t>>1)&BN_MASK2)|c;
-		c=(t&1)?BN_TBIT:0;
-		}
-	r->top=j;
-	bn_check_top(r);
-	return(1);
-	}
-
-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
-	{
-	int i,nw,lb,rb;
-	BN_ULONG *t,*f;
-	BN_ULONG l;
-
-	bn_check_top(r);
-	bn_check_top(a);
-
-	r->neg=a->neg;
-	nw=n/BN_BITS2;
-	if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);
-	lb=n%BN_BITS2;
-	rb=BN_BITS2-lb;
-	f=a->d;
-	t=r->d;
-	t[a->top+nw]=0;
-	if (lb == 0)
-		for (i=a->top-1; i>=0; i--)
-			t[nw+i]=f[i];
-	else
-		for (i=a->top-1; i>=0; i--)
-			{
-			l=f[i];
-			t[nw+i+1]|=(l>>rb)&BN_MASK2;
-			t[nw+i]=(l<<lb)&BN_MASK2;
-			}
-	memset(t,0,nw*sizeof(t[0]));
-/*	for (i=0; i<nw; i++)
-		t[i]=0;*/
-	r->top=a->top+nw+1;
-	bn_correct_top(r);
-	bn_check_top(r);
-	return(1);
-	}
-
-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
-	{
-	int i,j,nw,lb,rb;
-	BN_ULONG *t,*f;
-	BN_ULONG l,tmp;
-
-	bn_check_top(r);
-	bn_check_top(a);
-
-	nw=n/BN_BITS2;
-	rb=n%BN_BITS2;
-	lb=BN_BITS2-rb;
-	if (nw >= a->top || a->top == 0)
-		{
-		BN_zero(r);
-		return(1);
-		}
-	i = (BN_num_bits(a)-n+(BN_BITS2-1))/BN_BITS2;
-	if (r != a)
-		{
-		r->neg=a->neg;
-		if (bn_wexpand(r,i) == NULL) return(0);
-		}
-	else
-		{
-		if (n == 0)
-			return 1; /* or the copying loop will go berserk */
-		}
-
-	f= &(a->d[nw]);
-	t=r->d;
-	j=a->top-nw;
-	r->top=i;
-
-	if (rb == 0)
-		{
-		for (i=j; i != 0; i--)
-			*(t++)= *(f++);
-		}
-	else
-		{
-		l= *(f++);
-		for (i=j-1; i != 0; i--)
-			{
-			tmp =(l>>rb)&BN_MASK2;
-			l= *(f++);
-			*(t++) =(tmp|(l<<lb))&BN_MASK2;
-			}
-		if ((l = (l>>rb)&BN_MASK2)) *(t) = l;
-		}
-	bn_check_top(r);
-	return(1);
-	}
diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c
deleted file mode 100644
index 65bbf165d0..0000000000
--- a/crypto/bn/bn_sqr.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/* crypto/bn/bn_sqr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* r must not be a */
-/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
-int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-	{
-	int max,al;
-	int ret = 0;
-	BIGNUM *tmp,*rr;
-
-#ifdef BN_COUNT
-	fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top);
-#endif
-	bn_check_top(a);
-
-	al=a->top;
-	if (al <= 0)
-		{
-		r->top=0;
-		r->neg = 0;
-		return 1;
-		}
-
-	BN_CTX_start(ctx);
-	rr=(a != r) ? r : BN_CTX_get(ctx);
-	tmp=BN_CTX_get(ctx);
-	if (!rr || !tmp) goto err;
-
-	max = 2 * al; /* Non-zero (from above) */
-	if (bn_wexpand(rr,max) == NULL) goto err;
-
-	if (al == 4)
-		{
-#ifndef BN_SQR_COMBA
-		BN_ULONG t[8];
-		bn_sqr_normal(rr->d,a->d,4,t);
-#else
-		bn_sqr_comba4(rr->d,a->d);
-#endif
-		}
-	else if (al == 8)
-		{
-#ifndef BN_SQR_COMBA
-		BN_ULONG t[16];
-		bn_sqr_normal(rr->d,a->d,8,t);
-#else
-		bn_sqr_comba8(rr->d,a->d);
-#endif
-		}
-	else 
-		{
-#if defined(BN_RECURSION)
-		if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)
-			{
-			BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];
-			bn_sqr_normal(rr->d,a->d,al,t);
-			}
-		else
-			{
-			int j,k;
-
-			j=BN_num_bits_word((BN_ULONG)al);
-			j=1<<(j-1);
-			k=j+j;
-			if (al == j)
-				{
-				if (bn_wexpand(tmp,k*2) == NULL) goto err;
-				bn_sqr_recursive(rr->d,a->d,al,tmp->d);
-				}
-			else
-				{
-				if (bn_wexpand(tmp,max) == NULL) goto err;
-				bn_sqr_normal(rr->d,a->d,al,tmp->d);
-				}
-			}
-#else
-		if (bn_wexpand(tmp,max) == NULL) goto err;
-		bn_sqr_normal(rr->d,a->d,al,tmp->d);
-#endif
-		}
-
-	rr->neg=0;
-	/* If the most-significant half of the top word of 'a' is zero, then
-	 * the square of 'a' will max-1 words. */
-	if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
-		rr->top = max - 1;
-	else
-		rr->top = max;
-	if (rr != r) BN_copy(r,rr);
-	ret = 1;
- err:
-	bn_check_top(rr);
-	bn_check_top(tmp);
-	BN_CTX_end(ctx);
-	return(ret);
-	}
-
-/* tmp must have 2*n words */
-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
-	{
-	int i,j,max;
-	const BN_ULONG *ap;
-	BN_ULONG *rp;
-
-	max=n*2;
-	ap=a;
-	rp=r;
-	rp[0]=rp[max-1]=0;
-	rp++;
-	j=n;
-
-	if (--j > 0)
-		{
-		ap++;
-		rp[j]=bn_mul_words(rp,ap,j,ap[-1]);
-		rp+=2;
-		}
-
-	for (i=n-2; i>0; i--)
-		{
-		j--;
-		ap++;
-		rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);
-		rp+=2;
-		}
-
-	bn_add_words(r,r,r,max);
-
-	/* There will not be a carry */
-
-	bn_sqr_words(tmp,a,n);
-
-	bn_add_words(r,r,tmp,max);
-	}
-
-#ifdef BN_RECURSION
-/* r is 2*n words in size,
- * a and b are both n words in size.    (There's not actually a 'b' here ...)
- * n must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n words in size
- * We calculate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
-	{
-	int n=n2/2;
-	int zero,c1;
-	BN_ULONG ln,lo,*p;
-
-#ifdef BN_COUNT
-	fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2);
-#endif
-	if (n2 == 4)
-		{
-#ifndef BN_SQR_COMBA
-		bn_sqr_normal(r,a,4,t);
-#else
-		bn_sqr_comba4(r,a);
-#endif
-		return;
-		}
-	else if (n2 == 8)
-		{
-#ifndef BN_SQR_COMBA
-		bn_sqr_normal(r,a,8,t);
-#else
-		bn_sqr_comba8(r,a);
-#endif
-		return;
-		}
-	if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
-		{
-		bn_sqr_normal(r,a,n2,t);
-		return;
-		}
-	/* r=(a[0]-a[1])*(a[1]-a[0]) */
-	c1=bn_cmp_words(a,&(a[n]),n);
-	zero=0;
-	if (c1 > 0)
-		bn_sub_words(t,a,&(a[n]),n);
-	else if (c1 < 0)
-		bn_sub_words(t,&(a[n]),a,n);
-	else
-		zero=1;
-
-	/* The result will always be negative unless it is zero */
-	p= &(t[n2*2]);
-
-	if (!zero)
-		bn_sqr_recursive(&(t[n2]),t,n,p);
-	else
-		memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
-	bn_sqr_recursive(r,a,n,p);
-	bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
-
-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 */
-
-	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-
-	/* t[32] is negative */
-	c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
-
-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
-	 * r[10] holds (a[0]*a[0])
-	 * r[32] holds (a[1]*a[1])
-	 * c1 holds the carry bits
-	 */
-	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
-	if (c1)
-		{
-		p= &(r[n+n2]);
-		lo= *p;
-		ln=(lo+c1)&BN_MASK2;
-		*p=ln;
-
-		/* The overflow will stop before we over write
-		 * words we should not overwrite */
-		if (ln < (BN_ULONG)c1)
-			{
-			do	{
-				p++;
-				lo= *p;
-				ln=(lo+1)&BN_MASK2;
-				*p=ln;
-				} while (ln == 0);
-			}
-		}
-	}
-#endif
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
deleted file mode 100644
index 6beaf9e5e5..0000000000
--- a/crypto/bn/bn_sqrt.c
+++ /dev/null
@@ -1,393 +0,0 @@
-/* crypto/bn/bn_sqrt.c */
-/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * and Bodo Moeller for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-
-BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 
-/* Returns 'ret' such that
- *      ret^2 == a (mod p),
- * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
- * in Algebraic Computational Number Theory", algorithm 1.5.1).
- * 'p' must be prime!
- */
-	{
-	BIGNUM *ret = in;
-	int err = 1;
-	int r;
-	BIGNUM *A, *b, *q, *t, *x, *y;
-	int e, i, j;
-	
-	if (!BN_is_odd(p) || BN_abs_is_word(p, 1))
-		{
-		if (BN_abs_is_word(p, 2))
-			{
-			if (ret == NULL)
-				ret = BN_new();
-			if (ret == NULL)
-				goto end;
-			if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
-				{
-				if (ret != in)
-					BN_free(ret);
-				return NULL;
-				}
-			bn_check_top(ret);
-			return ret;
-			}
-
-		BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
-		return(NULL);
-		}
-
-	if (BN_is_zero(a) || BN_is_one(a))
-		{
-		if (ret == NULL)
-			ret = BN_new();
-		if (ret == NULL)
-			goto end;
-		if (!BN_set_word(ret, BN_is_one(a)))
-			{
-			if (ret != in)
-				BN_free(ret);
-			return NULL;
-			}
-		bn_check_top(ret);
-		return ret;
-		}
-
-	BN_CTX_start(ctx);
-	A = BN_CTX_get(ctx);
-	b = BN_CTX_get(ctx);
-	q = BN_CTX_get(ctx);
-	t = BN_CTX_get(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	if (y == NULL) goto end;
-	
-	if (ret == NULL)
-		ret = BN_new();
-	if (ret == NULL) goto end;
-
-	/* A = a mod p */
-	if (!BN_nnmod(A, a, p, ctx)) goto end;
-
-	/* now write  |p| - 1  as  2^e*q  where  q  is odd */
-	e = 1;
-	while (!BN_is_bit_set(p, e))
-		e++;
-	/* we'll set  q  later (if needed) */
-
-	if (e == 1)
-		{
-		/* The easy case:  (|p|-1)/2  is odd, so 2 has an inverse
-		 * modulo  (|p|-1)/2,  and square roots can be computed
-		 * directly by modular exponentiation.
-		 * We have
-		 *     2 * (|p|+1)/4 == 1   (mod (|p|-1)/2),
-		 * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.
-		 */
-		if (!BN_rshift(q, p, 2)) goto end;
-		q->neg = 0;
-		if (!BN_add_word(q, 1)) goto end;
-		if (!BN_mod_exp(ret, A, q, p, ctx)) goto end;
-		err = 0;
-		goto vrfy;
-		}
-	
-	if (e == 2)
-		{
-		/* |p| == 5  (mod 8)
-		 *
-		 * In this case  2  is always a non-square since
-		 * Legendre(2,p) = (-1)^((p^2-1)/8)  for any odd prime.
-		 * So if  a  really is a square, then  2*a  is a non-square.
-		 * Thus for
-		 *      b := (2*a)^((|p|-5)/8),
-		 *      i := (2*a)*b^2
-		 * we have
-		 *     i^2 = (2*a)^((1 + (|p|-5)/4)*2)
-		 *         = (2*a)^((p-1)/2)
-		 *         = -1;
-		 * so if we set
-		 *      x := a*b*(i-1),
-		 * then
-		 *     x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
-		 *         = a^2 * b^2 * (-2*i)
-		 *         = a*(-i)*(2*a*b^2)
-		 *         = a*(-i)*i
-		 *         = a.
-		 *
-		 * (This is due to A.O.L. Atkin, 
-		 * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
-		 * November 1992.)
-		 */
-
-		/* t := 2*a */
-		if (!BN_mod_lshift1_quick(t, A, p)) goto end;
-
-		/* b := (2*a)^((|p|-5)/8) */
-		if (!BN_rshift(q, p, 3)) goto end;
-		q->neg = 0;
-		if (!BN_mod_exp(b, t, q, p, ctx)) goto end;
-
-		/* y := b^2 */
-		if (!BN_mod_sqr(y, b, p, ctx)) goto end;
-
-		/* t := (2*a)*b^2 - 1*/
-		if (!BN_mod_mul(t, t, y, p, ctx)) goto end;
-		if (!BN_sub_word(t, 1)) goto end;
-
-		/* x = a*b*t */
-		if (!BN_mod_mul(x, A, b, p, ctx)) goto end;
-		if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
-
-		if (!BN_copy(ret, x)) goto end;
-		err = 0;
-		goto vrfy;
-		}
-	
-	/* e > 2, so we really have to use the Tonelli/Shanks algorithm.
-	 * First, find some  y  that is not a square. */
-	if (!BN_copy(q, p)) goto end; /* use 'q' as temp */
-	q->neg = 0;
-	i = 2;
-	do
-		{
-		/* For efficiency, try small numbers first;
-		 * if this fails, try random numbers.
-		 */
-		if (i < 22)
-			{
-			if (!BN_set_word(y, i)) goto end;
-			}
-		else
-			{
-			if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end;
-			if (BN_ucmp(y, p) >= 0)
-				{
-				if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end;
-				}
-			/* now 0 <= y < |p| */
-			if (BN_is_zero(y))
-				if (!BN_set_word(y, i)) goto end;
-			}
-		
-		r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
-		if (r < -1) goto end;
-		if (r == 0)
-			{
-			/* m divides p */
-			BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
-			goto end;
-			}
-		}
-	while (r == 1 && ++i < 82);
-	
-	if (r != -1)
-		{
-		/* Many rounds and still no non-square -- this is more likely
-		 * a bug than just bad luck.
-		 * Even if  p  is not prime, we should have found some  y
-		 * such that r == -1.
-		 */
-		BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
-		goto end;
-		}
-
-	/* Here's our actual 'q': */
-	if (!BN_rshift(q, q, e)) goto end;
-
-	/* Now that we have some non-square, we can find an element
-	 * of order  2^e  by computing its q'th power. */
-	if (!BN_mod_exp(y, y, q, p, ctx)) goto end;
-	if (BN_is_one(y))
-		{
-		BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
-		goto end;
-		}
-
-	/* Now we know that (if  p  is indeed prime) there is an integer
-	 * k,  0 <= k < 2^e,  such that
-	 *
-	 *      a^q * y^k == 1   (mod p).
-	 *
-	 * As  a^q  is a square and  y  is not,  k  must be even.
-	 * q+1  is even, too, so there is an element
-	 *
-	 *     X := a^((q+1)/2) * y^(k/2),
-	 *
-	 * and it satisfies
-	 *
-	 *     X^2 = a^q * a     * y^k
-	 *         = a,
-	 *
-	 * so it is the square root that we are looking for.
-	 */
-	
-	/* t := (q-1)/2  (note that  q  is odd) */
-	if (!BN_rshift1(t, q)) goto end;
-	
-	/* x := a^((q-1)/2) */
-	if (BN_is_zero(t)) /* special case: p = 2^e + 1 */
-		{
-		if (!BN_nnmod(t, A, p, ctx)) goto end;
-		if (BN_is_zero(t))
-			{
-			/* special case: a == 0  (mod p) */
-			BN_zero(ret);
-			err = 0;
-			goto end;
-			}
-		else
-			if (!BN_one(x)) goto end;
-		}
-	else
-		{
-		if (!BN_mod_exp(x, A, t, p, ctx)) goto end;
-		if (BN_is_zero(x))
-			{
-			/* special case: a == 0  (mod p) */
-			BN_zero(ret);
-			err = 0;
-			goto end;
-			}
-		}
-
-	/* b := a*x^2  (= a^q) */
-	if (!BN_mod_sqr(b, x, p, ctx)) goto end;
-	if (!BN_mod_mul(b, b, A, p, ctx)) goto end;
-	
-	/* x := a*x    (= a^((q+1)/2)) */
-	if (!BN_mod_mul(x, x, A, p, ctx)) goto end;
-
-	while (1)
-		{
-		/* Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E
-		 * where  E  refers to the original value of  e,  which we
-		 * don't keep in a variable),  and  x  is  a^((q+1)/2) * y^(k/2).
-		 *
-		 * We have  a*b = x^2,
-		 *    y^2^(e-1) = -1,
-		 *    b^2^(e-1) = 1.
-		 */
-
-		if (BN_is_one(b))
-			{
-			if (!BN_copy(ret, x)) goto end;
-			err = 0;
-			goto vrfy;
-			}
-
-
-		/* find smallest  i  such that  b^(2^i) = 1 */
-		i = 1;
-		if (!BN_mod_sqr(t, b, p, ctx)) goto end;
-		while (!BN_is_one(t))
-			{
-			i++;
-			if (i == e)
-				{
-				BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
-				goto end;
-				}
-			if (!BN_mod_mul(t, t, t, p, ctx)) goto end;
-			}
-		
-
-		/* t := y^2^(e - i - 1) */
-		if (!BN_copy(t, y)) goto end;
-		for (j = e - i - 1; j > 0; j--)
-			{
-			if (!BN_mod_sqr(t, t, p, ctx)) goto end;
-			}
-		if (!BN_mod_mul(y, t, t, p, ctx)) goto end;
-		if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
-		if (!BN_mod_mul(b, b, y, p, ctx)) goto end;
-		e = i;
-		}
-
- vrfy:
-	if (!err)
-		{
-		/* verify the result -- the input might have been not a square
-		 * (test added in 0.9.8) */
-		
-		if (!BN_mod_sqr(x, ret, p, ctx))
-			err = 1;
-		
-		if (!err && 0 != BN_cmp(x, A))
-			{
-			BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
-			err = 1;
-			}
-		}
-
- end:
-	if (err)
-		{
-		if (ret != NULL && ret != in)
-			{
-			BN_clear_free(ret);
-			}
-		ret = NULL;
-		}
-	BN_CTX_end(ctx);
-	bn_check_top(ret);
-	return ret;
-	}
diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c
deleted file mode 100644
index de83a15b99..0000000000
--- a/crypto/bn/bn_word.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/* crypto/bn/bn_word.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
-	{
-#ifndef BN_LLONG
-	BN_ULONG ret=0;
-#else
-	BN_ULLONG ret=0;
-#endif
-	int i;
-
-	if (w == 0)
-		return (BN_ULONG)-1;
-
-	bn_check_top(a);
-	w&=BN_MASK2;
-	for (i=a->top-1; i>=0; i--)
-		{
-#ifndef BN_LLONG
-		ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w;
-		ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w;
-#else
-		ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
-			(BN_ULLONG)w);
-#endif
-		}
-	return((BN_ULONG)ret);
-	}
-
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
-	{
-	BN_ULONG ret = 0;
-	int i, j;
-
-	bn_check_top(a);
-	w &= BN_MASK2;
-
-	if (!w)
-		/* actually this an error (division by zero) */
-		return (BN_ULONG)-1;
-	if (a->top == 0)
-		return 0;
-
-	/* normalize input (so bn_div_words doesn't complain) */
-	j = BN_BITS2 - BN_num_bits_word(w);
-	w <<= j;
-	if (!BN_lshift(a, a, j))
-		return (BN_ULONG)-1;
-
-	for (i=a->top-1; i>=0; i--)
-		{
-		BN_ULONG l,d;
-		
-		l=a->d[i];
-		d=bn_div_words(ret,l,w);
-		ret=(l-((d*w)&BN_MASK2))&BN_MASK2;
-		a->d[i]=d;
-		}
-	if ((a->top > 0) && (a->d[a->top-1] == 0))
-		a->top--;
-	ret >>= j;
-	bn_check_top(a);
-	return(ret);
-	}
-
-int BN_add_word(BIGNUM *a, BN_ULONG w)
-	{
-	BN_ULONG l;
-	int i;
-
-	bn_check_top(a);
-	w &= BN_MASK2;
-
-	/* degenerate case: w is zero */
-	if (!w) return 1;
-	/* degenerate case: a is zero */
-	if(BN_is_zero(a)) return BN_set_word(a, w);
-	/* handle 'a' when negative */
-	if (a->neg)
-		{
-		a->neg=0;
-		i=BN_sub_word(a,w);
-		if (!BN_is_zero(a))
-			a->neg=!(a->neg);
-		return(i);
-		}
-	for (i=0;w!=0 && i<a->top;i++)
-		{
-		a->d[i] = l = (a->d[i]+w)&BN_MASK2;
-		w = (w>l)?1:0;
-		}
-	if (w && i==a->top)
-		{
-		if (bn_wexpand(a,a->top+1) == NULL) return 0;
-		a->top++;
-		a->d[i]=w;
-		}
-	bn_check_top(a);
-	return(1);
-	}
-
-int BN_sub_word(BIGNUM *a, BN_ULONG w)
-	{
-	int i;
-
-	bn_check_top(a);
-	w &= BN_MASK2;
-
-	/* degenerate case: w is zero */
-	if (!w) return 1;
-	/* degenerate case: a is zero */
-	if(BN_is_zero(a))
-		{
-		i = BN_set_word(a,w);
-		if (i != 0)
-			BN_set_negative(a, 1);
-		return i;
-		}
-	/* handle 'a' when negative */
-	if (a->neg)
-		{
-		a->neg=0;
-		i=BN_add_word(a,w);
-		a->neg=1;
-		return(i);
-		}
-
-	if ((a->top == 1) && (a->d[0] < w))
-		{
-		a->d[0]=w-a->d[0];
-		a->neg=1;
-		return(1);
-		}
-	i=0;
-	for (;;)
-		{
-		if (a->d[i] >= w)
-			{
-			a->d[i]-=w;
-			break;
-			}
-		else
-			{
-			a->d[i]=(a->d[i]-w)&BN_MASK2;
-			i++;
-			w=1;
-			}
-		}
-	if ((a->d[i] == 0) && (i == (a->top-1)))
-		a->top--;
-	bn_check_top(a);
-	return(1);
-	}
-
-int BN_mul_word(BIGNUM *a, BN_ULONG w)
-	{
-	BN_ULONG ll;
-
-	bn_check_top(a);
-	w&=BN_MASK2;
-	if (a->top)
-		{
-		if (w == 0)
-			BN_zero(a);
-		else
-			{
-			ll=bn_mul_words(a->d,a->d,a->top,w);
-			if (ll)
-				{
-				if (bn_wexpand(a,a->top+1) == NULL) return(0);
-				a->d[a->top++]=ll;
-				}
-			}
-		}
-	bn_check_top(a);
-	return(1);
-	}
-
diff --git a/crypto/bn/bnspeed.c b/crypto/bn/bnspeed.c
deleted file mode 100644
index b554ac8cf8..0000000000
--- a/crypto/bn/bnspeed.c
+++ /dev/null
@@ -1,233 +0,0 @@
-/* unused */
-
-/* crypto/bn/bnspeed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#define BASENUM	1000000
-#undef PROG
-#define PROG bnspeed_main
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
-   The __TMS macro will show if it was.  If it wasn't defined, we should
-   undefine TIMES, since that tells the rest of the program how things
-   should be handled.				-- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   define HZ	100.0
-#  else /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
-#  endif
-# else /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE	((long)1024*8)
-int run=0;
-
-static double Time_F(int s);
-#define START	0
-#define STOP	1
-
-static double Time_F(int s)
-	{
-	double ret;
-#ifdef TIMES
-	static struct tms tstart,tend;
-
-	if (s == START)
-		{
-		times(&tstart);
-		return(0);
-		}
-	else
-		{
-		times(&tend);
-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
-		return((ret < 1e-3)?1e-3:ret);
-		}
-#else /* !times() */
-	static struct timeb tstart,tend;
-	long i;
-
-	if (s == START)
-		{
-		ftime(&tstart);
-		return(0);
-		}
-	else
-		{
-		ftime(&tend);
-		i=(long)tend.millitm-(long)tstart.millitm;
-		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
-		return((ret < 0.001)?0.001:ret);
-		}
-#endif
-	}
-
-#define NUM_SIZES	5
-static int sizes[NUM_SIZES]={128,256,512,1024,2048};
-/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
-
-void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx); 
-
-int main(int argc, char **argv)
-	{
-	BN_CTX *ctx;
-	BIGNUM a,b,c;
-
-	ctx=BN_CTX_new();
-	BN_init(&a);
-	BN_init(&b);
-	BN_init(&c);
-
-	do_mul(&a,&b,&c,ctx);
-	}
-
-void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-	{
-	int i,j,k;
-	double tm;
-	long num;
-
-	for (i=0; i<NUM_SIZES; i++)
-		{
-		num=BASENUM;
-		if (i) num/=(i*3);
-		BN_rand(a,sizes[i],1,0);
-		for (j=i; j<NUM_SIZES; j++)
-			{
-			BN_rand(b,sizes[j],1,0);
-			Time_F(START);
-			for (k=0; k<num; k++)
-				BN_mul(r,b,a,ctx);
-			tm=Time_F(STOP);
-			printf("mul %4d x %4d -> %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num);
-			}
-		}
-
-	for (i=0; i<NUM_SIZES; i++)
-		{
-		num=BASENUM;
-		if (i) num/=(i*3);
-		BN_rand(a,sizes[i],1,0);
-		Time_F(START);
-		for (k=0; k<num; k++)
-			BN_sqr(r,a,ctx);
-		tm=Time_F(STOP);
-		printf("sqr %4d x %4d -> %8.3fms\n",sizes[i],sizes[i],tm*1000.0/num);
-		}
-
-	for (i=0; i<NUM_SIZES; i++)
-		{
-		num=BASENUM/10;
-		if (i) num/=(i*3);
-		BN_rand(a,sizes[i]-1,1,0);
-		for (j=i; j<NUM_SIZES; j++)
-			{
-			BN_rand(b,sizes[j],1,0);
-			Time_F(START);
-			for (k=0; k<100000; k++)
-				BN_div(r, NULL, b, a,ctx);
-			tm=Time_F(STOP);
-			printf("div %4d / %4d -> %8.3fms\n",sizes[j],sizes[i]-1,tm*1000.0/num);
-			}
-		}
-	}
-
diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
deleted file mode 100644
index 48bc63384c..0000000000
--- a/crypto/bn/bntest.c
+++ /dev/null
@@ -1,2143 +0,0 @@
-/* crypto/bn/bntest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the Eric Young open source
- * license provided above.
- *
- * The binary polynomial arithmetic software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-
-const int num0 = 100; /* number of tests */
-const int num1 = 50;  /* additional tests for some functions */
-const int num2 = 5;   /* number of tests for slow functions */
-
-int test_add(BIO *bp);
-int test_sub(BIO *bp);
-int test_lshift1(BIO *bp);
-int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
-int test_rshift1(BIO *bp);
-int test_rshift(BIO *bp,BN_CTX *ctx);
-int test_div(BIO *bp,BN_CTX *ctx);
-int test_div_word(BIO *bp);
-int test_div_recp(BIO *bp,BN_CTX *ctx);
-int test_mul(BIO *bp);
-int test_sqr(BIO *bp,BN_CTX *ctx);
-int test_mont(BIO *bp,BN_CTX *ctx);
-int test_mod(BIO *bp,BN_CTX *ctx);
-int test_mod_mul(BIO *bp,BN_CTX *ctx);
-int test_mod_exp(BIO *bp,BN_CTX *ctx);
-int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
-int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx);
-int test_exp(BIO *bp,BN_CTX *ctx);
-int test_gf2m_add(BIO *bp);
-int test_gf2m_mod(BIO *bp);
-int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);
-int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);
-int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);
-int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);
-int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);
-int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);
-int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);
-int test_kron(BIO *bp,BN_CTX *ctx);
-int test_sqrt(BIO *bp,BN_CTX *ctx);
-int rand_neg(void);
-static int results=0;
-
-static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
-"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-static void message(BIO *out, char *m)
-	{
-	fprintf(stderr, "test %s\n", m);
-	BIO_puts(out, "print \"test ");
-	BIO_puts(out, m);
-	BIO_puts(out, "\\n\"\n");
-	}
-
-int main(int argc, char *argv[])
-	{
-	BN_CTX *ctx;
-	BIO *out;
-	char *outfile=NULL;
-
-	results = 0;
-
-	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
-
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if (strcmp(*argv,"-results") == 0)
-			results=1;
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) break;
-			outfile= *(++argv);
-			}
-		argc--;
-		argv++;
-		}
-
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) EXIT(1);
-
-	out=BIO_new(BIO_s_file());
-	if (out == NULL) EXIT(1);
-	if (outfile == NULL)
-		{
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-		}
-	else
-		{
-		if (!BIO_write_filename(out,outfile))
-			{
-			perror(outfile);
-			EXIT(1);
-			}
-		}
-
-	if (!results)
-		BIO_puts(out,"obase=16\nibase=16\n");
-
-	message(out,"BN_add");
-	if (!test_add(out)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_sub");
-	if (!test_sub(out)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_lshift1");
-	if (!test_lshift1(out)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_lshift (fixed)");
-	if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
-	    goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_lshift");
-	if (!test_lshift(out,ctx,NULL)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_rshift1");
-	if (!test_rshift1(out)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_rshift");
-	if (!test_rshift(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_sqr");
-	if (!test_sqr(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_mul");
-	if (!test_mul(out)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_div");
-	if (!test_div(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_div_word");
-	if (!test_div_word(out)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_div_recp");
-	if (!test_div_recp(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_mod");
-	if (!test_mod(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_mod_mul");
-	if (!test_mod_mul(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_mont");
-	if (!test_mont(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_mod_exp");
-	if (!test_mod_exp(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_mod_exp_mont_consttime");
-	if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
-	if (!test_mod_exp_mont5(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_exp");
-	if (!test_exp(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_kronecker");
-	if (!test_kron(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_mod_sqrt");
-	if (!test_sqrt(out,ctx)) goto err;
-	(void)BIO_flush(out);
-#ifndef OPENSSL_NO_EC2M
-	message(out,"BN_GF2m_add");
-	if (!test_gf2m_add(out)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_GF2m_mod");
-	if (!test_gf2m_mod(out)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_GF2m_mod_mul");
-	if (!test_gf2m_mod_mul(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_GF2m_mod_sqr");
-	if (!test_gf2m_mod_sqr(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_GF2m_mod_inv");
-	if (!test_gf2m_mod_inv(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_GF2m_mod_div");
-	if (!test_gf2m_mod_div(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_GF2m_mod_exp");
-	if (!test_gf2m_mod_exp(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_GF2m_mod_sqrt");
-	if (!test_gf2m_mod_sqrt(out,ctx)) goto err;
-	(void)BIO_flush(out);
-
-	message(out,"BN_GF2m_mod_solve_quad");
-	if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
-	(void)BIO_flush(out);
-#endif
-	BN_CTX_free(ctx);
-	BIO_free(out);
-
-/**/
-	EXIT(0);
-err:
-	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
-	                      * the failure, see test_bn in test/Makefile.ssl*/
-	(void)BIO_flush(out);
-	ERR_load_crypto_strings();
-	ERR_print_errors_fp(stderr);
-	EXIT(1);
-	return(1);
-	}
-
-int test_add(BIO *bp)
-	{
-	BIGNUM a,b,c;
-	int i;
-
-	BN_init(&a);
-	BN_init(&b);
-	BN_init(&c);
-
-	BN_bntest_rand(&a,512,0,0);
-	for (i=0; i<num0; i++)
-		{
-		BN_bntest_rand(&b,450+i,0,0);
-		a.neg=rand_neg();
-		b.neg=rand_neg();
-		BN_add(&c,&a,&b);
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,&a);
-				BIO_puts(bp," + ");
-				BN_print(bp,&b);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,&c);
-			BIO_puts(bp,"\n");
-			}
-		a.neg=!a.neg;
-		b.neg=!b.neg;
-		BN_add(&c,&c,&b);
-		BN_add(&c,&c,&a);
-		if(!BN_is_zero(&c))
-		    {
-		    fprintf(stderr,"Add test failed!\n");
-		    return 0;
-		    }
-		}
-	BN_free(&a);
-	BN_free(&b);
-	BN_free(&c);
-	return(1);
-	}
-
-int test_sub(BIO *bp)
-	{
-	BIGNUM a,b,c;
-	int i;
-
-	BN_init(&a);
-	BN_init(&b);
-	BN_init(&c);
-
-	for (i=0; i<num0+num1; i++)
-		{
-		if (i < num1)
-			{
-			BN_bntest_rand(&a,512,0,0);
-			BN_copy(&b,&a);
-			if (BN_set_bit(&a,i)==0) return(0);
-			BN_add_word(&b,i);
-			}
-		else
-			{
-			BN_bntest_rand(&b,400+i-num1,0,0);
-			a.neg=rand_neg();
-			b.neg=rand_neg();
-			}
-		BN_sub(&c,&a,&b);
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,&a);
-				BIO_puts(bp," - ");
-				BN_print(bp,&b);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,&c);
-			BIO_puts(bp,"\n");
-			}
-		BN_add(&c,&c,&b);
-		BN_sub(&c,&c,&a);
-		if(!BN_is_zero(&c))
-		    {
-		    fprintf(stderr,"Subtract test failed!\n");
-		    return 0;
-		    }
-		}
-	BN_free(&a);
-	BN_free(&b);
-	BN_free(&c);
-	return(1);
-	}
-
-int test_div(BIO *bp, BN_CTX *ctx)
-	{
-	BIGNUM a,b,c,d,e;
-	int i;
-
-	BN_init(&a);
-	BN_init(&b);
-	BN_init(&c);
-	BN_init(&d);
-	BN_init(&e);
-
-	for (i=0; i<num0+num1; i++)
-		{
-		if (i < num1)
-			{
-			BN_bntest_rand(&a,400,0,0);
-			BN_copy(&b,&a);
-			BN_lshift(&a,&a,i);
-			BN_add_word(&a,i);
-			}
-		else
-			BN_bntest_rand(&b,50+3*(i-num1),0,0);
-		a.neg=rand_neg();
-		b.neg=rand_neg();
-		BN_div(&d,&c,&a,&b,ctx);
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,&a);
-				BIO_puts(bp," / ");
-				BN_print(bp,&b);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,&d);
-			BIO_puts(bp,"\n");
-
-			if (!results)
-				{
-				BN_print(bp,&a);
-				BIO_puts(bp," % ");
-				BN_print(bp,&b);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,&c);
-			BIO_puts(bp,"\n");
-			}
-		BN_mul(&e,&d,&b,ctx);
-		BN_add(&d,&e,&c);
-		BN_sub(&d,&d,&a);
-		if(!BN_is_zero(&d))
-		    {
-		    fprintf(stderr,"Division test failed!\n");
-		    return 0;
-		    }
-		}
-	BN_free(&a);
-	BN_free(&b);
-	BN_free(&c);
-	BN_free(&d);
-	BN_free(&e);
-	return(1);
-	}
-
-static void print_word(BIO *bp,BN_ULONG w)
-	{
-#ifdef SIXTY_FOUR_BIT
-	if (sizeof(w) > sizeof(unsigned long))
-		{
-		unsigned long	h=(unsigned long)(w>>32),
-				l=(unsigned long)(w);
-
-		if (h)	BIO_printf(bp,"%lX%08lX",h,l);
-		else	BIO_printf(bp,"%lX",l);
-		return;
-		}
-#endif
-	BIO_printf(bp,BN_HEX_FMT1,w);
-	}
-
-int test_div_word(BIO *bp)
-	{
-	BIGNUM   a,b;
-	BN_ULONG r,s;
-	int i;
-
-	BN_init(&a);
-	BN_init(&b);
-
-	for (i=0; i<num0; i++)
-		{
-		do {
-			BN_bntest_rand(&a,512,-1,0);
-			BN_bntest_rand(&b,BN_BITS2,-1,0);
-			s = b.d[0];
-		} while (!s);
-
-		BN_copy(&b, &a);
-		r = BN_div_word(&b, s);
-
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,&a);
-				BIO_puts(bp," / ");
-				print_word(bp,s);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,&b);
-			BIO_puts(bp,"\n");
-
-			if (!results)
-				{
-				BN_print(bp,&a);
-				BIO_puts(bp," % ");
-				print_word(bp,s);
-				BIO_puts(bp," - ");
-				}
-			print_word(bp,r);
-			BIO_puts(bp,"\n");
-			}
-		BN_mul_word(&b,s);
-		BN_add_word(&b,r);
-		BN_sub(&b,&a,&b);
-		if(!BN_is_zero(&b))
-		    {
-		    fprintf(stderr,"Division (word) test failed!\n");
-		    return 0;
-		    }
-		}
-	BN_free(&a);
-	BN_free(&b);
-	return(1);
-	}
-
-int test_div_recp(BIO *bp, BN_CTX *ctx)
-	{
-	BIGNUM a,b,c,d,e;
-	BN_RECP_CTX recp;
-	int i;
-
-	BN_RECP_CTX_init(&recp);
-	BN_init(&a);
-	BN_init(&b);
-	BN_init(&c);
-	BN_init(&d);
-	BN_init(&e);
-
-	for (i=0; i<num0+num1; i++)
-		{
-		if (i < num1)
-			{
-			BN_bntest_rand(&a,400,0,0);
-			BN_copy(&b,&a);
-			BN_lshift(&a,&a,i);
-			BN_add_word(&a,i);
-			}
-		else
-			BN_bntest_rand(&b,50+3*(i-num1),0,0);
-		a.neg=rand_neg();
-		b.neg=rand_neg();
-		BN_RECP_CTX_set(&recp,&b,ctx);
-		BN_div_recp(&d,&c,&a,&recp,ctx);
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,&a);
-				BIO_puts(bp," / ");
-				BN_print(bp,&b);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,&d);
-			BIO_puts(bp,"\n");
-
-			if (!results)
-				{
-				BN_print(bp,&a);
-				BIO_puts(bp," % ");
-				BN_print(bp,&b);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,&c);
-			BIO_puts(bp,"\n");
-			}
-		BN_mul(&e,&d,&b,ctx);
-		BN_add(&d,&e,&c);
-		BN_sub(&d,&d,&a);
-		if(!BN_is_zero(&d))
-		    {
-		    fprintf(stderr,"Reciprocal division test failed!\n");
-		    fprintf(stderr,"a=");
-		    BN_print_fp(stderr,&a);
-		    fprintf(stderr,"\nb=");
-		    BN_print_fp(stderr,&b);
-		    fprintf(stderr,"\n");
-		    return 0;
-		    }
-		}
-	BN_free(&a);
-	BN_free(&b);
-	BN_free(&c);
-	BN_free(&d);
-	BN_free(&e);
-	BN_RECP_CTX_free(&recp);
-	return(1);
-	}
-
-int test_mul(BIO *bp)
-	{
-	BIGNUM a,b,c,d,e;
-	int i;
-	BN_CTX *ctx;
-
-	ctx = BN_CTX_new();
-	if (ctx == NULL) EXIT(1);
-	
-	BN_init(&a);
-	BN_init(&b);
-	BN_init(&c);
-	BN_init(&d);
-	BN_init(&e);
-
-	for (i=0; i<num0+num1; i++)
-		{
-		if (i <= num1)
-			{
-			BN_bntest_rand(&a,100,0,0);
-			BN_bntest_rand(&b,100,0,0);
-			}
-		else
-			BN_bntest_rand(&b,i-num1,0,0);
-		a.neg=rand_neg();
-		b.neg=rand_neg();
-		BN_mul(&c,&a,&b,ctx);
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,&a);
-				BIO_puts(bp," * ");
-				BN_print(bp,&b);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,&c);
-			BIO_puts(bp,"\n");
-			}
-		BN_div(&d,&e,&c,&a,ctx);
-		BN_sub(&d,&d,&b);
-		if(!BN_is_zero(&d) || !BN_is_zero(&e))
-		    {
-		    fprintf(stderr,"Multiplication test failed!\n");
-		    return 0;
-		    }
-		}
-	BN_free(&a);
-	BN_free(&b);
-	BN_free(&c);
-	BN_free(&d);
-	BN_free(&e);
-	BN_CTX_free(ctx);
-	return(1);
-	}
-
-int test_sqr(BIO *bp, BN_CTX *ctx)
-	{
-	BIGNUM *a,*c,*d,*e;
-	int i, ret = 0;
-
-	a = BN_new();
-	c = BN_new();
-	d = BN_new();
-	e = BN_new();
-	if (a == NULL || c == NULL || d == NULL || e == NULL)
-		{
-		goto err;
-		}
-
-	for (i=0; i<num0; i++)
-		{
-		BN_bntest_rand(a,40+i*10,0,0);
-		a->neg=rand_neg();
-		BN_sqr(c,a,ctx);
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,a);
-				BIO_puts(bp," * ");
-				BN_print(bp,a);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,c);
-			BIO_puts(bp,"\n");
-			}
-		BN_div(d,e,c,a,ctx);
-		BN_sub(d,d,a);
-		if(!BN_is_zero(d) || !BN_is_zero(e))
-			{
-			fprintf(stderr,"Square test failed!\n");
-			goto err;
-			}
-		}
-
-	/* Regression test for a BN_sqr overflow bug. */
-	BN_hex2bn(&a,
-		"80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000");
-	BN_sqr(c, a, ctx);
-	if (bp != NULL)
-		{
-		if (!results)
-			{
-			BN_print(bp,a);
-			BIO_puts(bp," * ");
-			BN_print(bp,a);
-			BIO_puts(bp," - ");
-			}
-		BN_print(bp,c);
-		BIO_puts(bp,"\n");
-		}
-	BN_mul(d, a, a, ctx);
-	if (BN_cmp(c, d))
-		{
-		fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
-			"different results!\n");
-		goto err;
-		}
-
-	/* Regression test for a BN_sqr overflow bug. */
-	BN_hex2bn(&a,
-		"80000000000000000000000080000001FFFFFFFE000000000000000000000000");
-	BN_sqr(c, a, ctx);
-	if (bp != NULL)
-		{
-		if (!results)
-			{
-			BN_print(bp,a);
-			BIO_puts(bp," * ");
-			BN_print(bp,a);
-			BIO_puts(bp," - ");
-			}
-		BN_print(bp,c);
-		BIO_puts(bp,"\n");
-		}
-	BN_mul(d, a, a, ctx);
-	if (BN_cmp(c, d))
-		{
-		fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
-			"different results!\n");
-		goto err;
-		}
-	ret = 1;
-err:
-	if (a != NULL) BN_free(a);
-	if (c != NULL) BN_free(c);
-	if (d != NULL) BN_free(d);
-	if (e != NULL) BN_free(e);
-	return ret;
-	}
-
-int test_mont(BIO *bp, BN_CTX *ctx)
-	{
-	BIGNUM a,b,c,d,A,B;
-	BIGNUM n;
-	int i;
-	BN_MONT_CTX *mont;
-
-	BN_init(&a);
-	BN_init(&b);
-	BN_init(&c);
-	BN_init(&d);
-	BN_init(&A);
-	BN_init(&B);
-	BN_init(&n);
-
-	mont=BN_MONT_CTX_new();
-	if (mont == NULL)
-		return 0;
-
-	BN_bntest_rand(&a,100,0,0); /**/
-	BN_bntest_rand(&b,100,0,0); /**/
-	for (i=0; i<num2; i++)
-		{
-		int bits = (200*(i+1))/num2;
-
-		if (bits == 0)
-			continue;
-		BN_bntest_rand(&n,bits,0,1);
-		BN_MONT_CTX_set(mont,&n,ctx);
-
-		BN_nnmod(&a,&a,&n,ctx);
-		BN_nnmod(&b,&b,&n,ctx);
-
-		BN_to_montgomery(&A,&a,mont,ctx);
-		BN_to_montgomery(&B,&b,mont,ctx);
-
-		BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
-		BN_from_montgomery(&A,&c,mont,ctx);/**/
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-#ifdef undef
-fprintf(stderr,"%d * %d %% %d\n",
-BN_num_bits(&a),
-BN_num_bits(&b),
-BN_num_bits(mont->N));
-#endif
-				BN_print(bp,&a);
-				BIO_puts(bp," * ");
-				BN_print(bp,&b);
-				BIO_puts(bp," % ");
-				BN_print(bp,&(mont->N));
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,&A);
-			BIO_puts(bp,"\n");
-			}
-		BN_mod_mul(&d,&a,&b,&n,ctx);
-		BN_sub(&d,&d,&A);
-		if(!BN_is_zero(&d))
-		    {
-		    fprintf(stderr,"Montgomery multiplication test failed!\n");
-		    return 0;
-		    }
-		}
-	BN_MONT_CTX_free(mont);
-	BN_free(&a);
-	BN_free(&b);
-	BN_free(&c);
-	BN_free(&d);
-	BN_free(&A);
-	BN_free(&B);
-	BN_free(&n);
-	return(1);
-	}
-
-int test_mod(BIO *bp, BN_CTX *ctx)
-	{
-	BIGNUM *a,*b,*c,*d,*e;
-	int i;
-
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
-	d=BN_new();
-	e=BN_new();
-
-	BN_bntest_rand(a,1024,0,0); /**/
-	for (i=0; i<num0; i++)
-		{
-		BN_bntest_rand(b,450+i*10,0,0); /**/
-		a->neg=rand_neg();
-		b->neg=rand_neg();
-		BN_mod(c,a,b,ctx);/**/
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,a);
-				BIO_puts(bp," % ");
-				BN_print(bp,b);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,c);
-			BIO_puts(bp,"\n");
-			}
-		BN_div(d,e,a,b,ctx);
-		BN_sub(e,e,c);
-		if(!BN_is_zero(e))
-		    {
-		    fprintf(stderr,"Modulo test failed!\n");
-		    return 0;
-		    }
-		}
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
-	BN_free(d);
-	BN_free(e);
-	return(1);
-	}
-
-int test_mod_mul(BIO *bp, BN_CTX *ctx)
-	{
-	BIGNUM *a,*b,*c,*d,*e;
-	int i,j;
-
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
-	d=BN_new();
-	e=BN_new();
-
-	for (j=0; j<3; j++) {
-	BN_bntest_rand(c,1024,0,0); /**/
-	for (i=0; i<num0; i++)
-		{
-		BN_bntest_rand(a,475+i*10,0,0); /**/
-		BN_bntest_rand(b,425+i*11,0,0); /**/
-		a->neg=rand_neg();
-		b->neg=rand_neg();
-		if (!BN_mod_mul(e,a,b,c,ctx))
-			{
-			unsigned long l;
-
-			while ((l=ERR_get_error()))
-				fprintf(stderr,"ERROR:%s\n",
-					ERR_error_string(l,NULL));
-			EXIT(1);
-			}
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,a);
-				BIO_puts(bp," * ");
-				BN_print(bp,b);
-				BIO_puts(bp," % ");
-				BN_print(bp,c);
-				if ((a->neg ^ b->neg) && !BN_is_zero(e))
-					{
-					/* If  (a*b) % c  is negative,  c  must be added
-					 * in order to obtain the normalized remainder
-					 * (new with OpenSSL 0.9.7, previous versions of
-					 * BN_mod_mul could generate negative results)
-					 */
-					BIO_puts(bp," + ");
-					BN_print(bp,c);
-					}
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,e);
-			BIO_puts(bp,"\n");
-			}
-		BN_mul(d,a,b,ctx);
-		BN_sub(d,d,e);
-		BN_div(a,b,d,c,ctx);
-		if(!BN_is_zero(b))
-		    {
-		    fprintf(stderr,"Modulo multiply test failed!\n");
-		    ERR_print_errors_fp(stderr);
-		    return 0;
-		    }
-		}
-	}
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
-	BN_free(d);
-	BN_free(e);
-	return(1);
-	}
-
-int test_mod_exp(BIO *bp, BN_CTX *ctx)
-	{
-	BIGNUM *a,*b,*c,*d,*e;
-	int i;
-
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
-	d=BN_new();
-	e=BN_new();
-
-	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
-	for (i=0; i<num2; i++)
-		{
-		BN_bntest_rand(a,20+i*5,0,0); /**/
-		BN_bntest_rand(b,2+i,0,0); /**/
-
-		if (!BN_mod_exp(d,a,b,c,ctx))
-			return(0);
-
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,a);
-				BIO_puts(bp," ^ ");
-				BN_print(bp,b);
-				BIO_puts(bp," % ");
-				BN_print(bp,c);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,d);
-			BIO_puts(bp,"\n");
-			}
-		BN_exp(e,a,b,ctx);
-		BN_sub(e,e,d);
-		BN_div(a,b,e,c,ctx);
-		if(!BN_is_zero(b))
-		    {
-		    fprintf(stderr,"Modulo exponentiation test failed!\n");
-		    return 0;
-		    }
-		}
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
-	BN_free(d);
-	BN_free(e);
-	return(1);
-	}
-
-int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
-	{
-	BIGNUM *a,*b,*c,*d,*e;
-	int i;
-
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
-	d=BN_new();
-	e=BN_new();
-
-	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
-	for (i=0; i<num2; i++)
-		{
-		BN_bntest_rand(a,20+i*5,0,0); /**/
-		BN_bntest_rand(b,2+i,0,0); /**/
-
-		if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
-			return(00);
-
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,a);
-				BIO_puts(bp," ^ ");
-				BN_print(bp,b);
-				BIO_puts(bp," % ");
-				BN_print(bp,c);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,d);
-			BIO_puts(bp,"\n");
-			}
-		BN_exp(e,a,b,ctx);
-		BN_sub(e,e,d);
-		BN_div(a,b,e,c,ctx);
-		if(!BN_is_zero(b))
-		    {
-		    fprintf(stderr,"Modulo exponentiation test failed!\n");
-		    return 0;
-		    }
-		}
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
-	BN_free(d);
-	BN_free(e);
-	return(1);
-	}
-
-/* Test constant-time modular exponentiation with 1024-bit inputs,
- * which on x86_64 cause a different code branch to be taken.
- */
-int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
-	{
-	BIGNUM *a,*p,*m,*d,*e;
-
-	BN_MONT_CTX *mont;
-
-	a=BN_new();
-	p=BN_new();
-	m=BN_new();
-	d=BN_new();
-	e=BN_new();
-
-	mont = BN_MONT_CTX_new();
-
-	BN_bntest_rand(m,1024,0,1); /* must be odd for montgomery */
-	/* Zero exponent */
-	BN_bntest_rand(a,1024,0,0);
-	BN_zero(p);
-	if(!BN_mod_exp_mont_consttime(d,a,p,m,ctx,NULL))
-		return 0;
-	if(!BN_is_one(d))
-		{
-		fprintf(stderr, "Modular exponentiation test failed!\n");
-		return 0;
-		}
-	/* Zero input */
-	BN_bntest_rand(p,1024,0,0);
-	BN_zero(a);
-	if(!BN_mod_exp_mont_consttime(d,a,p,m,ctx,NULL))
-		return 0;
-	if(!BN_is_zero(d))
-		{
-		fprintf(stderr, "Modular exponentiation test failed!\n");
-		return 0;
-		}
-	/* Craft an input whose Montgomery representation is 1,
-	 * i.e., shorter than the modulus m, in order to test
-	 * the const time precomputation scattering/gathering.
-	 */
-	BN_one(a);
-	BN_MONT_CTX_set(mont,m,ctx);
-	if(!BN_from_montgomery(e,a,mont,ctx))
-		return 0;
-	if(!BN_mod_exp_mont_consttime(d,e,p,m,ctx,NULL))
-		return 0;
-	if(!BN_mod_exp_simple(a,e,p,m,ctx))
-		return 0;
-	if(BN_cmp(a,d) != 0)
-		{
-		fprintf(stderr,"Modular exponentiation test failed!\n");
-		return 0;
-		}
-	/* Finally, some regular test vectors. */
-	BN_bntest_rand(e,1024,0,0);
-	if(!BN_mod_exp_mont_consttime(d,e,p,m,ctx,NULL))
-		return 0;
-	if(!BN_mod_exp_simple(a,e,p,m,ctx))
-		return 0;
-	if(BN_cmp(a,d) != 0)
-		{
-		fprintf(stderr,"Modular exponentiation test failed!\n");
-		return 0;
-		}
-	BN_free(a);
-	BN_free(p);
-	BN_free(m);
-	BN_free(d);
-	BN_free(e);
-	return(1);
-	}
-
-int test_exp(BIO *bp, BN_CTX *ctx)
-	{
-	BIGNUM *a,*b,*d,*e,*one;
-	int i;
-
-	a=BN_new();
-	b=BN_new();
-	d=BN_new();
-	e=BN_new();
-	one=BN_new();
-	BN_one(one);
-
-	for (i=0; i<num2; i++)
-		{
-		BN_bntest_rand(a,20+i*5,0,0); /**/
-		BN_bntest_rand(b,2+i,0,0); /**/
-
-		if (BN_exp(d,a,b,ctx) <= 0)
-			return(0);
-
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,a);
-				BIO_puts(bp," ^ ");
-				BN_print(bp,b);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,d);
-			BIO_puts(bp,"\n");
-			}
-		BN_one(e);
-		for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
-		    BN_mul(e,e,a,ctx);
-		BN_sub(e,e,d);
-		if(!BN_is_zero(e))
-		    {
-		    fprintf(stderr,"Exponentiation test failed!\n");
-		    return 0;
-		    }
-		}
-	BN_free(a);
-	BN_free(b);
-	BN_free(d);
-	BN_free(e);
-	BN_free(one);
-	return(1);
-	}
-#ifndef OPENSSL_NO_EC2M
-int test_gf2m_add(BIO *bp)
-	{
-	BIGNUM a,b,c;
-	int i, ret = 0;
-
-	BN_init(&a);
-	BN_init(&b);
-	BN_init(&c);
-
-	for (i=0; i<num0; i++)
-		{
-		BN_rand(&a,512,0,0);
-		BN_copy(&b, BN_value_one());
-		a.neg=rand_neg();
-		b.neg=rand_neg();
-		BN_GF2m_add(&c,&a,&b);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,&a);
-				BIO_puts(bp," ^ ");
-				BN_print(bp,&b);
-				BIO_puts(bp," = ");
-				}
-			BN_print(bp,&c);
-			BIO_puts(bp,"\n");
-			}
-#endif
-		/* Test that two added values have the correct parity. */
-		if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))
-			{
-		    fprintf(stderr,"GF(2^m) addition test (a) failed!\n");
-			goto err;
-			}
-		BN_GF2m_add(&c,&c,&c);
-		/* Test that c + c = 0. */
-		if(!BN_is_zero(&c))
-		    {
-		    fprintf(stderr,"GF(2^m) addition test (b) failed!\n");
-			goto err;
-		    }
-		}
-	ret = 1;
-  err:
-	BN_free(&a);
-	BN_free(&b);
-	BN_free(&c);
-	return ret;
-	}
-
-int test_gf2m_mod(BIO *bp)
-	{
-	BIGNUM *a,*b[2],*c,*d,*e;
-	int i, j, ret = 0;
-	int p0[] = {163,7,6,3,0,-1};
-	int p1[] = {193,15,0,-1};
-
-	a=BN_new();
-	b[0]=BN_new();
-	b[1]=BN_new();
-	c=BN_new();
-	d=BN_new();
-	e=BN_new();
-
-	BN_GF2m_arr2poly(p0, b[0]);
-	BN_GF2m_arr2poly(p1, b[1]);
-
-	for (i=0; i<num0; i++)
-		{
-		BN_bntest_rand(a, 1024, 0, 0);
-		for (j=0; j < 2; j++)
-			{
-			BN_GF2m_mod(c, a, b[j]);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
-			if (bp != NULL)
-				{
-				if (!results)
-					{
-					BN_print(bp,a);
-					BIO_puts(bp," % ");
-					BN_print(bp,b[j]);
-					BIO_puts(bp," - ");
-					BN_print(bp,c);
-					BIO_puts(bp,"\n");
-					}
-				}
-#endif
-			BN_GF2m_add(d, a, c);
-			BN_GF2m_mod(e, d, b[j]);
-			/* Test that a + (a mod p) mod p == 0. */
-			if(!BN_is_zero(e))
-				{
-				fprintf(stderr,"GF(2^m) modulo test failed!\n");
-				goto err;
-				}
-			}
-		}
-	ret = 1;
-  err:
-	BN_free(a);
-	BN_free(b[0]);
-	BN_free(b[1]);
-	BN_free(c);
-	BN_free(d);
-	BN_free(e);
-	return ret;
-	}
-
-int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
-	{
-	BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
-	int i, j, ret = 0;
-	int p0[] = {163,7,6,3,0,-1};
-	int p1[] = {193,15,0,-1};
-
-	a=BN_new();
-	b[0]=BN_new();
-	b[1]=BN_new();
-	c=BN_new();
-	d=BN_new();
-	e=BN_new();
-	f=BN_new();
-	g=BN_new();
-	h=BN_new();
-
-	BN_GF2m_arr2poly(p0, b[0]);
-	BN_GF2m_arr2poly(p1, b[1]);
-
-	for (i=0; i<num0; i++)
-		{
-		BN_bntest_rand(a, 1024, 0, 0);
-		BN_bntest_rand(c, 1024, 0, 0);
-		BN_bntest_rand(d, 1024, 0, 0);
-		for (j=0; j < 2; j++)
-			{
-			BN_GF2m_mod_mul(e, a, c, b[j], ctx);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
-			if (bp != NULL)
-				{
-				if (!results)
-					{
-					BN_print(bp,a);
-					BIO_puts(bp," * ");
-					BN_print(bp,c);
-					BIO_puts(bp," % ");
-					BN_print(bp,b[j]);
-					BIO_puts(bp," - ");
-					BN_print(bp,e);
-					BIO_puts(bp,"\n");
-					}
-				}
-#endif
-			BN_GF2m_add(f, a, d);
-			BN_GF2m_mod_mul(g, f, c, b[j], ctx);
-			BN_GF2m_mod_mul(h, d, c, b[j], ctx);
-			BN_GF2m_add(f, e, g);
-			BN_GF2m_add(f, f, h);
-			/* Test that (a+d)*c = a*c + d*c. */
-			if(!BN_is_zero(f))
-				{
-				fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");
-				goto err;
-				}
-			}
-		}
-	ret = 1;
-  err:
-	BN_free(a);
-	BN_free(b[0]);
-	BN_free(b[1]);
-	BN_free(c);
-	BN_free(d);
-	BN_free(e);
-	BN_free(f);
-	BN_free(g);
-	BN_free(h);
-	return ret;
-	}
-
-int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
-	{
-	BIGNUM *a,*b[2],*c,*d;
-	int i, j, ret = 0;
-	int p0[] = {163,7,6,3,0,-1};
-	int p1[] = {193,15,0,-1};
-
-	a=BN_new();
-	b[0]=BN_new();
-	b[1]=BN_new();
-	c=BN_new();
-	d=BN_new();
-
-	BN_GF2m_arr2poly(p0, b[0]);
-	BN_GF2m_arr2poly(p1, b[1]);
-
-	for (i=0; i<num0; i++)
-		{
-		BN_bntest_rand(a, 1024, 0, 0);
-		for (j=0; j < 2; j++)
-			{
-			BN_GF2m_mod_sqr(c, a, b[j], ctx);
-			BN_copy(d, a);
-			BN_GF2m_mod_mul(d, a, d, b[j], ctx);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
-			if (bp != NULL)
-				{
-				if (!results)
-					{
-					BN_print(bp,a);
-					BIO_puts(bp," ^ 2 % ");
-					BN_print(bp,b[j]);
-					BIO_puts(bp, " = ");
-					BN_print(bp,c);
-					BIO_puts(bp,"; a * a = ");
-					BN_print(bp,d);
-					BIO_puts(bp,"\n");
-					}
-				}
-#endif
-			BN_GF2m_add(d, c, d);
-			/* Test that a*a = a^2. */
-			if(!BN_is_zero(d))
-				{
-				fprintf(stderr,"GF(2^m) modular squaring test failed!\n");
-				goto err;
-				}
-			}
-		}
-	ret = 1;
-  err:
-	BN_free(a);
-	BN_free(b[0]);
-	BN_free(b[1]);
-	BN_free(c);
-	BN_free(d);
-	return ret;
-	}
-
-int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
-	{
-	BIGNUM *a,*b[2],*c,*d;
-	int i, j, ret = 0;
-	int p0[] = {163,7,6,3,0,-1};
-	int p1[] = {193,15,0,-1};
-
-	a=BN_new();
-	b[0]=BN_new();
-	b[1]=BN_new();
-	c=BN_new();
-	d=BN_new();
-
-	BN_GF2m_arr2poly(p0, b[0]);
-	BN_GF2m_arr2poly(p1, b[1]);
-
-	for (i=0; i<num0; i++)
-		{
-		BN_bntest_rand(a, 512, 0, 0); 
-		for (j=0; j < 2; j++)
-			{
-			BN_GF2m_mod_inv(c, a, b[j], ctx);
-			BN_GF2m_mod_mul(d, a, c, b[j], ctx);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
-			if (bp != NULL)
-				{
-				if (!results)
-					{
-					BN_print(bp,a);
-					BIO_puts(bp, " * ");
-					BN_print(bp,c);
-					BIO_puts(bp," - 1 % ");
-					BN_print(bp,b[j]);
-					BIO_puts(bp,"\n");
-					}
-				}
-#endif
-			/* Test that ((1/a)*a) = 1. */
-			if(!BN_is_one(d))
-				{
-				fprintf(stderr,"GF(2^m) modular inversion test failed!\n");
-				goto err;
-				}
-			}
-		}
-	ret = 1;
-  err:
-	BN_free(a);
-	BN_free(b[0]);
-	BN_free(b[1]);
-	BN_free(c);
-	BN_free(d);
-	return ret;
-	}
-
-int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
-	{
-	BIGNUM *a,*b[2],*c,*d,*e,*f;
-	int i, j, ret = 0;
-	int p0[] = {163,7,6,3,0,-1};
-	int p1[] = {193,15,0,-1};
-
-	a=BN_new();
-	b[0]=BN_new();
-	b[1]=BN_new();
-	c=BN_new();
-	d=BN_new();
-	e=BN_new();
-	f=BN_new();
-
-	BN_GF2m_arr2poly(p0, b[0]);
-	BN_GF2m_arr2poly(p1, b[1]);
-
-	for (i=0; i<num0; i++)
-		{
-		BN_bntest_rand(a, 512, 0, 0); 
-		BN_bntest_rand(c, 512, 0, 0);
-		for (j=0; j < 2; j++)
-			{
-			BN_GF2m_mod_div(d, a, c, b[j], ctx);
-			BN_GF2m_mod_mul(e, d, c, b[j], ctx);
-			BN_GF2m_mod_div(f, a, e, b[j], ctx);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
-			if (bp != NULL)
-				{
-				if (!results)
-					{
-					BN_print(bp,a);
-					BIO_puts(bp, " = ");
-					BN_print(bp,c);
-					BIO_puts(bp," * ");
-					BN_print(bp,d);
-					BIO_puts(bp, " % ");
-					BN_print(bp,b[j]);
-					BIO_puts(bp,"\n");
-					}
-				}
-#endif
-			/* Test that ((a/c)*c)/a = 1. */
-			if(!BN_is_one(f))
-				{
-				fprintf(stderr,"GF(2^m) modular division test failed!\n");
-				goto err;
-				}
-			}
-		}
-	ret = 1;
-  err:
-	BN_free(a);
-	BN_free(b[0]);
-	BN_free(b[1]);
-	BN_free(c);
-	BN_free(d);
-	BN_free(e);
-	BN_free(f);
-	return ret;
-	}
-
-int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
-	{
-	BIGNUM *a,*b[2],*c,*d,*e,*f;
-	int i, j, ret = 0;
-	int p0[] = {163,7,6,3,0,-1};
-	int p1[] = {193,15,0,-1};
-
-	a=BN_new();
-	b[0]=BN_new();
-	b[1]=BN_new();
-	c=BN_new();
-	d=BN_new();
-	e=BN_new();
-	f=BN_new();
-
-	BN_GF2m_arr2poly(p0, b[0]);
-	BN_GF2m_arr2poly(p1, b[1]);
-
-	for (i=0; i<num0; i++)
-		{
-		BN_bntest_rand(a, 512, 0, 0);
-		BN_bntest_rand(c, 512, 0, 0);
-		BN_bntest_rand(d, 512, 0, 0);
-		for (j=0; j < 2; j++)
-			{
-			BN_GF2m_mod_exp(e, a, c, b[j], ctx);
-			BN_GF2m_mod_exp(f, a, d, b[j], ctx);
-			BN_GF2m_mod_mul(e, e, f, b[j], ctx);
-			BN_add(f, c, d);
-			BN_GF2m_mod_exp(f, a, f, b[j], ctx);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
-			if (bp != NULL)
-				{
-				if (!results)
-					{
-					BN_print(bp,a);
-					BIO_puts(bp, " ^ (");
-					BN_print(bp,c);
-					BIO_puts(bp," + ");
-					BN_print(bp,d);
-					BIO_puts(bp, ") = ");
-					BN_print(bp,e);
-					BIO_puts(bp, "; - ");
-					BN_print(bp,f);
-					BIO_puts(bp, " % ");
-					BN_print(bp,b[j]);
-					BIO_puts(bp,"\n");
-					}
-				}
-#endif
-			BN_GF2m_add(f, e, f);
-			/* Test that a^(c+d)=a^c*a^d. */
-			if(!BN_is_zero(f))
-				{
-				fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");
-				goto err;
-				}
-			}
-		}
-	ret = 1;
-  err:
-	BN_free(a);
-	BN_free(b[0]);
-	BN_free(b[1]);
-	BN_free(c);
-	BN_free(d);
-	BN_free(e);
-	BN_free(f);
-	return ret;
-	}
-
-int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
-	{
-	BIGNUM *a,*b[2],*c,*d,*e,*f;
-	int i, j, ret = 0;
-	int p0[] = {163,7,6,3,0,-1};
-	int p1[] = {193,15,0,-1};
-
-	a=BN_new();
-	b[0]=BN_new();
-	b[1]=BN_new();
-	c=BN_new();
-	d=BN_new();
-	e=BN_new();
-	f=BN_new();
-
-	BN_GF2m_arr2poly(p0, b[0]);
-	BN_GF2m_arr2poly(p1, b[1]);
-
-	for (i=0; i<num0; i++)
-		{
-		BN_bntest_rand(a, 512, 0, 0);
-		for (j=0; j < 2; j++)
-			{
-			BN_GF2m_mod(c, a, b[j]);
-			BN_GF2m_mod_sqrt(d, a, b[j], ctx);
-			BN_GF2m_mod_sqr(e, d, b[j], ctx);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
-			if (bp != NULL)
-				{
-				if (!results)
-					{
-					BN_print(bp,d);
-					BIO_puts(bp, " ^ 2 - ");
-					BN_print(bp,a);
-					BIO_puts(bp,"\n");
-					}
-				}
-#endif
-			BN_GF2m_add(f, c, e);
-			/* Test that d^2 = a, where d = sqrt(a). */
-			if(!BN_is_zero(f))
-				{
-				fprintf(stderr,"GF(2^m) modular square root test failed!\n");
-				goto err;
-				}
-			}
-		}
-	ret = 1;
-  err:
-	BN_free(a);
-	BN_free(b[0]);
-	BN_free(b[1]);
-	BN_free(c);
-	BN_free(d);
-	BN_free(e);
-	BN_free(f);
-	return ret;
-	}
-
-int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
-	{
-	BIGNUM *a,*b[2],*c,*d,*e;
-	int i, j, s = 0, t, ret = 0;
-	int p0[] = {163,7,6,3,0,-1};
-	int p1[] = {193,15,0,-1};
-
-	a=BN_new();
-	b[0]=BN_new();
-	b[1]=BN_new();
-	c=BN_new();
-	d=BN_new();
-	e=BN_new();
-
-	BN_GF2m_arr2poly(p0, b[0]);
-	BN_GF2m_arr2poly(p1, b[1]);
-
-	for (i=0; i<num0; i++)
-		{
-		BN_bntest_rand(a, 512, 0, 0);
-		for (j=0; j < 2; j++)
-			{
-			t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
-			if (t)
-				{
-				s++;
-				BN_GF2m_mod_sqr(d, c, b[j], ctx);
-				BN_GF2m_add(d, c, d);
-				BN_GF2m_mod(e, a, b[j]);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
-				if (bp != NULL)
-					{
-					if (!results)
-						{
-						BN_print(bp,c);
-						BIO_puts(bp, " is root of z^2 + z = ");
-						BN_print(bp,a);
-						BIO_puts(bp, " % ");
-						BN_print(bp,b[j]);
-						BIO_puts(bp, "\n");
-						}
-					}
-#endif
-				BN_GF2m_add(e, e, d);
-				/* Test that solution of quadratic c satisfies c^2 + c = a. */
-				if(!BN_is_zero(e))
-					{
-					fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");
-					goto err;
-					}
-
-				}
-			else 
-				{
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
-				if (bp != NULL)
-					{
-					if (!results)
-						{
-						BIO_puts(bp, "There are no roots of z^2 + z = ");
-						BN_print(bp,a);
-						BIO_puts(bp, " % ");
-						BN_print(bp,b[j]);
-						BIO_puts(bp, "\n");
-						}
-					}
-#endif
-				}
-			}
-		}
-	if (s == 0)
-		{	
-		fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
-		fprintf(stderr,"this is very unlikely and probably indicates an error.\n");
-		goto err;
-		}
-	ret = 1;
-  err:
-	BN_free(a);
-	BN_free(b[0]);
-	BN_free(b[1]);
-	BN_free(c);
-	BN_free(d);
-	BN_free(e);
-	return ret;
-	}
-#endif
-static int genprime_cb(int p, int n, BN_GENCB *arg)
-	{
-	char c='*';
-
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	putc(c, stderr);
-	fflush(stderr);
-	return 1;
-	}
-
-int test_kron(BIO *bp, BN_CTX *ctx)
-	{
-	BN_GENCB cb;
-	BIGNUM *a,*b,*r,*t;
-	int i;
-	int legendre, kronecker;
-	int ret = 0;
-
-	a = BN_new();
-	b = BN_new();
-	r = BN_new();
-	t = BN_new();
-	if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
-
-	BN_GENCB_set(&cb, genprime_cb, NULL);
-	
-	/* We test BN_kronecker(a, b, ctx) just for  b  odd (Jacobi symbol).
-	 * In this case we know that if  b  is prime, then BN_kronecker(a, b, ctx)
-	 * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
-	 * So we generate a random prime  b  and compare these values
-	 * for a number of random  a's.  (That is, we run the Solovay-Strassen
-	 * primality test to confirm that  b  is prime, except that we
-	 * don't want to test whether  b  is prime but whether BN_kronecker
-	 * works.) */
-
-	if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err;
-	b->neg = rand_neg();
-	putc('\n', stderr);
-
-	for (i = 0; i < num0; i++)
-		{
-		if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
-		a->neg = rand_neg();
-
-		/* t := (|b|-1)/2  (note that b is odd) */
-		if (!BN_copy(t, b)) goto err;
-		t->neg = 0;
-		if (!BN_sub_word(t, 1)) goto err;
-		if (!BN_rshift1(t, t)) goto err;
-		/* r := a^t mod b */
-		b->neg=0;
-		
-		if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
-		b->neg=1;
-
-		if (BN_is_word(r, 1))
-			legendre = 1;
-		else if (BN_is_zero(r))
-			legendre = 0;
-		else
-			{
-			if (!BN_add_word(r, 1)) goto err;
-			if (0 != BN_ucmp(r, b))
-				{
-				fprintf(stderr, "Legendre symbol computation failed\n");
-				goto err;
-				}
-			legendre = -1;
-			}
-		
-		kronecker = BN_kronecker(a, b, ctx);
-		if (kronecker < -1) goto err;
-		/* we actually need BN_kronecker(a, |b|) */
-		if (a->neg && b->neg)
-			kronecker = -kronecker;
-		
-		if (legendre != kronecker)
-			{
-			fprintf(stderr, "legendre != kronecker; a = ");
-			BN_print_fp(stderr, a);
-			fprintf(stderr, ", b = ");
-			BN_print_fp(stderr, b);
-			fprintf(stderr, "\n");
-			goto err;
-			}
-
-		putc('.', stderr);
-		fflush(stderr);
-		}
-
-	putc('\n', stderr);
-	fflush(stderr);
-	ret = 1;
- err:
-	if (a != NULL) BN_free(a);
-	if (b != NULL) BN_free(b);
-	if (r != NULL) BN_free(r);
-	if (t != NULL) BN_free(t);
-	return ret;
-	}
-
-int test_sqrt(BIO *bp, BN_CTX *ctx)
-	{
-	BN_GENCB cb;
-	BIGNUM *a,*p,*r;
-	int i, j;
-	int ret = 0;
-
-	a = BN_new();
-	p = BN_new();
-	r = BN_new();
-	if (a == NULL || p == NULL || r == NULL) goto err;
-
-	BN_GENCB_set(&cb, genprime_cb, NULL);
-
-	for (i = 0; i < 16; i++)
-		{
-		if (i < 8)
-			{
-			unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
-			
-			if (!BN_set_word(p, primes[i])) goto err;
-			}
-		else
-			{
-			if (!BN_set_word(a, 32)) goto err;
-			if (!BN_set_word(r, 2*i + 1)) goto err;
-		
-			if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err;
-			putc('\n', stderr);
-			}
-		p->neg = rand_neg();
-
-		for (j = 0; j < num2; j++)
-			{
-			/* construct 'a' such that it is a square modulo p,
-			 * but in general not a proper square and not reduced modulo p */
-			if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
-			if (!BN_nnmod(r, r, p, ctx)) goto err;
-			if (!BN_mod_sqr(r, r, p, ctx)) goto err;
-			if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
-			if (!BN_nnmod(a, a, p, ctx)) goto err;
-			if (!BN_mod_sqr(a, a, p, ctx)) goto err;
-			if (!BN_mul(a, a, r, ctx)) goto err;
-			if (rand_neg())
-				if (!BN_sub(a, a, p)) goto err;
-
-			if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
-			if (!BN_mod_sqr(r, r, p, ctx)) goto err;
-
-			if (!BN_nnmod(a, a, p, ctx)) goto err;
-
-			if (BN_cmp(a, r) != 0)
-				{
-				fprintf(stderr, "BN_mod_sqrt failed: a = ");
-				BN_print_fp(stderr, a);
-				fprintf(stderr, ", r = ");
-				BN_print_fp(stderr, r);
-				fprintf(stderr, ", p = ");
-				BN_print_fp(stderr, p);
-				fprintf(stderr, "\n");
-				goto err;
-				}
-
-			putc('.', stderr);
-			fflush(stderr);
-			}
-		
-		putc('\n', stderr);
-		fflush(stderr);
-		}
-	ret = 1;
- err:
-	if (a != NULL) BN_free(a);
-	if (p != NULL) BN_free(p);
-	if (r != NULL) BN_free(r);
-	return ret;
-	}
-
-int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
-	{
-	BIGNUM *a,*b,*c,*d;
-	int i;
-
-	b=BN_new();
-	c=BN_new();
-	d=BN_new();
-	BN_one(c);
-
-	if(a_)
-	    a=a_;
-	else
-	    {
-	    a=BN_new();
-	    BN_bntest_rand(a,200,0,0); /**/
-	    a->neg=rand_neg();
-	    }
-	for (i=0; i<num0; i++)
-		{
-		BN_lshift(b,a,i+1);
-		BN_add(c,c,c);
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,a);
-				BIO_puts(bp," * ");
-				BN_print(bp,c);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,b);
-			BIO_puts(bp,"\n");
-			}
-		BN_mul(d,a,c,ctx);
-		BN_sub(d,d,b);
-		if(!BN_is_zero(d))
-		    {
-		    fprintf(stderr,"Left shift test failed!\n");
-		    fprintf(stderr,"a=");
-		    BN_print_fp(stderr,a);
-		    fprintf(stderr,"\nb=");
-		    BN_print_fp(stderr,b);
-		    fprintf(stderr,"\nc=");
-		    BN_print_fp(stderr,c);
-		    fprintf(stderr,"\nd=");
-		    BN_print_fp(stderr,d);
-		    fprintf(stderr,"\n");
-		    return 0;
-		    }
-		}
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
-	BN_free(d);
-	return(1);
-	}
-
-int test_lshift1(BIO *bp)
-	{
-	BIGNUM *a,*b,*c;
-	int i;
-
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
-
-	BN_bntest_rand(a,200,0,0); /**/
-	a->neg=rand_neg();
-	for (i=0; i<num0; i++)
-		{
-		BN_lshift1(b,a);
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,a);
-				BIO_puts(bp," * 2");
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,b);
-			BIO_puts(bp,"\n");
-			}
-		BN_add(c,a,a);
-		BN_sub(a,b,c);
-		if(!BN_is_zero(a))
-		    {
-		    fprintf(stderr,"Left shift one test failed!\n");
-		    return 0;
-		    }
-		
-		BN_copy(a,b);
-		}
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
-	return(1);
-	}
-
-int test_rshift(BIO *bp,BN_CTX *ctx)
-	{
-	BIGNUM *a,*b,*c,*d,*e;
-	int i;
-
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
-	d=BN_new();
-	e=BN_new();
-	BN_one(c);
-
-	BN_bntest_rand(a,200,0,0); /**/
-	a->neg=rand_neg();
-	for (i=0; i<num0; i++)
-		{
-		BN_rshift(b,a,i+1);
-		BN_add(c,c,c);
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,a);
-				BIO_puts(bp," / ");
-				BN_print(bp,c);
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,b);
-			BIO_puts(bp,"\n");
-			}
-		BN_div(d,e,a,c,ctx);
-		BN_sub(d,d,b);
-		if(!BN_is_zero(d))
-		    {
-		    fprintf(stderr,"Right shift test failed!\n");
-		    return 0;
-		    }
-		}
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
-	BN_free(d);
-	BN_free(e);
-	return(1);
-	}
-
-int test_rshift1(BIO *bp)
-	{
-	BIGNUM *a,*b,*c;
-	int i;
-
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
-
-	BN_bntest_rand(a,200,0,0); /**/
-	a->neg=rand_neg();
-	for (i=0; i<num0; i++)
-		{
-		BN_rshift1(b,a);
-		if (bp != NULL)
-			{
-			if (!results)
-				{
-				BN_print(bp,a);
-				BIO_puts(bp," / 2");
-				BIO_puts(bp," - ");
-				}
-			BN_print(bp,b);
-			BIO_puts(bp,"\n");
-			}
-		BN_sub(c,a,b);
-		BN_sub(c,c,b);
-		if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
-		    {
-		    fprintf(stderr,"Right shift one test failed!\n");
-		    return 0;
-		    }
-		BN_copy(a,b);
-		}
-	BN_free(a);
-	BN_free(b);
-	BN_free(c);
-	return(1);
-	}
-
-int rand_neg(void)
-	{
-	static unsigned int neg=0;
-	static int sign[8]={0,0,0,1,1,0,1,1};
-
-	return(sign[(neg++)%8]);
-	}
diff --git a/crypto/bn/divtest.c b/crypto/bn/divtest.c
deleted file mode 100644
index d3fc688f33..0000000000
--- a/crypto/bn/divtest.c
+++ /dev/null
@@ -1,41 +0,0 @@
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-
-static int Rand(n)
-{
-    unsigned char x[2];
-    RAND_pseudo_bytes(x,2);
-    return (x[0] + 2*x[1]);
-}
-
-static void bug(char *m, BIGNUM *a, BIGNUM *b)
-{
-    printf("%s!\na=",m);
-    BN_print_fp(stdout, a);
-    printf("\nb=");
-    BN_print_fp(stdout, b);
-    printf("\n");
-    fflush(stdout);
-}
-
-main()
-{
-    BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(),
-	*C=BN_new(), *D=BN_new();
-    BN_RECP_CTX *recp=BN_RECP_CTX_new();
-    BN_CTX *ctx=BN_CTX_new();
-
-    for(;;) {
-	BN_pseudo_rand(a,Rand(),0,0);
-	BN_pseudo_rand(b,Rand(),0,0);
-	if (BN_is_zero(b)) continue;
-
-	BN_RECP_CTX_set(recp,b,ctx);
-	if (BN_div(C,D,a,b,ctx) != 1)
-	    bug("BN_div failed",a,b);
-	if (BN_div_recp(c,d,a,recp,ctx) != 1)
-	    bug("BN_div_recp failed",a,b);
-	else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0)
-	    bug("mismatch",a,b);
-    }
-}
diff --git a/crypto/bn/exp.c b/crypto/bn/exp.c
deleted file mode 100644
index 4865b0ef74..0000000000
--- a/crypto/bn/exp.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/* unused */
-
-#include <stdio.h>
-#include <openssl/tmdiff.h>
-#include "bn_lcl.h"
-
-#define SIZE	256
-#define NUM	(8*8*8)
-#define MOD	(8*8*8*8*8)
-
-main(argc,argv)
-int argc;
-char *argv[];
-	{
-	BN_CTX ctx;
-	BIGNUM a,b,c,r,rr,t,l;
-	int j,i,size=SIZE,num=NUM,mod=MOD;
-	char *start,*end;
-	BN_MONT_CTX mont;
-	double d,md;
-
-	BN_MONT_CTX_init(&mont);
-	BN_CTX_init(&ctx);
-	BN_init(&a);
-	BN_init(&b);
-	BN_init(&c);
-	BN_init(&r);
-
-	start=ms_time_new();
-	end=ms_time_new();
-	while (size <= 1024*8)
-		{
-		BN_rand(&a,size,0,0);
-		BN_rand(&b,size,1,0);
-		BN_rand(&c,size,0,1);
-
-		BN_mod(&a,&a,&c,&ctx);
-
-		ms_time_get(start);
-		for (i=0; i<10; i++)
-			BN_MONT_CTX_set(&mont,&c,&ctx);
-		ms_time_get(end);
-		md=ms_time_diff(start,end);
-
-		ms_time_get(start);
-		for (i=0; i<num; i++)
-			{
-			/* bn_mull(&r,&a,&b,&ctx); */
-			/* BN_sqr(&r,&a,&ctx); */
-			BN_mod_exp_mont(&r,&a,&b,&c,&ctx,&mont);
-			}
-		ms_time_get(end);
-		d=ms_time_diff(start,end)/* *50/33 */;
-		printf("%5d bit:%6.2f %6d %6.4f %4d m_set(%5.4f)\n",size,
-			d,num,d/num,(int)((d/num)*mod),md/10.0);
-		num/=8;
-		mod/=8;
-		if (num <= 0) num=1;
-		size*=2;
-		}
-
-	}
diff --git a/crypto/bn/expspeed.c b/crypto/bn/expspeed.c
deleted file mode 100644
index 4d5f221f33..0000000000
--- a/crypto/bn/expspeed.c
+++ /dev/null
@@ -1,353 +0,0 @@
-/* unused */
-
-/* crypto/bn/expspeed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#define BASENUM	5000
-#define NUM_START 0
-
-
-/* determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol,
- * modular inverse, or modular square roots */
-#define TEST_EXP
-#undef TEST_MUL
-#undef TEST_SQR
-#undef TEST_GCD
-#undef TEST_KRON
-#undef TEST_INV
-#undef TEST_SQRT
-#define P_MOD_64 9 /* least significant 6 bits for prime to be used for BN_sqrt timings */
-
-#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1
-#  error "choose one test"
-#endif
-
-#if defined(TEST_INV) || defined(TEST_SQRT)
-#  define C_PRIME
-static void genprime_cb(int p, int n, void *arg);
-#endif
-
-
-
-#undef PROG
-#define PROG bnspeed_main
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
-   The __TMS macro will show if it was.  If it wasn't defined, we should
-   undefine TIMES, since that tells the rest of the program how things
-   should be handled.				-- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   define HZ	100.0
-#  else /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
-#  endif
-# else /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE	((long)1024*8)
-int run=0;
-
-static double Time_F(int s);
-#define START	0
-#define STOP	1
-
-static double Time_F(int s)
-	{
-	double ret;
-#ifdef TIMES
-	static struct tms tstart,tend;
-
-	if (s == START)
-		{
-		times(&tstart);
-		return(0);
-		}
-	else
-		{
-		times(&tend);
-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
-		return((ret < 1e-3)?1e-3:ret);
-		}
-#else /* !times() */
-	static struct timeb tstart,tend;
-	long i;
-
-	if (s == START)
-		{
-		ftime(&tstart);
-		return(0);
-		}
-	else
-		{
-		ftime(&tend);
-		i=(long)tend.millitm-(long)tstart.millitm;
-		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
-		return((ret < 0.001)?0.001:ret);
-		}
-#endif
-	}
-
-#define NUM_SIZES	7
-#if NUM_START > NUM_SIZES
-#   error "NUM_START > NUM_SIZES"
-#endif
-static int sizes[NUM_SIZES]={128,256,512,1024,2048,4096,8192};
-static int mul_c[NUM_SIZES]={8*8*8*8*8*8,8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
-/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
-
-#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); }
-
-void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx); 
-
-int main(int argc, char **argv)
-	{
-	BN_CTX *ctx;
-	BIGNUM *a,*b,*c,*r;
-
-#if 1
-	if (!CRYPTO_set_mem_debug_functions(0,0,0,0,0))
-		abort();
-#endif
-
-	ctx=BN_CTX_new();
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
-	r=BN_new();
-
-	while (!RAND_status())
-		/* not enough bits */
-		RAND_SEED("I demand a manual recount!");
-
-	do_mul_exp(r,a,b,c,ctx);
-	return 0;
-	}
-
-void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
-	{
-	int i,k;
-	double tm;
-	long num;
-
-	num=BASENUM;
-	for (i=NUM_START; i<NUM_SIZES; i++)
-		{
-#ifdef C_PRIME
-#  ifdef TEST_SQRT
-		if (!BN_set_word(a, 64)) goto err;
-		if (!BN_set_word(b, P_MOD_64)) goto err;
-#    define ADD a
-#    define REM b
-#  else
-#    define ADD NULL
-#    define REM NULL
-#  endif
-		if (!BN_generate_prime(c,sizes[i],0,ADD,REM,genprime_cb,NULL)) goto err;
-		putc('\n', stderr);
-		fflush(stderr);
-#endif
-
-		for (k=0; k<num; k++)
-			{
-			if (k%50 == 0) /* Average over num/50 different choices of random numbers. */
-				{
-				if (!BN_pseudo_rand(a,sizes[i],1,0)) goto err;
-
-				if (!BN_pseudo_rand(b,sizes[i],1,0)) goto err;
-
-#ifndef C_PRIME
-				if (!BN_pseudo_rand(c,sizes[i],1,1)) goto err;
-#endif
-
-#ifdef TEST_SQRT				
-				if (!BN_mod_sqr(a,a,c,ctx)) goto err;
-				if (!BN_mod_sqr(b,b,c,ctx)) goto err;
-#else
-				if (!BN_nnmod(a,a,c,ctx)) goto err;
-				if (!BN_nnmod(b,b,c,ctx)) goto err;
-#endif
-
-				if (k == 0)
-					Time_F(START);
-				}
-
-#if defined(TEST_EXP)
-			if (!BN_mod_exp(r,a,b,c,ctx)) goto err;
-#elif defined(TEST_MUL)
-			{
-			int i = 0;
-			for (i = 0; i < 50; i++)
-				if (!BN_mod_mul(r,a,b,c,ctx)) goto err;
-			}
-#elif defined(TEST_SQR)
-			{
-			int i = 0;
-			for (i = 0; i < 50; i++)
-				{
-				if (!BN_mod_sqr(r,a,c,ctx)) goto err;
-				if (!BN_mod_sqr(r,b,c,ctx)) goto err;
-				}
-			}
-#elif defined(TEST_GCD)
-			if (!BN_gcd(r,a,b,ctx)) goto err;
-			if (!BN_gcd(r,b,c,ctx)) goto err;
-			if (!BN_gcd(r,c,a,ctx)) goto err;
-#elif defined(TEST_KRON)
-			if (-2 == BN_kronecker(a,b,ctx)) goto err;
-			if (-2 == BN_kronecker(b,c,ctx)) goto err;
-			if (-2 == BN_kronecker(c,a,ctx)) goto err;
-#elif defined(TEST_INV)
-			if (!BN_mod_inverse(r,a,c,ctx)) goto err;
-			if (!BN_mod_inverse(r,b,c,ctx)) goto err;
-#else /* TEST_SQRT */
-			if (!BN_mod_sqrt(r,a,c,ctx)) goto err;
-			if (!BN_mod_sqrt(r,b,c,ctx)) goto err;
-#endif
-			}
-		tm=Time_F(STOP);
-		printf(
-#if defined(TEST_EXP)
-			"modexp %4d ^ %4d %% %4d"
-#elif defined(TEST_MUL)
-			"50*modmul %4d %4d %4d"
-#elif defined(TEST_SQR)
-			"100*modsqr %4d %4d %4d"
-#elif defined(TEST_GCD)
-			"3*gcd %4d %4d %4d"
-#elif defined(TEST_KRON)
-			"3*kronecker %4d %4d %4d"
-#elif defined(TEST_INV)
-			"2*inv %4d %4d mod %4d"
-#else /* TEST_SQRT */
-			"2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
-#endif
-			" -> %8.6fms %5.1f (%ld)\n",
-#ifdef TEST_SQRT
-			P_MOD_64,
-#endif
-			sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num, num);
-		num/=7;
-		if (num <= 0) num=1;
-		}
-	return;
-
- err:
-	ERR_print_errors_fp(stderr);
-	}
-
-
-#ifdef C_PRIME
-static void genprime_cb(int p, int n, void *arg)
-	{
-	char c='*';
-
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	putc(c, stderr);
-	fflush(stderr);
-	(void)n;
-	(void)arg;
-	}
-#endif
diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c
deleted file mode 100644
index 5fa02a1229..0000000000
--- a/crypto/bn/exptest.c
+++ /dev/null
@@ -1,247 +0,0 @@
-/* crypto/bn/exptest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-
-#define NUM_BITS	(BN_BITS*2)
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-/* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */
-static int test_exp_mod_zero() {
-	BIGNUM a, p, m;
-	BIGNUM r;
-	BN_CTX *ctx = BN_CTX_new();
-	int ret = 1;
-
-	BN_init(&m);
-	BN_one(&m);
-
-	BN_init(&a);
-	BN_one(&a);
-
-	BN_init(&p);
-	BN_zero(&p);
-
-	BN_init(&r);
-	BN_mod_exp(&r, &a, &p, &m, ctx);
-	BN_CTX_free(ctx);
-
-	if (BN_is_zero(&r))
-		ret = 0;
-	else
-		{
-		printf("1**0 mod 1 = ");
-		BN_print_fp(stdout, &r);
-		printf(", should be 0\n");
-		}
-
-	BN_free(&r);
-	BN_free(&a);
-	BN_free(&p);
-	BN_free(&m);
-
-	return ret;
-}
-
-int main(int argc, char *argv[])
-	{
-	BN_CTX *ctx;
-	BIO *out=NULL;
-	int i,ret;
-	unsigned char c;
-	BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
-
-	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
-	                                       * even check its return value
-	                                       * (which we should) */
-
-	ERR_load_BN_strings();
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) EXIT(1);
-	r_mont=BN_new();
-	r_mont_const=BN_new();
-	r_recp=BN_new();
-	r_simple=BN_new();
-	a=BN_new();
-	b=BN_new();
-	m=BN_new();
-	if (	(r_mont == NULL) || (r_recp == NULL) ||
-		(a == NULL) || (b == NULL))
-		goto err;
-
-	out=BIO_new(BIO_s_file());
-
-	if (out == NULL) EXIT(1);
-	BIO_set_fp(out,stdout,BIO_NOCLOSE);
-
-	for (i=0; i<200; i++)
-		{
-		RAND_bytes(&c,1);
-		c=(c%BN_BITS)-BN_BITS2;
-		BN_rand(a,NUM_BITS+c,0,0);
-
-		RAND_bytes(&c,1);
-		c=(c%BN_BITS)-BN_BITS2;
-		BN_rand(b,NUM_BITS+c,0,0);
-
-		RAND_bytes(&c,1);
-		c=(c%BN_BITS)-BN_BITS2;
-		BN_rand(m,NUM_BITS+c,0,1);
-
-		BN_mod(a,a,m,ctx);
-		BN_mod(b,b,m,ctx);
-
-		ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
-		if (ret <= 0)
-			{
-			printf("BN_mod_exp_mont() problems\n");
-			ERR_print_errors(out);
-			EXIT(1);
-			}
-
-		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
-		if (ret <= 0)
-			{
-			printf("BN_mod_exp_recp() problems\n");
-			ERR_print_errors(out);
-			EXIT(1);
-			}
-
-		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
-		if (ret <= 0)
-			{
-			printf("BN_mod_exp_simple() problems\n");
-			ERR_print_errors(out);
-			EXIT(1);
-			}
-
-		ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
-		if (ret <= 0)
-			{
-			printf("BN_mod_exp_mont_consttime() problems\n");
-			ERR_print_errors(out);
-			EXIT(1);
-			}
-
-		if (BN_cmp(r_simple, r_mont) == 0
-		    && BN_cmp(r_simple,r_recp) == 0
-			&& BN_cmp(r_simple,r_mont_const) == 0)
-			{
-			printf(".");
-			fflush(stdout);
-			}
-		else
-		  	{
-			if (BN_cmp(r_simple,r_mont) != 0)
-				printf("\nsimple and mont results differ\n");
-			if (BN_cmp(r_simple,r_mont_const) != 0)
-				printf("\nsimple and mont const time results differ\n");
-			if (BN_cmp(r_simple,r_recp) != 0)
-				printf("\nsimple and recp results differ\n");
-
-			printf("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);
-			printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
-			printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
-			printf("\nsimple   =");	BN_print(out,r_simple);
-			printf("\nrecp     =");	BN_print(out,r_recp);
-			printf("\nmont     ="); BN_print(out,r_mont);
-			printf("\nmont_ct  ="); BN_print(out,r_mont_const);
-			printf("\n");
-			EXIT(1);
-			}
-		}
-	BN_free(r_mont);
-	BN_free(r_mont_const);
-	BN_free(r_recp);
-	BN_free(r_simple);
-	BN_free(a);
-	BN_free(b);
-	BN_free(m);
-	BN_CTX_free(ctx);
-	ERR_remove_thread_state(NULL);
-	CRYPTO_mem_leaks(out);
-	BIO_free(out);
-	printf("\n");
-
-	if (test_exp_mod_zero() != 0)
-		goto err;
-
-	printf("done\n");
-
-	EXIT(0);
-err:
-	ERR_load_crypto_strings();
-	ERR_print_errors(out);
-#ifdef OPENSSL_SYS_NETWARE
-    printf("ERROR\n");
-#endif
-	EXIT(1);
-	return(1);
-	}
-
diff --git a/crypto/bn/todo b/crypto/bn/todo
deleted file mode 100644
index e47e381aea..0000000000
--- a/crypto/bn/todo
+++ /dev/null
@@ -1,3 +0,0 @@
-Cache RECP_CTX values
-make the result argument independant of the inputs.
-split up the _exp_ functions
diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c
deleted file mode 100644
index 8f1de6192b..0000000000
--- a/crypto/buffer/buf_err.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* crypto/buffer/buf_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/buffer.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
-
-static ERR_STRING_DATA BUF_str_functs[]=
-	{
-{ERR_FUNC(BUF_F_BUF_MEMDUP),	"BUF_memdup"},
-{ERR_FUNC(BUF_F_BUF_MEM_GROW),	"BUF_MEM_grow"},
-{ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN),	"BUF_MEM_grow_clean"},
-{ERR_FUNC(BUF_F_BUF_MEM_NEW),	"BUF_MEM_new"},
-{ERR_FUNC(BUF_F_BUF_STRDUP),	"BUF_strdup"},
-{ERR_FUNC(BUF_F_BUF_STRNDUP),	"BUF_strndup"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA BUF_str_reasons[]=
-	{
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_BUF_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(BUF_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,BUF_str_functs);
-		ERR_load_strings(0,BUF_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c
deleted file mode 100644
index 151f5ea971..0000000000
--- a/crypto/buffer/buf_str.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/* crypto/buffer/buffer.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-
-char *BUF_strdup(const char *str)
-	{
-	if (str == NULL) return(NULL);
-	return BUF_strndup(str, strlen(str));
-	}
-
-char *BUF_strndup(const char *str, size_t siz)
-	{
-	char *ret;
-
-	if (str == NULL) return(NULL);
-
-	ret=OPENSSL_malloc(siz+1);
-	if (ret == NULL) 
-		{
-		BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	BUF_strlcpy(ret,str,siz+1);
-	return(ret);
-	}
-
-void *BUF_memdup(const void *data, size_t siz)
-	{
-	void *ret;
-
-	if (data == NULL) return(NULL);
-
-	ret=OPENSSL_malloc(siz);
-	if (ret == NULL) 
-		{
-		BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	return memcpy(ret, data, siz);
-	}	
-
-size_t BUF_strlcpy(char *dst, const char *src, size_t size)
-	{
-	size_t l = 0;
-	for(; size > 1 && *src; size--)
-		{
-		*dst++ = *src++;
-		l++;
-		}
-	if (size)
-		*dst = '\0';
-	return l + strlen(src);
-	}
-
-size_t BUF_strlcat(char *dst, const char *src, size_t size)
-	{
-	size_t l = 0;
-	for(; size > 0 && *dst; size--, dst++)
-		l++;
-	return l + BUF_strlcpy(dst, src, size);
-	}
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
deleted file mode 100644
index d4a4ce43b3..0000000000
--- a/crypto/buffer/buffer.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/* crypto/buffer/buffer.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-
-/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
- * function is applied in several functions in this file and this limit ensures
- * that the result fits in an int. */
-#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
-
-BUF_MEM *BUF_MEM_new(void)
-	{
-	BUF_MEM *ret;
-
-	ret=OPENSSL_malloc(sizeof(BUF_MEM));
-	if (ret == NULL)
-		{
-		BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->length=0;
-	ret->max=0;
-	ret->data=NULL;
-	return(ret);
-	}
-
-void BUF_MEM_free(BUF_MEM *a)
-	{
-	if(a == NULL)
-	    return;
-
-	if (a->data != NULL)
-		{
-		memset(a->data,0,(unsigned int)a->max);
-		OPENSSL_free(a->data);
-		}
-	OPENSSL_free(a);
-	}
-
-int BUF_MEM_grow(BUF_MEM *str, size_t len)
-	{
-	char *ret;
-	size_t n;
-
-	if (str->length >= len)
-		{
-		str->length=len;
-		return(len);
-		}
-	if (str->max >= len)
-		{
-		memset(&str->data[str->length],0,len-str->length);
-		str->length=len;
-		return(len);
-		}
-	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
-	if (len > LIMIT_BEFORE_EXPANSION)
-		{
-		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	n=(len+3)/3*4;
-	if (str->data == NULL)
-		ret=OPENSSL_malloc(n);
-	else
-		ret=OPENSSL_realloc(str->data,n);
-	if (ret == NULL)
-		{
-		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
-		len=0;
-		}
-	else
-		{
-		str->data=ret;
-		str->max=n;
-		memset(&str->data[str->length],0,len-str->length);
-		str->length=len;
-		}
-	return(len);
-	}
-
-int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
-	{
-	char *ret;
-	size_t n;
-
-	if (str->length >= len)
-		{
-		memset(&str->data[len],0,str->length-len);
-		str->length=len;
-		return(len);
-		}
-	if (str->max >= len)
-		{
-		memset(&str->data[str->length],0,len-str->length);
-		str->length=len;
-		return(len);
-		}
-	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
-	if (len > LIMIT_BEFORE_EXPANSION)
-		{
-		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	n=(len+3)/3*4;
-	if (str->data == NULL)
-		ret=OPENSSL_malloc(n);
-	else
-		ret=OPENSSL_realloc_clean(str->data,str->max,n);
-	if (ret == NULL)
-		{
-		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
-		len=0;
-		}
-	else
-		{
-		str->data=ret;
-		str->max=n;
-		memset(&str->data[str->length],0,len-str->length);
-		str->length=len;
-		}
-	return(len);
-	}
-
-void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
-	{
-	size_t i;
-	if (in)
-		{
-		out += size - 1;
-		for (i = 0; i < size; i++)
-			*out-- = *in++;
-		}
-	else
-		{
-		unsigned char *q;
-		char c;
-		q = out + size - 1;
-		for (i = 0; i < size/2; i++)
-			{
-			c = *q;
-			*q-- = *out;
-			*out++ = c;
-			}
-		}
-	}
diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h
deleted file mode 100644
index f8da32b485..0000000000
--- a/crypto/buffer/buffer.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/* crypto/buffer/buffer.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BUFFER_H
-#define HEADER_BUFFER_H
-
-#include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include <stddef.h>
-
-#if !defined(NO_SYS_TYPES_H)
-#include <sys/types.h>
-#endif
-
-/* Already declared in ossl_typ.h */
-/* typedef struct buf_mem_st BUF_MEM; */
-
-struct buf_mem_st
-	{
-	size_t length;	/* current number of bytes */
-	char *data;
-	size_t max;	/* size of buffer */
-	};
-
-BUF_MEM *BUF_MEM_new(void);
-void	BUF_MEM_free(BUF_MEM *a);
-int	BUF_MEM_grow(BUF_MEM *str, size_t len);
-int	BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
-char *	BUF_strdup(const char *str);
-char *	BUF_strndup(const char *str, size_t siz);
-void *	BUF_memdup(const void *data, size_t siz);
-void	BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
-
-/* safe string functions */
-size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
-size_t BUF_strlcat(char *dst,const char *src,size_t siz);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BUF_strings(void);
-
-/* Error codes for the BUF functions. */
-
-/* Function codes. */
-#define BUF_F_BUF_MEMDUP				 103
-#define BUF_F_BUF_MEM_GROW				 100
-#define BUF_F_BUF_MEM_GROW_CLEAN			 105
-#define BUF_F_BUF_MEM_NEW				 101
-#define BUF_F_BUF_STRDUP				 102
-#define BUF_F_BUF_STRNDUP				 104
-
-/* Reason codes. */
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c
deleted file mode 100644
index 0b8e5670b0..0000000000
--- a/crypto/cmac/cm_ameth.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2010.
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/cmac.h>
-#include "asn1_locl.h"
-
-/* CMAC "ASN1" method. This is just here to indicate the
- * maximum CMAC output length and to free up a CMAC
- * key.
- */
-
-static int cmac_size(const EVP_PKEY *pkey)
-	{
-	return EVP_MAX_BLOCK_LENGTH;
-	}
-
-static void cmac_key_free(EVP_PKEY *pkey)
-	{
-	CMAC_CTX *cmctx = (CMAC_CTX *)pkey->pkey.ptr;
-	if (cmctx)
-		CMAC_CTX_free(cmctx);
-	}
-
-const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = 
-	{
-	EVP_PKEY_CMAC,
-	EVP_PKEY_CMAC,
-	0,
-
-	"CMAC",
-	"OpenSSL CMAC method",
-
-	0,0,0,0,
-
-	0,0,0,
-
-	cmac_size,
-	0,
-	0,0,0,0,0,0,0,
-
-	cmac_key_free,
-	0,
-	0,0
-	};
-
diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c
deleted file mode 100644
index 072228ec7f..0000000000
--- a/crypto/cmac/cm_pmeth.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2010.
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/evp.h>
-#include <openssl/cmac.h>
-#include "evp_locl.h"
-
-/* The context structure and "key" is simply a CMAC_CTX */
-
-static int pkey_cmac_init(EVP_PKEY_CTX *ctx)
-	{
-	ctx->data = CMAC_CTX_new();
-	if (!ctx->data)
-		return 0;
-	ctx->keygen_info_count = 0;
-	return 1;
-	}
-
-static int pkey_cmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-	{
-	if (!pkey_cmac_init(dst))
-		return 0;
-	if (!CMAC_CTX_copy(dst->data, src->data))
-		return 0;
-	return 1;
-	}
-
-static void pkey_cmac_cleanup(EVP_PKEY_CTX *ctx)
-	{
-	CMAC_CTX_free(ctx->data);
-	}
-
-static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-	{
-	CMAC_CTX *cmkey = CMAC_CTX_new();
-	CMAC_CTX *cmctx = ctx->data;
-	if (!cmkey)
-		return 0;
-	if (!CMAC_CTX_copy(cmkey, cmctx))
-		{
-		CMAC_CTX_free(cmkey);
-		return 0;
-		}
-	EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmkey);
-	
-	return 1;
-	}
-
-static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{
-	if (!CMAC_Update(ctx->pctx->data, data, count))
-		return 0;
-	return 1;
-	}
-
-static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
-	{
-	EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
-	mctx->update = int_update;
-	return 1;
-	}
-
-static int cmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-					EVP_MD_CTX *mctx)
-	{
-	return CMAC_Final(ctx->data, sig, siglen);
-	}
-
-static int pkey_cmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-	{
-	CMAC_CTX *cmctx = ctx->data;
-	switch (type)
-		{
-
-		case EVP_PKEY_CTRL_SET_MAC_KEY:
-		if (!p2 || p1 < 0)
-			return 0;
-		if (!CMAC_Init(cmctx, p2, p1, NULL, NULL))
-			return 0;
-		break;
-
-		case EVP_PKEY_CTRL_CIPHER:
-		if (!CMAC_Init(cmctx, NULL, 0, p2, ctx->engine))
-			return 0;
-		break;
-
-		case EVP_PKEY_CTRL_MD:
-		if (ctx->pkey && !CMAC_CTX_copy(ctx->data,
-					(CMAC_CTX *)ctx->pkey->pkey.ptr))
-			return 0;
-		if (!CMAC_Init(cmctx, NULL, 0, NULL, NULL))
-			return 0;
-		break;
-
-		default:
-		return -2;
-
-		}
-	return 1;
-	}
-
-static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx,
-			const char *type, const char *value)
-	{
-	if (!value)
-		{
-		return 0;
-		}
-	if (!strcmp(type, "key"))
-		{
-		void *p = (void *)value;
-		return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
-								strlen(p), p);
-		}
-	if (!strcmp(type, "cipher"))
-		{
-		const EVP_CIPHER *c;
-		c = EVP_get_cipherbyname(value);
-		if (!c)
-			return 0;
-		return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c);
-		}
-	if (!strcmp(type, "hexkey"))
-		{
-		unsigned char *key;
-		int r;
-		long keylen;
-		key = string_to_hex(value, &keylen);
-		if (!key)
-			return 0;
-		r = pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
-		OPENSSL_free(key);
-		return r;
-		}
-	return -2;
-	}
-
-const EVP_PKEY_METHOD cmac_pkey_meth = 
-	{
-	EVP_PKEY_CMAC,
-	EVP_PKEY_FLAG_SIGCTX_CUSTOM,
-	pkey_cmac_init,
-	pkey_cmac_copy,
-	pkey_cmac_cleanup,
-
-	0, 0,
-
-	0,
-	pkey_cmac_keygen,
-
-	0, 0,
-
-	0, 0,
-
-	0,0,
-
-	cmac_signctx_init,
-	cmac_signctx,
-
-	0,0,
-
-	0,0,
-
-	0,0,
-
-	0,0,
-
-	pkey_cmac_ctrl,
-	pkey_cmac_ctrl_str
-
-	};
diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c
deleted file mode 100644
index 8b72b09681..0000000000
--- a/crypto/cmac/cmac.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/* crypto/cmac/cmac.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/cmac.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-struct CMAC_CTX_st
-	{
-	/* Cipher context to use */
-	EVP_CIPHER_CTX cctx;
-	/* Keys k1 and k2 */
-	unsigned char k1[EVP_MAX_BLOCK_LENGTH];
-	unsigned char k2[EVP_MAX_BLOCK_LENGTH];
-	/* Temporary block */
-	unsigned char tbl[EVP_MAX_BLOCK_LENGTH];
-	/* Last (possibly partial) block */
-	unsigned char last_block[EVP_MAX_BLOCK_LENGTH];
-	/* Number of bytes in last block: -1 means context not initialised */
-	int nlast_block;
-	};
-
-
-/* Make temporary keys K1 and K2 */
-
-static void make_kn(unsigned char *k1, unsigned char *l, int bl)
-	{
-	int i;
-	/* Shift block to left, including carry */
-	for (i = 0; i < bl; i++)
-		{
-		k1[i] = l[i] << 1;
-		if (i < bl - 1 && l[i + 1] & 0x80)
-			k1[i] |= 1;
-		}
-	/* If MSB set fixup with R */
-	if (l[0] & 0x80)
-		k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b;
-	}
-
-CMAC_CTX *CMAC_CTX_new(void)
-	{
-	CMAC_CTX *ctx;
-	ctx = OPENSSL_malloc(sizeof(CMAC_CTX));
-	if (!ctx)
-		return NULL;
-	EVP_CIPHER_CTX_init(&ctx->cctx);
-	ctx->nlast_block = -1;
-	return ctx;
-	}
-
-void CMAC_CTX_cleanup(CMAC_CTX *ctx)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !ctx->cctx.engine)
-		{
-		FIPS_cmac_ctx_cleanup(ctx);
-		return;
-		}
-#endif
-	EVP_CIPHER_CTX_cleanup(&ctx->cctx);
-	OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
-	OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
-	OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH);
-	OPENSSL_cleanse(ctx->last_block, EVP_MAX_BLOCK_LENGTH);
-	ctx->nlast_block = -1;
-	}
-
-EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
-	{
-	return &ctx->cctx;
-	}
-
-void CMAC_CTX_free(CMAC_CTX *ctx)
-	{
-	CMAC_CTX_cleanup(ctx);
-	OPENSSL_free(ctx);
-	}
-
-int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
-	{
-	int bl;
-	if (in->nlast_block == -1)
-		return 0;
-	if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx))
-		return 0;
-	bl = EVP_CIPHER_CTX_block_size(&in->cctx);
-	memcpy(out->k1, in->k1, bl);
-	memcpy(out->k2, in->k2, bl);
-	memcpy(out->tbl, in->tbl, bl);
-	memcpy(out->last_block, in->last_block, bl);
-	out->nlast_block = in->nlast_block;
-	return 1;
-	}
-
-int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, 
-			const EVP_CIPHER *cipher, ENGINE *impl)
-	{
-	static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		{
-		/* If we have an ENGINE need to allow non FIPS */
-		if ((impl || ctx->cctx.engine)
-			&& !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-
-			{
-			EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
-			return 0;
-			}
-		/* Other algorithm blocking will be done in FIPS_cmac_init,
-		 * via FIPS_cipherinit().
-		 */
-		if (!impl && !ctx->cctx.engine)
-			return FIPS_cmac_init(ctx, key, keylen, cipher, NULL);
-		}
-#endif
-	/* All zeros means restart */
-	if (!key && !cipher && !impl && keylen == 0)
-		{
-		/* Not initialised */
-		if (ctx->nlast_block == -1)
-			return 0;
-		if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
-			return 0;
-		memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(&ctx->cctx));
-		ctx->nlast_block = 0;
-		return 1;
-		}
-	/* Initialiase context */
-	if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))
-		return 0;
-	/* Non-NULL key means initialisation complete */
-	if (key)
-		{
-		int bl;
-		if (!EVP_CIPHER_CTX_cipher(&ctx->cctx))
-			return 0;
-		if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen))
-			return 0;
-		if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
-			return 0;
-		bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
-		if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))
-			return 0;
-		make_kn(ctx->k1, ctx->tbl, bl);
-		make_kn(ctx->k2, ctx->k1, bl);
-		OPENSSL_cleanse(ctx->tbl, bl);
-		/* Reset context again ready for first data block */
-		if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv))
-			return 0;
-		/* Zero tbl so resume works */
-		memset(ctx->tbl, 0, bl);
-		ctx->nlast_block = 0;
-		}
-	return 1;
-	}
-
-int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
-	{
-	const unsigned char *data = in;
-	size_t bl;
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !ctx->cctx.engine)
-		return FIPS_cmac_update(ctx, in, dlen);
-#endif
-	if (ctx->nlast_block == -1)
-		return 0;
-	if (dlen == 0)
-		return 1;
-	bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
-	/* Copy into partial block if we need to */
-	if (ctx->nlast_block > 0)
-		{
-		size_t nleft;
-		nleft = bl - ctx->nlast_block;
-		if (dlen < nleft)
-			nleft = dlen;
-		memcpy(ctx->last_block + ctx->nlast_block, data, nleft);
-		dlen -= nleft;
-		ctx->nlast_block += nleft;
-		/* If no more to process return */
-		if (dlen == 0)
-			return 1;
-		data += nleft;
-		/* Else not final block so encrypt it */
-		if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block,bl))
-			return 0;
-		}
-	/* Encrypt all but one of the complete blocks left */
-	while(dlen > bl)
-		{
-		if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl))
-			return 0;
-		dlen -= bl;
-		data += bl;
-		}
-	/* Copy any data left to last block buffer */
-	memcpy(ctx->last_block, data, dlen);
-	ctx->nlast_block = dlen;
-	return 1;
-
-	}
-
-int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
-	{
-	int i, bl, lb;
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !ctx->cctx.engine)
-		return FIPS_cmac_final(ctx, out, poutlen);
-#endif
-	if (ctx->nlast_block == -1)
-		return 0;
-	bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
-	*poutlen = (size_t)bl;
-	if (!out)
-		return 1;
-	lb = ctx->nlast_block;
-	/* Is last block complete? */
-	if (lb == bl)
-		{
-		for (i = 0; i < bl; i++)
-			out[i] = ctx->last_block[i] ^ ctx->k1[i];
-		}
-	else
-		{
-		ctx->last_block[lb] = 0x80;
-		if (bl - lb > 1)
-			memset(ctx->last_block + lb + 1, 0, bl - lb - 1);
-		for (i = 0; i < bl; i++)
-			out[i] = ctx->last_block[i] ^ ctx->k2[i];
-		}
-	if (!EVP_Cipher(&ctx->cctx, out, out, bl))
-		{
-		OPENSSL_cleanse(out, bl);	
-		return 0;
-		}
-	return 1;
-	}
-
-int CMAC_resume(CMAC_CTX *ctx)
-	{
-	if (ctx->nlast_block == -1)
-		return 0;
-	/* The buffer "tbl" containes the last fully encrypted block
-	 * which is the last IV (or all zeroes if no last encrypted block).
-	 * The last block has not been modified since CMAC_final().
-	 * So reinitliasing using the last decrypted block will allow
-	 * CMAC to continue after calling CMAC_Final(). 
-	 */
-	return EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl);
-	}
diff --git a/crypto/cmac/cmac.h b/crypto/cmac/cmac.h
deleted file mode 100644
index 712e92dced..0000000000
--- a/crypto/cmac/cmac.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/* crypto/cmac/cmac.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#ifndef HEADER_CMAC_H
-#define HEADER_CMAC_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <openssl/evp.h>
-
-/* Opaque */
-typedef struct CMAC_CTX_st CMAC_CTX;
-
-CMAC_CTX *CMAC_CTX_new(void);
-void CMAC_CTX_cleanup(CMAC_CTX *ctx);
-void CMAC_CTX_free(CMAC_CTX *ctx);
-EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
-int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
-
-int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, 
-			const EVP_CIPHER *cipher, ENGINE *impl);
-int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
-int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
-int CMAC_resume(CMAC_CTX *ctx);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h
deleted file mode 100644
index 36994fa6a2..0000000000
--- a/crypto/cms/cms.h
+++ /dev/null
@@ -1,501 +0,0 @@
-/* crypto/cms/cms.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#ifndef HEADER_CMS_H
-#define HEADER_CMS_H
-
-#include <openssl/x509.h>
-
-#ifdef OPENSSL_NO_CMS
-#error CMS is disabled.
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-typedef struct CMS_ContentInfo_st CMS_ContentInfo;
-typedef struct CMS_SignerInfo_st CMS_SignerInfo;
-typedef struct CMS_CertificateChoices CMS_CertificateChoices;
-typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
-typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
-typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
-typedef struct CMS_Receipt_st CMS_Receipt;
-
-DECLARE_STACK_OF(CMS_SignerInfo)
-DECLARE_STACK_OF(GENERAL_NAMES)
-DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
-DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
-DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
-
-#define CMS_SIGNERINFO_ISSUER_SERIAL	0
-#define CMS_SIGNERINFO_KEYIDENTIFIER	1
-
-#define CMS_RECIPINFO_TRANS		0
-#define CMS_RECIPINFO_AGREE		1
-#define CMS_RECIPINFO_KEK		2
-#define CMS_RECIPINFO_PASS		3
-#define CMS_RECIPINFO_OTHER		4
-
-/* S/MIME related flags */
-
-#define CMS_TEXT			0x1
-#define CMS_NOCERTS			0x2
-#define CMS_NO_CONTENT_VERIFY		0x4
-#define CMS_NO_ATTR_VERIFY		0x8
-#define CMS_NOSIGS			\
-			(CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
-#define CMS_NOINTERN			0x10
-#define CMS_NO_SIGNER_CERT_VERIFY	0x20
-#define CMS_NOVERIFY			0x20
-#define CMS_DETACHED			0x40
-#define CMS_BINARY			0x80
-#define CMS_NOATTR			0x100
-#define	CMS_NOSMIMECAP			0x200
-#define CMS_NOOLDMIMETYPE		0x400
-#define CMS_CRLFEOL			0x800
-#define CMS_STREAM			0x1000
-#define CMS_NOCRL			0x2000
-#define CMS_PARTIAL			0x4000
-#define CMS_REUSE_DIGEST		0x8000
-#define CMS_USE_KEYID			0x10000
-#define CMS_DEBUG_DECRYPT		0x20000
-
-const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
-
-BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
-int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
-
-ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
-int CMS_is_detached(CMS_ContentInfo *cms);
-int CMS_set_detached(CMS_ContentInfo *cms, int detached);
-
-#ifdef HEADER_PEM_H
-DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
-#endif
-
-int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
-CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
-int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
-
-BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
-int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
-int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
-CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
-int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
-
-int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
-
-CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-						BIO *data, unsigned int flags);
-
-CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
-					X509 *signcert, EVP_PKEY *pkey,
-					STACK_OF(X509) *certs,
-					unsigned int flags);
-
-int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
-CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
-
-int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags);
-CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
-							unsigned int flags);
-
-int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
-				const unsigned char *key, size_t keylen,
-				BIO *dcont, BIO *out, unsigned int flags);
-
-CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
-					const unsigned char *key, size_t keylen,
-					unsigned int flags);
-
-int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
-				const unsigned char *key, size_t keylen);
-
-int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
-		 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
-
-int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
-			STACK_OF(X509) *certs,
-			X509_STORE *store, unsigned int flags);
-
-STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
-
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
-				const EVP_CIPHER *cipher, unsigned int flags);
-
-int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
-				BIO *dcont, BIO *out,
-				unsigned int flags);
-	
-int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
-int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 
-				unsigned char *key, size_t keylen,
-				unsigned char *id, size_t idlen);
-int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 
-				unsigned char *pass, ossl_ssize_t passlen);
-
-STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
-int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
-CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
-CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
-					X509 *recip, unsigned int flags);
-int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
-int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
-int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
-					EVP_PKEY **pk, X509 **recip,
-					X509_ALGOR **palg);
-int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno);
-
-CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
-					unsigned char *key, size_t keylen,
-					unsigned char *id, size_t idlen,
-					ASN1_GENERALIZEDTIME *date,
-					ASN1_OBJECT *otherTypeId,
-					ASN1_TYPE *otherType);
-
-int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
-					X509_ALGOR **palg,
-					ASN1_OCTET_STRING **pid,
-					ASN1_GENERALIZEDTIME **pdate,
-					ASN1_OBJECT **potherid,
-					ASN1_TYPE **pothertype);
-
-int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 
-				unsigned char *key, size_t keylen);
-
-int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 
-					const unsigned char *id, size_t idlen);
-
-int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 
-					unsigned char *pass,
-					ossl_ssize_t passlen);
-
-CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
-					int iter, int wrap_nid, int pbe_nid,
-					unsigned char *pass,
-					ossl_ssize_t passlen,
-					const EVP_CIPHER *kekciph);
-
-int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
-	
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags);
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
-
-int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
-const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
-
-CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
-int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
-int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
-STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
-
-CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
-int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
-int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
-STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
-
-int CMS_SignedData_init(CMS_ContentInfo *cms);
-CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
-			X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
-			unsigned int flags);
-STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
-
-void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
-int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno);
-int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
-int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
-					unsigned int flags);
-void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
-					X509_ALGOR **pdig, X509_ALGOR **psig);
-int CMS_SignerInfo_sign(CMS_SignerInfo *si);
-int CMS_SignerInfo_verify(CMS_SignerInfo *si);
-int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
-
-int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
-int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
-				int algnid, int keysize);
-int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
-
-int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
-int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos);
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos);
-X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
-X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
-int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
-int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len);
-int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len);
-int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len);
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type);
-
-int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
-int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos);
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos);
-X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
-X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
-int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
-int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len);
-int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len);
-int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len);
-void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type);
-
-#ifdef HEADER_X509V3_H
-
-int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
-				int allorfirst,
-				STACK_OF(GENERAL_NAMES) *receiptList,
-				STACK_OF(GENERAL_NAMES) *receiptsTo);
-int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
-void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
-					ASN1_STRING **pcid,
-					int *pallorfirst,
-					STACK_OF(GENERAL_NAMES) **plist,
-					STACK_OF(GENERAL_NAMES) **prto);
-
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CMS_strings(void);
-
-/* Error codes for the CMS functions. */
-
-/* Function codes. */
-#define CMS_F_CHECK_CONTENT				 99
-#define CMS_F_CMS_ADD0_CERT				 164
-#define CMS_F_CMS_ADD0_RECIPIENT_KEY			 100
-#define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD		 165
-#define CMS_F_CMS_ADD1_RECEIPTREQUEST			 158
-#define CMS_F_CMS_ADD1_RECIPIENT_CERT			 101
-#define CMS_F_CMS_ADD1_SIGNER				 102
-#define CMS_F_CMS_ADD1_SIGNINGTIME			 103
-#define CMS_F_CMS_COMPRESS				 104
-#define CMS_F_CMS_COMPRESSEDDATA_CREATE			 105
-#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO		 106
-#define CMS_F_CMS_COPY_CONTENT				 107
-#define CMS_F_CMS_COPY_MESSAGEDIGEST			 108
-#define CMS_F_CMS_DATA					 109
-#define CMS_F_CMS_DATAFINAL				 110
-#define CMS_F_CMS_DATAINIT				 111
-#define CMS_F_CMS_DECRYPT				 112
-#define CMS_F_CMS_DECRYPT_SET1_KEY			 113
-#define CMS_F_CMS_DECRYPT_SET1_PASSWORD			 166
-#define CMS_F_CMS_DECRYPT_SET1_PKEY			 114
-#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX		 115
-#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO		 116
-#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL			 117
-#define CMS_F_CMS_DIGEST_VERIFY				 118
-#define CMS_F_CMS_ENCODE_RECEIPT			 161
-#define CMS_F_CMS_ENCRYPT				 119
-#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO		 120
-#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT			 121
-#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT			 122
-#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY		 123
-#define CMS_F_CMS_ENVELOPEDDATA_CREATE			 124
-#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO		 125
-#define CMS_F_CMS_ENVELOPED_DATA_INIT			 126
-#define CMS_F_CMS_FINAL					 127
-#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES		 128
-#define CMS_F_CMS_GET0_CONTENT				 129
-#define CMS_F_CMS_GET0_ECONTENT_TYPE			 130
-#define CMS_F_CMS_GET0_ENVELOPED			 131
-#define CMS_F_CMS_GET0_REVOCATION_CHOICES		 132
-#define CMS_F_CMS_GET0_SIGNED				 133
-#define CMS_F_CMS_MSGSIGDIGEST_ADD1			 162
-#define CMS_F_CMS_RECEIPTREQUEST_CREATE0		 159
-#define CMS_F_CMS_RECEIPT_VERIFY			 160
-#define CMS_F_CMS_RECIPIENTINFO_DECRYPT			 134
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT		 135
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT		 136
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID		 137
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP		 138
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP		 139
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT		 140
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT		 141
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS		 142
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID	 143
-#define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT		 167
-#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY		 144
-#define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD		 168
-#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY		 145
-#define CMS_F_CMS_SET1_SIGNERIDENTIFIER			 146
-#define CMS_F_CMS_SET_DETACHED				 147
-#define CMS_F_CMS_SIGN					 148
-#define CMS_F_CMS_SIGNED_DATA_INIT			 149
-#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN		 150
-#define CMS_F_CMS_SIGNERINFO_SIGN			 151
-#define CMS_F_CMS_SIGNERINFO_VERIFY			 152
-#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT		 153
-#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT		 154
-#define CMS_F_CMS_SIGN_RECEIPT				 163
-#define CMS_F_CMS_STREAM				 155
-#define CMS_F_CMS_UNCOMPRESS				 156
-#define CMS_F_CMS_VERIFY				 157
-
-/* Reason codes. */
-#define CMS_R_ADD_SIGNER_ERROR				 99
-#define CMS_R_CERTIFICATE_ALREADY_PRESENT		 175
-#define CMS_R_CERTIFICATE_HAS_NO_KEYID			 160
-#define CMS_R_CERTIFICATE_VERIFY_ERROR			 100
-#define CMS_R_CIPHER_INITIALISATION_ERROR		 101
-#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR	 102
-#define CMS_R_CMS_DATAFINAL_ERROR			 103
-#define CMS_R_CMS_LIB					 104
-#define CMS_R_CONTENTIDENTIFIER_MISMATCH		 170
-#define CMS_R_CONTENT_NOT_FOUND				 105
-#define CMS_R_CONTENT_TYPE_MISMATCH			 171
-#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA		 106
-#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA		 107
-#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA		 108
-#define CMS_R_CONTENT_VERIFY_ERROR			 109
-#define CMS_R_CTRL_ERROR				 110
-#define CMS_R_CTRL_FAILURE				 111
-#define CMS_R_DECRYPT_ERROR				 112
-#define CMS_R_DIGEST_ERROR				 161
-#define CMS_R_ERROR_GETTING_PUBLIC_KEY			 113
-#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE	 114
-#define CMS_R_ERROR_SETTING_KEY				 115
-#define CMS_R_ERROR_SETTING_RECIPIENTINFO		 116
-#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH		 117
-#define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER		 176
-#define CMS_R_INVALID_KEY_LENGTH			 118
-#define CMS_R_MD_BIO_INIT_ERROR				 119
-#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH	 120
-#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH		 121
-#define CMS_R_MSGSIGDIGEST_ERROR			 172
-#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE		 162
-#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH			 163
-#define CMS_R_NEED_ONE_SIGNER				 164
-#define CMS_R_NOT_A_SIGNED_RECEIPT			 165
-#define CMS_R_NOT_ENCRYPTED_DATA			 122
-#define CMS_R_NOT_KEK					 123
-#define CMS_R_NOT_KEY_TRANSPORT				 124
-#define CMS_R_NOT_PWRI					 177
-#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE		 125
-#define CMS_R_NO_CIPHER					 126
-#define CMS_R_NO_CONTENT				 127
-#define CMS_R_NO_CONTENT_TYPE				 173
-#define CMS_R_NO_DEFAULT_DIGEST				 128
-#define CMS_R_NO_DIGEST_SET				 129
-#define CMS_R_NO_KEY					 130
-#define CMS_R_NO_KEY_OR_CERT				 174
-#define CMS_R_NO_MATCHING_DIGEST			 131
-#define CMS_R_NO_MATCHING_RECIPIENT			 132
-#define CMS_R_NO_MATCHING_SIGNATURE			 166
-#define CMS_R_NO_MSGSIGDIGEST				 167
-#define CMS_R_NO_PASSWORD				 178
-#define CMS_R_NO_PRIVATE_KEY				 133
-#define CMS_R_NO_PUBLIC_KEY				 134
-#define CMS_R_NO_RECEIPT_REQUEST			 168
-#define CMS_R_NO_SIGNERS				 135
-#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 136
-#define CMS_R_RECEIPT_DECODE_ERROR			 169
-#define CMS_R_RECIPIENT_ERROR				 137
-#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND		 138
-#define CMS_R_SIGNFINAL_ERROR				 139
-#define CMS_R_SMIME_TEXT_ERROR				 140
-#define CMS_R_STORE_INIT_ERROR				 141
-#define CMS_R_TYPE_NOT_COMPRESSED_DATA			 142
-#define CMS_R_TYPE_NOT_DATA				 143
-#define CMS_R_TYPE_NOT_DIGESTED_DATA			 144
-#define CMS_R_TYPE_NOT_ENCRYPTED_DATA			 145
-#define CMS_R_TYPE_NOT_ENVELOPED_DATA			 146
-#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT		 147
-#define CMS_R_UNKNOWN_CIPHER				 148
-#define CMS_R_UNKNOWN_DIGEST_ALGORIHM			 149
-#define CMS_R_UNKNOWN_ID				 150
-#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 151
-#define CMS_R_UNSUPPORTED_CONTENT_TYPE			 152
-#define CMS_R_UNSUPPORTED_KEK_ALGORITHM			 153
-#define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM	 179
-#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE		 154
-#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE		 155
-#define CMS_R_UNSUPPORTED_TYPE				 156
-#define CMS_R_UNWRAP_ERROR				 157
-#define CMS_R_UNWRAP_FAILURE				 180
-#define CMS_R_VERIFICATION_FAILURE			 158
-#define CMS_R_WRAP_ERROR				 159
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
deleted file mode 100644
index cfe67fb6c1..0000000000
--- a/crypto/cms/cms_asn1.c
+++ /dev/null
@@ -1,389 +0,0 @@
-/* crypto/cms/cms_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include "cms.h"
-#include "cms_lcl.h"
-
-
-ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
-	ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
-	ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
-
-ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
-	ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
-	ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
-
-ASN1_CHOICE(CMS_CertificateChoices) = {
-	ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
-	ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
-	ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
-	ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
-	ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
-} ASN1_CHOICE_END(CMS_CertificateChoices)
-
-ASN1_CHOICE(CMS_SignerIdentifier) = {
-	ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
-	ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
-} ASN1_CHOICE_END(CMS_SignerIdentifier)
-
-ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
-	ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
-	ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
-
-/* Minor tweak to operation: free up signer key, cert */
-static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
-	{
-	if(operation == ASN1_OP_FREE_POST)
-		{
-		CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
-		if (si->pkey)
-			EVP_PKEY_free(si->pkey);
-		if (si->signer)
-			X509_free(si->signer);
-		}
-	return 1;
-	}
-
-ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
-	ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
-	ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
-	ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
-	ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
-	ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
-	ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
-} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
-
-ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
-	ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
-	ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
-
-ASN1_CHOICE(CMS_RevocationInfoChoice) = {
-	ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
-	ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
-} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
-
-ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
-	ASN1_SIMPLE(CMS_SignedData, version, LONG),
-	ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
-	ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-	ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
-	ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
-	ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
-} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
-
-ASN1_SEQUENCE(CMS_OriginatorInfo) = {
-	ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
-	ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
-} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
-
-ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
-	ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
-	ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
-	ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
-
-ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
-	ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
-	ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
-	ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
-
-ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
-	ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
-	ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
-
-ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
-	ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
-	ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
-	ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
-} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
-
-ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
-  ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
-  ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
-} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
-
-ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
-	ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
-	ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
-
-ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
-  ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
-  ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
-
-ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
-  ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
-  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
-  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
-} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
-
-ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
-	ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
-	ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
-	ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
-	ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
-	ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
-} ASN1_SEQUENCE_END(CMS_KeyAgreeRecipientInfo)
-
-ASN1_SEQUENCE(CMS_KEKIdentifier) = {
-	ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
-	ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
-	ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
-} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
-
-ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
-	ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
-	ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
-	ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
-
-ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
-	ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
-	ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
-	ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
-
-ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
-  ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
-  ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
-
-/* Free up RecipientInfo additional data */
-static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
-	{
-	if(operation == ASN1_OP_FREE_PRE)
-		{
-		CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
-		if (ri->type == CMS_RECIPINFO_TRANS)
-			{
-			CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
-			if (ktri->pkey)
-				EVP_PKEY_free(ktri->pkey);
-			if (ktri->recip)
-				X509_free(ktri->recip);
-			}
-		else if (ri->type == CMS_RECIPINFO_KEK)
-			{
-			CMS_KEKRecipientInfo *kekri = ri->d.kekri;
-			if (kekri->key)
-				{
-				OPENSSL_cleanse(kekri->key, kekri->keylen);
-				OPENSSL_free(kekri->key);
-				}
-			}
-		else if (ri->type == CMS_RECIPINFO_PASS)
-			{
-			CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
-			if (pwri->pass)
-				{
-				OPENSSL_cleanse(pwri->pass, pwri->passlen);
-				OPENSSL_free(pwri->pass);
-				}
-			}
-		}
-	return 1;
-	}
-
-ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
-	ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
-	ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
-	ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
-	ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
-	ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
-} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
-
-ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
-	ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
-	ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
-	ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
-	ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
-	ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
-} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
-
-ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
-	ASN1_SIMPLE(CMS_DigestedData, version, LONG),
-	ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-	ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
-} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
-
-ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
-	ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
-	ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
-	ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
-
-ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
-	ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
-	ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
-	ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
-	ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
-	ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
-	ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-	ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
-	ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
-	ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
-} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
-
-ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
-	ASN1_SIMPLE(CMS_CompressedData, version, LONG),
-	ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
-
-/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
-
-ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
-
-ASN1_ADB(CMS_ContentInfo) = {
-	ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
-	ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
-	ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
-	ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
-	ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
-	ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
-	ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
-} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
-
-/* CMS streaming support */
-static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
-	{
-	ASN1_STREAM_ARG *sarg = exarg;
-	CMS_ContentInfo *cms = NULL;
-	if (pval)
-		cms = (CMS_ContentInfo *)*pval;
-	else
-		return 1;
-	switch(operation)
-		{
-
-		case ASN1_OP_STREAM_PRE:
-		if (CMS_stream(&sarg->boundary, cms) <= 0)
-			return 0;
-		case ASN1_OP_DETACHED_PRE:
-		sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
-		if (!sarg->ndef_bio)
-			return 0;
-		break;
-
-		case ASN1_OP_STREAM_POST:
-		case ASN1_OP_DETACHED_POST:
-		if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
-			return 0;
-		break;
-
-		}
-	return 1;
-	}
-
-ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
-	ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(CMS_ContentInfo)
-} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
-
-/* Specials for signed attributes */
-
-/* When signing attributes we want to reorder them to match the sorted
- * encoding.
- */
-
-ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
-ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
-
-/* When verifying attributes we need to use the received order. So 
- * we use SEQUENCE OF and tag it to SET OF
- */
-
-ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
-				V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
-ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
-
-
-
-ASN1_CHOICE(CMS_ReceiptsFrom) = {
-  ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
-  ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
-} ASN1_CHOICE_END(CMS_ReceiptsFrom)
-
-ASN1_SEQUENCE(CMS_ReceiptRequest) = {
-  ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
-  ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
-  ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
-} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
-
-ASN1_SEQUENCE(CMS_Receipt) = {
-  ASN1_SIMPLE(CMS_Receipt, version, LONG),
-  ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
-  ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
-  ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_Receipt)
-
diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c
deleted file mode 100644
index 5b71722ebc..0000000000
--- a/crypto/cms/cms_att.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/* crypto/cms/cms_att.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include "cms.h"
-#include "cms_lcl.h"
-
-/* CMS SignedData Attribute utilities */
-
-int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
-{
-	return X509at_get_attr_count(si->signedAttrs);
-}
-
-int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos)
-{
-	return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
-}
-
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos)
-{
-	return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
-}
-
-X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
-{
-	return X509at_get_attr(si->signedAttrs, loc);
-}
-
-X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
-{
-	return X509at_delete_attr(si->signedAttrs, loc);
-}
-
-int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
-{
-	if(X509at_add1_attr(&si->signedAttrs, attr)) return 1;
-	return 0;
-}
-
-int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len)
-{
-	if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len)
-{
-	if(X509at_add1_attr_by_NID(&si->signedAttrs, nid,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len)
-{
-	if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type)
-{
-	return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
-}
-
-int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
-{
-	return X509at_get_attr_count(si->unsignedAttrs);
-}
-
-int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos)
-{
-	return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
-}
-
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos)
-{
-	return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
-}
-
-X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
-{
-	return X509at_get_attr(si->unsignedAttrs, loc);
-}
-
-X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
-{
-	return X509at_delete_attr(si->unsignedAttrs, loc);
-}
-
-int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
-{
-	if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1;
-	return 0;
-}
-
-int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len)
-{
-	if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len)
-{
-	if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len)
-{
-	if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type)
-{
-	return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
-}
-
-/* Specific attribute cases */
diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c
deleted file mode 100644
index 2021688101..0000000000
--- a/crypto/cms/cms_cd.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/* crypto/cms/cms_cd.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include <openssl/bio.h>
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include "cms_lcl.h"
-
-DECLARE_ASN1_ITEM(CMS_CompressedData)
-
-#ifdef ZLIB
-
-/* CMS CompressedData Utilities */
-
-CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
-	{
-	CMS_ContentInfo *cms;
-	CMS_CompressedData *cd;
-	/* Will need something cleverer if there is ever more than one
-	 * compression algorithm or parameters have some meaning...
-	 */
-	if (comp_nid != NID_zlib_compression)
-		{
-		CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
-				CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-		return NULL;
-		}
-	cms = CMS_ContentInfo_new();
-	if (!cms)
-		return NULL;
-
-	cd = M_ASN1_new_of(CMS_CompressedData);
-
-	if (!cd)
-		goto err;
-
-	cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
-	cms->d.compressedData = cd;
-
-	cd->version = 0;
-
-	X509_ALGOR_set0(cd->compressionAlgorithm,
-			OBJ_nid2obj(NID_zlib_compression),
-			V_ASN1_UNDEF, NULL);
-
-	cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
-
-	return cms;
-
-	err:
-
-	if (cms)
-		CMS_ContentInfo_free(cms);
-
-	return NULL;
-	}
-
-BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
-	{
-	CMS_CompressedData *cd;
-	ASN1_OBJECT *compoid;
-	if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData)
-		{
-		CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
-				CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
-		return NULL;
-		}
-	cd = cms->d.compressedData;
-	X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
-	if (OBJ_obj2nid(compoid) != NID_zlib_compression)
-		{
-		CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
-				CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-		return NULL;
-		}
-	return BIO_new(BIO_f_zlib());
-	}
-
-#endif
diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c
deleted file mode 100644
index 8919c15be1..0000000000
--- a/crypto/cms/cms_dd.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/* crypto/cms/cms_dd.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include "cms_lcl.h"
-
-DECLARE_ASN1_ITEM(CMS_DigestedData)
-
-/* CMS DigestedData Utilities */
-
-CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
-	{
-	CMS_ContentInfo *cms;
-	CMS_DigestedData *dd;
-	cms = CMS_ContentInfo_new();
-	if (!cms)
-		return NULL;
-
-	dd = M_ASN1_new_of(CMS_DigestedData);
-
-	if (!dd)
-		goto err;
-
-	cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
-	cms->d.digestedData = dd;
-
-	dd->version = 0;
-	dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
-
-	cms_DigestAlgorithm_set(dd->digestAlgorithm, md);
-
-	return cms;
-
-	err:
-
-	if (cms)
-		CMS_ContentInfo_free(cms);
-
-	return NULL;
-	}
-
-BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
-	{
-	CMS_DigestedData *dd;
-	dd = cms->d.digestedData;
-	return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
-	}
-
-int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
-	{
-	EVP_MD_CTX mctx;
-	unsigned char md[EVP_MAX_MD_SIZE];
-	unsigned int mdlen;
-	int r = 0;
-	CMS_DigestedData *dd;
-	EVP_MD_CTX_init(&mctx);
-
-	dd = cms->d.digestedData;
-
-	if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
-		goto err;
-
-	if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
-		goto err;
-
-	if (verify)
-		{
-		if (mdlen != (unsigned int)dd->digest->length)
-			{
-			CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
-				CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
-			goto err;
-			}
-
-		if (memcmp(md, dd->digest->data, mdlen))
-			CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
-				CMS_R_VERIFICATION_FAILURE);
-		else
-			r = 1;
-		}
-	else
-		{
-		if (!ASN1_STRING_set(dd->digest, md, mdlen))
-			goto err;
-		r = 1;
-		}
-
-	err:
-	EVP_MD_CTX_cleanup(&mctx);
-
-	return r;
-
-	}
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
deleted file mode 100644
index bebeaf29c7..0000000000
--- a/crypto/cms/cms_enc.c
+++ /dev/null
@@ -1,294 +0,0 @@
-/* crypto/cms/cms_enc.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include <openssl/rand.h>
-#include "cms_lcl.h"
-
-/* CMS EncryptedData Utilities */
-
-DECLARE_ASN1_ITEM(CMS_EncryptedData)
-
-/* Return BIO based on EncryptedContentInfo and key */
-
-BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
-	{
-	BIO *b;
-	EVP_CIPHER_CTX *ctx;
-	const EVP_CIPHER *ciph;
-	X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
-	unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
-	unsigned char *tkey = NULL;
-	size_t tkeylen = 0;
-
-	int ok = 0;
-
-	int enc, keep_key = 0;
-
-	enc = ec->cipher ? 1 : 0;
-
-	b = BIO_new(BIO_f_cipher());
-	if (!b)
-		{
-		CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-							ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	BIO_get_cipher_ctx(b, &ctx);
-
-	if (enc)
-		{
-		ciph = ec->cipher;
-		/* If not keeping key set cipher to NULL so subsequent calls
-		 * decrypt.
-		 */
-		if (ec->key)
-			ec->cipher = NULL;
-		}
-	else
-		{
-		ciph = EVP_get_cipherbyobj(calg->algorithm);
-
-		if (!ciph)
-			{
-			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-							CMS_R_UNKNOWN_CIPHER);
-			goto err;
-			}
-		}
-
-	if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0)
-		{
-		CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-				CMS_R_CIPHER_INITIALISATION_ERROR);
-		goto err;
-		}
-
-	if (enc)
-		{
-		int ivlen;
-		calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
-		/* Generate a random IV if we need one */
-		ivlen = EVP_CIPHER_CTX_iv_length(ctx);
-		if (ivlen > 0)
-			{
-			if (RAND_pseudo_bytes(iv, ivlen) <= 0)
-				goto err;
-			piv = iv;
-			}
-		}
-	else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0)
-		{
-		CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
-		goto err;
-		}
-	tkeylen = EVP_CIPHER_CTX_key_length(ctx);
-	/* Generate random session key */
-	if (!enc || !ec->key)
-		{
-		tkey = OPENSSL_malloc(tkeylen);
-		if (!tkey)
-			{
-			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-							ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
-			goto err;
-		}
-
-	if (!ec->key)
-		{
-		ec->key = tkey;
-		ec->keylen = tkeylen;
-		tkey = NULL;
-		if (enc)
-			keep_key = 1;
-		else
-			ERR_clear_error();
-		
-		}
-
-	if (ec->keylen != tkeylen)
-		{
-		/* If necessary set key length */
-		if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
-			{
-			/* Only reveal failure if debugging so we don't
-			 * leak information which may be useful in MMA.
-			 */
-			if (enc || ec->debug)
-				{
-				CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-						CMS_R_INVALID_KEY_LENGTH);
-				goto err;
-				}
-			else
-				{
-				/* Use random key */
-				OPENSSL_cleanse(ec->key, ec->keylen);
-				OPENSSL_free(ec->key);
-				ec->key = tkey;
-				ec->keylen = tkeylen;
-				tkey = NULL;
-				ERR_clear_error();
-				}
-			}
-		}
-
-	if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0)
-		{
-		CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-				CMS_R_CIPHER_INITIALISATION_ERROR);
-		goto err;
-		}
-
-	if (piv)
-		{
-		calg->parameter = ASN1_TYPE_new();
-		if (!calg->parameter)
-			{
-			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-							ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0)
-			{
-			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
-			goto err;
-			}
-		}
-	ok = 1;
-
-	err:
-	if (ec->key && !keep_key)
-		{
-		OPENSSL_cleanse(ec->key, ec->keylen);
-		OPENSSL_free(ec->key);
-		ec->key = NULL;
-		}
-	if (tkey)
-		{
-		OPENSSL_cleanse(tkey, tkeylen);
-		OPENSSL_free(tkey);
-		}
-	if (ok)
-		return b;
-	BIO_free(b);
-	return NULL;
-	}
-
-int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 
-				const EVP_CIPHER *cipher,
-				const unsigned char *key, size_t keylen)
-	{
-	ec->cipher = cipher;
-	if (key)
-		{
-		ec->key = OPENSSL_malloc(keylen);
-		if (!ec->key)
-			return 0;
-		memcpy(ec->key, key, keylen);
-		}
-	ec->keylen = keylen;
-	if (cipher)
-		ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
-	return 1;
-	}
-
-int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
-				const unsigned char *key, size_t keylen)
-	{
-	CMS_EncryptedContentInfo *ec;
-	if (!key || !keylen)
-		{
-		CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
-		return 0;
-		}
-	if (ciph)
-		{
-		cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
-		if (!cms->d.encryptedData)
-			{
-			CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
-				ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
-		cms->d.encryptedData->version = 0;
-		}
-	else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
-		{
-		CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
-						CMS_R_NOT_ENCRYPTED_DATA);
-		return 0;
-		}
-	ec = cms->d.encryptedData->encryptedContentInfo;
-	return cms_EncryptedContent_init(ec, ciph, key, keylen);
-	}
-
-BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
-	{
-	CMS_EncryptedData *enc = cms->d.encryptedData;
-	if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
-		enc->version = 2;
-	return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
-	}
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
deleted file mode 100644
index add00bf99c..0000000000
--- a/crypto/cms/cms_env.c
+++ /dev/null
@@ -1,878 +0,0 @@
-/* crypto/cms/cms_env.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include <openssl/rand.h>
-#include <openssl/aes.h>
-#include "cms_lcl.h"
-#include "asn1_locl.h"
-
-/* CMS EnvelopedData Utilities */
-
-DECLARE_ASN1_ITEM(CMS_EnvelopedData)
-DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
-DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
-DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
-
-DECLARE_STACK_OF(CMS_RecipientInfo)
-
-CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
-	{
-	if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
-		{
-		CMSerr(CMS_F_CMS_GET0_ENVELOPED,
-				CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
-		return NULL;
-		}
-	return cms->d.envelopedData;
-	}
-
-static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
-	{
-	if (cms->d.other == NULL)
-		{
-		cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
-		if (!cms->d.envelopedData)
-			{
-			CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
-							ERR_R_MALLOC_FAILURE);
-			return NULL;
-			}
-		cms->d.envelopedData->version = 0;
-		cms->d.envelopedData->encryptedContentInfo->contentType =
-						OBJ_nid2obj(NID_pkcs7_data);
-		ASN1_OBJECT_free(cms->contentType);
-		cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
-		return cms->d.envelopedData;
-		}
-	return cms_get0_enveloped(cms);
-	}
-
-STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
-	{
-	CMS_EnvelopedData *env;
-	env = cms_get0_enveloped(cms);
-	if (!env)
-		return NULL;
-	return env->recipientInfos;
-	}
-
-int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
-	{
-	return ri->type;
-	}
-
-CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
-	{
-	CMS_ContentInfo *cms;
-	CMS_EnvelopedData *env;
-	cms = CMS_ContentInfo_new();
-	if (!cms)
-		goto merr;
-	env = cms_enveloped_data_init(cms);
-	if (!env)
-		goto merr;
-	if (!cms_EncryptedContent_init(env->encryptedContentInfo,
-					cipher, NULL, 0))
-		goto merr;
-	return cms;
-	merr:
-	if (cms)
-		CMS_ContentInfo_free(cms);
-	CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
-	return NULL;
-	}
-
-/* Key Transport Recipient Info (KTRI) routines */
-
-/* Add a recipient certificate. For now only handle key transport.
- * If we ever handle key agreement will need updating.
- */
-
-CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
-					X509 *recip, unsigned int flags)
-	{
-	CMS_RecipientInfo *ri = NULL;
-	CMS_KeyTransRecipientInfo *ktri;
-	CMS_EnvelopedData *env;
-	EVP_PKEY *pk = NULL;
-	int i, type;
-	env = cms_get0_enveloped(cms);
-	if (!env)
-		goto err;
-
-	/* Initialize recipient info */
-	ri = M_ASN1_new_of(CMS_RecipientInfo);
-	if (!ri)
-		goto merr;
-
-	/* Initialize and add key transport recipient info */
-
-	ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
-	if (!ri->d.ktri)
-		goto merr;
-	ri->type = CMS_RECIPINFO_TRANS;
-
-	ktri = ri->d.ktri;
-
-	X509_check_purpose(recip, -1, -1);
-	pk = X509_get_pubkey(recip);
-	if (!pk)
-		{
-		CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
-				CMS_R_ERROR_GETTING_PUBLIC_KEY);
-		goto err;
-		}
-	CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
-	ktri->pkey = pk;
-	ktri->recip = recip;
-
-	if (flags & CMS_USE_KEYID)
-		{
-		ktri->version = 2;
-		if (env->version < 2)
-			env->version = 2;
-		type = CMS_RECIPINFO_KEYIDENTIFIER;
-		}
-	else
-		{
-		ktri->version = 0;
-		type = CMS_RECIPINFO_ISSUER_SERIAL;
-		}
-
-	/* Not a typo: RecipientIdentifier and SignerIdentifier are the
-	 * same structure.
-	 */
-
-	if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
-		goto err;
-
-	if (pk->ameth && pk->ameth->pkey_ctrl)
-		{
-		i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
-						0, ri);
-		if (i == -2)
-			{
-			CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
-				CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-			goto err;
-			}
-		if (i <= 0)
-			{
-			CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
-				CMS_R_CTRL_FAILURE);
-			goto err;
-			}
-		}
-
-	if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
-		goto merr;
-
-	return ri;
-
-	merr:
-	CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
-	err:
-	if (ri)
-		M_ASN1_free_of(ri, CMS_RecipientInfo);
-	return NULL;
-
-	}
-
-int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
-					EVP_PKEY **pk, X509 **recip,
-					X509_ALGOR **palg)
-	{
-	CMS_KeyTransRecipientInfo *ktri;
-	if (ri->type != CMS_RECIPINFO_TRANS)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
-			CMS_R_NOT_KEY_TRANSPORT);
-		return 0;
-		}
-
-	ktri = ri->d.ktri;
-
-	if (pk)
-		*pk = ktri->pkey;
-	if (recip)
-		*recip = ktri->recip;
-	if (palg)
-		*palg = ktri->keyEncryptionAlgorithm;
-	return 1;
-	}
-
-int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno)
-	{
-	CMS_KeyTransRecipientInfo *ktri;
-	if (ri->type != CMS_RECIPINFO_TRANS)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
-			CMS_R_NOT_KEY_TRANSPORT);
-		return 0;
-		}
-	ktri = ri->d.ktri;
-
-	return cms_SignerIdentifier_get0_signer_id(ktri->rid,
-							keyid, issuer, sno);
-	}
-
-int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
-	{
-	if (ri->type != CMS_RECIPINFO_TRANS)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
-			CMS_R_NOT_KEY_TRANSPORT);
-		return -2;
-		}
-	return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
-	}
-
-int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
-	{
-	if (ri->type != CMS_RECIPINFO_TRANS)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
-			CMS_R_NOT_KEY_TRANSPORT);
-		return 0;
-		}
-	ri->d.ktri->pkey = pkey;
-	return 1;
-	}
-
-/* Encrypt content key in key transport recipient info */
-
-static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
-					CMS_RecipientInfo *ri)
-	{
-	CMS_KeyTransRecipientInfo *ktri;
-	CMS_EncryptedContentInfo *ec;
-	EVP_PKEY_CTX *pctx = NULL;
-	unsigned char *ek = NULL;
-	size_t eklen;
-
-	int ret = 0;
-
-	if (ri->type != CMS_RECIPINFO_TRANS)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
-			CMS_R_NOT_KEY_TRANSPORT);
-		return 0;
-		}
-	ktri = ri->d.ktri;
-	ec = cms->d.envelopedData->encryptedContentInfo;
-
-	pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
-	if (!pctx)
-		return 0;
-
-	if (EVP_PKEY_encrypt_init(pctx) <= 0)
-		goto err;
-
-	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
-				EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
-		goto err;
-		}
-
-	if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
-		goto err;
-
-	ek = OPENSSL_malloc(eklen);
-
-	if (ek == NULL)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
-							ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
-		goto err;
-
-	ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
-	ek = NULL;
-
-	ret = 1;
-
-	err:
-	if (pctx)
-		EVP_PKEY_CTX_free(pctx);
-	if (ek)
-		OPENSSL_free(ek);
-	return ret;
-
-	}
-
-/* Decrypt content key from KTRI */
-
-static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
-							CMS_RecipientInfo *ri)
-	{
-	CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
-	EVP_PKEY_CTX *pctx = NULL;
-	unsigned char *ek = NULL;
-	size_t eklen;
-	int ret = 0;
-	CMS_EncryptedContentInfo *ec;
-	ec = cms->d.envelopedData->encryptedContentInfo;
-
-	if (ktri->pkey == NULL)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
-			CMS_R_NO_PRIVATE_KEY);
-		return 0;
-		}
-
-	pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
-	if (!pctx)
-		return 0;
-
-	if (EVP_PKEY_decrypt_init(pctx) <= 0)
-		goto err;
-
-	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
-				EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
-		goto err;
-		}
-
-	if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
-				ktri->encryptedKey->data,
-				ktri->encryptedKey->length) <= 0)
-		goto err;
-
-	ek = OPENSSL_malloc(eklen);
-
-	if (ek == NULL)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
-							ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (EVP_PKEY_decrypt(pctx, ek, &eklen,
-				ktri->encryptedKey->data,
-				ktri->encryptedKey->length) <= 0)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
-		goto err;
-		}
-
-	ret = 1;
-
-	if (ec->key)
-		{
-		OPENSSL_cleanse(ec->key, ec->keylen);
-		OPENSSL_free(ec->key);
-		}
-
-	ec->key = ek;
-	ec->keylen = eklen;
-
-	err:
-	if (pctx)
-		EVP_PKEY_CTX_free(pctx);
-	if (!ret && ek)
-		OPENSSL_free(ek);
-
-	return ret;
-	}
-
-/* Key Encrypted Key (KEK) RecipientInfo routines */
-
-int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 
-					const unsigned char *id, size_t idlen)
-	{
-	ASN1_OCTET_STRING tmp_os;
-	CMS_KEKRecipientInfo *kekri;
-	if (ri->type != CMS_RECIPINFO_KEK)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
-		return -2;
-		}
-	kekri = ri->d.kekri;
-	tmp_os.type = V_ASN1_OCTET_STRING;
-	tmp_os.flags = 0;
-	tmp_os.data = (unsigned char *)id;
-	tmp_os.length = (int)idlen;
-	return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
-	}
-
-/* For now hard code AES key wrap info */
-
-static size_t aes_wrap_keylen(int nid)
-	{
-	switch (nid)
-		{
-		case NID_id_aes128_wrap:
-		return 16;
-
-		case NID_id_aes192_wrap:
-		return  24;
-
-		case NID_id_aes256_wrap:
-		return  32;
-
-		default:
-		return 0;
-		}
-	}
-
-CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
-					unsigned char *key, size_t keylen,
-					unsigned char *id, size_t idlen,
-					ASN1_GENERALIZEDTIME *date,
-					ASN1_OBJECT *otherTypeId,
-					ASN1_TYPE *otherType)
-	{
-	CMS_RecipientInfo *ri = NULL;
-	CMS_EnvelopedData *env;
-	CMS_KEKRecipientInfo *kekri;
-	env = cms_get0_enveloped(cms);
-	if (!env)
-		goto err;
-
-	if (nid == NID_undef)
-		{
-		switch (keylen)
-			{
-			case 16:
-			nid = NID_id_aes128_wrap;
-			break;
-
-			case  24:
-			nid = NID_id_aes192_wrap;
-			break;
-
-			case  32:
-			nid = NID_id_aes256_wrap;
-			break;
-
-			default:
-			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
-						CMS_R_INVALID_KEY_LENGTH);
-			goto err;
-			}
-
-		}
-	else
-		{
-
-		size_t exp_keylen = aes_wrap_keylen(nid);
-
-		if (!exp_keylen)
-			{
-			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
-					CMS_R_UNSUPPORTED_KEK_ALGORITHM);
-			goto err;
-			}
-
-		if (keylen != exp_keylen)
-			{
-			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
-					CMS_R_INVALID_KEY_LENGTH);
-			goto err;
-			}
-
-		}
-
-	/* Initialize recipient info */
-	ri = M_ASN1_new_of(CMS_RecipientInfo);
-	if (!ri)
-		goto merr;
-
-	ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
-	if (!ri->d.kekri)
-		goto merr;
-	ri->type = CMS_RECIPINFO_KEK;
-
-	kekri = ri->d.kekri;
-
-	if (otherTypeId)
-		{
-		kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
-		if (kekri->kekid->other == NULL)
-			goto merr;
-		}
-
-	if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
-		goto merr;
-
-
-	/* After this point no calls can fail */
-
-	kekri->version = 4;
-
-	kekri->key = key;
-	kekri->keylen = keylen;
-
-	ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
-
-	kekri->kekid->date = date;
-
-	if (kekri->kekid->other)
-		{
-		kekri->kekid->other->keyAttrId = otherTypeId;
-		kekri->kekid->other->keyAttr = otherType;
-		}
-
-	X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
-				OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
-
-	return ri;
-
-	merr:
-	CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
-	err:
-	if (ri)
-		M_ASN1_free_of(ri, CMS_RecipientInfo);
-	return NULL;
-
-	}
-
-int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
-					X509_ALGOR **palg,
-					ASN1_OCTET_STRING **pid,
-					ASN1_GENERALIZEDTIME **pdate,
-					ASN1_OBJECT **potherid,
-					ASN1_TYPE **pothertype)
-	{
-	CMS_KEKIdentifier *rkid;
-	if (ri->type != CMS_RECIPINFO_KEK)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
-		return 0;
-		}
-	rkid =  ri->d.kekri->kekid;
-	if (palg)
-		*palg = ri->d.kekri->keyEncryptionAlgorithm;
-	if (pid)
-		*pid = rkid->keyIdentifier;
-	if (pdate)
-		*pdate = rkid->date;
-	if (potherid)
-		{
-		if (rkid->other)
-			*potherid = rkid->other->keyAttrId;
-		else
-			*potherid = NULL;
-		}
-	if (pothertype)
-		{
-		if (rkid->other)
-			*pothertype = rkid->other->keyAttr;
-		else
-			*pothertype = NULL;
-		}
-	return 1;
-	}
-
-int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 
-				unsigned char *key, size_t keylen)
-	{
-	CMS_KEKRecipientInfo *kekri;
-	if (ri->type != CMS_RECIPINFO_KEK)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
-		return 0;
-		}
-
-	kekri = ri->d.kekri;
-	kekri->key = key;
-	kekri->keylen = keylen;
-	return 1;
-	}
-
-
-/* Encrypt content key in KEK recipient info */
-
-static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
-					CMS_RecipientInfo *ri)
-	{
-	CMS_EncryptedContentInfo *ec;
-	CMS_KEKRecipientInfo *kekri;
-	AES_KEY actx;
-	unsigned char *wkey = NULL;
-	int wkeylen;
-	int r = 0;
-
-	ec = cms->d.envelopedData->encryptedContentInfo;
-
-	kekri = ri->d.kekri;
-
-	if (!kekri->key)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
-		return 0;
-		}
-
-	if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
-		{ 
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
-						CMS_R_ERROR_SETTING_KEY);
-		goto err;
-		}
-
-	wkey = OPENSSL_malloc(ec->keylen + 8);
-
-	if (!wkey)
-		{ 
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
-						ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
-
-	if (wkeylen <= 0)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
-		goto err;
-		}
-
-	ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
-
-	r = 1;
-
-	err:
-
-	if (!r && wkey)
-		OPENSSL_free(wkey);
-	OPENSSL_cleanse(&actx, sizeof(actx));
-
-	return r;
-
-	}
-
-/* Decrypt content key in KEK recipient info */
-
-static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
-					CMS_RecipientInfo *ri)
-	{
-	CMS_EncryptedContentInfo *ec;
-	CMS_KEKRecipientInfo *kekri;
-	AES_KEY actx;
-	unsigned char *ukey = NULL;
-	int ukeylen;
-	int r = 0, wrap_nid;
-
-	ec = cms->d.envelopedData->encryptedContentInfo;
-
-	kekri = ri->d.kekri;
-
-	if (!kekri->key)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
-		return 0;
-		}
-
-	wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
-	if (aes_wrap_keylen(wrap_nid) != kekri->keylen)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-			CMS_R_INVALID_KEY_LENGTH);
-		return 0;
-		}
-
-	/* If encrypted key length is invalid don't bother */
-
-	if (kekri->encryptedKey->length < 16)
-		{ 
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-					CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
-		goto err;
-		}
-
-	if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx))
-		{ 
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-						CMS_R_ERROR_SETTING_KEY);
-		goto err;
-		}
-
-	ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
-
-	if (!ukey)
-		{ 
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-						ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	ukeylen = AES_unwrap_key(&actx, NULL, ukey,
-					kekri->encryptedKey->data,
-					kekri->encryptedKey->length);
-
-	if (ukeylen <= 0)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-							CMS_R_UNWRAP_ERROR);
-		goto err;
-		}
-
-	ec->key = ukey;
-	ec->keylen = ukeylen;
-
-	r = 1;
-
-	err:
-
-	if (!r && ukey)
-		OPENSSL_free(ukey);
-	OPENSSL_cleanse(&actx, sizeof(actx));
-
-	return r;
-
-	}
-
-int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
-	{
-	switch(ri->type)
-		{
-		case CMS_RECIPINFO_TRANS:
-		return cms_RecipientInfo_ktri_decrypt(cms, ri);
-
-		case CMS_RECIPINFO_KEK:
-		return cms_RecipientInfo_kekri_decrypt(cms, ri);
-
-		case CMS_RECIPINFO_PASS:
-		return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
-
-		default:
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
-			CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
-		return 0;
-		}
-	}
-
-BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
-	{
-	CMS_EncryptedContentInfo *ec;
-	STACK_OF(CMS_RecipientInfo) *rinfos;
-	CMS_RecipientInfo *ri;
-	int i, r, ok = 0;
-	BIO *ret;
-
-	/* Get BIO first to set up key */
-
-	ec = cms->d.envelopedData->encryptedContentInfo;
-	ret = cms_EncryptedContent_init_bio(ec);
-
-	/* If error or no cipher end of processing */
-
-	if (!ret || !ec->cipher)
-		return ret;
-
-	/* Now encrypt content key according to each RecipientInfo type */
-
-	rinfos = cms->d.envelopedData->recipientInfos;
-
-	for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++)
-		{
-		ri = sk_CMS_RecipientInfo_value(rinfos, i);
-
-		switch (ri->type)
-			{
-			case CMS_RECIPINFO_TRANS:
-			r = cms_RecipientInfo_ktri_encrypt(cms, ri);
-			break;
-
-			case CMS_RECIPINFO_KEK:
-			r = cms_RecipientInfo_kekri_encrypt(cms, ri);
-			break;
-
-			case CMS_RECIPINFO_PASS:
-			r = cms_RecipientInfo_pwri_crypt(cms, ri, 1);
-			break;
-
-			default:
-			CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
-				CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
-			goto err;
-			}
-
-		if (r <= 0)
-			{
-			CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
-				CMS_R_ERROR_SETTING_RECIPIENTINFO);
-			goto err;
-			}
-		}
-
-	ok = 1;
-
-	err:
-	ec->cipher = NULL;
-	if (ec->key)
-		{
-		OPENSSL_cleanse(ec->key, ec->keylen);
-		OPENSSL_free(ec->key);
-		ec->key = NULL;
-		ec->keylen = 0;
-		}
-	if (ok)
-		return ret;
-	BIO_free(ret);
-	return NULL;
-
-	}
diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c
deleted file mode 100644
index 8330ead7ed..0000000000
--- a/crypto/cms/cms_err.c
+++ /dev/null
@@ -1,245 +0,0 @@
-/* crypto/cms/cms_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
-
-static ERR_STRING_DATA CMS_str_functs[]=
-	{
-{ERR_FUNC(CMS_F_CHECK_CONTENT),	"CHECK_CONTENT"},
-{ERR_FUNC(CMS_F_CMS_ADD0_CERT),	"CMS_add0_cert"},
-{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY),	"CMS_add0_recipient_key"},
-{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD),	"CMS_add0_recipient_password"},
-{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST),	"CMS_add1_ReceiptRequest"},
-{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT),	"CMS_add1_recipient_cert"},
-{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER),	"CMS_add1_signer"},
-{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME),	"CMS_ADD1_SIGNINGTIME"},
-{ERR_FUNC(CMS_F_CMS_COMPRESS),	"CMS_compress"},
-{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE),	"cms_CompressedData_create"},
-{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO),	"cms_CompressedData_init_bio"},
-{ERR_FUNC(CMS_F_CMS_COPY_CONTENT),	"CMS_COPY_CONTENT"},
-{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST),	"CMS_COPY_MESSAGEDIGEST"},
-{ERR_FUNC(CMS_F_CMS_DATA),	"CMS_data"},
-{ERR_FUNC(CMS_F_CMS_DATAFINAL),	"CMS_dataFinal"},
-{ERR_FUNC(CMS_F_CMS_DATAINIT),	"CMS_dataInit"},
-{ERR_FUNC(CMS_F_CMS_DECRYPT),	"CMS_decrypt"},
-{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY),	"CMS_decrypt_set1_key"},
-{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD),	"CMS_decrypt_set1_password"},
-{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY),	"CMS_decrypt_set1_pkey"},
-{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX),	"cms_DigestAlgorithm_find_ctx"},
-{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO),	"cms_DigestAlgorithm_init_bio"},
-{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL),	"cms_DigestedData_do_final"},
-{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY),	"CMS_digest_verify"},
-{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT),	"cms_encode_Receipt"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPT),	"CMS_encrypt"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO),	"cms_EncryptedContent_init_bio"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT),	"CMS_EncryptedData_decrypt"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT),	"CMS_EncryptedData_encrypt"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY),	"CMS_EncryptedData_set1_key"},
-{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE),	"CMS_EnvelopedData_create"},
-{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO),	"cms_EnvelopedData_init_bio"},
-{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT),	"CMS_ENVELOPED_DATA_INIT"},
-{ERR_FUNC(CMS_F_CMS_FINAL),	"CMS_final"},
-{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES),	"CMS_GET0_CERTIFICATE_CHOICES"},
-{ERR_FUNC(CMS_F_CMS_GET0_CONTENT),	"CMS_get0_content"},
-{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE),	"CMS_GET0_ECONTENT_TYPE"},
-{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED),	"cms_get0_enveloped"},
-{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),	"CMS_GET0_REVOCATION_CHOICES"},
-{ERR_FUNC(CMS_F_CMS_GET0_SIGNED),	"CMS_GET0_SIGNED"},
-{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1),	"cms_msgSigDigest_add1"},
-{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0),	"CMS_ReceiptRequest_create0"},
-{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY),	"cms_Receipt_verify"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT),	"CMS_RecipientInfo_decrypt"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT),	"CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT),	"CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID),	"CMS_RecipientInfo_kekri_get0_id"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP),	"CMS_RecipientInfo_kekri_id_cmp"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP),	"CMS_RecipientInfo_ktri_cert_cmp"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT),	"CMS_RECIPIENTINFO_KTRI_DECRYPT"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT),	"CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),	"CMS_RecipientInfo_ktri_get0_algs"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID),	"CMS_RecipientInfo_ktri_get0_signer_id"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT),	"cms_RecipientInfo_pwri_crypt"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY),	"CMS_RecipientInfo_set0_key"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD),	"CMS_RecipientInfo_set0_password"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY),	"CMS_RecipientInfo_set0_pkey"},
-{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER),	"cms_set1_SignerIdentifier"},
-{ERR_FUNC(CMS_F_CMS_SET_DETACHED),	"CMS_set_detached"},
-{ERR_FUNC(CMS_F_CMS_SIGN),	"CMS_sign"},
-{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT),	"CMS_SIGNED_DATA_INIT"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN),	"CMS_SIGNERINFO_CONTENT_SIGN"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN),	"CMS_SignerInfo_sign"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY),	"CMS_SignerInfo_verify"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),	"CMS_SIGNERINFO_VERIFY_CERT"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT),	"CMS_SignerInfo_verify_content"},
-{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT),	"CMS_sign_receipt"},
-{ERR_FUNC(CMS_F_CMS_STREAM),	"CMS_stream"},
-{ERR_FUNC(CMS_F_CMS_UNCOMPRESS),	"CMS_uncompress"},
-{ERR_FUNC(CMS_F_CMS_VERIFY),	"CMS_verify"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA CMS_str_reasons[]=
-	{
-{ERR_REASON(CMS_R_ADD_SIGNER_ERROR)      ,"add signer error"},
-{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"},
-{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"},
-{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"},
-{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"},
-{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR)   ,"cms datafinal error"},
-{ERR_REASON(CMS_R_CMS_LIB)               ,"cms lib"},
-{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"},
-{ERR_REASON(CMS_R_CONTENT_NOT_FOUND)     ,"content not found"},
-{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"},
-{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"},
-{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"},
-{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"},
-{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR)  ,"content verify error"},
-{ERR_REASON(CMS_R_CTRL_ERROR)            ,"ctrl error"},
-{ERR_REASON(CMS_R_CTRL_FAILURE)          ,"ctrl failure"},
-{ERR_REASON(CMS_R_DECRYPT_ERROR)         ,"decrypt error"},
-{ERR_REASON(CMS_R_DIGEST_ERROR)          ,"digest error"},
-{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"},
-{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"},
-{ERR_REASON(CMS_R_ERROR_SETTING_KEY)     ,"error setting key"},
-{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"},
-{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"},
-{ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),"invalid key encryption parameter"},
-{ERR_REASON(CMS_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
-{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR)     ,"md bio init error"},
-{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"},
-{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"},
-{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR)    ,"msgsigdigest error"},
-{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"},
-{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"},
-{ERR_REASON(CMS_R_NEED_ONE_SIGNER)       ,"need one signer"},
-{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT)  ,"not a signed receipt"},
-{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA)    ,"not encrypted data"},
-{ERR_REASON(CMS_R_NOT_KEK)               ,"not kek"},
-{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT)     ,"not key transport"},
-{ERR_REASON(CMS_R_NOT_PWRI)              ,"not pwri"},
-{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"},
-{ERR_REASON(CMS_R_NO_CIPHER)             ,"no cipher"},
-{ERR_REASON(CMS_R_NO_CONTENT)            ,"no content"},
-{ERR_REASON(CMS_R_NO_CONTENT_TYPE)       ,"no content type"},
-{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST)     ,"no default digest"},
-{ERR_REASON(CMS_R_NO_DIGEST_SET)         ,"no digest set"},
-{ERR_REASON(CMS_R_NO_KEY)                ,"no key"},
-{ERR_REASON(CMS_R_NO_KEY_OR_CERT)        ,"no key or cert"},
-{ERR_REASON(CMS_R_NO_MATCHING_DIGEST)    ,"no matching digest"},
-{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"},
-{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"},
-{ERR_REASON(CMS_R_NO_MSGSIGDIGEST)       ,"no msgsigdigest"},
-{ERR_REASON(CMS_R_NO_PASSWORD)           ,"no password"},
-{ERR_REASON(CMS_R_NO_PRIVATE_KEY)        ,"no private key"},
-{ERR_REASON(CMS_R_NO_PUBLIC_KEY)         ,"no public key"},
-{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST)    ,"no receipt request"},
-{ERR_REASON(CMS_R_NO_SIGNERS)            ,"no signers"},
-{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR)  ,"receipt decode error"},
-{ERR_REASON(CMS_R_RECIPIENT_ERROR)       ,"recipient error"},
-{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(CMS_R_SIGNFINAL_ERROR)       ,"signfinal error"},
-{ERR_REASON(CMS_R_SMIME_TEXT_ERROR)      ,"smime text error"},
-{ERR_REASON(CMS_R_STORE_INIT_ERROR)      ,"store init error"},
-{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"},
-{ERR_REASON(CMS_R_TYPE_NOT_DATA)         ,"type not data"},
-{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"},
-{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"},
-{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"},
-{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"},
-{ERR_REASON(CMS_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
-{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"},
-{ERR_REASON(CMS_R_UNKNOWN_ID)            ,"unknown id"},
-{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
-{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
-{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"},
-{ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),"unsupported key encryption algorithm"},
-{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"},
-{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"},
-{ERR_REASON(CMS_R_UNSUPPORTED_TYPE)      ,"unsupported type"},
-{ERR_REASON(CMS_R_UNWRAP_ERROR)          ,"unwrap error"},
-{ERR_REASON(CMS_R_UNWRAP_FAILURE)        ,"unwrap failure"},
-{ERR_REASON(CMS_R_VERIFICATION_FAILURE)  ,"verification failure"},
-{ERR_REASON(CMS_R_WRAP_ERROR)            ,"wrap error"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_CMS_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(CMS_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,CMS_str_functs);
-		ERR_load_strings(0,CMS_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
deleted file mode 100644
index 90c0b82fb5..0000000000
--- a/crypto/cms/cms_ess.c
+++ /dev/null
@@ -1,420 +0,0 @@
-/* crypto/cms/cms_ess.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include "cms_lcl.h"
-
-DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
-DECLARE_ASN1_ITEM(CMS_Receipt)
-
-IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
-
-/* ESS services: for now just Signed Receipt related */
-
-int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
-	{
-	ASN1_STRING *str;
-	CMS_ReceiptRequest *rr = NULL;
-	if (prr)
-		*prr = NULL;
-	str = CMS_signed_get0_data_by_OBJ(si,
-				OBJ_nid2obj(NID_id_smime_aa_receiptRequest),
-					-3, V_ASN1_SEQUENCE);
-	if (!str)
-		return 0;
-
-	rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
-	if (!rr)
-		return -1;
-	if (prr)
-		*prr = rr;
-	else
-		CMS_ReceiptRequest_free(rr);
-	return 1;
-	}
-
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
-				int allorfirst,
-				STACK_OF(GENERAL_NAMES) *receiptList,
-				STACK_OF(GENERAL_NAMES) *receiptsTo)
-	{
-	CMS_ReceiptRequest *rr = NULL;
-
-	rr = CMS_ReceiptRequest_new();
-	if (!rr)
-		goto merr;
-	if (id)
-		ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
-	else
-		{
-		if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
-			goto merr;
-		if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32) 
-					<= 0)
-			goto err;
-		}
-
-	sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
-	rr->receiptsTo = receiptsTo;
-
-	if (receiptList)
-		{
-		rr->receiptsFrom->type = 1;
-		rr->receiptsFrom->d.receiptList = receiptList;
-		}
-	else
-		{
-		rr->receiptsFrom->type = 0;
-		rr->receiptsFrom->d.allOrFirstTier = allorfirst;
-		}
-
-	return rr;
-
-	merr:
-	CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
-
-	err:
-	if (rr)
-		CMS_ReceiptRequest_free(rr);
-
-	return NULL;
-	
-	}
-
-int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
-	{
-	unsigned char *rrder = NULL;
-	int rrderlen, r = 0;
-
-	rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
-	if (rrderlen < 0)
-		goto merr;
-
-	if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
-					V_ASN1_SEQUENCE, rrder, rrderlen))
-		goto merr;
-
-	r = 1;
-
-	merr:
-	if (!r)
-		CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
-
-	if (rrder)
-		OPENSSL_free(rrder);
-
-	return r;
-	
-	}
-
-void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
-					ASN1_STRING **pcid,
-					int *pallorfirst,
-					STACK_OF(GENERAL_NAMES) **plist,
-					STACK_OF(GENERAL_NAMES) **prto)
-	{
-	if (pcid)
-		*pcid = rr->signedContentIdentifier;
-	if (rr->receiptsFrom->type == 0)
-		{
-		if (pallorfirst)
-			*pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
-		if (plist)
-			*plist = NULL;
-		}
-	else
-		{
-		if (pallorfirst)
-			*pallorfirst = -1;
-		if (plist)
-			*plist = rr->receiptsFrom->d.receiptList;
-		}
-	if (prto)
-		*prto = rr->receiptsTo;
-	}
-
-/* Digest a SignerInfo structure for msgSigDigest attribute processing */
-
-static int cms_msgSigDigest(CMS_SignerInfo *si,
-				unsigned char *dig, unsigned int *diglen)
-	{
-	const EVP_MD *md;
-	md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
-	if (md == NULL)
-		return 0;
-	if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
-						si->signedAttrs, dig, diglen))
-		return 0;
-	return 1;
-	}
-
-/* Add a msgSigDigest attribute to a SignerInfo */
-
-int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
-	{
-	unsigned char dig[EVP_MAX_MD_SIZE];
-	unsigned int diglen;
-	if (!cms_msgSigDigest(src, dig, &diglen))
-		{
-		CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
-		return 0;
-		}
-	if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
-					V_ASN1_OCTET_STRING, dig, diglen))
-		{
-		CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	return 1;
-	}
-
-/* Verify signed receipt after it has already passed normal CMS verify */
-
-int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
-	{
-	int r = 0, i;
-	CMS_ReceiptRequest *rr = NULL;
-	CMS_Receipt *rct = NULL;
-	STACK_OF(CMS_SignerInfo) *sis, *osis;
-	CMS_SignerInfo *si, *osi = NULL;
-	ASN1_OCTET_STRING *msig, **pcont;
-	ASN1_OBJECT *octype;
-	unsigned char dig[EVP_MAX_MD_SIZE];
-	unsigned int diglen;
-
-	/* Get SignerInfos, also checks SignedData content type */
-	osis = CMS_get0_SignerInfos(req_cms);
-	sis = CMS_get0_SignerInfos(cms);
-	if (!osis || !sis)
-		goto err;
-
-	if (sk_CMS_SignerInfo_num(sis) != 1)
-		{
-		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
-		goto err;
-		}
-
-	/* Check receipt content type */
-	if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt)
-		{
-		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
-		goto err;
-		}
-
-	/* Extract and decode receipt content */
-	pcont = CMS_get0_content(cms);
-	if (!pcont || !*pcont)
-		{
-		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
-		goto err;
-		}
-
-	rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
-
-	if (!rct)	
-		{
-		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
-		goto err;
-		}
-
-	/* Locate original request */
-
-	for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++)
-		{
-		osi = sk_CMS_SignerInfo_value(osis, i);
-		if (!ASN1_STRING_cmp(osi->signature,
-					rct->originatorSignatureValue))
-			break;
-		}
-
-	if (i == sk_CMS_SignerInfo_num(osis))
-		{
-		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
-		goto err;
-		}
-
-	si = sk_CMS_SignerInfo_value(sis, 0);
-
-	/* Get msgSigDigest value and compare */
-
-	msig = CMS_signed_get0_data_by_OBJ(si,
-				OBJ_nid2obj(NID_id_smime_aa_msgSigDigest),
-					-3, V_ASN1_OCTET_STRING);
-
-	if (!msig)
-		{
-		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
-		goto err;
-		}
-
-	if (!cms_msgSigDigest(osi, dig, &diglen))
-		{
-		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
-		goto err;
-		}
-
-	if (diglen != (unsigned int)msig->length)
-			{
-			CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
-				CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
-			goto err;
-			}
-
-	if (memcmp(dig, msig->data, diglen))
-			{
-			CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
-				CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
-			goto err;
-			}
-
-	/* Compare content types */
-
-	octype = CMS_signed_get0_data_by_OBJ(osi,
-				OBJ_nid2obj(NID_pkcs9_contentType),
-					-3, V_ASN1_OBJECT);
-	if (!octype)
-		{
-		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
-		goto err;
-		}
-
-	/* Compare details in receipt request */
-
-	if (OBJ_cmp(octype, rct->contentType))
-		{
-		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
-		goto err;
-		}
-
-	/* Get original receipt request details */
-
-	if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
-		{
-		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
-		goto err;
-		}
-
-	if (ASN1_STRING_cmp(rr->signedContentIdentifier,
-					rct->signedContentIdentifier))
-		{
-		CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
-					CMS_R_CONTENTIDENTIFIER_MISMATCH);
-		goto err;
-		}
-
-	r = 1;
-
-	err:
-	if (rr)
-		CMS_ReceiptRequest_free(rr);
-	if (rct)
-		M_ASN1_free_of(rct, CMS_Receipt);
-
-	return r;
-
-	}
-
-/* Encode a Receipt into an OCTET STRING read for including into content of
- * a SignedData ContentInfo.
- */
-
-ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
-	{
-	CMS_Receipt rct;
-	CMS_ReceiptRequest *rr = NULL;
-	ASN1_OBJECT *ctype;
-	ASN1_OCTET_STRING *os = NULL;
-
-	/* Get original receipt request */
-
-	/* Get original receipt request details */
-
-	if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
-		{
-		CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
-		goto err;
-		}
-
-	/* Get original content type */
-
-	ctype = CMS_signed_get0_data_by_OBJ(si,
-				OBJ_nid2obj(NID_pkcs9_contentType),
-					-3, V_ASN1_OBJECT);
-	if (!ctype)
-		{
-		CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
-		goto err;
-		}
-
-	rct.version = 1;
-	rct.contentType = ctype;
-	rct.signedContentIdentifier = rr->signedContentIdentifier;
-	rct.originatorSignatureValue = si->signature;
-
-	os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
-
-	err:
-	if (rr)
-		CMS_ReceiptRequest_free(rr);
-
-	return os;
-
-	}
-
-
diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c
deleted file mode 100644
index 1cb0264cc5..0000000000
--- a/crypto/cms/cms_io.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/* crypto/cms/cms_io.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include "cms.h"
-#include "cms_lcl.h"
-
-int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
-	{
-	ASN1_OCTET_STRING **pos;
-	pos = CMS_get0_content(cms);
-	if (!pos)
-		return 0;
-	if (!*pos)
-		*pos = ASN1_OCTET_STRING_new();
-	if (*pos)
-		{
-		(*pos)->flags |= ASN1_STRING_FLAG_NDEF;
-		(*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
-		*boundary = &(*pos)->data;
-		return 1;
-		}
-	CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
-	return 0;
-	}
-
-CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
-	}
-
-int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
-	}
-
-IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
-
-BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms) 
-	{
-	return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
-				ASN1_ITEM_rptr(CMS_ContentInfo));
-	}
-
-/* CMS wrappers round generalised stream and MIME routines */
-
-int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
-	{
-	return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
-					ASN1_ITEM_rptr(CMS_ContentInfo));
-	}
-
-int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
-	{
-	return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags,
-					"CMS",
-					ASN1_ITEM_rptr(CMS_ContentInfo));
-	}
-
-int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
-	{
-	STACK_OF(X509_ALGOR) *mdalgs;
-	int ctype_nid = OBJ_obj2nid(cms->contentType);
-	int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
-	if (ctype_nid == NID_pkcs7_signed)
-		mdalgs = cms->d.signedData->digestAlgorithms;
-	else
-		mdalgs = NULL;
-
-	return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
-					ctype_nid, econt_nid, mdalgs,
-					ASN1_ITEM_rptr(CMS_ContentInfo));	
-	}
-
-CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
-	{
-	return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
-					ASN1_ITEM_rptr(CMS_ContentInfo));
-	}
-
diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
deleted file mode 100644
index a9f9730157..0000000000
--- a/crypto/cms/cms_lcl.h
+++ /dev/null
@@ -1,473 +0,0 @@
-/* crypto/cms/cms_lcl.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#ifndef HEADER_CMS_LCL_H
-#define HEADER_CMS_LCL_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <openssl/x509.h>
-
-/* Cryptographic message syntax (CMS) structures: taken
- * from RFC3852
- */
-
-/* Forward references */
-
-typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
-typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
-typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
-typedef struct CMS_SignedData_st CMS_SignedData;
-typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
-typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
-typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
-typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
-typedef struct CMS_DigestedData_st CMS_DigestedData;
-typedef struct CMS_EncryptedData_st CMS_EncryptedData;
-typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
-typedef struct CMS_CompressedData_st CMS_CompressedData;
-typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
-typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
-typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
-typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
-typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
-typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
-typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
-typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
-typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
-typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
-typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
-typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
-typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
-typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
-
-struct CMS_ContentInfo_st
-	{
-	ASN1_OBJECT *contentType;
-	union	{
-		ASN1_OCTET_STRING *data;
-		CMS_SignedData *signedData;
-		CMS_EnvelopedData *envelopedData;
-		CMS_DigestedData *digestedData;
-		CMS_EncryptedData *encryptedData;
-		CMS_AuthenticatedData *authenticatedData;
-		CMS_CompressedData *compressedData;
-		ASN1_TYPE *other;
-		/* Other types ... */
-		void *otherData;
-		} d;
-	};
-
-struct CMS_SignedData_st
-	{
-	long version;
-	STACK_OF(X509_ALGOR) *digestAlgorithms;
-	CMS_EncapsulatedContentInfo *encapContentInfo;
-	STACK_OF(CMS_CertificateChoices) *certificates;
-	STACK_OF(CMS_RevocationInfoChoice) *crls;
-	STACK_OF(CMS_SignerInfo) *signerInfos;
-	};
- 
-struct CMS_EncapsulatedContentInfo_st
-	{
-	ASN1_OBJECT *eContentType;
-	ASN1_OCTET_STRING *eContent;
-	/* Set to 1 if incomplete structure only part set up */
-	int partial;
-	};
-
-struct CMS_SignerInfo_st
-	{
-	long version;
-	CMS_SignerIdentifier *sid;
-	X509_ALGOR *digestAlgorithm;
-	STACK_OF(X509_ATTRIBUTE) *signedAttrs;
-	X509_ALGOR *signatureAlgorithm;
-	ASN1_OCTET_STRING *signature;
-	STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
-	/* Signing certificate and key */
-	X509 *signer;
-	EVP_PKEY *pkey;
-	};
-
-struct CMS_SignerIdentifier_st
-	{
-	int type;
-	union	{
-		CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
-		ASN1_OCTET_STRING *subjectKeyIdentifier;
-		} d;
-	};
-
-struct CMS_EnvelopedData_st
-	{
-	long version;
-	CMS_OriginatorInfo *originatorInfo;
-	STACK_OF(CMS_RecipientInfo) *recipientInfos;
-	CMS_EncryptedContentInfo *encryptedContentInfo;
-	STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
-	};
-
-struct CMS_OriginatorInfo_st
-	{
-	STACK_OF(CMS_CertificateChoices) *certificates;
-	STACK_OF(CMS_RevocationInfoChoice) *crls;
-	};
-
-struct CMS_EncryptedContentInfo_st
-	{
-	ASN1_OBJECT *contentType;
-	X509_ALGOR *contentEncryptionAlgorithm;
-	ASN1_OCTET_STRING *encryptedContent;
-	/* Content encryption algorithm and key */
-	const EVP_CIPHER *cipher;
-	unsigned char *key;
-	size_t keylen;
-	/* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
-	int debug;
-	};
-
-struct CMS_RecipientInfo_st
-	{
- 	int type;
- 	union	{
-  	 	CMS_KeyTransRecipientInfo *ktri;
-   		CMS_KeyAgreeRecipientInfo *kari;
-   		CMS_KEKRecipientInfo *kekri;
-		CMS_PasswordRecipientInfo *pwri;
-		CMS_OtherRecipientInfo *ori;
-		} d;
-	};
-
-typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
-
-struct CMS_KeyTransRecipientInfo_st
-	{
-	long version;
-	CMS_RecipientIdentifier *rid;
-	X509_ALGOR *keyEncryptionAlgorithm;
-	ASN1_OCTET_STRING *encryptedKey;
-	/* Recipient Key and cert */
-	X509 *recip;
-	EVP_PKEY *pkey;
-	};
-
-struct CMS_KeyAgreeRecipientInfo_st
-	{
-	long version;
-	CMS_OriginatorIdentifierOrKey *originator;
-	ASN1_OCTET_STRING *ukm;
- 	X509_ALGOR *keyEncryptionAlgorithm;
-	STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
-	};
-
-struct CMS_OriginatorIdentifierOrKey_st
-	{
-	int type;
-	union	{
-		CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
-		ASN1_OCTET_STRING *subjectKeyIdentifier;
-		CMS_OriginatorPublicKey *originatorKey;
-		} d;
-	};
-
-struct CMS_OriginatorPublicKey_st
-	{
-	X509_ALGOR *algorithm;
-	ASN1_BIT_STRING *publicKey;
-	};
-
-struct CMS_RecipientEncryptedKey_st
-	{
- 	CMS_KeyAgreeRecipientIdentifier *rid;
- 	ASN1_OCTET_STRING *encryptedKey;
-	};
-
-struct CMS_KeyAgreeRecipientIdentifier_st
-	{
-	int type;
-	union	{
-		CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
-		CMS_RecipientKeyIdentifier *rKeyId;
-		} d;
-	};
-
-struct CMS_RecipientKeyIdentifier_st
-	{
- 	ASN1_OCTET_STRING *subjectKeyIdentifier;
- 	ASN1_GENERALIZEDTIME *date;
- 	CMS_OtherKeyAttribute *other;
-	};
-
-struct CMS_KEKRecipientInfo_st
-	{
- 	long version;
- 	CMS_KEKIdentifier *kekid;
- 	X509_ALGOR *keyEncryptionAlgorithm;
- 	ASN1_OCTET_STRING *encryptedKey;
-	/* Extra info: symmetric key to use */
-	unsigned char *key;
-	size_t keylen;
-	};
-
-struct CMS_KEKIdentifier_st
-	{
- 	ASN1_OCTET_STRING *keyIdentifier;
- 	ASN1_GENERALIZEDTIME *date;
- 	CMS_OtherKeyAttribute *other;
-	};
-
-struct CMS_PasswordRecipientInfo_st
-	{
- 	long version;
- 	X509_ALGOR *keyDerivationAlgorithm;
- 	X509_ALGOR *keyEncryptionAlgorithm;
- 	ASN1_OCTET_STRING *encryptedKey;
-	/* Extra info: password to use */
-	unsigned char *pass;
-	size_t passlen;
-	};
-
-struct CMS_OtherRecipientInfo_st
-	{
- 	ASN1_OBJECT *oriType;
- 	ASN1_TYPE *oriValue;
-	};
-
-struct CMS_DigestedData_st
-	{
-	long version;
-	X509_ALGOR *digestAlgorithm;
-	CMS_EncapsulatedContentInfo *encapContentInfo;
-	ASN1_OCTET_STRING *digest;
-	};
-
-struct CMS_EncryptedData_st
-	{
-	long version;
-	CMS_EncryptedContentInfo *encryptedContentInfo;
-	STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
-	};
-
-struct CMS_AuthenticatedData_st
-	{
-	long version;
-	CMS_OriginatorInfo *originatorInfo;
-	STACK_OF(CMS_RecipientInfo) *recipientInfos;
-	X509_ALGOR *macAlgorithm;
-	X509_ALGOR *digestAlgorithm;
-	CMS_EncapsulatedContentInfo *encapContentInfo;
-	STACK_OF(X509_ATTRIBUTE) *authAttrs;
-	ASN1_OCTET_STRING *mac;
-	STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
-	};
-
-struct CMS_CompressedData_st
-	{
-	long version;
-	X509_ALGOR *compressionAlgorithm;
-	STACK_OF(CMS_RecipientInfo) *recipientInfos;
-	CMS_EncapsulatedContentInfo *encapContentInfo;
-	};
-
-struct CMS_RevocationInfoChoice_st
-	{
-	int type;
-	union	{
-		X509_CRL *crl;
-		CMS_OtherRevocationInfoFormat *other;
-		} d;
-	};
-
-#define CMS_REVCHOICE_CRL		0
-#define CMS_REVCHOICE_OTHER		1
-
-struct CMS_OtherRevocationInfoFormat_st
-	{
-	ASN1_OBJECT *otherRevInfoFormat;
- 	ASN1_TYPE *otherRevInfo;
-	};
-
-struct CMS_CertificateChoices
-	{
-	int type;
-		union {
-		X509 *certificate;
-		ASN1_STRING *extendedCertificate;	/* Obsolete */
-		ASN1_STRING *v1AttrCert;	/* Left encoded for now */
-		ASN1_STRING *v2AttrCert;	/* Left encoded for now */
-		CMS_OtherCertificateFormat *other;
-		} d;
-	};
-
-#define CMS_CERTCHOICE_CERT		0
-#define CMS_CERTCHOICE_EXCERT		1
-#define CMS_CERTCHOICE_V1ACERT		2
-#define CMS_CERTCHOICE_V2ACERT		3
-#define CMS_CERTCHOICE_OTHER		4
-
-struct CMS_OtherCertificateFormat_st
-	{
-	ASN1_OBJECT *otherCertFormat;
- 	ASN1_TYPE *otherCert;
-	};
-
-/* This is also defined in pkcs7.h but we duplicate it
- * to allow the CMS code to be independent of PKCS#7
- */
-
-struct CMS_IssuerAndSerialNumber_st
-	{
-	X509_NAME *issuer;
-	ASN1_INTEGER *serialNumber;
-	};
-
-struct CMS_OtherKeyAttribute_st
-	{
-	ASN1_OBJECT *keyAttrId;
- 	ASN1_TYPE *keyAttr;
-	};
-
-/* ESS structures */
-
-#ifdef HEADER_X509V3_H
-
-struct CMS_ReceiptRequest_st
-	{
-	ASN1_OCTET_STRING *signedContentIdentifier;
-	CMS_ReceiptsFrom *receiptsFrom;
-	STACK_OF(GENERAL_NAMES) *receiptsTo;
-	};
-
-
-struct CMS_ReceiptsFrom_st
-	{
-	int type;
-	union
-		{
-		long allOrFirstTier;
-		STACK_OF(GENERAL_NAMES) *receiptList;
-		} d;
-	};
-#endif
-
-struct CMS_Receipt_st
-	{
-	long version;
-	ASN1_OBJECT *contentType;
-	ASN1_OCTET_STRING *signedContentIdentifier;
-	ASN1_OCTET_STRING *originatorSignatureValue;
-	};
-
-DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
-DECLARE_ASN1_ITEM(CMS_SignerInfo)
-DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
-DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
-DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
-DECLARE_ASN1_ITEM(CMS_RecipientInfo)
-DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
-DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
-
-#define CMS_SIGNERINFO_ISSUER_SERIAL	0
-#define CMS_SIGNERINFO_KEYIDENTIFIER	1
-
-#define CMS_RECIPINFO_ISSUER_SERIAL	0
-#define CMS_RECIPINFO_KEYIDENTIFIER	1
-
-BIO *cms_content_bio(CMS_ContentInfo *cms);
-
-CMS_ContentInfo *cms_Data_create(void);
-
-CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
-BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
-int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
-
-BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
-int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
-int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
-int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno);
-int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
-
-CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
-BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
-
-void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
-BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
-int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
-					X509_ALGOR *mdalg);
-
-BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
-BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
-int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 
-				const EVP_CIPHER *cipher,
-				const unsigned char *key, size_t keylen);
-
-int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
-int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
-ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
-
-BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
-CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
-
-/* PWRI routines */
-int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
-							int en_de);
-	
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
deleted file mode 100644
index ba08279a04..0000000000
--- a/crypto/cms/cms_lib.c
+++ /dev/null
@@ -1,622 +0,0 @@
-/* crypto/cms/cms_lib.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-#include "cms.h"
-#include "cms_lcl.h"
-
-IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
-IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
-
-DECLARE_ASN1_ITEM(CMS_CertificateChoices)
-DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
-DECLARE_STACK_OF(CMS_CertificateChoices)
-DECLARE_STACK_OF(CMS_RevocationInfoChoice)
-
-const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
-	{
-	return cms->contentType;
-	}
-
-CMS_ContentInfo *cms_Data_create(void)
-	{
-	CMS_ContentInfo *cms;
-	cms = CMS_ContentInfo_new();
-	if (cms)
-		{
-		cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
-		/* Never detached */
-		CMS_set_detached(cms, 0);
-		}
-	return cms;
-	}
-
-BIO *cms_content_bio(CMS_ContentInfo *cms)
-	{
-	ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
-	if (!pos)
-		return NULL;
-	/* If content detached data goes nowhere: create NULL BIO */
-	if (!*pos)
-		return BIO_new(BIO_s_null());
-	/* If content not detached and created return memory BIO
-	 */
-	if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
-		return BIO_new(BIO_s_mem());
-	/* Else content was read in: return read only BIO for it */
-	return BIO_new_mem_buf((*pos)->data, (*pos)->length);
-	}
-
-BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
-	{
-	BIO *cmsbio, *cont;
-	if (icont)
-		cont = icont;
-	else
-		cont = cms_content_bio(cms);
-	if (!cont)
-		{
-		CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
-		return NULL;
-		}
-	switch (OBJ_obj2nid(cms->contentType))
-		{
-
-		case NID_pkcs7_data:
-		return cont;
-
-		case NID_pkcs7_signed:
-		cmsbio = cms_SignedData_init_bio(cms);
-		break;
-
-		case NID_pkcs7_digest:
-		cmsbio = cms_DigestedData_init_bio(cms);
-		break;
-#ifdef ZLIB
-		case NID_id_smime_ct_compressedData:
-		cmsbio = cms_CompressedData_init_bio(cms);
-		break;
-#endif
-
-		case NID_pkcs7_encrypted:
-		cmsbio = cms_EncryptedData_init_bio(cms);
-		break;
-
-		case NID_pkcs7_enveloped:
-		cmsbio = cms_EnvelopedData_init_bio(cms);
-		break;
-
-		default:
-		CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
-		return NULL;
-		}
-
-	if (cmsbio)
-		return BIO_push(cmsbio, cont);
-
-	if (!icont)
-		BIO_free(cont);
-	return NULL;
-
-	}
-
-int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
-	{
-	ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
-	if (!pos)
-		return 0;
-	/* If ebmedded content find memory BIO and set content */
-	if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT))
-		{
-		BIO *mbio;
-		unsigned char *cont;
-		long contlen;
-		mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
-		if (!mbio)
-			{
-			CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
-			return 0;
-			}
-		contlen = BIO_get_mem_data(mbio, &cont);
-		/* Set bio as read only so its content can't be clobbered */
-		BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
-		BIO_set_mem_eof_return(mbio, 0);
-		ASN1_STRING_set0(*pos, cont, contlen);
-		(*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
-		}
-
-	switch (OBJ_obj2nid(cms->contentType))
-		{
-
-		case NID_pkcs7_data:
-		case NID_pkcs7_enveloped:
-		case NID_pkcs7_encrypted:
-		case NID_id_smime_ct_compressedData:
-		/* Nothing to do */
-		return 1;
-
-		case NID_pkcs7_signed:
-		return cms_SignedData_final(cms, cmsbio);
-
-		case NID_pkcs7_digest:
-		return cms_DigestedData_do_final(cms, cmsbio, 0);
-
-		default:
-		CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
-		return 0;
-		}
-	}
-
-/* Return an OCTET STRING pointer to content. This allows it to
- * be accessed or set later.
- */
-
-ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
-	{
-	switch (OBJ_obj2nid(cms->contentType))
-		{
-
-		case NID_pkcs7_data:
-		return &cms->d.data;
-
-		case NID_pkcs7_signed:
-		return &cms->d.signedData->encapContentInfo->eContent;
-
-		case NID_pkcs7_enveloped:
-		return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
-
-		case NID_pkcs7_digest:
-		return &cms->d.digestedData->encapContentInfo->eContent;
-
-		case NID_pkcs7_encrypted:
-		return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
-
-		case NID_id_smime_ct_authData:
-		return &cms->d.authenticatedData->encapContentInfo->eContent;
-
-		case NID_id_smime_ct_compressedData:
-		return &cms->d.compressedData->encapContentInfo->eContent;
-
-		default:
-		if (cms->d.other->type == V_ASN1_OCTET_STRING)
-			return &cms->d.other->value.octet_string;
-		CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
-		return NULL;
-
-		}
-	}
-
-/* Return an ASN1_OBJECT pointer to content type. This allows it to
- * be accessed or set later.
- */
-
-static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
-	{
-	switch (OBJ_obj2nid(cms->contentType))
-		{
-
-		case NID_pkcs7_signed:
-		return &cms->d.signedData->encapContentInfo->eContentType;
-
-		case NID_pkcs7_enveloped:
-		return &cms->d.envelopedData->encryptedContentInfo->contentType;
-
-		case NID_pkcs7_digest:
-		return &cms->d.digestedData->encapContentInfo->eContentType;
-
-		case NID_pkcs7_encrypted:
-		return &cms->d.encryptedData->encryptedContentInfo->contentType;
-
-		case NID_id_smime_ct_authData:
-		return &cms->d.authenticatedData->encapContentInfo->eContentType;
-
-		case NID_id_smime_ct_compressedData:
-		return &cms->d.compressedData->encapContentInfo->eContentType;
-
-		default:
-		CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE,
-					CMS_R_UNSUPPORTED_CONTENT_TYPE);
-		return NULL;
-
-		}
-	}
-
-const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
-	{
-	ASN1_OBJECT **petype;
-	petype = cms_get0_econtent_type(cms);
-	if (petype)
-		return *petype;
-	return NULL;
-	}
-
-int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
-	{
-	ASN1_OBJECT **petype, *etype;
-	petype = cms_get0_econtent_type(cms);
-	if (!petype)
-		return 0;
-	if (!oid)
-		return 1;
-	etype = OBJ_dup(oid);
-	if (!etype)
-		return 0;
-	ASN1_OBJECT_free(*petype);
-	*petype = etype;
-	return 1;
-	}
-
-int CMS_is_detached(CMS_ContentInfo *cms)
-	{
-	ASN1_OCTET_STRING **pos;
-	pos = CMS_get0_content(cms);
-	if (!pos)
-		return -1;
-	if (*pos)
-		return 0;
-	return 1;
-	}
-
-int CMS_set_detached(CMS_ContentInfo *cms, int detached)
-	{
-	ASN1_OCTET_STRING **pos;
-	pos = CMS_get0_content(cms);
-	if (!pos)
-		return 0;
-	if (detached)
-		{
-		if (*pos)
-			{
-			ASN1_OCTET_STRING_free(*pos);
-			*pos = NULL;
-			}
-		return 1;
-		}
-	if (!*pos)
-		*pos = ASN1_OCTET_STRING_new();
-	if (*pos)
-		{
-		/* NB: special flag to show content is created and not
-		 * read in.
-		 */
-		(*pos)->flags |= ASN1_STRING_FLAG_CONT;
-		return 1;
-		}
-	CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
-	return 0;
-	}
-
-/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
-
-void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
-	{
-	int param_type;
-
-	if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
-		param_type = V_ASN1_UNDEF;
-	else
-		param_type = V_ASN1_NULL;
-
-	X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
-
-	}
-
-/* Create a digest BIO from an X509_ALGOR structure */
-
-BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
-	{
-	BIO *mdbio = NULL;
-	ASN1_OBJECT *digestoid;
-	const EVP_MD *digest;
-	X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
-	digest = EVP_get_digestbyobj(digestoid);
-	if (!digest)
-		{
-		CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
-				CMS_R_UNKNOWN_DIGEST_ALGORIHM);
-		goto err;	
-		}
-	mdbio = BIO_new(BIO_f_md());
-	if (!mdbio || !BIO_set_md(mdbio, digest))
-		{
-		CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
-				CMS_R_MD_BIO_INIT_ERROR);
-		goto err;	
-		}
-	return mdbio;
-	err:
-	if (mdbio)
-		BIO_free(mdbio);
-	return NULL;
-	}
-
-/* Locate a message digest content from a BIO chain based on SignerInfo */
-
-int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
-					X509_ALGOR *mdalg)
-	{
-	int nid;
-	ASN1_OBJECT *mdoid;
-	X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
-	nid = OBJ_obj2nid(mdoid);
-	/* Look for digest type to match signature */
-	for (;;)
-		{
-		EVP_MD_CTX *mtmp;
-		chain = BIO_find_type(chain, BIO_TYPE_MD);
-		if (chain == NULL)
-			{
-			CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
-						CMS_R_NO_MATCHING_DIGEST);
-			return 0;
-			}
-		BIO_get_md_ctx(chain, &mtmp);
-		if (EVP_MD_CTX_type(mtmp) == nid
-		/* Workaround for broken implementations that use signature
-		 * algorithm  OID instead of digest.
-		 */
-			|| EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
-			return EVP_MD_CTX_copy_ex(mctx, mtmp);
-		chain = BIO_next(chain);
-		}
-	}
-
-static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
-	{
-	switch (OBJ_obj2nid(cms->contentType))
-		{
-
-		case NID_pkcs7_signed:
-		return &cms->d.signedData->certificates;
-
-		case NID_pkcs7_enveloped:
-		return &cms->d.envelopedData->originatorInfo->certificates;
-
-		default:
-		CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
-					CMS_R_UNSUPPORTED_CONTENT_TYPE);
-		return NULL;
-
-		}
-	}
-
-CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
-	{
-	STACK_OF(CMS_CertificateChoices) **pcerts;
-	CMS_CertificateChoices *cch;
-	pcerts = cms_get0_certificate_choices(cms);
-	if (!pcerts)
-		return NULL;
-	if (!*pcerts)
-		*pcerts = sk_CMS_CertificateChoices_new_null();
-	if (!*pcerts)
-		return NULL;
-	cch = M_ASN1_new_of(CMS_CertificateChoices);
-	if (!cch)
-		return NULL;
-	if (!sk_CMS_CertificateChoices_push(*pcerts, cch))
-		{
-		M_ASN1_free_of(cch, CMS_CertificateChoices);
-		return NULL;
-		}
-	return cch;
-	}
-
-int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
-	{
-	CMS_CertificateChoices *cch;
-	STACK_OF(CMS_CertificateChoices) **pcerts;
-	int i;
-	pcerts = cms_get0_certificate_choices(cms);
-	if (!pcerts)
-		return 0;
-	for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
-		{
-		cch = sk_CMS_CertificateChoices_value(*pcerts, i);
-		if (cch->type == CMS_CERTCHOICE_CERT)
-			{
-			if (!X509_cmp(cch->d.certificate, cert))
-				{
-				CMSerr(CMS_F_CMS_ADD0_CERT, 
-					CMS_R_CERTIFICATE_ALREADY_PRESENT);
-				return 0;
-				}
-			}
-		}
-	cch = CMS_add0_CertificateChoices(cms);
-	if (!cch)
-		return 0;
-	cch->type = CMS_CERTCHOICE_CERT;
-	cch->d.certificate = cert;
-	return 1;
-	}
-
-int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
-	{
-	int r;
-	r = CMS_add0_cert(cms, cert);
-	if (r > 0)
-		CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-	return r;
-	}
-
-static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
-	{
-	switch (OBJ_obj2nid(cms->contentType))
-		{
-
-		case NID_pkcs7_signed:
-		return &cms->d.signedData->crls;
-
-		case NID_pkcs7_enveloped:
-		return &cms->d.envelopedData->originatorInfo->crls;
-
-		default:
-		CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
-					CMS_R_UNSUPPORTED_CONTENT_TYPE);
-		return NULL;
-
-		}
-	}
-
-CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
-	{
-	STACK_OF(CMS_RevocationInfoChoice) **pcrls;
-	CMS_RevocationInfoChoice *rch;
-	pcrls = cms_get0_revocation_choices(cms);
-	if (!pcrls)
-		return NULL;
-	if (!*pcrls)
-		*pcrls = sk_CMS_RevocationInfoChoice_new_null();
-	if (!*pcrls)
-		return NULL;
-	rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
-	if (!rch)
-		return NULL;
-	if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch))
-		{
-		M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
-		return NULL;
-		}
-	return rch;
-	}
-
-int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
-	{
-	CMS_RevocationInfoChoice *rch;
-	rch = CMS_add0_RevocationInfoChoice(cms);
-	if (!rch)
-		return 0;
-	rch->type = CMS_REVCHOICE_CRL;
-	rch->d.crl = crl;
-	return 1;
-	}
-
-int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
-	{
-	int r;
-	r = CMS_add0_crl(cms, crl);
-	if (r > 0)
-		CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
-	return r;
-	}
-
-STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
-	{
-	STACK_OF(X509) *certs = NULL;
-	CMS_CertificateChoices *cch;
-	STACK_OF(CMS_CertificateChoices) **pcerts;
-	int i;
-	pcerts = cms_get0_certificate_choices(cms);
-	if (!pcerts)
-		return NULL;
-	for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
-		{
-		cch = sk_CMS_CertificateChoices_value(*pcerts, i);
-		if (cch->type == 0)
-			{
-			if (!certs)
-				{
-				certs = sk_X509_new_null();
-				if (!certs)
-					return NULL;
-				}
-			if (!sk_X509_push(certs, cch->d.certificate))
-				{
-				sk_X509_pop_free(certs, X509_free);
-				return NULL;
-				}
-			CRYPTO_add(&cch->d.certificate->references,
-						1, CRYPTO_LOCK_X509);
-			}
-		}
-	return certs;
-
-	}
-
-STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
-	{
-	STACK_OF(X509_CRL) *crls = NULL;
-	STACK_OF(CMS_RevocationInfoChoice) **pcrls;
-	CMS_RevocationInfoChoice *rch;
-	int i;
-	pcrls = cms_get0_revocation_choices(cms);
-	if (!pcrls)
-		return NULL;
-	for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++)
-		{
-		rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
-		if (rch->type == 0)
-			{
-			if (!crls)
-				{
-				crls = sk_X509_CRL_new_null();
-				if (!crls)
-					return NULL;
-				}
-			if (!sk_X509_CRL_push(crls, rch->d.crl))
-				{
-				sk_X509_CRL_pop_free(crls, X509_CRL_free);
-				return NULL;
-				}
-			CRYPTO_add(&rch->d.crl->references,
-						1, CRYPTO_LOCK_X509_CRL);
-			}
-		}
-	return crls;
-	}
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
deleted file mode 100644
index 71f2ddb496..0000000000
--- a/crypto/cms/cms_pwri.c
+++ /dev/null
@@ -1,455 +0,0 @@
-/* crypto/cms/cms_pwri.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2009 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include <openssl/rand.h>
-#include <openssl/aes.h>
-#include "cms_lcl.h"
-#include "asn1_locl.h"
-
-int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 
-				unsigned char *pass, ossl_ssize_t passlen)
-	{
-	CMS_PasswordRecipientInfo *pwri;
-	if (ri->type != CMS_RECIPINFO_PASS)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
-		return 0;
-		}
-
-	pwri = ri->d.pwri;
-	pwri->pass = pass;
-	if (pass && passlen < 0)
-		passlen = strlen((char *)pass);
-	pwri->passlen = passlen;
-	return 1;
-	}
-
-CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
-					int iter, int wrap_nid, int pbe_nid,
-					unsigned char *pass,
-					ossl_ssize_t passlen,
-					const EVP_CIPHER *kekciph)
-	{
-	CMS_RecipientInfo *ri = NULL;
-	CMS_EnvelopedData *env;
-	CMS_PasswordRecipientInfo *pwri;
-	EVP_CIPHER_CTX ctx;
-	X509_ALGOR *encalg = NULL;
-	unsigned char iv[EVP_MAX_IV_LENGTH];
-	int ivlen;
-
-	env = cms_get0_enveloped(cms);
-	if (!env)
-		return NULL;
-
-	if (wrap_nid <= 0)
-		wrap_nid = NID_id_alg_PWRI_KEK;
-
-	if (pbe_nid <= 0)
-		pbe_nid = NID_id_pbkdf2;
-
-	/* Get from enveloped data */
-	if (kekciph == NULL)
-		kekciph = env->encryptedContentInfo->cipher;
-
-	if (kekciph == NULL)
-		{
-		CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER);
-		return NULL;
-		}
-	if (wrap_nid != NID_id_alg_PWRI_KEK)
-		{
-		CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
-				CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
-		return NULL;
-		}
-
-	/* Setup algorithm identifier for cipher */
-	encalg = X509_ALGOR_new();
-	EVP_CIPHER_CTX_init(&ctx);
-
-	if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0)
-		{
-		CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
-		goto err;
-		}
-
-	ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
-
-	if (ivlen > 0)
-		{
-		if (RAND_pseudo_bytes(iv, ivlen) <= 0)
-			goto err;
-		if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0)
-			{
-			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
-							ERR_R_EVP_LIB);
-			goto err;
-			}
-		encalg->parameter = ASN1_TYPE_new();
-		if (!encalg->parameter)
-			{
-			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
-							ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0)
-			{
-			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
-				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
-			goto err;
-			}
-		}
-
-
-	encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
-
-	EVP_CIPHER_CTX_cleanup(&ctx);
-
-	/* Initialize recipient info */
-	ri = M_ASN1_new_of(CMS_RecipientInfo);
-	if (!ri)
-		goto merr;
-
-	ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo);
-	if (!ri->d.pwri)
-		goto merr;
-	ri->type = CMS_RECIPINFO_PASS;
-
-	pwri = ri->d.pwri;
-	/* Since this is overwritten, free up empty structure already there */
-	X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
-	pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
-	if (!pwri->keyEncryptionAlgorithm)
-		goto merr;
-	pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
-	pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
-	if (!pwri->keyEncryptionAlgorithm->parameter)
-		goto merr;
-
-        if(!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
-	    &pwri->keyEncryptionAlgorithm->parameter->value.sequence))
-		goto merr;
-        pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
-
-	X509_ALGOR_free(encalg);
-	encalg = NULL;
-
-	/* Setup PBE algorithm */
-
-	pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1);
-
-	if (!pwri->keyDerivationAlgorithm)
-		goto err;
-
-	CMS_RecipientInfo_set0_password(ri, pass, passlen);
-	pwri->version = 0;
-
-	if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
-		goto merr;
-
-	return ri;
-
-	merr:
-	CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
-	err:
-	EVP_CIPHER_CTX_cleanup(&ctx);
-	if (ri)
-		M_ASN1_free_of(ri, CMS_RecipientInfo);
-	if (encalg)
-		X509_ALGOR_free(encalg);
-	return NULL;
-
-	}
-
-/* This is an implementation of the key wrapping mechanism in RFC3211,
- * at some point this should go into EVP.
- */
-
-static int kek_unwrap_key(unsigned char *out, size_t *outlen,
-		const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx)
-	{
-	size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
-	unsigned char *tmp;
-	int outl, rv = 0;
-	if (inlen < 2 * blocklen)
-		{
-		/* too small */
-		return 0;
-		}
-	if (inlen % blocklen)
-		{
-		/* Invalid size */
-		return 0;
-		}
-	tmp = OPENSSL_malloc(inlen);
-	/* setup IV by decrypting last two blocks */
-	EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
-				in  + inlen - 2 * blocklen, blocklen * 2);
-	/* Do a decrypt of last decrypted block to set IV to correct value
-	 * output it to start of buffer so we don't corrupt decrypted block
-	 * this works because buffer is at least two block lengths long.
-	 */
-	EVP_DecryptUpdate(ctx, tmp, &outl,
-				tmp  + inlen - blocklen, blocklen);
-	/* Can now decrypt first n - 1 blocks */
-	EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
-
-	/* Reset IV to original value */
-	EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
-	/* Decrypt again */
-	EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
-	/* Check check bytes */
-	if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff)
-		{
-		/* Check byte failure */
-		goto err;
-		}
-	if (inlen < (size_t)(tmp[0] - 4 ))
-		{
-		/* Invalid length value */
-		goto err;
-		}
-	*outlen = (size_t)tmp[0];
-	memcpy(out, tmp + 4, *outlen);
-	rv = 1;
-	err:
-	OPENSSL_cleanse(tmp, inlen);
-	OPENSSL_free(tmp);
-	return rv;
-
-	}
-
-static int kek_wrap_key(unsigned char *out, size_t *outlen,
-		const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx)
-	{
-	size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
-	size_t olen;
-	int dummy;
-	/* First decide length of output buffer: need header and round up to
-	 * multiple of block length.
-	 */
-	olen = (inlen + 4 + blocklen - 1)/blocklen;
-	olen *= blocklen;
-	if (olen < 2 * blocklen)
-		{
-		/* Key too small */
-		return 0;
-		}
-	if (inlen > 0xFF)
-		{
-		/* Key too large */
-		return 0;
-		}
-	if (out)
-		{
-		/* Set header */
-		out[0] = (unsigned char)inlen;
-		out[1] = in[0] ^ 0xFF;
-		out[2] = in[1] ^ 0xFF;
-		out[3] = in[2] ^ 0xFF;
-		memcpy(out + 4, in, inlen);
-		/* Add random padding to end */
-		if (olen > inlen + 4)
-			RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen);
-		/* Encrypt twice */
-		EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
-		EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
-		}
-
-	*outlen = olen;
-
-	return 1;
-	}
-
-/* Encrypt/Decrypt content key in PWRI recipient info */
-
-int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
-							int en_de)
-	{
-	CMS_EncryptedContentInfo *ec;
-	CMS_PasswordRecipientInfo *pwri;
-	const unsigned char *p = NULL;
-	int plen;
-	int r = 0;
-	X509_ALGOR *algtmp, *kekalg = NULL;
-	EVP_CIPHER_CTX kekctx;
-	const EVP_CIPHER *kekcipher;
-	unsigned char *key = NULL;
-	size_t keylen;
-
-	ec = cms->d.envelopedData->encryptedContentInfo;
-
-	pwri = ri->d.pwri;
-	EVP_CIPHER_CTX_init(&kekctx);
-
-	if (!pwri->pass)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
-		return 0;
-		}
-	algtmp = pwri->keyEncryptionAlgorithm;
-
-	if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-				CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
-		return 0;
-		}
-
-	if (algtmp->parameter->type == V_ASN1_SEQUENCE)
-		{
-		p = algtmp->parameter->value.sequence->data;
-		plen = algtmp->parameter->value.sequence->length;
-		kekalg = d2i_X509_ALGOR(NULL, &p, plen);
-		}
-	if (kekalg == NULL)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-				CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
-		return 0;
-		}
-
-	kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
-		
-	if(!kekcipher)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-				CMS_R_UNKNOWN_CIPHER);
-		goto err;
-		}
-
-	/* Fixup cipher based on AlgorithmIdentifier to set IV etc */
-	if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
-		goto err;
-	EVP_CIPHER_CTX_set_padding(&kekctx, 0);
-	if(EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
-		goto err;
-		}
-
-	algtmp = pwri->keyDerivationAlgorithm;
-
-	/* Finish password based key derivation to setup key in "ctx" */
-
-	if (EVP_PBE_CipherInit(algtmp->algorithm,
-				(char *)pwri->pass, pwri->passlen,
-				algtmp->parameter, &kekctx, en_de) < 0)
-		{
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
-		goto err;
-		}
-
-	/* Finally wrap/unwrap the key */
-
-	if (en_de)
-		{
-
-		if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
-			goto err;
-
-		key = OPENSSL_malloc(keylen);
-
-		if (!key)
-			goto err;
-
-		if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx))
-			goto err;
-		pwri->encryptedKey->data = key;
-		pwri->encryptedKey->length = keylen;
-		}
-	else
-		{
-		key = OPENSSL_malloc(pwri->encryptedKey->length);
-
-		if (!key)
-			{
-			CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-							ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (!kek_unwrap_key(key, &keylen,
-					pwri->encryptedKey->data,
-					pwri->encryptedKey->length, &kekctx))
-			{
-			CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-							CMS_R_UNWRAP_FAILURE);
-			goto err;
-			}
-
-		ec->key = key;
-		ec->keylen = keylen;
-
-		}
-
-	r = 1;
-
-	err:
-
-	EVP_CIPHER_CTX_cleanup(&kekctx);
-
-	if (!r && key)
-		OPENSSL_free(key);
-	X509_ALGOR_free(kekalg);
-
-	return r;
-
-	}
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
deleted file mode 100644
index 51dd33a1c3..0000000000
--- a/crypto/cms/cms_sd.c
+++ /dev/null
@@ -1,985 +0,0 @@
-/* crypto/cms/cms_sd.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include "cms_lcl.h"
-#include "asn1_locl.h"
-
-/* CMS SignedData Utilities */
-
-DECLARE_ASN1_ITEM(CMS_SignedData)
-
-static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
-	{
-	if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed)
-		{
-		CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
-		return NULL;
-		}
-	return cms->d.signedData;
-	}
-
-static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
-	{
-	if (cms->d.other == NULL)
-		{
-		cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
-		if (!cms->d.signedData)
-			{
-			CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
-			return NULL;
-			}
-		cms->d.signedData->version = 1;
-		cms->d.signedData->encapContentInfo->eContentType =
-						OBJ_nid2obj(NID_pkcs7_data);
-		cms->d.signedData->encapContentInfo->partial = 1;
-		ASN1_OBJECT_free(cms->contentType);
-		cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
-		return cms->d.signedData;
-		}
-	return cms_get0_signed(cms);
-	}
-
-/* Just initialize SignedData e.g. for certs only structure */
-
-int CMS_SignedData_init(CMS_ContentInfo *cms)
-	{
-	if (cms_signed_data_init(cms))
-		return 1;
-	else
-		return 0;
-	}
-
-/* Check structures and fixup version numbers (if necessary) */
-
-static void cms_sd_set_version(CMS_SignedData *sd)
-	{
-	int i;
-	CMS_CertificateChoices *cch;
-	CMS_RevocationInfoChoice *rch;
-	CMS_SignerInfo *si;
-
-	for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++)
-		{
-		cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
-		if (cch->type == CMS_CERTCHOICE_OTHER)
-			{
-			if (sd->version < 5)
-				sd->version = 5;
-			}
-		else if (cch->type == CMS_CERTCHOICE_V2ACERT)
-			{
-			if (sd->version < 4)
-				sd->version = 4;
-			}
-		else if (cch->type == CMS_CERTCHOICE_V1ACERT)
-			{
-			if (sd->version < 3)
-				sd->version = 3;
-			}
-		}
-
-	for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++)
-		{
-		rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
-		if (rch->type == CMS_REVCHOICE_OTHER)
-			{
-			if (sd->version < 5)
-				sd->version = 5;
-			}
-		}
-
-	if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
-			&& (sd->version < 3))
-		sd->version = 3;
-
-	for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
-		{
-		si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
-		if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
-			{
-			if (si->version < 3)
-				si->version = 3;
-			if (sd->version < 3)
-				sd->version = 3;
-			}
-		else if (si->version < 1)
-			si->version = 1;
-		}
-
-	if (sd->version < 1)
-		sd->version = 1;
-
-	}
-	
-/* Copy an existing messageDigest value */
-
-static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
-	{
-	STACK_OF(CMS_SignerInfo) *sinfos;
-	CMS_SignerInfo *sitmp;
-	int i;
-	sinfos = CMS_get0_SignerInfos(cms);
-	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-		{
-		ASN1_OCTET_STRING *messageDigest;
-		sitmp = sk_CMS_SignerInfo_value(sinfos, i);
-		if (sitmp == si)
-			continue;
-		if (CMS_signed_get_attr_count(sitmp) < 0)
-			continue;
-		if (OBJ_cmp(si->digestAlgorithm->algorithm,
-				sitmp->digestAlgorithm->algorithm))
-			continue;
-		messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
-					OBJ_nid2obj(NID_pkcs9_messageDigest),
-					-3, V_ASN1_OCTET_STRING);
-		if (!messageDigest)
-			{
-			CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
-				CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
-			return 0;
-			}
-
-		if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
-						V_ASN1_OCTET_STRING,
-						messageDigest, -1))
-			return 1;
-		else
-			return 0;
-		}
-		CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
-		return 0;
-	}
-
-int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
-	{
-	switch(type)
-		{
-		case CMS_SIGNERINFO_ISSUER_SERIAL:
-		sid->d.issuerAndSerialNumber =
-			M_ASN1_new_of(CMS_IssuerAndSerialNumber);
-		if (!sid->d.issuerAndSerialNumber)
-			goto merr;
-		if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
-					X509_get_issuer_name(cert)))
-			goto merr;
-		if (!ASN1_STRING_copy(
-			sid->d.issuerAndSerialNumber->serialNumber,
-				X509_get_serialNumber(cert)))
-			goto merr;
-		break;
-
-		case CMS_SIGNERINFO_KEYIDENTIFIER:
-		if (!cert->skid)
-			{
-			CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
-					CMS_R_CERTIFICATE_HAS_NO_KEYID);
-			return 0;
-			}
-		sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
-		if (!sid->d.subjectKeyIdentifier)
-			goto merr;
-		break;
-
-		default:
-		CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
-		return 0;
-		}
-
-	sid->type = type;
-
-	return 1;
-
-	merr:
-	CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
-	return 0;
-
-	}
-
-int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno)
-	{
-	if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
-		{
-		if (issuer)
-			*issuer = sid->d.issuerAndSerialNumber->issuer;
-		if (sno)
-			*sno = sid->d.issuerAndSerialNumber->serialNumber;
-		}
-	else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
-		{
-		if (keyid)
-			*keyid = sid->d.subjectKeyIdentifier;
-		}
-	else
-		return 0;
-	return 1;
-	}
-
-int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
-	{
-	int ret;
-	if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
-		{
-		ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
-					X509_get_issuer_name(cert));
-		if (ret)
-			return ret;
-		return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
-					X509_get_serialNumber(cert));
-		}
-	else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
-		{
-		X509_check_purpose(cert, -1, -1);
-		if (!cert->skid)
-			return -1;
-		return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier,
-							cert->skid);
-		}
-	else
-		return -1;
-	}
-
-CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
-			X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
-			unsigned int flags)
-	{
-	CMS_SignedData *sd;
-	CMS_SignerInfo *si = NULL;
-	X509_ALGOR *alg;
-	int i, type;
-	if(!X509_check_private_key(signer, pk))
-		{
-		CMSerr(CMS_F_CMS_ADD1_SIGNER,
-			CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                return NULL;
-		}
-	sd = cms_signed_data_init(cms);
-	if (!sd)
-		goto err;
-	si = M_ASN1_new_of(CMS_SignerInfo);
-	if (!si)
-		goto merr;
-	X509_check_purpose(signer, -1, -1);
-
-	CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
-	CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
-
-	si->pkey = pk;
-	si->signer = signer;
-
-	if (flags & CMS_USE_KEYID)
-		{
-		si->version = 3;
-		if (sd->version < 3)
-			sd->version = 3;
-		type = CMS_SIGNERINFO_KEYIDENTIFIER;
-		}
-	else
-		{
-		type = CMS_SIGNERINFO_ISSUER_SERIAL;
-		si->version = 1;
-		}
-
-	if (!cms_set1_SignerIdentifier(si->sid, signer, type))
-		goto err;
-
-	if (md == NULL)
-		{
-		int def_nid;
-		if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
-			goto err;
-		md = EVP_get_digestbynid(def_nid);
-		if (md == NULL)
-			{
-			CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
-			goto err;
-			}
-		}
-
-	if (!md)
-		{
-		CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
-		goto err;
-		}
-
-	cms_DigestAlgorithm_set(si->digestAlgorithm, md);
-
-	/* See if digest is present in digestAlgorithms */
-	for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
-		{
-		ASN1_OBJECT *aoid;
-		alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
-		X509_ALGOR_get0(&aoid, NULL, NULL, alg);
-		if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
-			break;
-		}
-
-	if (i == sk_X509_ALGOR_num(sd->digestAlgorithms))
-		{
-		alg = X509_ALGOR_new();
-		if (!alg)
-			goto merr;
-		cms_DigestAlgorithm_set(alg, md);
-		if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg))
-			{
-			X509_ALGOR_free(alg);
-			goto merr;
-			}
-		}
-
-	if (pk->ameth && pk->ameth->pkey_ctrl)
-		{
-		i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
-						0, si);
-		if (i == -2)
-			{
-			CMSerr(CMS_F_CMS_ADD1_SIGNER,
-				CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-			goto err;
-			}
-		if (i <= 0)
-			{
-			CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
-			goto err;
-			}
-		}
-
-	if (!(flags & CMS_NOATTR))
-		{
-		/* Initialialize signed attributes strutucture so other
-		 * attributes such as signing time etc are added later
-		 * even if we add none here.
-		 */
-		if (!si->signedAttrs)
-			{
-			si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
-			if (!si->signedAttrs)
-				goto merr;
-			}
-
-		if (!(flags & CMS_NOSMIMECAP))
-			{
-			STACK_OF(X509_ALGOR) *smcap = NULL;
-			i = CMS_add_standard_smimecap(&smcap);
-			if (i)
-				i = CMS_add_smimecap(si, smcap);
-			sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
-			if (!i)
-				goto merr;
-			}
-		if (flags & CMS_REUSE_DIGEST)
-			{
-			if (!cms_copy_messageDigest(cms, si))
-				goto err;
-			if (!(flags & CMS_PARTIAL) &&
-					!CMS_SignerInfo_sign(si))
-				goto err;
-			}
-		}
-
-	if (!(flags & CMS_NOCERTS))
-		{
-		/* NB ignore -1 return for duplicate cert */
-		if (!CMS_add1_cert(cms, signer))
-			goto merr;
-		}
-
-	if (!sd->signerInfos)
-		sd->signerInfos = sk_CMS_SignerInfo_new_null();
-	if (!sd->signerInfos ||
-		!sk_CMS_SignerInfo_push(sd->signerInfos, si))
-		goto merr;
-
-	return si;
-
-	merr:
-	CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
-	err:
-	if (si)
-		M_ASN1_free_of(si, CMS_SignerInfo);
-	return NULL;
-
-	}
-
-static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
-	{
-	ASN1_TIME *tt;
-	int r = 0;
-	if (t)
-		tt = t;
-	else
-		tt = X509_gmtime_adj(NULL, 0);
-
-	if (!tt)
-		goto merr;
-
-	if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
-						tt->type, tt, -1) <= 0)
-		goto merr;
-
-	r = 1;
-
-	merr:
-
-	if (!t)
-		ASN1_TIME_free(tt);
-
-	if (!r)
-		CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
-
-	return r;
-
-	}
-
-STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
-	{
-	CMS_SignedData *sd;
-	sd = cms_get0_signed(cms);
-	if (!sd)
-		return NULL;
-	return sd->signerInfos;
-	}
-
-STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
-	{
-	STACK_OF(X509) *signers = NULL;
-	STACK_OF(CMS_SignerInfo) *sinfos;
-	CMS_SignerInfo *si;
-	int i;
-	sinfos = CMS_get0_SignerInfos(cms);
-	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-		{
-		si = sk_CMS_SignerInfo_value(sinfos, i);
-		if (si->signer)
-			{
-			if (!signers)
-				{
-				signers = sk_X509_new_null();
-				if (!signers)
-					return NULL;
-				}
-			if (!sk_X509_push(signers, si->signer))
-				{
-				sk_X509_free(signers);
-				return NULL;
-				}
-			}
-		}
-	return signers;
-	}
-
-void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
-	{
-	if (signer)
-		{
-		CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
-		if (si->pkey)
-			EVP_PKEY_free(si->pkey);
-		si->pkey = X509_get_pubkey(signer);
-		}
-	if (si->signer)
-		X509_free(si->signer);
-	si->signer = signer;
-	}
-
-int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno)
-	{
-	return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
-	}
-
-int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
-	{
-	return cms_SignerIdentifier_cert_cmp(si->sid, cert);
-	}
-
-int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
-				unsigned int flags)
-	{
-	CMS_SignedData *sd;
-	CMS_SignerInfo *si;
-	CMS_CertificateChoices *cch;
-	STACK_OF(CMS_CertificateChoices) *certs;
-	X509 *x;
-	int i, j;
-	int ret = 0;
-	sd = cms_get0_signed(cms);
-	if (!sd)
-		return -1;
-	certs = sd->certificates;
-	for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
-		{
-		si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
-		if (si->signer)
-			continue;
-
-		for (j = 0; j < sk_X509_num(scerts); j++)
-			{
-			x = sk_X509_value(scerts, j);
-			if (CMS_SignerInfo_cert_cmp(si, x) == 0)
-				{
-				CMS_SignerInfo_set1_signer_cert(si, x);
-				ret++;
-				break;
-				}
-			}
-
-		if (si->signer || (flags & CMS_NOINTERN))
-			continue;
-
-		for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++)
-			{
-			cch = sk_CMS_CertificateChoices_value(certs, j);
-			if (cch->type != 0)
-				continue;
-			x = cch->d.certificate;
-			if (CMS_SignerInfo_cert_cmp(si, x) == 0)
-				{
-				CMS_SignerInfo_set1_signer_cert(si, x);
-				ret++;
-				break;
-				}
-			}
-		}
-	return ret;
-	}
-
-void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
-					X509_ALGOR **pdig, X509_ALGOR **psig)
-	{
-	if (pk)
-		*pk = si->pkey;
-	if (signer)
-		*signer = si->signer;
-	if (pdig)
-		*pdig = si->digestAlgorithm;
-	if (psig)
-		*psig = si->signatureAlgorithm;
-	}
-
-static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
-					CMS_SignerInfo *si, BIO *chain)
-	{
-	EVP_MD_CTX mctx;
-	int r = 0;
-	EVP_MD_CTX_init(&mctx);
-
-
-	if (!si->pkey)
-		{
-		CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
-		return 0;
-		}
-
-	if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
-		goto err;
-
-	/* If any signed attributes calculate and add messageDigest attribute */
-
-	if (CMS_signed_get_attr_count(si) >= 0)
-		{
-		ASN1_OBJECT *ctype =
-			cms->d.signedData->encapContentInfo->eContentType; 
-		unsigned char md[EVP_MAX_MD_SIZE];
-		unsigned int mdlen;
-		if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
-			goto err;
-		if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
-						V_ASN1_OCTET_STRING,
-						md, mdlen))
-			goto err;
-		/* Copy content type across */
-		if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
-					V_ASN1_OBJECT, ctype, -1) <= 0)
-			goto err;
-		if (!CMS_SignerInfo_sign(si))
-			goto err;
-		}
-	else
-		{
-		unsigned char *sig;
-		unsigned int siglen;
-		sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
-		if (!sig)
-			{
-			CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
-					ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
-			{
-			CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
-					CMS_R_SIGNFINAL_ERROR);
-			OPENSSL_free(sig);
-			goto err;
-			}
-		ASN1_STRING_set0(si->signature, sig, siglen);
-		}
-
-	r = 1;
-
-	err:
-	EVP_MD_CTX_cleanup(&mctx);
-	return r;
-
-	}
-
-int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
-	{
-	STACK_OF(CMS_SignerInfo) *sinfos;
-	CMS_SignerInfo *si;
-	int i;
-	sinfos = CMS_get0_SignerInfos(cms);
-	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-		{
-		si = sk_CMS_SignerInfo_value(sinfos, i);
-		if (!cms_SignerInfo_content_sign(cms, si, chain))
-			return 0;
-		}
-	cms->d.signedData->encapContentInfo->partial = 0;
-	return 1;
-	}
-
-int CMS_SignerInfo_sign(CMS_SignerInfo *si)
-	{
-	EVP_MD_CTX mctx;
-	EVP_PKEY_CTX *pctx;
-	unsigned char *abuf = NULL;
-	int alen;
-	size_t siglen;
-	const EVP_MD *md = NULL;
-
-	md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
-	if (md == NULL)
-		return 0;
-
-	EVP_MD_CTX_init(&mctx);
-
-	if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0)
-		{
-		if (!cms_add1_signingTime(si, NULL))
-			goto err;
-		}
-
-	if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
-		goto err;
-
-	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-				EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
-		{
-		CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
-		goto err;
-		}
-
-	alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
-				ASN1_ITEM_rptr(CMS_Attributes_Sign));
-	if(!abuf)
-		goto err;
-	if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
-		goto err;
-	if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
-		goto err;
-	OPENSSL_free(abuf);
-	abuf = OPENSSL_malloc(siglen);
-	if(!abuf)
-		goto err;
-	if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
-		goto err;
-
-	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-				EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
-		{
-		CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
-		goto err;
-		}
-
-	EVP_MD_CTX_cleanup(&mctx);
-
-	ASN1_STRING_set0(si->signature, abuf, siglen);
-
-	return 1;
-
-	err:
-	if (abuf)
-		OPENSSL_free(abuf);
-	EVP_MD_CTX_cleanup(&mctx);
-	return 0;
-
-	}
-
-int CMS_SignerInfo_verify(CMS_SignerInfo *si)
-	{
-	EVP_MD_CTX mctx;
-	EVP_PKEY_CTX *pctx;
-	unsigned char *abuf = NULL;
-	int alen, r = -1;
-	const EVP_MD *md = NULL;
-
-	if (!si->pkey)
-		{
-		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
-		return -1;
-		}
-
-	md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
-	if (md == NULL)
-		return -1;
-	EVP_MD_CTX_init(&mctx);
-	if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
-		goto err;
-
-	alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
-				ASN1_ITEM_rptr(CMS_Attributes_Verify));
-	if(!abuf)
-		goto err;
-	r = EVP_DigestVerifyUpdate(&mctx, abuf, alen);
-	OPENSSL_free(abuf);
-	if (r <= 0)
-		{
-		r = -1;
-		goto err;
-		}
-	r = EVP_DigestVerifyFinal(&mctx,
-			si->signature->data, si->signature->length);
-	if (r <= 0)
-		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
-	err:
-	EVP_MD_CTX_cleanup(&mctx);
-	return r;
-	}
-
-/* Create a chain of digest BIOs from a CMS ContentInfo */
-
-BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
-	{
-	int i;
-	CMS_SignedData *sd;
-	BIO *chain = NULL;
-	sd = cms_get0_signed(cms);
-	if (!sd)
-		return NULL;
-	if (cms->d.signedData->encapContentInfo->partial)
-		cms_sd_set_version(sd);
-	for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
-		{
-		X509_ALGOR *digestAlgorithm;
-		BIO *mdbio;
-		digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
-		mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
-		if (!mdbio)
-			goto err;	
-		if (chain)
-			 BIO_push(chain, mdbio);
-		else
-			chain = mdbio;
-		}
-	return chain;
-	err:
-	if (chain)
-		BIO_free_all(chain);
-	return NULL;
-	}
-
-int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
-	{
-	ASN1_OCTET_STRING *os = NULL;
-	EVP_MD_CTX mctx;
-	int r = -1;
-	EVP_MD_CTX_init(&mctx);
-	/* If we have any signed attributes look for messageDigest value */
-	if (CMS_signed_get_attr_count(si) >= 0)
-		{
-		os = CMS_signed_get0_data_by_OBJ(si,
-					OBJ_nid2obj(NID_pkcs9_messageDigest),
-					-3, V_ASN1_OCTET_STRING);
-		if (!os)
-			{
-			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-				CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
-			goto err;
-			}
-		}
-
-	if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
-		goto err;
-
-	/* If messageDigest found compare it */
-
-	if (os)
-		{
-		unsigned char mval[EVP_MAX_MD_SIZE];
-		unsigned int mlen;
-		if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0)
-			{
-			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-				CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
-			goto err;
-			}
-		if (mlen != (unsigned int)os->length)
-			{
-			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-				CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
-			goto err;
-			}
-
-		if (memcmp(mval, os->data, mlen))
-			{
-			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-				CMS_R_VERIFICATION_FAILURE);
-			r = 0;
-			}
-		else
-			r = 1;
-		}
-	else
-		{
-		r = EVP_VerifyFinal(&mctx, si->signature->data,
-					si->signature->length, si->pkey);
-		if (r <= 0)
-			{
-			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-				CMS_R_VERIFICATION_FAILURE);
-			r = 0;
-			}
-		}
-
-	err:
-	EVP_MD_CTX_cleanup(&mctx);
-	return r;
-
-	}
-
-int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
-	{
-	unsigned char *smder = NULL;
-	int smderlen, r;
-	smderlen = i2d_X509_ALGORS(algs, &smder);
-	if (smderlen <= 0)
-		return 0;
-	r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
-					V_ASN1_SEQUENCE, smder, smderlen);
-	OPENSSL_free(smder);
-	return r;
-	}
-
-int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
-				int algnid, int keysize)
-	{
-	X509_ALGOR *alg;
-	ASN1_INTEGER *key = NULL;
-	if (keysize > 0)
-		{
-		key = ASN1_INTEGER_new();
-		if (!key || !ASN1_INTEGER_set(key, keysize))
-			return 0;
-		}
-	alg = X509_ALGOR_new();
-	if (!alg)
-		{
-		if (key)
-			ASN1_INTEGER_free(key);
-		return 0;
-		}
-		
-	X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
-				key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
-	if (!*algs)
-		*algs = sk_X509_ALGOR_new_null();
-	if (!*algs || !sk_X509_ALGOR_push(*algs, alg))
-		{
-		X509_ALGOR_free(alg);
-		return 0;
-		}
-	return 1;
-	}
-
-/* Check to see if a cipher exists and if so add S/MIME capabilities */
-
-static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
-	{
-	if (EVP_get_cipherbynid(nid))
-		return CMS_add_simple_smimecap(sk, nid, arg);
-	return 1;
-	}
-
-static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
-	{
-	if (EVP_get_digestbynid(nid))
-		return CMS_add_simple_smimecap(sk, nid, arg);
-	return 1;
-	}
-
-int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
-	{
-	if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
-		|| !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
-		|| !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
-		|| !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
-		return 0;
-	return 1;
-	}
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
deleted file mode 100644
index 1af9f3a60f..0000000000
--- a/crypto/cms/cms_smime.c
+++ /dev/null
@@ -1,851 +0,0 @@
-/* crypto/cms/cms_smime.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include "cms_lcl.h"
-
-static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
-	{
-	unsigned char buf[4096];
-	int r = 0, i;
-	BIO *tmpout = NULL;
-
-	if (out == NULL)
-		tmpout = BIO_new(BIO_s_null());
-	else if (flags & CMS_TEXT)
-		{
-		tmpout = BIO_new(BIO_s_mem());
-		BIO_set_mem_eof_return(tmpout, 0);
-		}
-	else
-		tmpout = out;
-
-	if(!tmpout)
-		{
-		CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	/* Read all content through chain to process digest, decrypt etc */
-	for (;;)
-	{
-		i=BIO_read(in,buf,sizeof(buf));
-		if (i <= 0)
-			{
-			if (BIO_method_type(in) == BIO_TYPE_CIPHER)
-				{
-				if (!BIO_get_cipher_status(in))
-					goto err;
-				}
-			if (i < 0)
-				goto err;
-			break;
-			}
-				
-		if (tmpout && (BIO_write(tmpout, buf, i) != i))
-			goto err;
-	}
-
-	if(flags & CMS_TEXT)
-		{
-		if(!SMIME_text(tmpout, out))
-			{
-			CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
-			goto err;
-			}
-		}
-
-	r = 1;
-
-	err:
-	if (tmpout && (tmpout != out))
-		BIO_free(tmpout);
-	return r;
-
-	}
-
-static int check_content(CMS_ContentInfo *cms)
-	{
-	ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
-	if (!pos || !*pos)
-		{
-		CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
-		return 0;
-		}
-	return 1;
-	}
-
-static void do_free_upto(BIO *f, BIO *upto)
-	{
-	if (upto)
-		{
-		BIO *tbio;
-		do 
-			{
-			tbio = BIO_pop(f);
-			BIO_free(f);
-			f = tbio;
-			}
-		while (f != upto);
-		}
-	else
-		BIO_free_all(f);
-	}
-
-int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
-	{
-	BIO *cont;
-	int r;
-	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data)
-		{
-		CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
-		return 0;
-		}
-	cont = CMS_dataInit(cms, NULL);
-	if (!cont)
-		return 0;
-	r = cms_copy_content(out, cont, flags);
-	BIO_free_all(cont);
-	return r;
-	}
-
-CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
-	{
-	CMS_ContentInfo *cms;
-	cms = cms_Data_create();
-	if (!cms)
-		return NULL;
-
-	if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
-		return cms;
-
-	CMS_ContentInfo_free(cms);
-
-	return NULL;
-	}
-
-int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags)
-	{
-	BIO *cont;
-	int r;
-	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest)
-		{
-		CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
-		return 0;
-		}
-
-	if (!dcont && !check_content(cms))
-		return 0;
-
-	cont = CMS_dataInit(cms, dcont);
-	if (!cont)
-		return 0;
-	r = cms_copy_content(out, cont, flags);
-	if (r)
-		r = cms_DigestedData_do_final(cms, cont, 1);
-	do_free_upto(cont, dcont);
-	return r;
-	}
-
-CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
-					unsigned int flags)
-	{
-	CMS_ContentInfo *cms;
-	if (!md)
-		md = EVP_sha1();
-	cms = cms_DigestedData_create(md);
-	if (!cms)
-		return NULL;
-
-	if(!(flags & CMS_DETACHED))
-		CMS_set_detached(cms, 0);
-
-	if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
-		return cms;
-
-	CMS_ContentInfo_free(cms);
-	return NULL;
-	}
-
-int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
-				const unsigned char *key, size_t keylen,
-				BIO *dcont, BIO *out, unsigned int flags)
-	{
-	BIO *cont;
-	int r;
-	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
-		{
-		CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
-					CMS_R_TYPE_NOT_ENCRYPTED_DATA);
-		return 0;
-		}
-
-	if (!dcont && !check_content(cms))
-		return 0;
-
-	if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
-		return 0;
-	cont = CMS_dataInit(cms, dcont);
-	if (!cont)
-		return 0;
-	r = cms_copy_content(out, cont, flags);
-	do_free_upto(cont, dcont);
-	return r;
-	}
-
-CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
-					const unsigned char *key, size_t keylen,
-					unsigned int flags)
-	{
-	CMS_ContentInfo *cms;
-	if (!cipher)
-		{
-		CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
-		return NULL;
-		}
-	cms = CMS_ContentInfo_new();
-	if (!cms)
-		return NULL;
-	if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
-		return NULL;
-
-	if(!(flags & CMS_DETACHED))
-		CMS_set_detached(cms, 0);
-
-	if ((flags & (CMS_STREAM|CMS_PARTIAL))
-		|| CMS_final(cms, in, NULL, flags))
-		return cms;
-
-	CMS_ContentInfo_free(cms);
-	return NULL;
-	}
-
-static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
-					X509_STORE *store,
-					STACK_OF(X509) *certs,
-					STACK_OF(X509_CRL) *crls,
-					unsigned int flags)
-	{
-	X509_STORE_CTX ctx;
-	X509 *signer;
-	int i, j, r = 0;
-	CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
-	if (!X509_STORE_CTX_init(&ctx, store, signer, certs))
-		{
-		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
-						CMS_R_STORE_INIT_ERROR);
-		goto err;
-		}
-	X509_STORE_CTX_set_default(&ctx, "smime_sign");
-	if (crls)
-		X509_STORE_CTX_set0_crls(&ctx, crls);
-
-	i = X509_verify_cert(&ctx);
-	if (i <= 0)
-		{
-		j = X509_STORE_CTX_get_error(&ctx);
-		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
-						CMS_R_CERTIFICATE_VERIFY_ERROR);
-		ERR_add_error_data(2, "Verify error:",
-					 X509_verify_cert_error_string(j));
-		goto err;
-		}
-	r = 1;
-	err:
-	X509_STORE_CTX_cleanup(&ctx);
-	return r;
-
-	}
-
-int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
-		 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
-	{
-	CMS_SignerInfo *si;
-	STACK_OF(CMS_SignerInfo) *sinfos;
-	STACK_OF(X509) *cms_certs = NULL;
-	STACK_OF(X509_CRL) *crls = NULL;
-	X509 *signer;
-	int i, scount = 0, ret = 0;
-	BIO *cmsbio = NULL, *tmpin = NULL;
-
-	if (!dcont && !check_content(cms))
-		return 0;
-
-	/* Attempt to find all signer certificates */
-
-	sinfos = CMS_get0_SignerInfos(cms);
-
-	if (sk_CMS_SignerInfo_num(sinfos) <= 0)
-		{
-		CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
-		goto err;
-		}
-
-	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-		{
-		si = sk_CMS_SignerInfo_value(sinfos, i);
-		CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
-		if (signer)
-			scount++;
-		}
-
-	if (scount != sk_CMS_SignerInfo_num(sinfos))
-		scount += CMS_set1_signers_certs(cms, certs, flags);
-
-	if (scount != sk_CMS_SignerInfo_num(sinfos))
-		{
-		CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
-		goto err;
-		}
-
-	/* Attempt to verify all signers certs */
-
-	if (!(flags & CMS_NO_SIGNER_CERT_VERIFY))
-		{
-		cms_certs = CMS_get1_certs(cms);
-		if (!(flags & CMS_NOCRL))
-			crls = CMS_get1_crls(cms);
-		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-			{
-			si = sk_CMS_SignerInfo_value(sinfos, i);
-			if (!cms_signerinfo_verify_cert(si, store,
-							cms_certs, crls, flags))
-				goto err;
-			}
-		}
-
-	/* Attempt to verify all SignerInfo signed attribute signatures */
-
-	if (!(flags & CMS_NO_ATTR_VERIFY))
-		{
-		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-			{
-			si = sk_CMS_SignerInfo_value(sinfos, i);
-			if (CMS_signed_get_attr_count(si) < 0)
-				continue;
-			if (CMS_SignerInfo_verify(si) <= 0)
-				goto err;
-			}
-		}
-
-	/* Performance optimization: if the content is a memory BIO then
-	 * store its contents in a temporary read only memory BIO. This
-	 * avoids potentially large numbers of slow copies of data which will
-	 * occur when reading from a read write memory BIO when signatures
-	 * are calculated.
-	 */
-
-	if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM))
-		{
-		char *ptr;
-		long len;
-		len = BIO_get_mem_data(dcont, &ptr);
-		tmpin = BIO_new_mem_buf(ptr, len);
-		if (tmpin == NULL)
-			{
-			CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		}
-	else
-		tmpin = dcont;
-		
-
-	cmsbio=CMS_dataInit(cms, tmpin);
-	if (!cmsbio)
-		goto err;
-
-	if (!cms_copy_content(out, cmsbio, flags))
-		goto err;
-
-	if (!(flags & CMS_NO_CONTENT_VERIFY))
-		{
-		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-			{
-			si = sk_CMS_SignerInfo_value(sinfos, i);
-			if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
-				{
-				CMSerr(CMS_F_CMS_VERIFY,
-					CMS_R_CONTENT_VERIFY_ERROR);
-				goto err;
-				}
-			}
-		}
-
-	ret = 1;
-
-	err:
-	
-	if (dcont && (tmpin == dcont))
-		do_free_upto(cmsbio, dcont);
-	else
-		BIO_free_all(cmsbio);
-
-	if (cms_certs)
-		sk_X509_pop_free(cms_certs, X509_free);
-	if (crls)
-		sk_X509_CRL_pop_free(crls, X509_CRL_free);
-
-	return ret;
-	}
-
-int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
-			STACK_OF(X509) *certs,
-			X509_STORE *store, unsigned int flags)
-	{
-	int r;
-	flags &= ~(CMS_DETACHED|CMS_TEXT);
-	r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
-	if (r <= 0)
-		return r;
-	return cms_Receipt_verify(rcms, ocms);
-	}
-
-CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-						BIO *data, unsigned int flags)
-	{
-	CMS_ContentInfo *cms;
-	int i;
-
-	cms = CMS_ContentInfo_new();
-	if (!cms || !CMS_SignedData_init(cms))
-		goto merr;
-
-	if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
-		{
-		CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
-		goto err;
-		}
-
-	for (i = 0; i < sk_X509_num(certs); i++)
-		{
-		X509 *x = sk_X509_value(certs, i);
-		if (!CMS_add1_cert(cms, x))
-			goto merr;
-		}
-
-	if(!(flags & CMS_DETACHED))
-		CMS_set_detached(cms, 0);
-
-	if ((flags & (CMS_STREAM|CMS_PARTIAL))
-		|| CMS_final(cms, data, NULL, flags))
-		return cms;
-	else
-		goto err;
-
-	merr:
-	CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
-
-	err:
-	if (cms)
-		CMS_ContentInfo_free(cms);
-	return NULL;
-	}
-
-CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
-					X509 *signcert, EVP_PKEY *pkey,
-					STACK_OF(X509) *certs,
-					unsigned int flags)
-	{
-	CMS_SignerInfo *rct_si;
-	CMS_ContentInfo *cms = NULL;
-	ASN1_OCTET_STRING **pos, *os;
-	BIO *rct_cont = NULL;
-	int r = 0;
-
-	flags &= ~(CMS_STREAM|CMS_TEXT);
-	/* Not really detached but avoids content being allocated */
-	flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
-	if (!pkey || !signcert)
-		{
-		CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
-		return NULL;
-		}
-
-	/* Initialize signed data */
-
-	cms = CMS_sign(NULL, NULL, certs, NULL, flags);
-	if (!cms)
-		goto err;
-
-	/* Set inner content type to signed receipt */
-	if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
-		goto err;
-
-	rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
-	if (!rct_si)
-		{
-		CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
-		goto err;
-		}
-
-	os = cms_encode_Receipt(si);
-
-	if (!os)
-		goto err;
-
-	/* Set content to digest */
-	rct_cont = BIO_new_mem_buf(os->data, os->length);
-	if (!rct_cont)
-		goto err;
-
-	/* Add msgSigDigest attribute */
-
-	if (!cms_msgSigDigest_add1(rct_si, si))
-		goto err;
-
-	/* Finalize structure */
-	if (!CMS_final(cms, rct_cont, NULL, flags))
-		goto err;
-
-	/* Set embedded content */
-	pos = CMS_get0_content(cms);
-	*pos = os;
-
-	r = 1;
-
-	err:
-	if (rct_cont)
-		BIO_free(rct_cont);
-	if (r)
-		return cms;
-	CMS_ContentInfo_free(cms);
-	return NULL;
-
-	}
-
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
-				const EVP_CIPHER *cipher, unsigned int flags)
-	{
-	CMS_ContentInfo *cms;
-	int i;
-	X509 *recip;
-	cms = CMS_EnvelopedData_create(cipher);
-	if (!cms)
-		goto merr;
-	for (i = 0; i < sk_X509_num(certs); i++)
-		{
-		recip = sk_X509_value(certs, i);
-		if (!CMS_add1_recipient_cert(cms, recip, flags))
-			{
-			CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
-			goto err;
-			}
-		}
-
-	if(!(flags & CMS_DETACHED))
-		CMS_set_detached(cms, 0);
-
-	if ((flags & (CMS_STREAM|CMS_PARTIAL))
-		|| CMS_final(cms, data, NULL, flags))
-		return cms;
-	else
-		goto err;
-
-	merr:
-	CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
-	err:
-	if (cms)
-		CMS_ContentInfo_free(cms);
-	return NULL;
-	}
-
-int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
-	{
-	STACK_OF(CMS_RecipientInfo) *ris;
-	CMS_RecipientInfo *ri;
-	int i, r;
-	int debug = 0, ri_match = 0;
-	ris = CMS_get0_RecipientInfos(cms);
-	if (ris)
-		debug = cms->d.envelopedData->encryptedContentInfo->debug;
-	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
-		{
-		ri = sk_CMS_RecipientInfo_value(ris, i);
-		if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
-				continue;
-		ri_match = 1;
-		/* If we have a cert try matching RecipientInfo
-		 * otherwise try them all.
-		 */
-		if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
-			{
-			CMS_RecipientInfo_set0_pkey(ri, pk);
-			r = CMS_RecipientInfo_decrypt(cms, ri);
-			CMS_RecipientInfo_set0_pkey(ri, NULL);
-			if (cert)
-				{
-				/* If not debugging clear any error and
-				 * return success to avoid leaking of
-				 * information useful to MMA
-				 */
-				if (!debug)
-					{
-					ERR_clear_error();
-					return 1;
-					}
-				if (r > 0)
-					return 1;
-				CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
-						CMS_R_DECRYPT_ERROR);
-				return 0;
-				}
-			/* If no cert and not debugging don't leave loop
-			 * after first successful decrypt. Always attempt
-			 * to decrypt all recipients to avoid leaking timing
-			 * of a successful decrypt.
-			 */
-			else if (r > 0 && debug)
-				return 1;
-			}
-		}
-	/* If no cert and not debugging always return success */
-	if (ri_match && !cert && !debug)
-		{
-		ERR_clear_error();
-		return 1;
-		}
-
-	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
-	return 0;
-
-	}
-
-int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 
-				unsigned char *key, size_t keylen,
-				unsigned char *id, size_t idlen)
-	{
-	STACK_OF(CMS_RecipientInfo) *ris;
-	CMS_RecipientInfo *ri;
-	int i, r;
-	ris = CMS_get0_RecipientInfos(cms);
-	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
-		{
-		ri = sk_CMS_RecipientInfo_value(ris, i);
-		if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
-				continue;
-
-		/* If we have an id try matching RecipientInfo
-		 * otherwise try them all.
-		 */
-		if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0))
-			{
-			CMS_RecipientInfo_set0_key(ri, key, keylen);
-			r = CMS_RecipientInfo_decrypt(cms, ri);
-			CMS_RecipientInfo_set0_key(ri, NULL, 0);
-			if (r > 0)
-				return 1;
-			if (id)
-				{
-				CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
-						CMS_R_DECRYPT_ERROR);
-				return 0;
-				}
-			ERR_clear_error();
-			}
-		}
-
-	CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
-	return 0;
-
-	}
-
-int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 
-				unsigned char *pass, ossl_ssize_t passlen)
-	{
-	STACK_OF(CMS_RecipientInfo) *ris;
-	CMS_RecipientInfo *ri;
-	int i, r;
-	ris = CMS_get0_RecipientInfos(cms);
-	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
-		{
-		ri = sk_CMS_RecipientInfo_value(ris, i);
-		if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
-				continue;
-		CMS_RecipientInfo_set0_password(ri, pass, passlen);
-		r = CMS_RecipientInfo_decrypt(cms, ri);
-		CMS_RecipientInfo_set0_password(ri, NULL, 0);
-		if (r > 0)
-			return 1;
-		}
-
-	CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
-	return 0;
-
-	}
-	
-int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
-				BIO *dcont, BIO *out,
-				unsigned int flags)
-	{
-	int r;
-	BIO *cont;
-	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
-		{
-		CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
-		return 0;
-		}
-	if (!dcont && !check_content(cms))
-		return 0;
-	if (flags & CMS_DEBUG_DECRYPT)
-		cms->d.envelopedData->encryptedContentInfo->debug = 1;
-	else
-		cms->d.envelopedData->encryptedContentInfo->debug = 0;
-	if (!pk && !cert && !dcont && !out)
-		return 1;
-	if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
-		return 0;
-	cont = CMS_dataInit(cms, dcont);
-	if (!cont)
-		return 0;
-	r = cms_copy_content(out, cont, flags);
-	do_free_upto(cont, dcont);
-	return r;
-	}
-
-int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
-	{
-	BIO *cmsbio;
-	int ret = 0;
-	if (!(cmsbio = CMS_dataInit(cms, dcont)))
-		{
-		CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	SMIME_crlf_copy(data, cmsbio, flags);
-
-	(void)BIO_flush(cmsbio);
-
-
-        if (!CMS_dataFinal(cms, cmsbio))
-		{
-		CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
-		goto err;
-		}
-
-	ret = 1;
-
-	err:
-	do_free_upto(cmsbio, dcont);
-
-	return ret;
-
-	}
-
-#ifdef ZLIB
-
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags)
-	{
-	BIO *cont;
-	int r;
-	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData)
-		{
-		CMSerr(CMS_F_CMS_UNCOMPRESS,
-					CMS_R_TYPE_NOT_COMPRESSED_DATA);
-		return 0;
-		}
-
-	if (!dcont && !check_content(cms))
-		return 0;
-
-	cont = CMS_dataInit(cms, dcont);
-	if (!cont)
-		return 0;
-	r = cms_copy_content(out, cont, flags);
-	do_free_upto(cont, dcont);
-	return r;
-	}
-
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
-	{
-	CMS_ContentInfo *cms;
-	if (comp_nid <= 0)
-		comp_nid = NID_zlib_compression;
-	cms = cms_CompressedData_create(comp_nid);
-	if (!cms)
-		return NULL;
-
-	if(!(flags & CMS_DETACHED))
-		CMS_set_detached(cms, 0);
-
-	if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
-		return cms;
-
-	CMS_ContentInfo_free(cms);
-	return NULL;
-	}
-
-#else
-
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags)
-	{
-	CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-	return 0;
-	}
-
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
-	{
-	CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-	return NULL;
-	}
-
-#endif
diff --git a/crypto/comp/c_rle.c b/crypto/comp/c_rle.c
deleted file mode 100644
index 47dfb67fbd..0000000000
--- a/crypto/comp/c_rle.c
+++ /dev/null
@@ -1,61 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-
-static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
-static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
-
-static COMP_METHOD rle_method={
-	NID_rle_compression,
-	LN_rle_compression,
-	NULL,
-	NULL,
-	rle_compress_block,
-	rle_expand_block,
-	NULL,
-	NULL,
-	};
-
-COMP_METHOD *COMP_rle(void)
-	{
-	return(&rle_method);
-	}
-
-static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
-	     unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
-	/* int i; */
-
-	if (ilen == 0 || olen < (ilen-1))
-		{
-		/* ZZZZZZZZZZZZZZZZZZZZZZ */
-		return(-1);
-		}
-
-	*(out++)=0;
-	memcpy(out,in,ilen);
-	return(ilen+1);
-	}
-
-static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
-	     unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
-	int i;
-
-	if (olen < (ilen-1))
-		{
-		/* ZZZZZZZZZZZZZZZZZZZZZZ */
-		return(-1);
-		}
-
-	i= *(in++);
-	if (i == 0)
-		{
-		memcpy(out,in,ilen-1);
-		}
-	return(ilen-1);
-	}
diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
deleted file mode 100644
index 8adf35f3fc..0000000000
--- a/crypto/comp/c_zlib.c
+++ /dev/null
@@ -1,799 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-#include <openssl/err.h>
-
-COMP_METHOD *COMP_zlib(void );
-
-static COMP_METHOD zlib_method_nozlib={
-	NID_undef,
-	"(undef)",
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	};
-
-#ifndef ZLIB
-#undef ZLIB_SHARED
-#else
-
-#include <zlib.h>
-
-static int zlib_stateful_init(COMP_CTX *ctx);
-static void zlib_stateful_finish(COMP_CTX *ctx);
-static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
-static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
-
-
-/* memory allocations functions for zlib intialization */
-static void* zlib_zalloc(void* opaque, unsigned int no, unsigned int size)
-{
-	void *p;
-	
-	p=OPENSSL_malloc(no*size);
-	if (p)
-		memset(p, 0, no*size);
-	return p;
-}
-
-
-static void zlib_zfree(void* opaque, void* address)
-{
-	OPENSSL_free(address);
-}
-
-#if 0
-static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
-static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
-
-static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source,
-	uLong sourceLen);
-
-static COMP_METHOD zlib_stateless_method={
-	NID_zlib_compression,
-	LN_zlib_compression,
-	NULL,
-	NULL,
-	zlib_compress_block,
-	zlib_expand_block,
-	NULL,
-	NULL,
-	};
-#endif
-
-static COMP_METHOD zlib_stateful_method={
-	NID_zlib_compression,
-	LN_zlib_compression,
-	zlib_stateful_init,
-	zlib_stateful_finish,
-	zlib_stateful_compress_block,
-	zlib_stateful_expand_block,
-	NULL,
-	NULL,
-	};
-
-/* 
- * When OpenSSL is built on Windows, we do not want to require that
- * the ZLIB.DLL be available in order for the OpenSSL DLLs to
- * work.  Therefore, all ZLIB routines are loaded at run time
- * and we do not link to a .LIB file when ZLIB_SHARED is set.
- */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-# include <windows.h>
-#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
-
-#ifdef ZLIB_SHARED
-#include <openssl/dso.h>
-
-/* Function pointers */
-typedef int (*compress_ft)(Bytef *dest,uLongf *destLen,
-	const Bytef *source, uLong sourceLen);
-typedef int (*inflateEnd_ft)(z_streamp strm);
-typedef int (*inflate_ft)(z_streamp strm, int flush);
-typedef int (*inflateInit__ft)(z_streamp strm,
-	const char * version, int stream_size);
-typedef int (*deflateEnd_ft)(z_streamp strm);
-typedef int (*deflate_ft)(z_streamp strm, int flush);
-typedef int (*deflateInit__ft)(z_streamp strm, int level,
-	const char * version, int stream_size);
-typedef const char * (*zError__ft)(int err);
-static compress_ft	p_compress=NULL;
-static inflateEnd_ft	p_inflateEnd=NULL;
-static inflate_ft	p_inflate=NULL;
-static inflateInit__ft	p_inflateInit_=NULL;
-static deflateEnd_ft	p_deflateEnd=NULL;
-static deflate_ft	p_deflate=NULL;
-static deflateInit__ft	p_deflateInit_=NULL;
-static zError__ft	p_zError=NULL;
-
-static int zlib_loaded = 0;     /* only attempt to init func pts once */
-static DSO *zlib_dso = NULL;
-
-#define compress                p_compress
-#define inflateEnd              p_inflateEnd
-#define inflate                 p_inflate
-#define inflateInit_            p_inflateInit_
-#define deflateEnd              p_deflateEnd
-#define deflate                 p_deflate
-#define deflateInit_            p_deflateInit_
-#define zError			p_zError
-#endif /* ZLIB_SHARED */
-
-struct zlib_state
-	{
-	z_stream istream;
-	z_stream ostream;
-	};
-
-static int zlib_stateful_ex_idx = -1;
-
-static int zlib_stateful_init(COMP_CTX *ctx)
-	{
-	int err;
-	struct zlib_state *state =
-		(struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state));
-
-	if (state == NULL)
-		goto err;
-
-	state->istream.zalloc = zlib_zalloc;
-	state->istream.zfree = zlib_zfree;
-	state->istream.opaque = Z_NULL;
-	state->istream.next_in = Z_NULL;
-	state->istream.next_out = Z_NULL;
-	state->istream.avail_in = 0;
-	state->istream.avail_out = 0;
-	err = inflateInit_(&state->istream,
-		ZLIB_VERSION, sizeof(z_stream));
-	if (err != Z_OK)
-		goto err;
-
-	state->ostream.zalloc = zlib_zalloc;
-	state->ostream.zfree = zlib_zfree;
-	state->ostream.opaque = Z_NULL;
-	state->ostream.next_in = Z_NULL;
-	state->ostream.next_out = Z_NULL;
-	state->ostream.avail_in = 0;
-	state->ostream.avail_out = 0;
-	err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION,
-		ZLIB_VERSION, sizeof(z_stream));
-	if (err != Z_OK)
-		goto err;
-
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
-	CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state);
-	return 1;
- err:
-	if (state) OPENSSL_free(state);
-	return 0;
-	}
-
-static void zlib_stateful_finish(COMP_CTX *ctx)
-	{
-	struct zlib_state *state =
-		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-			zlib_stateful_ex_idx);
-	inflateEnd(&state->istream);
-	deflateEnd(&state->ostream);
-	OPENSSL_free(state);
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
-	}
-
-static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
-	int err = Z_OK;
-	struct zlib_state *state =
-		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-			zlib_stateful_ex_idx);
-
-	if (state == NULL)
-		return -1;
-
-	state->ostream.next_in = in;
-	state->ostream.avail_in = ilen;
-	state->ostream.next_out = out;
-	state->ostream.avail_out = olen;
-	if (ilen > 0)
-		err = deflate(&state->ostream, Z_SYNC_FLUSH);
-	if (err != Z_OK)
-		return -1;
-#ifdef DEBUG_ZLIB
-	fprintf(stderr,"compress(%4d)->%4d %s\n",
-		ilen,olen - state->ostream.avail_out,
-		(ilen != olen - state->ostream.avail_out)?"zlib":"clear");
-#endif
-	return olen - state->ostream.avail_out;
-	}
-
-static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
-	int err = Z_OK;
-
-	struct zlib_state *state =
-		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-			zlib_stateful_ex_idx);
-
-	if (state == NULL)
-		return 0;
-
-	state->istream.next_in = in;
-	state->istream.avail_in = ilen;
-	state->istream.next_out = out;
-	state->istream.avail_out = olen;
-	if (ilen > 0)
-		err = inflate(&state->istream, Z_SYNC_FLUSH);
-	if (err != Z_OK)
-		return -1;
-#ifdef DEBUG_ZLIB
-	fprintf(stderr,"expand(%4d)->%4d %s\n",
-		ilen,olen - state->istream.avail_out,
-		(ilen != olen - state->istream.avail_out)?"zlib":"clear");
-#endif
-	return olen - state->istream.avail_out;
-	}
-
-#if 0
-static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
-	unsigned long l;
-	int i;
-	int clear=1;
-
-	if (ilen > 128)
-		{
-		out[0]=1;
-		l=olen-1;
-		i=compress(&(out[1]),&l,in,(unsigned long)ilen);
-		if (i != Z_OK)
-			return(-1);
-		if (ilen > l)
-			{
-			clear=0;
-			l++;
-			}
-		}
-	if (clear)
-		{
-		out[0]=0;
-		memcpy(&(out[1]),in,ilen);
-		l=ilen+1;
-		}
-#ifdef DEBUG_ZLIB
-	fprintf(stderr,"compress(%4d)->%4d %s\n",
-		ilen,(int)l,(clear)?"clear":"zlib");
-#endif
-	return((int)l);
-	}
-
-static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
-	unsigned long l;
-	int i;
-
-	if (in[0])
-		{
-		l=olen;
-		i=zz_uncompress(out,&l,&(in[1]),(unsigned long)ilen-1);
-		if (i != Z_OK)
-			return(-1);
-		}
-	else
-		{
-		memcpy(out,&(in[1]),ilen-1);
-		l=ilen-1;
-		}
-#ifdef DEBUG_ZLIB
-        fprintf(stderr,"expand  (%4d)->%4d %s\n",
-		ilen,(int)l,in[0]?"zlib":"clear");
-#endif
-	return((int)l);
-	}
-
-static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source,
-	     uLong sourceLen)
-{
-    z_stream stream;
-    int err;
-
-    stream.next_in = (Bytef*)source;
-    stream.avail_in = (uInt)sourceLen;
-    /* Check for source > 64K on 16-bit machine: */
-    if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;
-
-    stream.next_out = dest;
-    stream.avail_out = (uInt)*destLen;
-    if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
-
-    stream.zalloc = (alloc_func)0;
-    stream.zfree = (free_func)0;
-
-    err = inflateInit_(&stream,
-	    ZLIB_VERSION, sizeof(z_stream));
-    if (err != Z_OK) return err;
-
-    err = inflate(&stream, Z_FINISH);
-    if (err != Z_STREAM_END) {
-        inflateEnd(&stream);
-        return err;
-    }
-    *destLen = stream.total_out;
-
-    err = inflateEnd(&stream);
-    return err;
-}
-#endif
-
-#endif
-
-COMP_METHOD *COMP_zlib(void)
-	{
-	COMP_METHOD *meth = &zlib_method_nozlib;
-
-#ifdef ZLIB_SHARED
-	if (!zlib_loaded)
-		{
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-		zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
-#else
-		zlib_dso = DSO_load(NULL, "z", NULL, 0);
-#endif
-		if (zlib_dso != NULL)
-			{
-			p_compress
-				= (compress_ft) DSO_bind_func(zlib_dso,
-					"compress");
-			p_inflateEnd
-				= (inflateEnd_ft) DSO_bind_func(zlib_dso,
-					"inflateEnd");
-			p_inflate
-				= (inflate_ft) DSO_bind_func(zlib_dso,
-					"inflate");
-			p_inflateInit_
-				= (inflateInit__ft) DSO_bind_func(zlib_dso,
-					"inflateInit_");
-			p_deflateEnd
-				= (deflateEnd_ft) DSO_bind_func(zlib_dso,
-					"deflateEnd");
-			p_deflate
-				= (deflate_ft) DSO_bind_func(zlib_dso,
-					"deflate");
-			p_deflateInit_
-				= (deflateInit__ft) DSO_bind_func(zlib_dso,
-					"deflateInit_");
-			p_zError
-				= (zError__ft) DSO_bind_func(zlib_dso,
-					"zError");
-
-			if (p_compress && p_inflateEnd && p_inflate
-				&& p_inflateInit_ && p_deflateEnd
-				&& p_deflate && p_deflateInit_ && p_zError)
-				zlib_loaded++;
-			}
-		}
-
-#endif
-#ifdef ZLIB_SHARED
-	if (zlib_loaded)
-#endif
-#if defined(ZLIB) || defined(ZLIB_SHARED)
-		{
-		/* init zlib_stateful_ex_idx here so that in a multi-process
-		 * application it's enough to intialize openssl before forking
-		 * (idx will be inherited in all the children) */
-		if (zlib_stateful_ex_idx == -1)
-			{
-			CRYPTO_w_lock(CRYPTO_LOCK_COMP);
-			if (zlib_stateful_ex_idx == -1)
-				zlib_stateful_ex_idx =
-					CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
-						0,NULL,NULL,NULL,NULL);
-			CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
-			if (zlib_stateful_ex_idx == -1)
-				goto err;
-			}
-		
-		meth = &zlib_stateful_method;
-		}
-err:	
-#endif
-
-	return(meth);
-	}
-
-void COMP_zlib_cleanup(void)
-	{
-#ifdef ZLIB_SHARED
-	if (zlib_dso)
-		DSO_free(zlib_dso);
-#endif
-	}
-
-#ifdef ZLIB
-
-/* Zlib based compression/decompression filter BIO */
-
-typedef struct
-	{
-	unsigned char *ibuf;	/* Input buffer */
-	int ibufsize;		/* Buffer size */
-	z_stream zin;		/* Input decompress context */
-	unsigned char *obuf;	/* Output buffer */
-	int obufsize;		/* Output buffer size */
-	unsigned char *optr;	/* Position in output buffer */
-	int ocount;		/* Amount of data in output buffer */
-	int odone;		/* deflate EOF */
-	int comp_level;		/* Compression level to use */
-	z_stream zout;		/* Output compression context */
-	} BIO_ZLIB_CTX;
-
-#define ZLIB_DEFAULT_BUFSIZE 1024
-
-static int bio_zlib_new(BIO *bi);
-static int bio_zlib_free(BIO *bi);
-static int bio_zlib_read(BIO *b, char *out, int outl);
-static int bio_zlib_write(BIO *b, const char *in, int inl);
-static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr);
-static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp);
-
-static BIO_METHOD bio_meth_zlib = 
-	{
-	BIO_TYPE_COMP,
-	"zlib",
-	bio_zlib_write,
-	bio_zlib_read,
-	NULL,
-	NULL,
-	bio_zlib_ctrl,
-	bio_zlib_new,
-	bio_zlib_free,
-	bio_zlib_callback_ctrl
-	};
-
-BIO_METHOD *BIO_f_zlib(void)
-	{
-	return &bio_meth_zlib;
-	}
-
-
-static int bio_zlib_new(BIO *bi)
-	{
-	BIO_ZLIB_CTX *ctx;
-#ifdef ZLIB_SHARED
-	(void)COMP_zlib();
-	if (!zlib_loaded)
-		{
-		COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED);
-		return 0;
-		}
-#endif
-	ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX));
-	if(!ctx)
-		{
-		COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	ctx->ibuf = NULL;
-	ctx->obuf = NULL;
-	ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
-	ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
-	ctx->zin.zalloc = Z_NULL;
-	ctx->zin.zfree = Z_NULL;
-	ctx->zin.next_in = NULL;
-	ctx->zin.avail_in = 0;
-	ctx->zin.next_out = NULL;
-	ctx->zin.avail_out = 0;
-	ctx->zout.zalloc = Z_NULL;
-	ctx->zout.zfree = Z_NULL;
-	ctx->zout.next_in = NULL;
-	ctx->zout.avail_in = 0;
-	ctx->zout.next_out = NULL;
-	ctx->zout.avail_out = 0;
-	ctx->odone = 0;
-	ctx->comp_level = Z_DEFAULT_COMPRESSION;
-	bi->init = 1;
-	bi->ptr = (char *)ctx;
-	bi->flags = 0;
-	return 1;
-	}
-
-static int bio_zlib_free(BIO *bi)
-	{
-	BIO_ZLIB_CTX *ctx;
-	if(!bi) return 0;
-	ctx = (BIO_ZLIB_CTX *)bi->ptr;
-	if(ctx->ibuf)
-		{
-		/* Destroy decompress context */
-		inflateEnd(&ctx->zin);
-		OPENSSL_free(ctx->ibuf);
-		}
-	if(ctx->obuf)
-		{
-		/* Destroy compress context */
-		deflateEnd(&ctx->zout);
-		OPENSSL_free(ctx->obuf);
-		}
-	OPENSSL_free(ctx);
-	bi->ptr = NULL;
-	bi->init = 0;
-	bi->flags = 0;
-	return 1;
-	}
-
-static int bio_zlib_read(BIO *b, char *out, int outl)
-	{
-	BIO_ZLIB_CTX *ctx;
-	int ret;
-	z_stream *zin;
-	if(!out || !outl) return 0;
-	ctx = (BIO_ZLIB_CTX *)b->ptr;
-	zin = &ctx->zin;
-	BIO_clear_retry_flags(b);
-	if(!ctx->ibuf)
-		{
-		ctx->ibuf = OPENSSL_malloc(ctx->ibufsize);
-		if(!ctx->ibuf)
-			{
-			COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		inflateInit(zin);
-		zin->next_in = ctx->ibuf;
-		zin->avail_in = 0;
-		}
-
-	/* Copy output data directly to supplied buffer */
-	zin->next_out = (unsigned char *)out;
-	zin->avail_out = (unsigned int)outl;
-	for(;;)
-		{
-		/* Decompress while data available */
-		while(zin->avail_in)
-			{
-			ret = inflate(zin, 0);
-			if((ret != Z_OK) && (ret != Z_STREAM_END))
-				{
-				COMPerr(COMP_F_BIO_ZLIB_READ,
-						COMP_R_ZLIB_INFLATE_ERROR);
-				ERR_add_error_data(2, "zlib error:",
-							zError(ret));
-				return 0;
-				}
-			/* If EOF or we've read everything then return */
-			if((ret == Z_STREAM_END) || !zin->avail_out)
-				return outl - zin->avail_out;
-			}
-
-		/* No data in input buffer try to read some in,
-		 * if an error then return the total data read.
-		 */
-		ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize);
-		if(ret <= 0)
-			{
-			/* Total data read */
-			int tot = outl - zin->avail_out;
-			BIO_copy_next_retry(b);
-			if(ret < 0) return (tot > 0) ? tot : ret;
-			return tot;
-			}
-		zin->avail_in = ret;
-		zin->next_in = ctx->ibuf;
-		}
-	}
-
-static int bio_zlib_write(BIO *b, const char *in, int inl)
-	{
-	BIO_ZLIB_CTX *ctx;
-	int ret;
-	z_stream *zout;
-	if(!in || !inl) return 0;
-	ctx = (BIO_ZLIB_CTX *)b->ptr;
-	if(ctx->odone) return 0;
-	zout = &ctx->zout;
-	BIO_clear_retry_flags(b);
-	if(!ctx->obuf)
-		{
-		ctx->obuf = OPENSSL_malloc(ctx->obufsize);
-		/* Need error here */
-		if(!ctx->obuf)
-			{
-			COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		ctx->optr = ctx->obuf;
-		ctx->ocount = 0;
-		deflateInit(zout, ctx->comp_level);
-		zout->next_out = ctx->obuf;
-		zout->avail_out = ctx->obufsize;
-		}
-	/* Obtain input data directly from supplied buffer */
-	zout->next_in = (void *)in;
-	zout->avail_in = inl;
-	for(;;)
-		{
-		/* If data in output buffer write it first */
-		while(ctx->ocount) {
-			ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
-			if(ret <= 0)
-				{
-				/* Total data written */
-				int tot = inl - zout->avail_in;
-				BIO_copy_next_retry(b);
-				if(ret < 0) return (tot > 0) ? tot : ret;
-				return tot;
-				}
-			ctx->optr += ret;
-			ctx->ocount -= ret;
-		}
-
-		/* Have we consumed all supplied data? */
-		if(!zout->avail_in)
-			return inl;
-
-		/* Compress some more */
-
-		/* Reset buffer */
-		ctx->optr = ctx->obuf;
-		zout->next_out = ctx->obuf;
-		zout->avail_out = ctx->obufsize;
-		/* Compress some more */
-		ret = deflate(zout, 0);
-		if(ret != Z_OK)
-			{
-			COMPerr(COMP_F_BIO_ZLIB_WRITE,
-						COMP_R_ZLIB_DEFLATE_ERROR);
-			ERR_add_error_data(2, "zlib error:", zError(ret));
-			return 0;
-			}
-		ctx->ocount = ctx->obufsize - zout->avail_out;
-		}
-	}
-
-static int bio_zlib_flush(BIO *b)
-	{
-	BIO_ZLIB_CTX *ctx;
-	int ret;
-	z_stream *zout;
-	ctx = (BIO_ZLIB_CTX *)b->ptr;
-	/* If no data written or already flush show success */
-	if(!ctx->obuf || (ctx->odone && !ctx->ocount)) return 1;
-	zout = &ctx->zout;
-	BIO_clear_retry_flags(b);
-	/* No more input data */
-	zout->next_in = NULL;
-	zout->avail_in = 0;
-	for(;;)
-		{
-		/* If data in output buffer write it first */
-		while(ctx->ocount)
-			{
-			ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
-			if(ret <= 0)
-				{
-				BIO_copy_next_retry(b);
-				return ret;
-				}
-			ctx->optr += ret;
-			ctx->ocount -= ret;
-			}
-		if(ctx->odone) return 1;
-
-		/* Compress some more */
-
-		/* Reset buffer */
-		ctx->optr = ctx->obuf;
-		zout->next_out = ctx->obuf;
-		zout->avail_out = ctx->obufsize;
-		/* Compress some more */
-		ret = deflate(zout, Z_FINISH);
-		if(ret == Z_STREAM_END) ctx->odone = 1;
-		else if(ret != Z_OK)
-			{
-			COMPerr(COMP_F_BIO_ZLIB_FLUSH,
-						COMP_R_ZLIB_DEFLATE_ERROR);
-			ERR_add_error_data(2, "zlib error:", zError(ret));
-			return 0;
-			}
-		ctx->ocount = ctx->obufsize - zout->avail_out;
-		}
-	}
-
-static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	BIO_ZLIB_CTX *ctx;
-	int ret, *ip;
-	int ibs, obs;
-	if(!b->next_bio) return 0;
-	ctx = (BIO_ZLIB_CTX *)b->ptr;
-	switch (cmd)
-		{
-
-	case BIO_CTRL_RESET:
-		ctx->ocount = 0;
-		ctx->odone = 0;
-		ret = 1;
-		break;
-
-	case BIO_CTRL_FLUSH:
-		ret = bio_zlib_flush(b);
-		if (ret > 0)
-			ret = BIO_flush(b->next_bio);
-		break;
-
-	case BIO_C_SET_BUFF_SIZE:
-		ibs = -1;
-		obs = -1;
-		if (ptr != NULL)
-			{
-			ip = ptr;
-			if (*ip == 0)
-				ibs = (int) num;
-			else 
-				obs = (int) num;
-			}
-		else
-			{
-			ibs = (int)num;
-			obs = ibs;
-			}
-
-		if (ibs != -1)
-			{
-			if (ctx->ibuf)
-				{
-				OPENSSL_free(ctx->ibuf);
-				ctx->ibuf = NULL;
-				}
-			ctx->ibufsize = ibs;
-			}
-
-		if (obs != -1)
-			{
-			if (ctx->obuf)
-				{
-				OPENSSL_free(ctx->obuf);
-				ctx->obuf = NULL;
-				}
-			ctx->obufsize = obs;
-			}
-		ret = 1;
-		break;
-
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-		BIO_copy_next_retry(b);
-		break;
-
-	default:
-		ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-		break;
-
-		}
-
-	return ret;
-	}
-
-
-static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	if(!b->next_bio)
-		return 0;
-	return
-		BIO_callback_ctrl(b->next_bio, cmd, fp);
-	}
-
-#endif
diff --git a/crypto/comp/comp.h b/crypto/comp/comp.h
deleted file mode 100644
index 4b405c7d49..0000000000
--- a/crypto/comp/comp.h
+++ /dev/null
@@ -1,80 +0,0 @@
-
-#ifndef HEADER_COMP_H
-#define HEADER_COMP_H
-
-#include <openssl/crypto.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct comp_ctx_st COMP_CTX;
-
-typedef struct comp_method_st
-	{
-	int type;		/* NID for compression library */
-	const char *name;	/* A text string to identify the library */
-	int (*init)(COMP_CTX *ctx);
-	void (*finish)(COMP_CTX *ctx);
-	int (*compress)(COMP_CTX *ctx,
-			unsigned char *out, unsigned int olen,
-			unsigned char *in, unsigned int ilen);
-	int (*expand)(COMP_CTX *ctx,
-		      unsigned char *out, unsigned int olen,
-		      unsigned char *in, unsigned int ilen);
-	/* The following two do NOTHING, but are kept for backward compatibility */
-	long (*ctrl)(void);
-	long (*callback_ctrl)(void);
-	} COMP_METHOD;
-
-struct comp_ctx_st
-	{
-	COMP_METHOD *meth;
-	unsigned long compress_in;
-	unsigned long compress_out;
-	unsigned long expand_in;
-	unsigned long expand_out;
-
-	CRYPTO_EX_DATA	ex_data;
-	};
-
-
-COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
-void COMP_CTX_free(COMP_CTX *ctx);
-int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
-	unsigned char *in, int ilen);
-int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
-	unsigned char *in, int ilen);
-COMP_METHOD *COMP_rle(void );
-COMP_METHOD *COMP_zlib(void );
-void COMP_zlib_cleanup(void);
-
-#ifdef HEADER_BIO_H
-#ifdef ZLIB
-BIO_METHOD *BIO_f_zlib(void);
-#endif
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_COMP_strings(void);
-
-/* Error codes for the COMP functions. */
-
-/* Function codes. */
-#define COMP_F_BIO_ZLIB_FLUSH				 99
-#define COMP_F_BIO_ZLIB_NEW				 100
-#define COMP_F_BIO_ZLIB_READ				 101
-#define COMP_F_BIO_ZLIB_WRITE				 102
-
-/* Reason codes. */
-#define COMP_R_ZLIB_DEFLATE_ERROR			 99
-#define COMP_R_ZLIB_INFLATE_ERROR			 100
-#define COMP_R_ZLIB_NOT_SUPPORTED			 101
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c
deleted file mode 100644
index 661c94c3a4..0000000000
--- a/crypto/comp/comp_err.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/* crypto/comp/comp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/comp.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)
-
-static ERR_STRING_DATA COMP_str_functs[]=
-	{
-{ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH),	"BIO_ZLIB_FLUSH"},
-{ERR_FUNC(COMP_F_BIO_ZLIB_NEW),	"BIO_ZLIB_NEW"},
-{ERR_FUNC(COMP_F_BIO_ZLIB_READ),	"BIO_ZLIB_READ"},
-{ERR_FUNC(COMP_F_BIO_ZLIB_WRITE),	"BIO_ZLIB_WRITE"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA COMP_str_reasons[]=
-	{
-{ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR)   ,"zlib deflate error"},
-{ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR)   ,"zlib inflate error"},
-{ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED)   ,"zlib not supported"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_COMP_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(COMP_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,COMP_str_functs);
-		ERR_load_strings(0,COMP_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c
deleted file mode 100644
index b60ae371e8..0000000000
--- a/crypto/comp/comp_lib.c
+++ /dev/null
@@ -1,72 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-
-COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
-	{
-	COMP_CTX *ret;
-
-	if ((ret=(COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL)
-		{
-		/* ZZZZZZZZZZZZZZZZ */
-		return(NULL);
-		}
-	memset(ret,0,sizeof(COMP_CTX));
-	ret->meth=meth;
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-		{
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
-
-void COMP_CTX_free(COMP_CTX *ctx)
-	{
-	if(ctx == NULL)
-	    return;
-
-	if (ctx->meth->finish != NULL)
-		ctx->meth->finish(ctx);
-
-	OPENSSL_free(ctx);
-	}
-
-int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
-	     unsigned char *in, int ilen)
-	{
-	int ret;
-	if (ctx->meth->compress == NULL)
-		{
-		/* ZZZZZZZZZZZZZZZZZ */
-		return(-1);
-		}
-	ret=ctx->meth->compress(ctx,out,olen,in,ilen);
-	if (ret > 0)
-		{
-		ctx->compress_in+=ilen;
-		ctx->compress_out+=ret;
-		}
-	return(ret);
-	}
-
-int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
-	     unsigned char *in, int ilen)
-	{
-	int ret;
-
-	if (ctx->meth->expand == NULL)
-		{
-		/* ZZZZZZZZZZZZZZZZZ */
-		return(-1);
-		}
-	ret=ctx->meth->expand(ctx,out,olen,in,ilen);
-	if (ret > 0)
-		{
-		ctx->expand_in+=ilen;
-		ctx->expand_out+=ret;
-		}
-	return(ret);
-	}
diff --git a/crypto/conf/README b/crypto/conf/README
deleted file mode 100644
index 96e53b34ed..0000000000
--- a/crypto/conf/README
+++ /dev/null
@@ -1,73 +0,0 @@
-Configuration modules. These are a set of modules which can perform
-various configuration functions.
-
-Currently the routines should be called at most once when an application
-starts up: that is before it starts any threads.
-
-The routines read a configuration file set up like this:
-
------
-#default section
-openssl_conf=init_section
-
-[init_section]
-
-module1=value1
-#Second instance of module1
-module1.1=valueX
-module2=value2
-module3=dso_literal
-module4=dso_section
-
-[dso_section]
-
-path=/some/path/to/some/dso.so
-other_stuff=other_value
-----
-
-When this file is loaded a configuration module with the specified string
-(module* in the above example) is looked up and its init function called as:
-
-int conf_init_func(CONF_IMODULE *md, CONF *cnf);
-
-The function can then take whatever action is appropriate, for example further
-lookups based on the value. Multiple instances of the same config module can be
-loaded.
-
-When the application closes down the modules are cleaned up by calling an
-optional finish function:
-
-void conf_finish_func(CONF_IMODULE *md);
-
-The finish functions are called in reverse order: that is the last module
-loaded is the first one cleaned up.
-
-If no module exists with a given name then an attempt is made to load a DSO
-with the supplied name. This might mean that "module3" attempts to load a DSO
-called libmodule3.so or module3.dll for example. An explicit DSO name can be
-given by including a separate section as in the module4 example above.
-
-The DSO is expected to at least contain an initialization function:
-
-int OPENSSL_init(CONF_IMODULE *md, CONF *cnf);
-
-and may also include a finish function:
-
-void OPENSSL_finish(CONF_IMODULE *md);
-
-Static modules can also be added using,
-
-int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func
-*ffunc);
-
-where "name" is the name in the configuration file this function corresponds
-to.
-
-A set of builtin modules (currently only an ASN1 non functional test module)
-can be added by calling OPENSSL_load_builtin_modules(). 
-
-The function OPENSSL_config() is intended as a simple configuration function
-that any application can call to perform various default configuration tasks.
-It uses the file openssl.cnf in the usual locations.
-
-
diff --git a/crypto/conf/cnf_save.c b/crypto/conf/cnf_save.c
deleted file mode 100644
index 1439487526..0000000000
--- a/crypto/conf/cnf_save.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/conf/cnf_save.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/conf.h>
-
-static void print_conf(CONF_VALUE *cv);
-static IMPLEMENT_LHASH_DOALL_FN(print_conf, CONF_VALUE *);
-
-main()
-	{
-	LHASH *conf;
-	long l;
-
-	conf=CONF_load(NULL,"../../apps/openssl.cnf",&l);
-	if (conf == NULL)
-		{
-		fprintf(stderr,"error loading config, line %ld\n",l);
-		exit(1);
-		}
-
-	lh_doall(conf,LHASH_DOALL_FN(print_conf));
-	}
-
-
-static void print_conf(CONF_VALUE *cv)
-	{
-	int i;
-	CONF_VALUE *v;
-	char *section;
-	char *name;
-	char *value;
-	STACK *s;
-
-	/* If it is a single entry, return */
-
-	if (cv->name != NULL) return;
-
-	printf("[ %s ]\n",cv->section);
-	s=(STACK *)cv->value;
-
-	for (i=0; i<sk_num(s); i++)
-		{
-		v=(CONF_VALUE *)sk_value(s,i);
-		section=(v->section == NULL)?"None":v->section;
-		name=(v->name == NULL)?"None":v->name;
-		value=(v->value == NULL)?"None":v->value;
-		printf("%s=%s\n",name,value);
-		}
-	printf("\n");
-	}
diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
deleted file mode 100644
index c2199978a3..0000000000
--- a/crypto/conf/conf.h
+++ /dev/null
@@ -1,263 +0,0 @@
-/* crypto/conf/conf.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef  HEADER_CONF_H
-#define HEADER_CONF_H
-
-#include <openssl/bio.h>
-#include <openssl/lhash.h>
-#include <openssl/stack.h>
-#include <openssl/safestack.h>
-#include <openssl/e_os2.h>
-
-#include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct
-	{
-	char *section;
-	char *name;
-	char *value;
-	} CONF_VALUE;
-
-DECLARE_STACK_OF(CONF_VALUE)
-DECLARE_LHASH_OF(CONF_VALUE);
-
-struct conf_st;
-struct conf_method_st;
-typedef struct conf_method_st CONF_METHOD;
-
-struct conf_method_st
-	{
-	const char *name;
-	CONF *(*create)(CONF_METHOD *meth);
-	int (*init)(CONF *conf);
-	int (*destroy)(CONF *conf);
-	int (*destroy_data)(CONF *conf);
-	int (*load_bio)(CONF *conf, BIO *bp, long *eline);
-	int (*dump)(const CONF *conf, BIO *bp);
-	int (*is_number)(const CONF *conf, char c);
-	int (*to_int)(const CONF *conf, char c);
-	int (*load)(CONF *conf, const char *name, long *eline);
-	};
-
-/* Module definitions */
-
-typedef struct conf_imodule_st CONF_IMODULE;
-typedef struct conf_module_st CONF_MODULE;
-
-DECLARE_STACK_OF(CONF_MODULE)
-DECLARE_STACK_OF(CONF_IMODULE)
-
-/* DSO module function typedefs */
-typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf);
-typedef void conf_finish_func(CONF_IMODULE *md);
-
-#define	CONF_MFLAGS_IGNORE_ERRORS	0x1
-#define CONF_MFLAGS_IGNORE_RETURN_CODES	0x2
-#define CONF_MFLAGS_SILENT		0x4
-#define CONF_MFLAGS_NO_DSO		0x8
-#define CONF_MFLAGS_IGNORE_MISSING_FILE	0x10
-#define CONF_MFLAGS_DEFAULT_SECTION	0x20
-
-int CONF_set_default_method(CONF_METHOD *meth);
-void CONF_set_nconf(CONF *conf,LHASH_OF(CONF_VALUE) *hash);
-LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf,const char *file,
-				long *eline);
-#ifndef OPENSSL_NO_FP_API
-LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
-				   long *eline);
-#endif
-LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,long *eline);
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
-				       const char *section);
-char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf,const char *group,
-		      const char *name);
-long CONF_get_number(LHASH_OF(CONF_VALUE) *conf,const char *group,
-		     const char *name);
-void CONF_free(LHASH_OF(CONF_VALUE) *conf);
-int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
-int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
-
-void OPENSSL_config(const char *config_name);
-void OPENSSL_no_config(void);
-
-/* New conf code.  The semantics are different from the functions above.
-   If that wasn't the case, the above functions would have been replaced */
-
-struct conf_st
-	{
-	CONF_METHOD *meth;
-	void *meth_data;
-	LHASH_OF(CONF_VALUE) *data;
-	};
-
-CONF *NCONF_new(CONF_METHOD *meth);
-CONF_METHOD *NCONF_default(void);
-CONF_METHOD *NCONF_WIN32(void);
-#if 0 /* Just to give you an idea of what I have in mind */
-CONF_METHOD *NCONF_XML(void);
-#endif
-void NCONF_free(CONF *conf);
-void NCONF_free_data(CONF *conf);
-
-int NCONF_load(CONF *conf,const char *file,long *eline);
-#ifndef OPENSSL_NO_FP_API
-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline);
-#endif
-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline);
-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section);
-char *NCONF_get_string(const CONF *conf,const char *group,const char *name);
-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
-		       long *result);
-int NCONF_dump_fp(const CONF *conf, FILE *out);
-int NCONF_dump_bio(const CONF *conf, BIO *out);
-
-#if 0 /* The following function has no error checking,
-	 and should therefore be avoided */
-long NCONF_get_number(CONF *conf,char *group,char *name);
-#else
-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
-#endif
-  
-/* Module functions */
-
-int CONF_modules_load(const CONF *cnf, const char *appname,
-		      unsigned long flags);
-int CONF_modules_load_file(const char *filename, const char *appname,
-			   unsigned long flags);
-void CONF_modules_unload(int all);
-void CONF_modules_finish(void);
-void CONF_modules_free(void);
-int CONF_module_add(const char *name, conf_init_func *ifunc,
-		    conf_finish_func *ffunc);
-
-const char *CONF_imodule_get_name(const CONF_IMODULE *md);
-const char *CONF_imodule_get_value(const CONF_IMODULE *md);
-void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
-void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
-CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
-unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
-void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
-void *CONF_module_get_usr_data(CONF_MODULE *pmod);
-void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
-
-char *CONF_get1_default_config_file(void);
-
-int CONF_parse_list(const char *list, int sep, int nospc,
-	int (*list_cb)(const char *elem, int len, void *usr), void *arg);
-
-void OPENSSL_load_builtin_modules(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CONF_strings(void);
-
-/* Error codes for the CONF functions. */
-
-/* Function codes. */
-#define CONF_F_CONF_DUMP_FP				 104
-#define CONF_F_CONF_LOAD				 100
-#define CONF_F_CONF_LOAD_BIO				 102
-#define CONF_F_CONF_LOAD_FP				 103
-#define CONF_F_CONF_MODULES_LOAD			 116
-#define CONF_F_CONF_PARSE_LIST				 119
-#define CONF_F_DEF_LOAD					 120
-#define CONF_F_DEF_LOAD_BIO				 121
-#define CONF_F_MODULE_INIT				 115
-#define CONF_F_MODULE_LOAD_DSO				 117
-#define CONF_F_MODULE_RUN				 118
-#define CONF_F_NCONF_DUMP_BIO				 105
-#define CONF_F_NCONF_DUMP_FP				 106
-#define CONF_F_NCONF_GET_NUMBER				 107
-#define CONF_F_NCONF_GET_NUMBER_E			 112
-#define CONF_F_NCONF_GET_SECTION			 108
-#define CONF_F_NCONF_GET_STRING				 109
-#define CONF_F_NCONF_LOAD				 113
-#define CONF_F_NCONF_LOAD_BIO				 110
-#define CONF_F_NCONF_LOAD_FP				 114
-#define CONF_F_NCONF_NEW				 111
-#define CONF_F_STR_COPY					 101
-
-/* Reason codes. */
-#define CONF_R_ERROR_LOADING_DSO			 110
-#define CONF_R_LIST_CANNOT_BE_NULL			 115
-#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET		 100
-#define CONF_R_MISSING_EQUAL_SIGN			 101
-#define CONF_R_MISSING_FINISH_FUNCTION			 111
-#define CONF_R_MISSING_INIT_FUNCTION			 112
-#define CONF_R_MODULE_INITIALIZATION_ERROR		 109
-#define CONF_R_NO_CLOSE_BRACE				 102
-#define CONF_R_NO_CONF					 105
-#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE		 106
-#define CONF_R_NO_SECTION				 107
-#define CONF_R_NO_SUCH_FILE				 114
-#define CONF_R_NO_VALUE					 108
-#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
-#define CONF_R_UNKNOWN_MODULE_NAME			 113
-#define CONF_R_VARIABLE_HAS_NO_VALUE			 104
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
deleted file mode 100644
index f5fcbb9f6b..0000000000
--- a/crypto/conf/conf_api.c
+++ /dev/null
@@ -1,301 +0,0 @@
-/* conf_api.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Part of the code in here was originally in conf.c, which is now removed */
-
-#ifndef CONF_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/conf.h>
-#include <openssl/conf_api.h>
-#include "e_os.h"
-
-static void value_free_hash_doall_arg(CONF_VALUE *a,
-				      LHASH_OF(CONF_VALUE) *conf);
-static void value_free_stack_doall(CONF_VALUE *a);
-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE,
-				    LHASH_OF(CONF_VALUE))
-static IMPLEMENT_LHASH_DOALL_FN(value_free_stack, CONF_VALUE)
-
-/* Up until OpenSSL 0.9.5a, this was get_section */
-CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
-	{
-	CONF_VALUE *v,vv;
-
-	if ((conf == NULL) || (section == NULL)) return(NULL);
-	vv.name=NULL;
-	vv.section=(char *)section;
-	v=lh_CONF_VALUE_retrieve(conf->data,&vv);
-	return(v);
-	}
-
-/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
-STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
-					       const char *section)
-	{
-	CONF_VALUE *v;
-
-	v=_CONF_get_section(conf,section);
-	if (v != NULL)
-		return((STACK_OF(CONF_VALUE) *)v->value);
-	else
-		return(NULL);
-	}
-
-int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
-	{
-	CONF_VALUE *v = NULL;
-	STACK_OF(CONF_VALUE) *ts;
-
-	ts = (STACK_OF(CONF_VALUE) *)section->value;
-
-	value->section=section->section;	
-	if (!sk_CONF_VALUE_push(ts,value))
-		{
-		return 0;
-		}
-
-	v = lh_CONF_VALUE_insert(conf->data, value);
-	if (v != NULL)
-		{
-		(void)sk_CONF_VALUE_delete_ptr(ts,v);
-		OPENSSL_free(v->name);
-		OPENSSL_free(v->value);
-		OPENSSL_free(v);
-		}
-	return 1;
-	}
-
-char *_CONF_get_string(const CONF *conf, const char *section, const char *name)
-	{
-	CONF_VALUE *v,vv;
-	char *p;
-
-	if (name == NULL) return(NULL);
-	if (conf != NULL)
-		{
-		if (section != NULL)
-			{
-			vv.name=(char *)name;
-			vv.section=(char *)section;
-			v=lh_CONF_VALUE_retrieve(conf->data,&vv);
-			if (v != NULL) return(v->value);
-			if (strcmp(section,"ENV") == 0)
-				{
-				p=getenv(name);
-				if (p != NULL) return(p);
-				}
-			}
-		vv.section="default";
-		vv.name=(char *)name;
-		v=lh_CONF_VALUE_retrieve(conf->data,&vv);
-		if (v != NULL)
-			return(v->value);
-		else
-			return(NULL);
-		}
-	else
-		return(getenv(name));
-	}
-
-#if 0 /* There's no way to provide error checking with this function, so
-	 force implementors of the higher levels to get a string and read
-	 the number themselves. */
-long _CONF_get_number(CONF *conf, char *section, char *name)
-	{
-	char *str;
-	long ret=0;
-
-	str=_CONF_get_string(conf,section,name);
-	if (str == NULL) return(0);
-	for (;;)
-		{
-		if (conf->meth->is_number(conf, *str))
-			ret=ret*10+conf->meth->to_int(conf, *str);
-		else
-			return(ret);
-		str++;
-		}
-	}
-#endif
-
-static unsigned long conf_value_hash(const CONF_VALUE *v)
-	{
-	return (lh_strhash(v->section)<<2)^lh_strhash(v->name);
-	}
-static IMPLEMENT_LHASH_HASH_FN(conf_value, CONF_VALUE)
-
-static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
-	{
-	int i;
-
-	if (a->section != b->section)
-		{
-		i=strcmp(a->section,b->section);
-		if (i) return(i);
-		}
-
-	if ((a->name != NULL) && (b->name != NULL))
-		{
-		i=strcmp(a->name,b->name);
-		return(i);
-		}
-	else if (a->name == b->name)
-		return(0);
-	else
-		return((a->name == NULL)?-1:1);
-	}
-static IMPLEMENT_LHASH_COMP_FN(conf_value, CONF_VALUE)
-
-int _CONF_new_data(CONF *conf)
-	{
-	if (conf == NULL)
-		{
-		return 0;
-		}
-	if (conf->data == NULL)
-		if ((conf->data = lh_CONF_VALUE_new()) == NULL)
-			{
-			return 0;
-			}
-	return 1;
-	}
-
-void _CONF_free_data(CONF *conf)
-	{
-	if (conf == NULL || conf->data == NULL) return;
-
-	lh_CONF_VALUE_down_load(conf->data)=0; /* evil thing to make
-				  * sure the 'OPENSSL_free()' works as
-				  * expected */
-	lh_CONF_VALUE_doall_arg(conf->data,
-				LHASH_DOALL_ARG_FN(value_free_hash),
-				LHASH_OF(CONF_VALUE), conf->data);
-
-	/* We now have only 'section' entries in the hash table.
-	 * Due to problems with */
-
-	lh_CONF_VALUE_doall(conf->data, LHASH_DOALL_FN(value_free_stack));
-	lh_CONF_VALUE_free(conf->data);
-	}
-
-static void value_free_hash_doall_arg(CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf)
-	{
-	if (a->name != NULL)
-		(void)lh_CONF_VALUE_delete(conf,a);
-	}
-
-static void value_free_stack_doall(CONF_VALUE *a)
-	{
-	CONF_VALUE *vv;
-	STACK_OF(CONF_VALUE) *sk;
-	int i;
-
-	if (a->name != NULL) return;
-
-	sk=(STACK_OF(CONF_VALUE) *)a->value;
-	for (i=sk_CONF_VALUE_num(sk)-1; i>=0; i--)
-		{
-		vv=sk_CONF_VALUE_value(sk,i);
-		OPENSSL_free(vv->value);
-		OPENSSL_free(vv->name);
-		OPENSSL_free(vv);
-		}
-	if (sk != NULL) sk_CONF_VALUE_free(sk);
-	OPENSSL_free(a->section);
-	OPENSSL_free(a);
-	}
-
-/* Up until OpenSSL 0.9.5a, this was new_section */
-CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
-	{
-	STACK_OF(CONF_VALUE) *sk=NULL;
-	int ok=0,i;
-	CONF_VALUE *v=NULL,*vv;
-
-	if ((sk=sk_CONF_VALUE_new_null()) == NULL)
-		goto err;
-	if ((v=OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
-		goto err;
-	i=strlen(section)+1;
-	if ((v->section=OPENSSL_malloc(i)) == NULL)
-		goto err;
-
-	memcpy(v->section,section,i);
-	v->name=NULL;
-	v->value=(char *)sk;
-	
-	vv=lh_CONF_VALUE_insert(conf->data,v);
-	OPENSSL_assert(vv == NULL);
-	ok=1;
-err:
-	if (!ok)
-		{
-		if (sk != NULL) sk_CONF_VALUE_free(sk);
-		if (v != NULL) OPENSSL_free(v);
-		v=NULL;
-		}
-	return(v);
-	}
-
-IMPLEMENT_STACK_OF(CONF_VALUE)
diff --git a/crypto/conf/conf_api.h b/crypto/conf/conf_api.h
deleted file mode 100644
index 87a954aff6..0000000000
--- a/crypto/conf/conf_api.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/* conf_api.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef  HEADER_CONF_API_H
-#define HEADER_CONF_API_H
-
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Up until OpenSSL 0.9.5a, this was new_section */
-CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
-/* Up until OpenSSL 0.9.5a, this was get_section */
-CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
-/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
-STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
-					       const char *section);
-
-int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
-char *_CONF_get_string(const CONF *conf, const char *section,
-		       const char *name);
-long _CONF_get_number(const CONF *conf, const char *section, const char *name);
-
-int _CONF_new_data(CONF *conf);
-void _CONF_free_data(CONF *conf);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
deleted file mode 100644
index f0b2768739..0000000000
--- a/crypto/conf/conf_def.c
+++ /dev/null
@@ -1,740 +0,0 @@
-/* crypto/conf/conf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Part of the code in here was originally in conf.c, which is now removed */
-
-#include <stdio.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/stack.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-#include <openssl/conf_api.h>
-#include "conf_def.h"
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-static char *eat_ws(CONF *conf, char *p);
-static char *eat_alpha_numeric(CONF *conf, char *p);
-static void clear_comments(CONF *conf, char *p);
-static int str_copy(CONF *conf,char *section,char **to, char *from);
-static char *scan_quote(CONF *conf, char *p);
-static char *scan_dquote(CONF *conf, char *p);
-#define scan_esc(conf,p)	(((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
-
-static CONF *def_create(CONF_METHOD *meth);
-static int def_init_default(CONF *conf);
-static int def_init_WIN32(CONF *conf);
-static int def_destroy(CONF *conf);
-static int def_destroy_data(CONF *conf);
-static int def_load(CONF *conf, const char *name, long *eline);
-static int def_load_bio(CONF *conf, BIO *bp, long *eline);
-static int def_dump(const CONF *conf, BIO *bp);
-static int def_is_number(const CONF *conf, char c);
-static int def_to_int(const CONF *conf, char c);
-
-const char CONF_def_version[]="CONF_def" OPENSSL_VERSION_PTEXT;
-
-static CONF_METHOD default_method = {
-	"OpenSSL default",
-	def_create,
-	def_init_default,
-	def_destroy,
-	def_destroy_data,
-	def_load_bio,
-	def_dump,
-	def_is_number,
-	def_to_int,
-	def_load
-	};
-
-static CONF_METHOD WIN32_method = {
-	"WIN32",
-	def_create,
-	def_init_WIN32,
-	def_destroy,
-	def_destroy_data,
-	def_load_bio,
-	def_dump,
-	def_is_number,
-	def_to_int,
-	def_load
-	};
-
-CONF_METHOD *NCONF_default()
-	{
-	return &default_method;
-	}
-CONF_METHOD *NCONF_WIN32()
-	{
-	return &WIN32_method;
-	}
-
-static CONF *def_create(CONF_METHOD *meth)
-	{
-	CONF *ret;
-
-	ret = OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
-	if (ret)
-		if (meth->init(ret) == 0)
-			{
-			OPENSSL_free(ret);
-			ret = NULL;
-			}
-	return ret;
-	}
-	
-static int def_init_default(CONF *conf)
-	{
-	if (conf == NULL)
-		return 0;
-
-	conf->meth = &default_method;
-	conf->meth_data = CONF_type_default;
-	conf->data = NULL;
-
-	return 1;
-	}
-
-static int def_init_WIN32(CONF *conf)
-	{
-	if (conf == NULL)
-		return 0;
-
-	conf->meth = &WIN32_method;
-	conf->meth_data = (void *)CONF_type_win32;
-	conf->data = NULL;
-
-	return 1;
-	}
-
-static int def_destroy(CONF *conf)
-	{
-	if (def_destroy_data(conf))
-		{
-		OPENSSL_free(conf);
-		return 1;
-		}
-	return 0;
-	}
-
-static int def_destroy_data(CONF *conf)
-	{
-	if (conf == NULL)
-		return 0;
-	_CONF_free_data(conf);
-	return 1;
-	}
-
-static int def_load(CONF *conf, const char *name, long *line)
-	{
-	int ret;
-	BIO *in=NULL;
-
-#ifdef OPENSSL_SYS_VMS
-	in=BIO_new_file(name, "r");
-#else
-	in=BIO_new_file(name, "rb");
-#endif
-	if (in == NULL)
-		{
-		if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
-			CONFerr(CONF_F_DEF_LOAD,CONF_R_NO_SUCH_FILE);
-		else
-			CONFerr(CONF_F_DEF_LOAD,ERR_R_SYS_LIB);
-		return 0;
-		}
-
-	ret = def_load_bio(conf, in, line);
-	BIO_free(in);
-
-	return ret;
-	}
-
-static int def_load_bio(CONF *conf, BIO *in, long *line)
-	{
-/* The macro BUFSIZE conflicts with a system macro in VxWorks */
-#define CONFBUFSIZE	512
-	int bufnum=0,i,ii;
-	BUF_MEM *buff=NULL;
-	char *s,*p,*end;
-	int again;
-	long eline=0;
-	char btmp[DECIMAL_SIZE(eline)+1];
-	CONF_VALUE *v=NULL,*tv;
-	CONF_VALUE *sv=NULL;
-	char *section=NULL,*buf;
-	char *start,*psection,*pname;
-	void *h = (void *)(conf->data);
-
-	if ((buff=BUF_MEM_new()) == NULL)
-		{
-		CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);
-		goto err;
-		}
-
-	section=(char *)OPENSSL_malloc(10);
-	if (section == NULL)
-		{
-		CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	BUF_strlcpy(section,"default",10);
-
-	if (_CONF_new_data(conf) == 0)
-		{
-		CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	sv=_CONF_new_section(conf,section);
-	if (sv == NULL)
-		{
-		CONFerr(CONF_F_DEF_LOAD_BIO,
-					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-		goto err;
-		}
-
-	bufnum=0;
-	again=0;
-	for (;;)
-		{
-		if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE))
-			{
-			CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);
-			goto err;
-			}
-		p= &(buff->data[bufnum]);
-		*p='\0';
-		BIO_gets(in, p, CONFBUFSIZE-1);
-		p[CONFBUFSIZE-1]='\0';
-		ii=i=strlen(p);
-		if (i == 0 && !again) break;
-		again=0;
-		while (i > 0)
-			{
-			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
-				break;
-			else
-				i--;
-			}
-		/* we removed some trailing stuff so there is a new
-		 * line on the end. */
-		if (ii && i == ii)
-			again=1; /* long line */
-		else
-			{
-			p[i]='\0';
-			eline++; /* another input line */
-			}
-
-		/* we now have a line with trailing \r\n removed */
-
-		/* i is the number of bytes */
-		bufnum+=i;
-
-		v=NULL;
-		/* check for line continuation */
-		if (bufnum >= 1)
-			{
-			/* If we have bytes and the last char '\\' and
-			 * second last char is not '\\' */
-			p= &(buff->data[bufnum-1]);
-			if (IS_ESC(conf,p[0]) &&
-				((bufnum <= 1) || !IS_ESC(conf,p[-1])))
-				{
-				bufnum--;
-				again=1;
-				}
-			}
-		if (again) continue;
-		bufnum=0;
-		buf=buff->data;
-
-		clear_comments(conf, buf);
-		s=eat_ws(conf, buf);
-		if (IS_EOF(conf,*s)) continue; /* blank line */
-		if (*s == '[')
-			{
-			char *ss;
-
-			s++;
-			start=eat_ws(conf, s);
-			ss=start;
-again:
-			end=eat_alpha_numeric(conf, ss);
-			p=eat_ws(conf, end);
-			if (*p != ']')
-				{
-				if (*p != '\0' && ss != p)
-					{
-					ss=p;
-					goto again;
-					}
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-					CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
-				goto err;
-				}
-			*end='\0';
-			if (!str_copy(conf,NULL,&section,start)) goto err;
-			if ((sv=_CONF_get_section(conf,section)) == NULL)
-				sv=_CONF_new_section(conf,section);
-			if (sv == NULL)
-				{
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-				goto err;
-				}
-			continue;
-			}
-		else
-			{
-			pname=s;
-			psection=NULL;
-			end=eat_alpha_numeric(conf, s);
-			if ((end[0] == ':') && (end[1] == ':'))
-				{
-				*end='\0';
-				end+=2;
-				psection=pname;
-				pname=end;
-				end=eat_alpha_numeric(conf, end);
-				}
-			p=eat_ws(conf, end);
-			if (*p != '=')
-				{
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-						CONF_R_MISSING_EQUAL_SIGN);
-				goto err;
-				}
-			*end='\0';
-			p++;
-			start=eat_ws(conf, p);
-			while (!IS_EOF(conf,*p))
-				p++;
-			p--;
-			while ((p != start) && (IS_WS(conf,*p)))
-				p--;
-			p++;
-			*p='\0';
-
-			if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))
-				{
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-							ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			if (psection == NULL) psection=section;
-			v->name=(char *)OPENSSL_malloc(strlen(pname)+1);
-			v->value=NULL;
-			if (v->name == NULL)
-				{
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-							ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			BUF_strlcpy(v->name,pname,strlen(pname)+1);
-			if (!str_copy(conf,psection,&(v->value),start)) goto err;
-
-			if (strcmp(psection,section) != 0)
-				{
-				if ((tv=_CONF_get_section(conf,psection))
-					== NULL)
-					tv=_CONF_new_section(conf,psection);
-				if (tv == NULL)
-					{
-					CONFerr(CONF_F_DEF_LOAD_BIO,
-					   CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-					goto err;
-					}
-				}
-			else
-				tv=sv;
-#if 1
-			if (_CONF_add_string(conf, tv, v) == 0)
-				{
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-							ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-#else
-			v->section=tv->section;	
-			if (!sk_CONF_VALUE_push(ts,v))
-				{
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-							ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			vv=(CONF_VALUE *)lh_insert(conf->data,v);
-			if (vv != NULL)
-				{
-				sk_CONF_VALUE_delete_ptr(ts,vv);
-				OPENSSL_free(vv->name);
-				OPENSSL_free(vv->value);
-				OPENSSL_free(vv);
-				}
-#endif
-			v=NULL;
-			}
-		}
-	if (buff != NULL) BUF_MEM_free(buff);
-	if (section != NULL) OPENSSL_free(section);
-	return(1);
-err:
-	if (buff != NULL) BUF_MEM_free(buff);
-	if (section != NULL) OPENSSL_free(section);
-	if (line != NULL) *line=eline;
-	BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
-	ERR_add_error_data(2,"line ",btmp);
-	if ((h != conf->data) && (conf->data != NULL))
-		{
-		CONF_free(conf->data);
-		conf->data=NULL;
-		}
-	if (v != NULL)
-		{
-		if (v->name != NULL) OPENSSL_free(v->name);
-		if (v->value != NULL) OPENSSL_free(v->value);
-		if (v != NULL) OPENSSL_free(v);
-		}
-	return(0);
-	}
-
-static void clear_comments(CONF *conf, char *p)
-	{
-	for (;;)
-		{
-		if (IS_FCOMMENT(conf,*p))
-			{
-			*p='\0';
-			return;
-			}
-		if (!IS_WS(conf,*p))
-			{
-			break;
-			}
-		p++;
-		}
-
-	for (;;)
-		{
-		if (IS_COMMENT(conf,*p))
-			{
-			*p='\0';
-			return;
-			}
-		if (IS_DQUOTE(conf,*p))
-			{
-			p=scan_dquote(conf, p);
-			continue;
-			}
-		if (IS_QUOTE(conf,*p))
-			{
-			p=scan_quote(conf, p);
-			continue;
-			}
-		if (IS_ESC(conf,*p))
-			{
-			p=scan_esc(conf,p);
-			continue;
-			}
-		if (IS_EOF(conf,*p))
-			return;
-		else
-			p++;
-		}
-	}
-
-static int str_copy(CONF *conf, char *section, char **pto, char *from)
-	{
-	int q,r,rr=0,to=0,len=0;
-	char *s,*e,*rp,*p,*rrp,*np,*cp,v;
-	BUF_MEM *buf;
-
-	if ((buf=BUF_MEM_new()) == NULL) return(0);
-
-	len=strlen(from)+1;
-	if (!BUF_MEM_grow(buf,len)) goto err;
-
-	for (;;)
-		{
-		if (IS_QUOTE(conf,*from))
-			{
-			q= *from;
-			from++;
-			while (!IS_EOF(conf,*from) && (*from != q))
-				{
-				if (IS_ESC(conf,*from))
-					{
-					from++;
-					if (IS_EOF(conf,*from)) break;
-					}
-				buf->data[to++]= *(from++);
-				}
-			if (*from == q) from++;
-			}
-		else if (IS_DQUOTE(conf,*from))
-			{
-			q= *from;
-			from++;
-			while (!IS_EOF(conf,*from))
-				{
-				if (*from == q)
-					{
-					if (*(from+1) == q)
-						{
-						from++;
-						}
-					else
-						{
-						break;
-						}
-					}
-				buf->data[to++]= *(from++);
-				}
-			if (*from == q) from++;
-			}
-		else if (IS_ESC(conf,*from))
-			{
-			from++;
-			v= *(from++);
-			if (IS_EOF(conf,v)) break;
-			else if (v == 'r') v='\r';
-			else if (v == 'n') v='\n';
-			else if (v == 'b') v='\b';
-			else if (v == 't') v='\t';
-			buf->data[to++]= v;
-			}
-		else if (IS_EOF(conf,*from))
-			break;
-		else if (*from == '$')
-			{
-			/* try to expand it */
-			rrp=NULL;
-			s= &(from[1]);
-			if (*s == '{')
-				q='}';
-			else if (*s == '(')
-				q=')';
-			else q=0;
-
-			if (q) s++;
-			cp=section;
-			e=np=s;
-			while (IS_ALPHA_NUMERIC(conf,*e))
-				e++;
-			if ((e[0] == ':') && (e[1] == ':'))
-				{
-				cp=np;
-				rrp=e;
-				rr= *e;
-				*rrp='\0';
-				e+=2;
-				np=e;
-				while (IS_ALPHA_NUMERIC(conf,*e))
-					e++;
-				}
-			r= *e;
-			*e='\0';
-			rp=e;
-			if (q)
-				{
-				if (r != q)
-					{
-					CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
-					goto err;
-					}
-				e++;
-				}
-			/* So at this point we have
-			 * np which is the start of the name string which is
-			 *   '\0' terminated. 
-			 * cp which is the start of the section string which is
-			 *   '\0' terminated.
-			 * e is the 'next point after'.
-			 * r and rr are the chars replaced by the '\0'
-			 * rp and rrp is where 'r' and 'rr' came from.
-			 */
-			p=_CONF_get_string(conf,cp,np);
-			if (rrp != NULL) *rrp=rr;
-			*rp=r;
-			if (p == NULL)
-				{
-				CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
-				goto err;
-				}
-			BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from)));
-			while (*p)
-				buf->data[to++]= *(p++);
-
-			/* Since we change the pointer 'from', we also have
-			   to change the perceived length of the string it
-			   points at.  /RL */
-			len -= e-from;
-			from=e;
-
-			/* In case there were no braces or parenthesis around
-			   the variable reference, we have to put back the
-			   character that was replaced with a '\0'.  /RL */
-			*rp = r;
-			}
-		else
-			buf->data[to++]= *(from++);
-		}
-	buf->data[to]='\0';
-	if (*pto != NULL) OPENSSL_free(*pto);
-	*pto=buf->data;
-	OPENSSL_free(buf);
-	return(1);
-err:
-	if (buf != NULL) BUF_MEM_free(buf);
-	return(0);
-	}
-
-static char *eat_ws(CONF *conf, char *p)
-	{
-	while (IS_WS(conf,*p) && (!IS_EOF(conf,*p)))
-		p++;
-	return(p);
-	}
-
-static char *eat_alpha_numeric(CONF *conf, char *p)
-	{
-	for (;;)
-		{
-		if (IS_ESC(conf,*p))
-			{
-			p=scan_esc(conf,p);
-			continue;
-			}
-		if (!IS_ALPHA_NUMERIC_PUNCT(conf,*p))
-			return(p);
-		p++;
-		}
-	}
-
-static char *scan_quote(CONF *conf, char *p)
-	{
-	int q= *p;
-
-	p++;
-	while (!(IS_EOF(conf,*p)) && (*p != q))
-		{
-		if (IS_ESC(conf,*p))
-			{
-			p++;
-			if (IS_EOF(conf,*p)) return(p);
-			}
-		p++;
-		}
-	if (*p == q) p++;
-	return(p);
-	}
-
-
-static char *scan_dquote(CONF *conf, char *p)
-	{
-	int q= *p;
-
-	p++;
-	while (!(IS_EOF(conf,*p)))
-		{
-		if (*p == q)
-			{
-			if (*(p+1) == q)
-				{
-				p++;
-				}
-			else
-				{
-				break;
-				}
-			}
-		p++;
-		}
-	if (*p == q) p++;
-	return(p);
-	}
-
-static void dump_value_doall_arg(CONF_VALUE *a, BIO *out)
-	{
-	if (a->name)
-		BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
-	else
-		BIO_printf(out, "[[%s]]\n", a->section);
-	}
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE, BIO)
-
-static int def_dump(const CONF *conf, BIO *out)
-	{
-	lh_CONF_VALUE_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value),
-				BIO, out);
-	return 1;
-	}
-
-static int def_is_number(const CONF *conf, char c)
-	{
-	return IS_NUMBER(conf,c);
-	}
-
-static int def_to_int(const CONF *conf, char c)
-	{
-	return c - '0';
-	}
-
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
deleted file mode 100644
index 92a7d8ad77..0000000000
--- a/crypto/conf/conf_def.h
+++ /dev/null
@@ -1,180 +0,0 @@
-/* crypto/conf/conf_def.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* THIS FILE WAS AUTOMAGICALLY GENERATED!
-   Please modify and use keysets.pl to regenerate it. */
-
-#define CONF_NUMBER		1
-#define CONF_UPPER		2
-#define CONF_LOWER		4
-#define CONF_UNDER		256
-#define CONF_PUNCTUATION	512
-#define CONF_WS			16
-#define CONF_ESC		32
-#define CONF_QUOTE		64
-#define CONF_DQUOTE		1024
-#define CONF_COMMENT		128
-#define CONF_FCOMMENT		2048
-#define CONF_EOF		8
-#define CONF_HIGHBIT		4096
-#define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
-#define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
-					CONF_PUNCTUATION)
-
-#define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
-#ifndef CHARSET_EBCDIC
-#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
-
-#else /*CHARSET_EBCDIC*/
-
-#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
-#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \
-				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
-#endif /*CHARSET_EBCDIC*/
-
-static unsigned short CONF_type_default[256]={
-	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
-	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040,
-	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
-	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
-	0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200,
-	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100,
-	0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	};
-
-static unsigned short CONF_type_win32[256]={
-	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
-	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
-	0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000,
-	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
-	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
-	0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200,
-	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
-	0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100,
-	0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
-	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
-	};
-
diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c
deleted file mode 100644
index 25bb5dc9aa..0000000000
--- a/crypto/conf/conf_err.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/* crypto/conf/conf_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/conf.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
-
-static ERR_STRING_DATA CONF_str_functs[]=
-	{
-{ERR_FUNC(CONF_F_CONF_DUMP_FP),	"CONF_dump_fp"},
-{ERR_FUNC(CONF_F_CONF_LOAD),	"CONF_load"},
-{ERR_FUNC(CONF_F_CONF_LOAD_BIO),	"CONF_load_bio"},
-{ERR_FUNC(CONF_F_CONF_LOAD_FP),	"CONF_load_fp"},
-{ERR_FUNC(CONF_F_CONF_MODULES_LOAD),	"CONF_modules_load"},
-{ERR_FUNC(CONF_F_CONF_PARSE_LIST),	"CONF_parse_list"},
-{ERR_FUNC(CONF_F_DEF_LOAD),	"DEF_LOAD"},
-{ERR_FUNC(CONF_F_DEF_LOAD_BIO),	"DEF_LOAD_BIO"},
-{ERR_FUNC(CONF_F_MODULE_INIT),	"MODULE_INIT"},
-{ERR_FUNC(CONF_F_MODULE_LOAD_DSO),	"MODULE_LOAD_DSO"},
-{ERR_FUNC(CONF_F_MODULE_RUN),	"MODULE_RUN"},
-{ERR_FUNC(CONF_F_NCONF_DUMP_BIO),	"NCONF_dump_bio"},
-{ERR_FUNC(CONF_F_NCONF_DUMP_FP),	"NCONF_dump_fp"},
-{ERR_FUNC(CONF_F_NCONF_GET_NUMBER),	"NCONF_get_number"},
-{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E),	"NCONF_get_number_e"},
-{ERR_FUNC(CONF_F_NCONF_GET_SECTION),	"NCONF_get_section"},
-{ERR_FUNC(CONF_F_NCONF_GET_STRING),	"NCONF_get_string"},
-{ERR_FUNC(CONF_F_NCONF_LOAD),	"NCONF_load"},
-{ERR_FUNC(CONF_F_NCONF_LOAD_BIO),	"NCONF_load_bio"},
-{ERR_FUNC(CONF_F_NCONF_LOAD_FP),	"NCONF_load_fp"},
-{ERR_FUNC(CONF_F_NCONF_NEW),	"NCONF_new"},
-{ERR_FUNC(CONF_F_STR_COPY),	"STR_COPY"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA CONF_str_reasons[]=
-	{
-{ERR_REASON(CONF_R_ERROR_LOADING_DSO)    ,"error loading dso"},
-{ERR_REASON(CONF_R_LIST_CANNOT_BE_NULL)  ,"list cannot be null"},
-{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"},
-{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN)   ,"missing equal sign"},
-{ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"},
-{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION),"missing init function"},
-{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),"module initialization error"},
-{ERR_REASON(CONF_R_NO_CLOSE_BRACE)       ,"no close brace"},
-{ERR_REASON(CONF_R_NO_CONF)              ,"no conf"},
-{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),"no conf or environment variable"},
-{ERR_REASON(CONF_R_NO_SECTION)           ,"no section"},
-{ERR_REASON(CONF_R_NO_SUCH_FILE)         ,"no such file"},
-{ERR_REASON(CONF_R_NO_VALUE)             ,"no value"},
-{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),"unable to create new section"},
-{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME)  ,"unknown module name"},
-{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE),"variable has no value"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_CONF_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(CONF_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,CONF_str_functs);
-		ERR_load_strings(0,CONF_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
deleted file mode 100644
index 54046defca..0000000000
--- a/crypto/conf/conf_lib.c
+++ /dev/null
@@ -1,407 +0,0 @@
-/* conf_lib.c */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/conf.h>
-#include <openssl/conf_api.h>
-#include <openssl/lhash.h>
-
-const char CONF_version[]="CONF" OPENSSL_VERSION_PTEXT;
-
-static CONF_METHOD *default_CONF_method=NULL;
-
-/* Init a 'CONF' structure from an old LHASH */
-
-void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash)
-	{
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
-
-	default_CONF_method->init(conf);
-	conf->data = hash;
-	}
-
-/* The following section contains the "CONF classic" functions,
-   rewritten in terms of the new CONF interface. */
-
-int CONF_set_default_method(CONF_METHOD *meth)
-	{
-	default_CONF_method = meth;
-	return 1;
-	}
-
-LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
-				long *eline)
-	{
-	LHASH_OF(CONF_VALUE) *ltmp;
-	BIO *in=NULL;
-
-#ifdef OPENSSL_SYS_VMS
-	in=BIO_new_file(file, "r");
-#else
-	in=BIO_new_file(file, "rb");
-#endif
-	if (in == NULL)
-		{
-		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
-		return NULL;
-		}
-
-	ltmp = CONF_load_bio(conf, in, eline);
-	BIO_free(in);
-
-	return ltmp;
-	}
-
-#ifndef OPENSSL_NO_FP_API
-LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
-				   long *eline)
-	{
-	BIO *btmp;
-	LHASH_OF(CONF_VALUE) *ltmp;
-	if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-		CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
-		return NULL;
-	}
-	ltmp = CONF_load_bio(conf, btmp, eline);
-	BIO_free(btmp);
-	return ltmp;
-	}
-#endif
-
-LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
-				    long *eline)
-	{
-	CONF ctmp;
-	int ret;
-
-	CONF_set_nconf(&ctmp, conf);
-
-	ret = NCONF_load_bio(&ctmp, bp, eline);
-	if (ret)
-		return ctmp.data;
-	return NULL;
-	}
-
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
-				       const char *section)
-	{
-	if (conf == NULL)
-		{
-		return NULL;
-		}
-	else
-		{
-		CONF ctmp;
-		CONF_set_nconf(&ctmp, conf);
-		return NCONF_get_section(&ctmp, section);
-		}
-	}
-
-char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf,const char *group,
-		      const char *name)
-	{
-	if (conf == NULL)
-		{
-		return NCONF_get_string(NULL, group, name);
-		}
-	else
-		{
-		CONF ctmp;
-		CONF_set_nconf(&ctmp, conf);
-		return NCONF_get_string(&ctmp, group, name);
-		}
-	}
-
-long CONF_get_number(LHASH_OF(CONF_VALUE) *conf,const char *group,
-		     const char *name)
-	{
-	int status;
-	long result = 0;
-
-	if (conf == NULL)
-		{
-		status = NCONF_get_number_e(NULL, group, name, &result);
-		}
-	else
-		{
-		CONF ctmp;
-		CONF_set_nconf(&ctmp, conf);
-		status = NCONF_get_number_e(&ctmp, group, name, &result);
-		}
-
-	if (status == 0)
-		{
-		/* This function does not believe in errors... */
-		ERR_clear_error();
-		}
-	return result;
-	}
-
-void CONF_free(LHASH_OF(CONF_VALUE) *conf)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	NCONF_free_data(&ctmp);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out)
-	{
-	BIO *btmp;
-	int ret;
-
-	if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
-		CONFerr(CONF_F_CONF_DUMP_FP,ERR_R_BUF_LIB);
-		return 0;
-	}
-	ret = CONF_dump_bio(conf, btmp);
-	BIO_free(btmp);
-	return ret;
-	}
-#endif
-
-int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	return NCONF_dump_bio(&ctmp, out);
-	}
-
-/* The following section contains the "New CONF" functions.  They are
-   completely centralised around a new CONF structure that may contain
-   basically anything, but at least a method pointer and a table of data.
-   These functions are also written in terms of the bridge functions used
-   by the "CONF classic" functions, for consistency.  */
-
-CONF *NCONF_new(CONF_METHOD *meth)
-	{
-	CONF *ret;
-
-	if (meth == NULL)
-		meth = NCONF_default();
-
-	ret = meth->create(meth);
-	if (ret == NULL)
-		{
-		CONFerr(CONF_F_NCONF_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-
-	return ret;
-	}
-
-void NCONF_free(CONF *conf)
-	{
-	if (conf == NULL)
-		return;
-	conf->meth->destroy(conf);
-	}
-
-void NCONF_free_data(CONF *conf)
-	{
-	if (conf == NULL)
-		return;
-	conf->meth->destroy_data(conf);
-	}
-
-int NCONF_load(CONF *conf, const char *file, long *eline)
-	{
-	if (conf == NULL)
-		{
-		CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF);
-		return 0;
-		}
-
-	return conf->meth->load(conf, file, eline);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline)
-	{
-	BIO *btmp;
-	int ret;
-	if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE)))
-		{
-		CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB);
-		return 0;
-		}
-	ret = NCONF_load_bio(conf, btmp, eline);
-	BIO_free(btmp);
-	return ret;
-	}
-#endif
-
-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline)
-	{
-	if (conf == NULL)
-		{
-		CONFerr(CONF_F_NCONF_LOAD_BIO,CONF_R_NO_CONF);
-		return 0;
-		}
-
-	return conf->meth->load_bio(conf, bp, eline);
-	}
-
-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section)
-	{
-	if (conf == NULL)
-		{
-		CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_CONF);
-		return NULL;
-		}
-
-	if (section == NULL)
-		{
-		CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
-		return NULL;
-		}
-
-	return _CONF_get_section_values(conf, section);
-	}
-
-char *NCONF_get_string(const CONF *conf,const char *group,const char *name)
-	{
-	char *s = _CONF_get_string(conf, group, name);
-
-        /* Since we may get a value from an environment variable even
-           if conf is NULL, let's check the value first */
-        if (s) return s;
-
-	if (conf == NULL)
-		{
-		CONFerr(CONF_F_NCONF_GET_STRING,
-                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
-		return NULL;
-		}
-	CONFerr(CONF_F_NCONF_GET_STRING,
-		CONF_R_NO_VALUE);
-	ERR_add_error_data(4,"group=",group," name=",name);
-	return NULL;
-	}
-
-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
-		       long *result)
-	{
-	char *str;
-
-	if (result == NULL)
-		{
-		CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-
-	str = NCONF_get_string(conf,group,name);
-
-	if (str == NULL)
-		return 0;
-
-	for (*result = 0;conf->meth->is_number(conf, *str);)
-		{
-		*result = (*result)*10 + conf->meth->to_int(conf, *str);
-		str++;
-		}
-
-	return 1;
-	}
-
-#ifndef OPENSSL_NO_FP_API
-int NCONF_dump_fp(const CONF *conf, FILE *out)
-	{
-	BIO *btmp;
-	int ret;
-	if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
-		CONFerr(CONF_F_NCONF_DUMP_FP,ERR_R_BUF_LIB);
-		return 0;
-	}
-	ret = NCONF_dump_bio(conf, btmp);
-	BIO_free(btmp);
-	return ret;
-	}
-#endif
-
-int NCONF_dump_bio(const CONF *conf, BIO *out)
-	{
-	if (conf == NULL)
-		{
-		CONFerr(CONF_F_NCONF_DUMP_BIO,CONF_R_NO_CONF);
-		return 0;
-		}
-
-	return conf->meth->dump(conf, out);
-	}
-
-
-/* This function should be avoided */
-#if 0
-long NCONF_get_number(CONF *conf,char *group,char *name)
-	{
-	int status;
-	long ret=0;
-
-	status = NCONF_get_number_e(conf, group, name, &ret);
-	if (status == 0)
-		{
-		/* This function does not believe in errors... */
-		ERR_get_error();
-		}
-	return ret;
-	}
-#endif
diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c
deleted file mode 100644
index 213890e0c2..0000000000
--- a/crypto/conf/conf_mall.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* conf_mall.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-/* Load all OpenSSL builtin modules */
-
-void OPENSSL_load_builtin_modules(void)
-	{
-	/* Add builtin modules here */
-	ASN1_add_oid_module();
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_add_conf_module();
-#endif
-	EVP_add_alg_module();
-	}
-
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
deleted file mode 100644
index df1642a0a5..0000000000
--- a/crypto/conf/conf_mod.c
+++ /dev/null
@@ -1,623 +0,0 @@
-/* conf_mod.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-
-
-#define DSO_mod_init_name "OPENSSL_init"
-#define DSO_mod_finish_name "OPENSSL_finish"
-
-
-/* This structure contains a data about supported modules.
- * entries in this table correspond to either dynamic or
- * static modules.
- */
-
-struct conf_module_st
-	{
-	/* DSO of this module or NULL if static */
-	DSO *dso;
-	/* Name of the module */
-	char *name;
-	/* Init function */
-	conf_init_func *init; 
-	/* Finish function */
-	conf_finish_func *finish;
-	/* Number of successfully initialized modules */
-	int links;
-	void *usr_data;
-	};
-
-
-/* This structure contains information about modules that have been
- * successfully initialized. There may be more than one entry for a
- * given module.
- */
-
-struct conf_imodule_st
-	{
-	CONF_MODULE *pmod;
-	char *name;
-	char *value;
-	unsigned long flags;
-	void *usr_data;
-	};
-
-static STACK_OF(CONF_MODULE) *supported_modules = NULL;
-static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
-
-static void module_free(CONF_MODULE *md);
-static void module_finish(CONF_IMODULE *imod);
-static int module_run(const CONF *cnf, char *name, char *value,
-					  unsigned long flags);
-static CONF_MODULE *module_add(DSO *dso, const char *name,
-			conf_init_func *ifunc, conf_finish_func *ffunc);
-static CONF_MODULE *module_find(char *name);
-static int module_init(CONF_MODULE *pmod, char *name, char *value,
-					   const CONF *cnf);
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
-									unsigned long flags);
-
-/* Main function: load modules from a CONF structure */
-
-int CONF_modules_load(const CONF *cnf, const char *appname,
-		      unsigned long flags)
-	{
-	STACK_OF(CONF_VALUE) *values;
-	CONF_VALUE *vl;
-	char *vsection = NULL;
-
-	int ret, i;
-
-	if (!cnf)
-		return 1;
-
-	if (appname)
-		vsection = NCONF_get_string(cnf, NULL, appname);
-
-	if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
-		vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
-
-	if (!vsection)
-		{
-		ERR_clear_error();
-		return 1;
-		}
-
-	values = NCONF_get_section(cnf, vsection);
-
-	if (!values)
-		return 0;
-
-	for (i = 0; i < sk_CONF_VALUE_num(values); i++)
-		{
-		vl = sk_CONF_VALUE_value(values, i);
-		ret = module_run(cnf, vl->name, vl->value, flags);
-		if (ret <= 0)
-			if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
-				return ret;
-		}
-
-	return 1;
-
-	}
-
-int CONF_modules_load_file(const char *filename, const char *appname,
-			   unsigned long flags)
-	{
-	char *file = NULL;
-	CONF *conf = NULL;
-	int ret = 0;
-	conf = NCONF_new(NULL);
-	if (!conf)
-		goto err;
-
-	if (filename == NULL)
-		{
-		file = CONF_get1_default_config_file();
-		if (!file)
-			goto err;
-		}
-	else
-		file = (char *)filename;
-
-	if (NCONF_load(conf, file, NULL) <= 0)
-		{
-		if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
-		  (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE))
-			{
-			ERR_clear_error();
-			ret = 1;
-			}
-		goto err;
-		}
-
-	ret = CONF_modules_load(conf, appname, flags);
-
-	err:
-	if (filename == NULL)
-		OPENSSL_free(file);
-	NCONF_free(conf);
-
-	return ret;
-	}
-
-static int module_run(const CONF *cnf, char *name, char *value,
-		      unsigned long flags)
-	{
-	CONF_MODULE *md;
-	int ret;
-
-	md = module_find(name);
-
-	/* Module not found: try to load DSO */
-	if (!md && !(flags & CONF_MFLAGS_NO_DSO))
-		md = module_load_dso(cnf, name, value, flags);
-
-	if (!md)
-		{
-		if (!(flags & CONF_MFLAGS_SILENT))
-			{
-			CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
-			ERR_add_error_data(2, "module=", name);
-			}
-		return -1;
-		}
-
-	ret = module_init(md, name, value, cnf);
-
-	if (ret <= 0)
-		{
-		if (!(flags & CONF_MFLAGS_SILENT))
-			{
-			char rcode[DECIMAL_SIZE(ret)+1];
-			CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
-			BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
-			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
-			}
-		}
-
-	return ret;
-	}
-
-/* Load a module from a DSO */
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
-				    unsigned long flags)
-	{
-	DSO *dso = NULL;
-	conf_init_func *ifunc;
-	conf_finish_func *ffunc;
-	char *path = NULL;
-	int errcode = 0;
-	CONF_MODULE *md;
-	/* Look for alternative path in module section */
-	path = NCONF_get_string(cnf, value, "path");
-	if (!path)
-		{
-		ERR_clear_error();
-		path = name;
-		}
-	dso = DSO_load(NULL, path, NULL, 0);
-	if (!dso)
-		{
-		errcode = CONF_R_ERROR_LOADING_DSO;
-		goto err;
-		}
-        ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
-	if (!ifunc)
-		{
-		errcode = CONF_R_MISSING_INIT_FUNCTION;
-		goto err;
-		}
-        ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
-	/* All OK, add module */
-	md = module_add(dso, name, ifunc, ffunc);
-
-	if (!md)
-		goto err;
-
-	return md;
-
-	err:
-	if (dso)
-		DSO_free(dso);
-	CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
-	ERR_add_error_data(4, "module=", name, ", path=", path);
-	return NULL;
-	}
-
-/* add module to list */
-static CONF_MODULE *module_add(DSO *dso, const char *name,
-			       conf_init_func *ifunc, conf_finish_func *ffunc)
-	{
-	CONF_MODULE *tmod = NULL;
-	if (supported_modules == NULL)
-		supported_modules = sk_CONF_MODULE_new_null();
-	if (supported_modules == NULL)
-		return NULL;
-	tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
-	if (tmod == NULL)
-		return NULL;
-
-	tmod->dso = dso;
-	tmod->name = BUF_strdup(name);
-	tmod->init = ifunc;
-	tmod->finish = ffunc;
-	tmod->links = 0;
-
-	if (!sk_CONF_MODULE_push(supported_modules, tmod))
-		{
-		OPENSSL_free(tmod);
-		return NULL;
-		}
-
-	return tmod;
-	}
-
-/* Find a module from the list. We allow module names of the
- * form modname.XXXX to just search for modname to allow the
- * same module to be initialized more than once.
- */
-
-static CONF_MODULE *module_find(char *name)
-	{
-	CONF_MODULE *tmod;
-	int i, nchar;
-	char *p;
-	p = strrchr(name, '.');
-
-	if (p)
-		nchar = p - name;
-	else 
-		nchar = strlen(name);
-
-	for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++)
-		{
-		tmod = sk_CONF_MODULE_value(supported_modules, i);
-		if (!strncmp(tmod->name, name, nchar))
-			return tmod;
-		}
-
-	return NULL;
-
-	}
-
-/* initialize a module */
-static int module_init(CONF_MODULE *pmod, char *name, char *value,
-		       const CONF *cnf)
-	{
-	int ret = 1;
-	int init_called = 0;
-	CONF_IMODULE *imod = NULL;
-
-	/* Otherwise add initialized module to list */
-	imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
-	if (!imod)
-		goto err;
-
-	imod->pmod = pmod;
-	imod->name = BUF_strdup(name);
-	imod->value = BUF_strdup(value);
-	imod->usr_data = NULL;
-
-	if (!imod->name || !imod->value)
-		goto memerr;
-
-	/* Try to initialize module */
-	if(pmod->init)
-		{
-		ret = pmod->init(imod, cnf);
-		init_called = 1;
-		/* Error occurred, exit */
-		if (ret <= 0)
-			goto err;
-		}
-
-	if (initialized_modules == NULL)
-		{
-		initialized_modules = sk_CONF_IMODULE_new_null();
-		if (!initialized_modules)
-			{
-			CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-
-	if (!sk_CONF_IMODULE_push(initialized_modules, imod))
-		{
-		CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	pmod->links++;
-
-	return ret;
-
-	err:
-
-	/* We've started the module so we'd better finish it */
-	if (pmod->finish && init_called)
-		pmod->finish(imod);
-
-	memerr:
-	if (imod)
-		{
-		if (imod->name)
-			OPENSSL_free(imod->name);
-		if (imod->value)
-			OPENSSL_free(imod->value);
-		OPENSSL_free(imod);
-		}
-
-	return -1;
-
-	}
-
-/* Unload any dynamic modules that have a link count of zero:
- * i.e. have no active initialized modules. If 'all' is set
- * then all modules are unloaded including static ones.
- */
-
-void CONF_modules_unload(int all)
-	{
-	int i;
-	CONF_MODULE *md;
-	CONF_modules_finish();
-	/* unload modules in reverse order */
-	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
-		{
-		md = sk_CONF_MODULE_value(supported_modules, i);
-		/* If static or in use and 'all' not set ignore it */
-		if (((md->links > 0) || !md->dso) && !all)
-			continue;
-		/* Since we're working in reverse this is OK */
-		(void)sk_CONF_MODULE_delete(supported_modules, i);
-		module_free(md);
-		}
-	if (sk_CONF_MODULE_num(supported_modules) == 0)
-		{
-		sk_CONF_MODULE_free(supported_modules);
-		supported_modules = NULL;
-		}
-	}
-
-/* unload a single module */
-static void module_free(CONF_MODULE *md)
-	{
-	if (md->dso)
-		DSO_free(md->dso);
-	OPENSSL_free(md->name);
-	OPENSSL_free(md);
-	}
-
-/* finish and free up all modules instances */
-
-void CONF_modules_finish(void)
-	{
-	CONF_IMODULE *imod;
-	while (sk_CONF_IMODULE_num(initialized_modules) > 0)
-		{
-		imod = sk_CONF_IMODULE_pop(initialized_modules);
-		module_finish(imod);
-		}
-	sk_CONF_IMODULE_free(initialized_modules);
-	initialized_modules = NULL;
-	}
-
-/* finish a module instance */
-
-static void module_finish(CONF_IMODULE *imod)
-	{
-	if (imod->pmod->finish)
-		imod->pmod->finish(imod);
-	imod->pmod->links--;
-	OPENSSL_free(imod->name);
-	OPENSSL_free(imod->value);
-	OPENSSL_free(imod);
-	}
-
-/* Add a static module to OpenSSL */
-
-int CONF_module_add(const char *name, conf_init_func *ifunc, 
-		    conf_finish_func *ffunc)
-	{
-	if (module_add(NULL, name, ifunc, ffunc))
-		return 1;
-	else
-		return 0;
-	}
-
-void CONF_modules_free(void)
-	{
-	CONF_modules_finish();
-	CONF_modules_unload(1);
-	}
-
-/* Utility functions */
-
-const char *CONF_imodule_get_name(const CONF_IMODULE *md)
-	{
-	return md->name;
-	}
-
-const char *CONF_imodule_get_value(const CONF_IMODULE *md)
-	{
-	return md->value;
-	}
-
-void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
-	{
-	return md->usr_data;
-	}
-
-void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
-	{
-	md->usr_data = usr_data;
-	}
-
-CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
-	{
-	return md->pmod;
-	}
-
-unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
-	{
-	return md->flags;
-	}
-
-void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
-	{
-	md->flags = flags;
-	}
-
-void *CONF_module_get_usr_data(CONF_MODULE *pmod)
-	{
-	return pmod->usr_data;
-	}
-
-void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
-	{
-	pmod->usr_data = usr_data;
-	}
-
-/* Return default config file name */
-
-char *CONF_get1_default_config_file(void)
-	{
-	char *file;
-	int len;
-
-	file = getenv("OPENSSL_CONF");
-	if (file) 
-		return BUF_strdup(file);
-
-	len = strlen(X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
-	len++;
-#endif
-	len += strlen(OPENSSL_CONF);
-
-	file = OPENSSL_malloc(len + 1);
-
-	if (!file)
-		return NULL;
-	BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
-#ifndef OPENSSL_SYS_VMS
-	BUF_strlcat(file,"/",len + 1);
-#endif
-	BUF_strlcat(file,OPENSSL_CONF,len + 1);
-
-	return file;
-	}
-
-/* This function takes a list separated by 'sep' and calls the
- * callback function giving the start and length of each member
- * optionally stripping leading and trailing whitespace. This can
- * be used to parse comma separated lists for example.
- */
-
-int CONF_parse_list(const char *list_, int sep, int nospc,
-	int (*list_cb)(const char *elem, int len, void *usr), void *arg)
-	{
-	int ret;
-	const char *lstart, *tmpend, *p;
-
-	if(list_ == NULL)
-		{
-		CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL);
-		return 0;
-		}
-
-	lstart = list_;
-	for(;;)
-		{
-		if (nospc)
-			{
-			while(*lstart && isspace((unsigned char)*lstart))
-				lstart++;
-			}
-		p = strchr(lstart, sep);
-		if (p == lstart || !*lstart)
-			ret = list_cb(NULL, 0, arg);
-		else
-			{
-			if (p)
-				tmpend = p - 1;
-			else 
-				tmpend = lstart + strlen(lstart) - 1;
-			if (nospc)
-				{
-				while(isspace((unsigned char)*tmpend))
-					tmpend--;
-				}
-			ret = list_cb(lstart, tmpend - lstart + 1, arg);
-			}
-		if (ret <= 0)
-			return ret;
-		if (p == NULL)
-			return 1;
-		lstart = p + 1;
-		}
-	}
-
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
deleted file mode 100644
index 760dc2632d..0000000000
--- a/crypto/conf/conf_sap.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* conf_sap.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-/* This is the automatic configuration loader: it is called automatically by
- * OpenSSL when any of a number of standard initialisation functions are called,
- * unless this is overridden by calling OPENSSL_no_config()
- */
-
-static int openssl_configured = 0;
-
-void OPENSSL_config(const char *config_name)
-	{
-	if (openssl_configured)
-		return;
-
-	OPENSSL_load_builtin_modules();
-#ifndef OPENSSL_NO_ENGINE
-	/* Need to load ENGINEs */
-	ENGINE_load_builtin_engines();
-#endif
-	/* Add others here? */
-
-
-	ERR_clear_error();
-	if (CONF_modules_load_file(NULL, config_name,
-	CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
-		{
-		BIO *bio_err;
-		ERR_load_crypto_strings();
-		if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
-			{
-			BIO_printf(bio_err,"Auto configuration failed\n");
-			ERR_print_errors(bio_err);
-			BIO_free(bio_err);
-			}
-		exit(1);
-		}
-
-	return;
-	}
-
-void OPENSSL_no_config()
-	{
-	openssl_configured = 1;
-	}
diff --git a/crypto/conf/keysets.pl b/crypto/conf/keysets.pl
deleted file mode 100644
index 50ed67fa52..0000000000
--- a/crypto/conf/keysets.pl
+++ /dev/null
@@ -1,185 +0,0 @@
-#!/usr/local/bin/perl
-
-$NUMBER=0x01;
-$UPPER=0x02;
-$LOWER=0x04;
-$UNDER=0x100;
-$PUNCTUATION=0x200;
-$WS=0x10;
-$ESC=0x20;
-$QUOTE=0x40;
-$DQUOTE=0x400;
-$COMMENT=0x80;
-$FCOMMENT=0x800;
-$EOF=0x08;
-$HIGHBIT=0x1000;
-
-foreach (0 .. 255)
-	{
-	$v=0;
-	$c=sprintf("%c",$_);
-	$v|=$NUMBER	if ($c =~ /[0-9]/);
-	$v|=$UPPER	if ($c =~ /[A-Z]/);
-	$v|=$LOWER	if ($c =~ /[a-z]/);
-	$v|=$UNDER	if ($c =~ /_/);
-	$v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
-	$v|=$WS		if ($c =~ /[ \t\r\n]/);
-	$v|=$ESC	if ($c =~ /\\/);
-	$v|=$QUOTE	if ($c =~ /['`"]/); # for emacs: "`'}/)
-	$v|=$COMMENT	if ($c =~ /\#/);
-	$v|=$EOF	if ($c =~ /\0/);
-	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
-
-	push(@V_def,$v);
-	}
-
-foreach (0 .. 255)
-	{
-	$v=0;
-	$c=sprintf("%c",$_);
-	$v|=$NUMBER	if ($c =~ /[0-9]/);
-	$v|=$UPPER	if ($c =~ /[A-Z]/);
-	$v|=$LOWER	if ($c =~ /[a-z]/);
-	$v|=$UNDER	if ($c =~ /_/);
-	$v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
-	$v|=$WS		if ($c =~ /[ \t\r\n]/);
-	$v|=$DQUOTE	if ($c =~ /["]/); # for emacs: "}/)
-	$v|=$FCOMMENT	if ($c =~ /;/);
-	$v|=$EOF	if ($c =~ /\0/);
-	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
-
-	push(@V_w32,$v);
-	}
-
-print <<"EOF";
-/* crypto/conf/conf_def.h */
-/* Copyright (C) 1995-1998 Eric Young (eay\@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay\@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh\@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay\@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh\@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* THIS FILE WAS AUTOMAGICALLY GENERATED!
-   Please modify and use keysets.pl to regenerate it. */
-
-#define CONF_NUMBER		$NUMBER
-#define CONF_UPPER		$UPPER
-#define CONF_LOWER		$LOWER
-#define CONF_UNDER		$UNDER
-#define CONF_PUNCTUATION	$PUNCTUATION
-#define CONF_WS			$WS
-#define CONF_ESC		$ESC
-#define CONF_QUOTE		$QUOTE
-#define CONF_DQUOTE		$DQUOTE
-#define CONF_COMMENT		$COMMENT
-#define CONF_FCOMMENT		$FCOMMENT
-#define CONF_EOF		$EOF
-#define CONF_HIGHBIT		$HIGHBIT
-#define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
-#define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
-					CONF_PUNCTUATION)
-
-#define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
-#ifndef CHARSET_EBCDIC
-#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
-				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
-
-#else /*CHARSET_EBCDIC*/
-
-#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
-#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
-#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
-				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
-#endif /*CHARSET_EBCDIC*/
-
-EOF
-
-print "static unsigned short CONF_type_default[256]={";
-
-for ($i=0; $i<256; $i++)
-	{
-	print "\n\t" if ($i % 8) == 0;
-	printf "0x%04X,",$V_def[$i];
-	}
-
-print "\n\t};\n\n";
-
-print "static unsigned short CONF_type_win32[256]={";
-
-for ($i=0; $i<256; $i++)
-	{
-	print "\n\t" if ($i % 8) == 0;
-	printf "0x%04X,",$V_w32[$i];
-	}
-
-print "\n\t};\n\n";
diff --git a/crypto/conf/ssleay.cnf b/crypto/conf/ssleay.cnf
deleted file mode 100644
index ed33af601e..0000000000
--- a/crypto/conf/ssleay.cnf
+++ /dev/null
@@ -1,78 +0,0 @@
-#
-# This is a test configuration file for use in SSLeay etc...
-#
-
-init = 5
-in\#it1 =10
-init2='10'
-init3='10\''
-init4="10'"
-init5='='10\'' again'
-
-SSLeay::version = 0.5.0
-
-[genrsa]
-default_bits	= 512
-SSLEAY::version = 0.5.0
-
-[gendh]
-default_bits	= 512
-def_generator	= 2
-
-[s_client]
-cipher1		= DES_CBC_MD5:DES_CBC_SHA:DES_EDE_SHA:RC4_MD5\
-cipher2		= 'DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5'
-cipher3		= "DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5"
-cipher4		= DES_CBC_MD5 DES_CBC_SHA DES_EDE_SHA RC4_MD5
-
-[ default ]
-cert_dir	= $ENV::HOME/.ca_certs
-
-HOME		= /tmp/eay
-
-tmp_cert_dir	= $HOME/.ca_certs
-tmp2_cert_dir	= thisis$(HOME)stuff
-
-LOGNAME	= Eric Young (home=$HOME)
-
-[ special ]
-
-H=$HOME
-H=$default::HOME
-H=$ENV::HOME
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE		= $HOME/.rand
-
-[ req ]
-default_bits		= 512
-default_keyfile 	= privkey.pem
-
-Attribute_type_1	= countryName
-Attribute_text_1	= Country Name (2 letter code)
-Attribute_default_1	= AU
-
-Attribute_type_2	= stateOrProvinceName
-Attribute_text_2	= State or Province Name (full name)
-Attribute_default_2	= Queensland
-
-Attribute_type_3	= localityName
-Attribute_text_3	= Locality Name (eg, city)
-
-Attribute_type_4	= organizationName
-Attribute_text_4	= Organization Name (eg, company)
-Attribute_default_4	= Mincom Pty Ltd
-
-Attribute_type_5	= organizationalUnitName
-Attribute_text_5	= Organizational Unit Name (eg, section)
-Attribute_default_5	= TR
-
-Attribute_type_6	= commonName
-Attribute_text_6	= Common Name (eg, YOUR name)
-
-Attribute_type_7	= emailAddress
-Attribute_text_7	= Email Address
-
diff --git a/crypto/conf/test.c b/crypto/conf/test.c
deleted file mode 100644
index 7fab85053e..0000000000
--- a/crypto/conf/test.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/* crypto/conf/test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-
-main()
-	{
-	LHASH *conf;
-	long eline;
-	char *s,*s2;
-
-#ifdef USE_WIN32
-	CONF_set_default_method(CONF_WIN32);
-#endif
-	conf=CONF_load(NULL,"ssleay.cnf",&eline);
-	if (conf == NULL)
-		{
-		ERR_load_crypto_strings();
-		printf("unable to load configuration, line %ld\n",eline);
-		ERR_print_errors_fp(stderr);
-		exit(1);
-		}
-	lh_stats(conf,stdout);
-	lh_node_stats(conf,stdout);
-	lh_node_usage_stats(conf,stdout);
-
-	s=CONF_get_string(conf,NULL,"init2");
-	printf("init2=%s\n",(s == NULL)?"NULL":s);
-
-	s=CONF_get_string(conf,NULL,"cipher1");
-	printf("cipher1=%s\n",(s == NULL)?"NULL":s);
-
-	s=CONF_get_string(conf,"s_client","cipher1");
-	printf("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);
-
-	printf("---------------------------- DUMP ------------------------\n");
-	CONF_dump_fp(conf, stdout);
-
-	exit(0);
-	}
diff --git a/crypto/constant_time_locl.h b/crypto/constant_time_locl.h
deleted file mode 100644
index 8af98c1683..0000000000
--- a/crypto/constant_time_locl.h
+++ /dev/null
@@ -1,206 +0,0 @@
-/* crypto/constant_time_locl.h */
-/*
- * Utilities for constant-time cryptography.
- *
- * Author: Emilia Kasper (emilia@openssl.org)
- * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
- * (Google).
- * ====================================================================
- * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CONSTANT_TIME_LOCL_H
-#define HEADER_CONSTANT_TIME_LOCL_H
-
-#include "e_os.h"  /* For 'inline' */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * The boolean methods return a bitmask of all ones (0xff...f) for true
- * and 0 for false. This is useful for choosing a value based on the result
- * of a conditional in constant time. For example,
- *
- * if (a < b) {
- *   c = a;
- * } else {
- *   c = b;
- * }
- *
- * can be written as
- *
- * unsigned int lt = constant_time_lt(a, b);
- * c = constant_time_select(lt, a, b);
- */
-
-/*
- * Returns the given value with the MSB copied to all the other
- * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
- * However, this is not ensured by the C standard so you may need to
- * replace this with something else on odd CPUs.
- */
-static inline unsigned int constant_time_msb(unsigned int a);
-
-/*
- * Returns 0xff..f if a < b and 0 otherwise.
- */
-static inline unsigned int constant_time_lt(unsigned int a, unsigned int b);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b);
-
-/*
- * Returns 0xff..f if a >= b and 0 otherwise.
- */
-static inline unsigned int constant_time_ge(unsigned int a, unsigned int b);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b);
-
-/*
- * Returns 0xff..f if a == 0 and 0 otherwise.
- */
-static inline unsigned int constant_time_is_zero(unsigned int a);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_is_zero_8(unsigned int a);
-
-
-/*
- * Returns 0xff..f if a == b and 0 otherwise.
- */
-static inline unsigned int constant_time_eq(unsigned int a, unsigned int b);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b);
-/* Signed integers. */
-static inline unsigned int constant_time_eq_int(int a, int b);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_eq_int_8(int a, int b);
-
-
-/*
- * Returns (mask & a) | (~mask & b).
- *
- * When |mask| is all 1s or all 0s (as returned by the methods above),
- * the select methods return either |a| (if |mask| is nonzero) or |b|
- * (if |mask| is zero).
- */
-static inline unsigned int constant_time_select(unsigned int mask,
-	unsigned int a, unsigned int b);
-/* Convenience method for unsigned chars. */
-static inline unsigned char constant_time_select_8(unsigned char mask,
-	unsigned char a, unsigned char b);
-/* Convenience method for signed integers. */
-static inline int constant_time_select_int(unsigned int mask, int a, int b);
-
-static inline unsigned int constant_time_msb(unsigned int a)
-	{
-	return 0-(a >> (sizeof(a) * 8 - 1));
-	}
-
-static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
-	{
-	return constant_time_msb(a^((a^b)|((a-b)^b)));
-	}
-
-static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
-	{
-	return (unsigned char)(constant_time_lt(a, b));
-	}
-
-static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
-	{
-	return ~constant_time_lt(a, b);
-	}
-
-static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
-	{
-	return (unsigned char)(constant_time_ge(a, b));
-	}
-
-static inline unsigned int constant_time_is_zero(unsigned int a)
-	{
-	return constant_time_msb(~a & (a - 1));
-	}
-
-static inline unsigned char constant_time_is_zero_8(unsigned int a)
-	{
-	return (unsigned char)(constant_time_is_zero(a));
-	}
-
-static inline unsigned int constant_time_eq(unsigned int a, unsigned int b)
-	{
-	return constant_time_is_zero(a ^ b);
-	}
-
-static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b)
-	{
-	return (unsigned char)(constant_time_eq(a, b));
-	}
-
-static inline unsigned int constant_time_eq_int(int a, int b)
-	{
-	return constant_time_eq((unsigned)(a), (unsigned)(b));
-	}
-
-static inline unsigned char constant_time_eq_int_8(int a, int b)
-	{
-	return constant_time_eq_8((unsigned)(a), (unsigned)(b));
-	}
-
-static inline unsigned int constant_time_select(unsigned int mask,
-	unsigned int a, unsigned int b)
-	{
-	return (mask & a) | (~mask & b);
-	}
-
-static inline unsigned char constant_time_select_8(unsigned char mask,
-	unsigned char a, unsigned char b)
-	{
-	return (unsigned char)(constant_time_select(mask, a, b));
-	}
-
-static inline int constant_time_select_int(unsigned int mask, int a, int b)
-	{
-	return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
-	}
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif  /* HEADER_CONSTANT_TIME_LOCL_H */
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
deleted file mode 100644
index 289005f662..0000000000
--- a/crypto/cpt_err.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/* crypto/cpt_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/crypto.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
-
-static ERR_STRING_DATA CRYPTO_str_functs[]=
-	{
-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX),	"CRYPTO_get_ex_new_index"},
-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID),	"CRYPTO_get_new_dynlockid"},
-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID),	"CRYPTO_get_new_lockid"},
-{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA),	"CRYPTO_set_ex_data"},
-{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX),	"DEF_ADD_INDEX"},
-{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS),	"DEF_GET_CLASS"},
-{ERR_FUNC(CRYPTO_F_FIPS_MODE_SET),	"FIPS_mode_set"},
-{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA),	"INT_DUP_EX_DATA"},
-{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA),	"INT_FREE_EX_DATA"},
-{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA),	"INT_NEW_EX_DATA"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA CRYPTO_str_reasons[]=
-	{
-{ERR_REASON(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
-{ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_CRYPTO_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,CRYPTO_str_functs);
-		ERR_load_strings(0,CRYPTO_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
deleted file mode 100644
index 0b77d8b7d0..0000000000
--- a/crypto/cryptlib.c
+++ /dev/null
@@ -1,940 +0,0 @@
-/* crypto/cryptlib.c */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include "cryptlib.h"
-#include <openssl/safestack.h>
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
-#endif
-
-DECLARE_STACK_OF(CRYPTO_dynlock)
-
-/* real #defines in crypto.h, keep these upto date */
-static const char* const lock_names[CRYPTO_NUM_LOCKS] =
-	{
-	"<<ERROR>>",
-	"err",
-	"ex_data",
-	"x509",
-	"x509_info",
-	"x509_pkey",
-	"x509_crl",
-	"x509_req",
-	"dsa",
-	"rsa",
-	"evp_pkey",
-	"x509_store",
-	"ssl_ctx",
-	"ssl_cert",
-	"ssl_session",
-	"ssl_sess_cert",
-	"ssl",
-	"ssl_method",
-	"rand",
-	"rand2",
-	"debug_malloc",
-	"BIO",
-	"gethostbyname",
-	"getservbyname",
-	"readdir",
-	"RSA_blinding",
-	"dh",
-	"debug_malloc2",
-	"dso",
-	"dynlock",
-	"engine",
-	"ui",
-	"ecdsa",
-	"ec",
-	"ecdh",
-	"bn",
-	"ec_pre_comp",
-	"store",
-	"comp",
-	"fips",
-	"fips2",
-#if CRYPTO_NUM_LOCKS != 41
-# error "Inconsistency between crypto.h and cryptlib.c"
-#endif
-	};
-
-/* This is for applications to allocate new type names in the non-dynamic
-   array of lock names.  These are numbered with positive numbers.  */
-static STACK_OF(OPENSSL_STRING) *app_locks=NULL;
-
-/* For applications that want a more dynamic way of handling threads, the
-   following stack is used.  These are externally numbered with negative
-   numbers.  */
-static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
-
-
-static void (MS_FAR *locking_callback)(int mode,int type,
-	const char *file,int line)=0;
-static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
-	int type,const char *file,int line)=0;
-#ifndef OPENSSL_NO_DEPRECATED
-static unsigned long (MS_FAR *id_callback)(void)=0;
-#endif
-static void (MS_FAR *threadid_callback)(CRYPTO_THREADID *)=0;
-static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
-	(const char *file,int line)=0;
-static void (MS_FAR *dynlock_lock_callback)(int mode,
-	struct CRYPTO_dynlock_value *l, const char *file,int line)=0;
-static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
-	const char *file,int line)=0;
-
-int CRYPTO_get_new_lockid(char *name)
-	{
-	char *str;
-	int i;
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-	/* A hack to make Visual C++ 5.0 work correctly when linking as
-	 * a DLL using /MT. Without this, the application cannot use
-	 * any floating point printf's.
-	 * It also seems to be needed for Visual C 1.5 (win16) */
-	SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
-#endif
-
-	if ((app_locks == NULL) && ((app_locks=sk_OPENSSL_STRING_new_null()) == NULL))
-		{
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	if ((str=BUF_strdup(name)) == NULL)
-		{
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	i=sk_OPENSSL_STRING_push(app_locks,str);
-	if (!i)
-		OPENSSL_free(str);
-	else
-		i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
-	return(i);
-	}
-
-int CRYPTO_num_locks(void)
-	{
-	return CRYPTO_NUM_LOCKS;
-	}
-
-int CRYPTO_get_new_dynlockid(void)
-	{
-	int i = 0;
-	CRYPTO_dynlock *pointer = NULL;
-
-	if (dynlock_create_callback == NULL)
-		{
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
-		return(0);
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-	if ((dyn_locks == NULL)
-		&& ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-	pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));
-	if (pointer == NULL)
-		{
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	pointer->references = 1;
-	pointer->data = dynlock_create_callback(__FILE__,__LINE__);
-	if (pointer->data == NULL)
-		{
-		OPENSSL_free(pointer);
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-
-	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-	/* First, try to find an existing empty slot */
-	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
-	/* If there was none, push, thereby creating a new one */
-	if (i == -1)
-		/* Since sk_push() returns the number of items on the
-		   stack, not the location of the pushed item, we need
-		   to transform the returned number into a position,
-		   by decreasing it.  */
-		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
-	else
-		/* If we found a place with a NULL pointer, put our pointer
-		   in it.  */
-		(void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
-	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-	if (i == -1)
-		{
-		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
-		OPENSSL_free(pointer);
-		}
-	else
-		i += 1; /* to avoid 0 */
-	return -i;
-	}
-
-void CRYPTO_destroy_dynlockid(int i)
-	{
-	CRYPTO_dynlock *pointer = NULL;
-	if (i)
-		i = -i-1;
-	if (dynlock_destroy_callback == NULL)
-		return;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-
-	if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-		return;
-		}
-	pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
-	if (pointer != NULL)
-		{
-		--pointer->references;
-#ifdef REF_CHECK
-		if (pointer->references < 0)
-			{
-			fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");
-			abort();
-			}
-		else
-#endif
-			if (pointer->references <= 0)
-				{
-				(void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
-				}
-			else
-				pointer = NULL;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-	if (pointer)
-		{
-		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
-		OPENSSL_free(pointer);
-		}
-	}
-
-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
-	{
-	CRYPTO_dynlock *pointer = NULL;
-	if (i)
-		i = -i-1;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-
-	if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
-		pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
-	if (pointer)
-		pointer->references++;
-
-	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-	if (pointer)
-		return pointer->data;
-	return NULL;
-	}
-
-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
-	(const char *file,int line)
-	{
-	return(dynlock_create_callback);
-	}
-
-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,
-	struct CRYPTO_dynlock_value *l, const char *file,int line)
-	{
-	return(dynlock_lock_callback);
-	}
-
-void (*CRYPTO_get_dynlock_destroy_callback(void))
-	(struct CRYPTO_dynlock_value *l, const char *file,int line)
-	{
-	return(dynlock_destroy_callback);
-	}
-
-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
-	(const char *file, int line))
-	{
-	dynlock_create_callback=func;
-	}
-
-void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
-	struct CRYPTO_dynlock_value *l, const char *file, int line))
-	{
-	dynlock_lock_callback=func;
-	}
-
-void CRYPTO_set_dynlock_destroy_callback(void (*func)
-	(struct CRYPTO_dynlock_value *l, const char *file, int line))
-	{
-	dynlock_destroy_callback=func;
-	}
-
-
-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
-		int line)
-	{
-	return(locking_callback);
-	}
-
-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
-					  const char *file,int line)
-	{
-	return(add_lock_callback);
-	}
-
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
-					      const char *file,int line))
-	{
-	/* Calling this here ensures initialisation before any threads
-	 * are started.
-	 */
-	OPENSSL_init();
-	locking_callback=func;
-	}
-
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
-					      const char *file,int line))
-	{
-	add_lock_callback=func;
-	}
-
-/* the memset() here and in set_pointer() seem overkill, but for the sake of
- * CRYPTO_THREADID_cmp() this avoids any platform silliness that might cause two
- * "equal" THREADID structs to not be memcmp()-identical. */
-void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val)
-	{
-	memset(id, 0, sizeof(*id));
-	id->val = val;
-	}
-
-static const unsigned char hash_coeffs[] = { 3, 5, 7, 11, 13, 17, 19, 23 };
-void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr)
-	{
-	unsigned char *dest = (void *)&id->val;
-	unsigned int accum = 0;
-	unsigned char dnum = sizeof(id->val);
-
-	memset(id, 0, sizeof(*id));
-	id->ptr = ptr;
-	if (sizeof(id->val) >= sizeof(id->ptr))
-		{
-		/* 'ptr' can be embedded in 'val' without loss of uniqueness */
-		id->val = (unsigned long)id->ptr;
-		return;
-		}
-	/* hash ptr ==> val. Each byte of 'val' gets the mod-256 total of a
-	 * linear function over the bytes in 'ptr', the co-efficients of which
-	 * are a sequence of low-primes (hash_coeffs is an 8-element cycle) -
-	 * the starting prime for the sequence varies for each byte of 'val'
-	 * (unique polynomials unless pointers are >64-bit). For added spice,
-	 * the totals accumulate rather than restarting from zero, and the index
-	 * of the 'val' byte is added each time (position dependence). If I was
-	 * a black-belt, I'd scan big-endian pointers in reverse to give
-	 * low-order bits more play, but this isn't crypto and I'd prefer nobody
-	 * mistake it as such. Plus I'm lazy. */
-	while (dnum--)
-		{
-		const unsigned char *src = (void *)&id->ptr;
-		unsigned char snum = sizeof(id->ptr);
-		while (snum--)
-			accum += *(src++) * hash_coeffs[(snum + dnum) & 7];
-		accum += dnum;
-		*(dest++) = accum & 255;
-		}
-	}
-
-int CRYPTO_THREADID_set_callback(void (*func)(CRYPTO_THREADID *))
-	{
-	if (threadid_callback)
-		return 0;
-	threadid_callback = func;
-	return 1;
-	}
-
-void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *)
-	{
-	return threadid_callback;
-	}
-
-void CRYPTO_THREADID_current(CRYPTO_THREADID *id)
-	{
-	if (threadid_callback)
-		{
-		threadid_callback(id);
-		return;
-		}
-#ifndef OPENSSL_NO_DEPRECATED
-	/* If the deprecated callback was set, fall back to that */
-	if (id_callback)
-		{
-		CRYPTO_THREADID_set_numeric(id, id_callback());
-		return;
-		}
-#endif
-	/* Else pick a backup */
-#ifdef OPENSSL_SYS_WIN16
-	CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask());
-#elif defined(OPENSSL_SYS_WIN32)
-	CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId());
-#elif defined(OPENSSL_SYS_BEOS)
-	CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL));
-#else
-	/* For everything else, default to using the address of 'errno' */
-	CRYPTO_THREADID_set_pointer(id, (void*)&errno);
-#endif
-	}
-
-int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b)
-	{
-	return memcmp(a, b, sizeof(*a));
-	}
-
-void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src)
-	{
-	memcpy(dest, src, sizeof(*src));
-	}
-
-unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id)
-	{
-	return id->val;
-	}
-
-#ifndef OPENSSL_NO_DEPRECATED
-unsigned long (*CRYPTO_get_id_callback(void))(void)
-	{
-	return(id_callback);
-	}
-
-void CRYPTO_set_id_callback(unsigned long (*func)(void))
-	{
-	id_callback=func;
-	}
-
-unsigned long CRYPTO_thread_id(void)
-	{
-	unsigned long ret=0;
-
-	if (id_callback == NULL)
-		{
-#ifdef OPENSSL_SYS_WIN16
-		ret=(unsigned long)GetCurrentTask();
-#elif defined(OPENSSL_SYS_WIN32)
-		ret=(unsigned long)GetCurrentThreadId();
-#elif defined(GETPID_IS_MEANINGLESS)
-		ret=1L;
-#elif defined(OPENSSL_SYS_BEOS)
-		ret=(unsigned long)find_thread(NULL);
-#else
-		ret=(unsigned long)getpid();
-#endif
-		}
-	else
-		ret=id_callback();
-	return(ret);
-	}
-#endif
-
-void CRYPTO_lock(int mode, int type, const char *file, int line)
-	{
-#ifdef LOCK_DEBUG
-		{
-		CRYPTO_THREADID id;
-		char *rw_text,*operation_text;
-
-		if (mode & CRYPTO_LOCK)
-			operation_text="lock  ";
-		else if (mode & CRYPTO_UNLOCK)
-			operation_text="unlock";
-		else
-			operation_text="ERROR ";
-
-		if (mode & CRYPTO_READ)
-			rw_text="r";
-		else if (mode & CRYPTO_WRITE)
-			rw_text="w";
-		else
-			rw_text="ERROR";
-
-		CRYPTO_THREADID_current(&id);
-		fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n",
-			CRYPTO_THREADID_hash(&id), rw_text, operation_text,
-			CRYPTO_get_lock_name(type), file, line);
-		}
-#endif
-	if (type < 0)
-		{
-		if (dynlock_lock_callback != NULL)
-			{
-			struct CRYPTO_dynlock_value *pointer
-				= CRYPTO_get_dynlock_value(type);
-
-			OPENSSL_assert(pointer != NULL);
-
-			dynlock_lock_callback(mode, pointer, file, line);
-
-			CRYPTO_destroy_dynlockid(type);
-			}
-		}
-	else
-		if (locking_callback != NULL)
-			locking_callback(mode,type,file,line);
-	}
-
-int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
-	     int line)
-	{
-	int ret = 0;
-
-	if (add_lock_callback != NULL)
-		{
-#ifdef LOCK_DEBUG
-		int before= *pointer;
-#endif
-
-		ret=add_lock_callback(pointer,amount,type,file,line);
-#ifdef LOCK_DEBUG
-		{
-		CRYPTO_THREADID id;
-		CRYPTO_THREADID_current(&id);
-		fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
-			CRYPTO_THREADID_hash(&id), before,amount,ret,
-			CRYPTO_get_lock_name(type),
-			file,line);
-		}
-#endif
-		}
-	else
-		{
-		CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line);
-
-		ret= *pointer+amount;
-#ifdef LOCK_DEBUG
-		{
-		CRYPTO_THREADID id;
-		CRYPTO_THREADID_current(&id);
-		fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
-			CRYPTO_THREADID_hash(&id),
-			*pointer,amount,ret,
-			CRYPTO_get_lock_name(type),
-			file,line);
-		}
-#endif
-		*pointer=ret;
-		CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line);
-		}
-	return(ret);
-	}
-
-const char *CRYPTO_get_lock_name(int type)
-	{
-	if (type < 0)
-		return("dynamic");
-	else if (type < CRYPTO_NUM_LOCKS)
-		return(lock_names[type]);
-	else if (type-CRYPTO_NUM_LOCKS > sk_OPENSSL_STRING_num(app_locks))
-		return("ERROR");
-	else
-		return(sk_OPENSSL_STRING_value(app_locks,type-CRYPTO_NUM_LOCKS));
-	}
-
-#if	defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
-	defined(__INTEL__) || \
-	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
-
-unsigned int  OPENSSL_ia32cap_P[2];
-unsigned long *OPENSSL_ia32cap_loc(void)
-{   if (sizeof(long)==4)
-	/*
-	 * If 32-bit application pulls address of OPENSSL_ia32cap_P[0]
-	 * clear second element to maintain the illusion that vector
-	 * is 32-bit.
-	 */
-	OPENSSL_ia32cap_P[1]=0;
-    return (unsigned long *)OPENSSL_ia32cap_P;
-}
-
-#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
-#define OPENSSL_CPUID_SETUP
-#if defined(_WIN32)
-typedef unsigned __int64 IA32CAP;
-#else
-typedef unsigned long long IA32CAP;
-#endif
-void OPENSSL_cpuid_setup(void)
-{ static int trigger=0;
-  IA32CAP OPENSSL_ia32_cpuid(void);
-  IA32CAP vec;
-  char *env;
-
-    if (trigger)	return;
-
-    trigger=1;
-    if ((env=getenv("OPENSSL_ia32cap"))) {
-	int off = (env[0]=='~')?1:0;
-#if defined(_WIN32)
-	if (!sscanf(env+off,"%I64i",&vec)) vec = strtoul(env+off,NULL,0);
-#else
-	if (!sscanf(env+off,"%lli",(long long *)&vec)) vec = strtoul(env+off,NULL,0);
-#endif
-	if (off) vec = OPENSSL_ia32_cpuid()&~vec;
-    }
-    else
-	vec = OPENSSL_ia32_cpuid();
-
-    /*
-     * |(1<<10) sets a reserved bit to signal that variable
-     * was initialized already... This is to avoid interference
-     * with cpuid snippets in ELF .init segment.
-     */
-    OPENSSL_ia32cap_P[0] = (unsigned int)vec|(1<<10);
-    OPENSSL_ia32cap_P[1] = (unsigned int)(vec>>32);
-}
-#endif
-
-#else
-unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; }
-#endif
-int OPENSSL_NONPIC_relocated = 0;
-#if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
-void OPENSSL_cpuid_setup(void) {}
-#endif
-
-#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)
-#ifdef __CYGWIN__
-/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
-#include <windows.h>
-/* this has side-effect of _WIN32 getting defined, which otherwise
- * is mutually exclusive with __CYGWIN__... */
-#endif
-
-/* All we really need to do is remove the 'error' state when a thread
- * detaches */
-
-BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
-	     LPVOID lpvReserved)
-	{
-	switch(fdwReason)
-		{
-	case DLL_PROCESS_ATTACH:
-		OPENSSL_cpuid_setup();
-#if defined(_WIN32_WINNT)
-		{
-		IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL;
-		IMAGE_NT_HEADERS *nt_headers;
-
-		if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
-			{
-			nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header
-						+ dos_header->e_lfanew);
-			if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
-			    hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase))
-				OPENSSL_NONPIC_relocated=1;
-			}
-		}
-#endif
-		break;
-	case DLL_THREAD_ATTACH:
-		break;
-	case DLL_THREAD_DETACH:
-		break;
-	case DLL_PROCESS_DETACH:
-		break;
-		}
-	return(TRUE);
-	}
-#endif
-
-#if defined(_WIN32) && !defined(__CYGWIN__)
-#include <tchar.h>
-#include <signal.h>
-#ifdef __WATCOMC__
-#if defined(_UNICODE) || defined(__UNICODE__)
-#define _vsntprintf _vsnwprintf
-#else
-#define _vsntprintf _vsnprintf
-#endif
-#endif
-#ifdef _MSC_VER
-#define alloca _alloca
-#endif
-
-#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
-int OPENSSL_isservice(void)
-{ HWINSTA h;
-  DWORD len;
-  WCHAR *name;
-  static union { void *p; int (*f)(void); } _OPENSSL_isservice = { NULL };
-
-    if (_OPENSSL_isservice.p == NULL) {
-	HANDLE h = GetModuleHandle(NULL);
-	if (h != NULL)
-	    _OPENSSL_isservice.p = GetProcAddress(h,"_OPENSSL_isservice");
-	if (_OPENSSL_isservice.p == NULL)
-	    _OPENSSL_isservice.p = (void *)-1;
-    }
-
-    if (_OPENSSL_isservice.p != (void *)-1)
-	return (*_OPENSSL_isservice.f)();
-
-    (void)GetDesktopWindow(); /* return value is ignored */
-
-    h = GetProcessWindowStation();
-    if (h==NULL) return -1;
-
-    if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) ||
-	GetLastError() != ERROR_INSUFFICIENT_BUFFER)
-	return -1;
-
-    if (len>512) return -1;		/* paranoia */
-    len++,len&=~1;			/* paranoia */
-    name=(WCHAR *)alloca(len+sizeof(WCHAR));
-    if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len))
-	return -1;
-
-    len++,len&=~1;			/* paranoia */
-    name[len/sizeof(WCHAR)]=L'\0';	/* paranoia */
-#if 1
-    /* This doesn't cover "interactive" services [working with real
-     * WinSta0's] nor programs started non-interactively by Task
-     * Scheduler [those are working with SAWinSta]. */
-    if (wcsstr(name,L"Service-0x"))	return 1;
-#else
-    /* This covers all non-interactive programs such as services. */
-    if (!wcsstr(name,L"WinSta0"))	return 1;
-#endif
-    else				return 0;
-}
-#else
-int OPENSSL_isservice(void) { return 0; }
-#endif
-
-void OPENSSL_showfatal (const char *fmta,...)
-{ va_list ap;
-  TCHAR buf[256];
-  const TCHAR *fmt;
-#ifdef STD_ERROR_HANDLE	/* what a dirty trick! */
-  HANDLE h;
-
-    if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
-	GetFileType(h)!=FILE_TYPE_UNKNOWN)
-    {	/* must be console application */
-	va_start (ap,fmta);
-	vfprintf (stderr,fmta,ap);
-	va_end (ap);
-	return;
-    }
-#endif
-
-    if (sizeof(TCHAR)==sizeof(char))
-	fmt=(const TCHAR *)fmta;
-    else do
-    { int    keepgoing;
-      size_t len_0=strlen(fmta)+1,i;
-      WCHAR *fmtw;
-
-	fmtw = (WCHAR *)alloca(len_0*sizeof(WCHAR));
-	if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; }
-
-#ifndef OPENSSL_NO_MULTIBYTE
-	if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0))
-#endif
-	    for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i];
-
-	for (i=0;i<len_0;i++)
-	{   if (fmtw[i]==L'%') do
-	    {	keepgoing=0;
-		switch (fmtw[i+1])
-		{   case L'0': case L'1': case L'2': case L'3': case L'4':
-		    case L'5': case L'6': case L'7': case L'8': case L'9':
-		    case L'.': case L'*':
-		    case L'-':	i++; keepgoing=1; break;
-		    case L's':	fmtw[i+1]=L'S';   break;
-		    case L'S':	fmtw[i+1]=L's';   break;
-		    case L'c':	fmtw[i+1]=L'C';   break;
-		    case L'C':	fmtw[i+1]=L'c';   break;
-		}
-	    } while (keepgoing);
-	}
-	fmt = (const TCHAR *)fmtw;
-    } while (0);
-
-    va_start (ap,fmta);
-    _vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap);
-    buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0');
-    va_end (ap);
-
-#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
-    /* this -------------v--- guards NT-specific calls */
-    if (check_winnt() && OPENSSL_isservice() > 0)
-    {	HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
-	const TCHAR *pmsg=buf;
-	ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
-	DeregisterEventSource(h);
-    }
-    else
-#endif
-	MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);
-}
-#else
-void OPENSSL_showfatal (const char *fmta,...)
-{ va_list ap;
-
-    va_start (ap,fmta);
-    vfprintf (stderr,fmta,ap);
-    va_end (ap);
-}
-int OPENSSL_isservice (void) { return 0; }
-#endif
-
-void OpenSSLDie(const char *file,int line,const char *assertion)
-	{
-	OPENSSL_showfatal(
-		"%s(%d): OpenSSL internal error, assertion failed: %s\n",
-		file,line,assertion);
-#if !defined(_WIN32) || defined(__CYGWIN__)
-	abort();
-#else
-	/* Win32 abort() customarily shows a dialog, but we just did that... */
-	raise(SIGABRT);
-	_exit(3);
-#endif
-	}
-
-void *OPENSSL_stderr(void)	{ return stderr; }
-
-int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
-	{
-	size_t i;
-	const unsigned char *a = in_a;
-	const unsigned char *b = in_b;
-	unsigned char x = 0;
-
-	for (i = 0; i < len; i++)
-		x |= a[i] ^ b[i];
-
-	return x;
-	}
diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
deleted file mode 100644
index d26f9630ea..0000000000
--- a/crypto/cryptlib.h
+++ /dev/null
@@ -1,111 +0,0 @@
-/* crypto/cryptlib.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CRYPTLIB_H
-#define HEADER_CRYPTLIB_H
-
-#include <stdlib.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#ifdef OPENSSL_USE_APPLINK
-#define BIO_FLAGS_UPLINK 0x8000
-#include "ms/uplink.h"
-#endif
-
-#include <openssl/crypto.h>
-#include <openssl/buffer.h> 
-#include <openssl/bio.h> 
-#include <openssl/err.h>
-#include <openssl/opensslconf.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifndef OPENSSL_SYS_VMS
-#define X509_CERT_AREA		OPENSSLDIR
-#define X509_CERT_DIR		OPENSSLDIR "/certs"
-#define X509_CERT_FILE		OPENSSLDIR "/cert.pem"
-#define X509_PRIVATE_DIR	OPENSSLDIR "/private"
-#else
-#define X509_CERT_AREA		"SSLROOT:[000000]"
-#define X509_CERT_DIR		"SSLCERTS:"
-#define X509_CERT_FILE		"SSLCERTS:cert.pem"
-#define X509_PRIVATE_DIR        "SSLPRIVATE:"
-#endif
-
-#define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
-#define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
-
-/* size of string representations */
-#define DECIMAL_SIZE(type)	((sizeof(type)*8+2)/3+1)
-#define HEX_SIZE(type)		(sizeof(type)*2)
-
-void OPENSSL_cpuid_setup(void);
-extern unsigned int OPENSSL_ia32cap_P[];
-void OPENSSL_showfatal(const char *fmta,...);
-void *OPENSSL_stderr(void);
-extern int OPENSSL_NONPIC_relocated;
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/crypto.h b/crypto/crypto.h
deleted file mode 100644
index f92fc5182d..0000000000
--- a/crypto/crypto.h
+++ /dev/null
@@ -1,611 +0,0 @@
-/* crypto/crypto.h */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_CRYPTO_H
-#define HEADER_CRYPTO_H
-
-#include <stdlib.h>
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h>
-#endif
-
-#include <openssl/stack.h>
-#include <openssl/safestack.h>
-#include <openssl/opensslv.h>
-#include <openssl/ossl_typ.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-/* Resolve problems on some operating systems with symbol names that clash
-   one way or another */
-#include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Backward compatibility to SSLeay */
-/* This is more to be used to check the correct DLL is being used
- * in the MS world. */
-#define SSLEAY_VERSION_NUMBER	OPENSSL_VERSION_NUMBER
-#define SSLEAY_VERSION		0
-/* #define SSLEAY_OPTIONS	1 no longer supported */
-#define SSLEAY_CFLAGS		2
-#define SSLEAY_BUILT_ON		3
-#define SSLEAY_PLATFORM		4
-#define SSLEAY_DIR		5
-
-/* Already declared in ossl_typ.h */
-#if 0
-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
-/* Called when a new object is created */
-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-					int idx, long argl, void *argp);
-/* Called when an object is free()ed */
-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-					int idx, long argl, void *argp);
-/* Called when we need to dup an object */
-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
-					int idx, long argl, void *argp);
-#endif
-
-/* A generic structure to pass assorted data in a expandable way */
-typedef struct openssl_item_st
-	{
-	int code;
-	void *value;		/* Not used for flag attributes */
-	size_t value_size;	/* Max size of value for output, length for input */
-	size_t *value_length;	/* Returned length of value for output */
-	} OPENSSL_ITEM;
-
-
-/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
- * names in cryptlib.c
- */
-
-#define	CRYPTO_LOCK_ERR			1
-#define	CRYPTO_LOCK_EX_DATA		2
-#define	CRYPTO_LOCK_X509		3
-#define	CRYPTO_LOCK_X509_INFO		4
-#define	CRYPTO_LOCK_X509_PKEY		5
-#define CRYPTO_LOCK_X509_CRL		6
-#define CRYPTO_LOCK_X509_REQ		7
-#define CRYPTO_LOCK_DSA			8
-#define CRYPTO_LOCK_RSA			9
-#define CRYPTO_LOCK_EVP_PKEY		10
-#define CRYPTO_LOCK_X509_STORE		11
-#define CRYPTO_LOCK_SSL_CTX		12
-#define CRYPTO_LOCK_SSL_CERT		13
-#define CRYPTO_LOCK_SSL_SESSION		14
-#define CRYPTO_LOCK_SSL_SESS_CERT	15
-#define CRYPTO_LOCK_SSL			16
-#define CRYPTO_LOCK_SSL_METHOD		17
-#define CRYPTO_LOCK_RAND		18
-#define CRYPTO_LOCK_RAND2		19
-#define CRYPTO_LOCK_MALLOC		20
-#define CRYPTO_LOCK_BIO			21
-#define CRYPTO_LOCK_GETHOSTBYNAME	22
-#define CRYPTO_LOCK_GETSERVBYNAME	23
-#define CRYPTO_LOCK_READDIR		24
-#define CRYPTO_LOCK_RSA_BLINDING	25
-#define CRYPTO_LOCK_DH			26
-#define CRYPTO_LOCK_MALLOC2		27
-#define CRYPTO_LOCK_DSO			28
-#define CRYPTO_LOCK_DYNLOCK		29
-#define CRYPTO_LOCK_ENGINE		30
-#define CRYPTO_LOCK_UI			31
-#define CRYPTO_LOCK_ECDSA               32
-#define CRYPTO_LOCK_EC			33
-#define CRYPTO_LOCK_ECDH		34
-#define CRYPTO_LOCK_BN  		35
-#define CRYPTO_LOCK_EC_PRE_COMP		36
-#define CRYPTO_LOCK_STORE		37
-#define CRYPTO_LOCK_COMP		38
-#define CRYPTO_LOCK_FIPS		39
-#define CRYPTO_LOCK_FIPS2		40
-#define CRYPTO_NUM_LOCKS		41
-
-#define CRYPTO_LOCK		1
-#define CRYPTO_UNLOCK		2
-#define CRYPTO_READ		4
-#define CRYPTO_WRITE		8
-
-#ifndef OPENSSL_NO_LOCKING
-#ifndef CRYPTO_w_lock
-#define CRYPTO_w_lock(type)	\
-	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-#define CRYPTO_w_unlock(type)	\
-	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-#define CRYPTO_r_lock(type)	\
-	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-#define CRYPTO_r_unlock(type)	\
-	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-#define CRYPTO_add(addr,amount,type)	\
-	CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-#endif
-#else
-#define CRYPTO_w_lock(a)
-#define CRYPTO_w_unlock(a)
-#define CRYPTO_r_lock(a)
-#define CRYPTO_r_unlock(a)
-#define CRYPTO_add(a,b,c)	((*(a))+=(b))
-#endif
-
-/* Some applications as well as some parts of OpenSSL need to allocate
-   and deallocate locks in a dynamic fashion.  The following typedef
-   makes this possible in a type-safe manner.  */
-/* struct CRYPTO_dynlock_value has to be defined by the application. */
-typedef struct
-	{
-	int references;
-	struct CRYPTO_dynlock_value *data;
-	} CRYPTO_dynlock;
-
-
-/* The following can be used to detect memory leaks in the SSLeay library.
- * It used, it turns on malloc checking */
-
-#define CRYPTO_MEM_CHECK_OFF	0x0	/* an enume */
-#define CRYPTO_MEM_CHECK_ON	0x1	/* a bit */
-#define CRYPTO_MEM_CHECK_ENABLE	0x2	/* a bit */
-#define CRYPTO_MEM_CHECK_DISABLE 0x3	/* an enume */
-
-/* The following are bit values to turn on or off options connected to the
- * malloc checking functionality */
-
-/* Adds time to the memory checking information */
-#define V_CRYPTO_MDEBUG_TIME	0x1 /* a bit */
-/* Adds thread number to the memory checking information */
-#define V_CRYPTO_MDEBUG_THREAD	0x2 /* a bit */
-
-#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD)
-
-
-/* predec of the BIO type */
-typedef struct bio_st BIO_dummy;
-
-struct crypto_ex_data_st
-	{
-	STACK_OF(void) *sk;
-	int dummy; /* gcc is screwing up this data structure :-( */
-	};
-DECLARE_STACK_OF(void)
-
-/* This stuff is basically class callback functions
- * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
-
-typedef struct crypto_ex_data_func_st
-	{
-	long argl;	/* Arbitary long */
-	void *argp;	/* Arbitary void * */
-	CRYPTO_EX_new *new_func;
-	CRYPTO_EX_free *free_func;
-	CRYPTO_EX_dup *dup_func;
-	} CRYPTO_EX_DATA_FUNCS;
-
-DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
-
-/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
- * entry.
- */
-
-#define CRYPTO_EX_INDEX_BIO		0
-#define CRYPTO_EX_INDEX_SSL		1
-#define CRYPTO_EX_INDEX_SSL_CTX		2
-#define CRYPTO_EX_INDEX_SSL_SESSION	3
-#define CRYPTO_EX_INDEX_X509_STORE	4
-#define CRYPTO_EX_INDEX_X509_STORE_CTX	5
-#define CRYPTO_EX_INDEX_RSA		6
-#define CRYPTO_EX_INDEX_DSA		7
-#define CRYPTO_EX_INDEX_DH		8
-#define CRYPTO_EX_INDEX_ENGINE		9
-#define CRYPTO_EX_INDEX_X509		10
-#define CRYPTO_EX_INDEX_UI		11
-#define CRYPTO_EX_INDEX_ECDSA		12
-#define CRYPTO_EX_INDEX_ECDH		13
-#define CRYPTO_EX_INDEX_COMP		14
-#define CRYPTO_EX_INDEX_STORE		15
-
-/* Dynamically assigned indexes start from this value (don't use directly, use
- * via CRYPTO_ex_data_new_class). */
-#define CRYPTO_EX_INDEX_USER		100
-
-
-/* This is the default callbacks, but we can have others as well:
- * this is needed in Win32 where the application malloc and the
- * library malloc may not be the same.
- */
-#define CRYPTO_malloc_init()	CRYPTO_set_mem_functions(\
-	malloc, realloc, free)
-
-#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD
-# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */
-#  define CRYPTO_MDEBUG
-# endif
-#endif
-
-/* Set standard debugging functions (not done by default
- * unless CRYPTO_MDEBUG is defined) */
-#define CRYPTO_malloc_debug_init()	do {\
-	CRYPTO_set_mem_debug_functions(\
-		CRYPTO_dbg_malloc,\
-		CRYPTO_dbg_realloc,\
-		CRYPTO_dbg_free,\
-		CRYPTO_dbg_set_options,\
-		CRYPTO_dbg_get_options);\
-	} while(0)
-
-int CRYPTO_mem_ctrl(int mode);
-int CRYPTO_is_mem_check_on(void);
-
-/* for applications */
-#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
-#define MemCheck_stop()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)
-
-/* for library-internal use */
-#define MemCheck_on()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE)
-#define MemCheck_off()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
-#define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
-#define OPENSSL_malloc(num)	CRYPTO_malloc((int)num,__FILE__,__LINE__)
-#define OPENSSL_strdup(str)	CRYPTO_strdup((str),__FILE__,__LINE__)
-#define OPENSSL_realloc(addr,num) \
-	CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-#define OPENSSL_realloc_clean(addr,old_num,num) \
-	CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-#define OPENSSL_remalloc(addr,num) \
-	CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-#define OPENSSL_freeFunc	CRYPTO_free
-#define OPENSSL_free(addr)	CRYPTO_free(addr)
-
-#define OPENSSL_malloc_locked(num) \
-	CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
-
-const char *SSLeay_version(int type);
-unsigned long SSLeay(void);
-
-int OPENSSL_issetugid(void);
-
-/* An opaque type representing an implementation of "ex_data" support */
-typedef struct st_CRYPTO_EX_DATA_IMPL	CRYPTO_EX_DATA_IMPL;
-/* Return an opaque pointer to the current "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
-/* Sets the "ex_data" implementation to be used (if it's not too late) */
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
-/* Get a new "ex_data" class, and return the corresponding "class_index" */
-int CRYPTO_ex_data_new_class(void);
-/* Within a given class, get/register a new index */
-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-		CRYPTO_EX_free *free_func);
-/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given
- * class (invokes whatever per-class callbacks are applicable) */
-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-		CRYPTO_EX_DATA *from);
-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index
- * (relative to the class type involved) */
-int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx);
-/* This function cleans up all "ex_data" state. It mustn't be called under
- * potential race-conditions. */
-void CRYPTO_cleanup_all_ex_data(void);
-
-int CRYPTO_get_new_lockid(char *name);
-
-int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */
-void CRYPTO_lock(int mode, int type,const char *file,int line);
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
-					      const char *file,int line));
-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
-		int line);
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
-					      const char *file, int line));
-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
-					  const char *file,int line);
-
-/* Don't use this structure directly. */
-typedef struct crypto_threadid_st
-	{
-	void *ptr;
-	unsigned long val;
-	} CRYPTO_THREADID;
-/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
-void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val);
-void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
-int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *));
-void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *);
-void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
-int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
-void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
-unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
-#ifndef OPENSSL_NO_DEPRECATED
-void CRYPTO_set_id_callback(unsigned long (*func)(void));
-unsigned long (*CRYPTO_get_id_callback(void))(void);
-unsigned long CRYPTO_thread_id(void);
-#endif
-
-const char *CRYPTO_get_lock_name(int type);
-int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
-		    int line);
-
-int CRYPTO_get_new_dynlockid(void);
-void CRYPTO_destroy_dynlockid(int i);
-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line));
-void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line));
-void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line));
-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line);
-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line);
-void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line);
-
-/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions --
- * call the latter last if you need different functions */
-int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *));
-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *));
-int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int),
-                                void *(*r)(void *,size_t,const char *,int),
-                                void (*f)(void *));
-int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int),
-                                       void (*free_func)(void *));
-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
-				   void (*r)(void *,void *,int,const char *,int,int),
-				   void (*f)(void *,int),
-				   void (*so)(long),
-				   long (*go)(void));
-void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));
-void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
-void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),
-                                 void *(**r)(void *, size_t,const char *,int),
-                                 void (**f)(void *));
-void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int),
-                                        void (**f)(void *));
-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
-				    void (**r)(void *,void *,int,const char *,int,int),
-				    void (**f)(void *,int),
-				    void (**so)(long),
-				    long (**go)(void));
-
-void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *ptr);
-void *CRYPTO_malloc(int num, const char *file, int line);
-char *CRYPTO_strdup(const char *str, const char *file, int line);
-void CRYPTO_free(void *ptr);
-void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
-void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
-			   int line);
-void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
-
-void OPENSSL_cleanse(void *ptr, size_t len);
-
-void CRYPTO_set_mem_debug_options(long bits);
-long CRYPTO_get_mem_debug_options(void);
-
-#define CRYPTO_push_info(info) \
-        CRYPTO_push_info_(info, __FILE__, __LINE__);
-int CRYPTO_push_info_(const char *info, const char *file, int line);
-int CRYPTO_pop_info(void);
-int CRYPTO_remove_all_info(void);
-
-
-/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
- * used as default in CRYPTO_MDEBUG compilations): */
-/* The last argument has the following significance:
- *
- * 0:	called before the actual memory allocation has taken place
- * 1:	called after the actual memory allocation has taken place
- */
-void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
-void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
-void CRYPTO_dbg_free(void *addr,int before_p);
-/* Tell the debugging code about options.  By default, the following values
- * apply:
- *
- * 0:                           Clear all options.
- * V_CRYPTO_MDEBUG_TIME (1):    Set the "Show Time" option.
- * V_CRYPTO_MDEBUG_THREAD (2):  Set the "Show Thread Number" option.
- * V_CRYPTO_MDEBUG_ALL (3):     1 + 2
- */
-void CRYPTO_dbg_set_options(long bits);
-long CRYPTO_dbg_get_options(void);
-
-
-#ifndef OPENSSL_NO_FP_API
-void CRYPTO_mem_leaks_fp(FILE *);
-#endif
-void CRYPTO_mem_leaks(struct bio_st *bio);
-/* unsigned long order, char *file, int line, int num_bytes, char *addr */
-typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
-
-/* die if we have to */
-void OpenSSLDie(const char *file,int line,const char *assertion);
-#define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-
-unsigned long *OPENSSL_ia32cap_loc(void);
-#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
-int OPENSSL_isservice(void);
-
-int FIPS_mode(void);
-int FIPS_mode_set(int r);
-
-void OPENSSL_init(void);
-
-#define fips_md_init(alg) fips_md_init_ctx(alg, alg)
-
-#ifdef OPENSSL_FIPS
-#define fips_md_init_ctx(alg, cx) \
-	int alg##_Init(cx##_CTX *c) \
-	{ \
-	if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-		"Low level API call to digest " #alg " forbidden in FIPS mode!"); \
-	return private_##alg##_Init(c); \
-	} \
-	int private_##alg##_Init(cx##_CTX *c)
-
-#define fips_cipher_abort(alg) \
-	if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-		"Low level API call to cipher " #alg " forbidden in FIPS mode!")
-
-#else
-#define fips_md_init_ctx(alg, cx) \
-	int alg##_Init(cx##_CTX *c)
-#define fips_cipher_abort(alg) while(0)
-#endif
-
-/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
- * takes an amount of time dependent on |len|, but independent of the contents
- * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
- * defined order as the return value when a != b is undefined, other than to be
- * non-zero. */
-int CRYPTO_memcmp(const void *a, const void *b, size_t len);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CRYPTO_strings(void);
-
-/* Error codes for the CRYPTO functions. */
-
-/* Function codes. */
-#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX		 100
-#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID		 103
-#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID			 101
-#define CRYPTO_F_CRYPTO_SET_EX_DATA			 102
-#define CRYPTO_F_DEF_ADD_INDEX				 104
-#define CRYPTO_F_DEF_GET_CLASS				 105
-#define CRYPTO_F_FIPS_MODE_SET				 109
-#define CRYPTO_F_INT_DUP_EX_DATA			 106
-#define CRYPTO_F_INT_FREE_EX_DATA			 107
-#define CRYPTO_F_INT_NEW_EX_DATA			 108
-
-/* Reason codes. */
-#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED		 101
-#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK		 100
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/cversion.c b/crypto/cversion.c
deleted file mode 100644
index 881957e892..0000000000
--- a/crypto/cversion.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/* crypto/cversion.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "cryptlib.h"
-
-#ifndef NO_WINDOWS_BRAINDEATH
-#include "buildinf.h"
-#endif
-
-const char *SSLeay_version(int t)
-	{
-	if (t == SSLEAY_VERSION)
-		return OPENSSL_VERSION_TEXT;
-	if (t == SSLEAY_BUILT_ON)
-		{
-#ifdef DATE
-		return(DATE);
-#else
-		return("built on: date not available");
-#endif
-		}
-	if (t == SSLEAY_CFLAGS)
-		{
-#ifdef CFLAGS
-		return(CFLAGS);
-#else
-		return("compiler: information not available");
-#endif
-		}
-	if (t == SSLEAY_PLATFORM)
-		{
-#ifdef PLATFORM
-		return(PLATFORM);
-#else
-		return("platform: information not available");
-#endif
-		}
-	if (t == SSLEAY_DIR)
-		{
-#ifdef OPENSSLDIR
-		return "OPENSSLDIR: \"" OPENSSLDIR "\"";
-#else
-		return "OPENSSLDIR: N/A";
-#endif
-		}
-	return("not available");
-	}
-
-unsigned long SSLeay(void)
-	{
-	return(SSLEAY_VERSION_NUMBER);
-	}
-
diff --git a/crypto/des/COPYRIGHT b/crypto/des/COPYRIGHT
deleted file mode 100644
index 5469e1e469..0000000000
--- a/crypto/des/COPYRIGHT
+++ /dev/null
@@ -1,50 +0,0 @@
-Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
-All rights reserved.
-
-This package is an DES implementation written by Eric Young (eay@cryptsoft.com).
-The implementation was written so as to conform with MIT's libdes.
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to.  The following conditions
-apply to all code found in this distribution.
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-If this package is used in a product, Eric Young should be given attribution
-as the author of that the SSL library.  This can be in the form of a textual
-message at program startup or in documentation (online or textual) provided
-with the package.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-   This product includes software developed by Eric Young (eay@cryptsoft.com)
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-The license and distribution terms for any publically available version or
-derivative of this code cannot be changed.  i.e. this code cannot simply be
-copied and put under another distrubution license
-[including the GNU Public License.]
-
-The reason behind this being stated in this direct manner is past
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.
diff --git a/crypto/des/DES.pm b/crypto/des/DES.pm
deleted file mode 100644
index 6a175b6ca4..0000000000
--- a/crypto/des/DES.pm
+++ /dev/null
@@ -1,19 +0,0 @@
-package DES;
-
-require Exporter;
-require DynaLoader;
-@ISA = qw(Exporter DynaLoader);
-# Items to export into callers namespace by default
-# (move infrequently used names to @EXPORT_OK below)
-@EXPORT = qw(
-);
-# Other items we are prepared to export if requested
-@EXPORT_OK = qw(
-crypt
-);
-
-# Preloaded methods go here.  Autoload methods go after __END__, and are
-# processed by the autosplit program.
-bootstrap DES;
-1;
-__END__
diff --git a/crypto/des/DES.xs b/crypto/des/DES.xs
deleted file mode 100644
index b8050b9edf..0000000000
--- a/crypto/des/DES.xs
+++ /dev/null
@@ -1,268 +0,0 @@
-#include "EXTERN.h"
-#include "perl.h"
-#include "XSUB.h"
-#include "des.h"
-
-#define deschar	char
-static STRLEN len;
-
-static int
-not_here(s)
-char *s;
-{
-    croak("%s not implemented on this architecture", s);
-    return -1;
-}
-
-MODULE = DES	PACKAGE = DES	PREFIX = des_
-
-char *
-des_crypt(buf,salt)
-	char *	buf
-	char *	salt
-
-void
-des_set_odd_parity(key)
-	des_cblock *	key
-PPCODE:
-	{
-	SV *s;
-
-	s=sv_newmortal();
-	sv_setpvn(s,(char *)key,8);
-	des_set_odd_parity((des_cblock *)SvPV(s,na));
-	PUSHs(s);
-	}
-
-int
-des_is_weak_key(key)
-	des_cblock *	key
-
-des_key_schedule
-des_set_key(key)
-	des_cblock *	key
-CODE:
-	des_set_key(key,RETVAL);
-OUTPUT:
-RETVAL
-
-des_cblock
-des_ecb_encrypt(input,ks,encrypt)
-	des_cblock *	input
-	des_key_schedule *	ks
-	int	encrypt
-CODE:
-	des_ecb_encrypt(input,&RETVAL,*ks,encrypt);
-OUTPUT:
-RETVAL
-
-void
-des_cbc_encrypt(input,ks,ivec,encrypt)
-	char *	input
-	des_key_schedule *	ks
-	des_cblock *	ivec
-	int	encrypt
-PPCODE:
-	{
-	SV *s;
-	STRLEN len,l;
-	char *c;
-
-	l=SvCUR(ST(0));
-	len=((((unsigned long)l)+7)/8)*8;
-	s=sv_newmortal();
-	sv_setpvn(s,"",0);
-	SvGROW(s,len);
-	SvCUR_set(s,len);
-	c=(char *)SvPV(s,na);
-	des_cbc_encrypt((des_cblock *)input,(des_cblock *)c,
-		l,*ks,ivec,encrypt);
-	sv_setpvn(ST(2),(char *)c[len-8],8);
-	PUSHs(s);
-	}
-
-void
-des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt)
-	char *	input
-	des_key_schedule *	ks1
-	des_key_schedule *	ks2
-	des_cblock *	ivec1
-	des_cblock *	ivec2
-	int	encrypt
-PPCODE:
-	{
-	SV *s;
-	STRLEN len,l;
-
-	l=SvCUR(ST(0));
-	len=((((unsigned long)l)+7)/8)*8;
-	s=sv_newmortal();
-	sv_setpvn(s,"",0);
-	SvGROW(s,len);
-	SvCUR_set(s,len);
-	des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na),
-		l,*ks1,*ks2,ivec1,ivec2,encrypt);
-	sv_setpvn(ST(3),(char *)ivec1,8);
-	sv_setpvn(ST(4),(char *)ivec2,8);
-	PUSHs(s);
-	}
-
-void
-des_cbc_cksum(input,ks,ivec)
-	char *	input
-	des_key_schedule *	ks
-	des_cblock *	ivec
-PPCODE:
-	{
-	SV *s1,*s2;
-	STRLEN len,l;
-	des_cblock c;
-	unsigned long i1,i2;
-
-	s1=sv_newmortal();
-	s2=sv_newmortal();
-	l=SvCUR(ST(0));
-	des_cbc_cksum((des_cblock *)input,(des_cblock *)c,
-		l,*ks,ivec);
-	i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24);
-	i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24);
-	sv_setiv(s1,i1);
-	sv_setiv(s2,i2);
-	sv_setpvn(ST(2),(char *)c,8);
-	PUSHs(s1);
-	PUSHs(s2);
-	}
-
-void
-des_cfb_encrypt(input,numbits,ks,ivec,encrypt)
-	char *	input
-	int	numbits
-	des_key_schedule *	ks
-	des_cblock *	ivec
-	int	encrypt
-PPCODE:
-	{
-	SV *s;
-	STRLEN len;
-	char *c;
-
-	len=SvCUR(ST(0));
-	s=sv_newmortal();
-	sv_setpvn(s,"",0);
-	SvGROW(s,len);
-	SvCUR_set(s,len);
-	c=(char *)SvPV(s,na);
-	des_cfb_encrypt((unsigned char *)input,(unsigned char *)c,
-		(int)numbits,(long)len,*ks,ivec,encrypt);
-	sv_setpvn(ST(3),(char *)ivec,8);
-	PUSHs(s);
-	}
-
-des_cblock *
-des_ecb3_encrypt(input,ks1,ks2,encrypt)
-	des_cblock *	input
-	des_key_schedule *	ks1
-	des_key_schedule *	ks2
-	int	encrypt
-CODE:
-	{
-	des_cblock c;
-
-	des_ecb3_encrypt((des_cblock *)input,(des_cblock *)&c,
-		*ks1,*ks2,encrypt);
-	RETVAL= &c;
-	}
-OUTPUT:
-RETVAL
-
-void
-des_ofb_encrypt(input,numbits,ks,ivec)
-	unsigned char *	input
-	int	numbits
-	des_key_schedule *	ks
-	des_cblock *	ivec
-PPCODE:
-	{
-	SV *s;
-	STRLEN len,l;
-	unsigned char *c;
-
-	len=SvCUR(ST(0));
-	s=sv_newmortal();
-	sv_setpvn(s,"",0);
-	SvGROW(s,len);
-	SvCUR_set(s,len);
-	c=(unsigned char *)SvPV(s,na);
-	des_ofb_encrypt((unsigned char *)input,(unsigned char *)c,
-		numbits,len,*ks,ivec);
-	sv_setpvn(ST(3),(char *)ivec,8);
-	PUSHs(s);
-	}
-
-void
-des_pcbc_encrypt(input,ks,ivec,encrypt)
-	char *	input
-	des_key_schedule *	ks
-	des_cblock *	ivec
-	int	encrypt
-PPCODE:
-	{
-	SV *s;
-	STRLEN len,l;
-	char *c;
-
-	l=SvCUR(ST(0));
-	len=((((unsigned long)l)+7)/8)*8;
-	s=sv_newmortal();
-	sv_setpvn(s,"",0);
-	SvGROW(s,len);
-	SvCUR_set(s,len);
-	c=(char *)SvPV(s,na);
-	des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c,
-		l,*ks,ivec,encrypt);
-	sv_setpvn(ST(2),(char *)c[len-8],8);
-	PUSHs(s);
-	}
-
-des_cblock *
-des_random_key()
-CODE:
-	{
-	des_cblock c;
-
-	des_random_key(c);
-	RETVAL=&c;
-	}
-OUTPUT:
-RETVAL
-
-des_cblock *
-des_string_to_key(str)
-char *	str
-CODE:
-	{
-	des_cblock c;
-
-	des_string_to_key(str,&c);
-	RETVAL=&c;
-	}
-OUTPUT:
-RETVAL
-
-void
-des_string_to_2keys(str)
-char *	str
-PPCODE:
-	{
-	des_cblock c1,c2;
-	SV *s1,*s2;
-
-	des_string_to_2keys(str,&c1,&c2);
-	EXTEND(sp,2);
-	s1=sv_newmortal();
-	sv_setpvn(s1,(char *)c1,8);
-	s2=sv_newmortal();
-	sv_setpvn(s2,(char *)c2,8);
-	PUSHs(s1);
-	PUSHs(s2);
-	}
diff --git a/crypto/des/FILES0 b/crypto/des/FILES0
deleted file mode 100644
index 4c7ea2de7a..0000000000
--- a/crypto/des/FILES0
+++ /dev/null
@@ -1,96 +0,0 @@
-/* General stuff */
-COPYRIGHT	- Copyright info.
-MODES.DES	- A description of the features of the different modes of DES.
-FILES		- This file.
-INSTALL		- How to make things compile.
-Imakefile	- For use with kerberos.
-README		- What this package is.
-VERSION		- Which version this is and what was changed.
-KERBEROS	- Kerberos version 4 notes.
-Makefile.PL	- An old makefile to build with perl5, not current.
-Makefile.ssl	- The SSLeay makefile
-Makefile.uni	- The normal unix makefile.
-GNUmakefile	- The makefile for use with glibc.
-makefile.bc	- A Borland C makefile
-times		- Some outputs from 'speed' on some machines.
-vms.com		- For use when compiling under VMS
-
-/* My SunOS des(1) replacement */
-des.c		- des(1) source code.
-des.man		- des(1) manual.
-
-/* Testing and timing programs. */
-destest.c	- Source for libdes.a test program.
-speed.c		- Source for libdes.a timing program.
-rpw.c		- Source for libdes.a testing password reading routines.
-
-/* libdes.a source code */
-des_crypt.man	- libdes.a manual page.
-des.h		- Public libdes.a header file.
-ecb_enc.c	- des_ecb_encrypt() source, this contains the basic DES code.
-ecb3_enc.c	- des_ecb3_encrypt() source.
-cbc_ckm.c	- des_cbc_cksum() source.
-cbc_enc.c	- des_cbc_encrypt() source.
-ncbc_enc.c	- des_cbc_encrypt() that is 'normal' in that it copies
-		  the new iv values back in the passed iv vector.
-ede_enc.c	- des_ede3_cbc_encrypt() cbc mode des using triple DES.
-cbc3_enc.c	- des_3cbc_encrypt() source, don't use this function.
-cfb_enc.c	- des_cfb_encrypt() source.
-cfb64enc.c	- des_cfb64_encrypt() cfb in 64 bit mode but setup to be
-		  used as a stream cipher.
-cfb64ede.c	- des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
-		  used as a stream cipher and using triple DES.
-ofb_enc.c	- des_cfb_encrypt() source.
-ofb64_enc.c	- des_ofb_encrypt() ofb in 64 bit mode but setup to be
-		  used as a stream cipher.
-ofb64ede.c	- des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
-		  used as a stream cipher and using triple DES.
-enc_read.c	- des_enc_read() source.
-enc_writ.c	- des_enc_write() source.
-pcbc_enc.c	- des_pcbc_encrypt() source.
-qud_cksm.c	- quad_cksum() source.
-rand_key.c	- des_random_key() source.
-read_pwd.c	- Source for des_read_password() plus related functions.
-set_key.c	- Source for des_set_key().
-str2key.c	- Covert a string of any length into a key.
-fcrypt.c	- A small, fast version of crypt(3).
-des_locl.h	- Internal libdes.a header file.
-podd.h		- Odd parity tables - used in des_set_key().
-sk.h		- Lookup tables used in des_set_key().
-spr.h		- What is left of the S tables - used in ecb_encrypt().
-des_ver.h	- header file for the external definition of the
-		  version string.
-des.doc		- SSLeay documentation for the library.
-
-/* The perl scripts - you can ignore these files they are only
- * included for the curious */
-des.pl		- des in perl anyone? des_set_key and des_ecb_encrypt
-		  both done in a perl library.
-testdes.pl	- Testing program for des.pl
-doIP		- Perl script used to develop IP xor/shift code.
-doPC1		- Perl script used to develop PC1 xor/shift code.
-doPC2		- Generates sk.h.
-PC1		- Output of doPC1 should be the same as output from PC1.
-PC2		- used in development of doPC2.
-shifts.pl	- Perl library used by my perl scripts.
-
-/* I started making a perl5 dynamic library for libdes
- * but did not fully finish, these files are part of that effort. */
-DES.pm
-DES.pod
-DES.xs
-t
-typemap
-
-/* The following are for use with sun RPC implementaions. */
-rpc_des.h
-rpc_enc.c
-
-/* The following are contibuted by Mark Murray <mark@grondar.za>.  They
- * are not normally built into libdes due to machine specific routines
- * contained in them.  They are for use in the most recent incarnation of
- * export kerberos v 4 (eBones). */
-supp.c
-new_rkey.c
-
-
diff --git a/crypto/des/INSTALL b/crypto/des/INSTALL
deleted file mode 100644
index 8aebdfe110..0000000000
--- a/crypto/des/INSTALL
+++ /dev/null
@@ -1,69 +0,0 @@
-Check the CC and CFLAGS lines in the makefile
-
-If your C library does not support the times(3) function, change the
-#define TIMES to
-#undef TIMES in speed.c
-If it does, check the HZ value for the times(3) function.
-If your system does not define CLK_TCK it will be assumed to
-be 100.0.
-
-If possible use gcc v 2.7.?
-Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)
-In recent times, some system compilers give better performace.
-
-type 'make'
-
-run './destest' to check things are ok.
-run './rpw' to check the tty code for reading passwords works.
-run './speed' to see how fast those optimisations make the library run :-)
-run './des_opts' to determin the best compile time options.
-
-The output from des_opts should be put in the makefile options and des_enc.c
-should be rebuilt.  For 64 bit computers, do not use the DES_PTR option.
-For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int'
-and then you can use the 'DES_PTR' option.
-
-The file options.txt has the options listed for best speed on quite a
-few systems.  Look and the options (UNROLL, PTR, RISC2 etc) and then
-turn on the relevant option in the Makefile.
-
-There are some special Makefile targets that make life easier.
-make cc		- standard cc build
-make gcc	- standard gcc build
-make x86-elf	- x86 assembler (elf), linux-elf.
-make x86-out	- x86 assembler (a.out), FreeBSD
-make x86-solaris- x86 assembler
-make x86-bsdi	- x86 assembler (a.out with primative assembler).
-
-If at all possible use the assembler (for Windows NT/95, use
-asm/win32.obj to link with).  The x86 assembler is very very fast.
-
-A make install will by default install
-libdes.a      in /usr/local/lib/libdes.a
-des           in /usr/local/bin/des
-des_crypt.man in /usr/local/man/man3/des_crypt.3
-des.man       in /usr/local/man/man1/des.1
-des.h         in /usr/include/des.h
-
-des(1) should be compatible with sunOS's but I have been unable to
-test it.
-
-These routines should compile on MSDOS, most 32bit and 64bit version
-of Unix (BSD and SYSV) and VMS, without modification.
-The only problems should be #include files that are in the wrong places.
-
-These routines can be compiled under MSDOS.
-I have successfully encrypted files using des(1) under MSDOS and then
-decrypted the files on a SparcStation.
-I have been able to compile and test the routines with
-Microsoft C v 5.1 and Turbo C v 2.0.
-The code in this library is in no way optimised for the 16bit
-operation of MSDOS.
-
-When building for glibc, ignore all of the above and just unpack into
-glibc-1.??/des and then gmake as per normal.
-
-As a final note on performace.  Certain CPUs like sparcs and Alpha often give
-a %10 speed difference depending on the link order.  It is rather anoying
-when one program reports 'x' DES encrypts a second and another reports
-'x*0.9' the speed.
diff --git a/crypto/des/Imakefile b/crypto/des/Imakefile
deleted file mode 100644
index 1b9b5629e1..0000000000
--- a/crypto/des/Imakefile
+++ /dev/null
@@ -1,35 +0,0 @@
-# This Imakefile has not been tested for a while but it should still
-# work when placed in the correct directory in the kerberos v 4 distribution
-
-SRCS=   cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \
-        qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \
-        enc_read.c enc_writ.c fcrypt.c cfb_enc.c \
-	ecb3_enc.c ofb_enc.c ofb64enc.c
-
-OBJS=   cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
-	qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \
-	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
-	ecb3_enc.o ofb_enc.o ofb64enc.o
-
-GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \
-	vms.com KERBEROS
-DES=    des.c des.man
-TESTING=destest.c speed.c rpw.c
-LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h
-
-PERL=   des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
-
-CODE=    $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL)
-
-SRCDIR=$(SRCTOP)/lib/des
-
-DBG= -O
-INCLUDE= -I$(SRCDIR)
-CC= cc
-
-library_obj_rule()
-
-install_library_target(des,$(OBJS),$(SRCS),)
-
-test(destest,libdes.a,)
-test(rpw,libdes.a,)
diff --git a/crypto/des/KERBEROS b/crypto/des/KERBEROS
deleted file mode 100644
index f401b10014..0000000000
--- a/crypto/des/KERBEROS
+++ /dev/null
@@ -1,41 +0,0 @@
- [ This is an old file, I don't know if it is true anymore
-   but I will leave the file here - eay 21/11/95 ]
-
-To use this library with Bones (kerberos without DES):
-1) Get my modified Bones - eBones.  It can be found on
-   gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z
-   and
-   nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z
-
-2) Unpack this library in src/lib/des, makeing sure it is version
-   3.00 or greater (libdes.tar.93-10-07.Z).  This versions differences
-   from the version in comp.sources.misc volume 29 patchlevel2.
-   The primarily difference is that it should compile under kerberos :-).
-   It can be found at.
-   ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z
-
-Now do a normal kerberos build and things should work.
-
-One problem I found when I was build on my local sun.
----
-For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c
-
-*** make_commands.c.orig	Fri Jul  3 04:18:35 1987
---- make_commands.c	Wed May 20 08:47:42 1992
-***************
-*** 98,104 ****
-       if (!rename(o_file, z_file)) {
-  	  if (!vfork()) {
-  	       chdir("/tmp");
-! 	       execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n",
-  		     z_file+5, 0);
-  	       perror("/bin/ld");
-  	       _exit(1);
---- 98,104 ----
-       if (!rename(o_file, z_file)) {
-  	  if (!vfork()) {
-  	       chdir("/tmp");
-! 	       execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r",
-  		     z_file+5, 0);
-  	       perror("/bin/ld");
-  	       _exit(1);
diff --git a/crypto/des/README b/crypto/des/README
deleted file mode 100644
index 621a5ab467..0000000000
--- a/crypto/des/README
+++ /dev/null
@@ -1,54 +0,0 @@
-
-		libdes, Version 4.01 10-Jan-97
-
-		Copyright (c) 1997, Eric Young
-			  All rights reserved.
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms specified in COPYRIGHT.
-    
---
-The primary ftp site for this library is
-ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz
-libdes is now also shipped with SSLeay.  Primary ftp site of
-ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
-
-The best way to build this library is to build it as part of SSLeay.
-
-This kit builds a DES encryption library and a DES encryption program.
-It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb,
-triple cfb, desx, and MIT's pcbc encryption modes and also has a fast
-implementation of crypt(3).
-It contains support routines to read keys from a terminal,
-generate a random key, generate a key from an arbitrary length string,
-read/write encrypted data from/to a file descriptor.
-
-The implementation was written so as to conform with the manual entry
-for the des_crypt(3) library routines from MIT's project Athena.
-
-destest should be run after compilation to test the des routines.
-rpw should be run after compilation to test the read password routines.
-The des program is a replacement for the sun des command.  I believe it
-conforms to the sun version.
-
-The Imakefile is setup for use in the kerberos distribution.
-
-These routines are best compiled with gcc or any other good
-optimising compiler.
-Just turn you optimiser up to the highest settings and run destest
-after the build to make sure everything works.
-
-I believe these routines are close to the fastest and most portable DES
-routines that use small lookup tables (4.5k) that are publicly available.
-The fcrypt routine is faster than ufc's fcrypt (when compiling with
-gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines
-(on a sun3/260 168 vs 336).  It is a function of CPU on chip cache size.
-[ 10-Jan-97 and a function of an incorrect speed testing program in
-  ufc which gave much better test figures that reality ].
-
-It is worth noting that on sparc and Alpha CPUs, performance of the DES
-library can vary by upto %10 due to the positioning of files after application
-linkage.
-
-Eric Young (eay@cryptsoft.com)
-
diff --git a/crypto/des/VERSION b/crypto/des/VERSION
deleted file mode 100644
index c7d01542bc..0000000000
--- a/crypto/des/VERSION
+++ /dev/null
@@ -1,412 +0,0 @@
-	Fixed the weak key values which were wrong :-(
-	Defining SIGACTION causes sigaction() to be used instead of signal().
-	SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it
-	can cause problems.  This should hopefully not affect normal
-	applications.
-
-Version 4.04
-	Fixed a few tests in destest.  Also added x86 assember for
-	des_ncbc_encrypt() which is the standard cbc mode function.
-	This makes a very very large performace difference.
-	Ariel Glenn ariel@columbia.edu reports that the terminal
-	'turn echo off' can return (errno == EINVAL) under solaris
-	when redirection is used.  So I now catch that as well as ENOTTY.
-
-
-Version 4.03
-	Left a static out of enc_write.c, which caused to buffer to be
-	continiously malloc()ed.  Does anyone use these functions?  I keep
-	on feeling like removing them since I only had these in there
-	for a version of kerberised login.  Anyway, this was pointed out
-	by Theo de Raadt <deraadt@cvs.openbsd.org>
-	The 'n' bit ofb code was wrong, it was not shifting the shift
-	register. It worked correctly for n == 64.  Thanks to
-	Gigi Ankeny <Gigi.Ankeny@Eng.Sun.COM> for pointing this one out.
-
-Version 4.02
-	I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'
-	when checking for weak keys which is wrong :-(, pointed out by
-	Markus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>.
-
-Version 4.01
-	Even faster inner loop in the DES assembler for x86 and a modification
-	for IP/FP which is faster on x86.  Both of these changes are
-	from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  His
-	changes make the assembler run %40 faster on a pentium.  This is just
-	a case of getting the instruction sequence 'just right'.
-	All credit to 'Svend' :-)
-	Quite a few special x86 'make' targets.
-	A libdes-l (lite) distribution.
-
-Version 4.00
-	After a bit of a pause, I'll up the major version number since this
-	is mostly a performace release.  I've added x86 assembler and
-	added more options for performance.  A %28 speedup for gcc 
-	on a pentium and the assembler is a %50 speedup.
-	MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
-	Run des_opts to work out which options should be used.
-	DES_RISC1/DES_RISC2 use alternative inner loops which use
-	more registers but should give speedups on any CPU that does
-	dual issue (pentium).  DES_UNROLL unrolls the inner loop,
-	which costs in code size.
-
-Version 3.26
-	I've finally removed one of the shifts in D_ENCRYPT.  This
-	meant I've changed the des_SPtrans table (spr.h), the set_key()
-	function and some things in des_enc.c.  This has definitly
-	made things faster :-).  I've known about this one for some
-	time but I've been too lazy to follow it up :-).
-	Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..
-	instead of L^=((..)|(..)|(..)..  This should save a register at
-	least.
-	Assember for x86.  The file to replace is des_enc.c, which is replaced
-	by one of the assembler files found in asm.  Look at des/asm/readme
-	for more info.
-
-	/* Modification to fcrypt so it can be compiled to support
-	HPUX 10.x's long password format, define -DLONGCRYPT to use this.
-	Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */
-
-	SIGWINCH case put in des_read_passwd() so the function does not
-	'exit' if this function is recieved.
-
-Version 3.25 17/07/96
-	Modified read_pwd.c so that stdin can be read if not a tty.
-	Thanks to Jeff Barber <jeffb@issl.atl.hp.com> for the patches.
-	des_init_random_number_generator() shortened due to VMS linker
-	limits.
-	Added RSA's DESX cbc mode.  It is a form of cbc encryption, with 2
-	8 byte quantites xored before and after encryption.
-	des_xcbc_encryption() - the name is funny to preserve the des_
-	prefix on all functions.
-
-Version 3.24 20/04/96
-	The DES_PTR macro option checked and used by SSLeay configuration
-
-Version 3.23 11/04/96
-	Added DES_LONG.  If defined to 'unsigned int' on the DEC Alpha,
-	it gives a %20 speedup :-)
-	Fixed the problem with des.pl under perl5.  The patches were
-	sent by Ed Kubaitis (ejk@uiuc.edu).
-	if fcrypt.c, changed values to handle illegal salt values the way
-	normal crypt() implementations do.  Some programs apparently use
-	them :-(. The patch was sent by Bjorn Gronvall <bg@sics.se>
-
-Version 3.22 29/11/95
-	Bug in des(1), an error with the uuencoding stuff when the
-	'data' is small, thanks to Geoff Keating <keagchon@mehta.anu.edu.au>
-	for the patch.
-
-Version 3.21 22/11/95
-	After some emailing back and forth with 
-	Colin Plumb <colin@nyx10.cs.du.edu>, I've tweaked a few things
-	and in a future version I will probably put in some of the
-	optimisation he suggested for use with the DES_USE_PTR option.
-	Extra routines from Mark Murray <mark@grondar.za> for use in
-	freeBSD.  They mostly involve random number generation for use
-	with kerberos.  They involve evil machine specific system calls
-	etc so I would normally suggest pushing this stuff into the
-	application and/or using RAND_seed()/RAND_bytes() if you are
-	using this DES library as part of SSLeay.
-	Redone the read_pw() function so that it is cleaner and
-	supports termios, thanks to Sameer Parekh <sameer@c2.org>
-	for the initial patches for this.
-	Renamed 3ecb_encrypt() to ecb3_encrypt().  This has been
-	 done just to make things more consistent.
-	I have also now added triple DES versions of cfb and ofb.
-
-Version 3.20
-	Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com,
-	my des_random_seed() function was only copying 4 bytes of the
-	passed seed into the init structure.  It is now fixed to copy 8.
-	My own suggestion is to used something like MD5 :-)
-
-Version 3.19 
-	While looking at my code one day, I though, why do I keep on
-	calling des_encrypt(in,out,ks,enc) when every function that
-	calls it has in and out the same.  So I dropped the 'out'
-	parameter, people should not be using this function.
-
-Version 3.18 30/08/95
-	Fixed a few bit with the distribution and the filenames.
-	3.17 had been munged via a move to DOS and back again.
-	NO CODE CHANGES
-
-Version 3.17 14/07/95
-	Fixed ede3 cbc which I had broken in 3.16.  I have also
-	removed some unneeded variables in 7-8 of the routines.
-
-Version 3.16 26/06/95
-	Added des_encrypt2() which does not use IP/FP, used by triple
-	des routines.  Tweaked things a bit elsewhere. %13 speedup on
-	sparc and %6 on a R4400 for ede3 cbc mode.
-
-Version 3.15 06/06/95
-	Added des_ncbc_encrypt(), it is des_cbc mode except that it is
-	'normal' and copies the new iv value back over the top of the
-	passed parameter.
-	CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
-	the iv.  THIS WILL BREAK EXISTING CODE, but since this function
-	only new, I feel I can change it, not so with des_cbc_encrypt :-(.
-	I need to update the documentation.
-
-Version 3.14 31/05/95
-	New release upon the world, as part of my SSL implementation.
-	New copyright and usage stuff.  Basically free for all to use
-	as long as you say it came from me :-)
-
-Version 3.13 31/05/95
-	A fix in speed.c, if HZ is not defined, I set it to 100.0
-	which is reasonable for most unixes except SunOS 4.x.
-	I now have a #ifdef sun but timing for SunOS 4.x looked very
-	good :-(.  At my last job where I used SunOS 4.x, it was
-	defined to be 60.0 (look at the old INSTALL documentation), at
-	the last release had it changed to 100.0 since I now work with
-	Solaris2 and SVR4 boxes.
-	Thanks to  Rory Chisholm <rchishol@math.ethz.ch> for pointing this
-	one out.
-
-Version 3.12 08/05/95
-	As pointed out by The Crypt Keeper <tck@bend.UCSD.EDU>,
-	my D_ENCRYPT macro in crypt() had an un-necessary variable.
-	It has been removed.
-
-Version 3.11 03/05/95
-	Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
-	and one iv.  It is a standard and I needed it for my SSL code.
-	It makes more sense to use this for triple DES than
-	3cbc_encrypt().  I have also added (or should I say tested :-)
-	cfb64_encrypt() which is cfb64 but it will encrypt a partial
-	number of bytes - 3 bytes in 3 bytes out.  Again this is for
-	my SSL library, as a form of encryption to use with SSL
-	telnet.
-
-Version 3.10 22/03/95
-	Fixed a bug in 3cbc_encrypt() :-(.  When making repeated calls
-	to cbc3_encrypt, the 2 iv values that were being returned to
-	be used in the next call were reversed :-(.
-	Many thanks to Bill Wade <wade@Stoner.COM> for pointing out
-	this error.
-
-Version 3.09 01/02/95
-	Fixed des_random_key to far more random, it was rather feeble
-	with regards to picking the initial seed.  The problem was
-	pointed out by Olaf Kirch <okir@monad.swb.de>.
-
-Version 3.08 14/12/94
-	Added Makefile.PL so libdes can be built into perl5.
-	Changed des_locl.h so RAND is always defined.
-
-Version 3.07 05/12/94
-	Added GNUmake and stuff so the library can be build with
-	glibc.
-
-Version 3.06 30/08/94
-	Added rpc_enc.c which contains _des_crypt.  This is for use in
-	secure_rpc v 4.0
-	Finally fixed the cfb_enc problems.
-	Fixed a few parameter parsing bugs in des (-3 and -b), thanks
-	to Rob McMillan <R.McMillan@its.gu.edu.au>
-
-Version 3.05 21/04/94
-	for unsigned long l; gcc does not produce ((l>>34) == 0)
-	This causes bugs in cfb_enc.
-	Thanks to Hadmut Danisch <danisch@ira.uka.de>
-
-Version 3.04 20/04/94
-	Added a version number to des.c and libdes.a
-
-Version 3.03 12/01/94
-	Fixed a bug in non zero iv in 3cbc_enc.
-
-Version 3.02 29/10/93
-	I now work in a place where there are 6+ architectures and 14+
-	OS versions :-).
-	Fixed TERMIO definition so the most sys V boxes will work :-)
-
-Release upon comp.sources.misc
-Version 3.01 08/10/93
-	Added des_3cbc_encrypt()
-
-Version 3.00 07/10/93
-	Fixed up documentation.
-	quad_cksum definitely compatible with MIT's now.
-
-Version 2.30 24/08/93
-	Triple DES now defaults to triple cbc but can do triple ecb
-	 with the -b flag.
-	Fixed some MSDOS uuen/uudecoding problems, thanks to
-	Added prototypes.
-	
-Version 2.22 29/06/93
-	Fixed a bug in des_is_weak_key() which stopped it working :-(
-	thanks to engineering@MorningStar.Com.
-
-Version 2.21 03/06/93
-	des(1) with no arguments gives quite a bit of help.
-	Added -c (generate ckecksum) flag to des(1).
-	Added -3 (triple DES) flag to des(1).
-	Added cfb and ofb routines to the library.
-
-Version 2.20 11/03/93
-	Added -u (uuencode) flag to des(1).
-	I have been playing with byte order in quad_cksum to make it
-	 compatible with MIT's version.  All I can say is avid this
-	 function if possible since MIT's output is endian dependent.
-
-Version 2.12 14/10/92
-	Added MSDOS specific macro in ecb_encrypt which gives a %70
-	 speed up when the code is compiled with turbo C.
-
-Version 2.11 12/10/92
-	Speedup in set_key (recoding of PC-1)
-	 I now do it in 47 simple operations, down from 60.
-	 Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
-	 for motivating me to look for a faster system :-)
-	 The speedup is probably less that 1% but it is still 13
-	 instructions less :-).
-
-Version 2.10 06/10/92
-	The code now works on the 64bit ETA10 and CRAY without modifications or
-	 #defines.  I believe the code should work on any machine that
-	 defines long, int or short to be 8 bytes long.
-	Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu)
-	 for helping me fix the code to run on 64bit machines (he had
-	 access to an ETA10).
-	Thanks also to John Fletcher <john_fletcher@lccmail.ocf.llnl.gov>
-	 for testing the routines on a CRAY.
-	read_password.c has been renamed to read_passwd.c
-	string_to_key.c has been renamed to string2key.c
-
-Version 2.00 14/09/92
-	Made mods so that the library should work on 64bit CPU's.
-	Removed all my uchar and ulong defs.  To many different
-	 versions of unix define them in their header files in too many
-	 different combinations :-)
-	IRIX - Sillicon Graphics mods (mostly in read_password.c).
-	 Thanks to Andrew Daviel (advax@erich.triumf.ca)
-
-Version 1.99 26/08/92
-	Fixed a bug or 2 in enc_read.c
-	Fixed a bug in enc_write.c
-	Fixed a pseudo bug in fcrypt.c (very obscure).
-
-Version 1.98 31/07/92
-	Support for the ETA10.  This is a strange machine that defines
-	longs and ints as 8 bytes and shorts as 4 bytes.
-	Since I do evil things with long * that assume that they are 4
-	bytes.  Look in the Makefile for the option to compile for
-	this machine.  quad_cksum appears to have problems but I
-	will don't have the time to fix it right now, and this is not
-	a function that uses DES and so will not effect the main uses
-	of the library.
-
-Version 1.97 20/05/92 eay
-	Fixed the Imakefile and made some changes to des.h to fix some
-	problems when building this package with Kerberos v 4.
-
-Version 1.96 18/05/92 eay
-	Fixed a small bug in string_to_key() where problems could
-	occur if des_check_key was set to true and the string
-	generated a weak key.
-
-Patch2 posted to comp.sources.misc
-Version 1.95 13/05/92 eay
-	Added an alternative version of the D_ENCRYPT macro in
-	ecb_encrypt and fcrypt.  Depending on the compiler, one version or the
-	other will be faster.  This was inspired by 
-	Dana How <how@isl.stanford.edu>, and her pointers about doing the
-	*(ulong *)((uchar *)ptr+(value&0xfc))
-	vs
-	ptr[value&0x3f]
-	to stop the C compiler doing a <<2 to convert the long array index.
-
-Version 1.94 05/05/92 eay
-	Fixed an incompatibility between my string_to_key and the MIT
-	 version.  When the key is longer than 8 chars, I was wrapping
-	 with a different method.  To use the old version, define
-	 OLD_STR_TO_KEY in the makefile.  Thanks to
-	 viktor@newsu.shearson.com (Viktor Dukhovni).
-
-Version 1.93 28/04/92 eay
-	Fixed the VMS mods so that echo is now turned off in
-	 read_password.  Thanks again to brennan@coco.cchs.su.oz.AU.
-	MSDOS support added.  The routines can be compiled with
-	 Turbo C (v2.0) and MSC (v5.1).  Make sure MSDOS is defined.
-
-Patch1 posted to comp.sources.misc
-Version 1.92 13/04/92 eay
-	Changed D_ENCRYPT so that the rotation of R occurs outside of
-	 the loop.  This required rotating all the longs in sp.h (now
-	 called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-	speed.c has been changed so it will work without SIGALRM.  If
-	 times(3) is not present it will try to use ftime() instead.
-
-Version 1.91 08/04/92 eay
-	Added -E/-D options to des(1) so it can use string_to_key.
-	Added SVR4 mods suggested by witr@rwwa.COM
-	Added VMS mods suggested by brennan@coco.cchs.su.oz.AU.  If
-	anyone knows how to turn of tty echo in VMS please tell me or
-	implement it yourself :-).
-	Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
-	does not like IN/OUT being used.
-
-Libdes posted to comp.sources.misc
-Version 1.9 24/03/92 eay
-	Now contains a fast small crypt replacement.
-	Added des(1) command.
-	Added des_rw_mode so people can use cbc encryption with
-	enc_read and enc_write.
-
-Version 1.8 15/10/91 eay
-	Bug in cbc_cksum.
-	Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this
-	one out.
-
-Version 1.7 24/09/91 eay
-	Fixed set_key :-)
-	set_key is 4 times faster and takes less space.
-	There are a few minor changes that could be made.
-
-Version 1.6 19/09/1991 eay
-	Finally go IP and FP finished.
-	Now I need to fix set_key.
-	This version is quite a bit faster that 1.51
-
-Version 1.52 15/06/1991 eay
-	20% speedup in ecb_encrypt by changing the E bit selection
-	to use 2 32bit words.  This also required modification of the
-	sp table.  There is still a way to speedup the IP and IP-1
-	(hints from outer@sq.com) still working on this one :-(.
-
-Version 1.51 07/06/1991 eay
-	Faster des_encrypt by loop unrolling
-	Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu)
-
-Version 1.50 28/05/1991 eay
-	Optimised the code a bit more for the sparc.  I have improved the
-	speed of the inner des_encrypt by speeding up the initial and
-	final permutations.
-
-Version 1.40 23/10/1990 eay
-	Fixed des_random_key, it did not produce a random key :-(
-
-Version 1.30  2/10/1990 eay
-	Have made des_quad_cksum the same as MIT's, the full package
-	should be compatible with MIT's
-	Have tested on a DECstation 3100
-	Still need to fix des_set_key (make it faster).
-	Does des_cbc_encrypts at 70.5k/sec on a 3100.
-
-Version 1.20 18/09/1990 eay
-	Fixed byte order dependencies.
-	Fixed (I hope) all the word alignment problems.
-	Speedup in des_ecb_encrypt.
-
-Version 1.10 11/09/1990 eay
-	Added des_enc_read and des_enc_write.
-	Still need to fix des_quad_cksum.
-	Still need to document des_enc_read and des_enc_write.
-
-Version 1.00 27/08/1990 eay
-
diff --git a/crypto/des/asm/crypt586.S b/crypto/des/asm/crypt586.S
deleted file mode 100644
index fb321ba904..0000000000
--- a/crypto/des/asm/crypt586.S
+++ /dev/null
@@ -1,879 +0,0 @@
-.file	"crypt586.s"
-.text
-.globl	fcrypt_body
-.type	fcrypt_body,@function
-.align	16
-fcrypt_body:
-.L_fcrypt_body_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	xorl	%edi,%edi
-	xorl	%esi,%esi
-	call	.L000PIC_me_up
-.L000PIC_me_up:
-	popl	%edx
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L000PIC_me_up](%edx),%edx
-	movl	DES_SPtrans@GOT(%edx),%edx
-	pushl	%edx
-	movl	28(%esp),%ebp
-	pushl	$25
-.L001start:
-
-
-	movl	36(%esp),%eax
-	movl	%esi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%esi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	4(%ebp),%ecx
-	xorl	%esi,%eax
-	xorl	%esi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%edi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%edi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%edi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	8(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	12(%ebp),%ecx
-	xorl	%edi,%eax
-	xorl	%edi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%esi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%esi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%esi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	16(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	20(%ebp),%ecx
-	xorl	%esi,%eax
-	xorl	%esi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%edi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%edi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%edi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	24(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	28(%ebp),%ecx
-	xorl	%edi,%eax
-	xorl	%edi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%esi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%esi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%esi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	32(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	36(%ebp),%ecx
-	xorl	%esi,%eax
-	xorl	%esi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%edi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%edi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%edi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	40(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	44(%ebp),%ecx
-	xorl	%edi,%eax
-	xorl	%edi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%esi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%esi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%esi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	48(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	52(%ebp),%ecx
-	xorl	%esi,%eax
-	xorl	%esi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%edi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%edi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%edi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	56(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	60(%ebp),%ecx
-	xorl	%edi,%eax
-	xorl	%edi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%esi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%esi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%esi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	64(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	68(%ebp),%ecx
-	xorl	%esi,%eax
-	xorl	%esi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%edi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%edi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%edi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	72(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	76(%ebp),%ecx
-	xorl	%edi,%eax
-	xorl	%edi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%esi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%esi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%esi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	80(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	84(%ebp),%ecx
-	xorl	%esi,%eax
-	xorl	%esi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%edi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%edi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%edi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	88(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	92(%ebp),%ecx
-	xorl	%edi,%eax
-	xorl	%edi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%esi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%esi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%esi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	96(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	100(%ebp),%ecx
-	xorl	%esi,%eax
-	xorl	%esi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%edi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%edi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%edi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	104(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	108(%ebp),%ecx
-	xorl	%edi,%eax
-	xorl	%edi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%esi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%esi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%esi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	112(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	116(%ebp),%ecx
-	xorl	%esi,%eax
-	xorl	%esi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%edi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%edi
-	movl	32(%esp),%ebp
-
-
-	movl	36(%esp),%eax
-	movl	%edi,%edx
-	shrl	$16,%edx
-	movl	40(%esp),%ecx
-	xorl	%edi,%edx
-	andl	%edx,%eax
-	andl	%ecx,%edx
-	movl	%eax,%ebx
-	shll	$16,%ebx
-	movl	%edx,%ecx
-	shll	$16,%ecx
-	xorl	%ebx,%eax
-	xorl	%ecx,%edx
-	movl	120(%ebp),%ebx
-	xorl	%ebx,%eax
-	movl	124(%ebp),%ecx
-	xorl	%edi,%eax
-	xorl	%edi,%edx
-	xorl	%ecx,%edx
-	andl	$0xfcfcfcfc,%eax
-	xorl	%ebx,%ebx
-	andl	$0xcfcfcfcf,%edx
-	xorl	%ecx,%ecx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	movl	4(%esp),%ebp
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	movl	0x600(%ebp,%ebx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x700(%ebp,%ecx,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x400(%ebp,%eax,1),%ebx
-	xorl	%ebx,%esi
-	movl	0x500(%ebp,%edx,1),%ebx
-	xorl	%ebx,%esi
-	movl	32(%esp),%ebp
-	movl	(%esp),%ebx
-	movl	%edi,%eax
-	decl	%ebx
-	movl	%esi,%edi
-	movl	%eax,%esi
-	movl	%ebx,(%esp)
-	jnz	.L001start
-
-
-	movl	28(%esp),%edx
-	rorl	$1,%edi
-	movl	%esi,%eax
-	xorl	%edi,%esi
-	andl	$0xaaaaaaaa,%esi
-	xorl	%esi,%eax
-	xorl	%esi,%edi
-
-	roll	$23,%eax
-	movl	%eax,%esi
-	xorl	%edi,%eax
-	andl	$0x03fc03fc,%eax
-	xorl	%eax,%esi
-	xorl	%eax,%edi
-
-	roll	$10,%esi
-	movl	%esi,%eax
-	xorl	%edi,%esi
-	andl	$0x33333333,%esi
-	xorl	%esi,%eax
-	xorl	%esi,%edi
-
-	roll	$18,%edi
-	movl	%edi,%esi
-	xorl	%eax,%edi
-	andl	$0xfff0000f,%edi
-	xorl	%edi,%esi
-	xorl	%edi,%eax
-
-	roll	$12,%esi
-	movl	%esi,%edi
-	xorl	%eax,%esi
-	andl	$0xf0f0f0f0,%esi
-	xorl	%esi,%edi
-	xorl	%esi,%eax
-
-	rorl	$4,%eax
-	movl	%eax,(%edx)
-	movl	%edi,4(%edx)
-	addl	$8,%esp
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	fcrypt_body,.-.L_fcrypt_body_begin
diff --git a/crypto/des/asm/crypt586.pl b/crypto/des/asm/crypt586.pl
deleted file mode 100644
index e36f7d44bd..0000000000
--- a/crypto/des/asm/crypt586.pl
+++ /dev/null
@@ -1,209 +0,0 @@
-#!/usr/local/bin/perl
-#
-# The inner loop instruction sequence and the IP/FP modifications are from
-# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
-# I've added the stuff needed for crypt() but I've not worried about making
-# things perfect.
-#
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"crypt586.pl");
-
-$L="edi";
-$R="esi";
-
-&external_label("DES_SPtrans");
-&fcrypt_body("fcrypt_body");
-&asm_finish();
-
-sub fcrypt_body
-	{
-	local($name,$do_ip)=@_;
-
-	&function_begin($name);
-
-	&comment("");
-	&comment("Load the 2 words");
-	$trans="ebp";
-
-	&xor(	$L,	$L);
-	&xor(	$R,	$R);
-
-	# PIC-ification:-)
-	&picmeup("edx","DES_SPtrans");
-	#if ($cpp)	{ &picmeup("edx","DES_SPtrans");   }
-	#else		{ &lea("edx",&DWP("DES_SPtrans")); }
-	&push("edx");	# becomes &swtmp(1)
-	#
-	&mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT
-
-	&push(&DWC(25)); # add a variable
-
-	&set_label("start");
-	for ($i=0; $i<16; $i+=2)
-		{
-		&comment("");
-		&comment("Round $i");
-		&D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx");
-
-		&comment("");
-		&comment("Round ".sprintf("%d",$i+1));
-		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx");
-		}
-	 &mov("ebx",	&swtmp(0));
-	&mov("eax",	$L);
-	 &dec("ebx");
-	&mov($L,	$R);
-	 &mov($R,	"eax");
-	&mov(&swtmp(0),	"ebx");
-	 &jnz(&label("start"));
-
-	&comment("");
-	&comment("FP");
-	&mov("edx",&wparam(0));
-
-	&FP_new($R,$L,"eax",3);
-	&mov(&DWP(0,"edx","",0),"eax");
-	&mov(&DWP(4,"edx","",0),$L);
-
-	&add("esp",8);	# remove variables
-
-	&function_end($name);
-	}
-
-sub D_ENCRYPT
-	{
-	local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_;
-
-	&mov(	$u,		&wparam(2));			# 2
-	&mov(	$t,		$R);
-	&shr(	$t,		16);				# 1
-	&mov(	$tmp2,		&wparam(3));			# 2
-	&xor(	$t,		$R);				# 1
-
-	&and(	$u,		$t);				# 2
-	&and(	$t,		$tmp2);				# 2
-
-	&mov(	$tmp1,		$u);
-	&shl(	$tmp1,		16); 				# 1
-	&mov(	$tmp2,		$t);
-	&shl(	$tmp2,		16); 				# 1
-	&xor(	$u,		$tmp1);				# 2
-	&xor(	$t,		$tmp2);				# 2
-	&mov(	$tmp1,		&DWP(&n2a($S*4),$trans,"",0));	# 2
-	&xor(	$u,		$tmp1);
-	&mov(	$tmp2,		&DWP(&n2a(($S+1)*4),$trans,"",0));	# 2
-	&xor(	$u,		$R);
-	&xor(	$t,		$R);
-	&xor(	$t,		$tmp2);
-
-	&and(	$u,		"0xfcfcfcfc"	);		# 2
-	&xor(	$tmp1,		$tmp1);				# 1
-	&and(	$t,		"0xcfcfcfcf"	);		# 2
-	&xor(	$tmp2,		$tmp2);	
-	&movb(	&LB($tmp1),	&LB($u)	);
-	&movb(	&LB($tmp2),	&HB($u)	);
-	&rotr(	$t,		4		);
-	&mov(	$trans,		&swtmp(1));
-	&xor(	$L,		&DWP("     ",$trans,$tmp1,0));
-	&movb(	&LB($tmp1),	&LB($t)	);
-	&xor(	$L,		&DWP("0x200",$trans,$tmp2,0));
-	&movb(	&LB($tmp2),	&HB($t)	);
-	&shr(	$u,		16);
-	&xor(	$L,		&DWP("0x100",$trans,$tmp1,0));
-	&movb(	&LB($tmp1),	&HB($u)	);
-	&shr(	$t,		16);
-	&xor(	$L,		&DWP("0x300",$trans,$tmp2,0));
-	&movb(	&LB($tmp2),	&HB($t)	);
-	&and(	$u,		"0xff"	);
-	&and(	$t,		"0xff"	);
-	&mov(	$tmp1,		&DWP("0x600",$trans,$tmp1,0));
-	&xor(	$L,		$tmp1);
-	&mov(	$tmp1,		&DWP("0x700",$trans,$tmp2,0));
-	&xor(	$L,		$tmp1);
-	&mov(	$tmp1,		&DWP("0x400",$trans,$u,0));
-	&xor(	$L,		$tmp1);
-	&mov(	$tmp1,		&DWP("0x500",$trans,$t,0));
-	&xor(	$L,		$tmp1);
-	&mov(	$trans,		&wparam(1));
-	}
-
-sub n2a
-	{
-	sprintf("%d",$_[0]);
-	}
-
-# now has a side affect of rotating $a by $shift
-sub R_PERM_OP
-	{
-	local($a,$b,$tt,$shift,$mask,$last)=@_;
-
-	&rotl(	$a,		$shift		) if ($shift != 0);
-	&mov(	$tt,		$a		);
-	&xor(	$a,		$b		);
-	&and(	$a,		$mask		);
-	if ($notlast eq $b)
-		{
-		&xor(	$b,		$a		);
-		&xor(	$tt,		$a		);
-		}
-	else
-		{
-		&xor(	$tt,		$a		);
-		&xor(	$b,		$a		);
-		}
-	&comment("");
-	}
-
-sub IP_new
-	{
-	local($l,$r,$tt,$lr)=@_;
-
-	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
-	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
-	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
-	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
-	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
-	
-	if ($lr != 3)
-		{
-		if (($lr-3) < 0)
-			{ &rotr($tt,	3-$lr); }
-		else	{ &rotl($tt,	$lr-3); }
-		}
-	if ($lr != 2)
-		{
-		if (($lr-2) < 0)
-			{ &rotr($r,	2-$lr); }
-		else	{ &rotl($r,	$lr-2); }
-		}
-	}
-
-sub FP_new
-	{
-	local($l,$r,$tt,$lr)=@_;
-
-	if ($lr != 2)
-		{
-		if (($lr-2) < 0)
-			{ &rotl($r,	2-$lr); }
-		else	{ &rotr($r,	$lr-2); }
-		}
-	if ($lr != 3)
-		{
-		if (($lr-3) < 0)
-			{ &rotl($l,	3-$lr); }
-		else	{ &rotr($l,	$lr-3); }
-		}
-
-	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
-	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
-	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
-	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
-	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
-	&rotr($tt	, 4);
-	}
-
diff --git a/crypto/des/asm/des-586.S b/crypto/des/asm/des-586.S
deleted file mode 100644
index 2fbd340dae..0000000000
--- a/crypto/des/asm/des-586.S
+++ /dev/null
@@ -1,1837 +0,0 @@
-.file	"des-586.s"
-.text
-.globl	DES_SPtrans
-.type	_x86_DES_encrypt,@function
-.align	16
-_x86_DES_encrypt:
-	pushl	%ecx
-
-	movl	(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	4(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	8(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	12(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	16(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	20(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	24(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	28(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	32(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	36(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	40(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	44(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	48(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	52(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	56(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	60(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	64(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	68(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	72(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	76(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	80(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	84(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	88(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	92(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	96(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	100(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	104(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	108(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	112(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	116(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	120(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	124(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-	addl	$4,%esp
-	ret
-.size	_x86_DES_encrypt,.-_x86_DES_encrypt
-.type	_x86_DES_decrypt,@function
-.align	16
-_x86_DES_decrypt:
-	pushl	%ecx
-
-	movl	120(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	124(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	112(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	116(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	104(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	108(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	96(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	100(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	88(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	92(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	80(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	84(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	72(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	76(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	64(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	68(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	56(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	60(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	48(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	52(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	40(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	44(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	32(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	36(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	24(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	28(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	16(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	20(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-
-	movl	8(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	12(%ecx),%edx
-	xorl	%esi,%eax
-	xorl	%ecx,%ecx
-	xorl	%esi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%edi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%edi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%edi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%edi
-	xorl	0x700(%ebp,%ecx,1),%edi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%edi
-	xorl	0x500(%ebp,%edx,1),%edi
-
-	movl	(%ecx),%eax
-	xorl	%ebx,%ebx
-	movl	4(%ecx),%edx
-	xorl	%edi,%eax
-	xorl	%ecx,%ecx
-	xorl	%edi,%edx
-	andl	$0xfcfcfcfc,%eax
-	andl	$0xcfcfcfcf,%edx
-	movb	%al,%bl
-	movb	%ah,%cl
-	rorl	$4,%edx
-	xorl	(%ebp,%ebx,1),%esi
-	movb	%dl,%bl
-	xorl	0x200(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	shrl	$16,%eax
-	xorl	0x100(%ebp,%ebx,1),%esi
-	movb	%ah,%bl
-	shrl	$16,%edx
-	xorl	0x300(%ebp,%ecx,1),%esi
-	movb	%dh,%cl
-	andl	$0xff,%eax
-	andl	$0xff,%edx
-	xorl	0x600(%ebp,%ebx,1),%esi
-	xorl	0x700(%ebp,%ecx,1),%esi
-	movl	(%esp),%ecx
-	xorl	0x400(%ebp,%eax,1),%esi
-	xorl	0x500(%ebp,%edx,1),%esi
-	addl	$4,%esp
-	ret
-.size	_x86_DES_decrypt,.-_x86_DES_decrypt
-.globl	DES_encrypt1
-.type	DES_encrypt1,@function
-.align	16
-DES_encrypt1:
-.L_DES_encrypt1_begin:
-	pushl	%esi
-	pushl	%edi
-
-
-	movl	12(%esp),%esi
-	xorl	%ecx,%ecx
-	pushl	%ebx
-	pushl	%ebp
-	movl	(%esi),%eax
-	movl	28(%esp),%ebx
-	movl	4(%esi),%edi
-
-
-	roll	$4,%eax
-	movl	%eax,%esi
-	xorl	%edi,%eax
-	andl	$0xf0f0f0f0,%eax
-	xorl	%eax,%esi
-	xorl	%eax,%edi
-
-	roll	$20,%edi
-	movl	%edi,%eax
-	xorl	%esi,%edi
-	andl	$0xfff0000f,%edi
-	xorl	%edi,%eax
-	xorl	%edi,%esi
-
-	roll	$14,%eax
-	movl	%eax,%edi
-	xorl	%esi,%eax
-	andl	$0x33333333,%eax
-	xorl	%eax,%edi
-	xorl	%eax,%esi
-
-	roll	$22,%esi
-	movl	%esi,%eax
-	xorl	%edi,%esi
-	andl	$0x03fc03fc,%esi
-	xorl	%esi,%eax
-	xorl	%esi,%edi
-
-	roll	$9,%eax
-	movl	%eax,%esi
-	xorl	%edi,%eax
-	andl	$0xaaaaaaaa,%eax
-	xorl	%eax,%esi
-	xorl	%eax,%edi
-
-	roll	$1,%edi
-	call	.L000pic_point
-.L000pic_point:
-	popl	%ebp
-	leal	DES_SPtrans-.L000pic_point(%ebp),%ebp
-	movl	24(%esp),%ecx
-	cmpl	$0,%ebx
-	je	.L001decrypt
-	call	_x86_DES_encrypt
-	jmp	.L002done
-.L001decrypt:
-	call	_x86_DES_decrypt
-.L002done:
-
-
-	movl	20(%esp),%edx
-	rorl	$1,%esi
-	movl	%edi,%eax
-	xorl	%esi,%edi
-	andl	$0xaaaaaaaa,%edi
-	xorl	%edi,%eax
-	xorl	%edi,%esi
-
-	roll	$23,%eax
-	movl	%eax,%edi
-	xorl	%esi,%eax
-	andl	$0x03fc03fc,%eax
-	xorl	%eax,%edi
-	xorl	%eax,%esi
-
-	roll	$10,%edi
-	movl	%edi,%eax
-	xorl	%esi,%edi
-	andl	$0x33333333,%edi
-	xorl	%edi,%eax
-	xorl	%edi,%esi
-
-	roll	$18,%esi
-	movl	%esi,%edi
-	xorl	%eax,%esi
-	andl	$0xfff0000f,%esi
-	xorl	%esi,%edi
-	xorl	%esi,%eax
-
-	roll	$12,%edi
-	movl	%edi,%esi
-	xorl	%eax,%edi
-	andl	$0xf0f0f0f0,%edi
-	xorl	%edi,%esi
-	xorl	%edi,%eax
-
-	rorl	$4,%eax
-	movl	%eax,(%edx)
-	movl	%esi,4(%edx)
-	popl	%ebp
-	popl	%ebx
-	popl	%edi
-	popl	%esi
-	ret
-.size	DES_encrypt1,.-.L_DES_encrypt1_begin
-.globl	DES_encrypt2
-.type	DES_encrypt2,@function
-.align	16
-DES_encrypt2:
-.L_DES_encrypt2_begin:
-	pushl	%esi
-	pushl	%edi
-
-
-	movl	12(%esp),%eax
-	xorl	%ecx,%ecx
-	pushl	%ebx
-	pushl	%ebp
-	movl	(%eax),%esi
-	movl	28(%esp),%ebx
-	roll	$3,%esi
-	movl	4(%eax),%edi
-	roll	$3,%edi
-	call	.L003pic_point
-.L003pic_point:
-	popl	%ebp
-	leal	DES_SPtrans-.L003pic_point(%ebp),%ebp
-	movl	24(%esp),%ecx
-	cmpl	$0,%ebx
-	je	.L004decrypt
-	call	_x86_DES_encrypt
-	jmp	.L005done
-.L004decrypt:
-	call	_x86_DES_decrypt
-.L005done:
-
-
-	rorl	$3,%edi
-	movl	20(%esp),%eax
-	rorl	$3,%esi
-	movl	%edi,(%eax)
-	movl	%esi,4(%eax)
-	popl	%ebp
-	popl	%ebx
-	popl	%edi
-	popl	%esi
-	ret
-.size	DES_encrypt2,.-.L_DES_encrypt2_begin
-.globl	DES_encrypt3
-.type	DES_encrypt3,@function
-.align	16
-DES_encrypt3:
-.L_DES_encrypt3_begin:
-	pushl	%ebx
-	movl	8(%esp),%ebx
-	pushl	%ebp
-	pushl	%esi
-	pushl	%edi
-
-
-	movl	(%ebx),%edi
-	movl	4(%ebx),%esi
-	subl	$12,%esp
-
-
-	roll	$4,%edi
-	movl	%edi,%edx
-	xorl	%esi,%edi
-	andl	$0xf0f0f0f0,%edi
-	xorl	%edi,%edx
-	xorl	%edi,%esi
-
-	roll	$20,%esi
-	movl	%esi,%edi
-	xorl	%edx,%esi
-	andl	$0xfff0000f,%esi
-	xorl	%esi,%edi
-	xorl	%esi,%edx
-
-	roll	$14,%edi
-	movl	%edi,%esi
-	xorl	%edx,%edi
-	andl	$0x33333333,%edi
-	xorl	%edi,%esi
-	xorl	%edi,%edx
-
-	roll	$22,%edx
-	movl	%edx,%edi
-	xorl	%esi,%edx
-	andl	$0x03fc03fc,%edx
-	xorl	%edx,%edi
-	xorl	%edx,%esi
-
-	roll	$9,%edi
-	movl	%edi,%edx
-	xorl	%esi,%edi
-	andl	$0xaaaaaaaa,%edi
-	xorl	%edi,%edx
-	xorl	%edi,%esi
-
-	rorl	$3,%edx
-	rorl	$2,%esi
-	movl	%esi,4(%ebx)
-	movl	36(%esp),%eax
-	movl	%edx,(%ebx)
-	movl	40(%esp),%edi
-	movl	44(%esp),%esi
-	movl	$1,8(%esp)
-	movl	%eax,4(%esp)
-	movl	%ebx,(%esp)
-	call	.L_DES_encrypt2_begin
-	movl	$0,8(%esp)
-	movl	%edi,4(%esp)
-	movl	%ebx,(%esp)
-	call	.L_DES_encrypt2_begin
-	movl	$1,8(%esp)
-	movl	%esi,4(%esp)
-	movl	%ebx,(%esp)
-	call	.L_DES_encrypt2_begin
-	addl	$12,%esp
-	movl	(%ebx),%edi
-	movl	4(%ebx),%esi
-
-
-	roll	$2,%esi
-	roll	$3,%edi
-	movl	%edi,%eax
-	xorl	%esi,%edi
-	andl	$0xaaaaaaaa,%edi
-	xorl	%edi,%eax
-	xorl	%edi,%esi
-
-	roll	$23,%eax
-	movl	%eax,%edi
-	xorl	%esi,%eax
-	andl	$0x03fc03fc,%eax
-	xorl	%eax,%edi
-	xorl	%eax,%esi
-
-	roll	$10,%edi
-	movl	%edi,%eax
-	xorl	%esi,%edi
-	andl	$0x33333333,%edi
-	xorl	%edi,%eax
-	xorl	%edi,%esi
-
-	roll	$18,%esi
-	movl	%esi,%edi
-	xorl	%eax,%esi
-	andl	$0xfff0000f,%esi
-	xorl	%esi,%edi
-	xorl	%esi,%eax
-
-	roll	$12,%edi
-	movl	%edi,%esi
-	xorl	%eax,%edi
-	andl	$0xf0f0f0f0,%edi
-	xorl	%edi,%esi
-	xorl	%edi,%eax
-
-	rorl	$4,%eax
-	movl	%eax,(%ebx)
-	movl	%esi,4(%ebx)
-	popl	%edi
-	popl	%esi
-	popl	%ebp
-	popl	%ebx
-	ret
-.size	DES_encrypt3,.-.L_DES_encrypt3_begin
-.globl	DES_decrypt3
-.type	DES_decrypt3,@function
-.align	16
-DES_decrypt3:
-.L_DES_decrypt3_begin:
-	pushl	%ebx
-	movl	8(%esp),%ebx
-	pushl	%ebp
-	pushl	%esi
-	pushl	%edi
-
-
-	movl	(%ebx),%edi
-	movl	4(%ebx),%esi
-	subl	$12,%esp
-
-
-	roll	$4,%edi
-	movl	%edi,%edx
-	xorl	%esi,%edi
-	andl	$0xf0f0f0f0,%edi
-	xorl	%edi,%edx
-	xorl	%edi,%esi
-
-	roll	$20,%esi
-	movl	%esi,%edi
-	xorl	%edx,%esi
-	andl	$0xfff0000f,%esi
-	xorl	%esi,%edi
-	xorl	%esi,%edx
-
-	roll	$14,%edi
-	movl	%edi,%esi
-	xorl	%edx,%edi
-	andl	$0x33333333,%edi
-	xorl	%edi,%esi
-	xorl	%edi,%edx
-
-	roll	$22,%edx
-	movl	%edx,%edi
-	xorl	%esi,%edx
-	andl	$0x03fc03fc,%edx
-	xorl	%edx,%edi
-	xorl	%edx,%esi
-
-	roll	$9,%edi
-	movl	%edi,%edx
-	xorl	%esi,%edi
-	andl	$0xaaaaaaaa,%edi
-	xorl	%edi,%edx
-	xorl	%edi,%esi
-
-	rorl	$3,%edx
-	rorl	$2,%esi
-	movl	%esi,4(%ebx)
-	movl	36(%esp),%esi
-	movl	%edx,(%ebx)
-	movl	40(%esp),%edi
-	movl	44(%esp),%eax
-	movl	$0,8(%esp)
-	movl	%eax,4(%esp)
-	movl	%ebx,(%esp)
-	call	.L_DES_encrypt2_begin
-	movl	$1,8(%esp)
-	movl	%edi,4(%esp)
-	movl	%ebx,(%esp)
-	call	.L_DES_encrypt2_begin
-	movl	$0,8(%esp)
-	movl	%esi,4(%esp)
-	movl	%ebx,(%esp)
-	call	.L_DES_encrypt2_begin
-	addl	$12,%esp
-	movl	(%ebx),%edi
-	movl	4(%ebx),%esi
-
-
-	roll	$2,%esi
-	roll	$3,%edi
-	movl	%edi,%eax
-	xorl	%esi,%edi
-	andl	$0xaaaaaaaa,%edi
-	xorl	%edi,%eax
-	xorl	%edi,%esi
-
-	roll	$23,%eax
-	movl	%eax,%edi
-	xorl	%esi,%eax
-	andl	$0x03fc03fc,%eax
-	xorl	%eax,%edi
-	xorl	%eax,%esi
-
-	roll	$10,%edi
-	movl	%edi,%eax
-	xorl	%esi,%edi
-	andl	$0x33333333,%edi
-	xorl	%edi,%eax
-	xorl	%edi,%esi
-
-	roll	$18,%esi
-	movl	%esi,%edi
-	xorl	%eax,%esi
-	andl	$0xfff0000f,%esi
-	xorl	%esi,%edi
-	xorl	%esi,%eax
-
-	roll	$12,%edi
-	movl	%edi,%esi
-	xorl	%eax,%edi
-	andl	$0xf0f0f0f0,%edi
-	xorl	%edi,%esi
-	xorl	%edi,%eax
-
-	rorl	$4,%eax
-	movl	%eax,(%ebx)
-	movl	%esi,4(%ebx)
-	popl	%edi
-	popl	%esi
-	popl	%ebp
-	popl	%ebx
-	ret
-.size	DES_decrypt3,.-.L_DES_decrypt3_begin
-.globl	DES_ncbc_encrypt
-.type	DES_ncbc_encrypt,@function
-.align	16
-DES_ncbc_encrypt:
-.L_DES_ncbc_encrypt_begin:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),%ebp
-
-	movl	36(%esp),%ebx
-	movl	(%ebx),%esi
-	movl	4(%ebx),%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,%ebx
-	movl	36(%esp),%esi
-	movl	40(%esp),%edi
-
-	movl	56(%esp),%ecx
-
-	pushl	%ecx
-
-	movl	52(%esp),%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,%ecx
-	jz	.L006decrypt
-	andl	$4294967288,%ebp
-	movl	12(%esp),%eax
-	movl	16(%esp),%ebx
-	jz	.L007encrypt_finish
-.L008encrypt_loop:
-	movl	(%esi),%ecx
-	movl	4(%esi),%edx
-	xorl	%ecx,%eax
-	xorl	%edx,%ebx
-	movl	%eax,12(%esp)
-	movl	%ebx,16(%esp)
-	call	.L_DES_encrypt1_begin
-	movl	12(%esp),%eax
-	movl	16(%esp),%ebx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	addl	$8,%esi
-	addl	$8,%edi
-	subl	$8,%ebp
-	jnz	.L008encrypt_loop
-.L007encrypt_finish:
-	movl	56(%esp),%ebp
-	andl	$7,%ebp
-	jz	.L009finish
-	call	.L010PIC_point
-.L010PIC_point:
-	popl	%edx
-	leal	.L011cbc_enc_jmp_table-.L010PIC_point(%edx),%ecx
-	movl	(%ecx,%ebp,4),%ebp
-	addl	%edx,%ebp
-	xorl	%ecx,%ecx
-	xorl	%edx,%edx
-	jmp	*%ebp
-.L012ej7:
-	movb	6(%esi),%dh
-	shll	$8,%edx
-.L013ej6:
-	movb	5(%esi),%dh
-.L014ej5:
-	movb	4(%esi),%dl
-.L015ej4:
-	movl	(%esi),%ecx
-	jmp	.L016ejend
-.L017ej3:
-	movb	2(%esi),%ch
-	shll	$8,%ecx
-.L018ej2:
-	movb	1(%esi),%ch
-.L019ej1:
-	movb	(%esi),%cl
-.L016ejend:
-	xorl	%ecx,%eax
-	xorl	%edx,%ebx
-	movl	%eax,12(%esp)
-	movl	%ebx,16(%esp)
-	call	.L_DES_encrypt1_begin
-	movl	12(%esp),%eax
-	movl	16(%esp),%ebx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	jmp	.L009finish
-.L006decrypt:
-	andl	$4294967288,%ebp
-	movl	20(%esp),%eax
-	movl	24(%esp),%ebx
-	jz	.L020decrypt_finish
-.L021decrypt_loop:
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	%eax,12(%esp)
-	movl	%ebx,16(%esp)
-	call	.L_DES_encrypt1_begin
-	movl	12(%esp),%eax
-	movl	16(%esp),%ebx
-	movl	20(%esp),%ecx
-	movl	24(%esp),%edx
-	xorl	%eax,%ecx
-	xorl	%ebx,%edx
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	%ecx,(%edi)
-	movl	%edx,4(%edi)
-	movl	%eax,20(%esp)
-	movl	%ebx,24(%esp)
-	addl	$8,%esi
-	addl	$8,%edi
-	subl	$8,%ebp
-	jnz	.L021decrypt_loop
-.L020decrypt_finish:
-	movl	56(%esp),%ebp
-	andl	$7,%ebp
-	jz	.L009finish
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	%eax,12(%esp)
-	movl	%ebx,16(%esp)
-	call	.L_DES_encrypt1_begin
-	movl	12(%esp),%eax
-	movl	16(%esp),%ebx
-	movl	20(%esp),%ecx
-	movl	24(%esp),%edx
-	xorl	%eax,%ecx
-	xorl	%ebx,%edx
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-.L022dj7:
-	rorl	$16,%edx
-	movb	%dl,6(%edi)
-	shrl	$16,%edx
-.L023dj6:
-	movb	%dh,5(%edi)
-.L024dj5:
-	movb	%dl,4(%edi)
-.L025dj4:
-	movl	%ecx,(%edi)
-	jmp	.L026djend
-.L027dj3:
-	rorl	$16,%ecx
-	movb	%cl,2(%edi)
-	shll	$16,%ecx
-.L028dj2:
-	movb	%ch,1(%esi)
-.L029dj1:
-	movb	%cl,(%esi)
-.L026djend:
-	jmp	.L009finish
-.L009finish:
-	movl	64(%esp),%ecx
-	addl	$28,%esp
-	movl	%eax,(%ecx)
-	movl	%ebx,4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align	64
-.L011cbc_enc_jmp_table:
-.long	0
-.long	.L019ej1-.L010PIC_point
-.long	.L018ej2-.L010PIC_point
-.long	.L017ej3-.L010PIC_point
-.long	.L015ej4-.L010PIC_point
-.long	.L014ej5-.L010PIC_point
-.long	.L013ej6-.L010PIC_point
-.long	.L012ej7-.L010PIC_point
-.align	64
-.size	DES_ncbc_encrypt,.-.L_DES_ncbc_encrypt_begin
-.globl	DES_ede3_cbc_encrypt
-.type	DES_ede3_cbc_encrypt,@function
-.align	16
-DES_ede3_cbc_encrypt:
-.L_DES_ede3_cbc_encrypt_begin:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),%ebp
-
-	movl	44(%esp),%ebx
-	movl	(%ebx),%esi
-	movl	4(%ebx),%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,%ebx
-	movl	36(%esp),%esi
-	movl	40(%esp),%edi
-
-	movl	64(%esp),%ecx
-
-	movl	56(%esp),%eax
-	pushl	%eax
-
-	movl	56(%esp),%eax
-	pushl	%eax
-
-	movl	56(%esp),%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,%ecx
-	jz	.L030decrypt
-	andl	$4294967288,%ebp
-	movl	16(%esp),%eax
-	movl	20(%esp),%ebx
-	jz	.L031encrypt_finish
-.L032encrypt_loop:
-	movl	(%esi),%ecx
-	movl	4(%esi),%edx
-	xorl	%ecx,%eax
-	xorl	%edx,%ebx
-	movl	%eax,16(%esp)
-	movl	%ebx,20(%esp)
-	call	.L_DES_encrypt3_begin
-	movl	16(%esp),%eax
-	movl	20(%esp),%ebx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	addl	$8,%esi
-	addl	$8,%edi
-	subl	$8,%ebp
-	jnz	.L032encrypt_loop
-.L031encrypt_finish:
-	movl	60(%esp),%ebp
-	andl	$7,%ebp
-	jz	.L033finish
-	call	.L034PIC_point
-.L034PIC_point:
-	popl	%edx
-	leal	.L035cbc_enc_jmp_table-.L034PIC_point(%edx),%ecx
-	movl	(%ecx,%ebp,4),%ebp
-	addl	%edx,%ebp
-	xorl	%ecx,%ecx
-	xorl	%edx,%edx
-	jmp	*%ebp
-.L036ej7:
-	movb	6(%esi),%dh
-	shll	$8,%edx
-.L037ej6:
-	movb	5(%esi),%dh
-.L038ej5:
-	movb	4(%esi),%dl
-.L039ej4:
-	movl	(%esi),%ecx
-	jmp	.L040ejend
-.L041ej3:
-	movb	2(%esi),%ch
-	shll	$8,%ecx
-.L042ej2:
-	movb	1(%esi),%ch
-.L043ej1:
-	movb	(%esi),%cl
-.L040ejend:
-	xorl	%ecx,%eax
-	xorl	%edx,%ebx
-	movl	%eax,16(%esp)
-	movl	%ebx,20(%esp)
-	call	.L_DES_encrypt3_begin
-	movl	16(%esp),%eax
-	movl	20(%esp),%ebx
-	movl	%eax,(%edi)
-	movl	%ebx,4(%edi)
-	jmp	.L033finish
-.L030decrypt:
-	andl	$4294967288,%ebp
-	movl	24(%esp),%eax
-	movl	28(%esp),%ebx
-	jz	.L044decrypt_finish
-.L045decrypt_loop:
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	%eax,16(%esp)
-	movl	%ebx,20(%esp)
-	call	.L_DES_decrypt3_begin
-	movl	16(%esp),%eax
-	movl	20(%esp),%ebx
-	movl	24(%esp),%ecx
-	movl	28(%esp),%edx
-	xorl	%eax,%ecx
-	xorl	%ebx,%edx
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	%ecx,(%edi)
-	movl	%edx,4(%edi)
-	movl	%eax,24(%esp)
-	movl	%ebx,28(%esp)
-	addl	$8,%esi
-	addl	$8,%edi
-	subl	$8,%ebp
-	jnz	.L045decrypt_loop
-.L044decrypt_finish:
-	movl	60(%esp),%ebp
-	andl	$7,%ebp
-	jz	.L033finish
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	%eax,16(%esp)
-	movl	%ebx,20(%esp)
-	call	.L_DES_decrypt3_begin
-	movl	16(%esp),%eax
-	movl	20(%esp),%ebx
-	movl	24(%esp),%ecx
-	movl	28(%esp),%edx
-	xorl	%eax,%ecx
-	xorl	%ebx,%edx
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-.L046dj7:
-	rorl	$16,%edx
-	movb	%dl,6(%edi)
-	shrl	$16,%edx
-.L047dj6:
-	movb	%dh,5(%edi)
-.L048dj5:
-	movb	%dl,4(%edi)
-.L049dj4:
-	movl	%ecx,(%edi)
-	jmp	.L050djend
-.L051dj3:
-	rorl	$16,%ecx
-	movb	%cl,2(%edi)
-	shll	$16,%ecx
-.L052dj2:
-	movb	%ch,1(%esi)
-.L053dj1:
-	movb	%cl,(%esi)
-.L050djend:
-	jmp	.L033finish
-.L033finish:
-	movl	76(%esp),%ecx
-	addl	$32,%esp
-	movl	%eax,(%ecx)
-	movl	%ebx,4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align	64
-.L035cbc_enc_jmp_table:
-.long	0
-.long	.L043ej1-.L034PIC_point
-.long	.L042ej2-.L034PIC_point
-.long	.L041ej3-.L034PIC_point
-.long	.L039ej4-.L034PIC_point
-.long	.L038ej5-.L034PIC_point
-.long	.L037ej6-.L034PIC_point
-.long	.L036ej7-.L034PIC_point
-.align	64
-.size	DES_ede3_cbc_encrypt,.-.L_DES_ede3_cbc_encrypt_begin
-.align	64
-DES_SPtrans:
-.long	34080768,524288,33554434,34080770
-.long	33554432,526338,524290,33554434
-.long	526338,34080768,34078720,2050
-.long	33556482,33554432,0,524290
-.long	524288,2,33556480,526336
-.long	34080770,34078720,2050,33556480
-.long	2,2048,526336,34078722
-.long	2048,33556482,34078722,0
-.long	0,34080770,33556480,524290
-.long	34080768,524288,2050,33556480
-.long	34078722,2048,526336,33554434
-.long	526338,2,33554434,34078720
-.long	34080770,526336,34078720,33556482
-.long	33554432,2050,524290,0
-.long	524288,33554432,33556482,34080768
-.long	2,34078722,2048,526338
-.long	1074823184,0,1081344,1074790400
-.long	1073741840,32784,1073774592,1081344
-.long	32768,1074790416,16,1073774592
-.long	1048592,1074823168,1074790400,16
-.long	1048576,1073774608,1074790416,32768
-.long	1081360,1073741824,0,1048592
-.long	1073774608,1081360,1074823168,1073741840
-.long	1073741824,1048576,32784,1074823184
-.long	1048592,1074823168,1073774592,1081360
-.long	1074823184,1048592,1073741840,0
-.long	1073741824,32784,1048576,1074790416
-.long	32768,1073741824,1081360,1073774608
-.long	1074823168,32768,0,1073741840
-.long	16,1074823184,1081344,1074790400
-.long	1074790416,1048576,32784,1073774592
-.long	1073774608,16,1074790400,1081344
-.long	67108865,67371264,256,67109121
-.long	262145,67108864,67109121,262400
-.long	67109120,262144,67371008,1
-.long	67371265,257,1,67371009
-.long	0,262145,67371264,256
-.long	257,67371265,262144,67108865
-.long	67371009,67109120,262401,67371008
-.long	262400,0,67108864,262401
-.long	67371264,256,1,262144
-.long	257,262145,67371008,67109121
-.long	0,67371264,262400,67371009
-.long	262145,67108864,67371265,1
-.long	262401,67108865,67108864,67371265
-.long	262144,67109120,67109121,262400
-.long	67109120,0,67371009,257
-.long	67108865,262401,256,67371008
-.long	4198408,268439552,8,272633864
-.long	0,272629760,268439560,4194312
-.long	272633856,268435464,268435456,4104
-.long	268435464,4198408,4194304,268435456
-.long	272629768,4198400,4096,8
-.long	4198400,268439560,272629760,4096
-.long	4104,0,4194312,272633856
-.long	268439552,272629768,272633864,4194304
-.long	272629768,4104,4194304,268435464
-.long	4198400,268439552,8,272629760
-.long	268439560,0,4096,4194312
-.long	0,272629768,272633856,4096
-.long	268435456,272633864,4198408,4194304
-.long	272633864,8,268439552,4198408
-.long	4194312,4198400,272629760,268439560
-.long	4104,268435456,268435464,272633856
-.long	134217728,65536,1024,134284320
-.long	134283296,134218752,66592,134283264
-.long	65536,32,134217760,66560
-.long	134218784,134283296,134284288,0
-.long	66560,134217728,65568,1056
-.long	134218752,66592,0,134217760
-.long	32,134218784,134284320,65568
-.long	134283264,1024,1056,134284288
-.long	134284288,134218784,65568,134283264
-.long	65536,32,134217760,134218752
-.long	134217728,66560,134284320,0
-.long	66592,134217728,1024,65568
-.long	134218784,1024,0,134284320
-.long	134283296,134284288,1056,65536
-.long	66560,134283296,134218752,1056
-.long	32,66592,134283264,134217760
-.long	2147483712,2097216,0,2149588992
-.long	2097216,8192,2147491904,2097152
-.long	8256,2149589056,2105344,2147483648
-.long	2147491840,2147483712,2149580800,2105408
-.long	2097152,2147491904,2149580864,0
-.long	8192,64,2149588992,2149580864
-.long	2149589056,2149580800,2147483648,8256
-.long	64,2105344,2105408,2147491840
-.long	8256,2147483648,2147491840,2105408
-.long	2149588992,2097216,0,2147491840
-.long	2147483648,8192,2149580864,2097152
-.long	2097216,2149589056,2105344,64
-.long	2149589056,2105344,2097152,2147491904
-.long	2147483712,2149580800,2105408,0
-.long	8192,2147483712,2147491904,2149588992
-.long	2149580800,8256,64,2149580864
-.long	16384,512,16777728,16777220
-.long	16794116,16388,16896,0
-.long	16777216,16777732,516,16793600
-.long	4,16794112,16793600,516
-.long	16777732,16384,16388,16794116
-.long	0,16777728,16777220,16896
-.long	16793604,16900,16794112,4
-.long	16900,16793604,512,16777216
-.long	16900,16793600,16793604,516
-.long	16384,512,16777216,16793604
-.long	16777732,16900,16896,0
-.long	512,16777220,4,16777728
-.long	0,16777732,16777728,16896
-.long	516,16384,16794116,16777216
-.long	16794112,4,16388,16794116
-.long	16777220,16794112,16793600,16388
-.long	545259648,545390592,131200,0
-.long	537001984,8388736,545259520,545390720
-.long	128,536870912,8519680,131200
-.long	8519808,537002112,536871040,545259520
-.long	131072,8519808,8388736,537001984
-.long	545390720,536871040,0,8519680
-.long	536870912,8388608,537002112,545259648
-.long	8388608,131072,545390592,128
-.long	8388608,131072,536871040,545390720
-.long	131200,536870912,0,8519680
-.long	545259648,537002112,537001984,8388736
-.long	545390592,128,8388736,537001984
-.long	545390720,8388608,545259520,536871040
-.long	8519680,131200,537002112,545259520
-.long	128,545390592,8519808,0
-.long	536870912,545259648,131072,8519808
diff --git a/crypto/des/asm/des-586.pl b/crypto/des/asm/des-586.pl
deleted file mode 100644
index 5b5f39cebd..0000000000
--- a/crypto/des/asm/des-586.pl
+++ /dev/null
@@ -1,453 +0,0 @@
-#!/usr/local/bin/perl
-#
-# The inner loop instruction sequence and the IP/FP modifications are from
-# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
-#
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-require "cbc.pl";
-require "desboth.pl";
-
-# base code is in microsft
-# op dest, source
-# format.
-#
-
-&asm_init($ARGV[0],"des-586.pl");
-
-$L="edi";
-$R="esi";
-$trans="ebp";
-$small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV));
-# one can discuss setting this variable to 1 unconditionally, as
-# the folded loop is only 3% slower than unrolled, but >7 times smaller
-
-&public_label("DES_SPtrans");
-
-&DES_encrypt_internal();
-&DES_decrypt_internal();
-&DES_encrypt("DES_encrypt1",1);
-&DES_encrypt("DES_encrypt2",0);
-&DES_encrypt3("DES_encrypt3",1);
-&DES_encrypt3("DES_decrypt3",0);
-&cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);
-&cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);
-&DES_SPtrans();
-
-&asm_finish();
-
-sub DES_encrypt_internal()
-	{
-	&function_begin_B("_x86_DES_encrypt");
-
-	if ($small_footprint)
-	    {
-	    &lea("edx",&DWP(128,"ecx"));
-	    &push("edx");
-	    &push("ecx");
-	    &set_label("eloop");
-		&D_ENCRYPT(0,$L,$R,0,$trans,"eax","ebx","ecx","edx",&swtmp(0));
-		&comment("");
-		&D_ENCRYPT(1,$R,$L,2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
-		&comment("");
-		&add("ecx",16);
-		&cmp("ecx",&swtmp(1));
-		&mov(&swtmp(0),"ecx");
-		&jb(&label("eloop"));
-	    &add("esp",8);
-	    }
-	else
-	    {
-	    &push("ecx");
-	    for ($i=0; $i<16; $i+=2)
-		{
-		&comment("Round $i");
-		&D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
-		&comment("Round ".sprintf("%d",$i+1));
-		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
-		}
-	    &add("esp",4);
-	}
-	&ret();
-
-	&function_end_B("_x86_DES_encrypt");
-	}
-	
-sub DES_decrypt_internal()
-	{
-	&function_begin_B("_x86_DES_decrypt");
-
-	if ($small_footprint)
-	    {
-	    &push("ecx");
-	    &lea("ecx",&DWP(128,"ecx"));
-	    &push("ecx");
-	    &set_label("dloop");
-		&D_ENCRYPT(0,$L,$R,-2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
-		&comment("");
-		&D_ENCRYPT(1,$R,$L,-4,$trans,"eax","ebx","ecx","edx",&swtmp(0));
-		&comment("");
-		&sub("ecx",16);
-		&cmp("ecx",&swtmp(1));
-		&mov(&swtmp(0),"ecx");
-		&ja(&label("dloop"));
-	    &add("esp",8);
-	    }
-	else
-	    {
-	    &push("ecx");
-	    for ($i=15; $i>0; $i-=2)
-		{
-		&comment("Round $i");
-		&D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
-		&comment("Round ".sprintf("%d",$i-1));
-		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0));
-		}
-	    &add("esp",4);
-	    }
-	&ret();
-
-	&function_end_B("_x86_DES_decrypt");
-	}
-	
-sub DES_encrypt
-	{
-	local($name,$do_ip)=@_;
-
-	&function_begin_B($name);
-
-	&push("esi");
-	&push("edi");
-
-	&comment("");
-	&comment("Load the 2 words");
-
-	if ($do_ip)
-		{
-		&mov($R,&wparam(0));
-		 &xor(	"ecx",		"ecx"		);
-
-		&push("ebx");
-		&push("ebp");
-
-		&mov("eax",&DWP(0,$R,"",0));
-		 &mov("ebx",&wparam(2));	# get encrypt flag
-		&mov($L,&DWP(4,$R,"",0));
-		&comment("");
-		&comment("IP");
-		&IP_new("eax",$L,$R,3);
-		}
-	else
-		{
-		&mov("eax",&wparam(0));
-		 &xor(	"ecx",		"ecx"		);
-
-		&push("ebx");
-		&push("ebp");
-
-		&mov($R,&DWP(0,"eax","",0));
-		 &mov("ebx",&wparam(2));	# get encrypt flag
-		&rotl($R,3);
-		&mov($L,&DWP(4,"eax","",0));
-		&rotl($L,3);
-		}
-
-	# PIC-ification:-)
-	&call	(&label("pic_point"));
-	&set_label("pic_point");
-	&blindpop($trans);
-	&lea	($trans,&DWP(&label("DES_SPtrans")."-".&label("pic_point"),$trans));
-
-	&mov(	"ecx",	&wparam(1)	);
-
-	&cmp("ebx","0");
-	&je(&label("decrypt"));
-	&call("_x86_DES_encrypt");
-	&jmp(&label("done"));
-	&set_label("decrypt");
-	&call("_x86_DES_decrypt");
-	&set_label("done");
-
-	if ($do_ip)
-		{
-		&comment("");
-		&comment("FP");
-		&mov("edx",&wparam(0));
-		&FP_new($L,$R,"eax",3);
-
-		&mov(&DWP(0,"edx","",0),"eax");
-		&mov(&DWP(4,"edx","",0),$R);
-		}
-	else
-		{
-		&comment("");
-		&comment("Fixup");
-		&rotr($L,3);		# r
-		 &mov("eax",&wparam(0));
-		&rotr($R,3);		# l
-		 &mov(&DWP(0,"eax","",0),$L);
-		 &mov(&DWP(4,"eax","",0),$R);
-		}
-
-	&pop("ebp");
-	&pop("ebx");
-	&pop("edi");
-	&pop("esi");
-	&ret();
-
-	&function_end_B($name);
-	}
-
-sub D_ENCRYPT
-	{
-	local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t,$wp1)=@_;
-
-	 &mov(	$u,		&DWP(&n2a($S*4),$tmp2,"",0));
-	&xor(	$tmp1,		$tmp1);
-	 &mov(	$t,		&DWP(&n2a(($S+1)*4),$tmp2,"",0));
-	&xor(	$u,		$R);
-	&xor(	$tmp2,		$tmp2);
-	 &xor(	$t,		$R);
-	&and(	$u,		"0xfcfcfcfc"	);
-	 &and(	$t,		"0xcfcfcfcf"	);
-	&movb(	&LB($tmp1),	&LB($u)	);
-	 &movb(	&LB($tmp2),	&HB($u)	);
-	&rotr(	$t,		4		);
-	&xor(	$L,		&DWP("     ",$trans,$tmp1,0));
-	 &movb(	&LB($tmp1),	&LB($t)	);
-	 &xor(	$L,		&DWP("0x200",$trans,$tmp2,0));
-	 &movb(	&LB($tmp2),	&HB($t)	);
-	&shr(	$u,		16);
-	 &xor(	$L,		&DWP("0x100",$trans,$tmp1,0));
-	 &movb(	&LB($tmp1),	&HB($u)	);
-	&shr(	$t,		16);
-	 &xor(	$L,		&DWP("0x300",$trans,$tmp2,0));
-	&movb(	&LB($tmp2),	&HB($t)	);
-	 &and(	$u,		"0xff"	);
-	&and(	$t,		"0xff"	);
-	 &xor(	$L,		&DWP("0x600",$trans,$tmp1,0));
-	 &xor(	$L,		&DWP("0x700",$trans,$tmp2,0));
-	&mov(	$tmp2,		$wp1	);
-	 &xor(	$L,		&DWP("0x400",$trans,$u,0));
-	 &xor(	$L,		&DWP("0x500",$trans,$t,0));
-	}
-
-sub n2a
-	{
-	sprintf("%d",$_[0]);
-	}
-
-# now has a side affect of rotating $a by $shift
-sub R_PERM_OP
-	{
-	local($a,$b,$tt,$shift,$mask,$last)=@_;
-
-	&rotl(	$a,		$shift		) if ($shift != 0);
-	&mov(	$tt,		$a		);
-	&xor(	$a,		$b		);
-	&and(	$a,		$mask		);
-	# This can never succeed, and besides it is difficult to see what the
-	# idea was - Ben 13 Feb 99
-	if (!$last eq $b)
-		{
-		&xor(	$b,		$a		);
-		&xor(	$tt,		$a		);
-		}
-	else
-		{
-		&xor(	$tt,		$a		);
-		&xor(	$b,		$a		);
-		}
-	&comment("");
-	}
-
-sub IP_new
-	{
-	local($l,$r,$tt,$lr)=@_;
-
-	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);
-	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);
-	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);
-	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);
-	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);
-	
-	if ($lr != 3)
-		{
-		if (($lr-3) < 0)
-			{ &rotr($tt,	3-$lr); }
-		else	{ &rotl($tt,	$lr-3); }
-		}
-	if ($lr != 2)
-		{
-		if (($lr-2) < 0)
-			{ &rotr($r,	2-$lr); }
-		else	{ &rotl($r,	$lr-2); }
-		}
-	}
-
-sub FP_new
-	{
-	local($l,$r,$tt,$lr)=@_;
-
-	if ($lr != 2)
-		{
-		if (($lr-2) < 0)
-			{ &rotl($r,	2-$lr); }
-		else	{ &rotr($r,	$lr-2); }
-		}
-	if ($lr != 3)
-		{
-		if (($lr-3) < 0)
-			{ &rotl($l,	3-$lr); }
-		else	{ &rotr($l,	$lr-3); }
-		}
-
-	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);
-	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);
-	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);
-	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);
-	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);
-	&rotr($tt	, 4);
-	}
-
-sub DES_SPtrans
-	{
-	&set_label("DES_SPtrans",64);
-	&data_word(0x02080800, 0x00080000, 0x02000002, 0x02080802);
-	&data_word(0x02000000, 0x00080802, 0x00080002, 0x02000002);
-	&data_word(0x00080802, 0x02080800, 0x02080000, 0x00000802);
-	&data_word(0x02000802, 0x02000000, 0x00000000, 0x00080002);
-	&data_word(0x00080000, 0x00000002, 0x02000800, 0x00080800);
-	&data_word(0x02080802, 0x02080000, 0x00000802, 0x02000800);
-	&data_word(0x00000002, 0x00000800, 0x00080800, 0x02080002);
-	&data_word(0x00000800, 0x02000802, 0x02080002, 0x00000000);
-	&data_word(0x00000000, 0x02080802, 0x02000800, 0x00080002);
-	&data_word(0x02080800, 0x00080000, 0x00000802, 0x02000800);
-	&data_word(0x02080002, 0x00000800, 0x00080800, 0x02000002);
-	&data_word(0x00080802, 0x00000002, 0x02000002, 0x02080000);
-	&data_word(0x02080802, 0x00080800, 0x02080000, 0x02000802);
-	&data_word(0x02000000, 0x00000802, 0x00080002, 0x00000000);
-	&data_word(0x00080000, 0x02000000, 0x02000802, 0x02080800);
-	&data_word(0x00000002, 0x02080002, 0x00000800, 0x00080802);
-	# nibble 1
-	&data_word(0x40108010, 0x00000000, 0x00108000, 0x40100000);
-	&data_word(0x40000010, 0x00008010, 0x40008000, 0x00108000);
-	&data_word(0x00008000, 0x40100010, 0x00000010, 0x40008000);
-	&data_word(0x00100010, 0x40108000, 0x40100000, 0x00000010);
-	&data_word(0x00100000, 0x40008010, 0x40100010, 0x00008000);
-	&data_word(0x00108010, 0x40000000, 0x00000000, 0x00100010);
-	&data_word(0x40008010, 0x00108010, 0x40108000, 0x40000010);
-	&data_word(0x40000000, 0x00100000, 0x00008010, 0x40108010);
-	&data_word(0x00100010, 0x40108000, 0x40008000, 0x00108010);
-	&data_word(0x40108010, 0x00100010, 0x40000010, 0x00000000);
-	&data_word(0x40000000, 0x00008010, 0x00100000, 0x40100010);
-	&data_word(0x00008000, 0x40000000, 0x00108010, 0x40008010);
-	&data_word(0x40108000, 0x00008000, 0x00000000, 0x40000010);
-	&data_word(0x00000010, 0x40108010, 0x00108000, 0x40100000);
-	&data_word(0x40100010, 0x00100000, 0x00008010, 0x40008000);
-	&data_word(0x40008010, 0x00000010, 0x40100000, 0x00108000);
-	# nibble 2
-	&data_word(0x04000001, 0x04040100, 0x00000100, 0x04000101);
-	&data_word(0x00040001, 0x04000000, 0x04000101, 0x00040100);
-	&data_word(0x04000100, 0x00040000, 0x04040000, 0x00000001);
-	&data_word(0x04040101, 0x00000101, 0x00000001, 0x04040001);
-	&data_word(0x00000000, 0x00040001, 0x04040100, 0x00000100);
-	&data_word(0x00000101, 0x04040101, 0x00040000, 0x04000001);
-	&data_word(0x04040001, 0x04000100, 0x00040101, 0x04040000);
-	&data_word(0x00040100, 0x00000000, 0x04000000, 0x00040101);
-	&data_word(0x04040100, 0x00000100, 0x00000001, 0x00040000);
-	&data_word(0x00000101, 0x00040001, 0x04040000, 0x04000101);
-	&data_word(0x00000000, 0x04040100, 0x00040100, 0x04040001);
-	&data_word(0x00040001, 0x04000000, 0x04040101, 0x00000001);
-	&data_word(0x00040101, 0x04000001, 0x04000000, 0x04040101);
-	&data_word(0x00040000, 0x04000100, 0x04000101, 0x00040100);
-	&data_word(0x04000100, 0x00000000, 0x04040001, 0x00000101);
-	&data_word(0x04000001, 0x00040101, 0x00000100, 0x04040000);
-	# nibble 3
-	&data_word(0x00401008, 0x10001000, 0x00000008, 0x10401008);
-	&data_word(0x00000000, 0x10400000, 0x10001008, 0x00400008);
-	&data_word(0x10401000, 0x10000008, 0x10000000, 0x00001008);
-	&data_word(0x10000008, 0x00401008, 0x00400000, 0x10000000);
-	&data_word(0x10400008, 0x00401000, 0x00001000, 0x00000008);
-	&data_word(0x00401000, 0x10001008, 0x10400000, 0x00001000);
-	&data_word(0x00001008, 0x00000000, 0x00400008, 0x10401000);
-	&data_word(0x10001000, 0x10400008, 0x10401008, 0x00400000);
-	&data_word(0x10400008, 0x00001008, 0x00400000, 0x10000008);
-	&data_word(0x00401000, 0x10001000, 0x00000008, 0x10400000);
-	&data_word(0x10001008, 0x00000000, 0x00001000, 0x00400008);
-	&data_word(0x00000000, 0x10400008, 0x10401000, 0x00001000);
-	&data_word(0x10000000, 0x10401008, 0x00401008, 0x00400000);
-	&data_word(0x10401008, 0x00000008, 0x10001000, 0x00401008);
-	&data_word(0x00400008, 0x00401000, 0x10400000, 0x10001008);
-	&data_word(0x00001008, 0x10000000, 0x10000008, 0x10401000);
-	# nibble 4
-	&data_word(0x08000000, 0x00010000, 0x00000400, 0x08010420);
-	&data_word(0x08010020, 0x08000400, 0x00010420, 0x08010000);
-	&data_word(0x00010000, 0x00000020, 0x08000020, 0x00010400);
-	&data_word(0x08000420, 0x08010020, 0x08010400, 0x00000000);
-	&data_word(0x00010400, 0x08000000, 0x00010020, 0x00000420);
-	&data_word(0x08000400, 0x00010420, 0x00000000, 0x08000020);
-	&data_word(0x00000020, 0x08000420, 0x08010420, 0x00010020);
-	&data_word(0x08010000, 0x00000400, 0x00000420, 0x08010400);
-	&data_word(0x08010400, 0x08000420, 0x00010020, 0x08010000);
-	&data_word(0x00010000, 0x00000020, 0x08000020, 0x08000400);
-	&data_word(0x08000000, 0x00010400, 0x08010420, 0x00000000);
-	&data_word(0x00010420, 0x08000000, 0x00000400, 0x00010020);
-	&data_word(0x08000420, 0x00000400, 0x00000000, 0x08010420);
-	&data_word(0x08010020, 0x08010400, 0x00000420, 0x00010000);
-	&data_word(0x00010400, 0x08010020, 0x08000400, 0x00000420);
-	&data_word(0x00000020, 0x00010420, 0x08010000, 0x08000020);
-	# nibble 5
-	&data_word(0x80000040, 0x00200040, 0x00000000, 0x80202000);
-	&data_word(0x00200040, 0x00002000, 0x80002040, 0x00200000);
-	&data_word(0x00002040, 0x80202040, 0x00202000, 0x80000000);
-	&data_word(0x80002000, 0x80000040, 0x80200000, 0x00202040);
-	&data_word(0x00200000, 0x80002040, 0x80200040, 0x00000000);
-	&data_word(0x00002000, 0x00000040, 0x80202000, 0x80200040);
-	&data_word(0x80202040, 0x80200000, 0x80000000, 0x00002040);
-	&data_word(0x00000040, 0x00202000, 0x00202040, 0x80002000);
-	&data_word(0x00002040, 0x80000000, 0x80002000, 0x00202040);
-	&data_word(0x80202000, 0x00200040, 0x00000000, 0x80002000);
-	&data_word(0x80000000, 0x00002000, 0x80200040, 0x00200000);
-	&data_word(0x00200040, 0x80202040, 0x00202000, 0x00000040);
-	&data_word(0x80202040, 0x00202000, 0x00200000, 0x80002040);
-	&data_word(0x80000040, 0x80200000, 0x00202040, 0x00000000);
-	&data_word(0x00002000, 0x80000040, 0x80002040, 0x80202000);
-	&data_word(0x80200000, 0x00002040, 0x00000040, 0x80200040);
-	# nibble 6
-	&data_word(0x00004000, 0x00000200, 0x01000200, 0x01000004);
-	&data_word(0x01004204, 0x00004004, 0x00004200, 0x00000000);
-	&data_word(0x01000000, 0x01000204, 0x00000204, 0x01004000);
-	&data_word(0x00000004, 0x01004200, 0x01004000, 0x00000204);
-	&data_word(0x01000204, 0x00004000, 0x00004004, 0x01004204);
-	&data_word(0x00000000, 0x01000200, 0x01000004, 0x00004200);
-	&data_word(0x01004004, 0x00004204, 0x01004200, 0x00000004);
-	&data_word(0x00004204, 0x01004004, 0x00000200, 0x01000000);
-	&data_word(0x00004204, 0x01004000, 0x01004004, 0x00000204);
-	&data_word(0x00004000, 0x00000200, 0x01000000, 0x01004004);
-	&data_word(0x01000204, 0x00004204, 0x00004200, 0x00000000);
-	&data_word(0x00000200, 0x01000004, 0x00000004, 0x01000200);
-	&data_word(0x00000000, 0x01000204, 0x01000200, 0x00004200);
-	&data_word(0x00000204, 0x00004000, 0x01004204, 0x01000000);
-	&data_word(0x01004200, 0x00000004, 0x00004004, 0x01004204);
-	&data_word(0x01000004, 0x01004200, 0x01004000, 0x00004004);
-	# nibble 7
-	&data_word(0x20800080, 0x20820000, 0x00020080, 0x00000000);
-	&data_word(0x20020000, 0x00800080, 0x20800000, 0x20820080);
-	&data_word(0x00000080, 0x20000000, 0x00820000, 0x00020080);
-	&data_word(0x00820080, 0x20020080, 0x20000080, 0x20800000);
-	&data_word(0x00020000, 0x00820080, 0x00800080, 0x20020000);
-	&data_word(0x20820080, 0x20000080, 0x00000000, 0x00820000);
-	&data_word(0x20000000, 0x00800000, 0x20020080, 0x20800080);
-	&data_word(0x00800000, 0x00020000, 0x20820000, 0x00000080);
-	&data_word(0x00800000, 0x00020000, 0x20000080, 0x20820080);
-	&data_word(0x00020080, 0x20000000, 0x00000000, 0x00820000);
-	&data_word(0x20800080, 0x20020080, 0x20020000, 0x00800080);
-	&data_word(0x20820000, 0x00000080, 0x00800080, 0x20020000);
-	&data_word(0x20820080, 0x00800000, 0x20800000, 0x20000080);
-	&data_word(0x00820000, 0x00020080, 0x20020080, 0x20800000);
-	&data_word(0x00000080, 0x20820000, 0x00820080, 0x00000000);
-	&data_word(0x20000000, 0x20800080, 0x00020000, 0x00820080);
-	}
diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4
deleted file mode 100644
index 3280595478..0000000000
--- a/crypto/des/asm/des_enc.m4
+++ /dev/null
@@ -1,2099 +0,0 @@
-!  des_enc.m4
-!  des_enc.S  (generated from des_enc.m4)
-!
-!  UltraSPARC assembler version of the LibDES/SSLeay/OpenSSL des_enc.c file.
-!
-!  Version 1.0. 32-bit version.
-!
-!  June 8, 2000.
-!
-!  Version 2.0. 32/64-bit, PIC-ification, blended CPU adaptation
-!		by Andy Polyakov.
-!
-!  January 1, 2003.
-!
-!  Assembler version: Copyright Svend Olaf Mikkelsen.
-!
-!  Original C code: Copyright Eric A. Young.
-!
-!  This code can be freely used by LibDES/SSLeay/OpenSSL users.
-!
-!  The LibDES/SSLeay/OpenSSL copyright notices must be respected.
-!
-!  This version can be redistributed.
-!
-!  To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S
-!
-!  Global registers 1 to 5 are used. This is the same as done by the
-!  cc compiler. The UltraSPARC load/store little endian feature is used.
-!
-!  Instruction grouping often refers to one CPU cycle.
-!
-!  Assemble through gcc: gcc -c -mcpu=ultrasparc -o des_enc.o des_enc.S
-!
-!  Assemble through cc:  cc -c -xarch=v8plusa -o des_enc.o des_enc.S
-!
-!  Performance improvement according to './apps/openssl speed des'
-!
-!	32-bit build:
-!		23%  faster than cc-5.2 -xarch=v8plus -xO5
-!		115% faster than gcc-3.2.1 -m32 -mcpu=ultrasparc -O5
-!	64-bit build:
-!		50%  faster than cc-5.2 -xarch=v9 -xO5
-!		100% faster than gcc-3.2.1 -m64 -mcpu=ultrasparc -O5
-!
-
-.ident "des_enc.m4 2.1"
-.file  "des_enc-sparc.S"
-
-#if defined(__SUNPRO_C) && defined(__sparcv9)
-# define ABI64  /* They've said -xarch=v9 at command line */
-#elif defined(__GNUC__) && defined(__arch64__)
-# define ABI64  /* They've said -m64 at command line */
-#endif
-
-#ifdef ABI64
-  .register	%g2,#scratch
-  .register	%g3,#scratch
-# define	FRAME	-192
-# define	BIAS	2047
-# define	LDPTR	ldx
-# define	STPTR	stx
-# define	ARG0	128
-# define	ARGSZ	8
-# ifndef OPENSSL_SYSNAME_ULTRASPARC
-# define OPENSSL_SYSNAME_ULTRASPARC
-# endif
-#else
-# define	FRAME	-96
-# define	BIAS	0
-# define	LDPTR	ld
-# define	STPTR	st
-# define	ARG0	68
-# define	ARGSZ	4
-#endif
-
-#define LOOPS 7
-
-#define global0 %g0
-#define global1 %g1
-#define global2 %g2
-#define global3 %g3
-#define global4 %g4
-#define global5 %g5
-
-#define local0 %l0
-#define local1 %l1
-#define local2 %l2
-#define local3 %l3
-#define local4 %l4
-#define local5 %l5
-#define local7 %l6
-#define local6 %l7
-
-#define in0 %i0
-#define in1 %i1
-#define in2 %i2
-#define in3 %i3
-#define in4 %i4
-#define in5 %i5
-#define in6 %i6
-#define in7 %i7
-
-#define out0 %o0
-#define out1 %o1
-#define out2 %o2
-#define out3 %o3
-#define out4 %o4
-#define out5 %o5
-#define out6 %o6
-#define out7 %o7
-
-#define stub stb
-
-changequote({,})
-
-
-! Macro definitions:
-
-
-! {ip_macro}
-!
-! The logic used in initial and final permutations is the same as in
-! the C code. The permutations are done with a clever shift, xor, and
-! technique.
-!
-! The macro also loads address sbox 1 to 5 to global 1 to 5, address
-! sbox 6 to local6, and addres sbox 8 to out3.
-!
-! Rotates the halfs 3 left to bring the sbox bits in convenient positions.
-!
-! Loads key first round from address in parameter 5 to out0, out1.
-!
-! After the the original LibDES initial permutation, the resulting left
-! is in the variable initially used for right and vice versa. The macro
-! implements the possibility to keep the halfs in the original registers.
-!
-! parameter 1  left
-! parameter 2  right
-! parameter 3  result left (modify in first round)
-! parameter 4  result right (use in first round)
-! parameter 5  key address
-! parameter 6  1/2 for include encryption/decryption
-! parameter 7  1 for move in1 to in3
-! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
-! parameter 9  1 for load ks3 and ks2 to in4 and in3
-
-define(ip_macro, {
-
-! {ip_macro}
-! $1 $2 $4 $3 $5 $6 $7 $8 $9
-
-	ld	[out2+256], local1
-	srl	$2, 4, local4
-
-	xor	local4, $1, local4
-	ifelse($7,1,{mov in1, in3},{nop})
-
-	ld	[out2+260], local2
-	and	local4, local1, local4
-	ifelse($8,1,{mov in3, in4},{})
-	ifelse($8,2,{mov in4, in3},{})
-
-	ld	[out2+280], out4          ! loop counter
-	sll	local4, 4, local1
-	xor	$1, local4, $1
-
-	ld	[out2+264], local3
-	srl	$1, 16, local4
-	xor	$2, local1, $2
-
-	ifelse($9,1,{LDPTR	KS3, in4},{})
-	xor	local4, $2, local4
-	nop	!sethi	%hi(DES_SPtrans), global1 ! sbox addr
-
-	ifelse($9,1,{LDPTR	KS2, in3},{})
-	and	local4, local2, local4
-	nop	!or	global1, %lo(DES_SPtrans), global1   ! sbox addr
-
-	sll	local4, 16, local1
-	xor	$2, local4, $2
-
-	srl	$2, 2, local4
-	xor	$1, local1, $1
-
-	sethi	%hi(16711680), local5
-	xor	local4, $1, local4
-
-	and	local4, local3, local4
-	or	local5, 255, local5
-
-	sll	local4, 2, local2
-	xor	$1, local4, $1
-
-	srl	$1, 8, local4
-	xor	$2, local2, $2
-
-	xor	local4, $2, local4
-	add	global1, 768, global4
-
-	and	local4, local5, local4
-	add	global1, 1024, global5
-
-	ld	[out2+272], local7
-	sll	local4, 8, local1
-	xor	$2, local4, $2
-
-	srl	$2, 1, local4
-	xor	$1, local1, $1
-
-	ld	[$5], out0                ! key 7531
-	xor	local4, $1, local4
-	add	global1, 256, global2
-
-	ld	[$5+4], out1              ! key 8642
-	and	local4, local7, local4
-	add	global1, 512, global3
-
-	sll	local4, 1, local1
-	xor	$1, local4, $1
-
-	sll	$1, 3, local3
-	xor	$2, local1, $2
-
-	sll	$2, 3, local2
-	add	global1, 1280, local6     ! address sbox 8
-
-	srl	$1, 29, local4
-	add	global1, 1792, out3       ! address sbox 8
-
-	srl	$2, 29, local1
-	or	local4, local3, $4
-
-	or	local2, local1, $3
-
-	ifelse($6, 1, {
-
-		ld	[out2+284], local5     ! 0x0000FC00 used in the rounds
-		or	local2, local1, $3
-		xor	$4, out0, local1
-
-		call .des_enc.1
-		and	local1, 252, local1
-
-	},{})
-
-	ifelse($6, 2, {
-
-		ld	[out2+284], local5     ! 0x0000FC00 used in the rounds
-		or	local2, local1, $3
-		xor	$4, out0, local1
-
-		call .des_dec.1
-		and	local1, 252, local1
-
-	},{})
-})
-
-
-! {rounds_macro}
-!
-! The logic used in the DES rounds is the same as in the C code,
-! except that calculations for sbox 1 and sbox 5 begin before
-! the previous round is finished.
-!
-! In each round one half (work) is modified based on key and the
-! other half (use).
-!
-! In this version we do two rounds in a loop repeated 7 times
-! and two rounds seperately.
-!
-! One half has the bits for the sboxes in the following positions:
-!
-!	777777xx555555xx333333xx111111xx
-!
-!	88xx666666xx444444xx222222xx8888
-!
-! The bits for each sbox are xor-ed with the key bits for that box.
-! The above xx bits are cleared, and the result used for lookup in
-! the sbox table. Each sbox entry contains the 4 output bits permuted
-! into 32 bits according to the P permutation.
-!
-! In the description of DES, left and right are switched after
-! each round, except after last round. In this code the original
-! left and right are kept in the same register in all rounds, meaning
-! that after the 16 rounds the result for right is in the register
-! originally used for left.
-!
-! parameter 1  first work (left in first round)
-! parameter 2  first use (right in first round)
-! parameter 3  enc/dec  1/-1
-! parameter 4  loop label
-! parameter 5  key address register
-! parameter 6  optional address for key next encryption/decryption
-! parameter 7  not empty for include retl
-!
-! also compares in2 to 8
-
-define(rounds_macro, {
-
-! {rounds_macro}
-! $1 $2 $3 $4 $5 $6 $7 $8 $9
-
-	xor	$2, out0, local1
-
-	ld	[out2+284], local5        ! 0x0000FC00
-	ba	$4
-	and	local1, 252, local1
-
-	.align 32
-
-$4:
-	! local6 is address sbox 6
-	! out3   is address sbox 8
-	! out4   is loop counter
-
-	ld	[global1+local1], local1
-	xor	$2, out1, out1            ! 8642
-	xor	$2, out0, out0            ! 7531
-	! fmovs	%f0, %f0                  ! fxor used for alignment
-
-	srl	out1, 4, local0           ! rotate 4 right
-	and	out0, local5, local3      ! 3
-	! fmovs	%f0, %f0
-
-	ld	[$5+$3*8], local7         ! key 7531 next round
-	srl	local3, 8, local3         ! 3
-	and	local0, 252, local2       ! 2
-	! fmovs	%f0, %f0
-
-	ld	[global3+local3],local3   ! 3
-	sll	out1, 28, out1            ! rotate
-	xor	$1, local1, $1            ! 1 finished, local1 now sbox 7
-
-	ld	[global2+local2], local2  ! 2 
-	srl	out0, 24, local1          ! 7
-	or	out1, local0, out1        ! rotate
-
-	ldub	[out2+local1], local1     ! 7 (and 0xFC)
-	srl	out1, 24, local0          ! 8
-	and	out1, local5, local4      ! 4
-
-	ldub	[out2+local0], local0     ! 8 (and 0xFC)
-	srl	local4, 8, local4         ! 4
-	xor	$1, local2, $1            ! 2 finished local2 now sbox 6
-
-	ld	[global4+local4],local4   ! 4
-	srl	out1, 16, local2          ! 6
-	xor	$1, local3, $1            ! 3 finished local3 now sbox 5
-
-	ld	[out3+local0],local0      ! 8
-	and	local2, 252, local2       ! 6
-	add	global1, 1536, local5     ! address sbox 7
-
-	ld	[local6+local2], local2   ! 6
-	srl	out0, 16, local3          ! 5
-	xor	$1, local4, $1            ! 4 finished
-
-	ld	[local5+local1],local1    ! 7
-	and	local3, 252, local3       ! 5
-	xor	$1, local0, $1            ! 8 finished
-
-	ld	[global5+local3],local3   ! 5
-	xor	$1, local2, $1            ! 6 finished
-	subcc	out4, 1, out4
-
-	ld	[$5+$3*8+4], out0         ! key 8642 next round
-	xor	$1, local7, local2        ! sbox 5 next round
-	xor	$1, local1, $1            ! 7 finished
-
-	srl	local2, 16, local2        ! sbox 5 next round
-	xor	$1, local3, $1            ! 5 finished
-
-	ld	[$5+$3*16+4], out1        ! key 8642 next round again
-	and	local2, 252, local2       ! sbox5 next round
-! next round
-	xor	$1, local7, local7        ! 7531
-
-	ld	[global5+local2], local2  ! 5
-	srl	local7, 24, local3        ! 7
-	xor	$1, out0, out0            ! 8642
-
-	ldub	[out2+local3], local3     ! 7 (and 0xFC)
-	srl	out0, 4, local0           ! rotate 4 right
-	and	local7, 252, local1       ! 1
-
-	sll	out0, 28, out0            ! rotate
-	xor	$2, local2, $2            ! 5 finished local2 used
-
-	srl	local0, 8, local4         ! 4
-	and	local0, 252, local2       ! 2
-	ld	[local5+local3], local3   ! 7
-
-	srl	local0, 16, local5        ! 6
-	or	out0, local0, out0        ! rotate
-	ld	[global2+local2], local2  ! 2
-
-	srl	out0, 24, local0
-	ld	[$5+$3*16], out0          ! key 7531 next round
-	and	local4, 252, local4	  ! 4
-
-	and	local5, 252, local5       ! 6
-	ld	[global4+local4], local4  ! 4
-	xor	$2, local3, $2            ! 7 finished local3 used
-
-	and	local0, 252, local0       ! 8
-	ld	[local6+local5], local5   ! 6
-	xor	$2, local2, $2            ! 2 finished local2 now sbox 3
-
-	srl	local7, 8, local2         ! 3 start
-	ld	[out3+local0], local0     ! 8
-	xor	$2, local4, $2            ! 4 finished
-
-	and	local2, 252, local2       ! 3
-	ld	[global1+local1], local1  ! 1
-	xor	$2, local5, $2            ! 6 finished local5 used
-
-	ld	[global3+local2], local2  ! 3
-	xor	$2, local0, $2            ! 8 finished
-	add	$5, $3*16, $5             ! enc add 8, dec add -8 to key pointer
-
-	ld	[out2+284], local5        ! 0x0000FC00
-	xor	$2, out0, local4          ! sbox 1 next round
-	xor	$2, local1, $2            ! 1 finished
-
-	xor	$2, local2, $2            ! 3 finished
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	bne,pt	%icc, $4
-#else
-	bne	$4
-#endif
-	and	local4, 252, local1       ! sbox 1 next round
-
-! two rounds more:
-
-	ld	[global1+local1], local1
-	xor	$2, out1, out1
-	xor	$2, out0, out0
-
-	srl	out1, 4, local0           ! rotate
-	and	out0, local5, local3
-
-	ld	[$5+$3*8], local7         ! key 7531
-	srl	local3, 8, local3
-	and	local0, 252, local2
-
-	ld	[global3+local3],local3
-	sll	out1, 28, out1            ! rotate
-	xor	$1, local1, $1            ! 1 finished, local1 now sbox 7
-
-	ld	[global2+local2], local2
-	srl	out0, 24, local1
-	or	out1, local0, out1        ! rotate
-
-	ldub	[out2+local1], local1
-	srl	out1, 24, local0
-	and	out1, local5, local4
-
-	ldub	[out2+local0], local0
-	srl	local4, 8, local4
-	xor	$1, local2, $1            ! 2 finished local2 now sbox 6
-
-	ld	[global4+local4],local4
-	srl	out1, 16, local2
-	xor	$1, local3, $1            ! 3 finished local3 now sbox 5
-
-	ld	[out3+local0],local0
-	and	local2, 252, local2
-	add	global1, 1536, local5     ! address sbox 7
-
-	ld	[local6+local2], local2
-	srl	out0, 16, local3
-	xor	$1, local4, $1            ! 4 finished
-
-	ld	[local5+local1],local1
-	and	local3, 252, local3
-	xor	$1, local0, $1
-
-	ld	[global5+local3],local3
-	xor	$1, local2, $1            ! 6 finished
-	cmp	in2, 8
-
-	ifelse($6,{}, {}, {ld	[out2+280], out4})  ! loop counter
-	xor	$1, local7, local2        ! sbox 5 next round
-	xor	$1, local1, $1            ! 7 finished
-
-	ld	[$5+$3*8+4], out0
-	srl	local2, 16, local2        ! sbox 5 next round
-	xor	$1, local3, $1            ! 5 finished
-
-	and	local2, 252, local2
-! next round (two rounds more)
-	xor	$1, local7, local7        ! 7531
-
-	ld	[global5+local2], local2
-	srl	local7, 24, local3
-	xor	$1, out0, out0            ! 8642
-
-	ldub	[out2+local3], local3
-	srl	out0, 4, local0           ! rotate
-	and	local7, 252, local1
-
-	sll	out0, 28, out0            ! rotate
-	xor	$2, local2, $2            ! 5 finished local2 used
-
-	srl	local0, 8, local4
-	and	local0, 252, local2
-	ld	[local5+local3], local3
-
-	srl	local0, 16, local5
-	or	out0, local0, out0        ! rotate
-	ld	[global2+local2], local2
-
-	srl	out0, 24, local0
-	ifelse($6,{}, {}, {ld	[$6], out0})   ! key next encryption/decryption
-	and	local4, 252, local4
-
-	and	local5, 252, local5
-	ld	[global4+local4], local4
-	xor	$2, local3, $2            ! 7 finished local3 used
-
-	and	local0, 252, local0
-	ld	[local6+local5], local5
-	xor	$2, local2, $2            ! 2 finished local2 now sbox 3
-
-	srl	local7, 8, local2         ! 3 start
-	ld	[out3+local0], local0
-	xor	$2, local4, $2
-
-	and	local2, 252, local2
-	ld	[global1+local1], local1
-	xor	$2, local5, $2            ! 6 finished local5 used
-
-	ld	[global3+local2], local2
-	srl	$1, 3, local3
-	xor	$2, local0, $2
-
-	ifelse($6,{}, {}, {ld	[$6+4], out1}) ! key next encryption/decryption
-	sll	$1, 29, local4
-	xor	$2, local1, $2
-
-	ifelse($7,{}, {}, {retl})
-	xor	$2, local2, $2
-})
-
-
-! {fp_macro}
-!
-!  parameter 1   right (original left)
-!  parameter 2   left (original right)
-!  parameter 3   1 for optional store to [in0]
-!  parameter 4   1 for load input/output address to local5/7
-!
-!  The final permutation logic switches the halfes, meaning that
-!  left and right ends up the the registers originally used.
-
-define(fp_macro, {
-
-! {fp_macro}
-! $1 $2 $3 $4 $5 $6 $7 $8 $9
-
-	! initially undo the rotate 3 left done after initial permutation
-	! original left is received shifted 3 right and 29 left in local3/4
-
-	sll	$2, 29, local1
-	or	local3, local4, $1
-
-	srl	$2, 3, $2
-	sethi	%hi(0x55555555), local2
-
-	or	$2, local1, $2
-	or	local2, %lo(0x55555555), local2
-
-	srl	$2, 1, local3
-	sethi	%hi(0x00ff00ff), local1
-	xor	local3, $1, local3
-	or	local1, %lo(0x00ff00ff), local1
-	and	local3, local2, local3
-	sethi	%hi(0x33333333), local4
-	sll	local3, 1, local2
-
-	xor	$1, local3, $1
-
-	srl	$1, 8, local3
-	xor	$2, local2, $2
-	xor	local3, $2, local3
-	or	local4, %lo(0x33333333), local4
-	and	local3, local1, local3
-	sethi	%hi(0x0000ffff), local1
-	sll	local3, 8, local2
-
-	xor	$2, local3, $2
-
-	srl	$2, 2, local3
-	xor	$1, local2, $1
-	xor	local3, $1, local3
-	or	local1, %lo(0x0000ffff), local1
-	and	local3, local4, local3
-	sethi	%hi(0x0f0f0f0f), local4
-	sll	local3, 2, local2
-
-	ifelse($4,1, {LDPTR INPUT, local5})
-	xor	$1, local3, $1
-
-	ifelse($4,1, {LDPTR OUTPUT, local7})
-	srl	$1, 16, local3
-	xor	$2, local2, $2
-	xor	local3, $2, local3
-	or	local4, %lo(0x0f0f0f0f), local4
-	and	local3, local1, local3
-	sll	local3, 16, local2
-
-	xor	$2, local3, local1
-
-	srl	local1, 4, local3
-	xor	$1, local2, $1
-	xor	local3, $1, local3
-	and	local3, local4, local3
-	sll	local3, 4, local2
-
-	xor	$1, local3, $1
-
-	! optional store:
-
-	ifelse($3,1, {st $1, [in0]})
-
-	xor	local1, local2, $2
-
-	ifelse($3,1, {st $2, [in0+4]})
-
-})
-
-
-! {fp_ip_macro}
-!
-! Does initial permutation for next block mixed with
-! final permutation for current block.
-!
-! parameter 1   original left
-! parameter 2   original right
-! parameter 3   left ip
-! parameter 4   right ip
-! parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4
-!                2: mov in4 to in3
-!
-! also adds -8 to length in2 and loads loop counter to out4
-
-define(fp_ip_macro, {
-
-! {fp_ip_macro}
-! $1 $2 $3 $4 $5 $6 $7 $8 $9
-
-	define({temp1},{out4})
-	define({temp2},{local3})
-
-	define({ip1},{local1})
-	define({ip2},{local2})
-	define({ip4},{local4})
-	define({ip5},{local5})
-
-	! $1 in local3, local4
-
-	ld	[out2+256], ip1
-	sll	out5, 29, temp1
-	or	local3, local4, $1
-
-	srl	out5, 3, $2
-	ifelse($5,2,{mov in4, in3})
-
-	ld	[out2+272], ip5
-	srl	$4, 4, local0
-	or	$2, temp1, $2
-
-	srl	$2, 1, temp1
-	xor	temp1, $1, temp1
-
-	and	temp1, ip5, temp1
-	xor	local0, $3, local0
-
-	sll	temp1, 1, temp2
-	xor	$1, temp1, $1
-
-	and	local0, ip1, local0
-	add	in2, -8, in2
-
-	sll	local0, 4, local7
-	xor	$3, local0, $3
-
-	ld	[out2+268], ip4
-	srl	$1, 8, temp1
-	xor	$2, temp2, $2
-	ld	[out2+260], ip2
-	srl	$3, 16, local0
-	xor	$4, local7, $4
-	xor	temp1, $2, temp1
-	xor	local0, $4, local0
-	and	temp1, ip4, temp1
-	and	local0, ip2, local0
-	sll	temp1, 8, temp2
-	xor	$2, temp1, $2
-	sll	local0, 16, local7
-	xor	$4, local0, $4
-
-	srl	$2, 2, temp1
-	xor	$1, temp2, $1
-
-	ld	[out2+264], temp2         ! ip3
-	srl	$4, 2, local0
-	xor	$3, local7, $3
-	xor	temp1, $1, temp1
-	xor	local0, $3, local0
-	and	temp1, temp2, temp1
-	and	local0, temp2, local0
-	sll	temp1, 2, temp2
-	xor	$1, temp1, $1
-	sll	local0, 2, local7
-	xor	$3, local0, $3
-
-	srl	$1, 16, temp1
-	xor	$2, temp2, $2
-	srl	$3, 8, local0
-	xor	$4, local7, $4
-	xor	temp1, $2, temp1
-	xor	local0, $4, local0
-	and	temp1, ip2, temp1
-	and	local0, ip4, local0
-	sll	temp1, 16, temp2
-	xor	$2, temp1, local4
-	sll	local0, 8, local7
-	xor	$4, local0, $4
-
-	srl	$4, 1, local0
-	xor	$3, local7, $3
-
-	srl	local4, 4, temp1
-	xor	local0, $3, local0
-
-	xor	$1, temp2, $1
-	and	local0, ip5, local0
-
-	sll	local0, 1, local7
-	xor	temp1, $1, temp1
-
-	xor	$3, local0, $3
-	xor	$4, local7, $4
-
-	sll	$3, 3, local5
-	and	temp1, ip1, temp1
-
-	sll	temp1, 4, temp2
-	xor	$1, temp1, $1
-
-	ifelse($5,1,{LDPTR	KS2, in4})
-	sll	$4, 3, local2
-	xor	local4, temp2, $2
-
-	! reload since used as temporar:
-
-	ld	[out2+280], out4          ! loop counter
-
-	srl	$3, 29, local0
-	ifelse($5,1,{add in4, 120, in4})
-
-	ifelse($5,1,{LDPTR	KS1, in3})
-	srl	$4, 29, local7
-
-	or	local0, local5, $4
-	or	local2, local7, $3
-
-})
-
-
-
-! {load_little_endian}
-!
-! parameter 1  address
-! parameter 2  destination left
-! parameter 3  destination right
-! parameter 4  temporar
-! parameter 5  label
-
-define(load_little_endian, {
-
-! {load_little_endian}
-! $1 $2 $3 $4 $5 $6 $7 $8 $9
-
-	! first in memory to rightmost in register
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	andcc	$1, 3, global0
-	bne,pn	%icc, $5
-	nop
-
-	lda	[$1] 0x88, $2
-	add	$1, 4, $4
-
-	ba,pt	%icc, $5a
-	lda	[$4] 0x88, $3
-#endif
-
-$5:
-	ldub	[$1+3], $2
-
-	ldub	[$1+2], $4
-	sll	$2, 8, $2
-	or	$2, $4, $2
-
-	ldub	[$1+1], $4
-	sll	$2, 8, $2
-	or	$2, $4, $2
-
-	ldub	[$1+0], $4
-	sll	$2, 8, $2
-	or	$2, $4, $2
-
-
-	ldub	[$1+3+4], $3
-
-	ldub	[$1+2+4], $4
-	sll	$3, 8, $3
-	or	$3, $4, $3
-
-	ldub	[$1+1+4], $4
-	sll	$3, 8, $3
-	or	$3, $4, $3
-
-	ldub	[$1+0+4], $4
-	sll	$3, 8, $3
-	or	$3, $4, $3
-$5a:
-
-})
-
-
-! {load_little_endian_inc}
-!
-! parameter 1  address
-! parameter 2  destination left
-! parameter 3  destination right
-! parameter 4  temporar
-! parameter 4  label
-!
-! adds 8 to address
-
-define(load_little_endian_inc, {
-
-! {load_little_endian_inc}
-! $1 $2 $3 $4 $5 $6 $7 $8 $9
-
-	! first in memory to rightmost in register
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	andcc	$1, 3, global0
-	bne,pn	%icc, $5
-	nop
-
-	lda	[$1] 0x88, $2
-	add	$1, 4, $1
-
-	lda	[$1] 0x88, $3
-	ba,pt	%icc, $5a
-	add	$1, 4, $1
-#endif
-
-$5:
-	ldub	[$1+3], $2
-
-	ldub	[$1+2], $4
-	sll	$2, 8, $2
-	or	$2, $4, $2
-
-	ldub	[$1+1], $4
-	sll	$2, 8, $2
-	or	$2, $4, $2
-
-	ldub	[$1+0], $4
-	sll	$2, 8, $2
-	or	$2, $4, $2
-
-	ldub	[$1+3+4], $3
-	add	$1, 8, $1
-
-	ldub	[$1+2+4-8], $4
-	sll	$3, 8, $3
-	or	$3, $4, $3
-
-	ldub	[$1+1+4-8], $4
-	sll	$3, 8, $3
-	or	$3, $4, $3
-
-	ldub	[$1+0+4-8], $4
-	sll	$3, 8, $3
-	or	$3, $4, $3
-$5a:
-
-})
-
-
-! {load_n_bytes}
-!
-! Loads 1 to 7 bytes little endian
-! Remaining bytes are zeroed.
-!
-! parameter 1  address
-! parameter 2  length
-! parameter 3  destination register left
-! parameter 4  destination register right
-! parameter 5  temp
-! parameter 6  temp2
-! parameter 7  label
-! parameter 8  return label
-
-define(load_n_bytes, {
-
-! {load_n_bytes}
-! $1 $2 $5 $6 $7 $8 $7 $8 $9
-
-$7.0:	call	.+8
-	sll	$2, 2, $6
-
-	add	%o7,$7.jmp.table-$7.0,$5
-
-	add	$5, $6, $5
-	mov	0, $4
-
-	ld	[$5], $5
-
-	jmp	%o7+$5
-	mov	0, $3
-
-$7.7:
-	ldub	[$1+6], $5
-	sll	$5, 16, $5
-	or	$3, $5, $3
-$7.6:
-	ldub	[$1+5], $5
-	sll	$5, 8, $5
-	or	$3, $5, $3
-$7.5:
-	ldub	[$1+4], $5
-	or	$3, $5, $3
-$7.4:
-	ldub	[$1+3], $5
-	sll	$5, 24, $5
-	or	$4, $5, $4
-$7.3:
-	ldub	[$1+2], $5
-	sll	$5, 16, $5
-	or	$4, $5, $4
-$7.2:
-	ldub	[$1+1], $5
-	sll	$5, 8, $5
-	or	$4, $5, $4
-$7.1:
-	ldub	[$1+0], $5
-	ba	$8
-	or	$4, $5, $4
-
-	.align 4
-
-$7.jmp.table:
-	.word	0
-	.word	$7.1-$7.0
-	.word	$7.2-$7.0
-	.word	$7.3-$7.0
-	.word	$7.4-$7.0
-	.word	$7.5-$7.0
-	.word	$7.6-$7.0
-	.word	$7.7-$7.0
-})
-
-
-! {store_little_endian}
-!
-! parameter 1  address
-! parameter 2  source left
-! parameter 3  source right
-! parameter 4  temporar
-
-define(store_little_endian, {
-
-! {store_little_endian}
-! $1 $2 $3 $4 $5 $6 $7 $8 $9
-
-	! rightmost in register to first in memory
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	andcc	$1, 3, global0
-	bne,pn	%icc, $5
-	nop
-
-	sta	$2, [$1] 0x88
-	add	$1, 4, $4
-
-	ba,pt	%icc, $5a
-	sta	$3, [$4] 0x88
-#endif
-
-$5:
-	and	$2, 255, $4
-	stub	$4, [$1+0]
-
-	srl	$2, 8, $4
-	and	$4, 255, $4
-	stub	$4, [$1+1]
-
-	srl	$2, 16, $4
-	and	$4, 255, $4
-	stub	$4, [$1+2]
-
-	srl	$2, 24, $4
-	stub	$4, [$1+3]
-
-
-	and	$3, 255, $4
-	stub	$4, [$1+0+4]
-
-	srl	$3, 8, $4
-	and	$4, 255, $4
-	stub	$4, [$1+1+4]
-
-	srl	$3, 16, $4
-	and	$4, 255, $4
-	stub	$4, [$1+2+4]
-
-	srl	$3, 24, $4
-	stub	$4, [$1+3+4]
-
-$5a:
-
-})
-
-
-! {store_n_bytes}
-!
-! Stores 1 to 7 bytes little endian
-!
-! parameter 1  address
-! parameter 2  length
-! parameter 3  source register left
-! parameter 4  source register right
-! parameter 5  temp
-! parameter 6  temp2
-! parameter 7  label
-! parameter 8  return label
-
-define(store_n_bytes, {
-
-! {store_n_bytes}
-! $1 $2 $5 $6 $7 $8 $7 $8 $9
-
-$7.0:	call	.+8
-	sll	$2, 2, $6
-
-	add	%o7,$7.jmp.table-$7.0,$5
-
-	add	$5, $6, $5
-
-	ld	[$5], $5
-
-	jmp	%o7+$5
-	nop
-
-$7.7:
-	srl	$3, 16, $5
-	and	$5, 0xff, $5
-	stub	$5, [$1+6]
-$7.6:
-	srl	$3, 8, $5
-	and	$5, 0xff, $5
-	stub	$5, [$1+5]
-$7.5:
-	and	$3, 0xff, $5
-	stub	$5, [$1+4]
-$7.4:
-	srl	$4, 24, $5
-	stub	$5, [$1+3]
-$7.3:
-	srl	$4, 16, $5
-	and	$5, 0xff, $5
-	stub	$5, [$1+2]
-$7.2:
-	srl	$4, 8, $5
-	and	$5, 0xff, $5
-	stub	$5, [$1+1]
-$7.1:
-	and	$4, 0xff, $5
-
-
-	ba	$8
-	stub	$5, [$1]
-
-	.align 4
-
-$7.jmp.table:
-
-	.word	0
-	.word	$7.1-$7.0
-	.word	$7.2-$7.0
-	.word	$7.3-$7.0
-	.word	$7.4-$7.0
-	.word	$7.5-$7.0
-	.word	$7.6-$7.0
-	.word	$7.7-$7.0
-})
-
-
-define(testvalue,{1})
-
-define(register_init, {
-
-! For test purposes:
-
-	sethi	%hi(testvalue), local0
-	or	local0, %lo(testvalue), local0
-
-	ifelse($1,{},{}, {mov	local0, $1})
-	ifelse($2,{},{}, {mov	local0, $2})
-	ifelse($3,{},{}, {mov	local0, $3})
-	ifelse($4,{},{}, {mov	local0, $4})
-	ifelse($5,{},{}, {mov	local0, $5})
-	ifelse($6,{},{}, {mov	local0, $6})
-	ifelse($7,{},{}, {mov	local0, $7})
-	ifelse($8,{},{}, {mov	local0, $8})
-
-	mov	local0, local1
-	mov	local0, local2
-	mov	local0, local3
-	mov	local0, local4
-	mov	local0, local5
-	mov	local0, local7
-	mov	local0, local6
-	mov	local0, out0
-	mov	local0, out1
-	mov	local0, out2
-	mov	local0, out3
-	mov	local0, out4
-	mov	local0, out5
-	mov	local0, global1
-	mov	local0, global2
-	mov	local0, global3
-	mov	local0, global4
-	mov	local0, global5
-
-})
-
-.section	".text"
-
-	.align 32
-
-.des_enc:
-
-	! key address in3
-	! loads key next encryption/decryption first round from [in4]
-
-	rounds_macro(in5, out5, 1, .des_enc.1, in3, in4, retl)
-
-
-	.align 32
-
-.des_dec:
-
-	! implemented with out5 as first parameter to avoid
-	! register exchange in ede modes
-
-	! key address in4
-	! loads key next encryption/decryption first round from [in3]
-
-	rounds_macro(out5, in5, -1, .des_dec.1, in4, in3, retl)
-
-
-
-! void DES_encrypt1(data, ks, enc)
-! *******************************
-
-	.align 32
-	.global DES_encrypt1
-	.type	 DES_encrypt1,#function
-
-DES_encrypt1:
-
-	save	%sp, FRAME, %sp
-
-	sethi	%hi(.PIC.DES_SPtrans-1f),global1
-	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
-1:	call	.+8
-	add	%o7,global1,global1
-	sub	global1,.PIC.DES_SPtrans-.des_and,out2
-
-	ld	[in0], in5                ! left
-	cmp	in2, 0                    ! enc
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	be,pn	%icc, .encrypt.dec        ! enc/dec
-#else
-	be	.encrypt.dec
-#endif
-	ld	[in0+4], out5             ! right
-
-	! parameter 6  1/2 for include encryption/decryption
-	! parameter 7  1 for move in1 to in3
-	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
-
-	ip_macro(in5, out5, in5, out5, in3, 0, 1, 1)
-
-	rounds_macro(in5, out5, 1, .des_encrypt1.1, in3, in4) ! in4 not used
-
-	fp_macro(in5, out5, 1)            ! 1 for store to [in0]
-
-	ret
-	restore
-
-.encrypt.dec:
-
-	add	in1, 120, in3             ! use last subkey for first round
-
-	! parameter 6  1/2 for include encryption/decryption
-	! parameter 7  1 for move in1 to in3
-	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
-
-	ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include dec,  ks in4
-
-	fp_macro(out5, in5, 1)            ! 1 for store to [in0]
-
-	ret
-	restore
-
-.DES_encrypt1.end:
-	.size	 DES_encrypt1,.DES_encrypt1.end-DES_encrypt1
-
-
-! void DES_encrypt2(data, ks, enc)
-!*********************************
-
-	! encrypts/decrypts without initial/final permutation
-
-	.align 32
-	.global DES_encrypt2
-	.type	 DES_encrypt2,#function
-
-DES_encrypt2:
-
-	save	%sp, FRAME, %sp
-
-	sethi	%hi(.PIC.DES_SPtrans-1f),global1
-	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
-1:	call	.+8
-	add	%o7,global1,global1
-	sub	global1,.PIC.DES_SPtrans-.des_and,out2
-
-	! Set sbox address 1 to 6 and rotate halfs 3 left
-	! Errors caught by destest? Yes. Still? *NO*
-
-	!sethi	%hi(DES_SPtrans), global1 ! address sbox 1
-
-	!or	global1, %lo(DES_SPtrans), global1  ! sbox 1
-
-	add	global1, 256, global2     ! sbox 2
-	add	global1, 512, global3     ! sbox 3
-
-	ld	[in0], out5               ! right
-	add	global1, 768, global4     ! sbox 4
-	add	global1, 1024, global5    ! sbox 5
-
-	ld	[in0+4], in5              ! left
-	add	global1, 1280, local6     ! sbox 6
-	add	global1, 1792, out3       ! sbox 8
-
-	! rotate
-
-	sll	in5, 3, local5
-	mov	in1, in3                  ! key address to in3
-
-	sll	out5, 3, local7
-	srl	in5, 29, in5
-
-	srl	out5, 29, out5
-	add	in5, local5, in5
-
-	add	out5, local7, out5
-	cmp	in2, 0
-
-	! we use our own stackframe
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	be,pn	%icc, .encrypt2.dec       ! decryption
-#else
-	be	.encrypt2.dec
-#endif
-	STPTR	in0, [%sp+BIAS+ARG0+0*ARGSZ]
-
-	ld	[in3], out0               ! key 7531 first round
-	mov	LOOPS, out4               ! loop counter
-
-	ld	[in3+4], out1             ! key 8642 first round
-	sethi	%hi(0x0000FC00), local5
-
-	call .des_enc
-	mov	in3, in4
-
-	! rotate
-	sll	in5, 29, in0
-	srl	in5, 3, in5
-	sll	out5, 29, in1
-	add	in5, in0, in5
-	srl	out5, 3, out5
-	LDPTR	[%sp+BIAS+ARG0+0*ARGSZ], in0
-	add	out5, in1, out5
-	st	in5, [in0]
-	st	out5, [in0+4]
-
-	ret
-	restore
-
-
-.encrypt2.dec:
-
-	add in3, 120, in4
-
-	ld	[in4], out0               ! key 7531 first round
-	mov	LOOPS, out4               ! loop counter
-
-	ld	[in4+4], out1             ! key 8642 first round
-	sethi	%hi(0x0000FC00), local5
-
-	mov	in5, local1               ! left expected in out5
-	mov	out5, in5
-
-	call .des_dec
-	mov	local1, out5
-
-.encrypt2.finish:
-
-	! rotate
-	sll	in5, 29, in0
-	srl	in5, 3, in5
-	sll	out5, 29, in1
-	add	in5, in0, in5
-	srl	out5, 3, out5
-	LDPTR	[%sp+BIAS+ARG0+0*ARGSZ], in0
-	add	out5, in1, out5
-	st	out5, [in0]
-	st	in5, [in0+4]
-
-	ret
-	restore
-
-.DES_encrypt2.end:
-	.size	 DES_encrypt2, .DES_encrypt2.end-DES_encrypt2
-
-
-! void DES_encrypt3(data, ks1, ks2, ks3)
-! **************************************
-
-	.align 32
-	.global DES_encrypt3
-	.type	 DES_encrypt3,#function
-
-DES_encrypt3:
-
-	save	%sp, FRAME, %sp
-	
-	sethi	%hi(.PIC.DES_SPtrans-1f),global1
-	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
-1:	call	.+8
-	add	%o7,global1,global1
-	sub	global1,.PIC.DES_SPtrans-.des_and,out2
-
-	ld	[in0], in5                ! left
-	add	in2, 120, in4             ! ks2
-
-	ld	[in0+4], out5             ! right
-	mov	in3, in2                  ! save ks3
-
-	! parameter 6  1/2 for include encryption/decryption
-	! parameter 7  1 for mov in1 to in3
-	! parameter 8  1 for mov in3 to in4
-	! parameter 9  1 for load ks3 and ks2 to in4 and in3
-
-	ip_macro(in5, out5, in5, out5, in3, 1, 1, 0, 0)
-
-	call	.des_dec
-	mov	in2, in3                  ! preload ks3
-
-	call	.des_enc
-	nop
-
-	fp_macro(in5, out5, 1)
-
-	ret
-	restore
-
-.DES_encrypt3.end:
-	.size	 DES_encrypt3,.DES_encrypt3.end-DES_encrypt3
-
-
-! void DES_decrypt3(data, ks1, ks2, ks3)
-! **************************************
-
-	.align 32
-	.global DES_decrypt3
-	.type	 DES_decrypt3,#function
-
-DES_decrypt3:
-
-	save	%sp, FRAME, %sp
-	
-	sethi	%hi(.PIC.DES_SPtrans-1f),global1
-	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
-1:	call	.+8
-	add	%o7,global1,global1
-	sub	global1,.PIC.DES_SPtrans-.des_and,out2
-
-	ld	[in0], in5                ! left
-	add	in3, 120, in4             ! ks3
-
-	ld	[in0+4], out5             ! right
-	mov	in2, in3                  ! ks2
-
-	! parameter 6  1/2 for include encryption/decryption
-	! parameter 7  1 for mov in1 to in3
-	! parameter 8  1 for mov in3 to in4
-	! parameter 9  1 for load ks3 and ks2 to in4 and in3
-
-	ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 0)
-
-	call	.des_enc
-	add	in1, 120, in4             ! preload ks1
-
-	call	.des_dec
-	nop
-
-	fp_macro(out5, in5, 1)
-
-	ret
-	restore
-
-.DES_decrypt3.end:
-	.size	 DES_decrypt3,.DES_decrypt3.end-DES_decrypt3
-
-! void DES_ncbc_encrypt(input, output, length, schedule, ivec, enc)
-! *****************************************************************
-
-
-	.align 32
-	.global DES_ncbc_encrypt
-	.type	 DES_ncbc_encrypt,#function
-
-DES_ncbc_encrypt:
-
-	save	%sp, FRAME, %sp
-	
-	define({INPUT},  { [%sp+BIAS+ARG0+0*ARGSZ] })
-	define({OUTPUT}, { [%sp+BIAS+ARG0+1*ARGSZ] })
-	define({IVEC},   { [%sp+BIAS+ARG0+4*ARGSZ] })
-
-	sethi	%hi(.PIC.DES_SPtrans-1f),global1
-	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
-1:	call	.+8
-	add	%o7,global1,global1
-	sub	global1,.PIC.DES_SPtrans-.des_and,out2
-
-	cmp	in5, 0                    ! enc   
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	be,pn	%icc, .ncbc.dec
-#else
-	be	.ncbc.dec
-#endif
-	STPTR	in4, IVEC
-
-	! addr  left  right  temp  label
-	load_little_endian(in4, in5, out5, local3, .LLE1)  ! iv
-
-	addcc	in2, -8, in2              ! bytes missing when first block done
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	bl,pn	%icc, .ncbc.enc.seven.or.less
-#else
-	bl	.ncbc.enc.seven.or.less
-#endif
-	mov	in3, in4                  ! schedule
-
-.ncbc.enc.next.block:
-
-	load_little_endian(in0, out4, global4, local3, .LLE2)  ! block
-
-.ncbc.enc.next.block_1:
-
-	xor	in5, out4, in5            ! iv xor
-	xor	out5, global4, out5       ! iv xor
-
-	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
-	ip_macro(in5, out5, in5, out5, in3, 0, 0, 2)
-
-.ncbc.enc.next.block_2:
-
-!//	call .des_enc                     ! compares in2 to 8
-!	rounds inlined for alignment purposes
-
-	add	global1, 768, global4     ! address sbox 4 since register used below
-
-	rounds_macro(in5, out5, 1, .ncbc.enc.1, in3, in4) ! include encryption  ks in3
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	bl,pn	%icc, .ncbc.enc.next.block_fp
-#else
-	bl	.ncbc.enc.next.block_fp
-#endif
-	add	in0, 8, in0               ! input address
-
-	! If 8 or more bytes are to be encrypted after this block,
-	! we combine final permutation for this block with initial
-	! permutation for next block. Load next block:
-
-	load_little_endian(in0, global3, global4, local5, .LLE12)
-
-	!  parameter 1   original left
-	!  parameter 2   original right
-	!  parameter 3   left ip
-	!  parameter 4   right ip
-	!  parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4
-	!                2: mov in4 to in3
-	!
-	! also adds -8 to length in2 and loads loop counter to out4
-
-	fp_ip_macro(out0, out1, global3, global4, 2)
-
-	store_little_endian(in1, out0, out1, local3, .SLE10)  ! block
-
-	ld	[in3], out0               ! key 7531 first round next block
-	mov 	in5, local1
-	xor	global3, out5, in5        ! iv xor next block
-
-	ld	[in3+4], out1             ! key 8642
-	add	global1, 512, global3     ! address sbox 3 since register used
-	xor	global4, local1, out5     ! iv xor next block
-
-	ba	.ncbc.enc.next.block_2
-	add	in1, 8, in1               ! output adress
-
-.ncbc.enc.next.block_fp:
-
-	fp_macro(in5, out5)
-
-	store_little_endian(in1, in5, out5, local3, .SLE1)  ! block
-
-	addcc   in2, -8, in2              ! bytes missing when next block done
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	bpos,pt	%icc, .ncbc.enc.next.block  ! also jumps if 0
-#else
-	bpos	.ncbc.enc.next.block
-#endif
-	add	in1, 8, in1
-
-.ncbc.enc.seven.or.less:
-
-	cmp	in2, -8
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	ble,pt	%icc, .ncbc.enc.finish
-#else
-	ble	.ncbc.enc.finish
-#endif
-	nop
-
-	add	in2, 8, local1            ! bytes to load
-
-	! addr, length, dest left, dest right, temp, temp2, label, ret label
-	load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB1, .ncbc.enc.next.block_1)
-
-	! Loads 1 to 7 bytes little endian to global4, out4
-
-
-.ncbc.enc.finish:
-
-	LDPTR	IVEC, local4
-	store_little_endian(local4, in5, out5, local5, .SLE2)  ! ivec
-
-	ret
-	restore
-
-
-.ncbc.dec:
-
-	STPTR	in0, INPUT
-	cmp	in2, 0                    ! length
-	add	in3, 120, in3
-
-	LDPTR	IVEC, local7              ! ivec
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	ble,pn	%icc, .ncbc.dec.finish
-#else
-	ble	.ncbc.dec.finish
-#endif
-	mov	in3, in4                  ! schedule
-
-	STPTR	in1, OUTPUT
-	mov	in0, local5               ! input
-
-	load_little_endian(local7, in0, in1, local3, .LLE3)   ! ivec
-
-.ncbc.dec.next.block:
-
-	load_little_endian(local5, in5, out5, local3, .LLE4)  ! block
-
-	! parameter 6  1/2 for include encryption/decryption
-	! parameter 7  1 for mov in1 to in3
-	! parameter 8  1 for mov in3 to in4
-
-	ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryprion  ks in4
-
-	fp_macro(out5, in5, 0, 1) ! 1 for input and output address to local5/7
-
-	! in2 is bytes left to be stored
-	! in2 is compared to 8 in the rounds
-
-	xor	out5, in0, out4           ! iv xor
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	bl,pn	%icc, .ncbc.dec.seven.or.less
-#else
-	bl	.ncbc.dec.seven.or.less
-#endif
-	xor	in5, in1, global4         ! iv xor
-
-	! Load ivec next block now, since input and output address might be the same.
-
-	load_little_endian_inc(local5, in0, in1, local3, .LLE5)  ! iv
-
-	store_little_endian(local7, out4, global4, local3, .SLE3)
-
-	STPTR	local5, INPUT
-	add	local7, 8, local7
-	addcc   in2, -8, in2
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	bg,pt	%icc, .ncbc.dec.next.block
-#else
-	bg	.ncbc.dec.next.block
-#endif
-	STPTR	local7, OUTPUT
-
-
-.ncbc.dec.store.iv:
-
-	LDPTR	IVEC, local4              ! ivec
-	store_little_endian(local4, in0, in1, local5, .SLE4)
-
-.ncbc.dec.finish:
-
-	ret
-	restore
-
-.ncbc.dec.seven.or.less:
-
-	load_little_endian_inc(local5, in0, in1, local3, .LLE13)     ! ivec
-
-	store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB1, .ncbc.dec.store.iv)
-
-
-.DES_ncbc_encrypt.end:
-	.size	 DES_ncbc_encrypt, .DES_ncbc_encrypt.end-DES_ncbc_encrypt
-
-
-! void DES_ede3_cbc_encrypt(input, output, lenght, ks1, ks2, ks3, ivec, enc)
-! **************************************************************************
-
-
-	.align 32
-	.global DES_ede3_cbc_encrypt
-	.type	 DES_ede3_cbc_encrypt,#function
-
-DES_ede3_cbc_encrypt:
-
-	save	%sp, FRAME, %sp
-
-	define({KS1}, { [%sp+BIAS+ARG0+3*ARGSZ] })
-	define({KS2}, { [%sp+BIAS+ARG0+4*ARGSZ] })
-	define({KS3}, { [%sp+BIAS+ARG0+5*ARGSZ] })
-
-	sethi	%hi(.PIC.DES_SPtrans-1f),global1
-	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
-1:	call	.+8
-	add	%o7,global1,global1
-	sub	global1,.PIC.DES_SPtrans-.des_and,out2
-
-	LDPTR	[%fp+BIAS+ARG0+7*ARGSZ], local3          ! enc
-	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec
-	cmp	local3, 0                 ! enc
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	be,pn	%icc, .ede3.dec
-#else
-	be	.ede3.dec
-#endif
-	STPTR	in4, KS2
-
-	STPTR	in5, KS3
-
-	load_little_endian(local4, in5, out5, local3, .LLE6)  ! ivec
-
-	addcc	in2, -8, in2              ! bytes missing after next block
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	bl,pn	%icc,  .ede3.enc.seven.or.less
-#else
-	bl	.ede3.enc.seven.or.less
-#endif
-	STPTR	in3, KS1
-
-.ede3.enc.next.block:
-
-	load_little_endian(in0, out4, global4, local3, .LLE7)
-
-.ede3.enc.next.block_1:
-
-	LDPTR	KS2, in4
-	xor	in5, out4, in5            ! iv xor
-	xor	out5, global4, out5       ! iv xor
-
-	LDPTR	KS1, in3
-	add	in4, 120, in4             ! for decryption we use last subkey first
-	nop
-
-	ip_macro(in5, out5, in5, out5, in3)
-
-.ede3.enc.next.block_2:
-
-	call .des_enc                     ! ks1 in3
-	nop
-
-	call .des_dec                     ! ks2 in4
-	LDPTR	KS3, in3
-
-	call .des_enc                     ! ks3 in3  compares in2 to 8
-	nop
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	bl,pn	%icc, .ede3.enc.next.block_fp
-#else
-	bl	.ede3.enc.next.block_fp
-#endif
-	add	in0, 8, in0
-
-	! If 8 or more bytes are to be encrypted after this block,
-	! we combine final permutation for this block with initial
-	! permutation for next block. Load next block:
-
-	load_little_endian(in0, global3, global4, local5, .LLE11)
-
-	!  parameter 1   original left
-	!  parameter 2   original right
-	!  parameter 3   left ip
-	!  parameter 4   right ip
-	!  parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4
-	!                2: mov in4 to in3
-	!
-	! also adds -8 to length in2 and loads loop counter to out4
-
-	fp_ip_macro(out0, out1, global3, global4, 1)
-
-	store_little_endian(in1, out0, out1, local3, .SLE9)  ! block
-
-	mov 	in5, local1
-	xor	global3, out5, in5        ! iv xor next block
-
-	ld	[in3], out0               ! key 7531
-	add	global1, 512, global3     ! address sbox 3
-	xor	global4, local1, out5     ! iv xor next block
-
-	ld	[in3+4], out1             ! key 8642
-	add	global1, 768, global4     ! address sbox 4
-	ba	.ede3.enc.next.block_2
-	add	in1, 8, in1
-
-.ede3.enc.next.block_fp:
-
-	fp_macro(in5, out5)
-
-	store_little_endian(in1, in5, out5, local3, .SLE5)  ! block
-
-	addcc   in2, -8, in2              ! bytes missing when next block done
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	bpos,pt	%icc, .ede3.enc.next.block
-#else
-	bpos	.ede3.enc.next.block
-#endif
-	add	in1, 8, in1
-
-.ede3.enc.seven.or.less:
-
-	cmp	in2, -8
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	ble,pt	%icc, .ede3.enc.finish
-#else
-	ble	.ede3.enc.finish
-#endif
-	nop
-
-	add	in2, 8, local1            ! bytes to load
-
-	! addr, length, dest left, dest right, temp, temp2, label, ret label
-	load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB2, .ede3.enc.next.block_1)
-
-.ede3.enc.finish:
-
-	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec
-	store_little_endian(local4, in5, out5, local5, .SLE6)  ! ivec
-
-	ret
-	restore
-
-.ede3.dec:
-
-	STPTR	in0, INPUT
-	add	in5, 120, in5
-
-	STPTR	in1, OUTPUT
-	mov	in0, local5
-	add	in3, 120, in3
-
-	STPTR	in3, KS1
-	cmp	in2, 0
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	ble	%icc, .ede3.dec.finish
-#else
-	ble	.ede3.dec.finish
-#endif
-	STPTR	in5, KS3
-
-	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local7          ! iv
-	load_little_endian(local7, in0, in1, local3, .LLE8)
-
-.ede3.dec.next.block:
-
-	load_little_endian(local5, in5, out5, local3, .LLE9)
-
-	! parameter 6  1/2 for include encryption/decryption
-	! parameter 7  1 for mov in1 to in3
-	! parameter 8  1 for mov in3 to in4
-	! parameter 9  1 for load ks3 and ks2 to in4 and in3
-
-	ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 1) ! inc .des_dec ks3 in4
-
-	call .des_enc                     ! ks2 in3
-	LDPTR	KS1, in4
-
-	call .des_dec                     ! ks1 in4
-	nop
-
-	fp_macro(out5, in5, 0, 1)   ! 1 for input and output address local5/7
-
-	! in2 is bytes left to be stored
-	! in2 is compared to 8 in the rounds
-
-	xor	out5, in0, out4
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	bl,pn	%icc, .ede3.dec.seven.or.less
-#else
-	bl	.ede3.dec.seven.or.less
-#endif
-	xor	in5, in1, global4
-
-	load_little_endian_inc(local5, in0, in1, local3, .LLE10)   ! iv next block
-
-	store_little_endian(local7, out4, global4, local3, .SLE7)  ! block
-
-	STPTR	local5, INPUT
-	addcc   in2, -8, in2
-	add	local7, 8, local7
-
-#ifdef OPENSSL_SYSNAME_ULTRASPARC
-	bg,pt	%icc, .ede3.dec.next.block
-#else
-	bg	.ede3.dec.next.block
-#endif
-	STPTR	local7, OUTPUT
-
-.ede3.dec.store.iv:
-
-	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec
-	store_little_endian(local4, in0, in1, local5, .SLE8)  ! ivec
-
-.ede3.dec.finish:
-
-	ret
-	restore
-
-.ede3.dec.seven.or.less:
-
-	load_little_endian_inc(local5, in0, in1, local3, .LLE14)     ! iv
-
-	store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB2, .ede3.dec.store.iv)
-
-
-.DES_ede3_cbc_encrypt.end:
-	.size	 DES_ede3_cbc_encrypt,.DES_ede3_cbc_encrypt.end-DES_ede3_cbc_encrypt
-
-	.align	256
-	.type	 .des_and,#object
-	.size	 .des_and,284
-
-.des_and:
-
-! This table is used for AND 0xFC when it is known that register
-! bits 8-31 are zero. Makes it possible to do three arithmetic
-! operations in one cycle.
-
-	.byte  0, 0, 0, 0, 4, 4, 4, 4
-	.byte  8, 8, 8, 8, 12, 12, 12, 12
-	.byte  16, 16, 16, 16, 20, 20, 20, 20
-	.byte  24, 24, 24, 24, 28, 28, 28, 28
-	.byte  32, 32, 32, 32, 36, 36, 36, 36
-	.byte  40, 40, 40, 40, 44, 44, 44, 44
-	.byte  48, 48, 48, 48, 52, 52, 52, 52
-	.byte  56, 56, 56, 56, 60, 60, 60, 60
-	.byte  64, 64, 64, 64, 68, 68, 68, 68
-	.byte  72, 72, 72, 72, 76, 76, 76, 76
-	.byte  80, 80, 80, 80, 84, 84, 84, 84
-	.byte  88, 88, 88, 88, 92, 92, 92, 92
-	.byte  96, 96, 96, 96, 100, 100, 100, 100
-	.byte  104, 104, 104, 104, 108, 108, 108, 108
-	.byte  112, 112, 112, 112, 116, 116, 116, 116
-	.byte  120, 120, 120, 120, 124, 124, 124, 124
-	.byte  128, 128, 128, 128, 132, 132, 132, 132
-	.byte  136, 136, 136, 136, 140, 140, 140, 140
-	.byte  144, 144, 144, 144, 148, 148, 148, 148
-	.byte  152, 152, 152, 152, 156, 156, 156, 156
-	.byte  160, 160, 160, 160, 164, 164, 164, 164
-	.byte  168, 168, 168, 168, 172, 172, 172, 172
-	.byte  176, 176, 176, 176, 180, 180, 180, 180
-	.byte  184, 184, 184, 184, 188, 188, 188, 188
-	.byte  192, 192, 192, 192, 196, 196, 196, 196
-	.byte  200, 200, 200, 200, 204, 204, 204, 204
-	.byte  208, 208, 208, 208, 212, 212, 212, 212
-	.byte  216, 216, 216, 216, 220, 220, 220, 220
-	.byte  224, 224, 224, 224, 228, 228, 228, 228
-	.byte  232, 232, 232, 232, 236, 236, 236, 236
-	.byte  240, 240, 240, 240, 244, 244, 244, 244
-	.byte  248, 248, 248, 248, 252, 252, 252, 252
-
-	! 5 numbers for initil/final permutation
-
-	.word   0x0f0f0f0f                ! offset 256
-	.word	0x0000ffff                ! 260
-	.word	0x33333333                ! 264
-	.word	0x00ff00ff                ! 268
-	.word	0x55555555                ! 272
-
-	.word	0                         ! 276
-	.word	LOOPS                     ! 280
-	.word	0x0000FC00                ! 284
-
-	.global	DES_SPtrans
-	.type	DES_SPtrans,#object
-	.size	DES_SPtrans,2048
-.align	64
-DES_SPtrans:
-.PIC.DES_SPtrans:
-	! nibble 0
-	.word	0x02080800, 0x00080000, 0x02000002, 0x02080802
-	.word	0x02000000, 0x00080802, 0x00080002, 0x02000002
-	.word	0x00080802, 0x02080800, 0x02080000, 0x00000802
-	.word	0x02000802, 0x02000000, 0x00000000, 0x00080002
-	.word	0x00080000, 0x00000002, 0x02000800, 0x00080800
-	.word	0x02080802, 0x02080000, 0x00000802, 0x02000800
-	.word	0x00000002, 0x00000800, 0x00080800, 0x02080002
-	.word	0x00000800, 0x02000802, 0x02080002, 0x00000000
-	.word	0x00000000, 0x02080802, 0x02000800, 0x00080002
-	.word	0x02080800, 0x00080000, 0x00000802, 0x02000800
-	.word	0x02080002, 0x00000800, 0x00080800, 0x02000002
-	.word	0x00080802, 0x00000002, 0x02000002, 0x02080000
-	.word	0x02080802, 0x00080800, 0x02080000, 0x02000802
-	.word	0x02000000, 0x00000802, 0x00080002, 0x00000000
-	.word	0x00080000, 0x02000000, 0x02000802, 0x02080800
-	.word	0x00000002, 0x02080002, 0x00000800, 0x00080802
-	! nibble 1
-	.word	0x40108010, 0x00000000, 0x00108000, 0x40100000
-	.word	0x40000010, 0x00008010, 0x40008000, 0x00108000
-	.word	0x00008000, 0x40100010, 0x00000010, 0x40008000
-	.word	0x00100010, 0x40108000, 0x40100000, 0x00000010
-	.word	0x00100000, 0x40008010, 0x40100010, 0x00008000
-	.word	0x00108010, 0x40000000, 0x00000000, 0x00100010
-	.word	0x40008010, 0x00108010, 0x40108000, 0x40000010
-	.word	0x40000000, 0x00100000, 0x00008010, 0x40108010
-	.word	0x00100010, 0x40108000, 0x40008000, 0x00108010
-	.word	0x40108010, 0x00100010, 0x40000010, 0x00000000
-	.word	0x40000000, 0x00008010, 0x00100000, 0x40100010
-	.word	0x00008000, 0x40000000, 0x00108010, 0x40008010
-	.word	0x40108000, 0x00008000, 0x00000000, 0x40000010
-	.word	0x00000010, 0x40108010, 0x00108000, 0x40100000
-	.word	0x40100010, 0x00100000, 0x00008010, 0x40008000
-	.word	0x40008010, 0x00000010, 0x40100000, 0x00108000
-	! nibble 2
-	.word	0x04000001, 0x04040100, 0x00000100, 0x04000101
-	.word	0x00040001, 0x04000000, 0x04000101, 0x00040100
-	.word	0x04000100, 0x00040000, 0x04040000, 0x00000001
-	.word	0x04040101, 0x00000101, 0x00000001, 0x04040001
-	.word	0x00000000, 0x00040001, 0x04040100, 0x00000100
-	.word	0x00000101, 0x04040101, 0x00040000, 0x04000001
-	.word	0x04040001, 0x04000100, 0x00040101, 0x04040000
-	.word	0x00040100, 0x00000000, 0x04000000, 0x00040101
-	.word	0x04040100, 0x00000100, 0x00000001, 0x00040000
-	.word	0x00000101, 0x00040001, 0x04040000, 0x04000101
-	.word	0x00000000, 0x04040100, 0x00040100, 0x04040001
-	.word	0x00040001, 0x04000000, 0x04040101, 0x00000001
-	.word	0x00040101, 0x04000001, 0x04000000, 0x04040101
-	.word	0x00040000, 0x04000100, 0x04000101, 0x00040100
-	.word	0x04000100, 0x00000000, 0x04040001, 0x00000101
-	.word	0x04000001, 0x00040101, 0x00000100, 0x04040000
-	! nibble 3
-	.word	0x00401008, 0x10001000, 0x00000008, 0x10401008
-	.word	0x00000000, 0x10400000, 0x10001008, 0x00400008
-	.word	0x10401000, 0x10000008, 0x10000000, 0x00001008
-	.word	0x10000008, 0x00401008, 0x00400000, 0x10000000
-	.word	0x10400008, 0x00401000, 0x00001000, 0x00000008
-	.word	0x00401000, 0x10001008, 0x10400000, 0x00001000
-	.word	0x00001008, 0x00000000, 0x00400008, 0x10401000
-	.word	0x10001000, 0x10400008, 0x10401008, 0x00400000
-	.word	0x10400008, 0x00001008, 0x00400000, 0x10000008
-	.word	0x00401000, 0x10001000, 0x00000008, 0x10400000
-	.word	0x10001008, 0x00000000, 0x00001000, 0x00400008
-	.word	0x00000000, 0x10400008, 0x10401000, 0x00001000
-	.word	0x10000000, 0x10401008, 0x00401008, 0x00400000
-	.word	0x10401008, 0x00000008, 0x10001000, 0x00401008
-	.word	0x00400008, 0x00401000, 0x10400000, 0x10001008
-	.word	0x00001008, 0x10000000, 0x10000008, 0x10401000
-	! nibble 4
-	.word	0x08000000, 0x00010000, 0x00000400, 0x08010420
-	.word	0x08010020, 0x08000400, 0x00010420, 0x08010000
-	.word	0x00010000, 0x00000020, 0x08000020, 0x00010400
-	.word	0x08000420, 0x08010020, 0x08010400, 0x00000000
-	.word	0x00010400, 0x08000000, 0x00010020, 0x00000420
-	.word	0x08000400, 0x00010420, 0x00000000, 0x08000020
-	.word	0x00000020, 0x08000420, 0x08010420, 0x00010020
-	.word	0x08010000, 0x00000400, 0x00000420, 0x08010400
-	.word	0x08010400, 0x08000420, 0x00010020, 0x08010000
-	.word	0x00010000, 0x00000020, 0x08000020, 0x08000400
-	.word	0x08000000, 0x00010400, 0x08010420, 0x00000000
-	.word	0x00010420, 0x08000000, 0x00000400, 0x00010020
-	.word	0x08000420, 0x00000400, 0x00000000, 0x08010420
-	.word	0x08010020, 0x08010400, 0x00000420, 0x00010000
-	.word	0x00010400, 0x08010020, 0x08000400, 0x00000420
-	.word	0x00000020, 0x00010420, 0x08010000, 0x08000020
-	! nibble 5
-	.word	0x80000040, 0x00200040, 0x00000000, 0x80202000
-	.word	0x00200040, 0x00002000, 0x80002040, 0x00200000
-	.word	0x00002040, 0x80202040, 0x00202000, 0x80000000
-	.word	0x80002000, 0x80000040, 0x80200000, 0x00202040
-	.word	0x00200000, 0x80002040, 0x80200040, 0x00000000
-	.word	0x00002000, 0x00000040, 0x80202000, 0x80200040
-	.word	0x80202040, 0x80200000, 0x80000000, 0x00002040
-	.word	0x00000040, 0x00202000, 0x00202040, 0x80002000
-	.word	0x00002040, 0x80000000, 0x80002000, 0x00202040
-	.word	0x80202000, 0x00200040, 0x00000000, 0x80002000
-	.word	0x80000000, 0x00002000, 0x80200040, 0x00200000
-	.word	0x00200040, 0x80202040, 0x00202000, 0x00000040
-	.word	0x80202040, 0x00202000, 0x00200000, 0x80002040
-	.word	0x80000040, 0x80200000, 0x00202040, 0x00000000
-	.word	0x00002000, 0x80000040, 0x80002040, 0x80202000
-	.word	0x80200000, 0x00002040, 0x00000040, 0x80200040
-	! nibble 6
-	.word	0x00004000, 0x00000200, 0x01000200, 0x01000004
-	.word	0x01004204, 0x00004004, 0x00004200, 0x00000000
-	.word	0x01000000, 0x01000204, 0x00000204, 0x01004000
-	.word	0x00000004, 0x01004200, 0x01004000, 0x00000204
-	.word	0x01000204, 0x00004000, 0x00004004, 0x01004204
-	.word	0x00000000, 0x01000200, 0x01000004, 0x00004200
-	.word	0x01004004, 0x00004204, 0x01004200, 0x00000004
-	.word	0x00004204, 0x01004004, 0x00000200, 0x01000000
-	.word	0x00004204, 0x01004000, 0x01004004, 0x00000204
-	.word	0x00004000, 0x00000200, 0x01000000, 0x01004004
-	.word	0x01000204, 0x00004204, 0x00004200, 0x00000000
-	.word	0x00000200, 0x01000004, 0x00000004, 0x01000200
-	.word	0x00000000, 0x01000204, 0x01000200, 0x00004200
-	.word	0x00000204, 0x00004000, 0x01004204, 0x01000000
-	.word	0x01004200, 0x00000004, 0x00004004, 0x01004204
-	.word	0x01000004, 0x01004200, 0x01004000, 0x00004004
-	! nibble 7
-	.word	0x20800080, 0x20820000, 0x00020080, 0x00000000
-	.word	0x20020000, 0x00800080, 0x20800000, 0x20820080
-	.word	0x00000080, 0x20000000, 0x00820000, 0x00020080
-	.word	0x00820080, 0x20020080, 0x20000080, 0x20800000
-	.word	0x00020000, 0x00820080, 0x00800080, 0x20020000
-	.word	0x20820080, 0x20000080, 0x00000000, 0x00820000
-	.word	0x20000000, 0x00800000, 0x20020080, 0x20800080
-	.word	0x00800000, 0x00020000, 0x20820000, 0x00000080
-	.word	0x00800000, 0x00020000, 0x20000080, 0x20820080
-	.word	0x00020080, 0x20000000, 0x00000000, 0x00820000
-	.word	0x20800080, 0x20020080, 0x20020000, 0x00800080
-	.word	0x20820000, 0x00000080, 0x00800080, 0x20020000
-	.word	0x20820080, 0x00800000, 0x20800000, 0x20000080
-	.word	0x00820000, 0x00020080, 0x20020080, 0x20800000
-	.word	0x00000080, 0x20820000, 0x00820080, 0x00000000
-	.word	0x20000000, 0x20800080, 0x00020000, 0x00820080
-
diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl
deleted file mode 100644
index eec00886e4..0000000000
--- a/crypto/des/asm/desboth.pl
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/usr/local/bin/perl
-
-$L="edi";
-$R="esi";
-
-sub DES_encrypt3
-	{
-	local($name,$enc)=@_;
-
-	&function_begin_B($name,"");
-	&push("ebx");
-	&mov("ebx",&wparam(0));
-
-	&push("ebp");
-	&push("esi");
-
-	&push("edi");
-
-	&comment("");
-	&comment("Load the data words");
-	&mov($L,&DWP(0,"ebx","",0));
-	&mov($R,&DWP(4,"ebx","",0));
-	&stack_push(3);
-
-	&comment("");
-	&comment("IP");
-	&IP_new($L,$R,"edx",0);
-
-	# put them back
-	
-	if ($enc)
-		{
-		&mov(&DWP(4,"ebx","",0),$R);
-		 &mov("eax",&wparam(1));
-		&mov(&DWP(0,"ebx","",0),"edx");
-		 &mov("edi",&wparam(2));
-		 &mov("esi",&wparam(3));
-		}
-	else
-		{
-		&mov(&DWP(4,"ebx","",0),$R);
-		 &mov("esi",&wparam(1));
-		&mov(&DWP(0,"ebx","",0),"edx");
-		 &mov("edi",&wparam(2));
-		 &mov("eax",&wparam(3));
-		}
-	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
-	&mov(&swtmp(1),	"eax");
-	&mov(&swtmp(0),	"ebx");
-	&call("DES_encrypt2");
-	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));
-	&mov(&swtmp(1),	"edi");
-	&mov(&swtmp(0),	"ebx");
-	&call("DES_encrypt2");
-	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
-	&mov(&swtmp(1),	"esi");
-	&mov(&swtmp(0),	"ebx");
-	&call("DES_encrypt2");
-
-	&stack_pop(3);
-	&mov($L,&DWP(0,"ebx","",0));
-	&mov($R,&DWP(4,"ebx","",0));
-
-	&comment("");
-	&comment("FP");
-	&FP_new($L,$R,"eax",0);
-
-	&mov(&DWP(0,"ebx","",0),"eax");
-	&mov(&DWP(4,"ebx","",0),$R);
-
-	&pop("edi");
-	&pop("esi");
-	&pop("ebp");
-	&pop("ebx");
-	&ret();
-	&function_end_B($name);
-	}
-
-
diff --git a/crypto/des/asm/readme b/crypto/des/asm/readme
deleted file mode 100644
index 1beafe253b..0000000000
--- a/crypto/des/asm/readme
+++ /dev/null
@@ -1,131 +0,0 @@
-First up, let me say I don't like writing in assembler.  It is not portable,
-dependant on the particular CPU architecture release and is generally a pig
-to debug and get right.  Having said that, the x86 architecture is probably
-the most important for speed due to number of boxes and since
-it appears to be the worst architecture to to get
-good C compilers for.  So due to this, I have lowered myself to do
-assembler for the inner DES routines in libdes :-).
-
-The file to implement in assembler is des_enc.c.  Replace the following
-4 functions
-des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
-des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
-des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
-des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
-
-They encrypt/decrypt the 64 bits held in 'data' using
-the 'ks' key schedules.   The only difference between the 4 functions is that
-des_encrypt2() does not perform IP() or FP() on the data (this is an
-optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
-perform triple des.  The triple DES routines are in here because it does
-make a big difference to have them located near the des_encrypt2 function
-at link time..
-
-Now as we all know, there are lots of different operating systems running on
-x86 boxes, and unfortunately they normally try to make sure their assembler
-formating is not the same as the other peoples.
-The 4 main formats I know of are
-Microsoft	Windows 95/Windows NT
-Elf		Includes Linux and FreeBSD(?).
-a.out		The older Linux.
-Solaris		Same as Elf but different comments :-(.
-
-Now I was not overly keen to write 4 different copies of the same code,
-so I wrote a few perl routines to output the correct assembler, given
-a target assembler type.  This code is ugly and is just a hack.
-The libraries are x86unix.pl and x86ms.pl.
-des586.pl, des686.pl and des-som[23].pl are the programs to actually
-generate the assembler.
-
-So to generate elf assembler
-perl des-som3.pl elf >dx86-elf.s
-For Windows 95/NT
-perl des-som2.pl win32 >win32.asm
-
-[ update 4 Jan 1996 ]
-I have added another way to do things.
-perl des-som3.pl cpp >dx86-cpp.s
-generates a file that will be included by dx86unix.cpp when it is compiled.
-To build for elf, a.out, solaris, bsdi etc,
-cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
-cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
-cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
-cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
-This was done to cut down the number of files in the distribution.
-
-Now the ugly part.  I acquired my copy of Intels
-"Optimization's For Intel's 32-Bit Processors" and found a few interesting
-things.  First, the aim of the exersize is to 'extract' one byte at a time
-from a word and do an array lookup.  This involves getting the byte from
-the 4 locations in the word and moving it to a new word and doing the lookup.
-The most obvious way to do this is
-xor	eax,	eax				# clear word
-movb	al,	cl				# get low byte
-xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in word
-movb	al,	ch				# get next byte
-xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in word
-shr	ecx	16
-which seems ok.  For the pentium, this system appears to be the best.
-One has to do instruction interleaving to keep both functional units
-operating, but it is basically very efficient.
-
-Now the crunch.  When a full register is used after a partial write, eg.
-mov	al,	cl
-xor	edi,	DWORD PTR 0x100+des_SP[eax]
-386	- 1 cycle stall
-486	- 1 cycle stall
-586	- 0 cycle stall
-686	- at least 7 cycle stall (page 22 of the above mentioned document).
-
-So the technique that produces the best results on a pentium, according to
-the documentation, will produce hideous results on a pentium pro.
-
-To get around this, des686.pl will generate code that is not as fast on
-a pentium, should be very good on a pentium pro.
-mov	eax,	ecx				# copy word 
-shr	ecx,	8				# line up next byte
-and	eax,	0fch				# mask byte
-xor	edi	DWORD PTR 0x100+des_SP[eax] 	# xor in array lookup
-mov	eax,	ecx				# get word
-shr	ecx	8				# line up next byte
-and	eax,	0fch				# mask byte
-xor	edi	DWORD PTR 0x300+des_SP[eax] 	# xor in array lookup
-
-Due to the execution units in the pentium, this actually works quite well.
-For a pentium pro it should be very good.  This is the type of output
-Visual C++ generates.
-
-There is a third option.  instead of using
-mov	al,	ch
-which is bad on the pentium pro, one may be able to use
-movzx	eax,	ch
-which may not incur the partial write penalty.  On the pentium,
-this instruction takes 4 cycles so is not worth using but on the
-pentium pro it appears it may be worth while.  I need access to one to
-experiment :-).
-
-eric (20 Oct 1996)
-
-22 Nov 1996 - I have asked people to run the 2 different version on pentium
-pros and it appears that the intel documentation is wrong.  The
-mov al,bh is still faster on a pentium pro, so just use the des586.pl
-install des686.pl
-
-3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
-functions into des_enc.c because it does make a massive performance
-difference on some boxes to have the functions code located close to
-the des_encrypt2() function.
-
-9 Jan 1997 - des-som2.pl is now the correct perl script to use for
-pentiums.  It contains an inner loop from
-Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> which does raw ecb DES calls at
-273,000 per second.  He had a previous version at 250,000 and the best
-I was able to get was 203,000.  The content has not changed, this is all
-due to instruction sequencing (and actual instructions choice) which is able
-to keep both functional units of the pentium going.
-We may have lost the ugly register usage restrictions when x86 went 32 bit
-but for the pentium it has been replaced by evil instruction ordering tricks.
-
-13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
-raw DES at 281,000 per second on a pentium 100.
-
diff --git a/crypto/des/cbc3_enc.c b/crypto/des/cbc3_enc.c
deleted file mode 100644
index b5db4e14f7..0000000000
--- a/crypto/des/cbc3_enc.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* crypto/des/cbc3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* HAS BUGS! DON'T USE - this is only present for use in des.c */
-void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
-	     DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock *iv1,
-	     DES_cblock *iv2, int enc)
-	{
-	int off=((int)length-1)/8;
-	long l8=((length+7)/8)*8;
-	DES_cblock niv1,niv2;
-
-	if (enc == DES_ENCRYPT)
-		{
-		DES_cbc_encrypt((unsigned char*)input,
-				(unsigned char*)output,length,&ks1,iv1,enc);
-		if (length >= sizeof(DES_cblock))
-			memcpy(niv1,output[off],sizeof(DES_cblock));
-		DES_cbc_encrypt((unsigned char*)output,
-				(unsigned char*)output,l8,&ks2,iv1,!enc);
-		DES_cbc_encrypt((unsigned char*)output,
-				(unsigned char*)output,l8,&ks1,iv2,enc);
-		if (length >= sizeof(DES_cblock))
-			memcpy(niv2,output[off],sizeof(DES_cblock));
-		}
-	else
-		{
-		if (length >= sizeof(DES_cblock))
-			memcpy(niv2,input[off],sizeof(DES_cblock));
-		DES_cbc_encrypt((unsigned char*)input,
-				(unsigned char*)output,l8,&ks1,iv2,enc);
-		DES_cbc_encrypt((unsigned char*)output,
-				(unsigned char*)output,l8,&ks2,iv1,!enc);
-		if (length >= sizeof(DES_cblock))
-			memcpy(niv1,output[off],sizeof(DES_cblock));
-		DES_cbc_encrypt((unsigned char*)output,
-				(unsigned char*)output,length,&ks1,iv1,enc);
-		}
-	memcpy(*iv1,niv1,sizeof(DES_cblock));
-	memcpy(*iv2,niv2,sizeof(DES_cblock));
-	}
-
diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c
deleted file mode 100644
index 09a7ba56aa..0000000000
--- a/crypto/des/cbc_cksm.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/des/cbc_cksm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
-		       long length, DES_key_schedule *schedule,
-		       const_DES_cblock *ivec)
-	{
-	register DES_LONG tout0,tout1,tin0,tin1;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *out = &(*output)[0];
-	const unsigned char *iv = &(*ivec)[0];
-
-	c2l(iv,tout0);
-	c2l(iv,tout1);
-	for (; l>0; l-=8)
-		{
-		if (l >= 8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			}
-		else
-			c2ln(in,tin0,tin1,l);
-			
-		tin0^=tout0; tin[0]=tin0;
-		tin1^=tout1; tin[1]=tin1;
-		DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
-		/* fix 15/10/91 eay - thanks to keithr@sco.COM */
-		tout0=tin[0];
-		tout1=tin[1];
-		}
-	if (out != NULL)
-		{
-		l2c(tout0,out);
-		l2c(tout1,out);
-		}
-	tout0=tin0=tin1=tin[0]=tin[1]=0;
-	/*
-	  Transform the data in tout1 so that it will
-	  match the return value that the MIT Kerberos
-	  mit_des_cbc_cksum API returns.
-	*/
-	tout1 = ((tout1 >> 24L) & 0x000000FF)
-	      | ((tout1 >> 8L)  & 0x0000FF00)
-	      | ((tout1 << 8L)  & 0x00FF0000)
-	      | ((tout1 << 24L) & 0xFF000000);
-	return(tout1);
-	}
diff --git a/crypto/des/cbc_enc.c b/crypto/des/cbc_enc.c
deleted file mode 100644
index 677903ae4e..0000000000
--- a/crypto/des/cbc_enc.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* crypto/des/cbc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define CBC_ENC_C__DONT_UPDATE_IV
-
-#include "ncbc_enc.c" /* des_cbc_encrypt */
diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c
deleted file mode 100644
index de34ecceb9..0000000000
--- a/crypto/des/cfb64ede.c
+++ /dev/null
@@ -1,254 +0,0 @@
-/* crypto/des/cfb64ede.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include "e_os.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-			    long length, DES_key_schedule *ks1,
-			    DES_key_schedule *ks2, DES_key_schedule *ks3,
-			    DES_cblock *ivec, int *num, int enc)
-	{
-	register DES_LONG v0,v1;
-	register long l=length;
-	register int n= *num;
-	DES_LONG ti[2];
-	unsigned char *iv,c,cc;
-
-	iv=&(*ivec)[0];
-	if (enc)
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0);
-				c2l(iv,v1);
-
-				ti[0]=v0;
-				ti[1]=v1;
-				DES_encrypt3(ti,ks1,ks2,ks3);
-				v0=ti[0];
-				v1=ti[1];
-
-				iv = &(*ivec)[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				iv = &(*ivec)[0];
-				}
-			c= *(in++)^iv[n];
-			*(out++)=c;
-			iv[n]=c;
-			n=(n+1)&0x07;
-			}
-		}
-	else
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0);
-				c2l(iv,v1);
-
-				ti[0]=v0;
-				ti[1]=v1;
-				DES_encrypt3(ti,ks1,ks2,ks3);
-				v0=ti[0];
-				v1=ti[1];
-
-				iv = &(*ivec)[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				iv = &(*ivec)[0];
-				}
-			cc= *(in++);
-			c=iv[n];
-			iv[n]=cc;
-			*(out++)=c^cc;
-			n=(n+1)&0x07;
-			}
-		}
-	v0=v1=ti[0]=ti[1]=c=cc=0;
-	*num=n;
-	}
-
-#ifdef undef /* MACRO */
-void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	     DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock (*ivec),
-	     int *num, int enc)
-	{
-	DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
-	}
-#endif
-
-/* This is compatible with the single key CFB-r for DES, even thought that's
- * not what EVP needs.
- */
-
-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
-			  int numbits,long length,DES_key_schedule *ks1,
-			  DES_key_schedule *ks2,DES_key_schedule *ks3,
-			  DES_cblock *ivec,int enc)
-	{
-	register DES_LONG d0,d1,v0,v1;
-	register unsigned long l=length,n=((unsigned int)numbits+7)/8;
-	register int num=numbits,i;
-	DES_LONG ti[2];
-	unsigned char *iv;
-	unsigned char ovec[16];
-
-	if (num > 64) return;
-	iv = &(*ivec)[0];
-	c2l(iv,v0);
-	c2l(iv,v1);
-	if (enc)
-		{
-		while (l >= n)
-			{
-			l-=n;
-			ti[0]=v0;
-			ti[1]=v1;
-			DES_encrypt3(ti,ks1,ks2,ks3);
-			c2ln(in,d0,d1,n);
-			in+=n;
-			d0^=ti[0];
-			d1^=ti[1];
-			l2cn(d0,d1,out,n);
-			out+=n;
-			/* 30-08-94 - eay - changed because l>>32 and
-			 * l<<32 are bad under gcc :-( */
-			if (num == 32)
-				{ v0=v1; v1=d0; }
-			else if (num == 64)
-				{ v0=d0; v1=d1; }
-			else
-				{
-				iv=&ovec[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				l2c(d0,iv);
-				l2c(d1,iv);
-				/* shift ovec left most of the bits... */
-				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-				/* now the remaining bits */
-				if(num%8 != 0)
-					for(i=0 ; i < 8 ; ++i)
-						{
-						ovec[i]<<=num%8;
-						ovec[i]|=ovec[i+1]>>(8-num%8);
-						}
-				iv=&ovec[0];
-				c2l(iv,v0);
-				c2l(iv,v1);
-				}
-			}
-		}
-	else
-		{
-		while (l >= n)
-			{
-			l-=n;
-			ti[0]=v0;
-			ti[1]=v1;
-			DES_encrypt3(ti,ks1,ks2,ks3);
-			c2ln(in,d0,d1,n);
-			in+=n;
-			/* 30-08-94 - eay - changed because l>>32 and
-			 * l<<32 are bad under gcc :-( */
-			if (num == 32)
-				{ v0=v1; v1=d0; }
-			else if (num == 64)
-				{ v0=d0; v1=d1; }
-			else
-				{
-				iv=&ovec[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				l2c(d0,iv);
-				l2c(d1,iv);
-				/* shift ovec left most of the bits... */
-				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-				/* now the remaining bits */
-				if(num%8 != 0)
-					for(i=0 ; i < 8 ; ++i)
-						{
-						ovec[i]<<=num%8;
-						ovec[i]|=ovec[i+1]>>(8-num%8);
-						}
-				iv=&ovec[0];
-				c2l(iv,v0);
-				c2l(iv,v1);
-				}
-			d0^=ti[0];
-			d1^=ti[1];
-			l2cn(d0,d1,out,n);
-			out+=n;
-			}
-		}
-	iv = &(*ivec)[0];
-	l2c(v0,iv);
-	l2c(v1,iv);
-	v0=v1=d0=d1=ti[0]=ti[1]=0;
-	}
-
diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c
deleted file mode 100644
index 5ec8683e40..0000000000
--- a/crypto/des/cfb64enc.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/des/cfb64enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-		       long length, DES_key_schedule *schedule,
-		       DES_cblock *ivec, int *num, int enc)
-	{
-	register DES_LONG v0,v1;
-	register long l=length;
-	register int n= *num;
-	DES_LONG ti[2];
-	unsigned char *iv,c,cc;
-
-	iv = &(*ivec)[0];
-	if (enc)
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0); ti[0]=v0;
-				c2l(iv,v1); ti[1]=v1;
-				DES_encrypt1(ti,schedule,DES_ENCRYPT);
-				iv = &(*ivec)[0];
-				v0=ti[0]; l2c(v0,iv);
-				v0=ti[1]; l2c(v0,iv);
-				iv = &(*ivec)[0];
-				}
-			c= *(in++)^iv[n];
-			*(out++)=c;
-			iv[n]=c;
-			n=(n+1)&0x07;
-			}
-		}
-	else
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0); ti[0]=v0;
-				c2l(iv,v1); ti[1]=v1;
-				DES_encrypt1(ti,schedule,DES_ENCRYPT);
-				iv = &(*ivec)[0];
-				v0=ti[0]; l2c(v0,iv);
-				v0=ti[1]; l2c(v0,iv);
-				iv = &(*ivec)[0];
-				}
-			cc= *(in++);
-			c=iv[n];
-			iv[n]=cc;
-			*(out++)=c^cc;
-			n=(n+1)&0x07;
-			}
-		}
-	v0=v1=ti[0]=ti[1]=c=cc=0;
-	*num=n;
-	}
-
diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c
deleted file mode 100644
index 720f29a28e..0000000000
--- a/crypto/des/cfb_enc.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/* crypto/des/cfb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "e_os.h"
-#include "des_locl.h"
-#include <assert.h>
-
-/* The input and output are loaded in multiples of 8 bits.
- * What this means is that if you hame numbits=12 and length=2
- * the first 12 bits will be retrieved from the first byte and half
- * the second.  The second 12 bits will come from the 3rd and half the 4th
- * byte.
- */
-/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
- * will not be compatible with any encryption prior to that date. Ben. */
-void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-		     long length, DES_key_schedule *schedule, DES_cblock *ivec,
-		     int enc)
-	{
-	register DES_LONG d0,d1,v0,v1;
-	register unsigned long l=length;
-	register int num=numbits/8,n=(numbits+7)/8,i,rem=numbits%8;
-	DES_LONG ti[2];
-	unsigned char *iv;
-#ifndef L_ENDIAN
-	unsigned char ovec[16];
-#else
-	unsigned int  sh[4];
-	unsigned char *ovec=(unsigned char *)sh;
-
-	/* I kind of count that compiler optimizes away this assertioni,*/
-	assert (sizeof(sh[0])==4);	/* as this holds true for all,	*/
-					/* but 16-bit platforms...	*/
-					
-#endif
-
-	if (numbits<=0 || numbits > 64) return;
-	iv = &(*ivec)[0];
-	c2l(iv,v0);
-	c2l(iv,v1);
-	if (enc)
-		{
-		while (l >= (unsigned long)n)
-			{
-			l-=n;
-			ti[0]=v0;
-			ti[1]=v1;
-			DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
-			c2ln(in,d0,d1,n);
-			in+=n;
-			d0^=ti[0];
-			d1^=ti[1];
-			l2cn(d0,d1,out,n);
-			out+=n;
-			/* 30-08-94 - eay - changed because l>>32 and
-			 * l<<32 are bad under gcc :-( */
-			if (numbits == 32)
-				{ v0=v1; v1=d0; }
-			else if (numbits == 64)
-				{ v0=d0; v1=d1; }
-			else
-				{
-#ifndef L_ENDIAN
-				iv=&ovec[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				l2c(d0,iv);
-				l2c(d1,iv);
-#else
-				sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1;
-#endif
-				if (rem==0)
-					memmove(ovec,ovec+num,8);
-				else
-					for(i=0 ; i < 8 ; ++i)
-						ovec[i]=ovec[i+num]<<rem |
-							ovec[i+num+1]>>(8-rem);
-#ifdef L_ENDIAN
-				v0=sh[0], v1=sh[1];
-#else
-				iv=&ovec[0];
-				c2l(iv,v0);
-				c2l(iv,v1);
-#endif
-				}
-			}
-		}
-	else
-		{
-		while (l >= (unsigned long)n)
-			{
-			l-=n;
-			ti[0]=v0;
-			ti[1]=v1;
-			DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
-			c2ln(in,d0,d1,n);
-			in+=n;
-			/* 30-08-94 - eay - changed because l>>32 and
-			 * l<<32 are bad under gcc :-( */
-			if (numbits == 32)
-				{ v0=v1; v1=d0; }
-			else if (numbits == 64)
-				{ v0=d0; v1=d1; }
-			else
-				{
-#ifndef L_ENDIAN
-				iv=&ovec[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				l2c(d0,iv);
-				l2c(d1,iv);
-#else
-				sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1;
-#endif
-				if (rem==0)
-					memmove(ovec,ovec+num,8);
-				else
-					for(i=0 ; i < 8 ; ++i)
-						ovec[i]=ovec[i+num]<<rem |
-							ovec[i+num+1]>>(8-rem);
-#ifdef L_ENDIAN
-				v0=sh[0], v1=sh[1];
-#else
-				iv=&ovec[0];
-				c2l(iv,v0);
-				c2l(iv,v1);
-#endif
-				}
-			d0^=ti[0];
-			d1^=ti[1];
-			l2cn(d0,d1,out,n);
-			out+=n;
-			}
-		}
-	iv = &(*ivec)[0];
-	l2c(v0,iv);
-	l2c(v1,iv);
-	v0=v1=d0=d1=ti[0]=ti[1]=0;
-	}
-
diff --git a/crypto/des/des.c b/crypto/des/des.c
deleted file mode 100644
index 343135ff9e..0000000000
--- a/crypto/des/des.c
+++ /dev/null
@@ -1,932 +0,0 @@
-/* crypto/des/des.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_SYS_MSDOS
-#ifndef OPENSSL_SYS_VMS
-#include OPENSSL_UNISTD
-#else /* OPENSSL_SYS_VMS */
-#ifdef __DECC
-#include <unistd.h>
-#else /* not __DECC */
-#include <math.h>
-#endif /* __DECC */
-#endif /* OPENSSL_SYS_VMS */
-#else /* OPENSSL_SYS_MSDOS */
-#include <io.h>
-#endif
-
-#include <time.h>
-#include "des_ver.h"
-
-#ifdef OPENSSL_SYS_VMS
-#include <types.h>
-#include <stat.h>
-#else
-#ifndef _IRIX
-#include <sys/types.h>
-#endif
-#include <sys/stat.h>
-#endif
-#include <openssl/des.h>
-#include <openssl/rand.h>
-#include <openssl/ui_compat.h>
-
-void usage(void);
-void doencryption(void);
-int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
-void uufwriteEnd(FILE *fp);
-int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
-int uuencode(unsigned char *in,int num,unsigned char *out);
-int uudecode(unsigned char *in,int num,unsigned char *out);
-void DES_3cbc_encrypt(DES_cblock *input,DES_cblock *output,long length,
-	DES_key_schedule sk1,DES_key_schedule sk2,
-	DES_cblock *ivec1,DES_cblock *ivec2,int enc);
-#ifdef OPENSSL_SYS_VMS
-#define EXIT(a) exit(a&0x10000000L)
-#else
-#define EXIT(a) exit(a)
-#endif
-
-#define BUFSIZE (8*1024)
-#define VERIFY  1
-#define KEYSIZ	8
-#define KEYSIZB 1024 /* should hit tty line limit first :-) */
-char key[KEYSIZB+1];
-int do_encrypt,longk=0;
-FILE *DES_IN,*DES_OUT,*CKSUM_OUT;
-char uuname[200];
-unsigned char uubuf[50];
-int uubufnum=0;
-#define INUUBUFN	(45*100)
-#define OUTUUBUF	(65*100)
-unsigned char b[OUTUUBUF];
-unsigned char bb[300];
-DES_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-char cksumname[200]="";
-
-int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
-
-int main(int argc, char **argv)
-	{
-	int i;
-	struct stat ins,outs;
-	char *p;
-	char *in=NULL,*out=NULL;
-
-	vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0;
-	error=0;
-	memset(key,0,sizeof(key));
-
-	for (i=1; i<argc; i++)
-		{
-		p=argv[i];
-		if ((p[0] == '-') && (p[1] != '\0'))
-			{
-			p++;
-			while (*p)
-				{
-				switch (*(p++))
-					{
-				case '3':
-					flag3=1;
-					longk=1;
-					break;
-				case 'c':
-					cflag=1;
-					strncpy(cksumname,p,200);
-					cksumname[sizeof(cksumname)-1]='\0';
-					p+=strlen(cksumname);
-					break;
-				case 'C':
-					cflag=1;
-					longk=1;
-					strncpy(cksumname,p,200);
-					cksumname[sizeof(cksumname)-1]='\0';
-					p+=strlen(cksumname);
-					break;
-				case 'e':
-					eflag=1;
-					break;
-				case 'v':
-					vflag=1;
-					break;
-				case 'E':
-					eflag=1;
-					longk=1;
-					break;
-				case 'd':
-					dflag=1;
-					break;
-				case 'D':
-					dflag=1;
-					longk=1;
-					break;
-				case 'b':
-					bflag=1;
-					break;
-				case 'f':
-					fflag=1;
-					break;
-				case 's':
-					sflag=1;
-					break;
-				case 'u':
-					uflag=1;
-					strncpy(uuname,p,200);
-					uuname[sizeof(uuname)-1]='\0';
-					p+=strlen(uuname);
-					break;
-				case 'h':
-					hflag=1;
-					break;
-				case 'k':
-					kflag=1;
-					if ((i+1) == argc)
-						{
-						fputs("must have a key with the -k option\n",stderr);
-						error=1;
-						}
-					else
-						{
-						int j;
-
-						i++;
-						strncpy(key,argv[i],KEYSIZB);
-						for (j=strlen(argv[i])-1; j>=0; j--)
-							argv[i][j]='\0';
-						}
-					break;
-				default:
-					fprintf(stderr,"'%c' unknown flag\n",p[-1]);
-					error=1;
-					break;
-					}
-				}
-			}
-		else
-			{
-			if (in == NULL)
-				in=argv[i];
-			else if (out == NULL)
-				out=argv[i];
-			else
-				error=1;
-			}
-		}
-	if (error) usage();
-	/* We either
-	 * do checksum or
-	 * do encrypt or
-	 * do decrypt or
-	 * do decrypt then ckecksum or
-	 * do checksum then encrypt
-	 */
-	if (((eflag+dflag) == 1) || cflag)
-		{
-		if (eflag) do_encrypt=DES_ENCRYPT;
-		if (dflag) do_encrypt=DES_DECRYPT;
-		}
-	else
-		{
-		if (vflag) 
-			{
-#ifndef _Windows			
-			fprintf(stderr,"des(1) built with %s\n",libdes_version);
-#endif			
-			EXIT(1);
-			}
-		else usage();
-		}
-
-#ifndef _Windows			
-	if (vflag) fprintf(stderr,"des(1) built with %s\n",libdes_version);
-#endif			
-	if (	(in != NULL) &&
-		(out != NULL) &&
-#ifndef OPENSSL_SYS_MSDOS
-		(stat(in,&ins) != -1) &&
-		(stat(out,&outs) != -1) &&
-		(ins.st_dev == outs.st_dev) &&
-		(ins.st_ino == outs.st_ino))
-#else /* OPENSSL_SYS_MSDOS */
-		(strcmp(in,out) == 0))
-#endif
-			{
-			fputs("input and output file are the same\n",stderr);
-			EXIT(3);
-			}
-
-	if (!kflag)
-		if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0))
-			{
-			fputs("password error\n",stderr);
-			EXIT(2);
-			}
-
-	if (in == NULL)
-		DES_IN=stdin;
-	else if ((DES_IN=fopen(in,"r")) == NULL)
-		{
-		perror("opening input file");
-		EXIT(4);
-		}
-
-	CKSUM_OUT=stdout;
-	if (out == NULL)
-		{
-		DES_OUT=stdout;
-		CKSUM_OUT=stderr;
-		}
-	else if ((DES_OUT=fopen(out,"w")) == NULL)
-		{
-		perror("opening output file");
-		EXIT(5);
-		}
-
-#ifdef OPENSSL_SYS_MSDOS
-	/* This should set the file to binary mode. */
-	{
-#include <fcntl.h>
-	if (!(uflag && dflag))
-		setmode(fileno(DES_IN),O_BINARY);
-	if (!(uflag && eflag))
-		setmode(fileno(DES_OUT),O_BINARY);
-	}
-#endif
-
-	doencryption();
-	fclose(DES_IN);
-	fclose(DES_OUT);
-	EXIT(0);
-	}
-
-void usage(void)
-	{
-	char **u;
-	static const char *Usage[]={
-"des <options> [input-file [output-file]]",
-"options:",
-"-v         : des(1) version number",
-"-e         : encrypt using SunOS compatible user key to DES key conversion.",
-"-E         : encrypt ",
-"-d         : decrypt using SunOS compatible user key to DES key conversion.",
-"-D         : decrypt ",
-"-c[ckname] : generate a cbc_cksum using SunOS compatible user key to",
-"             DES key conversion and output to ckname (stdout default,",
-"             stderr if data being output on stdout).  The checksum is",
-"             generated before encryption and after decryption if used",
-"             in conjunction with -[eEdD].",
-"-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
-"-k key     : use key 'key'",
-"-h         : the key that is entered will be a hexadecimal number",
-"             that is used directly as the des key",
-"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
-"             (uuname is the filename to put in the uuencode header).",
-"-b         : encrypt using DES in ecb encryption mode, the default is cbc mode.",
-"-3         : encrypt using triple DES encryption.  This uses 2 keys",
-"             generated from the input key.  If the input key is less",
-"             than 8 characters long, this is equivalent to normal",
-"             encryption.  Default is triple cbc, -b makes it triple ecb.",
-NULL
-};
-	for (u=(char **)Usage; *u; u++)
-		{
-		fputs(*u,stderr);
-		fputc('\n',stderr);
-		}
-
-	EXIT(1);
-	}
-
-void doencryption(void)
-	{
-#ifdef _LIBC
-	extern unsigned long time();
-#endif
-
-	register int i;
-	DES_key_schedule ks,ks2;
-	DES_cblock iv,iv2;
-	char *p;
-	int num=0,j,k,l,rem,ll,len,last,ex=0;
-	DES_cblock kk,k2;
-	FILE *O;
-	int Exit=0;
-#ifndef OPENSSL_SYS_MSDOS
-	static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];
-#else
-	static unsigned char *buf=NULL,*obuf=NULL;
-
-	if (buf == NULL)
-		{
-		if (    (( buf=OPENSSL_malloc(BUFSIZE+8)) == NULL) ||
-			((obuf=OPENSSL_malloc(BUFSIZE+8)) == NULL))
-			{
-			fputs("Not enough memory\n",stderr);
-			Exit=10;
-			goto problems;
-			}
-		}
-#endif
-
-	if (hflag)
-		{
-		j=(flag3?16:8);
-		p=key;
-		for (i=0; i<j; i++)
-			{
-			k=0;
-			if ((*p <= '9') && (*p >= '0'))
-				k=(*p-'0')<<4;
-			else if ((*p <= 'f') && (*p >= 'a'))
-				k=(*p-'a'+10)<<4;
-			else if ((*p <= 'F') && (*p >= 'A'))
-				k=(*p-'A'+10)<<4;
-			else
-				{
-				fputs("Bad hex key\n",stderr);
-				Exit=9;
-				goto problems;
-				}
-			p++;
-			if ((*p <= '9') && (*p >= '0'))
-				k|=(*p-'0');
-			else if ((*p <= 'f') && (*p >= 'a'))
-				k|=(*p-'a'+10);
-			else if ((*p <= 'F') && (*p >= 'A'))
-				k|=(*p-'A'+10);
-			else
-				{
-				fputs("Bad hex key\n",stderr);
-				Exit=9;
-				goto problems;
-				}
-			p++;
-			if (i < 8)
-				kk[i]=k;
-			else
-				k2[i-8]=k;
-			}
-		DES_set_key_unchecked(&k2,&ks2);
-		OPENSSL_cleanse(k2,sizeof(k2));
-		}
-	else if (longk || flag3)
-		{
-		if (flag3)
-			{
-			DES_string_to_2keys(key,&kk,&k2);
-			DES_set_key_unchecked(&k2,&ks2);
-			OPENSSL_cleanse(k2,sizeof(k2));
-			}
-		else
-			DES_string_to_key(key,&kk);
-		}
-	else
-		for (i=0; i<KEYSIZ; i++)
-			{
-			l=0;
-			k=key[i];
-			for (j=0; j<8; j++)
-				{
-				if (k&1) l++;
-				k>>=1;
-				}
-			if (l & 1)
-				kk[i]=key[i]&0x7f;
-			else
-				kk[i]=key[i]|0x80;
-			}
-
-	DES_set_key_unchecked(&kk,&ks);
-	OPENSSL_cleanse(key,sizeof(key));
-	OPENSSL_cleanse(kk,sizeof(kk));
-	/* woops - A bug that does not showup under unix :-( */
-	memset(iv,0,sizeof(iv));
-	memset(iv2,0,sizeof(iv2));
-
-	l=1;
-	rem=0;
-	/* first read */
-	if (eflag || (!dflag && cflag))
-		{
-		for (;;)
-			{
-			num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
-			l+=rem;
-			num+=rem;
-			if (l < 0)
-				{
-				perror("read error");
-				Exit=6;
-				goto problems;
-				}
-
-			rem=l%8;
-			len=l-rem;
-			if (feof(DES_IN))
-				{
-				for (i=7-rem; i>0; i--)
-					RAND_pseudo_bytes(buf + l++, 1);
-				buf[l++]=rem;
-				ex=1;
-				len+=rem;
-				}
-			else
-				l-=rem;
-
-			if (cflag)
-				{
-				DES_cbc_cksum(buf,&cksum,
-					(long)len,&ks,&cksum);
-				if (!eflag)
-					{
-					if (feof(DES_IN)) break;
-					else continue;
-					}
-				}
-
-			if (bflag && !flag3)
-				for (i=0; i<l; i+=8)
-					DES_ecb_encrypt(
-						(DES_cblock *)&(buf[i]),
-						(DES_cblock *)&(obuf[i]),
-						&ks,do_encrypt);
-			else if (flag3 && bflag)
-				for (i=0; i<l; i+=8)
-					DES_ecb2_encrypt(
-						(DES_cblock *)&(buf[i]),
-						(DES_cblock *)&(obuf[i]),
-						&ks,&ks2,do_encrypt);
-			else if (flag3 && !bflag)
-				{
-				char tmpbuf[8];
-
-				if (rem) memcpy(tmpbuf,&(buf[l]),
-					(unsigned int)rem);
-				DES_3cbc_encrypt(
-					(DES_cblock *)buf,(DES_cblock *)obuf,
-					(long)l,ks,ks2,&iv,
-					&iv2,do_encrypt);
-				if (rem) memcpy(&(buf[l]),tmpbuf,
-					(unsigned int)rem);
-				}
-			else
-				{
-				DES_cbc_encrypt(
-					buf,obuf,
-					(long)l,&ks,&iv,do_encrypt);
-				if (l >= 8) memcpy(iv,&(obuf[l-8]),8);
-				}
-			if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
-
-			i=0;
-			while (i < l)
-				{
-				if (uflag)
-					j=uufwrite(obuf,1,(unsigned int)l-i,
-						DES_OUT);
-				else
-					j=fwrite(obuf,1,(unsigned int)l-i,
-						DES_OUT);
-				if (j == -1)
-					{
-					perror("Write error");
-					Exit=7;
-					goto problems;
-					}
-				i+=j;
-				}
-			if (feof(DES_IN))
-				{
-				if (uflag) uufwriteEnd(DES_OUT);
-				break;
-				}
-			}
-		}
-	else /* decrypt */
-		{
-		ex=1;
-		for (;;)
-			{
-			if (ex) {
-				if (uflag)
-					l=uufread(buf,1,BUFSIZE,DES_IN);
-				else
-					l=fread(buf,1,BUFSIZE,DES_IN);
-				ex=0;
-				rem=l%8;
-				l-=rem;
-				}
-			if (l < 0)
-				{
-				perror("read error");
-				Exit=6;
-				goto problems;
-				}
-
-			if (bflag && !flag3)
-				for (i=0; i<l; i+=8)
-					DES_ecb_encrypt(
-						(DES_cblock *)&(buf[i]),
-						(DES_cblock *)&(obuf[i]),
-						&ks,do_encrypt);
-			else if (flag3 && bflag)
-				for (i=0; i<l; i+=8)
-					DES_ecb2_encrypt(
-						(DES_cblock *)&(buf[i]),
-						(DES_cblock *)&(obuf[i]),
-						&ks,&ks2,do_encrypt);
-			else if (flag3 && !bflag)
-				{
-				DES_3cbc_encrypt(
-					(DES_cblock *)buf,(DES_cblock *)obuf,
-					(long)l,ks,ks2,&iv,
-					&iv2,do_encrypt);
-				}
-			else
-				{
-				DES_cbc_encrypt(
-					buf,obuf,
-				 	(long)l,&ks,&iv,do_encrypt);
-				if (l >= 8) memcpy(iv,&(buf[l-8]),8);
-				}
-
-			if (uflag)
-				ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN);
-			else
-				ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
-			ll+=rem;
-			rem=ll%8;
-			ll-=rem;
-			if (feof(DES_IN) && (ll == 0))
-				{
-				last=obuf[l-1];
-
-				if ((last > 7) || (last < 0))
-					{
-					fputs("The file was not decrypted correctly.\n",
-						stderr);
-					Exit=8;
-					last=0;
-					}
-				l=l-8+last;
-				}
-			i=0;
-			if (cflag) DES_cbc_cksum(obuf,
-				(DES_cblock *)cksum,(long)l/8*8,&ks,
-				(DES_cblock *)cksum);
-			while (i != l)
-				{
-				j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
-				if (j == -1)
-					{
-					perror("Write error");
-					Exit=7;
-					goto problems;
-					}
-				i+=j;
-				}
-			l=ll;
-			if ((l == 0) && feof(DES_IN)) break;
-			}
-		}
-	if (cflag)
-		{
-		l=0;
-		if (cksumname[0] != '\0')
-			{
-			if ((O=fopen(cksumname,"w")) != NULL)
-				{
-				CKSUM_OUT=O;
-				l=1;
-				}
-			}
-		for (i=0; i<8; i++)
-			fprintf(CKSUM_OUT,"%02X",cksum[i]);
-		fprintf(CKSUM_OUT,"\n");
-		if (l) fclose(CKSUM_OUT);
-		}
-problems:
-	OPENSSL_cleanse(buf,sizeof(buf));
-	OPENSSL_cleanse(obuf,sizeof(obuf));
-	OPENSSL_cleanse(&ks,sizeof(ks));
-	OPENSSL_cleanse(&ks2,sizeof(ks2));
-	OPENSSL_cleanse(iv,sizeof(iv));
-	OPENSSL_cleanse(iv2,sizeof(iv2));
-	OPENSSL_cleanse(kk,sizeof(kk));
-	OPENSSL_cleanse(k2,sizeof(k2));
-	OPENSSL_cleanse(uubuf,sizeof(uubuf));
-	OPENSSL_cleanse(b,sizeof(b));
-	OPENSSL_cleanse(bb,sizeof(bb));
-	OPENSSL_cleanse(cksum,sizeof(cksum));
-	if (Exit) EXIT(Exit);
-	}
-
-/*    We ignore this parameter but it should be > ~50 I believe    */
-int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)
-	{
-	int i,j,left,rem,ret=num;
-	static int start=1;
-
-	if (start)
-		{
-		fprintf(fp,"begin 600 %s\n",
-			(uuname[0] == '\0')?"text.d":uuname);
-		start=0;
-		}
-
-	if (uubufnum)
-		{
-		if (uubufnum+num < 45)
-			{
-			memcpy(&(uubuf[uubufnum]),data,(unsigned int)num);
-			uubufnum+=num;
-			return(num);
-			}
-		else
-			{
-			i=45-uubufnum;
-			memcpy(&(uubuf[uubufnum]),data,(unsigned int)i);
-			j=uuencode((unsigned char *)uubuf,45,b);
-			fwrite(b,1,(unsigned int)j,fp);
-			uubufnum=0;
-			data+=i;
-			num-=i;
-			}
-		}
-
-	for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN)
-		{
-		j=uuencode(&(data[i]),INUUBUFN,b);
-		fwrite(b,1,(unsigned int)j,fp);
-		}
-	rem=(num-i)%45;
-	left=(num-i-rem);
-	if (left)
-		{
-		j=uuencode(&(data[i]),left,b);
-		fwrite(b,1,(unsigned int)j,fp);
-		i+=left;
-		}
-	if (i != num)
-		{
-		memcpy(uubuf,&(data[i]),(unsigned int)rem);
-		uubufnum=rem;
-		}
-	return(ret);
-	}
-
-void uufwriteEnd(FILE *fp)
-	{
-	int j;
-	static const char *end=" \nend\n";
-
-	if (uubufnum != 0)
-		{
-		uubuf[uubufnum]='\0';
-		uubuf[uubufnum+1]='\0';
-		uubuf[uubufnum+2]='\0';
-		j=uuencode(uubuf,uubufnum,b);
-		fwrite(b,1,(unsigned int)j,fp);
-		}
-	fwrite(end,1,strlen(end),fp);
-	}
-
-/* int size:  should always be > ~ 60; I actually ignore this parameter :-)    */
-int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)
-	{
-	int i,j,tot;
-	static int done=0;
-	static int valid=0;
-	static int start=1;
-
-	if (start)
-		{
-		for (;;)
-			{
-			b[0]='\0';
-			fgets((char *)b,300,fp);
-			if (b[0] == '\0')
-				{
-				fprintf(stderr,"no 'begin' found in uuencoded input\n");
-				return(-1);
-				}
-			if (strncmp((char *)b,"begin ",6) == 0) break;
-			}
-		start=0;
-		}
-	if (done) return(0);
-	tot=0;
-	if (valid)
-		{
-		memcpy(out,bb,(unsigned int)valid);
-		tot=valid;
-		valid=0;
-		}
-	for (;;)
-		{
-		b[0]='\0';
-		fgets((char *)b,300,fp);
-		if (b[0] == '\0') break;
-		i=strlen((char *)b);
-		if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd'))
-			{
-			done=1;
-			while (!feof(fp))
-				{
-				fgets((char *)b,300,fp);
-				}
-			break;
-			}
-		i=uudecode(b,i,bb);
-		if (i < 0) break;
-		if ((i+tot+8) > num)
-			{
-			/* num to copy to make it a multiple of 8 */
-			j=(num/8*8)-tot-8;
-			memcpy(&(out[tot]),bb,(unsigned int)j);
-			tot+=j;
-			memcpy(bb,&(bb[j]),(unsigned int)i-j);
-			valid=i-j;
-			break;
-			}
-		memcpy(&(out[tot]),bb,(unsigned int)i);
-		tot+=i;
-		}
-	return(tot);
-	}
-
-#define ccc2l(c,l)      (l =((DES_LONG)(*((c)++)))<<16, \
-			 l|=((DES_LONG)(*((c)++)))<< 8, \
-		 	 l|=((DES_LONG)(*((c)++))))
-
-#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
-                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-                    *((c)++)=(unsigned char)(((l)    )&0xff))
-
-
-int uuencode(unsigned char *in, int num, unsigned char *out)
-	{
-	int j,i,n,tot=0;
-	DES_LONG l;
-	register unsigned char *p;
-	p=out;
-
-	for (j=0; j<num; j+=45)
-		{
-		if (j+45 > num)
-			i=(num-j);
-		else	i=45;
-		*(p++)=i+' ';
-		for (n=0; n<i; n+=3)
-			{
-			ccc2l(in,l);
-			*(p++)=((l>>18)&0x3f)+' ';
-			*(p++)=((l>>12)&0x3f)+' ';
-			*(p++)=((l>> 6)&0x3f)+' ';
-			*(p++)=((l    )&0x3f)+' ';
-			tot+=4;
-			}
-		*(p++)='\n';
-		tot+=2;
-		}
-	*p='\0';
-	l=0;
-	return(tot);
-	}
-
-int uudecode(unsigned char *in, int num, unsigned char *out)
-	{
-	int j,i,k;
-	unsigned int n=0,space=0;
-	DES_LONG l;
-	DES_LONG w,x,y,z;
-	unsigned int blank=(unsigned int)'\n'-' ';
-
-	for (j=0; j<num; )
-		{
-		n= *(in++)-' ';
-		if (n == blank)
-			{
-			n=0;
-			in--;
-			}
-		if (n > 60)
-			{
-			fprintf(stderr,"uuencoded line length too long\n");
-			return(-1);
-			}
-		j++;
-
-		for (i=0; i<n; j+=4,i+=3)
-			{
-			/* the following is for cases where spaces are
-			 * removed from lines.
-			 */
-			if (space)
-				{
-				w=x=y=z=0;
-				}
-			else
-				{
-				w= *(in++)-' ';
-				x= *(in++)-' ';
-				y= *(in++)-' ';
-				z= *(in++)-' ';
-				}
-			if ((w > 63) || (x > 63) || (y > 63) || (z > 63))
-				{
-				k=0;
-				if (w == blank) k=1;
-				if (x == blank) k=2;
-				if (y == blank) k=3;
-				if (z == blank) k=4;
-				space=1;
-				switch (k) {
-				case 1:	w=0; in--;
-				case 2: x=0; in--;
-				case 3: y=0; in--;
-				case 4: z=0; in--;
-					break;
-				case 0:
-					space=0;
-					fprintf(stderr,"bad uuencoded data values\n");
-					w=x=y=z=0;
-					return(-1);
-					break;
-					}
-				}
-			l=(w<<18)|(x<<12)|(y<< 6)|(z    );
-			l2ccc(l,out);
-			}
-		if (*(in++) != '\n')
-			{
-			fprintf(stderr,"missing nl in uuencoded line\n");
-			w=x=y=z=0;
-			return(-1);
-			}
-		j++;
-		}
-	*out='\0';
-	w=x=y=z=0;
-	return(n);
-	}
diff --git a/crypto/des/des.h b/crypto/des/des.h
deleted file mode 100644
index 1eaedcbd24..0000000000
--- a/crypto/des/des.h
+++ /dev/null
@@ -1,248 +0,0 @@
-/* crypto/des/des.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_NEW_DES_H
-#define HEADER_NEW_DES_H
-
-#include <openssl/e_os2.h>	/* OPENSSL_EXTERN, OPENSSL_NO_DES,
-				   DES_LONG (via openssl/opensslconf.h */
-
-#ifdef OPENSSL_NO_DES
-#error DES is disabled.
-#endif
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef unsigned char DES_cblock[8];
-typedef /* const */ unsigned char const_DES_cblock[8];
-/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock *
- * and const_DES_cblock * are incompatible pointer types. */
-
-typedef struct DES_ks
-    {
-    union
-	{
-	DES_cblock cblock;
-	/* make sure things are correct size on machines with
-	 * 8 byte longs */
-	DES_LONG deslong[2];
-	} ks[16];
-    } DES_key_schedule;
-
-#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT
-# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT
-#  define OPENSSL_ENABLE_OLD_DES_SUPPORT
-# endif
-#endif
-
-#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT
-# include <openssl/des_old.h>
-#endif
-
-#define DES_KEY_SZ 	(sizeof(DES_cblock))
-#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
-
-#define DES_ENCRYPT	1
-#define DES_DECRYPT	0
-
-#define DES_CBC_MODE	0
-#define DES_PCBC_MODE	1
-
-#define DES_ecb2_encrypt(i,o,k1,k2,e) \
-	DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-OPENSSL_DECLARE_GLOBAL(int,DES_check_key);	/* defaults to false */
-#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
-OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode);	/* defaults to DES_PCBC_MODE */
-#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)
-
-const char *DES_options(void);
-void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
-		      DES_key_schedule *ks1,DES_key_schedule *ks2,
-		      DES_key_schedule *ks3, int enc);
-DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,
-		       long length,DES_key_schedule *schedule,
-		       const_DES_cblock *ivec);
-/* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */
-void DES_cbc_encrypt(const unsigned char *input,unsigned char *output,
-		     long length,DES_key_schedule *schedule,DES_cblock *ivec,
-		     int enc);
-void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output,
-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
-		      int enc);
-void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output,
-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
-		      const_DES_cblock *inw,const_DES_cblock *outw,int enc);
-void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
-		     long length,DES_key_schedule *schedule,DES_cblock *ivec,
-		     int enc);
-void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output,
-		     DES_key_schedule *ks,int enc);
-
-/* 	This is the DES encryption function that gets called by just about
-	every other DES routine in the library.  You should not use this
-	function except to implement 'modes' of DES.  I say this because the
-	functions that call this routine do the conversion from 'char *' to
-	long, and this needs to be done to make sure 'non-aligned' memory
-	access do not occur.  The characters are loaded 'little endian'.
-	Data is a pointer to 2 unsigned long's and ks is the
-	DES_key_schedule to use.  enc, is non zero specifies encryption,
-	zero if decryption. */
-void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc);
-
-/* 	This functions is the same as DES_encrypt1() except that the DES
-	initial permutation (IP) and final permutation (FP) have been left
-	out.  As for DES_encrypt1(), you should not use this function.
-	It is used by the routines in the library that implement triple DES.
-	IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same
-	as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */
-void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc);
-
-void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
-		  DES_key_schedule *ks2, DES_key_schedule *ks3);
-void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
-		  DES_key_schedule *ks2, DES_key_schedule *ks3);
-void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, 
-			  long length,
-			  DES_key_schedule *ks1,DES_key_schedule *ks2,
-			  DES_key_schedule *ks3,DES_cblock *ivec,int enc);
-void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
-			   long length,
-			   DES_key_schedule *ks1,DES_key_schedule *ks2,
-			   DES_key_schedule *ks3,
-			   DES_cblock *ivec1,DES_cblock *ivec2,
-			   int enc);
-void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
-			    long length,DES_key_schedule *ks1,
-			    DES_key_schedule *ks2,DES_key_schedule *ks3,
-			    DES_cblock *ivec,int *num,int enc);
-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
-			  int numbits,long length,DES_key_schedule *ks1,
-			  DES_key_schedule *ks2,DES_key_schedule *ks3,
-			  DES_cblock *ivec,int enc);
-void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
-			    long length,DES_key_schedule *ks1,
-			    DES_key_schedule *ks2,DES_key_schedule *ks3,
-			    DES_cblock *ivec,int *num);
-#if 0
-void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,
-		       DES_cblock *out_white);
-#endif
-
-int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,
-		 DES_cblock *iv);
-int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched,
-		  DES_cblock *iv);
-char *DES_fcrypt(const char *buf,const char *salt, char *ret);
-char *DES_crypt(const char *buf,const char *salt);
-void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
-		     long length,DES_key_schedule *schedule,DES_cblock *ivec);
-void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output,
-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
-		      int enc);
-DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[],
-			long length,int out_count,DES_cblock *seed);
-int DES_random_key(DES_cblock *ret);
-void DES_set_odd_parity(DES_cblock *key);
-int DES_check_key_parity(const_DES_cblock *key);
-int DES_is_weak_key(const_DES_cblock *key);
-/* DES_set_key (= set_key = DES_key_sched = key_sched) calls
- * DES_set_key_checked if global variable DES_check_key is set,
- * DES_set_key_unchecked otherwise. */
-int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
-int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
-int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
-void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-#ifdef OPENSSL_FIPS
-void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-#endif
-void DES_string_to_key(const char *str,DES_cblock *key);
-void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
-void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-		       DES_key_schedule *schedule,DES_cblock *ivec,int *num,
-		       int enc);
-void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-		       DES_key_schedule *schedule,DES_cblock *ivec,int *num);
-
-int DES_read_password(DES_cblock *key, const char *prompt, int verify);
-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
-	int verify);
-
-#define DES_fixup_key_parity DES_set_odd_parity
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/des/des.pod b/crypto/des/des.pod
deleted file mode 100644
index bf479e83d2..0000000000
--- a/crypto/des/des.pod
+++ /dev/null
@@ -1,217 +0,0 @@
-=pod
-
-=head1 NAME
-
-des - encrypt or decrypt data using Data Encryption Standard
-
-=head1 SYNOPSIS
-
-B<des>
-(
-B<-e>
-|
-B<-E>
-) | (
-B<-d>
-|
-B<-D>
-) | (
-B<->[B<cC>][B<ckname>]
-) |
-[
-B<-b3hfs>
-] [
-B<-k>
-I<key>
-]
-] [
-B<-u>[I<uuname>]
-[
-I<input-file>
-[
-I<output-file>
-] ]
-
-=head1 NOTE
-
-This page describes the B<des> stand-alone program, not the B<openssl des>
-command.
-
-=head1 DESCRIPTION
-
-B<des>
-encrypts and decrypts data using the
-Data Encryption Standard algorithm.
-One of
-B<-e>, B<-E>
-(for encrypt) or
-B<-d>, B<-D>
-(for decrypt) must be specified.
-It is also possible to use
-B<-c>
-or
-B<-C>
-in conjunction or instead of the a encrypt/decrypt option to generate
-a 16 character hexadecimal checksum, generated via the
-I<des_cbc_cksum>.
-
-Two standard encryption modes are supported by the
-B<des>
-program, Cipher Block Chaining (the default) and Electronic Code Book
-(specified with
-B<-b>).
-
-The key used for the DES
-algorithm is obtained by prompting the user unless the
-B<-k>
-I<key>
-option is given.
-If the key is an argument to the
-B<des>
-command, it is potentially visible to users executing
-ps(1)
-or a derivative.  To minimise this possibility,
-B<des>
-takes care to destroy the key argument immediately upon entry.
-If your shell keeps a history file be careful to make sure it is not
-world readable.
-
-Since this program attempts to maintain compatibility with sunOS's
-des(1) command, there are 2 different methods used to convert the user
-supplied key to a des key.
-Whenever and one or more of
-B<-E>, B<-D>, B<-C>
-or
-B<-3>
-options are used, the key conversion procedure will not be compatible
-with the sunOS des(1) version but will use all the user supplied
-character to generate the des key.
-B<des>
-command reads from standard input unless
-I<input-file>
-is specified and writes to standard output unless
-I<output-file>
-is given.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-b>
-
-Select ECB
-(eight bytes at a time) encryption mode.
-
-=item B<-3>
-
-Encrypt using triple encryption.
-By default triple cbc encryption is used but if the
-B<-b>
-option is used then triple ECB encryption is performed.
-If the key is less than 8 characters long, the flag has no effect.
-
-=item B<-e>
-
-Encrypt data using an 8 byte key in a manner compatible with sunOS
-des(1).
-
-=item B<-E>
-
-Encrypt data using a key of nearly unlimited length (1024 bytes).
-This will product a more secure encryption.
-
-=item B<-d>
-
-Decrypt data that was encrypted with the B<-e> option.
-
-=item B<-D>
-
-Decrypt data that was encrypted with the B<-E> option.
-
-=item B<-c>
-
-Generate a 16 character hexadecimal cbc checksum and output this to
-stderr.
-If a filename was specified after the
-B<-c>
-option, the checksum is output to that file.
-The checksum is generated using a key generated in a sunOS compatible
-manner.
-
-=item B<-C>
-
-A cbc checksum is generated in the same manner as described for the
-B<-c>
-option but the DES key is generated in the same manner as used for the
-B<-E>
-and
-B<-D>
-options
-
-=item B<-f>
-
-Does nothing - allowed for compatibility with sunOS des(1) command.
-
-=item B<-s>
-
-Does nothing - allowed for compatibility with sunOS des(1) command.
-
-=item B<-k> I<key>
-
-Use the encryption 
-I<key>
-specified.
-
-=item B<-h>
-
-The
-I<key>
-is assumed to be a 16 character hexadecimal number.
-If the
-B<-3>
-option is used the key is assumed to be a 32 character hexadecimal
-number.
-
-=item B<-u>
-
-This flag is used to read and write uuencoded files.  If decrypting,
-the input file is assumed to contain uuencoded, DES encrypted data.
-If encrypting, the characters following the B<-u> are used as the name of
-the uuencoded file to embed in the begin line of the uuencoded
-output.  If there is no name specified after the B<-u>, the name text.des
-will be embedded in the header.
-
-=head1 SEE ALSO
-
-ps(1),
-L<des_crypt(3)|des_crypt(3)>
-
-=head1 BUGS
-
-The problem with using the
-B<-e>
-option is the short key length.
-It would be better to use a real 56-bit key rather than an
-ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
-radically reduces the time necessary for a brute-force cryptographic attack.
-My attempt to remove this problem is to add an alternative text-key to
-DES-key function.  This alternative function (accessed via
-B<-E>, B<-D>, B<-S>
-and
-B<-3>)
-uses DES to help generate the key.
-
-Be carefully when using the B<-u> option.  Doing B<des -ud> I<filename> will
-not decrypt filename (the B<-u> option will gobble the B<-d> option).
-
-The VMS operating system operates in a world where files are always a
-multiple of 512 bytes.  This causes problems when encrypted data is
-send from Unix to VMS since a 88 byte file will suddenly be padded
-with 424 null bytes.  To get around this problem, use the B<-u> option
-to uuencode the data before it is send to the VMS system.
-
-=head1 AUTHOR
-
-Eric Young (eay@cryptsoft.com)
-
-=cut
diff --git a/crypto/des/des3s.cpp b/crypto/des/des3s.cpp
deleted file mode 100644
index 02d527c057..0000000000
--- a/crypto/des/des3s.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
-  asm volatile(".byte 15, 49\n\t"
-	       : "=eax" (tsc)
-	       :
-	       : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
-  unsigned long a;
-  __asm _emit 0fh
-  __asm _emit 31h
-  __asm mov a, eax;
-  tsc=a;
-}
-#endif      
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/des.h>
-
-void main(int argc,char *argv[])
-	{
-	des_key_schedule key1,key2,key3;
-	unsigned long s1,s2,e1,e2;
-	unsigned long data[2];
-	int i,j;
-
-	for (j=0; j<6; j++)
-		{
-		for (i=0; i<1000; i++) /**/
-			{
-			des_encrypt3(&data[0],key1,key2,key3);
-			GetTSC(s1);
-			des_encrypt3(&data[0],key1,key2,key3);
-			des_encrypt3(&data[0],key1,key2,key3);
-			des_encrypt3(&data[0],key1,key2,key3);
-			GetTSC(e1);
-			GetTSC(s2);
-			des_encrypt3(&data[0],key1,key2,key3);
-			des_encrypt3(&data[0],key1,key2,key3);
-			des_encrypt3(&data[0],key1,key2,key3);
-			des_encrypt3(&data[0],key1,key2,key3);
-			GetTSC(e2);
-			des_encrypt3(&data[0],key1,key2,key3);
-			}
-
-		printf("des %d %d (%d)\n",
-			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
-		}
-	}
-
diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c
deleted file mode 100644
index 828feba208..0000000000
--- a/crypto/des/des_enc.c
+++ /dev/null
@@ -1,400 +0,0 @@
-/* crypto/des/des_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include "spr.h"
-
-void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
-	{
-	register DES_LONG l,r,t,u;
-#ifdef DES_PTR
-	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
-#endif
-#ifndef DES_UNROLL
-	register int i;
-#endif
-	register DES_LONG *s;
-
-	r=data[0];
-	l=data[1];
-
-	IP(r,l);
-	/* Things have been modified so that the initial rotate is
-	 * done outside the loop.  This required the
-	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
-	 * One perl script later and things have a 5% speed up on a sparc2.
-	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-	 * for pointing this out. */
-	/* clear the top bits on machines with 8byte longs */
-	/* shift left by 2 */
-	r=ROTATE(r,29)&0xffffffffL;
-	l=ROTATE(l,29)&0xffffffffL;
-
-	s=ks->ks->deslong;
-	/* I don't know if it is worth the effort of loop unrolling the
-	 * inner loop */
-	if (enc)
-		{
-#ifdef DES_UNROLL
-		D_ENCRYPT(l,r, 0); /*  1 */
-		D_ENCRYPT(r,l, 2); /*  2 */
-		D_ENCRYPT(l,r, 4); /*  3 */
-		D_ENCRYPT(r,l, 6); /*  4 */
-		D_ENCRYPT(l,r, 8); /*  5 */
-		D_ENCRYPT(r,l,10); /*  6 */
-		D_ENCRYPT(l,r,12); /*  7 */
-		D_ENCRYPT(r,l,14); /*  8 */
-		D_ENCRYPT(l,r,16); /*  9 */
-		D_ENCRYPT(r,l,18); /*  10 */
-		D_ENCRYPT(l,r,20); /*  11 */
-		D_ENCRYPT(r,l,22); /*  12 */
-		D_ENCRYPT(l,r,24); /*  13 */
-		D_ENCRYPT(r,l,26); /*  14 */
-		D_ENCRYPT(l,r,28); /*  15 */
-		D_ENCRYPT(r,l,30); /*  16 */
-#else
-		for (i=0; i<32; i+=4)
-			{
-			D_ENCRYPT(l,r,i+0); /*  1 */
-			D_ENCRYPT(r,l,i+2); /*  2 */
-			}
-#endif
-		}
-	else
-		{
-#ifdef DES_UNROLL
-		D_ENCRYPT(l,r,30); /* 16 */
-		D_ENCRYPT(r,l,28); /* 15 */
-		D_ENCRYPT(l,r,26); /* 14 */
-		D_ENCRYPT(r,l,24); /* 13 */
-		D_ENCRYPT(l,r,22); /* 12 */
-		D_ENCRYPT(r,l,20); /* 11 */
-		D_ENCRYPT(l,r,18); /* 10 */
-		D_ENCRYPT(r,l,16); /*  9 */
-		D_ENCRYPT(l,r,14); /*  8 */
-		D_ENCRYPT(r,l,12); /*  7 */
-		D_ENCRYPT(l,r,10); /*  6 */
-		D_ENCRYPT(r,l, 8); /*  5 */
-		D_ENCRYPT(l,r, 6); /*  4 */
-		D_ENCRYPT(r,l, 4); /*  3 */
-		D_ENCRYPT(l,r, 2); /*  2 */
-		D_ENCRYPT(r,l, 0); /*  1 */
-#else
-		for (i=30; i>0; i-=4)
-			{
-			D_ENCRYPT(l,r,i-0); /* 16 */
-			D_ENCRYPT(r,l,i-2); /* 15 */
-			}
-#endif
-		}
-
-	/* rotate and clear the top bits on machines with 8byte longs */
-	l=ROTATE(l,3)&0xffffffffL;
-	r=ROTATE(r,3)&0xffffffffL;
-
-	FP(r,l);
-	data[0]=l;
-	data[1]=r;
-	l=r=t=u=0;
-	}
-
-void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
-	{
-	register DES_LONG l,r,t,u;
-#ifdef DES_PTR
-	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
-#endif
-#ifndef DES_UNROLL
-	register int i;
-#endif
-	register DES_LONG *s;
-
-	r=data[0];
-	l=data[1];
-
-	/* Things have been modified so that the initial rotate is
-	 * done outside the loop.  This required the
-	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
-	 * One perl script later and things have a 5% speed up on a sparc2.
-	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-	 * for pointing this out. */
-	/* clear the top bits on machines with 8byte longs */
-	r=ROTATE(r,29)&0xffffffffL;
-	l=ROTATE(l,29)&0xffffffffL;
-
-	s=ks->ks->deslong;
-	/* I don't know if it is worth the effort of loop unrolling the
-	 * inner loop */
-	if (enc)
-		{
-#ifdef DES_UNROLL
-		D_ENCRYPT(l,r, 0); /*  1 */
-		D_ENCRYPT(r,l, 2); /*  2 */
-		D_ENCRYPT(l,r, 4); /*  3 */
-		D_ENCRYPT(r,l, 6); /*  4 */
-		D_ENCRYPT(l,r, 8); /*  5 */
-		D_ENCRYPT(r,l,10); /*  6 */
-		D_ENCRYPT(l,r,12); /*  7 */
-		D_ENCRYPT(r,l,14); /*  8 */
-		D_ENCRYPT(l,r,16); /*  9 */
-		D_ENCRYPT(r,l,18); /*  10 */
-		D_ENCRYPT(l,r,20); /*  11 */
-		D_ENCRYPT(r,l,22); /*  12 */
-		D_ENCRYPT(l,r,24); /*  13 */
-		D_ENCRYPT(r,l,26); /*  14 */
-		D_ENCRYPT(l,r,28); /*  15 */
-		D_ENCRYPT(r,l,30); /*  16 */
-#else
-		for (i=0; i<32; i+=4)
-			{
-			D_ENCRYPT(l,r,i+0); /*  1 */
-			D_ENCRYPT(r,l,i+2); /*  2 */
-			}
-#endif
-		}
-	else
-		{
-#ifdef DES_UNROLL
-		D_ENCRYPT(l,r,30); /* 16 */
-		D_ENCRYPT(r,l,28); /* 15 */
-		D_ENCRYPT(l,r,26); /* 14 */
-		D_ENCRYPT(r,l,24); /* 13 */
-		D_ENCRYPT(l,r,22); /* 12 */
-		D_ENCRYPT(r,l,20); /* 11 */
-		D_ENCRYPT(l,r,18); /* 10 */
-		D_ENCRYPT(r,l,16); /*  9 */
-		D_ENCRYPT(l,r,14); /*  8 */
-		D_ENCRYPT(r,l,12); /*  7 */
-		D_ENCRYPT(l,r,10); /*  6 */
-		D_ENCRYPT(r,l, 8); /*  5 */
-		D_ENCRYPT(l,r, 6); /*  4 */
-		D_ENCRYPT(r,l, 4); /*  3 */
-		D_ENCRYPT(l,r, 2); /*  2 */
-		D_ENCRYPT(r,l, 0); /*  1 */
-#else
-		for (i=30; i>0; i-=4)
-			{
-			D_ENCRYPT(l,r,i-0); /* 16 */
-			D_ENCRYPT(r,l,i-2); /* 15 */
-			}
-#endif
-		}
-	/* rotate and clear the top bits on machines with 8byte longs */
-	data[0]=ROTATE(l,3)&0xffffffffL;
-	data[1]=ROTATE(r,3)&0xffffffffL;
-	l=r=t=u=0;
-	}
-
-void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
-		  DES_key_schedule *ks2, DES_key_schedule *ks3)
-	{
-	register DES_LONG l,r;
-
-	l=data[0];
-	r=data[1];
-	IP(l,r);
-	data[0]=l;
-	data[1]=r;
-	DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
-	DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
-	DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
-	l=data[0];
-	r=data[1];
-	FP(r,l);
-	data[0]=l;
-	data[1]=r;
-	}
-
-void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
-		  DES_key_schedule *ks2, DES_key_schedule *ks3)
-	{
-	register DES_LONG l,r;
-
-	l=data[0];
-	r=data[1];
-	IP(l,r);
-	data[0]=l;
-	data[1]=r;
-	DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
-	DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
-	DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
-	l=data[0];
-	r=data[1];
-	FP(r,l);
-	data[0]=l;
-	data[1]=r;
-	}
-
-#ifndef DES_DEFAULT_OPTIONS
-
-#undef CBC_ENC_C__DONT_UPDATE_IV
-#include "ncbc_enc.c" /* DES_ncbc_encrypt */
-
-void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
-			  long length, DES_key_schedule *ks1,
-			  DES_key_schedule *ks2, DES_key_schedule *ks3,
-			  DES_cblock *ivec, int enc)
-	{
-	register DES_LONG tin0,tin1;
-	register DES_LONG tout0,tout1,xor0,xor1;
-	register const unsigned char *in;
-	unsigned char *out;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *iv;
-
-	in=input;
-	out=output;
-	iv = &(*ivec)[0];
-
-	if (enc)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0;
-			tin1^=tout1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			l2c(tout0,out);
-			l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0;
-			tin1^=tout1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			l2c(tout0,out);
-			l2c(tout1,out);
-			}
-		iv = &(*ivec)[0];
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-		}
-	else
-		{
-		register DES_LONG t0,t1;
-
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-
-			t0=tin0;
-			t1=tin1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			tout0^=xor0;
-			tout1^=xor1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=t0;
-			xor1=t1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			
-			t0=tin0;
-			t1=tin1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-		
-			tout0^=xor0;
-			tout1^=xor1;
-			l2cn(tout0,tout1,out,l+8);
-			xor0=t0;
-			xor1=t1;
-			}
-
-		iv = &(*ivec)[0];
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
-
-#endif /* DES_DEFAULT_OPTIONS */
diff --git a/crypto/des/des_locl.h b/crypto/des/des_locl.h
deleted file mode 100644
index a3b512e9b0..0000000000
--- a/crypto/des/des_locl.h
+++ /dev/null
@@ -1,432 +0,0 @@
-/* crypto/des/des_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DES_LOCL_H
-#define HEADER_DES_LOCL_H
-
-#include <openssl/e_os2.h>
-
-#if defined(OPENSSL_SYS_WIN32)
-#ifndef OPENSSL_SYS_MSDOS
-#define OPENSSL_SYS_MSDOS
-#endif
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#ifndef OPENSSL_SYS_MSDOS
-#if !defined(OPENSSL_SYS_VMS) || defined(__DECC)
-#ifdef OPENSSL_UNISTD
-# include OPENSSL_UNISTD
-#else
-# include <unistd.h>
-#endif
-#include <math.h>
-#endif
-#endif
-#include <openssl/des.h>
-
-#ifdef OPENSSL_SYS_MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
-#include <stdlib.h>
-#include <errno.h>
-#include <time.h>
-#include <io.h>
-#endif
-
-#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS)
-#include <string.h>
-#endif
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#define ITERATIONS 16
-#define HALF_ITERATIONS 8
-
-/* used in des_read and des_write */
-#define MAXWRITE	(1024*16)
-#define BSIZE		(MAXWRITE+4)
-
-#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
-			 l|=((DES_LONG)(*((c)++)))<< 8L, \
-			 l|=((DES_LONG)(*((c)++)))<<16L, \
-			 l|=((DES_LONG)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
-			case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
-			case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
-			case 5: l2|=((DES_LONG)(*(--(c))));     \
-			case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
-			case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
-			case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
-			case 1: l1|=((DES_LONG)(*(--(c))));     \
-				} \
-			}
-
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* replacements for htonl and ntohl since I have no idea what to do
- * when faced with machines with 8 byte longs. */
-#define HDRSIZE 4
-
-#define n2l(c,l)	(l =((DES_LONG)(*((c)++)))<<24L, \
-			 l|=((DES_LONG)(*((c)++)))<<16L, \
-			 l|=((DES_LONG)(*((c)++)))<< 8L, \
-			 l|=((DES_LONG)(*((c)++))))
-
-#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)     )&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-				} \
-			}
-
-#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC)
-#define	ROTATE(a,n)	(_lrotr(a,n))
-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#  define ROTATE(a,n)	({ register unsigned int ret;	\
-				asm ("rorl %1,%0"	\
-					: "=r"(ret)	\
-					: "I"(n),"0"(a)	\
-					: "cc");	\
-			   ret;				\
-			})
-# endif
-#endif
-#ifndef ROTATE
-#define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))
-#endif
-
-/* Don't worry about the LOAD_DATA() stuff, that is used by
- * fcrypt() to add it's little bit to the front */
-
-#ifdef DES_FCRYPT
-
-#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
-	{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
-
-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
-	t=R^(R>>16L); \
-	u=t&E0; t&=E1; \
-	tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
-	tmp=(t<<16); t^=R^s[S+1]; t^=tmp
-#else
-#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
-	u=R^s[S  ]; \
-	t=R^s[S+1]
-#endif
-
-/* The changes to this macro may help or hinder, depending on the
- * compiler and the architecture.  gcc2 always seems to do well :-).
- * Inspired by Dana How <how@isl.stanford.edu>
- * DO NOT use the alternative version on machines with 8 byte longs.
- * It does not seem to work on the Alpha, even when DES_LONG is 4
- * bytes, probably an issue of accessing non-word aligned objects :-( */
-#ifdef DES_PTR
-
-/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
- * is no reason to not xor all the sub items together.  This potentially
- * saves a register since things can be xored directly into L */
-
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-#define D_ENCRYPT(LL,R,S) { \
-	unsigned int u1,u2,u3; \
-	LOAD_DATA(R,S,u,t,E0,E1,u1); \
-	u2=(int)u>>8L; \
-	u1=(int)u&0xfc; \
-	u2&=0xfc; \
-	t=ROTATE(t,4); \
-	u>>=16L; \
-	LL^= *(const DES_LONG *)(des_SP      +u1); \
-	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
-	u3=(int)(u>>8L); \
-	u1=(int)u&0xfc; \
-	u3&=0xfc; \
-	LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
-	LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
-	u2=(int)t>>8L; \
-	u1=(int)t&0xfc; \
-	u2&=0xfc; \
-	t>>=16L; \
-	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
-	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
-	u3=(int)t>>8L; \
-	u1=(int)t&0xfc; \
-	u3&=0xfc; \
-	LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
-	LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
-#endif
-#ifdef DES_RISC2
-#define D_ENCRYPT(LL,R,S) { \
-	unsigned int u1,u2,s1,s2; \
-	LOAD_DATA(R,S,u,t,E0,E1,u1); \
-	u2=(int)u>>8L; \
-	u1=(int)u&0xfc; \
-	u2&=0xfc; \
-	t=ROTATE(t,4); \
-	LL^= *(const DES_LONG *)(des_SP      +u1); \
-	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
-	s1=(int)(u>>16L); \
-	s2=(int)(u>>24L); \
-	s1&=0xfc; \
-	s2&=0xfc; \
-	LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
-	LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
-	u2=(int)t>>8L; \
-	u1=(int)t&0xfc; \
-	u2&=0xfc; \
-	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
-	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
-	s1=(int)(t>>16L); \
-	s2=(int)(t>>24L); \
-	s1&=0xfc; \
-	s2&=0xfc; \
-	LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
-	LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
-#endif
-#else
-#define D_ENCRYPT(LL,R,S) { \
-	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
-	t=ROTATE(t,4); \
-	LL^= \
-	*(const DES_LONG *)(des_SP      +((u     )&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x100+((t     )&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
-	*(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
-#endif
-
-#else /* original version */
-
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-#define D_ENCRYPT(LL,R,S) {\
-	unsigned int u1,u2,u3; \
-	LOAD_DATA(R,S,u,t,E0,E1,u1); \
-	u>>=2L; \
-	t=ROTATE(t,6); \
-	u2=(int)u>>8L; \
-	u1=(int)u&0x3f; \
-	u2&=0x3f; \
-	u>>=16L; \
-	LL^=DES_SPtrans[0][u1]; \
-	LL^=DES_SPtrans[2][u2]; \
-	u3=(int)u>>8L; \
-	u1=(int)u&0x3f; \
-	u3&=0x3f; \
-	LL^=DES_SPtrans[4][u1]; \
-	LL^=DES_SPtrans[6][u3]; \
-	u2=(int)t>>8L; \
-	u1=(int)t&0x3f; \
-	u2&=0x3f; \
-	t>>=16L; \
-	LL^=DES_SPtrans[1][u1]; \
-	LL^=DES_SPtrans[3][u2]; \
-	u3=(int)t>>8L; \
-	u1=(int)t&0x3f; \
-	u3&=0x3f; \
-	LL^=DES_SPtrans[5][u1]; \
-	LL^=DES_SPtrans[7][u3]; }
-#endif
-#ifdef DES_RISC2
-#define D_ENCRYPT(LL,R,S) {\
-	unsigned int u1,u2,s1,s2; \
-	LOAD_DATA(R,S,u,t,E0,E1,u1); \
-	u>>=2L; \
-	t=ROTATE(t,6); \
-	u2=(int)u>>8L; \
-	u1=(int)u&0x3f; \
-	u2&=0x3f; \
-	LL^=DES_SPtrans[0][u1]; \
-	LL^=DES_SPtrans[2][u2]; \
-	s1=(int)u>>16L; \
-	s2=(int)u>>24L; \
-	s1&=0x3f; \
-	s2&=0x3f; \
-	LL^=DES_SPtrans[4][s1]; \
-	LL^=DES_SPtrans[6][s2]; \
-	u2=(int)t>>8L; \
-	u1=(int)t&0x3f; \
-	u2&=0x3f; \
-	LL^=DES_SPtrans[1][u1]; \
-	LL^=DES_SPtrans[3][u2]; \
-	s1=(int)t>>16; \
-	s2=(int)t>>24L; \
-	s1&=0x3f; \
-	s2&=0x3f; \
-	LL^=DES_SPtrans[5][s1]; \
-	LL^=DES_SPtrans[7][s2]; }
-#endif
-
-#else
-
-#define D_ENCRYPT(LL,R,S) {\
-	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
-	t=ROTATE(t,4); \
-	LL^=\
-		DES_SPtrans[0][(u>> 2L)&0x3f]^ \
-		DES_SPtrans[2][(u>>10L)&0x3f]^ \
-		DES_SPtrans[4][(u>>18L)&0x3f]^ \
-		DES_SPtrans[6][(u>>26L)&0x3f]^ \
-		DES_SPtrans[1][(t>> 2L)&0x3f]^ \
-		DES_SPtrans[3][(t>>10L)&0x3f]^ \
-		DES_SPtrans[5][(t>>18L)&0x3f]^ \
-		DES_SPtrans[7][(t>>26L)&0x3f]; }
-#endif
-#endif
-
-	/* IP and FP
-	 * The problem is more of a geometric problem that random bit fiddling.
-	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
-	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
-	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
-	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
-
-	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
-	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
-	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
-	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
-
-	The output has been subject to swaps of the form
-	0 1 -> 3 1 but the odd and even bits have been put into
-	2 3    2 0
-	different words.  The main trick is to remember that
-	t=((l>>size)^r)&(mask);
-	r^=t;
-	l^=(t<<size);
-	can be used to swap and move bits between words.
-
-	So l =  0  1  2  3  r = 16 17 18 19
-	        4  5  6  7      20 21 22 23
-	        8  9 10 11      24 25 26 27
-	       12 13 14 15      28 29 30 31
-	becomes (for size == 2 and mask == 0x3333)
-	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
-		 6^20  7^21 -- --        4  5 20 21       6  7 22 23
-		10^24 11^25 -- --        8  9 24 25      10 11 24 25
-		14^28 15^29 -- --       12 13 28 29      14 15 28 29
-
-	Thanks for hints from Richard Outerbridge - he told me IP&FP
-	could be done in 15 xor, 10 shifts and 5 ands.
-	When I finally started to think of the problem in 2D
-	I first got ~42 operations without xors.  When I remembered
-	how to use xors :-) I got it to its final state.
-	*/
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-	(b)^=(t),\
-	(a)^=((t)<<(n)))
-
-#define IP(l,r) \
-	{ \
-	register DES_LONG tt; \
-	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
-	PERM_OP(l,r,tt,16,0x0000ffffL); \
-	PERM_OP(r,l,tt, 2,0x33333333L); \
-	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
-	PERM_OP(r,l,tt, 1,0x55555555L); \
-	}
-
-#define FP(l,r) \
-	{ \
-	register DES_LONG tt; \
-	PERM_OP(l,r,tt, 1,0x55555555L); \
-	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
-	PERM_OP(l,r,tt, 2,0x33333333L); \
-	PERM_OP(r,l,tt,16,0x0000ffffL); \
-	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
-	}
-
-extern const DES_LONG DES_SPtrans[8][64];
-
-void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
-		 DES_LONG Eswap0, DES_LONG Eswap1);
-
-#ifdef OPENSSL_SMALL_FOOTPRINT
-#undef DES_UNROLL
-#endif
-#endif
diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c
deleted file mode 100644
index 7c33ed7a93..0000000000
--- a/crypto/des/des_old.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with libdes.  OpenSSL now provides
- * functions where "des_" has been replaced with "DES_" in the names,
- * to make it possible to make incompatible changes that are needed
- * for C type security and other stuff.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones.  The des_ functions will dissapear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_DES_LIBDES_COMPATIBILITY
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-const char *_ossl_old_des_options(void)
-	{
-	return DES_options();
-	}
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	des_key_schedule ks1,des_key_schedule ks2,
-	des_key_schedule ks3, int enc)
-	{
-	DES_ecb3_encrypt((const_DES_cblock *)input, output,
-		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-		(DES_key_schedule *)ks3, enc);
-	}
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
-	{
-	return DES_cbc_cksum((unsigned char *)input, output, length,
-		(DES_key_schedule *)schedule, ivec);
-	}
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
-	{
-	DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
-		length, (DES_key_schedule *)schedule, ivec, enc);
-	}
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
-	{
-	DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,
-		length, (DES_key_schedule *)schedule, ivec, enc);
-	}
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	des_key_schedule schedule,_ossl_old_des_cblock *ivec,
-	_ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc)
-	{
-	DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,
-		length, (DES_key_schedule *)schedule, ivec, inw, outw, enc);
-	}
-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
-	long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
-	{
-	DES_cfb_encrypt(in, out, numbits, length,
-		(DES_key_schedule *)schedule, ivec, enc);
-	}
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	des_key_schedule ks,int enc)
-	{
-	DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);
-	}
-void _ossl_old_des_encrypt(DES_LONG *data,des_key_schedule ks, int enc)
-	{
-	DES_encrypt1(data, (DES_key_schedule *)ks, enc);
-	}
-void _ossl_old_des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc)
-	{
-	DES_encrypt2(data, (DES_key_schedule *)ks, enc);
-	}
-void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3)
-	{
-	DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-		(DES_key_schedule *)ks3);
-	}
-void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3)
-	{
-	DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-		(DES_key_schedule *)ks3);
-	}
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
-	long length, des_key_schedule ks1, des_key_schedule ks2, 
-	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc)
-	{
-	DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
-		length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-		(DES_key_schedule *)ks3, ivec, enc);
-	}
-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc)
-	{
-	DES_ede3_cfb64_encrypt(in, out, length,
-		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-		(DES_key_schedule *)ks3, ivec, num, enc);
-	}
-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num)
-	{
-	DES_ede3_ofb64_encrypt(in, out, length,
-		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-		(DES_key_schedule *)ks3, ivec, num);
-	}
-
-#if 0 /* broken code, preserved just in case anyone specifically looks for this */
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
-	_ossl_old_des_cblock (*out_white))
-	{
-	DES_xwhite_in2out(des_key, in_white, out_white);
-	}
-#endif
-
-int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
-	_ossl_old_des_cblock *iv)
-	{
-	return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);
-	}
-int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
-	_ossl_old_des_cblock *iv)
-	{
-	return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);
-	}
-char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret)
-	{
-	return DES_fcrypt(buf, salt, ret);
-	}
-char *_ossl_old_des_crypt(const char *buf,const char *salt)
-	{
-	return DES_crypt(buf, salt);
-	}
-char *_ossl_old_crypt(const char *buf,const char *salt)
-	{
-	return DES_crypt(buf, salt);
-	}
-void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
-	int numbits,long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
-	{
-	DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,
-		ivec);
-	}
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
-	{
-	DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,
-		length, (DES_key_schedule *)schedule, ivec, enc);
-	}
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	long length,int out_count,_ossl_old_des_cblock *seed)
-	{
-	return DES_quad_cksum((unsigned char *)input, output, length,
-		out_count, seed);
-	}
-void _ossl_old_des_random_seed(_ossl_old_des_cblock key)
-	{
-	RAND_seed(key, sizeof(_ossl_old_des_cblock));
-	}
-void _ossl_old_des_random_key(_ossl_old_des_cblock ret)
-	{
-	DES_random_key((DES_cblock *)ret);
-	}
-int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
-				int verify)
-	{
-	return DES_read_password(key, prompt, verify);
-	}
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, _ossl_old_des_cblock *key2,
-	const char *prompt, int verify)
-	{
-	return DES_read_2passwords(key1, key2, prompt, verify);
-	}
-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key)
-	{
-	DES_set_odd_parity(key);
-	}
-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key)
-	{
-	return DES_is_weak_key(key);
-	}
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,des_key_schedule schedule)
-	{
-	return DES_set_key(key, (DES_key_schedule *)schedule);
-	}
-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,des_key_schedule schedule)
-	{
-	return DES_key_sched(key, (DES_key_schedule *)schedule);
-	}
-void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key)
-	{
-	DES_string_to_key(str, key);
-	}
-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2)
-	{
-	DES_string_to_2keys(str, key1, key2);
-	}
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc)
-	{
-	DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
-		ivec, num, enc);
-	}
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num)
-	{
-	DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
-		ivec, num);
-	}
diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h
deleted file mode 100644
index 2b2c372354..0000000000
--- a/crypto/des/des_old.h
+++ /dev/null
@@ -1,446 +0,0 @@
-/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with openssl 0.9.6 and older as
- * well as libdes.  OpenSSL now provides functions where "des_" has
- * been replaced with "DES_" in the names, to make it possible to
- * make incompatible changes that are needed for C type security and
- * other stuff.
- *
- * This include files has two compatibility modes:
- *
- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
- *     that is compatible with libdes and SSLeay.
- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
- *     API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
- *
- * Note that these modes break earlier snapshots of OpenSSL, where
- * libdes compatibility was the only available mode or (later on) the
- * prefered compatibility mode.  However, after much consideration
- * (and more or less violent discussions with external parties), it
- * was concluded that OpenSSL should be compatible with earlier versions
- * of itself before anything else.  Also, in all honesty, libdes is
- * an old beast that shouldn't really be used any more.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones.  The des_ functions will disappear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
-
-#include <openssl/e_os2.h>	/* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
-
-#ifdef OPENSSL_NO_DES
-#error DES is disabled.
-#endif
-
-#ifndef HEADER_NEW_DES_H
-#error You must include des.h, not des_old.h directly.
-#endif
-
-#ifdef _KERBEROS_DES_H
-#error <openssl/des_old.h> replaces <kerberos/des.h>.
-#endif
-
-#include <openssl/symhacks.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef _
-#undef _
-#endif
-
-typedef unsigned char _ossl_old_des_cblock[8];
-typedef struct _ossl_old_des_ks_struct
-	{
-	union	{
-		_ossl_old_des_cblock _;
-		/* make sure things are correct size on machines with
-		 * 8 byte longs */
-		DES_LONG pad[2];
-		} ks;
-	} _ossl_old_des_key_schedule[16];
-
-#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
-#define des_cblock DES_cblock
-#define const_des_cblock const_DES_cblock
-#define des_key_schedule DES_key_schedule
-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
-	DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
-	DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
-#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
-	DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
-	DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
-	DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
-#define des_options()\
-	DES_options()
-#define des_cbc_cksum(i,o,l,k,iv)\
-	DES_cbc_cksum((i),(o),(l),&(k),(iv))
-#define des_cbc_encrypt(i,o,l,k,iv,e)\
-	DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#define des_ncbc_encrypt(i,o,l,k,iv,e)\
-	DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
-	DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
-	DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
-#define des_ecb_encrypt(i,o,k,e)\
-	DES_ecb_encrypt((i),(o),&(k),(e))
-#define des_encrypt1(d,k,e)\
-	DES_encrypt1((d),&(k),(e))
-#define des_encrypt2(d,k,e)\
-	DES_encrypt2((d),&(k),(e))
-#define des_encrypt3(d,k1,k2,k3)\
-	DES_encrypt3((d),&(k1),&(k2),&(k3))
-#define des_decrypt3(d,k1,k2,k3)\
-	DES_decrypt3((d),&(k1),&(k2),&(k3))
-#define des_xwhite_in2out(k,i,o)\
-	DES_xwhite_in2out((k),(i),(o))
-#define des_enc_read(f,b,l,k,iv)\
-	DES_enc_read((f),(b),(l),&(k),(iv))
-#define des_enc_write(f,b,l,k,iv)\
-	DES_enc_write((f),(b),(l),&(k),(iv))
-#define des_fcrypt(b,s,r)\
-	DES_fcrypt((b),(s),(r))
-#if 0
-#define des_crypt(b,s)\
-	DES_crypt((b),(s))
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
-#define crypt(b,s)\
-	DES_crypt((b),(s))
-#endif
-#endif
-#define des_ofb_encrypt(i,o,n,l,k,iv)\
-	DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
-#define des_pcbc_encrypt(i,o,l,k,iv,e)\
-	DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#define des_quad_cksum(i,o,l,c,s)\
-	DES_quad_cksum((i),(o),(l),(c),(s))
-#define des_random_seed(k)\
-	_ossl_096_des_random_seed((k))
-#define des_random_key(r)\
-	DES_random_key((r))
-#define des_read_password(k,p,v) \
-	DES_read_password((k),(p),(v))
-#define des_read_2passwords(k1,k2,p,v) \
-	DES_read_2passwords((k1),(k2),(p),(v))
-#define des_set_odd_parity(k)\
-	DES_set_odd_parity((k))
-#define des_check_key_parity(k)\
-	DES_check_key_parity((k))
-#define des_is_weak_key(k)\
-	DES_is_weak_key((k))
-#define des_set_key(k,ks)\
-	DES_set_key((k),&(ks))
-#define des_key_sched(k,ks)\
-	DES_key_sched((k),&(ks))
-#define des_set_key_checked(k,ks)\
-	DES_set_key_checked((k),&(ks))
-#define des_set_key_unchecked(k,ks)\
-	DES_set_key_unchecked((k),&(ks))
-#define des_string_to_key(s,k)\
-	DES_string_to_key((s),(k))
-#define des_string_to_2keys(s,k1,k2)\
-	DES_string_to_2keys((s),(k1),(k2))
-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
-	DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
-	DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
-		
-
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define des_check_key DES_check_key
-#define des_rw_mode DES_rw_mode
-#else /* libdes compatibility */
-/* Map all symbol names to _ossl_old_des_* form, so we avoid all
-   clashes with libdes */
-#define des_cblock _ossl_old_des_cblock
-#define des_key_schedule _ossl_old_des_key_schedule
-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
-	_ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
-	_ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
-	_ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
-	_ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
-#define des_options()\
-	_ossl_old_des_options()
-#define des_cbc_cksum(i,o,l,k,iv)\
-	_ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
-#define des_cbc_encrypt(i,o,l,k,iv,e)\
-	_ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
-#define des_ncbc_encrypt(i,o,l,k,iv,e)\
-	_ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
-	_ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
-	_ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
-#define des_ecb_encrypt(i,o,k,e)\
-	_ossl_old_des_ecb_encrypt((i),(o),(k),(e))
-#define des_encrypt(d,k,e)\
-	_ossl_old_des_encrypt((d),(k),(e))
-#define des_encrypt2(d,k,e)\
-	_ossl_old_des_encrypt2((d),(k),(e))
-#define des_encrypt3(d,k1,k2,k3)\
-	_ossl_old_des_encrypt3((d),(k1),(k2),(k3))
-#define des_decrypt3(d,k1,k2,k3)\
-	_ossl_old_des_decrypt3((d),(k1),(k2),(k3))
-#define des_xwhite_in2out(k,i,o)\
-	_ossl_old_des_xwhite_in2out((k),(i),(o))
-#define des_enc_read(f,b,l,k,iv)\
-	_ossl_old_des_enc_read((f),(b),(l),(k),(iv))
-#define des_enc_write(f,b,l,k,iv)\
-	_ossl_old_des_enc_write((f),(b),(l),(k),(iv))
-#define des_fcrypt(b,s,r)\
-	_ossl_old_des_fcrypt((b),(s),(r))
-#define des_crypt(b,s)\
-	_ossl_old_des_crypt((b),(s))
-#if 0
-#define crypt(b,s)\
-	_ossl_old_crypt((b),(s))
-#endif
-#define des_ofb_encrypt(i,o,n,l,k,iv)\
-	_ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
-#define des_pcbc_encrypt(i,o,l,k,iv,e)\
-	_ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
-#define des_quad_cksum(i,o,l,c,s)\
-	_ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
-#define des_random_seed(k)\
-	_ossl_old_des_random_seed((k))
-#define des_random_key(r)\
-	_ossl_old_des_random_key((r))
-#define des_read_password(k,p,v) \
-	_ossl_old_des_read_password((k),(p),(v))
-#define des_read_2passwords(k1,k2,p,v) \
-	_ossl_old_des_read_2passwords((k1),(k2),(p),(v))
-#define des_set_odd_parity(k)\
-	_ossl_old_des_set_odd_parity((k))
-#define des_is_weak_key(k)\
-	_ossl_old_des_is_weak_key((k))
-#define des_set_key(k,ks)\
-	_ossl_old_des_set_key((k),(ks))
-#define des_key_sched(k,ks)\
-	_ossl_old_des_key_sched((k),(ks))
-#define des_string_to_key(s,k)\
-	_ossl_old_des_string_to_key((s),(k))
-#define des_string_to_2keys(s,k1,k2)\
-	_ossl_old_des_string_to_2keys((s),(k1),(k2))
-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
-	_ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
-	_ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
-		
-
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define des_check_key DES_check_key
-#define des_rw_mode DES_rw_mode
-#endif
-
-const char *_ossl_old_des_options(void);
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	_ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2,
-	_ossl_old_des_key_schedule ks3, int enc);
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,
-	_ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc);
-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
-	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	_ossl_old_des_key_schedule ks,int enc);
-void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
-void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
-void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, 
-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc);
-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);
-#if 0
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
-	_ossl_old_des_cblock (*out_white));
-#endif
-
-int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
-	_ossl_old_des_cblock *iv);
-int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
-	_ossl_old_des_cblock *iv);
-char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret);
-char *_ossl_old_des_crypt(const char *buf,const char *salt);
-#if !defined(PERL5) && !defined(NeXT)
-char *_ossl_old_crypt(const char *buf,const char *salt);
-#endif
-void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
-	int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	long length,int out_count,_ossl_old_des_cblock *seed);
-void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
-void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
-int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify);
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2,
-	const char *prompt,int verify);
-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
-void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key);
-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2);
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc);
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num);
-
-void _ossl_096_des_random_seed(des_cblock *key);
-
-/* The following definitions provide compatibility with the MIT Kerberos
- * library. The _ossl_old_des_key_schedule structure is not binary compatible. */
-
-#define _KERBEROS_DES_H
-
-#define KRBDES_ENCRYPT DES_ENCRYPT
-#define KRBDES_DECRYPT DES_DECRYPT
-
-#ifdef KERBEROS
-#  define ENCRYPT DES_ENCRYPT
-#  define DECRYPT DES_DECRYPT
-#endif
-
-#ifndef NCOMPAT
-#  define C_Block des_cblock
-#  define Key_schedule des_key_schedule
-#  define KEY_SZ DES_KEY_SZ
-#  define string_to_key des_string_to_key
-#  define read_pw_string des_read_pw_string
-#  define random_key des_random_key
-#  define pcbc_encrypt des_pcbc_encrypt
-#  define set_key des_set_key
-#  define key_sched des_key_sched
-#  define ecb_encrypt des_ecb_encrypt
-#  define cbc_encrypt des_cbc_encrypt
-#  define ncbc_encrypt des_ncbc_encrypt
-#  define xcbc_encrypt des_xcbc_encrypt
-#  define cbc_cksum des_cbc_cksum
-#  define quad_cksum des_quad_cksum
-#  define check_parity des_check_key_parity
-#endif
-
-#define des_fixup_key_parity DES_fixup_key_parity
-
-#ifdef  __cplusplus
-}
-#endif
-
-/* for DES_read_pw_string et al */
-#include <openssl/ui_compat.h>
-
-#endif
diff --git a/crypto/des/des_old2.c b/crypto/des/des_old2.c
deleted file mode 100644
index c8fa3ee135..0000000000
--- a/crypto/des/des_old2.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with OpenSSL 0.9.6c.  OpenSSL now
- * provides functions where "des_" has been replaced with "DES_" in
- * the names, to make it possible to make incompatible changes that
- * are needed for C type security and other stuff.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones.  The des_ functions will dissapear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#undef OPENSSL_DES_LIBDES_COMPATIBILITY
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-void _ossl_096_des_random_seed(DES_cblock *key)
-	{
-	RAND_seed(key, sizeof(DES_cblock));
-	}
diff --git a/crypto/des/des_opts.c b/crypto/des/des_opts.c
deleted file mode 100644
index 2df82962c5..0000000000
--- a/crypto/des/des_opts.c
+++ /dev/null
@@ -1,608 +0,0 @@
-/* crypto/des/des_opts.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
- * This is for machines with 64k code segment size restrictions. */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-#ifndef OPENSSL_SYS_MSDOS
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD
-#else
-#include <io.h>
-extern void exit();
-#endif
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
-   The __TMS macro will show if it was.  If it wasn't defined, we should
-   undefine TIMES, since that tells the rest of the program how things
-   should be handled.				-- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/des.h>
-#include "spr.h"
-
-#define DES_DEFAULT_OPTIONS
-
-#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)
-#define PART1
-#define PART2
-#define PART3
-#define PART4
-#endif
-
-#ifdef PART1
-
-#undef DES_UNROLL
-#undef DES_RISC1
-#undef DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#define DES_encrypt1 des_encrypt_u4_cisc_idx
-#define DES_encrypt2 des_encrypt2_u4_cisc_idx
-#define DES_encrypt3 des_encrypt3_u4_cisc_idx
-#define DES_decrypt3 des_decrypt3_u4_cisc_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#undef DES_RISC1
-#undef DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u16_cisc_idx
-#define DES_encrypt2 des_encrypt2_u16_cisc_idx
-#define DES_encrypt3 des_encrypt3_u16_cisc_idx
-#define DES_decrypt3 des_decrypt3_u16_cisc_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#undef DES_UNROLL
-#define DES_RISC1
-#undef DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u4_risc1_idx
-#define DES_encrypt2 des_encrypt2_u4_risc1_idx
-#define DES_encrypt3 des_encrypt3_u4_risc1_idx
-#define DES_decrypt3 des_decrypt3_u4_risc1_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#endif
-
-#ifdef PART2
-
-#undef DES_UNROLL
-#undef DES_RISC1
-#define DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u4_risc2_idx
-#define DES_encrypt2 des_encrypt2_u4_risc2_idx
-#define DES_encrypt3 des_encrypt3_u4_risc2_idx
-#define DES_decrypt3 des_decrypt3_u4_risc2_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#define DES_RISC1
-#undef DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u16_risc1_idx
-#define DES_encrypt2 des_encrypt2_u16_risc1_idx
-#define DES_encrypt3 des_encrypt3_u16_risc1_idx
-#define DES_decrypt3 des_decrypt3_u16_risc1_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#undef DES_RISC1
-#define DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u16_risc2_idx
-#define DES_encrypt2 des_encrypt2_u16_risc2_idx
-#define DES_encrypt3 des_encrypt3_u16_risc2_idx
-#define DES_decrypt3 des_decrypt3_u16_risc2_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#endif
-
-#ifdef PART3
-
-#undef DES_UNROLL
-#undef DES_RISC1
-#undef DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u4_cisc_ptr
-#define DES_encrypt2 des_encrypt2_u4_cisc_ptr
-#define DES_encrypt3 des_encrypt3_u4_cisc_ptr
-#define DES_decrypt3 des_decrypt3_u4_cisc_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#undef DES_RISC1
-#undef DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u16_cisc_ptr
-#define DES_encrypt2 des_encrypt2_u16_cisc_ptr
-#define DES_encrypt3 des_encrypt3_u16_cisc_ptr
-#define DES_decrypt3 des_decrypt3_u16_cisc_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#undef DES_UNROLL
-#define DES_RISC1
-#undef DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u4_risc1_ptr
-#define DES_encrypt2 des_encrypt2_u4_risc1_ptr
-#define DES_encrypt3 des_encrypt3_u4_risc1_ptr
-#define DES_decrypt3 des_decrypt3_u4_risc1_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#endif
-
-#ifdef PART4
-
-#undef DES_UNROLL
-#undef DES_RISC1
-#define DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u4_risc2_ptr
-#define DES_encrypt2 des_encrypt2_u4_risc2_ptr
-#define DES_encrypt3 des_encrypt3_u4_risc2_ptr
-#define DES_decrypt3 des_decrypt3_u4_risc2_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#define DES_RISC1
-#undef DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u16_risc1_ptr
-#define DES_encrypt2 des_encrypt2_u16_risc1_ptr
-#define DES_encrypt3 des_encrypt3_u16_risc1_ptr
-#define DES_decrypt3 des_decrypt3_u16_risc1_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#undef DES_RISC1
-#define DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u16_risc2_ptr
-#define DES_encrypt2 des_encrypt2_u16_risc2_ptr
-#define DES_encrypt3 des_encrypt3_u16_risc2_ptr
-#define DES_decrypt3 des_decrypt3_u16_risc2_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#endif
-
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-#   define HZ	100.0
-#  else /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
-#  endif
-# else /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#define BUFSIZE	((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
-	{
-	signal(SIGALRM,sig_done);
-	run=0;
-#ifdef LINT
-	sig=sig;
-#endif
-	}
-#endif
-
-#define START	0
-#define STOP	1
-
-double Time_F(int s)
-	{
-	double ret;
-#ifdef TIMES
-	static struct tms tstart,tend;
-
-	if (s == START)
-		{
-		times(&tstart);
-		return(0);
-		}
-	else
-		{
-		times(&tend);
-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
-		return((ret == 0.0)?1e-6:ret);
-		}
-#else /* !times() */
-	static struct timeb tstart,tend;
-	long i;
-
-	if (s == START)
-		{
-		ftime(&tstart);
-		return(0);
-		}
-	else
-		{
-		ftime(&tend);
-		i=(long)tend.millitm-(long)tstart.millitm;
-		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
-		return((ret == 0.0)?1e-6:ret);
-		}
-#endif
-	}
-
-#ifdef SIGALRM
-#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
-#else
-#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
-#endif
-	
-#define time_it(func,name,index) \
-	print_name(name); \
-	Time_F(START); \
-	for (count=0,run=1; COND(cb); count++) \
-		{ \
-		unsigned long d[2]; \
-		func(d,&sch,DES_ENCRYPT); \
-		} \
-	tm[index]=Time_F(STOP); \
-	fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
-	tm[index]=((double)COUNT(cb))/tm[index];
-
-#define print_it(name,index) \
-	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
-		tm[index]*8,1.0e6/tm[index]);
-
-int main(int argc, char **argv)
-	{
-	long count;
-	static unsigned char buf[BUFSIZE];
-	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
-	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	DES_key_schedule sch,sch2,sch3;
-	double d,tm[16],max=0;
-	int rank[16];
-	char *str[16];
-	int max_idx=0,i,num=0,j;
-#ifndef SIGALARM
-	long ca,cb,cc,cd,ce;
-#endif
-
-	for (i=0; i<12; i++)
-		{
-		tm[i]=0.0;
-		rank[i]=0;
-		}
-
-#ifndef TIMES
-	fprintf(stderr,"To get the most accurate results, try to run this\n");
-	fprintf(stderr,"program when this computer is idle.\n");
-#endif
-
-	DES_set_key_unchecked(&key,&sch);
-	DES_set_key_unchecked(&key2,&sch2);
-	DES_set_key_unchecked(&key3,&sch3);
-
-#ifndef SIGALRM
-	fprintf(stderr,"First we calculate the approximate speed ...\n");
-	DES_set_key_unchecked(&key,sch);
-	count=10;
-	do	{
-		long i;
-		unsigned long data[2];
-
-		count*=2;
-		Time_F(START);
-		for (i=count; i; i--)
-			DES_encrypt1(data,&(sch[0]),DES_ENCRYPT);
-		d=Time_F(STOP);
-		} while (d < 3.0);
-	ca=count;
-	cb=count*3;
-	cc=count*3*8/BUFSIZE+1;
-	cd=count*8/BUFSIZE+1;
-
-	ce=count/20+1;
-#define COND(d) (count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
-        signal(SIGALRM,sig_done);
-        alarm(10);
-#endif
-
-#ifdef PART1
-	time_it(des_encrypt_u4_cisc_idx,  "des_encrypt_u4_cisc_idx  ", 0);
-	time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);
-	time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);
-	num+=3;
-#endif
-#ifdef PART2
-	time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3);
-	time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);
-	time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5);
-	num+=3;
-#endif
-#ifdef PART3
-	time_it(des_encrypt_u4_cisc_ptr,  "des_encrypt_u4_cisc_ptr  ", 6);
-	time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);
-	time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);
-	num+=3;
-#endif
-#ifdef PART4
-	time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9);
-	time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10);
-	time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11);
-	num+=3;
-#endif
-
-#ifdef PART1
-	str[0]=" 4  c i";
-	print_it("des_encrypt_u4_cisc_idx  ",0);
-	max=tm[0];
-	max_idx=0;
-	str[1]="16  c i";
-	print_it("des_encrypt_u16_cisc_idx ",1);
-	if (max < tm[1]) { max=tm[1]; max_idx=1; }
-	str[2]=" 4 r1 i";
-	print_it("des_encrypt_u4_risc1_idx ",2);
-	if (max < tm[2]) { max=tm[2]; max_idx=2; }
-#endif
-#ifdef PART2
-	str[3]="16 r1 i";
-	print_it("des_encrypt_u16_risc1_idx",3);
-	if (max < tm[3]) { max=tm[3]; max_idx=3; }
-	str[4]=" 4 r2 i";
-	print_it("des_encrypt_u4_risc2_idx ",4);
-	if (max < tm[4]) { max=tm[4]; max_idx=4; }
-	str[5]="16 r2 i";
-	print_it("des_encrypt_u16_risc2_idx",5);
-	if (max < tm[5]) { max=tm[5]; max_idx=5; }
-#endif
-#ifdef PART3
-	str[6]=" 4  c p";
-	print_it("des_encrypt_u4_cisc_ptr  ",6);
-	if (max < tm[6]) { max=tm[6]; max_idx=6; }
-	str[7]="16  c p";
-	print_it("des_encrypt_u16_cisc_ptr ",7);
-	if (max < tm[7]) { max=tm[7]; max_idx=7; }
-	str[8]=" 4 r1 p";
-	print_it("des_encrypt_u4_risc1_ptr ",8);
-	if (max < tm[8]) { max=tm[8]; max_idx=8; }
-#endif
-#ifdef PART4
-	str[9]="16 r1 p";
-	print_it("des_encrypt_u16_risc1_ptr",9);
-	if (max < tm[9]) { max=tm[9]; max_idx=9; }
-	str[10]=" 4 r2 p";
-	print_it("des_encrypt_u4_risc2_ptr ",10);
-	if (max < tm[10]) { max=tm[10]; max_idx=10; }
-	str[11]="16 r2 p";
-	print_it("des_encrypt_u16_risc2_ptr",11);
-	if (max < tm[11]) { max=tm[11]; max_idx=11; }
-#endif
-	printf("options    des ecb/s\n");
-	printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
-	d=tm[max_idx];
-	tm[max_idx]= -2.0;
-	max= -1.0;
-	for (;;)
-		{
-		for (i=0; i<12; i++)
-			{
-			if (max < tm[i]) { max=tm[i]; j=i; }
-			}
-		if (max < 0.0) break;
-		printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
-		tm[j]= -2.0;
-		max= -1.0;
-		}
-
-	switch (max_idx)
-		{
-	case 0:
-		printf("-DDES_DEFAULT_OPTIONS\n");
-		break;
-	case 1:
-		printf("-DDES_UNROLL\n");
-		break;
-	case 2:
-		printf("-DDES_RISC1\n");
-		break;
-	case 3:
-		printf("-DDES_UNROLL -DDES_RISC1\n");
-		break;
-	case 4:
-		printf("-DDES_RISC2\n");
-		break;
-	case 5:
-		printf("-DDES_UNROLL -DDES_RISC2\n");
-		break;
-	case 6:
-		printf("-DDES_PTR\n");
-		break;
-	case 7:
-		printf("-DDES_UNROLL -DDES_PTR\n");
-		break;
-	case 8:
-		printf("-DDES_RISC1 -DDES_PTR\n");
-		break;
-	case 9:
-		printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");
-		break;
-	case 10:
-		printf("-DDES_RISC2 -DDES_PTR\n");
-		break;
-	case 11:
-		printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");
-		break;
-		}
-	exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
-	return(0);
-#endif
-	}
diff --git a/crypto/des/des_ver.h b/crypto/des/des_ver.h
deleted file mode 100644
index d1ada258a6..0000000000
--- a/crypto/des/des_ver.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/* crypto/des/des_ver.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-/* The following macros make sure the names are different from libdes names */
-#define DES_version OSSL_DES_version
-#define libdes_version OSSL_libdes_version
-
-OPENSSL_EXTERN const char OSSL_DES_version[];	/* SSLeay version string */
-OPENSSL_EXTERN const char OSSL_libdes_version[];	/* old libdes version string */
diff --git a/crypto/des/dess.cpp b/crypto/des/dess.cpp
deleted file mode 100644
index 5549bab90a..0000000000
--- a/crypto/des/dess.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
-  asm volatile(".byte 15, 49\n\t"
-	       : "=eax" (tsc)
-	       :
-	       : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
-  unsigned long a;
-  __asm _emit 0fh
-  __asm _emit 31h
-  __asm mov a, eax;
-  tsc=a;
-}
-#endif      
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/des.h>
-
-void main(int argc,char *argv[])
-	{
-	des_key_schedule key;
-	unsigned long s1,s2,e1,e2;
-	unsigned long data[2];
-	int i,j;
-
-	for (j=0; j<6; j++)
-		{
-		for (i=0; i<1000; i++) /**/
-			{
-			des_encrypt1(&data[0],key,1);
-			GetTSC(s1);
-			des_encrypt1(&data[0],key,1);
-			des_encrypt1(&data[0],key,1);
-			des_encrypt1(&data[0],key,1);
-			GetTSC(e1);
-			GetTSC(s2);
-			des_encrypt1(&data[0],key,1);
-			des_encrypt1(&data[0],key,1);
-			des_encrypt1(&data[0],key,1);
-			des_encrypt1(&data[0],key,1);
-			GetTSC(e2);
-			des_encrypt1(&data[0],key,1);
-			}
-
-		printf("des %d %d (%d)\n",
-			e1-s1,e2-s2,((e2-s2)-(e1-s1)));
-		}
-	}
-
diff --git a/crypto/des/destest.c b/crypto/des/destest.c
deleted file mode 100644
index 64b92a34fe..0000000000
--- a/crypto/des/destest.c
+++ /dev/null
@@ -1,952 +0,0 @@
-/* crypto/des/destest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <openssl/e_os2.h>
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WINDOWS)
-#ifndef OPENSSL_SYS_MSDOS
-#define OPENSSL_SYS_MSDOS
-#endif
-#endif
-
-#ifndef OPENSSL_SYS_MSDOS
-#if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC)
-#include OPENSSL_UNISTD
-#endif
-#else
-#include <io.h>
-#endif
-#include <string.h>
-
-#ifdef OPENSSL_NO_DES
-int main(int argc, char *argv[])
-{
-    printf("No DES support\n");
-    return(0);
-}
-#else
-#include <openssl/des.h>
-
-#define crypt(c,s) (DES_crypt((c),(s)))
-
-/* tisk tisk - the test keys don't all have odd parity :-( */
-/* test data */
-#define NUM_TESTS 34
-static unsigned char key_data[NUM_TESTS][8]={
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
-	{0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
-	{0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
-	{0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
-	{0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
-	{0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
-	{0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
-	{0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
-	{0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
-	{0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
-	{0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
-	{0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
-	{0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
-	{0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
-	{0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
-	{0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
-	{0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
-	{0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
-	{0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
-	{0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
-	{0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
-	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
-	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
-	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
-
-static unsigned char plain_data[NUM_TESTS][8]={
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
-	{0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
-	{0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
-	{0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
-	{0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
-	{0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
-	{0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
-	{0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
-	{0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
-	{0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
-	{0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
-	{0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
-	{0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
-	{0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
-	{0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
-	{0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
-	{0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
-	{0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
-	{0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
-	{0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
-	{0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
-
-static unsigned char cipher_data[NUM_TESTS][8]={
-	{0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
-	{0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
-	{0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
-	{0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
-	{0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
-	{0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
-	{0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
-	{0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
-	{0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
-	{0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
-	{0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
-	{0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
-	{0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
-	{0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
-	{0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
-	{0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
-	{0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
-	{0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
-	{0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
-	{0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
-	{0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
-	{0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
-	{0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
-	{0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
-	{0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
-	{0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
-	{0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
-	{0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
-	{0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
-	{0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
-	{0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
-	{0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
-	{0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
-	{0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
-
-static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
-	{0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
-	{0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
-	{0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
-	{0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
-	{0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
-	{0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
-	{0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
-	{0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
-	{0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
-	{0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
-	{0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
-	{0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
-	{0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
-	{0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
-	{0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
-	{0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
-	{0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
-	{0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
-	{0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
-	{0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
-	{0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
-	{0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
-	{0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
-	{0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
-	{0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
-	{0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
-	{0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
-	{0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
-	{0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
-	{0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
-	{0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
-	{0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
-	{0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
-
-static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static unsigned char cbc2_key[8]={0xf1,0xe0,0xd3,0xc2,0xb5,0xa4,0x97,0x86};
-static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
-static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
-/* Changed the following text constant to binary so it will work on ebcdic
- * machines :-) */
-/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
-static unsigned char cbc_data[40]={
-	0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
-	0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
-	0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
-	0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	};
-
-static unsigned char cbc_ok[32]={
-	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
-	0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
-	0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
-	0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
-
-#ifdef SCREW_THE_PARITY
-#error "SCREW_THE_PARITY is not ment to be defined."
-#error "Original vectors are preserved for reference only."
-static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
-static unsigned char xcbc_ok[32]={
-	0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
-	0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
-	0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
-	0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
-	};
-#else
-static unsigned char xcbc_ok[32]={
-	0x84,0x6B,0x29,0x14,0x85,0x1E,0x9A,0x29,
-	0x54,0x73,0x2F,0x8A,0xA0,0xA6,0x11,0xC1,
-	0x15,0xCD,0xC2,0xD7,0x95,0x1B,0x10,0x53,
-	0xA6,0x3C,0x5E,0x03,0xB2,0x1A,0xA3,0xC4,
-	};
-#endif
-
-static unsigned char cbc3_ok[32]={
-	0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
-	0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
-	0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
-	0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
-
-static unsigned char pcbc_ok[32]={
-	0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
-	0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
-	0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
-	0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
-
-static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
-static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
-static unsigned char plain[24]=
-	{
-	0x4e,0x6f,0x77,0x20,0x69,0x73,
-	0x20,0x74,0x68,0x65,0x20,0x74,
-	0x69,0x6d,0x65,0x20,0x66,0x6f,
-	0x72,0x20,0x61,0x6c,0x6c,0x20
-	};
-static unsigned char cfb_cipher8[24]= {
-	0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
-	0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
-static unsigned char cfb_cipher16[24]={
-	0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
-	0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
-static unsigned char cfb_cipher32[24]={
-	0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
-	0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
-static unsigned char cfb_cipher48[24]={
-	0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
-	0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
-static unsigned char cfb_cipher64[24]={
-	0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
-	0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
-
-static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
-static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
-static unsigned char ofb_cipher[24]=
-	{
-	0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
-	0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
-	0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
-	};
-
-#if 0
-static DES_LONG cbc_cksum_ret=0xB462FEF7L;
-#else
-static DES_LONG cbc_cksum_ret=0xF7FE62B4L;
-#endif
-static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
-
-static char *pt(unsigned char *p);
-static int cfb_test(int bits, unsigned char *cfb_cipher);
-static int cfb64_test(unsigned char *cfb_cipher);
-static int ede_cfb64_test(unsigned char *cfb_cipher);
-int main(int argc, char *argv[])
-	{
-	int j,err=0;
-	unsigned int i;
-	des_cblock in,out,outin,iv3,iv2;
-	des_key_schedule ks,ks2,ks3;
-	unsigned char cbc_in[40];
-	unsigned char cbc_out[40];
-	DES_LONG cs;
-	unsigned char cret[8];
-#ifdef _CRAY
-        struct {
-            int a:32;
-            int b:32;
-        } lqret[2];
-#else
-        DES_LONG lqret[4];
-#endif
-	int num;
-	char *str;
-
-#ifndef OPENSSL_NO_DESCBCM
-	printf("Doing cbcm\n");
-	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	memset(cbc_out,0,40);
-	memset(cbc_in,0,40);
-	i=strlen((char *)cbc_data)+1;
-	/* i=((i+7)/8)*8; */
-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	memset(iv2,'\0',sizeof iv2);
-
-	DES_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2,
-			      DES_ENCRYPT);
-	DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,
-			      &iv3,&iv2,DES_ENCRYPT);
-	/*	if (memcmp(cbc_out,cbc3_ok,
-		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
-		{
-		printf("des_ede3_cbc_encrypt encrypt error\n");
-		err=1;
-		}
-	*/
-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	memset(iv2,'\0',sizeof iv2);
-	DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
-		{
-		unsigned int n;
-
-		printf("des_ede3_cbcm_encrypt decrypt error\n");
-		for(n=0 ; n < i ; ++n)
-		    printf(" %02x",cbc_data[n]);
-		printf("\n");
-		for(n=0 ; n < i ; ++n)
-		    printf(" %02x",cbc_in[n]);
-		printf("\n");
-		err=1;
-		}
-#endif
-
-	printf("Doing ecb\n");
-	for (i=0; i<NUM_TESTS; i++)
-		{
-		DES_set_key_unchecked(&key_data[i],&ks);
-		memcpy(in,plain_data[i],8);
-		memset(out,0,8);
-		memset(outin,0,8);
-		des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);
-		des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);
-
-		if (memcmp(out,cipher_data[i],8) != 0)
-			{
-			printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
-				i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
-				pt(out));
-			err=1;
-			}
-		if (memcmp(in,outin,8) != 0)
-			{
-			printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
-				i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
-			err=1;
-			}
-		}
-
-#ifndef LIBDES_LIT
-	printf("Doing ede ecb\n");
-	for (i=0; i<(NUM_TESTS-2); i++)
-		{
-		DES_set_key_unchecked(&key_data[i],&ks);
-		DES_set_key_unchecked(&key_data[i+1],&ks2);
-		DES_set_key_unchecked(&key_data[i+2],&ks3);
-		memcpy(in,plain_data[i],8);
-		memset(out,0,8);
-		memset(outin,0,8);
-		des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
-		des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);
-
-		if (memcmp(out,cipher_ecb2[i],8) != 0)
-			{
-			printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
-				i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
-				pt(out));
-			err=1;
-			}
-		if (memcmp(in,outin,8) != 0)
-			{
-			printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
-				i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
-			err=1;
-			}
-		}
-#endif
-
-	printf("Doing cbc\n");
-	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	memset(cbc_out,0,40);
-	memset(cbc_in,0,40);
-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
-			 &iv3,DES_ENCRYPT);
-	if (memcmp(cbc_out,cbc_ok,32) != 0)
-		{
-		printf("cbc_encrypt encrypt error\n");
-		err=1;
-		}
-
-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
-			 &iv3,DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
-		{
-		printf("cbc_encrypt decrypt error\n");
-		err=1;
-		}
-
-#ifndef LIBDES_LIT
-	printf("Doing desx cbc\n");
-	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	memset(cbc_out,0,40);
-	memset(cbc_in,0,40);
-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
-			 &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
-	if (memcmp(cbc_out,xcbc_ok,32) != 0)
-		{
-		printf("des_xcbc_encrypt encrypt error\n");
-		err=1;
-		}
-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
-			 &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
-		{
-		printf("des_xcbc_encrypt decrypt error\n");
-		err=1;
-		}
-#endif
-
-	printf("Doing ede cbc\n");
-	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	memset(cbc_out,0,40);
-	memset(cbc_in,0,40);
-	i=strlen((char *)cbc_data)+1;
-	/* i=((i+7)/8)*8; */
-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-
-	des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,
-			     DES_ENCRYPT);
-	des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,
-			     &iv3,DES_ENCRYPT);
-	if (memcmp(cbc_out,cbc3_ok,
-		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
-		{
-		unsigned int n;
-
-		printf("des_ede3_cbc_encrypt encrypt error\n");
-		for(n=0 ; n < i ; ++n)
-		    printf(" %02x",cbc_out[n]);
-		printf("\n");
-		for(n=0 ; n < i ; ++n)
-		    printf(" %02x",cbc3_ok[n]);
-		printf("\n");
-		err=1;
-		}
-
-	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
-		{
-		unsigned int n;
-
-		printf("des_ede3_cbc_encrypt decrypt error\n");
-		for(n=0 ; n < i ; ++n)
-		    printf(" %02x",cbc_data[n]);
-		printf("\n");
-		for(n=0 ; n < i ; ++n)
-		    printf(" %02x",cbc_in[n]);
-		printf("\n");
-		err=1;
-		}
-
-#ifndef LIBDES_LIT
-	printf("Doing pcbc\n");
-	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
-		{
-		printf("Key error %d\n",j);
-		err=1;
-		}
-	memset(cbc_out,0,40);
-	memset(cbc_in,0,40);
-	des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
-			 &cbc_iv,DES_ENCRYPT);
-	if (memcmp(cbc_out,pcbc_ok,32) != 0)
-		{
-		printf("pcbc_encrypt encrypt error\n");
-		err=1;
-		}
-	des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv,
-			 DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
-		{
-		printf("pcbc_encrypt decrypt error\n");
-		err=1;
-		}
-
-	printf("Doing ");
-	printf("cfb8 ");
-	err+=cfb_test(8,cfb_cipher8);
-	printf("cfb16 ");
-	err+=cfb_test(16,cfb_cipher16);
-	printf("cfb32 ");
-	err+=cfb_test(32,cfb_cipher32);
-	printf("cfb48 ");
-	err+=cfb_test(48,cfb_cipher48);
-	printf("cfb64 ");
-	err+=cfb_test(64,cfb_cipher64);
-
-	printf("cfb64() ");
-	err+=cfb64_test(cfb_cipher64);
-
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	for (i=0; i<sizeof(plain); i++)
-		des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
-			8,1,ks,&cfb_tmp,DES_ENCRYPT);
-	if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
-		{
-		printf("cfb_encrypt small encrypt error\n");
-		err=1;
-		}
-
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	for (i=0; i<sizeof(plain); i++)
-		des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
-			8,1,ks,&cfb_tmp,DES_DECRYPT);
-	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
-		{
-		printf("cfb_encrypt small decrypt error\n");
-		err=1;
-		}
-
-	printf("ede_cfb64() ");
-	err+=ede_cfb64_test(cfb_cipher64);
-
-	printf("done\n");
-
-	printf("Doing ofb\n");
-	DES_set_key_checked(&ofb_key,&ks);
-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);
-	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
-		{
-		printf("ofb_encrypt encrypt error\n");
-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
-ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
-ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
-ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
-ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
-		err=1;
-		}
-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp);
-	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
-		{
-		printf("ofb_encrypt decrypt error\n");
-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
-ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
-ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
-plain[8+0], plain[8+1], plain[8+2], plain[8+3],
-plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
-		err=1;
-		}
-
-	printf("Doing ofb64\n");
-	DES_set_key_checked(&ofb_key,&ks);
-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	memset(ofb_buf1,0,sizeof(ofb_buf1));
-	memset(ofb_buf2,0,sizeof(ofb_buf1));
-	num=0;
-	for (i=0; i<sizeof(plain); i++)
-		{
-		des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp,
-				  &num);
-		}
-	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
-		{
-		printf("ofb64_encrypt encrypt error\n");
-		err=1;
-		}
-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	num=0;
-	des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,
-			  &num);
-	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
-		{
-		printf("ofb64_encrypt decrypt error\n");
-		err=1;
-		}
-
-	printf("Doing ede_ofb64\n");
-	DES_set_key_checked(&ofb_key,&ks);
-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	memset(ofb_buf1,0,sizeof(ofb_buf1));
-	memset(ofb_buf2,0,sizeof(ofb_buf1));
-	num=0;
-	for (i=0; i<sizeof(plain); i++)
-		{
-		des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,
-				       ks,&ofb_tmp,&num);
-		}
-	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
-		{
-		printf("ede_ofb64_encrypt encrypt error\n");
-		err=1;
-		}
-	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	num=0;
-	des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,ks,ks,
-			       &ofb_tmp,&num);
-	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
-		{
-		printf("ede_ofb64_encrypt decrypt error\n");
-		err=1;
-		}
-
-	printf("Doing cbc_cksum\n");
-	DES_set_key_checked(&cbc_key,&ks);
-	cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);
-	if (cs != cbc_cksum_ret)
-		{
-		printf("bad return value (%08lX), should be %08lX\n",
-			(unsigned long)cs,(unsigned long)cbc_cksum_ret);
-		err=1;
-		}
-	if (memcmp(cret,cbc_cksum_data,8) != 0)
-		{
-		printf("bad cbc_cksum block returned\n");
-		err=1;
-		}
-
-	printf("Doing quad_cksum\n");
-	cs=des_quad_cksum(cbc_data,(des_cblock *)lqret,
-		(long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv);
-	if (cs != 0x70d7a63aL)
-		{
-		printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
-			(unsigned long)cs);
-		err=1;
-		}
-#ifdef _CRAY
-	if (lqret[0].a != 0x327eba8dL)
-		{
-		printf("quad_cksum error, out[0] %08lx is not %08lx\n",
-			(unsigned long)lqret[0].a,0x327eba8dUL);
-		err=1;
-		}
-	if (lqret[0].b != 0x201a49ccL)
-		{
-		printf("quad_cksum error, out[1] %08lx is not %08lx\n",
-			(unsigned long)lqret[0].b,0x201a49ccUL);
-		err=1;
-		}
-	if (lqret[1].a != 0x70d7a63aL)
-		{
-		printf("quad_cksum error, out[2] %08lx is not %08lx\n",
-			(unsigned long)lqret[1].a,0x70d7a63aUL);
-		err=1;
-		}
-	if (lqret[1].b != 0x501c2c26L)
-		{
-		printf("quad_cksum error, out[3] %08lx is not %08lx\n",
-			(unsigned long)lqret[1].b,0x501c2c26UL);
-		err=1;
-		}
-#else
-	if (lqret[0] != 0x327eba8dL)
-		{
-		printf("quad_cksum error, out[0] %08lx is not %08lx\n",
-			(unsigned long)lqret[0],0x327eba8dUL);
-		err=1;
-		}
-	if (lqret[1] != 0x201a49ccL)
-		{
-		printf("quad_cksum error, out[1] %08lx is not %08lx\n",
-			(unsigned long)lqret[1],0x201a49ccUL);
-		err=1;
-		}
-	if (lqret[2] != 0x70d7a63aL)
-		{
-		printf("quad_cksum error, out[2] %08lx is not %08lx\n",
-			(unsigned long)lqret[2],0x70d7a63aUL);
-		err=1;
-		}
-	if (lqret[3] != 0x501c2c26L)
-		{
-		printf("quad_cksum error, out[3] %08lx is not %08lx\n",
-			(unsigned long)lqret[3],0x501c2c26UL);
-		err=1;
-		}
-#endif
-#endif
-
-	printf("input word alignment test");
-	for (i=0; i<4; i++)
-		{
-		printf(" %d",i);
-		des_ncbc_encrypt(&(cbc_out[i]),cbc_in,
-				 strlen((char *)cbc_data)+1,ks,
-				 &cbc_iv,DES_ENCRYPT);
-		}
-	printf("\noutput word alignment test");
-	for (i=0; i<4; i++)
-		{
-		printf(" %d",i);
-		des_ncbc_encrypt(cbc_out,&(cbc_in[i]),
-				 strlen((char *)cbc_data)+1,ks,
-				 &cbc_iv,DES_ENCRYPT);
-		}
-	printf("\n");
-	printf("fast crypt test ");
-	str=crypt("testing","ef");
-	if (strcmp("efGnQx2725bI2",str) != 0)
-		{
-		printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
-		err=1;
-		}
-	str=crypt("bca76;23","yA");
-	if (strcmp("yA1Rp/1hZXIJk",str) != 0)
-		{
-		printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
-		err=1;
-		}
-#ifdef OPENSSL_SYS_NETWARE
-    if (err) printf("ERROR: %d\n", err);
-#endif
-	printf("\n");
-	return(err);
-	}
-
-static char *pt(unsigned char *p)
-	{
-	static char bufs[10][20];
-	static int bnum=0;
-	char *ret;
-	int i;
-	static char *f="0123456789ABCDEF";
-
-	ret= &(bufs[bnum++][0]);
-	bnum%=10;
-	for (i=0; i<8; i++)
-		{
-		ret[i*2]=f[(p[i]>>4)&0xf];
-		ret[i*2+1]=f[p[i]&0xf];
-		}
-	ret[16]='\0';
-	return(ret);
-	}
-
-#ifndef LIBDES_LIT
-
-static int cfb_test(int bits, unsigned char *cfb_cipher)
-	{
-	des_key_schedule ks;
-	int i,err=0;
-
-	DES_set_key_checked(&cfb_key,&ks);
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,
-			DES_ENCRYPT);
-	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
-		{
-		err=1;
-		printf("cfb_encrypt encrypt error\n");
-		for (i=0; i<24; i+=8)
-			printf("%s\n",pt(&(cfb_buf1[i])));
-		}
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp,
-			DES_DECRYPT);
-	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
-		{
-		err=1;
-		printf("cfb_encrypt decrypt error\n");
-		for (i=0; i<24; i+=8)
-			printf("%s\n",pt(&(cfb_buf1[i])));
-		}
-	return(err);
-	}
-
-static int cfb64_test(unsigned char *cfb_cipher)
-	{
-	des_key_schedule ks;
-	int err=0,i,n;
-
-	DES_set_key_checked(&cfb_key,&ks);
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	n=0;
-	des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);
-	des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks,
-			  &cfb_tmp,&n,DES_ENCRYPT);
-	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
-		{
-		err=1;
-		printf("cfb_encrypt encrypt error\n");
-		for (i=0; i<24; i+=8)
-			printf("%s\n",pt(&(cfb_buf1[i])));
-		}
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	n=0;
-	des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT);
-	des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
-			  sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT);
-	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
-		{
-		err=1;
-		printf("cfb_encrypt decrypt error\n");
-		for (i=0; i<24; i+=8)
-			printf("%s\n",pt(&(cfb_buf2[i])));
-		}
-	return(err);
-	}
-
-static int ede_cfb64_test(unsigned char *cfb_cipher)
-	{
-	des_key_schedule ks;
-	int err=0,i,n;
-
-	DES_set_key_checked(&cfb_key,&ks);
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	n=0;
-	des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,
-			       DES_ENCRYPT);
-	des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
-			       sizeof(plain)-12,ks,ks,ks,
-			       &cfb_tmp,&n,DES_ENCRYPT);
-	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
-		{
-		err=1;
-		printf("ede_cfb_encrypt encrypt error\n");
-		for (i=0; i<24; i+=8)
-			printf("%s\n",pt(&(cfb_buf1[i])));
-		}
-	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	n=0;
-	des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
-			       &cfb_tmp,&n,DES_DECRYPT);
-	des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
-			       sizeof(plain)-17,ks,ks,ks,
-			       &cfb_tmp,&n,DES_DECRYPT);
-	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
-		{
-		err=1;
-		printf("ede_cfb_encrypt decrypt error\n");
-		for (i=0; i<24; i+=8)
-			printf("%s\n",pt(&(cfb_buf2[i])));
-		}
-	return(err);
-	}
-
-#endif
-#endif
diff --git a/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c
deleted file mode 100644
index c3437bc606..0000000000
--- a/crypto/des/ecb3_enc.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/* crypto/des/ecb3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
-		      DES_key_schedule *ks1, DES_key_schedule *ks2,
-		      DES_key_schedule *ks3,
-	     int enc)
-	{
-	register DES_LONG l0,l1;
-	DES_LONG ll[2];
-	const unsigned char *in = &(*input)[0];
-	unsigned char *out = &(*output)[0];
-
-	c2l(in,l0);
-	c2l(in,l1);
-	ll[0]=l0;
-	ll[1]=l1;
-	if (enc)
-		DES_encrypt3(ll,ks1,ks2,ks3);
-	else
-		DES_decrypt3(ll,ks1,ks2,ks3);
-	l0=ll[0];
-	l1=ll[1];
-	l2c(l0,out);
-	l2c(l1,out);
-	}
diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c
deleted file mode 100644
index 0684e769b3..0000000000
--- a/crypto/des/ecb_enc.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/des/ecb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include "des_ver.h"
-#include <openssl/opensslv.h>
-#include <openssl/bio.h>
-
-OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT;
-OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT;
-
-const char *DES_options(void)
-	{
-	static int init=1;
-	static char buf[32];
-
-	if (init)
-		{
-		const char *ptr,*unroll,*risc,*size;
-
-#ifdef DES_PTR
-		ptr="ptr";
-#else
-		ptr="idx";
-#endif
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-		risc="risc1";
-#endif
-#ifdef DES_RISC2
-		risc="risc2";
-#endif
-#else
-		risc="cisc";
-#endif
-#ifdef DES_UNROLL
-		unroll="16";
-#else
-		unroll="2";
-#endif
-		if (sizeof(DES_LONG) != sizeof(long))
-			size="int";
-		else
-			size="long";
-		BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
-			     size);
-		init=0;
-		}
-	return(buf);
-	}
-		
-
-void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
-		     DES_key_schedule *ks, int enc)
-	{
-	register DES_LONG l;
-	DES_LONG ll[2];
-	const unsigned char *in = &(*input)[0];
-	unsigned char *out = &(*output)[0];
-
-	c2l(in,l); ll[0]=l;
-	c2l(in,l); ll[1]=l;
-	DES_encrypt1(ll,ks,enc);
-	l=ll[0]; l2c(l,out);
-	l=ll[1]; l2c(l,out);
-	l=ll[0]=ll[1]=0;
-	}
diff --git a/crypto/des/ede_cbcm_enc.c b/crypto/des/ede_cbcm_enc.c
deleted file mode 100644
index adfcb75cf3..0000000000
--- a/crypto/des/ede_cbcm_enc.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/* ede_cbcm_enc.c */
-/* Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL
- * project 13 Feb 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
-
-This is an implementation of Triple DES Cipher Block Chaining with Output
-Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
-
-Note that there is a known attack on this by Biham and Knudsen but it takes
-a lot of work:
-
-http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
-
-*/
-
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_DESCBCM is defined */
-
-#ifndef OPENSSL_NO_DESCBCM
-#include "des_locl.h"
-
-void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
-	     long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
-	     DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
-	     int enc)
-    {
-    register DES_LONG tin0,tin1;
-    register DES_LONG tout0,tout1,xor0,xor1,m0,m1;
-    register long l=length;
-    DES_LONG tin[2];
-    unsigned char *iv1,*iv2;
-
-    iv1 = &(*ivec1)[0];
-    iv2 = &(*ivec2)[0];
-
-    if (enc)
-	{
-	c2l(iv1,m0);
-	c2l(iv1,m1);
-	c2l(iv2,tout0);
-	c2l(iv2,tout1);
-	for (l-=8; l>=-7; l-=8)
-	    {
-	    tin[0]=m0;
-	    tin[1]=m1;
-	    DES_encrypt1(tin,ks3,1);
-	    m0=tin[0];
-	    m1=tin[1];
-
-	    if(l < 0)
-		{
-		c2ln(in,tin0,tin1,l+8);
-		}
-	    else
-		{
-		c2l(in,tin0);
-		c2l(in,tin1);
-		}
-	    tin0^=tout0;
-	    tin1^=tout1;
-
-	    tin[0]=tin0;
-	    tin[1]=tin1;
-	    DES_encrypt1(tin,ks1,1);
-	    tin[0]^=m0;
-	    tin[1]^=m1;
-	    DES_encrypt1(tin,ks2,0);
-	    tin[0]^=m0;
-	    tin[1]^=m1;
-	    DES_encrypt1(tin,ks1,1);
-	    tout0=tin[0];
-	    tout1=tin[1];
-
-	    l2c(tout0,out);
-	    l2c(tout1,out);
-	    }
-	iv1=&(*ivec1)[0];
-	l2c(m0,iv1);
-	l2c(m1,iv1);
-
-	iv2=&(*ivec2)[0];
-	l2c(tout0,iv2);
-	l2c(tout1,iv2);
-	}
-    else
-	{
-	register DES_LONG t0,t1;
-
-	c2l(iv1,m0);
-	c2l(iv1,m1);
-	c2l(iv2,xor0);
-	c2l(iv2,xor1);
-	for (l-=8; l>=-7; l-=8)
-	    {
-	    tin[0]=m0;
-	    tin[1]=m1;
-	    DES_encrypt1(tin,ks3,1);
-	    m0=tin[0];
-	    m1=tin[1];
-
-	    c2l(in,tin0);
-	    c2l(in,tin1);
-
-	    t0=tin0;
-	    t1=tin1;
-
-	    tin[0]=tin0;
-	    tin[1]=tin1;
-	    DES_encrypt1(tin,ks1,0);
-	    tin[0]^=m0;
-	    tin[1]^=m1;
-	    DES_encrypt1(tin,ks2,1);
-	    tin[0]^=m0;
-	    tin[1]^=m1;
-	    DES_encrypt1(tin,ks1,0);
-	    tout0=tin[0];
-	    tout1=tin[1];
-
-	    tout0^=xor0;
-	    tout1^=xor1;
-	    if(l < 0)
-		{
-		l2cn(tout0,tout1,out,l+8);
-		}
-	    else
-		{
-		l2c(tout0,out);
-		l2c(tout1,out);
-		}
-	    xor0=t0;
-	    xor1=t1;
-	    }
-
-	iv1=&(*ivec1)[0];
-	l2c(m0,iv1);
-	l2c(m1,iv1);
-
-	iv2=&(*ivec2)[0];
-	l2c(xor0,iv2);
-	l2c(xor1,iv2);
-	}
-    tin0=tin1=tout0=tout1=xor0=xor1=0;
-    tin[0]=tin[1]=0;
-    }
-#endif
diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c
deleted file mode 100644
index edb6620d08..0000000000
--- a/crypto/des/enc_read.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/* crypto/des/enc_read.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include "des_locl.h"
-
-/* This has some uglies in it but it works - even over sockets. */
-/*extern int errno;*/
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode,DES_PCBC_MODE)
-
-
-/*
- * WARNINGS:
- *
- *  -  The data format used by DES_enc_write() and DES_enc_read()
- *     has a cryptographic weakness: When asked to write more
- *     than MAXWRITE bytes, DES_enc_write will split the data
- *     into several chunks that are all encrypted
- *     using the same IV.  So don't use these functions unless you
- *     are sure you know what you do (in which case you might
- *     not want to use them anyway).
- *
- *  -  This code cannot handle non-blocking sockets.
- *
- *  -  This function uses an internal state and thus cannot be
- *     used on multiple files.
- */
-
-
-int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
-		 DES_cblock *iv)
-	{
-#if defined(OPENSSL_NO_POSIX_IO)
-	return(0);
-#else
-	/* data to be unencrypted */
-	int net_num=0;
-	static unsigned char *net=NULL;
-	/* extra unencrypted data 
-	 * for when a block of 100 comes in but is des_read one byte at
-	 * a time. */
-	static unsigned char *unnet=NULL;
-	static int unnet_start=0;
-	static int unnet_left=0;
-	static unsigned char *tmpbuf=NULL;
-	int i;
-	long num=0,rnum;
-	unsigned char *p;
-
-	if (tmpbuf == NULL)
-		{
-		tmpbuf=OPENSSL_malloc(BSIZE);
-		if (tmpbuf == NULL) return(-1);
-		}
-	if (net == NULL)
-		{
-		net=OPENSSL_malloc(BSIZE);
-		if (net == NULL) return(-1);
-		}
-	if (unnet == NULL)
-		{
-		unnet=OPENSSL_malloc(BSIZE);
-		if (unnet == NULL) return(-1);
-		}
-	/* left over data from last decrypt */
-	if (unnet_left != 0)
-		{
-		if (unnet_left < len)
-			{
-			/* we still still need more data but will return
-			 * with the number of bytes we have - should always
-			 * check the return value */
-			memcpy(buf,&(unnet[unnet_start]),
-			       unnet_left);
-			/* eay 26/08/92 I had the next 2 lines
-			 * reversed :-( */
-			i=unnet_left;
-			unnet_start=unnet_left=0;
-			}
-		else
-			{
-			memcpy(buf,&(unnet[unnet_start]),len);
-			unnet_start+=len;
-			unnet_left-=len;
-			i=len;
-			}
-		return(i);
-		}
-
-	/* We need to get more data. */
-	if (len > MAXWRITE) len=MAXWRITE;
-
-	/* first - get the length */
-	while (net_num < HDRSIZE) 
-		{
-#ifndef OPENSSL_SYS_WIN32
-		i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
-#else
-		i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
-#endif
-#ifdef EINTR
-		if ((i == -1) && (errno == EINTR)) continue;
-#endif
-		if (i <= 0) return(0);
-		net_num+=i;
-		}
-
-	/* we now have at net_num bytes in net */
-	p=net;
-	/* num=0;  */
-	n2l(p,num);
-	/* num should be rounded up to the next group of eight
-	 * we make sure that we have read a multiple of 8 bytes from the net.
-	 */
-	if ((num > MAXWRITE) || (num < 0)) /* error */
-		return(-1);
-	rnum=(num < 8)?8:((num+7)/8*8);
-
-	net_num=0;
-	while (net_num < rnum)
-		{
-#ifndef OPENSSL_SYS_WIN32
-		i=read(fd,(void *)&(net[net_num]),rnum-net_num);
-#else
-		i=_read(fd,(void *)&(net[net_num]),rnum-net_num);
-#endif
-#ifdef EINTR
-		if ((i == -1) && (errno == EINTR)) continue;
-#endif
-		if (i <= 0) return(0);
-		net_num+=i;
-		}
-
-	/* Check if there will be data left over. */
-	if (len < num)
-		{
-		if (DES_rw_mode & DES_PCBC_MODE)
-			DES_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
-		else
-			DES_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
-		memcpy(buf,unnet,len);
-		unnet_start=len;
-		unnet_left=num-len;
-
-		/* The following line is done because we return num
-		 * as the number of bytes read. */
-		num=len;
-		}
-	else
-		{
-		/* >output is a multiple of 8 byes, if len < rnum
-		 * >we must be careful.  The user must be aware that this
-		 * >routine will write more bytes than he asked for.
-		 * >The length of the buffer must be correct.
-		 * FIXED - Should be ok now 18-9-90 - eay */
-		if (len < rnum)
-			{
-
-			if (DES_rw_mode & DES_PCBC_MODE)
-				DES_pcbc_encrypt(net,tmpbuf,num,sched,iv,
-						 DES_DECRYPT);
-			else
-				DES_cbc_encrypt(net,tmpbuf,num,sched,iv,
-						DES_DECRYPT);
-
-			/* eay 26/08/92 fix a bug that returned more
-			 * bytes than you asked for (returned len bytes :-( */
-			memcpy(buf,tmpbuf,num);
-			}
-		else
-			{
-			if (DES_rw_mode & DES_PCBC_MODE)
-				DES_pcbc_encrypt(net,buf,num,sched,iv,
-						 DES_DECRYPT);
-			else
-				DES_cbc_encrypt(net,buf,num,sched,iv,
-						DES_DECRYPT);
-			}
-		}
-	return num;
-#endif /* OPENSSL_NO_POSIX_IO */
-	}
-
diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
deleted file mode 100644
index 2353ac1e89..0000000000
--- a/crypto/des/enc_writ.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* crypto/des/enc_writ.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <errno.h>
-#include <time.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "des_locl.h"
-#include <openssl/rand.h>
-
-/*
- * WARNINGS:
- *
- *  -  The data format used by DES_enc_write() and DES_enc_read()
- *     has a cryptographic weakness: When asked to write more
- *     than MAXWRITE bytes, DES_enc_write will split the data
- *     into several chunks that are all encrypted
- *     using the same IV.  So don't use these functions unless you
- *     are sure you know what you do (in which case you might
- *     not want to use them anyway).
- *
- *  -  This code cannot handle non-blocking sockets.
- */
-
-int DES_enc_write(int fd, const void *_buf, int len,
-		  DES_key_schedule *sched, DES_cblock *iv)
-	{
-#if defined(OPENSSL_NO_POSIX_IO)
-	return (-1);
-#else
-#ifdef _LIBC
-	extern unsigned long time();
-	extern int write();
-#endif
-	const unsigned char *buf=_buf;
-	long rnum;
-	int i,j,k,outnum;
-	static unsigned char *outbuf=NULL;
-	unsigned char shortbuf[8];
-	unsigned char *p;
-	const unsigned char *cp;
-	static int start=1;
-
-	if (outbuf == NULL)
-		{
-		outbuf=OPENSSL_malloc(BSIZE+HDRSIZE);
-		if (outbuf == NULL) return(-1);
-		}
-	/* If we are sending less than 8 bytes, the same char will look
-	 * the same if we don't pad it out with random bytes */
-	if (start)
-		{
-		start=0;
-		}
-
-	/* lets recurse if we want to send the data in small chunks */
-	if (len > MAXWRITE)
-		{
-		j=0;
-		for (i=0; i<len; i+=k)
-			{
-			k=DES_enc_write(fd,&(buf[i]),
-				((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
-			if (k < 0)
-				return(k);
-			else
-				j+=k;
-			}
-		return(j);
-		}
-
-	/* write length first */
-	p=outbuf;
-	l2n(len,p);
-
-	/* pad short strings */
-	if (len < 8)
-		{
-		cp=shortbuf;
-		memcpy(shortbuf,buf,len);
-		RAND_pseudo_bytes(shortbuf+len, 8-len);
-		rnum=8;
-		}
-	else
-		{
-		cp=buf;
-		rnum=((len+7)/8*8); /* round up to nearest eight */
-		}
-
-	if (DES_rw_mode & DES_PCBC_MODE)
-		DES_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
-				 DES_ENCRYPT); 
-	else
-		DES_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
-				DES_ENCRYPT); 
-
-	/* output */
-	outnum=rnum+HDRSIZE;
-
-	for (j=0; j<outnum; j+=i)
-		{
-		/* eay 26/08/92 I was not doing writing from where we
-		 * got up to. */
-#ifndef _WIN32
-		i=write(fd,(void *)&(outbuf[j]),outnum-j);
-#else
-		i=_write(fd,(void *)&(outbuf[j]),outnum-j);
-#endif
-		if (i == -1)
-			{
-#ifdef EINTR
-			if (errno == EINTR)
-				i=0;
-			else
-#endif
-			        /* This is really a bad error - very bad
-				 * It will stuff-up both ends. */
-				return(-1);
-			}
-		}
-
-	return(len);
-#endif /* OPENSSL_NO_POSIX_IO */
-	}
diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c
deleted file mode 100644
index ccbdff250f..0000000000
--- a/crypto/des/fcrypt.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/* NOCW */
-#include <stdio.h>
-#ifdef _OSD_POSIX
-#ifndef CHARSET_EBCDIC
-#define CHARSET_EBCDIC 1
-#endif
-#endif
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-/* This version of crypt has been developed from my MIT compatible
- * DES library.
- * Eric Young (eay@cryptsoft.com)
- */
-
-/* Modification by Jens Kupferschmidt (Cu)
- * I have included directive PARA for shared memory computers.
- * I have included a directive LONGCRYPT to using this routine to cipher
- * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
- * definition is the maximum of length of password and can changed. I have
- * defined 24.
- */
-
-#include "des_locl.h"
-
-/* Added more values to handle illegal salt values the way normal
- * crypt() implementations do.  The patch was sent by 
- * Bjorn Gronvall <bg@sics.se>
- */
-static unsigned const char con_salt[128]={
-0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9,
-0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1,
-0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9,
-0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1,
-0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9,
-0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01,
-0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
-0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
-0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
-0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
-0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
-0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
-0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
-0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
-0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
-0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44,
-};
-
-static unsigned const char cov_2char[64]={
-0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
-0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
-0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
-0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
-0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
-0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
-0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
-0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
-};
-
-char *DES_crypt(const char *buf, const char *salt)
-	{
-	static char buff[14];
-
-#ifndef CHARSET_EBCDIC
-	return(DES_fcrypt(buf,salt,buff));
-#else
-	char e_salt[2+1];
-	char e_buf[32+1];	/* replace 32 by 8 ? */
-	char *ret;
-
-	/* Copy at most 2 chars of salt */
-	if ((e_salt[0] = salt[0]) != '\0')
-	    e_salt[1] = salt[1];
-
-	/* Copy at most 32 chars of password */
-	strncpy (e_buf, buf, sizeof(e_buf));
-
-	/* Make sure we have a delimiter */
-	e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0';
-
-	/* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
-	ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
-
-	/* Convert the cleartext password to ASCII */
-	ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
-
-	/* Encrypt it (from/to ASCII) */
-	ret = DES_fcrypt(e_buf,e_salt,buff);
-
-	/* Convert the result back to EBCDIC */
-	ascii2ebcdic(ret, ret, strlen(ret));
-	
-	return ret;
-#endif
-	}
-
-
-char *DES_fcrypt(const char *buf, const char *salt, char *ret)
-	{
-	unsigned int i,j,x,y;
-	DES_LONG Eswap0,Eswap1;
-	DES_LONG out[2],ll;
-	DES_cblock key;
-	DES_key_schedule ks;
-	unsigned char bb[9];
-	unsigned char *b=bb;
-	unsigned char c,u;
-
-	/* eay 25/08/92
-	 * If you call crypt("pwd","*") as often happens when you
-	 * have * as the pwd field in /etc/passwd, the function
-	 * returns *\0XXXXXXXXX
-	 * The \0 makes the string look like * so the pwd "*" would
-	 * crypt to "*".  This was found when replacing the crypt in
-	 * our shared libraries.  People found that the disabled
-	 * accounts effectively had no passwd :-(. */
-#ifndef CHARSET_EBCDIC
-	x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
-	Eswap0=con_salt[x]<<2;
-	x=ret[1]=((salt[1] == '\0')?'A':salt[1]);
-	Eswap1=con_salt[x]<<6;
-#else
-	x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]);
-	Eswap0=con_salt[x]<<2;
-	x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]);
-	Eswap1=con_salt[x]<<6;
-#endif
-
-/* EAY
-r=strlen(buf);
-r=(r+7)/8;
-*/
-	for (i=0; i<8; i++)
-		{
-		c= *(buf++);
-		if (!c) break;
-		key[i]=(c<<1);
-		}
-	for (; i<8; i++)
-		key[i]=0;
-
-	DES_set_key_unchecked(&key,&ks);
-	fcrypt_body(&(out[0]),&ks,Eswap0,Eswap1);
-
-	ll=out[0]; l2c(ll,b);
-	ll=out[1]; l2c(ll,b);
-	y=0;
-	u=0x80;
-	bb[8]=0;
-	for (i=2; i<13; i++)
-		{
-		c=0;
-		for (j=0; j<6; j++)
-			{
-			c<<=1;
-			if (bb[y] & u) c|=1;
-			u>>=1;
-			if (!u)
-				{
-				y++;
-				u=0x80;
-				}
-			}
-		ret[i]=cov_2char[c];
-		}
-	ret[13]='\0';
-	return(ret);
-	}
-
diff --git a/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c
deleted file mode 100644
index 8822816938..0000000000
--- a/crypto/des/fcrypt_b.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/* crypto/des/fcrypt_b.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-/* This version of crypt has been developed from my MIT compatible
- * DES library.
- * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
- * Eric Young (eay@cryptsoft.com)
- */
-
-#define DES_FCRYPT
-#include "des_locl.h"
-#undef DES_FCRYPT
-
-#undef PERM_OP
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-	(b)^=(t),\
-	(a)^=((t)<<(n)))
-
-#undef HPERM_OP
-#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
-	(a)=(a)^(t)^(t>>(16-(n))))\
-
-void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
-		 DES_LONG Eswap1)
-	{
-	register DES_LONG l,r,t,u;
-#ifdef DES_PTR
-	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
-#endif
-	register DES_LONG *s;
-	register int j;
-	register DES_LONG E0,E1;
-
-	l=0;
-	r=0;
-
-	s=(DES_LONG *)ks;
-	E0=Eswap0;
-	E1=Eswap1;
-
-	for (j=0; j<25; j++)
-		{
-#ifndef DES_UNROLL
-		register int i;
-
-		for (i=0; i<32; i+=4)
-			{
-			D_ENCRYPT(l,r,i+0); /*  1 */
-			D_ENCRYPT(r,l,i+2); /*  2 */
-			}
-#else
-		D_ENCRYPT(l,r, 0); /*  1 */
-		D_ENCRYPT(r,l, 2); /*  2 */
-		D_ENCRYPT(l,r, 4); /*  3 */
-		D_ENCRYPT(r,l, 6); /*  4 */
-		D_ENCRYPT(l,r, 8); /*  5 */
-		D_ENCRYPT(r,l,10); /*  6 */
-		D_ENCRYPT(l,r,12); /*  7 */
-		D_ENCRYPT(r,l,14); /*  8 */
-		D_ENCRYPT(l,r,16); /*  9 */
-		D_ENCRYPT(r,l,18); /*  10 */
-		D_ENCRYPT(l,r,20); /*  11 */
-		D_ENCRYPT(r,l,22); /*  12 */
-		D_ENCRYPT(l,r,24); /*  13 */
-		D_ENCRYPT(r,l,26); /*  14 */
-		D_ENCRYPT(l,r,28); /*  15 */
-		D_ENCRYPT(r,l,30); /*  16 */
-#endif
-
-		t=l;
-		l=r;
-		r=t;
-		}
-	l=ROTATE(l,3)&0xffffffffL;
-	r=ROTATE(r,3)&0xffffffffL;
-
-	PERM_OP(l,r,t, 1,0x55555555L);
-	PERM_OP(r,l,t, 8,0x00ff00ffL);
-	PERM_OP(l,r,t, 2,0x33333333L);
-	PERM_OP(r,l,t,16,0x0000ffffL);
-	PERM_OP(l,r,t, 4,0x0f0f0f0fL);
-
-	out[0]=r;
-	out[1]=l;
-	}
-
diff --git a/crypto/des/makefile.bc b/crypto/des/makefile.bc
deleted file mode 100644
index 1fe6d4915a..0000000000
--- a/crypto/des/makefile.bc
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# Origional BC Makefile from Teun <Teun.Nijssen@kub.nl>
-#
-#
-CC      = bcc
-TLIB    = tlib /0 /C
-# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s
-OPTIMIZE= -3 -O2
-#WINDOWS= -W
-CFLAGS  = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS
-LFLAGS  = -ml $(WINDOWS)
-
-.c.obj:
-	$(CC) $(CFLAGS) $*.c
-
-.obj.exe:
-	$(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib  
-
-all: $(LIB) destest.exe rpw.exe des.exe speed.exe
-
-# "make clean": use a directory containing only libdes .exe and .obj files...
-clean:
-	del *.exe
-	del *.obj
-	del libdes.lib
-	del libdes.rsp
-
-OBJS=   cbc_cksm.obj cbc_enc.obj  ecb_enc.obj  pcbc_enc.obj \
-	qud_cksm.obj rand_key.obj set_key.obj  str2key.obj \
-	enc_read.obj enc_writ.obj fcrypt.obj   cfb_enc.obj \
-	ecb3_enc.obj ofb_enc.obj  cbc3_enc.obj read_pwd.obj\
-	cfb64enc.obj ofb64enc.obj ede_enc.obj  cfb64ede.obj\
-	ofb64ede.obj supp.obj
-
-LIB=    libdes.lib
-
-$(LIB): $(OBJS)
-	del $(LIB)
-	makersp "+%s &\n" &&|
-	$(OBJS)
-|       >libdes.rsp
-	$(TLIB) libdes.lib @libdes.rsp,nul
-	del libdes.rsp
-
-destest.exe: destest.obj libdes.lib
-rpw.exe:     rpw.obj libdes.lib
-speed.exe:   speed.obj libdes.lib
-des.exe:     des.obj libdes.lib
-
-
diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c
deleted file mode 100644
index fda23d522f..0000000000
--- a/crypto/des/ncbc_enc.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/* crypto/des/ncbc_enc.c */
-/*
- * #included by:
- *    cbc_enc.c  (DES_cbc_encrypt)
- *    des_enc.c  (DES_ncbc_encrypt)
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-#ifdef CBC_ENC_C__DONT_UPDATE_IV
-void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-		     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
-#else
-void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-		     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
-#endif
-	{
-	register DES_LONG tin0,tin1;
-	register DES_LONG tout0,tout1,xor0,xor1;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *iv;
-
-	iv = &(*ivec)[0];
-
-	if (enc)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0; tin[0]=tin0;
-			tin1^=tout1; tin[1]=tin1;
-			DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0; tin[0]=tin0;
-			tin1^=tout1; tin[1]=tin1;
-			DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-#ifndef CBC_ENC_C__DONT_UPDATE_IV
-		iv = &(*ivec)[0];
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-#endif
-		}
-	else
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2cn(tout0,tout1,out,l+8);
-#ifndef CBC_ENC_C__DONT_UPDATE_IV
-			xor0=tin0;
-			xor1=tin1;
-#endif
-			}
-#ifndef CBC_ENC_C__DONT_UPDATE_IV 
-		iv = &(*ivec)[0];
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-#endif
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c
deleted file mode 100644
index 26bbf9a6a7..0000000000
--- a/crypto/des/ofb64ede.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/* crypto/des/ofb64ede.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void DES_ede3_ofb64_encrypt(register const unsigned char *in,
-			    register unsigned char *out, long length,
-			    DES_key_schedule *k1, DES_key_schedule *k2,
-			    DES_key_schedule *k3, DES_cblock *ivec,
-			    int *num)
-	{
-	register DES_LONG v0,v1;
-	register int n= *num;
-	register long l=length;
-	DES_cblock d;
-	register char *dp;
-	DES_LONG ti[2];
-	unsigned char *iv;
-	int save=0;
-
-	iv = &(*ivec)[0];
-	c2l(iv,v0);
-	c2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	dp=(char *)d;
-	l2c(v0,dp);
-	l2c(v1,dp);
-	while (l--)
-		{
-		if (n == 0)
-			{
-			/* ti[0]=v0; */
-			/* ti[1]=v1; */
-			DES_encrypt3(ti,k1,k2,k3);
-			v0=ti[0];
-			v1=ti[1];
-
-			dp=(char *)d;
-			l2c(v0,dp);
-			l2c(v1,dp);
-			save++;
-			}
-		*(out++)= *(in++)^d[n];
-		n=(n+1)&0x07;
-		}
-	if (save)
-		{
-/*		v0=ti[0];
-		v1=ti[1];*/
-		iv = &(*ivec)[0];
-		l2c(v0,iv);
-		l2c(v1,iv);
-		}
-	v0=v1=ti[0]=ti[1]=0;
-	*num=n;
-	}
-
-#ifdef undef /* MACRO */
-void DES_ede2_ofb64_encrypt(register unsigned char *in,
-	     register unsigned char *out, long length, DES_key_schedule k1,
-	     DES_key_schedule k2, DES_cblock (*ivec), int *num)
-	{
-	DES_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
-	}
-#endif
diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c
deleted file mode 100644
index 8ca3d49dea..0000000000
--- a/crypto/des/ofb64enc.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/* crypto/des/ofb64enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void DES_ofb64_encrypt(register const unsigned char *in,
-		       register unsigned char *out, long length,
-		       DES_key_schedule *schedule, DES_cblock *ivec, int *num)
-	{
-	register DES_LONG v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	DES_cblock d;
-	register unsigned char *dp;
-	DES_LONG ti[2];
-	unsigned char *iv;
-	int save=0;
-
-	iv = &(*ivec)[0];
-	c2l(iv,v0);
-	c2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	dp=d;
-	l2c(v0,dp);
-	l2c(v1,dp);
-	while (l--)
-		{
-		if (n == 0)
-			{
-			DES_encrypt1(ti,schedule,DES_ENCRYPT);
-			dp=d;
-			t=ti[0]; l2c(t,dp);
-			t=ti[1]; l2c(t,dp);
-			save++;
-			}
-		*(out++)= *(in++)^d[n];
-		n=(n+1)&0x07;
-		}
-	if (save)
-		{
-		v0=ti[0];
-		v1=ti[1];
-		iv = &(*ivec)[0];
-		l2c(v0,iv);
-		l2c(v1,iv);
-		}
-	t=v0=v1=ti[0]=ti[1]=0;
-	*num=n;
-	}
-
diff --git a/crypto/des/ofb_enc.c b/crypto/des/ofb_enc.c
deleted file mode 100644
index e887a3c6f4..0000000000
--- a/crypto/des/ofb_enc.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/* crypto/des/ofb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output are loaded in multiples of 8 bits.
- * What this means is that if you hame numbits=12 and length=2
- * the first 12 bits will be retrieved from the first byte and half
- * the second.  The second 12 bits will come from the 3rd and half the 4th
- * byte.
- */
-void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-		     long length, DES_key_schedule *schedule,
-		     DES_cblock *ivec)
-	{
-	register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
-	register DES_LONG mask0,mask1;
-	register long l=length;
-	register int num=numbits;
-	DES_LONG ti[2];
-	unsigned char *iv;
-
-	if (num > 64) return;
-	if (num > 32)
-		{
-		mask0=0xffffffffL;
-		if (num >= 64)
-			mask1=mask0;
-		else
-			mask1=(1L<<(num-32))-1;
-		}
-	else
-		{
-		if (num == 32)
-			mask0=0xffffffffL;
-		else
-			mask0=(1L<<num)-1;
-		mask1=0x00000000L;
-		}
-
-	iv = &(*ivec)[0];
-	c2l(iv,v0);
-	c2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	while (l-- > 0)
-		{
-		ti[0]=v0;
-		ti[1]=v1;
-		DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
-		vv0=ti[0];
-		vv1=ti[1];
-		c2ln(in,d0,d1,n);
-		in+=n;
-		d0=(d0^vv0)&mask0;
-		d1=(d1^vv1)&mask1;
-		l2cn(d0,d1,out,n);
-		out+=n;
-
-		if (num == 32)
-			{ v0=v1; v1=vv0; }
-		else if (num == 64)
-				{ v0=vv0; v1=vv1; }
-		else if (num > 32) /* && num != 64 */
-			{
-			v0=((v1>>(num-32))|(vv0<<(64-num)))&0xffffffffL;
-			v1=((vv0>>(num-32))|(vv1<<(64-num)))&0xffffffffL;
-			}
-		else /* num < 32 */
-			{
-			v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
-			v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL;
-			}
-		}
-	iv = &(*ivec)[0];
-	l2c(v0,iv);
-	l2c(v1,iv);
-	v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0;
-	}
-
diff --git a/crypto/des/options.txt b/crypto/des/options.txt
deleted file mode 100644
index 6e2b50f765..0000000000
--- a/crypto/des/options.txt
+++ /dev/null
@@ -1,39 +0,0 @@
-Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds
-instead of the default 4.
-RISC1 and RISC2 are 2 alternatives for the inner loop and
-PTR means to use pointers arithmatic instead of arrays.
-
-FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler		577,000 4620k/s
-IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR	496,000 3968k/s
-solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1]	459,400 3672k/s
-FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1	433,000 3468k/s
-solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL 		380,000 3041k/s
-linux - pentium 100mhz - gcc 2.7.0 - assembler			281,000 2250k/s
-NT 4.0 - pentium 100mhz - VC 4.2 - assembler			281,000 2250k/s
-AIX 4.1? - PPC604 100mhz - cc - UNROLL 				275,000 2200k/s
-IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR		235,300 1882k/s
-IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR			233,700 1869k/s
-NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR		191,000 1528k/s
-DEC Alpha 165mhz??  - cc - RISC2 PTR [2]			181,000 1448k/s
-linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR		158,500 1268k/s
-HPUX 10 - 9000/887 - cc - UNROLL [3]	 			148,000	1190k/s
-solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL		123,600  989k/s
-IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR			101,000  808k/s
-DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL			 81,000  648k/s
-solaris 2.4 486 50mhz - gcc 2.6.3 - assembler			 65,000  522k/s
-HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR	 76,000	 608k/s
-solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2		 43,500  344k/s
-AIX - old slow one :-) - cc -					 39,000  312k/s
-
-Notes.
-[1] For the ultra sparc, SunC 4.0 
-    cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts'
-    gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s.
-    I'll record the higher since it is coming from the library but it
-    is all rather weird.
-[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000.
-[3] I was unable to get access to this machine when it was not heavily loaded.
-    As such, my timing program was never able to get more that %30 of the CPU.
-    This would cause the program to give much lower speed numbers because
-    it would be 'fighting' to stay in the cache with the other CPU burning
-    processes.
diff --git a/crypto/des/pcbc_enc.c b/crypto/des/pcbc_enc.c
deleted file mode 100644
index 17a40f9520..0000000000
--- a/crypto/des/pcbc_enc.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* crypto/des/pcbc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
-		      long length, DES_key_schedule *schedule,
-		      DES_cblock *ivec, int enc)
-	{
-	register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
-	DES_LONG tin[2];
-	const unsigned char *in;
-	unsigned char *out,*iv;
-
-	in=input;
-	out=output;
-	iv = &(*ivec)[0];
-
-	if (enc)
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (; length>0; length-=8)
-			{
-			if (length >= 8)
-				{
-				c2l(in,sin0);
-				c2l(in,sin1);
-				}
-			else
-				c2ln(in,sin0,sin1,length);
-			tin[0]=sin0^xor0;
-			tin[1]=sin1^xor1;
-			DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0];
-			tout1=tin[1];
-			xor0=sin0^tout0;
-			xor1=sin1^tout1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			}
-		}
-	else
-		{
-		c2l(iv,xor0); c2l(iv,xor1);
-		for (; length>0; length-=8)
-			{
-			c2l(in,sin0);
-			c2l(in,sin1);
-			tin[0]=sin0;
-			tin[1]=sin1;
-			DES_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			if (length >= 8)
-				{
-				l2c(tout0,out);
-				l2c(tout1,out);
-				}
-			else
-				l2cn(tout0,tout1,out,length);
-			xor0=tout0^sin0;
-			xor1=tout1^sin1;
-			}
-		}
-	tin[0]=tin[1]=0;
-	sin0=sin1=xor0=xor1=tout0=tout1=0;
-	}
diff --git a/crypto/des/qud_cksm.c b/crypto/des/qud_cksm.c
deleted file mode 100644
index dac201227e..0000000000
--- a/crypto/des/qud_cksm.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/* crypto/des/qud_cksm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* From "Message Authentication"  R.R. Jueneman, S.M. Matyas, C.H. Meyer
- * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40
- * This module in only based on the code in this paper and is
- * almost definitely not the same as the MIT implementation.
- */
-#include "des_locl.h"
-
-/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
-#define Q_B0(a)	(((DES_LONG)(a)))
-#define Q_B1(a)	(((DES_LONG)(a))<<8)
-#define Q_B2(a)	(((DES_LONG)(a))<<16)
-#define Q_B3(a)	(((DES_LONG)(a))<<24)
-
-/* used to scramble things a bit */
-/* Got the value MIT uses via brute force :-) 2/10/90 eay */
-#define NOISE	((DES_LONG)83653421L)
-
-DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
-	     long length, int out_count, DES_cblock *seed)
-	{
-	DES_LONG z0,z1,t0,t1;
-	int i;
-	long l;
-	const unsigned char *cp;
-#ifdef _CRAY
-	struct lp_st { int a:32; int b:32; } *lp;
-#else
-	DES_LONG *lp;
-#endif
-
-	if (out_count < 1) out_count=1;
-#ifdef _CRAY
-	lp = (struct lp_st *) &(output[0])[0];
-#else
-	lp = (DES_LONG *) &(output[0])[0];
-#endif
-
-	z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);
-	z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);
-
-	for (i=0; ((i<4)&&(i<out_count)); i++)
-		{
-		cp=input;
-		l=length;
-		while (l > 0)
-			{
-			if (l > 1)
-				{
-				t0= (DES_LONG)(*(cp++));
-				t0|=(DES_LONG)Q_B1(*(cp++));
-				l--;
-				}
-			else
-				t0= (DES_LONG)(*(cp++));
-			l--;
-			/* add */
-			t0+=z0;
-			t0&=0xffffffffL;
-			t1=z1;
-			/* square, well sort of square */
-			z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL))
-				&0xffffffffL)%0x7fffffffL; 
-			z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL;
-			}
-		if (lp != NULL)
-			{
-			/* The MIT library assumes that the checksum is
-			 * composed of 2*out_count 32 bit ints */
-#ifdef _CRAY
-			(*lp).a = z0;
-			(*lp).b = z1;
-			lp++;
-#else
-			*lp++ = z0;
-			*lp++ = z1;
-#endif
-			}
-		}
-	return(z0);
-	}
-
diff --git a/crypto/des/rand_key.c b/crypto/des/rand_key.c
deleted file mode 100644
index 2398165568..0000000000
--- a/crypto/des/rand_key.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* crypto/des/rand_key.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-int DES_random_key(DES_cblock *ret)
-	{
-	do
-		{
-		if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
-			return (0);
-		} while (DES_is_weak_key(ret));
-	DES_set_odd_parity(ret);
-	return (1);
-	}
diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
deleted file mode 100644
index ee6969f76e..0000000000
--- a/crypto/des/read2pwd.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/* crypto/des/read2pwd.c */
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <string.h>
-#include <openssl/des.h>
-#include <openssl/ui.h>
-#include <openssl/crypto.h>
-
-int DES_read_password(DES_cblock *key, const char *prompt, int verify)
-	{
-	int ok;
-	char buf[BUFSIZ],buff[BUFSIZ];
-
-	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
-		DES_string_to_key(buf,key);
-	OPENSSL_cleanse(buf,BUFSIZ);
-	OPENSSL_cleanse(buff,BUFSIZ);
-	return(ok);
-	}
-
-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
-	     int verify)
-	{
-	int ok;
-	char buf[BUFSIZ],buff[BUFSIZ];
-
-	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
-		DES_string_to_2keys(buf,key1,key2);
-	OPENSSL_cleanse(buf,BUFSIZ);
-	OPENSSL_cleanse(buff,BUFSIZ);
-	return(ok);
-	}
diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c
deleted file mode 100644
index ce5fa00a37..0000000000
--- a/crypto/des/read_pwd.c
+++ /dev/null
@@ -1,521 +0,0 @@
-/* crypto/des/read_pwd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/e_os2.h>
-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WIN32)
-#ifdef OPENSSL_UNISTD
-# include OPENSSL_UNISTD
-#else
-# include <unistd.h>
-#endif
-/* If unistd.h defines _POSIX_VERSION, we conclude that we
- * are on a POSIX system and have sigaction and termios. */
-#if defined(_POSIX_VERSION)
-
-# define SIGACTION
-# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
-# define TERMIOS
-# endif
-
-#endif
-#endif
-
-/* #define SIGACTION */ /* Define this if you have sigaction() */
-
-#ifdef WIN16TTY
-#undef OPENSSL_SYS_WIN16
-#undef _WINDOWS
-#include <graph.h>
-#endif
-
-/* 06-Apr-92 Luke Brennan    Support for VMS */
-#include "des_locl.h"
-#include "cryptlib.h"
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <setjmp.h>
-#include <errno.h>
-
-#ifdef OPENSSL_SYS_VMS			/* prototypes for sys$whatever */
-#include <starlet.h>
-#ifdef __DECC
-#pragma message disable DOLLARID
-#endif
-#endif
-
-#ifdef WIN_CONSOLE_BUG
-#include <windows.h>
-#ifndef OPENSSL_SYS_WINCE
-#include <wincon.h>
-#endif
-#endif
-
-
-/* There are 5 types of terminal interface supported,
- * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
- */
-
-#if defined(__sgi) && !defined(TERMIOS)
-#define TERMIOS
-#undef  TERMIO
-#undef  SGTTY
-#endif
-
-#if defined(linux) && !defined(TERMIO)
-#undef  TERMIOS
-#define TERMIO
-#undef  SGTTY
-#endif
-
-#ifdef _LIBC
-#undef  TERMIOS
-#define TERMIO
-#undef  SGTTY
-#endif
-
-#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(MAC_OS_pre_X) && !defined(MAC_OS_GUSI_SOURCE)
-#undef  TERMIOS
-#undef  TERMIO
-#define SGTTY
-#endif
-
-#if defined(OPENSSL_SYS_VXWORKS)
-#undef TERMIOS
-#undef TERMIO
-#undef SGTTY
-#endif
-
-#ifdef TERMIOS
-#include <termios.h>
-#define TTY_STRUCT		struct termios
-#define TTY_FLAGS		c_lflag
-#define	TTY_get(tty,data)	tcgetattr(tty,data)
-#define TTY_set(tty,data)	tcsetattr(tty,TCSANOW,data)
-#endif
-
-#ifdef TERMIO
-#include <termio.h>
-#define TTY_STRUCT		struct termio
-#define TTY_FLAGS		c_lflag
-#define TTY_get(tty,data)	ioctl(tty,TCGETA,data)
-#define TTY_set(tty,data)	ioctl(tty,TCSETA,data)
-#endif
-
-#ifdef SGTTY
-#include <sgtty.h>
-#define TTY_STRUCT		struct sgttyb
-#define TTY_FLAGS		sg_flags
-#define TTY_get(tty,data)	ioctl(tty,TIOCGETP,data)
-#define TTY_set(tty,data)	ioctl(tty,TIOCSETP,data)
-#endif
-
-#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(MAC_OS_pre_X)
-#include <sys/ioctl.h>
-#endif
-
-#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) && !defined(OPENSSL_SYS_WINCE)
-#include <conio.h>
-#define fgets(a,b,c) noecho_fgets(a,b,c)
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-#include <ssdef.h>
-#include <iodef.h>
-#include <ttdef.h>
-#include <descrip.h>
-struct IOSB {
-	short iosb$w_value;
-	short iosb$w_count;
-	long  iosb$l_info;
-	};
-#endif
-
-#if defined(MAC_OS_pre_X) || defined(MAC_OS_GUSI_SOURCE)
-/*
- * This one needs work. As a matter of fact the code is unoperational
- * and this is only a trick to get it compiled.
- *					<appro@fy.chalmers.se>
- */
-#define TTY_STRUCT int
-#endif
-
-#ifndef NX509_SIG
-#define NX509_SIG 32
-#endif
-
-static void read_till_nl(FILE *);
-static void recsig(int);
-static void pushsig(void);
-static void popsig(void);
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
-static int noecho_fgets(char *buf, int size, FILE *tty);
-#endif
-#ifdef SIGACTION
- static struct sigaction savsig[NX509_SIG];
-#else
-  static void (*savsig[NX509_SIG])(int );
-#endif
-static jmp_buf save;
-
-int des_read_pw_string(char *buf, int length, const char *prompt,
-	     int verify)
-	{
-	char buff[BUFSIZ];
-	int ret;
-
-	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
-	OPENSSL_cleanse(buff,BUFSIZ);
-	return(ret);
-	}
-
-#ifdef OPENSSL_SYS_WINCE
-
-int des_read_pw(char *buf, char *buff, int size, const char *prompt, int verify)
-	{ 
-	memset(buf,0,size);
-	memset(buff,0,size);
-	return(0);
-	}
-
-#elif defined(OPENSSL_SYS_WIN16)
-
-int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)
-	{ 
-	memset(buf,0,size);
-	memset(buff,0,size);
-	return(0);
-	}
-
-#else /* !OPENSSL_SYS_WINCE && !OPENSSL_SYS_WIN16 */
-
-static void read_till_nl(FILE *in)
-	{
-#define SIZE 4
-	char buf[SIZE+1];
-
-	do	{
-		fgets(buf,SIZE,in);
-		} while (strchr(buf,'\n') == NULL);
-	}
-
-
-/* return 0 if ok, 1 (or -1) otherwise */
-int des_read_pw(char *buf, char *buff, int size, const char *prompt,
-	     int verify)
-	{
-#ifdef OPENSSL_SYS_VMS
-	struct IOSB iosb;
-	$DESCRIPTOR(terminal,"TT");
-	long tty_orig[3], tty_new[3];
-	long status;
-	unsigned short channel = 0;
-#else
-#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
-	TTY_STRUCT tty_orig,tty_new;
-#endif
-#endif
-	int number;
-	int ok;
-	/* statics are simply to avoid warnings about longjmp clobbering
-	   things */
-	static int ps;
-	int is_a_tty;
-	static FILE *tty;
-	char *p;
-
-	if (setjmp(save))
-		{
-		ok=0;
-		goto error;
-		}
-
-	number=5;
-	ok=0;
-	ps=0;
-	is_a_tty=1;
-	tty=NULL;
-
-#ifdef OPENSSL_SYS_MSDOS
-	if ((tty=fopen("con","r")) == NULL)
-		tty=stdin;
-#elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VXWORKS)
-	tty=stdin;
-#else
-#ifndef OPENSSL_SYS_MPE
-	if ((tty=fopen("/dev/tty","r")) == NULL)
-#endif
-		tty=stdin;
-#endif
-
-#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
-	if (TTY_get(fileno(tty),&tty_orig) == -1)
-		{
-#ifdef ENOTTY
-		if (errno == ENOTTY)
-			is_a_tty=0;
-		else
-#endif
-#ifdef EINVAL
-		/* Ariel Glenn ariel@columbia.edu reports that solaris
-		 * can return EINVAL instead.  This should be ok */
-		if (errno == EINVAL)
-			is_a_tty=0;
-		else
-#endif
-			return(-1);
-		}
-	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
-#endif
-#ifdef OPENSSL_SYS_VMS
-	status = sys$assign(&terminal,&channel,0,0);
-	if (status != SS$_NORMAL)
-		return(-1);
-	status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
-	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-		return(-1);
-#endif
-
-	pushsig();
-	ps=1;
-
-#ifdef TTY_FLAGS
-	tty_new.TTY_FLAGS &= ~ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-	if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
-#ifdef OPENSSL_SYS_MPE 
-		; /* MPE lies -- echo really has been disabled */
-#else
-		return(-1);
-#endif
-#endif
-#ifdef OPENSSL_SYS_VMS
-	tty_new[0] = tty_orig[0];
-	tty_new[1] = tty_orig[1] | TT$M_NOECHO;
-	tty_new[2] = tty_orig[2];
-	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
-	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-		return(-1);
-#endif
-	ps=2;
-
-	while ((!ok) && (number--))
-		{
-		fputs(prompt,stderr);
-		fflush(stderr);
-
-		buf[0]='\0';
-		fgets(buf,size,tty);
-		if (feof(tty)) goto error;
-		if (ferror(tty)) goto error;
-		if ((p=(char *)strchr(buf,'\n')) != NULL)
-			*p='\0';
-		else	read_till_nl(tty);
-		if (verify)
-			{
-			fprintf(stderr,"\nVerifying password - %s",prompt);
-			fflush(stderr);
-			buff[0]='\0';
-			fgets(buff,size,tty);
-			if (feof(tty)) goto error;
-			if ((p=(char *)strchr(buff,'\n')) != NULL)
-				*p='\0';
-			else	read_till_nl(tty);
-				
-			if (strcmp(buf,buff) != 0)
-				{
-				fprintf(stderr,"\nVerify failure");
-				fflush(stderr);
-				break;
-				/* continue; */
-				}
-			}
-		ok=1;
-		}
-
-error:
-	fprintf(stderr,"\n");
-#if 0
-	perror("fgets(tty)");
-#endif
-	/* What can we do if there is an error? */
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-	if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
-#endif
-#ifdef OPENSSL_SYS_VMS
-	if (ps >= 2)
-		status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0
-			,tty_orig,12,0,0,0,0);
-#endif
-	
-	if (ps >= 1) popsig();
-	if (stdin != tty) fclose(tty);
-#ifdef OPENSSL_SYS_VMS
-	status = sys$dassgn(channel);
-#endif
-	return(!ok);
-	}
-
-static void pushsig(void)
-	{
-	int i;
-#ifdef SIGACTION
-	struct sigaction sa;
-
-	memset(&sa,0,sizeof sa);
-	sa.sa_handler=recsig;
-#endif
-
-	for (i=1; i<NX509_SIG; i++)
-		{
-#ifdef SIGUSR1
-		if (i == SIGUSR1)
-			continue;
-#endif
-#ifdef SIGUSR2
-		if (i == SIGUSR2)
-			continue;
-#endif
-#ifdef SIGACTION
-		sigaction(i,&sa,&savsig[i]);
-#else
-		savsig[i]=signal(i,recsig);
-#endif
-		}
-
-#ifdef SIGWINCH
-	signal(SIGWINCH,SIG_DFL);
-#endif
-	}
-
-static void popsig(void)
-	{
-	int i;
-
-	for (i=1; i<NX509_SIG; i++)
-		{
-#ifdef SIGUSR1
-		if (i == SIGUSR1)
-			continue;
-#endif
-#ifdef SIGUSR2
-		if (i == SIGUSR2)
-			continue;
-#endif
-#ifdef SIGACTION
-		sigaction(i,&savsig[i],NULL);
-#else
-		signal(i,savsig[i]);
-#endif
-		}
-	}
-
-static void recsig(int i)
-	{
-	longjmp(save,1);
-#ifdef LINT
-	i=i;
-#endif
-	}
-
-#ifdef OPENSSL_SYS_MSDOS
-static int noecho_fgets(char *buf, int size, FILE *tty)
-	{
-	int i;
-	char *p;
-
-	p=buf;
-	for (;;)
-		{
-		if (size == 0)
-			{
-			*p='\0';
-			break;
-			}
-		size--;
-#ifdef WIN16TTY
-		i=_inchar();
-#else
-		i=getch();
-#endif
-		if (i == '\r') i='\n';
-		*(p++)=i;
-		if (i == '\n')
-			{
-			*p='\0';
-			break;
-			}
-		}
-#ifdef WIN_CONSOLE_BUG
-/* Win95 has several evil console bugs: one of these is that the
- * last character read using getch() is passed to the next read: this is
- * usually a CR so this can be trouble. No STDIO fix seems to work but
- * flushing the console appears to do the trick.
- */
-		{
-			HANDLE inh;
-			inh = GetStdHandle(STD_INPUT_HANDLE);
-			FlushConsoleInputBuffer(inh);
-		}
-#endif
-	return(strlen(buf));
-	}
-#endif
-#endif /* !OPENSSL_SYS_WINCE && !WIN16 */
diff --git a/crypto/des/rpc_des.h b/crypto/des/rpc_des.h
deleted file mode 100644
index 41328d7965..0000000000
--- a/crypto/des/rpc_des.h
+++ /dev/null
@@ -1,131 +0,0 @@
-/* crypto/des/rpc_des.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*  @(#)des.h	2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part.  Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- * 
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- * 
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- * 
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- * 
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California  94043
- */
-/*
- * Generic DES driver interface
- * Keep this file hardware independent!
- * Copyright (c) 1986 by Sun Microsystems, Inc.
- */
-
-#define DES_MAXLEN 	65536	/* maximum # of bytes to encrypt  */
-#define DES_QUICKLEN	16	/* maximum # of bytes to encrypt quickly */
-
-#ifdef HEADER_DES_H
-#undef ENCRYPT
-#undef DECRYPT
-#endif
-
-enum desdir { ENCRYPT, DECRYPT };
-enum desmode { CBC, ECB };
-
-/*
- * parameters to ioctl call
- */
-struct desparams {
-	unsigned char des_key[8];	/* key (with low bit parity) */
-	enum desdir des_dir;	/* direction */
-	enum desmode des_mode;	/* mode */
-	unsigned char des_ivec[8];	/* input vector */
-	unsigned des_len;	/* number of bytes to crypt */
-	union {
-		unsigned char UDES_data[DES_QUICKLEN];
-		unsigned char *UDES_buf;
-	} UDES;
-#	define des_data UDES.UDES_data	/* direct data here if quick */
-#	define des_buf	UDES.UDES_buf	/* otherwise, pointer to data */
-};
-
-/*
- * Encrypt an arbitrary sized buffer
- */
-#define	DESIOCBLOCK	_IOWR('d', 6, struct desparams)
-
-/* 
- * Encrypt of small amount of data, quickly
- */
-#define DESIOCQUICK	_IOWR('d', 7, struct desparams) 
-
diff --git a/crypto/des/rpc_enc.c b/crypto/des/rpc_enc.c
deleted file mode 100644
index d937d08da5..0000000000
--- a/crypto/des/rpc_enc.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/* crypto/des/rpc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "rpc_des.h"
-#include "des_locl.h"
-#include "des_ver.h"
-
-int _des_crypt(char *buf,int len,struct desparams *desp);
-int _des_crypt(char *buf, int len, struct desparams *desp)
-	{
-	DES_key_schedule ks;
-	int enc;
-
-	DES_set_key_unchecked(&desp->des_key,&ks);
-	enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
-
-	if (desp->des_mode == CBC)
-		DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,
-				(DES_cblock *)desp->UDES.UDES_buf,&ks,
-				enc);
-	else
-		{
-		DES_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,
-				len,&ks,&desp->des_ivec,enc);
-#ifdef undef
-		/* len will always be %8 if called from common_crypt
-		 * in secure_rpc.
-		 * Libdes's cbc encrypt does not copy back the iv,
-		 * so we have to do it here. */
-		/* It does now :-) eay 20/09/95 */
-
-		a=(char *)&(desp->UDES.UDES_buf[len-8]);
-		b=(char *)&(desp->des_ivec[0]);
-
-		*(a++)= *(b++); *(a++)= *(b++);
-		*(a++)= *(b++); *(a++)= *(b++);
-		*(a++)= *(b++); *(a++)= *(b++);
-		*(a++)= *(b++); *(a++)= *(b++);
-#endif
-		}
-	return(1);	
-	}
-
diff --git a/crypto/des/rpw.c b/crypto/des/rpw.c
deleted file mode 100644
index 8a9473c4f9..0000000000
--- a/crypto/des/rpw.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* crypto/des/rpw.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/des.h>
-
-int main(int argc, char *argv[])
-	{
-	DES_cblock k,k1;
-	int i;
-
-	printf("read passwd\n");
-	if ((i=des_read_password(&k,"Enter password:",0)) == 0)
-		{
-		printf("password = ");
-		for (i=0; i<8; i++)
-			printf("%02x ",k[i]);
-		}
-	else
-		printf("error %d\n",i);
-	printf("\n");
-	printf("read 2passwds and verify\n");
-	if ((i=des_read_2passwords(&k,&k1,
-		"Enter verified password:",1)) == 0)
-		{
-		printf("password1 = ");
-		for (i=0; i<8; i++)
-			printf("%02x ",k[i]);
-		printf("\n");
-		printf("password2 = ");
-		for (i=0; i<8; i++)
-			printf("%02x ",k1[i]);
-		printf("\n");
-		exit(1);
-		}
-	else
-		{
-		printf("error %d\n",i);
-		exit(0);
-		}
-#ifdef LINT
-	return(0);
-#endif
-	}
diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c
deleted file mode 100644
index da4d62e112..0000000000
--- a/crypto/des/set_key.c
+++ /dev/null
@@ -1,415 +0,0 @@
-/* crypto/des/set_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* set_key.c v 1.4 eay 24/9/91
- * 1.4 Speed up by 400% :-)
- * 1.3 added register declarations.
- * 1.2 unrolled make_key_sched a bit more
- * 1.1 added norm_expand_bits
- * 1.0 First working version
- */
-#include <openssl/crypto.h>
-#include "des_locl.h"
-
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0)	/* defaults to false */
-
-static const unsigned char odd_parity[256]={
-  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
-112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
-128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
-145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
-161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
-176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
-193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
-208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
-224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
-241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
-
-void DES_set_odd_parity(DES_cblock *key)
-	{
-	unsigned int i;
-
-	for (i=0; i<DES_KEY_SZ; i++)
-		(*key)[i]=odd_parity[(*key)[i]];
-	}
-
-int DES_check_key_parity(const_DES_cblock *key)
-	{
-	unsigned int i;
-
-	for (i=0; i<DES_KEY_SZ; i++)
-		{
-		if ((*key)[i] != odd_parity[(*key)[i]])
-			return(0);
-		}
-	return(1);
-	}
-
-/* Weak and semi week keys as take from
- * %A D.W. Davies
- * %A W.L. Price
- * %T Security for Computer Networks
- * %I John Wiley & Sons
- * %D 1984
- * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
- * (and actual cblock values).
- */
-#define NUM_WEAK_KEY	16
-static const DES_cblock weak_keys[NUM_WEAK_KEY]={
-	/* weak keys */
-	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
-	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
-	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
-	{0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
-	/* semi-weak keys */
-	{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
-	{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
-	{0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
-	{0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
-	{0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
-	{0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
-	{0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
-	{0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
-	{0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
-	{0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
-	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
-	{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
-
-int DES_is_weak_key(const_DES_cblock *key)
-	{
-	int i;
-
-	for (i=0; i<NUM_WEAK_KEY; i++)
-		/* Added == 0 to comparison, I obviously don't run
-		 * this section very often :-(, thanks to
-		 * engineering@MorningStar.Com for the fix
-		 * eay 93/06/29
-		 * Another problem, I was comparing only the first 4
-		 * bytes, 97/03/18 */
-		if (memcmp(weak_keys[i],key,sizeof(DES_cblock)) == 0) return(1);
-	return(0);
-	}
-
-/* NOW DEFINED IN des_local.h
- * See ecb_encrypt.c for a pseudo description of these macros. 
- * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
- * 	(b)^=(t),\
- * 	(a)=((a)^((t)<<(n))))
- */
-
-#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
-	(a)=(a)^(t)^(t>>(16-(n))))
-
-static const DES_LONG des_skb[8][64]={
-	{
-	/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-	0x00000000L,0x00000010L,0x20000000L,0x20000010L,
-	0x00010000L,0x00010010L,0x20010000L,0x20010010L,
-	0x00000800L,0x00000810L,0x20000800L,0x20000810L,
-	0x00010800L,0x00010810L,0x20010800L,0x20010810L,
-	0x00000020L,0x00000030L,0x20000020L,0x20000030L,
-	0x00010020L,0x00010030L,0x20010020L,0x20010030L,
-	0x00000820L,0x00000830L,0x20000820L,0x20000830L,
-	0x00010820L,0x00010830L,0x20010820L,0x20010830L,
-	0x00080000L,0x00080010L,0x20080000L,0x20080010L,
-	0x00090000L,0x00090010L,0x20090000L,0x20090010L,
-	0x00080800L,0x00080810L,0x20080800L,0x20080810L,
-	0x00090800L,0x00090810L,0x20090800L,0x20090810L,
-	0x00080020L,0x00080030L,0x20080020L,0x20080030L,
-	0x00090020L,0x00090030L,0x20090020L,0x20090030L,
-	0x00080820L,0x00080830L,0x20080820L,0x20080830L,
-	0x00090820L,0x00090830L,0x20090820L,0x20090830L,
-	},{
-	/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
-	0x00000000L,0x02000000L,0x00002000L,0x02002000L,
-	0x00200000L,0x02200000L,0x00202000L,0x02202000L,
-	0x00000004L,0x02000004L,0x00002004L,0x02002004L,
-	0x00200004L,0x02200004L,0x00202004L,0x02202004L,
-	0x00000400L,0x02000400L,0x00002400L,0x02002400L,
-	0x00200400L,0x02200400L,0x00202400L,0x02202400L,
-	0x00000404L,0x02000404L,0x00002404L,0x02002404L,
-	0x00200404L,0x02200404L,0x00202404L,0x02202404L,
-	0x10000000L,0x12000000L,0x10002000L,0x12002000L,
-	0x10200000L,0x12200000L,0x10202000L,0x12202000L,
-	0x10000004L,0x12000004L,0x10002004L,0x12002004L,
-	0x10200004L,0x12200004L,0x10202004L,0x12202004L,
-	0x10000400L,0x12000400L,0x10002400L,0x12002400L,
-	0x10200400L,0x12200400L,0x10202400L,0x12202400L,
-	0x10000404L,0x12000404L,0x10002404L,0x12002404L,
-	0x10200404L,0x12200404L,0x10202404L,0x12202404L,
-	},{
-	/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
-	0x00000000L,0x00000001L,0x00040000L,0x00040001L,
-	0x01000000L,0x01000001L,0x01040000L,0x01040001L,
-	0x00000002L,0x00000003L,0x00040002L,0x00040003L,
-	0x01000002L,0x01000003L,0x01040002L,0x01040003L,
-	0x00000200L,0x00000201L,0x00040200L,0x00040201L,
-	0x01000200L,0x01000201L,0x01040200L,0x01040201L,
-	0x00000202L,0x00000203L,0x00040202L,0x00040203L,
-	0x01000202L,0x01000203L,0x01040202L,0x01040203L,
-	0x08000000L,0x08000001L,0x08040000L,0x08040001L,
-	0x09000000L,0x09000001L,0x09040000L,0x09040001L,
-	0x08000002L,0x08000003L,0x08040002L,0x08040003L,
-	0x09000002L,0x09000003L,0x09040002L,0x09040003L,
-	0x08000200L,0x08000201L,0x08040200L,0x08040201L,
-	0x09000200L,0x09000201L,0x09040200L,0x09040201L,
-	0x08000202L,0x08000203L,0x08040202L,0x08040203L,
-	0x09000202L,0x09000203L,0x09040202L,0x09040203L,
-	},{
-	/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
-	0x00000000L,0x00100000L,0x00000100L,0x00100100L,
-	0x00000008L,0x00100008L,0x00000108L,0x00100108L,
-	0x00001000L,0x00101000L,0x00001100L,0x00101100L,
-	0x00001008L,0x00101008L,0x00001108L,0x00101108L,
-	0x04000000L,0x04100000L,0x04000100L,0x04100100L,
-	0x04000008L,0x04100008L,0x04000108L,0x04100108L,
-	0x04001000L,0x04101000L,0x04001100L,0x04101100L,
-	0x04001008L,0x04101008L,0x04001108L,0x04101108L,
-	0x00020000L,0x00120000L,0x00020100L,0x00120100L,
-	0x00020008L,0x00120008L,0x00020108L,0x00120108L,
-	0x00021000L,0x00121000L,0x00021100L,0x00121100L,
-	0x00021008L,0x00121008L,0x00021108L,0x00121108L,
-	0x04020000L,0x04120000L,0x04020100L,0x04120100L,
-	0x04020008L,0x04120008L,0x04020108L,0x04120108L,
-	0x04021000L,0x04121000L,0x04021100L,0x04121100L,
-	0x04021008L,0x04121008L,0x04021108L,0x04121108L,
-	},{
-	/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-	0x00000000L,0x10000000L,0x00010000L,0x10010000L,
-	0x00000004L,0x10000004L,0x00010004L,0x10010004L,
-	0x20000000L,0x30000000L,0x20010000L,0x30010000L,
-	0x20000004L,0x30000004L,0x20010004L,0x30010004L,
-	0x00100000L,0x10100000L,0x00110000L,0x10110000L,
-	0x00100004L,0x10100004L,0x00110004L,0x10110004L,
-	0x20100000L,0x30100000L,0x20110000L,0x30110000L,
-	0x20100004L,0x30100004L,0x20110004L,0x30110004L,
-	0x00001000L,0x10001000L,0x00011000L,0x10011000L,
-	0x00001004L,0x10001004L,0x00011004L,0x10011004L,
-	0x20001000L,0x30001000L,0x20011000L,0x30011000L,
-	0x20001004L,0x30001004L,0x20011004L,0x30011004L,
-	0x00101000L,0x10101000L,0x00111000L,0x10111000L,
-	0x00101004L,0x10101004L,0x00111004L,0x10111004L,
-	0x20101000L,0x30101000L,0x20111000L,0x30111000L,
-	0x20101004L,0x30101004L,0x20111004L,0x30111004L,
-	},{
-	/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
-	0x00000000L,0x08000000L,0x00000008L,0x08000008L,
-	0x00000400L,0x08000400L,0x00000408L,0x08000408L,
-	0x00020000L,0x08020000L,0x00020008L,0x08020008L,
-	0x00020400L,0x08020400L,0x00020408L,0x08020408L,
-	0x00000001L,0x08000001L,0x00000009L,0x08000009L,
-	0x00000401L,0x08000401L,0x00000409L,0x08000409L,
-	0x00020001L,0x08020001L,0x00020009L,0x08020009L,
-	0x00020401L,0x08020401L,0x00020409L,0x08020409L,
-	0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
-	0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
-	0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
-	0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
-	0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
-	0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
-	0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
-	0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
-	},{
-	/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
-	0x00000000L,0x00000100L,0x00080000L,0x00080100L,
-	0x01000000L,0x01000100L,0x01080000L,0x01080100L,
-	0x00000010L,0x00000110L,0x00080010L,0x00080110L,
-	0x01000010L,0x01000110L,0x01080010L,0x01080110L,
-	0x00200000L,0x00200100L,0x00280000L,0x00280100L,
-	0x01200000L,0x01200100L,0x01280000L,0x01280100L,
-	0x00200010L,0x00200110L,0x00280010L,0x00280110L,
-	0x01200010L,0x01200110L,0x01280010L,0x01280110L,
-	0x00000200L,0x00000300L,0x00080200L,0x00080300L,
-	0x01000200L,0x01000300L,0x01080200L,0x01080300L,
-	0x00000210L,0x00000310L,0x00080210L,0x00080310L,
-	0x01000210L,0x01000310L,0x01080210L,0x01080310L,
-	0x00200200L,0x00200300L,0x00280200L,0x00280300L,
-	0x01200200L,0x01200300L,0x01280200L,0x01280300L,
-	0x00200210L,0x00200310L,0x00280210L,0x00280310L,
-	0x01200210L,0x01200310L,0x01280210L,0x01280310L,
-	},{
-	/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
-	0x00000000L,0x04000000L,0x00040000L,0x04040000L,
-	0x00000002L,0x04000002L,0x00040002L,0x04040002L,
-	0x00002000L,0x04002000L,0x00042000L,0x04042000L,
-	0x00002002L,0x04002002L,0x00042002L,0x04042002L,
-	0x00000020L,0x04000020L,0x00040020L,0x04040020L,
-	0x00000022L,0x04000022L,0x00040022L,0x04040022L,
-	0x00002020L,0x04002020L,0x00042020L,0x04042020L,
-	0x00002022L,0x04002022L,0x00042022L,0x04042022L,
-	0x00000800L,0x04000800L,0x00040800L,0x04040800L,
-	0x00000802L,0x04000802L,0x00040802L,0x04040802L,
-	0x00002800L,0x04002800L,0x00042800L,0x04042800L,
-	0x00002802L,0x04002802L,0x00042802L,0x04042802L,
-	0x00000820L,0x04000820L,0x00040820L,0x04040820L,
-	0x00000822L,0x04000822L,0x00040822L,0x04040822L,
-	0x00002820L,0x04002820L,0x00042820L,0x04042820L,
-	0x00002822L,0x04002822L,0x00042822L,0x04042822L,
-	}};
-
-int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
-	{
-	if (DES_check_key)
-		{
-		return DES_set_key_checked(key, schedule);
-		}
-	else
-		{
-		DES_set_key_unchecked(key, schedule);
-		return 0;
-		}
-	}
-
-/* return 0 if key parity is odd (correct),
- * return -1 if key parity error,
- * return -2 if illegal weak key.
- */
-int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
-	{
-	if (!DES_check_key_parity(key))
-		return(-1);
-	if (DES_is_weak_key(key))
-		return(-2);
-	DES_set_key_unchecked(key, schedule);
-	return 0;
-	}
-
-void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-#ifdef OPENSSL_FIPS
-	{
-	fips_cipher_abort(DES);
-	private_DES_set_key_unchecked(key, schedule);
-	}
-void private_DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-#endif
-	{
-	static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
-	register DES_LONG c,d,t,s,t2;
-	register const unsigned char *in;
-	register DES_LONG *k;
-	register int i;
-
-#ifdef OPENBSD_DEV_CRYPTO
-	memcpy(schedule->key,key,sizeof schedule->key);
-	schedule->session=NULL;
-#endif
-	k = &schedule->ks->deslong[0];
-	in = &(*key)[0];
-
-	c2l(in,c);
-	c2l(in,d);
-
-	/* do PC1 in 47 simple operations :-)
-	 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
-	 * for the inspiration. :-) */
-	PERM_OP (d,c,t,4,0x0f0f0f0fL);
-	HPERM_OP(c,t,-2,0xcccc0000L);
-	HPERM_OP(d,t,-2,0xcccc0000L);
-	PERM_OP (d,c,t,1,0x55555555L);
-	PERM_OP (c,d,t,8,0x00ff00ffL);
-	PERM_OP (d,c,t,1,0x55555555L);
-	d=	(((d&0x000000ffL)<<16L)| (d&0x0000ff00L)     |
-		 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
-	c&=0x0fffffffL;
-
-	for (i=0; i<ITERATIONS; i++)
-		{
-		if (shifts2[i])
-			{ c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
-		else
-			{ c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
-		c&=0x0fffffffL;
-		d&=0x0fffffffL;
-		/* could be a few less shifts but I am to lazy at this
-		 * point in time to investigate */
-		s=	des_skb[0][ (c    )&0x3f                ]|
-			des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|
-			des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|
-			des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |
-						  ((c>>22L)&0x38)];
-		t=	des_skb[4][ (d    )&0x3f                ]|
-			des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
-			des_skb[6][ (d>>15L)&0x3f                ]|
-			des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
-
-		/* table contained 0213 4657 */
-		t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
-		*(k++)=ROTATE(t2,30)&0xffffffffL;
-
-		t2=((s>>16L)|(t&0xffff0000L));
-		*(k++)=ROTATE(t2,26)&0xffffffffL;
-		}
-	}
-
-int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
-	{
-	return(DES_set_key(key,schedule));
-	}
-/*
-#undef des_fixup_key_parity
-void des_fixup_key_parity(des_cblock *key)
-	{
-	des_set_odd_parity(key);
-	}
-*/
diff --git a/crypto/des/speed.c b/crypto/des/speed.c
deleted file mode 100644
index 1616f4b7c9..0000000000
--- a/crypto/des/speed.c
+++ /dev/null
@@ -1,314 +0,0 @@
-/* crypto/des/speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#define crypt(c,s) (des_crypt((c),(s)))
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
-   The __TMS macro will show if it was.  If it wasn't defined, we should
-   undefine TIMES, since that tells the rest of the program how things
-   should be handled.				-- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/des.h>
-
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-#   define HZ	100.0
-#  else /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
-#  endif
-# else /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#define BUFSIZE	((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
-	{
-	signal(SIGALRM,sig_done);
-	run=0;
-#ifdef LINT
-	sig=sig;
-#endif
-	}
-#endif
-
-#define START	0
-#define STOP	1
-
-double Time_F(int s)
-	{
-	double ret;
-#ifdef TIMES
-	static struct tms tstart,tend;
-
-	if (s == START)
-		{
-		times(&tstart);
-		return(0);
-		}
-	else
-		{
-		times(&tend);
-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
-		return((ret == 0.0)?1e-6:ret);
-		}
-#else /* !times() */
-	static struct timeb tstart,tend;
-	long i;
-
-	if (s == START)
-		{
-		ftime(&tstart);
-		return(0);
-		}
-	else
-		{
-		ftime(&tend);
-		i=(long)tend.millitm-(long)tstart.millitm;
-		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
-		return((ret == 0.0)?1e-6:ret);
-		}
-#endif
-	}
-
-int main(int argc, char **argv)
-	{
-	long count;
-	static unsigned char buf[BUFSIZE];
-	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
-	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	DES_key_schedule sch,sch2,sch3;
-	double a,b,c,d,e;
-#ifndef SIGALRM
-	long ca,cb,cc,cd,ce;
-#endif
-
-#ifndef TIMES
-	printf("To get the most accurate results, try to run this\n");
-	printf("program when this computer is idle.\n");
-#endif
-
-	DES_set_key_unchecked(&key2,&sch2);
-	DES_set_key_unchecked(&key3,&sch3);
-
-#ifndef SIGALRM
-	printf("First we calculate the approximate speed ...\n");
-	DES_set_key_unchecked(&key,&sch);
-	count=10;
-	do	{
-		long i;
-		DES_LONG data[2];
-
-		count*=2;
-		Time_F(START);
-		for (i=count; i; i--)
-			DES_encrypt1(data,&sch,DES_ENCRYPT);
-		d=Time_F(STOP);
-		} while (d < 3.0);
-	ca=count;
-	cb=count*3;
-	cc=count*3*8/BUFSIZE+1;
-	cd=count*8/BUFSIZE+1;
-	ce=count/20+1;
-	printf("Doing set_key %ld times\n",ca);
-#define COND(d)	(count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c)	(run)
-#define COUNT(d) (count)
-	signal(SIGALRM,sig_done);
-	printf("Doing set_key for 10 seconds\n");
-	alarm(10);
-#endif
-
-	Time_F(START);
-	for (count=0,run=1; COND(ca); count++)
-		DES_set_key_unchecked(&key,&sch);
-	d=Time_F(STOP);
-	printf("%ld set_key's in %.2f seconds\n",count,d);
-	a=((double)COUNT(ca))/d;
-
-#ifdef SIGALRM
-	printf("Doing DES_encrypt's for 10 seconds\n");
-	alarm(10);
-#else
-	printf("Doing DES_encrypt %ld times\n",cb);
-#endif
-	Time_F(START);
-	for (count=0,run=1; COND(cb); count++)
-		{
-		DES_LONG data[2];
-
-		DES_encrypt1(data,&sch,DES_ENCRYPT);
-		}
-	d=Time_F(STOP);
-	printf("%ld DES_encrypt's in %.2f second\n",count,d);
-	b=((double)COUNT(cb)*8)/d;
-
-#ifdef SIGALRM
-	printf("Doing DES_cbc_encrypt on %ld byte blocks for 10 seconds\n",
-		BUFSIZE);
-	alarm(10);
-#else
-	printf("Doing DES_cbc_encrypt %ld times on %ld byte blocks\n",cc,
-		BUFSIZE);
-#endif
-	Time_F(START);
-	for (count=0,run=1; COND(cc); count++)
-		DES_ncbc_encrypt(buf,buf,BUFSIZE,&sch,
-			&key,DES_ENCRYPT);
-	d=Time_F(STOP);
-	printf("%ld DES_cbc_encrypt's of %ld byte blocks in %.2f second\n",
-		count,BUFSIZE,d);
-	c=((double)COUNT(cc)*BUFSIZE)/d;
-
-#ifdef SIGALRM
-	printf("Doing DES_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
-		BUFSIZE);
-	alarm(10);
-#else
-	printf("Doing DES_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
-		BUFSIZE);
-#endif
-	Time_F(START);
-	for (count=0,run=1; COND(cd); count++)
-		DES_ede3_cbc_encrypt(buf,buf,BUFSIZE,
-			&sch,
-			&sch2,
-			&sch3,
-			&key,
-			DES_ENCRYPT);
-	d=Time_F(STOP);
-	printf("%ld DES_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
-		count,BUFSIZE,d);
-	d=((double)COUNT(cd)*BUFSIZE)/d;
-
-#ifdef SIGALRM
-	printf("Doing crypt for 10 seconds\n");
-	alarm(10);
-#else
-	printf("Doing crypt %ld times\n",ce);
-#endif
-	Time_F(START);
-	for (count=0,run=1; COND(ce); count++)
-		crypt("testing1","ef");
-	e=Time_F(STOP);
-	printf("%ld crypts in %.2f second\n",count,e);
-	e=((double)COUNT(ce))/e;
-
-	printf("set_key            per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
-	printf("DES raw ecb bytes  per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
-	printf("DES cbc bytes      per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
-	printf("DES ede cbc bytes  per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
-	printf("crypt              per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
-	exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
-	return(0);
-#endif
-	}
diff --git a/crypto/des/spr.h b/crypto/des/spr.h
deleted file mode 100644
index b91936a5a5..0000000000
--- a/crypto/des/spr.h
+++ /dev/null
@@ -1,204 +0,0 @@
-/* crypto/des/spr.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64]={
-{
-/* nibble 0 */
-0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
-0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
-0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
-0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
-0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
-0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
-0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
-0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
-0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
-0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
-0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
-0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
-0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
-0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
-0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
-0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
-},{
-/* nibble 1 */
-0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
-0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
-0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
-0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
-0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
-0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
-0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
-0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
-0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
-0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
-0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
-0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
-0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
-0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
-0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
-0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
-},{
-/* nibble 2 */
-0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
-0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
-0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
-0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
-0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
-0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
-0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
-0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
-0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
-0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
-0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
-0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
-0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
-0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
-0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
-0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
-},{
-/* nibble 3 */
-0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
-0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
-0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
-0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
-0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
-0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
-0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
-0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
-0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
-0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
-0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
-0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
-0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
-0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
-0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
-0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
-},{
-/* nibble 4 */
-0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
-0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
-0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
-0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
-0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
-0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
-0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
-0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
-0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
-0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
-0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
-0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
-0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
-0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
-0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
-0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
-},{
-/* nibble 5 */
-0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
-0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
-0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
-0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
-0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
-0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
-0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
-0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
-0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
-0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
-0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
-0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
-0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
-0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
-0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
-0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
-},{
-/* nibble 6 */
-0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
-0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
-0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
-0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
-0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
-0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
-0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
-0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
-0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
-0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
-0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
-0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
-0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
-0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
-0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
-0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
-},{
-/* nibble 7 */
-0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
-0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
-0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
-0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
-0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
-0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
-0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
-0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
-0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
-0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
-0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
-0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
-0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
-0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
-0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
-0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
-}};
diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
deleted file mode 100644
index 1077f99d1b..0000000000
--- a/crypto/des/str2key.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/* crypto/des/str2key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/crypto.h>
-#include "des_locl.h"
-
-void DES_string_to_key(const char *str, DES_cblock *key)
-	{
-	DES_key_schedule ks;
-	int i,length;
-	register unsigned char j;
-
-	memset(key,0,8);
-	length=strlen(str);
-#ifdef OLD_STR_TO_KEY
-	for (i=0; i<length; i++)
-		(*key)[i%8]^=(str[i]<<1);
-#else /* MIT COMPATIBLE */
-	for (i=0; i<length; i++)
-		{
-		j=str[i];
-		if ((i%16) < 8)
-			(*key)[i%8]^=(j<<1);
-		else
-			{
-			/* Reverse the bit order 05/05/92 eay */
-			j=((j<<4)&0xf0)|((j>>4)&0x0f);
-			j=((j<<2)&0xcc)|((j>>2)&0x33);
-			j=((j<<1)&0xaa)|((j>>1)&0x55);
-			(*key)[7-(i%8)]^=j;
-			}
-		}
-#endif
-	DES_set_odd_parity(key);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-	if(DES_is_weak_key(key))
-	    (*key)[7] ^= 0xF0;
-	DES_set_key(key,&ks);
-#else
-	DES_set_key_unchecked(key,&ks);
-#endif
-	DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
-	OPENSSL_cleanse(&ks,sizeof(ks));
-	DES_set_odd_parity(key);
-	}
-
-void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
-	{
-	DES_key_schedule ks;
-	int i,length;
-	register unsigned char j;
-
-	memset(key1,0,8);
-	memset(key2,0,8);
-	length=strlen(str);
-#ifdef OLD_STR_TO_KEY
-	if (length <= 8)
-		{
-		for (i=0; i<length; i++)
-			{
-			(*key2)[i]=(*key1)[i]=(str[i]<<1);
-			}
-		}
-	else
-		{
-		for (i=0; i<length; i++)
-			{
-			if ((i/8)&1)
-				(*key2)[i%8]^=(str[i]<<1);
-			else
-				(*key1)[i%8]^=(str[i]<<1);
-			}
-		}
-#else /* MIT COMPATIBLE */
-	for (i=0; i<length; i++)
-		{
-		j=str[i];
-		if ((i%32) < 16)
-			{
-			if ((i%16) < 8)
-				(*key1)[i%8]^=(j<<1);
-			else
-				(*key2)[i%8]^=(j<<1);
-			}
-		else
-			{
-			j=((j<<4)&0xf0)|((j>>4)&0x0f);
-			j=((j<<2)&0xcc)|((j>>2)&0x33);
-			j=((j<<1)&0xaa)|((j>>1)&0x55);
-			if ((i%16) < 8)
-				(*key1)[7-(i%8)]^=j;
-			else
-				(*key2)[7-(i%8)]^=j;
-			}
-		}
-	if (length <= 8) memcpy(key2,key1,8);
-#endif
-	DES_set_odd_parity(key1);
-	DES_set_odd_parity(key2);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-	if(DES_is_weak_key(key1))
-	    (*key1)[7] ^= 0xF0;
-	DES_set_key(key1,&ks);
-#else
-	DES_set_key_unchecked(key1,&ks);
-#endif
-	DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-	if(DES_is_weak_key(key2))
-	    (*key2)[7] ^= 0xF0;
-	DES_set_key(key2,&ks);
-#else
-	DES_set_key_unchecked(key2,&ks);
-#endif
-	DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
-	OPENSSL_cleanse(&ks,sizeof(ks));
-	DES_set_odd_parity(key1);
-	DES_set_odd_parity(key2);
-	}
diff --git a/crypto/des/t/test b/crypto/des/t/test
deleted file mode 100644
index 97acd0552e..0000000000
--- a/crypto/des/t/test
+++ /dev/null
@@ -1,27 +0,0 @@
-#!./perl
-
-BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); }
-
-use DES;
-
-$key='00000000';
-$ks=DES::set_key($key);
-@a=split(//,$ks);
-foreach (@a) { printf "%02x-",ord($_); }
-print "\n";
-
-
-$key=DES::random_key();
-print "($_)\n";
-@a=split(//,$key);
-foreach (@a) { printf "%02x-",ord($_); }
-print "\n";
-$str="this is and again into the breach";
-($k1,$k2)=DES::string_to_2keys($str);
-@a=split(//,$k1);
-foreach (@a) { printf "%02x-",ord($_); }
-print "\n";
-@a=split(//,$k2);
-foreach (@a) { printf "%02x-",ord($_); }
-print "\n";
-
diff --git a/crypto/des/times/486-50.sol b/crypto/des/times/486-50.sol
deleted file mode 100644
index 0de62d6db3..0000000000
--- a/crypto/des/times/486-50.sol
+++ /dev/null
@@ -1,16 +0,0 @@
-Solaris 2.4, 486 50mhz, gcc 2.6.3
-options    des ecb/s
-16 r2 i     43552.51 100.0%
-16 r1 i     43487.45  99.9%
-16  c p     43003.23  98.7%
-16 r2 p     42339.00  97.2%
-16  c i     41900.91  96.2%
-16 r1 p     41360.64  95.0%
- 4  c i     38728.48  88.9%
- 4  c p     38225.63  87.8%
- 4 r1 i     38085.79  87.4%
- 4 r2 i     37825.64  86.9%
- 4 r2 p     34611.00  79.5%
- 4 r1 p     31802.00  73.0%
--DDES_UNROLL -DDES_RISC2
-
diff --git a/crypto/des/times/586-100.lnx b/crypto/des/times/586-100.lnx
deleted file mode 100644
index 4323914a11..0000000000
--- a/crypto/des/times/586-100.lnx
+++ /dev/null
@@ -1,20 +0,0 @@
-Pentium 100
-Linux 2 kernel
-gcc 2.7.0 -O3 -fomit-frame-pointer
-No X server running, just a console, it makes the top speed jump from 151,000
-to 158,000 :-).
-options    des ecb/s
-assember   281000.00 177.1%
-16 r1 p    158667.40 100.0%
-16 r1 i    148471.70  93.6%
-16 r2 p    143961.80  90.7%
-16 r2 i    141689.20  89.3%
- 4 r1 i    140100.00  88.3%
- 4 r2 i    134049.40  84.5%
-16  c i    124145.20  78.2%
-16  c p    121584.20  76.6%
- 4  c i    118116.00  74.4%
- 4 r2 p    117977.90  74.4%
- 4  c p    114971.40  72.5%
- 4 r1 p    114578.40  72.2%
--DDES_UNROLL -DDES_RISC1 -DDES_PTR
diff --git a/crypto/des/times/686-200.fre b/crypto/des/times/686-200.fre
deleted file mode 100644
index 7d83f6adee..0000000000
--- a/crypto/des/times/686-200.fre
+++ /dev/null
@@ -1,18 +0,0 @@
-Pentium 100
-Free BSD 2.1.5 kernel
-gcc 2.7.2.2 -O3 -fomit-frame-pointer
-options    des ecb/s
-assember   578000.00 133.1%
-16 r2 i    434454.80 100.0%
-16 r1 i    433621.43  99.8%
-16 r2 p    431375.69  99.3%
- 4 r1 i    423722.30  97.5%
- 4 r2 i    422399.40  97.2%
-16 r1 p    421739.40  97.1%
-16  c i    399027.94  91.8%
-16  c p    372251.70  85.7%
- 4  c i    365118.35  84.0%
- 4  c p    352880.51  81.2%
- 4 r2 p    255104.90  58.7%
- 4 r1 p    251289.18  57.8%
--DDES_UNROLL -DDES_RISC2
diff --git a/crypto/des/times/aix.cc b/crypto/des/times/aix.cc
deleted file mode 100644
index d96b74e2ce..0000000000
--- a/crypto/des/times/aix.cc
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Paco Garcia <pgarcia@cam.es>
-
-This machine is a Bull Estrella  Minitower Model MT604-100
-Processor        : PPC604 
-P.Speed          : 100Mhz 
-Data/Instr Cache :    16 K
-L2 Cache         :   256 K
-PCI BUS Speed    :    33 Mhz
-TransfRate PCI   :   132 MB/s
-Memory           :    96 MB
-
-options    des ecb/s       
- 4  c p    275118.61 100.0%
- 4  c i    273545.07  99.4%
- 4 r2 p    270441.02  98.3%
- 4 r1 p    253052.15  92.0%
- 4 r2 i    240842.97  87.5%
- 4 r1 i    240556.66  87.4%
-16  c i    224603.99  81.6%
-16  c p    224483.98  81.6%
-16 r2 p    215691.19  78.4%
-16 r1 p    208332.83  75.7%
-16 r1 i    199206.50  72.4%
-16 r2 i    198963.70  72.3%
--DDES_PTR
-
diff --git a/crypto/des/times/alpha.cc b/crypto/des/times/alpha.cc
deleted file mode 100644
index 95c17efae7..0000000000
--- a/crypto/des/times/alpha.cc
+++ /dev/null
@@ -1,18 +0,0 @@
-cc -O2
-DES_LONG is 'unsigned int'
-
-options    des ecb/s
- 4 r2 p    181146.14 100.0%
-16 r2 p    172102.94  95.0%
- 4 r2 i    165424.11  91.3%
-16  c p    160468.64  88.6%
- 4  c p    156653.59  86.5%
- 4  c i    155245.18  85.7%
- 4 r1 p    154729.68  85.4%
-16 r2 i    154137.69  85.1%
-16 r1 p    152357.96  84.1%
-16  c i    148743.91  82.1%
- 4 r1 i    146695.59  81.0%
-16 r1 i    144961.00  80.0%
--DDES_RISC2 -DDES_PTR
-
diff --git a/crypto/des/times/hpux.cc b/crypto/des/times/hpux.cc
deleted file mode 100644
index 3de856ddac..0000000000
--- a/crypto/des/times/hpux.cc
+++ /dev/null
@@ -1,17 +0,0 @@
-HPUX 10 - 9000/887 - cc -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive
-
-options    des ecb/s
-16  c i    149448.90 100.0%
- 4  c i    145861.79  97.6%
-16 r2 i    141710.96  94.8%
-16 r1 i    139455.33  93.3%
- 4 r2 i    138800.00  92.9%
- 4 r1 i    136692.65  91.5%
-16 r2 p    110228.17  73.8%
-16 r1 p    109397.07  73.2%
-16  c p    109209.89  73.1%
- 4  c p    108014.71  72.3%
- 4 r2 p    107873.88  72.2%
- 4 r1 p    107685.83  72.1%
--DDES_UNROLL
-
diff --git a/crypto/des/times/sparc.gcc b/crypto/des/times/sparc.gcc
deleted file mode 100644
index 8eaa042104..0000000000
--- a/crypto/des/times/sparc.gcc
+++ /dev/null
@@ -1,17 +0,0 @@
-solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2
-
-options    des ecb/s
-16  c i    124382.70 100.0%
- 4  c i    118884.68  95.6%
-16  c p    112261.20  90.3%
-16 r2 i    111777.10  89.9%
-16 r2 p    108896.30  87.5%
-16 r1 p    108791.59  87.5%
- 4  c p    107290.10  86.3%
- 4 r1 p    104583.80  84.1%
-16 r1 i    104206.20  83.8%
- 4 r2 p    103709.80  83.4%
- 4 r2 i     98306.43  79.0%
- 4 r1 i     91525.80  73.6%
--DDES_UNROLL
-      
diff --git a/crypto/des/times/usparc.cc b/crypto/des/times/usparc.cc
deleted file mode 100644
index 0864285ef6..0000000000
--- a/crypto/des/times/usparc.cc
+++ /dev/null
@@ -1,31 +0,0 @@
-solaris 2.5.1 usparc 167mhz?? - SC4.0 cc -fast -Xa -xO5
-
-For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts'
-gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s.
-I believe the difference is tied up in optimisation that the compiler
-is able to perform when the code is 'inlined'.  For 'speed', the DES
-routines are being linked from a library.  I'll record the higher
-speed since if performance is everything, you can always inline
-'des_enc.c'.
-
-[ 16-Jan-06 - I've been playing with the
-  '-xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa'
-  and while it makes the des_opts numbers much slower, it makes the
-  actual 'speed' numbers look better which is a realistic version of
-  using the libraries. ]
-
-options    des ecb/s
-16 r1 p    475516.90 100.0%
-16 r2 p    439388.10  92.4%
-16  c i    427001.40  89.8%
-16  c p    419516.50  88.2%
- 4 r2 p    409491.70  86.1%
- 4 r1 p    404266.90  85.0%
- 4  c p    398121.00  83.7%
- 4  c i    370588.40  77.9%
- 4 r1 i    362742.20  76.3%
-16 r2 i    331275.50  69.7%
-16 r1 i    324730.60  68.3%
- 4 r2 i     63535.10  13.4%	<-- very very weird, must be cache problems.
--DDES_UNROLL -DDES_RISC1 -DDES_PTR
-
diff --git a/crypto/des/typemap b/crypto/des/typemap
deleted file mode 100644
index a524f53634..0000000000
--- a/crypto/des/typemap
+++ /dev/null
@@ -1,34 +0,0 @@
-#
-# DES SECTION
-#
-deschar *	T_DESCHARP
-des_cblock *	T_CBLOCK
-des_cblock	T_CBLOCK
-des_key_schedule	T_SCHEDULE
-des_key_schedule *	T_SCHEDULE
-
-INPUT
-T_CBLOCK
-	$var=(des_cblock *)SvPV($arg,len);
-	if (len < DES_KEY_SZ)
-		{
-		croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ);
-		}
-
-T_SCHEDULE
-	$var=(des_key_schedule *)SvPV($arg,len);
-	if (len < DES_SCHEDULE_SZ)
-		{
-		croak(\"$var needs to be at least %u bytes long\",
-			DES_SCHEDULE_SZ);
-		}
-
-OUTPUT
-T_CBLOCK
-	sv_setpvn($arg,(char *)$var,DES_KEY_SZ);
-
-T_SCHEDULE
-	sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ);
-
-T_DESCHARP
-	sv_setpvn($arg,(char *)$var,len);
diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c
deleted file mode 100644
index 058cab6bce..0000000000
--- a/crypto/des/xcbc_enc.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/* crypto/des/xcbc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* RSA's DESX */
-
-#if 0 /* broken code, preserved just in case anyone specifically looks for this */
-static const unsigned char desx_white_in2out[256]={
-0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
-0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
-0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36,
-0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C,
-0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60,
-0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA,
-0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E,
-0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF,
-0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6,
-0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3,
-0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C,
-0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2,
-0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5,
-0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5,
-0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F,
-0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,
-	};
-
-void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
-	     DES_cblock *out_white)
-	{
-	int out0,out1;
-	int i;
-	const unsigned char *key = &(*des_key)[0];
-	const unsigned char *in = &(*in_white)[0];
-	unsigned char *out = &(*out_white)[0];
-
-	out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0;
-	out0=out1=0;
-	for (i=0; i<8; i++)
-		{
-		out[i]=key[i]^desx_white_in2out[out0^out1];
-		out0=out1;
-		out1=(int)out[i&0x07];
-		}
-
-	out0=out[0];
-	out1=out[i]; /* BUG: out-of-bounds read */
-	for (i=0; i<8; i++)
-		{
-		out[i]=in[i]^desx_white_in2out[out0^out1];
-		out0=out1;
-		out1=(int)out[i&0x07];
-		}
-	}
-#endif
-
-void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
-		      long length, DES_key_schedule *schedule,
-		      DES_cblock *ivec, const_DES_cblock *inw,
-		      const_DES_cblock *outw, int enc)
-	{
-	register DES_LONG tin0,tin1;
-	register DES_LONG tout0,tout1,xor0,xor1;
-	register DES_LONG inW0,inW1,outW0,outW1;
-	register const unsigned char *in2;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *iv;
-
-	in2 = &(*inw)[0];
-	c2l(in2,inW0);
-	c2l(in2,inW1);
-	in2 = &(*outw)[0];
-	c2l(in2,outW0);
-	c2l(in2,outW1);
-
-	iv = &(*ivec)[0];
-
-	if (enc)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0^inW0; tin[0]=tin0;
-			tin1^=tout1^inW1; tin[1]=tin1;
-			DES_encrypt1(tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]^outW0; l2c(tout0,out);
-			tout1=tin[1]^outW1; l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0^inW0; tin[0]=tin0;
-			tin1^=tout1^inW1; tin[1]=tin1;
-			DES_encrypt1(tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]^outW0; l2c(tout0,out);
-			tout1=tin[1]^outW1; l2c(tout1,out);
-			}
-		iv = &(*ivec)[0];
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-		}
-	else
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (l-=8; l>0; l-=8)
-			{
-			c2l(in,tin0); tin[0]=tin0^outW0;
-			c2l(in,tin1); tin[1]=tin1^outW1;
-			DES_encrypt1(tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0^inW0;
-			tout1=tin[1]^xor1^inW1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0); tin[0]=tin0^outW0;
-			c2l(in,tin1); tin[1]=tin1^outW1;
-			DES_encrypt1(tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0^inW0;
-			tout1=tin[1]^xor1^inW1;
-			l2cn(tout0,tout1,out,l+8);
-			xor0=tin0;
-			xor1=tin1;
-			}
-
-		iv = &(*ivec)[0];
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	inW0=inW1=outW0=outW1=0;
-	tin[0]=tin[1]=0;
-	}
-
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
deleted file mode 100644
index ea59e610ef..0000000000
--- a/crypto/dh/dh.h
+++ /dev/null
@@ -1,280 +0,0 @@
-/* crypto/dh/dh.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DH_H
-#define HEADER_DH_H
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_DH
-#error DH is disabled.
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-	
-#ifndef OPENSSL_DH_MAX_MODULUS_BITS
-# define OPENSSL_DH_MAX_MODULUS_BITS	10000
-#endif
-
-#define DH_FLAG_CACHE_MONT_P     0x01
-#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
-                                       * implementation now uses constant time
-                                       * modular exponentiation for secret exponents
-                                       * by default. This flag causes the
-                                       * faster variable sliding window method to
-                                       * be used for all exponents.
-                                       */
-
-/* If this flag is set the DH method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-
-#define DH_FLAG_FIPS_METHOD			0x0400
-
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-#define DH_FLAG_NON_FIPS_ALLOW			0x0400
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct dh_st DH; */
-/* typedef struct dh_method DH_METHOD; */
-
-struct dh_method
-	{
-	const char *name;
-	/* Methods here */
-	int (*generate_key)(DH *dh);
-	int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-	int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
-				const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-				BN_MONT_CTX *m_ctx); /* Can be null */
-
-	int (*init)(DH *dh);
-	int (*finish)(DH *dh);
-	int flags;
-	char *app_data;
-	/* If this is non-NULL, it will be used to generate parameters */
-	int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
-	};
-
-struct dh_st
-	{
-	/* This first argument is used to pick up errors when
-	 * a DH is passed instead of a EVP_PKEY */
-	int pad;
-	int version;
-	BIGNUM *p;
-	BIGNUM *g;
-	long length; /* optional */
-	BIGNUM *pub_key;	/* g^x */
-	BIGNUM *priv_key;	/* x */
-
-	int flags;
-	BN_MONT_CTX *method_mont_p;
-	/* Place holders if we want to do X9.42 DH */
-	BIGNUM *q;
-	BIGNUM *j;
-	unsigned char *seed;
-	int seedlen;
-	BIGNUM *counter;
-
-	int references;
-	CRYPTO_EX_DATA ex_data;
-	const DH_METHOD *meth;
-	ENGINE *engine;
-	};
-
-#define DH_GENERATOR_2		2
-/* #define DH_GENERATOR_3	3 */
-#define DH_GENERATOR_5		5
-
-/* DH_check error codes */
-#define DH_CHECK_P_NOT_PRIME		0x01
-#define DH_CHECK_P_NOT_SAFE_PRIME	0x02
-#define DH_UNABLE_TO_CHECK_GENERATOR	0x04
-#define DH_NOT_SUITABLE_GENERATOR	0x08
-
-/* DH_check_pub_key error codes */
-#define DH_CHECK_PUBKEY_TOO_SMALL	0x01
-#define DH_CHECK_PUBKEY_TOO_LARGE	0x02
-
-/* primes p where (p-1)/2 is prime too are called "safe"; we define
-   this for backward compatibility: */
-#define DH_CHECK_P_NOT_STRONG_PRIME	DH_CHECK_P_NOT_SAFE_PRIME
-
-#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
-		(char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
-#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
-		(unsigned char *)(x))
-#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
-
-DH *DHparams_dup(DH *);
-
-const DH_METHOD *DH_OpenSSL(void);
-
-void DH_set_default_method(const DH_METHOD *meth);
-const DH_METHOD *DH_get_default_method(void);
-int DH_set_method(DH *dh, const DH_METHOD *meth);
-DH *DH_new_method(ENGINE *engine);
-
-DH *	DH_new(void);
-void	DH_free(DH *dh);
-int	DH_up_ref(DH *dh);
-int	DH_size(const DH *dh);
-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int DH_set_ex_data(DH *d, int idx, void *arg);
-void *DH_get_ex_data(DH *d, int idx);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-DH *	DH_generate_parameters(int prime_len,int generator,
-		void (*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int	DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
-
-int	DH_check(const DH *dh,int *codes);
-int	DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
-int	DH_generate_key(DH *dh);
-int	DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-DH *	d2i_DHparams(DH **a,const unsigned char **pp, long length);
-int	i2d_DHparams(const DH *a,unsigned char **pp);
-#ifndef OPENSSL_NO_FP_API
-int	DHparams_print_fp(FILE *fp, const DH *x);
-#endif
-#ifndef OPENSSL_NO_BIO
-int	DHparams_print(BIO *bp, const DH *x);
-#else
-int	DHparams_print(char *bp, const DH *x);
-#endif
-
-#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-			EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
-
-#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-			EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
-
-#define	EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN	(EVP_PKEY_ALG_CTRL + 1)
-#define	EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR	(EVP_PKEY_ALG_CTRL + 2)
-		
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DH_strings(void);
-
-/* Error codes for the DH functions. */
-
-/* Function codes. */
-#define DH_F_COMPUTE_KEY				 102
-#define DH_F_DHPARAMS_PRINT_FP				 101
-#define DH_F_DH_BUILTIN_GENPARAMS			 106
-#define DH_F_DH_COMPUTE_KEY				 114
-#define DH_F_DH_GENERATE_KEY				 115
-#define DH_F_DH_GENERATE_PARAMETERS_EX			 116
-#define DH_F_DH_NEW_METHOD				 105
-#define DH_F_DH_PARAM_DECODE				 107
-#define DH_F_DH_PRIV_DECODE				 110
-#define DH_F_DH_PRIV_ENCODE				 111
-#define DH_F_DH_PUB_DECODE				 108
-#define DH_F_DH_PUB_ENCODE				 109
-#define DH_F_DO_DH_PRINT				 100
-#define DH_F_GENERATE_KEY				 103
-#define DH_F_GENERATE_PARAMETERS			 104
-#define DH_F_PKEY_DH_DERIVE				 112
-#define DH_F_PKEY_DH_KEYGEN				 113
-
-/* Reason codes. */
-#define DH_R_BAD_GENERATOR				 101
-#define DH_R_BN_DECODE_ERROR				 109
-#define DH_R_BN_ERROR					 106
-#define DH_R_DECODE_ERROR				 104
-#define DH_R_INVALID_PUBKEY				 102
-#define DH_R_KEYS_NOT_SET				 108
-#define DH_R_KEY_SIZE_TOO_SMALL				 110
-#define DH_R_MODULUS_TOO_LARGE				 103
-#define DH_R_NON_FIPS_METHOD				 111
-#define DH_R_NO_PARAMETERS_SET				 107
-#define DH_R_NO_PRIVATE_VALUE				 100
-#define DH_R_PARAMETER_ENCODING_ERROR			 105
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/dh/dh1024.pem b/crypto/dh/dh1024.pem
deleted file mode 100644
index 81d43f6a3e..0000000000
--- a/crypto/dh/dh1024.pem
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
-/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
-/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
------END DH PARAMETERS-----
diff --git a/crypto/dh/dh192.pem b/crypto/dh/dh192.pem
deleted file mode 100644
index 521c07271d..0000000000
--- a/crypto/dh/dh192.pem
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN DH PARAMETERS-----
-MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM=
------END DH PARAMETERS-----
diff --git a/crypto/dh/dh2048.pem b/crypto/dh/dh2048.pem
deleted file mode 100644
index 295460f508..0000000000
--- a/crypto/dh/dh2048.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o
-AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh
-z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo
-pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW
-aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA
-Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==
------END DH PARAMETERS-----
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5
-8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F
-SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt
-gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok
-yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N
-a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg==
------END DH PARAMETERS-----
diff --git a/crypto/dh/dh4096.pem b/crypto/dh/dh4096.pem
deleted file mode 100644
index 390943a21d..0000000000
--- a/crypto/dh/dh4096.pem
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7
-vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H
-TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF
-bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1
-rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE
-EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9
-bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3
-W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH
-ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb
-NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR
-jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=
------END DH PARAMETERS-----
-
diff --git a/crypto/dh/dh512.pem b/crypto/dh/dh512.pem
deleted file mode 100644
index 0a4d863ebe..0000000000
--- a/crypto/dh/dh512.pem
+++ /dev/null
@@ -1,4 +0,0 @@
------BEGIN DH PARAMETERS-----
-MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
-a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
------END DH PARAMETERS-----
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
deleted file mode 100644
index 02ec2d47b4..0000000000
--- a/crypto/dh/dh_ameth.c
+++ /dev/null
@@ -1,501 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/dh.h>
-#include <openssl/bn.h>
-#include "asn1_locl.h"
-
-static void int_dh_free(EVP_PKEY *pkey)
-	{
-	DH_free(pkey->pkey.dh);
-	}
-
-static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
-	{
-	const unsigned char *p, *pm;
-	int pklen, pmlen;
-	int ptype;
-	void *pval;
-	ASN1_STRING *pstr;
-	X509_ALGOR *palg;
-	ASN1_INTEGER *public_key = NULL;
-
-	DH *dh = NULL;
-
-	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
-		return 0;
-	X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
-	if (ptype != V_ASN1_SEQUENCE)
-		{
-		DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
-		goto err;
-		}
-
-	pstr = pval;	
-	pm = pstr->data;
-	pmlen = pstr->length;
-
-	if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
-		{
-		DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
-		goto err;
-		}
-
-	if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
-		{
-		DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
-		goto err;
-		}
-
-	/* We have parameters now set public key */
-	if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
-		{
-		DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
-		goto err;
-		}
-
-	ASN1_INTEGER_free(public_key);
-	EVP_PKEY_assign_DH(pkey, dh);
-	return 1;
-
-	err:
-	if (public_key)
-		ASN1_INTEGER_free(public_key);
-	if (dh)
-		DH_free(dh);
-	return 0;
-
-	}
-
-static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
-	{
-	DH *dh;
-	void *pval = NULL;
-	int ptype;
-	unsigned char *penc = NULL;
-	int penclen;
-	ASN1_STRING *str;
-	ASN1_INTEGER *pub_key = NULL;
-
-	dh=pkey->pkey.dh;
-
-	str = ASN1_STRING_new();
-	str->length = i2d_DHparams(dh, &str->data);
-	if (str->length <= 0)
-		{
-		DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	pval = str;
-	ptype = V_ASN1_SEQUENCE;
-
-	pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
-	if (!pub_key)
-		goto err;
-
-	penclen = i2d_ASN1_INTEGER(pub_key, &penc);
-
-	ASN1_INTEGER_free(pub_key);
-
-	if (penclen <= 0)
-		{
-		DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH),
-				ptype, pval, penc, penclen))
-		return 1;
-
-	err:
-	if (penc)
-		OPENSSL_free(penc);
-	if (pval)
-		ASN1_STRING_free(pval);
-
-	return 0;
-	}
-
-
-/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
- * that the AlgorithmIdentifier contains the paramaters, the private key
- * is explcitly included and the pubkey must be recalculated.
- */
-	
-static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
-	{
-	const unsigned char *p, *pm;
-	int pklen, pmlen;
-	int ptype;
-	void *pval;
-	ASN1_STRING *pstr;
-	X509_ALGOR *palg;
-	ASN1_INTEGER *privkey = NULL;
-
-	DH *dh = NULL;
-
-	if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
-		return 0;
-
-	X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
-	if (ptype != V_ASN1_SEQUENCE)
-			goto decerr;
-
-	if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
-		goto decerr;
-
-
-	pstr = pval;	
-	pm = pstr->data;
-	pmlen = pstr->length;
-	if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
-		goto decerr;
-	/* We have parameters now set private key */
-	if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
-		{
-		DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR);
-		goto dherr;
-		}
-	/* Calculate public key */
-	if (!DH_generate_key(dh))
-		goto dherr;
-
-	EVP_PKEY_assign_DH(pkey, dh);
-
-	ASN1_INTEGER_free(privkey);
-
-	return 1;
-
-	decerr:
-	DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
-	dherr:
-	DH_free(dh);
-	return 0;
-	}
-
-static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
-{
-	ASN1_STRING *params = NULL;
-	ASN1_INTEGER *prkey = NULL;
-	unsigned char *dp = NULL;
-	int dplen;
-
-	params = ASN1_STRING_new();
-
-	if (!params)
-		{
-		DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
-	if (params->length <= 0)
-		{
-		DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	params->type = V_ASN1_SEQUENCE;
-
-	/* Get private key into integer */
-	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
-
-	if (!prkey)
-		{
-		DHerr(DH_F_DH_PRIV_ENCODE,DH_R_BN_ERROR);
-		goto err;
-		}
-
-	dplen = i2d_ASN1_INTEGER(prkey, &dp);
-
-	ASN1_INTEGER_free(prkey);
-
-	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0,
-				V_ASN1_SEQUENCE, params, dp, dplen))
-		goto err;
-
-	return 1;
-
-err:
-	if (dp != NULL)
-		OPENSSL_free(dp);
-	if (params != NULL)
-		ASN1_STRING_free(params);
-	if (prkey != NULL)
-		ASN1_INTEGER_free(prkey);
-	return 0;
-}
-
-
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
-	{
-	size_t i;
-	if (!b)
-		return;
-	if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
-			*pbuflen = i;
-	}
-
-static int dh_param_decode(EVP_PKEY *pkey,
-					const unsigned char **pder, int derlen)
-	{
-	DH *dh;
-	if (!(dh = d2i_DHparams(NULL, pder, derlen)))
-		{
-		DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
-		return 0;
-		}
-	EVP_PKEY_assign_DH(pkey, dh);
-	return 1;
-	}
-
-static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
-	{
-	return i2d_DHparams(pkey->pkey.dh, pder);
-	}
-
-static int do_dh_print(BIO *bp, const DH *x, int indent,
-						ASN1_PCTX *ctx, int ptype)
-	{
-	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,ret=0;
-	size_t buf_len=0;
-
-	const char *ktype = NULL;
-
-	BIGNUM *priv_key, *pub_key;
-
-	if (ptype == 2)
-		priv_key = x->priv_key;
-	else
-		priv_key = NULL;
-
-	if (ptype > 0)
-		pub_key = x->pub_key;
-	else
-		pub_key = NULL;
-
-	update_buflen(x->p, &buf_len);
-
-	if (buf_len == 0)
-		{
-		reason = ERR_R_PASSED_NULL_PARAMETER;
-		goto err;
-		}
-
-	update_buflen(x->g, &buf_len);
-	update_buflen(pub_key, &buf_len);
-	update_buflen(priv_key, &buf_len);
-
-	if (ptype == 2)
-		ktype = "PKCS#3 DH Private-Key";
-	else if (ptype == 1)
-		ktype = "PKCS#3 DH Public-Key";
-	else
-		ktype = "PKCS#3 DH Parameters";
-
-	m= OPENSSL_malloc(buf_len+10);
-	if (m == NULL)
-		{
-		reason=ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-
-	BIO_indent(bp, indent, 128);
-	if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
-		goto err;
-	indent += 4;
-
-	if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err;
-	if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err;
-
-	if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err;
-	if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err;
-	if (x->length != 0)
-		{
-		BIO_indent(bp, indent, 128);
-		if (BIO_printf(bp,"recommended-private-length: %d bits\n",
-			(int)x->length) <= 0) goto err;
-		}
-
-
-	ret=1;
-	if (0)
-		{
-err:
-		DHerr(DH_F_DO_DH_PRINT,reason);
-		}
-	if (m != NULL) OPENSSL_free(m);
-	return(ret);
-	}
-
-static int int_dh_size(const EVP_PKEY *pkey)
-	{
-	return(DH_size(pkey->pkey.dh));
-	}
-
-static int dh_bits(const EVP_PKEY *pkey)
-	{
-	return BN_num_bits(pkey->pkey.dh->p);
-	}
-
-static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
-	{
-	if (	BN_cmp(a->pkey.dh->p,b->pkey.dh->p) ||
-		BN_cmp(a->pkey.dh->g,b->pkey.dh->g))
-		return 0;
-	else
-		return 1;
-	}
-
-static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
-	{
-	BIGNUM *a;
-
-	if ((a=BN_dup(from->pkey.dh->p)) == NULL)
-		return 0;
-	if (to->pkey.dh->p != NULL)
-		BN_free(to->pkey.dh->p);
-	to->pkey.dh->p=a;
-
-	if ((a=BN_dup(from->pkey.dh->g)) == NULL)
-		return 0;
-	if (to->pkey.dh->g != NULL)
-		BN_free(to->pkey.dh->g);
-	to->pkey.dh->g=a;
-
-	return 1;
-	}
-
-static int dh_missing_parameters(const EVP_PKEY *a)
-	{
-	if (!a->pkey.dh->p || !a->pkey.dh->g)
-		return 1;
-	return 0;
-	}
-
-static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-	{
-	if (dh_cmp_parameters(a, b) == 0)
-		return 0;
-	if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0)
-		return 0;
-	else
-		return 1;
-	}
-
-static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *ctx)
-	{
-	return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
-	}
-
-static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *ctx)
-	{
-	return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
-	}
-
-static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *ctx)
-	{
-	return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
-	}
-
-int DHparams_print(BIO *bp, const DH *x)
-	{
-	return do_dh_print(bp, x, 4, NULL, 0);
-	}
-
-const EVP_PKEY_ASN1_METHOD dh_asn1_meth = 
-	{
-	EVP_PKEY_DH,
-	EVP_PKEY_DH,
-	0,
-
-	"DH",
-	"OpenSSL PKCS#3 DH method",
-
-	dh_pub_decode,
-	dh_pub_encode,
-	dh_pub_cmp,
-	dh_public_print,
-
-	dh_priv_decode,
-	dh_priv_encode,
-	dh_private_print,
-
-	int_dh_size,
-	dh_bits,
-
-	dh_param_decode,
-	dh_param_encode,
-	dh_missing_parameters,
-	dh_copy_parameters,
-	dh_cmp_parameters,
-	dh_param_print,
-	0,
-
-	int_dh_free,
-	0
-	};
-
diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
deleted file mode 100644
index 0b4357d605..0000000000
--- a/crypto/dh/dh_asn1.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/* dh_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/objects.h>
-#include <openssl/asn1t.h>
-
-/* Override the default free and new methods */
-static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-						void *exarg)
-{
-	if(operation == ASN1_OP_NEW_PRE) {
-		*pval = (ASN1_VALUE *)DH_new();
-		if(*pval) return 2;
-		return 0;
-	} else if(operation == ASN1_OP_FREE_PRE) {
-		DH_free((DH *)*pval);
-		*pval = NULL;
-		return 2;
-	}
-	return 1;
-}
-
-ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
-	ASN1_SIMPLE(DH, p, BIGNUM),
-	ASN1_SIMPLE(DH, g, BIGNUM),
-	ASN1_OPT(DH, length, ZLONG),
-} ASN1_SEQUENCE_END_cb(DH, DHparams)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
-
-DH *DHparams_dup(DH *dh)
-	{
-	return ASN1_item_dup(ASN1_ITEM_rptr(DHparams), dh);
-	}
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
deleted file mode 100644
index 066898174e..0000000000
--- a/crypto/dh/dh_check.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/* crypto/dh/dh_check.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-/* Check that p is a safe prime and
- * if g is 2, 3 or 5, check that it is a suitable generator
- * where
- * for 2, p mod 24 == 11
- * for 3, p mod 12 == 5
- * for 5, p mod 10 == 3 or 7
- * should hold.
- */
-
-int DH_check(const DH *dh, int *ret)
-	{
-	int ok=0;
-	BN_CTX *ctx=NULL;
-	BN_ULONG l;
-	BIGNUM *q=NULL;
-
-	*ret=0;
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-	q=BN_new();
-	if (q == NULL) goto err;
-
-	if (BN_is_word(dh->g,DH_GENERATOR_2))
-		{
-		l=BN_mod_word(dh->p,24);
-		if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
-		}
-#if 0
-	else if (BN_is_word(dh->g,DH_GENERATOR_3))
-		{
-		l=BN_mod_word(dh->p,12);
-		if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
-		}
-#endif
-	else if (BN_is_word(dh->g,DH_GENERATOR_5))
-		{
-		l=BN_mod_word(dh->p,10);
-		if ((l != 3) && (l != 7))
-			*ret|=DH_NOT_SUITABLE_GENERATOR;
-		}
-	else
-		*ret|=DH_UNABLE_TO_CHECK_GENERATOR;
-
-	if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
-		*ret|=DH_CHECK_P_NOT_PRIME;
-	else
-		{
-		if (!BN_rshift1(q,dh->p)) goto err;
-		if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
-			*ret|=DH_CHECK_P_NOT_SAFE_PRIME;
-		}
-	ok=1;
-err:
-	if (ctx != NULL) BN_CTX_free(ctx);
-	if (q != NULL) BN_free(q);
-	return(ok);
-	}
-
-int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
-	{
-	int ok=0;
-	BIGNUM *q=NULL;
-
-	*ret=0;
-	q=BN_new();
-	if (q == NULL) goto err;
-	BN_set_word(q,1);
-	if (BN_cmp(pub_key,q)<=0)
-		*ret|=DH_CHECK_PUBKEY_TOO_SMALL;
-	BN_copy(q,dh->p);
-	BN_sub_word(q,1);
-	if (BN_cmp(pub_key,q)>=0)
-		*ret|=DH_CHECK_PUBKEY_TOO_LARGE;
-
-	ok = 1;
-err:
-	if (q != NULL) BN_free(q);
-	return(ok);
-	}
diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c
deleted file mode 100644
index acc05f252c..0000000000
--- a/crypto/dh/dh_depr.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/* crypto/dh/dh_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-/* This file contains deprecated functions as wrappers to the new ones */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-static void *dummy=&dummy;
-
-#ifndef OPENSSL_NO_DEPRECATED
-DH *DH_generate_parameters(int prime_len, int generator,
-	     void (*callback)(int,int,void *), void *cb_arg)
-	{
-	BN_GENCB cb;
-	DH *ret=NULL;
-
-	if((ret=DH_new()) == NULL)
-		return NULL;
-
-	BN_GENCB_set_old(&cb, callback, cb_arg);
-
-	if(DH_generate_parameters_ex(ret, prime_len, generator, &cb))
-		return ret;
-	DH_free(ret);
-	return NULL;
-	}
-#endif
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
deleted file mode 100644
index 56d3df7356..0000000000
--- a/crypto/dh/dh_err.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/dh/dh_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/dh.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
-
-static ERR_STRING_DATA DH_str_functs[]=
-	{
-{ERR_FUNC(DH_F_COMPUTE_KEY),	"COMPUTE_KEY"},
-{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),	"DHparams_print_fp"},
-{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS),	"DH_BUILTIN_GENPARAMS"},
-{ERR_FUNC(DH_F_DH_COMPUTE_KEY),	"DH_compute_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_KEY),	"DH_generate_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX),	"DH_generate_parameters_ex"},
-{ERR_FUNC(DH_F_DH_NEW_METHOD),	"DH_new_method"},
-{ERR_FUNC(DH_F_DH_PARAM_DECODE),	"DH_PARAM_DECODE"},
-{ERR_FUNC(DH_F_DH_PRIV_DECODE),	"DH_PRIV_DECODE"},
-{ERR_FUNC(DH_F_DH_PRIV_ENCODE),	"DH_PRIV_ENCODE"},
-{ERR_FUNC(DH_F_DH_PUB_DECODE),	"DH_PUB_DECODE"},
-{ERR_FUNC(DH_F_DH_PUB_ENCODE),	"DH_PUB_ENCODE"},
-{ERR_FUNC(DH_F_DO_DH_PRINT),	"DO_DH_PRINT"},
-{ERR_FUNC(DH_F_GENERATE_KEY),	"GENERATE_KEY"},
-{ERR_FUNC(DH_F_GENERATE_PARAMETERS),	"GENERATE_PARAMETERS"},
-{ERR_FUNC(DH_F_PKEY_DH_DERIVE),	"PKEY_DH_DERIVE"},
-{ERR_FUNC(DH_F_PKEY_DH_KEYGEN),	"PKEY_DH_KEYGEN"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA DH_str_reasons[]=
-	{
-{ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
-{ERR_REASON(DH_R_BN_DECODE_ERROR)        ,"bn decode error"},
-{ERR_REASON(DH_R_BN_ERROR)               ,"bn error"},
-{ERR_REASON(DH_R_DECODE_ERROR)           ,"decode error"},
-{ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
-{ERR_REASON(DH_R_KEYS_NOT_SET)           ,"keys not set"},
-{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL)     ,"key size too small"},
-{ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
-{ERR_REASON(DH_R_NON_FIPS_METHOD)        ,"non fips method"},
-{ERR_REASON(DH_R_NO_PARAMETERS_SET)      ,"no parameters set"},
-{ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
-{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_DH_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(DH_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,DH_str_functs);
-		ERR_load_strings(0,DH_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
deleted file mode 100644
index 7b1fe9c9cb..0000000000
--- a/crypto/dh/dh_gen.c
+++ /dev/null
@@ -1,192 +0,0 @@
-/* crypto/dh/dh_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* NB: These functions have been upgraded - the previous prototypes are in
- * dh_depr.c as wrappers to these ones.
- *  - Geoff
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
-
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
-			&& !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
-		{
-		DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
-		return 0;
-		}
-#endif
-	if(ret->meth->generate_params)
-		return ret->meth->generate_params(ret, prime_len, generator, cb);
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		return FIPS_dh_generate_parameters_ex(ret, prime_len,
-							generator, cb);
-#endif
-	return dh_builtin_genparams(ret, prime_len, generator, cb);
-	}
-
-/* We generate DH parameters as follows
- * find a prime q which is prime_len/2 bits long.
- * p=(2*q)+1 or (p-1)/2 = q
- * For this case, g is a generator if
- * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
- * Since the factors of p-1 are q and 2, we just need to check
- * g^2 mod p != 1 and g^q mod p != 1.
- *
- * Having said all that,
- * there is another special case method for the generators 2, 3 and 5.
- * for 2, p mod 24 == 11
- * for 3, p mod 12 == 5  <<<<< does not work for safe primes.
- * for 5, p mod 10 == 3 or 7
- *
- * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
- * special generators and for answering some of my questions.
- *
- * I've implemented the second simple method :-).
- * Since DH should be using a safe prime (both p and q are prime),
- * this generator function can take a very very long time to run.
- */
-/* Actually there is no reason to insist that 'generator' be a generator.
- * It's just as OK (and in some sense better) to use a generator of the
- * order-q subgroup.
- */
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
-	{
-	BIGNUM *t1,*t2;
-	int g,ok= -1;
-	BN_CTX *ctx=NULL;
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-	BN_CTX_start(ctx);
-	t1 = BN_CTX_get(ctx);
-	t2 = BN_CTX_get(ctx);
-	if (t1 == NULL || t2 == NULL) goto err;
-
-	/* Make sure 'ret' has the necessary elements */
-	if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
-	if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
-	
-	if (generator <= 1)
-		{
-		DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
-		goto err;
-		}
-	if (generator == DH_GENERATOR_2)
-		{
-		if (!BN_set_word(t1,24)) goto err;
-		if (!BN_set_word(t2,11)) goto err;
-		g=2;
-		}
-#if 0 /* does not work for safe primes */
-	else if (generator == DH_GENERATOR_3)
-		{
-		if (!BN_set_word(t1,12)) goto err;
-		if (!BN_set_word(t2,5)) goto err;
-		g=3;
-		}
-#endif
-	else if (generator == DH_GENERATOR_5)
-		{
-		if (!BN_set_word(t1,10)) goto err;
-		if (!BN_set_word(t2,3)) goto err;
-		/* BN_set_word(t3,7); just have to miss
-		 * out on these ones :-( */
-		g=5;
-		}
-	else
-		{
-		/* in the general case, don't worry if 'generator' is a
-		 * generator or not: since we are using safe primes,
-		 * it will generate either an order-q or an order-2q group,
-		 * which both is OK */
-		if (!BN_set_word(t1,2)) goto err;
-		if (!BN_set_word(t2,1)) goto err;
-		g=generator;
-		}
-	
-	if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
-	if(!BN_GENCB_call(cb, 3, 0)) goto err;
-	if (!BN_set_word(ret->g,g)) goto err;
-	ok=1;
-err:
-	if (ok == -1)
-		{
-		DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
-		ok=0;
-		}
-
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	return ok;
-	}
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
deleted file mode 100644
index 89a74db4e6..0000000000
--- a/crypto/dh/dh_key.c
+++ /dev/null
@@ -1,292 +0,0 @@
-/* crypto/dh/dh_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/dh.h>
-
-static int generate_key(DH *dh);
-static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
-			const BIGNUM *a, const BIGNUM *p,
-			const BIGNUM *m, BN_CTX *ctx,
-			BN_MONT_CTX *m_ctx);
-static int dh_init(DH *dh);
-static int dh_finish(DH *dh);
-
-int DH_generate_key(DH *dh)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-			&& !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-		{
-		DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
-		return 0;
-		}
-#endif
-	return dh->meth->generate_key(dh);
-	}
-
-int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
-			&& !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
-		{
-		DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
-		return 0;
-		}
-#endif
-	return dh->meth->compute_key(key, pub_key, dh);
-	}
-
-static DH_METHOD dh_ossl = {
-"OpenSSL DH Method",
-generate_key,
-compute_key,
-dh_bn_mod_exp,
-dh_init,
-dh_finish,
-0,
-NULL,
-NULL
-};
-
-const DH_METHOD *DH_OpenSSL(void)
-{
-	return &dh_ossl;
-}
-
-static int generate_key(DH *dh)
-	{
-	int ok=0;
-	int generate_new_key=0;
-	unsigned l;
-	BN_CTX *ctx;
-	BN_MONT_CTX *mont=NULL;
-	BIGNUM *pub_key=NULL,*priv_key=NULL;
-
-	ctx = BN_CTX_new();
-	if (ctx == NULL) goto err;
-
-	if (dh->priv_key == NULL)
-		{
-		priv_key=BN_new();
-		if (priv_key == NULL) goto err;
-		generate_new_key=1;
-		}
-	else
-		priv_key=dh->priv_key;
-
-	if (dh->pub_key == NULL)
-		{
-		pub_key=BN_new();
-		if (pub_key == NULL) goto err;
-		}
-	else
-		pub_key=dh->pub_key;
-
-
-	if (dh->flags & DH_FLAG_CACHE_MONT_P)
-		{
-		mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
-				CRYPTO_LOCK_DH, dh->p, ctx);
-		if (!mont)
-			goto err;
-		}
-
-	if (generate_new_key)
-		{
-		if (dh->q)
-			{
-			do
-				{
-				if (!BN_rand_range(priv_key, dh->q))
-					goto err;
-				}
-			while (BN_is_zero(priv_key) || BN_is_one(priv_key));
-			}
-		else
-			{
-			/* secret exponent length */
-			l = dh->length ? dh->length : BN_num_bits(dh->p)-1;
-			if (!BN_rand(priv_key, l, 0, 0)) goto err;
-			}
-		}
-
-	{
-		BIGNUM local_prk;
-		BIGNUM *prk;
-
-		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
-			{
-			BN_init(&local_prk);
-			prk = &local_prk;
-			BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-			}
-		else
-			prk = priv_key;
-
-		if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
-	}
-		
-	dh->pub_key=pub_key;
-	dh->priv_key=priv_key;
-	ok=1;
-err:
-	if (ok != 1)
-		DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
-
-	if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
-	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
-	BN_CTX_free(ctx);
-	return(ok);
-	}
-
-static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-	{
-	BN_CTX *ctx=NULL;
-	BN_MONT_CTX *mont=NULL;
-	BIGNUM *tmp;
-	int ret= -1;
-        int check_result;
-
-	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
-		{
-		DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
-		goto err;
-		}
-
-	ctx = BN_CTX_new();
-	if (ctx == NULL) goto err;
-	BN_CTX_start(ctx);
-	tmp = BN_CTX_get(ctx);
-	
-	if (dh->priv_key == NULL)
-		{
-		DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
-		goto err;
-		}
-
-	if (dh->flags & DH_FLAG_CACHE_MONT_P)
-		{
-		mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
-				CRYPTO_LOCK_DH, dh->p, ctx);
-		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
-			{
-			/* XXX */
-			BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
-			}
-		if (!mont)
-			goto err;
-		}
-
-        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
-		{
-		DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
-		goto err;
-		}
-
-	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
-		{
-		DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
-		goto err;
-		}
-
-	ret=BN_bn2bin(tmp,key);
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	return(ret);
-	}
-
-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
-			const BIGNUM *a, const BIGNUM *p,
-			const BIGNUM *m, BN_CTX *ctx,
-			BN_MONT_CTX *m_ctx)
-	{
-	/* If a is only one word long and constant time is false, use the faster
-	 * exponenentiation function.
-	 */
-	if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
-		{
-		BN_ULONG A = a->d[0];
-		return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
-		}
-	else
-		return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
-	}
-
-
-static int dh_init(DH *dh)
-	{
-	dh->flags |= DH_FLAG_CACHE_MONT_P;
-	return(1);
-	}
-
-static int dh_finish(DH *dh)
-	{
-	if(dh->method_mont_p)
-		BN_MONT_CTX_free(dh->method_mont_p);
-	return(1);
-	}
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
deleted file mode 100644
index 00218f2b92..0000000000
--- a/crypto/dh/dh_lib.c
+++ /dev/null
@@ -1,260 +0,0 @@
-/* crypto/dh/dh_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
-
-static const DH_METHOD *default_DH_method = NULL;
-
-void DH_set_default_method(const DH_METHOD *meth)
-	{
-	default_DH_method = meth;
-	}
-
-const DH_METHOD *DH_get_default_method(void)
-	{
-	if(!default_DH_method)
-		{
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return FIPS_dh_openssl();
-		else
-			return DH_OpenSSL();
-#else
-		default_DH_method = DH_OpenSSL();
-#endif
-		}
-	return default_DH_method;
-	}
-
-int DH_set_method(DH *dh, const DH_METHOD *meth)
-	{
-	/* NB: The caller is specifically setting a method, so it's not up to us
-	 * to deal with which ENGINE it comes from. */
-        const DH_METHOD *mtmp;
-        mtmp = dh->meth;
-        if (mtmp->finish) mtmp->finish(dh);
-#ifndef OPENSSL_NO_ENGINE
-	if (dh->engine)
-		{
-		ENGINE_finish(dh->engine);
-		dh->engine = NULL;
-		}
-#endif
-        dh->meth = meth;
-        if (meth->init) meth->init(dh);
-        return 1;
-	}
-
-DH *DH_new(void)
-	{
-	return DH_new_method(NULL);
-	}
-
-DH *DH_new_method(ENGINE *engine)
-	{
-	DH *ret;
-
-	ret=(DH *)OPENSSL_malloc(sizeof(DH));
-	if (ret == NULL)
-		{
-		DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-
-	ret->meth = DH_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
-	if (engine)
-		{
-		if (!ENGINE_init(engine))
-			{
-			DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		ret->engine = engine;
-		}
-	else
-		ret->engine = ENGINE_get_default_DH();
-	if(ret->engine)
-		{
-		ret->meth = ENGINE_get_DH(ret->engine);
-		if(!ret->meth)
-			{
-			DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
-			ENGINE_finish(ret->engine);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		}
-#endif
-
-	ret->pad=0;
-	ret->version=0;
-	ret->p=NULL;
-	ret->g=NULL;
-	ret->length=0;
-	ret->pub_key=NULL;
-	ret->priv_key=NULL;
-	ret->q=NULL;
-	ret->j=NULL;
-	ret->seed = NULL;
-	ret->seedlen = 0;
-	ret->counter = NULL;
-	ret->method_mont_p=NULL;
-	ret->references = 1;
-	ret->flags=ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-		{
-#ifndef OPENSSL_NO_ENGINE
-		if (ret->engine)
-			ENGINE_finish(ret->engine);
-#endif
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
-
-void DH_free(DH *r)
-	{
-	int i;
-	if(r == NULL) return;
-	i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
-#ifdef REF_PRINT
-	REF_PRINT("DH",r);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"DH_free, bad reference count\n");
-		abort();
-	}
-#endif
-
-	if (r->meth->finish)
-		r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-	if (r->engine)
-		ENGINE_finish(r->engine);
-#endif
-
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
-
-	if (r->p != NULL) BN_clear_free(r->p);
-	if (r->g != NULL) BN_clear_free(r->g);
-	if (r->q != NULL) BN_clear_free(r->q);
-	if (r->j != NULL) BN_clear_free(r->j);
-	if (r->seed) OPENSSL_free(r->seed);
-	if (r->counter != NULL) BN_clear_free(r->counter);
-	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
-	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
-	OPENSSL_free(r);
-	}
-
-int DH_up_ref(DH *r)
-	{
-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
-#ifdef REF_PRINT
-	REF_PRINT("DH",r);
-#endif
-#ifdef REF_CHECK
-	if (i < 2)
-		{
-		fprintf(stderr, "DH_up, bad reference count\n");
-		abort();
-		}
-#endif
-	return ((i > 1) ? 1 : 0);
-	}
-
-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
-				new_func, dup_func, free_func);
-        }
-
-int DH_set_ex_data(DH *d, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
-	}
-
-void *DH_get_ex_data(DH *d, int idx)
-	{
-	return(CRYPTO_get_ex_data(&d->ex_data,idx));
-	}
-
-int DH_size(const DH *dh)
-	{
-	return(BN_num_bytes(dh->p));
-	}
diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
deleted file mode 100644
index 5ae72b7d4c..0000000000
--- a/crypto/dh/dh_pmeth.c
+++ /dev/null
@@ -1,254 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-#include <openssl/dh.h>
-#include <openssl/bn.h>
-#include "evp_locl.h"
-
-/* DH pkey context structure */
-
-typedef struct
-	{
-	/* Parameter gen parameters */
-	int prime_len;
-	int generator;
-	int use_dsa;
-	/* Keygen callback info */
-	int gentmp[2];
-	/* message digest */
-	} DH_PKEY_CTX;
-
-static int pkey_dh_init(EVP_PKEY_CTX *ctx)
-	{
-	DH_PKEY_CTX *dctx;
-	dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX));
-	if (!dctx)
-		return 0;
-	dctx->prime_len = 1024;
-	dctx->generator = 2;
-	dctx->use_dsa = 0;
-
-	ctx->data = dctx;
-	ctx->keygen_info = dctx->gentmp;
-	ctx->keygen_info_count = 2;
-	
-	return 1;
-	}
-
-static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-	{
-	DH_PKEY_CTX *dctx, *sctx;
-	if (!pkey_dh_init(dst))
-		return 0;
-       	sctx = src->data;
-	dctx = dst->data;
-	dctx->prime_len = sctx->prime_len;
-	dctx->generator = sctx->generator;
-	dctx->use_dsa = sctx->use_dsa;
-	return 1;
-	}
-
-static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
-	{
-	DH_PKEY_CTX *dctx = ctx->data;
-	if (dctx)
-		OPENSSL_free(dctx);
-	}
-
-static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-	{
-	DH_PKEY_CTX *dctx = ctx->data;
-	switch (type)
-		{
-		case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
-		if (p1 < 256)
-			return -2;
-		dctx->prime_len = p1;
-		return 1;
-
-		case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
-		dctx->generator = p1;
-		return 1;
-
-		case EVP_PKEY_CTRL_PEER_KEY:
-		/* Default behaviour is OK */
-		return 1;
-
-		default:
-		return -2;
-
-		}
-	}
-
-			
-static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
-			const char *type, const char *value)
-	{
-	if (!strcmp(type, "dh_paramgen_prime_len"))
-		{
-		int len;
-		len = atoi(value);
-		return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
-		}
-	if (!strcmp(type, "dh_paramgen_generator"))
-		{
-		int len;
-		len = atoi(value);
-		return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
-		}
-	return -2;
-	}
-
-static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-	{
-	DH *dh = NULL;
-	DH_PKEY_CTX *dctx = ctx->data;
-	BN_GENCB *pcb, cb;
-	int ret;
-	if (ctx->pkey_gencb)
-		{
-		pcb = &cb;
-		evp_pkey_set_cb_translate(pcb, ctx);
-		}
-	else
-		pcb = NULL;
-	dh = DH_new();
-	if (!dh)
-		return 0;
-	ret = DH_generate_parameters_ex(dh,
-					dctx->prime_len, dctx->generator, pcb);
-	if (ret)
-		EVP_PKEY_assign_DH(pkey, dh);
-	else
-		DH_free(dh);
-	return ret;
-	}
-
-static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-	{
-	DH *dh = NULL;
-	if (ctx->pkey == NULL)
-		{
-		DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
-		return 0;
-		}
-	dh = DH_new();
-	if (!dh)
-		return 0;
-	EVP_PKEY_assign_DH(pkey, dh);
-	/* Note: if error return, pkey is freed by parent routine */
-	if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
-		return 0;
-	return DH_generate_key(pkey->pkey.dh);
-	}
-
-static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
-	{
-	int ret;
-	if (!ctx->pkey || !ctx->peerkey)
-		{
-		DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
-		return 0;
-		}
-	ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key,
-							ctx->pkey->pkey.dh);
-	if (ret < 0)
-		return ret;
-	*keylen = ret;
-	return 1;
-	}
-
-const EVP_PKEY_METHOD dh_pkey_meth = 
-	{
-	EVP_PKEY_DH,
-	EVP_PKEY_FLAG_AUTOARGLEN,
-	pkey_dh_init,
-	pkey_dh_copy,
-	pkey_dh_cleanup,
-
-	0,
-	pkey_dh_paramgen,
-
-	0,
-	pkey_dh_keygen,
-
-	0,
-	0,
-
-	0,
-	0,
-
-	0,0,
-
-	0,0,0,0,
-
-	0,0,
-
-	0,0,
-
-	0,
-	pkey_dh_derive,
-
-	pkey_dh_ctrl,
-	pkey_dh_ctrl_str
-
-	};
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
deleted file mode 100644
index 882f5c310a..0000000000
--- a/crypto/dh/dhtest.c
+++ /dev/null
@@ -1,226 +0,0 @@
-/* crypto/dh/dhtest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-
-#ifdef OPENSSL_NO_DH
-int main(int argc, char *argv[])
-{
-    printf("No DH support\n");
-    return(0);
-}
-#else
-#include <openssl/dh.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define MS_CALLBACK	_far _loadds
-#else
-#define MS_CALLBACK
-#endif
-
-static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg);
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int main(int argc, char *argv[])
-	{
-	BN_GENCB _cb;
-	DH *a;
-	DH *b=NULL;
-	char buf[12];
-	unsigned char *abuf=NULL,*bbuf=NULL;
-	int i,alen,blen,aout,bout,ret=1;
-	BIO *out;
-
-	CRYPTO_malloc_debug_init();
-	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-#ifdef OPENSSL_SYS_WIN32
-	CRYPTO_malloc_init();
-#endif
-
-	RAND_seed(rnd_seed, sizeof rnd_seed);
-
-	out=BIO_new(BIO_s_file());
-	if (out == NULL) EXIT(1);
-	BIO_set_fp(out,stdout,BIO_NOCLOSE);
-
-	BN_GENCB_set(&_cb, &cb, out);
-	if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
-				DH_GENERATOR_5, &_cb))
-		goto err;
-
-	if (!DH_check(a, &i)) goto err;
-	if (i & DH_CHECK_P_NOT_PRIME)
-		BIO_puts(out, "p value is not prime\n");
-	if (i & DH_CHECK_P_NOT_SAFE_PRIME)
-		BIO_puts(out, "p value is not a safe prime\n");
-	if (i & DH_UNABLE_TO_CHECK_GENERATOR)
-		BIO_puts(out, "unable to check the generator value\n");
-	if (i & DH_NOT_SUITABLE_GENERATOR)
-		BIO_puts(out, "the g value is not a generator\n");
-
-	BIO_puts(out,"\np    =");
-	BN_print(out,a->p);
-	BIO_puts(out,"\ng    =");
-	BN_print(out,a->g);
-	BIO_puts(out,"\n");
-
-	b=DH_new();
-	if (b == NULL) goto err;
-
-	b->p=BN_dup(a->p);
-	b->g=BN_dup(a->g);
-	if ((b->p == NULL) || (b->g == NULL)) goto err;
-
-	/* Set a to run with normal modexp and b to use constant time */
-	a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
-	b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
-
-	if (!DH_generate_key(a)) goto err;
-	BIO_puts(out,"pri 1=");
-	BN_print(out,a->priv_key);
-	BIO_puts(out,"\npub 1=");
-	BN_print(out,a->pub_key);
-	BIO_puts(out,"\n");
-
-	if (!DH_generate_key(b)) goto err;
-	BIO_puts(out,"pri 2=");
-	BN_print(out,b->priv_key);
-	BIO_puts(out,"\npub 2=");
-	BN_print(out,b->pub_key);
-	BIO_puts(out,"\n");
-
-	alen=DH_size(a);
-	abuf=(unsigned char *)OPENSSL_malloc(alen);
-	aout=DH_compute_key(abuf,b->pub_key,a);
-
-	BIO_puts(out,"key1 =");
-	for (i=0; i<aout; i++)
-		{
-		sprintf(buf,"%02X",abuf[i]);
-		BIO_puts(out,buf);
-		}
-	BIO_puts(out,"\n");
-
-	blen=DH_size(b);
-	bbuf=(unsigned char *)OPENSSL_malloc(blen);
-	bout=DH_compute_key(bbuf,a->pub_key,b);
-
-	BIO_puts(out,"key2 =");
-	for (i=0; i<bout; i++)
-		{
-		sprintf(buf,"%02X",bbuf[i]);
-		BIO_puts(out,buf);
-		}
-	BIO_puts(out,"\n");
-	if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
-		{
-		fprintf(stderr,"Error in DH routines\n");
-		ret=1;
-		}
-	else
-		ret=0;
-err:
-	ERR_print_errors_fp(stderr);
-
-	if (abuf != NULL) OPENSSL_free(abuf);
-	if (bbuf != NULL) OPENSSL_free(bbuf);
-	if(b != NULL) DH_free(b);
-	if(a != NULL) DH_free(a);
-	BIO_free(out);
-#ifdef OPENSSL_SYS_NETWARE
-    if (ret) printf("ERROR: %d\n", ret);
-#endif
-	EXIT(ret);
-	return(ret);
-	}
-
-static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg)
-	{
-	char c='*';
-
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	BIO_write(arg->arg,&c,1);
-	(void)BIO_flush(arg->arg);
-#ifdef LINT
-	p=n;
-#endif
-	return 1;
-	}
-#endif
diff --git a/crypto/dh/example b/crypto/dh/example
deleted file mode 100644
index 16a33d2910..0000000000
--- a/crypto/dh/example
+++ /dev/null
@@ -1,50 +0,0 @@
-From owner-cypherpunks@toad.com Mon Sep 25 10:50:51 1995
-Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562
-  (5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000
-Received: by minbne.mincom.oz.au id AA19958
-  (5.65c/IDA-1.4.4 for eay@orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000
-Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP);
-          Wed, 27 Sep 1995 19:13:05 +1000
-Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156;
-          Wed, 27 Sep 1995 04:48:46 -0400
-Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT
-Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT
-Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14]) 
-          by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442 
-          for <cypherpunks@toad.com>; Mon, 25 Sep 1995 17:52:47 -0700
-Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1) 
-          id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
-Date: Mon, 25 Sep 1995 17:50:51 -0700
-From: Phil Karn <karn@qualcomm.com>
-Message-Id: <199509260050.RAA14732@servo.qualcomm.com>
-To: cypherpunks@toad.com, ipsec-dev@eit.com
-Subject: Primality verification needed
-Sender: owner-cypherpunks@toad.com
-Precedence: bulk
-Status: RO
-X-Status: 
-
-Hi. I've generated a 2047-bit "strong" prime number that I would like to
-use with Diffie-Hellman key exchange. I assert that not only is this number
-'p' prime, but so is (p-1)/2.
-
-I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
-1.3.2 to test this number. This function uses the Miller-Rabin primality test.
-However, to increase my confidence that this number really is a strong prime,
-I'd like to ask others to confirm it with other tests. Here's the number in hex:
-
-72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
-fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
-a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
-fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
-3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
-ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
-56a05180c3bec7ddd5ef6fe76b1f717b
-
-The generator, g, for this prime is 2.
-
-Thanks!
-
-Phil Karn
-
-
diff --git a/crypto/dh/generate b/crypto/dh/generate
deleted file mode 100644
index 5d407231df..0000000000
--- a/crypto/dh/generate
+++ /dev/null
@@ -1,65 +0,0 @@
-From: stewarts@ix.netcom.com (Bill Stewart)
-Newsgroups: sci.crypt
-Subject: Re: Diffie-Hellman key exchange
-Date: Wed, 11 Oct 1995 23:08:28 GMT
-Organization: Freelance Information Architect
-Lines: 32
-Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com>
-References: <458rhn$76m$1@mhadf.production.compuserve.com>
-NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
-X-NETCOM-Date: Wed Oct 11  4:09:22 PM PDT 1995
-X-Newsreader: Forte Free Agent 1.0.82
-
-Kent Briggs <72124.3234@CompuServe.COM> wrote:
-
->I have a copy of the 1976 IEEE article describing the
->Diffie-Hellman public key exchange algorithm: y=a^x mod q.  I'm
->looking for sources that give examples of secure a,q pairs and
->possible some source code that I could examine.
-
-q should be prime, and ideally should be a "strong prime",
-which means it's of the form 2n+1 where n is also prime.
-q also needs to be long enough to prevent the attacks LaMacchia and
-Odlyzko described (some variant on a factoring attack which generates
-a large pile of simultaneous equations and then solves them);
-long enough is about the same size as factoring, so 512 bits may not
-be secure enough for most applications.  (The 192 bits used by
-"secure NFS" was certainly not long enough.)
-
-a should be a generator for q, which means it needs to be
-relatively prime to q-1.   Usually a small prime like 2, 3 or 5 will
-work.  
-
-....
-
-Date: Tue, 26 Sep 1995 13:52:36 MST
-From: "Richard Schroeppel" <rcs@cs.arizona.edu>
-To: karn
-Cc: ho@cs.arizona.edu
-Subject: random large primes
-
-Since your prime is really random, proving it is hard.
-My personal limit on rigorously proved primes is ~350 digits.
-If you really want a proof, we should talk to Francois Morain,
-or the Australian group.
-
-If you want 2 to be a generator (mod P), then you need it
-to be a non-square.  If (P-1)/2 is also prime, then
-non-square == primitive-root for bases << P.
-
-In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
-If you want this, you should restrict your sieve accordingly.
-
-3 is a generator iff P = 5 (mod 12).
-
-5 is a generator iff P = 3 or 7 (mod 10).
-
-2 is perfectly usable as a base even if it's a non-generator, since
-it still covers half the space of possible residues.  And an
-eavesdropper can always determine the low-bit of your exponent for
-a generator anyway.
-
-Rich  rcs@cs.arizona.edu
-
-
-
diff --git a/crypto/dh/p1024.c b/crypto/dh/p1024.c
deleted file mode 100644
index 368ceca4eb..0000000000
--- a/crypto/dh/p1024.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/* crypto/dh/p1024.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/asn1.h>
-#include <openssl/dh.h>
-#include <openssl/pem.h>
-
-unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
-	0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
-	0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8,
-	0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF,
-	0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9,
-	0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78,
-	0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E,
-	0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6,
-	0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B,
-	0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89,
-	0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19,
-	0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03,
-	0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B,
-	0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21,
-	0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE,
-	0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB,
-	};
-
-main()
-	{
-	DH *dh;
-
-	dh=DH_new();
-	dh->p=BN_bin2bn(data,sizeof(data),NULL);
-	dh->g=BN_new();
-	BN_set_word(dh->g,2);
-	PEM_write_DHparams(stdout,dh);
-	}
diff --git a/crypto/dh/p192.c b/crypto/dh/p192.c
deleted file mode 100644
index 7bdf40410e..0000000000
--- a/crypto/dh/p192.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* crypto/dh/p192.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/asn1.h>
-#include <openssl/dh.h>
-#include <openssl/pem.h>
-
-unsigned char data[]={
-0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
-0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76,
-0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B,
-	};
-
-main()
-	{
-	DH *dh;
-
-	dh=DH_new();
-	dh->p=BN_bin2bn(data,sizeof(data),NULL);
-	dh->g=BN_new();
-	BN_set_word(dh->g,3);
-	PEM_write_DHparams(stdout,dh);
-	}
diff --git a/crypto/dh/p512.c b/crypto/dh/p512.c
deleted file mode 100644
index a9b6aa83f0..0000000000
--- a/crypto/dh/p512.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/* crypto/dh/p512.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/asn1.h>
-#include <openssl/dh.h>
-#include <openssl/pem.h>
-
-unsigned char data[]={
-0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,
-0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92,
-0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
-0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,
-0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29,
-0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
-0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,
-0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33,
-	};
-
-main()
-	{
-	DH *dh;
-
-	dh=DH_new();
-	dh->p=BN_bin2bn(data,sizeof(data),NULL);
-	dh->g=BN_new();
-	BN_set_word(dh->g,2);
-	PEM_write_DHparams(stdout,dh);
-	}
diff --git a/crypto/dsa/README b/crypto/dsa/README
deleted file mode 100644
index 6a7e9c170a..0000000000
--- a/crypto/dsa/README
+++ /dev/null
@@ -1,4 +0,0 @@
-The stuff in here is based on patches supplied to me by
-Steven Schoch <schoch@sheba.arc.nasa.gov> to do DSS.
-I have since modified a them a little but a debt of gratitude
-is due for doing the initial work.
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
deleted file mode 100644
index 7531c65345..0000000000
--- a/crypto/dsa/dsa.h
+++ /dev/null
@@ -1,333 +0,0 @@
-/* crypto/dsa/dsa.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * The DSS routines are based on patches supplied by
- * Steven Schoch <schoch@sheba.arc.nasa.gov>.  He basically did the
- * work and I have just tweaked them a little to fit into my
- * stylistic vision for SSLeay :-) */
-
-#ifndef HEADER_DSA_H
-#define HEADER_DSA_H
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_DSA
-#error DSA is disabled.
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/crypto.h>
-#include <openssl/ossl_typ.h>
-
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#endif
-
-#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
-# define OPENSSL_DSA_MAX_MODULUS_BITS	10000
-#endif
-
-#define DSA_FLAG_CACHE_MONT_P	0x01
-#define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
-                                              * implementation now uses constant time
-                                              * modular exponentiation for secret exponents
-                                              * by default. This flag causes the
-                                              * faster variable sliding window method to
-                                              * be used for all exponents.
-                                              */
-#define DSA_FLAG_NONCE_FROM_HASH	0x04 /* Causes the DSA nonce to be calculated
-						from SHA512(private_key + H(message) +
-						random). This strengthens DSA against a
-						weak PRNG. */
-
-/* If this flag is set the DSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-
-#define DSA_FLAG_FIPS_METHOD			0x0400
-
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-#define DSA_FLAG_NON_FIPS_ALLOW			0x0400
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct dsa_st DSA; */
-/* typedef struct dsa_method DSA_METHOD; */
-
-typedef struct DSA_SIG_st
-	{
-	BIGNUM *r;
-	BIGNUM *s;
-	} DSA_SIG;
-
-struct dsa_method
-	{
-	const char *name;
-	DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
-	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in,
-			      BIGNUM **kinvp, BIGNUM **rp,
-			      const unsigned char *dgst, int dlen);
-	int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
-			     DSA_SIG *sig, DSA *dsa);
-	int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-			BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-			BN_MONT_CTX *in_mont);
-	int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-				const BIGNUM *m, BN_CTX *ctx,
-				BN_MONT_CTX *m_ctx); /* Can be null */
-	int (*init)(DSA *dsa);
-	int (*finish)(DSA *dsa);
-	int flags;
-	char *app_data;
-	/* If this is non-NULL, it is used to generate DSA parameters */
-	int (*dsa_paramgen)(DSA *dsa, int bits,
-			const unsigned char *seed, int seed_len,
-			int *counter_ret, unsigned long *h_ret,
-			BN_GENCB *cb);
-	/* If this is non-NULL, it is used to generate DSA keys */
-	int (*dsa_keygen)(DSA *dsa);
-	};
-
-struct dsa_st
-	{
-	/* This first variable is used to pick up errors where
-	 * a DSA is passed instead of of a EVP_PKEY */
-	int pad;
-	long version;
-	int write_params;
-	BIGNUM *p;
-	BIGNUM *q;	/* == 20 */
-	BIGNUM *g;
-
-	BIGNUM *pub_key;  /* y public key */
-	BIGNUM *priv_key; /* x private key */
-
-	BIGNUM *kinv;	/* Signing pre-calc */
-	BIGNUM *r;	/* Signing pre-calc */
-
-	int flags;
-	/* Normally used to cache montgomery values */
-	BN_MONT_CTX *method_mont_p;
-	int references;
-	CRYPTO_EX_DATA ex_data;
-	const DSA_METHOD *meth;
-	/* functional reference if 'meth' is ENGINE-provided */
-	ENGINE *engine;
-	};
-
-#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
-		(char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
-#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
-		(unsigned char *)(x))
-#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
-#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
-
-
-DSA *DSAparams_dup(DSA *x);
-DSA_SIG * DSA_SIG_new(void);
-void	DSA_SIG_free(DSA_SIG *a);
-int	i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
-DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
-
-DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
-int	DSA_do_verify(const unsigned char *dgst,int dgst_len,
-		      DSA_SIG *sig,DSA *dsa);
-
-const DSA_METHOD *DSA_OpenSSL(void);
-
-void	DSA_set_default_method(const DSA_METHOD *);
-const DSA_METHOD *DSA_get_default_method(void);
-int	DSA_set_method(DSA *dsa, const DSA_METHOD *);
-
-DSA *	DSA_new(void);
-DSA *	DSA_new_method(ENGINE *engine);
-void	DSA_free (DSA *r);
-/* "up" the DSA object's reference count */
-int	DSA_up_ref(DSA *r);
-int	DSA_size(const DSA *);
-	/* next 4 return -1 on error */
-int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
-int	DSA_sign(int type,const unsigned char *dgst,int dlen,
-		unsigned char *sig, unsigned int *siglen, DSA *dsa);
-int	DSA_verify(int type,const unsigned char *dgst,int dgst_len,
-		const unsigned char *sigbuf, int siglen, DSA *dsa);
-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int DSA_set_ex_data(DSA *d, int idx, void *arg);
-void *DSA_get_ex_data(DSA *d, int idx);
-
-DSA *	d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
-DSA *	d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
-DSA * 	d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-DSA *	DSA_generate_parameters(int bits,
-		unsigned char *seed,int seed_len,
-		int *counter_ret, unsigned long *h_ret,void
-		(*callback)(int, int, void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int	DSA_generate_parameters_ex(DSA *dsa, int bits,
-		const unsigned char *seed,int seed_len,
-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-
-int	DSA_generate_key(DSA *a);
-int	i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
-int 	i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
-int	i2d_DSAparams(const DSA *a,unsigned char **pp);
-
-#ifndef OPENSSL_NO_BIO
-int	DSAparams_print(BIO *bp, const DSA *x);
-int	DSA_print(BIO *bp, const DSA *x, int off);
-#endif
-#ifndef OPENSSL_NO_FP_API
-int	DSAparams_print_fp(FILE *fp, const DSA *x);
-int	DSA_print_fp(FILE *bp, const DSA *x, int off);
-#endif
-
-#define DSS_prime_checks 50
-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
- * 50 rounds of Rabin-Miller */
-#define DSA_is_prime(n, callback, cb_arg) \
-	BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
-
-#ifndef OPENSSL_NO_DH
-/* Convert DSA structure (key or just parameters) into DH structure
- * (be careful to avoid small subgroup attacks when using this!) */
-DH *DSA_dup_DH(const DSA *r);
-#endif
-
-#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
-				EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
-
-#define	EVP_PKEY_CTRL_DSA_PARAMGEN_BITS		(EVP_PKEY_ALG_CTRL + 1)
-#define	EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS	(EVP_PKEY_ALG_CTRL + 2)
-#define	EVP_PKEY_CTRL_DSA_PARAMGEN_MD		(EVP_PKEY_ALG_CTRL + 3)
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DSA_strings(void);
-
-/* Error codes for the DSA functions. */
-
-/* Function codes. */
-#define DSA_F_D2I_DSA_SIG				 110
-#define DSA_F_DO_DSA_PRINT				 104
-#define DSA_F_DSAPARAMS_PRINT				 100
-#define DSA_F_DSAPARAMS_PRINT_FP			 101
-#define DSA_F_DSA_DO_SIGN				 112
-#define DSA_F_DSA_DO_VERIFY				 113
-#define DSA_F_DSA_GENERATE_KEY				 124
-#define DSA_F_DSA_GENERATE_PARAMETERS_EX		 123
-#define DSA_F_DSA_NEW_METHOD				 103
-#define DSA_F_DSA_PARAM_DECODE				 119
-#define DSA_F_DSA_PRINT_FP				 105
-#define DSA_F_DSA_PRIV_DECODE				 115
-#define DSA_F_DSA_PRIV_ENCODE				 116
-#define DSA_F_DSA_PUB_DECODE				 117
-#define DSA_F_DSA_PUB_ENCODE				 118
-#define DSA_F_DSA_SIGN					 106
-#define DSA_F_DSA_SIGN_SETUP				 107
-#define DSA_F_DSA_SIG_NEW				 109
-#define DSA_F_DSA_SIG_PRINT				 125
-#define DSA_F_DSA_VERIFY				 108
-#define DSA_F_I2D_DSA_SIG				 111
-#define DSA_F_OLD_DSA_PRIV_DECODE			 122
-#define DSA_F_PKEY_DSA_CTRL				 120
-#define DSA_F_PKEY_DSA_KEYGEN				 121
-#define DSA_F_SIG_CB					 114
-
-/* Reason codes. */
-#define DSA_R_BAD_Q_VALUE				 102
-#define DSA_R_BN_DECODE_ERROR				 108
-#define DSA_R_BN_ERROR					 109
-#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
-#define DSA_R_DECODE_ERROR				 104
-#define DSA_R_INVALID_DIGEST_TYPE			 106
-#define DSA_R_MISSING_PARAMETERS			 101
-#define DSA_R_MODULUS_TOO_LARGE				 103
-#define DSA_R_NEED_NEW_SETUP_VALUES			 110
-#define DSA_R_NONCE_CANNOT_BE_PRECOMPUTED		 112
-#define DSA_R_NON_FIPS_DSA_METHOD			 111
-#define DSA_R_NO_PARAMETERS_SET				 107
-#define DSA_R_PARAMETER_ENCODING_ERROR			 105
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
deleted file mode 100644
index 5af76eade5..0000000000
--- a/crypto/dsa/dsa_ameth.c
+++ /dev/null
@@ -1,709 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/dsa.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_CMS
-#include <openssl/cms.h>
-#endif
-#include "asn1_locl.h"
-
-static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
-	{
-	const unsigned char *p, *pm;
-	int pklen, pmlen;
-	int ptype;
-	void *pval;
-	ASN1_STRING *pstr;
-	X509_ALGOR *palg;
-	ASN1_INTEGER *public_key = NULL;
-
-	DSA *dsa = NULL;
-
-	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
-		return 0;
-	X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
-
-	if (ptype == V_ASN1_SEQUENCE)
-		{
-		pstr = pval;	
-		pm = pstr->data;
-		pmlen = pstr->length;
-
-		if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
-			{
-			DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
-			goto err;
-			}
-
-		}
-	else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF))
-		{
-		if (!(dsa = DSA_new()))
-			{
-			DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	else
-		{
-		DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
-		goto err;
-		}
-
-	if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
-		{
-		DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
-		goto err;
-		}
-
-	if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
-		{
-		DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
-		goto err;
-		}
-
-	ASN1_INTEGER_free(public_key);
-	EVP_PKEY_assign_DSA(pkey, dsa);
-	return 1;
-
-	err:
-	if (public_key)
-		ASN1_INTEGER_free(public_key);
-	if (dsa)
-		DSA_free(dsa);
-	return 0;
-
-	}
-
-static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
-	{
-	DSA *dsa;
-	void *pval = NULL;
-	int ptype;
-	unsigned char *penc = NULL;
-	int penclen;
-
-	dsa=pkey->pkey.dsa;
-	if (pkey->save_parameters && dsa->p && dsa->q && dsa->g)
-		{
-		ASN1_STRING *str;
-		str = ASN1_STRING_new();
-		str->length = i2d_DSAparams(dsa, &str->data);
-		if (str->length <= 0)
-			{
-			DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		pval = str;
-		ptype = V_ASN1_SEQUENCE;
-		}
-	else
-		ptype = V_ASN1_UNDEF;
-
-	dsa->write_params=0;
-
-	penclen = i2d_DSAPublicKey(dsa, &penc);
-
-	if (penclen <= 0)
-		{
-		DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
-				ptype, pval, penc, penclen))
-		return 1;
-
-	err:
-	if (penc)
-		OPENSSL_free(penc);
-	if (pval)
-		ASN1_STRING_free(pval);
-
-	return 0;
-	}
-
-/* In PKCS#8 DSA: you just get a private key integer and parameters in the
- * AlgorithmIdentifier the pubkey must be recalculated.
- */
-	
-static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
-	{
-	const unsigned char *p, *pm;
-	int pklen, pmlen;
-	int ptype;
-	void *pval;
-	ASN1_STRING *pstr;
-	X509_ALGOR *palg;
-	ASN1_INTEGER *privkey = NULL;
-	BN_CTX *ctx = NULL;
-
-	STACK_OF(ASN1_TYPE) *ndsa = NULL;
-	DSA *dsa = NULL;
-
-	if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
-		return 0;
-	X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
-	/* Check for broken DSA PKCS#8, UGH! */
-	if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
-		{
-		ASN1_TYPE *t1, *t2;
-	    	if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
-			goto decerr;
-		if (sk_ASN1_TYPE_num(ndsa) != 2)
-			goto decerr;
-		/* Handle Two broken types:
-	    	 * SEQUENCE {parameters, priv_key}
-		 * SEQUENCE {pub_key, priv_key}
-		 */
-
-		t1 = sk_ASN1_TYPE_value(ndsa, 0);
-		t2 = sk_ASN1_TYPE_value(ndsa, 1);
-		if (t1->type == V_ASN1_SEQUENCE)
-			{
-			p8->broken = PKCS8_EMBEDDED_PARAM;
-			pval = t1->value.ptr;
-			}
-		else if (ptype == V_ASN1_SEQUENCE)
-			p8->broken = PKCS8_NS_DB;
-		else
-			goto decerr;
-
-		if (t2->type != V_ASN1_INTEGER)
-			goto decerr;
-
-		privkey = t2->value.integer;
-		}
-	else
-		{
-		const unsigned char *q = p;
-		if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
-			goto decerr;
-		if (privkey->type == V_ASN1_NEG_INTEGER)
-			{
-			p8->broken = PKCS8_NEG_PRIVKEY;
-			ASN1_INTEGER_free(privkey);
-			if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen)))
-				goto decerr;
-			}
-		if (ptype != V_ASN1_SEQUENCE)
-			goto decerr;
-		}
-
-	pstr = pval;	
-	pm = pstr->data;
-	pmlen = pstr->length;
-	if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
-		goto decerr;
-	/* We have parameters now set private key */
-	if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
-		{
-		DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
-		goto dsaerr;
-		}
-	/* Calculate public key */
-	if (!(dsa->pub_key = BN_new()))
-		{
-		DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
-		goto dsaerr;
-		}
-	if (!(ctx = BN_CTX_new()))
-		{
-		DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
-		goto dsaerr;
-		}
-			
-	if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
-		{
-		DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
-		goto dsaerr;
-		}
-
-	EVP_PKEY_assign_DSA(pkey, dsa);
-	BN_CTX_free (ctx);
-	if(ndsa)
-		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-	else
-		ASN1_INTEGER_free(privkey);
-
-	return 1;
-
-	decerr:
-	DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
-	dsaerr:
-	BN_CTX_free (ctx);
-	if (privkey)
-		ASN1_INTEGER_free(privkey);
-	sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-	DSA_free(dsa);
-	return 0;
-	}
-
-static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
-{
-	ASN1_STRING *params = NULL;
-	ASN1_INTEGER *prkey = NULL;
-	unsigned char *dp = NULL;
-	int dplen;
-
-	if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key)
-		{
-		DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_MISSING_PARAMETERS);
-		goto err;
-		}
-
-	params = ASN1_STRING_new();
-
-	if (!params)
-		{
-		DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
-	if (params->length <= 0)
-		{
-		DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	params->type = V_ASN1_SEQUENCE;
-
-	/* Get private key into integer */
-	prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
-
-	if (!prkey)
-		{
-		DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR);
-		goto err;
-		}
-
-	dplen = i2d_ASN1_INTEGER(prkey, &dp);
-
-	ASN1_INTEGER_free(prkey);
-
-	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
-				V_ASN1_SEQUENCE, params, dp, dplen))
-		goto err;
-
-	return 1;
-
-err:
-	if (dp != NULL)
-		OPENSSL_free(dp);
-	if (params != NULL)
-		ASN1_STRING_free(params);
-	if (prkey != NULL)
-		ASN1_INTEGER_free(prkey);
-	return 0;
-}
-
-static int int_dsa_size(const EVP_PKEY *pkey)
-	{
-	return(DSA_size(pkey->pkey.dsa));
-	}
-
-static int dsa_bits(const EVP_PKEY *pkey)
-	{
-	return BN_num_bits(pkey->pkey.dsa->p);
-	}
-
-static int dsa_missing_parameters(const EVP_PKEY *pkey)
-	{
-	DSA *dsa;
-	dsa=pkey->pkey.dsa;
-	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
-			return 1;
-	return 0;
-	}
-
-static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
-	{
-	BIGNUM *a;
-
-	if ((a=BN_dup(from->pkey.dsa->p)) == NULL)
-		return 0;
-	if (to->pkey.dsa->p != NULL)
-		BN_free(to->pkey.dsa->p);
-	to->pkey.dsa->p=a;
-
-	if ((a=BN_dup(from->pkey.dsa->q)) == NULL)
-		return 0;
-	if (to->pkey.dsa->q != NULL)
-		BN_free(to->pkey.dsa->q);
-	to->pkey.dsa->q=a;
-
-	if ((a=BN_dup(from->pkey.dsa->g)) == NULL)
-		return 0;
-	if (to->pkey.dsa->g != NULL)
-		BN_free(to->pkey.dsa->g);
-	to->pkey.dsa->g=a;
-	return 1;
-	}
-
-static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
-	{
-	if (	BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
-		BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
-		BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
-		return 0;
-	else
-		return 1;
-	}
-
-static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-	{
-	if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
-		return 0;
-	else
-		return 1;
-	}
-
-static void int_dsa_free(EVP_PKEY *pkey)
-	{
-	DSA_free(pkey->pkey.dsa);
-	}
-
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
-	{
-	size_t i;
-	if (!b)
-		return;
-	if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
-			*pbuflen = i;
-	}
-
-static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
-	{
-	unsigned char *m=NULL;
-	int ret=0;
-	size_t buf_len=0;
-	const char *ktype = NULL;
-
-	const BIGNUM *priv_key, *pub_key;
-
-	if (ptype == 2)
-		priv_key = x->priv_key;
-	else
-		priv_key = NULL;
-
-	if (ptype > 0)
-		pub_key = x->pub_key;
-	else
-		pub_key = NULL;
-
-	if (ptype == 2)
-		ktype = "Private-Key";
-	else if (ptype == 1)
-		ktype = "Public-Key";
-	else
-		ktype = "DSA-Parameters";
-
-	update_buflen(x->p, &buf_len);
-	update_buflen(x->q, &buf_len);
-	update_buflen(x->g, &buf_len);
-	update_buflen(priv_key, &buf_len);
-	update_buflen(pub_key, &buf_len);
-
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-	if (m == NULL)
-		{
-		DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (priv_key)
-		{
-		if(!BIO_indent(bp,off,128))
-		   goto err;
-		if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p))
-			<= 0) goto err;
-		}
-
-	if (!ASN1_bn_print(bp,"priv:",priv_key,m,off))
-		goto err;
-	if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off))
-		goto err;
-	if (!ASN1_bn_print(bp,"P:   ",x->p,m,off)) goto err;
-	if (!ASN1_bn_print(bp,"Q:   ",x->q,m,off)) goto err;
-	if (!ASN1_bn_print(bp,"G:   ",x->g,m,off)) goto err;
-	ret=1;
-err:
-	if (m != NULL) OPENSSL_free(m);
-	return(ret);
-	}
-
-static int dsa_param_decode(EVP_PKEY *pkey,
-					const unsigned char **pder, int derlen)
-	{
-	DSA *dsa;
-	if (!(dsa = d2i_DSAparams(NULL, pder, derlen)))
-		{
-		DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
-		return 0;
-		}
-	EVP_PKEY_assign_DSA(pkey, dsa);
-	return 1;
-	}
-
-static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
-	{
-	return i2d_DSAparams(pkey->pkey.dsa, pder);
-	}
-
-static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *ctx)
-	{
-	return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
-	}
-
-static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *ctx)
-	{
-	return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
-	}
-
-
-static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *ctx)
-	{
-	return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
-	}
-
-static int old_dsa_priv_decode(EVP_PKEY *pkey,
-					const unsigned char **pder, int derlen)
-	{
-	DSA *dsa;
-	if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen)))
-		{
-		DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
-		return 0;
-		}
-	EVP_PKEY_assign_DSA(pkey, dsa);
-	return 1;
-	}
-
-static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
-	{
-	return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
-	}
-
-static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
-					const ASN1_STRING *sig,
-					int indent, ASN1_PCTX *pctx)
-	{
-	DSA_SIG *dsa_sig;
-	const unsigned char *p;
-	if (!sig)
-		{
-		if (BIO_puts(bp, "\n") <= 0)
-			return 0;
-		else
-			return 1;
-		}
-	p = sig->data;
-	dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
-	if (dsa_sig)
-		{
-		int rv = 0;
-		size_t buf_len = 0;
-		unsigned char *m=NULL;
-		update_buflen(dsa_sig->r, &buf_len);
-		update_buflen(dsa_sig->s, &buf_len);
-		m = OPENSSL_malloc(buf_len+10);
-		if (m == NULL)
-			{
-			DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		if (BIO_write(bp, "\n", 1) != 1)
-			goto err;
-
-		if (!ASN1_bn_print(bp,"r:   ",dsa_sig->r,m,indent))
-			goto err;
-		if (!ASN1_bn_print(bp,"s:   ",dsa_sig->s,m,indent))
-			goto err;
-		rv = 1;
-		err:
-		if (m)
-			OPENSSL_free(m);
-		DSA_SIG_free(dsa_sig);
-		return rv;
-		}
-	return X509_signature_dump(bp, sig, indent);
-	}
-
-static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
-	{
-	switch (op)
-		{
-		case ASN1_PKEY_CTRL_PKCS7_SIGN:
-		if (arg1 == 0)
-			{
-			int snid, hnid;
-			X509_ALGOR *alg1, *alg2;
-			PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
-			if (alg1 == NULL || alg1->algorithm == NULL)
-				return -1;
-			hnid = OBJ_obj2nid(alg1->algorithm);
-			if (hnid == NID_undef)
-				return -1;
-			if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
-				return -1; 
-			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
-			}
-		return 1;
-#ifndef OPENSSL_NO_CMS
-		case ASN1_PKEY_CTRL_CMS_SIGN:
-		if (arg1 == 0)
-			{
-			int snid, hnid;
-			X509_ALGOR *alg1, *alg2;
-			CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
-			if (alg1 == NULL || alg1->algorithm == NULL)
-				return -1;
-			hnid = OBJ_obj2nid(alg1->algorithm);
-			if (hnid == NID_undef)
-				return -1;
-			if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
-				return -1; 
-			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
-			}
-		return 1;
-#endif
-
-		case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-		*(int *)arg2 = NID_sha1;
-		return 2;
-
-		default:
-		return -2;
-
-		}
-
-	}
-
-/* NB these are sorted in pkey_id order, lowest first */
-
-const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = 
-	{
-
-		{
-		EVP_PKEY_DSA2,
-		EVP_PKEY_DSA,
-		ASN1_PKEY_ALIAS
-		},
-
-		{
-		EVP_PKEY_DSA1,
-		EVP_PKEY_DSA,
-		ASN1_PKEY_ALIAS
-		},
-
-		{
-		EVP_PKEY_DSA4,
-		EVP_PKEY_DSA,
-		ASN1_PKEY_ALIAS
-		},
-
-		{
-		EVP_PKEY_DSA3,
-		EVP_PKEY_DSA,
-		ASN1_PKEY_ALIAS
-		},
-
-		{
-		EVP_PKEY_DSA,
-		EVP_PKEY_DSA,
-		0,
-
-		"DSA",
-		"OpenSSL DSA method",
-
-		dsa_pub_decode,
-		dsa_pub_encode,
-		dsa_pub_cmp,
-		dsa_pub_print,
-
-		dsa_priv_decode,
-		dsa_priv_encode,
-		dsa_priv_print,
-
-		int_dsa_size,
-		dsa_bits,
-
-		dsa_param_decode,
-		dsa_param_encode,
-		dsa_missing_parameters,
-		dsa_copy_parameters,
-		dsa_cmp_parameters,
-		dsa_param_print,
-		dsa_sig_print,
-
-		int_dsa_free,
-		dsa_pkey_ctrl,
-		old_dsa_priv_decode,
-		old_dsa_priv_encode
-		}
-	};
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
deleted file mode 100644
index 473af873e0..0000000000
--- a/crypto/dsa/dsa_asn1.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/* dsa_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dsa.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/rand.h>
-
-/* Override the default new methods */
-static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-								void *exarg)
-{
-	if(operation == ASN1_OP_NEW_PRE) {
-		DSA_SIG *sig;
-		sig = OPENSSL_malloc(sizeof(DSA_SIG));
-		if (!sig)
-			{
-			DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		sig->r = NULL;
-		sig->s = NULL;
-		*pval = (ASN1_VALUE *)sig;
-		return 2;
-	}
-	return 1;
-}
-
-ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
-	ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
-	ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
-} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
-
-/* Override the default free and new methods */
-static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
-{
-	if(operation == ASN1_OP_NEW_PRE) {
-		*pval = (ASN1_VALUE *)DSA_new();
-		if(*pval) return 2;
-		return 0;
-	} else if(operation == ASN1_OP_FREE_PRE) {
-		DSA_free((DSA *)*pval);
-		*pval = NULL;
-		return 2;
-	}
-	return 1;
-}
-
-ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
-	ASN1_SIMPLE(DSA, version, LONG),
-	ASN1_SIMPLE(DSA, p, BIGNUM),
-	ASN1_SIMPLE(DSA, q, BIGNUM),
-	ASN1_SIMPLE(DSA, g, BIGNUM),
-	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
-	ASN1_SIMPLE(DSA, priv_key, BIGNUM)
-} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
-
-ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
-	ASN1_SIMPLE(DSA, p, BIGNUM),
-	ASN1_SIMPLE(DSA, q, BIGNUM),
-	ASN1_SIMPLE(DSA, g, BIGNUM),
-} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
-
-/* DSA public key is a bit trickier... its effectively a CHOICE type
- * decided by a field called write_params which can either write out
- * just the public key as an INTEGER or the parameters and public key
- * in a SEQUENCE
- */
-
-ASN1_SEQUENCE(dsa_pub_internal) = {
-	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
-	ASN1_SIMPLE(DSA, p, BIGNUM),
-	ASN1_SIMPLE(DSA, q, BIGNUM),
-	ASN1_SIMPLE(DSA, g, BIGNUM)
-} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
-
-ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
-	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
-	ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
-} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
-
-DSA *DSAparams_dup(DSA *dsa)
-	{
-	return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
-	}
-
-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
-	     unsigned int *siglen, DSA *dsa)
-	{
-	DSA_SIG *s;
-	RAND_seed(dgst, dlen);
-	s=DSA_do_sign(dgst,dlen,dsa);
-	if (s == NULL)
-		{
-		*siglen=0;
-		return(0);
-		}
-	*siglen=i2d_DSA_SIG(s,&sig);
-	DSA_SIG_free(s);
-	return(1);
-	}
-
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
- *      1: correct signature
- *      0: incorrect signature
- *     -1: error
- */
-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
-	     const unsigned char *sigbuf, int siglen, DSA *dsa)
-	{
-	DSA_SIG *s;
-	const unsigned char *p = sigbuf;
-	unsigned char *der = NULL;
-	int derlen = -1;
-	int ret=-1;
-
-	s = DSA_SIG_new();
-	if (s == NULL) return(ret);
-	if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err;
-	/* Ensure signature uses DER and doesn't have trailing garbage */
-	derlen = i2d_DSA_SIG(s, &der);
-	if (derlen != siglen || memcmp(sigbuf, der, derlen))
-		goto err;
-	ret=DSA_do_verify(dgst,dgst_len,s,dsa);
-err:
-	if (derlen > 0)
-		{
-		OPENSSL_cleanse(der, derlen);
-		OPENSSL_free(der);
-		}
-	DSA_SIG_free(s);
-	return(ret);
-	}
diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
deleted file mode 100644
index f2da680eb4..0000000000
--- a/crypto/dsa/dsa_depr.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/dsa/dsa_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* This file contains deprecated function(s) that are now wrappers to the new
- * version(s). */
-
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/* Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH    EVP_sha()
-#else
-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
- * FIPS PUB 180-1) */
-#define HASH    EVP_sha1()
-#endif 
-
-static void *dummy=&dummy;
-
-#ifndef OPENSSL_NO_SHA
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-#ifndef OPENSSL_NO_DEPRECATED
-DSA *DSA_generate_parameters(int bits,
-		unsigned char *seed_in, int seed_len,
-		int *counter_ret, unsigned long *h_ret,
-		void (*callback)(int, int, void *),
-		void *cb_arg)
-	{
-	BN_GENCB cb;
-	DSA *ret;
-
-	if ((ret=DSA_new()) == NULL) return NULL;
-
-	BN_GENCB_set_old(&cb, callback, cb_arg);
-
-	if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
-				counter_ret, h_ret, &cb))
-		return ret;
-	DSA_free(ret);
-	return NULL;
-	}
-#endif
-#endif
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
deleted file mode 100644
index e6171cce4e..0000000000
--- a/crypto/dsa/dsa_err.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/* crypto/dsa/dsa_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/dsa.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
-
-static ERR_STRING_DATA DSA_str_functs[]=
-	{
-{ERR_FUNC(DSA_F_D2I_DSA_SIG),	"d2i_DSA_SIG"},
-{ERR_FUNC(DSA_F_DO_DSA_PRINT),	"DO_DSA_PRINT"},
-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT),	"DSAparams_print"},
-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),	"DSAparams_print_fp"},
-{ERR_FUNC(DSA_F_DSA_DO_SIGN),	"DSA_do_sign"},
-{ERR_FUNC(DSA_F_DSA_DO_VERIFY),	"DSA_do_verify"},
-{ERR_FUNC(DSA_F_DSA_GENERATE_KEY),	"DSA_generate_key"},
-{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS_EX),	"DSA_generate_parameters_ex"},
-{ERR_FUNC(DSA_F_DSA_NEW_METHOD),	"DSA_new_method"},
-{ERR_FUNC(DSA_F_DSA_PARAM_DECODE),	"DSA_PARAM_DECODE"},
-{ERR_FUNC(DSA_F_DSA_PRINT_FP),	"DSA_print_fp"},
-{ERR_FUNC(DSA_F_DSA_PRIV_DECODE),	"DSA_PRIV_DECODE"},
-{ERR_FUNC(DSA_F_DSA_PRIV_ENCODE),	"DSA_PRIV_ENCODE"},
-{ERR_FUNC(DSA_F_DSA_PUB_DECODE),	"DSA_PUB_DECODE"},
-{ERR_FUNC(DSA_F_DSA_PUB_ENCODE),	"DSA_PUB_ENCODE"},
-{ERR_FUNC(DSA_F_DSA_SIGN),	"DSA_sign"},
-{ERR_FUNC(DSA_F_DSA_SIGN_SETUP),	"DSA_sign_setup"},
-{ERR_FUNC(DSA_F_DSA_SIG_NEW),	"DSA_SIG_new"},
-{ERR_FUNC(DSA_F_DSA_SIG_PRINT),	"DSA_SIG_PRINT"},
-{ERR_FUNC(DSA_F_DSA_VERIFY),	"DSA_verify"},
-{ERR_FUNC(DSA_F_I2D_DSA_SIG),	"i2d_DSA_SIG"},
-{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE),	"OLD_DSA_PRIV_DECODE"},
-{ERR_FUNC(DSA_F_PKEY_DSA_CTRL),	"PKEY_DSA_CTRL"},
-{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN),	"PKEY_DSA_KEYGEN"},
-{ERR_FUNC(DSA_F_SIG_CB),	"SIG_CB"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA DSA_str_reasons[]=
-	{
-{ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},
-{ERR_REASON(DSA_R_BN_DECODE_ERROR)       ,"bn decode error"},
-{ERR_REASON(DSA_R_BN_ERROR)              ,"bn error"},
-{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(DSA_R_DECODE_ERROR)          ,"decode error"},
-{ERR_REASON(DSA_R_INVALID_DIGEST_TYPE)   ,"invalid digest type"},
-{ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
-{ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
-{ERR_REASON(DSA_R_NONCE_CANNOT_BE_PRECOMPUTED),"nonce cannot be precomputed"},
-{ERR_REASON(DSA_R_NON_FIPS_DSA_METHOD)   ,"non fips dsa method"},
-{ERR_REASON(DSA_R_NO_PARAMETERS_SET)     ,"no parameters set"},
-{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_DSA_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,DSA_str_functs);
-		ERR_load_strings(0,DSA_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
deleted file mode 100644
index c398761d0d..0000000000
--- a/crypto/dsa/dsa_gen.c
+++ /dev/null
@@ -1,371 +0,0 @@
-/* crypto/dsa/dsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/* Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH    EVP_sha()
-#else
-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
- * FIPS PUB 180-1) */
-#define HASH    EVP_sha1()
-#endif 
-
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
-
-#ifndef OPENSSL_NO_SHA
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-#include "dsa_locl.h"
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-int DSA_generate_parameters_ex(DSA *ret, int bits,
-		const unsigned char *seed_in, int seed_len,
-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
-			&& !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
-		return 0;
-		}
-#endif
-	if(ret->meth->dsa_paramgen)
-		return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
-				counter_ret, h_ret, cb);
-#ifdef OPENSSL_FIPS
-	else if (FIPS_mode())
-		{
-		return FIPS_dsa_generate_parameters_ex(ret, bits, 
-							seed_in, seed_len,
-							counter_ret, h_ret, cb);
-		}
-#endif
-	else
-		{
-		const EVP_MD *evpmd;
-		size_t qbits = bits >= 2048 ? 256 : 160;
-
-		if (bits >= 2048)
-			{
-			qbits = 256;
-			evpmd = EVP_sha256();
-			}
-		else
-			{
-			qbits = 160;
-			evpmd = EVP_sha1();
-			}
-
-		return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
-			seed_in, seed_len, NULL, counter_ret, h_ret, cb);
-		}
-	}
-
-int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
-	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
-	unsigned char *seed_out,
-	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
-	{
-	int ok=0;
-	unsigned char seed[SHA256_DIGEST_LENGTH];
-	unsigned char md[SHA256_DIGEST_LENGTH];
-	unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH];
-	BIGNUM *r0,*W,*X,*c,*test;
-	BIGNUM *g=NULL,*q=NULL,*p=NULL;
-	BN_MONT_CTX *mont=NULL;
-	int i, k, n=0, m=0, qsize = qbits >> 3;
-	int counter=0;
-	int r=0;
-	BN_CTX *ctx=NULL;
-	unsigned int h=2;
-
-	if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
-	    qsize != SHA256_DIGEST_LENGTH)
-		/* invalid q size */
-		return 0;
-
-	if (evpmd == NULL)
-		/* use SHA1 as default */
-		evpmd = EVP_sha1();
-
-	if (bits < 512)
-		bits = 512;
-
-	bits = (bits+63)/64*64;
-
-	/* NB: seed_len == 0 is special case: copy generated seed to
- 	 * seed_in if it is not NULL.
- 	 */
-	if (seed_len && (seed_len < (size_t)qsize))
-		seed_in = NULL;		/* seed buffer too small -- ignore */
-	if (seed_len > (size_t)qsize) 
-		seed_len = qsize;	/* App. 2.2 of FIPS PUB 186 allows larger SEED,
-					 * but our internal buffers are restricted to 160 bits*/
-	if (seed_in != NULL)
-		memcpy(seed, seed_in, seed_len);
-
-	if ((ctx=BN_CTX_new()) == NULL)
-		goto err;
-
-	if ((mont=BN_MONT_CTX_new()) == NULL)
-		goto err;
-
-	BN_CTX_start(ctx);
-	r0 = BN_CTX_get(ctx);
-	g = BN_CTX_get(ctx);
-	W = BN_CTX_get(ctx);
-	q = BN_CTX_get(ctx);
-	X = BN_CTX_get(ctx);
-	c = BN_CTX_get(ctx);
-	p = BN_CTX_get(ctx);
-	test = BN_CTX_get(ctx);
-
-	if (!BN_lshift(test,BN_value_one(),bits-1))
-		goto err;
-
-	for (;;)
-		{
-		for (;;) /* find q */
-			{
-			int seed_is_random;
-
-			/* step 1 */
-			if(!BN_GENCB_call(cb, 0, m++))
-				goto err;
-
-			if (!seed_len)
-				{
-				RAND_pseudo_bytes(seed, qsize);
-				seed_is_random = 1;
-				}
-			else
-				{
-				seed_is_random = 0;
-				seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
-				}
-			memcpy(buf , seed, qsize);
-			memcpy(buf2, seed, qsize);
-			/* precompute "SEED + 1" for step 7: */
-			for (i = qsize-1; i >= 0; i--)
-				{
-				buf[i]++;
-				if (buf[i] != 0)
-					break;
-				}
-
-			/* step 2 */
-			if (!EVP_Digest(seed, qsize, md,   NULL, evpmd, NULL))
-				goto err;
-			if (!EVP_Digest(buf,  qsize, buf2, NULL, evpmd, NULL))
-				goto err;
-			for (i = 0; i < qsize; i++)
-				md[i]^=buf2[i];
-
-			/* step 3 */
-			md[0] |= 0x80;
-			md[qsize-1] |= 0x01;
-			if (!BN_bin2bn(md, qsize, q))
-				goto err;
-
-			/* step 4 */
-			r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
-					seed_is_random, cb);
-			if (r > 0)
-				break;
-			if (r != 0)
-				goto err;
-
-			/* do a callback call */
-			/* step 5 */
-			}
-
-		if(!BN_GENCB_call(cb, 2, 0)) goto err;
-		if(!BN_GENCB_call(cb, 3, 0)) goto err;
-
-		/* step 6 */
-		counter=0;
-		/* "offset = 2" */
-
-		n=(bits-1)/160;
-
-		for (;;)
-			{
-			if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
-				goto err;
-
-			/* step 7 */
-			BN_zero(W);
-			/* now 'buf' contains "SEED + offset - 1" */
-			for (k=0; k<=n; k++)
-				{
-				/* obtain "SEED + offset + k" by incrementing: */
-				for (i = qsize-1; i >= 0; i--)
-					{
-					buf[i]++;
-					if (buf[i] != 0)
-						break;
-					}
-
-				if (!EVP_Digest(buf, qsize, md ,NULL, evpmd,
-									NULL))
-					goto err;
-
-				/* step 8 */
-				if (!BN_bin2bn(md, qsize, r0))
-					goto err;
-				if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err;
-				if (!BN_add(W,W,r0)) goto err;
-				}
-
-			/* more of step 8 */
-			if (!BN_mask_bits(W,bits-1)) goto err;
-			if (!BN_copy(X,W)) goto err;
-			if (!BN_add(X,X,test)) goto err;
-
-			/* step 9 */
-			if (!BN_lshift1(r0,q)) goto err;
-			if (!BN_mod(c,X,r0,ctx)) goto err;
-			if (!BN_sub(r0,c,BN_value_one())) goto err;
-			if (!BN_sub(p,X,r0)) goto err;
-
-			/* step 10 */
-			if (BN_cmp(p,test) >= 0)
-				{
-				/* step 11 */
-				r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
-						ctx, 1, cb);
-				if (r > 0)
-						goto end; /* found it */
-				if (r != 0)
-					goto err;
-				}
-
-			/* step 13 */
-			counter++;
-			/* "offset = offset + n + 1" */
-
-			/* step 14 */
-			if (counter >= 4096) break;
-			}
-		}
-end:
-	if(!BN_GENCB_call(cb, 2, 1))
-		goto err;
-
-	/* We now need to generate g */
-	/* Set r0=(p-1)/q */
-	if (!BN_sub(test,p,BN_value_one())) goto err;
-	if (!BN_div(r0,NULL,test,q,ctx)) goto err;
-
-	if (!BN_set_word(test,h)) goto err;
-	if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;
-
-	for (;;)
-		{
-		/* g=test^r0%p */
-		if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;
-		if (!BN_is_one(g)) break;
-		if (!BN_add(test,test,BN_value_one())) goto err;
-		h++;
-		}
-
-	if(!BN_GENCB_call(cb, 3, 1))
-		goto err;
-
-	ok=1;
-err:
-	if (ok)
-		{
-		if(ret->p) BN_free(ret->p);
-		if(ret->q) BN_free(ret->q);
-		if(ret->g) BN_free(ret->g);
-		ret->p=BN_dup(p);
-		ret->q=BN_dup(q);
-		ret->g=BN_dup(g);
-		if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
-			{
-			ok=0;
-			goto err;
-			}
-		if (counter_ret != NULL) *counter_ret=counter;
-		if (h_ret != NULL) *h_ret=h;
-		if (seed_out)
-			memcpy(seed_out, seed, qsize);
-		}
-	if(ctx)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	if (mont != NULL) BN_MONT_CTX_free(mont);
-	return ok;
-	}
-#endif
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
deleted file mode 100644
index 9cf669b921..0000000000
--- a/crypto/dsa/dsa_key.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/* crypto/dsa/dsa_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_SHA
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-static int dsa_builtin_keygen(DSA *dsa);
-
-int DSA_generate_key(DSA *dsa)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-			&& !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
-		return 0;
-		}
-#endif
-	if(dsa->meth->dsa_keygen)
-		return dsa->meth->dsa_keygen(dsa);
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		return FIPS_dsa_generate_key(dsa);
-#endif
-	return dsa_builtin_keygen(dsa);
-	}
-
-static int dsa_builtin_keygen(DSA *dsa)
-	{
-	int ok=0;
-	BN_CTX *ctx=NULL;
-	BIGNUM *pub_key=NULL,*priv_key=NULL;
-
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-
-	if (dsa->priv_key == NULL)
-		{
-		if ((priv_key=BN_new()) == NULL) goto err;
-		}
-	else
-		priv_key=dsa->priv_key;
-
-	do
-		if (!BN_rand_range(priv_key,dsa->q)) goto err;
-	while (BN_is_zero(priv_key));
-
-	if (dsa->pub_key == NULL)
-		{
-		if ((pub_key=BN_new()) == NULL) goto err;
-		}
-	else
-		pub_key=dsa->pub_key;
-	
-	{
-		BIGNUM local_prk;
-		BIGNUM *prk;
-
-		if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
-			{
-			BN_init(&local_prk);
-			prk = &local_prk;
-			BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-			}
-		else
-			prk = priv_key;
-
-		if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
-	}
-
-	dsa->priv_key=priv_key;
-	dsa->pub_key=pub_key;
-	ok=1;
-
-err:
-	if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
-	if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
-	if (ctx != NULL) BN_CTX_free(ctx);
-	return(ok);
-	}
-#endif
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
deleted file mode 100644
index 96d8d0c4b4..0000000000
--- a/crypto/dsa/dsa_lib.c
+++ /dev/null
@@ -1,329 +0,0 @@
-/* crypto/dsa/dsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
-
-static const DSA_METHOD *default_DSA_method = NULL;
-
-void DSA_set_default_method(const DSA_METHOD *meth)
-	{
-	default_DSA_method = meth;
-	}
-
-const DSA_METHOD *DSA_get_default_method(void)
-	{
-	if(!default_DSA_method)
-		{
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return FIPS_dsa_openssl();
-		else
-			return DSA_OpenSSL();
-#else
-		default_DSA_method = DSA_OpenSSL();
-#endif
-		}
-	return default_DSA_method;
-	}
-
-DSA *DSA_new(void)
-	{
-	return DSA_new_method(NULL);
-	}
-
-int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
-	{
-	/* NB: The caller is specifically setting a method, so it's not up to us
-	 * to deal with which ENGINE it comes from. */
-        const DSA_METHOD *mtmp;
-        mtmp = dsa->meth;
-        if (mtmp->finish) mtmp->finish(dsa);
-#ifndef OPENSSL_NO_ENGINE
-	if (dsa->engine)
-		{
-		ENGINE_finish(dsa->engine);
-		dsa->engine = NULL;
-		}
-#endif
-        dsa->meth = meth;
-        if (meth->init) meth->init(dsa);
-        return 1;
-	}
-
-DSA *DSA_new_method(ENGINE *engine)
-	{
-	DSA *ret;
-
-	ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
-	if (ret == NULL)
-		{
-		DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->meth = DSA_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
-	if (engine)
-		{
-		if (!ENGINE_init(engine))
-			{
-			DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		ret->engine = engine;
-		}
-	else
-		ret->engine = ENGINE_get_default_DSA();
-	if(ret->engine)
-		{
-		ret->meth = ENGINE_get_DSA(ret->engine);
-		if(!ret->meth)
-			{
-			DSAerr(DSA_F_DSA_NEW_METHOD,
-				ERR_R_ENGINE_LIB);
-			ENGINE_finish(ret->engine);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		}
-#endif
-
-	ret->pad=0;
-	ret->version=0;
-	ret->write_params=1;
-	ret->p=NULL;
-	ret->q=NULL;
-	ret->g=NULL;
-
-	ret->pub_key=NULL;
-	ret->priv_key=NULL;
-
-	ret->kinv=NULL;
-	ret->r=NULL;
-	ret->method_mont_p=NULL;
-
-	ret->references=1;
-	ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-		{
-#ifndef OPENSSL_NO_ENGINE
-		if (ret->engine)
-			ENGINE_finish(ret->engine);
-#endif
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-	
-	return(ret);
-	}
-
-void DSA_free(DSA *r)
-	{
-	int i;
-
-	if (r == NULL) return;
-
-	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
-#ifdef REF_PRINT
-	REF_PRINT("DSA",r);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"DSA_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	if(r->meth->finish)
-		r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-	if(r->engine)
-		ENGINE_finish(r->engine);
-#endif
-
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
-
-	if (r->p != NULL) BN_clear_free(r->p);
-	if (r->q != NULL) BN_clear_free(r->q);
-	if (r->g != NULL) BN_clear_free(r->g);
-	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
-	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
-	if (r->kinv != NULL) BN_clear_free(r->kinv);
-	if (r->r != NULL) BN_clear_free(r->r);
-	OPENSSL_free(r);
-	}
-
-int DSA_up_ref(DSA *r)
-	{
-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
-#ifdef REF_PRINT
-	REF_PRINT("DSA",r);
-#endif
-#ifdef REF_CHECK
-	if (i < 2)
-		{
-		fprintf(stderr, "DSA_up_ref, bad reference count\n");
-		abort();
-		}
-#endif
-	return ((i > 1) ? 1 : 0);
-	}
-
-int DSA_size(const DSA *r)
-	{
-	int ret,i;
-	ASN1_INTEGER bs;
-	unsigned char buf[4];	/* 4 bytes looks really small.
-				   However, i2d_ASN1_INTEGER() will not look
-				   beyond the first byte, as long as the second
-				   parameter is NULL. */
-
-	i=BN_num_bits(r->q);
-	bs.length=(i+7)/8;
-	bs.data=buf;
-	bs.type=V_ASN1_INTEGER;
-	/* If the top bit is set the asn1 encoding is 1 larger. */
-	buf[0]=0xff;	
-
-	i=i2d_ASN1_INTEGER(&bs,NULL);
-	i+=i; /* r and s */
-	ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-	return(ret);
-	}
-
-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
-				new_func, dup_func, free_func);
-        }
-
-int DSA_set_ex_data(DSA *d, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
-	}
-
-void *DSA_get_ex_data(DSA *d, int idx)
-	{
-	return(CRYPTO_get_ex_data(&d->ex_data,idx));
-	}
-
-#ifndef OPENSSL_NO_DH
-DH *DSA_dup_DH(const DSA *r)
-	{
-	/* DSA has p, q, g, optional pub_key, optional priv_key.
-	 * DH has p, optional length, g, optional pub_key, optional priv_key,
-	 * optional q.
-	 */ 
-
-	DH *ret = NULL;
-
-	if (r == NULL)
-		goto err;
-	ret = DH_new();
-	if (ret == NULL)
-		goto err;
-	if (r->p != NULL) 
-		if ((ret->p = BN_dup(r->p)) == NULL)
-			goto err;
-	if (r->q != NULL)
-		{
-		ret->length = BN_num_bits(r->q);
-		if ((ret->q = BN_dup(r->q)) == NULL)
-			goto err;
-		}
-	if (r->g != NULL)
-		if ((ret->g = BN_dup(r->g)) == NULL)
-			goto err;
-	if (r->pub_key != NULL)
-		if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
-			goto err;
-	if (r->priv_key != NULL)
-		if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
-			goto err;
-
-	return ret;
-
- err:
-	if (ret != NULL)
-		DH_free(ret);
-	return NULL;
-	}
-#endif
diff --git a/crypto/dsa/dsa_locl.h b/crypto/dsa/dsa_locl.h
deleted file mode 100644
index 21e2e45242..0000000000
--- a/crypto/dsa/dsa_locl.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/dsa.h>
-
-int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
-	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
-	unsigned char *seed_out,
-	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
deleted file mode 100644
index 177fc54582..0000000000
--- a/crypto/dsa/dsa_ossl.c
+++ /dev/null
@@ -1,430 +0,0 @@
-/* crypto/dsa/dsa_ossl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/sha.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-
-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
-			  BIGNUM **kinvp, BIGNUM **rp,
-			  const unsigned char *dgst, int dlen);
-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-			 DSA *dsa);
-static int dsa_init(DSA *dsa);
-static int dsa_finish(DSA *dsa);
-
-static DSA_METHOD openssl_dsa_meth = {
-"OpenSSL DSA method",
-dsa_do_sign,
-dsa_sign_setup,
-dsa_do_verify,
-NULL, /* dsa_mod_exp, */
-NULL, /* dsa_bn_mod_exp, */
-dsa_init,
-dsa_finish,
-0,
-NULL,
-NULL,
-NULL
-};
-
-/* These macro wrappers replace attempts to use the dsa_mod_exp() and
- * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
- * having a the macro work as an expression by bundling an "err_instr". So;
- * 
- *     if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
- *                 dsa->method_mont_p)) goto err;
- *
- * can be replaced by;
- *
- *     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
- *                 dsa->method_mont_p);
- */
-
-#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
-	do { \
-	int _tmp_res53; \
-	if((dsa)->meth->dsa_mod_exp) \
-		_tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
-				(a2), (p2), (m), (ctx), (in_mont)); \
-	else \
-		_tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
-				(m), (ctx), (in_mont)); \
-	if(!_tmp_res53) err_instr; \
-	} while(0)
-#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
-	do { \
-	int _tmp_res53; \
-	if((dsa)->meth->bn_mod_exp) \
-		_tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
-				(m), (ctx), (m_ctx)); \
-	else \
-		_tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
-	if(!_tmp_res53) err_instr; \
-	} while(0)
-
-const DSA_METHOD *DSA_OpenSSL(void)
-{
-	return &openssl_dsa_meth;
-}
-
-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-	{
-	BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
-	BIGNUM m;
-	BIGNUM xr;
-	BN_CTX *ctx=NULL;
-	int reason=ERR_R_BN_LIB;
-	DSA_SIG *ret=NULL;
-	int noredo = 0;
-
-	BN_init(&m);
-	BN_init(&xr);
-
-	if (!dsa->p || !dsa->q || !dsa->g)
-		{
-		reason=DSA_R_MISSING_PARAMETERS;
-		goto err;
-		}
-
-	s=BN_new();
-	if (s == NULL) goto err;
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-redo:
-	if ((dsa->kinv == NULL) || (dsa->r == NULL))
-		{
-		if (!dsa->meth->dsa_sign_setup(dsa,ctx,&kinv,&r,dgst,dlen))
-			goto err;
-		}
-	else
-		{
-		kinv=dsa->kinv;
-		dsa->kinv=NULL;
-		r=dsa->r;
-		dsa->r=NULL;
-		noredo = 1;
-		}
-
-	
-	if (dlen > BN_num_bytes(dsa->q))
-		/* if the digest length is greater than the size of q use the
-		 * BN_num_bits(dsa->q) leftmost bits of the digest, see
-		 * fips 186-3, 4.2 */
-		dlen = BN_num_bytes(dsa->q);
-	if (BN_bin2bn(dgst,dlen,&m) == NULL)
-		goto err;
-
-	/* Compute  s = inv(k) (m + xr) mod q */
-	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
-	if (!BN_add(s, &xr, &m)) goto err;		/* s = m + xr */
-	if (BN_cmp(s,dsa->q) > 0)
-		if (!BN_sub(s,s,dsa->q)) goto err;
-	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
-
-	ret=DSA_SIG_new();
-	if (ret == NULL) goto err;
-	/* Redo if r or s is zero as required by FIPS 186-3: this is
-	 * very unlikely.
-	 */
-	if (BN_is_zero(r) || BN_is_zero(s))
-		{
-		if (noredo)
-			{
-			reason = DSA_R_NEED_NEW_SETUP_VALUES;
-			goto err;
-			}
-		goto redo;
-		}
-	ret->r = r;
-	ret->s = s;
-	
-err:
-	if (!ret)
-		{
-		DSAerr(DSA_F_DSA_DO_SIGN,reason);
-		BN_free(r);
-		BN_free(s);
-		}
-	if (ctx != NULL) BN_CTX_free(ctx);
-	BN_clear_free(&m);
-	BN_clear_free(&xr);
-	if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
-	    BN_clear_free(kinv);
-	return(ret);
-	}
-
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
-			  BIGNUM **kinvp, BIGNUM **rp,
-			  const unsigned char *dgst, int dlen)
-	{
-	BN_CTX *ctx;
-	BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
-	int ret=0;
-
-	if (!dsa->p || !dsa->q || !dsa->g)
-		{
-		DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
-		return 0;
-		}
-
-	BN_init(&k);
-	BN_init(&kq);
-
-	if (ctx_in == NULL)
-		{
-		if ((ctx=BN_CTX_new()) == NULL) goto err;
-		}
-	else
-		ctx=ctx_in;
-
-	if ((r=BN_new()) == NULL) goto err;
-
-	/* Get random k */
-	do
-		{
-#ifndef OPENSSL_NO_SHA512
-		if (dsa->flags & DSA_FLAG_NONCE_FROM_HASH)
-			{
-			/* If DSA_FLAG_NONCE_FROM_HASH is set then we calculate k from
-			 * SHA512(private_key + H(message) + random). This protects the
-			 * private key from a weak PRNG. */
-			if (!BN_generate_dsa_nonce(&k, dsa->q, dsa->priv_key, dgst,
-						   dlen, ctx))
-				goto err;
-			}
-		else
-#endif
-			if (!BN_rand_range(&k, dsa->q)) goto err;
-		} while (BN_is_zero(&k));
-	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
-		{
-		BN_set_flags(&k, BN_FLG_CONSTTIME);
-		}
-
-	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
-		{
-		if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-						CRYPTO_LOCK_DSA,
-						dsa->p, ctx))
-			goto err;
-		}
-
-	/* Compute r = (g^k mod p) mod q */
-
-	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
-		{
-		if (!BN_copy(&kq, &k)) goto err;
-
-		/* We do not want timing information to leak the length of k,
-		 * so we compute g^k using an equivalent exponent of fixed length.
-		 *
-		 * (This is a kludge that we need because the BN_mod_exp_mont()
-		 * does not let us specify the desired timing behaviour.) */
-
-		if (!BN_add(&kq, &kq, dsa->q)) goto err;
-		if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
-			{
-			if (!BN_add(&kq, &kq, dsa->q)) goto err;
-			}
-
-		K = &kq;
-		}
-	else
-		{
-		K = &k;
-		}
-	DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
-			dsa->method_mont_p);
-	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
-
-	/* Compute  part of 's = inv(k) (m + xr) mod q' */
-	if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
-
-	if (*kinvp != NULL) BN_clear_free(*kinvp);
-	*kinvp=kinv;
-	kinv=NULL;
-	if (*rp != NULL) BN_clear_free(*rp);
-	*rp=r;
-	ret=1;
-err:
-	if (!ret)
-		{
-		DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
-		if (r != NULL)
-			BN_clear_free(r);
-		}
-	if (ctx_in == NULL) BN_CTX_free(ctx);
-	BN_clear_free(&k);
-	BN_clear_free(&kq);
-	return(ret);
-	}
-
-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-			 DSA *dsa)
-	{
-	BN_CTX *ctx;
-	BIGNUM u1,u2,t1;
-	BN_MONT_CTX *mont=NULL;
-	int ret = -1, i;
-	if (!dsa->p || !dsa->q || !dsa->g)
-		{
-		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
-		return -1;
-		}
-
-	i = BN_num_bits(dsa->q);
-	/* fips 186-3 allows only different sizes for q */
-	if (i != 160 && i != 224 && i != 256)
-		{
-		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
-		return -1;
-		}
-
-	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
-		{
-		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
-		return -1;
-		}
-	BN_init(&u1);
-	BN_init(&u2);
-	BN_init(&t1);
-
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-
-	if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
-	    BN_ucmp(sig->r, dsa->q) >= 0)
-		{
-		ret = 0;
-		goto err;
-		}
-	if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
-	    BN_ucmp(sig->s, dsa->q) >= 0)
-		{
-		ret = 0;
-		goto err;
-		}
-
-	/* Calculate W = inv(S) mod Q
-	 * save W in u2 */
-	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
-
-	/* save M in u1 */
-	if (dgst_len > (i >> 3))
-		/* if the digest length is greater than the size of q use the
-		 * BN_num_bits(dsa->q) leftmost bits of the digest, see
-		 * fips 186-3, 4.2 */
-		dgst_len = (i >> 3);
-	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
-
-	/* u1 = M * w mod q */
-	if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
-
-	/* u2 = r * w mod q */
-	if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
-
-
-	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
-		{
-		mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-					CRYPTO_LOCK_DSA, dsa->p, ctx);
-		if (!mont)
-			goto err;
-		}
-
-
-	DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
-	/* BN_copy(&u1,&t1); */
-	/* let u1 = u1 mod q */
-	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
-
-	/* V is now in u1.  If the signature is correct, it will be
-	 * equal to R. */
-	ret=(BN_ucmp(&u1, sig->r) == 0);
-
-	err:
-	/* XXX: surely this is wrong - if ret is 0, it just didn't verify;
-	   there is no error in BN. Test should be ret == -1 (Ben) */
-	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
-	if (ctx != NULL) BN_CTX_free(ctx);
-	BN_free(&u1);
-	BN_free(&u2);
-	BN_free(&t1);
-	return(ret);
-	}
-
-static int dsa_init(DSA *dsa)
-{
-	dsa->flags|=DSA_FLAG_CACHE_MONT_P;
-	return(1);
-}
-
-static int dsa_finish(DSA *dsa)
-{
-	if(dsa->method_mont_p)
-		BN_MONT_CTX_free(dsa->method_mont_p);
-	return(1);
-}
-
diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c
deleted file mode 100644
index 715d8d675b..0000000000
--- a/crypto/dsa/dsa_pmeth.c
+++ /dev/null
@@ -1,318 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include "evp_locl.h"
-#include "dsa_locl.h"
-
-/* DSA pkey context structure */
-
-typedef struct
-	{
-	/* Parameter gen parameters */
-	int nbits;		/* size of p in bits (default: 1024) */
-	int qbits;		/* size of q in bits (default: 160)  */
-	const EVP_MD *pmd;	/* MD for parameter generation */
-	/* Keygen callback info */
-	int gentmp[2];
-	/* message digest */
-	const EVP_MD *md;	/* MD for the signature */
-	} DSA_PKEY_CTX;
-
-static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
-	{
-	DSA_PKEY_CTX *dctx;
-	dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX));
-	if (!dctx)
-		return 0;
-	dctx->nbits = 1024;
-	dctx->qbits = 160;
-	dctx->pmd = NULL;
-	dctx->md = NULL;
-
-	ctx->data = dctx;
-	ctx->keygen_info = dctx->gentmp;
-	ctx->keygen_info_count = 2;
-	
-	return 1;
-	}
-
-static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-	{
-	DSA_PKEY_CTX *dctx, *sctx;
-	if (!pkey_dsa_init(dst))
-		return 0;
-       	sctx = src->data;
-	dctx = dst->data;
-	dctx->nbits = sctx->nbits;
-	dctx->qbits = sctx->qbits;
-	dctx->pmd = sctx->pmd;
-	dctx->md  = sctx->md;
-	return 1;
-	}
-
-static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx)
-	{
-	DSA_PKEY_CTX *dctx = ctx->data;
-	if (dctx)
-		OPENSSL_free(dctx);
-	}
-
-static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-					const unsigned char *tbs, size_t tbslen)
-	{
-	int ret, type;
-	unsigned int sltmp;
-	DSA_PKEY_CTX *dctx = ctx->data;
-	DSA *dsa = ctx->pkey->pkey.dsa;
-
-	if (dctx->md)
-		type = EVP_MD_type(dctx->md);
-	else
-		type = NID_sha1;
-
-	ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa);
-
-	if (ret <= 0)
-		return ret;
-	*siglen = sltmp;
-	return 1;
-	}
-
-static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
-					const unsigned char *sig, size_t siglen,
-					const unsigned char *tbs, size_t tbslen)
-	{
-	int ret, type;
-	DSA_PKEY_CTX *dctx = ctx->data;
-	DSA *dsa = ctx->pkey->pkey.dsa;
-
-	if (dctx->md)
-		type = EVP_MD_type(dctx->md);
-	else
-		type = NID_sha1;
-
-	ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa);
-
-	return ret;
-	}
-
-static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-	{
-	DSA_PKEY_CTX *dctx = ctx->data;
-	switch (type)
-		{
-		case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
-		if (p1 < 256)
-			return -2;
-		dctx->nbits = p1;
-		return 1;
-
-		case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS:
-		if (p1 != 160 && p1 != 224 && p1 && p1 != 256)
-			return -2;
-		dctx->qbits = p1;
-		return 1;
-
-		case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
-		if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
-			{
-			DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
-			return 0;
-			}
-		dctx->md = p2;
-		return 1;
-
-		case EVP_PKEY_CTRL_MD:
-		if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_dsa    &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA    &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_sha512)
-			{
-			DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
-			return 0;
-			}
-		dctx->md = p2;
-		return 1;
-
-		case EVP_PKEY_CTRL_DIGESTINIT:
-		case EVP_PKEY_CTRL_PKCS7_SIGN:
-		case EVP_PKEY_CTRL_CMS_SIGN:
-		return 1;
-		
-		case EVP_PKEY_CTRL_PEER_KEY:
-			DSAerr(DSA_F_PKEY_DSA_CTRL,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-			return -2;	
-		default:
-		return -2;
-
-		}
-	}
-			
-static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
-			const char *type, const char *value)
-	{
-	if (!strcmp(type, "dsa_paramgen_bits"))
-		{
-		int nbits;
-		nbits = atoi(value);
-		return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
-		}
-	if (!strcmp(type, "dsa_paramgen_q_bits"))
-		{
-		int qbits = atoi(value);
-		return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
-		                         EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL);
-		}
-	if (!strcmp(type, "dsa_paramgen_md"))
-		{
-		return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
-		                         EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, 
-		                         (void *)EVP_get_digestbyname(value));
-		}
-	return -2;
-	}
-
-static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-	{
-	DSA *dsa = NULL;
-	DSA_PKEY_CTX *dctx = ctx->data;
-	BN_GENCB *pcb, cb;
-	int ret;
-	if (ctx->pkey_gencb)
-		{
-		pcb = &cb;
-		evp_pkey_set_cb_translate(pcb, ctx);
-		}
-	else
-		pcb = NULL;
-	dsa = DSA_new();
-	if (!dsa)
-		return 0;
-	ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
-	                           NULL, 0, NULL, NULL, NULL, pcb);
-	if (ret)
-		EVP_PKEY_assign_DSA(pkey, dsa);
-	else
-		DSA_free(dsa);
-	return ret;
-	}
-
-static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-	{
-	DSA *dsa = NULL;
-	if (ctx->pkey == NULL)
-		{
-		DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
-		return 0;
-		}
-	dsa = DSA_new();
-	if (!dsa)
-		return 0;
-	EVP_PKEY_assign_DSA(pkey, dsa);
-	/* Note: if error return, pkey is freed by parent routine */
-	if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
-		return 0;
-	return DSA_generate_key(pkey->pkey.dsa);
-	}
-
-const EVP_PKEY_METHOD dsa_pkey_meth = 
-	{
-	EVP_PKEY_DSA,
-	EVP_PKEY_FLAG_AUTOARGLEN,
-	pkey_dsa_init,
-	pkey_dsa_copy,
-	pkey_dsa_cleanup,
-
-	0,
-	pkey_dsa_paramgen,
-
-	0,
-	pkey_dsa_keygen,
-
-	0,
-	pkey_dsa_sign,
-
-	0,
-	pkey_dsa_verify,
-
-	0,0,
-
-	0,0,0,0,
-
-	0,0,
-
-	0,0,
-
-	0,0,
-
-	pkey_dsa_ctrl,
-	pkey_dsa_ctrl_str
-
-
-	};
diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c
deleted file mode 100644
index 6f29f5e240..0000000000
--- a/crypto/dsa/dsa_prn.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/dsa/dsa_prn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/dsa.h>
-
-#ifndef OPENSSL_NO_FP_API
-int DSA_print_fp(FILE *fp, const DSA *x, int off)
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
-		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=DSA_print(b,x,off);
-	BIO_free(b);
-	return(ret);
-	}
-
-int DSAparams_print_fp(FILE *fp, const DSA *x)
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
-		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=DSAparams_print(b, x);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
-
-int DSA_print(BIO *bp, const DSA *x, int off)
-	{
-	EVP_PKEY *pk;
-	int ret;
-	pk = EVP_PKEY_new();
-	if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
-		return 0;
-	ret = EVP_PKEY_print_private(bp, pk, off, NULL);
-	EVP_PKEY_free(pk);
-	return ret;
-	}
-
-int DSAparams_print(BIO *bp, const DSA *x)
-	{
-	EVP_PKEY *pk;
-	int ret;
-	pk = EVP_PKEY_new();
-	if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
-		return 0;
-	ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
-	EVP_PKEY_free(pk);
-	return ret;
-	}
-
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
deleted file mode 100644
index 8ace300ae5..0000000000
--- a/crypto/dsa/dsa_sign.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/dsa/dsa_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include "cryptlib.h"
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-
-DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-			&& !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_NON_FIPS_DSA_METHOD);
-		return NULL;
-		}
-#endif
-	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
-	}
-
-int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-			&& !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NON_FIPS_DSA_METHOD);
-		return 0;
-		}
-#endif
-	if (dsa->flags & DSA_FLAG_NONCE_FROM_HASH)
-		{
-		/* You cannot precompute the DSA nonce if it is required to
-		 * depend on the message. */
-		DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NONCE_CANNOT_BE_PRECOMPUTED);
-		return 0;
-		}
-	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp, NULL, 0);
-	}
-
-DSA_SIG *DSA_SIG_new(void)
-	{
-	DSA_SIG *sig;
-	sig = OPENSSL_malloc(sizeof(DSA_SIG));
-	if (!sig)
-		return NULL;
-	sig->r = NULL;
-	sig->s = NULL;
-	return sig;
-	}
-
-void DSA_SIG_free(DSA_SIG *sig)
-	{
-	if (sig)
-		{
-		if (sig->r)
-			BN_free(sig->r);
-		if (sig->s)
-			BN_free(sig->s);
-		OPENSSL_free(sig);
-		}
-	}
-
diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
deleted file mode 100644
index 674cb5fa5f..0000000000
--- a/crypto/dsa/dsa_vrf.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/* crypto/dsa/dsa_vrf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include "cryptlib.h"
-#include <openssl/dsa.h>
-
-int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-		  DSA *dsa)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
-			&& !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_NON_FIPS_DSA_METHOD);
-		return -1;
-		}
-#endif
-	return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
-	}
diff --git a/crypto/dsa/dsagen.c b/crypto/dsa/dsagen.c
deleted file mode 100644
index 1b6a1cca0f..0000000000
--- a/crypto/dsa/dsagen.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* crypto/dsa/dsagen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/dsa.h>
-
-#define TEST
-#define GENUINE_DSA
-
-#ifdef GENUINE_DSA
-#define LAST_VALUE 0xbd
-#else
-#define LAST_VALUE 0xd3
-#endif
-
-#ifdef TEST
-unsigned char seed[20]={
-	0xd5,0x01,0x4e,0x4b,
-	0x60,0xef,0x2b,0xa8,
-	0xb6,0x21,0x1b,0x40,
-	0x62,0xba,0x32,0x24,
-	0xe0,0x42,0x7d,LAST_VALUE};
-#endif
-
-int cb(int p, int n)
-	{
-	char c='*';
-
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	printf("%c",c);
-	fflush(stdout);
-	}
-
-main()
-	{
-	int i;
-	BIGNUM *n;
-	BN_CTX *ctx;
-	unsigned char seed_buf[20];
-	DSA *dsa;
-	int counter,h;
-	BIO *bio_err=NULL;
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-	memcpy(seed_buf,seed,20);
-	dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
-
-	if (dsa == NULL)
-		DSA_print(bio_err,dsa,0);
-	}
-
diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
deleted file mode 100644
index edffd24e6b..0000000000
--- a/crypto/dsa/dsatest.c
+++ /dev/null
@@ -1,259 +0,0 @@
-/* crypto/dsa/dsatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include "../e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_NO_DSA
-int main(int argc, char *argv[])
-{
-    printf("No DSA support\n");
-    return(0);
-}
-#else
-#include <openssl/dsa.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define MS_CALLBACK     _far _loadds
-#else
-#define MS_CALLBACK
-#endif
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg);
-
-/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
- * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
-static unsigned char seed[20]={
-	0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
-	0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
-	};
-
-static unsigned char out_p[]={
-	0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
-	0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
-	0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
-	0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
-	0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
-	0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
-	0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
-	0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
-	};
-
-static unsigned char out_q[]={
-	0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
-	0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
-	0xda,0xce,0x91,0x5f,
-	};
-
-static unsigned char out_g[]={
-	0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
-	0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
-	0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
-	0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
-	0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
-	0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
-	0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
-	0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
-	};
-
-static const unsigned char str1[]="12345678901234567890";
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-static BIO *bio_err=NULL;
-
-int main(int argc, char **argv)
-	{
-	BN_GENCB cb;
-	DSA *dsa=NULL;
-	int counter,ret=0,i,j;
-	unsigned char buf[256];
-	unsigned long h;
-	unsigned char sig[256];
-	unsigned int siglen;
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-	CRYPTO_malloc_debug_init();
-	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-	ERR_load_crypto_strings();
-	RAND_seed(rnd_seed, sizeof rnd_seed);
-
-	BIO_printf(bio_err,"test generation of DSA parameters\n");
-
-	BN_GENCB_set(&cb, dsa_cb, bio_err);
-	if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
-				seed, 20, &counter, &h, &cb))
-		goto end;
-
-	BIO_printf(bio_err,"seed\n");
-	for (i=0; i<20; i+=4)
-		{
-		BIO_printf(bio_err,"%02X%02X%02X%02X ",
-			seed[i],seed[i+1],seed[i+2],seed[i+3]);
-		}
-	BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
-		
-	DSA_print(bio_err,dsa,0);
-	if (counter != 105) 
-		{
-		BIO_printf(bio_err,"counter should be 105\n");
-		goto end;
-		}
-	if (h != 2)
-		{
-		BIO_printf(bio_err,"h should be 2\n");
-		goto end;
-		}
-
-	i=BN_bn2bin(dsa->q,buf);
-	j=sizeof(out_q);
-	if ((i != j) || (memcmp(buf,out_q,i) != 0))
-		{
-		BIO_printf(bio_err,"q value is wrong\n");
-		goto end;
-		}
-
-	i=BN_bn2bin(dsa->p,buf);
-	j=sizeof(out_p);
-	if ((i != j) || (memcmp(buf,out_p,i) != 0))
-		{
-		BIO_printf(bio_err,"p value is wrong\n");
-		goto end;
-		}
-
-	i=BN_bn2bin(dsa->g,buf);
-	j=sizeof(out_g);
-	if ((i != j) || (memcmp(buf,out_g,i) != 0))
-		{
-		BIO_printf(bio_err,"g value is wrong\n");
-		goto end;
-		}
-
-	dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
-	DSA_generate_key(dsa);
-	DSA_sign(0, str1, 20, sig, &siglen, dsa);
-	if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
-		ret=1;
-
-	dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
-	DSA_generate_key(dsa);
-	DSA_sign(0, str1, 20, sig, &siglen, dsa);
-	if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
-		ret=1;
-
-end:
-	if (!ret)
-		ERR_print_errors(bio_err);
-	if (dsa != NULL) DSA_free(dsa);
-	CRYPTO_cleanup_all_ex_data();
-	ERR_remove_thread_state(NULL);
-	ERR_free_strings();
-	CRYPTO_mem_leaks(bio_err);
-	if (bio_err != NULL)
-		{
-		BIO_free(bio_err);
-		bio_err = NULL;
-		}
-#ifdef OPENSSL_SYS_NETWARE
-    if (!ret) printf("ERROR\n");
-#endif
-	EXIT(!ret);
-	return(0);
-	}
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg)
-	{
-	char c='*';
-	static int ok=0,num=0;
-
-	if (p == 0) { c='.'; num++; };
-	if (p == 1) c='+';
-	if (p == 2) { c='*'; ok++; }
-	if (p == 3) c='\n';
-	BIO_write(arg->arg,&c,1);
-	(void)BIO_flush(arg->arg);
-
-	if (!ok && (p == 0) && (num > 1))
-		{
-		BIO_printf((BIO *)arg,"error in dsatest\n");
-		return 0;
-		}
-	return 1;
-	}
-#endif
diff --git a/crypto/dsa/fips186a.txt b/crypto/dsa/fips186a.txt
deleted file mode 100644
index 3a2e0a0d51..0000000000
--- a/crypto/dsa/fips186a.txt
+++ /dev/null
@@ -1,122 +0,0 @@
-The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
-examples.  This is an updated version that uses SHA-1 (FIPS 180-1)
-supplied to me by Wei Dai
---
-		     APPENDIX 5. EXAMPLE OF THE DSA
-
-
-This appendix is for informational purposes only and is not required to meet
-the standard.
-
-Let L = 512 (size of p).  The values in this example are expressed in
-hexadecimal notation.  The p and q given here were generated by the prime
-generation standard described in appendix 2 using the 160-bit SEED:
-
-          d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
-
-With this SEED, the algorithm found p and q when the counter was at 105.
-
-x was generated by the algorithm described in appendix 3, section 3.1, using
-the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
-
-XSEED =   
-
-	bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
-
-t =
-	67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
-
-x = G(t,XSEED) mod q
-
-k was generated by the algorithm described in appendix 3, section 3.2, using
-the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
-
-KSEED =
-
-	687a66d9 0648f993 867e121f 4ddf9ddb 01205584
-
-t =
-	EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
-
-k = G(t,KSEED) mod q
-
-Finally:
-
-h = 2
-
-p =
-	8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
-	cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
-	49693dfb f83724c2 ec0736ee 31c80291
-
-
-q =
-	c773218c 737ec8ee 993b4f2d ed30f48e dace915f
-
-
-g =
-	626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
-	3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
-	c42e9f6f 464b088c c572af53 e6d78802
-
-
-x =
-	2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
-
-
-k =
-	358dad57 1462710f 50e254cf 1a376b2b deaadfbf
-
-
-kinv = 
-
-	0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
-
-M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
-
-SHA(M) =  
-
-	a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
-
-
-y =
-
-	19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85 
-	9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
-	858fba33 f44c0669 9630a76b 030ee333
-
-
-r =
-	8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
-
-s =
-	41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
-
-
-w =
-	9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
-
-
-u1 =
-	bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
-
-
-u2 =
-	821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
-
-
-gu1 mod p =
-
-	51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
-	9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
-	6f96662a 1987a21b e4ec1071 010b6069
-
-
-yu2 mod p =
-
-	8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
-	5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67 
-	c19441f4 22bf3c34 08aeba1f 0a4dbec7
-
-v =
-	8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
diff --git a/crypto/dso/README b/crypto/dso/README
deleted file mode 100644
index d0bc9a89fb..0000000000
--- a/crypto/dso/README
+++ /dev/null
@@ -1,22 +0,0 @@
-NOTES
------
-
-I've checked out HPUX (well, version 11 at least) and shl_t is
-a pointer type so it's safe to use in the way it has been in
-dso_dl.c. On the other hand, HPUX11 support dlfcn too and
-according to their man page, prefer developers to move to that.
-I'll leave Richard's changes there as I guess dso_dl is needed
-for HPUX10.20.
-
-There is now a callback scheme in place where filename conversion can
-(a) be turned off altogether through the use of the
-    DSO_FLAG_NO_NAME_TRANSLATION flag,
-(b) be handled by default using the default DSO_METHOD's converter
-(c) overriden per-DSO by setting the override callback
-(d) a mix of (b) and (c) - eg. implement an override callback that;
-    (i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....)
-        and if so, convert "blah" into "blah32.dll" (the default is
-	otherwise to make it "blah.dll").
-    (ii) default to the normal behaviour - we're not on win32, eg.
-         finish with (return dso->meth->dso_name_converter(dso,NULL)).
-
diff --git a/crypto/dso/dso.h b/crypto/dso/dso.h
deleted file mode 100644
index 839f2e0617..0000000000
--- a/crypto/dso/dso.h
+++ /dev/null
@@ -1,409 +0,0 @@
-/* dso.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DSO_H
-#define HEADER_DSO_H
-
-#include <openssl/crypto.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* These values are used as commands to DSO_ctrl() */
-#define DSO_CTRL_GET_FLAGS	1
-#define DSO_CTRL_SET_FLAGS	2
-#define DSO_CTRL_OR_FLAGS	3
-
-/* By default, DSO_load() will translate the provided filename into a form
- * typical for the platform (more specifically the DSO_METHOD) using the
- * dso_name_converter function of the method. Eg. win32 will transform "blah"
- * into "blah.dll", and dlfcn will transform it into "libblah.so". The
- * behaviour can be overriden by setting the name_converter callback in the DSO
- * object (using DSO_set_name_converter()). This callback could even utilise
- * the DSO_METHOD's converter too if it only wants to override behaviour for
- * one or two possible DSO methods. However, the following flag can be set in a
- * DSO to prevent *any* native name-translation at all - eg. if the caller has
- * prompted the user for a path to a driver library so the filename should be
- * interpreted as-is. */
-#define DSO_FLAG_NO_NAME_TRANSLATION		0x01
-/* An extra flag to give if only the extension should be added as
- * translation.  This is obviously only of importance on Unix and
- * other operating systems where the translation also may prefix
- * the name with something, like 'lib', and ignored everywhere else.
- * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used
- * at the same time. */
-#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY	0x02
-
-/* The following flag controls the translation of symbol names to upper
- * case.  This is currently only being implemented for OpenVMS.
- */
-#define DSO_FLAG_UPCASE_SYMBOL			0x10
-
-/* This flag loads the library with public symbols.
- * Meaning: The exported symbols of this library are public
- * to all libraries loaded after this library.
- * At the moment only implemented in unix.
- */
-#define DSO_FLAG_GLOBAL_SYMBOLS			0x20
-
-
-typedef void (*DSO_FUNC_TYPE)(void);
-
-typedef struct dso_st DSO;
-
-/* The function prototype used for method functions (or caller-provided
- * callbacks) that transform filenames. They are passed a DSO structure pointer
- * (or NULL if they are to be used independantly of a DSO object) and a
- * filename to transform. They should either return NULL (if there is an error
- * condition) or a newly allocated string containing the transformed form that
- * the caller will need to free with OPENSSL_free() when done. */
-typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
-/* The function prototype used for method functions (or caller-provided
- * callbacks) that merge two file specifications. They are passed a
- * DSO structure pointer (or NULL if they are to be used independantly of
- * a DSO object) and two file specifications to merge. They should
- * either return NULL (if there is an error condition) or a newly allocated
- * string containing the result of merging that the caller will need
- * to free with OPENSSL_free() when done.
- * Here, merging means that bits and pieces are taken from each of the
- * file specifications and added together in whatever fashion that is
- * sensible for the DSO method in question.  The only rule that really
- * applies is that if the two specification contain pieces of the same
- * type, the copy from the first string takes priority.  One could see
- * it as the first specification is the one given by the user and the
- * second being a bunch of defaults to add on if they're missing in the
- * first. */
-typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
-
-typedef struct dso_meth_st
-	{
-	const char *name;
-	/* Loads a shared library, NB: new DSO_METHODs must ensure that a
-	 * successful load populates the loaded_filename field, and likewise a
-	 * successful unload OPENSSL_frees and NULLs it out. */
-	int (*dso_load)(DSO *dso);
-	/* Unloads a shared library */
-	int (*dso_unload)(DSO *dso);
-	/* Binds a variable */
-	void *(*dso_bind_var)(DSO *dso, const char *symname);
-	/* Binds a function - assumes a return type of DSO_FUNC_TYPE.
-	 * This should be cast to the real function prototype by the
-	 * caller. Platforms that don't have compatible representations
-	 * for different prototypes (this is possible within ANSI C)
-	 * are highly unlikely to have shared libraries at all, let
-	 * alone a DSO_METHOD implemented for them. */
-	DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname);
-
-/* I don't think this would actually be used in any circumstances. */
-#if 0
-	/* Unbinds a variable */
-	int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr);
-	/* Unbinds a function */
-	int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-#endif
-	/* The generic (yuck) "ctrl()" function. NB: Negative return
-	 * values (rather than zero) indicate errors. */
-	long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg);
-	/* The default DSO_METHOD-specific function for converting filenames to
-	 * a canonical native form. */
-	DSO_NAME_CONVERTER_FUNC dso_name_converter;
-	/* The default DSO_METHOD-specific function for converting filenames to
-	 * a canonical native form. */
-	DSO_MERGER_FUNC dso_merger;
-
-	/* [De]Initialisation handlers. */
-	int (*init)(DSO *dso);
-	int (*finish)(DSO *dso);
-
-	/* Return pathname of the module containing location */
-	int (*pathbyaddr)(void *addr,char *path,int sz);
-	/* Perform global symbol lookup, i.e. among *all* modules */
-	void *(*globallookup)(const char *symname);
-	} DSO_METHOD;
-
-/**********************************************************************/
-/* The low-level handle type used to refer to a loaded shared library */
-
-struct dso_st
-	{
-	DSO_METHOD *meth;
-	/* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS
-	 * doesn't use anything but will need to cache the filename
-	 * for use in the dso_bind handler. All in all, let each
-	 * method control its own destiny. "Handles" and such go in
-	 * a STACK. */
-	STACK_OF(void) *meth_data;
-	int references;
-	int flags;
-	/* For use by applications etc ... use this for your bits'n'pieces,
-	 * don't touch meth_data! */
-	CRYPTO_EX_DATA ex_data;
-	/* If this callback function pointer is set to non-NULL, then it will
-	 * be used in DSO_load() in place of meth->dso_name_converter. NB: This
-	 * should normally set using DSO_set_name_converter(). */
-	DSO_NAME_CONVERTER_FUNC name_converter;
-	/* If this callback function pointer is set to non-NULL, then it will
-	 * be used in DSO_load() in place of meth->dso_merger. NB: This
-	 * should normally set using DSO_set_merger(). */
-	DSO_MERGER_FUNC merger;
-	/* This is populated with (a copy of) the platform-independant
-	 * filename used for this DSO. */
-	char *filename;
-	/* This is populated with (a copy of) the translated filename by which
-	 * the DSO was actually loaded. It is NULL iff the DSO is not currently
-	 * loaded. NB: This is here because the filename translation process
-	 * may involve a callback being invoked more than once not only to
-	 * convert to a platform-specific form, but also to try different
-	 * filenames in the process of trying to perform a load. As such, this
-	 * variable can be used to indicate (a) whether this DSO structure
-	 * corresponds to a loaded library or not, and (b) the filename with
-	 * which it was actually loaded. */
-	char *loaded_filename;
-	};
-
-
-DSO *	DSO_new(void);
-DSO *	DSO_new_method(DSO_METHOD *method);
-int	DSO_free(DSO *dso);
-int	DSO_flags(DSO *dso);
-int	DSO_up_ref(DSO *dso);
-long	DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
-
-/* This function sets the DSO's name_converter callback. If it is non-NULL,
- * then it will be used instead of the associated DSO_METHOD's function. If
- * oldcb is non-NULL then it is set to the function pointer value being
- * replaced. Return value is non-zero for success. */
-int	DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
-				DSO_NAME_CONVERTER_FUNC *oldcb);
-/* These functions can be used to get/set the platform-independant filename
- * used for a DSO. NB: set will fail if the DSO is already loaded. */
-const char *DSO_get_filename(DSO *dso);
-int	DSO_set_filename(DSO *dso, const char *filename);
-/* This function will invoke the DSO's name_converter callback to translate a
- * filename, or if the callback isn't set it will instead use the DSO_METHOD's
- * converter. If "filename" is NULL, the "filename" in the DSO itself will be
- * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
- * simply duplicated. NB: This function is usually called from within a
- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that
- * caller-created DSO_METHODs can do the same thing. A non-NULL return value
- * will need to be OPENSSL_free()'d. */
-char	*DSO_convert_filename(DSO *dso, const char *filename);
-/* This function will invoke the DSO's merger callback to merge two file
- * specifications, or if the callback isn't set it will instead use the
- * DSO_METHOD's merger.  A non-NULL return value will need to be
- * OPENSSL_free()'d. */
-char	*DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
-/* If the DSO is currently loaded, this returns the filename that it was loaded
- * under, otherwise it returns NULL. So it is also useful as a test as to
- * whether the DSO is currently loaded. NB: This will not necessarily return
- * the same value as DSO_convert_filename(dso, dso->filename), because the
- * DSO_METHOD's load function may have tried a variety of filenames (with
- * and/or without the aid of the converters) before settling on the one it
- * actually loaded. */
-const char *DSO_get_loaded_filename(DSO *dso);
-
-void	DSO_set_default_method(DSO_METHOD *meth);
-DSO_METHOD *DSO_get_default_method(void);
-DSO_METHOD *DSO_get_method(DSO *dso);
-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
-
-/* The all-singing all-dancing load function, you normally pass NULL
- * for the first and third parameters. Use DSO_up and DSO_free for
- * subsequent reference count handling. Any flags passed in will be set
- * in the constructed DSO after its init() function but before the
- * load operation. If 'dso' is non-NULL, 'flags' is ignored. */
-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
-
-/* This function binds to a variable inside a shared library. */
-void *DSO_bind_var(DSO *dso, const char *symname);
-
-/* This function binds to a function inside a shared library. */
-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
-
-/* This method is the default, but will beg, borrow, or steal whatever
- * method should be the default on any particular platform (including
- * DSO_METH_null() if necessary). */
-DSO_METHOD *DSO_METHOD_openssl(void);
-
-/* This method is defined for all platforms - if a platform has no
- * DSO support then this will be the only method! */
-DSO_METHOD *DSO_METHOD_null(void);
-
-/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions
- * (dlopen, dlclose, dlsym, etc) will be used and incorporated into
- * this method. If not, this method will return NULL. */
-DSO_METHOD *DSO_METHOD_dlfcn(void);
-
-/* If DSO_DL is defined, the standard dl.h-style functions (shl_load, 
- * shl_unload, shl_findsym, etc) will be used and incorporated into
- * this method. If not, this method will return NULL. */
-DSO_METHOD *DSO_METHOD_dl(void);
-
-/* If WIN32 is defined, use DLLs. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_win32(void);
-
-/* If VMS is defined, use shared images. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_vms(void);
-
-/* This function writes null-terminated pathname of DSO module
- * containing 'addr' into 'sz' large caller-provided 'path' and
- * returns the number of characters [including trailing zero]
- * written to it. If 'sz' is 0 or negative, 'path' is ignored and
- * required amount of charachers [including trailing zero] to
- * accomodate pathname is returned. If 'addr' is NULL, then
- * pathname of cryptolib itself is returned. Negative or zero
- * return value denotes error.
- */
-int DSO_pathbyaddr(void *addr,char *path,int sz);
-
-/* This function should be used with caution! It looks up symbols in
- * *all* loaded modules and if module gets unloaded by somebody else
- * attempt to dereference the pointer is doomed to have fatal
- * consequences. Primary usage for this function is to probe *core*
- * system functionality, e.g. check if getnameinfo(3) is available
- * at run-time without bothering about OS-specific details such as
- * libc.so.versioning or where does it actually reside: in libc
- * itself or libsocket. */
-void *DSO_global_lookup(const char *name);
-
-/* If BeOS is defined, use shared images. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_beos(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DSO_strings(void);
-
-/* Error codes for the DSO functions. */
-
-/* Function codes. */
-#define DSO_F_BEOS_BIND_FUNC				 144
-#define DSO_F_BEOS_BIND_VAR				 145
-#define DSO_F_BEOS_LOAD					 146
-#define DSO_F_BEOS_NAME_CONVERTER			 147
-#define DSO_F_BEOS_UNLOAD				 148
-#define DSO_F_DLFCN_BIND_FUNC				 100
-#define DSO_F_DLFCN_BIND_VAR				 101
-#define DSO_F_DLFCN_LOAD				 102
-#define DSO_F_DLFCN_MERGER				 130
-#define DSO_F_DLFCN_NAME_CONVERTER			 123
-#define DSO_F_DLFCN_UNLOAD				 103
-#define DSO_F_DL_BIND_FUNC				 104
-#define DSO_F_DL_BIND_VAR				 105
-#define DSO_F_DL_LOAD					 106
-#define DSO_F_DL_MERGER					 131
-#define DSO_F_DL_NAME_CONVERTER				 124
-#define DSO_F_DL_UNLOAD					 107
-#define DSO_F_DSO_BIND_FUNC				 108
-#define DSO_F_DSO_BIND_VAR				 109
-#define DSO_F_DSO_CONVERT_FILENAME			 126
-#define DSO_F_DSO_CTRL					 110
-#define DSO_F_DSO_FREE					 111
-#define DSO_F_DSO_GET_FILENAME				 127
-#define DSO_F_DSO_GET_LOADED_FILENAME			 128
-#define DSO_F_DSO_GLOBAL_LOOKUP				 139
-#define DSO_F_DSO_LOAD					 112
-#define DSO_F_DSO_MERGE					 132
-#define DSO_F_DSO_NEW_METHOD				 113
-#define DSO_F_DSO_PATHBYADDR				 140
-#define DSO_F_DSO_SET_FILENAME				 129
-#define DSO_F_DSO_SET_NAME_CONVERTER			 122
-#define DSO_F_DSO_UP_REF				 114
-#define DSO_F_GLOBAL_LOOKUP_FUNC			 138
-#define DSO_F_PATHBYADDR				 137
-#define DSO_F_VMS_BIND_SYM				 115
-#define DSO_F_VMS_LOAD					 116
-#define DSO_F_VMS_MERGER				 133
-#define DSO_F_VMS_UNLOAD				 117
-#define DSO_F_WIN32_BIND_FUNC				 118
-#define DSO_F_WIN32_BIND_VAR				 119
-#define DSO_F_WIN32_GLOBALLOOKUP			 142
-#define DSO_F_WIN32_GLOBALLOOKUP_FUNC			 143
-#define DSO_F_WIN32_JOINER				 135
-#define DSO_F_WIN32_LOAD				 120
-#define DSO_F_WIN32_MERGER				 134
-#define DSO_F_WIN32_NAME_CONVERTER			 125
-#define DSO_F_WIN32_PATHBYADDR				 141
-#define DSO_F_WIN32_SPLITTER				 136
-#define DSO_F_WIN32_UNLOAD				 121
-
-/* Reason codes. */
-#define DSO_R_CTRL_FAILED				 100
-#define DSO_R_DSO_ALREADY_LOADED			 110
-#define DSO_R_EMPTY_FILE_STRUCTURE			 113
-#define DSO_R_FAILURE					 114
-#define DSO_R_FILENAME_TOO_BIG				 101
-#define DSO_R_FINISH_FAILED				 102
-#define DSO_R_INCORRECT_FILE_SYNTAX			 115
-#define DSO_R_LOAD_FAILED				 103
-#define DSO_R_NAME_TRANSLATION_FAILED			 109
-#define DSO_R_NO_FILENAME				 111
-#define DSO_R_NO_FILE_SPECIFICATION			 116
-#define DSO_R_NULL_HANDLE				 104
-#define DSO_R_SET_FILENAME_FAILED			 112
-#define DSO_R_STACK_ERROR				 105
-#define DSO_R_SYM_FAILURE				 106
-#define DSO_R_UNLOAD_FAILED				 107
-#define DSO_R_UNSUPPORTED				 108
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c
deleted file mode 100644
index fc4236bd9a..0000000000
--- a/crypto/dso/dso_dl.c
+++ /dev/null
@@ -1,393 +0,0 @@
-/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#ifndef DSO_DL
-DSO_METHOD *DSO_METHOD_dl(void)
-       {
-       return NULL;
-       }
-#else
-
-#include <dl.h>
-
-/* Part of the hack in "dl_load" ... */
-#define DSO_MAX_TRANSLATED_SIZE 256
-
-static int dl_load(DSO *dso);
-static int dl_unload(DSO *dso);
-static void *dl_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
-#if 0
-static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
-static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-static int dl_init(DSO *dso);
-static int dl_finish(DSO *dso);
-static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
-#endif
-static char *dl_name_converter(DSO *dso, const char *filename);
-static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2);
-static int dl_pathbyaddr(void *addr,char *path,int sz);
-static void *dl_globallookup(const char *name);
-
-static DSO_METHOD dso_meth_dl = {
-	"OpenSSL 'dl' shared library method",
-	dl_load,
-	dl_unload,
-	dl_bind_var,
-	dl_bind_func,
-/* For now, "unbind" doesn't exist */
-#if 0
-	NULL, /* unbind_var */
-	NULL, /* unbind_func */
-#endif
-	NULL, /* ctrl */
-	dl_name_converter,
-	dl_merger,
-	NULL, /* init */
-	NULL, /* finish */
-	dl_pathbyaddr,
-	dl_globallookup
-	};
-
-DSO_METHOD *DSO_METHOD_dl(void)
-	{
-	return(&dso_meth_dl);
-	}
-
-/* For this DSO_METHOD, our meth_data STACK will contain;
- * (i) the handle (shl_t) returned from shl_load().
- * NB: I checked on HPUX11 and shl_t is itself a pointer
- * type so the cast is safe.
- */
-
-static int dl_load(DSO *dso)
-	{
-	shl_t ptr = NULL;
-	/* We don't do any fancy retries or anything, just take the method's
-	 * (or DSO's if it has the callback set) best translation of the
-	 * platform-independant filename and try once with that. */
-	char *filename= DSO_convert_filename(dso, NULL);
-
-	if(filename == NULL)
-		{
-		DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
-		goto err;
-		}
-	ptr = shl_load(filename, BIND_IMMEDIATE |
-		(dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
-		ERR_add_error_data(4, "filename(", filename, "): ",
-			strerror(errno));
-		goto err;
-		}
-	if(!sk_push(dso->meth_data, (char *)ptr))
-		{
-		DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR);
-		goto err;
-		}
-	/* Success, stick the converted filename we've loaded under into the DSO
-	 * (it also serves as the indicator that we are currently loaded). */
-	dso->loaded_filename = filename;
-	return(1);
-err:
-	/* Cleanup! */
-	if(filename != NULL)
-		OPENSSL_free(filename);
-	if(ptr != NULL)
-		shl_unload(ptr);
-	return(0);
-	}
-
-static int dl_unload(DSO *dso)
-	{
-	shl_t ptr;
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DL_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		return(1);
-	/* Is this statement legal? */
-	ptr = (shl_t)sk_pop(dso->meth_data);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DL_UNLOAD,DSO_R_NULL_HANDLE);
-		/* Should push the value back onto the stack in
-		 * case of a retry. */
-		sk_push(dso->meth_data, (char *)ptr);
-		return(0);
-		}
-	shl_unload(ptr);
-	return(1);
-	}
-
-static void *dl_bind_var(DSO *dso, const char *symname)
-	{
-	shl_t ptr;
-	void *sym;
-
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_DL_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		{
-		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_STACK_ERROR);
-		return(NULL);
-		}
-	ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);
-		return(NULL);
-		}
-	if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
-		{
-		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
-		ERR_add_error_data(4, "symname(", symname, "): ",
-			strerror(errno));
-		return(NULL);
-		}
-	return(sym);
-	}
-
-static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
-	{
-	shl_t ptr;
-	void *sym;
-
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_DL_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		{
-		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_STACK_ERROR);
-		return(NULL);
-		}
-	ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);
-		return(NULL);
-		}
-	if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
-		{
-		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
-		ERR_add_error_data(4, "symname(", symname, "): ",
-			strerror(errno));
-		return(NULL);
-		}
-	return((DSO_FUNC_TYPE)sym);
-	}
-
-static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
-	{
-	char *merged;
-
-	if(!filespec1 && !filespec2)
-		{
-		DSOerr(DSO_F_DL_MERGER,
-				ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	/* If the first file specification is a rooted path, it rules.
-	   same goes if the second file specification is missing. */
-	if (!filespec2 || filespec1[0] == '/')
-		{
-		merged = OPENSSL_malloc(strlen(filespec1) + 1);
-		if(!merged)
-			{
-			DSOerr(DSO_F_DL_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec1);
-		}
-	/* If the first file specification is missing, the second one rules. */
-	else if (!filespec1)
-		{
-		merged = OPENSSL_malloc(strlen(filespec2) + 1);
-		if(!merged)
-			{
-			DSOerr(DSO_F_DL_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec2);
-		}
-	else
-		/* This part isn't as trivial as it looks.  It assumes that
-		   the second file specification really is a directory, and
-		   makes no checks whatsoever.  Therefore, the result becomes
-		   the concatenation of filespec2 followed by a slash followed
-		   by filespec1. */
-		{
-		int spec2len, len;
-
-		spec2len = (filespec2 ? strlen(filespec2) : 0);
-		len = spec2len + (filespec1 ? strlen(filespec1) : 0);
-
-		if(filespec2 && filespec2[spec2len - 1] == '/')
-			{
-			spec2len--;
-			len--;
-			}
-		merged = OPENSSL_malloc(len + 2);
-		if(!merged)
-			{
-			DSOerr(DSO_F_DL_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec2);
-		merged[spec2len] = '/';
-		strcpy(&merged[spec2len + 1], filespec1);
-		}
-	return(merged);
-	}
-
-/* This function is identical to the one in dso_dlfcn.c, but as it is highly
- * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the
- * same time, there's no great duplicating the code. Figuring out an elegant 
- * way to share one copy of the code would be more difficult and would not
- * leave the implementations independant. */
-#if defined(__hpux)
-static const char extension[] = ".sl";
-#else
-static const char extension[] = ".so";
-#endif
-static char *dl_name_converter(DSO *dso, const char *filename)
-	{
-	char *translated;
-	int len, rsize, transform;
-
-	len = strlen(filename);
-	rsize = len + 1;
-	transform = (strstr(filename, "/") == NULL);
-		{
-		/* We will convert this to "%s.s?" or "lib%s.s?" */
-		rsize += strlen(extension);/* The length of ".s?" */
-		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-			rsize += 3; /* The length of "lib" */
-		}
-	translated = OPENSSL_malloc(rsize);
-	if(translated == NULL)
-		{
-		DSOerr(DSO_F_DL_NAME_CONVERTER,
-				DSO_R_NAME_TRANSLATION_FAILED); 
-		return(NULL);   
-		}
-	if(transform)
-		{
-		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-			sprintf(translated, "lib%s%s", filename, extension);
-		else
-			sprintf(translated, "%s%s", filename, extension);
-		}
-	else
-		sprintf(translated, "%s", filename);
-	return(translated);
-	}
-
-static int dl_pathbyaddr(void *addr,char *path,int sz)
-	{
-	struct shl_descriptor inf;
-	int i,len;
-
-	if (addr == NULL)
-		{
-		union	{ int(*f)(void*,char*,int); void *p; } t =
-			{ dl_pathbyaddr };
-		addr = t.p;
-		}
-
-	for (i=-1;shl_get_r(i,&inf)==0;i++)
-		{
-		if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
-		    ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
-			{
-			len = (int)strlen(inf.filename);
-			if (sz <= 0) return len+1;
-			if (len >= sz) len=sz-1;
-			memcpy(path,inf.filename,len);
-			path[len++] = 0;
-			return len;
-			}
-		}
-
-	return -1;
-	}
-
-static void *dl_globallookup(const char *name)
-	{
-	void *ret;
-	shl_t h = NULL;
-
-	return shl_findsym(&h,name,TYPE_UNDEFINED,&ret) ? NULL : ret;
-	}
-#endif /* DSO_DL */
diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
deleted file mode 100644
index faa9d76b42..0000000000
--- a/crypto/dso/dso_dlfcn.c
+++ /dev/null
@@ -1,482 +0,0 @@
-/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* We need to do this early, because stdio.h includes the header files
-   that handle _GNU_SOURCE and other similar macros.  Defining it later
-   is simply too late, because those headers are protected from re-
-   inclusion.  */
-#ifndef _GNU_SOURCE
-# define _GNU_SOURCE	/* make sure dladdr is declared */
-#endif
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#ifndef DSO_DLFCN
-DSO_METHOD *DSO_METHOD_dlfcn(void)
-	{
-	return NULL;
-	}
-#else
-
-#ifdef HAVE_DLFCN_H
-# ifdef __osf__
-#  define __EXTENSIONS__
-# endif
-# include <dlfcn.h>
-# define HAVE_DLINFO 1
-# if defined(_AIX) || defined(__CYGWIN__) || \
-     defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
-     (defined(__osf__) && !defined(RTLD_NEXT))     || \
-     (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
-	defined(__ANDROID__)
-#  undef HAVE_DLINFO
-# endif
-#endif
-
-/* Part of the hack in "dlfcn_load" ... */
-#define DSO_MAX_TRANSLATED_SIZE 256
-
-static int dlfcn_load(DSO *dso);
-static int dlfcn_unload(DSO *dso);
-static void *dlfcn_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
-#if 0
-static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
-static int dlfcn_init(DSO *dso);
-static int dlfcn_finish(DSO *dso);
-static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
-#endif
-static char *dlfcn_name_converter(DSO *dso, const char *filename);
-static char *dlfcn_merger(DSO *dso, const char *filespec1,
-	const char *filespec2);
-static int dlfcn_pathbyaddr(void *addr,char *path,int sz);
-static void *dlfcn_globallookup(const char *name);
-
-static DSO_METHOD dso_meth_dlfcn = {
-	"OpenSSL 'dlfcn' shared library method",
-	dlfcn_load,
-	dlfcn_unload,
-	dlfcn_bind_var,
-	dlfcn_bind_func,
-/* For now, "unbind" doesn't exist */
-#if 0
-	NULL, /* unbind_var */
-	NULL, /* unbind_func */
-#endif
-	NULL, /* ctrl */
-	dlfcn_name_converter,
-	dlfcn_merger,
-	NULL, /* init */
-	NULL, /* finish */
-	dlfcn_pathbyaddr,
-	dlfcn_globallookup
-	};
-
-DSO_METHOD *DSO_METHOD_dlfcn(void)
-	{
-	return(&dso_meth_dlfcn);
-	}
-
-/* Prior to using the dlopen() function, we should decide on the flag
- * we send. There's a few different ways of doing this and it's a
- * messy venn-diagram to match up which platforms support what. So
- * as we don't have autoconf yet, I'm implementing a hack that could
- * be hacked further relatively easily to deal with cases as we find
- * them. Initially this is to cope with OpenBSD. */
-#if defined(__OpenBSD__) || defined(__NetBSD__)
-#	ifdef DL_LAZY
-#		define DLOPEN_FLAG DL_LAZY
-#	else
-#		ifdef RTLD_NOW
-#			define DLOPEN_FLAG RTLD_NOW
-#		else
-#			define DLOPEN_FLAG 0
-#		endif
-#	endif
-#else
-#	ifdef OPENSSL_SYS_SUNOS
-#		define DLOPEN_FLAG 1
-#	else
-#		define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
-#	endif
-#endif
-
-/* For this DSO_METHOD, our meth_data STACK will contain;
- * (i) the handle (void*) returned from dlopen().
- */
-
-static int dlfcn_load(DSO *dso)
-	{
-	void *ptr = NULL;
-	/* See applicable comments in dso_dl.c */
-	char *filename = DSO_convert_filename(dso, NULL);
-	int flags = DLOPEN_FLAG;
-
-	if(filename == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME);
-		goto err;
-		}
-
-#ifdef RTLD_GLOBAL
-	if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
-		flags |= RTLD_GLOBAL;
-#endif
-	ptr = dlopen(filename, flags);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED);
-		ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
-		goto err;
-		}
-	if(!sk_void_push(dso->meth_data, (char *)ptr))
-		{
-		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR);
-		goto err;
-		}
-	/* Success */
-	dso->loaded_filename = filename;
-	return(1);
-err:
-	/* Cleanup! */
-	if(filename != NULL)
-		OPENSSL_free(filename);
-	if(ptr != NULL)
-		dlclose(ptr);
-	return(0);
-}
-
-static int dlfcn_unload(DSO *dso)
-	{
-	void *ptr;
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if(sk_void_num(dso->meth_data) < 1)
-		return(1);
-	ptr = sk_void_pop(dso->meth_data);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE);
-		/* Should push the value back onto the stack in
-		 * case of a retry. */
-		sk_void_push(dso->meth_data, ptr);
-		return(0);
-		}
-	/* For now I'm not aware of any errors associated with dlclose() */
-	dlclose(ptr);
-	return(1);
-	}
-
-static void *dlfcn_bind_var(DSO *dso, const char *symname)
-	{
-	void *ptr, *sym;
-
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(sk_void_num(dso->meth_data) < 1)
-		{
-		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR);
-		return(NULL);
-		}
-	ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE);
-		return(NULL);
-		}
-	sym = dlsym(ptr, symname);
-	if(sym == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE);
-		ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
-		return(NULL);
-		}
-	return(sym);
-	}
-
-static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
-	{
-	void *ptr;
-	union {
-		DSO_FUNC_TYPE sym;
-		void *dlret;
-	} u;
-
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(sk_void_num(dso->meth_data) < 1)
-		{
-		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR);
-		return(NULL);
-		}
-	ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
-		return(NULL);
-		}
-	u.dlret = dlsym(ptr, symname);
-	if(u.dlret == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
-		ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
-		return(NULL);
-		}
-	return u.sym;
-	}
-
-static char *dlfcn_merger(DSO *dso, const char *filespec1,
-	const char *filespec2)
-	{
-	char *merged;
-
-	if(!filespec1 && !filespec2)
-		{
-		DSOerr(DSO_F_DLFCN_MERGER,
-				ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	/* If the first file specification is a rooted path, it rules.
-	   same goes if the second file specification is missing. */
-	if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/'))
-		{
-		merged = OPENSSL_malloc(strlen(filespec1) + 1);
-		if(!merged)
-			{
-			DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec1);
-		}
-	/* If the first file specification is missing, the second one rules. */
-	else if (!filespec1)
-		{
-		merged = OPENSSL_malloc(strlen(filespec2) + 1);
-		if(!merged)
-			{
-			DSOerr(DSO_F_DLFCN_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec2);
-		}
-	else
-		/* This part isn't as trivial as it looks.  It assumes that
-		   the second file specification really is a directory, and
-		   makes no checks whatsoever.  Therefore, the result becomes
-		   the concatenation of filespec2 followed by a slash followed
-		   by filespec1. */
-		{
-		int spec2len, len;
-
-		spec2len = strlen(filespec2);
-		len = spec2len + (filespec1 ? strlen(filespec1) : 0);
-
-		if(filespec2 && filespec2[spec2len - 1] == '/')
-			{
-			spec2len--;
-			len--;
-			}
-		merged = OPENSSL_malloc(len + 2);
-		if(!merged)
-			{
-			DSOerr(DSO_F_DLFCN_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec2);
-		merged[spec2len] = '/';
-		strcpy(&merged[spec2len + 1], filespec1);
-		}
-	return(merged);
-	}
-
-#ifdef OPENSSL_SYS_MACOSX
-#define DSO_ext	".dylib"
-#define DSO_extlen 6
-#else
-#define DSO_ext	".so"
-#define DSO_extlen 3
-#endif
-
-
-static char *dlfcn_name_converter(DSO *dso, const char *filename)
-	{
-	char *translated;
-	int len, rsize, transform;
-
-	len = strlen(filename);
-	rsize = len + 1;
-	transform = (strstr(filename, "/") == NULL);
-	if(transform)
-		{
-		/* We will convert this to "%s.so" or "lib%s.so" etc */
-		rsize += DSO_extlen;	/* The length of ".so" */
-		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-			rsize += 3; /* The length of "lib" */
-		}
-	translated = OPENSSL_malloc(rsize);
-	if(translated == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_NAME_CONVERTER,
-				DSO_R_NAME_TRANSLATION_FAILED);
-		return(NULL);
-		}
-	if(transform)
-		{
-		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-			sprintf(translated, "lib%s" DSO_ext, filename);
-		else
-			sprintf(translated, "%s" DSO_ext, filename);
-		}
-	else
-		sprintf(translated, "%s", filename);
-	return(translated);
-	}
-
-#ifdef __sgi
-/*
-This is a quote from IRIX manual for dladdr(3c):
-
-     <dlfcn.h> does not contain a prototype for dladdr or definition of
-     Dl_info.  The #include <dlfcn.h>  in the SYNOPSIS line is traditional,
-     but contains no dladdr prototype and no IRIX library contains an
-     implementation.  Write your own declaration based on the code below.
-
-     The following code is dependent on internal interfaces that are not
-     part of the IRIX compatibility guarantee; however, there is no future
-     intention to change this interface, so on a practical level, the code
-     below is safe to use on IRIX.
-*/
-#include <rld_interface.h>
-#ifndef _RLD_INTERFACE_DLFCN_H_DLADDR
-#define _RLD_INTERFACE_DLFCN_H_DLADDR
-typedef struct Dl_info {
-    const char * dli_fname;
-    void       * dli_fbase;
-    const char * dli_sname;
-    void       * dli_saddr;
-    int          dli_version;
-    int          dli_reserved1;
-    long         dli_reserved[4];
-} Dl_info;
-#else
-typedef struct Dl_info Dl_info;
-#endif
-#define _RLD_DLADDR             14
-
-static int dladdr(void *address, Dl_info *dl)
-{
-	void *v;
-	v = _rld_new_interface(_RLD_DLADDR,address,dl);
-	return (int)v;
-}
-#endif /* __sgi */
-
-static int dlfcn_pathbyaddr(void *addr,char *path,int sz)
-	{
-#ifdef HAVE_DLINFO
-	Dl_info dli;
-	int len;
-
-	if (addr == NULL)
-		{
-		union	{ int(*f)(void*,char*,int); void *p; } t =
-			{ dlfcn_pathbyaddr };
-		addr = t.p;
-		}
-
-	if (dladdr(addr,&dli))
-		{
-		len = (int)strlen(dli.dli_fname);
-		if (sz <= 0) return len+1;
-		if (len >= sz) len=sz-1;
-		memcpy(path,dli.dli_fname,len);
-		path[len++]=0;
-		return len;
-		}
-
-	ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror());
-#endif
-	return -1;
-	}
-
-static void *dlfcn_globallookup(const char *name)
-	{
-	void *ret = NULL,*handle = dlopen(NULL,RTLD_LAZY);
-	
-	if (handle)
-		{
-		ret = dlsym(handle,name);
-		dlclose(handle);
-		}
-
-	return ret;
-	}
-#endif /* DSO_DLFCN */
diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c
deleted file mode 100644
index 2bb07c2514..0000000000
--- a/crypto/dso/dso_err.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/* crypto/dso/dso_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/dso.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
-
-static ERR_STRING_DATA DSO_str_functs[]=
-	{
-{ERR_FUNC(DSO_F_BEOS_BIND_FUNC),	"BEOS_BIND_FUNC"},
-{ERR_FUNC(DSO_F_BEOS_BIND_VAR),	"BEOS_BIND_VAR"},
-{ERR_FUNC(DSO_F_BEOS_LOAD),	"BEOS_LOAD"},
-{ERR_FUNC(DSO_F_BEOS_NAME_CONVERTER),	"BEOS_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_BEOS_UNLOAD),	"BEOS_UNLOAD"},
-{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC),	"DLFCN_BIND_FUNC"},
-{ERR_FUNC(DSO_F_DLFCN_BIND_VAR),	"DLFCN_BIND_VAR"},
-{ERR_FUNC(DSO_F_DLFCN_LOAD),	"DLFCN_LOAD"},
-{ERR_FUNC(DSO_F_DLFCN_MERGER),	"DLFCN_MERGER"},
-{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER),	"DLFCN_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_DLFCN_UNLOAD),	"DLFCN_UNLOAD"},
-{ERR_FUNC(DSO_F_DL_BIND_FUNC),	"DL_BIND_FUNC"},
-{ERR_FUNC(DSO_F_DL_BIND_VAR),	"DL_BIND_VAR"},
-{ERR_FUNC(DSO_F_DL_LOAD),	"DL_LOAD"},
-{ERR_FUNC(DSO_F_DL_MERGER),	"DL_MERGER"},
-{ERR_FUNC(DSO_F_DL_NAME_CONVERTER),	"DL_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_DL_UNLOAD),	"DL_UNLOAD"},
-{ERR_FUNC(DSO_F_DSO_BIND_FUNC),	"DSO_bind_func"},
-{ERR_FUNC(DSO_F_DSO_BIND_VAR),	"DSO_bind_var"},
-{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME),	"DSO_convert_filename"},
-{ERR_FUNC(DSO_F_DSO_CTRL),	"DSO_ctrl"},
-{ERR_FUNC(DSO_F_DSO_FREE),	"DSO_free"},
-{ERR_FUNC(DSO_F_DSO_GET_FILENAME),	"DSO_get_filename"},
-{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME),	"DSO_get_loaded_filename"},
-{ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP),	"DSO_global_lookup"},
-{ERR_FUNC(DSO_F_DSO_LOAD),	"DSO_load"},
-{ERR_FUNC(DSO_F_DSO_MERGE),	"DSO_merge"},
-{ERR_FUNC(DSO_F_DSO_NEW_METHOD),	"DSO_new_method"},
-{ERR_FUNC(DSO_F_DSO_PATHBYADDR),	"DSO_pathbyaddr"},
-{ERR_FUNC(DSO_F_DSO_SET_FILENAME),	"DSO_set_filename"},
-{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER),	"DSO_set_name_converter"},
-{ERR_FUNC(DSO_F_DSO_UP_REF),	"DSO_up_ref"},
-{ERR_FUNC(DSO_F_GLOBAL_LOOKUP_FUNC),	"GLOBAL_LOOKUP_FUNC"},
-{ERR_FUNC(DSO_F_PATHBYADDR),	"PATHBYADDR"},
-{ERR_FUNC(DSO_F_VMS_BIND_SYM),	"VMS_BIND_SYM"},
-{ERR_FUNC(DSO_F_VMS_LOAD),	"VMS_LOAD"},
-{ERR_FUNC(DSO_F_VMS_MERGER),	"VMS_MERGER"},
-{ERR_FUNC(DSO_F_VMS_UNLOAD),	"VMS_UNLOAD"},
-{ERR_FUNC(DSO_F_WIN32_BIND_FUNC),	"WIN32_BIND_FUNC"},
-{ERR_FUNC(DSO_F_WIN32_BIND_VAR),	"WIN32_BIND_VAR"},
-{ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP),	"WIN32_GLOBALLOOKUP"},
-{ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP_FUNC),	"WIN32_GLOBALLOOKUP_FUNC"},
-{ERR_FUNC(DSO_F_WIN32_JOINER),	"WIN32_JOINER"},
-{ERR_FUNC(DSO_F_WIN32_LOAD),	"WIN32_LOAD"},
-{ERR_FUNC(DSO_F_WIN32_MERGER),	"WIN32_MERGER"},
-{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER),	"WIN32_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_WIN32_PATHBYADDR),	"WIN32_PATHBYADDR"},
-{ERR_FUNC(DSO_F_WIN32_SPLITTER),	"WIN32_SPLITTER"},
-{ERR_FUNC(DSO_F_WIN32_UNLOAD),	"WIN32_UNLOAD"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA DSO_str_reasons[]=
-	{
-{ERR_REASON(DSO_R_CTRL_FAILED)           ,"control command failed"},
-{ERR_REASON(DSO_R_DSO_ALREADY_LOADED)    ,"dso already loaded"},
-{ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE)  ,"empty file structure"},
-{ERR_REASON(DSO_R_FAILURE)               ,"failure"},
-{ERR_REASON(DSO_R_FILENAME_TOO_BIG)      ,"filename too big"},
-{ERR_REASON(DSO_R_FINISH_FAILED)         ,"cleanup method function failed"},
-{ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX) ,"incorrect file syntax"},
-{ERR_REASON(DSO_R_LOAD_FAILED)           ,"could not load the shared library"},
-{ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"},
-{ERR_REASON(DSO_R_NO_FILENAME)           ,"no filename"},
-{ERR_REASON(DSO_R_NO_FILE_SPECIFICATION) ,"no file specification"},
-{ERR_REASON(DSO_R_NULL_HANDLE)           ,"a null shared library handle was used"},
-{ERR_REASON(DSO_R_SET_FILENAME_FAILED)   ,"set filename failed"},
-{ERR_REASON(DSO_R_STACK_ERROR)           ,"the meth_data stack is corrupt"},
-{ERR_REASON(DSO_R_SYM_FAILURE)           ,"could not bind to the requested symbol name"},
-{ERR_REASON(DSO_R_UNLOAD_FAILED)         ,"could not unload the shared library"},
-{ERR_REASON(DSO_R_UNSUPPORTED)           ,"functionality not supported"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_DSO_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(DSO_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,DSO_str_functs);
-		ERR_load_strings(0,DSO_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
deleted file mode 100644
index 7801529829..0000000000
--- a/crypto/dso/dso_lib.c
+++ /dev/null
@@ -1,491 +0,0 @@
-/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-static DSO_METHOD *default_DSO_meth = NULL;
-
-DSO *DSO_new(void)
-	{
-	return(DSO_new_method(NULL));
-	}
-
-void DSO_set_default_method(DSO_METHOD *meth)
-	{
-	default_DSO_meth = meth;
-	}
-
-DSO_METHOD *DSO_get_default_method(void)
-	{
-	return(default_DSO_meth);
-	}
-
-DSO_METHOD *DSO_get_method(DSO *dso)
-	{
-	return(dso->meth);
-	}
-
-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth)
-	{
-	DSO_METHOD *mtmp;
-	mtmp = dso->meth;
-	dso->meth = meth;
-	return(mtmp);
-	}
-
-DSO *DSO_new_method(DSO_METHOD *meth)
-	{
-	DSO *ret;
-
-	if(default_DSO_meth == NULL)
-		/* We default to DSO_METH_openssl() which in turn defaults
-		 * to stealing the "best available" method. Will fallback
-		 * to DSO_METH_null() in the worst case. */
-		default_DSO_meth = DSO_METHOD_openssl();
-	ret = (DSO *)OPENSSL_malloc(sizeof(DSO));
-	if(ret == NULL)
-		{
-		DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	memset(ret, 0, sizeof(DSO));
-	ret->meth_data = sk_void_new_null();
-	if(ret->meth_data == NULL)
-		{
-		/* sk_new doesn't generate any errors so we do */
-		DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		OPENSSL_free(ret);
-		return(NULL);
-		}
-	if(meth == NULL)
-		ret->meth = default_DSO_meth;
-	else
-		ret->meth = meth;
-	ret->references = 1;
-	if((ret->meth->init != NULL) && !ret->meth->init(ret))
-		{
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
-
-int DSO_free(DSO *dso)
-	{
-        int i;
- 
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
- 
-	i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO);
-#ifdef REF_PRINT
-	REF_PRINT("DSO",dso);
-#endif
-	if(i > 0) return(1);
-#ifdef REF_CHECK
-	if(i < 0)
-		{
-		fprintf(stderr,"DSO_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso))
-		{
-		DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED);
-		return(0);
-		}
- 
-	if((dso->meth->finish != NULL) && !dso->meth->finish(dso))
-		{
-		DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED);
-		return(0);
-		}
-	
-	sk_void_free(dso->meth_data);
-	if(dso->filename != NULL)
-		OPENSSL_free(dso->filename);
-	if(dso->loaded_filename != NULL)
-		OPENSSL_free(dso->loaded_filename);
- 
-	OPENSSL_free(dso);
-	return(1);
-	}
-
-int DSO_flags(DSO *dso)
-	{
-	return((dso == NULL) ? 0 : dso->flags);
-	}
-
-
-int DSO_up_ref(DSO *dso)
-	{
-	if (dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-
-	CRYPTO_add(&dso->references,1,CRYPTO_LOCK_DSO);
-	return(1);
-	}
-
-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
-	{
-	DSO *ret;
-	int allocated = 0;
-
-	if(dso == NULL)
-		{
-		ret = DSO_new_method(meth);
-		if(ret == NULL)
-			{
-			DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		allocated = 1;
-		/* Pass the provided flags to the new DSO object */
-		if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0)
-			{
-			DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED);
-			goto err;
-			}
-		}
-	else
-		ret = dso;
-	/* Don't load if we're currently already loaded */
-	if(ret->filename != NULL)
-		{
-		DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED);
-		goto err;
-		}
-	/* filename can only be NULL if we were passed a dso that already has
-	 * one set. */
-	if(filename != NULL)
-		if(!DSO_set_filename(ret, filename))
-			{
-			DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED);
-			goto err;
-			}
-	filename = ret->filename;
-	if(filename == NULL)
-		{
-		DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME);
-		goto err;
-		}
-	if(ret->meth->dso_load == NULL)
-		{
-		DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED);
-		/* Make sure we unset the filename on failure, because we use
-		 * this to determine when the DSO has been loaded above. */
-		OPENSSL_free(ret->filename);
-		ret->filename = NULL;
-		goto err;
-		}
-	if(!ret->meth->dso_load(ret))
-		{
-		DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED);
-		/* Make sure we unset the filename on failure, because we use
-		 * this to determine when the DSO has been loaded above. */
-		OPENSSL_free(ret->filename);
-		ret->filename = NULL;
-		goto err;
-		}
-	/* Load succeeded */
-	return(ret);
-err:
-	if(allocated)
-		DSO_free(ret);
-	return(NULL);
-	}
-
-void *DSO_bind_var(DSO *dso, const char *symname)
-	{
-	void *ret = NULL;
-
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_DSO_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(dso->meth->dso_bind_var == NULL)
-		{
-		DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_UNSUPPORTED);
-		return(NULL);
-		}
-	if((ret = dso->meth->dso_bind_var(dso, symname)) == NULL)
-		{
-		DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_SYM_FAILURE);
-		return(NULL);
-		}
-	/* Success */
-	return(ret);
-	}
-
-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
-	{
-	DSO_FUNC_TYPE ret = NULL;
-
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_DSO_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(dso->meth->dso_bind_func == NULL)
-		{
-		DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_UNSUPPORTED);
-		return(NULL);
-		}
-	if((ret = dso->meth->dso_bind_func(dso, symname)) == NULL)
-		{
-		DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_SYM_FAILURE);
-		return(NULL);
-		}
-	/* Success */
-	return(ret);
-	}
-
-/* I don't really like these *_ctrl functions very much to be perfectly
- * honest. For one thing, I think I have to return a negative value for
- * any error because possible DSO_ctrl() commands may return values
- * such as "size"s that can legitimately be zero (making the standard
- * "if(DSO_cmd(...))" form that works almost everywhere else fail at
- * odd times. I'd prefer "output" values to be passed by reference and
- * the return value as success/failure like usual ... but we conform
- * when we must... :-) */
-long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
-	{
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-		return(-1);
-		}
-	/* We should intercept certain generic commands and only pass control
-	 * to the method-specific ctrl() function if it's something we don't
-	 * handle. */
-	switch(cmd)
-		{
-	case DSO_CTRL_GET_FLAGS:
-		return dso->flags;
-	case DSO_CTRL_SET_FLAGS:
-		dso->flags = (int)larg;
-		return(0);
-	case DSO_CTRL_OR_FLAGS:
-		dso->flags |= (int)larg;
-		return(0);
-	default:
-		break;
-		}
-	if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL))
-		{
-		DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED);
-		return(-1);
-		}
-	return(dso->meth->dso_ctrl(dso,cmd,larg,parg));
-	}
-
-int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
-			DSO_NAME_CONVERTER_FUNC *oldcb)
-	{
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_SET_NAME_CONVERTER,
-				ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if(oldcb)
-		*oldcb = dso->name_converter;
-	dso->name_converter = cb;
-	return(1);
-	}
-
-const char *DSO_get_filename(DSO *dso)
-	{
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	return(dso->filename);
-	}
-
-int DSO_set_filename(DSO *dso, const char *filename)
-	{
-	char *copied;
-
-	if((dso == NULL) || (filename == NULL))
-		{
-		DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if(dso->loaded_filename)
-		{
-		DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED);
-		return(0);
-		}
-	/* We'll duplicate filename */
-	copied = OPENSSL_malloc(strlen(filename) + 1);
-	if(copied == NULL)
-		{
-		DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	BUF_strlcpy(copied, filename, strlen(filename) + 1);
-	if(dso->filename)
-		OPENSSL_free(dso->filename);
-	dso->filename = copied;
-	return(1);
-	}
-
-char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
-	{
-	char *result = NULL;
-
-	if(dso == NULL || filespec1 == NULL)
-		{
-		DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
-		{
-		if(dso->merger != NULL)
-			result = dso->merger(dso, filespec1, filespec2);
-		else if(dso->meth->dso_merger != NULL)
-			result = dso->meth->dso_merger(dso,
-				filespec1, filespec2);
-		}
-	return(result);
-	}
-
-char *DSO_convert_filename(DSO *dso, const char *filename)
-	{
-	char *result = NULL;
-
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(filename == NULL)
-		filename = dso->filename;
-	if(filename == NULL)
-		{
-		DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME);
-		return(NULL);
-		}
-	if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
-		{
-		if(dso->name_converter != NULL)
-			result = dso->name_converter(dso, filename);
-		else if(dso->meth->dso_name_converter != NULL)
-			result = dso->meth->dso_name_converter(dso, filename);
-		}
-	if(result == NULL)
-		{
-		result = OPENSSL_malloc(strlen(filename) + 1);
-		if(result == NULL)
-			{
-			DSOerr(DSO_F_DSO_CONVERT_FILENAME,
-					ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		BUF_strlcpy(result, filename, strlen(filename) + 1);
-		}
-	return(result);
-	}
-
-const char *DSO_get_loaded_filename(DSO *dso)
-	{
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_GET_LOADED_FILENAME,
-				ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	return(dso->loaded_filename);
-	}
-
-int DSO_pathbyaddr(void *addr,char *path,int sz)
-	{
-	DSO_METHOD *meth = default_DSO_meth;
-	if (meth == NULL) meth = DSO_METHOD_openssl();
-	if (meth->pathbyaddr == NULL)
-		{
-		DSOerr(DSO_F_DSO_PATHBYADDR,DSO_R_UNSUPPORTED);
-		return -1;
-		}
-	return (*meth->pathbyaddr)(addr,path,sz);
-	}
-
-void *DSO_global_lookup(const char *name)
-	{
-	DSO_METHOD *meth = default_DSO_meth;
-	if (meth == NULL) meth = DSO_METHOD_openssl();
-	if (meth->globallookup == NULL)
-		{
-		DSOerr(DSO_F_DSO_GLOBAL_LOOKUP,DSO_R_UNSUPPORTED);
-		return NULL;
-		}
-	return (*meth->globallookup)(name);
-	}
diff --git a/crypto/dso/dso_null.c b/crypto/dso/dso_null.c
deleted file mode 100644
index 49d842d1f5..0000000000
--- a/crypto/dso/dso_null.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/* dso_null.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* This "NULL" method is provided as the fallback for systems that have
- * no appropriate support for "shared-libraries". */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-static DSO_METHOD dso_meth_null = {
-	"NULL shared library method",
-	NULL, /* load */
-	NULL, /* unload */
-	NULL, /* bind_var */
-	NULL, /* bind_func */
-/* For now, "unbind" doesn't exist */
-#if 0
-	NULL, /* unbind_var */
-	NULL, /* unbind_func */
-#endif
-	NULL, /* ctrl */
-	NULL, /* dso_name_converter */
-	NULL, /* dso_merger */
-	NULL, /* init */
-	NULL, /* finish */
-	NULL, /* pathbyaddr */
-	NULL  /* globallookup */
-	};
-
-DSO_METHOD *DSO_METHOD_null(void)
-	{
-	return(&dso_meth_null);
-	}
-
diff --git a/crypto/dso/dso_openssl.c b/crypto/dso/dso_openssl.c
deleted file mode 100644
index b17e8e8e9e..0000000000
--- a/crypto/dso/dso_openssl.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/* dso_openssl.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-/* We just pinch the method from an appropriate "default" method. */
-
-DSO_METHOD *DSO_METHOD_openssl(void)
-	{
-#ifdef DEF_DSO_METHOD
-	return(DEF_DSO_METHOD());
-#elif defined(DSO_DLFCN)
-	return(DSO_METHOD_dlfcn());
-#elif defined(DSO_DL)
-	return(DSO_METHOD_dl());
-#elif defined(DSO_WIN32)
-	return(DSO_METHOD_win32());
-#elif defined(DSO_VMS)
-	return(DSO_METHOD_vms());
-#elif defined(DSO_BEOS)
-	return(DSO_METHOD_beos());
-#else
-	return(DSO_METHOD_null());
-#endif
-	}
-
diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c
deleted file mode 100644
index 43e53bcaf7..0000000000
--- a/crypto/ebcdic.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/* crypto/ebcdic.c */
-
-#ifndef CHARSET_EBCDIC
-
-#include <openssl/e_os2.h>
-#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
-static void *dummy=&dummy;
-#endif
-
-#else /*CHARSET_EBCDIC*/
-
-#include "ebcdic.h"
-/*      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
- *      Adapted for       OpenSSL-0.9.4  by <Martin.Kraemer@Mch.SNI.De>
- */
-
-#ifdef _OSD_POSIX
-/*
-    "BS2000 OSD" is a POSIX subsystem on a main frame.
-    It is made by Siemens AG, Germany, for their BS2000 mainframe machines.
-    Within the POSIX subsystem, the same character set was chosen as in
-    "native BS2000", namely EBCDIC. (EDF04)
-
-    The name "ASCII" in these routines is misleading: actually, conversion
-    is not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1;
-    that means that (western european) national characters are preserved.
-
-    This table is identical to the one used by rsh/rcp/ftp and other POSIX tools.
-*/
-
-/* Here's the bijective ebcdic-to-ascii table: */
-const unsigned char os_toascii[256] = {
-/*00*/ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,
-       0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/
-/*10*/ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,
-       0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/
-/*20*/ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,
-       0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /*................*/
-/*30*/ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
-       0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /*................*/
-/*40*/ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,
-       0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+|*/
-/*50*/ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,
-       0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /*&.........!$*);.*/
-/*60*/ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,
-       0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/
-/*70*/ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,
-       0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /*..........:#@'="*/
-/*80*/ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
-       0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /*.abcdefghi......*/
-/*90*/ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
-       0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /*.jklmnopqr......*/
-/*a0*/ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
-       0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /*..stuvwxyz......*/
-/*b0*/ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,
-       0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /*...........[\]..*/
-/*c0*/ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
-       0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /*.ABCDEFGHI......*/
-/*d0*/ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
-       0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /*.JKLMNOPQR......*/
-/*e0*/ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
-       0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /*..STUVWXYZ......*/
-/*f0*/ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-       0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e  /*0123456789.{.}.~*/
-};
-
-
-/* The ascii-to-ebcdic table: */
-const unsigned char os_toebcdic[256] = {
-/*00*/  0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,
-	0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,  /*................*/
-/*10*/  0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,
-	0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f,  /*................*/
-/*20*/  0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,
-	0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61,  /* !"#$%&'()*+,-./ */
-/*30*/  0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
-	0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f,  /*0123456789:;<=>?*/
-/*40*/  0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
-	0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6,  /*@ABCDEFGHIJKLMNO*/
-/*50*/  0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,
-	0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d,  /*PQRSTUVWXYZ[\]^_*/
-/*60*/  0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
-	0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96,  /*`abcdefghijklmno*/
-/*70*/  0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,
-	0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07,  /*pqrstuvwxyz{|}~.*/
-/*80*/  0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,
-	0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14,  /*................*/
-/*90*/  0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,
-	0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f,  /*................*/
-/*a0*/  0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,
-	0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1,  /*................*/
-/*b0*/  0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,
-	0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab,  /*................*/
-/*c0*/  0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,
-	0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77,  /*................*/
-/*d0*/  0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,
-	0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59,  /*................*/
-/*e0*/  0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,
-	0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57,  /*................*/
-/*f0*/  0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,
-	0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf   /*................*/
-};
-
-#else  /*_OSD_POSIX*/
-
-/*
-This code does basic character mapping for IBM's TPF and OS/390 operating systems.
-It is a modified version of the BS2000 table.
-
-Bijective EBCDIC (character set IBM-1047) to US-ASCII table:
-This table is bijective - there are no ambigous or duplicate characters.
-*/
-const unsigned char os_toascii[256] = {
-    0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f:           */
-    0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
-    0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f:           */
-    0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
-    0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f:           */
-    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
-    0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f:           */
-    0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
-    0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f:           */
-    0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /*  ...........<(+| */
-    0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f:           */
-    0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */
-    0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f:           */
-    0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */
-    0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f:           */
-    0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */
-    0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f:           */
-    0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
-    0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f:           */
-    0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
-    0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af:           */
-    0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */
-    0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf:           */
-    0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */
-    0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf:           */
-    0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */
-    0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df:           */
-    0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */
-    0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef:           */
-    0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */
-    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff:           */
-    0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f  /* 0123456789...... */
-};
-
-
-/*
-The US-ASCII to EBCDIC (character set IBM-1047) table:
-This table is bijective (no ambiguous or duplicate characters)
-*/
-const unsigned char os_toebcdic[256] = {
-    0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f:           */
-    0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
-    0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f:           */
-    0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
-    0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f:           */
-    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /*  !"#$%&'()*+,-./ */
-    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f:           */
-    0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
-    0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f:           */
-    0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
-    0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f:           */
-    0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */
-    0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f:           */
-    0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
-    0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f:           */
-    0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */
-    0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f:           */
-    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
-    0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f:           */
-    0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */
-    0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af:           */
-    0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */
-    0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf:           */
-    0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
-    0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf:           */
-    0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
-    0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df:           */
-    0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */
-    0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef:           */
-    0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
-    0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff:           */
-    0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf  /* ................ */
-};
-#endif /*_OSD_POSIX*/
-
-/* Translate a memory block from EBCDIC (host charset) to ASCII (net charset)
- * dest and srce may be identical, or separate memory blocks, but
- * should not overlap. These functions intentionally have an interface
- * compatible to memcpy(3).
- */
-
-void *
-ebcdic2ascii(void *dest, const void *srce, size_t count)
-{
-    unsigned char *udest = dest;
-    const unsigned char *usrce = srce;
-
-    while (count-- != 0) {
-        *udest++ = os_toascii[*usrce++];
-    }
-
-    return dest;
-}
-
-void *
-ascii2ebcdic(void *dest, const void *srce, size_t count)
-{
-    unsigned char *udest = dest;
-    const unsigned char *usrce = srce;
-
-    while (count-- != 0) {
-        *udest++ = os_toebcdic[*usrce++];
-    }
-
-    return dest;
-}
-
-#endif
diff --git a/crypto/ebcdic.h b/crypto/ebcdic.h
deleted file mode 100644
index 85f3cf7f66..0000000000
--- a/crypto/ebcdic.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* crypto/ebcdic.h */
-
-#ifndef HEADER_EBCDIC_H
-#define HEADER_EBCDIC_H
-
-#include <sys/types.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Avoid name clashes with other applications */
-#define os_toascii   _openssl_os_toascii
-#define os_toebcdic  _openssl_os_toebcdic
-#define ebcdic2ascii _openssl_ebcdic2ascii
-#define ascii2ebcdic _openssl_ascii2ebcdic
-
-extern const unsigned char os_toascii[256];
-extern const unsigned char os_toebcdic[256];
-void *ebcdic2ascii(void *dest, const void *srce, size_t count);
-void *ascii2ebcdic(void *dest, const void *srce, size_t count);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
deleted file mode 100644
index b6e745b829..0000000000
--- a/crypto/ec/ec.h
+++ /dev/null
@@ -1,1178 +0,0 @@
-/* crypto/ec/ec.h */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/**
- * \file crypto/ec/ec.h Include file for the OpenSSL EC functions
- * \author Originally written by Bodo Moeller for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#ifndef HEADER_EC_H
-#define HEADER_EC_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_EC
-#error EC is disabled.
-#endif
-
-#include <openssl/asn1.h>
-#include <openssl/symhacks.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#elif defined(__SUNPRO_C)
-# if __SUNPRO_C >= 0x520
-# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
-# endif
-#endif
-
-  
-#ifndef OPENSSL_ECC_MAX_FIELD_BITS
-# define OPENSSL_ECC_MAX_FIELD_BITS 661
-#endif
-
-/** Enum for the point conversion form as defined in X9.62 (ECDSA)
- *  for the encoding of a elliptic curve point (x,y) */
-typedef enum {
-	/** the point is encoded as z||x, where the octet z specifies 
-	 *  which solution of the quadratic equation y is  */
-	POINT_CONVERSION_COMPRESSED = 2,
-	/** the point is encoded as z||x||y, where z is the octet 0x02  */
-	POINT_CONVERSION_UNCOMPRESSED = 4,
-	/** the point is encoded as z||x||y, where the octet z specifies
-         *  which solution of the quadratic equation y is  */
-	POINT_CONVERSION_HYBRID = 6
-} point_conversion_form_t;
-
-
-typedef struct ec_method_st EC_METHOD;
-
-typedef struct ec_group_st
-	/*
-	 EC_METHOD *meth;
-	 -- field definition
-	 -- curve coefficients
-	 -- optional generator with associated information (order, cofactor)
-	 -- optional extra data (precomputed table for fast computation of multiples of generator)
-	 -- ASN1 stuff
-	*/
-	EC_GROUP;
-
-typedef struct ec_point_st EC_POINT;
-
-
-/********************************************************************/
-/*               EC_METHODs for curves over GF(p)                   */       
-/********************************************************************/
-
-/** Returns the basic GFp ec methods which provides the basis for the
- *  optimized methods. 
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GFp_simple_method(void);
-
-/** Returns GFp methods using montgomery multiplication.
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GFp_mont_method(void);
-
-/** Returns GFp methods using optimized methods for NIST recommended curves
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GFp_nist_method(void);
-
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-/** Returns 64-bit optimized methods for nistp224
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GFp_nistp224_method(void);
-
-/** Returns 64-bit optimized methods for nistp256
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GFp_nistp256_method(void);
-
-/** Returns 64-bit optimized methods for nistp521
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GFp_nistp521_method(void);
-#endif
-
-#ifndef OPENSSL_NO_EC2M
-/********************************************************************/ 
-/*           EC_METHOD for curves over GF(2^m)                      */
-/********************************************************************/
-
-/** Returns the basic GF2m ec method 
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GF2m_simple_method(void);
-
-#endif
-
-
-/********************************************************************/
-/*                   EC_GROUP functions                             */
-/********************************************************************/
-
-/** Creates a new EC_GROUP object
- *  \param   meth  EC_METHOD to use
- *  \return  newly created EC_GROUP object or NULL in case of an error.
- */
-EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
-
-/** Frees a EC_GROUP object
- *  \param  group  EC_GROUP object to be freed.
- */
-void EC_GROUP_free(EC_GROUP *group);
-
-/** Clears and frees a EC_GROUP object
- *  \param  group  EC_GROUP object to be cleared and freed.
- */
-void EC_GROUP_clear_free(EC_GROUP *group);
-
-/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD.
- *  \param  dst  destination EC_GROUP object
- *  \param  src  source EC_GROUP object
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
-
-/** Creates a new EC_GROUP object and copies the copies the content
- *  form src to the newly created EC_KEY object
- *  \param  src  source EC_GROUP object
- *  \return newly created EC_GROUP object or NULL in case of an error.
- */
-EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
-
-/** Returns the EC_METHOD of the EC_GROUP object.
- *  \param  group  EC_GROUP object 
- *  \return EC_METHOD used in this EC_GROUP object.
- */
-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
-
-/** Returns the field type of the EC_METHOD.
- *  \param  meth  EC_METHOD object
- *  \return NID of the underlying field type OID.
- */
-int EC_METHOD_get_field_type(const EC_METHOD *meth);
-
-/** Sets the generator and it's order/cofactor of a EC_GROUP object.
- *  \param  group      EC_GROUP object 
- *  \param  generator  EC_POINT object with the generator.
- *  \param  order      the order of the group generated by the generator.
- *  \param  cofactor   the index of the sub-group generated by the generator
- *                     in the group of all points on the elliptic curve.
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
-
-/** Returns the generator of a EC_GROUP object.
- *  \param  group  EC_GROUP object
- *  \return the currently used generator (possibly NULL).
- */
-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
-
-/** Gets the order of a EC_GROUP
- *  \param  group  EC_GROUP object
- *  \param  order  BIGNUM to which the order is copied
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
-
-/** Gets the cofactor of a EC_GROUP
- *  \param  group     EC_GROUP object
- *  \param  cofactor  BIGNUM to which the cofactor is copied
- *  \param  ctx       BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
-
-/** Sets the name of a EC_GROUP object
- *  \param  group  EC_GROUP object
- *  \param  nid    NID of the curve name OID
- */
-void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
-
-/** Returns the curve name of a EC_GROUP object
- *  \param  group  EC_GROUP object
- *  \return NID of the curve name OID or 0 if not set.
- */
-int EC_GROUP_get_curve_name(const EC_GROUP *group);
-
-void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
-int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
-
-void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
-
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
-size_t EC_GROUP_get_seed_len(const EC_GROUP *);
-size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
-
-/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b
- *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM with the prime number
- *  \param  a      BIGNUM with parameter a of the equation
- *  \param  b      BIGNUM with parameter b of the equation
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-
-/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b
- *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM for the prime number
- *  \param  a      BIGNUM for parameter a of the equation
- *  \param  b      BIGNUM for parameter b of the equation
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-
-#ifndef OPENSSL_NO_EC2M
-/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
- *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM with the polynomial defining the underlying field
- *  \param  a      BIGNUM with parameter a of the equation
- *  \param  b      BIGNUM with parameter b of the equation
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-
-/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
- *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM for the polynomial defining the underlying field
- *  \param  a      BIGNUM for parameter a of the equation
- *  \param  b      BIGNUM for parameter b of the equation
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-#endif
-/** Returns the number of bits needed to represent a field element 
- *  \param  group  EC_GROUP object
- *  \return number of bits needed to represent a field element
- */
-int EC_GROUP_get_degree(const EC_GROUP *group);
-
-/** Checks whether the parameter in the EC_GROUP define a valid ec group
- *  \param  group  EC_GROUP object
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 if group is a valid ec group and 0 otherwise
- */
-int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
-
-/** Checks whether the discriminant of the elliptic curve is zero or not
- *  \param  group  EC_GROUP object
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 if the discriminant is not zero and 0 otherwise
- */
-int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
-
-/** Compares two EC_GROUP objects
- *  \param  a    first EC_GROUP object
- *  \param  b    second EC_GROUP object
- *  \param  ctx  BN_CTX object (optional)
- *  \return 0 if both groups are equal and 1 otherwise
- */
-int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
-
-/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*()
- * after choosing an appropriate EC_METHOD */
-
-/** Creates a new EC_GROUP object with the specified parameters defined
- *  over GFp (defined by the equation y^2 = x^3 + a*x + b)
- *  \param  p    BIGNUM with the prime number
- *  \param  a    BIGNUM with the parameter a of the equation
- *  \param  b    BIGNUM with the parameter b of the equation
- *  \param  ctx  BN_CTX object (optional)
- *  \return newly created EC_GROUP object with the specified parameters
- */
-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-#ifndef OPENSSL_NO_EC2M
-/** Creates a new EC_GROUP object with the specified parameters defined
- *  over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
- *  \param  p    BIGNUM with the polynomial defining the underlying field
- *  \param  a    BIGNUM with the parameter a of the equation
- *  \param  b    BIGNUM with the parameter b of the equation
- *  \param  ctx  BN_CTX object (optional)
- *  \return newly created EC_GROUP object with the specified parameters
- */
-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-#endif
-/** Creates a EC_GROUP object with a curve specified by a NID
- *  \param  nid  NID of the OID of the curve name
- *  \return newly created EC_GROUP object with specified curve or NULL
- *          if an error occurred
- */
-EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
-
-
-/********************************************************************/
-/*               handling of internal curves                        */
-/********************************************************************/
-
-typedef struct { 
-	int nid;
-	const char *comment;
-	} EC_builtin_curve;
-
-/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number 
- * of all available curves or zero if a error occurred. 
- * In case r ist not zero nitems EC_builtin_curve structures 
- * are filled with the data of the first nitems internal groups */
-size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
-
-
-/********************************************************************/
-/*                    EC_POINT functions                            */
-/********************************************************************/
-
-/** Creates a new EC_POINT object for the specified EC_GROUP
- *  \param  group  EC_GROUP the underlying EC_GROUP object
- *  \return newly created EC_POINT object or NULL if an error occurred
- */
-EC_POINT *EC_POINT_new(const EC_GROUP *group);
-
-/** Frees a EC_POINT object
- *  \param  point  EC_POINT object to be freed
- */
-void EC_POINT_free(EC_POINT *point);
-
-/** Clears and frees a EC_POINT object
- *  \param  point  EC_POINT object to be cleared and freed
- */
-void EC_POINT_clear_free(EC_POINT *point);
-
-/** Copies EC_POINT object
- *  \param  dst  destination EC_POINT object
- *  \param  src  source EC_POINT object
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
-
-/** Creates a new EC_POINT object and copies the content of the supplied
- *  EC_POINT
- *  \param  src    source EC_POINT object
- *  \param  group  underlying the EC_GROUP object
- *  \return newly created EC_POINT object or NULL if an error occurred 
- */
-EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
- 
-/** Returns the EC_METHOD used in EC_POINT object 
- *  \param  point  EC_POINT object
- *  \return the EC_METHOD used
- */
-const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
-
-/** Sets a point to infinity (neutral element)
- *  \param  group  underlying EC_GROUP object
- *  \param  point  EC_POINT to set to infinity
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
-
-/** Sets the jacobian projective coordinates of a EC_POINT over GFp
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM with the x-coordinate
- *  \param  y      BIGNUM with the y-coordinate
- *  \param  z      BIGNUM with the z-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
-	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
-
-/** Gets the jacobian projective coordinates of a EC_POINT over GFp
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM for the x-coordinate
- *  \param  y      BIGNUM for the y-coordinate
- *  \param  z      BIGNUM for the z-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
-	const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
-
-/** Sets the affine coordinates of a EC_POINT over GFp
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM with the x-coordinate
- *  \param  y      BIGNUM with the y-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
-
-/** Gets the affine coordinates of a EC_POINT over GFp
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM for the x-coordinate
- *  \param  y      BIGNUM for the y-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
-	const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
-
-/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM with x-coordinate
- *  \param  y_bit  integer with the y-Bit (either 0 or 1)
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
-	const BIGNUM *x, int y_bit, BN_CTX *ctx);
-#ifndef OPENSSL_NO_EC2M
-/** Sets the affine coordinates of a EC_POINT over GF2m
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM with the x-coordinate
- *  \param  y      BIGNUM with the y-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
-
-/** Gets the affine coordinates of a EC_POINT over GF2m
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM for the x-coordinate
- *  \param  y      BIGNUM for the y-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
-	const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
-
-/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM with x-coordinate
- *  \param  y_bit  integer with the y-Bit (either 0 or 1)
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
-	const BIGNUM *x, int y_bit, BN_CTX *ctx);
-#endif
-/** Encodes a EC_POINT object to a octet string
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  form   point conversion form
- *  \param  buf    memory buffer for the result. If NULL the function returns
- *                 required buffer size.
- *  \param  len    length of the memory buffer
- *  \param  ctx    BN_CTX object (optional)
- *  \return the length of the encoded octet string or 0 if an error occurred
- */
-size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
-	point_conversion_form_t form,
-        unsigned char *buf, size_t len, BN_CTX *ctx);
-
-/** Decodes a EC_POINT from a octet string
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  buf    memory buffer with the encoded ec point
- *  \param  len    length of the encoded ec point
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
-        const unsigned char *buf, size_t len, BN_CTX *ctx);
-
-/* other interfaces to point2oct/oct2point: */
-BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
-	point_conversion_form_t form, BIGNUM *, BN_CTX *);
-EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
-	EC_POINT *, BN_CTX *);
-char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
-	point_conversion_form_t form, BN_CTX *);
-EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
-	EC_POINT *, BN_CTX *);
-
-
-/********************************************************************/
-/*         functions for doing EC_POINT arithmetic                  */
-/********************************************************************/
-
-/** Computes the sum of two EC_POINT 
- *  \param  group  underlying EC_GROUP object
- *  \param  r      EC_POINT object for the result (r = a + b)
- *  \param  a      EC_POINT object with the first summand
- *  \param  b      EC_POINT object with the second summand
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
-
-/** Computes the double of a EC_POINT
- *  \param  group  underlying EC_GROUP object
- *  \param  r      EC_POINT object for the result (r = 2 * a)
- *  \param  a      EC_POINT object 
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
-
-/** Computes the inverse of a EC_POINT
- *  \param  group  underlying EC_GROUP object
- *  \param  a      EC_POINT object to be inverted (it's used for the result as well)
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
-
-/** Checks whether the point is the neutral element of the group
- *  \param  group  the underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \return 1 if the point is the neutral element and 0 otherwise
- */
-int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
-
-/** Checks whether the point is on the curve 
- *  \param  group  underlying EC_GROUP object
- *  \param  point  EC_POINT object to check
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 if point if on the curve and 0 otherwise
- */
-int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
-
-/** Compares two EC_POINTs 
- *  \param  group  underlying EC_GROUP object
- *  \param  a      first EC_POINT object
- *  \param  b      second EC_POINT object
- *  \param  ctx    BN_CTX object (optional)
- *  \return 0 if both points are equal and a value != 0 otherwise
- */
-int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
-
-int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
-int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
-
-/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i]
- *  \param  group  underlying EC_GROUP object
- *  \param  r      EC_POINT object for the result
- *  \param  n      BIGNUM with the multiplier for the group generator (optional)
- *  \param  num    number futher summands
- *  \param  p      array of size num of EC_POINT objects
- *  \param  m      array of size num of BIGNUM objects
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
-
-/** Computes r = generator * n + q * m
- *  \param  group  underlying EC_GROUP object
- *  \param  r      EC_POINT object for the result
- *  \param  n      BIGNUM with the multiplier for the group generator (optional)
- *  \param  q      EC_POINT object with the first factor of the second summand
- *  \param  m      BIGNUM with the second factor of the second summand
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
-
-/** Stores multiples of generator for faster point multiplication
- *  \param  group  EC_GROUP object
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-
-/** Reports whether a precomputation has been done
- *  \param  group  EC_GROUP object
- *  \return 1 if a pre-computation has been done and 0 otherwise
- */
-int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
-
-
-/********************************************************************/
-/*                       ASN1 stuff                                 */
-/********************************************************************/
-
-/* EC_GROUP_get_basis_type() returns the NID of the basis type
- * used to represent the field elements */
-int EC_GROUP_get_basis_type(const EC_GROUP *);
-#ifndef OPENSSL_NO_EC2M
-int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
-int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, 
-	unsigned int *k2, unsigned int *k3);
-#endif
-
-#define OPENSSL_EC_NAMED_CURVE	0x001
-
-typedef struct ecpk_parameters_st ECPKPARAMETERS;
-
-EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
-int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
-
-#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
-#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
-#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
-                (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
-#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
-		(unsigned char *)(x))
-
-#ifndef OPENSSL_NO_BIO
-int     ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
-#endif
-#ifndef OPENSSL_NO_FP_API
-int     ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
-#endif
-
-
-/********************************************************************/
-/*                      EC_KEY functions                            */
-/********************************************************************/
-
-typedef struct ec_key_st EC_KEY;
-
-/* some values for the encoding_flag */
-#define EC_PKEY_NO_PARAMETERS	0x001
-#define EC_PKEY_NO_PUBKEY	0x002
-
-/* some values for the flags field */
-#define EC_FLAG_NON_FIPS_ALLOW	0x1
-#define EC_FLAG_FIPS_CHECKED	0x2
-
-/** Creates a new EC_KEY object.
- *  \return EC_KEY object or NULL if an error occurred.
- */
-EC_KEY *EC_KEY_new(void);
-
-int EC_KEY_get_flags(const EC_KEY *key);
-
-void EC_KEY_set_flags(EC_KEY *key, int flags);
-
-void EC_KEY_clear_flags(EC_KEY *key, int flags);
-
-/** Creates a new EC_KEY object using a named curve as underlying
- *  EC_GROUP object.
- *  \param  nid  NID of the named curve.
- *  \return EC_KEY object or NULL if an error occurred. 
- */
-EC_KEY *EC_KEY_new_by_curve_name(int nid);
-
-/** Frees a EC_KEY object.
- *  \param  key  EC_KEY object to be freed.
- */
-void EC_KEY_free(EC_KEY *key);
-
-/** Copies a EC_KEY object.
- *  \param  dst  destination EC_KEY object
- *  \param  src  src EC_KEY object
- *  \return dst or NULL if an error occurred.
- */
-EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
-
-/** Creates a new EC_KEY object and copies the content from src to it.
- *  \param  src  the source EC_KEY object
- *  \return newly created EC_KEY object or NULL if an error occurred.
- */
-EC_KEY *EC_KEY_dup(const EC_KEY *src);
-
-/** Increases the internal reference count of a EC_KEY object.
- *  \param  key  EC_KEY object
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_KEY_up_ref(EC_KEY *key);
-
-/** Returns the EC_GROUP object of a EC_KEY object
- *  \param  key  EC_KEY object
- *  \return the EC_GROUP object (possibly NULL).
- */
-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
-
-/** Sets the EC_GROUP of a EC_KEY object.
- *  \param  key    EC_KEY object
- *  \param  group  EC_GROUP to use in the EC_KEY object (note: the EC_KEY
- *                 object will use an own copy of the EC_GROUP).
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
-
-/** Returns the private key of a EC_KEY object.
- *  \param  key  EC_KEY object
- *  \return a BIGNUM with the private key (possibly NULL).
- */
-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
-
-/** Sets the private key of a EC_KEY object.
- *  \param  key  EC_KEY object
- *  \param  prv  BIGNUM with the private key (note: the EC_KEY object
- *               will use an own copy of the BIGNUM).
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
-
-/** Returns the public key of a EC_KEY object.
- *  \param  key  the EC_KEY object
- *  \return a EC_POINT object with the public key (possibly NULL)
- */
-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
-
-/** Sets the public key of a EC_KEY object.
- *  \param  key  EC_KEY object
- *  \param  pub  EC_POINT object with the public key (note: the EC_KEY object
- *               will use an own copy of the EC_POINT object).
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
-
-unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
-void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
-void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
-/* functions to set/get method specific data  */
-void *EC_KEY_get_key_method_data(EC_KEY *key, 
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-/** Sets the key method data of an EC_KEY object, if none has yet been set.
- *  \param  key              EC_KEY object
- *  \param  data             opaque data to install.
- *  \param  dup_func         a function that duplicates |data|.
- *  \param  free_func        a function that frees |data|.
- *  \param  clear_free_func  a function that wipes and frees |data|.
- *  \return the previously set data pointer, or NULL if |data| was inserted.
- */
-void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-/* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
-
-/** Sets whether ECDSA operations with the given key will calculate their k
- * value from SHA512(private_key + message + random) in order to protect
- * against a weak PRNG.
- * \param  on  Whether to calculate k from a hash or not
- */
-void EC_KEY_set_nonce_from_hash(EC_KEY *key, int on);
-
-/** Returns the value of nonce_from_hash
- */
-int EC_KEY_get_nonce_from_hash(const EC_KEY *key);
-
-/** Creates a table of pre-computed multiples of the generator to 
- *  accelerate further EC_KEY operations.
- *  \param  key  EC_KEY object
- *  \param  ctx  BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
-
-/** Creates a new ec private (and optional a new public) key.
- *  \param  key  EC_KEY object
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_KEY_generate_key(EC_KEY *key);
-
-/** Verifies that a private and/or public key is valid.
- *  \param  key  the EC_KEY object
- *  \return 1 on success and 0 otherwise.
- */
-int EC_KEY_check_key(const EC_KEY *key);
-
-/** Sets a public key from affine coordindates performing
- *  neccessary NIST PKV tests.
- *  \param  key  the EC_KEY object
- *  \param  x    public key x coordinate
- *  \param  y    public key y coordinate
- *  \return 1 on success and 0 otherwise.
- */
-int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
-
-
-/********************************************************************/
-/*        de- and encoding functions for SEC1 ECPrivateKey          */
-/********************************************************************/
-
-/** Decodes a private key from a memory buffer.
- *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
- *  \param  in   pointer to memory with the DER encoded private key
- *  \param  len  length of the DER encoded private key
- *  \return the decoded private key or NULL if an error occurred.
- */
-EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
-
-/** Encodes a private key object and stores the result in a buffer.
- *  \param  key  the EC_KEY object to encode
- *  \param  out  the buffer for the result (if NULL the function returns number
- *               of bytes needed).
- *  \return 1 on success and 0 if an error occurred.
- */
-int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
-
-
-/********************************************************************/
-/*        de- and encoding functions for EC parameters              */
-/********************************************************************/
-
-/** Decodes ec parameter from a memory buffer.
- *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
- *  \param  in   pointer to memory with the DER encoded ec parameters
- *  \param  len  length of the DER encoded ec parameters
- *  \return a EC_KEY object with the decoded parameters or NULL if an error
- *          occurred.
- */
-EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
-
-/** Encodes ec parameter and stores the result in a buffer.
- *  \param  key  the EC_KEY object with ec paramters to encode
- *  \param  out  the buffer for the result (if NULL the function returns number
- *               of bytes needed).
- *  \return 1 on success and 0 if an error occurred.
- */
-int i2d_ECParameters(EC_KEY *key, unsigned char **out);
-
-
-/********************************************************************/
-/*         de- and encoding functions for EC public key             */
-/*         (octet string, not DER -- hence 'o2i' and 'i2o')         */
-/********************************************************************/
-
-/** Decodes a ec public key from a octet string.
- *  \param  key  a pointer to a EC_KEY object which should be used
- *  \param  in   memory buffer with the encoded public key
- *  \param  len  length of the encoded public key
- *  \return EC_KEY object with decoded public key or NULL if an error
- *          occurred.
- */
-EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
-
-/** Encodes a ec public key in an octet string.
- *  \param  key  the EC_KEY object with the public key
- *  \param  out  the buffer for the result (if NULL the function returns number
- *               of bytes needed).
- *  \return 1 on success and 0 if an error occurred
- */
-int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
-
-#ifndef OPENSSL_NO_BIO
-/** Prints out the ec parameters on human readable form.
- *  \param  bp   BIO object to which the information is printed
- *  \param  key  EC_KEY object
- *  \return 1 on success and 0 if an error occurred
- */
-int	ECParameters_print(BIO *bp, const EC_KEY *key);
-
-/** Prints out the contents of a EC_KEY object
- *  \param  bp   BIO object to which the information is printed
- *  \param  key  EC_KEY object
- *  \param  off  line offset 
- *  \return 1 on success and 0 if an error occurred
- */
-int	EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
-
-#endif
-#ifndef OPENSSL_NO_FP_API
-/** Prints out the ec parameters on human readable form.
- *  \param  fp   file descriptor to which the information is printed
- *  \param  key  EC_KEY object
- *  \return 1 on success and 0 if an error occurred
- */
-int	ECParameters_print_fp(FILE *fp, const EC_KEY *key);
-
-/** Prints out the contents of a EC_KEY object
- *  \param  fp   file descriptor to which the information is printed
- *  \param  key  EC_KEY object
- *  \param  off  line offset 
- *  \return 1 on success and 0 if an error occurred
- */
-int	EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
-
-#endif
-
-#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
-
-#ifndef __cplusplus
-#if defined(__SUNPRO_C)
-#  if __SUNPRO_C >= 0x520
-# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
-#  endif
-# endif
-#endif
-
-#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \
-				EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
-
-
-#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID		(EVP_PKEY_ALG_CTRL + 1)
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_EC_strings(void);
-
-/* Error codes for the EC functions. */
-
-/* Function codes. */
-#define EC_F_BN_TO_FELEM				 224
-#define EC_F_COMPUTE_WNAF				 143
-#define EC_F_D2I_ECPARAMETERS				 144
-#define EC_F_D2I_ECPKPARAMETERS				 145
-#define EC_F_D2I_ECPRIVATEKEY				 146
-#define EC_F_DO_EC_KEY_PRINT				 221
-#define EC_F_ECKEY_PARAM2TYPE				 223
-#define EC_F_ECKEY_PARAM_DECODE				 212
-#define EC_F_ECKEY_PRIV_DECODE				 213
-#define EC_F_ECKEY_PRIV_ENCODE				 214
-#define EC_F_ECKEY_PUB_DECODE				 215
-#define EC_F_ECKEY_PUB_ENCODE				 216
-#define EC_F_ECKEY_TYPE2PARAM				 220
-#define EC_F_ECPARAMETERS_PRINT				 147
-#define EC_F_ECPARAMETERS_PRINT_FP			 148
-#define EC_F_ECPKPARAMETERS_PRINT			 149
-#define EC_F_ECPKPARAMETERS_PRINT_FP			 150
-#define EC_F_ECP_NIST_MOD_192				 203
-#define EC_F_ECP_NIST_MOD_224				 204
-#define EC_F_ECP_NIST_MOD_256				 205
-#define EC_F_ECP_NIST_MOD_521				 206
-#define EC_F_EC_ASN1_GROUP2CURVE			 153
-#define EC_F_EC_ASN1_GROUP2FIELDID			 154
-#define EC_F_EC_ASN1_GROUP2PARAMETERS			 155
-#define EC_F_EC_ASN1_GROUP2PKPARAMETERS			 156
-#define EC_F_EC_ASN1_PARAMETERS2GROUP			 157
-#define EC_F_EC_ASN1_PKPARAMETERS2GROUP			 158
-#define EC_F_EC_EX_DATA_SET_DATA			 211
-#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY		 208
-#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT	 159
-#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE		 195
-#define EC_F_EC_GF2M_SIMPLE_OCT2POINT			 160
-#define EC_F_EC_GF2M_SIMPLE_POINT2OCT			 161
-#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
-#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
-#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES	 164
-#define EC_F_EC_GFP_MONT_FIELD_DECODE			 133
-#define EC_F_EC_GFP_MONT_FIELD_ENCODE			 134
-#define EC_F_EC_GFP_MONT_FIELD_MUL			 131
-#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE		 209
-#define EC_F_EC_GFP_MONT_FIELD_SQR			 132
-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE		 189
-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP		 135
-#define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE		 225
-#define EC_F_EC_GFP_NISTP224_POINTS_MUL			 228
-#define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
-#define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE		 230
-#define EC_F_EC_GFP_NISTP256_POINTS_MUL			 231
-#define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232
-#define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE		 233
-#define EC_F_EC_GFP_NISTP521_POINTS_MUL			 234
-#define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235
-#define EC_F_EC_GFP_NIST_FIELD_MUL			 200
-#define EC_F_EC_GFP_NIST_FIELD_SQR			 201
-#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE		 202
-#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT	 165
-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE		 166
-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP		 100
-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR		 101
-#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE			 102
-#define EC_F_EC_GFP_SIMPLE_OCT2POINT			 103
-#define EC_F_EC_GFP_SIMPLE_POINT2OCT			 104
-#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE		 137
-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES	 167
-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES	 168
-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES	 169
-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
-#define EC_F_EC_GROUP_CHECK				 170
-#define EC_F_EC_GROUP_CHECK_DISCRIMINANT		 171
-#define EC_F_EC_GROUP_COPY				 106
-#define EC_F_EC_GROUP_GET0_GENERATOR			 139
-#define EC_F_EC_GROUP_GET_COFACTOR			 140
-#define EC_F_EC_GROUP_GET_CURVE_GF2M			 172
-#define EC_F_EC_GROUP_GET_CURVE_GFP			 130
-#define EC_F_EC_GROUP_GET_DEGREE			 173
-#define EC_F_EC_GROUP_GET_ORDER				 141
-#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS		 193
-#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS		 194
-#define EC_F_EC_GROUP_NEW				 108
-#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME			 174
-#define EC_F_EC_GROUP_NEW_FROM_DATA			 175
-#define EC_F_EC_GROUP_PRECOMPUTE_MULT			 142
-#define EC_F_EC_GROUP_SET_CURVE_GF2M			 176
-#define EC_F_EC_GROUP_SET_CURVE_GFP			 109
-#define EC_F_EC_GROUP_SET_EXTRA_DATA			 110
-#define EC_F_EC_GROUP_SET_GENERATOR			 111
-#define EC_F_EC_KEY_CHECK_KEY				 177
-#define EC_F_EC_KEY_COPY				 178
-#define EC_F_EC_KEY_GENERATE_KEY			 179
-#define EC_F_EC_KEY_NEW					 182
-#define EC_F_EC_KEY_PRINT				 180
-#define EC_F_EC_KEY_PRINT_FP				 181
-#define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES	 229
-#define EC_F_EC_POINTS_MAKE_AFFINE			 136
-#define EC_F_EC_POINT_ADD				 112
-#define EC_F_EC_POINT_CMP				 113
-#define EC_F_EC_POINT_COPY				 114
-#define EC_F_EC_POINT_DBL				 115
-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M	 183
-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP	 116
-#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP	 117
-#define EC_F_EC_POINT_INVERT				 210
-#define EC_F_EC_POINT_IS_AT_INFINITY			 118
-#define EC_F_EC_POINT_IS_ON_CURVE			 119
-#define EC_F_EC_POINT_MAKE_AFFINE			 120
-#define EC_F_EC_POINT_MUL				 184
-#define EC_F_EC_POINT_NEW				 121
-#define EC_F_EC_POINT_OCT2POINT				 122
-#define EC_F_EC_POINT_POINT2OCT				 123
-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M	 185
-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP	 124
-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M	 186
-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP	 125
-#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP	 126
-#define EC_F_EC_POINT_SET_TO_INFINITY			 127
-#define EC_F_EC_PRE_COMP_DUP				 207
-#define EC_F_EC_PRE_COMP_NEW				 196
-#define EC_F_EC_WNAF_MUL				 187
-#define EC_F_EC_WNAF_PRECOMPUTE_MULT			 188
-#define EC_F_I2D_ECPARAMETERS				 190
-#define EC_F_I2D_ECPKPARAMETERS				 191
-#define EC_F_I2D_ECPRIVATEKEY				 192
-#define EC_F_I2O_ECPUBLICKEY				 151
-#define EC_F_NISTP224_PRE_COMP_NEW			 227
-#define EC_F_NISTP256_PRE_COMP_NEW			 236
-#define EC_F_NISTP521_PRE_COMP_NEW			 237
-#define EC_F_O2I_ECPUBLICKEY				 152
-#define EC_F_OLD_EC_PRIV_DECODE				 222
-#define EC_F_PKEY_EC_CTRL				 197
-#define EC_F_PKEY_EC_CTRL_STR				 198
-#define EC_F_PKEY_EC_DERIVE				 217
-#define EC_F_PKEY_EC_KEYGEN				 199
-#define EC_F_PKEY_EC_PARAMGEN				 219
-#define EC_F_PKEY_EC_SIGN				 218
-
-/* Reason codes. */
-#define EC_R_ASN1_ERROR					 115
-#define EC_R_ASN1_UNKNOWN_FIELD				 116
-#define EC_R_BIGNUM_OUT_OF_RANGE			 144
-#define EC_R_BUFFER_TOO_SMALL				 100
-#define EC_R_COORDINATES_OUT_OF_RANGE			 146
-#define EC_R_D2I_ECPKPARAMETERS_FAILURE			 117
-#define EC_R_DECODE_ERROR				 142
-#define EC_R_DISCRIMINANT_IS_ZERO			 118
-#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE		 119
-#define EC_R_FIELD_TOO_LARGE				 143
-#define EC_R_GF2M_NOT_SUPPORTED				 147
-#define EC_R_GROUP2PKPARAMETERS_FAILURE			 120
-#define EC_R_I2D_ECPKPARAMETERS_FAILURE			 121
-#define EC_R_INCOMPATIBLE_OBJECTS			 101
-#define EC_R_INVALID_ARGUMENT				 112
-#define EC_R_INVALID_COMPRESSED_POINT			 110
-#define EC_R_INVALID_COMPRESSION_BIT			 109
-#define EC_R_INVALID_CURVE				 141
-#define EC_R_INVALID_DIGEST_TYPE			 138
-#define EC_R_INVALID_ENCODING				 102
-#define EC_R_INVALID_FIELD				 103
-#define EC_R_INVALID_FORM				 104
-#define EC_R_INVALID_GROUP_ORDER			 122
-#define EC_R_INVALID_PENTANOMIAL_BASIS			 132
-#define EC_R_INVALID_PRIVATE_KEY			 123
-#define EC_R_INVALID_TRINOMIAL_BASIS			 137
-#define EC_R_KEYS_NOT_SET				 140
-#define EC_R_MISSING_PARAMETERS				 124
-#define EC_R_MISSING_PRIVATE_KEY			 125
-#define EC_R_NOT_A_NIST_PRIME				 135
-#define EC_R_NOT_A_SUPPORTED_NIST_PRIME			 136
-#define EC_R_NOT_IMPLEMENTED				 126
-#define EC_R_NOT_INITIALIZED				 111
-#define EC_R_NO_FIELD_MOD				 133
-#define EC_R_NO_PARAMETERS_SET				 139
-#define EC_R_PASSED_NULL_PARAMETER			 134
-#define EC_R_PKPARAMETERS2GROUP_FAILURE			 127
-#define EC_R_POINT_AT_INFINITY				 106
-#define EC_R_POINT_IS_NOT_ON_CURVE			 107
-#define EC_R_SLOT_FULL					 108
-#define EC_R_UNDEFINED_GENERATOR			 113
-#define EC_R_UNDEFINED_ORDER				 128
-#define EC_R_UNKNOWN_GROUP				 129
-#define EC_R_UNKNOWN_ORDER				 114
-#define EC_R_UNSUPPORTED_FIELD				 131
-#define EC_R_WRONG_CURVE_PARAMETERS			 145
-#define EC_R_WRONG_ORDER				 130
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c
deleted file mode 100644
index 1c575dc47a..0000000000
--- a/crypto/ec/ec2_mult.c
+++ /dev/null
@@ -1,395 +0,0 @@
-/* crypto/ec/ec2_mult.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/err.h>
-
-#include "ec_lcl.h"
-
-#ifndef OPENSSL_NO_EC2M
-
-
-/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective 
- * coordinates.
- * Uses algorithm Mdouble in appendix of 
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- * modified to not require precomputation of c=b^{2^{m-1}}.
- */
-static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
-	{
-	BIGNUM *t1;
-	int ret = 0;
-	
-	/* Since Mdouble is static we can guarantee that ctx != NULL. */
-	BN_CTX_start(ctx);
-	t1 = BN_CTX_get(ctx);
-	if (t1 == NULL) goto err;
-
-	if (!group->meth->field_sqr(group, x, x, ctx)) goto err;
-	if (!group->meth->field_sqr(group, t1, z, ctx)) goto err;
-	if (!group->meth->field_mul(group, z, x, t1, ctx)) goto err;
-	if (!group->meth->field_sqr(group, x, x, ctx)) goto err;
-	if (!group->meth->field_sqr(group, t1, t1, ctx)) goto err;
-	if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) goto err;
-	if (!BN_GF2m_add(x, x, t1)) goto err;
-
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery 
- * projective coordinates.
- * Uses algorithm Madd in appendix of 
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- */
-static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, 
-	const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx)
-	{
-	BIGNUM *t1, *t2;
-	int ret = 0;
-	
-	/* Since Madd is static we can guarantee that ctx != NULL. */
-	BN_CTX_start(ctx);
-	t1 = BN_CTX_get(ctx);
-	t2 = BN_CTX_get(ctx);
-	if (t2 == NULL) goto err;
-
-	if (!BN_copy(t1, x)) goto err;
-	if (!group->meth->field_mul(group, x1, x1, z2, ctx)) goto err;
-	if (!group->meth->field_mul(group, z1, z1, x2, ctx)) goto err;
-	if (!group->meth->field_mul(group, t2, x1, z1, ctx)) goto err;
-	if (!BN_GF2m_add(z1, z1, x1)) goto err;
-	if (!group->meth->field_sqr(group, z1, z1, ctx)) goto err;
-	if (!group->meth->field_mul(group, x1, z1, t1, ctx)) goto err;
-	if (!BN_GF2m_add(x1, x1, t2)) goto err;
-
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) 
- * using Montgomery point multiplication algorithm Mxy() in appendix of 
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- * Returns:
- *     0 on error
- *     1 if return value should be the point at infinity
- *     2 otherwise
- */
-static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1, 
-	BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx)
-	{
-	BIGNUM *t3, *t4, *t5;
-	int ret = 0;
-	
-	if (BN_is_zero(z1))
-		{
-		BN_zero(x2);
-		BN_zero(z2);
-		return 1;
-		}
-	
-	if (BN_is_zero(z2))
-		{
-		if (!BN_copy(x2, x)) return 0;
-		if (!BN_GF2m_add(z2, x, y)) return 0;
-		return 2;
-		}
-		
-	/* Since Mxy is static we can guarantee that ctx != NULL. */
-	BN_CTX_start(ctx);
-	t3 = BN_CTX_get(ctx);
-	t4 = BN_CTX_get(ctx);
-	t5 = BN_CTX_get(ctx);
-	if (t5 == NULL) goto err;
-
-	if (!BN_one(t5)) goto err;
-
-	if (!group->meth->field_mul(group, t3, z1, z2, ctx)) goto err;
-
-	if (!group->meth->field_mul(group, z1, z1, x, ctx)) goto err;
-	if (!BN_GF2m_add(z1, z1, x1)) goto err;
-	if (!group->meth->field_mul(group, z2, z2, x, ctx)) goto err;
-	if (!group->meth->field_mul(group, x1, z2, x1, ctx)) goto err;
-	if (!BN_GF2m_add(z2, z2, x2)) goto err;
-
-	if (!group->meth->field_mul(group, z2, z2, z1, ctx)) goto err;
-	if (!group->meth->field_sqr(group, t4, x, ctx)) goto err;
-	if (!BN_GF2m_add(t4, t4, y)) goto err;
-	if (!group->meth->field_mul(group, t4, t4, t3, ctx)) goto err;
-	if (!BN_GF2m_add(t4, t4, z2)) goto err;
-
-	if (!group->meth->field_mul(group, t3, t3, x, ctx)) goto err;
-	if (!group->meth->field_div(group, t3, t5, t3, ctx)) goto err;
-	if (!group->meth->field_mul(group, t4, t3, t4, ctx)) goto err;
-	if (!group->meth->field_mul(group, x2, x1, t3, ctx)) goto err;
-	if (!BN_GF2m_add(z2, x2, x)) goto err;
-
-	if (!group->meth->field_mul(group, z2, z2, t4, ctx)) goto err;
-	if (!BN_GF2m_add(z2, z2, y)) goto err;
-
-	ret = 2;
-
- err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-
-/* Computes scalar*point and stores the result in r.
- * point can not equal r.
- * Uses a modified algorithm 2P of
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
- *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
- *
- * To protect against side-channel attack the function uses constant time swap,
- * avoiding conditional branches.
- */
-static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-	const EC_POINT *point, BN_CTX *ctx)
-	{
-	BIGNUM *x1, *x2, *z1, *z2;
-	int ret = 0, i;
-	BN_ULONG mask,word;
-
-	if (r == point)
-		{
-		ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT);
-		return 0;
-		}
-	
-	/* if result should be point at infinity */
-	if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || 
-		EC_POINT_is_at_infinity(group, point))
-		{
-		return EC_POINT_set_to_infinity(group, r);
-		}
-
-	/* only support affine coordinates */
-	if (!point->Z_is_one) return 0;
-
-	/* Since point_multiply is static we can guarantee that ctx != NULL. */
-	BN_CTX_start(ctx);
-	x1 = BN_CTX_get(ctx);
-	z1 = BN_CTX_get(ctx);
-	if (z1 == NULL) goto err;
-
-	x2 = &r->X;
-	z2 = &r->Y;
-
-	bn_wexpand(x1, group->field.top);
-	bn_wexpand(z1, group->field.top);
-	bn_wexpand(x2, group->field.top);
-	bn_wexpand(z2, group->field.top);
-
-	if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
-	if (!BN_one(z1)) goto err; /* z1 = 1 */
-	if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
-	if (!group->meth->field_sqr(group, x2, z2, ctx)) goto err;
-	if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */
-
-	/* find top most bit and go one past it */
-	i = scalar->top - 1;
-	mask = BN_TBIT;
-	word = scalar->d[i];
-	while (!(word & mask)) mask >>= 1;
-	mask >>= 1;
-	/* if top most bit was at word break, go to next word */
-	if (!mask) 
-		{
-		i--;
-		mask = BN_TBIT;
-		}
-
-	for (; i >= 0; i--)
-		{
-		word = scalar->d[i];
-		while (mask)
-			{
-			BN_consttime_swap(word & mask, x1, x2, group->field.top);
-			BN_consttime_swap(word & mask, z1, z2, group->field.top);
-			if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
-			if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
-			BN_consttime_swap(word & mask, x1, x2, group->field.top);
-			BN_consttime_swap(word & mask, z1, z2, group->field.top);
-			mask >>= 1;
-			}
-		mask = BN_TBIT;
-		}
-
-	/* convert out of "projective" coordinates */
-	i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx);
-	if (i == 0) goto err;
-	else if (i == 1) 
-		{
-		if (!EC_POINT_set_to_infinity(group, r)) goto err;
-		}
-	else
-		{
-		if (!BN_one(&r->Z)) goto err;
-		r->Z_is_one = 1;
-		}
-
-	/* GF(2^m) field elements should always have BIGNUM::neg = 0 */
-	BN_set_negative(&r->X, 0);
-	BN_set_negative(&r->Y, 0);
-
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-
-/* Computes the sum
- *     scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]
- * gracefully ignoring NULL scalar values.
- */
-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	int ret = 0;
-	size_t i;
-	EC_POINT *p=NULL;
-	EC_POINT *acc = NULL;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	/* This implementation is more efficient than the wNAF implementation for 2
-	 * or fewer points.  Use the ec_wNAF_mul implementation for 3 or more points,
-	 * or if we can perform a fast multiplication based on precomputation.
-	 */
-	if ((scalar && (num > 1)) || (num > 2) || (num == 0 && EC_GROUP_have_precompute_mult(group)))
-		{
-		ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
-		goto err;
-		}
-
-	if ((p = EC_POINT_new(group)) == NULL) goto err;
-	if ((acc = EC_POINT_new(group)) == NULL) goto err;
-
-	if (!EC_POINT_set_to_infinity(group, acc)) goto err;
-
-	if (scalar)
-		{
-		if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
-		if (BN_is_negative(scalar))
-			if (!group->meth->invert(group, p, ctx)) goto err;
-		if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
-		}
-
-	for (i = 0; i < num; i++)
-		{
-		if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
-		if (BN_is_negative(scalars[i]))
-			if (!group->meth->invert(group, p, ctx)) goto err;
-		if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
-		}
-
-	if (!EC_POINT_copy(r, acc)) goto err;
-
-	ret = 1;
-
-  err:
-	if (p) EC_POINT_free(p);
-	if (acc) EC_POINT_free(acc);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-/* Precomputation for point multiplication: fall back to wNAF methods
- * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */
-
-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
-	{
-	return ec_wNAF_precompute_mult(group, ctx);
- 	}
-
-int ec_GF2m_have_precompute_mult(const EC_GROUP *group)
-	{
-	return ec_wNAF_have_precompute_mult(group);
- 	}
-
-#endif
diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
deleted file mode 100644
index f1d75e5ddf..0000000000
--- a/crypto/ec/ec2_oct.c
+++ /dev/null
@@ -1,407 +0,0 @@
-/* crypto/ec/ec2_oct.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/err.h>
-
-#include "ec_lcl.h"
-
-#ifndef OPENSSL_NO_EC2M
-
-/* Calculates and sets the affine coordinates of an EC_POINT from the given
- * compressed coordinates.  Uses algorithm 2.3.4 of SEC 1. 
- * Note that the simple implementation only uses affine coordinates.
- *
- * The method is from the following publication:
- * 
- *     Harper, Menezes, Vanstone:
- *     "Public-Key Cryptosystems with Very Small Key Lengths",
- *     EUROCRYPT '92, Springer-Verlag LNCS 658,
- *     published February 1993
- *
- * US Patents 6,141,420 and 6,618,483 (Vanstone, Mullin, Agnew) describe
- * the same method, but claim no priority date earlier than July 29, 1994
- * (and additionally fail to cite the EUROCRYPT '92 publication as prior art).
- */
-int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x_, int y_bit, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp, *x, *y, *z;
-	int ret = 0, z0;
-
-	/* clear error queue */
-	ERR_clear_error();
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	y_bit = (y_bit != 0) ? 1 : 0;
-
-	BN_CTX_start(ctx);
-	tmp = BN_CTX_get(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	z = BN_CTX_get(ctx);
-	if (z == NULL) goto err;
-
-	if (!BN_GF2m_mod_arr(x, x_, group->poly)) goto err;
-	if (BN_is_zero(x))
-		{
-		if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx)) goto err;
-		}
-	else
-		{
-		if (!group->meth->field_sqr(group, tmp, x, ctx)) goto err;
-		if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx)) goto err;
-		if (!BN_GF2m_add(tmp, &group->a, tmp)) goto err;
-		if (!BN_GF2m_add(tmp, x, tmp)) goto err;
-		if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx))
-			{
-			unsigned long err = ERR_peek_last_error();
-			
-			if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NO_SOLUTION)
-				{
-				ERR_clear_error();
-				ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
-				}
-			else
-				ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
-			goto err;
-			}
-		z0 = (BN_is_odd(z)) ? 1 : 0;
-		if (!group->meth->field_mul(group, y, x, z, ctx)) goto err;
-		if (z0 != y_bit)
-			{
-			if (!BN_GF2m_add(y, y, x)) goto err;
-			}
-		}
-
-	if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
-
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-/* Converts an EC_POINT to an octet string.  
- * If buf is NULL, the encoded length will be returned.
- * If the length len of buf is smaller than required an error will be returned.
- */
-size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
-	unsigned char *buf, size_t len, BN_CTX *ctx)
-	{
-	size_t ret;
-	BN_CTX *new_ctx = NULL;
-	int used_ctx = 0;
-	BIGNUM *x, *y, *yxi;
-	size_t field_len, i, skip;
-
-	if ((form != POINT_CONVERSION_COMPRESSED)
-		&& (form != POINT_CONVERSION_UNCOMPRESSED)
-		&& (form != POINT_CONVERSION_HYBRID))
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
-		goto err;
-		}
-
-	if (EC_POINT_is_at_infinity(group, point))
-		{
-		/* encodes to a single 0 octet */
-		if (buf != NULL)
-			{
-			if (len < 1)
-				{
-				ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-				return 0;
-				}
-			buf[0] = 0;
-			}
-		return 1;
-		}
-
-
-	/* ret := required output buffer length */
-	field_len = (EC_GROUP_get_degree(group) + 7) / 8;
-	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-	/* if 'buf' is NULL, just return required length */
-	if (buf != NULL)
-		{
-		if (len < ret)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-			goto err;
-			}
-
-		if (ctx == NULL)
-			{
-			ctx = new_ctx = BN_CTX_new();
-			if (ctx == NULL)
-				return 0;
-			}
-
-		BN_CTX_start(ctx);
-		used_ctx = 1;
-		x = BN_CTX_get(ctx);
-		y = BN_CTX_get(ctx);
-		yxi = BN_CTX_get(ctx);
-		if (yxi == NULL) goto err;
-
-		if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
-
-		buf[0] = form;
-		if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x))
-			{
-			if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;
-			if (BN_is_odd(yxi)) buf[0]++;
-			}
-
-		i = 1;
-		
-		skip = field_len - BN_num_bytes(x);
-		if (skip > field_len)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		while (skip > 0)
-			{
-			buf[i++] = 0;
-			skip--;
-			}
-		skip = BN_bn2bin(x, buf + i);
-		i += skip;
-		if (i != 1 + field_len)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-
-		if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
-			{
-			skip = field_len - BN_num_bytes(y);
-			if (skip > field_len)
-				{
-				ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			while (skip > 0)
-				{
-				buf[i++] = 0;
-				skip--;
-				}
-			skip = BN_bn2bin(y, buf + i);
-			i += skip;
-			}
-
-		if (i != ret)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		}
-	
-	if (used_ctx)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-
- err:
-	if (used_ctx)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return 0;
-	}
-
-
-/* Converts an octet string representation to an EC_POINT. 
- * Note that the simple implementation only uses affine coordinates.
- */
-int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
-	const unsigned char *buf, size_t len, BN_CTX *ctx)
-	{
-	point_conversion_form_t form;
-	int y_bit;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *x, *y, *yxi;
-	size_t field_len, enc_len;
-	int ret = 0;
-
-	if (len == 0)
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
-		return 0;
-		}
-	form = buf[0];
-	y_bit = form & 1;
-	form = form & ~1U;
-	if ((form != 0)	&& (form != POINT_CONVERSION_COMPRESSED)
-		&& (form != POINT_CONVERSION_UNCOMPRESSED)
-		&& (form != POINT_CONVERSION_HYBRID))
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		return 0;
-		}
-	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		return 0;
-		}
-
-	if (form == 0)
-		{
-		if (len != 1)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-			return 0;
-			}
-
-		return EC_POINT_set_to_infinity(group, point);
-		}
-	
-	field_len = (EC_GROUP_get_degree(group) + 7) / 8;
-	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-	if (len != enc_len)
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		return 0;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	yxi = BN_CTX_get(ctx);
-	if (yxi == NULL) goto err;
-
-	if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
-	if (BN_ucmp(x, &group->field) >= 0)
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		goto err;
-		}
-
-	if (form == POINT_CONVERSION_COMPRESSED)
-		{
-		if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
-		if (BN_ucmp(y, &group->field) >= 0)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-			goto err;
-			}
-		if (form == POINT_CONVERSION_HYBRID)
-			{
-			if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;
-			if (y_bit != BN_is_odd(yxi))
-				{
-				ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-				goto err;
-				}
-			}
-
-		if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
-		}
-	
-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
-		goto err;
-		}
-
-	ret = 1;
-	
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-#endif
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
deleted file mode 100644
index 62223cbb01..0000000000
--- a/crypto/ec/ec2_smpl.c
+++ /dev/null
@@ -1,720 +0,0 @@
-/* crypto/ec/ec2_smpl.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/err.h>
-
-#include "ec_lcl.h"
-
-#ifndef OPENSSL_NO_EC2M
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-const EC_METHOD *EC_GF2m_simple_method(void)
-	{
-	static const EC_METHOD ret = {
-		EC_FLAGS_DEFAULT_OCT,
-		NID_X9_62_characteristic_two_field,
-		ec_GF2m_simple_group_init,
-		ec_GF2m_simple_group_finish,
-		ec_GF2m_simple_group_clear_finish,
-		ec_GF2m_simple_group_copy,
-		ec_GF2m_simple_group_set_curve,
-		ec_GF2m_simple_group_get_curve,
-		ec_GF2m_simple_group_get_degree,
-		ec_GF2m_simple_group_check_discriminant,
-		ec_GF2m_simple_point_init,
-		ec_GF2m_simple_point_finish,
-		ec_GF2m_simple_point_clear_finish,
-		ec_GF2m_simple_point_copy,
-		ec_GF2m_simple_point_set_to_infinity,
-		0 /* set_Jprojective_coordinates_GFp */,
-		0 /* get_Jprojective_coordinates_GFp */,
-		ec_GF2m_simple_point_set_affine_coordinates,
-		ec_GF2m_simple_point_get_affine_coordinates,
-		0,0,0,
-		ec_GF2m_simple_add,
-		ec_GF2m_simple_dbl,
-		ec_GF2m_simple_invert,
-		ec_GF2m_simple_is_at_infinity,
-		ec_GF2m_simple_is_on_curve,
-		ec_GF2m_simple_cmp,
-		ec_GF2m_simple_make_affine,
-		ec_GF2m_simple_points_make_affine,
-
-		/* the following three method functions are defined in ec2_mult.c */
-		ec_GF2m_simple_mul,
-		ec_GF2m_precompute_mult,
-		ec_GF2m_have_precompute_mult,
-
-		ec_GF2m_simple_field_mul,
-		ec_GF2m_simple_field_sqr,
-		ec_GF2m_simple_field_div,
-		0 /* field_encode */,
-		0 /* field_decode */,
-		0 /* field_set_to_one */ };
-
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		return fips_ec_gf2m_simple_method();
-#endif
-
-	return &ret;
-	}
-
-
-/* Initialize a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_new.
- */
-int ec_GF2m_simple_group_init(EC_GROUP *group)
-	{
-	BN_init(&group->field);
-	BN_init(&group->a);
-	BN_init(&group->b);
-	return 1;
-	}
-
-
-/* Free a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_free.
- */
-void ec_GF2m_simple_group_finish(EC_GROUP *group)
-	{
-	BN_free(&group->field);
-	BN_free(&group->a);
-	BN_free(&group->b);
-	}
-
-
-/* Clear and free a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_clear_free.
- */
-void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
-	{
-	BN_clear_free(&group->field);
-	BN_clear_free(&group->a);
-	BN_clear_free(&group->b);
-	group->poly[0] = 0;
-	group->poly[1] = 0;
-	group->poly[2] = 0;
-	group->poly[3] = 0;
-	group->poly[4] = 0;
-	group->poly[5] = -1;
-	}
-
-
-/* Copy a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_copy.
- */
-int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-	{
-	int i;
-	if (!BN_copy(&dest->field, &src->field)) return 0;
-	if (!BN_copy(&dest->a, &src->a)) return 0;
-	if (!BN_copy(&dest->b, &src->b)) return 0;
-	dest->poly[0] = src->poly[0];
-	dest->poly[1] = src->poly[1];
-	dest->poly[2] = src->poly[2];
-	dest->poly[3] = src->poly[3];
-	dest->poly[4] = src->poly[4];
-	dest->poly[5] = src->poly[5];
-	if (bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) return 0;
-	if (bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) return 0;
-	for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;
-	for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0;
-	return 1;
-	}
-
-
-/* Set the curve parameters of an EC_GROUP structure. */
-int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
-	const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	int ret = 0, i;
-
-	/* group->field */
-	if (!BN_copy(&group->field, p)) goto err;
-	i = BN_GF2m_poly2arr(&group->field, group->poly, 6) - 1;
-	if ((i != 5) && (i != 3))
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
-		goto err;
-		}
-
-	/* group->a */
-	if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err;
-	if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
-	for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0;
-	
-	/* group->b */
-	if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err;
-	if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
-	for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0;
-		
-	ret = 1;
-  err:
-	return ret;
-	}
-
-
-/* Get the curve parameters of an EC_GROUP structure.
- * If p, a, or b are NULL then there values will not be set but the method will return with success.
- */
-int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-	{
-	int ret = 0;
-	
-	if (p != NULL)
-		{
-		if (!BN_copy(p, &group->field)) return 0;
-		}
-
-	if (a != NULL)
-		{
-		if (!BN_copy(a, &group->a)) goto err;
-		}
-
-	if (b != NULL)
-		{
-		if (!BN_copy(b, &group->b)) goto err;
-		}
-	
-	ret = 1;
-	
-  err:
-	return ret;
-	}
-
-
-/* Gets the degree of the field.  For a curve over GF(2^m) this is the value m. */
-int ec_GF2m_simple_group_get_degree(const EC_GROUP *group)
-	{
-	return BN_num_bits(&group->field)-1;
-	}
-
-
-/* Checks the discriminant of the curve.
- * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) 
- */
-int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BIGNUM *b;
-	BN_CTX *new_ctx = NULL;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	BN_CTX_start(ctx);
-	b = BN_CTX_get(ctx);
-	if (b == NULL) goto err;
-
-	if (!BN_GF2m_mod_arr(b, &group->b, group->poly)) goto err;
-	
-	/* check the discriminant:
-	 * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) 
-	 */
-	if (BN_is_zero(b)) goto err;
-
-	ret = 1;
-
-err:
-	if (ctx != NULL)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-/* Initializes an EC_POINT. */
-int ec_GF2m_simple_point_init(EC_POINT *point)
-	{
-	BN_init(&point->X);
-	BN_init(&point->Y);
-	BN_init(&point->Z);
-	return 1;
-	}
-
-
-/* Frees an EC_POINT. */
-void ec_GF2m_simple_point_finish(EC_POINT *point)
-	{
-	BN_free(&point->X);
-	BN_free(&point->Y);
-	BN_free(&point->Z);
-	}
-
-
-/* Clears and frees an EC_POINT. */
-void ec_GF2m_simple_point_clear_finish(EC_POINT *point)
-	{
-	BN_clear_free(&point->X);
-	BN_clear_free(&point->Y);
-	BN_clear_free(&point->Z);
-	point->Z_is_one = 0;
-	}
-
-
-/* Copy the contents of one EC_POINT into another.  Assumes dest is initialized. */
-int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
-	{
-	if (!BN_copy(&dest->X, &src->X)) return 0;
-	if (!BN_copy(&dest->Y, &src->Y)) return 0;
-	if (!BN_copy(&dest->Z, &src->Z)) return 0;
-	dest->Z_is_one = src->Z_is_one;
-
-	return 1;
-	}
-
-
-/* Set an EC_POINT to the point at infinity.  
- * A point at infinity is represented by having Z=0.
- */
-int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
-	{
-	point->Z_is_one = 0;
-	BN_zero(&point->Z);
-	return 1;
-	}
-
-
-/* Set the coordinates of an EC_POINT using affine coordinates. 
- * Note that the simple implementation only uses affine coordinates.
- */
-int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-	{
-	int ret = 0;	
-	if (x == NULL || y == NULL)
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-
-	if (!BN_copy(&point->X, x)) goto err;
-	BN_set_negative(&point->X, 0);
-	if (!BN_copy(&point->Y, y)) goto err;
-	BN_set_negative(&point->Y, 0);
-	if (!BN_copy(&point->Z, BN_value_one())) goto err;
-	BN_set_negative(&point->Z, 0);
-	point->Z_is_one = 1;
-	ret = 1;
-
-  err:
-	return ret;
-	}
-
-
-/* Gets the affine coordinates of an EC_POINT. 
- * Note that the simple implementation only uses affine coordinates.
- */
-int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
-	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-	{
-	int ret = 0;
-
-	if (EC_POINT_is_at_infinity(group, point))
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
-		return 0;
-		}
-
-	if (BN_cmp(&point->Z, BN_value_one())) 
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (x != NULL)
-		{
-		if (!BN_copy(x, &point->X)) goto err;
-		BN_set_negative(x, 0);
-		}
-	if (y != NULL)
-		{
-		if (!BN_copy(y, &point->Y)) goto err;
-		BN_set_negative(y, 0);
-		}
-	ret = 1;
-		
- err:
-	return ret;
-	}
-
-/* Computes a + b and stores the result in r.  r could be a or b, a could be b.
- * Uses algorithm A.10.2 of IEEE P1363.
- */
-int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
-	int ret = 0;
-	
-	if (EC_POINT_is_at_infinity(group, a))
-		{
-		if (!EC_POINT_copy(r, b)) return 0;
-		return 1;
-		}
-
-	if (EC_POINT_is_at_infinity(group, b))
-		{
-		if (!EC_POINT_copy(r, a)) return 0;
-		return 1;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	x0 = BN_CTX_get(ctx);
-	y0 = BN_CTX_get(ctx);
-	x1 = BN_CTX_get(ctx);
-	y1 = BN_CTX_get(ctx);
-	x2 = BN_CTX_get(ctx);
-	y2 = BN_CTX_get(ctx);
-	s = BN_CTX_get(ctx);
-	t = BN_CTX_get(ctx);
-	if (t == NULL) goto err;
-
-	if (a->Z_is_one) 
-		{
-		if (!BN_copy(x0, &a->X)) goto err;
-		if (!BN_copy(y0, &a->Y)) goto err;
-		}
-	else
-		{
-		if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) goto err;
-		}
-	if (b->Z_is_one) 
-		{
-		if (!BN_copy(x1, &b->X)) goto err;
-		if (!BN_copy(y1, &b->Y)) goto err;
-		}
-	else
-		{
-		if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) goto err;
-		}
-
-
-	if (BN_GF2m_cmp(x0, x1))
-		{
-		if (!BN_GF2m_add(t, x0, x1)) goto err;
-		if (!BN_GF2m_add(s, y0, y1)) goto err;
-		if (!group->meth->field_div(group, s, s, t, ctx)) goto err;
-		if (!group->meth->field_sqr(group, x2, s, ctx)) goto err;
-		if (!BN_GF2m_add(x2, x2, &group->a)) goto err;
-		if (!BN_GF2m_add(x2, x2, s)) goto err;
-		if (!BN_GF2m_add(x2, x2, t)) goto err;
-		}
-	else
-		{
-		if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1))
-			{
-			if (!EC_POINT_set_to_infinity(group, r)) goto err;
-			ret = 1;
-			goto err;
-			}
-		if (!group->meth->field_div(group, s, y1, x1, ctx)) goto err;
-		if (!BN_GF2m_add(s, s, x1)) goto err;
-		
-		if (!group->meth->field_sqr(group, x2, s, ctx)) goto err;
-		if (!BN_GF2m_add(x2, x2, s)) goto err;
-		if (!BN_GF2m_add(x2, x2, &group->a)) goto err;
-		}
-
-	if (!BN_GF2m_add(y2, x1, x2)) goto err;
-	if (!group->meth->field_mul(group, y2, y2, s, ctx)) goto err;
-	if (!BN_GF2m_add(y2, y2, x2)) goto err;
-	if (!BN_GF2m_add(y2, y2, y1)) goto err;
-
-	if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) goto err;
-
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-/* Computes 2 * a and stores the result in r.  r could be a.
- * Uses algorithm A.10.2 of IEEE P1363.
- */
-int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
-	{
-	return ec_GF2m_simple_add(group, r, a, a, ctx);
-	}
-
-
-int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-	{
-	if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
-		/* point is its own inverse */
-		return 1;
-	
-	if (!EC_POINT_make_affine(group, point, ctx)) return 0;
-	return BN_GF2m_add(&point->Y, &point->X, &point->Y);
-	}
-
-
-/* Indicates whether the given point is the point at infinity. */
-int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
-	{
-	return BN_is_zero(&point->Z);
-	}
-
-
-/* Determines whether the given EC_POINT is an actual point on the curve defined
- * in the EC_GROUP.  A point is valid if it satisfies the Weierstrass equation:
- *      y^2 + x*y = x^3 + a*x^2 + b.
- */
-int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
-	{
-	int ret = -1;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *lh, *y2;
-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-
-	if (EC_POINT_is_at_infinity(group, point))
-		return 1;
-
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;	
-
-	/* only support affine coordinates */
-	if (!point->Z_is_one) return -1;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return -1;
-		}
-
-	BN_CTX_start(ctx);
-	y2 = BN_CTX_get(ctx);
-	lh = BN_CTX_get(ctx);
-	if (lh == NULL) goto err;
-
-	/* We have a curve defined by a Weierstrass equation
-	 *      y^2 + x*y = x^3 + a*x^2 + b.
-	 *  <=> x^3 + a*x^2 + x*y + b + y^2 = 0
-	 *  <=> ((x + a) * x + y ) * x + b + y^2 = 0
-	 */
-	if (!BN_GF2m_add(lh, &point->X, &group->a)) goto err;
-	if (!field_mul(group, lh, lh, &point->X, ctx)) goto err;
-	if (!BN_GF2m_add(lh, lh, &point->Y)) goto err;
-	if (!field_mul(group, lh, lh, &point->X, ctx)) goto err;
-	if (!BN_GF2m_add(lh, lh, &group->b)) goto err;
-	if (!field_sqr(group, y2, &point->Y, ctx)) goto err;
-	if (!BN_GF2m_add(lh, lh, y2)) goto err;
-	ret = BN_is_zero(lh);
- err:
-	if (ctx) BN_CTX_end(ctx);
-	if (new_ctx) BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-/* Indicates whether two points are equal.
- * Return values:
- *  -1   error
- *   0   equal (in affine coordinates)
- *   1   not equal
- */
-int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-	{
-	BIGNUM *aX, *aY, *bX, *bY;
-	BN_CTX *new_ctx = NULL;
-	int ret = -1;
-
-	if (EC_POINT_is_at_infinity(group, a))
-		{
-		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
-		}
-
-	if (EC_POINT_is_at_infinity(group, b))
-		return 1;
-	
-	if (a->Z_is_one && b->Z_is_one)
-		{
-		return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return -1;
-		}
-
-	BN_CTX_start(ctx);
-	aX = BN_CTX_get(ctx);
-	aY = BN_CTX_get(ctx);
-	bX = BN_CTX_get(ctx);
-	bY = BN_CTX_get(ctx);
-	if (bY == NULL) goto err;
-
-	if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) goto err;
-	if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) goto err;
-	ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
-
-  err:	
-	if (ctx) BN_CTX_end(ctx);
-	if (new_ctx) BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-/* Forces the given EC_POINT to internally use affine coordinates. */
-int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *x, *y;
-	int ret = 0;
-
-	if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
-		return 1;
-	
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	if (y == NULL) goto err;
-	
-	if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
-	if (!BN_copy(&point->X, x)) goto err;
-	if (!BN_copy(&point->Y, y)) goto err;
-	if (!BN_one(&point->Z)) goto err;
-	
-	ret = 1;		
-
-  err:
-	if (ctx) BN_CTX_end(ctx);
-	if (new_ctx) BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-/* Forces each of the EC_POINTs in the given array to use affine coordinates. */
-int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
-	{
-	size_t i;
-
-	for (i = 0; i < num; i++)
-		{
-		if (!group->meth->make_affine(group, points[i], ctx)) return 0;
-		}
-
-	return 1;
-	}
-
-
-/* Wrapper to simple binary polynomial field multiplication implementation. */
-int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx);
-	}
-
-
-/* Wrapper to simple binary polynomial field squaring implementation. */
-int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-	{
-	return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx);
-	}
-
-
-/* Wrapper to simple binary polynomial field division implementation. */
-int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	return BN_GF2m_mod_div(r, a, b, &group->field, ctx);
-	}
-
-#endif
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
deleted file mode 100644
index 11283769b9..0000000000
--- a/crypto/ec/ec_ameth.c
+++ /dev/null
@@ -1,663 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/ec.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_CMS
-#include <openssl/cms.h>
-#endif
-#include "asn1_locl.h"
-
-static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
-	{
-	const EC_GROUP  *group;
-	int nid;
-	if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) 
-	{
-		ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS);
-		return 0;
-	}
-	if (EC_GROUP_get_asn1_flag(group)
-                     && (nid = EC_GROUP_get_curve_name(group)))
-		/* we have a 'named curve' => just set the OID */
-		{
-		*ppval = OBJ_nid2obj(nid);
-		*pptype = V_ASN1_OBJECT;
-		}
-	else	/* explicit parameters */
-		{
-		ASN1_STRING *pstr = NULL;
-		pstr = ASN1_STRING_new();
-		if (!pstr)
-			return 0;
-		pstr->length = i2d_ECParameters(ec_key, &pstr->data);
-		if (pstr->length <= 0)
-			{
-			ASN1_STRING_free(pstr);
-			ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
-			return 0;
-			}
-		*ppval = pstr;
-		*pptype = V_ASN1_SEQUENCE;
-		}
-	return 1;
-	}
-
-static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
-	{
-	EC_KEY *ec_key = pkey->pkey.ec;
-	void *pval = NULL;
-	int ptype;
-	unsigned char *penc = NULL, *p;
-	int penclen;
-
-	if (!eckey_param2type(&ptype, &pval, ec_key))
-		{
-		ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB);
-		return 0;
-		}
-	penclen = i2o_ECPublicKey(ec_key, NULL);
-	if (penclen <= 0)
-		goto err;
-	penc = OPENSSL_malloc(penclen);
-	if (!penc)
-		goto err;
-	p = penc;
-	penclen = i2o_ECPublicKey(ec_key, &p);
-	if (penclen <= 0)
-		goto err;
-	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC),
-				ptype, pval, penc, penclen))
-		return 1;
-	err:
-	if (ptype == V_ASN1_OBJECT)
-		ASN1_OBJECT_free(pval);
-	else
-		ASN1_STRING_free(pval);
-	if (penc)
-		OPENSSL_free(penc);
-	return 0;
-	}
-
-static EC_KEY *eckey_type2param(int ptype, void *pval)
-	{
-	EC_KEY *eckey = NULL;
-	if (ptype == V_ASN1_SEQUENCE)
-		{
-		ASN1_STRING *pstr = pval;
-		const unsigned char *pm = NULL;
-		int pmlen;
-		pm = pstr->data;
-		pmlen = pstr->length;
-		if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen)))
-			{
-			ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
-			goto ecerr;
-			}
-		}
-	else if (ptype == V_ASN1_OBJECT)
-		{
-		ASN1_OBJECT *poid = pval;
-		EC_GROUP *group;
-
-		/* type == V_ASN1_OBJECT => the parameters are given
-		 * by an asn1 OID
-		 */
-		if ((eckey = EC_KEY_new()) == NULL)
-			{
-			ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE);
-			goto ecerr;
-			}
-		group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));
-		if (group == NULL)
-			goto ecerr;
-		EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-		if (EC_KEY_set_group(eckey, group) == 0)
-			goto ecerr;
-		EC_GROUP_free(group);
-		}
-	else
-		{
-		ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
-		goto ecerr;
-		}
-
-	return eckey;
-
-	ecerr:
-	if (eckey)
-		EC_KEY_free(eckey);
-	return NULL;
-	}
-
-static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
-	{
-	const unsigned char *p = NULL;
-	void *pval;
-	int ptype, pklen;
-	EC_KEY *eckey = NULL;
-	X509_ALGOR *palg;
-
-	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
-		return 0;
-	X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
-	eckey = eckey_type2param(ptype, pval);
-
-	if (!eckey)
-		{
-		ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB);
-		return 0;
-		}
-
-	/* We have parameters now set public key */
-	if (!o2i_ECPublicKey(&eckey, &p, pklen))
-		{
-		ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);
-		goto ecerr;
-		}
-
-	EVP_PKEY_assign_EC_KEY(pkey, eckey);
-	return 1;
-
-	ecerr:
-	if (eckey)
-		EC_KEY_free(eckey);
-	return 0;
-	}
-
-static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-	{
-	int  r;
-	const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
-	const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
-	               *pb = EC_KEY_get0_public_key(b->pkey.ec);
-	r = EC_POINT_cmp(group, pa, pb, NULL);
-	if (r == 0)
-		return 1;
-	if (r == 1)
-		return 0;
-	return -2;
-	}
-
-static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
-	{
-	const unsigned char *p = NULL;
-	void *pval;
-	int ptype, pklen;
-	EC_KEY *eckey = NULL;
-	X509_ALGOR *palg;
-
-	if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
-		return 0;
-	X509_ALGOR_get0(NULL, &ptype, &pval, palg);
-
-	eckey = eckey_type2param(ptype, pval);
-
-	if (!eckey)
-		goto ecliberr;
-
-	/* We have parameters now set private key */
-	if (!d2i_ECPrivateKey(&eckey, &p, pklen))
-		{
-		ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
-		goto ecerr;
-		}
-
-	/* calculate public key (if necessary) */
-	if (EC_KEY_get0_public_key(eckey) == NULL)
-		{
-		const BIGNUM *priv_key;
-		const EC_GROUP *group;
-		EC_POINT *pub_key;
-		/* the public key was not included in the SEC1 private
-		 * key => calculate the public key */
-		group   = EC_KEY_get0_group(eckey);
-		pub_key = EC_POINT_new(group);
-		if (pub_key == NULL)
-			{
-			ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-			goto ecliberr;
-			}
-		if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
-			{
-			EC_POINT_free(pub_key);
-			ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-			goto ecliberr;
-			}
-		priv_key = EC_KEY_get0_private_key(eckey);
-		if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL))
-			{
-			EC_POINT_free(pub_key);
-			ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-			goto ecliberr;
-			}
-		if (EC_KEY_set_public_key(eckey, pub_key) == 0)
-			{
-			EC_POINT_free(pub_key);
-			ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-			goto ecliberr;
-			}
-		EC_POINT_free(pub_key);
-		}
-
-	EVP_PKEY_assign_EC_KEY(pkey, eckey);
-	return 1;
-
-	ecliberr:
-	ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
-	ecerr:
-	if (eckey)
-		EC_KEY_free(eckey);
-	return 0;
-	}
-
-static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
-{
-	EC_KEY		*ec_key;
-	unsigned char	*ep, *p;
-	int 		eplen, ptype;
-	void		*pval;
-	unsigned int    tmp_flags, old_flags;
-
-	ec_key = pkey->pkey.ec;
-
-	if (!eckey_param2type(&ptype, &pval, ec_key))
-		{
-		ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
-		return 0;
-		}
-
-	/* set the private key */
-
-	/* do not include the parameters in the SEC1 private key
-	 * see PKCS#11 12.11 */
-	old_flags = EC_KEY_get_enc_flags(ec_key);
-	tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
-	EC_KEY_set_enc_flags(ec_key, tmp_flags);
-	eplen = i2d_ECPrivateKey(ec_key, NULL);
-	if (!eplen)
-	{
-		EC_KEY_set_enc_flags(ec_key, old_flags);
-		ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
-		return 0;
-	}
-	ep = (unsigned char *) OPENSSL_malloc(eplen);
-	if (!ep)
-	{
-		EC_KEY_set_enc_flags(ec_key, old_flags);
-		ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	p = ep;
-	if (!i2d_ECPrivateKey(ec_key, &p))
-	{
-		EC_KEY_set_enc_flags(ec_key, old_flags);
-		OPENSSL_free(ep);
-		ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
-		return 0;
-	}
-	/* restore old encoding flags */
-	EC_KEY_set_enc_flags(ec_key, old_flags);
-
-	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
-				ptype, pval, ep, eplen))
-		return 0;
-
-	return 1;
-}
-
-static int int_ec_size(const EVP_PKEY *pkey)
-	{
-	return ECDSA_size(pkey->pkey.ec);
-	}
-
-static int ec_bits(const EVP_PKEY *pkey)
-	{
-	BIGNUM *order = BN_new();
-	const EC_GROUP *group;
-	int ret;
-
-	if (!order)
-		{
-		ERR_clear_error();
-		return 0;
-		}
-	group = EC_KEY_get0_group(pkey->pkey.ec);
-	if (!EC_GROUP_get_order(group, order, NULL))
-		{
-		ERR_clear_error();
-		return 0;
-		}
-
-	ret = BN_num_bits(order);
-	BN_free(order);
-	return ret;
-	}
-
-static int ec_missing_parameters(const EVP_PKEY *pkey)
-	{
-	if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
-		return 1;
-	return 0;
-	}
-
-static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
-	{
-	EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
-	if (group == NULL)
-		return 0;
-	if (EC_KEY_set_group(to->pkey.ec, group) == 0)
-		return 0;
-	EC_GROUP_free(group);
-	return 1;
-	}
-
-static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
-	{
-	const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
-	               *group_b = EC_KEY_get0_group(b->pkey.ec);
-	if (EC_GROUP_cmp(group_a, group_b, NULL))
-		return 0;
-	else
-		return 1;
-	}
-
-static void int_ec_free(EVP_PKEY *pkey)
-	{
-	EC_KEY_free(pkey->pkey.ec);
-	}
-
-static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
-	{
-	unsigned char *buffer=NULL;
-	const char *ecstr;
-	size_t	buf_len=0, i;
-	int     ret=0, reason=ERR_R_BIO_LIB;
-	BIGNUM  *pub_key=NULL, *order=NULL;
-	BN_CTX  *ctx=NULL;
-	const EC_GROUP *group;
-	const EC_POINT *public_key;
-	const BIGNUM *priv_key;
- 
-	if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
-		{
-		reason = ERR_R_PASSED_NULL_PARAMETER;
-		goto err;
-		}
-
-	ctx = BN_CTX_new();
-	if (ctx == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-
-	if (ktype > 0)
-		{
-		public_key = EC_KEY_get0_public_key(x);
-		if (public_key != NULL)
-			{
-			if ((pub_key = EC_POINT_point2bn(group, public_key,
-				EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
-				{
-				reason = ERR_R_EC_LIB;
-				goto err;
-				}
-			buf_len = (size_t)BN_num_bytes(pub_key);
-			}
-		}
-
-	if (ktype == 2)
-		{
-		priv_key = EC_KEY_get0_private_key(x);
-		if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len)
-			buf_len = i;
-		}
-	else
-		priv_key = NULL;
-
-	if (ktype > 0)
-		{
-		buf_len += 10;
-		if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-			{
-			reason = ERR_R_MALLOC_FAILURE;
-			goto err;
-			}
-		}
-	if (ktype == 2)
-		ecstr = "Private-Key";
-	else if (ktype == 1)
-		ecstr = "Public-Key";
-	else
-		ecstr = "ECDSA-Parameters";
-
-	if (!BIO_indent(bp, off, 128))
-		goto err;
-	if ((order = BN_new()) == NULL)
-		goto err;
-	if (!EC_GROUP_get_order(group, order, NULL))
-		goto err;
-	if (BIO_printf(bp, "%s: (%d bit)\n", ecstr,
-		BN_num_bits(order)) <= 0) goto err;
-  
-	if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key, 
-		buffer, off))
-		goto err;
-	if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key,
-		buffer, off))
-		goto err;
-	if (!ECPKParameters_print(bp, group, off))
-		goto err;
-	ret=1;
-err:
-	if (!ret)
- 		ECerr(EC_F_DO_EC_KEY_PRINT, reason);
-	if (pub_key) 
-		BN_free(pub_key);
-	if (order)
-		BN_free(order);
-	if (ctx)
-		BN_CTX_free(ctx);
-	if (buffer != NULL)
-		OPENSSL_free(buffer);
-	return(ret);
-	}
-
-static int eckey_param_decode(EVP_PKEY *pkey,
-					const unsigned char **pder, int derlen)
-	{
-	EC_KEY *eckey;
-	if (!(eckey = d2i_ECParameters(NULL, pder, derlen)))
-		{
-		ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
-		return 0;
-		}
-	EVP_PKEY_assign_EC_KEY(pkey, eckey);
-	return 1;
-	}
-
-static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
-	{
-	return i2d_ECParameters(pkey->pkey.ec, pder);
-	}
-
-static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *ctx)
-	{
-	return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 0);
-	}
-
-static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *ctx)
-	{
-	return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 1);
-	}
-
-
-static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *ctx)
-	{
-	return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 2);
-	}
-
-static int old_ec_priv_decode(EVP_PKEY *pkey,
-					const unsigned char **pder, int derlen)
-	{
-	EC_KEY *ec;
-	if (!(ec = d2i_ECPrivateKey (NULL, pder, derlen)))
-		{
-		ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
-		return 0;
-		}
-	EVP_PKEY_assign_EC_KEY(pkey, ec);
-	return 1;
-	}
-
-static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
-	{
-	return i2d_ECPrivateKey(pkey->pkey.ec, pder);
-	}
-
-static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
-	{
-	switch (op)
-		{
-		case ASN1_PKEY_CTRL_PKCS7_SIGN:
-		if (arg1 == 0)
-			{
-			int snid, hnid;
-			X509_ALGOR *alg1, *alg2;
-			PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
-			if (alg1 == NULL || alg1->algorithm == NULL)
-				return -1;
-			hnid = OBJ_obj2nid(alg1->algorithm);
-			if (hnid == NID_undef)
-				return -1;
-			if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
-				return -1; 
-			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
-			}
-		return 1;
-#ifndef OPENSSL_NO_CMS
-		case ASN1_PKEY_CTRL_CMS_SIGN:
-		if (arg1 == 0)
-			{
-			int snid, hnid;
-			X509_ALGOR *alg1, *alg2;
-			CMS_SignerInfo_get0_algs(arg2, NULL, NULL,
-								&alg1, &alg2);
-			if (alg1 == NULL || alg1->algorithm == NULL)
-				return -1;
-			hnid = OBJ_obj2nid(alg1->algorithm);
-			if (hnid == NID_undef)
-				return -1;
-			if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
-				return -1; 
-			X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
-			}
-		return 1;
-#endif
-
-		case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-		*(int *)arg2 = NID_sha1;
-		return 2;
-
-		default:
-		return -2;
-
-		}
-
-	}
-
-const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = 
-	{
-	EVP_PKEY_EC,
-	EVP_PKEY_EC,
-	0,
-	"EC",
-	"OpenSSL EC algorithm",
-
-	eckey_pub_decode,
-	eckey_pub_encode,
-	eckey_pub_cmp,
-	eckey_pub_print,
-
-	eckey_priv_decode,
-	eckey_priv_encode,
-	eckey_priv_print,
-
-	int_ec_size,
-	ec_bits,
-
-	eckey_param_decode,
-	eckey_param_encode,
-	ec_missing_parameters,
-	ec_copy_parameters,
-	ec_cmp_parameters,
-	eckey_param_print,
-	0,
-
-	int_ec_free,
-	ec_pkey_ctrl,
-	old_ec_priv_decode,
-	old_ec_priv_encode
-	};
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
deleted file mode 100644
index 52d31c2f96..0000000000
--- a/crypto/ec/ec_asn1.c
+++ /dev/null
@@ -1,1466 +0,0 @@
-/* crypto/ec/ec_asn1.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 2000-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include "ec_lcl.h"
-#include <openssl/err.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-
-int EC_GROUP_get_basis_type(const EC_GROUP *group)
-	{
-	int i=0;
-
-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
-		NID_X9_62_characteristic_two_field)
-		/* everything else is currently not supported */
-		return 0;
-
-	while (group->poly[i] != 0)
-		i++;
-
-	if (i == 4)
-		return NID_X9_62_ppBasis;
-	else if (i == 2)
-		return NID_X9_62_tpBasis;
-	else
-		/* everything else is currently not supported */
-		return 0;
-	}
-#ifndef OPENSSL_NO_EC2M
-int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
-	{
-	if (group == NULL)
-		return 0;
-
-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
-	    NID_X9_62_characteristic_two_field
-	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0)))
-		{
-		ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-
-	if (k)
-		*k = group->poly[1];
-
-	return 1;
-	}
-int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
-	unsigned int *k2, unsigned int *k3)
-	{
-	if (group == NULL)
-		return 0;
-
-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
-	    NID_X9_62_characteristic_two_field
-	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0)))
-		{
-		ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-
-	if (k1)
-		*k1 = group->poly[3];
-	if (k2)
-		*k2 = group->poly[2];
-	if (k3)
-		*k3 = group->poly[1];
-
-	return 1;
-	}
-#endif
-
-
-/* some structures needed for the asn1 encoding */
-typedef struct x9_62_pentanomial_st {
-	long k1;
-	long k2;
-	long k3;
-	} X9_62_PENTANOMIAL;
-
-typedef struct x9_62_characteristic_two_st {
-	long m;
-	ASN1_OBJECT  *type;
-	union	{
-		char *ptr;
-		/* NID_X9_62_onBasis */
-		ASN1_NULL    *onBasis;
-		/* NID_X9_62_tpBasis */
-		ASN1_INTEGER *tpBasis;
-		/* NID_X9_62_ppBasis */
-		X9_62_PENTANOMIAL *ppBasis;
-		/* anything else */
-		ASN1_TYPE *other;
-		} p;
-	} X9_62_CHARACTERISTIC_TWO;
-
-typedef struct x9_62_fieldid_st {
-        ASN1_OBJECT *fieldType;
-	union	{
-		char *ptr;
-		/* NID_X9_62_prime_field */
-		ASN1_INTEGER *prime;
-		/* NID_X9_62_characteristic_two_field */
-		X9_62_CHARACTERISTIC_TWO *char_two;
-		/* anything else */
-		ASN1_TYPE *other;
-		} p;
-	} X9_62_FIELDID;
-
-typedef struct x9_62_curve_st {
-        ASN1_OCTET_STRING *a;
-        ASN1_OCTET_STRING *b;
-        ASN1_BIT_STRING   *seed;
-        } X9_62_CURVE;
-
-typedef struct ec_parameters_st {
-        long              version;
-        X9_62_FIELDID     *fieldID;
-        X9_62_CURVE       *curve;
-        ASN1_OCTET_STRING *base;
-        ASN1_INTEGER      *order;
-        ASN1_INTEGER      *cofactor;
-        } ECPARAMETERS;
-
-struct ecpk_parameters_st {
-	int	type;
-	union {
-		ASN1_OBJECT  *named_curve;
-		ECPARAMETERS *parameters;
-		ASN1_NULL    *implicitlyCA;
-	} value;
-	}/* ECPKPARAMETERS */;
-
-/* SEC1 ECPrivateKey */
-typedef struct ec_privatekey_st {
-	long              version;
-	ASN1_OCTET_STRING *privateKey;
-        ECPKPARAMETERS    *parameters;
-	ASN1_BIT_STRING   *publicKey;
-	} EC_PRIVATEKEY;
-
-/* the OpenSSL ASN.1 definitions */
-ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
-	ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
-	ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
-	ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
-} ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
-
-DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
-
-ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
-
-ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
-	ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)),
-	ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)),
-	ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL))
-} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
-
-ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
-	ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
-	ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
-} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
-
-DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
-
-ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
-
-ASN1_ADB(X9_62_FIELDID) = {
-	ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),
-	ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO))
-} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL);
-
-ASN1_SEQUENCE(X9_62_FIELDID) = {
-	ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(X9_62_FIELDID)
-} ASN1_SEQUENCE_END(X9_62_FIELDID)
-
-ASN1_SEQUENCE(X9_62_CURVE) = {
-	ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
-	ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(X9_62_CURVE)
-
-ASN1_SEQUENCE(ECPARAMETERS) = {
-	ASN1_SIMPLE(ECPARAMETERS, version, LONG),
-	ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
-	ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
-	ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
-	ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(ECPARAMETERS)
-
-DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
-
-ASN1_CHOICE(ECPKPARAMETERS) = {
-	ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
-	ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
-	ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
-} ASN1_CHOICE_END(ECPKPARAMETERS)
-
-DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
-IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
-
-ASN1_SEQUENCE(EC_PRIVATEKEY) = {
-	ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
-	ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
-	ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
-	ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
-} ASN1_SEQUENCE_END(EC_PRIVATEKEY)
-
-DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY)
-IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
-
-/* some declarations of internal function */
-
-/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ 
-static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
-/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ 
-static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
-/* ec_asn1_parameters2group() creates a EC_GROUP object from a
- * ECPARAMETERS object */
-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); 
-/* ec_asn1_group2parameters() creates a ECPARAMETERS object from a 
- * EC_GROUP object */
-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,ECPARAMETERS *);
-/* ec_asn1_pkparameters2group() creates a EC_GROUP object from a
- * ECPKPARAMETERS object */
-static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); 
-/* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a 
- * EC_GROUP object */
-static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, 
-	ECPKPARAMETERS *);
-
-
-/* the function definitions */
-
-static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
-	{
-	int			ok=0, nid;
-	BIGNUM			*tmp = NULL;
-	
-	if (group == NULL || field == NULL)
-		return 0;
-
-	/* clear the old values (if necessary) */
-	if (field->fieldType != NULL)
-		ASN1_OBJECT_free(field->fieldType);
-	if (field->p.other != NULL)
-		ASN1_TYPE_free(field->p.other);
-
-	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
-	/* set OID for the field */
-	if ((field->fieldType = OBJ_nid2obj(nid)) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
-		goto err;
-		}
-
-	if (nid == NID_X9_62_prime_field)
-		{
-		if ((tmp = BN_new()) == NULL) 
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		/* the parameters are specified by the prime number p */
-		if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL))
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
-			goto err;
-			}
-		/* set the prime number */
-		field->p.prime = BN_to_ASN1_INTEGER(tmp,NULL);
-		if (field->p.prime == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		}
-	else	/* nid == NID_X9_62_characteristic_two_field */
-#ifdef OPENSSL_NO_EC2M
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
-		goto err;
-		}
-#else
-		{
-		int		field_type;
-		X9_62_CHARACTERISTIC_TWO *char_two;
-
-		field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
-		char_two = field->p.char_two;
-
-		if (char_two == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-	
-		char_two->m = (long)EC_GROUP_get_degree(group);
-
-		field_type = EC_GROUP_get_basis_type(group);
-
-		if (field_type == 0)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
-			goto err;
-			}
-		/* set base type OID */
-		if ((char_two->type = OBJ_nid2obj(field_type)) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
-			goto err;
-			}
-
-		if (field_type == NID_X9_62_tpBasis)
-			{
-			unsigned int k;
-
-			if (!EC_GROUP_get_trinomial_basis(group, &k))
-				goto err;
-
-			char_two->p.tpBasis = ASN1_INTEGER_new();
-			if (!char_two->p.tpBasis)
-				{
-				ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k))
-				{
-				ECerr(EC_F_EC_ASN1_GROUP2FIELDID,
-					ERR_R_ASN1_LIB);
-				goto err;
-				}
-			}
-		else if (field_type == NID_X9_62_ppBasis)
-			{
-			unsigned int k1, k2, k3;
-
-			if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
-				goto err;
-
-			char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
-			if (!char_two->p.ppBasis)
-				{
-				ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-
-			/* set k? values */
-			char_two->p.ppBasis->k1 = (long)k1;
-			char_two->p.ppBasis->k2 = (long)k2;
-			char_two->p.ppBasis->k3 = (long)k3;
-			}
-		else /* field_type == NID_X9_62_onBasis */
-			{
-			/* for ONB the parameters are (asn1) NULL */
-			char_two->p.onBasis = ASN1_NULL_new();
-			if (!char_two->p.onBasis)
-				{
-				ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			}
-		}
-#endif
-
-	ok = 1;
-
-err :	if (tmp)
-		BN_free(tmp);
-	return(ok);
-}
-
-static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
-	{
-	int           ok=0, nid;
-	BIGNUM        *tmp_1=NULL, *tmp_2=NULL;
-	unsigned char *buffer_1=NULL, *buffer_2=NULL,
-	              *a_buf=NULL, *b_buf=NULL;
-	size_t        len_1, len_2;
-	unsigned char char_zero = 0;
-
-	if (!group || !curve || !curve->a || !curve->b)
-		return 0;
-
-	if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
-
-	/* get a and b */
-	if (nid == NID_X9_62_prime_field)
-		{
-		if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL))
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-#ifndef OPENSSL_NO_EC2M
-	else	/* nid == NID_X9_62_characteristic_two_field */
-		{
-		if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL))
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-#endif
-	len_1 = (size_t)BN_num_bytes(tmp_1);
-	len_2 = (size_t)BN_num_bytes(tmp_2);
-
-	if (len_1 == 0)
-		{
-		/* len_1 == 0 => a == 0 */
-		a_buf = &char_zero;
-		len_1 = 1;
-		}
-	else
-		{
-		if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE,
-			      ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if ( (len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
-			goto err;
-			}
-		a_buf = buffer_1;
-		}
-
-	if (len_2 == 0)
-		{
-		/* len_2 == 0 => b == 0 */
-		b_buf = &char_zero;
-		len_2 = 1;
-		}
-	else
-		{
-		if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE,
-			      ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if ( (len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
-			goto err;
-			}
-		b_buf = buffer_2;
-		}
-	
-	/* set a and b */
-	if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) ||
-	    !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2))
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
-		goto err;
-		}
-	
-	/* set the seed (optional) */
-	if (group->seed)
-		{	
-		if (!curve->seed)
-			if ((curve->seed = ASN1_BIT_STRING_new()) == NULL)
-				{
-				ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-		curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-		curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-		if (!ASN1_BIT_STRING_set(curve->seed, group->seed, 
-		                         (int)group->seed_len))
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		}
-	else
-		{
-		if (curve->seed)
-			{
-			ASN1_BIT_STRING_free(curve->seed);
-			curve->seed = NULL;
-			}
-		}
-
-	ok = 1;
-
-err:	if (buffer_1)
-		OPENSSL_free(buffer_1);
-	if (buffer_2)
-		OPENSSL_free(buffer_2);
-	if (tmp_1)
-		BN_free(tmp_1);
-	if (tmp_2)
-		BN_free(tmp_2);
-	return(ok);
-	}
-
-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
-                                              ECPARAMETERS *param)
-	{
-	int	ok=0;
-	size_t  len=0;
-	ECPARAMETERS   *ret=NULL;
-	BIGNUM	       *tmp=NULL;
-	unsigned char  *buffer=NULL;
-	const EC_POINT *point=NULL;
-	point_conversion_form_t form;
-
-	if ((tmp = BN_new()) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (param == NULL)
-	{
-		if ((ret = ECPARAMETERS_new()) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, 
-			      ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-	}
-	else
-		ret = param;
-
-	/* set the version (always one) */
-	ret->version = (long)0x1;
-
-	/* set the fieldID */
-	if (!ec_asn1_group2fieldid(group, ret->fieldID))
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	/* set the curve */
-	if (!ec_asn1_group2curve(group, ret->curve))
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	/* set the base point */
-	if ((point = EC_GROUP_get0_generator(group)) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);
-		goto err;
-		}
-
-	form = EC_GROUP_get_point_conversion_form(group);
-
-	len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
-	if (len == 0)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
-		goto err;
-		}
-	if ((buffer = OPENSSL_malloc(len)) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL))
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
-		goto err;
-		}
-	if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if (!ASN1_OCTET_STRING_set(ret->base, buffer, len))
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
-		goto err;
-		}
-
-	/* set the order */
-	if (!EC_GROUP_get_order(group, tmp, NULL))
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
-		goto err;
-		}
-	ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
-	if (ret->order == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
-		goto err;
-		}
-
-	/* set the cofactor (optional) */
-	if (EC_GROUP_get_cofactor(group, tmp, NULL))
-		{
-		ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
-		if (ret->cofactor == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		}
-
-	ok = 1;
-
-err :	if(!ok)
-		{
-		if (ret && !param)
-			ECPARAMETERS_free(ret);
-		ret = NULL;
-		}
-	if (tmp)
-		BN_free(tmp);
-	if (buffer)
-		OPENSSL_free(buffer);
-	return(ret);
-	}
-
-ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, 
-                                           ECPKPARAMETERS *params)
-	{
-	int            ok = 1, tmp;
-	ECPKPARAMETERS *ret = params;
-
-	if (ret == NULL)
-		{
-		if ((ret = ECPKPARAMETERS_new()) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, 
-			      ERR_R_MALLOC_FAILURE);
-			return NULL;
-			}
-		}
-	else
-		{
-		if (ret->type == 0 && ret->value.named_curve)
-			ASN1_OBJECT_free(ret->value.named_curve);
-		else if (ret->type == 1 && ret->value.parameters)
-			ECPARAMETERS_free(ret->value.parameters);
-		}
-
-	if (EC_GROUP_get_asn1_flag(group))
-		{
-		/* use the asn1 OID to describe the
-		 * the elliptic curve parameters
-		 */
-		tmp = EC_GROUP_get_curve_name(group);
-		if (tmp)
-			{
-			ret->type = 0;
-			if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
-				ok = 0;
-			}
-		else
-			/* we don't kmow the nid => ERROR */
-			ok = 0;
-		}
-	else
-		{	
-		/* use the ECPARAMETERS structure */
-		ret->type = 1;
-		if ((ret->value.parameters = ec_asn1_group2parameters(
-		     group, NULL)) == NULL)
-			ok = 0;
-		}
-
-	if (!ok)
-		{
-		ECPKPARAMETERS_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
-
-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
-	{
-	int			ok = 0, tmp;
-	EC_GROUP		*ret = NULL;
-	BIGNUM			*p = NULL, *a = NULL, *b = NULL;
-	EC_POINT		*point=NULL;
-	long    		field_bits;
-
-	if (!params->fieldID || !params->fieldID->fieldType || 
-	    !params->fieldID->p.ptr)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-		goto err;
-		}
-
-	/* now extract the curve parameters a and b */
-	if (!params->curve || !params->curve->a || 
-	    !params->curve->a->data || !params->curve->b ||
-	    !params->curve->b->data)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-		goto err;
-		}
-	a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
-	if (a == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
-		goto err;
-		}
-	b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
-	if (b == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
-		goto err;
-		}
-
-	/* get the field parameters */
-	tmp = OBJ_obj2nid(params->fieldID->fieldType);
-	if (tmp == NID_X9_62_characteristic_two_field)
-#ifdef OPENSSL_NO_EC2M
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED);
-		goto err;
-		}
-#else
-		{
-		X9_62_CHARACTERISTIC_TWO *char_two;
-
-		char_two = params->fieldID->p.char_two;
-
-		field_bits = char_two->m;
-		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
-			goto err;
-			}
-
-		if ((p = BN_new()) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		/* get the base type */
-		tmp = OBJ_obj2nid(char_two->type);
-
-		if (tmp ==  NID_X9_62_tpBasis)
-			{
-			long tmp_long;
-
-			if (!char_two->p.tpBasis)
-				{
-				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-				goto err;
-				}
-
-			tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
-
-			if (!(char_two->m > tmp_long && tmp_long > 0))
-				{
-				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS);
-				goto err;
-				}
-			
-			/* create the polynomial */
-			if (!BN_set_bit(p, (int)char_two->m))
-				goto err;
-			if (!BN_set_bit(p, (int)tmp_long))
-				goto err;
-			if (!BN_set_bit(p, 0))
-				goto err;
-			}
-		else if (tmp == NID_X9_62_ppBasis)
-			{
-			X9_62_PENTANOMIAL *penta;
-
-			penta = char_two->p.ppBasis;
-			if (!penta)
-				{
-				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-				goto err;
-				}
-
-			if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0))
-				{
-				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS);
-				goto err;
-				}
-			
-			/* create the polynomial */
-			if (!BN_set_bit(p, (int)char_two->m)) goto err;
-			if (!BN_set_bit(p, (int)penta->k1)) goto err;
-			if (!BN_set_bit(p, (int)penta->k2)) goto err;
-			if (!BN_set_bit(p, (int)penta->k3)) goto err;
-			if (!BN_set_bit(p, 0)) goto err;
-			}
-		else if (tmp == NID_X9_62_onBasis)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED);
-			goto err;
-			}
-		else /* error */
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-			goto err;
-			}
-
-		/* create the EC_GROUP structure */
-		ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
-		}
-#endif
-	else if (tmp == NID_X9_62_prime_field)
-		{
-		/* we have a curve over a prime field */
-		/* extract the prime number */
-		if (!params->fieldID->p.prime)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-			goto err;
-			}
-		p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
-		if (p == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
-			goto err;
-			}
-
-		if (BN_is_negative(p) || BN_is_zero(p))
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
-			goto err;
-			}
-
-		field_bits = BN_num_bits(p);
-		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
-			goto err;
-			}
-
-		/* create the EC_GROUP structure */
-		ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
-		}
-	else
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
-		goto err;
-		}
-
-	if (ret == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	/* extract seed (optional) */
-	if (params->curve->seed != NULL)
-		{
-		if (ret->seed != NULL)
-			OPENSSL_free(ret->seed);
-		if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length)))
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, 
-			      ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		memcpy(ret->seed, params->curve->seed->data, 
-		       params->curve->seed->length);
-		ret->seed_len = params->curve->seed->length;
-		}
-
-	if (!params->order || !params->base || !params->base->data)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-		goto err;
-		}
-
-	if ((point = EC_POINT_new(ret)) == NULL) goto err;
-
-	/* set the point conversion form */
-	EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
-				(params->base->data[0] & ~0x01));
-
-	/* extract the ec point */
-	if (!EC_POINT_oct2point(ret, point, params->base->data, 
-		                params->base->length, NULL))
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	/* extract the order */
-	if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
-		goto err;
-		}
-	if (BN_is_negative(a) || BN_is_zero(a))
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
-		goto err;
-		}
-	if (BN_num_bits(a) > (int)field_bits + 1) /* Hasse bound */
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
-		goto err;
-		}
-	
-	/* extract the cofactor (optional) */
-	if (params->cofactor == NULL)
-		{
-		if (b)
-			{
-			BN_free(b);
-			b = NULL;
-			}
-		}
-	else
-		if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
-			goto err;
-			}
-	/* set the generator, order and cofactor (if present) */
-	if (!EC_GROUP_set_generator(ret, point, a, b))
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	ok = 1;
-
-err:	if (!ok)
-		{
-		if (ret) 
-			EC_GROUP_clear_free(ret);
-		ret = NULL;
-		}
-
-	if (p)	
-		BN_free(p);
-	if (a)	
-		BN_free(a);
-	if (b)	
-		BN_free(b);
-	if (point)	
-		EC_POINT_free(point);
-	return(ret);
-}
-
-EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params)
-	{
-	EC_GROUP *ret=NULL;
-	int      tmp=0;
-
-	if (params == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 
-		      EC_R_MISSING_PARAMETERS);
-		return NULL;
-		}
-
-	if (params->type == 0)
-		{ /* the curve is given by an OID */
-		tmp = OBJ_obj2nid(params->value.named_curve);
-		if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 
-			      EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
-			return NULL;
-			}
-		EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
-		}
-	else if (params->type == 1)
-		{ /* the parameters are given by a ECPARAMETERS
-		   * structure */
-		ret = ec_asn1_parameters2group(params->value.parameters);
-		if (!ret)
-			{
-			ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);
-			return NULL;
-			}
-		EC_GROUP_set_asn1_flag(ret, 0x0);
-		}
-	else if (params->type == 2)
-		{ /* implicitlyCA */
-		return NULL;
-		}
-	else
-		{
-		ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR);
-		return NULL;
-		}
-
-	return ret;
-	}
-
-/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
-
-EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
-	{
-	EC_GROUP	*group  = NULL;
-	ECPKPARAMETERS	*params = NULL;
-
-	if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL)
-		{
-		ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
-		ECPKPARAMETERS_free(params);
-		return NULL;
-		}
-	
-	if ((group = ec_asn1_pkparameters2group(params)) == NULL)
-		{
-		ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
-		ECPKPARAMETERS_free(params);
-		return NULL; 
-		}
-
-	
-	if (a && *a)
-		EC_GROUP_clear_free(*a);
-	if (a)
-		*a = group;
-
-	ECPKPARAMETERS_free(params);
-	return(group);
-	}
-
-int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
-	{
-	int		ret=0;
-	ECPKPARAMETERS	*tmp = ec_asn1_group2pkparameters(a, NULL);
-	if (tmp == NULL)
-		{
-		ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
-		return 0;
-		}
-	if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0)
-		{
-		ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
-		ECPKPARAMETERS_free(tmp);
-		return 0;
-		}	
-	ECPKPARAMETERS_free(tmp);
-	return(ret);
-	}
-
-/* some EC_KEY functions */
-
-EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
-	{
-	int             ok=0;
-	EC_KEY          *ret=NULL;
-	EC_PRIVATEKEY   *priv_key=NULL;
-
-	if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
-		{
-		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL)
-		{
-		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
-		EC_PRIVATEKEY_free(priv_key);
-		return NULL;
-		}
-
-	if (a == NULL || *a == NULL)
-		{
-		if ((ret = EC_KEY_new()) == NULL)	
-			{
-			ECerr(EC_F_D2I_ECPRIVATEKEY,
-                                 ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (a)
-			*a = ret;
-		}
-	else
-		ret = *a;
-
-	if (priv_key->parameters)
-		{
-		if (ret->group)
-			EC_GROUP_clear_free(ret->group);
-		ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
-		}
-
-	if (ret->group == NULL)
-		{
-		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	ret->version = priv_key->version;
-
-	if (priv_key->privateKey)
-		{
-		ret->priv_key = BN_bin2bn(
-			M_ASN1_STRING_data(priv_key->privateKey),
-			M_ASN1_STRING_length(priv_key->privateKey),
-			ret->priv_key);
-		if (ret->priv_key == NULL)
-			{
-			ECerr(EC_F_D2I_ECPRIVATEKEY,
-                              ERR_R_BN_LIB);
-			goto err;
-			}
-		}
-	else
-		{
-		ECerr(EC_F_D2I_ECPRIVATEKEY, 
-                      EC_R_MISSING_PRIVATE_KEY);
-		goto err;
-		}
-
-	if (ret->pub_key)
-		EC_POINT_clear_free(ret->pub_key);
-	ret->pub_key = EC_POINT_new(ret->group);
-	if (ret->pub_key == NULL)
-		{
-		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	if (priv_key->publicKey)
-		{
-		const unsigned char *pub_oct;
-		int pub_oct_len;
-
-		pub_oct     = M_ASN1_STRING_data(priv_key->publicKey);
-		pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
-		/* The first byte - point conversion form - must be present. */
-                if (pub_oct_len <= 0)
-			{
-			ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL);
-			goto err;
-			}
-		/* Save the point conversion form. */
-		ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
-		if (!EC_POINT_oct2point(ret->group, ret->pub_key,
-					pub_oct, (size_t)(pub_oct_len), NULL))
-			{
-			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-	else
-		{
-		if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, NULL, NULL, NULL))
-			{
-			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
-			goto err;
-			}
-		/* Remember the original private-key-only encoding. */
-		ret->enc_flag |= EC_PKEY_NO_PUBKEY;
-		}
-
-	ok = 1;
-err:
-	if (!ok)
-		{
-		if (ret)
-			EC_KEY_free(ret);
-		ret = NULL;
-		}
-
-	if (priv_key)
-		EC_PRIVATEKEY_free(priv_key);
-
-	return(ret);
-	}
-
-int	i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
-	{
-	int             ret=0, ok=0;
-	unsigned char   *buffer=NULL;
-	size_t          buf_len=0, tmp_len;
-	EC_PRIVATEKEY   *priv_key=NULL;
-
-	if (a == NULL || a->group == NULL || a->priv_key == NULL ||
-	    (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL))
-		{
-		ECerr(EC_F_I2D_ECPRIVATEKEY,
-                      ERR_R_PASSED_NULL_PARAMETER);
-		goto err;
-		}
-
-	if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
-		{
-		ECerr(EC_F_I2D_ECPRIVATEKEY,
-                      ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	priv_key->version = a->version;
-
-	buf_len = (size_t)BN_num_bytes(a->priv_key);
-	buffer = OPENSSL_malloc(buf_len);
-	if (buffer == NULL)
-		{
-		ECerr(EC_F_I2D_ECPRIVATEKEY,
-                      ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	
-	if (!BN_bn2bin(a->priv_key, buffer))
-		{
-		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
-		goto err;
-		}
-
-	if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len))
-		{
-		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
-		goto err;
-		}	
-
-	if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS))
-		{
-		if ((priv_key->parameters = ec_asn1_group2pkparameters(
-			a->group, priv_key->parameters)) == NULL)
-			{
-			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-
-	if (!(a->enc_flag & EC_PKEY_NO_PUBKEY))
-		{
-		priv_key->publicKey = M_ASN1_BIT_STRING_new();
-		if (priv_key->publicKey == NULL)
-			{
-			ECerr(EC_F_I2D_ECPRIVATEKEY,
-				ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		tmp_len = EC_POINT_point2oct(a->group, a->pub_key, 
-				a->conv_form, NULL, 0, NULL);
-
-		if (tmp_len > buf_len)
-			{
-			unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len);
-			if (!tmp_buffer)
-				{
-				ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			buffer = tmp_buffer;
-			buf_len = tmp_len;
-			}
-
-		if (!EC_POINT_point2oct(a->group, a->pub_key, 
-			a->conv_form, buffer, buf_len, NULL))
-			{
-			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
-			goto err;
-			}
-
-		priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-		priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-		if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, 
-				buf_len))
-			{
-			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		}
-
-	if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0)
-		{
-		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
-		goto err;
-		}
-	ok=1;
-err:
-	if (buffer)
-		OPENSSL_free(buffer);
-	if (priv_key)
-		EC_PRIVATEKEY_free(priv_key);
-	return(ok?ret:0);
-	}
-
-int i2d_ECParameters(EC_KEY *a, unsigned char **out)
-	{
-	if (a == NULL)
-		{
-		ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	return i2d_ECPKParameters(a->group, out);
-	}
-
-EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
-	{
-	EC_KEY   *ret;
-
-	if (in == NULL || *in == NULL)
-		{
-		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-
-	if (a == NULL || *a == NULL)
-		{
-		if ((ret = EC_KEY_new()) == NULL)
-			{
-			ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
-			return NULL;
-			}
-		if (a)
-			*a = ret;
-		}
-	else
-		ret = *a;
-
-	if (!d2i_ECPKParameters(&ret->group, in, len))
-		{
-		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
-		return NULL;
-		}
-
-	return ret;
-	}
-
-EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
-	{
-	EC_KEY *ret=NULL;
-
-	if (a == NULL || (*a) == NULL || (*a)->group == NULL)
-		{
-		/* sorry, but a EC_GROUP-structur is necessary
-                 * to set the public key */
-		ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	ret = *a;
-	if (ret->pub_key == NULL && 
-		(ret->pub_key = EC_POINT_new(ret->group)) == NULL)
-		{
-		ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL))
-		{
-		ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
-		return 0;
-		}
-	/* save the point conversion form */
-	ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01);
-	*in += len;
-	return ret;
-	}
-
-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
-	{
-        size_t buf_len=0;
-	int new_buffer = 0;
-
-        if (a == NULL) 
-		{
-		ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-
-        buf_len = EC_POINT_point2oct(a->group, a->pub_key, 
-                              a->conv_form, NULL, 0, NULL);
-
-	if (out == NULL || buf_len == 0)
-	/* out == NULL => just return the length of the octet string */
-		return buf_len;
-
-	if (*out == NULL)
-		{
-		if ((*out = OPENSSL_malloc(buf_len)) == NULL)
-			{
-			ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		new_buffer = 1;
-		}
-        if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
-				*out, buf_len, NULL))
-		{
-		ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
-		if (new_buffer)
-			{
-			OPENSSL_free(*out);
-			*out = NULL;
-			}
-		return 0;
-		}
-	if (!new_buffer)
-		*out += buf_len;
-	return buf_len;
-	}
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
deleted file mode 100644
index 0e316b4b3f..0000000000
--- a/crypto/ec/ec_check.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* crypto/ec/ec_check.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ec_lcl.h"
-#include <openssl/err.h>
-
-int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BIGNUM *order;
-	BN_CTX *new_ctx = NULL;
-	EC_POINT *point = NULL;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			{
-			ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	BN_CTX_start(ctx);
-	if ((order = BN_CTX_get(ctx)) == NULL) goto err;
-
-	/* check the discriminant */
-	if (!EC_GROUP_check_discriminant(group, ctx))
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);
-		goto err;
-		}
-
-	/* check the generator */
-	if (group->generator == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
-		goto err;
-		}
-	if (!EC_POINT_is_on_curve(group, group->generator, ctx))
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
-		goto err;
-		}
-
-	/* check the order of the generator */
-	if ((point = EC_POINT_new(group)) == NULL) goto err;
-	if (!EC_GROUP_get_order(group, order, ctx)) goto err; 
-	if (BN_is_zero(order))
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
-		goto err;
-		}
-	
-	if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err;
-	if (!EC_POINT_is_at_infinity(group, point))
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);
-		goto err;
-		}
-
-	ret = 1;
-
-err:
-	if (ctx != NULL)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	if (point)
-		EC_POINT_free(point);
-	return ret;
-	}
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
deleted file mode 100644
index c72fb2697c..0000000000
--- a/crypto/ec/ec_curve.c
+++ /dev/null
@@ -1,2100 +0,0 @@
-/* crypto/ec/ec_curve.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include "ec_lcl.h"
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
-#include <openssl/opensslconf.h>
-
-typedef struct {
-	int	field_type,	/* either NID_X9_62_prime_field or
-				 * NID_X9_62_characteristic_two_field */
-		seed_len,
-		param_len;
-	unsigned int cofactor;	/* promoted to BN_ULONG */
-} EC_CURVE_DATA;
-
-/* the nist prime curves */
-static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
-	_EC_NIST_PRIME_192 = {
-	{ NID_X9_62_prime_field,20,24,1 },
-	{ 0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57,	/* seed */
-	  0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5,
-
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFC,
-	  0x64,0x21,0x05,0x19,0xE5,0x9C,0x80,0xE7,0x0F,0xA7,	/* b */
-	  0xE9,0xAB,0x72,0x24,0x30,0x49,0xFE,0xB8,0xDE,0xEC,
-	  0xC1,0x46,0xB9,0xB1,
-	  0x18,0x8D,0xA8,0x0E,0xB0,0x30,0x90,0xF6,0x7C,0xBF,	/* x */
-	  0x20,0xEB,0x43,0xA1,0x88,0x00,0xF4,0xFF,0x0A,0xFD,
-	  0x82,0xFF,0x10,0x12,
-	  0x07,0x19,0x2b,0x95,0xff,0xc8,0xda,0x78,0x63,0x10,	/* y */
-	  0x11,0xed,0x6b,0x24,0xcd,0xd5,0x73,0xf9,0x77,0xa1,
-	  0x1e,0x79,0x48,0x11,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0x99,0xDE,0xF8,0x36,0x14,0x6B,0xC9,0xB1,
-	  0xB4,0xD2,0x28,0x31 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+28*6]; }
-	_EC_NIST_PRIME_224 = {
-	{ NID_X9_62_prime_field,20,28,1 },
-	{ 0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45,	/* seed */
-	  0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5,
-
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
-	  0xB4,0x05,0x0A,0x85,0x0C,0x04,0xB3,0xAB,0xF5,0x41,	/* b */
-	  0x32,0x56,0x50,0x44,0xB0,0xB7,0xD7,0xBF,0xD8,0xBA,
-	  0x27,0x0B,0x39,0x43,0x23,0x55,0xFF,0xB4,
-	  0xB7,0x0E,0x0C,0xBD,0x6B,0xB4,0xBF,0x7F,0x32,0x13,	/* x */
-	  0x90,0xB9,0x4A,0x03,0xC1,0xD3,0x56,0xC2,0x11,0x22,
-	  0x34,0x32,0x80,0xD6,0x11,0x5C,0x1D,0x21,
-	  0xbd,0x37,0x63,0x88,0xb5,0xf7,0x23,0xfb,0x4c,0x22,	/* y */
-	  0xdf,0xe6,0xcd,0x43,0x75,0xa0,0x5a,0x07,0x47,0x64,
-	  0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0xFF,0xFF,0x16,0xA2,0xE0,0xB8,0xF0,0x3E,
-	  0x13,0xDD,0x29,0x45,0x5C,0x5C,0x2A,0x3D }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+48*6]; }
-	_EC_NIST_PRIME_384 = {
-	{ NID_X9_62_prime_field,20,48,1 },
-	{ 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00,	/* seed */
-	  0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73,
-
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFC,
-	  0xB3,0x31,0x2F,0xA7,0xE2,0x3E,0xE7,0xE4,0x98,0x8E,	/* b */
-	  0x05,0x6B,0xE3,0xF8,0x2D,0x19,0x18,0x1D,0x9C,0x6E,
-	  0xFE,0x81,0x41,0x12,0x03,0x14,0x08,0x8F,0x50,0x13,
-	  0x87,0x5A,0xC6,0x56,0x39,0x8D,0x8A,0x2E,0xD1,0x9D,
-	  0x2A,0x85,0xC8,0xED,0xD3,0xEC,0x2A,0xEF,
-	  0xAA,0x87,0xCA,0x22,0xBE,0x8B,0x05,0x37,0x8E,0xB1,	/* x */
-	  0xC7,0x1E,0xF3,0x20,0xAD,0x74,0x6E,0x1D,0x3B,0x62,
-	  0x8B,0xA7,0x9B,0x98,0x59,0xF7,0x41,0xE0,0x82,0x54,
-	  0x2A,0x38,0x55,0x02,0xF2,0x5D,0xBF,0x55,0x29,0x6C,
-	  0x3A,0x54,0x5E,0x38,0x72,0x76,0x0A,0xB7,
-	  0x36,0x17,0xde,0x4a,0x96,0x26,0x2c,0x6f,0x5d,0x9e,	/* y */
-	  0x98,0xbf,0x92,0x92,0xdc,0x29,0xf8,0xf4,0x1d,0xbd,
-	  0x28,0x9a,0x14,0x7c,0xe9,0xda,0x31,0x13,0xb5,0xf0,
-	  0xb8,0xc0,0x0a,0x60,0xb1,0xce,0x1d,0x7e,0x81,0x9d,
-	  0x7a,0x43,0x1d,0x7c,0x90,0xea,0x0e,0x5f,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xC7,0x63,0x4D,0x81,0xF4,0x37,
-	  0x2D,0xDF,0x58,0x1A,0x0D,0xB2,0x48,0xB0,0xA7,0x7A,
-	  0xEC,0xEC,0x19,0x6A,0xCC,0xC5,0x29,0x73 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+66*6]; }
-	_EC_NIST_PRIME_521 = {
-	{ NID_X9_62_prime_field,20,66,1 },
-	{ 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,	/* seed */
-	  0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA,
-
-	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
-	  0x00,0x51,0x95,0x3E,0xB9,0x61,0x8E,0x1C,0x9A,0x1F,	/* b */
-	  0x92,0x9A,0x21,0xA0,0xB6,0x85,0x40,0xEE,0xA2,0xDA,
-	  0x72,0x5B,0x99,0xB3,0x15,0xF3,0xB8,0xB4,0x89,0x91,
-	  0x8E,0xF1,0x09,0xE1,0x56,0x19,0x39,0x51,0xEC,0x7E,
-	  0x93,0x7B,0x16,0x52,0xC0,0xBD,0x3B,0xB1,0xBF,0x07,
-	  0x35,0x73,0xDF,0x88,0x3D,0x2C,0x34,0xF1,0xEF,0x45,
-	  0x1F,0xD4,0x6B,0x50,0x3F,0x00,
-	  0x00,0xC6,0x85,0x8E,0x06,0xB7,0x04,0x04,0xE9,0xCD,	/* x */
-	  0x9E,0x3E,0xCB,0x66,0x23,0x95,0xB4,0x42,0x9C,0x64,
-	  0x81,0x39,0x05,0x3F,0xB5,0x21,0xF8,0x28,0xAF,0x60,
-	  0x6B,0x4D,0x3D,0xBA,0xA1,0x4B,0x5E,0x77,0xEF,0xE7,
-	  0x59,0x28,0xFE,0x1D,0xC1,0x27,0xA2,0xFF,0xA8,0xDE,
-	  0x33,0x48,0xB3,0xC1,0x85,0x6A,0x42,0x9B,0xF9,0x7E,
-	  0x7E,0x31,0xC2,0xE5,0xBD,0x66,
-	  0x01,0x18,0x39,0x29,0x6a,0x78,0x9a,0x3b,0xc0,0x04,	/* y */
-	  0x5c,0x8a,0x5f,0xb4,0x2c,0x7d,0x1b,0xd9,0x98,0xf5,
-	  0x44,0x49,0x57,0x9b,0x44,0x68,0x17,0xaf,0xbd,0x17,
-	  0x27,0x3e,0x66,0x2c,0x97,0xee,0x72,0x99,0x5e,0xf4,
-	  0x26,0x40,0xc5,0x50,0xb9,0x01,0x3f,0xad,0x07,0x61,
-	  0x35,0x3c,0x70,0x86,0xa2,0x72,0xc2,0x40,0x88,0xbe,
-	  0x94,0x76,0x9f,0xd1,0x66,0x50,
-	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFA,0x51,0x86,0x87,0x83,0xBF,0x2F,
-	  0x96,0x6B,0x7F,0xCC,0x01,0x48,0xF7,0x09,0xA5,0xD0,
-	  0x3B,0xB5,0xC9,0xB8,0x89,0x9C,0x47,0xAE,0xBB,0x6F,
-	  0xB7,0x1E,0x91,0x38,0x64,0x09 }
-	};
-
-/* the x9.62 prime curves (minus the nist prime curves) */
-static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
-	_EC_X9_62_PRIME_192V2 = {
-	{ NID_X9_62_prime_field,20,24,1 },
-	{ 0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B,	/* seed */
-	  0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6,
-
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFC,
-	  0xCC,0x22,0xD6,0xDF,0xB9,0x5C,0x6B,0x25,0xE4,0x9C,	/* b */
-	  0x0D,0x63,0x64,0xA4,0xE5,0x98,0x0C,0x39,0x3A,0xA2,
-	  0x16,0x68,0xD9,0x53,
-	  0xEE,0xA2,0xBA,0xE7,0xE1,0x49,0x78,0x42,0xF2,0xDE,	/* x */
-	  0x77,0x69,0xCF,0xE9,0xC9,0x89,0xC0,0x72,0xAD,0x69,
-	  0x6F,0x48,0x03,0x4A,
-	  0x65,0x74,0xd1,0x1d,0x69,0xb6,0xec,0x7a,0x67,0x2b,	/* y */
-	  0xb8,0x2a,0x08,0x3d,0xf2,0xf2,0xb0,0x84,0x7d,0xe9,
-	  0x70,0xb2,0xde,0x15,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFE,0x5F,0xB1,0xA7,0x24,0xDC,0x80,0x41,0x86,
-	  0x48,0xD8,0xDD,0x31 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
-	_EC_X9_62_PRIME_192V3 = {
-	{ NID_X9_62_prime_field,20,24,1 },
-	{ 0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6,	/* seed */
-	  0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E,
-
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFC,
-	  0x22,0x12,0x3D,0xC2,0x39,0x5A,0x05,0xCA,0xA7,0x42,	/* b */
-	  0x3D,0xAE,0xCC,0xC9,0x47,0x60,0xA7,0xD4,0x62,0x25,
-	  0x6B,0xD5,0x69,0x16,
-	  0x7D,0x29,0x77,0x81,0x00,0xC6,0x5A,0x1D,0xA1,0x78,	/* x */
-	  0x37,0x16,0x58,0x8D,0xCE,0x2B,0x8B,0x4A,0xEE,0x8E,
-	  0x22,0x8F,0x18,0x96,
-	  0x38,0xa9,0x0f,0x22,0x63,0x73,0x37,0x33,0x4b,0x49,	/* y */
-	  0xdc,0xb6,0x6a,0x6d,0xc8,0xf9,0x97,0x8a,0xca,0x76,
-	  0x48,0xa9,0x43,0xb0,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0x7A,0x62,0xD0,0x31,0xC8,0x3F,0x42,0x94,
-	  0xF6,0x40,0xEC,0x13 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-	_EC_X9_62_PRIME_239V1 = {
-	{ NID_X9_62_prime_field,20,30,1 },
-	{ 0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0,	/* seed */
-	  0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D,
-
-	  0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
-	  0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,
-
-	  0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
-	  0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC,
-
-	  0x6B,0x01,0x6C,0x3B,0xDC,0xF1,0x89,0x41,0xD0,0xD6,	/* b */
-	  0x54,0x92,0x14,0x75,0xCA,0x71,0xA9,0xDB,0x2F,0xB2,
-	  0x7D,0x1D,0x37,0x79,0x61,0x85,0xC2,0x94,0x2C,0x0A,
-
-	  0x0F,0xFA,0x96,0x3C,0xDC,0xA8,0x81,0x6C,0xCC,0x33,	/* x */
-	  0xB8,0x64,0x2B,0xED,0xF9,0x05,0xC3,0xD3,0x58,0x57,
-	  0x3D,0x3F,0x27,0xFB,0xBD,0x3B,0x3C,0xB9,0xAA,0xAF,
-
-	  0x7d,0xeb,0xe8,0xe4,0xe9,0x0a,0x5d,0xae,0x6e,0x40,	/* y */
-	  0x54,0xca,0x53,0x0b,0xa0,0x46,0x54,0xb3,0x68,0x18,
-	  0xce,0x22,0x6b,0x39,0xfc,0xcb,0x7b,0x02,0xf1,0xae,
-
-	  0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0x7F,0xFF,0xFF,0x9E,0x5E,0x9A,0x9F,0x5D,
-	  0x90,0x71,0xFB,0xD1,0x52,0x26,0x88,0x90,0x9D,0x0B }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-	_EC_X9_62_PRIME_239V2 = {
-	{ NID_X9_62_prime_field,20,30,1 },
-	{ 0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B,	/* seed */
-	  0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16,
-
-	  0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
-	  0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,
-
-	  0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
-	  0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC,
-
-	  0x61,0x7F,0xAB,0x68,0x32,0x57,0x6C,0xBB,0xFE,0xD5,	/* b */
-	  0x0D,0x99,0xF0,0x24,0x9C,0x3F,0xEE,0x58,0xB9,0x4B,
-	  0xA0,0x03,0x8C,0x7A,0xE8,0x4C,0x8C,0x83,0x2F,0x2C,
-
-	  0x38,0xAF,0x09,0xD9,0x87,0x27,0x70,0x51,0x20,0xC9,	/* x */
-	  0x21,0xBB,0x5E,0x9E,0x26,0x29,0x6A,0x3C,0xDC,0xF2,
-	  0xF3,0x57,0x57,0xA0,0xEA,0xFD,0x87,0xB8,0x30,0xE7,
-
-	  0x5b,0x01,0x25,0xe4,0xdb,0xea,0x0e,0xc7,0x20,0x6d,	/* y */
-	  0xa0,0xfc,0x01,0xd9,0xb0,0x81,0x32,0x9f,0xb5,0x55,
-	  0xde,0x6e,0xf4,0x60,0x23,0x7d,0xff,0x8b,0xe4,0xba,
-
-	  0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0x80,0x00,0x00,0xCF,0xA7,0xE8,0x59,0x43,
-	  0x77,0xD4,0x14,0xC0,0x38,0x21,0xBC,0x58,0x20,0x63 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-	_EC_X9_62_PRIME_239V3 = {
-	{ NID_X9_62_prime_field,20,30,1 },
-	{ 0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A,	/* seed */
-	  0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF,
-
-	  0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
-	  0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,
-
-	  0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0x80,0x00,
-	  0x00,0x00,0x00,0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFC,
-
-	  0x25,0x57,0x05,0xFA,0x2A,0x30,0x66,0x54,0xB1,0xF4,	/* b */
-	  0xCB,0x03,0xD6,0xA7,0x50,0xA3,0x0C,0x25,0x01,0x02,
-	  0xD4,0x98,0x87,0x17,0xD9,0xBA,0x15,0xAB,0x6D,0x3E,
-
-	  0x67,0x68,0xAE,0x8E,0x18,0xBB,0x92,0xCF,0xCF,0x00,	/* x */
-	  0x5C,0x94,0x9A,0xA2,0xC6,0xD9,0x48,0x53,0xD0,0xE6,
-	  0x60,0xBB,0xF8,0x54,0xB1,0xC9,0x50,0x5F,0xE9,0x5A,
-
-	  0x16,0x07,0xe6,0x89,0x8f,0x39,0x0c,0x06,0xbc,0x1d,	/* y */
-	  0x55,0x2b,0xad,0x22,0x6f,0x3b,0x6f,0xcf,0xe4,0x8b,
-	  0x6e,0x81,0x84,0x99,0xaf,0x18,0xe3,0xed,0x6c,0xf3,
-
-	  0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0x7F,0xFF,0xFF,0x97,0x5D,0xEB,0x41,0xB3,
-	  0xA6,0x05,0x7C,0x3C,0x43,0x21,0x46,0x52,0x65,0x51 }
-	};
-
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+32*6]; }
-	_EC_X9_62_PRIME_256V1 = {
-	{ NID_X9_62_prime_field,20,32,1 },
-	{ 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66,	/* seed */
-	  0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90,
-
-	  0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFC,
-	  0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,0xB3,0xEB,	/* b */
-	  0xBD,0x55,0x76,0x98,0x86,0xBC,0x65,0x1D,0x06,0xB0,
-	  0xCC,0x53,0xB0,0xF6,0x3B,0xCE,0x3C,0x3E,0x27,0xD2,
-	  0x60,0x4B,
-	  0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,0xF8,0xBC,	/* x */
-	  0xE6,0xE5,0x63,0xA4,0x40,0xF2,0x77,0x03,0x7D,0x81,
-	  0x2D,0xEB,0x33,0xA0,0xF4,0xA1,0x39,0x45,0xD8,0x98,
-	  0xC2,0x96,
-	  0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,	/* y */
-	  0xeb,0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57,
-	  0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,
-	  0x51,0xf5,
-	  0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xBC,0xE6,0xFA,0xAD,
-	  0xA7,0x17,0x9E,0x84,0xF3,0xB9,0xCA,0xC2,0xFC,0x63,
-	  0x25,0x51 }
-	};
-
-/* the secg prime curves (minus the nist and x9.62 prime curves) */
-static const struct { EC_CURVE_DATA h; unsigned char data[20+14*6]; }
-	_EC_SECG_PRIME_112R1 = {
-	{ NID_X9_62_prime_field,20,14,1 },
-	{ 0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68,	/* seed */
-	  0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1,
-
-	  0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76,	/* p */
-	  0xBE,0xAD,0x20,0x8B,
-	  0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76,	/* a */
-	  0xBE,0xAD,0x20,0x88,
-	  0x65,0x9E,0xF8,0xBA,0x04,0x39,0x16,0xEE,0xDE,0x89,	/* b */
-	  0x11,0x70,0x2B,0x22,
-	  0x09,0x48,0x72,0x39,0x99,0x5A,0x5E,0xE7,0x6B,0x55,	/* x */
-	  0xF9,0xC2,0xF0,0x98,
-	  0xa8,0x9c,0xe5,0xaf,0x87,0x24,0xc0,0xa2,0x3e,0x0e,	/* y */
-	  0x0f,0xf7,0x75,0x00,
-	  0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x76,0x28,0xDF,	/* order */
-	  0xAC,0x65,0x61,0xC5 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+14*6]; }
-	_EC_SECG_PRIME_112R2 = {
-	{ NID_X9_62_prime_field,20,14,4 },
-	{ 0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68,	/* seed */
-	  0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4,
-
-	  0xDB,0x7C,0x2A,0xBF,0x62,0xE3,0x5E,0x66,0x80,0x76,	/* p */
-	  0xBE,0xAD,0x20,0x8B,
-	  0x61,0x27,0xC2,0x4C,0x05,0xF3,0x8A,0x0A,0xAA,0xF6,	/* a */
-	  0x5C,0x0E,0xF0,0x2C,
-	  0x51,0xDE,0xF1,0x81,0x5D,0xB5,0xED,0x74,0xFC,0xC3,	/* b */
-	  0x4C,0x85,0xD7,0x09,
-	  0x4B,0xA3,0x0A,0xB5,0xE8,0x92,0xB4,0xE1,0x64,0x9D,	/* x */
-	  0xD0,0x92,0x86,0x43,
-	  0xad,0xcd,0x46,0xf5,0x88,0x2e,0x37,0x47,0xde,0xf3,	/* y */
-	  0x6e,0x95,0x6e,0x97,
-	  0x36,0xDF,0x0A,0xAF,0xD8,0xB8,0xD7,0x59,0x7C,0xA1,	/* order */
-	  0x05,0x20,0xD0,0x4B }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+16*6]; }
-	_EC_SECG_PRIME_128R1 = {
-	{ NID_X9_62_prime_field,20,16,1 },
-	{ 0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,	/* seed */
-	  0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79,
-
-	  0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,
-	  0xE8,0x75,0x79,0xC1,0x10,0x79,0xF4,0x3D,0xD8,0x24,	/* b */
-	  0x99,0x3C,0x2C,0xEE,0x5E,0xD3,
-	  0x16,0x1F,0xF7,0x52,0x8B,0x89,0x9B,0x2D,0x0C,0x28,	/* x */
-	  0x60,0x7C,0xA5,0x2C,0x5B,0x86,
-	  0xcf,0x5a,0xc8,0x39,0x5b,0xaf,0xeb,0x13,0xc0,0x2d,	/* y */
-	  0xa2,0x92,0xdd,0xed,0x7a,0x83,
-	  0xFF,0xFF,0xFF,0xFE,0x00,0x00,0x00,0x00,0x75,0xA3,	/* order */
-	  0x0D,0x1B,0x90,0x38,0xA1,0x15 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+16*6]; }
-	_EC_SECG_PRIME_128R2 = {
-	{ NID_X9_62_prime_field,20,16,4 },
-	{ 0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,	/* seed */
-	  0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4,
-
-	  0xFF,0xFF,0xFF,0xFD,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xD6,0x03,0x19,0x98,0xD1,0xB3,0xBB,0xFE,0xBF,0x59,	/* a */
-	  0xCC,0x9B,0xBF,0xF9,0xAE,0xE1,
-	  0x5E,0xEE,0xFC,0xA3,0x80,0xD0,0x29,0x19,0xDC,0x2C,	/* b */
-	  0x65,0x58,0xBB,0x6D,0x8A,0x5D,
-	  0x7B,0x6A,0xA5,0xD8,0x5E,0x57,0x29,0x83,0xE6,0xFB,	/* x */
-	  0x32,0xA7,0xCD,0xEB,0xC1,0x40,
-	  0x27,0xb6,0x91,0x6a,0x89,0x4d,0x3a,0xee,0x71,0x06,	/* y */
-	  0xfe,0x80,0x5f,0xc3,0x4b,0x44,
-	  0x3F,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF,0xFF,0xBE,0x00,	/* order */
-	  0x24,0x72,0x06,0x13,0xB5,0xA3 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
-	_EC_SECG_PRIME_160K1 = {
-	{ NID_X9_62_prime_field,0,21,1 },
-	{							/* no seed */
-	  0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC,
-	  0x73,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x07,
-	  0x00,0x3B,0x4C,0x38,0x2C,0xE3,0x7A,0xA1,0x92,0xA4,	/* x */
-	  0x01,0x9E,0x76,0x30,0x36,0xF4,0xF5,0xDD,0x4D,0x7E,
-	  0xBB,
-	  0x00,0x93,0x8c,0xf9,0x35,0x31,0x8f,0xdc,0xed,0x6b,	/* y */
-	  0xc2,0x82,0x86,0x53,0x17,0x33,0xc3,0xf0,0x3c,0x4f,
-	  0xee,
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x01,0xB8,0xFA,0x16,0xDF,0xAB,0x9A,0xCA,0x16,0xB6,
-	  0xB3 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
-	_EC_SECG_PRIME_160R1 = {
-	{ NID_X9_62_prime_field,20,21,1 },
-	{ 0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76,	/* seed */
-	  0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45,
-
-	  0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF,
-	  0xFF,
-	  0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x7F,0xFF,0xFF,
-	  0xFC,
-	  0x00,0x1C,0x97,0xBE,0xFC,0x54,0xBD,0x7A,0x8B,0x65,	/* b */
-	  0xAC,0xF8,0x9F,0x81,0xD4,0xD4,0xAD,0xC5,0x65,0xFA,
-	  0x45,
-	  0x00,0x4A,0x96,0xB5,0x68,0x8E,0xF5,0x73,0x28,0x46,	/* x */
-	  0x64,0x69,0x89,0x68,0xC3,0x8B,0xB9,0x13,0xCB,0xFC,
-	  0x82,
-	  0x00,0x23,0xa6,0x28,0x55,0x31,0x68,0x94,0x7d,0x59,	/* y */
-	  0xdc,0xc9,0x12,0x04,0x23,0x51,0x37,0x7a,0xc5,0xfb,
-	  0x32,
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x01,0xF4,0xC8,0xF9,0x27,0xAE,0xD3,0xCA,0x75,0x22,
-	  0x57 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
-	_EC_SECG_PRIME_160R2 = {
-	{ NID_X9_62_prime_field,20,21,1 },
-	{ 0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09,	/* seed */
-	  0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51,
-
-	  0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC,
-	  0x73,
-	  0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xAC,
-	  0x70,
-	  0x00,0xB4,0xE1,0x34,0xD3,0xFB,0x59,0xEB,0x8B,0xAB,	/* b */
-	  0x57,0x27,0x49,0x04,0x66,0x4D,0x5A,0xF5,0x03,0x88,
-	  0xBA,
-	  0x00,0x52,0xDC,0xB0,0x34,0x29,0x3A,0x11,0x7E,0x1F,	/* x */
-	  0x4F,0xF1,0x1B,0x30,0xF7,0x19,0x9D,0x31,0x44,0xCE,
-	  0x6D,
-	  0x00,0xfe,0xaf,0xfe,0xf2,0xe3,0x31,0xf2,0x96,0xe0,	/* y */
-	  0x71,0xfa,0x0d,0xf9,0x98,0x2c,0xfe,0xa7,0xd4,0x3f,
-	  0x2e,
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x00,0x35,0x1E,0xE7,0x86,0xA8,0x18,0xF3,0xA1,0xA1,
-	  0x6B }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; }
-	_EC_SECG_PRIME_192K1 = {
-	{ NID_X9_62_prime_field,0,24,1 },
-	{							/* no seed */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
-	  0xFF,0xFF,0xEE,0x37,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x03,
-	  0xDB,0x4F,0xF1,0x0E,0xC0,0x57,0xE9,0xAE,0x26,0xB0,	/* x */
-	  0x7D,0x02,0x80,0xB7,0xF4,0x34,0x1D,0xA5,0xD1,0xB1,
-	  0xEA,0xE0,0x6C,0x7D,
-	  0x9b,0x2f,0x2f,0x6d,0x9c,0x56,0x28,0xa7,0x84,0x41,	/* y */
-	  0x63,0xd0,0x15,0xbe,0x86,0x34,0x40,0x82,0xaa,0x88,
-	  0xd9,0x5e,0x2f,0x9d,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFE,0x26,0xF2,0xFC,0x17,0x0F,0x69,0x46,0x6A,
-	  0x74,0xDE,0xFD,0x8D }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+29*6]; }
-	_EC_SECG_PRIME_224K1 = {
-	{ NID_X9_62_prime_field,0,29,1 },
-	{							/* no seed */
-	  0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xE5,0x6D,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x05,
-	  0x00,0xA1,0x45,0x5B,0x33,0x4D,0xF0,0x99,0xDF,0x30,	/* x */
-	  0xFC,0x28,0xA1,0x69,0xA4,0x67,0xE9,0xE4,0x70,0x75,
-	  0xA9,0x0F,0x7E,0x65,0x0E,0xB6,0xB7,0xA4,0x5C,
-	  0x00,0x7e,0x08,0x9f,0xed,0x7f,0xba,0x34,0x42,0x82,	/* y */
-	  0xca,0xfb,0xd6,0xf7,0xe3,0x19,0xf7,0xc0,0xb0,0xbd,
-	  0x59,0xe2,0xca,0x4b,0xdb,0x55,0x6d,0x61,0xa5,
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x00,0x00,0x00,0x00,0x01,0xDC,0xE8,0xD2,0xEC,0x61,
-	  0x84,0xCA,0xF0,0xA9,0x71,0x76,0x9F,0xB1,0xF7 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+32*6]; }
-	_EC_SECG_PRIME_256K1 = {
-	{ NID_X9_62_prime_field,0,32,1 },
-	{							/* no seed */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,
-	  0xFC,0x2F,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x07,
-	  0x79,0xBE,0x66,0x7E,0xF9,0xDC,0xBB,0xAC,0x55,0xA0,	/* x */
-	  0x62,0x95,0xCE,0x87,0x0B,0x07,0x02,0x9B,0xFC,0xDB,
-	  0x2D,0xCE,0x28,0xD9,0x59,0xF2,0x81,0x5B,0x16,0xF8,
-	  0x17,0x98,
-	  0x48,0x3a,0xda,0x77,0x26,0xa3,0xc4,0x65,0x5d,0xa4,	/* y */
-	  0xfb,0xfc,0x0e,0x11,0x08,0xa8,0xfd,0x17,0xb4,0x48,
-	  0xa6,0x85,0x54,0x19,0x9c,0x47,0xd0,0x8f,0xfb,0x10,
-	  0xd4,0xb8,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xBA,0xAE,0xDC,0xE6,
-	  0xAF,0x48,0xA0,0x3B,0xBF,0xD2,0x5E,0x8C,0xD0,0x36,
-	  0x41,0x41 }
-	};
-
-/* some wap/wtls curves */
-static const struct { EC_CURVE_DATA h; unsigned char data[0+15*6]; }
-	_EC_WTLS_8 = {
-	{ NID_X9_62_prime_field,0,15,1 },
-	{							/* no seed */
-	  0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFD,0xE7,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x03,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* x */
-	  0x00,0x00,0x00,0x00,0x01,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* y */
-	  0x00,0x00,0x00,0x00,0x02,
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xEC,0xEA,	/* order */
-	  0x55,0x1A,0xD8,0x37,0xE9 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
-	_EC_WTLS_9 = {
-	{ NID_X9_62_prime_field,0,21,1 },
-	{							/* no seed */
-	  0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC,0x80,
-	  0x8F,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x03,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* x */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x01,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* y */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x02,
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x01,0xCD,0xC9,0x8A,0xE0,0xE2,0xDE,0x57,0x4A,0xBF,
-	  0x33 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+28*6]; }
-	_EC_WTLS_12 = {
-	{ NID_X9_62_prime_field,0,28,1 },
-	{							/* no seed */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* p */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* a */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
-	  0xB4,0x05,0x0A,0x85,0x0C,0x04,0xB3,0xAB,0xF5,0x41,	/* b */
-	  0x32,0x56,0x50,0x44,0xB0,0xB7,0xD7,0xBF,0xD8,0xBA,
-	  0x27,0x0B,0x39,0x43,0x23,0x55,0xFF,0xB4,
-	  0xB7,0x0E,0x0C,0xBD,0x6B,0xB4,0xBF,0x7F,0x32,0x13,	/* x */
-	  0x90,0xB9,0x4A,0x03,0xC1,0xD3,0x56,0xC2,0x11,0x22,
-	  0x34,0x32,0x80,0xD6,0x11,0x5C,0x1D,0x21,
-	  0xbd,0x37,0x63,0x88,0xb5,0xf7,0x23,0xfb,0x4c,0x22,	/* y */
-	  0xdf,0xe6,0xcd,0x43,0x75,0xa0,0x5a,0x07,0x47,0x64,
-	  0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0xFF,0xFF,0x16,0xA2,0xE0,0xB8,0xF0,0x3E,
-	  0x13,0xDD,0x29,0x45,0x5C,0x5C,0x2A,0x3D }
-	};
-
-#ifndef OPENSSL_NO_EC2M
-
-/* characteristic two curves */
-static const struct { EC_CURVE_DATA h; unsigned char data[20+15*6]; }
-	_EC_SECG_CHAR2_113R1 = {
-	{ NID_X9_62_characteristic_two_field,20,15,2 },
-	{ 0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87,	/* seed */
-	  0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9,
-
-	  0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x02,0x01,
-	  0x00,0x30,0x88,0x25,0x0C,0xA6,0xE7,0xC7,0xFE,0x64,	/* a */
-	  0x9C,0xE8,0x58,0x20,0xF7,
-	  0x00,0xE8,0xBE,0xE4,0xD3,0xE2,0x26,0x07,0x44,0x18,	/* b */
-	  0x8B,0xE0,0xE9,0xC7,0x23,
-	  0x00,0x9D,0x73,0x61,0x6F,0x35,0xF4,0xAB,0x14,0x07,	/* x */
-	  0xD7,0x35,0x62,0xC1,0x0F,
-	  0x00,0xA5,0x28,0x30,0x27,0x79,0x58,0xEE,0x84,0xD1,	/* y */
-	  0x31,0x5E,0xD3,0x18,0x86,
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xD9,0xCC,	/* order */
-	  0xEC,0x8A,0x39,0xE5,0x6F }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+15*6]; }
-	_EC_SECG_CHAR2_113R2 = {
-	{ NID_X9_62_characteristic_two_field,20,15,2 },
-	{ 0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,	/* seed */
-	  0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D,
-
-	  0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x02,0x01,
-	  0x00,0x68,0x99,0x18,0xDB,0xEC,0x7E,0x5A,0x0D,0xD6,	/* a */
-	  0xDF,0xC0,0xAA,0x55,0xC7,
-	  0x00,0x95,0xE9,0xA9,0xEC,0x9B,0x29,0x7B,0xD4,0xBF,	/* b */
-	  0x36,0xE0,0x59,0x18,0x4F,
-	  0x01,0xA5,0x7A,0x6A,0x7B,0x26,0xCA,0x5E,0xF5,0x2F,	/* x */
-	  0xCD,0xB8,0x16,0x47,0x97,
-	  0x00,0xB3,0xAD,0xC9,0x4E,0xD1,0xFE,0x67,0x4C,0x06,	/* y */
-	  0xE6,0x95,0xBA,0xBA,0x1D,
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x08,0x78,	/* order */
-	  0x9B,0x24,0x96,0xAF,0x93 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+17*6]; }
-	_EC_SECG_CHAR2_131R1 = {
-	{ NID_X9_62_characteristic_two_field,20,17,2 },
-	{ 0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98,	/* seed */
-	  0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2,
-
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x01,0x0D,
-	  0x07,0xA1,0x1B,0x09,0xA7,0x6B,0x56,0x21,0x44,0x41,	/* a */
-	  0x8F,0xF3,0xFF,0x8C,0x25,0x70,0xB8,
-	  0x02,0x17,0xC0,0x56,0x10,0x88,0x4B,0x63,0xB9,0xC6,	/* b */
-	  0xC7,0x29,0x16,0x78,0xF9,0xD3,0x41,
-	  0x00,0x81,0xBA,0xF9,0x1F,0xDF,0x98,0x33,0xC4,0x0F,	/* x */
-	  0x9C,0x18,0x13,0x43,0x63,0x83,0x99,
-	  0x07,0x8C,0x6E,0x7E,0xA3,0x8C,0x00,0x1F,0x73,0xC8,	/* y */
-	  0x13,0x4B,0x1B,0x4E,0xF9,0xE1,0x50,
-	  0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x31,	/* order */
-	  0x23,0x95,0x3A,0x94,0x64,0xB5,0x4D }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+17*6]; }
-	_EC_SECG_CHAR2_131R2 = {
-	{ NID_X9_62_characteristic_two_field,20,17,2 },
-	{ 0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76,	/* seed */
-	  0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3,
-
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x01,0x0D,
-	  0x03,0xE5,0xA8,0x89,0x19,0xD7,0xCA,0xFC,0xBF,0x41,	/* a */
-	  0x5F,0x07,0xC2,0x17,0x65,0x73,0xB2,
-	  0x04,0xB8,0x26,0x6A,0x46,0xC5,0x56,0x57,0xAC,0x73,	/* b */
-	  0x4C,0xE3,0x8F,0x01,0x8F,0x21,0x92,
-	  0x03,0x56,0xDC,0xD8,0xF2,0xF9,0x50,0x31,0xAD,0x65,	/* x */
-	  0x2D,0x23,0x95,0x1B,0xB3,0x66,0xA8,
-	  0x06,0x48,0xF0,0x6D,0x86,0x79,0x40,0xA5,0x36,0x6D,	/* y */
-	  0x9E,0x26,0x5D,0xE9,0xEB,0x24,0x0F,
-	  0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x69,	/* order */
-	  0x54,0xA2,0x33,0x04,0x9B,0xA9,0x8F }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
-	_EC_NIST_CHAR2_163K = {
-	{ NID_X9_62_characteristic_two_field,0,21,2 },
-	{							/* no seed */
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0xC9,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x01,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x01,
-	  0x02,0xFE,0x13,0xC0,0x53,0x7B,0xBC,0x11,0xAC,0xAA,	/* x */
-	  0x07,0xD7,0x93,0xDE,0x4E,0x6D,0x5E,0x5C,0x94,0xEE,
-	  0xE8,
-	  0x02,0x89,0x07,0x0F,0xB0,0x5D,0x38,0xFF,0x58,0x32,	/* y */
-	  0x1F,0x2E,0x80,0x05,0x36,0xD5,0x38,0xCC,0xDA,0xA3,
-	  0xD9,
-	  0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x02,0x01,0x08,0xA2,0xE0,0xCC,0x0D,0x99,0xF8,0xA5,
-	  0xEF }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
-	_EC_SECG_CHAR2_163R1 = {
-	{ NID_X9_62_characteristic_two_field,0,21,2 },
-	{							/* no seed */
-#if 0
-/* The algorithm used to derive the curve parameters from
- * the seed used here is slightly different than the
- * algorithm described in X9.62 . */
-	  0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67,
-	  0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C,
-#endif
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0xC9,
-	  0x07,0xB6,0x88,0x2C,0xAA,0xEF,0xA8,0x4F,0x95,0x54,	/* a */
-	  0xFF,0x84,0x28,0xBD,0x88,0xE2,0x46,0xD2,0x78,0x2A,
-	  0xE2,
-	  0x07,0x13,0x61,0x2D,0xCD,0xDC,0xB4,0x0A,0xAB,0x94,	/* b */
-	  0x6B,0xDA,0x29,0xCA,0x91,0xF7,0x3A,0xF9,0x58,0xAF,
-	  0xD9,
-	  0x03,0x69,0x97,0x96,0x97,0xAB,0x43,0x89,0x77,0x89,	/* x */
-	  0x56,0x67,0x89,0x56,0x7F,0x78,0x7A,0x78,0x76,0xA6,
-	  0x54,
-	  0x00,0x43,0x5E,0xDB,0x42,0xEF,0xAF,0xB2,0x98,0x9D,	/* y */
-	  0x51,0xFE,0xFC,0xE3,0xC8,0x09,0x88,0xF4,0x1F,0xF8,
-	  0x83,
-	  0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0x48,0xAA,0xB6,0x89,0xC2,0x9C,0xA7,0x10,0x27,
-	  0x9B }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+21*6]; }
-	_EC_NIST_CHAR2_163B = {
-	{ NID_X9_62_characteristic_two_field,0,21,2 },
-	{							/* no seed */
-#if 0
-/* The seed here was used to created the curve parameters in normal
- * basis representation (and not the polynomial representation used here) */
-	  0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12,
-	  0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68,
-#endif
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0xC9,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x01,
-	  0x02,0x0A,0x60,0x19,0x07,0xB8,0xC9,0x53,0xCA,0x14,	/* b */
-	  0x81,0xEB,0x10,0x51,0x2F,0x78,0x74,0x4A,0x32,0x05,
-	  0xFD,
-	  0x03,0xF0,0xEB,0xA1,0x62,0x86,0xA2,0xD5,0x7E,0xA0,	/* x */
-	  0x99,0x11,0x68,0xD4,0x99,0x46,0x37,0xE8,0x34,0x3E,
-	  0x36,
-	  0x00,0xD5,0x1F,0xBC,0x6C,0x71,0xA0,0x09,0x4F,0xA2,	/* y */
-	  0xCD,0xD5,0x45,0xB1,0x1C,0x5C,0x0C,0x79,0x73,0x24,
-	  0xF1,
-	  0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x02,0x92,0xFE,0x77,0xE7,0x0C,0x12,0xA4,0x23,0x4C,
-	  0x33 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+25*6]; }
-	_EC_SECG_CHAR2_193R1 = {
-	{ NID_X9_62_characteristic_two_field,20,25,2 },
-	{ 0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75,	/* seed */
-	  0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30,
-
-	  0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x80,0x01,
-	  0x00,0x17,0x85,0x8F,0xEB,0x7A,0x98,0x97,0x51,0x69,	/* a */
-	  0xE1,0x71,0xF7,0x7B,0x40,0x87,0xDE,0x09,0x8A,0xC8,
-	  0xA9,0x11,0xDF,0x7B,0x01,
-	  0x00,0xFD,0xFB,0x49,0xBF,0xE6,0xC3,0xA8,0x9F,0xAC,	/* b */
-	  0xAD,0xAA,0x7A,0x1E,0x5B,0xBC,0x7C,0xC1,0xC2,0xE5,
-	  0xD8,0x31,0x47,0x88,0x14,
-	  0x01,0xF4,0x81,0xBC,0x5F,0x0F,0xF8,0x4A,0x74,0xAD,	/* x */
-	  0x6C,0xDF,0x6F,0xDE,0xF4,0xBF,0x61,0x79,0x62,0x53,
-	  0x72,0xD8,0xC0,0xC5,0xE1,
-	  0x00,0x25,0xE3,0x99,0xF2,0x90,0x37,0x12,0xCC,0xF3,	/* y */
-	  0xEA,0x9E,0x3A,0x1A,0xD1,0x7F,0xB0,0xB3,0x20,0x1B,
-	  0x6A,0xF7,0xCE,0x1B,0x05,
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x00,0x00,0x00,0xC7,0xF3,0x4A,0x77,0x8F,0x44,0x3A,
-	  0xCC,0x92,0x0E,0xBA,0x49 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+25*6]; }
-	_EC_SECG_CHAR2_193R2 = {
-	{ NID_X9_62_characteristic_two_field,20,25,2 },
-	{ 0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,	/* seed */
-	  0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11,
-
-	  0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x80,0x01,
-	  0x01,0x63,0xF3,0x5A,0x51,0x37,0xC2,0xCE,0x3E,0xA6,	/* a */
-	  0xED,0x86,0x67,0x19,0x0B,0x0B,0xC4,0x3E,0xCD,0x69,
-	  0x97,0x77,0x02,0x70,0x9B,
-	  0x00,0xC9,0xBB,0x9E,0x89,0x27,0xD4,0xD6,0x4C,0x37,	/* b */
-	  0x7E,0x2A,0xB2,0x85,0x6A,0x5B,0x16,0xE3,0xEF,0xB7,
-	  0xF6,0x1D,0x43,0x16,0xAE,
-	  0x00,0xD9,0xB6,0x7D,0x19,0x2E,0x03,0x67,0xC8,0x03,	/* x */
-	  0xF3,0x9E,0x1A,0x7E,0x82,0xCA,0x14,0xA6,0x51,0x35,
-	  0x0A,0xAE,0x61,0x7E,0x8F,
-	  0x01,0xCE,0x94,0x33,0x56,0x07,0xC3,0x04,0xAC,0x29,	/* y */
-	  0xE7,0xDE,0xFB,0xD9,0xCA,0x01,0xF5,0x96,0xF9,0x27,
-	  0x22,0x4C,0xDE,0xCF,0x6C,
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x00,0x00,0x01,0x5A,0xAB,0x56,0x1B,0x00,0x54,0x13,
-	  0xCC,0xD4,0xEE,0x99,0xD5 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+30*6]; }
-	_EC_NIST_CHAR2_233K = {
-	{ NID_X9_62_characteristic_two_field,0,30,4 },
-	{							/* no seed */
-	  0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-
-	  0x01,0x72,0x32,0xBA,0x85,0x3A,0x7E,0x73,0x1A,0xF1,	/* x */
-	  0x29,0xF2,0x2F,0xF4,0x14,0x95,0x63,0xA4,0x19,0xC2,
-	  0x6B,0xF5,0x0A,0x4C,0x9D,0x6E,0xEF,0xAD,0x61,0x26,
-
-	  0x01,0xDB,0x53,0x7D,0xEC,0xE8,0x19,0xB7,0xF7,0x0F,	/* y */
-	  0x55,0x5A,0x67,0xC4,0x27,0xA8,0xCD,0x9B,0xF1,0x8A,
-	  0xEB,0x9B,0x56,0xE0,0xC1,0x10,0x56,0xFA,0xE6,0xA3,
-
-	  0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x00,0x00,0x00,0x00,0x00,0x06,0x9D,0x5B,0xB9,0x15,
-	  0xBC,0xD4,0x6E,0xFB,0x1A,0xD5,0xF1,0x73,0xAB,0xDF }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-	_EC_NIST_CHAR2_233B = {
-	{ NID_X9_62_characteristic_two_field,20,30,2 },
-	{ 0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1,	/* seed */
-	  0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3,
-
-	  0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-
-	  0x00,0x66,0x64,0x7E,0xDE,0x6C,0x33,0x2C,0x7F,0x8C,	/* b */
-	  0x09,0x23,0xBB,0x58,0x21,0x3B,0x33,0x3B,0x20,0xE9,
-	  0xCE,0x42,0x81,0xFE,0x11,0x5F,0x7D,0x8F,0x90,0xAD,
-
-	  0x00,0xFA,0xC9,0xDF,0xCB,0xAC,0x83,0x13,0xBB,0x21,	/* x */
-	  0x39,0xF1,0xBB,0x75,0x5F,0xEF,0x65,0xBC,0x39,0x1F,
-	  0x8B,0x36,0xF8,0xF8,0xEB,0x73,0x71,0xFD,0x55,0x8B,
-
-	  0x01,0x00,0x6A,0x08,0xA4,0x19,0x03,0x35,0x06,0x78,	/* y */
-	  0xE5,0x85,0x28,0xBE,0xBF,0x8A,0x0B,0xEF,0xF8,0x67,
-	  0xA7,0xCA,0x36,0x71,0x6F,0x7E,0x01,0xF8,0x10,0x52,
-
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x00,0x00,0x00,0x00,0x00,0x13,0xE9,0x74,0xE7,0x2F,
-	  0x8A,0x69,0x22,0x03,0x1D,0x26,0x03,0xCF,0xE0,0xD7 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+30*6]; }
-	_EC_SECG_CHAR2_239K1 = {
-	{ NID_X9_62_characteristic_two_field,0,30,4 },
-	{							/* no seed */
-	  0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-
-	  0x29,0xA0,0xB6,0xA8,0x87,0xA9,0x83,0xE9,0x73,0x09,	/* x */
-	  0x88,0xA6,0x87,0x27,0xA8,0xB2,0xD1,0x26,0xC4,0x4C,
-	  0xC2,0xCC,0x7B,0x2A,0x65,0x55,0x19,0x30,0x35,0xDC,
-
-	  0x76,0x31,0x08,0x04,0xF1,0x2E,0x54,0x9B,0xDB,0x01,	/* y */
-	  0x1C,0x10,0x30,0x89,0xE7,0x35,0x10,0xAC,0xB2,0x75,
-	  0xFC,0x31,0x2A,0x5D,0xC6,0xB7,0x65,0x53,0xF0,0xCA,
-
-	  0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x00,0x00,0x00,0x00,0x00,0x5A,0x79,0xFE,0xC6,0x7C,
-	  0xB6,0xE9,0x1F,0x1C,0x1D,0xA8,0x00,0xE4,0x78,0xA5 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+36*6]; }
-	_EC_NIST_CHAR2_283K = {
-	{ NID_X9_62_characteristic_two_field,0,36,4 },
-	{							/* no seed */
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x10,0xA1,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x01,
-	  0x05,0x03,0x21,0x3F,0x78,0xCA,0x44,0x88,0x3F,0x1A,	/* x */
-	  0x3B,0x81,0x62,0xF1,0x88,0xE5,0x53,0xCD,0x26,0x5F,
-	  0x23,0xC1,0x56,0x7A,0x16,0x87,0x69,0x13,0xB0,0xC2,
-	  0xAC,0x24,0x58,0x49,0x28,0x36,
-	  0x01,0xCC,0xDA,0x38,0x0F,0x1C,0x9E,0x31,0x8D,0x90,	/* y */
-	  0xF9,0x5D,0x07,0xE5,0x42,0x6F,0xE8,0x7E,0x45,0xC0,
-	  0xE8,0x18,0x46,0x98,0xE4,0x59,0x62,0x36,0x4E,0x34,
-	  0x11,0x61,0x77,0xDD,0x22,0x59,
-	  0x01,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xE9,0xAE,
-	  0x2E,0xD0,0x75,0x77,0x26,0x5D,0xFF,0x7F,0x94,0x45,
-	  0x1E,0x06,0x1E,0x16,0x3C,0x61 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+36*6]; }
-	_EC_NIST_CHAR2_283B = {
-	{ NID_X9_62_characteristic_two_field,20,36,2 },
-	{ 0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D,	/* no seed */
-	  0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE,
-
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x10,0xA1,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x01,
-	  0x02,0x7B,0x68,0x0A,0xC8,0xB8,0x59,0x6D,0xA5,0xA4,	/* b */
-	  0xAF,0x8A,0x19,0xA0,0x30,0x3F,0xCA,0x97,0xFD,0x76,
-	  0x45,0x30,0x9F,0xA2,0xA5,0x81,0x48,0x5A,0xF6,0x26,
-	  0x3E,0x31,0x3B,0x79,0xA2,0xF5,
-	  0x05,0xF9,0x39,0x25,0x8D,0xB7,0xDD,0x90,0xE1,0x93,	/* x */
-	  0x4F,0x8C,0x70,0xB0,0xDF,0xEC,0x2E,0xED,0x25,0xB8,
-	  0x55,0x7E,0xAC,0x9C,0x80,0xE2,0xE1,0x98,0xF8,0xCD,
-	  0xBE,0xCD,0x86,0xB1,0x20,0x53,
-	  0x03,0x67,0x68,0x54,0xFE,0x24,0x14,0x1C,0xB9,0x8F,	/* y */
-	  0xE6,0xD4,0xB2,0x0D,0x02,0xB4,0x51,0x6F,0xF7,0x02,
-	  0x35,0x0E,0xDD,0xB0,0x82,0x67,0x79,0xC8,0x13,0xF0,
-	  0xDF,0x45,0xBE,0x81,0x12,0xF4,
-	  0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xEF,0x90,
-	  0x39,0x96,0x60,0xFC,0x93,0x8A,0x90,0x16,0x5B,0x04,
-	  0x2A,0x7C,0xEF,0xAD,0xB3,0x07 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+52*6]; }
-	_EC_NIST_CHAR2_409K = {
-	{ NID_X9_62_characteristic_two_field,0,52,4 },
-	{							/* no seed */
-	  0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x01,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x01,
-	  0x00,0x60,0xF0,0x5F,0x65,0x8F,0x49,0xC1,0xAD,0x3A,	/* x */
-	  0xB1,0x89,0x0F,0x71,0x84,0x21,0x0E,0xFD,0x09,0x87,
-	  0xE3,0x07,0xC8,0x4C,0x27,0xAC,0xCF,0xB8,0xF9,0xF6,
-	  0x7C,0xC2,0xC4,0x60,0x18,0x9E,0xB5,0xAA,0xAA,0x62,
-	  0xEE,0x22,0x2E,0xB1,0xB3,0x55,0x40,0xCF,0xE9,0x02,
-	  0x37,0x46,
-	  0x01,0xE3,0x69,0x05,0x0B,0x7C,0x4E,0x42,0xAC,0xBA,	/* y */
-	  0x1D,0xAC,0xBF,0x04,0x29,0x9C,0x34,0x60,0x78,0x2F,
-	  0x91,0x8E,0xA4,0x27,0xE6,0x32,0x51,0x65,0xE9,0xEA,
-	  0x10,0xE3,0xDA,0x5F,0x6C,0x42,0xE9,0xC5,0x52,0x15,
-	  0xAA,0x9C,0xA2,0x7A,0x58,0x63,0xEC,0x48,0xD8,0xE0,
-	  0x28,0x6B,
-	  0x00,0x7F,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0x5F,0x83,0xB2,
-	  0xD4,0xEA,0x20,0x40,0x0E,0xC4,0x55,0x7D,0x5E,0xD3,
-	  0xE3,0xE7,0xCA,0x5B,0x4B,0x5C,0x83,0xB8,0xE0,0x1E,
-	  0x5F,0xCF }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+52*6]; }
-	_EC_NIST_CHAR2_409B = {
-	{ NID_X9_62_characteristic_two_field,20,52,2 },
-	{ 0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21,	/* seed */
-	  0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B,
-
-	  0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x01,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x01,
-	  0x00,0x21,0xA5,0xC2,0xC8,0xEE,0x9F,0xEB,0x5C,0x4B,	/* b */
-	  0x9A,0x75,0x3B,0x7B,0x47,0x6B,0x7F,0xD6,0x42,0x2E,
-	  0xF1,0xF3,0xDD,0x67,0x47,0x61,0xFA,0x99,0xD6,0xAC,
-	  0x27,0xC8,0xA9,0xA1,0x97,0xB2,0x72,0x82,0x2F,0x6C,
-	  0xD5,0x7A,0x55,0xAA,0x4F,0x50,0xAE,0x31,0x7B,0x13,
-	  0x54,0x5F,
-	  0x01,0x5D,0x48,0x60,0xD0,0x88,0xDD,0xB3,0x49,0x6B,	/* x */
-	  0x0C,0x60,0x64,0x75,0x62,0x60,0x44,0x1C,0xDE,0x4A,
-	  0xF1,0x77,0x1D,0x4D,0xB0,0x1F,0xFE,0x5B,0x34,0xE5,
-	  0x97,0x03,0xDC,0x25,0x5A,0x86,0x8A,0x11,0x80,0x51,
-	  0x56,0x03,0xAE,0xAB,0x60,0x79,0x4E,0x54,0xBB,0x79,
-	  0x96,0xA7,
-	  0x00,0x61,0xB1,0xCF,0xAB,0x6B,0xE5,0xF3,0x2B,0xBF,	/* y */
-	  0xA7,0x83,0x24,0xED,0x10,0x6A,0x76,0x36,0xB9,0xC5,
-	  0xA7,0xBD,0x19,0x8D,0x01,0x58,0xAA,0x4F,0x54,0x88,
-	  0xD0,0x8F,0x38,0x51,0x4F,0x1F,0xDF,0x4B,0x4F,0x40,
-	  0xD2,0x18,0x1B,0x36,0x81,0xC3,0x64,0xBA,0x02,0x73,
-	  0xC7,0x06,
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xE2,0xAA,0xD6,
-	  0xA6,0x12,0xF3,0x33,0x07,0xBE,0x5F,0xA4,0x7C,0x3C,
-	  0x9E,0x05,0x2F,0x83,0x81,0x64,0xCD,0x37,0xD9,0xA2,
-	  0x11,0x73 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+72*6]; }
-	_EC_NIST_CHAR2_571K = {
-	{ NID_X9_62_characteristic_two_field,0,72,4 },
-	{							/* no seed */
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x04,0x25,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x01,
-	  0x02,0x6E,0xB7,0xA8,0x59,0x92,0x3F,0xBC,0x82,0x18,	/* x */
-	  0x96,0x31,0xF8,0x10,0x3F,0xE4,0xAC,0x9C,0xA2,0x97,
-	  0x00,0x12,0xD5,0xD4,0x60,0x24,0x80,0x48,0x01,0x84,
-	  0x1C,0xA4,0x43,0x70,0x95,0x84,0x93,0xB2,0x05,0xE6,
-	  0x47,0xDA,0x30,0x4D,0xB4,0xCE,0xB0,0x8C,0xBB,0xD1,
-	  0xBA,0x39,0x49,0x47,0x76,0xFB,0x98,0x8B,0x47,0x17,
-	  0x4D,0xCA,0x88,0xC7,0xE2,0x94,0x52,0x83,0xA0,0x1C,
-	  0x89,0x72,
-	  0x03,0x49,0xDC,0x80,0x7F,0x4F,0xBF,0x37,0x4F,0x4A,	/* y */
-	  0xEA,0xDE,0x3B,0xCA,0x95,0x31,0x4D,0xD5,0x8C,0xEC,
-	  0x9F,0x30,0x7A,0x54,0xFF,0xC6,0x1E,0xFC,0x00,0x6D,
-	  0x8A,0x2C,0x9D,0x49,0x79,0xC0,0xAC,0x44,0xAE,0xA7,
-	  0x4F,0xBE,0xBB,0xB9,0xF7,0x72,0xAE,0xDC,0xB6,0x20,
-	  0xB0,0x1A,0x7B,0xA7,0xAF,0x1B,0x32,0x04,0x30,0xC8,
-	  0x59,0x19,0x84,0xF6,0x01,0xCD,0x4C,0x14,0x3E,0xF1,
-	  0xC7,0xA3,
-	  0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x13,0x18,0x50,0xE1,
-	  0xF1,0x9A,0x63,0xE4,0xB3,0x91,0xA8,0xDB,0x91,0x7F,
-	  0x41,0x38,0xB6,0x30,0xD8,0x4B,0xE5,0xD6,0x39,0x38,
-	  0x1E,0x91,0xDE,0xB4,0x5C,0xFE,0x77,0x8F,0x63,0x7C,
-	  0x10,0x01 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+72*6]; }
-	_EC_NIST_CHAR2_571B = {
-	{ NID_X9_62_characteristic_two_field,20,72,2 },
-	{ 0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B,	/* seed */
-	  0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10,
-
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x04,0x25,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x01,
-	  0x02,0xF4,0x0E,0x7E,0x22,0x21,0xF2,0x95,0xDE,0x29,	/* b */
-	  0x71,0x17,0xB7,0xF3,0xD6,0x2F,0x5C,0x6A,0x97,0xFF,
-	  0xCB,0x8C,0xEF,0xF1,0xCD,0x6B,0xA8,0xCE,0x4A,0x9A,
-	  0x18,0xAD,0x84,0xFF,0xAB,0xBD,0x8E,0xFA,0x59,0x33,
-	  0x2B,0xE7,0xAD,0x67,0x56,0xA6,0x6E,0x29,0x4A,0xFD,
-	  0x18,0x5A,0x78,0xFF,0x12,0xAA,0x52,0x0E,0x4D,0xE7,
-	  0x39,0xBA,0xCA,0x0C,0x7F,0xFE,0xFF,0x7F,0x29,0x55,
-	  0x72,0x7A,
-	  0x03,0x03,0x00,0x1D,0x34,0xB8,0x56,0x29,0x6C,0x16,	/* x */
-	  0xC0,0xD4,0x0D,0x3C,0xD7,0x75,0x0A,0x93,0xD1,0xD2,
-	  0x95,0x5F,0xA8,0x0A,0xA5,0xF4,0x0F,0xC8,0xDB,0x7B,
-	  0x2A,0xBD,0xBD,0xE5,0x39,0x50,0xF4,0xC0,0xD2,0x93,
-	  0xCD,0xD7,0x11,0xA3,0x5B,0x67,0xFB,0x14,0x99,0xAE,
-	  0x60,0x03,0x86,0x14,0xF1,0x39,0x4A,0xBF,0xA3,0xB4,
-	  0xC8,0x50,0xD9,0x27,0xE1,0xE7,0x76,0x9C,0x8E,0xEC,
-	  0x2D,0x19,
-	  0x03,0x7B,0xF2,0x73,0x42,0xDA,0x63,0x9B,0x6D,0xCC,	/* y */
-	  0xFF,0xFE,0xB7,0x3D,0x69,0xD7,0x8C,0x6C,0x27,0xA6,
-	  0x00,0x9C,0xBB,0xCA,0x19,0x80,0xF8,0x53,0x39,0x21,
-	  0xE8,0xA6,0x84,0x42,0x3E,0x43,0xBA,0xB0,0x8A,0x57,
-	  0x62,0x91,0xAF,0x8F,0x46,0x1B,0xB2,0xA8,0xB3,0x53,
-	  0x1D,0x2F,0x04,0x85,0xC1,0x9B,0x16,0xE2,0xF1,0x51,
-	  0x6E,0x23,0xDD,0x3C,0x1A,0x48,0x27,0xAF,0x1B,0x8A,
-	  0xC1,0x5B,
-	  0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	  0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xE6,0x61,0xCE,0x18,
-	  0xFF,0x55,0x98,0x73,0x08,0x05,0x9B,0x18,0x68,0x23,
-	  0x85,0x1E,0xC7,0xDD,0x9C,0xA1,0x16,0x1D,0xE9,0x3D,
-	  0x51,0x74,0xD6,0x6E,0x83,0x82,0xE9,0xBB,0x2F,0xE8,
-	  0x4E,0x47 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
-	_EC_X9_62_CHAR2_163V1 = {
-	{ NID_X9_62_characteristic_two_field,20,21,2 },
-	{ 0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
-	  0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54,	/* seed */
-
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-	  0x07,
-	  0x07,0x25,0x46,0xB5,0x43,0x52,0x34,0xA4,0x22,0xE0,	/* a */
-	  0x78,0x96,0x75,0xF4,0x32,0xC8,0x94,0x35,0xDE,0x52,
-	  0x42,
-	  0x00,0xC9,0x51,0x7D,0x06,0xD5,0x24,0x0D,0x3C,0xFF,	/* b */
-	  0x38,0xC7,0x4B,0x20,0xB6,0xCD,0x4D,0x6F,0x9D,0xD4,
-	  0xD9,
-	  0x07,0xAF,0x69,0x98,0x95,0x46,0x10,0x3D,0x79,0x32,	/* x */
-	  0x9F,0xCC,0x3D,0x74,0x88,0x0F,0x33,0xBB,0xE8,0x03,
-	  0xCB,
-	  0x01,0xEC,0x23,0x21,0x1B,0x59,0x66,0xAD,0xEA,0x1D,	/* y */
-	  0x3F,0x87,0xF7,0xEA,0x58,0x48,0xAE,0xF0,0xB7,0xCA,
-	  0x9F,
-	  0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x01,0xE6,0x0F,0xC8,0x82,0x1C,0xC7,0x4D,0xAE,0xAF,
-	  0xC1 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
-	_EC_X9_62_CHAR2_163V2 = {
-	{ NID_X9_62_characteristic_two_field,20,21,2 },
-	{ 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76,	/* seed */
-	  0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD,
-
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-	  0x07,
-	  0x01,0x08,0xB3,0x9E,0x77,0xC4,0xB1,0x08,0xBE,0xD9,	/* a */
-	  0x81,0xED,0x0E,0x89,0x0E,0x11,0x7C,0x51,0x1C,0xF0,
-	  0x72,
-	  0x06,0x67,0xAC,0xEB,0x38,0xAF,0x4E,0x48,0x8C,0x40,	/* b */
-	  0x74,0x33,0xFF,0xAE,0x4F,0x1C,0x81,0x16,0x38,0xDF,
-	  0x20,
-	  0x00,0x24,0x26,0x6E,0x4E,0xB5,0x10,0x6D,0x0A,0x96,	/* x */
-	  0x4D,0x92,0xC4,0x86,0x0E,0x26,0x71,0xDB,0x9B,0x6C,
-	  0xC5,
-	  0x07,0x9F,0x68,0x4D,0xDF,0x66,0x84,0xC5,0xCD,0x25,	/* y */
-	  0x8B,0x38,0x90,0x02,0x1B,0x23,0x86,0xDF,0xD1,0x9F,
-	  0xC5,
-	  0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFD,0xF6,0x4D,0xE1,0x15,0x1A,0xDB,0xB7,0x8F,0x10,
-	  0xA7 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
-	_EC_X9_62_CHAR2_163V3 = {
-	{ NID_X9_62_characteristic_two_field,20,21,2 },
-	{ 0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67,	/* seed */
-	  0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8,
-
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-	  0x07,
-	  0x07,0xA5,0x26,0xC6,0x3D,0x3E,0x25,0xA2,0x56,0xA0,	/* a */
-	  0x07,0x69,0x9F,0x54,0x47,0xE3,0x2A,0xE4,0x56,0xB5,
-	  0x0E,
-	  0x03,0xF7,0x06,0x17,0x98,0xEB,0x99,0xE2,0x38,0xFD,	/* b */
-	  0x6F,0x1B,0xF9,0x5B,0x48,0xFE,0xEB,0x48,0x54,0x25,
-	  0x2B,
-	  0x02,0xF9,0xF8,0x7B,0x7C,0x57,0x4D,0x0B,0xDE,0xCF,	/* x */
-	  0x8A,0x22,0xE6,0x52,0x47,0x75,0xF9,0x8C,0xDE,0xBD,
-	  0xCB,
-	  0x05,0xB9,0x35,0x59,0x0C,0x15,0x5E,0x17,0xEA,0x48,	/* y */
-	  0xEB,0x3F,0xF3,0x71,0x8B,0x89,0x3D,0xF5,0x9A,0x05,
-	  0xD0,
-	  0x03,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFE,0x1A,0xEE,0x14,0x0F,0x11,0x0A,0xFF,0x96,0x13,
-	  0x09 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+23*6]; }
-	_EC_X9_62_CHAR2_176V1 = {
-	{ NID_X9_62_characteristic_two_field,0,23,0xFF6E },
-	{							/* no seed */
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,
-	  0x00,0x00,0x07,
-	  0x00,0xE4,0xE6,0xDB,0x29,0x95,0x06,0x5C,0x40,0x7D,	/* a */
-	  0x9D,0x39,0xB8,0xD0,0x96,0x7B,0x96,0x70,0x4B,0xA8,
-	  0xE9,0xC9,0x0B,
-	  0x00,0x5D,0xDA,0x47,0x0A,0xBE,0x64,0x14,0xDE,0x8E,	/* b */
-	  0xC1,0x33,0xAE,0x28,0xE9,0xBB,0xD7,0xFC,0xEC,0x0A,
-	  0xE0,0xFF,0xF2,
-	  0x00,0x8D,0x16,0xC2,0x86,0x67,0x98,0xB6,0x00,0xF9,	/* x */
-	  0xF0,0x8B,0xB4,0xA8,0xE8,0x60,0xF3,0x29,0x8C,0xE0,
-	  0x4A,0x57,0x98,
-	  0x00,0x6F,0xA4,0x53,0x9C,0x2D,0xAD,0xDD,0xD6,0xBA,	/* y */
-	  0xB5,0x16,0x7D,0x61,0xB4,0x36,0xE1,0xD9,0x2B,0xB1,
-	  0x6A,0x56,0x2C,
-	  0x00,0x00,0x01,0x00,0x92,0x53,0x73,0x97,0xEC,0xA4,	/* order */
-	  0xF6,0x14,0x57,0x99,0xD6,0x2B,0x0A,0x19,0xCE,0x06,
-	  0xFE,0x26,0xAD }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
-	_EC_X9_62_CHAR2_191V1 = {
-	{ NID_X9_62_characteristic_two_field,20,24,2 },
-	{ 0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76,	/* seed */
-	  0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84,
-
-	  0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x02,0x01,
-	  0x28,0x66,0x53,0x7B,0x67,0x67,0x52,0x63,0x6A,0x68,	/* a */
-	  0xF5,0x65,0x54,0xE1,0x26,0x40,0x27,0x6B,0x64,0x9E,
-	  0xF7,0x52,0x62,0x67,
-	  0x2E,0x45,0xEF,0x57,0x1F,0x00,0x78,0x6F,0x67,0xB0,	/* b */
-	  0x08,0x1B,0x94,0x95,0xA3,0xD9,0x54,0x62,0xF5,0xDE,
-	  0x0A,0xA1,0x85,0xEC,
-	  0x36,0xB3,0xDA,0xF8,0xA2,0x32,0x06,0xF9,0xC4,0xF2,	/* x */
-	  0x99,0xD7,0xB2,0x1A,0x9C,0x36,0x91,0x37,0xF2,0xC8,
-	  0x4A,0xE1,0xAA,0x0D,
-	  0x76,0x5B,0xE7,0x34,0x33,0xB3,0xF9,0x5E,0x33,0x29,	/* y */
-	  0x32,0xE7,0x0E,0xA2,0x45,0xCA,0x24,0x18,0xEA,0x0E,
-	  0xF9,0x80,0x18,0xFB,
-	  0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x00,0x00,0x04,0xA2,0x0E,0x90,0xC3,0x90,0x67,0xC8,
-	  0x93,0xBB,0xB9,0xA5 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
-	_EC_X9_62_CHAR2_191V2 = {
-	{ NID_X9_62_characteristic_two_field,20,24,4 },
-	{ 0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76,	/* seed */
-	  0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15,
-
-	  0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x02,0x01,
-	  0x40,0x10,0x28,0x77,0x4D,0x77,0x77,0xC7,0xB7,0x66,	/* a */
-	  0x6D,0x13,0x66,0xEA,0x43,0x20,0x71,0x27,0x4F,0x89,
-	  0xFF,0x01,0xE7,0x18,
-	  0x06,0x20,0x04,0x8D,0x28,0xBC,0xBD,0x03,0xB6,0x24,	/* b */
-	  0x9C,0x99,0x18,0x2B,0x7C,0x8C,0xD1,0x97,0x00,0xC3,
-	  0x62,0xC4,0x6A,0x01,
-	  0x38,0x09,0xB2,0xB7,0xCC,0x1B,0x28,0xCC,0x5A,0x87,	/* x */
-	  0x92,0x6A,0xAD,0x83,0xFD,0x28,0x78,0x9E,0x81,0xE2,
-	  0xC9,0xE3,0xBF,0x10,
-	  0x17,0x43,0x43,0x86,0x62,0x6D,0x14,0xF3,0xDB,0xF0,	/* y */
-	  0x17,0x60,0xD9,0x21,0x3A,0x3E,0x1C,0xF3,0x7A,0xEC,
-	  0x43,0x7D,0x66,0x8A,
-	  0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x00,0x00,0x50,0x50,0x8C,0xB8,0x9F,0x65,0x28,0x24,
-	  0xE0,0x6B,0x81,0x73 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+24*6]; }
-	_EC_X9_62_CHAR2_191V3 = {
-	{ NID_X9_62_characteristic_two_field,20,24,6 },
-	{ 0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76,	/* seed */
-	  0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F,
-
-	  0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x02,0x01,
-	  0x6C,0x01,0x07,0x47,0x56,0x09,0x91,0x22,0x22,0x10,	/* a */
-	  0x56,0x91,0x1C,0x77,0xD7,0x7E,0x77,0xA7,0x77,0xE7,
-	  0xE7,0xE7,0x7F,0xCB,
-	  0x71,0xFE,0x1A,0xF9,0x26,0xCF,0x84,0x79,0x89,0xEF,	/* b */
-	  0xEF,0x8D,0xB4,0x59,0xF6,0x63,0x94,0xD9,0x0F,0x32,
-	  0xAD,0x3F,0x15,0xE8,
-	  0x37,0x5D,0x4C,0xE2,0x4F,0xDE,0x43,0x44,0x89,0xDE,	/* x */
-	  0x87,0x46,0xE7,0x17,0x86,0x01,0x50,0x09,0xE6,0x6E,
-	  0x38,0xA9,0x26,0xDD,
-	  0x54,0x5A,0x39,0x17,0x61,0x96,0x57,0x5D,0x98,0x59,	/* y */
-	  0x99,0x36,0x6E,0x6A,0xD3,0x4C,0xE0,0xA7,0x7C,0xD7,
-	  0x12,0x7B,0x06,0xBE,
-	  0x15,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,	/* order */
-	  0x55,0x55,0x61,0x0C,0x0B,0x19,0x68,0x12,0xBF,0xB6,
-	  0x28,0x8A,0x3E,0xA3 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+27*6]; }
-	_EC_X9_62_CHAR2_208W1 = {
-	{ NID_X9_62_characteristic_two_field,0,27,0xFE48 },
-	{							/* no seed */
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x07,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0xC8,0x61,0x9E,0xD4,0x5A,0x62,0xE6,0x21,0x2E,	/* b */
-	  0x11,0x60,0x34,0x9E,0x2B,0xFA,0x84,0x44,0x39,0xFA,
-	  0xFC,0x2A,0x3F,0xD1,0x63,0x8F,0x9E,
-	  0x00,0x89,0xFD,0xFB,0xE4,0xAB,0xE1,0x93,0xDF,0x95,	/* x */
-	  0x59,0xEC,0xF0,0x7A,0xC0,0xCE,0x78,0x55,0x4E,0x27,
-	  0x84,0xEB,0x8C,0x1E,0xD1,0xA5,0x7A,
-	  0x00,0x0F,0x55,0xB5,0x1A,0x06,0xE7,0x8E,0x9A,0xC3,	/* y */
-	  0x8A,0x03,0x5F,0xF5,0x20,0xD8,0xB0,0x17,0x81,0xBE,
-	  0xB1,0xA6,0xBB,0x08,0x61,0x7D,0xE3,
-	  0x00,0x00,0x01,0x01,0xBA,0xF9,0x5C,0x97,0x23,0xC5,	/* order */
-	  0x7B,0x6C,0x21,0xDA,0x2E,0xFF,0x2D,0x5E,0xD5,0x88,
-	  0xBD,0xD5,0x71,0x7E,0x21,0x2F,0x9D }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-	_EC_X9_62_CHAR2_239V1 = {
-	{ NID_X9_62_characteristic_two_field,20,30,4 },
-	{ 0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,	/* seed */
-	  0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D,
-
-	  0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01,
-
-	  0x32,0x01,0x08,0x57,0x07,0x7C,0x54,0x31,0x12,0x3A,	/* a */
-	  0x46,0xB8,0x08,0x90,0x67,0x56,0xF5,0x43,0x42,0x3E,
-	  0x8D,0x27,0x87,0x75,0x78,0x12,0x57,0x78,0xAC,0x76,
-
-	  0x79,0x04,0x08,0xF2,0xEE,0xDA,0xF3,0x92,0xB0,0x12,	/* b */
-	  0xED,0xEF,0xB3,0x39,0x2F,0x30,0xF4,0x32,0x7C,0x0C,
-	  0xA3,0xF3,0x1F,0xC3,0x83,0xC4,0x22,0xAA,0x8C,0x16,
-
-	  0x57,0x92,0x70,0x98,0xFA,0x93,0x2E,0x7C,0x0A,0x96,	/* x */
-	  0xD3,0xFD,0x5B,0x70,0x6E,0xF7,0xE5,0xF5,0xC1,0x56,
-	  0xE1,0x6B,0x7E,0x7C,0x86,0x03,0x85,0x52,0xE9,0x1D,
-
-	  0x61,0xD8,0xEE,0x50,0x77,0xC3,0x3F,0xEC,0xF6,0xF1,	/* y */
-	  0xA1,0x6B,0x26,0x8D,0xE4,0x69,0xC3,0xC7,0x74,0x4E,
-	  0xA9,0xA9,0x71,0x64,0x9F,0xC7,0xA9,0x61,0x63,0x05,
-
-	  0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* order */
-	  0x00,0x00,0x00,0x00,0x00,0x0F,0x4D,0x42,0xFF,0xE1,
-	  0x49,0x2A,0x49,0x93,0xF1,0xCA,0xD6,0x66,0xE4,0x47 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-	_EC_X9_62_CHAR2_239V2 = {
-	{ NID_X9_62_characteristic_two_field,20,30,6 },
-	{ 0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76,	/* seed */
-	  0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D,
-
-	  0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01,
-
-	  0x42,0x30,0x01,0x77,0x57,0xA7,0x67,0xFA,0xE4,0x23,	/* a */
-	  0x98,0x56,0x9B,0x74,0x63,0x25,0xD4,0x53,0x13,0xAF,
-	  0x07,0x66,0x26,0x64,0x79,0xB7,0x56,0x54,0xE6,0x5F,
-
-	  0x50,0x37,0xEA,0x65,0x41,0x96,0xCF,0xF0,0xCD,0x82,	/* b */
-	  0xB2,0xC1,0x4A,0x2F,0xCF,0x2E,0x3F,0xF8,0x77,0x52,
-	  0x85,0xB5,0x45,0x72,0x2F,0x03,0xEA,0xCD,0xB7,0x4B,
-
-	  0x28,0xF9,0xD0,0x4E,0x90,0x00,0x69,0xC8,0xDC,0x47,	/* x */
-	  0xA0,0x85,0x34,0xFE,0x76,0xD2,0xB9,0x00,0xB7,0xD7,
-	  0xEF,0x31,0xF5,0x70,0x9F,0x20,0x0C,0x4C,0xA2,0x05,
-
-	  0x56,0x67,0x33,0x4C,0x45,0xAF,0xF3,0xB5,0xA0,0x3B,	/* y */
-	  0xAD,0x9D,0xD7,0x5E,0x2C,0x71,0xA9,0x93,0x62,0x56,
-	  0x7D,0x54,0x53,0xF7,0xFA,0x6E,0x22,0x7E,0xC8,0x33,
-
-	  0x15,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,	/* order */
-	  0x55,0x55,0x55,0x55,0x55,0x3C,0x6F,0x28,0x85,0x25,
-	  0x9C,0x31,0xE3,0xFC,0xDF,0x15,0x46,0x24,0x52,0x2D }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+30*6]; }
-	_EC_X9_62_CHAR2_239V3 = {
-	{ NID_X9_62_characteristic_two_field,20,30,0xA },
-	{ 0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,	/* seed */
-	  0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41,
-
-	  0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x01,
-
-	  0x01,0x23,0x87,0x74,0x66,0x6A,0x67,0x76,0x6D,0x66,	/* a */
-	  0x76,0xF7,0x78,0xE6,0x76,0xB6,0x69,0x99,0x17,0x66,
-	  0x66,0xE6,0x87,0x66,0x6D,0x87,0x66,0xC6,0x6A,0x9F,
-
-	  0x6A,0x94,0x19,0x77,0xBA,0x9F,0x6A,0x43,0x51,0x99,	/* b */
-	  0xAC,0xFC,0x51,0x06,0x7E,0xD5,0x87,0xF5,0x19,0xC5,
-	  0xEC,0xB5,0x41,0xB8,0xE4,0x41,0x11,0xDE,0x1D,0x40,
-
-	  0x70,0xF6,0xE9,0xD0,0x4D,0x28,0x9C,0x4E,0x89,0x91,	/* x */
-	  0x3C,0xE3,0x53,0x0B,0xFD,0xE9,0x03,0x97,0x7D,0x42,
-	  0xB1,0x46,0xD5,0x39,0xBF,0x1B,0xDE,0x4E,0x9C,0x92,
-
-	  0x2E,0x5A,0x0E,0xAF,0x6E,0x5E,0x13,0x05,0xB9,0x00,	/* y */
-	  0x4D,0xCE,0x5C,0x0E,0xD7,0xFE,0x59,0xA3,0x56,0x08,
-	  0xF3,0x38,0x37,0xC8,0x16,0xD8,0x0B,0x79,0xF4,0x61,
-
-	  0x0C,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,0xCC,	/* order */
-	  0xCC,0xCC,0xCC,0xCC,0xCC,0xAC,0x49,0x12,0xD2,0xD9,
-	  0xDF,0x90,0x3E,0xF9,0x88,0x8B,0x8A,0x0E,0x4C,0xFF }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+35*6]; }
-	_EC_X9_62_CHAR2_272W1 = {
-	{ NID_X9_62_characteristic_two_field,0,35,0xFF06 },
-	{							/* no seed */
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x0B,
-	  0x00,0x91,0xA0,0x91,0xF0,0x3B,0x5F,0xBA,0x4A,0xB2,	/* a */
-	  0xCC,0xF4,0x9C,0x4E,0xDD,0x22,0x0F,0xB0,0x28,0x71,
-	  0x2D,0x42,0xBE,0x75,0x2B,0x2C,0x40,0x09,0x4D,0xBA,
-	  0xCD,0xB5,0x86,0xFB,0x20,
-	  0x00,0x71,0x67,0xEF,0xC9,0x2B,0xB2,0xE3,0xCE,0x7C,	/* b */
-	  0x8A,0xAA,0xFF,0x34,0xE1,0x2A,0x9C,0x55,0x70,0x03,
-	  0xD7,0xC7,0x3A,0x6F,0xAF,0x00,0x3F,0x99,0xF6,0xCC,
-	  0x84,0x82,0xE5,0x40,0xF7,
-	  0x00,0x61,0x08,0xBA,0xBB,0x2C,0xEE,0xBC,0xF7,0x87,	/* x */
-	  0x05,0x8A,0x05,0x6C,0xBE,0x0C,0xFE,0x62,0x2D,0x77,
-	  0x23,0xA2,0x89,0xE0,0x8A,0x07,0xAE,0x13,0xEF,0x0D,
-	  0x10,0xD1,0x71,0xDD,0x8D,
-	  0x00,0x10,0xC7,0x69,0x57,0x16,0x85,0x1E,0xEF,0x6B,	/* y */
-	  0xA7,0xF6,0x87,0x2E,0x61,0x42,0xFB,0xD2,0x41,0xB8,
-	  0x30,0xFF,0x5E,0xFC,0xAC,0xEC,0xCA,0xB0,0x5E,0x02,
-	  0x00,0x5D,0xDE,0x9D,0x23,
-	  0x00,0x00,0x01,0x00,0xFA,0xF5,0x13,0x54,0xE0,0xE3,	/* order */
-	  0x9E,0x48,0x92,0xDF,0x6E,0x31,0x9C,0x72,0xC8,0x16,
-	  0x16,0x03,0xFA,0x45,0xAA,0x7B,0x99,0x8A,0x16,0x7B,
-	  0x8F,0x1E,0x62,0x95,0x21 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+39*6]; }
-	_EC_X9_62_CHAR2_304W1 = {
-	{ NID_X9_62_characteristic_two_field,0,39,0xFE2E },
-	{							/* no seed */
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x08,0x07,
-	  0x00,0xFD,0x0D,0x69,0x31,0x49,0xA1,0x18,0xF6,0x51,	/* a */
-	  0xE6,0xDC,0xE6,0x80,0x20,0x85,0x37,0x7E,0x5F,0x88,
-	  0x2D,0x1B,0x51,0x0B,0x44,0x16,0x00,0x74,0xC1,0x28,
-	  0x80,0x78,0x36,0x5A,0x03,0x96,0xC8,0xE6,0x81,
-	  0x00,0xBD,0xDB,0x97,0xE5,0x55,0xA5,0x0A,0x90,0x8E,	/* b */
-	  0x43,0xB0,0x1C,0x79,0x8E,0xA5,0xDA,0xA6,0x78,0x8F,
-	  0x1E,0xA2,0x79,0x4E,0xFC,0xF5,0x71,0x66,0xB8,0xC1,
-	  0x40,0x39,0x60,0x1E,0x55,0x82,0x73,0x40,0xBE,
-	  0x00,0x19,0x7B,0x07,0x84,0x5E,0x9B,0xE2,0xD9,0x6A,	/* x */
-	  0xDB,0x0F,0x5F,0x3C,0x7F,0x2C,0xFF,0xBD,0x7A,0x3E,
-	  0xB8,0xB6,0xFE,0xC3,0x5C,0x7F,0xD6,0x7F,0x26,0xDD,
-	  0xF6,0x28,0x5A,0x64,0x4F,0x74,0x0A,0x26,0x14,
-	  0x00,0xE1,0x9F,0xBE,0xB7,0x6E,0x0D,0xA1,0x71,0x51,	/* y */
-	  0x7E,0xCF,0x40,0x1B,0x50,0x28,0x9B,0xF0,0x14,0x10,
-	  0x32,0x88,0x52,0x7A,0x9B,0x41,0x6A,0x10,0x5E,0x80,
-	  0x26,0x0B,0x54,0x9F,0xDC,0x1B,0x92,0xC0,0x3B,
-	  0x00,0x00,0x01,0x01,0xD5,0x56,0x57,0x2A,0xAB,0xAC,	/* order */
-	  0x80,0x01,0x01,0xD5,0x56,0x57,0x2A,0xAB,0xAC,0x80,
-	  0x01,0x02,0x2D,0x5C,0x91,0xDD,0x17,0x3F,0x8F,0xB5,
-	  0x61,0xDA,0x68,0x99,0x16,0x44,0x43,0x05,0x1D }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[20+45*6]; }
-	_EC_X9_62_CHAR2_359V1 = {
-	{ NID_X9_62_characteristic_two_field,20,45,0x4C },
-	{ 0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76,	/* seed */
-	  0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6,
-
-	  0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x01,
-	  0x56,0x67,0x67,0x6A,0x65,0x4B,0x20,0x75,0x4F,0x35,	/* a */
-	  0x6E,0xA9,0x20,0x17,0xD9,0x46,0x56,0x7C,0x46,0x67,
-	  0x55,0x56,0xF1,0x95,0x56,0xA0,0x46,0x16,0xB5,0x67,
-	  0xD2,0x23,0xA5,0xE0,0x56,0x56,0xFB,0x54,0x90,0x16,
-	  0xA9,0x66,0x56,0xA5,0x57,
-	  0x24,0x72,0xE2,0xD0,0x19,0x7C,0x49,0x36,0x3F,0x1F,	/* b */
-	  0xE7,0xF5,0xB6,0xDB,0x07,0x5D,0x52,0xB6,0x94,0x7D,
-	  0x13,0x5D,0x8C,0xA4,0x45,0x80,0x5D,0x39,0xBC,0x34,
-	  0x56,0x26,0x08,0x96,0x87,0x74,0x2B,0x63,0x29,0xE7,
-	  0x06,0x80,0x23,0x19,0x88,
-	  0x3C,0x25,0x8E,0xF3,0x04,0x77,0x67,0xE7,0xED,0xE0,	/* x */
-	  0xF1,0xFD,0xAA,0x79,0xDA,0xEE,0x38,0x41,0x36,0x6A,
-	  0x13,0x2E,0x16,0x3A,0xCE,0xD4,0xED,0x24,0x01,0xDF,
-	  0x9C,0x6B,0xDC,0xDE,0x98,0xE8,0xE7,0x07,0xC0,0x7A,
-	  0x22,0x39,0xB1,0xB0,0x97,
-	  0x53,0xD7,0xE0,0x85,0x29,0x54,0x70,0x48,0x12,0x1E,	/* y */
-	  0x9C,0x95,0xF3,0x79,0x1D,0xD8,0x04,0x96,0x39,0x48,
-	  0xF3,0x4F,0xAE,0x7B,0xF4,0x4E,0xA8,0x23,0x65,0xDC,
-	  0x78,0x68,0xFE,0x57,0xE4,0xAE,0x2D,0xE2,0x11,0x30,
-	  0x5A,0x40,0x71,0x04,0xBD,
-	  0x01,0xAF,0x28,0x6B,0xCA,0x1A,0xF2,0x86,0xBC,0xA1,	/* order */
-	  0xAF,0x28,0x6B,0xCA,0x1A,0xF2,0x86,0xBC,0xA1,0xAF,
-	  0x28,0x6B,0xC9,0xFB,0x8F,0x6B,0x85,0xC5,0x56,0x89,
-	  0x2C,0x20,0xA7,0xEB,0x96,0x4F,0xE7,0x71,0x9E,0x74,
-	  0xF4,0x90,0x75,0x8D,0x3B }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+47*6]; }
-	_EC_X9_62_CHAR2_368W1 = {
-	{ NID_X9_62_characteristic_two_field,0,47,0xFF70 },
-	{							/* no seed */
-	  0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x07,
-	  0x00,0xE0,0xD2,0xEE,0x25,0x09,0x52,0x06,0xF5,0xE2,	/* a */
-	  0xA4,0xF9,0xED,0x22,0x9F,0x1F,0x25,0x6E,0x79,0xA0,
-	  0xE2,0xB4,0x55,0x97,0x0D,0x8D,0x0D,0x86,0x5B,0xD9,
-	  0x47,0x78,0xC5,0x76,0xD6,0x2F,0x0A,0xB7,0x51,0x9C,
-	  0xCD,0x2A,0x1A,0x90,0x6A,0xE3,0x0D,
-	  0x00,0xFC,0x12,0x17,0xD4,0x32,0x0A,0x90,0x45,0x2C,	/* b */
-	  0x76,0x0A,0x58,0xED,0xCD,0x30,0xC8,0xDD,0x06,0x9B,
-	  0x3C,0x34,0x45,0x38,0x37,0xA3,0x4E,0xD5,0x0C,0xB5,
-	  0x49,0x17,0xE1,0xC2,0x11,0x2D,0x84,0xD1,0x64,0xF4,
-	  0x44,0xF8,0xF7,0x47,0x86,0x04,0x6A,
-	  0x00,0x10,0x85,0xE2,0x75,0x53,0x81,0xDC,0xCC,0xE3,	/* x */
-	  0xC1,0x55,0x7A,0xFA,0x10,0xC2,0xF0,0xC0,0xC2,0x82,
-	  0x56,0x46,0xC5,0xB3,0x4A,0x39,0x4C,0xBC,0xFA,0x8B,
-	  0xC1,0x6B,0x22,0xE7,0xE7,0x89,0xE9,0x27,0xBE,0x21,
-	  0x6F,0x02,0xE1,0xFB,0x13,0x6A,0x5F,
-	  0x00,0x7B,0x3E,0xB1,0xBD,0xDC,0xBA,0x62,0xD5,0xD8,	/* y */
-	  0xB2,0x05,0x9B,0x52,0x57,0x97,0xFC,0x73,0x82,0x2C,
-	  0x59,0x05,0x9C,0x62,0x3A,0x45,0xFF,0x38,0x43,0xCE,
-	  0xE8,0xF8,0x7C,0xD1,0x85,0x5A,0xDA,0xA8,0x1E,0x2A,
-	  0x07,0x50,0xB8,0x0F,0xDA,0x23,0x10,
-	  0x00,0x00,0x01,0x00,0x90,0x51,0x2D,0xA9,0xAF,0x72,	/* order */
-	  0xB0,0x83,0x49,0xD9,0x8A,0x5D,0xD4,0xC7,0xB0,0x53,
-	  0x2E,0xCA,0x51,0xCE,0x03,0xE2,0xD1,0x0F,0x3B,0x7A,
-	  0xC5,0x79,0xBD,0x87,0xE9,0x09,0xAE,0x40,0xA6,0xF1,
-	  0x31,0xE9,0xCF,0xCE,0x5B,0xD9,0x67 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+54*6]; }
-	_EC_X9_62_CHAR2_431R1 = {
-	{ NID_X9_62_characteristic_two_field,0,54,0x2760 },
-	{							/* no seed */
-	  0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x01,
-	  0x1A,0x82,0x7E,0xF0,0x0D,0xD6,0xFC,0x0E,0x23,0x4C,	/* a */
-	  0xAF,0x04,0x6C,0x6A,0x5D,0x8A,0x85,0x39,0x5B,0x23,
-	  0x6C,0xC4,0xAD,0x2C,0xF3,0x2A,0x0C,0xAD,0xBD,0xC9,
-	  0xDD,0xF6,0x20,0xB0,0xEB,0x99,0x06,0xD0,0x95,0x7F,
-	  0x6C,0x6F,0xEA,0xCD,0x61,0x54,0x68,0xDF,0x10,0x4D,
-	  0xE2,0x96,0xCD,0x8F,
-	  0x10,0xD9,0xB4,0xA3,0xD9,0x04,0x7D,0x8B,0x15,0x43,	/* b */
-	  0x59,0xAB,0xFB,0x1B,0x7F,0x54,0x85,0xB0,0x4C,0xEB,
-	  0x86,0x82,0x37,0xDD,0xC9,0xDE,0xDA,0x98,0x2A,0x67,
-	  0x9A,0x5A,0x91,0x9B,0x62,0x6D,0x4E,0x50,0xA8,0xDD,
-	  0x73,0x1B,0x10,0x7A,0x99,0x62,0x38,0x1F,0xB5,0xD8,
-	  0x07,0xBF,0x26,0x18,
-	  0x12,0x0F,0xC0,0x5D,0x3C,0x67,0xA9,0x9D,0xE1,0x61,	/* x */
-	  0xD2,0xF4,0x09,0x26,0x22,0xFE,0xCA,0x70,0x1B,0xE4,
-	  0xF5,0x0F,0x47,0x58,0x71,0x4E,0x8A,0x87,0xBB,0xF2,
-	  0xA6,0x58,0xEF,0x8C,0x21,0xE7,0xC5,0xEF,0xE9,0x65,
-	  0x36,0x1F,0x6C,0x29,0x99,0xC0,0xC2,0x47,0xB0,0xDB,
-	  0xD7,0x0C,0xE6,0xB7,
-	  0x20,0xD0,0xAF,0x89,0x03,0xA9,0x6F,0x8D,0x5F,0xA2,	/* y */
-	  0xC2,0x55,0x74,0x5D,0x3C,0x45,0x1B,0x30,0x2C,0x93,
-	  0x46,0xD9,0xB7,0xE4,0x85,0xE7,0xBC,0xE4,0x1F,0x6B,
-	  0x59,0x1F,0x3E,0x8F,0x6A,0xDD,0xCB,0xB0,0xBC,0x4C,
-	  0x2F,0x94,0x7A,0x7D,0xE1,0xA8,0x9B,0x62,0x5D,0x6A,
-	  0x59,0x8B,0x37,0x60,
-	  0x00,0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,	/* order */
-	  0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,0x03,
-	  0x40,0x34,0x03,0x40,0x34,0x03,0x40,0x34,0x03,0x23,
-	  0xC3,0x13,0xFA,0xB5,0x05,0x89,0x70,0x3B,0x5E,0xC6,
-	  0x8D,0x35,0x87,0xFE,0xC6,0x0D,0x16,0x1C,0xC1,0x49,
-	  0xC1,0xAD,0x4A,0x91 }
-	};
-
-static const struct { EC_CURVE_DATA h; unsigned char data[0+15*6]; }
-	_EC_WTLS_1 = {
-	{ NID_X9_62_characteristic_two_field,0,15,2 },
-	{							/* no seed */
-	  0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x02,0x01,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x01,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x01,
-	  0x01,0x66,0x79,0x79,0xA4,0x0B,0xA4,0x97,0xE5,0xD5,	/* x */
-	  0xC2,0x70,0x78,0x06,0x17,
-	  0x00,0xF4,0x4B,0x4A,0xF1,0xEC,0xC2,0x63,0x0E,0x08,	/* y */
-	  0x78,0x5C,0xEB,0xCC,0x15,
-	  0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFD,0xBF,	/* order */
-	  0x91,0xAF,0x6D,0xEA,0x73 }
-	};
-
-/* IPSec curves */
-/* NOTE: The of curves over a extension field of non prime degree
- * is not recommended (Weil-descent).
- * As the group order is not a prime this curve is not suitable
- * for ECDSA.
- */
-static const struct { EC_CURVE_DATA h; unsigned char data[0+20*6]; }
-	_EC_IPSEC_155_ID3 = {
-	{ NID_X9_62_characteristic_two_field,0,20,3 },
-	{							/* no seed */
-	  0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x07,0x33,0x8f,
-
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* x */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x7b,
-
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* y */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xc8,
-
-	  0x02,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,0xAA,	/* order */
-	  0xC7,0xF3,0xC7,0x88,0x1B,0xD0,0x86,0x8F,0xA8,0x6C }
-	};
-
-/* NOTE: The of curves over a extension field of non prime degree
- * is not recommended (Weil-descent).
- * As the group order is not a prime this curve is not suitable
- * for ECDSA.
- */
-static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; }
-	_EC_IPSEC_185_ID4 = {
-	{ NID_X9_62_characteristic_two_field,0,24,2 },
-	{							/* no seed */
-	  0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* p */
-	  0x00,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x01,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* a */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* b */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x1e,0xe9,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* x */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x18,
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,	/* y */
-	  0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	  0x00,0x00,0x00,0x0d,
-	  0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,	/* order */
-	  0xFF,0xFF,0xED,0xF9,0x7C,0x44,0xDB,0x9F,0x24,0x20,
-	  0xBA,0xFC,0xA7,0x5E }
-	};
-
-#endif
-
-typedef struct _ec_list_element_st {
-	int	nid;
-	const EC_CURVE_DATA *data;
-	const EC_METHOD *(*meth)(void);
-	const char *comment;
-	} ec_list_element;
-
-static const ec_list_element curve_list[] = {
-	/* prime field curves */
-	/* secg curves */
-	{ NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0, "SECG/WTLS curve over a 112 bit prime field" },
-	{ NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0, "SECG curve over a 112 bit prime field" },
-	{ NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0, "SECG curve over a 128 bit prime field" },
-	{ NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0, "SECG curve over a 128 bit prime field" },
-	{ NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0, "SECG curve over a 160 bit prime field" },
-	{ NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0, "SECG curve over a 160 bit prime field" },
-	{ NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0, "SECG/WTLS curve over a 160 bit prime field" },
-	/* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
-	{ NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0, "SECG curve over a 192 bit prime field" },
-	{ NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, "SECG curve over a 224 bit prime field" },
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-	{ NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, "NIST/SECG curve over a 224 bit prime field" },
-#else
-	{ NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, "NIST/SECG curve over a 224 bit prime field" },
-#endif
-	{ NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, "SECG curve over a 256 bit prime field" },
-	/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
-	{ NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" },
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-	{ NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, "NIST/SECG curve over a 521 bit prime field" },
-#else
-	{ NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, "NIST/SECG curve over a 521 bit prime field" },
-#endif
-	/* X9.62 curves */
-	{ NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, "NIST/X9.62/SECG curve over a 192 bit prime field" },
-	{ NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, "X9.62 curve over a 192 bit prime field" },
-	{ NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, "X9.62 curve over a 192 bit prime field" },
-	{ NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, "X9.62 curve over a 239 bit prime field" },
-	{ NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, "X9.62 curve over a 239 bit prime field" },
-	{ NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, "X9.62 curve over a 239 bit prime field" },
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-	{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, EC_GFp_nistp256_method, "X9.62/SECG curve over a 256 bit prime field" },
-#else
-	{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, 0, "X9.62/SECG curve over a 256 bit prime field" },
-#endif
-#ifndef OPENSSL_NO_EC2M
-	/* characteristic two field curves */
-	/* NIST/SECG curves */
-	{ NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0, "SECG curve over a 113 bit binary field" },
-	{ NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0, "SECG curve over a 113 bit binary field" },
-	{ NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0, "SECG/WTLS curve over a 131 bit binary field" },
-	{ NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0, "SECG curve over a 131 bit binary field" },
-	{ NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0, "NIST/SECG/WTLS curve over a 163 bit binary field" },
-	{ NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0, "SECG curve over a 163 bit binary field" },
-	{ NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0, "NIST/SECG curve over a 163 bit binary field" },
-	{ NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0, "SECG curve over a 193 bit binary field" },
-	{ NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0, "SECG curve over a 193 bit binary field" },
-	{ NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field" },
-	{ NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field" },
-	{ NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0, "SECG curve over a 239 bit binary field" },
-	{ NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0, "NIST/SECG curve over a 283 bit binary field" },
-	{ NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0, "NIST/SECG curve over a 283 bit binary field" },
-	{ NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0, "NIST/SECG curve over a 409 bit binary field" },
-	{ NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0, "NIST/SECG curve over a 409 bit binary field" },
-	{ NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0, "NIST/SECG curve over a 571 bit binary field" },
-	{ NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0, "NIST/SECG curve over a 571 bit binary field" },
-	/* X9.62 curves */
-	{ NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0, "X9.62 curve over a 163 bit binary field" },
-	{ NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0, "X9.62 curve over a 163 bit binary field" },
-	{ NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0, "X9.62 curve over a 163 bit binary field" },
-	{ NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0, "X9.62 curve over a 176 bit binary field" },
-	{ NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0, "X9.62 curve over a 191 bit binary field" },
-	{ NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0, "X9.62 curve over a 191 bit binary field" },
-	{ NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0, "X9.62 curve over a 191 bit binary field" },
-	{ NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0, "X9.62 curve over a 208 bit binary field" },
-	{ NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0, "X9.62 curve over a 239 bit binary field" },
-	{ NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0, "X9.62 curve over a 239 bit binary field" },
-	{ NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0, "X9.62 curve over a 239 bit binary field" },
-	{ NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0, "X9.62 curve over a 272 bit binary field" },
-	{ NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0, "X9.62 curve over a 304 bit binary field" },
-	{ NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0, "X9.62 curve over a 359 bit binary field" },
-	{ NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0, "X9.62 curve over a 368 bit binary field" },
-	{ NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0, "X9.62 curve over a 431 bit binary field" },
-	/* the WAP/WTLS curves
-	 * [unlike SECG, spec has its own OIDs for curves from X9.62] */
-	{ NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0, "WTLS curve over a 113 bit binary field" },
-	{ NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0, "NIST/SECG/WTLS curve over a 163 bit binary field" },
-	{ NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0, "SECG curve over a 113 bit binary field" },
-	{ NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, "X9.62 curve over a 163 bit binary field" },
-#endif
-	{ NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, "SECG/WTLS curve over a 112 bit prime field" },
-	{ NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, "SECG/WTLS curve over a 160 bit prime field" },
-	{ NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, "WTLS curve over a 112 bit prime field" },
-	{ NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, "WTLS curve over a 160 bit prime field" },
-#ifndef OPENSSL_NO_EC2M
-	{ NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field" },
-	{ NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field" },
-#endif
-	{ NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, "WTLS curvs over a 224 bit prime field" },
-#ifndef OPENSSL_NO_EC2M
-	/* IPSec curves */
-	{ NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
-	  "\tNot suitable for ECDSA.\n\tQuestionable extension field!" },
-	{ NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0, "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
-	  "\tNot suitable for ECDSA.\n\tQuestionable extension field!" },
-#endif
-};
-
-#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
-
-static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
-	{
-	EC_GROUP *group=NULL;
-	EC_POINT *P=NULL;
-	BN_CTX	 *ctx=NULL;
-	BIGNUM	 *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
-	int	 ok=0;
-	int	 seed_len,param_len;
-	const EC_METHOD *meth;
-	const EC_CURVE_DATA *data;
-	const unsigned char *params;
-
-	if ((ctx = BN_CTX_new()) == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	data = curve.data;
-	seed_len  = data->seed_len;
-	param_len = data->param_len;
-	params	  = (const unsigned char *)(data+1);	/* skip header */
-	params	 += seed_len;				/* skip seed   */
-
-	if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL))
-		|| !(a = BN_bin2bn(params+1*param_len, param_len, NULL))
-		|| !(b = BN_bin2bn(params+2*param_len, param_len, NULL)))
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
-		goto err;
-		}
-
-	if (curve.meth != 0)
-		{
-		meth = curve.meth();
-		if (((group = EC_GROUP_new(meth)) == NULL) ||
-			(!(group->meth->group_set_curve(group, p, a, b, ctx))))
-			{
-			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-	else if (data->field_type == NID_X9_62_prime_field)
-		{
-		if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL)
-			{
-			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-#ifndef OPENSSL_NO_EC2M
-	else	/* field_type == NID_X9_62_characteristic_two_field */
-		{
-		if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)
-			{
-			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-#endif
-
-	if ((P = EC_POINT_new(group)) == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL))
-		|| !(y = BN_bin2bn(params+4*param_len, param_len, NULL)))
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
-		goto err;
-		}
-	if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-		goto err;
-		}
-	if (!(order = BN_bin2bn(params+5*param_len, param_len, NULL))
-		|| !BN_set_word(x, (BN_ULONG)data->cofactor))
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
-		goto err;
-		}
-	if (!EC_GROUP_set_generator(group, P, order, x))
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-		goto err;
-		}
-	if (seed_len)
-		{
-		if (!EC_GROUP_set_seed(group, params-seed_len, seed_len))
-			{
-			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-	ok=1;
-err:
-	if (!ok)
-		{
-		EC_GROUP_free(group);
-		group = NULL;
-		}
-	if (P)
-		EC_POINT_free(P);
-	if (ctx)
-		BN_CTX_free(ctx);
-	if (p)
-		BN_free(p);
-	if (a)
-		BN_free(a);
-	if (b)
-		BN_free(b);
-	if (order)
-		BN_free(order);
-	if (x)
-		BN_free(x);
-	if (y)
-		BN_free(y);
-	return group;
-	}
-
-EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
-	{
-	size_t i;
-	EC_GROUP *ret = NULL;
-
-	if (nid <= 0)
-		return NULL;
-
-	for (i=0; i<curve_list_length; i++)
-		if (curve_list[i].nid == nid)
-			{
-			ret = ec_group_new_from_data(curve_list[i]);
-			break;
-			}
-
-	if (ret == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
-		return NULL;
-		}
-
-	EC_GROUP_set_curve_name(ret, nid);
-
-	return ret;
-	}
-
-size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
-	{
-	size_t	i, min;
-
-	if (r == NULL || nitems == 0)
-		return curve_list_length;
-
-	min = nitems < curve_list_length ? nitems : curve_list_length;
-
-	for (i = 0; i < min; i++)
-		{
-		r[i].nid = curve_list[i].nid;
-		r[i].comment = curve_list[i].comment;
-		}
-
-	return curve_list_length;
-	}
diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c
deleted file mode 100644
index bfcbab35fe..0000000000
--- a/crypto/ec/ec_cvt.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/* crypto/ec/ec_cvt.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <openssl/err.h>
-#include "ec_lcl.h"
-
-
-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	const EC_METHOD *meth;
-	EC_GROUP *ret;
-
-#if defined(OPENSSL_BN_ASM_MONT)
-	/*
-	 * This might appear controversial, but the fact is that generic
-	 * prime method was observed to deliver better performance even
-	 * for NIST primes on a range of platforms, e.g.: 60%-15%
-	 * improvement on IA-64, ~25% on ARM, 30%-90% on P4, 20%-25%
-	 * in 32-bit build and 35%--12% in 64-bit build on Core2...
-	 * Coefficients are relative to optimized bn_nist.c for most
-	 * intensive ECDSA verify and ECDH operations for 192- and 521-
-	 * bit keys respectively. Choice of these boundary values is
-	 * arguable, because the dependency of improvement coefficient
-	 * from key length is not a "monotone" curve. For example while
-	 * 571-bit result is 23% on ARM, 384-bit one is -1%. But it's
-	 * generally faster, sometimes "respectfully" faster, sometimes
-	 * "tolerably" slower... What effectively happens is that loop
-	 * with bn_mul_add_words is put against bn_mul_mont, and the
-	 * latter "wins" on short vectors. Correct solution should be
-	 * implementing dedicated NxN multiplication subroutines for
-	 * small N. But till it materializes, let's stick to generic
-	 * prime method...
-	 *						<appro>
-	 */
-	meth = EC_GFp_mont_method();
-#else
-	meth = EC_GFp_nist_method();
-#endif
-	
-	ret = EC_GROUP_new(meth);
-	if (ret == NULL)
-		return NULL;
-
-	if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
-		{
-		unsigned long err;
-		  
-		err = ERR_peek_last_error();
-
-		if (!(ERR_GET_LIB(err) == ERR_LIB_EC &&
-			((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) ||
-			 (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME))))
-			{
-			/* real error */
-			
-			EC_GROUP_clear_free(ret);
-			return NULL;
-			}
-			
-		
-		/* not an actual error, we just cannot use EC_GFp_nist_method */
-
-		ERR_clear_error();
-
-		EC_GROUP_clear_free(ret);
-		meth = EC_GFp_mont_method();
-
-		ret = EC_GROUP_new(meth);
-		if (ret == NULL)
-			return NULL;
-
-		if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
-			{
-			EC_GROUP_clear_free(ret);
-			return NULL;
-			}
-		}
-
-	return ret;
-	}
-
-#ifndef OPENSSL_NO_EC2M
-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	const EC_METHOD *meth;
-	EC_GROUP *ret;
-	
-	meth = EC_GF2m_simple_method();
-	
-	ret = EC_GROUP_new(meth);
-	if (ret == NULL)
-		return NULL;
-
-	if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx))
-		{
-		EC_GROUP_clear_free(ret);
-		return NULL;
-		}
-
-	return ret;
-	}
-#endif
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
deleted file mode 100644
index 0d19398731..0000000000
--- a/crypto/ec/ec_err.c
+++ /dev/null
@@ -1,276 +0,0 @@
-/* crypto/ec/ec_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ec.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
-
-static ERR_STRING_DATA EC_str_functs[]=
-	{
-{ERR_FUNC(EC_F_BN_TO_FELEM),	"BN_TO_FELEM"},
-{ERR_FUNC(EC_F_COMPUTE_WNAF),	"COMPUTE_WNAF"},
-{ERR_FUNC(EC_F_D2I_ECPARAMETERS),	"d2i_ECParameters"},
-{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS),	"d2i_ECPKParameters"},
-{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY),	"d2i_ECPrivateKey"},
-{ERR_FUNC(EC_F_DO_EC_KEY_PRINT),	"DO_EC_KEY_PRINT"},
-{ERR_FUNC(EC_F_ECKEY_PARAM2TYPE),	"ECKEY_PARAM2TYPE"},
-{ERR_FUNC(EC_F_ECKEY_PARAM_DECODE),	"ECKEY_PARAM_DECODE"},
-{ERR_FUNC(EC_F_ECKEY_PRIV_DECODE),	"ECKEY_PRIV_DECODE"},
-{ERR_FUNC(EC_F_ECKEY_PRIV_ENCODE),	"ECKEY_PRIV_ENCODE"},
-{ERR_FUNC(EC_F_ECKEY_PUB_DECODE),	"ECKEY_PUB_DECODE"},
-{ERR_FUNC(EC_F_ECKEY_PUB_ENCODE),	"ECKEY_PUB_ENCODE"},
-{ERR_FUNC(EC_F_ECKEY_TYPE2PARAM),	"ECKEY_TYPE2PARAM"},
-{ERR_FUNC(EC_F_ECPARAMETERS_PRINT),	"ECParameters_print"},
-{ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP),	"ECParameters_print_fp"},
-{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT),	"ECPKParameters_print"},
-{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP),	"ECPKParameters_print_fp"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_192),	"ECP_NIST_MOD_192"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_224),	"ECP_NIST_MOD_224"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_256),	"ECP_NIST_MOD_256"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_521),	"ECP_NIST_MOD_521"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE),	"EC_ASN1_GROUP2CURVE"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID),	"EC_ASN1_GROUP2FIELDID"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS),	"EC_ASN1_GROUP2PARAMETERS"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS),	"EC_ASN1_GROUP2PKPARAMETERS"},
-{ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP),	"EC_ASN1_PARAMETERS2GROUP"},
-{ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP),	"EC_ASN1_PKPARAMETERS2GROUP"},
-{ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA),	"EC_EX_DATA_set_data"},
-{ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY),	"EC_GF2M_MONTGOMERY_POINT_MULTIPLY"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT),	"ec_GF2m_simple_group_check_discriminant"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE),	"ec_GF2m_simple_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT),	"ec_GF2m_simple_oct2point"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT),	"ec_GF2m_simple_point2oct"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES),	"ec_GF2m_simple_point_get_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES),	"ec_GF2m_simple_point_set_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES),	"ec_GF2m_simple_set_compressed_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE),	"ec_GFp_mont_field_decode"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE),	"ec_GFp_mont_field_encode"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL),	"ec_GFp_mont_field_mul"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE),	"ec_GFp_mont_field_set_to_one"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR),	"ec_GFp_mont_field_sqr"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE),	"ec_GFp_mont_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP),	"EC_GFP_MONT_GROUP_SET_CURVE_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE),	"ec_GFp_nistp224_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_NISTP224_POINTS_MUL),	"ec_GFp_nistp224_points_mul"},
-{ERR_FUNC(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES),	"ec_GFp_nistp224_point_get_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE),	"ec_GFp_nistp256_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_NISTP256_POINTS_MUL),	"ec_GFp_nistp256_points_mul"},
-{ERR_FUNC(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES),	"ec_GFp_nistp256_point_get_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE),	"ec_GFp_nistp521_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_NISTP521_POINTS_MUL),	"ec_GFp_nistp521_points_mul"},
-{ERR_FUNC(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES),	"ec_GFp_nistp521_point_get_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL),	"ec_GFp_nist_field_mul"},
-{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR),	"ec_GFp_nist_field_sqr"},
-{ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE),	"ec_GFp_nist_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT),	"ec_GFp_simple_group_check_discriminant"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE),	"ec_GFp_simple_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP),	"EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR),	"EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE),	"ec_GFp_simple_make_affine"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT),	"ec_GFp_simple_oct2point"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT),	"ec_GFp_simple_point2oct"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE),	"ec_GFp_simple_points_make_affine"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES),	"ec_GFp_simple_point_get_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP),	"EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES),	"ec_GFp_simple_point_set_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP),	"EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES),	"ec_GFp_simple_set_compressed_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP),	"EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},
-{ERR_FUNC(EC_F_EC_GROUP_CHECK),	"EC_GROUP_check"},
-{ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT),	"EC_GROUP_check_discriminant"},
-{ERR_FUNC(EC_F_EC_GROUP_COPY),	"EC_GROUP_copy"},
-{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR),	"EC_GROUP_get0_generator"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR),	"EC_GROUP_get_cofactor"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M),	"EC_GROUP_get_curve_GF2m"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP),	"EC_GROUP_get_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE),	"EC_GROUP_get_degree"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER),	"EC_GROUP_get_order"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS),	"EC_GROUP_get_pentanomial_basis"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS),	"EC_GROUP_get_trinomial_basis"},
-{ERR_FUNC(EC_F_EC_GROUP_NEW),	"EC_GROUP_new"},
-{ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME),	"EC_GROUP_new_by_curve_name"},
-{ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA),	"EC_GROUP_NEW_FROM_DATA"},
-{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT),	"EC_GROUP_precompute_mult"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M),	"EC_GROUP_set_curve_GF2m"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP),	"EC_GROUP_set_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA),	"EC_GROUP_SET_EXTRA_DATA"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR),	"EC_GROUP_set_generator"},
-{ERR_FUNC(EC_F_EC_KEY_CHECK_KEY),	"EC_KEY_check_key"},
-{ERR_FUNC(EC_F_EC_KEY_COPY),	"EC_KEY_copy"},
-{ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY),	"EC_KEY_generate_key"},
-{ERR_FUNC(EC_F_EC_KEY_NEW),	"EC_KEY_new"},
-{ERR_FUNC(EC_F_EC_KEY_PRINT),	"EC_KEY_print"},
-{ERR_FUNC(EC_F_EC_KEY_PRINT_FP),	"EC_KEY_print_fp"},
-{ERR_FUNC(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES),	"EC_KEY_set_public_key_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE),	"EC_POINTs_make_affine"},
-{ERR_FUNC(EC_F_EC_POINT_ADD),	"EC_POINT_add"},
-{ERR_FUNC(EC_F_EC_POINT_CMP),	"EC_POINT_cmp"},
-{ERR_FUNC(EC_F_EC_POINT_COPY),	"EC_POINT_copy"},
-{ERR_FUNC(EC_F_EC_POINT_DBL),	"EC_POINT_dbl"},
-{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M),	"EC_POINT_get_affine_coordinates_GF2m"},
-{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP),	"EC_POINT_get_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP),	"EC_POINT_get_Jprojective_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_INVERT),	"EC_POINT_invert"},
-{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY),	"EC_POINT_is_at_infinity"},
-{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE),	"EC_POINT_is_on_curve"},
-{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE),	"EC_POINT_make_affine"},
-{ERR_FUNC(EC_F_EC_POINT_MUL),	"EC_POINT_mul"},
-{ERR_FUNC(EC_F_EC_POINT_NEW),	"EC_POINT_new"},
-{ERR_FUNC(EC_F_EC_POINT_OCT2POINT),	"EC_POINT_oct2point"},
-{ERR_FUNC(EC_F_EC_POINT_POINT2OCT),	"EC_POINT_point2oct"},
-{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M),	"EC_POINT_set_affine_coordinates_GF2m"},
-{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP),	"EC_POINT_set_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M),	"EC_POINT_set_compressed_coordinates_GF2m"},
-{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP),	"EC_POINT_set_compressed_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP),	"EC_POINT_set_Jprojective_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY),	"EC_POINT_set_to_infinity"},
-{ERR_FUNC(EC_F_EC_PRE_COMP_DUP),	"EC_PRE_COMP_DUP"},
-{ERR_FUNC(EC_F_EC_PRE_COMP_NEW),	"EC_PRE_COMP_NEW"},
-{ERR_FUNC(EC_F_EC_WNAF_MUL),	"ec_wNAF_mul"},
-{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT),	"ec_wNAF_precompute_mult"},
-{ERR_FUNC(EC_F_I2D_ECPARAMETERS),	"i2d_ECParameters"},
-{ERR_FUNC(EC_F_I2D_ECPKPARAMETERS),	"i2d_ECPKParameters"},
-{ERR_FUNC(EC_F_I2D_ECPRIVATEKEY),	"i2d_ECPrivateKey"},
-{ERR_FUNC(EC_F_I2O_ECPUBLICKEY),	"i2o_ECPublicKey"},
-{ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW),	"NISTP224_PRE_COMP_NEW"},
-{ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW),	"NISTP256_PRE_COMP_NEW"},
-{ERR_FUNC(EC_F_NISTP521_PRE_COMP_NEW),	"NISTP521_PRE_COMP_NEW"},
-{ERR_FUNC(EC_F_O2I_ECPUBLICKEY),	"o2i_ECPublicKey"},
-{ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE),	"OLD_EC_PRIV_DECODE"},
-{ERR_FUNC(EC_F_PKEY_EC_CTRL),	"PKEY_EC_CTRL"},
-{ERR_FUNC(EC_F_PKEY_EC_CTRL_STR),	"PKEY_EC_CTRL_STR"},
-{ERR_FUNC(EC_F_PKEY_EC_DERIVE),	"PKEY_EC_DERIVE"},
-{ERR_FUNC(EC_F_PKEY_EC_KEYGEN),	"PKEY_EC_KEYGEN"},
-{ERR_FUNC(EC_F_PKEY_EC_PARAMGEN),	"PKEY_EC_PARAMGEN"},
-{ERR_FUNC(EC_F_PKEY_EC_SIGN),	"PKEY_EC_SIGN"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA EC_str_reasons[]=
-	{
-{ERR_REASON(EC_R_ASN1_ERROR)             ,"asn1 error"},
-{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD)     ,"asn1 unknown field"},
-{ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE)    ,"bignum out of range"},
-{ERR_REASON(EC_R_BUFFER_TOO_SMALL)       ,"buffer too small"},
-{ERR_REASON(EC_R_COORDINATES_OUT_OF_RANGE),"coordinates out of range"},
-{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"},
-{ERR_REASON(EC_R_DECODE_ERROR)           ,"decode error"},
-{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO)   ,"discriminant is zero"},
-{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"},
-{ERR_REASON(EC_R_FIELD_TOO_LARGE)        ,"field too large"},
-{ERR_REASON(EC_R_GF2M_NOT_SUPPORTED)     ,"gf2m not supported"},
-{ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"},
-{ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"},
-{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS)   ,"incompatible objects"},
-{ERR_REASON(EC_R_INVALID_ARGUMENT)       ,"invalid argument"},
-{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
-{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},
-{ERR_REASON(EC_R_INVALID_CURVE)          ,"invalid curve"},
-{ERR_REASON(EC_R_INVALID_DIGEST_TYPE)    ,"invalid digest type"},
-{ERR_REASON(EC_R_INVALID_ENCODING)       ,"invalid encoding"},
-{ERR_REASON(EC_R_INVALID_FIELD)          ,"invalid field"},
-{ERR_REASON(EC_R_INVALID_FORM)           ,"invalid form"},
-{ERR_REASON(EC_R_INVALID_GROUP_ORDER)    ,"invalid group order"},
-{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"},
-{ERR_REASON(EC_R_INVALID_PRIVATE_KEY)    ,"invalid private key"},
-{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"},
-{ERR_REASON(EC_R_KEYS_NOT_SET)           ,"keys not set"},
-{ERR_REASON(EC_R_MISSING_PARAMETERS)     ,"missing parameters"},
-{ERR_REASON(EC_R_MISSING_PRIVATE_KEY)    ,"missing private key"},
-{ERR_REASON(EC_R_NOT_A_NIST_PRIME)       ,"not a NIST prime"},
-{ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),"not a supported NIST prime"},
-{ERR_REASON(EC_R_NOT_IMPLEMENTED)        ,"not implemented"},
-{ERR_REASON(EC_R_NOT_INITIALIZED)        ,"not initialized"},
-{ERR_REASON(EC_R_NO_FIELD_MOD)           ,"no field mod"},
-{ERR_REASON(EC_R_NO_PARAMETERS_SET)      ,"no parameters set"},
-{ERR_REASON(EC_R_PASSED_NULL_PARAMETER)  ,"passed null parameter"},
-{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"},
-{ERR_REASON(EC_R_POINT_AT_INFINITY)      ,"point at infinity"},
-{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE)  ,"point is not on curve"},
-{ERR_REASON(EC_R_SLOT_FULL)              ,"slot full"},
-{ERR_REASON(EC_R_UNDEFINED_GENERATOR)    ,"undefined generator"},
-{ERR_REASON(EC_R_UNDEFINED_ORDER)        ,"undefined order"},
-{ERR_REASON(EC_R_UNKNOWN_GROUP)          ,"unknown group"},
-{ERR_REASON(EC_R_UNKNOWN_ORDER)          ,"unknown order"},
-{ERR_REASON(EC_R_UNSUPPORTED_FIELD)      ,"unsupported field"},
-{ERR_REASON(EC_R_WRONG_CURVE_PARAMETERS) ,"wrong curve parameters"},
-{ERR_REASON(EC_R_WRONG_ORDER)            ,"wrong order"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_EC_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(EC_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,EC_str_functs);
-		ERR_load_strings(0,EC_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
deleted file mode 100644
index 73dd7b979b..0000000000
--- a/crypto/ec/ec_key.c
+++ /dev/null
@@ -1,584 +0,0 @@
-/* crypto/ec/ec_key.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions originally developed by SUN MICROSYSTEMS, INC., and 
- * contributed to the OpenSSL project.
- */
-
-#include <string.h>
-#include "ec_lcl.h"
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-EC_KEY *EC_KEY_new(void)
-	{
-	EC_KEY *ret;
-
-	ret=(EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));
-	if (ret == NULL)
-		{
-		ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-
-	ret->version = 1;	
-	ret->flags = 0;
-	ret->group   = NULL;
-	ret->pub_key = NULL;
-	ret->priv_key= NULL;
-	ret->enc_flag= 0; 
-	ret->nonce_from_hash_flag = 0;
-	ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
-	ret->references= 1;
-	ret->method_data = NULL;
-	return(ret);
-	}
-
-EC_KEY *EC_KEY_new_by_curve_name(int nid)
-	{
-	EC_KEY *ret = EC_KEY_new();
-	if (ret == NULL)
-		return NULL;
-	ret->group = EC_GROUP_new_by_curve_name(nid);
-	if (ret->group == NULL)
-		{
-		EC_KEY_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
-
-void EC_KEY_free(EC_KEY *r)
-	{
-	int i;
-
-	if (r == NULL) return;
-
-	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_EC);
-#ifdef REF_PRINT
-	REF_PRINT("EC_KEY",r);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"EC_KEY_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	if (r->group    != NULL) 
-		EC_GROUP_free(r->group);
-	if (r->pub_key  != NULL)
-		EC_POINT_free(r->pub_key);
-	if (r->priv_key != NULL)
-		BN_clear_free(r->priv_key);
-
-	EC_EX_DATA_free_all_data(&r->method_data);
-
-	OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
-
-	OPENSSL_free(r);
-	}
-
-EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
-	{
-	EC_EXTRA_DATA *d;
-
-	if (dest == NULL || src == NULL)
-		{
-		ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	/* copy the parameters */
-	if (src->group)
-		{
-		const EC_METHOD *meth = EC_GROUP_method_of(src->group);
-		/* clear the old group */
-		if (dest->group)
-			EC_GROUP_free(dest->group);
-		dest->group = EC_GROUP_new(meth);
-		if (dest->group == NULL)
-			return NULL;
-		if (!EC_GROUP_copy(dest->group, src->group))
-			return NULL;
-		}
-	/*  copy the public key */
-	if (src->pub_key && src->group)
-		{
-		if (dest->pub_key)
-			EC_POINT_free(dest->pub_key);
-		dest->pub_key = EC_POINT_new(src->group);
-		if (dest->pub_key == NULL)
-			return NULL;
-		if (!EC_POINT_copy(dest->pub_key, src->pub_key))
-			return NULL;
-		}
-	/* copy the private key */
-	if (src->priv_key)
-		{
-		if (dest->priv_key == NULL)
-			{
-			dest->priv_key = BN_new();
-			if (dest->priv_key == NULL)
-				return NULL;
-			}
-		if (!BN_copy(dest->priv_key, src->priv_key))
-			return NULL;
-		}
-	/* copy method/extra data */
-	EC_EX_DATA_free_all_data(&dest->method_data);
-
-	for (d = src->method_data; d != NULL; d = d->next)
-		{
-		void *t = d->dup_func(d->data);
-		
-		if (t == NULL)
-			return 0;
-		if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func))
-			return 0;
-		}
-
-	/* copy the rest */
-	dest->enc_flag  = src->enc_flag;
-	dest->nonce_from_hash_flag = src->nonce_from_hash_flag;
-	dest->conv_form = src->conv_form;
-	dest->version   = src->version;
-	dest->flags = src->flags;
-
-	return dest;
-	}
-
-EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
-	{
-	EC_KEY *ret = EC_KEY_new();
-	if (ret == NULL)
-		return NULL;
-	if (EC_KEY_copy(ret, ec_key) == NULL)
-		{
-		EC_KEY_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
-
-int EC_KEY_up_ref(EC_KEY *r)
-	{
-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
-#ifdef REF_PRINT
-	REF_PRINT("EC_KEY",r);
-#endif
-#ifdef REF_CHECK
-	if (i < 2)
-		{
-		fprintf(stderr, "EC_KEY_up, bad reference count\n");
-		abort();
-		}
-#endif
-	return ((i > 1) ? 1 : 0);
-	}
-
-int EC_KEY_generate_key(EC_KEY *eckey)
-	{	
-	int	ok = 0;
-	BN_CTX	*ctx = NULL;
-	BIGNUM	*priv_key = NULL, *order = NULL;
-	EC_POINT *pub_key = NULL;
-
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		return FIPS_ec_key_generate_key(eckey);
-#endif
-
-	if (!eckey || !eckey->group)
-		{
-		ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-
-	if ((order = BN_new()) == NULL) goto err;
-	if ((ctx = BN_CTX_new()) == NULL) goto err;
-
-	if (eckey->priv_key == NULL)
-		{
-		priv_key = BN_new();
-		if (priv_key == NULL)
-			goto err;
-		}
-	else
-		priv_key = eckey->priv_key;
-
-	if (!EC_GROUP_get_order(eckey->group, order, ctx))
-		goto err;
-
-	do
-		if (!BN_rand_range(priv_key, order))
-			goto err;
-	while (BN_is_zero(priv_key));
-
-	if (eckey->pub_key == NULL)
-		{
-		pub_key = EC_POINT_new(eckey->group);
-		if (pub_key == NULL)
-			goto err;
-		}
-	else
-		pub_key = eckey->pub_key;
-
-	if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
-		goto err;
-
-	eckey->priv_key = priv_key;
-	eckey->pub_key  = pub_key;
-
-	ok=1;
-
-err:	
-	if (order)
-		BN_free(order);
-	if (pub_key  != NULL && eckey->pub_key  == NULL)
-		EC_POINT_free(pub_key);
-	if (priv_key != NULL && eckey->priv_key == NULL)
-		BN_free(priv_key);
-	if (ctx != NULL)
-		BN_CTX_free(ctx);
-	return(ok);
-	}
-
-int EC_KEY_check_key(const EC_KEY *eckey)
-	{
-	int	ok   = 0;
-	BN_CTX	*ctx = NULL;
-	const BIGNUM	*order  = NULL;
-	EC_POINT *point = NULL;
-
-	if (!eckey || !eckey->group || !eckey->pub_key)
-		{
-		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-
-	if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key))
-		{
-		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
-		goto err;
-		}
-
-	if ((ctx = BN_CTX_new()) == NULL)
-		goto err;
-	if ((point = EC_POINT_new(eckey->group)) == NULL)
-		goto err;
-
-	/* testing whether the pub_key is on the elliptic curve */
-	if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx))
-		{
-		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
-		goto err;
-		}
-	/* testing whether pub_key * order is the point at infinity */
-	order = &eckey->group->order;
-	if (BN_is_zero(order))
-		{
-		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
-		goto err;
-		}
-	if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx))
-		{
-		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
-		goto err;
-		}
-	if (!EC_POINT_is_at_infinity(eckey->group, point))
-		{
-		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
-		goto err;
-		}
-	/* in case the priv_key is present : 
-	 * check if generator * priv_key == pub_key 
-	 */
-	if (eckey->priv_key)
-		{
-		if (BN_cmp(eckey->priv_key, order) >= 0)
-			{
-			ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
-			goto err;
-			}
-		if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
-			NULL, NULL, ctx))
-			{
-			ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
-			goto err;
-			}
-		if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, 
-			ctx) != 0)
-			{
-			ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
-			goto err;
-			}
-		}
-	ok = 1;
-err:
-	if (ctx   != NULL)
-		BN_CTX_free(ctx);
-	if (point != NULL)
-		EC_POINT_free(point);
-	return(ok);
-	}
-
-int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y)
-	{
-	BN_CTX *ctx = NULL;
-	BIGNUM *tx, *ty;
-	EC_POINT *point = NULL;
-	int ok = 0, tmp_nid, is_char_two = 0;
-
-	if (!key || !key->group || !x || !y)
-		{
-		ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
-						ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	ctx = BN_CTX_new();
-	if (!ctx)
-		goto err;
-
-	point = EC_POINT_new(key->group);
-
-	if (!point)
-		goto err;
-
-	tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));
-
-        if (tmp_nid == NID_X9_62_characteristic_two_field)
-		is_char_two = 1;
-
-	tx = BN_CTX_get(ctx);
-	ty = BN_CTX_get(ctx);
-#ifndef OPENSSL_NO_EC2M
-	if (is_char_two)
-		{
-		if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
-								x, y, ctx))
-			goto err;
-		if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point,
-								tx, ty, ctx))
-			goto err;
-		}
-	else
-#endif
-		{
-		if (!EC_POINT_set_affine_coordinates_GFp(key->group, point,
-								x, y, ctx))
-			goto err;
-		if (!EC_POINT_get_affine_coordinates_GFp(key->group, point,
-								tx, ty, ctx))
-			goto err;
-		}
-	/* Check if retrieved coordinates match originals: if not values
-	 * are out of range.
-	 */
-	if (BN_cmp(x, tx) || BN_cmp(y, ty))
-		{
-		ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
-			EC_R_COORDINATES_OUT_OF_RANGE);
-		goto err;
-		}
-
-	if (!EC_KEY_set_public_key(key, point))
-		goto err;
-
-	if (EC_KEY_check_key(key) == 0)
-		goto err;
-
-	ok = 1;
-
-	err:
-	if (ctx)
-		BN_CTX_free(ctx);
-	if (point)
-		EC_POINT_free(point);
-	return ok;
-
-	}
-
-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
-	{
-	return key->group;
-	}
-
-int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
-	{
-	if (key->group != NULL)
-		EC_GROUP_free(key->group);
-	key->group = EC_GROUP_dup(group);
-	return (key->group == NULL) ? 0 : 1;
-	}
-
-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
-	{
-	return key->priv_key;
-	}
-
-int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
-	{
-	if (key->priv_key)
-		BN_clear_free(key->priv_key);
-	key->priv_key = BN_dup(priv_key);
-	return (key->priv_key == NULL) ? 0 : 1;
-	}
-
-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
-	{
-	return key->pub_key;
-	}
-
-int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
-	{
-	if (key->pub_key != NULL)
-		EC_POINT_free(key->pub_key);
-	key->pub_key = EC_POINT_dup(pub_key, key->group);
-	return (key->pub_key == NULL) ? 0 : 1;
-	}
-
-unsigned int EC_KEY_get_enc_flags(const EC_KEY *key)
-	{
-	return key->enc_flag;
-	}
-
-void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)
-	{
-	key->enc_flag = flags;
-	}
-
-int EC_KEY_get_nonce_from_hash(const EC_KEY *key)
-	{
-	return key->nonce_from_hash_flag;
-	}
-
-void EC_KEY_set_nonce_from_hash(EC_KEY *key, int on)
-	{
-	key->nonce_from_hash_flag = on != 0;
-	}
-
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key)
-	{
-	return key->conv_form;
-	}
-
-void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
-	{
-	key->conv_form = cform;
-	if (key->group != NULL)
-		EC_GROUP_set_point_conversion_form(key->group, cform);
-	}
-
-void *EC_KEY_get_key_method_data(EC_KEY *key,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-	{
-	void *ret;
-
-	CRYPTO_r_lock(CRYPTO_LOCK_EC);
-	ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
-	CRYPTO_r_unlock(CRYPTO_LOCK_EC);
-
-	return ret;
-	}
-
-void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-	{
-	EC_EXTRA_DATA *ex_data;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_EC);
-	ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
-	if (ex_data == NULL)
-		EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func);
-	CRYPTO_w_unlock(CRYPTO_LOCK_EC);
-
-	return ex_data;
-	}
-
-void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
-	{
-	if (key->group != NULL)
-		EC_GROUP_set_asn1_flag(key->group, flag);
-	}
-
-int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
-	{
-	if (key->group == NULL)
-		return 0;
-	return EC_GROUP_precompute_mult(key->group, ctx);
-	}
-
-int EC_KEY_get_flags(const EC_KEY *key)
-	{
-	return key->flags;
-	}
-
-void EC_KEY_set_flags(EC_KEY *key, int flags)
-	{
-	key->flags |= flags;
-	}
-
-void EC_KEY_clear_flags(EC_KEY *key, int flags)
-	{
-	key->flags &= ~flags;
-	}
diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h
deleted file mode 100644
index dae9148388..0000000000
--- a/crypto/ec/ec_lcl.h
+++ /dev/null
@@ -1,447 +0,0 @@
-/* crypto/ec/ec_lcl.h */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-
-#include <stdlib.h>
-
-#include <openssl/obj_mac.h>
-#include <openssl/ec.h>
-#include <openssl/bn.h>
-
-#if defined(__SUNPRO_C)
-# if __SUNPRO_C >= 0x520
-# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
-# endif
-#endif
-
-/* Use default functions for poin2oct, oct2point and compressed coordinates */
-#define EC_FLAGS_DEFAULT_OCT	0x1
-
-/* Structure details are not part of the exported interface,
- * so all this may change in future versions. */
-
-struct ec_method_st {
-	/* Various method flags */
-	int flags;
-	/* used by EC_METHOD_get_field_type: */
-	int field_type; /* a NID */
-
-	/* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */
-	int (*group_init)(EC_GROUP *);
-	void (*group_finish)(EC_GROUP *);
-	void (*group_clear_finish)(EC_GROUP *);
-	int (*group_copy)(EC_GROUP *, const EC_GROUP *);
-
-	/* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
-	/* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
-	int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-	int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-
-	/* used by EC_GROUP_get_degree: */
-	int (*group_get_degree)(const EC_GROUP *);
-
-	/* used by EC_GROUP_check: */
-	int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *);
-
-	/* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */
-	int (*point_init)(EC_POINT *);
-	void (*point_finish)(EC_POINT *);
-	void (*point_clear_finish)(EC_POINT *);
-	int (*point_copy)(EC_POINT *, const EC_POINT *);
-
-	/* used by EC_POINT_set_to_infinity,
-	 * EC_POINT_set_Jprojective_coordinates_GFp,
-	 * EC_POINT_get_Jprojective_coordinates_GFp,
-	 * EC_POINT_set_affine_coordinates_GFp,     ..._GF2m,
-	 * EC_POINT_get_affine_coordinates_GFp,     ..._GF2m,
-	 * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
-	 */
-	int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
-	int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
-		const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
-	int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
-		BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
-	int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *,
-		const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-	int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *,
-		BIGNUM *x, BIGNUM *y, BN_CTX *);
-	int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *,
-		const BIGNUM *x, int y_bit, BN_CTX *);
-
-	/* used by EC_POINT_point2oct, EC_POINT_oct2point: */
-	size_t (*point2oct)(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
-	        unsigned char *buf, size_t len, BN_CTX *);
-	int (*oct2point)(const EC_GROUP *, EC_POINT *,
-	        const unsigned char *buf, size_t len, BN_CTX *);
-
-	/* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
-	int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-	int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
-	int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *);
-
-	/* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */
-	int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *);
-	int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *);
-	int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-
-	/* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
-	int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *);
-	int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
-
-	/* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult
-	 * (default implementations are used if the 'mul' pointer is 0): */
-	int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-		size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-	int (*precompute_mult)(EC_GROUP *group, BN_CTX *);
-	int (*have_precompute_mult)(const EC_GROUP *group);
-
-
-	/* internal functions */
-
-	/* 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 'dbl' so that
-	 * the same implementations of point operations can be used with different
-	 * optimized implementations of expensive field operations: */
-	int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-	int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-	int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-
-	int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */
-	int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */
-	int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);
-} /* EC_METHOD */;
-
-typedef struct ec_extra_data_st {
-	struct ec_extra_data_st *next;
-	void *data;
-	void *(*dup_func)(void *);
-	void (*free_func)(void *);
-	void (*clear_free_func)(void *);
-} EC_EXTRA_DATA; /* used in EC_GROUP */
-
-struct ec_group_st {
-	const EC_METHOD *meth;
-
-	EC_POINT *generator; /* optional */
-	BIGNUM order, cofactor;
-
-	int curve_name;/* optional NID for named curve */
-	int asn1_flag; /* flag to control the asn1 encoding */
-	point_conversion_form_t asn1_form;
-
-	unsigned char *seed; /* optional seed for parameters (appears in ASN1) */
-	size_t seed_len;
-
-	EC_EXTRA_DATA *extra_data; /* linked list */
-
-	/* The following members are handled by the method functions,
-	 * even if they appear generic */
-	
-	BIGNUM field; /* Field specification.
-	               * For curves over GF(p), this is the modulus;
-	               * for curves over GF(2^m), this is the 
-	               * irreducible polynomial defining the field.
-	               */
-
-	int poly[6]; /* Field specification for curves over GF(2^m).
-	              * The irreducible f(t) is then of the form:
-	              *     t^poly[0] + t^poly[1] + ... + t^poly[k]
-	              * where m = poly[0] > poly[1] > ... > poly[k] = 0.
-	              * The array is terminated with poly[k+1]=-1.
-	              * All elliptic curve irreducibles have at most 5
-	              * non-zero terms.
-	              */
-
-	BIGNUM a, b; /* Curve coefficients.
-	              * (Here the assumption is that BIGNUMs can be used
-	              * or abused for all kinds of fields, not just GF(p).)
-	              * For characteristic  > 3,  the curve is defined
-	              * by a Weierstrass equation of the form
-	              *     y^2 = x^3 + a*x + b.
-	              * For characteristic  2,  the curve is defined by
-	              * an equation of the form
-	              *     y^2 + x*y = x^3 + a*x^2 + b.
-	              */
-
-	int a_is_minus3; /* enable optimized point arithmetics for special case */
-
-	void *field_data1; /* method-specific (e.g., Montgomery structure) */
-	void *field_data2; /* method-specific */
-	int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *,	BN_CTX *); /* method-specific */
-} /* EC_GROUP */;
-
-struct ec_key_st {
-	int version;
-
-	EC_GROUP *group;
-
-	EC_POINT *pub_key;
-	BIGNUM	 *priv_key;
-
-	unsigned int enc_flag;
-	char nonce_from_hash_flag;
-	point_conversion_form_t conv_form;
-
-	int 	references;
-	int	flags;
-
-	EC_EXTRA_DATA *method_data;
-} /* EC_KEY */;
-
-/* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only
- * (with visibility limited to 'package' level for now).
- * We use the function pointers as index for retrieval; this obviates
- * global ex_data-style index tables.
- */
-int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_EX_DATA_free_data(EC_EXTRA_DATA **,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **);
-void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **);
-
-
-
-struct ec_point_st {
-	const EC_METHOD *meth;
-
-	/* All members except 'meth' are handled by the method functions,
-	 * even if they appear generic */
-
-	BIGNUM X;
-	BIGNUM Y;
-	BIGNUM Z; /* Jacobian projective coordinates:
-	           * (X, Y, Z)  represents  (X/Z^2, Y/Z^3)  if  Z != 0 */
-	int Z_is_one; /* enable optimized point arithmetics for special case */
-} /* EC_POINT */;
-
-
-
-/* method functions in ec_mult.c
- * (ec_lib.c uses these as defaults if group->method->mul is 0) */
-int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
-int ec_wNAF_have_precompute_mult(const EC_GROUP *group);
-
-
-/* method functions in ecp_smpl.c */
-int ec_GFp_simple_group_init(EC_GROUP *);
-void ec_GFp_simple_group_finish(EC_GROUP *);
-void ec_GFp_simple_group_clear_finish(EC_GROUP *);
-int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_group_get_degree(const EC_GROUP *);
-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
-int ec_GFp_simple_point_init(EC_POINT *);
-void ec_GFp_simple_point_finish(EC_POINT *);
-void ec_GFp_simple_point_clear_finish(EC_POINT *);
-int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
-int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
-	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
-int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
-	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,
-	BIGNUM *x, BIGNUM *y, BN_CTX *);
-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
-	const BIGNUM *x, int y_bit, BN_CTX *);
-size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
-	unsigned char *buf, size_t len, BN_CTX *);
-int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
-	const unsigned char *buf, size_t len, BN_CTX *);
-int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
-int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
-int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
-int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
-int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-
-
-/* method functions in ecp_mont.c */
-int ec_GFp_mont_group_init(EC_GROUP *);
-int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-void ec_GFp_mont_group_finish(EC_GROUP *);
-void ec_GFp_mont_group_clear_finish(EC_GROUP *);
-int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
-
-
-/* method functions in ecp_nist.c */
-int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
-int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-
-
-/* method functions in ec2_smpl.c */
-int ec_GF2m_simple_group_init(EC_GROUP *);
-void ec_GF2m_simple_group_finish(EC_GROUP *);
-void ec_GF2m_simple_group_clear_finish(EC_GROUP *);
-int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-int ec_GF2m_simple_group_get_degree(const EC_GROUP *);
-int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
-int ec_GF2m_simple_point_init(EC_POINT *);
-void ec_GF2m_simple_point_finish(EC_POINT *);
-void ec_GF2m_simple_point_clear_finish(EC_POINT *);
-int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);
-int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
-int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,
-	BIGNUM *x, BIGNUM *y, BN_CTX *);
-int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
-	const BIGNUM *x, int y_bit, BN_CTX *);
-size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
-	unsigned char *buf, size_t len, BN_CTX *);
-int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,
-	const unsigned char *buf, size_t len, BN_CTX *);
-int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
-int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
-int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
-int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
-int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-
-
-/* method functions in ec2_mult.c */
-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
-
-/* method functions in ec2_mult.c */
-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
-
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-/* method functions in ecp_nistp224.c */
-int ec_GFp_nistp224_group_init(EC_GROUP *group);
-int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
-int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
-int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);
-int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group);
-
-/* method functions in ecp_nistp256.c */
-int ec_GFp_nistp256_group_init(EC_GROUP *group);
-int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
-int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
-int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);
-int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group);
-
-/* method functions in ecp_nistp521.c */
-int ec_GFp_nistp521_group_init(EC_GROUP *group);
-int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
-int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
-int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);
-int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group);
-
-/* utility functions in ecp_nistputil.c */
-void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
-	size_t felem_size, void *tmp_felems,
-	void (*felem_one)(void *out),
-	int (*felem_is_zero)(const void *in),
-	void (*felem_assign)(void *out, const void *in),
-	void (*felem_square)(void *out, const void *in),
-	void (*felem_mul)(void *out, const void *in1, const void *in2),
-	void (*felem_inv)(void *out, const void *in),
-	void (*felem_contract)(void *out, const void *in));
-void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in);
-#endif
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
deleted file mode 100644
index 0992c393b0..0000000000
--- a/crypto/ec/ec_lib.c
+++ /dev/null
@@ -1,1096 +0,0 @@
-/* crypto/ec/ec_lib.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <string.h>
-
-#include <openssl/err.h>
-#include <openssl/opensslv.h>
-
-#include "ec_lcl.h"
-
-const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
-
-
-/* functions for EC_GROUP objects */
-
-EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
-	{
-	EC_GROUP *ret;
-
-	if (meth == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
-		return NULL;
-		}
-	if (meth->group_init == 0)
-		{
-		ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return NULL;
-		}
-
-	ret = OPENSSL_malloc(sizeof *ret);
-	if (ret == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	ret->meth = meth;
-
-	ret->extra_data = NULL;
-
-	ret->generator = NULL;
-	BN_init(&ret->order);
-	BN_init(&ret->cofactor);
-
-	ret->curve_name = 0;	
-	ret->asn1_flag  = 0;
-	ret->asn1_form  = POINT_CONVERSION_UNCOMPRESSED;
-
-	ret->seed = NULL;
-	ret->seed_len = 0;
-
-	if (!meth->group_init(ret))
-		{
-		OPENSSL_free(ret);
-		return NULL;
-		}
-	
-	return ret;
-	}
-
-
-void EC_GROUP_free(EC_GROUP *group)
-	{
-	if (!group) return;
-
-	if (group->meth->group_finish != 0)
-		group->meth->group_finish(group);
-
-	EC_EX_DATA_free_all_data(&group->extra_data);
-
-	if (group->generator != NULL)
-		EC_POINT_free(group->generator);
-	BN_free(&group->order);
-	BN_free(&group->cofactor);
-
-	if (group->seed)
-		OPENSSL_free(group->seed);
-
-	OPENSSL_free(group);
-	}
- 
-
-void EC_GROUP_clear_free(EC_GROUP *group)
-	{
-	if (!group) return;
-
-	if (group->meth->group_clear_finish != 0)
-		group->meth->group_clear_finish(group);
-	else if (group->meth->group_finish != 0)
-		group->meth->group_finish(group);
-
-	EC_EX_DATA_clear_free_all_data(&group->extra_data);
-
-	if (group->generator != NULL)
-		EC_POINT_clear_free(group->generator);
-	BN_clear_free(&group->order);
-	BN_clear_free(&group->cofactor);
-
-	if (group->seed)
-		{
-		OPENSSL_cleanse(group->seed, group->seed_len);
-		OPENSSL_free(group->seed);
-		}
-
-	OPENSSL_cleanse(group, sizeof *group);
-	OPENSSL_free(group);
-	}
-
-
-int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
-	{
-	EC_EXTRA_DATA *d;
-
-	if (dest->meth->group_copy == 0)
-		{
-		ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (dest->meth != src->meth)
-		{
-		ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	if (dest == src)
-		return 1;
-	
-	EC_EX_DATA_free_all_data(&dest->extra_data);
-
-	for (d = src->extra_data; d != NULL; d = d->next)
-		{
-		void *t = d->dup_func(d->data);
-		
-		if (t == NULL)
-			return 0;
-		if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func))
-			return 0;
-		}
-
-	if (src->generator != NULL)
-		{
-		if (dest->generator == NULL)
-			{
-			dest->generator = EC_POINT_new(dest);
-			if (dest->generator == NULL) return 0;
-			}
-		if (!EC_POINT_copy(dest->generator, src->generator)) return 0;
-		}
-	else
-		{
-		/* src->generator == NULL */
-		if (dest->generator != NULL)
-			{
-			EC_POINT_clear_free(dest->generator);
-			dest->generator = NULL;
-			}
-		}
-
-	if (!BN_copy(&dest->order, &src->order)) return 0;
-	if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0;
-
-	dest->curve_name = src->curve_name;
-	dest->asn1_flag  = src->asn1_flag;
-	dest->asn1_form  = src->asn1_form;
-
-	if (src->seed)
-		{
-		if (dest->seed)
-			OPENSSL_free(dest->seed);
-		dest->seed = OPENSSL_malloc(src->seed_len);
-		if (dest->seed == NULL)
-			return 0;
-		if (!memcpy(dest->seed, src->seed, src->seed_len))
-			return 0;
-		dest->seed_len = src->seed_len;
-		}
-	else
-		{
-		if (dest->seed)
-			OPENSSL_free(dest->seed);
-		dest->seed = NULL;
-		dest->seed_len = 0;
-		}
-	
-
-	return dest->meth->group_copy(dest, src);
-	}
-
-
-EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
-	{
-	EC_GROUP *t = NULL;
-	int ok = 0;
-
-	if (a == NULL) return NULL;
-
-	if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL);
-	if (!EC_GROUP_copy(t, a)) goto err;
-
-	ok = 1;
-
-  err:	
-	if (!ok)
-		{
-		if (t) EC_GROUP_free(t);
-		return NULL;
-		}
-	else return t;
-	}
-
-
-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
-	{
-	return group->meth;
-	}
-
-
-int EC_METHOD_get_field_type(const EC_METHOD *meth)
-        {
-        return meth->field_type;
-        }
-
-
-int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor)
-	{
-	if (generator == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
-		return 0   ;
-		}
-
-	if (group->generator == NULL)
-		{
-		group->generator = EC_POINT_new(group);
-		if (group->generator == NULL) return 0;
-		}
-	if (!EC_POINT_copy(group->generator, generator)) return 0;
-
-	if (order != NULL)
-		{ if (!BN_copy(&group->order, order)) return 0; }	
-	else
-		BN_zero(&group->order);
-
-	if (cofactor != NULL)
-		{ if (!BN_copy(&group->cofactor, cofactor)) return 0; }	
-	else
-		BN_zero(&group->cofactor);
-
-	return 1;
-	}
-
-
-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
-	{
-	return group->generator;
-	}
-
-
-int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
-	{
-	if (!BN_copy(order, &group->order))
-		return 0;
-
-	return !BN_is_zero(order);
-	}
-
-
-int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
-	{
-	if (!BN_copy(cofactor, &group->cofactor))
-		return 0;
-
-	return !BN_is_zero(&group->cofactor);
-	}
-
-
-void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
-	{
-	group->curve_name = nid;
-	}
-
-
-int EC_GROUP_get_curve_name(const EC_GROUP *group)
-	{
-	return group->curve_name;
-	}
-
-
-void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
-	{
-	group->asn1_flag = flag;
-	}
-
-
-int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
-	{
-	return group->asn1_flag;
-	}
-
-
-void EC_GROUP_set_point_conversion_form(EC_GROUP *group, 
-                                        point_conversion_form_t form)
-	{
-	group->asn1_form = form;
-	}
-
-
-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group)
-	{
-	return group->asn1_form;
-	}
-
-
-size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
-	{
-	if (group->seed)
-		{
-		OPENSSL_free(group->seed);
-		group->seed = NULL;
-		group->seed_len = 0;
-		}
-
-	if (!len || !p)
-		return 1;
-
-	if ((group->seed = OPENSSL_malloc(len)) == NULL)
-		return 0;
-	memcpy(group->seed, p, len);
-	group->seed_len = len;
-
-	return len;
-	}
-
-
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
-	{
-	return group->seed;
-	}
-
-
-size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
-	{
-	return group->seed_len;
-	}
-
-
-int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	if (group->meth->group_set_curve == 0)
-		{
-		ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_set_curve(group, p, a, b, ctx);
-	}
-
-
-int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-	{
-	if (group->meth->group_get_curve == 0)
-		{
-		ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_get_curve(group, p, a, b, ctx);
-	}
-
-#ifndef OPENSSL_NO_EC2M
-int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	if (group->meth->group_set_curve == 0)
-		{
-		ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_set_curve(group, p, a, b, ctx);
-	}
-
-
-int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-	{
-	if (group->meth->group_get_curve == 0)
-		{
-		ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_get_curve(group, p, a, b, ctx);
-	}
-#endif
-
-int EC_GROUP_get_degree(const EC_GROUP *group)
-	{
-	if (group->meth->group_get_degree == 0)
-		{
-		ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_get_degree(group);
-	}
-
-
-int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
-	{
-	if (group->meth->group_check_discriminant == 0)
-		{
-		ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_check_discriminant(group, ctx);
-	}
-
-
-int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
-	{
-	int    r = 0;
-	BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
-	BN_CTX *ctx_new = NULL;
-
-	/* compare the field types*/
-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
-	    EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
-		return 1;
-	/* compare the curve name (if present in both) */
-	if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
-	    EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
-		return 1;
-
-	if (!ctx)
-		ctx_new = ctx = BN_CTX_new();
-	if (!ctx)
-		return -1;
-	
-	BN_CTX_start(ctx);
-	a1 = BN_CTX_get(ctx);
-	a2 = BN_CTX_get(ctx);
-	a3 = BN_CTX_get(ctx);
-	b1 = BN_CTX_get(ctx);
-	b2 = BN_CTX_get(ctx);
-	b3 = BN_CTX_get(ctx);
-	if (!b3)
-		{
-		BN_CTX_end(ctx);
-		if (ctx_new)
-			BN_CTX_free(ctx);
-		return -1;
-		}
-
-	/* XXX This approach assumes that the external representation
-	 * of curves over the same field type is the same.
-	 */
-	if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
-	    !b->meth->group_get_curve(b, b1, b2, b3, ctx))
-		r = 1;
-
-	if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
-		r = 1;
-
-	/* XXX EC_POINT_cmp() assumes that the methods are equal */
-	if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
-	    EC_GROUP_get0_generator(b), ctx))
-		r = 1;
-
-	if (!r)
-		{
-		/* compare the order and cofactor */
-		if (!EC_GROUP_get_order(a, a1, ctx) ||
-		    !EC_GROUP_get_order(b, b1, ctx) ||
-		    !EC_GROUP_get_cofactor(a, a2, ctx) ||
-		    !EC_GROUP_get_cofactor(b, b2, ctx))
-			{
-			BN_CTX_end(ctx);
-			if (ctx_new)
-				BN_CTX_free(ctx);
-			return -1;
-			}
-		if (BN_cmp(a1, b1) || BN_cmp(a2, b2))
-			r = 1;
-		}
-
-	BN_CTX_end(ctx);
-	if (ctx_new)
-		BN_CTX_free(ctx);
-
-	return r;
-	}
-
-
-/* this has 'package' visibility */
-int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-	{
-	EC_EXTRA_DATA *d;
-
-	if (ex_data == NULL)
-		return 0;
-
-	for (d = *ex_data; d != NULL; d = d->next)
-		{
-		if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)
-			{
-			ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
-			return 0;
-			}
-		}
-
-	if (data == NULL)
-		/* no explicit entry needed */
-		return 1;
-
-	d = OPENSSL_malloc(sizeof *d);
-	if (d == NULL)
-		return 0;
-
-	d->data = data;
-	d->dup_func = dup_func;
-	d->free_func = free_func;
-	d->clear_free_func = clear_free_func;
-
-	d->next = *ex_data;
-	*ex_data = d;
-
-	return 1;
-	}
-
-/* this has 'package' visibility */
-void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-	{
-	const EC_EXTRA_DATA *d;
-
-	for (d = ex_data; d != NULL; d = d->next)
-		{
-		if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)
-			return d->data;
-		}
-	
-	return NULL;
-	}
-
-/* this has 'package' visibility */
-void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-	{
-	EC_EXTRA_DATA **p;
-
-	if (ex_data == NULL)
-		return;
-
-	for (p = ex_data; *p != NULL; p = &((*p)->next))
-		{
-		if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func)
-			{
-			EC_EXTRA_DATA *next = (*p)->next;
-
-			(*p)->free_func((*p)->data);
-			OPENSSL_free(*p);
-			
-			*p = next;
-			return;
-			}
-		}
-	}
-
-/* this has 'package' visibility */
-void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-	{
-	EC_EXTRA_DATA **p;
-
-	if (ex_data == NULL)
-		return;
-
-	for (p = ex_data; *p != NULL; p = &((*p)->next))
-		{
-		if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func)
-			{
-			EC_EXTRA_DATA *next = (*p)->next;
-
-			(*p)->clear_free_func((*p)->data);
-			OPENSSL_free(*p);
-			
-			*p = next;
-			return;
-			}
-		}
-	}
-
-/* this has 'package' visibility */
-void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data)
-	{
-	EC_EXTRA_DATA *d;
-
-	if (ex_data == NULL)
-		return;
-
-	d = *ex_data;
-	while (d)
-		{
-		EC_EXTRA_DATA *next = d->next;
-		
-		d->free_func(d->data);
-		OPENSSL_free(d);
-		
-		d = next;
-		}
-	*ex_data = NULL;
-	}
-
-/* this has 'package' visibility */
-void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data)
-	{
-	EC_EXTRA_DATA *d;
-
-	if (ex_data == NULL)
-		return;
-
-	d = *ex_data;
-	while (d)
-		{
-		EC_EXTRA_DATA *next = d->next;
-		
-		d->clear_free_func(d->data);
-		OPENSSL_free(d);
-		
-		d = next;
-		}
-	*ex_data = NULL;
-	}
-
-
-/* functions for EC_POINT objects */
-
-EC_POINT *EC_POINT_new(const EC_GROUP *group)
-	{
-	EC_POINT *ret;
-
-	if (group == NULL)
-		{
-		ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (group->meth->point_init == 0)
-		{
-		ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return NULL;
-		}
-
-	ret = OPENSSL_malloc(sizeof *ret);
-	if (ret == NULL)
-		{
-		ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	ret->meth = group->meth;
-	
-	if (!ret->meth->point_init(ret))
-		{
-		OPENSSL_free(ret);
-		return NULL;
-		}
-	
-	return ret;
-	}
-
-
-void EC_POINT_free(EC_POINT *point)
-	{
-	if (!point) return;
-
-	if (point->meth->point_finish != 0)
-		point->meth->point_finish(point);
-	OPENSSL_free(point);
-	}
- 
-
-void EC_POINT_clear_free(EC_POINT *point)
-	{
-	if (!point) return;
-
-	if (point->meth->point_clear_finish != 0)
-		point->meth->point_clear_finish(point);
-	else if (point->meth->point_finish != 0)
-		point->meth->point_finish(point);
-	OPENSSL_cleanse(point, sizeof *point);
-	OPENSSL_free(point);
-	}
-
-
-int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
-	{
-	if (dest->meth->point_copy == 0)
-		{
-		ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (dest->meth != src->meth)
-		{
-		ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	if (dest == src)
-		return 1;
-	return dest->meth->point_copy(dest, src);
-	}
-
-
-EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
-	{
-	EC_POINT *t;
-	int r;
-
-	if (a == NULL) return NULL;
-
-	t = EC_POINT_new(group);
-	if (t == NULL) return(NULL);
-	r = EC_POINT_copy(t, a);
-	if (!r)
-		{
-		EC_POINT_free(t);
-		return NULL;
-		}
-	else return t;
-	}
-
-
-const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
-	{
-	return point->meth;
-	}
-
-
-int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
-	{
-	if (group->meth->point_set_to_infinity == 0)
-		{
-		ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_set_to_infinity(group, point);
-	}
-
-
-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
-	{
-	if (group->meth->point_set_Jprojective_coordinates_GFp == 0)
-		{
-		ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
-	}
-
-
-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
-	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
-	{
-	if (group->meth->point_get_Jprojective_coordinates_GFp == 0)
-		{
-		ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
-	}
-
-
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-	{
-	if (group->meth->point_set_affine_coordinates == 0)
-		{
-		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
-	}
-
-#ifndef OPENSSL_NO_EC2M
-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-	{
-	if (group->meth->point_set_affine_coordinates == 0)
-		{
-		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
-	}
-#endif
-
-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
-	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-	{
-	if (group->meth->point_get_affine_coordinates == 0)
-		{
-		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
-	}
-
-#ifndef OPENSSL_NO_EC2M
-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point,
-	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-	{
-	if (group->meth->point_get_affine_coordinates == 0)
-		{
-		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
-	}
-#endif
-
-int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-	{
-	if (group->meth->add == 0)
-		{
-		ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth))
-		{
-		ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->add(group, r, a, b, ctx);
-	}
-
-
-int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
-	{
-	if (group->meth->dbl == 0)
-		{
-		ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if ((group->meth != r->meth) || (r->meth != a->meth))
-		{
-		ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->dbl(group, r, a, ctx);
-	}
-
-
-int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
-	{
-	if (group->meth->invert == 0)
-		{
-		ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != a->meth)
-		{
-		ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->invert(group, a, ctx);
-	}
-
-
-int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
-	{
-	if (group->meth->is_at_infinity == 0)
-		{
-		ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->is_at_infinity(group, point);
-	}
-
-
-int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
-	{
-	if (group->meth->is_on_curve == 0)
-		{
-		ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->is_on_curve(group, point, ctx);
-	}
-
-
-int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-	{
-	if (group->meth->point_cmp == 0)
-		{
-		ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return -1;
-		}
-	if ((group->meth != a->meth) || (a->meth != b->meth))
-		{
-		ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
-		return -1;
-		}
-	return group->meth->point_cmp(group, a, b, ctx);
-	}
-
-
-int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-	{
-	if (group->meth->make_affine == 0)
-		{
-		ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->make_affine(group, point, ctx);
-	}
-
-
-int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
-	{
-	size_t i;
-
-	if (group->meth->points_make_affine == 0)
-		{
-		ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	for (i = 0; i < num; i++)
-		{
-		if (group->meth != points[i]->meth)
-			{
-			ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
-			return 0;
-			}
-		}
-	return group->meth->points_make_affine(group, num, points, ctx);
-	}
-
-
-/* Functions for point multiplication.
- *
- * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c;
- * otherwise we dispatch through methods.
- */
-
-int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
-	{
-	if (group->meth->mul == 0)
-		/* use default */
-		return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
-
-	return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
-	}
-
-int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
-	const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
-	{
-	/* just a convenient interface to EC_POINTs_mul() */
-
-	const EC_POINT *points[1];
-	const BIGNUM *scalars[1];
-
-	points[0] = point;
-	scalars[0] = p_scalar;
-
-	return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx);
-	}
-
-int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
-	{
-	if (group->meth->mul == 0)
-		/* use default */
-		return ec_wNAF_precompute_mult(group, ctx);
-
-	if (group->meth->precompute_mult != 0)
-		return group->meth->precompute_mult(group, ctx);
-	else
-		return 1; /* nothing to do, so report success */
-	}
-
-int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
-	{
-	if (group->meth->mul == 0)
-		/* use default */
-		return ec_wNAF_have_precompute_mult(group);
-
-	if (group->meth->have_precompute_mult != 0)
-		return group->meth->have_precompute_mult(group);
-	else
-		return 0; /* cannot tell whether precomputation has been performed */
-	}
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
deleted file mode 100644
index e81200b255..0000000000
--- a/crypto/ec/ec_mult.c
+++ /dev/null
@@ -1,941 +0,0 @@
-/* crypto/ec/ec_mult.c */
-/*
- * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
-#include <string.h>
-
-#include <openssl/err.h>
-
-#include "ec_lcl.h"
-
-
-/*
- * This file implements the wNAF-based interleaving multi-exponentation method
- * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>);
- * for multiplication with precomputation, we use wNAF splitting
- * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>).
- */
-
-
-
-
-/* structure for precomputed multiples of the generator */
-typedef struct ec_pre_comp_st {
-	const EC_GROUP *group; /* parent EC_GROUP object */
-	size_t blocksize;      /* block size for wNAF splitting */
-	size_t numblocks;      /* max. number of blocks for which we have precomputation */
-	size_t w;              /* window size */
-	EC_POINT **points;     /* array with pre-calculated multiples of generator:
-	                        * 'num' pointers to EC_POINT objects followed by a NULL */
-	size_t num;            /* numblocks * 2^(w-1) */
-	int references;
-} EC_PRE_COMP;
- 
-/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */
-static void *ec_pre_comp_dup(void *);
-static void ec_pre_comp_free(void *);
-static void ec_pre_comp_clear_free(void *);
-
-static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
-	{
-	EC_PRE_COMP *ret = NULL;
-
-	if (!group)
-		return NULL;
-
-	ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP));
-	if (!ret)
-		{
-		ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
-		return ret;
-		}
-	ret->group = group;
-	ret->blocksize = 8; /* default */
-	ret->numblocks = 0;
-	ret->w = 4; /* default */
-	ret->points = NULL;
-	ret->num = 0;
-	ret->references = 1;
-	return ret;
-	}
-
-static void *ec_pre_comp_dup(void *src_)
-	{
-	EC_PRE_COMP *src = src_;
-
-	/* no need to actually copy, these objects never change! */
-
-	CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
-
-	return src_;
-	}
-
-static void ec_pre_comp_free(void *pre_)
-	{
-	int i;
-	EC_PRE_COMP *pre = pre_;
-
-	if (!pre)
-		return;
-
-	i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
-	if (i > 0)
-		return;
-
-	if (pre->points)
-		{
-		EC_POINT **p;
-
-		for (p = pre->points; *p != NULL; p++)
-			EC_POINT_free(*p);
-		OPENSSL_free(pre->points);
-		}
-	OPENSSL_free(pre);
-	}
-
-static void ec_pre_comp_clear_free(void *pre_)
-	{
-	int i;
-	EC_PRE_COMP *pre = pre_;
-
-	if (!pre)
-		return;
-
-	i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
-	if (i > 0)
-		return;
-
-	if (pre->points)
-		{
-		EC_POINT **p;
-
-		for (p = pre->points; *p != NULL; p++)
-			{
-			EC_POINT_clear_free(*p);
-			OPENSSL_cleanse(p, sizeof *p);
-			}
-		OPENSSL_free(pre->points);
-		}
-	OPENSSL_cleanse(pre, sizeof *pre);
-	OPENSSL_free(pre);
-	}
-
-
-
-
-/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
- * This is an array  r[]  of values that are either zero or odd with an
- * absolute value less than  2^w  satisfying
- *     scalar = \sum_j r[j]*2^j
- * where at most one of any  w+1  consecutive digits is non-zero
- * with the exception that the most significant digit may be only
- * w-1 zeros away from that next non-zero digit.
- */
-static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
-	{
-	int window_val;
-	int ok = 0;
-	signed char *r = NULL;
-	int sign = 1;
-	int bit, next_bit, mask;
-	size_t len = 0, j;
-	
-	if (BN_is_zero(scalar))
-		{
-		r = OPENSSL_malloc(1);
-		if (!r)
-			{
-			ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		r[0] = 0;
-		*ret_len = 1;
-		return r;
-		}
-		
-	if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */
-		{
-		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-	bit = 1 << w; /* at most 128 */
-	next_bit = bit << 1; /* at most 256 */
-	mask = next_bit - 1; /* at most 255 */
-
-	if (BN_is_negative(scalar))
-		{
-		sign = -1;
-		}
-
-	if (scalar->d == NULL || scalar->top == 0)
-		{
-		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-
-	len = BN_num_bits(scalar);
-	r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation
-	                              * (*ret_len will be set to the actual length, i.e. at most
-	                              * BN_num_bits(scalar) + 1) */
-	if (r == NULL)
-		{
-		ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	window_val = scalar->d[0] & mask;
-	j = 0;
-	while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */
-		{
-		int digit = 0;
-
-		/* 0 <= window_val <= 2^(w+1) */
-
-		if (window_val & 1)
-			{
-			/* 0 < window_val < 2^(w+1) */
-
-			if (window_val & bit)
-				{
-				digit = window_val - next_bit; /* -2^w < digit < 0 */
-
-#if 1 /* modified wNAF */
-				if (j + w + 1 >= len)
-					{
-					/* special case for generating modified wNAFs:
-					 * no new bits will be added into window_val,
-					 * so using a positive digit here will decrease
-					 * the total length of the representation */
-					
-					digit = window_val & (mask >> 1); /* 0 < digit < 2^w */
-					}
-#endif
-				}
-			else
-				{
-				digit = window_val; /* 0 < digit < 2^w */
-				}
-			
-			if (digit <= -bit || digit >= bit || !(digit & 1))
-				{
-				ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-
-			window_val -= digit;
-
-			/* now window_val is 0 or 2^(w+1) in standard wNAF generation;
-			 * for modified window NAFs, it may also be 2^w
-			 */
-			if (window_val != 0 && window_val != next_bit && window_val != bit)
-				{
-				ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			}
-
-		r[j++] = sign * digit;
-
-		window_val >>= 1;
-		window_val += bit * BN_is_bit_set(scalar, j + w);
-
-		if (window_val > next_bit)
-			{
-			ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		}
-
-	if (j > len + 1)
-		{
-		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-	len = j;
-	ok = 1;
-
- err:
-	if (!ok)
-		{
-		OPENSSL_free(r);
-		r = NULL;
-		}
-	if (ok)
-		*ret_len = len;
-	return r;
-	}
-
-
-/* TODO: table should be optimised for the wNAF-based implementation,
- *       sometimes smaller windows will give better performance
- *       (thus the boundaries should be increased)
- */
-#define EC_window_bits_for_scalar_size(b) \
-		((size_t) \
-		 ((b) >= 2000 ? 6 : \
-		  (b) >=  800 ? 5 : \
-		  (b) >=  300 ? 4 : \
-		  (b) >=   70 ? 3 : \
-		  (b) >=   20 ? 2 : \
-		  1))
-
-/* Compute
- *      \sum scalars[i]*points[i],
- * also including
- *      scalar*generator
- * in the addition if scalar != NULL
- */
-int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	const EC_POINT *generator = NULL;
-	EC_POINT *tmp = NULL;
-	size_t totalnum;
-	size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */
-	size_t pre_points_per_block = 0;
-	size_t i, j;
-	int k;
-	int r_is_inverted = 0;
-	int r_is_at_infinity = 1;
-	size_t *wsize = NULL; /* individual window sizes */
-	signed char **wNAF = NULL; /* individual wNAFs */
-	size_t *wNAF_len = NULL;
-	size_t max_len = 0;
-	size_t num_val;
-	EC_POINT **val = NULL; /* precomputation */
-	EC_POINT **v;
-	EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */
-	const EC_PRE_COMP *pre_comp = NULL;
-	int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars,
-	                     * i.e. precomputation is not available */
-	int ret = 0;
-	
-	if (group->meth != r->meth)
-		{
-		ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-
-	if ((scalar == NULL) && (num == 0))
-		{
-		return EC_POINT_set_to_infinity(group, r);
-		}
-
-	for (i = 0; i < num; i++)
-		{
-		if (group->meth != points[i]->meth)
-			{
-			ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-			return 0;
-			}
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			goto err;
-		}
-
-	if (scalar != NULL)
-		{
-		generator = EC_GROUP_get0_generator(group);
-		if (generator == NULL)
-			{
-			ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);
-			goto err;
-			}
-		
-		/* look if we can use precomputed multiples of generator */
-
-		pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);
-
-		if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0))
-			{
-			blocksize = pre_comp->blocksize;
-
-			/* determine maximum number of blocks that wNAF splitting may yield
-			 * (NB: maximum wNAF length is bit length plus one) */
-			numblocks = (BN_num_bits(scalar) / blocksize) + 1;
-
-			/* we cannot use more blocks than we have precomputation for */
-			if (numblocks > pre_comp->numblocks)
-				numblocks = pre_comp->numblocks;
-
-			pre_points_per_block = (size_t)1 << (pre_comp->w - 1);
-
-			/* check that pre_comp looks sane */
-			if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block))
-				{
-				ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			}
-		else
-			{
-			/* can't use precomputation */
-			pre_comp = NULL;
-			numblocks = 1;
-			num_scalar = 1; /* treat 'scalar' like 'num'-th element of 'scalars' */
-			}
-		}
-	
-	totalnum = num + numblocks;
-
-	wsize    = OPENSSL_malloc(totalnum * sizeof wsize[0]);
-	wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
-	wNAF     = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */
-	val_sub  = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
-
-	/* Ensure wNAF is initialised in case we end up going to err */
-	if (wNAF) wNAF[0] = NULL;	/* preliminary pivot */
-
-	if (!wsize || !wNAF_len || !wNAF || !val_sub)
-		{
-		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	/* num_val will be the total number of temporarily precomputed points */
-	num_val = 0;
-
-	for (i = 0; i < num + num_scalar; i++)
-		{
-		size_t bits;
-
-		bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
-		wsize[i] = EC_window_bits_for_scalar_size(bits);
-		num_val += (size_t)1 << (wsize[i] - 1);
-		wNAF[i + 1] = NULL; /* make sure we always have a pivot */
-		wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]);
-		if (wNAF[i] == NULL)
-			goto err;
-		if (wNAF_len[i] > max_len)
-			max_len = wNAF_len[i];
-		}
-
-	if (numblocks)
-		{
-		/* we go here iff scalar != NULL */
-		
-		if (pre_comp == NULL)
-			{
-			if (num_scalar != 1)
-				{
-				ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			/* we have already generated a wNAF for 'scalar' */
-			}
-		else
-			{
-			signed char *tmp_wNAF = NULL;
-			size_t tmp_len = 0;
-			
-			if (num_scalar != 0)
-				{
-				ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-
-			/* use the window size for which we have precomputation */
-			wsize[num] = pre_comp->w;
-			tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len);
-			if (!tmp_wNAF)
-				goto err;
-
-			if (tmp_len <= max_len)
-				{
-				/* One of the other wNAFs is at least as long
-				 * as the wNAF belonging to the generator,
-				 * so wNAF splitting will not buy us anything. */
-
-				numblocks = 1;
-				totalnum = num + 1; /* don't use wNAF splitting */
-				wNAF[num] = tmp_wNAF;
-				wNAF[num + 1] = NULL;
-				wNAF_len[num] = tmp_len;
-				if (tmp_len > max_len)
-					max_len = tmp_len;
-				/* pre_comp->points starts with the points that we need here: */
-				val_sub[num] = pre_comp->points;
-				}
-			else
-				{
-				/* don't include tmp_wNAF directly into wNAF array
-				 * - use wNAF splitting and include the blocks */
-
-				signed char *pp;
-				EC_POINT **tmp_points;
-				
-				if (tmp_len < numblocks * blocksize)
-					{
-					/* possibly we can do with fewer blocks than estimated */
-					numblocks = (tmp_len + blocksize - 1) / blocksize;
-					if (numblocks > pre_comp->numblocks)
-						{
-						ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-						goto err;
-						}
-					totalnum = num + numblocks;
-					}
-				
-				/* split wNAF in 'numblocks' parts */
-				pp = tmp_wNAF;
-				tmp_points = pre_comp->points;
-
-				for (i = num; i < totalnum; i++)
-					{
-					if (i < totalnum - 1)
-						{
-						wNAF_len[i] = blocksize;
-						if (tmp_len < blocksize)
-							{
-							ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-							goto err;
-							}
-						tmp_len -= blocksize;
-						}
-					else
-						/* last block gets whatever is left
-						 * (this could be more or less than 'blocksize'!) */
-						wNAF_len[i] = tmp_len;
-					
-					wNAF[i + 1] = NULL;
-					wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
-					if (wNAF[i] == NULL)
-						{
-						ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
-						OPENSSL_free(tmp_wNAF);
-						goto err;
-						}
-					memcpy(wNAF[i], pp, wNAF_len[i]);
-					if (wNAF_len[i] > max_len)
-						max_len = wNAF_len[i];
-
-					if (*tmp_points == NULL)
-						{
-						ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-						OPENSSL_free(tmp_wNAF);
-						goto err;
-						}
-					val_sub[i] = tmp_points;
-					tmp_points += pre_points_per_block;
-					pp += blocksize;
-					}
-				OPENSSL_free(tmp_wNAF);
-				}
-			}
-		}
-
-	/* All points we precompute now go into a single array 'val'.
-	 * 'val_sub[i]' is a pointer to the subarray for the i-th point,
-	 * or to a subarray of 'pre_comp->points' if we already have precomputation. */
-	val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
-	if (val == NULL)
-		{
-		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	val[num_val] = NULL; /* pivot element */
-
-	/* allocate points for precomputation */
-	v = val;
-	for (i = 0; i < num + num_scalar; i++)
-		{
-		val_sub[i] = v;
-		for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++)
-			{
-			*v = EC_POINT_new(group);
-			if (*v == NULL) goto err;
-			v++;
-			}
-		}
-	if (!(v == val + num_val))
-		{
-		ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-
-	if (!(tmp = EC_POINT_new(group)))
-		goto err;
-
-	/* prepare precomputed values:
-	 *    val_sub[i][0] :=     points[i]
-	 *    val_sub[i][1] := 3 * points[i]
-	 *    val_sub[i][2] := 5 * points[i]
-	 *    ...
-	 */
-	for (i = 0; i < num + num_scalar; i++)
-		{
-		if (i < num)
-			{
-			if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err;
-			}
-		else
-			{
-			if (!EC_POINT_copy(val_sub[i][0], generator)) goto err;
-			}
-
-		if (wsize[i] > 1)
-			{
-			if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err;
-			for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++)
-				{
-				if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;
-				}
-			}
-		}
-
-#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */
-	if (!EC_POINTs_make_affine(group, num_val, val, ctx))
-		goto err;
-#endif
-
-	r_is_at_infinity = 1;
-
-	for (k = max_len - 1; k >= 0; k--)
-		{
-		if (!r_is_at_infinity)
-			{
-			if (!EC_POINT_dbl(group, r, r, ctx)) goto err;
-			}
-		
-		for (i = 0; i < totalnum; i++)
-			{
-			if (wNAF_len[i] > (size_t)k)
-				{
-				int digit = wNAF[i][k];
-				int is_neg;
-
-				if (digit) 
-					{
-					is_neg = digit < 0;
-
-					if (is_neg)
-						digit = -digit;
-
-					if (is_neg != r_is_inverted)
-						{
-						if (!r_is_at_infinity)
-							{
-							if (!EC_POINT_invert(group, r, ctx)) goto err;
-							}
-						r_is_inverted = !r_is_inverted;
-						}
-
-					/* digit > 0 */
-
-					if (r_is_at_infinity)
-						{
-						if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err;
-						r_is_at_infinity = 0;
-						}
-					else
-						{
-						if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err;
-						}
-					}
-				}
-			}
-		}
-
-	if (r_is_at_infinity)
-		{
-		if (!EC_POINT_set_to_infinity(group, r)) goto err;
-		}
-	else
-		{
-		if (r_is_inverted)
-			if (!EC_POINT_invert(group, r, ctx)) goto err;
-		}
-	
-	ret = 1;
-
- err:
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	if (tmp != NULL)
-		EC_POINT_free(tmp);
-	if (wsize != NULL)
-		OPENSSL_free(wsize);
-	if (wNAF_len != NULL)
-		OPENSSL_free(wNAF_len);
-	if (wNAF != NULL)
-		{
-		signed char **w;
-		
-		for (w = wNAF; *w != NULL; w++)
-			OPENSSL_free(*w);
-		
-		OPENSSL_free(wNAF);
-		}
-	if (val != NULL)
-		{
-		for (v = val; *v != NULL; v++)
-			EC_POINT_clear_free(*v);
-
-		OPENSSL_free(val);
-		}
-	if (val_sub != NULL)
-		{
-		OPENSSL_free(val_sub);
-		}
-	return ret;
-	}
-
-
-/* ec_wNAF_precompute_mult()
- * creates an EC_PRE_COMP object with preprecomputed multiples of the generator
- * for use with wNAF splitting as implemented in ec_wNAF_mul().
- * 
- * 'pre_comp->points' is an array of multiples of the generator
- * of the following form:
- * points[0] =     generator;
- * points[1] = 3 * generator;
- * ...
- * points[2^(w-1)-1] =     (2^(w-1)-1) * generator;
- * points[2^(w-1)]   =     2^blocksize * generator;
- * points[2^(w-1)+1] = 3 * 2^blocksize * generator;
- * ...
- * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) *  2^(blocksize*(numblocks-2)) * generator
- * points[2^(w-1)*(numblocks-1)]   =              2^(blocksize*(numblocks-1)) * generator
- * ...
- * points[2^(w-1)*numblocks-1]     = (2^(w-1)) *  2^(blocksize*(numblocks-1)) * generator
- * points[2^(w-1)*numblocks]       = NULL
- */
-int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
-	{
-	const EC_POINT *generator;
-	EC_POINT *tmp_point = NULL, *base = NULL, **var;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *order;
-	size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num;
-	EC_POINT **points = NULL;
-	EC_PRE_COMP *pre_comp;
-	int ret = 0;
-
-	/* if there is an old EC_PRE_COMP object, throw it away */
-	EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);
-
-	if ((pre_comp = ec_pre_comp_new(group)) == NULL)
-		return 0;
-
-	generator = EC_GROUP_get0_generator(group);
-	if (generator == NULL)
-		{
-		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
-		goto err;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			goto err;
-		}
-	
-	BN_CTX_start(ctx);
-	order = BN_CTX_get(ctx);
-	if (order == NULL) goto err;
-	
-	if (!EC_GROUP_get_order(group, order, ctx)) goto err;		
-	if (BN_is_zero(order))
-		{
-		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
-		goto err;
-		}
-
-	bits = BN_num_bits(order);
-	/* The following parameters mean we precompute (approximately)
-	 * one point per bit.
-	 *
-	 * TBD: The combination  8, 4  is perfect for 160 bits; for other
-	 * bit lengths, other parameter combinations might provide better
-	 * efficiency.
-	 */
-	blocksize = 8;
-	w = 4;
-	if (EC_window_bits_for_scalar_size(bits) > w)
-		{
-		/* let's not make the window too small ... */
-		w = EC_window_bits_for_scalar_size(bits);
-		}
-
-	numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */
-	
-	pre_points_per_block = (size_t)1 << (w - 1);
-	num = pre_points_per_block * numblocks; /* number of points to compute and store */
-
-	points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1));
-	if (!points)
-		{
-		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	var = points;
-	var[num] = NULL; /* pivot */
-	for (i = 0; i < num; i++)
-		{
-		if ((var[i] = EC_POINT_new(group)) == NULL)
-			{
-			ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-
-	if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group)))
-		{
-		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}	
-	
-	if (!EC_POINT_copy(base, generator))
-		goto err;
-	
-	/* do the precomputation */
-	for (i = 0; i < numblocks; i++)
-		{
-		size_t j;
-
-		if (!EC_POINT_dbl(group, tmp_point, base, ctx))
-			goto err;
-
-		if (!EC_POINT_copy(*var++, base))
-			goto err;
-
-		for (j = 1; j < pre_points_per_block; j++, var++)
-			{
-			/* calculate odd multiples of the current base point */
-			if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx))
-				goto err;
-			}
-
-		if (i < numblocks - 1)
-			{
-			/* get the next base (multiply current one by 2^blocksize) */
-			size_t k;
-
-			if (blocksize <= 2)
-				{
-				ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}				
-
-			if (!EC_POINT_dbl(group, base, tmp_point, ctx))
-				goto err;
-			for (k = 2; k < blocksize; k++)
-				{
-				if (!EC_POINT_dbl(group,base,base,ctx))
-					goto err;
-				}
-			}
- 		}
-
-	if (!EC_POINTs_make_affine(group, num, points, ctx))
-		goto err;
-	
-	pre_comp->group = group;
-	pre_comp->blocksize = blocksize;
-	pre_comp->numblocks = numblocks;
-	pre_comp->w = w;
-	pre_comp->points = points;
-	points = NULL;
-	pre_comp->num = num;
-
-	if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp,
-		ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free))
-		goto err;
-	pre_comp = NULL;
-
-	ret = 1;
- err:
-	if (ctx != NULL)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	if (pre_comp)
-		ec_pre_comp_free(pre_comp);
-	if (points)
-		{
-		EC_POINT **p;
-
-		for (p = points; *p != NULL; p++)
-			EC_POINT_free(*p);
-		OPENSSL_free(points);
-		}
-	if (tmp_point)
-		EC_POINT_free(tmp_point);
-	if (base)
-		EC_POINT_free(base);
-	return ret;
-	}
-
-
-int ec_wNAF_have_precompute_mult(const EC_GROUP *group)
-	{
-	if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL)
-		return 1;
-	else
-		return 0;
-	}
diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c
deleted file mode 100644
index fd9db0798d..0000000000
--- a/crypto/ec/ec_oct.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/* crypto/ec/ec_lib.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <string.h>
-
-#include <openssl/err.h>
-#include <openssl/opensslv.h>
-
-#include "ec_lcl.h"
-
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, int y_bit, BN_CTX *ctx)
-	{
-	if (group->meth->point_set_compressed_coordinates == 0
-		&& !(group->meth->flags & EC_FLAGS_DEFAULT_OCT))
-		{
-		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	if(group->meth->flags & EC_FLAGS_DEFAULT_OCT)
-		{
-		if (group->meth->field_type == NID_X9_62_prime_field)
-			return ec_GFp_simple_set_compressed_coordinates(
-					group, point, x, y_bit, ctx);
-		else
-#ifdef OPENSSL_NO_EC2M
-			{
-			ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_GF2M_NOT_SUPPORTED);
-			return 0;
-			}
-#else
-			return ec_GF2m_simple_set_compressed_coordinates(
-					group, point, x, y_bit, ctx);
-#endif
-		}
-	return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
-	}
-
-#ifndef OPENSSL_NO_EC2M
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, int y_bit, BN_CTX *ctx)
-	{
-	if (group->meth->point_set_compressed_coordinates == 0
-		&& !(group->meth->flags & EC_FLAGS_DEFAULT_OCT))
-		{
-		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	if(group->meth->flags & EC_FLAGS_DEFAULT_OCT)
-		{
-		if (group->meth->field_type == NID_X9_62_prime_field)
-			return ec_GFp_simple_set_compressed_coordinates(
-					group, point, x, y_bit, ctx);
-		else
-			return ec_GF2m_simple_set_compressed_coordinates(
-					group, point, x, y_bit, ctx);
-		}
-	return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
-	}
-#endif
-
-size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
-        unsigned char *buf, size_t len, BN_CTX *ctx)
-	{
-	if (group->meth->point2oct == 0
-		&& !(group->meth->flags & EC_FLAGS_DEFAULT_OCT))
-		{
-		ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	if(group->meth->flags & EC_FLAGS_DEFAULT_OCT)
-		{
-		if (group->meth->field_type == NID_X9_62_prime_field)
-			return ec_GFp_simple_point2oct(group, point,
-							form, buf, len, ctx);
-		else
-#ifdef OPENSSL_NO_EC2M
-			{
-			ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_GF2M_NOT_SUPPORTED);
-			return 0;
-			}
-#else
-			return ec_GF2m_simple_point2oct(group, point,
-							form, buf, len, ctx);
-#endif
-		}
-			
-	return group->meth->point2oct(group, point, form, buf, len, ctx);
-	}
-
-
-int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
-        const unsigned char *buf, size_t len, BN_CTX *ctx)
-	{
-	if (group->meth->oct2point == 0
-		&& !(group->meth->flags & EC_FLAGS_DEFAULT_OCT))
-		{
-		ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	if(group->meth->flags & EC_FLAGS_DEFAULT_OCT)
-		{
-		if (group->meth->field_type == NID_X9_62_prime_field)
-			return ec_GFp_simple_oct2point(group, point,
-							buf, len, ctx);
-		else
-#ifdef OPENSSL_NO_EC2M
-			{
-			ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_GF2M_NOT_SUPPORTED);
-			return 0;
-			}
-#else
-			return ec_GF2m_simple_oct2point(group, point,
-							buf, len, ctx);
-#endif
-		}
-	return group->meth->oct2point(group, point, buf, len, ctx);
-	}
-
diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c
deleted file mode 100644
index b62b532cf8..0000000000
--- a/crypto/ec/ec_pmeth.c
+++ /dev/null
@@ -1,347 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/ec.h>
-#include <openssl/ecdsa.h>
-#include <openssl/evp.h>
-#include "evp_locl.h"
-
-/* EC pkey context structure */
-
-typedef struct
-	{
-	/* Key and paramgen group */
-	EC_GROUP *gen_group;
-	/* message digest */
-	const EVP_MD *md;
-	} EC_PKEY_CTX;
-
-static int pkey_ec_init(EVP_PKEY_CTX *ctx)
-	{
-	EC_PKEY_CTX *dctx;
-	dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX));
-	if (!dctx)
-		return 0;
-	dctx->gen_group = NULL;
-	dctx->md = NULL;
-
-	ctx->data = dctx;
-
-	return 1;
-	}
-
-static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-	{
-	EC_PKEY_CTX *dctx, *sctx;
-	if (!pkey_ec_init(dst))
-		return 0;
-       	sctx = src->data;
-	dctx = dst->data;
-	if (sctx->gen_group)
-		{
-		dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
-		if (!dctx->gen_group)
-			return 0;
-		}
-	dctx->md = sctx->md;
-	return 1;
-	}
-
-static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
-	{
-	EC_PKEY_CTX *dctx = ctx->data;
-	if (dctx)
-		{
-		if (dctx->gen_group)
-			EC_GROUP_free(dctx->gen_group);
-		OPENSSL_free(dctx);
-		}
-	}
-
-static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-					const unsigned char *tbs, size_t tbslen)
-	{
-	int ret, type;
-	unsigned int sltmp;
-	EC_PKEY_CTX *dctx = ctx->data;
-	EC_KEY *ec = ctx->pkey->pkey.ec;
-
-	if (!sig)
-		{
-		*siglen = ECDSA_size(ec);
-		return 1;
-		}
-	else if(*siglen < (size_t)ECDSA_size(ec))
-		{
-		ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
-		return 0;
-		}
-
-	if (dctx->md)
-		type = EVP_MD_type(dctx->md);
-	else
-		type = NID_sha1;
-
-
-	ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
-
-	if (ret <= 0)
-		return ret;
-	*siglen = (size_t)sltmp;
-	return 1;
-	}
-
-static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
-					const unsigned char *sig, size_t siglen,
-					const unsigned char *tbs, size_t tbslen)
-	{
-	int ret, type;
-	EC_PKEY_CTX *dctx = ctx->data;
-	EC_KEY *ec = ctx->pkey->pkey.ec;
-
-	if (dctx->md)
-		type = EVP_MD_type(dctx->md);
-	else
-		type = NID_sha1;
-
-	ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
-
-	return ret;
-	}
-
-#ifndef OPENSSL_NO_ECDH
-static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
-	{
-	int ret;
-	size_t outlen;
-	const EC_POINT *pubkey = NULL;
-	if (!ctx->pkey || !ctx->peerkey)
-		{
-		ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET);
-		return 0;
-		}
-
-	if (!key)
-		{
-		const EC_GROUP *group;
-		group = EC_KEY_get0_group(ctx->pkey->pkey.ec);
-		*keylen = (EC_GROUP_get_degree(group) + 7)/8;
-		return 1;
-		}
-
-	pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
-
-	/* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is
-	 * not an error, the result is truncated.
-	 */
-
-	outlen = *keylen;
-		
-	ret = ECDH_compute_key(key, outlen, pubkey, ctx->pkey->pkey.ec, 0);
-	if (ret < 0)
-		return ret;
-	*keylen = ret;
-	return 1;
-	}
-#endif
-
-static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-	{
-	EC_PKEY_CTX *dctx = ctx->data;
-	EC_GROUP *group;
-	switch (type)
-		{
-		case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
-		group = EC_GROUP_new_by_curve_name(p1);
-		if (group == NULL)
-			{
-			ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE);
-			return 0;
-			}
-		if (dctx->gen_group)
-			EC_GROUP_free(dctx->gen_group);
-		dctx->gen_group = group;
-		return 1;
-
-		case EVP_PKEY_CTRL_MD:
-		if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
-		    EVP_MD_type((const EVP_MD *)p2) != NID_sha512)
-			{
-			ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
-			return 0;
-			}
-		dctx->md = p2;
-		return 1;
-
-		case EVP_PKEY_CTRL_PEER_KEY:
-		/* Default behaviour is OK */
-		case EVP_PKEY_CTRL_DIGESTINIT:
-		case EVP_PKEY_CTRL_PKCS7_SIGN:
-		case EVP_PKEY_CTRL_CMS_SIGN:
-		return 1;
-
-		default:
-		return -2;
-
-		}
-	}
-			
-static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
-			const char *type, const char *value)
-	{
-	if (!strcmp(type, "ec_paramgen_curve"))
-		{
-		int nid;
-		nid = OBJ_sn2nid(value);
-		if (nid == NID_undef)
-			nid = OBJ_ln2nid(value);
-		if (nid == NID_undef)
-			{
-			ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
-			return 0;
-			}
-		return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
-		}
-	return -2;
-	}
-
-static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-	{
-	EC_KEY *ec = NULL;
-	EC_PKEY_CTX *dctx = ctx->data;
-	int ret = 0;
-	if (dctx->gen_group == NULL)
-		{
-		ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET);
-		return 0;
-		}
-	ec = EC_KEY_new();
-	if (!ec)
-		return 0;
-	ret = EC_KEY_set_group(ec, dctx->gen_group);
-	if (ret)
-		EVP_PKEY_assign_EC_KEY(pkey, ec);
-	else
-		EC_KEY_free(ec);
-	return ret;
-	}
-
-static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-	{
-	EC_KEY *ec = NULL;
-	if (ctx->pkey == NULL)
-		{
-		ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
-		return 0;
-		}
-	ec = EC_KEY_new();
-	if (!ec)
-		return 0;
-	EVP_PKEY_assign_EC_KEY(pkey, ec);
-	/* Note: if error return, pkey is freed by parent routine */
-	if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
-		return 0;
-	return EC_KEY_generate_key(pkey->pkey.ec);
-	}
-
-const EVP_PKEY_METHOD ec_pkey_meth = 
-	{
-	EVP_PKEY_EC,
-	0,
-	pkey_ec_init,
-	pkey_ec_copy,
-	pkey_ec_cleanup,
-
-	0,
-	pkey_ec_paramgen,
-
-	0,
-	pkey_ec_keygen,
-
-	0,
-	pkey_ec_sign,
-
-	0,
-	pkey_ec_verify,
-
-	0,0,
-
-	0,0,0,0,
-
-	0,0,
-
-	0,0,
-
-	0,
-#ifndef OPENSSL_NO_ECDH
-	pkey_ec_derive,
-#else
-	0,
-#endif
-
-	pkey_ec_ctrl,
-	pkey_ec_ctrl_str
-
-	};
diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c
deleted file mode 100644
index f7c8a303ac..0000000000
--- a/crypto/ec/ec_print.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/* crypto/ec/ec_print.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/crypto.h>
-#include "ec_lcl.h"
-
-BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, 
-                          const EC_POINT *point, 
-                          point_conversion_form_t form,
-                          BIGNUM *ret,
-                          BN_CTX *ctx)
-	{
-	size_t        buf_len=0;
-	unsigned char *buf;
-
-	buf_len = EC_POINT_point2oct(group, point, form,
-                                     NULL, 0, ctx);
-	if (buf_len == 0)
-		return NULL;
-
-	if ((buf = OPENSSL_malloc(buf_len)) == NULL)
-		return NULL;
-
-	if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx))
-		{
-		OPENSSL_free(buf);
-		return NULL;
-		}
-
-	ret = BN_bin2bn(buf, buf_len, ret);
-
-	OPENSSL_free(buf);
-
-	return ret;
-}
-
-EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
-                            const BIGNUM *bn,
-                            EC_POINT *point, 
-                            BN_CTX *ctx)
-	{
-	size_t        buf_len=0;
-	unsigned char *buf;
-	EC_POINT      *ret;
-
-	if ((buf_len = BN_num_bytes(bn)) == 0) return NULL;
-	buf = OPENSSL_malloc(buf_len);
-	if (buf == NULL)
-		return NULL;
-
-	if (!BN_bn2bin(bn, buf)) 
-		{
-		OPENSSL_free(buf);
-		return NULL;
-		}
-
-	if (point == NULL)
-		{
-		if ((ret = EC_POINT_new(group)) == NULL)
-			{
-			OPENSSL_free(buf);
-			return NULL;
-			}
-		}
-	else
-		ret = point;
-
-	if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx))
-		{
-		if (point == NULL)
-			EC_POINT_clear_free(ret);
-		OPENSSL_free(buf);
-		return NULL;
-		}
-
-	OPENSSL_free(buf);
-	return ret;
-	}
-
-static const char *HEX_DIGITS = "0123456789ABCDEF";
-
-/* the return value must be freed (using OPENSSL_free()) */
-char *EC_POINT_point2hex(const EC_GROUP *group,
-                         const EC_POINT *point,
-                         point_conversion_form_t form,
-                         BN_CTX *ctx)
-	{
-	char          *ret, *p;
-	size_t        buf_len=0,i;
-	unsigned char *buf, *pbuf;
-
-	buf_len = EC_POINT_point2oct(group, point, form,
-                                     NULL, 0, ctx);
-	if (buf_len == 0)
-		return NULL;
-
-	if ((buf = OPENSSL_malloc(buf_len)) == NULL)
-		return NULL;
-
-	if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx))
-		{
-		OPENSSL_free(buf);
-		return NULL;
-		}
-
-	ret = (char *)OPENSSL_malloc(buf_len*2+2);
-	if (ret == NULL)
-		{
-		OPENSSL_free(buf);
-		return NULL;
-		}
-	p = ret;
-	pbuf = buf;
-	for (i=buf_len; i > 0; i--)
-		{
-			int v = (int) *(pbuf++);
-			*(p++)=HEX_DIGITS[v>>4];
-			*(p++)=HEX_DIGITS[v&0x0F];
-		}
-	*p='\0';
-
-	OPENSSL_free(buf);
-
-	return ret;
-	}
-
-EC_POINT *EC_POINT_hex2point(const EC_GROUP *group,
-                             const char *buf,
-                             EC_POINT *point,
-                             BN_CTX *ctx)
-	{
-	EC_POINT *ret=NULL;
-	BIGNUM   *tmp_bn=NULL;
-
-	if (!BN_hex2bn(&tmp_bn, buf))
-		return NULL;
-
-	ret = EC_POINT_bn2point(group, tmp_bn, point, ctx);
-
-	BN_clear_free(tmp_bn);
-
-	return ret;
-	}
diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c
deleted file mode 100644
index 06de8f3959..0000000000
--- a/crypto/ec/eck_prn.c
+++ /dev/null
@@ -1,392 +0,0 @@
-/* crypto/ec/eck_prn.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions originally developed by SUN MICROSYSTEMS, INC., and 
- * contributed to the OpenSSL project.
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/ec.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_FP_API
-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
-		}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = ECPKParameters_print(b, x, off);
-	BIO_free(b);
-	return(ret);
-	}
-
-int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
-	{
-	BIO *b;
-	int ret;
- 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
-		return(0);
-		}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = EC_KEY_print(b, x, off);
-	BIO_free(b);
-	return(ret);
-	}
-
-int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
-	{
-	BIO *b;
-	int ret;
- 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
-		return(0);
-		}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = ECParameters_print(b, x);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
-
-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
-	{
-	EVP_PKEY *pk;
-	int ret;
-	pk = EVP_PKEY_new();
-	if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x))
-		return 0;
-	ret = EVP_PKEY_print_private(bp, pk, off, NULL);
-	EVP_PKEY_free(pk);
-	return ret;
-	}
-
-int ECParameters_print(BIO *bp, const EC_KEY *x)
-	{
-	EVP_PKEY *pk;
-	int ret;
-	pk = EVP_PKEY_new();
-	if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *)x))
-		return 0;
-	ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
-	EVP_PKEY_free(pk);
-	return ret;
-	}
-
-static int print_bin(BIO *fp, const char *str, const unsigned char *num,
-		size_t len, int off);
-
-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
-	{
-	unsigned char *buffer=NULL;
-	size_t	buf_len=0, i;
-	int     ret=0, reason=ERR_R_BIO_LIB;
-	BN_CTX  *ctx=NULL;
-	const EC_POINT *point=NULL;
-	BIGNUM	*p=NULL, *a=NULL, *b=NULL, *gen=NULL,
-		*order=NULL, *cofactor=NULL;
-	const unsigned char *seed;
-	size_t	seed_len=0;
-	
-	static const char *gen_compressed = "Generator (compressed):";
-	static const char *gen_uncompressed = "Generator (uncompressed):";
-	static const char *gen_hybrid = "Generator (hybrid):";
- 
-	if (!x)
-		{
-		reason = ERR_R_PASSED_NULL_PARAMETER;
-		goto err;
-		}
-
-	ctx = BN_CTX_new();
-	if (ctx == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-
-	if (EC_GROUP_get_asn1_flag(x))
-		{
-		/* the curve parameter are given by an asn1 OID */
-		int nid;
-
-		if (!BIO_indent(bp, off, 128))
-			goto err;
-
-		nid = EC_GROUP_get_curve_name(x);
-		if (nid == 0)
-			goto err;
-
-		if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
-			goto err;
-		if (BIO_printf(bp, "\n") <= 0)
-			goto err;
-		}
-	else
-		{
-		/* explicit parameters */
-		int is_char_two = 0;
-		point_conversion_form_t form;
-		int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
-
-		if (tmp_nid == NID_X9_62_characteristic_two_field)
-			is_char_two = 1;
-
-		if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
-			(b = BN_new()) == NULL || (order = BN_new()) == NULL ||
-			(cofactor = BN_new()) == NULL)
-			{
-			reason = ERR_R_MALLOC_FAILURE;
-			goto err;
-			}
-#ifndef OPENSSL_NO_EC2M
-		if (is_char_two)
-			{
-			if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
-				{
-				reason = ERR_R_EC_LIB;
-				goto err;
-				}
-			}
-		else /* prime field */
-#endif
-			{
-			if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
-				{
-				reason = ERR_R_EC_LIB;
-				goto err;
-				}
-			}
-
-		if ((point = EC_GROUP_get0_generator(x)) == NULL)
-			{
-			reason = ERR_R_EC_LIB;
-			goto err;
-			}
-		if (!EC_GROUP_get_order(x, order, NULL) || 
-            		!EC_GROUP_get_cofactor(x, cofactor, NULL))
-			{
-			reason = ERR_R_EC_LIB;
-			goto err;
-			}
-		
-		form = EC_GROUP_get_point_conversion_form(x);
-
-		if ((gen = EC_POINT_point2bn(x, point, 
-				form, NULL, ctx)) == NULL)
-			{
-			reason = ERR_R_EC_LIB;
-			goto err;
-			}
-
-		buf_len = (size_t)BN_num_bytes(p);
-		if (buf_len < (i = (size_t)BN_num_bytes(a)))
-			buf_len = i;
-		if (buf_len < (i = (size_t)BN_num_bytes(b)))
-			buf_len = i;
-		if (buf_len < (i = (size_t)BN_num_bytes(gen)))
-			buf_len = i;
-		if (buf_len < (i = (size_t)BN_num_bytes(order)))
-			buf_len = i;
-		if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) 
-			buf_len = i;
-
-		if ((seed = EC_GROUP_get0_seed(x)) != NULL)
-			seed_len = EC_GROUP_get_seed_len(x);
-
-		buf_len += 10;
-		if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-			{
-			reason = ERR_R_MALLOC_FAILURE;
-			goto err;
-			}
-
-		if (!BIO_indent(bp, off, 128))
-			goto err;
-
-		/* print the 'short name' of the field type */
-		if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
-			<= 0)
-			goto err;  
-
-		if (is_char_two)
-			{
-			/* print the 'short name' of the base type OID */
-			int basis_type = EC_GROUP_get_basis_type(x);
-			if (basis_type == 0)
-				goto err;
-
-			if (!BIO_indent(bp, off, 128))
-				goto err;
-
-			if (BIO_printf(bp, "Basis Type: %s\n", 
-				OBJ_nid2sn(basis_type)) <= 0)
-				goto err;
-
-			/* print the polynomial */
-			if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, buffer,
-				off))
-				goto err;
-			}
-		else
-			{
-			if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer,off))
-				goto err;
-			}
-		if ((a != NULL) && !ASN1_bn_print(bp, "A:   ", a, buffer, off)) 
-			goto err;
-		if ((b != NULL) && !ASN1_bn_print(bp, "B:   ", b, buffer, off))
-			goto err;
-		if (form == POINT_CONVERSION_COMPRESSED)
-			{
-			if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
-				buffer, off))
-				goto err;
-			}
-		else if (form == POINT_CONVERSION_UNCOMPRESSED)
-			{
-			if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
-				buffer, off))
-				goto err;
-			}
-		else /* form == POINT_CONVERSION_HYBRID */
-			{
-			if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
-				buffer, off))
-				goto err;
-			}
-		if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order, 
-			buffer, off)) goto err;
-		if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor, 
-			buffer, off)) goto err;
-		if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
-			goto err;
-		}
-	ret=1;
-err:
-	if (!ret)
- 		ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
-	if (p) 
-		BN_free(p);
-	if (a) 
-		BN_free(a);
-	if (b)
-		BN_free(b);
-	if (gen)
-		BN_free(gen);
-	if (order)
-		BN_free(order);
-	if (cofactor)
-		BN_free(cofactor);
-	if (ctx)
-		BN_CTX_free(ctx);
-	if (buffer != NULL) 
-		OPENSSL_free(buffer);
-	return(ret);	
-	}
-
-static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
-		size_t len, int off)
-	{
-	size_t i;
-	char str[128];
-
-	if (buf == NULL)
-		return 1;
-	if (off)
-		{
-		if (off > 128)
-			off=128;
-		memset(str,' ',off);
-		if (BIO_write(fp, str, off) <= 0)
-			return 0;
-		}
-
-	if (BIO_printf(fp,"%s", name) <= 0)
-		return 0;
-
-	for (i=0; i<len; i++)
-		{
-		if ((i%15) == 0)
-			{
-			str[0]='\n';
-			memset(&(str[1]),' ',off+4);
-			if (BIO_write(fp, str, off+1+4) <= 0)
-				return 0;
-			}
-		if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
-			return 0;
-		}
-	if (BIO_write(fp,"\n",1) <= 0)
-		return 0;
-
-	return 1;
-	}
diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c
deleted file mode 100644
index 3c5ec1965a..0000000000
--- a/crypto/ec/ecp_mont.c
+++ /dev/null
@@ -1,323 +0,0 @@
-/* crypto/ec/ecp_mont.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
-#include <openssl/err.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include "ec_lcl.h"
-
-
-const EC_METHOD *EC_GFp_mont_method(void)
-	{
-	static const EC_METHOD ret = {
-		EC_FLAGS_DEFAULT_OCT,
-		NID_X9_62_prime_field,
-		ec_GFp_mont_group_init,
-		ec_GFp_mont_group_finish,
-		ec_GFp_mont_group_clear_finish,
-		ec_GFp_mont_group_copy,
-		ec_GFp_mont_group_set_curve,
-		ec_GFp_simple_group_get_curve,
-		ec_GFp_simple_group_get_degree,
-		ec_GFp_simple_group_check_discriminant,
-		ec_GFp_simple_point_init,
-		ec_GFp_simple_point_finish,
-		ec_GFp_simple_point_clear_finish,
-		ec_GFp_simple_point_copy,
-		ec_GFp_simple_point_set_to_infinity,
-		ec_GFp_simple_set_Jprojective_coordinates_GFp,
-		ec_GFp_simple_get_Jprojective_coordinates_GFp,
-		ec_GFp_simple_point_set_affine_coordinates,
-		ec_GFp_simple_point_get_affine_coordinates,
-		0,0,0,
-		ec_GFp_simple_add,
-		ec_GFp_simple_dbl,
-		ec_GFp_simple_invert,
-		ec_GFp_simple_is_at_infinity,
-		ec_GFp_simple_is_on_curve,
-		ec_GFp_simple_cmp,
-		ec_GFp_simple_make_affine,
-		ec_GFp_simple_points_make_affine,
-		0 /* mul */,
-		0 /* precompute_mult */,
-		0 /* have_precompute_mult */,	
-		ec_GFp_mont_field_mul,
-		ec_GFp_mont_field_sqr,
-		0 /* field_div */,
-		ec_GFp_mont_field_encode,
-		ec_GFp_mont_field_decode,
-		ec_GFp_mont_field_set_to_one };
-
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		return fips_ec_gfp_mont_method();
-#endif
-
-	return &ret;
-	}
-
-
-int ec_GFp_mont_group_init(EC_GROUP *group)
-	{
-	int ok;
-
-	ok = ec_GFp_simple_group_init(group);
-	group->field_data1 = NULL;
-	group->field_data2 = NULL;
-	return ok;
-	}
-
-
-void ec_GFp_mont_group_finish(EC_GROUP *group)
-	{
-	if (group->field_data1 != NULL)
-		{
-		BN_MONT_CTX_free(group->field_data1);
-		group->field_data1 = NULL;
-		}
-	if (group->field_data2 != NULL)
-		{
-		BN_free(group->field_data2);
-		group->field_data2 = NULL;
-		}
-	ec_GFp_simple_group_finish(group);
-	}
-
-
-void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
-	{
-	if (group->field_data1 != NULL)
-		{
-		BN_MONT_CTX_free(group->field_data1);
-		group->field_data1 = NULL;
-		}
-	if (group->field_data2 != NULL)
-		{
-		BN_clear_free(group->field_data2);
-		group->field_data2 = NULL;
-		}
-	ec_GFp_simple_group_clear_finish(group);
-	}
-
-
-int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-	{
-	if (dest->field_data1 != NULL)
-		{
-		BN_MONT_CTX_free(dest->field_data1);
-		dest->field_data1 = NULL;
-		}
-	if (dest->field_data2 != NULL)
-		{
-		BN_clear_free(dest->field_data2);
-		dest->field_data2 = NULL;
-		}
-
-	if (!ec_GFp_simple_group_copy(dest, src)) return 0;
-
-	if (src->field_data1 != NULL)
-		{
-		dest->field_data1 = BN_MONT_CTX_new();
-		if (dest->field_data1 == NULL) return 0;
-		if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) goto err;
-		}
-	if (src->field_data2 != NULL)
-		{
-		dest->field_data2 = BN_dup(src->field_data2);
-		if (dest->field_data2 == NULL) goto err;
-		}
-
-	return 1;
-
- err:
-	if (dest->field_data1 != NULL)
-		{
-		BN_MONT_CTX_free(dest->field_data1);
-		dest->field_data1 = NULL;
-		}
-	return 0;	
-	}
-
-
-int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BN_MONT_CTX *mont = NULL;
-	BIGNUM *one = NULL;
-	int ret = 0;
-
-	if (group->field_data1 != NULL)
-		{
-		BN_MONT_CTX_free(group->field_data1);
-		group->field_data1 = NULL;
-		}
-	if (group->field_data2 != NULL)
-		{
-		BN_free(group->field_data2);
-		group->field_data2 = NULL;
-		}
-	
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	mont = BN_MONT_CTX_new();
-	if (mont == NULL) goto err;
-	if (!BN_MONT_CTX_set(mont, p, ctx))
-		{
-		ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
-		goto err;
-		}
-	one = BN_new();
-	if (one == NULL) goto err;
-	if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;
-
-	group->field_data1 = mont;
-	mont = NULL;
-	group->field_data2 = one;
-	one = NULL;
-
-	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
-
-	if (!ret)
-		{
-		BN_MONT_CTX_free(group->field_data1);
-		group->field_data1 = NULL;
-		BN_free(group->field_data2);
-		group->field_data2 = NULL;
-		}
-
- err:
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	if (mont != NULL)
-		BN_MONT_CTX_free(mont);
-	return ret;
-	}
-
-
-int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	if (group->field_data1 == NULL)
-		{
-		ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
-		return 0;
-		}
-
-	return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
-	}
-
-
-int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-	{
-	if (group->field_data1 == NULL)
-		{
-		ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
-		return 0;
-		}
-
-	return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
-	}
-
-
-int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-	{
-	if (group->field_data1 == NULL)
-		{
-		ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
-		return 0;
-		}
-
-	return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
-	}
-
-
-int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-	{
-	if (group->field_data1 == NULL)
-		{
-		ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
-		return 0;
-		}
-
-	return BN_from_montgomery(r, a, group->field_data1, ctx);
-	}
-
-
-int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
-	{
-	if (group->field_data2 == NULL)
-		{
-		ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);
-		return 0;
-		}
-
-	if (!BN_copy(r, group->field_data2)) return 0;
-	return 1;
-	}
diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c
deleted file mode 100644
index db3b99e06a..0000000000
--- a/crypto/ec/ecp_nist.c
+++ /dev/null
@@ -1,218 +0,0 @@
-/* crypto/ec/ecp_nist.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
-#include <limits.h>
-
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
-#include "ec_lcl.h"
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-const EC_METHOD *EC_GFp_nist_method(void)
-	{
-	static const EC_METHOD ret = {
-		EC_FLAGS_DEFAULT_OCT,
-		NID_X9_62_prime_field,
-		ec_GFp_simple_group_init,
-		ec_GFp_simple_group_finish,
-		ec_GFp_simple_group_clear_finish,
-		ec_GFp_nist_group_copy,
-		ec_GFp_nist_group_set_curve,
-		ec_GFp_simple_group_get_curve,
-		ec_GFp_simple_group_get_degree,
-		ec_GFp_simple_group_check_discriminant,
-		ec_GFp_simple_point_init,
-		ec_GFp_simple_point_finish,
-		ec_GFp_simple_point_clear_finish,
-		ec_GFp_simple_point_copy,
-		ec_GFp_simple_point_set_to_infinity,
-		ec_GFp_simple_set_Jprojective_coordinates_GFp,
-		ec_GFp_simple_get_Jprojective_coordinates_GFp,
-		ec_GFp_simple_point_set_affine_coordinates,
-		ec_GFp_simple_point_get_affine_coordinates,
-		0,0,0,
-		ec_GFp_simple_add,
-		ec_GFp_simple_dbl,
-		ec_GFp_simple_invert,
-		ec_GFp_simple_is_at_infinity,
-		ec_GFp_simple_is_on_curve,
-		ec_GFp_simple_cmp,
-		ec_GFp_simple_make_affine,
-		ec_GFp_simple_points_make_affine,
-		0 /* mul */,
-		0 /* precompute_mult */,
-		0 /* have_precompute_mult */,	
-		ec_GFp_nist_field_mul,
-		ec_GFp_nist_field_sqr,
-		0 /* field_div */,
-		0 /* field_encode */,
-		0 /* field_decode */,
-		0 /* field_set_to_one */ };
-
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		return fips_ec_gfp_nist_method();
-#endif
-
-	return &ret;
-	}
-
-int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-	{
-	dest->field_mod_func = src->field_mod_func;
-
-	return ec_GFp_simple_group_copy(dest, src);
-	}
-
-int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
-	const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp_bn;
-	
-	if (ctx == NULL)
-		if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0;
-
-	BN_CTX_start(ctx);
-	if ((tmp_bn = BN_CTX_get(ctx)) == NULL) goto err;
-
-	if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
-		group->field_mod_func = BN_nist_mod_192;
-	else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0)
-		group->field_mod_func = BN_nist_mod_224;
-	else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
-		group->field_mod_func = BN_nist_mod_256;
-	else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
-		group->field_mod_func = BN_nist_mod_384;
-	else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
-		group->field_mod_func = BN_nist_mod_521;
-	else
-		{
-		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);
-		goto err;
-		}
-
-	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
-
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-	const BIGNUM *b, BN_CTX *ctx)
-	{
-	int	ret=0;
-	BN_CTX	*ctx_new=NULL;
-
-	if (!group || !r || !a || !b)
-		{
-		ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);
-		goto err;
-		}
-	if (!ctx)
-		if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err;
-
-	if (!BN_mul(r, a, b, ctx)) goto err;
-	if (!group->field_mod_func(r, r, &group->field, ctx))
-		goto err;
-
-	ret=1;
-err:
-	if (ctx_new)
-		BN_CTX_free(ctx_new);
-	return ret;
-	}
-
-
-int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-	BN_CTX *ctx)
-	{
-	int	ret=0;
-	BN_CTX	*ctx_new=NULL;
-
-	if (!group || !r || !a)
-		{
-		ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);
-		goto err;
-		}
-	if (!ctx)
-		if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err;
-
-	if (!BN_sqr(r, a, ctx)) goto err;
-	if (!group->field_mod_func(r, r, &group->field, ctx))
-		goto err;
-
-	ret=1;
-err:
-	if (ctx_new)
-		BN_CTX_free(ctx_new);
-	return ret;
-	}
diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c
deleted file mode 100644
index 374a0ee731..0000000000
--- a/crypto/ec/ecp_oct.c
+++ /dev/null
@@ -1,433 +0,0 @@
-/* crypto/ec/ecp_oct.c */
-/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project. 
- * Includes code written by Bodo Moeller for the OpenSSL project.
-*/
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
-#include <openssl/err.h>
-#include <openssl/symhacks.h>
-
-#include "ec_lcl.h"
-
-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x_, int y_bit, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp1, *tmp2, *x, *y;
-	int ret = 0;
-
-	/* clear error queue*/
-	ERR_clear_error();
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	y_bit = (y_bit != 0);
-
-	BN_CTX_start(ctx);
-	tmp1 = BN_CTX_get(ctx);
-	tmp2 = BN_CTX_get(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	if (y == NULL) goto err;
-
-	/* Recover y.  We have a Weierstrass equation
-	 *     y^2 = x^3 + a*x + b,
-	 * so  y  is one of the square roots of  x^3 + a*x + b.
-	 */
-
-	/* tmp1 := x^3 */
-	if (!BN_nnmod(x, x_, &group->field,ctx)) goto err;
-	if (group->meth->field_decode == 0)
-		{
-		/* field_{sqr,mul} work on standard representation */
-		if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err;
-		if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err;
-		if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err;
-		}
-	
-	/* tmp1 := tmp1 + a*x */
-	if (group->a_is_minus3)
-		{
-		if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err;
-		if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err;
-		if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
-		}
-	else
-		{
-		if (group->meth->field_decode)
-			{
-			if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err;
-			if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err;
-			}
-		else
-			{
-			/* field_mul works on standard representation */
-			if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err;
-			}
-		
-		if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
-		}
-	
-	/* tmp1 := tmp1 + b */
-	if (group->meth->field_decode)
-		{
-		if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err;
-		if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
-		}
-	else
-		{
-		if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err;
-		}
-	
-	if (!BN_mod_sqrt(y, tmp1, &group->field, ctx))
-		{
-		unsigned long err = ERR_peek_last_error();
-		
-		if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE)
-			{
-			ERR_clear_error();
-			ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
-			}
-		else
-			ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
-		goto err;
-		}
-
-	if (y_bit != BN_is_odd(y))
-		{
-		if (BN_is_zero(y))
-			{
-			int kron;
-
-			kron = BN_kronecker(x, &group->field, ctx);
-			if (kron == -2) goto err;
-
-			if (kron == 1)
-				ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT);
-			else
-				/* BN_mod_sqrt() should have cought this error (not a square) */
-				ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
-			goto err;
-			}
-		if (!BN_usub(y, &group->field, y)) goto err;
-		}
-	if (y_bit != BN_is_odd(y))
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-
-	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
-	unsigned char *buf, size_t len, BN_CTX *ctx)
-	{
-	size_t ret;
-	BN_CTX *new_ctx = NULL;
-	int used_ctx = 0;
-	BIGNUM *x, *y;
-	size_t field_len, i, skip;
-
-	if ((form != POINT_CONVERSION_COMPRESSED)
-		&& (form != POINT_CONVERSION_UNCOMPRESSED)
-		&& (form != POINT_CONVERSION_HYBRID))
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
-		goto err;
-		}
-
-	if (EC_POINT_is_at_infinity(group, point))
-		{
-		/* encodes to a single 0 octet */
-		if (buf != NULL)
-			{
-			if (len < 1)
-				{
-				ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-				return 0;
-				}
-			buf[0] = 0;
-			}
-		return 1;
-		}
-
-
-	/* ret := required output buffer length */
-	field_len = BN_num_bytes(&group->field);
-	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-	/* if 'buf' is NULL, just return required length */
-	if (buf != NULL)
-		{
-		if (len < ret)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-			goto err;
-			}
-
-		if (ctx == NULL)
-			{
-			ctx = new_ctx = BN_CTX_new();
-			if (ctx == NULL)
-				return 0;
-			}
-
-		BN_CTX_start(ctx);
-		used_ctx = 1;
-		x = BN_CTX_get(ctx);
-		y = BN_CTX_get(ctx);
-		if (y == NULL) goto err;
-
-		if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-
-		if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
-			buf[0] = form + 1;
-		else
-			buf[0] = form;
-	
-		i = 1;
-		
-		skip = field_len - BN_num_bytes(x);
-		if (skip > field_len)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		while (skip > 0)
-			{
-			buf[i++] = 0;
-			skip--;
-			}
-		skip = BN_bn2bin(x, buf + i);
-		i += skip;
-		if (i != 1 + field_len)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-
-		if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
-			{
-			skip = field_len - BN_num_bytes(y);
-			if (skip > field_len)
-				{
-				ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			while (skip > 0)
-				{
-				buf[i++] = 0;
-				skip--;
-				}
-			skip = BN_bn2bin(y, buf + i);
-			i += skip;
-			}
-
-		if (i != ret)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		}
-	
-	if (used_ctx)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-
- err:
-	if (used_ctx)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return 0;
-	}
-
-
-int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
-	const unsigned char *buf, size_t len, BN_CTX *ctx)
-	{
-	point_conversion_form_t form;
-	int y_bit;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *x, *y;
-	size_t field_len, enc_len;
-	int ret = 0;
-
-	if (len == 0)
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
-		return 0;
-		}
-	form = buf[0];
-	y_bit = form & 1;
-	form = form & ~1U;
-	if ((form != 0)	&& (form != POINT_CONVERSION_COMPRESSED)
-		&& (form != POINT_CONVERSION_UNCOMPRESSED)
-		&& (form != POINT_CONVERSION_HYBRID))
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		return 0;
-		}
-	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		return 0;
-		}
-
-	if (form == 0)
-		{
-		if (len != 1)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-			return 0;
-			}
-
-		return EC_POINT_set_to_infinity(group, point);
-		}
-	
-	field_len = BN_num_bytes(&group->field);
-	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-	if (len != enc_len)
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		return 0;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	if (y == NULL) goto err;
-
-	if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
-	if (BN_ucmp(x, &group->field) >= 0)
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		goto err;
-		}
-
-	if (form == POINT_CONVERSION_COMPRESSED)
-		{
-		if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
-		if (BN_ucmp(y, &group->field) >= 0)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-			goto err;
-			}
-		if (form == POINT_CONVERSION_HYBRID)
-			{
-			if (y_bit != BN_is_odd(y))
-				{
-				ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-				goto err;
-				}
-			}
-
-		if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-		}
-	
-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
-		goto err;
-		}
-
-	ret = 1;
-	
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
deleted file mode 100644
index 2d1f357686..0000000000
--- a/crypto/ec/ecp_smpl.c
+++ /dev/null
@@ -1,1339 +0,0 @@
-/* crypto/ec/ecp_smpl.c */
-/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project. 
- * Includes code written by Bodo Moeller for the OpenSSL project.
-*/
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
-#include <openssl/err.h>
-#include <openssl/symhacks.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include "ec_lcl.h"
-
-const EC_METHOD *EC_GFp_simple_method(void)
-	{
-	static const EC_METHOD ret = {
-		EC_FLAGS_DEFAULT_OCT,
-		NID_X9_62_prime_field,
-		ec_GFp_simple_group_init,
-		ec_GFp_simple_group_finish,
-		ec_GFp_simple_group_clear_finish,
-		ec_GFp_simple_group_copy,
-		ec_GFp_simple_group_set_curve,
-		ec_GFp_simple_group_get_curve,
-		ec_GFp_simple_group_get_degree,
-		ec_GFp_simple_group_check_discriminant,
-		ec_GFp_simple_point_init,
-		ec_GFp_simple_point_finish,
-		ec_GFp_simple_point_clear_finish,
-		ec_GFp_simple_point_copy,
-		ec_GFp_simple_point_set_to_infinity,
-		ec_GFp_simple_set_Jprojective_coordinates_GFp,
-		ec_GFp_simple_get_Jprojective_coordinates_GFp,
-		ec_GFp_simple_point_set_affine_coordinates,
-		ec_GFp_simple_point_get_affine_coordinates,
-		0,0,0,
-		ec_GFp_simple_add,
-		ec_GFp_simple_dbl,
-		ec_GFp_simple_invert,
-		ec_GFp_simple_is_at_infinity,
-		ec_GFp_simple_is_on_curve,
-		ec_GFp_simple_cmp,
-		ec_GFp_simple_make_affine,
-		ec_GFp_simple_points_make_affine,
-		0 /* mul */,
-		0 /* precompute_mult */,
-		0 /* have_precompute_mult */,	
-		ec_GFp_simple_field_mul,
-		ec_GFp_simple_field_sqr,
-		0 /* field_div */,
-		0 /* field_encode */,
-		0 /* field_decode */,
-		0 /* field_set_to_one */ };
-
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		return fips_ec_gfp_simple_method();
-#endif
-
-	return &ret;
-	}
-
-
-/* Most method functions in this file are designed to work with
- * non-trivial representations of field elements if necessary
- * (see ecp_mont.c): while standard modular addition and subtraction
- * are used, the field_mul and field_sqr methods will be used for
- * multiplication, and field_encode and field_decode (if defined)
- * will be used for converting between representations.
-
- * Functions ec_GFp_simple_points_make_affine() and
- * ec_GFp_simple_point_get_affine_coordinates() specifically assume
- * that if a non-trivial representation is used, it is a Montgomery
- * representation (i.e. 'encoding' means multiplying by some factor R).
- */
-
-
-int ec_GFp_simple_group_init(EC_GROUP *group)
-	{
-	BN_init(&group->field);
-	BN_init(&group->a);
-	BN_init(&group->b);
-	group->a_is_minus3 = 0;
-	return 1;
-	}
-
-
-void ec_GFp_simple_group_finish(EC_GROUP *group)
-	{
-	BN_free(&group->field);
-	BN_free(&group->a);
-	BN_free(&group->b);
-	}
-
-
-void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
-	{
-	BN_clear_free(&group->field);
-	BN_clear_free(&group->a);
-	BN_clear_free(&group->b);
-	}
-
-
-int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-	{
-	if (!BN_copy(&dest->field, &src->field)) return 0;
-	if (!BN_copy(&dest->a, &src->a)) return 0;
-	if (!BN_copy(&dest->b, &src->b)) return 0;
-
-	dest->a_is_minus3 = src->a_is_minus3;
-
-	return 1;
-	}
-
-
-int ec_GFp_simple_group_set_curve(EC_GROUP *group,
-	const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp_a;
-	
-	/* p must be a prime > 3 */
-	if (BN_num_bits(p) <= 2 || !BN_is_odd(p))
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
-		return 0;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	tmp_a = BN_CTX_get(ctx);
-	if (tmp_a == NULL) goto err;
-
-	/* group->field */
-	if (!BN_copy(&group->field, p)) goto err;
-	BN_set_negative(&group->field, 0);
-
-	/* group->a */
-	if (!BN_nnmod(tmp_a, a, p, ctx)) goto err;
-	if (group->meth->field_encode)
-		{ if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; }	
-	else
-		if (!BN_copy(&group->a, tmp_a)) goto err;
-	
-	/* group->b */
-	if (!BN_nnmod(&group->b, b, p, ctx)) goto err;
-	if (group->meth->field_encode)
-		if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err;
-	
-	/* group->a_is_minus3 */
-	if (!BN_add_word(tmp_a, 3)) goto err;
-	group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
-
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BN_CTX *new_ctx = NULL;
-	
-	if (p != NULL)
-		{
-		if (!BN_copy(p, &group->field)) return 0;
-		}
-
-	if (a != NULL || b != NULL)
-		{
-		if (group->meth->field_decode)
-			{
-			if (ctx == NULL)
-				{
-				ctx = new_ctx = BN_CTX_new();
-				if (ctx == NULL)
-					return 0;
-				}
-			if (a != NULL)
-				{
-				if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
-				}
-			if (b != NULL)
-				{
-				if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
-				}
-			}
-		else
-			{
-			if (a != NULL)
-				{
-				if (!BN_copy(a, &group->a)) goto err;
-				}
-			if (b != NULL)
-				{
-				if (!BN_copy(b, &group->b)) goto err;
-				}
-			}
-		}
-	
-	ret = 1;
-	
- err:
-	if (new_ctx)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_group_get_degree(const EC_GROUP *group)
-	{
-	return BN_num_bits(&group->field);
-	}
-
-
-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BIGNUM *a,*b,*order,*tmp_1,*tmp_2;
-	const BIGNUM *p = &group->field;
-	BN_CTX *new_ctx = NULL;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	BN_CTX_start(ctx);
-	a = BN_CTX_get(ctx);
-	b = BN_CTX_get(ctx);
-	tmp_1 = BN_CTX_get(ctx);
-	tmp_2 = BN_CTX_get(ctx);
-	order = BN_CTX_get(ctx);
-	if (order == NULL) goto err;
-
-	if (group->meth->field_decode)
-		{
-		if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
-		if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_copy(a, &group->a)) goto err;
-		if (!BN_copy(b, &group->b)) goto err;
-		}
-	
-	/* check the discriminant:
-	 * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) 
-         * 0 =< a, b < p */
-	if (BN_is_zero(a))
-		{
-		if (BN_is_zero(b)) goto err;
-		}
-	else if (!BN_is_zero(b))
-		{
-		if (!BN_mod_sqr(tmp_1, a, p, ctx)) goto err;
-		if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) goto err;
-		if (!BN_lshift(tmp_1, tmp_2, 2)) goto err;
-		/* tmp_1 = 4*a^3 */
-
-		if (!BN_mod_sqr(tmp_2, b, p, ctx)) goto err;
-		if (!BN_mul_word(tmp_2, 27)) goto err;
-		/* tmp_2 = 27*b^2 */
-
-		if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err;
-		if (BN_is_zero(a)) goto err;
-		}
-	ret = 1;
-
-err:
-	if (ctx != NULL)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_point_init(EC_POINT *point)
-	{
-	BN_init(&point->X);
-	BN_init(&point->Y);
-	BN_init(&point->Z);
-	point->Z_is_one = 0;
-
-	return 1;
-	}
-
-
-void ec_GFp_simple_point_finish(EC_POINT *point)
-	{
-	BN_free(&point->X);
-	BN_free(&point->Y);
-	BN_free(&point->Z);
-	}
-
-
-void ec_GFp_simple_point_clear_finish(EC_POINT *point)
-	{
-	BN_clear_free(&point->X);
-	BN_clear_free(&point->Y);
-	BN_clear_free(&point->Z);
-	point->Z_is_one = 0;
-	}
-
-
-int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
-	{
-	if (!BN_copy(&dest->X, &src->X)) return 0;
-	if (!BN_copy(&dest->Y, &src->Y)) return 0;
-	if (!BN_copy(&dest->Z, &src->Z)) return 0;
-	dest->Z_is_one = src->Z_is_one;
-
-	return 1;
-	}
-
-
-int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
-	{
-	point->Z_is_one = 0;
-	BN_zero(&point->Z);
-	return 1;
-	}
-
-
-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	int ret = 0;
-	
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	if (x != NULL)
-		{
-		if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err;
-		if (group->meth->field_encode)
-			{
-			if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err;
-			}
-		}
-	
-	if (y != NULL)
-		{
-		if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err;
-		if (group->meth->field_encode)
-			{
-			if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err;
-			}
-		}
-	
-	if (z != NULL)
-		{
-		int Z_is_one;
-
-		if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err;
-		Z_is_one = BN_is_one(&point->Z);
-		if (group->meth->field_encode)
-			{
-			if (Z_is_one && (group->meth->field_set_to_one != 0))
-				{
-				if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err;
-				}
-			else
-				{
-				if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err;
-				}
-			}
-		point->Z_is_one = Z_is_one;
-		}
-	
-	ret = 1;
-	
- err:
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
-	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	int ret = 0;
-	
-	if (group->meth->field_decode != 0)
-		{
-		if (ctx == NULL)
-			{
-			ctx = new_ctx = BN_CTX_new();
-			if (ctx == NULL)
-				return 0;
-			}
-
-		if (x != NULL)
-			{
-			if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
-			}
-		if (y != NULL)
-			{
-			if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
-			}
-		if (z != NULL)
-			{
-			if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err;
-			}
-		}
-	else	
-		{
-		if (x != NULL)
-			{
-			if (!BN_copy(x, &point->X)) goto err;
-			}
-		if (y != NULL)
-			{
-			if (!BN_copy(y, &point->Y)) goto err;
-			}
-		if (z != NULL)
-			{
-			if (!BN_copy(z, &point->Z)) goto err;
-			}
-		}
-	
-	ret = 1;
-
- err:
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-	{
-	if (x == NULL || y == NULL)
-		{
-		/* unlike for projective coordinates, we do not tolerate this */
-		ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-
-	return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
-	}
-
-
-int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
-	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *Z, *Z_1, *Z_2, *Z_3;
-	const BIGNUM *Z_;
-	int ret = 0;
-
-	if (EC_POINT_is_at_infinity(group, point))
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
-		return 0;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	Z = BN_CTX_get(ctx);
-	Z_1 = BN_CTX_get(ctx);
-	Z_2 = BN_CTX_get(ctx);
-	Z_3 = BN_CTX_get(ctx);
-	if (Z_3 == NULL) goto err;
-
-	/* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */
-	
-	if (group->meth->field_decode)
-		{
-		if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err;
-		Z_ = Z;
-		}
-	else
-		{
-		Z_ = &point->Z;
-		}
-	
-	if (BN_is_one(Z_))
-		{
-		if (group->meth->field_decode)
-			{
-			if (x != NULL)
-				{
-				if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
-				}
-			if (y != NULL)
-				{
-				if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
-				}
-			}
-		else
-			{
-			if (x != NULL)
-				{
-				if (!BN_copy(x, &point->X)) goto err;
-				}
-			if (y != NULL)
-				{
-				if (!BN_copy(y, &point->Y)) goto err;
-				}
-			}
-		}
-	else
-		{
-		if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx))
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB);
-			goto err;
-			}
-		
-		if (group->meth->field_encode == 0)
-			{
-			/* field_sqr works on standard representation */
-			if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err;
-			}
-		else
-			{
-			if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err;
-			}
-	
-		if (x != NULL)
-			{
-			/* in the Montgomery case, field_mul will cancel out Montgomery factor in X: */
-			if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) goto err;
-			}
-
-		if (y != NULL)
-			{
-			if (group->meth->field_encode == 0)
-				{
-				/* field_mul works on standard representation */
-				if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err;
-				}
-			else
-				{
-				if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err;
-				}
-
-			/* in the Montgomery case, field_mul will cancel out Montgomery factor in Y: */
-			if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) goto err;
-			}
-		}
-
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-	{
-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-	const BIGNUM *p;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
-	int ret = 0;
-	
-	if (a == b)
-		return EC_POINT_dbl(group, r, a, ctx);
-	if (EC_POINT_is_at_infinity(group, a))
-		return EC_POINT_copy(r, b);
-	if (EC_POINT_is_at_infinity(group, b))
-		return EC_POINT_copy(r, a);
-	
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;
-	p = &group->field;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	n0 = BN_CTX_get(ctx);
-	n1 = BN_CTX_get(ctx);
-	n2 = BN_CTX_get(ctx);
-	n3 = BN_CTX_get(ctx);
-	n4 = BN_CTX_get(ctx);
-	n5 = BN_CTX_get(ctx);
-	n6 = BN_CTX_get(ctx);
-	if (n6 == NULL) goto end;
-
-	/* Note that in this function we must not read components of 'a' or 'b'
-	 * once we have written the corresponding components of 'r'.
-	 * ('r' might be one of 'a' or 'b'.)
-	 */
-
-	/* n1, n2 */
-	if (b->Z_is_one)
-		{
-		if (!BN_copy(n1, &a->X)) goto end;
-		if (!BN_copy(n2, &a->Y)) goto end;
-		/* n1 = X_a */
-		/* n2 = Y_a */
-		}
-	else
-		{
-		if (!field_sqr(group, n0, &b->Z, ctx)) goto end;
-		if (!field_mul(group, n1, &a->X, n0, ctx)) goto end;
-		/* n1 = X_a * Z_b^2 */
-
-		if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end;
-		if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end;
-		/* n2 = Y_a * Z_b^3 */
-		}
-
-	/* n3, n4 */
-	if (a->Z_is_one)
-		{
-		if (!BN_copy(n3, &b->X)) goto end;
-		if (!BN_copy(n4, &b->Y)) goto end;
-		/* n3 = X_b */
-		/* n4 = Y_b */
-		}
-	else
-		{
-		if (!field_sqr(group, n0, &a->Z, ctx)) goto end;
-		if (!field_mul(group, n3, &b->X, n0, ctx)) goto end;
-		/* n3 = X_b * Z_a^2 */
-
-		if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end;
-		if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end;
-		/* n4 = Y_b * Z_a^3 */
-		}
-
-	/* n5, n6 */
-	if (!BN_mod_sub_quick(n5, n1, n3, p)) goto end;
-	if (!BN_mod_sub_quick(n6, n2, n4, p)) goto end;
-	/* n5 = n1 - n3 */
-	/* n6 = n2 - n4 */
-
-	if (BN_is_zero(n5))
-		{
-		if (BN_is_zero(n6))
-			{
-			/* a is the same point as b */
-			BN_CTX_end(ctx);
-			ret = EC_POINT_dbl(group, r, a, ctx);
-			ctx = NULL;
-			goto end;
-			}
-		else
-			{
-			/* a is the inverse of b */
-			BN_zero(&r->Z);
-			r->Z_is_one = 0;
-			ret = 1;
-			goto end;
-			}
-		}
-
-	/* 'n7', 'n8' */
-	if (!BN_mod_add_quick(n1, n1, n3, p)) goto end;
-	if (!BN_mod_add_quick(n2, n2, n4, p)) goto end;
-	/* 'n7' = n1 + n3 */
-	/* 'n8' = n2 + n4 */
-
-	/* Z_r */
-	if (a->Z_is_one && b->Z_is_one)
-		{
-		if (!BN_copy(&r->Z, n5)) goto end;
-		}
-	else
-		{
-		if (a->Z_is_one)
-			{ if (!BN_copy(n0, &b->Z)) goto end; }
-		else if (b->Z_is_one)
-			{ if (!BN_copy(n0, &a->Z)) goto end; }
-		else
-			{ if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; }
-		if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end;
-		}
-	r->Z_is_one = 0;
-	/* Z_r = Z_a * Z_b * n5 */
-
-	/* X_r */
-	if (!field_sqr(group, n0, n6, ctx)) goto end;
-	if (!field_sqr(group, n4, n5, ctx)) goto end;
-	if (!field_mul(group, n3, n1, n4, ctx)) goto end;
-	if (!BN_mod_sub_quick(&r->X, n0, n3, p)) goto end;
-	/* X_r = n6^2 - n5^2 * 'n7' */
-	
-	/* 'n9' */
-	if (!BN_mod_lshift1_quick(n0, &r->X, p)) goto end;
-	if (!BN_mod_sub_quick(n0, n3, n0, p)) goto end;
-	/* n9 = n5^2 * 'n7' - 2 * X_r */
-
-	/* Y_r */
-	if (!field_mul(group, n0, n0, n6, ctx)) goto end;
-	if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */
-	if (!field_mul(group, n1, n2, n5, ctx)) goto end;
-	if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end;
-	if (BN_is_odd(n0))
-		if (!BN_add(n0, n0, p)) goto end;
-	/* now  0 <= n0 < 2*p,  and n0 is even */
-	if (!BN_rshift1(&r->Y, n0)) goto end;
-	/* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
-
-	ret = 1;
-
- end:
-	if (ctx) /* otherwise we already called BN_CTX_end */
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
-	{
-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-	const BIGNUM *p;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *n0, *n1, *n2, *n3;
-	int ret = 0;
-	
-	if (EC_POINT_is_at_infinity(group, a))
-		{
-		BN_zero(&r->Z);
-		r->Z_is_one = 0;
-		return 1;
-		}
-
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;
-	p = &group->field;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	n0 = BN_CTX_get(ctx);
-	n1 = BN_CTX_get(ctx);
-	n2 = BN_CTX_get(ctx);
-	n3 = BN_CTX_get(ctx);
-	if (n3 == NULL) goto err;
-
-	/* Note that in this function we must not read components of 'a'
-	 * once we have written the corresponding components of 'r'.
-	 * ('r' might the same as 'a'.)
-	 */
-
-	/* n1 */
-	if (a->Z_is_one)
-		{
-		if (!field_sqr(group, n0, &a->X, ctx)) goto err;
-		if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
-		if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
-		if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err;
-		/* n1 = 3 * X_a^2 + a_curve */
-		}
-	else if (group->a_is_minus3)
-		{
-		if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
-		if (!BN_mod_add_quick(n0, &a->X, n1, p)) goto err;
-		if (!BN_mod_sub_quick(n2, &a->X, n1, p)) goto err;
-		if (!field_mul(group, n1, n0, n2, ctx)) goto err;
-		if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
-		if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
-		/* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
-		 *    = 3 * X_a^2 - 3 * Z_a^4 */
-		}
-	else
-		{
-		if (!field_sqr(group, n0, &a->X, ctx)) goto err;
-		if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
-		if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
-		if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
-		if (!field_sqr(group, n1, n1, ctx)) goto err;
-		if (!field_mul(group, n1, n1, &group->a, ctx)) goto err;
-		if (!BN_mod_add_quick(n1, n1, n0, p)) goto err;
-		/* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
-		}
-
-	/* Z_r */
-	if (a->Z_is_one)
-		{
-		if (!BN_copy(n0, &a->Y)) goto err;
-		}
-	else
-		{
-		if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err;
-		}
-	if (!BN_mod_lshift1_quick(&r->Z, n0, p)) goto err;
-	r->Z_is_one = 0;
-	/* Z_r = 2 * Y_a * Z_a */
-
-	/* n2 */
-	if (!field_sqr(group, n3, &a->Y, ctx)) goto err;
-	if (!field_mul(group, n2, &a->X, n3, ctx)) goto err;
-	if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err;
-	/* n2 = 4 * X_a * Y_a^2 */
-
-	/* X_r */
-	if (!BN_mod_lshift1_quick(n0, n2, p)) goto err;
-	if (!field_sqr(group, &r->X, n1, ctx)) goto err;
-	if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) goto err;
-	/* X_r = n1^2 - 2 * n2 */
-	
-	/* n3 */
-	if (!field_sqr(group, n0, n3, ctx)) goto err;
-	if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err;
-	/* n3 = 8 * Y_a^4 */
-	
-	/* Y_r */
-	if (!BN_mod_sub_quick(n0, n2, &r->X, p)) goto err;
-	if (!field_mul(group, n0, n1, n0, ctx)) goto err;
-	if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) goto err;
-	/* Y_r = n1 * (n2 - X_r) - n3 */
-
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-	{
-	if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
-		/* point is its own inverse */
-		return 1;
-	
-	return BN_usub(&point->Y, &group->field, &point->Y);
-	}
-
-
-int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
-	{
-	return BN_is_zero(&point->Z);
-	}
-
-
-int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
-	{
-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-	const BIGNUM *p;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *rh, *tmp, *Z4, *Z6;
-	int ret = -1;
-
-	if (EC_POINT_is_at_infinity(group, point))
-		return 1;
-	
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;
-	p = &group->field;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return -1;
-		}
-
-	BN_CTX_start(ctx);
-	rh = BN_CTX_get(ctx);
-	tmp = BN_CTX_get(ctx);
-	Z4 = BN_CTX_get(ctx);
-	Z6 = BN_CTX_get(ctx);
-	if (Z6 == NULL) goto err;
-
-	/* We have a curve defined by a Weierstrass equation
-	 *      y^2 = x^3 + a*x + b.
-	 * The point to consider is given in Jacobian projective coordinates
-	 * where  (X, Y, Z)  represents  (x, y) = (X/Z^2, Y/Z^3).
-	 * Substituting this and multiplying by  Z^6  transforms the above equation into
-	 *      Y^2 = X^3 + a*X*Z^4 + b*Z^6.
-	 * To test this, we add up the right-hand side in 'rh'.
-	 */
-
-	/* rh := X^2 */
-	if (!field_sqr(group, rh, &point->X, ctx)) goto err;
-
-	if (!point->Z_is_one)
-		{
-		if (!field_sqr(group, tmp, &point->Z, ctx)) goto err;
-		if (!field_sqr(group, Z4, tmp, ctx)) goto err;
-		if (!field_mul(group, Z6, Z4, tmp, ctx)) goto err;
-
-		/* rh := (rh + a*Z^4)*X */
-		if (group->a_is_minus3)
-			{
-			if (!BN_mod_lshift1_quick(tmp, Z4, p)) goto err;
-			if (!BN_mod_add_quick(tmp, tmp, Z4, p)) goto err;
-			if (!BN_mod_sub_quick(rh, rh, tmp, p)) goto err;
-			if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
-			}
-		else
-			{
-			if (!field_mul(group, tmp, Z4, &group->a, ctx)) goto err;
-			if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err;
-			if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
-			}
-
-		/* rh := rh + b*Z^6 */
-		if (!field_mul(group, tmp, &group->b, Z6, ctx)) goto err;
-		if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err;
-		}
-	else
-		{
-		/* point->Z_is_one */
-
-		/* rh := (rh + a)*X */
-		if (!BN_mod_add_quick(rh, rh, &group->a, p)) goto err;
-		if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
-		/* rh := rh + b */
-		if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err;
-		}
-
-	/* 'lh' := Y^2 */
-	if (!field_sqr(group, tmp, &point->Y, ctx)) goto err;
-
-	ret = (0 == BN_ucmp(tmp, rh));
-
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-	{
-	/* return values:
-	 *  -1   error
-	 *   0   equal (in affine coordinates)
-	 *   1   not equal
-	 */
-
-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
-	const BIGNUM *tmp1_, *tmp2_;
-	int ret = -1;
-	
-	if (EC_POINT_is_at_infinity(group, a))
-		{
-		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
-		}
-
-	if (EC_POINT_is_at_infinity(group, b))
-		return 1;
-	
-	if (a->Z_is_one && b->Z_is_one)
-		{
-		return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
-		}
-
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return -1;
-		}
-
-	BN_CTX_start(ctx);
-	tmp1 = BN_CTX_get(ctx);
-	tmp2 = BN_CTX_get(ctx);
-	Za23 = BN_CTX_get(ctx);
-	Zb23 = BN_CTX_get(ctx);
-	if (Zb23 == NULL) goto end;
-
-	/* We have to decide whether
-	 *     (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
-	 * or equivalently, whether
-	 *     (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
-	 */
-
-	if (!b->Z_is_one)
-		{
-		if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end;
-		if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end;
-		tmp1_ = tmp1;
-		}
-	else
-		tmp1_ = &a->X;
-	if (!a->Z_is_one)
-		{
-		if (!field_sqr(group, Za23, &a->Z, ctx)) goto end;
-		if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end;
-		tmp2_ = tmp2;
-		}
-	else
-		tmp2_ = &b->X;
-	
-	/* compare  X_a*Z_b^2  with  X_b*Z_a^2 */
-	if (BN_cmp(tmp1_, tmp2_) != 0)
-		{
-		ret = 1; /* points differ */
-		goto end;
-		}
-
-
-	if (!b->Z_is_one)
-		{
-		if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end;
-		if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end;
-		/* tmp1_ = tmp1 */
-		}
-	else
-		tmp1_ = &a->Y;
-	if (!a->Z_is_one)
-		{
-		if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end;
-		if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end;
-		/* tmp2_ = tmp2 */
-		}
-	else
-		tmp2_ = &b->Y;
-
-	/* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */
-	if (BN_cmp(tmp1_, tmp2_) != 0)
-		{
-		ret = 1; /* points differ */
-		goto end;
-		}
-
-	/* points are equal */
-	ret = 0;
-
- end:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *x, *y;
-	int ret = 0;
-
-	if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
-		return 1;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	if (y == NULL) goto err;
-
-	if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-	if (!point->Z_is_one)
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-	
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp, *tmp_Z;
-	BIGNUM **prod_Z = NULL;
-	size_t i;
-	int ret = 0;
-
-	if (num == 0)
-		return 1;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	tmp = BN_CTX_get(ctx);
-	tmp_Z = BN_CTX_get(ctx);
-	if (tmp == NULL || tmp_Z == NULL) goto err;
-
-	prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
-	if (prod_Z == NULL) goto err;
-	for (i = 0; i < num; i++)
-		{
-		prod_Z[i] = BN_new();
-		if (prod_Z[i] == NULL) goto err;
-		}
-
-	/* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
-	 * skipping any zero-valued inputs (pretend that they're 1). */
-
-	if (!BN_is_zero(&points[0]->Z))
-		{
-		if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err;
-		}
-	else
-		{
-		if (group->meth->field_set_to_one != 0)
-			{
-			if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err;
-			}
-		else
-			{
-			if (!BN_one(prod_Z[0])) goto err;
-			}
-		}
-
-	for (i = 1; i < num; i++)
-		{
-		if (!BN_is_zero(&points[i]->Z))
-			{
-			if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err;
-			}
-		else
-			{
-			if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err;
-			}
-		}
-
-	/* Now use a single explicit inversion to replace every
-	 * non-zero points[i]->Z by its inverse. */
-
-	if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx))
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
-		goto err;
-		}
-	if (group->meth->field_encode != 0)
-		{
-		/* In the Montgomery case, we just turned  R*H  (representing H)
-		 * into  1/(R*H),  but we need  R*(1/H)  (representing 1/H);
-		 * i.e. we need to multiply by the Montgomery factor twice. */
-		if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
-		if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
-		}
-
-	for (i = num - 1; i > 0; --i)
-		{
-		/* Loop invariant: tmp is the product of the inverses of
-		 * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */
-		if (!BN_is_zero(&points[i]->Z))
-			{
-			/* Set tmp_Z to the inverse of points[i]->Z (as product
-			 * of Z inverses 0 .. i, Z values 0 .. i - 1). */
-			if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err;
-			/* Update tmp to satisfy the loop invariant for i - 1. */
-			if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err;
-			/* Replace points[i]->Z by its inverse. */
-			if (!BN_copy(&points[i]->Z, tmp_Z)) goto err;
-			}
-		}
-
-	if (!BN_is_zero(&points[0]->Z))
-		{
-		/* Replace points[0]->Z by its inverse. */
-		if (!BN_copy(&points[0]->Z, tmp)) goto err;
-		}
-
-	/* Finally, fix up the X and Y coordinates for all points. */
-
-	for (i = 0; i < num; i++)
-		{
-		EC_POINT *p = points[i];
-
-		if (!BN_is_zero(&p->Z))
-			{
-			/* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
-
-			if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err;
-			if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err;
-
-			if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err;
-			if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err;
-
-			if (group->meth->field_set_to_one != 0)
-				{
-				if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
-				}
-			else
-				{
-				if (!BN_one(&p->Z)) goto err;
-				}
-			p->Z_is_one = 1;
-			}
-		}
-
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	if (prod_Z != NULL)
-		{
-		for (i = 0; i < num; i++)
-			{
-			if (prod_Z[i] == NULL) break;
-			BN_clear_free(prod_Z[i]);
-			}
-		OPENSSL_free(prod_Z);
-		}
-	return ret;
-	}
-
-
-int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	return BN_mod_mul(r, a, b, &group->field, ctx);
-	}
-
-
-int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-	{
-	return BN_mod_sqr(r, a, &group->field, ctx);
-	}
diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c
deleted file mode 100644
index 8e4154d865..0000000000
--- a/crypto/ec/ectest.c
+++ /dev/null
@@ -1,1525 +0,0 @@
-/* crypto/ec/ectest.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#ifdef FLAT_INC
-#include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
-#include <string.h>
-#include <time.h>
-
-
-#ifdef OPENSSL_NO_EC
-int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; }
-#else
-
-
-#include <openssl/ec.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-#include <openssl/opensslconf.h>
-
-#if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
-/* suppress "too big too optimize" warning */
-#pragma warning(disable:4959)
-#endif
-
-#define ABORT do { \
-	fflush(stdout); \
-	fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
-	ERR_print_errors_fp(stderr); \
-	EXIT(1); \
-} while (0)
-
-#define TIMING_BASE_PT 0
-#define TIMING_RAND_PT 1
-#define TIMING_SIMUL 2
-
-#if 0
-static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
-	{
-	clock_t clck;
-	int i, j;
-	BIGNUM *s;
-	BIGNUM *r[10], *r0[10];
-	EC_POINT *P;
-		
-	s = BN_new();
-	if (s == NULL) ABORT;
-
-	fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
-	if (!EC_GROUP_get_order(group, s, ctx)) ABORT;
-	fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
-	fflush(stdout);
-
-	P = EC_POINT_new(group);
-	if (P == NULL) ABORT;
-	EC_POINT_copy(P, EC_GROUP_get0_generator(group));
-
-	for (i = 0; i < 10; i++)
-		{
-		if ((r[i] = BN_new()) == NULL) ABORT;
-		if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT;
-		if (type != TIMING_BASE_PT)
-			{
-			if ((r0[i] = BN_new()) == NULL) ABORT;
-			if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT;
-			}
-		}
-
-	clck = clock();
-	for (i = 0; i < 10; i++)
-		{
-		for (j = 0; j < 10; j++)
-			{
-			if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL, 
-				(type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT;
-			}
-		}
-	clck = clock() - clck;
-
-	fprintf(stdout, "\n");
-
-#ifdef CLOCKS_PER_SEC
-	/* "To determine the time in seconds, the value returned
-	 * by the clock function should be divided by the value
-	 * of the macro CLOCKS_PER_SEC."
-	 *                                       -- ISO/IEC 9899 */
-#	define UNIT "s"
-#else
-	/* "`CLOCKS_PER_SEC' undeclared (first use this function)"
-	 *                            -- cc on NeXTstep/OpenStep */
-#	define UNIT "units"
-#	define CLOCKS_PER_SEC 1
-#endif
-
-	if (type == TIMING_BASE_PT) {
-		fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
-			"base point multiplications", (double)clck/CLOCKS_PER_SEC);
-	} else if (type == TIMING_RAND_PT) {
-		fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
-			"random point multiplications", (double)clck/CLOCKS_PER_SEC);
-	} else if (type == TIMING_SIMUL) {
-		fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
-			"s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC);
-	}
-	fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j));
-
-	EC_POINT_free(P);
-	BN_free(s);
-	for (i = 0; i < 10; i++)
-		{
-		BN_free(r[i]);
-		if (type != TIMING_BASE_PT) BN_free(r0[i]);
-		}
-	}
-#endif
-
-/* test multiplication with group order, long and negative scalars */
-static void group_order_tests(EC_GROUP *group)
-	{
-	BIGNUM *n1, *n2, *order;
-	EC_POINT *P = EC_POINT_new(group);
-	EC_POINT *Q = EC_POINT_new(group);
-	BN_CTX *ctx = BN_CTX_new();
-	int i;
-
-	n1 = BN_new(); n2 = BN_new(); order = BN_new();
-	fprintf(stdout, "verify group order ...");
-	fflush(stdout);
-	if (!EC_GROUP_get_order(group, order, ctx)) ABORT;
-	if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-	fprintf(stdout, ".");
-	fflush(stdout);
-	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-	if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
-	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-	fprintf(stdout, " ok\n");
-	fprintf(stdout, "long/negative scalar tests ");
-        for (i = 1; i <= 2; i++)
-		{
-		const BIGNUM *scalars[6];
-		const EC_POINT *points[6];
-
-		fprintf(stdout, i == 1 ?
-			"allowing precomputation ... " :
-			"without precomputation ... ");
-		if (!BN_set_word(n1, i)) ABORT;
-		/* If i == 1, P will be the predefined generator for which
-		 * EC_GROUP_precompute_mult has set up precomputation. */
-		if (!EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) ABORT;
-
-		if (!BN_one(n1)) ABORT;
-		/* n1 = 1 - order */
-		if (!BN_sub(n1, n1, order)) ABORT;
-		if (!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) ABORT;
-		if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
-
-		/* n2 = 1 + order */
-		if (!BN_add(n2, order, BN_value_one())) ABORT;
-		if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
-		if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
-
-		/* n2 = (1 - order) * (1 + order) = 1 - order^2 */
-		if (!BN_mul(n2, n1, n2, ctx)) ABORT;
-		if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
-		if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
-
-		/* n2 = order^2 - 1 */
-		BN_set_negative(n2, 0);
-		if (!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
-		/* Add P to verify the result. */
-		if (!EC_POINT_add(group, Q, Q, P, ctx)) ABORT;
-		if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-
-		/* Exercise EC_POINTs_mul, including corner cases. */
-		if (EC_POINT_is_at_infinity(group, P)) ABORT;
-		scalars[0] = n1; points[0] = Q; /* => infinity */
-		scalars[1] = n2; points[1] = P; /* => -P */
-		scalars[2] = n1; points[2] = Q; /* => infinity */
-		scalars[3] = n2; points[3] = Q; /* => infinity */
-		scalars[4] = n1; points[4] = P; /* => P */
-		scalars[5] = n2; points[5] = Q; /* => infinity */
-		if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) ABORT;
-		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-		}
-	fprintf(stdout, "ok\n");
-
-	EC_POINT_free(P);
-	EC_POINT_free(Q);
-	BN_free(n1);
-	BN_free(n2);
-	BN_free(order);
-	BN_CTX_free(ctx);
-	}
-
-static void prime_field_tests(void)
-	{
-	BN_CTX *ctx = NULL;
-	BIGNUM *p, *a, *b;
-	EC_GROUP *group;
-	EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
-	EC_POINT *P, *Q, *R;
-	BIGNUM *x, *y, *z;
-	unsigned char buf[100];
-	size_t i, len;
-	int k;
-	
-#if 1 /* optional */
-	ctx = BN_CTX_new();
-	if (!ctx) ABORT;
-#endif
-
-	p = BN_new();
-	a = BN_new();
-	b = BN_new();
-	if (!p || !a || !b) ABORT;
-
-	if (!BN_hex2bn(&p, "17")) ABORT;
-	if (!BN_hex2bn(&a, "1")) ABORT;
-	if (!BN_hex2bn(&b, "1")) ABORT;
-	
-	group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
-	                                             * so that the library gets to choose the EC_METHOD */
-	if (!group) ABORT;
-
-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
-	{
-		EC_GROUP *tmp;
-		tmp = EC_GROUP_new(EC_GROUP_method_of(group));
-		if (!tmp) ABORT;
-		if (!EC_GROUP_copy(tmp, group)) ABORT;
-		EC_GROUP_free(group);
-		group = tmp;
-	}
-	
-	if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT;
-
-	fprintf(stdout, "Curve defined by Weierstrass equation\n     y^2 = x^3 + a*x + b  (mod 0x");
-	BN_print_fp(stdout, p);
-	fprintf(stdout, ")\n     a = 0x");
-	BN_print_fp(stdout, a);
-	fprintf(stdout, "\n     b = 0x");
-	BN_print_fp(stdout, b);
-	fprintf(stdout, "\n");
-
-	P = EC_POINT_new(group);
-	Q = EC_POINT_new(group);
-	R = EC_POINT_new(group);
-	if (!P || !Q || !R) ABORT;
-	
-	if (!EC_POINT_set_to_infinity(group, P)) ABORT;
-	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
-	buf[0] = 0;
-	if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
-
-	if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
-	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
-	x = BN_new();
-	y = BN_new();
-	z = BN_new();
-	if (!x || !y || !z) ABORT;
-
-	if (!BN_hex2bn(&x, "D")) ABORT;
-	if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, Q, ctx))
-		{
-		if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
-		fprintf(stderr, "Point is not on curve: x = 0x");
-		BN_print_fp(stderr, x);
-		fprintf(stderr, ", y = 0x");
-		BN_print_fp(stderr, y);
-		fprintf(stderr, "\n");
-		ABORT;
-		}
-
-	fprintf(stdout, "A cyclic subgroup:\n");
-	k = 100;
-	do
-		{
-		if (k-- == 0) ABORT;
-
-		if (EC_POINT_is_at_infinity(group, P))
-			fprintf(stdout, "     point at infinity\n");
-		else
-			{
-			if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
-
-			fprintf(stdout, "     x = 0x");
-			BN_print_fp(stdout, x);
-			fprintf(stdout, ", y = 0x");
-			BN_print_fp(stdout, y);
-			fprintf(stdout, "\n");
-			}
-		
-		if (!EC_POINT_copy(R, P)) ABORT;
-		if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
-
-#if 0 /* optional */
-		{
-			EC_POINT *points[3];
-		
-			points[0] = R;
-			points[1] = Q;
-			points[2] = P;
-			if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT;
-		}
-#endif
-
-		}
-	while (!EC_POINT_is_at_infinity(group, P));
-
-	if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
-	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
-	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
-	if (len == 0) ABORT;
-	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
-	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
-	fprintf(stdout, "Generator as octet string, compressed form:\n     ");
-	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
-	
-	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
-	if (len == 0) ABORT;
-	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
-	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
-	fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
-	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
-	
-	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
-	if (len == 0) ABORT;
-	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
-	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
-	fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
-	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
-	
-	if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT;
-	fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n     X = 0x");
-	BN_print_fp(stdout, x);
-	fprintf(stdout, ", Y = 0x");
-	BN_print_fp(stdout, y);
-	fprintf(stdout, ", Z = 0x");
-	BN_print_fp(stdout, z);
-	fprintf(stdout, "\n");
-
-	if (!EC_POINT_invert(group, P, ctx)) ABORT;
-	if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
-
-
-	/* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000)
-	 * -- not a NIST curve, but commonly used */
-	
-	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT;
-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
-	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT;
-	if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT;
-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
-	if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT;
-	if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
-	if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
-	if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT;
-	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
-
-	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
-	fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n     x = 0x");
-	BN_print_fp(stdout, x);
-	fprintf(stdout, "\n     y = 0x");
-	BN_print_fp(stdout, y);
-	fprintf(stdout, "\n");
-	/* G_y value taken from the standard: */
-	if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
-	if (0 != BN_cmp(y, z)) ABORT;
-
-	fprintf(stdout, "verify degree ...");
-	if (EC_GROUP_get_degree(group) != 160) ABORT;
-	fprintf(stdout, " ok\n");
-	
-	group_order_tests(group);
-
-	if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
-	if (!EC_GROUP_copy(P_160, group)) ABORT;
-
-
-	/* Curve P-192 (FIPS PUB 186-2, App. 6) */
-	
-	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT;
-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
-	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT;
-	if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT;
-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
-	if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;
-	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
-	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;
-	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
-
-	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
-	fprintf(stdout, "\nNIST curve P-192 -- Generator:\n     x = 0x");
-	BN_print_fp(stdout, x);
-	fprintf(stdout, "\n     y = 0x");
-	BN_print_fp(stdout, y);
-	fprintf(stdout, "\n");
-	/* G_y value taken from the standard: */
-	if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT;
-	if (0 != BN_cmp(y, z)) ABORT;
-
-	fprintf(stdout, "verify degree ...");
-	if (EC_GROUP_get_degree(group) != 192) ABORT;
-	fprintf(stdout, " ok\n");
-	
-	group_order_tests(group);
-
-	if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
-	if (!EC_GROUP_copy(P_192, group)) ABORT;
-
-
-	/* Curve P-224 (FIPS PUB 186-2, App. 6) */
-	
-	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT;
-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
-	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT;
-	if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT;
-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
-	if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;
-	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
-	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;
-	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
-
-	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
-	fprintf(stdout, "\nNIST curve P-224 -- Generator:\n     x = 0x");
-	BN_print_fp(stdout, x);
-	fprintf(stdout, "\n     y = 0x");
-	BN_print_fp(stdout, y);
-	fprintf(stdout, "\n");
-	/* G_y value taken from the standard: */
-	if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT;
-	if (0 != BN_cmp(y, z)) ABORT;
-	
-	fprintf(stdout, "verify degree ...");
-	if (EC_GROUP_get_degree(group) != 224) ABORT;
-	fprintf(stdout, " ok\n");
-	
-	group_order_tests(group);
-
-	if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
-	if (!EC_GROUP_copy(P_224, group)) ABORT;
-
-
-	/* Curve P-256 (FIPS PUB 186-2, App. 6) */
-	
-	if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
-	if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
-	if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;
-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
-	if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
-	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
-	if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
-		"84F3B9CAC2FC632551")) ABORT;
-	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
-
-	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
-	fprintf(stdout, "\nNIST curve P-256 -- Generator:\n     x = 0x");
-	BN_print_fp(stdout, x);
-	fprintf(stdout, "\n     y = 0x");
-	BN_print_fp(stdout, y);
-	fprintf(stdout, "\n");
-	/* G_y value taken from the standard: */
-	if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT;
-	if (0 != BN_cmp(y, z)) ABORT;
-	
-	fprintf(stdout, "verify degree ...");
-	if (EC_GROUP_get_degree(group) != 256) ABORT;
-	fprintf(stdout, " ok\n");
-	
-	group_order_tests(group);
-
-	if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
-	if (!EC_GROUP_copy(P_256, group)) ABORT;
-
-
-	/* Curve P-384 (FIPS PUB 186-2, App. 6) */
-	
-	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-		"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
-	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-		"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
-	if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
-		"120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
-	if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
-		"9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
-	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
-	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-		"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
-	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
-
-	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
-	fprintf(stdout, "\nNIST curve P-384 -- Generator:\n     x = 0x");
-	BN_print_fp(stdout, x);
-	fprintf(stdout, "\n     y = 0x");
-	BN_print_fp(stdout, y);
-	fprintf(stdout, "\n");
-	/* G_y value taken from the standard: */
-	if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
-		"7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
-	if (0 != BN_cmp(y, z)) ABORT;
-	
-	fprintf(stdout, "verify degree ...");
-	if (EC_GROUP_get_degree(group) != 384) ABORT;
-	fprintf(stdout, " ok\n");
-
-	group_order_tests(group);
-
-	if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
-	if (!EC_GROUP_copy(P_384, group)) ABORT;
-
-
-	/* Curve P-521 (FIPS PUB 186-2, App. 6) */
-	
-	if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
-	if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
-	if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
-		"315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
-		"DF883D2C34F1EF451FD46B503F00")) ABORT;
-	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
-	if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
-		"B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
-		"3C1856A429BF97E7E31C2E5BD66")) ABORT;
-	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
-	if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-		"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
-		"C9B8899C47AEBB6FB71E91386409")) ABORT;
-	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
-
-	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
-	fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");
-	BN_print_fp(stdout, x);
-	fprintf(stdout, "\n     y = 0x");
-	BN_print_fp(stdout, y);
-	fprintf(stdout, "\n");
-	/* G_y value taken from the standard: */
-	if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
-		"B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
-		"7086A272C24088BE94769FD16650")) ABORT;
-	if (0 != BN_cmp(y, z)) ABORT;
-	
-	fprintf(stdout, "verify degree ...");
-	if (EC_GROUP_get_degree(group) != 521) ABORT;
-	fprintf(stdout, " ok\n");
-
- 	group_order_tests(group);
-
-	if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
-	if (!EC_GROUP_copy(P_521, group)) ABORT;
-
-
-	/* more tests using the last curve */
-
-	if (!EC_POINT_copy(Q, P)) ABORT;
-	if (EC_POINT_is_at_infinity(group, Q)) ABORT;
-	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
-	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
-
-	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
-	if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
-	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
-
-	{
-		const EC_POINT *points[4];
-		const BIGNUM *scalars[4];
-		BIGNUM scalar3;
-	
-		if (EC_POINT_is_at_infinity(group, Q)) ABORT;
-		points[0] = Q;
-		points[1] = Q;
-		points[2] = Q;
-		points[3] = Q;
-
-		if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
-		if (!BN_add(y, z, BN_value_one())) ABORT;
-		if (BN_is_odd(y)) ABORT;
-		if (!BN_rshift1(y, y)) ABORT;
-		scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
-		scalars[1] = y;
-
-		fprintf(stdout, "combined multiplication ...");
-		fflush(stdout);
-
-		/* z is still the group order */
-		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
-		if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
-		if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
-		if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
-
-		fprintf(stdout, ".");
-		fflush(stdout);
-
-		if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
-		if (!BN_add(z, z, y)) ABORT;
-		BN_set_negative(z, 1);
-		scalars[0] = y;
-		scalars[1] = z; /* z = -(order + y) */
-
-		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
-		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
-		fprintf(stdout, ".");
-		fflush(stdout);
-
-		if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
-		if (!BN_add(z, x, y)) ABORT;
-		BN_set_negative(z, 1);
-		scalars[0] = x;
-		scalars[1] = y;
-		scalars[2] = z; /* z = -(x+y) */
-
-		BN_init(&scalar3);
-		BN_zero(&scalar3);
-		scalars[3] = &scalar3;
-
-		if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT;
-		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
-		fprintf(stdout, " ok\n\n");
-
-		BN_free(&scalar3);
-	}
-
-
-#if 0
-	timings(P_160, TIMING_BASE_PT, ctx);
-	timings(P_160, TIMING_RAND_PT, ctx);
-	timings(P_160, TIMING_SIMUL, ctx);
-	timings(P_192, TIMING_BASE_PT, ctx);
-	timings(P_192, TIMING_RAND_PT, ctx);
-	timings(P_192, TIMING_SIMUL, ctx);
-	timings(P_224, TIMING_BASE_PT, ctx);
-	timings(P_224, TIMING_RAND_PT, ctx);
-	timings(P_224, TIMING_SIMUL, ctx);
-	timings(P_256, TIMING_BASE_PT, ctx);
-	timings(P_256, TIMING_RAND_PT, ctx);
-	timings(P_256, TIMING_SIMUL, ctx);
-	timings(P_384, TIMING_BASE_PT, ctx);
-	timings(P_384, TIMING_RAND_PT, ctx);
-	timings(P_384, TIMING_SIMUL, ctx);
-	timings(P_521, TIMING_BASE_PT, ctx);
-	timings(P_521, TIMING_RAND_PT, ctx);
-	timings(P_521, TIMING_SIMUL, ctx);
-#endif
-
-
-	if (ctx)
-		BN_CTX_free(ctx);
-	BN_free(p); BN_free(a);	BN_free(b);
-	EC_GROUP_free(group);
-	EC_POINT_free(P);
-	EC_POINT_free(Q);
-	EC_POINT_free(R);
-	BN_free(x); BN_free(y); BN_free(z);
-
-	if (P_160) EC_GROUP_free(P_160);
-	if (P_192) EC_GROUP_free(P_192);
-	if (P_224) EC_GROUP_free(P_224);
-	if (P_256) EC_GROUP_free(P_256);
-	if (P_384) EC_GROUP_free(P_384);
-	if (P_521) EC_GROUP_free(P_521);
-
-	}
-
-/* Change test based on whether binary point compression is enabled or not. */
-#ifdef OPENSSL_EC_BIN_PT_COMP
-#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
-	if (!BN_hex2bn(&x, _x)) ABORT; \
-	if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
-	if (!BN_hex2bn(&z, _order)) ABORT; \
-	if (!BN_hex2bn(&cof, _cof)) ABORT; \
-	if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
-	if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
-	fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
-	BN_print_fp(stdout, x); \
-	fprintf(stdout, "\n     y = 0x"); \
-	BN_print_fp(stdout, y); \
-	fprintf(stdout, "\n"); \
-	/* G_y value taken from the standard: */ \
-	if (!BN_hex2bn(&z, _y)) ABORT; \
-	if (0 != BN_cmp(y, z)) ABORT;
-#else 
-#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
-	if (!BN_hex2bn(&x, _x)) ABORT; \
-	if (!BN_hex2bn(&y, _y)) ABORT; \
-	if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
-	if (!BN_hex2bn(&z, _order)) ABORT; \
-	if (!BN_hex2bn(&cof, _cof)) ABORT; \
-	if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
-	fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
-	BN_print_fp(stdout, x); \
-	fprintf(stdout, "\n     y = 0x"); \
-	BN_print_fp(stdout, y); \
-	fprintf(stdout, "\n");
-#endif
-
-#define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
-	if (!BN_hex2bn(&p, _p)) ABORT; \
-	if (!BN_hex2bn(&a, _a)) ABORT; \
-	if (!BN_hex2bn(&b, _b)) ABORT; \
-	if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \
-	CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
-	fprintf(stdout, "verify degree ..."); \
-	if (EC_GROUP_get_degree(group) != _degree) ABORT; \
-	fprintf(stdout, " ok\n"); \
-	group_order_tests(group); \
-	if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \
-	if (!EC_GROUP_copy(_variable, group)) ABORT; \
-
-#ifndef OPENSSL_NO_EC2M
-
-static void char2_field_tests(void)
-	{
-	BN_CTX *ctx = NULL;
-	BIGNUM *p, *a, *b;
-	EC_GROUP *group;
-	EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = NULL, *C2_K571 = NULL;
-	EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL;
-	EC_POINT *P, *Q, *R;
-	BIGNUM *x, *y, *z, *cof;
-	unsigned char buf[100];
-	size_t i, len;
-	int k;
-	
-#if 1 /* optional */
-	ctx = BN_CTX_new();
-	if (!ctx) ABORT;
-#endif
-
-	p = BN_new();
-	a = BN_new();
-	b = BN_new();
-	if (!p || !a || !b) ABORT;
-
-	if (!BN_hex2bn(&p, "13")) ABORT;
-	if (!BN_hex2bn(&a, "3")) ABORT;
-	if (!BN_hex2bn(&b, "1")) ABORT;
-	
-	group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m
-	                                                * so that the library gets to choose the EC_METHOD */
-	if (!group) ABORT;
-	if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT;
-
-	{
-		EC_GROUP *tmp;
-		tmp = EC_GROUP_new(EC_GROUP_method_of(group));
-		if (!tmp) ABORT;
-		if (!EC_GROUP_copy(tmp, group)) ABORT;
-		EC_GROUP_free(group);
-		group = tmp;
-	}
-	
-	if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) ABORT;
-
-	fprintf(stdout, "Curve defined by Weierstrass equation\n     y^2 + x*y = x^3 + a*x^2 + b  (mod 0x");
-	BN_print_fp(stdout, p);
-	fprintf(stdout, ")\n     a = 0x");
-	BN_print_fp(stdout, a);
-	fprintf(stdout, "\n     b = 0x");
-	BN_print_fp(stdout, b);
-	fprintf(stdout, "\n(0x... means binary polynomial)\n");
-
-	P = EC_POINT_new(group);
-	Q = EC_POINT_new(group);
-	R = EC_POINT_new(group);
-	if (!P || !Q || !R) ABORT;
-	
-	if (!EC_POINT_set_to_infinity(group, P)) ABORT;
-	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
-	buf[0] = 0;
-	if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
-
-	if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
-	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
-	x = BN_new();
-	y = BN_new();
-	z = BN_new();
-	cof = BN_new();
-	if (!x || !y || !z || !cof) ABORT;
-
-	if (!BN_hex2bn(&x, "6")) ABORT;
-/* Change test based on whether binary point compression is enabled or not. */
-#ifdef OPENSSL_EC_BIN_PT_COMP
-	if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) ABORT;
-#else
-	if (!BN_hex2bn(&y, "8")) ABORT;
-	if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
-#endif
-	if (!EC_POINT_is_on_curve(group, Q, ctx))
-		{
-/* Change test based on whether binary point compression is enabled or not. */
-#ifdef OPENSSL_EC_BIN_PT_COMP
-		if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
-#endif
-		fprintf(stderr, "Point is not on curve: x = 0x");
-		BN_print_fp(stderr, x);
-		fprintf(stderr, ", y = 0x");
-		BN_print_fp(stderr, y);
-		fprintf(stderr, "\n");
-		ABORT;
-		}
-
-	fprintf(stdout, "A cyclic subgroup:\n");
-	k = 100;
-	do
-		{
-		if (k-- == 0) ABORT;
-
-		if (EC_POINT_is_at_infinity(group, P))
-			fprintf(stdout, "     point at infinity\n");
-		else
-			{
-			if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT;
-
-			fprintf(stdout, "     x = 0x");
-			BN_print_fp(stdout, x);
-			fprintf(stdout, ", y = 0x");
-			BN_print_fp(stdout, y);
-			fprintf(stdout, "\n");
-			}
-		
-		if (!EC_POINT_copy(R, P)) ABORT;
-		if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
-		}
-	while (!EC_POINT_is_at_infinity(group, P));
-
-	if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
-	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
-/* Change test based on whether binary point compression is enabled or not. */
-#ifdef OPENSSL_EC_BIN_PT_COMP
-	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
-	if (len == 0) ABORT;
-	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
-	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
-	fprintf(stdout, "Generator as octet string, compressed form:\n     ");
-	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
-#endif
-	
-	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
-	if (len == 0) ABORT;
-	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
-	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
-	fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
-	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
-	
-/* Change test based on whether binary point compression is enabled or not. */
-#ifdef OPENSSL_EC_BIN_PT_COMP
-	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
-	if (len == 0) ABORT;
-	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
-	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
-	fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
-	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
-#endif
-
-	fprintf(stdout, "\n");
-	
-	if (!EC_POINT_invert(group, P, ctx)) ABORT;
-	if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
-
-
-	/* Curve K-163 (FIPS PUB 186-2, App. 6) */
-	CHAR2_CURVE_TEST
-		(
-		"NIST curve K-163",
-		"0800000000000000000000000000000000000000C9",
-		"1",
-		"1",
-		"02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
-		"0289070FB05D38FF58321F2E800536D538CCDAA3D9",
-		1,
-		"04000000000000000000020108A2E0CC0D99F8A5EF",
-		"2",
-		163,
-		C2_K163
-		);
-
-	/* Curve B-163 (FIPS PUB 186-2, App. 6) */
-	CHAR2_CURVE_TEST
-		(
-		"NIST curve B-163",
-		"0800000000000000000000000000000000000000C9",
-		"1",
-		"020A601907B8C953CA1481EB10512F78744A3205FD",
-		"03F0EBA16286A2D57EA0991168D4994637E8343E36",
-		"00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
-		1,
-		"040000000000000000000292FE77E70C12A4234C33",
-		"2",
-		163,
-		C2_B163
-		);
-
-	/* Curve K-233 (FIPS PUB 186-2, App. 6) */
-	CHAR2_CURVE_TEST
-		(
-		"NIST curve K-233",
-		"020000000000000000000000000000000000000004000000000000000001",
-		"0",
-		"1",
-		"017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
-		"01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
-		0,
-		"008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
-		"4",
-		233,
-		C2_K233
-		);
-
-	/* Curve B-233 (FIPS PUB 186-2, App. 6) */
-	CHAR2_CURVE_TEST
-		(
-		"NIST curve B-233",
-		"020000000000000000000000000000000000000004000000000000000001",
-		"000000000000000000000000000000000000000000000000000000000001",
-		"0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
-		"00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
-		"01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
-		1,
-		"01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
-		"2",
-		233,
-		C2_B233
-		);
-
-	/* Curve K-283 (FIPS PUB 186-2, App. 6) */
-	CHAR2_CURVE_TEST
-		(
-		"NIST curve K-283",
-		"0800000000000000000000000000000000000000000000000000000000000000000010A1",
-		"0",
-		"1",
-		"0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
-		"01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
-		0,
-		"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
-		"4",
-		283,
-		C2_K283
-		);
-
-	/* Curve B-283 (FIPS PUB 186-2, App. 6) */
-	CHAR2_CURVE_TEST
-		(
-		"NIST curve B-283",
-		"0800000000000000000000000000000000000000000000000000000000000000000010A1",
-		"000000000000000000000000000000000000000000000000000000000000000000000001",
-		"027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
-		"05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
-		"03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
-		1,
-		"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
-		"2",
-		283,
-		C2_B283
-		);
-
-	/* Curve K-409 (FIPS PUB 186-2, App. 6) */
-	CHAR2_CURVE_TEST
-		(
-		"NIST curve K-409",
-		"02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
-		"0",
-		"1",
-		"0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
-		"01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
-		1,
-		"007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
-		"4",
-		409,
-		C2_K409
-		);
-
-	/* Curve B-409 (FIPS PUB 186-2, App. 6) */
-	CHAR2_CURVE_TEST
-		(
-		"NIST curve B-409",
-		"02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
-		"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-		"0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
-		"015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
-		"0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
-		1,
-		"010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
-		"2",
-		409,
-		C2_B409
-		);
-
-	/* Curve K-571 (FIPS PUB 186-2, App. 6) */
-	CHAR2_CURVE_TEST
-		(
-		"NIST curve K-571",
-		"80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
-		"0",
-		"1",
-		"026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
-		"0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
-		0,
-		"020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
-		"4",
-		571,
-		C2_K571
-		);
-
-	/* Curve B-571 (FIPS PUB 186-2, App. 6) */
-	CHAR2_CURVE_TEST
-		(
-		"NIST curve B-571",
-		"80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
-		"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
-		"02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
-		"0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
-		"037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
-		1,
-		"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
-		"2",
-		571,
-		C2_B571
-		);
-
-	/* more tests using the last curve */
-
-	if (!EC_POINT_copy(Q, P)) ABORT;
-	if (EC_POINT_is_at_infinity(group, Q)) ABORT;
-	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
-	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
-	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
-
-	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
-	if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
-	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
-
-	{
-		const EC_POINT *points[3];
-		const BIGNUM *scalars[3];
-	
-		if (EC_POINT_is_at_infinity(group, Q)) ABORT;
-		points[0] = Q;
-		points[1] = Q;
-		points[2] = Q;
-
-		if (!BN_add(y, z, BN_value_one())) ABORT;
-		if (BN_is_odd(y)) ABORT;
-		if (!BN_rshift1(y, y)) ABORT;
-		scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
-		scalars[1] = y;
-
-		fprintf(stdout, "combined multiplication ...");
-		fflush(stdout);
-
-		/* z is still the group order */
-		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
-		if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
-		if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
-		if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
-
-		fprintf(stdout, ".");
-		fflush(stdout);
-
-		if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
-		if (!BN_add(z, z, y)) ABORT;
-		BN_set_negative(z, 1);
-		scalars[0] = y;
-		scalars[1] = z; /* z = -(order + y) */
-
-		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
-		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
-		fprintf(stdout, ".");
-		fflush(stdout);
-
-		if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
-		if (!BN_add(z, x, y)) ABORT;
-		BN_set_negative(z, 1);
-		scalars[0] = x;
-		scalars[1] = y;
-		scalars[2] = z; /* z = -(x+y) */
-
-		if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT;
-		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
-		fprintf(stdout, " ok\n\n");
-	}
-
-
-#if 0
-	timings(C2_K163, TIMING_BASE_PT, ctx);
-	timings(C2_K163, TIMING_RAND_PT, ctx);
-	timings(C2_K163, TIMING_SIMUL, ctx);
-	timings(C2_B163, TIMING_BASE_PT, ctx);
-	timings(C2_B163, TIMING_RAND_PT, ctx);
-	timings(C2_B163, TIMING_SIMUL, ctx);
-	timings(C2_K233, TIMING_BASE_PT, ctx);
-	timings(C2_K233, TIMING_RAND_PT, ctx);
-	timings(C2_K233, TIMING_SIMUL, ctx);
-	timings(C2_B233, TIMING_BASE_PT, ctx);
-	timings(C2_B233, TIMING_RAND_PT, ctx);
-	timings(C2_B233, TIMING_SIMUL, ctx);
-	timings(C2_K283, TIMING_BASE_PT, ctx);
-	timings(C2_K283, TIMING_RAND_PT, ctx);
-	timings(C2_K283, TIMING_SIMUL, ctx);
-	timings(C2_B283, TIMING_BASE_PT, ctx);
-	timings(C2_B283, TIMING_RAND_PT, ctx);
-	timings(C2_B283, TIMING_SIMUL, ctx);
-	timings(C2_K409, TIMING_BASE_PT, ctx);
-	timings(C2_K409, TIMING_RAND_PT, ctx);
-	timings(C2_K409, TIMING_SIMUL, ctx);
-	timings(C2_B409, TIMING_BASE_PT, ctx);
-	timings(C2_B409, TIMING_RAND_PT, ctx);
-	timings(C2_B409, TIMING_SIMUL, ctx);
-	timings(C2_K571, TIMING_BASE_PT, ctx);
-	timings(C2_K571, TIMING_RAND_PT, ctx);
-	timings(C2_K571, TIMING_SIMUL, ctx);
-	timings(C2_B571, TIMING_BASE_PT, ctx);
-	timings(C2_B571, TIMING_RAND_PT, ctx);
-	timings(C2_B571, TIMING_SIMUL, ctx);
-#endif
-
-
-	if (ctx)
-		BN_CTX_free(ctx);
-	BN_free(p); BN_free(a);	BN_free(b);
-	EC_GROUP_free(group);
-	EC_POINT_free(P);
-	EC_POINT_free(Q);
-	EC_POINT_free(R);
-	BN_free(x); BN_free(y); BN_free(z); BN_free(cof);
-
-	if (C2_K163) EC_GROUP_free(C2_K163);
-	if (C2_B163) EC_GROUP_free(C2_B163);
-	if (C2_K233) EC_GROUP_free(C2_K233);
-	if (C2_B233) EC_GROUP_free(C2_B233);
-	if (C2_K283) EC_GROUP_free(C2_K283);
-	if (C2_B283) EC_GROUP_free(C2_B283);
-	if (C2_K409) EC_GROUP_free(C2_K409);
-	if (C2_B409) EC_GROUP_free(C2_B409);
-	if (C2_K571) EC_GROUP_free(C2_K571);
-	if (C2_B571) EC_GROUP_free(C2_B571);
-
-	}
-#endif
-
-static void internal_curve_test(void)
-	{
-	EC_builtin_curve *curves = NULL;
-	size_t crv_len = 0, n = 0;
-	int    ok = 1;
-
-	crv_len = EC_get_builtin_curves(NULL, 0);
-
-	curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
-
-	if (curves == NULL)
-		return;
-
-	if (!EC_get_builtin_curves(curves, crv_len))
-		{
-		OPENSSL_free(curves);
-		return;
-		}
-
-	fprintf(stdout, "testing internal curves: ");
-		
-	for (n = 0; n < crv_len; n++)
-		{
-		EC_GROUP *group = NULL;
-		int nid = curves[n].nid;
-		if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
-			{
-			ok = 0;
-			fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
-				" curve %s\n", OBJ_nid2sn(nid));
-			/* try next curve */
-			continue;
-			}
-		if (!EC_GROUP_check(group, NULL))
-			{
-			ok = 0;
-			fprintf(stdout, "\nEC_GROUP_check() failed with"
-				" curve %s\n", OBJ_nid2sn(nid));
-			EC_GROUP_free(group);
-			/* try the next curve */
-			continue;
-			}
-		fprintf(stdout, ".");
-		fflush(stdout);
-		EC_GROUP_free(group);
-		}
-	if (ok)
-		fprintf(stdout, " ok\n\n");
-	else
-		{
-		fprintf(stdout, " failed\n\n");
-		ABORT;
-		}
-	OPENSSL_free(curves);
-	return;
-	}
-
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-/* nistp_test_params contains magic numbers for testing our optimized
- * implementations of several NIST curves with characteristic > 3. */
-struct nistp_test_params
-	{
-	const EC_METHOD* (*meth) ();
-	int degree;
-	/* Qx, Qy and D are taken from
-	 * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
-	 * Otherwise, values are standard curve parameters from FIPS 180-3 */
-	const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
-	};
-
-static const struct nistp_test_params nistp_tests_params[] =
-	{
-		{
-		/* P-224 */
-		EC_GFp_nistp224_method,
-		224,
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", /* p */
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", /* a */
-		"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", /* b */
-		"E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", /* Qx */
-		"4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", /* Qy */
-		"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", /* Gx */
-		"BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", /* Gy */
-		"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", /* order */
-		"3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", /* d */
-		},
-		{
-		/* P-256 */
-		EC_GFp_nistp256_method,
-		256,
-		"ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", /* p */
-		"ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", /* a */
-		"5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", /* b */
-		"b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", /* Qx */
-		"3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", /* Qy */
-		"6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", /* Gx */
-		"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", /* Gy */
-		"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", /* order */
-		"c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", /* d */
-		},
-		{
-		/* P-521 */
-		EC_GFp_nistp521_method,
-		521,
-		"1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", /* p */
-		"1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", /* a */
-		"051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", /* b */
-		"0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", /* Qx */
-		"0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", /* Qy */
-		"c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", /* Gx */
-		"11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", /* Gy */
-		"1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", /* order */
-		"0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", /* d */
-		},
-	};
-
-static void nistp_single_test(const struct nistp_test_params *test)
-	{
-	BN_CTX *ctx;
-	BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
-	EC_GROUP *NISTP;
-	EC_POINT *G, *P, *Q, *Q_CHECK;
-
-	fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", test->degree);
-	ctx = BN_CTX_new();
-	p = BN_new();
-	a = BN_new();
-	b = BN_new();
-	x = BN_new(); y = BN_new();
-	m = BN_new(); n = BN_new(); order = BN_new();
-
-	NISTP = EC_GROUP_new(test->meth());
-	if(!NISTP) ABORT;
-	if (!BN_hex2bn(&p, test->p)) ABORT;
-	if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
-	if (!BN_hex2bn(&a, test->a)) ABORT;
-	if (!BN_hex2bn(&b, test->b)) ABORT;
-	if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) ABORT;
-	G = EC_POINT_new(NISTP);
-	P = EC_POINT_new(NISTP);
-	Q = EC_POINT_new(NISTP);
-	Q_CHECK = EC_POINT_new(NISTP);
-	if(!BN_hex2bn(&x, test->Qx)) ABORT;
-	if(!BN_hex2bn(&y, test->Qy)) ABORT;
-	if(!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) ABORT;
-	if (!BN_hex2bn(&x, test->Gx)) ABORT;
-	if (!BN_hex2bn(&y, test->Gy)) ABORT;
-	if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) ABORT;
-	if (!BN_hex2bn(&order, test->order)) ABORT;
-	if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
-
-	fprintf(stdout, "verify degree ... ");
-	if (EC_GROUP_get_degree(NISTP) != test->degree) ABORT;
-	fprintf(stdout, "ok\n");
-
-	fprintf(stdout, "NIST test vectors ... ");
-	if (!BN_hex2bn(&n, test->d)) ABORT;
-	/* fixed point multiplication */
-	EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
-	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
-	/* random point multiplication */
-	EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
-	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
-
-	/* set generator to P = 2*G, where G is the standard generator */
-	if (!EC_POINT_dbl(NISTP, P, G, ctx)) ABORT;
-	if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) ABORT;
-	/* set the scalar to m=n/2, where n is the NIST test scalar */
-	if (!BN_rshift(m, n, 1)) ABORT;
-
-	/* test the non-standard generator */
-	/* fixed point multiplication */
-	EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
-	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
-	/* random point multiplication */
-	EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
-	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
-
-	/* now repeat all tests with precomputation */
-	if (!EC_GROUP_precompute_mult(NISTP, ctx)) ABORT;
-
-	/* fixed point multiplication */
-	EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
-	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
-	/* random point multiplication */
-	EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
-	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
-
-	/* reset generator */
-	if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
-	/* fixed point multiplication */
-	EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
-	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
-	/* random point multiplication */
-	EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
-	if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
-
-	fprintf(stdout, "ok\n");
-	group_order_tests(NISTP);
-#if 0
-	timings(NISTP, TIMING_BASE_PT, ctx);
-	timings(NISTP, TIMING_RAND_PT, ctx);
-#endif
-	EC_GROUP_free(NISTP);
-	EC_POINT_free(G);
-	EC_POINT_free(P);
-	EC_POINT_free(Q);
-	EC_POINT_free(Q_CHECK);
-	BN_free(n);
-	BN_free(m);
-	BN_free(p);
-	BN_free(a);
-	BN_free(b);
-	BN_free(x);
-	BN_free(y);
-	BN_free(order);
-	BN_CTX_free(ctx);
-	}
-
-static void nistp_tests()
-	{
-	unsigned i;
-
-	for (i = 0; i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); i++)
-		{
-		nistp_single_test(&nistp_tests_params[i]);
-		}
-	}
-#endif
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int main(int argc, char *argv[])
-	{	
-	
-	/* enable memory leak checking unless explicitly disabled */
-	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
-		{
-		CRYPTO_malloc_debug_init();
-		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-		}
-	else
-		{
-		/* OPENSSL_DEBUG_MEMORY=off */
-		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
-		}
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-	ERR_load_crypto_strings();
-
-	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
-
-	prime_field_tests();
-	puts("");
-#ifndef OPENSSL_NO_EC2M
-	char2_field_tests();
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-	nistp_tests();
-#endif
-	/* test the internal curves */
-	internal_curve_test();
-
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_cleanup();
-#endif
-	CRYPTO_cleanup_all_ex_data();
-	ERR_free_strings();
-	ERR_remove_thread_state(NULL);
-	CRYPTO_mem_leaks_fp(stderr);
-	
-	return 0;
-	}
-#endif
diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h
deleted file mode 100644
index 8887102c0b..0000000000
--- a/crypto/ecdh/ecdh.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/* crypto/ecdh/ecdh.h */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_ECDH_H
-#define HEADER_ECDH_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_ECDH
-#error ECDH is disabled.
-#endif
-
-#include <openssl/ec.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-const ECDH_METHOD *ECDH_OpenSSL(void);
-
-void	  ECDH_set_default_method(const ECDH_METHOD *);
-const ECDH_METHOD *ECDH_get_default_method(void);
-int 	  ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
-
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-                     void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-
-int 	  ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 
-		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int 	  ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
-void 	  *ECDH_get_ex_data(EC_KEY *d, int idx);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ECDH_strings(void);
-
-/* Error codes for the ECDH functions. */
-
-/* Function codes. */
-#define ECDH_F_ECDH_CHECK				 102
-#define ECDH_F_ECDH_COMPUTE_KEY				 100
-#define ECDH_F_ECDH_DATA_NEW_METHOD			 101
-
-/* Reason codes. */
-#define ECDH_R_KDF_FAILED				 102
-#define ECDH_R_NON_FIPS_METHOD				 103
-#define ECDH_R_NO_PRIVATE_VALUE				 100
-#define ECDH_R_POINT_ARITHMETIC_FAILURE			 101
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
deleted file mode 100644
index 823d7baa65..0000000000
--- a/crypto/ecdh/ecdhtest.c
+++ /dev/null
@@ -1,374 +0,0 @@
-/* crypto/ecdh/ecdhtest.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_ECDH */
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-#include <openssl/err.h>
-
-#ifdef OPENSSL_NO_ECDH
-int main(int argc, char *argv[])
-{
-    printf("No ECDH support\n");
-    return(0);
-}
-#else
-#include <openssl/ec.h>
-#include <openssl/ecdh.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define MS_CALLBACK	_far _loadds
-#else
-#define MS_CALLBACK
-#endif
-
-#if 0
-static void MS_CALLBACK cb(int p, int n, void *arg);
-#endif
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-
-static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
-	{
-#ifndef OPENSSL_NO_SHA
-	if (*outlen < SHA_DIGEST_LENGTH)
-		return NULL;
-	else
-		*outlen = SHA_DIGEST_LENGTH;
-	return SHA1(in, inlen, out);
-#else
-	return NULL;
-#endif
-	}
-
-
-static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
-	{
-	EC_KEY *a=NULL;
-	EC_KEY *b=NULL;
-	BIGNUM *x_a=NULL, *y_a=NULL,
-	       *x_b=NULL, *y_b=NULL;
-	char buf[12];
-	unsigned char *abuf=NULL,*bbuf=NULL;
-	int i,alen,blen,aout,bout,ret=0;
-	const EC_GROUP *group;
-
-	a = EC_KEY_new_by_curve_name(nid);
-	b = EC_KEY_new_by_curve_name(nid);
-	if (a == NULL || b == NULL)
-		goto err;
-
-	group = EC_KEY_get0_group(a);
-
-	if ((x_a=BN_new()) == NULL) goto err;
-	if ((y_a=BN_new()) == NULL) goto err;
-	if ((x_b=BN_new()) == NULL) goto err;
-	if ((y_b=BN_new()) == NULL) goto err;
-
-	BIO_puts(out,"Testing key generation with ");
-	BIO_puts(out,text);
-#ifdef NOISY
-	BIO_puts(out,"\n");
-#else
-	(void)BIO_flush(out);
-#endif
-
-	if (!EC_KEY_generate_key(a)) goto err;
-	
-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
-		{
-		if (!EC_POINT_get_affine_coordinates_GFp(group,
-			EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
-		}
-#ifndef OPENSSL_NO_EC2M
-	else
-		{
-		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-			EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
-		}
-#endif
-#ifdef NOISY
-	BIO_puts(out,"  pri 1=");
-	BN_print(out,a->priv_key);
-	BIO_puts(out,"\n  pub 1=");
-	BN_print(out,x_a);
-	BIO_puts(out,",");
-	BN_print(out,y_a);
-	BIO_puts(out,"\n");
-#else
-	BIO_printf(out," .");
-	(void)BIO_flush(out);
-#endif
-
-	if (!EC_KEY_generate_key(b)) goto err;
-
-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
-		{
-		if (!EC_POINT_get_affine_coordinates_GFp(group, 
-			EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
-		}
-#ifndef OPENSSL_NO_EC2M
-	else
-		{
-		if (!EC_POINT_get_affine_coordinates_GF2m(group, 
-			EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
-		}
-#endif
-
-#ifdef NOISY
-	BIO_puts(out,"  pri 2=");
-	BN_print(out,b->priv_key);
-	BIO_puts(out,"\n  pub 2=");
-	BN_print(out,x_b);
-	BIO_puts(out,",");
-	BN_print(out,y_b);
-	BIO_puts(out,"\n");
-#else
-	BIO_printf(out,".");
-	(void)BIO_flush(out);
-#endif
-
-	alen=KDF1_SHA1_len;
-	abuf=(unsigned char *)OPENSSL_malloc(alen);
-	aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
-
-#ifdef NOISY
-	BIO_puts(out,"  key1 =");
-	for (i=0; i<aout; i++)
-		{
-		sprintf(buf,"%02X",abuf[i]);
-		BIO_puts(out,buf);
-		}
-	BIO_puts(out,"\n");
-#else
-	BIO_printf(out,".");
-	(void)BIO_flush(out);
-#endif
-
-	blen=KDF1_SHA1_len;
-	bbuf=(unsigned char *)OPENSSL_malloc(blen);
-	bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);
-
-#ifdef NOISY
-	BIO_puts(out,"  key2 =");
-	for (i=0; i<bout; i++)
-		{
-		sprintf(buf,"%02X",bbuf[i]);
-		BIO_puts(out,buf);
-		}
-	BIO_puts(out,"\n");
-#else
-	BIO_printf(out,".");
-	(void)BIO_flush(out);
-#endif
-
-	if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
-		{
-#ifndef NOISY
-		BIO_printf(out, " failed\n\n");
-		BIO_printf(out, "key a:\n");
-		BIO_printf(out, "private key: ");
-		BN_print(out, EC_KEY_get0_private_key(a));
-		BIO_printf(out, "\n");
-		BIO_printf(out, "public key (x,y): ");
-		BN_print(out, x_a);
-		BIO_printf(out, ",");
-		BN_print(out, y_a);
-		BIO_printf(out, "\nkey b:\n");
-		BIO_printf(out, "private key: ");
-		BN_print(out, EC_KEY_get0_private_key(b));
-		BIO_printf(out, "\n");
-		BIO_printf(out, "public key (x,y): ");
-		BN_print(out, x_b);
-		BIO_printf(out, ",");
-		BN_print(out, y_b);
-		BIO_printf(out, "\n");
-		BIO_printf(out, "generated key a: ");
-		for (i=0; i<bout; i++)
-			{
-			sprintf(buf, "%02X", bbuf[i]);
-			BIO_puts(out, buf);
-			}
-		BIO_printf(out, "\n");
-		BIO_printf(out, "generated key b: ");
-		for (i=0; i<aout; i++)
-			{
-			sprintf(buf, "%02X", abuf[i]);
-			BIO_puts(out,buf);
-			}
-		BIO_printf(out, "\n");
-#endif
-		fprintf(stderr,"Error in ECDH routines\n");
-		ret=0;
-		}
-	else
-		{
-#ifndef NOISY
-		BIO_printf(out, " ok\n");
-#endif
-		ret=1;
-		}
-err:
-	ERR_print_errors_fp(stderr);
-
-	if (abuf != NULL) OPENSSL_free(abuf);
-	if (bbuf != NULL) OPENSSL_free(bbuf);
-	if (x_a) BN_free(x_a);
-	if (y_a) BN_free(y_a);
-	if (x_b) BN_free(x_b);
-	if (y_b) BN_free(y_b);
-	if (b) EC_KEY_free(b);
-	if (a) EC_KEY_free(a);
-	return(ret);
-	}
-
-int main(int argc, char *argv[])
-	{
-	BN_CTX *ctx=NULL;
-	int ret=1;
-	BIO *out;
-
-	CRYPTO_malloc_debug_init();
-	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-#ifdef OPENSSL_SYS_WIN32
-	CRYPTO_malloc_init();
-#endif
-
-	RAND_seed(rnd_seed, sizeof rnd_seed);
-
-	out=BIO_new(BIO_s_file());
-	if (out == NULL) EXIT(1);
-	BIO_set_fp(out,stdout,BIO_NOCLOSE);
-
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-
-	/* NIST PRIME CURVES TESTS */
-	if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
-#ifndef OPENSSL_NO_EC2M
-	/* NIST BINARY CURVES TESTS */
-	if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
-	if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
-#endif
-
-	ret = 0;
-
-err:
-	ERR_print_errors_fp(stderr);
-	if (ctx) BN_CTX_free(ctx);
-	BIO_free(out);
-	CRYPTO_cleanup_all_ex_data();
-	ERR_remove_thread_state(NULL);
-	CRYPTO_mem_leaks_fp(stderr);
-	EXIT(ret);
-	return(ret);
-	}
-
-#if 0
-static void MS_CALLBACK cb(int p, int n, void *arg)
-	{
-	char c='*';
-
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	BIO_write((BIO *)arg,&c,1);
-	(void)BIO_flush((BIO *)arg);
-#ifdef LINT
-	p=n;
-#endif
-	}
-#endif
-#endif
diff --git a/crypto/ecdh/ech_err.c b/crypto/ecdh/ech_err.c
deleted file mode 100644
index 3bd247398d..0000000000
--- a/crypto/ecdh/ech_err.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/* crypto/ecdh/ech_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ecdh.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)
-
-static ERR_STRING_DATA ECDH_str_functs[]=
-	{
-{ERR_FUNC(ECDH_F_ECDH_CHECK),	"ECDH_CHECK"},
-{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY),	"ECDH_compute_key"},
-{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD),	"ECDH_DATA_new_method"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA ECDH_str_reasons[]=
-	{
-{ERR_REASON(ECDH_R_KDF_FAILED)           ,"KDF failed"},
-{ERR_REASON(ECDH_R_NON_FIPS_METHOD)      ,"non fips method"},
-{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE)     ,"no private value"},
-{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_ECDH_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,ECDH_str_functs);
-		ERR_load_strings(0,ECDH_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/ecdh/ech_key.c b/crypto/ecdh/ech_key.c
deleted file mode 100644
index 2988899ea2..0000000000
--- a/crypto/ecdh/ech_key.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* crypto/ecdh/ecdh_key.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ech_locl.h"
-
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-	EC_KEY *eckey,
-	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
-{
-	ECDH_DATA *ecdh = ecdh_check(eckey);
-	if (ecdh == NULL)
-		return 0;
-	return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
-}
diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
deleted file mode 100644
index 0644431b75..0000000000
--- a/crypto/ecdh/ech_lib.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/* crypto/ecdh/ech_lib.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ech_locl.h"
-#include <string.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
-
-static const ECDH_METHOD *default_ECDH_method = NULL;
-
-static void *ecdh_data_new(void);
-static void *ecdh_data_dup(void *);
-static void  ecdh_data_free(void *);
-
-void ECDH_set_default_method(const ECDH_METHOD *meth)
-	{
-	default_ECDH_method = meth;
-	}
-
-const ECDH_METHOD *ECDH_get_default_method(void)
-	{
-	if(!default_ECDH_method) 
-		{
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return FIPS_ecdh_openssl();
-		else
-			return ECDH_OpenSSL();
-#else
-		default_ECDH_method = ECDH_OpenSSL();
-#endif
-		}
-	return default_ECDH_method;
-	}
-
-int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
-	{
-	ECDH_DATA *ecdh;
-
-	ecdh = ecdh_check(eckey);
-
-	if (ecdh == NULL)
-		return 0;
-
-#if 0
-        mtmp = ecdh->meth;
-        if (mtmp->finish)
-		mtmp->finish(eckey);
-#endif
-#ifndef OPENSSL_NO_ENGINE
-	if (ecdh->engine)
-		{
-		ENGINE_finish(ecdh->engine);
-		ecdh->engine = NULL;
-		}
-#endif
-        ecdh->meth = meth;
-#if 0
-        if (meth->init) 
-		meth->init(eckey);
-#endif
-        return 1;
-	}
-
-static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
-	{
-	ECDH_DATA *ret;
-
-	ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
-	if (ret == NULL)
-		{
-		ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-
-	ret->init = NULL;
-
-	ret->meth = ECDH_get_default_method();
-	ret->engine = engine;
-#ifndef OPENSSL_NO_ENGINE
-	if (!ret->engine)
-		ret->engine = ENGINE_get_default_ECDH();
-	if (ret->engine)
-		{
-		ret->meth = ENGINE_get_ECDH(ret->engine);
-		if (!ret->meth)
-			{
-			ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
-			ENGINE_finish(ret->engine);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		}
-#endif
-
-	ret->flags = ret->meth->flags;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
-#if 0
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-		{
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-#endif	
-	return(ret);
-	}
-
-static void *ecdh_data_new(void)
-	{
-	return (void *)ECDH_DATA_new_method(NULL);
-	}
-
-static void *ecdh_data_dup(void *data)
-{
-	ECDH_DATA *r = (ECDH_DATA *)data;
-
-	/* XXX: dummy operation */
-	if (r == NULL)
-		return NULL;
-
-	return (void *)ecdh_data_new();
-}
-
-void ecdh_data_free(void *data)
-	{
-	ECDH_DATA *r = (ECDH_DATA *)data;
-
-#ifndef OPENSSL_NO_ENGINE
-	if (r->engine)
-		ENGINE_finish(r->engine);
-#endif
-
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
-
-	OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
-
-	OPENSSL_free(r);
-	}
-
-ECDH_DATA *ecdh_check(EC_KEY *key)
-	{
-	ECDH_DATA *ecdh_data;
- 
-	void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup,
-					ecdh_data_free, ecdh_data_free);
-	if (data == NULL)
-	{
-		ecdh_data = (ECDH_DATA *)ecdh_data_new();
-		if (ecdh_data == NULL)
-			return NULL;
-		data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
-			   ecdh_data_dup, ecdh_data_free, ecdh_data_free);
-		if (data != NULL)
-			{
-			/* Another thread raced us to install the key_method
-			 * data and won. */
-			ecdh_data_free(ecdh_data);
-			ecdh_data = (ECDH_DATA *)data;
-			}
-	}
-	else
-		ecdh_data = (ECDH_DATA *)data;
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
-			&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
-		{
-		ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
-		return NULL;
-		}
-#endif
-	
-
-	return ecdh_data;
-	}
-
-int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-	{
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
-				new_func, dup_func, free_func);
-	}
-
-int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)
-	{
-	ECDH_DATA *ecdh;
-	ecdh = ecdh_check(d);
-	if (ecdh == NULL)
-		return 0;
-	return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg));
-	}
-
-void *ECDH_get_ex_data(EC_KEY *d, int idx)
-	{
-	ECDH_DATA *ecdh;
-	ecdh = ecdh_check(d);
-	if (ecdh == NULL)
-		return NULL;
-	return(CRYPTO_get_ex_data(&ecdh->ex_data,idx));
-	}
diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
deleted file mode 100644
index f6cad6a894..0000000000
--- a/crypto/ecdh/ech_locl.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/* crypto/ecdh/ech_locl.h */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ECH_LOCL_H
-#define HEADER_ECH_LOCL_H
-
-#include <openssl/ecdh.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-struct ecdh_method 
-	{
-	const char *name;
-	int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-	                   void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-#if 0
-	int (*init)(EC_KEY *eckey);
-	int (*finish)(EC_KEY *eckey);
-#endif
-	int flags;
-	char *app_data;
-	};
-
-/* If this flag is set the ECDH method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its responsibility
- * to ensure the result is compliant.
- */
-
-#define ECDH_FLAG_FIPS_METHOD	0x1
-
-typedef struct ecdh_data_st {
-	/* EC_KEY_METH_DATA part */
-	int (*init)(EC_KEY *);
-	/* method specific part */
-	ENGINE	*engine;
-	int	flags;
-	const ECDH_METHOD *meth;
-	CRYPTO_EX_DATA ex_data;
-} ECDH_DATA;
-
-ECDH_DATA *ecdh_check(EC_KEY *);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif /* HEADER_ECH_LOCL_H */
diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
deleted file mode 100644
index 4a30628fbc..0000000000
--- a/crypto/ecdh/ech_ossl.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/* crypto/ecdh/ech_ossl.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <string.h>
-#include <limits.h>
-
-#include "cryptlib.h"
-
-#include "ech_locl.h"
-#include <openssl/err.h>
-#include <openssl/sha.h>
-#include <openssl/obj_mac.h>
-#include <openssl/bn.h>
-
-static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
-	EC_KEY *ecdh, 
-	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-
-static ECDH_METHOD openssl_ecdh_meth = {
-	"OpenSSL ECDH method",
-	ecdh_compute_key,
-#if 0
-	NULL, /* init     */
-	NULL, /* finish   */
-#endif
-	0,    /* flags    */
-	NULL  /* app_data */
-};
-
-const ECDH_METHOD *ECDH_OpenSSL(void)
-	{
-	return &openssl_ecdh_meth;
-	}
-
-
-/* This implementation is based on the following primitives in the IEEE 1363 standard:
- *  - ECKAS-DH1
- *  - ECSVDP-DH
- * Finally an optional KDF is applied.
- */
-static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-	EC_KEY *ecdh,
-	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
-	{
-	BN_CTX *ctx;
-	EC_POINT *tmp=NULL;
-	BIGNUM *x=NULL, *y=NULL;
-	const BIGNUM *priv_key;
-	const EC_GROUP* group;
-	int ret= -1;
-	size_t buflen, len;
-	unsigned char *buf=NULL;
-
-	if (outlen > INT_MAX)
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
-		return -1;
-		}
-
-	if ((ctx = BN_CTX_new()) == NULL) goto err;
-	BN_CTX_start(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	
-	priv_key = EC_KEY_get0_private_key(ecdh);
-	if (priv_key == NULL)
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
-		goto err;
-		}
-
-	group = EC_KEY_get0_group(ecdh);
-	if ((tmp=EC_POINT_new(group)) == NULL)
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) 
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-		goto err;
-		}
-		
-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
-		{
-		if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) 
-			{
-			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-			goto err;
-			}
-		}
-#ifndef OPENSSL_NO_EC2M
-	else
-		{
-		if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) 
-			{
-			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-			goto err;
-			}
-		}
-#endif
-
-	buflen = (EC_GROUP_get_degree(group) + 7)/8;
-	len = BN_num_bytes(x);
-	if (len > buflen)
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-	if ((buf = OPENSSL_malloc(buflen)) == NULL)
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	
-	memset(buf, 0, buflen - len);
-	if (len != (size_t)BN_bn2bin(x, buf + buflen - len))
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-		goto err;
-		}
-
-	if (KDF != 0)
-		{
-		if (KDF(buf, buflen, out, &outlen) == NULL)
-			{
-			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED);
-			goto err;
-			}
-		ret = outlen;
-		}
-	else
-		{
-		/* no KDF, just copy as much as we can */
-		if (outlen > buflen)
-			outlen = buflen;
-		memcpy(out, buf, outlen);
-		ret = outlen;
-		}
-	
-err:
-	if (tmp) EC_POINT_free(tmp);
-	if (ctx) BN_CTX_end(ctx);
-	if (ctx) BN_CTX_free(ctx);
-	if (buf) OPENSSL_free(buf);
-	return(ret);
-	}
diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h
deleted file mode 100644
index dc6a36b1e8..0000000000
--- a/crypto/ecdsa/ecdsa.h
+++ /dev/null
@@ -1,261 +0,0 @@
-/* crypto/ecdsa/ecdsa.h */
-/**
- * \file   crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
- * \author Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_ECDSA_H
-#define HEADER_ECDSA_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_ECDSA
-#error ECDSA is disabled.
-#endif
-
-#include <openssl/ec.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct ECDSA_SIG_st
-	{
-	BIGNUM *r;
-	BIGNUM *s;
-	} ECDSA_SIG;
-
-/** Allocates and initialize a ECDSA_SIG structure
- *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
-ECDSA_SIG *ECDSA_SIG_new(void);
-
-/** frees a ECDSA_SIG structure
- *  \param  sig  pointer to the ECDSA_SIG structure
- */
-void	  ECDSA_SIG_free(ECDSA_SIG *sig);
-
-/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
- *  (*pp += length of the DER encoded signature)).
- *  \param  sig  pointer to the ECDSA_SIG object
- *  \param  pp   pointer to a unsigned char pointer for the output or NULL
- *  \return the length of the DER encoded ECDSA_SIG object or 0 
- */
-int	  i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
-
-/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
- *  (*pp += len)). 
- *  \param  sig  pointer to ECDSA_SIG pointer (may be NULL)
- *  \param  pp   memory buffer with the DER encoded signature
- *  \param  len  length of the buffer
- *  \return pointer to the decoded ECDSA_SIG structure (or NULL)
- */
-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
-
-/** Computes the ECDSA signature of the given hash value using
- *  the supplied private key and returns the created signature.
- *  \param  dgst      pointer to the hash value
- *  \param  dgst_len  length of the hash value
- *  \param  eckey     EC_KEY object containing a private EC key
- *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey);
-
-/** Computes ECDSA signature of a given hash value using the supplied
- *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- *  \param  dgst     pointer to the hash value to sign
- *  \param  dgstlen  length of the hash value
- *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
- *  \param  rp       BIGNUM with a pre-computed rp value (optioanl), 
- *                   see ECDSA_sign_setup
- *  \param  eckey    EC_KEY object containing a private EC key
- *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, 
-		const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
-
-/** Verifies that the supplied signature is a valid ECDSA
- *  signature of the supplied hash value using the supplied public key.
- *  \param  dgst      pointer to the hash value
- *  \param  dgst_len  length of the hash value
- *  \param  sig       ECDSA_SIG structure
- *  \param  eckey     EC_KEY object containing a public EC key
- *  \return 1 if the signature is valid, 0 if the signature is invalid
- *          and -1 on error
- */
-int	  ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
-		const ECDSA_SIG *sig, EC_KEY* eckey);
-
-const ECDSA_METHOD *ECDSA_OpenSSL(void);
-
-/** Sets the default ECDSA method
- *  \param  meth  new default ECDSA_METHOD
- */
-void	  ECDSA_set_default_method(const ECDSA_METHOD *meth);
-
-/** Returns the default ECDSA method
- *  \return pointer to ECDSA_METHOD structure containing the default method
- */
-const ECDSA_METHOD *ECDSA_get_default_method(void);
-
-/** Sets method to be used for the ECDSA operations
- *  \param  eckey  EC_KEY object
- *  \param  meth   new method
- *  \return 1 on success and 0 otherwise 
- */
-int 	  ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
-
-/** Returns the maximum length of the DER encoded signature
- *  \param  eckey  EC_KEY object
- *  \return numbers of bytes required for the DER encoded signature
- */
-int	  ECDSA_size(const EC_KEY *eckey);
-
-/** Precompute parts of the signing operation
- *  \param  eckey  EC_KEY object containing a private EC key
- *  \param  ctx    BN_CTX object (optional)
- *  \param  kinv   BIGNUM pointer for the inverse of k
- *  \param  rp     BIGNUM pointer for x coordinate of k * generator
- *  \return 1 on success and 0 otherwise
- */
-int 	  ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 
-		BIGNUM **rp);
-
-/** Computes ECDSA signature of a given hash value using the supplied
- *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- *  \param  type     this parameter is ignored
- *  \param  dgst     pointer to the hash value to sign
- *  \param  dgstlen  length of the hash value
- *  \param  sig      memory for the DER encoded created signature
- *  \param  siglen   pointer to the length of the returned signature
- *  \param  eckey    EC_KEY object containing a private EC key
- *  \return 1 on success and 0 otherwise
- */
-int	  ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, 
-		unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
-
-
-/** Computes ECDSA signature of a given hash value using the supplied
- *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- *  \param  type     this parameter is ignored
- *  \param  dgst     pointer to the hash value to sign
- *  \param  dgstlen  length of the hash value
- *  \param  sig      buffer to hold the DER encoded signature
- *  \param  siglen   pointer to the length of the returned signature
- *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
- *  \param  rp       BIGNUM with a pre-computed rp value (optioanl), 
- *                   see ECDSA_sign_setup
- *  \param  eckey    EC_KEY object containing a private EC key
- *  \return 1 on success and 0 otherwise
- */
-int	  ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, 
-		unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
-		const BIGNUM *rp, EC_KEY *eckey);
-
-/** Verifies that the given signature is valid ECDSA signature
- *  of the supplied hash value using the specified public key.
- *  \param  type     this parameter is ignored
- *  \param  dgst     pointer to the hash value 
- *  \param  dgstlen  length of the hash value
- *  \param  sig      pointer to the DER encoded signature
- *  \param  siglen   length of the DER encoded signature
- *  \param  eckey    EC_KEY object containing a public EC key
- *  \return 1 if the signature is valid, 0 if the signature is invalid
- *          and -1 on error
- */
-int 	  ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, 
-		const unsigned char *sig, int siglen, EC_KEY *eckey);
-
-/* the standard ex_data functions */
-int 	  ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 
-		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int 	  ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
-void 	  *ECDSA_get_ex_data(EC_KEY *d, int idx);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ECDSA_strings(void);
-
-/* Error codes for the ECDSA functions. */
-
-/* Function codes. */
-#define ECDSA_F_ECDSA_CHECK				 104
-#define ECDSA_F_ECDSA_DATA_NEW_METHOD			 100
-#define ECDSA_F_ECDSA_DO_SIGN				 101
-#define ECDSA_F_ECDSA_DO_VERIFY				 102
-#define ECDSA_F_ECDSA_SIGN_SETUP			 103
-
-/* Reason codes. */
-#define ECDSA_R_BAD_SIGNATURE				 100
-#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 101
-#define ECDSA_R_ERR_EC_LIB				 102
-#define ECDSA_R_MISSING_PARAMETERS			 103
-#define ECDSA_R_NEED_NEW_SETUP_VALUES			 106
-#define ECDSA_R_NONCE_CANNOT_BE_PRECOMPUTED		 108
-#define ECDSA_R_NON_FIPS_METHOD				 107
-#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED		 104
-#define ECDSA_R_SIGNATURE_MALLOC_FAILED			 105
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
deleted file mode 100644
index 537bb30362..0000000000
--- a/crypto/ecdsa/ecdsatest.c
+++ /dev/null
@@ -1,572 +0,0 @@
-/* crypto/ecdsa/ecdsatest.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */
-
-#ifdef OPENSSL_NO_ECDSA
-int main(int argc, char * argv[])
-	{
-	puts("Elliptic curves are disabled.");
-	return 0;
-	}
-#else
-
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/ecdsa.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-static const char rnd_seed[] = "string to make the random number generator "
-	"think it has entropy";
-
-/* declaration of the test functions */
-int x9_62_tests(BIO *);
-int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
-int test_builtin(BIO *);
-
-/* functions to change the RAND_METHOD */
-int change_rand(void);
-int restore_rand(void);
-int fbytes(unsigned char *buf, int num);
-
-RAND_METHOD	fake_rand;
-const RAND_METHOD *old_rand;
-
-int change_rand(void)
-	{
-	/* save old rand method */
-	if ((old_rand = RAND_get_rand_method()) == NULL)
-		return 0;
-
-	fake_rand.seed    = old_rand->seed;
-	fake_rand.cleanup = old_rand->cleanup;
-	fake_rand.add     = old_rand->add;
-	fake_rand.status  = old_rand->status;
-	/* use own random function */
-	fake_rand.bytes      = fbytes;
-	fake_rand.pseudorand = old_rand->bytes;
-	/* set new RAND_METHOD */
-	if (!RAND_set_rand_method(&fake_rand))
-		return 0;
-	return 1;
-	}
-
-int restore_rand(void)
-	{
-	if (!RAND_set_rand_method(old_rand))
-		return 0;
-	else
-		return 1;
-	}
-
-static int fbytes_counter = 0;
-static const char *numbers[8] = {
-	"651056770906015076056810763456358567190100156695615665659",
-	"6140507067065001063065065565667405560006161556565665656654",
-	"8763001015071075675010661307616710783570106710677817767166"
-	"71676178726717",
-	"7000000175690566466555057817571571075705015757757057795755"
-	"55657156756655",
-	"1275552191113212300012030439187146164646146646466749494799",
-	"1542725565216523985789236956265265265235675811949404040041",
-	"1456427555219115346513212300075341203043918714616464614664"
-	"64667494947990",
-	"1712787255652165239672857892369562652652652356758119494040"
-	"40041670216363"};
-
-int fbytes(unsigned char *buf, int num)
-	{
-	int	ret;
-	BIGNUM	*tmp = NULL;
-
-	if (fbytes_counter >= 8)
-		return 0;
-	tmp = BN_new();
-	if (!tmp)
-		return 0;
-	if (!BN_dec2bn(&tmp, numbers[fbytes_counter]))
-		{
-		BN_free(tmp);
-		return 0;
-		}
-	fbytes_counter ++;
-	if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
-		ret = 0;
-	else 
-		ret = 1;
-	if (tmp)
-		BN_free(tmp);
-	return ret;
-	}
-
-/* some tests from the X9.62 draft */
-int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
-	{
-	int	ret = 0;
-	const char message[] = "abc";
-	unsigned char digest[20];
-	unsigned int  dgst_len = 0;
-	EVP_MD_CTX md_ctx;
-	EC_KEY    *key = NULL;
-	ECDSA_SIG *signature = NULL;
-	BIGNUM    *r = NULL, *s = NULL;
-
-	EVP_MD_CTX_init(&md_ctx);
-	/* get the message digest */
-	EVP_DigestInit(&md_ctx, EVP_ecdsa());
-	EVP_DigestUpdate(&md_ctx, (const void*)message, 3);
-	EVP_DigestFinal(&md_ctx, digest, &dgst_len);
-
-	BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
-	/* create the key */
-	if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
-		goto x962_int_err;
-	if (!EC_KEY_generate_key(key))
-		goto x962_int_err;
-	BIO_printf(out, ".");
-	(void)BIO_flush(out);
-	/* create the signature */
-	signature = ECDSA_do_sign(digest, 20, key);
-	if (signature == NULL)
-		goto x962_int_err;
-	BIO_printf(out, ".");
-	(void)BIO_flush(out);
-	/* compare the created signature with the expected signature */
-	if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
-		goto x962_int_err;
-	if (!BN_dec2bn(&r, r_in) ||
-	    !BN_dec2bn(&s, s_in))
-		goto x962_int_err;
-	if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))
-		goto x962_int_err;
-	BIO_printf(out, ".");
-	(void)BIO_flush(out);
-	/* verify the signature */
-	if (ECDSA_do_verify(digest, 20, signature, key) != 1)
-		goto x962_int_err;
-	BIO_printf(out, ".");
-	(void)BIO_flush(out);
-
-	BIO_printf(out, " ok\n");
-	ret = 1;
-x962_int_err:
-	if (!ret)
-		BIO_printf(out, " failed\n");
-	if (key)
-		EC_KEY_free(key);
-	if (signature)
-		ECDSA_SIG_free(signature);
-	if (r)
-		BN_free(r);
-	if (s)
-		BN_free(s);
-	EVP_MD_CTX_cleanup(&md_ctx);
-	return ret;
-	}
-
-int x9_62_tests(BIO *out)
-	{
-	int ret = 0;
-
-	BIO_printf(out, "some tests from X9.62:\n");
-
-	/* set own rand method */
-	if (!change_rand())
-		goto x962_err;
-
-	if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
-		"3342403536405981729393488334694600415596881826869351677613",
-		"5735822328888155254683894997897571951568553642892029982342"))
-		goto x962_err;
-	if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
-		"3086361431751678114926225473006680188549593787585317781474"
-		"62058306432176",
-		"3238135532097973577080787768312505059318910517550078427819"
-		"78505179448783"))
-		goto x962_err;
-#ifndef OPENSSL_NO_EC2M
-	if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
-		"87194383164871543355722284926904419997237591535066528048",
-		"308992691965804947361541664549085895292153777025772063598"))
-		goto x962_err;
-	if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
-		"2159633321041961198501834003903461262881815148684178964245"
-		"5876922391552",
-		"1970303740007316867383349976549972270528498040721988191026"
-		"49413465737174"))
-		goto x962_err;
-#endif
-	ret = 1;
-x962_err:
-	if (!restore_rand())
-		ret = 0;
-	return ret;
-	}
-
-int test_builtin(BIO *out)
-	{
-	EC_builtin_curve *curves = NULL;
-	size_t		crv_len = 0, n = 0;
-	EC_KEY		*eckey = NULL, *wrong_eckey = NULL;
-	EC_GROUP	*group;
-	ECDSA_SIG	*ecdsa_sig = NULL;
-	unsigned char	digest[20], wrong_digest[20];
-	unsigned char	*signature = NULL;
-	const unsigned char	*sig_ptr;
-	unsigned char	*sig_ptr2;
-	unsigned char	*raw_buf = NULL;
-	unsigned int	sig_len, degree, r_len, s_len, bn_len, buf_len;
-	int		nid, ret =  0;
-	
-	/* fill digest values with some random data */
-	if (!RAND_pseudo_bytes(digest, 20) ||
-	    !RAND_pseudo_bytes(wrong_digest, 20))
-		{
-		BIO_printf(out, "ERROR: unable to get random data\n");
-		goto builtin_err;
-		}
-
-	/* create and verify a ecdsa signature with every availble curve
-	 * (with ) */
-	BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
-		"with some internal curves:\n");
-
-	/* get a list of all internal curves */
-	crv_len = EC_get_builtin_curves(NULL, 0);
-
-	curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
-
-	if (curves == NULL)
-		{
-		BIO_printf(out, "malloc error\n");
-		goto builtin_err;
-		}
-	
-	if (!EC_get_builtin_curves(curves, crv_len))
-		{
-		BIO_printf(out, "unable to get internal curves\n");
-		goto builtin_err;
-		}
-
-	/* now create and verify a signature for every curve */
-	for (n = 0; n < crv_len; n++)
-		{
-		unsigned char dirt, offset;
-
-		nid = curves[n].nid;
-		if (nid == NID_ipsec4)
-			continue;
-		/* create new ecdsa key (== EC_KEY) */
-		if ((eckey = EC_KEY_new()) == NULL)
-			goto builtin_err;
-		group = EC_GROUP_new_by_curve_name(nid);
-		if (group == NULL)
-			goto builtin_err;
-		if (EC_KEY_set_group(eckey, group) == 0)
-			goto builtin_err;
-		EC_GROUP_free(group);
-		degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
-		if (degree < 160)
-			/* drop the curve */ 
-			{
-			EC_KEY_free(eckey);
-			eckey = NULL;
-			continue;
-			}
-		BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
-		/* create key */
-		if (!EC_KEY_generate_key(eckey))
-			{
-			BIO_printf(out, " failed\n");
-			goto builtin_err;
-			}
-		/* create second key */
-		if ((wrong_eckey = EC_KEY_new()) == NULL)
-			goto builtin_err;
-		group = EC_GROUP_new_by_curve_name(nid);
-		if (group == NULL)
-			goto builtin_err;
-		if (EC_KEY_set_group(wrong_eckey, group) == 0)
-			goto builtin_err;
-		EC_GROUP_free(group);
-		if (!EC_KEY_generate_key(wrong_eckey))
-			{
-			BIO_printf(out, " failed\n");
-			goto builtin_err;
-			}
-
-		BIO_printf(out, ".");
-		(void)BIO_flush(out);
-		/* check key */
-		if (!EC_KEY_check_key(eckey))
-			{
-			BIO_printf(out, " failed\n");
-			goto builtin_err;
-			}
-		BIO_printf(out, ".");
-		(void)BIO_flush(out);
-		/* create signature */
-		sig_len = ECDSA_size(eckey);
-		if ((signature = OPENSSL_malloc(sig_len)) == NULL)
-			goto builtin_err;
-                if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))
-			{
-			BIO_printf(out, " failed\n");
-			goto builtin_err;
-			}
-		BIO_printf(out, ".");
-		(void)BIO_flush(out);
-		/* verify signature */
-		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
-			{
-			BIO_printf(out, " failed\n");
-			goto builtin_err;
-			}
-		BIO_printf(out, ".");
-		(void)BIO_flush(out);
-		/* verify signature with the wrong key */
-		if (ECDSA_verify(0, digest, 20, signature, sig_len, 
-			wrong_eckey) == 1)
-			{
-			BIO_printf(out, " failed\n");
-			goto builtin_err;
-			}
-		BIO_printf(out, ".");
-		(void)BIO_flush(out);
-		/* wrong digest */
-		if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,
-			eckey) == 1)
-			{
-			BIO_printf(out, " failed\n");
-			goto builtin_err;
-			}
-		BIO_printf(out, ".");
-		(void)BIO_flush(out);
-		/* wrong length */
-		if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
-			eckey) == 1)
-			{
-			BIO_printf(out, " failed\n");
-			goto builtin_err;
-			}
-		BIO_printf(out, ".");
-		(void)BIO_flush(out);
-
-		/* Modify a single byte of the signature: to ensure we don't
-		 * garble the ASN1 structure, we read the raw signature and
-		 * modify a byte in one of the bignums directly. */
-		sig_ptr = signature;
-		if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
-			{
-			BIO_printf(out, " failed\n");
-			goto builtin_err;
-			}
-
-		/* Store the two BIGNUMs in raw_buf. */
-		r_len = BN_num_bytes(ecdsa_sig->r);
-		s_len = BN_num_bytes(ecdsa_sig->s);
-		bn_len = (degree + 7) / 8;
-		if ((r_len > bn_len) || (s_len > bn_len))
-			{
-			BIO_printf(out, " failed\n");
-			goto builtin_err;
-			}
-		buf_len = 2 * bn_len;
-		if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
-			goto builtin_err;
-		/* Pad the bignums with leading zeroes. */
-		memset(raw_buf, 0, buf_len);
-		BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
-		BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
-
-		/* Modify a single byte in the buffer. */
-		offset = raw_buf[10] % buf_len;
-		dirt   = raw_buf[11] ? raw_buf[11] : 1;
-		raw_buf[offset] ^= dirt;
-		/* Now read the BIGNUMs back in from raw_buf. */
-		if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
-			(BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
-			goto builtin_err;
-
-		sig_ptr2 = signature;
-		sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
-		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
-			{
-			BIO_printf(out, " failed\n");
-			goto builtin_err;
-			}
-		/* Sanity check: undo the modification and verify signature. */
-		raw_buf[offset] ^= dirt;
-		if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
-			(BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
-			goto builtin_err;
-
-		sig_ptr2 = signature;
-		sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
-		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
-			{
-			BIO_printf(out, " failed\n");
-			goto builtin_err;
-			}
-		BIO_printf(out, ".");
-		(void)BIO_flush(out);
-		
-		BIO_printf(out, " ok\n");
-		/* cleanup */
-		/* clean bogus errors */
-		ERR_clear_error();
-		OPENSSL_free(signature);
-		signature = NULL;
-		EC_KEY_free(eckey);
-		eckey = NULL;
-		EC_KEY_free(wrong_eckey);
-		wrong_eckey = NULL;
-		ECDSA_SIG_free(ecdsa_sig);
-		ecdsa_sig = NULL;
-		OPENSSL_free(raw_buf);
-		raw_buf = NULL;
-		}
-
-	ret = 1;	
-builtin_err:
-	if (eckey)
-		EC_KEY_free(eckey);
-	if (wrong_eckey)
-		EC_KEY_free(wrong_eckey);
-	if (ecdsa_sig)
-		ECDSA_SIG_free(ecdsa_sig);
-	if (signature)
-		OPENSSL_free(signature);
-	if (raw_buf)
-		OPENSSL_free(raw_buf);
-	if (curves)
-		OPENSSL_free(curves);
-
-	return ret;
-	}
-
-int main(void)
-	{
-	int 	ret = 1;
-	BIO	*out;
-
-	out = BIO_new_fp(stdout, BIO_NOCLOSE);
-	
-	/* enable memory leak checking unless explicitly disabled */
-	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && 
-		(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
-		{
-		CRYPTO_malloc_debug_init();
-		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-		}
-	else
-		{
-		/* OPENSSL_DEBUG_MEMORY=off */
-		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
-		}
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-	ERR_load_crypto_strings();
-
-	/* initialize the prng */
-	RAND_seed(rnd_seed, sizeof(rnd_seed));
-
-	/* the tests */
-	if (!x9_62_tests(out))  goto err;
-	if (!test_builtin(out)) goto err;
-	
-	ret = 0;
-err:	
-	if (ret) 	
-		BIO_printf(out, "\nECDSA test failed\n");
-	else 
-		BIO_printf(out, "\nECDSA test passed\n");
-	if (ret)
-		ERR_print_errors(out);
-	CRYPTO_cleanup_all_ex_data();
-	ERR_remove_thread_state(NULL);
-	ERR_free_strings();
-	CRYPTO_mem_leaks(out);
-	if (out != NULL)
-		BIO_free(out);
-	return ret;
-	}	
-#endif
diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c
deleted file mode 100644
index b295489400..0000000000
--- a/crypto/ecdsa/ecs_asn1.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/* crypto/ecdsa/ecs_asn1.c */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ecs_locl.h"
-#include <openssl/err.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(ECDSA_SIG) = {
-	ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
-	ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
-} ASN1_SEQUENCE_END(ECDSA_SIG)
-
-DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
-IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG)
diff --git a/crypto/ecdsa/ecs_err.c b/crypto/ecdsa/ecs_err.c
deleted file mode 100644
index 7406c6d816..0000000000
--- a/crypto/ecdsa/ecs_err.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/* crypto/ecdsa/ecs_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ecdsa.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason)
-
-static ERR_STRING_DATA ECDSA_str_functs[]=
-	{
-{ERR_FUNC(ECDSA_F_ECDSA_CHECK),	"ECDSA_CHECK"},
-{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD),	"ECDSA_DATA_NEW_METHOD"},
-{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN),	"ECDSA_do_sign"},
-{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY),	"ECDSA_do_verify"},
-{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP),	"ECDSA_sign_setup"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA ECDSA_str_reasons[]=
-	{
-{ERR_REASON(ECDSA_R_BAD_SIGNATURE)       ,"bad signature"},
-{ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(ECDSA_R_ERR_EC_LIB)          ,"err ec lib"},
-{ERR_REASON(ECDSA_R_MISSING_PARAMETERS)  ,"missing parameters"},
-{ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES),"need new setup values"},
-{ERR_REASON(ECDSA_R_NONCE_CANNOT_BE_PRECOMPUTED),"nonce cannot be precomputed"},
-{ERR_REASON(ECDSA_R_NON_FIPS_METHOD)     ,"non fips method"},
-{ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"},
-{ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_ECDSA_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,ECDSA_str_functs);
-		ERR_load_strings(0,ECDSA_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c
deleted file mode 100644
index 814a6bf404..0000000000
--- a/crypto/ecdsa/ecs_lib.c
+++ /dev/null
@@ -1,285 +0,0 @@
-/* crypto/ecdsa/ecs_lib.c */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include "ecs_locl.h"
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
-
-static const ECDSA_METHOD *default_ECDSA_method = NULL;
-
-static void *ecdsa_data_new(void);
-static void *ecdsa_data_dup(void *);
-static void  ecdsa_data_free(void *);
-
-void ECDSA_set_default_method(const ECDSA_METHOD *meth)
-{
-	default_ECDSA_method = meth;
-}
-
-const ECDSA_METHOD *ECDSA_get_default_method(void)
-{
-	if(!default_ECDSA_method) 
-		{
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return FIPS_ecdsa_openssl();
-		else
-			return ECDSA_OpenSSL();
-#else
-		default_ECDSA_method = ECDSA_OpenSSL();
-#endif
-		}
-	return default_ECDSA_method;
-}
-
-int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
-{
-	ECDSA_DATA *ecdsa;
-
-	ecdsa = ecdsa_check(eckey);
-
-	if (ecdsa == NULL)
-		return 0;
-
-#ifndef OPENSSL_NO_ENGINE
-	if (ecdsa->engine)
-	{
-		ENGINE_finish(ecdsa->engine);
-		ecdsa->engine = NULL;
-	}
-#endif
-        ecdsa->meth = meth;
-
-        return 1;
-}
-
-static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
-{
-	ECDSA_DATA *ret;
-
-	ret=(ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA));
-	if (ret == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-		return(NULL);
-	}
-
-	ret->init = NULL;
-
-	ret->meth = ECDSA_get_default_method();
-	ret->engine = engine;
-#ifndef OPENSSL_NO_ENGINE
-	if (!ret->engine)
-		ret->engine = ENGINE_get_default_ECDSA();
-	if (ret->engine)
-	{
-		ret->meth = ENGINE_get_ECDSA(ret->engine);
-		if (!ret->meth)
-		{
-			ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
-			ENGINE_finish(ret->engine);
-			OPENSSL_free(ret);
-			return NULL;
-		}
-	}
-#endif
-
-	ret->flags = ret->meth->flags;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
-#if 0
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-	{
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
-		OPENSSL_free(ret);
-		ret=NULL;
-	}
-#endif	
-	return(ret);
-}
-
-static void *ecdsa_data_new(void)
-{
-	return (void *)ECDSA_DATA_new_method(NULL);
-}
-
-static void *ecdsa_data_dup(void *data)
-{
-	ECDSA_DATA *r = (ECDSA_DATA *)data;
-
-	/* XXX: dummy operation */
-	if (r == NULL)
-		return NULL;
-
-	return ecdsa_data_new();
-}
-
-static void ecdsa_data_free(void *data)
-{
-	ECDSA_DATA *r = (ECDSA_DATA *)data;
-
-#ifndef OPENSSL_NO_ENGINE
-	if (r->engine)
-		ENGINE_finish(r->engine);
-#endif
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
-
-	OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));
-
-	OPENSSL_free(r);
-}
-
-ECDSA_DATA *ecdsa_check(EC_KEY *key)
-{
-	ECDSA_DATA *ecdsa_data;
- 
-	void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup,
-					ecdsa_data_free, ecdsa_data_free);
-	if (data == NULL)
-	{
-		ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
-		if (ecdsa_data == NULL)
-			return NULL;
-		data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
-			   ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
-		if (data != NULL)
-			{
-			/* Another thread raced us to install the key_method
-			 * data and won. */
-			ecdsa_data_free(ecdsa_data);
-			ecdsa_data = (ECDSA_DATA *)data;
-			}
-	}
-	else
-		ecdsa_data = (ECDSA_DATA *)data;
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
-			&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
-		{
-		ECDSAerr(ECDSA_F_ECDSA_CHECK, ECDSA_R_NON_FIPS_METHOD);
-		return NULL;
-		}
-#endif
-
-	return ecdsa_data;
-}
-
-int ECDSA_size(const EC_KEY *r)
-{
-	int ret,i;
-	ASN1_INTEGER bs;
-	BIGNUM	*order=NULL;
-	unsigned char buf[4];
-	const EC_GROUP *group;
-
-	if (r == NULL)
-		return 0;
-	group = EC_KEY_get0_group(r);
-	if (group == NULL)
-		return 0;
-
-	if ((order = BN_new()) == NULL) return 0;
-	if (!EC_GROUP_get_order(group,order,NULL))
-	{
-		BN_clear_free(order);
-		return 0;
-	} 
-	i=BN_num_bits(order);
-	bs.length=(i+7)/8;
-	bs.data=buf;
-	bs.type=V_ASN1_INTEGER;
-	/* If the top bit is set the asn1 encoding is 1 larger. */
-	buf[0]=0xff;	
-
-	i=i2d_ASN1_INTEGER(&bs,NULL);
-	i+=i; /* r and s */
-	ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-	BN_clear_free(order);
-	return(ret);
-}
-
-
-int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp,
-				new_func, dup_func, free_func);
-}
-
-int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg)
-{
-	ECDSA_DATA *ecdsa;
-	ecdsa = ecdsa_check(d);
-	if (ecdsa == NULL)
-		return 0;
-	return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg));
-}
-
-void *ECDSA_get_ex_data(EC_KEY *d, int idx)
-{
-	ECDSA_DATA *ecdsa;
-	ecdsa = ecdsa_check(d);
-	if (ecdsa == NULL)
-		return NULL;
-	return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx));
-}
diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
deleted file mode 100644
index 46f7ad9102..0000000000
--- a/crypto/ecdsa/ecs_locl.h
+++ /dev/null
@@ -1,116 +0,0 @@
-/* crypto/ecdsa/ecs_locl.h */
-/*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ECS_LOCL_H
-#define HEADER_ECS_LOCL_H
-
-#include <openssl/ecdsa.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-struct ecdsa_method 
-	{
-	const char *name;
-	ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, 
-			const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
-	int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx,
-				BIGNUM **kinv, BIGNUM **r,
-				const unsigned char *dgst, int dlen);
-	int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, 
-			const ECDSA_SIG *sig, EC_KEY *eckey);
-#if 0
-	int (*init)(EC_KEY *eckey);
-	int (*finish)(EC_KEY *eckey);
-#endif
-	int flags;
-	char *app_data;
-	};
-
-/* If this flag is set the ECDSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its responsibility
- * to ensure the result is compliant.
- */
-
-#define ECDSA_FLAG_FIPS_METHOD	0x1
-
-typedef struct ecdsa_data_st {
-	/* EC_KEY_METH_DATA part */
-	int (*init)(EC_KEY *);
-	/* method (ECDSA) specific part */
-	ENGINE	*engine;
-	int	flags;
-	const ECDSA_METHOD *meth;
-	CRYPTO_EX_DATA ex_data;
-} ECDSA_DATA;
-
-/** ecdsa_check
- * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure
- * and if not it removes the old meth_data and creates a ECDSA_DATA structure.
- * \param  eckey pointer to a EC_KEY object
- * \return pointer to a ECDSA_DATA structure
- */
-ECDSA_DATA *ecdsa_check(EC_KEY *eckey);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif /* HEADER_ECS_LOCL_H */
diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
deleted file mode 100644
index 325aca8cc2..0000000000
--- a/crypto/ecdsa/ecs_ossl.c
+++ /dev/null
@@ -1,503 +0,0 @@
-/* crypto/ecdsa/ecs_ossl.c */
-/*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ecs_locl.h"
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-
-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, 
-		const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
-			    BIGNUM **kinvp, BIGNUM **rp,
-			    const unsigned char *dgst, int dlen);
-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, 
-		const ECDSA_SIG *sig, EC_KEY *eckey);
-
-static ECDSA_METHOD openssl_ecdsa_meth = {
-	"OpenSSL ECDSA method",
-	ecdsa_do_sign,
-	ecdsa_sign_setup,
-	ecdsa_do_verify,
-#if 0
-	NULL, /* init     */
-	NULL, /* finish   */
-#endif
-	0,    /* flags    */
-	NULL  /* app_data */
-};
-
-const ECDSA_METHOD *ECDSA_OpenSSL(void)
-{
-	return &openssl_ecdsa_meth;
-}
-
-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
-			    BIGNUM **kinvp, BIGNUM **rp,
-			    const unsigned char *dgst, int dlen)
-{
-	BN_CTX   *ctx = NULL;
-	BIGNUM	 *k = NULL, *r = NULL, *order = NULL, *X = NULL;
-	EC_POINT *tmp_point=NULL;
-	const EC_GROUP *group;
-	int 	 ret = 0;
-
-	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-	}
-
-	if (ctx_in == NULL) 
-	{
-		if ((ctx = BN_CTX_new()) == NULL)
-		{
-			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-	}
-	else
-		ctx = ctx_in;
-
-	k     = BN_new();	/* this value is later returned in *kinvp */
-	r     = BN_new();	/* this value is later returned in *rp    */
-	order = BN_new();
-	X     = BN_new();
-	if (!k || !r || !order || !X)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	if ((tmp_point = EC_POINT_new(group)) == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-		goto err;
-	}
-	if (!EC_GROUP_get_order(group, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-		goto err;
-	}
-	
-	do
-	{
-		/* get random k */	
-		do
-#ifndef OPENSSL_NO_SHA512
-			if (EC_KEY_get_nonce_from_hash(eckey))
-			{
-				if (!BN_generate_dsa_nonce(
-					k, order,
-					EC_KEY_get0_private_key(eckey),
-					dgst, dlen, ctx))
-					{
-					ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
-						 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
-					goto err;
-					}
-			}
-			else
-#endif
-			{
-				if (!BN_rand_range(k, order))
-				{
-					ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
-					 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
-					goto err;
-				}
-			}
-		while (BN_is_zero(k));
-
-		/* We do not want timing information to leak the length of k,
-		 * so we compute G*k using an equivalent scalar of fixed
-		 * bit-length. */
-
-		if (!BN_add(k, k, order)) goto err;
-		if (BN_num_bits(k) <= BN_num_bits(order))
-			if (!BN_add(k, k, order)) goto err;
-
-		/* compute r the x-coordinate of generator * k */
-		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-			goto err;
-		}
-		if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
-		{
-			if (!EC_POINT_get_affine_coordinates_GFp(group,
-				tmp_point, X, NULL, ctx))
-			{
-				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);
-				goto err;
-			}
-		}
-#ifndef OPENSSL_NO_EC2M
-		else /* NID_X9_62_characteristic_two_field */
-		{
-			if (!EC_POINT_get_affine_coordinates_GF2m(group,
-				tmp_point, X, NULL, ctx))
-			{
-				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);
-				goto err;
-			}
-		}
-#endif
-		if (!BN_nnmod(r, X, order, ctx))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-			goto err;
-		}
-	}
-	while (BN_is_zero(r));
-
-	/* compute the inverse of k */
-	if (!BN_mod_inverse(k, k, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-		goto err;	
-	}
-	/* clear old values if necessary */
-	if (*rp != NULL)
-		BN_clear_free(*rp);
-	if (*kinvp != NULL) 
-		BN_clear_free(*kinvp);
-	/* save the pre-computed values  */
-	*rp    = r;
-	*kinvp = k;
-	ret = 1;
-err:
-	if (!ret)
-	{
-		if (k != NULL) BN_clear_free(k);
-		if (r != NULL) BN_clear_free(r);
-	}
-	if (ctx_in == NULL) 
-		BN_CTX_free(ctx);
-	if (order != NULL)
-		BN_free(order);
-	if (tmp_point != NULL) 
-		EC_POINT_free(tmp_point);
-	if (X)
-		BN_clear_free(X);
-	return(ret);
-}
-
-
-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, 
-		const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
-{
-	int     ok = 0, i;
-	BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL;
-	const BIGNUM *ckinv;
-	BN_CTX     *ctx = NULL;
-	const EC_GROUP   *group;
-	ECDSA_SIG  *ret;
-	ECDSA_DATA *ecdsa;
-	const BIGNUM *priv_key;
-
-	ecdsa    = ecdsa_check(eckey);
-	group    = EC_KEY_get0_group(eckey);
-	priv_key = EC_KEY_get0_private_key(eckey);
-	
-	if (group == NULL || priv_key == NULL || ecdsa == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-	}
-
-	ret = ECDSA_SIG_new();
-	if (!ret)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	s = ret->s;
-
-	if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
-		(tmp = BN_new()) == NULL || (m = BN_new()) == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	if (!EC_GROUP_get_order(group, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-		goto err;
-	}
-	i = BN_num_bits(order);
-	/* Need to truncate digest if it is too long: first truncate whole
-	 * bytes.
-	 */
-	if (8 * dgst_len > i)
-		dgst_len = (i + 7)/8;
-	if (!BN_bin2bn(dgst, dgst_len, m))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-		goto err;
-	}
-	/* If still too long truncate remaining bits with a shift */
-	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-		goto err;
-	}
-	do
-	{
-		if (in_kinv == NULL || in_r == NULL)
-		{
-			if (!ecdsa->meth->ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len))
-			{
-				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB);
-				goto err;
-			}
-			ckinv = kinv;
-		}
-		else
-		{
-			ckinv  = in_kinv;
-			if (BN_copy(ret->r, in_r) == NULL)
-			{
-				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-				goto err;
-			}
-		}
-
-		if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-			goto err;
-		}
-		if (!BN_mod_add_quick(s, tmp, m, order))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-			goto err;
-		}
-		if (!BN_mod_mul(s, s, ckinv, order, ctx))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-			goto err;
-		}
-		if (BN_is_zero(s))
-		{
-			/* if kinv and r have been supplied by the caller
-			 * don't to generate new kinv and r values */
-			if (in_kinv != NULL && in_r != NULL)
-			{
-				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES);
-				goto err;
-			}
-		}
-		else
-			/* s != 0 => we have a valid signature */
-			break;
-	}
-	while (1);
-
-	ok = 1;
-err:
-	if (!ok)
-	{
-		ECDSA_SIG_free(ret);
-		ret = NULL;
-	}
-	if (ctx)
-		BN_CTX_free(ctx);
-	if (m)
-		BN_clear_free(m);
-	if (tmp)
-		BN_clear_free(tmp);
-	if (order)
-		BN_free(order);
-	if (kinv)
-		BN_clear_free(kinv);
-	return ret;
-}
-
-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
-		const ECDSA_SIG *sig, EC_KEY *eckey)
-{
-	int ret = -1, i;
-	BN_CTX   *ctx;
-	BIGNUM   *order, *u1, *u2, *m, *X;
-	EC_POINT *point = NULL;
-	const EC_GROUP *group;
-	const EC_POINT *pub_key;
-
-	/* check input values */
-	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
-	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-		return -1;
-	}
-
-	ctx = BN_CTX_new();
-	if (!ctx)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-		return -1;
-	}
-	BN_CTX_start(ctx);
-	order = BN_CTX_get(ctx);	
-	u1    = BN_CTX_get(ctx);
-	u2    = BN_CTX_get(ctx);
-	m     = BN_CTX_get(ctx);
-	X     = BN_CTX_get(ctx);
-	if (!X)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-	
-	if (!EC_GROUP_get_order(group, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-		goto err;
-	}
-
-	if (BN_is_zero(sig->r)          || BN_is_negative(sig->r) || 
-	    BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s)  ||
-	    BN_is_negative(sig->s)      || BN_ucmp(sig->s, order) >= 0)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
-		ret = 0;	/* signature is invalid */
-		goto err;
-	}
-	/* calculate tmp1 = inv(S) mod order */
-	if (!BN_mod_inverse(u2, sig->s, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-	/* digest -> m */
-	i = BN_num_bits(order);
-	/* Need to truncate digest if it is too long: first truncate whole
-	 * bytes.
-	 */
-	if (8 * dgst_len > i)
-		dgst_len = (i + 7)/8;
-	if (!BN_bin2bn(dgst, dgst_len, m))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-	/* If still too long truncate remaining bits with a shift */
-	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-	/* u1 = m * tmp mod order */
-	if (!BN_mod_mul(u1, m, u2, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-	/* u2 = r * w mod q */
-	if (!BN_mod_mul(u2, sig->r, u2, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-
-	if ((point = EC_POINT_new(group)) == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-		goto err;
-	}
-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
-	{
-		if (!EC_POINT_get_affine_coordinates_GFp(group,
-			point, X, NULL, ctx))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-			goto err;
-		}
-	}
-#ifndef OPENSSL_NO_EC2M
-	else /* NID_X9_62_characteristic_two_field */
-	{
-		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-			point, X, NULL, ctx))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-			goto err;
-		}
-	}
-#endif	
-	if (!BN_nnmod(u1, X, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-	/*  if the signature is correct u1 is equal to sig->r */
-	ret = (BN_ucmp(u1, sig->r) == 0);
-err:
-	BN_CTX_end(ctx);
-	BN_CTX_free(ctx);
-	if (point)
-		EC_POINT_free(point);
-	return ret;
-}
diff --git a/crypto/ecdsa/ecs_sign.c b/crypto/ecdsa/ecs_sign.c
deleted file mode 100644
index ea79a24b85..0000000000
--- a/crypto/ecdsa/ecs_sign.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/* crypto/ecdsa/ecdsa_sign.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ecs_locl.h"
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/rand.h>
-#include <openssl/err.h>
-
-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
-{
-	return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
-}
-
-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen,
-	const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey)
-{
-	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
-	if (ecdsa == NULL)
-		return NULL;
-	return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey);
-}
-
-int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char 
-		*sig, unsigned int *siglen, EC_KEY *eckey)
-{
-	return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
-}
-
-int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char 
-	*sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, 
-	EC_KEY *eckey)
-{
-	ECDSA_SIG *s;
-	RAND_seed(dgst, dlen);
-	s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
-	if (s == NULL)
-	{
-		*siglen=0;
-		return 0;
-	}
-	*siglen = i2d_ECDSA_SIG(s, &sig);
-	ECDSA_SIG_free(s);
-	return 1;
-}
-
-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 
-		BIGNUM **rp)
-{
-	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
-	if (ecdsa == NULL)
-		return 0;
-	if (EC_KEY_get_nonce_from_hash(eckey))
-		{
-		/* You cannot precompute the ECDSA nonce if it is required to
-		 * depend on the message. */
-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ECDSA_R_NONCE_CANNOT_BE_PRECOMPUTED);
-		return 0;
-		}
-	return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
-}
diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c
deleted file mode 100644
index 188b9d57b4..0000000000
--- a/crypto/ecdsa/ecs_vrf.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/* crypto/ecdsa/ecdsa_vrf.c */
-/*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ecs_locl.h"
-#include <string.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-/* returns
- *      1: correct signature
- *      0: incorrect signature
- *     -1: error
- */
-int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, 
-		const ECDSA_SIG *sig, EC_KEY *eckey)
-	{
-	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
-	if (ecdsa == NULL)
-		return 0;
-	return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
-	}
-
-/* returns
- *      1: correct signature
- *      0: incorrect signature
- *     -1: error
- */
-int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
-		const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
- 	{
-	ECDSA_SIG *s;
-	const unsigned char *p = sigbuf;
-	unsigned char *der = NULL;
-	int derlen = -1;
-	int ret=-1;
-
-	s = ECDSA_SIG_new();
-	if (s == NULL) return(ret);
-	if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err;
-	/* Ensure signature uses DER and doesn't have trailing garbage */
-	derlen = i2d_ECDSA_SIG(s, &der);
-	if (derlen != sig_len || memcmp(sigbuf, der, derlen))
-		goto err;
-	ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
-err:
-	if (derlen > 0)
-		{
-		OPENSSL_cleanse(der, derlen);
-		OPENSSL_free(der);
-		}
-	ECDSA_SIG_free(s);
-	return(ret);
-	}
diff --git a/crypto/engine/README b/crypto/engine/README
deleted file mode 100644
index 6b69b70f57..0000000000
--- a/crypto/engine/README
+++ /dev/null
@@ -1,211 +0,0 @@
-Notes: 2001-09-24
------------------
-
-This "description" (if one chooses to call it that) needed some major updating
-so here goes. This update addresses a change being made at the same time to
-OpenSSL, and it pretty much completely restructures the underlying mechanics of
-the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
-for masochists" document *and* a rather extensive commit log message. (I'd get
-lynched for sticking all this in CHANGES or the commit mails :-).
-
-ENGINE_TABLE underlies this restructuring, as described in the internal header
-"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
-tb_rsa.c, tb_dsa.c, etc.
-
-However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
-I'll mention a bit about that first. EVP_CIPHER (and most of this applies
-equally to EVP_MD for digests) is both a "method" and a algorithm/mode
-identifier that, in the current API, "lingers". These cipher description +
-implementation structures can be defined or obtained directly by applications,
-or can be loaded "en masse" into EVP storage so that they can be catalogued and
-searched in various ways, ie. two ways of encrypting with the "des_cbc"
-algorithm/mode pair are;
-
-(i) directly;
-     const EVP_CIPHER *cipher = EVP_des_cbc();
-     EVP_EncryptInit(&ctx, cipher, key, iv);
-     [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
-
-(ii) indirectly; 
-     OpenSSL_add_all_ciphers();
-     cipher = EVP_get_cipherbyname("des_cbc");
-     EVP_EncryptInit(&ctx, cipher, key, iv);
-     [ ... etc ... ]
-
-The latter is more generally used because it also allows ciphers/digests to be
-looked up based on other identifiers which can be useful for automatic cipher
-selection, eg. in SSL/TLS, or by user-controllable configuration.
-
-The important point about this is that EVP_CIPHER definitions and structures are
-passed around with impunity and there is no safe way, without requiring massive
-rewrites of many applications, to assume that EVP_CIPHERs can be reference
-counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
-comes from can "safely" be destroyed. Unless of course the way of getting to
-such ciphers is via entirely distinct API calls that didn't exist before.
-However existing API usage cannot be made to understand when an EVP_CIPHER
-pointer, that has been passed to the caller, is no longer being used.
-
-The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
-into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
-ciphers simultaneously registers cipher *types* and cipher *implementations* -
-they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
-hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
-solution is necessarily that ENGINE-provided ciphers simply are not registered,
-stored, or exposed to the caller in the same manner as existing ciphers. This is
-especially necessary considering the fact ENGINE uses reference counts to allow
-for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
-callers in the current API, support no such controls.
-
-Another sticking point for integrating cipher support into ENGINE is linkage.
-Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
-they are available *because* they're part of a giant ENGINE called "openssl".
-Ie. all implementations *have* to come from an ENGINE, but we get round that by
-having a giant ENGINE with all the software support encapsulated. This creates
-linker hassles if nothing else - linking a 1-line application that calls 2 basic
-RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
-ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
-continue with this approach for EVP_CIPHER support (even if it *was* possible)
-we would lose our ability to link selectively by selectively loading certain
-implementations of certain functionality. Touching any part of any kind of
-crypto would result in massive static linkage of everything else. So the
-solution is to change the way ENGINE feeds existing "classes", ie. how the
-hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
-for EVP_CIPHER, and EVP_MD.
-
-The way this is now being done is by mostly reverting back to how things used to
-work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
-was previously replaced by an "ENGINE" pointer and all RSA code that required
-the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
-temporarily get and use the ENGINE's RSA implementation. Apart from being more
-efficient, switching back to each RSA having an RSA_METHOD pointer also allows
-us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
-for a fallback ENGINE that encapsulates default implementations - we can simply
-have our RSA structure pointing its RSA_METHOD pointer to the software
-implementation and have its ENGINE pointer set to NULL.
-
-A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
-turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
-and the existing EVP API functions that return "software" implementations and
-descriptions remain untouched. However, the storage takes more meaning in terms
-of "cipher description" and less meaning in terms of "implementation". When an
-EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
-begin en/decryption, the hooking to ENGINE comes into play. What happens is that
-cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
-reference) for any ENGINE that is registered to perform the algo/mode that the
-provided EVP_CIPHER structure represents. Under normal circumstances, that
-ENGINE code will return NULL because no ENGINEs will have had any cipher
-implementations *registered*. As such, a NULL ENGINE pointer is stored in the
-EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
-context and so is used as the implementation. Pretty much how things work now
-except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
-
-Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
-combination represented by the provided EVP_CIPHER, then a functional reference
-to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
-That functional reference will be stored in the context (and released on
-cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
-definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
-application will actually be replaced by an EVP_CIPHER from the registered
-ENGINE - it will support the same algorithm/mode as the original but will be a
-completely different implementation. Because this EVP_CIPHER isn't stored in the
-EVP storage, nor is it returned to applications from traditional API functions,
-there is no associated problem with it not having reference counts. And of
-course, when one of these "private" cipher implementations is hooked into
-EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
-reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
-safe.
-
-The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
-in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
-EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
-use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
-ENGINE_TABLE essentially provide linker-separation of the classes so that even
-if ENGINEs implement *all* possible algorithms, an application using only
-EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
-ENGINE code that is independant of class, and of course the ENGINE
-implementation that the application loaded. It will *not* however link any
-class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
-other APIs, such as the RSA/DSA/etc library code.
-
-ENGINE_TABLE is a little more complicated than may seem necessary but this is
-mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
-DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
-to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
-example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
-These nids provide the uniquenness of an algorithm/mode - and each nid will hash
-to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
-pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
-caching tricks such that requests on that 'nid' will be cached and all future
-requests will return immediately (well, at least with minimal operation) unless
-a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
-that an application could have support for 10 ENGINEs statically linked
-in, and the machine in question may not have any of the hardware those 10
-ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
-want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
-each of those 10 ENGINEs. Instead, the first such request will try to do that
-and will either return (and cache) a NULL ENGINE pointer or will return a
-functional reference to the first that successfully initialised. In the latter
-case it will also cache an extra functional reference to the ENGINE as a
-"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
-that is unset only if un/registration takes place on that pile. Ie. if
-implementations of "des_cbc" are added or removed. This behaviour can be
-tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
-ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
-try to initialise from the "pile" will be those that are already initialised
-(ie. it's simply an increment of the functional reference count, and no real
-"initialisation" will take place).
-
-RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
-difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
-actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
-not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
-necessarily interoperable and don't have different flavours, only different
-implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
-or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile
-represents ENGINEs that implement the single "type" of RSA there is.
-
-Cleanup - the registration and unregistration may pose questions about how
-cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
-application or EVP_CIPHER code releases its last reference to an ENGINE, the
-ENGINE_PILE code may still have references and thus those ENGINEs will stay
-hooked in forever). The way this is handled is via "unregistration". With these
-new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
-is an algorithm-agnostic process. Even if initialised, it will not have
-registered any of its implementations (to do so would link all class "table"
-code despite the fact the application may use only ciphers, for example). This
-is deliberately a distinct step. Moreover, registration and unregistration has
-nothing to do with whether an ENGINE is *functional* or not (ie. you can even
-register an ENGINE and its implementations without it being operational, you may
-not even have the drivers to make it operate). What actually happens with
-respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
-functions. These functions are internal-only and each part of ENGINE code that
-could require cleanup will, upon performing its first allocation, register a
-callback with the "engine_cleanup" code. The other part of this that makes it
-tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
-initialised state. So if RSA code asks for an ENGINE and no ENGINE has
-registered an implementation, the code will simply return NULL and the tb_rsa.c
-state will be unchanged. Thus, no cleanup is required unless registration takes
-place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
-callbacks calling each in turn, and will then internally delete its own storage
-(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
-part of a gracefull restart and the application wants to cleanup all state then
-start again), the internal STACK storage will be freshly allocated. This is much
-the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
-initialised state, so only modification operations (not queries) will cause that
-code to have to register a cleanup.
-
-What else? The bignum callbacks and associated ENGINE functions have been
-removed for two obvious reasons; (i) there was no way to generalise them to the
-mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
-method, and (ii) because of (i), there was no meaningful way for library or
-application code to automatically hook and use ENGINE supplied bignum functions
-anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
-exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
-one and now certainly doesn't make sense in any generalised way. Some of the
-RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
-changes have now, as a consequence, been reverted back. This is because the
-hooking of ENGINE is now automatic (and passive, it can interally use a NULL
-ENGINE pointer to simply ignore ENGINE from then on).
-
-Hell, that should be enough for now ... comments welcome: geoff@openssl.org
-
diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
deleted file mode 100644
index 6093376df4..0000000000
--- a/crypto/engine/eng_all.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "eng_int.h"
-
-void ENGINE_load_builtin_engines(void)
-	{
-	/* Some ENGINEs need this */
-	OPENSSL_cpuid_setup();
-#if 0
-	/* There's no longer any need for an "openssl" ENGINE unless, one day,
-	 * it is the *only* way for standard builtin implementations to be be
-	 * accessed (ie. it would be possible to statically link binaries with
-	 * *no* builtin implementations). */
-	ENGINE_load_openssl();
-#endif
-#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
-	ENGINE_load_cryptodev();
-#endif
-#ifndef OPENSSL_NO_RSAX
-	ENGINE_load_rsax();
-#endif
-#ifndef OPENSSL_NO_RDRAND
-	ENGINE_load_rdrand();
-#endif
-	ENGINE_load_dynamic();
-#ifndef OPENSSL_NO_STATIC_ENGINE
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_4758_CCA
-	ENGINE_load_4758cca();
-#endif
-#ifndef OPENSSL_NO_HW_AEP
-	ENGINE_load_aep();
-#endif
-#ifndef OPENSSL_NO_HW_ATALLA
-	ENGINE_load_atalla();
-#endif
-#ifndef OPENSSL_NO_HW_CSWIFT
-	ENGINE_load_cswift();
-#endif
-#ifndef OPENSSL_NO_HW_NCIPHER
-	ENGINE_load_chil();
-#endif
-#ifndef OPENSSL_NO_HW_NURON
-	ENGINE_load_nuron();
-#endif
-#ifndef OPENSSL_NO_HW_SUREWARE
-	ENGINE_load_sureware();
-#endif
-#ifndef OPENSSL_NO_HW_UBSEC
-	ENGINE_load_ubsec();
-#endif
-#ifndef OPENSSL_NO_HW_PADLOCK
-	ENGINE_load_padlock();
-#endif
-#endif
-#ifndef OPENSSL_NO_GOST
-	ENGINE_load_gost();
-#endif
-#ifndef OPENSSL_NO_GMP
-	ENGINE_load_gmp();
-#endif
-#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
-	ENGINE_load_capi();
-#endif
-#endif
-	ENGINE_register_all_complete();
-	}
-
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-void ENGINE_setup_bsd_cryptodev(void) {
-	static int bsd_cryptodev_default_loaded = 0;
-	if (!bsd_cryptodev_default_loaded) {
-		ENGINE_load_cryptodev();
-		ENGINE_register_all_complete();
-	}
-	bsd_cryptodev_default_loaded=1;
-}
-#endif
diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c
deleted file mode 100644
index 95c4070015..0000000000
--- a/crypto/engine/eng_cnf.c
+++ /dev/null
@@ -1,259 +0,0 @@
-/* eng_cnf.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-#include <openssl/conf.h>
-
-/* #define ENGINE_CONF_DEBUG */
-
-/* ENGINE config module */
-
-static char *skip_dot(char *name)
-	{
-	char *p;
-	p = strchr(name, '.');
-	if (p)
-		return p + 1;
-	return name;
-	}
-
-static STACK_OF(ENGINE) *initialized_engines = NULL;
-
-static int int_engine_init(ENGINE *e)
-	{
-	if (!ENGINE_init(e))
-		return 0;
-	if (!initialized_engines)
-		initialized_engines = sk_ENGINE_new_null();
-	if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e))
-		{
-		ENGINE_finish(e);
-		return 0;
-		}
-	return 1;
-	}
-	
-
-static int int_engine_configure(char *name, char *value, const CONF *cnf)
-	{
-	int i;
-	int ret = 0;
-	long do_init = -1;
-	STACK_OF(CONF_VALUE) *ecmds;
-	CONF_VALUE *ecmd = NULL;
-	char *ctrlname, *ctrlvalue;
-	ENGINE *e = NULL;
-	int soft = 0;
-
-	name = skip_dot(name);
-#ifdef ENGINE_CONF_DEBUG
-	fprintf(stderr, "Configuring engine %s\n", name);
-#endif
-	/* Value is a section containing ENGINE commands */
-	ecmds = NCONF_get_section(cnf, value);
-
-	if (!ecmds)
-		{
-		ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);
-		return 0;
-		}
-
-	for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)
-		{
-		ecmd = sk_CONF_VALUE_value(ecmds, i);
-		ctrlname = skip_dot(ecmd->name);
-		ctrlvalue = ecmd->value;
-#ifdef ENGINE_CONF_DEBUG
-	fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);
-#endif
-
-		/* First handle some special pseudo ctrls */
-
-		/* Override engine name to use */
-		if (!strcmp(ctrlname, "engine_id"))
-			name = ctrlvalue;
-		else if (!strcmp(ctrlname, "soft_load"))
-			soft = 1;
-		/* Load a dynamic ENGINE */
-		else if (!strcmp(ctrlname, "dynamic_path"))
-			{
-			e = ENGINE_by_id("dynamic");
-			if (!e)
-				goto err;
-			if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
-				goto err;
-			if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
-				goto err;
-			if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
-				goto err;
-			}
-		/* ... add other pseudos here ... */
-		else
-			{
-			/* At this point we need an ENGINE structural reference
-			 * if we don't already have one.
-			 */
-			if (!e)
-				{
-				e = ENGINE_by_id(name);
-				if (!e && soft)
-					{
-					ERR_clear_error();
-					return 1;
-					}
-				if (!e)
-					goto err;
-				}
-			/* Allow "EMPTY" to mean no value: this allows a valid
-			 * "value" to be passed to ctrls of type NO_INPUT
-		 	 */
-			if (!strcmp(ctrlvalue, "EMPTY"))
-				ctrlvalue = NULL;
-			if (!strcmp(ctrlname, "init"))
-				{
-				if (!NCONF_get_number_e(cnf, value, "init", &do_init))
-					goto err;
-				if (do_init == 1)
-					{
-					if (!int_engine_init(e))
-						goto err;
-					}
-				else if (do_init != 0)
-					{
-					ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);
-					goto err;
-					}
-				}
-			else if (!strcmp(ctrlname, "default_algorithms"))
-				{
-				if (!ENGINE_set_default_string(e, ctrlvalue))
-					goto err;
-				}
-			else if (!ENGINE_ctrl_cmd_string(e,
-					ctrlname, ctrlvalue, 0))
-				goto err;
-			}
-
-
-
-		}
-	if (e && (do_init == -1) && !int_engine_init(e))
-		{
-		ecmd = NULL;
-		goto err;
-		}
-	ret = 1;
-	err:
-	if (ret != 1)
-		{
-		ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR);
-		if (ecmd)
-			ERR_add_error_data(6, "section=", ecmd->section, 
-						", name=", ecmd->name,
-						", value=", ecmd->value);
-		}
-	if (e)
-		ENGINE_free(e);
-	return ret;
-	}
-
-
-static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
-	{
-	STACK_OF(CONF_VALUE) *elist;
-	CONF_VALUE *cval;
-	int i;
-#ifdef ENGINE_CONF_DEBUG
-	fprintf(stderr, "Called engine module: name %s, value %s\n",
-			CONF_imodule_get_name(md), CONF_imodule_get_value(md));
-#endif
-	/* Value is a section containing ENGINEs to configure */
-	elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
-
-	if (!elist)
-		{
-		ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
-		return 0;
-		}
-
-	for (i = 0; i < sk_CONF_VALUE_num(elist); i++)
-		{
-		cval = sk_CONF_VALUE_value(elist, i);
-		if (!int_engine_configure(cval->name, cval->value, cnf))
-			return 0;
-		}
-
-	return 1;
-	}
-
-static void int_engine_module_finish(CONF_IMODULE *md)
-	{
-	ENGINE *e;
-	while ((e = sk_ENGINE_pop(initialized_engines)))
-		ENGINE_finish(e);
-	sk_ENGINE_free(initialized_engines);
-	initialized_engines = NULL;
-	}
-	
-
-void ENGINE_add_conf_module(void)
-	{
-	CONF_module_add("engines",
-			int_engine_module_init,
-			int_engine_module_finish);
-	}
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
deleted file mode 100644
index 5a715aca4f..0000000000
--- a/crypto/engine/eng_cryptodev.c
+++ /dev/null
@@ -1,1450 +0,0 @@
-/*
- * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
- * Copyright (c) 2002 Markus Friedl
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <openssl/objects.h>
-#include <openssl/engine.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
-	(defined(OpenBSD) || defined(__FreeBSD__))
-#include <sys/param.h>
-# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
-#  define HAVE_CRYPTODEV
-# endif
-# if (OpenBSD >= 200110)
-#  define HAVE_SYSLOG_R
-# endif
-#endif
-
-#ifndef HAVE_CRYPTODEV
-
-void
-ENGINE_load_cryptodev(void)
-{
-	/* This is a NOP on platforms without /dev/crypto */
-	return;
-}
-
-#else 
- 
-#include <sys/types.h>
-#include <crypto/cryptodev.h>
-#include <crypto/dh/dh.h>
-#include <crypto/dsa/dsa.h>
-#include <crypto/err/err.h>
-#include <crypto/rsa/rsa.h>
-#include <sys/ioctl.h>
-#include <errno.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <stdarg.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-
-struct dev_crypto_state {
-	struct session_op d_sess;
-	int d_fd;
-
-#ifdef USE_CRYPTODEV_DIGESTS
-	char dummy_mac_key[HASH_MAX_LEN];
-
-	unsigned char digest_res[HASH_MAX_LEN];
-	char *mac_data;
-	int mac_len;
-#endif
-};
-
-static u_int32_t cryptodev_asymfeat = 0;
-
-static int get_asym_dev_crypto(void);
-static int open_dev_crypto(void);
-static int get_dev_crypto(void);
-static int get_cryptodev_ciphers(const int **cnids);
-#ifdef USE_CRYPTODEV_DIGESTS
-static int get_cryptodev_digests(const int **cnids);
-#endif
-static int cryptodev_usable_ciphers(const int **nids);
-static int cryptodev_usable_digests(const int **nids);
-static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t inl);
-static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-    const unsigned char *iv, int enc);
-static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
-static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-    const int **nids, int nid);
-static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-    const int **nids, int nid);
-static int bn2crparam(const BIGNUM *a, struct crparam *crp);
-static int crparam2bn(struct crparam *crp, BIGNUM *a);
-static void zapparams(struct crypt_kop *kop);
-static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
-    int slen, BIGNUM *s);
-
-static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
-    RSA *rsa, BN_CTX *ctx);
-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-    BN_CTX *ctx, BN_MONT_CTX *mont);
-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
-    int dlen, DSA *dsa);
-static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
-    DSA_SIG *sig, DSA *dsa);
-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-    BN_MONT_CTX *m_ctx);
-static int cryptodev_dh_compute_key(unsigned char *key,
-    const BIGNUM *pub_key, DH *dh);
-static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-    void (*f)(void));
-void ENGINE_load_cryptodev(void);
-
-static const ENGINE_CMD_DEFN cryptodev_defns[] = {
-	{ 0, NULL, NULL, 0 }
-};
-
-static struct {
-	int	id;
-	int	nid;
-	int	ivmax;
-	int	keylen;
-} ciphers[] = {
-	{ CRYPTO_ARC4,			NID_rc4,		0,	16, },
-	{ CRYPTO_DES_CBC,		NID_des_cbc,		8,	 8, },
-	{ CRYPTO_3DES_CBC,		NID_des_ede3_cbc,	8,	24, },
-	{ CRYPTO_AES_CBC,		NID_aes_128_cbc,	16,	16, },
-	{ CRYPTO_AES_CBC,		NID_aes_192_cbc,	16,	24, },
-	{ CRYPTO_AES_CBC,		NID_aes_256_cbc,	16,	32, },
-	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },
-	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },
-	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },
-	{ 0,				NID_undef,		0,	 0, },
-};
-
-#ifdef USE_CRYPTODEV_DIGESTS
-static struct {
-	int	id;
-	int	nid;
-	int 	keylen;
-} digests[] = {
-	{ CRYPTO_MD5_HMAC,		NID_hmacWithMD5,	16},
-	{ CRYPTO_SHA1_HMAC,		NID_hmacWithSHA1,	20},
-	{ CRYPTO_RIPEMD160_HMAC,	NID_ripemd160,		16/*?*/},
-	{ CRYPTO_MD5_KPDK,		NID_undef,		0},
-	{ CRYPTO_SHA1_KPDK,		NID_undef,		0},
-	{ CRYPTO_MD5,			NID_md5,		16},
-	{ CRYPTO_SHA1,			NID_sha1,		20},
-	{ 0,				NID_undef,		0},
-};
-#endif
-
-/*
- * Return a fd if /dev/crypto seems usable, 0 otherwise.
- */
-static int
-open_dev_crypto(void)
-{
-	static int fd = -1;
-
-	if (fd == -1) {
-		if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-			return (-1);
-		/* close on exec */
-		if (fcntl(fd, F_SETFD, 1) == -1) {
-			close(fd);
-			fd = -1;
-			return (-1);
-		}
-	}
-	return (fd);
-}
-
-static int
-get_dev_crypto(void)
-{
-	int fd, retfd;
-
-	if ((fd = open_dev_crypto()) == -1)
-		return (-1);
-#ifndef CRIOGET_NOT_NEEDED
-	if (ioctl(fd, CRIOGET, &retfd) == -1)
-		return (-1);
-
-	/* close on exec */
-	if (fcntl(retfd, F_SETFD, 1) == -1) {
-		close(retfd);
-		return (-1);
-	}
-#else
-        retfd = fd;
-#endif
-	return (retfd);
-}
-
-static void put_dev_crypto(int fd)
-{
-#ifndef CRIOGET_NOT_NEEDED
-	close(fd);
-#endif
-}
-
-/* Caching version for asym operations */
-static int
-get_asym_dev_crypto(void)
-{
-	static int fd = -1;
-
-	if (fd == -1)
-		fd = get_dev_crypto();
-	return fd;
-}
-
-/*
- * Find out what ciphers /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
- * returning them here is harmless, as long as we return NULL
- * when asked for a handler in the cryptodev_engine_ciphers routine
- */
-static int
-get_cryptodev_ciphers(const int **cnids)
-{
-	static int nids[CRYPTO_ALGORITHM_MAX];
-	struct session_op sess;
-	int fd, i, count = 0;
-
-	if ((fd = get_dev_crypto()) < 0) {
-		*cnids = NULL;
-		return (0);
-	}
-	memset(&sess, 0, sizeof(sess));
-	sess.key = (caddr_t)"123456789abcdefghijklmno";
-
-	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-		if (ciphers[i].nid == NID_undef)
-			continue;
-		sess.cipher = ciphers[i].id;
-		sess.keylen = ciphers[i].keylen;
-		sess.mac = 0;
-		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-			nids[count++] = ciphers[i].nid;
-	}
-	put_dev_crypto(fd);
-
-	if (count > 0)
-		*cnids = nids;
-	else
-		*cnids = NULL;
-	return (count);
-}
-
-#ifdef USE_CRYPTODEV_DIGESTS
-/*
- * Find out what digests /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
- * returning them here is harmless, as long as we return NULL
- * when asked for a handler in the cryptodev_engine_digests routine
- */
-static int
-get_cryptodev_digests(const int **cnids)
-{
-	static int nids[CRYPTO_ALGORITHM_MAX];
-	struct session_op sess;
-	int fd, i, count = 0;
-
-	if ((fd = get_dev_crypto()) < 0) {
-		*cnids = NULL;
-		return (0);
-	}
-	memset(&sess, 0, sizeof(sess));
-	sess.mackey = (caddr_t)"123456789abcdefghijklmno";
-	for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-		if (digests[i].nid == NID_undef)
-			continue;
-		sess.mac = digests[i].id;
-		sess.mackeylen = digests[i].keylen;
-		sess.cipher = 0;
-		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-			nids[count++] = digests[i].nid;
-	}
-	put_dev_crypto(fd);
-
-	if (count > 0)
-		*cnids = nids;
-	else
-		*cnids = NULL;
-	return (count);
-}
-#endif  /* 0 */
-
-/*
- * Find the useable ciphers|digests from dev/crypto - this is the first
- * thing called by the engine init crud which determines what it
- * can use for ciphers from this engine. We want to return
- * only what we can do, anythine else is handled by software.
- *
- * If we can't initialize the device to do anything useful for
- * any reason, we want to return a NULL array, and 0 length,
- * which forces everything to be done is software. By putting
- * the initalization of the device in here, we ensure we can
- * use this engine as the default, and if for whatever reason
- * /dev/crypto won't do what we want it will just be done in
- * software
- *
- * This can (should) be greatly expanded to perhaps take into
- * account speed of the device, and what we want to do.
- * (although the disabling of particular alg's could be controlled
- * by the device driver with sysctl's.) - this is where we
- * want most of the decisions made about what we actually want
- * to use from /dev/crypto.
- */
-static int
-cryptodev_usable_ciphers(const int **nids)
-{
-	return (get_cryptodev_ciphers(nids));
-}
-
-static int
-cryptodev_usable_digests(const int **nids)
-{
-#ifdef USE_CRYPTODEV_DIGESTS
-	return (get_cryptodev_digests(nids));
-#else
-	/*
-	 * XXXX just disable all digests for now, because it sucks.
-	 * we need a better way to decide this - i.e. I may not
-	 * want digests on slow cards like hifn on fast machines,
-	 * but might want them on slow or loaded machines, etc.
-	 * will also want them when using crypto cards that don't
-	 * suck moose gonads - would be nice to be able to decide something
-	 * as reasonable default without having hackery that's card dependent.
-	 * of course, the default should probably be just do everything,
-	 * with perhaps a sysctl to turn algoritms off (or have them off
-	 * by default) on cards that generally suck like the hifn.
-	 */
-	*nids = NULL;
-	return (0);
-#endif
-}
-
-static int
-cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t inl)
-{
-	struct crypt_op cryp;
-	struct dev_crypto_state *state = ctx->cipher_data;
-	struct session_op *sess = &state->d_sess;
-	const void *iiv;
-	unsigned char save_iv[EVP_MAX_IV_LENGTH];
-
-	if (state->d_fd < 0)
-		return (0);
-	if (!inl)
-		return (1);
-	if ((inl % ctx->cipher->block_size) != 0)
-		return (0);
-
-	memset(&cryp, 0, sizeof(cryp));
-
-	cryp.ses = sess->ses;
-	cryp.flags = 0;
-	cryp.len = inl;
-	cryp.src = (caddr_t) in;
-	cryp.dst = (caddr_t) out;
-	cryp.mac = 0;
-
-	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
-	if (ctx->cipher->iv_len) {
-		cryp.iv = (caddr_t) ctx->iv;
-		if (!ctx->encrypt) {
-			iiv = in + inl - ctx->cipher->iv_len;
-			memcpy(save_iv, iiv, ctx->cipher->iv_len);
-		}
-	} else
-		cryp.iv = NULL;
-
-	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
-		/* XXX need better errror handling
-		 * this can fail for a number of different reasons.
-		 */
-		return (0);
-	}
-
-	if (ctx->cipher->iv_len) {
-		if (ctx->encrypt)
-			iiv = out + inl - ctx->cipher->iv_len;
-		else
-			iiv = save_iv;
-		memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
-	}
-	return (1);
-}
-
-static int
-cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-    const unsigned char *iv, int enc)
-{
-	struct dev_crypto_state *state = ctx->cipher_data;
-	struct session_op *sess = &state->d_sess;
-	int cipher = -1, i;
-
-	for (i = 0; ciphers[i].id; i++)
-		if (ctx->cipher->nid == ciphers[i].nid &&
-		    ctx->cipher->iv_len <= ciphers[i].ivmax &&
-		    ctx->key_len == ciphers[i].keylen) {
-			cipher = ciphers[i].id;
-			break;
-		}
-
-	if (!ciphers[i].id) {
-		state->d_fd = -1;
-		return (0);
-	}
-
-	memset(sess, 0, sizeof(struct session_op));
-
-	if ((state->d_fd = get_dev_crypto()) < 0)
-		return (0);
-
-	sess->key = (caddr_t)key;
-	sess->keylen = ctx->key_len;
-	sess->cipher = cipher;
-
-	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-		put_dev_crypto(state->d_fd);
-		state->d_fd = -1;
-		return (0);
-	}
-	return (1);
-}
-
-/*
- * free anything we allocated earlier when initting a
- * session, and close the session.
- */
-static int
-cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
-{
-	int ret = 0;
-	struct dev_crypto_state *state = ctx->cipher_data;
-	struct session_op *sess = &state->d_sess;
-
-	if (state->d_fd < 0)
-		return (0);
-
-	/* XXX if this ioctl fails, someting's wrong. the invoker
-	 * may have called us with a bogus ctx, or we could
-	 * have a device that for whatever reason just doesn't
-	 * want to play ball - it's not clear what's right
-	 * here - should this be an error? should it just
-	 * increase a counter, hmm. For right now, we return
-	 * 0 - I don't believe that to be "right". we could
-	 * call the gorpy openssl lib error handlers that
-	 * print messages to users of the library. hmm..
-	 */
-
-	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
-		ret = 0;
-	} else {
-		ret = 1;
-	}
-	put_dev_crypto(state->d_fd);
-	state->d_fd = -1;
-
-	return (ret);
-}
-
-/*
- * libcrypto EVP stuff - this is how we get wired to EVP so the engine
- * gets called when libcrypto requests a cipher NID.
- */
-
-/* RC4 */
-const EVP_CIPHER cryptodev_rc4 = {
-	NID_rc4,
-	1, 16, 0,
-	EVP_CIPH_VARIABLE_LENGTH,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	NULL,
-	NULL,
-	NULL
-};
-
-/* DES CBC EVP */
-const EVP_CIPHER cryptodev_des_cbc = {
-	NID_des_cbc,
-	8, 8, 8,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-/* 3DES CBC EVP */
-const EVP_CIPHER cryptodev_3des_cbc = {
-	NID_des_ede3_cbc,
-	8, 24, 8,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-const EVP_CIPHER cryptodev_bf_cbc = {
-	NID_bf_cbc,
-	8, 16, 8,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-const EVP_CIPHER cryptodev_cast_cbc = {
-	NID_cast5_cbc,
-	8, 16, 8,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-const EVP_CIPHER cryptodev_aes_cbc = {
-	NID_aes_128_cbc,
-	16, 16, 16,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-const EVP_CIPHER cryptodev_aes_192_cbc = {
-	NID_aes_192_cbc,
-	16, 24, 16,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-const EVP_CIPHER cryptodev_aes_256_cbc = {
-	NID_aes_256_cbc,
-	16, 32, 16,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
-};
-
-/*
- * Registered by the ENGINE when used to find out how to deal with
- * a particular NID in the ENGINE. this says what we'll do at the
- * top level - note, that list is restricted by what we answer with
- */
-static int
-cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-    const int **nids, int nid)
-{
-	if (!cipher)
-		return (cryptodev_usable_ciphers(nids));
-
-	switch (nid) {
-	case NID_rc4:
-		*cipher = &cryptodev_rc4;
-		break;
-	case NID_des_ede3_cbc:
-		*cipher = &cryptodev_3des_cbc;
-		break;
-	case NID_des_cbc:
-		*cipher = &cryptodev_des_cbc;
-		break;
-	case NID_bf_cbc:
-		*cipher = &cryptodev_bf_cbc;
-		break;
-	case NID_cast5_cbc:
-		*cipher = &cryptodev_cast_cbc;
-		break;
-	case NID_aes_128_cbc:
-		*cipher = &cryptodev_aes_cbc;
-		break;
-	case NID_aes_192_cbc:
-		*cipher = &cryptodev_aes_192_cbc;
-		break;
-	case NID_aes_256_cbc:
-		*cipher = &cryptodev_aes_256_cbc;
-		break;
-	default:
-		*cipher = NULL;
-		break;
-	}
-	return (*cipher != NULL);
-}
-
-
-#ifdef USE_CRYPTODEV_DIGESTS
-
-/* convert digest type to cryptodev */
-static int
-digest_nid_to_cryptodev(int nid)
-{
-	int i;
-
-	for (i = 0; digests[i].id; i++)
-		if (digests[i].nid == nid)
-			return (digests[i].id);
-	return (0);
-}
-
-
-static int
-digest_key_length(int nid)
-{
-	int i;
-
-	for (i = 0; digests[i].id; i++)
-		if (digests[i].nid == nid)
-			return digests[i].keylen;
-	return (0);
-}
-
-
-static int cryptodev_digest_init(EVP_MD_CTX *ctx)
-{
-	struct dev_crypto_state *state = ctx->md_data;
-	struct session_op *sess = &state->d_sess;
-	int digest;
-
-	if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
-		printf("cryptodev_digest_init: Can't get digest \n");
-		return (0);
-	}
-
-	memset(state, 0, sizeof(struct dev_crypto_state));
-
-	if ((state->d_fd = get_dev_crypto()) < 0) {
-		printf("cryptodev_digest_init: Can't get Dev \n");
-		return (0);
-	}
-
-	sess->mackey = state->dummy_mac_key;
-	sess->mackeylen = digest_key_length(ctx->digest->type);
-	sess->mac = digest;
-
-	if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-		put_dev_crypto(state->d_fd);
-		state->d_fd = -1;
-		printf("cryptodev_digest_init: Open session failed\n");
-		return (0);
-	}
-
-	return (1);
-}
-
-static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
-		size_t count)
-{
-	struct crypt_op cryp;
-	struct dev_crypto_state *state = ctx->md_data;
-	struct session_op *sess = &state->d_sess;
-
-	if (!data || state->d_fd < 0) {
-		printf("cryptodev_digest_update: illegal inputs \n");
-		return (0);
-	}
-
-	if (!count) {
-		return (0);
-	}
-
-	if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-		/* if application doesn't support one buffer */
-		state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
-
-		if (!state->mac_data) {
-			printf("cryptodev_digest_update: realloc failed\n");
-			return (0);
-		}
-
-		memcpy(state->mac_data + state->mac_len, data, count);
-   		state->mac_len += count;
-	
-		return (1);
-	}
-
-	memset(&cryp, 0, sizeof(cryp));
-
-	cryp.ses = sess->ses;
-	cryp.flags = 0;
-	cryp.len = count;
-	cryp.src = (caddr_t) data;
-	cryp.dst = NULL;
-	cryp.mac = (caddr_t) state->digest_res;
-	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-		printf("cryptodev_digest_update: digest failed\n");
-		return (0);
-	}
-	return (1);
-}
-
-
-static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-	struct crypt_op cryp;
-	struct dev_crypto_state *state = ctx->md_data;
-	struct session_op *sess = &state->d_sess;
-
-	int ret = 1;
-
-	if (!md || state->d_fd < 0) {
-		printf("cryptodev_digest_final: illegal input\n");
-		return(0);
-	}
-
-	if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
-		/* if application doesn't support one buffer */
-		memset(&cryp, 0, sizeof(cryp));
-		cryp.ses = sess->ses;
-		cryp.flags = 0;
-		cryp.len = state->mac_len;
-		cryp.src = state->mac_data;
-		cryp.dst = NULL;
-		cryp.mac = (caddr_t)md;
-		if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
-			printf("cryptodev_digest_final: digest failed\n");
-			return (0);
-		}
-
-		return 1;
-	}
-
-	memcpy(md, state->digest_res, ctx->digest->md_size);
-
-	return (ret);
-}
-
-
-static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
-{
-	int ret = 1;
-	struct dev_crypto_state *state = ctx->md_data;
-	struct session_op *sess = &state->d_sess;
-
-	if (state == NULL)
-	  return 0;
-
-	if (state->d_fd < 0) {
-		printf("cryptodev_digest_cleanup: illegal input\n");
-		return (0);
-	}
-
-	if (state->mac_data) {
-		OPENSSL_free(state->mac_data);
-		state->mac_data = NULL;
-		state->mac_len = 0;
-	}
-
-	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
-		printf("cryptodev_digest_cleanup: failed to close session\n");
-		ret = 0;
-	} else {
-		ret = 1;
-	}
-	put_dev_crypto(state->d_fd);	
-	state->d_fd = -1;
-
-	return (ret);
-}
-
-static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
-{
-	struct dev_crypto_state *fstate = from->md_data;
-	struct dev_crypto_state *dstate = to->md_data;
-	struct session_op *sess;
-	int digest;
-
-	if (dstate == NULL || fstate == NULL)
-	  return 1;
-
-       	memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
-
-	sess = &dstate->d_sess;
-
-	digest = digest_nid_to_cryptodev(to->digest->type);
-
-	sess->mackey = dstate->dummy_mac_key;
-	sess->mackeylen = digest_key_length(to->digest->type);
-	sess->mac = digest;
-
-	dstate->d_fd = get_dev_crypto();
-
-	if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
-		put_dev_crypto(dstate->d_fd);
-		dstate->d_fd = -1;
-		printf("cryptodev_digest_init: Open session failed\n");
-		return (0);
-	}
-
-	if (fstate->mac_len != 0) {
-	        if (fstate->mac_data != NULL)
-	                {
-        		dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-	        	memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
-           		dstate->mac_len = fstate->mac_len;
-	        	}
-	}
-
-	return 1;
-}
-
-
-const EVP_MD cryptodev_sha1 = {
-	NID_sha1,
-	NID_undef, 
-	SHA_DIGEST_LENGTH, 
-	EVP_MD_FLAG_ONESHOT,
-	cryptodev_digest_init,
-	cryptodev_digest_update,
-	cryptodev_digest_final,
-	cryptodev_digest_copy,
-	cryptodev_digest_cleanup,
-	EVP_PKEY_NULL_method,
-	SHA_CBLOCK,
-	sizeof(struct dev_crypto_state),
-};
-
-const EVP_MD cryptodev_md5 = {
-	NID_md5,
-	NID_undef, 
-	16 /* MD5_DIGEST_LENGTH */, 
-	EVP_MD_FLAG_ONESHOT,
-	cryptodev_digest_init,
-	cryptodev_digest_update,
-	cryptodev_digest_final,
-	cryptodev_digest_copy,
-	cryptodev_digest_cleanup,
-	EVP_PKEY_NULL_method,
-	64 /* MD5_CBLOCK */,
-	sizeof(struct dev_crypto_state),
-};
-
-#endif /* USE_CRYPTODEV_DIGESTS */
-
-
-static int
-cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-    const int **nids, int nid)
-{
-	if (!digest)
-		return (cryptodev_usable_digests(nids));
-
-	switch (nid) {
-#ifdef USE_CRYPTODEV_DIGESTS
-	case NID_md5:
-		*digest = &cryptodev_md5; 
-		break;
-	case NID_sha1:
-		*digest = &cryptodev_sha1;
- 		break;
-	default:
-#endif /* USE_CRYPTODEV_DIGESTS */
-		*digest = NULL;
-		break;
-	}
-	return (*digest != NULL);
-}
-
-/*
- * Convert a BIGNUM to the representation that /dev/crypto needs.
- * Upon completion of use, the caller is responsible for freeing
- * crp->crp_p.
- */
-static int
-bn2crparam(const BIGNUM *a, struct crparam *crp)
-{
-	int i, j, k;
-	ssize_t bytes, bits;
-	u_char *b;
-
-	crp->crp_p = NULL;
-	crp->crp_nbits = 0;
-
-	bits = BN_num_bits(a);
-	bytes = (bits + 7) / 8;
-
-	b = malloc(bytes);
-	if (b == NULL)
-		return (1);
-	memset(b, 0, bytes);
-
-	crp->crp_p = (caddr_t) b;
-	crp->crp_nbits = bits;
-
-	for (i = 0, j = 0; i < a->top; i++) {
-		for (k = 0; k < BN_BITS2 / 8; k++) {
-			if ((j + k) >= bytes)
-				return (0);
-			b[j + k] = a->d[i] >> (k * 8);
-		}
-		j += BN_BITS2 / 8;
-	}
-	return (0);
-}
-
-/* Convert a /dev/crypto parameter to a BIGNUM */
-static int
-crparam2bn(struct crparam *crp, BIGNUM *a)
-{
-	u_int8_t *pd;
-	int i, bytes;
-
-	bytes = (crp->crp_nbits + 7) / 8;
-
-	if (bytes == 0)
-		return (-1);
-
-	if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
-		return (-1);
-
-	for (i = 0; i < bytes; i++)
-		pd[i] = crp->crp_p[bytes - i - 1];
-
-	BN_bin2bn(pd, bytes, a);
-	free(pd);
-
-	return (0);
-}
-
-static void
-zapparams(struct crypt_kop *kop)
-{
-	int i;
-
-	for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
-		if (kop->crk_param[i].crp_p)
-			free(kop->crk_param[i].crp_p);
-		kop->crk_param[i].crp_p = NULL;
-		kop->crk_param[i].crp_nbits = 0;
-	}
-}
-
-static int
-cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
-{
-	int fd, ret = -1;
-
-	if ((fd = get_asym_dev_crypto()) < 0)
-		return (ret);
-
-	if (r) {
-		kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-		kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-		kop->crk_oparams++;
-	}
-	if (s) {
-		kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-		kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-		kop->crk_oparams++;
-	}
-
-	if (ioctl(fd, CIOCKEY, kop) == 0) {
-		if (r)
-			crparam2bn(&kop->crk_param[kop->crk_iparams], r);
-		if (s)
-			crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
-		ret = 0;
-	}
-
-	return (ret);
-}
-
-static int
-cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
-	struct crypt_kop kop;
-	int ret = 1;
-
-	/* Currently, we know we can do mod exp iff we can do any
-	 * asymmetric operations at all.
-	 */
-	if (cryptodev_asymfeat == 0) {
-		ret = BN_mod_exp(r, a, p, m, ctx);
-		return (ret);
-	}
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_MOD_EXP;
-
-	/* inputs: a^p % m */
-	if (bn2crparam(a, &kop.crk_param[0]))
-		goto err;
-	if (bn2crparam(p, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(m, &kop.crk_param[2]))
-		goto err;
-	kop.crk_iparams = 3;
-
-	if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		printf("OCF asym process failed, Running in software\n");
-		ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-
-	} else if (ECANCELED == kop.crk_status) {
-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		printf("OCF hardware operation cancelled. Running in Software\n");
-		ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-	}
-	/* else cryptodev operation worked ok ==> ret = 1*/
-
-err:
-	zapparams(&kop);
-	return (ret);
-}
-
-static int
-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
-	int r;
-	ctx = BN_CTX_new();
-	r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
-	BN_CTX_free(ctx);
-	return (r);
-}
-
-static int
-cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
-	struct crypt_kop kop;
-	int ret = 1;
-
-	if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
-		/* XXX 0 means failure?? */
-		return (0);
-	}
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_MOD_EXP_CRT;
-	/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-	if (bn2crparam(rsa->p, &kop.crk_param[0]))
-		goto err;
-	if (bn2crparam(rsa->q, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(I, &kop.crk_param[2]))
-		goto err;
-	if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
-		goto err;
-	if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
-		goto err;
-	if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
-		goto err;
-	kop.crk_iparams = 6;
-
-	if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		printf("OCF asym process failed, running in Software\n");
-		ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-
-	} else if (ECANCELED == kop.crk_status) {
-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		printf("OCF hardware operation cancelled. Running in Software\n");
-		ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-	}
-	/* else cryptodev operation worked ok ==> ret = 1*/
-
-err:
-	zapparams(&kop);
-	return (ret);
-}
-
-static RSA_METHOD cryptodev_rsa = {
-	"cryptodev RSA method",
-	NULL,				/* rsa_pub_enc */
-	NULL,				/* rsa_pub_dec */
-	NULL,				/* rsa_priv_enc */
-	NULL,				/* rsa_priv_dec */
-	NULL,
-	NULL,
-	NULL,				/* init */
-	NULL,				/* finish */
-	0,				/* flags */
-	NULL,				/* app_data */
-	NULL,				/* rsa_sign */
-	NULL				/* rsa_verify */
-};
-
-static int
-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
-	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-}
-
-static int
-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-    BN_CTX *ctx, BN_MONT_CTX *mont)
-{
-	BIGNUM t2;
-	int ret = 0;
-
-	BN_init(&t2);
-
-	/* v = ( g^u1 * y^u2 mod p ) mod q */
-	/* let t1 = g ^ u1 mod p */
-	ret = 0;
-
-	if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
-		goto err;
-
-	/* let t2 = y ^ u2 mod p */
-	if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
-		goto err;
-	/* let u1 = t1 * t2 mod p */
-	if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
-		goto err;
-
-	BN_copy(t1,u1);
-
-	ret = 1;
-err:
-	BN_free(&t2);
-	return(ret);
-}
-
-static DSA_SIG *
-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-{
-	struct crypt_kop kop;
-	BIGNUM *r = NULL, *s = NULL;
-	DSA_SIG *dsaret = NULL;
-
-	if ((r = BN_new()) == NULL)
-		goto err;
-	if ((s = BN_new()) == NULL) {
-		BN_free(r);
-		goto err;
-	}
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_DSA_SIGN;
-
-	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-	kop.crk_param[0].crp_p = (caddr_t)dgst;
-	kop.crk_param[0].crp_nbits = dlen * 8;
-	if (bn2crparam(dsa->p, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(dsa->q, &kop.crk_param[2]))
-		goto err;
-	if (bn2crparam(dsa->g, &kop.crk_param[3]))
-		goto err;
-	if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
-		goto err;
-	kop.crk_iparams = 5;
-
-	if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
-	    BN_num_bytes(dsa->q), s) == 0) {
-		dsaret = DSA_SIG_new();
-		dsaret->r = r;
-		dsaret->s = s;
-	} else {
-		const DSA_METHOD *meth = DSA_OpenSSL();
-		BN_free(r);
-		BN_free(s);
-		dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-	}
-err:
-	kop.crk_param[0].crp_p = NULL;
-	zapparams(&kop);
-	return (dsaret);
-}
-
-static int
-cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
-    DSA_SIG *sig, DSA *dsa)
-{
-	struct crypt_kop kop;
-	int dsaret = 1;
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_DSA_VERIFY;
-
-	/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-	kop.crk_param[0].crp_p = (caddr_t)dgst;
-	kop.crk_param[0].crp_nbits = dlen * 8;
-	if (bn2crparam(dsa->p, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(dsa->q, &kop.crk_param[2]))
-		goto err;
-	if (bn2crparam(dsa->g, &kop.crk_param[3]))
-		goto err;
-	if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
-		goto err;
-	if (bn2crparam(sig->r, &kop.crk_param[5]))
-		goto err;
-	if (bn2crparam(sig->s, &kop.crk_param[6]))
-		goto err;
-	kop.crk_iparams = 7;
-
-	if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-/*OCF success value is 0, if not zero, change dsaret to fail*/
-		if(0 != kop.crk_status) dsaret  = 0;
-	} else {
-		const DSA_METHOD *meth = DSA_OpenSSL();
-
-		dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-	}
-err:
-	kop.crk_param[0].crp_p = NULL;
-	zapparams(&kop);
-	return (dsaret);
-}
-
-static DSA_METHOD cryptodev_dsa = {
-	"cryptodev DSA method",
-	NULL,
-	NULL,				/* dsa_sign_setup */
-	NULL,
-	NULL,				/* dsa_mod_exp */
-	NULL,
-	NULL,				/* init */
-	NULL,				/* finish */
-	0,	/* flags */
-	NULL	/* app_data */
-};
-
-static int
-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-    BN_MONT_CTX *m_ctx)
-{
-	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-}
-
-static int
-cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-{
-	struct crypt_kop kop;
-	int dhret = 1;
-	int fd, keylen;
-
-	if ((fd = get_asym_dev_crypto()) < 0) {
-		const DH_METHOD *meth = DH_OpenSSL();
-
-		return ((meth->compute_key)(key, pub_key, dh));
-	}
-
-	keylen = BN_num_bits(dh->p);
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_DH_COMPUTE_KEY;
-
-	/* inputs: dh->priv_key pub_key dh->p key */
-	if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-		goto err;
-	if (bn2crparam(pub_key, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(dh->p, &kop.crk_param[2]))
-		goto err;
-	kop.crk_iparams = 3;
-
-	kop.crk_param[3].crp_p = (caddr_t) key;
-	kop.crk_param[3].crp_nbits = keylen * 8;
-	kop.crk_oparams = 1;
-
-	if (ioctl(fd, CIOCKEY, &kop) == -1) {
-		const DH_METHOD *meth = DH_OpenSSL();
-
-		dhret = (meth->compute_key)(key, pub_key, dh);
-	}
-err:
-	kop.crk_param[3].crp_p = NULL;
-	zapparams(&kop);
-	return (dhret);
-}
-
-static DH_METHOD cryptodev_dh = {
-	"cryptodev DH method",
-	NULL,				/* cryptodev_dh_generate_key */
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	0,	/* flags */
-	NULL	/* app_data */
-};
-
-/*
- * ctrl right now is just a wrapper that doesn't do much
- * but I expect we'll want some options soon.
- */
-static int
-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-{
-#ifdef HAVE_SYSLOG_R
-	struct syslog_data sd = SYSLOG_DATA_INIT;
-#endif
-
-	switch (cmd) {
-	default:
-#ifdef HAVE_SYSLOG_R
-		syslog_r(LOG_ERR, &sd,
-		    "cryptodev_ctrl: unknown command %d", cmd);
-#else
-		syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
-#endif
-		break;
-	}
-	return (1);
-}
-
-void
-ENGINE_load_cryptodev(void)
-{
-	ENGINE *engine = ENGINE_new();
-	int fd;
-
-	if (engine == NULL)
-		return;
-	if ((fd = get_dev_crypto()) < 0) {
-		ENGINE_free(engine);
-		return;
-	}
-
-	/*
-	 * find out what asymmetric crypto algorithms we support
-	 */
-	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-		put_dev_crypto(fd);
-		ENGINE_free(engine);
-		return;
-	}
-	put_dev_crypto(fd);
-
-	if (!ENGINE_set_id(engine, "cryptodev") ||
-	    !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-	    !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
-	    !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
-	    !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
-	    !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
-		ENGINE_free(engine);
-		return;
-	}
-
-	if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
-		const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
-
-		cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
-		cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
-		cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
-		cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
-		cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
-		cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
-		if (cryptodev_asymfeat & CRF_MOD_EXP) {
-			cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
-			if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-				cryptodev_rsa.rsa_mod_exp =
-				    cryptodev_rsa_mod_exp;
-			else
-				cryptodev_rsa.rsa_mod_exp =
-				    cryptodev_rsa_nocrt_mod_exp;
-		}
-	}
-
-	if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
-		const DSA_METHOD *meth = DSA_OpenSSL();
-
-		memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
-		if (cryptodev_asymfeat & CRF_DSA_SIGN)
-			cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-		if (cryptodev_asymfeat & CRF_MOD_EXP) {
-			cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
-			cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
-		}
-		if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-			cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-	}
-
-	if (ENGINE_set_DH(engine, &cryptodev_dh)){
-		const DH_METHOD *dh_meth = DH_OpenSSL();
-
-		cryptodev_dh.generate_key = dh_meth->generate_key;
-		cryptodev_dh.compute_key = dh_meth->compute_key;
-		cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
-		if (cryptodev_asymfeat & CRF_MOD_EXP) {
-			cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
-			if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
-				cryptodev_dh.compute_key =
-				    cryptodev_dh_compute_key;
-		}
-	}
-
-	ENGINE_add(engine);
-	ENGINE_free(engine);
-	ERR_clear_error();
-}
-
-#endif /* HAVE_CRYPTODEV */
diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c
deleted file mode 100644
index 5ce25d92ec..0000000000
--- a/crypto/engine/eng_ctrl.c
+++ /dev/null
@@ -1,389 +0,0 @@
-/* crypto/engine/eng_ctrl.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* When querying a ENGINE-specific control command's 'description', this string
- * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
-static const char *int_no_description = "";
-
-/* These internal functions handle 'CMD'-related control commands when the
- * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
- * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
-
-static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
-	{
-	if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
-		return 1;
-	return 0;
-	}
-
-static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
-	{
-	int idx = 0;
-	while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
-		{
-		idx++;
-		defn++;
-		}
-	if(int_ctrl_cmd_is_null(defn))
-		/* The given name wasn't found */
-		return -1;
-	return idx;
-	}
-
-static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
-	{
-	int idx = 0;
-	/* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
-	 * our searches don't need to take any longer than necessary. */
-	while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
-		{
-		idx++;
-		defn++;
-		}
-	if(defn->cmd_num == num)
-		return idx;
-	/* The given cmd_num wasn't found */
-	return -1;
-	}
-
-static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
-			   void (*f)(void))
-	{
-	int idx;
-	char *s = (char *)p;
-	/* Take care of the easy one first (eg. it requires no searches) */
-	if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
-		{
-		if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
-			return 0;
-		return e->cmd_defns->cmd_num;
-		}
-	/* One or two commands require that "p" be a valid string buffer */
-	if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
-			(cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
-			(cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
-		{
-		if(s == NULL)
-			{
-			ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-				ERR_R_PASSED_NULL_PARAMETER);
-			return -1;
-			}
-		}
-	/* Now handle cmd_name -> cmd_num conversion */
-	if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
-		{
-		if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
-						e->cmd_defns, s)) < 0))
-			{
-			ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-				ENGINE_R_INVALID_CMD_NAME);
-			return -1;
-			}
-		return e->cmd_defns[idx].cmd_num;
-		}
-	/* For the rest of the commands, the 'long' argument must specify a
-	 * valie command number - so we need to conduct a search. */
-	if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
-					(unsigned int)i)) < 0))
-		{
-		ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-			ENGINE_R_INVALID_CMD_NUMBER);
-		return -1;
-		}
-	/* Now the logic splits depending on command type */
-	switch(cmd)
-		{
-	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
-		idx++;
-		if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
-			/* end-of-list */
-			return 0;
-		else
-			return e->cmd_defns[idx].cmd_num;
-	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-		return strlen(e->cmd_defns[idx].cmd_name);
-	case ENGINE_CTRL_GET_NAME_FROM_CMD:
-		return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
-				    "%s", e->cmd_defns[idx].cmd_name);
-	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-		if(e->cmd_defns[idx].cmd_desc)
-			return strlen(e->cmd_defns[idx].cmd_desc);
-		return strlen(int_no_description);
-	case ENGINE_CTRL_GET_DESC_FROM_CMD:
-		if(e->cmd_defns[idx].cmd_desc)
-			return BIO_snprintf(s,
-					    strlen(e->cmd_defns[idx].cmd_desc) + 1,
-					    "%s", e->cmd_defns[idx].cmd_desc);
-		return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
-				    int_no_description);
-	case ENGINE_CTRL_GET_CMD_FLAGS:
-		return e->cmd_defns[idx].cmd_flags;
-		}
-	/* Shouldn't really be here ... */
-	ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
-	return -1;
-	}
-
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-	{
-	int ctrl_exists, ref_exists;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	ref_exists = ((e->struct_ref > 0) ? 1 : 0);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
-	if(!ref_exists)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
-		return 0;
-		}
-	/* Intercept any "root-level" commands before trying to hand them on to
-	 * ctrl() handlers. */
-	switch(cmd)
-		{
-	case ENGINE_CTRL_HAS_CTRL_FUNCTION:
-		return ctrl_exists;
-	case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
-	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
-	case ENGINE_CTRL_GET_CMD_FROM_NAME:
-	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-	case ENGINE_CTRL_GET_NAME_FROM_CMD:
-	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-	case ENGINE_CTRL_GET_DESC_FROM_CMD:
-	case ENGINE_CTRL_GET_CMD_FLAGS:
-		if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
-			return int_ctrl_helper(e,cmd,i,p,f);
-		if(!ctrl_exists)
-			{
-			ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
-			/* For these cmd-related functions, failure is indicated
-			 * by a -1 return value (because 0 is used as a valid
-			 * return in some places). */
-			return -1;
-			}
-	default:
-		break;
-		}
-	/* Anything else requires a ctrl() handler to exist. */
-	if(!ctrl_exists)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
-		return 0;
-		}
-	return e->ctrl(e, cmd, i, p, f);
-	}
-
-int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
-	{
-	int flags;
-	if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
-			ENGINE_R_INVALID_CMD_NUMBER);
-		return 0;
-		}
-	if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
-			!(flags & ENGINE_CMD_FLAG_NUMERIC) &&
-			!(flags & ENGINE_CMD_FLAG_STRING))
-		return 0;
-	return 1;
-	}
-
-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-        long i, void *p, void (*f)(void), int cmd_optional)
-        {
-	int num;
-
-	if((e == NULL) || (cmd_name == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
-					ENGINE_CTRL_GET_CMD_FROM_NAME,
-					0, (void *)cmd_name, NULL)) <= 0))
-		{
-		/* If the command didn't *have* to be supported, we fake
-		 * success. This allows certain settings to be specified for
-		 * multiple ENGINEs and only require a change of ENGINE id
-		 * (without having to selectively apply settings). Eg. changing
-		 * from a hardware device back to the regular software ENGINE
-		 * without editing the config file, etc. */
-		if(cmd_optional)
-			{
-			ERR_clear_error();
-			return 1;
-			}
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
-			ENGINE_R_INVALID_CMD_NAME);
-		return 0;
-		}
-	/* Force the result of the control command to 0 or 1, for the reasons
-	 * mentioned before. */
-        if (ENGINE_ctrl(e, num, i, p, f) > 0)
-                return 1;
-        return 0;
-        }
-
-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-				int cmd_optional)
-	{
-	int num, flags;
-	long l;
-	char *ptr;
-	if((e == NULL) || (cmd_name == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
-					ENGINE_CTRL_GET_CMD_FROM_NAME,
-					0, (void *)cmd_name, NULL)) <= 0))
-		{
-		/* If the command didn't *have* to be supported, we fake
-		 * success. This allows certain settings to be specified for
-		 * multiple ENGINEs and only require a change of ENGINE id
-		 * (without having to selectively apply settings). Eg. changing
-		 * from a hardware device back to the regular software ENGINE
-		 * without editing the config file, etc. */
-		if(cmd_optional)
-			{
-			ERR_clear_error();
-			return 1;
-			}
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ENGINE_R_INVALID_CMD_NAME);
-		return 0;
-		}
-	if(!ENGINE_cmd_is_executable(e, num))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ENGINE_R_CMD_NOT_EXECUTABLE);
-		return 0;
-		}
-	if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
-		{
-		/* Shouldn't happen, given that ENGINE_cmd_is_executable()
-		 * returned success. */
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ENGINE_R_INTERNAL_LIST_ERROR);
-		return 0;
-		}
-	/* If the command takes no input, there must be no input. And vice
-	 * versa. */
-	if(flags & ENGINE_CMD_FLAG_NO_INPUT)
-		{
-		if(arg != NULL)
-			{
-			ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-				ENGINE_R_COMMAND_TAKES_NO_INPUT);
-			return 0;
-			}
-		/* We deliberately force the result of ENGINE_ctrl() to 0 or 1
-		 * rather than returning it as "return data". This is to ensure
-		 * usage of these commands is consistent across applications and
-		 * that certain applications don't understand it one way, and
-		 * others another. */
-		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
-			return 1;
-		return 0;
-		}
-	/* So, we require input */
-	if(arg == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ENGINE_R_COMMAND_TAKES_INPUT);
-		return 0;
-		}
-	/* If it takes string input, that's easy */
-	if(flags & ENGINE_CMD_FLAG_STRING)
-		{
-		/* Same explanation as above */
-		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
-			return 1;
-		return 0;
-		}
-	/* If it doesn't take numeric either, then it is unsupported for use in
-	 * a config-setting situation, which is what this function is for. This
-	 * should never happen though, because ENGINE_cmd_is_executable() was
-	 * used. */
-	if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ENGINE_R_INTERNAL_LIST_ERROR);
-		return 0;
-		}
-	l = strtol(arg, &ptr, 10);
-	if((arg == ptr) || (*ptr != '\0'))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
-		return 0;
-		}
-	/* Force the result of the control command to 0 or 1, for the reasons
-	 * mentioned before. */
-	if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
-		return 1;
-	return 0;
-	}
diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
deleted file mode 100644
index b751ffd831..0000000000
--- a/crypto/engine/eng_dyn.c
+++ /dev/null
@@ -1,548 +0,0 @@
-/* crypto/engine/eng_dyn.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include "eng_int.h"
-#include <openssl/dso.h>
-
-/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
- * should implement the hook-up functions with the following prototypes. */
-
-/* Our ENGINE handlers */
-static int dynamic_init(ENGINE *e);
-static int dynamic_finish(ENGINE *e);
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-/* Predeclare our context type */
-typedef struct st_dynamic_data_ctx dynamic_data_ctx;
-/* The implementation for the important control command */
-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
-
-#define DYNAMIC_CMD_SO_PATH		ENGINE_CMD_BASE
-#define DYNAMIC_CMD_NO_VCHECK		(ENGINE_CMD_BASE + 1)
-#define DYNAMIC_CMD_ID			(ENGINE_CMD_BASE + 2)
-#define DYNAMIC_CMD_LIST_ADD		(ENGINE_CMD_BASE + 3)
-#define DYNAMIC_CMD_DIR_LOAD		(ENGINE_CMD_BASE + 4)
-#define DYNAMIC_CMD_DIR_ADD		(ENGINE_CMD_BASE + 5)
-#define DYNAMIC_CMD_LOAD		(ENGINE_CMD_BASE + 6)
-
-/* The constants used when creating the ENGINE */
-static const char *engine_dynamic_id = "dynamic";
-static const char *engine_dynamic_name = "Dynamic engine loading support";
-static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
-	{DYNAMIC_CMD_SO_PATH,
-		"SO_PATH",
-		"Specifies the path to the new ENGINE shared library",
-		ENGINE_CMD_FLAG_STRING},
-	{DYNAMIC_CMD_NO_VCHECK,
-		"NO_VCHECK",
-		"Specifies to continue even if version checking fails (boolean)",
-		ENGINE_CMD_FLAG_NUMERIC},
-	{DYNAMIC_CMD_ID,
-		"ID",
-		"Specifies an ENGINE id name for loading",
-		ENGINE_CMD_FLAG_STRING},
-	{DYNAMIC_CMD_LIST_ADD,
-		"LIST_ADD",
-		"Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
-		ENGINE_CMD_FLAG_NUMERIC},
-	{DYNAMIC_CMD_DIR_LOAD,
-		"DIR_LOAD",
-		"Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
-		ENGINE_CMD_FLAG_NUMERIC},
-	{DYNAMIC_CMD_DIR_ADD,
-		"DIR_ADD",
-		"Adds a directory from which ENGINEs can be loaded",
-		ENGINE_CMD_FLAG_STRING},
-	{DYNAMIC_CMD_LOAD,
-		"LOAD",
-		"Load up the ENGINE specified by other settings",
-		ENGINE_CMD_FLAG_NO_INPUT},
-	{0, NULL, NULL, 0}
-	};
-
-/* Loading code stores state inside the ENGINE structure via the "ex_data"
- * element. We load all our state into a single structure and use that as a
- * single context in the "ex_data" stack. */
-struct st_dynamic_data_ctx
-	{
-	/* The DSO object we load that supplies the ENGINE code */
-	DSO *dynamic_dso;
-	/* The function pointer to the version checking shared library function */
-	dynamic_v_check_fn v_check;
-	/* The function pointer to the engine-binding shared library function */
-	dynamic_bind_engine bind_engine;
-	/* The default name/path for loading the shared library */
-	const char *DYNAMIC_LIBNAME;
-	/* Whether to continue loading on a version check failure */
-	int no_vcheck;
-	/* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
-	const char *engine_id;
-	/* If non-zero, a successfully loaded ENGINE should be added to the internal
-	 * ENGINE list. If 2, the add must succeed or the entire load should fail. */
-	int list_add_value;
-	/* The symbol name for the version checking function */
-	const char *DYNAMIC_F1;
-	/* The symbol name for the "initialise ENGINE structure" function */
-	const char *DYNAMIC_F2;
-	/* Whether to never use 'dirs', use 'dirs' as a fallback, or only use
-	 * 'dirs' for loading. Default is to use 'dirs' as a fallback. */
-	int dir_load;
-	/* A stack of directories from which ENGINEs could be loaded */
-	STACK_OF(OPENSSL_STRING) *dirs;
-	};
-
-/* This is the "ex_data" index we obtain and reserve for use with our context
- * structure. */
-static int dynamic_ex_data_idx = -1;
-
-static void int_free_str(char *s) { OPENSSL_free(s); }
-/* Because our ex_data element may or may not get allocated depending on whether
- * a "first-use" occurs before the ENGINE is freed, we have a memory leak
- * problem to solve. We can't declare a "new" handler for the ex_data as we
- * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
- * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
- * handler and that will get called if an ENGINE is being destroyed and there
- * was an ex_data element corresponding to our context type. */
-static void dynamic_data_ctx_free_func(void *parent, void *ptr,
-			CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
-	{
-	if(ptr)
-		{
-		dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
-		if(ctx->dynamic_dso)
-			DSO_free(ctx->dynamic_dso);
-		if(ctx->DYNAMIC_LIBNAME)
-			OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
-		if(ctx->engine_id)
-			OPENSSL_free((void*)ctx->engine_id);
-		if(ctx->dirs)
-			sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
-		OPENSSL_free(ctx);
-		}
-	}
-
-/* Construct the per-ENGINE context. We create it blindly and then use a lock to
- * check for a race - if so, all but one of the threads "racing" will have
- * wasted their time. The alternative involves creating everything inside the
- * lock which is far worse. */
-static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
-	{
-	dynamic_data_ctx *c;
-	c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
-	if(!c)
-		{
-		ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	memset(c, 0, sizeof(dynamic_data_ctx));
-	c->dynamic_dso = NULL;
-	c->v_check = NULL;
-	c->bind_engine = NULL;
-	c->DYNAMIC_LIBNAME = NULL;
-	c->no_vcheck = 0;
-	c->engine_id = NULL;
-	c->list_add_value = 0;
-	c->DYNAMIC_F1 = "v_check";
-	c->DYNAMIC_F2 = "bind_engine";
-	c->dir_load = 1;
-	c->dirs = sk_OPENSSL_STRING_new_null();
-	if(!c->dirs)
-		{
-		ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
-		OPENSSL_free(c);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
-				dynamic_ex_data_idx)) == NULL)
-		{
-		/* Good, we're the first */
-		ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
-		*ctx = c;
-		c = NULL;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	/* If we lost the race to set the context, c is non-NULL and *ctx is the
-	 * context of the thread that won. */
-	if(c)
-		OPENSSL_free(c);
-	return 1;
-	}
-
-/* This function retrieves the context structure from an ENGINE's "ex_data", or
- * if it doesn't exist yet, sets it up. */
-static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
-	{
-	dynamic_data_ctx *ctx;
-	if(dynamic_ex_data_idx < 0)
-		{
-		/* Create and register the ENGINE ex_data, and associate our
-		 * "free" function with it to ensure any allocated contexts get
-		 * freed when an ENGINE goes underground. */
-		int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
-					dynamic_data_ctx_free_func);
-		if(new_idx == -1)
-			{
-			ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX);
-			return NULL;
-			}
-		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-		/* Avoid a race by checking again inside this lock */
-		if(dynamic_ex_data_idx < 0)
-			{
-			/* Good, someone didn't beat us to it */
-			dynamic_ex_data_idx = new_idx;
-			new_idx = -1;
-			}
-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-		/* In theory we could "give back" the index here if
-		 * (new_idx>-1), but it's not possible and wouldn't gain us much
-		 * if it were. */
-		}
-	ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
-	/* Check if the context needs to be created */
-	if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
-		/* "set_data" will set errors if necessary */
-		return NULL;
-	return ctx;
-	}
-
-static ENGINE *engine_dynamic(void)
-	{
-	ENGINE *ret = ENGINE_new();
-	if(!ret)
-		return NULL;
-	if(!ENGINE_set_id(ret, engine_dynamic_id) ||
-			!ENGINE_set_name(ret, engine_dynamic_name) ||
-			!ENGINE_set_init_function(ret, dynamic_init) ||
-			!ENGINE_set_finish_function(ret, dynamic_finish) ||
-			!ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
-			!ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
-			!ENGINE_set_cmd_defns(ret, dynamic_cmd_defns))
-		{
-		ENGINE_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
-
-void ENGINE_load_dynamic(void)
-	{
-	ENGINE *toadd = engine_dynamic();
-	if(!toadd) return;
-	ENGINE_add(toadd);
-	/* If the "add" worked, it gets a structural reference. So either way,
-	 * we release our just-created reference. */
-	ENGINE_free(toadd);
-	/* If the "add" didn't work, it was probably a conflict because it was
-	 * already added (eg. someone calling ENGINE_load_blah then calling
-	 * ENGINE_load_builtin_engines() perhaps). */
-	ERR_clear_error();
-	}
-
-static int dynamic_init(ENGINE *e)
-	{
-	/* We always return failure - the "dyanamic" engine itself can't be used
-	 * for anything. */
-	return 0;
-	}
-
-static int dynamic_finish(ENGINE *e)
-	{
-	/* This should never be called on account of "dynamic_init" always
-	 * failing. */
-	return 0;
-	}
-
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-	{
-	dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
-	int initialised;
-	
-	if(!ctx)
-		{
-		ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED);
-		return 0;
-		}
-	initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
-	/* All our control commands require the ENGINE to be uninitialised */
-	if(initialised)
-		{
-		ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-			ENGINE_R_ALREADY_LOADED);
-		return 0;
-		}
-	switch(cmd)
-		{
-	case DYNAMIC_CMD_SO_PATH:
-		/* a NULL 'p' or a string of zero-length is the same thing */
-		if(p && (strlen((const char *)p) < 1))
-			p = NULL;
-		if(ctx->DYNAMIC_LIBNAME)
-			OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
-		if(p)
-			ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
-		else
-			ctx->DYNAMIC_LIBNAME = NULL;
-		return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
-	case DYNAMIC_CMD_NO_VCHECK:
-		ctx->no_vcheck = ((i == 0) ? 0 : 1);
-		return 1;
-	case DYNAMIC_CMD_ID:
-		/* a NULL 'p' or a string of zero-length is the same thing */
-		if(p && (strlen((const char *)p) < 1))
-			p = NULL;
-		if(ctx->engine_id)
-			OPENSSL_free((void*)ctx->engine_id);
-		if(p)
-			ctx->engine_id = BUF_strdup(p);
-		else
-			ctx->engine_id = NULL;
-		return (ctx->engine_id ? 1 : 0);
-	case DYNAMIC_CMD_LIST_ADD:
-		if((i < 0) || (i > 2))
-			{
-			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-				ENGINE_R_INVALID_ARGUMENT);
-			return 0;
-			}
-		ctx->list_add_value = (int)i;
-		return 1;
-	case DYNAMIC_CMD_LOAD:
-		return dynamic_load(e, ctx);
-	case DYNAMIC_CMD_DIR_LOAD:
-		if((i < 0) || (i > 2))
-			{
-			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-				ENGINE_R_INVALID_ARGUMENT);
-			return 0;
-			}
-		ctx->dir_load = (int)i;
-		return 1;
-	case DYNAMIC_CMD_DIR_ADD:
-		/* a NULL 'p' or a string of zero-length is the same thing */
-		if(!p || (strlen((const char *)p) < 1))
-			{
-			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-				ENGINE_R_INVALID_ARGUMENT);
-			return 0;
-			}
-		{
-		char *tmp_str = BUF_strdup(p);
-		if(!tmp_str)
-			{
-			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-				ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		sk_OPENSSL_STRING_insert(ctx->dirs, tmp_str, -1);
-		}
-		return 1;
-	default:
-		break;
-		}
-	ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-	return 0;
-	}
-
-static int int_load(dynamic_data_ctx *ctx)
-	{
-	int num, loop;
-	/* Unless told not to, try a direct load */
-	if((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
-				ctx->DYNAMIC_LIBNAME, NULL, 0) != NULL))
-		return 1;
-	/* If we're not allowed to use 'dirs' or we have none, fail */
-	if(!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
-		return 0;
-	for(loop = 0; loop < num; loop++)
-		{
-		const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
-		char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
-		if(!merge)
-			return 0;
-		if(DSO_load(ctx->dynamic_dso, merge, NULL, 0))
-			{
-			/* Found what we're looking for */
-			OPENSSL_free(merge);
-			/* Previous failed loop iterations, if any, will have resulted in
-			 * errors. Clear them out before returning success. */
-			ERR_clear_error();
-			return 1;
-			}
-		OPENSSL_free(merge);
-		}
-	return 0;
-	}
-
-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
-	{
-	ENGINE cpy;
-	dynamic_fns fns;
-
-	if(!ctx->dynamic_dso)
-		ctx->dynamic_dso = DSO_new();
-	if(!ctx->DYNAMIC_LIBNAME)
-		{
-		if(!ctx->engine_id)
-			return 0;
-		ctx->DYNAMIC_LIBNAME =
-			DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
-		}
-	if(!int_load(ctx))
-		{
-		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-			ENGINE_R_DSO_NOT_FOUND);
-		DSO_free(ctx->dynamic_dso);
-		ctx->dynamic_dso = NULL;
-		return 0;
-		}
-	/* We have to find a bind function otherwise it'll always end badly */
-	if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(
-					ctx->dynamic_dso, ctx->DYNAMIC_F2)))
-		{
-		ctx->bind_engine = NULL;
-		DSO_free(ctx->dynamic_dso);
-		ctx->dynamic_dso = NULL;
-		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-			ENGINE_R_DSO_FAILURE);
-		return 0;
-		}
-	/* Do we perform version checking? */
-	if(!ctx->no_vcheck)
-		{
-		unsigned long vcheck_res = 0;
-		/* Now we try to find a version checking function and decide how
-		 * to cope with failure if/when it fails. */
-		ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(
-				ctx->dynamic_dso, ctx->DYNAMIC_F1);
-		if(ctx->v_check)
-			vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
-		/* We fail if the version checker veto'd the load *or* if it is
-		 * deferring to us (by returning its version) and we think it is
-		 * too old. */
-		if(vcheck_res < OSSL_DYNAMIC_OLDEST)
-			{
-			/* Fail */
-			ctx->bind_engine = NULL;
-			ctx->v_check = NULL;
-			DSO_free(ctx->dynamic_dso);
-			ctx->dynamic_dso = NULL;
-			ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-				ENGINE_R_VERSION_INCOMPATIBILITY);
-			return 0;
-			}
-		}
-	/* First binary copy the ENGINE structure so that we can roll back if
-	 * the hand-over fails */
-	memcpy(&cpy, e, sizeof(ENGINE));
-	/* Provide the ERR, "ex_data", memory, and locking callbacks so the
-	 * loaded library uses our state rather than its own. FIXME: As noted in
-	 * engine.h, much of this would be simplified if each area of code
-	 * provided its own "summary" structure of all related callbacks. It
-	 * would also increase opaqueness. */
-	fns.static_state = ENGINE_get_static_state();
-	fns.err_fns = ERR_get_implementation();
-	fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
-	CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
-				&fns.mem_fns.realloc_cb,
-				&fns.mem_fns.free_cb);
-	fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
-	fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
-	fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
-	fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
-	fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
-	/* Now that we've loaded the dynamic engine, make sure no "dynamic"
-	 * ENGINE elements will show through. */
-	engine_set_all_null(e);
-
-	/* Try to bind the ENGINE onto our own ENGINE structure */
-	if(!ctx->bind_engine(e, ctx->engine_id, &fns))
-		{
-		ctx->bind_engine = NULL;
-		ctx->v_check = NULL;
-		DSO_free(ctx->dynamic_dso);
-		ctx->dynamic_dso = NULL;
-		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED);
-		/* Copy the original ENGINE structure back */
-		memcpy(e, &cpy, sizeof(ENGINE));
-		return 0;
-		}
-	/* Do we try to add this ENGINE to the internal list too? */
-	if(ctx->list_add_value > 0)
-		{
-		if(!ENGINE_add(e))
-			{
-			/* Do we tolerate this or fail? */
-			if(ctx->list_add_value > 1)
-				{
-				/* Fail - NB: By this time, it's too late to
-				 * rollback, and trying to do so allows the
-				 * bind_engine() code to have created leaks. We
-				 * just have to fail where we are, after the
-				 * ENGINE has changed. */
-				ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-					ENGINE_R_CONFLICTING_ENGINE_ID);
-				return 0;
-				}
-			/* Tolerate */
-			ERR_clear_error();
-			}
-		}
-	return 1;
-	}
diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c
deleted file mode 100644
index 81c70acfa8..0000000000
--- a/crypto/engine/eng_err.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/* crypto/engine/eng_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/engine.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
-
-static ERR_STRING_DATA ENGINE_str_functs[]=
-	{
-{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL),	"DYNAMIC_CTRL"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX),	"DYNAMIC_GET_DATA_CTX"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD),	"DYNAMIC_LOAD"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX),	"DYNAMIC_SET_DATA_CTX"},
-{ERR_FUNC(ENGINE_F_ENGINE_ADD),	"ENGINE_add"},
-{ERR_FUNC(ENGINE_F_ENGINE_BY_ID),	"ENGINE_by_id"},
-{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE),	"ENGINE_cmd_is_executable"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL),	"ENGINE_ctrl"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD),	"ENGINE_ctrl_cmd"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING),	"ENGINE_ctrl_cmd_string"},
-{ERR_FUNC(ENGINE_F_ENGINE_FINISH),	"ENGINE_finish"},
-{ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL),	"ENGINE_FREE_UTIL"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER),	"ENGINE_get_cipher"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE),	"ENGINE_GET_DEFAULT_TYPE"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST),	"ENGINE_get_digest"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT),	"ENGINE_get_next"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH),	"ENGINE_get_pkey_asn1_meth"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_PKEY_METH),	"ENGINE_get_pkey_meth"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV),	"ENGINE_get_prev"},
-{ERR_FUNC(ENGINE_F_ENGINE_INIT),	"ENGINE_init"},
-{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD),	"ENGINE_LIST_ADD"},
-{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE),	"ENGINE_LIST_REMOVE"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY),	"ENGINE_load_private_key"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY),	"ENGINE_load_public_key"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),	"ENGINE_load_ssl_client_cert"},
-{ERR_FUNC(ENGINE_F_ENGINE_NEW),	"ENGINE_new"},
-{ERR_FUNC(ENGINE_F_ENGINE_REMOVE),	"ENGINE_remove"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),	"ENGINE_set_default_string"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE),	"ENGINE_SET_DEFAULT_TYPE"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_ID),	"ENGINE_set_id"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME),	"ENGINE_set_name"},
-{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER),	"ENGINE_TABLE_REGISTER"},
-{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY),	"ENGINE_UNLOAD_KEY"},
-{ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH),	"ENGINE_UNLOCKED_FINISH"},
-{ERR_FUNC(ENGINE_F_ENGINE_UP_REF),	"ENGINE_up_ref"},
-{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER),	"INT_CTRL_HELPER"},
-{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE),	"INT_ENGINE_CONFIGURE"},
-{ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT),	"INT_ENGINE_MODULE_INIT"},
-{ERR_FUNC(ENGINE_F_LOG_MESSAGE),	"LOG_MESSAGE"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA ENGINE_str_reasons[]=
-	{
-{ERR_REASON(ENGINE_R_ALREADY_LOADED)     ,"already loaded"},
-{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
-{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
-{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
-{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
-{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},
-{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},
-{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},
-{ERR_REASON(ENGINE_R_DSO_FAILURE)        ,"DSO failure"},
-{ERR_REASON(ENGINE_R_DSO_NOT_FOUND)      ,"dso not found"},
-{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
-{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"},
-{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
-{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
-{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
-{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
-{ERR_REASON(ENGINE_R_FINISH_FAILED)      ,"finish failed"},
-{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED)  ,"could not obtain hardware handle"},
-{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},
-{ERR_REASON(ENGINE_R_INIT_FAILED)        ,"init failed"},
-{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},
-{ERR_REASON(ENGINE_R_INVALID_ARGUMENT)   ,"invalid argument"},
-{ERR_REASON(ENGINE_R_INVALID_CMD_NAME)   ,"invalid cmd name"},
-{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
-{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
-{ERR_REASON(ENGINE_R_INVALID_STRING)     ,"invalid string"},
-{ERR_REASON(ENGINE_R_NOT_INITIALISED)    ,"not initialised"},
-{ERR_REASON(ENGINE_R_NOT_LOADED)         ,"not loaded"},
-{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
-{ERR_REASON(ENGINE_R_NO_INDEX)           ,"no index"},
-{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION)   ,"no load function"},
-{ERR_REASON(ENGINE_R_NO_REFERENCE)       ,"no reference"},
-{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE)     ,"no such engine"},
-{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
-{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
-{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),"unimplemented public key method"},
-{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_ENGINE_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,ENGINE_str_functs);
-		ERR_load_strings(0,ENGINE_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c
deleted file mode 100644
index 789b8d57e5..0000000000
--- a/crypto/engine/eng_fat.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/* crypto/engine/eng_fat.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include "eng_int.h"
-#include <openssl/conf.h>
-
-int ENGINE_set_default(ENGINE *e, unsigned int flags)
-	{
-	if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
-		return 0;
-	if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
-		return 0;
-#ifndef OPENSSL_NO_RSA
-	if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
-		return 0;
-#endif
-#ifndef OPENSSL_NO_DSA
-	if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
-		return 0;
-#endif
-#ifndef OPENSSL_NO_DH
-	if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
-		return 0;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
-		return 0;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
-		return 0;
-#endif
-	if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
-		return 0;
-	if((flags & ENGINE_METHOD_PKEY_METHS)
-				&& !ENGINE_set_default_pkey_meths(e))
-		return 0;
-	if((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
-				&& !ENGINE_set_default_pkey_asn1_meths(e))
-		return 0;
-	return 1;
-	}
-
-/* Set default algorithms using a string */
-
-static int int_def_cb(const char *alg, int len, void *arg)
-	{
-	unsigned int *pflags = arg;
-	if (!strncmp(alg, "ALL", len))
-		*pflags |= ENGINE_METHOD_ALL;
-	else if (!strncmp(alg, "RSA", len))
-		*pflags |= ENGINE_METHOD_RSA;
-	else if (!strncmp(alg, "DSA", len))
-		*pflags |= ENGINE_METHOD_DSA;
-	else if (!strncmp(alg, "ECDH", len))
-		*pflags |= ENGINE_METHOD_ECDH;
-	else if (!strncmp(alg, "ECDSA", len))
-		*pflags |= ENGINE_METHOD_ECDSA;
-	else if (!strncmp(alg, "DH", len))
-		*pflags |= ENGINE_METHOD_DH;
-	else if (!strncmp(alg, "RAND", len))
-		*pflags |= ENGINE_METHOD_RAND;
-	else if (!strncmp(alg, "CIPHERS", len))
-		*pflags |= ENGINE_METHOD_CIPHERS;
-	else if (!strncmp(alg, "DIGESTS", len))
-		*pflags |= ENGINE_METHOD_DIGESTS;
-	else if (!strncmp(alg, "PKEY", len))
-		*pflags |=
-			ENGINE_METHOD_PKEY_METHS|ENGINE_METHOD_PKEY_ASN1_METHS;
-	else if (!strncmp(alg, "PKEY_CRYPTO", len))
-		*pflags |= ENGINE_METHOD_PKEY_METHS;
-	else if (!strncmp(alg, "PKEY_ASN1", len))
-		*pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
-	else
-		return 0;
-	return 1;
-	}
-
-
-int ENGINE_set_default_string(ENGINE *e, const char *def_list)
-	{
-	unsigned int flags = 0;
-	if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
-					ENGINE_R_INVALID_STRING);
-		ERR_add_error_data(2, "str=",def_list);
-		return 0;
-		}
-	return ENGINE_set_default(e, flags);
-	}
-
-int ENGINE_register_complete(ENGINE *e)
-	{
-	ENGINE_register_ciphers(e);
-	ENGINE_register_digests(e);
-#ifndef OPENSSL_NO_RSA
-	ENGINE_register_RSA(e);
-#endif
-#ifndef OPENSSL_NO_DSA
-	ENGINE_register_DSA(e);
-#endif
-#ifndef OPENSSL_NO_DH
-	ENGINE_register_DH(e);
-#endif
-#ifndef OPENSSL_NO_ECDH
-	ENGINE_register_ECDH(e);
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	ENGINE_register_ECDSA(e);
-#endif
-	ENGINE_register_RAND(e);
-	ENGINE_register_pkey_meths(e);
-	return 1;
-	}
-
-int ENGINE_register_all_complete(void)
-	{
-	ENGINE *e;
-
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
-			ENGINE_register_complete(e);
-	return 1;
-	}
diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c
deleted file mode 100644
index 7633cf5f1d..0000000000
--- a/crypto/engine/eng_init.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/* crypto/engine/eng_init.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* Initialise a engine type for use (or up its functional reference count
- * if it's already in use). This version is only used internally. */
-int engine_unlocked_init(ENGINE *e)
-	{
-	int to_return = 1;
-
-	if((e->funct_ref == 0) && e->init)
-		/* This is the first functional reference and the engine
-		 * requires initialisation so we do it now. */
-		to_return = e->init(e);
-	if(to_return)
-		{
-		/* OK, we return a functional reference which is also a
-		 * structural reference. */
-		e->struct_ref++;
-		e->funct_ref++;
-		engine_ref_debug(e, 0, 1)
-		engine_ref_debug(e, 1, 1)
-		}
-	return to_return;
-	}
-
-/* Free a functional reference to a engine type. This version is only used
- * internally. */
-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
-	{
-	int to_return = 1;
-
-	/* Reduce the functional reference count here so if it's the terminating
-	 * case, we can release the lock safely and call the finish() handler
-	 * without risk of a race. We get a race if we leave the count until
-	 * after and something else is calling "finish" at the same time -
-	 * there's a chance that both threads will together take the count from
-	 * 2 to 0 without either calling finish(). */
-	e->funct_ref--;
-	engine_ref_debug(e, 1, -1);
-	if((e->funct_ref == 0) && e->finish)
-		{
-		if(unlock_for_handlers)
-			CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-		to_return = e->finish(e);
-		if(unlock_for_handlers)
-			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-		if(!to_return)
-			return 0;
-		}
-#ifdef REF_CHECK
-	if(e->funct_ref < 0)
-		{
-		fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
-		abort();
-		}
-#endif
-	/* Release the structural reference too */
-	if(!engine_free_util(e, 0))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,ENGINE_R_FINISH_FAILED);
-		return 0;
-		}
-	return to_return;
-	}
-
-/* The API (locked) version of "init" */
-int ENGINE_init(ENGINE *e)
-	{
-	int ret;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	ret = engine_unlocked_init(e);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
-
-/* The API (locked) version of "finish" */
-int ENGINE_finish(ENGINE *e)
-	{
-	int to_return = 1;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	to_return = engine_unlocked_finish(e, 1);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	if(!to_return)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
-		return 0;
-		}
-	return to_return;
-	}
diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
deleted file mode 100644
index 451ef8feb8..0000000000
--- a/crypto/engine/eng_int.h
+++ /dev/null
@@ -1,206 +0,0 @@
-/* crypto/engine/eng_int.h */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_ENGINE_INT_H
-#define HEADER_ENGINE_INT_H
-
-#include "cryptlib.h"
-/* Take public definitions from engine.h */
-#include <openssl/engine.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* If we compile with this symbol defined, then both reference counts in the
- * ENGINE structure will be monitored with a line of output on stderr for each
- * change. This prints the engine's pointer address (truncated to unsigned int),
- * "struct" or "funct" to indicate the reference type, the before and after
- * reference count, and the file:line-number pair. The "engine_ref_debug"
- * statements must come *after* the change. */
-#ifdef ENGINE_REF_COUNT_DEBUG
-
-#define engine_ref_debug(e, isfunct, diff) \
-	fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
-		(unsigned int)(e), (isfunct ? "funct" : "struct"), \
-		((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
-		((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
-		(__FILE__), (__LINE__));
-
-#else
-
-#define engine_ref_debug(e, isfunct, diff)
-
-#endif
-
-/* Any code that will need cleanup operations should use these functions to
- * register callbacks. ENGINE_cleanup() will call all registered callbacks in
- * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
- * held (in "write" mode). */
-typedef void (ENGINE_CLEANUP_CB)(void);
-typedef struct st_engine_cleanup_item
-	{
-	ENGINE_CLEANUP_CB *cb;
-	} ENGINE_CLEANUP_ITEM;
-DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
-
-/* We need stacks of ENGINEs for use in eng_table.c */
-DECLARE_STACK_OF(ENGINE)
-
-/* If this symbol is defined then engine_table_select(), the function that is
- * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
- * functional references (etc), will display debugging summaries to stderr. */
-/* #define ENGINE_TABLE_DEBUG */
-
-/* This represents an implementation table. Dependent code should instantiate it
- * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
-typedef struct st_engine_table ENGINE_TABLE;
-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
-		ENGINE *e, const int *nids, int num_nids, int setdefault);
-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
-void engine_table_cleanup(ENGINE_TABLE **table);
-#ifndef ENGINE_TABLE_DEBUG
-ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
-#else
-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
-#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
-#endif
-typedef void (engine_table_doall_cb)(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg);
-void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, void *arg);
-
-/* Internal versions of API functions that have control over locking. These are
- * used between C files when functionality needs to be shared but the caller may
- * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
-int engine_unlocked_init(ENGINE *e);
-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
-int engine_free_util(ENGINE *e, int locked);
-
-/* This function will reset all "set"able values in an ENGINE to NULL. This
- * won't touch reference counts or ex_data, but is equivalent to calling all the
- * ENGINE_set_***() functions with a NULL value. */
-void engine_set_all_null(ENGINE *e);
-
-/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
- * in engine.h. */
-
-/* Free up dynamically allocated public key methods associated with ENGINE */
-
-void engine_pkey_meths_free(ENGINE *e);
-void engine_pkey_asn1_meths_free(ENGINE *e);
-
-/* This is a structure for storing implementations of various crypto
- * algorithms and functions. */
-struct engine_st
-	{
-	const char *id;
-	const char *name;
-	const RSA_METHOD *rsa_meth;
-	const DSA_METHOD *dsa_meth;
-	const DH_METHOD *dh_meth;
-	const ECDH_METHOD *ecdh_meth;
-	const ECDSA_METHOD *ecdsa_meth;
-	const RAND_METHOD *rand_meth;
-	const STORE_METHOD *store_meth;
-	/* Cipher handling is via this callback */
-	ENGINE_CIPHERS_PTR ciphers;
-	/* Digest handling is via this callback */
-	ENGINE_DIGESTS_PTR digests;
-	/* Public key handling via this callback */
-	ENGINE_PKEY_METHS_PTR pkey_meths;
-	/* ASN1 public key handling via this callback */
-	ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
-
-	ENGINE_GEN_INT_FUNC_PTR	destroy;
-
-	ENGINE_GEN_INT_FUNC_PTR init;
-	ENGINE_GEN_INT_FUNC_PTR finish;
-	ENGINE_CTRL_FUNC_PTR ctrl;
-	ENGINE_LOAD_KEY_PTR load_privkey;
-	ENGINE_LOAD_KEY_PTR load_pubkey;
-
-	ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
-
-	const ENGINE_CMD_DEFN *cmd_defns;
-	int flags;
-	/* reference count on the structure itself */
-	int struct_ref;
-	/* reference count on usability of the engine type. NB: This
-	 * controls the loading and initialisation of any functionlity
-	 * required by this engine, whereas the previous count is
-	 * simply to cope with (de)allocation of this structure. Hence,
-	 * running_ref <= struct_ref at all times. */
-	int funct_ref;
-	/* A place to store per-ENGINE data */
-	CRYPTO_EX_DATA ex_data;
-	/* Used to maintain the linked-list of engines. */
-	struct engine_st *prev;
-	struct engine_st *next;
-	};
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif /* HEADER_ENGINE_INT_H */
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
deleted file mode 100644
index 18a6664645..0000000000
--- a/crypto/engine/eng_lib.c
+++ /dev/null
@@ -1,332 +0,0 @@
-/* crypto/engine/eng_lib.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-#include <openssl/rand.h>
-
-/* The "new"/"free" stuff first */
-
-ENGINE *ENGINE_new(void)
-	{
-	ENGINE *ret;
-
-	ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
-	if(ret == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	memset(ret, 0, sizeof(ENGINE));
-	ret->struct_ref = 1;
-	engine_ref_debug(ret, 0, 1)
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
-	return ret;
-	}
-
-/* Placed here (close proximity to ENGINE_new) so that modifications to the
- * elements of the ENGINE structure are more likely to be caught and changed
- * here. */
-void engine_set_all_null(ENGINE *e)
-	{
-	e->id = NULL;
-	e->name = NULL;
-	e->rsa_meth = NULL;
-	e->dsa_meth = NULL;
-	e->dh_meth = NULL;
-	e->rand_meth = NULL;
-	e->store_meth = NULL;
-	e->ciphers = NULL;
-	e->digests = NULL;
-	e->destroy = NULL;
-	e->init = NULL;
-	e->finish = NULL;
-	e->ctrl = NULL;
-	e->load_privkey = NULL;
-	e->load_pubkey = NULL;
-	e->cmd_defns = NULL;
-	e->flags = 0;
-	}
-
-int engine_free_util(ENGINE *e, int locked)
-	{
-	int i;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if(locked)
-		i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
-	else
-		i = --e->struct_ref;
-	engine_ref_debug(e, 0, -1)
-	if (i > 0) return 1;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"ENGINE_free, bad structural reference count\n");
-		abort();
-		}
-#endif
-	/* Free up any dynamically allocated public key methods */
-	engine_pkey_meths_free(e);
-	engine_pkey_asn1_meths_free(e);
-	/* Give the ENGINE a chance to do any structural cleanup corresponding
-	 * to allocation it did in its constructor (eg. unload error strings) */
-	if(e->destroy)
-		e->destroy(e);
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
-	OPENSSL_free(e);
-	return 1;
-	}
-
-int ENGINE_free(ENGINE *e)
-	{
-	return engine_free_util(e, 1);
-	}
-
-/* Cleanup stuff */
-
-/* ENGINE_cleanup() is coded such that anything that does work that will need
- * cleanup can register a "cleanup" callback here. That way we don't get linker
- * bloat by referring to all *possible* cleanups, but any linker bloat into code
- * "X" will cause X's cleanup function to end up here. */
-static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
-static int int_cleanup_check(int create)
-	{
-	if(cleanup_stack) return 1;
-	if(!create) return 0;
-	cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
-	return (cleanup_stack ? 1 : 0);
-	}
-static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
-	{
-	ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(
-					ENGINE_CLEANUP_ITEM));
-	if(!item) return NULL;
-	item->cb = cb;
-	return item;
-	}
-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
-	{
-	ENGINE_CLEANUP_ITEM *item;
-	if(!int_cleanup_check(1)) return;
-	item = int_cleanup_item(cb);
-	if(item)
-		sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
-	}
-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
-	{
-	ENGINE_CLEANUP_ITEM *item;
-	if(!int_cleanup_check(1)) return;
-	item = int_cleanup_item(cb);
-	if(item)
-		sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
-	}
-/* The API function that performs all cleanup */
-static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
-	{
-	(*(item->cb))();
-	OPENSSL_free(item);
-	}
-void ENGINE_cleanup(void)
-	{
-	if(int_cleanup_check(0))
-		{
-		sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
-			engine_cleanup_cb_free);
-		cleanup_stack = NULL;
-		}
-	/* FIXME: This should be handled (somehow) through RAND, eg. by it
-	 * registering a cleanup callback. */
-	RAND_set_rand_method(NULL);
-	}
-
-/* Now the "ex_data" support */
-
-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-		CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-	{
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
-			new_func, dup_func, free_func);
-	}
-
-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));
-	}
-
-void *ENGINE_get_ex_data(const ENGINE *e, int idx)
-	{
-	return(CRYPTO_get_ex_data(&e->ex_data, idx));
-	}
-
-/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
- * ENGINE structure itself. */
-
-int ENGINE_set_id(ENGINE *e, const char *id)
-	{
-	if(id == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_ID,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->id = id;
-	return 1;
-	}
-
-int ENGINE_set_name(ENGINE *e, const char *name)
-	{
-	if(name == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->name = name;
-	return 1;
-	}
-
-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
-	{
-	e->destroy = destroy_f;
-	return 1;
-	}
-
-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
-	{
-	e->init = init_f;
-	return 1;
-	}
-
-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
-	{
-	e->finish = finish_f;
-	return 1;
-	}
-
-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
-	{
-	e->ctrl = ctrl_f;
-	return 1;
-	}
-
-int ENGINE_set_flags(ENGINE *e, int flags)
-	{
-	e->flags = flags;
-	return 1;
-	}
-
-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
-	{
-	e->cmd_defns = defns;
-	return 1;
-	}
-
-const char *ENGINE_get_id(const ENGINE *e)
-	{
-	return e->id;
-	}
-
-const char *ENGINE_get_name(const ENGINE *e)
-	{
-	return e->name;
-	}
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
-	{
-	return e->destroy;
-	}
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
-	{
-	return e->init;
-	}
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
-	{
-	return e->finish;
-	}
-
-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
-	{
-	return e->ctrl;
-	}
-
-int ENGINE_get_flags(const ENGINE *e)
-	{
-	return e->flags;
-	}
-
-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
-	{
-	return e->cmd_defns;
-	}
-
-/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so
- * put the "static_state" hack here. */
-
-static int internal_static_hack = 0;
-
-void *ENGINE_get_static_state(void)
-	{
-	return &internal_static_hack;
-	}
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
deleted file mode 100644
index 95c858960b..0000000000
--- a/crypto/engine/eng_list.c
+++ /dev/null
@@ -1,434 +0,0 @@
-/* crypto/engine/eng_list.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include "eng_int.h"
-
-/* The linked-list of pointers to engine types. engine_list_head
- * incorporates an implicit structural reference but engine_list_tail
- * does not - the latter is a computational niceity and only points
- * to something that is already pointed to by its predecessor in the
- * list (or engine_list_head itself). In the same way, the use of the
- * "prev" pointer in each ENGINE is to save excessive list iteration,
- * it doesn't correspond to an extra structural reference. Hence,
- * engine_list_head, and each non-null "next" pointer account for
- * the list itself assuming exactly 1 structural reference on each
- * list member. */
-static ENGINE *engine_list_head = NULL;
-static ENGINE *engine_list_tail = NULL;
-
-/* This cleanup function is only needed internally. If it should be called, we
- * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
-
-static void engine_list_cleanup(void)
-	{
-	ENGINE *iterator = engine_list_head;
-
-	while(iterator != NULL)
-		{
-		ENGINE_remove(iterator);
-		iterator = engine_list_head;
-		}
-	return;
-	}
-
-/* These static functions starting with a lower case "engine_" always
- * take place when CRYPTO_LOCK_ENGINE has been locked up. */
-static int engine_list_add(ENGINE *e)
-	{
-	int conflict = 0;
-	ENGINE *iterator = NULL;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	iterator = engine_list_head;
-	while(iterator && !conflict)
-		{
-		conflict = (strcmp(iterator->id, e->id) == 0);
-		iterator = iterator->next;
-		}
-	if(conflict)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-			ENGINE_R_CONFLICTING_ENGINE_ID);
-		return 0;
-		}
-	if(engine_list_head == NULL)
-		{
-		/* We are adding to an empty list. */
-		if(engine_list_tail)
-			{
-			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-				ENGINE_R_INTERNAL_LIST_ERROR);
-			return 0;
-			}
-		engine_list_head = e;
-		e->prev = NULL;
-		/* The first time the list allocates, we should register the
-		 * cleanup. */
-		engine_cleanup_add_last(engine_list_cleanup);
-		}
-	else
-		{
-		/* We are adding to the tail of an existing list. */
-		if((engine_list_tail == NULL) ||
-				(engine_list_tail->next != NULL))
-			{
-			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-				ENGINE_R_INTERNAL_LIST_ERROR);
-			return 0;
-			}
-		engine_list_tail->next = e;
-		e->prev = engine_list_tail;
-		}
-	/* Having the engine in the list assumes a structural
-	 * reference. */
-	e->struct_ref++;
-	engine_ref_debug(e, 0, 1)
-	/* However it came to be, e is the last item in the list. */
-	engine_list_tail = e;
-	e->next = NULL;
-	return 1;
-	}
-
-static int engine_list_remove(ENGINE *e)
-	{
-	ENGINE *iterator;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	/* We need to check that e is in our linked list! */
-	iterator = engine_list_head;
-	while(iterator && (iterator != e))
-		iterator = iterator->next;
-	if(iterator == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
-			ENGINE_R_ENGINE_IS_NOT_IN_LIST);
-		return 0;
-		}
-	/* un-link e from the chain. */
-	if(e->next)
-		e->next->prev = e->prev;
-	if(e->prev)
-		e->prev->next = e->next;
-	/* Correct our head/tail if necessary. */
-	if(engine_list_head == e)
-		engine_list_head = e->next;
-	if(engine_list_tail == e)
-		engine_list_tail = e->prev;
-	engine_free_util(e, 0);
-	return 1;
-	}
-
-/* Get the first/last "ENGINE" type available. */
-ENGINE *ENGINE_get_first(void)
-	{
-	ENGINE *ret;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	ret = engine_list_head;
-	if(ret)
-		{
-		ret->struct_ref++;
-		engine_ref_debug(ret, 0, 1)
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
-
-ENGINE *ENGINE_get_last(void)
-	{
-	ENGINE *ret;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	ret = engine_list_tail;
-	if(ret)
-		{
-		ret->struct_ref++;
-		engine_ref_debug(ret, 0, 1)
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
-
-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *ENGINE_get_next(ENGINE *e)
-	{
-	ENGINE *ret = NULL;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	ret = e->next;
-	if(ret)
-		{
-		/* Return a valid structural refernce to the next ENGINE */
-		ret->struct_ref++;
-		engine_ref_debug(ret, 0, 1)
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	/* Release the structural reference to the previous ENGINE */
-	ENGINE_free(e);
-	return ret;
-	}
-
-ENGINE *ENGINE_get_prev(ENGINE *e)
-	{
-	ENGINE *ret = NULL;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	ret = e->prev;
-	if(ret)
-		{
-		/* Return a valid structural reference to the next ENGINE */
-		ret->struct_ref++;
-		engine_ref_debug(ret, 0, 1)
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	/* Release the structural reference to the previous ENGINE */
-	ENGINE_free(e);
-	return ret;
-	}
-
-/* Add another "ENGINE" type into the list. */
-int ENGINE_add(ENGINE *e)
-	{
-	int to_return = 1;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_ADD,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if((e->id == NULL) || (e->name == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_ADD,
-			ENGINE_R_ID_OR_NAME_MISSING);
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(!engine_list_add(e))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_ADD,
-			ENGINE_R_INTERNAL_LIST_ERROR);
-		to_return = 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return to_return;
-	}
-
-/* Remove an existing "ENGINE" type from the array. */
-int ENGINE_remove(ENGINE *e)
-	{
-	int to_return = 1;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(!engine_list_remove(e))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
-			ENGINE_R_INTERNAL_LIST_ERROR);
-		to_return = 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return to_return;
-	}
-
-static void engine_cpy(ENGINE *dest, const ENGINE *src)
-	{
-	dest->id = src->id;
-	dest->name = src->name;
-#ifndef OPENSSL_NO_RSA
-	dest->rsa_meth = src->rsa_meth;
-#endif
-#ifndef OPENSSL_NO_DSA
-	dest->dsa_meth = src->dsa_meth;
-#endif
-#ifndef OPENSSL_NO_DH
-	dest->dh_meth = src->dh_meth;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	dest->ecdh_meth = src->ecdh_meth;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	dest->ecdsa_meth = src->ecdsa_meth;
-#endif
-	dest->rand_meth = src->rand_meth;
-	dest->store_meth = src->store_meth;
-	dest->ciphers = src->ciphers;
-	dest->digests = src->digests;
-	dest->pkey_meths = src->pkey_meths;
-	dest->destroy = src->destroy;
-	dest->init = src->init;
-	dest->finish = src->finish;
-	dest->ctrl = src->ctrl;
-	dest->load_privkey = src->load_privkey;
-	dest->load_pubkey = src->load_pubkey;
-	dest->cmd_defns = src->cmd_defns;
-	dest->flags = src->flags;
-	}
-
-ENGINE *ENGINE_by_id(const char *id)
-	{
-	ENGINE *iterator;
-	char *load_dir = NULL;
-	if(id == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	iterator = engine_list_head;
-	while(iterator && (strcmp(id, iterator->id) != 0))
-		iterator = iterator->next;
-	if(iterator)
-		{
-		/* We need to return a structural reference. If this is an
-		 * ENGINE type that returns copies, make a duplicate - otherwise
-		 * increment the existing ENGINE's reference count. */
-		if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)
-			{
-			ENGINE *cp = ENGINE_new();
-			if(!cp)
-				iterator = NULL;
-			else
-				{
-				engine_cpy(cp, iterator);
-				iterator = cp;
-				}
-			}
-		else
-			{
-			iterator->struct_ref++;
-			engine_ref_debug(iterator, 0, 1)
-			}
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-#if 0
-	if(iterator == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
-			ENGINE_R_NO_SUCH_ENGINE);
-		ERR_add_error_data(2, "id=", id);
-		}
-	return iterator;
-#else
-	/* EEK! Experimental code starts */
-	if(iterator) return iterator;
-	/* Prevent infinite recusrion if we're looking for the dynamic engine. */
-	if (strcmp(id, "dynamic"))
-		{
-#ifdef OPENSSL_SYS_VMS
-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
-#else
-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
-#endif
-		iterator = ENGINE_by_id("dynamic");
-		if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
-				!ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
-				!ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
-					load_dir, 0) ||
-				!ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
-				!ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
-				goto notfound;
-		return iterator;
-		}
-notfound:
-	ENGINE_free(iterator);
-	ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
-	ERR_add_error_data(2, "id=", id);
-	return NULL;
-	/* EEK! Experimental code ends */
-#endif
-	}
-
-int ENGINE_up_ref(ENGINE *e)
-	{
-	if (e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE);
-	return 1;
-	}
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
deleted file mode 100644
index 9abb95cc22..0000000000
--- a/crypto/engine/eng_openssl.c
+++ /dev/null
@@ -1,384 +0,0 @@
-/* crypto/engine/eng_openssl.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/engine.h>
-#include <openssl/dso.h>
-#include <openssl/pem.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-/* This testing gunk is implemented (and explained) lower down. It also assumes
- * the application explicitly calls "ENGINE_load_openssl()" because this is no
- * longer automatic in ENGINE_load_builtin_engines(). */
-#define TEST_ENG_OPENSSL_RC4
-#define TEST_ENG_OPENSSL_PKEY
-/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
-#define TEST_ENG_OPENSSL_RC4_P_INIT
-/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
-#define TEST_ENG_OPENSSL_SHA
-/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
-/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
-/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
-/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
-
-/* Now check what of those algorithms are actually enabled */
-#ifdef OPENSSL_NO_RC4
-#undef TEST_ENG_OPENSSL_RC4
-#undef TEST_ENG_OPENSSL_RC4_OTHERS
-#undef TEST_ENG_OPENSSL_RC4_P_INIT
-#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
-#endif
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
-#undef TEST_ENG_OPENSSL_SHA
-#undef TEST_ENG_OPENSSL_SHA_OTHERS
-#undef TEST_ENG_OPENSSL_SHA_P_INIT
-#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
-#undef TEST_ENG_OPENSSL_SHA_P_FINAL 
-#endif
-
-#ifdef TEST_ENG_OPENSSL_RC4
-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-				const int **nids, int nid);
-#endif
-#ifdef TEST_ENG_OPENSSL_SHA
-static int openssl_digests(ENGINE *e, const EVP_MD **digest,
-				const int **nids, int nid);
-#endif
-
-#ifdef TEST_ENG_OPENSSL_PKEY
-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data);
-#endif
-
-/* The constants used when creating the ENGINE */
-static const char *engine_openssl_id = "openssl";
-static const char *engine_openssl_name = "Software engine support";
-
-/* This internal function is used by ENGINE_openssl() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
-	{
-	if(!ENGINE_set_id(e, engine_openssl_id)
-			|| !ENGINE_set_name(e, engine_openssl_name)
-#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
-#ifndef OPENSSL_NO_RSA
-			|| !ENGINE_set_RSA(e, RSA_get_default_method())
-#endif
-#ifndef OPENSSL_NO_DSA
-			|| !ENGINE_set_DSA(e, DSA_get_default_method())
-#endif
-#ifndef OPENSSL_NO_ECDH
-			|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())
-#endif
-#ifndef OPENSSL_NO_ECDSA
-			|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
-#endif
-#ifndef OPENSSL_NO_DH
-			|| !ENGINE_set_DH(e, DH_get_default_method())
-#endif
-			|| !ENGINE_set_RAND(e, RAND_SSLeay())
-#ifdef TEST_ENG_OPENSSL_RC4
-			|| !ENGINE_set_ciphers(e, openssl_ciphers)
-#endif
-#ifdef TEST_ENG_OPENSSL_SHA
-			|| !ENGINE_set_digests(e, openssl_digests)
-#endif
-#endif
-#ifdef TEST_ENG_OPENSSL_PKEY
-			|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
-#endif
-			)
-		return 0;
-	/* If we add errors to this ENGINE, ensure the error handling is setup here */
-	/* openssl_load_error_strings(); */
-	return 1;
-	}
-
-static ENGINE *engine_openssl(void)
-	{
-	ENGINE *ret = ENGINE_new();
-	if(!ret)
-		return NULL;
-	if(!bind_helper(ret))
-		{
-		ENGINE_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
-
-void ENGINE_load_openssl(void)
-	{
-	ENGINE *toadd = engine_openssl();
-	if(!toadd) return;
-	ENGINE_add(toadd);
-	/* If the "add" worked, it gets a structural reference. So either way,
-	 * we release our just-created reference. */
-	ENGINE_free(toadd);
-	ERR_clear_error();
-	}
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int bind_fn(ENGINE *e, const char *id)
-	{
-	if(id && (strcmp(id, engine_openssl_id) != 0))
-		return 0;
-	if(!bind_helper(e))
-		return 0;
-	return 1;
-	}
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
-
-#ifdef TEST_ENG_OPENSSL_RC4
-/* This section of code compiles an "alternative implementation" of two modes of
- * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
- * should under normal circumstances go via this support rather than the default
- * EVP support. There are other symbols to tweak the testing;
- *    TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
- *        we're asked for a cipher we don't support (should not happen).
- *    TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
- *        the "init_key" handler is called.
- *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
- */
-#include <openssl/rc4.h>
-#define TEST_RC4_KEY_SIZE		16
-static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
-static int test_cipher_nids_number = 2;
-typedef struct {
-	unsigned char key[TEST_RC4_KEY_SIZE];
-	RC4_KEY ks;
-	} TEST_RC4_KEY;
-#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
-static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv, int enc)
-	{
-#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
-	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
-#endif
-	memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
-	RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-		test(ctx)->key);
-	return 1;
-	}
-static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		      const unsigned char *in, size_t inl)
-	{
-#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
-	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
-#endif
-	RC4(&test(ctx)->ks,inl,in,out);
-	return 1;
-	}
-static const EVP_CIPHER test_r4_cipher=
-	{
-	NID_rc4,
-	1,TEST_RC4_KEY_SIZE,0,
-	EVP_CIPH_VARIABLE_LENGTH,
-	test_rc4_init_key,
-	test_rc4_cipher,
-	NULL,
-	sizeof(TEST_RC4_KEY),
-	NULL,
-	NULL,
-	NULL,
-	NULL
-	};
-static const EVP_CIPHER test_r4_40_cipher=
-	{
-	NID_rc4_40,
-	1,5 /* 40 bit */,0,
-	EVP_CIPH_VARIABLE_LENGTH,
-	test_rc4_init_key,
-	test_rc4_cipher,
-	NULL,
-	sizeof(TEST_RC4_KEY),
-	NULL, 
-	NULL,
-	NULL,
-	NULL
-	};
-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-			const int **nids, int nid)
-	{
-	if(!cipher)
-		{
-		/* We are returning a list of supported nids */
-		*nids = test_cipher_nids;
-		return test_cipher_nids_number;
-		}
-	/* We are being asked for a specific cipher */
-	if(nid == NID_rc4)
-		*cipher = &test_r4_cipher;
-	else if(nid == NID_rc4_40)
-		*cipher = &test_r4_40_cipher;
-	else
-		{
-#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
-		fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
-				"nid %d\n", nid);
-#endif
-		*cipher = NULL;
-		return 0;
-		}
-	return 1;
-	}
-#endif
-
-#ifdef TEST_ENG_OPENSSL_SHA
-/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
-#include <openssl/sha.h>
-static int test_digest_nids[] = {NID_sha1};
-static int test_digest_nids_number = 1;
-static int test_sha1_init(EVP_MD_CTX *ctx)
-	{
-#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
-	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
-#endif
-	return SHA1_Init(ctx->md_data);
-	}
-static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{
-#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
-	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
-#endif
-	return SHA1_Update(ctx->md_data,data,count);
-	}
-static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md)
-	{
-#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
-	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
-#endif
-	return SHA1_Final(md,ctx->md_data);
-	}
-static const EVP_MD test_sha_md=
-	{
-	NID_sha1,
-	NID_sha1WithRSAEncryption,
-	SHA_DIGEST_LENGTH,
-	0,
-	test_sha1_init,
-	test_sha1_update,
-	test_sha1_final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA_CTX),
-	};
-static int openssl_digests(ENGINE *e, const EVP_MD **digest,
-			const int **nids, int nid)
-	{
-	if(!digest)
-		{
-		/* We are returning a list of supported nids */
-		*nids = test_digest_nids;
-		return test_digest_nids_number;
-		}
-	/* We are being asked for a specific digest */
-	if(nid == NID_sha1)
-		*digest = &test_sha_md;
-	else
-		{
-#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
-		fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
-				"nid %d\n", nid);
-#endif
-		*digest = NULL;
-		return 0;
-		}
-	return 1;
-	}
-#endif
-
-#ifdef TEST_ENG_OPENSSL_PKEY
-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data)
-	{
-	BIO *in;
-	EVP_PKEY *key;
-	fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);
-	in = BIO_new_file(key_id, "r");
-	if (!in)
-		return NULL;
-	key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
-	BIO_free(in);
-	return key;
-	}
-#endif
diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c
deleted file mode 100644
index 1dfa2e3664..0000000000
--- a/crypto/engine/eng_pkey.c
+++ /dev/null
@@ -1,196 +0,0 @@
-/* crypto/engine/eng_pkey.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* Basic get/set stuff */
-
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
-	{
-	e->load_privkey = loadpriv_f;
-	return 1;
-	}
-
-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
-	{
-	e->load_pubkey = loadpub_f;
-	return 1;
-	}
-
-int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
-				ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
-	{
-	e->load_ssl_client_cert = loadssl_f;
-	return 1;
-	}
-
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
-	{
-	return e->load_privkey;
-	}
-
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
-	{
-	return e->load_pubkey;
-	}
-
-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e)
-	{
-	return e->load_ssl_client_cert;
-	}
-
-/* API functions to load public/private keys */
-
-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data)
-	{
-	EVP_PKEY *pkey;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(e->funct_ref == 0)
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-			ENGINE_R_NOT_INITIALISED);
-		return 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	if (!e->load_privkey)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-			ENGINE_R_NO_LOAD_FUNCTION);
-		return 0;
-		}
-	pkey = e->load_privkey(e, key_id, ui_method, callback_data);
-	if (!pkey)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-			ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
-		return 0;
-		}
-	return pkey;
-	}
-
-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data)
-	{
-	EVP_PKEY *pkey;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(e->funct_ref == 0)
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-			ENGINE_R_NOT_INITIALISED);
-		return 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	if (!e->load_pubkey)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-			ENGINE_R_NO_LOAD_FUNCTION);
-		return 0;
-		}
-	pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
-	if (!pkey)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-			ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
-		return 0;
-		}
-	return pkey;
-	}
-
-int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
-	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
-	STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
-	{
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(e->funct_ref == 0)
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
-			ENGINE_R_NOT_INITIALISED);
-		return 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	if (!e->load_ssl_client_cert)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
-			ENGINE_R_NO_LOAD_FUNCTION);
-		return 0;
-		}
-	return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
-					ui_method, callback_data);
-	}
diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c
deleted file mode 100644
index 4fde948185..0000000000
--- a/crypto/engine/eng_table.c
+++ /dev/null
@@ -1,351 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/lhash.h>
-#include "eng_int.h"
-
-/* The type of the items in the table */
-typedef struct st_engine_pile
-	{
-	/* The 'nid' of this algorithm/mode */
-	int nid;
-	/* ENGINEs that implement this algorithm/mode. */
-	STACK_OF(ENGINE) *sk;
-	/* The default ENGINE to perform this algorithm/mode. */
-	ENGINE *funct;
-	/* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */
-	int uptodate;
-	} ENGINE_PILE;
-
-DECLARE_LHASH_OF(ENGINE_PILE);
-
-/* The type exposed in eng_int.h */
-struct st_engine_table
-	{
-	LHASH_OF(ENGINE_PILE) piles;
-	}; /* ENGINE_TABLE */
-
-
-typedef struct st_engine_pile_doall
-	{
-	engine_table_doall_cb *cb;
-	void *arg;
-	} ENGINE_PILE_DOALL;
-	
-
-/* Global flags (ENGINE_TABLE_FLAG_***). */
-static unsigned int table_flags = 0;
-
-/* API function manipulating 'table_flags' */
-unsigned int ENGINE_get_table_flags(void)
-	{
-	return table_flags;
-	}
-
-void ENGINE_set_table_flags(unsigned int flags)
-	{
-	table_flags = flags;
-	}
-
-/* Internal functions for the "piles" hash table */
-static unsigned long engine_pile_hash(const ENGINE_PILE *c)
-	{
-	return c->nid;
-	}
-
-static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
-	{
-	return a->nid - b->nid;
-	}
-static IMPLEMENT_LHASH_HASH_FN(engine_pile, ENGINE_PILE)
-static IMPLEMENT_LHASH_COMP_FN(engine_pile, ENGINE_PILE)
-
-static int int_table_check(ENGINE_TABLE **t, int create)
-	{
-	LHASH_OF(ENGINE_PILE) *lh;
-
-	if(*t) return 1;
-	if(!create) return 0;
-	if((lh = lh_ENGINE_PILE_new()) == NULL)
-		return 0;
-	*t = (ENGINE_TABLE *)lh;
-	return 1;
-	}
-
-/* Privately exposed (via eng_int.h) functions for adding and/or removing
- * ENGINEs from the implementation table */
-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
-		ENGINE *e, const int *nids, int num_nids, int setdefault)
-	{
-	int ret = 0, added = 0;
-	ENGINE_PILE tmplate, *fnd;
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(!(*table))
-		added = 1;
-	if(!int_table_check(table, 1))
-		goto end;
-	if(added)
-		/* The cleanup callback needs to be added */
-		engine_cleanup_add_first(cleanup);
-	while(num_nids--)
-		{
-		tmplate.nid = *nids;
-		fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
-		if(!fnd)
-			{
-			fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
-			if(!fnd) goto end;
-			fnd->uptodate = 1;
-			fnd->nid = *nids;
-			fnd->sk = sk_ENGINE_new_null();
-			if(!fnd->sk)
-				{
-				OPENSSL_free(fnd);
-				goto end;
-				}
-			fnd->funct = NULL;
-			(void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
-			}
-		/* A registration shouldn't add duplciate entries */
-		(void)sk_ENGINE_delete_ptr(fnd->sk, e);
-		/* if 'setdefault', this ENGINE goes to the head of the list */
-		if(!sk_ENGINE_push(fnd->sk, e))
-			goto end;
-		/* "touch" this ENGINE_PILE */
-		fnd->uptodate = 0;
-		if(setdefault)
-			{
-			if(!engine_unlocked_init(e))
-				{
-				ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
-						ENGINE_R_INIT_FAILED);
-				goto end;
-				}
-			if(fnd->funct)
-				engine_unlocked_finish(fnd->funct, 0);
-			fnd->funct = e;
-			fnd->uptodate = 1;
-			}
-		nids++;
-		}
-	ret = 1;
-end:
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
-static void int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
-	{
-	int n;
-	/* Iterate the 'c->sk' stack removing any occurance of 'e' */
-	while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
-		{
-		(void)sk_ENGINE_delete(pile->sk, n);
-		pile->uptodate = 0;
-		}
-	if(pile->funct == e)
-		{
-		engine_unlocked_finish(e, 0);
-		pile->funct = NULL;
-		}
-	}
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE, ENGINE)
-
-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(int_table_check(table, 0))
-		lh_ENGINE_PILE_doall_arg(&(*table)->piles,
-					 LHASH_DOALL_ARG_FN(int_unregister_cb),
-					 ENGINE, e);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	}
-
-static void int_cleanup_cb_doall(ENGINE_PILE *p)
-	{
-	sk_ENGINE_free(p->sk);
-	if(p->funct)
-		engine_unlocked_finish(p->funct, 0);
-	OPENSSL_free(p);
-	}
-static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE)
-
-void engine_table_cleanup(ENGINE_TABLE **table)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(*table)
-		{
-		lh_ENGINE_PILE_doall(&(*table)->piles,
-				     LHASH_DOALL_FN(int_cleanup_cb));
-		lh_ENGINE_PILE_free(&(*table)->piles);
-		*table = NULL;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	}
-
-/* return a functional reference for a given 'nid' */
-#ifndef ENGINE_TABLE_DEBUG
-ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
-#else
-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
-#endif
-	{
-	ENGINE *ret = NULL;
-	ENGINE_PILE tmplate, *fnd=NULL;
-	int initres, loop = 0;
-
-	if(!(*table))
-		{
-#ifdef ENGINE_TABLE_DEBUG
-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
-			"registered!\n", f, l, nid);
-#endif
-		return NULL;
-		}
-	ERR_set_mark();
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	/* Check again inside the lock otherwise we could race against cleanup
-	 * operations. But don't worry about a fprintf(stderr). */
-	if(!int_table_check(table, 0)) goto end;
-	tmplate.nid = nid;
-	fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
-	if(!fnd) goto end;
-	if(fnd->funct && engine_unlocked_init(fnd->funct))
-		{
-#ifdef ENGINE_TABLE_DEBUG
-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
-			"ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
-#endif
-		ret = fnd->funct;
-		goto end;
-		}
-	if(fnd->uptodate)
-		{
-		ret = fnd->funct;
-		goto end;
-		}
-trynext:
-	ret = sk_ENGINE_value(fnd->sk, loop++);
-	if(!ret)
-		{
-#ifdef ENGINE_TABLE_DEBUG
-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
-				"registered implementations would initialise\n",
-				f, l, nid);
-#endif
-		goto end;
-		}
-	/* Try to initialise the ENGINE? */
-	if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
-		initres = engine_unlocked_init(ret);
-	else
-		initres = 0;
-	if(initres)
-		{
-		/* Update 'funct' */
-		if((fnd->funct != ret) && engine_unlocked_init(ret))
-			{
-			/* If there was a previous default we release it. */
-			if(fnd->funct)
-				engine_unlocked_finish(fnd->funct, 0);
-			fnd->funct = ret;
-#ifdef ENGINE_TABLE_DEBUG
-			fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
-				"setting default to '%s'\n", f, l, nid, ret->id);
-#endif
-			}
-#ifdef ENGINE_TABLE_DEBUG
-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
-				"newly initialised '%s'\n", f, l, nid, ret->id);
-#endif
-		goto end;
-		}
-	goto trynext;
-end:
-	/* If it failed, it is unlikely to succeed again until some future
-	 * registrations have taken place. In all cases, we cache. */
-	if(fnd) fnd->uptodate = 1;
-#ifdef ENGINE_TABLE_DEBUG
-	if(ret)
-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
-				"ENGINE '%s'\n", f, l, nid, ret->id);
-	else
-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
-				"'no matching ENGINE'\n", f, l, nid);
-#endif
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	/* Whatever happened, any failed init()s are not failures in this
-	 * context, so clear our error state. */
-	ERR_pop_to_mark();
-	return ret;
-	}
-
-/* Table enumeration */
-
-static void int_cb_doall_arg(ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
-	{
-	dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
-	}
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE,ENGINE_PILE_DOALL)
-
-void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
-								void *arg)
-	{
-	ENGINE_PILE_DOALL dall;
-	dall.cb = cb;
-	dall.arg = arg;
-	lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb),
-				 ENGINE_PILE_DOALL, &dall);
-	}
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
deleted file mode 100644
index f8be497724..0000000000
--- a/crypto/engine/engine.h
+++ /dev/null
@@ -1,842 +0,0 @@
-/* openssl/engine.h */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_ENGINE_H
-#define HEADER_ENGINE_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_ENGINE
-#error ENGINE is disabled.
-#endif
-
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#include <openssl/rand.h>
-#include <openssl/ui.h>
-#include <openssl/err.h>
-#endif
-
-#include <openssl/ossl_typ.h>
-#include <openssl/symhacks.h>
-
-#include <openssl/x509.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* These flags are used to control combinations of algorithm (methods)
- * by bitwise "OR"ing. */
-#define ENGINE_METHOD_RSA		(unsigned int)0x0001
-#define ENGINE_METHOD_DSA		(unsigned int)0x0002
-#define ENGINE_METHOD_DH		(unsigned int)0x0004
-#define ENGINE_METHOD_RAND		(unsigned int)0x0008
-#define ENGINE_METHOD_ECDH		(unsigned int)0x0010
-#define ENGINE_METHOD_ECDSA		(unsigned int)0x0020
-#define ENGINE_METHOD_CIPHERS		(unsigned int)0x0040
-#define ENGINE_METHOD_DIGESTS		(unsigned int)0x0080
-#define ENGINE_METHOD_STORE		(unsigned int)0x0100
-#define ENGINE_METHOD_PKEY_METHS	(unsigned int)0x0200
-#define ENGINE_METHOD_PKEY_ASN1_METHS	(unsigned int)0x0400
-/* Obvious all-or-nothing cases. */
-#define ENGINE_METHOD_ALL		(unsigned int)0xFFFF
-#define ENGINE_METHOD_NONE		(unsigned int)0x0000
-
-/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
- * internally to control registration of ENGINE implementations, and can be set
- * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
- * initialise registered ENGINEs if they are not already initialised. */
-#define ENGINE_TABLE_FLAG_NOINIT	(unsigned int)0x0001
-
-/* ENGINE flags that can be set by ENGINE_set_flags(). */
-/* #define ENGINE_FLAGS_MALLOCED	0x0001 */ /* Not used */
-
-/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
- * control commands on their own. Without this flag, ENGINE_ctrl() handles these
- * control commands on behalf of the ENGINE using their "cmd_defns" data. */
-#define ENGINE_FLAGS_MANUAL_CMD_CTRL	(int)0x0002
-
-/* This flag is for ENGINEs who return new duplicate structures when found via
- * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
- * commands are called in sequence as part of some stateful process like
- * key-generation setup and execution), it can set this flag - then each attempt
- * to obtain the ENGINE will result in it being copied into a new structure.
- * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
- * the existing ENGINE's structural reference count. */
-#define ENGINE_FLAGS_BY_ID_COPY		(int)0x0004
-
-/* This flag if for an ENGINE that does not want its methods registered as 
- * part of ENGINE_register_all_complete() for example if the methods are
- * not usable as default methods.
- */
-
-#define ENGINE_FLAGS_NO_REGISTER_ALL	(int)0x0008
-
-/* ENGINEs can support their own command types, and these flags are used in
- * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
- * command expects. Currently only numeric and string input is supported. If a
- * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
- * then it is regarded as an "internal" control command - and not for use in
- * config setting situations. As such, they're not available to the
- * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
- * this list of 'command types' should be reflected carefully in
- * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
-
-/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
-#define ENGINE_CMD_FLAG_NUMERIC		(unsigned int)0x0001
-/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
- * ENGINE_ctrl) */
-#define ENGINE_CMD_FLAG_STRING		(unsigned int)0x0002
-/* Indicates that the control command takes *no* input. Ie. the control command
- * is unparameterised. */
-#define ENGINE_CMD_FLAG_NO_INPUT	(unsigned int)0x0004
-/* Indicates that the control command is internal. This control command won't
- * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
- * function. */
-#define ENGINE_CMD_FLAG_INTERNAL	(unsigned int)0x0008
-
-/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
- * relying on these commands should compile conditional support for
- * compatibility (eg. if these symbols are defined) but should also migrate the
- * same functionality to their own ENGINE-specific control functions that can be
- * "discovered" by calling applications. The fact these control commands
- * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
- * fact that application code can find and use them without requiring per-ENGINE
- * hacking. */
-
-/* These flags are used to tell the ctrl function what should be done.
- * All command numbers are shared between all engines, even if some don't
- * make sense to some engines.  In such a case, they do nothing but return
- * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
-#define ENGINE_CTRL_SET_LOGSTREAM		1
-#define ENGINE_CTRL_SET_PASSWORD_CALLBACK	2
-#define ENGINE_CTRL_HUP				3 /* Close and reinitialise any
-						     handles/connections etc. */
-#define ENGINE_CTRL_SET_USER_INTERFACE          4 /* Alternative to callback */
-#define ENGINE_CTRL_SET_CALLBACK_DATA           5 /* User-specific data, used
-						     when calling the password
-						     callback and the user
-						     interface */
-#define ENGINE_CTRL_LOAD_CONFIGURATION		6 /* Load a configuration, given
-						     a string that represents a
-						     file name or so */
-#define ENGINE_CTRL_LOAD_SECTION		7 /* Load data from a given
-						     section in the already loaded
-						     configuration */
-
-/* These control commands allow an application to deal with an arbitrary engine
- * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
- * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
- * including ENGINE-specific command types, return zero for an error.
- *
- * An ENGINE can choose to implement these ctrl functions, and can internally
- * manage things however it chooses - it does so by setting the
- * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
- * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
- * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
- * handler need only implement its own commands - the above "meta" commands will
- * be taken care of. */
-
-/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
- * all the remaining control commands will return failure, so it is worth
- * checking this first if the caller is trying to "discover" the engine's
- * capabilities and doesn't want errors generated unnecessarily. */
-#define ENGINE_CTRL_HAS_CTRL_FUNCTION		10
-/* Returns a positive command number for the first command supported by the
- * engine. Returns zero if no ctrl commands are supported. */
-#define ENGINE_CTRL_GET_FIRST_CMD_TYPE		11
-/* The 'long' argument specifies a command implemented by the engine, and the
- * return value is the next command supported, or zero if there are no more. */
-#define ENGINE_CTRL_GET_NEXT_CMD_TYPE		12
-/* The 'void*' argument is a command name (cast from 'const char *'), and the
- * return value is the command that corresponds to it. */
-#define ENGINE_CTRL_GET_CMD_FROM_NAME		13
-/* The next two allow a command to be converted into its corresponding string
- * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
- * case, the return value is the length of the command name (not counting a
- * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
- * large enough, and it will be populated with the name of the command (WITH a
- * trailing EOL). */
-#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD	14
-#define ENGINE_CTRL_GET_NAME_FROM_CMD		15
-/* The next two are similar but give a "short description" of a command. */
-#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD	16
-#define ENGINE_CTRL_GET_DESC_FROM_CMD		17
-/* With this command, the return value is the OR'd combination of
- * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
- * engine-specific ctrl command expects. */
-#define ENGINE_CTRL_GET_CMD_FLAGS		18
-
-/* ENGINE implementations should start the numbering of their own control
- * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
-#define ENGINE_CMD_BASE				200
-
-/* NB: These 2 nCipher "chil" control commands are deprecated, and their
- * functionality is now available through ENGINE-specific control commands
- * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
- * commands should be migrated to the more general command handling before these
- * are removed. */
-
-/* Flags specific to the nCipher "chil" engine */
-#define ENGINE_CTRL_CHIL_SET_FORKCHECK		100
-	/* Depending on the value of the (long)i argument, this sets or
-	 * unsets the SimpleForkCheck flag in the CHIL API to enable or
-	 * disable checking and workarounds for applications that fork().
-	 */
-#define ENGINE_CTRL_CHIL_NO_LOCKING		101
-	/* This prevents the initialisation function from providing mutex
-	 * callbacks to the nCipher library. */
-
-/* If an ENGINE supports its own specific control commands and wishes the
- * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
- * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
- * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
- * supports the stated commands (ie. the "cmd_num" entries as described by the
- * array). NB: The array must be ordered in increasing order of cmd_num.
- * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
- * to zero and/or cmd_name set to NULL. */
-typedef struct ENGINE_CMD_DEFN_st
-	{
-	unsigned int cmd_num; /* The command number */
-	const char *cmd_name; /* The command name itself */
-	const char *cmd_desc; /* A short description of the command */
-	unsigned int cmd_flags; /* The input the command expects */
-	} ENGINE_CMD_DEFN;
-
-/* Generic function pointer */
-typedef int (*ENGINE_GEN_FUNC_PTR)(void);
-/* Generic function pointer taking no arguments */
-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
-/* Specific control function pointer */
-typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void));
-/* Generic load_key function pointer */
-typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
-	UI_METHOD *ui_method, void *callback_data);
-typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
-	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
-	STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
-/* These callback types are for an ENGINE's handler for cipher and digest logic.
- * These handlers have these prototypes;
- *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
- *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
- * Looking at how to implement these handlers in the case of cipher support, if
- * the framework wants the EVP_CIPHER for 'nid', it will call;
- *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)
- * If the framework wants a list of supported 'nid's, it will call;
- *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
- */
-/* Returns to a pointer to the array of supported cipher 'nid's. If the second
- * parameter is non-NULL it is set to the size of the returned array. */
-typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
-typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
-typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, const int **, int);
-typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, const int **, int);
-/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
- * structures where the pointers have a "structural reference". This means that
- * their reference is to allowed access to the structure but it does not imply
- * that the structure is functional. To simply increment or decrement the
- * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
- * required when iterating using ENGINE_get_next as it will automatically
- * decrement the structural reference count of the "current" ENGINE and
- * increment the structural reference count of the ENGINE it returns (unless it
- * is NULL). */
-
-/* Get the first/last "ENGINE" type available. */
-ENGINE *ENGINE_get_first(void);
-ENGINE *ENGINE_get_last(void);
-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *ENGINE_get_next(ENGINE *e);
-ENGINE *ENGINE_get_prev(ENGINE *e);
-/* Add another "ENGINE" type into the array. */
-int ENGINE_add(ENGINE *e);
-/* Remove an existing "ENGINE" type from the array. */
-int ENGINE_remove(ENGINE *e);
-/* Retrieve an engine from the list by its unique "id" value. */
-ENGINE *ENGINE_by_id(const char *id);
-/* Add all the built-in engines. */
-void ENGINE_load_openssl(void);
-void ENGINE_load_dynamic(void);
-#ifndef OPENSSL_NO_STATIC_ENGINE
-void ENGINE_load_4758cca(void);
-void ENGINE_load_aep(void);
-void ENGINE_load_atalla(void);
-void ENGINE_load_chil(void);
-void ENGINE_load_cswift(void);
-void ENGINE_load_nuron(void);
-void ENGINE_load_sureware(void);
-void ENGINE_load_ubsec(void);
-void ENGINE_load_padlock(void);
-void ENGINE_load_capi(void);
-#ifndef OPENSSL_NO_GMP
-void ENGINE_load_gmp(void);
-#endif
-#ifndef OPENSSL_NO_GOST
-void ENGINE_load_gost(void);
-#endif
-#endif
-void ENGINE_load_cryptodev(void);
-void ENGINE_load_rsax(void);
-void ENGINE_load_rdrand(void);
-void ENGINE_load_builtin_engines(void);
-
-/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
- * "registry" handling. */
-unsigned int ENGINE_get_table_flags(void);
-void ENGINE_set_table_flags(unsigned int flags);
-
-/* Manage registration of ENGINEs per "table". For each type, there are 3
- * functions;
- *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
- *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
- *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
- * Cleanup is automatically registered from each table when required, so
- * ENGINE_cleanup() will reverse any "register" operations. */
-
-int ENGINE_register_RSA(ENGINE *e);
-void ENGINE_unregister_RSA(ENGINE *e);
-void ENGINE_register_all_RSA(void);
-
-int ENGINE_register_DSA(ENGINE *e);
-void ENGINE_unregister_DSA(ENGINE *e);
-void ENGINE_register_all_DSA(void);
-
-int ENGINE_register_ECDH(ENGINE *e);
-void ENGINE_unregister_ECDH(ENGINE *e);
-void ENGINE_register_all_ECDH(void);
-
-int ENGINE_register_ECDSA(ENGINE *e);
-void ENGINE_unregister_ECDSA(ENGINE *e);
-void ENGINE_register_all_ECDSA(void);
-
-int ENGINE_register_DH(ENGINE *e);
-void ENGINE_unregister_DH(ENGINE *e);
-void ENGINE_register_all_DH(void);
-
-int ENGINE_register_RAND(ENGINE *e);
-void ENGINE_unregister_RAND(ENGINE *e);
-void ENGINE_register_all_RAND(void);
-
-int ENGINE_register_STORE(ENGINE *e);
-void ENGINE_unregister_STORE(ENGINE *e);
-void ENGINE_register_all_STORE(void);
-
-int ENGINE_register_ciphers(ENGINE *e);
-void ENGINE_unregister_ciphers(ENGINE *e);
-void ENGINE_register_all_ciphers(void);
-
-int ENGINE_register_digests(ENGINE *e);
-void ENGINE_unregister_digests(ENGINE *e);
-void ENGINE_register_all_digests(void);
-
-int ENGINE_register_pkey_meths(ENGINE *e);
-void ENGINE_unregister_pkey_meths(ENGINE *e);
-void ENGINE_register_all_pkey_meths(void);
-
-int ENGINE_register_pkey_asn1_meths(ENGINE *e);
-void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
-void ENGINE_register_all_pkey_asn1_meths(void);
-
-/* These functions register all support from the above categories. Note, use of
- * these functions can result in static linkage of code your application may not
- * need. If you only need a subset of functionality, consider using more
- * selective initialisation. */
-int ENGINE_register_complete(ENGINE *e);
-int ENGINE_register_all_complete(void);
-
-/* Send parametrised control commands to the engine. The possibilities to send
- * down an integer, a pointer to data or a function pointer are provided. Any of
- * the parameters may or may not be NULL, depending on the command number. In
- * actuality, this function only requires a structural (rather than functional)
- * reference to an engine, but many control commands may require the engine be
- * functional. The caller should be aware of trying commands that require an
- * operational ENGINE, and only use functional references in such situations. */
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-/* This function tests if an ENGINE-specific command is usable as a "setting".
- * Eg. in an application's config file that gets processed through
- * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
- * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
-int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
-
-/* This function works like ENGINE_ctrl() with the exception of taking a
- * command name instead of a command number, and can handle optional commands.
- * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
- * use the cmd_name and cmd_optional. */
-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-        long i, void *p, void (*f)(void), int cmd_optional);
-
-/* This function passes a command-name and argument to an ENGINE. The cmd_name
- * is converted to a command number and the control command is called using
- * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
- * which case no control command is called). The command is checked for input
- * flags, and if necessary the argument will be converted to a numeric value. If
- * cmd_optional is non-zero, then if the ENGINE doesn't support the given
- * cmd_name the return value will be success anyway. This function is intended
- * for applications to use so that users (or config files) can supply
- * engine-specific config data to the ENGINE at run-time to control behaviour of
- * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
- * functions that return data, deal with binary data, or that are otherwise
- * supposed to be used directly through ENGINE_ctrl() in application code. Any
- * "return" data from an ENGINE_ctrl() operation in this function will be lost -
- * the return value is interpreted as failure if the return value is zero,
- * success otherwise, and this function returns a boolean value as a result. In
- * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
- * implementations with parameterisations that work in this scheme, so that
- * compliant ENGINE-based applications can work consistently with the same
- * configuration for the same ENGINE-enabled devices, across applications. */
-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-				int cmd_optional);
-
-/* These functions are useful for manufacturing new ENGINE structures. They
- * don't address reference counting at all - one uses them to populate an ENGINE
- * structure with personalised implementations of things prior to using it
- * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
- * here so that the ENGINE structure doesn't have to be exposed and break binary
- * compatibility! */
-ENGINE *ENGINE_new(void);
-int ENGINE_free(ENGINE *e);
-int ENGINE_up_ref(ENGINE *e);
-int ENGINE_set_id(ENGINE *e, const char *id);
-int ENGINE_set_name(ENGINE *e, const char *name);
-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
-int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);
-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
-int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
-				ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
-int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
-int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
-int ENGINE_set_flags(ENGINE *e, int flags);
-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
-/* These functions allow control over any per-structure ENGINE data. */
-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-		CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
-void *ENGINE_get_ex_data(const ENGINE *e, int idx);
-
-/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
- * automatically ensures the list cleanup function is registered to be called
- * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
- * ENGINE_cleanup() will clean up after them. */
-void ENGINE_cleanup(void);
-
-/* These return values from within the ENGINE structure. These can be useful
- * with functional references as well as structural references - it depends
- * which you obtained. Using the result for functional purposes if you only
- * obtained a structural reference may be problematic! */
-const char *ENGINE_get_id(const ENGINE *e);
-const char *ENGINE_get_name(const ENGINE *e);
-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
-const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
-const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
-const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
-ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
-ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
-const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
-const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
-const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
-					const char *str, int len);
-const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
-					const char *str, int len);
-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
-int ENGINE_get_flags(const ENGINE *e);
-
-/* FUNCTIONAL functions. These functions deal with ENGINE structures
- * that have (or will) be initialised for use. Broadly speaking, the
- * structural functions are useful for iterating the list of available
- * engine types, creating new engine types, and other "list" operations.
- * These functions actually deal with ENGINEs that are to be used. As
- * such these functions can fail (if applicable) when particular
- * engines are unavailable - eg. if a hardware accelerator is not
- * attached or not functioning correctly. Each ENGINE has 2 reference
- * counts; structural and functional. Every time a functional reference
- * is obtained or released, a corresponding structural reference is
- * automatically obtained or released too. */
-
-/* Initialise a engine type for use (or up its reference count if it's
- * already in use). This will fail if the engine is not currently
- * operational and cannot initialise. */
-int ENGINE_init(ENGINE *e);
-/* Free a functional reference to a engine type. This does not require
- * a corresponding call to ENGINE_free as it also releases a structural
- * reference. */
-int ENGINE_finish(ENGINE *e);
-
-/* The following functions handle keys that are stored in some secondary
- * location, handled by the engine.  The storage may be on a card or
- * whatever. */
-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data);
-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data);
-int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
-	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
-	STACK_OF(X509) **pother,
-	UI_METHOD *ui_method, void *callback_data);
-
-/* This returns a pointer for the current ENGINE structure that
- * is (by default) performing any RSA operations. The value returned
- * is an incremented reference, so it should be free'd (ENGINE_finish)
- * before it is discarded. */
-ENGINE *ENGINE_get_default_RSA(void);
-/* Same for the other "methods" */
-ENGINE *ENGINE_get_default_DSA(void);
-ENGINE *ENGINE_get_default_ECDH(void);
-ENGINE *ENGINE_get_default_ECDSA(void);
-ENGINE *ENGINE_get_default_DH(void);
-ENGINE *ENGINE_get_default_RAND(void);
-/* These functions can be used to get a functional reference to perform
- * ciphering or digesting corresponding to "nid". */
-ENGINE *ENGINE_get_cipher_engine(int nid);
-ENGINE *ENGINE_get_digest_engine(int nid);
-ENGINE *ENGINE_get_pkey_meth_engine(int nid);
-ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
-
-/* This sets a new default ENGINE structure for performing RSA
- * operations. If the result is non-zero (success) then the ENGINE
- * structure will have had its reference count up'd so the caller
- * should still free their own reference 'e'. */
-int ENGINE_set_default_RSA(ENGINE *e);
-int ENGINE_set_default_string(ENGINE *e, const char *def_list);
-/* Same for the other "methods" */
-int ENGINE_set_default_DSA(ENGINE *e);
-int ENGINE_set_default_ECDH(ENGINE *e);
-int ENGINE_set_default_ECDSA(ENGINE *e);
-int ENGINE_set_default_DH(ENGINE *e);
-int ENGINE_set_default_RAND(ENGINE *e);
-int ENGINE_set_default_ciphers(ENGINE *e);
-int ENGINE_set_default_digests(ENGINE *e);
-int ENGINE_set_default_pkey_meths(ENGINE *e);
-int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
-
-/* The combination "set" - the flags are bitwise "OR"d from the
- * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
- * function, this function can result in unnecessary static linkage. If your
- * application requires only specific functionality, consider using more
- * selective functions. */
-int ENGINE_set_default(ENGINE *e, unsigned int flags);
-
-void ENGINE_add_conf_module(void);
-
-/* Deprecated functions ... */
-/* int ENGINE_clear_defaults(void); */
-
-/**************************/
-/* DYNAMIC ENGINE SUPPORT */
-/**************************/
-
-/* Binary/behaviour compatibility levels */
-#define OSSL_DYNAMIC_VERSION		(unsigned long)0x00020000
-/* Binary versions older than this are too old for us (whether we're a loader or
- * a loadee) */
-#define OSSL_DYNAMIC_OLDEST		(unsigned long)0x00020000
-
-/* When compiling an ENGINE entirely as an external shared library, loadable by
- * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
- * type provides the calling application's (or library's) error functionality
- * and memory management function pointers to the loaded library. These should
- * be used/set in the loaded library code so that the loading application's
- * 'state' will be used/changed in all operations. The 'static_state' pointer
- * allows the loaded library to know if it shares the same static data as the
- * calling application (or library), and thus whether these callbacks need to be
- * set or not. */
-typedef void *(*dyn_MEM_malloc_cb)(size_t);
-typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
-typedef void (*dyn_MEM_free_cb)(void *);
-typedef struct st_dynamic_MEM_fns {
-	dyn_MEM_malloc_cb			malloc_cb;
-	dyn_MEM_realloc_cb			realloc_cb;
-	dyn_MEM_free_cb				free_cb;
-	} dynamic_MEM_fns;
-/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
- * these types so we (and any other dependant code) can simplify a bit?? */
-typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);
-typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);
-typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
-						const char *,int);
-typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,
-						const char *,int);
-typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
-						const char *,int);
-typedef struct st_dynamic_LOCK_fns {
-	dyn_lock_locking_cb			lock_locking_cb;
-	dyn_lock_add_lock_cb			lock_add_lock_cb;
-	dyn_dynlock_create_cb			dynlock_create_cb;
-	dyn_dynlock_lock_cb			dynlock_lock_cb;
-	dyn_dynlock_destroy_cb			dynlock_destroy_cb;
-	} dynamic_LOCK_fns;
-/* The top-level structure */
-typedef struct st_dynamic_fns {
-	void 					*static_state;
-	const ERR_FNS				*err_fns;
-	const CRYPTO_EX_DATA_IMPL		*ex_data_fns;
-	dynamic_MEM_fns				mem_fns;
-	dynamic_LOCK_fns			lock_fns;
-	} dynamic_fns;
-
-/* The version checking function should be of this prototype. NB: The
- * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
- * If this function returns zero, it indicates a (potential) version
- * incompatibility and the loaded library doesn't believe it can proceed.
- * Otherwise, the returned value is the (latest) version supported by the
- * loading library. The loader may still decide that the loaded code's version
- * is unsatisfactory and could veto the load. The function is expected to
- * be implemented with the symbol name "v_check", and a default implementation
- * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
-typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
-#define IMPLEMENT_DYNAMIC_CHECK_FN() \
-	OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
-	OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
-		if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
-		return 0; }
-
-/* This function is passed the ENGINE structure to initialise with its own
- * function and command settings. It should not adjust the structural or
- * functional reference counts. If this function returns zero, (a) the load will
- * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
- * structure, and (c) the shared library will be unloaded. So implementations
- * should do their own internal cleanup in failure circumstances otherwise they
- * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
- * the loader is looking for. If this is NULL, the shared library can choose to
- * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
- * library must initialise only an ENGINE matching the passed 'id'. The function
- * is expected to be implemented with the symbol name "bind_engine". A standard
- * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
- * the parameter 'fn' is a callback function that populates the ENGINE structure
- * and returns an int value (zero for failure). 'fn' should have prototype;
- *    [static] int fn(ENGINE *e, const char *id); */
-typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
-				const dynamic_fns *fns);
-#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
-	OPENSSL_EXPORT \
-	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
-	OPENSSL_EXPORT \
-	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
-		if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
-		if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
-			fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
-			return 0; \
-		CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
-		CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
-		CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
-		CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
-		CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
-		if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
-			return 0; \
-		if(!ERR_set_implementation(fns->err_fns)) return 0; \
-	skip_cbs: \
-		if(!fn(e,id)) return 0; \
-		return 1; }
-
-/* If the loading application (or library) and the loaded ENGINE library share
- * the same static data (eg. they're both dynamically linked to the same
- * libcrypto.so) we need a way to avoid trying to set system callbacks - this
- * would fail, and for the same reason that it's unnecessary to try. If the
- * loaded ENGINE has (or gets from through the loader) its own copy of the
- * libcrypto static data, we will need to set the callbacks. The easiest way to
- * detect this is to have a function that returns a pointer to some static data
- * and let the loading application and loaded ENGINE compare their respective
- * values. */
-void *ENGINE_get_static_state(void);
-
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-void ENGINE_setup_bsd_cryptodev(void);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ENGINE_strings(void);
-
-/* Error codes for the ENGINE functions. */
-
-/* Function codes. */
-#define ENGINE_F_DYNAMIC_CTRL				 180
-#define ENGINE_F_DYNAMIC_GET_DATA_CTX			 181
-#define ENGINE_F_DYNAMIC_LOAD				 182
-#define ENGINE_F_DYNAMIC_SET_DATA_CTX			 183
-#define ENGINE_F_ENGINE_ADD				 105
-#define ENGINE_F_ENGINE_BY_ID				 106
-#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE		 170
-#define ENGINE_F_ENGINE_CTRL				 142
-#define ENGINE_F_ENGINE_CTRL_CMD			 178
-#define ENGINE_F_ENGINE_CTRL_CMD_STRING			 171
-#define ENGINE_F_ENGINE_FINISH				 107
-#define ENGINE_F_ENGINE_FREE_UTIL			 108
-#define ENGINE_F_ENGINE_GET_CIPHER			 185
-#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE		 177
-#define ENGINE_F_ENGINE_GET_DIGEST			 186
-#define ENGINE_F_ENGINE_GET_NEXT			 115
-#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH		 193
-#define ENGINE_F_ENGINE_GET_PKEY_METH			 192
-#define ENGINE_F_ENGINE_GET_PREV			 116
-#define ENGINE_F_ENGINE_INIT				 119
-#define ENGINE_F_ENGINE_LIST_ADD			 120
-#define ENGINE_F_ENGINE_LIST_REMOVE			 121
-#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY		 150
-#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY			 151
-#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT		 194
-#define ENGINE_F_ENGINE_NEW				 122
-#define ENGINE_F_ENGINE_REMOVE				 123
-#define ENGINE_F_ENGINE_SET_DEFAULT_STRING		 189
-#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE		 126
-#define ENGINE_F_ENGINE_SET_ID				 129
-#define ENGINE_F_ENGINE_SET_NAME			 130
-#define ENGINE_F_ENGINE_TABLE_REGISTER			 184
-#define ENGINE_F_ENGINE_UNLOAD_KEY			 152
-#define ENGINE_F_ENGINE_UNLOCKED_FINISH			 191
-#define ENGINE_F_ENGINE_UP_REF				 190
-#define ENGINE_F_INT_CTRL_HELPER			 172
-#define ENGINE_F_INT_ENGINE_CONFIGURE			 188
-#define ENGINE_F_INT_ENGINE_MODULE_INIT			 187
-#define ENGINE_F_LOG_MESSAGE				 141
-
-/* Reason codes. */
-#define ENGINE_R_ALREADY_LOADED				 100
-#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER		 133
-#define ENGINE_R_CMD_NOT_EXECUTABLE			 134
-#define ENGINE_R_COMMAND_TAKES_INPUT			 135
-#define ENGINE_R_COMMAND_TAKES_NO_INPUT			 136
-#define ENGINE_R_CONFLICTING_ENGINE_ID			 103
-#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED		 119
-#define ENGINE_R_DH_NOT_IMPLEMENTED			 139
-#define ENGINE_R_DSA_NOT_IMPLEMENTED			 140
-#define ENGINE_R_DSO_FAILURE				 104
-#define ENGINE_R_DSO_NOT_FOUND				 132
-#define ENGINE_R_ENGINES_SECTION_ERROR			 148
-#define ENGINE_R_ENGINE_CONFIGURATION_ERROR		 102
-#define ENGINE_R_ENGINE_IS_NOT_IN_LIST			 105
-#define ENGINE_R_ENGINE_SECTION_ERROR			 149
-#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY		 128
-#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY		 129
-#define ENGINE_R_FINISH_FAILED				 106
-#define ENGINE_R_GET_HANDLE_FAILED			 107
-#define ENGINE_R_ID_OR_NAME_MISSING			 108
-#define ENGINE_R_INIT_FAILED				 109
-#define ENGINE_R_INTERNAL_LIST_ERROR			 110
-#define ENGINE_R_INVALID_ARGUMENT			 143
-#define ENGINE_R_INVALID_CMD_NAME			 137
-#define ENGINE_R_INVALID_CMD_NUMBER			 138
-#define ENGINE_R_INVALID_INIT_VALUE			 151
-#define ENGINE_R_INVALID_STRING				 150
-#define ENGINE_R_NOT_INITIALISED			 117
-#define ENGINE_R_NOT_LOADED				 112
-#define ENGINE_R_NO_CONTROL_FUNCTION			 120
-#define ENGINE_R_NO_INDEX				 144
-#define ENGINE_R_NO_LOAD_FUNCTION			 125
-#define ENGINE_R_NO_REFERENCE				 130
-#define ENGINE_R_NO_SUCH_ENGINE				 116
-#define ENGINE_R_NO_UNLOAD_FUNCTION			 126
-#define ENGINE_R_PROVIDE_PARAMETERS			 113
-#define ENGINE_R_RSA_NOT_IMPLEMENTED			 141
-#define ENGINE_R_UNIMPLEMENTED_CIPHER			 146
-#define ENGINE_R_UNIMPLEMENTED_DIGEST			 147
-#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD	 101
-#define ENGINE_R_VERSION_INCOMPATIBILITY		 145
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/engine/enginetest.c b/crypto/engine/enginetest.c
deleted file mode 100644
index f4d70e7e0a..0000000000
--- a/crypto/engine/enginetest.c
+++ /dev/null
@@ -1,283 +0,0 @@
-/* crypto/engine/enginetest.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_ENGINE
-int main(int argc, char *argv[])
-{
-    printf("No ENGINE support\n");
-    return(0);
-}
-#else
-#include <openssl/buffer.h>
-#include <openssl/crypto.h>
-#include <openssl/engine.h>
-#include <openssl/err.h>
-
-static void display_engine_list(void)
-	{
-	ENGINE *h;
-	int loop;
-
-	h = ENGINE_get_first();
-	loop = 0;
-	printf("listing available engine types\n");
-	while(h)
-		{
-		printf("engine %i, id = \"%s\", name = \"%s\"\n",
-			loop++, ENGINE_get_id(h), ENGINE_get_name(h));
-		h = ENGINE_get_next(h);
-		}
-	printf("end of list\n");
-	/* ENGINE_get_first() increases the struct_ref counter, so we 
-           must call ENGINE_free() to decrease it again */
-	ENGINE_free(h);
-	}
-
-int main(int argc, char *argv[])
-	{
-	ENGINE *block[512];
-	char buf[256];
-	const char *id, *name;
-	ENGINE *ptr;
-	int loop;
-	int to_return = 1;
-	ENGINE *new_h1 = NULL;
-	ENGINE *new_h2 = NULL;
-	ENGINE *new_h3 = NULL;
-	ENGINE *new_h4 = NULL;
-
-	/* enable memory leak checking unless explicitly disabled */
-	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
-		{
-		CRYPTO_malloc_debug_init();
-		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-		}
-	else
-		{
-		/* OPENSSL_DEBUG_MEMORY=off */
-		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
-		}
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-	ERR_load_crypto_strings();
-
-	memset(block, 0, 512 * sizeof(ENGINE *));
-	if(((new_h1 = ENGINE_new()) == NULL) ||
-			!ENGINE_set_id(new_h1, "test_id0") ||
-			!ENGINE_set_name(new_h1, "First test item") ||
-			((new_h2 = ENGINE_new()) == NULL) ||
-			!ENGINE_set_id(new_h2, "test_id1") ||
-			!ENGINE_set_name(new_h2, "Second test item") ||
-			((new_h3 = ENGINE_new()) == NULL) ||
-			!ENGINE_set_id(new_h3, "test_id2") ||
-			!ENGINE_set_name(new_h3, "Third test item") ||
-			((new_h4 = ENGINE_new()) == NULL) ||
-			!ENGINE_set_id(new_h4, "test_id3") ||
-			!ENGINE_set_name(new_h4, "Fourth test item"))
-		{
-		printf("Couldn't set up test ENGINE structures\n");
-		goto end;
-		}
-	printf("\nenginetest beginning\n\n");
-	display_engine_list();
-	if(!ENGINE_add(new_h1))
-		{
-		printf("Add failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	ptr = ENGINE_get_first();
-	if(!ENGINE_remove(ptr))
-		{
-		printf("Remove failed!\n");
-		goto end;
-		}
-	if (ptr)
-		ENGINE_free(ptr);
-	display_engine_list();
-	if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
-		{
-		printf("Add failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	if(!ENGINE_remove(new_h2))
-		{
-		printf("Remove failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	if(!ENGINE_add(new_h4))
-		{
-		printf("Add failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	if(ENGINE_add(new_h3))
-		{
-		printf("Add *should* have failed but didn't!\n");
-		goto end;
-		}
-	else
-		printf("Add that should fail did.\n");
-	ERR_clear_error();
-	if(ENGINE_remove(new_h2))
-		{
-		printf("Remove *should* have failed but didn't!\n");
-		goto end;
-		}
-	else
-		printf("Remove that should fail did.\n");
-	ERR_clear_error();
-	if(!ENGINE_remove(new_h3))
-		{
-		printf("Remove failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	if(!ENGINE_remove(new_h4))
-		{
-		printf("Remove failed!\n");
-		goto end;
-		}
-	display_engine_list();
-	/* Depending on whether there's any hardware support compiled
-	 * in, this remove may be destined to fail. */
-	ptr = ENGINE_get_first();
-	if(ptr)
-		if(!ENGINE_remove(ptr))
-			printf("Remove failed!i - probably no hardware "
-				"support present.\n");
-	if (ptr)
-		ENGINE_free(ptr);
-	display_engine_list();
-	if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
-		{
-		printf("Couldn't add and remove to an empty list!\n");
-		goto end;
-		}
-	else
-		printf("Successfully added and removed to an empty list!\n");
-	printf("About to beef up the engine-type list\n");
-	for(loop = 0; loop < 512; loop++)
-		{
-		sprintf(buf, "id%i", loop);
-		id = BUF_strdup(buf);
-		sprintf(buf, "Fake engine type %i", loop);
-		name = BUF_strdup(buf);
-		if(((block[loop] = ENGINE_new()) == NULL) ||
-				!ENGINE_set_id(block[loop], id) ||
-				!ENGINE_set_name(block[loop], name))
-			{
-			printf("Couldn't create block of ENGINE structures.\n"
-				"I'll probably also core-dump now, damn.\n");
-			goto end;
-			}
-		}
-	for(loop = 0; loop < 512; loop++)
-		{
-		if(!ENGINE_add(block[loop]))
-			{
-			printf("\nAdding stopped at %i, (%s,%s)\n",
-				loop, ENGINE_get_id(block[loop]),
-				ENGINE_get_name(block[loop]));
-			goto cleanup_loop;
-			}
-		else
-			printf("."); fflush(stdout);
-		}
-cleanup_loop:
-	printf("\nAbout to empty the engine-type list\n");
-	while((ptr = ENGINE_get_first()) != NULL)
-		{
-		if(!ENGINE_remove(ptr))
-			{
-			printf("\nRemove failed!\n");
-			goto end;
-			}
-		ENGINE_free(ptr);
-		printf("."); fflush(stdout);
-		}
-	for(loop = 0; loop < 512; loop++)
-		{
-		OPENSSL_free((void *)ENGINE_get_id(block[loop]));
-		OPENSSL_free((void *)ENGINE_get_name(block[loop]));
-		}
-	printf("\nTests completed happily\n");
-	to_return = 0;
-end:
-	if(to_return)
-		ERR_print_errors_fp(stderr);
-	if(new_h1) ENGINE_free(new_h1);
-	if(new_h2) ENGINE_free(new_h2);
-	if(new_h3) ENGINE_free(new_h3);
-	if(new_h4) ENGINE_free(new_h4);
-	for(loop = 0; loop < 512; loop++)
-		if(block[loop])
-			ENGINE_free(block[loop]);
-	ENGINE_cleanup();
-	CRYPTO_cleanup_all_ex_data();
-	ERR_free_strings();
-	ERR_remove_thread_state(NULL);
-	CRYPTO_mem_leaks_fp(stderr);
-	return to_return;
-	}
-#endif
diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c
deleted file mode 100644
index 75090339f7..0000000000
--- a/crypto/engine/tb_asnmth.c
+++ /dev/null
@@ -1,246 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-#include "asn1_locl.h"
-#include <openssl/evp.h>
-
-/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
- * function that is used by EVP to hook in pkey_asn1_meth code and cache
- * defaults (etc), will display brief debugging summaries to stderr with the
- * 'nid'. */
-/* #define ENGINE_PKEY_ASN1_METH_DEBUG */
-
-static ENGINE_TABLE *pkey_asn1_meth_table = NULL;
-
-void ENGINE_unregister_pkey_asn1_meths(ENGINE *e)
-	{
-	engine_table_unregister(&pkey_asn1_meth_table, e);
-	}
-
-static void engine_unregister_all_pkey_asn1_meths(void)
-	{
-	engine_table_cleanup(&pkey_asn1_meth_table);
-	}
-
-int ENGINE_register_pkey_asn1_meths(ENGINE *e)
-	{
-	if(e->pkey_asn1_meths)
-		{
-		const int *nids;
-		int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
-		if(num_nids > 0)
-			return engine_table_register(&pkey_asn1_meth_table,
-				engine_unregister_all_pkey_asn1_meths, e, nids,
-					num_nids, 0);
-		}
-	return 1;
-	}
-
-void ENGINE_register_all_pkey_asn1_meths(void)
-	{
-	ENGINE *e;
-
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_pkey_asn1_meths(e);
-	}
-
-int ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
-	{
-	if(e->pkey_asn1_meths)
-		{
-		const int *nids;
-		int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
-		if(num_nids > 0)
-			return engine_table_register(&pkey_asn1_meth_table,
-				engine_unregister_all_pkey_asn1_meths, e, nids,
-					num_nids, 1);
-		}
-	return 1;
-	}
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given pkey_asn1_meth 'nid' */
-ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid)
-	{
-	return engine_table_select(&pkey_asn1_meth_table, nid);
-	}
-
-/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */
-const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
-	{
-	EVP_PKEY_ASN1_METHOD *ret;
-	ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
-	if(!fn || !fn(e, &ret, NULL, nid))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH,
-				ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
-		return NULL;
-		}
-	return ret;
-	}
-
-/* Gets the pkey_asn1_meth callback from an ENGINE structure */
-ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e)
-	{
-	return e->pkey_asn1_meths;
-	}
-
-/* Sets the pkey_asn1_meth callback in an ENGINE structure */
-int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
-	{
-	e->pkey_asn1_meths = f;
-	return 1;
-	}
-
-/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
- * ENGINE is destroyed
- */
-
-void engine_pkey_asn1_meths_free(ENGINE *e)
-	{
-	int i;
-	EVP_PKEY_ASN1_METHOD *pkm;
-	if (e->pkey_asn1_meths)
-		{
-		const int *pknids;
-		int npknids;
-		npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
-		for (i = 0; i < npknids; i++)
-			{
-			if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i]))
-				{
-				EVP_PKEY_asn1_free(pkm);
-				}
-			}
-		}
-	}
-
-/* Find a method based on a string. This does a linear search through
- * all implemented algorithms. This is OK in practice because only
- * a small number of algorithms are likely to be implemented in an engine
- * and it is not used for speed critical operations.
- */
-
-const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
-					const char *str, int len)
-	{
-	int i, nidcount;
-	const int *nids;
-	EVP_PKEY_ASN1_METHOD *ameth;
-	if (!e->pkey_asn1_meths)
-		return NULL;
-	if (len == -1)
-		len = strlen(str);
-	nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
-	for (i = 0; i < nidcount; i++)
-		{
-		e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
-		if (((int)strlen(ameth->pem_str) == len) && 
-					!strncasecmp(ameth->pem_str, str, len))
-			return ameth;
-		}
-	return NULL;
-	}
-
-typedef struct 
-	{
-	ENGINE *e;
-	const EVP_PKEY_ASN1_METHOD *ameth;
-	const char *str;
-	int len;
-	} ENGINE_FIND_STR;
-
-static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
-	{
-	ENGINE_FIND_STR *lk = arg;
-	int i;
-	if (lk->ameth)
-		return;
-	for (i = 0; i < sk_ENGINE_num(sk); i++)
-		{
-		ENGINE *e = sk_ENGINE_value(sk, i);
-		EVP_PKEY_ASN1_METHOD *ameth;
-		e->pkey_asn1_meths(e, &ameth, NULL, nid);
-		if (((int)strlen(ameth->pem_str) == lk->len) && 
-				!strncasecmp(ameth->pem_str, lk->str, lk->len))
-			{
-			lk->e = e;
-			lk->ameth = ameth;
-			return;
-			}
-		}
-	}
-
-const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
-					const char *str, int len)
-	{
-	ENGINE_FIND_STR fstr;
-	fstr.e = NULL;
-	fstr.ameth = NULL;
-	fstr.str = str;
-	fstr.len = len;
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
-	/* If found obtain a structural reference to engine */
-	if (fstr.e)
-		{
-		fstr.e->struct_ref++;
-		engine_ref_debug(fstr.e, 0, 1)
-		}
-	*pe = fstr.e;
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return fstr.ameth;
-	}
diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c
deleted file mode 100644
index 177fc1fb73..0000000000
--- a/crypto/engine/tb_cipher.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
- * is used by EVP to hook in cipher code and cache defaults (etc), will display
- * brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_CIPHER_DEBUG */
-
-static ENGINE_TABLE *cipher_table = NULL;
-
-void ENGINE_unregister_ciphers(ENGINE *e)
-	{
-	engine_table_unregister(&cipher_table, e);
-	}
-
-static void engine_unregister_all_ciphers(void)
-	{
-	engine_table_cleanup(&cipher_table);
-	}
-
-int ENGINE_register_ciphers(ENGINE *e)
-	{
-	if(e->ciphers)
-		{
-		const int *nids;
-		int num_nids = e->ciphers(e, NULL, &nids, 0);
-		if(num_nids > 0)
-			return engine_table_register(&cipher_table,
-					engine_unregister_all_ciphers, e, nids,
-					num_nids, 0);
-		}
-	return 1;
-	}
-
-void ENGINE_register_all_ciphers()
-	{
-	ENGINE *e;
-
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_ciphers(e);
-	}
-
-int ENGINE_set_default_ciphers(ENGINE *e)
-	{
-	if(e->ciphers)
-		{
-		const int *nids;
-		int num_nids = e->ciphers(e, NULL, &nids, 0);
-		if(num_nids > 0)
-			return engine_table_register(&cipher_table,
-					engine_unregister_all_ciphers, e, nids,
-					num_nids, 1);
-		}
-	return 1;
-	}
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given cipher 'nid' */
-ENGINE *ENGINE_get_cipher_engine(int nid)
-	{
-	return engine_table_select(&cipher_table, nid);
-	}
-
-/* Obtains a cipher implementation from an ENGINE functional reference */
-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
-	{
-	const EVP_CIPHER *ret;
-	ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
-	if(!fn || !fn(e, &ret, NULL, nid))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
-				ENGINE_R_UNIMPLEMENTED_CIPHER);
-		return NULL;
-		}
-	return ret;
-	}
-
-/* Gets the cipher callback from an ENGINE structure */
-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
-	{
-	return e->ciphers;
-	}
-
-/* Sets the cipher callback in an ENGINE structure */
-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
-	{
-	e->ciphers = f;
-	return 1;
-	}
diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c
deleted file mode 100644
index 6e9d428761..0000000000
--- a/crypto/engine/tb_dh.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
- * used by DH to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_DH_DEBUG */
-
-static ENGINE_TABLE *dh_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_DH(ENGINE *e)
-	{
-	engine_table_unregister(&dh_table, e);
-	}
-
-static void engine_unregister_all_DH(void)
-	{
-	engine_table_cleanup(&dh_table);
-	}
-
-int ENGINE_register_DH(ENGINE *e)
-	{
-	if(e->dh_meth)
-		return engine_table_register(&dh_table,
-				engine_unregister_all_DH, e, &dummy_nid, 1, 0);
-	return 1;
-	}
-
-void ENGINE_register_all_DH()
-	{
-	ENGINE *e;
-
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_DH(e);
-	}
-
-int ENGINE_set_default_DH(ENGINE *e)
-	{
-	if(e->dh_meth)
-		return engine_table_register(&dh_table,
-				engine_unregister_all_DH, e, &dummy_nid, 1, 1);
-	return 1;
-	}
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_DH(void)
-	{
-	return engine_table_select(&dh_table, dummy_nid);
-	}
-
-/* Obtains an DH implementation from an ENGINE functional reference */
-const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
-	{
-	return e->dh_meth;
-	}
-
-/* Sets an DH implementation in an ENGINE structure */
-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
-	{
-	e->dh_meth = dh_meth;
-	return 1;
-	}
diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c
deleted file mode 100644
index d3f4bb2747..0000000000
--- a/crypto/engine/tb_digest.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
- * is used by EVP to hook in digest code and cache defaults (etc), will display
- * brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_DIGEST_DEBUG */
-
-static ENGINE_TABLE *digest_table = NULL;
-
-void ENGINE_unregister_digests(ENGINE *e)
-	{
-	engine_table_unregister(&digest_table, e);
-	}
-
-static void engine_unregister_all_digests(void)
-	{
-	engine_table_cleanup(&digest_table);
-	}
-
-int ENGINE_register_digests(ENGINE *e)
-	{
-	if(e->digests)
-		{
-		const int *nids;
-		int num_nids = e->digests(e, NULL, &nids, 0);
-		if(num_nids > 0)
-			return engine_table_register(&digest_table,
-					engine_unregister_all_digests, e, nids,
-					num_nids, 0);
-		}
-	return 1;
-	}
-
-void ENGINE_register_all_digests()
-	{
-	ENGINE *e;
-
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_digests(e);
-	}
-
-int ENGINE_set_default_digests(ENGINE *e)
-	{
-	if(e->digests)
-		{
-		const int *nids;
-		int num_nids = e->digests(e, NULL, &nids, 0);
-		if(num_nids > 0)
-			return engine_table_register(&digest_table,
-					engine_unregister_all_digests, e, nids,
-					num_nids, 1);
-		}
-	return 1;
-	}
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given digest 'nid' */
-ENGINE *ENGINE_get_digest_engine(int nid)
-	{
-	return engine_table_select(&digest_table, nid);
-	}
-
-/* Obtains a digest implementation from an ENGINE functional reference */
-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
-	{
-	const EVP_MD *ret;
-	ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
-	if(!fn || !fn(e, &ret, NULL, nid))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
-				ENGINE_R_UNIMPLEMENTED_DIGEST);
-		return NULL;
-		}
-	return ret;
-	}
-
-/* Gets the digest callback from an ENGINE structure */
-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
-	{
-	return e->digests;
-	}
-
-/* Sets the digest callback in an ENGINE structure */
-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
-	{
-	e->digests = f;
-	return 1;
-	}
diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c
deleted file mode 100644
index e4674f5f07..0000000000
--- a/crypto/engine/tb_dsa.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
- * used by DSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_DSA_DEBUG */
-
-static ENGINE_TABLE *dsa_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_DSA(ENGINE *e)
-	{
-	engine_table_unregister(&dsa_table, e);
-	}
-
-static void engine_unregister_all_DSA(void)
-	{
-	engine_table_cleanup(&dsa_table);
-	}
-
-int ENGINE_register_DSA(ENGINE *e)
-	{
-	if(e->dsa_meth)
-		return engine_table_register(&dsa_table,
-				engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
-	return 1;
-	}
-
-void ENGINE_register_all_DSA()
-	{
-	ENGINE *e;
-
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_DSA(e);
-	}
-
-int ENGINE_set_default_DSA(ENGINE *e)
-	{
-	if(e->dsa_meth)
-		return engine_table_register(&dsa_table,
-				engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
-	return 1;
-	}
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_DSA(void)
-	{
-	return engine_table_select(&dsa_table, dummy_nid);
-	}
-
-/* Obtains an DSA implementation from an ENGINE functional reference */
-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
-	{
-	return e->dsa_meth;
-	}
-
-/* Sets an DSA implementation in an ENGINE structure */
-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
-	{
-	e->dsa_meth = dsa_meth;
-	return 1;
-	}
diff --git a/crypto/engine/tb_ecdh.c b/crypto/engine/tb_ecdh.c
deleted file mode 100644
index c8ec7812c5..0000000000
--- a/crypto/engine/tb_ecdh.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/* crypto/engine/tb_ecdh.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH engine software is originally written by Nils Gura and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_ECDH(), the function that is
- * used by ECDH to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_ECDH_DEBUG */
-
-static ENGINE_TABLE *ecdh_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_ECDH(ENGINE *e)
-	{
-	engine_table_unregister(&ecdh_table, e);
-	}
-
-static void engine_unregister_all_ECDH(void)
-	{
-	engine_table_cleanup(&ecdh_table);
-	}
-
-int ENGINE_register_ECDH(ENGINE *e)
-	{
-	if(e->ecdh_meth)
-		return engine_table_register(&ecdh_table,
-				engine_unregister_all_ECDH, e, &dummy_nid, 1, 0);
-	return 1;
-	}
-
-void ENGINE_register_all_ECDH()
-	{
-	ENGINE *e;
-
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_ECDH(e);
-	}
-
-int ENGINE_set_default_ECDH(ENGINE *e)
-	{
-	if(e->ecdh_meth)
-		return engine_table_register(&ecdh_table,
-				engine_unregister_all_ECDH, e, &dummy_nid, 1, 1);
-	return 1;
-	}
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_ECDH(void)
-	{
-	return engine_table_select(&ecdh_table, dummy_nid);
-	}
-
-/* Obtains an ECDH implementation from an ENGINE functional reference */
-const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e)
-	{
-	return e->ecdh_meth;
-	}
-
-/* Sets an ECDH implementation in an ENGINE structure */
-int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth)
-	{
-	e->ecdh_meth = ecdh_meth;
-	return 1;
-	}
diff --git a/crypto/engine/tb_ecdsa.c b/crypto/engine/tb_ecdsa.c
deleted file mode 100644
index 005ecb622c..0000000000
--- a/crypto/engine/tb_ecdsa.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_ECDSA(), the function that is
- * used by ECDSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_ECDSA_DEBUG */
-
-static ENGINE_TABLE *ecdsa_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_ECDSA(ENGINE *e)
-	{
-	engine_table_unregister(&ecdsa_table, e);
-	}
-
-static void engine_unregister_all_ECDSA(void)
-	{
-	engine_table_cleanup(&ecdsa_table);
-	}
-
-int ENGINE_register_ECDSA(ENGINE *e)
-	{
-	if(e->ecdsa_meth)
-		return engine_table_register(&ecdsa_table,
-				engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0);
-	return 1;
-	}
-
-void ENGINE_register_all_ECDSA()
-	{
-	ENGINE *e;
-
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_ECDSA(e);
-	}
-
-int ENGINE_set_default_ECDSA(ENGINE *e)
-	{
-	if(e->ecdsa_meth)
-		return engine_table_register(&ecdsa_table,
-				engine_unregister_all_ECDSA, e, &dummy_nid, 1, 1);
-	return 1;
-	}
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_ECDSA(void)
-	{
-	return engine_table_select(&ecdsa_table, dummy_nid);
-	}
-
-/* Obtains an ECDSA implementation from an ENGINE functional reference */
-const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e)
-	{
-	return e->ecdsa_meth;
-	}
-
-/* Sets an ECDSA implementation in an ENGINE structure */
-int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth)
-	{
-	e->ecdsa_meth = ecdsa_meth;
-	return 1;
-	}
diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c
deleted file mode 100644
index 1cdb967f25..0000000000
--- a/crypto/engine/tb_pkmeth.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-#include <openssl/evp.h>
-
-/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
- * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_PKEY_METH_DEBUG */
-
-static ENGINE_TABLE *pkey_meth_table = NULL;
-
-void ENGINE_unregister_pkey_meths(ENGINE *e)
-	{
-	engine_table_unregister(&pkey_meth_table, e);
-	}
-
-static void engine_unregister_all_pkey_meths(void)
-	{
-	engine_table_cleanup(&pkey_meth_table);
-	}
-
-int ENGINE_register_pkey_meths(ENGINE *e)
-	{
-	if(e->pkey_meths)
-		{
-		const int *nids;
-		int num_nids = e->pkey_meths(e, NULL, &nids, 0);
-		if(num_nids > 0)
-			return engine_table_register(&pkey_meth_table,
-				engine_unregister_all_pkey_meths, e, nids,
-					num_nids, 0);
-		}
-	return 1;
-	}
-
-void ENGINE_register_all_pkey_meths()
-	{
-	ENGINE *e;
-
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_pkey_meths(e);
-	}
-
-int ENGINE_set_default_pkey_meths(ENGINE *e)
-	{
-	if(e->pkey_meths)
-		{
-		const int *nids;
-		int num_nids = e->pkey_meths(e, NULL, &nids, 0);
-		if(num_nids > 0)
-			return engine_table_register(&pkey_meth_table,
-				engine_unregister_all_pkey_meths, e, nids,
-					num_nids, 1);
-		}
-	return 1;
-	}
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given pkey_meth 'nid' */
-ENGINE *ENGINE_get_pkey_meth_engine(int nid)
-	{
-	return engine_table_select(&pkey_meth_table, nid);
-	}
-
-/* Obtains a pkey_meth implementation from an ENGINE functional reference */
-const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid)
-	{
-	EVP_PKEY_METHOD *ret;
-	ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
-	if(!fn || !fn(e, &ret, NULL, nid))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH,
-				ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
-		return NULL;
-		}
-	return ret;
-	}
-
-/* Gets the pkey_meth callback from an ENGINE structure */
-ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e)
-	{
-	return e->pkey_meths;
-	}
-
-/* Sets the pkey_meth callback in an ENGINE structure */
-int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)
-	{
-	e->pkey_meths = f;
-	return 1;
-	}
-
-/* Internal function to free up EVP_PKEY_METHOD structures before an
- * ENGINE is destroyed
- */
-
-void engine_pkey_meths_free(ENGINE *e)
-	{
-	int i;
-	EVP_PKEY_METHOD *pkm;
-	if (e->pkey_meths)
-		{
-		const int *pknids;
-		int npknids;
-		npknids = e->pkey_meths(e, NULL, &pknids, 0);
-		for (i = 0; i < npknids; i++)
-			{
-			if (e->pkey_meths(e, &pkm, NULL, pknids[i]))
-				{
-				EVP_PKEY_meth_free(pkm);
-				}
-			}
-		}
-	}
diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c
deleted file mode 100644
index f36f67c0f6..0000000000
--- a/crypto/engine/tb_rand.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
- * used by RAND to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_RAND_DEBUG */
-
-static ENGINE_TABLE *rand_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_RAND(ENGINE *e)
-	{
-	engine_table_unregister(&rand_table, e);
-	}
-
-static void engine_unregister_all_RAND(void)
-	{
-	engine_table_cleanup(&rand_table);
-	}
-
-int ENGINE_register_RAND(ENGINE *e)
-	{
-	if(e->rand_meth)
-		return engine_table_register(&rand_table,
-				engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
-	return 1;
-	}
-
-void ENGINE_register_all_RAND()
-	{
-	ENGINE *e;
-
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_RAND(e);
-	}
-
-int ENGINE_set_default_RAND(ENGINE *e)
-	{
-	if(e->rand_meth)
-		return engine_table_register(&rand_table,
-				engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
-	return 1;
-	}
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_RAND(void)
-	{
-	return engine_table_select(&rand_table, dummy_nid);
-	}
-
-/* Obtains an RAND implementation from an ENGINE functional reference */
-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
-	{
-	return e->rand_meth;
-	}
-
-/* Sets an RAND implementation in an ENGINE structure */
-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
-	{
-	e->rand_meth = rand_meth;
-	return 1;
-	}
diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c
deleted file mode 100644
index fbc707fd26..0000000000
--- a/crypto/engine/tb_rsa.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
- * used by RSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_RSA_DEBUG */
-
-static ENGINE_TABLE *rsa_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_RSA(ENGINE *e)
-	{
-	engine_table_unregister(&rsa_table, e);
-	}
-
-static void engine_unregister_all_RSA(void)
-	{
-	engine_table_cleanup(&rsa_table);
-	}
-
-int ENGINE_register_RSA(ENGINE *e)
-	{
-	if(e->rsa_meth)
-		return engine_table_register(&rsa_table,
-				engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
-	return 1;
-	}
-
-void ENGINE_register_all_RSA()
-	{
-	ENGINE *e;
-
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_RSA(e);
-	}
-
-int ENGINE_set_default_RSA(ENGINE *e)
-	{
-	if(e->rsa_meth)
-		return engine_table_register(&rsa_table,
-				engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
-	return 1;
-	}
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_RSA(void)
-	{
-	return engine_table_select(&rsa_table, dummy_nid);
-	}
-
-/* Obtains an RSA implementation from an ENGINE functional reference */
-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
-	{
-	return e->rsa_meth;
-	}
-
-/* Sets an RSA implementation in an ENGINE structure */
-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
-	{
-	e->rsa_meth = rsa_meth;
-	return 1;
-	}
diff --git a/crypto/engine/tb_store.c b/crypto/engine/tb_store.c
deleted file mode 100644
index 8cc435c935..0000000000
--- a/crypto/engine/tb_store.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is
- * used by STORE to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_STORE_DEBUG */
-
-static ENGINE_TABLE *store_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_STORE(ENGINE *e)
-	{
-	engine_table_unregister(&store_table, e);
-	}
-
-static void engine_unregister_all_STORE(void)
-	{
-	engine_table_cleanup(&store_table);
-	}
-
-int ENGINE_register_STORE(ENGINE *e)
-	{
-	if(e->store_meth)
-		return engine_table_register(&store_table,
-				engine_unregister_all_STORE, e, &dummy_nid, 1, 0);
-	return 1;
-	}
-
-void ENGINE_register_all_STORE()
-	{
-	ENGINE *e;
-
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_STORE(e);
-	}
-
-/* The following two functions are removed because they're useless. */
-#if 0
-int ENGINE_set_default_STORE(ENGINE *e)
-	{
-	if(e->store_meth)
-		return engine_table_register(&store_table,
-				engine_unregister_all_STORE, e, &dummy_nid, 1, 1);
-	return 1;
-	}
-#endif
-
-#if 0
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_STORE(void)
-	{
-	return engine_table_select(&store_table, dummy_nid);
-	}
-#endif
-
-/* Obtains an STORE implementation from an ENGINE functional reference */
-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e)
-	{
-	return e->store_meth;
-	}
-
-/* Sets an STORE implementation in an ENGINE structure */
-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth)
-	{
-	e->store_meth = store_meth;
-	return 1;
-	}
diff --git a/crypto/err/err.c b/crypto/err/err.c
deleted file mode 100644
index fcdb244008..0000000000
--- a/crypto/err/err.c
+++ /dev/null
@@ -1,1138 +0,0 @@
-/* crypto/err/err.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-
-DECLARE_LHASH_OF(ERR_STRING_DATA);
-DECLARE_LHASH_OF(ERR_STATE);
-
-static void err_load_strings(int lib, ERR_STRING_DATA *str);
-
-static void ERR_STATE_free(ERR_STATE *s);
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA ERR_str_libraries[]=
-	{
-{ERR_PACK(ERR_LIB_NONE,0,0)		,"unknown library"},
-{ERR_PACK(ERR_LIB_SYS,0,0)		,"system library"},
-{ERR_PACK(ERR_LIB_BN,0,0)		,"bignum routines"},
-{ERR_PACK(ERR_LIB_RSA,0,0)		,"rsa routines"},
-{ERR_PACK(ERR_LIB_DH,0,0)		,"Diffie-Hellman routines"},
-{ERR_PACK(ERR_LIB_EVP,0,0)		,"digital envelope routines"},
-{ERR_PACK(ERR_LIB_BUF,0,0)		,"memory buffer routines"},
-{ERR_PACK(ERR_LIB_OBJ,0,0)		,"object identifier routines"},
-{ERR_PACK(ERR_LIB_PEM,0,0)		,"PEM routines"},
-{ERR_PACK(ERR_LIB_DSA,0,0)		,"dsa routines"},
-{ERR_PACK(ERR_LIB_X509,0,0)		,"x509 certificate routines"},
-{ERR_PACK(ERR_LIB_ASN1,0,0)		,"asn1 encoding routines"},
-{ERR_PACK(ERR_LIB_CONF,0,0)		,"configuration file routines"},
-{ERR_PACK(ERR_LIB_CRYPTO,0,0)		,"common libcrypto routines"},
-{ERR_PACK(ERR_LIB_EC,0,0)		,"elliptic curve routines"},
-{ERR_PACK(ERR_LIB_SSL,0,0)		,"SSL routines"},
-{ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
-{ERR_PACK(ERR_LIB_PKCS7,0,0)		,"PKCS7 routines"},
-{ERR_PACK(ERR_LIB_X509V3,0,0)		,"X509 V3 routines"},
-{ERR_PACK(ERR_LIB_PKCS12,0,0)		,"PKCS12 routines"},
-{ERR_PACK(ERR_LIB_RAND,0,0)		,"random number generator"},
-{ERR_PACK(ERR_LIB_DSO,0,0)		,"DSO support routines"},
-{ERR_PACK(ERR_LIB_TS,0,0)		,"time stamp routines"},
-{ERR_PACK(ERR_LIB_ENGINE,0,0)		,"engine routines"},
-{ERR_PACK(ERR_LIB_OCSP,0,0)		,"OCSP routines"},
-{ERR_PACK(ERR_LIB_FIPS,0,0)		,"FIPS routines"},
-{ERR_PACK(ERR_LIB_CMS,0,0)		,"CMS routines"},
-{ERR_PACK(ERR_LIB_HMAC,0,0)		,"HMAC routines"},
-{0,NULL},
-	};
-
-static ERR_STRING_DATA ERR_str_functs[]=
-	{
-	{ERR_PACK(0,SYS_F_FOPEN,0),     	"fopen"},
-	{ERR_PACK(0,SYS_F_CONNECT,0),		"connect"},
-	{ERR_PACK(0,SYS_F_GETSERVBYNAME,0),	"getservbyname"},
-	{ERR_PACK(0,SYS_F_SOCKET,0),		"socket"}, 
-	{ERR_PACK(0,SYS_F_IOCTLSOCKET,0),	"ioctlsocket"},
-	{ERR_PACK(0,SYS_F_BIND,0),		"bind"},
-	{ERR_PACK(0,SYS_F_LISTEN,0),		"listen"},
-	{ERR_PACK(0,SYS_F_ACCEPT,0),		"accept"},
-#ifdef OPENSSL_SYS_WINDOWS
-	{ERR_PACK(0,SYS_F_WSASTARTUP,0),	"WSAstartup"},
-#endif
-	{ERR_PACK(0,SYS_F_OPENDIR,0),		"opendir"},
-	{ERR_PACK(0,SYS_F_FREAD,0),		"fread"},
-	{0,NULL},
-	};
-
-static ERR_STRING_DATA ERR_str_reasons[]=
-	{
-{ERR_R_SYS_LIB				,"system lib"},
-{ERR_R_BN_LIB				,"BN lib"},
-{ERR_R_RSA_LIB				,"RSA lib"},
-{ERR_R_DH_LIB				,"DH lib"},
-{ERR_R_EVP_LIB				,"EVP lib"},
-{ERR_R_BUF_LIB				,"BUF lib"},
-{ERR_R_OBJ_LIB				,"OBJ lib"},
-{ERR_R_PEM_LIB				,"PEM lib"},
-{ERR_R_DSA_LIB				,"DSA lib"},
-{ERR_R_X509_LIB				,"X509 lib"},
-{ERR_R_ASN1_LIB				,"ASN1 lib"},
-{ERR_R_CONF_LIB				,"CONF lib"},
-{ERR_R_CRYPTO_LIB			,"CRYPTO lib"},
-{ERR_R_EC_LIB				,"EC lib"},
-{ERR_R_SSL_LIB				,"SSL lib"},
-{ERR_R_BIO_LIB				,"BIO lib"},
-{ERR_R_PKCS7_LIB			,"PKCS7 lib"},
-{ERR_R_X509V3_LIB			,"X509V3 lib"},
-{ERR_R_PKCS12_LIB			,"PKCS12 lib"},
-{ERR_R_RAND_LIB				,"RAND lib"},
-{ERR_R_DSO_LIB				,"DSO lib"},
-{ERR_R_ENGINE_LIB			,"ENGINE lib"},
-{ERR_R_OCSP_LIB				,"OCSP lib"},
-{ERR_R_TS_LIB				,"TS lib"},
-
-{ERR_R_NESTED_ASN1_ERROR		,"nested asn1 error"},
-{ERR_R_BAD_ASN1_OBJECT_HEADER		,"bad asn1 object header"},
-{ERR_R_BAD_GET_ASN1_OBJECT_CALL		,"bad get asn1 object call"},
-{ERR_R_EXPECTING_AN_ASN1_SEQUENCE	,"expecting an asn1 sequence"},
-{ERR_R_ASN1_LENGTH_MISMATCH		,"asn1 length mismatch"},
-{ERR_R_MISSING_ASN1_EOS			,"missing asn1 eos"},
-
-{ERR_R_FATAL                            ,"fatal"},
-{ERR_R_MALLOC_FAILURE			,"malloc failure"},
-{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	,"called a function you should not call"},
-{ERR_R_PASSED_NULL_PARAMETER		,"passed a null parameter"},
-{ERR_R_INTERNAL_ERROR			,"internal error"},
-{ERR_R_DISABLED				,"called a function that was disabled at compile-time"},
-
-{0,NULL},
-	};
-#endif
-
-
-/* Define the predeclared (but externally opaque) "ERR_FNS" type */
-struct st_ERR_FNS
-	{
-	/* Works on the "error_hash" string table */
-	LHASH_OF(ERR_STRING_DATA) *(*cb_err_get)(int create);
-	void (*cb_err_del)(void);
-	ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);
-	ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);
-	ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
-	/* Works on the "thread_hash" error-state table */
-	LHASH_OF(ERR_STATE) *(*cb_thread_get)(int create);
-	void (*cb_thread_release)(LHASH_OF(ERR_STATE) **hash);
-	ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
-	ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
-	void (*cb_thread_del_item)(const ERR_STATE *);
-	/* Returns the next available error "library" numbers */
-	int (*cb_get_next_lib)(void);
-	};
-
-/* Predeclarations of the "err_defaults" functions */
-static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create);
-static void int_err_del(void);
-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
-static LHASH_OF(ERR_STATE) *int_thread_get(int create);
-static void int_thread_release(LHASH_OF(ERR_STATE) **hash);
-static ERR_STATE *int_thread_get_item(const ERR_STATE *);
-static ERR_STATE *int_thread_set_item(ERR_STATE *);
-static void int_thread_del_item(const ERR_STATE *);
-static int int_err_get_next_lib(void);
-/* The static ERR_FNS table using these defaults functions */
-static const ERR_FNS err_defaults =
-	{
-	int_err_get,
-	int_err_del,
-	int_err_get_item,
-	int_err_set_item,
-	int_err_del_item,
-	int_thread_get,
-	int_thread_release,
-	int_thread_get_item,
-	int_thread_set_item,
-	int_thread_del_item,
-	int_err_get_next_lib
-	};
-
-/* The replacable table of ERR_FNS functions we use at run-time */
-static const ERR_FNS *err_fns = NULL;
-
-/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
-#define ERRFN(a) err_fns->cb_##a
-
-/* The internal state used by "err_defaults" - as such, the setting, reading,
- * creating, and deleting of this data should only be permitted via the
- * "err_defaults" functions. This way, a linked module can completely defer all
- * ERR state operation (together with requisite locking) to the implementations
- * and state in the loading application. */
-static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL;
-static LHASH_OF(ERR_STATE) *int_thread_hash = NULL;
-static int int_thread_hash_references = 0;
-static int int_err_library_number= ERR_LIB_USER;
-
-/* Internal function that checks whether "err_fns" is set and if not, sets it to
- * the defaults. */
-static void err_fns_check(void)
-	{
-	if (err_fns) return;
-	
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	if (!err_fns)
-		err_fns = &err_defaults;
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-	}
-
-/* API functions to get or set the underlying ERR functions. */
-
-const ERR_FNS *ERR_get_implementation(void)
-	{
-	err_fns_check();
-	return err_fns;
-	}
-
-int ERR_set_implementation(const ERR_FNS *fns)
-	{
-	int ret = 0;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	/* It's too late if 'err_fns' is non-NULL. BTW: not much point setting
-	 * an error is there?! */
-	if (!err_fns)
-		{
-		err_fns = fns;
-		ret = 1;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-	return ret;
-	}
-
-/* These are the callbacks provided to "lh_new()" when creating the LHASH tables
- * internal to the "err_defaults" implementation. */
-
-static unsigned long get_error_values(int inc,int top,const char **file,int *line,
-				      const char **data,int *flags);
-
-/* The internal functions used in the "err_defaults" implementation */
-
-static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
-	{
-	unsigned long ret,l;
-
-	l=a->error;
-	ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
-	return(ret^ret%19*13);
-	}
-static IMPLEMENT_LHASH_HASH_FN(err_string_data, ERR_STRING_DATA)
-
-static int err_string_data_cmp(const ERR_STRING_DATA *a,
-			       const ERR_STRING_DATA *b)
-	{
-	return (int)(a->error - b->error);
-	}
-static IMPLEMENT_LHASH_COMP_FN(err_string_data, ERR_STRING_DATA)
-
-static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create)
-	{
-	LHASH_OF(ERR_STRING_DATA) *ret = NULL;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	if (!int_error_hash && create)
-		{
-		CRYPTO_push_info("int_err_get (err.c)");
-		int_error_hash = lh_ERR_STRING_DATA_new();
-		CRYPTO_pop_info();
-		}
-	if (int_error_hash)
-		ret = int_error_hash;
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-	return ret;
-	}
-
-static void int_err_del(void)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	if (int_error_hash)
-		{
-		lh_ERR_STRING_DATA_free(int_error_hash);
-		int_error_hash = NULL;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-	}
-
-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
-	{
-	ERR_STRING_DATA *p;
-	LHASH_OF(ERR_STRING_DATA) *hash;
-
-	err_fns_check();
-	hash = ERRFN(err_get)(0);
-	if (!hash)
-		return NULL;
-
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-	p = lh_ERR_STRING_DATA_retrieve(hash, d);
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-
-	return p;
-	}
-
-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
-	{
-	ERR_STRING_DATA *p;
-	LHASH_OF(ERR_STRING_DATA) *hash;
-
-	err_fns_check();
-	hash = ERRFN(err_get)(1);
-	if (!hash)
-		return NULL;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	p = lh_ERR_STRING_DATA_insert(hash, d);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-	return p;
-	}
-
-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
-	{
-	ERR_STRING_DATA *p;
-	LHASH_OF(ERR_STRING_DATA) *hash;
-
-	err_fns_check();
-	hash = ERRFN(err_get)(0);
-	if (!hash)
-		return NULL;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	p = lh_ERR_STRING_DATA_delete(hash, d);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-	return p;
-	}
-
-static unsigned long err_state_hash(const ERR_STATE *a)
-	{
-	return CRYPTO_THREADID_hash(&a->tid) * 13;
-	}
-static IMPLEMENT_LHASH_HASH_FN(err_state, ERR_STATE)
-
-static int err_state_cmp(const ERR_STATE *a, const ERR_STATE *b)
-	{
-	return CRYPTO_THREADID_cmp(&a->tid, &b->tid);
-	}
-static IMPLEMENT_LHASH_COMP_FN(err_state, ERR_STATE)
-
-static LHASH_OF(ERR_STATE) *int_thread_get(int create)
-	{
-	LHASH_OF(ERR_STATE) *ret = NULL;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	if (!int_thread_hash && create)
-		{
-		CRYPTO_push_info("int_thread_get (err.c)");
-		int_thread_hash = lh_ERR_STATE_new();
-		CRYPTO_pop_info();
-		}
-	if (int_thread_hash)
-		{
-		int_thread_hash_references++;
-		ret = int_thread_hash;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-	return ret;
-	}
-
-static void int_thread_release(LHASH_OF(ERR_STATE) **hash)
-	{
-	int i;
-
-	if (hash == NULL || *hash == NULL)
-		return;
-
-	i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
-
-#ifdef REF_PRINT
-	fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"int_thread_release, bad reference count\n");
-		abort(); /* ok */
-		}
-#endif
-	*hash = NULL;
-	}
-
-static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
-	{
-	ERR_STATE *p;
-	LHASH_OF(ERR_STATE) *hash;
-
-	err_fns_check();
-	hash = ERRFN(thread_get)(0);
-	if (!hash)
-		return NULL;
-
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-	p = lh_ERR_STATE_retrieve(hash, d);
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-
-	ERRFN(thread_release)(&hash);
-	return p;
-	}
-
-static ERR_STATE *int_thread_set_item(ERR_STATE *d)
-	{
-	ERR_STATE *p;
-	LHASH_OF(ERR_STATE) *hash;
-
-	err_fns_check();
-	hash = ERRFN(thread_get)(1);
-	if (!hash)
-		return NULL;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	p = lh_ERR_STATE_insert(hash, d);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-	ERRFN(thread_release)(&hash);
-	return p;
-	}
-
-static void int_thread_del_item(const ERR_STATE *d)
-	{
-	ERR_STATE *p;
-	LHASH_OF(ERR_STATE) *hash;
-
-	err_fns_check();
-	hash = ERRFN(thread_get)(0);
-	if (!hash)
-		return;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	p = lh_ERR_STATE_delete(hash, d);
-	/* make sure we don't leak memory */
-	if (int_thread_hash_references == 1
-	    && int_thread_hash && lh_ERR_STATE_num_items(int_thread_hash) == 0)
-		{
-		lh_ERR_STATE_free(int_thread_hash);
-		int_thread_hash = NULL;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-	ERRFN(thread_release)(&hash);
-	if (p)
-		ERR_STATE_free(p);
-	}
-
-static int int_err_get_next_lib(void)
-	{
-	int ret;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	ret = int_err_library_number++;
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-	return ret;
-	}
-
-
-#ifndef OPENSSL_NO_ERR
-#define NUM_SYS_STR_REASONS 127
-#define LEN_SYS_STR_REASON 32
-
-static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
-/* SYS_str_reasons is filled with copies of strerror() results at
- * initialization.
- * 'errno' values up to 127 should cover all usual errors,
- * others will be displayed numerically by ERR_error_string.
- * It is crucial that we have something for each reason code
- * that occurs in ERR_str_reasons, or bogus reason strings
- * will be returned for SYSerr(), which always gets an errno
- * value and never one of those 'standard' reason codes. */
-
-static void build_SYS_str_reasons(void)
-	{
-	/* OPENSSL_malloc cannot be used here, use static storage instead */
-	static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
-	int i;
-	static int init = 1;
-
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-	if (!init)
-		{
-		CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-		return;
-		}
-	
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	if (!init)
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-		return;
-		}
-
-	for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
-		{
-		ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
-
-		str->error = (unsigned long)i;
-		if (str->string == NULL)
-			{
-			char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
-			char *src = strerror(i);
-			if (src != NULL)
-				{
-				strncpy(*dest, src, sizeof *dest);
-				(*dest)[sizeof *dest - 1] = '\0';
-				str->string = *dest;
-				}
-			}
-		if (str->string == NULL)
-			str->string = "unknown";
-		}
-
-	/* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},
-	 * as required by ERR_load_strings. */
-
-	init = 0;
-	
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-	}
-#endif
-
-#define err_clear_data(p,i) \
-	do { \
-	if (((p)->err_data[i] != NULL) && \
-		(p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
-		{  \
-		OPENSSL_free((p)->err_data[i]); \
-		(p)->err_data[i]=NULL; \
-		} \
-	(p)->err_data_flags[i]=0; \
-	} while(0)
-
-#define err_clear(p,i) \
-	do { \
-	(p)->err_flags[i]=0; \
-	(p)->err_buffer[i]=0; \
-	err_clear_data(p,i); \
-	(p)->err_file[i]=NULL; \
-	(p)->err_line[i]= -1; \
-	} while(0)
-
-static void ERR_STATE_free(ERR_STATE *s)
-	{
-	int i;
-
-	if (s == NULL)
-	    return;
-
-	for (i=0; i<ERR_NUM_ERRORS; i++)
-		{
-		err_clear_data(s,i);
-		}
-	OPENSSL_free(s);
-	}
-
-void ERR_load_ERR_strings(void)
-	{
-	err_fns_check();
-#ifndef OPENSSL_NO_ERR
-	err_load_strings(0,ERR_str_libraries);
-	err_load_strings(0,ERR_str_reasons);
-	err_load_strings(ERR_LIB_SYS,ERR_str_functs);
-	build_SYS_str_reasons();
-	err_load_strings(ERR_LIB_SYS,SYS_str_reasons);
-#endif
-	}
-
-static void err_load_strings(int lib, ERR_STRING_DATA *str)
-	{
-	while (str->error)
-		{
-		if (lib)
-			str->error|=ERR_PACK(lib,0,0);
-		ERRFN(err_set_item)(str);
-		str++;
-		}
-	}
-
-void ERR_load_strings(int lib, ERR_STRING_DATA *str)
-	{
-	ERR_load_ERR_strings();
-	err_load_strings(lib, str);
-	}
-
-void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
-	{
-	while (str->error)
-		{
-		if (lib)
-			str->error|=ERR_PACK(lib,0,0);
-		ERRFN(err_del_item)(str);
-		str++;
-		}
-	}
-
-void ERR_free_strings(void)
-	{
-	err_fns_check();
-	ERRFN(err_del)();
-	}
-
-/********************************************************/
-
-void ERR_put_error(int lib, int func, int reason, const char *file,
-	     int line)
-	{
-	ERR_STATE *es;
-
-#ifdef _OSD_POSIX
-	/* In the BS2000-OSD POSIX subsystem, the compiler generates
-	 * path names in the form "*POSIX(/etc/passwd)".
-	 * This dirty hack strips them to something sensible.
-	 * @@@ We shouldn't modify a const string, though.
-	 */
-	if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) {
-		char *end;
-
-		/* Skip the "*POSIX(" prefix */
-		file += sizeof("*POSIX(")-1;
-		end = &file[strlen(file)-1];
-		if (*end == ')')
-			*end = '\0';
-		/* Optional: use the basename of the path only. */
-		if ((end = strrchr(file, '/')) != NULL)
-			file = &end[1];
-	}
-#endif
-	es=ERR_get_state();
-
-	es->top=(es->top+1)%ERR_NUM_ERRORS;
-	if (es->top == es->bottom)
-		es->bottom=(es->bottom+1)%ERR_NUM_ERRORS;
-	es->err_flags[es->top]=0;
-	es->err_buffer[es->top]=ERR_PACK(lib,func,reason);
-	es->err_file[es->top]=file;
-	es->err_line[es->top]=line;
-	err_clear_data(es,es->top);
-	}
-
-void ERR_clear_error(void)
-	{
-	int i;
-	ERR_STATE *es;
-
-	es=ERR_get_state();
-
-	for (i=0; i<ERR_NUM_ERRORS; i++)
-		{
-		err_clear(es,i);
-		}
-	es->top=es->bottom=0;
-	}
-
-
-unsigned long ERR_get_error(void)
-	{ return(get_error_values(1,0,NULL,NULL,NULL,NULL)); }
-
-unsigned long ERR_get_error_line(const char **file,
-	     int *line)
-	{ return(get_error_values(1,0,file,line,NULL,NULL)); }
-
-unsigned long ERR_get_error_line_data(const char **file, int *line,
-	     const char **data, int *flags)
-	{ return(get_error_values(1,0,file,line,data,flags)); }
-
-
-unsigned long ERR_peek_error(void)
-	{ return(get_error_values(0,0,NULL,NULL,NULL,NULL)); }
-
-unsigned long ERR_peek_error_line(const char **file, int *line)
-	{ return(get_error_values(0,0,file,line,NULL,NULL)); }
-
-unsigned long ERR_peek_error_line_data(const char **file, int *line,
-	     const char **data, int *flags)
-	{ return(get_error_values(0,0,file,line,data,flags)); }
-
-
-unsigned long ERR_peek_last_error(void)
-	{ return(get_error_values(0,1,NULL,NULL,NULL,NULL)); }
-
-unsigned long ERR_peek_last_error_line(const char **file, int *line)
-	{ return(get_error_values(0,1,file,line,NULL,NULL)); }
-
-unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
-	     const char **data, int *flags)
-	{ return(get_error_values(0,1,file,line,data,flags)); }
-
-
-static unsigned long get_error_values(int inc, int top, const char **file, int *line,
-	     const char **data, int *flags)
-	{	
-	int i=0;
-	ERR_STATE *es;
-	unsigned long ret;
-
-	es=ERR_get_state();
-
-	if (inc && top)
-		{
-		if (file) *file = "";
-		if (line) *line = 0;
-		if (data) *data = "";
-		if (flags) *flags = 0;
-			
-		return ERR_R_INTERNAL_ERROR;
-		}
-
-	if (es->bottom == es->top) return 0;
-	if (top)
-		i=es->top;			 /* last error */
-	else
-		i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */
-
-	ret=es->err_buffer[i];
-	if (inc)
-		{
-		es->bottom=i;
-		es->err_buffer[i]=0;
-		}
-
-	if ((file != NULL) && (line != NULL))
-		{
-		if (es->err_file[i] == NULL)
-			{
-			*file="NA";
-			if (line != NULL) *line=0;
-			}
-		else
-			{
-			*file=es->err_file[i];
-			if (line != NULL) *line=es->err_line[i];
-			}
-		}
-
-	if (data == NULL)
-		{
-		if (inc)
-			{
-			err_clear_data(es, i);
-			}
-		}
-	else
-		{
-		if (es->err_data[i] == NULL)
-			{
-			*data="";
-			if (flags != NULL) *flags=0;
-			}
-		else
-			{
-			*data=es->err_data[i];
-			if (flags != NULL) *flags=es->err_data_flags[i];
-			}
-		}
-	return ret;
-	}
-
-void ERR_error_string_n(unsigned long e, char *buf, size_t len)
-	{
-	char lsbuf[64], fsbuf[64], rsbuf[64];
-	const char *ls,*fs,*rs;
-	unsigned long l,f,r;
-
-	l=ERR_GET_LIB(e);
-	f=ERR_GET_FUNC(e);
-	r=ERR_GET_REASON(e);
-
-	ls=ERR_lib_error_string(e);
-	fs=ERR_func_error_string(e);
-	rs=ERR_reason_error_string(e);
-
-	if (ls == NULL) 
-		BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
-	if (fs == NULL)
-		BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
-	if (rs == NULL)
-		BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
-
-	BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, 
-		fs?fs:fsbuf, rs?rs:rsbuf);
-	if (strlen(buf) == len-1)
-		{
-		/* output may be truncated; make sure we always have 5 
-		 * colon-separated fields, i.e. 4 colons ... */
-#define NUM_COLONS 4
-		if (len > NUM_COLONS) /* ... if possible */
-			{
-			int i;
-			char *s = buf;
-			
-			for (i = 0; i < NUM_COLONS; i++)
-				{
-				char *colon = strchr(s, ':');
-				if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
-					{
-					/* set colon no. i at last possible position
-					 * (buf[len-1] is the terminating 0)*/
-					colon = &buf[len-1] - NUM_COLONS + i;
-					*colon = ':';
-					}
-				s = colon + 1;
-				}
-			}
-		}
-	}
-
-/* BAD for multi-threading: uses a local buffer if ret == NULL */
-/* ERR_error_string_n should be used instead for ret != NULL
- * as ERR_error_string cannot know how large the buffer is */
-char *ERR_error_string(unsigned long e, char *ret)
-	{
-	static char buf[256];
-
-	if (ret == NULL) ret=buf;
-	ERR_error_string_n(e, ret, 256);
-
-	return ret;
-	}
-
-LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void)
-	{
-	err_fns_check();
-	return ERRFN(err_get)(0);
-	}
-
-LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void)
-	{
-	err_fns_check();
-	return ERRFN(thread_get)(0);
-	}
-
-void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash)
-	{
-	err_fns_check();
-	ERRFN(thread_release)(hash);
-	}
-
-const char *ERR_lib_error_string(unsigned long e)
-	{
-	ERR_STRING_DATA d,*p;
-	unsigned long l;
-
-	err_fns_check();
-	l=ERR_GET_LIB(e);
-	d.error=ERR_PACK(l,0,0);
-	p=ERRFN(err_get_item)(&d);
-	return((p == NULL)?NULL:p->string);
-	}
-
-const char *ERR_func_error_string(unsigned long e)
-	{
-	ERR_STRING_DATA d,*p;
-	unsigned long l,f;
-
-	err_fns_check();
-	l=ERR_GET_LIB(e);
-	f=ERR_GET_FUNC(e);
-	d.error=ERR_PACK(l,f,0);
-	p=ERRFN(err_get_item)(&d);
-	return((p == NULL)?NULL:p->string);
-	}
-
-const char *ERR_reason_error_string(unsigned long e)
-	{
-	ERR_STRING_DATA d,*p=NULL;
-	unsigned long l,r;
-
-	err_fns_check();
-	l=ERR_GET_LIB(e);
-	r=ERR_GET_REASON(e);
-	d.error=ERR_PACK(l,0,r);
-	p=ERRFN(err_get_item)(&d);
-	if (!p)
-		{
-		d.error=ERR_PACK(0,0,r);
-		p=ERRFN(err_get_item)(&d);
-		}
-	return((p == NULL)?NULL:p->string);
-	}
-
-void ERR_remove_thread_state(const CRYPTO_THREADID *id)
-	{
-	ERR_STATE tmp;
-
-	if (id)
-		CRYPTO_THREADID_cpy(&tmp.tid, id);
-	else
-		CRYPTO_THREADID_current(&tmp.tid);
-	err_fns_check();
-	/* thread_del_item automatically destroys the LHASH if the number of
-	 * items reaches zero. */
-	ERRFN(thread_del_item)(&tmp);
-	}
-
-#ifndef OPENSSL_NO_DEPRECATED
-void ERR_remove_state(unsigned long pid)
-	{
-	ERR_remove_thread_state(NULL);
-	}
-#endif
-
-ERR_STATE *ERR_get_state(void)
-	{
-	static ERR_STATE fallback;
-	ERR_STATE *ret,tmp,*tmpp=NULL;
-	int i;
-	CRYPTO_THREADID tid;
-
-	err_fns_check();
-	CRYPTO_THREADID_current(&tid);
-	CRYPTO_THREADID_cpy(&tmp.tid, &tid);
-	ret=ERRFN(thread_get_item)(&tmp);
-
-	/* ret == the error state, if NULL, make a new one */
-	if (ret == NULL)
-		{
-		ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
-		if (ret == NULL) return(&fallback);
-		CRYPTO_THREADID_cpy(&ret->tid, &tid);
-		ret->top=0;
-		ret->bottom=0;
-		for (i=0; i<ERR_NUM_ERRORS; i++)
-			{
-			ret->err_data[i]=NULL;
-			ret->err_data_flags[i]=0;
-			}
-		tmpp = ERRFN(thread_set_item)(ret);
-		/* To check if insertion failed, do a get. */
-		if (ERRFN(thread_get_item)(ret) != ret)
-			{
-			ERR_STATE_free(ret); /* could not insert it */
-			return(&fallback);
-			}
-		/* If a race occured in this function and we came second, tmpp
-		 * is the first one that we just replaced. */
-		if (tmpp)
-			ERR_STATE_free(tmpp);
-		}
-	return ret;
-	}
-
-int ERR_get_next_error_library(void)
-	{
-	err_fns_check();
-	return ERRFN(get_next_lib)();
-	}
-
-void ERR_set_error_data(char *data, int flags)
-	{
-	ERR_STATE *es;
-	int i;
-
-	es=ERR_get_state();
-
-	i=es->top;
-	if (i == 0)
-		i=ERR_NUM_ERRORS-1;
-
-	err_clear_data(es,i);
-	es->err_data[i]=data;
-	es->err_data_flags[i]=flags;
-	}
-
-void ERR_add_error_data(int num, ...)
-	{
-	va_list args;
-	va_start(args, num);
-	ERR_add_error_vdata(num, args);
-	va_end(args);
-	}
-
-void ERR_add_error_vdata(int num, va_list args)
-	{
-	int i,n,s;
-	char *str,*p,*a;
-
-	s=80;
-	str=OPENSSL_malloc(s+1);
-	if (str == NULL) return;
-	str[0]='\0';
-
-	n=0;
-	for (i=0; i<num; i++)
-		{
-		a=va_arg(args, char*);
-		/* ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */
-		if (a != NULL)
-			{
-			n+=strlen(a);
-			if (n > s)
-				{
-				s=n+20;
-				p=OPENSSL_realloc(str,s+1);
-				if (p == NULL)
-					{
-					OPENSSL_free(str);
-					return;
-					}
-				else
-					str=p;
-				}
-			BUF_strlcat(str,a,(size_t)s+1);
-			}
-		}
-	ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
-	}
-
-int ERR_set_mark(void)
-	{
-	ERR_STATE *es;
-
-	es=ERR_get_state();
-
-	if (es->bottom == es->top) return 0;
-	es->err_flags[es->top]|=ERR_FLAG_MARK;
-	return 1;
-	}
-
-int ERR_pop_to_mark(void)
-	{
-	ERR_STATE *es;
-
-	es=ERR_get_state();
-
-	while(es->bottom != es->top
-		&& (es->err_flags[es->top] & ERR_FLAG_MARK) == 0)
-		{
-		err_clear(es,es->top);
-		es->top-=1;
-		if (es->top == -1) es->top=ERR_NUM_ERRORS-1;
-		}
-		
-	if (es->bottom == es->top) return 0;
-	es->err_flags[es->top]&=~ERR_FLAG_MARK;
-	return 1;
-	}
diff --git a/crypto/err/err.h b/crypto/err/err.h
deleted file mode 100644
index 974cc9cc6f..0000000000
--- a/crypto/err/err.h
+++ /dev/null
@@ -1,386 +0,0 @@
-/* crypto/err/err.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ERR_H
-#define HEADER_ERR_H
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h>
-#include <stdlib.h>
-#endif
-
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_LHASH
-#include <openssl/lhash.h>
-#endif
-
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-#ifndef OPENSSL_NO_ERR
-#define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,d,e)
-#else
-#define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,NULL,0)
-#endif
-
-#include <errno.h>
-
-#define ERR_TXT_MALLOCED	0x01
-#define ERR_TXT_STRING		0x02
-
-#define ERR_FLAG_MARK		0x01
-
-#define ERR_NUM_ERRORS	16
-typedef struct err_state_st
-	{
-	CRYPTO_THREADID tid;
-	int err_flags[ERR_NUM_ERRORS];
-	unsigned long err_buffer[ERR_NUM_ERRORS];
-	char *err_data[ERR_NUM_ERRORS];
-	int err_data_flags[ERR_NUM_ERRORS];
-	const char *err_file[ERR_NUM_ERRORS];
-	int err_line[ERR_NUM_ERRORS];
-	int top,bottom;
-	} ERR_STATE;
-
-/* library */
-#define ERR_LIB_NONE		1
-#define ERR_LIB_SYS		2
-#define ERR_LIB_BN		3
-#define ERR_LIB_RSA		4
-#define ERR_LIB_DH		5
-#define ERR_LIB_EVP		6
-#define ERR_LIB_BUF		7
-#define ERR_LIB_OBJ		8
-#define ERR_LIB_PEM		9
-#define ERR_LIB_DSA		10
-#define ERR_LIB_X509		11
-/* #define ERR_LIB_METH         12 */
-#define ERR_LIB_ASN1		13
-#define ERR_LIB_CONF		14
-#define ERR_LIB_CRYPTO		15
-#define ERR_LIB_EC		16
-#define ERR_LIB_SSL		20
-/* #define ERR_LIB_SSL23        21 */
-/* #define ERR_LIB_SSL2         22 */
-/* #define ERR_LIB_SSL3         23 */
-/* #define ERR_LIB_RSAREF       30 */
-/* #define ERR_LIB_PROXY        31 */
-#define ERR_LIB_BIO		32
-#define ERR_LIB_PKCS7		33
-#define ERR_LIB_X509V3		34
-#define ERR_LIB_PKCS12		35
-#define ERR_LIB_RAND		36
-#define ERR_LIB_DSO		37
-#define ERR_LIB_ENGINE		38
-#define ERR_LIB_OCSP            39
-#define ERR_LIB_UI              40
-#define ERR_LIB_COMP            41
-#define ERR_LIB_ECDSA		42
-#define ERR_LIB_ECDH		43
-#define ERR_LIB_STORE           44
-#define ERR_LIB_FIPS		45
-#define ERR_LIB_CMS		46
-#define ERR_LIB_TS		47
-#define ERR_LIB_HMAC		48
-#define ERR_LIB_JPAKE		49
-
-#define ERR_LIB_USER		128
-
-#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
-#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
-#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
-#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
-#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
-#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
-#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
-#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
-#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
-#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
-#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
-#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
-#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
-#define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
-#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
-#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
-#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
-#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
-#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
-#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
-#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
-#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
-#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
-#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
-#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
-#define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
-#define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
-#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
-#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
-#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
-#define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
-#define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
-#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
-
-/* Borland C seems too stupid to be able to shift and do longs in
- * the pre-processor :-( */
-#define ERR_PACK(l,f,r)		(((((unsigned long)l)&0xffL)*0x1000000)| \
-				((((unsigned long)f)&0xfffL)*0x1000)| \
-				((((unsigned long)r)&0xfffL)))
-#define ERR_GET_LIB(l)		(int)((((unsigned long)l)>>24L)&0xffL)
-#define ERR_GET_FUNC(l)		(int)((((unsigned long)l)>>12L)&0xfffL)
-#define ERR_GET_REASON(l)	(int)((l)&0xfffL)
-#define ERR_FATAL_ERROR(l)	(int)((l)&ERR_R_FATAL)
-
-
-/* OS functions */
-#define SYS_F_FOPEN		1
-#define SYS_F_CONNECT		2
-#define SYS_F_GETSERVBYNAME	3
-#define SYS_F_SOCKET		4
-#define SYS_F_IOCTLSOCKET	5
-#define SYS_F_BIND		6
-#define SYS_F_LISTEN		7
-#define SYS_F_ACCEPT		8
-#define SYS_F_WSASTARTUP	9 /* Winsock stuff */
-#define SYS_F_OPENDIR		10
-#define SYS_F_FREAD		11
-
-
-/* reasons */
-#define ERR_R_SYS_LIB	ERR_LIB_SYS       /* 2 */
-#define ERR_R_BN_LIB	ERR_LIB_BN        /* 3 */
-#define ERR_R_RSA_LIB	ERR_LIB_RSA       /* 4 */
-#define ERR_R_DH_LIB	ERR_LIB_DH        /* 5 */
-#define ERR_R_EVP_LIB	ERR_LIB_EVP       /* 6 */
-#define ERR_R_BUF_LIB	ERR_LIB_BUF       /* 7 */
-#define ERR_R_OBJ_LIB	ERR_LIB_OBJ       /* 8 */
-#define ERR_R_PEM_LIB	ERR_LIB_PEM       /* 9 */
-#define ERR_R_DSA_LIB	ERR_LIB_DSA      /* 10 */
-#define ERR_R_X509_LIB	ERR_LIB_X509     /* 11 */
-#define ERR_R_ASN1_LIB	ERR_LIB_ASN1     /* 13 */
-#define ERR_R_CONF_LIB	ERR_LIB_CONF     /* 14 */
-#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO  /* 15 */
-#define ERR_R_EC_LIB	ERR_LIB_EC       /* 16 */
-#define ERR_R_SSL_LIB	ERR_LIB_SSL      /* 20 */
-#define ERR_R_BIO_LIB	ERR_LIB_BIO      /* 32 */
-#define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7    /* 33 */
-#define ERR_R_X509V3_LIB ERR_LIB_X509V3  /* 34 */
-#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12  /* 35 */
-#define ERR_R_RAND_LIB	ERR_LIB_RAND     /* 36 */
-#define ERR_R_DSO_LIB	ERR_LIB_DSO      /* 37 */
-#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE  /* 38 */
-#define ERR_R_OCSP_LIB  ERR_LIB_OCSP     /* 39 */
-#define ERR_R_UI_LIB    ERR_LIB_UI       /* 40 */
-#define ERR_R_COMP_LIB	ERR_LIB_COMP     /* 41 */
-#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA	 /* 42 */
-#define ERR_R_ECDH_LIB  ERR_LIB_ECDH	 /* 43 */
-#define ERR_R_STORE_LIB ERR_LIB_STORE    /* 44 */
-#define ERR_R_TS_LIB	ERR_LIB_TS       /* 45 */
-
-#define ERR_R_NESTED_ASN1_ERROR			58
-#define ERR_R_BAD_ASN1_OBJECT_HEADER		59
-#define ERR_R_BAD_GET_ASN1_OBJECT_CALL		60
-#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE	61
-#define ERR_R_ASN1_LENGTH_MISMATCH		62
-#define ERR_R_MISSING_ASN1_EOS			63
-
-/* fatal error */
-#define ERR_R_FATAL				64
-#define	ERR_R_MALLOC_FAILURE			(1|ERR_R_FATAL)
-#define	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	(2|ERR_R_FATAL)
-#define	ERR_R_PASSED_NULL_PARAMETER		(3|ERR_R_FATAL)
-#define	ERR_R_INTERNAL_ERROR			(4|ERR_R_FATAL)
-#define	ERR_R_DISABLED				(5|ERR_R_FATAL)
-
-/* 99 is the maximum possible ERR_R_... code, higher values
- * are reserved for the individual libraries */
-
-
-typedef struct ERR_string_data_st
-	{
-	unsigned long error;
-	const char *string;
-	} ERR_STRING_DATA;
-
-void ERR_put_error(int lib, int func,int reason,const char *file,int line);
-void ERR_set_error_data(char *data,int flags);
-
-unsigned long ERR_get_error(void);
-unsigned long ERR_get_error_line(const char **file,int *line);
-unsigned long ERR_get_error_line_data(const char **file,int *line,
-				      const char **data, int *flags);
-unsigned long ERR_peek_error(void);
-unsigned long ERR_peek_error_line(const char **file,int *line);
-unsigned long ERR_peek_error_line_data(const char **file,int *line,
-				       const char **data,int *flags);
-unsigned long ERR_peek_last_error(void);
-unsigned long ERR_peek_last_error_line(const char **file,int *line);
-unsigned long ERR_peek_last_error_line_data(const char **file,int *line,
-				       const char **data,int *flags);
-void ERR_clear_error(void );
-char *ERR_error_string(unsigned long e,char *buf);
-void ERR_error_string_n(unsigned long e, char *buf, size_t len);
-const char *ERR_lib_error_string(unsigned long e);
-const char *ERR_func_error_string(unsigned long e);
-const char *ERR_reason_error_string(unsigned long e);
-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
-			 void *u);
-#ifndef OPENSSL_NO_FP_API
-void ERR_print_errors_fp(FILE *fp);
-#endif
-#ifndef OPENSSL_NO_BIO
-void ERR_print_errors(BIO *bp);
-#endif
-void ERR_add_error_data(int num, ...);
-void ERR_add_error_vdata(int num, va_list args);
-void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
-void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
-void ERR_load_ERR_strings(void);
-void ERR_load_crypto_strings(void);
-void ERR_free_strings(void);
-
-void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
-#ifndef OPENSSL_NO_DEPRECATED
-void ERR_remove_state(unsigned long pid); /* if zero we look it up */
-#endif
-ERR_STATE *ERR_get_state(void);
-
-#ifndef OPENSSL_NO_LHASH
-LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);
-LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void);
-void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash);
-#endif
-
-int ERR_get_next_error_library(void);
-
-int ERR_set_mark(void);
-int ERR_pop_to_mark(void);
-
-/* Already defined in ossl_typ.h */
-/* typedef struct st_ERR_FNS ERR_FNS; */
-/* An application can use this function and provide the return value to loaded
- * modules that should use the application's ERR state/functionality */
-const ERR_FNS *ERR_get_implementation(void);
-/* A loaded module should call this function prior to any ERR operations using
- * the application's "ERR_FNS". */
-int ERR_set_implementation(const ERR_FNS *fns);
-
-#ifdef	__cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
deleted file mode 100644
index 8eb547d98d..0000000000
--- a/crypto/err/err_all.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/* crypto/err/err_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/asn1.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/pem2.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/conf.h>
-#include <openssl/pkcs12.h>
-#include <openssl/rand.h>
-#include <openssl/dso.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/ui.h>
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-#include <openssl/ts.h>
-#ifndef OPENSSL_NO_CMS
-#include <openssl/cms.h>
-#endif
-#ifndef OPENSSL_NO_JPAKE
-#include <openssl/jpake.h>
-#endif
-
-void ERR_load_crypto_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-	ERR_load_ERR_strings(); /* include error strings for SYSerr */
-	ERR_load_BN_strings();
-#ifndef OPENSSL_NO_RSA
-	ERR_load_RSA_strings();
-#endif
-#ifndef OPENSSL_NO_DH
-	ERR_load_DH_strings();
-#endif
-	ERR_load_EVP_strings();
-	ERR_load_BUF_strings();
-	ERR_load_OBJ_strings();
-	ERR_load_PEM_strings();
-#ifndef OPENSSL_NO_DSA
-	ERR_load_DSA_strings();
-#endif
-	ERR_load_X509_strings();
-	ERR_load_ASN1_strings();
-	ERR_load_CONF_strings();
-	ERR_load_CRYPTO_strings();
-#ifndef OPENSSL_NO_COMP
-	ERR_load_COMP_strings();
-#endif
-#ifndef OPENSSL_NO_EC
-	ERR_load_EC_strings();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	ERR_load_ECDSA_strings();
-#endif
-#ifndef OPENSSL_NO_ECDH
-	ERR_load_ECDH_strings();
-#endif
-	/* skip ERR_load_SSL_strings() because it is not in this library */
-	ERR_load_BIO_strings();
-	ERR_load_PKCS7_strings();	
-	ERR_load_X509V3_strings();
-	ERR_load_PKCS12_strings();
-	ERR_load_RAND_strings();
-	ERR_load_DSO_strings();
-	ERR_load_TS_strings();
-#ifndef OPENSSL_NO_ENGINE
-	ERR_load_ENGINE_strings();
-#endif
-	ERR_load_OCSP_strings();
-	ERR_load_UI_strings();
-#ifdef OPENSSL_FIPS
-	ERR_load_FIPS_strings();
-#endif
-#ifndef OPENSSL_NO_CMS
-	ERR_load_CMS_strings();
-#endif
-#ifndef OPENSSL_NO_JPAKE
-	ERR_load_JPAKE_strings();
-#endif
-#endif
-	}
diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c
deleted file mode 100644
index a0168ac8ed..0000000000
--- a/crypto/err/err_prn.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/* crypto/err/err_prn.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
-			 void *u)
-	{
-	unsigned long l;
-	char buf[256];
-	char buf2[4096];
-	const char *file,*data;
-	int line,flags;
-	unsigned long es;
-	CRYPTO_THREADID cur;
-
-	CRYPTO_THREADID_current(&cur);
-	es=CRYPTO_THREADID_hash(&cur);
-	while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
-		{
-		ERR_error_string_n(l, buf, sizeof buf);
-		BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
-			file, line, (flags & ERR_TXT_STRING) ? data : "");
-		if (cb(buf2, strlen(buf2), u) <= 0)
-			break; /* abort outputting the error report */
-		}
-	}
-
-#ifndef OPENSSL_NO_FP_API
-static int print_fp(const char *str, size_t len, void *fp)
-	{
-	BIO bio;
-
-	BIO_set(&bio,BIO_s_file());
-	BIO_set_fp(&bio,fp,BIO_NOCLOSE);
-
-	return BIO_printf(&bio, "%s", str);
-	}
-void ERR_print_errors_fp(FILE *fp)
-	{
-	ERR_print_errors_cb(print_fp, fp);
-	}
-#endif
-
-static int print_bio(const char *str, size_t len, void *bp)
-	{
-	return BIO_write((BIO *)bp, str, len);
-	}
-void ERR_print_errors(BIO *bp)
-	{
-	ERR_print_errors_cb(print_bio, bp);
-	}
-
-	
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
deleted file mode 100644
index bafbc35d30..0000000000
--- a/crypto/err/openssl.ec
+++ /dev/null
@@ -1,97 +0,0 @@
-# crypto/err/openssl.ec
-
-# configuration file for util/mkerr.pl
-
-# files that may have to be rewritten by util/mkerr.pl
-L ERR		NONE				NONE
-L BN		crypto/bn/bn.h			crypto/bn/bn_err.c
-L RSA		crypto/rsa/rsa.h		crypto/rsa/rsa_err.c
-L DH		crypto/dh/dh.h			crypto/dh/dh_err.c
-L EVP		crypto/evp/evp.h		crypto/evp/evp_err.c
-L BUF		crypto/buffer/buffer.h		crypto/buffer/buf_err.c
-L OBJ		crypto/objects/objects.h	crypto/objects/obj_err.c
-L PEM		crypto/pem/pem.h		crypto/pem/pem_err.c
-L DSA		crypto/dsa/dsa.h		crypto/dsa/dsa_err.c
-L X509		crypto/x509/x509.h		crypto/x509/x509_err.c
-L ASN1		crypto/asn1/asn1.h		crypto/asn1/asn1_err.c
-L CONF		crypto/conf/conf.h		crypto/conf/conf_err.c
-L CRYPTO	crypto/crypto.h			crypto/cpt_err.c
-L EC		crypto/ec/ec.h			crypto/ec/ec_err.c
-L SSL		ssl/ssl.h			ssl/ssl_err.c
-L BIO		crypto/bio/bio.h		crypto/bio/bio_err.c
-L PKCS7		crypto/pkcs7/pkcs7.h		crypto/pkcs7/pkcs7err.c
-L X509V3	crypto/x509v3/x509v3.h		crypto/x509v3/v3err.c
-L PKCS12	crypto/pkcs12/pkcs12.h		crypto/pkcs12/pk12err.c
-L RAND		crypto/rand/rand.h		crypto/rand/rand_err.c
-L DSO		crypto/dso/dso.h		crypto/dso/dso_err.c
-L ENGINE	crypto/engine/engine.h		crypto/engine/eng_err.c
-L OCSP		crypto/ocsp/ocsp.h		crypto/ocsp/ocsp_err.c
-L UI		crypto/ui/ui.h			crypto/ui/ui_err.c
-L COMP		crypto/comp/comp.h		crypto/comp/comp_err.c
-L ECDSA		crypto/ecdsa/ecdsa.h		crypto/ecdsa/ecs_err.c
-L ECDH		crypto/ecdh/ecdh.h		crypto/ecdh/ech_err.c
-L STORE		crypto/store/store.h		crypto/store/str_err.c
-L TS		crypto/ts/ts.h			crypto/ts/ts_err.c
-L HMAC		crypto/hmac/hmac.h		crypto/hmac/hmac_err.c
-L CMS		crypto/cms/cms.h		crypto/cms/cms_err.c
-L JPAKE		crypto/jpake/jpake.h		crypto/jpake/jpake_err.c
-
-# additional header files to be scanned for function names
-L NONE		crypto/x509/x509_vfy.h		NONE
-L NONE		crypto/ec/ec_lcl.h		NONE
-L NONE		crypto/asn1/asn_lcl.h		NONE
-L NONE		crypto/cms/cms_lcl.h		NONE
-
-
-F RSAREF_F_RSA_BN2BIN
-F RSAREF_F_RSA_PRIVATE_DECRYPT
-F RSAREF_F_RSA_PRIVATE_ENCRYPT
-F RSAREF_F_RSA_PUBLIC_DECRYPT
-F RSAREF_F_RSA_PUBLIC_ENCRYPT
-#F SSL_F_CLIENT_CERTIFICATE
-
-R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		1010
-R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		1020
-R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		1021
-R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		1022
-R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE	1030
-R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		1040
-R SSL_R_SSLV3_ALERT_NO_CERTIFICATE		1041
-R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		1042
-R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	1043
-R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		1044
-R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		1045
-R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		1046
-R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		1047
-R SSL_R_TLSV1_ALERT_UNKNOWN_CA			1048
-R SSL_R_TLSV1_ALERT_ACCESS_DENIED		1049
-R SSL_R_TLSV1_ALERT_DECODE_ERROR		1050
-R SSL_R_TLSV1_ALERT_DECRYPT_ERROR		1051
-R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		1060
-R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		1070
-R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071
-R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080
-R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK	1086
-R SSL_R_TLSV1_ALERT_USER_CANCELLED		1090
-R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100
-R SSL_R_TLSV1_UNSUPPORTED_EXTENSION		1110
-R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE		1111
-R SSL_R_TLSV1_UNRECOGNIZED_NAME			1112
-R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE	1113
-R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE	1114
-
-R RSAREF_R_CONTENT_ENCODING			0x0400
-R RSAREF_R_DATA					0x0401
-R RSAREF_R_DIGEST_ALGORITHM			0x0402
-R RSAREF_R_ENCODING				0x0403
-R RSAREF_R_KEY					0x0404
-R RSAREF_R_KEY_ENCODING				0x0405
-R RSAREF_R_LEN					0x0406
-R RSAREF_R_MODULUS_LEN				0x0407
-R RSAREF_R_NEED_RANDOM				0x0408
-R RSAREF_R_PRIVATE_KEY				0x0409
-R RSAREF_R_PUBLIC_KEY				0x040a
-R RSAREF_R_SIGNATURE				0x040b
-R RSAREF_R_SIGNATURE_ENCODING			0x040c
-R RSAREF_R_ENCRYPTION_ALGORITHM			0x040d
-
diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c
deleted file mode 100644
index 16863fe23f..0000000000
--- a/crypto/evp/bio_b64.c
+++ /dev/null
@@ -1,599 +0,0 @@
-/* crypto/evp/bio_b64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-static int b64_write(BIO *h, const char *buf, int num);
-static int b64_read(BIO *h, char *buf, int size);
-static int b64_puts(BIO *h, const char *str);
-/*static int b64_gets(BIO *h, char *str, int size); */
-static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int b64_new(BIO *h);
-static int b64_free(BIO *data);
-static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
-#define B64_BLOCK_SIZE	1024
-#define B64_BLOCK_SIZE2	768
-#define B64_NONE	0
-#define B64_ENCODE	1
-#define B64_DECODE	2
-
-typedef struct b64_struct
-	{
-	/*BIO *bio; moved to the BIO structure */
-	int buf_len;
-	int buf_off;
-	int tmp_len;		/* used to find the start when decoding */
-	int tmp_nl;		/* If true, scan until '\n' */
-	int encode;
-	int start;		/* have we started decoding yet? */
-	int cont;		/* <= 0 when finished */
-	EVP_ENCODE_CTX base64;
-	char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10];
-	char tmp[B64_BLOCK_SIZE];
-	} BIO_B64_CTX;
-
-static BIO_METHOD methods_b64=
-	{
-	BIO_TYPE_BASE64,"base64 encoding",
-	b64_write,
-	b64_read,
-	b64_puts,
-	NULL, /* b64_gets, */
-	b64_ctrl,
-	b64_new,
-	b64_free,
-	b64_callback_ctrl,
-	};
-
-BIO_METHOD *BIO_f_base64(void)
-	{
-	return(&methods_b64);
-	}
-
-static int b64_new(BIO *bi)
-	{
-	BIO_B64_CTX *ctx;
-
-	ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX));
-	if (ctx == NULL) return(0);
-
-	ctx->buf_len=0;
-	ctx->tmp_len=0;
-	ctx->tmp_nl=0;
-	ctx->buf_off=0;
-	ctx->cont=1;
-	ctx->start=1;
-	ctx->encode=0;
-
-	bi->init=1;
-	bi->ptr=(char *)ctx;
-	bi->flags=0;
-	bi->num = 0;
-	return(1);
-	}
-
-static int b64_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
-static int b64_read(BIO *b, char *out, int outl)
-	{
-	int ret=0,i,ii,j,k,x,n,num,ret_code=0;
-	BIO_B64_CTX *ctx;
-	unsigned char *p,*q;
-
-	if (out == NULL) return(0);
-	ctx=(BIO_B64_CTX *)b->ptr;
-
-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-	BIO_clear_retry_flags(b);
-
-	if (ctx->encode != B64_DECODE)
-		{
-		ctx->encode=B64_DECODE;
-		ctx->buf_len=0;
-		ctx->buf_off=0;
-		ctx->tmp_len=0;
-		EVP_DecodeInit(&(ctx->base64));
-		}
-
-	/* First check if there are bytes decoded/encoded */
-	if (ctx->buf_len > 0)
-		{
-		OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-		i=ctx->buf_len-ctx->buf_off;
-		if (i > outl) i=outl;
-		OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
-		memcpy(out,&(ctx->buf[ctx->buf_off]),i);
-		ret=i;
-		out+=i;
-		outl-=i;
-		ctx->buf_off+=i;
-		if (ctx->buf_len == ctx->buf_off)
-			{
-			ctx->buf_len=0;
-			ctx->buf_off=0;
-			}
-		}
-
-	/* At this point, we have room of outl bytes and an empty
-	 * buffer, so we should read in some more. */
-
-	ret_code=0;
-	while (outl > 0)
-		{
-		if (ctx->cont <= 0)
-			break;
-
-		i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
-			B64_BLOCK_SIZE-ctx->tmp_len);
-
-		if (i <= 0)
-			{
-			ret_code=i;
-
-			/* Should we continue next time we are called? */
-			if (!BIO_should_retry(b->next_bio))
-				{
-				ctx->cont=i;
-				/* If buffer empty break */
-				if(ctx->tmp_len == 0)
-					break;
-				/* Fall through and process what we have */
-				else
-					i = 0;
-				}
-			/* else we retry and add more data to buffer */
-			else
-				break;
-			}
-		i+=ctx->tmp_len;
-		ctx->tmp_len = i;
-
-		/* We need to scan, a line at a time until we
-		 * have a valid line if we are starting. */
-		if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL))
-			{
-			/* ctx->start=1; */
-			ctx->tmp_len=0;
-			}
-		else if (ctx->start)
-			{
-			q=p=(unsigned char *)ctx->tmp;
-			num = 0;
-			for (j=0; j<i; j++)
-				{
-				if (*(q++) != '\n') continue;
-
-				/* due to a previous very long line,
-				 * we need to keep on scanning for a '\n'
-				 * before we even start looking for
-				 * base64 encoded stuff. */
-				if (ctx->tmp_nl)
-					{
-					p=q;
-					ctx->tmp_nl=0;
-					continue;
-					}
-
-				k=EVP_DecodeUpdate(&(ctx->base64),
-					(unsigned char *)ctx->buf,
-					&num,p,q-p);
-				if ((k <= 0) && (num == 0) && (ctx->start))
-					EVP_DecodeInit(&ctx->base64);
-				else 
-					{
-					if (p != (unsigned char *)
-						&(ctx->tmp[0]))
-						{
-						i-=(p- (unsigned char *)
-							&(ctx->tmp[0]));
-						for (x=0; x < i; x++)
-							ctx->tmp[x]=p[x];
-						}
-					EVP_DecodeInit(&ctx->base64);
-					ctx->start=0;
-					break;
-					}
-				p=q;
-				}
-
-			/* we fell off the end without starting */
-			if ((j == i) && (num == 0))
-				{
-				/* Is this is one long chunk?, if so, keep on
-				 * reading until a new line. */
-				if (p == (unsigned char *)&(ctx->tmp[0]))
-					{
-					/* Check buffer full */
-					if (i == B64_BLOCK_SIZE)
-						{
-						ctx->tmp_nl=1;
-						ctx->tmp_len=0;
-						}
-					}
-				else if (p != q) /* finished on a '\n' */
-					{
-					n=q-p;
-					for (ii=0; ii<n; ii++)
-						ctx->tmp[ii]=p[ii];
-					ctx->tmp_len=n;
-					}
-				/* else finished on a '\n' */
-				continue;
-				}
-			else
-			{
-				ctx->tmp_len=0;
-			}
-		}
-		else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
-		{
-			/* If buffer isn't full and we can retry then
-			 * restart to read in more data.
-			 */
-			continue;
-		}
-
-		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
-			{
-			int z,jj;
-
-#if 0
-			jj=(i>>2)<<2;
-#else
-			jj = i & ~3; /* process per 4 */
-#endif
-			z=EVP_DecodeBlock((unsigned char *)ctx->buf,
-				(unsigned char *)ctx->tmp,jj);
-			if (jj > 2)
-				{
-				if (ctx->tmp[jj-1] == '=')
-					{
-					z--;
-					if (ctx->tmp[jj-2] == '=')
-						z--;
-					}
-				}
-			/* z is now number of output bytes and jj is the
-			 * number consumed */
-			if (jj != i)
-				{
-				memmove(ctx->tmp, &ctx->tmp[jj], i-jj);
-				ctx->tmp_len=i-jj;
-				}
-			ctx->buf_len=0;
-			if (z > 0)
-				{
-				ctx->buf_len=z;
-				}
-			i=z;
-			}
-		else
-			{
-			i=EVP_DecodeUpdate(&(ctx->base64),
-				(unsigned char *)ctx->buf,&ctx->buf_len,
-				(unsigned char *)ctx->tmp,i);
-			ctx->tmp_len = 0;
-			}
-		ctx->buf_off=0;
-		if (i < 0)
-			{
-			ret_code=0;
-			ctx->buf_len=0;
-			break;
-			}
-
-		if (ctx->buf_len <= outl)
-			i=ctx->buf_len;
-		else
-			i=outl;
-
-		memcpy(out,ctx->buf,i);
-		ret+=i;
-		ctx->buf_off=i;
-		if (ctx->buf_off == ctx->buf_len)
-			{
-			ctx->buf_len=0;
-			ctx->buf_off=0;
-			}
-		outl-=i;
-		out+=i;
-		}
-	/* BIO_clear_retry_flags(b); */
-	BIO_copy_next_retry(b);
-	return((ret == 0)?ret_code:ret);
-	}
-
-static int b64_write(BIO *b, const char *in, int inl)
-	{
-	int ret=0;
-	int n;
-	int i;
-	BIO_B64_CTX *ctx;
-
-	ctx=(BIO_B64_CTX *)b->ptr;
-	BIO_clear_retry_flags(b);
-
-	if (ctx->encode != B64_ENCODE)
-		{
-		ctx->encode=B64_ENCODE;
-		ctx->buf_len=0;
-		ctx->buf_off=0;
-		ctx->tmp_len=0;
-		EVP_EncodeInit(&(ctx->base64));
-		}
-
-	OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
-	OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
-	OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-	n=ctx->buf_len-ctx->buf_off;
-	while (n > 0)
-		{
-		i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-		if (i <= 0)
-			{
-			BIO_copy_next_retry(b);
-			return(i);
-			}
-		OPENSSL_assert(i <= n);
-		ctx->buf_off+=i;
-		OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
-		OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-		n-=i;
-		}
-	/* at this point all pending data has been written */
-	ctx->buf_off=0;
-	ctx->buf_len=0;
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-
-	while (inl > 0)
-		{
-		n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
-
-		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
-			{
-			if (ctx->tmp_len > 0)
-				{
-				OPENSSL_assert(ctx->tmp_len <= 3);
-				n=3-ctx->tmp_len;
-				/* There's a theoretical possibility for this */
-				if (n > inl) 
-					n=inl;
-				memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
-				ctx->tmp_len+=n;
-				ret += n;
-				if (ctx->tmp_len < 3)
-					break;
-				ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len);
-				OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
-				OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-				/* Since we're now done using the temporary
-				   buffer, the length should be 0'd */
-				ctx->tmp_len=0;
-				}
-			else
-				{
-				if (n < 3)
-					{
-					memcpy(ctx->tmp,in,n);
-					ctx->tmp_len=n;
-					ret += n;
-					break;
-					}
-				n-=n%3;
-				ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n);
-				OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
-				OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-				ret += n;
-				}
-			}
-		else
-			{
-			EVP_EncodeUpdate(&(ctx->base64),
-				(unsigned char *)ctx->buf,&ctx->buf_len,
-				(unsigned char *)in,n);
-			OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
-			OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-			ret += n;
-			}
-		inl-=n;
-		in+=n;
-
-		ctx->buf_off=0;
-		n=ctx->buf_len;
-		while (n > 0)
-			{
-			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-				return((ret == 0)?i:ret);
-				}
-			OPENSSL_assert(i <= n);
-			n-=i;
-			ctx->buf_off+=i;
-			OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
-			OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-			}
-		ctx->buf_len=0;
-		ctx->buf_off=0;
-		}
-	return(ret);
-	}
-
-static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	BIO_B64_CTX *ctx;
-	long ret=1;
-	int i;
-
-	ctx=(BIO_B64_CTX *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ctx->cont=1;
-		ctx->start=1;
-		ctx->encode=B64_NONE;
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_EOF:	/* More to read */
-		if (ctx->cont <= 0)
-			ret=1;
-		else
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_WPENDING: /* More to write in buffer */
-		OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-		ret=ctx->buf_len-ctx->buf_off;
-		if ((ret == 0) && (ctx->encode != B64_NONE)
-			&& (ctx->base64.num != 0))
-			ret=1;
-		else if (ret <= 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_PENDING: /* More to read in buffer */
-		OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-		ret=ctx->buf_len-ctx->buf_off;
-		if (ret <= 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_FLUSH:
-		/* do a final write */
-again:
-		while (ctx->buf_len != ctx->buf_off)
-			{
-			i=b64_write(b,NULL,0);
-			if (i < 0)
-				return i;
-			}
-		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
-			{
-			if (ctx->tmp_len != 0)
-				{
-				ctx->buf_len=EVP_EncodeBlock(
-					(unsigned char *)ctx->buf,
-					(unsigned char *)ctx->tmp,
-					ctx->tmp_len);
-				ctx->buf_off=0;
-				ctx->tmp_len=0;
-				goto again;
-				}
-			}
-		else if (ctx->encode != B64_NONE && ctx->base64.num != 0)
-			{
-			ctx->buf_off=0;
-			EVP_EncodeFinal(&(ctx->base64),
-				(unsigned char *)ctx->buf,
-				&(ctx->buf_len));
-			/* push out the bytes */
-			goto again;
-			}
-		/* Finally flush the underlying BIO */
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-
-	case BIO_CTRL_DUP:
-		break;
-	case BIO_CTRL_INFO:
-	case BIO_CTRL_GET:
-	case BIO_CTRL_SET:
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-	}
-
-static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
-
-static int b64_puts(BIO *b, const char *str)
-	{
-	return b64_write(b,str,strlen(str));
-	}
diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
deleted file mode 100644
index b6efb5fbc4..0000000000
--- a/crypto/evp/bio_enc.c
+++ /dev/null
@@ -1,428 +0,0 @@
-/* crypto/evp/bio_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-static int enc_write(BIO *h, const char *buf, int num);
-static int enc_read(BIO *h, char *buf, int size);
-/*static int enc_puts(BIO *h, const char *str); */
-/*static int enc_gets(BIO *h, char *str, int size); */
-static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int enc_new(BIO *h);
-static int enc_free(BIO *data);
-static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
-#define ENC_BLOCK_SIZE	(1024*4)
-#define BUF_OFFSET	(EVP_MAX_BLOCK_LENGTH*2)
-
-typedef struct enc_struct
-	{
-	int buf_len;
-	int buf_off;
-	int cont;		/* <= 0 when finished */
-	int finished;
-	int ok;			/* bad decrypt */
-	EVP_CIPHER_CTX cipher;
-	/* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate
-	 * can return up to a block more data than is presented to it
-	 */
-	char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2];
-	} BIO_ENC_CTX;
-
-static BIO_METHOD methods_enc=
-	{
-	BIO_TYPE_CIPHER,"cipher",
-	enc_write,
-	enc_read,
-	NULL, /* enc_puts, */
-	NULL, /* enc_gets, */
-	enc_ctrl,
-	enc_new,
-	enc_free,
-	enc_callback_ctrl,
-	};
-
-BIO_METHOD *BIO_f_cipher(void)
-	{
-	return(&methods_enc);
-	}
-
-static int enc_new(BIO *bi)
-	{
-	BIO_ENC_CTX *ctx;
-
-	ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
-	if (ctx == NULL) return(0);
-	EVP_CIPHER_CTX_init(&ctx->cipher);
-
-	ctx->buf_len=0;
-	ctx->buf_off=0;
-	ctx->cont=1;
-	ctx->finished=0;
-	ctx->ok=1;
-
-	bi->init=0;
-	bi->ptr=(char *)ctx;
-	bi->flags=0;
-	return(1);
-	}
-
-static int enc_free(BIO *a)
-	{
-	BIO_ENC_CTX *b;
-
-	if (a == NULL) return(0);
-	b=(BIO_ENC_CTX *)a->ptr;
-	EVP_CIPHER_CTX_cleanup(&(b->cipher));
-	OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
-	OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
-static int enc_read(BIO *b, char *out, int outl)
-	{
-	int ret=0,i;
-	BIO_ENC_CTX *ctx;
-
-	if (out == NULL) return(0);
-	ctx=(BIO_ENC_CTX *)b->ptr;
-
-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-	/* First check if there are bytes decoded/encoded */
-	if (ctx->buf_len > 0)
-		{
-		i=ctx->buf_len-ctx->buf_off;
-		if (i > outl) i=outl;
-		memcpy(out,&(ctx->buf[ctx->buf_off]),i);
-		ret=i;
-		out+=i;
-		outl-=i;
-		ctx->buf_off+=i;
-		if (ctx->buf_len == ctx->buf_off)
-			{
-			ctx->buf_len=0;
-			ctx->buf_off=0;
-			}
-		}
-
-	/* At this point, we have room of outl bytes and an empty
-	 * buffer, so we should read in some more. */
-
-	while (outl > 0)
-		{
-		if (ctx->cont <= 0) break;
-
-		/* read in at IV offset, read the EVP_Cipher
-		 * documentation about why */
-		i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE);
-
-		if (i <= 0)
-			{
-			/* Should be continue next time we are called? */
-			if (!BIO_should_retry(b->next_bio))
-				{
-				ctx->cont=i;
-				i=EVP_CipherFinal_ex(&(ctx->cipher),
-					(unsigned char *)ctx->buf,
-					&(ctx->buf_len));
-				ctx->ok=i;
-				ctx->buf_off=0;
-				}
-			else 
-				{
-				ret=(ret == 0)?i:ret;
-				break;
-				}
-			}
-		else
-			{
-			EVP_CipherUpdate(&(ctx->cipher),
-				(unsigned char *)ctx->buf,&ctx->buf_len,
-				(unsigned char *)&(ctx->buf[BUF_OFFSET]),i);
-			ctx->cont=1;
-			/* Note: it is possible for EVP_CipherUpdate to
-			 * decrypt zero bytes because this is or looks like
-			 * the final block: if this happens we should retry
-			 * and either read more data or decrypt the final
-			 * block
-			 */
-			if(ctx->buf_len == 0) continue;
-			}
-
-		if (ctx->buf_len <= outl)
-			i=ctx->buf_len;
-		else
-			i=outl;
-		if (i <= 0) break;
-		memcpy(out,ctx->buf,i);
-		ret+=i;
-		ctx->buf_off=i;
-		outl-=i;
-		out+=i;
-		}
-
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return((ret == 0)?ctx->cont:ret);
-	}
-
-static int enc_write(BIO *b, const char *in, int inl)
-	{
-	int ret=0,n,i;
-	BIO_ENC_CTX *ctx;
-
-	ctx=(BIO_ENC_CTX *)b->ptr;
-	ret=inl;
-
-	BIO_clear_retry_flags(b);
-	n=ctx->buf_len-ctx->buf_off;
-	while (n > 0)
-		{
-		i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-		if (i <= 0)
-			{
-			BIO_copy_next_retry(b);
-			return(i);
-			}
-		ctx->buf_off+=i;
-		n-=i;
-		}
-	/* at this point all pending data has been written */
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-
-	ctx->buf_off=0;
-	while (inl > 0)
-		{
-		n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
-		EVP_CipherUpdate(&(ctx->cipher),
-			(unsigned char *)ctx->buf,&ctx->buf_len,
-			(unsigned char *)in,n);
-		inl-=n;
-		in+=n;
-
-		ctx->buf_off=0;
-		n=ctx->buf_len;
-		while (n > 0)
-			{
-			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-				return (ret == inl) ? i : ret - inl;
-				}
-			n-=i;
-			ctx->buf_off+=i;
-			}
-		ctx->buf_len=0;
-		ctx->buf_off=0;
-		}
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
-
-static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	BIO *dbio;
-	BIO_ENC_CTX *ctx,*dctx;
-	long ret=1;
-	int i;
-	EVP_CIPHER_CTX **c_ctx;
-
-	ctx=(BIO_ENC_CTX *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ctx->ok=1;
-		ctx->finished=0;
-		EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
-			ctx->cipher.encrypt);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_EOF:	/* More to read */
-		if (ctx->cont <= 0)
-			ret=1;
-		else
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_WPENDING:
-		ret=ctx->buf_len-ctx->buf_off;
-		if (ret <= 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_PENDING: /* More to read in buffer */
-		ret=ctx->buf_len-ctx->buf_off;
-		if (ret <= 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_FLUSH:
-		/* do a final write */
-again:
-		while (ctx->buf_len != ctx->buf_off)
-			{
-			i=enc_write(b,NULL,0);
-			if (i < 0)
-				return i;
-			}
-
-		if (!ctx->finished)
-			{
-			ctx->finished=1;
-			ctx->buf_off=0;
-			ret=EVP_CipherFinal_ex(&(ctx->cipher),
-				(unsigned char *)ctx->buf,
-				&(ctx->buf_len));
-			ctx->ok=(int)ret;
-			if (ret <= 0) break;
-
-			/* push out the bytes */
-			goto again;
-			}
-		
-		/* Finally flush the underlying BIO */
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_C_GET_CIPHER_STATUS:
-		ret=(long)ctx->ok;
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-	case BIO_C_GET_CIPHER_CTX:
-		c_ctx=(EVP_CIPHER_CTX **)ptr;
-		(*c_ctx)= &(ctx->cipher);
-		b->init=1;
-		break;
-	case BIO_CTRL_DUP:
-		dbio=(BIO *)ptr;
-		dctx=(BIO_ENC_CTX *)dbio->ptr;
-		EVP_CIPHER_CTX_init(&dctx->cipher);
-		ret = EVP_CIPHER_CTX_copy(&dctx->cipher,&ctx->cipher);
-		if (ret)
-			dbio->init=1;
-		break;
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-	}
-
-static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
-
-/*
-void BIO_set_cipher_ctx(b,c)
-BIO *b;
-EVP_CIPHER_ctx *c;
-	{
-	if (b == NULL) return;
-
-	if ((b->callback != NULL) &&
-		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
-		return;
-
-	b->init=1;
-	ctx=(BIO_ENC_CTX *)b->ptr;
-	memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
-	
-	if (b->callback != NULL)
-		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
-	}
-*/
-
-void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
-	     const unsigned char *i, int e)
-	{
-	BIO_ENC_CTX *ctx;
-
-	if (b == NULL) return;
-
-	if ((b->callback != NULL) &&
-		(b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0))
-		return;
-
-	b->init=1;
-	ctx=(BIO_ENC_CTX *)b->ptr;
-	EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);
-	
-	if (b->callback != NULL)
-		b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
-	}
-
diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c
deleted file mode 100644
index 144fdfd56a..0000000000
--- a/crypto/evp/bio_md.c
+++ /dev/null
@@ -1,275 +0,0 @@
-/* crypto/evp/bio_md.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-/* BIO_put and BIO_get both add to the digest,
- * BIO_gets returns the digest */
-
-static int md_write(BIO *h, char const *buf, int num);
-static int md_read(BIO *h, char *buf, int size);
-/*static int md_puts(BIO *h, const char *str); */
-static int md_gets(BIO *h, char *str, int size);
-static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int md_new(BIO *h);
-static int md_free(BIO *data);
-static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
-
-static BIO_METHOD methods_md=
-	{
-	BIO_TYPE_MD,"message digest",
-	md_write,
-	md_read,
-	NULL, /* md_puts, */
-	md_gets,
-	md_ctrl,
-	md_new,
-	md_free,
-	md_callback_ctrl,
-	};
-
-BIO_METHOD *BIO_f_md(void)
-	{
-	return(&methods_md);
-	}
-
-static int md_new(BIO *bi)
-	{
-	EVP_MD_CTX *ctx;
-
-	ctx=EVP_MD_CTX_create();
-	if (ctx == NULL) return(0);
-
-	bi->init=0;
-	bi->ptr=(char *)ctx;
-	bi->flags=0;
-	return(1);
-	}
-
-static int md_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	EVP_MD_CTX_destroy(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
-static int md_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
-	EVP_MD_CTX *ctx;
-
-	if (out == NULL) return(0);
-	ctx=b->ptr;
-
-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-	ret=BIO_read(b->next_bio,out,outl);
-	if (b->init)
-		{
-		if (ret > 0)
-			{
-			if (EVP_DigestUpdate(ctx,(unsigned char *)out,
-				(unsigned int)ret)<=0) return (-1);
-			}
-		}
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
-
-static int md_write(BIO *b, const char *in, int inl)
-	{
-	int ret=0;
-	EVP_MD_CTX *ctx;
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-	ctx=b->ptr;
-
-	if ((ctx != NULL) && (b->next_bio != NULL))
-		ret=BIO_write(b->next_bio,in,inl);
-	if (b->init)
-		{
-		if (ret > 0)
-			{
-			if (!EVP_DigestUpdate(ctx,(const unsigned char *)in,
-				(unsigned int)ret))
-				{
-				BIO_clear_retry_flags(b);
-				return 0;
-				}
-			}
-		}
-	if(b->next_bio != NULL)
-		{
-		BIO_clear_retry_flags(b);
-		BIO_copy_next_retry(b);
-		}
-	return(ret);
-	}
-
-static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	EVP_MD_CTX *ctx,*dctx,**pctx;
-	const EVP_MD **ppmd;
-	EVP_MD *md;
-	long ret=1;
-	BIO *dbio;
-
-	ctx=b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		if (b->init)
-			ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL);
-		else
-			ret=0;
-		if (ret > 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_C_GET_MD:
-		if (b->init)
-			{
-			ppmd=ptr;
-			*ppmd=ctx->digest;
-			}
-		else
-			ret=0;
-		break;
-	case BIO_C_GET_MD_CTX:
-		pctx=ptr;
-		*pctx=ctx;
-		b->init = 1;
-		break;
-	case BIO_C_SET_MD_CTX:
-		if (b->init)
-			b->ptr=ptr;
-		else
-			ret=0;
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-
-	case BIO_C_SET_MD:
-		md=ptr;
-		ret = EVP_DigestInit_ex(ctx,md, NULL);
-		if (ret > 0)
-			b->init=1;
-		break;
-	case BIO_CTRL_DUP:
-		dbio=ptr;
-		dctx=dbio->ptr;
-		if (!EVP_MD_CTX_copy_ex(dctx,ctx))
-			return 0;
-		b->init=1;
-		break;
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-	}
-
-static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
-
-static int md_gets(BIO *bp, char *buf, int size)
-	{
-	EVP_MD_CTX *ctx;
-	unsigned int ret;
-
-
-	ctx=bp->ptr;
-	if (size < ctx->digest->md_size)
-		return(0);
-	if (EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret)<=0) 
-		return -1;
-		
-	return((int)ret);
-	}
-
-/*
-static int md_puts(bp,str)
-BIO *bp;
-char *str;
-	{
-	return(-1);
-	}
-*/
-
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
deleted file mode 100644
index e64335353f..0000000000
--- a/crypto/evp/bio_ok.c
+++ /dev/null
@@ -1,624 +0,0 @@
-/* crypto/evp/bio_ok.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
-	From: Arne Ansper <arne@cyber.ee>
-
-	Why BIO_f_reliable?
-
-	I wrote function which took BIO* as argument, read data from it
-	and processed it. Then I wanted to store the input file in 
-	encrypted form. OK I pushed BIO_f_cipher to the BIO stack
-	and everything was OK. BUT if user types wrong password 
-	BIO_f_cipher outputs only garbage and my function crashes. Yes
-	I can and I should fix my function, but BIO_f_cipher is 
-	easy way to add encryption support to many existing applications
-	and it's hard to debug and fix them all. 
-
-	So I wanted another BIO which would catch the incorrect passwords and
-	file damages which cause garbage on BIO_f_cipher's output. 
-
-	The easy way is to push the BIO_f_md and save the checksum at 
-	the end of the file. However there are several problems with this
-	approach:
-
-	1) you must somehow separate checksum from actual data. 
-	2) you need lot's of memory when reading the file, because you 
-	must read to the end of the file and verify the checksum before
-	letting the application to read the data. 
-	
-	BIO_f_reliable tries to solve both problems, so that you can 
-	read and write arbitrary long streams using only fixed amount
-	of memory.
-
-	BIO_f_reliable splits data stream into blocks. Each block is prefixed
-	with it's length and suffixed with it's digest. So you need only 
-	several Kbytes of memory to buffer single block before verifying 
-	it's digest. 
-
-	BIO_f_reliable goes further and adds several important capabilities:
-
-	1) the digest of the block is computed over the whole stream 
-	-- so nobody can rearrange the blocks or remove or replace them.
-
-	2) to detect invalid passwords right at the start BIO_f_reliable 
-	adds special prefix to the stream. In order to avoid known plain-text
-	attacks this prefix is generated as follows:
-
-		*) digest is initialized with random seed instead of 
-		standardized one.
-		*) same seed is written to output
-		*) well-known text is then hashed and the output 
-		of the digest is also written to output.
-
-	reader can now read the seed from stream, hash the same string
-	and then compare the digest output.
-
-	Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I 
-	initially wrote and tested this code on x86 machine and wrote the
-	digests out in machine-dependent order :( There are people using
-	this code and I cannot change this easily without making existing
-	data files unreadable.
-
-*/
-
-#include <stdio.h>
-#include <errno.h>
-#include <assert.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-
-static int ok_write(BIO *h, const char *buf, int num);
-static int ok_read(BIO *h, char *buf, int size);
-static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int ok_new(BIO *h);
-static int ok_free(BIO *data);
-static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-
-static int sig_out(BIO* b);
-static int sig_in(BIO* b);
-static int block_out(BIO* b);
-static int block_in(BIO* b);
-#define OK_BLOCK_SIZE	(1024*4)
-#define OK_BLOCK_BLOCK	4
-#define IOBS		(OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
-#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
-
-typedef struct ok_struct
-	{
-	size_t buf_len;
-	size_t buf_off;
-	size_t buf_len_save;
-	size_t buf_off_save;
-	int cont;		/* <= 0 when finished */
-	int finished;
-	EVP_MD_CTX md;
-	int blockout;		/* output block is ready */ 
-	int sigio;		/* must process signature */
-	unsigned char buf[IOBS];
-	} BIO_OK_CTX;
-
-static BIO_METHOD methods_ok=
-	{
-	BIO_TYPE_CIPHER,"reliable",
-	ok_write,
-	ok_read,
-	NULL, /* ok_puts, */
-	NULL, /* ok_gets, */
-	ok_ctrl,
-	ok_new,
-	ok_free,
-	ok_callback_ctrl,
-	};
-
-BIO_METHOD *BIO_f_reliable(void)
-	{
-	return(&methods_ok);
-	}
-
-static int ok_new(BIO *bi)
-	{
-	BIO_OK_CTX *ctx;
-
-	ctx=(BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
-	if (ctx == NULL) return(0);
-
-	ctx->buf_len=0;
-	ctx->buf_off=0;
-	ctx->buf_len_save=0;
-	ctx->buf_off_save=0;
-	ctx->cont=1;
-	ctx->finished=0;
-	ctx->blockout= 0;
-	ctx->sigio=1;
-
-	EVP_MD_CTX_init(&ctx->md);
-
-	bi->init=0;
-	bi->ptr=(char *)ctx;
-	bi->flags=0;
-	return(1);
-	}
-
-static int ok_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
-	OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
-	OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
-static int ok_read(BIO *b, char *out, int outl)
-	{
-	int ret=0,i,n;
-	BIO_OK_CTX *ctx;
-
-	if (out == NULL) return(0);
-	ctx=(BIO_OK_CTX *)b->ptr;
-
-	if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
-
-	while(outl > 0)
-		{
-
-		/* copy clean bytes to output buffer */
-		if (ctx->blockout)
-			{
-			i=ctx->buf_len-ctx->buf_off;
-			if (i > outl) i=outl;
-			memcpy(out,&(ctx->buf[ctx->buf_off]),i);
-			ret+=i;
-			out+=i;
-			outl-=i;
-			ctx->buf_off+=i;
-
-			/* all clean bytes are out */
-			if (ctx->buf_len == ctx->buf_off)
-				{
-				ctx->buf_off=0;
-
-				/* copy start of the next block into proper place */
-				if(ctx->buf_len_save- ctx->buf_off_save > 0)
-					{
-					ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save;
-					memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
-							ctx->buf_len);
-					}
-				else
-					{
-					ctx->buf_len=0;
-					}
-				ctx->blockout= 0;
-				}
-			}
-	
-		/* output buffer full -- cancel */
-		if (outl == 0) break;
-
-		/* no clean bytes in buffer -- fill it */
-		n=IOBS- ctx->buf_len;
-		i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n);
-
-		if (i <= 0) break;	/* nothing new */
-
-		ctx->buf_len+= i;
-
-		/* no signature yet -- check if we got one */
-		if (ctx->sigio == 1)
-			{
-			if (!sig_in(b))
-				{
-				BIO_clear_retry_flags(b);
-				return 0;
-				}
-			}
-
-		/* signature ok -- check if we got block */
-		if (ctx->sigio == 0)
-			{
-			if (!block_in(b))
-				{
-				BIO_clear_retry_flags(b);
-				return 0;
-				}
-			}
-
-		/* invalid block -- cancel */
-		if (ctx->cont <= 0) break;
-
-		}
-
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
-
-static int ok_write(BIO *b, const char *in, int inl)
-	{
-	int ret=0,n,i;
-	BIO_OK_CTX *ctx;
-
-	if (inl <= 0) return inl;
-
-	ctx=(BIO_OK_CTX *)b->ptr;
-	ret=inl;
-
-	if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
-
-	if(ctx->sigio && !sig_out(b))
-		return 0;
-
-	do{
-		BIO_clear_retry_flags(b);
-		n=ctx->buf_len-ctx->buf_off;
-		while (ctx->blockout && n > 0)
-			{
-			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-				if(!BIO_should_retry(b))
-					ctx->cont= 0;
-				return(i);
-				}
-			ctx->buf_off+=i;
-			n-=i;
-			}
-
-		/* at this point all pending data has been written */
-		ctx->blockout= 0;
-		if (ctx->buf_len == ctx->buf_off)
-			{
-			ctx->buf_len=OK_BLOCK_BLOCK;
-			ctx->buf_off=0;
-			}
-	
-		if ((in == NULL) || (inl <= 0)) return(0);
-
-		n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? 
-			(int)(OK_BLOCK_SIZE+OK_BLOCK_BLOCK-ctx->buf_len) : inl;
-
-		memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n);
-		ctx->buf_len+= n;
-		inl-=n;
-		in+=n;
-
-		if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK)
-			{
-			if (!block_out(b))
-				{
-				BIO_clear_retry_flags(b);
-				return 0;
-				}
-			}
-	}while(inl > 0);
-
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
-
-static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	BIO_OK_CTX *ctx;
-	EVP_MD *md;
-	const EVP_MD **ppmd;
-	long ret=1;
-	int i;
-
-	ctx=b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ctx->buf_len=0;
-		ctx->buf_off=0;
-		ctx->buf_len_save=0;
-		ctx->buf_off_save=0;
-		ctx->cont=1;
-		ctx->finished=0;
-		ctx->blockout= 0;
-		ctx->sigio=1;
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_EOF:	/* More to read */
-		if (ctx->cont <= 0)
-			ret=1;
-		else
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_PENDING: /* More to read in buffer */
-	case BIO_CTRL_WPENDING: /* More to read in buffer */
-		ret=ctx->blockout ? ctx->buf_len-ctx->buf_off : 0;
-		if (ret <= 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_FLUSH:
-		/* do a final write */
-		if(ctx->blockout == 0)
-			if (!block_out(b))
-				return 0;
-
-		while (ctx->blockout)
-			{
-			i=ok_write(b,NULL,0);
-			if (i < 0)
-				{
-				ret=i;
-				break;
-				}
-			}
-
-		ctx->finished=1;
-		ctx->buf_off=ctx->buf_len=0;
-		ctx->cont=(int)ret;
-		
-		/* Finally flush the underlying BIO */
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-	case BIO_CTRL_INFO:
-		ret=(long)ctx->cont;
-		break;
-	case BIO_C_SET_MD:
-		md=ptr;
-		if (!EVP_DigestInit_ex(&ctx->md, md, NULL))
-			return 0;
-		b->init=1;
-		break;
-	case BIO_C_GET_MD:
-		if (b->init)
-			{
-			ppmd=ptr;
-			*ppmd=ctx->md.digest;
-			}
-		else
-			ret=0;
-		break;
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-	}
-
-static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
-
-static void longswap(void *_ptr, size_t len)
-{	const union { long one; char little; } is_endian = {1};
-
-	if (is_endian.little) {
-		size_t i;
-		unsigned char *p=_ptr,c;
-
-		for(i= 0;i < len;i+= 4) {
-			c=p[0],p[0]=p[3],p[3]=c;
-			c=p[1],p[1]=p[2],p[2]=c;
-		}
-	}
-}
-
-static int sig_out(BIO* b)
-	{
-	BIO_OK_CTX *ctx;
-	EVP_MD_CTX *md;
-
-	ctx=b->ptr;
-	md=&ctx->md;
-
-	if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return 1;
-
-	if (!EVP_DigestInit_ex(md, md->digest, NULL))
-		goto berr;
-	/* FIXME: there's absolutely no guarantee this makes any sense at all,
-	 * particularly now EVP_MD_CTX has been restructured.
-	 */
-	RAND_pseudo_bytes(md->md_data, md->digest->md_size);
-	memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
-	longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
-	ctx->buf_len+= md->digest->md_size;
-
-	if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
-		goto berr;
-	if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
-		goto berr;
-	ctx->buf_len+= md->digest->md_size;
-	ctx->blockout= 1;
-	ctx->sigio= 0;
-	return 1;
-	berr:
-	BIO_clear_retry_flags(b);
-	return 0;
-	}
-
-static int sig_in(BIO* b)
-	{
-	BIO_OK_CTX *ctx;
-	EVP_MD_CTX *md;
-	unsigned char tmp[EVP_MAX_MD_SIZE];
-	int ret= 0;
-
-	ctx=b->ptr;
-	md=&ctx->md;
-
-	if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return 1;
-
-	if (!EVP_DigestInit_ex(md, md->digest, NULL))
-		goto berr;
-	memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
-	longswap(md->md_data, md->digest->md_size);
-	ctx->buf_off+= md->digest->md_size;
-
-	if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
-		goto berr;
-	if (!EVP_DigestFinal_ex(md, tmp, NULL))
-		goto berr;
-	ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
-	ctx->buf_off+= md->digest->md_size;
-	if(ret == 1)
-		{
-		ctx->sigio= 0;
-		if(ctx->buf_len != ctx->buf_off)
-			{
-			memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len- ctx->buf_off);
-			}
-		ctx->buf_len-= ctx->buf_off;
-		ctx->buf_off= 0;
-		}
-	else
-		{
-		ctx->cont= 0;
-		}
-	return 1;
-	berr:
-	BIO_clear_retry_flags(b);
-	return 0;
-	}
-
-static int block_out(BIO* b)
-	{
-	BIO_OK_CTX *ctx;
-	EVP_MD_CTX *md;
-	unsigned long tl;
-
-	ctx=b->ptr;
-	md=&ctx->md;
-
-	tl= ctx->buf_len- OK_BLOCK_BLOCK;
-	ctx->buf[0]=(unsigned char)(tl>>24);
-	ctx->buf[1]=(unsigned char)(tl>>16);
-	ctx->buf[2]=(unsigned char)(tl>>8);
-	ctx->buf[3]=(unsigned char)(tl);
-	if (!EVP_DigestUpdate(md,
-		(unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl))
-		goto berr;
-	if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
-		goto berr;
-	ctx->buf_len+= md->digest->md_size;
-	ctx->blockout= 1;
-	return 1;
-	berr:
-	BIO_clear_retry_flags(b);
-	return 0;
-	}
-
-static int block_in(BIO* b)
-	{
-	BIO_OK_CTX *ctx;
-	EVP_MD_CTX *md;
-	unsigned long tl= 0;
-	unsigned char tmp[EVP_MAX_MD_SIZE];
-
-	ctx=b->ptr;
-	md=&ctx->md;
-
-	assert(sizeof(tl)>=OK_BLOCK_BLOCK);	/* always true */
-	tl =ctx->buf[0]; tl<<=8;
-	tl|=ctx->buf[1]; tl<<=8;
-	tl|=ctx->buf[2]; tl<<=8;
-	tl|=ctx->buf[3];
-
-	if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return 1;
- 
-	if (!EVP_DigestUpdate(md,
-			(unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl))
-		goto berr;
-	if (!EVP_DigestFinal_ex(md, tmp, NULL))
-		goto berr;
-	if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
-		{
-		/* there might be parts from next block lurking around ! */
-		ctx->buf_off_save= tl+ OK_BLOCK_BLOCK+ md->digest->md_size;
-		ctx->buf_len_save= ctx->buf_len;
-		ctx->buf_off= OK_BLOCK_BLOCK;
-		ctx->buf_len= tl+ OK_BLOCK_BLOCK;
-		ctx->blockout= 1;
-		}
-	else
-		{
-		ctx->cont= 0;
-		}
-	return 1;
-	berr:
-	BIO_clear_retry_flags(b);
-	return 0;
-	}
-
diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c
deleted file mode 100644
index 766c4cecdf..0000000000
--- a/crypto/evp/c_all.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/* crypto/evp/c_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-#if 0
-#undef OpenSSL_add_all_algorithms
-
-void OpenSSL_add_all_algorithms(void)
-	{
-	OPENSSL_add_all_algorithms_noconf();
-	}
-#endif
-
-void OPENSSL_add_all_algorithms_noconf(void)
-	{
-	/*
-	 * For the moment OPENSSL_cpuid_setup does something
-	 * only on IA-32, but we reserve the option for all
-	 * platforms...
-	 */
-	OPENSSL_cpuid_setup();
-	OpenSSL_add_all_ciphers();
-	OpenSSL_add_all_digests();
-#ifndef OPENSSL_NO_ENGINE
-# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-	ENGINE_setup_bsd_cryptodev();
-# endif
-#endif
-	}
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
deleted file mode 100644
index 2a45d435e5..0000000000
--- a/crypto/evp/c_allc.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/* crypto/evp/c_allc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/pkcs12.h>
-#include <openssl/objects.h>
-
-void OpenSSL_add_all_ciphers(void)
-	{
-
-#ifndef OPENSSL_NO_DES
-	EVP_add_cipher(EVP_des_cfb());
-	EVP_add_cipher(EVP_des_cfb1());
-	EVP_add_cipher(EVP_des_cfb8());
-	EVP_add_cipher(EVP_des_ede_cfb());
-	EVP_add_cipher(EVP_des_ede3_cfb());
-	EVP_add_cipher(EVP_des_ede3_cfb1());
-	EVP_add_cipher(EVP_des_ede3_cfb8());
-
-	EVP_add_cipher(EVP_des_ofb());
-	EVP_add_cipher(EVP_des_ede_ofb());
-	EVP_add_cipher(EVP_des_ede3_ofb());
-
-	EVP_add_cipher(EVP_desx_cbc());
-	EVP_add_cipher_alias(SN_desx_cbc,"DESX");
-	EVP_add_cipher_alias(SN_desx_cbc,"desx");
-
-	EVP_add_cipher(EVP_des_cbc());
-	EVP_add_cipher_alias(SN_des_cbc,"DES");
-	EVP_add_cipher_alias(SN_des_cbc,"des");
-	EVP_add_cipher(EVP_des_ede_cbc());
-	EVP_add_cipher(EVP_des_ede3_cbc());
-	EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
-	EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
-
-	EVP_add_cipher(EVP_des_ecb());
-	EVP_add_cipher(EVP_des_ede());
-	EVP_add_cipher(EVP_des_ede3());
-#endif
-
-#ifndef OPENSSL_NO_RC4
-	EVP_add_cipher(EVP_rc4());
-	EVP_add_cipher(EVP_rc4_40());
-#ifndef OPENSSL_NO_MD5
-	EVP_add_cipher(EVP_rc4_hmac_md5());
-#endif
-#endif
-
-#ifndef OPENSSL_NO_IDEA
-	EVP_add_cipher(EVP_idea_ecb());
-	EVP_add_cipher(EVP_idea_cfb());
-	EVP_add_cipher(EVP_idea_ofb());
-	EVP_add_cipher(EVP_idea_cbc());
-	EVP_add_cipher_alias(SN_idea_cbc,"IDEA");
-	EVP_add_cipher_alias(SN_idea_cbc,"idea");
-#endif
-
-#ifndef OPENSSL_NO_SEED
-	EVP_add_cipher(EVP_seed_ecb());
-	EVP_add_cipher(EVP_seed_cfb());
-	EVP_add_cipher(EVP_seed_ofb());
-	EVP_add_cipher(EVP_seed_cbc());
-	EVP_add_cipher_alias(SN_seed_cbc,"SEED");
-	EVP_add_cipher_alias(SN_seed_cbc,"seed");
-#endif
-
-#ifndef OPENSSL_NO_RC2
-	EVP_add_cipher(EVP_rc2_ecb());
-	EVP_add_cipher(EVP_rc2_cfb());
-	EVP_add_cipher(EVP_rc2_ofb());
-	EVP_add_cipher(EVP_rc2_cbc());
-	EVP_add_cipher(EVP_rc2_40_cbc());
-	EVP_add_cipher(EVP_rc2_64_cbc());
-	EVP_add_cipher_alias(SN_rc2_cbc,"RC2");
-	EVP_add_cipher_alias(SN_rc2_cbc,"rc2");
-#endif
-
-#ifndef OPENSSL_NO_BF
-	EVP_add_cipher(EVP_bf_ecb());
-	EVP_add_cipher(EVP_bf_cfb());
-	EVP_add_cipher(EVP_bf_ofb());
-	EVP_add_cipher(EVP_bf_cbc());
-	EVP_add_cipher_alias(SN_bf_cbc,"BF");
-	EVP_add_cipher_alias(SN_bf_cbc,"bf");
-	EVP_add_cipher_alias(SN_bf_cbc,"blowfish");
-#endif
-
-#ifndef OPENSSL_NO_CAST
-	EVP_add_cipher(EVP_cast5_ecb());
-	EVP_add_cipher(EVP_cast5_cfb());
-	EVP_add_cipher(EVP_cast5_ofb());
-	EVP_add_cipher(EVP_cast5_cbc());
-	EVP_add_cipher_alias(SN_cast5_cbc,"CAST");
-	EVP_add_cipher_alias(SN_cast5_cbc,"cast");
-	EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc");
-	EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");
-#endif
-
-#ifndef OPENSSL_NO_RC5
-	EVP_add_cipher(EVP_rc5_32_12_16_ecb());
-	EVP_add_cipher(EVP_rc5_32_12_16_cfb());
-	EVP_add_cipher(EVP_rc5_32_12_16_ofb());
-	EVP_add_cipher(EVP_rc5_32_12_16_cbc());
-	EVP_add_cipher_alias(SN_rc5_cbc,"rc5");
-	EVP_add_cipher_alias(SN_rc5_cbc,"RC5");
-#endif
-
-#ifndef OPENSSL_NO_AES
-	EVP_add_cipher(EVP_aes_128_ecb());
-	EVP_add_cipher(EVP_aes_128_cbc());
-	EVP_add_cipher(EVP_aes_128_cfb());
-	EVP_add_cipher(EVP_aes_128_cfb1());
-	EVP_add_cipher(EVP_aes_128_cfb8());
-	EVP_add_cipher(EVP_aes_128_ofb());
-	EVP_add_cipher(EVP_aes_128_ctr());
-	EVP_add_cipher(EVP_aes_128_gcm());
-	EVP_add_cipher(EVP_aes_128_xts());
-	EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
-	EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
-	EVP_add_cipher(EVP_aes_192_ecb());
-	EVP_add_cipher(EVP_aes_192_cbc());
-	EVP_add_cipher(EVP_aes_192_cfb());
-	EVP_add_cipher(EVP_aes_192_cfb1());
-	EVP_add_cipher(EVP_aes_192_cfb8());
-	EVP_add_cipher(EVP_aes_192_ofb());
-	EVP_add_cipher(EVP_aes_192_ctr());
-	EVP_add_cipher(EVP_aes_192_gcm());
-	EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
-	EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
-	EVP_add_cipher(EVP_aes_256_ecb());
-	EVP_add_cipher(EVP_aes_256_cbc());
-	EVP_add_cipher(EVP_aes_256_cfb());
-	EVP_add_cipher(EVP_aes_256_cfb1());
-	EVP_add_cipher(EVP_aes_256_cfb8());
-	EVP_add_cipher(EVP_aes_256_ofb());
-	EVP_add_cipher(EVP_aes_256_ctr());
-	EVP_add_cipher(EVP_aes_256_gcm());
-	EVP_add_cipher(EVP_aes_256_xts());
-	EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
-	EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-	EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
-	EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
-#endif
-#endif
-
-#ifndef OPENSSL_NO_CAMELLIA
-	EVP_add_cipher(EVP_camellia_128_ecb());
-	EVP_add_cipher(EVP_camellia_128_cbc());
-	EVP_add_cipher(EVP_camellia_128_cfb());
-	EVP_add_cipher(EVP_camellia_128_cfb1());
-	EVP_add_cipher(EVP_camellia_128_cfb8());
-	EVP_add_cipher(EVP_camellia_128_ofb());
-	EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128");
-	EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128");
-	EVP_add_cipher(EVP_camellia_192_ecb());
-	EVP_add_cipher(EVP_camellia_192_cbc());
-	EVP_add_cipher(EVP_camellia_192_cfb());
-	EVP_add_cipher(EVP_camellia_192_cfb1());
-	EVP_add_cipher(EVP_camellia_192_cfb8());
-	EVP_add_cipher(EVP_camellia_192_ofb());
-	EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192");
-	EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192");
-	EVP_add_cipher(EVP_camellia_256_ecb());
-	EVP_add_cipher(EVP_camellia_256_cbc());
-	EVP_add_cipher(EVP_camellia_256_cfb());
-	EVP_add_cipher(EVP_camellia_256_cfb1());
-	EVP_add_cipher(EVP_camellia_256_cfb8());
-	EVP_add_cipher(EVP_camellia_256_ofb());
-	EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
-	EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
-#endif
-	}
diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c
deleted file mode 100644
index 311e1fe2f8..0000000000
--- a/crypto/evp/c_alld.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/* crypto/evp/c_alld.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/pkcs12.h>
-#include <openssl/objects.h>
-
-void OpenSSL_add_all_digests(void)
-	{
-#ifndef OPENSSL_NO_MD4
-	EVP_add_digest(EVP_md4());
-#endif
-#ifndef OPENSSL_NO_MD5
-	EVP_add_digest(EVP_md5());
-	EVP_add_digest_alias(SN_md5,"ssl2-md5");
-	EVP_add_digest_alias(SN_md5,"ssl3-md5");
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
-	EVP_add_digest(EVP_sha());
-#ifndef OPENSSL_NO_DSA
-	EVP_add_digest(EVP_dss());
-#endif
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-	EVP_add_digest(EVP_sha1());
-	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
-	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
-#ifndef OPENSSL_NO_DSA
-	EVP_add_digest(EVP_dss1());
-	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
-	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
-	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	EVP_add_digest(EVP_ecdsa());
-#endif
-#endif
-#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-	EVP_add_digest(EVP_mdc2());
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-	EVP_add_digest(EVP_ripemd160());
-	EVP_add_digest_alias(SN_ripemd160,"ripemd");
-	EVP_add_digest_alias(SN_ripemd160,"rmd160");
-#endif
-#ifndef OPENSSL_NO_SHA256
-	EVP_add_digest(EVP_sha224());
-	EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
-	EVP_add_digest(EVP_sha384());
-	EVP_add_digest(EVP_sha512());
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-	EVP_add_digest(EVP_whirlpool());
-#endif
-	}
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
deleted file mode 100644
index d14e8e48d5..0000000000
--- a/crypto/evp/digest.c
+++ /dev/null
@@ -1,407 +0,0 @@
-/* crypto/evp/digest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
-	{
-	memset(ctx,'\0',sizeof *ctx);
-	}
-
-EVP_MD_CTX *EVP_MD_CTX_create(void)
-	{
-	EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
-
-	if (ctx)
-		EVP_MD_CTX_init(ctx);
-
-	return ctx;
-	}
-
-int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
-	{
-	EVP_MD_CTX_init(ctx);
-	return EVP_DigestInit_ex(ctx, type, NULL);
-	}
-
-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
-	{
-	EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
-#ifndef OPENSSL_NO_ENGINE
-	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-	 * so this context may already have an ENGINE! Try to avoid releasing
-	 * the previous handle, re-querying for an ENGINE, and having a
-	 * reinitialisation, when it may all be unecessary. */
-	if (ctx->engine && ctx->digest && (!type ||
-			(type && (type->type == ctx->digest->type))))
-		goto skip_to_init;
-	if (type)
-		{
-		/* Ensure an ENGINE left lying around from last time is cleared
-		 * (the previous check attempted to avoid this if the same
-		 * ENGINE and EVP_MD could be used). */
-		if(ctx->engine)
-			ENGINE_finish(ctx->engine);
-		if(impl)
-			{
-			if (!ENGINE_init(impl))
-				{
-				EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
-				return 0;
-				}
-			}
-		else
-			/* Ask if an ENGINE is reserved for this job */
-			impl = ENGINE_get_digest_engine(type->type);
-		if(impl)
-			{
-			/* There's an ENGINE for this job ... (apparently) */
-			const EVP_MD *d = ENGINE_get_digest(impl, type->type);
-			if(!d)
-				{
-				/* Same comment from evp_enc.c */
-				EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
-				ENGINE_finish(impl);
-				return 0;
-				}
-			/* We'll use the ENGINE's private digest definition */
-			type = d;
-			/* Store the ENGINE functional reference so we know
-			 * 'type' came from an ENGINE and we need to release
-			 * it when done. */
-			ctx->engine = impl;
-			}
-		else
-			ctx->engine = NULL;
-		}
-	else
-	if(!ctx->digest)
-		{
-		EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET);
-		return 0;
-		}
-#endif
-	if (ctx->digest != type)
-		{
-		if (ctx->digest && ctx->digest->ctx_size)
-			OPENSSL_free(ctx->md_data);
-		ctx->digest=type;
-		if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size)
-			{
-			ctx->update = type->update;
-			ctx->md_data=OPENSSL_malloc(type->ctx_size);
-			if (ctx->md_data == NULL)
-				{
-				EVPerr(EVP_F_EVP_DIGESTINIT_EX,
-							ERR_R_MALLOC_FAILURE);
-				return 0;
-				}
-			}
-		}
-#ifndef OPENSSL_NO_ENGINE
-skip_to_init:
-#endif
-	if (ctx->pctx)
-		{
-		int r;
-		r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
-					EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
-		if (r <= 0 && (r != -2))
-			return 0;
-		}
-	if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
-		return 1;
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		{
-		if (FIPS_digestinit(ctx, type))
-			return 1;
-		OPENSSL_free(ctx->md_data);
-		ctx->md_data = NULL;
-		return 0;
-		}
-#endif
-	return ctx->digest->init(ctx);
-	}
-
-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
-	{
-#ifdef OPENSSL_FIPS
-	return FIPS_digestupdate(ctx, data, count);
-#else
-	return ctx->update(ctx,data,count);
-#endif
-	}
-
-/* The caller can assume that this removes any secret data from the context */
-int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
-	{
-	int ret;
-	ret = EVP_DigestFinal_ex(ctx, md, size);
-	EVP_MD_CTX_cleanup(ctx);
-	return ret;
-	}
-
-/* The caller can assume that this removes any secret data from the context */
-int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
-	{
-#ifdef OPENSSL_FIPS
-	return FIPS_digestfinal(ctx, md, size);
-#else
-	int ret;
-
-	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
-	ret=ctx->digest->final(ctx,md);
-	if (size != NULL)
-		*size=ctx->digest->md_size;
-	if (ctx->digest->cleanup)
-		{
-		ctx->digest->cleanup(ctx);
-		EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
-		}
-	memset(ctx->md_data,0,ctx->digest->ctx_size);
-	return ret;
-#endif
-	}
-
-int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
-	{
-	EVP_MD_CTX_init(out);
-	return EVP_MD_CTX_copy_ex(out, in);
-	}
-
-int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
-	{
-	unsigned char *tmp_buf;
-	if ((in == NULL) || (in->digest == NULL))
-		{
-		EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED);
-		return 0;
-		}
-#ifndef OPENSSL_NO_ENGINE
-	/* Make sure it's safe to copy a digest context using an ENGINE */
-	if (in->engine && !ENGINE_init(in->engine))
-		{
-		EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);
-		return 0;
-		}
-#endif
-
-	if (out->digest == in->digest)
-		{
-		tmp_buf = out->md_data;
-	    	EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
-		}
-	else tmp_buf = NULL;
-	EVP_MD_CTX_cleanup(out);
-	memcpy(out,in,sizeof *out);
-
-	if (in->md_data && out->digest->ctx_size)
-		{
-		if (tmp_buf)
-			out->md_data = tmp_buf;
-		else
-			{
-			out->md_data=OPENSSL_malloc(out->digest->ctx_size);
-			if (!out->md_data)
-				{
-				EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
-				return 0;
-				}
-			}
-		memcpy(out->md_data,in->md_data,out->digest->ctx_size);
-		}
-
-	out->update = in->update;
-
-	if (in->pctx)
-		{
-		out->pctx = EVP_PKEY_CTX_dup(in->pctx);
-		if (!out->pctx)
-			{
-			EVP_MD_CTX_cleanup(out);
-			return 0;
-			}
-		}
-
-	if (out->digest->copy)
-		return out->digest->copy(out,in);
-	
-	return 1;
-	}
-
-int EVP_Digest(const void *data, size_t count,
-		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
-	{
-	EVP_MD_CTX ctx;
-	int ret;
-
-	EVP_MD_CTX_init(&ctx);
-	EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
-	ret=EVP_DigestInit_ex(&ctx, type, impl)
-	  && EVP_DigestUpdate(&ctx, data, count)
-	  && EVP_DigestFinal_ex(&ctx, md, size);
-	EVP_MD_CTX_cleanup(&ctx);
-
-	return ret;
-	}
-
-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
-	{
-	if (ctx)
-		{
-		EVP_MD_CTX_cleanup(ctx);
-		OPENSSL_free(ctx);
-		}
-	}
-
-/* This call frees resources associated with the context */
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
-	{
-#ifndef OPENSSL_FIPS
-	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
-	 * because sometimes only copies of the context are ever finalised.
-	 */
-	if (ctx->digest && ctx->digest->cleanup
-	    && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
-		ctx->digest->cleanup(ctx);
-	if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
-	    && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
-		{
-		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
-		OPENSSL_free(ctx->md_data);
-		}
-#endif
-	if (ctx->pctx)
-		EVP_PKEY_CTX_free(ctx->pctx);
-#ifndef OPENSSL_NO_ENGINE
-	if(ctx->engine)
-		/* The EVP_MD we used belongs to an ENGINE, release the
-		 * functional reference we held for this reason. */
-		ENGINE_finish(ctx->engine);
-#endif
-#ifdef OPENSSL_FIPS
-	FIPS_md_ctx_cleanup(ctx);
-#endif
-	memset(ctx,'\0',sizeof *ctx);
-
-	return 1;
-	}
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
deleted file mode 100644
index 85d5aaa4c4..0000000000
--- a/crypto/evp/e_aes.c
+++ /dev/null
@@ -1,1491 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_AES
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <string.h>
-#include <assert.h>
-#include <openssl/aes.h>
-#include "evp_locl.h"
-#ifndef OPENSSL_FIPS
-#include "modes_lcl.h"
-#include <openssl/rand.h>
-
-typedef struct
-	{
-	union { double align; AES_KEY ks; } ks;
-	block128_f block;
-	union {
-		cbc128_f cbc;
-		ctr128_f ctr;
-	} stream;
-	} EVP_AES_KEY;
-
-typedef struct
-	{
-	union { double align; AES_KEY ks; } ks;	/* AES key schedule to use */
-	int key_set;		/* Set if key initialised */
-	int iv_set;		/* Set if an iv is set */
-	GCM128_CONTEXT gcm;
-	unsigned char *iv;	/* Temporary IV store */
-	int ivlen;		/* IV length */
-	int taglen;
-	int iv_gen;		/* It is OK to generate IVs */
-	int tls_aad_len;	/* TLS AAD length */
-	ctr128_f ctr;
-	} EVP_AES_GCM_CTX;
-
-typedef struct
-	{
-	union { double align; AES_KEY ks; } ks1, ks2;	/* AES key schedules to use */
-	XTS128_CONTEXT xts;
-	void     (*stream)(const unsigned char *in,
-			unsigned char *out, size_t length,
-			const AES_KEY *key1, const AES_KEY *key2,
-			const unsigned char iv[16]);
-	} EVP_AES_XTS_CTX;
-
-typedef struct
-	{
-	union { double align; AES_KEY ks; } ks;	/* AES key schedule to use */
-	int key_set;		/* Set if key initialised */
-	int iv_set;		/* Set if an iv is set */
-	int tag_set;		/* Set if tag is valid */
-	int len_set;		/* Set if message length set */
-	int L, M;		/* L and M parameters from RFC3610 */
-	CCM128_CONTEXT ccm;
-	ccm128_f str;
-	} EVP_AES_CCM_CTX;
-
-#define MAXBITCHUNK	((size_t)1<<(sizeof(size_t)*8-4))
-
-#ifdef VPAES_ASM
-int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
-			AES_KEY *key);
-int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
-			AES_KEY *key);
-
-void vpaes_encrypt(const unsigned char *in, unsigned char *out,
-			const AES_KEY *key);
-void vpaes_decrypt(const unsigned char *in, unsigned char *out,
-			const AES_KEY *key);
-
-void vpaes_cbc_encrypt(const unsigned char *in,
-			unsigned char *out,
-			size_t length,
-			const AES_KEY *key,
-			unsigned char *ivec, int enc);
-#endif
-#ifdef BSAES_ASM
-void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
-			size_t length, const AES_KEY *key,
-			unsigned char ivec[16], int enc);
-void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
-			size_t len, const AES_KEY *key,
-			const unsigned char ivec[16]);
-void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
-			size_t len, const AES_KEY *key1,
-			const AES_KEY *key2, const unsigned char iv[16]);
-void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
-			size_t len, const AES_KEY *key1,
-			const AES_KEY *key2, const unsigned char iv[16]);
-#endif
-#ifdef AES_CTR_ASM
-void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
-			size_t blocks, const AES_KEY *key,
-			const unsigned char ivec[AES_BLOCK_SIZE]);
-#endif
-#ifdef AES_XTS_ASM
-void AES_xts_encrypt(const char *inp,char *out,size_t len,
-			const AES_KEY *key1, const AES_KEY *key2,
-			const unsigned char iv[16]);
-void AES_xts_decrypt(const char *inp,char *out,size_t len,
-			const AES_KEY *key1, const AES_KEY *key2,
-			const unsigned char iv[16]);
-#endif
-
-#if	defined(AES_ASM) && !defined(I386_ONLY) &&	(  \
-	((defined(__i386)	|| defined(__i386__)	|| \
-	  defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
-	defined(__x86_64)	|| defined(__x86_64__)	|| \
-	defined(_M_AMD64)	|| defined(_M_X64)	|| \
-	defined(__INTEL__)				)
-
-extern unsigned int OPENSSL_ia32cap_P[];
-
-#ifdef VPAES_ASM
-#define VPAES_CAPABLE	(OPENSSL_ia32cap_P[1]&(1<<(41-32)))
-#endif
-#ifdef BSAES_ASM
-#define BSAES_CAPABLE	(OPENSSL_ia32cap_P[1]&(1<<(41-32)))
-#endif
-/*
- * AES-NI section
- */
-#define	AESNI_CAPABLE	(OPENSSL_ia32cap_P[1]&(1<<(57-32)))
-
-int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
-			AES_KEY *key);
-int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
-			AES_KEY *key);
-
-void aesni_encrypt(const unsigned char *in, unsigned char *out,
-			const AES_KEY *key);
-void aesni_decrypt(const unsigned char *in, unsigned char *out,
-			const AES_KEY *key);
-
-void aesni_ecb_encrypt(const unsigned char *in,
-			unsigned char *out,
-			size_t length,
-			const AES_KEY *key,
-			int enc);
-void aesni_cbc_encrypt(const unsigned char *in,
-			unsigned char *out,
-			size_t length,
-			const AES_KEY *key,
-			unsigned char *ivec, int enc);
-
-void aesni_ctr32_encrypt_blocks(const unsigned char *in,
-			unsigned char *out,
-			size_t blocks,
-			const void *key,
-			const unsigned char *ivec);
-
-void aesni_xts_encrypt(const unsigned char *in,
-			unsigned char *out,
-			size_t length,
-			const AES_KEY *key1, const AES_KEY *key2,
-			const unsigned char iv[16]);
-
-void aesni_xts_decrypt(const unsigned char *in,
-			unsigned char *out,
-			size_t length,
-			const AES_KEY *key1, const AES_KEY *key2,
-			const unsigned char iv[16]);
-
-void aesni_ccm64_encrypt_blocks (const unsigned char *in,
-			unsigned char *out,
-			size_t blocks,
-			const void *key,
-			const unsigned char ivec[16],
-			unsigned char cmac[16]);
-
-void aesni_ccm64_decrypt_blocks (const unsigned char *in,
-			unsigned char *out,
-			size_t blocks,
-			const void *key,
-			const unsigned char ivec[16],
-			unsigned char cmac[16]);
-
-static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		   const unsigned char *iv, int enc)
-	{
-	int ret, mode;
-	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-
-	mode = ctx->cipher->flags & EVP_CIPH_MODE;
-	if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
-	    && !enc)
-		{ 
-		ret = aesni_set_decrypt_key(key, ctx->key_len*8, ctx->cipher_data);
-		dat->block	= (block128_f)aesni_decrypt;
-		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
-					(cbc128_f)aesni_cbc_encrypt :
-					NULL;
-		}
-	else	{
-		ret = aesni_set_encrypt_key(key, ctx->key_len*8, ctx->cipher_data);
-		dat->block	= (block128_f)aesni_encrypt;
-		if (mode==EVP_CIPH_CBC_MODE)
-			dat->stream.cbc	= (cbc128_f)aesni_cbc_encrypt;
-		else if (mode==EVP_CIPH_CTR_MODE)
-			dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
-		else
-			dat->stream.cbc = NULL;
-		}
-
-	if(ret < 0)
-		{
-		EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
-		return 0;
-		}
-
-	return 1;
-	}
-
-static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-	const unsigned char *in, size_t len)
-{
-	aesni_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt);
-
-	return 1;
-}
-
-static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-	const unsigned char *in, size_t len)
-{
-	size_t	bl = ctx->cipher->block_size;
-
-	if (len<bl)	return 1;
-
-	aesni_ecb_encrypt(in,out,len,ctx->cipher_data,ctx->encrypt);
-
-	return 1;
-}
-
-#define aesni_ofb_cipher aes_ofb_cipher
-static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-	const unsigned char *in,size_t len);
-
-#define aesni_cfb_cipher aes_cfb_cipher
-static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-	const unsigned char *in,size_t len);
-
-#define aesni_cfb8_cipher aes_cfb8_cipher
-static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-	const unsigned char *in,size_t len);
-
-#define aesni_cfb1_cipher aes_cfb1_cipher
-static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-	const unsigned char *in,size_t len);
-
-#define aesni_ctr_cipher aes_ctr_cipher
-static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		const unsigned char *in, size_t len);
-
-static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv, int enc)
-	{
-	EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
-	if (!iv && !key)
-		return 1;
-	if (key)
-		{
-		aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
-		CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
-				(block128_f)aesni_encrypt);
-		gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
-		/* If we have an iv can set it directly, otherwise use
-		 * saved IV.
-		 */
-		if (iv == NULL && gctx->iv_set)
-			iv = gctx->iv;
-		if (iv)
-			{
-			CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
-			gctx->iv_set = 1;
-			}
-		gctx->key_set = 1;
-		}
-	else
-		{
-		/* If key set use IV, otherwise copy */
-		if (gctx->key_set)
-			CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
-		else
-			memcpy(gctx->iv, iv, gctx->ivlen);
-		gctx->iv_set = 1;
-		gctx->iv_gen = 0;
-		}
-	return 1;
-	}
-
-#define aesni_gcm_cipher aes_gcm_cipher
-static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		const unsigned char *in, size_t len);
-
-static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv, int enc)
-	{
-	EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
-	if (!iv && !key)
-		return 1;
-
-	if (key)
-		{
-		/* key_len is two AES keys */
-		if (enc)
-			{
-			aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
-			xctx->xts.block1 = (block128_f)aesni_encrypt;
-			xctx->stream = aesni_xts_encrypt;
-			}
-		else
-			{
-			aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
-			xctx->xts.block1 = (block128_f)aesni_decrypt;
-			xctx->stream = aesni_xts_decrypt;
-			}
-
-		aesni_set_encrypt_key(key + ctx->key_len/2,
-						ctx->key_len * 4, &xctx->ks2.ks);
-		xctx->xts.block2 = (block128_f)aesni_encrypt;
-
-		xctx->xts.key1 = &xctx->ks1;
-		}
-
-	if (iv)
-		{
-		xctx->xts.key2 = &xctx->ks2;
-		memcpy(ctx->iv, iv, 16);
-		}
-
-	return 1;
-	}
-
-#define aesni_xts_cipher aes_xts_cipher
-static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		const unsigned char *in, size_t len);
-
-static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv, int enc)
-	{
-	EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
-	if (!iv && !key)
-		return 1;
-	if (key)
-		{
-		aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
-		CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-					&cctx->ks, (block128_f)aesni_encrypt);
-		cctx->str = enc?(ccm128_f)aesni_ccm64_encrypt_blocks :
-				(ccm128_f)aesni_ccm64_decrypt_blocks;
-		cctx->key_set = 1;
-		}
-	if (iv)
-		{
-		memcpy(ctx->iv, iv, 15 - cctx->L);
-		cctx->iv_set = 1;
-		}
-	return 1;
-	}
-
-#define aesni_ccm_cipher aes_ccm_cipher
-static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		const unsigned char *in, size_t len);
-
-#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
-static const EVP_CIPHER aesni_##keylen##_##mode = { \
-	nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
-	flags|EVP_CIPH_##MODE##_MODE,	\
-	aesni_init_key,			\
-	aesni_##mode##_cipher,		\
-	NULL,				\
-	sizeof(EVP_AES_KEY),		\
-	NULL,NULL,NULL,NULL }; \
-static const EVP_CIPHER aes_##keylen##_##mode = { \
-	nid##_##keylen##_##nmode,blocksize,	\
-	keylen/8,ivlen, \
-	flags|EVP_CIPH_##MODE##_MODE,	\
-	aes_init_key,			\
-	aes_##mode##_cipher,		\
-	NULL,				\
-	sizeof(EVP_AES_KEY),		\
-	NULL,NULL,NULL,NULL }; \
-const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
-{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
-
-#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
-static const EVP_CIPHER aesni_##keylen##_##mode = { \
-	nid##_##keylen##_##mode,blocksize, \
-	(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
-	flags|EVP_CIPH_##MODE##_MODE,	\
-	aesni_##mode##_init_key,	\
-	aesni_##mode##_cipher,		\
-	aes_##mode##_cleanup,		\
-	sizeof(EVP_AES_##MODE##_CTX),	\
-	NULL,NULL,aes_##mode##_ctrl,NULL }; \
-static const EVP_CIPHER aes_##keylen##_##mode = { \
-	nid##_##keylen##_##mode,blocksize, \
-	(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
-	flags|EVP_CIPH_##MODE##_MODE,	\
-	aes_##mode##_init_key,		\
-	aes_##mode##_cipher,		\
-	aes_##mode##_cleanup,		\
-	sizeof(EVP_AES_##MODE##_CTX),	\
-	NULL,NULL,aes_##mode##_ctrl,NULL }; \
-const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
-{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
-
-#else
-
-#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
-static const EVP_CIPHER aes_##keylen##_##mode = { \
-	nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
-	flags|EVP_CIPH_##MODE##_MODE,	\
-	aes_init_key,			\
-	aes_##mode##_cipher,		\
-	NULL,				\
-	sizeof(EVP_AES_KEY),		\
-	NULL,NULL,NULL,NULL }; \
-const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
-{ return &aes_##keylen##_##mode; }
-
-#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
-static const EVP_CIPHER aes_##keylen##_##mode = { \
-	nid##_##keylen##_##mode,blocksize, \
-	(EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
-	flags|EVP_CIPH_##MODE##_MODE,	\
-	aes_##mode##_init_key,		\
-	aes_##mode##_cipher,		\
-	aes_##mode##_cleanup,		\
-	sizeof(EVP_AES_##MODE##_CTX),	\
-	NULL,NULL,aes_##mode##_ctrl,NULL }; \
-const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
-{ return &aes_##keylen##_##mode; }
-#endif
-
-#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
-#include "arm_arch.h"
-#if __ARM_ARCH__>=7
-# if defined(BSAES_ASM)
-#  define BSAES_CAPABLE	(OPENSSL_armcap_P & ARMV7_NEON)
-# endif
-# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
-# define HWAES_set_encrypt_key aes_v8_set_encrypt_key
-# define HWAES_set_decrypt_key aes_v8_set_decrypt_key
-# define HWAES_encrypt aes_v8_encrypt
-# define HWAES_decrypt aes_v8_decrypt
-# define HWAES_cbc_encrypt aes_v8_cbc_encrypt
-# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
-#endif
-#endif
-
-#if defined(HWAES_CAPABLE)
-int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
-	AES_KEY *key);
-int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
-	AES_KEY *key);
-void HWAES_encrypt(const unsigned char *in, unsigned char *out,
-	const AES_KEY *key);
-void HWAES_decrypt(const unsigned char *in, unsigned char *out,
-	const AES_KEY *key);
-void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, const int enc);
-void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
-	size_t len, const AES_KEY *key, const unsigned char ivec[16]);
-#endif
-
-#define BLOCK_CIPHER_generic_pack(nid,keylen,flags)		\
-	BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)	\
-	BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)	\
-	BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)	\
-	BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)	\
-	BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags)	\
-	BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags)	\
-	BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags)
-
-static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		   const unsigned char *iv, int enc)
-	{
-	int ret, mode;
-	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-
-	mode = ctx->cipher->flags & EVP_CIPH_MODE;
-	if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
-	    && !enc)
-#ifdef HWAES_CAPABLE
-	    if (HWAES_CAPABLE)
-		{
-		ret = HWAES_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks);
-		dat->block      = (block128_f)HWAES_decrypt;
-		dat->stream.cbc = NULL;
-#ifdef HWAES_cbc_encrypt
-		if (mode==EVP_CIPH_CBC_MODE)
-		    dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
-#endif
-		}
-	    else
-#endif
-#ifdef BSAES_CAPABLE
-	    if (BSAES_CAPABLE && mode==EVP_CIPH_CBC_MODE)
-		{
-		ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks);
-		dat->block	= (block128_f)AES_decrypt;
-		dat->stream.cbc	= (cbc128_f)bsaes_cbc_encrypt;
-		}
-	    else
-#endif
-#ifdef VPAES_CAPABLE
-	    if (VPAES_CAPABLE)
-		{
-		ret = vpaes_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks);
-		dat->block	= (block128_f)vpaes_decrypt;
-		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
-					(cbc128_f)vpaes_cbc_encrypt :
-					NULL;
-		}
-	    else
-#endif
-		{
-		ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks);
-		dat->block	= (block128_f)AES_decrypt;
-		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
-					(cbc128_f)AES_cbc_encrypt :
-					NULL;
-		}
-	else
-#ifdef HWAES_CAPABLE
-	    if (HWAES_CAPABLE)
-		{
-		ret = HWAES_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks);
-		dat->block      = (block128_f)HWAES_encrypt;
-		dat->stream.cbc = NULL;
-#ifdef HWAES_cbc_encrypt
-		if (mode==EVP_CIPH_CBC_MODE)
-		    dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
-		else
-#endif
-#ifdef HWAES_ctr32_encrypt_blocks
-		if (mode==EVP_CIPH_CTR_MODE)
-		    dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks;
-		else
-#endif
-		(void)0;	/* terminate potentially open 'else' */
-		}
-	    else
-#endif
-#ifdef BSAES_CAPABLE
-	    if (BSAES_CAPABLE && mode==EVP_CIPH_CTR_MODE)
-		{
-		ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks);
-		dat->block	= (block128_f)AES_encrypt;
-		dat->stream.ctr	= (ctr128_f)bsaes_ctr32_encrypt_blocks;
-		}
-	    else
-#endif
-#ifdef VPAES_CAPABLE
-	    if (VPAES_CAPABLE)
-		{
-		ret = vpaes_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks);
-		dat->block	= (block128_f)vpaes_encrypt;
-		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
-					(cbc128_f)vpaes_cbc_encrypt :
-					NULL;
-		}
-	    else
-#endif
-		{
-		ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks);
-		dat->block	= (block128_f)AES_encrypt;
-		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
-					(cbc128_f)AES_cbc_encrypt :
-					NULL;
-#ifdef AES_CTR_ASM
-		if (mode==EVP_CIPH_CTR_MODE)
-			dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
-#endif
-		}
-
-	if(ret < 0)
-		{
-		EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
-		return 0;
-		}
-
-	return 1;
-	}
-
-static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-	const unsigned char *in, size_t len)
-{
-	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-
-	if (dat->stream.cbc)
-		(*dat->stream.cbc)(in,out,len,&dat->ks,ctx->iv,ctx->encrypt);
-	else if (ctx->encrypt)
-		CRYPTO_cbc128_encrypt(in,out,len,&dat->ks,ctx->iv,dat->block);
-	else
-		CRYPTO_cbc128_encrypt(in,out,len,&dat->ks,ctx->iv,dat->block);
-
-	return 1;
-}
-
-static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-	const unsigned char *in, size_t len)
-{
-	size_t	bl = ctx->cipher->block_size;
-	size_t	i;
-	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-
-	if (len<bl)	return 1;
-
-	for (i=0,len-=bl;i<=len;i+=bl)
-		(*dat->block)(in+i,out+i,&dat->ks);
-
-	return 1;
-}
-
-static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-	const unsigned char *in,size_t len)
-{
-	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-
-	CRYPTO_ofb128_encrypt(in,out,len,&dat->ks,
-			ctx->iv,&ctx->num,dat->block);
-	return 1;
-}
-
-static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-	const unsigned char *in,size_t len)
-{
-	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-
-	CRYPTO_cfb128_encrypt(in,out,len,&dat->ks,
-			ctx->iv,&ctx->num,ctx->encrypt,dat->block);
-	return 1;
-}
-
-static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-	const unsigned char *in,size_t len)
-{
-	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-
-	CRYPTO_cfb128_8_encrypt(in,out,len,&dat->ks,
-			ctx->iv,&ctx->num,ctx->encrypt,dat->block);
-	return 1;
-}
-
-static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-	const unsigned char *in,size_t len)
-{
-	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-
-	if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) {
-		CRYPTO_cfb128_1_encrypt(in,out,len,&dat->ks,
-			ctx->iv,&ctx->num,ctx->encrypt,dat->block);
-		return 1;
-	}
-
-	while (len>=MAXBITCHUNK) {
-		CRYPTO_cfb128_1_encrypt(in,out,MAXBITCHUNK*8,&dat->ks,
-			ctx->iv,&ctx->num,ctx->encrypt,dat->block);
-		len-=MAXBITCHUNK;
-	}
-	if (len)
-		CRYPTO_cfb128_1_encrypt(in,out,len*8,&dat->ks,
-			ctx->iv,&ctx->num,ctx->encrypt,dat->block);
-	
-	return 1;
-}
-
-static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out,
-		const unsigned char *in, size_t len)
-{
-	unsigned int num = ctx->num;
-	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
-
-	if (dat->stream.ctr)
-		CRYPTO_ctr128_encrypt_ctr32(in,out,len,&dat->ks,
-			ctx->iv,ctx->buf,&num,dat->stream.ctr);
-	else
-		CRYPTO_ctr128_encrypt(in,out,len,&dat->ks,
-			ctx->iv,ctx->buf,&num,dat->block);
-	ctx->num = (size_t)num;
-	return 1;
-}
-
-BLOCK_CIPHER_generic_pack(NID_aes,128,EVP_CIPH_FLAG_FIPS)
-BLOCK_CIPHER_generic_pack(NID_aes,192,EVP_CIPH_FLAG_FIPS)
-BLOCK_CIPHER_generic_pack(NID_aes,256,EVP_CIPH_FLAG_FIPS)
-
-static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
-	{
-	EVP_AES_GCM_CTX *gctx = c->cipher_data;
-	OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
-	if (gctx->iv != c->iv)
-		OPENSSL_free(gctx->iv);
-	return 1;
-	}
-
-/* increment counter (64-bit int) by 1 */
-static void ctr64_inc(unsigned char *counter) {
-	int n=8;
-	unsigned char  c;
-
-	do {
-		--n;
-		c = counter[n];
-		++c;
-		counter[n] = c;
-		if (c) return;
-	} while (n);
-}
-
-static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-	{
-	EVP_AES_GCM_CTX *gctx = c->cipher_data;
-	switch (type)
-		{
-	case EVP_CTRL_INIT:
-		gctx->key_set = 0;
-		gctx->iv_set = 0;
-		gctx->ivlen = c->cipher->iv_len;
-		gctx->iv = c->iv;
-		gctx->taglen = -1;
-		gctx->iv_gen = 0;
-		gctx->tls_aad_len = -1;
-		return 1;
-
-	case EVP_CTRL_GCM_SET_IVLEN:
-		if (arg <= 0)
-			return 0;
-#ifdef OPENSSL_FIPS
-		if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
-						 && arg < 12)
-			return 0;
-#endif
-		/* Allocate memory for IV if needed */
-		if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen))
-			{
-			if (gctx->iv != c->iv)
-				OPENSSL_free(gctx->iv);
-			gctx->iv = OPENSSL_malloc(arg);
-			if (!gctx->iv)
-				return 0;
-			}
-		gctx->ivlen = arg;
-		return 1;
-
-	case EVP_CTRL_GCM_SET_TAG:
-		if (arg <= 0 || arg > 16 || c->encrypt)
-			return 0;
-		memcpy(c->buf, ptr, arg);
-		gctx->taglen = arg;
-		return 1;
-
-	case EVP_CTRL_GCM_GET_TAG:
-		if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0)
-			return 0;
-		memcpy(ptr, c->buf, arg);
-		return 1;
-
-	case EVP_CTRL_GCM_SET_IV_FIXED:
-		/* Special case: -1 length restores whole IV */
-		if (arg == -1)
-			{
-			memcpy(gctx->iv, ptr, gctx->ivlen);
-			gctx->iv_gen = 1;
-			return 1;
-			}
-		/* Fixed field must be at least 4 bytes and invocation field
-		 * at least 8.
-		 */
-		if ((arg < 4) || (gctx->ivlen - arg) < 8)
-			return 0;
-		if (arg)
-			memcpy(gctx->iv, ptr, arg);
-		if (c->encrypt &&
-			RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
-			return 0;
-		gctx->iv_gen = 1;
-		return 1;
-
-	case EVP_CTRL_GCM_IV_GEN:
-		if (gctx->iv_gen == 0 || gctx->key_set == 0)
-			return 0;
-		CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
-		if (arg <= 0 || arg > gctx->ivlen)
-			arg = gctx->ivlen;
-		memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
-		/* Invocation field will be at least 8 bytes in size and
-		 * so no need to check wrap around or increment more than
-		 * last 8 bytes.
-		 */
-		ctr64_inc(gctx->iv + gctx->ivlen - 8);
-		gctx->iv_set = 1;
-		return 1;
-
-	case EVP_CTRL_GCM_SET_IV_INV:
-		if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt)
-			return 0;
-		memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
-		CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
-		gctx->iv_set = 1;
-		return 1;
-
-	case EVP_CTRL_AEAD_TLS1_AAD:
-		/* Save the AAD for later use */
-		if (arg != 13)
-			return 0;
-		memcpy(c->buf, ptr, arg);
-		gctx->tls_aad_len = arg;
-			{
-			unsigned int len=c->buf[arg-2]<<8|c->buf[arg-1];
-			/* Correct length for explicit IV */
-			len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-			/* If decrypting correct for tag too */
-			if (!c->encrypt)
-				len -= EVP_GCM_TLS_TAG_LEN;
-                        c->buf[arg-2] = len>>8;
-                        c->buf[arg-1] = len & 0xff;
-			}
-		/* Extra padding: tag appended to record */
-		return EVP_GCM_TLS_TAG_LEN;
-
-	case EVP_CTRL_COPY:
-		{
-			EVP_CIPHER_CTX *out = ptr;
-			EVP_AES_GCM_CTX *gctx_out = out->cipher_data;
-			if (gctx->gcm.key)
-				{
-				if (gctx->gcm.key != &gctx->ks)
-					return 0;
-				gctx_out->gcm.key = &gctx_out->ks;
-				}
-			if (gctx->iv == c->iv)
-				gctx_out->iv = out->iv;
-			else
-			{
-				gctx_out->iv = OPENSSL_malloc(gctx->ivlen);
-				if (!gctx_out->iv)
-					return 0;
-				memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
-			}
-			return 1;
-		}
-
-	default:
-		return -1;
-
-		}
-	}
-
-static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv, int enc)
-	{
-	EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
-	if (!iv && !key)
-		return 1;
-	if (key)
-		{ do {
-#ifdef HWAES_CAPABLE
-		if (HWAES_CAPABLE)
-			{
-			HWAES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks.ks);
-			CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks,
-					(block128_f)HWAES_encrypt);
-#ifdef HWAES_ctr32_encrypt_blocks
-			gctx->ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks;
-#else
-			gctx->ctr = NULL;
-#endif
-			break;
-			}
-		else
-#endif
-#ifdef BSAES_CAPABLE
-		if (BSAES_CAPABLE)
-			{
-			AES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks.ks);
-			CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks,
-					(block128_f)AES_encrypt);
-			gctx->ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
-			break;
-			}
-		else
-#endif
-#ifdef VPAES_CAPABLE
-		if (VPAES_CAPABLE)
-			{
-			vpaes_set_encrypt_key(key,ctx->key_len*8,&gctx->ks.ks);
-			CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks,
-					(block128_f)vpaes_encrypt);
-			gctx->ctr = NULL;
-			break;
-			}
-		else
-#endif
-		(void)0;	/* terminate potentially open 'else' */
-
-		AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
-		CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
-#ifdef AES_CTR_ASM
-		gctx->ctr = (ctr128_f)AES_ctr32_encrypt;
-#else
-		gctx->ctr = NULL;
-#endif
-		} while (0);
-
-		/* If we have an iv can set it directly, otherwise use
-		 * saved IV.
-		 */
-		if (iv == NULL && gctx->iv_set)
-			iv = gctx->iv;
-		if (iv)
-			{
-			CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
-			gctx->iv_set = 1;
-			}
-		gctx->key_set = 1;
-		}
-	else
-		{
-		/* If key set use IV, otherwise copy */
-		if (gctx->key_set)
-			CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
-		else
-			memcpy(gctx->iv, iv, gctx->ivlen);
-		gctx->iv_set = 1;
-		gctx->iv_gen = 0;
-		}
-	return 1;
-	}
-
-/* Handle TLS GCM packet format. This consists of the last portion of the IV
- * followed by the payload and finally the tag. On encrypt generate IV,
- * encrypt payload and write the tag. On verify retrieve IV, decrypt payload
- * and verify tag.
- */
-
-static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		const unsigned char *in, size_t len)
-	{
-	EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
-	int rv = -1;
-	/* Encrypt/decrypt must be performed in place */
-	if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN+EVP_GCM_TLS_TAG_LEN))
-		return -1;
-	/* Set IV from start of buffer or generate IV and write to start
-	 * of buffer.
-	 */
-	if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
-				EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
-				EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
-		goto err;
-	/* Use saved AAD */
-	if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len))
-		goto err;
-	/* Fix buffer and length to point to payload */
-	in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-	out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-	len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
-	if (ctx->encrypt)
-		{
-		/* Encrypt payload */
-		if (gctx->ctr)
-			{
-			if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
-							in, out, len,
-							gctx->ctr))
-				goto err;
-			}
-		else	{
-			if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
-				goto err;
-			}
-		out += len;
-		/* Finally write tag */
-		CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
-		rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
-		}
-	else
-		{
-		/* Decrypt */
-		if (gctx->ctr)
-			{
-			if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
-							in, out, len,
-							gctx->ctr))
-				goto err;
-			}
-		else	{
-			if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
-				goto err;
-			}
-		/* Retrieve tag */
-		CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf,
-					EVP_GCM_TLS_TAG_LEN);
-		/* If tag mismatch wipe buffer */
-		if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN))
-			{
-			OPENSSL_cleanse(out, len);
-			goto err;
-			}
-		rv = len;
-		}
-
-	err:
-	gctx->iv_set = 0;
-	gctx->tls_aad_len = -1;
-	return rv;
-	}
-
-static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		const unsigned char *in, size_t len)
-	{
-	EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
-	/* If not set up, return error */
-	if (!gctx->key_set)
-		return -1;
-
-	if (gctx->tls_aad_len >= 0)
-		return aes_gcm_tls_cipher(ctx, out, in, len);
-
-	if (!gctx->iv_set)
-		return -1;
-	if (in)
-		{
-		if (out == NULL)
-			{
-			if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
-				return -1;
-			}
-		else if (ctx->encrypt)
-			{
-			if (gctx->ctr)
-				{
-				if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
-							in, out, len,
-							gctx->ctr))
-					return -1;
-				}
-			else	{
-				if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
-					return -1;
-				}
-			}
-		else
-			{
-			if (gctx->ctr)
-				{
-				if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
-							in, out, len,
-							gctx->ctr))
-					return -1;
-				}
-			else	{
-				if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
-					return -1;
-				}
-			}
-		return len;
-		}
-	else
-		{
-		if (!ctx->encrypt)
-			{
-			if (gctx->taglen < 0)
-				return -1;
-			if (CRYPTO_gcm128_finish(&gctx->gcm,
-					ctx->buf, gctx->taglen) != 0)
-				return -1;
-			gctx->iv_set = 0;
-			return 0;
-			}
-		CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);
-		gctx->taglen = 16;
-		/* Don't reuse the IV */
-		gctx->iv_set = 0;
-		return 0;
-		}
-
-	}
-
-#define CUSTOM_FLAGS	(EVP_CIPH_FLAG_DEFAULT_ASN1 \
-		| EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
-		| EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
-		| EVP_CIPH_CUSTOM_COPY)
-
-BLOCK_CIPHER_custom(NID_aes,128,1,12,gcm,GCM,
-		EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
-BLOCK_CIPHER_custom(NID_aes,192,1,12,gcm,GCM,
-		EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
-BLOCK_CIPHER_custom(NID_aes,256,1,12,gcm,GCM,
-		EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
-
-static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-	{
-	EVP_AES_XTS_CTX *xctx = c->cipher_data;
-	if (type == EVP_CTRL_COPY)
-		{
-		EVP_CIPHER_CTX *out = ptr;
-		EVP_AES_XTS_CTX *xctx_out = out->cipher_data;
-		if (xctx->xts.key1)
-			{
-			if (xctx->xts.key1 != &xctx->ks1)
-				return 0;
-			xctx_out->xts.key1 = &xctx_out->ks1;
-			}
-		if (xctx->xts.key2)
-			{
-			if (xctx->xts.key2 != &xctx->ks2)
-				return 0;
-			xctx_out->xts.key2 = &xctx_out->ks2;
-			}
-		return 1;
-		}
-	else if (type != EVP_CTRL_INIT)
-		return -1;
-	/* key1 and key2 are used as an indicator both key and IV are set */
-	xctx->xts.key1 = NULL;
-	xctx->xts.key2 = NULL;
-	return 1;
-	}
-
-static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv, int enc)
-	{
-	EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
-	if (!iv && !key)
-		return 1;
-
-	if (key) do
-		{
-#ifdef AES_XTS_ASM
-		xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
-#else
-		xctx->stream = NULL;
-#endif
-		/* key_len is two AES keys */
-#ifdef HWAES_CAPABLE
-		if (HWAES_CAPABLE)
-			{
-			if (enc)
-			    {
-			    HWAES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
-			    xctx->xts.block1 = (block128_f)HWAES_encrypt;
-			    }
-			else
-			    {
-			    HWAES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
-			    xctx->xts.block1 = (block128_f)HWAES_decrypt;
-			    }
-
-			HWAES_set_encrypt_key(key + ctx->key_len/2,
-						    ctx->key_len * 4, &xctx->ks2.ks);
-			xctx->xts.block2 = (block128_f)HWAES_encrypt;
-
-			xctx->xts.key1 = &xctx->ks1;
-			break;
-			}
-		else
-#endif
-#ifdef BSAES_CAPABLE
-		if (BSAES_CAPABLE)
-			xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt;
-		else
-#endif
-#ifdef VPAES_CAPABLE
-		if (VPAES_CAPABLE)
-		    {
-		    if (enc)
-			{
-			vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
-			xctx->xts.block1 = (block128_f)vpaes_encrypt;
-			}
-		    else
-			{
-			vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
-			xctx->xts.block1 = (block128_f)vpaes_decrypt;
-			}
-
-		    vpaes_set_encrypt_key(key + ctx->key_len/2,
-						ctx->key_len * 4, &xctx->ks2.ks);
-		    xctx->xts.block2 = (block128_f)vpaes_encrypt;
-
-		    xctx->xts.key1 = &xctx->ks1;
-		    break;
-		    }
-		else
-#endif
-		(void)0;	/* terminate potentially open 'else' */
-
-		if (enc)
-			{
-			AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
-			xctx->xts.block1 = (block128_f)AES_encrypt;
-			}
-		else
-			{
-			AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
-			xctx->xts.block1 = (block128_f)AES_decrypt;
-			}
-
-		AES_set_encrypt_key(key + ctx->key_len/2,
-						ctx->key_len * 4, &xctx->ks2.ks);
-		xctx->xts.block2 = (block128_f)AES_encrypt;
-
-		xctx->xts.key1 = &xctx->ks1;
-		} while (0);
-
-	if (iv)
-		{
-		xctx->xts.key2 = &xctx->ks2;
-		memcpy(ctx->iv, iv, 16);
-		}
-
-	return 1;
-	}
-
-static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		const unsigned char *in, size_t len)
-	{
-	EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
-	if (!xctx->xts.key1 || !xctx->xts.key2)
-		return 0;
-	if (!out || !in || len<AES_BLOCK_SIZE)
-		return 0;
-#ifdef OPENSSL_FIPS
-	/* Requirement of SP800-38E */
-	if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
-			(len > (1UL<<20)*16))
-		{
-		EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
-		return 0;
-		}
-#endif
-	if (xctx->stream)
-		(*xctx->stream)(in, out, len,
-				xctx->xts.key1, xctx->xts.key2, ctx->iv);
-	else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
-								ctx->encrypt))
-		return 0;
-	return 1;
-	}
-
-#define aes_xts_cleanup NULL
-
-#define XTS_FLAGS	(EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
-			 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
-			 | EVP_CIPH_CUSTOM_COPY)
-
-BLOCK_CIPHER_custom(NID_aes,128,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
-BLOCK_CIPHER_custom(NID_aes,256,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
-
-static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-	{
-	EVP_AES_CCM_CTX *cctx = c->cipher_data;
-	switch (type)
-		{
-	case EVP_CTRL_INIT:
-		cctx->key_set = 0;
-		cctx->iv_set = 0;
-		cctx->L = 8;
-		cctx->M = 12;
-		cctx->tag_set = 0;
-		cctx->len_set = 0;
-		return 1;
-
-	case EVP_CTRL_CCM_SET_IVLEN:
-		arg = 15 - arg;
-	case EVP_CTRL_CCM_SET_L:
-		if (arg < 2 || arg > 8)
-			return 0;
-		cctx->L = arg;
-		return 1;
-
-	case EVP_CTRL_CCM_SET_TAG:
-		if ((arg & 1) || arg < 4 || arg > 16)
-			return 0;
-		if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
-			return 0;
-		if (ptr)
-			{
-			cctx->tag_set = 1;
-			memcpy(c->buf, ptr, arg);
-			}
-		cctx->M = arg;
-		return 1;
-
-	case EVP_CTRL_CCM_GET_TAG:
-		if (!c->encrypt || !cctx->tag_set)
-			return 0;
-		if(!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
-			return 0;
-		cctx->tag_set = 0;
-		cctx->iv_set = 0;
-		cctx->len_set = 0;
-		return 1;
-
-	case EVP_CTRL_COPY:
-		{
-			EVP_CIPHER_CTX *out = ptr;
-			EVP_AES_CCM_CTX *cctx_out = out->cipher_data;
-			if (cctx->ccm.key)
-				{
-				if (cctx->ccm.key != &cctx->ks)
-					return 0;
-				cctx_out->ccm.key = &cctx_out->ks;
-				}
-			return 1;
-		}
-
-	default:
-		return -1;
-
-		}
-	}
-
-static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                        const unsigned char *iv, int enc)
-	{
-	EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
-	if (!iv && !key)
-		return 1;
-	if (key) do
-		{
-#ifdef HWAES_CAPABLE
-		if (HWAES_CAPABLE)
-			{
-			HWAES_set_encrypt_key(key,ctx->key_len*8,&cctx->ks.ks);
-
-			CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-					&cctx->ks, (block128_f)HWAES_encrypt);
-			cctx->str = NULL;
-			cctx->key_set = 1;
-			break;
-			}
-		else
-#endif
-#ifdef VPAES_CAPABLE
-		if (VPAES_CAPABLE)
-			{
-			vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks.ks);
-			CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-					&cctx->ks, (block128_f)vpaes_encrypt);
-			cctx->str = NULL;
-			cctx->key_set = 1;
-			break;
-			}
-#endif
-		AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
-		CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-					&cctx->ks, (block128_f)AES_encrypt);
-		cctx->str = NULL;
-		cctx->key_set = 1;
-		} while (0);
-	if (iv)
-		{
-		memcpy(ctx->iv, iv, 15 - cctx->L);
-		cctx->iv_set = 1;
-		}
-	return 1;
-	}
-
-static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		const unsigned char *in, size_t len)
-	{
-	EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
-	CCM128_CONTEXT *ccm = &cctx->ccm;
-	/* If not set up, return error */
-	if (!cctx->iv_set && !cctx->key_set)
-		return -1;
-	if (!ctx->encrypt && !cctx->tag_set)
-		return -1;
-	if (!out)
-		{
-		if (!in)
-			{
-			if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,len))
-				return -1;
-			cctx->len_set = 1;
-			return len;
-			}
-		/* If have AAD need message length */
-		if (!cctx->len_set && len)
-			return -1;
-		CRYPTO_ccm128_aad(ccm, in, len);
-		return len;
-		}
-	/* EVP_*Final() doesn't return any data */
-	if (!in)
-		return 0;
-	/* If not set length yet do it */
-	if (!cctx->len_set)
-		{
-		if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
-			return -1;
-		cctx->len_set = 1;
-		}
-	if (ctx->encrypt)
-		{
-		if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
-						cctx->str) :
-				CRYPTO_ccm128_encrypt(ccm, in, out, len))
-			return -1;
-		cctx->tag_set = 1;
-		return len;
-		}
-	else
-		{
-		int rv = -1;
-		if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
-						cctx->str) :
-				!CRYPTO_ccm128_decrypt(ccm, in, out, len))
-			{
-			unsigned char tag[16];
-			if (CRYPTO_ccm128_tag(ccm, tag, cctx->M))
-				{
-				if (!memcmp(tag, ctx->buf, cctx->M))
-					rv = len;
-				}
-			}
-		if (rv == -1)
-			OPENSSL_cleanse(out, len);
-		cctx->iv_set = 0;
-		cctx->tag_set = 0;
-		cctx->len_set = 0;
-		return rv;
-		}
-
-	}
-
-#define aes_ccm_cleanup NULL
-
-BLOCK_CIPHER_custom(NID_aes,128,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
-BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
-BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
-
-#endif
-#endif
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
deleted file mode 100644
index fb2c884a78..0000000000
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ /dev/null
@@ -1,581 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/opensslconf.h>
-
-#include <stdio.h>
-#include <string.h>
-
-#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1)
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/aes.h>
-#include <openssl/sha.h>
-#include "evp_locl.h"
-
-#ifndef EVP_CIPH_FLAG_AEAD_CIPHER
-#define EVP_CIPH_FLAG_AEAD_CIPHER	0x200000
-#define EVP_CTRL_AEAD_TLS1_AAD		0x16
-#define EVP_CTRL_AEAD_SET_MAC_KEY	0x17
-#endif
-
-#if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1)
-#define EVP_CIPH_FLAG_DEFAULT_ASN1 0
-#endif
-
-#define TLS1_1_VERSION 0x0302
-
-typedef struct
-    {
-    AES_KEY		ks;
-    SHA_CTX		head,tail,md;
-    size_t		payload_length;	/* AAD length in decrypt case */
-    union {
-	unsigned int	tls_ver;
-    	unsigned char	tls_aad[16];	/* 13 used */
-    } aux;
-    } EVP_AES_HMAC_SHA1;
-
-#define NO_PAYLOAD_LENGTH	((size_t)-1)
-
-#if	defined(AES_ASM) &&	( \
-	defined(__x86_64)	|| defined(__x86_64__)	|| \
-	defined(_M_AMD64)	|| defined(_M_X64)	|| \
-	defined(__INTEL__)	)
-
-#if defined(__GNUC__) && __GNUC__>=2 && !defined(PEDANTIC)
-# define BSWAP(x) ({ unsigned int r=(x); asm ("bswapl %0":"=r"(r):"0"(r)); r; })
-#endif
-
-extern unsigned int OPENSSL_ia32cap_P[2];
-#define AESNI_CAPABLE   (1<<(57-32))
-
-int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
-			      AES_KEY *key);
-int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
-			      AES_KEY *key);
-
-void aesni_cbc_encrypt(const unsigned char *in,
-			   unsigned char *out,
-			   size_t length,
-			   const AES_KEY *key,
-			   unsigned char *ivec, int enc);
-
-void aesni_cbc_sha1_enc (const void *inp, void *out, size_t blocks,
-		const AES_KEY *key, unsigned char iv[16],
-		SHA_CTX *ctx,const void *in0);
-
-#define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
-
-static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
-			const unsigned char *inkey,
-			const unsigned char *iv, int enc)
-	{
-	EVP_AES_HMAC_SHA1 *key = data(ctx);
-	int ret;
-
-	if (enc)
-		ret=aesni_set_encrypt_key(inkey,ctx->key_len*8,&key->ks);
-	else
-		ret=aesni_set_decrypt_key(inkey,ctx->key_len*8,&key->ks);
-
-	SHA1_Init(&key->head);	/* handy when benchmarking */
-	key->tail = key->head;
-	key->md   = key->head;
-
-	key->payload_length = NO_PAYLOAD_LENGTH;
-
-	return ret<0?0:1;
-	}
-
-#define	STITCHED_CALL
-
-#if !defined(STITCHED_CALL)
-#define	aes_off 0
-#endif
-
-void sha1_block_data_order (void *c,const void *p,size_t len);
-
-static void sha1_update(SHA_CTX *c,const void *data,size_t len)
-{	const unsigned char *ptr = data;
-	size_t res;
-
-	if ((res = c->num)) {
-		res = SHA_CBLOCK-res;
-		if (len<res) res=len;
-		SHA1_Update (c,ptr,res);
-		ptr += res;
-		len -= res;
-	}
-
-	res = len % SHA_CBLOCK;
-	len -= res;
-
-	if (len) {
-		sha1_block_data_order(c,ptr,len/SHA_CBLOCK);
-
-		ptr += len;
-		c->Nh += len>>29;
-		c->Nl += len<<=3;
-		if (c->Nl<(unsigned int)len) c->Nh++;
-	}
-
-	if (res)
-		SHA1_Update(c,ptr,res);
-}
-
-#ifdef SHA1_Update
-#undef SHA1_Update
-#endif
-#define SHA1_Update sha1_update
-
-static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		      const unsigned char *in, size_t len)
-	{
-	EVP_AES_HMAC_SHA1 *key = data(ctx);
-	unsigned int l;
-	size_t	plen = key->payload_length,
-		iv = 0,		/* explicit IV in TLS 1.1 and later */
-		sha_off = 0;
-#if defined(STITCHED_CALL)
-	size_t	aes_off = 0,
-		blocks;
-
-	sha_off = SHA_CBLOCK-key->md.num;
-#endif
-
-	key->payload_length = NO_PAYLOAD_LENGTH;
-
-	if (len%AES_BLOCK_SIZE) return 0;
-
-	if (ctx->encrypt) {
-		if (plen==NO_PAYLOAD_LENGTH)
-			plen = len;
-		else if (len!=((plen+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE))
-			return 0;
-		else if (key->aux.tls_ver >= TLS1_1_VERSION)
-			iv = AES_BLOCK_SIZE;
-
-#if defined(STITCHED_CALL)
-		if (plen>(sha_off+iv) && (blocks=(plen-(sha_off+iv))/SHA_CBLOCK)) {
-			SHA1_Update(&key->md,in+iv,sha_off);
-
-			aesni_cbc_sha1_enc(in,out,blocks,&key->ks,
-				ctx->iv,&key->md,in+iv+sha_off);
-			blocks *= SHA_CBLOCK;
-			aes_off += blocks;
-			sha_off += blocks;
-			key->md.Nh += blocks>>29;
-			key->md.Nl += blocks<<=3;
-			if (key->md.Nl<(unsigned int)blocks) key->md.Nh++;
-		} else {
-			sha_off = 0;
-		}
-#endif
-		sha_off += iv;
-		SHA1_Update(&key->md,in+sha_off,plen-sha_off);
-
-		if (plen!=len)	{	/* "TLS" mode of operation */
-			if (in!=out)
-				memcpy(out+aes_off,in+aes_off,plen-aes_off);
-
-			/* calculate HMAC and append it to payload */
-			SHA1_Final(out+plen,&key->md);
-			key->md = key->tail;
-			SHA1_Update(&key->md,out+plen,SHA_DIGEST_LENGTH);
-			SHA1_Final(out+plen,&key->md);
-
-			/* pad the payload|hmac */
-			plen += SHA_DIGEST_LENGTH;
-			for (l=len-plen-1;plen<len;plen++) out[plen]=l;
-			/* encrypt HMAC|padding at once */
-			aesni_cbc_encrypt(out+aes_off,out+aes_off,len-aes_off,
-					&key->ks,ctx->iv,1);
-		} else {
-			aesni_cbc_encrypt(in+aes_off,out+aes_off,len-aes_off,
-					&key->ks,ctx->iv,1);
-		}
-	} else {
-		union { unsigned int  u[SHA_DIGEST_LENGTH/sizeof(unsigned int)];
-			unsigned char c[32+SHA_DIGEST_LENGTH]; } mac, *pmac;
-
-		/* arrange cache line alignment */
-		pmac = (void *)(((size_t)mac.c+31)&((size_t)0-32));
-
-		/* decrypt HMAC|padding at once */
-		aesni_cbc_encrypt(in,out,len,
-				&key->ks,ctx->iv,0);
-
-		if (plen) {	/* "TLS" mode of operation */
-			size_t inp_len, mask, j, i;
-			unsigned int res, maxpad, pad, bitlen;
-			int ret = 1;
-			union {	unsigned int  u[SHA_LBLOCK];
-				unsigned char c[SHA_CBLOCK]; }
-				*data = (void *)key->md.data;
-
-			if ((key->aux.tls_aad[plen-4]<<8|key->aux.tls_aad[plen-3])
-			    >= TLS1_1_VERSION)
-				iv = AES_BLOCK_SIZE;
-
-			if (len<(iv+SHA_DIGEST_LENGTH+1))
-				return 0;
-
-			/* omit explicit iv */
-			out += iv;
-			len -= iv;
-
-			/* figure out payload length */
-			pad = out[len-1];
-			maxpad = len-(SHA_DIGEST_LENGTH+1);
-			maxpad |= (255-maxpad)>>(sizeof(maxpad)*8-8);
-			maxpad &= 255;
-
-			inp_len = len - (SHA_DIGEST_LENGTH+pad+1);
-			mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1)));
-			inp_len &= mask;
-			ret &= (int)mask;
-
-			key->aux.tls_aad[plen-2] = inp_len>>8;
-			key->aux.tls_aad[plen-1] = inp_len;
-
-			/* calculate HMAC */
-			key->md = key->head;
-			SHA1_Update(&key->md,key->aux.tls_aad,plen);
-
-#if 1
-			len -= SHA_DIGEST_LENGTH;		/* amend mac */
-			if (len>=(256+SHA_CBLOCK)) {
-				j = (len-(256+SHA_CBLOCK))&(0-SHA_CBLOCK);
-				j += SHA_CBLOCK-key->md.num;
-				SHA1_Update(&key->md,out,j);
-				out += j;
-				len -= j;
-				inp_len -= j;
-			}
-
-			/* but pretend as if we hashed padded payload */
-			bitlen = key->md.Nl+(inp_len<<3);	/* at most 18 bits */
-#ifdef BSWAP
-			bitlen = BSWAP(bitlen);
-#else
-			mac.c[0] = 0;
-			mac.c[1] = (unsigned char)(bitlen>>16);
-			mac.c[2] = (unsigned char)(bitlen>>8);
-			mac.c[3] = (unsigned char)bitlen;
-			bitlen = mac.u[0];
-#endif
-
-			pmac->u[0]=0;
-			pmac->u[1]=0;
-			pmac->u[2]=0;
-			pmac->u[3]=0;
-			pmac->u[4]=0;
-
-			for (res=key->md.num, j=0;j<len;j++) {
-				size_t c = out[j];
-				mask = (j-inp_len)>>(sizeof(j)*8-8);
-				c &= mask;
-				c |= 0x80&~mask&~((inp_len-j)>>(sizeof(j)*8-8));
-				data->c[res++]=(unsigned char)c;
-
-				if (res!=SHA_CBLOCK) continue;
-
-				/* j is not incremented yet */
-				mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
-				data->u[SHA_LBLOCK-1] |= bitlen&mask;
-				sha1_block_data_order(&key->md,data,1);
-				mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
-				pmac->u[0] |= key->md.h0 & mask;
-				pmac->u[1] |= key->md.h1 & mask;
-				pmac->u[2] |= key->md.h2 & mask;
-				pmac->u[3] |= key->md.h3 & mask;
-				pmac->u[4] |= key->md.h4 & mask;
-				res=0;
-			}
-
-			for(i=res;i<SHA_CBLOCK;i++,j++) data->c[i]=0;
-
-			if (res>SHA_CBLOCK-8) {
-				mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
-				data->u[SHA_LBLOCK-1] |= bitlen&mask;
-				sha1_block_data_order(&key->md,data,1);
-				mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
-				pmac->u[0] |= key->md.h0 & mask;
-				pmac->u[1] |= key->md.h1 & mask;
-				pmac->u[2] |= key->md.h2 & mask;
-				pmac->u[3] |= key->md.h3 & mask;
-				pmac->u[4] |= key->md.h4 & mask;
-
-				memset(data,0,SHA_CBLOCK);
-				j+=64;
-			}
-			data->u[SHA_LBLOCK-1] = bitlen;
-			sha1_block_data_order(&key->md,data,1);
-			mask = 0-((j-inp_len-73)>>(sizeof(j)*8-1));
-			pmac->u[0] |= key->md.h0 & mask;
-			pmac->u[1] |= key->md.h1 & mask;
-			pmac->u[2] |= key->md.h2 & mask;
-			pmac->u[3] |= key->md.h3 & mask;
-			pmac->u[4] |= key->md.h4 & mask;
-
-#ifdef BSWAP
-			pmac->u[0] = BSWAP(pmac->u[0]);
-			pmac->u[1] = BSWAP(pmac->u[1]);
-			pmac->u[2] = BSWAP(pmac->u[2]);
-			pmac->u[3] = BSWAP(pmac->u[3]);
-			pmac->u[4] = BSWAP(pmac->u[4]);
-#else
-			for (i=0;i<5;i++) {
-				res = pmac->u[i];
-				pmac->c[4*i+0]=(unsigned char)(res>>24);
-				pmac->c[4*i+1]=(unsigned char)(res>>16);
-				pmac->c[4*i+2]=(unsigned char)(res>>8);
-				pmac->c[4*i+3]=(unsigned char)res;
-			}
-#endif
-			len += SHA_DIGEST_LENGTH;
-#else
-			SHA1_Update(&key->md,out,inp_len);
-			res = key->md.num;
-			SHA1_Final(pmac->c,&key->md);
-
-			{
-			unsigned int inp_blocks, pad_blocks;
-
-			/* but pretend as if we hashed padded payload */
-			inp_blocks = 1+((SHA_CBLOCK-9-res)>>(sizeof(res)*8-1));
-			res += (unsigned int)(len-inp_len);
-			pad_blocks = res / SHA_CBLOCK;
-			res %= SHA_CBLOCK;
-			pad_blocks += 1+((SHA_CBLOCK-9-res)>>(sizeof(res)*8-1));
-			for (;inp_blocks<pad_blocks;inp_blocks++)
-				sha1_block_data_order(&key->md,data,1);
-			}
-#endif
-			key->md = key->tail;
-			SHA1_Update(&key->md,pmac->c,SHA_DIGEST_LENGTH);
-			SHA1_Final(pmac->c,&key->md);
-
-			/* verify HMAC */
-			out += inp_len;
-			len -= inp_len;
-#if 1
-			{
-			unsigned char *p = out+len-1-maxpad-SHA_DIGEST_LENGTH;
-			size_t off = out-p;
-			unsigned int c, cmask;
-
-			maxpad += SHA_DIGEST_LENGTH;
-			for (res=0,i=0,j=0;j<maxpad;j++) {
-				c = p[j];
-				cmask = ((int)(j-off-SHA_DIGEST_LENGTH))>>(sizeof(int)*8-1);
-				res |= (c^pad)&~cmask;	/* ... and padding */
-				cmask &= ((int)(off-1-j))>>(sizeof(int)*8-1);
-				res |= (c^pmac->c[i])&cmask;
-				i += 1&cmask;
-			}
-			maxpad -= SHA_DIGEST_LENGTH;
-
-			res = 0-((0-res)>>(sizeof(res)*8-1));
-			ret &= (int)~res;
-			}
-#else
-			for (res=0,i=0;i<SHA_DIGEST_LENGTH;i++)
-				res |= out[i]^pmac->c[i];
-			res = 0-((0-res)>>(sizeof(res)*8-1));
-			ret &= (int)~res;
-
-			/* verify padding */
-			pad = (pad&~res) | (maxpad&res);
-			out = out+len-1-pad;
-			for (res=0,i=0;i<pad;i++)
-				res |= out[i]^pad;
-
-			res = (0-res)>>(sizeof(res)*8-1);
-			ret &= (int)~res;
-#endif
-			return ret;
-		} else {
-			SHA1_Update(&key->md,out,len);
-		}
-	}
-
-	return 1;
-	}
-
-static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-	{
-	EVP_AES_HMAC_SHA1 *key = data(ctx);
-
-	switch (type)
-		{
-	case EVP_CTRL_AEAD_SET_MAC_KEY:
-		{
-		unsigned int  i;
-		unsigned char hmac_key[64];
-
-		memset (hmac_key,0,sizeof(hmac_key));
-
-		if (arg > (int)sizeof(hmac_key)) {
-			SHA1_Init(&key->head);
-			SHA1_Update(&key->head,ptr,arg);
-			SHA1_Final(hmac_key,&key->head);
-		} else {
-			memcpy(hmac_key,ptr,arg);
-		}
-
-		for (i=0;i<sizeof(hmac_key);i++)
-			hmac_key[i] ^= 0x36;		/* ipad */
-		SHA1_Init(&key->head);
-		SHA1_Update(&key->head,hmac_key,sizeof(hmac_key));
-
-		for (i=0;i<sizeof(hmac_key);i++)
-			hmac_key[i] ^= 0x36^0x5c;	/* opad */
-		SHA1_Init(&key->tail);
-		SHA1_Update(&key->tail,hmac_key,sizeof(hmac_key));
-
-		OPENSSL_cleanse(hmac_key,sizeof(hmac_key));
-
-		return 1;
-		}
-	case EVP_CTRL_AEAD_TLS1_AAD:
-		{
-		unsigned char *p=ptr;
-		unsigned int   len=p[arg-2]<<8|p[arg-1];
-
-		if (ctx->encrypt)
-			{
-			key->payload_length = len;
-			if ((key->aux.tls_ver=p[arg-4]<<8|p[arg-3]) >= TLS1_1_VERSION) {
-				len -= AES_BLOCK_SIZE;
-				p[arg-2] = len>>8;
-				p[arg-1] = len;
-			}
-			key->md = key->head;
-			SHA1_Update(&key->md,p,arg);
-
-			return (int)(((len+SHA_DIGEST_LENGTH+AES_BLOCK_SIZE)&-AES_BLOCK_SIZE)
-				- len);
-			}
-		else
-			{
-			if (arg>13) arg = 13;
-			memcpy(key->aux.tls_aad,ptr,arg);
-			key->payload_length = arg;
-
-			return SHA_DIGEST_LENGTH;
-			}
-		}
-	default:
-		return -1;
-		}
-	}
-
-static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher =
-	{
-#ifdef NID_aes_128_cbc_hmac_sha1
-	NID_aes_128_cbc_hmac_sha1,
-#else
-	NID_undef,
-#endif
-	16,16,16,
-	EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_FLAG_AEAD_CIPHER,
-	aesni_cbc_hmac_sha1_init_key,
-	aesni_cbc_hmac_sha1_cipher,
-	NULL,
-	sizeof(EVP_AES_HMAC_SHA1),
-	EVP_CIPH_FLAG_DEFAULT_ASN1?NULL:EVP_CIPHER_set_asn1_iv,
-	EVP_CIPH_FLAG_DEFAULT_ASN1?NULL:EVP_CIPHER_get_asn1_iv,
-	aesni_cbc_hmac_sha1_ctrl,
-	NULL
-	};
-
-static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher =
-	{
-#ifdef NID_aes_256_cbc_hmac_sha1
-	NID_aes_256_cbc_hmac_sha1,
-#else
-	NID_undef,
-#endif
-	16,32,16,
-	EVP_CIPH_CBC_MODE|EVP_CIPH_FLAG_DEFAULT_ASN1|EVP_CIPH_FLAG_AEAD_CIPHER,
-	aesni_cbc_hmac_sha1_init_key,
-	aesni_cbc_hmac_sha1_cipher,
-	NULL,
-	sizeof(EVP_AES_HMAC_SHA1),
-	EVP_CIPH_FLAG_DEFAULT_ASN1?NULL:EVP_CIPHER_set_asn1_iv,
-	EVP_CIPH_FLAG_DEFAULT_ASN1?NULL:EVP_CIPHER_get_asn1_iv,
-	aesni_cbc_hmac_sha1_ctrl,
-	NULL
-	};
-
-const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
-	{
-	return(OPENSSL_ia32cap_P[1]&AESNI_CAPABLE?
-		&aesni_128_cbc_hmac_sha1_cipher:NULL);
-	}
-
-const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
-	{
-	return(OPENSSL_ia32cap_P[1]&AESNI_CAPABLE?
-		&aesni_256_cbc_hmac_sha1_cipher:NULL);
-	}
-#else
-const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
-	{
-	return NULL;
-	}
-const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
-	{
-	return NULL;
-	}
-#endif
-#endif
diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
deleted file mode 100644
index cc224e5363..0000000000
--- a/crypto/evp/e_bf.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* crypto/evp/e_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_BF
-#include <openssl/evp.h>
-#include "evp_locl.h"
-#include <openssl/objects.h>
-#include <openssl/blowfish.h>
-
-static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		       const unsigned char *iv, int enc);
-
-typedef struct
-	{
-	BF_KEY ks;
-	} EVP_BF_KEY;
-
-#define data(ctx)	EVP_C_DATA(EVP_BF_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
-			EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 
-			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-	
-static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		       const unsigned char *iv, int enc)
-	{
-	BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
-	return 1;
-	}
-
-#endif
diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
deleted file mode 100644
index a7b40d1c60..0000000000
--- a/crypto/evp/e_camellia.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_CAMELLIA
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <string.h>
-#include <assert.h>
-#include <openssl/camellia.h>
-#include "evp_locl.h"
-
-static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-	const unsigned char *iv, int enc);
-
-/* Camellia subkey Structure */
-typedef struct
-	{
-	CAMELLIA_KEY ks;
-	} EVP_CAMELLIA_KEY;
-
-/* Attribute operation for Camellia */
-#define data(ctx)	EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY,
-	NID_camellia_128, 16, 16, 16, 128,
-	0, camellia_init_key, NULL, 
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL)
-IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY,
-	NID_camellia_192, 16, 24, 16, 128,
-	0, camellia_init_key, NULL, 
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL)
-IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
-	NID_camellia_256, 16, 32, 16, 128,
-	0, camellia_init_key, NULL, 
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL)
-
-#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits)	IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16)
-
-IMPLEMENT_CAMELLIA_CFBR(128,1)
-IMPLEMENT_CAMELLIA_CFBR(192,1)
-IMPLEMENT_CAMELLIA_CFBR(256,1)
-
-IMPLEMENT_CAMELLIA_CFBR(128,8)
-IMPLEMENT_CAMELLIA_CFBR(192,8)
-IMPLEMENT_CAMELLIA_CFBR(256,8)
-
-
-
-/* The subkey for Camellia is generated. */ 
-static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-	const unsigned char *iv, int enc)
-	{
-	int ret;
-
-	ret=Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);
-
-	if(ret < 0)
-		{
-		EVPerr(EVP_F_CAMELLIA_INIT_KEY,EVP_R_CAMELLIA_KEY_SETUP_FAILED);
-		return 0;
-		}
-
-	return 1;
-	}
-
-#else
-
-# ifdef PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
deleted file mode 100644
index d77bcd9298..0000000000
--- a/crypto/evp/e_cast.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/* crypto/evp/e_cast.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_CAST
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/cast.h>
-
-static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			 const unsigned char *iv,int enc);
-
-typedef struct
-	{
-	CAST_KEY ks;
-	} EVP_CAST_KEY;
-
-#define data(ctx)	EVP_C_DATA(EVP_CAST_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, 
-			NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
-			EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
-			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-			
-static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			 const unsigned char *iv, int enc)
-	{
-	CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
-	return 1;
-	}
-
-#endif
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
deleted file mode 100644
index ca009f2c52..0000000000
--- a/crypto/evp/e_des.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/* crypto/evp/e_des.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_DES
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv, int enc);
-static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-
-/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
-
-static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			  const unsigned char *in, size_t inl)
-{
-	BLOCK_CIPHER_ecb_loop()
-		DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt);
-	return 1;
-}
-
-static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			  const unsigned char *in, size_t inl)
-{
-	while(inl>=EVP_MAXCHUNK)
-		{
-		DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
-				(DES_cblock *)ctx->iv, &ctx->num);
-		inl-=EVP_MAXCHUNK;
-		in +=EVP_MAXCHUNK;
-		out+=EVP_MAXCHUNK;
-		}
-	if (inl)
-		DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
-				(DES_cblock *)ctx->iv, &ctx->num);
-	return 1;
-}
-
-static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			  const unsigned char *in, size_t inl)
-{
-	while(inl>=EVP_MAXCHUNK)
-		{
-		DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data,
-				(DES_cblock *)ctx->iv, ctx->encrypt);
-		inl-=EVP_MAXCHUNK;
-		in +=EVP_MAXCHUNK;
-		out+=EVP_MAXCHUNK;
-		}
-	if (inl)
-		DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
-				(DES_cblock *)ctx->iv, ctx->encrypt);
-	return 1;
-}
-
-static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			    const unsigned char *in, size_t inl)
-{
-	while(inl>=EVP_MAXCHUNK)
-		{
-		DES_cfb64_encrypt(in,out, (long)EVP_MAXCHUNK, ctx->cipher_data,
-				(DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
-		inl-=EVP_MAXCHUNK;
-		in +=EVP_MAXCHUNK;
-		out+=EVP_MAXCHUNK;
-		}
-	if (inl)
-		DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
-			  (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
-	return 1;
-}
-
-/* Although we have a CFB-r implementation for DES, it doesn't pack the right
-   way, so wrap it here */
-static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			   const unsigned char *in, size_t inl)
-    {
-    size_t n,chunk=EVP_MAXCHUNK/8;
-    unsigned char c[1],d[1];
-
-    if (inl<chunk) chunk=inl;
-
-    while (inl && inl>=chunk)
-	{
-	for(n=0 ; n < chunk*8; ++n)
-	    {
-	    c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-	    DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
-			ctx->encrypt);
-	    out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) |
-		     ((d[0]&0x80) >> (unsigned int)(n%8));
-	    }
-	inl-=chunk;
-	in +=chunk;
-	out+=chunk;
-	if (inl<chunk) chunk=inl;
-	}
-
-    return 1;
-    }
-
-static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			   const unsigned char *in, size_t inl)
-    {
-    while (inl>=EVP_MAXCHUNK)
-	{
-	DES_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK,ctx->cipher_data,
-			(DES_cblock *)ctx->iv,ctx->encrypt);
-	inl-=EVP_MAXCHUNK;
-	in +=EVP_MAXCHUNK;
-	out+=EVP_MAXCHUNK;
-	}
-    if (inl)
-	DES_cfb_encrypt(in,out,8,(long)inl,ctx->cipher_data,
-			(DES_cblock *)ctx->iv,ctx->encrypt);
-    return 1;
-    }
-
-BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
-			EVP_CIPH_RAND_KEY, des_init_key, NULL,
-			EVP_CIPHER_set_asn1_iv,
-			EVP_CIPHER_get_asn1_iv,
-			des_ctrl)
-
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
-		     EVP_CIPH_RAND_KEY, des_init_key,NULL,
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,des_ctrl)
-
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
-		     EVP_CIPH_RAND_KEY,des_init_key,NULL,
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,des_ctrl)
-
-static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv, int enc)
-	{
-	DES_cblock *deskey = (DES_cblock *)key;
-#ifdef EVP_CHECK_DES_KEY
-	if(DES_set_key_checked(deskey,ctx->cipher_data) != 0)
-		return 0;
-#else
-	DES_set_key_unchecked(deskey,ctx->cipher_data);
-#endif
-	return 1;
-	}
-
-static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-	{
-	
-	switch(type)
-		{
-	case EVP_CTRL_RAND_KEY:
-		if (RAND_bytes(ptr, 8) <= 0)
-			return 0;
-		DES_set_odd_parity((DES_cblock *)ptr);
-		return 1;
-
-	default:
-		return -1;
-		}
-	}
-
-#endif
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
deleted file mode 100644
index 7e1e8b309c..0000000000
--- a/crypto/evp/e_des3.c
+++ /dev/null
@@ -1,318 +0,0 @@
-/* crypto/evp/e_des3.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_DES
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-#ifndef OPENSSL_FIPS
-
-static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			    const unsigned char *iv,int enc);
-
-static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			     const unsigned char *iv,int enc);
-
-static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-
-typedef struct
-    {
-    DES_key_schedule ks1;/* key schedule */
-    DES_key_schedule ks2;/* key schedule (for ede) */
-    DES_key_schedule ks3;/* key schedule (for ede3) */
-    } DES_EDE_KEY;
-
-#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
-
-/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
-
-static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			      const unsigned char *in, size_t inl)
-{
-	BLOCK_CIPHER_ecb_loop()
-		DES_ecb3_encrypt((const_DES_cblock *)(in + i),
-				 (DES_cblock *)(out + i),
-				 &data(ctx)->ks1, &data(ctx)->ks2,
-				 &data(ctx)->ks3,
-				 ctx->encrypt);
-	return 1;
-}
-
-static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			      const unsigned char *in, size_t inl)
-{
-	while (inl>=EVP_MAXCHUNK)
-		{
-		DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
-			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-			       (DES_cblock *)ctx->iv, &ctx->num);
-		inl-=EVP_MAXCHUNK;
-		in +=EVP_MAXCHUNK;
-		out+=EVP_MAXCHUNK;
-		}
-	if (inl)
-		DES_ede3_ofb64_encrypt(in, out, (long)inl,
-				&data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-                               (DES_cblock *)ctx->iv, &ctx->num);
-
-	return 1;
-}
-
-static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			      const unsigned char *in, size_t inl)
-{
-#ifdef KSSL_DEBUG
-	{
-        int i;
-	fprintf(stderr,"des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx, ctx->buf_len);
-	fprintf(stderr,"\t iv= ");
-        for(i=0;i<8;i++)
-                fprintf(stderr,"%02X",ctx->iv[i]);
-	fprintf(stderr,"\n");
-	}
-#endif    /* KSSL_DEBUG */
-	while (inl>=EVP_MAXCHUNK)
-		{
-		DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
-			     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-			     (DES_cblock *)ctx->iv, ctx->encrypt);
-		inl-=EVP_MAXCHUNK;
-		in +=EVP_MAXCHUNK;
-		out+=EVP_MAXCHUNK;
-		}
-	if (inl)
-		DES_ede3_cbc_encrypt(in, out, (long)inl,
-			     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-                             (DES_cblock *)ctx->iv, ctx->encrypt);
-	return 1;
-}
-
-static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			      const unsigned char *in, size_t inl)
-{
-	while (inl>=EVP_MAXCHUNK)
-		{
-		DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, 
-			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-			       (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
-		inl-=EVP_MAXCHUNK;
-		in +=EVP_MAXCHUNK;
-		out+=EVP_MAXCHUNK;
-		}
-	if (inl)
-		DES_ede3_cfb64_encrypt(in, out, (long)inl,
-			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-                               (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
-	return 1;
-}
-
-/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
-   way, so wrap it here */
-static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-				const unsigned char *in, size_t inl)
-    {
-    size_t n;
-    unsigned char c[1],d[1];
-
-    for(n=0 ; n < inl ; ++n)
-	{
-	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-	DES_ede3_cfb_encrypt(c,d,1,1,
-			     &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
-			     (DES_cblock *)ctx->iv,ctx->encrypt);
-	out[n/8]=(out[n/8]&~(0x80 >> (unsigned int)(n%8))) |
-		 ((d[0]&0x80) >> (unsigned int)(n%8));
-	}
-
-    return 1;
-    }
-
-static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-				const unsigned char *in, size_t inl)
-    {
-    while (inl>=EVP_MAXCHUNK)
-	{
-	DES_ede3_cfb_encrypt(in,out,8,(long)EVP_MAXCHUNK,
-			 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
-			 (DES_cblock *)ctx->iv,ctx->encrypt);
-	inl-=EVP_MAXCHUNK;
-	in +=EVP_MAXCHUNK;
-	out+=EVP_MAXCHUNK;
-	}
-    if (inl)
-	DES_ede3_cfb_encrypt(in,out,8,(long)inl,
-			&data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
-			(DES_cblock *)ctx->iv,ctx->encrypt);
-    return 1;
-    }
-
-BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
-			EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, 
-			EVP_CIPHER_set_asn1_iv,
-			EVP_CIPHER_get_asn1_iv,
-			des3_ctrl)
-
-#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
-#define des_ede3_ofb_cipher des_ede_ofb_cipher
-#define des_ede3_cbc_cipher des_ede_cbc_cipher
-#define des_ede3_ecb_cipher des_ede_ecb_cipher
-
-BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-			EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, 
-			EVP_CIPHER_set_asn1_iv,
-			EVP_CIPHER_get_asn1_iv,
-			des3_ctrl)
-
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
-		     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,
-		     des3_ctrl)
-
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
-		     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,
-		     des3_ctrl)
-
-static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			    const unsigned char *iv, int enc)
-	{
-	DES_cblock *deskey = (DES_cblock *)key;
-#ifdef EVP_CHECK_DES_KEY
-	if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
-		!! DES_set_key_checked(&deskey[1],&data(ctx)->ks2))
-		return 0;
-#else
-	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
-	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
-#endif
-	memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
-	       sizeof(data(ctx)->ks1));
-	return 1;
-	}
-
-static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			     const unsigned char *iv, int enc)
-	{
-	DES_cblock *deskey = (DES_cblock *)key;
-#ifdef KSSL_DEBUG
-	{
-        int i;
-        fprintf(stderr,"des_ede3_init_key(ctx=%p)\n", ctx);
-	fprintf(stderr,"\tKEY= ");
-        for(i=0;i<24;i++) fprintf(stderr,"%02X",key[i]); fprintf(stderr,"\n");
-	if (iv) 
-		{
-		fprintf(stderr,"\t IV= ");
-		for(i=0;i<8;i++) fprintf(stderr,"%02X",iv[i]); fprintf(stderr,"\n");
-		}
-	}
-#endif	/* KSSL_DEBUG */
-
-#ifdef EVP_CHECK_DES_KEY
-	if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
-		|| DES_set_key_checked(&deskey[1],&data(ctx)->ks2)
-		|| DES_set_key_checked(&deskey[2],&data(ctx)->ks3))
-		return 0;
-#else
-	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
-	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
-	DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
-#endif
-	return 1;
-	}
-
-static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-	{
-
-	DES_cblock *deskey = ptr;
-
-	switch(type)
-		{
-	case EVP_CTRL_RAND_KEY:
-		if (RAND_bytes(ptr, c->key_len) <= 0)
-			return 0;
-		DES_set_odd_parity(deskey);
-		if (c->key_len >= 16)
-			DES_set_odd_parity(deskey + 1);
-		if (c->key_len >= 24)
-			DES_set_odd_parity(deskey + 2);
-		return 1;
-
-	default:
-		return -1;
-		}
-	}
-
-const EVP_CIPHER *EVP_des_ede(void)
-{
-	return &des_ede_ecb;
-}
-
-const EVP_CIPHER *EVP_des_ede3(void)
-{
-	return &des_ede3_ecb;
-}
-#endif
-#endif
diff --git a/crypto/evp/e_dsa.c b/crypto/evp/e_dsa.c
deleted file mode 100644
index b96f2738b3..0000000000
--- a/crypto/evp/e_dsa.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/* crypto/evp/e_dsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-static EVP_PKEY_METHOD dss_method=
-	{
-	DSA_sign,
-	DSA_verify,
-	{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,NULL},
-	};
-
diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
deleted file mode 100644
index 806b080360..0000000000
--- a/crypto/evp/e_idea.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* crypto/evp/e_idea.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_IDEA
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/idea.h>
-
-static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			 const unsigned char *iv,int enc);
-
-/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special
- * case 
- */
-
-static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			   const unsigned char *in, size_t inl)
-{
-	BLOCK_CIPHER_ecb_loop()
-		idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
-	return 1;
-}
-
-/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
-
-typedef struct
-	{
-	IDEA_KEY_SCHEDULE ks;
-	} EVP_IDEA_KEY;
-
-BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
-BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
-BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
-
-BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
-			0, idea_init_key, NULL, 
-			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-
-static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			 const unsigned char *iv, int enc)
-	{
-	if(!enc) {
-		if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1;
-		else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1;
-	}
-	if (enc) idea_set_encrypt_key(key,ctx->cipher_data);
-	else
-		{
-		IDEA_KEY_SCHEDULE tmp;
-
-		idea_set_encrypt_key(key,&tmp);
-		idea_set_decrypt_key(&tmp,ctx->cipher_data);
-		OPENSSL_cleanse((unsigned char *)&tmp,
-				sizeof(IDEA_KEY_SCHEDULE));
-		}
-	return 1;
-	}
-
-#endif
diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c
deleted file mode 100644
index f0c1f78b5f..0000000000
--- a/crypto/evp/e_null.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/* crypto/evp/e_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-#ifndef OPENSSL_FIPS
-
-static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-	const unsigned char *iv,int enc);
-static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	const unsigned char *in, size_t inl);
-static const EVP_CIPHER n_cipher=
-	{
-	NID_undef,
-	1,0,0,
-	0,
-	null_init_key,
-	null_cipher,
-	NULL,
-	0,
-	NULL,
-	NULL,
-	NULL,
-	NULL
-	};
-
-const EVP_CIPHER *EVP_enc_null(void)
-	{
-	return(&n_cipher);
-	}
-
-static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-	     const unsigned char *iv, int enc)
-	{
-	/*	memset(&(ctx->c),0,sizeof(ctx->c));*/
-	return 1;
-	}
-
-static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	     const unsigned char *in, size_t inl)
-	{
-	if (in != out)
-		memcpy((char *)out,(const char *)in,inl);
-	return 1;
-	}
-#endif
diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c
deleted file mode 100644
index 1642af4869..0000000000
--- a/crypto/evp/e_old.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifdef OPENSSL_NO_DEPRECATED
-static void *dummy = &dummy;
-#else
-
-#include <openssl/evp.h>
-
-/* Define some deprecated functions, so older programs
-   don't crash and burn too quickly.  On Windows and VMS,
-   these will never be used, since functions and variables
-   in shared libraries are selected by entry point location,
-   not by name.  */
-
-#ifndef OPENSSL_NO_BF
-#undef EVP_bf_cfb
-const EVP_CIPHER *EVP_bf_cfb(void);
-const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_DES
-#undef EVP_des_cfb
-const EVP_CIPHER *EVP_des_cfb(void);
-const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); }
-#undef EVP_des_ede3_cfb
-const EVP_CIPHER *EVP_des_ede3_cfb(void);
-const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); }
-#undef EVP_des_ede_cfb
-const EVP_CIPHER *EVP_des_ede_cfb(void);
-const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_IDEA
-#undef EVP_idea_cfb
-const EVP_CIPHER *EVP_idea_cfb(void);
-const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_RC2
-#undef EVP_rc2_cfb
-const EVP_CIPHER *EVP_rc2_cfb(void);
-const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_CAST
-#undef EVP_cast5_cfb
-const EVP_CIPHER *EVP_cast5_cfb(void);
-const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_RC5
-#undef EVP_rc5_32_12_16_cfb
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_AES
-#undef EVP_aes_128_cfb
-const EVP_CIPHER *EVP_aes_128_cfb(void);
-const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); }
-#undef EVP_aes_192_cfb
-const EVP_CIPHER *EVP_aes_192_cfb(void);
-const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); }
-#undef EVP_aes_256_cfb
-const EVP_CIPHER *EVP_aes_256_cfb(void);
-const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); }
-#endif
-
-#endif
diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
deleted file mode 100644
index d4c33b58d4..0000000000
--- a/crypto/evp/e_rc2.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/* crypto/evp/e_rc2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_RC2
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/rc2.h>
-
-static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv,int enc);
-static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
-static int rc2_magic_to_meth(int i);
-static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-
-typedef struct
-	{
-	int key_bits;	/* effective key bits */
-	RC2_KEY ks;	/* key schedule */
-	} EVP_RC2_KEY;
-
-#define data(ctx)	((EVP_RC2_KEY *)(ctx)->cipher_data)
-
-IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
-			8,
-			RC2_KEY_LENGTH, 8, 64,
-			EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-			rc2_init_key, NULL,
-			rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, 
-			rc2_ctrl)
-
-#define RC2_40_MAGIC	0xa0
-#define RC2_64_MAGIC	0x78
-#define RC2_128_MAGIC	0x3a
-
-static const EVP_CIPHER r2_64_cbc_cipher=
-	{
-	NID_rc2_64_cbc,
-	8,8 /* 64 bit */,8,
-	EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-	rc2_init_key,
-	rc2_cbc_cipher,
-	NULL,
-	sizeof(EVP_RC2_KEY),
-	rc2_set_asn1_type_and_iv,
-	rc2_get_asn1_type_and_iv,
-	rc2_ctrl,
-	NULL
-	};
-
-static const EVP_CIPHER r2_40_cbc_cipher=
-	{
-	NID_rc2_40_cbc,
-	8,5 /* 40 bit */,8,
-	EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-	rc2_init_key,
-	rc2_cbc_cipher,
-	NULL,
-	sizeof(EVP_RC2_KEY),
-	rc2_set_asn1_type_and_iv,
-	rc2_get_asn1_type_and_iv,
-	rc2_ctrl,
-	NULL
-	};
-
-const EVP_CIPHER *EVP_rc2_64_cbc(void)
-	{
-	return(&r2_64_cbc_cipher);
-	}
-
-const EVP_CIPHER *EVP_rc2_40_cbc(void)
-	{
-	return(&r2_40_cbc_cipher);
-	}
-	
-static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv, int enc)
-	{
-	RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-		    key,data(ctx)->key_bits);
-	return 1;
-	}
-
-static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
-	{
-	int i;
-
-	EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
-	if 	(i == 128) return(RC2_128_MAGIC);
-	else if (i == 64)  return(RC2_64_MAGIC);
-	else if (i == 40)  return(RC2_40_MAGIC);
-	else return(0);
-	}
-
-static int rc2_magic_to_meth(int i)
-	{
-	if      (i == RC2_128_MAGIC) return 128;
-	else if (i == RC2_64_MAGIC)  return 64;
-	else if (i == RC2_40_MAGIC)  return 40;
-	else
-		{
-		EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);
-		return(0);
-		}
-	}
-
-static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-	{
-	long num=0;
-	int i=0;
-	int key_bits;
-	unsigned int l;
-	unsigned char iv[EVP_MAX_IV_LENGTH];
-
-	if (type != NULL)
-		{
-		l=EVP_CIPHER_CTX_iv_length(c);
-		OPENSSL_assert(l <= sizeof(iv));
-		i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
-		if (i != (int)l)
-			return(-1);
-		key_bits =rc2_magic_to_meth((int)num);
-		if (!key_bits)
-			return(-1);
-		if(i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
-			return -1;
-		EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
-		EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
-		}
-	return(i);
-	}
-
-static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-	{
-	long num;
-	int i=0,j;
-
-	if (type != NULL)
-		{
-		num=rc2_meth_to_magic(c);
-		j=EVP_CIPHER_CTX_iv_length(c);
-		i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
-		}
-	return(i);
-	}
-
-static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-	{
-	switch(type)
-		{
-	case EVP_CTRL_INIT:
-		data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
-		return 1;
-
-	case EVP_CTRL_GET_RC2_KEY_BITS:
-		*(int *)ptr = data(c)->key_bits;
-		return 1;
-			
-	case EVP_CTRL_SET_RC2_KEY_BITS:
-		if(arg > 0)
-			{
-			data(c)->key_bits = arg;
-			return 1;
-			}
-		return 0;
-#ifdef PBE_PRF_TEST
-	case EVP_CTRL_PBE_PRF_NID:
-		*(int *)ptr = NID_hmacWithMD5;
-		return 1;
-#endif
-
-	default:
-		return -1;
-		}
-	}
-
-#endif
diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c
deleted file mode 100644
index b4f6bda82d..0000000000
--- a/crypto/evp/e_rc4.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/* crypto/evp/e_rc4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_RC4
-
-#include <openssl/evp.h>
-#include "evp_locl.h"
-#include <openssl/objects.h>
-#include <openssl/rc4.h>
-
-/* FIXME: surely this is available elsewhere? */
-#define EVP_RC4_KEY_SIZE		16
-
-typedef struct
-    {
-    RC4_KEY ks;	/* working key */
-    } EVP_RC4_KEY;
-
-#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
-
-static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv,int enc);
-static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		      const unsigned char *in, size_t inl);
-static const EVP_CIPHER r4_cipher=
-	{
-	NID_rc4,
-	1,EVP_RC4_KEY_SIZE,0,
-	EVP_CIPH_VARIABLE_LENGTH,
-	rc4_init_key,
-	rc4_cipher,
-	NULL,
-	sizeof(EVP_RC4_KEY),
-	NULL,
-	NULL,
-	NULL,
-	NULL
-	};
-
-static const EVP_CIPHER r4_40_cipher=
-	{
-	NID_rc4_40,
-	1,5 /* 40 bit */,0,
-	EVP_CIPH_VARIABLE_LENGTH,
-	rc4_init_key,
-	rc4_cipher,
-	NULL,
-	sizeof(EVP_RC4_KEY),
-	NULL, 
-	NULL,
-	NULL,
-	NULL
-	};
-
-const EVP_CIPHER *EVP_rc4(void)
-	{
-	return(&r4_cipher);
-	}
-
-const EVP_CIPHER *EVP_rc4_40(void)
-	{
-	return(&r4_40_cipher);
-	}
-
-static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv, int enc)
-	{
-	RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-		    key);
-	return 1;
-	}
-
-static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		      const unsigned char *in, size_t inl)
-	{
-	RC4(&data(ctx)->ks,inl,in,out);
-	return 1;
-	}
-#endif
diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c
deleted file mode 100644
index 56563191ba..0000000000
--- a/crypto/evp/e_rc4_hmac_md5.c
+++ /dev/null
@@ -1,298 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/opensslconf.h>
-
-#include <stdio.h>
-#include <string.h>
-
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/rc4.h>
-#include <openssl/md5.h>
-
-#ifndef EVP_CIPH_FLAG_AEAD_CIPHER
-#define EVP_CIPH_FLAG_AEAD_CIPHER	0x200000
-#define EVP_CTRL_AEAD_TLS1_AAD		0x16
-#define EVP_CTRL_AEAD_SET_MAC_KEY	0x17
-#endif
-
-/* FIXME: surely this is available elsewhere? */
-#define EVP_RC4_KEY_SIZE		16
-
-typedef struct
-    {
-    RC4_KEY		ks;
-    MD5_CTX		head,tail,md;
-    size_t		payload_length;
-    } EVP_RC4_HMAC_MD5;
-
-#define NO_PAYLOAD_LENGTH	((size_t)-1)
-
-void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out,
-		MD5_CTX *ctx,const void *inp,size_t blocks);
-
-#define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data)
-
-static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
-			const unsigned char *inkey,
-			const unsigned char *iv, int enc)
-	{
-	EVP_RC4_HMAC_MD5 *key = data(ctx);
-
-	RC4_set_key(&key->ks,EVP_CIPHER_CTX_key_length(ctx),
-		    inkey);
-
-	MD5_Init(&key->head);	/* handy when benchmarking */
-	key->tail = key->head;
-	key->md   = key->head;
-
-	key->payload_length = NO_PAYLOAD_LENGTH;
-
-	return 1;
-	}
-
-#if	!defined(OPENSSL_NO_ASM) &&	( \
-	defined(__x86_64)	|| defined(__x86_64__)	|| \
-	defined(_M_AMD64)	|| defined(_M_X64)	|| \
-	defined(__INTEL__)		) && \
-	!(defined(__APPLE__) && defined(__MACH__))
-#define	STITCHED_CALL
-#endif
-
-#if !defined(STITCHED_CALL)
-#define	rc4_off 0
-#define	md5_off 0
-#endif
-
-static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		      const unsigned char *in, size_t len)
-	{
-	EVP_RC4_HMAC_MD5 *key = data(ctx);
-#if defined(STITCHED_CALL)
-	size_t	rc4_off = 32-1-(key->ks.x&(32-1)),	/* 32 is $MOD from rc4_md5-x86_64.pl */
-		md5_off = MD5_CBLOCK-key->md.num,
-		blocks;
-	unsigned int l;
-	extern unsigned int OPENSSL_ia32cap_P[];
-#endif
-	size_t	plen = key->payload_length;
-
-	if (plen!=NO_PAYLOAD_LENGTH && len!=(plen+MD5_DIGEST_LENGTH)) return 0;
-
-	if (ctx->encrypt) {
-		if (plen==NO_PAYLOAD_LENGTH) plen = len;
-#if defined(STITCHED_CALL)
-		/* cipher has to "fall behind" */
-		if (rc4_off>md5_off) md5_off+=MD5_CBLOCK;
-
-		if (plen>md5_off && (blocks=(plen-md5_off)/MD5_CBLOCK) &&
-		    (OPENSSL_ia32cap_P[0]&(1<<20))==0) {
-			MD5_Update(&key->md,in,md5_off);
-			RC4(&key->ks,rc4_off,in,out);
-
-			rc4_md5_enc(&key->ks,in+rc4_off,out+rc4_off,
-				&key->md,in+md5_off,blocks);
-			blocks *= MD5_CBLOCK;
-			rc4_off += blocks;
-			md5_off += blocks;
-			key->md.Nh += blocks>>29;
-			key->md.Nl += blocks<<=3;
-			if (key->md.Nl<(unsigned int)blocks) key->md.Nh++;
-		} else {
-			rc4_off = 0;
-			md5_off = 0;
-		}
-#endif
-		MD5_Update(&key->md,in+md5_off,plen-md5_off);
-
-		if (plen!=len) {	/* "TLS" mode of operation */
-			if (in!=out)
-				memcpy(out+rc4_off,in+rc4_off,plen-rc4_off);
-
-			/* calculate HMAC and append it to payload */
-			MD5_Final(out+plen,&key->md);
-			key->md = key->tail;
-			MD5_Update(&key->md,out+plen,MD5_DIGEST_LENGTH);
-			MD5_Final(out+plen,&key->md);
-			/* encrypt HMAC at once */
-			RC4(&key->ks,len-rc4_off,out+rc4_off,out+rc4_off);
-		} else {
-			RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off);
-		}
-	} else {
-		unsigned char mac[MD5_DIGEST_LENGTH];
-#if defined(STITCHED_CALL)
-		/* digest has to "fall behind" */
-		if (md5_off>rc4_off)	rc4_off += 2*MD5_CBLOCK;
-		else			rc4_off += MD5_CBLOCK;
-
-		if (len>rc4_off && (blocks=(len-rc4_off)/MD5_CBLOCK) &&
-		    (OPENSSL_ia32cap_P[0]&(1<<20))==0) {
-			RC4(&key->ks,rc4_off,in,out);
-			MD5_Update(&key->md,out,md5_off);
-
-			rc4_md5_enc(&key->ks,in+rc4_off,out+rc4_off,
-				&key->md,out+md5_off,blocks);
-			blocks *= MD5_CBLOCK;
-			rc4_off += blocks;
-			md5_off += blocks;
-			l = (key->md.Nl+(blocks<<3))&0xffffffffU;
-			if (l<key->md.Nl) key->md.Nh++;
-			key->md.Nl  = l;
-			key->md.Nh += blocks>>29;
-		} else {
-			md5_off=0;
-			rc4_off=0;
-		}
-#endif
-		/* decrypt HMAC at once */
-		RC4(&key->ks,len-rc4_off,in+rc4_off,out+rc4_off);
-		if (plen!=NO_PAYLOAD_LENGTH) {	/* "TLS" mode of operation */
-			MD5_Update(&key->md,out+md5_off,plen-md5_off);
-
-			/* calculate HMAC and verify it */
-			MD5_Final(mac,&key->md);
-			key->md = key->tail;
-			MD5_Update(&key->md,mac,MD5_DIGEST_LENGTH);
-			MD5_Final(mac,&key->md);
-
-			if (memcmp(out+plen,mac,MD5_DIGEST_LENGTH))
-				return 0;
-		} else {
-			MD5_Update(&key->md,out+md5_off,len-md5_off);
-		}
-	}
-
-	key->payload_length = NO_PAYLOAD_LENGTH;
-
-	return 1;
-	}
-
-static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-	{
-	EVP_RC4_HMAC_MD5 *key = data(ctx);
-
-	switch (type)
-		{
-	case EVP_CTRL_AEAD_SET_MAC_KEY:
-		{
-		unsigned int  i;
-		unsigned char hmac_key[64];
-
-		memset (hmac_key,0,sizeof(hmac_key));
-
-		if (arg > (int)sizeof(hmac_key)) {
-			MD5_Init(&key->head);
-			MD5_Update(&key->head,ptr,arg);
-			MD5_Final(hmac_key,&key->head);
-		} else {
-			memcpy(hmac_key,ptr,arg);
-		}
-
-		for (i=0;i<sizeof(hmac_key);i++)
-			hmac_key[i] ^= 0x36;		/* ipad */
-		MD5_Init(&key->head);
-		MD5_Update(&key->head,hmac_key,sizeof(hmac_key));
-
-		for (i=0;i<sizeof(hmac_key);i++)
-			hmac_key[i] ^= 0x36^0x5c;	/* opad */
-		MD5_Init(&key->tail);
-		MD5_Update(&key->tail,hmac_key,sizeof(hmac_key));
-
-		return 1;
-		}
-	case EVP_CTRL_AEAD_TLS1_AAD:
-		{
-		unsigned char *p=ptr;
-		unsigned int   len=p[arg-2]<<8|p[arg-1];
-
-		if (!ctx->encrypt)
-			{
-			len -= MD5_DIGEST_LENGTH;
-			p[arg-2] = len>>8;
-			p[arg-1] = len;
-			}
-		key->payload_length=len;
-		key->md = key->head;
-		MD5_Update(&key->md,p,arg);
-
-		return MD5_DIGEST_LENGTH;
-		}
-	default:
-		return -1;
-		}
-	}
-
-static EVP_CIPHER r4_hmac_md5_cipher=
-	{
-#ifdef NID_rc4_hmac_md5
-	NID_rc4_hmac_md5,
-#else
-	NID_undef,
-#endif
-	1,EVP_RC4_KEY_SIZE,0,
-	EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER,
-	rc4_hmac_md5_init_key,
-	rc4_hmac_md5_cipher,
-	NULL,
-	sizeof(EVP_RC4_HMAC_MD5),
-	NULL,
-	NULL,
-	rc4_hmac_md5_ctrl,
-	NULL
-	};
-
-const EVP_CIPHER *EVP_rc4_hmac_md5(void)
-	{
-	return(&r4_hmac_md5_cipher);
-	}
-#endif
diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c
deleted file mode 100644
index 19a10c6402..0000000000
--- a/crypto/evp/e_rc5.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/* crypto/evp/e_rc5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_RC5
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/rc5.h>
-
-static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			       const unsigned char *iv,int enc);
-static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-
-typedef struct
-	{
-	int rounds;	/* number of rounds */
-	RC5_32_KEY ks;	/* key schedule */
-	} EVP_RC5_KEY;
-
-#define data(ctx)	EVP_C_DATA(EVP_RC5_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
-		       8, RC5_32_KEY_LENGTH, 8, 64,
-		       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-		       r_32_12_16_init_key, NULL,
-		       NULL, NULL, rc5_ctrl)
-
-static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-	{
-	switch(type)
-		{
-	case EVP_CTRL_INIT:
-		data(c)->rounds = RC5_12_ROUNDS;
-		return 1;
-
-	case EVP_CTRL_GET_RC5_ROUNDS:
-		*(int *)ptr = data(c)->rounds;
-		return 1;
-			
-	case EVP_CTRL_SET_RC5_ROUNDS:
-		switch(arg)
-			{
-		case RC5_8_ROUNDS:
-		case RC5_12_ROUNDS:
-		case RC5_16_ROUNDS:
-			data(c)->rounds = arg;
-			return 1;
-
-		default:
-			EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
-			return 0;
-			}
-
-	default:
-		return -1;
-		}
-	}
-
-static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			       const unsigned char *iv, int enc)
-	{
-	RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-		       key,data(ctx)->rounds);
-	return 1;
-	}
-
-#endif
diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c
deleted file mode 100644
index 2d1759d276..0000000000
--- a/crypto/evp/e_seed.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_SEED
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <string.h>
-#include <assert.h>
-#include <openssl/seed.h>
-#include "evp_locl.h"
-
-static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,	const unsigned char *iv, int enc);
-
-typedef struct
-	{
-	SEED_KEY_SCHEDULE ks;
-	} EVP_SEED_KEY;
-
-IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
-                       16, 16, 16, 128,
-                       0, seed_init_key, 0, 0, 0, 0)
-
-static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                         const unsigned char *iv, int enc)
-	{
-	SEED_set_key(key, ctx->cipher_data);
-	return 1;
-	}
-
-#endif
diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c
deleted file mode 100644
index 250e88c8c5..0000000000
--- a/crypto/evp/e_xcbc_d.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/* crypto/evp/e_xcbc_d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_DES
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/des.h>
-
-static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			     const unsigned char *iv,int enc);
-static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			   const unsigned char *in, size_t inl);
-
-
-typedef struct
-    {
-    DES_key_schedule ks;/* key schedule */
-    DES_cblock inw;
-    DES_cblock outw;
-    } DESX_CBC_KEY;
-
-#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
-
-static const EVP_CIPHER d_xcbc_cipher=
-	{
-	NID_desx_cbc,
-	8,24,8,
-	EVP_CIPH_CBC_MODE,
-	desx_cbc_init_key,
-	desx_cbc_cipher,
-	NULL,
-	sizeof(DESX_CBC_KEY),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL,
-	NULL
-	};
-
-const EVP_CIPHER *EVP_desx_cbc(void)
-	{
-	return(&d_xcbc_cipher);
-	}
-	
-static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			     const unsigned char *iv, int enc)
-	{
-	DES_cblock *deskey = (DES_cblock *)key;
-
-	DES_set_key_unchecked(deskey,&data(ctx)->ks);
-	memcpy(&data(ctx)->inw[0],&key[8],8);
-	memcpy(&data(ctx)->outw[0],&key[16],8);
-
-	return 1;
-	}
-
-static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			   const unsigned char *in, size_t inl)
-	{
-	while (inl>=EVP_MAXCHUNK)
-		{
-		DES_xcbc_encrypt(in,out,(long)EVP_MAXCHUNK,&data(ctx)->ks,
-			 (DES_cblock *)&(ctx->iv[0]),
-			 &data(ctx)->inw,
-			 &data(ctx)->outw,
-			 ctx->encrypt);
-		inl-=EVP_MAXCHUNK;
-		in +=EVP_MAXCHUNK;
-		out+=EVP_MAXCHUNK;
-		}
-	if (inl)
-		DES_xcbc_encrypt(in,out,(long)inl,&data(ctx)->ks,
-			(DES_cblock *)&(ctx->iv[0]),
-			&data(ctx)->inw,
-			&data(ctx)->outw,
-			ctx->encrypt);
-	return 1;
-	}
-#endif
diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
deleted file mode 100644
index 4654bdc61a..0000000000
--- a/crypto/evp/encode.c
+++ /dev/null
@@ -1,446 +0,0 @@
-/* crypto/evp/encode.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-
-#ifndef CHARSET_EBCDIC
-#define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])
-#define conv_ascii2bin(a)	(data_ascii2bin[(a)&0x7f])
-#else
-/* We assume that PEM encoded files are EBCDIC files
- * (i.e., printable text files). Convert them here while decoding.
- * When encoding, output is EBCDIC (text) format again.
- * (No need for conversion in the conv_bin2ascii macro, as the
- * underlying textstring data_bin2ascii[] is already EBCDIC)
- */
-#define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])
-#define conv_ascii2bin(a)	(data_ascii2bin[os_toascii[a]&0x7f])
-#endif
-
-/* 64 char lines
- * pad input with 0
- * left over chars are set to =
- * 1 byte  => xx==
- * 2 bytes => xxx=
- * 3 bytes => xxxx
- */
-#define BIN_PER_LINE    (64/4*3)
-#define CHUNKS_PER_LINE (64/4)
-#define CHAR_PER_LINE   (64+1)
-
-static const unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
-abcdefghijklmnopqrstuvwxyz0123456789+/";
-
-/* 0xF0 is a EOLN
- * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
- * 0xF2 is EOF
- * 0xE0 is ignore at start of line.
- * 0xFF is error
- */
-
-#define B64_EOLN		0xF0
-#define B64_CR			0xF1
-#define B64_EOF			0xF2
-#define B64_WS			0xE0
-#define B64_ERROR       	0xFF
-#define B64_NOT_BASE64(a)	(((a)|0x13) == 0xF3)
-
-static const unsigned char data_ascii2bin[128]={
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F,
-	0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,
-	0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF,
-	0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06,
-	0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,
-	0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,
-	0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,
-	0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,
-	0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,
-	0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF,
-	};
-
-void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
-	{
-	ctx->length=48;
-	ctx->num=0;
-	ctx->line_num=0;
-	}
-
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-	     const unsigned char *in, int inl)
-	{
-	int i,j;
-	unsigned int total=0;
-
-	*outl=0;
-	if (inl == 0) return;
-	OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
-	if ((ctx->num+inl) < ctx->length)
-		{
-		memcpy(&(ctx->enc_data[ctx->num]),in,inl);
-		ctx->num+=inl;
-		return;
-		}
-	if (ctx->num != 0)
-		{
-		i=ctx->length-ctx->num;
-		memcpy(&(ctx->enc_data[ctx->num]),in,i);
-		in+=i;
-		inl-=i;
-		j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length);
-		ctx->num=0;
-		out+=j;
-		*(out++)='\n';
-		*out='\0';
-		total=j+1;
-		}
-	while (inl >= ctx->length)
-		{
-		j=EVP_EncodeBlock(out,in,ctx->length);
-		in+=ctx->length;
-		inl-=ctx->length;
-		out+=j;
-		*(out++)='\n';
-		*out='\0';
-		total+=j+1;
-		}
-	if (inl != 0)
-		memcpy(&(ctx->enc_data[0]),in,inl);
-	ctx->num=inl;
-	*outl=total;
-	}
-
-void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
-	{
-	unsigned int ret=0;
-
-	if (ctx->num != 0)
-		{
-		ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num);
-		out[ret++]='\n';
-		out[ret]='\0';
-		ctx->num=0;
-		}
-	*outl=ret;
-	}
-
-int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
-	{
-	int i,ret=0;
-	unsigned long l;
-
-	for (i=dlen; i > 0; i-=3)
-		{
-		if (i >= 3)
-			{
-			l=	(((unsigned long)f[0])<<16L)|
-				(((unsigned long)f[1])<< 8L)|f[2];
-			*(t++)=conv_bin2ascii(l>>18L);
-			*(t++)=conv_bin2ascii(l>>12L);
-			*(t++)=conv_bin2ascii(l>> 6L);
-			*(t++)=conv_bin2ascii(l     );
-			}
-		else
-			{
-			l=((unsigned long)f[0])<<16L;
-			if (i == 2) l|=((unsigned long)f[1]<<8L);
-
-			*(t++)=conv_bin2ascii(l>>18L);
-			*(t++)=conv_bin2ascii(l>>12L);
-			*(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L);
-			*(t++)='=';
-			}
-		ret+=4;
-		f+=3;
-		}
-
-	*t='\0';
-	return(ret);
-	}
-
-void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
-	{
-	ctx->length=30;
-	ctx->num=0;
-	ctx->line_num=0;
-	ctx->expect_nl=0;
-	}
-
-/* -1 for error
- *  0 for last line
- *  1 for full line
- */
-int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-	     const unsigned char *in, int inl)
-	{
-	int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl;
-	unsigned char *d;
-
-	n=ctx->num;
-	d=ctx->enc_data;
-	ln=ctx->line_num;
-	exp_nl=ctx->expect_nl;
-
-	/* last line of input. */
-	if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF)))
-		{ rv=0; goto end; }
-		
-	/* We parse the input data */
-	for (i=0; i<inl; i++)
-		{
-		/* If the current line is > 80 characters, scream alot */
-		if (ln >= 80) { rv= -1; goto end; }
-
-		/* Get char and put it into the buffer */
-		tmp= *(in++);
-		v=conv_ascii2bin(tmp);
-		/* only save the good data :-) */
-		if (!B64_NOT_BASE64(v))
-			{
-			OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
-			d[n++]=tmp;
-			ln++;
-			}
-		else if (v == B64_ERROR)
-			{
-			rv= -1;
-			goto end;
-			}
-
-		/* have we seen a '=' which is 'definitly' the last
-		 * input line.  seof will point to the character that
-		 * holds it. and eof will hold how many characters to
-		 * chop off. */
-		if (tmp == '=')
-			{
-			if (seof == -1) seof=n;
-			eof++;
-			}
-
-		if (v == B64_CR)
-			{
-			ln = 0;
-			if (exp_nl)
-				continue;
-			}
-
-		/* eoln */
-		if (v == B64_EOLN)
-			{
-			ln=0;
-			if (exp_nl)
-				{
-				exp_nl=0;
-				continue;
-				}
-			}
-		exp_nl=0;
-
-		/* If we are at the end of input and it looks like a
-		 * line, process it. */
-		if (((i+1) == inl) && (((n&3) == 0) || eof))
-			{
-			v=B64_EOF;
-			/* In case things were given us in really small
-			   records (so two '=' were given in separate
-			   updates), eof may contain the incorrect number
-			   of ending bytes to skip, so let's redo the count */
-			eof = 0;
-			if (d[n-1] == '=') eof++;
-			if (d[n-2] == '=') eof++;
-			/* There will never be more than two '=' */
-			}
-
-		if ((v == B64_EOF && (n&3) == 0) || (n >= 64))
-			{
-			/* This is needed to work correctly on 64 byte input
-			 * lines.  We process the line and then need to
-			 * accept the '\n' */
-			if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
-			if (n > 0)
-				{
-				v=EVP_DecodeBlock(out,d,n);
-				n=0;
-				if (v < 0) { rv=0; goto end; }
-				if (eof > v) { rv=-1; goto end; }
-				ret+=(v-eof);
-				}
-			else
-				{
-				eof=1;
-				v=0;
-				}
-
-			/* This is the case where we have had a short
-			 * but valid input line */
-			if ((v < ctx->length) && eof)
-				{
-				rv=0;
-				goto end;
-				}
-			else
-				ctx->length=v;
-
-			if (seof >= 0) { rv=0; goto end; }
-			out+=v;
-			}
-		}
-	rv=1;
-end:
-	*outl=ret;
-	ctx->num=n;
-	ctx->line_num=ln;
-	ctx->expect_nl=exp_nl;
-	return(rv);
-	}
-
-int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
-	{
-	int i,ret=0,a,b,c,d;
-	unsigned long l;
-
-	/* trim white space from the start of the line. */
-	while ((conv_ascii2bin(*f) == B64_WS) && (n > 0))
-		{
-		f++;
-		n--;
-		}
-
-	/* strip off stuff at the end of the line
-	 * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */
-	while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1]))))
-		n--;
-
-	if (n%4 != 0) return(-1);
-
-	for (i=0; i<n; i+=4)
-		{
-		a=conv_ascii2bin(*(f++));
-		b=conv_ascii2bin(*(f++));
-		c=conv_ascii2bin(*(f++));
-		d=conv_ascii2bin(*(f++));
-		if (	(a & 0x80) || (b & 0x80) ||
-			(c & 0x80) || (d & 0x80))
-			return(-1);
-		l=(	(((unsigned long)a)<<18L)|
-			(((unsigned long)b)<<12L)|
-			(((unsigned long)c)<< 6L)|
-			(((unsigned long)d)     ));
-		*(t++)=(unsigned char)(l>>16L)&0xff;
-		*(t++)=(unsigned char)(l>> 8L)&0xff;
-		*(t++)=(unsigned char)(l     )&0xff;
-		ret+=3;
-		}
-	return(ret);
-	}
-
-int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int i;
-
-	*outl=0;
-	if (ctx->num != 0)
-		{
-		i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num);
-		if (i < 0) return(-1);
-		ctx->num=0;
-		*outl=i;
-		return(1);
-		}
-	else
-		return(1);
-	}
-
-#ifdef undef
-int EVP_DecodeValid(unsigned char *buf, int len)
-	{
-	int i,num=0,bad=0;
-
-	if (len == 0) return(-1);
-	while (conv_ascii2bin(*buf) == B64_WS)
-		{
-		buf++;
-		len--;
-		if (len == 0) return(-1);
-		}
-
-	for (i=len; i >= 4; i-=4)
-		{
-		if (	(conv_ascii2bin(buf[0]) >= 0x40) ||
-			(conv_ascii2bin(buf[1]) >= 0x40) ||
-			(conv_ascii2bin(buf[2]) >= 0x40) ||
-			(conv_ascii2bin(buf[3]) >= 0x40))
-			return(-1);
-		buf+=4;
-		num+=1+(buf[2] != '=')+(buf[3] != '=');
-		}
-	if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
-		return(num);
-	if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
-		(conv_ascii2bin(buf[0]) == B64_EOLN))
-		return(num);
-	return(1);
-	}
-#endif
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
deleted file mode 100644
index ce7cda35d3..0000000000
--- a/crypto/evp/evp.h
+++ /dev/null
@@ -1,1411 +0,0 @@
-/* crypto/evp/evp.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ENVELOPE_H
-#define HEADER_ENVELOPE_H
-
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# include <openssl/opensslconf.h>
-#else
-# define OPENSSL_ALGORITHM_DEFINES
-# include <openssl/opensslconf.h>
-# undef OPENSSL_ALGORITHM_DEFINES
-#endif
-
-#include <openssl/ossl_typ.h>
-
-#include <openssl/symhacks.h>
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-
-/*
-#define EVP_RC2_KEY_SIZE		16
-#define EVP_RC4_KEY_SIZE		16
-#define EVP_BLOWFISH_KEY_SIZE		16
-#define EVP_CAST5_KEY_SIZE		16
-#define EVP_RC5_32_12_16_KEY_SIZE	16
-*/
-#define EVP_MAX_MD_SIZE			64	/* longest known is SHA512 */
-#define EVP_MAX_KEY_LENGTH		64
-#define EVP_MAX_IV_LENGTH		16
-#define EVP_MAX_BLOCK_LENGTH		32
-
-#define PKCS5_SALT_LEN			8
-/* Default PKCS#5 iteration count */
-#define PKCS5_DEFAULT_ITER		2048
-
-#include <openssl/objects.h>
-
-#define EVP_PK_RSA	0x0001
-#define EVP_PK_DSA	0x0002
-#define EVP_PK_DH	0x0004
-#define EVP_PK_EC	0x0008
-#define EVP_PKT_SIGN	0x0010
-#define EVP_PKT_ENC	0x0020
-#define EVP_PKT_EXCH	0x0040
-#define EVP_PKS_RSA	0x0100
-#define EVP_PKS_DSA	0x0200
-#define EVP_PKS_EC	0x0400
-#define EVP_PKT_EXP	0x1000 /* <= 512 bit key */
-
-#define EVP_PKEY_NONE	NID_undef
-#define EVP_PKEY_RSA	NID_rsaEncryption
-#define EVP_PKEY_RSA2	NID_rsa
-#define EVP_PKEY_DSA	NID_dsa
-#define EVP_PKEY_DSA1	NID_dsa_2
-#define EVP_PKEY_DSA2	NID_dsaWithSHA
-#define EVP_PKEY_DSA3	NID_dsaWithSHA1
-#define EVP_PKEY_DSA4	NID_dsaWithSHA1_2
-#define EVP_PKEY_DH	NID_dhKeyAgreement
-#define EVP_PKEY_EC	NID_X9_62_id_ecPublicKey
-#define EVP_PKEY_HMAC	NID_hmac
-#define EVP_PKEY_CMAC	NID_cmac
-
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-/* Type needs to be a bit field
- * Sub-type needs to be for variations on the method, as in, can it do
- * arbitrary encryption.... */
-struct evp_pkey_st
-	{
-	int type;
-	int save_type;
-	int references;
-	const EVP_PKEY_ASN1_METHOD *ameth;
-	ENGINE *engine;
-	union	{
-		char *ptr;
-#ifndef OPENSSL_NO_RSA
-		struct rsa_st *rsa;	/* RSA */
-#endif
-#ifndef OPENSSL_NO_DSA
-		struct dsa_st *dsa;	/* DSA */
-#endif
-#ifndef OPENSSL_NO_DH
-		struct dh_st *dh;	/* DH */
-#endif
-#ifndef OPENSSL_NO_EC
-		struct ec_key_st *ec;	/* ECC */
-#endif
-		} pkey;
-	int save_parameters;
-	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-	} /* EVP_PKEY */;
-
-#define EVP_PKEY_MO_SIGN	0x0001
-#define EVP_PKEY_MO_VERIFY	0x0002
-#define EVP_PKEY_MO_ENCRYPT	0x0004
-#define EVP_PKEY_MO_DECRYPT	0x0008
-
-#ifndef EVP_MD
-struct env_md_st
-	{
-	int type;
-	int pkey_type;
-	int md_size;
-	unsigned long flags;
-	int (*init)(EVP_MD_CTX *ctx);
-	int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
-	int (*final)(EVP_MD_CTX *ctx,unsigned char *md);
-	int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);
-	int (*cleanup)(EVP_MD_CTX *ctx);
-
-	/* FIXME: prototype these some day */
-	int (*sign)(int type, const unsigned char *m, unsigned int m_length,
-		    unsigned char *sigret, unsigned int *siglen, void *key);
-	int (*verify)(int type, const unsigned char *m, unsigned int m_length,
-		      const unsigned char *sigbuf, unsigned int siglen,
-		      void *key);
-	int required_pkey_type[5]; /*EVP_PKEY_xxx */
-	int block_size;
-	int ctx_size; /* how big does the ctx->md_data need to be */
-	/* control function */
-	int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
-	} /* EVP_MD */;
-
-typedef int evp_sign_method(int type,const unsigned char *m,
-			    unsigned int m_length,unsigned char *sigret,
-			    unsigned int *siglen, void *key);
-typedef int evp_verify_method(int type,const unsigned char *m,
-			    unsigned int m_length,const unsigned char *sigbuf,
-			    unsigned int siglen, void *key);
-
-#define EVP_MD_FLAG_ONESHOT	0x0001 /* digest can only handle a single
-					* block */
-
-#define EVP_MD_FLAG_PKEY_DIGEST	0x0002 /* digest is a "clone" digest used
-					* which is a copy of an existing
-					* one for a specific public key type.
-					* EVP_dss1() etc */
-
-/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */
-
-#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE	0x0004
-
-/* DigestAlgorithmIdentifier flags... */
-
-#define EVP_MD_FLAG_DIGALGID_MASK		0x0018
-
-/* NULL or absent parameter accepted. Use NULL */
-
-#define EVP_MD_FLAG_DIGALGID_NULL		0x0000
-
-/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */
-
-#define EVP_MD_FLAG_DIGALGID_ABSENT		0x0008
-
-/* Custom handling via ctrl */
-
-#define EVP_MD_FLAG_DIGALGID_CUSTOM		0x0018
-
-#define EVP_MD_FLAG_FIPS	0x0400 /* Note if suitable for use in FIPS mode */
-
-/* Digest ctrls */
-
-#define	EVP_MD_CTRL_DIGALGID			0x1
-#define	EVP_MD_CTRL_MICALG			0x2
-
-/* Minimum Algorithm specific ctrl value */
-
-#define	EVP_MD_CTRL_ALG_CTRL			0x1000
-
-#define EVP_PKEY_NULL_method	NULL,NULL,{0,0,0,0}
-
-#ifndef OPENSSL_NO_DSA
-#define EVP_PKEY_DSA_method	(evp_sign_method *)DSA_sign, \
-				(evp_verify_method *)DSA_verify, \
-				{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
-					EVP_PKEY_DSA4,0}
-#else
-#define EVP_PKEY_DSA_method	EVP_PKEY_NULL_method
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-#define EVP_PKEY_ECDSA_method   (evp_sign_method *)ECDSA_sign, \
-				(evp_verify_method *)ECDSA_verify, \
-                                 {EVP_PKEY_EC,0,0,0}
-#else   
-#define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method
-#endif
-
-#ifndef OPENSSL_NO_RSA
-#define EVP_PKEY_RSA_method	(evp_sign_method *)RSA_sign, \
-				(evp_verify_method *)RSA_verify, \
-				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
-				(evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \
-				(evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \
-				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-#else
-#define EVP_PKEY_RSA_method	EVP_PKEY_NULL_method
-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
-#endif
-
-#endif /* !EVP_MD */
-
-struct env_md_ctx_st
-	{
-	const EVP_MD *digest;
-	ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
-	unsigned long flags;
-	void *md_data;
-	/* Public key context for sign/verify */
-	EVP_PKEY_CTX *pctx;
-	/* Update function: usually copied from EVP_MD */
-	int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
-	} /* EVP_MD_CTX */;
-
-/* values for EVP_MD_CTX flags */
-
-#define EVP_MD_CTX_FLAG_ONESHOT		0x0001 /* digest update will be called
-						* once only */
-#define EVP_MD_CTX_FLAG_CLEANED		0x0002 /* context has already been
-						* cleaned */
-#define EVP_MD_CTX_FLAG_REUSE		0x0004 /* Don't free up ctx->md_data
-						* in EVP_MD_CTX_cleanup */
-/* FIPS and pad options are ignored in 1.0.0, definitions are here
- * so we don't accidentally reuse the values for other purposes.
- */
-
-#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW	0x0008	/* Allow use of non FIPS digest
-						 * in FIPS mode */
-
-/* The following PAD options are also currently ignored in 1.0.0, digest
- * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*()
- * instead.
- */
-#define EVP_MD_CTX_FLAG_PAD_MASK	0xF0	/* RSA mode to use */
-#define EVP_MD_CTX_FLAG_PAD_PKCS1	0x00	/* PKCS#1 v1.5 mode */
-#define EVP_MD_CTX_FLAG_PAD_X931	0x10	/* X9.31 mode */
-#define EVP_MD_CTX_FLAG_PAD_PSS		0x20	/* PSS mode */
-
-#define EVP_MD_CTX_FLAG_NO_INIT		0x0100 /* Don't initialize md_data */
-
-struct evp_cipher_st
-	{
-	int nid;
-	int block_size;
-	int key_len;		/* Default value for variable length ciphers */
-	int iv_len;
-	unsigned long flags;	/* Various flags */
-	int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		    const unsigned char *iv, int enc);	/* init key */
-	int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			 const unsigned char *in, size_t inl);/* encrypt/decrypt data */
-	int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
-	int ctx_size;		/* how big ctx->cipher_data needs to be */
-	int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
-	int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
-	int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
-	void *app_data;		/* Application data */
-	} /* EVP_CIPHER */;
-
-/* Values for cipher flags */
-
-/* Modes for ciphers */
-
-#define		EVP_CIPH_STREAM_CIPHER		0x0
-#define		EVP_CIPH_ECB_MODE		0x1
-#define		EVP_CIPH_CBC_MODE		0x2
-#define		EVP_CIPH_CFB_MODE		0x3
-#define		EVP_CIPH_OFB_MODE		0x4
-#define		EVP_CIPH_CTR_MODE		0x5
-#define		EVP_CIPH_GCM_MODE		0x6
-#define		EVP_CIPH_CCM_MODE		0x7
-#define		EVP_CIPH_XTS_MODE		0x10001
-#define 	EVP_CIPH_MODE			0xF0007
-/* Set if variable length cipher */
-#define 	EVP_CIPH_VARIABLE_LENGTH	0x8
-/* Set if the iv handling should be done by the cipher itself */
-#define 	EVP_CIPH_CUSTOM_IV		0x10
-/* Set if the cipher's init() function should be called if key is NULL */
-#define 	EVP_CIPH_ALWAYS_CALL_INIT	0x20
-/* Call ctrl() to init cipher parameters */
-#define 	EVP_CIPH_CTRL_INIT		0x40
-/* Don't use standard key length function */
-#define 	EVP_CIPH_CUSTOM_KEY_LENGTH	0x80
-/* Don't use standard block padding */
-#define 	EVP_CIPH_NO_PADDING		0x100
-/* cipher handles random key generation */
-#define 	EVP_CIPH_RAND_KEY		0x200
-/* cipher has its own additional copying logic */
-#define 	EVP_CIPH_CUSTOM_COPY		0x400
-/* Allow use default ASN1 get/set iv */
-#define		EVP_CIPH_FLAG_DEFAULT_ASN1	0x1000
-/* Buffer length in bits not bytes: CFB1 mode only */
-#define		EVP_CIPH_FLAG_LENGTH_BITS	0x2000
-/* Note if suitable for use in FIPS mode */
-#define		EVP_CIPH_FLAG_FIPS		0x4000
-/* Allow non FIPS cipher in FIPS mode */
-#define		EVP_CIPH_FLAG_NON_FIPS_ALLOW	0x8000
-/* Cipher handles any and all padding logic as well
- * as finalisation.
- */
-#define 	EVP_CIPH_FLAG_CUSTOM_CIPHER	0x100000
-#define		EVP_CIPH_FLAG_AEAD_CIPHER	0x200000
-
-/* ctrl() values */
-
-#define		EVP_CTRL_INIT			0x0
-#define 	EVP_CTRL_SET_KEY_LENGTH		0x1
-#define 	EVP_CTRL_GET_RC2_KEY_BITS	0x2
-#define 	EVP_CTRL_SET_RC2_KEY_BITS	0x3
-#define 	EVP_CTRL_GET_RC5_ROUNDS		0x4
-#define 	EVP_CTRL_SET_RC5_ROUNDS		0x5
-#define 	EVP_CTRL_RAND_KEY		0x6
-#define 	EVP_CTRL_PBE_PRF_NID		0x7
-#define 	EVP_CTRL_COPY			0x8
-#define 	EVP_CTRL_GCM_SET_IVLEN		0x9
-#define 	EVP_CTRL_GCM_GET_TAG		0x10
-#define 	EVP_CTRL_GCM_SET_TAG		0x11
-#define		EVP_CTRL_GCM_SET_IV_FIXED	0x12
-#define		EVP_CTRL_GCM_IV_GEN		0x13
-#define		EVP_CTRL_CCM_SET_IVLEN		EVP_CTRL_GCM_SET_IVLEN
-#define		EVP_CTRL_CCM_GET_TAG		EVP_CTRL_GCM_GET_TAG
-#define		EVP_CTRL_CCM_SET_TAG		EVP_CTRL_GCM_SET_TAG
-#define		EVP_CTRL_CCM_SET_L		0x14
-#define		EVP_CTRL_CCM_SET_MSGLEN		0x15
-/* AEAD cipher deduces payload length and returns number of bytes
- * required to store MAC and eventual padding. Subsequent call to
- * EVP_Cipher even appends/verifies MAC.
- */
-#define		EVP_CTRL_AEAD_TLS1_AAD		0x16
-/* Used by composite AEAD ciphers, no-op in GCM, CCM... */
-#define		EVP_CTRL_AEAD_SET_MAC_KEY	0x17
-/* Set the GCM invocation field, decrypt only */
-#define		EVP_CTRL_GCM_SET_IV_INV		0x18
-
-/* GCM TLS constants */
-/* Length of fixed part of IV derived from PRF */
-#define EVP_GCM_TLS_FIXED_IV_LEN			4
-/* Length of explicit part of IV part of TLS records */
-#define EVP_GCM_TLS_EXPLICIT_IV_LEN			8
-/* Length of tag for TLS */
-#define EVP_GCM_TLS_TAG_LEN				16
-
-typedef struct evp_cipher_info_st
-	{
-	const EVP_CIPHER *cipher;
-	unsigned char iv[EVP_MAX_IV_LENGTH];
-	} EVP_CIPHER_INFO;
-
-struct evp_cipher_ctx_st
-	{
-	const EVP_CIPHER *cipher;
-	ENGINE *engine;	/* functional reference if 'cipher' is ENGINE-provided */
-	int encrypt;		/* encrypt or decrypt */
-	int buf_len;		/* number we have left */
-
-	unsigned char  oiv[EVP_MAX_IV_LENGTH];	/* original iv */
-	unsigned char  iv[EVP_MAX_IV_LENGTH];	/* working iv */
-	unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
-	int num;				/* used by cfb/ofb/ctr mode */
-
-	void *app_data;		/* application stuff */
-	int key_len;		/* May change for variable length cipher */
-	unsigned long flags;	/* Various flags */
-	void *cipher_data; /* per EVP data */
-	int final_used;
-	int block_mask;
-	unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
-	} /* EVP_CIPHER_CTX */;
-
-typedef struct evp_Encode_Ctx_st
-	{
-	int num;	/* number saved in a partial encode/decode */
-	int length;	/* The length is either the output line length
-			 * (in input bytes) or the shortest input line
-			 * length that is ok.  Once decoding begins,
-			 * the length is adjusted up each time a longer
-			 * line is decoded */
-	unsigned char enc_data[80];	/* data to encode */
-	int line_num;	/* number read on current line */
-	int expect_nl;
-	} EVP_ENCODE_CTX;
-
-/* Password based encryption function */
-typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-		ASN1_TYPE *param, const EVP_CIPHER *cipher,
-                const EVP_MD *md, int en_de);
-
-#ifndef OPENSSL_NO_RSA
-#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
-					(char *)(rsa))
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
-					(char *)(dsa))
-#endif
-
-#ifndef OPENSSL_NO_DH
-#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
-					(char *)(dh))
-#endif
-
-#ifndef OPENSSL_NO_EC
-#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
-                                        (char *)(eckey))
-#endif
-
-/* Add some extra combinations */
-#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
-#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
-#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
-#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
-
-int EVP_MD_type(const EVP_MD *md);
-#define EVP_MD_nid(e)			EVP_MD_type(e)
-#define EVP_MD_name(e)			OBJ_nid2sn(EVP_MD_nid(e))
-int EVP_MD_pkey_type(const EVP_MD *md);	
-int EVP_MD_size(const EVP_MD *md);
-int EVP_MD_block_size(const EVP_MD *md);
-unsigned long EVP_MD_flags(const EVP_MD *md);
-
-const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
-#define EVP_MD_CTX_size(e)		EVP_MD_size(EVP_MD_CTX_md(e))
-#define EVP_MD_CTX_block_size(e)	EVP_MD_block_size(EVP_MD_CTX_md(e))
-#define EVP_MD_CTX_type(e)		EVP_MD_type(EVP_MD_CTX_md(e))
-
-int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
-#define EVP_CIPHER_name(e)		OBJ_nid2sn(EVP_CIPHER_nid(e))
-int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
-#define EVP_CIPHER_mode(e)		(EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
-
-const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
-void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
-void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
-#define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
-#define EVP_CIPHER_CTX_mode(e)		(EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
-
-#define EVP_ENCODE_LENGTH(l)	(((l+2)/3*4)+(l/48+1)*2+80)
-#define EVP_DECODE_LENGTH(l)	((l+3)/4*3+80)
-
-#define EVP_SignInit_ex(a,b,c)		EVP_DigestInit_ex(a,b,c)
-#define EVP_SignInit(a,b)		EVP_DigestInit(a,b)
-#define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
-#define	EVP_VerifyInit_ex(a,b,c)	EVP_DigestInit_ex(a,b,c)
-#define	EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)
-#define	EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
-#define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)
-#define EVP_SealUpdate(a,b,c,d,e)	EVP_EncryptUpdate(a,b,c,d,e)	
-#define EVP_DigestSignUpdate(a,b,c)	EVP_DigestUpdate(a,b,c)
-#define EVP_DigestVerifyUpdate(a,b,c)	EVP_DigestUpdate(a,b,c)
-
-#ifdef CONST_STRICT
-void BIO_set_md(BIO *,const EVP_MD *md);
-#else
-# define BIO_set_md(b,md)		BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
-#endif
-#define BIO_get_md(b,mdp)		BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
-#define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
-#define BIO_set_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
-#define BIO_get_cipher_status(b)	BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
-#define BIO_get_cipher_ctx(b,c_pp)	BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
-
-int EVP_Cipher(EVP_CIPHER_CTX *c,
-		unsigned char *out,
-		const unsigned char *in,
-		unsigned int inl);
-
-#define EVP_add_cipher_alias(n,alias) \
-	OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
-#define EVP_add_digest_alias(n,alias) \
-	OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))
-#define EVP_delete_cipher_alias(alias) \
-	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);
-#define EVP_delete_digest_alias(alias) \
-	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
-
-void	EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-int	EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
-EVP_MD_CTX *EVP_MD_CTX_create(void);
-void	EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-void	EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
-void	EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
-int 	EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
-int	EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
-int	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
-			 size_t cnt);
-int	EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-int	EVP_Digest(const void *data, size_t count,
-		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
-
-int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-int	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-
-int	EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
-int	EVP_read_pw_string_min(char *buf,int minlen,int maxlen,const char *prompt,int verify);
-void	EVP_set_pw_prompt(const char *prompt);
-char *	EVP_get_pw_prompt(void);
-
-int	EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
-		const unsigned char *salt, const unsigned char *data,
-		int datal, int count, unsigned char *key,unsigned char *iv);
-
-void	EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
-void	EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
-int 	EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags);
-
-int	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
-		const unsigned char *key, const unsigned char *iv);
-int	EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-		const unsigned char *key, const unsigned char *iv);
-int	EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		int *outl, const unsigned char *in, int inl);
-int	EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-int	EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-int	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
-		const unsigned char *key, const unsigned char *iv);
-int	EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-		const unsigned char *key, const unsigned char *iv);
-int	EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		int *outl, const unsigned char *in, int inl);
-int	EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int	EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int	EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
-		       const unsigned char *key,const unsigned char *iv,
-		       int enc);
-int	EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-		       const unsigned char *key,const unsigned char *iv,
-		       int enc);
-int	EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		int *outl, const unsigned char *in, int inl);
-int	EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int	EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
-		EVP_PKEY *pkey);
-
-int	EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
-		unsigned int siglen,EVP_PKEY *pkey);
-
-int	EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-			const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-int	EVP_DigestSignFinal(EVP_MD_CTX *ctx,
-			unsigned char *sigret, size_t *siglen);
-
-int	EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-			const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-int	EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
-			unsigned char *sig, size_t siglen);
-
-int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
-		const unsigned char *ek, int ekl, const unsigned char *iv,
-		EVP_PKEY *priv);
-int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-int	EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-		 unsigned char **ek, int *ekl, unsigned char *iv,
-		EVP_PKEY **pubk, int npubk);
-int	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
-
-void	EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-void	EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
-		const unsigned char *in,int inl);
-void	EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
-int	EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
-
-void	EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
-int	EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
-		const unsigned char *in, int inl);
-int	EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
-		char *out, int *outl);
-int	EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
-
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
-int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
-int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
-
-#ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_md(void);
-BIO_METHOD *BIO_f_base64(void);
-BIO_METHOD *BIO_f_cipher(void);
-BIO_METHOD *BIO_f_reliable(void);
-void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k,
-		const unsigned char *i, int enc);
-#endif
-
-const EVP_MD *EVP_md_null(void);
-#ifndef OPENSSL_NO_MD2
-const EVP_MD *EVP_md2(void);
-#endif
-#ifndef OPENSSL_NO_MD4
-const EVP_MD *EVP_md4(void);
-#endif
-#ifndef OPENSSL_NO_MD5
-const EVP_MD *EVP_md5(void);
-#endif
-#ifndef OPENSSL_NO_SHA
-const EVP_MD *EVP_sha(void);
-const EVP_MD *EVP_sha1(void);
-const EVP_MD *EVP_dss(void);
-const EVP_MD *EVP_dss1(void);
-const EVP_MD *EVP_ecdsa(void);
-#endif
-#ifndef OPENSSL_NO_SHA256
-const EVP_MD *EVP_sha224(void);
-const EVP_MD *EVP_sha256(void);
-#endif
-#ifndef OPENSSL_NO_SHA512
-const EVP_MD *EVP_sha384(void);
-const EVP_MD *EVP_sha512(void);
-#endif
-#ifndef OPENSSL_NO_MDC2
-const EVP_MD *EVP_mdc2(void);
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-const EVP_MD *EVP_ripemd160(void);
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-const EVP_MD *EVP_whirlpool(void);
-#endif
-const EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */
-#ifndef OPENSSL_NO_DES
-const EVP_CIPHER *EVP_des_ecb(void);
-const EVP_CIPHER *EVP_des_ede(void);
-const EVP_CIPHER *EVP_des_ede3(void);
-const EVP_CIPHER *EVP_des_ede_ecb(void);
-const EVP_CIPHER *EVP_des_ede3_ecb(void);
-const EVP_CIPHER *EVP_des_cfb64(void);
-# define EVP_des_cfb EVP_des_cfb64
-const EVP_CIPHER *EVP_des_cfb1(void);
-const EVP_CIPHER *EVP_des_cfb8(void);
-const EVP_CIPHER *EVP_des_ede_cfb64(void);
-# define EVP_des_ede_cfb EVP_des_ede_cfb64
-#if 0
-const EVP_CIPHER *EVP_des_ede_cfb1(void);
-const EVP_CIPHER *EVP_des_ede_cfb8(void);
-#endif
-const EVP_CIPHER *EVP_des_ede3_cfb64(void);
-# define EVP_des_ede3_cfb EVP_des_ede3_cfb64
-const EVP_CIPHER *EVP_des_ede3_cfb1(void);
-const EVP_CIPHER *EVP_des_ede3_cfb8(void);
-const EVP_CIPHER *EVP_des_ofb(void);
-const EVP_CIPHER *EVP_des_ede_ofb(void);
-const EVP_CIPHER *EVP_des_ede3_ofb(void);
-const EVP_CIPHER *EVP_des_cbc(void);
-const EVP_CIPHER *EVP_des_ede_cbc(void);
-const EVP_CIPHER *EVP_des_ede3_cbc(void);
-const EVP_CIPHER *EVP_desx_cbc(void);
-/* This should now be supported through the dev_crypto ENGINE. But also, why are
- * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */
-#if 0
-# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
-const EVP_CIPHER *EVP_dev_crypto_rc4(void);
-const EVP_MD *EVP_dev_crypto_md5(void);
-# endif
-#endif
-#endif
-#ifndef OPENSSL_NO_RC4
-const EVP_CIPHER *EVP_rc4(void);
-const EVP_CIPHER *EVP_rc4_40(void);
-#ifndef OPENSSL_NO_MD5
-const EVP_CIPHER *EVP_rc4_hmac_md5(void);
-#endif
-#endif
-#ifndef OPENSSL_NO_IDEA
-const EVP_CIPHER *EVP_idea_ecb(void);
-const EVP_CIPHER *EVP_idea_cfb64(void);
-# define EVP_idea_cfb EVP_idea_cfb64
-const EVP_CIPHER *EVP_idea_ofb(void);
-const EVP_CIPHER *EVP_idea_cbc(void);
-#endif
-#ifndef OPENSSL_NO_RC2
-const EVP_CIPHER *EVP_rc2_ecb(void);
-const EVP_CIPHER *EVP_rc2_cbc(void);
-const EVP_CIPHER *EVP_rc2_40_cbc(void);
-const EVP_CIPHER *EVP_rc2_64_cbc(void);
-const EVP_CIPHER *EVP_rc2_cfb64(void);
-# define EVP_rc2_cfb EVP_rc2_cfb64
-const EVP_CIPHER *EVP_rc2_ofb(void);
-#endif
-#ifndef OPENSSL_NO_BF
-const EVP_CIPHER *EVP_bf_ecb(void);
-const EVP_CIPHER *EVP_bf_cbc(void);
-const EVP_CIPHER *EVP_bf_cfb64(void);
-# define EVP_bf_cfb EVP_bf_cfb64
-const EVP_CIPHER *EVP_bf_ofb(void);
-#endif
-#ifndef OPENSSL_NO_CAST
-const EVP_CIPHER *EVP_cast5_ecb(void);
-const EVP_CIPHER *EVP_cast5_cbc(void);
-const EVP_CIPHER *EVP_cast5_cfb64(void);
-# define EVP_cast5_cfb EVP_cast5_cfb64
-const EVP_CIPHER *EVP_cast5_ofb(void);
-#endif
-#ifndef OPENSSL_NO_RC5
-const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
-# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
-const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
-#endif
-#ifndef OPENSSL_NO_AES
-const EVP_CIPHER *EVP_aes_128_ecb(void);
-const EVP_CIPHER *EVP_aes_128_cbc(void);
-const EVP_CIPHER *EVP_aes_128_cfb1(void);
-const EVP_CIPHER *EVP_aes_128_cfb8(void);
-const EVP_CIPHER *EVP_aes_128_cfb128(void);
-# define EVP_aes_128_cfb EVP_aes_128_cfb128
-const EVP_CIPHER *EVP_aes_128_ofb(void);
-const EVP_CIPHER *EVP_aes_128_ctr(void);
-const EVP_CIPHER *EVP_aes_128_ccm(void);
-const EVP_CIPHER *EVP_aes_128_gcm(void);
-const EVP_CIPHER *EVP_aes_128_xts(void);
-const EVP_CIPHER *EVP_aes_192_ecb(void);
-const EVP_CIPHER *EVP_aes_192_cbc(void);
-const EVP_CIPHER *EVP_aes_192_cfb1(void);
-const EVP_CIPHER *EVP_aes_192_cfb8(void);
-const EVP_CIPHER *EVP_aes_192_cfb128(void);
-# define EVP_aes_192_cfb EVP_aes_192_cfb128
-const EVP_CIPHER *EVP_aes_192_ofb(void);
-const EVP_CIPHER *EVP_aes_192_ctr(void);
-const EVP_CIPHER *EVP_aes_192_ccm(void);
-const EVP_CIPHER *EVP_aes_192_gcm(void);
-const EVP_CIPHER *EVP_aes_256_ecb(void);
-const EVP_CIPHER *EVP_aes_256_cbc(void);
-const EVP_CIPHER *EVP_aes_256_cfb1(void);
-const EVP_CIPHER *EVP_aes_256_cfb8(void);
-const EVP_CIPHER *EVP_aes_256_cfb128(void);
-# define EVP_aes_256_cfb EVP_aes_256_cfb128
-const EVP_CIPHER *EVP_aes_256_ofb(void);
-const EVP_CIPHER *EVP_aes_256_ctr(void);
-const EVP_CIPHER *EVP_aes_256_ccm(void);
-const EVP_CIPHER *EVP_aes_256_gcm(void);
-const EVP_CIPHER *EVP_aes_256_xts(void);
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
-const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
-#endif
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-const EVP_CIPHER *EVP_camellia_128_ecb(void);
-const EVP_CIPHER *EVP_camellia_128_cbc(void);
-const EVP_CIPHER *EVP_camellia_128_cfb1(void);
-const EVP_CIPHER *EVP_camellia_128_cfb8(void);
-const EVP_CIPHER *EVP_camellia_128_cfb128(void);
-# define EVP_camellia_128_cfb EVP_camellia_128_cfb128
-const EVP_CIPHER *EVP_camellia_128_ofb(void);
-const EVP_CIPHER *EVP_camellia_192_ecb(void);
-const EVP_CIPHER *EVP_camellia_192_cbc(void);
-const EVP_CIPHER *EVP_camellia_192_cfb1(void);
-const EVP_CIPHER *EVP_camellia_192_cfb8(void);
-const EVP_CIPHER *EVP_camellia_192_cfb128(void);
-# define EVP_camellia_192_cfb EVP_camellia_192_cfb128
-const EVP_CIPHER *EVP_camellia_192_ofb(void);
-const EVP_CIPHER *EVP_camellia_256_ecb(void);
-const EVP_CIPHER *EVP_camellia_256_cbc(void);
-const EVP_CIPHER *EVP_camellia_256_cfb1(void);
-const EVP_CIPHER *EVP_camellia_256_cfb8(void);
-const EVP_CIPHER *EVP_camellia_256_cfb128(void);
-# define EVP_camellia_256_cfb EVP_camellia_256_cfb128
-const EVP_CIPHER *EVP_camellia_256_ofb(void);
-#endif
-
-#ifndef OPENSSL_NO_SEED
-const EVP_CIPHER *EVP_seed_ecb(void);
-const EVP_CIPHER *EVP_seed_cbc(void);
-const EVP_CIPHER *EVP_seed_cfb128(void);
-# define EVP_seed_cfb EVP_seed_cfb128
-const EVP_CIPHER *EVP_seed_ofb(void);
-#endif
-
-void OPENSSL_add_all_algorithms_noconf(void);
-void OPENSSL_add_all_algorithms_conf(void);
-
-#ifdef OPENSSL_LOAD_CONF
-#define OpenSSL_add_all_algorithms() \
-		OPENSSL_add_all_algorithms_conf()
-#else
-#define OpenSSL_add_all_algorithms() \
-		OPENSSL_add_all_algorithms_noconf()
-#endif
-
-void OpenSSL_add_all_ciphers(void);
-void OpenSSL_add_all_digests(void);
-#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
-#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
-#define SSLeay_add_all_digests() OpenSSL_add_all_digests()
-
-int EVP_add_cipher(const EVP_CIPHER *cipher);
-int EVP_add_digest(const EVP_MD *digest);
-
-const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
-const EVP_MD *EVP_get_digestbyname(const char *name);
-void EVP_cleanup(void);
-
-void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph,
-		const char *from, const char *to, void *x), void *arg);
-void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph,
-		const char *from, const char *to, void *x), void *arg);
-
-void EVP_MD_do_all(void (*fn)(const EVP_MD *ciph,
-		const char *from, const char *to, void *x), void *arg);
-void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *ciph,
-		const char *from, const char *to, void *x), void *arg);
-
-int		EVP_PKEY_decrypt_old(unsigned char *dec_key,
-			const unsigned char *enc_key,int enc_key_len,
-			EVP_PKEY *private_key);
-int		EVP_PKEY_encrypt_old(unsigned char *enc_key,
-			const unsigned char *key,int key_len,
-			EVP_PKEY *pub_key);
-int		EVP_PKEY_type(int type);
-int		EVP_PKEY_id(const EVP_PKEY *pkey);
-int		EVP_PKEY_base_id(const EVP_PKEY *pkey);
-int		EVP_PKEY_bits(EVP_PKEY *pkey);
-int		EVP_PKEY_size(EVP_PKEY *pkey);
-int 		EVP_PKEY_set_type(EVP_PKEY *pkey,int type);
-int		EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
-int 		EVP_PKEY_assign(EVP_PKEY *pkey,int type,void *key);
-void *		EVP_PKEY_get0(EVP_PKEY *pkey);
-
-#ifndef OPENSSL_NO_RSA
-struct rsa_st;
-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key);
-struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_DSA
-struct dsa_st;
-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key);
-struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_DH
-struct dh_st;
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);
-struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_EC
-struct ec_key_st;
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key);
-struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-#endif
-
-EVP_PKEY *	EVP_PKEY_new(void);
-EVP_PKEY *	EVP_PKEY_dup(EVP_PKEY *pkey);
-void		EVP_PKEY_free(EVP_PKEY *pkey);
-EVP_PKEY *	EVP_PKEY_up_ref(EVP_PKEY *pkey);
-
-EVP_PKEY *	d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,
-			long length);
-int		i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
-
-EVP_PKEY *	d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp,
-			long length);
-EVP_PKEY *	d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
-			long length);
-int		i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
-
-int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
-int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
-int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
-int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
-
-int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
-
-int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
-				int indent, ASN1_PCTX *pctx);
-int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
-				int indent, ASN1_PCTX *pctx);
-int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
-				int indent, ASN1_PCTX *pctx);
-
-int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
-
-int EVP_CIPHER_type(const EVP_CIPHER *ctx);
-
-/* calls methods */
-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-/* These are used by EVP_CIPHER methods */
-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
-
-/* PKCS5 password based encryption */
-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
-			 int en_de);
-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-			   const unsigned char *salt, int saltlen, int iter,
-			   int keylen, unsigned char *out);
-int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
-			   const unsigned char *salt, int saltlen, int iter,
-			   const EVP_MD *digest,
-		      int keylen, unsigned char *out);
-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
-			 int en_de);
-
-void PKCS5_PBE_add(void);
-
-int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
-	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
-
-/* PBE type */
-
-/* Can appear as the outermost AlgorithmIdentifier */
-#define EVP_PBE_TYPE_OUTER	0x0
-/* Is an PRF type OID */
-#define EVP_PBE_TYPE_PRF	0x1
-
-int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
-	     EVP_PBE_KEYGEN *keygen);
-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
-		    EVP_PBE_KEYGEN *keygen);
-int EVP_PBE_find(int type, int pbe_nid,
-			int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen);
-void EVP_PBE_cleanup(void);
-
-#define ASN1_PKEY_ALIAS		0x1
-#define ASN1_PKEY_DYNAMIC	0x2
-#define ASN1_PKEY_SIGPARAM_NULL	0x4
-
-#define ASN1_PKEY_CTRL_PKCS7_SIGN	0x1
-#define ASN1_PKEY_CTRL_PKCS7_ENCRYPT	0x2
-#define ASN1_PKEY_CTRL_DEFAULT_MD_NID	0x3
-#define ASN1_PKEY_CTRL_CMS_SIGN		0x5
-#define ASN1_PKEY_CTRL_CMS_ENVELOPE	0x7
-
-int EVP_PKEY_asn1_get_count(void);
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
-					const char *str, int len);
-int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
-int EVP_PKEY_asn1_add_alias(int to, int from);
-int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags,
-				const char **pinfo, const char **ppem_str,
-					const EVP_PKEY_ASN1_METHOD *ameth);
-
-const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey);
-EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
-					const char *pem_str, const char *info);
-void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, 
-			const EVP_PKEY_ASN1_METHOD *src);
-void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
-void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
-		int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub),
-		int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk),
-		int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
-		int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *pctx),
-		int (*pkey_size)(const EVP_PKEY *pk),
-		int (*pkey_bits)(const EVP_PKEY *pk));
-void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
-		int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf),
-		int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk),
-		int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *pctx));
-void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
-		int (*param_decode)(EVP_PKEY *pkey,
-				const unsigned char **pder, int derlen),
-		int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder),
-		int (*param_missing)(const EVP_PKEY *pk),
-		int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from),
-		int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
-		int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *pctx));
-
-void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
-		void (*pkey_free)(EVP_PKEY *pkey));
-void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
-		int (*pkey_ctrl)(EVP_PKEY *pkey, int op,
-							long arg1, void *arg2));
-
-
-#define EVP_PKEY_OP_UNDEFINED		0
-#define EVP_PKEY_OP_PARAMGEN		(1<<1)
-#define EVP_PKEY_OP_KEYGEN		(1<<2)
-#define EVP_PKEY_OP_SIGN		(1<<3)
-#define EVP_PKEY_OP_VERIFY		(1<<4)
-#define EVP_PKEY_OP_VERIFYRECOVER	(1<<5)
-#define EVP_PKEY_OP_SIGNCTX		(1<<6)
-#define EVP_PKEY_OP_VERIFYCTX		(1<<7)
-#define EVP_PKEY_OP_ENCRYPT		(1<<8)
-#define EVP_PKEY_OP_DECRYPT		(1<<9)
-#define EVP_PKEY_OP_DERIVE		(1<<10)
-
-#define EVP_PKEY_OP_TYPE_SIG	\
-	(EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
-		| EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
-
-#define EVP_PKEY_OP_TYPE_CRYPT \
-	(EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
-
-#define EVP_PKEY_OP_TYPE_NOGEN \
-	(EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
-
-#define EVP_PKEY_OP_TYPE_GEN \
-		(EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
-
-#define	 EVP_PKEY_CTX_set_signature_md(ctx, md)	\
-		EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
-					EVP_PKEY_CTRL_MD, 0, (void *)md)
-
-#define EVP_PKEY_CTRL_MD		1
-#define EVP_PKEY_CTRL_PEER_KEY		2
-
-#define EVP_PKEY_CTRL_PKCS7_ENCRYPT	3
-#define EVP_PKEY_CTRL_PKCS7_DECRYPT	4
-
-#define EVP_PKEY_CTRL_PKCS7_SIGN	5
-
-#define EVP_PKEY_CTRL_SET_MAC_KEY	6
-
-#define EVP_PKEY_CTRL_DIGESTINIT	7
-
-/* Used by GOST key encryption in TLS */
-#define EVP_PKEY_CTRL_SET_IV 		8
-
-#define EVP_PKEY_CTRL_CMS_ENCRYPT	9
-#define EVP_PKEY_CTRL_CMS_DECRYPT	10
-#define EVP_PKEY_CTRL_CMS_SIGN		11
-
-#define EVP_PKEY_CTRL_CIPHER		12
-
-#define EVP_PKEY_ALG_CTRL		0x1000
-
-
-#define EVP_PKEY_FLAG_AUTOARGLEN	2
-/* Method handles all operations: don't assume any digest related
- * defaults.
- */
-#define EVP_PKEY_FLAG_SIGCTX_CUSTOM	4
-
-const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
-EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
-void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
-				const EVP_PKEY_METHOD *meth);
-void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
-void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
-int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
-
-EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
-EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
-EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
-void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
-				int cmd, int p1, void *p2);
-int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
-						const char *value);
-
-int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
-void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
-
-EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
-				const unsigned char *key, int keylen);
-
-void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
-void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
-EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
-
-EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
-
-void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
-void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
-			unsigned char *sig, size_t *siglen,
-			const unsigned char *tbs, size_t tbslen);
-int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
-			const unsigned char *sig, size_t siglen,
-			const unsigned char *tbs, size_t tbslen);
-int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
-			unsigned char *rout, size_t *routlen,
-			const unsigned char *sig, size_t siglen);
-int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
-			unsigned char *out, size_t *outlen,
-			const unsigned char *in, size_t inlen);
-int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
-			unsigned char *out, size_t *outlen,
-			const unsigned char *in, size_t inlen);
-
-int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
-int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
-
-typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
-int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
-
-void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
-EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
-
-void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
-	int (*init)(EVP_PKEY_CTX *ctx));
-
-void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
-	int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src));
-
-void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
-	void (*cleanup)(EVP_PKEY_CTX *ctx));
-
-void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
-	int (*paramgen_init)(EVP_PKEY_CTX *ctx),
-	int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey));
-
-void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
-	int (*keygen_init)(EVP_PKEY_CTX *ctx),
-	int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey));
-
-void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
-	int (*sign_init)(EVP_PKEY_CTX *ctx),
-	int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-					const unsigned char *tbs, size_t tbslen));
-
-void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
-	int (*verify_init)(EVP_PKEY_CTX *ctx),
-	int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
-					const unsigned char *tbs, size_t tbslen));
-
-void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
-	int (*verify_recover_init)(EVP_PKEY_CTX *ctx),
-	int (*verify_recover)(EVP_PKEY_CTX *ctx,
-					unsigned char *sig, size_t *siglen,
-					const unsigned char *tbs, size_t tbslen));
-
-void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
-	int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
-	int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-					EVP_MD_CTX *mctx));
-
-void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
-	int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
-	int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
-					EVP_MD_CTX *mctx));
-
-void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
-	int (*encrypt_init)(EVP_PKEY_CTX *ctx),
-	int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-					const unsigned char *in, size_t inlen));
-
-void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
-	int (*decrypt_init)(EVP_PKEY_CTX *ctx),
-	int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-					const unsigned char *in, size_t inlen));
-
-void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
-	int (*derive_init)(EVP_PKEY_CTX *ctx),
-	int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen));
-
-void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
-	int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
-	int (*ctrl_str)(EVP_PKEY_CTX *ctx,
-					const char *type, const char *value));
-
-void EVP_add_alg_module(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_EVP_strings(void);
-
-/* Error codes for the EVP functions. */
-
-/* Function codes. */
-#define EVP_F_AESNI_INIT_KEY				 165
-#define EVP_F_AESNI_XTS_CIPHER				 176
-#define EVP_F_AES_INIT_KEY				 133
-#define EVP_F_AES_XTS					 172
-#define EVP_F_AES_XTS_CIPHER				 175
-#define EVP_F_ALG_MODULE_INIT				 177
-#define EVP_F_CAMELLIA_INIT_KEY				 159
-#define EVP_F_CMAC_INIT					 173
-#define EVP_F_D2I_PKEY					 100
-#define EVP_F_DO_SIGVER_INIT				 161
-#define EVP_F_DSAPKEY2PKCS8				 134
-#define EVP_F_DSA_PKEY2PKCS8				 135
-#define EVP_F_ECDSA_PKEY2PKCS8				 129
-#define EVP_F_ECKEY_PKEY2PKCS8				 132
-#define EVP_F_EVP_CIPHERINIT_EX				 123
-#define EVP_F_EVP_CIPHER_CTX_COPY			 163
-#define EVP_F_EVP_CIPHER_CTX_CTRL			 124
-#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH		 122
-#define EVP_F_EVP_DECRYPTFINAL_EX			 101
-#define EVP_F_EVP_DIGESTINIT_EX				 128
-#define EVP_F_EVP_ENCRYPTFINAL_EX			 127
-#define EVP_F_EVP_MD_CTX_COPY_EX			 110
-#define EVP_F_EVP_MD_SIZE				 162
-#define EVP_F_EVP_OPENINIT				 102
-#define EVP_F_EVP_PBE_ALG_ADD				 115
-#define EVP_F_EVP_PBE_ALG_ADD_TYPE			 160
-#define EVP_F_EVP_PBE_CIPHERINIT			 116
-#define EVP_F_EVP_PKCS82PKEY				 111
-#define EVP_F_EVP_PKCS82PKEY_BROKEN			 136
-#define EVP_F_EVP_PKEY2PKCS8_BROKEN			 113
-#define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103
-#define EVP_F_EVP_PKEY_CTX_CTRL				 137
-#define EVP_F_EVP_PKEY_CTX_CTRL_STR			 150
-#define EVP_F_EVP_PKEY_CTX_DUP				 156
-#define EVP_F_EVP_PKEY_DECRYPT				 104
-#define EVP_F_EVP_PKEY_DECRYPT_INIT			 138
-#define EVP_F_EVP_PKEY_DECRYPT_OLD			 151
-#define EVP_F_EVP_PKEY_DERIVE				 153
-#define EVP_F_EVP_PKEY_DERIVE_INIT			 154
-#define EVP_F_EVP_PKEY_DERIVE_SET_PEER			 155
-#define EVP_F_EVP_PKEY_ENCRYPT				 105
-#define EVP_F_EVP_PKEY_ENCRYPT_INIT			 139
-#define EVP_F_EVP_PKEY_ENCRYPT_OLD			 152
-#define EVP_F_EVP_PKEY_GET1_DH				 119
-#define EVP_F_EVP_PKEY_GET1_DSA				 120
-#define EVP_F_EVP_PKEY_GET1_ECDSA			 130
-#define EVP_F_EVP_PKEY_GET1_EC_KEY			 131
-#define EVP_F_EVP_PKEY_GET1_RSA				 121
-#define EVP_F_EVP_PKEY_KEYGEN				 146
-#define EVP_F_EVP_PKEY_KEYGEN_INIT			 147
-#define EVP_F_EVP_PKEY_NEW				 106
-#define EVP_F_EVP_PKEY_PARAMGEN				 148
-#define EVP_F_EVP_PKEY_PARAMGEN_INIT			 149
-#define EVP_F_EVP_PKEY_SIGN				 140
-#define EVP_F_EVP_PKEY_SIGN_INIT			 141
-#define EVP_F_EVP_PKEY_VERIFY				 142
-#define EVP_F_EVP_PKEY_VERIFY_INIT			 143
-#define EVP_F_EVP_PKEY_VERIFY_RECOVER			 144
-#define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT		 145
-#define EVP_F_EVP_RIJNDAEL				 126
-#define EVP_F_EVP_SIGNFINAL				 107
-#define EVP_F_EVP_VERIFYFINAL				 108
-#define EVP_F_FIPS_CIPHERINIT				 166
-#define EVP_F_FIPS_CIPHER_CTX_COPY			 170
-#define EVP_F_FIPS_CIPHER_CTX_CTRL			 167
-#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH		 171
-#define EVP_F_FIPS_DIGESTINIT				 168
-#define EVP_F_FIPS_MD_CTX_COPY				 169
-#define EVP_F_HMAC_INIT_EX				 174
-#define EVP_F_INT_CTX_NEW				 157
-#define EVP_F_PKCS5_PBE_KEYIVGEN			 117
-#define EVP_F_PKCS5_V2_PBE_KEYIVGEN			 118
-#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN			 164
-#define EVP_F_PKCS8_SET_BROKEN				 112
-#define EVP_F_PKEY_SET_TYPE				 158
-#define EVP_F_RC2_MAGIC_TO_METH				 109
-#define EVP_F_RC5_CTRL					 125
-
-/* Reason codes. */
-#define EVP_R_AES_IV_SETUP_FAILED			 162
-#define EVP_R_AES_KEY_SETUP_FAILED			 143
-#define EVP_R_ASN1_LIB					 140
-#define EVP_R_BAD_BLOCK_LENGTH				 136
-#define EVP_R_BAD_DECRYPT				 100
-#define EVP_R_BAD_KEY_LENGTH				 137
-#define EVP_R_BN_DECODE_ERROR				 112
-#define EVP_R_BN_PUBKEY_ERROR				 113
-#define EVP_R_BUFFER_TOO_SMALL				 155
-#define EVP_R_CAMELLIA_KEY_SETUP_FAILED			 157
-#define EVP_R_CIPHER_PARAMETER_ERROR			 122
-#define EVP_R_COMMAND_NOT_SUPPORTED			 147
-#define EVP_R_CTRL_NOT_IMPLEMENTED			 132
-#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED		 133
-#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH		 138
-#define EVP_R_DECODE_ERROR				 114
-#define EVP_R_DIFFERENT_KEY_TYPES			 101
-#define EVP_R_DIFFERENT_PARAMETERS			 153
-#define EVP_R_DISABLED_FOR_FIPS				 163
-#define EVP_R_ENCODE_ERROR				 115
-#define EVP_R_ERROR_LOADING_SECTION			 165
-#define EVP_R_ERROR_SETTING_FIPS_MODE			 166
-#define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119
-#define EVP_R_EXPECTING_AN_RSA_KEY			 127
-#define EVP_R_EXPECTING_A_DH_KEY			 128
-#define EVP_R_EXPECTING_A_DSA_KEY			 129
-#define EVP_R_EXPECTING_A_ECDSA_KEY			 141
-#define EVP_R_EXPECTING_A_EC_KEY			 142
-#define EVP_R_FIPS_MODE_NOT_SUPPORTED			 167
-#define EVP_R_INITIALIZATION_ERROR			 134
-#define EVP_R_INPUT_NOT_INITIALIZED			 111
-#define EVP_R_INVALID_DIGEST				 152
-#define EVP_R_INVALID_FIPS_MODE				 168
-#define EVP_R_INVALID_KEY_LENGTH			 130
-#define EVP_R_INVALID_OPERATION				 148
-#define EVP_R_IV_TOO_LARGE				 102
-#define EVP_R_KEYGEN_FAILURE				 120
-#define EVP_R_MESSAGE_DIGEST_IS_NULL			 159
-#define EVP_R_METHOD_NOT_SUPPORTED			 144
-#define EVP_R_MISSING_PARAMETERS			 103
-#define EVP_R_NO_CIPHER_SET				 131
-#define EVP_R_NO_DEFAULT_DIGEST				 158
-#define EVP_R_NO_DIGEST_SET				 139
-#define EVP_R_NO_DSA_PARAMETERS				 116
-#define EVP_R_NO_KEY_SET				 154
-#define EVP_R_NO_OPERATION_SET				 149
-#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104
-#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105
-#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE	 150
-#define EVP_R_OPERATON_NOT_INITIALIZED			 151
-#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE			 117
-#define EVP_R_PRIVATE_KEY_DECODE_ERROR			 145
-#define EVP_R_PRIVATE_KEY_ENCODE_ERROR			 146
-#define EVP_R_PUBLIC_KEY_NOT_RSA			 106
-#define EVP_R_TOO_LARGE					 164
-#define EVP_R_UNKNOWN_CIPHER				 160
-#define EVP_R_UNKNOWN_DIGEST				 161
-#define EVP_R_UNKNOWN_OPTION				 169
-#define EVP_R_UNKNOWN_PBE_ALGORITHM			 121
-#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS		 135
-#define EVP_R_UNSUPPORTED_ALGORITHM			 156
-#define EVP_R_UNSUPPORTED_CIPHER			 107
-#define EVP_R_UNSUPPORTED_KEYLENGTH			 123
-#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION	 124
-#define EVP_R_UNSUPPORTED_KEY_SIZE			 108
-#define EVP_R_UNSUPPORTED_PRF				 125
-#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM		 118
-#define EVP_R_UNSUPPORTED_SALT_TYPE			 126
-#define EVP_R_WRONG_FINAL_BLOCK_LENGTH			 109
-#define EVP_R_WRONG_PUBLIC_KEY_TYPE			 110
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c
deleted file mode 100644
index 643a1864e8..0000000000
--- a/crypto/evp/evp_acnf.c
+++ /dev/null
@@ -1,73 +0,0 @@
-/* evp_acnf.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/conf.h>
-
-
-/* Load all algorithms and configure OpenSSL.
- * This function is called automatically when
- * OPENSSL_LOAD_CONF is set.
- */
-
-void OPENSSL_add_all_algorithms_conf(void)
-	{
-	OPENSSL_add_all_algorithms_noconf();
-	OPENSSL_config(NULL);
-	}
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
deleted file mode 100644
index 2e4db30235..0000000000
--- a/crypto/evp/evp_cnf.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/* evp_cnf.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-/* Algorithm configuration module. */
-
-static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
-	{
-	int i;
-	const char *oid_section;
-	STACK_OF(CONF_VALUE) *sktmp;
-	CONF_VALUE *oval;
-	oid_section = CONF_imodule_get_value(md);
-	if(!(sktmp = NCONF_get_section(cnf, oid_section)))
-		{
-		EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
-		return 0;
-		}
-	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
-		{
-		oval = sk_CONF_VALUE_value(sktmp, i);
-		if (!strcmp(oval->name, "fips_mode"))
-			{
-			int m;
-			if (!X509V3_get_value_bool(oval, &m))
-				{
-				EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
-				return 0;
-				}
-			if (m > 0)
-				{
-#ifdef OPENSSL_FIPS
-				if (!FIPS_mode() && !FIPS_mode_set(1))
-					{
-					EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_SETTING_FIPS_MODE);
-					return 0;
-					}
-#else
-				EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
-				return 0;
-#endif
-				}
-			}
-		else
-			{
-			EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
-			ERR_add_error_data(4, "name=", oval->name,
-						", value=", oval->value);
-			}
-				
-		}
-	return 1;
-	}
-
-void EVP_add_alg_module(void)
-	{
-	CONF_module_add("alg_section", alg_module_init, 0);
-	}
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
deleted file mode 100644
index 2e863ac542..0000000000
--- a/crypto/evp/evp_enc.c
+++ /dev/null
@@ -1,685 +0,0 @@
-/* crypto/evp/evp_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-#include "evp_locl.h"
-
-#ifdef OPENSSL_FIPS
-#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
-#else
-#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
-#endif
-
-
-const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
-
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
-	{
-	memset(ctx,0,sizeof(EVP_CIPHER_CTX));
-	/* ctx->cipher=NULL; */
-	}
-
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
-	{
-	EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
-	if (ctx)
-		EVP_CIPHER_CTX_init(ctx);
-	return ctx;
-	}
-
-int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     const unsigned char *key, const unsigned char *iv, int enc)
-	{
-	if (cipher)
-		EVP_CIPHER_CTX_init(ctx);
-	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
-	}
-
-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
-	     const unsigned char *key, const unsigned char *iv, int enc)
-	{
-	if (enc == -1)
-		enc = ctx->encrypt;
-	else
-		{
-		if (enc)
-			enc = 1;
-		ctx->encrypt = enc;
-		}
-#ifndef OPENSSL_NO_ENGINE
-	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-	 * so this context may already have an ENGINE! Try to avoid releasing
-	 * the previous handle, re-querying for an ENGINE, and having a
-	 * reinitialisation, when it may all be unecessary. */
-	if (ctx->engine && ctx->cipher && (!cipher ||
-			(cipher && (cipher->nid == ctx->cipher->nid))))
-		goto skip_to_init;
-#endif
-	if (cipher)
-		{
-		/* Ensure a context left lying around from last time is cleared
-		 * (the previous check attempted to avoid this if the same
-		 * ENGINE and EVP_CIPHER could be used). */
-		if (ctx->cipher)
-			{
-			unsigned long flags = ctx->flags;
-			EVP_CIPHER_CTX_cleanup(ctx);
-			/* Restore encrypt and flags */
-			ctx->encrypt = enc;
-			ctx->flags = flags;
-			}
-#ifndef OPENSSL_NO_ENGINE
-		if(impl)
-			{
-			if (!ENGINE_init(impl))
-				{
-				EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
-				return 0;
-				}
-			}
-		else
-			/* Ask if an ENGINE is reserved for this job */
-			impl = ENGINE_get_cipher_engine(cipher->nid);
-		if(impl)
-			{
-			/* There's an ENGINE for this job ... (apparently) */
-			const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
-			if(!c)
-				{
-				/* One positive side-effect of US's export
-				 * control history, is that we should at least
-				 * be able to avoid using US mispellings of
-				 * "initialisation"? */
-				EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
-				return 0;
-				}
-			/* We'll use the ENGINE's private cipher definition */
-			cipher = c;
-			/* Store the ENGINE functional reference so we know
-			 * 'cipher' came from an ENGINE and we need to release
-			 * it when done. */
-			ctx->engine = impl;
-			}
-		else
-			ctx->engine = NULL;
-#endif
-
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
-		ctx->cipher=cipher;
-		if (ctx->cipher->ctx_size)
-			{
-			ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
-			if (!ctx->cipher_data)
-				{
-				EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
-				return 0;
-				}
-			}
-		else
-			{
-			ctx->cipher_data = NULL;
-			}
-		ctx->key_len = cipher->key_len;
-		ctx->flags = 0;
-		if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
-			{
-			if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
-				{
-				EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
-				return 0;
-				}
-			}
-		}
-	else if(!ctx->cipher)
-		{
-		EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
-		return 0;
-		}
-#ifndef OPENSSL_NO_ENGINE
-skip_to_init:
-#endif
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		return FIPS_cipherinit(ctx, cipher, key, iv, enc);
-#endif
-	/* we assume block size is a power of 2 in *cryptUpdate */
-	OPENSSL_assert(ctx->cipher->block_size == 1
-	    || ctx->cipher->block_size == 8
-	    || ctx->cipher->block_size == 16);
-
-	if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
-		switch(EVP_CIPHER_CTX_mode(ctx)) {
-
-			case EVP_CIPH_STREAM_CIPHER:
-			case EVP_CIPH_ECB_MODE:
-			break;
-
-			case EVP_CIPH_CFB_MODE:
-			case EVP_CIPH_OFB_MODE:
-
-			ctx->num = 0;
-			/* fall-through */
-
-			case EVP_CIPH_CBC_MODE:
-
-			OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
-					(int)sizeof(ctx->iv));
-			if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
-			memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
-			break;
-
-			case EVP_CIPH_CTR_MODE:
-			ctx->num = 0;
-			/* Don't reuse IV for CTR mode */
-			if(iv)
-				memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
-			break;
-
-			default:
-			return 0;
-			break;
-		}
-	}
-
-	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
-		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
-	}
-	ctx->buf_len=0;
-	ctx->final_used=0;
-	ctx->block_mask=ctx->cipher->block_size-1;
-	return 1;
-	}
-
-int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-	     const unsigned char *in, int inl)
-	{
-	if (ctx->encrypt)
-		return EVP_EncryptUpdate(ctx,out,outl,in,inl);
-	else	return EVP_DecryptUpdate(ctx,out,outl,in,inl);
-	}
-
-int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	if (ctx->encrypt)
-		return EVP_EncryptFinal_ex(ctx,out,outl);
-	else	return EVP_DecryptFinal_ex(ctx,out,outl);
-	}
-
-int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	if (ctx->encrypt)
-		return EVP_EncryptFinal(ctx,out,outl);
-	else	return EVP_DecryptFinal(ctx,out,outl);
-	}
-
-int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     const unsigned char *key, const unsigned char *iv)
-	{
-	return EVP_CipherInit(ctx, cipher, key, iv, 1);
-	}
-
-int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-		const unsigned char *key, const unsigned char *iv)
-	{
-	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
-	}
-
-int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     const unsigned char *key, const unsigned char *iv)
-	{
-	return EVP_CipherInit(ctx, cipher, key, iv, 0);
-	}
-
-int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
-	     const unsigned char *key, const unsigned char *iv)
-	{
-	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
-	}
-
-int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-	     const unsigned char *in, int inl)
-	{
-	int i,j,bl;
-
-	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
-		{
-		i = M_do_cipher(ctx, out, in, inl);
-		if (i < 0)
-			return 0;
-		else
-			*outl = i;
-		return 1;
-		}
-
-	if (inl <= 0)
-		{
-		*outl = 0;
-		return inl == 0;
-		}
-
-	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
-		{
-		if(M_do_cipher(ctx,out,in,inl))
-			{
-			*outl=inl;
-			return 1;
-			}
-		else
-			{
-			*outl=0;
-			return 0;
-			}
-		}
-	i=ctx->buf_len;
-	bl=ctx->cipher->block_size;
-	OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
-	if (i != 0)
-		{
-		if (i+inl < bl)
-			{
-			memcpy(&(ctx->buf[i]),in,inl);
-			ctx->buf_len+=inl;
-			*outl=0;
-			return 1;
-			}
-		else
-			{
-			j=bl-i;
-			memcpy(&(ctx->buf[i]),in,j);
-			if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
-			inl-=j;
-			in+=j;
-			out+=bl;
-			*outl=bl;
-			}
-		}
-	else
-		*outl = 0;
-	i=inl&(bl-1);
-	inl-=i;
-	if (inl > 0)
-		{
-		if(!M_do_cipher(ctx,out,in,inl)) return 0;
-		*outl+=inl;
-		}
-
-	if (i != 0)
-		memcpy(ctx->buf,&(in[inl]),i);
-	ctx->buf_len=i;
-	return 1;
-	}
-
-int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int ret;
-	ret = EVP_EncryptFinal_ex(ctx, out, outl);
-	return ret;
-	}
-
-int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int n,ret;
-	unsigned int i, b, bl;
-
-	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
-		{
-		ret = M_do_cipher(ctx, out, NULL, 0);
-		if (ret < 0)
-			return 0;
-		else 
-			*outl = ret;
-		return 1;
-		}
-
-	b=ctx->cipher->block_size;
-	OPENSSL_assert(b <= sizeof ctx->buf);
-	if (b == 1)
-		{
-		*outl=0;
-		return 1;
-		}
-	bl=ctx->buf_len;
-	if (ctx->flags & EVP_CIPH_NO_PADDING)
-		{
-		if(bl)
-			{
-			EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
-			return 0;
-			}
-		*outl = 0;
-		return 1;
-		}
-
-	n=b-bl;
-	for (i=bl; i<b; i++)
-		ctx->buf[i]=n;
-	ret=M_do_cipher(ctx,out,ctx->buf,b);
-
-
-	if(ret)
-		*outl=b;
-
-	return ret;
-	}
-
-int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-	     const unsigned char *in, int inl)
-	{
-	int fix_len;
-	unsigned int b;
-
-	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
-		{
-		fix_len = M_do_cipher(ctx, out, in, inl);
-		if (fix_len < 0)
-			{
-			*outl = 0;
-			return 0;
-			}
-		else
-			*outl = fix_len;
-		return 1;
-		}
-
-	if (inl <= 0)
-		{
-		*outl = 0;
-		return inl == 0;
-		}
-
-	if (ctx->flags & EVP_CIPH_NO_PADDING)
-		return EVP_EncryptUpdate(ctx, out, outl, in, inl);
-
-	b=ctx->cipher->block_size;
-	OPENSSL_assert(b <= sizeof ctx->final);
-
-	if(ctx->final_used)
-		{
-		memcpy(out,ctx->final,b);
-		out+=b;
-		fix_len = 1;
-		}
-	else
-		fix_len = 0;
-
-
-	if(!EVP_EncryptUpdate(ctx,out,outl,in,inl))
-		return 0;
-
-	/* if we have 'decrypted' a multiple of block size, make sure
-	 * we have a copy of this last block */
-	if (b > 1 && !ctx->buf_len)
-		{
-		*outl-=b;
-		ctx->final_used=1;
-		memcpy(ctx->final,&out[*outl],b);
-		}
-	else
-		ctx->final_used = 0;
-
-	if (fix_len)
-		*outl += b;
-		
-	return 1;
-	}
-
-int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int ret;
-	ret = EVP_DecryptFinal_ex(ctx, out, outl);
-	return ret;
-	}
-
-int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int i,n;
-	unsigned int b;
-	*outl=0;
-
-	if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
-		{
-		i = M_do_cipher(ctx, out, NULL, 0);
-		if (i < 0)
-			return 0;
-		else
-			*outl = i;
-		return 1;
-		}
-
-	b=ctx->cipher->block_size;
-	if (ctx->flags & EVP_CIPH_NO_PADDING)
-		{
-		if(ctx->buf_len)
-			{
-			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
-			return 0;
-			}
-		*outl = 0;
-		return 1;
-		}
-	if (b > 1)
-		{
-		if (ctx->buf_len || !ctx->final_used)
-			{
-			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
-			return(0);
-			}
-		OPENSSL_assert(b <= sizeof ctx->final);
-
-		/*
-		 * The following assumes that the ciphertext has been authenticated.
-		 * Otherwise it provides a padding oracle.
-		 */
-		n=ctx->final[b-1];
-		if (n == 0 || n > (int)b)
-			{
-			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
-			return(0);
-			}
-		for (i=0; i<n; i++)
-			{
-			if (ctx->final[--b] != n)
-				{
-				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
-				return(0);
-				}
-			}
-		n=ctx->cipher->block_size-n;
-		for (i=0; i<n; i++)
-			out[i]=ctx->final[i];
-		*outl=n;
-		}
-	else
-		*outl=0;
-	return(1);
-	}
-
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
-	{
-	if (ctx)
-		{
-		EVP_CIPHER_CTX_cleanup(ctx);
-		OPENSSL_free(ctx);
-		}
-	}
-
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
-	{
-#ifndef OPENSSL_FIPS
-	if (c->cipher != NULL)
-		{
-		if(c->cipher->cleanup && !c->cipher->cleanup(c))
-			return 0;
-		/* Cleanse cipher context data */
-		if (c->cipher_data)
-			OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
-		}
-	if (c->cipher_data)
-		OPENSSL_free(c->cipher_data);
-#endif
-#ifndef OPENSSL_NO_ENGINE
-	if (c->engine)
-		/* The EVP_CIPHER we used belongs to an ENGINE, release the
-		 * functional reference we held for this reason. */
-		ENGINE_finish(c->engine);
-#endif
-#ifdef OPENSSL_FIPS
-	FIPS_cipher_ctx_cleanup(c);
-#endif
-	memset(c,0,sizeof(EVP_CIPHER_CTX));
-	return 1;
-	}
-
-int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
-	{
-	if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 
-		return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
-	if(c->key_len == keylen) return 1;
-	if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH))
-		{
-		c->key_len = keylen;
-		return 1;
-		}
-	EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
-	return 0;
-	}
-
-int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
-	{
-	if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING;
-	else ctx->flags |= EVP_CIPH_NO_PADDING;
-	return 1;
-	}
-
-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-{
-	int ret;
-	if(!ctx->cipher) {
-		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
-		return 0;
-	}
-
-	if(!ctx->cipher->ctrl) {
-		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
-		return 0;
-	}
-
-	ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
-	if(ret == -1) {
-		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
-		return 0;
-	}
-	return ret;
-}
-
-int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
-	{
-	if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
-		return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
-	if (RAND_bytes(key, ctx->key_len) <= 0)
-		return 0;
-	return 1;
-	}
-
-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
-	{
-	if ((in == NULL) || (in->cipher == NULL))
-		{
-		EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
-		return 0;
-		}
-#ifndef OPENSSL_NO_ENGINE
-	/* Make sure it's safe to copy a cipher context using an ENGINE */
-	if (in->engine && !ENGINE_init(in->engine))
-		{
-		EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_ENGINE_LIB);
-		return 0;
-		}
-#endif
-
-	EVP_CIPHER_CTX_cleanup(out);
-	memcpy(out,in,sizeof *out);
-
-	if (in->cipher_data && in->cipher->ctx_size)
-		{
-		out->cipher_data=OPENSSL_malloc(in->cipher->ctx_size);
-		if (!out->cipher_data)
-			{
-			EVPerr(EVP_F_EVP_CIPHER_CTX_COPY,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		memcpy(out->cipher_data,in->cipher_data,in->cipher->ctx_size);
-		}
-
-	if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
-		return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out);
-	return 1;
-	}
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
deleted file mode 100644
index 08eab9882f..0000000000
--- a/crypto/evp/evp_err.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/* crypto/evp/evp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
-
-static ERR_STRING_DATA EVP_str_functs[]=
-	{
-{ERR_FUNC(EVP_F_AESNI_INIT_KEY),	"AESNI_INIT_KEY"},
-{ERR_FUNC(EVP_F_AESNI_XTS_CIPHER),	"AESNI_XTS_CIPHER"},
-{ERR_FUNC(EVP_F_AES_INIT_KEY),	"AES_INIT_KEY"},
-{ERR_FUNC(EVP_F_AES_XTS),	"AES_XTS"},
-{ERR_FUNC(EVP_F_AES_XTS_CIPHER),	"AES_XTS_CIPHER"},
-{ERR_FUNC(EVP_F_ALG_MODULE_INIT),	"ALG_MODULE_INIT"},
-{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),	"CAMELLIA_INIT_KEY"},
-{ERR_FUNC(EVP_F_CMAC_INIT),	"CMAC_INIT"},
-{ERR_FUNC(EVP_F_D2I_PKEY),	"D2I_PKEY"},
-{ERR_FUNC(EVP_F_DO_SIGVER_INIT),	"DO_SIGVER_INIT"},
-{ERR_FUNC(EVP_F_DSAPKEY2PKCS8),	"DSAPKEY2PKCS8"},
-{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8),	"DSA_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8),	"ECDSA_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8),	"ECKEY_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX),	"EVP_CipherInit_ex"},
-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY),	"EVP_CIPHER_CTX_copy"},
-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL),	"EVP_CIPHER_CTX_ctrl"},
-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),	"EVP_CIPHER_CTX_set_key_length"},
-{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX),	"EVP_DecryptFinal_ex"},
-{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),	"EVP_DigestInit_ex"},
-{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),	"EVP_EncryptFinal_ex"},
-{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),	"EVP_MD_CTX_copy_ex"},
-{ERR_FUNC(EVP_F_EVP_MD_SIZE),	"EVP_MD_size"},
-{ERR_FUNC(EVP_F_EVP_OPENINIT),	"EVP_OpenInit"},
-{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),	"EVP_PBE_alg_add"},
-{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE),	"EVP_PBE_alg_add_type"},
-{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT),	"EVP_PBE_CipherInit"},
-{ERR_FUNC(EVP_F_EVP_PKCS82PKEY),	"EVP_PKCS82PKEY"},
-{ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN),	"EVP_PKCS82PKEY_BROKEN"},
-{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN),	"EVP_PKEY2PKCS8_broken"},
-{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS),	"EVP_PKEY_copy_parameters"},
-{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL),	"EVP_PKEY_CTX_ctrl"},
-{ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR),	"EVP_PKEY_CTX_ctrl_str"},
-{ERR_FUNC(EVP_F_EVP_PKEY_CTX_DUP),	"EVP_PKEY_CTX_dup"},
-{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT),	"EVP_PKEY_decrypt"},
-{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_INIT),	"EVP_PKEY_decrypt_init"},
-{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT_OLD),	"EVP_PKEY_decrypt_old"},
-{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE),	"EVP_PKEY_derive"},
-{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_INIT),	"EVP_PKEY_derive_init"},
-{ERR_FUNC(EVP_F_EVP_PKEY_DERIVE_SET_PEER),	"EVP_PKEY_derive_set_peer"},
-{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT),	"EVP_PKEY_encrypt"},
-{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT),	"EVP_PKEY_encrypt_init"},
-{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD),	"EVP_PKEY_encrypt_old"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH),	"EVP_PKEY_get1_DH"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA),	"EVP_PKEY_get1_DSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA),	"EVP_PKEY_GET1_ECDSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY),	"EVP_PKEY_get1_EC_KEY"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA),	"EVP_PKEY_get1_RSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN),	"EVP_PKEY_keygen"},
-{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT),	"EVP_PKEY_keygen_init"},
-{ERR_FUNC(EVP_F_EVP_PKEY_NEW),	"EVP_PKEY_new"},
-{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN),	"EVP_PKEY_paramgen"},
-{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT),	"EVP_PKEY_paramgen_init"},
-{ERR_FUNC(EVP_F_EVP_PKEY_SIGN),	"EVP_PKEY_sign"},
-{ERR_FUNC(EVP_F_EVP_PKEY_SIGN_INIT),	"EVP_PKEY_sign_init"},
-{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY),	"EVP_PKEY_verify"},
-{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_INIT),	"EVP_PKEY_verify_init"},
-{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER),	"EVP_PKEY_verify_recover"},
-{ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT),	"EVP_PKEY_verify_recover_init"},
-{ERR_FUNC(EVP_F_EVP_RIJNDAEL),	"EVP_RIJNDAEL"},
-{ERR_FUNC(EVP_F_EVP_SIGNFINAL),	"EVP_SignFinal"},
-{ERR_FUNC(EVP_F_EVP_VERIFYFINAL),	"EVP_VerifyFinal"},
-{ERR_FUNC(EVP_F_FIPS_CIPHERINIT),	"FIPS_CIPHERINIT"},
-{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY),	"FIPS_CIPHER_CTX_COPY"},
-{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL),	"FIPS_CIPHER_CTX_CTRL"},
-{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH),	"FIPS_CIPHER_CTX_SET_KEY_LENGTH"},
-{ERR_FUNC(EVP_F_FIPS_DIGESTINIT),	"FIPS_DIGESTINIT"},
-{ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY),	"FIPS_MD_CTX_COPY"},
-{ERR_FUNC(EVP_F_HMAC_INIT_EX),	"HMAC_Init_ex"},
-{ERR_FUNC(EVP_F_INT_CTX_NEW),	"INT_CTX_NEW"},
-{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN),	"PKCS5_PBE_keyivgen"},
-{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN),	"PKCS5_v2_PBE_keyivgen"},
-{ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN),	"PKCS5_V2_PBKDF2_KEYIVGEN"},
-{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN),	"PKCS8_set_broken"},
-{ERR_FUNC(EVP_F_PKEY_SET_TYPE),	"PKEY_SET_TYPE"},
-{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH),	"RC2_MAGIC_TO_METH"},
-{ERR_FUNC(EVP_F_RC5_CTRL),	"RC5_CTRL"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA EVP_str_reasons[]=
-	{
-{ERR_REASON(EVP_R_AES_IV_SETUP_FAILED)   ,"aes iv setup failed"},
-{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED)  ,"aes key setup failed"},
-{ERR_REASON(EVP_R_ASN1_LIB)              ,"asn1 lib"},
-{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH)      ,"bad block length"},
-{ERR_REASON(EVP_R_BAD_DECRYPT)           ,"bad decrypt"},
-{ERR_REASON(EVP_R_BAD_KEY_LENGTH)        ,"bad key length"},
-{ERR_REASON(EVP_R_BN_DECODE_ERROR)       ,"bn decode error"},
-{ERR_REASON(EVP_R_BN_PUBKEY_ERROR)       ,"bn pubkey error"},
-{ERR_REASON(EVP_R_BUFFER_TOO_SMALL)      ,"buffer too small"},
-{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"},
-{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
-{ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED) ,"command not supported"},
-{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED)  ,"ctrl not implemented"},
-{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
-{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
-{ERR_REASON(EVP_R_DECODE_ERROR)          ,"decode error"},
-{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES)   ,"different key types"},
-{ERR_REASON(EVP_R_DIFFERENT_PARAMETERS)  ,"different parameters"},
-{ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
-{ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
-{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
-{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
-{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
-{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
-{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
-{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
-{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
-{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},
-{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
-{ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
-{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
-{ERR_REASON(EVP_R_INVALID_DIGEST)        ,"invalid digest"},
-{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
-{ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
-{ERR_REASON(EVP_R_INVALID_OPERATION)     ,"invalid operation"},
-{ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
-{ERR_REASON(EVP_R_KEYGEN_FAILURE)        ,"keygen failure"},
-{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL),"message digest is null"},
-{ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED)  ,"method not supported"},
-{ERR_REASON(EVP_R_MISSING_PARAMETERS)    ,"missing parameters"},
-{ERR_REASON(EVP_R_NO_CIPHER_SET)         ,"no cipher set"},
-{ERR_REASON(EVP_R_NO_DEFAULT_DIGEST)     ,"no default digest"},
-{ERR_REASON(EVP_R_NO_DIGEST_SET)         ,"no digest set"},
-{ERR_REASON(EVP_R_NO_DSA_PARAMETERS)     ,"no dsa parameters"},
-{ERR_REASON(EVP_R_NO_KEY_SET)            ,"no key set"},
-{ERR_REASON(EVP_R_NO_OPERATION_SET)      ,"no operation set"},
-{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
-{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
-{ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
-{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED),"operaton not initialized"},
-{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
-{ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
-{ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
-{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
-{ERR_REASON(EVP_R_TOO_LARGE)             ,"too large"},
-{ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
-{ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
-{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
-{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
-{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
-{ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},
-{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
-{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},
-{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},
-{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE)  ,"unsupported key size"},
-{ERR_REASON(EVP_R_UNSUPPORTED_PRF)       ,"unsupported prf"},
-{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"},
-{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"},
-{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"},
-{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_EVP_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(EVP_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,EVP_str_functs);
-		ERR_load_strings(0,EVP_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
deleted file mode 100644
index 7961fbebf2..0000000000
--- a/crypto/evp/evp_key.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/* crypto/evp/evp_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/ui.h>
-
-/* should be init to zeros. */
-static char prompt_string[80];
-
-void EVP_set_pw_prompt(const char *prompt)
-	{
-	if (prompt == NULL)
-		prompt_string[0]='\0';
-	else
-		{
-		strncpy(prompt_string,prompt,79);
-		prompt_string[79]='\0';
-		}
-	}
-
-char *EVP_get_pw_prompt(void)
-	{
-	if (prompt_string[0] == '\0')
-		return(NULL);
-	else
-		return(prompt_string);
-	}
-
-/* For historical reasons, the standard function for reading passwords is
- * in the DES library -- if someone ever wants to disable DES,
- * this function will fail */
-int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
-	{
-	return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
-	}
-
-int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify)
-	{
-	int ret;
-	char buff[BUFSIZ];
-	UI *ui;
-
-	if ((prompt == NULL) && (prompt_string[0] != '\0'))
-		prompt=prompt_string;
-	ui = UI_new();
-	UI_add_input_string(ui,prompt,0,buf,min,(len>=BUFSIZ)?BUFSIZ-1:len);
-	if (verify)
-		UI_add_verify_string(ui,prompt,0,
-			buff,min,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
-	ret = UI_process(ui);
-	UI_free(ui);
-	OPENSSL_cleanse(buff,BUFSIZ);
-	return ret;
-	}
-
-int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, 
-	     const unsigned char *salt, const unsigned char *data, int datal,
-	     int count, unsigned char *key, unsigned char *iv)
-	{
-	EVP_MD_CTX c;
-	unsigned char md_buf[EVP_MAX_MD_SIZE];
-	int niv,nkey,addmd=0;
-	unsigned int mds=0,i;
-	int rv = 0;
-	nkey=type->key_len;
-	niv=type->iv_len;
-	OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
-	OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
-
-	if (data == NULL) return(nkey);
-
-	EVP_MD_CTX_init(&c);
-	for (;;)
-		{
-		if (!EVP_DigestInit_ex(&c,md, NULL))
-			return 0;
-		if (addmd++)
-			if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
-				goto err;
-		if (!EVP_DigestUpdate(&c,data,datal))
-			goto err;
-		if (salt != NULL)
-			if (!EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN))
-				goto err;
-		if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
-			goto err;
-
-		for (i=1; i<(unsigned int)count; i++)
-			{
-			if (!EVP_DigestInit_ex(&c,md, NULL))
-				goto err;
-			if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
-				goto err;
-			if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
-				goto err;
-			}
-		i=0;
-		if (nkey)
-			{
-			for (;;)
-				{
-				if (nkey == 0) break;
-				if (i == mds) break;
-				if (key != NULL)
-					*(key++)=md_buf[i];
-				nkey--;
-				i++;
-				}
-			}
-		if (niv && (i != mds))
-			{
-			for (;;)
-				{
-				if (niv == 0) break;
-				if (i == mds) break;
-				if (iv != NULL)
-					*(iv++)=md_buf[i];
-				niv--;
-				i++;
-				}
-			}
-		if ((nkey == 0) && (niv == 0)) break;
-		}
-	rv = type->key_len;
-	err:
-	EVP_MD_CTX_cleanup(&c);
-	OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
-	return rv;
-	}
-
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
deleted file mode 100644
index b180e4828a..0000000000
--- a/crypto/evp/evp_lib.c
+++ /dev/null
@@ -1,316 +0,0 @@
-/* crypto/evp/evp_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-	{
-	int ret;
-
-	if (c->cipher->set_asn1_parameters != NULL)
-		ret=c->cipher->set_asn1_parameters(c,type);
-	else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
-		ret=EVP_CIPHER_set_asn1_iv(c, type);
-	else
-		ret=-1;
-	return(ret);
-	}
-
-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-	{
-	int ret;
-
-	if (c->cipher->get_asn1_parameters != NULL)
-		ret=c->cipher->get_asn1_parameters(c,type);
-	else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
-		ret=EVP_CIPHER_get_asn1_iv(c, type);
-	else
-		ret=-1;
-	return(ret);
-	}
-
-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-	{
-	int i=0;
-	unsigned int l;
-
-	if (type != NULL) 
-		{
-		l=EVP_CIPHER_CTX_iv_length(c);
-		OPENSSL_assert(l <= sizeof(c->iv));
-		i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
-		if (i != (int)l)
-			return(-1);
-		else if (i > 0)
-			memcpy(c->iv,c->oiv,l);
-		}
-	return(i);
-	}
-
-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-	{
-	int i=0;
-	unsigned int j;
-
-	if (type != NULL)
-		{
-		j=EVP_CIPHER_CTX_iv_length(c);
-		OPENSSL_assert(j <= sizeof(c->iv));
-		i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
-		}
-	return(i);
-	}
-
-/* Convert the various cipher NIDs and dummies to a proper OID NID */
-int EVP_CIPHER_type(const EVP_CIPHER *ctx)
-{
-	int nid;
-	ASN1_OBJECT *otmp;
-	nid = EVP_CIPHER_nid(ctx);
-
-	switch(nid) {
-
-		case NID_rc2_cbc:
-		case NID_rc2_64_cbc:
-		case NID_rc2_40_cbc:
-
-		return NID_rc2_cbc;
-
-		case NID_rc4:
-		case NID_rc4_40:
-
-		return NID_rc4;
-
-		case NID_aes_128_cfb128:
-		case NID_aes_128_cfb8:
-		case NID_aes_128_cfb1:
-
-		return NID_aes_128_cfb128;
-
-		case NID_aes_192_cfb128:
-		case NID_aes_192_cfb8:
-		case NID_aes_192_cfb1:
-
-		return NID_aes_192_cfb128;
-
-		case NID_aes_256_cfb128:
-		case NID_aes_256_cfb8:
-		case NID_aes_256_cfb1:
-
-		return NID_aes_256_cfb128;
-
-		case NID_des_cfb64:
-		case NID_des_cfb8:
-		case NID_des_cfb1:
-
-		return NID_des_cfb64;
-
-		case NID_des_ede3_cfb64:
-		case NID_des_ede3_cfb8:
-		case NID_des_ede3_cfb1:
-
-		return NID_des_cfb64;
-
-		default:
-		/* Check it has an OID and it is valid */
-		otmp = OBJ_nid2obj(nid);
-		if(!otmp || !otmp->data) nid = NID_undef;
-		ASN1_OBJECT_free(otmp);
-		return nid;
-	}
-}
-
-int EVP_CIPHER_block_size(const EVP_CIPHER *e)
-	{
-	return e->block_size;
-	}
-
-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->cipher->block_size;
-	}
-
-int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
-	{
-	return ctx->cipher->do_cipher(ctx,out,in,inl);
-	}
-
-const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->cipher;
-	}
-
-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
-	{
-	return cipher->flags;
-	}
-
-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->cipher->flags;
-	}
-
-void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->app_data;
-	}
-
-void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
-	{
-	ctx->app_data = data;
-	}
-
-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
-	{
-	return cipher->iv_len;
-	}
-
-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->cipher->iv_len;
-	}
-
-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
-	{
-	return cipher->key_len;
-	}
-
-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->key_len;
-	}
-
-int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
-	{
-	return cipher->nid;
-	}
-
-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->cipher->nid;
-	}
-
-int EVP_MD_block_size(const EVP_MD *md) 
-	{
-	return md->block_size;
-	}
-
-int EVP_MD_type(const EVP_MD *md)
-	{
-	return md->type;
-	}
-
-int EVP_MD_pkey_type(const EVP_MD *md)
-	{
-	return md->pkey_type;
-	}
-
-int EVP_MD_size(const EVP_MD *md)
-	{
-	if (!md)
-		{
-		EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
-		return -1;
-		}
-	return md->md_size;
-	}
-
-unsigned long EVP_MD_flags(const EVP_MD *md)
-	{
-	return md->flags;
-	}
-
-const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
-	{
-	if (!ctx)
-		return NULL;
-	return ctx->digest;
-	}
-
-void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
-	{
-	ctx->flags |= flags;
-	}
-
-void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
-	{
-	ctx->flags &= ~flags;
-	}
-
-int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
-	{
-	return (ctx->flags & flags);
-	}
-
-void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
-	{
-	ctx->flags |= flags;
-	}
-
-void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
-	{
-	ctx->flags &= ~flags;
-	}
-
-int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
-	{
-	return (ctx->flags & flags);
-	}
diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h
deleted file mode 100644
index 08c0a66d39..0000000000
--- a/crypto/evp/evp_locl.h
+++ /dev/null
@@ -1,385 +0,0 @@
-/* evp_locl.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Macros to code block cipher wrappers */
-
-/* Wrapper functions for each cipher mode */
-
-#define BLOCK_CIPHER_ecb_loop() \
-	size_t i, bl; \
-	bl = ctx->cipher->block_size;\
-	if(inl < bl) return 1;\
-	inl -= bl; \
-	for(i=0; i <= inl; i+=bl) 
-
-#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
-static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
-{\
-	BLOCK_CIPHER_ecb_loop() \
-		cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\
-	return 1;\
-}
-
-#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
-
-#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
-{\
-	while(inl>=EVP_MAXCHUNK)\
-	    {\
-	    cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
-	    inl-=EVP_MAXCHUNK;\
-	    in +=EVP_MAXCHUNK;\
-	    out+=EVP_MAXCHUNK;\
-	    }\
-	if (inl)\
-	    cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
-	return 1;\
-}
-
-#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
-static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
-{\
-	while(inl>=EVP_MAXCHUNK) \
-	    {\
-	    cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
-	    inl-=EVP_MAXCHUNK;\
-	    in +=EVP_MAXCHUNK;\
-	    out+=EVP_MAXCHUNK;\
-	    }\
-	if (inl)\
-	    cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
-	return 1;\
-}
-
-#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
-{\
-	size_t chunk=EVP_MAXCHUNK;\
-	if (cbits==1)  chunk>>=3;\
-	if (inl<chunk) chunk=inl;\
-	while(inl && inl>=chunk)\
-	    {\
-            cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
-	    inl-=chunk;\
-	    in +=chunk;\
-	    out+=chunk;\
-	    if(inl<chunk) chunk=inl;\
-	    }\
-	return 1;\
-}
-
-#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
-	BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
-	BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
-	BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
-	BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
-
-#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
-			  key_len, iv_len, flags, init_key, cleanup, \
-			  set_asn1, get_asn1, ctrl) \
-static const EVP_CIPHER cname##_##mode = { \
-	nid##_##nmode, block_size, key_len, iv_len, \
-	flags | EVP_CIPH_##MODE##_MODE, \
-	init_key, \
-	cname##_##mode##_cipher, \
-	cleanup, \
-	sizeof(kstruct), \
-	set_asn1, get_asn1,\
-	ctrl, \
-	NULL \
-}; \
-const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
-
-#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
-			     iv_len, flags, init_key, cleanup, set_asn1, \
-			     get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
-		  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
-
-#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
-			     iv_len, cbits, flags, init_key, cleanup, \
-			     set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
-		  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
-		  get_asn1, ctrl)
-
-#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
-			     iv_len, cbits, flags, init_key, cleanup, \
-			     set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
-		  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
-		  get_asn1, ctrl)
-
-#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
-			     flags, init_key, cleanup, set_asn1, \
-			     get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
-		  0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
-
-#define BLOCK_CIPHER_defs(cname, kstruct, \
-			  nid, block_size, key_len, iv_len, cbits, flags, \
-			  init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
-		     init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
-		     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
-		     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
-		     init_key, cleanup, set_asn1, get_asn1, ctrl)
-
-
-/*
-#define BLOCK_CIPHER_defs(cname, kstruct, \
-				nid, block_size, key_len, iv_len, flags,\
-				 init_key, cleanup, set_asn1, get_asn1, ctrl)\
-static const EVP_CIPHER cname##_cbc = {\
-	nid##_cbc, block_size, key_len, iv_len, \
-	flags | EVP_CIPH_CBC_MODE,\
-	init_key,\
-	cname##_cbc_cipher,\
-	cleanup,\
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
-	set_asn1, get_asn1,\
-	ctrl, \
-	NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
-static const EVP_CIPHER cname##_cfb = {\
-	nid##_cfb64, 1, key_len, iv_len, \
-	flags | EVP_CIPH_CFB_MODE,\
-	init_key,\
-	cname##_cfb_cipher,\
-	cleanup,\
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
-	set_asn1, get_asn1,\
-	ctrl,\
-	NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
-static const EVP_CIPHER cname##_ofb = {\
-	nid##_ofb64, 1, key_len, iv_len, \
-	flags | EVP_CIPH_OFB_MODE,\
-	init_key,\
-	cname##_ofb_cipher,\
-	cleanup,\
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
-	set_asn1, get_asn1,\
-	ctrl,\
-	NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
-static const EVP_CIPHER cname##_ecb = {\
-	nid##_ecb, block_size, key_len, iv_len, \
-	flags | EVP_CIPH_ECB_MODE,\
-	init_key,\
-	cname##_ecb_cipher,\
-	cleanup,\
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
-	set_asn1, get_asn1,\
-	ctrl,\
-	NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
-*/
-
-#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
-			       block_size, key_len, iv_len, cbits, \
-			       flags, init_key, \
-			       cleanup, set_asn1, get_asn1, ctrl) \
-	BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
-	BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
-			  cbits, flags, init_key, cleanup, set_asn1, \
-			  get_asn1, ctrl)
-
-#define EVP_C_DATA(kstruct, ctx)	((kstruct *)(ctx)->cipher_data)
-
-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
-	BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
-	BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
-			     NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
-			     0, cipher##_init_key, NULL, \
-			     EVP_CIPHER_set_asn1_iv, \
-			     EVP_CIPHER_get_asn1_iv, \
-			     NULL)
-
-struct evp_pkey_ctx_st
-	{
-	/* Method associated with this operation */
-	const EVP_PKEY_METHOD *pmeth;
-	/* Engine that implements this method or NULL if builtin */
-	ENGINE *engine;
-	/* Key: may be NULL */
-	EVP_PKEY *pkey;
-	/* Peer key for key agreement, may be NULL */
-	EVP_PKEY *peerkey;
-	/* Actual operation */
-	int operation;
-	/* Algorithm specific data */
-	void *data;
-	/* Application specific data */
-	void *app_data;
-	/* Keygen callback */
-	EVP_PKEY_gen_cb *pkey_gencb;
-	/* implementation specific keygen data */
-	int *keygen_info;
-	int keygen_info_count;
-	} /* EVP_PKEY_CTX */;
-
-#define EVP_PKEY_FLAG_DYNAMIC	1
-
-struct evp_pkey_method_st
-	{
-	int pkey_id;
-	int flags;
-
-	int (*init)(EVP_PKEY_CTX *ctx);
-	int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
-	void (*cleanup)(EVP_PKEY_CTX *ctx);
-
-	int (*paramgen_init)(EVP_PKEY_CTX *ctx);
-	int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
-
-	int (*keygen_init)(EVP_PKEY_CTX *ctx);
-	int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
-
-	int (*sign_init)(EVP_PKEY_CTX *ctx);
-	int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-				const unsigned char *tbs, size_t tbslen);
-
-	int (*verify_init)(EVP_PKEY_CTX *ctx);
-	int (*verify)(EVP_PKEY_CTX *ctx,
-				const unsigned char *sig, size_t siglen,
-				const unsigned char *tbs, size_t tbslen);
-
-	int (*verify_recover_init)(EVP_PKEY_CTX *ctx);
-	int (*verify_recover)(EVP_PKEY_CTX *ctx,
-				unsigned char *rout, size_t *routlen,
-				const unsigned char *sig, size_t siglen);
-
-	int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
-	int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-					EVP_MD_CTX *mctx);
-
-	int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
-	int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
-					EVP_MD_CTX *mctx);
-
-	int (*encrypt_init)(EVP_PKEY_CTX *ctx);
-	int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-					const unsigned char *in, size_t inlen);
-
-	int (*decrypt_init)(EVP_PKEY_CTX *ctx);
-	int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-					const unsigned char *in, size_t inlen);
-
-	int (*derive_init)(EVP_PKEY_CTX *ctx);
-	int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
-
-	int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
-	int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value);
-
-
-	} /* EVP_PKEY_METHOD */;
-
-void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
-
-int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			     ASN1_TYPE *param,
-			     const EVP_CIPHER *c, const EVP_MD *md, int en_de);
-
-#ifdef OPENSSL_FIPS
-
-#ifdef OPENSSL_DOING_MAKEDEPEND
-#undef SHA1_Init
-#undef SHA1_Update
-#undef SHA224_Init
-#undef SHA256_Init
-#undef SHA384_Init
-#undef SHA512_Init
-#undef DES_set_key_unchecked
-#endif
-
-#define RIPEMD160_Init	private_RIPEMD160_Init
-#define WHIRLPOOL_Init	private_WHIRLPOOL_Init
-#define MD5_Init	private_MD5_Init
-#define MD4_Init	private_MD4_Init
-#define MD2_Init	private_MD2_Init
-#define MDC2_Init	private_MDC2_Init
-#define SHA_Init	private_SHA_Init
-#define SHA1_Init	private_SHA1_Init
-#define SHA224_Init	private_SHA224_Init
-#define SHA256_Init	private_SHA256_Init
-#define SHA384_Init	private_SHA384_Init
-#define SHA512_Init	private_SHA512_Init
-
-#define BF_set_key	private_BF_set_key
-#define CAST_set_key	private_CAST_set_key
-#define idea_set_encrypt_key	private_idea_set_encrypt_key
-#define SEED_set_key	private_SEED_set_key
-#define RC2_set_key	private_RC2_set_key
-#define RC4_set_key	private_RC4_set_key
-#define DES_set_key_unchecked	private_DES_set_key_unchecked
-#define Camellia_set_key	private_Camellia_set_key
-
-#endif
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
deleted file mode 100644
index 5969695948..0000000000
--- a/crypto/evp/evp_pbe.c
+++ /dev/null
@@ -1,316 +0,0 @@
-/* evp_pbe.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/pkcs12.h>
-#include <openssl/x509.h>
-#include "evp_locl.h"
-
-/* Password based encryption (PBE) functions */
-
-DECLARE_STACK_OF(EVP_PBE_CTL)
-static STACK_OF(EVP_PBE_CTL) *pbe_algs;
-
-/* Setup a cipher context from a PBE algorithm */
-
-typedef struct
-	{
-	int pbe_type;
-	int pbe_nid;
-	int cipher_nid;
-	int md_nid;
-	EVP_PBE_KEYGEN *keygen;
-	} EVP_PBE_CTL;
-
-static const EVP_PBE_CTL builtin_pbe[] = 
-	{
-	{EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
-			NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen},
-	{EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC,
-			NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen},
-	{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
-			NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
-
-#ifndef OPENSSL_NO_HMAC
-	{EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
-#endif
-
-	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
-			NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
-	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,
-			NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen},
-	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
-		 	NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen},
-	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
-			NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen},
-	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC,
-			NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen},
-	{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,
-			NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},
-
-#ifndef OPENSSL_NO_HMAC
-	{EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},
-#endif
-	{EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
-			NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},
-	{EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
-			NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen},
-	{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC,
-			NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},
-
-
-	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
-	{EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
-	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
-	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
-	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
-	{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
-	{EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
-	};
-
-#ifdef TEST
-int main(int argc, char **argv)
-	{
-	int i, nid_md, nid_cipher;
-	EVP_PBE_CTL *tpbe, *tpbe2;
-	/*OpenSSL_add_all_algorithms();*/
-
-	for (i = 0; i < sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL); i++)
-		{
-		tpbe = builtin_pbe + i;
-		fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid,
-						OBJ_nid2sn(tpbe->pbe_nid));
-		if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid,
-					&nid_cipher ,&nid_md,0))
-			fprintf(stderr, "Found %s %s\n",
-					OBJ_nid2sn(nid_cipher),
-					OBJ_nid2sn(nid_md));
-		else
-			fprintf(stderr, "Find ERROR!!\n");
-		}
-
-	return 0;
-	}
-#endif
-		
-
-
-int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
-		       ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
-	{
-	const EVP_CIPHER *cipher;
-	const EVP_MD *md;
-	int cipher_nid, md_nid;
-	EVP_PBE_KEYGEN *keygen;
-
-	if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
-					&cipher_nid, &md_nid, &keygen))
-		{
-		char obj_tmp[80];
-		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
-		if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
-		else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
-		ERR_add_error_data(2, "TYPE=", obj_tmp);
-		return 0;
-		}
-
-	if(!pass)
-		passlen = 0;
-	else if (passlen == -1)
-		passlen = strlen(pass);
-
-	if (cipher_nid == -1)
-		cipher = NULL;
-	else
-		{
-		cipher = EVP_get_cipherbynid(cipher_nid);
-		if (!cipher)
-			{
-			EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_CIPHER);
-			return 0;
-			}
-		}
-
-	if (md_nid == -1)
-		md = NULL;
-	else
-		{
-		md = EVP_get_digestbynid(md_nid);
-		if (!md)
-			{
-			EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_DIGEST);
-			return 0;
-			}
-		}
-
-	if (!keygen(ctx, pass, passlen, param, cipher, md, en_de))
-		{
-		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
-		return 0;
-		}
-	return 1;	
-}
-
-DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
-
-static int pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
-	{
-	int ret = pbe1->pbe_type - pbe2->pbe_type;
-	if (ret)
-		return ret;
-	else
-		return pbe1->pbe_nid - pbe2->pbe_nid;
-	}
-
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
-
-static int pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b)
-	{
-	int ret = (*a)->pbe_type - (*b)->pbe_type;
-	if (ret)
-		return ret;
-	else
-		return (*a)->pbe_nid - (*b)->pbe_nid;
-	}
-
-/* Add a PBE algorithm */
-
-int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
-			 EVP_PBE_KEYGEN *keygen)
-	{
-	EVP_PBE_CTL *pbe_tmp;
-	if (!pbe_algs)
-		pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
-	if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL))))
-		{
-		EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	pbe_tmp->pbe_type = pbe_type;
-	pbe_tmp->pbe_nid = pbe_nid;
-	pbe_tmp->cipher_nid = cipher_nid;
-	pbe_tmp->md_nid = md_nid;
-	pbe_tmp->keygen = keygen;
-
-
-	sk_EVP_PBE_CTL_push (pbe_algs, pbe_tmp);
-	return 1;
-	}
-
-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
-		    EVP_PBE_KEYGEN *keygen)
-	{
-	int cipher_nid, md_nid;
-	if (cipher)
-		cipher_nid = EVP_CIPHER_nid(cipher);
-	else
-		cipher_nid = -1;
-	if (md)
-		md_nid = EVP_MD_type(md);
-	else
-		md_nid = -1;
-
-	return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid,
-					cipher_nid, md_nid, keygen);
-	}
-
-int EVP_PBE_find(int type, int pbe_nid,
-		 int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen)
-	{
-	EVP_PBE_CTL *pbetmp = NULL, pbelu;
-	int i;
-	if (pbe_nid == NID_undef)
-		return 0;
-
-	pbelu.pbe_type = type;
-	pbelu.pbe_nid = pbe_nid;
-
-	if (pbe_algs)
-		{
-		i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
-		if (i != -1)
-			pbetmp = sk_EVP_PBE_CTL_value (pbe_algs, i);
-		}
-	if (pbetmp == NULL)
-		{
-		pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe,
-				     sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL));
-		}
-	if (pbetmp == NULL)
-		return 0;
-	if (pcnid)
-		*pcnid = pbetmp->cipher_nid;
-	if (pmnid)
-		*pmnid = pbetmp->md_nid;
-	if (pkeygen)
-		*pkeygen = pbetmp->keygen;
-	return 1;
-	}
-
-static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe)
-	 {
-	 OPENSSL_freeFunc(pbe);
-	 }
-
-void EVP_PBE_cleanup(void)
-	{
-	sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl);
-	pbe_algs = NULL;
-	}
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
deleted file mode 100644
index ceebf69284..0000000000
--- a/crypto/evp/evp_pkey.c
+++ /dev/null
@@ -1,242 +0,0 @@
-/* evp_pkey.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-#include "asn1_locl.h"
-
-/* Extract a private key from a PKCS8 structure */
-
-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
-{
-	EVP_PKEY *pkey = NULL;
-	ASN1_OBJECT *algoid;
-	char obj_tmp[80];
-
-	if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
-		return NULL;
-
-	if (!(pkey = EVP_PKEY_new())) {
-		EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid)))
-		{
-		EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-		i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
-		ERR_add_error_data(2, "TYPE=", obj_tmp);
-		goto error;
-		}
-
-	if (pkey->ameth->priv_decode)
-		{
-		if (!pkey->ameth->priv_decode(pkey, p8))
-			{
-			EVPerr(EVP_F_EVP_PKCS82PKEY,
-					EVP_R_PRIVATE_KEY_DECODE_ERROR);
-			goto error;
-			}
-		}
-	else
-		{
-		EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
-		goto error;
-		}
-
-	return pkey;
-
-	error:
-	EVP_PKEY_free (pkey);
-	return NULL;
-}
-
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
-{
-	return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
-}
-
-/* Turn a private key into a PKCS8 structure */
-
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
-{
-	PKCS8_PRIV_KEY_INFO *p8;
-
-	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {	
-		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	p8->broken = broken;
-
-	if (pkey->ameth)
-		{
-		if (pkey->ameth->priv_encode)
-			{
-			if (!pkey->ameth->priv_encode(p8, pkey))
-				{
-				EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-					EVP_R_PRIVATE_KEY_ENCODE_ERROR);
-				goto error;
-				}
-			}
-		else
-			{
-			EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-					EVP_R_METHOD_NOT_SUPPORTED);
-			goto error;
-			}
-		}
-	else
-		{
-		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
-				EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-		goto error;
-		}
-	RAND_add(p8->pkey->value.octet_string->data,
-		 p8->pkey->value.octet_string->length, 0.0);
-	return p8;
-	error:
-	PKCS8_PRIV_KEY_INFO_free(p8);
-	return NULL;
-}
-
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
-{
-	switch (broken) {
-
-		case PKCS8_OK:
-		p8->broken = PKCS8_OK;
-		return p8;
-		break;
-
-		case PKCS8_NO_OCTET:
-		p8->broken = PKCS8_NO_OCTET;
-		p8->pkey->type = V_ASN1_SEQUENCE;
-		return p8;
-		break;
-
-		default:
-		EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
-		return NULL;
-	}
-}
-
-/* EVP_PKEY attribute functions */
-
-int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
-{
-	return X509at_get_attr_count(key->attributes);
-}
-
-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
-			  int lastpos)
-{
-	return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
-}
-
-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
-			  int lastpos)
-{
-	return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
-}
-
-X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
-{
-	return X509at_get_attr(key->attributes, loc);
-}
-
-X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
-{
-	return X509at_delete_attr(key->attributes, loc);
-}
-
-int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
-{
-	if(X509at_add1_attr(&key->attributes, attr)) return 1;
-	return 0;
-}
-
-int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len)
-{
-	if(X509at_add1_attr_by_OBJ(&key->attributes, obj,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
-			int nid, int type,
-			const unsigned char *bytes, int len)
-{
-	if(X509at_add1_attr_by_NID(&key->attributes, nid,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len)
-{
-	if(X509at_add1_attr_by_txt(&key->attributes, attrname,
-				type, bytes, len)) return 1;
-	return 0;
-}
diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c
deleted file mode 100644
index 55c7cdfdcc..0000000000
--- a/crypto/evp/evp_test.c
+++ /dev/null
@@ -1,450 +0,0 @@
-/* Written by Ben Laurie, 2001 */
-/*
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/opensslconf.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/conf.h>
-
-static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
-    {
-    int n=0;
-
-    fprintf(f,"%s",title);
-    for( ; n < l ; ++n)
-	{
-	if((n%16) == 0)
-	    fprintf(f,"\n%04x",n);
-	fprintf(f," %02x",s[n]);
-	}
-    fprintf(f,"\n");
-    }
-
-static int convert(unsigned char *s)
-    {
-    unsigned char *d;
-
-    for(d=s ; *s ; s+=2,++d)
-	{
-	unsigned int n;
-
-	if(!s[1])
-	    {
-	    fprintf(stderr,"Odd number of hex digits!");
-	    EXIT(4);
-	    }
-	sscanf((char *)s,"%2x",&n);
-	*d=(unsigned char)n;
-	}
-    return s-d;
-    }
-
-static char *sstrsep(char **string, const char *delim)
-    {
-    char isdelim[256];
-    char *token = *string;
-
-    if (**string == 0)
-        return NULL;
-
-    memset(isdelim, 0, 256);
-    isdelim[0] = 1;
-
-    while (*delim)
-        {
-        isdelim[(unsigned char)(*delim)] = 1;
-        delim++;
-        }
-
-    while (!isdelim[(unsigned char)(**string)])
-        {
-        (*string)++;
-        }
-
-    if (**string)
-        {
-        **string = 0;
-        (*string)++;
-        }
-
-    return token;
-    }
-
-static unsigned char *ustrsep(char **p,const char *sep)
-    { return (unsigned char *)sstrsep(p,sep); }
-
-static int test1_exit(int ec)
-	{
-	EXIT(ec);
-	return(0);		/* To keep some compilers quiet */
-	}
-
-static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
-		  const unsigned char *iv,int in,
-		  const unsigned char *plaintext,int pn,
-		  const unsigned char *ciphertext,int cn,
-		  int encdec)
-    {
-    EVP_CIPHER_CTX ctx;
-    unsigned char out[4096];
-    int outl,outl2;
-
-    printf("Testing cipher %s%s\n",EVP_CIPHER_name(c),
-	   (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)")));
-    hexdump(stdout,"Key",key,kn);
-    if(in)
-	hexdump(stdout,"IV",iv,in);
-    hexdump(stdout,"Plaintext",plaintext,pn);
-    hexdump(stdout,"Ciphertext",ciphertext,cn);
-    
-    if(kn != c->key_len)
-	{
-	fprintf(stderr,"Key length doesn't match, got %d expected %lu\n",kn,
-		(unsigned long)c->key_len);
-	test1_exit(5);
-	}
-    EVP_CIPHER_CTX_init(&ctx);
-    if (encdec != 0)
-        {
-	if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
-	    {
-	    fprintf(stderr,"EncryptInit failed\n");
-	    ERR_print_errors_fp(stderr);
-	    test1_exit(10);
-	    }
-	EVP_CIPHER_CTX_set_padding(&ctx,0);
-
-	if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn))
-	    {
-	    fprintf(stderr,"Encrypt failed\n");
-	    ERR_print_errors_fp(stderr);
-	    test1_exit(6);
-	    }
-	if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
-	    {
-	    fprintf(stderr,"EncryptFinal failed\n");
-	    ERR_print_errors_fp(stderr);
-	    test1_exit(7);
-	    }
-
-	if(outl+outl2 != cn)
-	    {
-	    fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
-		    outl+outl2,cn);
-	    test1_exit(8);
-	    }
-
-	if(memcmp(out,ciphertext,cn))
-	    {
-	    fprintf(stderr,"Ciphertext mismatch\n");
-	    hexdump(stderr,"Got",out,cn);
-	    hexdump(stderr,"Expected",ciphertext,cn);
-	    test1_exit(9);
-	    }
-	}
-
-    if (encdec <= 0)
-        {
-	if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
-	    {
-	    fprintf(stderr,"DecryptInit failed\n");
-	    ERR_print_errors_fp(stderr);
-	    test1_exit(11);
-	    }
-	EVP_CIPHER_CTX_set_padding(&ctx,0);
-
-	if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn))
-	    {
-	    fprintf(stderr,"Decrypt failed\n");
-	    ERR_print_errors_fp(stderr);
-	    test1_exit(6);
-	    }
-	if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
-	    {
-	    fprintf(stderr,"DecryptFinal failed\n");
-	    ERR_print_errors_fp(stderr);
-	    test1_exit(7);
-	    }
-
-	if(outl+outl2 != pn)
-	    {
-	    fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
-		    outl+outl2,pn);
-	    test1_exit(8);
-	    }
-
-	if(memcmp(out,plaintext,pn))
-	    {
-	    fprintf(stderr,"Plaintext mismatch\n");
-	    hexdump(stderr,"Got",out,pn);
-	    hexdump(stderr,"Expected",plaintext,pn);
-	    test1_exit(9);
-	    }
-	}
-
-    EVP_CIPHER_CTX_cleanup(&ctx);
-
-    printf("\n");
-    }
-
-static int test_cipher(const char *cipher,const unsigned char *key,int kn,
-		       const unsigned char *iv,int in,
-		       const unsigned char *plaintext,int pn,
-		       const unsigned char *ciphertext,int cn,
-		       int encdec)
-    {
-    const EVP_CIPHER *c;
-
-    c=EVP_get_cipherbyname(cipher);
-    if(!c)
-	return 0;
-
-    test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec);
-
-    return 1;
-    }
-
-static int test_digest(const char *digest,
-		       const unsigned char *plaintext,int pn,
-		       const unsigned char *ciphertext, unsigned int cn)
-    {
-    const EVP_MD *d;
-    EVP_MD_CTX ctx;
-    unsigned char md[EVP_MAX_MD_SIZE];
-    unsigned int mdn;
-
-    d=EVP_get_digestbyname(digest);
-    if(!d)
-	return 0;
-
-    printf("Testing digest %s\n",EVP_MD_name(d));
-    hexdump(stdout,"Plaintext",plaintext,pn);
-    hexdump(stdout,"Digest",ciphertext,cn);
-
-    EVP_MD_CTX_init(&ctx);
-    if(!EVP_DigestInit_ex(&ctx,d, NULL))
-	{
-	fprintf(stderr,"DigestInit failed\n");
-	ERR_print_errors_fp(stderr);
-	EXIT(100);
-	}
-    if(!EVP_DigestUpdate(&ctx,plaintext,pn))
-	{
-	fprintf(stderr,"DigestUpdate failed\n");
-	ERR_print_errors_fp(stderr);
-	EXIT(101);
-	}
-    if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
-	{
-	fprintf(stderr,"DigestFinal failed\n");
-	ERR_print_errors_fp(stderr);
-	EXIT(101);
-	}
-    EVP_MD_CTX_cleanup(&ctx);
-
-    if(mdn != cn)
-	{
-	fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn);
-	EXIT(102);
-	}
-
-    if(memcmp(md,ciphertext,cn))
-	{
-	fprintf(stderr,"Digest mismatch\n");
-	hexdump(stderr,"Got",md,cn);
-	hexdump(stderr,"Expected",ciphertext,cn);
-	EXIT(103);
-	}
-
-    printf("\n");
-
-    EVP_MD_CTX_cleanup(&ctx);
-
-    return 1;
-    }
-
-int main(int argc,char **argv)
-    {
-    const char *szTestFile;
-    FILE *f;
-
-    if(argc != 2)
-	{
-	fprintf(stderr,"%s <test file>\n",argv[0]);
-	EXIT(1);
-	}
-    CRYPTO_malloc_debug_init();
-    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    szTestFile=argv[1];
-
-    f=fopen(szTestFile,"r");
-    if(!f)
-	{
-	perror(szTestFile);
-	EXIT(2);
-	}
-
-    /* Load up the software EVP_CIPHER and EVP_MD definitions */
-    OpenSSL_add_all_ciphers();
-    OpenSSL_add_all_digests();
-#ifndef OPENSSL_NO_ENGINE
-    /* Load all compiled-in ENGINEs */
-    ENGINE_load_builtin_engines();
-#endif
-#if 0
-    OPENSSL_config();
-#endif
-#ifndef OPENSSL_NO_ENGINE
-    /* Register all available ENGINE implementations of ciphers and digests.
-     * This could perhaps be changed to "ENGINE_register_all_complete()"? */
-    ENGINE_register_all_ciphers();
-    ENGINE_register_all_digests();
-    /* If we add command-line options, this statement should be switchable.
-     * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
-     * they weren't already initialised. */
-    /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
-#endif
-
-    for( ; ; )
-	{
-	char line[4096];
-	char *p;
-	char *cipher;
-	unsigned char *iv,*key,*plaintext,*ciphertext;
-	int encdec;
-	int kn,in,pn,cn;
-
-	if(!fgets((char *)line,sizeof line,f))
-	    break;
-	if(line[0] == '#' || line[0] == '\n')
-	    continue;
-	p=line;
-	cipher=sstrsep(&p,":");	
-	key=ustrsep(&p,":");
-	iv=ustrsep(&p,":");
-	plaintext=ustrsep(&p,":");
-	ciphertext=ustrsep(&p,":");
-	if (p[-1] == '\n') {
-	    p[-1] = '\0';
-	    encdec = -1;
-	} else {
-	    encdec = atoi(sstrsep(&p,"\n"));
-	}
-	      
-
-	kn=convert(key);
-	in=convert(iv);
-	pn=convert(plaintext);
-	cn=convert(ciphertext);
-
-	if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec)
-	   && !test_digest(cipher,plaintext,pn,ciphertext,cn))
-	    {
-#ifdef OPENSSL_NO_AES
-	    if (strstr(cipher, "AES") == cipher)
-		{
-		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
-		continue;
-		}
-#endif
-#ifdef OPENSSL_NO_DES
-	    if (strstr(cipher, "DES") == cipher)
-		{
-		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
-		continue;
-		}
-#endif
-#ifdef OPENSSL_NO_RC4
-	    if (strstr(cipher, "RC4") == cipher)
-		{
-		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
-		continue;
-		}
-#endif
-#ifdef OPENSSL_NO_CAMELLIA
-	    if (strstr(cipher, "CAMELLIA") == cipher)
-		{
-		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
-		continue;
-		}
-#endif
-#ifdef OPENSSL_NO_SEED
-	    if (strstr(cipher, "SEED") == cipher)
-		{
-		fprintf(stdout, "Cipher disabled, skipping %s\n", cipher); 
-		continue;
-		}
-#endif
-	    fprintf(stderr,"Can't find %s\n",cipher);
-	    EXIT(3);
-	    }
-	}
-	fclose(f);
-
-#ifndef OPENSSL_NO_ENGINE
-    ENGINE_cleanup();
-#endif
-    EVP_cleanup();
-    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_thread_state(NULL);
-    ERR_free_strings();
-    CRYPTO_mem_leaks_fp(stderr);
-
-    return 0;
-    }
diff --git a/crypto/evp/evptests.txt b/crypto/evp/evptests.txt
deleted file mode 100644
index c273707c14..0000000000
--- a/crypto/evp/evptests.txt
+++ /dev/null
@@ -1,334 +0,0 @@
-#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
-#digest:::input:output
-
-# SHA(1) tests (from shatest.c)
-SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d
-
-# MD5 tests (from md5test.c)
-MD5::::d41d8cd98f00b204e9800998ecf8427e
-MD5:::61:0cc175b9c0f1b6a831c399e269772661
-MD5:::616263:900150983cd24fb0d6963f7d28e17f72
-MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
-MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
-MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
-MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a
-
-# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
-
-AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1
-
-# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)
-
-AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1
-
-# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
-
-AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1
-
-# AES 128 ECB tests (from NIST test vectors, encrypt)
-
-#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1
-
-# AES 128 ECB tests (from NIST test vectors, decrypt)
-
-#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0
-
-# AES 192 ECB tests (from NIST test vectors, decrypt)
-
-#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0
-
-# AES 256 ECB tests (from NIST test vectors, decrypt)
-
-#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0
-
-# AES 128 CBC tests (from NIST test vectors, encrypt)
-
-#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1
-
-# AES 192 CBC tests (from NIST test vectors, encrypt)
-
-#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1
-
-# AES 256 CBC tests (from NIST test vectors, encrypt)
-
-#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1
-
-# AES 128 CBC tests (from NIST test vectors, decrypt)
-
-#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0
-
-# AES tests from NIST document SP800-38A
-# For all ECB encrypts and decrypts, the transformed sequence is
-#   AES-bits-ECB:key::plaintext:ciphertext:encdec
-# ECB-AES128.Encrypt and ECB-AES128.Decrypt
-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97
-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF
-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688
-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4
-# ECB-AES192.Encrypt and ECB-AES192.Decrypt 
-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC
-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF
-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E
-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E
-# ECB-AES256.Encrypt and ECB-AES256.Decrypt 
-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8
-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870
-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D
-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7
-# For all CBC encrypts and decrypts, the transformed sequence is
-#   AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
-# CBC-AES128.Encrypt and CBC-AES128.Decrypt 
-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D
-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2
-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516
-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7
-# CBC-AES192.Encrypt and CBC-AES192.Decrypt 
-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8
-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A
-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0
-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD
-# CBC-AES256.Encrypt and CBC-AES256.Decrypt 
-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6
-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
-# We don't support CFB{1,8}-AESxxx.{En,De}crypt
-# For all CFB128 encrypts and decrypts, the transformed sequence is
-#   AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
-# CFB128-AES128.Encrypt 
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1
-# CFB128-AES128.Decrypt 
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0
-# CFB128-AES192.Encrypt
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1
-# CFB128-AES192.Decrypt
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0
-# CFB128-AES256.Encrypt 
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1
-# CFB128-AES256.Decrypt 
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0
-# For all OFB encrypts and decrypts, the transformed sequence is
-#   AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec
-# OFB-AES128.Encrypt 
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1 
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1 
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1 
-# OFB-AES128.Decrypt 
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0
-# OFB-AES192.Encrypt 
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1 
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1 
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1 
-# OFB-AES192.Decrypt 
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0 
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0 
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0 
-# OFB-AES256.Encrypt 
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1
-# OFB-AES256.Decrypt 
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
-
-# AES Counter test vectors from RFC3686
-aes-128-ctr:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1
-aes-128-ctr:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1
-aes-128-ctr:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1
-
-aes-192-ctr:16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515:0000004836733C147D6D93CB00000001:53696E676C6520626C6F636B206D7367:4B55384FE259C9C84E7935A003CBE928:1
-aes-192-ctr:7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A:0096B03B020C6EADC2CB500D00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00:1
-aes-192-ctr:02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE:0007BDFD5CBD60278DCC091200000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935:1
-
-aes-256-ctr:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1
-aes-256-ctr:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1
-aes-256-ctr:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1
-
-# DES ECB tests (from destest)
-
-DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7
-DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58
-DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B
-DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533
-DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D
-DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD
-DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4
-
-# DESX-CBC tests (from destest)
-DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4
-
-# DES EDE3 CBC tests (from destest)
-DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
-
-# RC4 tests (from rc4test)
-RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
-RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
-RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a
-RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
-RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
-RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61
-
-
-# Camellia tests from RFC3713
-# For all ECB encrypts and decrypts, the transformed sequence is
-#   CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec
-CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43
-CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9
-CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509
-
-# ECB-CAMELLIA128.Encrypt
-CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1
-CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1
-CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1
-
-# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt 
-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96
-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B
-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636
-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A
-
-# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt 
-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3
-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A
-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366
-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26
-
-# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt 
-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA
-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA
-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28
-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B
-
-# For all CBC encrypts and decrypts, the transformed sequence is
-#   CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
-# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt 
-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB
-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887
-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54
-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980
-
-# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt 
-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93
-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5
-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449
-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08
-
-# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt 
-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA
-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50
-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83
-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F
-
-# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt
-# For all CFB128 encrypts and decrypts, the transformed sequence is
-#   CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
-# CFB128-CAMELLIA128.Encrypt 
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1
-
-# CFB128-CAMELLIA128.Decrypt 
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0
-
-# CFB128-CAMELLIA192.Encrypt
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1
-
-# CFB128-CAMELLIA192.Decrypt
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0
-
-# CFB128-CAMELLIA256.Encrypt 
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1
-
-# CFB128-CAMELLIA256.Decrypt 
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0
-
-# For all OFB encrypts and decrypts, the transformed sequence is
-#   CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec
-# OFB-CAMELLIA128.Encrypt 
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1
-
-# OFB-CAMELLIA128.Decrypt 
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0
-
-# OFB-CAMELLIA192.Encrypt 
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1
-
-# OFB-CAMELLIA192.Decrypt 
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0
-
-# OFB-CAMELLIA256.Encrypt 
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1
-
-# OFB-CAMELLIA256.Decrypt 
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0
-
-# SEED test vectors from RFC4269
-SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:0
-SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:0
-SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:0
-SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:0
-SEED-ECB:00000000000000000000000000000000::000102030405060708090A0B0C0D0E0F:5EBAC6E0054E166819AFF1CC6D346CDB:1
-SEED-ECB:000102030405060708090A0B0C0D0E0F::00000000000000000000000000000000:C11F22F20140505084483597E4370F43:1
-SEED-ECB:4706480851E61BE85D74BFB3FD956185::83A2F8A288641FB9A4E9A5CC2F131C7D:EE54D13EBCAE706D226BC3142CD40D4A:1
-SEED-ECB:28DBC3BC49FFD87DCFA509B11D422BE7::B41E6BE2EBA84A148E2EED84593C5EC7:9B9B7BFCD1813CB95D0B3618F40F5122:1
diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c
deleted file mode 100644
index 6fb7e9a861..0000000000
--- a/crypto/evp/m_dss.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* crypto/evp/m_dss.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/sha.h>
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_NO_SHA
-#ifndef OPENSSL_FIPS
-
-static int init(EVP_MD_CTX *ctx)
-	{ return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA1_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD dsa_md=
-	{
-	NID_dsaWithSHA,
-	NID_dsaWithSHA,
-	SHA_DIGEST_LENGTH,
-	EVP_MD_FLAG_PKEY_DIGEST,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_DSA_method,
-	SHA_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA_CTX),
-	};
-
-const EVP_MD *EVP_dss(void)
-	{
-	return(&dsa_md);
-	}
-#endif
-#endif
diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c
deleted file mode 100644
index 2df362a670..0000000000
--- a/crypto/evp/m_dss1.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/* crypto/evp/m_dss1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_SHA
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/sha.h>
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_FIPS 
-
-static int init(EVP_MD_CTX *ctx)
-	{ return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA1_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD dss1_md=
-	{
-	NID_dsa,
-	NID_dsaWithSHA1,
-	SHA_DIGEST_LENGTH,
-	EVP_MD_FLAG_PKEY_DIGEST,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_DSA_method,
-	SHA_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA_CTX),
-	};
-
-const EVP_MD *EVP_dss1(void)
-	{
-	return(&dss1_md);
-	}
-#endif
-#endif
diff --git a/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c
deleted file mode 100644
index 4b15fb0f6c..0000000000
--- a/crypto/evp/m_ecdsa.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/* crypto/evp/m_ecdsa.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_SHA
-#ifndef OPENSSL_FIPS
-
-static int init(EVP_MD_CTX *ctx)
-	{ return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA1_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD ecdsa_md=
-	{
-	NID_ecdsa_with_SHA1,
-	NID_ecdsa_with_SHA1,
-	SHA_DIGEST_LENGTH,
-	EVP_MD_FLAG_PKEY_DIGEST,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_ECDSA_method,
-	SHA_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA_CTX),
-	};
-
-const EVP_MD *EVP_ecdsa(void)
-	{
-	return(&ecdsa_md);
-	}
-#endif
-#endif
diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c
deleted file mode 100644
index 6d47f61b27..0000000000
--- a/crypto/evp/m_md4.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/* crypto/evp/m_md4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_MD4
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/md4.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-#include "evp_locl.h"
-
-static int init(EVP_MD_CTX *ctx)
-	{ return MD4_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return MD4_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return MD4_Final(md,ctx->md_data); }
-
-static const EVP_MD md4_md=
-	{
-	NID_md4,
-	NID_md4WithRSAEncryption,
-	MD4_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	MD4_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(MD4_CTX),
-	};
-
-const EVP_MD *EVP_md4(void)
-	{
-	return(&md4_md);
-	}
-#endif
diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c
deleted file mode 100644
index 9a8bae0258..0000000000
--- a/crypto/evp/m_md5.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* crypto/evp/m_md5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_MD5
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/md5.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include "evp_locl.h"
-
-static int init(EVP_MD_CTX *ctx)
-	{ return MD5_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return MD5_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return MD5_Final(md,ctx->md_data); }
-
-static const EVP_MD md5_md=
-	{
-	NID_md5,
-	NID_md5WithRSAEncryption,
-	MD5_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	MD5_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(MD5_CTX),
-	};
-
-const EVP_MD *EVP_md5(void)
-	{
-	return(&md5_md);
-	}
-#endif
diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c
deleted file mode 100644
index 3602bed316..0000000000
--- a/crypto/evp/m_mdc2.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/* crypto/evp/m_mdc2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_MDC2
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/mdc2.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-#include "evp_locl.h"
-
-static int init(EVP_MD_CTX *ctx)
-	{ return MDC2_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return MDC2_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return MDC2_Final(md,ctx->md_data); }
-
-static const EVP_MD mdc2_md=
-	{
-	NID_mdc2,
-	NID_mdc2WithRSA,
-	MDC2_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_ASN1_OCTET_STRING_method,
-	MDC2_BLOCK,
-	sizeof(EVP_MD *)+sizeof(MDC2_CTX),
-	};
-
-const EVP_MD *EVP_mdc2(void)
-	{
-	return(&mdc2_md);
-	}
-#endif
diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c
deleted file mode 100644
index cb0721699d..0000000000
--- a/crypto/evp/m_null.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/* crypto/evp/m_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-static int init(EVP_MD_CTX *ctx)
-	{ return 1; }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return 1; }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return 1; }
-
-static const EVP_MD null_md=
-	{
-	NID_undef,
-	NID_undef,
-	0,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_NULL_method,
-	0,
-	sizeof(EVP_MD *),
-	};
-
-const EVP_MD *EVP_md_null(void)
-	{
-	return(&null_md);
-	}
-
-
diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c
deleted file mode 100644
index 7bf4804cf8..0000000000
--- a/crypto/evp/m_ripemd.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* crypto/evp/m_ripemd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_RIPEMD
-
-#include <openssl/ripemd.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include "evp_locl.h"
-
-static int init(EVP_MD_CTX *ctx)
-	{ return RIPEMD160_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return RIPEMD160_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return RIPEMD160_Final(md,ctx->md_data); }
-
-static const EVP_MD ripemd160_md=
-	{
-	NID_ripemd160,
-	NID_ripemd160WithRSA,
-	RIPEMD160_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	RIPEMD160_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX),
-	};
-
-const EVP_MD *EVP_ripemd160(void)
-	{
-	return(&ripemd160_md);
-	}
-#endif
diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
deleted file mode 100644
index bd0c01ad3c..0000000000
--- a/crypto/evp/m_sha1.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/* crypto/evp/m_sha1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_FIPS
-
-#ifndef OPENSSL_NO_SHA
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/sha.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-
-static int init(EVP_MD_CTX *ctx)
-	{ return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA1_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD sha1_md=
-	{
-	NID_sha1,
-	NID_sha1WithRSAEncryption,
-	SHA_DIGEST_LENGTH,
-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA_CTX),
-	};
-
-const EVP_MD *EVP_sha1(void)
-	{
-	return(&sha1_md);
-	}
-#endif
-
-#ifndef OPENSSL_NO_SHA256
-static int init224(EVP_MD_CTX *ctx)
-	{ return SHA224_Init(ctx->md_data); }
-static int init256(EVP_MD_CTX *ctx)
-	{ return SHA256_Init(ctx->md_data); }
-/*
- * Even though there're separate SHA224_[Update|Final], we call
- * SHA256 functions even in SHA224 context. This is what happens
- * there anyway, so we can spare few CPU cycles:-)
- */
-static int update256(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA256_Update(ctx->md_data,data,count); }
-static int final256(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA256_Final(md,ctx->md_data); }
-
-static const EVP_MD sha224_md=
-	{
-	NID_sha224,
-	NID_sha224WithRSAEncryption,
-	SHA224_DIGEST_LENGTH,
-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
-	init224,
-	update256,
-	final256,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA256_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA256_CTX),
-	};
-
-const EVP_MD *EVP_sha224(void)
-	{ return(&sha224_md); }
-
-static const EVP_MD sha256_md=
-	{
-	NID_sha256,
-	NID_sha256WithRSAEncryption,
-	SHA256_DIGEST_LENGTH,
-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
-	init256,
-	update256,
-	final256,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA256_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA256_CTX),
-	};
-
-const EVP_MD *EVP_sha256(void)
-	{ return(&sha256_md); }
-#endif	/* ifndef OPENSSL_NO_SHA256 */
-
-#ifndef OPENSSL_NO_SHA512
-static int init384(EVP_MD_CTX *ctx)
-	{ return SHA384_Init(ctx->md_data); }
-static int init512(EVP_MD_CTX *ctx)
-	{ return SHA512_Init(ctx->md_data); }
-/* See comment in SHA224/256 section */
-static int update512(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA512_Update(ctx->md_data,data,count); }
-static int final512(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA512_Final(md,ctx->md_data); }
-
-static const EVP_MD sha384_md=
-	{
-	NID_sha384,
-	NID_sha384WithRSAEncryption,
-	SHA384_DIGEST_LENGTH,
-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
-	init384,
-	update512,
-	final512,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA512_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA512_CTX),
-	};
-
-const EVP_MD *EVP_sha384(void)
-	{ return(&sha384_md); }
-
-static const EVP_MD sha512_md=
-	{
-	NID_sha512,
-	NID_sha512WithRSAEncryption,
-	SHA512_DIGEST_LENGTH,
-	EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT,
-	init512,
-	update512,
-	final512,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA512_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA512_CTX),
-	};
-
-const EVP_MD *EVP_sha512(void)
-	{ return(&sha512_md); }
-#endif	/* ifndef OPENSSL_NO_SHA512 */
-
-#endif
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
deleted file mode 100644
index 7e2731f4a4..0000000000
--- a/crypto/evp/m_sigver.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/* m_sigver.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006,2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include "evp_locl.h"
-
-static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-			  const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
-			  int ver)
-	{
-	if (ctx->pctx == NULL)
-		ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
-	if (ctx->pctx == NULL)
-		return 0;
-
-	if (type == NULL)
-		{
-		int def_nid;
-		if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
-			type = EVP_get_digestbynid(def_nid);
-		}
-
-	if (type == NULL)
-		{
-		EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
-		return 0;
-		}
-
-	if (ver)
-		{
-		if (ctx->pctx->pmeth->verifyctx_init)
-			{
-			if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <=0)
-				return 0;
-			ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
-			}
-		else if (EVP_PKEY_verify_init(ctx->pctx) <= 0)
-			return 0;
-		}
-	else
-		{
-		if (ctx->pctx->pmeth->signctx_init)
-			{
-			if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
-				return 0;
-			ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
-			}
-		else if (EVP_PKEY_sign_init(ctx->pctx) <= 0)
-			return 0;
-		}
-	if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
-		return 0;
-	if (pctx)
-		*pctx = ctx->pctx;
-	if (!EVP_DigestInit_ex(ctx, type, e))
-		return 0;
-	return 1;
-	}
-
-int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-			const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
-	{
-	return do_sigver_init(ctx, pctx, type, e, pkey, 0);
-	}
-
-int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-			const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
-	{
-	return do_sigver_init(ctx, pctx, type, e, pkey, 1);
-	}
-
-int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
-	{
-	int sctx, r = 0;
-	if (ctx->pctx->pmeth->signctx)
-		sctx = 1;
-	else
-		sctx = 0;
-	if (sigret)
-		{
-		EVP_MD_CTX tmp_ctx;
-		unsigned char md[EVP_MAX_MD_SIZE];
-		unsigned int mdlen;
-		EVP_MD_CTX_init(&tmp_ctx);
-		if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
-		     	return 0;
-		if (sctx)
-			r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx,
-					sigret, siglen, &tmp_ctx);
-		else
-			r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen);
-		EVP_MD_CTX_cleanup(&tmp_ctx);
-		if (sctx || !r)
-			return r;
-		if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
-			return 0;
-		}
-	else
-		{
-		if (sctx)
-			{
-			if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx) <= 0)
-				return 0;
-			}
-		else
-			{
-			int s = EVP_MD_size(ctx->digest);
-			if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL, s) <= 0)
-				return 0;
-			}
-		}
-	return 1;
-	}
-
-int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen)
-	{
-	EVP_MD_CTX tmp_ctx;
-	unsigned char md[EVP_MAX_MD_SIZE];
-	int r;
-	unsigned int mdlen;
-	int vctx;
-
-	if (ctx->pctx->pmeth->verifyctx)
-		vctx = 1;
-	else
-		vctx = 0;
-	EVP_MD_CTX_init(&tmp_ctx);
-	if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
-		return -1;	
-	if (vctx)
-		{
-		r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx,
-					sig, siglen, &tmp_ctx);
-		}
-	else
-		r = EVP_DigestFinal_ex(&tmp_ctx,md,&mdlen);
-	EVP_MD_CTX_cleanup(&tmp_ctx);
-	if (vctx || !r)
-		return r;
-	return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
-	}
diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c
deleted file mode 100644
index c51bc2d5d1..0000000000
--- a/crypto/evp/m_wp.c
+++ /dev/null
@@ -1,43 +0,0 @@
-/* crypto/evp/m_wp.c */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_WHIRLPOOL
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/whrlpool.h>
-#include "evp_locl.h"
-
-static int init(EVP_MD_CTX *ctx)
-	{ return WHIRLPOOL_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return WHIRLPOOL_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return WHIRLPOOL_Final(md,ctx->md_data); }
-
-static const EVP_MD whirlpool_md=
-	{
-	NID_whirlpool,
-	0,
-	WHIRLPOOL_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_NULL_method,
-	WHIRLPOOL_BBLOCK/8,
-	sizeof(EVP_MD *)+sizeof(WHIRLPOOL_CTX),
-	};
-
-const EVP_MD *EVP_whirlpool(void)
-	{
-	return(&whirlpool_md);
-	}
-#endif
diff --git a/crypto/evp/names.c b/crypto/evp/names.c
deleted file mode 100644
index 6311ad7cfb..0000000000
--- a/crypto/evp/names.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/* crypto/evp/names.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_add_cipher(const EVP_CIPHER *c)
-	{
-	int r;
-
-	if (c == NULL) return 0;
-
-	OPENSSL_init();
-
-	r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
-	if (r == 0) return(0);
-	check_defer(c->nid);
-	r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
-	return(r);
-	}
-
-
-int EVP_add_digest(const EVP_MD *md)
-	{
-	int r;
-	const char *name;
-	OPENSSL_init();
-
-	name=OBJ_nid2sn(md->type);
-	r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
-	if (r == 0) return(0);
-	check_defer(md->type);
-	r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md);
-	if (r == 0) return(0);
-
-	if (md->pkey_type && md->type != md->pkey_type)
-		{
-		r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
-			OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
-		if (r == 0) return(0);
-		check_defer(md->pkey_type);
-		r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
-			OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
-		}
-	return(r);
-	}
-
-const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
-	{
-	const EVP_CIPHER *cp;
-
-	cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH);
-	return(cp);
-	}
-
-const EVP_MD *EVP_get_digestbyname(const char *name)
-	{
-	const EVP_MD *cp;
-
-	cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH);
-	return(cp);
-	}
-
-void EVP_cleanup(void)
-	{
-	OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
-	OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
-	/* The above calls will only clean out the contents of the name
-	   hash table, but not the hash table itself.  The following line
-	   does that part.  -- Richard Levitte */
-	OBJ_NAME_cleanup(-1);
-
-	EVP_PBE_cleanup();
-	if (obj_cleanup_defer == 2)
-		{
-		obj_cleanup_defer = 0;
-		OBJ_cleanup();
-		}
-	OBJ_sigid_free();
-	}
-
-struct doall_cipher
-	{
-	void *arg;
-	void (*fn)(const EVP_CIPHER *ciph,
-			const char *from, const char *to, void *arg);
-	};
-
-static void do_all_cipher_fn(const OBJ_NAME *nm, void *arg)
-	{
-	struct doall_cipher *dc = arg;
-	if (nm->alias)
-		dc->fn(NULL, nm->name, nm->data, dc->arg);
-	else
-		dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg);
-	}
-
-void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph,
-		const char *from, const char *to, void *x), void *arg)
-	{
-	struct doall_cipher dc;
-	dc.fn = fn;
-	dc.arg = arg;
-	OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
-	}
-
-void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph,
-		const char *from, const char *to, void *x), void *arg)
-	{
-	struct doall_cipher dc;
-	dc.fn = fn;
-	dc.arg = arg;
-	OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn,&dc);
-	}
-
-struct doall_md
-	{
-	void *arg;
-	void (*fn)(const EVP_MD *ciph,
-			const char *from, const char *to, void *arg);
-	};
-
-static void do_all_md_fn(const OBJ_NAME *nm, void *arg)
-	{
-	struct doall_md *dc = arg;
-	if (nm->alias)
-		dc->fn(NULL, nm->name, nm->data, dc->arg);
-	else
-		dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg);
-	}
-
-void EVP_MD_do_all(void (*fn)(const EVP_MD *md,
-		const char *from, const char *to, void *x), void *arg)
-	{
-	struct doall_md dc;
-	dc.fn = fn;
-	dc.arg = arg;
-	OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
-	}
-
-void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *md,
-		const char *from, const char *to, void *x), void *arg)
-	{
-	struct doall_md dc;
-	dc.fn = fn;
-	dc.arg = arg;
-	OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
-	}
diff --git a/crypto/evp/openbsd_hw.c b/crypto/evp/openbsd_hw.c
deleted file mode 100644
index 3831a5731e..0000000000
--- a/crypto/evp/openbsd_hw.c
+++ /dev/null
@@ -1,446 +0,0 @@
-/* Written by Ben Laurie, 2001 */
-/*
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/rsa.h>
-#include "evp_locl.h"
-
-/* This stuff should now all be supported through
- * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up */
-static void *dummy=&dummy;
-
-#if 0
-
-/* check flag after OpenSSL headers to ensure make depend works */
-#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-
-#include <fcntl.h>
-#include <stdio.h>
-#include <errno.h>
-#include <sys/ioctl.h>
-#include <crypto/cryptodev.h>
-#include <unistd.h>
-#include <assert.h>
-
-/* longest key supported in hardware */
-#define MAX_HW_KEY	24
-#define MAX_HW_IV	8
-
-#define MD5_DIGEST_LENGTH	16
-#define MD5_CBLOCK		64
-
-static int fd;
-static int dev_failed;
-
-typedef struct session_op session_op;
-
-#define CDATA(ctx) EVP_C_DATA(session_op,ctx)
-
-static void err(const char *str)
-    {
-    fprintf(stderr,"%s: errno %d\n",str,errno);
-    }
-
-static int dev_crypto_init(session_op *ses)
-    {
-    if(dev_failed)
-	return 0;
-    if(!fd)
-	{
-	int cryptodev_fd;
-
-        if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
-	    {
-	    err("/dev/crypto");
-	    dev_failed=1;
-	    return 0;
-	    }
-        if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
-	    {
-	    err("CRIOGET failed");
-	    close(cryptodev_fd);
-	    dev_failed=1;
-	    return 0;
-	    }
-	close(cryptodev_fd);
-	}
-    assert(ses);
-    memset(ses,'\0',sizeof *ses);
-
-    return 1;
-    }
-
-static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
-    {
-    if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1)
-	err("CIOCFSESSION failed");
-
-    OPENSSL_free(CDATA(ctx)->key);
-
-    return 1;
-    }
-
-static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,
-			       const unsigned char *key,int klen)
-    {
-    if(!dev_crypto_init(CDATA(ctx)))
-	return 0;
-
-    CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY);
-
-    assert(ctx->cipher->iv_len <= MAX_HW_IV);
-
-    memcpy(CDATA(ctx)->key,key,klen);
-    
-    CDATA(ctx)->cipher=cipher;
-    CDATA(ctx)->keylen=klen;
-
-    if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1)
-	{
-	err("CIOCGSESSION failed");
-	return 0;
-	}
-    return 1;
-    }
-
-static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
-			     const unsigned char *in,unsigned int inl)
-    {
-    struct crypt_op cryp;
-    unsigned char lb[MAX_HW_IV];
-
-    if(!inl)
-	return 1;
-
-    assert(CDATA(ctx));
-    assert(!dev_failed);
-
-    memset(&cryp,'\0',sizeof cryp);
-    cryp.ses=CDATA(ctx)->ses;
-    cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-    cryp.flags=0;
-    cryp.len=inl;
-    assert((inl&(ctx->cipher->block_size-1)) == 0);
-    cryp.src=(caddr_t)in;
-    cryp.dst=(caddr_t)out;
-    cryp.mac=0;
-    if(ctx->cipher->iv_len)
-	cryp.iv=(caddr_t)ctx->iv;
-
-    if(!ctx->encrypt)
-	memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
-
-    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
-	{
-	if(errno == EINVAL) /* buffers are misaligned */
-	    {
-	    unsigned int cinl=0;
-	    char *cin=NULL;
-	    char *cout=NULL;
-
-	    /* NB: this can only make cinl != inl with stream ciphers */
-	    cinl=(inl+3)/4*4;
-
-	    if(((unsigned long)in&3) || cinl != inl)
-		{
-		cin=OPENSSL_malloc(cinl);
-		memcpy(cin,in,inl);
-		cryp.src=cin;
-		}
-
-	    if(((unsigned long)out&3) || cinl != inl)
-		{
-		cout=OPENSSL_malloc(cinl);
-		cryp.dst=cout;
-		}
-
-	    cryp.len=cinl;
-
-	    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
-		{
-		err("CIOCCRYPT(2) failed");
-		printf("src=%p dst=%p\n",cryp.src,cryp.dst);
-		abort();
-		return 0;
-		}
-		
-	    if(cout)
-		{
-		memcpy(out,cout,inl);
-		OPENSSL_free(cout);
-		}
-	    if(cin)
-		OPENSSL_free(cin);
-	    }
-	else 
-	    {	    
-	    err("CIOCCRYPT failed");
-	    abort();
-	    return 0;
-	    }
-	}
-
-    if(ctx->encrypt)
-	memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
-    else
-	memcpy(ctx->iv,lb,ctx->cipher->iv_len);
-
-    return 1;
-    }
-
-static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
-					const unsigned char *key,
-					const unsigned char *iv, int enc)
-    { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }
-
-#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
-
-BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
-		     0, dev_crypto_des_ede3_init_key,
-		     dev_crypto_cleanup, 
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,
-		     NULL)
-
-static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
-					const unsigned char *key,
-					const unsigned char *iv, int enc)
-    { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }
-
-static const EVP_CIPHER r4_cipher=
-    {
-    NID_rc4,
-    1,16,0,	/* FIXME: key should be up to 256 bytes */
-    EVP_CIPH_VARIABLE_LENGTH,
-    dev_crypto_rc4_init_key,
-    dev_crypto_cipher,
-    dev_crypto_cleanup,
-    sizeof(session_op),
-    NULL,
-    NULL,
-    NULL
-    };
-
-const EVP_CIPHER *EVP_dev_crypto_rc4(void)
-    { return &r4_cipher; }
-
-typedef struct
-    {
-    session_op sess;
-    char *data;
-    int len;
-    unsigned char md[EVP_MAX_MD_SIZE];
-    } MD_DATA;
-
-static int dev_crypto_init_digest(MD_DATA *md_data,int mac)
-    {
-    if(!dev_crypto_init(&md_data->sess))
-	return 0;
-
-    md_data->len=0;
-    md_data->data=NULL;
-
-    md_data->sess.mac=mac;
-
-    if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1)
-	{
-	err("CIOCGSESSION failed");
-	return 0;
-	}
-    return 1;
-    }
-
-static int dev_crypto_cleanup_digest(MD_DATA *md_data)
-    {
-    if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1)
-	{
-	err("CIOCFSESSION failed");
-	return 0;
-	}
-
-    return 1;
-    }
-
-/* FIXME: if device can do chained MACs, then don't accumulate */
-/* FIXME: move accumulation to the framework */
-static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
-    { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); }
-
-static int do_digest(int ses,unsigned char *md,const void *data,int len)
-    {
-    struct crypt_op cryp;
-    static unsigned char md5zero[16]=
-	{
-	0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,
-	0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e
-	};
-
-    /* some cards can't do zero length */
-    if(!len)
-	{
-	memcpy(md,md5zero,16);
-	return 1;
-	}
-
-    memset(&cryp,'\0',sizeof cryp);
-    cryp.ses=ses;
-    cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
-    cryp.len=len;
-    cryp.src=(caddr_t)data;
-    cryp.dst=(caddr_t)data; // FIXME!!!
-    cryp.mac=(caddr_t)md;
-
-    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
-	{
-	if(errno == EINVAL) /* buffer is misaligned */
-	    {
-	    char *dcopy;
-
-	    dcopy=OPENSSL_malloc(len);
-	    memcpy(dcopy,data,len);
-	    cryp.src=dcopy;
-	    cryp.dst=cryp.src; // FIXME!!!
-
-	    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
-		{
-		err("CIOCCRYPT(MAC2) failed");
-		abort();
-		return 0;
-		}
-	    OPENSSL_free(dcopy);
-	    }
-	else
-	    {
-	    err("CIOCCRYPT(MAC) failed");
-	    abort();
-	    return 0;
-	    }
-	}
-    //    printf("done\n");
-
-    return 1;
-    }
-
-static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data,
-				 unsigned long len)
-    {
-    MD_DATA *md_data=ctx->md_data;
-
-    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
-	return do_digest(md_data->sess.ses,md_data->md,data,len);
-
-    md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len);
-    memcpy(md_data->data+md_data->len,data,len);
-    md_data->len+=len;
-
-    return 1;
-    }	
-
-static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
-    {
-    int ret;
-    MD_DATA *md_data=ctx->md_data;
-
-    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
-	{
-	memcpy(md,md_data->md,MD5_DIGEST_LENGTH);
-	ret=1;
-	}
-    else
-	{
-	ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len);
-	OPENSSL_free(md_data->data);
-	md_data->data=NULL;
-	md_data->len=0;
-	}
-
-    return ret;
-    }
-
-static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
-    {
-    const MD_DATA *from_md=from->md_data;
-    MD_DATA *to_md=to->md_data;
-
-    // How do we copy sessions?
-    assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
-
-    to_md->data=OPENSSL_malloc(from_md->len);
-    memcpy(to_md->data,from_md->data,from_md->len);
-
-    return 1;
-    }
-
-static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
-    {
-    return dev_crypto_cleanup_digest(ctx->md_data);
-    }
-
-static const EVP_MD md5_md=
-    {
-    NID_md5,
-    NID_md5WithRSAEncryption,
-    MD5_DIGEST_LENGTH,
-    EVP_MD_FLAG_ONESHOT,	// XXX: set according to device info...
-    dev_crypto_md5_init,
-    dev_crypto_md5_update,
-    dev_crypto_md5_final,
-    dev_crypto_md5_copy,
-    dev_crypto_md5_cleanup,
-    EVP_PKEY_RSA_method,
-    MD5_CBLOCK,
-    sizeof(MD_DATA),
-    };
-
-const EVP_MD *EVP_dev_crypto_md5(void)
-    { return &md5_md; }
-
-#endif
-#endif
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
deleted file mode 100644
index 294cc90d87..0000000000
--- a/crypto/evp/p5_crpt.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/* p5_crpt.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-
-/* Doesn't do anything now: Builtin PBE algorithms in static table.
- */
-
-void PKCS5_PBE_add(void)
-{
-}
-
-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
-			 int en_de)
-{
-	EVP_MD_CTX ctx;
-	unsigned char md_tmp[EVP_MAX_MD_SIZE];
-	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-	int i;
-	PBEPARAM *pbe;
-	int saltlen, iter;
-	unsigned char *salt;
-	const unsigned char *pbuf;
-	int mdsize;
-	int rv = 0;
-	EVP_MD_CTX_init(&ctx);
-
-	/* Extract useful info from parameter */
-	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-	    param->value.sequence == NULL) {
-		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-		return 0;
-	}
-
-	pbuf = param->value.sequence->data;
-	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
-		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-		return 0;
-	}
-
-	if (!pbe->iter) iter = 1;
-	else iter = ASN1_INTEGER_get (pbe->iter);
-	salt = pbe->salt->data;
-	saltlen = pbe->salt->length;
-
-	if(!pass) passlen = 0;
-	else if(passlen == -1) passlen = strlen(pass);
-
-	if (!EVP_DigestInit_ex(&ctx, md, NULL))
-		goto err;
-	if (!EVP_DigestUpdate(&ctx, pass, passlen))
-		goto err;
-	if (!EVP_DigestUpdate(&ctx, salt, saltlen))
-		goto err;
-	PBEPARAM_free(pbe);
-	if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL))
-		goto err;
-	mdsize = EVP_MD_size(md);
-	if (mdsize < 0)
-	    return 0;
-	for (i = 1; i < iter; i++) {
-		if (!EVP_DigestInit_ex(&ctx, md, NULL))
-			goto err;
-		if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize))
-			goto err;
-		if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL))
-			goto err;
-	}
-	OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
-	memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
-	OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
-	memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
-						 EVP_CIPHER_iv_length(cipher));
-	if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
-		goto err;
-	OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
-	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
-	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
-	rv = 1;
-	err:
-	EVP_MD_CTX_cleanup(&ctx);
-	return rv;
-}
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
deleted file mode 100644
index fe3c6c8813..0000000000
--- a/crypto/evp/p5_crpt2.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/* p5_crpt2.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include "evp_locl.h"
-
-/* set this to print out info about the keygen algorithm */
-/* #define DEBUG_PKCS5V2 */
-
-#ifdef DEBUG_PKCS5V2
-	static void h__dump (const unsigned char *p, int len);
-#endif
-
-/* This is an implementation of PKCS#5 v2.0 password based encryption key
- * derivation function PBKDF2.
- * SHA1 version verified against test vectors posted by Peter Gutmann
- * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list.
- */
-
-int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
-			   const unsigned char *salt, int saltlen, int iter,
-			   const EVP_MD *digest,
-			   int keylen, unsigned char *out)
-	{
-	unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
-	int cplen, j, k, tkeylen, mdlen;
-	unsigned long i = 1;
-	HMAC_CTX hctx_tpl, hctx;
-
-	mdlen = EVP_MD_size(digest);
-	if (mdlen < 0)
-		return 0;
-
-	HMAC_CTX_init(&hctx_tpl);
-	p = out;
-	tkeylen = keylen;
-	if(!pass)
-		passlen = 0;
-	else if(passlen == -1)
-		passlen = strlen(pass);
-	if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL))
-		{
-		HMAC_CTX_cleanup(&hctx_tpl);
-		return 0;
-		}
-	while(tkeylen)
-		{
-		if(tkeylen > mdlen)
-			cplen = mdlen;
-		else
-			cplen = tkeylen;
-		/* We are unlikely to ever use more than 256 blocks (5120 bits!)
-		 * but just in case...
-		 */
-		itmp[0] = (unsigned char)((i >> 24) & 0xff);
-		itmp[1] = (unsigned char)((i >> 16) & 0xff);
-		itmp[2] = (unsigned char)((i >> 8) & 0xff);
-		itmp[3] = (unsigned char)(i & 0xff);
-		if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
-			{
-			HMAC_CTX_cleanup(&hctx_tpl);
-			return 0;
-			}
-		if (!HMAC_Update(&hctx, salt, saltlen)
-		    || !HMAC_Update(&hctx, itmp, 4)
-		    || !HMAC_Final(&hctx, digtmp, NULL))
-			{
-			HMAC_CTX_cleanup(&hctx_tpl);
-			HMAC_CTX_cleanup(&hctx);
-			return 0;
-			}
-		HMAC_CTX_cleanup(&hctx);
-		memcpy(p, digtmp, cplen);
-		for(j = 1; j < iter; j++)
-			{
-			if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
-				{
-				HMAC_CTX_cleanup(&hctx_tpl);
-				return 0;
-				}
-			if (!HMAC_Update(&hctx, digtmp, mdlen)
-			    || !HMAC_Final(&hctx, digtmp, NULL))
-				{
-				HMAC_CTX_cleanup(&hctx_tpl);
-				HMAC_CTX_cleanup(&hctx);
-				return 0;
-				}
-			HMAC_CTX_cleanup(&hctx);
-			for(k = 0; k < cplen; k++)
-				p[k] ^= digtmp[k];
-			}
-		tkeylen-= cplen;
-		i++;
-		p+= cplen;
-		}
-	HMAC_CTX_cleanup(&hctx_tpl);
-#ifdef DEBUG_PKCS5V2
-	fprintf(stderr, "Password:\n");
-	h__dump (pass, passlen);
-	fprintf(stderr, "Salt:\n");
-	h__dump (salt, saltlen);
-	fprintf(stderr, "Iteration count %d\n", iter);
-	fprintf(stderr, "Key:\n");
-	h__dump (out, keylen);
-#endif
-	return 1;
-	}
-
-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-			   const unsigned char *salt, int saltlen, int iter,
-			   int keylen, unsigned char *out)
-	{
-	return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(),
-					keylen, out);
-	}
-
-#ifdef DO_TEST
-main()
-{
-	unsigned char out[4];
-	unsigned char salt[] = {0x12, 0x34, 0x56, 0x78};
-	PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
-	fprintf(stderr, "Out %02X %02X %02X %02X\n",
-					 out[0], out[1], out[2], out[3]);
-}
-
-#endif
-
-/* Now the key derivation function itself. This is a bit evil because
- * it has to check the ASN1 parameters are valid: and there are quite a
- * few of them...
- */
-
-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                         ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
-                         int en_de)
-{
-	const unsigned char *pbuf;
-	int plen;
-	PBE2PARAM *pbe2 = NULL;
-	const EVP_CIPHER *cipher;
-
-	int rv = 0;
-
-	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-	    param->value.sequence == NULL) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-		goto err;
-	}
-
-	pbuf = param->value.sequence->data;
-	plen = param->value.sequence->length;
-	if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-		goto err;
-	}
-
-	/* See if we recognise the key derivation function */
-
-	if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-				EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
-		goto err;
-	}
-
-	/* lets see if we recognise the encryption algorithm.
-	 */
-
-	cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
-
-	if(!cipher) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-						EVP_R_UNSUPPORTED_CIPHER);
-		goto err;
-	}
-
-	/* Fixup cipher based on AlgorithmIdentifier */
-	if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
-		goto err;
-	if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-					EVP_R_CIPHER_PARAMETER_ERROR);
-		goto err;
-	}
-	rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
-					pbe2->keyfunc->parameter, c, md, en_de);
-	err:
-	PBE2PARAM_free(pbe2);
-	return rv;
-}
-
-int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                         ASN1_TYPE *param,
-			 const EVP_CIPHER *c, const EVP_MD *md, int en_de)
-{
-	unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
-	const unsigned char *pbuf;
-	int saltlen, iter, plen;
-	int rv = 0;
-	unsigned int keylen = 0;
-	int prf_nid, hmac_md_nid;
-	PBKDF2PARAM *kdf = NULL;
-	const EVP_MD *prfmd;
-
-	if (EVP_CIPHER_CTX_cipher(ctx) == NULL)
-		{
-		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_NO_CIPHER_SET);
-		goto err;
-		}
-	keylen = EVP_CIPHER_CTX_key_length(ctx);
-	OPENSSL_assert(keylen <= sizeof key);
-
-	/* Decode parameter */
-
-	if(!param || (param->type != V_ASN1_SEQUENCE))
-		{
-		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_DECODE_ERROR);
-		goto err;
-		}
-
-	pbuf = param->value.sequence->data;
-	plen = param->value.sequence->length;
-
-	if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
-		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_DECODE_ERROR);
-		goto err;
-	}
-
-	keylen = EVP_CIPHER_CTX_key_length(ctx);
-
-	/* Now check the parameters of the kdf */
-
-	if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
-		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
-						EVP_R_UNSUPPORTED_KEYLENGTH);
-		goto err;
-	}
-
-	if (kdf->prf)
-		prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
-	else
-		prf_nid = NID_hmacWithSHA1;
-
-	if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0))
-		{
-		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
-		goto err;
-		}
-
-	prfmd = EVP_get_digestbynid(hmac_md_nid);
-	if (prfmd == NULL)
-		{
-		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
-		goto err;
-		}
-
-	if(kdf->salt->type != V_ASN1_OCTET_STRING) {
-		EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
-						EVP_R_UNSUPPORTED_SALT_TYPE);
-		goto err;
-	}
-
-	/* it seems that its all OK */
-	salt = kdf->salt->value.octet_string->data;
-	saltlen = kdf->salt->value.octet_string->length;
-	iter = ASN1_INTEGER_get(kdf->iter);
-	if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
-						   keylen, key))
-		goto err;
-	rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
-	err:
-	OPENSSL_cleanse(key, keylen);
-	PBKDF2PARAM_free(kdf);
-	return rv;
-}
-
-#ifdef DEBUG_PKCS5V2
-static void h__dump (const unsigned char *p, int len)
-{
-        for (; len --; p++) fprintf(stderr, "%02X ", *p);
-        fprintf(stderr, "\n");
-}
-#endif
-#endif
diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c
deleted file mode 100644
index 4201dcbad9..0000000000
--- a/crypto/evp/p_dec.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/* crypto/evp/p_dec.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
-	     EVP_PKEY *priv)
-	{
-	int ret= -1;
-	
-#ifndef OPENSSL_NO_RSA
-	if (priv->type != EVP_PKEY_RSA)
-		{
-#endif
-		EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD,EVP_R_PUBLIC_KEY_NOT_RSA);
-#ifndef OPENSSL_NO_RSA
-		goto err;
-                }
-
-	ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
-err:
-#endif
-	return(ret);
-	}
diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c
deleted file mode 100644
index b5a3a84c41..0000000000
--- a/crypto/evp/p_enc.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/* crypto/evp/p_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len,
-	     EVP_PKEY *pubk)
-	{
-	int ret=0;
-	
-#ifndef OPENSSL_NO_RSA
-	if (pubk->type != EVP_PKEY_RSA)
-		{
-#endif
-		EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD,EVP_R_PUBLIC_KEY_NOT_RSA);
-#ifndef OPENSSL_NO_RSA
-		goto err;
-		}
-	ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
-err:
-#endif
-	return(ret);
-	}
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
deleted file mode 100644
index ee2dd0a973..0000000000
--- a/crypto/evp/p_lib.c
+++ /dev/null
@@ -1,480 +0,0 @@
-/* crypto/evp/p_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-#include "asn1_locl.h"
-
-static void EVP_PKEY_free_it(EVP_PKEY *x);
-
-int EVP_PKEY_bits(EVP_PKEY *pkey)
-	{
-	if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
-		return pkey->ameth->pkey_bits(pkey);
-	return 0;
-	}
-
-int EVP_PKEY_size(EVP_PKEY *pkey)
-	{
-	if (pkey && pkey->ameth && pkey->ameth->pkey_size)
-		return pkey->ameth->pkey_size(pkey);
-	return 0;
-	}
-
-int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
-	{
-#ifndef OPENSSL_NO_DSA
-	if (pkey->type == EVP_PKEY_DSA)
-		{
-		int ret=pkey->save_parameters;
-
-		if (mode >= 0)
-			pkey->save_parameters=mode;
-		return(ret);
-		}
-#endif
-#ifndef OPENSSL_NO_EC
-	if (pkey->type == EVP_PKEY_EC)
-		{
-		int ret = pkey->save_parameters;
-
-		if (mode >= 0)
-			pkey->save_parameters = mode;
-		return(ret);
-		}
-#endif
-	return(0);
-	}
-
-int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
-	{
-	if (to->type != from->type)
-		{
-		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES);
-		goto err;
-		}
-
-	if (EVP_PKEY_missing_parameters(from))
-		{
-		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
-		goto err;
-		}
-	if (from->ameth && from->ameth->param_copy)
-		return from->ameth->param_copy(to, from);
-err:
-	return 0;
-	}
-
-int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
-	{
-	if (pkey->ameth && pkey->ameth->param_missing)
-		return pkey->ameth->param_missing(pkey);
-	return 0;
-	}
-
-int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
-	{
-	if (a->type != b->type)
-		return -1;
-	if (a->ameth && a->ameth->param_cmp)
-		return a->ameth->param_cmp(a, b);
-	return -2;
-	}
-
-int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-	{
-	if (a->type != b->type)
-		return -1;
-
-	if (a->ameth)
-		{
-		int ret;
-		/* Compare parameters if the algorithm has them */
-		if (a->ameth->param_cmp)
-			{
-			ret = a->ameth->param_cmp(a, b);
-			if (ret <= 0)
-				return ret;
-			}
-
-		if (a->ameth->pub_cmp)
-			return a->ameth->pub_cmp(a, b);
-		}
-
-	return -2;
-	}
-
-EVP_PKEY *EVP_PKEY_new(void)
-	{
-	EVP_PKEY *ret;
-
-	ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY));
-	if (ret == NULL)
-		{
-		EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->type=EVP_PKEY_NONE;
-	ret->save_type=EVP_PKEY_NONE;
-	ret->references=1;
-	ret->ameth=NULL;
-	ret->engine=NULL;
-	ret->pkey.ptr=NULL;
-	ret->attributes=NULL;
-	ret->save_parameters=1;
-	return(ret);
-	}
-
-EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey)
-	{
-	return EVP_PKEY_up_ref(pkey);
-	}
-
-/* Setup a public key ASN1 method and ENGINE from a NID or a string.
- * If pkey is NULL just return 1 or 0 if the algorithm exists.
- */
-
-static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
-	{
-	const EVP_PKEY_ASN1_METHOD *ameth;
-	ENGINE *e = NULL;
-	if (pkey)
-		{
-		if (pkey->pkey.ptr)
-			EVP_PKEY_free_it(pkey);
-		/* If key type matches and a method exists then this
-		 * lookup has succeeded once so just indicate success.
-		 */
-		if ((type == pkey->save_type) && pkey->ameth)
-			return 1;
-#ifndef OPENSSL_NO_ENGINE
-		/* If we have an ENGINE release it */
-		if (pkey->engine)
-			{
-			ENGINE_finish(pkey->engine);
-			pkey->engine = NULL;
-			}
-#endif
-		}
-	if (str)
-		ameth = EVP_PKEY_asn1_find_str(&e, str, len);
-	else
-		ameth = EVP_PKEY_asn1_find(&e, type);
-#ifndef OPENSSL_NO_ENGINE
-	if (!pkey && e)
-		ENGINE_finish(e);
-#endif
-	if (!ameth)
-		{
-		EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
-		return 0;
-		}
-	if (pkey)
-		{
-		pkey->ameth = ameth;
-		pkey->engine = e;
-
-		pkey->type = pkey->ameth->pkey_id;
-		pkey->save_type=type;
-		}
-	return 1;
-	}
-
-int EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
-	{
-	return pkey_set_type(pkey, type, NULL, -1);
-	}
-
-int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
-	{
-	return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
-	}
-
-int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
-	{
-	if (!EVP_PKEY_set_type(pkey, type))
-		return 0;
-	pkey->pkey.ptr=key;
-	return (key != NULL);
-	}
-
-void *EVP_PKEY_get0(EVP_PKEY *pkey)
-	{
-	return pkey->pkey.ptr;
-	}
-
-#ifndef OPENSSL_NO_RSA
-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
-{
-	int ret = EVP_PKEY_assign_RSA(pkey, key);
-	if(ret)
-		RSA_up_ref(key);
-	return ret;
-}
-
-RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
-	{
-	if(pkey->type != EVP_PKEY_RSA) {
-		EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
-		return NULL;
-	}
-	RSA_up_ref(pkey->pkey.rsa);
-	return pkey->pkey.rsa;
-}
-#endif
-
-#ifndef OPENSSL_NO_DSA
-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
-{
-	int ret = EVP_PKEY_assign_DSA(pkey, key);
-	if(ret)
-		DSA_up_ref(key);
-	return ret;
-}
-
-DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
-	{
-	if(pkey->type != EVP_PKEY_DSA) {
-		EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);
-		return NULL;
-	}
-	DSA_up_ref(pkey->pkey.dsa);
-	return pkey->pkey.dsa;
-}
-#endif
-
-#ifndef OPENSSL_NO_EC
-
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
-{
-	int ret = EVP_PKEY_assign_EC_KEY(pkey,key);
-	if (ret)
-		EC_KEY_up_ref(key);
-	return ret;
-}
-
-EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
-{
-	if (pkey->type != EVP_PKEY_EC)
-	{
-		EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
-		return NULL;
-	}
-	EC_KEY_up_ref(pkey->pkey.ec);
-	return pkey->pkey.ec;
-}
-#endif
-
-
-#ifndef OPENSSL_NO_DH
-
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
-{
-	int ret = EVP_PKEY_assign_DH(pkey, key);
-	if(ret)
-		DH_up_ref(key);
-	return ret;
-}
-
-DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
-	{
-	if(pkey->type != EVP_PKEY_DH) {
-		EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
-		return NULL;
-	}
-	DH_up_ref(pkey->pkey.dh);
-	return pkey->pkey.dh;
-}
-#endif
-
-int EVP_PKEY_type(int type)
-	{
-	int ret;
-	const EVP_PKEY_ASN1_METHOD *ameth;
-	ENGINE *e;
-	ameth = EVP_PKEY_asn1_find(&e, type);
-	if (ameth)
-		ret = ameth->pkey_id;
-	else
-		ret = NID_undef;
-#ifndef OPENSSL_NO_ENGINE
-	if (e)
-		ENGINE_finish(e);
-#endif
-	return ret;
-	}
-
-int EVP_PKEY_id(const EVP_PKEY *pkey)
-	{
-	return pkey->type;
-	}
-
-int EVP_PKEY_base_id(const EVP_PKEY *pkey)
-	{
-	return EVP_PKEY_type(pkey->type);
-	}
-
-void EVP_PKEY_free(EVP_PKEY *x)
-	{
-	int i;
-
-	if (x == NULL) return;
-
-	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",x);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"EVP_PKEY_free, bad reference count\n");
-		abort();
-		}
-#endif
-	EVP_PKEY_free_it(x);
-	if (x->attributes)
-		sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
-	OPENSSL_free(x);
-	}
-
-EVP_PKEY *EVP_PKEY_up_ref(EVP_PKEY *pkey)
-	{
-	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-	return pkey;
-	}
-
-static void EVP_PKEY_free_it(EVP_PKEY *x)
-	{
-	if (x->ameth && x->ameth->pkey_free)
-		{
-		x->ameth->pkey_free(x);
-		x->pkey.ptr = NULL;
-		}
-#ifndef OPENSSL_NO_ENGINE
-	if (x->engine)
-		{
-		ENGINE_finish(x->engine);
-		x->engine = NULL;
-		}
-#endif
-	}
-
-static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent,
-				const char *kstr)
-	{
-	BIO_indent(out, indent, 128);
-	BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
-						kstr, OBJ_nid2ln(pkey->type));
-	return 1;
-	}
-
-int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
-				int indent, ASN1_PCTX *pctx)
-	{
-	if (pkey->ameth && pkey->ameth->pub_print)
-		return pkey->ameth->pub_print(out, pkey, indent, pctx);
-	
-	return unsup_alg(out, pkey, indent, "Public Key");
-	}
-
-int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
-				int indent, ASN1_PCTX *pctx)
-	{
-	if (pkey->ameth && pkey->ameth->priv_print)
-		return pkey->ameth->priv_print(out, pkey, indent, pctx);
-	
-	return unsup_alg(out, pkey, indent, "Private Key");
-	}
-
-int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
-				int indent, ASN1_PCTX *pctx)
-	{
-	if (pkey->ameth && pkey->ameth->param_print)
-		return pkey->ameth->param_print(out, pkey, indent, pctx);
-	return unsup_alg(out, pkey, indent, "Parameters");
-	}
-
-int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
-	{
-	if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
-		return -2;
-	return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID,
-						0, pnid);
-	}
-
diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c
deleted file mode 100644
index c748fbea87..0000000000
--- a/crypto/evp/p_open.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/* crypto/evp/p_open.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_RSA
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/rsa.h>
-
-int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-	const unsigned char *ek, int ekl, const unsigned char *iv,
-	EVP_PKEY *priv)
-	{
-	unsigned char *key=NULL;
-	int i,size=0,ret=0;
-
-	if(type) {	
-		EVP_CIPHER_CTX_init(ctx);
-		if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0;
-	}
-
-	if(!priv) return 1;
-
-	if (priv->type != EVP_PKEY_RSA)
-		{
-		EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
-		goto err;
-                }
-
-	size=RSA_size(priv->pkey.rsa);
-	key=(unsigned char *)OPENSSL_malloc(size+2);
-	if (key == NULL)
-		{
-		/* ERROR */
-		EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	i=EVP_PKEY_decrypt_old(key,ek,ekl,priv);
-	if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i))
-		{
-		/* ERROR */
-		goto err;
-		}
-	if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err;
-
-	ret=1;
-err:
-	if (key != NULL) OPENSSL_cleanse(key,size);
-	OPENSSL_free(key);
-	return(ret);
-	}
-
-int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int i;
-
-	i=EVP_DecryptFinal_ex(ctx,out,outl);
-	if (i)
-		i = EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
-	return(i);
-	}
-#else /* !OPENSSL_NO_RSA */
-
-# ifdef PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
deleted file mode 100644
index e5919b0fbf..0000000000
--- a/crypto/evp/p_seal.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/* crypto/evp/p_seal.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
-	     int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
-	{
-	unsigned char key[EVP_MAX_KEY_LENGTH];
-	int i;
-	
-	if(type) {
-		EVP_CIPHER_CTX_init(ctx);
-		if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0;
-	}
-	if ((npubk <= 0) || !pubk)
-		return 1;
-	if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
-		return 0;
-	if (EVP_CIPHER_CTX_iv_length(ctx))
-		RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
-
-	if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0;
-
-	for (i=0; i<npubk; i++)
-		{
-		ekl[i]=EVP_PKEY_encrypt_old(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),
-			pubk[i]);
-		if (ekl[i] <= 0) return(-1);
-		}
-	return(npubk);
-	}
-
-/* MACRO
-void EVP_SealUpdate(ctx,out,outl,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
-	{
-	EVP_EncryptUpdate(ctx,out,outl,in,inl);
-	}
-*/
-
-int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int i;
-	i = EVP_EncryptFinal_ex(ctx,out,outl);
-	if (i) 
-		i = EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
-	return i;
-	}
diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
deleted file mode 100644
index 8afb664306..0000000000
--- a/crypto/evp/p_sign.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/* crypto/evp/p_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#ifdef undef
-void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
-	{
-	EVP_DigestInit_ex(ctx,type);
-	}
-
-void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
-	     unsigned int count)
-	{
-	EVP_DigestUpdate(ctx,data,count);
-	}
-#endif
-
-int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
-	     EVP_PKEY *pkey)
-	{
-	unsigned char m[EVP_MAX_MD_SIZE];
-	unsigned int m_len;
-	int i = 0,ok = 0,v;
-	EVP_MD_CTX tmp_ctx;
-	EVP_PKEY_CTX *pkctx = NULL;
-
-	*siglen=0;
-	EVP_MD_CTX_init(&tmp_ctx);
-	if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
-		goto err;  
-	if (!EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len))
-		goto err;
-	EVP_MD_CTX_cleanup(&tmp_ctx);
-
-	if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
-		{
-		size_t sltmp = (size_t)EVP_PKEY_size(pkey);
-		i = 0;
-		pkctx = EVP_PKEY_CTX_new(pkey, NULL);
-		if (!pkctx)
-			goto err;
-		if (EVP_PKEY_sign_init(pkctx) <= 0)
-			goto err;
-		if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
-			goto err;
-		if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
-			goto err;
-		*siglen = sltmp;
-		i = 1;
-		err:
-		EVP_PKEY_CTX_free(pkctx);
-		return i;
-		}
-
-	for (i=0; i<4; i++)
-		{
-		v=ctx->digest->required_pkey_type[i];
-		if (v == 0) break;
-		if (pkey->type == v)
-			{
-			ok=1;
-			break;
-			}
-		}
-	if (!ok)
-		{
-		EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
-		return(0);
-		}
-
-	if (ctx->digest->sign == NULL)
-		{
-		EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
-		return(0);
-		}
-	return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
-		pkey->pkey.ptr));
-	}
-
diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c
deleted file mode 100644
index c66d63ccf8..0000000000
--- a/crypto/evp/p_verify.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/evp/p_verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
-	     unsigned int siglen, EVP_PKEY *pkey)
-	{
-	unsigned char m[EVP_MAX_MD_SIZE];
-	unsigned int m_len;
-	int i = 0,ok = 0,v;
-	EVP_MD_CTX tmp_ctx;
-	EVP_PKEY_CTX *pkctx = NULL;
-
-	EVP_MD_CTX_init(&tmp_ctx);
-	if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
-		goto err;    
-	if (!EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len))
-		goto err;
-	EVP_MD_CTX_cleanup(&tmp_ctx);
-
-	if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
-		{
-		i = -1;
-		pkctx = EVP_PKEY_CTX_new(pkey, NULL);
-		if (!pkctx)
-			goto err;
-		if (EVP_PKEY_verify_init(pkctx) <= 0)
-			goto err;
-		if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
-			goto err;
-		i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
-		err:
-		EVP_PKEY_CTX_free(pkctx);
-		return i;
-		}
-
-	for (i=0; i<4; i++)
-		{
-		v=ctx->digest->required_pkey_type[i];
-		if (v == 0) break;
-		if (pkey->type == v)
-			{
-			ok=1;
-			break;
-			}
-		}
-	if (!ok)
-		{
-		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
-		return(-1);
-		}
-        if (ctx->digest->verify == NULL)
-                {
-		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
-		return(0);
-		}
-
-	return(ctx->digest->verify(ctx->digest->type,m,m_len,
-		sigbuf,siglen,pkey->pkey.ptr));
-	}
-
diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
deleted file mode 100644
index c4676f2f8d..0000000000
--- a/crypto/evp/pmeth_fn.c
+++ /dev/null
@@ -1,368 +0,0 @@
-/* pmeth_fn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include "evp_locl.h"
-
-#define M_check_autoarg(ctx, arg, arglen, err) \
-	if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
-		{ \
-		size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
-		if (!arg) \
-			{ \
-			*arglen = pksize; \
-			return 1; \
-			} \
-		else if (*arglen < pksize) \
-			{ \
-			EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\
-			return 0; \
-			} \
-		}
-
-int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
-	{
-	int ret;
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->sign)
-		{
-		EVPerr(EVP_F_EVP_PKEY_SIGN_INIT,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	ctx->operation = EVP_PKEY_OP_SIGN;
-	if (!ctx->pmeth->sign_init)
-		return 1;
-	ret = ctx->pmeth->sign_init(ctx);
-	if (ret <= 0)
-		ctx->operation = EVP_PKEY_OP_UNDEFINED;
-	return ret;
-	}
-
-int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
-			unsigned char *sig, size_t *siglen,
-			const unsigned char *tbs, size_t tbslen)
-	{
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->sign)
-		{
-		EVPerr(EVP_F_EVP_PKEY_SIGN,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	if (ctx->operation != EVP_PKEY_OP_SIGN)
-		{
-		EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED);
-		return -1;
-		}
-	M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
-	return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
-	}
-
-int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
-	{
-	int ret;
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->verify)
-		{
-		EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	ctx->operation = EVP_PKEY_OP_VERIFY;
-	if (!ctx->pmeth->verify_init)
-		return 1;
-	ret = ctx->pmeth->verify_init(ctx);
-	if (ret <= 0)
-		ctx->operation = EVP_PKEY_OP_UNDEFINED;
-	return ret;
-	}
-
-int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
-			const unsigned char *sig, size_t siglen,
-			const unsigned char *tbs, size_t tbslen)
-	{
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->verify)
-		{
-		EVPerr(EVP_F_EVP_PKEY_VERIFY,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	if (ctx->operation != EVP_PKEY_OP_VERIFY)
-		{
-		EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED);
-		return -1;
-		}
-	return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
-	}
-
-int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
-	{
-	int ret;
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover)
-		{
-		EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;
-	if (!ctx->pmeth->verify_recover_init)
-		return 1;
-	ret = ctx->pmeth->verify_recover_init(ctx);
-	if (ret <= 0)
-		ctx->operation = EVP_PKEY_OP_UNDEFINED;
-	return ret;
-	}
-
-int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
-			unsigned char *rout, size_t *routlen,
-			const unsigned char *sig, size_t siglen)
-	{
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover)
-		{
-		EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER)
-		{
-		EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, EVP_R_OPERATON_NOT_INITIALIZED);
-		return -1;
-		}
-	M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
-	return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
-	}
-
-int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
-	{
-	int ret;
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt)
-		{
-		EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	ctx->operation = EVP_PKEY_OP_ENCRYPT;
-	if (!ctx->pmeth->encrypt_init)
-		return 1;
-	ret = ctx->pmeth->encrypt_init(ctx);
-	if (ret <= 0)
-		ctx->operation = EVP_PKEY_OP_UNDEFINED;
-	return ret;
-	}
-
-int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
-			unsigned char *out, size_t *outlen,
-			const unsigned char *in, size_t inlen)
-	{
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt)
-		{
-		EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	if (ctx->operation != EVP_PKEY_OP_ENCRYPT)
-		{
-		EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
-		return -1;
-		}
-	M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
-	return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
-	}
-
-int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
-	{
-	int ret;
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt)
-		{
-		EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	ctx->operation = EVP_PKEY_OP_DECRYPT;
-	if (!ctx->pmeth->decrypt_init)
-		return 1;
-	ret = ctx->pmeth->decrypt_init(ctx);
-	if (ret <= 0)
-		ctx->operation = EVP_PKEY_OP_UNDEFINED;
-	return ret;
-	}
-
-int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
-			unsigned char *out, size_t *outlen,
-			const unsigned char *in, size_t inlen)
-	{
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt)
-		{
-		EVPerr(EVP_F_EVP_PKEY_DECRYPT,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	if (ctx->operation != EVP_PKEY_OP_DECRYPT)
-		{
-		EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
-		return -1;
-		}
-	M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
-	return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
-	}
-
-
-int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
-	{
-	int ret;
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->derive)
-		{
-		EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	ctx->operation = EVP_PKEY_OP_DERIVE;
-	if (!ctx->pmeth->derive_init)
-		return 1;
-	ret = ctx->pmeth->derive_init(ctx);
-	if (ret <= 0)
-		ctx->operation = EVP_PKEY_OP_UNDEFINED;
-	return ret;
-	}
-
-int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
-	{
-	int ret;
-	if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive||ctx->pmeth->encrypt||ctx->pmeth->decrypt) || !ctx->pmeth->ctrl)
-		{
-		EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	if (ctx->operation != EVP_PKEY_OP_DERIVE && ctx->operation != EVP_PKEY_OP_ENCRYPT && ctx->operation != EVP_PKEY_OP_DECRYPT)
-		{
-		EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
-					EVP_R_OPERATON_NOT_INITIALIZED);
-		return -1;
-		}
-
-	ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
-
-	if (ret <= 0)
-		return ret;
-
-	if (ret == 2)
-		return 1;
-
-	if (!ctx->pkey)
-		{
-		EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
-		return -1;
-		}
-
-	if (ctx->pkey->type != peer->type)
-		{
-		EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
-						EVP_R_DIFFERENT_KEY_TYPES);
-		return -1;
-		}
-
-	/* ran@cryptocom.ru: For clarity.  The error is if parameters in peer are
-	 * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return
-	 * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
-	 * (different key types) is impossible here because it is checked earlier.
-	 * -2 is OK for us here, as well as 1, so we can check for 0 only. */
-	if (!EVP_PKEY_missing_parameters(peer) &&
-		!EVP_PKEY_cmp_parameters(ctx->pkey, peer))
-		{
-		EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
-						EVP_R_DIFFERENT_PARAMETERS);
-		return -1;
-		}
-
-	if (ctx->peerkey)
-		EVP_PKEY_free(ctx->peerkey);
-	ctx->peerkey = peer;
-
-	ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
-
-	if (ret <= 0)
-		{
-		ctx->peerkey = NULL;
-		return ret;
-		}
-
-	CRYPTO_add(&peer->references,1,CRYPTO_LOCK_EVP_PKEY);
-	return 1;
-	}
-
-
-int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
-	{
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->derive)
-		{
-		EVPerr(EVP_F_EVP_PKEY_DERIVE,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	if (ctx->operation != EVP_PKEY_OP_DERIVE)
-		{
-		EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
-		return -1;
-		}
-	M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
-	return ctx->pmeth->derive(ctx, key, pkeylen);
-	}
-
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
deleted file mode 100644
index 4651c81370..0000000000
--- a/crypto/evp/pmeth_gn.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/* pmeth_gn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include "evp_locl.h"
-
-int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
-	{
-	int ret;
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen)
-		{
-		EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	ctx->operation = EVP_PKEY_OP_PARAMGEN;
-	if (!ctx->pmeth->paramgen_init)
-		return 1;
-	ret = ctx->pmeth->paramgen_init(ctx);
-	if (ret <= 0)
-		ctx->operation = EVP_PKEY_OP_UNDEFINED;
-	return ret;
-	}
-
-int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
-	{
-	int ret;
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen)
-		{
-		EVPerr(EVP_F_EVP_PKEY_PARAMGEN,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-
-	if (ctx->operation != EVP_PKEY_OP_PARAMGEN)
-		{
-		EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED);
-		return -1;
-		}
-
-	if (!ppkey)
-		return -1;
-
-	if (!*ppkey)
-		*ppkey = EVP_PKEY_new();
-
-	ret = ctx->pmeth->paramgen(ctx, *ppkey);
-	if (ret <= 0)
-		{
-		EVP_PKEY_free(*ppkey);
-		*ppkey = NULL;
-		}
-	return ret;
-	}
-
-int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
-	{
-	int ret;
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen)
-		{
-		EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	ctx->operation = EVP_PKEY_OP_KEYGEN;
-	if (!ctx->pmeth->keygen_init)
-		return 1;
-	ret = ctx->pmeth->keygen_init(ctx);
-	if (ret <= 0)
-		ctx->operation = EVP_PKEY_OP_UNDEFINED;
-	return ret;
-	}
-
-int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
-	{
-	int ret;
-
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen)
-		{
-		EVPerr(EVP_F_EVP_PKEY_KEYGEN,
-			EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-		}
-	if (ctx->operation != EVP_PKEY_OP_KEYGEN)
-		{
-		EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED);
-		return -1;
-		}
-
-	if (!ppkey)
-		return -1;
-
-	if (!*ppkey)
-		*ppkey = EVP_PKEY_new();
-
-	ret = ctx->pmeth->keygen(ctx, *ppkey);
-	if (ret <= 0)
-		{
-		EVP_PKEY_free(*ppkey);
-		*ppkey = NULL;
-		}
-	return ret;
-	}
-
-void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
-	{
-	ctx->pkey_gencb = cb;
-	}
-
-EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
-	{
-	return ctx->pkey_gencb;
-	}
-
-/* "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB
- * style callbacks.
- */
-
-static int trans_cb(int a, int b, BN_GENCB *gcb)
-	{
-	EVP_PKEY_CTX *ctx = gcb->arg;
-	ctx->keygen_info[0] = a;
-	ctx->keygen_info[1] = b;
-	return ctx->pkey_gencb(ctx);
-	}	
-
-void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
-	{
-	BN_GENCB_set(cb, trans_cb, ctx)
-	}
-
-int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
-	{
-	if (idx == -1)
-		return ctx->keygen_info_count; 
-	if (idx < 0 || idx > ctx->keygen_info_count)
-		return 0;
-	return ctx->keygen_info[idx];
-	}
-
-EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
-				const unsigned char *key, int keylen)
-	{
-	EVP_PKEY_CTX *mac_ctx = NULL;
-	EVP_PKEY *mac_key = NULL;
-	mac_ctx = EVP_PKEY_CTX_new_id(type, e);
-	if (!mac_ctx)
-		return NULL;
-	if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
-		goto merr;
-	if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN,
-				EVP_PKEY_CTRL_SET_MAC_KEY,
-				keylen, (void *)key) <= 0)
-		goto merr;
-	if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
-		goto merr;
-	merr:
-	if (mac_ctx)
-		EVP_PKEY_CTX_free(mac_ctx);
-	return mac_key;
-	}
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
deleted file mode 100644
index acfa7b6f87..0000000000
--- a/crypto/evp/pmeth_lib.c
+++ /dev/null
@@ -1,593 +0,0 @@
-/* pmeth_lib.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include "asn1_locl.h"
-#include "evp_locl.h"
-
-typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
-
-DECLARE_STACK_OF(EVP_PKEY_METHOD)
-STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
-
-extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
-extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
-
-static const EVP_PKEY_METHOD *standard_methods[] =
-	{
-#ifndef OPENSSL_NO_RSA
-	&rsa_pkey_meth,
-#endif
-#ifndef OPENSSL_NO_DH
-	&dh_pkey_meth,
-#endif
-#ifndef OPENSSL_NO_DSA
-	&dsa_pkey_meth,
-#endif
-#ifndef OPENSSL_NO_EC
-	&ec_pkey_meth,
-#endif
-	&hmac_pkey_meth,
-	&cmac_pkey_meth
-	};
-
-DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
-			   pmeth);
-
-static int pmeth_cmp(const EVP_PKEY_METHOD * const *a,
-		     const EVP_PKEY_METHOD * const *b)
-	{
-        return ((*a)->pkey_id - (*b)->pkey_id);
-	}
-
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
-			     pmeth);
-
-const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
-	{
-	EVP_PKEY_METHOD tmp;
-	const EVP_PKEY_METHOD *t = &tmp, **ret;
-	tmp.pkey_id = type;
-	if (app_pkey_methods)
-		{
-		int idx;
-		idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp);
-		if (idx >= 0)
-			return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
-		}
-	ret = OBJ_bsearch_pmeth(&t, standard_methods,
-			  sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *));
-	if (!ret || !*ret)
-		return NULL;
-	return *ret;
-	}
-
-static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
-	{
-	EVP_PKEY_CTX *ret;
-	const EVP_PKEY_METHOD *pmeth;
-	if (id == -1)
-		{
-		if (!pkey || !pkey->ameth)
-			return NULL;
-		id = pkey->ameth->pkey_id;
-		}
-#ifndef OPENSSL_NO_ENGINE
-	if (pkey && pkey->engine)
-		e = pkey->engine;
-	/* Try to find an ENGINE which implements this method */
-	if (e)
-		{
-		if (!ENGINE_init(e))
-			{
-			EVPerr(EVP_F_INT_CTX_NEW,ERR_R_ENGINE_LIB);
-			return NULL;
-			}
-		}
-	else
-		e = ENGINE_get_pkey_meth_engine(id);
-
-	/* If an ENGINE handled this method look it up. Othewise
-	 * use internal tables.
-	 */
-
-	if (e)
-		pmeth = ENGINE_get_pkey_meth(e, id);
-	else
-#endif
-		pmeth = EVP_PKEY_meth_find(id);
-
-	if (pmeth == NULL)
-		{
-		EVPerr(EVP_F_INT_CTX_NEW,EVP_R_UNSUPPORTED_ALGORITHM);
-		return NULL;
-		}
-
-	ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
-	if (!ret)
-		{
-#ifndef OPENSSL_NO_ENGINE
-		if (e)
-			ENGINE_finish(e);
-#endif
-		EVPerr(EVP_F_INT_CTX_NEW,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	ret->engine = e;
-	ret->pmeth = pmeth;
-	ret->operation = EVP_PKEY_OP_UNDEFINED;
-	ret->pkey = pkey;
-	ret->peerkey = NULL;
-	ret->pkey_gencb = 0;
-	if (pkey)
-		CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-	ret->data = NULL;
-
-	if (pmeth->init)
-		{
-		if (pmeth->init(ret) <= 0)
-			{
-			EVP_PKEY_CTX_free(ret);
-			return NULL;
-			}
-		}
-
-	return ret;
-	}
-
-EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags)
-	{
-	EVP_PKEY_METHOD *pmeth;
-	pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD));
-	if (!pmeth)
-		return NULL;
-
-	memset(pmeth, 0, sizeof(EVP_PKEY_METHOD));
-
-	pmeth->pkey_id = id;
-	pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
-
-	pmeth->init = 0;
-	pmeth->copy = 0;
-	pmeth->cleanup = 0;
-	pmeth->paramgen_init = 0;
-	pmeth->paramgen = 0;
-	pmeth->keygen_init = 0;
-	pmeth->keygen = 0;
-	pmeth->sign_init = 0;
-	pmeth->sign = 0;
-	pmeth->verify_init = 0;
-	pmeth->verify = 0;
-	pmeth->verify_recover_init = 0;
-	pmeth->verify_recover = 0;
-	pmeth->signctx_init = 0;
-	pmeth->signctx = 0;
-	pmeth->verifyctx_init = 0;
-	pmeth->verifyctx = 0;
-	pmeth->encrypt_init = 0;
-	pmeth->encrypt = 0;
-	pmeth->decrypt_init = 0;
-	pmeth->decrypt = 0;
-	pmeth->derive_init = 0;
-	pmeth->derive = 0;
-	pmeth->ctrl = 0;
-	pmeth->ctrl_str = 0;
-
-	return pmeth;
-	}
-
-void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
-				const EVP_PKEY_METHOD *meth)
-	{
-	if (ppkey_id)
-		*ppkey_id = meth->pkey_id;
-	if (pflags)
-		*pflags = meth->flags;
-	}
-
-void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src)
-	{
-
-	dst->init = src->init;
-	dst->copy = src->copy;
-	dst->cleanup = src->cleanup;
-
-	dst->paramgen_init = src->paramgen_init;
-	dst->paramgen = src->paramgen;
-
-	dst->keygen_init = src->keygen_init;
-	dst->keygen = src->keygen;
-
-	dst->sign_init = src->sign_init;
-	dst->sign = src->sign;
-
-	dst->verify_init = src->verify_init;
-	dst->verify = src->verify;
-
-	dst->verify_recover_init = src->verify_recover_init;
-	dst->verify_recover = src->verify_recover;
-
-	dst->signctx_init = src->signctx_init;
-	dst->signctx = src->signctx;
-
-	dst->verifyctx_init = src->verifyctx_init;
-	dst->verifyctx = src->verifyctx;
-
-	dst->encrypt_init = src->encrypt_init;
-	dst->encrypt = src->encrypt;
-
-	dst->decrypt_init = src->decrypt_init;
-	dst->decrypt = src->decrypt;
-
-	dst->derive_init = src->derive_init;
-	dst->derive = src->derive;
-
-	dst->ctrl = src->ctrl;
-	dst->ctrl_str = src->ctrl_str;
-	}
-
-void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
-	{
-	if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC))
-		OPENSSL_free(pmeth);
-	}
-
-EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e)
-	{
-	return int_ctx_new(pkey, e, -1);
-	}
-
-EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e)
-	{
-	return int_ctx_new(NULL, e, id);
-	}
-
-EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
-	{
-	EVP_PKEY_CTX *rctx;
-	if (!pctx->pmeth || !pctx->pmeth->copy)
-		return NULL;
-#ifndef OPENSSL_NO_ENGINE
-	/* Make sure it's safe to copy a pkey context using an ENGINE */
-	if (pctx->engine && !ENGINE_init(pctx->engine))
-		{
-		EVPerr(EVP_F_EVP_PKEY_CTX_DUP,ERR_R_ENGINE_LIB);
-		return 0;
-		}
-#endif
-	rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX));
-	if (!rctx)
-		return NULL;
-
-	rctx->pmeth = pctx->pmeth;
-#ifndef OPENSSL_NO_ENGINE
-	rctx->engine = pctx->engine;
-#endif
-
-	if (pctx->pkey)
-		CRYPTO_add(&pctx->pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-
-	rctx->pkey = pctx->pkey;
-
-	if (pctx->peerkey)
-		CRYPTO_add(&pctx->peerkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-
-	rctx->peerkey = pctx->peerkey;
-
-	rctx->data = NULL;
-	rctx->app_data = NULL;
-	rctx->operation = pctx->operation;
-
-	if (pctx->pmeth->copy(rctx, pctx) > 0)
-		return rctx;
-
-	EVP_PKEY_CTX_free(rctx);
-	return NULL;
-
-	}
-
-int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
-	{
-	if (app_pkey_methods == NULL)
-		{
-		app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
-		if (!app_pkey_methods)
-			return 0;
-		}
-	if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth))
-		return 0;
-	sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
-	return 1;
-	}
-
-void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
-	{
-	if (ctx == NULL)
-		return;
-	if (ctx->pmeth && ctx->pmeth->cleanup)
-		ctx->pmeth->cleanup(ctx);
-	if (ctx->pkey)
-		EVP_PKEY_free(ctx->pkey);
-	if (ctx->peerkey)
-		EVP_PKEY_free(ctx->peerkey);
-#ifndef OPENSSL_NO_ENGINE
-	if(ctx->engine)
-		/* The EVP_PKEY_CTX we used belongs to an ENGINE, release the
-		 * functional reference we held for this reason. */
-		ENGINE_finish(ctx->engine);
-#endif
-	OPENSSL_free(ctx);
-	}
-
-int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
-				int cmd, int p1, void *p2)
-	{
-	int ret;
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl)
-		{
-		EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
-		return -2;
-		}
-	if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
-		return -1;
-
-	if (ctx->operation == EVP_PKEY_OP_UNDEFINED)
-		{
-		EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET);
-		return -1;
-		}
-
-	if ((optype != -1) && !(ctx->operation & optype))
-		{
-		EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION);
-		return -1;
-		}
-
-	ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);
-
-	if (ret == -2)
-		EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
-
-	return ret;
-
-	}
-
-int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
-					const char *name, const char *value)
-	{
-	if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str)
-		{
-		EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR,
-						EVP_R_COMMAND_NOT_SUPPORTED);
-		return -2;
-		}
-	if (!strcmp(name, "digest"))
-		{
-		const EVP_MD *md;
-		if (!value || !(md = EVP_get_digestbyname(value)))
-			{
-			EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR,
-						EVP_R_INVALID_DIGEST);
-			return 0;
-			}
-		return EVP_PKEY_CTX_set_signature_md(ctx, md);
-		}
-	return ctx->pmeth->ctrl_str(ctx, name, value);
-	}
-
-int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
-	{
-	return ctx->operation;
-	}
-
-void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen)
-	{
-	ctx->keygen_info = dat;
-	ctx->keygen_info_count = datlen;
-	}
-
-void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data)
-	{
-	ctx->data = data;
-	}
-
-void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx)
-	{
-	return ctx->data;
-	}
-
-EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx)
-	{
-	return ctx->pkey;
-	}
-
-EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx)
-	{
-	return ctx->peerkey;
-	}
-	
-void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data)
-	{
-	ctx->app_data = data;
-	}
-
-void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx)
-	{
-	return ctx->app_data;
-	}
-
-void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
-	int (*init)(EVP_PKEY_CTX *ctx))
-	{
-	pmeth->init = init;
-	}
-
-void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
-	int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src))
-	{
-	pmeth->copy = copy;
-	}
-
-void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
-	void (*cleanup)(EVP_PKEY_CTX *ctx))
-	{
-	pmeth->cleanup = cleanup;
-	}
-
-void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
-	int (*paramgen_init)(EVP_PKEY_CTX *ctx),
-	int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))
-	{
-	pmeth->paramgen_init = paramgen_init;
-	pmeth->paramgen = paramgen;
-	}
-
-void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
-	int (*keygen_init)(EVP_PKEY_CTX *ctx),
-	int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey))
-	{
-	pmeth->keygen_init = keygen_init;
-	pmeth->keygen = keygen;
-	}
-
-void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
-	int (*sign_init)(EVP_PKEY_CTX *ctx),
-	int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-					const unsigned char *tbs, size_t tbslen))
-	{
-	pmeth->sign_init = sign_init;
-	pmeth->sign = sign;
-	}
-
-void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
-	int (*verify_init)(EVP_PKEY_CTX *ctx),
-	int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
-					const unsigned char *tbs, size_t tbslen))
-	{
-	pmeth->verify_init = verify_init;
-	pmeth->verify = verify;
-	}
-
-void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
-	int (*verify_recover_init)(EVP_PKEY_CTX *ctx),
-	int (*verify_recover)(EVP_PKEY_CTX *ctx,
-					unsigned char *sig, size_t *siglen,
-					const unsigned char *tbs, size_t tbslen))
-	{
-	pmeth->verify_recover_init = verify_recover_init;
-	pmeth->verify_recover = verify_recover;
-	}
-
-void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
-	int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
-	int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-					EVP_MD_CTX *mctx))
-	{
-	pmeth->signctx_init = signctx_init;
-	pmeth->signctx = signctx;
-	}
-
-void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
-	int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
-	int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
-					EVP_MD_CTX *mctx))
-	{
-	pmeth->verifyctx_init = verifyctx_init;
-	pmeth->verifyctx = verifyctx;
-	}
-
-void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
-	int (*encrypt_init)(EVP_PKEY_CTX *ctx),
-	int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-					const unsigned char *in, size_t inlen))
-	{
-	pmeth->encrypt_init = encrypt_init;
-	pmeth->encrypt = encryptfn;
-	}
-
-void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
-	int (*decrypt_init)(EVP_PKEY_CTX *ctx),
-	int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-					const unsigned char *in, size_t inlen))
-	{
-	pmeth->decrypt_init = decrypt_init;
-	pmeth->decrypt = decrypt;
-	}
-
-void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
-	int (*derive_init)(EVP_PKEY_CTX *ctx),
-	int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen))
-	{
-	pmeth->derive_init = derive_init;
-	pmeth->derive = derive;
-	}
-
-void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
-	int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
-	int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value))
-	{
-	pmeth->ctrl = ctrl;
-	pmeth->ctrl_str = ctrl_str;
-	}
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
deleted file mode 100644
index e2bc8298d0..0000000000
--- a/crypto/ex_data.c
+++ /dev/null
@@ -1,636 +0,0 @@
-/* crypto/ex_data.c */
-
-/*
- * Overhaul notes;
- *
- * This code is now *mostly* thread-safe. It is now easier to understand in what
- * ways it is safe and in what ways it is not, which is an improvement. Firstly,
- * all per-class stacks and index-counters for ex_data are stored in the same
- * global LHASH table (keyed by class). This hash table uses locking for all
- * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be
- * called when no other threads can possibly race against it (even if it was
- * locked, the race would mean it's possible the hash table might have been
- * recreated after the cleanup). As classes can only be added to the hash table,
- * and within each class, the stack of methods can only be incremented, the
- * locking mechanics are simpler than they would otherwise be. For example, the
- * new/dup/free ex_data functions will lock the hash table, copy the method
- * pointers it needs from the relevant class, then unlock the hash table before
- * actually applying those method pointers to the task of the new/dup/free
- * operations. As they can't be removed from the method-stack, only
- * supplemented, there's no race conditions associated with using them outside
- * the lock. The get/set_ex_data functions are not locked because they do not
- * involve this global state at all - they operate directly with a previously
- * obtained per-class method index and a particular "ex_data" variable. These
- * variables are usually instantiated per-context (eg. each RSA structure has
- * one) so locking on read/write access to that variable can be locked locally
- * if required (eg. using the "RSA" lock to synchronise access to a
- * per-RSA-structure ex_data variable if required).
- * [Geoff]
- */
-
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-
-/* What an "implementation of ex_data functionality" looks like */
-struct st_CRYPTO_EX_DATA_IMPL
-	{
-	/*********************/
-	/* GLOBAL OPERATIONS */
-	/* Return a new class index */
-	int (*cb_new_class)(void);
-	/* Cleanup all state used by the implementation */
-	void (*cb_cleanup)(void);
-	/************************/
-	/* PER-CLASS OPERATIONS */
-	/* Get a new method index within a class */
-	int (*cb_get_new_index)(int class_index, long argl, void *argp,
-			CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-			CRYPTO_EX_free *free_func);
-	/* Initialise a new CRYPTO_EX_DATA of a given class */
-	int (*cb_new_ex_data)(int class_index, void *obj,
-			CRYPTO_EX_DATA *ad);
-	/* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */
-	int (*cb_dup_ex_data)(int class_index, CRYPTO_EX_DATA *to,
-			CRYPTO_EX_DATA *from);
-	/* Cleanup a CRYPTO_EX_DATA of a given class */
-	void (*cb_free_ex_data)(int class_index, void *obj,
-			CRYPTO_EX_DATA *ad);
-	};
-
-/* The implementation we use at run-time */
-static const CRYPTO_EX_DATA_IMPL *impl = NULL;
-
-/* To call "impl" functions, use this macro rather than referring to 'impl' directly, eg.
- * EX_IMPL(get_new_index)(...); */
-#define EX_IMPL(a) impl->cb_##a
-
-/* Predeclare the "default" ex_data implementation */
-static int int_new_class(void);
-static void int_cleanup(void);
-static int int_get_new_index(int class_index, long argl, void *argp,
-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-		CRYPTO_EX_free *free_func);
-static int int_new_ex_data(int class_index, void *obj,
-		CRYPTO_EX_DATA *ad);
-static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-		CRYPTO_EX_DATA *from);
-static void int_free_ex_data(int class_index, void *obj,
-		CRYPTO_EX_DATA *ad);
-static CRYPTO_EX_DATA_IMPL impl_default =
-	{
-	int_new_class,
-	int_cleanup,
-	int_get_new_index,
-	int_new_ex_data,
-	int_dup_ex_data,
-	int_free_ex_data
-	};
-
-/* Internal function that checks whether "impl" is set and if not, sets it to
- * the default. */
-static void impl_check(void)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	if(!impl)
-		impl = &impl_default;
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	}
-/* A macro wrapper for impl_check that first uses a non-locked test before
- * invoking the function (which checks again inside a lock). */
-#define IMPL_CHECK if(!impl) impl_check();
-
-/* API functions to get/set the "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void)
-	{
-	IMPL_CHECK
-	return impl;
-	}
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i)
-	{
-	int toret = 0;
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	if(!impl)
-		{
-		impl = i;
-		toret = 1;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	return toret;
-	}
-
-/****************************************************************************/
-/* Interal (default) implementation of "ex_data" support. API functions are
- * further down. */
-
-/* The type that represents what each "class" used to implement locally. A STACK
- * of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is the global
- * value representing the class that is used to distinguish these items. */
-typedef struct st_ex_class_item {
-	int class_index;
-	STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth;
-	int meth_num;
-} EX_CLASS_ITEM;
-
-/* When assigning new class indexes, this is our counter */
-static int ex_class = CRYPTO_EX_INDEX_USER;
-
-/* The global hash table of EX_CLASS_ITEM items */
-DECLARE_LHASH_OF(EX_CLASS_ITEM);
-static LHASH_OF(EX_CLASS_ITEM) *ex_data = NULL;
-
-/* The callbacks required in the "ex_data" hash table */
-static unsigned long ex_class_item_hash(const EX_CLASS_ITEM *a)
-	{
-	return a->class_index;
-	}
-static IMPLEMENT_LHASH_HASH_FN(ex_class_item, EX_CLASS_ITEM)
-
-static int ex_class_item_cmp(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b)
-	{
-	return a->class_index - b->class_index;
-	}
-static IMPLEMENT_LHASH_COMP_FN(ex_class_item, EX_CLASS_ITEM)
-
-/* Internal functions used by the "impl_default" implementation to access the
- * state */
-
-static int ex_data_check(void)
-	{
-	int toret = 1;
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	if(!ex_data
-	   && (ex_data = lh_EX_CLASS_ITEM_new()) == NULL)
-		toret = 0;
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	return toret;
-	}
-/* This macros helps reduce the locking from repeated checks because the
- * ex_data_check() function checks ex_data again inside a lock. */
-#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail}
-
-/* This "inner" callback is used by the callback function that follows it */
-static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs)
-	{
-	OPENSSL_free(funcs);
-	}
-
-/* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from
- * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do
- * any locking. */
-static void def_cleanup_cb(void *a_void)
-	{
-	EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;
-	sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);
-	OPENSSL_free(item);
-	}
-
-/* Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to a
- * given class. Handles locking. */
-static EX_CLASS_ITEM *def_get_class(int class_index)
-	{
-	EX_CLASS_ITEM d, *p, *gen;
-	EX_DATA_CHECK(return NULL;)
-	d.class_index = class_index;
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d);
-	if(!p)
-		{
-		gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));
-		if(gen)
-			{
-			gen->class_index = class_index;
-			gen->meth_num = 0;
-			gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
-			if(!gen->meth)
-				OPENSSL_free(gen);
-			else
-				{
-				/* Because we're inside the ex_data lock, the
-				 * return value from the insert will be NULL */
-				(void)lh_EX_CLASS_ITEM_insert(ex_data, gen);
-				p = gen;
-				}
-			}
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	if(!p)
-		CRYPTOerr(CRYPTO_F_DEF_GET_CLASS,ERR_R_MALLOC_FAILURE);
-	return p;
-	}
-
-/* Add a new method to the given EX_CLASS_ITEM and return the corresponding
- * index (or -1 for error). Handles locking. */
-static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-		CRYPTO_EX_free *free_func)
-	{
-	int toret = -1;
-	CRYPTO_EX_DATA_FUNCS *a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(
-					sizeof(CRYPTO_EX_DATA_FUNCS));
-	if(!a)
-		{
-		CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
-		return -1;
-		}
-	a->argl=argl;
-	a->argp=argp;
-	a->new_func=new_func;
-	a->dup_func=dup_func;
-	a->free_func=free_func;
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num)
-		{
-		if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL))
-			{
-			CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
-			OPENSSL_free(a);
-			goto err;
-			}
-		}
-	toret = item->meth_num++;
-	(void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
-err:
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	return toret;
-	}
-
-/**************************************************************/
-/* The functions in the default CRYPTO_EX_DATA_IMPL structure */
-
-static int int_new_class(void)
-	{
-	int toret;
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	toret = ex_class++;
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	return toret;
-	}
-
-static void int_cleanup(void)
-	{
-	EX_DATA_CHECK(return;)
-	lh_EX_CLASS_ITEM_doall(ex_data, def_cleanup_cb);
-	lh_EX_CLASS_ITEM_free(ex_data);
-	ex_data = NULL;
-	impl = NULL;
-	}
-
-static int int_get_new_index(int class_index, long argl, void *argp,
-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-		CRYPTO_EX_free *free_func)
-	{
-	EX_CLASS_ITEM *item = def_get_class(class_index);
-	if(!item)
-		return -1;
-	return def_add_index(item, argl, argp, new_func, dup_func, free_func);
-	}
-
-/* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries in
- * the lock, then using them outside the lock. NB: Thread-safety only applies to
- * the global "ex_data" state (ie. class definitions), not thread-safe on 'ad'
- * itself. */
-static int int_new_ex_data(int class_index, void *obj,
-		CRYPTO_EX_DATA *ad)
-	{
-	int mx,i;
-	void *ptr;
-	CRYPTO_EX_DATA_FUNCS **storage = NULL;
-	EX_CLASS_ITEM *item = def_get_class(class_index);
-	if(!item)
-		/* error is already set */
-		return 0;
-	ad->sk = NULL;
-	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
-	if(mx > 0)
-		{
-		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
-		if(!storage)
-			goto skip;
-		for(i = 0; i < mx; i++)
-			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
-		}
-skip:
-	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
-	if((mx > 0) && !storage)
-		{
-		CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	for(i = 0; i < mx; i++)
-		{
-		if(storage[i] && storage[i]->new_func)
-			{
-			ptr = CRYPTO_get_ex_data(ad, i);
-			storage[i]->new_func(obj,ptr,ad,i,
-				storage[i]->argl,storage[i]->argp);
-			}
-		}
-	if(storage)
-		OPENSSL_free(storage);
-	return 1;
-	}
-
-/* Same thread-safety notes as for "int_new_ex_data" */
-static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-		CRYPTO_EX_DATA *from)
-	{
-	int mx, j, i;
-	char *ptr;
-	CRYPTO_EX_DATA_FUNCS **storage = NULL;
-	EX_CLASS_ITEM *item;
-	if(!from->sk)
-		/* 'to' should be "blank" which *is* just like 'from' */
-		return 1;
-	if((item = def_get_class(class_index)) == NULL)
-		return 0;
-	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
-	j = sk_void_num(from->sk);
-	if(j < mx)
-		mx = j;
-	if(mx > 0)
-		{
-		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
-		if(!storage)
-			goto skip;
-		for(i = 0; i < mx; i++)
-			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
-		}
-skip:
-	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
-	if((mx > 0) && !storage)
-		{
-		CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	for(i = 0; i < mx; i++)
-		{
-		ptr = CRYPTO_get_ex_data(from, i);
-		if(storage[i] && storage[i]->dup_func)
-			storage[i]->dup_func(to,from,&ptr,i,
-				storage[i]->argl,storage[i]->argp);
-		CRYPTO_set_ex_data(to,i,ptr);
-		}
-	if(storage)
-		OPENSSL_free(storage);
-	return 1;
-	}
-
-/* Same thread-safety notes as for "int_new_ex_data" */
-static void int_free_ex_data(int class_index, void *obj,
-		CRYPTO_EX_DATA *ad)
-	{
-	int mx,i;
-	EX_CLASS_ITEM *item;
-	void *ptr;
-	CRYPTO_EX_DATA_FUNCS **storage = NULL;
-	if((item = def_get_class(class_index)) == NULL)
-		return;
-	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
-	if(mx > 0)
-		{
-		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
-		if(!storage)
-			goto skip;
-		for(i = 0; i < mx; i++)
-			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
-		}
-skip:
-	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
-	if((mx > 0) && !storage)
-		{
-		CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA,ERR_R_MALLOC_FAILURE);
-		return;
-		}
-	for(i = 0; i < mx; i++)
-		{
-		if(storage[i] && storage[i]->free_func)
-			{
-			ptr = CRYPTO_get_ex_data(ad,i);
-			storage[i]->free_func(obj,ptr,ad,i,
-				storage[i]->argl,storage[i]->argp);
-			}
-		}
-	if(storage)
-		OPENSSL_free(storage);
-	if(ad->sk)
-		{
-		sk_void_free(ad->sk);
-		ad->sk=NULL;
-		}
-	}
-
-/********************************************************************/
-/* API functions that defer all "state" operations to the "ex_data"
- * implementation we have set. */
-
-/* Obtain an index for a new class (not the same as getting a new index within
- * an existing class - this is actually getting a new *class*) */
-int CRYPTO_ex_data_new_class(void)
-	{
-	IMPL_CHECK
-	return EX_IMPL(new_class)();
-	}
-
-/* Release all "ex_data" state to prevent memory leaks. This can't be made
- * thread-safe without overhauling a lot of stuff, and shouldn't really be
- * called under potential race-conditions anyway (it's for program shutdown
- * after all). */
-void CRYPTO_cleanup_all_ex_data(void)
-	{
-	IMPL_CHECK
-	EX_IMPL(cleanup)();
-	}
-
-/* Inside an existing class, get/register a new index. */
-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-		CRYPTO_EX_free *free_func)
-	{
-	int ret = -1;
-
-	IMPL_CHECK
-	ret = EX_IMPL(get_new_index)(class_index,
-			argl, argp, new_func, dup_func, free_func);
-	return ret;
-	}
-
-/* Initialise a new CRYPTO_EX_DATA for use in a particular class - including
- * calling new() callbacks for each index in the class used by this variable */
-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
-	{
-	IMPL_CHECK
-	return EX_IMPL(new_ex_data)(class_index, obj, ad);
-	}
-
-/* Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks for
- * each index in the class used by this variable */
-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-	     CRYPTO_EX_DATA *from)
-	{
-	IMPL_CHECK
-	return EX_IMPL(dup_ex_data)(class_index, to, from);
-	}
-
-/* Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
- * each index in the class used by this variable */
-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
-	{
-	IMPL_CHECK
-	EX_IMPL(free_ex_data)(class_index, obj, ad);
-	}
-
-/* For a given CRYPTO_EX_DATA variable, set the value corresponding to a
- * particular index in the class used by this variable */
-int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
-	{
-	int i;
-
-	if (ad->sk == NULL)
-		{
-		if ((ad->sk=sk_void_new_null()) == NULL)
-			{
-			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		}
-	i=sk_void_num(ad->sk);
-
-	while (i <= idx)
-		{
-		if (!sk_void_push(ad->sk,NULL))
-			{
-			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		i++;
-		}
-	sk_void_set(ad->sk,idx,val);
-	return(1);
-	}
-
-/* For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a
- * particular index in the class used by this variable */
-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
-	{
-	if (ad->sk == NULL)
-		return(0);
-	else if (idx >= sk_void_num(ad->sk))
-		return(0);
-	else
-		return(sk_void_value(ad->sk,idx));
-	}
-
-IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS)
diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c
deleted file mode 100644
index e03f24aeda..0000000000
--- a/crypto/hmac/hm_ameth.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include "asn1_locl.h"
-
-#define HMAC_TEST_PRIVATE_KEY_FORMAT
-
-/* HMAC "ASN1" method. This is just here to indicate the
- * maximum HMAC output length and to free up an HMAC
- * key.
- */
-
-static int hmac_size(const EVP_PKEY *pkey)
-	{
-	return EVP_MAX_MD_SIZE;
-	}
-
-static void hmac_key_free(EVP_PKEY *pkey)
-	{
-	ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
-	if (os)
-		{
-		if (os->data)
-			OPENSSL_cleanse(os->data, os->length);
-		ASN1_OCTET_STRING_free(os);
-		}
-	}
-
-
-static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
-	{
-	switch (op)
-		{
-		case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-		*(int *)arg2 = NID_sha1;
-		return 1;
-
-		default:
-		return -2;
-		}
-	}
-
-#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
-/* A bogus private key format for test purposes. This is simply the
- * HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the
- * genpkey utility can be used to "generate" HMAC keys.
- */
-
-static int old_hmac_decode(EVP_PKEY *pkey,
-					const unsigned char **pder, int derlen)
-	{
-	ASN1_OCTET_STRING *os;
-	os = ASN1_OCTET_STRING_new();
-	if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen))
-		return 0;
-	EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os);
-	return 1;
-	}
-
-static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder)
-	{
-	int inc;
-	ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
-	if (pder)
-		{
-		if (!*pder)
-			{
-			*pder = OPENSSL_malloc(os->length);
-			inc = 0;
-			}
-		else inc = 1;
-
-		memcpy(*pder, os->data, os->length);
-
-		if (inc)
-			*pder += os->length;
-		}
-			
-	return os->length;
-	}
-
-#endif
-
-const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = 
-	{
-	EVP_PKEY_HMAC,
-	EVP_PKEY_HMAC,
-	0,
-
-	"HMAC",
-	"OpenSSL HMAC method",
-
-	0,0,0,0,
-
-	0,0,0,
-
-	hmac_size,
-	0,
-	0,0,0,0,0,0,0,
-
-	hmac_key_free,
-	hmac_pkey_ctrl,
-#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT
-	old_hmac_decode,
-	old_hmac_encode
-#else
-	0,0
-#endif
-	};
-
diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c
deleted file mode 100644
index 0daa44511d..0000000000
--- a/crypto/hmac/hm_pmeth.c
+++ /dev/null
@@ -1,271 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include "evp_locl.h"
-
-/* HMAC pkey context structure */
-
-typedef struct
-	{
-	const EVP_MD *md;	/* MD for HMAC use */
-	ASN1_OCTET_STRING ktmp; /* Temp storage for key */
-	HMAC_CTX ctx;
-	} HMAC_PKEY_CTX;
-
-static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
-	{
-	HMAC_PKEY_CTX *hctx;
-	hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX));
-	if (!hctx)
-		return 0;
-	hctx->md = NULL;
-	hctx->ktmp.data = NULL;
-	hctx->ktmp.length = 0;
-	hctx->ktmp.flags = 0;
-	hctx->ktmp.type = V_ASN1_OCTET_STRING;
-	HMAC_CTX_init(&hctx->ctx);
-
-	ctx->data = hctx;
-	ctx->keygen_info_count = 0;
-
-	return 1;
-	}
-
-static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-	{
-	HMAC_PKEY_CTX *sctx, *dctx;
-	if (!pkey_hmac_init(dst))
-		return 0;
-       	sctx = src->data;
-	dctx = dst->data;
-	dctx->md = sctx->md;
-	HMAC_CTX_init(&dctx->ctx);
-	if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx))
-		return 0;
-	if (sctx->ktmp.data)
-		{
-		if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
-					sctx->ktmp.data, sctx->ktmp.length))
-			return 0;
-		}
-	return 1;
-	}
-
-static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
-	{
-	HMAC_PKEY_CTX *hctx = ctx->data;
-	HMAC_CTX_cleanup(&hctx->ctx);
-	if (hctx->ktmp.data)
-		{
-		if (hctx->ktmp.length)
-			OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length);
-		OPENSSL_free(hctx->ktmp.data);
-		hctx->ktmp.data = NULL;
-		}
-	OPENSSL_free(hctx);
-	}
-
-static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-	{
-	ASN1_OCTET_STRING *hkey = NULL;
-	HMAC_PKEY_CTX *hctx = ctx->data;
-	if (!hctx->ktmp.data)
-		return 0;
-	hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
-	if (!hkey)
-		return 0;
-	EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
-	
-	return 1;
-	}
-
-static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{
-	HMAC_PKEY_CTX *hctx = ctx->pctx->data;
-	if (!HMAC_Update(&hctx->ctx, data, count))
-		return 0;
-	return 1;
-	}
-
-static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
-	{
-	HMAC_PKEY_CTX *hctx = ctx->data;
-	HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT);
-	EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
-	mctx->update = int_update;
-	return 1;
-	}
-
-static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-					EVP_MD_CTX *mctx)
-	{
-	unsigned int hlen;
-	HMAC_PKEY_CTX *hctx = ctx->data;
-	int l = EVP_MD_CTX_size(mctx);
-
-	if (l < 0)
-		return 0;
-	*siglen = l;
-	if (!sig)
-		return 1;
-
-	if (!HMAC_Final(&hctx->ctx, sig, &hlen))
-		return 0;
-	*siglen = (size_t)hlen;
-	return 1;
-	}
-
-static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-	{
-	HMAC_PKEY_CTX *hctx = ctx->data;
-	ASN1_OCTET_STRING *key;
-	switch (type)
-		{
-
-		case EVP_PKEY_CTRL_SET_MAC_KEY:
-		if ((!p2 && p1 > 0) || (p1 < -1))
-			return 0;
-		if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
-			return 0;
-		break;
-
-		case EVP_PKEY_CTRL_MD:
-		hctx->md = p2;
-		break;
-
-		case EVP_PKEY_CTRL_DIGESTINIT:
-		key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
-		if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md,
-				ctx->engine))
-			return 0;
-		break;
-
-		default:
-		return -2;
-
-		}
-	return 1;
-	}
-
-static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
-			const char *type, const char *value)
-	{
-	if (!value)
-		{
-		return 0;
-		}
-	if (!strcmp(type, "key"))
-		{
-		void *p = (void *)value;
-		return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,
-				-1, p);
-		}
-	if (!strcmp(type, "hexkey"))
-		{
-		unsigned char *key;
-		int r;
-		long keylen;
-		key = string_to_hex(value, &keylen);
-		if (!key)
-			return 0;
-		r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
-		OPENSSL_free(key);
-		return r;
-		}
-	return -2;
-	}
-
-const EVP_PKEY_METHOD hmac_pkey_meth = 
-	{
-	EVP_PKEY_HMAC,
-	0,
-	pkey_hmac_init,
-	pkey_hmac_copy,
-	pkey_hmac_cleanup,
-
-	0, 0,
-
-	0,
-	pkey_hmac_keygen,
-
-	0, 0,
-
-	0, 0,
-
-	0,0,
-
-	hmac_signctx_init,
-	hmac_signctx,
-
-	0,0,
-
-	0,0,
-
-	0,0,
-
-	0,0,
-
-	pkey_hmac_ctrl,
-	pkey_hmac_ctrl_str
-
-	};
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
deleted file mode 100644
index ba27cbf56f..0000000000
--- a/crypto/hmac/hmac.c
+++ /dev/null
@@ -1,251 +0,0 @@
-/* crypto/hmac/hmac.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/hmac.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
-		  const EVP_MD *md, ENGINE *impl)
-	{
-	int i,j,reset=0;
-	unsigned char pad[HMAC_MAX_MD_CBLOCK];
-
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		{
-		/* If we have an ENGINE need to allow non FIPS */
-		if ((impl || ctx->i_ctx.engine)
-			&&  !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-			{
-			EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
-			return 0;
-			}
-		/* Other algorithm blocking will be done in FIPS_cmac_init,
-		 * via FIPS_hmac_init_ex().
-		 */
-		if (!impl && !ctx->i_ctx.engine)
-			return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
-		}
-#endif
-
-	if (md != NULL)
-		{
-		reset=1;
-		ctx->md=md;
-		}
-	else
-		md=ctx->md;
-
-	if (key != NULL)
-		{
-		reset=1;
-		j=EVP_MD_block_size(md);
-		OPENSSL_assert(j <= (int)sizeof(ctx->key));
-		if (j < len)
-			{
-			if (!EVP_DigestInit_ex(&ctx->md_ctx,md, impl))
-				goto err;
-			if (!EVP_DigestUpdate(&ctx->md_ctx,key,len))
-				goto err;
-			if (!EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
-				&ctx->key_length))
-				goto err;
-			}
-		else
-			{
-			OPENSSL_assert(len>=0 && len<=(int)sizeof(ctx->key));
-			memcpy(ctx->key,key,len);
-			ctx->key_length=len;
-			}
-		if(ctx->key_length != HMAC_MAX_MD_CBLOCK)
-			memset(&ctx->key[ctx->key_length], 0,
-				HMAC_MAX_MD_CBLOCK - ctx->key_length);
-		}
-
-	if (reset)	
-		{
-		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
-			pad[i]=0x36^ctx->key[i];
-		if (!EVP_DigestInit_ex(&ctx->i_ctx,md, impl))
-			goto err;
-		if (!EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)))
-			goto err;
-
-		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
-			pad[i]=0x5c^ctx->key[i];
-		if (!EVP_DigestInit_ex(&ctx->o_ctx,md, impl))
-			goto err;
-		if (!EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)))
-			goto err;
-		}
-	if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx))
-			goto err;
-	return 1;
-	err:
-	return 0;
-	}
-
-int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
-	{
-	if(key && md)
-	    HMAC_CTX_init(ctx);
-	return HMAC_Init_ex(ctx,key,len,md, NULL);
-	}
-
-int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !ctx->i_ctx.engine)
-		return FIPS_hmac_update(ctx, data, len);
-#endif
-	return EVP_DigestUpdate(&ctx->md_ctx,data,len);
-	}
-
-int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
-	{
-	unsigned int i;
-	unsigned char buf[EVP_MAX_MD_SIZE];
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !ctx->i_ctx.engine)
-		return FIPS_hmac_final(ctx, md, len);
-#endif
-
-	if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
-		goto err;
-	if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx))
-		goto err;
-	if (!EVP_DigestUpdate(&ctx->md_ctx,buf,i))
-		goto err;
-	if (!EVP_DigestFinal_ex(&ctx->md_ctx,md,len))
-		goto err;
-	return 1;
-	err:
-	return 0;
-	}
-
-void HMAC_CTX_init(HMAC_CTX *ctx)
-	{
-	EVP_MD_CTX_init(&ctx->i_ctx);
-	EVP_MD_CTX_init(&ctx->o_ctx);
-	EVP_MD_CTX_init(&ctx->md_ctx);
-	}
-
-int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
-	{
-	if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx))
-		goto err;
-	if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx))
-		goto err;
-	if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
-		goto err;
-	memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
-	dctx->key_length = sctx->key_length;
-	dctx->md = sctx->md;
-	return 1;
-	err:
-	return 0;
-	}
-
-void HMAC_CTX_cleanup(HMAC_CTX *ctx)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !ctx->i_ctx.engine)
-		{
-		FIPS_hmac_ctx_cleanup(ctx);
-		return;
-		}
-#endif
-	EVP_MD_CTX_cleanup(&ctx->i_ctx);
-	EVP_MD_CTX_cleanup(&ctx->o_ctx);
-	EVP_MD_CTX_cleanup(&ctx->md_ctx);
-	memset(ctx,0,sizeof *ctx);
-	}
-
-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-		    const unsigned char *d, size_t n, unsigned char *md,
-		    unsigned int *md_len)
-	{
-	HMAC_CTX c;
-	static unsigned char m[EVP_MAX_MD_SIZE];
-
-	if (md == NULL) md=m;
-	HMAC_CTX_init(&c);
-	if (!HMAC_Init(&c,key,key_len,evp_md))
-		goto err;
-	if (!HMAC_Update(&c,d,n))
-		goto err;
-	if (!HMAC_Final(&c,md,md_len))
-		goto err;
-	HMAC_CTX_cleanup(&c);
-	return md;
-	err:
-	return NULL;
-	}
-
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
-	{
-	EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
-	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
-	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
-	}
diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h
deleted file mode 100644
index 1be0022190..0000000000
--- a/crypto/hmac/hmac.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/* crypto/hmac/hmac.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifndef HEADER_HMAC_H
-#define HEADER_HMAC_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_HMAC
-#error HMAC is disabled.
-#endif
-
-#include <openssl/evp.h>
-
-#define HMAC_MAX_MD_CBLOCK	128	/* largest known is SHA512 */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct hmac_ctx_st
-	{
-	const EVP_MD *md;
-	EVP_MD_CTX md_ctx;
-	EVP_MD_CTX i_ctx;
-	EVP_MD_CTX o_ctx;
-	unsigned int key_length;
-	unsigned char key[HMAC_MAX_MD_CBLOCK];
-	} HMAC_CTX;
-
-#define HMAC_size(e)	(EVP_MD_size((e)->md))
-
-
-void HMAC_CTX_init(HMAC_CTX *ctx);
-void HMAC_CTX_cleanup(HMAC_CTX *ctx);
-
-#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
-
-int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
-	       const EVP_MD *md); /* deprecated */
-int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
-		  const EVP_MD *md, ENGINE *impl);
-int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
-int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-		    const unsigned char *d, size_t n, unsigned char *md,
-		    unsigned int *md_len);
-int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
-
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c
deleted file mode 100644
index 1b906b81af..0000000000
--- a/crypto/hmac/hmactest.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/* crypto/hmac/hmactest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_HMAC
-int main(int argc, char *argv[])
-{
-    printf("No HMAC support\n");
-    return(0);
-}
-#else
-#include <openssl/hmac.h>
-#ifndef OPENSSL_NO_MD5
-#include <openssl/md5.h>
-#endif
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-#ifndef OPENSSL_NO_MD5
-static struct test_st
-	{
-	unsigned char key[16];
-	int key_len;
-	unsigned char data[64];
-	int data_len;
-	unsigned char *digest;
-	} test[4]={
-	{	"",
-		0,
-		"More text test vectors to stuff up EBCDIC machines :-)",
-		54,
-		(unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
-	},{	{0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
-		 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},
-		16,
-		"Hi There",
-		8,
-		(unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
-	},{	"Jefe",
-		4,
-		"what do ya want for nothing?",
-		28,
-		(unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
-	},{
-		{0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
-		 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},
-		16,
-		{0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
-		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
-		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
-		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
-		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
-		 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
-		 0xdd,0xdd},
-		50,
-		(unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
-	},
-	};
-#endif
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-	{
-#ifndef OPENSSL_NO_MD5
-	int i;
-	char *p;
-#endif
-	int err=0;
-
-#ifdef OPENSSL_NO_MD5
-	printf("test skipped: MD5 disabled\n");
-#else
-
-#ifdef CHARSET_EBCDIC
-	ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
-	ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
-	ebcdic2ascii(test[2].key,  test[2].key,  test[2].key_len);
-	ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
-#endif
-
-	for (i=0; i<4; i++)
-		{
-		p=pt(HMAC(EVP_md5(),
-			test[i].key, test[i].key_len,
-			test[i].data, test[i].data_len,
-			NULL,NULL));
-
-		if (strcmp(p,(char *)test[i].digest) != 0)
-			{
-			printf("error calculating HMAC on %d entry'\n",i);
-			printf("got %s instead of %s\n",p,test[i].digest);
-			err++;
-			}
-		else
-			printf("test %d ok\n",i);
-		}
-#endif /* OPENSSL_NO_MD5 */
-	EXIT(err);
-	return(0);
-	}
-
-#ifndef OPENSSL_NO_MD5
-static char *pt(unsigned char *md)
-	{
-	int i;
-	static char buf[80];
-
-	for (i=0; i<MD5_DIGEST_LENGTH; i++)
-		sprintf(&(buf[i*2]),"%02x",md[i]);
-	return(buf);
-	}
-#endif
-#endif
diff --git a/crypto/ia64cpuid.S b/crypto/ia64cpuid.S
deleted file mode 100644
index 7832b9b640..0000000000
--- a/crypto/ia64cpuid.S
+++ /dev/null
@@ -1,167 +0,0 @@
-// Works on all IA-64 platforms: Linux, HP-UX, Win64i...
-// On Win64i compile with ias.exe.
-.text
-
-.global	OPENSSL_cpuid_setup#
-.proc	OPENSSL_cpuid_setup#
-OPENSSL_cpuid_setup:
-{ .mib;	br.ret.sptk.many	b0		};;
-.endp	OPENSSL_cpuid_setup#
-
-.global	OPENSSL_rdtsc#
-.proc	OPENSSL_rdtsc#
-OPENSSL_rdtsc:
-{ .mib;	mov			r8=ar.itc
-	br.ret.sptk.many	b0		};;
-.endp   OPENSSL_rdtsc#
-
-.global	OPENSSL_atomic_add#
-.proc	OPENSSL_atomic_add#
-.align	32
-OPENSSL_atomic_add:
-{ .mii;	ld4		r2=[r32]
-	nop.i		0
-	nop.i		0		};;
-.Lspin:
-{ .mii;	mov		ar.ccv=r2
-	add		r8=r2,r33
-	mov		r3=r2		};;
-{ .mmi;	mf;;
-	cmpxchg4.acq	r2=[r32],r8,ar.ccv
-	nop.i		0		};;
-{ .mib;	cmp.ne		p6,p0=r2,r3
-	nop.i		0
-(p6)	br.dpnt		.Lspin		};;
-{ .mib;	nop.m		0
-	sxt4		r8=r8
-	br.ret.sptk.many	b0	};;
-.endp	OPENSSL_atomic_add#
-
-// Returns a structure comprising pointer to the top of stack of
-// the caller and pointer beyond backing storage for the current
-// register frame. The latter is required, because it might be
-// insufficient to wipe backing storage for the current frame
-// (as this procedure does), one might have to go further, toward
-// higher addresses to reach for whole "retroactively" saved
-// context...
-.global	OPENSSL_wipe_cpu#
-.proc	OPENSSL_wipe_cpu#
-.align	32
-OPENSSL_wipe_cpu:
-	.prologue
-	.fframe	0
-	.save	ar.pfs,r2
-	.save	ar.lc,r3
-{ .mib;	alloc		r2=ar.pfs,0,96,0,96
-	mov		r3=ar.lc
-	brp.loop.imp	.L_wipe_top,.L_wipe_end-16
-					};;
-{ .mii;	mov		r9=ar.bsp
-	mov		r8=pr
-	mov		ar.lc=96	};;
-	.body
-{ .mii;	add		r9=96*8-8,r9
-	mov		ar.ec=1		};;
-
-// One can sweep double as fast, but then we can't quarantee
-// that backing storage is wiped...
-.L_wipe_top:
-{ .mfi;	st8		[r9]=r0,-8
-	mov		f127=f0
-	mov		r127=r0		}
-{ .mfb;	nop.m		0
-	nop.f		0
-	br.ctop.sptk	.L_wipe_top	};;
-.L_wipe_end:
-
-{ .mfi;	mov		r11=r0
-	mov		f6=f0
-	mov		r14=r0		}
-{ .mfi;	mov		r15=r0
-	mov		f7=f0
-	mov		r16=r0		}
-{ .mfi;	mov		r17=r0
-	mov		f8=f0
-	mov		r18=r0		}
-{ .mfi;	mov		r19=r0
-	mov		f9=f0
-	mov		r20=r0		}
-{ .mfi;	mov		r21=r0
-	mov		f10=f0
-	mov		r22=r0		}
-{ .mfi;	mov		r23=r0
-	mov		f11=f0
-	mov		r24=r0		}
-{ .mfi;	mov		r25=r0
-	mov		f12=f0
-	mov		r26=r0		}
-{ .mfi;	mov		r27=r0
-	mov		f13=f0
-	mov		r28=r0		}
-{ .mfi;	mov		r29=r0
-	mov		f14=f0
-	mov		r30=r0		}
-{ .mfi;	mov		r31=r0
-	mov		f15=f0
-	nop.i		0		}
-{ .mfi;	mov		f16=f0		}
-{ .mfi;	mov		f17=f0		}
-{ .mfi;	mov		f18=f0		}
-{ .mfi;	mov		f19=f0		}
-{ .mfi;	mov		f20=f0		}
-{ .mfi;	mov		f21=f0		}
-{ .mfi;	mov		f22=f0		}
-{ .mfi;	mov		f23=f0		}
-{ .mfi;	mov		f24=f0		}
-{ .mfi;	mov		f25=f0		}
-{ .mfi;	mov		f26=f0		}
-{ .mfi;	mov		f27=f0		}
-{ .mfi;	mov		f28=f0		}
-{ .mfi;	mov		f29=f0		}
-{ .mfi;	mov		f30=f0		}
-{ .mfi;	add		r9=96*8+8,r9
-	mov		f31=f0
-	mov		pr=r8,0x1ffff	}
-{ .mib;	mov		r8=sp
-	mov		ar.lc=r3
-	br.ret.sptk	b0		};;
-.endp	OPENSSL_wipe_cpu#
-
-.global	OPENSSL_cleanse#
-.proc	OPENSSL_cleanse#
-OPENSSL_cleanse:
-{ .mib;	cmp.eq		p6,p0=0,r33	    // len==0
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-	addp4		r32=0,r32
-#endif
-(p6)	br.ret.spnt	b0		};;
-{ .mib;	and		r2=7,r32
-	cmp.leu		p6,p0=15,r33	    // len>=15
-(p6)	br.cond.dptk	.Lot		};;
-
-.Little:
-{ .mib;	st1		[r32]=r0,1
-	cmp.ltu		p6,p7=1,r33	}  // len>1
-{ .mbb;	add		r33=-1,r33	   // len--
-(p6)	br.cond.dptk	.Little
-(p7)	br.ret.sptk.many	b0	};;
-
-.Lot:
-{ .mib;	cmp.eq		p6,p0=0,r2
-(p6)	br.cond.dptk	.Laligned	};;
-{ .mmi;	st1		[r32]=r0,1;;
-	and		r2=7,r32	}
-{ .mib;	add		r33=-1,r33
-	br		.Lot		};;
-
-.Laligned:
-{ .mmi;	st8		[r32]=r0,8
-	and		r2=-8,r33	    // len&~7
-	add		r33=-8,r33	};; // len-=8
-{ .mib;	cmp.ltu		p6,p0=8,r2	    // ((len+8)&~7)>8
-(p6)	br.cond.dptk	.Laligned	};;
-
-{ .mbb;	cmp.eq		p6,p7=r0,r33
-(p7)	br.cond.dpnt	.Little
-(p6)	br.ret.sptk.many	b0	};;
-.endp	OPENSSL_cleanse#
diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c
deleted file mode 100644
index 8e4b633ccc..0000000000
--- a/crypto/jpake/jpake.c
+++ /dev/null
@@ -1,511 +0,0 @@
-#include "jpake.h"
-
-#include <openssl/crypto.h>
-#include <openssl/sha.h>
-#include <openssl/err.h>
-#include <memory.h>
-
-/*
- * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or
- * Bob's (x3, x4, x1, x2). If you see what I mean.
- */
-
-typedef struct
-    {
-    char *name;  /* Must be unique */
-    char *peer_name;
-    BIGNUM *p;
-    BIGNUM *g;
-    BIGNUM *q;
-    BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */
-    BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */
-    } JPAKE_CTX_PUBLIC;
-
-struct JPAKE_CTX
-    {
-    JPAKE_CTX_PUBLIC p;
-    BIGNUM *secret;   /* The shared secret */
-    BN_CTX *ctx;
-    BIGNUM *xa;       /* Alice's x1 or Bob's x3 */
-    BIGNUM *xb;       /* Alice's x2 or Bob's x4 */
-    BIGNUM *key;      /* The calculated (shared) key */
-    };
-
-static void JPAKE_ZKP_init(JPAKE_ZKP *zkp)
-    {
-    zkp->gr = BN_new();
-    zkp->b = BN_new();
-    }
-
-static void JPAKE_ZKP_release(JPAKE_ZKP *zkp)
-    {
-    BN_free(zkp->b);
-    BN_free(zkp->gr);
-    }
-
-/* Two birds with one stone - make the global name as expected */
-#define JPAKE_STEP_PART_init	JPAKE_STEP2_init
-#define JPAKE_STEP_PART_release	JPAKE_STEP2_release
-
-void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p)
-    {
-    p->gx = BN_new();
-    JPAKE_ZKP_init(&p->zkpx);
-    }
-
-void JPAKE_STEP_PART_release(JPAKE_STEP_PART *p)
-    {
-    JPAKE_ZKP_release(&p->zkpx);
-    BN_free(p->gx);
-    }
-
-void JPAKE_STEP1_init(JPAKE_STEP1 *s1)
-    {
-    JPAKE_STEP_PART_init(&s1->p1);
-    JPAKE_STEP_PART_init(&s1->p2);
-    }
-
-void JPAKE_STEP1_release(JPAKE_STEP1 *s1)
-    {
-    JPAKE_STEP_PART_release(&s1->p2);
-    JPAKE_STEP_PART_release(&s1->p1);
-    }
-
-static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name,
-			   const char *peer_name, const BIGNUM *p,
-			   const BIGNUM *g, const BIGNUM *q,
-			   const BIGNUM *secret)
-    {
-    ctx->p.name = OPENSSL_strdup(name);
-    ctx->p.peer_name = OPENSSL_strdup(peer_name);
-    ctx->p.p = BN_dup(p);
-    ctx->p.g = BN_dup(g);
-    ctx->p.q = BN_dup(q);
-    ctx->secret = BN_dup(secret);
-
-    ctx->p.gxc = BN_new();
-    ctx->p.gxd = BN_new();
-
-    ctx->xa = BN_new();
-    ctx->xb = BN_new();
-    ctx->key = BN_new();
-    ctx->ctx = BN_CTX_new();
-    }
-    
-static void JPAKE_CTX_release(JPAKE_CTX *ctx)
-    {
-    BN_CTX_free(ctx->ctx);
-    BN_clear_free(ctx->key);
-    BN_clear_free(ctx->xb);
-    BN_clear_free(ctx->xa);
-
-    BN_free(ctx->p.gxd);
-    BN_free(ctx->p.gxc);
-
-    BN_clear_free(ctx->secret);
-    BN_free(ctx->p.q);
-    BN_free(ctx->p.g);
-    BN_free(ctx->p.p);
-    OPENSSL_free(ctx->p.peer_name);
-    OPENSSL_free(ctx->p.name);
-
-    memset(ctx, '\0', sizeof *ctx);
-    }
-    
-JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
-			 const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
-			 const BIGNUM *secret)
-    {
-    JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
-
-    JPAKE_CTX_init(ctx, name, peer_name, p, g, q, secret);
-
-    return ctx;
-    }
-
-void JPAKE_CTX_free(JPAKE_CTX *ctx)
-    {
-    JPAKE_CTX_release(ctx);
-    OPENSSL_free(ctx);
-    }
-
-static void hashlength(SHA_CTX *sha, size_t l)
-    {
-    unsigned char b[2];
-
-    OPENSSL_assert(l <= 0xffff);
-    b[0] = l >> 8;
-    b[1] = l&0xff;
-    SHA1_Update(sha, b, 2);
-    }
-
-static void hashstring(SHA_CTX *sha, const char *string)
-    {
-    size_t l = strlen(string);
-
-    hashlength(sha, l);
-    SHA1_Update(sha, string, l);
-    }
-
-static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
-    {
-    size_t l = BN_num_bytes(bn);
-    unsigned char *bin = OPENSSL_malloc(l);
-
-    hashlength(sha, l);
-    BN_bn2bin(bn, bin);
-    SHA1_Update(sha, bin, l);
-    OPENSSL_free(bin);
-    }
-
-/* h=hash(g, g^r, g^x, name) */
-static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p,
-		     const char *proof_name)
-    {
-    unsigned char md[SHA_DIGEST_LENGTH];
-    SHA_CTX sha;
-
-   /*
-    * XXX: hash should not allow moving of the boundaries - Java code
-    * is flawed in this respect. Length encoding seems simplest.
-    */
-    SHA1_Init(&sha);
-    hashbn(&sha, zkpg);
-    OPENSSL_assert(!BN_is_zero(p->zkpx.gr));
-    hashbn(&sha, p->zkpx.gr);
-    hashbn(&sha, p->gx);
-    hashstring(&sha, proof_name);
-    SHA1_Final(md, &sha);
-    BN_bin2bn(md, SHA_DIGEST_LENGTH, h);
-    }
-
-/*
- * Prove knowledge of x
- * Note that p->gx has already been calculated
- */
-static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
-			 const BIGNUM *zkpg, JPAKE_CTX *ctx)
-    {
-    BIGNUM *r = BN_new();
-    BIGNUM *h = BN_new();
-    BIGNUM *t = BN_new();
-
-   /*
-    * r in [0,q)
-    * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
-    */
-    BN_rand_range(r, ctx->p.q);
-   /* g^r */
-    BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx);
-
-   /* h=hash... */
-    zkp_hash(h, zkpg, p, ctx->p.name);
-
-   /* b = r - x*h */
-    BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx);
-    BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx);
-
-   /* cleanup */
-    BN_free(t);
-    BN_free(h);
-    BN_free(r);
-    }
-
-static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg,
-		      JPAKE_CTX *ctx)
-    {
-    BIGNUM *h = BN_new();
-    BIGNUM *t1 = BN_new();
-    BIGNUM *t2 = BN_new();
-    BIGNUM *t3 = BN_new();
-    int ret = 0;
-
-    zkp_hash(h, zkpg, p, ctx->p.peer_name);
-
-   /* t1 = g^b */
-    BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx);
-   /* t2 = (g^x)^h = g^{hx} */
-    BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx);
-   /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */
-    BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx);
-
-   /* verify t3 == g^r */
-    if(BN_cmp(t3, p->zkpx.gr) == 0)
-	ret = 1;
-    else
-	JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED);
-
-   /* cleanup */
-    BN_free(t3);
-    BN_free(t2);
-    BN_free(t1);
-    BN_free(h);
-
-    return ret;
-    }    
-
-static void generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x,
-			       const BIGNUM *g, JPAKE_CTX *ctx)
-    {
-    BN_mod_exp(p->gx, g, x, ctx->p.p, ctx->ctx);
-    generate_zkp(p, x, g, ctx);
-    }
-
-/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */
-static void genrand(JPAKE_CTX *ctx)
-    {
-    BIGNUM *qm1;
-
-   /* xa in [0, q) */
-    BN_rand_range(ctx->xa, ctx->p.q);
-
-   /* q-1 */
-    qm1 = BN_new();
-    BN_copy(qm1, ctx->p.q);
-    BN_sub_word(qm1, 1);
-
-   /* ... and xb in [0, q-1) */
-    BN_rand_range(ctx->xb, qm1);
-   /* [1, q) */
-    BN_add_word(ctx->xb, 1);
-
-   /* cleanup */
-    BN_free(qm1);
-    }
-
-int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
-    {
-    genrand(ctx);
-    generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx);
-    generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx);
-
-    return 1;
-    }
-
-/* g^x is a legal value */
-static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
-    {
-    BIGNUM *t;
-    int res;
-    
-    if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
-	return 0;
-
-    t = BN_new();
-    BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
-    res = BN_is_one(t);
-    BN_free(t);
-
-    return res;
-    }
-
-int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
-    {
-    if(!is_legal(received->p1.gx, ctx))
-	{
-	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
-	return 0;
-	}
-
-    if(!is_legal(received->p2.gx, ctx))
-	{
-	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
-	return 0;
-	}
-
-   /* verify their ZKP(xc) */
-    if(!verify_zkp(&received->p1, ctx->p.g, ctx))
-	{
-	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED);
-	return 0;
-	}
-
-   /* verify their ZKP(xd) */
-    if(!verify_zkp(&received->p2, ctx->p.g, ctx))
-	{
-	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED);
-	return 0;
-	}
-
-   /* g^xd != 1 */
-    if(BN_is_one(received->p2.gx))
-	{
-	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE);
-	return 0;
-	}
-
-   /* Save the bits we need for later */
-    BN_copy(ctx->p.gxc, received->p1.gx);
-    BN_copy(ctx->p.gxd, received->p2.gx);
-
-    return 1;
-    }
-
-
-int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx)
-    {
-    BIGNUM *t1 = BN_new();
-    BIGNUM *t2 = BN_new();
-
-   /*
-    * X = g^{(xa + xc + xd) * xb * s}
-    * t1 = g^xa
-    */
-    BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx);
-   /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */
-    BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx);
-   /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */
-    BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx);
-   /* t2 = xb * s */
-    BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx);
-
-   /*
-    * ZKP(xb * s)
-    * XXX: this is kinda funky, because we're using
-    *
-    * g' = g^{xa + xc + xd}
-    *
-    * as the generator, which means X is g'^{xb * s}
-    * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
-    */
-    generate_step_part(send, t2, t1, ctx);
-
-   /* cleanup */
-    BN_free(t1);
-    BN_free(t2);
-
-    return 1;
-    }
-
-/* gx = g^{xc + xa + xb} * xd * s */
-static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx)
-    {
-    BIGNUM *t1 = BN_new();
-    BIGNUM *t2 = BN_new();
-    BIGNUM *t3 = BN_new();
-
-   /*
-    * K = (gx/g^{xb * xd * s})^{xb}
-    *   = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
-    *   = (g^{(xa + xc) * xd * s})^{xb}
-    *   = g^{(xa + xc) * xb * xd * s}
-    * [which is the same regardless of who calculates it]
-    */
-
-   /* t1 = (g^{xd})^{xb} = g^{xb * xd} */
-    BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx);
-   /* t2 = -s = q-s */
-    BN_sub(t2, ctx->p.q, ctx->secret);
-   /* t3 = t1^t2 = g^{-xb * xd * s} */
-    BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx);
-   /* t1 = gx * t3 = X/g^{xb * xd * s} */
-    BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx);
-   /* K = t1^{xb} */
-    BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx);
-
-   /* cleanup */
-    BN_free(t3);
-    BN_free(t2);
-    BN_free(t1);
-
-    return 1;
-    }
-
-int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received)
-    {
-    BIGNUM *t1 = BN_new();
-    BIGNUM *t2 = BN_new();
-    int ret = 0;
-
-   /*
-    * g' = g^{xc + xa + xb} [from our POV]
-    * t1 = xa + xb
-    */
-    BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx);
-   /* t2 = g^{t1} = g^{xa+xb} */
-    BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx);
-   /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */
-    BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx);
-
-    if(verify_zkp(received, t1, ctx))
-	ret = 1;
-    else
-	JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED);
-
-    compute_key(ctx, received->gx);
-
-   /* cleanup */
-    BN_free(t2);
-    BN_free(t1);
-
-    return ret;
-    }
-
-static void quickhashbn(unsigned char *md, const BIGNUM *bn)
-    {
-    SHA_CTX sha;
-
-    SHA1_Init(&sha);
-    hashbn(&sha, bn);
-    SHA1_Final(md, &sha);
-    }
-
-void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a)
-    {}
-
-int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx)
-    {
-    quickhashbn(send->hhk, ctx->key);
-    SHA1(send->hhk, sizeof send->hhk, send->hhk);
-
-    return 1;
-    }
-
-int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received)
-    {
-    unsigned char hhk[SHA_DIGEST_LENGTH];
-
-    quickhashbn(hhk, ctx->key);
-    SHA1(hhk, sizeof hhk, hhk);
-    if(memcmp(hhk, received->hhk, sizeof hhk))
-	{
-	JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH);
-	return 0;
-	}
-    return 1;
-    }
-
-void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a)
-    {}
-
-void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b)
-    {}
-
-int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx)
-    {
-    quickhashbn(send->hk, ctx->key);
-
-    return 1;
-    }
-
-int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received)
-    {
-    unsigned char hk[SHA_DIGEST_LENGTH];
-
-    quickhashbn(hk, ctx->key);
-    if(memcmp(hk, received->hk, sizeof hk))
-	{
-	JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH);
-	return 0;
-	}
-    return 1;
-    }
-
-void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b)
-    {}
-
-const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx)
-    {
-    return ctx->key;
-    }
-
diff --git a/crypto/jpake/jpake.h b/crypto/jpake/jpake.h
deleted file mode 100644
index fd143b4d9b..0000000000
--- a/crypto/jpake/jpake.h
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Implement J-PAKE, as described in
- * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
- * 
- * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
- */
-
-#ifndef HEADER_JPAKE_H
-#define HEADER_JPAKE_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_JPAKE
-#error JPAKE is disabled.
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/sha.h>
-
-typedef struct JPAKE_CTX JPAKE_CTX;
-
-/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */
-typedef struct
-    {
-    BIGNUM *gr; /* g^r (r random) */
-    BIGNUM *b;  /* b = r - x*h, h=hash(g, g^r, g^x, name) */
-    } JPAKE_ZKP;
-
-typedef struct
-    {
-    BIGNUM *gx;       /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */
-    JPAKE_ZKP zkpx;   /* ZKP(x) or ZKP(xb * s) */
-    } JPAKE_STEP_PART;
-
-typedef struct
-    {
-    JPAKE_STEP_PART p1;   /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */
-    JPAKE_STEP_PART p2;   /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */
-    } JPAKE_STEP1;
-
-typedef JPAKE_STEP_PART JPAKE_STEP2;
-
-typedef struct
-    {
-    unsigned char hhk[SHA_DIGEST_LENGTH];
-    } JPAKE_STEP3A;
-
-typedef struct
-    {
-    unsigned char hk[SHA_DIGEST_LENGTH];
-    } JPAKE_STEP3B;
-
-/* Parameters are copied */
-JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
-			 const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
-			 const BIGNUM *secret);
-void JPAKE_CTX_free(JPAKE_CTX *ctx);
-
-/*
- * Note that JPAKE_STEP1 can be used multiple times before release
- * without another init.
- */
-void JPAKE_STEP1_init(JPAKE_STEP1 *s1);
-int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx);
-int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received);
-void JPAKE_STEP1_release(JPAKE_STEP1 *s1);
-
-/*
- * Note that JPAKE_STEP2 can be used multiple times before release
- * without another init.
- */
-void JPAKE_STEP2_init(JPAKE_STEP2 *s2);
-int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx);
-int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received);
-void JPAKE_STEP2_release(JPAKE_STEP2 *s2);
-
-/*
- * Optionally verify the shared key. If the shared secrets do not
- * match, the two ends will disagree about the shared key, but
- * otherwise the protocol will succeed.
- */
-void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a);
-int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx);
-int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received);
-void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a);
-
-void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b);
-int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx);
-int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received);
-void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b);
-
-/*
- * the return value belongs to the library and will be released when
- * ctx is released, and will change when a new handshake is performed.
- */
-const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_JPAKE_strings(void);
-
-/* Error codes for the JPAKE functions. */
-
-/* Function codes. */
-#define JPAKE_F_JPAKE_STEP1_PROCESS			 101
-#define JPAKE_F_JPAKE_STEP2_PROCESS			 102
-#define JPAKE_F_JPAKE_STEP3A_PROCESS			 103
-#define JPAKE_F_JPAKE_STEP3B_PROCESS			 104
-#define JPAKE_F_VERIFY_ZKP				 100
-
-/* Reason codes. */
-#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL		 108
-#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL		 109
-#define JPAKE_R_G_TO_THE_X4_IS_ONE			 105
-#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH		 106
-#define JPAKE_R_HASH_OF_KEY_MISMATCH			 107
-#define JPAKE_R_VERIFY_B_FAILED				 102
-#define JPAKE_R_VERIFY_X3_FAILED			 103
-#define JPAKE_R_VERIFY_X4_FAILED			 104
-#define JPAKE_R_ZKP_VERIFY_FAILED			 100
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/jpake/jpake_err.c b/crypto/jpake/jpake_err.c
deleted file mode 100644
index a9a9dee75c..0000000000
--- a/crypto/jpake/jpake_err.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/* crypto/jpake/jpake_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/jpake.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_JPAKE,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_JPAKE,0,reason)
-
-static ERR_STRING_DATA JPAKE_str_functs[]=
-	{
-{ERR_FUNC(JPAKE_F_JPAKE_STEP1_PROCESS),	"JPAKE_STEP1_process"},
-{ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS),	"JPAKE_STEP2_process"},
-{ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS),	"JPAKE_STEP3A_process"},
-{ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS),	"JPAKE_STEP3B_process"},
-{ERR_FUNC(JPAKE_F_VERIFY_ZKP),	"VERIFY_ZKP"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA JPAKE_str_reasons[]=
-	{
-{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
-{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
-{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE)  ,"g to the x4 is one"},
-{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
-{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
-{ERR_REASON(JPAKE_R_VERIFY_B_FAILED)     ,"verify b failed"},
-{ERR_REASON(JPAKE_R_VERIFY_X3_FAILED)    ,"verify x3 failed"},
-{ERR_REASON(JPAKE_R_VERIFY_X4_FAILED)    ,"verify x4 failed"},
-{ERR_REASON(JPAKE_R_ZKP_VERIFY_FAILED)   ,"zkp verify failed"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_JPAKE_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(JPAKE_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,JPAKE_str_functs);
-		ERR_load_strings(0,JPAKE_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/jpake/jpaketest.c b/crypto/jpake/jpaketest.c
deleted file mode 100644
index eaba75ed8a..0000000000
--- a/crypto/jpake/jpaketest.c
+++ /dev/null
@@ -1,192 +0,0 @@
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_JPAKE
-
-#include <stdio.h>
-
-int main(int argc, char *argv[])
-{
-    printf("No J-PAKE support\n");
-    return(0);
-}
-
-#else
-
-#include <openssl/jpake.h>
-#include <openssl/err.h>
-
-static void showbn(const char *name, const BIGNUM *bn)
-    {
-    fputs(name, stdout);
-    fputs(" = ", stdout);
-    BN_print_fp(stdout, bn);
-    putc('\n', stdout);
-    }
-
-static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
-    {
-    JPAKE_STEP1 alice_s1;
-    JPAKE_STEP1 bob_s1;
-    JPAKE_STEP2 alice_s2;
-    JPAKE_STEP2 bob_s2;
-    JPAKE_STEP3A alice_s3a;
-    JPAKE_STEP3B bob_s3b;
-
-   /* Alice -> Bob: step 1 */
-    puts("A->B s1");
-    JPAKE_STEP1_init(&alice_s1);
-    JPAKE_STEP1_generate(&alice_s1, alice);
-    if(!JPAKE_STEP1_process(bob, &alice_s1))
-	{
-	printf("Bob fails to process Alice's step 1\n");
-	ERR_print_errors_fp(stdout);
-	return 1;
-	}
-    JPAKE_STEP1_release(&alice_s1);
-
-   /* Bob -> Alice: step 1 */
-    puts("B->A s1");
-    JPAKE_STEP1_init(&bob_s1);
-    JPAKE_STEP1_generate(&bob_s1, bob);
-    if(!JPAKE_STEP1_process(alice, &bob_s1))
-	{
-	printf("Alice fails to process Bob's step 1\n");
-	ERR_print_errors_fp(stdout);
-	return 2;
-	}
-    JPAKE_STEP1_release(&bob_s1);
-
-   /* Alice -> Bob: step 2 */
-    puts("A->B s2");
-    JPAKE_STEP2_init(&alice_s2);
-    JPAKE_STEP2_generate(&alice_s2, alice);
-    if(!JPAKE_STEP2_process(bob, &alice_s2))
-	{
-	printf("Bob fails to process Alice's step 2\n");
-	ERR_print_errors_fp(stdout);
-	return 3;
-	}
-    JPAKE_STEP2_release(&alice_s2);
-
-   /* Bob -> Alice: step 2 */
-    puts("B->A s2");
-    JPAKE_STEP2_init(&bob_s2);
-    JPAKE_STEP2_generate(&bob_s2, bob);
-    if(!JPAKE_STEP2_process(alice, &bob_s2))
-	{
-	printf("Alice fails to process Bob's step 2\n");
-	ERR_print_errors_fp(stdout);
-	return 4;
-	}
-    JPAKE_STEP2_release(&bob_s2);
-
-    showbn("Alice's key", JPAKE_get_shared_key(alice));
-    showbn("Bob's key  ", JPAKE_get_shared_key(bob));
-
-   /* Alice -> Bob: step 3a */
-    puts("A->B s3a");
-    JPAKE_STEP3A_init(&alice_s3a);
-    JPAKE_STEP3A_generate(&alice_s3a, alice);
-    if(!JPAKE_STEP3A_process(bob, &alice_s3a))
-	{
-	printf("Bob fails to process Alice's step 3a\n");
-	ERR_print_errors_fp(stdout);
-	return 5;
-	}
-    JPAKE_STEP3A_release(&alice_s3a);
-    
-   /* Bob -> Alice: step 3b */
-    puts("B->A s3b");
-    JPAKE_STEP3B_init(&bob_s3b);
-    JPAKE_STEP3B_generate(&bob_s3b, bob);
-    if(!JPAKE_STEP3B_process(alice, &bob_s3b))
-	{
-	printf("Alice fails to process Bob's step 3b\n");
-	ERR_print_errors_fp(stdout);
-	return 6;
-	}
-    JPAKE_STEP3B_release(&bob_s3b);
-
-    return 0;
-    }
-
-int main(int argc, char **argv)
-    {
-    JPAKE_CTX *alice;
-    JPAKE_CTX *bob;
-    BIGNUM *p = NULL;
-    BIGNUM *g = NULL;
-    BIGNUM *q = NULL;
-    BIGNUM *secret = BN_new();
-    BIO *bio_err;
-
-    bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-    CRYPTO_malloc_debug_init();
-    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    ERR_load_crypto_strings();
-
-    /*
-    BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7");
-    BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a");
-    BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5");
-    */
-    /*
-    p = BN_new();
-    BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL);
-    */
-   /* Use a safe prime for p (that we found earlier) */
-    BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
-    showbn("p", p);
-    g = BN_new();
-    BN_set_word(g, 2);
-    showbn("g", g);
-    q = BN_new();
-    BN_rshift1(q, p);
-    showbn("q", q);
-
-    BN_rand(secret, 32, -1, 0);
-
-   /* A normal run, expect this to work... */
-    alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
-    bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
-
-    if(run_jpake(alice, bob) != 0)
-	{
-	fprintf(stderr, "Plain JPAKE run failed\n");
-	return 1;
-	}
-
-    JPAKE_CTX_free(bob);
-    JPAKE_CTX_free(alice);
-
-   /* Now give Alice and Bob different secrets */
-    alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
-    BN_add_word(secret, 1);
-    bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
-
-    if(run_jpake(alice, bob) != 5)
-	{
-	fprintf(stderr, "Mismatched secret JPAKE run failed\n");
-	return 1;
-	}
-
-    JPAKE_CTX_free(bob);
-    JPAKE_CTX_free(alice);
-
-    BN_free(secret);
-    BN_free(q);
-    BN_free(g);
-    BN_free(p);
-
-    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_thread_state(NULL);
-    ERR_free_strings();
-    CRYPTO_mem_leaks(bio_err);
-
-    return 0;
-    }
-
-#endif
diff --git a/crypto/krb5/krb5_asn.c b/crypto/krb5/krb5_asn.c
deleted file mode 100644
index 1fb741d2a0..0000000000
--- a/crypto/krb5/krb5_asn.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/* krb5_asn.c */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
-** using ocsp/{*.h,*asn*.c} as a starting point
-*/
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/krb5_asn.h>
-
-
-ASN1_SEQUENCE(KRB5_ENCDATA) = {
-	ASN1_EXP(KRB5_ENCDATA, etype,		ASN1_INTEGER,	  0),
-	ASN1_EXP_OPT(KRB5_ENCDATA, kvno,	ASN1_INTEGER,	  1),
-	ASN1_EXP(KRB5_ENCDATA, cipher,		ASN1_OCTET_STRING,2)
-} ASN1_SEQUENCE_END(KRB5_ENCDATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA)
-
-
-ASN1_SEQUENCE(KRB5_PRINCNAME) = {
-	ASN1_EXP(KRB5_PRINCNAME, nametype,	ASN1_INTEGER,	  0),
-	ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)
-} ASN1_SEQUENCE_END(KRB5_PRINCNAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME)
-
-
-/* [APPLICATION 1] = 0x61 */
-ASN1_SEQUENCE(KRB5_TKTBODY) = {
-	ASN1_EXP(KRB5_TKTBODY, tktvno,		ASN1_INTEGER,	  0),
-	ASN1_EXP(KRB5_TKTBODY, realm, 		ASN1_GENERALSTRING, 1),
-	ASN1_EXP(KRB5_TKTBODY, sname,		KRB5_PRINCNAME,	  2),
-	ASN1_EXP(KRB5_TKTBODY, encdata,		KRB5_ENCDATA,	  3)
-} ASN1_SEQUENCE_END(KRB5_TKTBODY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY)
-
-
-ASN1_ITEM_TEMPLATE(KRB5_TICKET) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,
-			KRB5_TICKET, KRB5_TKTBODY)
-ASN1_ITEM_TEMPLATE_END(KRB5_TICKET)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET)
-
-
-/* [APPLICATION 14] = 0x6e */
-ASN1_SEQUENCE(KRB5_APREQBODY) = {
-	ASN1_EXP(KRB5_APREQBODY, pvno,		ASN1_INTEGER,	  0),
-	ASN1_EXP(KRB5_APREQBODY, msgtype,	ASN1_INTEGER,	  1),
-	ASN1_EXP(KRB5_APREQBODY, apoptions,	ASN1_BIT_STRING,  2),
-	ASN1_EXP(KRB5_APREQBODY, ticket, 	KRB5_TICKET,	  3),
-	ASN1_EXP(KRB5_APREQBODY, authenticator,	KRB5_ENCDATA,	  4),
-} ASN1_SEQUENCE_END(KRB5_APREQBODY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY)
-
-ASN1_ITEM_TEMPLATE(KRB5_APREQ) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,
-			KRB5_APREQ, KRB5_APREQBODY)
-ASN1_ITEM_TEMPLATE_END(KRB5_APREQ)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ)
-
-
-/*  Authenticator stuff 	*/
-
-ASN1_SEQUENCE(KRB5_CHECKSUM) = {
-	ASN1_EXP(KRB5_CHECKSUM, ctype,		ASN1_INTEGER,	  0),
-	ASN1_EXP(KRB5_CHECKSUM, checksum,	ASN1_OCTET_STRING,1)
-} ASN1_SEQUENCE_END(KRB5_CHECKSUM)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM)
-
-
-ASN1_SEQUENCE(KRB5_ENCKEY) = {
-	ASN1_EXP(KRB5_ENCKEY,	ktype,		ASN1_INTEGER,	  0),
-	ASN1_EXP(KRB5_ENCKEY,	keyvalue,	ASN1_OCTET_STRING,1)
-} ASN1_SEQUENCE_END(KRB5_ENCKEY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY)
-
-
-/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
-ASN1_SEQUENCE(KRB5_AUTHDATA) = {
-	ASN1_EXP(KRB5_AUTHDATA,	adtype,		ASN1_INTEGER,	  0),
-	ASN1_EXP(KRB5_AUTHDATA,	addata, 	ASN1_OCTET_STRING,1)
-} ASN1_SEQUENCE_END(KRB5_AUTHDATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA)
-
-
-/* [APPLICATION 2] = 0x62 */
-ASN1_SEQUENCE(KRB5_AUTHENTBODY) = {
-	ASN1_EXP(KRB5_AUTHENTBODY,	avno,	ASN1_INTEGER,	  0),
-	ASN1_EXP(KRB5_AUTHENTBODY,	crealm,	ASN1_GENERALSTRING, 1),
-	ASN1_EXP(KRB5_AUTHENTBODY,	cname,	KRB5_PRINCNAME,	  2),
-	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	cksum,	KRB5_CHECKSUM,	  3),
-	ASN1_EXP(KRB5_AUTHENTBODY,	cusec,	ASN1_INTEGER,	  4),
-	ASN1_EXP(KRB5_AUTHENTBODY,	ctime,	ASN1_GENERALIZEDTIME, 5),
-	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	subkey,	KRB5_ENCKEY,	  6),
-	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	seqnum,	ASN1_INTEGER,	  7),
-	ASN1_EXP_SEQUENCE_OF_OPT
-		    (KRB5_AUTHENTBODY,	authorization,	KRB5_AUTHDATA, 8),
-} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
-
-ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,
-			KRB5_AUTHENT, KRB5_AUTHENTBODY)
-ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT)
-
diff --git a/crypto/krb5/krb5_asn.h b/crypto/krb5/krb5_asn.h
deleted file mode 100644
index 41725d0dc4..0000000000
--- a/crypto/krb5/krb5_asn.h
+++ /dev/null
@@ -1,256 +0,0 @@
-/* krb5_asn.h */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
-** using ocsp/{*.h,*asn*.c} as a starting point
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_KRB5_ASN_H
-#define HEADER_KRB5_ASN_H
-
-/*
-#include <krb5.h>
-*/
-#include <openssl/safestack.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-/*	ASN.1 from Kerberos RFC 1510
-*/
-
-/*	EncryptedData ::=   SEQUENCE {
-**		etype[0]                      INTEGER, -- EncryptionType
-**		kvno[1]                       INTEGER OPTIONAL,
-**		cipher[2]                     OCTET STRING -- ciphertext
-**	}
-*/
-typedef	struct	krb5_encdata_st
-	{
-	ASN1_INTEGER			*etype;
-	ASN1_INTEGER			*kvno;
-	ASN1_OCTET_STRING		*cipher;
-	}	KRB5_ENCDATA;
-
-DECLARE_STACK_OF(KRB5_ENCDATA)
-
-/*	PrincipalName ::=   SEQUENCE {
-**		name-type[0]                  INTEGER,
-**		name-string[1]                SEQUENCE OF GeneralString
-**	}
-*/
-typedef	struct	krb5_princname_st
-	{
-	ASN1_INTEGER			*nametype;
-	STACK_OF(ASN1_GENERALSTRING)	*namestring;
-	}	KRB5_PRINCNAME;
-
-DECLARE_STACK_OF(KRB5_PRINCNAME)
-
-
-/*	Ticket ::=	[APPLICATION 1] SEQUENCE {
-**		tkt-vno[0]                    INTEGER,
-**		realm[1]                      Realm,
-**		sname[2]                      PrincipalName,
-**		enc-part[3]                   EncryptedData
-**	}
-*/
-typedef	struct	krb5_tktbody_st
-	{
-	ASN1_INTEGER			*tktvno;
-	ASN1_GENERALSTRING		*realm;
-	KRB5_PRINCNAME			*sname;
-	KRB5_ENCDATA			*encdata;
-	}	KRB5_TKTBODY;
-
-typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
-DECLARE_STACK_OF(KRB5_TKTBODY)
-
-
-/*	AP-REQ ::=      [APPLICATION 14] SEQUENCE {
-**		pvno[0]                       INTEGER,
-**		msg-type[1]                   INTEGER,
-**		ap-options[2]                 APOptions,
-**		ticket[3]                     Ticket,
-**		authenticator[4]              EncryptedData
-**	}
-**
-**	APOptions ::=   BIT STRING {
-**		reserved(0), use-session-key(1), mutual-required(2) }
-*/
-typedef	struct	krb5_ap_req_st
-	{
-	ASN1_INTEGER			*pvno;
-	ASN1_INTEGER			*msgtype;
-	ASN1_BIT_STRING			*apoptions;
-	KRB5_TICKET			*ticket;
-	KRB5_ENCDATA			*authenticator;
-	}	KRB5_APREQBODY;
-
-typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
-DECLARE_STACK_OF(KRB5_APREQBODY)
-
-
-/*	Authenticator Stuff	*/
-
-
-/*	Checksum ::=   SEQUENCE {
-**		cksumtype[0]                  INTEGER,
-**		checksum[1]                   OCTET STRING
-**	}
-*/
-typedef	struct	krb5_checksum_st
-	{
-	ASN1_INTEGER			*ctype;
-	ASN1_OCTET_STRING		*checksum;
-	}	KRB5_CHECKSUM;
-
-DECLARE_STACK_OF(KRB5_CHECKSUM)
-
-
-/*	EncryptionKey ::=   SEQUENCE {
-**		keytype[0]                    INTEGER,
-**		keyvalue[1]                   OCTET STRING
-**	}
-*/
-typedef struct  krb5_encryptionkey_st
-	{
-	ASN1_INTEGER			*ktype;
-	ASN1_OCTET_STRING		*keyvalue;
-	}	KRB5_ENCKEY;
-
-DECLARE_STACK_OF(KRB5_ENCKEY)
-
-
-/*	AuthorizationData ::=   SEQUENCE OF SEQUENCE {
-**		ad-type[0]                    INTEGER,
-**              ad-data[1]                    OCTET STRING
-**	}
-*/
-typedef struct	krb5_authorization_st
-	{
-	ASN1_INTEGER			*adtype;
-	ASN1_OCTET_STRING		*addata;
-	}	KRB5_AUTHDATA;
-
-DECLARE_STACK_OF(KRB5_AUTHDATA)
-
-			
-/*	-- Unencrypted authenticator
-**	Authenticator ::=    [APPLICATION 2] SEQUENCE    {
-**		authenticator-vno[0]          INTEGER,
-**		crealm[1]                     Realm,
-**		cname[2]                      PrincipalName,
-**		cksum[3]                      Checksum OPTIONAL,
-**		cusec[4]                      INTEGER,
-**		ctime[5]                      KerberosTime,
-**		subkey[6]                     EncryptionKey OPTIONAL,
-**		seq-number[7]                 INTEGER OPTIONAL,
-**		authorization-data[8]         AuthorizationData OPTIONAL
-**	}
-*/
-typedef struct	krb5_authenticator_st
-	{
-	ASN1_INTEGER			*avno;
-	ASN1_GENERALSTRING		*crealm;
-	KRB5_PRINCNAME			*cname;
-	KRB5_CHECKSUM			*cksum;
-	ASN1_INTEGER			*cusec;
-	ASN1_GENERALIZEDTIME		*ctime;
-	KRB5_ENCKEY			*subkey;
-	ASN1_INTEGER			*seqnum;
-	KRB5_AUTHDATA			*authorization;
-	}	KRB5_AUTHENTBODY;
-
-typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
-DECLARE_STACK_OF(KRB5_AUTHENTBODY)
-
-
-/*  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
-**	type *name##_new(void);
-**	void name##_free(type *a);
-**	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
-**	 DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
-**	  type *d2i_##name(type **a, const unsigned char **in, long len);
-**	  int i2d_##name(type *a, unsigned char **out);
-**	  DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
-*/
-
-DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
-DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
-DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)
-DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)
-
-DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)
-DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c
deleted file mode 100644
index 815615e338..0000000000
--- a/crypto/lhash/lh_stats.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/* crypto/lhash/lh_stats.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-/* If you wish to build this outside of SSLeay, remove the following lines
- * and things should work as expected */
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/lhash.h>
-
-#ifdef OPENSSL_NO_BIO
-
-void lh_stats(LHASH *lh, FILE *out)
-	{
-	fprintf(out,"num_items             = %lu\n",lh->num_items);
-	fprintf(out,"num_nodes             = %u\n",lh->num_nodes);
-	fprintf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
-	fprintf(out,"num_expands           = %lu\n",lh->num_expands);
-	fprintf(out,"num_expand_reallocs   = %lu\n",lh->num_expand_reallocs);
-	fprintf(out,"num_contracts         = %lu\n",lh->num_contracts);
-	fprintf(out,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
-	fprintf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);
-	fprintf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);
-	fprintf(out,"num_insert            = %lu\n",lh->num_insert);
-	fprintf(out,"num_replace           = %lu\n",lh->num_replace);
-	fprintf(out,"num_delete            = %lu\n",lh->num_delete);
-	fprintf(out,"num_no_delete         = %lu\n",lh->num_no_delete);
-	fprintf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
-	fprintf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
-	fprintf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
-#if 0
-	fprintf(out,"p                     = %u\n",lh->p);
-	fprintf(out,"pmax                  = %u\n",lh->pmax);
-	fprintf(out,"up_load               = %lu\n",lh->up_load);
-	fprintf(out,"down_load             = %lu\n",lh->down_load);
-#endif
-	}
-
-void lh_node_stats(LHASH *lh, FILE *out)
-	{
-	LHASH_NODE *n;
-	unsigned int i,num;
-
-	for (i=0; i<lh->num_nodes; i++)
-		{
-		for (n=lh->b[i],num=0; n != NULL; n=n->next)
-			num++;
-		fprintf(out,"node %6u -> %3u\n",i,num);
-		}
-	}
-
-void lh_node_usage_stats(LHASH *lh, FILE *out)
-	{
-	LHASH_NODE *n;
-	unsigned long num;
-	unsigned int i;
-	unsigned long total=0,n_used=0;
-
-	for (i=0; i<lh->num_nodes; i++)
-		{
-		for (n=lh->b[i],num=0; n != NULL; n=n->next)
-			num++;
-		if (num != 0)
-			{
-			n_used++;
-			total+=num;
-			}
-		}
-	fprintf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
-	fprintf(out,"%lu items\n",total);
-	if (n_used == 0) return;
-	fprintf(out,"load %d.%02d  actual load %d.%02d\n",
-		(int)(total/lh->num_nodes),
-		(int)((total%lh->num_nodes)*100/lh->num_nodes),
-		(int)(total/n_used),
-		(int)((total%n_used)*100/n_used));
-	}
-
-#else
-
-#ifndef OPENSSL_NO_FP_API
-void lh_stats(const _LHASH *lh, FILE *fp)
-	{
-	BIO *bp;
-
-	bp=BIO_new(BIO_s_file());
-	if (bp == NULL) goto end;
-	BIO_set_fp(bp,fp,BIO_NOCLOSE);
-	lh_stats_bio(lh,bp);
-	BIO_free(bp);
-end:;
-	}
-
-void lh_node_stats(const _LHASH *lh, FILE *fp)
-	{
-	BIO *bp;
-
-	bp=BIO_new(BIO_s_file());
-	if (bp == NULL) goto end;
-	BIO_set_fp(bp,fp,BIO_NOCLOSE);
-	lh_node_stats_bio(lh,bp);
-	BIO_free(bp);
-end:;
-	}
-
-void lh_node_usage_stats(const _LHASH *lh, FILE *fp)
-	{
-	BIO *bp;
-
-	bp=BIO_new(BIO_s_file());
-	if (bp == NULL) goto end;
-	BIO_set_fp(bp,fp,BIO_NOCLOSE);
-	lh_node_usage_stats_bio(lh,bp);
-	BIO_free(bp);
-end:;
-	}
-
-#endif
-
-void lh_stats_bio(const _LHASH *lh, BIO *out)
-	{
-	BIO_printf(out,"num_items             = %lu\n",lh->num_items);
-	BIO_printf(out,"num_nodes             = %u\n",lh->num_nodes);
-	BIO_printf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
-	BIO_printf(out,"num_expands           = %lu\n",lh->num_expands);
-	BIO_printf(out,"num_expand_reallocs   = %lu\n",
-		   lh->num_expand_reallocs);
-	BIO_printf(out,"num_contracts         = %lu\n",lh->num_contracts);
-	BIO_printf(out,"num_contract_reallocs = %lu\n",
-		   lh->num_contract_reallocs);
-	BIO_printf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);
-	BIO_printf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);
-	BIO_printf(out,"num_insert            = %lu\n",lh->num_insert);
-	BIO_printf(out,"num_replace           = %lu\n",lh->num_replace);
-	BIO_printf(out,"num_delete            = %lu\n",lh->num_delete);
-	BIO_printf(out,"num_no_delete         = %lu\n",lh->num_no_delete);
-	BIO_printf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
-	BIO_printf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
-	BIO_printf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
-#if 0
-	BIO_printf(out,"p                     = %u\n",lh->p);
-	BIO_printf(out,"pmax                  = %u\n",lh->pmax);
-	BIO_printf(out,"up_load               = %lu\n",lh->up_load);
-	BIO_printf(out,"down_load             = %lu\n",lh->down_load);
-#endif
-	}
-
-void lh_node_stats_bio(const _LHASH *lh, BIO *out)
-	{
-	LHASH_NODE *n;
-	unsigned int i,num;
-
-	for (i=0; i<lh->num_nodes; i++)
-		{
-		for (n=lh->b[i],num=0; n != NULL; n=n->next)
-			num++;
-		BIO_printf(out,"node %6u -> %3u\n",i,num);
-		}
-	}
-
-void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out)
-	{
-	LHASH_NODE *n;
-	unsigned long num;
-	unsigned int i;
-	unsigned long total=0,n_used=0;
-
-	for (i=0; i<lh->num_nodes; i++)
-		{
-		for (n=lh->b[i],num=0; n != NULL; n=n->next)
-			num++;
-		if (num != 0)
-			{
-			n_used++;
-			total+=num;
-			}
-		}
-	BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
-	BIO_printf(out,"%lu items\n",total);
-	if (n_used == 0) return;
-	BIO_printf(out,"load %d.%02d  actual load %d.%02d\n",
-		   (int)(total/lh->num_nodes),
-		   (int)((total%lh->num_nodes)*100/lh->num_nodes),
-		   (int)(total/n_used),
-		   (int)((total%n_used)*100/n_used));
-	}
-
-#endif
diff --git a/crypto/lhash/lh_test.c b/crypto/lhash/lh_test.c
deleted file mode 100644
index 85700c859b..0000000000
--- a/crypto/lhash/lh_test.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* crypto/lhash/lh_test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/lhash.h>
-
-main()
-	{
-	LHASH *conf;
-	char buf[256];
-	int i;
-
-	conf=lh_new(lh_strhash,strcmp);
-	for (;;)
-		{
-		char *p;
-
-		buf[0]='\0';
-		fgets(buf,256,stdin);
-		if (buf[0] == '\0') break;
-		i=strlen(buf);
-		p=OPENSSL_malloc(i+1);
-		memcpy(p,buf,i+1);
-		lh_insert(conf,p);
-		}
-
-	lh_node_stats(conf,stdout);
-	lh_stats(conf,stdout);
-	lh_node_usage_stats(conf,stdout);
-	exit(0);
-	}
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
deleted file mode 100644
index 47f748081b..0000000000
--- a/crypto/lhash/lhash.c
+++ /dev/null
@@ -1,475 +0,0 @@
-/* crypto/lhash/lhash.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Code for dynamic hash table routines
- * Author - Eric Young v 2.0
- *
- * 2.2 eay - added #include "crypto.h" so the memory leak checking code is
- *	     present. eay 18-Jun-98
- *
- * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
- *
- * 2.0 eay - Fixed a bug that occurred when using lh_delete
- *	     from inside lh_doall().  As entries were deleted,
- *	     the 'table' was 'contract()ed', making some entries
- *	     jump from the end of the table to the start, there by
- *	     skipping the lh_doall() processing. eay - 4/12/95
- *
- * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
- *	     were not being free()ed. 21/11/95
- *
- * 1.8 eay - Put the stats routines into a separate file, lh_stats.c
- *	     19/09/95
- *
- * 1.7 eay - Removed the fputs() for realloc failures - the code
- *           should silently tolerate them.  I have also fixed things
- *           lint complained about 04/05/95
- *
- * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92
- *
- * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992
- *
- * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91
- *
- * 1.3 eay - Fixed a few lint problems 19/3/1991
- *
- * 1.2 eay - Fixed lh_doall problem 13/3/1991
- *
- * 1.1 eay - Added lh_doall
- *
- * 1.0 eay - First version
- */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-
-const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT;
-
-#undef MIN_NODES 
-#define MIN_NODES	16
-#define UP_LOAD		(2*LH_LOAD_MULT) /* load times 256  (default 2) */
-#define DOWN_LOAD	(LH_LOAD_MULT)   /* load times 256  (default 1) */
-
-static void expand(_LHASH *lh);
-static void contract(_LHASH *lh);
-static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash);
-
-_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
-	{
-	_LHASH *ret;
-	int i;
-
-	if ((ret=OPENSSL_malloc(sizeof(_LHASH))) == NULL)
-		goto err0;
-	if ((ret->b=OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
-		goto err1;
-	for (i=0; i<MIN_NODES; i++)
-		ret->b[i]=NULL;
-	ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c);
-	ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h);
-	ret->num_nodes=MIN_NODES/2;
-	ret->num_alloc_nodes=MIN_NODES;
-	ret->p=0;
-	ret->pmax=MIN_NODES/2;
-	ret->up_load=UP_LOAD;
-	ret->down_load=DOWN_LOAD;
-	ret->num_items=0;
-
-	ret->num_expands=0;
-	ret->num_expand_reallocs=0;
-	ret->num_contracts=0;
-	ret->num_contract_reallocs=0;
-	ret->num_hash_calls=0;
-	ret->num_comp_calls=0;
-	ret->num_insert=0;
-	ret->num_replace=0;
-	ret->num_delete=0;
-	ret->num_no_delete=0;
-	ret->num_retrieve=0;
-	ret->num_retrieve_miss=0;
-	ret->num_hash_comps=0;
-
-	ret->error=0;
-	return(ret);
-err1:
-	OPENSSL_free(ret);
-err0:
-	return(NULL);
-	}
-
-void lh_free(_LHASH *lh)
-	{
-	unsigned int i;
-	LHASH_NODE *n,*nn;
-
-	if (lh == NULL)
-	    return;
-
-	for (i=0; i<lh->num_nodes; i++)
-		{
-		n=lh->b[i];
-		while (n != NULL)
-			{
-			nn=n->next;
-			OPENSSL_free(n);
-			n=nn;
-			}
-		}
-	OPENSSL_free(lh->b);
-	OPENSSL_free(lh);
-	}
-
-void *lh_insert(_LHASH *lh, void *data)
-	{
-	unsigned long hash;
-	LHASH_NODE *nn,**rn;
-	void *ret;
-
-	lh->error=0;
-	if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
-		expand(lh);
-
-	rn=getrn(lh,data,&hash);
-
-	if (*rn == NULL)
-		{
-		if ((nn=(LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL)
-			{
-			lh->error++;
-			return(NULL);
-			}
-		nn->data=data;
-		nn->next=NULL;
-#ifndef OPENSSL_NO_HASH_COMP
-		nn->hash=hash;
-#endif
-		*rn=nn;
-		ret=NULL;
-		lh->num_insert++;
-		lh->num_items++;
-		}
-	else /* replace same key */
-		{
-		ret= (*rn)->data;
-		(*rn)->data=data;
-		lh->num_replace++;
-		}
-	return(ret);
-	}
-
-void *lh_delete(_LHASH *lh, const void *data)
-	{
-	unsigned long hash;
-	LHASH_NODE *nn,**rn;
-	void *ret;
-
-	lh->error=0;
-	rn=getrn(lh,data,&hash);
-
-	if (*rn == NULL)
-		{
-		lh->num_no_delete++;
-		return(NULL);
-		}
-	else
-		{
-		nn= *rn;
-		*rn=nn->next;
-		ret=nn->data;
-		OPENSSL_free(nn);
-		lh->num_delete++;
-		}
-
-	lh->num_items--;
-	if ((lh->num_nodes > MIN_NODES) &&
-		(lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))
-		contract(lh);
-
-	return(ret);
-	}
-
-void *lh_retrieve(_LHASH *lh, const void *data)
-	{
-	unsigned long hash;
-	LHASH_NODE **rn;
-	void *ret;
-
-	lh->error=0;
-	rn=getrn(lh,data,&hash);
-
-	if (*rn == NULL)
-		{
-		lh->num_retrieve_miss++;
-		return(NULL);
-		}
-	else
-		{
-		ret= (*rn)->data;
-		lh->num_retrieve++;
-		}
-	return(ret);
-	}
-
-static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
-			  LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
-	{
-	int i;
-	LHASH_NODE *a,*n;
-
-	if (lh == NULL)
-		return;
-
-	/* reverse the order so we search from 'top to bottom'
-	 * We were having memory leaks otherwise */
-	for (i=lh->num_nodes-1; i>=0; i--)
-		{
-		a=lh->b[i];
-		while (a != NULL)
-			{
-			/* 28/05/91 - eay - n added so items can be deleted
-			 * via lh_doall */
-			/* 22/05/08 - ben - eh? since a is not passed,
-			 * this should not be needed */
-			n=a->next;
-			if(use_arg)
-				func_arg(a->data,arg);
-			else
-				func(a->data);
-			a=n;
-			}
-		}
-	}
-
-void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func)
-	{
-	doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
-	}
-
-void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
-	{
-	doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
-	}
-
-static void expand(_LHASH *lh)
-	{
-	LHASH_NODE **n,**n1,**n2,*np;
-	unsigned int p,i,j;
-	unsigned long hash,nni;
-
-	lh->num_nodes++;
-	lh->num_expands++;
-	p=(int)lh->p++;
-	n1= &(lh->b[p]);
-	n2= &(lh->b[p+(int)lh->pmax]);
-	*n2=NULL;        /* 27/07/92 - eay - undefined pointer bug */
-	nni=lh->num_alloc_nodes;
-	
-	for (np= *n1; np != NULL; )
-		{
-#ifndef OPENSSL_NO_HASH_COMP
-		hash=np->hash;
-#else
-		hash=lh->hash(np->data);
-		lh->num_hash_calls++;
-#endif
-		if ((hash%nni) != p)
-			{ /* move it */
-			*n1= (*n1)->next;
-			np->next= *n2;
-			*n2=np;
-			}
-		else
-			n1= &((*n1)->next);
-		np= *n1;
-		}
-
-	if ((lh->p) >= lh->pmax)
-		{
-		j=(int)lh->num_alloc_nodes*2;
-		n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
-			(int)(sizeof(LHASH_NODE *)*j));
-		if (n == NULL)
-			{
-/*			fputs("realloc error in lhash",stderr); */
-			lh->error++;
-			lh->p=0;
-			return;
-			}
-		/* else */
-		for (i=(int)lh->num_alloc_nodes; i<j; i++)/* 26/02/92 eay */
-			n[i]=NULL;			  /* 02/03/92 eay */
-		lh->pmax=lh->num_alloc_nodes;
-		lh->num_alloc_nodes=j;
-		lh->num_expand_reallocs++;
-		lh->p=0;
-		lh->b=n;
-		}
-	}
-
-static void contract(_LHASH *lh)
-	{
-	LHASH_NODE **n,*n1,*np;
-
-	np=lh->b[lh->p+lh->pmax-1];
-	lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */
-	if (lh->p == 0)
-		{
-		n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
-			(unsigned int)(sizeof(LHASH_NODE *)*lh->pmax));
-		if (n == NULL)
-			{
-/*			fputs("realloc error in lhash",stderr); */
-			lh->error++;
-			return;
-			}
-		lh->num_contract_reallocs++;
-		lh->num_alloc_nodes/=2;
-		lh->pmax/=2;
-		lh->p=lh->pmax-1;
-		lh->b=n;
-		}
-	else
-		lh->p--;
-
-	lh->num_nodes--;
-	lh->num_contracts++;
-
-	n1=lh->b[(int)lh->p];
-	if (n1 == NULL)
-		lh->b[(int)lh->p]=np;
-	else
-		{
-		while (n1->next != NULL)
-			n1=n1->next;
-		n1->next=np;
-		}
-	}
-
-static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash)
-	{
-	LHASH_NODE **ret,*n1;
-	unsigned long hash,nn;
-	LHASH_COMP_FN_TYPE cf;
-
-	hash=(*(lh->hash))(data);
-	lh->num_hash_calls++;
-	*rhash=hash;
-
-	nn=hash%lh->pmax;
-	if (nn < lh->p)
-		nn=hash%lh->num_alloc_nodes;
-
-	cf=lh->comp;
-	ret= &(lh->b[(int)nn]);
-	for (n1= *ret; n1 != NULL; n1=n1->next)
-		{
-#ifndef OPENSSL_NO_HASH_COMP
-		lh->num_hash_comps++;
-		if (n1->hash != hash)
-			{
-			ret= &(n1->next);
-			continue;
-			}
-#endif
-		lh->num_comp_calls++;
-		if(cf(n1->data,data) == 0)
-			break;
-		ret= &(n1->next);
-		}
-	return(ret);
-	}
-
-/* The following hash seems to work very well on normal text strings
- * no collisions on /usr/dict/words and it distributes on %2^n quite
- * well, not as good as MD5, but still good.
- */
-unsigned long lh_strhash(const char *c)
-	{
-	unsigned long ret=0;
-	long n;
-	unsigned long v;
-	int r;
-
-	if ((c == NULL) || (*c == '\0'))
-		return(ret);
-/*
-	unsigned char b[16];
-	MD5(c,strlen(c),b);
-	return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); 
-*/
-
-	n=0x100;
-	while (*c)
-		{
-		v=n|(*c);
-		n+=0x100;
-		r= (int)((v>>2)^v)&0x0f;
-		ret=(ret<<r)|(ret>>(32-r));
-		ret&=0xFFFFFFFFL;
-		ret^=v*v;
-		c++;
-		}
-	return((ret>>16)^ret);
-	}
-
-unsigned long lh_num_items(const _LHASH *lh)
-	{
-	return lh ? lh->num_items : 0;
-	}
diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h
deleted file mode 100644
index e7d8763591..0000000000
--- a/crypto/lhash/lhash.h
+++ /dev/null
@@ -1,241 +0,0 @@
-/* crypto/lhash/lhash.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Header for dynamic hash table routines
- * Author - Eric Young
- */
-
-#ifndef HEADER_LHASH_H
-#define HEADER_LHASH_H
-
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h>
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct lhash_node_st
-	{
-	void *data;
-	struct lhash_node_st *next;
-#ifndef OPENSSL_NO_HASH_COMP
-	unsigned long hash;
-#endif
-	} LHASH_NODE;
-
-typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
-typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
-typedef void (*LHASH_DOALL_FN_TYPE)(void *);
-typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *);
-
-/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks.
- * This way, callbacks can be provided to LHASH structures without function
- * pointer casting and the macro-defined callbacks provide per-variable casting
- * before deferring to the underlying type-specific callbacks. NB: It is
- * possible to place a "static" in front of both the DECLARE and IMPLEMENT
- * macros if the functions are strictly internal. */
-
-/* First: "hash" functions */
-#define DECLARE_LHASH_HASH_FN(name, o_type) \
-	unsigned long name##_LHASH_HASH(const void *);
-#define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
-	unsigned long name##_LHASH_HASH(const void *arg) { \
-		const o_type *a = arg; \
-		return name##_hash(a); }
-#define LHASH_HASH_FN(name) name##_LHASH_HASH
-
-/* Second: "compare" functions */
-#define DECLARE_LHASH_COMP_FN(name, o_type) \
-	int name##_LHASH_COMP(const void *, const void *);
-#define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
-	int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
-		const o_type *a = arg1;		    \
-		const o_type *b = arg2; \
-		return name##_cmp(a,b); }
-#define LHASH_COMP_FN(name) name##_LHASH_COMP
-
-/* Third: "doall" functions */
-#define DECLARE_LHASH_DOALL_FN(name, o_type) \
-	void name##_LHASH_DOALL(void *);
-#define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
-	void name##_LHASH_DOALL(void *arg) { \
-		o_type *a = arg; \
-		name##_doall(a); }
-#define LHASH_DOALL_FN(name) name##_LHASH_DOALL
-
-/* Fourth: "doall_arg" functions */
-#define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-	void name##_LHASH_DOALL_ARG(void *, void *);
-#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-	void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
-		o_type *a = arg1; \
-		a_type *b = arg2; \
-		name##_doall_arg(a, b); }
-#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
-
-typedef struct lhash_st
-	{
-	LHASH_NODE **b;
-	LHASH_COMP_FN_TYPE comp;
-	LHASH_HASH_FN_TYPE hash;
-	unsigned int num_nodes;
-	unsigned int num_alloc_nodes;
-	unsigned int p;
-	unsigned int pmax;
-	unsigned long up_load; /* load times 256 */
-	unsigned long down_load; /* load times 256 */
-	unsigned long num_items;
-
-	unsigned long num_expands;
-	unsigned long num_expand_reallocs;
-	unsigned long num_contracts;
-	unsigned long num_contract_reallocs;
-	unsigned long num_hash_calls;
-	unsigned long num_comp_calls;
-	unsigned long num_insert;
-	unsigned long num_replace;
-	unsigned long num_delete;
-	unsigned long num_no_delete;
-	unsigned long num_retrieve;
-	unsigned long num_retrieve_miss;
-	unsigned long num_hash_comps;
-
-	int error;
-	} _LHASH;	/* Do not use _LHASH directly, use LHASH_OF
-			 * and friends */
-
-#define LH_LOAD_MULT	256
-
-/* Indicates a malloc() error in the last call, this is only bad
- * in lh_insert(). */
-#define lh_error(lh)	((lh)->error)
-
-_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
-void lh_free(_LHASH *lh);
-void *lh_insert(_LHASH *lh, void *data);
-void *lh_delete(_LHASH *lh, const void *data);
-void *lh_retrieve(_LHASH *lh, const void *data);
-void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func);
-void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
-unsigned long lh_strhash(const char *c);
-unsigned long lh_num_items(const _LHASH *lh);
-
-#ifndef OPENSSL_NO_FP_API
-void lh_stats(const _LHASH *lh, FILE *out);
-void lh_node_stats(const _LHASH *lh, FILE *out);
-void lh_node_usage_stats(const _LHASH *lh, FILE *out);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-void lh_stats_bio(const _LHASH *lh, BIO *out);
-void lh_node_stats_bio(const _LHASH *lh, BIO *out);
-void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);
-#endif
-
-/* Type checking... */
-
-#define LHASH_OF(type) struct lhash_st_##type
-
-#define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; }
-
-#define CHECKED_LHASH_OF(type,lh) \
-  ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh))
-
-/* Define wrapper functions. */
-#define LHM_lh_new(type, name) \
-  ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name)))
-#define LHM_lh_error(type, lh) \
-  lh_error(CHECKED_LHASH_OF(type,lh))
-#define LHM_lh_insert(type, lh, inst) \
-  ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \
-		     CHECKED_PTR_OF(type, inst)))
-#define LHM_lh_retrieve(type, lh, inst) \
-  ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \
-		       CHECKED_PTR_OF(type, inst)))
-#define LHM_lh_delete(type, lh, inst) \
-  ((type *)lh_delete(CHECKED_LHASH_OF(type, lh),			\
-		     CHECKED_PTR_OF(type, inst)))
-#define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn)
-#define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \
-  lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg))
-#define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh))
-#define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load)
-#define LHM_lh_node_stats_bio(type, lh, out) \
-  lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out)
-#define LHM_lh_node_usage_stats_bio(type, lh, out) \
-  lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out)
-#define LHM_lh_stats_bio(type, lh, out) \
-  lh_stats_bio(CHECKED_LHASH_OF(type, lh), out)
-#define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh))
-
-DECLARE_LHASH_OF(OPENSSL_STRING);
-DECLARE_LHASH_OF(OPENSSL_CSTRING);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/crypto/lhash/num.pl b/crypto/lhash/num.pl
deleted file mode 100644
index 30fedf9cd5..0000000000
--- a/crypto/lhash/num.pl
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/local/bin/perl
-
-#node     10 ->   4
-
-while (<>)
-	{
-	next unless /^node/;
-	chop;
-	@a=split;
-	$num{$a[3]}++;
-	}
-
-@a=sort {$a <=> $b } keys %num;
-foreach (0 .. $a[$#a])
-	{
-	printf "%4d:%4d\n",$_,$num{$_};
-	}
diff --git a/crypto/md32_common.h b/crypto/md32_common.h
deleted file mode 100644
index a75f136ca5..0000000000
--- a/crypto/md32_common.h
+++ /dev/null
@@ -1,413 +0,0 @@
-/* crypto/md32_common.h */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-/*
- * This is a generic 32 bit "collector" for message digest algorithms.
- * Whenever needed it collects input character stream into chunks of
- * 32 bit values and invokes a block function that performs actual hash
- * calculations.
- *
- * Porting guide.
- *
- * Obligatory macros:
- *
- * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
- *	this macro defines byte order of input stream.
- * HASH_CBLOCK
- *	size of a unit chunk HASH_BLOCK operates on.
- * HASH_LONG
- *	has to be at lest 32 bit wide, if it's wider, then
- *	HASH_LONG_LOG2 *has to* be defined along
- * HASH_CTX
- *	context structure that at least contains following
- *	members:
- *		typedef struct {
- *			...
- *			HASH_LONG	Nl,Nh;
- *			either {
- *			HASH_LONG	data[HASH_LBLOCK];
- *			unsigned char	data[HASH_CBLOCK];
- *			};
- *			unsigned int	num;
- *			...
- *			} HASH_CTX;
- *	data[] vector is expected to be zeroed upon first call to
- *	HASH_UPDATE.
- * HASH_UPDATE
- *	name of "Update" function, implemented here.
- * HASH_TRANSFORM
- *	name of "Transform" function, implemented here.
- * HASH_FINAL
- *	name of "Final" function, implemented here.
- * HASH_BLOCK_DATA_ORDER
- *	name of "block" function capable of treating *unaligned* input
- *	message in original (data) byte order, implemented externally.
- * HASH_MAKE_STRING
- *	macro convering context variables to an ASCII hash string.
- *
- * MD5 example:
- *
- *	#define DATA_ORDER_IS_LITTLE_ENDIAN
- *
- *	#define HASH_LONG		MD5_LONG
- *	#define HASH_LONG_LOG2		MD5_LONG_LOG2
- *	#define HASH_CTX		MD5_CTX
- *	#define HASH_CBLOCK		MD5_CBLOCK
- *	#define HASH_UPDATE		MD5_Update
- *	#define HASH_TRANSFORM		MD5_Transform
- *	#define HASH_FINAL		MD5_Final
- *	#define HASH_BLOCK_DATA_ORDER	md5_block_data_order
- *
- *					<appro@fy.chalmers.se>
- */
-
-#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-#error "DATA_ORDER must be defined!"
-#endif
-
-#ifndef HASH_CBLOCK
-#error "HASH_CBLOCK must be defined!"
-#endif
-#ifndef HASH_LONG
-#error "HASH_LONG must be defined!"
-#endif
-#ifndef HASH_CTX
-#error "HASH_CTX must be defined!"
-#endif
-
-#ifndef HASH_UPDATE
-#error "HASH_UPDATE must be defined!"
-#endif
-#ifndef HASH_TRANSFORM
-#error "HASH_TRANSFORM must be defined!"
-#endif
-#ifndef HASH_FINAL
-#error "HASH_FINAL must be defined!"
-#endif
-
-#ifndef HASH_BLOCK_DATA_ORDER
-#error "HASH_BLOCK_DATA_ORDER must be defined!"
-#endif
-
-/*
- * Engage compiler specific rotate intrinsic function if available.
- */
-#undef ROTATE
-#ifndef PEDANTIC
-# if defined(_MSC_VER) || defined(__ICC)
-#  define ROTATE(a,n)	_lrotl(a,n)
-# elif defined(__MWERKS__)
-#  if defined(__POWERPC__)
-#   define ROTATE(a,n)	__rlwinm(a,n,0,31)
-#  elif defined(__MC68K__)
-    /* Motorola specific tweak. <appro@fy.chalmers.se> */
-#   define ROTATE(a,n)	( n<24 ? __rol(a,n) : __ror(a,32-n) )
-#  else
-#   define ROTATE(a,n)	__rol(a,n)
-#  endif
-# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-  /*
-   * Some GNU C inline assembler templates. Note that these are
-   * rotates by *constant* number of bits! But that's exactly
-   * what we need here...
-   * 					<appro@fy.chalmers.se>
-   */
-#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-#   define ROTATE(a,n)	({ register unsigned int ret;	\
-				asm (			\
-				"roll %1,%0"		\
-				: "=r"(ret)		\
-				: "I"(n), "0"((unsigned int)(a))	\
-				: "cc");		\
-			   ret;				\
-			})
-#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
-	defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
-#   define ROTATE(a,n)	({ register unsigned int ret;	\
-				asm (			\
-				"rlwinm %0,%1,%2,0,31"	\
-				: "=r"(ret)		\
-				: "r"(a), "I"(n));	\
-			   ret;				\
-			})
-#  elif defined(__s390x__)
-#   define ROTATE(a,n) ({ register unsigned int ret;	\
-				asm ("rll %0,%1,%2"	\
-				: "=r"(ret)		\
-				: "r"(a), "I"(n));	\
-			  ret;				\
-			})
-#  endif
-# endif
-#endif /* PEDANTIC */
-
-#ifndef ROTATE
-#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#endif
-
-#if defined(DATA_ORDER_IS_BIG_ENDIAN)
-
-#ifndef PEDANTIC
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#  if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
-      (defined(__x86_64) || defined(__x86_64__))
-#   if !defined(B_ENDIAN)
-    /*
-     * This gives ~30-40% performance improvement in SHA-256 compiled
-     * with gcc [on P4]. Well, first macro to be frank. We can pull
-     * this trick on x86* platforms only, because these CPUs can fetch
-     * unaligned data without raising an exception.
-     */
-#   define HOST_c2l(c,l)	({ unsigned int r=*((const unsigned int *)(c));	\
-				   asm ("bswapl %0":"=r"(r):"0"(r));	\
-				   (c)+=4; (l)=r;			})
-#   define HOST_l2c(l,c)	({ unsigned int r=(l);			\
-				   asm ("bswapl %0":"=r"(r):"0"(r));	\
-				   *((unsigned int *)(c))=r; (c)+=4; r;	})
-#   endif
-#  endif
-# endif
-#endif
-#if defined(__s390__) || defined(__s390x__)
-# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
-#endif
-
-#ifndef HOST_c2l
-#define HOST_c2l(c,l)	(l =(((unsigned long)(*((c)++)))<<24),		\
-			 l|=(((unsigned long)(*((c)++)))<<16),		\
-			 l|=(((unsigned long)(*((c)++)))<< 8),		\
-			 l|=(((unsigned long)(*((c)++)))    )		)
-#endif
-#ifndef HOST_l2c
-#define HOST_l2c(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff),	\
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff),	\
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff),	\
-			 *((c)++)=(unsigned char)(((l)    )&0xff),	\
-			 l)
-#endif
-
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-
-#ifndef PEDANTIC
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#  if defined(__s390x__)
-#   define HOST_c2l(c,l)	({ asm ("lrv	%0,%1"			\
-				   :"=d"(l) :"m"(*(const unsigned int *)(c)));\
-				   (c)+=4; (l);				})
-#   define HOST_l2c(l,c)	({ asm ("strv	%1,%0"			\
-				   :"=m"(*(unsigned int *)(c)) :"d"(l));\
-				   (c)+=4; (l);				})
-#  endif
-# endif
-#endif
-#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-# ifndef B_ENDIAN
-   /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
-#  define HOST_c2l(c,l)	((l)=*((const unsigned int *)(c)), (c)+=4, l)
-#  define HOST_l2c(l,c)	(*((unsigned int *)(c))=(l), (c)+=4, l)
-# endif
-#endif
-
-#ifndef HOST_c2l
-#define HOST_c2l(c,l)	(l =(((unsigned long)(*((c)++)))    ),		\
-			 l|=(((unsigned long)(*((c)++)))<< 8),		\
-			 l|=(((unsigned long)(*((c)++)))<<16),		\
-			 l|=(((unsigned long)(*((c)++)))<<24)		)
-#endif
-#ifndef HOST_l2c
-#define HOST_l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff),	\
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff),	\
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff),	\
-			 *((c)++)=(unsigned char)(((l)>>24)&0xff),	\
-			 l)
-#endif
-
-#endif
-
-/*
- * Time for some action:-)
- */
-
-int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
-	{
-	const unsigned char *data=data_;
-	unsigned char *p;
-	HASH_LONG l;
-	size_t n;
-
-	if (len==0) return 1;
-
-	l=(c->Nl+(((HASH_LONG)len)<<3))&0xffffffffUL;
-	/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
-	 * Wei Dai <weidai@eskimo.com> for pointing it out. */
-	if (l < c->Nl) /* overflow */
-		c->Nh++;
-	c->Nh+=(HASH_LONG)(len>>29);	/* might cause compiler warning on 16-bit */
-	c->Nl=l;
-
-	n = c->num;
-	if (n != 0)
-		{
-		p=(unsigned char *)c->data;
-
-		if (len >= HASH_CBLOCK || len+n >= HASH_CBLOCK)
-			{
-			memcpy (p+n,data,HASH_CBLOCK-n);
-			HASH_BLOCK_DATA_ORDER (c,p,1);
-			n      = HASH_CBLOCK-n;
-			data  += n;
-			len   -= n;
-			c->num = 0;
-			memset (p,0,HASH_CBLOCK);	/* keep it zeroed */
-			}
-		else
-			{
-			memcpy (p+n,data,len);
-			c->num += (unsigned int)len;
-			return 1;
-			}
-		}
-
-	n = len/HASH_CBLOCK;
-	if (n > 0)
-		{
-		HASH_BLOCK_DATA_ORDER (c,data,n);
-		n    *= HASH_CBLOCK;
-		data += n;
-		len  -= n;
-		}
-
-	if (len != 0)
-		{
-		p = (unsigned char *)c->data;
-		c->num = (unsigned int)len;
-		memcpy (p,data,len);
-		}
-	return 1;
-	}
-
-
-void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
-	{
-	HASH_BLOCK_DATA_ORDER (c,data,1);
-	}
-
-
-int HASH_FINAL (unsigned char *md, HASH_CTX *c)
-	{
-	unsigned char *p = (unsigned char *)c->data;
-	size_t n = c->num;
-
-	p[n] = 0x80; /* there is always room for one */
-	n++;
-
-	if (n > (HASH_CBLOCK-8))
-		{
-		memset (p+n,0,HASH_CBLOCK-n);
-		n=0;
-		HASH_BLOCK_DATA_ORDER (c,p,1);
-		}
-	memset (p+n,0,HASH_CBLOCK-8-n);
-
-	p += HASH_CBLOCK-8;
-#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
-	(void)HOST_l2c(c->Nh,p);
-	(void)HOST_l2c(c->Nl,p);
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-	(void)HOST_l2c(c->Nl,p);
-	(void)HOST_l2c(c->Nh,p);
-#endif
-	p -= HASH_CBLOCK;
-	HASH_BLOCK_DATA_ORDER (c,p,1);
-	c->num=0;
-	memset (p,0,HASH_CBLOCK);
-
-#ifndef HASH_MAKE_STRING
-#error "HASH_MAKE_STRING must be defined!"
-#else
-	HASH_MAKE_STRING(c,md);
-#endif
-
-	return 1;
-	}
-
-#ifndef MD32_REG_T
-#if defined(__alpha) || defined(__sparcv9) || defined(__mips)
-#define MD32_REG_T long
-/*
- * This comment was originaly written for MD5, which is why it
- * discusses A-D. But it basically applies to all 32-bit digests,
- * which is why it was moved to common header file.
- *
- * In case you wonder why A-D are declared as long and not
- * as MD5_LONG. Doing so results in slight performance
- * boost on LP64 architectures. The catch is we don't
- * really care if 32 MSBs of a 64-bit register get polluted
- * with eventual overflows as we *save* only 32 LSBs in
- * *either* case. Now declaring 'em long excuses the compiler
- * from keeping 32 MSBs zeroed resulting in 13% performance
- * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
- * Well, to be honest it should say that this *prevents* 
- * performance degradation.
- *				<appro@fy.chalmers.se>
- */
-#else
-/*
- * Above is not absolute and there are LP64 compilers that
- * generate better code if MD32_REG_T is defined int. The above
- * pre-processor condition reflects the circumstances under which
- * the conclusion was made and is subject to further extension.
- *				<appro@fy.chalmers.se>
- */
-#define MD32_REG_T int
-#endif
-#endif
diff --git a/crypto/md4/md4.c b/crypto/md4/md4.c
deleted file mode 100644
index 141415ad4d..0000000000
--- a/crypto/md4/md4.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* crypto/md4/md4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md4.h>
-
-#define BUFSIZE	1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
-int read(int, void *, unsigned int);
-#endif
-
-int main(int argc, char **argv)
-	{
-	int i,err=0;
-	FILE *IN;
-
-	if (argc == 1)
-		{
-		do_fp(stdin);
-		}
-	else
-		{
-		for (i=1; i<argc; i++)
-			{
-			IN=fopen(argv[i],"r");
-			if (IN == NULL)
-				{
-				perror(argv[i]);
-				err++;
-				continue;
-				}
-			printf("MD4(%s)= ",argv[i]);
-			do_fp(IN);
-			fclose(IN);
-			}
-		}
-	exit(err);
-	}
-
-void do_fp(FILE *f)
-	{
-	MD4_CTX c;
-	unsigned char md[MD4_DIGEST_LENGTH];
-	int fd;
-	int i;
-	static unsigned char buf[BUFSIZE];
-
-	fd=fileno(f);
-	MD4_Init(&c);
-	for (;;)
-		{
-		i=read(fd,buf,sizeof buf);
-		if (i <= 0) break;
-		MD4_Update(&c,buf,(unsigned long)i);
-		}
-	MD4_Final(&(md[0]),&c);
-	pt(md);
-	}
-
-void pt(unsigned char *md)
-	{
-	int i;
-
-	for (i=0; i<MD4_DIGEST_LENGTH; i++)
-		printf("%02x",md[i]);
-	printf("\n");
-	}
-
diff --git a/crypto/md4/md4.h b/crypto/md4/md4.h
deleted file mode 100644
index a55368a790..0000000000
--- a/crypto/md4/md4.h
+++ /dev/null
@@ -1,120 +0,0 @@
-/* crypto/md4/md4.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MD4_H
-#define HEADER_MD4_H
-
-#include <openssl/e_os2.h>
-#include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MD4
-#error MD4 is disabled.
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! MD4_LONG_LOG2 has to be defined along.			   !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(__LP32__)
-#define MD4_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define MD4_LONG unsigned long
-#define MD4_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- *					<appro@fy.chalmers.se>
- */
-#else
-#define MD4_LONG unsigned int
-#endif
-
-#define MD4_CBLOCK	64
-#define MD4_LBLOCK	(MD4_CBLOCK/4)
-#define MD4_DIGEST_LENGTH 16
-
-typedef struct MD4state_st
-	{
-	MD4_LONG A,B,C,D;
-	MD4_LONG Nl,Nh;
-	MD4_LONG data[MD4_LBLOCK];
-	unsigned int num;
-	} MD4_CTX;
-
-#ifdef OPENSSL_FIPS
-int private_MD4_Init(MD4_CTX *c);
-#endif
-int MD4_Init(MD4_CTX *c);
-int MD4_Update(MD4_CTX *c, const void *data, size_t len);
-int MD4_Final(unsigned char *md, MD4_CTX *c);
-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
-void MD4_Transform(MD4_CTX *c, const unsigned char *b);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c
deleted file mode 100644
index b5b165b052..0000000000
--- a/crypto/md4/md4_dgst.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/* crypto/md4/md4_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#include "md4_locl.h"
-
-const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
-
-/* Implemented from RFC1186 The MD4 Message-Digest Algorithm
- */
-
-#define INIT_DATA_A (unsigned long)0x67452301L
-#define INIT_DATA_B (unsigned long)0xefcdab89L
-#define INIT_DATA_C (unsigned long)0x98badcfeL
-#define INIT_DATA_D (unsigned long)0x10325476L
-
-fips_md_init(MD4)
-	{
-	memset (c,0,sizeof(*c));
-	c->A=INIT_DATA_A;
-	c->B=INIT_DATA_B;
-	c->C=INIT_DATA_C;
-	c->D=INIT_DATA_D;
-	return 1;
-	}
-
-#ifndef md4_block_data_order
-#ifdef X
-#undef X
-#endif
-void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)
-	{
-	const unsigned char *data=data_;
-	register unsigned MD32_REG_T A,B,C,D,l;
-#ifndef MD32_XARRAY
-	/* See comment in crypto/sha/sha_locl.h for details. */
-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-# define X(i)	XX##i
-#else
-	MD4_LONG XX[MD4_LBLOCK];
-# define X(i)	XX[i]
-#endif
-
-	A=c->A;
-	B=c->B;
-	C=c->C;
-	D=c->D;
-
-	for (;num--;)
-		{
-	(void)HOST_c2l(data,l); X( 0)=l;
-	(void)HOST_c2l(data,l); X( 1)=l;
-	/* Round 0 */
-	R0(A,B,C,D,X( 0), 3,0);	(void)HOST_c2l(data,l); X( 2)=l;
-	R0(D,A,B,C,X( 1), 7,0);	(void)HOST_c2l(data,l); X( 3)=l;
-	R0(C,D,A,B,X( 2),11,0);	(void)HOST_c2l(data,l); X( 4)=l;
-	R0(B,C,D,A,X( 3),19,0);	(void)HOST_c2l(data,l); X( 5)=l;
-	R0(A,B,C,D,X( 4), 3,0);	(void)HOST_c2l(data,l); X( 6)=l;
-	R0(D,A,B,C,X( 5), 7,0);	(void)HOST_c2l(data,l); X( 7)=l;
-	R0(C,D,A,B,X( 6),11,0);	(void)HOST_c2l(data,l); X( 8)=l;
-	R0(B,C,D,A,X( 7),19,0);	(void)HOST_c2l(data,l); X( 9)=l;
-	R0(A,B,C,D,X( 8), 3,0);	(void)HOST_c2l(data,l); X(10)=l;
-	R0(D,A,B,C,X( 9), 7,0);	(void)HOST_c2l(data,l); X(11)=l;
-	R0(C,D,A,B,X(10),11,0);	(void)HOST_c2l(data,l); X(12)=l;
-	R0(B,C,D,A,X(11),19,0);	(void)HOST_c2l(data,l); X(13)=l;
-	R0(A,B,C,D,X(12), 3,0);	(void)HOST_c2l(data,l); X(14)=l;
-	R0(D,A,B,C,X(13), 7,0);	(void)HOST_c2l(data,l); X(15)=l;
-	R0(C,D,A,B,X(14),11,0);
-	R0(B,C,D,A,X(15),19,0);
-	/* Round 1 */
-	R1(A,B,C,D,X( 0), 3,0x5A827999L);
-	R1(D,A,B,C,X( 4), 5,0x5A827999L);
-	R1(C,D,A,B,X( 8), 9,0x5A827999L);
-	R1(B,C,D,A,X(12),13,0x5A827999L);
-	R1(A,B,C,D,X( 1), 3,0x5A827999L);
-	R1(D,A,B,C,X( 5), 5,0x5A827999L);
-	R1(C,D,A,B,X( 9), 9,0x5A827999L);
-	R1(B,C,D,A,X(13),13,0x5A827999L);
-	R1(A,B,C,D,X( 2), 3,0x5A827999L);
-	R1(D,A,B,C,X( 6), 5,0x5A827999L);
-	R1(C,D,A,B,X(10), 9,0x5A827999L);
-	R1(B,C,D,A,X(14),13,0x5A827999L);
-	R1(A,B,C,D,X( 3), 3,0x5A827999L);
-	R1(D,A,B,C,X( 7), 5,0x5A827999L);
-	R1(C,D,A,B,X(11), 9,0x5A827999L);
-	R1(B,C,D,A,X(15),13,0x5A827999L);
-	/* Round 2 */
-	R2(A,B,C,D,X( 0), 3,0x6ED9EBA1L);
-	R2(D,A,B,C,X( 8), 9,0x6ED9EBA1L);
-	R2(C,D,A,B,X( 4),11,0x6ED9EBA1L);
-	R2(B,C,D,A,X(12),15,0x6ED9EBA1L);
-	R2(A,B,C,D,X( 2), 3,0x6ED9EBA1L);
-	R2(D,A,B,C,X(10), 9,0x6ED9EBA1L);
-	R2(C,D,A,B,X( 6),11,0x6ED9EBA1L);
-	R2(B,C,D,A,X(14),15,0x6ED9EBA1L);
-	R2(A,B,C,D,X( 1), 3,0x6ED9EBA1L);
-	R2(D,A,B,C,X( 9), 9,0x6ED9EBA1L);
-	R2(C,D,A,B,X( 5),11,0x6ED9EBA1L);
-	R2(B,C,D,A,X(13),15,0x6ED9EBA1L);
-	R2(A,B,C,D,X( 3), 3,0x6ED9EBA1L);
-	R2(D,A,B,C,X(11), 9,0x6ED9EBA1L);
-	R2(C,D,A,B,X( 7),11,0x6ED9EBA1L);
-	R2(B,C,D,A,X(15),15,0x6ED9EBA1L);
-
-	A = c->A += A;
-	B = c->B += B;
-	C = c->C += C;
-	D = c->D += D;
-		}
-	}
-#endif
diff --git a/crypto/md4/md4_locl.h b/crypto/md4/md4_locl.h
deleted file mode 100644
index 99c3e5004c..0000000000
--- a/crypto/md4/md4_locl.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/* crypto/md4/md4_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#include <openssl/md4.h>
-
-#ifndef MD4_LONG_LOG2
-#define MD4_LONG_LOG2 2 /* default to 32 bits */
-#endif
-
-void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
-
-#define DATA_ORDER_IS_LITTLE_ENDIAN
-
-#define HASH_LONG		MD4_LONG
-#define HASH_CTX		MD4_CTX
-#define HASH_CBLOCK		MD4_CBLOCK
-#define HASH_UPDATE		MD4_Update
-#define HASH_TRANSFORM		MD4_Transform
-#define HASH_FINAL		MD4_Final
-#define	HASH_MAKE_STRING(c,s)	do {	\
-	unsigned long ll;		\
-	ll=(c)->A; (void)HOST_l2c(ll,(s));	\
-	ll=(c)->B; (void)HOST_l2c(ll,(s));	\
-	ll=(c)->C; (void)HOST_l2c(ll,(s));	\
-	ll=(c)->D; (void)HOST_l2c(ll,(s));	\
-	} while (0)
-#define	HASH_BLOCK_DATA_ORDER	md4_block_data_order
-
-#include "md32_common.h"
-
-/*
-#define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z)))
-#define	G(x,y,z)	(((x) & (y))  |  ((x) & ((z))) | ((y) & ((z))))
-*/
-
-/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
- * simplified to the code below.  Wei attributes these optimizations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- */
-#define	F(b,c,d)	((((c) ^ (d)) & (b)) ^ (d))
-#define G(b,c,d)	(((b) & (c)) | ((b) & (d)) | ((c) & (d)))
-#define	H(b,c,d)	((b) ^ (c) ^ (d))
-
-#define R0(a,b,c,d,k,s,t) { \
-	a+=((k)+(t)+F((b),(c),(d))); \
-	a=ROTATE(a,s); };
-
-#define R1(a,b,c,d,k,s,t) { \
-	a+=((k)+(t)+G((b),(c),(d))); \
-	a=ROTATE(a,s); };\
-
-#define R2(a,b,c,d,k,s,t) { \
-	a+=((k)+(t)+H((b),(c),(d))); \
-	a=ROTATE(a,s); };
diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c
deleted file mode 100644
index bb64362638..0000000000
--- a/crypto/md4/md4_one.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* crypto/md4/md4_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/md4.h>
-#include <openssl/crypto.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	MD4_CTX c;
-	static unsigned char m[MD4_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	if (!MD4_Init(&c))
-		return NULL;
-#ifndef CHARSET_EBCDIC
-	MD4_Update(&c,d,n);
-#else
-	{
-		char temp[1024];
-		unsigned long chunk;
-
-		while (n > 0)
-		{
-			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
-			ebcdic2ascii(temp, d, chunk);
-			MD4_Update(&c,temp,chunk);
-			n -= chunk;
-			d += chunk;
-		}
-	}
-#endif
-	MD4_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-	return(md);
-	}
-
diff --git a/crypto/md4/md4s.cpp b/crypto/md4/md4s.cpp
deleted file mode 100644
index c0ec97fc9f..0000000000
--- a/crypto/md4/md4s.cpp
+++ /dev/null
@@ -1,78 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
-  asm volatile(".byte 15, 49\n\t"
-	       : "=eax" (tsc)
-	       :
-	       : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
-  unsigned long a;
-  __asm _emit 0fh
-  __asm _emit 31h
-  __asm mov a, eax;
-  tsc=a;
-}
-#endif      
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md4.h>
-
-extern "C" {
-void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
-}
-
-void main(int argc,char *argv[])
-	{
-	unsigned char buffer[64*256];
-	MD4_CTX ctx;
-	unsigned long s1,s2,e1,e2;
-	unsigned char k[16];
-	unsigned long data[2];
-	unsigned char iv[8];
-	int i,num=0,numm;
-	int j=0;
-
-	if (argc >= 2)
-		num=atoi(argv[1]);
-
-	if (num == 0) num=16;
-	if (num > 250) num=16;
-	numm=num+2;
-	num*=64;
-	numm*=64;
-
-	for (j=0; j<6; j++)
-		{
-		for (i=0; i<10; i++) /**/
-			{
-			md4_block_x86(&ctx,buffer,numm);
-			GetTSC(s1);
-			md4_block_x86(&ctx,buffer,numm);
-			GetTSC(e1);
-			GetTSC(s2);
-			md4_block_x86(&ctx,buffer,num);
-			GetTSC(e2);
-			md4_block_x86(&ctx,buffer,num);
-			}
-		printf("md4 (%d bytes) %d %d (%.2f)\n",num,
-			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
-		}
-	}
-
diff --git a/crypto/md4/md4test.c b/crypto/md4/md4test.c
deleted file mode 100644
index 56591728a1..0000000000
--- a/crypto/md4/md4test.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/* crypto/md4/md4test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_MD4
-int main(int argc, char *argv[])
-{
-    printf("No MD4 support\n");
-    return(0);
-}
-#else
-#include <openssl/evp.h>
-#include <openssl/md4.h>
-
-static char *test[]={
-	"",
-	"a",
-	"abc",
-	"message digest",
-	"abcdefghijklmnopqrstuvwxyz",
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-	"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
-	NULL,
-	};
-
-static char *ret[]={
-"31d6cfe0d16ae931b73c59d7e0c089c0",
-"bde52cb31de33e46245e05fbdbd6fb24",
-"a448017aaf21d8525fc10ae87aa6729d",
-"d9130a8164549fe818874806e1c7014b",
-"d79e1c308aa5bbcdeea8ed63df412da9",
-"043f8582f241db351ce627e153e7f0e4",
-"e33b4ddc9c38f2199c3e7b164fcc0536",
-};
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-	{
-	int i,err=0;
-	char **P,**R;
-	char *p;
-	unsigned char md[MD4_DIGEST_LENGTH];
-
-	P=test;
-	R=ret;
-	i=1;
-	while (*P != NULL)
-		{
-		EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md4(), NULL);
-		p=pt(md);
-		if (strcmp(p,(char *)*R) != 0)
-			{
-			printf("error calculating MD4 on '%s'\n",*P);
-			printf("got %s instead of %s\n",p,*R);
-			err++;
-			}
-		else
-			printf("test %d ok\n",i);
-		i++;
-		R++;
-		P++;
-		}
-	EXIT(err);
-	return(0);
-	}
-
-static char *pt(unsigned char *md)
-	{
-	int i;
-	static char buf[80];
-
-	for (i=0; i<MD4_DIGEST_LENGTH; i++)
-		sprintf(&(buf[i*2]),"%02x",md[i]);
-	return(buf);
-	}
-#endif
diff --git a/crypto/md5/asm/md5-586.S b/crypto/md5/asm/md5-586.S
deleted file mode 100644
index 23e4de7df5..0000000000
--- a/crypto/md5/asm/md5-586.S
+++ /dev/null
@@ -1,679 +0,0 @@
-.file	"crypto/md5/asm/md5-586.s"
-.text
-.globl	md5_block_asm_data_order
-.type	md5_block_asm_data_order,@function
-.align	16
-md5_block_asm_data_order:
-.L_md5_block_asm_data_order_begin:
-	pushl	%esi
-	pushl	%edi
-	movl	12(%esp),%edi
-	movl	16(%esp),%esi
-	movl	20(%esp),%ecx
-	pushl	%ebp
-	shll	$6,%ecx
-	pushl	%ebx
-	addl	%esi,%ecx
-	subl	$64,%ecx
-	movl	(%edi),%eax
-	pushl	%ecx
-	movl	4(%edi),%ebx
-	movl	8(%edi),%ecx
-	movl	12(%edi),%edx
-.L000start:
-
-
-	movl	%ecx,%edi
-	movl	(%esi),%ebp
-
-	xorl	%edx,%edi
-	andl	%ebx,%edi
-	leal	3614090360(%eax,%ebp,1),%eax
-	xorl	%edx,%edi
-	addl	%edi,%eax
-	movl	%ebx,%edi
-	roll	$7,%eax
-	movl	4(%esi),%ebp
-	addl	%ebx,%eax
-
-	xorl	%ecx,%edi
-	andl	%eax,%edi
-	leal	3905402710(%edx,%ebp,1),%edx
-	xorl	%ecx,%edi
-	addl	%edi,%edx
-	movl	%eax,%edi
-	roll	$12,%edx
-	movl	8(%esi),%ebp
-	addl	%eax,%edx
-
-	xorl	%ebx,%edi
-	andl	%edx,%edi
-	leal	606105819(%ecx,%ebp,1),%ecx
-	xorl	%ebx,%edi
-	addl	%edi,%ecx
-	movl	%edx,%edi
-	roll	$17,%ecx
-	movl	12(%esi),%ebp
-	addl	%edx,%ecx
-
-	xorl	%eax,%edi
-	andl	%ecx,%edi
-	leal	3250441966(%ebx,%ebp,1),%ebx
-	xorl	%eax,%edi
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$22,%ebx
-	movl	16(%esi),%ebp
-	addl	%ecx,%ebx
-
-	xorl	%edx,%edi
-	andl	%ebx,%edi
-	leal	4118548399(%eax,%ebp,1),%eax
-	xorl	%edx,%edi
-	addl	%edi,%eax
-	movl	%ebx,%edi
-	roll	$7,%eax
-	movl	20(%esi),%ebp
-	addl	%ebx,%eax
-
-	xorl	%ecx,%edi
-	andl	%eax,%edi
-	leal	1200080426(%edx,%ebp,1),%edx
-	xorl	%ecx,%edi
-	addl	%edi,%edx
-	movl	%eax,%edi
-	roll	$12,%edx
-	movl	24(%esi),%ebp
-	addl	%eax,%edx
-
-	xorl	%ebx,%edi
-	andl	%edx,%edi
-	leal	2821735955(%ecx,%ebp,1),%ecx
-	xorl	%ebx,%edi
-	addl	%edi,%ecx
-	movl	%edx,%edi
-	roll	$17,%ecx
-	movl	28(%esi),%ebp
-	addl	%edx,%ecx
-
-	xorl	%eax,%edi
-	andl	%ecx,%edi
-	leal	4249261313(%ebx,%ebp,1),%ebx
-	xorl	%eax,%edi
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$22,%ebx
-	movl	32(%esi),%ebp
-	addl	%ecx,%ebx
-
-	xorl	%edx,%edi
-	andl	%ebx,%edi
-	leal	1770035416(%eax,%ebp,1),%eax
-	xorl	%edx,%edi
-	addl	%edi,%eax
-	movl	%ebx,%edi
-	roll	$7,%eax
-	movl	36(%esi),%ebp
-	addl	%ebx,%eax
-
-	xorl	%ecx,%edi
-	andl	%eax,%edi
-	leal	2336552879(%edx,%ebp,1),%edx
-	xorl	%ecx,%edi
-	addl	%edi,%edx
-	movl	%eax,%edi
-	roll	$12,%edx
-	movl	40(%esi),%ebp
-	addl	%eax,%edx
-
-	xorl	%ebx,%edi
-	andl	%edx,%edi
-	leal	4294925233(%ecx,%ebp,1),%ecx
-	xorl	%ebx,%edi
-	addl	%edi,%ecx
-	movl	%edx,%edi
-	roll	$17,%ecx
-	movl	44(%esi),%ebp
-	addl	%edx,%ecx
-
-	xorl	%eax,%edi
-	andl	%ecx,%edi
-	leal	2304563134(%ebx,%ebp,1),%ebx
-	xorl	%eax,%edi
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$22,%ebx
-	movl	48(%esi),%ebp
-	addl	%ecx,%ebx
-
-	xorl	%edx,%edi
-	andl	%ebx,%edi
-	leal	1804603682(%eax,%ebp,1),%eax
-	xorl	%edx,%edi
-	addl	%edi,%eax
-	movl	%ebx,%edi
-	roll	$7,%eax
-	movl	52(%esi),%ebp
-	addl	%ebx,%eax
-
-	xorl	%ecx,%edi
-	andl	%eax,%edi
-	leal	4254626195(%edx,%ebp,1),%edx
-	xorl	%ecx,%edi
-	addl	%edi,%edx
-	movl	%eax,%edi
-	roll	$12,%edx
-	movl	56(%esi),%ebp
-	addl	%eax,%edx
-
-	xorl	%ebx,%edi
-	andl	%edx,%edi
-	leal	2792965006(%ecx,%ebp,1),%ecx
-	xorl	%ebx,%edi
-	addl	%edi,%ecx
-	movl	%edx,%edi
-	roll	$17,%ecx
-	movl	60(%esi),%ebp
-	addl	%edx,%ecx
-
-	xorl	%eax,%edi
-	andl	%ecx,%edi
-	leal	1236535329(%ebx,%ebp,1),%ebx
-	xorl	%eax,%edi
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$22,%ebx
-	movl	4(%esi),%ebp
-	addl	%ecx,%ebx
-
-
-
-	leal	4129170786(%eax,%ebp,1),%eax
-	xorl	%ebx,%edi
-	andl	%edx,%edi
-	movl	24(%esi),%ebp
-	xorl	%ecx,%edi
-	addl	%edi,%eax
-	movl	%ebx,%edi
-	roll	$5,%eax
-	addl	%ebx,%eax
-
-	leal	3225465664(%edx,%ebp,1),%edx
-	xorl	%eax,%edi
-	andl	%ecx,%edi
-	movl	44(%esi),%ebp
-	xorl	%ebx,%edi
-	addl	%edi,%edx
-	movl	%eax,%edi
-	roll	$9,%edx
-	addl	%eax,%edx
-
-	leal	643717713(%ecx,%ebp,1),%ecx
-	xorl	%edx,%edi
-	andl	%ebx,%edi
-	movl	(%esi),%ebp
-	xorl	%eax,%edi
-	addl	%edi,%ecx
-	movl	%edx,%edi
-	roll	$14,%ecx
-	addl	%edx,%ecx
-
-	leal	3921069994(%ebx,%ebp,1),%ebx
-	xorl	%ecx,%edi
-	andl	%eax,%edi
-	movl	20(%esi),%ebp
-	xorl	%edx,%edi
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$20,%ebx
-	addl	%ecx,%ebx
-
-	leal	3593408605(%eax,%ebp,1),%eax
-	xorl	%ebx,%edi
-	andl	%edx,%edi
-	movl	40(%esi),%ebp
-	xorl	%ecx,%edi
-	addl	%edi,%eax
-	movl	%ebx,%edi
-	roll	$5,%eax
-	addl	%ebx,%eax
-
-	leal	38016083(%edx,%ebp,1),%edx
-	xorl	%eax,%edi
-	andl	%ecx,%edi
-	movl	60(%esi),%ebp
-	xorl	%ebx,%edi
-	addl	%edi,%edx
-	movl	%eax,%edi
-	roll	$9,%edx
-	addl	%eax,%edx
-
-	leal	3634488961(%ecx,%ebp,1),%ecx
-	xorl	%edx,%edi
-	andl	%ebx,%edi
-	movl	16(%esi),%ebp
-	xorl	%eax,%edi
-	addl	%edi,%ecx
-	movl	%edx,%edi
-	roll	$14,%ecx
-	addl	%edx,%ecx
-
-	leal	3889429448(%ebx,%ebp,1),%ebx
-	xorl	%ecx,%edi
-	andl	%eax,%edi
-	movl	36(%esi),%ebp
-	xorl	%edx,%edi
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$20,%ebx
-	addl	%ecx,%ebx
-
-	leal	568446438(%eax,%ebp,1),%eax
-	xorl	%ebx,%edi
-	andl	%edx,%edi
-	movl	56(%esi),%ebp
-	xorl	%ecx,%edi
-	addl	%edi,%eax
-	movl	%ebx,%edi
-	roll	$5,%eax
-	addl	%ebx,%eax
-
-	leal	3275163606(%edx,%ebp,1),%edx
-	xorl	%eax,%edi
-	andl	%ecx,%edi
-	movl	12(%esi),%ebp
-	xorl	%ebx,%edi
-	addl	%edi,%edx
-	movl	%eax,%edi
-	roll	$9,%edx
-	addl	%eax,%edx
-
-	leal	4107603335(%ecx,%ebp,1),%ecx
-	xorl	%edx,%edi
-	andl	%ebx,%edi
-	movl	32(%esi),%ebp
-	xorl	%eax,%edi
-	addl	%edi,%ecx
-	movl	%edx,%edi
-	roll	$14,%ecx
-	addl	%edx,%ecx
-
-	leal	1163531501(%ebx,%ebp,1),%ebx
-	xorl	%ecx,%edi
-	andl	%eax,%edi
-	movl	52(%esi),%ebp
-	xorl	%edx,%edi
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$20,%ebx
-	addl	%ecx,%ebx
-
-	leal	2850285829(%eax,%ebp,1),%eax
-	xorl	%ebx,%edi
-	andl	%edx,%edi
-	movl	8(%esi),%ebp
-	xorl	%ecx,%edi
-	addl	%edi,%eax
-	movl	%ebx,%edi
-	roll	$5,%eax
-	addl	%ebx,%eax
-
-	leal	4243563512(%edx,%ebp,1),%edx
-	xorl	%eax,%edi
-	andl	%ecx,%edi
-	movl	28(%esi),%ebp
-	xorl	%ebx,%edi
-	addl	%edi,%edx
-	movl	%eax,%edi
-	roll	$9,%edx
-	addl	%eax,%edx
-
-	leal	1735328473(%ecx,%ebp,1),%ecx
-	xorl	%edx,%edi
-	andl	%ebx,%edi
-	movl	48(%esi),%ebp
-	xorl	%eax,%edi
-	addl	%edi,%ecx
-	movl	%edx,%edi
-	roll	$14,%ecx
-	addl	%edx,%ecx
-
-	leal	2368359562(%ebx,%ebp,1),%ebx
-	xorl	%ecx,%edi
-	andl	%eax,%edi
-	movl	20(%esi),%ebp
-	xorl	%edx,%edi
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$20,%ebx
-	addl	%ecx,%ebx
-
-
-
-	xorl	%edx,%edi
-	xorl	%ebx,%edi
-	leal	4294588738(%eax,%ebp,1),%eax
-	addl	%edi,%eax
-	roll	$4,%eax
-	movl	32(%esi),%ebp
-	movl	%ebx,%edi
-
-	leal	2272392833(%edx,%ebp,1),%edx
-	addl	%ebx,%eax
-	xorl	%ecx,%edi
-	xorl	%eax,%edi
-	movl	44(%esi),%ebp
-	addl	%edi,%edx
-	movl	%eax,%edi
-	roll	$11,%edx
-	addl	%eax,%edx
-
-	xorl	%ebx,%edi
-	xorl	%edx,%edi
-	leal	1839030562(%ecx,%ebp,1),%ecx
-	addl	%edi,%ecx
-	roll	$16,%ecx
-	movl	56(%esi),%ebp
-	movl	%edx,%edi
-
-	leal	4259657740(%ebx,%ebp,1),%ebx
-	addl	%edx,%ecx
-	xorl	%eax,%edi
-	xorl	%ecx,%edi
-	movl	4(%esi),%ebp
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$23,%ebx
-	addl	%ecx,%ebx
-
-	xorl	%edx,%edi
-	xorl	%ebx,%edi
-	leal	2763975236(%eax,%ebp,1),%eax
-	addl	%edi,%eax
-	roll	$4,%eax
-	movl	16(%esi),%ebp
-	movl	%ebx,%edi
-
-	leal	1272893353(%edx,%ebp,1),%edx
-	addl	%ebx,%eax
-	xorl	%ecx,%edi
-	xorl	%eax,%edi
-	movl	28(%esi),%ebp
-	addl	%edi,%edx
-	movl	%eax,%edi
-	roll	$11,%edx
-	addl	%eax,%edx
-
-	xorl	%ebx,%edi
-	xorl	%edx,%edi
-	leal	4139469664(%ecx,%ebp,1),%ecx
-	addl	%edi,%ecx
-	roll	$16,%ecx
-	movl	40(%esi),%ebp
-	movl	%edx,%edi
-
-	leal	3200236656(%ebx,%ebp,1),%ebx
-	addl	%edx,%ecx
-	xorl	%eax,%edi
-	xorl	%ecx,%edi
-	movl	52(%esi),%ebp
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$23,%ebx
-	addl	%ecx,%ebx
-
-	xorl	%edx,%edi
-	xorl	%ebx,%edi
-	leal	681279174(%eax,%ebp,1),%eax
-	addl	%edi,%eax
-	roll	$4,%eax
-	movl	(%esi),%ebp
-	movl	%ebx,%edi
-
-	leal	3936430074(%edx,%ebp,1),%edx
-	addl	%ebx,%eax
-	xorl	%ecx,%edi
-	xorl	%eax,%edi
-	movl	12(%esi),%ebp
-	addl	%edi,%edx
-	movl	%eax,%edi
-	roll	$11,%edx
-	addl	%eax,%edx
-
-	xorl	%ebx,%edi
-	xorl	%edx,%edi
-	leal	3572445317(%ecx,%ebp,1),%ecx
-	addl	%edi,%ecx
-	roll	$16,%ecx
-	movl	24(%esi),%ebp
-	movl	%edx,%edi
-
-	leal	76029189(%ebx,%ebp,1),%ebx
-	addl	%edx,%ecx
-	xorl	%eax,%edi
-	xorl	%ecx,%edi
-	movl	36(%esi),%ebp
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$23,%ebx
-	addl	%ecx,%ebx
-
-	xorl	%edx,%edi
-	xorl	%ebx,%edi
-	leal	3654602809(%eax,%ebp,1),%eax
-	addl	%edi,%eax
-	roll	$4,%eax
-	movl	48(%esi),%ebp
-	movl	%ebx,%edi
-
-	leal	3873151461(%edx,%ebp,1),%edx
-	addl	%ebx,%eax
-	xorl	%ecx,%edi
-	xorl	%eax,%edi
-	movl	60(%esi),%ebp
-	addl	%edi,%edx
-	movl	%eax,%edi
-	roll	$11,%edx
-	addl	%eax,%edx
-
-	xorl	%ebx,%edi
-	xorl	%edx,%edi
-	leal	530742520(%ecx,%ebp,1),%ecx
-	addl	%edi,%ecx
-	roll	$16,%ecx
-	movl	8(%esi),%ebp
-	movl	%edx,%edi
-
-	leal	3299628645(%ebx,%ebp,1),%ebx
-	addl	%edx,%ecx
-	xorl	%eax,%edi
-	xorl	%ecx,%edi
-	movl	(%esi),%ebp
-	addl	%edi,%ebx
-	movl	$-1,%edi
-	roll	$23,%ebx
-	addl	%ecx,%ebx
-
-
-
-	xorl	%edx,%edi
-	orl	%ebx,%edi
-	leal	4096336452(%eax,%ebp,1),%eax
-	xorl	%ecx,%edi
-	movl	28(%esi),%ebp
-	addl	%edi,%eax
-	movl	$-1,%edi
-	roll	$6,%eax
-	xorl	%ecx,%edi
-	addl	%ebx,%eax
-
-	orl	%eax,%edi
-	leal	1126891415(%edx,%ebp,1),%edx
-	xorl	%ebx,%edi
-	movl	56(%esi),%ebp
-	addl	%edi,%edx
-	movl	$-1,%edi
-	roll	$10,%edx
-	xorl	%ebx,%edi
-	addl	%eax,%edx
-
-	orl	%edx,%edi
-	leal	2878612391(%ecx,%ebp,1),%ecx
-	xorl	%eax,%edi
-	movl	20(%esi),%ebp
-	addl	%edi,%ecx
-	movl	$-1,%edi
-	roll	$15,%ecx
-	xorl	%eax,%edi
-	addl	%edx,%ecx
-
-	orl	%ecx,%edi
-	leal	4237533241(%ebx,%ebp,1),%ebx
-	xorl	%edx,%edi
-	movl	48(%esi),%ebp
-	addl	%edi,%ebx
-	movl	$-1,%edi
-	roll	$21,%ebx
-	xorl	%edx,%edi
-	addl	%ecx,%ebx
-
-	orl	%ebx,%edi
-	leal	1700485571(%eax,%ebp,1),%eax
-	xorl	%ecx,%edi
-	movl	12(%esi),%ebp
-	addl	%edi,%eax
-	movl	$-1,%edi
-	roll	$6,%eax
-	xorl	%ecx,%edi
-	addl	%ebx,%eax
-
-	orl	%eax,%edi
-	leal	2399980690(%edx,%ebp,1),%edx
-	xorl	%ebx,%edi
-	movl	40(%esi),%ebp
-	addl	%edi,%edx
-	movl	$-1,%edi
-	roll	$10,%edx
-	xorl	%ebx,%edi
-	addl	%eax,%edx
-
-	orl	%edx,%edi
-	leal	4293915773(%ecx,%ebp,1),%ecx
-	xorl	%eax,%edi
-	movl	4(%esi),%ebp
-	addl	%edi,%ecx
-	movl	$-1,%edi
-	roll	$15,%ecx
-	xorl	%eax,%edi
-	addl	%edx,%ecx
-
-	orl	%ecx,%edi
-	leal	2240044497(%ebx,%ebp,1),%ebx
-	xorl	%edx,%edi
-	movl	32(%esi),%ebp
-	addl	%edi,%ebx
-	movl	$-1,%edi
-	roll	$21,%ebx
-	xorl	%edx,%edi
-	addl	%ecx,%ebx
-
-	orl	%ebx,%edi
-	leal	1873313359(%eax,%ebp,1),%eax
-	xorl	%ecx,%edi
-	movl	60(%esi),%ebp
-	addl	%edi,%eax
-	movl	$-1,%edi
-	roll	$6,%eax
-	xorl	%ecx,%edi
-	addl	%ebx,%eax
-
-	orl	%eax,%edi
-	leal	4264355552(%edx,%ebp,1),%edx
-	xorl	%ebx,%edi
-	movl	24(%esi),%ebp
-	addl	%edi,%edx
-	movl	$-1,%edi
-	roll	$10,%edx
-	xorl	%ebx,%edi
-	addl	%eax,%edx
-
-	orl	%edx,%edi
-	leal	2734768916(%ecx,%ebp,1),%ecx
-	xorl	%eax,%edi
-	movl	52(%esi),%ebp
-	addl	%edi,%ecx
-	movl	$-1,%edi
-	roll	$15,%ecx
-	xorl	%eax,%edi
-	addl	%edx,%ecx
-
-	orl	%ecx,%edi
-	leal	1309151649(%ebx,%ebp,1),%ebx
-	xorl	%edx,%edi
-	movl	16(%esi),%ebp
-	addl	%edi,%ebx
-	movl	$-1,%edi
-	roll	$21,%ebx
-	xorl	%edx,%edi
-	addl	%ecx,%ebx
-
-	orl	%ebx,%edi
-	leal	4149444226(%eax,%ebp,1),%eax
-	xorl	%ecx,%edi
-	movl	44(%esi),%ebp
-	addl	%edi,%eax
-	movl	$-1,%edi
-	roll	$6,%eax
-	xorl	%ecx,%edi
-	addl	%ebx,%eax
-
-	orl	%eax,%edi
-	leal	3174756917(%edx,%ebp,1),%edx
-	xorl	%ebx,%edi
-	movl	8(%esi),%ebp
-	addl	%edi,%edx
-	movl	$-1,%edi
-	roll	$10,%edx
-	xorl	%ebx,%edi
-	addl	%eax,%edx
-
-	orl	%edx,%edi
-	leal	718787259(%ecx,%ebp,1),%ecx
-	xorl	%eax,%edi
-	movl	36(%esi),%ebp
-	addl	%edi,%ecx
-	movl	$-1,%edi
-	roll	$15,%ecx
-	xorl	%eax,%edi
-	addl	%edx,%ecx
-
-	orl	%ecx,%edi
-	leal	3951481745(%ebx,%ebp,1),%ebx
-	xorl	%edx,%edi
-	movl	24(%esp),%ebp
-	addl	%edi,%ebx
-	addl	$64,%esi
-	roll	$21,%ebx
-	movl	(%ebp),%edi
-	addl	%ecx,%ebx
-	addl	%edi,%eax
-	movl	4(%ebp),%edi
-	addl	%edi,%ebx
-	movl	8(%ebp),%edi
-	addl	%edi,%ecx
-	movl	12(%ebp),%edi
-	addl	%edi,%edx
-	movl	%eax,(%ebp)
-	movl	%ebx,4(%ebp)
-	movl	(%esp),%edi
-	movl	%ecx,8(%ebp)
-	movl	%edx,12(%ebp)
-	cmpl	%esi,%edi
-	jae	.L000start
-	popl	%eax
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.size	md5_block_asm_data_order,.-.L_md5_block_asm_data_order_begin
diff --git a/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl
deleted file mode 100644
index 6cb66bb499..0000000000
--- a/crypto/md5/asm/md5-586.pl
+++ /dev/null
@@ -1,307 +0,0 @@
-#!/usr/local/bin/perl
-
-# Normal is the
-# md5_block_x86(MD5_CTX *c, ULONG *X);
-# version, non-normal is the
-# md5_block_x86(MD5_CTX *c, ULONG *X,int blocks);
-
-$normal=0;
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],$0);
-
-$A="eax";
-$B="ebx";
-$C="ecx";
-$D="edx";
-$tmp1="edi";
-$tmp2="ebp";
-$X="esi";
-
-# What we need to load into $tmp for the next round
-%Ltmp1=("R0",&Np($C), "R1",&Np($C), "R2",&Np($C), "R3",&Np($D));
-@xo=(
- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,	# R0
- 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,	# R1
- 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,	# R2
- 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,	# R3
- );
-
-&md5_block("md5_block_asm_data_order");
-&asm_finish();
-
-sub Np
-	{
-	local($p)=@_;
-	local(%n)=($A,$D,$B,$A,$C,$B,$D,$C);
-	return($n{$p});
-	}
-
-sub R0
-	{
-	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
-
-	&mov($tmp1,$C)  if $pos < 0;
-	&mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one 
-
-	# body proper
-
-	&comment("R0 $ki");
-	&xor($tmp1,$d); # F function - part 2
-
-	&and($tmp1,$b); # F function - part 3
-	&lea($a,&DWP($t,$a,$tmp2,1));
-
-	&xor($tmp1,$d); # F function - part 4
-
-	&add($a,$tmp1);
-	&mov($tmp1,&Np($c)) if $pos < 1;	# next tmp1 for R0
-	&mov($tmp1,&Np($c)) if $pos == 1;	# next tmp1 for R1
-
-	&rotl($a,$s);
-
-	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
-
-	&add($a,$b);
-	}
-
-sub R1
-	{
-	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
-
-	&comment("R1 $ki");
-
-	&lea($a,&DWP($t,$a,$tmp2,1));
-
-	&xor($tmp1,$b); # G function - part 2
-	&and($tmp1,$d); # G function - part 3
-
-	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
-	&xor($tmp1,$c);			# G function - part 4
-
-	&add($a,$tmp1);
-	&mov($tmp1,&Np($c)) if $pos < 1;	# G function - part 1
-	&mov($tmp1,&Np($c)) if $pos == 1;	# G function - part 1
-
-	&rotl($a,$s);
-
-	&add($a,$b);
-	}
-
-sub R2
-	{
-	local($n,$pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
-	# This one is different, only 3 logical operations
-
-if (($n & 1) == 0)
-	{
-	&comment("R2 $ki");
-	# make sure to do 'D' first, not 'B', else we clash with
-	# the last add from the previous round.
-
-	&xor($tmp1,$d); # H function - part 2
-
-	&xor($tmp1,$b); # H function - part 3
-	&lea($a,&DWP($t,$a,$tmp2,1));
-
-	&add($a,$tmp1);
-
-	&rotl($a,$s);
-
-	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0));
-	&mov($tmp1,&Np($c));
-	}
-else
-	{
-	&comment("R2 $ki");
-	# make sure to do 'D' first, not 'B', else we clash with
-	# the last add from the previous round.
-
-	&lea($a,&DWP($t,$a,$tmp2,1));
-
-	&add($b,$c);			# MOVED FORWARD
-	&xor($tmp1,$d); # H function - part 2
-
-	&xor($tmp1,$b); # H function - part 3
-	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
-
-	&add($a,$tmp1);
-	&mov($tmp1,&Np($c)) if $pos < 1;	# H function - part 1
-	&mov($tmp1,-1) if $pos == 1;		# I function - part 1
-
-	&rotl($a,$s);
-
-	&add($a,$b);
-	}
-	}
-
-sub R3
-	{
-	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
-
-	&comment("R3 $ki");
-
-	# &not($tmp1)
-	&xor($tmp1,$d) if $pos < 0; 	# I function - part 2
-
-	&or($tmp1,$b);				# I function - part 3
-	&lea($a,&DWP($t,$a,$tmp2,1));
-
-	&xor($tmp1,$c); 			# I function - part 4
-	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0))	if $pos != 2; # load X/k value
-	&mov($tmp2,&wparam(0)) if $pos == 2;
-
-	&add($a,$tmp1);
-	&mov($tmp1,-1) if $pos < 1;	# H function - part 1
-	&add($K,64) if $pos >=1 && !$normal;
-
-	&rotl($a,$s);
-
-	&xor($tmp1,&Np($d)) if $pos <= 0; 	# I function - part = first time
-	&mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0;
-	&add($a,$b);
-	}
-
-
-sub md5_block
-	{
-	local($name)=@_;
-
-	&function_begin_B($name,"",3);
-
-	# parameter 1 is the MD5_CTX structure.
-	# A	0
-	# B	4
-	# C	8
-	# D 	12
-
-	&push("esi");
-	 &push("edi");
-	&mov($tmp1,	&wparam(0)); # edi
-	 &mov($X,	&wparam(1)); # esi
-	&mov($C,	&wparam(2));
-	 &push("ebp");
-	&shl($C,	6);
-	&push("ebx");
-	 &add($C,	$X); # offset we end at
-	&sub($C,	64);
-	 &mov($A,	&DWP( 0,$tmp1,"",0));
-	&push($C);	# Put on the TOS
-	 &mov($B,	&DWP( 4,$tmp1,"",0));
-	&mov($C,	&DWP( 8,$tmp1,"",0));
-	 &mov($D,	&DWP(12,$tmp1,"",0));
-
-	&set_label("start") unless $normal;
-	&comment("");
-	&comment("R0 section");
-
-	&R0(-2,$A,$B,$C,$D,$X, 0, 7,0xd76aa478);
-	&R0( 0,$D,$A,$B,$C,$X, 1,12,0xe8c7b756);
-	&R0( 0,$C,$D,$A,$B,$X, 2,17,0x242070db);
-	&R0( 0,$B,$C,$D,$A,$X, 3,22,0xc1bdceee);
-	&R0( 0,$A,$B,$C,$D,$X, 4, 7,0xf57c0faf);
-	&R0( 0,$D,$A,$B,$C,$X, 5,12,0x4787c62a);
-	&R0( 0,$C,$D,$A,$B,$X, 6,17,0xa8304613);
-	&R0( 0,$B,$C,$D,$A,$X, 7,22,0xfd469501);
-	&R0( 0,$A,$B,$C,$D,$X, 8, 7,0x698098d8);
-	&R0( 0,$D,$A,$B,$C,$X, 9,12,0x8b44f7af);
-	&R0( 0,$C,$D,$A,$B,$X,10,17,0xffff5bb1);
-	&R0( 0,$B,$C,$D,$A,$X,11,22,0x895cd7be);
-	&R0( 0,$A,$B,$C,$D,$X,12, 7,0x6b901122);
-	&R0( 0,$D,$A,$B,$C,$X,13,12,0xfd987193);
-	&R0( 0,$C,$D,$A,$B,$X,14,17,0xa679438e);
-	&R0( 1,$B,$C,$D,$A,$X,15,22,0x49b40821);
-
-	&comment("");
-	&comment("R1 section");
-	&R1(-1,$A,$B,$C,$D,$X,16, 5,0xf61e2562);
-	&R1( 0,$D,$A,$B,$C,$X,17, 9,0xc040b340);
-	&R1( 0,$C,$D,$A,$B,$X,18,14,0x265e5a51);
-	&R1( 0,$B,$C,$D,$A,$X,19,20,0xe9b6c7aa);
-	&R1( 0,$A,$B,$C,$D,$X,20, 5,0xd62f105d);
-	&R1( 0,$D,$A,$B,$C,$X,21, 9,0x02441453);
-	&R1( 0,$C,$D,$A,$B,$X,22,14,0xd8a1e681);
-	&R1( 0,$B,$C,$D,$A,$X,23,20,0xe7d3fbc8);
-	&R1( 0,$A,$B,$C,$D,$X,24, 5,0x21e1cde6);
-	&R1( 0,$D,$A,$B,$C,$X,25, 9,0xc33707d6);
-	&R1( 0,$C,$D,$A,$B,$X,26,14,0xf4d50d87);
-	&R1( 0,$B,$C,$D,$A,$X,27,20,0x455a14ed);
-	&R1( 0,$A,$B,$C,$D,$X,28, 5,0xa9e3e905);
-	&R1( 0,$D,$A,$B,$C,$X,29, 9,0xfcefa3f8);
-	&R1( 0,$C,$D,$A,$B,$X,30,14,0x676f02d9);
-	&R1( 1,$B,$C,$D,$A,$X,31,20,0x8d2a4c8a);
-
-	&comment("");
-	&comment("R2 section");
-	&R2( 0,-1,$A,$B,$C,$D,$X,32, 4,0xfffa3942);
-	&R2( 1, 0,$D,$A,$B,$C,$X,33,11,0x8771f681);
-	&R2( 2, 0,$C,$D,$A,$B,$X,34,16,0x6d9d6122);
-	&R2( 3, 0,$B,$C,$D,$A,$X,35,23,0xfde5380c);
-	&R2( 4, 0,$A,$B,$C,$D,$X,36, 4,0xa4beea44);
-	&R2( 5, 0,$D,$A,$B,$C,$X,37,11,0x4bdecfa9);
-	&R2( 6, 0,$C,$D,$A,$B,$X,38,16,0xf6bb4b60);
-	&R2( 7, 0,$B,$C,$D,$A,$X,39,23,0xbebfbc70);
-	&R2( 8, 0,$A,$B,$C,$D,$X,40, 4,0x289b7ec6);
-	&R2( 9, 0,$D,$A,$B,$C,$X,41,11,0xeaa127fa);
-	&R2(10, 0,$C,$D,$A,$B,$X,42,16,0xd4ef3085);
-	&R2(11, 0,$B,$C,$D,$A,$X,43,23,0x04881d05);
-	&R2(12, 0,$A,$B,$C,$D,$X,44, 4,0xd9d4d039);
-	&R2(13, 0,$D,$A,$B,$C,$X,45,11,0xe6db99e5);
-	&R2(14, 0,$C,$D,$A,$B,$X,46,16,0x1fa27cf8);
-	&R2(15, 1,$B,$C,$D,$A,$X,47,23,0xc4ac5665);
-
-	&comment("");
-	&comment("R3 section");
-	&R3(-1,$A,$B,$C,$D,$X,48, 6,0xf4292244);
-	&R3( 0,$D,$A,$B,$C,$X,49,10,0x432aff97);
-	&R3( 0,$C,$D,$A,$B,$X,50,15,0xab9423a7);
-	&R3( 0,$B,$C,$D,$A,$X,51,21,0xfc93a039);
-	&R3( 0,$A,$B,$C,$D,$X,52, 6,0x655b59c3);
-	&R3( 0,$D,$A,$B,$C,$X,53,10,0x8f0ccc92);
-	&R3( 0,$C,$D,$A,$B,$X,54,15,0xffeff47d);
-	&R3( 0,$B,$C,$D,$A,$X,55,21,0x85845dd1);
-	&R3( 0,$A,$B,$C,$D,$X,56, 6,0x6fa87e4f);
-	&R3( 0,$D,$A,$B,$C,$X,57,10,0xfe2ce6e0);
-	&R3( 0,$C,$D,$A,$B,$X,58,15,0xa3014314);
-	&R3( 0,$B,$C,$D,$A,$X,59,21,0x4e0811a1);
-	&R3( 0,$A,$B,$C,$D,$X,60, 6,0xf7537e82);
-	&R3( 0,$D,$A,$B,$C,$X,61,10,0xbd3af235);
-	&R3( 0,$C,$D,$A,$B,$X,62,15,0x2ad7d2bb);
-	&R3( 2,$B,$C,$D,$A,$X,63,21,0xeb86d391);
-
-	# &mov($tmp2,&wparam(0));	# done in the last R3
-	# &mov($tmp1,	&DWP( 0,$tmp2,"",0)); # done is the last R3
-
-	&add($A,$tmp1);
-	 &mov($tmp1,	&DWP( 4,$tmp2,"",0));
-
-	&add($B,$tmp1);
-	&mov($tmp1,	&DWP( 8,$tmp2,"",0));
-
-	&add($C,$tmp1);
-	&mov($tmp1,	&DWP(12,$tmp2,"",0));
-
-	&add($D,$tmp1);
-	&mov(&DWP( 0,$tmp2,"",0),$A);
-
-	&mov(&DWP( 4,$tmp2,"",0),$B);
-	&mov($tmp1,&swtmp(0)) unless $normal;
-
-	&mov(&DWP( 8,$tmp2,"",0),$C);
-	 &mov(&DWP(12,$tmp2,"",0),$D);
-
-	&cmp($tmp1,$X) unless $normal;			# check count
-	 &jae(&label("start")) unless $normal;
-
-	&pop("eax"); # pop the temp variable off the stack
-	 &pop("ebx");
-	&pop("ebp");
-	 &pop("edi");
-	&pop("esi");
-	 &ret();
-	&function_end_B($name);
-	}
-
diff --git a/crypto/md5/asm/md5-ia64.S b/crypto/md5/asm/md5-ia64.S
deleted file mode 100644
index e7de08d46a..0000000000
--- a/crypto/md5/asm/md5-ia64.S
+++ /dev/null
@@ -1,992 +0,0 @@
-/* Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
-
-//	Common registers are assigned as follows:
-//
-//	COMMON
-//
-//	t0		Const Tbl Ptr	TPtr
-//	t1		Round Constant	TRound
-//	t4		Block residual	LenResid
-//	t5		Residual Data	DTmp
-//
-//	{in,out}0	Block 0 Cycle	RotateM0
-//	{in,out}1	Block Value 12	M12
-//	{in,out}2	Block Value 8	M8
-//	{in,out}3	Block Value 4	M4
-//	{in,out}4	Block Value 0	M0
-//	{in,out}5	Block 1 Cycle	RotateM1
-//	{in,out}6	Block Value 13	M13
-//	{in,out}7	Block Value 9	M9
-//	{in,out}8	Block Value 5	M5
-//	{in,out}9	Block Value 1	M1
-//	{in,out}10	Block 2 Cycle	RotateM2
-//	{in,out}11	Block Value 14	M14
-//	{in,out}12	Block Value 10	M10
-//	{in,out}13	Block Value 6	M6
-//	{in,out}14	Block Value 2	M2
-//	{in,out}15	Block 3 Cycle	RotateM3
-//	{in,out}16	Block Value 15	M15
-//	{in,out}17	Block Value 11	M11
-//	{in,out}18	Block Value 7	M7
-//	{in,out}19	Block Value 3	M3
-//	{in,out}20	Scratch			Z
-//	{in,out}21	Scratch			Y
-//	{in,out}22	Scratch			X
-//	{in,out}23	Scratch			W
-//	{in,out}24	Digest A		A
-//	{in,out}25	Digest B		B
-//	{in,out}26	Digest C		C
-//	{in,out}27	Digest D		D
-//	{in,out}28	Active Data Ptr	DPtr
-//	in28		Dummy Value		-
-//	out28		Dummy Value		-
-//	bt0			Coroutine Link	QUICK_RTN
-//
-///	These predicates are used for computing the padding block(s) and
-///	are shared between the driver and digest co-routines
-//
-//	pt0			Extra Pad Block	pExtra
-//	pt1			Load next word	pLoad
-//	pt2			Skip next word	pSkip
-//	pt3			Search for Pad	pNoPad
-//	pt4			Pad Word 0		pPad0
-//	pt5			Pad Word 1		pPad1
-//	pt6			Pad Word 2		pPad2
-//	pt7			Pad Word 3		pPad3
-
-#define	DTmp		r19
-#define	LenResid	r18
-#define	QUICK_RTN	b6
-#define	TPtr		r14
-#define	TRound		r15
-#define	pExtra		p6
-#define	pLoad		p7
-#define	pNoPad		p9
-#define	pPad0		p10
-#define	pPad1		p11
-#define	pPad2		p12
-#define	pPad3		p13
-#define	pSkip		p8
-
-#define	A_		out24
-#define	B_		out25
-#define	C_		out26
-#define	D_		out27
-#define	DPtr_		out28
-#define	M0_		out4
-#define	M1_		out9
-#define	M10_		out12
-#define	M11_		out17
-#define	M12_		out1
-#define	M13_		out6
-#define	M14_		out11
-#define	M15_		out16
-#define	M2_		out14
-#define	M3_		out19
-#define	M4_		out3
-#define	M5_		out8
-#define	M6_		out13
-#define	M7_		out18
-#define	M8_		out2
-#define	M9_		out7
-#define	RotateM0_	out0
-#define	RotateM1_	out5
-#define	RotateM2_	out10
-#define	RotateM3_	out15
-#define	W_		out23
-#define	X_		out22
-#define	Y_		out21
-#define	Z_		out20
-
-#define	A		in24
-#define	B		in25
-#define	C		in26
-#define	D		in27
-#define	DPtr		in28
-#define	M0		in4
-#define	M1		in9
-#define	M10		in12
-#define	M11		in17
-#define	M12		in1
-#define	M13		in6
-#define	M14		in11
-#define	M15		in16
-#define	M2		in14
-#define	M3		in19
-#define	M4		in3
-#define	M5		in8
-#define	M6		in13
-#define	M7		in18
-#define	M8		in2
-#define	M9		in7
-#define	RotateM0	in0
-#define	RotateM1	in5
-#define	RotateM2	in10
-#define	RotateM3	in15
-#define	W		in23
-#define	X		in22
-#define	Y		in21
-#define	Z		in20
-
-/* register stack configuration for md5_block_asm_data_order(): */
-#define	MD5_NINP	3
-#define	MD5_NLOC	0
-#define MD5_NOUT	29
-#define MD5_NROT	0
-
-/* register stack configuration for helpers: */
-#define	_NINPUTS	MD5_NOUT
-#define	_NLOCALS	0
-#define _NOUTPUT	0
-#define	_NROTATE	24	/* this must be <= _NINPUTS */
-
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-#define	ADDP	addp4
-#else
-#define	ADDP	add
-#endif
-
-#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
-#define HOST_IS_BIG_ENDIAN
-#endif
-
-//	Macros for getting the left and right portions of little-endian words
-
-#define	GETLW(dst, src, align)	dep.z dst = src, 32 - 8 * align, 8 * align
-#define	GETRW(dst, src, align)	extr.u dst = src, 8 * align, 32 - 8 * align
-
-//	MD5 driver
-//
-//		Reads an input block, then calls the digest block
-//		subroutine and adds the results to the accumulated
-//		digest.  It allocates 32 outs which the subroutine
-//		uses as it's inputs and rotating
-//		registers. Initializes the round constant pointer and
-//		takes care of saving/restoring ar.lc
-//
-///	INPUT
-//
-//	in0		Context Ptr		CtxPtr0
-//	in1		Input Data Ptr		DPtrIn
-//	in2		Integral Blocks		BlockCount
-//	rp		Return Address		-
-//
-///	CODE
-//
-//	v2		Input Align		InAlign
-//	t0		Shared w/digest		-
-//	t1		Shared w/digest		-
-//	t2		Shared w/digest		-
-//	t3		Shared w/digest		-
-//	t4		Shared w/digest		-
-//	t5		Shared w/digest		-
-//	t6		PFS Save		PFSSave
-//	t7		ar.lc Save		LCSave
-//	t8		Saved PR		PRSave
-//	t9		2nd CtxPtr		CtxPtr1
-//	t10		Table Base		CTable
-//	t11		Table[0]		CTable0
-//	t13		Accumulator A		AccumA
-//	t14		Accumulator B		AccumB
-//	t15		Accumulator C		AccumC
-//	t16		Accumulator D		AccumD
-//	pt0		Shared w/digest		-
-//	pt1		Shared w/digest		-
-//	pt2		Shared w/digest		-
-//	pt3		Shared w/digest		-
-//	pt4		Shared w/digest		-
-//	pt5		Shared w/digest		-
-//	pt6		Shared w/digest		-
-//	pt7		Shared w/digest		-
-//	pt8		Not Aligned		pOff
-//	pt8		Blocks Left		pAgain
-
-#define	AccumA		r27
-#define	AccumB		r28
-#define	AccumC		r29
-#define	AccumD		r30
-#define	CTable		r24
-#define	CTable0		r25
-#define	CtxPtr0		in0
-#define	CtxPtr1		r23
-#define	DPtrIn		in1
-#define	BlockCount	in2
-#define	InAlign		r10
-#define	LCSave		r21
-#define	PFSSave		r20
-#define	PRSave		r22
-#define	pAgain		p63
-#define	pOff		p63
-
-	.text
-
-/* md5_block_asm_data_order(MD5_CTX *c, const void *data, size_t num)
-
-     where:
-      c: a pointer to a structure of this type:
-
-	   typedef struct MD5state_st
-	     {
-	       MD5_LONG A,B,C,D;
-	       MD5_LONG Nl,Nh;
-	       MD5_LONG data[MD5_LBLOCK];
-	       unsigned int num;
-	     }
-	   MD5_CTX;
-
-      data: a pointer to the input data (may be misaligned)
-      num:  the number of 16-byte blocks to hash (i.e., the length
-            of DATA is 16*NUM.
-
-   */
-
-	.type	md5_block_asm_data_order, @function
-	.global	md5_block_asm_data_order
-	.align	32
-	.proc	md5_block_asm_data_order
-md5_block_asm_data_order:
-.md5_block:
-	.prologue
-{	.mmi
-	.save	ar.pfs, PFSSave
-	alloc	PFSSave = ar.pfs, MD5_NINP, MD5_NLOC, MD5_NOUT, MD5_NROT
-	ADDP	CtxPtr1 = 8, CtxPtr0
-	mov	CTable = ip
-}
-{	.mmi
-	ADDP	DPtrIn = 0, DPtrIn
-	ADDP	CtxPtr0 = 0, CtxPtr0
-	.save	ar.lc, LCSave
-	mov	LCSave = ar.lc
-}
-;;
-{	.mmi
-	add	CTable = .md5_tbl_data_order#-.md5_block#, CTable
-	and	InAlign = 0x3, DPtrIn
-}
-
-{	.mmi
-	ld4	AccumA = [CtxPtr0], 4
-	ld4	AccumC = [CtxPtr1], 4
-	.save pr, PRSave
-	mov	PRSave = pr
-	.body
-}
-;;
-{	.mmi
-	ld4	AccumB = [CtxPtr0]
-	ld4	AccumD = [CtxPtr1]
-	dep	DPtr_ = 0, DPtrIn, 0, 2
-} ;;
-#ifdef HOST_IS_BIG_ENDIAN
-	rum	psr.be;;	// switch to little-endian
-#endif
-{	.mmb
-	ld4	CTable0 = [CTable], 4
-	cmp.ne	pOff, p0 = 0, InAlign
-(pOff)	br.cond.spnt.many .md5_unaligned
-} ;;
-
-//	The FF load/compute loop rotates values three times, so that
-//	loading into M12 here produces the M0 value, M13 -> M1, etc.
-
-.md5_block_loop0:
-{	.mmi
-	ld4	M12_ = [DPtr_], 4
-	mov	TPtr = CTable
-	mov	TRound = CTable0
-} ;;
-{	.mmi
-	ld4	M13_ = [DPtr_], 4
-	mov	A_ = AccumA
-	mov	B_ = AccumB
-} ;;
-{	.mmi
-	ld4	M14_ = [DPtr_], 4
-	mov	C_ = AccumC
-	mov	D_ = AccumD
-} ;;
-{	.mmb
-	ld4	M15_ = [DPtr_], 4
-	add	BlockCount = -1, BlockCount
-	br.call.sptk.many QUICK_RTN = md5_digest_block0
-} ;;
-
-//	Now, we add the new digest values and do some clean-up
-//	before checking if there's another full block to process
-
-{	.mmi
-	add	AccumA = AccumA, A_
-	add	AccumB = AccumB, B_
-	cmp.ne	pAgain, p0 = 0, BlockCount
-}
-{	.mib
-	add	AccumC = AccumC, C_
-	add	AccumD = AccumD, D_
-(pAgain) br.cond.dptk.many .md5_block_loop0
-} ;;
-
-.md5_exit:
-#ifdef HOST_IS_BIG_ENDIAN
-	sum	psr.be;;	// switch back to big-endian mode
-#endif
-{	.mmi
-	st4	[CtxPtr0] = AccumB, -4
-	st4	[CtxPtr1] = AccumD, -4
-	mov	pr = PRSave, 0x1ffff ;;
-}
-{	.mmi
-	st4	[CtxPtr0] = AccumA
-	st4	[CtxPtr1] = AccumC
-	mov	ar.lc = LCSave
-} ;;
-{	.mib
-	mov	ar.pfs = PFSSave
-	br.ret.sptk.few	rp
-} ;;
-
-#define	MD5UNALIGNED(offset)						\
-.md5_process##offset:							\
-{	.mib ;								\
-	nop	0x0	;						\
-	GETRW(DTmp, DTmp, offset) ;					\
-} ;;									\
-.md5_block_loop##offset:						\
-{	.mmi ;								\
-	ld4	Y_ = [DPtr_], 4 ;					\
-	mov	TPtr = CTable ;						\
-	mov	TRound = CTable0 ;					\
-} ;;									\
-{	.mmi ;								\
-	ld4	M13_ = [DPtr_], 4 ;					\
-	mov	A_ = AccumA ;						\
-	mov	B_ = AccumB ;						\
-} ;;									\
-{	.mii ;								\
-	ld4	M14_ = [DPtr_], 4 ;					\
-	GETLW(W_, Y_, offset) ;						\
-	mov	C_ = AccumC ;						\
-}									\
-{	.mmi ;								\
-	mov	D_ = AccumD ;;						\
-	or	M12_ = W_, DTmp ;					\
-	GETRW(DTmp, Y_, offset) ;					\
-}									\
-{	.mib ;								\
-	ld4	M15_ = [DPtr_], 4 ;					\
-	add	BlockCount = -1, BlockCount ;				\
-	br.call.sptk.many QUICK_RTN = md5_digest_block##offset;		\
-} ;;									\
-{	.mmi ;								\
-	add	AccumA = AccumA, A_ ;					\
-	add	AccumB = AccumB, B_ ;					\
-	cmp.ne	pAgain, p0 = 0, BlockCount ;				\
-}									\
-{	.mib ;								\
-	add	AccumC = AccumC, C_ ;					\
-	add	AccumD = AccumD, D_ ;					\
-(pAgain) br.cond.dptk.many .md5_block_loop##offset ;			\
-} ;;									\
-{	.mib ;								\
-	nop	0x0 ;							\
-	nop	0x0 ;							\
-	br.cond.sptk.many .md5_exit ;					\
-} ;;
-
-	.align	32
-.md5_unaligned:
-//
-//	Because variable shifts are expensive, we special case each of
-//	the four alignements. In practice, this won't hurt too much
-//	since only one working set of code will be loaded.
-//
-{	.mib
-	ld4	DTmp = [DPtr_], 4
-	cmp.eq	pOff, p0 = 1, InAlign
-(pOff)	br.cond.dpnt.many .md5_process1
-} ;;
-{	.mib
-	cmp.eq	pOff, p0 = 2, InAlign
-	nop	0x0
-(pOff)	br.cond.dpnt.many .md5_process2
-} ;;
-	MD5UNALIGNED(3)
-	MD5UNALIGNED(1)
-	MD5UNALIGNED(2)
-
-	.endp md5_block_asm_data_order
-
-
-// MD5 Perform the F function and load
-//
-// Passed the first 4 words (M0 - M3) and initial (A, B, C, D) values,
-// computes the FF() round of functions, then branches to the common
-// digest code to finish up with GG(), HH, and II().
-//
-// INPUT
-//
-// rp Return Address -
-//
-// CODE
-//
-// v0 PFS bit bucket PFS
-// v1 Loop Trip Count LTrip
-// pt0 Load next word pMore
-
-/* For F round: */
-#define LTrip	r9
-#define PFS	r8
-#define pMore	p6
-
-/* For GHI rounds: */
-#define T	r9
-#define U	r10
-#define V	r11
-
-#define COMPUTE(a, b, s, M, R)			\
-{						\
-	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	dep.z Y = Z, 32, 32 ;;			\
-	shrp Z = Z, Y, 64 - s ;			\
-} ;;						\
-{						\
-	.mmi ;					\
-	add a = Z, b ;				\
-	mov R = M ;				\
-	nop 0x0 ;				\
-} ;;
-
-#define LOOP(a, b, s, M, R, label)		\
-{	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	dep.z Y = Z, 32, 32 ;;			\
-	shrp Z = Z, Y, 64 - s ;			\
-} ;;						\
-{	.mib ;					\
-	add a = Z, b ;				\
-	mov R = M ;				\
-	br.ctop.sptk.many label ;		\
-} ;;
-
-// G(B, C, D) = (B & D) | (C & ~D)
-
-#define G(a, b, c, d, M)			\
-{	.mmi ;					\
-	add Z = M, TRound ;			\
-	and Y = b, d ;				\
-	andcm X = c, d ;			\
-} ;;						\
-{	.mii ;					\
-	add Z = Z, a ;				\
-	or Y = Y, X ;;				\
-	add Z = Z, Y ;				\
-} ;;
-
-// H(B, C, D) = B ^ C ^ D
-
-#define H(a, b, c, d, M)			\
-{	.mmi ;					\
-	add Z = M, TRound ;			\
-	xor Y = b, c ;				\
-	nop 0x0 ;				\
-} ;;						\
-{	.mii ;					\
-	add Z = Z, a ;				\
-	xor Y = Y, d ;;				\
-	add Z = Z, Y ;				\
-} ;;
-
-// I(B, C, D) = C ^ (B | ~D)
-//
-// However, since we have an andcm operator, we use the fact that
-//
-// Y ^ Z == ~Y ^ ~Z
-//
-// to rewrite the expression as
-//
-// I(B, C, D) = ~C ^ (~B & D)
-
-#define I(a, b, c, d, M)			\
-{	.mmi ;					\
-	add Z = M, TRound ;			\
-	andcm Y = d, b ;			\
-	andcm X = -1, c ;			\
-} ;;						\
-{	.mii ;					\
-	add Z = Z, a ;				\
-	xor Y = Y, X ;;				\
-	add Z = Z, Y ;				\
-} ;;
-
-#define GG4(label)				\
-	G(A, B, C, D, M0)			\
-	COMPUTE(A, B, 5, M0, RotateM0)		\
-	G(D, A, B, C, M1)			\
-	COMPUTE(D, A, 9, M1, RotateM1)		\
-	G(C, D, A, B, M2)			\
-	COMPUTE(C, D, 14, M2, RotateM2)		\
-	G(B, C, D, A, M3)			\
-	LOOP(B, C, 20, M3, RotateM3, label)
-
-#define HH4(label)				\
-	H(A, B, C, D, M0)			\
-	COMPUTE(A, B, 4, M0, RotateM0)		\
-	H(D, A, B, C, M1)			\
-	COMPUTE(D, A, 11, M1, RotateM1)		\
-	H(C, D, A, B, M2)			\
-	COMPUTE(C, D, 16, M2, RotateM2)		\
-	H(B, C, D, A, M3)			\
-	LOOP(B, C, 23, M3, RotateM3, label)
-
-#define II4(label)				\
-	I(A, B, C, D, M0)			\
-	COMPUTE(A, B, 6, M0, RotateM0)		\
-	I(D, A, B, C, M1)			\
-	COMPUTE(D, A, 10, M1, RotateM1)		\
-	I(C, D, A, B, M2)			\
-	COMPUTE(C, D, 15, M2, RotateM2)		\
-	I(B, C, D, A, M3)			\
-	LOOP(B, C, 21, M3, RotateM3, label)
-
-#define FFLOAD(a, b, c, d, M, N, s)		\
-{	.mii ;					\
-(pMore) ld4 N = [DPtr], 4 ;			\
-	add Z = M, TRound ;			\
-	and Y = c, b ;				\
-}						\
-{	.mmi ;					\
-	andcm X = d, b ;;			\
-	add Z = Z, a ;				\
-	or Y = Y, X ;				\
-} ;;						\
-{	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	add Z = Z, Y ;;				\
-	dep.z Y = Z, 32, 32 ;			\
-} ;;						\
-{	.mii ;					\
-	nop 0x0 ;				\
-	shrp Z = Z, Y, 64 - s ;;		\
-	add a = Z, b ;				\
-} ;;
-
-#define FFLOOP(a, b, c, d, M, N, s, dest)	\
-{	.mii ;					\
-(pMore)	ld4 N = [DPtr], 4 ;			\
-	add Z = M, TRound ;			\
-	and Y = c, b ;				\
-}						\
-{	.mmi ;					\
-	andcm X = d, b ;;			\
-	add Z = Z, a ;				\
-	or Y = Y, X ;				\
-} ;;						\
-{	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	add Z = Z, Y ;;				\
-	dep.z Y = Z, 32, 32 ;			\
-} ;;						\
-{	.mii ;					\
-	nop 0x0 ;				\
-	shrp Z = Z, Y, 64 - s ;;		\
-	add a = Z, b ;				\
-}						\
-{	.mib ;					\
-	cmp.ne pMore, p0 = 0, LTrip ;		\
-	add LTrip = -1, LTrip ;			\
-	br.ctop.dptk.many dest ;		\
-} ;;
-
-	.type md5_digest_block0, @function
-	.align 32
-
-	.proc md5_digest_block0
-	.prologue
-md5_digest_block0:
-	.altrp QUICK_RTN
-	.body
-{	.mmi
-	alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
-	mov LTrip = 2
-	mov ar.lc = 3
-} ;;
-{	.mii
-	cmp.eq pMore, p0 = r0, r0
-	mov ar.ec = 0
-	nop 0x0
-} ;;
-
-.md5_FF_round0:
-	FFLOAD(A, B, C, D, M12, RotateM0, 7)
-	FFLOAD(D, A, B, C, M13, RotateM1, 12)
-	FFLOAD(C, D, A, B, M14, RotateM2, 17)
-	FFLOOP(B, C, D, A, M15, RotateM3, 22, .md5_FF_round0)
-	//
-	// !!! Fall through to md5_digest_GHI
-	//
-	.endp md5_digest_block0
-
-	.type md5_digest_GHI, @function
-	.align 32
-
-	.proc md5_digest_GHI
-	.prologue
-	.regstk _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
-md5_digest_GHI:
-	.altrp QUICK_RTN
-	.body
-//
-// The following sequence shuffles the block counstants round for the
-// next round:
-//
-// 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
-// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12
-//
-{	.mmi
-	mov Z = M0
-	mov Y = M15
-	mov ar.lc = 3
-}
-{	.mmi
-	mov X = M2
-	mov W = M9
-	mov V = M4
-} ;;
-
-{	.mmi
-	mov M0 = M1
-	mov M15 = M12
-	mov ar.ec = 1
-}
-{	.mmi
-	mov M2 = M11
-	mov M9 = M14
-	mov M4 = M5
-} ;;
-
-{	.mmi
-	mov M1 = M6
-	mov M12 = M13
-	mov U = M3
-}
-{	.mmi
-	mov M11 = M8
-	mov M14 = M7
-	mov M5 = M10
-} ;;
-
-{	.mmi
-	mov M6 = Y
-	mov M13 = X
-	mov M3 = Z
-}
-{	.mmi
-	mov M8 = W
-	mov M7 = V
-	mov M10 = U
-} ;;
-
-.md5_GG_round:
-	GG4(.md5_GG_round)
-
-// The following sequence shuffles the block constants round for the
-// next round:
-//
-// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12
-// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2
-
-{	.mmi
-	mov Z = M0
-	mov Y = M1
-	mov ar.lc = 3
-}
-{	.mmi
-	mov X = M3
-	mov W = M5
-	mov V = M6
-} ;;
-
-{	.mmi
-	mov M0 = M4
-	mov M1 = M11
-	mov ar.ec = 1
-}
-{	.mmi
-	mov M3 = M9
-	mov U = M8
-	mov T = M13
-} ;;
-
-{	.mmi
-	mov M4 = Z
-	mov M11 = Y
-	mov M5 = M7
-}
-{	.mmi
-	mov M6 = M14
-	mov M8 = M12
-	mov M13 = M15
-} ;;
-
-{	.mmi
-	mov M7 = W
-	mov M14 = V
-	nop 0x0
-}
-{	.mmi
-	mov M9 = X
-	mov M12 = U
-	mov M15 = T
-} ;;
-
-.md5_HH_round:
-	HH4(.md5_HH_round)
-
-// The following sequence shuffles the block constants round for the
-// next round:
-//
-// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2
-// 0 7 14 5 12 3 10 1 8 15 6 13 4 11 2 9
-
-{	.mmi
-	mov Z = M0
-	mov Y = M15
-	mov ar.lc = 3
-}
-{	.mmi
-	mov X = M10
-	mov W = M1
-	mov V = M4
-} ;;
-
-{	.mmi
-	mov M0 = M9
-	mov M15 = M12
-	mov ar.ec = 1
-}
-{	.mmi
-	mov M10 = M11
-	mov M1 = M6
-	mov M4 = M13
-} ;;
-
-{	.mmi
-	mov M9 = M14
-	mov M12 = M5
-	mov U = M3
-}
-{	.mmi
-	mov M11 = M8
-	mov M6 = M7
-	mov M13 = M2
-} ;;
-
-{	.mmi
-	mov M14 = Y
-	mov M5 = X
-	mov M3 = Z
-}
-{	.mmi
-	mov M8 = W
-	mov M7 = V
-	mov M2 = U
-} ;;
-
-.md5_II_round:
-	II4(.md5_II_round)
-
-{	.mib
-	nop 0x0
-	nop 0x0
-	br.ret.sptk.many QUICK_RTN
-} ;;
-
-	.endp md5_digest_GHI
-
-#define FFLOADU(a, b, c, d, M, P, N, s, offset)	\
-{	.mii ;					\
-(pMore) ld4 N = [DPtr], 4 ;			\
-	add Z = M, TRound ;			\
-	and Y = c, b ;				\
-}						\
-{	.mmi ;					\
-	andcm X = d, b ;;			\
-	add Z = Z, a ;				\
-	or Y = Y, X ;				\
-} ;;						\
-{	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	GETLW(W, P, offset) ;			\
-	add Z = Z, Y ;				\
-} ;;						\
-{	.mii ;					\
-	or W = W, DTmp ;			\
-	dep.z Y = Z, 32, 32 ;;			\
-	shrp Z = Z, Y, 64 - s ;			\
-} ;;						\
-{	.mii ;					\
-	add a = Z, b ;				\
-	GETRW(DTmp, P, offset) ;		\
-	mov P = W ;				\
-} ;;
-
-#define FFLOOPU(a, b, c, d, M, P, N, s, offset)		\
-{	.mii ;						\
-(pMore) ld4 N = [DPtr], 4 ;				\
-	add Z = M, TRound ;				\
-	and Y = c, b ;					\
-}							\
-{	.mmi ;						\
-	andcm X = d, b ;;				\
-	add Z = Z, a ;					\
-	or Y = Y, X ;					\
-} ;;							\
-{	.mii ;						\
-	ld4 TRound = [TPtr], 4 ;			\
-(pMore) GETLW(W, P, offset) 	;			\
-	add Z = Z, Y ;					\
-} ;;							\
-{	.mii ;						\
-(pMore) or W = W, DTmp ;				\
-	dep.z Y = Z, 32, 32 ;;				\
-	shrp Z = Z, Y, 64 - s ;				\
-} ;;							\
-{	.mii ;						\
-	add a = Z, b ;					\
-(pMore) GETRW(DTmp, P, offset) 	;			\
-(pMore) mov P = W ;					\
-}							\
-{	.mib ;						\
-	cmp.ne pMore, p0 = 0, LTrip ;			\
-	add LTrip = -1, LTrip ;				\
-	br.ctop.sptk.many .md5_FF_round##offset ;	\
-} ;;
-
-#define MD5FBLOCK(offset)						\
-	.type md5_digest_block##offset, @function ;			\
-									\
-	.align 32 ;							\
-	.proc md5_digest_block##offset ;				\
-	.prologue ;							\
-	.altrp QUICK_RTN ;						\
-	.body ;								\
-md5_digest_block##offset:						\
-{	.mmi ;								\
-	alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE ;	\
-	mov LTrip = 2 ;							\
-	mov ar.lc = 3 ;							\
-} ;;									\
-{	.mii ;								\
-	cmp.eq pMore, p0 = r0, r0 ;					\
-	mov ar.ec = 0 ;							\
-	nop 0x0 ;							\
-} ;;									\
-									\
-	.pred.rel "mutex", pLoad, pSkip ;				\
-.md5_FF_round##offset:							\
-	FFLOADU(A, B, C, D, M12, M13, RotateM0, 7, offset)		\
-	FFLOADU(D, A, B, C, M13, M14, RotateM1, 12, offset)		\
-	FFLOADU(C, D, A, B, M14, M15, RotateM2, 17, offset)		\
-	FFLOOPU(B, C, D, A, M15, RotateM0, RotateM3, 22, offset)	\
-									\
-{	.mib ;								\
-	nop 0x0 ;							\
-	nop 0x0 ;							\
-	br.cond.sptk.many md5_digest_GHI ;				\
-} ;;									\
-	.endp md5_digest_block##offset
-
-MD5FBLOCK(1)
-MD5FBLOCK(2)
-MD5FBLOCK(3)
-
-	.align 64
-	.type md5_constants, @object
-md5_constants:
-.md5_tbl_data_order:			// To ensure little-endian data
-					// order, code as bytes.
-	data1 0x78, 0xa4, 0x6a, 0xd7	//     0
-	data1 0x56, 0xb7, 0xc7, 0xe8	//     1
-	data1 0xdb, 0x70, 0x20, 0x24	//     2
-	data1 0xee, 0xce, 0xbd, 0xc1	//     3
-	data1 0xaf, 0x0f, 0x7c, 0xf5	//     4
-	data1 0x2a, 0xc6, 0x87, 0x47	//     5
-	data1 0x13, 0x46, 0x30, 0xa8	//     6
-	data1 0x01, 0x95, 0x46, 0xfd	//     7
-	data1 0xd8, 0x98, 0x80, 0x69	//     8
-	data1 0xaf, 0xf7, 0x44, 0x8b	//     9
-	data1 0xb1, 0x5b, 0xff, 0xff	//    10
-	data1 0xbe, 0xd7, 0x5c, 0x89	//    11
-	data1 0x22, 0x11, 0x90, 0x6b	//    12
-	data1 0x93, 0x71, 0x98, 0xfd	//    13
-	data1 0x8e, 0x43, 0x79, 0xa6	//    14
-	data1 0x21, 0x08, 0xb4, 0x49	//    15
-	data1 0x62, 0x25, 0x1e, 0xf6	//    16
-	data1 0x40, 0xb3, 0x40, 0xc0	//    17
-	data1 0x51, 0x5a, 0x5e, 0x26	//    18
-	data1 0xaa, 0xc7, 0xb6, 0xe9	//    19
-	data1 0x5d, 0x10, 0x2f, 0xd6	//    20
-	data1 0x53, 0x14, 0x44, 0x02	//    21
-	data1 0x81, 0xe6, 0xa1, 0xd8	//    22
-	data1 0xc8, 0xfb, 0xd3, 0xe7	//    23
-	data1 0xe6, 0xcd, 0xe1, 0x21	//    24
-	data1 0xd6, 0x07, 0x37, 0xc3	//    25
-	data1 0x87, 0x0d, 0xd5, 0xf4	//    26
-	data1 0xed, 0x14, 0x5a, 0x45	//    27
-	data1 0x05, 0xe9, 0xe3, 0xa9	//    28
-	data1 0xf8, 0xa3, 0xef, 0xfc	//    29
-	data1 0xd9, 0x02, 0x6f, 0x67	//    30
-	data1 0x8a, 0x4c, 0x2a, 0x8d	//    31
-	data1 0x42, 0x39, 0xfa, 0xff	//    32
-	data1 0x81, 0xf6, 0x71, 0x87	//    33
-	data1 0x22, 0x61, 0x9d, 0x6d	//    34
-	data1 0x0c, 0x38, 0xe5, 0xfd	//    35
-	data1 0x44, 0xea, 0xbe, 0xa4	//    36
-	data1 0xa9, 0xcf, 0xde, 0x4b	//    37
-	data1 0x60, 0x4b, 0xbb, 0xf6	//    38
-	data1 0x70, 0xbc, 0xbf, 0xbe	//    39
-	data1 0xc6, 0x7e, 0x9b, 0x28	//    40
-	data1 0xfa, 0x27, 0xa1, 0xea	//    41
-	data1 0x85, 0x30, 0xef, 0xd4	//    42
-	data1 0x05, 0x1d, 0x88, 0x04	//    43
-	data1 0x39, 0xd0, 0xd4, 0xd9	//    44
-	data1 0xe5, 0x99, 0xdb, 0xe6	//    45
-	data1 0xf8, 0x7c, 0xa2, 0x1f	//    46
-	data1 0x65, 0x56, 0xac, 0xc4	//    47
-	data1 0x44, 0x22, 0x29, 0xf4	//    48
-	data1 0x97, 0xff, 0x2a, 0x43	//    49
-	data1 0xa7, 0x23, 0x94, 0xab	//    50
-	data1 0x39, 0xa0, 0x93, 0xfc	//    51
-	data1 0xc3, 0x59, 0x5b, 0x65	//    52
-	data1 0x92, 0xcc, 0x0c, 0x8f	//    53
-	data1 0x7d, 0xf4, 0xef, 0xff	//    54
-	data1 0xd1, 0x5d, 0x84, 0x85	//    55
-	data1 0x4f, 0x7e, 0xa8, 0x6f	//    56
-	data1 0xe0, 0xe6, 0x2c, 0xfe	//    57
-	data1 0x14, 0x43, 0x01, 0xa3	//    58
-	data1 0xa1, 0x11, 0x08, 0x4e	//    59
-	data1 0x82, 0x7e, 0x53, 0xf7	//    60
-	data1 0x35, 0xf2, 0x3a, 0xbd	//    61
-	data1 0xbb, 0xd2, 0xd7, 0x2a	//    62
-	data1 0x91, 0xd3, 0x86, 0xeb	//    63
-.size	md5_constants#,64*4
diff --git a/crypto/md5/asm/md5-x86_64.S b/crypto/md5/asm/md5-x86_64.S
deleted file mode 100644
index 235d5e4ecd..0000000000
--- a/crypto/md5/asm/md5-x86_64.S
+++ /dev/null
@@ -1,668 +0,0 @@
-.text	
-.align	16
-
-.globl	md5_block_asm_data_order
-.type	md5_block_asm_data_order,@function
-md5_block_asm_data_order:
-	pushq	%rbp
-	pushq	%rbx
-	pushq	%r12
-	pushq	%r14
-	pushq	%r15
-.Lprologue:
-
-
-
-
-	movq	%rdi,%rbp
-	shlq	$6,%rdx
-	leaq	(%rsi,%rdx,1),%rdi
-	movl	0(%rbp),%eax
-	movl	4(%rbp),%ebx
-	movl	8(%rbp),%ecx
-	movl	12(%rbp),%edx
-
-
-
-
-
-
-
-	cmpq	%rdi,%rsi
-	je	.Lend				
-
-
-.Lloop:
-	movl	%eax,%r8d
-	movl	%ebx,%r9d
-	movl	%ecx,%r14d
-	movl	%edx,%r15d
-	movl	0(%rsi),%r10d
-	movl	%edx,%r11d
-	xorl	%ecx,%r11d
-	leal	-680876936(%rax,%r10,1),%eax
-	andl	%ebx,%r11d
-	xorl	%edx,%r11d
-	movl	4(%rsi),%r10d
-	addl	%r11d,%eax
-	roll	$7,%eax
-	movl	%ecx,%r11d
-	addl	%ebx,%eax
-	xorl	%ebx,%r11d
-	leal	-389564586(%rdx,%r10,1),%edx
-	andl	%eax,%r11d
-	xorl	%ecx,%r11d
-	movl	8(%rsi),%r10d
-	addl	%r11d,%edx
-	roll	$12,%edx
-	movl	%ebx,%r11d
-	addl	%eax,%edx
-	xorl	%eax,%r11d
-	leal	606105819(%rcx,%r10,1),%ecx
-	andl	%edx,%r11d
-	xorl	%ebx,%r11d
-	movl	12(%rsi),%r10d
-	addl	%r11d,%ecx
-	roll	$17,%ecx
-	movl	%eax,%r11d
-	addl	%edx,%ecx
-	xorl	%edx,%r11d
-	leal	-1044525330(%rbx,%r10,1),%ebx
-	andl	%ecx,%r11d
-	xorl	%eax,%r11d
-	movl	16(%rsi),%r10d
-	addl	%r11d,%ebx
-	roll	$22,%ebx
-	movl	%edx,%r11d
-	addl	%ecx,%ebx
-	xorl	%ecx,%r11d
-	leal	-176418897(%rax,%r10,1),%eax
-	andl	%ebx,%r11d
-	xorl	%edx,%r11d
-	movl	20(%rsi),%r10d
-	addl	%r11d,%eax
-	roll	$7,%eax
-	movl	%ecx,%r11d
-	addl	%ebx,%eax
-	xorl	%ebx,%r11d
-	leal	1200080426(%rdx,%r10,1),%edx
-	andl	%eax,%r11d
-	xorl	%ecx,%r11d
-	movl	24(%rsi),%r10d
-	addl	%r11d,%edx
-	roll	$12,%edx
-	movl	%ebx,%r11d
-	addl	%eax,%edx
-	xorl	%eax,%r11d
-	leal	-1473231341(%rcx,%r10,1),%ecx
-	andl	%edx,%r11d
-	xorl	%ebx,%r11d
-	movl	28(%rsi),%r10d
-	addl	%r11d,%ecx
-	roll	$17,%ecx
-	movl	%eax,%r11d
-	addl	%edx,%ecx
-	xorl	%edx,%r11d
-	leal	-45705983(%rbx,%r10,1),%ebx
-	andl	%ecx,%r11d
-	xorl	%eax,%r11d
-	movl	32(%rsi),%r10d
-	addl	%r11d,%ebx
-	roll	$22,%ebx
-	movl	%edx,%r11d
-	addl	%ecx,%ebx
-	xorl	%ecx,%r11d
-	leal	1770035416(%rax,%r10,1),%eax
-	andl	%ebx,%r11d
-	xorl	%edx,%r11d
-	movl	36(%rsi),%r10d
-	addl	%r11d,%eax
-	roll	$7,%eax
-	movl	%ecx,%r11d
-	addl	%ebx,%eax
-	xorl	%ebx,%r11d
-	leal	-1958414417(%rdx,%r10,1),%edx
-	andl	%eax,%r11d
-	xorl	%ecx,%r11d
-	movl	40(%rsi),%r10d
-	addl	%r11d,%edx
-	roll	$12,%edx
-	movl	%ebx,%r11d
-	addl	%eax,%edx
-	xorl	%eax,%r11d
-	leal	-42063(%rcx,%r10,1),%ecx
-	andl	%edx,%r11d
-	xorl	%ebx,%r11d
-	movl	44(%rsi),%r10d
-	addl	%r11d,%ecx
-	roll	$17,%ecx
-	movl	%eax,%r11d
-	addl	%edx,%ecx
-	xorl	%edx,%r11d
-	leal	-1990404162(%rbx,%r10,1),%ebx
-	andl	%ecx,%r11d
-	xorl	%eax,%r11d
-	movl	48(%rsi),%r10d
-	addl	%r11d,%ebx
-	roll	$22,%ebx
-	movl	%edx,%r11d
-	addl	%ecx,%ebx
-	xorl	%ecx,%r11d
-	leal	1804603682(%rax,%r10,1),%eax
-	andl	%ebx,%r11d
-	xorl	%edx,%r11d
-	movl	52(%rsi),%r10d
-	addl	%r11d,%eax
-	roll	$7,%eax
-	movl	%ecx,%r11d
-	addl	%ebx,%eax
-	xorl	%ebx,%r11d
-	leal	-40341101(%rdx,%r10,1),%edx
-	andl	%eax,%r11d
-	xorl	%ecx,%r11d
-	movl	56(%rsi),%r10d
-	addl	%r11d,%edx
-	roll	$12,%edx
-	movl	%ebx,%r11d
-	addl	%eax,%edx
-	xorl	%eax,%r11d
-	leal	-1502002290(%rcx,%r10,1),%ecx
-	andl	%edx,%r11d
-	xorl	%ebx,%r11d
-	movl	60(%rsi),%r10d
-	addl	%r11d,%ecx
-	roll	$17,%ecx
-	movl	%eax,%r11d
-	addl	%edx,%ecx
-	xorl	%edx,%r11d
-	leal	1236535329(%rbx,%r10,1),%ebx
-	andl	%ecx,%r11d
-	xorl	%eax,%r11d
-	movl	0(%rsi),%r10d
-	addl	%r11d,%ebx
-	roll	$22,%ebx
-	movl	%edx,%r11d
-	addl	%ecx,%ebx
-	movl	4(%rsi),%r10d
-	movl	%edx,%r11d
-	movl	%edx,%r12d
-	notl	%r11d
-	leal	-165796510(%rax,%r10,1),%eax
-	andl	%ebx,%r12d
-	andl	%ecx,%r11d
-	movl	24(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%ecx,%r11d
-	addl	%r12d,%eax
-	movl	%ecx,%r12d
-	roll	$5,%eax
-	addl	%ebx,%eax
-	notl	%r11d
-	leal	-1069501632(%rdx,%r10,1),%edx
-	andl	%eax,%r12d
-	andl	%ebx,%r11d
-	movl	44(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%ebx,%r11d
-	addl	%r12d,%edx
-	movl	%ebx,%r12d
-	roll	$9,%edx
-	addl	%eax,%edx
-	notl	%r11d
-	leal	643717713(%rcx,%r10,1),%ecx
-	andl	%edx,%r12d
-	andl	%eax,%r11d
-	movl	0(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%eax,%r11d
-	addl	%r12d,%ecx
-	movl	%eax,%r12d
-	roll	$14,%ecx
-	addl	%edx,%ecx
-	notl	%r11d
-	leal	-373897302(%rbx,%r10,1),%ebx
-	andl	%ecx,%r12d
-	andl	%edx,%r11d
-	movl	20(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%edx,%r11d
-	addl	%r12d,%ebx
-	movl	%edx,%r12d
-	roll	$20,%ebx
-	addl	%ecx,%ebx
-	notl	%r11d
-	leal	-701558691(%rax,%r10,1),%eax
-	andl	%ebx,%r12d
-	andl	%ecx,%r11d
-	movl	40(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%ecx,%r11d
-	addl	%r12d,%eax
-	movl	%ecx,%r12d
-	roll	$5,%eax
-	addl	%ebx,%eax
-	notl	%r11d
-	leal	38016083(%rdx,%r10,1),%edx
-	andl	%eax,%r12d
-	andl	%ebx,%r11d
-	movl	60(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%ebx,%r11d
-	addl	%r12d,%edx
-	movl	%ebx,%r12d
-	roll	$9,%edx
-	addl	%eax,%edx
-	notl	%r11d
-	leal	-660478335(%rcx,%r10,1),%ecx
-	andl	%edx,%r12d
-	andl	%eax,%r11d
-	movl	16(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%eax,%r11d
-	addl	%r12d,%ecx
-	movl	%eax,%r12d
-	roll	$14,%ecx
-	addl	%edx,%ecx
-	notl	%r11d
-	leal	-405537848(%rbx,%r10,1),%ebx
-	andl	%ecx,%r12d
-	andl	%edx,%r11d
-	movl	36(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%edx,%r11d
-	addl	%r12d,%ebx
-	movl	%edx,%r12d
-	roll	$20,%ebx
-	addl	%ecx,%ebx
-	notl	%r11d
-	leal	568446438(%rax,%r10,1),%eax
-	andl	%ebx,%r12d
-	andl	%ecx,%r11d
-	movl	56(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%ecx,%r11d
-	addl	%r12d,%eax
-	movl	%ecx,%r12d
-	roll	$5,%eax
-	addl	%ebx,%eax
-	notl	%r11d
-	leal	-1019803690(%rdx,%r10,1),%edx
-	andl	%eax,%r12d
-	andl	%ebx,%r11d
-	movl	12(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%ebx,%r11d
-	addl	%r12d,%edx
-	movl	%ebx,%r12d
-	roll	$9,%edx
-	addl	%eax,%edx
-	notl	%r11d
-	leal	-187363961(%rcx,%r10,1),%ecx
-	andl	%edx,%r12d
-	andl	%eax,%r11d
-	movl	32(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%eax,%r11d
-	addl	%r12d,%ecx
-	movl	%eax,%r12d
-	roll	$14,%ecx
-	addl	%edx,%ecx
-	notl	%r11d
-	leal	1163531501(%rbx,%r10,1),%ebx
-	andl	%ecx,%r12d
-	andl	%edx,%r11d
-	movl	52(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%edx,%r11d
-	addl	%r12d,%ebx
-	movl	%edx,%r12d
-	roll	$20,%ebx
-	addl	%ecx,%ebx
-	notl	%r11d
-	leal	-1444681467(%rax,%r10,1),%eax
-	andl	%ebx,%r12d
-	andl	%ecx,%r11d
-	movl	8(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%ecx,%r11d
-	addl	%r12d,%eax
-	movl	%ecx,%r12d
-	roll	$5,%eax
-	addl	%ebx,%eax
-	notl	%r11d
-	leal	-51403784(%rdx,%r10,1),%edx
-	andl	%eax,%r12d
-	andl	%ebx,%r11d
-	movl	28(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%ebx,%r11d
-	addl	%r12d,%edx
-	movl	%ebx,%r12d
-	roll	$9,%edx
-	addl	%eax,%edx
-	notl	%r11d
-	leal	1735328473(%rcx,%r10,1),%ecx
-	andl	%edx,%r12d
-	andl	%eax,%r11d
-	movl	48(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%eax,%r11d
-	addl	%r12d,%ecx
-	movl	%eax,%r12d
-	roll	$14,%ecx
-	addl	%edx,%ecx
-	notl	%r11d
-	leal	-1926607734(%rbx,%r10,1),%ebx
-	andl	%ecx,%r12d
-	andl	%edx,%r11d
-	movl	0(%rsi),%r10d
-	orl	%r11d,%r12d
-	movl	%edx,%r11d
-	addl	%r12d,%ebx
-	movl	%edx,%r12d
-	roll	$20,%ebx
-	addl	%ecx,%ebx
-	movl	20(%rsi),%r10d
-	movl	%ecx,%r11d
-	leal	-378558(%rax,%r10,1),%eax
-	movl	32(%rsi),%r10d
-	xorl	%edx,%r11d
-	xorl	%ebx,%r11d
-	addl	%r11d,%eax
-	roll	$4,%eax
-	movl	%ebx,%r11d
-	addl	%ebx,%eax
-	leal	-2022574463(%rdx,%r10,1),%edx
-	movl	44(%rsi),%r10d
-	xorl	%ecx,%r11d
-	xorl	%eax,%r11d
-	addl	%r11d,%edx
-	roll	$11,%edx
-	movl	%eax,%r11d
-	addl	%eax,%edx
-	leal	1839030562(%rcx,%r10,1),%ecx
-	movl	56(%rsi),%r10d
-	xorl	%ebx,%r11d
-	xorl	%edx,%r11d
-	addl	%r11d,%ecx
-	roll	$16,%ecx
-	movl	%edx,%r11d
-	addl	%edx,%ecx
-	leal	-35309556(%rbx,%r10,1),%ebx
-	movl	4(%rsi),%r10d
-	xorl	%eax,%r11d
-	xorl	%ecx,%r11d
-	addl	%r11d,%ebx
-	roll	$23,%ebx
-	movl	%ecx,%r11d
-	addl	%ecx,%ebx
-	leal	-1530992060(%rax,%r10,1),%eax
-	movl	16(%rsi),%r10d
-	xorl	%edx,%r11d
-	xorl	%ebx,%r11d
-	addl	%r11d,%eax
-	roll	$4,%eax
-	movl	%ebx,%r11d
-	addl	%ebx,%eax
-	leal	1272893353(%rdx,%r10,1),%edx
-	movl	28(%rsi),%r10d
-	xorl	%ecx,%r11d
-	xorl	%eax,%r11d
-	addl	%r11d,%edx
-	roll	$11,%edx
-	movl	%eax,%r11d
-	addl	%eax,%edx
-	leal	-155497632(%rcx,%r10,1),%ecx
-	movl	40(%rsi),%r10d
-	xorl	%ebx,%r11d
-	xorl	%edx,%r11d
-	addl	%r11d,%ecx
-	roll	$16,%ecx
-	movl	%edx,%r11d
-	addl	%edx,%ecx
-	leal	-1094730640(%rbx,%r10,1),%ebx
-	movl	52(%rsi),%r10d
-	xorl	%eax,%r11d
-	xorl	%ecx,%r11d
-	addl	%r11d,%ebx
-	roll	$23,%ebx
-	movl	%ecx,%r11d
-	addl	%ecx,%ebx
-	leal	681279174(%rax,%r10,1),%eax
-	movl	0(%rsi),%r10d
-	xorl	%edx,%r11d
-	xorl	%ebx,%r11d
-	addl	%r11d,%eax
-	roll	$4,%eax
-	movl	%ebx,%r11d
-	addl	%ebx,%eax
-	leal	-358537222(%rdx,%r10,1),%edx
-	movl	12(%rsi),%r10d
-	xorl	%ecx,%r11d
-	xorl	%eax,%r11d
-	addl	%r11d,%edx
-	roll	$11,%edx
-	movl	%eax,%r11d
-	addl	%eax,%edx
-	leal	-722521979(%rcx,%r10,1),%ecx
-	movl	24(%rsi),%r10d
-	xorl	%ebx,%r11d
-	xorl	%edx,%r11d
-	addl	%r11d,%ecx
-	roll	$16,%ecx
-	movl	%edx,%r11d
-	addl	%edx,%ecx
-	leal	76029189(%rbx,%r10,1),%ebx
-	movl	36(%rsi),%r10d
-	xorl	%eax,%r11d
-	xorl	%ecx,%r11d
-	addl	%r11d,%ebx
-	roll	$23,%ebx
-	movl	%ecx,%r11d
-	addl	%ecx,%ebx
-	leal	-640364487(%rax,%r10,1),%eax
-	movl	48(%rsi),%r10d
-	xorl	%edx,%r11d
-	xorl	%ebx,%r11d
-	addl	%r11d,%eax
-	roll	$4,%eax
-	movl	%ebx,%r11d
-	addl	%ebx,%eax
-	leal	-421815835(%rdx,%r10,1),%edx
-	movl	60(%rsi),%r10d
-	xorl	%ecx,%r11d
-	xorl	%eax,%r11d
-	addl	%r11d,%edx
-	roll	$11,%edx
-	movl	%eax,%r11d
-	addl	%eax,%edx
-	leal	530742520(%rcx,%r10,1),%ecx
-	movl	8(%rsi),%r10d
-	xorl	%ebx,%r11d
-	xorl	%edx,%r11d
-	addl	%r11d,%ecx
-	roll	$16,%ecx
-	movl	%edx,%r11d
-	addl	%edx,%ecx
-	leal	-995338651(%rbx,%r10,1),%ebx
-	movl	0(%rsi),%r10d
-	xorl	%eax,%r11d
-	xorl	%ecx,%r11d
-	addl	%r11d,%ebx
-	roll	$23,%ebx
-	movl	%ecx,%r11d
-	addl	%ecx,%ebx
-	movl	0(%rsi),%r10d
-	movl	$4294967295,%r11d
-	xorl	%edx,%r11d
-	leal	-198630844(%rax,%r10,1),%eax
-	orl	%ebx,%r11d
-	xorl	%ecx,%r11d
-	addl	%r11d,%eax
-	movl	28(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$6,%eax
-	xorl	%ecx,%r11d
-	addl	%ebx,%eax
-	leal	1126891415(%rdx,%r10,1),%edx
-	orl	%eax,%r11d
-	xorl	%ebx,%r11d
-	addl	%r11d,%edx
-	movl	56(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$10,%edx
-	xorl	%ebx,%r11d
-	addl	%eax,%edx
-	leal	-1416354905(%rcx,%r10,1),%ecx
-	orl	%edx,%r11d
-	xorl	%eax,%r11d
-	addl	%r11d,%ecx
-	movl	20(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$15,%ecx
-	xorl	%eax,%r11d
-	addl	%edx,%ecx
-	leal	-57434055(%rbx,%r10,1),%ebx
-	orl	%ecx,%r11d
-	xorl	%edx,%r11d
-	addl	%r11d,%ebx
-	movl	48(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$21,%ebx
-	xorl	%edx,%r11d
-	addl	%ecx,%ebx
-	leal	1700485571(%rax,%r10,1),%eax
-	orl	%ebx,%r11d
-	xorl	%ecx,%r11d
-	addl	%r11d,%eax
-	movl	12(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$6,%eax
-	xorl	%ecx,%r11d
-	addl	%ebx,%eax
-	leal	-1894986606(%rdx,%r10,1),%edx
-	orl	%eax,%r11d
-	xorl	%ebx,%r11d
-	addl	%r11d,%edx
-	movl	40(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$10,%edx
-	xorl	%ebx,%r11d
-	addl	%eax,%edx
-	leal	-1051523(%rcx,%r10,1),%ecx
-	orl	%edx,%r11d
-	xorl	%eax,%r11d
-	addl	%r11d,%ecx
-	movl	4(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$15,%ecx
-	xorl	%eax,%r11d
-	addl	%edx,%ecx
-	leal	-2054922799(%rbx,%r10,1),%ebx
-	orl	%ecx,%r11d
-	xorl	%edx,%r11d
-	addl	%r11d,%ebx
-	movl	32(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$21,%ebx
-	xorl	%edx,%r11d
-	addl	%ecx,%ebx
-	leal	1873313359(%rax,%r10,1),%eax
-	orl	%ebx,%r11d
-	xorl	%ecx,%r11d
-	addl	%r11d,%eax
-	movl	60(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$6,%eax
-	xorl	%ecx,%r11d
-	addl	%ebx,%eax
-	leal	-30611744(%rdx,%r10,1),%edx
-	orl	%eax,%r11d
-	xorl	%ebx,%r11d
-	addl	%r11d,%edx
-	movl	24(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$10,%edx
-	xorl	%ebx,%r11d
-	addl	%eax,%edx
-	leal	-1560198380(%rcx,%r10,1),%ecx
-	orl	%edx,%r11d
-	xorl	%eax,%r11d
-	addl	%r11d,%ecx
-	movl	52(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$15,%ecx
-	xorl	%eax,%r11d
-	addl	%edx,%ecx
-	leal	1309151649(%rbx,%r10,1),%ebx
-	orl	%ecx,%r11d
-	xorl	%edx,%r11d
-	addl	%r11d,%ebx
-	movl	16(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$21,%ebx
-	xorl	%edx,%r11d
-	addl	%ecx,%ebx
-	leal	-145523070(%rax,%r10,1),%eax
-	orl	%ebx,%r11d
-	xorl	%ecx,%r11d
-	addl	%r11d,%eax
-	movl	44(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$6,%eax
-	xorl	%ecx,%r11d
-	addl	%ebx,%eax
-	leal	-1120210379(%rdx,%r10,1),%edx
-	orl	%eax,%r11d
-	xorl	%ebx,%r11d
-	addl	%r11d,%edx
-	movl	8(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$10,%edx
-	xorl	%ebx,%r11d
-	addl	%eax,%edx
-	leal	718787259(%rcx,%r10,1),%ecx
-	orl	%edx,%r11d
-	xorl	%eax,%r11d
-	addl	%r11d,%ecx
-	movl	36(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$15,%ecx
-	xorl	%eax,%r11d
-	addl	%edx,%ecx
-	leal	-343485551(%rbx,%r10,1),%ebx
-	orl	%ecx,%r11d
-	xorl	%edx,%r11d
-	addl	%r11d,%ebx
-	movl	0(%rsi),%r10d
-	movl	$4294967295,%r11d
-	roll	$21,%ebx
-	xorl	%edx,%r11d
-	addl	%ecx,%ebx
-
-	addl	%r8d,%eax
-	addl	%r9d,%ebx
-	addl	%r14d,%ecx
-	addl	%r15d,%edx
-
-
-	addq	$64,%rsi
-	cmpq	%rdi,%rsi
-	jb	.Lloop				
-
-
-.Lend:
-	movl	%eax,0(%rbp)
-	movl	%ebx,4(%rbp)
-	movl	%ecx,8(%rbp)
-	movl	%edx,12(%rbp)
-
-	movq	(%rsp),%r15
-	movq	8(%rsp),%r14
-	movq	16(%rsp),%r12
-	movq	24(%rsp),%rbx
-	movq	32(%rsp),%rbp
-	addq	$40,%rsp
-.Lepilogue:
-	.byte	0xf3,0xc3
-.size	md5_block_asm_data_order,.-md5_block_asm_data_order
diff --git a/crypto/md5/asm/md5-x86_64.pl b/crypto/md5/asm/md5-x86_64.pl
deleted file mode 100755
index 381bf77e1c..0000000000
--- a/crypto/md5/asm/md5-x86_64.pl
+++ /dev/null
@@ -1,370 +0,0 @@
-#!/usr/bin/perl -w
-#
-# MD5 optimized for AMD64.
-#
-# Author: Marc Bevand <bevand_m (at) epita.fr>
-# Licence: I hereby disclaim the copyright on this code and place it
-# in the public domain.
-#
-
-use strict;
-
-my $code;
-
-# round1_step() does:
-#   dst = x + ((dst + F(x,y,z) + X[k] + T_i) <<< s)
-#   %r10d = X[k_next]
-#   %r11d = z' (copy of z for the next step)
-# Each round1_step() takes about 5.3 clocks (9 instructions, 1.7 IPC)
-sub round1_step
-{
-    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-    $code .= " mov	0*4(%rsi),	%r10d		/* (NEXT STEP) X[0] */\n" if ($pos == -1);
-    $code .= " mov	%edx,		%r11d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
-    $code .= <<EOF;
-	xor	$y,		%r11d		/* y ^ ... */
-	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */
-	and	$x,		%r11d		/* x & ... */
-	xor	$z,		%r11d		/* z ^ ... */
-	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */
-	add	%r11d,		$dst		/* dst += ... */
-	rol	\$$s,		$dst		/* dst <<< s */
-	mov	$y,		%r11d		/* (NEXT STEP) z' = $y */
-	add	$x,		$dst		/* dst += x */
-EOF
-}
-
-# round2_step() does:
-#   dst = x + ((dst + G(x,y,z) + X[k] + T_i) <<< s)
-#   %r10d = X[k_next]
-#   %r11d = z' (copy of z for the next step)
-#   %r12d = z' (copy of z for the next step)
-# Each round2_step() takes about 5.4 clocks (11 instructions, 2.0 IPC)
-sub round2_step
-{
-    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-    $code .= " mov	1*4(%rsi),	%r10d		/* (NEXT STEP) X[1] */\n" if ($pos == -1);
-    $code .= " mov	%edx,		%r11d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
-    $code .= " mov	%edx,		%r12d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
-    $code .= <<EOF;
-	not	%r11d				/* not z */
-	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */
-	and	$x,		%r12d		/* x & z */
-	and	$y,		%r11d		/* y & (not z) */
-	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */
-	or	%r11d,		%r12d		/* (y & (not z)) | (x & z) */
-	mov	$y,		%r11d		/* (NEXT STEP) z' = $y */
-	add	%r12d,		$dst		/* dst += ... */
-	mov	$y,		%r12d		/* (NEXT STEP) z' = $y */
-	rol	\$$s,		$dst		/* dst <<< s */
-	add	$x,		$dst		/* dst += x */
-EOF
-}
-
-# round3_step() does:
-#   dst = x + ((dst + H(x,y,z) + X[k] + T_i) <<< s)
-#   %r10d = X[k_next]
-#   %r11d = y' (copy of y for the next step)
-# Each round3_step() takes about 4.2 clocks (8 instructions, 1.9 IPC)
-sub round3_step
-{
-    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-    $code .= " mov	5*4(%rsi),	%r10d		/* (NEXT STEP) X[5] */\n" if ($pos == -1);
-    $code .= " mov	%ecx,		%r11d		/* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);
-    $code .= <<EOF;
-	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */
-	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */
-	xor	$z,		%r11d		/* z ^ ... */
-	xor	$x,		%r11d		/* x ^ ... */
-	add	%r11d,		$dst		/* dst += ... */
-	rol	\$$s,		$dst		/* dst <<< s */
-	mov	$x,		%r11d		/* (NEXT STEP) y' = $x */
-	add	$x,		$dst		/* dst += x */
-EOF
-}
-
-# round4_step() does:
-#   dst = x + ((dst + I(x,y,z) + X[k] + T_i) <<< s)
-#   %r10d = X[k_next]
-#   %r11d = not z' (copy of not z for the next step)
-# Each round4_step() takes about 5.2 clocks (9 instructions, 1.7 IPC)
-sub round4_step
-{
-    my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-    $code .= " mov	0*4(%rsi),	%r10d		/* (NEXT STEP) X[0] */\n" if ($pos == -1);
-    $code .= " mov	\$0xffffffff,	%r11d\n" if ($pos == -1);
-    $code .= " xor	%edx,		%r11d		/* (NEXT STEP) not z' = not %edx*/\n"
-    if ($pos == -1);
-    $code .= <<EOF;
-	lea	$T_i($dst,%r10d),$dst		/* Const + dst + ... */
-	or	$x,		%r11d		/* x | ... */
-	xor	$y,		%r11d		/* y ^ ... */
-	add	%r11d,		$dst		/* dst += ... */
-	mov	$k_next*4(%rsi),%r10d		/* (NEXT STEP) X[$k_next] */
-	mov	\$0xffffffff,	%r11d
-	rol	\$$s,		$dst		/* dst <<< s */
-	xor	$y,		%r11d		/* (NEXT STEP) not z' = not $y */
-	add	$x,		$dst		/* dst += x */
-EOF
-}
-
-no warnings qw(uninitialized);
-my $flavour = shift;
-my $output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-$code .= <<EOF;
-.text
-.align 16
-
-.globl md5_block_asm_data_order
-.type md5_block_asm_data_order,\@function,3
-md5_block_asm_data_order:
-	push	%rbp
-	push	%rbx
-	push	%r12
-	push	%r14
-	push	%r15
-.Lprologue:
-
-	# rdi = arg #1 (ctx, MD5_CTX pointer)
-	# rsi = arg #2 (ptr, data pointer)
-	# rdx = arg #3 (nbr, number of 16-word blocks to process)
-	mov	%rdi,		%rbp	# rbp = ctx
-	shl	\$6,		%rdx	# rdx = nbr in bytes
-	lea	(%rsi,%rdx),	%rdi	# rdi = end
-	mov	0*4(%rbp),	%eax	# eax = ctx->A
-	mov	1*4(%rbp),	%ebx	# ebx = ctx->B
-	mov	2*4(%rbp),	%ecx	# ecx = ctx->C
-	mov	3*4(%rbp),	%edx	# edx = ctx->D
-	# end is 'rdi'
-	# ptr is 'rsi'
-	# A is 'eax'
-	# B is 'ebx'
-	# C is 'ecx'
-	# D is 'edx'
-
-	cmp	%rdi,		%rsi		# cmp end with ptr
-	je	.Lend				# jmp if ptr == end
-
-	# BEGIN of loop over 16-word blocks
-.Lloop:	# save old values of A, B, C, D
-	mov	%eax,		%r8d
-	mov	%ebx,		%r9d
-	mov	%ecx,		%r14d
-	mov	%edx,		%r15d
-EOF
-round1_step(-1,'%eax','%ebx','%ecx','%edx', '1','0xd76aa478', '7');
-round1_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xe8c7b756','12');
-round1_step( 0,'%ecx','%edx','%eax','%ebx', '3','0x242070db','17');
-round1_step( 0,'%ebx','%ecx','%edx','%eax', '4','0xc1bdceee','22');
-round1_step( 0,'%eax','%ebx','%ecx','%edx', '5','0xf57c0faf', '7');
-round1_step( 0,'%edx','%eax','%ebx','%ecx', '6','0x4787c62a','12');
-round1_step( 0,'%ecx','%edx','%eax','%ebx', '7','0xa8304613','17');
-round1_step( 0,'%ebx','%ecx','%edx','%eax', '8','0xfd469501','22');
-round1_step( 0,'%eax','%ebx','%ecx','%edx', '9','0x698098d8', '7');
-round1_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8b44f7af','12');
-round1_step( 0,'%ecx','%edx','%eax','%ebx','11','0xffff5bb1','17');
-round1_step( 0,'%ebx','%ecx','%edx','%eax','12','0x895cd7be','22');
-round1_step( 0,'%eax','%ebx','%ecx','%edx','13','0x6b901122', '7');
-round1_step( 0,'%edx','%eax','%ebx','%ecx','14','0xfd987193','12');
-round1_step( 0,'%ecx','%edx','%eax','%ebx','15','0xa679438e','17');
-round1_step( 1,'%ebx','%ecx','%edx','%eax', '0','0x49b40821','22');
-
-round2_step(-1,'%eax','%ebx','%ecx','%edx', '6','0xf61e2562', '5');
-round2_step( 0,'%edx','%eax','%ebx','%ecx','11','0xc040b340', '9');
-round2_step( 0,'%ecx','%edx','%eax','%ebx', '0','0x265e5a51','14');
-round2_step( 0,'%ebx','%ecx','%edx','%eax', '5','0xe9b6c7aa','20');
-round2_step( 0,'%eax','%ebx','%ecx','%edx','10','0xd62f105d', '5');
-round2_step( 0,'%edx','%eax','%ebx','%ecx','15', '0x2441453', '9');
-round2_step( 0,'%ecx','%edx','%eax','%ebx', '4','0xd8a1e681','14');
-round2_step( 0,'%ebx','%ecx','%edx','%eax', '9','0xe7d3fbc8','20');
-round2_step( 0,'%eax','%ebx','%ecx','%edx','14','0x21e1cde6', '5');
-round2_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xc33707d6', '9');
-round2_step( 0,'%ecx','%edx','%eax','%ebx', '8','0xf4d50d87','14');
-round2_step( 0,'%ebx','%ecx','%edx','%eax','13','0x455a14ed','20');
-round2_step( 0,'%eax','%ebx','%ecx','%edx', '2','0xa9e3e905', '5');
-round2_step( 0,'%edx','%eax','%ebx','%ecx', '7','0xfcefa3f8', '9');
-round2_step( 0,'%ecx','%edx','%eax','%ebx','12','0x676f02d9','14');
-round2_step( 1,'%ebx','%ecx','%edx','%eax', '0','0x8d2a4c8a','20');
-
-round3_step(-1,'%eax','%ebx','%ecx','%edx', '8','0xfffa3942', '4');
-round3_step( 0,'%edx','%eax','%ebx','%ecx','11','0x8771f681','11');
-round3_step( 0,'%ecx','%edx','%eax','%ebx','14','0x6d9d6122','16');
-round3_step( 0,'%ebx','%ecx','%edx','%eax', '1','0xfde5380c','23');
-round3_step( 0,'%eax','%ebx','%ecx','%edx', '4','0xa4beea44', '4');
-round3_step( 0,'%edx','%eax','%ebx','%ecx', '7','0x4bdecfa9','11');
-round3_step( 0,'%ecx','%edx','%eax','%ebx','10','0xf6bb4b60','16');
-round3_step( 0,'%ebx','%ecx','%edx','%eax','13','0xbebfbc70','23');
-round3_step( 0,'%eax','%ebx','%ecx','%edx', '0','0x289b7ec6', '4');
-round3_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xeaa127fa','11');
-round3_step( 0,'%ecx','%edx','%eax','%ebx', '6','0xd4ef3085','16');
-round3_step( 0,'%ebx','%ecx','%edx','%eax', '9', '0x4881d05','23');
-round3_step( 0,'%eax','%ebx','%ecx','%edx','12','0xd9d4d039', '4');
-round3_step( 0,'%edx','%eax','%ebx','%ecx','15','0xe6db99e5','11');
-round3_step( 0,'%ecx','%edx','%eax','%ebx', '2','0x1fa27cf8','16');
-round3_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xc4ac5665','23');
-
-round4_step(-1,'%eax','%ebx','%ecx','%edx', '7','0xf4292244', '6');
-round4_step( 0,'%edx','%eax','%ebx','%ecx','14','0x432aff97','10');
-round4_step( 0,'%ecx','%edx','%eax','%ebx', '5','0xab9423a7','15');
-round4_step( 0,'%ebx','%ecx','%edx','%eax','12','0xfc93a039','21');
-round4_step( 0,'%eax','%ebx','%ecx','%edx', '3','0x655b59c3', '6');
-round4_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8f0ccc92','10');
-round4_step( 0,'%ecx','%edx','%eax','%ebx', '1','0xffeff47d','15');
-round4_step( 0,'%ebx','%ecx','%edx','%eax', '8','0x85845dd1','21');
-round4_step( 0,'%eax','%ebx','%ecx','%edx','15','0x6fa87e4f', '6');
-round4_step( 0,'%edx','%eax','%ebx','%ecx', '6','0xfe2ce6e0','10');
-round4_step( 0,'%ecx','%edx','%eax','%ebx','13','0xa3014314','15');
-round4_step( 0,'%ebx','%ecx','%edx','%eax', '4','0x4e0811a1','21');
-round4_step( 0,'%eax','%ebx','%ecx','%edx','11','0xf7537e82', '6');
-round4_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xbd3af235','10');
-round4_step( 0,'%ecx','%edx','%eax','%ebx', '9','0x2ad7d2bb','15');
-round4_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xeb86d391','21');
-$code .= <<EOF;
-	# add old values of A, B, C, D
-	add	%r8d,	%eax
-	add	%r9d,	%ebx
-	add	%r14d,	%ecx
-	add	%r15d,	%edx
-
-	# loop control
-	add	\$64,		%rsi		# ptr += 64
-	cmp	%rdi,		%rsi		# cmp end with ptr
-	jb	.Lloop				# jmp if ptr < end
-	# END of loop over 16-word blocks
-
-.Lend:
-	mov	%eax,		0*4(%rbp)	# ctx->A = A
-	mov	%ebx,		1*4(%rbp)	# ctx->B = B
-	mov	%ecx,		2*4(%rbp)	# ctx->C = C
-	mov	%edx,		3*4(%rbp)	# ctx->D = D
-
-	mov	(%rsp),%r15
-	mov	8(%rsp),%r14
-	mov	16(%rsp),%r12
-	mov	24(%rsp),%rbx
-	mov	32(%rsp),%rbp
-	add	\$40,%rsp
-.Lepilogue:
-	ret
-.size md5_block_asm_data_order,.-md5_block_asm_data_order
-EOF
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-my $rec="%rcx";
-my $frame="%rdx";
-my $context="%r8";
-my $disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	se_handler,\@abi-omnipotent
-.align	16
-se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	lea	.Lprologue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<.Lprologue
-	jb	.Lin_prologue
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	lea	.Lepilogue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
-	jae	.Lin_prologue
-
-	lea	40(%rax),%rax
-
-	mov	-8(%rax),%rbp
-	mov	-16(%rax),%rbx
-	mov	-24(%rax),%r12
-	mov	-32(%rax),%r14
-	mov	-40(%rax),%r15
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-.Lin_prologue:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	se_handler,.-se_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_md5_block_asm_data_order
-	.rva	.LSEH_end_md5_block_asm_data_order
-	.rva	.LSEH_info_md5_block_asm_data_order
-
-.section	.xdata
-.align	8
-.LSEH_info_md5_block_asm_data_order:
-	.byte	9,0,0,0
-	.rva	se_handler
-___
-}
-
-print $code;
-
-close STDOUT;
diff --git a/crypto/md5/md5.c b/crypto/md5/md5.c
deleted file mode 100644
index 563733abc5..0000000000
--- a/crypto/md5/md5.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* crypto/md5/md5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md5.h>
-
-#define BUFSIZE	1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
-int read(int, void *, unsigned int);
-#endif
-
-int main(int argc, char **argv)
-	{
-	int i,err=0;
-	FILE *IN;
-
-	if (argc == 1)
-		{
-		do_fp(stdin);
-		}
-	else
-		{
-		for (i=1; i<argc; i++)
-			{
-			IN=fopen(argv[i],"r");
-			if (IN == NULL)
-				{
-				perror(argv[i]);
-				err++;
-				continue;
-				}
-			printf("MD5(%s)= ",argv[i]);
-			do_fp(IN);
-			fclose(IN);
-			}
-		}
-	exit(err);
-	}
-
-void do_fp(FILE *f)
-	{
-	MD5_CTX c;
-	unsigned char md[MD5_DIGEST_LENGTH];
-	int fd;
-	int i;
-	static unsigned char buf[BUFSIZE];
-
-	fd=fileno(f);
-	MD5_Init(&c);
-	for (;;)
-		{
-		i=read(fd,buf,BUFSIZE);
-		if (i <= 0) break;
-		MD5_Update(&c,buf,(unsigned long)i);
-		}
-	MD5_Final(&(md[0]),&c);
-	pt(md);
-	}
-
-void pt(unsigned char *md)
-	{
-	int i;
-
-	for (i=0; i<MD5_DIGEST_LENGTH; i++)
-		printf("%02x",md[i]);
-	printf("\n");
-	}
-
diff --git a/crypto/md5/md5.h b/crypto/md5/md5.h
deleted file mode 100644
index 541cc925fe..0000000000
--- a/crypto/md5/md5.h
+++ /dev/null
@@ -1,120 +0,0 @@
-/* crypto/md5/md5.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MD5_H
-#define HEADER_MD5_H
-
-#include <openssl/e_os2.h>
-#include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MD5
-#error MD5 is disabled.
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! MD5_LONG_LOG2 has to be defined along.			   !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(__LP32__)
-#define MD5_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define MD5_LONG unsigned long
-#define MD5_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- *					<appro@fy.chalmers.se>
- */
-#else
-#define MD5_LONG unsigned int
-#endif
-
-#define MD5_CBLOCK	64
-#define MD5_LBLOCK	(MD5_CBLOCK/4)
-#define MD5_DIGEST_LENGTH 16
-
-typedef struct MD5state_st
-	{
-	MD5_LONG A,B,C,D;
-	MD5_LONG Nl,Nh;
-	MD5_LONG data[MD5_LBLOCK];
-	unsigned int num;
-	} MD5_CTX;
-
-#ifdef OPENSSL_FIPS
-int private_MD5_Init(MD5_CTX *c);
-#endif
-int MD5_Init(MD5_CTX *c);
-int MD5_Update(MD5_CTX *c, const void *data, size_t len);
-int MD5_Final(unsigned char *md, MD5_CTX *c);
-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
-void MD5_Transform(MD5_CTX *c, const unsigned char *b);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c
deleted file mode 100644
index 265890de52..0000000000
--- a/crypto/md5/md5_dgst.c
+++ /dev/null
@@ -1,185 +0,0 @@
-/* crypto/md5/md5_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "md5_locl.h"
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-
-const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
-
-/* Implemented from RFC1321 The MD5 Message-Digest Algorithm
- */
-
-#define INIT_DATA_A (unsigned long)0x67452301L
-#define INIT_DATA_B (unsigned long)0xefcdab89L
-#define INIT_DATA_C (unsigned long)0x98badcfeL
-#define INIT_DATA_D (unsigned long)0x10325476L
-
-fips_md_init(MD5)
-	{
-	memset (c,0,sizeof(*c));
-	c->A=INIT_DATA_A;
-	c->B=INIT_DATA_B;
-	c->C=INIT_DATA_C;
-	c->D=INIT_DATA_D;
-	return 1;
-	}
-
-#ifndef md5_block_data_order
-#ifdef X
-#undef X
-#endif
-void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num)
-	{
-	const unsigned char *data=data_;
-	register unsigned MD32_REG_T A,B,C,D,l;
-#ifndef MD32_XARRAY
-	/* See comment in crypto/sha/sha_locl.h for details. */
-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-# define X(i)	XX##i
-#else
-	MD5_LONG XX[MD5_LBLOCK];
-# define X(i)	XX[i]
-#endif
-
-	A=c->A;
-	B=c->B;
-	C=c->C;
-	D=c->D;
-
-	for (;num--;)
-		{
-	HOST_c2l(data,l); X( 0)=l;		HOST_c2l(data,l); X( 1)=l;
-	/* Round 0 */
-	R0(A,B,C,D,X( 0), 7,0xd76aa478L);	HOST_c2l(data,l); X( 2)=l;
-	R0(D,A,B,C,X( 1),12,0xe8c7b756L);	HOST_c2l(data,l); X( 3)=l;
-	R0(C,D,A,B,X( 2),17,0x242070dbL);	HOST_c2l(data,l); X( 4)=l;
-	R0(B,C,D,A,X( 3),22,0xc1bdceeeL);	HOST_c2l(data,l); X( 5)=l;
-	R0(A,B,C,D,X( 4), 7,0xf57c0fafL);	HOST_c2l(data,l); X( 6)=l;
-	R0(D,A,B,C,X( 5),12,0x4787c62aL);	HOST_c2l(data,l); X( 7)=l;
-	R0(C,D,A,B,X( 6),17,0xa8304613L);	HOST_c2l(data,l); X( 8)=l;
-	R0(B,C,D,A,X( 7),22,0xfd469501L);	HOST_c2l(data,l); X( 9)=l;
-	R0(A,B,C,D,X( 8), 7,0x698098d8L);	HOST_c2l(data,l); X(10)=l;
-	R0(D,A,B,C,X( 9),12,0x8b44f7afL);	HOST_c2l(data,l); X(11)=l;
-	R0(C,D,A,B,X(10),17,0xffff5bb1L);	HOST_c2l(data,l); X(12)=l;
-	R0(B,C,D,A,X(11),22,0x895cd7beL);	HOST_c2l(data,l); X(13)=l;
-	R0(A,B,C,D,X(12), 7,0x6b901122L);	HOST_c2l(data,l); X(14)=l;
-	R0(D,A,B,C,X(13),12,0xfd987193L);	HOST_c2l(data,l); X(15)=l;
-	R0(C,D,A,B,X(14),17,0xa679438eL);
-	R0(B,C,D,A,X(15),22,0x49b40821L);
-	/* Round 1 */
-	R1(A,B,C,D,X( 1), 5,0xf61e2562L);
-	R1(D,A,B,C,X( 6), 9,0xc040b340L);
-	R1(C,D,A,B,X(11),14,0x265e5a51L);
-	R1(B,C,D,A,X( 0),20,0xe9b6c7aaL);
-	R1(A,B,C,D,X( 5), 5,0xd62f105dL);
-	R1(D,A,B,C,X(10), 9,0x02441453L);
-	R1(C,D,A,B,X(15),14,0xd8a1e681L);
-	R1(B,C,D,A,X( 4),20,0xe7d3fbc8L);
-	R1(A,B,C,D,X( 9), 5,0x21e1cde6L);
-	R1(D,A,B,C,X(14), 9,0xc33707d6L);
-	R1(C,D,A,B,X( 3),14,0xf4d50d87L);
-	R1(B,C,D,A,X( 8),20,0x455a14edL);
-	R1(A,B,C,D,X(13), 5,0xa9e3e905L);
-	R1(D,A,B,C,X( 2), 9,0xfcefa3f8L);
-	R1(C,D,A,B,X( 7),14,0x676f02d9L);
-	R1(B,C,D,A,X(12),20,0x8d2a4c8aL);
-	/* Round 2 */
-	R2(A,B,C,D,X( 5), 4,0xfffa3942L);
-	R2(D,A,B,C,X( 8),11,0x8771f681L);
-	R2(C,D,A,B,X(11),16,0x6d9d6122L);
-	R2(B,C,D,A,X(14),23,0xfde5380cL);
-	R2(A,B,C,D,X( 1), 4,0xa4beea44L);
-	R2(D,A,B,C,X( 4),11,0x4bdecfa9L);
-	R2(C,D,A,B,X( 7),16,0xf6bb4b60L);
-	R2(B,C,D,A,X(10),23,0xbebfbc70L);
-	R2(A,B,C,D,X(13), 4,0x289b7ec6L);
-	R2(D,A,B,C,X( 0),11,0xeaa127faL);
-	R2(C,D,A,B,X( 3),16,0xd4ef3085L);
-	R2(B,C,D,A,X( 6),23,0x04881d05L);
-	R2(A,B,C,D,X( 9), 4,0xd9d4d039L);
-	R2(D,A,B,C,X(12),11,0xe6db99e5L);
-	R2(C,D,A,B,X(15),16,0x1fa27cf8L);
-	R2(B,C,D,A,X( 2),23,0xc4ac5665L);
-	/* Round 3 */
-	R3(A,B,C,D,X( 0), 6,0xf4292244L);
-	R3(D,A,B,C,X( 7),10,0x432aff97L);
-	R3(C,D,A,B,X(14),15,0xab9423a7L);
-	R3(B,C,D,A,X( 5),21,0xfc93a039L);
-	R3(A,B,C,D,X(12), 6,0x655b59c3L);
-	R3(D,A,B,C,X( 3),10,0x8f0ccc92L);
-	R3(C,D,A,B,X(10),15,0xffeff47dL);
-	R3(B,C,D,A,X( 1),21,0x85845dd1L);
-	R3(A,B,C,D,X( 8), 6,0x6fa87e4fL);
-	R3(D,A,B,C,X(15),10,0xfe2ce6e0L);
-	R3(C,D,A,B,X( 6),15,0xa3014314L);
-	R3(B,C,D,A,X(13),21,0x4e0811a1L);
-	R3(A,B,C,D,X( 4), 6,0xf7537e82L);
-	R3(D,A,B,C,X(11),10,0xbd3af235L);
-	R3(C,D,A,B,X( 2),15,0x2ad7d2bbL);
-	R3(B,C,D,A,X( 9),21,0xeb86d391L);
-
-	A = c->A += A;
-	B = c->B += B;
-	C = c->C += C;
-	D = c->D += D;
-		}
-	}
-#endif
diff --git a/crypto/md5/md5_locl.h b/crypto/md5/md5_locl.h
deleted file mode 100644
index 74d63d1f9c..0000000000
--- a/crypto/md5/md5_locl.h
+++ /dev/null
@@ -1,130 +0,0 @@
-/* crypto/md5/md5_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/e_os2.h>
-#include <openssl/md5.h>
-
-#ifndef MD5_LONG_LOG2
-#define MD5_LONG_LOG2 2 /* default to 32 bits */
-#endif
-
-#ifdef MD5_ASM
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \
-     defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
-#  define md5_block_data_order md5_block_asm_data_order
-# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
-#  define md5_block_data_order md5_block_asm_data_order
-# endif
-#endif
-
-void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);
-
-#define DATA_ORDER_IS_LITTLE_ENDIAN
-
-#define HASH_LONG		MD5_LONG
-#define HASH_CTX		MD5_CTX
-#define HASH_CBLOCK		MD5_CBLOCK
-#define HASH_UPDATE		MD5_Update
-#define HASH_TRANSFORM		MD5_Transform
-#define HASH_FINAL		MD5_Final
-#define	HASH_MAKE_STRING(c,s)	do {	\
-	unsigned long ll;		\
-	ll=(c)->A; (void)HOST_l2c(ll,(s));	\
-	ll=(c)->B; (void)HOST_l2c(ll,(s));	\
-	ll=(c)->C; (void)HOST_l2c(ll,(s));	\
-	ll=(c)->D; (void)HOST_l2c(ll,(s));	\
-	} while (0)
-#define	HASH_BLOCK_DATA_ORDER	md5_block_data_order
-
-#include "md32_common.h"
-
-/*
-#define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z)))
-#define	G(x,y,z)	(((x) & (z))  |  ((y) & (~(z))))
-*/
-
-/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
- * simplified to the code below.  Wei attributes these optimizations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- */
-#define	F(b,c,d)	((((c) ^ (d)) & (b)) ^ (d))
-#define	G(b,c,d)	((((b) ^ (c)) & (d)) ^ (c))
-#define	H(b,c,d)	((b) ^ (c) ^ (d))
-#define	I(b,c,d)	(((~(d)) | (b)) ^ (c))
-
-#define R0(a,b,c,d,k,s,t) { \
-	a+=((k)+(t)+F((b),(c),(d))); \
-	a=ROTATE(a,s); \
-	a+=b; };\
-
-#define R1(a,b,c,d,k,s,t) { \
-	a+=((k)+(t)+G((b),(c),(d))); \
-	a=ROTATE(a,s); \
-	a+=b; };
-
-#define R2(a,b,c,d,k,s,t) { \
-	a+=((k)+(t)+H((b),(c),(d))); \
-	a=ROTATE(a,s); \
-	a+=b; };
-
-#define R3(a,b,c,d,k,s,t) { \
-	a+=((k)+(t)+I((b),(c),(d))); \
-	a=ROTATE(a,s); \
-	a+=b; };
diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c
deleted file mode 100644
index 43fee89379..0000000000
--- a/crypto/md5/md5_one.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* crypto/md5/md5_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/md5.h>
-#include <openssl/crypto.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	MD5_CTX c;
-	static unsigned char m[MD5_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	if (!MD5_Init(&c))
-		return NULL;
-#ifndef CHARSET_EBCDIC
-	MD5_Update(&c,d,n);
-#else
-	{
-		char temp[1024];
-		unsigned long chunk;
-
-		while (n > 0)
-		{
-			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
-			ebcdic2ascii(temp, d, chunk);
-			MD5_Update(&c,temp,chunk);
-			n -= chunk;
-			d += chunk;
-		}
-	}
-#endif
-	MD5_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-	return(md);
-	}
-
diff --git a/crypto/md5/md5s.cpp b/crypto/md5/md5s.cpp
deleted file mode 100644
index dd343fd4e6..0000000000
--- a/crypto/md5/md5s.cpp
+++ /dev/null
@@ -1,78 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
-  asm volatile(".byte 15, 49\n\t"
-	       : "=eax" (tsc)
-	       :
-	       : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
-  unsigned long a;
-  __asm _emit 0fh
-  __asm _emit 31h
-  __asm mov a, eax;
-  tsc=a;
-}
-#endif      
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md5.h>
-
-extern "C" {
-void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
-}
-
-void main(int argc,char *argv[])
-	{
-	unsigned char buffer[64*256];
-	MD5_CTX ctx;
-	unsigned long s1,s2,e1,e2;
-	unsigned char k[16];
-	unsigned long data[2];
-	unsigned char iv[8];
-	int i,num=0,numm;
-	int j=0;
-
-	if (argc >= 2)
-		num=atoi(argv[1]);
-
-	if (num == 0) num=16;
-	if (num > 250) num=16;
-	numm=num+2;
-	num*=64;
-	numm*=64;
-
-	for (j=0; j<6; j++)
-		{
-		for (i=0; i<10; i++) /**/
-			{
-			md5_block_x86(&ctx,buffer,numm);
-			GetTSC(s1);
-			md5_block_x86(&ctx,buffer,numm);
-			GetTSC(e1);
-			GetTSC(s2);
-			md5_block_x86(&ctx,buffer,num);
-			GetTSC(e2);
-			md5_block_x86(&ctx,buffer,num);
-			}
-		printf("md5 (%d bytes) %d %d (%.2f)\n",num,
-			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
-		}
-	}
-
diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c
deleted file mode 100644
index 2b37190e32..0000000000
--- a/crypto/md5/md5test.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/* crypto/md5/md5test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_MD5
-int main(int argc, char *argv[])
-{
-    printf("No MD5 support\n");
-    return(0);
-}
-#else
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-
-static char *test[]={
-	"",
-	"a",
-	"abc",
-	"message digest",
-	"abcdefghijklmnopqrstuvwxyz",
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-	"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
-	NULL,
-	};
-
-static char *ret[]={
-	"d41d8cd98f00b204e9800998ecf8427e",
-	"0cc175b9c0f1b6a831c399e269772661",
-	"900150983cd24fb0d6963f7d28e17f72",
-	"f96b697d7cb7938d525a2f31aaf161d0",
-	"c3fcd3d76192e4007dfb496cca67e13b",
-	"d174ab98d277d9f5a5611c2c9f419d9f",
-	"57edf4a22be3c955ac49da2e2107b67a",
-	};
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-	{
-	int i,err=0;
-	char **P,**R;
-	char *p;
-	unsigned char md[MD5_DIGEST_LENGTH];
-
-	P=test;
-	R=ret;
-	i=1;
-	while (*P != NULL)
-		{
-		EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md5(), NULL);
-		p=pt(md);
-		if (strcmp(p,(char *)*R) != 0)
-			{
-			printf("error calculating MD5 on '%s'\n",*P);
-			printf("got %s instead of %s\n",p,*R);
-			err++;
-			}
-		else
-			printf("test %d ok\n",i);
-		i++;
-		R++;
-		P++;
-		}
-
-#ifdef OPENSSL_SYS_NETWARE
-    if (err) printf("ERROR: %d\n", err);
-#endif
-	EXIT(err);
-	return(0);
-	}
-
-static char *pt(unsigned char *md)
-	{
-	int i;
-	static char buf[80];
-
-	for (i=0; i<MD5_DIGEST_LENGTH; i++)
-		sprintf(&(buf[i*2]),"%02x",md[i]);
-	return(buf);
-	}
-#endif
diff --git a/crypto/mdc2/mdc2.h b/crypto/mdc2/mdc2.h
deleted file mode 100644
index f3e8e579d2..0000000000
--- a/crypto/mdc2/mdc2.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/* crypto/mdc2/mdc2.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MDC2_H
-#define HEADER_MDC2_H
-
-#include <openssl/des.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MDC2
-#error MDC2 is disabled.
-#endif
-
-#define MDC2_BLOCK              8
-#define MDC2_DIGEST_LENGTH      16
- 
-typedef struct mdc2_ctx_st
-	{
-	unsigned int num;
-	unsigned char data[MDC2_BLOCK];
-	DES_cblock h,hh;
-	int pad_type; /* either 1 or 2, default 1 */
-	} MDC2_CTX;
-
-
-#ifdef OPENSSL_FIPS
-int private_MDC2_Init(MDC2_CTX *c);
-#endif
-int MDC2_Init(MDC2_CTX *c);
-int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
-int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-unsigned char *MDC2(const unsigned char *d, size_t n,
-	unsigned char *md);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c
deleted file mode 100644
index 72647f67ed..0000000000
--- a/crypto/mdc2/mdc2_one.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/* crypto/mdc2/mdc2_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/mdc2.h>
-
-unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	MDC2_CTX c;
-	static unsigned char m[MDC2_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	if (!MDC2_Init(&c))
-		return NULL;
-	MDC2_Update(&c,d,n);
-        MDC2_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-	return(md);
-	}
-
diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
deleted file mode 100644
index d66ed6a1c6..0000000000
--- a/crypto/mdc2/mdc2dgst.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/* crypto/mdc2/mdc2dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/des.h>
-#include <openssl/mdc2.h>
-
-#undef c2l
-#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
-			 l|=((DES_LONG)(*((c)++)))<< 8L, \
-			 l|=((DES_LONG)(*((c)++)))<<16L, \
-			 l|=((DES_LONG)(*((c)++)))<<24L)
-
-#undef l2c
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
-			*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			*((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
-fips_md_init(MDC2)
-	{
-	c->num=0;
-	c->pad_type=1;
-	memset(&(c->h[0]),0x52,MDC2_BLOCK);
-	memset(&(c->hh[0]),0x25,MDC2_BLOCK);
-	return 1;
-	}
-
-int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
-	{
-	size_t i,j;
-
-	i=c->num;
-	if (i != 0)
-		{
-		if (i+len < MDC2_BLOCK)
-			{
-			/* partial block */
-			memcpy(&(c->data[i]),in,len);
-			c->num+=(int)len;
-			return 1;
-			}
-		else
-			{
-			/* filled one */
-			j=MDC2_BLOCK-i;
-			memcpy(&(c->data[i]),in,j);
-			len-=j;
-			in+=j;
-			c->num=0;
-			mdc2_body(c,&(c->data[0]),MDC2_BLOCK);
-			}
-		}
-	i=len&~((size_t)MDC2_BLOCK-1);
-	if (i > 0) mdc2_body(c,in,i);
-	j=len-i;
-	if (j > 0)
-		{
-		memcpy(&(c->data[0]),&(in[i]),j);
-		c->num=(int)j;
-		}
-	return 1;
-	}
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
-	{
-	register DES_LONG tin0,tin1;
-	register DES_LONG ttin0,ttin1;
-	DES_LONG d[2],dd[2];
-	DES_key_schedule k;
-	unsigned char *p;
-	size_t i;
-
-	for (i=0; i<len; i+=8)
-		{
-		c2l(in,tin0); d[0]=dd[0]=tin0;
-		c2l(in,tin1); d[1]=dd[1]=tin1;
-		c->h[0]=(c->h[0]&0x9f)|0x40;
-		c->hh[0]=(c->hh[0]&0x9f)|0x20;
-
-		DES_set_odd_parity(&c->h);
-		DES_set_key_unchecked(&c->h,&k);
-		DES_encrypt1(d,&k,1);
-
-		DES_set_odd_parity(&c->hh);
-		DES_set_key_unchecked(&c->hh,&k);
-		DES_encrypt1(dd,&k,1);
-
-		ttin0=tin0^dd[0];
-		ttin1=tin1^dd[1];
-		tin0^=d[0];
-		tin1^=d[1];
-
-		p=c->h;
-		l2c(tin0,p);
-		l2c(ttin1,p);
-		p=c->hh;
-		l2c(ttin0,p);
-		l2c(tin1,p);
-		}
-	}
-
-int MDC2_Final(unsigned char *md, MDC2_CTX *c)
-	{
-	unsigned int i;
-	int j;
-
-	i=c->num;
-	j=c->pad_type;
-	if ((i > 0) || (j == 2))
-		{
-		if (j == 2)
-			c->data[i++]=0x80;
-		memset(&(c->data[i]),0,MDC2_BLOCK-i);
-		mdc2_body(c,c->data,MDC2_BLOCK);
-		}
-	memcpy(md,(char *)c->h,MDC2_BLOCK);
-	memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK);
-	return 1;
-	}
-
-#undef TEST
-
-#ifdef TEST
-main()
-	{
-	unsigned char md[MDC2_DIGEST_LENGTH];
-	int i;
-	MDC2_CTX c;
-	static char *text="Now is the time for all ";
-
-	MDC2_Init(&c);
-	MDC2_Update(&c,text,strlen(text));
-	MDC2_Final(&(md[0]),&c);
-
-	for (i=0; i<MDC2_DIGEST_LENGTH; i++)
-		printf("%02X",md[i]);
-	printf("\n");
-	}
-
-#endif
diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c
deleted file mode 100644
index 017b31add2..0000000000
--- a/crypto/mdc2/mdc2test.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/* crypto/mdc2/mdc2test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2)
-#define OPENSSL_NO_MDC2
-#endif
-
-#ifdef OPENSSL_NO_MDC2
-int main(int argc, char *argv[])
-{
-    printf("No MDC2 support\n");
-    return(0);
-}
-#else
-#include <openssl/evp.h>
-#include <openssl/mdc2.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-static unsigned char pad1[16]={
-	0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA,
-	0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A
-	};
-
-static unsigned char pad2[16]={
-	0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75,
-	0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2
-	};
-
-int main(int argc, char *argv[])
-	{
-	int ret=0;
-	unsigned char md[MDC2_DIGEST_LENGTH];
-	int i;
-	EVP_MD_CTX c;
-	static char *text="Now is the time for all ";
-
-#ifdef CHARSET_EBCDIC
-	ebcdic2ascii(text,text,strlen(text));
-#endif
-
-	EVP_MD_CTX_init(&c);
-	EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
-	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
-	EVP_DigestFinal_ex(&c,&(md[0]),NULL);
-
-	if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
-		{
-		for (i=0; i<MDC2_DIGEST_LENGTH; i++)
-			printf("%02X",md[i]);
-		printf(" <- generated\n");
-		for (i=0; i<MDC2_DIGEST_LENGTH; i++)
-			printf("%02X",pad1[i]);
-		printf(" <- correct\n");
-		ret=1;
-		}
-	else
-		printf("pad1 - ok\n");
-
-	EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
-	/* FIXME: use a ctl function? */
-	((MDC2_CTX *)c.md_data)->pad_type=2;
-	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
-	EVP_DigestFinal_ex(&c,&(md[0]),NULL);
-
-	if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
-		{
-		for (i=0; i<MDC2_DIGEST_LENGTH; i++)
-			printf("%02X",md[i]);
-		printf(" <- generated\n");
-		for (i=0; i<MDC2_DIGEST_LENGTH; i++)
-			printf("%02X",pad2[i]);
-		printf(" <- correct\n");
-		ret=1;
-		}
-	else
-		printf("pad2 - ok\n");
-
-	EVP_MD_CTX_cleanup(&c);
-#ifdef OPENSSL_SYS_NETWARE
-    if (ret) printf("ERROR: %d\n", ret);
-#endif
-	EXIT(ret);
-	return(ret);
-	}
-#endif
diff --git a/crypto/mem.c b/crypto/mem.c
deleted file mode 100644
index 01052cfa38..0000000000
--- a/crypto/mem.c
+++ /dev/null
@@ -1,424 +0,0 @@
-/* crypto/mem.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-
-
-static int allow_customize = 1;      /* we provide flexible functions for */
-static int allow_customize_debug = 1;/* exchanging memory-related functions at
-                                      * run-time, but this must be done
-                                      * before any blocks are actually
-                                      * allocated; or we'll run into huge
-                                      * problems when malloc/free pairs
-                                      * don't match etc. */
-
-
-
-/* the following pointers may be changed as long as 'allow_customize' is set */
-
-static void *(*malloc_func)(size_t)         = malloc;
-static void *default_malloc_ex(size_t num, const char *file, int line)
-	{ return malloc_func(num); }
-static void *(*malloc_ex_func)(size_t, const char *file, int line)
-        = default_malloc_ex;
-
-static void *(*realloc_func)(void *, size_t)= realloc;
-static void *default_realloc_ex(void *str, size_t num,
-        const char *file, int line)
-	{ return realloc_func(str,num); }
-static void *(*realloc_ex_func)(void *, size_t, const char *file, int line)
-        = default_realloc_ex;
-
-static void (*free_func)(void *)            = free;
-
-static void *(*malloc_locked_func)(size_t)  = malloc;
-static void *default_malloc_locked_ex(size_t num, const char *file, int line)
-	{ return malloc_locked_func(num); }
-static void *(*malloc_locked_ex_func)(size_t, const char *file, int line)
-        = default_malloc_locked_ex;
-
-static void (*free_locked_func)(void *)     = free;
-
-
-
-/* may be changed as long as 'allow_customize_debug' is set */
-/* XXX use correct function pointer types */
-#ifdef CRYPTO_MDEBUG
-/* use default functions from mem_dbg.c */
-static void (*malloc_debug_func)(void *,int,const char *,int,int)
-	= CRYPTO_dbg_malloc;
-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
-	= CRYPTO_dbg_realloc;
-static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
-static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
-static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
-#else
-/* applications can use CRYPTO_malloc_debug_init() to select above case
- * at run-time */
-static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL;
-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
-	= NULL;
-static void (*free_debug_func)(void *,int) = NULL;
-static void (*set_debug_options_func)(long) = NULL;
-static long (*get_debug_options_func)(void) = NULL;
-#endif
-
-int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
-	void (*f)(void *))
-	{
-	/* Dummy call just to ensure OPENSSL_init() gets linked in */
-	OPENSSL_init();
-	if (!allow_customize)
-		return 0;
-	if ((m == 0) || (r == 0) || (f == 0))
-		return 0;
-	malloc_func=m; malloc_ex_func=default_malloc_ex;
-	realloc_func=r; realloc_ex_func=default_realloc_ex;
-	free_func=f;
-	malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
-	free_locked_func=f;
-	return 1;
-	}
-
-int CRYPTO_set_mem_ex_functions(
-        void *(*m)(size_t,const char *,int),
-        void *(*r)(void *, size_t,const char *,int),
-	void (*f)(void *))
-	{
-	if (!allow_customize)
-		return 0;
-	if ((m == 0) || (r == 0) || (f == 0))
-		return 0;
-	malloc_func=0; malloc_ex_func=m;
-	realloc_func=0; realloc_ex_func=r;
-	free_func=f;
-	malloc_locked_func=0; malloc_locked_ex_func=m;
-	free_locked_func=f;
-	return 1;
-	}
-
-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *))
-	{
-	if (!allow_customize)
-		return 0;
-	if ((m == NULL) || (f == NULL))
-		return 0;
-	malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
-	free_locked_func=f;
-	return 1;
-	}
-
-int CRYPTO_set_locked_mem_ex_functions(
-        void *(*m)(size_t,const char *,int),
-        void (*f)(void *))
-	{
-	if (!allow_customize)
-		return 0;
-	if ((m == NULL) || (f == NULL))
-		return 0;
-	malloc_locked_func=0; malloc_locked_ex_func=m;
-	free_func=f;
-	return 1;
-	}
-
-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
-				   void (*r)(void *,void *,int,const char *,int,int),
-				   void (*f)(void *,int),
-				   void (*so)(long),
-				   long (*go)(void))
-	{
-	if (!allow_customize_debug)
-		return 0;
-	OPENSSL_init();
-	malloc_debug_func=m;
-	realloc_debug_func=r;
-	free_debug_func=f;
-	set_debug_options_func=so;
-	get_debug_options_func=go;
-	return 1;
-	}
-
-
-void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t),
-	void (**f)(void *))
-	{
-	if (m != NULL) *m = (malloc_ex_func == default_malloc_ex) ? 
-	                     malloc_func : 0;
-	if (r != NULL) *r = (realloc_ex_func == default_realloc_ex) ? 
-	                     realloc_func : 0;
-	if (f != NULL) *f=free_func;
-	}
-
-void CRYPTO_get_mem_ex_functions(
-        void *(**m)(size_t,const char *,int),
-        void *(**r)(void *, size_t,const char *,int),
-	void (**f)(void *))
-	{
-	if (m != NULL) *m = (malloc_ex_func != default_malloc_ex) ?
-	                    malloc_ex_func : 0;
-	if (r != NULL) *r = (realloc_ex_func != default_realloc_ex) ?
-	                    realloc_ex_func : 0;
-	if (f != NULL) *f=free_func;
-	}
-
-void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *))
-	{
-	if (m != NULL) *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? 
-	                     malloc_locked_func : 0;
-	if (f != NULL) *f=free_locked_func;
-	}
-
-void CRYPTO_get_locked_mem_ex_functions(
-        void *(**m)(size_t,const char *,int),
-        void (**f)(void *))
-	{
-	if (m != NULL) *m = (malloc_locked_ex_func != default_malloc_locked_ex) ?
-	                    malloc_locked_ex_func : 0;
-	if (f != NULL) *f=free_locked_func;
-	}
-
-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
-				    void (**r)(void *,void *,int,const char *,int,int),
-				    void (**f)(void *,int),
-				    void (**so)(long),
-				    long (**go)(void))
-	{
-	if (m != NULL) *m=malloc_debug_func;
-	if (r != NULL) *r=realloc_debug_func;
-	if (f != NULL) *f=free_debug_func;
-	if (so != NULL) *so=set_debug_options_func;
-	if (go != NULL) *go=get_debug_options_func;
-	}
-
-
-void *CRYPTO_malloc_locked(int num, const char *file, int line)
-	{
-	void *ret = NULL;
-
-	if (num <= 0) return NULL;
-
-	if(allow_customize)
-		allow_customize = 0;
-	if (malloc_debug_func != NULL)
-		{
-		if(allow_customize_debug)
-			allow_customize_debug = 0;
-		malloc_debug_func(NULL, num, file, line, 0);
-		}
-	ret = malloc_locked_ex_func(num,file,line);
-#ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
-#endif
-	if (malloc_debug_func != NULL)
-		malloc_debug_func(ret, num, file, line, 1);
-
-#ifndef OPENSSL_CPUID_OBJ
-        /* Create a dependency on the value of 'cleanse_ctr' so our memory
-         * sanitisation function can't be optimised out. NB: We only do
-         * this for >2Kb so the overhead doesn't bother us. */
-        if(ret && (num > 2048))
-	{	extern unsigned char cleanse_ctr;
-		((unsigned char *)ret)[0] = cleanse_ctr;
-	}
-#endif
-
-	return ret;
-	}
-
-void CRYPTO_free_locked(void *str)
-	{
-	if (free_debug_func != NULL)
-		free_debug_func(str, 0);
-#ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
-#endif
-	free_locked_func(str);
-	if (free_debug_func != NULL)
-		free_debug_func(NULL, 1);
-	}
-
-void *CRYPTO_malloc(int num, const char *file, int line)
-	{
-	void *ret = NULL;
-
-	if (num <= 0) return NULL;
-
-	if(allow_customize)
-		allow_customize = 0;
-	if (malloc_debug_func != NULL)
-		{
-		if(allow_customize_debug)
-			allow_customize_debug = 0;
-		malloc_debug_func(NULL, num, file, line, 0);
-		}
-	ret = malloc_ex_func(num,file,line);
-#ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
-#endif
-	if (malloc_debug_func != NULL)
-		malloc_debug_func(ret, num, file, line, 1);
-
-#ifndef OPENSSL_CPUID_OBJ
-        /* Create a dependency on the value of 'cleanse_ctr' so our memory
-         * sanitisation function can't be optimised out. NB: We only do
-         * this for >2Kb so the overhead doesn't bother us. */
-        if(ret && (num > 2048))
-	{	extern unsigned char cleanse_ctr;
-                ((unsigned char *)ret)[0] = cleanse_ctr;
-	}
-#endif
-
-	return ret;
-	}
-char *CRYPTO_strdup(const char *str, const char *file, int line)
-	{
-	char *ret = CRYPTO_malloc(strlen(str)+1, file, line);
-
-	strcpy(ret, str);
-	return ret;
-	}
-
-void *CRYPTO_realloc(void *str, int num, const char *file, int line)
-	{
-	void *ret = NULL;
-
-	if (str == NULL)
-		return CRYPTO_malloc(num, file, line);
-
-	if (num <= 0) return NULL;
-
-	if (realloc_debug_func != NULL)
-		realloc_debug_func(str, NULL, num, file, line, 0);
-	ret = realloc_ex_func(str,num,file,line);
-#ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str, ret, num);
-#endif
-	if (realloc_debug_func != NULL)
-		realloc_debug_func(str, ret, num, file, line, 1);
-
-	return ret;
-	}
-
-void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
-			   int line)
-	{
-	void *ret = NULL;
-
-	if (str == NULL)
-		return CRYPTO_malloc(num, file, line);
-
-	if (num <= 0) return NULL;
-
-	/* We don't support shrinking the buffer. Note the memcpy that copies
-	 * |old_len| bytes to the new buffer, below. */
-	if (num < old_len) return NULL;
-
-	if (realloc_debug_func != NULL)
-		realloc_debug_func(str, NULL, num, file, line, 0);
-	ret=malloc_ex_func(num,file,line);
-	if(ret)
-		{
-		memcpy(ret,str,old_len);
-		OPENSSL_cleanse(str,old_len);
-		free_func(str);
-		}
-#ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr,
-		"LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n",
-		str, ret, num);
-#endif
-	if (realloc_debug_func != NULL)
-		realloc_debug_func(str, ret, num, file, line, 1);
-
-	return ret;
-	}
-
-void CRYPTO_free(void *str)
-	{
-	if (free_debug_func != NULL)
-		free_debug_func(str, 0);
-#ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
-#endif
-	free_func(str);
-	if (free_debug_func != NULL)
-		free_debug_func(NULL, 1);
-	}
-
-void *CRYPTO_remalloc(void *a, int num, const char *file, int line)
-	{
-	if (a != NULL) OPENSSL_free(a);
-	a=(char *)OPENSSL_malloc(num);
-	return(a);
-	}
-
-void CRYPTO_set_mem_debug_options(long bits)
-	{
-	if (set_debug_options_func != NULL)
-		set_debug_options_func(bits);
-	}
-
-long CRYPTO_get_mem_debug_options(void)
-	{
-	if (get_debug_options_func != NULL)
-		return get_debug_options_func();
-	return 0;
-	}
diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c
deleted file mode 100644
index add1f78020..0000000000
--- a/crypto/mem_clr.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2002.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/crypto.h>
-
-unsigned char cleanse_ctr = 0;
-
-void OPENSSL_cleanse(void *ptr, size_t len)
-	{
-	unsigned char *p = ptr;
-	size_t loop = len, ctr = cleanse_ctr;
-	while(loop--)
-		{
-		*(p++) = (unsigned char)ctr;
-		ctr += (17 + ((size_t)p & 0xF));
-		}
-	p=memchr(ptr, (unsigned char)ctr, len);
-	if(p)
-		ctr += (63 + (size_t)p);
-	cleanse_ctr = (unsigned char)ctr;
-	}
diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c
deleted file mode 100644
index ac793397f1..0000000000
--- a/crypto/mem_dbg.c
+++ /dev/null
@@ -1,874 +0,0 @@
-/* crypto/mem_dbg.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>	
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/lhash.h>
-
-static int mh_mode=CRYPTO_MEM_CHECK_OFF;
-/* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE
- * when the application asks for it (usually after library initialisation
- * for which no book-keeping is desired).
- *
- * State CRYPTO_MEM_CHECK_ON exists only temporarily when the library
- * thinks that certain allocations should not be checked (e.g. the data
- * structures used for memory checking).  It is not suitable as an initial
- * state: the library will unexpectedly enable memory checking when it
- * executes one of those sections that want to disable checking
- * temporarily.
- *
- * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever.
- */
-
-static unsigned long order = 0; /* number of memory requests */
-
-DECLARE_LHASH_OF(MEM);
-static LHASH_OF(MEM) *mh=NULL; /* hash-table of memory requests
-				* (address as key); access requires
-				* MALLOC2 lock */
-
-
-typedef struct app_mem_info_st
-/* For application-defined information (static C-string `info')
- * to be displayed in memory leak list.
- * Each thread has its own stack.  For applications, there is
- *   CRYPTO_push_info("...")     to push an entry,
- *   CRYPTO_pop_info()           to pop an entry,
- *   CRYPTO_remove_all_info()    to pop all entries.
- */
-	{
-	CRYPTO_THREADID threadid;
-	const char *file;
-	int line;
-	const char *info;
-	struct app_mem_info_st *next; /* tail of thread's stack */
-	int references;
-	} APP_INFO;
-
-static void app_info_free(APP_INFO *);
-
-DECLARE_LHASH_OF(APP_INFO);
-static LHASH_OF(APP_INFO) *amih=NULL; /* hash-table with those
-				       * app_mem_info_st's that are at
-				       * the top of their thread's
-				       * stack (with `thread' as key);
-				       * access requires MALLOC2
-				       * lock */
-
-typedef struct mem_st
-/* memory-block description */
-	{
-	void *addr;
-	int num;
-	const char *file;
-	int line;
-	CRYPTO_THREADID threadid;
-	unsigned long order;
-	time_t time;
-	APP_INFO *app_info;
-	} MEM;
-
-static long options =             /* extra information to be recorded */
-#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL)
-	V_CRYPTO_MDEBUG_TIME |
-#endif
-#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL)
-	V_CRYPTO_MDEBUG_THREAD |
-#endif
-	0;
-
-
-static unsigned int num_disable = 0; /* num_disable > 0
-                                      *     iff
-                                      * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE)
-                                      */
-
-/* Valid iff num_disable > 0.  CRYPTO_LOCK_MALLOC2 is locked exactly in this
- * case (by the thread named in disabling_thread).
- */
-static CRYPTO_THREADID disabling_threadid;
-
-static void app_info_free(APP_INFO *inf)
-	{
-	if (--(inf->references) <= 0)
-		{
-		if (inf->next != NULL)
-			{
-			app_info_free(inf->next);
-			}
-		OPENSSL_free(inf);
-		}
-	}
-
-int CRYPTO_mem_ctrl(int mode)
-	{
-	int ret=mh_mode;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-	switch (mode)
-		{
-	/* for applications (not to be called while multiple threads
-	 * use the library): */
-	case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
-		mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;
-		num_disable = 0;
-		break;
-	case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
-		mh_mode = 0;
-		num_disable = 0; /* should be true *before* MemCheck_stop is used,
-		                    or there'll be a lot of confusion */
-		break;
-
-	/* switch off temporarily (for library-internal use): */
-	case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
-		if (mh_mode & CRYPTO_MEM_CHECK_ON)
-			{
-			CRYPTO_THREADID cur;
-			CRYPTO_THREADID_current(&cur);
-			if (!num_disable || CRYPTO_THREADID_cmp(&disabling_threadid, &cur)) /* otherwise we already have the MALLOC2 lock */
-				{
-				/* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while
-				 * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if
-				 * somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot release
-				 * it because we block entry to this function).
-				 * Give them a chance, first, and then claim the locks in
-				 * appropriate order (long-time lock first).
-				 */
-				CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-				/* Note that after we have waited for CRYPTO_LOCK_MALLOC2
-				 * and CRYPTO_LOCK_MALLOC, we'll still be in the right
-				 * "case" and "if" branch because MemCheck_start and
-				 * MemCheck_stop may never be used while there are multiple
-				 * OpenSSL threads. */
-				CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
-				CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-				mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
-				CRYPTO_THREADID_cpy(&disabling_threadid, &cur);
-				}
-			num_disable++;
-			}
-		break;
-	case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
-		if (mh_mode & CRYPTO_MEM_CHECK_ON)
-			{
-			if (num_disable) /* always true, or something is going wrong */
-				{
-				num_disable--;
-				if (num_disable == 0)
-					{
-					mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
-					CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
-					}
-				}
-			}
-		break;
-
-	default:
-		break;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-	return(ret);
-	}
-
-int CRYPTO_is_mem_check_on(void)
-	{
-	int ret = 0;
-
-	if (mh_mode & CRYPTO_MEM_CHECK_ON)
-		{
-		CRYPTO_THREADID cur;
-		CRYPTO_THREADID_current(&cur);
-		CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
-
-		ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
-		        || CRYPTO_THREADID_cmp(&disabling_threadid, &cur);
-
-		CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
-		}
-	return(ret);
-	}	
-
-
-void CRYPTO_dbg_set_options(long bits)
-	{
-	options = bits;
-	}
-
-long CRYPTO_dbg_get_options(void)
-	{
-	return options;
-	}
-
-static int mem_cmp(const MEM *a, const MEM *b)
-	{
-#ifdef _WIN64
-	const char *ap=(const char *)a->addr,
-		   *bp=(const char *)b->addr;
-	if (ap==bp)	return 0;
-	else if (ap>bp)	return 1;
-	else		return -1;
-#else
-	return (const char *)a->addr - (const char *)b->addr;
-#endif
-	}
-static IMPLEMENT_LHASH_COMP_FN(mem, MEM)
-
-static unsigned long mem_hash(const MEM *a)
-	{
-	unsigned long ret;
-
-	ret=(unsigned long)a->addr;
-
-	ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
-	return(ret);
-	}
-static IMPLEMENT_LHASH_HASH_FN(mem, MEM)
-
-/* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */
-static int app_info_cmp(const void *a_void, const void *b_void)
-	{
-	return CRYPTO_THREADID_cmp(&((const APP_INFO *)a_void)->threadid,
-				&((const APP_INFO *)b_void)->threadid);
-	}
-static IMPLEMENT_LHASH_COMP_FN(app_info, APP_INFO)
-
-static unsigned long app_info_hash(const APP_INFO *a)
-	{
-	unsigned long ret;
-
-	ret = CRYPTO_THREADID_hash(&a->threadid);
-	/* This is left in as a "who am I to question legacy?" measure */
-	ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
-	return(ret);
-	}
-static IMPLEMENT_LHASH_HASH_FN(app_info, APP_INFO)
-
-static APP_INFO *pop_info(void)
-	{
-	APP_INFO tmp;
-	APP_INFO *ret = NULL;
-
-	if (amih != NULL)
-		{
-		CRYPTO_THREADID_current(&tmp.threadid);
-		if ((ret=lh_APP_INFO_delete(amih,&tmp)) != NULL)
-			{
-			APP_INFO *next=ret->next;
-
-			if (next != NULL)
-				{
-				next->references++;
-				(void)lh_APP_INFO_insert(amih,next);
-				}
-#ifdef LEVITTE_DEBUG_MEM
-			if (CRYPTO_THREADID_cmp(&ret->threadid, &tmp.threadid))
-				{
-				fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
-					CRYPTO_THREADID_hash(&ret->threadid),
-					CRYPTO_THREADID_hash(&tmp.threadid));
-				abort();
-				}
-#endif
-			if (--(ret->references) <= 0)
-				{
-				ret->next = NULL;
-				if (next != NULL)
-					next->references--;
-				OPENSSL_free(ret);
-				}
-			}
-		}
-	return(ret);
-	}
-
-int CRYPTO_push_info_(const char *info, const char *file, int line)
-	{
-	APP_INFO *ami, *amim;
-	int ret=0;
-
-	if (is_MemCheck_on())
-		{
-		MemCheck_off(); /* obtain MALLOC2 lock */
-
-		if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL)
-			{
-			ret=0;
-			goto err;
-			}
-		if (amih == NULL)
-			{
-			if ((amih=lh_APP_INFO_new()) == NULL)
-				{
-				OPENSSL_free(ami);
-				ret=0;
-				goto err;
-				}
-			}
-
-		CRYPTO_THREADID_current(&ami->threadid);
-		ami->file=file;
-		ami->line=line;
-		ami->info=info;
-		ami->references=1;
-		ami->next=NULL;
-
-		if ((amim=lh_APP_INFO_insert(amih,ami)) != NULL)
-			{
-#ifdef LEVITTE_DEBUG_MEM
-			if (CRYPTO_THREADID_cmp(&ami->threadid, &amim->threadid))
-				{
-				fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
-					CRYPTO_THREADID_hash(&amim->threadid),
-					CRYPTO_THREADID_hash(&ami->threadid));
-				abort();
-				}
-#endif
-			ami->next=amim;
-			}
- err:
-		MemCheck_on(); /* release MALLOC2 lock */
-		}
-
-	return(ret);
-	}
-
-int CRYPTO_pop_info(void)
-	{
-	int ret=0;
-
-	if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */
-		{
-		MemCheck_off(); /* obtain MALLOC2 lock */
-
-		ret=(pop_info() != NULL);
-
-		MemCheck_on(); /* release MALLOC2 lock */
-		}
-	return(ret);
-	}
-
-int CRYPTO_remove_all_info(void)
-	{
-	int ret=0;
-
-	if (is_MemCheck_on()) /* _must_ be true */
-		{
-		MemCheck_off(); /* obtain MALLOC2 lock */
-
-		while(pop_info() != NULL)
-			ret++;
-
-		MemCheck_on(); /* release MALLOC2 lock */
-		}
-	return(ret);
-	}
-
-
-static unsigned long break_order_num=0;
-void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
-	int before_p)
-	{
-	MEM *m,*mm;
-	APP_INFO tmp,*amim;
-
-	switch(before_p & 127)
-		{
-	case 0:
-		break;
-	case 1:
-		if (addr == NULL)
-			break;
-
-		if (is_MemCheck_on())
-			{
-			MemCheck_off(); /* make sure we hold MALLOC2 lock */
-			if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL)
-				{
-				OPENSSL_free(addr);
-				MemCheck_on(); /* release MALLOC2 lock
-				                * if num_disabled drops to 0 */
-				return;
-				}
-			if (mh == NULL)
-				{
-				if ((mh=lh_MEM_new()) == NULL)
-					{
-					OPENSSL_free(addr);
-					OPENSSL_free(m);
-					addr=NULL;
-					goto err;
-					}
-				}
-
-			m->addr=addr;
-			m->file=file;
-			m->line=line;
-			m->num=num;
-			if (options & V_CRYPTO_MDEBUG_THREAD)
-				CRYPTO_THREADID_current(&m->threadid);
-			else
-				memset(&m->threadid, 0, sizeof(m->threadid));
-
-			if (order == break_order_num)
-				{
-				/* BREAK HERE */
-				m->order=order;
-				}
-			m->order=order++;
-#ifdef LEVITTE_DEBUG_MEM
-			fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] %c 0x%p (%d)\n",
-				m->order,
-				(before_p & 128) ? '*' : '+',
-				m->addr, m->num);
-#endif
-			if (options & V_CRYPTO_MDEBUG_TIME)
-				m->time=time(NULL);
-			else
-				m->time=0;
-
-			CRYPTO_THREADID_current(&tmp.threadid);
-			m->app_info=NULL;
-			if (amih != NULL
-			    && (amim=lh_APP_INFO_retrieve(amih,&tmp)) != NULL)
-				{
-				m->app_info = amim;
-				amim->references++;
-				}
-
-			if ((mm=lh_MEM_insert(mh, m)) != NULL)
-				{
-				/* Not good, but don't sweat it */
-				if (mm->app_info != NULL)
-					{
-					mm->app_info->references--;
-					}
-				OPENSSL_free(mm);
-				}
-		err:
-			MemCheck_on(); /* release MALLOC2 lock
-			                * if num_disabled drops to 0 */
-			}
-		break;
-		}
-	return;
-	}
-
-void CRYPTO_dbg_free(void *addr, int before_p)
-	{
-	MEM m,*mp;
-
-	switch(before_p)
-		{
-	case 0:
-		if (addr == NULL)
-			break;
-
-		if (is_MemCheck_on() && (mh != NULL))
-			{
-			MemCheck_off(); /* make sure we hold MALLOC2 lock */
-
-			m.addr=addr;
-			mp=lh_MEM_delete(mh,&m);
-			if (mp != NULL)
-				{
-#ifdef LEVITTE_DEBUG_MEM
-			fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] - 0x%p (%d)\n",
-				mp->order, mp->addr, mp->num);
-#endif
-				if (mp->app_info != NULL)
-					app_info_free(mp->app_info);
-				OPENSSL_free(mp);
-				}
-
-			MemCheck_on(); /* release MALLOC2 lock
-			                * if num_disabled drops to 0 */
-			}
-		break;
-	case 1:
-		break;
-		}
-	}
-
-void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
-	const char *file, int line, int before_p)
-	{
-	MEM m,*mp;
-
-#ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",
-		addr1, addr2, num, file, line, before_p);
-#endif
-
-	switch(before_p)
-		{
-	case 0:
-		break;
-	case 1:
-		if (addr2 == NULL)
-			break;
-
-		if (addr1 == NULL)
-			{
-			CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p);
-			break;
-			}
-
-		if (is_MemCheck_on())
-			{
-			MemCheck_off(); /* make sure we hold MALLOC2 lock */
-
-			m.addr=addr1;
-			mp=lh_MEM_delete(mh,&m);
-			if (mp != NULL)
-				{
-#ifdef LEVITTE_DEBUG_MEM
-				fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] * 0x%p (%d) -> 0x%p (%d)\n",
-					mp->order,
-					mp->addr, mp->num,
-					addr2, num);
-#endif
-				mp->addr=addr2;
-				mp->num=num;
-				(void)lh_MEM_insert(mh,mp);
-				}
-
-			MemCheck_on(); /* release MALLOC2 lock
-			                * if num_disabled drops to 0 */
-			}
-		break;
-		}
-	return;
-	}
-
-
-typedef struct mem_leak_st
-	{
-	BIO *bio;
-	int chunks;
-	long bytes;
-	} MEM_LEAK;
-
-static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l)
-	{
-	char buf[1024];
-	char *bufp = buf;
-	APP_INFO *amip;
-	int ami_cnt;
-	struct tm *lcl = NULL;
-	CRYPTO_THREADID ti;
-
-#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
-
-	if(m->addr == (char *)l->bio)
-	    return;
-
-	if (options & V_CRYPTO_MDEBUG_TIME)
-		{
-		lcl = localtime(&m->time);
-	
-		BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
-			lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
-		bufp += strlen(bufp);
-		}
-
-	BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
-		m->order,m->file,m->line);
-	bufp += strlen(bufp);
-
-	if (options & V_CRYPTO_MDEBUG_THREAD)
-		{
-		BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ",
-			CRYPTO_THREADID_hash(&m->threadid));
-		bufp += strlen(bufp);
-		}
-
-	BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
-		m->num,(unsigned long)m->addr);
-	bufp += strlen(bufp);
-
-	BIO_puts(l->bio,buf);
-	
-	l->chunks++;
-	l->bytes+=m->num;
-
-	amip=m->app_info;
-	ami_cnt=0;
-	if (!amip)
-		return;
-	CRYPTO_THREADID_cpy(&ti, &amip->threadid);
-
-	do
-		{
-		int buf_len;
-		int info_len;
-
-		ami_cnt++;
-		memset(buf,'>',ami_cnt);
-		BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
-			" thread=%lu, file=%s, line=%d, info=\"",
-			CRYPTO_THREADID_hash(&amip->threadid), amip->file,
-			amip->line);
-		buf_len=strlen(buf);
-		info_len=strlen(amip->info);
-		if (128 - buf_len - 3 < info_len)
-			{
-			memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
-			buf_len = 128 - 3;
-			}
-		else
-			{
-			BUF_strlcpy(buf + buf_len, amip->info,
-				    sizeof buf - buf_len);
-			buf_len = strlen(buf);
-			}
-		BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
-		
-		BIO_puts(l->bio,buf);
-
-		amip = amip->next;
-		}
-	while(amip && !CRYPTO_THREADID_cmp(&amip->threadid, &ti));
-
-#ifdef LEVITTE_DEBUG_MEM
-	if (amip)
-		{
-		fprintf(stderr, "Thread switch detected in backtrace!!!!\n");
-		abort();
-		}
-#endif
-	}
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM, MEM_LEAK)
-
-void CRYPTO_mem_leaks(BIO *b)
-	{
-	MEM_LEAK ml;
-
-	if (mh == NULL && amih == NULL)
-		return;
-
-	MemCheck_off(); /* obtain MALLOC2 lock */
-
-	ml.bio=b;
-	ml.bytes=0;
-	ml.chunks=0;
-	if (mh != NULL)
-		lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), MEM_LEAK,
-				 &ml);
-	if (ml.chunks != 0)
-		{
-		BIO_printf(b,"%ld bytes leaked in %d chunks\n",
-			   ml.bytes,ml.chunks);
-#ifdef CRYPTO_MDEBUG_ABORT
-		abort();
-#endif
-		}
-	else
-		{
-		/* Make sure that, if we found no leaks, memory-leak debugging itself
-		 * does not introduce memory leaks (which might irritate
-		 * external debugging tools).
-		 * (When someone enables leak checking, but does not call
-		 * this function, we declare it to be their fault.)
-		 *
-		 * XXX    This should be in CRYPTO_mem_leaks_cb,
-		 * and CRYPTO_mem_leaks should be implemented by
-		 * using CRYPTO_mem_leaks_cb.
-		 * (Also there should be a variant of lh_doall_arg
-		 * that takes a function pointer instead of a void *;
-		 * this would obviate the ugly and illegal
-		 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
-		 * Otherwise the code police will come and get us.)
-		 */
-		int old_mh_mode;
-
-		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-
-		/* avoid deadlock when lh_free() uses CRYPTO_dbg_free(),
-		 * which uses CRYPTO_is_mem_check_on */
-		old_mh_mode = mh_mode;
-		mh_mode = CRYPTO_MEM_CHECK_OFF;
-
-		if (mh != NULL)
-			{
-			lh_MEM_free(mh);
-			mh = NULL;
-			}
-		if (amih != NULL)
-			{
-			if (lh_APP_INFO_num_items(amih) == 0) 
-				{
-				lh_APP_INFO_free(amih);
-				amih = NULL;
-				}
-			}
-
-		mh_mode = old_mh_mode;
-		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-		}
-	MemCheck_on(); /* release MALLOC2 lock */
-	}
-
-#ifndef OPENSSL_NO_FP_API
-void CRYPTO_mem_leaks_fp(FILE *fp)
-	{
-	BIO *b;
-
-	if (mh == NULL) return;
-	/* Need to turn off memory checking when allocated BIOs ... especially
-	 * as we're creating them at a time when we're trying to check we've not
-	 * left anything un-free()'d!! */
-	MemCheck_off();
-	b = BIO_new(BIO_s_file());
-	MemCheck_on();
-	if(!b) return;
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	CRYPTO_mem_leaks(b);
-	BIO_free(b);
-	}
-#endif
-
-
-
-/* FIXME: We really don't allow much to the callback.  For example, it has
-   no chance of reaching the info stack for the item it processes.  Should
-   it really be this way?  -- Richard Levitte */
-/* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h
- * If this code is restructured, remove the callback type if it is no longer
- * needed. -- Geoff Thorpe */
-
-/* Can't pass CRYPTO_MEM_LEAK_CB directly to lh_MEM_doall_arg because it
- * is a function pointer and conversion to void * is prohibited. Instead
- * pass its address
- */
-
-typedef CRYPTO_MEM_LEAK_CB *PCRYPTO_MEM_LEAK_CB;
-
-static void cb_leak_doall_arg(const MEM *m, PCRYPTO_MEM_LEAK_CB *cb)
-	{
-	(*cb)(m->order,m->file,m->line,m->num,m->addr);
-	}
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM, PCRYPTO_MEM_LEAK_CB)
-
-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)
-	{
-	if (mh == NULL) return;
-	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
-	lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), PCRYPTO_MEM_LEAK_CB,
-			 &cb);
-	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
-	}
diff --git a/crypto/modes/asm/ghash-alpha.pl b/crypto/modes/asm/ghash-alpha.pl
deleted file mode 100644
index aa36029386..0000000000
--- a/crypto/modes/asm/ghash-alpha.pl
+++ /dev/null
@@ -1,460 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# March 2010
-#
-# The module implements "4-bit" GCM GHASH function and underlying
-# single multiplication operation in GF(2^128). "4-bit" means that it
-# uses 256 bytes per-key table [+128 bytes shared table]. Even though
-# loops are aggressively modulo-scheduled in respect to references to
-# Htbl and Z.hi updates for 8 cycles per byte, measured performance is
-# ~12 cycles per processed byte on 21264 CPU. It seems to be a dynamic
-# scheduling "glitch," because uprofile(1) indicates uniform sample
-# distribution, as if all instruction bundles execute in 1.5 cycles.
-# Meaning that it could have been even faster, yet 12 cycles is ~60%
-# better than gcc-generated code and ~80% than code generated by vendor
-# compiler.
-
-$cnt="v0";	# $0
-$t0="t0";
-$t1="t1";
-$t2="t2";
-$Thi0="t3";	# $4
-$Tlo0="t4";
-$Thi1="t5";
-$Tlo1="t6";
-$rem="t7";	# $8
-#################
-$Xi="a0";	# $16, input argument block
-$Htbl="a1";
-$inp="a2";
-$len="a3";
-$nlo="a4";	# $20
-$nhi="a5";
-$Zhi="t8";
-$Zlo="t9";
-$Xhi="t10";	# $24
-$Xlo="t11";
-$remp="t12";
-$rem_4bit="AT";	# $28
-
-{ my $N;
-  sub loop() {
-
-	$N++;
-$code.=<<___;
-.align	4
-	extbl	$Xlo,7,$nlo
-	and	$nlo,0xf0,$nhi
-	sll	$nlo,4,$nlo
-	and	$nlo,0xf0,$nlo
-
-	addq	$nlo,$Htbl,$nlo
-	ldq	$Zlo,8($nlo)
-	addq	$nhi,$Htbl,$nhi
-	ldq	$Zhi,0($nlo)
-
-	and	$Zlo,0x0f,$remp
-	sll	$Zhi,60,$t0
-	lda	$cnt,6(zero)
-	extbl	$Xlo,6,$nlo
-
-	ldq	$Tlo1,8($nhi)
-	s8addq	$remp,$rem_4bit,$remp
-	ldq	$Thi1,0($nhi)
-	srl	$Zlo,4,$Zlo
-
-	ldq	$rem,0($remp)
-	srl	$Zhi,4,$Zhi
-	xor	$t0,$Zlo,$Zlo
-	and	$nlo,0xf0,$nhi
-
-	xor	$Tlo1,$Zlo,$Zlo
-	sll	$nlo,4,$nlo
-	xor	$Thi1,$Zhi,$Zhi
-	and	$nlo,0xf0,$nlo
-
-	addq	$nlo,$Htbl,$nlo
-	ldq	$Tlo0,8($nlo)
-	addq	$nhi,$Htbl,$nhi
-	ldq	$Thi0,0($nlo)
-
-.Looplo$N:
-	and	$Zlo,0x0f,$remp
-	sll	$Zhi,60,$t0
-	subq	$cnt,1,$cnt
-	srl	$Zlo,4,$Zlo
-
-	ldq	$Tlo1,8($nhi)
-	xor	$rem,$Zhi,$Zhi
-	ldq	$Thi1,0($nhi)
-	s8addq	$remp,$rem_4bit,$remp
-
-	ldq	$rem,0($remp)
-	srl	$Zhi,4,$Zhi
-	xor	$t0,$Zlo,$Zlo
-	extbl	$Xlo,$cnt,$nlo
-
-	and	$nlo,0xf0,$nhi
-	xor	$Thi0,$Zhi,$Zhi
-	xor	$Tlo0,$Zlo,$Zlo
-	sll	$nlo,4,$nlo
-
-
-	and	$Zlo,0x0f,$remp
-	sll	$Zhi,60,$t0
-	and	$nlo,0xf0,$nlo
-	srl	$Zlo,4,$Zlo
-
-	s8addq	$remp,$rem_4bit,$remp
-	xor	$rem,$Zhi,$Zhi
-	addq	$nlo,$Htbl,$nlo
-	addq	$nhi,$Htbl,$nhi
-
-	ldq	$rem,0($remp)
-	srl	$Zhi,4,$Zhi
-	ldq	$Tlo0,8($nlo)
-	xor	$t0,$Zlo,$Zlo
-
-	xor	$Tlo1,$Zlo,$Zlo
-	xor	$Thi1,$Zhi,$Zhi
-	ldq	$Thi0,0($nlo)
-	bne	$cnt,.Looplo$N
-
-
-	and	$Zlo,0x0f,$remp
-	sll	$Zhi,60,$t0
-	lda	$cnt,7(zero)
-	srl	$Zlo,4,$Zlo
-
-	ldq	$Tlo1,8($nhi)
-	xor	$rem,$Zhi,$Zhi
-	ldq	$Thi1,0($nhi)
-	s8addq	$remp,$rem_4bit,$remp
-
-	ldq	$rem,0($remp)
-	srl	$Zhi,4,$Zhi
-	xor	$t0,$Zlo,$Zlo
-	extbl	$Xhi,$cnt,$nlo
-
-	and	$nlo,0xf0,$nhi
-	xor	$Thi0,$Zhi,$Zhi
-	xor	$Tlo0,$Zlo,$Zlo
-	sll	$nlo,4,$nlo
-
-	and	$Zlo,0x0f,$remp
-	sll	$Zhi,60,$t0
-	and	$nlo,0xf0,$nlo
-	srl	$Zlo,4,$Zlo
-
-	s8addq	$remp,$rem_4bit,$remp
-	xor	$rem,$Zhi,$Zhi
-	addq	$nlo,$Htbl,$nlo
-	addq	$nhi,$Htbl,$nhi
-
-	ldq	$rem,0($remp)
-	srl	$Zhi,4,$Zhi
-	ldq	$Tlo0,8($nlo)
-	xor	$t0,$Zlo,$Zlo
-
-	xor	$Tlo1,$Zlo,$Zlo
-	xor	$Thi1,$Zhi,$Zhi
-	ldq	$Thi0,0($nlo)
-	unop
-
-
-.Loophi$N:
-	and	$Zlo,0x0f,$remp
-	sll	$Zhi,60,$t0
-	subq	$cnt,1,$cnt
-	srl	$Zlo,4,$Zlo
-
-	ldq	$Tlo1,8($nhi)
-	xor	$rem,$Zhi,$Zhi
-	ldq	$Thi1,0($nhi)
-	s8addq	$remp,$rem_4bit,$remp
-
-	ldq	$rem,0($remp)
-	srl	$Zhi,4,$Zhi
-	xor	$t0,$Zlo,$Zlo
-	extbl	$Xhi,$cnt,$nlo
-
-	and	$nlo,0xf0,$nhi
-	xor	$Thi0,$Zhi,$Zhi
-	xor	$Tlo0,$Zlo,$Zlo
-	sll	$nlo,4,$nlo
-
-
-	and	$Zlo,0x0f,$remp
-	sll	$Zhi,60,$t0
-	and	$nlo,0xf0,$nlo
-	srl	$Zlo,4,$Zlo
-
-	s8addq	$remp,$rem_4bit,$remp
-	xor	$rem,$Zhi,$Zhi
-	addq	$nlo,$Htbl,$nlo
-	addq	$nhi,$Htbl,$nhi
-
-	ldq	$rem,0($remp)
-	srl	$Zhi,4,$Zhi
-	ldq	$Tlo0,8($nlo)
-	xor	$t0,$Zlo,$Zlo
-
-	xor	$Tlo1,$Zlo,$Zlo
-	xor	$Thi1,$Zhi,$Zhi
-	ldq	$Thi0,0($nlo)
-	bne	$cnt,.Loophi$N
-
-
-	and	$Zlo,0x0f,$remp
-	sll	$Zhi,60,$t0
-	srl	$Zlo,4,$Zlo
-
-	ldq	$Tlo1,8($nhi)
-	xor	$rem,$Zhi,$Zhi
-	ldq	$Thi1,0($nhi)
-	s8addq	$remp,$rem_4bit,$remp
-
-	ldq	$rem,0($remp)
-	srl	$Zhi,4,$Zhi
-	xor	$t0,$Zlo,$Zlo
-
-	xor	$Tlo0,$Zlo,$Zlo
-	xor	$Thi0,$Zhi,$Zhi
-
-	and	$Zlo,0x0f,$remp
-	sll	$Zhi,60,$t0
-	srl	$Zlo,4,$Zlo
-
-	s8addq	$remp,$rem_4bit,$remp
-	xor	$rem,$Zhi,$Zhi
-
-	ldq	$rem,0($remp)
-	srl	$Zhi,4,$Zhi
-	xor	$Tlo1,$Zlo,$Zlo
-	xor	$Thi1,$Zhi,$Zhi
-	xor	$t0,$Zlo,$Zlo
-	xor	$rem,$Zhi,$Zhi
-___
-}}
-
-$code=<<___;
-#ifdef __linux__
-#include <asm/regdef.h>
-#else
-#include <asm.h>
-#include <regdef.h>
-#endif
-
-.text
-
-.set	noat
-.set	noreorder
-.globl	gcm_gmult_4bit
-.align	4
-.ent	gcm_gmult_4bit
-gcm_gmult_4bit:
-	.frame	sp,0,ra
-	.prologue 0
-
-	ldq	$Xlo,8($Xi)
-	ldq	$Xhi,0($Xi)
-
-	bsr	$t0,picmeup
-	nop
-___
-
-	&loop();
-
-$code.=<<___;
-	srl	$Zlo,24,$t0	# byte swap
-	srl	$Zlo,8,$t1
-
-	sll	$Zlo,8,$t2
-	sll	$Zlo,24,$Zlo
-	zapnot	$t0,0x11,$t0
-	zapnot	$t1,0x22,$t1
-
-	zapnot	$Zlo,0x88,$Zlo
-	or	$t0,$t1,$t0
-	zapnot	$t2,0x44,$t2
-
-	or	$Zlo,$t0,$Zlo
-	srl	$Zhi,24,$t0
-	srl	$Zhi,8,$t1
-
-	or	$Zlo,$t2,$Zlo
-	sll	$Zhi,8,$t2
-	sll	$Zhi,24,$Zhi
-
-	srl	$Zlo,32,$Xlo
-	sll	$Zlo,32,$Zlo
-
-	zapnot	$t0,0x11,$t0
-	zapnot	$t1,0x22,$t1
-	or	$Zlo,$Xlo,$Xlo
-
-	zapnot	$Zhi,0x88,$Zhi
-	or	$t0,$t1,$t0
-	zapnot	$t2,0x44,$t2
-
-	or	$Zhi,$t0,$Zhi
-	or	$Zhi,$t2,$Zhi
-
-	srl	$Zhi,32,$Xhi
-	sll	$Zhi,32,$Zhi
-
-	or	$Zhi,$Xhi,$Xhi
-	stq	$Xlo,8($Xi)
-	stq	$Xhi,0($Xi)
-
-	ret	(ra)
-.end	gcm_gmult_4bit
-___
-
-$inhi="s0";
-$inlo="s1";
-
-$code.=<<___;
-.globl	gcm_ghash_4bit
-.align	4
-.ent	gcm_ghash_4bit
-gcm_ghash_4bit:
-	lda	sp,-32(sp)
-	stq	ra,0(sp)
-	stq	s0,8(sp)
-	stq	s1,16(sp)
-	.mask	0x04000600,-32
-	.frame	sp,32,ra
-	.prologue 0
-
-	ldq_u	$inhi,0($inp)
-	ldq_u	$Thi0,7($inp)
-	ldq_u	$inlo,8($inp)
-	ldq_u	$Tlo0,15($inp)
-	ldq	$Xhi,0($Xi)
-	ldq	$Xlo,8($Xi)
-
-	bsr	$t0,picmeup
-	nop
-
-.Louter:
-	extql	$inhi,$inp,$inhi
-	extqh	$Thi0,$inp,$Thi0
-	or	$inhi,$Thi0,$inhi
-	lda	$inp,16($inp)
-
-	extql	$inlo,$inp,$inlo
-	extqh	$Tlo0,$inp,$Tlo0
-	or	$inlo,$Tlo0,$inlo
-	subq	$len,16,$len
-
-	xor	$Xlo,$inlo,$Xlo
-	xor	$Xhi,$inhi,$Xhi
-___
-
-	&loop();
-
-$code.=<<___;
-	srl	$Zlo,24,$t0	# byte swap
-	srl	$Zlo,8,$t1
-
-	sll	$Zlo,8,$t2
-	sll	$Zlo,24,$Zlo
-	zapnot	$t0,0x11,$t0
-	zapnot	$t1,0x22,$t1
-
-	zapnot	$Zlo,0x88,$Zlo
-	or	$t0,$t1,$t0
-	zapnot	$t2,0x44,$t2
-
-	or	$Zlo,$t0,$Zlo
-	srl	$Zhi,24,$t0
-	srl	$Zhi,8,$t1
-
-	or	$Zlo,$t2,$Zlo
-	sll	$Zhi,8,$t2
-	sll	$Zhi,24,$Zhi
-
-	srl	$Zlo,32,$Xlo
-	sll	$Zlo,32,$Zlo
-	beq	$len,.Ldone
-
-	zapnot	$t0,0x11,$t0
-	zapnot	$t1,0x22,$t1
-	or	$Zlo,$Xlo,$Xlo
-	ldq_u	$inhi,0($inp)
-
-	zapnot	$Zhi,0x88,$Zhi
-	or	$t0,$t1,$t0
-	zapnot	$t2,0x44,$t2
-	ldq_u	$Thi0,7($inp)
-
-	or	$Zhi,$t0,$Zhi
-	or	$Zhi,$t2,$Zhi
-	ldq_u	$inlo,8($inp)
-	ldq_u	$Tlo0,15($inp)
-
-	srl	$Zhi,32,$Xhi
-	sll	$Zhi,32,$Zhi
-
-	or	$Zhi,$Xhi,$Xhi
-	br	zero,.Louter
-
-.Ldone:
-	zapnot	$t0,0x11,$t0
-	zapnot	$t1,0x22,$t1
-	or	$Zlo,$Xlo,$Xlo
-
-	zapnot	$Zhi,0x88,$Zhi
-	or	$t0,$t1,$t0
-	zapnot	$t2,0x44,$t2
-
-	or	$Zhi,$t0,$Zhi
-	or	$Zhi,$t2,$Zhi
-
-	srl	$Zhi,32,$Xhi
-	sll	$Zhi,32,$Zhi
-
-	or	$Zhi,$Xhi,$Xhi
-
-	stq	$Xlo,8($Xi)
-	stq	$Xhi,0($Xi)
-
-	.set	noreorder
-	/*ldq	ra,0(sp)*/
-	ldq	s0,8(sp)
-	ldq	s1,16(sp)
-	lda	sp,32(sp)
-	ret	(ra)
-.end	gcm_ghash_4bit
-
-.align	4
-.ent	picmeup
-picmeup:
-	.frame	sp,0,$t0
-	.prologue 0
-	br	$rem_4bit,.Lpic
-.Lpic:	lda	$rem_4bit,12($rem_4bit)
-	ret	($t0)
-.end	picmeup
-	nop
-rem_4bit:
-	.long	0,0x0000<<16, 0,0x1C20<<16, 0,0x3840<<16, 0,0x2460<<16
-	.long	0,0x7080<<16, 0,0x6CA0<<16, 0,0x48C0<<16, 0,0x54E0<<16
-	.long	0,0xE100<<16, 0,0xFD20<<16, 0,0xD940<<16, 0,0xC560<<16
-	.long	0,0x9180<<16, 0,0x8DA0<<16, 0,0xA9C0<<16, 0,0xB5E0<<16
-.ascii	"GHASH for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
-.align	4
-
-___
-$output=shift and open STDOUT,">$output";
-print $code;
-close STDOUT;
-
diff --git a/crypto/modes/asm/ghash-armv4.S b/crypto/modes/asm/ghash-armv4.S
deleted file mode 100644
index 6c45377464..0000000000
--- a/crypto/modes/asm/ghash-armv4.S
+++ /dev/null
@@ -1,522 +0,0 @@
-#include "arm_arch.h"
-
-.text
-.code	32
-
-.type	rem_4bit,%object
-.align	5
-rem_4bit:
-.short	0x0000,0x1C20,0x3840,0x2460
-.short	0x7080,0x6CA0,0x48C0,0x54E0
-.short	0xE100,0xFD20,0xD940,0xC560
-.short	0x9180,0x8DA0,0xA9C0,0xB5E0
-.size	rem_4bit,.-rem_4bit
-
-.type	rem_4bit_get,%function
-rem_4bit_get:
-	sub	r2,pc,#8
-	sub	r2,r2,#32	@ &rem_4bit
-	b	.Lrem_4bit_got
-	nop
-.size	rem_4bit_get,.-rem_4bit_get
-
-.global	gcm_ghash_4bit
-.type	gcm_ghash_4bit,%function
-gcm_ghash_4bit:
-	sub	r12,pc,#8
-	add	r3,r2,r3		@ r3 to point at the end
-	stmdb	sp!,{r3-r11,lr}		@ save r3/end too
-	sub	r12,r12,#48		@ &rem_4bit
-
-	ldmia	r12,{r4-r11}		@ copy rem_4bit ...
-	stmdb	sp!,{r4-r11}		@ ... to stack
-
-	ldrb	r12,[r2,#15]
-	ldrb	r14,[r0,#15]
-.Louter:
-	eor	r12,r12,r14
-	and	r14,r12,#0xf0
-	and	r12,r12,#0x0f
-	mov	r3,#14
-
-	add	r7,r1,r12,lsl#4
-	ldmia	r7,{r4-r7}	@ load Htbl[nlo]
-	add	r11,r1,r14
-	ldrb	r12,[r2,#14]
-
-	and	r14,r4,#0xf		@ rem
-	ldmia	r11,{r8-r11}	@ load Htbl[nhi]
-	add	r14,r14,r14
-	eor	r4,r8,r4,lsr#4
-	ldrh	r8,[sp,r14]		@ rem_4bit[rem]
-	eor	r4,r4,r5,lsl#28
-	ldrb	r14,[r0,#14]
-	eor	r5,r9,r5,lsr#4
-	eor	r5,r5,r6,lsl#28
-	eor	r6,r10,r6,lsr#4
-	eor	r6,r6,r7,lsl#28
-	eor	r7,r11,r7,lsr#4
-	eor	r12,r12,r14
-	and	r14,r12,#0xf0
-	and	r12,r12,#0x0f
-	eor	r7,r7,r8,lsl#16
-
-.Linner:
-	add	r11,r1,r12,lsl#4
-	and	r12,r4,#0xf		@ rem
-	subs	r3,r3,#1
-	add	r12,r12,r12
-	ldmia	r11,{r8-r11}	@ load Htbl[nlo]
-	eor	r4,r8,r4,lsr#4
-	eor	r4,r4,r5,lsl#28
-	eor	r5,r9,r5,lsr#4
-	eor	r5,r5,r6,lsl#28
-	ldrh	r8,[sp,r12]		@ rem_4bit[rem]
-	eor	r6,r10,r6,lsr#4
-	ldrplb	r12,[r2,r3]
-	eor	r6,r6,r7,lsl#28
-	eor	r7,r11,r7,lsr#4
-
-	add	r11,r1,r14
-	and	r14,r4,#0xf		@ rem
-	eor	r7,r7,r8,lsl#16	@ ^= rem_4bit[rem]
-	add	r14,r14,r14
-	ldmia	r11,{r8-r11}	@ load Htbl[nhi]
-	eor	r4,r8,r4,lsr#4
-	ldrplb	r8,[r0,r3]
-	eor	r4,r4,r5,lsl#28
-	eor	r5,r9,r5,lsr#4
-	ldrh	r9,[sp,r14]
-	eor	r5,r5,r6,lsl#28
-	eor	r6,r10,r6,lsr#4
-	eor	r6,r6,r7,lsl#28
-	eorpl	r12,r12,r8
-	eor	r7,r11,r7,lsr#4
-	andpl	r14,r12,#0xf0
-	andpl	r12,r12,#0x0f
-	eor	r7,r7,r9,lsl#16	@ ^= rem_4bit[rem]
-	bpl	.Linner
-
-	ldr	r3,[sp,#32]		@ re-load r3/end
-	add	r2,r2,#16
-	mov	r14,r4
-#if __ARM_ARCH__>=7 && defined(__ARMEL__)
-	rev	r4,r4
-	str	r4,[r0,#12]
-#elif defined(__ARMEB__)
-	str	r4,[r0,#12]
-#else
-	mov	r9,r4,lsr#8
-	strb	r4,[r0,#12+3]
-	mov	r10,r4,lsr#16
-	strb	r9,[r0,#12+2]
-	mov	r11,r4,lsr#24
-	strb	r10,[r0,#12+1]
-	strb	r11,[r0,#12]
-#endif
-	cmp	r2,r3
-#if __ARM_ARCH__>=7 && defined(__ARMEL__)
-	rev	r5,r5
-	str	r5,[r0,#8]
-#elif defined(__ARMEB__)
-	str	r5,[r0,#8]
-#else
-	mov	r9,r5,lsr#8
-	strb	r5,[r0,#8+3]
-	mov	r10,r5,lsr#16
-	strb	r9,[r0,#8+2]
-	mov	r11,r5,lsr#24
-	strb	r10,[r0,#8+1]
-	strb	r11,[r0,#8]
-#endif
-	ldrneb	r12,[r2,#15]
-#if __ARM_ARCH__>=7 && defined(__ARMEL__)
-	rev	r6,r6
-	str	r6,[r0,#4]
-#elif defined(__ARMEB__)
-	str	r6,[r0,#4]
-#else
-	mov	r9,r6,lsr#8
-	strb	r6,[r0,#4+3]
-	mov	r10,r6,lsr#16
-	strb	r9,[r0,#4+2]
-	mov	r11,r6,lsr#24
-	strb	r10,[r0,#4+1]
-	strb	r11,[r0,#4]
-#endif
-	
-#if __ARM_ARCH__>=7 && defined(__ARMEL__)
-	rev	r7,r7
-	str	r7,[r0,#0]
-#elif defined(__ARMEB__)
-	str	r7,[r0,#0]
-#else
-	mov	r9,r7,lsr#8
-	strb	r7,[r0,#0+3]
-	mov	r10,r7,lsr#16
-	strb	r9,[r0,#0+2]
-	mov	r11,r7,lsr#24
-	strb	r10,[r0,#0+1]
-	strb	r11,[r0,#0]
-#endif
-	
-	bne	.Louter
-
-	add	sp,sp,#36
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r11,pc}
-#else
-	ldmia	sp!,{r4-r11,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
-#endif
-.size	gcm_ghash_4bit,.-gcm_ghash_4bit
-
-.global	gcm_gmult_4bit
-.type	gcm_gmult_4bit,%function
-gcm_gmult_4bit:
-	stmdb	sp!,{r4-r11,lr}
-	ldrb	r12,[r0,#15]
-	b	rem_4bit_get
-.Lrem_4bit_got:
-	and	r14,r12,#0xf0
-	and	r12,r12,#0x0f
-	mov	r3,#14
-
-	add	r7,r1,r12,lsl#4
-	ldmia	r7,{r4-r7}	@ load Htbl[nlo]
-	ldrb	r12,[r0,#14]
-
-	add	r11,r1,r14
-	and	r14,r4,#0xf		@ rem
-	ldmia	r11,{r8-r11}	@ load Htbl[nhi]
-	add	r14,r14,r14
-	eor	r4,r8,r4,lsr#4
-	ldrh	r8,[r2,r14]	@ rem_4bit[rem]
-	eor	r4,r4,r5,lsl#28
-	eor	r5,r9,r5,lsr#4
-	eor	r5,r5,r6,lsl#28
-	eor	r6,r10,r6,lsr#4
-	eor	r6,r6,r7,lsl#28
-	eor	r7,r11,r7,lsr#4
-	and	r14,r12,#0xf0
-	eor	r7,r7,r8,lsl#16
-	and	r12,r12,#0x0f
-
-.Loop:
-	add	r11,r1,r12,lsl#4
-	and	r12,r4,#0xf		@ rem
-	subs	r3,r3,#1
-	add	r12,r12,r12
-	ldmia	r11,{r8-r11}	@ load Htbl[nlo]
-	eor	r4,r8,r4,lsr#4
-	eor	r4,r4,r5,lsl#28
-	eor	r5,r9,r5,lsr#4
-	eor	r5,r5,r6,lsl#28
-	ldrh	r8,[r2,r12]	@ rem_4bit[rem]
-	eor	r6,r10,r6,lsr#4
-	ldrplb	r12,[r0,r3]
-	eor	r6,r6,r7,lsl#28
-	eor	r7,r11,r7,lsr#4
-
-	add	r11,r1,r14
-	and	r14,r4,#0xf		@ rem
-	eor	r7,r7,r8,lsl#16	@ ^= rem_4bit[rem]
-	add	r14,r14,r14
-	ldmia	r11,{r8-r11}	@ load Htbl[nhi]
-	eor	r4,r8,r4,lsr#4
-	eor	r4,r4,r5,lsl#28
-	eor	r5,r9,r5,lsr#4
-	ldrh	r8,[r2,r14]	@ rem_4bit[rem]
-	eor	r5,r5,r6,lsl#28
-	eor	r6,r10,r6,lsr#4
-	eor	r6,r6,r7,lsl#28
-	eor	r7,r11,r7,lsr#4
-	andpl	r14,r12,#0xf0
-	andpl	r12,r12,#0x0f
-	eor	r7,r7,r8,lsl#16	@ ^= rem_4bit[rem]
-	bpl	.Loop
-#if __ARM_ARCH__>=7 && defined(__ARMEL__)
-	rev	r4,r4
-	str	r4,[r0,#12]
-#elif defined(__ARMEB__)
-	str	r4,[r0,#12]
-#else
-	mov	r9,r4,lsr#8
-	strb	r4,[r0,#12+3]
-	mov	r10,r4,lsr#16
-	strb	r9,[r0,#12+2]
-	mov	r11,r4,lsr#24
-	strb	r10,[r0,#12+1]
-	strb	r11,[r0,#12]
-#endif
-	
-#if __ARM_ARCH__>=7 && defined(__ARMEL__)
-	rev	r5,r5
-	str	r5,[r0,#8]
-#elif defined(__ARMEB__)
-	str	r5,[r0,#8]
-#else
-	mov	r9,r5,lsr#8
-	strb	r5,[r0,#8+3]
-	mov	r10,r5,lsr#16
-	strb	r9,[r0,#8+2]
-	mov	r11,r5,lsr#24
-	strb	r10,[r0,#8+1]
-	strb	r11,[r0,#8]
-#endif
-	
-#if __ARM_ARCH__>=7 && defined(__ARMEL__)
-	rev	r6,r6
-	str	r6,[r0,#4]
-#elif defined(__ARMEB__)
-	str	r6,[r0,#4]
-#else
-	mov	r9,r6,lsr#8
-	strb	r6,[r0,#4+3]
-	mov	r10,r6,lsr#16
-	strb	r9,[r0,#4+2]
-	mov	r11,r6,lsr#24
-	strb	r10,[r0,#4+1]
-	strb	r11,[r0,#4]
-#endif
-	
-#if __ARM_ARCH__>=7 && defined(__ARMEL__)
-	rev	r7,r7
-	str	r7,[r0,#0]
-#elif defined(__ARMEB__)
-	str	r7,[r0,#0]
-#else
-	mov	r9,r7,lsr#8
-	strb	r7,[r0,#0+3]
-	mov	r10,r7,lsr#16
-	strb	r9,[r0,#0+2]
-	mov	r11,r7,lsr#24
-	strb	r10,[r0,#0+1]
-	strb	r11,[r0,#0]
-#endif
-	
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r11,pc}
-#else
-	ldmia	sp!,{r4-r11,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
-#endif
-.size	gcm_gmult_4bit,.-gcm_gmult_4bit
-#if __ARM_ARCH__>=7
-.fpu	neon
-
-.global	gcm_init_neon
-.type	gcm_init_neon,%function
-.align	4
-gcm_init_neon:
-	vld1.64		d7,[r1,:64]!	@ load H
-	vmov.i8		q8,#0xe1
-	vld1.64		d6,[r1,:64]
-	vshl.i64	d17,#57
-	vshr.u64	d16,#63		@ t0=0xc2....01
-	vdup.8		q9,d7[7]
-	vshr.u64	d26,d6,#63
-	vshr.s8		q9,#7			@ broadcast carry bit
-	vshl.i64	q3,q3,#1
-	vand		q8,q8,q9
-	vorr		d7,d26		@ H<<<=1
-	veor		q3,q3,q8		@ twisted H
-	vstmia		r0,{q3}
-
-	bx	lr					@ bx lr
-.size	gcm_init_neon,.-gcm_init_neon
-
-.global	gcm_gmult_neon
-.type	gcm_gmult_neon,%function
-.align	4
-gcm_gmult_neon:
-	vld1.64		d7,[r0,:64]!	@ load Xi
-	vld1.64		d6,[r0,:64]!
-	vmov.i64	d29,#0x0000ffffffffffff
-	vldmia		r1,{d26-d27}	@ load twisted H
-	vmov.i64	d30,#0x00000000ffffffff
-#ifdef __ARMEL__
-	vrev64.8	q3,q3
-#endif
-	vmov.i64	d31,#0x000000000000ffff
-	veor		d28,d26,d27		@ Karatsuba pre-processing
-	mov		r3,#16
-	b		.Lgmult_neon
-.size	gcm_gmult_neon,.-gcm_gmult_neon
-
-.global	gcm_ghash_neon
-.type	gcm_ghash_neon,%function
-.align	4
-gcm_ghash_neon:
-	vld1.64		d1,[r0,:64]!	@ load Xi
-	vld1.64		d0,[r0,:64]!
-	vmov.i64	d29,#0x0000ffffffffffff
-	vldmia		r1,{d26-d27}	@ load twisted H
-	vmov.i64	d30,#0x00000000ffffffff
-#ifdef __ARMEL__
-	vrev64.8	q0,q0
-#endif
-	vmov.i64	d31,#0x000000000000ffff
-	veor		d28,d26,d27		@ Karatsuba pre-processing
-
-.Loop_neon:
-	vld1.64		d7,[r2]!		@ load inp
-	vld1.64		d6,[r2]!
-#ifdef __ARMEL__
-	vrev64.8	q3,q3
-#endif
-	veor		q3,q0			@ inp^=Xi
-.Lgmult_neon:
-	vext.8		d16, d26, d26, #1	@ A1
-	vmull.p8	q8, d16, d6		@ F = A1*B
-	vext.8		d0, d6, d6, #1	@ B1
-	vmull.p8	q0, d26, d0		@ E = A*B1
-	vext.8		d18, d26, d26, #2	@ A2
-	vmull.p8	q9, d18, d6		@ H = A2*B
-	vext.8		d22, d6, d6, #2	@ B2
-	vmull.p8	q11, d26, d22		@ G = A*B2
-	vext.8		d20, d26, d26, #3	@ A3
-	veor		q8, q8, q0		@ L = E + F
-	vmull.p8	q10, d20, d6		@ J = A3*B
-	vext.8		d0, d6, d6, #3	@ B3
-	veor		q9, q9, q11		@ M = G + H
-	vmull.p8	q0, d26, d0		@ I = A*B3
-	veor		d16, d16, d17	@ t0 = (L) (P0 + P1) << 8
-	vand		d17, d17, d29
-	vext.8		d22, d6, d6, #4	@ B4
-	veor		d18, d18, d19	@ t1 = (M) (P2 + P3) << 16
-	vand		d19, d19, d30
-	vmull.p8	q11, d26, d22		@ K = A*B4
-	veor		q10, q10, q0		@ N = I + J
-	veor		d16, d16, d17
-	veor		d18, d18, d19
-	veor		d20, d20, d21	@ t2 = (N) (P4 + P5) << 24
-	vand		d21, d21, d31
-	vext.8		q8, q8, q8, #15
-	veor		d22, d22, d23	@ t3 = (K) (P6 + P7) << 32
-	vmov.i64	d23, #0
-	vext.8		q9, q9, q9, #14
-	veor		d20, d20, d21
-	vmull.p8	q0, d26, d6		@ D = A*B
-	vext.8		q11, q11, q11, #12
-	vext.8		q10, q10, q10, #13
-	veor		q8, q8, q9
-	veor		q10, q10, q11
-	veor		q0, q0, q8
-	veor		q0, q0, q10
-	veor		d6,d6,d7	@ Karatsuba pre-processing
-	vext.8		d16, d28, d28, #1	@ A1
-	vmull.p8	q8, d16, d6		@ F = A1*B
-	vext.8		d2, d6, d6, #1	@ B1
-	vmull.p8	q1, d28, d2		@ E = A*B1
-	vext.8		d18, d28, d28, #2	@ A2
-	vmull.p8	q9, d18, d6		@ H = A2*B
-	vext.8		d22, d6, d6, #2	@ B2
-	vmull.p8	q11, d28, d22		@ G = A*B2
-	vext.8		d20, d28, d28, #3	@ A3
-	veor		q8, q8, q1		@ L = E + F
-	vmull.p8	q10, d20, d6		@ J = A3*B
-	vext.8		d2, d6, d6, #3	@ B3
-	veor		q9, q9, q11		@ M = G + H
-	vmull.p8	q1, d28, d2		@ I = A*B3
-	veor		d16, d16, d17	@ t0 = (L) (P0 + P1) << 8
-	vand		d17, d17, d29
-	vext.8		d22, d6, d6, #4	@ B4
-	veor		d18, d18, d19	@ t1 = (M) (P2 + P3) << 16
-	vand		d19, d19, d30
-	vmull.p8	q11, d28, d22		@ K = A*B4
-	veor		q10, q10, q1		@ N = I + J
-	veor		d16, d16, d17
-	veor		d18, d18, d19
-	veor		d20, d20, d21	@ t2 = (N) (P4 + P5) << 24
-	vand		d21, d21, d31
-	vext.8		q8, q8, q8, #15
-	veor		d22, d22, d23	@ t3 = (K) (P6 + P7) << 32
-	vmov.i64	d23, #0
-	vext.8		q9, q9, q9, #14
-	veor		d20, d20, d21
-	vmull.p8	q1, d28, d6		@ D = A*B
-	vext.8		q11, q11, q11, #12
-	vext.8		q10, q10, q10, #13
-	veor		q8, q8, q9
-	veor		q10, q10, q11
-	veor		q1, q1, q8
-	veor		q1, q1, q10
-	vext.8		d16, d27, d27, #1	@ A1
-	vmull.p8	q8, d16, d7		@ F = A1*B
-	vext.8		d4, d7, d7, #1	@ B1
-	vmull.p8	q2, d27, d4		@ E = A*B1
-	vext.8		d18, d27, d27, #2	@ A2
-	vmull.p8	q9, d18, d7		@ H = A2*B
-	vext.8		d22, d7, d7, #2	@ B2
-	vmull.p8	q11, d27, d22		@ G = A*B2
-	vext.8		d20, d27, d27, #3	@ A3
-	veor		q8, q8, q2		@ L = E + F
-	vmull.p8	q10, d20, d7		@ J = A3*B
-	vext.8		d4, d7, d7, #3	@ B3
-	veor		q9, q9, q11		@ M = G + H
-	vmull.p8	q2, d27, d4		@ I = A*B3
-	veor		d16, d16, d17	@ t0 = (L) (P0 + P1) << 8
-	vand		d17, d17, d29
-	vext.8		d22, d7, d7, #4	@ B4
-	veor		d18, d18, d19	@ t1 = (M) (P2 + P3) << 16
-	vand		d19, d19, d30
-	vmull.p8	q11, d27, d22		@ K = A*B4
-	veor		q10, q10, q2		@ N = I + J
-	veor		d16, d16, d17
-	veor		d18, d18, d19
-	veor		d20, d20, d21	@ t2 = (N) (P4 + P5) << 24
-	vand		d21, d21, d31
-	vext.8		q8, q8, q8, #15
-	veor		d22, d22, d23	@ t3 = (K) (P6 + P7) << 32
-	vmov.i64	d23, #0
-	vext.8		q9, q9, q9, #14
-	veor		d20, d20, d21
-	vmull.p8	q2, d27, d7		@ D = A*B
-	vext.8		q11, q11, q11, #12
-	vext.8		q10, q10, q10, #13
-	veor		q8, q8, q9
-	veor		q10, q10, q11
-	veor		q2, q2, q8
-	veor		q2, q2, q10
-	veor		q1,q1,q0		@ Karatsuba post-processing
-	veor		q1,q1,q2
-	veor		d1,d1,d2
-	veor		d4,d4,d3	@ Xh|Xl - 256-bit result
-
-	@ equivalent of reduction_avx from ghash-x86_64.pl
-	vshl.i64	q9,q0,#57		@ 1st phase
-	vshl.i64	q10,q0,#62
-	veor		q10,q10,q9		@
-	vshl.i64	q9,q0,#63
-	veor		q10, q10, q9		@
- 	veor		d1,d1,d20	@
-	veor		d4,d4,d21
-
-	vshr.u64	q10,q0,#1		@ 2nd phase
-	veor		q2,q2,q0
-	veor		q0,q0,q10		@
-	vshr.u64	q10,q10,#6
-	vshr.u64	q0,q0,#1		@
-	veor		q0,q0,q2		@
-	veor		q0,q0,q10		@
-
-	subs		r3,#16
-	bne		.Loop_neon
-
-#ifdef __ARMEL__
-	vrev64.8	q0,q0
-#endif
-	sub		r0,#16	
-	vst1.64		d1,[r0,:64]!	@ write out Xi
-	vst1.64		d0,[r0,:64]
-
-	bx	lr					@ bx lr
-.size	gcm_ghash_neon,.-gcm_ghash_neon
-#endif
-.asciz  "GHASH for ARMv4/NEON, CRYPTOGAMS by <appro@openssl.org>"
-.align  2
diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
deleted file mode 100644
index b79ecbcc67..0000000000
--- a/crypto/modes/asm/ghash-armv4.pl
+++ /dev/null
@@ -1,492 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# April 2010
-#
-# The module implements "4-bit" GCM GHASH function and underlying
-# single multiplication operation in GF(2^128). "4-bit" means that it
-# uses 256 bytes per-key table [+32 bytes shared table]. There is no
-# experimental performance data available yet. The only approximation
-# that can be made at this point is based on code size. Inner loop is
-# 32 instructions long and on single-issue core should execute in <40
-# cycles. Having verified that gcc 3.4 didn't unroll corresponding
-# loop, this assembler loop body was found to be ~3x smaller than
-# compiler-generated one...
-#
-# July 2010
-#
-# Rescheduling for dual-issue pipeline resulted in 8.5% improvement on
-# Cortex A8 core and ~25 cycles per processed byte (which was observed
-# to be ~3 times faster than gcc-generated code:-)
-#
-# February 2011
-#
-# Profiler-assisted and platform-specific optimization resulted in 7%
-# improvement on Cortex A8 core and ~23.5 cycles per byte.
-#
-# March 2011
-#
-# Add NEON implementation featuring polynomial multiplication, i.e. no
-# lookup tables involved. On Cortex A8 it was measured to process one
-# byte in 15 cycles or 55% faster than integer-only code.
-#
-# April 2014
-#
-# Switch to multiplication algorithm suggested in paper referred
-# below and combine it with reduction algorithm from x86 module.
-# Performance improvement over previous version varies from 65% on
-# Snapdragon S4 to 110% on Cortex A9. In absolute terms Cortex A8
-# processes one byte in 8.45 cycles, A9 - in 10.2, Snapdragon S4 -
-# in 9.33.
-#
-# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
-# Polynomial Multiplication on ARM Processors using the NEON Engine.
-# 
-# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
-
-# ====================================================================
-# Note about "528B" variant. In ARM case it makes lesser sense to
-# implement it for following reasons:
-#
-# - performance improvement won't be anywhere near 50%, because 128-
-#   bit shift operation is neatly fused with 128-bit xor here, and
-#   "538B" variant would eliminate only 4-5 instructions out of 32
-#   in the inner loop (meaning that estimated improvement is ~15%);
-# - ARM-based systems are often embedded ones and extra memory
-#   consumption might be unappreciated (for so little improvement);
-#
-# Byte order [in]dependence. =========================================
-#
-# Caller is expected to maintain specific *dword* order in Htable,
-# namely with *least* significant dword of 128-bit value at *lower*
-# address. This differs completely from C code and has everything to
-# do with ldm instruction and order in which dwords are "consumed" by
-# algorithm. *Byte* order within these dwords in turn is whatever
-# *native* byte order on current platform. See gcm128.c for working
-# example...
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$Xi="r0";	# argument block
-$Htbl="r1";
-$inp="r2";
-$len="r3";
-
-$Zll="r4";	# variables
-$Zlh="r5";
-$Zhl="r6";
-$Zhh="r7";
-$Tll="r8";
-$Tlh="r9";
-$Thl="r10";
-$Thh="r11";
-$nlo="r12";
-################# r13 is stack pointer
-$nhi="r14";
-################# r15 is program counter
-
-$rem_4bit=$inp;	# used in gcm_gmult_4bit
-$cnt=$len;
-
-sub Zsmash() {
-  my $i=12;
-  my @args=@_;
-  for ($Zll,$Zlh,$Zhl,$Zhh) {
-    $code.=<<___;
-#if __ARM_ARCH__>=7 && defined(__ARMEL__)
-	rev	$_,$_
-	str	$_,[$Xi,#$i]
-#elif defined(__ARMEB__)
-	str	$_,[$Xi,#$i]
-#else
-	mov	$Tlh,$_,lsr#8
-	strb	$_,[$Xi,#$i+3]
-	mov	$Thl,$_,lsr#16
-	strb	$Tlh,[$Xi,#$i+2]
-	mov	$Thh,$_,lsr#24
-	strb	$Thl,[$Xi,#$i+1]
-	strb	$Thh,[$Xi,#$i]
-#endif
-___
-    $code.="\t".shift(@args)."\n";
-    $i-=4;
-  }
-}
-
-$code=<<___;
-#include "arm_arch.h"
-
-.text
-.code	32
-
-.type	rem_4bit,%object
-.align	5
-rem_4bit:
-.short	0x0000,0x1C20,0x3840,0x2460
-.short	0x7080,0x6CA0,0x48C0,0x54E0
-.short	0xE100,0xFD20,0xD940,0xC560
-.short	0x9180,0x8DA0,0xA9C0,0xB5E0
-.size	rem_4bit,.-rem_4bit
-
-.type	rem_4bit_get,%function
-rem_4bit_get:
-	sub	$rem_4bit,pc,#8
-	sub	$rem_4bit,$rem_4bit,#32	@ &rem_4bit
-	b	.Lrem_4bit_got
-	nop
-.size	rem_4bit_get,.-rem_4bit_get
-
-.global	gcm_ghash_4bit
-.type	gcm_ghash_4bit,%function
-gcm_ghash_4bit:
-	sub	r12,pc,#8
-	add	$len,$inp,$len		@ $len to point at the end
-	stmdb	sp!,{r3-r11,lr}		@ save $len/end too
-	sub	r12,r12,#48		@ &rem_4bit
-
-	ldmia	r12,{r4-r11}		@ copy rem_4bit ...
-	stmdb	sp!,{r4-r11}		@ ... to stack
-
-	ldrb	$nlo,[$inp,#15]
-	ldrb	$nhi,[$Xi,#15]
-.Louter:
-	eor	$nlo,$nlo,$nhi
-	and	$nhi,$nlo,#0xf0
-	and	$nlo,$nlo,#0x0f
-	mov	$cnt,#14
-
-	add	$Zhh,$Htbl,$nlo,lsl#4
-	ldmia	$Zhh,{$Zll-$Zhh}	@ load Htbl[nlo]
-	add	$Thh,$Htbl,$nhi
-	ldrb	$nlo,[$inp,#14]
-
-	and	$nhi,$Zll,#0xf		@ rem
-	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nhi]
-	add	$nhi,$nhi,$nhi
-	eor	$Zll,$Tll,$Zll,lsr#4
-	ldrh	$Tll,[sp,$nhi]		@ rem_4bit[rem]
-	eor	$Zll,$Zll,$Zlh,lsl#28
-	ldrb	$nhi,[$Xi,#14]
-	eor	$Zlh,$Tlh,$Zlh,lsr#4
-	eor	$Zlh,$Zlh,$Zhl,lsl#28
-	eor	$Zhl,$Thl,$Zhl,lsr#4
-	eor	$Zhl,$Zhl,$Zhh,lsl#28
-	eor	$Zhh,$Thh,$Zhh,lsr#4
-	eor	$nlo,$nlo,$nhi
-	and	$nhi,$nlo,#0xf0
-	and	$nlo,$nlo,#0x0f
-	eor	$Zhh,$Zhh,$Tll,lsl#16
-
-.Linner:
-	add	$Thh,$Htbl,$nlo,lsl#4
-	and	$nlo,$Zll,#0xf		@ rem
-	subs	$cnt,$cnt,#1
-	add	$nlo,$nlo,$nlo
-	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nlo]
-	eor	$Zll,$Tll,$Zll,lsr#4
-	eor	$Zll,$Zll,$Zlh,lsl#28
-	eor	$Zlh,$Tlh,$Zlh,lsr#4
-	eor	$Zlh,$Zlh,$Zhl,lsl#28
-	ldrh	$Tll,[sp,$nlo]		@ rem_4bit[rem]
-	eor	$Zhl,$Thl,$Zhl,lsr#4
-	ldrplb	$nlo,[$inp,$cnt]
-	eor	$Zhl,$Zhl,$Zhh,lsl#28
-	eor	$Zhh,$Thh,$Zhh,lsr#4
-
-	add	$Thh,$Htbl,$nhi
-	and	$nhi,$Zll,#0xf		@ rem
-	eor	$Zhh,$Zhh,$Tll,lsl#16	@ ^= rem_4bit[rem]
-	add	$nhi,$nhi,$nhi
-	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nhi]
-	eor	$Zll,$Tll,$Zll,lsr#4
-	ldrplb	$Tll,[$Xi,$cnt]
-	eor	$Zll,$Zll,$Zlh,lsl#28
-	eor	$Zlh,$Tlh,$Zlh,lsr#4
-	ldrh	$Tlh,[sp,$nhi]
-	eor	$Zlh,$Zlh,$Zhl,lsl#28
-	eor	$Zhl,$Thl,$Zhl,lsr#4
-	eor	$Zhl,$Zhl,$Zhh,lsl#28
-	eorpl	$nlo,$nlo,$Tll
-	eor	$Zhh,$Thh,$Zhh,lsr#4
-	andpl	$nhi,$nlo,#0xf0
-	andpl	$nlo,$nlo,#0x0f
-	eor	$Zhh,$Zhh,$Tlh,lsl#16	@ ^= rem_4bit[rem]
-	bpl	.Linner
-
-	ldr	$len,[sp,#32]		@ re-load $len/end
-	add	$inp,$inp,#16
-	mov	$nhi,$Zll
-___
-	&Zsmash("cmp\t$inp,$len","ldrneb\t$nlo,[$inp,#15]");
-$code.=<<___;
-	bne	.Louter
-
-	add	sp,sp,#36
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r11,pc}
-#else
-	ldmia	sp!,{r4-r11,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	bx	lr			@ interoperable with Thumb ISA:-)
-#endif
-.size	gcm_ghash_4bit,.-gcm_ghash_4bit
-
-.global	gcm_gmult_4bit
-.type	gcm_gmult_4bit,%function
-gcm_gmult_4bit:
-	stmdb	sp!,{r4-r11,lr}
-	ldrb	$nlo,[$Xi,#15]
-	b	rem_4bit_get
-.Lrem_4bit_got:
-	and	$nhi,$nlo,#0xf0
-	and	$nlo,$nlo,#0x0f
-	mov	$cnt,#14
-
-	add	$Zhh,$Htbl,$nlo,lsl#4
-	ldmia	$Zhh,{$Zll-$Zhh}	@ load Htbl[nlo]
-	ldrb	$nlo,[$Xi,#14]
-
-	add	$Thh,$Htbl,$nhi
-	and	$nhi,$Zll,#0xf		@ rem
-	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nhi]
-	add	$nhi,$nhi,$nhi
-	eor	$Zll,$Tll,$Zll,lsr#4
-	ldrh	$Tll,[$rem_4bit,$nhi]	@ rem_4bit[rem]
-	eor	$Zll,$Zll,$Zlh,lsl#28
-	eor	$Zlh,$Tlh,$Zlh,lsr#4
-	eor	$Zlh,$Zlh,$Zhl,lsl#28
-	eor	$Zhl,$Thl,$Zhl,lsr#4
-	eor	$Zhl,$Zhl,$Zhh,lsl#28
-	eor	$Zhh,$Thh,$Zhh,lsr#4
-	and	$nhi,$nlo,#0xf0
-	eor	$Zhh,$Zhh,$Tll,lsl#16
-	and	$nlo,$nlo,#0x0f
-
-.Loop:
-	add	$Thh,$Htbl,$nlo,lsl#4
-	and	$nlo,$Zll,#0xf		@ rem
-	subs	$cnt,$cnt,#1
-	add	$nlo,$nlo,$nlo
-	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nlo]
-	eor	$Zll,$Tll,$Zll,lsr#4
-	eor	$Zll,$Zll,$Zlh,lsl#28
-	eor	$Zlh,$Tlh,$Zlh,lsr#4
-	eor	$Zlh,$Zlh,$Zhl,lsl#28
-	ldrh	$Tll,[$rem_4bit,$nlo]	@ rem_4bit[rem]
-	eor	$Zhl,$Thl,$Zhl,lsr#4
-	ldrplb	$nlo,[$Xi,$cnt]
-	eor	$Zhl,$Zhl,$Zhh,lsl#28
-	eor	$Zhh,$Thh,$Zhh,lsr#4
-
-	add	$Thh,$Htbl,$nhi
-	and	$nhi,$Zll,#0xf		@ rem
-	eor	$Zhh,$Zhh,$Tll,lsl#16	@ ^= rem_4bit[rem]
-	add	$nhi,$nhi,$nhi
-	ldmia	$Thh,{$Tll-$Thh}	@ load Htbl[nhi]
-	eor	$Zll,$Tll,$Zll,lsr#4
-	eor	$Zll,$Zll,$Zlh,lsl#28
-	eor	$Zlh,$Tlh,$Zlh,lsr#4
-	ldrh	$Tll,[$rem_4bit,$nhi]	@ rem_4bit[rem]
-	eor	$Zlh,$Zlh,$Zhl,lsl#28
-	eor	$Zhl,$Thl,$Zhl,lsr#4
-	eor	$Zhl,$Zhl,$Zhh,lsl#28
-	eor	$Zhh,$Thh,$Zhh,lsr#4
-	andpl	$nhi,$nlo,#0xf0
-	andpl	$nlo,$nlo,#0x0f
-	eor	$Zhh,$Zhh,$Tll,lsl#16	@ ^= rem_4bit[rem]
-	bpl	.Loop
-___
-	&Zsmash();
-$code.=<<___;
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r11,pc}
-#else
-	ldmia	sp!,{r4-r11,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	bx	lr			@ interoperable with Thumb ISA:-)
-#endif
-.size	gcm_gmult_4bit,.-gcm_gmult_4bit
-___
-{
-my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3));
-my ($t0,$t1,$t2,$t3)=map("q$_",(8..12));
-my ($Hlo,$Hhi,$Hhl,$k48,$k32,$k16)=map("d$_",(26..31));
-
-sub clmul64x64 {
-my ($r,$a,$b)=@_;
-$code.=<<___;
-	vext.8		$t0#lo, $a, $a, #1	@ A1
-	vmull.p8	$t0, $t0#lo, $b		@ F = A1*B
-	vext.8		$r#lo, $b, $b, #1	@ B1
-	vmull.p8	$r, $a, $r#lo		@ E = A*B1
-	vext.8		$t1#lo, $a, $a, #2	@ A2
-	vmull.p8	$t1, $t1#lo, $b		@ H = A2*B
-	vext.8		$t3#lo, $b, $b, #2	@ B2
-	vmull.p8	$t3, $a, $t3#lo		@ G = A*B2
-	vext.8		$t2#lo, $a, $a, #3	@ A3
-	veor		$t0, $t0, $r		@ L = E + F
-	vmull.p8	$t2, $t2#lo, $b		@ J = A3*B
-	vext.8		$r#lo, $b, $b, #3	@ B3
-	veor		$t1, $t1, $t3		@ M = G + H
-	vmull.p8	$r, $a, $r#lo		@ I = A*B3
-	veor		$t0#lo, $t0#lo, $t0#hi	@ t0 = (L) (P0 + P1) << 8
-	vand		$t0#hi, $t0#hi, $k48
-	vext.8		$t3#lo, $b, $b, #4	@ B4
-	veor		$t1#lo, $t1#lo, $t1#hi	@ t1 = (M) (P2 + P3) << 16
-	vand		$t1#hi, $t1#hi, $k32
-	vmull.p8	$t3, $a, $t3#lo		@ K = A*B4
-	veor		$t2, $t2, $r		@ N = I + J
-	veor		$t0#lo, $t0#lo, $t0#hi
-	veor		$t1#lo, $t1#lo, $t1#hi
-	veor		$t2#lo, $t2#lo, $t2#hi	@ t2 = (N) (P4 + P5) << 24
-	vand		$t2#hi, $t2#hi, $k16
-	vext.8		$t0, $t0, $t0, #15
-	veor		$t3#lo, $t3#lo, $t3#hi	@ t3 = (K) (P6 + P7) << 32
-	vmov.i64	$t3#hi, #0
-	vext.8		$t1, $t1, $t1, #14
-	veor		$t2#lo, $t2#lo, $t2#hi
-	vmull.p8	$r, $a, $b		@ D = A*B
-	vext.8		$t3, $t3, $t3, #12
-	vext.8		$t2, $t2, $t2, #13
-	veor		$t0, $t0, $t1
-	veor		$t2, $t2, $t3
-	veor		$r, $r, $t0
-	veor		$r, $r, $t2
-___
-}
-
-$code.=<<___;
-#if __ARM_ARCH__>=7
-.fpu	neon
-
-.global	gcm_init_neon
-.type	gcm_init_neon,%function
-.align	4
-gcm_init_neon:
-	vld1.64		$IN#hi,[r1,:64]!	@ load H
-	vmov.i8		$t0,#0xe1
-	vld1.64		$IN#lo,[r1,:64]
-	vshl.i64	$t0#hi,#57
-	vshr.u64	$t0#lo,#63		@ t0=0xc2....01
-	vdup.8		$t1,$IN#hi[7]
-	vshr.u64	$Hlo,$IN#lo,#63
-	vshr.s8		$t1,#7			@ broadcast carry bit
-	vshl.i64	$IN,$IN,#1
-	vand		$t0,$t0,$t1
-	vorr		$IN#hi,$Hlo		@ H<<<=1
-	veor		$IN,$IN,$t0		@ twisted H
-	vstmia		r0,{$IN}
-
-	ret					@ bx lr
-.size	gcm_init_neon,.-gcm_init_neon
-
-.global	gcm_gmult_neon
-.type	gcm_gmult_neon,%function
-.align	4
-gcm_gmult_neon:
-	vld1.64		$IN#hi,[$Xi,:64]!	@ load Xi
-	vld1.64		$IN#lo,[$Xi,:64]!
-	vmov.i64	$k48,#0x0000ffffffffffff
-	vldmia		$Htbl,{$Hlo-$Hhi}	@ load twisted H
-	vmov.i64	$k32,#0x00000000ffffffff
-#ifdef __ARMEL__
-	vrev64.8	$IN,$IN
-#endif
-	vmov.i64	$k16,#0x000000000000ffff
-	veor		$Hhl,$Hlo,$Hhi		@ Karatsuba pre-processing
-	mov		$len,#16
-	b		.Lgmult_neon
-.size	gcm_gmult_neon,.-gcm_gmult_neon
-
-.global	gcm_ghash_neon
-.type	gcm_ghash_neon,%function
-.align	4
-gcm_ghash_neon:
-	vld1.64		$Xl#hi,[$Xi,:64]!	@ load Xi
-	vld1.64		$Xl#lo,[$Xi,:64]!
-	vmov.i64	$k48,#0x0000ffffffffffff
-	vldmia		$Htbl,{$Hlo-$Hhi}	@ load twisted H
-	vmov.i64	$k32,#0x00000000ffffffff
-#ifdef __ARMEL__
-	vrev64.8	$Xl,$Xl
-#endif
-	vmov.i64	$k16,#0x000000000000ffff
-	veor		$Hhl,$Hlo,$Hhi		@ Karatsuba pre-processing
-
-.Loop_neon:
-	vld1.64		$IN#hi,[$inp]!		@ load inp
-	vld1.64		$IN#lo,[$inp]!
-#ifdef __ARMEL__
-	vrev64.8	$IN,$IN
-#endif
-	veor		$IN,$Xl			@ inp^=Xi
-.Lgmult_neon:
-___
-	&clmul64x64	($Xl,$Hlo,"$IN#lo");	# H.lo·Xi.lo
-$code.=<<___;
-	veor		$IN#lo,$IN#lo,$IN#hi	@ Karatsuba pre-processing
-___
-	&clmul64x64	($Xm,$Hhl,"$IN#lo");	# (H.lo+H.hi)·(Xi.lo+Xi.hi)
-	&clmul64x64	($Xh,$Hhi,"$IN#hi");	# H.hi·Xi.hi
-$code.=<<___;
-	veor		$Xm,$Xm,$Xl		@ Karatsuba post-processing
-	veor		$Xm,$Xm,$Xh
-	veor		$Xl#hi,$Xl#hi,$Xm#lo
-	veor		$Xh#lo,$Xh#lo,$Xm#hi	@ Xh|Xl - 256-bit result
-
-	@ equivalent of reduction_avx from ghash-x86_64.pl
-	vshl.i64	$t1,$Xl,#57		@ 1st phase
-	vshl.i64	$t2,$Xl,#62
-	veor		$t2,$t2,$t1		@
-	vshl.i64	$t1,$Xl,#63
-	veor		$t2, $t2, $t1		@
- 	veor		$Xl#hi,$Xl#hi,$t2#lo	@
-	veor		$Xh#lo,$Xh#lo,$t2#hi
-
-	vshr.u64	$t2,$Xl,#1		@ 2nd phase
-	veor		$Xh,$Xh,$Xl
-	veor		$Xl,$Xl,$t2		@
-	vshr.u64	$t2,$t2,#6
-	vshr.u64	$Xl,$Xl,#1		@
-	veor		$Xl,$Xl,$Xh		@
-	veor		$Xl,$Xl,$t2		@
-
-	subs		$len,#16
-	bne		.Loop_neon
-
-#ifdef __ARMEL__
-	vrev64.8	$Xl,$Xl
-#endif
-	sub		$Xi,#16	
-	vst1.64		$Xl#hi,[$Xi,:64]!	@ write out Xi
-	vst1.64		$Xl#lo,[$Xi,:64]
-
-	ret					@ bx lr
-.size	gcm_ghash_neon,.-gcm_ghash_neon
-#endif
-___
-}
-$code.=<<___;
-.asciz  "GHASH for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
-.align  2
-___
-
-foreach (split("\n",$code)) {
-	s/\`([^\`]*)\`/eval $1/geo;
-
-	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
-	s/\bret\b/bx	lr/go		or
-	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;    # make it possible to compile with -march=armv4
-
-	print $_,"\n";
-}
-close STDOUT; # enforce flush
diff --git a/crypto/modes/asm/ghash-ia64.pl b/crypto/modes/asm/ghash-ia64.pl
deleted file mode 100755
index 0354c95444..0000000000
--- a/crypto/modes/asm/ghash-ia64.pl
+++ /dev/null
@@ -1,463 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# March 2010
-#
-# The module implements "4-bit" GCM GHASH function and underlying
-# single multiplication operation in GF(2^128). "4-bit" means that it
-# uses 256 bytes per-key table [+128 bytes shared table]. Streamed
-# GHASH performance was measured to be 6.67 cycles per processed byte
-# on Itanium 2, which is >90% better than Microsoft compiler generated
-# code. To anchor to something else sha1-ia64.pl module processes one
-# byte in 5.7 cycles. On Itanium GHASH should run at ~8.5 cycles per
-# byte.
-
-# September 2010
-#
-# It was originally thought that it makes lesser sense to implement
-# "528B" variant on Itanium 2 for following reason. Because number of
-# functional units is naturally limited, it appeared impossible to
-# implement "528B" loop in 4 cycles, only in 5. This would mean that
-# theoretically performance improvement couldn't be more than 20%.
-# But occasionally you prove yourself wrong:-) I figured out a way to
-# fold couple of instructions and having freed yet another instruction
-# slot by unrolling the loop... Resulting performance is 4.45 cycles
-# per processed byte and 50% better than "256B" version. On original
-# Itanium performance should remain the same as the "256B" version,
-# i.e. ~8.5 cycles.
-
-$output=shift and (open STDOUT,">$output" or die "can't open $output: $!");
-
-if ($^O eq "hpux") {
-    $ADDP="addp4";
-    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
-} else { $ADDP="add"; }
-for (@ARGV)  {  $big_endian=1 if (/\-DB_ENDIAN/);
-                $big_endian=0 if (/\-DL_ENDIAN/);  }
-if (!defined($big_endian))
-             {  $big_endian=(unpack('L',pack('N',1))==1);  }
-
-sub loop() {
-my $label=shift;
-my ($p16,$p17)=(shift)?("p63","p63"):("p16","p17"); # mask references to inp
-
-# Loop is scheduled for 6 ticks on Itanium 2 and 8 on Itanium, i.e.
-# in scalable manner;-) Naturally assuming data in L1 cache...
-# Special note about 'dep' instruction, which is used to construct
-# &rem_4bit[Zlo&0xf]. It works, because rem_4bit is aligned at 128
-# bytes boundary and lower 7 bits of its address are guaranteed to
-# be zero.
-$code.=<<___;
-$label:
-{ .mfi;	(p18)	ld8	Hlo=[Hi[1]],-8
-	(p19)	dep	rem=Zlo,rem_4bitp,3,4	}
-{ .mfi;	(p19)	xor	Zhi=Zhi,Hhi
-	($p17)	xor	xi[1]=xi[1],in[1]	};;
-{ .mfi;	(p18)	ld8	Hhi=[Hi[1]]
-	(p19)	shrp	Zlo=Zhi,Zlo,4		}
-{ .mfi;	(p19)	ld8	rem=[rem]
-	(p18)	and	Hi[1]=mask0xf0,xi[2]	};;
-{ .mmi;	($p16)	ld1	in[0]=[inp],-1
-	(p18)	xor	Zlo=Zlo,Hlo
-	(p19)	shr.u	Zhi=Zhi,4		}
-{ .mib;	(p19)	xor	Hhi=Hhi,rem
-	(p18)	add	Hi[1]=Htbl,Hi[1]	};;
-
-{ .mfi;	(p18)	ld8	Hlo=[Hi[1]],-8
-	(p18)	dep	rem=Zlo,rem_4bitp,3,4	}
-{ .mfi;	(p17)	shladd	Hi[0]=xi[1],4,r0
-	(p18)	xor	Zhi=Zhi,Hhi		};;
-{ .mfi;	(p18)	ld8	Hhi=[Hi[1]]
-	(p18)	shrp	Zlo=Zhi,Zlo,4		}
-{ .mfi;	(p18)	ld8	rem=[rem]
-	(p17)	and	Hi[0]=mask0xf0,Hi[0]	};;
-{ .mmi;	(p16)	ld1	xi[0]=[Xi],-1
-	(p18)	xor	Zlo=Zlo,Hlo
-	(p18)	shr.u	Zhi=Zhi,4		}
-{ .mib;	(p18)	xor	Hhi=Hhi,rem
-	(p17)	add	Hi[0]=Htbl,Hi[0]
-	br.ctop.sptk	$label			};;
-___
-}
-
-$code=<<___;
-.explicit
-.text
-
-prevfs=r2;	prevlc=r3;	prevpr=r8;
-mask0xf0=r21;
-rem=r22;	rem_4bitp=r23;
-Xi=r24;		Htbl=r25;
-inp=r26;	end=r27;
-Hhi=r28;	Hlo=r29;
-Zhi=r30;	Zlo=r31;
-
-.align	128
-.skip	16					// aligns loop body
-.global	gcm_gmult_4bit#
-.proc	gcm_gmult_4bit#
-gcm_gmult_4bit:
-	.prologue
-{ .mmi;	.save	ar.pfs,prevfs
-	alloc	prevfs=ar.pfs,2,6,0,8
-	$ADDP	Xi=15,in0			// &Xi[15]
-	mov	rem_4bitp=ip		}
-{ .mii;	$ADDP	Htbl=8,in1			// &Htbl[0].lo
-	.save	ar.lc,prevlc
-	mov	prevlc=ar.lc
-	.save	pr,prevpr
-	mov	prevpr=pr		};;
-
-	.body
-	.rotr	in[3],xi[3],Hi[2]
-
-{ .mib;	ld1	xi[2]=[Xi],-1			// Xi[15]
-	mov	mask0xf0=0xf0
-	brp.loop.imp	.Loop1,.Lend1-16};;
-{ .mmi;	ld1	xi[1]=[Xi],-1			// Xi[14]
-					};;
-{ .mii;	shladd	Hi[1]=xi[2],4,r0
-	mov	pr.rot=0x7<<16
-	mov	ar.lc=13		};;
-{ .mii;	and	Hi[1]=mask0xf0,Hi[1]
-	mov	ar.ec=3
-	xor	Zlo=Zlo,Zlo		};;
-{ .mii;	add	Hi[1]=Htbl,Hi[1]		// &Htbl[nlo].lo
-	add	rem_4bitp=rem_4bit#-gcm_gmult_4bit#,rem_4bitp
-	xor	Zhi=Zhi,Zhi		};;
-___
-	&loop	(".Loop1",1);
-$code.=<<___;
-.Lend1:
-{ .mib;	xor	Zhi=Zhi,Hhi		};;	// modulo-scheduling artefact
-{ .mib;	mux1	Zlo=Zlo,\@rev		};;
-{ .mib;	mux1	Zhi=Zhi,\@rev		};;
-{ .mmi;	add	Hlo=9,Xi;;			// ;; is here to prevent
-	add	Hhi=1,Xi		};;	// pipeline flush on Itanium
-{ .mib;	st8	[Hlo]=Zlo
-	mov	pr=prevpr,0x1ffff	};;
-{ .mib;	st8	[Hhi]=Zhi
-	mov	ar.lc=prevlc
-	br.ret.sptk.many	b0	};;
-.endp	gcm_gmult_4bit#
-___
-
-######################################################################
-# "528B" (well, "512B" actualy) streamed GHASH
-#
-$Xip="in0";
-$Htbl="in1";
-$inp="in2";
-$len="in3";
-$rem_8bit="loc0";
-$mask0xff="loc1";
-($sum,$rum) = $big_endian ? ("nop.m","nop.m") : ("sum","rum");
-
-sub load_htable() {
-    for (my $i=0;$i<8;$i++) {
-	$code.=<<___;
-{ .mmi;	ld8	r`16+2*$i+1`=[r8],16		// Htable[$i].hi
-	ld8	r`16+2*$i`=[r9],16	}	// Htable[$i].lo
-{ .mmi;	ldf8	f`32+2*$i+1`=[r10],16		// Htable[`8+$i`].hi
-	ldf8	f`32+2*$i`=[r11],16		// Htable[`8+$i`].lo
-___
-	$code.=shift	if (($i+$#_)==7);
-	$code.="\t};;\n"
-    }
-}
-
-$code.=<<___;
-prevsp=r3;
-
-.align	32
-.skip	16					// aligns loop body
-.global	gcm_ghash_4bit#
-.proc	gcm_ghash_4bit#
-gcm_ghash_4bit:
-	.prologue
-{ .mmi;	.save	ar.pfs,prevfs
-	alloc	prevfs=ar.pfs,4,2,0,0
-	.vframe	prevsp
-	mov	prevsp=sp
-	mov	$rem_8bit=ip		};;
-	.body
-{ .mfi;	$ADDP	r8=0+0,$Htbl
-	$ADDP	r9=0+8,$Htbl		}
-{ .mfi;	$ADDP	r10=128+0,$Htbl
-	$ADDP	r11=128+8,$Htbl		};;
-___
-	&load_htable(
-	"	$ADDP	$Xip=15,$Xip",		# &Xi[15]
-	"	$ADDP	$len=$len,$inp",	# &inp[len]
-	"	$ADDP	$inp=15,$inp",		# &inp[15]
-	"	mov	$mask0xff=0xff",
-	"	add	sp=-512,sp",
-	"	andcm	sp=sp,$mask0xff",	# align stack frame
-	"	add	r14=0,sp",
-	"	add	r15=8,sp");
-$code.=<<___;
-{ .mmi;	$sum	1<<1				// go big-endian
-	add	r8=256+0,sp
-	add	r9=256+8,sp		}
-{ .mmi;	add	r10=256+128+0,sp
-	add	r11=256+128+8,sp
-	add	$len=-17,$len		};;
-___
-for($i=0;$i<8;$i++) {	# generate first half of Hshr4[]
-my ($rlo,$rhi)=("r".eval(16+2*$i),"r".eval(16+2*$i+1));
-$code.=<<___;
-{ .mmi;	st8	[r8]=$rlo,16			// Htable[$i].lo
-	st8	[r9]=$rhi,16			// Htable[$i].hi
-	shrp	$rlo=$rhi,$rlo,4	}//;;
-{ .mmi;	stf8	[r10]=f`32+2*$i`,16		// Htable[`8+$i`].lo
-	stf8	[r11]=f`32+2*$i+1`,16		// Htable[`8+$i`].hi
-	shr.u	$rhi=$rhi,4		};;
-{ .mmi;	st8	[r14]=$rlo,16			// Htable[$i].lo>>4
-	st8	[r15]=$rhi,16		}//;;	// Htable[$i].hi>>4
-___
-}
-$code.=<<___;
-{ .mmi;	ld8	r16=[r8],16			// Htable[8].lo
-	ld8	r17=[r9],16		};;	// Htable[8].hi
-{ .mmi;	ld8	r18=[r8],16			// Htable[9].lo
-	ld8	r19=[r9],16		}	// Htable[9].hi
-{ .mmi;	rum	1<<5				// clear um.mfh
-	shrp	r16=r17,r16,4		};;
-___
-for($i=0;$i<6;$i++) {	# generate second half of Hshr4[]
-$code.=<<___;
-{ .mmi;	ld8	r`20+2*$i`=[r8],16		// Htable[`10+$i`].lo
-	ld8	r`20+2*$i+1`=[r9],16		// Htable[`10+$i`].hi
-	shr.u	r`16+2*$i+1`=r`16+2*$i+1`,4	};;
-{ .mmi;	st8	[r14]=r`16+2*$i`,16		// Htable[`8+$i`].lo>>4
-	st8	[r15]=r`16+2*$i+1`,16		// Htable[`8+$i`].hi>>4
-	shrp	r`18+2*$i`=r`18+2*$i+1`,r`18+2*$i`,4	}
-___
-}
-$code.=<<___;
-{ .mmi;	shr.u	r`16+2*$i+1`=r`16+2*$i+1`,4	};;
-{ .mmi;	st8	[r14]=r`16+2*$i`,16		// Htable[`8+$i`].lo>>4
-	st8	[r15]=r`16+2*$i+1`,16		// Htable[`8+$i`].hi>>4
-	shrp	r`18+2*$i`=r`18+2*$i+1`,r`18+2*$i`,4	}
-{ .mmi;	add	$Htbl=256,sp			// &Htable[0]
-	add	$rem_8bit=rem_8bit#-gcm_ghash_4bit#,$rem_8bit
-	shr.u	r`18+2*$i+1`=r`18+2*$i+1`,4	};;
-{ .mmi;	st8	[r14]=r`18+2*$i`		// Htable[`8+$i`].lo>>4
-	st8	[r15]=r`18+2*$i+1`	}	// Htable[`8+$i`].hi>>4
-___
-
-$in="r15";
-@xi=("r16","r17");
-@rem=("r18","r19");
-($Alo,$Ahi,$Blo,$Bhi,$Zlo,$Zhi)=("r20","r21","r22","r23","r24","r25");
-($Atbl,$Btbl)=("r26","r27");
-
-$code.=<<___;	# (p16)
-{ .mmi;	ld1	$in=[$inp],-1			//(p16) *inp--
-	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
-	cmp.eq	p0,p6=r0,r0		};;	//	clear p6
-___
-push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
-
-$code.=<<___;	# (p16),(p17)
-{ .mmi;	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
-	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
-{ .mii;	ld1	$in=[$inp],-1			//(p16) *inp--
-	dep	$Atbl=$xi[1],$Htbl,4,4		//(p17) &Htable[nlo].lo
-	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
-.align	32
-.LOOP:
-{ .mmi;
-(p6)	st8	[$Xip]=$Zhi,13
-	xor	$Zlo=$Zlo,$Zlo
-	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi].lo
-___
-push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
-
-$code.=<<___;	# (p16),(p17),(p18)
-{ .mmi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
-	ld8	$rem[0]=[$Btbl],-256		//(p18) Htable[nhi].lo,&Hshr4[nhi].lo
-	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
-{ .mfi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
-	dep	$Atbl=$xi[1],$Htbl,4,4	}	//(p17) &Htable[nlo].lo
-{ .mfi;	shladd	$rem[0]=$rem[0],4,r0		//(p18) Htable[nhi].lo<<4
-	xor	$Zlo=$Zlo,$Alo		};;	//(p18) Z.lo^=Htable[nlo].lo
-{ .mmi;	ld8	$Blo=[$Btbl],8			//(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi
-	ld1	$in=[$inp],-1		}	//(p16) *inp--
-{ .mmi;	xor	$rem[0]=$rem[0],$Zlo		//(p18) Z.lo^(Htable[nhi].lo<<4)
-	mov	$Zhi=$Ahi			//(p18) Z.hi^=Htable[nlo].hi
-	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
-{ .mmi;	ld8	$Bhi=[$Btbl]			//(p18) Hshr4[nhi].hi
-	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
-	shrp	$Zlo=$Zhi,$Zlo,8	}	//(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8)
-{ .mmi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
-	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi]
-___
-push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
-
-for ($i=1;$i<14;$i++) {
-# Above and below fragments are derived from this one by removing
-# unsuitable (p??) instructions.
-$code.=<<___;	# (p16),(p17),(p18),(p19)
-{ .mmi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
-	ld8	$rem[0]=[$Btbl],-256		//(p18) Htable[nhi].lo,&Hshr4[nhi].lo
-	shr.u	$Zhi=$Zhi,8		}	//(p19) Z.hi>>=8
-{ .mmi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
-	xor	$Zlo=$Zlo,$Blo			//(p19) Z.lo^=Hshr4[nhi].lo
-	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
-{ .mmi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
-	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
-	dep	$Atbl=$xi[1],$Htbl,4,4	}	//(p17) &Htable[nlo].lo
-{ .mmi;	shladd	$rem[0]=$rem[0],4,r0		//(p18) Htable[nhi].lo<<4
-	xor	$Zlo=$Zlo,$Alo			//(p18) Z.lo^=Htable[nlo].lo
-	xor	$Zhi=$Zhi,$Bhi		};;	//(p19) Z.hi^=Hshr4[nhi].hi
-{ .mmi;	ld8	$Blo=[$Btbl],8			//(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi
-	ld1	$in=[$inp],-1			//(p16) *inp--
-	shl	$rem[1]=$rem[1],48	}	//(p19) rem_8bit[rem]<<48
-{ .mmi;	xor	$rem[0]=$rem[0],$Zlo		//(p18) Z.lo^(Htable[nhi].lo<<4)
-	xor	$Zhi=$Zhi,$Ahi			//(p18) Z.hi^=Htable[nlo].hi
-	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
-{ .mmi;	ld8	$Bhi=[$Btbl]			//(p18) Hshr4[nhi].hi
-	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
-	shrp	$Zlo=$Zhi,$Zlo,8	}	//(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8)
-{ .mmi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
-	xor	$Zhi=$Zhi,$rem[1]		//(p19) Z.hi^=rem_8bit[rem]<<48
-	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi]
-___
-push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
-}
-
-$code.=<<___;	# (p17),(p18),(p19)
-{ .mmi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
-	ld8	$rem[0]=[$Btbl],-256		//(p18) Htable[nhi].lo,&Hshr4[nhi].lo
-	shr.u	$Zhi=$Zhi,8		}	//(p19) Z.hi>>=8
-{ .mmi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
-	xor	$Zlo=$Zlo,$Blo			//(p19) Z.lo^=Hshr4[nhi].lo
-	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
-{ .mmi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
-	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
-	dep	$Atbl=$xi[1],$Htbl,4,4	};;	//(p17) &Htable[nlo].lo
-{ .mmi;	shladd	$rem[0]=$rem[0],4,r0		//(p18) Htable[nhi].lo<<4
-	xor	$Zlo=$Zlo,$Alo			//(p18) Z.lo^=Htable[nlo].lo
-	xor	$Zhi=$Zhi,$Bhi		};;	//(p19) Z.hi^=Hshr4[nhi].hi
-{ .mmi;	ld8	$Blo=[$Btbl],8			//(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi
-	shl	$rem[1]=$rem[1],48	}	//(p19) rem_8bit[rem]<<48
-{ .mmi;	xor	$rem[0]=$rem[0],$Zlo		//(p18) Z.lo^(Htable[nhi].lo<<4)
-	xor	$Zhi=$Zhi,$Ahi			//(p18) Z.hi^=Htable[nlo].hi
-	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
-{ .mmi;	ld8	$Bhi=[$Btbl]			//(p18) Hshr4[nhi].hi
-	shrp	$Zlo=$Zhi,$Zlo,8	}	//(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8)
-{ .mmi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
-	xor	$Zhi=$Zhi,$rem[1]		//(p19) Z.hi^=rem_8bit[rem]<<48
-	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi]
-___
-push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
-
-$code.=<<___;	# (p18),(p19)
-{ .mfi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
-	shr.u	$Zhi=$Zhi,8		}	//(p19) Z.hi>>=8
-{ .mfi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
-	xor	$Zlo=$Zlo,$Blo		};;	//(p19) Z.lo^=Hshr4[nhi].lo
-{ .mfi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
-	xor	$Zlo=$Zlo,$Alo		}	//(p18) Z.lo^=Htable[nlo].lo
-{ .mfi;	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
-	xor	$Zhi=$Zhi,$Bhi		};;	//(p19) Z.hi^=Hshr4[nhi].hi
-{ .mfi;	ld8	$Blo=[$Btbl],8			//(p18) Htable[nhi].lo,&Htable[nhi].hi
-	shl	$rem[1]=$rem[1],48	}	//(p19) rem_8bit[rem]<<48
-{ .mfi;	shladd	$rem[0]=$Zlo,4,r0		//(p18) Z.lo<<4
-	xor	$Zhi=$Zhi,$Ahi		};;	//(p18) Z.hi^=Htable[nlo].hi
-{ .mfi;	ld8	$Bhi=[$Btbl]			//(p18) Htable[nhi].hi
-	shrp	$Zlo=$Zhi,$Zlo,4	}	//(p18) Z.lo=(Z.hi<<60)|(Z.lo>>4)
-{ .mfi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
-	xor	$Zhi=$Zhi,$rem[1]	};;	//(p19) Z.hi^=rem_8bit[rem]<<48
-___
-push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
-
-$code.=<<___;	# (p19)
-{ .mmi;	cmp.ltu	p6,p0=$inp,$len
-	add	$inp=32,$inp
-	shr.u	$Zhi=$Zhi,4		}	//(p19) Z.hi>>=4
-{ .mmi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
-	xor	$Zlo=$Zlo,$Blo			//(p19) Z.lo^=Hshr4[nhi].lo
-	add	$Xip=9,$Xip		};;	//	&Xi.lo
-{ .mmi;	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
-(p6)	ld1	$in=[$inp],-1			//[p16] *inp--
-(p6)	extr.u	$xi[1]=$Zlo,8,8		}	//[p17] Xi[14]
-{ .mmi;	xor	$Zhi=$Zhi,$Bhi			//(p19) Z.hi^=Hshr4[nhi].hi
-(p6)	and	$xi[0]=$Zlo,$mask0xff	};;	//[p16] Xi[15]
-{ .mmi;	st8	[$Xip]=$Zlo,-8
-(p6)	xor	$xi[0]=$xi[0],$in		//[p17] xi=$xi[i]^inp[i]
-	shl	$rem[1]=$rem[1],48	};;	//(p19) rem_8bit[rem]<<48
-{ .mmi;
-(p6)	ld1	$in=[$inp],-1			//[p16] *inp--
-	xor	$Zhi=$Zhi,$rem[1]		//(p19) Z.hi^=rem_8bit[rem]<<48
-(p6)	dep	$Atbl=$xi[0],$Htbl,4,4	}	//[p17] &Htable[nlo].lo
-{ .mib;
-(p6)	and	$xi[0]=-16,$xi[0]		//[p17] nhi=xi&0xf0
-(p6)	br.cond.dptk.many	.LOOP	};;
-
-{ .mib;	st8	[$Xip]=$Zhi		};;
-{ .mib;	$rum	1<<1				// return to little-endian
-	.restore	sp
-	mov	sp=prevsp
-	br.ret.sptk.many	b0	};;
-.endp	gcm_ghash_4bit#
-___
-$code.=<<___;
-.align	128
-.type	rem_4bit#,\@object
-rem_4bit:
-        data8	0x0000<<48, 0x1C20<<48, 0x3840<<48, 0x2460<<48
-        data8	0x7080<<48, 0x6CA0<<48, 0x48C0<<48, 0x54E0<<48
-        data8	0xE100<<48, 0xFD20<<48, 0xD940<<48, 0xC560<<48
-        data8	0x9180<<48, 0x8DA0<<48, 0xA9C0<<48, 0xB5E0<<48
-.size	rem_4bit#,128
-.type	rem_8bit#,\@object
-rem_8bit:
-	data1	0x00,0x00, 0x01,0xC2, 0x03,0x84, 0x02,0x46, 0x07,0x08, 0x06,0xCA, 0x04,0x8C, 0x05,0x4E
-	data1	0x0E,0x10, 0x0F,0xD2, 0x0D,0x94, 0x0C,0x56, 0x09,0x18, 0x08,0xDA, 0x0A,0x9C, 0x0B,0x5E
-	data1	0x1C,0x20, 0x1D,0xE2, 0x1F,0xA4, 0x1E,0x66, 0x1B,0x28, 0x1A,0xEA, 0x18,0xAC, 0x19,0x6E
-	data1	0x12,0x30, 0x13,0xF2, 0x11,0xB4, 0x10,0x76, 0x15,0x38, 0x14,0xFA, 0x16,0xBC, 0x17,0x7E
-	data1	0x38,0x40, 0x39,0x82, 0x3B,0xC4, 0x3A,0x06, 0x3F,0x48, 0x3E,0x8A, 0x3C,0xCC, 0x3D,0x0E
-	data1	0x36,0x50, 0x37,0x92, 0x35,0xD4, 0x34,0x16, 0x31,0x58, 0x30,0x9A, 0x32,0xDC, 0x33,0x1E
-	data1	0x24,0x60, 0x25,0xA2, 0x27,0xE4, 0x26,0x26, 0x23,0x68, 0x22,0xAA, 0x20,0xEC, 0x21,0x2E
-	data1	0x2A,0x70, 0x2B,0xB2, 0x29,0xF4, 0x28,0x36, 0x2D,0x78, 0x2C,0xBA, 0x2E,0xFC, 0x2F,0x3E
-	data1	0x70,0x80, 0x71,0x42, 0x73,0x04, 0x72,0xC6, 0x77,0x88, 0x76,0x4A, 0x74,0x0C, 0x75,0xCE
-	data1	0x7E,0x90, 0x7F,0x52, 0x7D,0x14, 0x7C,0xD6, 0x79,0x98, 0x78,0x5A, 0x7A,0x1C, 0x7B,0xDE
-	data1	0x6C,0xA0, 0x6D,0x62, 0x6F,0x24, 0x6E,0xE6, 0x6B,0xA8, 0x6A,0x6A, 0x68,0x2C, 0x69,0xEE
-	data1	0x62,0xB0, 0x63,0x72, 0x61,0x34, 0x60,0xF6, 0x65,0xB8, 0x64,0x7A, 0x66,0x3C, 0x67,0xFE
-	data1	0x48,0xC0, 0x49,0x02, 0x4B,0x44, 0x4A,0x86, 0x4F,0xC8, 0x4E,0x0A, 0x4C,0x4C, 0x4D,0x8E
-	data1	0x46,0xD0, 0x47,0x12, 0x45,0x54, 0x44,0x96, 0x41,0xD8, 0x40,0x1A, 0x42,0x5C, 0x43,0x9E
-	data1	0x54,0xE0, 0x55,0x22, 0x57,0x64, 0x56,0xA6, 0x53,0xE8, 0x52,0x2A, 0x50,0x6C, 0x51,0xAE
-	data1	0x5A,0xF0, 0x5B,0x32, 0x59,0x74, 0x58,0xB6, 0x5D,0xF8, 0x5C,0x3A, 0x5E,0x7C, 0x5F,0xBE
-	data1	0xE1,0x00, 0xE0,0xC2, 0xE2,0x84, 0xE3,0x46, 0xE6,0x08, 0xE7,0xCA, 0xE5,0x8C, 0xE4,0x4E
-	data1	0xEF,0x10, 0xEE,0xD2, 0xEC,0x94, 0xED,0x56, 0xE8,0x18, 0xE9,0xDA, 0xEB,0x9C, 0xEA,0x5E
-	data1	0xFD,0x20, 0xFC,0xE2, 0xFE,0xA4, 0xFF,0x66, 0xFA,0x28, 0xFB,0xEA, 0xF9,0xAC, 0xF8,0x6E
-	data1	0xF3,0x30, 0xF2,0xF2, 0xF0,0xB4, 0xF1,0x76, 0xF4,0x38, 0xF5,0xFA, 0xF7,0xBC, 0xF6,0x7E
-	data1	0xD9,0x40, 0xD8,0x82, 0xDA,0xC4, 0xDB,0x06, 0xDE,0x48, 0xDF,0x8A, 0xDD,0xCC, 0xDC,0x0E
-	data1	0xD7,0x50, 0xD6,0x92, 0xD4,0xD4, 0xD5,0x16, 0xD0,0x58, 0xD1,0x9A, 0xD3,0xDC, 0xD2,0x1E
-	data1	0xC5,0x60, 0xC4,0xA2, 0xC6,0xE4, 0xC7,0x26, 0xC2,0x68, 0xC3,0xAA, 0xC1,0xEC, 0xC0,0x2E
-	data1	0xCB,0x70, 0xCA,0xB2, 0xC8,0xF4, 0xC9,0x36, 0xCC,0x78, 0xCD,0xBA, 0xCF,0xFC, 0xCE,0x3E
-	data1	0x91,0x80, 0x90,0x42, 0x92,0x04, 0x93,0xC6, 0x96,0x88, 0x97,0x4A, 0x95,0x0C, 0x94,0xCE
-	data1	0x9F,0x90, 0x9E,0x52, 0x9C,0x14, 0x9D,0xD6, 0x98,0x98, 0x99,0x5A, 0x9B,0x1C, 0x9A,0xDE
-	data1	0x8D,0xA0, 0x8C,0x62, 0x8E,0x24, 0x8F,0xE6, 0x8A,0xA8, 0x8B,0x6A, 0x89,0x2C, 0x88,0xEE
-	data1	0x83,0xB0, 0x82,0x72, 0x80,0x34, 0x81,0xF6, 0x84,0xB8, 0x85,0x7A, 0x87,0x3C, 0x86,0xFE
-	data1	0xA9,0xC0, 0xA8,0x02, 0xAA,0x44, 0xAB,0x86, 0xAE,0xC8, 0xAF,0x0A, 0xAD,0x4C, 0xAC,0x8E
-	data1	0xA7,0xD0, 0xA6,0x12, 0xA4,0x54, 0xA5,0x96, 0xA0,0xD8, 0xA1,0x1A, 0xA3,0x5C, 0xA2,0x9E
-	data1	0xB5,0xE0, 0xB4,0x22, 0xB6,0x64, 0xB7,0xA6, 0xB2,0xE8, 0xB3,0x2A, 0xB1,0x6C, 0xB0,0xAE
-	data1	0xBB,0xF0, 0xBA,0x32, 0xB8,0x74, 0xB9,0xB6, 0xBC,0xF8, 0xBD,0x3A, 0xBF,0x7C, 0xBE,0xBE
-.size	rem_8bit#,512
-stringz	"GHASH for IA64, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-$code =~ s/mux1(\s+)\S+\@rev/nop.i$1 0x0/gm      if ($big_endian);
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-
-print $code;
-close STDOUT;
diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl
deleted file mode 100644
index d5ad96b403..0000000000
--- a/crypto/modes/asm/ghash-parisc.pl
+++ /dev/null
@@ -1,731 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# April 2010
-#
-# The module implements "4-bit" GCM GHASH function and underlying
-# single multiplication operation in GF(2^128). "4-bit" means that it
-# uses 256 bytes per-key table [+128 bytes shared table]. On PA-7100LC
-# it processes one byte in 19.6 cycles, which is more than twice as
-# fast as code generated by gcc 3.2. PA-RISC 2.0 loop is scheduled for
-# 8 cycles, but measured performance on PA-8600 system is ~9 cycles per
-# processed byte. This is ~2.2x faster than 64-bit code generated by
-# vendor compiler (which used to be very hard to beat:-).
-#
-# Special thanks to polarhome.com for providing HP-UX account.
-
-$flavour = shift;
-$output = shift;
-open STDOUT,">$output";
-
-if ($flavour =~ /64/) {
-	$LEVEL		="2.0W";
-	$SIZE_T		=8;
-	$FRAME_MARKER	=80;
-	$SAVED_RP	=16;
-	$PUSH		="std";
-	$PUSHMA		="std,ma";
-	$POP		="ldd";
-	$POPMB		="ldd,mb";
-	$NREGS		=6;
-} else {
-	$LEVEL		="1.0";	#"\n\t.ALLOW\t2.0";
-	$SIZE_T		=4;
-	$FRAME_MARKER	=48;
-	$SAVED_RP	=20;
-	$PUSH		="stw";
-	$PUSHMA		="stwm";
-	$POP		="ldw";
-	$POPMB		="ldwm";
-	$NREGS		=11;
-}
-
-$FRAME=10*$SIZE_T+$FRAME_MARKER;# NREGS saved regs + frame marker
-				#                 [+ argument transfer]
-
-################# volatile registers
-$Xi="%r26";	# argument block
-$Htbl="%r25";
-$inp="%r24";
-$len="%r23";
-$Hhh=$Htbl;	# variables
-$Hll="%r22";
-$Zhh="%r21";
-$Zll="%r20";
-$cnt="%r19";
-$rem_4bit="%r28";
-$rem="%r29";
-$mask0xf0="%r31";
-
-################# preserved registers
-$Thh="%r1";
-$Tll="%r2";
-$nlo="%r3";
-$nhi="%r4";
-$byte="%r5";
-if ($SIZE_T==4) {
-	$Zhl="%r6";
-	$Zlh="%r7";
-	$Hhl="%r8";
-	$Hlh="%r9";
-	$Thl="%r10";
-	$Tlh="%r11";
-}
-$rem2="%r6";	# used in PA-RISC 2.0 code
-
-$code.=<<___;
-	.LEVEL	$LEVEL
-	.SPACE	\$TEXT\$
-	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
-
-	.EXPORT	gcm_gmult_4bit,ENTRY,ARGW0=GR,ARGW1=GR
-	.ALIGN	64
-gcm_gmult_4bit
-	.PROC
-	.CALLINFO	FRAME=`$FRAME-10*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=$NREGS
-	.ENTRY
-	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
-	$PUSHMA	%r3,$FRAME(%sp)
-	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
-	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
-	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
-___
-$code.=<<___ if ($SIZE_T==4);
-	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
-	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
-	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
-	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
-	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
-___
-$code.=<<___;
-	blr	%r0,$rem_4bit
-	ldi	3,$rem
-L\$pic_gmult
-	andcm	$rem_4bit,$rem,$rem_4bit
-	addl	$inp,$len,$len
-	ldo	L\$rem_4bit-L\$pic_gmult($rem_4bit),$rem_4bit
-	ldi	0xf0,$mask0xf0
-___
-$code.=<<___ if ($SIZE_T==4);
-	ldi	31,$rem
-	mtctl	$rem,%cr11
-	extrd,u,*= $rem,%sar,1,$rem	; executes on PA-RISC 1.0
-	b	L\$parisc1_gmult
-	nop
-___
-
-$code.=<<___;
-	ldb	15($Xi),$nlo
-	ldo	8($Htbl),$Hll
-
-	and	$mask0xf0,$nlo,$nhi
-	depd,z	$nlo,59,4,$nlo
-
-	ldd	$nlo($Hll),$Zll
-	ldd	$nlo($Hhh),$Zhh
-
-	depd,z	$Zll,60,4,$rem
-	shrpd	$Zhh,$Zll,4,$Zll
-	extrd,u	$Zhh,59,60,$Zhh
-	ldb	14($Xi),$nlo
-
-	ldd	$nhi($Hll),$Tll
-	ldd	$nhi($Hhh),$Thh
-	and	$mask0xf0,$nlo,$nhi
-	depd,z	$nlo,59,4,$nlo
-
-	xor	$Tll,$Zll,$Zll
-	xor	$Thh,$Zhh,$Zhh
-	ldd	$rem($rem_4bit),$rem
-	b	L\$oop_gmult_pa2
-	ldi	13,$cnt
-
-	.ALIGN	8
-L\$oop_gmult_pa2
-	xor	$rem,$Zhh,$Zhh		; moved here to work around gas bug
-	depd,z	$Zll,60,4,$rem
-
-	shrpd	$Zhh,$Zll,4,$Zll
-	extrd,u	$Zhh,59,60,$Zhh
-	ldd	$nlo($Hll),$Tll
-	ldd	$nlo($Hhh),$Thh
-
-	xor	$Tll,$Zll,$Zll
-	xor	$Thh,$Zhh,$Zhh
-	ldd	$rem($rem_4bit),$rem
-
-	xor	$rem,$Zhh,$Zhh
-	depd,z	$Zll,60,4,$rem
-	ldbx	$cnt($Xi),$nlo
-
-	shrpd	$Zhh,$Zll,4,$Zll
-	extrd,u	$Zhh,59,60,$Zhh
-	ldd	$nhi($Hll),$Tll
-	ldd	$nhi($Hhh),$Thh
-
-	and	$mask0xf0,$nlo,$nhi
-	depd,z	$nlo,59,4,$nlo
-	ldd	$rem($rem_4bit),$rem
-
-	xor	$Tll,$Zll,$Zll
-	addib,uv -1,$cnt,L\$oop_gmult_pa2
-	xor	$Thh,$Zhh,$Zhh
-
-	xor	$rem,$Zhh,$Zhh
-	depd,z	$Zll,60,4,$rem
-
-	shrpd	$Zhh,$Zll,4,$Zll
-	extrd,u	$Zhh,59,60,$Zhh
-	ldd	$nlo($Hll),$Tll
-	ldd	$nlo($Hhh),$Thh
-
-	xor	$Tll,$Zll,$Zll
-	xor	$Thh,$Zhh,$Zhh
-	ldd	$rem($rem_4bit),$rem
-
-	xor	$rem,$Zhh,$Zhh
-	depd,z	$Zll,60,4,$rem
-
-	shrpd	$Zhh,$Zll,4,$Zll
-	extrd,u	$Zhh,59,60,$Zhh
-	ldd	$nhi($Hll),$Tll
-	ldd	$nhi($Hhh),$Thh
-
-	xor	$Tll,$Zll,$Zll
-	xor	$Thh,$Zhh,$Zhh
-	ldd	$rem($rem_4bit),$rem
-
-	xor	$rem,$Zhh,$Zhh
-	std	$Zll,8($Xi)
-	std	$Zhh,0($Xi)
-___
-
-$code.=<<___ if ($SIZE_T==4);
-	b	L\$done_gmult
-	nop
-
-L\$parisc1_gmult
-	ldb	15($Xi),$nlo
-	ldo	12($Htbl),$Hll
-	ldo	8($Htbl),$Hlh
-	ldo	4($Htbl),$Hhl
-
-	and	$mask0xf0,$nlo,$nhi
-	zdep	$nlo,27,4,$nlo
-
-	ldwx	$nlo($Hll),$Zll
-	ldwx	$nlo($Hlh),$Zlh
-	ldwx	$nlo($Hhl),$Zhl
-	ldwx	$nlo($Hhh),$Zhh
-	zdep	$Zll,28,4,$rem
-	ldb	14($Xi),$nlo
-	ldwx	$rem($rem_4bit),$rem
-	shrpw	$Zlh,$Zll,4,$Zll
-	ldwx	$nhi($Hll),$Tll
-	shrpw	$Zhl,$Zlh,4,$Zlh
-	ldwx	$nhi($Hlh),$Tlh
-	shrpw	$Zhh,$Zhl,4,$Zhl
-	ldwx	$nhi($Hhl),$Thl
-	extru	$Zhh,27,28,$Zhh
-	ldwx	$nhi($Hhh),$Thh
-	xor	$rem,$Zhh,$Zhh
-	and	$mask0xf0,$nlo,$nhi
-	zdep	$nlo,27,4,$nlo
-
-	xor	$Tll,$Zll,$Zll
-	ldwx	$nlo($Hll),$Tll
-	xor	$Tlh,$Zlh,$Zlh
-	ldwx	$nlo($Hlh),$Tlh
-	xor	$Thl,$Zhl,$Zhl
-	b	L\$oop_gmult_pa1
-	ldi	13,$cnt
-
-	.ALIGN	8
-L\$oop_gmult_pa1
-	zdep	$Zll,28,4,$rem
-	ldwx	$nlo($Hhl),$Thl
-	xor	$Thh,$Zhh,$Zhh
-	ldwx	$rem($rem_4bit),$rem
-	shrpw	$Zlh,$Zll,4,$Zll
-	ldwx	$nlo($Hhh),$Thh
-	shrpw	$Zhl,$Zlh,4,$Zlh
-	ldbx	$cnt($Xi),$nlo
-	xor	$Tll,$Zll,$Zll
-	ldwx	$nhi($Hll),$Tll
-	shrpw	$Zhh,$Zhl,4,$Zhl
-	xor	$Tlh,$Zlh,$Zlh
-	ldwx	$nhi($Hlh),$Tlh
-	extru	$Zhh,27,28,$Zhh
-	xor	$Thl,$Zhl,$Zhl
-	ldwx	$nhi($Hhl),$Thl
-	xor	$rem,$Zhh,$Zhh
-	zdep	$Zll,28,4,$rem
-	xor	$Thh,$Zhh,$Zhh
-	ldwx	$nhi($Hhh),$Thh
-	shrpw	$Zlh,$Zll,4,$Zll
-	ldwx	$rem($rem_4bit),$rem
-	shrpw	$Zhl,$Zlh,4,$Zlh
-	shrpw	$Zhh,$Zhl,4,$Zhl
-	and	$mask0xf0,$nlo,$nhi
-	extru	$Zhh,27,28,$Zhh
-	zdep	$nlo,27,4,$nlo
-	xor	$Tll,$Zll,$Zll
-	ldwx	$nlo($Hll),$Tll
-	xor	$Tlh,$Zlh,$Zlh
-	ldwx	$nlo($Hlh),$Tlh
-	xor	$rem,$Zhh,$Zhh
-	addib,uv -1,$cnt,L\$oop_gmult_pa1
-	xor	$Thl,$Zhl,$Zhl
-
-	zdep	$Zll,28,4,$rem
-	ldwx	$nlo($Hhl),$Thl
-	xor	$Thh,$Zhh,$Zhh
-	ldwx	$rem($rem_4bit),$rem
-	shrpw	$Zlh,$Zll,4,$Zll
-	ldwx	$nlo($Hhh),$Thh
-	shrpw	$Zhl,$Zlh,4,$Zlh
-	xor	$Tll,$Zll,$Zll
-	ldwx	$nhi($Hll),$Tll
-	shrpw	$Zhh,$Zhl,4,$Zhl
-	xor	$Tlh,$Zlh,$Zlh
-	ldwx	$nhi($Hlh),$Tlh
-	extru	$Zhh,27,28,$Zhh
-	xor	$rem,$Zhh,$Zhh
-	xor	$Thl,$Zhl,$Zhl
-	ldwx	$nhi($Hhl),$Thl
-	xor	$Thh,$Zhh,$Zhh
-	ldwx	$nhi($Hhh),$Thh
-	zdep	$Zll,28,4,$rem
-	ldwx	$rem($rem_4bit),$rem
-	shrpw	$Zlh,$Zll,4,$Zll
-	shrpw	$Zhl,$Zlh,4,$Zlh
-	shrpw	$Zhh,$Zhl,4,$Zhl
-	extru	$Zhh,27,28,$Zhh
-	xor	$Tll,$Zll,$Zll
-	xor	$Tlh,$Zlh,$Zlh
-	xor	$rem,$Zhh,$Zhh
-	stw	$Zll,12($Xi)
-	xor	$Thl,$Zhl,$Zhl
-	stw	$Zlh,8($Xi)
-	xor	$Thh,$Zhh,$Zhh
-	stw	$Zhl,4($Xi)
-	stw	$Zhh,0($Xi)
-___
-$code.=<<___;
-L\$done_gmult
-	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2		; standard epilogue
-	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
-	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
-	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
-___
-$code.=<<___ if ($SIZE_T==4);
-	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
-	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
-	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
-	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
-	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
-___
-$code.=<<___;
-	bv	(%r2)
-	.EXIT
-	$POPMB	-$FRAME(%sp),%r3
-	.PROCEND
-
-	.EXPORT	gcm_ghash_4bit,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR
-	.ALIGN	64
-gcm_ghash_4bit
-	.PROC
-	.CALLINFO	FRAME=`$FRAME-10*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=11
-	.ENTRY
-	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
-	$PUSHMA	%r3,$FRAME(%sp)
-	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
-	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
-	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
-___
-$code.=<<___ if ($SIZE_T==4);
-	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
-	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
-	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
-	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
-	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
-___
-$code.=<<___;
-	blr	%r0,$rem_4bit
-	ldi	3,$rem
-L\$pic_ghash
-	andcm	$rem_4bit,$rem,$rem_4bit
-	addl	$inp,$len,$len
-	ldo	L\$rem_4bit-L\$pic_ghash($rem_4bit),$rem_4bit
-	ldi	0xf0,$mask0xf0
-___
-$code.=<<___ if ($SIZE_T==4);
-	ldi	31,$rem
-	mtctl	$rem,%cr11
-	extrd,u,*= $rem,%sar,1,$rem	; executes on PA-RISC 1.0
-	b	L\$parisc1_ghash
-	nop
-___
-
-$code.=<<___;
-	ldb	15($Xi),$nlo
-	ldo	8($Htbl),$Hll
-
-L\$outer_ghash_pa2
-	ldb	15($inp),$nhi
-	xor	$nhi,$nlo,$nlo
-	and	$mask0xf0,$nlo,$nhi
-	depd,z	$nlo,59,4,$nlo
-
-	ldd	$nlo($Hll),$Zll
-	ldd	$nlo($Hhh),$Zhh
-
-	depd,z	$Zll,60,4,$rem
-	shrpd	$Zhh,$Zll,4,$Zll
-	extrd,u	$Zhh,59,60,$Zhh
-	ldb	14($Xi),$nlo
-	ldb	14($inp),$byte
-
-	ldd	$nhi($Hll),$Tll
-	ldd	$nhi($Hhh),$Thh
-	xor	$byte,$nlo,$nlo
-	and	$mask0xf0,$nlo,$nhi
-	depd,z	$nlo,59,4,$nlo
-
-	xor	$Tll,$Zll,$Zll
-	xor	$Thh,$Zhh,$Zhh
-	ldd	$rem($rem_4bit),$rem
-	b	L\$oop_ghash_pa2
-	ldi	13,$cnt
-
-	.ALIGN	8
-L\$oop_ghash_pa2
-	xor	$rem,$Zhh,$Zhh		; moved here to work around gas bug
-	depd,z	$Zll,60,4,$rem2
-
-	shrpd	$Zhh,$Zll,4,$Zll
-	extrd,u	$Zhh,59,60,$Zhh
-	ldd	$nlo($Hll),$Tll
-	ldd	$nlo($Hhh),$Thh
-
-	xor	$Tll,$Zll,$Zll
-	xor	$Thh,$Zhh,$Zhh
-	ldbx	$cnt($Xi),$nlo
-	ldbx	$cnt($inp),$byte
-
-	depd,z	$Zll,60,4,$rem
-	shrpd	$Zhh,$Zll,4,$Zll
-	ldd	$rem2($rem_4bit),$rem2
-
-	xor	$rem2,$Zhh,$Zhh
-	xor	$byte,$nlo,$nlo
-	ldd	$nhi($Hll),$Tll
-	ldd	$nhi($Hhh),$Thh
-
-	and	$mask0xf0,$nlo,$nhi
-	depd,z	$nlo,59,4,$nlo
-
-	extrd,u	$Zhh,59,60,$Zhh
-	xor	$Tll,$Zll,$Zll
-
-	ldd	$rem($rem_4bit),$rem
-	addib,uv -1,$cnt,L\$oop_ghash_pa2
-	xor	$Thh,$Zhh,$Zhh
-
-	xor	$rem,$Zhh,$Zhh
-	depd,z	$Zll,60,4,$rem2
-
-	shrpd	$Zhh,$Zll,4,$Zll
-	extrd,u	$Zhh,59,60,$Zhh
-	ldd	$nlo($Hll),$Tll
-	ldd	$nlo($Hhh),$Thh
-
-	xor	$Tll,$Zll,$Zll
-	xor	$Thh,$Zhh,$Zhh
-
-	depd,z	$Zll,60,4,$rem
-	shrpd	$Zhh,$Zll,4,$Zll
-	ldd	$rem2($rem_4bit),$rem2
-
-	xor	$rem2,$Zhh,$Zhh
-	ldd	$nhi($Hll),$Tll
-	ldd	$nhi($Hhh),$Thh
-
-	extrd,u	$Zhh,59,60,$Zhh
-	xor	$Tll,$Zll,$Zll
-	xor	$Thh,$Zhh,$Zhh
-	ldd	$rem($rem_4bit),$rem
-
-	xor	$rem,$Zhh,$Zhh
-	std	$Zll,8($Xi)
-	ldo	16($inp),$inp
-	std	$Zhh,0($Xi)
-	cmpb,*<> $inp,$len,L\$outer_ghash_pa2
-	copy	$Zll,$nlo
-___
-
-$code.=<<___ if ($SIZE_T==4);
-	b	L\$done_ghash
-	nop
-
-L\$parisc1_ghash
-	ldb	15($Xi),$nlo
-	ldo	12($Htbl),$Hll
-	ldo	8($Htbl),$Hlh
-	ldo	4($Htbl),$Hhl
-
-L\$outer_ghash_pa1
-	ldb	15($inp),$byte
-	xor	$byte,$nlo,$nlo
-	and	$mask0xf0,$nlo,$nhi
-	zdep	$nlo,27,4,$nlo
-
-	ldwx	$nlo($Hll),$Zll
-	ldwx	$nlo($Hlh),$Zlh
-	ldwx	$nlo($Hhl),$Zhl
-	ldwx	$nlo($Hhh),$Zhh
-	zdep	$Zll,28,4,$rem
-	ldb	14($Xi),$nlo
-	ldb	14($inp),$byte
-	ldwx	$rem($rem_4bit),$rem
-	shrpw	$Zlh,$Zll,4,$Zll
-	ldwx	$nhi($Hll),$Tll
-	shrpw	$Zhl,$Zlh,4,$Zlh
-	ldwx	$nhi($Hlh),$Tlh
-	shrpw	$Zhh,$Zhl,4,$Zhl
-	ldwx	$nhi($Hhl),$Thl
-	extru	$Zhh,27,28,$Zhh
-	ldwx	$nhi($Hhh),$Thh
-	xor	$byte,$nlo,$nlo
-	xor	$rem,$Zhh,$Zhh
-	and	$mask0xf0,$nlo,$nhi
-	zdep	$nlo,27,4,$nlo
-
-	xor	$Tll,$Zll,$Zll
-	ldwx	$nlo($Hll),$Tll
-	xor	$Tlh,$Zlh,$Zlh
-	ldwx	$nlo($Hlh),$Tlh
-	xor	$Thl,$Zhl,$Zhl
-	b	L\$oop_ghash_pa1
-	ldi	13,$cnt
-
-	.ALIGN	8
-L\$oop_ghash_pa1
-	zdep	$Zll,28,4,$rem
-	ldwx	$nlo($Hhl),$Thl
-	xor	$Thh,$Zhh,$Zhh
-	ldwx	$rem($rem_4bit),$rem
-	shrpw	$Zlh,$Zll,4,$Zll
-	ldwx	$nlo($Hhh),$Thh
-	shrpw	$Zhl,$Zlh,4,$Zlh
-	ldbx	$cnt($Xi),$nlo
-	xor	$Tll,$Zll,$Zll
-	ldwx	$nhi($Hll),$Tll
-	shrpw	$Zhh,$Zhl,4,$Zhl
-	ldbx	$cnt($inp),$byte
-	xor	$Tlh,$Zlh,$Zlh
-	ldwx	$nhi($Hlh),$Tlh
-	extru	$Zhh,27,28,$Zhh
-	xor	$Thl,$Zhl,$Zhl
-	ldwx	$nhi($Hhl),$Thl
-	xor	$rem,$Zhh,$Zhh
-	zdep	$Zll,28,4,$rem
-	xor	$Thh,$Zhh,$Zhh
-	ldwx	$nhi($Hhh),$Thh
-	shrpw	$Zlh,$Zll,4,$Zll
-	ldwx	$rem($rem_4bit),$rem
-	shrpw	$Zhl,$Zlh,4,$Zlh
-	xor	$byte,$nlo,$nlo
-	shrpw	$Zhh,$Zhl,4,$Zhl
-	and	$mask0xf0,$nlo,$nhi
-	extru	$Zhh,27,28,$Zhh
-	zdep	$nlo,27,4,$nlo
-	xor	$Tll,$Zll,$Zll
-	ldwx	$nlo($Hll),$Tll
-	xor	$Tlh,$Zlh,$Zlh
-	ldwx	$nlo($Hlh),$Tlh
-	xor	$rem,$Zhh,$Zhh
-	addib,uv -1,$cnt,L\$oop_ghash_pa1
-	xor	$Thl,$Zhl,$Zhl
-
-	zdep	$Zll,28,4,$rem
-	ldwx	$nlo($Hhl),$Thl
-	xor	$Thh,$Zhh,$Zhh
-	ldwx	$rem($rem_4bit),$rem
-	shrpw	$Zlh,$Zll,4,$Zll
-	ldwx	$nlo($Hhh),$Thh
-	shrpw	$Zhl,$Zlh,4,$Zlh
-	xor	$Tll,$Zll,$Zll
-	ldwx	$nhi($Hll),$Tll
-	shrpw	$Zhh,$Zhl,4,$Zhl
-	xor	$Tlh,$Zlh,$Zlh
-	ldwx	$nhi($Hlh),$Tlh
-	extru	$Zhh,27,28,$Zhh
-	xor	$rem,$Zhh,$Zhh
-	xor	$Thl,$Zhl,$Zhl
-	ldwx	$nhi($Hhl),$Thl
-	xor	$Thh,$Zhh,$Zhh
-	ldwx	$nhi($Hhh),$Thh
-	zdep	$Zll,28,4,$rem
-	ldwx	$rem($rem_4bit),$rem
-	shrpw	$Zlh,$Zll,4,$Zll
-	shrpw	$Zhl,$Zlh,4,$Zlh
-	shrpw	$Zhh,$Zhl,4,$Zhl
-	extru	$Zhh,27,28,$Zhh
-	xor	$Tll,$Zll,$Zll
-	xor	$Tlh,$Zlh,$Zlh
-	xor	$rem,$Zhh,$Zhh
-	stw	$Zll,12($Xi)
-	xor	$Thl,$Zhl,$Zhl
-	stw	$Zlh,8($Xi)
-	xor	$Thh,$Zhh,$Zhh
-	stw	$Zhl,4($Xi)
-	ldo	16($inp),$inp
-	stw	$Zhh,0($Xi)
-	comb,<>	$inp,$len,L\$outer_ghash_pa1
-	copy	$Zll,$nlo
-___
-$code.=<<___;
-L\$done_ghash
-	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2		; standard epilogue
-	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
-	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
-	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
-___
-$code.=<<___ if ($SIZE_T==4);
-	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
-	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
-	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
-	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
-	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
-___
-$code.=<<___;
-	bv	(%r2)
-	.EXIT
-	$POPMB	-$FRAME(%sp),%r3
-	.PROCEND
-
-	.ALIGN	64
-L\$rem_4bit
-	.WORD	`0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`,0
-	.WORD	`0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`,0
-	.WORD	`0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`,0
-	.WORD	`0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`,0
-	.STRINGZ "GHASH for PA-RISC, GRYPTOGAMS by <appro\@openssl.org>"
-	.ALIGN	64
-___
-
-# Explicitly encode PA-RISC 2.0 instructions used in this module, so
-# that it can be compiled with .LEVEL 1.0. It should be noted that I
-# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0
-# directive...
-
-my $ldd = sub {
-  my ($mod,$args) = @_;
-  my $orig = "ldd$mod\t$args";
-
-    if ($args =~ /%r([0-9]+)\(%r([0-9]+)\),%r([0-9]+)/)		# format 4
-    {	my $opcode=(0x03<<26)|($2<<21)|($1<<16)|(3<<6)|$3;
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    elsif ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/)	# format 5
-    {	my $opcode=(0x03<<26)|($2<<21)|(1<<12)|(3<<6)|$3;
-	$opcode|=(($1&0xF)<<17)|(($1&0x10)<<12);		# encode offset
-	$opcode|=(1<<5)  if ($mod =~ /^,m/);
-	$opcode|=(1<<13) if ($mod =~ /^,mb/);
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-my $std = sub {
-  my ($mod,$args) = @_;
-  my $orig = "std$mod\t$args";
-
-    if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 3 suffices
-    {	my $opcode=(0x1c<<26)|($3<<21)|($1<<16)|(($2&0x1FF8)<<1)|(($2>>13)&1);
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-my $extrd = sub {
-  my ($mod,$args) = @_;
-  my $orig = "extrd$mod\t$args";
-
-    # I only have ",u" completer, it's implicitly encoded...
-    if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 15
-    {	my $opcode=(0x36<<26)|($1<<21)|($4<<16);
-	my $len=32-$3;
-	$opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5);		# encode pos
-	$opcode |= (($len&0x20)<<7)|($len&0x1f);		# encode len
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/)	# format 12
-    {	my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9);
-	my $len=32-$2;
-	$opcode |= (($len&0x20)<<3)|($len&0x1f);		# encode len
-	$opcode |= (1<<13) if ($mod =~ /,\**=/);
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-my $shrpd = sub {
-  my ($mod,$args) = @_;
-  my $orig = "shrpd$mod\t$args";
-
-    if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/)	# format 14
-    {	my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4;
-	my $cpos=63-$3;
-	$opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5);		# encode sa
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    elsif ($args =~ /%r([0-9]+),%r([0-9]+),%sar,%r([0-9]+)/)	# format 11
-    {	sprintf "\t.WORD\t0x%08x\t; %s",
-		(0x34<<26)|($2<<21)|($1<<16)|(1<<9)|$3,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-my $depd = sub {
-  my ($mod,$args) = @_;
-  my $orig = "depd$mod\t$args";
-
-    # I only have ",z" completer, it's impicitly encoded...
-    if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 16
-    {	my $opcode=(0x3c<<26)|($4<<21)|($1<<16);
-    	my $cpos=63-$2;
-	my $len=32-$3;
-	$opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5);		# encode pos
-	$opcode |= (($len&0x20)<<7)|($len&0x1f);		# encode len
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-sub assemble {
-  my ($mnemonic,$mod,$args)=@_;
-  my $opcode = eval("\$$mnemonic");
-
-    ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
-}
-
-foreach (split("\n",$code)) {
-	s/\`([^\`]*)\`/eval $1/ge;
-	if ($SIZE_T==4) {
-		s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e;
-		s/cmpb,\*/comb,/;
-		s/,\*/,/;
-	}
-	s/\bbv\b/bve/	if ($SIZE_T==8);
-	print $_,"\n";
-}
-
-close STDOUT;
diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl
deleted file mode 100644
index 6a40d5d89c..0000000000
--- a/crypto/modes/asm/ghash-s390x.pl
+++ /dev/null
@@ -1,262 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# September 2010.
-#
-# The module implements "4-bit" GCM GHASH function and underlying
-# single multiplication operation in GF(2^128). "4-bit" means that it
-# uses 256 bytes per-key table [+128 bytes shared table]. Performance
-# was measured to be ~18 cycles per processed byte on z10, which is
-# almost 40% better than gcc-generated code. It should be noted that
-# 18 cycles is worse result than expected: loop is scheduled for 12
-# and the result should be close to 12. In the lack of instruction-
-# level profiling data it's impossible to tell why...
-
-# November 2010.
-#
-# Adapt for -m31 build. If kernel supports what's called "highgprs"
-# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
-# instructions and achieve "64-bit" performance even in 31-bit legacy
-# application context. The feature is not specific to any particular
-# processor, as long as it's "z-CPU". Latter implies that the code
-# remains z/Architecture specific. On z990 it was measured to perform
-# 2.8x better than 32-bit code generated by gcc 4.3.
-
-# March 2011.
-#
-# Support for hardware KIMD-GHASH is verified to produce correct
-# result and therefore is engaged. On z196 it was measured to process
-# 8KB buffer ~7 faster than software implementation. It's not as
-# impressive for smaller buffer sizes and for smallest 16-bytes buffer
-# it's actually almost 2 times slower. Which is the reason why
-# KIMD-GHASH is not used in gcm_gmult_4bit.
-
-$flavour = shift;
-
-if ($flavour =~ /3[12]/) {
-	$SIZE_T=4;
-	$g="";
-} else {
-	$SIZE_T=8;
-	$g="g";
-}
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$softonly=0;
-
-$Zhi="%r0";
-$Zlo="%r1";
-
-$Xi="%r2";	# argument block
-$Htbl="%r3";
-$inp="%r4";
-$len="%r5";
-
-$rem0="%r6";	# variables
-$rem1="%r7";
-$nlo="%r8";
-$nhi="%r9";
-$xi="%r10";
-$cnt="%r11";
-$tmp="%r12";
-$x78="%r13";
-$rem_4bit="%r14";
-
-$sp="%r15";
-
-$code.=<<___;
-.text
-
-.globl	gcm_gmult_4bit
-.align	32
-gcm_gmult_4bit:
-___
-$code.=<<___ if(!$softonly && 0);	# hardware is slow for single block...
-	larl	%r1,OPENSSL_s390xcap_P
-	lg	%r0,0(%r1)
-	tmhl	%r0,0x4000	# check for message-security-assist
-	jz	.Lsoft_gmult
-	lghi	%r0,0
-	la	%r1,16($sp)
-	.long	0xb93e0004	# kimd %r0,%r4
-	lg	%r1,24($sp)
-	tmhh	%r1,0x4000	# check for function 65
-	jz	.Lsoft_gmult
-	stg	%r0,16($sp)	# arrange 16 bytes of zero input
-	stg	%r0,24($sp)
-	lghi	%r0,65		# function 65
-	la	%r1,0($Xi)	# H lies right after Xi in gcm128_context
-	la	$inp,16($sp)
-	lghi	$len,16
-	.long	0xb93e0004	# kimd %r0,$inp
-	brc	1,.-4		# pay attention to "partial completion"
-	br	%r14
-.align	32
-.Lsoft_gmult:
-___
-$code.=<<___;
-	stm${g}	%r6,%r14,6*$SIZE_T($sp)
-
-	aghi	$Xi,-1
-	lghi	$len,1
-	lghi	$x78,`0xf<<3`
-	larl	$rem_4bit,rem_4bit
-
-	lg	$Zlo,8+1($Xi)		# Xi
-	j	.Lgmult_shortcut
-.type	gcm_gmult_4bit,\@function
-.size	gcm_gmult_4bit,(.-gcm_gmult_4bit)
-
-.globl	gcm_ghash_4bit
-.align	32
-gcm_ghash_4bit:
-___
-$code.=<<___ if(!$softonly);
-	larl	%r1,OPENSSL_s390xcap_P
-	lg	%r0,0(%r1)
-	tmhl	%r0,0x4000	# check for message-security-assist
-	jz	.Lsoft_ghash
-	lghi	%r0,0
-	la	%r1,16($sp)
-	.long	0xb93e0004	# kimd %r0,%r4
-	lg	%r1,24($sp)
-	tmhh	%r1,0x4000	# check for function 65
-	jz	.Lsoft_ghash
-	lghi	%r0,65		# function 65
-	la	%r1,0($Xi)	# H lies right after Xi in gcm128_context
-	.long	0xb93e0004	# kimd %r0,$inp
-	brc	1,.-4		# pay attention to "partial completion"
-	br	%r14
-.align	32
-.Lsoft_ghash:
-___
-$code.=<<___ if ($flavour =~ /3[12]/);
-	llgfr	$len,$len
-___
-$code.=<<___;
-	stm${g}	%r6,%r14,6*$SIZE_T($sp)
-
-	aghi	$Xi,-1
-	srlg	$len,$len,4
-	lghi	$x78,`0xf<<3`
-	larl	$rem_4bit,rem_4bit
-
-	lg	$Zlo,8+1($Xi)		# Xi
-	lg	$Zhi,0+1($Xi)
-	lghi	$tmp,0
-.Louter:
-	xg	$Zhi,0($inp)		# Xi ^= inp 
-	xg	$Zlo,8($inp)
-	xgr	$Zhi,$tmp
-	stg	$Zlo,8+1($Xi)
-	stg	$Zhi,0+1($Xi)
-
-.Lgmult_shortcut:
-	lghi	$tmp,0xf0
-	sllg	$nlo,$Zlo,4
-	srlg	$xi,$Zlo,8		# extract second byte
-	ngr	$nlo,$tmp
-	lgr	$nhi,$Zlo
-	lghi	$cnt,14
-	ngr	$nhi,$tmp
-
-	lg	$Zlo,8($nlo,$Htbl)
-	lg	$Zhi,0($nlo,$Htbl)
-
-	sllg	$nlo,$xi,4
-	sllg	$rem0,$Zlo,3
-	ngr	$nlo,$tmp
-	ngr	$rem0,$x78
-	ngr	$xi,$tmp
-
-	sllg	$tmp,$Zhi,60
-	srlg	$Zlo,$Zlo,4
-	srlg	$Zhi,$Zhi,4
-	xg	$Zlo,8($nhi,$Htbl)
-	xg	$Zhi,0($nhi,$Htbl)
-	lgr	$nhi,$xi
-	sllg	$rem1,$Zlo,3
-	xgr	$Zlo,$tmp
-	ngr	$rem1,$x78
-	j	.Lghash_inner
-.align	16
-.Lghash_inner:
-	srlg	$Zlo,$Zlo,4
-	sllg	$tmp,$Zhi,60
-	xg	$Zlo,8($nlo,$Htbl)
-	srlg	$Zhi,$Zhi,4
-	llgc	$xi,0($cnt,$Xi)
-	xg	$Zhi,0($nlo,$Htbl)
-	sllg	$nlo,$xi,4
-	xg	$Zhi,0($rem0,$rem_4bit)
-	nill	$nlo,0xf0
-	sllg	$rem0,$Zlo,3
-	xgr	$Zlo,$tmp
-	ngr	$rem0,$x78
-	nill	$xi,0xf0
-
-	sllg	$tmp,$Zhi,60
-	srlg	$Zlo,$Zlo,4
-	srlg	$Zhi,$Zhi,4
-	xg	$Zlo,8($nhi,$Htbl)
-	xg	$Zhi,0($nhi,$Htbl)
-	lgr	$nhi,$xi
-	xg	$Zhi,0($rem1,$rem_4bit)
-	sllg	$rem1,$Zlo,3
-	xgr	$Zlo,$tmp
-	ngr	$rem1,$x78
-	brct	$cnt,.Lghash_inner
-
-	sllg	$tmp,$Zhi,60
-	srlg	$Zlo,$Zlo,4
-	srlg	$Zhi,$Zhi,4
-	xg	$Zlo,8($nlo,$Htbl)
-	xg	$Zhi,0($nlo,$Htbl)
-	sllg	$xi,$Zlo,3
-	xg	$Zhi,0($rem0,$rem_4bit)
-	xgr	$Zlo,$tmp
-	ngr	$xi,$x78
-
-	sllg	$tmp,$Zhi,60
-	srlg	$Zlo,$Zlo,4
-	srlg	$Zhi,$Zhi,4
-	xg	$Zlo,8($nhi,$Htbl)
-	xg	$Zhi,0($nhi,$Htbl)
-	xgr	$Zlo,$tmp
-	xg	$Zhi,0($rem1,$rem_4bit)
-
-	lg	$tmp,0($xi,$rem_4bit)
-	la	$inp,16($inp)
-	sllg	$tmp,$tmp,4		# correct last rem_4bit[rem]
-	brctg	$len,.Louter
-
-	xgr	$Zhi,$tmp
-	stg	$Zlo,8+1($Xi)
-	stg	$Zhi,0+1($Xi)
-	lm${g}	%r6,%r14,6*$SIZE_T($sp)
-	br	%r14
-.type	gcm_ghash_4bit,\@function
-.size	gcm_ghash_4bit,(.-gcm_ghash_4bit)
-
-.align	64
-rem_4bit:
-	.long	`0x0000<<12`,0,`0x1C20<<12`,0,`0x3840<<12`,0,`0x2460<<12`,0
-	.long	`0x7080<<12`,0,`0x6CA0<<12`,0,`0x48C0<<12`,0,`0x54E0<<12`,0
-	.long	`0xE100<<12`,0,`0xFD20<<12`,0,`0xD940<<12`,0,`0xC560<<12`,0
-	.long	`0x9180<<12`,0,`0x8DA0<<12`,0,`0xA9C0<<12`,0,`0xB5E0<<12`,0
-.type	rem_4bit,\@object
-.size	rem_4bit,(.-rem_4bit)
-.string	"GHASH for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl
deleted file mode 100644
index 70e7b044a3..0000000000
--- a/crypto/modes/asm/ghash-sparcv9.pl
+++ /dev/null
@@ -1,330 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# March 2010
-#
-# The module implements "4-bit" GCM GHASH function and underlying
-# single multiplication operation in GF(2^128). "4-bit" means that it
-# uses 256 bytes per-key table [+128 bytes shared table]. Performance
-# results are for streamed GHASH subroutine on UltraSPARC pre-Tx CPU
-# and are expressed in cycles per processed byte, less is better:
-#
-#		gcc 3.3.x	cc 5.2		this assembler
-#
-# 32-bit build	81.4		43.3		12.6	(+546%/+244%)
-# 64-bit build	20.2		21.2		12.6	(+60%/+68%)
-#
-# Here is data collected on UltraSPARC T1 system running Linux:
-#
-#		gcc 4.4.1			this assembler
-#
-# 32-bit build	566				50	(+1000%)
-# 64-bit build	56				50	(+12%)
-#
-# I don't quite understand why difference between 32-bit and 64-bit
-# compiler-generated code is so big. Compilers *were* instructed to
-# generate code for UltraSPARC and should have used 64-bit registers
-# for Z vector (see C code) even in 32-bit build... Oh well, it only
-# means more impressive improvement coefficients for this assembler
-# module;-) Loops are aggressively modulo-scheduled in respect to
-# references to input data and Z.hi updates to achieve 12 cycles
-# timing. To anchor to something else, sha1-sparcv9.pl spends 11.6
-# cycles to process one byte on UltraSPARC pre-Tx CPU and ~24 on T1.
-
-$bits=32;
-for (@ARGV)     { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
-if ($bits==64)  { $bias=2047; $frame=192; }
-else            { $bias=0;    $frame=112; }
-
-$output=shift;
-open STDOUT,">$output";
-
-$Zhi="%o0";	# 64-bit values
-$Zlo="%o1";
-$Thi="%o2";
-$Tlo="%o3";
-$rem="%o4";
-$tmp="%o5";
-
-$nhi="%l0";	# small values and pointers
-$nlo="%l1";
-$xi0="%l2";
-$xi1="%l3";
-$rem_4bit="%l4";
-$remi="%l5";
-$Htblo="%l6";
-$cnt="%l7";
-
-$Xi="%i0";	# input argument block
-$Htbl="%i1";
-$inp="%i2";
-$len="%i3";
-
-$code.=<<___;
-.section	".text",#alloc,#execinstr
-
-.align	64
-rem_4bit:
-	.long	`0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`,0
-	.long	`0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`,0
-	.long	`0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`,0
-	.long	`0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`,0
-.type	rem_4bit,#object
-.size	rem_4bit,(.-rem_4bit)
-
-.globl	gcm_ghash_4bit
-.align	32
-gcm_ghash_4bit:
-	save	%sp,-$frame,%sp
-	ldub	[$inp+15],$nlo
-	ldub	[$Xi+15],$xi0
-	ldub	[$Xi+14],$xi1
-	add	$len,$inp,$len
-	add	$Htbl,8,$Htblo
-
-1:	call	.+8
-	add	%o7,rem_4bit-1b,$rem_4bit
-
-.Louter:
-	xor	$xi0,$nlo,$nlo
-	and	$nlo,0xf0,$nhi
-	and	$nlo,0x0f,$nlo
-	sll	$nlo,4,$nlo
-	ldx	[$Htblo+$nlo],$Zlo
-	ldx	[$Htbl+$nlo],$Zhi
-
-	ldub	[$inp+14],$nlo
-
-	ldx	[$Htblo+$nhi],$Tlo
-	and	$Zlo,0xf,$remi
-	ldx	[$Htbl+$nhi],$Thi
-	sll	$remi,3,$remi
-	ldx	[$rem_4bit+$remi],$rem
-	srlx	$Zlo,4,$Zlo
-	mov	13,$cnt
-	sllx	$Zhi,60,$tmp
-	xor	$Tlo,$Zlo,$Zlo
-	srlx	$Zhi,4,$Zhi
-	xor	$Zlo,$tmp,$Zlo
-
-	xor	$xi1,$nlo,$nlo
-	and	$Zlo,0xf,$remi
-	and	$nlo,0xf0,$nhi
-	and	$nlo,0x0f,$nlo
-	ba	.Lghash_inner
-	sll	$nlo,4,$nlo
-.align	32
-.Lghash_inner:
-	ldx	[$Htblo+$nlo],$Tlo
-	sll	$remi,3,$remi
-	xor	$Thi,$Zhi,$Zhi
-	ldx	[$Htbl+$nlo],$Thi
-	srlx	$Zlo,4,$Zlo
-	xor	$rem,$Zhi,$Zhi
-	ldx	[$rem_4bit+$remi],$rem
-	sllx	$Zhi,60,$tmp
-	xor	$Tlo,$Zlo,$Zlo
-	ldub	[$inp+$cnt],$nlo
-	srlx	$Zhi,4,$Zhi
-	xor	$Zlo,$tmp,$Zlo
-	ldub	[$Xi+$cnt],$xi1
-	xor	$Thi,$Zhi,$Zhi
-	and	$Zlo,0xf,$remi
-
-	ldx	[$Htblo+$nhi],$Tlo
-	sll	$remi,3,$remi
-	xor	$rem,$Zhi,$Zhi
-	ldx	[$Htbl+$nhi],$Thi
-	srlx	$Zlo,4,$Zlo
-	ldx	[$rem_4bit+$remi],$rem
-	sllx	$Zhi,60,$tmp
-	xor	$xi1,$nlo,$nlo
-	srlx	$Zhi,4,$Zhi
-	and	$nlo,0xf0,$nhi
-	addcc	$cnt,-1,$cnt
-	xor	$Zlo,$tmp,$Zlo
-	and	$nlo,0x0f,$nlo
-	xor	$Tlo,$Zlo,$Zlo
-	sll	$nlo,4,$nlo
-	blu	.Lghash_inner
-	and	$Zlo,0xf,$remi
-
-	ldx	[$Htblo+$nlo],$Tlo
-	sll	$remi,3,$remi
-	xor	$Thi,$Zhi,$Zhi
-	ldx	[$Htbl+$nlo],$Thi
-	srlx	$Zlo,4,$Zlo
-	xor	$rem,$Zhi,$Zhi
-	ldx	[$rem_4bit+$remi],$rem
-	sllx	$Zhi,60,$tmp
-	xor	$Tlo,$Zlo,$Zlo
-	srlx	$Zhi,4,$Zhi
-	xor	$Zlo,$tmp,$Zlo
-	xor	$Thi,$Zhi,$Zhi
-
-	add	$inp,16,$inp
-	cmp	$inp,$len
-	be,pn	`$bits==64?"%xcc":"%icc"`,.Ldone
-	and	$Zlo,0xf,$remi
-
-	ldx	[$Htblo+$nhi],$Tlo
-	sll	$remi,3,$remi
-	xor	$rem,$Zhi,$Zhi
-	ldx	[$Htbl+$nhi],$Thi
-	srlx	$Zlo,4,$Zlo
-	ldx	[$rem_4bit+$remi],$rem
-	sllx	$Zhi,60,$tmp
-	xor	$Tlo,$Zlo,$Zlo
-	ldub	[$inp+15],$nlo
-	srlx	$Zhi,4,$Zhi
-	xor	$Zlo,$tmp,$Zlo
-	xor	$Thi,$Zhi,$Zhi
-	stx	$Zlo,[$Xi+8]
-	xor	$rem,$Zhi,$Zhi
-	stx	$Zhi,[$Xi]
-	srl	$Zlo,8,$xi1
-	and	$Zlo,0xff,$xi0
-	ba	.Louter
-	and	$xi1,0xff,$xi1
-.align	32
-.Ldone:
-	ldx	[$Htblo+$nhi],$Tlo
-	sll	$remi,3,$remi
-	xor	$rem,$Zhi,$Zhi
-	ldx	[$Htbl+$nhi],$Thi
-	srlx	$Zlo,4,$Zlo
-	ldx	[$rem_4bit+$remi],$rem
-	sllx	$Zhi,60,$tmp
-	xor	$Tlo,$Zlo,$Zlo
-	srlx	$Zhi,4,$Zhi
-	xor	$Zlo,$tmp,$Zlo
-	xor	$Thi,$Zhi,$Zhi
-	stx	$Zlo,[$Xi+8]
-	xor	$rem,$Zhi,$Zhi
-	stx	$Zhi,[$Xi]
-
-	ret
-	restore
-.type	gcm_ghash_4bit,#function
-.size	gcm_ghash_4bit,(.-gcm_ghash_4bit)
-___
-
-undef $inp;
-undef $len;
-
-$code.=<<___;
-.globl	gcm_gmult_4bit
-.align	32
-gcm_gmult_4bit:
-	save	%sp,-$frame,%sp
-	ldub	[$Xi+15],$nlo
-	add	$Htbl,8,$Htblo
-
-1:	call	.+8
-	add	%o7,rem_4bit-1b,$rem_4bit
-
-	and	$nlo,0xf0,$nhi
-	and	$nlo,0x0f,$nlo
-	sll	$nlo,4,$nlo
-	ldx	[$Htblo+$nlo],$Zlo
-	ldx	[$Htbl+$nlo],$Zhi
-
-	ldub	[$Xi+14],$nlo
-
-	ldx	[$Htblo+$nhi],$Tlo
-	and	$Zlo,0xf,$remi
-	ldx	[$Htbl+$nhi],$Thi
-	sll	$remi,3,$remi
-	ldx	[$rem_4bit+$remi],$rem
-	srlx	$Zlo,4,$Zlo
-	mov	13,$cnt
-	sllx	$Zhi,60,$tmp
-	xor	$Tlo,$Zlo,$Zlo
-	srlx	$Zhi,4,$Zhi
-	xor	$Zlo,$tmp,$Zlo
-
-	and	$Zlo,0xf,$remi
-	and	$nlo,0xf0,$nhi
-	and	$nlo,0x0f,$nlo
-	ba	.Lgmult_inner
-	sll	$nlo,4,$nlo
-.align	32
-.Lgmult_inner:
-	ldx	[$Htblo+$nlo],$Tlo
-	sll	$remi,3,$remi
-	xor	$Thi,$Zhi,$Zhi
-	ldx	[$Htbl+$nlo],$Thi
-	srlx	$Zlo,4,$Zlo
-	xor	$rem,$Zhi,$Zhi
-	ldx	[$rem_4bit+$remi],$rem
-	sllx	$Zhi,60,$tmp
-	xor	$Tlo,$Zlo,$Zlo
-	ldub	[$Xi+$cnt],$nlo
-	srlx	$Zhi,4,$Zhi
-	xor	$Zlo,$tmp,$Zlo
-	xor	$Thi,$Zhi,$Zhi
-	and	$Zlo,0xf,$remi
-
-	ldx	[$Htblo+$nhi],$Tlo
-	sll	$remi,3,$remi
-	xor	$rem,$Zhi,$Zhi
-	ldx	[$Htbl+$nhi],$Thi
-	srlx	$Zlo,4,$Zlo
-	ldx	[$rem_4bit+$remi],$rem
-	sllx	$Zhi,60,$tmp
-	srlx	$Zhi,4,$Zhi
-	and	$nlo,0xf0,$nhi
-	addcc	$cnt,-1,$cnt
-	xor	$Zlo,$tmp,$Zlo
-	and	$nlo,0x0f,$nlo
-	xor	$Tlo,$Zlo,$Zlo
-	sll	$nlo,4,$nlo
-	blu	.Lgmult_inner
-	and	$Zlo,0xf,$remi
-
-	ldx	[$Htblo+$nlo],$Tlo
-	sll	$remi,3,$remi
-	xor	$Thi,$Zhi,$Zhi
-	ldx	[$Htbl+$nlo],$Thi
-	srlx	$Zlo,4,$Zlo
-	xor	$rem,$Zhi,$Zhi
-	ldx	[$rem_4bit+$remi],$rem
-	sllx	$Zhi,60,$tmp
-	xor	$Tlo,$Zlo,$Zlo
-	srlx	$Zhi,4,$Zhi
-	xor	$Zlo,$tmp,$Zlo
-	xor	$Thi,$Zhi,$Zhi
-	and	$Zlo,0xf,$remi
-
-	ldx	[$Htblo+$nhi],$Tlo
-	sll	$remi,3,$remi
-	xor	$rem,$Zhi,$Zhi
-	ldx	[$Htbl+$nhi],$Thi
-	srlx	$Zlo,4,$Zlo
-	ldx	[$rem_4bit+$remi],$rem
-	sllx	$Zhi,60,$tmp
-	xor	$Tlo,$Zlo,$Zlo
-	srlx	$Zhi,4,$Zhi
-	xor	$Zlo,$tmp,$Zlo
-	xor	$Thi,$Zhi,$Zhi
-	stx	$Zlo,[$Xi+8]
-	xor	$rem,$Zhi,$Zhi
-	stx	$Zhi,[$Xi]
-
-	ret
-	restore
-.type	gcm_gmult_4bit,#function
-.size	gcm_gmult_4bit,(.-gcm_gmult_4bit)
-.asciz	"GHASH for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
-.align	4
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/modes/asm/ghash-x86.S b/crypto/modes/asm/ghash-x86.S
deleted file mode 100644
index 50473201ee..0000000000
--- a/crypto/modes/asm/ghash-x86.S
+++ /dev/null
@@ -1,1269 +0,0 @@
-.file	"ghash-x86.s"
-.text
-.globl	gcm_gmult_4bit_x86
-.type	gcm_gmult_4bit_x86,@function
-.align	16
-gcm_gmult_4bit_x86:
-.L_gcm_gmult_4bit_x86_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	subl	$84,%esp
-	movl	104(%esp),%edi
-	movl	108(%esp),%esi
-	movl	(%edi),%ebp
-	movl	4(%edi),%edx
-	movl	8(%edi),%ecx
-	movl	12(%edi),%ebx
-	movl	$0,16(%esp)
-	movl	$471859200,20(%esp)
-	movl	$943718400,24(%esp)
-	movl	$610271232,28(%esp)
-	movl	$1887436800,32(%esp)
-	movl	$1822425088,36(%esp)
-	movl	$1220542464,40(%esp)
-	movl	$1423966208,44(%esp)
-	movl	$3774873600,48(%esp)
-	movl	$4246732800,52(%esp)
-	movl	$3644850176,56(%esp)
-	movl	$3311403008,60(%esp)
-	movl	$2441084928,64(%esp)
-	movl	$2376073216,68(%esp)
-	movl	$2847932416,72(%esp)
-	movl	$3051356160,76(%esp)
-	movl	%ebp,(%esp)
-	movl	%edx,4(%esp)
-	movl	%ecx,8(%esp)
-	movl	%ebx,12(%esp)
-	shrl	$20,%ebx
-	andl	$240,%ebx
-	movl	4(%esi,%ebx,1),%ebp
-	movl	(%esi,%ebx,1),%edx
-	movl	12(%esi,%ebx,1),%ecx
-	movl	8(%esi,%ebx,1),%ebx
-	xorl	%eax,%eax
-	movl	$15,%edi
-	jmp	.L000x86_loop
-.align	16
-.L000x86_loop:
-	movb	%bl,%al
-	shrdl	$4,%ecx,%ebx
-	andb	$15,%al
-	shrdl	$4,%edx,%ecx
-	shrdl	$4,%ebp,%edx
-	shrl	$4,%ebp
-	xorl	16(%esp,%eax,4),%ebp
-	movb	(%esp,%edi,1),%al
-	andb	$240,%al
-	xorl	8(%esi,%eax,1),%ebx
-	xorl	12(%esi,%eax,1),%ecx
-	xorl	(%esi,%eax,1),%edx
-	xorl	4(%esi,%eax,1),%ebp
-	decl	%edi
-	js	.L001x86_break
-	movb	%bl,%al
-	shrdl	$4,%ecx,%ebx
-	andb	$15,%al
-	shrdl	$4,%edx,%ecx
-	shrdl	$4,%ebp,%edx
-	shrl	$4,%ebp
-	xorl	16(%esp,%eax,4),%ebp
-	movb	(%esp,%edi,1),%al
-	shlb	$4,%al
-	xorl	8(%esi,%eax,1),%ebx
-	xorl	12(%esi,%eax,1),%ecx
-	xorl	(%esi,%eax,1),%edx
-	xorl	4(%esi,%eax,1),%ebp
-	jmp	.L000x86_loop
-.align	16
-.L001x86_break:
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	bswap	%ebp
-	movl	104(%esp),%edi
-	movl	%ebx,12(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,4(%edi)
-	movl	%ebp,(%edi)
-	addl	$84,%esp
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	gcm_gmult_4bit_x86,.-.L_gcm_gmult_4bit_x86_begin
-.globl	gcm_ghash_4bit_x86
-.type	gcm_ghash_4bit_x86,@function
-.align	16
-gcm_ghash_4bit_x86:
-.L_gcm_ghash_4bit_x86_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	subl	$84,%esp
-	movl	104(%esp),%ebx
-	movl	108(%esp),%esi
-	movl	112(%esp),%edi
-	movl	116(%esp),%ecx
-	addl	%edi,%ecx
-	movl	%ecx,116(%esp)
-	movl	(%ebx),%ebp
-	movl	4(%ebx),%edx
-	movl	8(%ebx),%ecx
-	movl	12(%ebx),%ebx
-	movl	$0,16(%esp)
-	movl	$471859200,20(%esp)
-	movl	$943718400,24(%esp)
-	movl	$610271232,28(%esp)
-	movl	$1887436800,32(%esp)
-	movl	$1822425088,36(%esp)
-	movl	$1220542464,40(%esp)
-	movl	$1423966208,44(%esp)
-	movl	$3774873600,48(%esp)
-	movl	$4246732800,52(%esp)
-	movl	$3644850176,56(%esp)
-	movl	$3311403008,60(%esp)
-	movl	$2441084928,64(%esp)
-	movl	$2376073216,68(%esp)
-	movl	$2847932416,72(%esp)
-	movl	$3051356160,76(%esp)
-.align	16
-.L002x86_outer_loop:
-	xorl	12(%edi),%ebx
-	xorl	8(%edi),%ecx
-	xorl	4(%edi),%edx
-	xorl	(%edi),%ebp
-	movl	%ebx,12(%esp)
-	movl	%ecx,8(%esp)
-	movl	%edx,4(%esp)
-	movl	%ebp,(%esp)
-	shrl	$20,%ebx
-	andl	$240,%ebx
-	movl	4(%esi,%ebx,1),%ebp
-	movl	(%esi,%ebx,1),%edx
-	movl	12(%esi,%ebx,1),%ecx
-	movl	8(%esi,%ebx,1),%ebx
-	xorl	%eax,%eax
-	movl	$15,%edi
-	jmp	.L003x86_loop
-.align	16
-.L003x86_loop:
-	movb	%bl,%al
-	shrdl	$4,%ecx,%ebx
-	andb	$15,%al
-	shrdl	$4,%edx,%ecx
-	shrdl	$4,%ebp,%edx
-	shrl	$4,%ebp
-	xorl	16(%esp,%eax,4),%ebp
-	movb	(%esp,%edi,1),%al
-	andb	$240,%al
-	xorl	8(%esi,%eax,1),%ebx
-	xorl	12(%esi,%eax,1),%ecx
-	xorl	(%esi,%eax,1),%edx
-	xorl	4(%esi,%eax,1),%ebp
-	decl	%edi
-	js	.L004x86_break
-	movb	%bl,%al
-	shrdl	$4,%ecx,%ebx
-	andb	$15,%al
-	shrdl	$4,%edx,%ecx
-	shrdl	$4,%ebp,%edx
-	shrl	$4,%ebp
-	xorl	16(%esp,%eax,4),%ebp
-	movb	(%esp,%edi,1),%al
-	shlb	$4,%al
-	xorl	8(%esi,%eax,1),%ebx
-	xorl	12(%esi,%eax,1),%ecx
-	xorl	(%esi,%eax,1),%edx
-	xorl	4(%esi,%eax,1),%ebp
-	jmp	.L003x86_loop
-.align	16
-.L004x86_break:
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	bswap	%ebp
-	movl	112(%esp),%edi
-	leal	16(%edi),%edi
-	cmpl	116(%esp),%edi
-	movl	%edi,112(%esp)
-	jb	.L002x86_outer_loop
-	movl	104(%esp),%edi
-	movl	%ebx,12(%edi)
-	movl	%ecx,8(%edi)
-	movl	%edx,4(%edi)
-	movl	%ebp,(%edi)
-	addl	$84,%esp
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	gcm_ghash_4bit_x86,.-.L_gcm_ghash_4bit_x86_begin
-.globl	gcm_gmult_4bit_mmx
-.type	gcm_gmult_4bit_mmx,@function
-.align	16
-gcm_gmult_4bit_mmx:
-.L_gcm_gmult_4bit_mmx_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%edi
-	movl	24(%esp),%esi
-	call	.L005pic_point
-.L005pic_point:
-	popl	%eax
-	leal	.Lrem_4bit-.L005pic_point(%eax),%eax
-	movzbl	15(%edi),%ebx
-	xorl	%ecx,%ecx
-	movl	%ebx,%edx
-	movb	%dl,%cl
-	movl	$14,%ebp
-	shlb	$4,%cl
-	andl	$240,%edx
-	movq	8(%esi,%ecx,1),%mm0
-	movq	(%esi,%ecx,1),%mm1
-	movd	%mm0,%ebx
-	jmp	.L006mmx_loop
-.align	16
-.L006mmx_loop:
-	psrlq	$4,%mm0
-	andl	$15,%ebx
-	movq	%mm1,%mm2
-	psrlq	$4,%mm1
-	pxor	8(%esi,%edx,1),%mm0
-	movb	(%edi,%ebp,1),%cl
-	psllq	$60,%mm2
-	pxor	(%eax,%ebx,8),%mm1
-	decl	%ebp
-	movd	%mm0,%ebx
-	pxor	(%esi,%edx,1),%mm1
-	movl	%ecx,%edx
-	pxor	%mm2,%mm0
-	js	.L007mmx_break
-	shlb	$4,%cl
-	andl	$15,%ebx
-	psrlq	$4,%mm0
-	andl	$240,%edx
-	movq	%mm1,%mm2
-	psrlq	$4,%mm1
-	pxor	8(%esi,%ecx,1),%mm0
-	psllq	$60,%mm2
-	pxor	(%eax,%ebx,8),%mm1
-	movd	%mm0,%ebx
-	pxor	(%esi,%ecx,1),%mm1
-	pxor	%mm2,%mm0
-	jmp	.L006mmx_loop
-.align	16
-.L007mmx_break:
-	shlb	$4,%cl
-	andl	$15,%ebx
-	psrlq	$4,%mm0
-	andl	$240,%edx
-	movq	%mm1,%mm2
-	psrlq	$4,%mm1
-	pxor	8(%esi,%ecx,1),%mm0
-	psllq	$60,%mm2
-	pxor	(%eax,%ebx,8),%mm1
-	movd	%mm0,%ebx
-	pxor	(%esi,%ecx,1),%mm1
-	pxor	%mm2,%mm0
-	psrlq	$4,%mm0
-	andl	$15,%ebx
-	movq	%mm1,%mm2
-	psrlq	$4,%mm1
-	pxor	8(%esi,%edx,1),%mm0
-	psllq	$60,%mm2
-	pxor	(%eax,%ebx,8),%mm1
-	movd	%mm0,%ebx
-	pxor	(%esi,%edx,1),%mm1
-	pxor	%mm2,%mm0
-	psrlq	$32,%mm0
-	movd	%mm1,%edx
-	psrlq	$32,%mm1
-	movd	%mm0,%ecx
-	movd	%mm1,%ebp
-	bswap	%ebx
-	bswap	%edx
-	bswap	%ecx
-	bswap	%ebp
-	emms
-	movl	%ebx,12(%edi)
-	movl	%edx,4(%edi)
-	movl	%ecx,8(%edi)
-	movl	%ebp,(%edi)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	gcm_gmult_4bit_mmx,.-.L_gcm_gmult_4bit_mmx_begin
-.globl	gcm_ghash_4bit_mmx
-.type	gcm_ghash_4bit_mmx,@function
-.align	16
-gcm_ghash_4bit_mmx:
-.L_gcm_ghash_4bit_mmx_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%eax
-	movl	24(%esp),%ebx
-	movl	28(%esp),%ecx
-	movl	32(%esp),%edx
-	movl	%esp,%ebp
-	call	.L008pic_point
-.L008pic_point:
-	popl	%esi
-	leal	.Lrem_8bit-.L008pic_point(%esi),%esi
-	subl	$544,%esp
-	andl	$-64,%esp
-	subl	$16,%esp
-	addl	%ecx,%edx
-	movl	%eax,544(%esp)
-	movl	%edx,552(%esp)
-	movl	%ebp,556(%esp)
-	addl	$128,%ebx
-	leal	144(%esp),%edi
-	leal	400(%esp),%ebp
-	movl	-120(%ebx),%edx
-	movq	-120(%ebx),%mm0
-	movq	-128(%ebx),%mm3
-	shll	$4,%edx
-	movb	%dl,(%esp)
-	movl	-104(%ebx),%edx
-	movq	-104(%ebx),%mm2
-	movq	-112(%ebx),%mm5
-	movq	%mm0,-128(%edi)
-	psrlq	$4,%mm0
-	movq	%mm3,(%edi)
-	movq	%mm3,%mm7
-	psrlq	$4,%mm3
-	shll	$4,%edx
-	movb	%dl,1(%esp)
-	movl	-88(%ebx),%edx
-	movq	-88(%ebx),%mm1
-	psllq	$60,%mm7
-	movq	-96(%ebx),%mm4
-	por	%mm7,%mm0
-	movq	%mm2,-120(%edi)
-	psrlq	$4,%mm2
-	movq	%mm5,8(%edi)
-	movq	%mm5,%mm6
-	movq	%mm0,-128(%ebp)
-	psrlq	$4,%mm5
-	movq	%mm3,(%ebp)
-	shll	$4,%edx
-	movb	%dl,2(%esp)
-	movl	-72(%ebx),%edx
-	movq	-72(%ebx),%mm0
-	psllq	$60,%mm6
-	movq	-80(%ebx),%mm3
-	por	%mm6,%mm2
-	movq	%mm1,-112(%edi)
-	psrlq	$4,%mm1
-	movq	%mm4,16(%edi)
-	movq	%mm4,%mm7
-	movq	%mm2,-120(%ebp)
-	psrlq	$4,%mm4
-	movq	%mm5,8(%ebp)
-	shll	$4,%edx
-	movb	%dl,3(%esp)
-	movl	-56(%ebx),%edx
-	movq	-56(%ebx),%mm2
-	psllq	$60,%mm7
-	movq	-64(%ebx),%mm5
-	por	%mm7,%mm1
-	movq	%mm0,-104(%edi)
-	psrlq	$4,%mm0
-	movq	%mm3,24(%edi)
-	movq	%mm3,%mm6
-	movq	%mm1,-112(%ebp)
-	psrlq	$4,%mm3
-	movq	%mm4,16(%ebp)
-	shll	$4,%edx
-	movb	%dl,4(%esp)
-	movl	-40(%ebx),%edx
-	movq	-40(%ebx),%mm1
-	psllq	$60,%mm6
-	movq	-48(%ebx),%mm4
-	por	%mm6,%mm0
-	movq	%mm2,-96(%edi)
-	psrlq	$4,%mm2
-	movq	%mm5,32(%edi)
-	movq	%mm5,%mm7
-	movq	%mm0,-104(%ebp)
-	psrlq	$4,%mm5
-	movq	%mm3,24(%ebp)
-	shll	$4,%edx
-	movb	%dl,5(%esp)
-	movl	-24(%ebx),%edx
-	movq	-24(%ebx),%mm0
-	psllq	$60,%mm7
-	movq	-32(%ebx),%mm3
-	por	%mm7,%mm2
-	movq	%mm1,-88(%edi)
-	psrlq	$4,%mm1
-	movq	%mm4,40(%edi)
-	movq	%mm4,%mm6
-	movq	%mm2,-96(%ebp)
-	psrlq	$4,%mm4
-	movq	%mm5,32(%ebp)
-	shll	$4,%edx
-	movb	%dl,6(%esp)
-	movl	-8(%ebx),%edx
-	movq	-8(%ebx),%mm2
-	psllq	$60,%mm6
-	movq	-16(%ebx),%mm5
-	por	%mm6,%mm1
-	movq	%mm0,-80(%edi)
-	psrlq	$4,%mm0
-	movq	%mm3,48(%edi)
-	movq	%mm3,%mm7
-	movq	%mm1,-88(%ebp)
-	psrlq	$4,%mm3
-	movq	%mm4,40(%ebp)
-	shll	$4,%edx
-	movb	%dl,7(%esp)
-	movl	8(%ebx),%edx
-	movq	8(%ebx),%mm1
-	psllq	$60,%mm7
-	movq	(%ebx),%mm4
-	por	%mm7,%mm0
-	movq	%mm2,-72(%edi)
-	psrlq	$4,%mm2
-	movq	%mm5,56(%edi)
-	movq	%mm5,%mm6
-	movq	%mm0,-80(%ebp)
-	psrlq	$4,%mm5
-	movq	%mm3,48(%ebp)
-	shll	$4,%edx
-	movb	%dl,8(%esp)
-	movl	24(%ebx),%edx
-	movq	24(%ebx),%mm0
-	psllq	$60,%mm6
-	movq	16(%ebx),%mm3
-	por	%mm6,%mm2
-	movq	%mm1,-64(%edi)
-	psrlq	$4,%mm1
-	movq	%mm4,64(%edi)
-	movq	%mm4,%mm7
-	movq	%mm2,-72(%ebp)
-	psrlq	$4,%mm4
-	movq	%mm5,56(%ebp)
-	shll	$4,%edx
-	movb	%dl,9(%esp)
-	movl	40(%ebx),%edx
-	movq	40(%ebx),%mm2
-	psllq	$60,%mm7
-	movq	32(%ebx),%mm5
-	por	%mm7,%mm1
-	movq	%mm0,-56(%edi)
-	psrlq	$4,%mm0
-	movq	%mm3,72(%edi)
-	movq	%mm3,%mm6
-	movq	%mm1,-64(%ebp)
-	psrlq	$4,%mm3
-	movq	%mm4,64(%ebp)
-	shll	$4,%edx
-	movb	%dl,10(%esp)
-	movl	56(%ebx),%edx
-	movq	56(%ebx),%mm1
-	psllq	$60,%mm6
-	movq	48(%ebx),%mm4
-	por	%mm6,%mm0
-	movq	%mm2,-48(%edi)
-	psrlq	$4,%mm2
-	movq	%mm5,80(%edi)
-	movq	%mm5,%mm7
-	movq	%mm0,-56(%ebp)
-	psrlq	$4,%mm5
-	movq	%mm3,72(%ebp)
-	shll	$4,%edx
-	movb	%dl,11(%esp)
-	movl	72(%ebx),%edx
-	movq	72(%ebx),%mm0
-	psllq	$60,%mm7
-	movq	64(%ebx),%mm3
-	por	%mm7,%mm2
-	movq	%mm1,-40(%edi)
-	psrlq	$4,%mm1
-	movq	%mm4,88(%edi)
-	movq	%mm4,%mm6
-	movq	%mm2,-48(%ebp)
-	psrlq	$4,%mm4
-	movq	%mm5,80(%ebp)
-	shll	$4,%edx
-	movb	%dl,12(%esp)
-	movl	88(%ebx),%edx
-	movq	88(%ebx),%mm2
-	psllq	$60,%mm6
-	movq	80(%ebx),%mm5
-	por	%mm6,%mm1
-	movq	%mm0,-32(%edi)
-	psrlq	$4,%mm0
-	movq	%mm3,96(%edi)
-	movq	%mm3,%mm7
-	movq	%mm1,-40(%ebp)
-	psrlq	$4,%mm3
-	movq	%mm4,88(%ebp)
-	shll	$4,%edx
-	movb	%dl,13(%esp)
-	movl	104(%ebx),%edx
-	movq	104(%ebx),%mm1
-	psllq	$60,%mm7
-	movq	96(%ebx),%mm4
-	por	%mm7,%mm0
-	movq	%mm2,-24(%edi)
-	psrlq	$4,%mm2
-	movq	%mm5,104(%edi)
-	movq	%mm5,%mm6
-	movq	%mm0,-32(%ebp)
-	psrlq	$4,%mm5
-	movq	%mm3,96(%ebp)
-	shll	$4,%edx
-	movb	%dl,14(%esp)
-	movl	120(%ebx),%edx
-	movq	120(%ebx),%mm0
-	psllq	$60,%mm6
-	movq	112(%ebx),%mm3
-	por	%mm6,%mm2
-	movq	%mm1,-16(%edi)
-	psrlq	$4,%mm1
-	movq	%mm4,112(%edi)
-	movq	%mm4,%mm7
-	movq	%mm2,-24(%ebp)
-	psrlq	$4,%mm4
-	movq	%mm5,104(%ebp)
-	shll	$4,%edx
-	movb	%dl,15(%esp)
-	psllq	$60,%mm7
-	por	%mm7,%mm1
-	movq	%mm0,-8(%edi)
-	psrlq	$4,%mm0
-	movq	%mm3,120(%edi)
-	movq	%mm3,%mm6
-	movq	%mm1,-16(%ebp)
-	psrlq	$4,%mm3
-	movq	%mm4,112(%ebp)
-	psllq	$60,%mm6
-	por	%mm6,%mm0
-	movq	%mm0,-8(%ebp)
-	movq	%mm3,120(%ebp)
-	movq	(%eax),%mm6
-	movl	8(%eax),%ebx
-	movl	12(%eax),%edx
-.align	16
-.L009outer:
-	xorl	12(%ecx),%edx
-	xorl	8(%ecx),%ebx
-	pxor	(%ecx),%mm6
-	leal	16(%ecx),%ecx
-	movl	%ebx,536(%esp)
-	movq	%mm6,528(%esp)
-	movl	%ecx,548(%esp)
-	xorl	%eax,%eax
-	roll	$8,%edx
-	movb	%dl,%al
-	movl	%eax,%ebp
-	andb	$15,%al
-	shrl	$4,%ebp
-	pxor	%mm0,%mm0
-	roll	$8,%edx
-	pxor	%mm1,%mm1
-	pxor	%mm2,%mm2
-	movq	16(%esp,%eax,8),%mm7
-	movq	144(%esp,%eax,8),%mm6
-	movb	%dl,%al
-	movd	%mm7,%ebx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%edi
-	psrlq	$8,%mm6
-	pxor	272(%esp,%ebp,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	shrl	$4,%edi
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%ebp,8),%mm6
-	xorb	(%esp,%ebp,1),%bl
-	movb	%dl,%al
-	movd	%mm7,%ecx
-	movzbl	%bl,%ebx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%ebp
-	psrlq	$8,%mm6
-	pxor	272(%esp,%edi,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	shrl	$4,%ebp
-	pinsrw	$2,(%esi,%ebx,2),%mm2
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%edi,8),%mm6
-	xorb	(%esp,%edi,1),%cl
-	movb	%dl,%al
-	movl	536(%esp),%edx
-	movd	%mm7,%ebx
-	movzbl	%cl,%ecx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%edi
-	psrlq	$8,%mm6
-	pxor	272(%esp,%ebp,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm2,%mm6
-	shrl	$4,%edi
-	pinsrw	$2,(%esi,%ecx,2),%mm1
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%ebp,8),%mm6
-	xorb	(%esp,%ebp,1),%bl
-	movb	%dl,%al
-	movd	%mm7,%ecx
-	movzbl	%bl,%ebx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%ebp
-	psrlq	$8,%mm6
-	pxor	272(%esp,%edi,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm1,%mm6
-	shrl	$4,%ebp
-	pinsrw	$2,(%esi,%ebx,2),%mm0
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%edi,8),%mm6
-	xorb	(%esp,%edi,1),%cl
-	movb	%dl,%al
-	movd	%mm7,%ebx
-	movzbl	%cl,%ecx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%edi
-	psrlq	$8,%mm6
-	pxor	272(%esp,%ebp,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm0,%mm6
-	shrl	$4,%edi
-	pinsrw	$2,(%esi,%ecx,2),%mm2
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%ebp,8),%mm6
-	xorb	(%esp,%ebp,1),%bl
-	movb	%dl,%al
-	movd	%mm7,%ecx
-	movzbl	%bl,%ebx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%ebp
-	psrlq	$8,%mm6
-	pxor	272(%esp,%edi,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm2,%mm6
-	shrl	$4,%ebp
-	pinsrw	$2,(%esi,%ebx,2),%mm1
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%edi,8),%mm6
-	xorb	(%esp,%edi,1),%cl
-	movb	%dl,%al
-	movl	532(%esp),%edx
-	movd	%mm7,%ebx
-	movzbl	%cl,%ecx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%edi
-	psrlq	$8,%mm6
-	pxor	272(%esp,%ebp,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm1,%mm6
-	shrl	$4,%edi
-	pinsrw	$2,(%esi,%ecx,2),%mm0
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%ebp,8),%mm6
-	xorb	(%esp,%ebp,1),%bl
-	movb	%dl,%al
-	movd	%mm7,%ecx
-	movzbl	%bl,%ebx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%ebp
-	psrlq	$8,%mm6
-	pxor	272(%esp,%edi,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm0,%mm6
-	shrl	$4,%ebp
-	pinsrw	$2,(%esi,%ebx,2),%mm2
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%edi,8),%mm6
-	xorb	(%esp,%edi,1),%cl
-	movb	%dl,%al
-	movd	%mm7,%ebx
-	movzbl	%cl,%ecx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%edi
-	psrlq	$8,%mm6
-	pxor	272(%esp,%ebp,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm2,%mm6
-	shrl	$4,%edi
-	pinsrw	$2,(%esi,%ecx,2),%mm1
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%ebp,8),%mm6
-	xorb	(%esp,%ebp,1),%bl
-	movb	%dl,%al
-	movd	%mm7,%ecx
-	movzbl	%bl,%ebx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%ebp
-	psrlq	$8,%mm6
-	pxor	272(%esp,%edi,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm1,%mm6
-	shrl	$4,%ebp
-	pinsrw	$2,(%esi,%ebx,2),%mm0
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%edi,8),%mm6
-	xorb	(%esp,%edi,1),%cl
-	movb	%dl,%al
-	movl	528(%esp),%edx
-	movd	%mm7,%ebx
-	movzbl	%cl,%ecx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%edi
-	psrlq	$8,%mm6
-	pxor	272(%esp,%ebp,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm0,%mm6
-	shrl	$4,%edi
-	pinsrw	$2,(%esi,%ecx,2),%mm2
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%ebp,8),%mm6
-	xorb	(%esp,%ebp,1),%bl
-	movb	%dl,%al
-	movd	%mm7,%ecx
-	movzbl	%bl,%ebx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%ebp
-	psrlq	$8,%mm6
-	pxor	272(%esp,%edi,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm2,%mm6
-	shrl	$4,%ebp
-	pinsrw	$2,(%esi,%ebx,2),%mm1
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%edi,8),%mm6
-	xorb	(%esp,%edi,1),%cl
-	movb	%dl,%al
-	movd	%mm7,%ebx
-	movzbl	%cl,%ecx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%edi
-	psrlq	$8,%mm6
-	pxor	272(%esp,%ebp,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm1,%mm6
-	shrl	$4,%edi
-	pinsrw	$2,(%esi,%ecx,2),%mm0
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%ebp,8),%mm6
-	xorb	(%esp,%ebp,1),%bl
-	movb	%dl,%al
-	movd	%mm7,%ecx
-	movzbl	%bl,%ebx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%ebp
-	psrlq	$8,%mm6
-	pxor	272(%esp,%edi,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm0,%mm6
-	shrl	$4,%ebp
-	pinsrw	$2,(%esi,%ebx,2),%mm2
-	pxor	16(%esp,%eax,8),%mm7
-	roll	$8,%edx
-	pxor	144(%esp,%eax,8),%mm6
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%edi,8),%mm6
-	xorb	(%esp,%edi,1),%cl
-	movb	%dl,%al
-	movl	524(%esp),%edx
-	movd	%mm7,%ebx
-	movzbl	%cl,%ecx
-	psrlq	$8,%mm7
-	movq	%mm6,%mm3
-	movl	%eax,%edi
-	psrlq	$8,%mm6
-	pxor	272(%esp,%ebp,8),%mm7
-	andb	$15,%al
-	psllq	$56,%mm3
-	pxor	%mm2,%mm6
-	shrl	$4,%edi
-	pinsrw	$2,(%esi,%ecx,2),%mm1
-	pxor	16(%esp,%eax,8),%mm7
-	pxor	144(%esp,%eax,8),%mm6
-	xorb	(%esp,%ebp,1),%bl
-	pxor	%mm3,%mm7
-	pxor	400(%esp,%ebp,8),%mm6
-	movzbl	%bl,%ebx
-	pxor	%mm2,%mm2
-	psllq	$4,%mm1
-	movd	%mm7,%ecx
-	psrlq	$4,%mm7
-	movq	%mm6,%mm3
-	psrlq	$4,%mm6
-	shll	$4,%ecx
-	pxor	16(%esp,%edi,8),%mm7
-	psllq	$60,%mm3
-	movzbl	%cl,%ecx
-	pxor	%mm3,%mm7
-	pxor	144(%esp,%edi,8),%mm6
-	pinsrw	$2,(%esi,%ebx,2),%mm0
-	pxor	%mm1,%mm6
-	movd	%mm7,%edx
-	pinsrw	$3,(%esi,%ecx,2),%mm2
-	psllq	$12,%mm0
-	pxor	%mm0,%mm6
-	psrlq	$32,%mm7
-	pxor	%mm2,%mm6
-	movl	548(%esp),%ecx
-	movd	%mm7,%ebx
-	movq	%mm6,%mm3
-	psllw	$8,%mm6
-	psrlw	$8,%mm3
-	por	%mm3,%mm6
-	bswap	%edx
-	pshufw	$27,%mm6,%mm6
-	bswap	%ebx
-	cmpl	552(%esp),%ecx
-	jne	.L009outer
-	movl	544(%esp),%eax
-	movl	%edx,12(%eax)
-	movl	%ebx,8(%eax)
-	movq	%mm6,(%eax)
-	movl	556(%esp),%esp
-	emms
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	gcm_ghash_4bit_mmx,.-.L_gcm_ghash_4bit_mmx_begin
-.globl	gcm_init_clmul
-.type	gcm_init_clmul,@function
-.align	16
-gcm_init_clmul:
-.L_gcm_init_clmul_begin:
-	movl	4(%esp),%edx
-	movl	8(%esp),%eax
-	call	.L010pic
-.L010pic:
-	popl	%ecx
-	leal	.Lbswap-.L010pic(%ecx),%ecx
-	movdqu	(%eax),%xmm2
-	pshufd	$78,%xmm2,%xmm2
-	pshufd	$255,%xmm2,%xmm4
-	movdqa	%xmm2,%xmm3
-	psllq	$1,%xmm2
-	pxor	%xmm5,%xmm5
-	psrlq	$63,%xmm3
-	pcmpgtd	%xmm4,%xmm5
-	pslldq	$8,%xmm3
-	por	%xmm3,%xmm2
-	pand	16(%ecx),%xmm5
-	pxor	%xmm5,%xmm2
-	movdqa	%xmm2,%xmm0
-	movdqa	%xmm0,%xmm1
-	pshufd	$78,%xmm0,%xmm3
-	pshufd	$78,%xmm2,%xmm4
-	pxor	%xmm0,%xmm3
-	pxor	%xmm2,%xmm4
-.byte	102,15,58,68,194,0
-.byte	102,15,58,68,202,17
-.byte	102,15,58,68,220,0
-	xorps	%xmm0,%xmm3
-	xorps	%xmm1,%xmm3
-	movdqa	%xmm3,%xmm4
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm4
-	pxor	%xmm3,%xmm1
-	pxor	%xmm4,%xmm0
-	movdqa	%xmm0,%xmm3
-	psllq	$1,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$5,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$57,%xmm0
-	movdqa	%xmm0,%xmm4
-	pslldq	$8,%xmm0
-	psrldq	$8,%xmm4
-	pxor	%xmm3,%xmm0
-	pxor	%xmm4,%xmm1
-	movdqa	%xmm0,%xmm4
-	psrlq	$5,%xmm0
-	pxor	%xmm4,%xmm0
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	pxor	%xmm1,%xmm4
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	movdqu	%xmm2,(%edx)
-	movdqu	%xmm0,16(%edx)
-	ret
-.size	gcm_init_clmul,.-.L_gcm_init_clmul_begin
-.globl	gcm_gmult_clmul
-.type	gcm_gmult_clmul,@function
-.align	16
-gcm_gmult_clmul:
-.L_gcm_gmult_clmul_begin:
-	movl	4(%esp),%eax
-	movl	8(%esp),%edx
-	call	.L011pic
-.L011pic:
-	popl	%ecx
-	leal	.Lbswap-.L011pic(%ecx),%ecx
-	movdqu	(%eax),%xmm0
-	movdqa	(%ecx),%xmm5
-	movups	(%edx),%xmm2
-.byte	102,15,56,0,197
-	movdqa	%xmm0,%xmm1
-	pshufd	$78,%xmm0,%xmm3
-	pshufd	$78,%xmm2,%xmm4
-	pxor	%xmm0,%xmm3
-	pxor	%xmm2,%xmm4
-.byte	102,15,58,68,194,0
-.byte	102,15,58,68,202,17
-.byte	102,15,58,68,220,0
-	xorps	%xmm0,%xmm3
-	xorps	%xmm1,%xmm3
-	movdqa	%xmm3,%xmm4
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm4
-	pxor	%xmm3,%xmm1
-	pxor	%xmm4,%xmm0
-	movdqa	%xmm0,%xmm3
-	psllq	$1,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$5,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$57,%xmm0
-	movdqa	%xmm0,%xmm4
-	pslldq	$8,%xmm0
-	psrldq	$8,%xmm4
-	pxor	%xmm3,%xmm0
-	pxor	%xmm4,%xmm1
-	movdqa	%xmm0,%xmm4
-	psrlq	$5,%xmm0
-	pxor	%xmm4,%xmm0
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	pxor	%xmm1,%xmm4
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-.byte	102,15,56,0,197
-	movdqu	%xmm0,(%eax)
-	ret
-.size	gcm_gmult_clmul,.-.L_gcm_gmult_clmul_begin
-.globl	gcm_ghash_clmul
-.type	gcm_ghash_clmul,@function
-.align	16
-gcm_ghash_clmul:
-.L_gcm_ghash_clmul_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%eax
-	movl	24(%esp),%edx
-	movl	28(%esp),%esi
-	movl	32(%esp),%ebx
-	call	.L012pic
-.L012pic:
-	popl	%ecx
-	leal	.Lbswap-.L012pic(%ecx),%ecx
-	movdqu	(%eax),%xmm0
-	movdqa	(%ecx),%xmm5
-	movdqu	(%edx),%xmm2
-.byte	102,15,56,0,197
-	subl	$16,%ebx
-	jz	.L013odd_tail
-	movdqu	(%esi),%xmm3
-	movdqu	16(%esi),%xmm6
-.byte	102,15,56,0,221
-.byte	102,15,56,0,245
-	pxor	%xmm3,%xmm0
-	movdqa	%xmm6,%xmm7
-	pshufd	$78,%xmm6,%xmm3
-	pshufd	$78,%xmm2,%xmm4
-	pxor	%xmm6,%xmm3
-	pxor	%xmm2,%xmm4
-.byte	102,15,58,68,242,0
-.byte	102,15,58,68,250,17
-.byte	102,15,58,68,220,0
-	xorps	%xmm6,%xmm3
-	xorps	%xmm7,%xmm3
-	movdqa	%xmm3,%xmm4
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm4
-	pxor	%xmm3,%xmm7
-	pxor	%xmm4,%xmm6
-	movups	16(%edx),%xmm2
-	leal	32(%esi),%esi
-	subl	$32,%ebx
-	jbe	.L014even_tail
-.L015mod_loop:
-	movdqa	%xmm0,%xmm1
-	pshufd	$78,%xmm0,%xmm3
-	pshufd	$78,%xmm2,%xmm4
-	pxor	%xmm0,%xmm3
-	pxor	%xmm2,%xmm4
-.byte	102,15,58,68,194,0
-.byte	102,15,58,68,202,17
-.byte	102,15,58,68,220,0
-	xorps	%xmm0,%xmm3
-	xorps	%xmm1,%xmm3
-	movdqa	%xmm3,%xmm4
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm4
-	pxor	%xmm3,%xmm1
-	pxor	%xmm4,%xmm0
-	movdqu	(%esi),%xmm3
-	movups	(%edx),%xmm2
-	pxor	%xmm6,%xmm0
-	pxor	%xmm7,%xmm1
-	movdqu	16(%esi),%xmm6
-.byte	102,15,56,0,221
-.byte	102,15,56,0,245
-	movdqa	%xmm6,%xmm5
-	movdqa	%xmm6,%xmm7
-	pxor	%xmm3,%xmm1
-	movdqa	%xmm0,%xmm3
-	psllq	$1,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$5,%xmm0
-	pxor	%xmm3,%xmm0
-.byte	102,15,58,68,242,0
-	psllq	$57,%xmm0
-	movdqa	%xmm0,%xmm4
-	pslldq	$8,%xmm0
-	psrldq	$8,%xmm4
-	pxor	%xmm3,%xmm0
-	pshufd	$78,%xmm5,%xmm3
-	pxor	%xmm4,%xmm1
-	pxor	%xmm5,%xmm3
-	pshufd	$78,%xmm2,%xmm5
-	pxor	%xmm2,%xmm5
-.byte	102,15,58,68,250,17
-	movdqa	%xmm0,%xmm4
-	psrlq	$5,%xmm0
-	pxor	%xmm4,%xmm0
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	pxor	%xmm1,%xmm4
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-.byte	102,15,58,68,221,0
-	movups	16(%edx),%xmm2
-	xorps	%xmm6,%xmm3
-	xorps	%xmm7,%xmm3
-	movdqa	%xmm3,%xmm5
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm5
-	pxor	%xmm3,%xmm7
-	pxor	%xmm5,%xmm6
-	movdqa	(%ecx),%xmm5
-	leal	32(%esi),%esi
-	subl	$32,%ebx
-	ja	.L015mod_loop
-.L014even_tail:
-	movdqa	%xmm0,%xmm1
-	pshufd	$78,%xmm0,%xmm3
-	pshufd	$78,%xmm2,%xmm4
-	pxor	%xmm0,%xmm3
-	pxor	%xmm2,%xmm4
-.byte	102,15,58,68,194,0
-.byte	102,15,58,68,202,17
-.byte	102,15,58,68,220,0
-	xorps	%xmm0,%xmm3
-	xorps	%xmm1,%xmm3
-	movdqa	%xmm3,%xmm4
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm4
-	pxor	%xmm3,%xmm1
-	pxor	%xmm4,%xmm0
-	pxor	%xmm6,%xmm0
-	pxor	%xmm7,%xmm1
-	movdqa	%xmm0,%xmm3
-	psllq	$1,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$5,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$57,%xmm0
-	movdqa	%xmm0,%xmm4
-	pslldq	$8,%xmm0
-	psrldq	$8,%xmm4
-	pxor	%xmm3,%xmm0
-	pxor	%xmm4,%xmm1
-	movdqa	%xmm0,%xmm4
-	psrlq	$5,%xmm0
-	pxor	%xmm4,%xmm0
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	pxor	%xmm1,%xmm4
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	testl	%ebx,%ebx
-	jnz	.L016done
-	movups	(%edx),%xmm2
-.L013odd_tail:
-	movdqu	(%esi),%xmm3
-.byte	102,15,56,0,221
-	pxor	%xmm3,%xmm0
-	movdqa	%xmm0,%xmm1
-	pshufd	$78,%xmm0,%xmm3
-	pshufd	$78,%xmm2,%xmm4
-	pxor	%xmm0,%xmm3
-	pxor	%xmm2,%xmm4
-.byte	102,15,58,68,194,0
-.byte	102,15,58,68,202,17
-.byte	102,15,58,68,220,0
-	xorps	%xmm0,%xmm3
-	xorps	%xmm1,%xmm3
-	movdqa	%xmm3,%xmm4
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm4
-	pxor	%xmm3,%xmm1
-	pxor	%xmm4,%xmm0
-	movdqa	%xmm0,%xmm3
-	psllq	$1,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$5,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$57,%xmm0
-	movdqa	%xmm0,%xmm4
-	pslldq	$8,%xmm0
-	psrldq	$8,%xmm4
-	pxor	%xmm3,%xmm0
-	pxor	%xmm4,%xmm1
-	movdqa	%xmm0,%xmm4
-	psrlq	$5,%xmm0
-	pxor	%xmm4,%xmm0
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	pxor	%xmm1,%xmm4
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-.L016done:
-.byte	102,15,56,0,197
-	movdqu	%xmm0,(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	gcm_ghash_clmul,.-.L_gcm_ghash_clmul_begin
-.align	64
-.Lbswap:
-.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
-.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,194
-.align	64
-.Lrem_4bit:
-.long	0,0,0,471859200,0,943718400,0,610271232
-.long	0,1887436800,0,1822425088,0,1220542464,0,1423966208
-.long	0,3774873600,0,4246732800,0,3644850176,0,3311403008
-.long	0,2441084928,0,2376073216,0,2847932416,0,3051356160
-.align	64
-.Lrem_8bit:
-.value	0,450,900,582,1800,1738,1164,1358
-.value	3600,4050,3476,3158,2328,2266,2716,2910
-.value	7200,7650,8100,7782,6952,6890,6316,6510
-.value	4656,5106,4532,4214,5432,5370,5820,6014
-.value	14400,14722,15300,14854,16200,16010,15564,15630
-.value	13904,14226,13780,13334,12632,12442,13020,13086
-.value	9312,9634,10212,9766,9064,8874,8428,8494
-.value	10864,11186,10740,10294,11640,11450,12028,12094
-.value	28800,28994,29444,29382,30600,30282,29708,30158
-.value	32400,32594,32020,31958,31128,30810,31260,31710
-.value	27808,28002,28452,28390,27560,27242,26668,27118
-.value	25264,25458,24884,24822,26040,25722,26172,26622
-.value	18624,18690,19268,19078,20424,19978,19532,19854
-.value	18128,18194,17748,17558,16856,16410,16988,17310
-.value	21728,21794,22372,22182,21480,21034,20588,20910
-.value	23280,23346,22900,22710,24056,23610,24188,24510
-.value	57600,57538,57988,58182,58888,59338,58764,58446
-.value	61200,61138,60564,60758,59416,59866,60316,59998
-.value	64800,64738,65188,65382,64040,64490,63916,63598
-.value	62256,62194,61620,61814,62520,62970,63420,63102
-.value	55616,55426,56004,56070,56904,57226,56780,56334
-.value	55120,54930,54484,54550,53336,53658,54236,53790
-.value	50528,50338,50916,50982,49768,50090,49644,49198
-.value	52080,51890,51444,51510,52344,52666,53244,52798
-.value	37248,36930,37380,37830,38536,38730,38156,38094
-.value	40848,40530,39956,40406,39064,39258,39708,39646
-.value	36256,35938,36388,36838,35496,35690,35116,35054
-.value	33712,33394,32820,33270,33976,34170,34620,34558
-.value	43456,43010,43588,43910,44744,44810,44364,44174
-.value	42960,42514,42068,42390,41176,41242,41820,41630
-.value	46560,46114,46692,47014,45800,45866,45420,45230
-.value	48112,47666,47220,47542,48376,48442,49020,48830
-.byte	71,72,65,83,72,32,102,111,114,32,120,56,54,44,32,67
-.byte	82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112
-.byte	112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62
-.byte	0
diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl
deleted file mode 100644
index 2426cd0c8a..0000000000
--- a/crypto/modes/asm/ghash-x86.pl
+++ /dev/null
@@ -1,1342 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# March, May, June 2010
-#
-# The module implements "4-bit" GCM GHASH function and underlying
-# single multiplication operation in GF(2^128). "4-bit" means that it
-# uses 256 bytes per-key table [+64/128 bytes fixed table]. It has two
-# code paths: vanilla x86 and vanilla MMX. Former will be executed on
-# 486 and Pentium, latter on all others. MMX GHASH features so called
-# "528B" variant of "4-bit" method utilizing additional 256+16 bytes
-# of per-key storage [+512 bytes shared table]. Performance results
-# are for streamed GHASH subroutine and are expressed in cycles per
-# processed byte, less is better:
-#
-#		gcc 2.95.3(*)	MMX assembler	x86 assembler
-#
-# Pentium	105/111(**)	-		50
-# PIII		68 /75		12.2		24
-# P4		125/125		17.8		84(***)
-# Opteron	66 /70		10.1		30
-# Core2		54 /67		8.4		18
-#
-# (*)	gcc 3.4.x was observed to generate few percent slower code,
-#	which is one of reasons why 2.95.3 results were chosen,
-#	another reason is lack of 3.4.x results for older CPUs;
-#	comparison with MMX results is not completely fair, because C
-#	results are for vanilla "256B" implementation, while
-#	assembler results are for "528B";-)
-# (**)	second number is result for code compiled with -fPIC flag,
-#	which is actually more relevant, because assembler code is
-#	position-independent;
-# (***)	see comment in non-MMX routine for further details;
-#
-# To summarize, it's >2-5 times faster than gcc-generated code. To
-# anchor it to something else SHA1 assembler processes one byte in
-# 11-13 cycles on contemporary x86 cores. As for choice of MMX in
-# particular, see comment at the end of the file...
-
-# May 2010
-#
-# Add PCLMULQDQ version performing at 2.10 cycles per processed byte.
-# The question is how close is it to theoretical limit? The pclmulqdq
-# instruction latency appears to be 14 cycles and there can't be more
-# than 2 of them executing at any given time. This means that single
-# Karatsuba multiplication would take 28 cycles *plus* few cycles for
-# pre- and post-processing. Then multiplication has to be followed by
-# modulo-reduction. Given that aggregated reduction method [see
-# "Carry-less Multiplication and Its Usage for Computing the GCM Mode"
-# white paper by Intel] allows you to perform reduction only once in
-# a while we can assume that asymptotic performance can be estimated
-# as (28+Tmod/Naggr)/16, where Tmod is time to perform reduction
-# and Naggr is the aggregation factor.
-#
-# Before we proceed to this implementation let's have closer look at
-# the best-performing code suggested by Intel in their white paper.
-# By tracing inter-register dependencies Tmod is estimated as ~19
-# cycles and Naggr chosen by Intel is 4, resulting in 2.05 cycles per
-# processed byte. As implied, this is quite optimistic estimate,
-# because it does not account for Karatsuba pre- and post-processing,
-# which for a single multiplication is ~5 cycles. Unfortunately Intel
-# does not provide performance data for GHASH alone. But benchmarking
-# AES_GCM_encrypt ripped out of Fig. 15 of the white paper with aadt
-# alone resulted in 2.46 cycles per byte of out 16KB buffer. Note that
-# the result accounts even for pre-computing of degrees of the hash
-# key H, but its portion is negligible at 16KB buffer size.
-#
-# Moving on to the implementation in question. Tmod is estimated as
-# ~13 cycles and Naggr is 2, giving asymptotic performance of ...
-# 2.16. How is it possible that measured performance is better than
-# optimistic theoretical estimate? There is one thing Intel failed
-# to recognize. By serializing GHASH with CTR in same subroutine
-# former's performance is really limited to above (Tmul + Tmod/Naggr)
-# equation. But if GHASH procedure is detached, the modulo-reduction
-# can be interleaved with Naggr-1 multiplications at instruction level
-# and under ideal conditions even disappear from the equation. So that
-# optimistic theoretical estimate for this implementation is ...
-# 28/16=1.75, and not 2.16. Well, it's probably way too optimistic,
-# at least for such small Naggr. I'd argue that (28+Tproc/Naggr),
-# where Tproc is time required for Karatsuba pre- and post-processing,
-# is more realistic estimate. In this case it gives ... 1.91 cycles.
-# Or in other words, depending on how well we can interleave reduction
-# and one of the two multiplications the performance should be betwen
-# 1.91 and 2.16. As already mentioned, this implementation processes
-# one byte out of 8KB buffer in 2.10 cycles, while x86_64 counterpart
-# - in 2.02. x86_64 performance is better, because larger register
-# bank allows to interleave reduction and multiplication better.
-#
-# Does it make sense to increase Naggr? To start with it's virtually
-# impossible in 32-bit mode, because of limited register bank
-# capacity. Otherwise improvement has to be weighed agiainst slower
-# setup, as well as code size and complexity increase. As even
-# optimistic estimate doesn't promise 30% performance improvement,
-# there are currently no plans to increase Naggr.
-#
-# Special thanks to David Woodhouse <dwmw2@infradead.org> for
-# providing access to a Westmere-based system on behalf of Intel
-# Open Source Technology Centre.
-
-# January 2010
-#
-# Tweaked to optimize transitions between integer and FP operations
-# on same XMM register, PCLMULQDQ subroutine was measured to process
-# one byte in 2.07 cycles on Sandy Bridge, and in 2.12 - on Westmere.
-# The minor regression on Westmere is outweighed by ~15% improvement
-# on Sandy Bridge. Strangely enough attempt to modify 64-bit code in
-# similar manner resulted in almost 20% degradation on Sandy Bridge,
-# where original 64-bit code processes one byte in 1.95 cycles.
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"ghash-x86.pl",$x86only = $ARGV[$#ARGV] eq "386");
-
-$sse2=0;
-for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-
-($Zhh,$Zhl,$Zlh,$Zll) = ("ebp","edx","ecx","ebx");
-$inp  = "edi";
-$Htbl = "esi";
-
-$unroll = 0;	# Affects x86 loop. Folded loop performs ~7% worse
-		# than unrolled, which has to be weighted against
-		# 2.5x x86-specific code size reduction.
-
-sub x86_loop {
-    my $off = shift;
-    my $rem = "eax";
-
-	&mov	($Zhh,&DWP(4,$Htbl,$Zll));
-	&mov	($Zhl,&DWP(0,$Htbl,$Zll));
-	&mov	($Zlh,&DWP(12,$Htbl,$Zll));
-	&mov	($Zll,&DWP(8,$Htbl,$Zll));
-	&xor	($rem,$rem);	# avoid partial register stalls on PIII
-
-	# shrd practically kills P4, 2.5x deterioration, but P4 has
-	# MMX code-path to execute. shrd runs tad faster [than twice
-	# the shifts, move's and or's] on pre-MMX Pentium (as well as
-	# PIII and Core2), *but* minimizes code size, spares register
-	# and thus allows to fold the loop...
-	if (!$unroll) {
-	my $cnt = $inp;
-	&mov	($cnt,15);
-	&jmp	(&label("x86_loop"));
-	&set_label("x86_loop",16);
-	    for($i=1;$i<=2;$i++) {
-		&mov	(&LB($rem),&LB($Zll));
-		&shrd	($Zll,$Zlh,4);
-		&and	(&LB($rem),0xf);
-		&shrd	($Zlh,$Zhl,4);
-		&shrd	($Zhl,$Zhh,4);
-		&shr	($Zhh,4);
-		&xor	($Zhh,&DWP($off+16,"esp",$rem,4));
-
-		&mov	(&LB($rem),&BP($off,"esp",$cnt));
-		if ($i&1) {
-			&and	(&LB($rem),0xf0);
-		} else {
-			&shl	(&LB($rem),4);
-		}
-
-		&xor	($Zll,&DWP(8,$Htbl,$rem));
-		&xor	($Zlh,&DWP(12,$Htbl,$rem));
-		&xor	($Zhl,&DWP(0,$Htbl,$rem));
-		&xor	($Zhh,&DWP(4,$Htbl,$rem));
-
-		if ($i&1) {
-			&dec	($cnt);
-			&js	(&label("x86_break"));
-		} else {
-			&jmp	(&label("x86_loop"));
-		}
-	    }
-	&set_label("x86_break",16);
-	} else {
-	    for($i=1;$i<32;$i++) {
-		&comment($i);
-		&mov	(&LB($rem),&LB($Zll));
-		&shrd	($Zll,$Zlh,4);
-		&and	(&LB($rem),0xf);
-		&shrd	($Zlh,$Zhl,4);
-		&shrd	($Zhl,$Zhh,4);
-		&shr	($Zhh,4);
-		&xor	($Zhh,&DWP($off+16,"esp",$rem,4));
-
-		if ($i&1) {
-			&mov	(&LB($rem),&BP($off+15-($i>>1),"esp"));
-			&and	(&LB($rem),0xf0);
-		} else {
-			&mov	(&LB($rem),&BP($off+15-($i>>1),"esp"));
-			&shl	(&LB($rem),4);
-		}
-
-		&xor	($Zll,&DWP(8,$Htbl,$rem));
-		&xor	($Zlh,&DWP(12,$Htbl,$rem));
-		&xor	($Zhl,&DWP(0,$Htbl,$rem));
-		&xor	($Zhh,&DWP(4,$Htbl,$rem));
-	    }
-	}
-	&bswap	($Zll);
-	&bswap	($Zlh);
-	&bswap	($Zhl);
-	if (!$x86only) {
-		&bswap	($Zhh);
-	} else {
-		&mov	("eax",$Zhh);
-		&bswap	("eax");
-		&mov	($Zhh,"eax");
-	}
-}
-
-if ($unroll) {
-    &function_begin_B("_x86_gmult_4bit_inner");
-	&x86_loop(4);
-	&ret	();
-    &function_end_B("_x86_gmult_4bit_inner");
-}
-
-sub deposit_rem_4bit {
-    my $bias = shift;
-
-	&mov	(&DWP($bias+0, "esp"),0x0000<<16);
-	&mov	(&DWP($bias+4, "esp"),0x1C20<<16);
-	&mov	(&DWP($bias+8, "esp"),0x3840<<16);
-	&mov	(&DWP($bias+12,"esp"),0x2460<<16);
-	&mov	(&DWP($bias+16,"esp"),0x7080<<16);
-	&mov	(&DWP($bias+20,"esp"),0x6CA0<<16);
-	&mov	(&DWP($bias+24,"esp"),0x48C0<<16);
-	&mov	(&DWP($bias+28,"esp"),0x54E0<<16);
-	&mov	(&DWP($bias+32,"esp"),0xE100<<16);
-	&mov	(&DWP($bias+36,"esp"),0xFD20<<16);
-	&mov	(&DWP($bias+40,"esp"),0xD940<<16);
-	&mov	(&DWP($bias+44,"esp"),0xC560<<16);
-	&mov	(&DWP($bias+48,"esp"),0x9180<<16);
-	&mov	(&DWP($bias+52,"esp"),0x8DA0<<16);
-	&mov	(&DWP($bias+56,"esp"),0xA9C0<<16);
-	&mov	(&DWP($bias+60,"esp"),0xB5E0<<16);
-}
-
-$suffix = $x86only ? "" : "_x86";
-
-&function_begin("gcm_gmult_4bit".$suffix);
-	&stack_push(16+4+1);			# +1 for stack alignment
-	&mov	($inp,&wparam(0));		# load Xi
-	&mov	($Htbl,&wparam(1));		# load Htable
-
-	&mov	($Zhh,&DWP(0,$inp));		# load Xi[16]
-	&mov	($Zhl,&DWP(4,$inp));
-	&mov	($Zlh,&DWP(8,$inp));
-	&mov	($Zll,&DWP(12,$inp));
-
-	&deposit_rem_4bit(16);
-
-	&mov	(&DWP(0,"esp"),$Zhh);		# copy Xi[16] on stack
-	&mov	(&DWP(4,"esp"),$Zhl);
-	&mov	(&DWP(8,"esp"),$Zlh);
-	&mov	(&DWP(12,"esp"),$Zll);
-	&shr	($Zll,20);
-	&and	($Zll,0xf0);
-
-	if ($unroll) {
-		&call	("_x86_gmult_4bit_inner");
-	} else {
-		&x86_loop(0);
-		&mov	($inp,&wparam(0));
-	}
-
-	&mov	(&DWP(12,$inp),$Zll);
-	&mov	(&DWP(8,$inp),$Zlh);
-	&mov	(&DWP(4,$inp),$Zhl);
-	&mov	(&DWP(0,$inp),$Zhh);
-	&stack_pop(16+4+1);
-&function_end("gcm_gmult_4bit".$suffix);
-
-&function_begin("gcm_ghash_4bit".$suffix);
-	&stack_push(16+4+1);			# +1 for 64-bit alignment
-	&mov	($Zll,&wparam(0));		# load Xi
-	&mov	($Htbl,&wparam(1));		# load Htable
-	&mov	($inp,&wparam(2));		# load in
-	&mov	("ecx",&wparam(3));		# load len
-	&add	("ecx",$inp);
-	&mov	(&wparam(3),"ecx");
-
-	&mov	($Zhh,&DWP(0,$Zll));		# load Xi[16]
-	&mov	($Zhl,&DWP(4,$Zll));
-	&mov	($Zlh,&DWP(8,$Zll));
-	&mov	($Zll,&DWP(12,$Zll));
-
-	&deposit_rem_4bit(16);
-
-    &set_label("x86_outer_loop",16);
-	&xor	($Zll,&DWP(12,$inp));		# xor with input
-	&xor	($Zlh,&DWP(8,$inp));
-	&xor	($Zhl,&DWP(4,$inp));
-	&xor	($Zhh,&DWP(0,$inp));
-	&mov	(&DWP(12,"esp"),$Zll);		# dump it on stack
-	&mov	(&DWP(8,"esp"),$Zlh);
-	&mov	(&DWP(4,"esp"),$Zhl);
-	&mov	(&DWP(0,"esp"),$Zhh);
-
-	&shr	($Zll,20);
-	&and	($Zll,0xf0);
-
-	if ($unroll) {
-		&call	("_x86_gmult_4bit_inner");
-	} else {
-		&x86_loop(0);
-		&mov	($inp,&wparam(2));
-	}
-	&lea	($inp,&DWP(16,$inp));
-	&cmp	($inp,&wparam(3));
-	&mov	(&wparam(2),$inp)	if (!$unroll);
-	&jb	(&label("x86_outer_loop"));
-
-	&mov	($inp,&wparam(0));	# load Xi
-	&mov	(&DWP(12,$inp),$Zll);
-	&mov	(&DWP(8,$inp),$Zlh);
-	&mov	(&DWP(4,$inp),$Zhl);
-	&mov	(&DWP(0,$inp),$Zhh);
-	&stack_pop(16+4+1);
-&function_end("gcm_ghash_4bit".$suffix);
-
-if (!$x86only) {{{
-
-&static_label("rem_4bit");
-
-if (!$sse2) {{	# pure-MMX "May" version...
-
-$S=12;		# shift factor for rem_4bit
-
-&function_begin_B("_mmx_gmult_4bit_inner");
-# MMX version performs 3.5 times better on P4 (see comment in non-MMX
-# routine for further details), 100% better on Opteron, ~70% better
-# on Core2 and PIII... In other words effort is considered to be well
-# spent... Since initial release the loop was unrolled in order to
-# "liberate" register previously used as loop counter. Instead it's
-# used to optimize critical path in 'Z.hi ^= rem_4bit[Z.lo&0xf]'.
-# The path involves move of Z.lo from MMX to integer register,
-# effective address calculation and finally merge of value to Z.hi.
-# Reference to rem_4bit is scheduled so late that I had to >>4
-# rem_4bit elements. This resulted in 20-45% procent improvement
-# on contemporary µ-archs.
-{
-    my $cnt;
-    my $rem_4bit = "eax";
-    my @rem = ($Zhh,$Zll);
-    my $nhi = $Zhl;
-    my $nlo = $Zlh;
-
-    my ($Zlo,$Zhi) = ("mm0","mm1");
-    my $tmp = "mm2";
-
-	&xor	($nlo,$nlo);	# avoid partial register stalls on PIII
-	&mov	($nhi,$Zll);
-	&mov	(&LB($nlo),&LB($nhi));
-	&shl	(&LB($nlo),4);
-	&and	($nhi,0xf0);
-	&movq	($Zlo,&QWP(8,$Htbl,$nlo));
-	&movq	($Zhi,&QWP(0,$Htbl,$nlo));
-	&movd	($rem[0],$Zlo);
-
-	for ($cnt=28;$cnt>=-2;$cnt--) {
-	    my $odd = $cnt&1;
-	    my $nix = $odd ? $nlo : $nhi;
-
-		&shl	(&LB($nlo),4)			if ($odd);
-		&psrlq	($Zlo,4);
-		&movq	($tmp,$Zhi);
-		&psrlq	($Zhi,4);
-		&pxor	($Zlo,&QWP(8,$Htbl,$nix));
-		&mov	(&LB($nlo),&BP($cnt/2,$inp))	if (!$odd && $cnt>=0);
-		&psllq	($tmp,60);
-		&and	($nhi,0xf0)			if ($odd);
-		&pxor	($Zhi,&QWP(0,$rem_4bit,$rem[1],8)) if ($cnt<28);
-		&and	($rem[0],0xf);
-		&pxor	($Zhi,&QWP(0,$Htbl,$nix));
-		&mov	($nhi,$nlo)			if (!$odd && $cnt>=0);
-		&movd	($rem[1],$Zlo);
-		&pxor	($Zlo,$tmp);
-
-		push	(@rem,shift(@rem));		# "rotate" registers
-	}
-
-	&mov	($inp,&DWP(4,$rem_4bit,$rem[1],8));	# last rem_4bit[rem]
-
-	&psrlq	($Zlo,32);	# lower part of Zlo is already there
-	&movd	($Zhl,$Zhi);
-	&psrlq	($Zhi,32);
-	&movd	($Zlh,$Zlo);
-	&movd	($Zhh,$Zhi);
-	&shl	($inp,4);	# compensate for rem_4bit[i] being >>4
-
-	&bswap	($Zll);
-	&bswap	($Zhl);
-	&bswap	($Zlh);
-	&xor	($Zhh,$inp);
-	&bswap	($Zhh);
-
-	&ret	();
-}
-&function_end_B("_mmx_gmult_4bit_inner");
-
-&function_begin("gcm_gmult_4bit_mmx");
-	&mov	($inp,&wparam(0));	# load Xi
-	&mov	($Htbl,&wparam(1));	# load Htable
-
-	&call	(&label("pic_point"));
-	&set_label("pic_point");
-	&blindpop("eax");
-	&lea	("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax"));
-
-	&movz	($Zll,&BP(15,$inp));
-
-	&call	("_mmx_gmult_4bit_inner");
-
-	&mov	($inp,&wparam(0));	# load Xi
-	&emms	();
-	&mov	(&DWP(12,$inp),$Zll);
-	&mov	(&DWP(4,$inp),$Zhl);
-	&mov	(&DWP(8,$inp),$Zlh);
-	&mov	(&DWP(0,$inp),$Zhh);
-&function_end("gcm_gmult_4bit_mmx");
-
-# Streamed version performs 20% better on P4, 7% on Opteron,
-# 10% on Core2 and PIII...
-&function_begin("gcm_ghash_4bit_mmx");
-	&mov	($Zhh,&wparam(0));	# load Xi
-	&mov	($Htbl,&wparam(1));	# load Htable
-	&mov	($inp,&wparam(2));	# load in
-	&mov	($Zlh,&wparam(3));	# load len
-
-	&call	(&label("pic_point"));
-	&set_label("pic_point");
-	&blindpop("eax");
-	&lea	("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax"));
-
-	&add	($Zlh,$inp);
-	&mov	(&wparam(3),$Zlh);	# len to point at the end of input
-	&stack_push(4+1);		# +1 for stack alignment
-
-	&mov	($Zll,&DWP(12,$Zhh));	# load Xi[16]
-	&mov	($Zhl,&DWP(4,$Zhh));
-	&mov	($Zlh,&DWP(8,$Zhh));
-	&mov	($Zhh,&DWP(0,$Zhh));
-	&jmp	(&label("mmx_outer_loop"));
-
-    &set_label("mmx_outer_loop",16);
-	&xor	($Zll,&DWP(12,$inp));
-	&xor	($Zhl,&DWP(4,$inp));
-	&xor	($Zlh,&DWP(8,$inp));
-	&xor	($Zhh,&DWP(0,$inp));
-	&mov	(&wparam(2),$inp);
-	&mov	(&DWP(12,"esp"),$Zll);
-	&mov	(&DWP(4,"esp"),$Zhl);
-	&mov	(&DWP(8,"esp"),$Zlh);
-	&mov	(&DWP(0,"esp"),$Zhh);
-
-	&mov	($inp,"esp");
-	&shr	($Zll,24);
-
-	&call	("_mmx_gmult_4bit_inner");
-
-	&mov	($inp,&wparam(2));
-	&lea	($inp,&DWP(16,$inp));
-	&cmp	($inp,&wparam(3));
-	&jb	(&label("mmx_outer_loop"));
-
-	&mov	($inp,&wparam(0));	# load Xi
-	&emms	();
-	&mov	(&DWP(12,$inp),$Zll);
-	&mov	(&DWP(4,$inp),$Zhl);
-	&mov	(&DWP(8,$inp),$Zlh);
-	&mov	(&DWP(0,$inp),$Zhh);
-
-	&stack_pop(4+1);
-&function_end("gcm_ghash_4bit_mmx");
-
-}} else {{	# "June" MMX version...
-		# ... has slower "April" gcm_gmult_4bit_mmx with folded
-		# loop. This is done to conserve code size...
-$S=16;		# shift factor for rem_4bit
-
-sub mmx_loop() {
-# MMX version performs 2.8 times better on P4 (see comment in non-MMX
-# routine for further details), 40% better on Opteron and Core2, 50%
-# better on PIII... In other words effort is considered to be well
-# spent...
-    my $inp = shift;
-    my $rem_4bit = shift;
-    my $cnt = $Zhh;
-    my $nhi = $Zhl;
-    my $nlo = $Zlh;
-    my $rem = $Zll;
-
-    my ($Zlo,$Zhi) = ("mm0","mm1");
-    my $tmp = "mm2";
-
-	&xor	($nlo,$nlo);	# avoid partial register stalls on PIII
-	&mov	($nhi,$Zll);
-	&mov	(&LB($nlo),&LB($nhi));
-	&mov	($cnt,14);
-	&shl	(&LB($nlo),4);
-	&and	($nhi,0xf0);
-	&movq	($Zlo,&QWP(8,$Htbl,$nlo));
-	&movq	($Zhi,&QWP(0,$Htbl,$nlo));
-	&movd	($rem,$Zlo);
-	&jmp	(&label("mmx_loop"));
-
-    &set_label("mmx_loop",16);
-	&psrlq	($Zlo,4);
-	&and	($rem,0xf);
-	&movq	($tmp,$Zhi);
-	&psrlq	($Zhi,4);
-	&pxor	($Zlo,&QWP(8,$Htbl,$nhi));
-	&mov	(&LB($nlo),&BP(0,$inp,$cnt));
-	&psllq	($tmp,60);
-	&pxor	($Zhi,&QWP(0,$rem_4bit,$rem,8));
-	&dec	($cnt);
-	&movd	($rem,$Zlo);
-	&pxor	($Zhi,&QWP(0,$Htbl,$nhi));
-	&mov	($nhi,$nlo);
-	&pxor	($Zlo,$tmp);
-	&js	(&label("mmx_break"));
-
-	&shl	(&LB($nlo),4);
-	&and	($rem,0xf);
-	&psrlq	($Zlo,4);
-	&and	($nhi,0xf0);
-	&movq	($tmp,$Zhi);
-	&psrlq	($Zhi,4);
-	&pxor	($Zlo,&QWP(8,$Htbl,$nlo));
-	&psllq	($tmp,60);
-	&pxor	($Zhi,&QWP(0,$rem_4bit,$rem,8));
-	&movd	($rem,$Zlo);
-	&pxor	($Zhi,&QWP(0,$Htbl,$nlo));
-	&pxor	($Zlo,$tmp);
-	&jmp	(&label("mmx_loop"));
-
-    &set_label("mmx_break",16);
-	&shl	(&LB($nlo),4);
-	&and	($rem,0xf);
-	&psrlq	($Zlo,4);
-	&and	($nhi,0xf0);
-	&movq	($tmp,$Zhi);
-	&psrlq	($Zhi,4);
-	&pxor	($Zlo,&QWP(8,$Htbl,$nlo));
-	&psllq	($tmp,60);
-	&pxor	($Zhi,&QWP(0,$rem_4bit,$rem,8));
-	&movd	($rem,$Zlo);
-	&pxor	($Zhi,&QWP(0,$Htbl,$nlo));
-	&pxor	($Zlo,$tmp);
-
-	&psrlq	($Zlo,4);
-	&and	($rem,0xf);
-	&movq	($tmp,$Zhi);
-	&psrlq	($Zhi,4);
-	&pxor	($Zlo,&QWP(8,$Htbl,$nhi));
-	&psllq	($tmp,60);
-	&pxor	($Zhi,&QWP(0,$rem_4bit,$rem,8));
-	&movd	($rem,$Zlo);
-	&pxor	($Zhi,&QWP(0,$Htbl,$nhi));
-	&pxor	($Zlo,$tmp);
-
-	&psrlq	($Zlo,32);	# lower part of Zlo is already there
-	&movd	($Zhl,$Zhi);
-	&psrlq	($Zhi,32);
-	&movd	($Zlh,$Zlo);
-	&movd	($Zhh,$Zhi);
-
-	&bswap	($Zll);
-	&bswap	($Zhl);
-	&bswap	($Zlh);
-	&bswap	($Zhh);
-}
-
-&function_begin("gcm_gmult_4bit_mmx");
-	&mov	($inp,&wparam(0));	# load Xi
-	&mov	($Htbl,&wparam(1));	# load Htable
-
-	&call	(&label("pic_point"));
-	&set_label("pic_point");
-	&blindpop("eax");
-	&lea	("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax"));
-
-	&movz	($Zll,&BP(15,$inp));
-
-	&mmx_loop($inp,"eax");
-
-	&emms	();
-	&mov	(&DWP(12,$inp),$Zll);
-	&mov	(&DWP(4,$inp),$Zhl);
-	&mov	(&DWP(8,$inp),$Zlh);
-	&mov	(&DWP(0,$inp),$Zhh);
-&function_end("gcm_gmult_4bit_mmx");
-
-######################################################################
-# Below subroutine is "528B" variant of "4-bit" GCM GHASH function
-# (see gcm128.c for details). It provides further 20-40% performance
-# improvement over above mentioned "May" version.
-
-&static_label("rem_8bit");
-
-&function_begin("gcm_ghash_4bit_mmx");
-{ my ($Zlo,$Zhi) = ("mm7","mm6");
-  my $rem_8bit = "esi";
-  my $Htbl = "ebx";
-
-    # parameter block
-    &mov	("eax",&wparam(0));		# Xi
-    &mov	("ebx",&wparam(1));		# Htable
-    &mov	("ecx",&wparam(2));		# inp
-    &mov	("edx",&wparam(3));		# len
-    &mov	("ebp","esp");			# original %esp
-    &call	(&label("pic_point"));
-    &set_label	("pic_point");
-    &blindpop	($rem_8bit);
-    &lea	($rem_8bit,&DWP(&label("rem_8bit")."-".&label("pic_point"),$rem_8bit));
-
-    &sub	("esp",512+16+16);		# allocate stack frame...
-    &and	("esp",-64);			# ...and align it
-    &sub	("esp",16);			# place for (u8)(H[]<<4)
-
-    &add	("edx","ecx");			# pointer to the end of input
-    &mov	(&DWP(528+16+0,"esp"),"eax");	# save Xi
-    &mov	(&DWP(528+16+8,"esp"),"edx");	# save inp+len
-    &mov	(&DWP(528+16+12,"esp"),"ebp");	# save original %esp
-
-    { my @lo  = ("mm0","mm1","mm2");
-      my @hi  = ("mm3","mm4","mm5");
-      my @tmp = ("mm6","mm7");
-      my ($off1,$off2,$i) = (0,0,);
-
-      &add	($Htbl,128);			# optimize for size
-      &lea	("edi",&DWP(16+128,"esp"));
-      &lea	("ebp",&DWP(16+256+128,"esp"));
-
-      # decompose Htable (low and high parts are kept separately),
-      # generate Htable[]>>4, (u8)(Htable[]<<4), save to stack...
-      for ($i=0;$i<18;$i++) {
-
-	&mov	("edx",&DWP(16*$i+8-128,$Htbl))		if ($i<16);
-	&movq	($lo[0],&QWP(16*$i+8-128,$Htbl))	if ($i<16);
-	&psllq	($tmp[1],60)				if ($i>1);
-	&movq	($hi[0],&QWP(16*$i+0-128,$Htbl))	if ($i<16);
-	&por	($lo[2],$tmp[1])			if ($i>1);
-	&movq	(&QWP($off1-128,"edi"),$lo[1])		if ($i>0 && $i<17);
-	&psrlq	($lo[1],4)				if ($i>0 && $i<17);
-	&movq	(&QWP($off1,"edi"),$hi[1])		if ($i>0 && $i<17);
-	&movq	($tmp[0],$hi[1])			if ($i>0 && $i<17);
-	&movq	(&QWP($off2-128,"ebp"),$lo[2])		if ($i>1);
-	&psrlq	($hi[1],4)				if ($i>0 && $i<17);
-	&movq	(&QWP($off2,"ebp"),$hi[2])		if ($i>1);
-	&shl	("edx",4)				if ($i<16);
-	&mov	(&BP($i,"esp"),&LB("edx"))		if ($i<16);
-
-	unshift	(@lo,pop(@lo));			# "rotate" registers
-	unshift	(@hi,pop(@hi));
-	unshift	(@tmp,pop(@tmp));
-	$off1 += 8	if ($i>0);
-	$off2 += 8	if ($i>1);
-      }
-    }
-
-    &movq	($Zhi,&QWP(0,"eax"));
-    &mov	("ebx",&DWP(8,"eax"));
-    &mov	("edx",&DWP(12,"eax"));		# load Xi
-
-&set_label("outer",16);
-  { my $nlo = "eax";
-    my $dat = "edx";
-    my @nhi = ("edi","ebp");
-    my @rem = ("ebx","ecx");
-    my @red = ("mm0","mm1","mm2");
-    my $tmp = "mm3";
-
-    &xor	($dat,&DWP(12,"ecx"));		# merge input data
-    &xor	("ebx",&DWP(8,"ecx"));
-    &pxor	($Zhi,&QWP(0,"ecx"));
-    &lea	("ecx",&DWP(16,"ecx"));		# inp+=16
-    #&mov	(&DWP(528+12,"esp"),$dat);	# save inp^Xi
-    &mov	(&DWP(528+8,"esp"),"ebx");
-    &movq	(&QWP(528+0,"esp"),$Zhi);
-    &mov	(&DWP(528+16+4,"esp"),"ecx");	# save inp
-
-    &xor	($nlo,$nlo);
-    &rol	($dat,8);
-    &mov	(&LB($nlo),&LB($dat));
-    &mov	($nhi[1],$nlo);
-    &and	(&LB($nlo),0x0f);
-    &shr	($nhi[1],4);
-    &pxor	($red[0],$red[0]);
-    &rol	($dat,8);			# next byte
-    &pxor	($red[1],$red[1]);
-    &pxor	($red[2],$red[2]);
-
-    # Just like in "May" verson modulo-schedule for critical path in
-    # 'Z.hi ^= rem_8bit[Z.lo&0xff^((u8)H[nhi]<<4)]<<48'. Final 'pxor'
-    # is scheduled so late that rem_8bit[] has to be shifted *right*
-    # by 16, which is why last argument to pinsrw is 2, which
-    # corresponds to <<32=<<48>>16...
-    for ($j=11,$i=0;$i<15;$i++) {
-
-      if ($i>0) {
-	&pxor	($Zlo,&QWP(16,"esp",$nlo,8));		# Z^=H[nlo]
-	&rol	($dat,8);				# next byte
-	&pxor	($Zhi,&QWP(16+128,"esp",$nlo,8));
-
-	&pxor	($Zlo,$tmp);
-	&pxor	($Zhi,&QWP(16+256+128,"esp",$nhi[0],8));
-	&xor	(&LB($rem[1]),&BP(0,"esp",$nhi[0]));	# rem^(H[nhi]<<4)
-      } else {
-	&movq	($Zlo,&QWP(16,"esp",$nlo,8));
-	&movq	($Zhi,&QWP(16+128,"esp",$nlo,8));
-      }
-
-	&mov	(&LB($nlo),&LB($dat));
-	&mov	($dat,&DWP(528+$j,"esp"))		if (--$j%4==0);
-
-	&movd	($rem[0],$Zlo);
-	&movz	($rem[1],&LB($rem[1]))			if ($i>0);
-	&psrlq	($Zlo,8);				# Z>>=8
-
-	&movq	($tmp,$Zhi);
-	&mov	($nhi[0],$nlo);
-	&psrlq	($Zhi,8);
-
-	&pxor	($Zlo,&QWP(16+256+0,"esp",$nhi[1],8));	# Z^=H[nhi]>>4
-	&and	(&LB($nlo),0x0f);
-	&psllq	($tmp,56);
-
-	&pxor	($Zhi,$red[1])				if ($i>1);
-	&shr	($nhi[0],4);
-	&pinsrw	($red[0],&WP(0,$rem_8bit,$rem[1],2),2)	if ($i>0);
-
-	unshift	(@red,pop(@red));			# "rotate" registers
-	unshift	(@rem,pop(@rem));
-	unshift	(@nhi,pop(@nhi));
-    }
-
-    &pxor	($Zlo,&QWP(16,"esp",$nlo,8));		# Z^=H[nlo]
-    &pxor	($Zhi,&QWP(16+128,"esp",$nlo,8));
-    &xor	(&LB($rem[1]),&BP(0,"esp",$nhi[0]));	# rem^(H[nhi]<<4)
-
-    &pxor	($Zlo,$tmp);
-    &pxor	($Zhi,&QWP(16+256+128,"esp",$nhi[0],8));
-    &movz	($rem[1],&LB($rem[1]));
-
-    &pxor	($red[2],$red[2]);			# clear 2nd word
-    &psllq	($red[1],4);
-
-    &movd	($rem[0],$Zlo);
-    &psrlq	($Zlo,4);				# Z>>=4
-
-    &movq	($tmp,$Zhi);
-    &psrlq	($Zhi,4);
-    &shl	($rem[0],4);				# rem<<4
-
-    &pxor	($Zlo,&QWP(16,"esp",$nhi[1],8));	# Z^=H[nhi]
-    &psllq	($tmp,60);
-    &movz	($rem[0],&LB($rem[0]));
-
-    &pxor	($Zlo,$tmp);
-    &pxor	($Zhi,&QWP(16+128,"esp",$nhi[1],8));
-
-    &pinsrw	($red[0],&WP(0,$rem_8bit,$rem[1],2),2);
-    &pxor	($Zhi,$red[1]);
-
-    &movd	($dat,$Zlo);
-    &pinsrw	($red[2],&WP(0,$rem_8bit,$rem[0],2),3);	# last is <<48
-
-    &psllq	($red[0],12);				# correct by <<16>>4
-    &pxor	($Zhi,$red[0]);
-    &psrlq	($Zlo,32);
-    &pxor	($Zhi,$red[2]);
-
-    &mov	("ecx",&DWP(528+16+4,"esp"));	# restore inp
-    &movd	("ebx",$Zlo);
-    &movq	($tmp,$Zhi);			# 01234567
-    &psllw	($Zhi,8);			# 1.3.5.7.
-    &psrlw	($tmp,8);			# .0.2.4.6
-    &por	($Zhi,$tmp);			# 10325476
-    &bswap	($dat);
-    &pshufw	($Zhi,$Zhi,0b00011011);		# 76543210
-    &bswap	("ebx");
-    
-    &cmp	("ecx",&DWP(528+16+8,"esp"));	# are we done?
-    &jne	(&label("outer"));
-  }
-
-    &mov	("eax",&DWP(528+16+0,"esp"));	# restore Xi
-    &mov	(&DWP(12,"eax"),"edx");
-    &mov	(&DWP(8,"eax"),"ebx");
-    &movq	(&QWP(0,"eax"),$Zhi);
-
-    &mov	("esp",&DWP(528+16+12,"esp"));	# restore original %esp
-    &emms	();
-}
-&function_end("gcm_ghash_4bit_mmx");
-}}
-
-if ($sse2) {{
-######################################################################
-# PCLMULQDQ version.
-
-$Xip="eax";
-$Htbl="edx";
-$const="ecx";
-$inp="esi";
-$len="ebx";
-
-($Xi,$Xhi)=("xmm0","xmm1");	$Hkey="xmm2";
-($T1,$T2,$T3)=("xmm3","xmm4","xmm5");
-($Xn,$Xhn)=("xmm6","xmm7");
-
-&static_label("bswap");
-
-sub clmul64x64_T2 {	# minimal "register" pressure
-my ($Xhi,$Xi,$Hkey)=@_;
-
-	&movdqa		($Xhi,$Xi);		#
-	&pshufd		($T1,$Xi,0b01001110);
-	&pshufd		($T2,$Hkey,0b01001110);
-	&pxor		($T1,$Xi);		#
-	&pxor		($T2,$Hkey);
-
-	&pclmulqdq	($Xi,$Hkey,0x00);	#######
-	&pclmulqdq	($Xhi,$Hkey,0x11);	#######
-	&pclmulqdq	($T1,$T2,0x00);		#######
-	&xorps		($T1,$Xi);		#
-	&xorps		($T1,$Xhi);		#
-
-	&movdqa		($T2,$T1);		#
-	&psrldq		($T1,8);
-	&pslldq		($T2,8);		#
-	&pxor		($Xhi,$T1);
-	&pxor		($Xi,$T2);		#
-}
-
-sub clmul64x64_T3 {
-# Even though this subroutine offers visually better ILP, it
-# was empirically found to be a tad slower than above version.
-# At least in gcm_ghash_clmul context. But it's just as well,
-# because loop modulo-scheduling is possible only thanks to
-# minimized "register" pressure...
-my ($Xhi,$Xi,$Hkey)=@_;
-
-	&movdqa		($T1,$Xi);		#
-	&movdqa		($Xhi,$Xi);
-	&pclmulqdq	($Xi,$Hkey,0x00);	#######
-	&pclmulqdq	($Xhi,$Hkey,0x11);	#######
-	&pshufd		($T2,$T1,0b01001110);	#
-	&pshufd		($T3,$Hkey,0b01001110);
-	&pxor		($T2,$T1);		#
-	&pxor		($T3,$Hkey);
-	&pclmulqdq	($T2,$T3,0x00);		#######
-	&pxor		($T2,$Xi);		#
-	&pxor		($T2,$Xhi);		#
-
-	&movdqa		($T3,$T2);		#
-	&psrldq		($T2,8);
-	&pslldq		($T3,8);		#
-	&pxor		($Xhi,$T2);
-	&pxor		($Xi,$T3);		#
-}
-
-if (1) {		# Algorithm 9 with <<1 twist.
-			# Reduction is shorter and uses only two
-			# temporary registers, which makes it better
-			# candidate for interleaving with 64x64
-			# multiplication. Pre-modulo-scheduled loop
-			# was found to be ~20% faster than Algorithm 5
-			# below. Algorithm 9 was therefore chosen for
-			# further optimization...
-
-sub reduction_alg9 {	# 17/13 times faster than Intel version
-my ($Xhi,$Xi) = @_;
-
-	# 1st phase
-	&movdqa		($T1,$Xi);		#
-	&psllq		($Xi,1);
-	&pxor		($Xi,$T1);		#
-	&psllq		($Xi,5);		#
-	&pxor		($Xi,$T1);		#
-	&psllq		($Xi,57);		#
-	&movdqa		($T2,$Xi);		#
-	&pslldq		($Xi,8);
-	&psrldq		($T2,8);		#
-	&pxor		($Xi,$T1);
-	&pxor		($Xhi,$T2);		#
-
-	# 2nd phase
-	&movdqa		($T2,$Xi);
-	&psrlq		($Xi,5);
-	&pxor		($Xi,$T2);		#
-	&psrlq		($Xi,1);		#
-	&pxor		($Xi,$T2);		#
-	&pxor		($T2,$Xhi);
-	&psrlq		($Xi,1);		#
-	&pxor		($Xi,$T2);		#
-}
-
-&function_begin_B("gcm_init_clmul");
-	&mov		($Htbl,&wparam(0));
-	&mov		($Xip,&wparam(1));
-
-	&call		(&label("pic"));
-&set_label("pic");
-	&blindpop	($const);
-	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
-
-	&movdqu		($Hkey,&QWP(0,$Xip));
-	&pshufd		($Hkey,$Hkey,0b01001110);# dword swap
-
-	# <<1 twist
-	&pshufd		($T2,$Hkey,0b11111111);	# broadcast uppermost dword
-	&movdqa		($T1,$Hkey);
-	&psllq		($Hkey,1);
-	&pxor		($T3,$T3);		#
-	&psrlq		($T1,63);
-	&pcmpgtd	($T3,$T2);		# broadcast carry bit
-	&pslldq		($T1,8);
-	&por		($Hkey,$T1);		# H<<=1
-
-	# magic reduction
-	&pand		($T3,&QWP(16,$const));	# 0x1c2_polynomial
-	&pxor		($Hkey,$T3);		# if(carry) H^=0x1c2_polynomial
-
-	# calculate H^2
-	&movdqa		($Xi,$Hkey);
-	&clmul64x64_T2	($Xhi,$Xi,$Hkey);
-	&reduction_alg9	($Xhi,$Xi);
-
-	&movdqu		(&QWP(0,$Htbl),$Hkey);	# save H
-	&movdqu		(&QWP(16,$Htbl),$Xi);	# save H^2
-
-	&ret		();
-&function_end_B("gcm_init_clmul");
-
-&function_begin_B("gcm_gmult_clmul");
-	&mov		($Xip,&wparam(0));
-	&mov		($Htbl,&wparam(1));
-
-	&call		(&label("pic"));
-&set_label("pic");
-	&blindpop	($const);
-	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
-
-	&movdqu		($Xi,&QWP(0,$Xip));
-	&movdqa		($T3,&QWP(0,$const));
-	&movups		($Hkey,&QWP(0,$Htbl));
-	&pshufb		($Xi,$T3);
-
-	&clmul64x64_T2	($Xhi,$Xi,$Hkey);
-	&reduction_alg9	($Xhi,$Xi);
-
-	&pshufb		($Xi,$T3);
-	&movdqu		(&QWP(0,$Xip),$Xi);
-
-	&ret	();
-&function_end_B("gcm_gmult_clmul");
-
-&function_begin("gcm_ghash_clmul");
-	&mov		($Xip,&wparam(0));
-	&mov		($Htbl,&wparam(1));
-	&mov		($inp,&wparam(2));
-	&mov		($len,&wparam(3));
-
-	&call		(&label("pic"));
-&set_label("pic");
-	&blindpop	($const);
-	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
-
-	&movdqu		($Xi,&QWP(0,$Xip));
-	&movdqa		($T3,&QWP(0,$const));
-	&movdqu		($Hkey,&QWP(0,$Htbl));
-	&pshufb		($Xi,$T3);
-
-	&sub		($len,0x10);
-	&jz		(&label("odd_tail"));
-
-	#######
-	# Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
-	#	[(H*Ii+1) + (H*Xi+1)] mod P =
-	#	[(H*Ii+1) + H^2*(Ii+Xi)] mod P
-	#
-	&movdqu		($T1,&QWP(0,$inp));	# Ii
-	&movdqu		($Xn,&QWP(16,$inp));	# Ii+1
-	&pshufb		($T1,$T3);
-	&pshufb		($Xn,$T3);
-	&pxor		($Xi,$T1);		# Ii+Xi
-
-	&clmul64x64_T2	($Xhn,$Xn,$Hkey);	# H*Ii+1
-	&movups		($Hkey,&QWP(16,$Htbl));	# load H^2
-
-	&lea		($inp,&DWP(32,$inp));	# i+=2
-	&sub		($len,0x20);
-	&jbe		(&label("even_tail"));
-
-&set_label("mod_loop");
-	&clmul64x64_T2	($Xhi,$Xi,$Hkey);	# H^2*(Ii+Xi)
-	&movdqu		($T1,&QWP(0,$inp));	# Ii
-	&movups		($Hkey,&QWP(0,$Htbl));	# load H
-
-	&pxor		($Xi,$Xn);		# (H*Ii+1) + H^2*(Ii+Xi)
-	&pxor		($Xhi,$Xhn);
-
-	&movdqu		($Xn,&QWP(16,$inp));	# Ii+1
-	&pshufb		($T1,$T3);
-	&pshufb		($Xn,$T3);
-
-	&movdqa		($T3,$Xn);		#&clmul64x64_TX	($Xhn,$Xn,$Hkey); H*Ii+1
-	&movdqa		($Xhn,$Xn);
-	 &pxor		($Xhi,$T1);		# "Ii+Xi", consume early
-
-	  &movdqa	($T1,$Xi);		#&reduction_alg9($Xhi,$Xi); 1st phase
-	  &psllq	($Xi,1);
-	  &pxor		($Xi,$T1);		#
-	  &psllq	($Xi,5);		#
-	  &pxor		($Xi,$T1);		#
-	&pclmulqdq	($Xn,$Hkey,0x00);	#######
-	  &psllq	($Xi,57);		#
-	  &movdqa	($T2,$Xi);		#
-	  &pslldq	($Xi,8);
-	  &psrldq	($T2,8);		#	
-	  &pxor		($Xi,$T1);
-	&pshufd		($T1,$T3,0b01001110);
-	  &pxor		($Xhi,$T2);		#
-	&pxor		($T1,$T3);
-	&pshufd		($T3,$Hkey,0b01001110);
-	&pxor		($T3,$Hkey);		#
-
-	&pclmulqdq	($Xhn,$Hkey,0x11);	#######
-	  &movdqa	($T2,$Xi);		# 2nd phase
-	  &psrlq	($Xi,5);
-	  &pxor		($Xi,$T2);		#
-	  &psrlq	($Xi,1);		#
-	  &pxor		($Xi,$T2);		#
-	  &pxor		($T2,$Xhi);
-	  &psrlq	($Xi,1);		#
-	  &pxor		($Xi,$T2);		#
-
-	&pclmulqdq	($T1,$T3,0x00);		#######
-	&movups		($Hkey,&QWP(16,$Htbl));	# load H^2
-	&xorps		($T1,$Xn);		#
-	&xorps		($T1,$Xhn);		#
-
-	&movdqa		($T3,$T1);		#
-	&psrldq		($T1,8);
-	&pslldq		($T3,8);		#
-	&pxor		($Xhn,$T1);
-	&pxor		($Xn,$T3);		#
-	&movdqa		($T3,&QWP(0,$const));
-
-	&lea		($inp,&DWP(32,$inp));
-	&sub		($len,0x20);
-	&ja		(&label("mod_loop"));
-
-&set_label("even_tail");
-	&clmul64x64_T2	($Xhi,$Xi,$Hkey);	# H^2*(Ii+Xi)
-
-	&pxor		($Xi,$Xn);		# (H*Ii+1) + H^2*(Ii+Xi)
-	&pxor		($Xhi,$Xhn);
-
-	&reduction_alg9	($Xhi,$Xi);
-
-	&test		($len,$len);
-	&jnz		(&label("done"));
-
-	&movups		($Hkey,&QWP(0,$Htbl));	# load H
-&set_label("odd_tail");
-	&movdqu		($T1,&QWP(0,$inp));	# Ii
-	&pshufb		($T1,$T3);
-	&pxor		($Xi,$T1);		# Ii+Xi
-
-	&clmul64x64_T2	($Xhi,$Xi,$Hkey);	# H*(Ii+Xi)
-	&reduction_alg9	($Xhi,$Xi);
-
-&set_label("done");
-	&pshufb		($Xi,$T3);
-	&movdqu		(&QWP(0,$Xip),$Xi);
-&function_end("gcm_ghash_clmul");
-
-} else {		# Algorith 5. Kept for reference purposes.
-
-sub reduction_alg5 {	# 19/16 times faster than Intel version
-my ($Xhi,$Xi)=@_;
-
-	# <<1
-	&movdqa		($T1,$Xi);		#
-	&movdqa		($T2,$Xhi);
-	&pslld		($Xi,1);
-	&pslld		($Xhi,1);		#
-	&psrld		($T1,31);
-	&psrld		($T2,31);		#
-	&movdqa		($T3,$T1);
-	&pslldq		($T1,4);
-	&psrldq		($T3,12);		#
-	&pslldq		($T2,4);
-	&por		($Xhi,$T3);		#
-	&por		($Xi,$T1);
-	&por		($Xhi,$T2);		#
-
-	# 1st phase
-	&movdqa		($T1,$Xi);
-	&movdqa		($T2,$Xi);
-	&movdqa		($T3,$Xi);		#
-	&pslld		($T1,31);
-	&pslld		($T2,30);
-	&pslld		($Xi,25);		#
-	&pxor		($T1,$T2);
-	&pxor		($T1,$Xi);		#
-	&movdqa		($T2,$T1);		#
-	&pslldq		($T1,12);
-	&psrldq		($T2,4);		#
-	&pxor		($T3,$T1);
-
-	# 2nd phase
-	&pxor		($Xhi,$T3);		#
-	&movdqa		($Xi,$T3);
-	&movdqa		($T1,$T3);
-	&psrld		($Xi,1);		#
-	&psrld		($T1,2);
-	&psrld		($T3,7);		#
-	&pxor		($Xi,$T1);
-	&pxor		($Xhi,$T2);
-	&pxor		($Xi,$T3);		#
-	&pxor		($Xi,$Xhi);		#
-}
-
-&function_begin_B("gcm_init_clmul");
-	&mov		($Htbl,&wparam(0));
-	&mov		($Xip,&wparam(1));
-
-	&call		(&label("pic"));
-&set_label("pic");
-	&blindpop	($const);
-	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
-
-	&movdqu		($Hkey,&QWP(0,$Xip));
-	&pshufd		($Hkey,$Hkey,0b01001110);# dword swap
-
-	# calculate H^2
-	&movdqa		($Xi,$Hkey);
-	&clmul64x64_T3	($Xhi,$Xi,$Hkey);
-	&reduction_alg5	($Xhi,$Xi);
-
-	&movdqu		(&QWP(0,$Htbl),$Hkey);	# save H
-	&movdqu		(&QWP(16,$Htbl),$Xi);	# save H^2
-
-	&ret		();
-&function_end_B("gcm_init_clmul");
-
-&function_begin_B("gcm_gmult_clmul");
-	&mov		($Xip,&wparam(0));
-	&mov		($Htbl,&wparam(1));
-
-	&call		(&label("pic"));
-&set_label("pic");
-	&blindpop	($const);
-	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
-
-	&movdqu		($Xi,&QWP(0,$Xip));
-	&movdqa		($Xn,&QWP(0,$const));
-	&movdqu		($Hkey,&QWP(0,$Htbl));
-	&pshufb		($Xi,$Xn);
-
-	&clmul64x64_T3	($Xhi,$Xi,$Hkey);
-	&reduction_alg5	($Xhi,$Xi);
-
-	&pshufb		($Xi,$Xn);
-	&movdqu		(&QWP(0,$Xip),$Xi);
-
-	&ret	();
-&function_end_B("gcm_gmult_clmul");
-
-&function_begin("gcm_ghash_clmul");
-	&mov		($Xip,&wparam(0));
-	&mov		($Htbl,&wparam(1));
-	&mov		($inp,&wparam(2));
-	&mov		($len,&wparam(3));
-
-	&call		(&label("pic"));
-&set_label("pic");
-	&blindpop	($const);
-	&lea		($const,&DWP(&label("bswap")."-".&label("pic"),$const));
-
-	&movdqu		($Xi,&QWP(0,$Xip));
-	&movdqa		($T3,&QWP(0,$const));
-	&movdqu		($Hkey,&QWP(0,$Htbl));
-	&pshufb		($Xi,$T3);
-
-	&sub		($len,0x10);
-	&jz		(&label("odd_tail"));
-
-	#######
-	# Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
-	#	[(H*Ii+1) + (H*Xi+1)] mod P =
-	#	[(H*Ii+1) + H^2*(Ii+Xi)] mod P
-	#
-	&movdqu		($T1,&QWP(0,$inp));	# Ii
-	&movdqu		($Xn,&QWP(16,$inp));	# Ii+1
-	&pshufb		($T1,$T3);
-	&pshufb		($Xn,$T3);
-	&pxor		($Xi,$T1);		# Ii+Xi
-
-	&clmul64x64_T3	($Xhn,$Xn,$Hkey);	# H*Ii+1
-	&movdqu		($Hkey,&QWP(16,$Htbl));	# load H^2
-
-	&sub		($len,0x20);
-	&lea		($inp,&DWP(32,$inp));	# i+=2
-	&jbe		(&label("even_tail"));
-
-&set_label("mod_loop");
-	&clmul64x64_T3	($Xhi,$Xi,$Hkey);	# H^2*(Ii+Xi)
-	&movdqu		($Hkey,&QWP(0,$Htbl));	# load H
-
-	&pxor		($Xi,$Xn);		# (H*Ii+1) + H^2*(Ii+Xi)
-	&pxor		($Xhi,$Xhn);
-
-	&reduction_alg5	($Xhi,$Xi);
-
-	#######
-	&movdqa		($T3,&QWP(0,$const));
-	&movdqu		($T1,&QWP(0,$inp));	# Ii
-	&movdqu		($Xn,&QWP(16,$inp));	# Ii+1
-	&pshufb		($T1,$T3);
-	&pshufb		($Xn,$T3);
-	&pxor		($Xi,$T1);		# Ii+Xi
-
-	&clmul64x64_T3	($Xhn,$Xn,$Hkey);	# H*Ii+1
-	&movdqu		($Hkey,&QWP(16,$Htbl));	# load H^2
-
-	&sub		($len,0x20);
-	&lea		($inp,&DWP(32,$inp));
-	&ja		(&label("mod_loop"));
-
-&set_label("even_tail");
-	&clmul64x64_T3	($Xhi,$Xi,$Hkey);	# H^2*(Ii+Xi)
-
-	&pxor		($Xi,$Xn);		# (H*Ii+1) + H^2*(Ii+Xi)
-	&pxor		($Xhi,$Xhn);
-
-	&reduction_alg5	($Xhi,$Xi);
-
-	&movdqa		($T3,&QWP(0,$const));
-	&test		($len,$len);
-	&jnz		(&label("done"));
-
-	&movdqu		($Hkey,&QWP(0,$Htbl));	# load H
-&set_label("odd_tail");
-	&movdqu		($T1,&QWP(0,$inp));	# Ii
-	&pshufb		($T1,$T3);
-	&pxor		($Xi,$T1);		# Ii+Xi
-
-	&clmul64x64_T3	($Xhi,$Xi,$Hkey);	# H*(Ii+Xi)
-	&reduction_alg5	($Xhi,$Xi);
-
-	&movdqa		($T3,&QWP(0,$const));
-&set_label("done");
-	&pshufb		($Xi,$T3);
-	&movdqu		(&QWP(0,$Xip),$Xi);
-&function_end("gcm_ghash_clmul");
-
-}
-
-&set_label("bswap",64);
-	&data_byte(15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0);
-	&data_byte(1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2);	# 0x1c2_polynomial
-}}	# $sse2
-
-&set_label("rem_4bit",64);
-	&data_word(0,0x0000<<$S,0,0x1C20<<$S,0,0x3840<<$S,0,0x2460<<$S);
-	&data_word(0,0x7080<<$S,0,0x6CA0<<$S,0,0x48C0<<$S,0,0x54E0<<$S);
-	&data_word(0,0xE100<<$S,0,0xFD20<<$S,0,0xD940<<$S,0,0xC560<<$S);
-	&data_word(0,0x9180<<$S,0,0x8DA0<<$S,0,0xA9C0<<$S,0,0xB5E0<<$S);
-&set_label("rem_8bit",64);
-	&data_short(0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E);
-	&data_short(0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E);
-	&data_short(0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E);
-	&data_short(0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E);
-	&data_short(0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E);
-	&data_short(0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E);
-	&data_short(0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E);
-	&data_short(0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E);
-	&data_short(0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE);
-	&data_short(0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE);
-	&data_short(0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE);
-	&data_short(0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE);
-	&data_short(0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E);
-	&data_short(0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E);
-	&data_short(0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE);
-	&data_short(0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE);
-	&data_short(0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E);
-	&data_short(0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E);
-	&data_short(0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E);
-	&data_short(0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E);
-	&data_short(0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E);
-	&data_short(0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E);
-	&data_short(0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E);
-	&data_short(0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E);
-	&data_short(0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE);
-	&data_short(0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE);
-	&data_short(0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE);
-	&data_short(0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE);
-	&data_short(0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E);
-	&data_short(0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E);
-	&data_short(0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE);
-	&data_short(0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE);
-}}}	# !$x86only
-
-&asciz("GHASH for x86, CRYPTOGAMS by <appro\@openssl.org>");
-&asm_finish();
-
-# A question was risen about choice of vanilla MMX. Or rather why wasn't
-# SSE2 chosen instead? In addition to the fact that MMX runs on legacy
-# CPUs such as PIII, "4-bit" MMX version was observed to provide better
-# performance than *corresponding* SSE2 one even on contemporary CPUs.
-# SSE2 results were provided by Peter-Michael Hager. He maintains SSE2
-# implementation featuring full range of lookup-table sizes, but with
-# per-invocation lookup table setup. Latter means that table size is
-# chosen depending on how much data is to be hashed in every given call,
-# more data - larger table. Best reported result for Core2 is ~4 cycles
-# per processed byte out of 64KB block. This number accounts even for
-# 64KB table setup overhead. As discussed in gcm128.c we choose to be
-# more conservative in respect to lookup table sizes, but how do the
-# results compare? Minimalistic "256B" MMX version delivers ~11 cycles
-# on same platform. As also discussed in gcm128.c, next in line "8-bit
-# Shoup's" or "4KB" method should deliver twice the performance of
-# "256B" one, in other words not worse than ~6 cycles per byte. It
-# should be also be noted that in SSE2 case improvement can be "super-
-# linear," i.e. more than twice, mostly because >>8 maps to single
-# instruction on SSE2 register. This is unlike "4-bit" case when >>4
-# maps to same amount of instructions in both MMX and SSE2 cases.
-# Bottom line is that switch to SSE2 is considered to be justifiable
-# only in case we choose to implement "8-bit" method...
diff --git a/crypto/modes/asm/ghash-x86_64.S b/crypto/modes/asm/ghash-x86_64.S
deleted file mode 100644
index 62d39c65f5..0000000000
--- a/crypto/modes/asm/ghash-x86_64.S
+++ /dev/null
@@ -1,1026 +0,0 @@
-.text	
-
-.globl	gcm_gmult_4bit
-.type	gcm_gmult_4bit,@function
-.align	16
-gcm_gmult_4bit:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-.Lgmult_prologue:
-
-	movzbq	15(%rdi),%r8
-	leaq	.Lrem_4bit(%rip),%r11
-	xorq	%rax,%rax
-	xorq	%rbx,%rbx
-	movb	%r8b,%al
-	movb	%r8b,%bl
-	shlb	$4,%al
-	movq	$14,%rcx
-	movq	8(%rsi,%rax,1),%r8
-	movq	(%rsi,%rax,1),%r9
-	andb	$240,%bl
-	movq	%r8,%rdx
-	jmp	.Loop1
-
-.align	16
-.Loop1:
-	shrq	$4,%r8
-	andq	$15,%rdx
-	movq	%r9,%r10
-	movb	(%rdi,%rcx,1),%al
-	shrq	$4,%r9
-	xorq	8(%rsi,%rbx,1),%r8
-	shlq	$60,%r10
-	xorq	(%rsi,%rbx,1),%r9
-	movb	%al,%bl
-	xorq	(%r11,%rdx,8),%r9
-	movq	%r8,%rdx
-	shlb	$4,%al
-	xorq	%r10,%r8
-	decq	%rcx
-	js	.Lbreak1
-
-	shrq	$4,%r8
-	andq	$15,%rdx
-	movq	%r9,%r10
-	shrq	$4,%r9
-	xorq	8(%rsi,%rax,1),%r8
-	shlq	$60,%r10
-	xorq	(%rsi,%rax,1),%r9
-	andb	$240,%bl
-	xorq	(%r11,%rdx,8),%r9
-	movq	%r8,%rdx
-	xorq	%r10,%r8
-	jmp	.Loop1
-
-.align	16
-.Lbreak1:
-	shrq	$4,%r8
-	andq	$15,%rdx
-	movq	%r9,%r10
-	shrq	$4,%r9
-	xorq	8(%rsi,%rax,1),%r8
-	shlq	$60,%r10
-	xorq	(%rsi,%rax,1),%r9
-	andb	$240,%bl
-	xorq	(%r11,%rdx,8),%r9
-	movq	%r8,%rdx
-	xorq	%r10,%r8
-
-	shrq	$4,%r8
-	andq	$15,%rdx
-	movq	%r9,%r10
-	shrq	$4,%r9
-	xorq	8(%rsi,%rbx,1),%r8
-	shlq	$60,%r10
-	xorq	(%rsi,%rbx,1),%r9
-	xorq	%r10,%r8
-	xorq	(%r11,%rdx,8),%r9
-
-	bswapq	%r8
-	bswapq	%r9
-	movq	%r8,8(%rdi)
-	movq	%r9,(%rdi)
-
-	movq	16(%rsp),%rbx
-	leaq	24(%rsp),%rsp
-.Lgmult_epilogue:
-	.byte	0xf3,0xc3
-.size	gcm_gmult_4bit,.-gcm_gmult_4bit
-.globl	gcm_ghash_4bit
-.type	gcm_ghash_4bit,@function
-.align	16
-gcm_ghash_4bit:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	subq	$280,%rsp
-.Lghash_prologue:
-	movq	%rdx,%r14
-	movq	%rcx,%r15
-	subq	$-128,%rsi
-	leaq	16+128(%rsp),%rbp
-	xorl	%edx,%edx
-	movq	0+0-128(%rsi),%r8
-	movq	0+8-128(%rsi),%rax
-	movb	%al,%dl
-	shrq	$4,%rax
-	movq	%r8,%r10
-	shrq	$4,%r8
-	movq	16+0-128(%rsi),%r9
-	shlb	$4,%dl
-	movq	16+8-128(%rsi),%rbx
-	shlq	$60,%r10
-	movb	%dl,0(%rsp)
-	orq	%r10,%rax
-	movb	%bl,%dl
-	shrq	$4,%rbx
-	movq	%r9,%r10
-	shrq	$4,%r9
-	movq	%r8,0(%rbp)
-	movq	32+0-128(%rsi),%r8
-	shlb	$4,%dl
-	movq	%rax,0-128(%rbp)
-	movq	32+8-128(%rsi),%rax
-	shlq	$60,%r10
-	movb	%dl,1(%rsp)
-	orq	%r10,%rbx
-	movb	%al,%dl
-	shrq	$4,%rax
-	movq	%r8,%r10
-	shrq	$4,%r8
-	movq	%r9,8(%rbp)
-	movq	48+0-128(%rsi),%r9
-	shlb	$4,%dl
-	movq	%rbx,8-128(%rbp)
-	movq	48+8-128(%rsi),%rbx
-	shlq	$60,%r10
-	movb	%dl,2(%rsp)
-	orq	%r10,%rax
-	movb	%bl,%dl
-	shrq	$4,%rbx
-	movq	%r9,%r10
-	shrq	$4,%r9
-	movq	%r8,16(%rbp)
-	movq	64+0-128(%rsi),%r8
-	shlb	$4,%dl
-	movq	%rax,16-128(%rbp)
-	movq	64+8-128(%rsi),%rax
-	shlq	$60,%r10
-	movb	%dl,3(%rsp)
-	orq	%r10,%rbx
-	movb	%al,%dl
-	shrq	$4,%rax
-	movq	%r8,%r10
-	shrq	$4,%r8
-	movq	%r9,24(%rbp)
-	movq	80+0-128(%rsi),%r9
-	shlb	$4,%dl
-	movq	%rbx,24-128(%rbp)
-	movq	80+8-128(%rsi),%rbx
-	shlq	$60,%r10
-	movb	%dl,4(%rsp)
-	orq	%r10,%rax
-	movb	%bl,%dl
-	shrq	$4,%rbx
-	movq	%r9,%r10
-	shrq	$4,%r9
-	movq	%r8,32(%rbp)
-	movq	96+0-128(%rsi),%r8
-	shlb	$4,%dl
-	movq	%rax,32-128(%rbp)
-	movq	96+8-128(%rsi),%rax
-	shlq	$60,%r10
-	movb	%dl,5(%rsp)
-	orq	%r10,%rbx
-	movb	%al,%dl
-	shrq	$4,%rax
-	movq	%r8,%r10
-	shrq	$4,%r8
-	movq	%r9,40(%rbp)
-	movq	112+0-128(%rsi),%r9
-	shlb	$4,%dl
-	movq	%rbx,40-128(%rbp)
-	movq	112+8-128(%rsi),%rbx
-	shlq	$60,%r10
-	movb	%dl,6(%rsp)
-	orq	%r10,%rax
-	movb	%bl,%dl
-	shrq	$4,%rbx
-	movq	%r9,%r10
-	shrq	$4,%r9
-	movq	%r8,48(%rbp)
-	movq	128+0-128(%rsi),%r8
-	shlb	$4,%dl
-	movq	%rax,48-128(%rbp)
-	movq	128+8-128(%rsi),%rax
-	shlq	$60,%r10
-	movb	%dl,7(%rsp)
-	orq	%r10,%rbx
-	movb	%al,%dl
-	shrq	$4,%rax
-	movq	%r8,%r10
-	shrq	$4,%r8
-	movq	%r9,56(%rbp)
-	movq	144+0-128(%rsi),%r9
-	shlb	$4,%dl
-	movq	%rbx,56-128(%rbp)
-	movq	144+8-128(%rsi),%rbx
-	shlq	$60,%r10
-	movb	%dl,8(%rsp)
-	orq	%r10,%rax
-	movb	%bl,%dl
-	shrq	$4,%rbx
-	movq	%r9,%r10
-	shrq	$4,%r9
-	movq	%r8,64(%rbp)
-	movq	160+0-128(%rsi),%r8
-	shlb	$4,%dl
-	movq	%rax,64-128(%rbp)
-	movq	160+8-128(%rsi),%rax
-	shlq	$60,%r10
-	movb	%dl,9(%rsp)
-	orq	%r10,%rbx
-	movb	%al,%dl
-	shrq	$4,%rax
-	movq	%r8,%r10
-	shrq	$4,%r8
-	movq	%r9,72(%rbp)
-	movq	176+0-128(%rsi),%r9
-	shlb	$4,%dl
-	movq	%rbx,72-128(%rbp)
-	movq	176+8-128(%rsi),%rbx
-	shlq	$60,%r10
-	movb	%dl,10(%rsp)
-	orq	%r10,%rax
-	movb	%bl,%dl
-	shrq	$4,%rbx
-	movq	%r9,%r10
-	shrq	$4,%r9
-	movq	%r8,80(%rbp)
-	movq	192+0-128(%rsi),%r8
-	shlb	$4,%dl
-	movq	%rax,80-128(%rbp)
-	movq	192+8-128(%rsi),%rax
-	shlq	$60,%r10
-	movb	%dl,11(%rsp)
-	orq	%r10,%rbx
-	movb	%al,%dl
-	shrq	$4,%rax
-	movq	%r8,%r10
-	shrq	$4,%r8
-	movq	%r9,88(%rbp)
-	movq	208+0-128(%rsi),%r9
-	shlb	$4,%dl
-	movq	%rbx,88-128(%rbp)
-	movq	208+8-128(%rsi),%rbx
-	shlq	$60,%r10
-	movb	%dl,12(%rsp)
-	orq	%r10,%rax
-	movb	%bl,%dl
-	shrq	$4,%rbx
-	movq	%r9,%r10
-	shrq	$4,%r9
-	movq	%r8,96(%rbp)
-	movq	224+0-128(%rsi),%r8
-	shlb	$4,%dl
-	movq	%rax,96-128(%rbp)
-	movq	224+8-128(%rsi),%rax
-	shlq	$60,%r10
-	movb	%dl,13(%rsp)
-	orq	%r10,%rbx
-	movb	%al,%dl
-	shrq	$4,%rax
-	movq	%r8,%r10
-	shrq	$4,%r8
-	movq	%r9,104(%rbp)
-	movq	240+0-128(%rsi),%r9
-	shlb	$4,%dl
-	movq	%rbx,104-128(%rbp)
-	movq	240+8-128(%rsi),%rbx
-	shlq	$60,%r10
-	movb	%dl,14(%rsp)
-	orq	%r10,%rax
-	movb	%bl,%dl
-	shrq	$4,%rbx
-	movq	%r9,%r10
-	shrq	$4,%r9
-	movq	%r8,112(%rbp)
-	shlb	$4,%dl
-	movq	%rax,112-128(%rbp)
-	shlq	$60,%r10
-	movb	%dl,15(%rsp)
-	orq	%r10,%rbx
-	movq	%r9,120(%rbp)
-	movq	%rbx,120-128(%rbp)
-	addq	$-128,%rsi
-	movq	8(%rdi),%r8
-	movq	0(%rdi),%r9
-	addq	%r14,%r15
-	leaq	.Lrem_8bit(%rip),%r11
-	jmp	.Louter_loop
-.align	16
-.Louter_loop:
-	xorq	(%r14),%r9
-	movq	8(%r14),%rdx
-	leaq	16(%r14),%r14
-	xorq	%r8,%rdx
-	movq	%r9,(%rdi)
-	movq	%rdx,8(%rdi)
-	shrq	$32,%rdx
-	xorq	%rax,%rax
-	roll	$8,%edx
-	movb	%dl,%al
-	movzbl	%dl,%ebx
-	shlb	$4,%al
-	shrl	$4,%ebx
-	roll	$8,%edx
-	movq	8(%rsi,%rax,1),%r8
-	movq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	movzbl	%dl,%ecx
-	shlb	$4,%al
-	movzbq	(%rsp,%rbx,1),%r12
-	shrl	$4,%ecx
-	xorq	%r8,%r12
-	movq	%r9,%r10
-	shrq	$8,%r8
-	movzbq	%r12b,%r12
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rbx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rbx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r12,2),%r12
-	movzbl	%dl,%ebx
-	shlb	$4,%al
-	movzbq	(%rsp,%rcx,1),%r13
-	shrl	$4,%ebx
-	shlq	$48,%r12
-	xorq	%r8,%r13
-	movq	%r9,%r10
-	xorq	%r12,%r9
-	shrq	$8,%r8
-	movzbq	%r13b,%r13
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rcx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rcx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r13,2),%r13
-	movzbl	%dl,%ecx
-	shlb	$4,%al
-	movzbq	(%rsp,%rbx,1),%r12
-	shrl	$4,%ecx
-	shlq	$48,%r13
-	xorq	%r8,%r12
-	movq	%r9,%r10
-	xorq	%r13,%r9
-	shrq	$8,%r8
-	movzbq	%r12b,%r12
-	movl	8(%rdi),%edx
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rbx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rbx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r12,2),%r12
-	movzbl	%dl,%ebx
-	shlb	$4,%al
-	movzbq	(%rsp,%rcx,1),%r13
-	shrl	$4,%ebx
-	shlq	$48,%r12
-	xorq	%r8,%r13
-	movq	%r9,%r10
-	xorq	%r12,%r9
-	shrq	$8,%r8
-	movzbq	%r13b,%r13
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rcx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rcx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r13,2),%r13
-	movzbl	%dl,%ecx
-	shlb	$4,%al
-	movzbq	(%rsp,%rbx,1),%r12
-	shrl	$4,%ecx
-	shlq	$48,%r13
-	xorq	%r8,%r12
-	movq	%r9,%r10
-	xorq	%r13,%r9
-	shrq	$8,%r8
-	movzbq	%r12b,%r12
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rbx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rbx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r12,2),%r12
-	movzbl	%dl,%ebx
-	shlb	$4,%al
-	movzbq	(%rsp,%rcx,1),%r13
-	shrl	$4,%ebx
-	shlq	$48,%r12
-	xorq	%r8,%r13
-	movq	%r9,%r10
-	xorq	%r12,%r9
-	shrq	$8,%r8
-	movzbq	%r13b,%r13
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rcx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rcx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r13,2),%r13
-	movzbl	%dl,%ecx
-	shlb	$4,%al
-	movzbq	(%rsp,%rbx,1),%r12
-	shrl	$4,%ecx
-	shlq	$48,%r13
-	xorq	%r8,%r12
-	movq	%r9,%r10
-	xorq	%r13,%r9
-	shrq	$8,%r8
-	movzbq	%r12b,%r12
-	movl	4(%rdi),%edx
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rbx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rbx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r12,2),%r12
-	movzbl	%dl,%ebx
-	shlb	$4,%al
-	movzbq	(%rsp,%rcx,1),%r13
-	shrl	$4,%ebx
-	shlq	$48,%r12
-	xorq	%r8,%r13
-	movq	%r9,%r10
-	xorq	%r12,%r9
-	shrq	$8,%r8
-	movzbq	%r13b,%r13
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rcx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rcx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r13,2),%r13
-	movzbl	%dl,%ecx
-	shlb	$4,%al
-	movzbq	(%rsp,%rbx,1),%r12
-	shrl	$4,%ecx
-	shlq	$48,%r13
-	xorq	%r8,%r12
-	movq	%r9,%r10
-	xorq	%r13,%r9
-	shrq	$8,%r8
-	movzbq	%r12b,%r12
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rbx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rbx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r12,2),%r12
-	movzbl	%dl,%ebx
-	shlb	$4,%al
-	movzbq	(%rsp,%rcx,1),%r13
-	shrl	$4,%ebx
-	shlq	$48,%r12
-	xorq	%r8,%r13
-	movq	%r9,%r10
-	xorq	%r12,%r9
-	shrq	$8,%r8
-	movzbq	%r13b,%r13
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rcx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rcx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r13,2),%r13
-	movzbl	%dl,%ecx
-	shlb	$4,%al
-	movzbq	(%rsp,%rbx,1),%r12
-	shrl	$4,%ecx
-	shlq	$48,%r13
-	xorq	%r8,%r12
-	movq	%r9,%r10
-	xorq	%r13,%r9
-	shrq	$8,%r8
-	movzbq	%r12b,%r12
-	movl	0(%rdi),%edx
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rbx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rbx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r12,2),%r12
-	movzbl	%dl,%ebx
-	shlb	$4,%al
-	movzbq	(%rsp,%rcx,1),%r13
-	shrl	$4,%ebx
-	shlq	$48,%r12
-	xorq	%r8,%r13
-	movq	%r9,%r10
-	xorq	%r12,%r9
-	shrq	$8,%r8
-	movzbq	%r13b,%r13
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rcx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rcx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r13,2),%r13
-	movzbl	%dl,%ecx
-	shlb	$4,%al
-	movzbq	(%rsp,%rbx,1),%r12
-	shrl	$4,%ecx
-	shlq	$48,%r13
-	xorq	%r8,%r12
-	movq	%r9,%r10
-	xorq	%r13,%r9
-	shrq	$8,%r8
-	movzbq	%r12b,%r12
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rbx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rbx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r12,2),%r12
-	movzbl	%dl,%ebx
-	shlb	$4,%al
-	movzbq	(%rsp,%rcx,1),%r13
-	shrl	$4,%ebx
-	shlq	$48,%r12
-	xorq	%r8,%r13
-	movq	%r9,%r10
-	xorq	%r12,%r9
-	shrq	$8,%r8
-	movzbq	%r13b,%r13
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rcx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rcx,8),%r9
-	roll	$8,%edx
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	movb	%dl,%al
-	xorq	%r10,%r8
-	movzwq	(%r11,%r13,2),%r13
-	movzbl	%dl,%ecx
-	shlb	$4,%al
-	movzbq	(%rsp,%rbx,1),%r12
-	andl	$240,%ecx
-	shlq	$48,%r13
-	xorq	%r8,%r12
-	movq	%r9,%r10
-	xorq	%r13,%r9
-	shrq	$8,%r8
-	movzbq	%r12b,%r12
-	movl	-4(%rdi),%edx
-	shrq	$8,%r9
-	xorq	-128(%rbp,%rbx,8),%r8
-	shlq	$56,%r10
-	xorq	(%rbp,%rbx,8),%r9
-	movzwq	(%r11,%r12,2),%r12
-	xorq	8(%rsi,%rax,1),%r8
-	xorq	(%rsi,%rax,1),%r9
-	shlq	$48,%r12
-	xorq	%r10,%r8
-	xorq	%r12,%r9
-	movzbq	%r8b,%r13
-	shrq	$4,%r8
-	movq	%r9,%r10
-	shlb	$4,%r13b
-	shrq	$4,%r9
-	xorq	8(%rsi,%rcx,1),%r8
-	movzwq	(%r11,%r13,2),%r13
-	shlq	$60,%r10
-	xorq	(%rsi,%rcx,1),%r9
-	xorq	%r10,%r8
-	shlq	$48,%r13
-	bswapq	%r8
-	xorq	%r13,%r9
-	bswapq	%r9
-	cmpq	%r15,%r14
-	jb	.Louter_loop
-	movq	%r8,8(%rdi)
-	movq	%r9,(%rdi)
-
-	leaq	280(%rsp),%rsi
-	movq	0(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbp
-	movq	40(%rsi),%rbx
-	leaq	48(%rsi),%rsp
-.Lghash_epilogue:
-	.byte	0xf3,0xc3
-.size	gcm_ghash_4bit,.-gcm_ghash_4bit
-.globl	gcm_init_clmul
-.type	gcm_init_clmul,@function
-.align	16
-gcm_init_clmul:
-	movdqu	(%rsi),%xmm2
-	pshufd	$78,%xmm2,%xmm2
-
-
-	pshufd	$255,%xmm2,%xmm4
-	movdqa	%xmm2,%xmm3
-	psllq	$1,%xmm2
-	pxor	%xmm5,%xmm5
-	psrlq	$63,%xmm3
-	pcmpgtd	%xmm4,%xmm5
-	pslldq	$8,%xmm3
-	por	%xmm3,%xmm2
-
-
-	pand	.L0x1c2_polynomial(%rip),%xmm5
-	pxor	%xmm5,%xmm2
-
-
-	movdqa	%xmm2,%xmm0
-	movdqa	%xmm0,%xmm1
-	pshufd	$78,%xmm0,%xmm3
-	pshufd	$78,%xmm2,%xmm4
-	pxor	%xmm0,%xmm3
-	pxor	%xmm2,%xmm4
-.byte	102,15,58,68,194,0
-.byte	102,15,58,68,202,17
-.byte	102,15,58,68,220,0
-	pxor	%xmm0,%xmm3
-	pxor	%xmm1,%xmm3
-
-	movdqa	%xmm3,%xmm4
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm4
-	pxor	%xmm3,%xmm1
-	pxor	%xmm4,%xmm0
-
-	movdqa	%xmm0,%xmm3
-	psllq	$1,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$5,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$57,%xmm0
-	movdqa	%xmm0,%xmm4
-	pslldq	$8,%xmm0
-	psrldq	$8,%xmm4
-	pxor	%xmm3,%xmm0
-	pxor	%xmm4,%xmm1
-
-
-	movdqa	%xmm0,%xmm4
-	psrlq	$5,%xmm0
-	pxor	%xmm4,%xmm0
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	pxor	%xmm1,%xmm4
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	movdqu	%xmm2,(%rdi)
-	movdqu	%xmm0,16(%rdi)
-	.byte	0xf3,0xc3
-.size	gcm_init_clmul,.-gcm_init_clmul
-.globl	gcm_gmult_clmul
-.type	gcm_gmult_clmul,@function
-.align	16
-gcm_gmult_clmul:
-	movdqu	(%rdi),%xmm0
-	movdqa	.Lbswap_mask(%rip),%xmm5
-	movdqu	(%rsi),%xmm2
-.byte	102,15,56,0,197
-	movdqa	%xmm0,%xmm1
-	pshufd	$78,%xmm0,%xmm3
-	pshufd	$78,%xmm2,%xmm4
-	pxor	%xmm0,%xmm3
-	pxor	%xmm2,%xmm4
-.byte	102,15,58,68,194,0
-.byte	102,15,58,68,202,17
-.byte	102,15,58,68,220,0
-	pxor	%xmm0,%xmm3
-	pxor	%xmm1,%xmm3
-
-	movdqa	%xmm3,%xmm4
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm4
-	pxor	%xmm3,%xmm1
-	pxor	%xmm4,%xmm0
-
-	movdqa	%xmm0,%xmm3
-	psllq	$1,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$5,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$57,%xmm0
-	movdqa	%xmm0,%xmm4
-	pslldq	$8,%xmm0
-	psrldq	$8,%xmm4
-	pxor	%xmm3,%xmm0
-	pxor	%xmm4,%xmm1
-
-
-	movdqa	%xmm0,%xmm4
-	psrlq	$5,%xmm0
-	pxor	%xmm4,%xmm0
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	pxor	%xmm1,%xmm4
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-.byte	102,15,56,0,197
-	movdqu	%xmm0,(%rdi)
-	.byte	0xf3,0xc3
-.size	gcm_gmult_clmul,.-gcm_gmult_clmul
-.globl	gcm_ghash_clmul
-.type	gcm_ghash_clmul,@function
-.align	16
-gcm_ghash_clmul:
-	movdqa	.Lbswap_mask(%rip),%xmm5
-
-	movdqu	(%rdi),%xmm0
-	movdqu	(%rsi),%xmm2
-.byte	102,15,56,0,197
-
-	subq	$16,%rcx
-	jz	.Lodd_tail
-
-	movdqu	16(%rsi),%xmm8
-
-
-
-
-
-	movdqu	(%rdx),%xmm3
-	movdqu	16(%rdx),%xmm6
-.byte	102,15,56,0,221
-.byte	102,15,56,0,245
-	pxor	%xmm3,%xmm0
-	movdqa	%xmm6,%xmm7
-	pshufd	$78,%xmm6,%xmm3
-	pshufd	$78,%xmm2,%xmm4
-	pxor	%xmm6,%xmm3
-	pxor	%xmm2,%xmm4
-.byte	102,15,58,68,242,0
-.byte	102,15,58,68,250,17
-.byte	102,15,58,68,220,0
-	pxor	%xmm6,%xmm3
-	pxor	%xmm7,%xmm3
-
-	movdqa	%xmm3,%xmm4
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm4
-	pxor	%xmm3,%xmm7
-	pxor	%xmm4,%xmm6
-	movdqa	%xmm0,%xmm1
-	pshufd	$78,%xmm0,%xmm3
-	pshufd	$78,%xmm8,%xmm4
-	pxor	%xmm0,%xmm3
-	pxor	%xmm8,%xmm4
-
-	leaq	32(%rdx),%rdx
-	subq	$32,%rcx
-	jbe	.Leven_tail
-
-.Lmod_loop:
-.byte	102,65,15,58,68,192,0
-.byte	102,65,15,58,68,200,17
-.byte	102,15,58,68,220,0
-	pxor	%xmm0,%xmm3
-	pxor	%xmm1,%xmm3
-
-	movdqa	%xmm3,%xmm4
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm4
-	pxor	%xmm3,%xmm1
-	pxor	%xmm4,%xmm0
-	movdqu	(%rdx),%xmm3
-	pxor	%xmm6,%xmm0
-	pxor	%xmm7,%xmm1
-
-	movdqu	16(%rdx),%xmm6
-.byte	102,15,56,0,221
-.byte	102,15,56,0,245
-
-	movdqa	%xmm6,%xmm7
-	pshufd	$78,%xmm6,%xmm9
-	pshufd	$78,%xmm2,%xmm10
-	pxor	%xmm6,%xmm9
-	pxor	%xmm2,%xmm10
-	pxor	%xmm3,%xmm1
-
-	movdqa	%xmm0,%xmm3
-	psllq	$1,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$5,%xmm0
-	pxor	%xmm3,%xmm0
-.byte	102,15,58,68,242,0
-	psllq	$57,%xmm0
-	movdqa	%xmm0,%xmm4
-	pslldq	$8,%xmm0
-	psrldq	$8,%xmm4
-	pxor	%xmm3,%xmm0
-	pxor	%xmm4,%xmm1
-
-.byte	102,15,58,68,250,17
-	movdqa	%xmm0,%xmm4
-	psrlq	$5,%xmm0
-	pxor	%xmm4,%xmm0
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	pxor	%xmm1,%xmm4
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-
-.byte	102,69,15,58,68,202,0
-	movdqa	%xmm0,%xmm1
-	pshufd	$78,%xmm0,%xmm3
-	pshufd	$78,%xmm8,%xmm4
-	pxor	%xmm0,%xmm3
-	pxor	%xmm8,%xmm4
-
-	pxor	%xmm6,%xmm9
-	pxor	%xmm7,%xmm9
-	movdqa	%xmm9,%xmm10
-	psrldq	$8,%xmm9
-	pslldq	$8,%xmm10
-	pxor	%xmm9,%xmm7
-	pxor	%xmm10,%xmm6
-
-	leaq	32(%rdx),%rdx
-	subq	$32,%rcx
-	ja	.Lmod_loop
-
-.Leven_tail:
-.byte	102,65,15,58,68,192,0
-.byte	102,65,15,58,68,200,17
-.byte	102,15,58,68,220,0
-	pxor	%xmm0,%xmm3
-	pxor	%xmm1,%xmm3
-
-	movdqa	%xmm3,%xmm4
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm4
-	pxor	%xmm3,%xmm1
-	pxor	%xmm4,%xmm0
-	pxor	%xmm6,%xmm0
-	pxor	%xmm7,%xmm1
-
-	movdqa	%xmm0,%xmm3
-	psllq	$1,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$5,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$57,%xmm0
-	movdqa	%xmm0,%xmm4
-	pslldq	$8,%xmm0
-	psrldq	$8,%xmm4
-	pxor	%xmm3,%xmm0
-	pxor	%xmm4,%xmm1
-
-
-	movdqa	%xmm0,%xmm4
-	psrlq	$5,%xmm0
-	pxor	%xmm4,%xmm0
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	pxor	%xmm1,%xmm4
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	testq	%rcx,%rcx
-	jnz	.Ldone
-
-.Lodd_tail:
-	movdqu	(%rdx),%xmm3
-.byte	102,15,56,0,221
-	pxor	%xmm3,%xmm0
-	movdqa	%xmm0,%xmm1
-	pshufd	$78,%xmm0,%xmm3
-	pshufd	$78,%xmm2,%xmm4
-	pxor	%xmm0,%xmm3
-	pxor	%xmm2,%xmm4
-.byte	102,15,58,68,194,0
-.byte	102,15,58,68,202,17
-.byte	102,15,58,68,220,0
-	pxor	%xmm0,%xmm3
-	pxor	%xmm1,%xmm3
-
-	movdqa	%xmm3,%xmm4
-	psrldq	$8,%xmm3
-	pslldq	$8,%xmm4
-	pxor	%xmm3,%xmm1
-	pxor	%xmm4,%xmm0
-
-	movdqa	%xmm0,%xmm3
-	psllq	$1,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$5,%xmm0
-	pxor	%xmm3,%xmm0
-	psllq	$57,%xmm0
-	movdqa	%xmm0,%xmm4
-	pslldq	$8,%xmm0
-	psrldq	$8,%xmm4
-	pxor	%xmm3,%xmm0
-	pxor	%xmm4,%xmm1
-
-
-	movdqa	%xmm0,%xmm4
-	psrlq	$5,%xmm0
-	pxor	%xmm4,%xmm0
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-	pxor	%xmm1,%xmm4
-	psrlq	$1,%xmm0
-	pxor	%xmm4,%xmm0
-.Ldone:
-.byte	102,15,56,0,197
-	movdqu	%xmm0,(%rdi)
-	.byte	0xf3,0xc3
-.LSEH_end_gcm_ghash_clmul:
-.size	gcm_ghash_clmul,.-gcm_ghash_clmul
-.align	64
-.Lbswap_mask:
-.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
-.L0x1c2_polynomial:
-.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
-.align	64
-.type	.Lrem_4bit,@object
-.Lrem_4bit:
-.long	0,0,0,471859200,0,943718400,0,610271232
-.long	0,1887436800,0,1822425088,0,1220542464,0,1423966208
-.long	0,3774873600,0,4246732800,0,3644850176,0,3311403008
-.long	0,2441084928,0,2376073216,0,2847932416,0,3051356160
-.type	.Lrem_8bit,@object
-.Lrem_8bit:
-.value	0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E
-.value	0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E
-.value	0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E
-.value	0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E
-.value	0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E
-.value	0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E
-.value	0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E
-.value	0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E
-.value	0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE
-.value	0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE
-.value	0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE
-.value	0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE
-.value	0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E
-.value	0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E
-.value	0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE
-.value	0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE
-.value	0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E
-.value	0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E
-.value	0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E
-.value	0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E
-.value	0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E
-.value	0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E
-.value	0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E
-.value	0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E
-.value	0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE
-.value	0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE
-.value	0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE
-.value	0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE
-.value	0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E
-.value	0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E
-.value	0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
-.value	0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE
-
-.byte	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.align	64
diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl
deleted file mode 100644
index 38d779edbc..0000000000
--- a/crypto/modes/asm/ghash-x86_64.pl
+++ /dev/null
@@ -1,806 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# March, June 2010
-#
-# The module implements "4-bit" GCM GHASH function and underlying
-# single multiplication operation in GF(2^128). "4-bit" means that
-# it uses 256 bytes per-key table [+128 bytes shared table]. GHASH
-# function features so called "528B" variant utilizing additional
-# 256+16 bytes of per-key storage [+512 bytes shared table].
-# Performance results are for this streamed GHASH subroutine and are
-# expressed in cycles per processed byte, less is better:
-#
-#		gcc 3.4.x(*)	assembler
-#
-# P4		28.6		14.0		+100%
-# Opteron	19.3		7.7		+150%
-# Core2		17.8		8.1(**)		+120%
-#
-# (*)	comparison is not completely fair, because C results are
-#	for vanilla "256B" implementation, while assembler results
-#	are for "528B";-)
-# (**)	it's mystery [to me] why Core2 result is not same as for
-#	Opteron;
-
-# May 2010
-#
-# Add PCLMULQDQ version performing at 2.02 cycles per processed byte.
-# See ghash-x86.pl for background information and details about coding
-# techniques.
-#
-# Special thanks to David Woodhouse <dwmw2@infradead.org> for
-# providing access to a Westmere-based system on behalf of Intel
-# Open Source Technology Centre.
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-# common register layout
-$nlo="%rax";
-$nhi="%rbx";
-$Zlo="%r8";
-$Zhi="%r9";
-$tmp="%r10";
-$rem_4bit = "%r11";
-
-$Xi="%rdi";
-$Htbl="%rsi";
-
-# per-function register layout
-$cnt="%rcx";
-$rem="%rdx";
-
-sub LB() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/	or
-			$r =~ s/%[er]([sd]i)/%\1l/	or
-			$r =~ s/%[er](bp)/%\1l/		or
-			$r =~ s/%(r[0-9]+)[d]?/%\1b/;   $r; }
-
-sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
-{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
-  my $arg = pop;
-    $arg = "\$$arg" if ($arg*1 eq $arg);
-    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
-}
-
-{ my $N;
-  sub loop() {
-  my $inp = shift;
-
-	$N++;
-$code.=<<___;
-	xor	$nlo,$nlo
-	xor	$nhi,$nhi
-	mov	`&LB("$Zlo")`,`&LB("$nlo")`
-	mov	`&LB("$Zlo")`,`&LB("$nhi")`
-	shl	\$4,`&LB("$nlo")`
-	mov	\$14,$cnt
-	mov	8($Htbl,$nlo),$Zlo
-	mov	($Htbl,$nlo),$Zhi
-	and	\$0xf0,`&LB("$nhi")`
-	mov	$Zlo,$rem
-	jmp	.Loop$N
-
-.align	16
-.Loop$N:
-	shr	\$4,$Zlo
-	and	\$0xf,$rem
-	mov	$Zhi,$tmp
-	mov	($inp,$cnt),`&LB("$nlo")`
-	shr	\$4,$Zhi
-	xor	8($Htbl,$nhi),$Zlo
-	shl	\$60,$tmp
-	xor	($Htbl,$nhi),$Zhi
-	mov	`&LB("$nlo")`,`&LB("$nhi")`
-	xor	($rem_4bit,$rem,8),$Zhi
-	mov	$Zlo,$rem
-	shl	\$4,`&LB("$nlo")`
-	xor	$tmp,$Zlo
-	dec	$cnt
-	js	.Lbreak$N
-
-	shr	\$4,$Zlo
-	and	\$0xf,$rem
-	mov	$Zhi,$tmp
-	shr	\$4,$Zhi
-	xor	8($Htbl,$nlo),$Zlo
-	shl	\$60,$tmp
-	xor	($Htbl,$nlo),$Zhi
-	and	\$0xf0,`&LB("$nhi")`
-	xor	($rem_4bit,$rem,8),$Zhi
-	mov	$Zlo,$rem
-	xor	$tmp,$Zlo
-	jmp	.Loop$N
-
-.align	16
-.Lbreak$N:
-	shr	\$4,$Zlo
-	and	\$0xf,$rem
-	mov	$Zhi,$tmp
-	shr	\$4,$Zhi
-	xor	8($Htbl,$nlo),$Zlo
-	shl	\$60,$tmp
-	xor	($Htbl,$nlo),$Zhi
-	and	\$0xf0,`&LB("$nhi")`
-	xor	($rem_4bit,$rem,8),$Zhi
-	mov	$Zlo,$rem
-	xor	$tmp,$Zlo
-
-	shr	\$4,$Zlo
-	and	\$0xf,$rem
-	mov	$Zhi,$tmp
-	shr	\$4,$Zhi
-	xor	8($Htbl,$nhi),$Zlo
-	shl	\$60,$tmp
-	xor	($Htbl,$nhi),$Zhi
-	xor	$tmp,$Zlo
-	xor	($rem_4bit,$rem,8),$Zhi
-
-	bswap	$Zlo
-	bswap	$Zhi
-___
-}}
-
-$code=<<___;
-.text
-
-.globl	gcm_gmult_4bit
-.type	gcm_gmult_4bit,\@function,2
-.align	16
-gcm_gmult_4bit:
-	push	%rbx
-	push	%rbp		# %rbp and %r12 are pushed exclusively in
-	push	%r12		# order to reuse Win64 exception handler...
-.Lgmult_prologue:
-
-	movzb	15($Xi),$Zlo
-	lea	.Lrem_4bit(%rip),$rem_4bit
-___
-	&loop	($Xi);
-$code.=<<___;
-	mov	$Zlo,8($Xi)
-	mov	$Zhi,($Xi)
-
-	mov	16(%rsp),%rbx
-	lea	24(%rsp),%rsp
-.Lgmult_epilogue:
-	ret
-.size	gcm_gmult_4bit,.-gcm_gmult_4bit
-___
-
-# per-function register layout
-$inp="%rdx";
-$len="%rcx";
-$rem_8bit=$rem_4bit;
-
-$code.=<<___;
-.globl	gcm_ghash_4bit
-.type	gcm_ghash_4bit,\@function,4
-.align	16
-gcm_ghash_4bit:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	sub	\$280,%rsp
-.Lghash_prologue:
-	mov	$inp,%r14		# reassign couple of args
-	mov	$len,%r15
-___
-{ my $inp="%r14";
-  my $dat="%edx";
-  my $len="%r15";
-  my @nhi=("%ebx","%ecx");
-  my @rem=("%r12","%r13");
-  my $Hshr4="%rbp";
-
-	&sub	($Htbl,-128);		# size optimization
-	&lea	($Hshr4,"16+128(%rsp)");
-	{ my @lo =($nlo,$nhi);
-          my @hi =($Zlo,$Zhi);
-
-	  &xor	($dat,$dat);
-	  for ($i=0,$j=-2;$i<18;$i++,$j++) {
-	    &mov	("$j(%rsp)",&LB($dat))		if ($i>1);
-	    &or		($lo[0],$tmp)			if ($i>1);
-	    &mov	(&LB($dat),&LB($lo[1]))		if ($i>0 && $i<17);
-	    &shr	($lo[1],4)			if ($i>0 && $i<17);
-	    &mov	($tmp,$hi[1])			if ($i>0 && $i<17);
-	    &shr	($hi[1],4)			if ($i>0 && $i<17);
-	    &mov	("8*$j($Hshr4)",$hi[0])		if ($i>1);
-	    &mov	($hi[0],"16*$i+0-128($Htbl)")	if ($i<16);
-	    &shl	(&LB($dat),4)			if ($i>0 && $i<17);
-	    &mov	("8*$j-128($Hshr4)",$lo[0])	if ($i>1);
-	    &mov	($lo[0],"16*$i+8-128($Htbl)")	if ($i<16);
-	    &shl	($tmp,60)			if ($i>0 && $i<17);
-
-	    push	(@lo,shift(@lo));
-	    push	(@hi,shift(@hi));
-	  }
-	}
-	&add	($Htbl,-128);
-	&mov	($Zlo,"8($Xi)");
-	&mov	($Zhi,"0($Xi)");
-	&add	($len,$inp);		# pointer to the end of data
-	&lea	($rem_8bit,".Lrem_8bit(%rip)");
-	&jmp	(".Louter_loop");
-
-$code.=".align	16\n.Louter_loop:\n";
-	&xor	($Zhi,"($inp)");
-	&mov	("%rdx","8($inp)");
-	&lea	($inp,"16($inp)");
-	&xor	("%rdx",$Zlo);
-	&mov	("($Xi)",$Zhi);
-	&mov	("8($Xi)","%rdx");
-	&shr	("%rdx",32);
-
-	&xor	($nlo,$nlo);
-	&rol	($dat,8);
-	&mov	(&LB($nlo),&LB($dat));
-	&movz	($nhi[0],&LB($dat));
-	&shl	(&LB($nlo),4);
-	&shr	($nhi[0],4);
-
-	for ($j=11,$i=0;$i<15;$i++) {
-	    &rol	($dat,8);
-	    &xor	($Zlo,"8($Htbl,$nlo)")			if ($i>0);
-	    &xor	($Zhi,"($Htbl,$nlo)")			if ($i>0);
-	    &mov	($Zlo,"8($Htbl,$nlo)")			if ($i==0);
-	    &mov	($Zhi,"($Htbl,$nlo)")			if ($i==0);
-
-	    &mov	(&LB($nlo),&LB($dat));
-	    &xor	($Zlo,$tmp)				if ($i>0);
-	    &movzw	($rem[1],"($rem_8bit,$rem[1],2)")	if ($i>0);
-
-	    &movz	($nhi[1],&LB($dat));
-	    &shl	(&LB($nlo),4);
-	    &movzb	($rem[0],"(%rsp,$nhi[0])");
-
-	    &shr	($nhi[1],4)				if ($i<14);
-	    &and	($nhi[1],0xf0)				if ($i==14);
-	    &shl	($rem[1],48)				if ($i>0);
-	    &xor	($rem[0],$Zlo);
-
-	    &mov	($tmp,$Zhi);
-	    &xor	($Zhi,$rem[1])				if ($i>0);
-	    &shr	($Zlo,8);
-
-	    &movz	($rem[0],&LB($rem[0]));
-	    &mov	($dat,"$j($Xi)")			if (--$j%4==0);
-	    &shr	($Zhi,8);
-
-	    &xor	($Zlo,"-128($Hshr4,$nhi[0],8)");
-	    &shl	($tmp,56);
-	    &xor	($Zhi,"($Hshr4,$nhi[0],8)");
-
-	    unshift	(@nhi,pop(@nhi));		# "rotate" registers
-	    unshift	(@rem,pop(@rem));
-	}
-	&movzw	($rem[1],"($rem_8bit,$rem[1],2)");
-	&xor	($Zlo,"8($Htbl,$nlo)");
-	&xor	($Zhi,"($Htbl,$nlo)");
-
-	&shl	($rem[1],48);
-	&xor	($Zlo,$tmp);
-
-	&xor	($Zhi,$rem[1]);
-	&movz	($rem[0],&LB($Zlo));
-	&shr	($Zlo,4);
-
-	&mov	($tmp,$Zhi);
-	&shl	(&LB($rem[0]),4);
-	&shr	($Zhi,4);
-
-	&xor	($Zlo,"8($Htbl,$nhi[0])");
-	&movzw	($rem[0],"($rem_8bit,$rem[0],2)");
-	&shl	($tmp,60);
-
-	&xor	($Zhi,"($Htbl,$nhi[0])");
-	&xor	($Zlo,$tmp);
-	&shl	($rem[0],48);
-
-	&bswap	($Zlo);
-	&xor	($Zhi,$rem[0]);
-
-	&bswap	($Zhi);
-	&cmp	($inp,$len);
-	&jb	(".Louter_loop");
-}
-$code.=<<___;
-	mov	$Zlo,8($Xi)
-	mov	$Zhi,($Xi)
-
-	lea	280(%rsp),%rsi
-	mov	0(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lghash_epilogue:
-	ret
-.size	gcm_ghash_4bit,.-gcm_ghash_4bit
-___
-
-######################################################################
-# PCLMULQDQ version.
-
-@_4args=$win64?	("%rcx","%rdx","%r8", "%r9") :	# Win64 order
-		("%rdi","%rsi","%rdx","%rcx");	# Unix order
-
-($Xi,$Xhi)=("%xmm0","%xmm1");	$Hkey="%xmm2";
-($T1,$T2,$T3)=("%xmm3","%xmm4","%xmm5");
-
-sub clmul64x64_T2 {	# minimal register pressure
-my ($Xhi,$Xi,$Hkey,$modulo)=@_;
-
-$code.=<<___ if (!defined($modulo));
-	movdqa		$Xi,$Xhi		#
-	pshufd		\$0b01001110,$Xi,$T1
-	pshufd		\$0b01001110,$Hkey,$T2
-	pxor		$Xi,$T1			#
-	pxor		$Hkey,$T2
-___
-$code.=<<___;
-	pclmulqdq	\$0x00,$Hkey,$Xi	#######
-	pclmulqdq	\$0x11,$Hkey,$Xhi	#######
-	pclmulqdq	\$0x00,$T2,$T1		#######
-	pxor		$Xi,$T1			#
-	pxor		$Xhi,$T1		#
-
-	movdqa		$T1,$T2			#
-	psrldq		\$8,$T1
-	pslldq		\$8,$T2			#
-	pxor		$T1,$Xhi
-	pxor		$T2,$Xi			#
-___
-}
-
-sub reduction_alg9 {	# 17/13 times faster than Intel version
-my ($Xhi,$Xi) = @_;
-
-$code.=<<___;
-	# 1st phase
-	movdqa		$Xi,$T1			#
-	psllq		\$1,$Xi
-	pxor		$T1,$Xi			#
-	psllq		\$5,$Xi			#
-	pxor		$T1,$Xi			#
-	psllq		\$57,$Xi		#
-	movdqa		$Xi,$T2			#
-	pslldq		\$8,$Xi
-	psrldq		\$8,$T2			#	
-	pxor		$T1,$Xi
-	pxor		$T2,$Xhi		#
-
-	# 2nd phase
-	movdqa		$Xi,$T2
-	psrlq		\$5,$Xi
-	pxor		$T2,$Xi			#
-	psrlq		\$1,$Xi			#
-	pxor		$T2,$Xi			#
-	pxor		$Xhi,$T2
-	psrlq		\$1,$Xi			#
-	pxor		$T2,$Xi			#
-___
-}
-
-{ my ($Htbl,$Xip)=@_4args;
-
-$code.=<<___;
-.globl	gcm_init_clmul
-.type	gcm_init_clmul,\@abi-omnipotent
-.align	16
-gcm_init_clmul:
-	movdqu		($Xip),$Hkey
-	pshufd		\$0b01001110,$Hkey,$Hkey	# dword swap
-
-	# <<1 twist
-	pshufd		\$0b11111111,$Hkey,$T2	# broadcast uppermost dword
-	movdqa		$Hkey,$T1
-	psllq		\$1,$Hkey
-	pxor		$T3,$T3			#
-	psrlq		\$63,$T1
-	pcmpgtd		$T2,$T3			# broadcast carry bit
-	pslldq		\$8,$T1
-	por		$T1,$Hkey		# H<<=1
-
-	# magic reduction
-	pand		.L0x1c2_polynomial(%rip),$T3
-	pxor		$T3,$Hkey		# if(carry) H^=0x1c2_polynomial
-
-	# calculate H^2
-	movdqa		$Hkey,$Xi
-___
-	&clmul64x64_T2	($Xhi,$Xi,$Hkey);
-	&reduction_alg9	($Xhi,$Xi);
-$code.=<<___;
-	movdqu		$Hkey,($Htbl)		# save H
-	movdqu		$Xi,16($Htbl)		# save H^2
-	ret
-.size	gcm_init_clmul,.-gcm_init_clmul
-___
-}
-
-{ my ($Xip,$Htbl)=@_4args;
-
-$code.=<<___;
-.globl	gcm_gmult_clmul
-.type	gcm_gmult_clmul,\@abi-omnipotent
-.align	16
-gcm_gmult_clmul:
-	movdqu		($Xip),$Xi
-	movdqa		.Lbswap_mask(%rip),$T3
-	movdqu		($Htbl),$Hkey
-	pshufb		$T3,$Xi
-___
-	&clmul64x64_T2	($Xhi,$Xi,$Hkey);
-	&reduction_alg9	($Xhi,$Xi);
-$code.=<<___;
-	pshufb		$T3,$Xi
-	movdqu		$Xi,($Xip)
-	ret
-.size	gcm_gmult_clmul,.-gcm_gmult_clmul
-___
-}
-
-{ my ($Xip,$Htbl,$inp,$len)=@_4args;
-  my $Xn="%xmm6";
-  my $Xhn="%xmm7";
-  my $Hkey2="%xmm8";
-  my $T1n="%xmm9";
-  my $T2n="%xmm10";
-
-$code.=<<___;
-.globl	gcm_ghash_clmul
-.type	gcm_ghash_clmul,\@abi-omnipotent
-.align	16
-gcm_ghash_clmul:
-___
-$code.=<<___ if ($win64);
-.LSEH_begin_gcm_ghash_clmul:
-	# I can't trust assembler to use specific encoding:-(
-	.byte	0x48,0x83,0xec,0x58		#sub	\$0x58,%rsp
-	.byte	0x0f,0x29,0x34,0x24		#movaps	%xmm6,(%rsp)
-	.byte	0x0f,0x29,0x7c,0x24,0x10	#movdqa	%xmm7,0x10(%rsp)
-	.byte	0x44,0x0f,0x29,0x44,0x24,0x20	#movaps	%xmm8,0x20(%rsp)
-	.byte	0x44,0x0f,0x29,0x4c,0x24,0x30	#movaps	%xmm9,0x30(%rsp)
-	.byte	0x44,0x0f,0x29,0x54,0x24,0x40	#movaps	%xmm10,0x40(%rsp)
-___
-$code.=<<___;
-	movdqa		.Lbswap_mask(%rip),$T3
-
-	movdqu		($Xip),$Xi
-	movdqu		($Htbl),$Hkey
-	pshufb		$T3,$Xi
-
-	sub		\$0x10,$len
-	jz		.Lodd_tail
-
-	movdqu		16($Htbl),$Hkey2
-	#######
-	# Xi+2 =[H*(Ii+1 + Xi+1)] mod P =
-	#	[(H*Ii+1) + (H*Xi+1)] mod P =
-	#	[(H*Ii+1) + H^2*(Ii+Xi)] mod P
-	#
-	movdqu		($inp),$T1		# Ii
-	movdqu		16($inp),$Xn		# Ii+1
-	pshufb		$T3,$T1
-	pshufb		$T3,$Xn
-	pxor		$T1,$Xi			# Ii+Xi
-___
-	&clmul64x64_T2	($Xhn,$Xn,$Hkey);	# H*Ii+1
-$code.=<<___;
-	movdqa		$Xi,$Xhi		#
-	pshufd		\$0b01001110,$Xi,$T1
-	pshufd		\$0b01001110,$Hkey2,$T2
-	pxor		$Xi,$T1			#
-	pxor		$Hkey2,$T2
-
-	lea		32($inp),$inp		# i+=2
-	sub		\$0x20,$len
-	jbe		.Leven_tail
-
-.Lmod_loop:
-___
-	&clmul64x64_T2	($Xhi,$Xi,$Hkey2,1);	# H^2*(Ii+Xi)
-$code.=<<___;
-	movdqu		($inp),$T1		# Ii
-	pxor		$Xn,$Xi			# (H*Ii+1) + H^2*(Ii+Xi)
-	pxor		$Xhn,$Xhi
-
-	movdqu		16($inp),$Xn		# Ii+1
-	pshufb		$T3,$T1
-	pshufb		$T3,$Xn
-
-	movdqa		$Xn,$Xhn		#
-	pshufd		\$0b01001110,$Xn,$T1n
-	pshufd		\$0b01001110,$Hkey,$T2n
-	pxor		$Xn,$T1n		#
-	pxor		$Hkey,$T2n
-	 pxor		$T1,$Xhi		# "Ii+Xi", consume early
-
-	  movdqa	$Xi,$T1			# 1st phase
-	  psllq		\$1,$Xi
-	  pxor		$T1,$Xi			#
-	  psllq		\$5,$Xi			#
-	  pxor		$T1,$Xi			#
-	pclmulqdq	\$0x00,$Hkey,$Xn	#######
-	  psllq		\$57,$Xi		#
-	  movdqa	$Xi,$T2			#
-	  pslldq	\$8,$Xi
-	  psrldq	\$8,$T2			#	
-	  pxor		$T1,$Xi
-	  pxor		$T2,$Xhi		#
-
-	pclmulqdq	\$0x11,$Hkey,$Xhn	#######
-	  movdqa	$Xi,$T2			# 2nd phase
-	  psrlq		\$5,$Xi
-	  pxor		$T2,$Xi			#
-	  psrlq		\$1,$Xi			#
-	  pxor		$T2,$Xi			#
-	  pxor		$Xhi,$T2
-	  psrlq		\$1,$Xi			#
-	  pxor		$T2,$Xi			#
-
-	pclmulqdq	\$0x00,$T2n,$T1n	#######
-	 movdqa		$Xi,$Xhi		#
-	 pshufd		\$0b01001110,$Xi,$T1
-	 pshufd		\$0b01001110,$Hkey2,$T2
-	 pxor		$Xi,$T1			#
-	 pxor		$Hkey2,$T2
-
-	pxor		$Xn,$T1n		#
-	pxor		$Xhn,$T1n		#
-	movdqa		$T1n,$T2n		#
-	psrldq		\$8,$T1n
-	pslldq		\$8,$T2n		#
-	pxor		$T1n,$Xhn
-	pxor		$T2n,$Xn		#
-
-	lea		32($inp),$inp
-	sub		\$0x20,$len
-	ja		.Lmod_loop
-
-.Leven_tail:
-___
-	&clmul64x64_T2	($Xhi,$Xi,$Hkey2,1);	# H^2*(Ii+Xi)
-$code.=<<___;
-	pxor		$Xn,$Xi			# (H*Ii+1) + H^2*(Ii+Xi)
-	pxor		$Xhn,$Xhi
-___
-	&reduction_alg9	($Xhi,$Xi);
-$code.=<<___;
-	test		$len,$len
-	jnz		.Ldone
-
-.Lodd_tail:
-	movdqu		($inp),$T1		# Ii
-	pshufb		$T3,$T1
-	pxor		$T1,$Xi			# Ii+Xi
-___
-	&clmul64x64_T2	($Xhi,$Xi,$Hkey);	# H*(Ii+Xi)
-	&reduction_alg9	($Xhi,$Xi);
-$code.=<<___;
-.Ldone:
-	pshufb		$T3,$Xi
-	movdqu		$Xi,($Xip)
-___
-$code.=<<___ if ($win64);
-	movaps	(%rsp),%xmm6
-	movaps	0x10(%rsp),%xmm7
-	movaps	0x20(%rsp),%xmm8
-	movaps	0x30(%rsp),%xmm9
-	movaps	0x40(%rsp),%xmm10
-	add	\$0x58,%rsp
-___
-$code.=<<___;
-	ret
-.LSEH_end_gcm_ghash_clmul:
-.size	gcm_ghash_clmul,.-gcm_ghash_clmul
-___
-}
-
-$code.=<<___;
-.align	64
-.Lbswap_mask:
-	.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
-.L0x1c2_polynomial:
-	.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
-.align	64
-.type	.Lrem_4bit,\@object
-.Lrem_4bit:
-	.long	0,`0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`
-	.long	0,`0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`
-	.long	0,`0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`
-	.long	0,`0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`
-.type	.Lrem_8bit,\@object
-.Lrem_8bit:
-	.value	0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E
-	.value	0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E
-	.value	0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E
-	.value	0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E
-	.value	0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E
-	.value	0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E
-	.value	0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E
-	.value	0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E
-	.value	0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE
-	.value	0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE
-	.value	0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE
-	.value	0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE
-	.value	0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E
-	.value	0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E
-	.value	0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE
-	.value	0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE
-	.value	0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E
-	.value	0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E
-	.value	0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E
-	.value	0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E
-	.value	0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E
-	.value	0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E
-	.value	0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E
-	.value	0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E
-	.value	0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE
-	.value	0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE
-	.value	0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE
-	.value	0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE
-	.value	0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E
-	.value	0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E
-	.value	0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
-	.value	0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE
-
-.asciz	"GHASH for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-.align	64
-___
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	se_handler,\@abi-omnipotent
-.align	16
-se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# prologue label
-	cmp	%r10,%rbx		# context->Rip<prologue label
-	jb	.Lin_prologue
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lin_prologue
-
-	lea	24(%rax),%rax		# adjust "rsp"
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%rbp
-	mov	-24(%rax),%r12
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-
-.Lin_prologue:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	se_handler,.-se_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_gcm_gmult_4bit
-	.rva	.LSEH_end_gcm_gmult_4bit
-	.rva	.LSEH_info_gcm_gmult_4bit
-
-	.rva	.LSEH_begin_gcm_ghash_4bit
-	.rva	.LSEH_end_gcm_ghash_4bit
-	.rva	.LSEH_info_gcm_ghash_4bit
-
-	.rva	.LSEH_begin_gcm_ghash_clmul
-	.rva	.LSEH_end_gcm_ghash_clmul
-	.rva	.LSEH_info_gcm_ghash_clmul
-
-.section	.xdata
-.align	8
-.LSEH_info_gcm_gmult_4bit:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Lgmult_prologue,.Lgmult_epilogue	# HandlerData
-.LSEH_info_gcm_ghash_4bit:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Lghash_prologue,.Lghash_epilogue	# HandlerData
-.LSEH_info_gcm_ghash_clmul:
-	.byte	0x01,0x1f,0x0b,0x00
-	.byte	0x1f,0xa8,0x04,0x00	#movaps 0x40(rsp),xmm10
-	.byte	0x19,0x98,0x03,0x00	#movaps 0x30(rsp),xmm9
-	.byte	0x13,0x88,0x02,0x00	#movaps 0x20(rsp),xmm8
-	.byte	0x0d,0x78,0x01,0x00	#movaps 0x10(rsp),xmm7
-	.byte	0x08,0x68,0x00,0x00	#movaps (rsp),xmm6
-	.byte	0x04,0xa2,0x00,0x00	#sub	rsp,0x58
-___
-}
-
-$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-
-print $code;
-
-close STDOUT;
diff --git a/crypto/modes/asm/ghashv8-armx-64.S b/crypto/modes/asm/ghashv8-armx-64.S
deleted file mode 100644
index b77b6c40cc..0000000000
--- a/crypto/modes/asm/ghashv8-armx-64.S
+++ /dev/null
@@ -1,115 +0,0 @@
-#include "arm_arch.h"
-
-.text
-.arch	armv8-a+crypto
-.global	gcm_init_v8
-.type	gcm_init_v8,%function
-.align	4
-gcm_init_v8:
-	ld1		{v17.2d},[x1]		//load H
-	movi		v16.16b,#0xe1
-	ext		v3.16b,v17.16b,v17.16b,#8
-	shl	v16.2d,v16.2d,#57
-	ushr	v18.2d,v16.2d,#63
-	ext		v16.16b,v18.16b,v16.16b,#8		//t0=0xc2....01
-	dup		v17.4s,v17.s[1]
-	ushr	v19.2d,v3.2d,#63
-	sshr	v17.4s,v17.4s,#31		//broadcast carry bit
-	and		v19.16b,v19.16b,v16.16b
-	shl	v3.2d,v3.2d,#1
-	ext		v19.16b,v19.16b,v19.16b,#8
-	and		v16.16b,v16.16b,v17.16b
-	orr		v3.16b,v3.16b,v19.16b		//H<<<=1
-	eor		v3.16b,v3.16b,v16.16b		//twisted H
-	st1		{v3.2d},[x0]
-
-	ret
-.size	gcm_init_v8,.-gcm_init_v8
-
-.global	gcm_gmult_v8
-.type	gcm_gmult_v8,%function
-.align	4
-gcm_gmult_v8:
-	ld1		{v17.2d},[x0]		//load Xi
-	movi		v19.16b,#0xe1
-	ld1		{v20.2d},[x1]		//load twisted H
-	shl	v19.2d,v19.2d,#57
-#ifndef __ARMEB__
-	rev64	v17.16b,v17.16b
-#endif
-	ext		v21.16b,v20.16b,v20.16b,#8
-	mov		x3,#0
-	ext		v3.16b,v17.16b,v17.16b,#8
-	mov		x12,#0
-	eor		v21.16b,v21.16b,v20.16b		//Karatsuba pre-processing
-	mov		x2,x0
-	b		.Lgmult_v8
-.size	gcm_gmult_v8,.-gcm_gmult_v8
-
-.global	gcm_ghash_v8
-.type	gcm_ghash_v8,%function
-.align	4
-gcm_ghash_v8:
-	ld1		{v0.2d},[x0]		//load [rotated] Xi
-	subs		x3,x3,#16
-	movi		v19.16b,#0xe1
-	mov		x12,#16
-	ld1		{v20.2d},[x1]		//load twisted H
-	csel	x12,xzr,x12,eq
-	ext		v0.16b,v0.16b,v0.16b,#8
-	shl	v19.2d,v19.2d,#57
-	ld1		{v17.2d},[x2],x12	//load [rotated] inp
-	ext		v21.16b,v20.16b,v20.16b,#8
-#ifndef __ARMEB__
-	rev64	v0.16b,v0.16b
-	rev64	v17.16b,v17.16b
-#endif
-	eor		v21.16b,v21.16b,v20.16b		//Karatsuba pre-processing
-	ext		v3.16b,v17.16b,v17.16b,#8
-	b		.Loop_v8
-
-.align	4
-.Loop_v8:
-	ext		v18.16b,v0.16b,v0.16b,#8
-	eor		v3.16b,v3.16b,v0.16b		//inp^=Xi
-	eor		v17.16b,v17.16b,v18.16b		//v17.16b is rotated inp^Xi
-
-.Lgmult_v8:
-	pmull	v0.1q,v20.1d,v3.1d		//H.lo·Xi.lo
-	eor		v17.16b,v17.16b,v3.16b		//Karatsuba pre-processing
-	pmull2	v2.1q,v20.2d,v3.2d		//H.hi·Xi.hi
-	subs		x3,x3,#16
-	pmull	v1.1q,v21.1d,v17.1d		//(H.lo+H.hi)·(Xi.lo+Xi.hi)
-	csel	x12,xzr,x12,eq
-
-	ext		v17.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
-	eor		v18.16b,v0.16b,v2.16b
-	eor		v1.16b,v1.16b,v17.16b
-	 ld1	{v17.2d},[x2],x12	//load [rotated] inp
-	eor		v1.16b,v1.16b,v18.16b
-	pmull	v18.1q,v0.1d,v19.1d		//1st phase
-
-	ins	v2.d[0],v1.d[1]
-	ins	v1.d[1],v0.d[0]
-#ifndef __ARMEB__
-	 rev64	v17.16b,v17.16b
-#endif
-	eor		v0.16b,v1.16b,v18.16b
-	 ext		v3.16b,v17.16b,v17.16b,#8
-
-	ext		v18.16b,v0.16b,v0.16b,#8		//2nd phase
-	pmull	v0.1q,v0.1d,v19.1d
-	eor		v18.16b,v18.16b,v2.16b
-	eor		v0.16b,v0.16b,v18.16b
-	b.hs		.Loop_v8
-
-#ifndef __ARMEB__
-	rev64	v0.16b,v0.16b
-#endif
-	ext		v0.16b,v0.16b,v0.16b,#8
-	st1		{v0.2d},[x0]		//write out Xi
-
-	ret
-.size	gcm_ghash_v8,.-gcm_ghash_v8
-.asciz  "GHASH for ARMv8, CRYPTOGAMS by <appro@openssl.org>"
-.align  2
diff --git a/crypto/modes/asm/ghashv8-armx.S b/crypto/modes/asm/ghashv8-armx.S
deleted file mode 100644
index f388c54e0f..0000000000
--- a/crypto/modes/asm/ghashv8-armx.S
+++ /dev/null
@@ -1,116 +0,0 @@
-#include "arm_arch.h"
-
-.text
-.fpu	neon
-.code	32
-.global	gcm_init_v8
-.type	gcm_init_v8,%function
-.align	4
-gcm_init_v8:
-	vld1.64		{q9},[r1]		@ load H
-	vmov.i8		q8,#0xe1
-	vext.8		q3,q9,q9,#8
-	vshl.i64	q8,q8,#57
-	vshr.u64	q10,q8,#63
-	vext.8		q8,q10,q8,#8		@ t0=0xc2....01
-	vdup.32	q9,d18[1]
-	vshr.u64	q11,q3,#63
-	vshr.s32	q9,q9,#31		@ broadcast carry bit
-	vand		q11,q11,q8
-	vshl.i64	q3,q3,#1
-	vext.8		q11,q11,q11,#8
-	vand		q8,q8,q9
-	vorr		q3,q3,q11		@ H<<<=1
-	veor		q3,q3,q8		@ twisted H
-	vst1.64		{q3},[r0]
-
-	bx	lr
-.size	gcm_init_v8,.-gcm_init_v8
-
-.global	gcm_gmult_v8
-.type	gcm_gmult_v8,%function
-.align	4
-gcm_gmult_v8:
-	vld1.64		{q9},[r0]		@ load Xi
-	vmov.i8		q11,#0xe1
-	vld1.64		{q12},[r1]		@ load twisted H
-	vshl.u64	q11,q11,#57
-#ifndef __ARMEB__
-	vrev64.8	q9,q9
-#endif
-	vext.8		q13,q12,q12,#8
-	mov		r3,#0
-	vext.8		q3,q9,q9,#8
-	mov		r12,#0
-	veor		q13,q13,q12		@ Karatsuba pre-processing
-	mov		r2,r0
-	b		.Lgmult_v8
-.size	gcm_gmult_v8,.-gcm_gmult_v8
-
-.global	gcm_ghash_v8
-.type	gcm_ghash_v8,%function
-.align	4
-gcm_ghash_v8:
-	vld1.64		{q0},[r0]		@ load [rotated] Xi
-	subs		r3,r3,#16
-	vmov.i8		q11,#0xe1
-	mov		r12,#16
-	vld1.64		{q12},[r1]		@ load twisted H
-	moveq	r12,#0
-	vext.8		q0,q0,q0,#8
-	vshl.u64	q11,q11,#57
-	vld1.64		{q9},[r2],r12	@ load [rotated] inp
-	vext.8		q13,q12,q12,#8
-#ifndef __ARMEB__
-	vrev64.8	q0,q0
-	vrev64.8	q9,q9
-#endif
-	veor		q13,q13,q12		@ Karatsuba pre-processing
-	vext.8		q3,q9,q9,#8
-	b		.Loop_v8
-
-.align	4
-.Loop_v8:
-	vext.8		q10,q0,q0,#8
-	veor		q3,q3,q0		@ inp^=Xi
-	veor		q9,q9,q10		@ q9 is rotated inp^Xi
-
-.Lgmult_v8:
-	.byte	0x86,0x0e,0xa8,0xf2	@ pmull q0,q12,q3		@ H.lo·Xi.lo
-	veor		q9,q9,q3		@ Karatsuba pre-processing
-	.byte	0x87,0x4e,0xa9,0xf2	@ pmull2 q2,q12,q3		@ H.hi·Xi.hi
-	subs		r3,r3,#16
-	.byte	0xa2,0x2e,0xaa,0xf2	@ pmull q1,q13,q9		@ (H.lo+H.hi)·(Xi.lo+Xi.hi)
-	moveq	r12,#0
-
-	vext.8		q9,q0,q2,#8		@ Karatsuba post-processing
-	veor		q10,q0,q2
-	veor		q1,q1,q9
-	 vld1.64	{q9},[r2],r12	@ load [rotated] inp
-	veor		q1,q1,q10
-	.byte	0x26,0x4e,0xe0,0xf2	@ pmull q10,q0,q11		@ 1st phase
-
-	vmov		d4,d3		@ Xh|Xm - 256-bit result
-	vmov		d3,d0		@ Xm is rotated Xl
-#ifndef __ARMEB__
-	 vrev64.8	q9,q9
-#endif
-	veor		q0,q1,q10
-	 vext.8		q3,q9,q9,#8
-
-	vext.8		q10,q0,q0,#8		@ 2nd phase
-	.byte	0x26,0x0e,0xa0,0xf2	@ pmull q0,q0,q11
-	veor		q10,q10,q2
-	veor		q0,q0,q10
-	bhs		.Loop_v8
-
-#ifndef __ARMEB__
-	vrev64.8	q0,q0
-#endif
-	vext.8		q0,q0,q0,#8
-	vst1.64		{q0},[r0]		@ write out Xi
-
-	bx	lr
-.size	gcm_ghash_v8,.-gcm_ghash_v8
-.asciz  "GHASH for ARMv8, CRYPTOGAMS by <appro@openssl.org>"
-.align  2
diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl
deleted file mode 100644
index 69e863e755..0000000000
--- a/crypto/modes/asm/ghashv8-armx.pl
+++ /dev/null
@@ -1,240 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# GHASH for ARMv8 Crypto Extension, 64-bit polynomial multiplication.
-#
-# June 2014
-#
-# Initial version was developed in tight cooperation with Ard
-# Biesheuvel <ard.biesheuvel@linaro.org> from bits-n-pieces from
-# other assembly modules. Just like aesv8-armx.pl this module
-# supports both AArch32 and AArch64 execution modes.
-#
-# Current performance in cycles per processed byte:
-#
-#		PMULL[2]	32-bit NEON(*)
-# Apple A7	1.76		5.62
-# Cortex-A5x	n/a		n/a
-#
-# (*)	presented for reference/comparison purposes;
-
-$flavour = shift;
-open STDOUT,">".shift;
-
-$Xi="x0";	# argument block
-$Htbl="x1";
-$inp="x2";
-$len="x3";
-
-$inc="x12";
-
-{
-my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3));
-my ($t0,$t1,$t2,$t3,$H,$Hhl)=map("q$_",(8..14));
-
-$code=<<___;
-#include "arm_arch.h"
-
-.text
-___
-$code.=".arch	armv8-a+crypto\n"	if ($flavour =~ /64/);
-$code.=".fpu	neon\n.code	32\n"	if ($flavour !~ /64/);
-
-$code.=<<___;
-.global	gcm_init_v8
-.type	gcm_init_v8,%function
-.align	4
-gcm_init_v8:
-	vld1.64		{$t1},[x1]		@ load H
-	vmov.i8		$t0,#0xe1
-	vext.8		$IN,$t1,$t1,#8
-	vshl.i64	$t0,$t0,#57
-	vshr.u64	$t2,$t0,#63
-	vext.8		$t0,$t2,$t0,#8		@ t0=0xc2....01
-	vdup.32		$t1,${t1}[1]
-	vshr.u64	$t3,$IN,#63
-	vshr.s32	$t1,$t1,#31		@ broadcast carry bit
-	vand		$t3,$t3,$t0
-	vshl.i64	$IN,$IN,#1
-	vext.8		$t3,$t3,$t3,#8
-	vand		$t0,$t0,$t1
-	vorr		$IN,$IN,$t3		@ H<<<=1
-	veor		$IN,$IN,$t0		@ twisted H
-	vst1.64		{$IN},[x0]
-
-	ret
-.size	gcm_init_v8,.-gcm_init_v8
-
-.global	gcm_gmult_v8
-.type	gcm_gmult_v8,%function
-.align	4
-gcm_gmult_v8:
-	vld1.64		{$t1},[$Xi]		@ load Xi
-	vmov.i8		$t3,#0xe1
-	vld1.64		{$H},[$Htbl]		@ load twisted H
-	vshl.u64	$t3,$t3,#57
-#ifndef __ARMEB__
-	vrev64.8	$t1,$t1
-#endif
-	vext.8		$Hhl,$H,$H,#8
-	mov		$len,#0
-	vext.8		$IN,$t1,$t1,#8
-	mov		$inc,#0
-	veor		$Hhl,$Hhl,$H		@ Karatsuba pre-processing
-	mov		$inp,$Xi
-	b		.Lgmult_v8
-.size	gcm_gmult_v8,.-gcm_gmult_v8
-
-.global	gcm_ghash_v8
-.type	gcm_ghash_v8,%function
-.align	4
-gcm_ghash_v8:
-	vld1.64		{$Xl},[$Xi]		@ load [rotated] Xi
-	subs		$len,$len,#16
-	vmov.i8		$t3,#0xe1
-	mov		$inc,#16
-	vld1.64		{$H},[$Htbl]		@ load twisted H
-	cclr		$inc,eq
-	vext.8		$Xl,$Xl,$Xl,#8
-	vshl.u64	$t3,$t3,#57
-	vld1.64		{$t1},[$inp],$inc	@ load [rotated] inp
-	vext.8		$Hhl,$H,$H,#8
-#ifndef __ARMEB__
-	vrev64.8	$Xl,$Xl
-	vrev64.8	$t1,$t1
-#endif
-	veor		$Hhl,$Hhl,$H		@ Karatsuba pre-processing
-	vext.8		$IN,$t1,$t1,#8
-	b		.Loop_v8
-
-.align	4
-.Loop_v8:
-	vext.8		$t2,$Xl,$Xl,#8
-	veor		$IN,$IN,$Xl		@ inp^=Xi
-	veor		$t1,$t1,$t2		@ $t1 is rotated inp^Xi
-
-.Lgmult_v8:
-	vpmull.p64	$Xl,$H,$IN		@ H.lo·Xi.lo
-	veor		$t1,$t1,$IN		@ Karatsuba pre-processing
-	vpmull2.p64	$Xh,$H,$IN		@ H.hi·Xi.hi
-	subs		$len,$len,#16
-	vpmull.p64	$Xm,$Hhl,$t1		@ (H.lo+H.hi)·(Xi.lo+Xi.hi)
-	cclr		$inc,eq
-
-	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
-	veor		$t2,$Xl,$Xh
-	veor		$Xm,$Xm,$t1
-	 vld1.64	{$t1},[$inp],$inc	@ load [rotated] inp
-	veor		$Xm,$Xm,$t2
-	vpmull.p64	$t2,$Xl,$t3		@ 1st phase
-
-	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
-	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
-#ifndef __ARMEB__
-	 vrev64.8	$t1,$t1
-#endif
-	veor		$Xl,$Xm,$t2
-	 vext.8		$IN,$t1,$t1,#8
-
-	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase
-	vpmull.p64	$Xl,$Xl,$t3
-	veor		$t2,$t2,$Xh
-	veor		$Xl,$Xl,$t2
-	b.hs		.Loop_v8
-
-#ifndef __ARMEB__
-	vrev64.8	$Xl,$Xl
-#endif
-	vext.8		$Xl,$Xl,$Xl,#8
-	vst1.64		{$Xl},[$Xi]		@ write out Xi
-
-	ret
-.size	gcm_ghash_v8,.-gcm_ghash_v8
-___
-}
-$code.=<<___;
-.asciz  "GHASH for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
-.align  2
-___
-
-if ($flavour =~ /64/) {			######## 64-bit code
-    sub unvmov {
-	my $arg=shift;
-
-	$arg =~ m/q([0-9]+)#(lo|hi),\s*q([0-9]+)#(lo|hi)/o &&
-	sprintf	"ins	v%d.d[%d],v%d.d[%d]",$1,($2 eq "lo")?0:1,$3,($4 eq "lo")?0:1;
-    }
-    foreach(split("\n",$code)) {
-	s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel	$1$2,$1zr,$1$2,$3/o	or
-	s/vmov\.i8/movi/o		or	# fix up legacy mnemonics
-	s/vmov\s+(.*)/unvmov($1)/geo	or
-	s/vext\.8/ext/o			or
-	s/vshr\.s/sshr\.s/o		or
-	s/vshr/ushr/o			or
-	s/^(\s+)v/$1/o			or	# strip off v prefix
-	s/\bbx\s+lr\b/ret/o;
-
-	s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo;	# old->new registers
-	s/@\s/\/\//o;				# old->new style commentary
-
-	# fix up remainig legacy suffixes
-	s/\.[ui]?8(\s)/$1/o;
-	s/\.[uis]?32//o and s/\.16b/\.4s/go;
-	m/\.p64/o and s/\.16b/\.1q/o;		# 1st pmull argument
-	m/l\.p64/o and s/\.16b/\.1d/go;		# 2nd and 3rd pmull arguments
-	s/\.[uisp]?64//o and s/\.16b/\.2d/go;
-	s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
-
-	print $_,"\n";
-    }
-} else {				######## 32-bit code
-    sub unvdup32 {
-	my $arg=shift;
-
-	$arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o &&
-	sprintf	"vdup.32	q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1;
-    }
-    sub unvpmullp64 {
-	my ($mnemonic,$arg)=@_;
-
-	if ($arg =~ m/q([0-9]+),\s*q([0-9]+),\s*q([0-9]+)/o) {
-	    my $word = 0xf2a00e00|(($1&7)<<13)|(($1&8)<<19)
-				 |(($2&7)<<17)|(($2&8)<<4)
-				 |(($3&7)<<1) |(($3&8)<<2);
-	    $word |= 0x00010001	 if ($mnemonic =~ "2");
-	    # since ARMv7 instructions are always encoded little-endian.
-	    # correct solution is to use .inst directive, but older
-	    # assemblers don't implement it:-(
-	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
-			$word&0xff,($word>>8)&0xff,
-			($word>>16)&0xff,($word>>24)&0xff,
-			$mnemonic,$arg;
-	}
-    }
-
-    foreach(split("\n",$code)) {
-	s/\b[wx]([0-9]+)\b/r$1/go;		# new->old registers
-	s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go;	# new->old registers
-        s/\/\/\s?/@ /o;				# new->old style commentary
-
-	# fix up remainig new-style suffixes
-	s/\],#[0-9]+/]!/o;
-
-	s/cclr\s+([^,]+),\s*([a-z]+)/mov$2	$1,#0/o			or
-	s/vdup\.32\s+(.*)/unvdup32($1)/geo				or
-	s/v?(pmull2?)\.p64\s+(.*)/unvpmullp64($1,$2)/geo		or
-	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
-	s/^(\s+)b\./$1b/o						or
-	s/^(\s+)ret/$1bx\tlr/o;
-
-        print $_,"\n";
-    }
-}
-
-close STDOUT; # enforce flush
diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c
deleted file mode 100644
index 0e54f75470..0000000000
--- a/crypto/modes/cbc128.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
-#include <string.h>
-
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#ifndef STRICT_ALIGNMENT
-#  define STRICT_ALIGNMENT 0
-#endif
-
-void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], block128_f block)
-{
-	size_t n;
-	const unsigned char *iv = ivec;
-
-	assert(in && out && key && ivec);
-
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-	if (STRICT_ALIGNMENT &&
-	    ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
-		while (len>=16) {
-			for(n=0; n<16; ++n)
-				out[n] = in[n] ^ iv[n];
-			(*block)(out, out, key);
-			iv = out;
-			len -= 16;
-			in  += 16;
-			out += 16;
-		}
-	} else {
-		while (len>=16) {
-			for(n=0; n<16; n+=sizeof(size_t))
-				*(size_t*)(out+n) =
-				*(size_t*)(in+n) ^ *(size_t*)(iv+n);
-			(*block)(out, out, key);
-			iv = out;
-			len -= 16;
-			in  += 16;
-			out += 16;
-		}
-	}
-#endif
-	while (len) {
-		for(n=0; n<16 && n<len; ++n)
-			out[n] = in[n] ^ iv[n];
-		for(; n<16; ++n)
-			out[n] = iv[n];
-		(*block)(out, out, key);
-		iv = out;
-		if (len<=16) break;
-		len -= 16;
-		in  += 16;
-		out += 16;
-	}
-	memcpy(ivec,iv,16);
-}
-
-void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], block128_f block)
-{
-	size_t n;
-	union { size_t t[16/sizeof(size_t)]; unsigned char c[16]; } tmp;
-
-	assert(in && out && key && ivec);
-
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-	if (in != out) {
-		const unsigned char *iv = ivec;
-
-		if (STRICT_ALIGNMENT &&
-		    ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
-			while (len>=16) {
-				(*block)(in, out, key);
-				for(n=0; n<16; ++n)
-					out[n] ^= iv[n];
-				iv = in;
-				len -= 16;
-				in  += 16;
-				out += 16;
-			}
-		}
-		else  if (16%sizeof(size_t) == 0) { /* always true */
-			while (len>=16) {
-				size_t *out_t=(size_t *)out, *iv_t=(size_t *)iv;
-
-				(*block)(in, out, key);
-				for(n=0; n<16/sizeof(size_t); n++)
-					out_t[n] ^= iv_t[n];
-				iv = in;
-				len -= 16;
-				in  += 16;
-				out += 16;
-			}
-		}
-		memcpy(ivec,iv,16);
-	} else {
-		if (STRICT_ALIGNMENT &&
-		    ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) {
-			unsigned char c;
-			while (len>=16) {
-				(*block)(in, tmp.c, key);
-				for(n=0; n<16; ++n) {
-					c = in[n];
-					out[n] = tmp.c[n] ^ ivec[n];
-					ivec[n] = c;
-				}
-				len -= 16;
-				in  += 16;
-				out += 16;
-			}
-		}
-		else if (16%sizeof(size_t) == 0) { /* always true */
-			while (len>=16) {
-				size_t c, *out_t=(size_t *)out, *ivec_t=(size_t *)ivec;
-				const size_t *in_t=(const size_t *)in;
-
-				(*block)(in, tmp.c, key);
-				for(n=0; n<16/sizeof(size_t); n++) {
-					c = in_t[n];
-					out_t[n] = tmp.t[n] ^ ivec_t[n];
-					ivec_t[n] = c;
-				}
-				len -= 16;
-				in  += 16;
-				out += 16;
-			}
-		}
-	}
-#endif
-	while (len) {
-		unsigned char c;
-		(*block)(in, tmp.c, key);
-		for(n=0; n<16 && n<len; ++n) {
-			c = in[n];
-			out[n] = tmp.c[n] ^ ivec[n];
-			ivec[n] = c;
-		}
-		if (len<=16) {
-			for (; n<16; ++n)
-				ivec[n] = in[n];
-			break;
-		}
-		len -= 16;
-		in  += 16;
-		out += 16;
-	}
-}
diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c
deleted file mode 100644
index 3ce11d0d98..0000000000
--- a/crypto/modes/ccm128.c
+++ /dev/null
@@ -1,441 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
-#include <string.h>
-
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-/* First you setup M and L parameters and pass the key schedule.
- * This is called once per session setup... */
-void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
-	unsigned int M,unsigned int L,void *key,block128_f block)
-{
-	memset(ctx->nonce.c,0,sizeof(ctx->nonce.c));
-	ctx->nonce.c[0] = ((u8)(L-1)&7) | (u8)(((M-2)/2)&7)<<3;
-	ctx->blocks = 0;
-	ctx->block = block;
-	ctx->key = key;
-}
-
-/* !!! Following interfaces are to be called *once* per packet !!! */
-
-/* Then you setup per-message nonce and pass the length of the message */
-int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
-	const unsigned char *nonce,size_t nlen,size_t mlen)
-{
-	unsigned int L = ctx->nonce.c[0]&7;	/* the L parameter */
-
-	if (nlen<(14-L)) return -1;		/* nonce is too short */
-
-	if (sizeof(mlen)==8 && L>=3) {
-		ctx->nonce.c[8]  = (u8)(mlen>>(56%(sizeof(mlen)*8)));
-		ctx->nonce.c[9]  = (u8)(mlen>>(48%(sizeof(mlen)*8)));
-		ctx->nonce.c[10] = (u8)(mlen>>(40%(sizeof(mlen)*8)));
-		ctx->nonce.c[11] = (u8)(mlen>>(32%(sizeof(mlen)*8)));
-	}
-	else
-		ctx->nonce.u[1] = 0;
-
-	ctx->nonce.c[12] = (u8)(mlen>>24);
-	ctx->nonce.c[13] = (u8)(mlen>>16);
-	ctx->nonce.c[14] = (u8)(mlen>>8);
-	ctx->nonce.c[15] = (u8)mlen;
-
-	ctx->nonce.c[0] &= ~0x40;	/* clear Adata flag */
-	memcpy(&ctx->nonce.c[1],nonce,14-L);
-
-	return 0;
-}
-
-/* Then you pass additional authentication data, this is optional */
-void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx,
-	const unsigned char *aad,size_t alen)
-{	unsigned int i;
-	block128_f block = ctx->block;
-
-	if (alen==0) return;
-
-	ctx->nonce.c[0] |= 0x40;	/* set Adata flag */
-	(*block)(ctx->nonce.c,ctx->cmac.c,ctx->key),
-	ctx->blocks++;
-
-	if (alen<(0x10000-0x100)) {
-		ctx->cmac.c[0] ^= (u8)(alen>>8);
-		ctx->cmac.c[1] ^= (u8)alen;
-		i=2;
-	}
-	else if (sizeof(alen)==8 && alen>=(size_t)1<<(32%(sizeof(alen)*8))) {
-		ctx->cmac.c[0] ^= 0xFF;
-		ctx->cmac.c[1] ^= 0xFF;
-		ctx->cmac.c[2] ^= (u8)(alen>>(56%(sizeof(alen)*8)));
-		ctx->cmac.c[3] ^= (u8)(alen>>(48%(sizeof(alen)*8)));
-		ctx->cmac.c[4] ^= (u8)(alen>>(40%(sizeof(alen)*8)));
-		ctx->cmac.c[5] ^= (u8)(alen>>(32%(sizeof(alen)*8)));
-		ctx->cmac.c[6] ^= (u8)(alen>>24);
-		ctx->cmac.c[7] ^= (u8)(alen>>16);
-		ctx->cmac.c[8] ^= (u8)(alen>>8);
-		ctx->cmac.c[9] ^= (u8)alen;
-		i=10;
-	}
-	else {
-		ctx->cmac.c[0] ^= 0xFF;
-		ctx->cmac.c[1] ^= 0xFE;
-		ctx->cmac.c[2] ^= (u8)(alen>>24);
-		ctx->cmac.c[3] ^= (u8)(alen>>16);
-		ctx->cmac.c[4] ^= (u8)(alen>>8);
-		ctx->cmac.c[5] ^= (u8)alen;
-		i=6;
-	}
-
-	do {
-		for(;i<16 && alen;++i,++aad,--alen)
-			ctx->cmac.c[i] ^= *aad;
-		(*block)(ctx->cmac.c,ctx->cmac.c,ctx->key),
-		ctx->blocks++;
-		i=0;
-	} while (alen);
-}
-
-/* Finally you encrypt or decrypt the message */
-
-/* counter part of nonce may not be larger than L*8 bits,
- * L is not larger than 8, therefore 64-bit counter... */
-static void ctr64_inc(unsigned char *counter) {
-	unsigned int n=8;
-	u8  c;
-
-	counter += 8;
-	do {
-		--n;
-		c = counter[n];
-		++c;
-		counter[n] = c;
-		if (c) return;
-	} while (n);
-}
-
-int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
-	const unsigned char *inp, unsigned char *out,
-	size_t len)
-{
-	size_t		n;
-	unsigned int	i,L;
-	unsigned char	flags0	= ctx->nonce.c[0];
-	block128_f	block	= ctx->block;
-	void *		key	= ctx->key;
-	union { u64 u[2]; u8 c[16]; } scratch;
-
-	if (!(flags0&0x40))
-		(*block)(ctx->nonce.c,ctx->cmac.c,key),
-		ctx->blocks++;
-
-	ctx->nonce.c[0] = L = flags0&7;
-	for (n=0,i=15-L;i<15;++i) {
-		n |= ctx->nonce.c[i];
-		ctx->nonce.c[i]=0;
-		n <<= 8;
-	}
-	n |= ctx->nonce.c[15];	/* reconstructed length */
-	ctx->nonce.c[15]=1;
-
-	if (n!=len) return -1;	/* length mismatch */
-
-	ctx->blocks += ((len+15)>>3)|1;
-	if (ctx->blocks > (U64(1)<<61))	return -2; /* too much data */
-
-	while (len>=16) {
-#if defined(STRICT_ALIGNMENT)
-		union { u64 u[2]; u8 c[16]; } temp;
-
-		memcpy (temp.c,inp,16);
-		ctx->cmac.u[0] ^= temp.u[0];
-		ctx->cmac.u[1] ^= temp.u[1];
-#else
-		ctx->cmac.u[0] ^= ((u64*)inp)[0];
-		ctx->cmac.u[1] ^= ((u64*)inp)[1];
-#endif
-		(*block)(ctx->cmac.c,ctx->cmac.c,key);
-		(*block)(ctx->nonce.c,scratch.c,key);
-		ctr64_inc(ctx->nonce.c);
-#if defined(STRICT_ALIGNMENT)
-		temp.u[0] ^= scratch.u[0];
-		temp.u[1] ^= scratch.u[1];
-		memcpy(out,temp.c,16);
-#else
-		((u64*)out)[0] = scratch.u[0]^((u64*)inp)[0];
-		((u64*)out)[1] = scratch.u[1]^((u64*)inp)[1];
-#endif
-		inp += 16;
-		out += 16;
-		len -= 16;
-	}
-
-	if (len) {
-		for (i=0; i<len; ++i) ctx->cmac.c[i] ^= inp[i];
-		(*block)(ctx->cmac.c,ctx->cmac.c,key);
-		(*block)(ctx->nonce.c,scratch.c,key);
-		for (i=0; i<len; ++i) out[i] = scratch.c[i]^inp[i];
-	}
-
-	for (i=15-L;i<16;++i)
-		ctx->nonce.c[i]=0;
-
-	(*block)(ctx->nonce.c,scratch.c,key);
-	ctx->cmac.u[0] ^= scratch.u[0];
-	ctx->cmac.u[1] ^= scratch.u[1];
-
-	ctx->nonce.c[0] = flags0;
-
-	return 0;
-}
-
-int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
-	const unsigned char *inp, unsigned char *out,
-	size_t len)
-{
-	size_t		n;
-	unsigned int	i,L;
-	unsigned char	flags0	= ctx->nonce.c[0];
-	block128_f	block	= ctx->block;
-	void *		key	= ctx->key;
-	union { u64 u[2]; u8 c[16]; } scratch;
-
-	if (!(flags0&0x40))
-		(*block)(ctx->nonce.c,ctx->cmac.c,key);
-
-	ctx->nonce.c[0] = L = flags0&7;
-	for (n=0,i=15-L;i<15;++i) {
-		n |= ctx->nonce.c[i];
-		ctx->nonce.c[i]=0;
-		n <<= 8;
-	}
-	n |= ctx->nonce.c[15];	/* reconstructed length */
-	ctx->nonce.c[15]=1;
-
-	if (n!=len) return -1;
-
-	while (len>=16) {
-#if defined(STRICT_ALIGNMENT)
-		union { u64 u[2]; u8 c[16]; } temp;
-#endif
-		(*block)(ctx->nonce.c,scratch.c,key);
-		ctr64_inc(ctx->nonce.c);
-#if defined(STRICT_ALIGNMENT)
-		memcpy (temp.c,inp,16);
-		ctx->cmac.u[0] ^= (scratch.u[0] ^= temp.u[0]);
-		ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]);
-		memcpy (out,scratch.c,16);
-#else
-		ctx->cmac.u[0] ^= (((u64*)out)[0] = scratch.u[0]^((u64*)inp)[0]);
-		ctx->cmac.u[1] ^= (((u64*)out)[1] = scratch.u[1]^((u64*)inp)[1]);
-#endif
-		(*block)(ctx->cmac.c,ctx->cmac.c,key);
-
-		inp += 16;
-		out += 16;
-		len -= 16;
-	}
-
-	if (len) {
-		(*block)(ctx->nonce.c,scratch.c,key);
-		for (i=0; i<len; ++i)
-			ctx->cmac.c[i] ^= (out[i] = scratch.c[i]^inp[i]);
-		(*block)(ctx->cmac.c,ctx->cmac.c,key);
-	}
-
-	for (i=15-L;i<16;++i)
-		ctx->nonce.c[i]=0;
-
-	(*block)(ctx->nonce.c,scratch.c,key);
-	ctx->cmac.u[0] ^= scratch.u[0];
-	ctx->cmac.u[1] ^= scratch.u[1];
-
-	ctx->nonce.c[0] = flags0;
-
-	return 0;
-}
-
-static void ctr64_add (unsigned char *counter,size_t inc)
-{	size_t n=8, val=0;
-
-	counter += 8;
-	do {
-		--n;
-		val += counter[n] + (inc&0xff);
-		counter[n] = (unsigned char)val;
-		val >>= 8;	/* carry bit */
-		inc >>= 8;
-	} while(n && (inc || val));
-}
-
-int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx,
-	const unsigned char *inp, unsigned char *out,
-	size_t len,ccm128_f stream)
-{
-	size_t		n;
-	unsigned int	i,L;
-	unsigned char	flags0	= ctx->nonce.c[0];
-	block128_f	block	= ctx->block;
-	void *		key	= ctx->key;
-	union { u64 u[2]; u8 c[16]; } scratch;
-
-	if (!(flags0&0x40))
-		(*block)(ctx->nonce.c,ctx->cmac.c,key),
-		ctx->blocks++;
-
-	ctx->nonce.c[0] = L = flags0&7;
-	for (n=0,i=15-L;i<15;++i) {
-		n |= ctx->nonce.c[i];
-		ctx->nonce.c[i]=0;
-		n <<= 8;
-	}
-	n |= ctx->nonce.c[15];	/* reconstructed length */
-	ctx->nonce.c[15]=1;
-
-	if (n!=len) return -1;	/* length mismatch */
-
-	ctx->blocks += ((len+15)>>3)|1;
-	if (ctx->blocks > (U64(1)<<61))	return -2; /* too much data */
-
-	if ((n=len/16)) {
-		(*stream)(inp,out,n,key,ctx->nonce.c,ctx->cmac.c);
-		n   *= 16;
-		inp += n;
-		out += n;
-		len -= n;
-		if (len) ctr64_add(ctx->nonce.c,n/16);
-	}
-
-	if (len) {
-		for (i=0; i<len; ++i) ctx->cmac.c[i] ^= inp[i];
-		(*block)(ctx->cmac.c,ctx->cmac.c,key);
-		(*block)(ctx->nonce.c,scratch.c,key);
-		for (i=0; i<len; ++i) out[i] = scratch.c[i]^inp[i];
-	}
-
-	for (i=15-L;i<16;++i)
-		ctx->nonce.c[i]=0;
-
-	(*block)(ctx->nonce.c,scratch.c,key);
-	ctx->cmac.u[0] ^= scratch.u[0];
-	ctx->cmac.u[1] ^= scratch.u[1];
-
-	ctx->nonce.c[0] = flags0;
-
-	return 0;
-}
-
-int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx,
-	const unsigned char *inp, unsigned char *out,
-	size_t len,ccm128_f stream)
-{
-	size_t		n;
-	unsigned int	i,L;
-	unsigned char	flags0	= ctx->nonce.c[0];
-	block128_f	block	= ctx->block;
-	void *		key	= ctx->key;
-	union { u64 u[2]; u8 c[16]; } scratch;
-
-	if (!(flags0&0x40))
-		(*block)(ctx->nonce.c,ctx->cmac.c,key);
-
-	ctx->nonce.c[0] = L = flags0&7;
-	for (n=0,i=15-L;i<15;++i) {
-		n |= ctx->nonce.c[i];
-		ctx->nonce.c[i]=0;
-		n <<= 8;
-	}
-	n |= ctx->nonce.c[15];	/* reconstructed length */
-	ctx->nonce.c[15]=1;
-
-	if (n!=len) return -1;
-
-	if ((n=len/16)) {
-		(*stream)(inp,out,n,key,ctx->nonce.c,ctx->cmac.c);
-		n   *= 16;
-		inp += n;
-		out += n;
-		len -= n;
-		if (len) ctr64_add(ctx->nonce.c,n/16);
-	}
-
-	if (len) {
-		(*block)(ctx->nonce.c,scratch.c,key);
-		for (i=0; i<len; ++i)
-			ctx->cmac.c[i] ^= (out[i] = scratch.c[i]^inp[i]);
-		(*block)(ctx->cmac.c,ctx->cmac.c,key);
-	}
-
-	for (i=15-L;i<16;++i)
-		ctx->nonce.c[i]=0;
-
-	(*block)(ctx->nonce.c,scratch.c,key);
-	ctx->cmac.u[0] ^= scratch.u[0];
-	ctx->cmac.u[1] ^= scratch.u[1];
-
-	ctx->nonce.c[0] = flags0;
-
-	return 0;
-}
-
-size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx,unsigned char *tag,size_t len)
-{	unsigned int M = (ctx->nonce.c[0]>>3)&7;	/* the M parameter */
-
-	M *= 2; M += 2;
-	if (len<M)	return 0;
-	memcpy(tag,ctx->cmac.c,M);
-	return M;
-}
diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c
deleted file mode 100644
index 4e6f5d35e1..0000000000
--- a/crypto/modes/cfb128.c
+++ /dev/null
@@ -1,242 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
-#include <string.h>
-
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-/* The input and output encrypted as though 128bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
-void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], int *num,
-			int enc, block128_f block)
-{
-    unsigned int n;
-    size_t l = 0;
-
-    assert(in && out && key && ivec && num);
-
-    n = *num;
-
-    if (enc) {
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-	if (16%sizeof(size_t) == 0) do {	/* always true actually */
-		while (n && len) {
-			*(out++) = ivec[n] ^= *(in++);
-			--len;
-			n = (n+1) % 16;
-		}
-#if defined(STRICT_ALIGNMENT)
-		if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
-			break;
-#endif
-		while (len>=16) {
-			(*block)(ivec, ivec, key);
-			for (; n<16; n+=sizeof(size_t)) {
-				*(size_t*)(out+n) =
-				*(size_t*)(ivec+n) ^= *(size_t*)(in+n);
-			}
-			len -= 16;
-			out += 16;
-			in  += 16;
-			n = 0;
-		}
-		if (len) {
-			(*block)(ivec, ivec, key);
-			while (len--) {
-				out[n] = ivec[n] ^= in[n];
-				++n;
-			}
-		}
-		*num = n;
-		return;
-	} while (0);
-	/* the rest would be commonly eliminated by x86* compiler */
-#endif
-	while (l<len) {
-		if (n == 0) {
-			(*block)(ivec, ivec, key);
-		}
-		out[l] = ivec[n] ^= in[l];
-		++l;
-		n = (n+1) % 16;
-	}
-	*num = n;
-    } else {
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-	if (16%sizeof(size_t) == 0) do {	/* always true actually */
-		while (n && len) {
-			unsigned char c;
-			*(out++) = ivec[n] ^ (c = *(in++)); ivec[n] = c;
-			--len;
-			n = (n+1) % 16;
- 		}
-#if defined(STRICT_ALIGNMENT)
-		if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
-			break;
-#endif
-		while (len>=16) {
-			(*block)(ivec, ivec, key);
-			for (; n<16; n+=sizeof(size_t)) {
-				size_t t = *(size_t*)(in+n);
-				*(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t;
-				*(size_t*)(ivec+n) = t;
-			}
-			len -= 16;
-			out += 16;
-			in  += 16;
-			n = 0;
-		}
-		if (len) {
-			(*block)(ivec, ivec, key);
-			while (len--) {
-				unsigned char c;
-				out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c;
-				++n;
-			}
- 		}
-		*num = n;
-		return;
-	} while (0);
-	/* the rest would be commonly eliminated by x86* compiler */
-#endif
-	while (l<len) {
-		unsigned char c;
-		if (n == 0) {
-			(*block)(ivec, ivec, key);
-		}
-		out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c;
-		++l;
-		n = (n+1) % 16;
-	}
-	*num=n;
-    }
-}
-
-/* This expects a single block of size nbits for both in and out. Note that
-   it corrupts any extra bits in the last byte of out */
-static void cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-			    int nbits,const void *key,
-			    unsigned char ivec[16],int enc,
-			    block128_f block)
-{
-    int n,rem,num;
-    unsigned char ovec[16*2 + 1];  /* +1 because we dererefence (but don't use) one byte off the end */
-
-    if (nbits<=0 || nbits>128) return;
-
-	/* fill in the first half of the new IV with the current IV */
-	memcpy(ovec,ivec,16);
-	/* construct the new IV */
-	(*block)(ivec,ivec,key);
-	num = (nbits+7)/8;
-	if (enc)	/* encrypt the input */
-	    for(n=0 ; n < num ; ++n)
-		out[n] = (ovec[16+n] = in[n] ^ ivec[n]);
-	else		/* decrypt the input */
-	    for(n=0 ; n < num ; ++n)
-		out[n] = (ovec[16+n] = in[n]) ^ ivec[n];
-	/* shift ovec left... */
-	rem = nbits%8;
-	num = nbits/8;
-	if(rem==0)
-	    memcpy(ivec,ovec+num,16);
-	else
-	    for(n=0 ; n < 16 ; ++n)
-		ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
-
-    /* it is not necessary to cleanse ovec, since the IV is not secret */
-}
-
-/* N.B. This expects the input to be packed, MS bit first */
-void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
-		 	size_t bits, const void *key,
-			unsigned char ivec[16], int *num,
-			int enc, block128_f block)
-{
-    size_t n;
-    unsigned char c[1],d[1];
-
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-
-    for(n=0 ; n<bits ; ++n)
-	{
-	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-	cfbr_encrypt_block(c,d,1,key,ivec,enc,block);
-	out[n/8]=(out[n/8]&~(1 << (unsigned int)(7-n%8))) |
-		 ((d[0]&0x80) >> (unsigned int)(n%8));
-	}
-}
-
-void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
-			size_t length, const void *key,
-			unsigned char ivec[16], int *num,
-			int enc, block128_f block)
-{
-    size_t n;
-
-    assert(in && out && key && ivec && num);
-    assert(*num == 0);
-
-    for(n=0 ; n<length ; ++n)
-	cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc,block);
-}
-
diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c
deleted file mode 100644
index ee642c5863..0000000000
--- a/crypto/modes/ctr128.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
-#include <string.h>
-
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-/* NOTE: the IV/counter CTR mode is big-endian.  The code itself
- * is endian-neutral. */
-
-/* increment counter (128-bit int) by 1 */
-static void ctr128_inc(unsigned char *counter) {
-	u32 n=16;
-	u8  c;
-
-	do {
-		--n;
-		c = counter[n];
-		++c;
-		counter[n] = c;
-		if (c) return;
-	} while (n);
-}
-
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-static void ctr128_inc_aligned(unsigned char *counter) {
-	size_t *data,c,n;
-	const union { long one; char little; } is_endian = {1};
-
-	if (is_endian.little) {
-		ctr128_inc(counter);
-		return;
-	}
-
-	data = (size_t *)counter;
-	n = 16/sizeof(size_t);
-	do {
-		--n;
-		c = data[n];
-		++c;
-		data[n] = c;
-		if (c) return;
-	} while (n);
-}
-#endif
-
-/* The input encrypted as though 128bit counter mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num, and the
- * encrypted counter is kept in ecount_buf.  Both *num and
- * ecount_buf must be initialised with zeros before the first
- * call to CRYPTO_ctr128_encrypt().
- *
- * This algorithm assumes that the counter is in the x lower bits
- * of the IV (ivec), and that the application has full control over
- * overflow and the rest of the IV.  This implementation takes NO
- * responsability for checking that the counter doesn't overflow
- * into the rest of the IV when incremented.
- */
-void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], unsigned char ecount_buf[16],
-			unsigned int *num, block128_f block)
-{
-	unsigned int n;
-	size_t l=0;
-
-	assert(in && out && key && ecount_buf && num);
-	assert(*num < 16);
-
-	n = *num;
-
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-	if (16%sizeof(size_t) == 0) do { /* always true actually */
-		while (n && len) {
-			*(out++) = *(in++) ^ ecount_buf[n];
-			--len;
-			n = (n+1) % 16;
-		}
-
-#if defined(STRICT_ALIGNMENT)
-		if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
-			break;
-#endif
-		while (len>=16) {
-			(*block)(ivec, ecount_buf, key);
-			ctr128_inc_aligned(ivec);
-			for (; n<16; n+=sizeof(size_t))
-				*(size_t *)(out+n) =
-				*(size_t *)(in+n) ^ *(size_t *)(ecount_buf+n);
-			len -= 16;
-			out += 16;
-			in  += 16;
-			n = 0;
-		}
-		if (len) {
-			(*block)(ivec, ecount_buf, key);
- 			ctr128_inc_aligned(ivec);
-			while (len--) {
-				out[n] = in[n] ^ ecount_buf[n];
-				++n;
-			}
-		}
-		*num = n;
-		return;
-	} while(0);
-	/* the rest would be commonly eliminated by x86* compiler */
-#endif
-	while (l<len) {
-		if (n==0) {
-			(*block)(ivec, ecount_buf, key);
- 			ctr128_inc(ivec);
-		}
-		out[l] = in[l] ^ ecount_buf[n];
-		++l;
-		n = (n+1) % 16;
-	}
-
-	*num=n;
-}
-
-/* increment upper 96 bits of 128-bit counter by 1 */
-static void ctr96_inc(unsigned char *counter) {
-	u32 n=12;
-	u8  c;
-
-	do {
-		--n;
-		c = counter[n];
-		++c;
-		counter[n] = c;
-		if (c) return;
-	} while (n);
-}
-
-void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], unsigned char ecount_buf[16],
-			unsigned int *num, ctr128_f func)
-{
-	unsigned int n,ctr32;
-
-	assert(in && out && key && ecount_buf && num);
-	assert(*num < 16);
-
-	n = *num;
-
-	while (n && len) {
-		*(out++) = *(in++) ^ ecount_buf[n];
-		--len;
-		n = (n+1) % 16;
-	}
-
-	ctr32 = GETU32(ivec+12);
-	while (len>=16) {
-		size_t blocks = len/16;
-		/*
-		 * 1<<28 is just a not-so-small yet not-so-large number...
-		 * Below condition is practically never met, but it has to
-		 * be checked for code correctness.
-		 */
-		if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28))
-			blocks = (1U<<28);
-		/*
-		 * As (*func) operates on 32-bit counter, caller
-		 * has to handle overflow. 'if' below detects the
-		 * overflow, which is then handled by limiting the
-		 * amount of blocks to the exact overflow point...
-		 */
-		ctr32 += (u32)blocks;
-		if (ctr32 < blocks) {
-			blocks -= ctr32;
-			ctr32   = 0;
-		}
-		(*func)(in,out,blocks,key,ivec);
-		/* (*ctr) does not update ivec, caller does: */
-		PUTU32(ivec+12,ctr32);
-		/* ... overflow was detected, propogate carry. */
-		if (ctr32 == 0)	ctr96_inc(ivec);
-		blocks *= 16;
-		len -= blocks;
-		out += blocks;
-		in  += blocks;
-	}
-	if (len) {
-		memset(ecount_buf,0,16);
-		(*func)(ecount_buf,ecount_buf,1,key,ivec);
-		++ctr32;
-		PUTU32(ivec+12,ctr32);
-		if (ctr32 == 0)	ctr96_inc(ivec);
-		while (len--) {
-			out[n] = in[n] ^ ecount_buf[n];
-			++n;
-		}
-	}
-
-	*num=n;
-}
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
deleted file mode 100644
index 79ebb66ec2..0000000000
--- a/crypto/modes/gcm128.c
+++ /dev/null
@@ -1,1924 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#define OPENSSL_FIPSAPI
-
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
-#include <string.h>
-
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#if defined(BSWAP4) && defined(STRICT_ALIGNMENT)
-/* redefine, because alignment is ensured */
-#undef	GETU32
-#define	GETU32(p)	BSWAP4(*(const u32 *)(p))
-#undef	PUTU32
-#define	PUTU32(p,v)	*(u32 *)(p) = BSWAP4(v)
-#endif
-
-#define	PACK(s)		((size_t)(s)<<(sizeof(size_t)*8-16))
-#define REDUCE1BIT(V)	do { \
-	if (sizeof(size_t)==8) { \
-		u64 T = U64(0xe100000000000000) & (0-(V.lo&1)); \
-		V.lo  = (V.hi<<63)|(V.lo>>1); \
-		V.hi  = (V.hi>>1 )^T; \
-	} \
-	else { \
-		u32 T = 0xe1000000U & (0-(u32)(V.lo&1)); \
-		V.lo  = (V.hi<<63)|(V.lo>>1); \
-		V.hi  = (V.hi>>1 )^((u64)T<<32); \
-	} \
-} while(0)
-
-/*
- * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
- * never be set to 8. 8 is effectively reserved for testing purposes.
- * TABLE_BITS>1 are lookup-table-driven implementations referred to as
- * "Shoup's" in GCM specification. In other words OpenSSL does not cover
- * whole spectrum of possible table driven implementations. Why? In
- * non-"Shoup's" case memory access pattern is segmented in such manner,
- * that it's trivial to see that cache timing information can reveal
- * fair portion of intermediate hash value. Given that ciphertext is
- * always available to attacker, it's possible for him to attempt to
- * deduce secret parameter H and if successful, tamper with messages
- * [which is nothing but trivial in CTR mode]. In "Shoup's" case it's
- * not as trivial, but there is no reason to believe that it's resistant
- * to cache-timing attack. And the thing about "8-bit" implementation is
- * that it consumes 16 (sixteen) times more memory, 4KB per individual
- * key + 1KB shared. Well, on pros side it should be twice as fast as
- * "4-bit" version. And for gcc-generated x86[_64] code, "8-bit" version
- * was observed to run ~75% faster, closer to 100% for commercial
- * compilers... Yet "4-bit" procedure is preferred, because it's
- * believed to provide better security-performance balance and adequate
- * all-round performance. "All-round" refers to things like:
- *
- * - shorter setup time effectively improves overall timing for
- *   handling short messages;
- * - larger table allocation can become unbearable because of VM
- *   subsystem penalties (for example on Windows large enough free
- *   results in VM working set trimming, meaning that consequent
- *   malloc would immediately incur working set expansion);
- * - larger table has larger cache footprint, which can affect
- *   performance of other code paths (not necessarily even from same
- *   thread in Hyper-Threading world);
- *
- * Value of 1 is not appropriate for performance reasons.
- */
-#if	TABLE_BITS==8
-
-static void gcm_init_8bit(u128 Htable[256], u64 H[2])
-{
-	int  i, j;
-	u128 V;
-
-	Htable[0].hi = 0;
-	Htable[0].lo = 0;
-	V.hi = H[0];
-	V.lo = H[1];
-
-	for (Htable[128]=V, i=64; i>0; i>>=1) {
-		REDUCE1BIT(V);
-		Htable[i] = V;
-	}
-
-	for (i=2; i<256; i<<=1) {
-		u128 *Hi = Htable+i, H0 = *Hi;
-		for (j=1; j<i; ++j) {
-			Hi[j].hi = H0.hi^Htable[j].hi;
-			Hi[j].lo = H0.lo^Htable[j].lo;
-		}
-	}
-}
-
-static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
-{
-	u128 Z = { 0, 0};
-	const u8 *xi = (const u8 *)Xi+15;
-	size_t rem, n = *xi;
-	const union { long one; char little; } is_endian = {1};
-	static const size_t rem_8bit[256] = {
-		PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246),
-		PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E),
-		PACK(0x0E10), PACK(0x0FD2), PACK(0x0D94), PACK(0x0C56),
-		PACK(0x0918), PACK(0x08DA), PACK(0x0A9C), PACK(0x0B5E),
-		PACK(0x1C20), PACK(0x1DE2), PACK(0x1FA4), PACK(0x1E66),
-		PACK(0x1B28), PACK(0x1AEA), PACK(0x18AC), PACK(0x196E),
-		PACK(0x1230), PACK(0x13F2), PACK(0x11B4), PACK(0x1076),
-		PACK(0x1538), PACK(0x14FA), PACK(0x16BC), PACK(0x177E),
-		PACK(0x3840), PACK(0x3982), PACK(0x3BC4), PACK(0x3A06),
-		PACK(0x3F48), PACK(0x3E8A), PACK(0x3CCC), PACK(0x3D0E),
-		PACK(0x3650), PACK(0x3792), PACK(0x35D4), PACK(0x3416),
-		PACK(0x3158), PACK(0x309A), PACK(0x32DC), PACK(0x331E),
-		PACK(0x2460), PACK(0x25A2), PACK(0x27E4), PACK(0x2626),
-		PACK(0x2368), PACK(0x22AA), PACK(0x20EC), PACK(0x212E),
-		PACK(0x2A70), PACK(0x2BB2), PACK(0x29F4), PACK(0x2836),
-		PACK(0x2D78), PACK(0x2CBA), PACK(0x2EFC), PACK(0x2F3E),
-		PACK(0x7080), PACK(0x7142), PACK(0x7304), PACK(0x72C6),
-		PACK(0x7788), PACK(0x764A), PACK(0x740C), PACK(0x75CE),
-		PACK(0x7E90), PACK(0x7F52), PACK(0x7D14), PACK(0x7CD6),
-		PACK(0x7998), PACK(0x785A), PACK(0x7A1C), PACK(0x7BDE),
-		PACK(0x6CA0), PACK(0x6D62), PACK(0x6F24), PACK(0x6EE6),
-		PACK(0x6BA8), PACK(0x6A6A), PACK(0x682C), PACK(0x69EE),
-		PACK(0x62B0), PACK(0x6372), PACK(0x6134), PACK(0x60F6),
-		PACK(0x65B8), PACK(0x647A), PACK(0x663C), PACK(0x67FE),
-		PACK(0x48C0), PACK(0x4902), PACK(0x4B44), PACK(0x4A86),
-		PACK(0x4FC8), PACK(0x4E0A), PACK(0x4C4C), PACK(0x4D8E),
-		PACK(0x46D0), PACK(0x4712), PACK(0x4554), PACK(0x4496),
-		PACK(0x41D8), PACK(0x401A), PACK(0x425C), PACK(0x439E),
-		PACK(0x54E0), PACK(0x5522), PACK(0x5764), PACK(0x56A6),
-		PACK(0x53E8), PACK(0x522A), PACK(0x506C), PACK(0x51AE),
-		PACK(0x5AF0), PACK(0x5B32), PACK(0x5974), PACK(0x58B6),
-		PACK(0x5DF8), PACK(0x5C3A), PACK(0x5E7C), PACK(0x5FBE),
-		PACK(0xE100), PACK(0xE0C2), PACK(0xE284), PACK(0xE346),
-		PACK(0xE608), PACK(0xE7CA), PACK(0xE58C), PACK(0xE44E),
-		PACK(0xEF10), PACK(0xEED2), PACK(0xEC94), PACK(0xED56),
-		PACK(0xE818), PACK(0xE9DA), PACK(0xEB9C), PACK(0xEA5E),
-		PACK(0xFD20), PACK(0xFCE2), PACK(0xFEA4), PACK(0xFF66),
-		PACK(0xFA28), PACK(0xFBEA), PACK(0xF9AC), PACK(0xF86E),
-		PACK(0xF330), PACK(0xF2F2), PACK(0xF0B4), PACK(0xF176),
-		PACK(0xF438), PACK(0xF5FA), PACK(0xF7BC), PACK(0xF67E),
-		PACK(0xD940), PACK(0xD882), PACK(0xDAC4), PACK(0xDB06),
-		PACK(0xDE48), PACK(0xDF8A), PACK(0xDDCC), PACK(0xDC0E),
-		PACK(0xD750), PACK(0xD692), PACK(0xD4D4), PACK(0xD516),
-		PACK(0xD058), PACK(0xD19A), PACK(0xD3DC), PACK(0xD21E),
-		PACK(0xC560), PACK(0xC4A2), PACK(0xC6E4), PACK(0xC726),
-		PACK(0xC268), PACK(0xC3AA), PACK(0xC1EC), PACK(0xC02E),
-		PACK(0xCB70), PACK(0xCAB2), PACK(0xC8F4), PACK(0xC936),
-		PACK(0xCC78), PACK(0xCDBA), PACK(0xCFFC), PACK(0xCE3E),
-		PACK(0x9180), PACK(0x9042), PACK(0x9204), PACK(0x93C6),
-		PACK(0x9688), PACK(0x974A), PACK(0x950C), PACK(0x94CE),
-		PACK(0x9F90), PACK(0x9E52), PACK(0x9C14), PACK(0x9DD6),
-		PACK(0x9898), PACK(0x995A), PACK(0x9B1C), PACK(0x9ADE),
-		PACK(0x8DA0), PACK(0x8C62), PACK(0x8E24), PACK(0x8FE6),
-		PACK(0x8AA8), PACK(0x8B6A), PACK(0x892C), PACK(0x88EE),
-		PACK(0x83B0), PACK(0x8272), PACK(0x8034), PACK(0x81F6),
-		PACK(0x84B8), PACK(0x857A), PACK(0x873C), PACK(0x86FE),
-		PACK(0xA9C0), PACK(0xA802), PACK(0xAA44), PACK(0xAB86),
-		PACK(0xAEC8), PACK(0xAF0A), PACK(0xAD4C), PACK(0xAC8E),
-		PACK(0xA7D0), PACK(0xA612), PACK(0xA454), PACK(0xA596),
-		PACK(0xA0D8), PACK(0xA11A), PACK(0xA35C), PACK(0xA29E),
-		PACK(0xB5E0), PACK(0xB422), PACK(0xB664), PACK(0xB7A6),
-		PACK(0xB2E8), PACK(0xB32A), PACK(0xB16C), PACK(0xB0AE),
-		PACK(0xBBF0), PACK(0xBA32), PACK(0xB874), PACK(0xB9B6),
-		PACK(0xBCF8), PACK(0xBD3A), PACK(0xBF7C), PACK(0xBEBE) };
-
-	while (1) {
-		Z.hi ^= Htable[n].hi;
-		Z.lo ^= Htable[n].lo;
-
-		if ((u8 *)Xi==xi)	break;
-
-		n = *(--xi);
-
-		rem  = (size_t)Z.lo&0xff;
-		Z.lo = (Z.hi<<56)|(Z.lo>>8);
-		Z.hi = (Z.hi>>8);
-		if (sizeof(size_t)==8)
-			Z.hi ^= rem_8bit[rem];
-		else
-			Z.hi ^= (u64)rem_8bit[rem]<<32;
-	}
-
-	if (is_endian.little) {
-#ifdef BSWAP8
-		Xi[0] = BSWAP8(Z.hi);
-		Xi[1] = BSWAP8(Z.lo);
-#else
-		u8 *p = (u8 *)Xi;
-		u32 v;
-		v = (u32)(Z.hi>>32);	PUTU32(p,v);
-		v = (u32)(Z.hi);	PUTU32(p+4,v);
-		v = (u32)(Z.lo>>32);	PUTU32(p+8,v);
-		v = (u32)(Z.lo);	PUTU32(p+12,v);
-#endif
-	}
-	else {
-		Xi[0] = Z.hi;
-		Xi[1] = Z.lo;
-	}
-}
-#define GCM_MUL(ctx,Xi)   gcm_gmult_8bit(ctx->Xi.u,ctx->Htable)
-
-#elif	TABLE_BITS==4
-
-static void gcm_init_4bit(u128 Htable[16], u64 H[2])
-{
-	u128 V;
-#if defined(OPENSSL_SMALL_FOOTPRINT)
-	int  i;
-#endif
-
-	Htable[0].hi = 0;
-	Htable[0].lo = 0;
-	V.hi = H[0];
-	V.lo = H[1];
-
-#if defined(OPENSSL_SMALL_FOOTPRINT)
-	for (Htable[8]=V, i=4; i>0; i>>=1) {
-		REDUCE1BIT(V);
-		Htable[i] = V;
-	}
-
-	for (i=2; i<16; i<<=1) {
-		u128 *Hi = Htable+i;
-		int   j;
-		for (V=*Hi, j=1; j<i; ++j) {
-			Hi[j].hi = V.hi^Htable[j].hi;
-			Hi[j].lo = V.lo^Htable[j].lo;
-		}
-	}
-#else
-	Htable[8] = V;
-	REDUCE1BIT(V);
-	Htable[4] = V;
-	REDUCE1BIT(V);
-	Htable[2] = V;
-	REDUCE1BIT(V);
-	Htable[1] = V;
-	Htable[3].hi  = V.hi^Htable[2].hi, Htable[3].lo  = V.lo^Htable[2].lo;
-	V=Htable[4];
-	Htable[5].hi  = V.hi^Htable[1].hi, Htable[5].lo  = V.lo^Htable[1].lo;
-	Htable[6].hi  = V.hi^Htable[2].hi, Htable[6].lo  = V.lo^Htable[2].lo;
-	Htable[7].hi  = V.hi^Htable[3].hi, Htable[7].lo  = V.lo^Htable[3].lo;
-	V=Htable[8];
-	Htable[9].hi  = V.hi^Htable[1].hi, Htable[9].lo  = V.lo^Htable[1].lo;
-	Htable[10].hi = V.hi^Htable[2].hi, Htable[10].lo = V.lo^Htable[2].lo;
-	Htable[11].hi = V.hi^Htable[3].hi, Htable[11].lo = V.lo^Htable[3].lo;
-	Htable[12].hi = V.hi^Htable[4].hi, Htable[12].lo = V.lo^Htable[4].lo;
-	Htable[13].hi = V.hi^Htable[5].hi, Htable[13].lo = V.lo^Htable[5].lo;
-	Htable[14].hi = V.hi^Htable[6].hi, Htable[14].lo = V.lo^Htable[6].lo;
-	Htable[15].hi = V.hi^Htable[7].hi, Htable[15].lo = V.lo^Htable[7].lo;
-#endif
-#if defined(GHASH_ASM) && (defined(__arm__) || defined(__arm))
-	/*
-	 * ARM assembler expects specific dword order in Htable.
-	 */
-	{
-	int j;
-	const union { long one; char little; } is_endian = {1};
-
-	if (is_endian.little)
-		for (j=0;j<16;++j) {
-			V = Htable[j];
-			Htable[j].hi = V.lo;
-			Htable[j].lo = V.hi;
-		}
-	else
-		for (j=0;j<16;++j) {
-			V = Htable[j];
-			Htable[j].hi = V.lo<<32|V.lo>>32;
-			Htable[j].lo = V.hi<<32|V.hi>>32;
-		}
-	}
-#endif
-}
-
-#ifndef GHASH_ASM
-static const size_t rem_4bit[16] = {
-	PACK(0x0000), PACK(0x1C20), PACK(0x3840), PACK(0x2460),
-	PACK(0x7080), PACK(0x6CA0), PACK(0x48C0), PACK(0x54E0),
-	PACK(0xE100), PACK(0xFD20), PACK(0xD940), PACK(0xC560),
-	PACK(0x9180), PACK(0x8DA0), PACK(0xA9C0), PACK(0xB5E0) };
-
-static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
-{
-	u128 Z;
-	int cnt = 15;
-	size_t rem, nlo, nhi;
-	const union { long one; char little; } is_endian = {1};
-
-	nlo  = ((const u8 *)Xi)[15];
-	nhi  = nlo>>4;
-	nlo &= 0xf;
-
-	Z.hi = Htable[nlo].hi;
-	Z.lo = Htable[nlo].lo;
-
-	while (1) {
-		rem  = (size_t)Z.lo&0xf;
-		Z.lo = (Z.hi<<60)|(Z.lo>>4);
-		Z.hi = (Z.hi>>4);
-		if (sizeof(size_t)==8)
-			Z.hi ^= rem_4bit[rem];
-		else
-			Z.hi ^= (u64)rem_4bit[rem]<<32;
-
-		Z.hi ^= Htable[nhi].hi;
-		Z.lo ^= Htable[nhi].lo;
-
-		if (--cnt<0)		break;
-
-		nlo  = ((const u8 *)Xi)[cnt];
-		nhi  = nlo>>4;
-		nlo &= 0xf;
-
-		rem  = (size_t)Z.lo&0xf;
-		Z.lo = (Z.hi<<60)|(Z.lo>>4);
-		Z.hi = (Z.hi>>4);
-		if (sizeof(size_t)==8)
-			Z.hi ^= rem_4bit[rem];
-		else
-			Z.hi ^= (u64)rem_4bit[rem]<<32;
-
-		Z.hi ^= Htable[nlo].hi;
-		Z.lo ^= Htable[nlo].lo;
-	}
-
-	if (is_endian.little) {
-#ifdef BSWAP8
-		Xi[0] = BSWAP8(Z.hi);
-		Xi[1] = BSWAP8(Z.lo);
-#else
-		u8 *p = (u8 *)Xi;
-		u32 v;
-		v = (u32)(Z.hi>>32);	PUTU32(p,v);
-		v = (u32)(Z.hi);	PUTU32(p+4,v);
-		v = (u32)(Z.lo>>32);	PUTU32(p+8,v);
-		v = (u32)(Z.lo);	PUTU32(p+12,v);
-#endif
-	}
-	else {
-		Xi[0] = Z.hi;
-		Xi[1] = Z.lo;
-	}
-}
-
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-/*
- * Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en|de]crypt for
- * details... Compiler-generated code doesn't seem to give any
- * performance improvement, at least not on x86[_64]. It's here
- * mostly as reference and a placeholder for possible future
- * non-trivial optimization[s]...
- */
-static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16],
-				const u8 *inp,size_t len)
-{
-    u128 Z;
-    int cnt;
-    size_t rem, nlo, nhi;
-    const union { long one; char little; } is_endian = {1};
-
-#if 1
-    do {
-	cnt  = 15;
-	nlo  = ((const u8 *)Xi)[15];
-	nlo ^= inp[15];
-	nhi  = nlo>>4;
-	nlo &= 0xf;
-
-	Z.hi = Htable[nlo].hi;
-	Z.lo = Htable[nlo].lo;
-
-	while (1) {
-		rem  = (size_t)Z.lo&0xf;
-		Z.lo = (Z.hi<<60)|(Z.lo>>4);
-		Z.hi = (Z.hi>>4);
-		if (sizeof(size_t)==8)
-			Z.hi ^= rem_4bit[rem];
-		else
-			Z.hi ^= (u64)rem_4bit[rem]<<32;
-
-		Z.hi ^= Htable[nhi].hi;
-		Z.lo ^= Htable[nhi].lo;
-
-		if (--cnt<0)		break;
-
-		nlo  = ((const u8 *)Xi)[cnt];
-		nlo ^= inp[cnt];
-		nhi  = nlo>>4;
-		nlo &= 0xf;
-
-		rem  = (size_t)Z.lo&0xf;
-		Z.lo = (Z.hi<<60)|(Z.lo>>4);
-		Z.hi = (Z.hi>>4);
-		if (sizeof(size_t)==8)
-			Z.hi ^= rem_4bit[rem];
-		else
-			Z.hi ^= (u64)rem_4bit[rem]<<32;
-
-		Z.hi ^= Htable[nlo].hi;
-		Z.lo ^= Htable[nlo].lo;
-	}
-#else
-    /*
-     * Extra 256+16 bytes per-key plus 512 bytes shared tables
-     * [should] give ~50% improvement... One could have PACK()-ed
-     * the rem_8bit even here, but the priority is to minimize
-     * cache footprint...
-     */ 
-    u128 Hshr4[16];	/* Htable shifted right by 4 bits */
-    u8   Hshl4[16];	/* Htable shifted left  by 4 bits */
-    static const unsigned short rem_8bit[256] = {
-	0x0000, 0x01C2, 0x0384, 0x0246, 0x0708, 0x06CA, 0x048C, 0x054E,
-	0x0E10, 0x0FD2, 0x0D94, 0x0C56, 0x0918, 0x08DA, 0x0A9C, 0x0B5E,
-	0x1C20, 0x1DE2, 0x1FA4, 0x1E66, 0x1B28, 0x1AEA, 0x18AC, 0x196E,
-	0x1230, 0x13F2, 0x11B4, 0x1076, 0x1538, 0x14FA, 0x16BC, 0x177E,
-	0x3840, 0x3982, 0x3BC4, 0x3A06, 0x3F48, 0x3E8A, 0x3CCC, 0x3D0E,
-	0x3650, 0x3792, 0x35D4, 0x3416, 0x3158, 0x309A, 0x32DC, 0x331E,
-	0x2460, 0x25A2, 0x27E4, 0x2626, 0x2368, 0x22AA, 0x20EC, 0x212E,
-	0x2A70, 0x2BB2, 0x29F4, 0x2836, 0x2D78, 0x2CBA, 0x2EFC, 0x2F3E,
-	0x7080, 0x7142, 0x7304, 0x72C6, 0x7788, 0x764A, 0x740C, 0x75CE,
-	0x7E90, 0x7F52, 0x7D14, 0x7CD6, 0x7998, 0x785A, 0x7A1C, 0x7BDE,
-	0x6CA0, 0x6D62, 0x6F24, 0x6EE6, 0x6BA8, 0x6A6A, 0x682C, 0x69EE,
-	0x62B0, 0x6372, 0x6134, 0x60F6, 0x65B8, 0x647A, 0x663C, 0x67FE,
-	0x48C0, 0x4902, 0x4B44, 0x4A86, 0x4FC8, 0x4E0A, 0x4C4C, 0x4D8E,
-	0x46D0, 0x4712, 0x4554, 0x4496, 0x41D8, 0x401A, 0x425C, 0x439E,
-	0x54E0, 0x5522, 0x5764, 0x56A6, 0x53E8, 0x522A, 0x506C, 0x51AE,
-	0x5AF0, 0x5B32, 0x5974, 0x58B6, 0x5DF8, 0x5C3A, 0x5E7C, 0x5FBE,
-	0xE100, 0xE0C2, 0xE284, 0xE346, 0xE608, 0xE7CA, 0xE58C, 0xE44E,
-	0xEF10, 0xEED2, 0xEC94, 0xED56, 0xE818, 0xE9DA, 0xEB9C, 0xEA5E,
-	0xFD20, 0xFCE2, 0xFEA4, 0xFF66, 0xFA28, 0xFBEA, 0xF9AC, 0xF86E,
-	0xF330, 0xF2F2, 0xF0B4, 0xF176, 0xF438, 0xF5FA, 0xF7BC, 0xF67E,
-	0xD940, 0xD882, 0xDAC4, 0xDB06, 0xDE48, 0xDF8A, 0xDDCC, 0xDC0E,
-	0xD750, 0xD692, 0xD4D4, 0xD516, 0xD058, 0xD19A, 0xD3DC, 0xD21E,
-	0xC560, 0xC4A2, 0xC6E4, 0xC726, 0xC268, 0xC3AA, 0xC1EC, 0xC02E,
-	0xCB70, 0xCAB2, 0xC8F4, 0xC936, 0xCC78, 0xCDBA, 0xCFFC, 0xCE3E,
-	0x9180, 0x9042, 0x9204, 0x93C6, 0x9688, 0x974A, 0x950C, 0x94CE,
-	0x9F90, 0x9E52, 0x9C14, 0x9DD6, 0x9898, 0x995A, 0x9B1C, 0x9ADE,
-	0x8DA0, 0x8C62, 0x8E24, 0x8FE6, 0x8AA8, 0x8B6A, 0x892C, 0x88EE,
-	0x83B0, 0x8272, 0x8034, 0x81F6, 0x84B8, 0x857A, 0x873C, 0x86FE,
-	0xA9C0, 0xA802, 0xAA44, 0xAB86, 0xAEC8, 0xAF0A, 0xAD4C, 0xAC8E,
-	0xA7D0, 0xA612, 0xA454, 0xA596, 0xA0D8, 0xA11A, 0xA35C, 0xA29E,
-	0xB5E0, 0xB422, 0xB664, 0xB7A6, 0xB2E8, 0xB32A, 0xB16C, 0xB0AE,
-	0xBBF0, 0xBA32, 0xB874, 0xB9B6, 0xBCF8, 0xBD3A, 0xBF7C, 0xBEBE };
-    /*
-     * This pre-processing phase slows down procedure by approximately
-     * same time as it makes each loop spin faster. In other words
-     * single block performance is approximately same as straightforward
-     * "4-bit" implementation, and then it goes only faster...
-     */
-    for (cnt=0; cnt<16; ++cnt) {
-	Z.hi = Htable[cnt].hi;
-	Z.lo = Htable[cnt].lo;
-	Hshr4[cnt].lo = (Z.hi<<60)|(Z.lo>>4);
-	Hshr4[cnt].hi = (Z.hi>>4);
-	Hshl4[cnt]    = (u8)(Z.lo<<4);
-    }
-
-    do {
-	for (Z.lo=0, Z.hi=0, cnt=15; cnt; --cnt) {
-		nlo  = ((const u8 *)Xi)[cnt];
-		nlo ^= inp[cnt];
-		nhi  = nlo>>4;
-		nlo &= 0xf;
-
-		Z.hi ^= Htable[nlo].hi;
-		Z.lo ^= Htable[nlo].lo;
-
-		rem = (size_t)Z.lo&0xff;
-
-		Z.lo = (Z.hi<<56)|(Z.lo>>8);
-		Z.hi = (Z.hi>>8);
-
-		Z.hi ^= Hshr4[nhi].hi;
-		Z.lo ^= Hshr4[nhi].lo;
-		Z.hi ^= (u64)rem_8bit[rem^Hshl4[nhi]]<<48;
-	}
-
-	nlo  = ((const u8 *)Xi)[0];
-	nlo ^= inp[0];
-	nhi  = nlo>>4;
-	nlo &= 0xf;
-
-	Z.hi ^= Htable[nlo].hi;
-	Z.lo ^= Htable[nlo].lo;
-
-	rem = (size_t)Z.lo&0xf;
-
-	Z.lo = (Z.hi<<60)|(Z.lo>>4);
-	Z.hi = (Z.hi>>4);
-
-	Z.hi ^= Htable[nhi].hi;
-	Z.lo ^= Htable[nhi].lo;
-	Z.hi ^= ((u64)rem_8bit[rem<<4])<<48;
-#endif
-
-	if (is_endian.little) {
-#ifdef BSWAP8
-		Xi[0] = BSWAP8(Z.hi);
-		Xi[1] = BSWAP8(Z.lo);
-#else
-		u8 *p = (u8 *)Xi;
-		u32 v;
-		v = (u32)(Z.hi>>32);	PUTU32(p,v);
-		v = (u32)(Z.hi);	PUTU32(p+4,v);
-		v = (u32)(Z.lo>>32);	PUTU32(p+8,v);
-		v = (u32)(Z.lo);	PUTU32(p+12,v);
-#endif
-	}
-	else {
-		Xi[0] = Z.hi;
-		Xi[1] = Z.lo;
-	}
-    } while (inp+=16, len-=16);
-}
-#endif
-#else
-void gcm_gmult_4bit(u64 Xi[2],const u128 Htable[16]);
-void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
-#endif
-
-#define GCM_MUL(ctx,Xi)   gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
-#if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT)
-#define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len)
-/* GHASH_CHUNK is "stride parameter" missioned to mitigate cache
- * trashing effect. In other words idea is to hash data while it's
- * still in L1 cache after encryption pass... */
-#define GHASH_CHUNK       (3*1024)
-#endif
-
-#else	/* TABLE_BITS */
-
-static void gcm_gmult_1bit(u64 Xi[2],const u64 H[2])
-{
-	u128 V,Z = { 0,0 };
-	long X;
-	int  i,j;
-	const long *xi = (const long *)Xi;
-	const union { long one; char little; } is_endian = {1};
-
-	V.hi = H[0];	/* H is in host byte order, no byte swapping */
-	V.lo = H[1];
-
-	for (j=0; j<16/sizeof(long); ++j) {
-		if (is_endian.little) {
-			if (sizeof(long)==8) {
-#ifdef BSWAP8
-				X = (long)(BSWAP8(xi[j]));
-#else
-				const u8 *p = (const u8 *)(xi+j);
-				X = (long)((u64)GETU32(p)<<32|GETU32(p+4));
-#endif
-			}
-			else {
-				const u8 *p = (const u8 *)(xi+j);
-				X = (long)GETU32(p);
-			}
-		}
-		else
-			X = xi[j];
-
-		for (i=0; i<8*sizeof(long); ++i, X<<=1) {
-			u64 M = (u64)(X>>(8*sizeof(long)-1));
-			Z.hi ^= V.hi&M;
-			Z.lo ^= V.lo&M;
-
-			REDUCE1BIT(V);
-		}
-	}
-
-	if (is_endian.little) {
-#ifdef BSWAP8
-		Xi[0] = BSWAP8(Z.hi);
-		Xi[1] = BSWAP8(Z.lo);
-#else
-		u8 *p = (u8 *)Xi;
-		u32 v;
-		v = (u32)(Z.hi>>32);	PUTU32(p,v);
-		v = (u32)(Z.hi);	PUTU32(p+4,v);
-		v = (u32)(Z.lo>>32);	PUTU32(p+8,v);
-		v = (u32)(Z.lo);	PUTU32(p+12,v);
-#endif
-	}
-	else {
-		Xi[0] = Z.hi;
-		Xi[1] = Z.lo;
-	}
-}
-#define GCM_MUL(ctx,Xi)	  gcm_gmult_1bit(ctx->Xi.u,ctx->H.u)
-
-#endif
-
-#if	TABLE_BITS==4 && (defined(GHASH_ASM) || defined(OPENSSL_CPUID_OBJ))
-# if	!defined(I386_ONLY) && \
-	(defined(__i386)	|| defined(__i386__)	|| \
-	 defined(__x86_64)	|| defined(__x86_64__)	|| \
-	 defined(_M_IX86)	|| defined(_M_AMD64)	|| defined(_M_X64))
-#  define GHASH_ASM_X86_OR_64
-#  define GCM_FUNCREF_4BIT
-extern unsigned int OPENSSL_ia32cap_P[2];
-
-void gcm_init_clmul(u128 Htable[16],const u64 Xi[2]);
-void gcm_gmult_clmul(u64 Xi[2],const u128 Htable[16]);
-void gcm_ghash_clmul(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
-
-#  if	defined(__i386) || defined(__i386__) || defined(_M_IX86)
-#   define GHASH_ASM_X86
-void gcm_gmult_4bit_mmx(u64 Xi[2],const u128 Htable[16]);
-void gcm_ghash_4bit_mmx(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
-
-void gcm_gmult_4bit_x86(u64 Xi[2],const u128 Htable[16]);
-void gcm_ghash_4bit_x86(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
-#  endif
-# elif defined(__arm__) || defined(__arm) || defined(__aarch64__)
-#  include "arm_arch.h"
-#  if __ARM_ARCH__>=7
-#   define GHASH_ASM_ARM
-#   define GCM_FUNCREF_4BIT
-#   define PMULL_CAPABLE	(OPENSSL_armcap_P & ARMV8_PMULL)
-#   if defined(__arm__) || defined(__arm)
-#    define NEON_CAPABLE	(OPENSSL_armcap_P & ARMV7_NEON)
-#   endif
-void gcm_init_neon(u128 Htable[16],const u64 Xi[2]);
-void gcm_gmult_neon(u64 Xi[2],const u128 Htable[16]);
-void gcm_ghash_neon(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
-void gcm_init_v8(u128 Htable[16],const u64 Xi[2]);
-void gcm_gmult_v8(u64 Xi[2],const u128 Htable[16]);
-void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
-#  endif
-# endif
-#endif
-
-#ifdef GCM_FUNCREF_4BIT
-# undef  GCM_MUL
-# define GCM_MUL(ctx,Xi)	(*gcm_gmult_p)(ctx->Xi.u,ctx->Htable)
-# ifdef GHASH
-#  undef  GHASH
-#  define GHASH(ctx,in,len)	(*gcm_ghash_p)(ctx->Xi.u,ctx->Htable,in,len)
-# endif
-#endif
-
-void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block)
-{
-	const union { long one; char little; } is_endian = {1};
-
-	memset(ctx,0,sizeof(*ctx));
-	ctx->block = block;
-	ctx->key   = key;
-
-	(*block)(ctx->H.c,ctx->H.c,key);
-
-	if (is_endian.little) {
-		/* H is stored in host byte order */
-#ifdef BSWAP8
-		ctx->H.u[0] = BSWAP8(ctx->H.u[0]);
-		ctx->H.u[1] = BSWAP8(ctx->H.u[1]);
-#else
-		u8 *p = ctx->H.c;
-		u64 hi,lo;
-		hi = (u64)GETU32(p)  <<32|GETU32(p+4);
-		lo = (u64)GETU32(p+8)<<32|GETU32(p+12);
-		ctx->H.u[0] = hi;
-		ctx->H.u[1] = lo;
-#endif
-	}
-
-#if	TABLE_BITS==8
-	gcm_init_8bit(ctx->Htable,ctx->H.u);
-#elif	TABLE_BITS==4
-# if	defined(GHASH_ASM_X86_OR_64)
-#  if	!defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2)
-	if (OPENSSL_ia32cap_P[0]&(1<<24) &&	/* check FXSR bit */
-	    OPENSSL_ia32cap_P[1]&(1<<1) ) {	/* check PCLMULQDQ bit */
-		gcm_init_clmul(ctx->Htable,ctx->H.u);
-		ctx->gmult = gcm_gmult_clmul;
-		ctx->ghash = gcm_ghash_clmul;
-		return;
-	}
-#  endif
-	gcm_init_4bit(ctx->Htable,ctx->H.u);
-#  if	defined(GHASH_ASM_X86)			/* x86 only */
-#   if	defined(OPENSSL_IA32_SSE2)
-	if (OPENSSL_ia32cap_P[0]&(1<<25)) {	/* check SSE bit */
-#   else
-	if (OPENSSL_ia32cap_P[0]&(1<<23)) {	/* check MMX bit */
-#   endif
-		ctx->gmult = gcm_gmult_4bit_mmx;
-		ctx->ghash = gcm_ghash_4bit_mmx;
-	} else {
-		ctx->gmult = gcm_gmult_4bit_x86;
-		ctx->ghash = gcm_ghash_4bit_x86;
-	}
-#  else
-	ctx->gmult = gcm_gmult_4bit;
-	ctx->ghash = gcm_ghash_4bit;
-#  endif
-# elif	defined(GHASH_ASM_ARM)
-#  ifdef PMULL_CAPABLE
-	if (PMULL_CAPABLE) {
-		gcm_init_v8(ctx->Htable,ctx->H.u);
-		ctx->gmult = gcm_gmult_v8;
-		ctx->ghash = gcm_ghash_v8;
-	} else
-#  endif
-#  ifdef NEON_CAPABLE
-	if (NEON_CAPABLE) {
-		gcm_init_neon(ctx->Htable,ctx->H.u);
-		ctx->gmult = gcm_gmult_neon;
-		ctx->ghash = gcm_ghash_neon;
-	} else
-#  endif
-	{
-		gcm_init_4bit(ctx->Htable,ctx->H.u);
-		ctx->gmult = gcm_gmult_4bit;
-		ctx->ghash = gcm_ghash_4bit;
-	}
-# else
-	gcm_init_4bit(ctx->Htable,ctx->H.u);
-# endif
-#endif
-}
-
-void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len)
-{
-	const union { long one; char little; } is_endian = {1};
-	unsigned int ctr;
-#ifdef GCM_FUNCREF_4BIT
-	void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])	= ctx->gmult;
-#endif
-
-	ctx->Yi.u[0]  = 0;
-	ctx->Yi.u[1]  = 0;
-	ctx->Xi.u[0]  = 0;
-	ctx->Xi.u[1]  = 0;
-	ctx->len.u[0] = 0;	/* AAD length */
-	ctx->len.u[1] = 0;	/* message length */
-	ctx->ares = 0;
-	ctx->mres = 0;
-
-	if (len==12) {
-		memcpy(ctx->Yi.c,iv,12);
-		ctx->Yi.c[15]=1;
-		ctr=1;
-	}
-	else {
-		size_t i;
-		u64 len0 = len;
-
-		while (len>=16) {
-			for (i=0; i<16; ++i) ctx->Yi.c[i] ^= iv[i];
-			GCM_MUL(ctx,Yi);
-			iv += 16;
-			len -= 16;
-		}
-		if (len) {
-			for (i=0; i<len; ++i) ctx->Yi.c[i] ^= iv[i];
-			GCM_MUL(ctx,Yi);
-		}
-		len0 <<= 3;
-		if (is_endian.little) {
-#ifdef BSWAP8
-			ctx->Yi.u[1]  ^= BSWAP8(len0);
-#else
-			ctx->Yi.c[8]  ^= (u8)(len0>>56);
-			ctx->Yi.c[9]  ^= (u8)(len0>>48);
-			ctx->Yi.c[10] ^= (u8)(len0>>40);
-			ctx->Yi.c[11] ^= (u8)(len0>>32);
-			ctx->Yi.c[12] ^= (u8)(len0>>24);
-			ctx->Yi.c[13] ^= (u8)(len0>>16);
-			ctx->Yi.c[14] ^= (u8)(len0>>8);
-			ctx->Yi.c[15] ^= (u8)(len0);
-#endif
-		}
-		else
-			ctx->Yi.u[1]  ^= len0;
-
-		GCM_MUL(ctx,Yi);
-
-		if (is_endian.little)
-#ifdef BSWAP4
-			ctr = BSWAP4(ctx->Yi.d[3]);
-#else
-			ctr = GETU32(ctx->Yi.c+12);
-#endif
-		else
-			ctr = ctx->Yi.d[3];
-	}
-
-	(*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key);
-	++ctr;
-	if (is_endian.little)
-#ifdef BSWAP4
-		ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-		PUTU32(ctx->Yi.c+12,ctr);
-#endif
-	else
-		ctx->Yi.d[3] = ctr;
-}
-
-int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx,const unsigned char *aad,size_t len)
-{
-	size_t i;
-	unsigned int n;
-	u64 alen = ctx->len.u[0];
-#ifdef GCM_FUNCREF_4BIT
-	void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])	= ctx->gmult;
-# ifdef GHASH
-	void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
-				const u8 *inp,size_t len)	= ctx->ghash;
-# endif
-#endif
-
-	if (ctx->len.u[1]) return -2;
-
-	alen += len;
-	if (alen>(U64(1)<<61) || (sizeof(len)==8 && alen<len))
-		return -1;
-	ctx->len.u[0] = alen;
-
-	n = ctx->ares;
-	if (n) {
-		while (n && len) {
-			ctx->Xi.c[n] ^= *(aad++);
-			--len;
-			n = (n+1)%16;
-		}
-		if (n==0) GCM_MUL(ctx,Xi);
-		else {
-			ctx->ares = n;
-			return 0;
-		}
-	}
-
-#ifdef GHASH
-	if ((i = (len&(size_t)-16))) {
-		GHASH(ctx,aad,i);
-		aad += i;
-		len -= i;
-	}
-#else
-	while (len>=16) {
-		for (i=0; i<16; ++i) ctx->Xi.c[i] ^= aad[i];
-		GCM_MUL(ctx,Xi);
-		aad += 16;
-		len -= 16;
-	}
-#endif
-	if (len) {
-		n = (unsigned int)len;
-		for (i=0; i<len; ++i) ctx->Xi.c[i] ^= aad[i];
-	}
-
-	ctx->ares = n;
-	return 0;
-}
-
-int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
-		const unsigned char *in, unsigned char *out,
-		size_t len)
-{
-	const union { long one; char little; } is_endian = {1};
-	unsigned int n, ctr;
-	size_t i;
-	u64        mlen  = ctx->len.u[1];
-	block128_f block = ctx->block;
-	void      *key   = ctx->key;
-#ifdef GCM_FUNCREF_4BIT
-	void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])	= ctx->gmult;
-# ifdef GHASH
-	void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
-				const u8 *inp,size_t len)	= ctx->ghash;
-# endif
-#endif
-
-#if 0
-	n = (unsigned int)mlen%16; /* alternative to ctx->mres */
-#endif
-	mlen += len;
-	if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
-		return -1;
-	ctx->len.u[1] = mlen;
-
-	if (ctx->ares) {
-		/* First call to encrypt finalizes GHASH(AAD) */
-		GCM_MUL(ctx,Xi);
-		ctx->ares = 0;
-	}
-
-	if (is_endian.little)
-#ifdef BSWAP4
-		ctr = BSWAP4(ctx->Yi.d[3]);
-#else
-		ctr = GETU32(ctx->Yi.c+12);
-#endif
-	else
-		ctr = ctx->Yi.d[3];
-
-	n = ctx->mres;
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-	if (16%sizeof(size_t) == 0) do {	/* always true actually */
-		if (n) {
-			while (n && len) {
-				ctx->Xi.c[n] ^= *(out++) = *(in++)^ctx->EKi.c[n];
-				--len;
-				n = (n+1)%16;
-			}
-			if (n==0) GCM_MUL(ctx,Xi);
-			else {
-				ctx->mres = n;
-				return 0;
-			}
-		}
-#if defined(STRICT_ALIGNMENT)
-		if (((size_t)in|(size_t)out)%sizeof(size_t) != 0)
-			break;
-#endif
-#if defined(GHASH) && defined(GHASH_CHUNK)
-		while (len>=GHASH_CHUNK) {
-		    size_t j=GHASH_CHUNK;
-
-		    while (j) {
-		    	size_t *out_t=(size_t *)out;
-		    	const size_t *in_t=(const size_t *)in;
-
-			(*block)(ctx->Yi.c,ctx->EKi.c,key);
-			++ctr;
-			if (is_endian.little)
-#ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-				PUTU32(ctx->Yi.c+12,ctr);
-#endif
-			else
-				ctx->Yi.d[3] = ctr;
-			for (i=0; i<16/sizeof(size_t); ++i)
-				out_t[i] = in_t[i] ^ ctx->EKi.t[i];
-			out += 16;
-			in  += 16;
-			j   -= 16;
-		    }
-		    GHASH(ctx,out-GHASH_CHUNK,GHASH_CHUNK);
-		    len -= GHASH_CHUNK;
-		}
-		if ((i = (len&(size_t)-16))) {
-		    size_t j=i;
-
-		    while (len>=16) {
-		    	size_t *out_t=(size_t *)out;
-		    	const size_t *in_t=(const size_t *)in;
-
-			(*block)(ctx->Yi.c,ctx->EKi.c,key);
-			++ctr;
-			if (is_endian.little)
-#ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-				PUTU32(ctx->Yi.c+12,ctr);
-#endif
-			else
-				ctx->Yi.d[3] = ctr;
-			for (i=0; i<16/sizeof(size_t); ++i)
-				out_t[i] = in_t[i] ^ ctx->EKi.t[i];
-			out += 16;
-			in  += 16;
-			len -= 16;
-		    }
-		    GHASH(ctx,out-j,j);
-		}
-#else
-		while (len>=16) {
-		    	size_t *out_t=(size_t *)out;
-		    	const size_t *in_t=(const size_t *)in;
-
-			(*block)(ctx->Yi.c,ctx->EKi.c,key);
-			++ctr;
-			if (is_endian.little)
-#ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-				PUTU32(ctx->Yi.c+12,ctr);
-#endif
-			else
-				ctx->Yi.d[3] = ctr;
-			for (i=0; i<16/sizeof(size_t); ++i)
-				ctx->Xi.t[i] ^=
-				out_t[i] = in_t[i]^ctx->EKi.t[i];
-			GCM_MUL(ctx,Xi);
-			out += 16;
-			in  += 16;
-			len -= 16;
-		}
-#endif
-		if (len) {
-			(*block)(ctx->Yi.c,ctx->EKi.c,key);
-			++ctr;
-			if (is_endian.little)
-#ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-				PUTU32(ctx->Yi.c+12,ctr);
-#endif
-			else
-				ctx->Yi.d[3] = ctr;
-			while (len--) {
-				ctx->Xi.c[n] ^= out[n] = in[n]^ctx->EKi.c[n];
-				++n;
-			}
-		}
-
-		ctx->mres = n;
-		return 0;
-	} while(0);
-#endif
-	for (i=0;i<len;++i) {
-		if (n==0) {
-			(*block)(ctx->Yi.c,ctx->EKi.c,key);
-			++ctr;
-			if (is_endian.little)
-#ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-				PUTU32(ctx->Yi.c+12,ctr);
-#endif
-			else
-				ctx->Yi.d[3] = ctr;
-		}
-		ctx->Xi.c[n] ^= out[i] = in[i]^ctx->EKi.c[n];
-		n = (n+1)%16;
-		if (n==0)
-			GCM_MUL(ctx,Xi);
-	}
-
-	ctx->mres = n;
-	return 0;
-}
-
-int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
-		const unsigned char *in, unsigned char *out,
-		size_t len)
-{
-	const union { long one; char little; } is_endian = {1};
-	unsigned int n, ctr;
-	size_t i;
-	u64        mlen  = ctx->len.u[1];
-	block128_f block = ctx->block;
-	void      *key   = ctx->key;
-#ifdef GCM_FUNCREF_4BIT
-	void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])	= ctx->gmult;
-# ifdef GHASH
-	void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
-				const u8 *inp,size_t len)	= ctx->ghash;
-# endif
-#endif
-
-	mlen += len;
-	if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
-		return -1;
-	ctx->len.u[1] = mlen;
-
-	if (ctx->ares) {
-		/* First call to decrypt finalizes GHASH(AAD) */
-		GCM_MUL(ctx,Xi);
-		ctx->ares = 0;
-	}
-
-	if (is_endian.little)
-#ifdef BSWAP4
-		ctr = BSWAP4(ctx->Yi.d[3]);
-#else
-		ctr = GETU32(ctx->Yi.c+12);
-#endif
-	else
-		ctr = ctx->Yi.d[3];
-
-	n = ctx->mres;
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-	if (16%sizeof(size_t) == 0) do {	/* always true actually */
-		if (n) {
-			while (n && len) {
-				u8 c = *(in++);
-				*(out++) = c^ctx->EKi.c[n];
-				ctx->Xi.c[n] ^= c;
-				--len;
-				n = (n+1)%16;
-			}
-			if (n==0) GCM_MUL (ctx,Xi);
-			else {
-				ctx->mres = n;
-				return 0;
-			}
-		}
-#if defined(STRICT_ALIGNMENT)
-		if (((size_t)in|(size_t)out)%sizeof(size_t) != 0)
-			break;
-#endif
-#if defined(GHASH) && defined(GHASH_CHUNK)
-		while (len>=GHASH_CHUNK) {
-		    size_t j=GHASH_CHUNK;
-
-		    GHASH(ctx,in,GHASH_CHUNK);
-		    while (j) {
-		    	size_t *out_t=(size_t *)out;
-		    	const size_t *in_t=(const size_t *)in;
-
-			(*block)(ctx->Yi.c,ctx->EKi.c,key);
-			++ctr;
-			if (is_endian.little)
-#ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-				PUTU32(ctx->Yi.c+12,ctr);
-#endif
-			else
-				ctx->Yi.d[3] = ctr;
-			for (i=0; i<16/sizeof(size_t); ++i)
-				out_t[i] = in_t[i]^ctx->EKi.t[i];
-			out += 16;
-			in  += 16;
-			j   -= 16;
-		    }
-		    len -= GHASH_CHUNK;
-		}
-		if ((i = (len&(size_t)-16))) {
-		    GHASH(ctx,in,i);
-		    while (len>=16) {
-		    	size_t *out_t=(size_t *)out;
-		    	const size_t *in_t=(const size_t *)in;
-
-			(*block)(ctx->Yi.c,ctx->EKi.c,key);
-			++ctr;
-			if (is_endian.little)
-#ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-				PUTU32(ctx->Yi.c+12,ctr);
-#endif
-			else
-				ctx->Yi.d[3] = ctr;
-			for (i=0; i<16/sizeof(size_t); ++i)
-				out_t[i] = in_t[i]^ctx->EKi.t[i];
-			out += 16;
-			in  += 16;
-			len -= 16;
-		    }
-		}
-#else
-		while (len>=16) {
-		    	size_t *out_t=(size_t *)out;
-		    	const size_t *in_t=(const size_t *)in;
-
-			(*block)(ctx->Yi.c,ctx->EKi.c,key);
-			++ctr;
-			if (is_endian.little)
-#ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-				PUTU32(ctx->Yi.c+12,ctr);
-#endif
-			else
-				ctx->Yi.d[3] = ctr;
-			for (i=0; i<16/sizeof(size_t); ++i) {
-				size_t c = in[i];
-				out[i] = c^ctx->EKi.t[i];
-				ctx->Xi.t[i] ^= c;
-			}
-			GCM_MUL(ctx,Xi);
-			out += 16;
-			in  += 16;
-			len -= 16;
-		}
-#endif
-		if (len) {
-			(*block)(ctx->Yi.c,ctx->EKi.c,key);
-			++ctr;
-			if (is_endian.little)
-#ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-				PUTU32(ctx->Yi.c+12,ctr);
-#endif
-			else
-				ctx->Yi.d[3] = ctr;
-			while (len--) {
-				u8 c = in[n];
-				ctx->Xi.c[n] ^= c;
-				out[n] = c^ctx->EKi.c[n];
-				++n;
-			}
-		}
-
-		ctx->mres = n;
-		return 0;
-	} while(0);
-#endif
-	for (i=0;i<len;++i) {
-		u8 c;
-		if (n==0) {
-			(*block)(ctx->Yi.c,ctx->EKi.c,key);
-			++ctr;
-			if (is_endian.little)
-#ifdef BSWAP4
-				ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-				PUTU32(ctx->Yi.c+12,ctr);
-#endif
-			else
-				ctx->Yi.d[3] = ctr;
-		}
-		c = in[i];
-		out[i] = c^ctx->EKi.c[n];
-		ctx->Xi.c[n] ^= c;
-		n = (n+1)%16;
-		if (n==0)
-			GCM_MUL(ctx,Xi);
-	}
-
-	ctx->mres = n;
-	return 0;
-}
-
-int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
-		const unsigned char *in, unsigned char *out,
-		size_t len, ctr128_f stream)
-{
-	const union { long one; char little; } is_endian = {1};
-	unsigned int n, ctr;
-	size_t i;
-	u64   mlen = ctx->len.u[1];
-	void *key  = ctx->key;
-#ifdef GCM_FUNCREF_4BIT
-	void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])	= ctx->gmult;
-# ifdef GHASH
-	void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
-				const u8 *inp,size_t len)	= ctx->ghash;
-# endif
-#endif
-
-	mlen += len;
-	if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
-		return -1;
-	ctx->len.u[1] = mlen;
-
-	if (ctx->ares) {
-		/* First call to encrypt finalizes GHASH(AAD) */
-		GCM_MUL(ctx,Xi);
-		ctx->ares = 0;
-	}
-
-	if (is_endian.little)
-#ifdef BSWAP4
-		ctr = BSWAP4(ctx->Yi.d[3]);
-#else
-		ctr = GETU32(ctx->Yi.c+12);
-#endif
-	else
-		ctr = ctx->Yi.d[3];
-
-	n = ctx->mres;
-	if (n) {
-		while (n && len) {
-			ctx->Xi.c[n] ^= *(out++) = *(in++)^ctx->EKi.c[n];
-			--len;
-			n = (n+1)%16;
-		}
-		if (n==0) GCM_MUL(ctx,Xi);
-		else {
-			ctx->mres = n;
-			return 0;
-		}
-	}
-#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
-	while (len>=GHASH_CHUNK) {
-		(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
-		ctr += GHASH_CHUNK/16;
-		if (is_endian.little)
-#ifdef BSWAP4
-			ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-			PUTU32(ctx->Yi.c+12,ctr);
-#endif
-		else
-			ctx->Yi.d[3] = ctr;
-		GHASH(ctx,out,GHASH_CHUNK);
-		out += GHASH_CHUNK;
-		in  += GHASH_CHUNK;
-		len -= GHASH_CHUNK;
-	}
-#endif
-	if ((i = (len&(size_t)-16))) {
-		size_t j=i/16;
-
-		(*stream)(in,out,j,key,ctx->Yi.c);
-		ctr += (unsigned int)j;
-		if (is_endian.little)
-#ifdef BSWAP4
-			ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-			PUTU32(ctx->Yi.c+12,ctr);
-#endif
-		else
-			ctx->Yi.d[3] = ctr;
-		in  += i;
-		len -= i;
-#if defined(GHASH)
-		GHASH(ctx,out,i);
-		out += i;
-#else
-		while (j--) {
-			for (i=0;i<16;++i) ctx->Xi.c[i] ^= out[i];
-			GCM_MUL(ctx,Xi);
-			out += 16;
-		}
-#endif
-	}
-	if (len) {
-		(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
-		++ctr;
-		if (is_endian.little)
-#ifdef BSWAP4
-			ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-			PUTU32(ctx->Yi.c+12,ctr);
-#endif
-		else
-			ctx->Yi.d[3] = ctr;
-		while (len--) {
-			ctx->Xi.c[n] ^= out[n] = in[n]^ctx->EKi.c[n];
-			++n;
-		}
-	}
-
-	ctx->mres = n;
-	return 0;
-}
-
-int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
-		const unsigned char *in, unsigned char *out,
-		size_t len,ctr128_f stream)
-{
-	const union { long one; char little; } is_endian = {1};
-	unsigned int n, ctr;
-	size_t i;
-	u64   mlen = ctx->len.u[1];
-	void *key  = ctx->key;
-#ifdef GCM_FUNCREF_4BIT
-	void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])	= ctx->gmult;
-# ifdef GHASH
-	void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
-				const u8 *inp,size_t len)	= ctx->ghash;
-# endif
-#endif
-
-	mlen += len;
-	if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
-		return -1;
-	ctx->len.u[1] = mlen;
-
-	if (ctx->ares) {
-		/* First call to decrypt finalizes GHASH(AAD) */
-		GCM_MUL(ctx,Xi);
-		ctx->ares = 0;
-	}
-
-	if (is_endian.little)
-#ifdef BSWAP4
-		ctr = BSWAP4(ctx->Yi.d[3]);
-#else
-		ctr = GETU32(ctx->Yi.c+12);
-#endif
-	else
-		ctr = ctx->Yi.d[3];
-
-	n = ctx->mres;
-	if (n) {
-		while (n && len) {
-			u8 c = *(in++);
-			*(out++) = c^ctx->EKi.c[n];
-			ctx->Xi.c[n] ^= c;
-			--len;
-			n = (n+1)%16;
-		}
-		if (n==0) GCM_MUL (ctx,Xi);
-		else {
-			ctx->mres = n;
-			return 0;
-		}
-	}
-#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
-	while (len>=GHASH_CHUNK) {
-		GHASH(ctx,in,GHASH_CHUNK);
-		(*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c);
-		ctr += GHASH_CHUNK/16;
-		if (is_endian.little)
-#ifdef BSWAP4
-			ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-			PUTU32(ctx->Yi.c+12,ctr);
-#endif
-		else
-			ctx->Yi.d[3] = ctr;
-		out += GHASH_CHUNK;
-		in  += GHASH_CHUNK;
-		len -= GHASH_CHUNK;
-	}
-#endif
-	if ((i = (len&(size_t)-16))) {
-		size_t j=i/16;
-
-#if defined(GHASH)
-		GHASH(ctx,in,i);
-#else
-		while (j--) {
-			size_t k;
-			for (k=0;k<16;++k) ctx->Xi.c[k] ^= in[k];
-			GCM_MUL(ctx,Xi);
-			in += 16;
-		}
-		j   = i/16;
-		in -= i;
-#endif
-		(*stream)(in,out,j,key,ctx->Yi.c);
-		ctr += (unsigned int)j;
-		if (is_endian.little)
-#ifdef BSWAP4
-			ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-			PUTU32(ctx->Yi.c+12,ctr);
-#endif
-		else
-			ctx->Yi.d[3] = ctr;
-		out += i;
-		in  += i;
-		len -= i;
-	}
-	if (len) {
-		(*ctx->block)(ctx->Yi.c,ctx->EKi.c,key);
-		++ctr;
-		if (is_endian.little)
-#ifdef BSWAP4
-			ctx->Yi.d[3] = BSWAP4(ctr);
-#else
-			PUTU32(ctx->Yi.c+12,ctr);
-#endif
-		else
-			ctx->Yi.d[3] = ctr;
-		while (len--) {
-			u8 c = in[n];
-			ctx->Xi.c[n] ^= c;
-			out[n] = c^ctx->EKi.c[n];
-			++n;
-		}
-	}
-
-	ctx->mres = n;
-	return 0;
-}
-
-int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
-			size_t len)
-{
-	const union { long one; char little; } is_endian = {1};
-	u64 alen = ctx->len.u[0]<<3;
-	u64 clen = ctx->len.u[1]<<3;
-#ifdef GCM_FUNCREF_4BIT
-	void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])	= ctx->gmult;
-#endif
-
-	if (ctx->mres || ctx->ares)
-		GCM_MUL(ctx,Xi);
-
-	if (is_endian.little) {
-#ifdef BSWAP8
-		alen = BSWAP8(alen);
-		clen = BSWAP8(clen);
-#else
-		u8 *p = ctx->len.c;
-
-		ctx->len.u[0] = alen;
-		ctx->len.u[1] = clen;
-
-		alen = (u64)GETU32(p)  <<32|GETU32(p+4);
-		clen = (u64)GETU32(p+8)<<32|GETU32(p+12);
-#endif
-	}
-
-	ctx->Xi.u[0] ^= alen;
-	ctx->Xi.u[1] ^= clen;
-	GCM_MUL(ctx,Xi);
-
-	ctx->Xi.u[0] ^= ctx->EK0.u[0];
-	ctx->Xi.u[1] ^= ctx->EK0.u[1];
-
-	if (tag && len<=sizeof(ctx->Xi))
-		return memcmp(ctx->Xi.c,tag,len);
-	else
-		return -1;
-}
-
-void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
-{
-	CRYPTO_gcm128_finish(ctx, NULL, 0);
-	memcpy(tag, ctx->Xi.c, len<=sizeof(ctx->Xi.c)?len:sizeof(ctx->Xi.c));
-}
-
-GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block)
-{
-	GCM128_CONTEXT *ret;
-
-	if ((ret = (GCM128_CONTEXT *)OPENSSL_malloc(sizeof(GCM128_CONTEXT))))
-		CRYPTO_gcm128_init(ret,key,block);
-
-	return ret;
-}
-
-void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx)
-{
-	if (ctx) {
-		OPENSSL_cleanse(ctx,sizeof(*ctx));
-		OPENSSL_free(ctx);
-	}
-}
-
-#if defined(SELFTEST)
-#include <stdio.h>
-#include <openssl/aes.h>
-
-/* Test Case 1 */
-static const u8	K1[16],
-		*P1=NULL,
-		*A1=NULL,
-		IV1[12],
-		*C1=NULL,
-		T1[]=  {0x58,0xe2,0xfc,0xce,0xfa,0x7e,0x30,0x61,0x36,0x7f,0x1d,0x57,0xa4,0xe7,0x45,0x5a};
-
-/* Test Case 2 */
-#define K2 K1
-#define A2 A1
-#define IV2 IV1
-static const u8	P2[16],
-		C2[]=  {0x03,0x88,0xda,0xce,0x60,0xb6,0xa3,0x92,0xf3,0x28,0xc2,0xb9,0x71,0xb2,0xfe,0x78},
-		T2[]=  {0xab,0x6e,0x47,0xd4,0x2c,0xec,0x13,0xbd,0xf5,0x3a,0x67,0xb2,0x12,0x57,0xbd,0xdf};
-
-/* Test Case 3 */
-#define A3 A2
-static const u8	K3[]=  {0xfe,0xff,0xe9,0x92,0x86,0x65,0x73,0x1c,0x6d,0x6a,0x8f,0x94,0x67,0x30,0x83,0x08},
-		P3[]=  {0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a,
-			0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72,
-			0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25,
-			0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39,0x1a,0xaf,0xd2,0x55},
-		IV3[]= {0xca,0xfe,0xba,0xbe,0xfa,0xce,0xdb,0xad,0xde,0xca,0xf8,0x88},
-		C3[]=  {0x42,0x83,0x1e,0xc2,0x21,0x77,0x74,0x24,0x4b,0x72,0x21,0xb7,0x84,0xd0,0xd4,0x9c,
-			0xe3,0xaa,0x21,0x2f,0x2c,0x02,0xa4,0xe0,0x35,0xc1,0x7e,0x23,0x29,0xac,0xa1,0x2e,
-			0x21,0xd5,0x14,0xb2,0x54,0x66,0x93,0x1c,0x7d,0x8f,0x6a,0x5a,0xac,0x84,0xaa,0x05,
-			0x1b,0xa3,0x0b,0x39,0x6a,0x0a,0xac,0x97,0x3d,0x58,0xe0,0x91,0x47,0x3f,0x59,0x85},
-		T3[]=  {0x4d,0x5c,0x2a,0xf3,0x27,0xcd,0x64,0xa6,0x2c,0xf3,0x5a,0xbd,0x2b,0xa6,0xfa,0xb4};
-
-/* Test Case 4 */
-#define K4 K3
-#define IV4 IV3
-static const u8	P4[]=  {0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a,
-			0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72,
-			0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25,
-			0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39},
-		A4[]=  {0xfe,0xed,0xfa,0xce,0xde,0xad,0xbe,0xef,0xfe,0xed,0xfa,0xce,0xde,0xad,0xbe,0xef,
-			0xab,0xad,0xda,0xd2},
-		C4[]=  {0x42,0x83,0x1e,0xc2,0x21,0x77,0x74,0x24,0x4b,0x72,0x21,0xb7,0x84,0xd0,0xd4,0x9c,
-			0xe3,0xaa,0x21,0x2f,0x2c,0x02,0xa4,0xe0,0x35,0xc1,0x7e,0x23,0x29,0xac,0xa1,0x2e,
-			0x21,0xd5,0x14,0xb2,0x54,0x66,0x93,0x1c,0x7d,0x8f,0x6a,0x5a,0xac,0x84,0xaa,0x05,
-			0x1b,0xa3,0x0b,0x39,0x6a,0x0a,0xac,0x97,0x3d,0x58,0xe0,0x91},
-		T4[]=  {0x5b,0xc9,0x4f,0xbc,0x32,0x21,0xa5,0xdb,0x94,0xfa,0xe9,0x5a,0xe7,0x12,0x1a,0x47};
-
-/* Test Case 5 */
-#define K5 K4
-#define P5 P4
-#define A5 A4
-static const u8	IV5[]= {0xca,0xfe,0xba,0xbe,0xfa,0xce,0xdb,0xad},
-		C5[]=  {0x61,0x35,0x3b,0x4c,0x28,0x06,0x93,0x4a,0x77,0x7f,0xf5,0x1f,0xa2,0x2a,0x47,0x55,
-			0x69,0x9b,0x2a,0x71,0x4f,0xcd,0xc6,0xf8,0x37,0x66,0xe5,0xf9,0x7b,0x6c,0x74,0x23,
-			0x73,0x80,0x69,0x00,0xe4,0x9f,0x24,0xb2,0x2b,0x09,0x75,0x44,0xd4,0x89,0x6b,0x42,
-			0x49,0x89,0xb5,0xe1,0xeb,0xac,0x0f,0x07,0xc2,0x3f,0x45,0x98},
-		T5[]=  {0x36,0x12,0xd2,0xe7,0x9e,0x3b,0x07,0x85,0x56,0x1b,0xe1,0x4a,0xac,0xa2,0xfc,0xcb};
-
-/* Test Case 6 */
-#define K6 K5
-#define P6 P5
-#define A6 A5
-static const u8	IV6[]= {0x93,0x13,0x22,0x5d,0xf8,0x84,0x06,0xe5,0x55,0x90,0x9c,0x5a,0xff,0x52,0x69,0xaa,
-			0x6a,0x7a,0x95,0x38,0x53,0x4f,0x7d,0xa1,0xe4,0xc3,0x03,0xd2,0xa3,0x18,0xa7,0x28,
-			0xc3,0xc0,0xc9,0x51,0x56,0x80,0x95,0x39,0xfc,0xf0,0xe2,0x42,0x9a,0x6b,0x52,0x54,
-			0x16,0xae,0xdb,0xf5,0xa0,0xde,0x6a,0x57,0xa6,0x37,0xb3,0x9b},
-		C6[]=  {0x8c,0xe2,0x49,0x98,0x62,0x56,0x15,0xb6,0x03,0xa0,0x33,0xac,0xa1,0x3f,0xb8,0x94,
-			0xbe,0x91,0x12,0xa5,0xc3,0xa2,0x11,0xa8,0xba,0x26,0x2a,0x3c,0xca,0x7e,0x2c,0xa7,
-			0x01,0xe4,0xa9,0xa4,0xfb,0xa4,0x3c,0x90,0xcc,0xdc,0xb2,0x81,0xd4,0x8c,0x7c,0x6f,
-			0xd6,0x28,0x75,0xd2,0xac,0xa4,0x17,0x03,0x4c,0x34,0xae,0xe5},
-		T6[]=  {0x61,0x9c,0xc5,0xae,0xff,0xfe,0x0b,0xfa,0x46,0x2a,0xf4,0x3c,0x16,0x99,0xd0,0x50};
-
-/* Test Case 7 */
-static const u8 K7[24],
-		*P7=NULL,
-		*A7=NULL,
-		IV7[12],
-		*C7=NULL,
-		T7[]=  {0xcd,0x33,0xb2,0x8a,0xc7,0x73,0xf7,0x4b,0xa0,0x0e,0xd1,0xf3,0x12,0x57,0x24,0x35};
-
-/* Test Case 8 */
-#define K8 K7
-#define IV8 IV7
-#define A8 A7
-static const u8	P8[16],
-		C8[]=  {0x98,0xe7,0x24,0x7c,0x07,0xf0,0xfe,0x41,0x1c,0x26,0x7e,0x43,0x84,0xb0,0xf6,0x00},
-		T8[]=  {0x2f,0xf5,0x8d,0x80,0x03,0x39,0x27,0xab,0x8e,0xf4,0xd4,0x58,0x75,0x14,0xf0,0xfb};
-
-/* Test Case 9 */
-#define A9 A8
-static const u8	K9[]=  {0xfe,0xff,0xe9,0x92,0x86,0x65,0x73,0x1c,0x6d,0x6a,0x8f,0x94,0x67,0x30,0x83,0x08,
-			0xfe,0xff,0xe9,0x92,0x86,0x65,0x73,0x1c},
-		P9[]=  {0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a,
-			0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72,
-			0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25,
-			0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39,0x1a,0xaf,0xd2,0x55},
-		IV9[]= {0xca,0xfe,0xba,0xbe,0xfa,0xce,0xdb,0xad,0xde,0xca,0xf8,0x88},
-		C9[]=  {0x39,0x80,0xca,0x0b,0x3c,0x00,0xe8,0x41,0xeb,0x06,0xfa,0xc4,0x87,0x2a,0x27,0x57,
-			0x85,0x9e,0x1c,0xea,0xa6,0xef,0xd9,0x84,0x62,0x85,0x93,0xb4,0x0c,0xa1,0xe1,0x9c,
-			0x7d,0x77,0x3d,0x00,0xc1,0x44,0xc5,0x25,0xac,0x61,0x9d,0x18,0xc8,0x4a,0x3f,0x47,
-			0x18,0xe2,0x44,0x8b,0x2f,0xe3,0x24,0xd9,0xcc,0xda,0x27,0x10,0xac,0xad,0xe2,0x56},
-		T9[]=  {0x99,0x24,0xa7,0xc8,0x58,0x73,0x36,0xbf,0xb1,0x18,0x02,0x4d,0xb8,0x67,0x4a,0x14};
-
-/* Test Case 10 */
-#define K10 K9
-#define IV10 IV9
-static const u8	P10[]= {0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a,
-			0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72,
-			0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25,
-			0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39},
-		A10[]= {0xfe,0xed,0xfa,0xce,0xde,0xad,0xbe,0xef,0xfe,0xed,0xfa,0xce,0xde,0xad,0xbe,0xef,
-			0xab,0xad,0xda,0xd2},
-		C10[]= {0x39,0x80,0xca,0x0b,0x3c,0x00,0xe8,0x41,0xeb,0x06,0xfa,0xc4,0x87,0x2a,0x27,0x57,
-			0x85,0x9e,0x1c,0xea,0xa6,0xef,0xd9,0x84,0x62,0x85,0x93,0xb4,0x0c,0xa1,0xe1,0x9c,
-			0x7d,0x77,0x3d,0x00,0xc1,0x44,0xc5,0x25,0xac,0x61,0x9d,0x18,0xc8,0x4a,0x3f,0x47,
-			0x18,0xe2,0x44,0x8b,0x2f,0xe3,0x24,0xd9,0xcc,0xda,0x27,0x10},
-		T10[]= {0x25,0x19,0x49,0x8e,0x80,0xf1,0x47,0x8f,0x37,0xba,0x55,0xbd,0x6d,0x27,0x61,0x8c};
-
-/* Test Case 11 */
-#define K11 K10
-#define P11 P10
-#define A11 A10
-static const u8	IV11[]={0xca,0xfe,0xba,0xbe,0xfa,0xce,0xdb,0xad},
-		C11[]= {0x0f,0x10,0xf5,0x99,0xae,0x14,0xa1,0x54,0xed,0x24,0xb3,0x6e,0x25,0x32,0x4d,0xb8,
-			0xc5,0x66,0x63,0x2e,0xf2,0xbb,0xb3,0x4f,0x83,0x47,0x28,0x0f,0xc4,0x50,0x70,0x57,
-			0xfd,0xdc,0x29,0xdf,0x9a,0x47,0x1f,0x75,0xc6,0x65,0x41,0xd4,0xd4,0xda,0xd1,0xc9,
-			0xe9,0x3a,0x19,0xa5,0x8e,0x8b,0x47,0x3f,0xa0,0xf0,0x62,0xf7},
-		T11[]= {0x65,0xdc,0xc5,0x7f,0xcf,0x62,0x3a,0x24,0x09,0x4f,0xcc,0xa4,0x0d,0x35,0x33,0xf8};
-
-/* Test Case 12 */
-#define K12 K11
-#define P12 P11
-#define A12 A11
-static const u8	IV12[]={0x93,0x13,0x22,0x5d,0xf8,0x84,0x06,0xe5,0x55,0x90,0x9c,0x5a,0xff,0x52,0x69,0xaa,
-			0x6a,0x7a,0x95,0x38,0x53,0x4f,0x7d,0xa1,0xe4,0xc3,0x03,0xd2,0xa3,0x18,0xa7,0x28,
-			0xc3,0xc0,0xc9,0x51,0x56,0x80,0x95,0x39,0xfc,0xf0,0xe2,0x42,0x9a,0x6b,0x52,0x54,
-			0x16,0xae,0xdb,0xf5,0xa0,0xde,0x6a,0x57,0xa6,0x37,0xb3,0x9b},
-		C12[]= {0xd2,0x7e,0x88,0x68,0x1c,0xe3,0x24,0x3c,0x48,0x30,0x16,0x5a,0x8f,0xdc,0xf9,0xff,
-			0x1d,0xe9,0xa1,0xd8,0xe6,0xb4,0x47,0xef,0x6e,0xf7,0xb7,0x98,0x28,0x66,0x6e,0x45,
-			0x81,0xe7,0x90,0x12,0xaf,0x34,0xdd,0xd9,0xe2,0xf0,0x37,0x58,0x9b,0x29,0x2d,0xb3,
-			0xe6,0x7c,0x03,0x67,0x45,0xfa,0x22,0xe7,0xe9,0xb7,0x37,0x3b},
-		T12[]= {0xdc,0xf5,0x66,0xff,0x29,0x1c,0x25,0xbb,0xb8,0x56,0x8f,0xc3,0xd3,0x76,0xa6,0xd9};
-
-/* Test Case 13 */
-static const u8	K13[32],
-		*P13=NULL,
-		*A13=NULL,
-		IV13[12],
-		*C13=NULL,
-		T13[]={0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9,0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b};
-
-/* Test Case 14 */
-#define K14 K13
-#define A14 A13
-static const u8	P14[16],
-		IV14[12],
-		C14[]= {0xce,0xa7,0x40,0x3d,0x4d,0x60,0x6b,0x6e,0x07,0x4e,0xc5,0xd3,0xba,0xf3,0x9d,0x18},
-		T14[]= {0xd0,0xd1,0xc8,0xa7,0x99,0x99,0x6b,0xf0,0x26,0x5b,0x98,0xb5,0xd4,0x8a,0xb9,0x19};
-
-/* Test Case 15 */
-#define A15 A14
-static const u8	K15[]= {0xfe,0xff,0xe9,0x92,0x86,0x65,0x73,0x1c,0x6d,0x6a,0x8f,0x94,0x67,0x30,0x83,0x08,
-			0xfe,0xff,0xe9,0x92,0x86,0x65,0x73,0x1c,0x6d,0x6a,0x8f,0x94,0x67,0x30,0x83,0x08},
-		P15[]= {0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a,
-			0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72,
-			0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25,
-			0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39,0x1a,0xaf,0xd2,0x55},
-		IV15[]={0xca,0xfe,0xba,0xbe,0xfa,0xce,0xdb,0xad,0xde,0xca,0xf8,0x88},
-		C15[]= {0x52,0x2d,0xc1,0xf0,0x99,0x56,0x7d,0x07,0xf4,0x7f,0x37,0xa3,0x2a,0x84,0x42,0x7d,
-			0x64,0x3a,0x8c,0xdc,0xbf,0xe5,0xc0,0xc9,0x75,0x98,0xa2,0xbd,0x25,0x55,0xd1,0xaa,
-			0x8c,0xb0,0x8e,0x48,0x59,0x0d,0xbb,0x3d,0xa7,0xb0,0x8b,0x10,0x56,0x82,0x88,0x38,
-			0xc5,0xf6,0x1e,0x63,0x93,0xba,0x7a,0x0a,0xbc,0xc9,0xf6,0x62,0x89,0x80,0x15,0xad},
-		T15[]= {0xb0,0x94,0xda,0xc5,0xd9,0x34,0x71,0xbd,0xec,0x1a,0x50,0x22,0x70,0xe3,0xcc,0x6c};
-
-/* Test Case 16 */
-#define K16 K15
-#define IV16 IV15
-static const u8	P16[]= {0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a,
-			0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72,
-			0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25,
-			0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39},
-		A16[]= {0xfe,0xed,0xfa,0xce,0xde,0xad,0xbe,0xef,0xfe,0xed,0xfa,0xce,0xde,0xad,0xbe,0xef,
-			0xab,0xad,0xda,0xd2},
-		C16[]= {0x52,0x2d,0xc1,0xf0,0x99,0x56,0x7d,0x07,0xf4,0x7f,0x37,0xa3,0x2a,0x84,0x42,0x7d,
-			0x64,0x3a,0x8c,0xdc,0xbf,0xe5,0xc0,0xc9,0x75,0x98,0xa2,0xbd,0x25,0x55,0xd1,0xaa,
-			0x8c,0xb0,0x8e,0x48,0x59,0x0d,0xbb,0x3d,0xa7,0xb0,0x8b,0x10,0x56,0x82,0x88,0x38,
-			0xc5,0xf6,0x1e,0x63,0x93,0xba,0x7a,0x0a,0xbc,0xc9,0xf6,0x62},
-		T16[]= {0x76,0xfc,0x6e,0xce,0x0f,0x4e,0x17,0x68,0xcd,0xdf,0x88,0x53,0xbb,0x2d,0x55,0x1b};
-
-/* Test Case 17 */
-#define K17 K16
-#define P17 P16
-#define A17 A16
-static const u8	IV17[]={0xca,0xfe,0xba,0xbe,0xfa,0xce,0xdb,0xad},
-		C17[]= {0xc3,0x76,0x2d,0xf1,0xca,0x78,0x7d,0x32,0xae,0x47,0xc1,0x3b,0xf1,0x98,0x44,0xcb,
-			0xaf,0x1a,0xe1,0x4d,0x0b,0x97,0x6a,0xfa,0xc5,0x2f,0xf7,0xd7,0x9b,0xba,0x9d,0xe0,
-			0xfe,0xb5,0x82,0xd3,0x39,0x34,0xa4,0xf0,0x95,0x4c,0xc2,0x36,0x3b,0xc7,0x3f,0x78,
-			0x62,0xac,0x43,0x0e,0x64,0xab,0xe4,0x99,0xf4,0x7c,0x9b,0x1f},
-		T17[]= {0x3a,0x33,0x7d,0xbf,0x46,0xa7,0x92,0xc4,0x5e,0x45,0x49,0x13,0xfe,0x2e,0xa8,0xf2};
-
-/* Test Case 18 */
-#define K18 K17
-#define P18 P17
-#define A18 A17
-static const u8	IV18[]={0x93,0x13,0x22,0x5d,0xf8,0x84,0x06,0xe5,0x55,0x90,0x9c,0x5a,0xff,0x52,0x69,0xaa,
-			0x6a,0x7a,0x95,0x38,0x53,0x4f,0x7d,0xa1,0xe4,0xc3,0x03,0xd2,0xa3,0x18,0xa7,0x28,
-			0xc3,0xc0,0xc9,0x51,0x56,0x80,0x95,0x39,0xfc,0xf0,0xe2,0x42,0x9a,0x6b,0x52,0x54,
-			0x16,0xae,0xdb,0xf5,0xa0,0xde,0x6a,0x57,0xa6,0x37,0xb3,0x9b},
-		C18[]= {0x5a,0x8d,0xef,0x2f,0x0c,0x9e,0x53,0xf1,0xf7,0x5d,0x78,0x53,0x65,0x9e,0x2a,0x20,
-			0xee,0xb2,0xb2,0x2a,0xaf,0xde,0x64,0x19,0xa0,0x58,0xab,0x4f,0x6f,0x74,0x6b,0xf4,
-			0x0f,0xc0,0xc3,0xb7,0x80,0xf2,0x44,0x45,0x2d,0xa3,0xeb,0xf1,0xc5,0xd8,0x2c,0xde,
-			0xa2,0x41,0x89,0x97,0x20,0x0e,0xf8,0x2e,0x44,0xae,0x7e,0x3f},
-		T18[]= {0xa4,0x4a,0x82,0x66,0xee,0x1c,0x8e,0xb0,0xc8,0xb5,0xd4,0xcf,0x5a,0xe9,0xf1,0x9a};
-
-/* Test Case 19 */
-#define K19 K1
-#define P19 P1
-#define IV19 IV1
-#define C19 C1
-static const u8 A19[]= {0xd9,0x31,0x32,0x25,0xf8,0x84,0x06,0xe5,0xa5,0x59,0x09,0xc5,0xaf,0xf5,0x26,0x9a,
-			0x86,0xa7,0xa9,0x53,0x15,0x34,0xf7,0xda,0x2e,0x4c,0x30,0x3d,0x8a,0x31,0x8a,0x72,
-			0x1c,0x3c,0x0c,0x95,0x95,0x68,0x09,0x53,0x2f,0xcf,0x0e,0x24,0x49,0xa6,0xb5,0x25,
-			0xb1,0x6a,0xed,0xf5,0xaa,0x0d,0xe6,0x57,0xba,0x63,0x7b,0x39,0x1a,0xaf,0xd2,0x55,
-			0x52,0x2d,0xc1,0xf0,0x99,0x56,0x7d,0x07,0xf4,0x7f,0x37,0xa3,0x2a,0x84,0x42,0x7d,
-			0x64,0x3a,0x8c,0xdc,0xbf,0xe5,0xc0,0xc9,0x75,0x98,0xa2,0xbd,0x25,0x55,0xd1,0xaa,
-			0x8c,0xb0,0x8e,0x48,0x59,0x0d,0xbb,0x3d,0xa7,0xb0,0x8b,0x10,0x56,0x82,0x88,0x38,
-			0xc5,0xf6,0x1e,0x63,0x93,0xba,0x7a,0x0a,0xbc,0xc9,0xf6,0x62,0x89,0x80,0x15,0xad},
-		T19[]= {0x5f,0xea,0x79,0x3a,0x2d,0x6f,0x97,0x4d,0x37,0xe6,0x8e,0x0c,0xb8,0xff,0x94,0x92};
-
-/* Test Case 20 */
-#define K20 K1
-#define A20 A1
-static const u8 IV20[64]={0xff,0xff,0xff,0xff},	/* this results in 0xff in counter LSB */
-		P20[288],
-		C20[]= {0x56,0xb3,0x37,0x3c,0xa9,0xef,0x6e,0x4a,0x2b,0x64,0xfe,0x1e,0x9a,0x17,0xb6,0x14,
-			0x25,0xf1,0x0d,0x47,0xa7,0x5a,0x5f,0xce,0x13,0xef,0xc6,0xbc,0x78,0x4a,0xf2,0x4f,
-			0x41,0x41,0xbd,0xd4,0x8c,0xf7,0xc7,0x70,0x88,0x7a,0xfd,0x57,0x3c,0xca,0x54,0x18,
-			0xa9,0xae,0xff,0xcd,0x7c,0x5c,0xed,0xdf,0xc6,0xa7,0x83,0x97,0xb9,0xa8,0x5b,0x49,
-			0x9d,0xa5,0x58,0x25,0x72,0x67,0xca,0xab,0x2a,0xd0,0xb2,0x3c,0xa4,0x76,0xa5,0x3c,
-			0xb1,0x7f,0xb4,0x1c,0x4b,0x8b,0x47,0x5c,0xb4,0xf3,0xf7,0x16,0x50,0x94,0xc2,0x29,
-			0xc9,0xe8,0xc4,0xdc,0x0a,0x2a,0x5f,0xf1,0x90,0x3e,0x50,0x15,0x11,0x22,0x13,0x76,
-			0xa1,0xcd,0xb8,0x36,0x4c,0x50,0x61,0xa2,0x0c,0xae,0x74,0xbc,0x4a,0xcd,0x76,0xce,
-			0xb0,0xab,0xc9,0xfd,0x32,0x17,0xef,0x9f,0x8c,0x90,0xbe,0x40,0x2d,0xdf,0x6d,0x86,
-			0x97,0xf4,0xf8,0x80,0xdf,0xf1,0x5b,0xfb,0x7a,0x6b,0x28,0x24,0x1e,0xc8,0xfe,0x18,
-			0x3c,0x2d,0x59,0xe3,0xf9,0xdf,0xff,0x65,0x3c,0x71,0x26,0xf0,0xac,0xb9,0xe6,0x42,
-			0x11,0xf4,0x2b,0xae,0x12,0xaf,0x46,0x2b,0x10,0x70,0xbe,0xf1,0xab,0x5e,0x36,0x06,
-			0x87,0x2c,0xa1,0x0d,0xee,0x15,0xb3,0x24,0x9b,0x1a,0x1b,0x95,0x8f,0x23,0x13,0x4c,
-			0x4b,0xcc,0xb7,0xd0,0x32,0x00,0xbc,0xe4,0x20,0xa2,0xf8,0xeb,0x66,0xdc,0xf3,0x64,
-			0x4d,0x14,0x23,0xc1,0xb5,0x69,0x90,0x03,0xc1,0x3e,0xce,0xf4,0xbf,0x38,0xa3,0xb6,
-			0x0e,0xed,0xc3,0x40,0x33,0xba,0xc1,0x90,0x27,0x83,0xdc,0x6d,0x89,0xe2,0xe7,0x74,
-			0x18,0x8a,0x43,0x9c,0x7e,0xbc,0xc0,0x67,0x2d,0xbd,0xa4,0xdd,0xcf,0xb2,0x79,0x46,
-			0x13,0xb0,0xbe,0x41,0x31,0x5e,0xf7,0x78,0x70,0x8a,0x70,0xee,0x7d,0x75,0x16,0x5c},
-		T20[]= {0x8b,0x30,0x7f,0x6b,0x33,0x28,0x6d,0x0a,0xb0,0x26,0xa9,0xed,0x3f,0xe1,0xe8,0x5f};
-
-#define TEST_CASE(n)	do {					\
-	u8 out[sizeof(P##n)];					\
-	AES_set_encrypt_key(K##n,sizeof(K##n)*8,&key);		\
-	CRYPTO_gcm128_init(&ctx,&key,(block128_f)AES_encrypt);	\
-	CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n));		\
-	memset(out,0,sizeof(out));				\
-	if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n));	\
-	if (P##n) CRYPTO_gcm128_encrypt(&ctx,P##n,out,sizeof(out));	\
-	if (CRYPTO_gcm128_finish(&ctx,T##n,16) ||		\
-	    (C##n && memcmp(out,C##n,sizeof(out))))		\
-		ret++, printf ("encrypt test#%d failed.\n",n);	\
-	CRYPTO_gcm128_setiv(&ctx,IV##n,sizeof(IV##n));		\
-	memset(out,0,sizeof(out));				\
-	if (A##n) CRYPTO_gcm128_aad(&ctx,A##n,sizeof(A##n));	\
-	if (C##n) CRYPTO_gcm128_decrypt(&ctx,C##n,out,sizeof(out));	\
-	if (CRYPTO_gcm128_finish(&ctx,T##n,16) ||		\
-	    (P##n && memcmp(out,P##n,sizeof(out))))		\
-		ret++, printf ("decrypt test#%d failed.\n",n);	\
-	} while(0)
-
-int main()
-{
-	GCM128_CONTEXT ctx;
-	AES_KEY key;
-	int ret=0;
-
-	TEST_CASE(1);
-	TEST_CASE(2);
-	TEST_CASE(3);
-	TEST_CASE(4);
-	TEST_CASE(5);
-	TEST_CASE(6);
-	TEST_CASE(7);
-	TEST_CASE(8);
-	TEST_CASE(9);
-	TEST_CASE(10);
-	TEST_CASE(11);
-	TEST_CASE(12);
-	TEST_CASE(13);
-	TEST_CASE(14);
-	TEST_CASE(15);
-	TEST_CASE(16);
-	TEST_CASE(17);
-	TEST_CASE(18);
-	TEST_CASE(19);
-	TEST_CASE(20);
-
-#ifdef OPENSSL_CPUID_OBJ
-	{
-	size_t start,stop,gcm_t,ctr_t,OPENSSL_rdtsc();
-	union { u64 u; u8 c[1024]; } buf;
-	int i;
-
-	AES_set_encrypt_key(K1,sizeof(K1)*8,&key);
-	CRYPTO_gcm128_init(&ctx,&key,(block128_f)AES_encrypt);
-	CRYPTO_gcm128_setiv(&ctx,IV1,sizeof(IV1));
-
-	CRYPTO_gcm128_encrypt(&ctx,buf.c,buf.c,sizeof(buf));
-	start = OPENSSL_rdtsc();
-	CRYPTO_gcm128_encrypt(&ctx,buf.c,buf.c,sizeof(buf));
-	gcm_t = OPENSSL_rdtsc() - start;
-
-	CRYPTO_ctr128_encrypt(buf.c,buf.c,sizeof(buf),
-			&key,ctx.Yi.c,ctx.EKi.c,&ctx.mres,
-			(block128_f)AES_encrypt);
-	start = OPENSSL_rdtsc();
-	CRYPTO_ctr128_encrypt(buf.c,buf.c,sizeof(buf),
-			&key,ctx.Yi.c,ctx.EKi.c,&ctx.mres,
-			(block128_f)AES_encrypt);
-	ctr_t = OPENSSL_rdtsc() - start;
-
-	printf("%.2f-%.2f=%.2f\n",
-			gcm_t/(double)sizeof(buf),
-			ctr_t/(double)sizeof(buf),
-			(gcm_t-ctr_t)/(double)sizeof(buf));
-#ifdef GHASH
-	{
-	void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
-				const u8 *inp,size_t len)	= ctx.ghash;
-
-	GHASH((&ctx),buf.c,sizeof(buf));
-	start = OPENSSL_rdtsc();
-	for (i=0;i<100;++i) GHASH((&ctx),buf.c,sizeof(buf));
-	gcm_t = OPENSSL_rdtsc() - start;
-	printf("%.2f\n",gcm_t/(double)sizeof(buf)/(double)i);
-	}
-#endif
-	}
-#endif
-
-	return ret;
-}
-#endif
diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h
deleted file mode 100644
index 9d83e12844..0000000000
--- a/crypto/modes/modes_lcl.h
+++ /dev/null
@@ -1,128 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use is governed by OpenSSL license.
- * ====================================================================
- */
-
-#include <openssl/modes.h>
-
-
-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-typedef __int64 i64;
-typedef unsigned __int64 u64;
-#define U64(C) C##UI64
-#elif defined(__arch64__)
-typedef long i64;
-typedef unsigned long u64;
-#define U64(C) C##UL
-#else
-typedef long long i64;
-typedef unsigned long long u64;
-#define U64(C) C##ULL
-#endif
-
-typedef unsigned int u32;
-typedef unsigned char u8;
-
-#define STRICT_ALIGNMENT 1
-#if defined(__i386)	|| defined(__i386__)	|| \
-    defined(__x86_64)	|| defined(__x86_64__)	|| \
-    defined(_M_IX86)	|| defined(_M_AMD64)	|| defined(_M_X64) || \
-    defined(__s390__)	|| defined(__s390x__)
-# undef STRICT_ALIGNMENT
-#endif
-
-#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#if defined(__GNUC__) && __GNUC__>=2
-# if defined(__x86_64) || defined(__x86_64__)
-#  define BSWAP8(x) ({	u64 ret=(x);			\
-			asm ("bswapq %0"		\
-			: "+r"(ret));	ret;		})
-#  define BSWAP4(x) ({	u32 ret=(x);			\
-			asm ("bswapl %0"		\
-			: "+r"(ret));	ret;		})
-# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
-#  define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
-			asm ("bswapl %0; bswapl %1"	\
-			: "+r"(hi),"+r"(lo));		\
-			(u64)hi<<32|lo;			})
-#  define BSWAP4(x) ({	u32 ret=(x);			\
-			asm ("bswapl %0"		\
-			: "+r"(ret));	ret;		})
-# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
-#  define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
-			asm ("rev %0,%0; rev %1,%1"	\
-			: "+r"(hi),"+r"(lo));		\
-			(u64)hi<<32|lo;			})
-#  define BSWAP4(x) ({	u32 ret;			\
-			asm ("rev %0,%1"		\
-			: "=r"(ret) : "r"((u32)(x)));	\
-			ret;				})
-# endif
-#elif defined(_MSC_VER)
-# if _MSC_VER>=1300
-#  pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
-#  define BSWAP8(x)	_byteswap_uint64((u64)(x))
-#  define BSWAP4(x)	_byteswap_ulong((u32)(x))
-# elif defined(_M_IX86)
-   __inline u32 _bswap4(u32 val) {
-	_asm mov eax,val
-	_asm bswap eax
-   }
-#  define BSWAP4(x)	_bswap4(x)
-# endif
-#endif
-#endif
-
-#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT)
-#define GETU32(p)	BSWAP4(*(const u32 *)(p))
-#define PUTU32(p,v)	*(u32 *)(p) = BSWAP4(v)
-#else
-#define GETU32(p)	((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
-#define PUTU32(p,v)	((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
-#endif
-
-/* GCM definitions */
-
-typedef struct { u64 hi,lo; } u128;
-
-#ifdef	TABLE_BITS
-#undef	TABLE_BITS
-#endif
-/*
- * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
- * never be set to 8 [or 1]. For further information see gcm128.c.
- */
-#define	TABLE_BITS 4
-
-struct gcm128_context {
-	/* Following 6 names follow names in GCM specification */
-	union { u64 u[2]; u32 d[4]; u8 c[16]; size_t t[16/sizeof(size_t)]; }
-	  Yi,EKi,EK0,len,Xi,H;
-	/* Relative position of Xi, H and pre-computed Htable is used
-	 * in some assembler modules, i.e. don't change the order! */
-#if TABLE_BITS==8
-	u128 Htable[256];
-#else
-	u128 Htable[16];
-	void (*gmult)(u64 Xi[2],const u128 Htable[16]);
-	void (*ghash)(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
-#endif
-	unsigned int mres, ares;
-	block128_f block;
-	void *key;
-};
-
-struct xts128_context {
-	void      *key1, *key2;
-	block128_f block1,block2;
-};
-
-struct ccm128_context {
-	union { u64 u[2]; u8 c[16]; } nonce, cmac;
-	u64 blocks;
-	block128_f block;
-	void *key;
-};
-
diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c
deleted file mode 100644
index 01c01702c4..0000000000
--- a/crypto/modes/ofb128.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
-#include <string.h>
-
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-/* The input and output encrypted as though 128bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
-void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], int *num,
-			block128_f block)
-{
-	unsigned int n;
-	size_t l=0;
-
-	assert(in && out && key && ivec && num);
-
-	n = *num;
-
-#if !defined(OPENSSL_SMALL_FOOTPRINT)
-	if (16%sizeof(size_t) == 0) do { /* always true actually */
-		while (n && len) {
-			*(out++) = *(in++) ^ ivec[n];
-			--len;
-			n = (n+1) % 16;
-		}
-#if defined(STRICT_ALIGNMENT)
-		if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0)
-			break;
-#endif
-		while (len>=16) {
-			(*block)(ivec, ivec, key);
-			for (; n<16; n+=sizeof(size_t))
-				*(size_t*)(out+n) =
-				*(size_t*)(in+n) ^ *(size_t*)(ivec+n);
-			len -= 16;
-			out += 16;
-			in  += 16;
-			n = 0;
-		}
-		if (len) {
-			(*block)(ivec, ivec, key);
-			while (len--) {
-				out[n] = in[n] ^ ivec[n];
-				++n;
-			}
-		}
-		*num = n;
-		return;
-	} while(0);
-	/* the rest would be commonly eliminated by x86* compiler */
-#endif
-	while (l<len) {
-		if (n==0) {
-			(*block)(ivec, ivec, key);
-		}
-		out[l] = in[l] ^ ivec[n];
-		++l;
-		n = (n+1) % 16;
-	}
-
-	*num=n;
-}
diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c
deleted file mode 100644
index 9cf27a25e9..0000000000
--- a/crypto/modes/xts128.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/crypto.h>
-#include "modes_lcl.h"
-#include <string.h>
-
-#ifndef MODES_DEBUG
-# ifndef NDEBUG
-#  define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
-	const unsigned char *inp, unsigned char *out,
-	size_t len, int enc)
-{
-	const union { long one; char little; } is_endian = {1};
-	union { u64 u[2]; u32 d[4]; u8 c[16]; } tweak, scratch;
-	unsigned int i;
-
-	if (len<16) return -1;
-
-	memcpy(tweak.c, iv, 16);
-
-	(*ctx->block2)(tweak.c,tweak.c,ctx->key2);
-
-	if (!enc && (len%16)) len-=16;
-
-	while (len>=16) {
-#if defined(STRICT_ALIGNMENT)
-		memcpy(scratch.c,inp,16);
-		scratch.u[0] ^= tweak.u[0];
-		scratch.u[1] ^= tweak.u[1];
-#else
-		scratch.u[0] = ((u64*)inp)[0]^tweak.u[0];
-		scratch.u[1] = ((u64*)inp)[1]^tweak.u[1];
-#endif
-		(*ctx->block1)(scratch.c,scratch.c,ctx->key1);
-#if defined(STRICT_ALIGNMENT)
-		scratch.u[0] ^= tweak.u[0];
-		scratch.u[1] ^= tweak.u[1];
-		memcpy(out,scratch.c,16);
-#else
-		((u64*)out)[0] = scratch.u[0]^=tweak.u[0];
-		((u64*)out)[1] = scratch.u[1]^=tweak.u[1];
-#endif
-		inp += 16;
-		out += 16;
-		len -= 16;
-
-		if (len==0)	return 0;
-
-		if (is_endian.little) {
-			unsigned int carry,res;
-			
-			res = 0x87&(((int)tweak.d[3])>>31);
-			carry = (unsigned int)(tweak.u[0]>>63);
-			tweak.u[0] = (tweak.u[0]<<1)^res;
-			tweak.u[1] = (tweak.u[1]<<1)|carry;
-		}
-		else {
-			size_t c;
-
-			for (c=0,i=0;i<16;++i) {
-				/*+ substitutes for |, because c is 1 bit */ 
-				c += ((size_t)tweak.c[i])<<1;
-				tweak.c[i] = (u8)c;
-				c = c>>8;
-			}
-			tweak.c[0] ^= (u8)(0x87&(0-c));
-		}
-	}
-	if (enc) {
-		for (i=0;i<len;++i) {
-			u8 c = inp[i];
-			out[i] = scratch.c[i];
-			scratch.c[i] = c;
-		}
-		scratch.u[0] ^= tweak.u[0];
-		scratch.u[1] ^= tweak.u[1];
-		(*ctx->block1)(scratch.c,scratch.c,ctx->key1);
-		scratch.u[0] ^= tweak.u[0];
-		scratch.u[1] ^= tweak.u[1];
-		memcpy(out-16,scratch.c,16);
-	}
-	else {
-		union { u64 u[2]; u8 c[16]; } tweak1;
-
-		if (is_endian.little) {
-			unsigned int carry,res;
-
-			res = 0x87&(((int)tweak.d[3])>>31);
-			carry = (unsigned int)(tweak.u[0]>>63);
-			tweak1.u[0] = (tweak.u[0]<<1)^res;
-			tweak1.u[1] = (tweak.u[1]<<1)|carry;
-		}
-		else {
-			size_t c;
-
-			for (c=0,i=0;i<16;++i) {
-				/*+ substitutes for |, because c is 1 bit */ 
-				c += ((size_t)tweak.c[i])<<1;
-				tweak1.c[i] = (u8)c;
-				c = c>>8;
-			}
-			tweak1.c[0] ^= (u8)(0x87&(0-c));
-		}
-#if defined(STRICT_ALIGNMENT)
-		memcpy(scratch.c,inp,16);
-		scratch.u[0] ^= tweak1.u[0];
-		scratch.u[1] ^= tweak1.u[1];
-#else
-		scratch.u[0] = ((u64*)inp)[0]^tweak1.u[0];
-		scratch.u[1] = ((u64*)inp)[1]^tweak1.u[1];
-#endif
-		(*ctx->block1)(scratch.c,scratch.c,ctx->key1);
-		scratch.u[0] ^= tweak1.u[0];
-		scratch.u[1] ^= tweak1.u[1];
-
-		for (i=0;i<len;++i) {
-			u8 c = inp[16+i];
-			out[16+i] = scratch.c[i];
-			scratch.c[i] = c;
-		}
-		scratch.u[0] ^= tweak.u[0];
-		scratch.u[1] ^= tweak.u[1];
-		(*ctx->block1)(scratch.c,scratch.c,ctx->key1);
-#if defined(STRICT_ALIGNMENT)
-		scratch.u[0] ^= tweak.u[0];
-		scratch.u[1] ^= tweak.u[1];
-		memcpy (out,scratch.c,16);
-#else
-		((u64*)out)[0] = scratch.u[0]^tweak.u[0];
-		((u64*)out)[1] = scratch.u[1]^tweak.u[1];
-#endif
-	}
-
-	return 0;
-}
diff --git a/crypto/o_dir.c b/crypto/o_dir.c
deleted file mode 100644
index 42891ea459..0000000000
--- a/crypto/o_dir.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <errno.h>
-#include <e_os.h>
-
-/* The routines really come from the Levitte Programming, so to make
-   life simple, let's just use the raw files and hack the symbols to
-   fit our namespace.  */
-#define LP_DIR_CTX OPENSSL_DIR_CTX
-#define LP_dir_context_st OPENSSL_dir_context_st
-#define LP_find_file OPENSSL_DIR_read
-#define LP_find_file_end OPENSSL_DIR_end
-
-#include "o_dir.h"
-
-#define LPDIR_H
-#if defined OPENSSL_SYS_UNIX || defined DJGPP
-#include "LPdir_unix.c"
-#elif defined OPENSSL_SYS_VMS
-#include "LPdir_vms.c"
-#elif defined OPENSSL_SYS_WIN32
-#include "LPdir_win32.c"
-#elif defined OPENSSL_SYS_WINCE
-#include "LPdir_wince.c"
-#else
-#include "LPdir_nyi.c"
-#endif
diff --git a/crypto/o_dir.h b/crypto/o_dir.h
deleted file mode 100644
index 4b725c0312..0000000000
--- a/crypto/o_dir.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
-/* Copied from Richard Levitte's (richard@levitte.org) LP library.  All
- * symbol names have been changed, with permission from the author.
- */
-
-/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-#ifndef O_DIR_H
-#define O_DIR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-  typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
-
-  /* returns NULL on error or end-of-directory.
-     If it is end-of-directory, errno will be zero */
-  const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
-  /* returns 1 on success, 0 on error */
-  int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* LPDIR_H */
diff --git a/crypto/o_dir_test.c b/crypto/o_dir_test.c
deleted file mode 100644
index 3d75ecb005..0000000000
--- a/crypto/o_dir_test.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
-/* Copied from Richard Levitte's (richard@levitte.org) LP library.  All
- * symbol names have been changed, with permission from the author.
- */
-
-/* $LP: LPlib/test/test_dir.c,v 1.1 2004/06/16 22:59:47 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stddef.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <errno.h>
-#include "e_os2.h"
-#include "o_dir.h"
-
-#if defined OPENSSL_SYS_UNIX || defined OPENSSL_SYS_WIN32 || defined OPENSSL_SYS_WINCE
-#define CURRDIR "."
-#elif defined OPENSSL_SYS_VMS
-#define CURRDIR "SYS$DISK:[]"
-#else
-#error "No supported platform defined!"
-#endif
-
-int main()
-{
-  OPENSSL_DIR_CTX *ctx = NULL;
-  const char *result;
-
-  while((result = OPENSSL_DIR_read(&ctx, CURRDIR)) != NULL)
-    {
-      printf("%s\n", result);
-    }
-
-  if (errno)
-    {
-      perror("test_dir");
-      exit(1);
-    }
-
-  if (!OPENSSL_DIR_end(&ctx))
-    {
-      perror("test_dir");
-      exit(2);
-    }
-  exit(0);
-}
diff --git a/crypto/o_init.c b/crypto/o_init.c
deleted file mode 100644
index db4cdc443b..0000000000
--- a/crypto/o_init.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/* o_init.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <e_os.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/rand.h>
-#endif
-
-/* Perform any essential OpenSSL initialization operations.
- * Currently only sets FIPS callbacks
- */
-
-void OPENSSL_init(void)
-	{
-	static int done = 0;
-	if (done)
-		return;
-	done = 1;
-#ifdef OPENSSL_FIPS
-	FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
-	FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
-	FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
-	RAND_init_fips();
-#endif
-#if 0
-	fprintf(stderr, "Called OPENSSL_init\n");
-#endif
-	}
-
diff --git a/crypto/o_str.c b/crypto/o_str.c
deleted file mode 100644
index 56104a6c34..0000000000
--- a/crypto/o_str.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <ctype.h>
-#include <e_os.h>
-#include "o_str.h"
-
-#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \
-    !defined(OPENSSL_SYSNAME_WIN32) && \
-    !defined(NETWARE_CLIB)
-# include <strings.h>
-#endif
-
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
-	{
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
-	while (*str1 && *str2 && n)
-		{
-		int res = toupper(*str1) - toupper(*str2);
-		if (res) return res < 0 ? -1 : 1;
-		str1++;
-		str2++;
-		n--;
-		}
-	if (n == 0)
-		return 0;
-	if (*str1)
-		return 1;
-	if (*str2)
-		return -1;
-	return 0;
-#else
-	/* Recursion hazard warning! Whenever strncasecmp is #defined as
-	 * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be
-	 * defined as well. */
-	return strncasecmp(str1, str2, n);
-#endif
-	}
-int OPENSSL_strcasecmp(const char *str1, const char *str2)
-	{
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
-	return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
-#else
-	return strcasecmp(str1, str2);
-#endif
-	}
-
-int OPENSSL_memcmp(const void *v1,const void *v2,size_t n)
-	{
-	const unsigned char *c1=v1,*c2=v2;
-	int ret=0;
-
-	while(n && (ret=*c1-*c2)==0) n--,c1++,c2++;
-
-	return ret;
-	}
diff --git a/crypto/o_str.h b/crypto/o_str.h
deleted file mode 100644
index dfc98494c6..0000000000
--- a/crypto/o_str.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_O_STR_H
-#define HEADER_O_STR_H
-
-#include <stddef.h>		/* to get size_t */
-
-int OPENSSL_strcasecmp(const char *str1, const char *str2);
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
-int OPENSSL_memcmp(const void *p1,const void *p2,size_t n);
-
-#endif
diff --git a/crypto/o_time.c b/crypto/o_time.c
deleted file mode 100644
index 9030fdef7a..0000000000
--- a/crypto/o_time.c
+++ /dev/null
@@ -1,372 +0,0 @@
-/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2008.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/e_os2.h>
-#include <string.h>
-#include "o_time.h"
-
-#ifdef OPENSSL_SYS_VMS
-# if __CRTL_VER >= 70000000 && \
-     (defined _POSIX_C_SOURCE || !defined _ANSI_C_SOURCE)
-#  define VMS_GMTIME_OK
-# endif
-# ifndef VMS_GMTIME_OK
-#  include <libdtdef.h>
-#  include <lib$routines.h>
-#  include <lnmdef.h>
-#  include <starlet.h>
-#  include <descrip.h>
-#  include <stdlib.h>
-# endif /* ndef VMS_GMTIME_OK */
-#endif
-
-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
-	{
-	struct tm *ts = NULL;
-
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
-	/* should return &data, but doesn't on some systems,
-	   so we don't even look at the return value */
-	gmtime_r(timer,result);
-	ts = result;
-#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
-	ts = gmtime(timer);
-	if (ts == NULL)
-		return NULL;
-
-	memcpy(result, ts, sizeof(struct tm));
-	ts = result;
-#endif
-#if defined( OPENSSL_SYS_VMS) && !defined( VMS_GMTIME_OK)
-	if (ts == NULL)
-		{
-		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
-		static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
-		char logvalue[256];
-		unsigned int reslen = 0;
-		struct {
-			short buflen;
-			short code;
-			void *bufaddr;
-			unsigned int *reslen;
-		} itemlist[] = {
-			{ 0, LNM$_STRING, 0, 0 },
-			{ 0, 0, 0, 0 },
-		};
-		int status;
-		time_t t;
-
-		/* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
-		itemlist[0].buflen = sizeof(logvalue);
-		itemlist[0].bufaddr = logvalue;
-		itemlist[0].reslen = &reslen;
-		status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
-		if (!(status & 1))
-			return NULL;
-		logvalue[reslen] = '\0';
-
-		t = *timer;
-
-/* The following is extracted from the DEC C header time.h */
-/*
-**  Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime
-**  have two implementations.  One implementation is provided
-**  for compatibility and deals with time in terms of local time,
-**  the other __utc_* deals with time in terms of UTC.
-*/
-/* We use the same conditions as in said time.h to check if we should
-   assume that t contains local time (and should therefore be adjusted)
-   or UTC (and should therefore be left untouched). */
-#if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE
-		/* Get the numerical value of the equivalence string */
-		status = atoi(logvalue);
-
-		/* and use it to move time to GMT */
-		t -= status;
-#endif
-
-		/* then convert the result to the time structure */
-
-		/* Since there was no gmtime_r() to do this stuff for us,
-		   we have to do it the hard way. */
-		{
-		/* The VMS epoch is the astronomical Smithsonian date,
-		   if I remember correctly, which is November 17, 1858.
-		   Furthermore, time is measure in thenths of microseconds
-		   and stored in quadwords (64 bit integers).  unix_epoch
-		   below is January 1st 1970 expressed as a VMS time.  The
-		   following code was used to get this number:
-
-		   #include <stdio.h>
-		   #include <stdlib.h>
-		   #include <lib$routines.h>
-		   #include <starlet.h>
-
-		   main()
-		   {
-		     unsigned long systime[2];
-		     unsigned short epoch_values[7] =
-		       { 1970, 1, 1, 0, 0, 0, 0 };
-
-		     lib$cvt_vectim(epoch_values, systime);
-
-		     printf("%u %u", systime[0], systime[1]);
-		   }
-		*/
-		unsigned long unix_epoch[2] = { 1273708544, 8164711 };
-		unsigned long deltatime[2];
-		unsigned long systime[2];
-		struct vms_vectime
-			{
-			short year, month, day, hour, minute, second,
-				centi_second;
-			} time_values;
-		long operation;
-
-		/* Turn the number of seconds since January 1st 1970 to
-		   an internal delta time.
-		   Note that lib$cvt_to_internal_time() will assume
-		   that t is signed, and will therefore break on 32-bit
-		   systems some time in 2038.
-		*/
-		operation = LIB$K_DELTA_SECONDS;
-		status = lib$cvt_to_internal_time(&operation,
-			&t, deltatime);
-
-		/* Add the delta time with the Unix epoch and we have
-		   the current UTC time in internal format */
-		status = lib$add_times(unix_epoch, deltatime, systime);
-
-		/* Turn the internal time into a time vector */
-		status = sys$numtim(&time_values, systime);
-
-		/* Fill in the struct tm with the result */
-		result->tm_sec = time_values.second;
-		result->tm_min = time_values.minute;
-		result->tm_hour = time_values.hour;
-		result->tm_mday = time_values.day;
-		result->tm_mon = time_values.month - 1;
-		result->tm_year = time_values.year - 1900;
-
-		operation = LIB$K_DAY_OF_WEEK;
-		status = lib$cvt_from_internal_time(&operation,
-			&result->tm_wday, systime);
-		result->tm_wday %= 7;
-
-		operation = LIB$K_DAY_OF_YEAR;
-		status = lib$cvt_from_internal_time(&operation,
-			&result->tm_yday, systime);
-		result->tm_yday--;
-
-		result->tm_isdst = 0; /* There's no way to know... */
-
-		ts = result;
-		}
-		}
-#endif
-	return ts;
-	}
-
-/* Take a tm structure and add an offset to it. This avoids any OS issues
- * with restricted date types and overflows which cause the year 2038
- * problem.
- */
-
-#define SECS_PER_DAY (24 * 60 * 60)
-
-static long date_to_julian(int y, int m, int d);
-static void julian_to_date(long jd, int *y, int *m, int *d);
-
-int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
-	{
-	int offset_hms, offset_day;
-	long time_jd;
-	int time_year, time_month, time_day;
-	/* split offset into days and day seconds */
-	offset_day = offset_sec / SECS_PER_DAY;
-	/* Avoid sign issues with % operator */
-	offset_hms  = offset_sec - (offset_day * SECS_PER_DAY);
-	offset_day += off_day;
-	/* Add current time seconds to offset */
-	offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec;
-	/* Adjust day seconds if overflow */
-	if (offset_hms >= SECS_PER_DAY)
-		{
-		offset_day++;
-		offset_hms -= SECS_PER_DAY;
-		}
-	else if (offset_hms < 0)
-		{
-		offset_day--;
-		offset_hms += SECS_PER_DAY;
-		}
-
-	/* Convert date of time structure into a Julian day number.
-	 */
-
-	time_year = tm->tm_year + 1900;
-	time_month = tm->tm_mon + 1;
-	time_day = tm->tm_mday;
-
-	time_jd = date_to_julian(time_year, time_month, time_day);
-
-	/* Work out Julian day of new date */
-	time_jd += offset_day;
-
-	if (time_jd < 0)
-		return 0;
-
-	/* Convert Julian day back to date */
-
-	julian_to_date(time_jd, &time_year, &time_month, &time_day);
-
-	if (time_year < 1900 || time_year > 9999)
-		return 0;
-
-	/* Update tm structure */
-
-	tm->tm_year = time_year - 1900;
-	tm->tm_mon = time_month - 1;
-	tm->tm_mday = time_day;
-
-	tm->tm_hour = offset_hms / 3600;
-	tm->tm_min = (offset_hms / 60) % 60;
-	tm->tm_sec = offset_hms % 60;
-
-	return 1;
-		
-}
-
-/* Convert date to and from julian day
- * Uses Fliegel & Van Flandern algorithm
- */
-static long date_to_julian(int y, int m, int d)
-{
-	return (1461 * (y + 4800 + (m - 14) / 12)) / 4 +
-		(367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 -
-		(3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 +
-		d - 32075;
-}
-
-static void julian_to_date(long jd, int *y, int *m, int *d)
-	{
-	long  L = jd + 68569;
-	long  n = (4 * L) / 146097;
-	long  i, j;
-
-	L = L - (146097 * n + 3) / 4;
-	i = (4000 * (L + 1)) / 1461001;
-	L = L - (1461 * i) / 4 + 31;
-	j = (80 * L) / 2447;
-	*d = L - (2447 * j) / 80;
-	L = j / 11;
-	*m = j + 2 - (12 * L);
-	*y = 100 * (n - 49) + i + L;
-	}
-
-#ifdef OPENSSL_TIME_TEST
-
-#include <stdio.h>
-
-/* Time checking test code. Check times are identical for a wide range of
- * offsets. This should be run on a machine with 64 bit time_t or it will
- * trigger the very errors the routines fix.
- */
-
-int main(int argc, char **argv)
-	{
-	long offset;
-	for (offset = 0; offset < 1000000; offset++)
-		{
-		check_time(offset);
-		check_time(-offset);
-		check_time(offset * 1000);
-		check_time(-offset * 1000);
-		}
-	}
-
-int check_time(long offset)
-	{
-	struct tm tm1, tm2;
-	time_t t1, t2;
-	time(&t1);
-	t2 = t1 + offset;
-	OPENSSL_gmtime(&t2, &tm2);
-	OPENSSL_gmtime(&t1, &tm1);
-	OPENSSL_gmtime_adj(&tm1, 0, offset);
-	if ((tm1.tm_year == tm2.tm_year) &&
-	    (tm1.tm_mon == tm2.tm_mon) &&
-	    (tm1.tm_mday == tm2.tm_mday) &&
-	    (tm1.tm_hour == tm2.tm_hour) &&
-	    (tm1.tm_min == tm2.tm_min) &&
-	    (tm1.tm_sec == tm2.tm_sec))
-		return 1;
-	fprintf(stderr, "TIME ERROR!!\n");
-	fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n",
-			tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900,
-			tm2.tm_hour, tm2.tm_min, tm2.tm_sec);
-	fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n",
-			tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900,
-			tm1.tm_hour, tm1.tm_min, tm1.tm_sec);
-	return 0;
-	}
-
-#endif
diff --git a/crypto/o_time.h b/crypto/o_time.h
deleted file mode 100644
index e391da7508..0000000000
--- a/crypto/o_time.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_O_TIME_H
-#define HEADER_O_TIME_H
-
-#include <time.h>
-
-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
-int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
-
-#endif
diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
deleted file mode 100644
index 4a548c2ed4..0000000000
--- a/crypto/objects/o_names.c
+++ /dev/null
@@ -1,372 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/err.h>
-#include <openssl/lhash.h>
-#include <openssl/objects.h>
-#include <openssl/safestack.h>
-#include <openssl/e_os2.h>
-
-/* Later versions of DEC C has started to add lnkage information to certain
- * functions, which makes it tricky to use them as values to regular function
- * pointers.  One way is to define a macro that takes care of casting them
- * correctly.
- */
-#ifdef OPENSSL_SYS_VMS_DECC
-# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp
-#else
-# define OPENSSL_strcmp strcmp
-#endif
-
-/* I use the ex_data stuff to manage the identifiers for the obj_name_types
- * that applications may define.  I only really use the free function field.
- */
-DECLARE_LHASH_OF(OBJ_NAME);
-static LHASH_OF(OBJ_NAME) *names_lh=NULL;
-static int names_type_num=OBJ_NAME_TYPE_NUM;
-
-typedef struct name_funcs_st
-	{
-	unsigned long (*hash_func)(const char *name);
-	int (*cmp_func)(const char *a,const char *b);
-	void (*free_func)(const char *, int, const char *);
-	} NAME_FUNCS;
-
-DECLARE_STACK_OF(NAME_FUNCS)
-IMPLEMENT_STACK_OF(NAME_FUNCS)
-
-static STACK_OF(NAME_FUNCS) *name_funcs_stack;
-
-/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable
- * casting in the functions. This prevents function pointer casting without the
- * need for macro-generated wrapper functions. */
-
-/* static unsigned long obj_name_hash(OBJ_NAME *a); */
-static unsigned long obj_name_hash(const void *a_void);
-/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
-static int obj_name_cmp(const void *a_void,const void *b_void);
-
-static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME)
-static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME)
-
-int OBJ_NAME_init(void)
-	{
-	if (names_lh != NULL) return(1);
-	MemCheck_off();
-	names_lh=lh_OBJ_NAME_new();
-	MemCheck_on();
-	return(names_lh != NULL);
-	}
-
-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
-	int (*cmp_func)(const char *, const char *),
-	void (*free_func)(const char *, int, const char *))
-	{
-	int ret;
-	int i;
-	NAME_FUNCS *name_funcs;
-
-	if (name_funcs_stack == NULL)
-		{
-		MemCheck_off();
-		name_funcs_stack=sk_NAME_FUNCS_new_null();
-		MemCheck_on();
-		}
-	if (name_funcs_stack == NULL)
-		{
-		/* ERROR */
-		return(0);
-		}
-	ret=names_type_num;
-	names_type_num++;
-	for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++)
-		{
-		MemCheck_off();
-		name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
-		MemCheck_on();
-		if (!name_funcs)
-			{
-			OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		name_funcs->hash_func = lh_strhash;
-		name_funcs->cmp_func = OPENSSL_strcmp;
-		name_funcs->free_func = 0; /* NULL is often declared to
-						* ((void *)0), which according
-						* to Compaq C is not really
-						* compatible with a function
-						* pointer.	-- Richard Levitte*/
-		MemCheck_off();
-		sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
-		MemCheck_on();
-		}
-	name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
-	if (hash_func != NULL)
-		name_funcs->hash_func = hash_func;
-	if (cmp_func != NULL)
-		name_funcs->cmp_func = cmp_func;
-	if (free_func != NULL)
-		name_funcs->free_func = free_func;
-	return(ret);
-	}
-
-/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */
-static int obj_name_cmp(const void *a_void, const void *b_void)
-	{
-	int ret;
-	const OBJ_NAME *a = (const OBJ_NAME *)a_void;
-	const OBJ_NAME *b = (const OBJ_NAME *)b_void;
-
-	ret=a->type-b->type;
-	if (ret == 0)
-		{
-		if ((name_funcs_stack != NULL)
-			&& (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
-			{
-			ret=sk_NAME_FUNCS_value(name_funcs_stack,
-				a->type)->cmp_func(a->name,b->name);
-			}
-		else
-			ret=strcmp(a->name,b->name);
-		}
-	return(ret);
-	}
-
-/* static unsigned long obj_name_hash(OBJ_NAME *a) */
-static unsigned long obj_name_hash(const void *a_void)
-	{
-	unsigned long ret;
-	const OBJ_NAME *a = (const OBJ_NAME *)a_void;
-
-	if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
-		{
-		ret=sk_NAME_FUNCS_value(name_funcs_stack,
-			a->type)->hash_func(a->name);
-		}
-	else
-		{
-		ret=lh_strhash(a->name);
-		}
-	ret^=a->type;
-	return(ret);
-	}
-
-const char *OBJ_NAME_get(const char *name, int type)
-	{
-	OBJ_NAME on,*ret;
-	int num=0,alias;
-
-	if (name == NULL) return(NULL);
-	if ((names_lh == NULL) && !OBJ_NAME_init()) return(NULL);
-
-	alias=type&OBJ_NAME_ALIAS;
-	type&= ~OBJ_NAME_ALIAS;
-
-	on.name=name;
-	on.type=type;
-
-	for (;;)
-	{
-		ret=lh_OBJ_NAME_retrieve(names_lh,&on);
-		if (ret == NULL) return(NULL);
-		if ((ret->alias) && !alias)
-			{
-			if (++num > 10) return(NULL);
-			on.name=ret->data;
-			}
-		else
-			{
-			return(ret->data);
-			}
-		}
-	}
-
-int OBJ_NAME_add(const char *name, int type, const char *data)
-	{
-	OBJ_NAME *onp,*ret;
-	int alias;
-
-	if ((names_lh == NULL) && !OBJ_NAME_init()) return(0);
-
-	alias=type&OBJ_NAME_ALIAS;
-	type&= ~OBJ_NAME_ALIAS;
-
-	onp=(OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));
-	if (onp == NULL)
-		{
-		/* ERROR */
-		return(0);
-		}
-
-	onp->name=name;
-	onp->alias=alias;
-	onp->type=type;
-	onp->data=data;
-
-	ret=lh_OBJ_NAME_insert(names_lh,onp);
-	if (ret != NULL)
-		{
-		/* free things */
-		if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))
-			{
-			/* XXX: I'm not sure I understand why the free
-			 * function should get three arguments...
-			 * -- Richard Levitte
-			 */
-			sk_NAME_FUNCS_value(name_funcs_stack,
-				ret->type)->free_func(ret->name,ret->type,ret->data);
-			}
-		OPENSSL_free(ret);
-		}
-	else
-		{
-		if (lh_OBJ_NAME_error(names_lh))
-			{
-			/* ERROR */
-			return(0);
-			}
-		}
-	return(1);
-	}
-
-int OBJ_NAME_remove(const char *name, int type)
-	{
-	OBJ_NAME on,*ret;
-
-	if (names_lh == NULL) return(0);
-
-	type&= ~OBJ_NAME_ALIAS;
-	on.name=name;
-	on.type=type;
-	ret=lh_OBJ_NAME_delete(names_lh,&on);
-	if (ret != NULL)
-		{
-		/* free things */
-		if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))
-			{
-			/* XXX: I'm not sure I understand why the free
-			 * function should get three arguments...
-			 * -- Richard Levitte
-			 */
-			sk_NAME_FUNCS_value(name_funcs_stack,
-				ret->type)->free_func(ret->name,ret->type,ret->data);
-			}
-		OPENSSL_free(ret);
-		return(1);
-		}
-	else
-		return(0);
-	}
-
-struct doall
-	{
-	int type;
-	void (*fn)(const OBJ_NAME *,void *arg);
-	void *arg;
-	};
-
-static void do_all_fn_doall_arg(const OBJ_NAME *name,struct doall *d)
-	{
-	if(name->type == d->type)
-		d->fn(name,d->arg);
-	}
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME, struct doall)
-
-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg)
-	{
-	struct doall d;
-
-	d.type=type;
-	d.fn=fn;
-	d.arg=arg;
-
-	lh_OBJ_NAME_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn),
-			      struct doall, &d);
-	}
-
-struct doall_sorted
-	{
-	int type;
-	int n;
-	const OBJ_NAME **names;
-	};
-
-static void do_all_sorted_fn(const OBJ_NAME *name,void *d_)
-	{
-	struct doall_sorted *d=d_;
-
-	if(name->type != d->type)
-		return;
-
-	d->names[d->n++]=name;
-	}
-
-static int do_all_sorted_cmp(const void *n1_,const void *n2_)
-	{
-	const OBJ_NAME * const *n1=n1_;
-	const OBJ_NAME * const *n2=n2_;
-
-	return strcmp((*n1)->name,(*n2)->name);
-	}
-
-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
-				void *arg)
-	{
-	struct doall_sorted d;
-	int n;
-
-	d.type=type;
-	d.names=OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh)*sizeof *d.names);
-	d.n=0;
-	OBJ_NAME_do_all(type,do_all_sorted_fn,&d);
-
-	qsort((void *)d.names,d.n,sizeof *d.names,do_all_sorted_cmp);
-
-	for(n=0 ; n < d.n ; ++n)
-		fn(d.names[n],arg);
-
-	OPENSSL_free((void *)d.names);
-	}
-
-static int free_type;
-
-static void names_lh_free_doall(OBJ_NAME *onp)
-	{
-	if (onp == NULL)
-		return;
-
-	if (free_type < 0 || free_type == onp->type)
-		OBJ_NAME_remove(onp->name,onp->type);
-	}
-
-static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME)
-
-static void name_funcs_free(NAME_FUNCS *ptr)
-	{
-	OPENSSL_free(ptr);
-	}
-
-void OBJ_NAME_cleanup(int type)
-	{
-	unsigned long down_load;
-
-	if (names_lh == NULL) return;
-
-	free_type=type;
-	down_load=lh_OBJ_NAME_down_load(names_lh);
-	lh_OBJ_NAME_down_load(names_lh)=0;
-
-	lh_OBJ_NAME_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
-	if (type < 0)
-		{
-		lh_OBJ_NAME_free(names_lh);
-		sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free);
-		names_lh=NULL;
-		name_funcs_stack = NULL;
-		}
-	else
-		lh_OBJ_NAME_down_load(names_lh)=down_load;
-	}
-
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
deleted file mode 100644
index 0b2f44241b..0000000000
--- a/crypto/objects/obj_dat.c
+++ /dev/null
@@ -1,812 +0,0 @@
-/* crypto/objects/obj_dat.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/bn.h>
-
-/* obj_dat.h is generated from objects.h by obj_dat.pl */
-#ifndef OPENSSL_NO_OBJECT
-#include "obj_dat.h"
-#else
-/* You will have to load all the objects needed manually in the application */
-#define NUM_NID 0
-#define NUM_SN 0
-#define NUM_LN 0
-#define NUM_OBJ 0
-static const unsigned char lvalues[1];
-static const ASN1_OBJECT nid_objs[1];
-static const unsigned int sn_objs[1];
-static const unsigned int ln_objs[1];
-static const unsigned int obj_objs[1];
-#endif
-
-DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
-DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
-DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
-
-#define ADDED_DATA	0
-#define ADDED_SNAME	1
-#define ADDED_LNAME	2
-#define ADDED_NID	3
-
-typedef struct added_obj_st
-	{
-	int type;
-	ASN1_OBJECT *obj;
-	} ADDED_OBJ;
-DECLARE_LHASH_OF(ADDED_OBJ);
-
-static int new_nid=NUM_NID;
-static LHASH_OF(ADDED_OBJ) *added=NULL;
-
-static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
-	{ return(strcmp((*a)->sn,nid_objs[*b].sn)); }
-
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
-
-static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
-	{ return(strcmp((*a)->ln,nid_objs[*b].ln)); }
-
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
-
-static unsigned long added_obj_hash(const ADDED_OBJ *ca)
-	{
-	const ASN1_OBJECT *a;
-	int i;
-	unsigned long ret=0;
-	unsigned char *p;
-
-	a=ca->obj;
-	switch (ca->type)
-		{
-	case ADDED_DATA:
-		ret=a->length<<20L;
-		p=(unsigned char *)a->data;
-		for (i=0; i<a->length; i++)
-			ret^=p[i]<<((i*3)%24);
-		break;
-	case ADDED_SNAME:
-		ret=lh_strhash(a->sn);
-		break;
-	case ADDED_LNAME:
-		ret=lh_strhash(a->ln);
-		break;
-	case ADDED_NID:
-		ret=a->nid;
-		break;
-	default:
-		/* abort(); */
-		return 0;
-		}
-	ret&=0x3fffffffL;
-	ret|=ca->type<<30L;
-	return(ret);
-	}
-static IMPLEMENT_LHASH_HASH_FN(added_obj, ADDED_OBJ)
-
-static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
-	{
-	ASN1_OBJECT *a,*b;
-	int i;
-
-	i=ca->type-cb->type;
-	if (i) return(i);
-	a=ca->obj;
-	b=cb->obj;
-	switch (ca->type)
-		{
-	case ADDED_DATA:
-		i=(a->length - b->length);
-		if (i) return(i);
-		return(memcmp(a->data,b->data,(size_t)a->length));
-	case ADDED_SNAME:
-		if (a->sn == NULL) return(-1);
-		else if (b->sn == NULL) return(1);
-		else return(strcmp(a->sn,b->sn));
-	case ADDED_LNAME:
-		if (a->ln == NULL) return(-1);
-		else if (b->ln == NULL) return(1);
-		else return(strcmp(a->ln,b->ln));
-	case ADDED_NID:
-		return(a->nid-b->nid);
-	default:
-		/* abort(); */
-		return 0;
-		}
-	}
-static IMPLEMENT_LHASH_COMP_FN(added_obj, ADDED_OBJ)
-
-static int init_added(void)
-	{
-	if (added != NULL) return(1);
-	added=lh_ADDED_OBJ_new();
-	return(added != NULL);
-	}
-
-static void cleanup1_doall(ADDED_OBJ *a)
-	{
-	a->obj->nid=0;
-	a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC|
-	                ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
-			ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-	}
-
-static void cleanup2_doall(ADDED_OBJ *a)
-	{ a->obj->nid++; }
-
-static void cleanup3_doall(ADDED_OBJ *a)
-	{
-	if (--a->obj->nid == 0)
-		ASN1_OBJECT_free(a->obj);
-	OPENSSL_free(a);
-	}
-
-static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ)
-static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ)
-static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ)
-
-/* The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting
- * to use freed up OIDs. If neccessary the actual freeing up of OIDs is
- * delayed.
- */
-
-int obj_cleanup_defer = 0;
-
-void check_defer(int nid)
-	{
-	if (!obj_cleanup_defer && nid >= NUM_NID)
-			obj_cleanup_defer = 1;
-	}
-
-void OBJ_cleanup(void)
-	{
-	if (obj_cleanup_defer)
-		{
-		obj_cleanup_defer = 2;
-		return ;
-		}
-	if (added == NULL) return;
-	lh_ADDED_OBJ_down_load(added) = 0;
-	lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
-	lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
-	lh_ADDED_OBJ_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
-	lh_ADDED_OBJ_free(added);
-	added=NULL;
-	}
-
-int OBJ_new_nid(int num)
-	{
-	int i;
-
-	i=new_nid;
-	new_nid+=num;
-	return(i);
-	}
-
-int OBJ_add_object(const ASN1_OBJECT *obj)
-	{
-	ASN1_OBJECT *o;
-	ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop;
-	int i;
-
-	if (added == NULL)
-		if (!init_added()) return(0);
-	if ((o=OBJ_dup(obj)) == NULL) goto err;
-	if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-	if ((o->length != 0) && (obj->data != NULL))
-		if (!(ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-	if (o->sn != NULL)
-		if (!(ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-	if (o->ln != NULL)
-		if (!(ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-
-	for (i=ADDED_DATA; i<=ADDED_NID; i++)
-		{
-		if (ao[i] != NULL)
-			{
-			ao[i]->type=i;
-			ao[i]->obj=o;
-			aop=lh_ADDED_OBJ_insert(added,ao[i]);
-			/* memory leak, buit should not normally matter */
-			if (aop != NULL)
-				OPENSSL_free(aop);
-			}
-		}
-	o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
-			ASN1_OBJECT_FLAG_DYNAMIC_DATA);
-
-	return(o->nid);
-err2:
-	OBJerr(OBJ_F_OBJ_ADD_OBJECT,ERR_R_MALLOC_FAILURE);
-err:
-	for (i=ADDED_DATA; i<=ADDED_NID; i++)
-		if (ao[i] != NULL) OPENSSL_free(ao[i]);
-	if (o != NULL) OPENSSL_free(o);
-	return(NID_undef);
-	}
-
-ASN1_OBJECT *OBJ_nid2obj(int n)
-	{
-	ADDED_OBJ ad,*adp;
-	ASN1_OBJECT ob;
-
-	if ((n >= 0) && (n < NUM_NID))
-		{
-		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
-			{
-			OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
-			return(NULL);
-			}
-		return((ASN1_OBJECT *)&(nid_objs[n]));
-		}
-	else if (added == NULL)
-		return(NULL);
-	else
-		{
-		ad.type=ADDED_NID;
-		ad.obj= &ob;
-		ob.nid=n;
-		adp=lh_ADDED_OBJ_retrieve(added,&ad);
-		if (adp != NULL)
-			return(adp->obj);
-		else
-			{
-			OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
-			return(NULL);
-			}
-		}
-	}
-
-const char *OBJ_nid2sn(int n)
-	{
-	ADDED_OBJ ad,*adp;
-	ASN1_OBJECT ob;
-
-	if ((n >= 0) && (n < NUM_NID))
-		{
-		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
-			{
-			OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
-			return(NULL);
-			}
-		return(nid_objs[n].sn);
-		}
-	else if (added == NULL)
-		return(NULL);
-	else
-		{
-		ad.type=ADDED_NID;
-		ad.obj= &ob;
-		ob.nid=n;
-		adp=lh_ADDED_OBJ_retrieve(added,&ad);
-		if (adp != NULL)
-			return(adp->obj->sn);
-		else
-			{
-			OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
-			return(NULL);
-			}
-		}
-	}
-
-const char *OBJ_nid2ln(int n)
-	{
-	ADDED_OBJ ad,*adp;
-	ASN1_OBJECT ob;
-
-	if ((n >= 0) && (n < NUM_NID))
-		{
-		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
-			{
-			OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
-			return(NULL);
-			}
-		return(nid_objs[n].ln);
-		}
-	else if (added == NULL)
-		return(NULL);
-	else
-		{
-		ad.type=ADDED_NID;
-		ad.obj= &ob;
-		ob.nid=n;
-		adp=lh_ADDED_OBJ_retrieve(added,&ad);
-		if (adp != NULL)
-			return(adp->obj->ln);
-		else
-			{
-			OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
-			return(NULL);
-			}
-		}
-	}
-
-static int obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp)
-	{
-	int j;
-	const ASN1_OBJECT *a= *ap;
-	const ASN1_OBJECT *b= &nid_objs[*bp];
-
-	j=(a->length - b->length);
-        if (j) return(j);
-	return(memcmp(a->data,b->data,a->length));
-	}
-
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
-
-int OBJ_obj2nid(const ASN1_OBJECT *a)
-	{
-	const unsigned int *op;
-	ADDED_OBJ ad,*adp;
-
-	if (a == NULL)
-		return(NID_undef);
-	if (a->nid != 0)
-		return(a->nid);
-
-	if (added != NULL)
-		{
-		ad.type=ADDED_DATA;
-		ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */
-		adp=lh_ADDED_OBJ_retrieve(added,&ad);
-		if (adp != NULL) return (adp->obj->nid);
-		}
-	op=OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ);
-	if (op == NULL)
-		return(NID_undef);
-	return(nid_objs[*op].nid);
-	}
-
-/* Convert an object name into an ASN1_OBJECT
- * if "noname" is not set then search for short and long names first.
- * This will convert the "dotted" form into an object: unlike OBJ_txt2nid
- * it can be used with any objects, not just registered ones.
- */
-
-ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
-	{
-	int nid = NID_undef;
-	ASN1_OBJECT *op=NULL;
-	unsigned char *buf;
-	unsigned char *p;
-	const unsigned char *cp;
-	int i, j;
-
-	if(!no_name) {
-		if( ((nid = OBJ_sn2nid(s)) != NID_undef) ||
-			((nid = OBJ_ln2nid(s)) != NID_undef) ) 
-					return OBJ_nid2obj(nid);
-	}
-
-	/* Work out size of content octets */
-	i=a2d_ASN1_OBJECT(NULL,0,s,-1);
-	if (i <= 0) {
-		/* Don't clear the error */
-		/*ERR_clear_error();*/
-		return NULL;
-	}
-	/* Work out total size */
-	j = ASN1_object_size(0,i,V_ASN1_OBJECT);
-
-	if((buf=(unsigned char *)OPENSSL_malloc(j)) == NULL) return NULL;
-
-	p = buf;
-	/* Write out tag+length */
-	ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
-	/* Write out contents */
-	a2d_ASN1_OBJECT(p,i,s,-1);
-
-	cp=buf;
-	op=d2i_ASN1_OBJECT(NULL,&cp,j);
-	OPENSSL_free(buf);
-	return op;
-	}
-
-int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
-{
-	int i,n=0,len,nid, first, use_bn;
-	BIGNUM *bl;
-	unsigned long l;
-	const unsigned char *p;
-	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
-
-	/* Ensure that, at every state, |buf| is NUL-terminated. */
-	if (buf && buf_len > 0)
-		buf[0] = '\0';
-
-	if ((a == NULL) || (a->data == NULL))
-		return(0);
-
-	if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)
-		{
-		const char *s;
-		s=OBJ_nid2ln(nid);
-		if (s == NULL)
-			s=OBJ_nid2sn(nid);
-		if (s)
-			{
-			if (buf)
-				BUF_strlcpy(buf,s,buf_len);
-			n=strlen(s);
-			return n;
-			}
-		}
-
-
-	len=a->length;
-	p=a->data;
-
-	first = 1;
-	bl = NULL;
-
-	while (len > 0)
-		{
-		l=0;
-		use_bn = 0;
-		for (;;)
-			{
-			unsigned char c = *p++;
-			len--;
-			if ((len == 0) && (c & 0x80))
-				goto err;
-			if (use_bn)
-				{
-				if (!BN_add_word(bl, c & 0x7f))
-					goto err;
-				}
-			else
-				l |= c  & 0x7f;
-			if (!(c & 0x80))
-				break;
-			if (!use_bn && (l > (ULONG_MAX >> 7L)))
-				{
-				if (!bl && !(bl = BN_new()))
-					goto err;
-				if (!BN_set_word(bl, l))
-					goto err;
-				use_bn = 1;
-				}
-			if (use_bn)
-				{
-				if (!BN_lshift(bl, bl, 7))
-					goto err;
-				}
-			else
-				l<<=7L;
-			}
-
-		if (first)
-			{
-			first = 0;
-			if (l >= 80)
-				{
-				i = 2;
-				if (use_bn)
-					{
-					if (!BN_sub_word(bl, 80))
-						goto err;
-					}
-				else
-					l -= 80;
-				}
-			else
-				{
-				i=(int)(l/40);
-				l-=(long)(i*40);
-				}
-			if (buf && (buf_len > 1))
-				{
-				*buf++ = i + '0';
-				*buf = '\0';
-				buf_len--;
-				}
-			n++;
-			}
-
-		if (use_bn)
-			{
-			char *bndec;
-			bndec = BN_bn2dec(bl);
-			if (!bndec)
-				goto err;
-			i = strlen(bndec);
-			if (buf)
-				{
-				if (buf_len > 1)
-					{
-					*buf++ = '.';
-					*buf = '\0';
-					buf_len--;
-					}
-				BUF_strlcpy(buf,bndec,buf_len);
-				if (i > buf_len)
-					{
-					buf += buf_len;
-					buf_len = 0;
-					}
-				else
-					{
-					buf+=i;
-					buf_len-=i;
-					}
-				}
-			n++;
-			n += i;
-			OPENSSL_free(bndec);
-			}
-		else
-			{
-			BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
-			i=strlen(tbuf);
-			if (buf && (buf_len > 0))
-				{
-				BUF_strlcpy(buf,tbuf,buf_len);
-				if (i > buf_len)
-					{
-					buf += buf_len;
-					buf_len = 0;
-					}
-				else
-					{
-					buf+=i;
-					buf_len-=i;
-					}
-				}
-			n+=i;
-			l=0;
-			}
-		}
-
-	if (bl)
-		BN_free(bl);
-	return n;
-
-	err:
-	if (bl)
-		BN_free(bl);
-	return -1;
-}
-
-int OBJ_txt2nid(const char *s)
-{
-	ASN1_OBJECT *obj;
-	int nid;
-	obj = OBJ_txt2obj(s, 0);
-	nid = OBJ_obj2nid(obj);
-	ASN1_OBJECT_free(obj);
-	return nid;
-}
-
-int OBJ_ln2nid(const char *s)
-	{
-	ASN1_OBJECT o;
-	const ASN1_OBJECT *oo= &o;
-	ADDED_OBJ ad,*adp;
-	const unsigned int *op;
-
-	o.ln=s;
-	if (added != NULL)
-		{
-		ad.type=ADDED_LNAME;
-		ad.obj= &o;
-		adp=lh_ADDED_OBJ_retrieve(added,&ad);
-		if (adp != NULL) return (adp->obj->nid);
-		}
-	op=OBJ_bsearch_ln(&oo, ln_objs, NUM_LN);
-	if (op == NULL) return(NID_undef);
-	return(nid_objs[*op].nid);
-	}
-
-int OBJ_sn2nid(const char *s)
-	{
-	ASN1_OBJECT o;
-	const ASN1_OBJECT *oo= &o;
-	ADDED_OBJ ad,*adp;
-	const unsigned int *op;
-
-	o.sn=s;
-	if (added != NULL)
-		{
-		ad.type=ADDED_SNAME;
-		ad.obj= &o;
-		adp=lh_ADDED_OBJ_retrieve(added,&ad);
-		if (adp != NULL) return (adp->obj->nid);
-		}
-	op=OBJ_bsearch_sn(&oo, sn_objs, NUM_SN);
-	if (op == NULL) return(NID_undef);
-	return(nid_objs[*op].nid);
-	}
-
-const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
-			 int (*cmp)(const void *, const void *))
-	{
-	return OBJ_bsearch_ex_(key, base, num, size, cmp, 0);
-	}
-
-const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
-			    int size,
-			    int (*cmp)(const void *, const void *),
-			    int flags)
-	{
-	const char *base=base_;
-	int l,h,i=0,c=0;
-	const char *p = NULL;
-
-	if (num == 0) return(NULL);
-	l=0;
-	h=num;
-	while (l < h)
-		{
-		i=(l+h)/2;
-		p= &(base[i*size]);
-		c=(*cmp)(key,p);
-		if (c < 0)
-			h=i;
-		else if (c > 0)
-			l=i+1;
-		else
-			break;
-		}
-#ifdef CHARSET_EBCDIC
-/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and
- * I don't have perl (yet), we revert to a *LINEAR* search
- * when the object wasn't found in the binary search.
- */
-	if (c != 0)
-		{
-		for (i=0; i<num; ++i)
-			{
-			p= &(base[i*size]);
-			c = (*cmp)(key,p);
-			if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
-				return p;
-			}
-		}
-#endif
-	if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))
-		p = NULL;
-	else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH))
-		{
-		while(i > 0 && (*cmp)(key,&(base[(i-1)*size])) == 0)
-			i--;
-		p = &(base[i*size]);
-		}
-	return(p);
-	}
-
-int OBJ_create_objects(BIO *in)
-	{
-	MS_STATIC char buf[512];
-	int i,num=0;
-	char *o,*s,*l=NULL;
-
-	for (;;)
-		{
-		s=o=NULL;
-		i=BIO_gets(in,buf,512);
-		if (i <= 0) return(num);
-		buf[i-1]='\0';
-		if (!isalnum((unsigned char)buf[0])) return(num);
-		o=s=buf;
-		while (isdigit((unsigned char)*s) || (*s == '.'))
-			s++;
-		if (*s != '\0')
-			{
-			*(s++)='\0';
-			while (isspace((unsigned char)*s))
-				s++;
-			if (*s == '\0')
-				s=NULL;
-			else
-				{
-				l=s;
-				while ((*l != '\0') && !isspace((unsigned char)*l))
-					l++;
-				if (*l != '\0')
-					{
-					*(l++)='\0';
-					while (isspace((unsigned char)*l))
-						l++;
-					if (*l == '\0') l=NULL;
-					}
-				else
-					l=NULL;
-				}
-			}
-		else
-			s=NULL;
-		if ((o == NULL) || (*o == '\0')) return(num);
-		if (!OBJ_create(o,s,l)) return(num);
-		num++;
-		}
-	/* return(num); */
-	}
-
-int OBJ_create(const char *oid, const char *sn, const char *ln)
-	{
-	int ok=0;
-	ASN1_OBJECT *op=NULL;
-	unsigned char *buf;
-	int i;
-
-	i=a2d_ASN1_OBJECT(NULL,0,oid,-1);
-	if (i <= 0) return(0);
-
-	if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL)
-		{
-		OBJerr(OBJ_F_OBJ_CREATE,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	i=a2d_ASN1_OBJECT(buf,i,oid,-1);
-	if (i == 0)
-		goto err;
-	op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln);
-	if (op == NULL) 
-		goto err;
-	ok=OBJ_add_object(op);
-err:
-	ASN1_OBJECT_free(op);
-	OPENSSL_free(buf);
-	return(ok);
-	}
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
deleted file mode 100644
index bc69665bc5..0000000000
--- a/crypto/objects/obj_dat.h
+++ /dev/null
@@ -1,5095 +0,0 @@
-/* crypto/objects/obj_dat.h */
-
-/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
- * following command:
- * perl obj_dat.pl obj_mac.h obj_dat.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define NUM_NID 920
-#define NUM_SN 913
-#define NUM_LN 913
-#define NUM_OBJ 857
-
-static const unsigned char lvalues[5974]={
-0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,     /* [ 21] OBJ_md5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,     /* [ 29] OBJ_rc4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 55] OBJ_md5WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 64] OBJ_pbeWithMD2AndDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 73] OBJ_pbeWithMD5AndDES_CBC */
-0x55,                                        /* [ 82] OBJ_X500 */
-0x55,0x04,                                   /* [ 83] OBJ_X509 */
-0x55,0x04,0x03,                              /* [ 85] OBJ_commonName */
-0x55,0x04,0x06,                              /* [ 88] OBJ_countryName */
-0x55,0x04,0x07,                              /* [ 91] OBJ_localityName */
-0x55,0x04,0x08,                              /* [ 94] OBJ_stateOrProvinceName */
-0x55,0x04,0x0A,                              /* [ 97] OBJ_organizationName */
-0x55,0x04,0x0B,                              /* [100] OBJ_organizationalUnitName */
-0x55,0x08,0x01,0x01,                         /* [103] OBJ_rsa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,     /* [107] OBJ_pkcs7 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [115] OBJ_pkcs7_data */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [124] OBJ_pkcs7_signed */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [133] OBJ_pkcs7_enveloped */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [142] OBJ_pkcs7_signedAndEnveloped */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [151] OBJ_pkcs7_digest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [160] OBJ_pkcs7_encrypted */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,     /* [169] OBJ_pkcs3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [177] OBJ_dhKeyAgreement */
-0x2B,0x0E,0x03,0x02,0x06,                    /* [186] OBJ_des_ecb */
-0x2B,0x0E,0x03,0x02,0x09,                    /* [191] OBJ_des_cfb64 */
-0x2B,0x0E,0x03,0x02,0x07,                    /* [196] OBJ_des_cbc */
-0x2B,0x0E,0x03,0x02,0x11,                    /* [201] OBJ_des_ede_ecb */
-0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [206] OBJ_idea_cbc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [217] OBJ_rc2_cbc */
-0x2B,0x0E,0x03,0x02,0x12,                    /* [225] OBJ_sha */
-0x2B,0x0E,0x03,0x02,0x0F,                    /* [230] OBJ_shaWithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [235] OBJ_des_ede3_cbc */
-0x2B,0x0E,0x03,0x02,0x08,                    /* [243] OBJ_des_ofb64 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [248] OBJ_pkcs9 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [256] OBJ_pkcs9_emailAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [265] OBJ_pkcs9_unstructuredName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [274] OBJ_pkcs9_contentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [283] OBJ_pkcs9_messageDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [292] OBJ_pkcs9_signingTime */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [301] OBJ_pkcs9_countersignature */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [310] OBJ_pkcs9_challengePassword */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [319] OBJ_pkcs9_unstructuredAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [328] OBJ_pkcs9_extCertAttributes */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [337] OBJ_netscape */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [344] OBJ_netscape_cert_extension */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [352] OBJ_netscape_data_type */
-0x2B,0x0E,0x03,0x02,0x1A,                    /* [360] OBJ_sha1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [365] OBJ_sha1WithRSAEncryption */
-0x2B,0x0E,0x03,0x02,0x0D,                    /* [374] OBJ_dsaWithSHA */
-0x2B,0x0E,0x03,0x02,0x0C,                    /* [379] OBJ_dsa_2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [384] OBJ_pbeWithSHA1AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [393] OBJ_id_pbkdf2 */
-0x2B,0x0E,0x03,0x02,0x1B,                    /* [402] OBJ_dsaWithSHA1_2 */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [407] OBJ_netscape_cert_type */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [416] OBJ_netscape_base_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [425] OBJ_netscape_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [434] OBJ_netscape_ca_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [443] OBJ_netscape_renewal_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [452] OBJ_netscape_ca_policy_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [461] OBJ_netscape_ssl_server_name */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [470] OBJ_netscape_comment */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [479] OBJ_netscape_cert_sequence */
-0x55,0x1D,                                   /* [488] OBJ_id_ce */
-0x55,0x1D,0x0E,                              /* [490] OBJ_subject_key_identifier */
-0x55,0x1D,0x0F,                              /* [493] OBJ_key_usage */
-0x55,0x1D,0x10,                              /* [496] OBJ_private_key_usage_period */
-0x55,0x1D,0x11,                              /* [499] OBJ_subject_alt_name */
-0x55,0x1D,0x12,                              /* [502] OBJ_issuer_alt_name */
-0x55,0x1D,0x13,                              /* [505] OBJ_basic_constraints */
-0x55,0x1D,0x14,                              /* [508] OBJ_crl_number */
-0x55,0x1D,0x20,                              /* [511] OBJ_certificate_policies */
-0x55,0x1D,0x23,                              /* [514] OBJ_authority_key_identifier */
-0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [517] OBJ_bf_cbc */
-0x55,0x08,0x03,0x65,                         /* [526] OBJ_mdc2 */
-0x55,0x08,0x03,0x64,                         /* [530] OBJ_mdc2WithRSA */
-0x55,0x04,0x2A,                              /* [534] OBJ_givenName */
-0x55,0x04,0x04,                              /* [537] OBJ_surname */
-0x55,0x04,0x2B,                              /* [540] OBJ_initials */
-0x55,0x1D,0x1F,                              /* [543] OBJ_crl_distribution_points */
-0x2B,0x0E,0x03,0x02,0x03,                    /* [546] OBJ_md5WithRSA */
-0x55,0x04,0x05,                              /* [551] OBJ_serialNumber */
-0x55,0x04,0x0C,                              /* [554] OBJ_title */
-0x55,0x04,0x0D,                              /* [557] OBJ_description */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [560] OBJ_cast5_cbc */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [569] OBJ_pbeWithMD5AndCast5_CBC */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [578] OBJ_dsaWithSHA1 */
-0x2B,0x0E,0x03,0x02,0x1D,                    /* [585] OBJ_sha1WithRSA */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [590] OBJ_dsa */
-0x2B,0x24,0x03,0x02,0x01,                    /* [597] OBJ_ripemd160 */
-0x2B,0x24,0x03,0x03,0x01,0x02,               /* [602] OBJ_ripemd160WithRSA */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [608] OBJ_rc5_cbc */
-0x29,0x01,0x01,0x85,0x1A,0x01,               /* [616] OBJ_rle_compression */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [622] OBJ_zlib_compression */
-0x55,0x1D,0x25,                              /* [633] OBJ_ext_key_usage */
-0x2B,0x06,0x01,0x05,0x05,0x07,               /* [636] OBJ_id_pkix */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [642] OBJ_id_kp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [649] OBJ_server_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [657] OBJ_client_auth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [665] OBJ_code_sign */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [673] OBJ_email_protect */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [681] OBJ_time_stamp */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [689] OBJ_ms_code_ind */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [699] OBJ_ms_code_com */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [709] OBJ_ms_ctl_sign */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [719] OBJ_ms_sgc */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [729] OBJ_ms_efs */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [739] OBJ_ns_sgc */
-0x55,0x1D,0x1B,                              /* [748] OBJ_delta_crl */
-0x55,0x1D,0x15,                              /* [751] OBJ_crl_reason */
-0x55,0x1D,0x18,                              /* [754] OBJ_invalidity_date */
-0x2B,0x65,0x01,0x04,0x01,                    /* [757] OBJ_sxnet */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [762] OBJ_pbe_WithSHA1And128BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [772] OBJ_pbe_WithSHA1And40BitRC4 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [782] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [792] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [802] OBJ_pbe_WithSHA1And128BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [812] OBJ_pbe_WithSHA1And40BitRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [822] OBJ_keyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [833] OBJ_pkcs8ShroudedKeyBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [844] OBJ_certBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [855] OBJ_crlBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [866] OBJ_secretBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [877] OBJ_safeContentsBag */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [888] OBJ_friendlyName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [897] OBJ_localKeyID */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [906] OBJ_x509Certificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [916] OBJ_sdsiCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [926] OBJ_x509Crl */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [936] OBJ_pbes2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [945] OBJ_pbmac1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [954] OBJ_hmacWithSHA1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [962] OBJ_id_qt_cps */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [970] OBJ_id_qt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [978] OBJ_SMIMECapabilities */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [987] OBJ_pbeWithMD2AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [996] OBJ_pbeWithMD5AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1005] OBJ_pbeWithSHA1AndDES_CBC */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1014] OBJ_ms_ext_req */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1024] OBJ_ext_req */
-0x55,0x04,0x29,                              /* [1033] OBJ_name */
-0x55,0x04,0x2E,                              /* [1036] OBJ_dnQualifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1039] OBJ_id_pe */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1046] OBJ_id_ad */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1053] OBJ_info_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1061] OBJ_ad_OCSP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1069] OBJ_ad_ca_issuers */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1077] OBJ_OCSP_sign */
-0x2A,                                        /* [1085] OBJ_member_body */
-0x2A,0x86,0x48,                              /* [1086] OBJ_ISO_US */
-0x2A,0x86,0x48,0xCE,0x38,                    /* [1089] OBJ_X9_57 */
-0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1094] OBJ_X9cm */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1100] OBJ_pkcs1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1108] OBJ_pkcs5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1116] OBJ_SMIME */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1125] OBJ_id_smime_mod */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1135] OBJ_id_smime_ct */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1145] OBJ_id_smime_aa */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1155] OBJ_id_smime_alg */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1165] OBJ_id_smime_cd */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1175] OBJ_id_smime_spq */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1185] OBJ_id_smime_cti */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1195] OBJ_id_smime_mod_cms */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1206] OBJ_id_smime_mod_ess */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1217] OBJ_id_smime_mod_oid */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1228] OBJ_id_smime_mod_msg_v3 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1239] OBJ_id_smime_mod_ets_eSignature_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1250] OBJ_id_smime_mod_ets_eSignature_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1261] OBJ_id_smime_mod_ets_eSigPolicy_88 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1272] OBJ_id_smime_mod_ets_eSigPolicy_97 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1283] OBJ_id_smime_ct_receipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1294] OBJ_id_smime_ct_authData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1305] OBJ_id_smime_ct_publishCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1316] OBJ_id_smime_ct_TSTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1327] OBJ_id_smime_ct_TDTInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1338] OBJ_id_smime_ct_contentInfo */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1349] OBJ_id_smime_ct_DVCSRequestData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1360] OBJ_id_smime_ct_DVCSResponseData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1371] OBJ_id_smime_aa_receiptRequest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1382] OBJ_id_smime_aa_securityLabel */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1393] OBJ_id_smime_aa_mlExpandHistory */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1404] OBJ_id_smime_aa_contentHint */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1415] OBJ_id_smime_aa_msgSigDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1426] OBJ_id_smime_aa_encapContentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1437] OBJ_id_smime_aa_contentIdentifier */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1448] OBJ_id_smime_aa_macValue */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1459] OBJ_id_smime_aa_equivalentLabels */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1470] OBJ_id_smime_aa_contentReference */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1481] OBJ_id_smime_aa_encrypKeyPref */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1492] OBJ_id_smime_aa_signingCertificate */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1503] OBJ_id_smime_aa_smimeEncryptCerts */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1514] OBJ_id_smime_aa_timeStampToken */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1525] OBJ_id_smime_aa_ets_sigPolicyId */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1536] OBJ_id_smime_aa_ets_commitmentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1547] OBJ_id_smime_aa_ets_signerLocation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1558] OBJ_id_smime_aa_ets_signerAttr */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1569] OBJ_id_smime_aa_ets_otherSigCert */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1580] OBJ_id_smime_aa_ets_contentTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1591] OBJ_id_smime_aa_ets_CertificateRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1602] OBJ_id_smime_aa_ets_RevocationRefs */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1613] OBJ_id_smime_aa_ets_certValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1624] OBJ_id_smime_aa_ets_revocationValues */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1635] OBJ_id_smime_aa_ets_escTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1646] OBJ_id_smime_aa_ets_certCRLTimestamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1657] OBJ_id_smime_aa_ets_archiveTimeStamp */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1668] OBJ_id_smime_aa_signatureType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1679] OBJ_id_smime_aa_dvcs_dvc */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1690] OBJ_id_smime_alg_ESDHwith3DES */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1701] OBJ_id_smime_alg_ESDHwithRC2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1712] OBJ_id_smime_alg_3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1723] OBJ_id_smime_alg_RC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1734] OBJ_id_smime_alg_ESDH */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1745] OBJ_id_smime_alg_CMS3DESwrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1756] OBJ_id_smime_alg_CMSRC2wrap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1767] OBJ_id_smime_cd_ldap */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1778] OBJ_id_smime_spq_ets_sqt_uri */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1789] OBJ_id_smime_spq_ets_sqt_unotice */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1800] OBJ_id_smime_cti_ets_proofOfOrigin */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1811] OBJ_id_smime_cti_ets_proofOfReceipt */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1822] OBJ_id_smime_cti_ets_proofOfDelivery */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1833] OBJ_id_smime_cti_ets_proofOfSender */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1844] OBJ_id_smime_cti_ets_proofOfApproval */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1855] OBJ_id_smime_cti_ets_proofOfCreation */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1866] OBJ_md4 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1874] OBJ_id_pkix_mod */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1881] OBJ_id_qt */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1888] OBJ_id_it */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1895] OBJ_id_pkip */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1902] OBJ_id_alg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1909] OBJ_id_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1916] OBJ_id_on */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1923] OBJ_id_pda */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1930] OBJ_id_aca */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1937] OBJ_id_qcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1944] OBJ_id_cct */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1951] OBJ_id_pkix1_explicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1959] OBJ_id_pkix1_implicit_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1967] OBJ_id_pkix1_explicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1975] OBJ_id_pkix1_implicit_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1983] OBJ_id_mod_crmf */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1991] OBJ_id_mod_cmc */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [1999] OBJ_id_mod_kea_profile_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2007] OBJ_id_mod_kea_profile_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2015] OBJ_id_mod_cmp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2023] OBJ_id_mod_qualified_cert_88 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2031] OBJ_id_mod_qualified_cert_93 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2039] OBJ_id_mod_attribute_cert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2047] OBJ_id_mod_timestamp_protocol */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2055] OBJ_id_mod_ocsp */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2063] OBJ_id_mod_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2071] OBJ_id_mod_cmp2000 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2079] OBJ_biometricInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2087] OBJ_qcStatements */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2095] OBJ_ac_auditEntity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2103] OBJ_ac_targeting */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2111] OBJ_aaControls */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2119] OBJ_sbgp_ipAddrBlock */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2127] OBJ_sbgp_autonomousSysNum */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2135] OBJ_sbgp_routerIdentifier */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2143] OBJ_textNotice */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2151] OBJ_ipsecEndSystem */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2159] OBJ_ipsecTunnel */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2167] OBJ_ipsecUser */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2175] OBJ_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2183] OBJ_id_it_caProtEncCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2191] OBJ_id_it_signKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2199] OBJ_id_it_encKeyPairTypes */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2207] OBJ_id_it_preferredSymmAlg */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2215] OBJ_id_it_caKeyUpdateInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2223] OBJ_id_it_currentCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2231] OBJ_id_it_unsupportedOIDs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2239] OBJ_id_it_subscriptionRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2247] OBJ_id_it_subscriptionResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2255] OBJ_id_it_keyPairParamReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2263] OBJ_id_it_keyPairParamRep */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2271] OBJ_id_it_revPassphrase */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2279] OBJ_id_it_implicitConfirm */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2287] OBJ_id_it_confirmWaitTime */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2295] OBJ_id_it_origPKIMessage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2303] OBJ_id_regCtrl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2311] OBJ_id_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2319] OBJ_id_regCtrl_regToken */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2328] OBJ_id_regCtrl_authenticator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2337] OBJ_id_regCtrl_pkiPublicationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2346] OBJ_id_regCtrl_pkiArchiveOptions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2355] OBJ_id_regCtrl_oldCertID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2364] OBJ_id_regCtrl_protocolEncrKey */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2373] OBJ_id_regInfo_utf8Pairs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2382] OBJ_id_regInfo_certReq */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2391] OBJ_id_alg_des40 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2399] OBJ_id_alg_noSignature */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2407] OBJ_id_alg_dh_sig_hmac_sha1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2415] OBJ_id_alg_dh_pop */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2423] OBJ_id_cmc_statusInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2431] OBJ_id_cmc_identification */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2439] OBJ_id_cmc_identityProof */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2447] OBJ_id_cmc_dataReturn */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2455] OBJ_id_cmc_transactionId */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2463] OBJ_id_cmc_senderNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2471] OBJ_id_cmc_recipientNonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2479] OBJ_id_cmc_addExtensions */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2487] OBJ_id_cmc_encryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2495] OBJ_id_cmc_decryptedPOP */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2503] OBJ_id_cmc_lraPOPWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2511] OBJ_id_cmc_getCert */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2519] OBJ_id_cmc_getCRL */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2527] OBJ_id_cmc_revokeRequest */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2535] OBJ_id_cmc_regInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2543] OBJ_id_cmc_responseInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2551] OBJ_id_cmc_queryPending */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2559] OBJ_id_cmc_popLinkRandom */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2567] OBJ_id_cmc_popLinkWitness */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2575] OBJ_id_cmc_confirmCertAcceptance */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2583] OBJ_id_on_personalData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2591] OBJ_id_pda_dateOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2599] OBJ_id_pda_placeOfBirth */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2607] OBJ_id_pda_gender */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2615] OBJ_id_pda_countryOfCitizenship */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2623] OBJ_id_pda_countryOfResidence */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2631] OBJ_id_aca_authenticationInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2639] OBJ_id_aca_accessIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2647] OBJ_id_aca_chargingIdentity */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2655] OBJ_id_aca_group */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2663] OBJ_id_aca_role */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2679] OBJ_id_cct_crs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2687] OBJ_id_cct_PKIData */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2695] OBJ_id_cct_PKIResponse */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2703] OBJ_ad_timeStamping */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2711] OBJ_ad_dvcs */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */
-0x2B,0x0E,0x03,0x02,                         /* [2818] OBJ_algorithm */
-0x2B,0x0E,0x03,0x02,0x0B,                    /* [2822] OBJ_rsaSignature */
-0x55,0x08,                                   /* [2827] OBJ_X500algorithms */
-0x2B,                                        /* [2829] OBJ_org */
-0x2B,0x06,                                   /* [2830] OBJ_dod */
-0x2B,0x06,0x01,                              /* [2832] OBJ_iana */
-0x2B,0x06,0x01,0x01,                         /* [2835] OBJ_Directory */
-0x2B,0x06,0x01,0x02,                         /* [2839] OBJ_Management */
-0x2B,0x06,0x01,0x03,                         /* [2843] OBJ_Experimental */
-0x2B,0x06,0x01,0x04,                         /* [2847] OBJ_Private */
-0x2B,0x06,0x01,0x05,                         /* [2851] OBJ_Security */
-0x2B,0x06,0x01,0x06,                         /* [2855] OBJ_SNMPv2 */
-0x2B,0x06,0x01,0x07,                         /* [2859] OBJ_Mail */
-0x2B,0x06,0x01,0x04,0x01,                    /* [2863] OBJ_Enterprises */
-0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */
-0x55,0x01,0x05,                              /* [2897] OBJ_selected_attribute_types */
-0x55,0x01,0x05,0x37,                         /* [2900] OBJ_clearance */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2904] OBJ_md4WithRSAEncryption */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2913] OBJ_ac_proxying */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2921] OBJ_sinfo_access */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2929] OBJ_id_aca_encAttrs */
-0x55,0x04,0x48,                              /* [2937] OBJ_role */
-0x55,0x1D,0x24,                              /* [2940] OBJ_policy_constraints */
-0x55,0x1D,0x37,                              /* [2943] OBJ_target_information */
-0x55,0x1D,0x38,                              /* [2946] OBJ_no_rev_avail */
-0x2A,0x86,0x48,0xCE,0x3D,                    /* [2949] OBJ_ansi_X9_62 */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,          /* [2954] OBJ_X9_62_prime_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,          /* [2961] OBJ_X9_62_characteristic_two_field */
-0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,          /* [2968] OBJ_X9_62_id_ecPublicKey */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,     /* [2975] OBJ_X9_62_prime192v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,     /* [2983] OBJ_X9_62_prime192v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,     /* [2991] OBJ_X9_62_prime192v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,     /* [2999] OBJ_X9_62_prime239v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,     /* [3007] OBJ_X9_62_prime239v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,     /* [3015] OBJ_X9_62_prime239v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,     /* [3023] OBJ_X9_62_prime256v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,          /* [3031] OBJ_ecdsa_with_SHA1 */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3038] OBJ_ms_csp_name */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3047] OBJ_aes_128_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3056] OBJ_aes_128_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3065] OBJ_aes_128_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3074] OBJ_aes_128_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3083] OBJ_aes_192_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3092] OBJ_aes_192_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3101] OBJ_aes_192_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3110] OBJ_aes_192_cfb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3119] OBJ_aes_256_ecb */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3128] OBJ_aes_256_cbc */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3137] OBJ_aes_256_ofb128 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3146] OBJ_aes_256_cfb128 */
-0x55,0x1D,0x17,                              /* [3155] OBJ_hold_instruction_code */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,          /* [3158] OBJ_hold_instruction_none */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,          /* [3165] OBJ_hold_instruction_call_issuer */
-0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,          /* [3172] OBJ_hold_instruction_reject */
-0x09,                                        /* [3179] OBJ_data */
-0x09,0x92,0x26,                              /* [3180] OBJ_pss */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,          /* [3183] OBJ_ucl */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,     /* [3190] OBJ_pilot */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3198] OBJ_pilotAttributeType */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3207] OBJ_pilotAttributeSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3216] OBJ_pilotObjectClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3225] OBJ_pilotGroups */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3234] OBJ_iA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3244] OBJ_caseIgnoreIA5StringSyntax */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3254] OBJ_pilotObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3264] OBJ_pilotPerson */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3274] OBJ_account */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3284] OBJ_document */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3294] OBJ_room */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3304] OBJ_documentSeries */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3314] OBJ_rFC822localPart */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3324] OBJ_dNSDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3334] OBJ_domainRelatedObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3344] OBJ_friendlyCountry */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3354] OBJ_simpleSecurityObject */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3364] OBJ_pilotOrganization */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3374] OBJ_pilotDSA */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3384] OBJ_qualityLabelledData */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3394] OBJ_userId */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3404] OBJ_textEncodedORAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3414] OBJ_rfc822Mailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3424] OBJ_info */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3434] OBJ_favouriteDrink */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3444] OBJ_roomNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3454] OBJ_photo */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3464] OBJ_userClass */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3474] OBJ_host */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3484] OBJ_manager */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3494] OBJ_documentIdentifier */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3504] OBJ_documentTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3514] OBJ_documentVersion */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3524] OBJ_documentAuthor */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3534] OBJ_documentLocation */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3544] OBJ_homeTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3554] OBJ_secretary */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3564] OBJ_otherMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3574] OBJ_lastModifiedTime */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3584] OBJ_lastModifiedBy */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3594] OBJ_aRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3604] OBJ_pilotAttributeType27 */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3614] OBJ_mXRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3624] OBJ_nSRecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3634] OBJ_sOARecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3644] OBJ_cNAMERecord */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3654] OBJ_associatedDomain */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3664] OBJ_associatedName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3674] OBJ_homePostalAddress */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3684] OBJ_personalTitle */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3694] OBJ_mobileTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3704] OBJ_pagerTelephoneNumber */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3714] OBJ_friendlyCountryName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3724] OBJ_organizationalStatus */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3734] OBJ_janetMailbox */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3744] OBJ_mailPreferenceOption */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3754] OBJ_buildingName */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3764] OBJ_dSAQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3774] OBJ_singleLevelQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3784] OBJ_subtreeMinimumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3794] OBJ_subtreeMaximumQuality */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3804] OBJ_personalSignature */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3814] OBJ_dITRedirect */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3824] OBJ_audio */
-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3834] OBJ_documentPublisher */
-0x55,0x04,0x2D,                              /* [3844] OBJ_x500UniqueIdentifier */
-0x2B,0x06,0x01,0x07,0x01,                    /* [3847] OBJ_mime_mhs */
-0x2B,0x06,0x01,0x07,0x01,0x01,               /* [3852] OBJ_mime_mhs_headings */
-0x2B,0x06,0x01,0x07,0x01,0x02,               /* [3858] OBJ_mime_mhs_bodies */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x01,          /* [3864] OBJ_id_hex_partial_message */
-0x2B,0x06,0x01,0x07,0x01,0x01,0x02,          /* [3871] OBJ_id_hex_multipart_message */
-0x55,0x04,0x2C,                              /* [3878] OBJ_generationQualifier */
-0x55,0x04,0x41,                              /* [3881] OBJ_pseudonym */
-0x67,0x2A,                                   /* [3884] OBJ_id_set */
-0x67,0x2A,0x00,                              /* [3886] OBJ_set_ctype */
-0x67,0x2A,0x01,                              /* [3889] OBJ_set_msgExt */
-0x67,0x2A,0x03,                              /* [3892] OBJ_set_attr */
-0x67,0x2A,0x05,                              /* [3895] OBJ_set_policy */
-0x67,0x2A,0x07,                              /* [3898] OBJ_set_certExt */
-0x67,0x2A,0x08,                              /* [3901] OBJ_set_brand */
-0x67,0x2A,0x00,0x00,                         /* [3904] OBJ_setct_PANData */
-0x67,0x2A,0x00,0x01,                         /* [3908] OBJ_setct_PANToken */
-0x67,0x2A,0x00,0x02,                         /* [3912] OBJ_setct_PANOnly */
-0x67,0x2A,0x00,0x03,                         /* [3916] OBJ_setct_OIData */
-0x67,0x2A,0x00,0x04,                         /* [3920] OBJ_setct_PI */
-0x67,0x2A,0x00,0x05,                         /* [3924] OBJ_setct_PIData */
-0x67,0x2A,0x00,0x06,                         /* [3928] OBJ_setct_PIDataUnsigned */
-0x67,0x2A,0x00,0x07,                         /* [3932] OBJ_setct_HODInput */
-0x67,0x2A,0x00,0x08,                         /* [3936] OBJ_setct_AuthResBaggage */
-0x67,0x2A,0x00,0x09,                         /* [3940] OBJ_setct_AuthRevReqBaggage */
-0x67,0x2A,0x00,0x0A,                         /* [3944] OBJ_setct_AuthRevResBaggage */
-0x67,0x2A,0x00,0x0B,                         /* [3948] OBJ_setct_CapTokenSeq */
-0x67,0x2A,0x00,0x0C,                         /* [3952] OBJ_setct_PInitResData */
-0x67,0x2A,0x00,0x0D,                         /* [3956] OBJ_setct_PI_TBS */
-0x67,0x2A,0x00,0x0E,                         /* [3960] OBJ_setct_PResData */
-0x67,0x2A,0x00,0x10,                         /* [3964] OBJ_setct_AuthReqTBS */
-0x67,0x2A,0x00,0x11,                         /* [3968] OBJ_setct_AuthResTBS */
-0x67,0x2A,0x00,0x12,                         /* [3972] OBJ_setct_AuthResTBSX */
-0x67,0x2A,0x00,0x13,                         /* [3976] OBJ_setct_AuthTokenTBS */
-0x67,0x2A,0x00,0x14,                         /* [3980] OBJ_setct_CapTokenData */
-0x67,0x2A,0x00,0x15,                         /* [3984] OBJ_setct_CapTokenTBS */
-0x67,0x2A,0x00,0x16,                         /* [3988] OBJ_setct_AcqCardCodeMsg */
-0x67,0x2A,0x00,0x17,                         /* [3992] OBJ_setct_AuthRevReqTBS */
-0x67,0x2A,0x00,0x18,                         /* [3996] OBJ_setct_AuthRevResData */
-0x67,0x2A,0x00,0x19,                         /* [4000] OBJ_setct_AuthRevResTBS */
-0x67,0x2A,0x00,0x1A,                         /* [4004] OBJ_setct_CapReqTBS */
-0x67,0x2A,0x00,0x1B,                         /* [4008] OBJ_setct_CapReqTBSX */
-0x67,0x2A,0x00,0x1C,                         /* [4012] OBJ_setct_CapResData */
-0x67,0x2A,0x00,0x1D,                         /* [4016] OBJ_setct_CapRevReqTBS */
-0x67,0x2A,0x00,0x1E,                         /* [4020] OBJ_setct_CapRevReqTBSX */
-0x67,0x2A,0x00,0x1F,                         /* [4024] OBJ_setct_CapRevResData */
-0x67,0x2A,0x00,0x20,                         /* [4028] OBJ_setct_CredReqTBS */
-0x67,0x2A,0x00,0x21,                         /* [4032] OBJ_setct_CredReqTBSX */
-0x67,0x2A,0x00,0x22,                         /* [4036] OBJ_setct_CredResData */
-0x67,0x2A,0x00,0x23,                         /* [4040] OBJ_setct_CredRevReqTBS */
-0x67,0x2A,0x00,0x24,                         /* [4044] OBJ_setct_CredRevReqTBSX */
-0x67,0x2A,0x00,0x25,                         /* [4048] OBJ_setct_CredRevResData */
-0x67,0x2A,0x00,0x26,                         /* [4052] OBJ_setct_PCertReqData */
-0x67,0x2A,0x00,0x27,                         /* [4056] OBJ_setct_PCertResTBS */
-0x67,0x2A,0x00,0x28,                         /* [4060] OBJ_setct_BatchAdminReqData */
-0x67,0x2A,0x00,0x29,                         /* [4064] OBJ_setct_BatchAdminResData */
-0x67,0x2A,0x00,0x2A,                         /* [4068] OBJ_setct_CardCInitResTBS */
-0x67,0x2A,0x00,0x2B,                         /* [4072] OBJ_setct_MeAqCInitResTBS */
-0x67,0x2A,0x00,0x2C,                         /* [4076] OBJ_setct_RegFormResTBS */
-0x67,0x2A,0x00,0x2D,                         /* [4080] OBJ_setct_CertReqData */
-0x67,0x2A,0x00,0x2E,                         /* [4084] OBJ_setct_CertReqTBS */
-0x67,0x2A,0x00,0x2F,                         /* [4088] OBJ_setct_CertResData */
-0x67,0x2A,0x00,0x30,                         /* [4092] OBJ_setct_CertInqReqTBS */
-0x67,0x2A,0x00,0x31,                         /* [4096] OBJ_setct_ErrorTBS */
-0x67,0x2A,0x00,0x32,                         /* [4100] OBJ_setct_PIDualSignedTBE */
-0x67,0x2A,0x00,0x33,                         /* [4104] OBJ_setct_PIUnsignedTBE */
-0x67,0x2A,0x00,0x34,                         /* [4108] OBJ_setct_AuthReqTBE */
-0x67,0x2A,0x00,0x35,                         /* [4112] OBJ_setct_AuthResTBE */
-0x67,0x2A,0x00,0x36,                         /* [4116] OBJ_setct_AuthResTBEX */
-0x67,0x2A,0x00,0x37,                         /* [4120] OBJ_setct_AuthTokenTBE */
-0x67,0x2A,0x00,0x38,                         /* [4124] OBJ_setct_CapTokenTBE */
-0x67,0x2A,0x00,0x39,                         /* [4128] OBJ_setct_CapTokenTBEX */
-0x67,0x2A,0x00,0x3A,                         /* [4132] OBJ_setct_AcqCardCodeMsgTBE */
-0x67,0x2A,0x00,0x3B,                         /* [4136] OBJ_setct_AuthRevReqTBE */
-0x67,0x2A,0x00,0x3C,                         /* [4140] OBJ_setct_AuthRevResTBE */
-0x67,0x2A,0x00,0x3D,                         /* [4144] OBJ_setct_AuthRevResTBEB */
-0x67,0x2A,0x00,0x3E,                         /* [4148] OBJ_setct_CapReqTBE */
-0x67,0x2A,0x00,0x3F,                         /* [4152] OBJ_setct_CapReqTBEX */
-0x67,0x2A,0x00,0x40,                         /* [4156] OBJ_setct_CapResTBE */
-0x67,0x2A,0x00,0x41,                         /* [4160] OBJ_setct_CapRevReqTBE */
-0x67,0x2A,0x00,0x42,                         /* [4164] OBJ_setct_CapRevReqTBEX */
-0x67,0x2A,0x00,0x43,                         /* [4168] OBJ_setct_CapRevResTBE */
-0x67,0x2A,0x00,0x44,                         /* [4172] OBJ_setct_CredReqTBE */
-0x67,0x2A,0x00,0x45,                         /* [4176] OBJ_setct_CredReqTBEX */
-0x67,0x2A,0x00,0x46,                         /* [4180] OBJ_setct_CredResTBE */
-0x67,0x2A,0x00,0x47,                         /* [4184] OBJ_setct_CredRevReqTBE */
-0x67,0x2A,0x00,0x48,                         /* [4188] OBJ_setct_CredRevReqTBEX */
-0x67,0x2A,0x00,0x49,                         /* [4192] OBJ_setct_CredRevResTBE */
-0x67,0x2A,0x00,0x4A,                         /* [4196] OBJ_setct_BatchAdminReqTBE */
-0x67,0x2A,0x00,0x4B,                         /* [4200] OBJ_setct_BatchAdminResTBE */
-0x67,0x2A,0x00,0x4C,                         /* [4204] OBJ_setct_RegFormReqTBE */
-0x67,0x2A,0x00,0x4D,                         /* [4208] OBJ_setct_CertReqTBE */
-0x67,0x2A,0x00,0x4E,                         /* [4212] OBJ_setct_CertReqTBEX */
-0x67,0x2A,0x00,0x4F,                         /* [4216] OBJ_setct_CertResTBE */
-0x67,0x2A,0x00,0x50,                         /* [4220] OBJ_setct_CRLNotificationTBS */
-0x67,0x2A,0x00,0x51,                         /* [4224] OBJ_setct_CRLNotificationResTBS */
-0x67,0x2A,0x00,0x52,                         /* [4228] OBJ_setct_BCIDistributionTBS */
-0x67,0x2A,0x01,0x01,                         /* [4232] OBJ_setext_genCrypt */
-0x67,0x2A,0x01,0x03,                         /* [4236] OBJ_setext_miAuth */
-0x67,0x2A,0x01,0x04,                         /* [4240] OBJ_setext_pinSecure */
-0x67,0x2A,0x01,0x05,                         /* [4244] OBJ_setext_pinAny */
-0x67,0x2A,0x01,0x07,                         /* [4248] OBJ_setext_track2 */
-0x67,0x2A,0x01,0x08,                         /* [4252] OBJ_setext_cv */
-0x67,0x2A,0x05,0x00,                         /* [4256] OBJ_set_policy_root */
-0x67,0x2A,0x07,0x00,                         /* [4260] OBJ_setCext_hashedRoot */
-0x67,0x2A,0x07,0x01,                         /* [4264] OBJ_setCext_certType */
-0x67,0x2A,0x07,0x02,                         /* [4268] OBJ_setCext_merchData */
-0x67,0x2A,0x07,0x03,                         /* [4272] OBJ_setCext_cCertRequired */
-0x67,0x2A,0x07,0x04,                         /* [4276] OBJ_setCext_tunneling */
-0x67,0x2A,0x07,0x05,                         /* [4280] OBJ_setCext_setExt */
-0x67,0x2A,0x07,0x06,                         /* [4284] OBJ_setCext_setQualf */
-0x67,0x2A,0x07,0x07,                         /* [4288] OBJ_setCext_PGWYcapabilities */
-0x67,0x2A,0x07,0x08,                         /* [4292] OBJ_setCext_TokenIdentifier */
-0x67,0x2A,0x07,0x09,                         /* [4296] OBJ_setCext_Track2Data */
-0x67,0x2A,0x07,0x0A,                         /* [4300] OBJ_setCext_TokenType */
-0x67,0x2A,0x07,0x0B,                         /* [4304] OBJ_setCext_IssuerCapabilities */
-0x67,0x2A,0x03,0x00,                         /* [4308] OBJ_setAttr_Cert */
-0x67,0x2A,0x03,0x01,                         /* [4312] OBJ_setAttr_PGWYcap */
-0x67,0x2A,0x03,0x02,                         /* [4316] OBJ_setAttr_TokenType */
-0x67,0x2A,0x03,0x03,                         /* [4320] OBJ_setAttr_IssCap */
-0x67,0x2A,0x03,0x00,0x00,                    /* [4324] OBJ_set_rootKeyThumb */
-0x67,0x2A,0x03,0x00,0x01,                    /* [4329] OBJ_set_addPolicy */
-0x67,0x2A,0x03,0x02,0x01,                    /* [4334] OBJ_setAttr_Token_EMV */
-0x67,0x2A,0x03,0x02,0x02,                    /* [4339] OBJ_setAttr_Token_B0Prime */
-0x67,0x2A,0x03,0x03,0x03,                    /* [4344] OBJ_setAttr_IssCap_CVM */
-0x67,0x2A,0x03,0x03,0x04,                    /* [4349] OBJ_setAttr_IssCap_T2 */
-0x67,0x2A,0x03,0x03,0x05,                    /* [4354] OBJ_setAttr_IssCap_Sig */
-0x67,0x2A,0x03,0x03,0x03,0x01,               /* [4359] OBJ_setAttr_GenCryptgrm */
-0x67,0x2A,0x03,0x03,0x04,0x01,               /* [4365] OBJ_setAttr_T2Enc */
-0x67,0x2A,0x03,0x03,0x04,0x02,               /* [4371] OBJ_setAttr_T2cleartxt */
-0x67,0x2A,0x03,0x03,0x05,0x01,               /* [4377] OBJ_setAttr_TokICCsig */
-0x67,0x2A,0x03,0x03,0x05,0x02,               /* [4383] OBJ_setAttr_SecDevSig */
-0x67,0x2A,0x08,0x01,                         /* [4389] OBJ_set_brand_IATA_ATA */
-0x67,0x2A,0x08,0x1E,                         /* [4393] OBJ_set_brand_Diners */
-0x67,0x2A,0x08,0x22,                         /* [4397] OBJ_set_brand_AmericanExpress */
-0x67,0x2A,0x08,0x23,                         /* [4401] OBJ_set_brand_JCB */
-0x67,0x2A,0x08,0x04,                         /* [4405] OBJ_set_brand_Visa */
-0x67,0x2A,0x08,0x05,                         /* [4409] OBJ_set_brand_MasterCard */
-0x67,0x2A,0x08,0xAE,0x7B,                    /* [4413] OBJ_set_brand_Novus */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,     /* [4418] OBJ_des_cdmf */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4426] OBJ_rsaOAEPEncryptionSET */
-0x67,                                        /* [4435] OBJ_international_organizations */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4436] OBJ_ms_smartcard_login */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4446] OBJ_ms_upn */
-0x55,0x04,0x09,                              /* [4456] OBJ_streetAddress */
-0x55,0x04,0x11,                              /* [4459] OBJ_postalCode */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,          /* [4462] OBJ_id_ppl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,     /* [4469] OBJ_proxyCertInfo */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,     /* [4477] OBJ_id_ppl_anyLanguage */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,     /* [4485] OBJ_id_ppl_inheritAll */
-0x55,0x1D,0x1E,                              /* [4493] OBJ_name_constraints */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,     /* [4496] OBJ_Independent */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4504] OBJ_sha256WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4513] OBJ_sha384WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4522] OBJ_sha512WithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4531] OBJ_sha224WithRSAEncryption */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4540] OBJ_sha256 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4549] OBJ_sha384 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4558] OBJ_sha512 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4567] OBJ_sha224 */
-0x2B,                                        /* [4576] OBJ_identified_organization */
-0x2B,0x81,0x04,                              /* [4577] OBJ_certicom_arc */
-0x67,0x2B,                                   /* [4580] OBJ_wap */
-0x67,0x2B,0x01,                              /* [4582] OBJ_wap_wsg */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,     /* [4585] OBJ_X9_62_id_characteristic_two_basis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4593] OBJ_X9_62_onBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4602] OBJ_X9_62_tpBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4611] OBJ_X9_62_ppBasis */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01,     /* [4620] OBJ_X9_62_c2pnb163v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02,     /* [4628] OBJ_X9_62_c2pnb163v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03,     /* [4636] OBJ_X9_62_c2pnb163v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04,     /* [4644] OBJ_X9_62_c2pnb176v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05,     /* [4652] OBJ_X9_62_c2tnb191v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06,     /* [4660] OBJ_X9_62_c2tnb191v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07,     /* [4668] OBJ_X9_62_c2tnb191v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08,     /* [4676] OBJ_X9_62_c2onb191v4 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09,     /* [4684] OBJ_X9_62_c2onb191v5 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A,     /* [4692] OBJ_X9_62_c2pnb208w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B,     /* [4700] OBJ_X9_62_c2tnb239v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C,     /* [4708] OBJ_X9_62_c2tnb239v2 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D,     /* [4716] OBJ_X9_62_c2tnb239v3 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E,     /* [4724] OBJ_X9_62_c2onb239v4 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F,     /* [4732] OBJ_X9_62_c2onb239v5 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10,     /* [4740] OBJ_X9_62_c2pnb272w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11,     /* [4748] OBJ_X9_62_c2pnb304w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12,     /* [4756] OBJ_X9_62_c2tnb359v1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13,     /* [4764] OBJ_X9_62_c2pnb368w1 */
-0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14,     /* [4772] OBJ_X9_62_c2tnb431r1 */
-0x2B,0x81,0x04,0x00,0x06,                    /* [4780] OBJ_secp112r1 */
-0x2B,0x81,0x04,0x00,0x07,                    /* [4785] OBJ_secp112r2 */
-0x2B,0x81,0x04,0x00,0x1C,                    /* [4790] OBJ_secp128r1 */
-0x2B,0x81,0x04,0x00,0x1D,                    /* [4795] OBJ_secp128r2 */
-0x2B,0x81,0x04,0x00,0x09,                    /* [4800] OBJ_secp160k1 */
-0x2B,0x81,0x04,0x00,0x08,                    /* [4805] OBJ_secp160r1 */
-0x2B,0x81,0x04,0x00,0x1E,                    /* [4810] OBJ_secp160r2 */
-0x2B,0x81,0x04,0x00,0x1F,                    /* [4815] OBJ_secp192k1 */
-0x2B,0x81,0x04,0x00,0x20,                    /* [4820] OBJ_secp224k1 */
-0x2B,0x81,0x04,0x00,0x21,                    /* [4825] OBJ_secp224r1 */
-0x2B,0x81,0x04,0x00,0x0A,                    /* [4830] OBJ_secp256k1 */
-0x2B,0x81,0x04,0x00,0x22,                    /* [4835] OBJ_secp384r1 */
-0x2B,0x81,0x04,0x00,0x23,                    /* [4840] OBJ_secp521r1 */
-0x2B,0x81,0x04,0x00,0x04,                    /* [4845] OBJ_sect113r1 */
-0x2B,0x81,0x04,0x00,0x05,                    /* [4850] OBJ_sect113r2 */
-0x2B,0x81,0x04,0x00,0x16,                    /* [4855] OBJ_sect131r1 */
-0x2B,0x81,0x04,0x00,0x17,                    /* [4860] OBJ_sect131r2 */
-0x2B,0x81,0x04,0x00,0x01,                    /* [4865] OBJ_sect163k1 */
-0x2B,0x81,0x04,0x00,0x02,                    /* [4870] OBJ_sect163r1 */
-0x2B,0x81,0x04,0x00,0x0F,                    /* [4875] OBJ_sect163r2 */
-0x2B,0x81,0x04,0x00,0x18,                    /* [4880] OBJ_sect193r1 */
-0x2B,0x81,0x04,0x00,0x19,                    /* [4885] OBJ_sect193r2 */
-0x2B,0x81,0x04,0x00,0x1A,                    /* [4890] OBJ_sect233k1 */
-0x2B,0x81,0x04,0x00,0x1B,                    /* [4895] OBJ_sect233r1 */
-0x2B,0x81,0x04,0x00,0x03,                    /* [4900] OBJ_sect239k1 */
-0x2B,0x81,0x04,0x00,0x10,                    /* [4905] OBJ_sect283k1 */
-0x2B,0x81,0x04,0x00,0x11,                    /* [4910] OBJ_sect283r1 */
-0x2B,0x81,0x04,0x00,0x24,                    /* [4915] OBJ_sect409k1 */
-0x2B,0x81,0x04,0x00,0x25,                    /* [4920] OBJ_sect409r1 */
-0x2B,0x81,0x04,0x00,0x26,                    /* [4925] OBJ_sect571k1 */
-0x2B,0x81,0x04,0x00,0x27,                    /* [4930] OBJ_sect571r1 */
-0x67,0x2B,0x01,0x04,0x01,                    /* [4935] OBJ_wap_wsg_idm_ecid_wtls1 */
-0x67,0x2B,0x01,0x04,0x03,                    /* [4940] OBJ_wap_wsg_idm_ecid_wtls3 */
-0x67,0x2B,0x01,0x04,0x04,                    /* [4945] OBJ_wap_wsg_idm_ecid_wtls4 */
-0x67,0x2B,0x01,0x04,0x05,                    /* [4950] OBJ_wap_wsg_idm_ecid_wtls5 */
-0x67,0x2B,0x01,0x04,0x06,                    /* [4955] OBJ_wap_wsg_idm_ecid_wtls6 */
-0x67,0x2B,0x01,0x04,0x07,                    /* [4960] OBJ_wap_wsg_idm_ecid_wtls7 */
-0x67,0x2B,0x01,0x04,0x08,                    /* [4965] OBJ_wap_wsg_idm_ecid_wtls8 */
-0x67,0x2B,0x01,0x04,0x09,                    /* [4970] OBJ_wap_wsg_idm_ecid_wtls9 */
-0x67,0x2B,0x01,0x04,0x0A,                    /* [4975] OBJ_wap_wsg_idm_ecid_wtls10 */
-0x67,0x2B,0x01,0x04,0x0B,                    /* [4980] OBJ_wap_wsg_idm_ecid_wtls11 */
-0x67,0x2B,0x01,0x04,0x0C,                    /* [4985] OBJ_wap_wsg_idm_ecid_wtls12 */
-0x55,0x1D,0x20,0x00,                         /* [4990] OBJ_any_policy */
-0x55,0x1D,0x21,                              /* [4994] OBJ_policy_mappings */
-0x55,0x1D,0x36,                              /* [4997] OBJ_inhibit_any_policy */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5000] OBJ_camellia_128_cbc */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5011] OBJ_camellia_192_cbc */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5022] OBJ_camellia_256_cbc */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01,     /* [5033] OBJ_camellia_128_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15,     /* [5041] OBJ_camellia_192_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29,     /* [5049] OBJ_camellia_256_ecb */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04,     /* [5057] OBJ_camellia_128_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18,     /* [5065] OBJ_camellia_192_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C,     /* [5073] OBJ_camellia_256_cfb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03,     /* [5081] OBJ_camellia_128_ofb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17,     /* [5089] OBJ_camellia_192_ofb128 */
-0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B,     /* [5097] OBJ_camellia_256_ofb128 */
-0x55,0x1D,0x09,                              /* [5105] OBJ_subject_directory_attributes */
-0x55,0x1D,0x1C,                              /* [5108] OBJ_issuing_distribution_point */
-0x55,0x1D,0x1D,                              /* [5111] OBJ_certificate_issuer */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,               /* [5114] OBJ_kisa */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,     /* [5120] OBJ_seed_ecb */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,     /* [5128] OBJ_seed_cbc */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,     /* [5136] OBJ_seed_ofb128 */
-0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,     /* [5144] OBJ_seed_cfb128 */
-0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01,     /* [5152] OBJ_hmac_md5 */
-0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02,     /* [5160] OBJ_hmac_sha1 */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5168] OBJ_id_PasswordBasedMAC */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5177] OBJ_id_DHBasedMac */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10,     /* [5186] OBJ_id_it_suppLangTags */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05,     /* [5194] OBJ_caRepository */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5202] OBJ_id_smime_ct_compressedData */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5213] OBJ_id_ct_asciiTextWithCRLF */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5224] OBJ_id_aes128_wrap */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5233] OBJ_id_aes192_wrap */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5242] OBJ_id_aes256_wrap */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02,          /* [5251] OBJ_ecdsa_with_Recommended */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,          /* [5258] OBJ_ecdsa_with_Specified */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01,     /* [5265] OBJ_ecdsa_with_SHA224 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,     /* [5273] OBJ_ecdsa_with_SHA256 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,     /* [5281] OBJ_ecdsa_with_SHA384 */
-0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,     /* [5289] OBJ_ecdsa_with_SHA512 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06,     /* [5297] OBJ_hmacWithMD5 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08,     /* [5305] OBJ_hmacWithSHA224 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09,     /* [5313] OBJ_hmacWithSHA256 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A,     /* [5321] OBJ_hmacWithSHA384 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B,     /* [5329] OBJ_hmacWithSHA512 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5337] OBJ_dsa_with_SHA224 */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5346] OBJ_dsa_with_SHA256 */
-0x28,0xCF,0x06,0x03,0x00,0x37,               /* [5355] OBJ_whirlpool */
-0x2A,0x85,0x03,0x02,0x02,                    /* [5361] OBJ_cryptopro */
-0x2A,0x85,0x03,0x02,0x09,                    /* [5366] OBJ_cryptocom */
-0x2A,0x85,0x03,0x02,0x02,0x03,               /* [5371] OBJ_id_GostR3411_94_with_GostR3410_2001 */
-0x2A,0x85,0x03,0x02,0x02,0x04,               /* [5377] OBJ_id_GostR3411_94_with_GostR3410_94 */
-0x2A,0x85,0x03,0x02,0x02,0x09,               /* [5383] OBJ_id_GostR3411_94 */
-0x2A,0x85,0x03,0x02,0x02,0x0A,               /* [5389] OBJ_id_HMACGostR3411_94 */
-0x2A,0x85,0x03,0x02,0x02,0x13,               /* [5395] OBJ_id_GostR3410_2001 */
-0x2A,0x85,0x03,0x02,0x02,0x14,               /* [5401] OBJ_id_GostR3410_94 */
-0x2A,0x85,0x03,0x02,0x02,0x15,               /* [5407] OBJ_id_Gost28147_89 */
-0x2A,0x85,0x03,0x02,0x02,0x16,               /* [5413] OBJ_id_Gost28147_89_MAC */
-0x2A,0x85,0x03,0x02,0x02,0x17,               /* [5419] OBJ_id_GostR3411_94_prf */
-0x2A,0x85,0x03,0x02,0x02,0x62,               /* [5425] OBJ_id_GostR3410_2001DH */
-0x2A,0x85,0x03,0x02,0x02,0x63,               /* [5431] OBJ_id_GostR3410_94DH */
-0x2A,0x85,0x03,0x02,0x02,0x0E,0x01,          /* [5437] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
-0x2A,0x85,0x03,0x02,0x02,0x0E,0x00,          /* [5444] OBJ_id_Gost28147_89_None_KeyMeshing */
-0x2A,0x85,0x03,0x02,0x02,0x1E,0x00,          /* [5451] OBJ_id_GostR3411_94_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1E,0x01,          /* [5458] OBJ_id_GostR3411_94_CryptoProParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x00,          /* [5465] OBJ_id_Gost28147_89_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x01,          /* [5472] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x02,          /* [5479] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x03,          /* [5486] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x04,          /* [5493] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x05,          /* [5500] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x06,          /* [5507] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x1F,0x07,          /* [5514] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x00,          /* [5521] OBJ_id_GostR3410_94_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x02,          /* [5528] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x03,          /* [5535] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x04,          /* [5542] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x20,0x05,          /* [5549] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x21,0x01,          /* [5556] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x21,0x02,          /* [5563] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x21,0x03,          /* [5570] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x00,          /* [5577] OBJ_id_GostR3410_2001_TestParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x01,          /* [5584] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x02,          /* [5591] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x23,0x03,          /* [5598] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x24,0x00,          /* [5605] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x24,0x01,          /* [5612] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x01,          /* [5619] OBJ_id_GostR3410_94_a */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x02,          /* [5626] OBJ_id_GostR3410_94_aBis */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x03,          /* [5633] OBJ_id_GostR3410_94_b */
-0x2A,0x85,0x03,0x02,0x02,0x14,0x04,          /* [5640] OBJ_id_GostR3410_94_bBis */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01,     /* [5647] OBJ_id_Gost28147_89_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03,     /* [5655] OBJ_id_GostR3410_94_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04,     /* [5663] OBJ_id_GostR3410_2001_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03,     /* [5671] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5679] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
-0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5687] OBJ_id_GostR3410_2001_ParamSet_cc */
-0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5695] OBJ_LocalKeySet */
-0x55,0x1D,0x2E,                              /* [5704] OBJ_freshest_crl */
-0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03,     /* [5707] OBJ_id_on_permanentIdentifier */
-0x55,0x04,0x0E,                              /* [5715] OBJ_searchGuide */
-0x55,0x04,0x0F,                              /* [5718] OBJ_businessCategory */
-0x55,0x04,0x10,                              /* [5721] OBJ_postalAddress */
-0x55,0x04,0x12,                              /* [5724] OBJ_postOfficeBox */
-0x55,0x04,0x13,                              /* [5727] OBJ_physicalDeliveryOfficeName */
-0x55,0x04,0x14,                              /* [5730] OBJ_telephoneNumber */
-0x55,0x04,0x15,                              /* [5733] OBJ_telexNumber */
-0x55,0x04,0x16,                              /* [5736] OBJ_teletexTerminalIdentifier */
-0x55,0x04,0x17,                              /* [5739] OBJ_facsimileTelephoneNumber */
-0x55,0x04,0x18,                              /* [5742] OBJ_x121Address */
-0x55,0x04,0x19,                              /* [5745] OBJ_internationaliSDNNumber */
-0x55,0x04,0x1A,                              /* [5748] OBJ_registeredAddress */
-0x55,0x04,0x1B,                              /* [5751] OBJ_destinationIndicator */
-0x55,0x04,0x1C,                              /* [5754] OBJ_preferredDeliveryMethod */
-0x55,0x04,0x1D,                              /* [5757] OBJ_presentationAddress */
-0x55,0x04,0x1E,                              /* [5760] OBJ_supportedApplicationContext */
-0x55,0x04,0x1F,                              /* [5763] OBJ_member */
-0x55,0x04,0x20,                              /* [5766] OBJ_owner */
-0x55,0x04,0x21,                              /* [5769] OBJ_roleOccupant */
-0x55,0x04,0x22,                              /* [5772] OBJ_seeAlso */
-0x55,0x04,0x23,                              /* [5775] OBJ_userPassword */
-0x55,0x04,0x24,                              /* [5778] OBJ_userCertificate */
-0x55,0x04,0x25,                              /* [5781] OBJ_cACertificate */
-0x55,0x04,0x26,                              /* [5784] OBJ_authorityRevocationList */
-0x55,0x04,0x27,                              /* [5787] OBJ_certificateRevocationList */
-0x55,0x04,0x28,                              /* [5790] OBJ_crossCertificatePair */
-0x55,0x04,0x2F,                              /* [5793] OBJ_enhancedSearchGuide */
-0x55,0x04,0x30,                              /* [5796] OBJ_protocolInformation */
-0x55,0x04,0x31,                              /* [5799] OBJ_distinguishedName */
-0x55,0x04,0x32,                              /* [5802] OBJ_uniqueMember */
-0x55,0x04,0x33,                              /* [5805] OBJ_houseIdentifier */
-0x55,0x04,0x34,                              /* [5808] OBJ_supportedAlgorithms */
-0x55,0x04,0x35,                              /* [5811] OBJ_deltaRevocationList */
-0x55,0x04,0x36,                              /* [5814] OBJ_dmdName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5817] OBJ_id_alg_PWRI_KEK */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5828] OBJ_aes_128_gcm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5837] OBJ_aes_128_ccm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5846] OBJ_id_aes128_wrap_pad */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5855] OBJ_aes_192_gcm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5864] OBJ_aes_192_ccm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5873] OBJ_id_aes192_wrap_pad */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5882] OBJ_aes_256_gcm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5891] OBJ_aes_256_ccm */
-0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5900] OBJ_id_aes256_wrap_pad */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5909] OBJ_id_camellia128_wrap */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5920] OBJ_id_camellia192_wrap */
-0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5931] OBJ_id_camellia256_wrap */
-0x55,0x1D,0x25,0x00,                         /* [5942] OBJ_anyExtendedKeyUsage */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5946] OBJ_mgf1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5955] OBJ_rsassaPss */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5964] OBJ_rsaesOaep */
-};
-
-static const ASN1_OBJECT nid_objs[NUM_NID]={
-{"UNDEF","undefined",NID_undef,0,NULL,0},
-{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[0]),0},
-{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[6]),0},
-{"MD2","md2",NID_md2,8,&(lvalues[13]),0},
-{"MD5","md5",NID_md5,8,&(lvalues[21]),0},
-{"RC4","rc4",NID_rc4,8,&(lvalues[29]),0},
-{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[37]),0},
-{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9,
-	&(lvalues[46]),0},
-{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9,
-	&(lvalues[55]),0},
-{"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9,
-	&(lvalues[64]),0},
-{"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9,
-	&(lvalues[73]),0},
-{"X500","directory services (X.500)",NID_X500,1,&(lvalues[82]),0},
-{"X509","X509",NID_X509,2,&(lvalues[83]),0},
-{"CN","commonName",NID_commonName,3,&(lvalues[85]),0},
-{"C","countryName",NID_countryName,3,&(lvalues[88]),0},
-{"L","localityName",NID_localityName,3,&(lvalues[91]),0},
-{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[94]),0},
-{"O","organizationName",NID_organizationName,3,&(lvalues[97]),0},
-{"OU","organizationalUnitName",NID_organizationalUnitName,3,
-	&(lvalues[100]),0},
-{"RSA","rsa",NID_rsa,4,&(lvalues[103]),0},
-{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[107]),0},
-{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[115]),0},
-{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9,
-	&(lvalues[124]),0},
-{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9,
-	&(lvalues[133]),0},
-{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData",
-	NID_pkcs7_signedAndEnveloped,9,&(lvalues[142]),0},
-{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9,
-	&(lvalues[151]),0},
-{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9,
-	&(lvalues[160]),0},
-{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[169]),0},
-{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9,
-	&(lvalues[177]),0},
-{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[186]),0},
-{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[191]),0},
-{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[196]),0},
-{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[201]),0},
-{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL,0},
-{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[206]),0},
-{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL,0},
-{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL,0},
-{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[217]),0},
-{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL,0},
-{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL,0},
-{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL,0},
-{"SHA","sha",NID_sha,5,&(lvalues[225]),0},
-{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,
-	&(lvalues[230]),0},
-{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL,0},
-{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[235]),0},
-{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[243]),0},
-{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL,0},
-{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[248]),0},
-{"emailAddress","emailAddress",NID_pkcs9_emailAddress,9,
-	&(lvalues[256]),0},
-{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,
-	&(lvalues[265]),0},
-{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[274]),0},
-{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9,
-	&(lvalues[283]),0},
-{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[292]),0},
-{"countersignature","countersignature",NID_pkcs9_countersignature,9,
-	&(lvalues[301]),0},
-{"challengePassword","challengePassword",NID_pkcs9_challengePassword,
-	9,&(lvalues[310]),0},
-{"unstructuredAddress","unstructuredAddress",
-	NID_pkcs9_unstructuredAddress,9,&(lvalues[319]),0},
-{"extendedCertificateAttributes","extendedCertificateAttributes",
-	NID_pkcs9_extCertAttributes,9,&(lvalues[328]),0},
-{"Netscape","Netscape Communications Corp.",NID_netscape,7,
-	&(lvalues[337]),0},
-{"nsCertExt","Netscape Certificate Extension",
-	NID_netscape_cert_extension,8,&(lvalues[344]),0},
-{"nsDataType","Netscape Data Type",NID_netscape_data_type,8,
-	&(lvalues[352]),0},
-{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL,0},
-{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL,0},
-{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL,0},
-{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0},
-{"SHA1","sha1",NID_sha1,5,&(lvalues[360]),0},
-{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
-	&(lvalues[365]),0},
-{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[374]),0},
-{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[379]),0},
-{"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC,
-	9,&(lvalues[384]),0},
-{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[393]),0},
-{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[402]),0},
-{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,
-	&(lvalues[407]),0},
-{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,
-	&(lvalues[416]),0},
-{"nsRevocationUrl","Netscape Revocation Url",
-	NID_netscape_revocation_url,9,&(lvalues[425]),0},
-{"nsCaRevocationUrl","Netscape CA Revocation Url",
-	NID_netscape_ca_revocation_url,9,&(lvalues[434]),0},
-{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9,
-	&(lvalues[443]),0},
-{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url,
-	9,&(lvalues[452]),0},
-{"nsSslServerName","Netscape SSL Server Name",
-	NID_netscape_ssl_server_name,9,&(lvalues[461]),0},
-{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[470]),0},
-{"nsCertSequence","Netscape Certificate Sequence",
-	NID_netscape_cert_sequence,9,&(lvalues[479]),0},
-{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL,0},
-{"id-ce","id-ce",NID_id_ce,2,&(lvalues[488]),0},
-{"subjectKeyIdentifier","X509v3 Subject Key Identifier",
-	NID_subject_key_identifier,3,&(lvalues[490]),0},
-{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[493]),0},
-{"privateKeyUsagePeriod","X509v3 Private Key Usage Period",
-	NID_private_key_usage_period,3,&(lvalues[496]),0},
-{"subjectAltName","X509v3 Subject Alternative Name",
-	NID_subject_alt_name,3,&(lvalues[499]),0},
-{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name,
-	3,&(lvalues[502]),0},
-{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints,
-	3,&(lvalues[505]),0},
-{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[508]),0},
-{"certificatePolicies","X509v3 Certificate Policies",
-	NID_certificate_policies,3,&(lvalues[511]),0},
-{"authorityKeyIdentifier","X509v3 Authority Key Identifier",
-	NID_authority_key_identifier,3,&(lvalues[514]),0},
-{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[517]),0},
-{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL,0},
-{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL,0},
-{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL,0},
-{"MDC2","mdc2",NID_mdc2,4,&(lvalues[526]),0},
-{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[530]),0},
-{"RC4-40","rc4-40",NID_rc4_40,0,NULL,0},
-{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL,0},
-{"GN","givenName",NID_givenName,3,&(lvalues[534]),0},
-{"SN","surname",NID_surname,3,&(lvalues[537]),0},
-{"initials","initials",NID_initials,3,&(lvalues[540]),0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{"crlDistributionPoints","X509v3 CRL Distribution Points",
-	NID_crl_distribution_points,3,&(lvalues[543]),0},
-{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[546]),0},
-{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[551]),0},
-{"title","title",NID_title,3,&(lvalues[554]),0},
-{"description","description",NID_description,3,&(lvalues[557]),0},
-{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[560]),0},
-{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0},
-{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0},
-{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0},
-{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
-	NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[569]),0},
-{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[578]),0},
-{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0},
-{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[585]),0},
-{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[590]),0},
-{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[597]),0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
-	&(lvalues[602]),0},
-{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[608]),0},
-{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0},
-{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0},
-{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0},
-{"RLE","run length compression",NID_rle_compression,6,&(lvalues[616]),0},
-{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[622]),0},
-{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
-	&(lvalues[633]),0},
-{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[636]),0},
-{"id-kp","id-kp",NID_id_kp,7,&(lvalues[642]),0},
-{"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
-	&(lvalues[649]),0},
-{"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
-	&(lvalues[657]),0},
-{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[665]),0},
-{"emailProtection","E-mail Protection",NID_email_protect,8,
-	&(lvalues[673]),0},
-{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[681]),0},
-{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
-	&(lvalues[689]),0},
-{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
-	&(lvalues[699]),0},
-{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
-	&(lvalues[709]),0},
-{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[719]),0},
-{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
-	&(lvalues[729]),0},
-{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[739]),0},
-{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
-	&(lvalues[748]),0},
-{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[751]),0},
-{"invalidityDate","Invalidity Date",NID_invalidity_date,3,
-	&(lvalues[754]),0},
-{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[757]),0},
-{"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4",
-	NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[762]),0},
-{"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4",
-	NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[772]),0},
-{"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC",
-	NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[782]),0},
-{"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC",
-	NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[792]),0},
-{"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC",
-	NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[802]),0},
-{"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC",
-	NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[812]),0},
-{"keyBag","keyBag",NID_keyBag,11,&(lvalues[822]),0},
-{"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag,
-	11,&(lvalues[833]),0},
-{"certBag","certBag",NID_certBag,11,&(lvalues[844]),0},
-{"crlBag","crlBag",NID_crlBag,11,&(lvalues[855]),0},
-{"secretBag","secretBag",NID_secretBag,11,&(lvalues[866]),0},
-{"safeContentsBag","safeContentsBag",NID_safeContentsBag,11,
-	&(lvalues[877]),0},
-{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[888]),0},
-{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[897]),0},
-{"x509Certificate","x509Certificate",NID_x509Certificate,10,
-	&(lvalues[906]),0},
-{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
-	&(lvalues[916]),0},
-{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[926]),0},
-{"PBES2","PBES2",NID_pbes2,9,&(lvalues[936]),0},
-{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[945]),0},
-{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[954]),0},
-{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[962]),0},
-{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
-	&(lvalues[970]),0},
-{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0},
-{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,
-	&(lvalues[978]),0},
-{"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,
-	&(lvalues[987]),0},
-{"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9,
-	&(lvalues[996]),0},
-{"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9,
-	&(lvalues[1005]),0},
-{"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10,
-	&(lvalues[1014]),0},
-{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1024]),0},
-{"name","name",NID_name,3,&(lvalues[1033]),0},
-{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1036]),0},
-{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1039]),0},
-{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1046]),0},
-{"authorityInfoAccess","Authority Information Access",NID_info_access,
-	8,&(lvalues[1053]),0},
-{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1061]),0},
-{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1069]),0},
-{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1077]),0},
-{"ISO","iso",NID_iso,0,NULL,0},
-{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1085]),0},
-{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1086]),0},
-{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1089]),0},
-{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1094]),0},
-{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1100]),0},
-{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1108]),0},
-{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1116]),0},
-{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1125]),0},
-{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1135]),0},
-{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1145]),0},
-{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1155]),0},
-{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1165]),0},
-{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1175]),0},
-{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1185]),0},
-{"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11,
-	&(lvalues[1195]),0},
-{"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11,
-	&(lvalues[1206]),0},
-{"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11,
-	&(lvalues[1217]),0},
-{"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3,
-	11,&(lvalues[1228]),0},
-{"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88",
-	NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1239]),0},
-{"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97",
-	NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1250]),0},
-{"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88",
-	NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1261]),0},
-{"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97",
-	NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1272]),0},
-{"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt,
-	11,&(lvalues[1283]),0},
-{"id-smime-ct-authData","id-smime-ct-authData",
-	NID_id_smime_ct_authData,11,&(lvalues[1294]),0},
-{"id-smime-ct-publishCert","id-smime-ct-publishCert",
-	NID_id_smime_ct_publishCert,11,&(lvalues[1305]),0},
-{"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo,
-	11,&(lvalues[1316]),0},
-{"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo,
-	11,&(lvalues[1327]),0},
-{"id-smime-ct-contentInfo","id-smime-ct-contentInfo",
-	NID_id_smime_ct_contentInfo,11,&(lvalues[1338]),0},
-{"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData",
-	NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1349]),0},
-{"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData",
-	NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1360]),0},
-{"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest",
-	NID_id_smime_aa_receiptRequest,11,&(lvalues[1371]),0},
-{"id-smime-aa-securityLabel","id-smime-aa-securityLabel",
-	NID_id_smime_aa_securityLabel,11,&(lvalues[1382]),0},
-{"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory",
-	NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1393]),0},
-{"id-smime-aa-contentHint","id-smime-aa-contentHint",
-	NID_id_smime_aa_contentHint,11,&(lvalues[1404]),0},
-{"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest",
-	NID_id_smime_aa_msgSigDigest,11,&(lvalues[1415]),0},
-{"id-smime-aa-encapContentType","id-smime-aa-encapContentType",
-	NID_id_smime_aa_encapContentType,11,&(lvalues[1426]),0},
-{"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier",
-	NID_id_smime_aa_contentIdentifier,11,&(lvalues[1437]),0},
-{"id-smime-aa-macValue","id-smime-aa-macValue",
-	NID_id_smime_aa_macValue,11,&(lvalues[1448]),0},
-{"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels",
-	NID_id_smime_aa_equivalentLabels,11,&(lvalues[1459]),0},
-{"id-smime-aa-contentReference","id-smime-aa-contentReference",
-	NID_id_smime_aa_contentReference,11,&(lvalues[1470]),0},
-{"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref",
-	NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1481]),0},
-{"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate",
-	NID_id_smime_aa_signingCertificate,11,&(lvalues[1492]),0},
-{"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts",
-	NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1503]),0},
-{"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken",
-	NID_id_smime_aa_timeStampToken,11,&(lvalues[1514]),0},
-{"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId",
-	NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1525]),0},
-{"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType",
-	NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1536]),0},
-{"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation",
-	NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1547]),0},
-{"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr",
-	NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1558]),0},
-{"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert",
-	NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1569]),0},
-{"id-smime-aa-ets-contentTimestamp",
-	"id-smime-aa-ets-contentTimestamp",
-	NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1580]),0},
-{"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs",
-	NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1591]),0},
-{"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs",
-	NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1602]),0},
-{"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues",
-	NID_id_smime_aa_ets_certValues,11,&(lvalues[1613]),0},
-{"id-smime-aa-ets-revocationValues",
-	"id-smime-aa-ets-revocationValues",
-	NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1624]),0},
-{"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp",
-	NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1635]),0},
-{"id-smime-aa-ets-certCRLTimestamp",
-	"id-smime-aa-ets-certCRLTimestamp",
-	NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1646]),0},
-{"id-smime-aa-ets-archiveTimeStamp",
-	"id-smime-aa-ets-archiveTimeStamp",
-	NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1657]),0},
-{"id-smime-aa-signatureType","id-smime-aa-signatureType",
-	NID_id_smime_aa_signatureType,11,&(lvalues[1668]),0},
-{"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc",
-	NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1679]),0},
-{"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES",
-	NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1690]),0},
-{"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2",
-	NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1701]),0},
-{"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap",
-	NID_id_smime_alg_3DESwrap,11,&(lvalues[1712]),0},
-{"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap",
-	NID_id_smime_alg_RC2wrap,11,&(lvalues[1723]),0},
-{"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11,
-	&(lvalues[1734]),0},
-{"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap",
-	NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1745]),0},
-{"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap",
-	NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1756]),0},
-{"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11,
-	&(lvalues[1767]),0},
-{"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri",
-	NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1778]),0},
-{"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice",
-	NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1789]),0},
-{"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin",
-	NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1800]),0},
-{"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt",
-	NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1811]),0},
-{"id-smime-cti-ets-proofOfDelivery",
-	"id-smime-cti-ets-proofOfDelivery",
-	NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1822]),0},
-{"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender",
-	NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1833]),0},
-{"id-smime-cti-ets-proofOfApproval",
-	"id-smime-cti-ets-proofOfApproval",
-	NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1844]),0},
-{"id-smime-cti-ets-proofOfCreation",
-	"id-smime-cti-ets-proofOfCreation",
-	NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1855]),0},
-{"MD4","md4",NID_md4,8,&(lvalues[1866]),0},
-{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1874]),0},
-{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1881]),0},
-{"id-it","id-it",NID_id_it,7,&(lvalues[1888]),0},
-{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1895]),0},
-{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1902]),0},
-{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1909]),0},
-{"id-on","id-on",NID_id_on,7,&(lvalues[1916]),0},
-{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1923]),0},
-{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1930]),0},
-{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1937]),0},
-{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1944]),0},
-{"id-pkix1-explicit-88","id-pkix1-explicit-88",
-	NID_id_pkix1_explicit_88,8,&(lvalues[1951]),0},
-{"id-pkix1-implicit-88","id-pkix1-implicit-88",
-	NID_id_pkix1_implicit_88,8,&(lvalues[1959]),0},
-{"id-pkix1-explicit-93","id-pkix1-explicit-93",
-	NID_id_pkix1_explicit_93,8,&(lvalues[1967]),0},
-{"id-pkix1-implicit-93","id-pkix1-implicit-93",
-	NID_id_pkix1_implicit_93,8,&(lvalues[1975]),0},
-{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1983]),0},
-{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1991]),0},
-{"id-mod-kea-profile-88","id-mod-kea-profile-88",
-	NID_id_mod_kea_profile_88,8,&(lvalues[1999]),0},
-{"id-mod-kea-profile-93","id-mod-kea-profile-93",
-	NID_id_mod_kea_profile_93,8,&(lvalues[2007]),0},
-{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2015]),0},
-{"id-mod-qualified-cert-88","id-mod-qualified-cert-88",
-	NID_id_mod_qualified_cert_88,8,&(lvalues[2023]),0},
-{"id-mod-qualified-cert-93","id-mod-qualified-cert-93",
-	NID_id_mod_qualified_cert_93,8,&(lvalues[2031]),0},
-{"id-mod-attribute-cert","id-mod-attribute-cert",
-	NID_id_mod_attribute_cert,8,&(lvalues[2039]),0},
-{"id-mod-timestamp-protocol","id-mod-timestamp-protocol",
-	NID_id_mod_timestamp_protocol,8,&(lvalues[2047]),0},
-{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2055]),0},
-{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2063]),0},
-{"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8,
-	&(lvalues[2071]),0},
-{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2079]),0},
-{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2087]),0},
-{"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8,
-	&(lvalues[2095]),0},
-{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2103]),0},
-{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2111]),0},
-{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8,
-	&(lvalues[2119]),0},
-{"sbgp-autonomousSysNum","sbgp-autonomousSysNum",
-	NID_sbgp_autonomousSysNum,8,&(lvalues[2127]),0},
-{"sbgp-routerIdentifier","sbgp-routerIdentifier",
-	NID_sbgp_routerIdentifier,8,&(lvalues[2135]),0},
-{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2143]),0},
-{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
-	&(lvalues[2151]),0},
-{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2159]),0},
-{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2167]),0},
-{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2175]),0},
-{"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert,
-	8,&(lvalues[2183]),0},
-{"id-it-signKeyPairTypes","id-it-signKeyPairTypes",
-	NID_id_it_signKeyPairTypes,8,&(lvalues[2191]),0},
-{"id-it-encKeyPairTypes","id-it-encKeyPairTypes",
-	NID_id_it_encKeyPairTypes,8,&(lvalues[2199]),0},
-{"id-it-preferredSymmAlg","id-it-preferredSymmAlg",
-	NID_id_it_preferredSymmAlg,8,&(lvalues[2207]),0},
-{"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo",
-	NID_id_it_caKeyUpdateInfo,8,&(lvalues[2215]),0},
-{"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8,
-	&(lvalues[2223]),0},
-{"id-it-unsupportedOIDs","id-it-unsupportedOIDs",
-	NID_id_it_unsupportedOIDs,8,&(lvalues[2231]),0},
-{"id-it-subscriptionRequest","id-it-subscriptionRequest",
-	NID_id_it_subscriptionRequest,8,&(lvalues[2239]),0},
-{"id-it-subscriptionResponse","id-it-subscriptionResponse",
-	NID_id_it_subscriptionResponse,8,&(lvalues[2247]),0},
-{"id-it-keyPairParamReq","id-it-keyPairParamReq",
-	NID_id_it_keyPairParamReq,8,&(lvalues[2255]),0},
-{"id-it-keyPairParamRep","id-it-keyPairParamRep",
-	NID_id_it_keyPairParamRep,8,&(lvalues[2263]),0},
-{"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase,
-	8,&(lvalues[2271]),0},
-{"id-it-implicitConfirm","id-it-implicitConfirm",
-	NID_id_it_implicitConfirm,8,&(lvalues[2279]),0},
-{"id-it-confirmWaitTime","id-it-confirmWaitTime",
-	NID_id_it_confirmWaitTime,8,&(lvalues[2287]),0},
-{"id-it-origPKIMessage","id-it-origPKIMessage",
-	NID_id_it_origPKIMessage,8,&(lvalues[2295]),0},
-{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2303]),0},
-{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2311]),0},
-{"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken,
-	9,&(lvalues[2319]),0},
-{"id-regCtrl-authenticator","id-regCtrl-authenticator",
-	NID_id_regCtrl_authenticator,9,&(lvalues[2328]),0},
-{"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo",
-	NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2337]),0},
-{"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions",
-	NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2346]),0},
-{"id-regCtrl-oldCertID","id-regCtrl-oldCertID",
-	NID_id_regCtrl_oldCertID,9,&(lvalues[2355]),0},
-{"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey",
-	NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2364]),0},
-{"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs",
-	NID_id_regInfo_utf8Pairs,9,&(lvalues[2373]),0},
-{"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9,
-	&(lvalues[2382]),0},
-{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2391]),0},
-{"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8,
-	&(lvalues[2399]),0},
-{"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1",
-	NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2407]),0},
-{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2415]),0},
-{"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8,
-	&(lvalues[2423]),0},
-{"id-cmc-identification","id-cmc-identification",
-	NID_id_cmc_identification,8,&(lvalues[2431]),0},
-{"id-cmc-identityProof","id-cmc-identityProof",
-	NID_id_cmc_identityProof,8,&(lvalues[2439]),0},
-{"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8,
-	&(lvalues[2447]),0},
-{"id-cmc-transactionId","id-cmc-transactionId",
-	NID_id_cmc_transactionId,8,&(lvalues[2455]),0},
-{"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8,
-	&(lvalues[2463]),0},
-{"id-cmc-recipientNonce","id-cmc-recipientNonce",
-	NID_id_cmc_recipientNonce,8,&(lvalues[2471]),0},
-{"id-cmc-addExtensions","id-cmc-addExtensions",
-	NID_id_cmc_addExtensions,8,&(lvalues[2479]),0},
-{"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP,
-	8,&(lvalues[2487]),0},
-{"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP,
-	8,&(lvalues[2495]),0},
-{"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness",
-	NID_id_cmc_lraPOPWitness,8,&(lvalues[2503]),0},
-{"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8,
-	&(lvalues[2511]),0},
-{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2519]),0},
-{"id-cmc-revokeRequest","id-cmc-revokeRequest",
-	NID_id_cmc_revokeRequest,8,&(lvalues[2527]),0},
-{"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8,
-	&(lvalues[2535]),0},
-{"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo,
-	8,&(lvalues[2543]),0},
-{"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending,
-	8,&(lvalues[2551]),0},
-{"id-cmc-popLinkRandom","id-cmc-popLinkRandom",
-	NID_id_cmc_popLinkRandom,8,&(lvalues[2559]),0},
-{"id-cmc-popLinkWitness","id-cmc-popLinkWitness",
-	NID_id_cmc_popLinkWitness,8,&(lvalues[2567]),0},
-{"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance",
-	NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2575]),0},
-{"id-on-personalData","id-on-personalData",NID_id_on_personalData,8,
-	&(lvalues[2583]),0},
-{"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8,
-	&(lvalues[2591]),0},
-{"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
-	8,&(lvalues[2599]),0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0},
-{"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
-	NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0},
-{"id-pda-countryOfResidence","id-pda-countryOfResidence",
-	NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0},
-{"id-aca-authenticationInfo","id-aca-authenticationInfo",
-	NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0},
-{"id-aca-accessIdentity","id-aca-accessIdentity",
-	NID_id_aca_accessIdentity,8,&(lvalues[2639]),0},
-{"id-aca-chargingIdentity","id-aca-chargingIdentity",
-	NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0},
-{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0},
-{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0},
-{"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
-	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0},
-{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0},
-{"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
-	&(lvalues[2687]),0},
-{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
-	&(lvalues[2695]),0},
-{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
-	&(lvalues[2703]),0},
-{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0},
-{"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
-	&(lvalues[2719]),0},
-{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0},
-{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0},
-{"acceptableResponses","Acceptable OCSP Responses",
-	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0},
-{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0},
-{"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
-	9,&(lvalues[2764]),0},
-{"serviceLocator","OCSP Service Locator",
-	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0},
-{"extendedStatus","Extended OCSP Status",
-	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0},
-{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0},
-{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0},
-{"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
-	&(lvalues[2809]),0},
-{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0},
-{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0},
-{"X500algorithms","directory services - algorithms",
-	NID_X500algorithms,2,&(lvalues[2827]),0},
-{"ORG","org",NID_org,1,&(lvalues[2829]),0},
-{"DOD","dod",NID_dod,2,&(lvalues[2830]),0},
-{"IANA","iana",NID_iana,3,&(lvalues[2832]),0},
-{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0},
-{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0},
-{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0},
-{"private","Private",NID_Private,4,&(lvalues[2847]),0},
-{"security","Security",NID_Security,4,&(lvalues[2851]),0},
-{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0},
-{"Mail","Mail",NID_Mail,4,&(lvalues[2859]),0},
-{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0},
-{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0},
-{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0},
-{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0},
-{"NULL","NULL",NID_joint_iso_ccitt,0,NULL,0},
-{"selected-attribute-types","Selected Attribute Types",
-	NID_selected_attribute_types,3,&(lvalues[2897]),0},
-{"clearance","clearance",NID_clearance,4,&(lvalues[2900]),0},
-{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
-	&(lvalues[2904]),0},
-{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2913]),0},
-{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
-	&(lvalues[2921]),0},
-{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
-	&(lvalues[2929]),0},
-{"role","role",NID_role,3,&(lvalues[2937]),0},
-{"policyConstraints","X509v3 Policy Constraints",
-	NID_policy_constraints,3,&(lvalues[2940]),0},
-{"targetInformation","X509v3 AC Targeting",NID_target_information,3,
-	&(lvalues[2943]),0},
-{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
-	&(lvalues[2946]),0},
-{"NULL","NULL",NID_ccitt,0,NULL,0},
-{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2949]),0},
-{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2954]),0},
-{"characteristic-two-field","characteristic-two-field",
-	NID_X9_62_characteristic_two_field,7,&(lvalues[2961]),0},
-{"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7,
-	&(lvalues[2968]),0},
-{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2975]),0},
-{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2983]),0},
-{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2991]),0},
-{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2999]),0},
-{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3007]),0},
-{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3015]),0},
-{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3023]),0},
-{"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7,
-	&(lvalues[3031]),0},
-{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3038]),0},
-{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3047]),0},
-{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3056]),0},
-{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3065]),0},
-{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3074]),0},
-{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3083]),0},
-{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3092]),0},
-{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3101]),0},
-{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3110]),0},
-{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3119]),0},
-{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3128]),0},
-{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3137]),0},
-{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3146]),0},
-{"holdInstructionCode","Hold Instruction Code",
-	NID_hold_instruction_code,3,&(lvalues[3155]),0},
-{"holdInstructionNone","Hold Instruction None",
-	NID_hold_instruction_none,7,&(lvalues[3158]),0},
-{"holdInstructionCallIssuer","Hold Instruction Call Issuer",
-	NID_hold_instruction_call_issuer,7,&(lvalues[3165]),0},
-{"holdInstructionReject","Hold Instruction Reject",
-	NID_hold_instruction_reject,7,&(lvalues[3172]),0},
-{"data","data",NID_data,1,&(lvalues[3179]),0},
-{"pss","pss",NID_pss,3,&(lvalues[3180]),0},
-{"ucl","ucl",NID_ucl,7,&(lvalues[3183]),0},
-{"pilot","pilot",NID_pilot,8,&(lvalues[3190]),0},
-{"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9,
-	&(lvalues[3198]),0},
-{"pilotAttributeSyntax","pilotAttributeSyntax",
-	NID_pilotAttributeSyntax,9,&(lvalues[3207]),0},
-{"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9,
-	&(lvalues[3216]),0},
-{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3225]),0},
-{"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10,
-	&(lvalues[3234]),0},
-{"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax",
-	NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3244]),0},
-{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3254]),0},
-{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3264]),0},
-{"account","account",NID_account,10,&(lvalues[3274]),0},
-{"document","document",NID_document,10,&(lvalues[3284]),0},
-{"room","room",NID_room,10,&(lvalues[3294]),0},
-{"documentSeries","documentSeries",NID_documentSeries,10,
-	&(lvalues[3304]),0},
-{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10,
-	&(lvalues[3314]),0},
-{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3324]),0},
-{"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject,
-	10,&(lvalues[3334]),0},
-{"friendlyCountry","friendlyCountry",NID_friendlyCountry,10,
-	&(lvalues[3344]),0},
-{"simpleSecurityObject","simpleSecurityObject",
-	NID_simpleSecurityObject,10,&(lvalues[3354]),0},
-{"pilotOrganization","pilotOrganization",NID_pilotOrganization,10,
-	&(lvalues[3364]),0},
-{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3374]),0},
-{"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData,
-	10,&(lvalues[3384]),0},
-{"UID","userId",NID_userId,10,&(lvalues[3394]),0},
-{"textEncodedORAddress","textEncodedORAddress",
-	NID_textEncodedORAddress,10,&(lvalues[3404]),0},
-{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3414]),0},
-{"info","info",NID_info,10,&(lvalues[3424]),0},
-{"favouriteDrink","favouriteDrink",NID_favouriteDrink,10,
-	&(lvalues[3434]),0},
-{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3444]),0},
-{"photo","photo",NID_photo,10,&(lvalues[3454]),0},
-{"userClass","userClass",NID_userClass,10,&(lvalues[3464]),0},
-{"host","host",NID_host,10,&(lvalues[3474]),0},
-{"manager","manager",NID_manager,10,&(lvalues[3484]),0},
-{"documentIdentifier","documentIdentifier",NID_documentIdentifier,10,
-	&(lvalues[3494]),0},
-{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3504]),0},
-{"documentVersion","documentVersion",NID_documentVersion,10,
-	&(lvalues[3514]),0},
-{"documentAuthor","documentAuthor",NID_documentAuthor,10,
-	&(lvalues[3524]),0},
-{"documentLocation","documentLocation",NID_documentLocation,10,
-	&(lvalues[3534]),0},
-{"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber,
-	10,&(lvalues[3544]),0},
-{"secretary","secretary",NID_secretary,10,&(lvalues[3554]),0},
-{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3564]),0},
-{"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10,
-	&(lvalues[3574]),0},
-{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10,
-	&(lvalues[3584]),0},
-{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3594]),0},
-{"pilotAttributeType27","pilotAttributeType27",
-	NID_pilotAttributeType27,10,&(lvalues[3604]),0},
-{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3614]),0},
-{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3624]),0},
-{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3634]),0},
-{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3644]),0},
-{"associatedDomain","associatedDomain",NID_associatedDomain,10,
-	&(lvalues[3654]),0},
-{"associatedName","associatedName",NID_associatedName,10,
-	&(lvalues[3664]),0},
-{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10,
-	&(lvalues[3674]),0},
-{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3684]),0},
-{"mobileTelephoneNumber","mobileTelephoneNumber",
-	NID_mobileTelephoneNumber,10,&(lvalues[3694]),0},
-{"pagerTelephoneNumber","pagerTelephoneNumber",
-	NID_pagerTelephoneNumber,10,&(lvalues[3704]),0},
-{"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName,
-	10,&(lvalues[3714]),0},
-{"organizationalStatus","organizationalStatus",
-	NID_organizationalStatus,10,&(lvalues[3724]),0},
-{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3734]),0},
-{"mailPreferenceOption","mailPreferenceOption",
-	NID_mailPreferenceOption,10,&(lvalues[3744]),0},
-{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3754]),0},
-{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3764]),0},
-{"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10,
-	&(lvalues[3774]),0},
-{"subtreeMinimumQuality","subtreeMinimumQuality",
-	NID_subtreeMinimumQuality,10,&(lvalues[3784]),0},
-{"subtreeMaximumQuality","subtreeMaximumQuality",
-	NID_subtreeMaximumQuality,10,&(lvalues[3794]),0},
-{"personalSignature","personalSignature",NID_personalSignature,10,
-	&(lvalues[3804]),0},
-{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3814]),0},
-{"audio","audio",NID_audio,10,&(lvalues[3824]),0},
-{"documentPublisher","documentPublisher",NID_documentPublisher,10,
-	&(lvalues[3834]),0},
-{"x500UniqueIdentifier","x500UniqueIdentifier",
-	NID_x500UniqueIdentifier,3,&(lvalues[3844]),0},
-{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3847]),0},
-{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6,
-	&(lvalues[3852]),0},
-{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6,
-	&(lvalues[3858]),0},
-{"id-hex-partial-message","id-hex-partial-message",
-	NID_id_hex_partial_message,7,&(lvalues[3864]),0},
-{"id-hex-multipart-message","id-hex-multipart-message",
-	NID_id_hex_multipart_message,7,&(lvalues[3871]),0},
-{"generationQualifier","generationQualifier",NID_generationQualifier,
-	3,&(lvalues[3878]),0},
-{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3881]),0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{"id-set","Secure Electronic Transactions",NID_id_set,2,
-	&(lvalues[3884]),0},
-{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3886]),0},
-{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3889]),0},
-{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3892]),0},
-{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3895]),0},
-{"set-certExt","certificate extensions",NID_set_certExt,3,
-	&(lvalues[3898]),0},
-{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3901]),0},
-{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3904]),0},
-{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4,
-	&(lvalues[3908]),0},
-{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3912]),0},
-{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3916]),0},
-{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3920]),0},
-{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3924]),0},
-{"setct-PIDataUnsigned","setct-PIDataUnsigned",
-	NID_setct_PIDataUnsigned,4,&(lvalues[3928]),0},
-{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4,
-	&(lvalues[3932]),0},
-{"setct-AuthResBaggage","setct-AuthResBaggage",
-	NID_setct_AuthResBaggage,4,&(lvalues[3936]),0},
-{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage",
-	NID_setct_AuthRevReqBaggage,4,&(lvalues[3940]),0},
-{"setct-AuthRevResBaggage","setct-AuthRevResBaggage",
-	NID_setct_AuthRevResBaggage,4,&(lvalues[3944]),0},
-{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4,
-	&(lvalues[3948]),0},
-{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4,
-	&(lvalues[3952]),0},
-{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3956]),0},
-{"setct-PResData","setct-PResData",NID_setct_PResData,4,
-	&(lvalues[3960]),0},
-{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4,
-	&(lvalues[3964]),0},
-{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4,
-	&(lvalues[3968]),0},
-{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4,
-	&(lvalues[3972]),0},
-{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4,
-	&(lvalues[3976]),0},
-{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4,
-	&(lvalues[3980]),0},
-{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4,
-	&(lvalues[3984]),0},
-{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg",
-	NID_setct_AcqCardCodeMsg,4,&(lvalues[3988]),0},
-{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS,
-	4,&(lvalues[3992]),0},
-{"setct-AuthRevResData","setct-AuthRevResData",
-	NID_setct_AuthRevResData,4,&(lvalues[3996]),0},
-{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS,
-	4,&(lvalues[4000]),0},
-{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4,
-	&(lvalues[4004]),0},
-{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4,
-	&(lvalues[4008]),0},
-{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4,
-	&(lvalues[4012]),0},
-{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4,
-	&(lvalues[4016]),0},
-{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX,
-	4,&(lvalues[4020]),0},
-{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData,
-	4,&(lvalues[4024]),0},
-{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4,
-	&(lvalues[4028]),0},
-{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4,
-	&(lvalues[4032]),0},
-{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4,
-	&(lvalues[4036]),0},
-{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS,
-	4,&(lvalues[4040]),0},
-{"setct-CredRevReqTBSX","setct-CredRevReqTBSX",
-	NID_setct_CredRevReqTBSX,4,&(lvalues[4044]),0},
-{"setct-CredRevResData","setct-CredRevResData",
-	NID_setct_CredRevResData,4,&(lvalues[4048]),0},
-{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4,
-	&(lvalues[4052]),0},
-{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4,
-	&(lvalues[4056]),0},
-{"setct-BatchAdminReqData","setct-BatchAdminReqData",
-	NID_setct_BatchAdminReqData,4,&(lvalues[4060]),0},
-{"setct-BatchAdminResData","setct-BatchAdminResData",
-	NID_setct_BatchAdminResData,4,&(lvalues[4064]),0},
-{"setct-CardCInitResTBS","setct-CardCInitResTBS",
-	NID_setct_CardCInitResTBS,4,&(lvalues[4068]),0},
-{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS",
-	NID_setct_MeAqCInitResTBS,4,&(lvalues[4072]),0},
-{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS,
-	4,&(lvalues[4076]),0},
-{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4,
-	&(lvalues[4080]),0},
-{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4,
-	&(lvalues[4084]),0},
-{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4,
-	&(lvalues[4088]),0},
-{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS,
-	4,&(lvalues[4092]),0},
-{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4,
-	&(lvalues[4096]),0},
-{"setct-PIDualSignedTBE","setct-PIDualSignedTBE",
-	NID_setct_PIDualSignedTBE,4,&(lvalues[4100]),0},
-{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE,
-	4,&(lvalues[4104]),0},
-{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4,
-	&(lvalues[4108]),0},
-{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4,
-	&(lvalues[4112]),0},
-{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4,
-	&(lvalues[4116]),0},
-{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4,
-	&(lvalues[4120]),0},
-{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4,
-	&(lvalues[4124]),0},
-{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4,
-	&(lvalues[4128]),0},
-{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE",
-	NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4132]),0},
-{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE,
-	4,&(lvalues[4136]),0},
-{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE,
-	4,&(lvalues[4140]),0},
-{"setct-AuthRevResTBEB","setct-AuthRevResTBEB",
-	NID_setct_AuthRevResTBEB,4,&(lvalues[4144]),0},
-{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4,
-	&(lvalues[4148]),0},
-{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4,
-	&(lvalues[4152]),0},
-{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4,
-	&(lvalues[4156]),0},
-{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4,
-	&(lvalues[4160]),0},
-{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX,
-	4,&(lvalues[4164]),0},
-{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4,
-	&(lvalues[4168]),0},
-{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4,
-	&(lvalues[4172]),0},
-{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4,
-	&(lvalues[4176]),0},
-{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4,
-	&(lvalues[4180]),0},
-{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE,
-	4,&(lvalues[4184]),0},
-{"setct-CredRevReqTBEX","setct-CredRevReqTBEX",
-	NID_setct_CredRevReqTBEX,4,&(lvalues[4188]),0},
-{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE,
-	4,&(lvalues[4192]),0},
-{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE",
-	NID_setct_BatchAdminReqTBE,4,&(lvalues[4196]),0},
-{"setct-BatchAdminResTBE","setct-BatchAdminResTBE",
-	NID_setct_BatchAdminResTBE,4,&(lvalues[4200]),0},
-{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE,
-	4,&(lvalues[4204]),0},
-{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4,
-	&(lvalues[4208]),0},
-{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4,
-	&(lvalues[4212]),0},
-{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4,
-	&(lvalues[4216]),0},
-{"setct-CRLNotificationTBS","setct-CRLNotificationTBS",
-	NID_setct_CRLNotificationTBS,4,&(lvalues[4220]),0},
-{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS",
-	NID_setct_CRLNotificationResTBS,4,&(lvalues[4224]),0},
-{"setct-BCIDistributionTBS","setct-BCIDistributionTBS",
-	NID_setct_BCIDistributionTBS,4,&(lvalues[4228]),0},
-{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4,
-	&(lvalues[4232]),0},
-{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4,
-	&(lvalues[4236]),0},
-{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4,
-	&(lvalues[4240]),0},
-{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4244]),0},
-{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4248]),0},
-{"setext-cv","additional verification",NID_setext_cv,4,
-	&(lvalues[4252]),0},
-{"set-policy-root","set-policy-root",NID_set_policy_root,4,
-	&(lvalues[4256]),0},
-{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4,
-	&(lvalues[4260]),0},
-{"setCext-certType","setCext-certType",NID_setCext_certType,4,
-	&(lvalues[4264]),0},
-{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4,
-	&(lvalues[4268]),0},
-{"setCext-cCertRequired","setCext-cCertRequired",
-	NID_setCext_cCertRequired,4,&(lvalues[4272]),0},
-{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4,
-	&(lvalues[4276]),0},
-{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4,
-	&(lvalues[4280]),0},
-{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4,
-	&(lvalues[4284]),0},
-{"setCext-PGWYcapabilities","setCext-PGWYcapabilities",
-	NID_setCext_PGWYcapabilities,4,&(lvalues[4288]),0},
-{"setCext-TokenIdentifier","setCext-TokenIdentifier",
-	NID_setCext_TokenIdentifier,4,&(lvalues[4292]),0},
-{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4,
-	&(lvalues[4296]),0},
-{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4,
-	&(lvalues[4300]),0},
-{"setCext-IssuerCapabilities","setCext-IssuerCapabilities",
-	NID_setCext_IssuerCapabilities,4,&(lvalues[4304]),0},
-{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4308]),0},
-{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap,
-	4,&(lvalues[4312]),0},
-{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4,
-	&(lvalues[4316]),0},
-{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4,
-	&(lvalues[4320]),0},
-{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5,
-	&(lvalues[4324]),0},
-{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4329]),0},
-{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5,
-	&(lvalues[4334]),0},
-{"setAttr-Token-B0Prime","setAttr-Token-B0Prime",
-	NID_setAttr_Token_B0Prime,5,&(lvalues[4339]),0},
-{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5,
-	&(lvalues[4344]),0},
-{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,
-	&(lvalues[4349]),0},
-{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,
-	&(lvalues[4354]),0},
-{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm,
-	6,&(lvalues[4359]),0},
-{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6,
-	&(lvalues[4365]),0},
-{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6,
-	&(lvalues[4371]),0},
-{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6,
-	&(lvalues[4377]),0},
-{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig,
-	6,&(lvalues[4383]),0},
-{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4,
-	&(lvalues[4389]),0},
-{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4,
-	&(lvalues[4393]),0},
-{"set-brand-AmericanExpress","set-brand-AmericanExpress",
-	NID_set_brand_AmericanExpress,4,&(lvalues[4397]),0},
-{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4401]),0},
-{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4,
-	&(lvalues[4405]),0},
-{"set-brand-MasterCard","set-brand-MasterCard",
-	NID_set_brand_MasterCard,4,&(lvalues[4409]),0},
-{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5,
-	&(lvalues[4413]),0},
-{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4418]),0},
-{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET",
-	NID_rsaOAEPEncryptionSET,9,&(lvalues[4426]),0},
-{"ITU-T","itu-t",NID_itu_t,0,NULL,0},
-{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,0,NULL,0},
-{"international-organizations","International Organizations",
-	NID_international_organizations,1,&(lvalues[4435]),0},
-{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
-	10,&(lvalues[4436]),0},
-{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
-	&(lvalues[4446]),0},
-{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0},
-{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0},
-{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0},
-{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL,0},
-{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL,0},
-{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL,0},
-{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL,0},
-{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0},
-{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0},
-{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0},
-{"street","streetAddress",NID_streetAddress,3,&(lvalues[4456]),0},
-{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4459]),0},
-{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4462]),0},
-{"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8,
-	&(lvalues[4469]),0},
-{"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8,
-	&(lvalues[4477]),0},
-{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8,
-	&(lvalues[4485]),0},
-{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3,
-	&(lvalues[4493]),0},
-{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4496]),0},
-{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9,
-	&(lvalues[4504]),0},
-{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9,
-	&(lvalues[4513]),0},
-{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9,
-	&(lvalues[4522]),0},
-{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9,
-	&(lvalues[4531]),0},
-{"SHA256","sha256",NID_sha256,9,&(lvalues[4540]),0},
-{"SHA384","sha384",NID_sha384,9,&(lvalues[4549]),0},
-{"SHA512","sha512",NID_sha512,9,&(lvalues[4558]),0},
-{"SHA224","sha224",NID_sha224,9,&(lvalues[4567]),0},
-{"identified-organization","identified-organization",
-	NID_identified_organization,1,&(lvalues[4576]),0},
-{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4577]),0},
-{"wap","wap",NID_wap,2,&(lvalues[4580]),0},
-{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4582]),0},
-{"id-characteristic-two-basis","id-characteristic-two-basis",
-	NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4585]),0},
-{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4593]),0},
-{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4602]),0},
-{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4611]),0},
-{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4620]),0},
-{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4628]),0},
-{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4636]),0},
-{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4644]),0},
-{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4652]),0},
-{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4660]),0},
-{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4668]),0},
-{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4676]),0},
-{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4684]),0},
-{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4692]),0},
-{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4700]),0},
-{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4708]),0},
-{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4716]),0},
-{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4724]),0},
-{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4732]),0},
-{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4740]),0},
-{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4748]),0},
-{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4756]),0},
-{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4764]),0},
-{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4772]),0},
-{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4780]),0},
-{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4785]),0},
-{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4790]),0},
-{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4795]),0},
-{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4800]),0},
-{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4805]),0},
-{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4810]),0},
-{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4815]),0},
-{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4820]),0},
-{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4825]),0},
-{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4830]),0},
-{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4835]),0},
-{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4840]),0},
-{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4845]),0},
-{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4850]),0},
-{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4855]),0},
-{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4860]),0},
-{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4865]),0},
-{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4870]),0},
-{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4875]),0},
-{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4880]),0},
-{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4885]),0},
-{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4890]),0},
-{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4895]),0},
-{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4900]),0},
-{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4905]),0},
-{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4910]),0},
-{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4915]),0},
-{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4920]),0},
-{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4925]),0},
-{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4930]),0},
-{"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1",
-	NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4935]),0},
-{"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3",
-	NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4940]),0},
-{"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4",
-	NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4945]),0},
-{"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5",
-	NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4950]),0},
-{"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6",
-	NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4955]),0},
-{"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7",
-	NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4960]),0},
-{"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8",
-	NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4965]),0},
-{"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9",
-	NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4970]),0},
-{"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10",
-	NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4975]),0},
-{"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11",
-	NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4980]),0},
-{"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12",
-	NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4985]),0},
-{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4990]),0},
-{"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3,
-	&(lvalues[4994]),0},
-{"inhibitAnyPolicy","X509v3 Inhibit Any Policy",
-	NID_inhibit_any_policy,3,&(lvalues[4997]),0},
-{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0},
-{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0},
-{"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11,
-	&(lvalues[5000]),0},
-{"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11,
-	&(lvalues[5011]),0},
-{"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11,
-	&(lvalues[5022]),0},
-{"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8,
-	&(lvalues[5033]),0},
-{"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8,
-	&(lvalues[5041]),0},
-{"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8,
-	&(lvalues[5049]),0},
-{"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8,
-	&(lvalues[5057]),0},
-{"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8,
-	&(lvalues[5065]),0},
-{"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8,
-	&(lvalues[5073]),0},
-{"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0},
-{"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0},
-{"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0},
-{"CAMELLIA-128-CFB8","camellia-128-cfb8",NID_camellia_128_cfb8,0,NULL,0},
-{"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0},
-{"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0},
-{"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8,
-	&(lvalues[5081]),0},
-{"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8,
-	&(lvalues[5089]),0},
-{"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8,
-	&(lvalues[5097]),0},
-{"subjectDirectoryAttributes","X509v3 Subject Directory Attributes",
-	NID_subject_directory_attributes,3,&(lvalues[5105]),0},
-{"issuingDistributionPoint","X509v3 Issuing Distrubution Point",
-	NID_issuing_distribution_point,3,&(lvalues[5108]),0},
-{"certificateIssuer","X509v3 Certificate Issuer",
-	NID_certificate_issuer,3,&(lvalues[5111]),0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{"KISA","kisa",NID_kisa,6,&(lvalues[5114]),0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{NULL,NULL,NID_undef,0,NULL,0},
-{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5120]),0},
-{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5128]),0},
-{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5136]),0},
-{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5144]),0},
-{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5152]),0},
-{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5160]),0},
-{"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9,
-	&(lvalues[5168]),0},
-{"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9,
-	&(lvalues[5177]),0},
-{"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8,
-	&(lvalues[5186]),0},
-{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5194]),0},
-{"id-smime-ct-compressedData","id-smime-ct-compressedData",
-	NID_id_smime_ct_compressedData,11,&(lvalues[5202]),0},
-{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF",
-	NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5213]),0},
-{"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9,
-	&(lvalues[5224]),0},
-{"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9,
-	&(lvalues[5233]),0},
-{"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9,
-	&(lvalues[5242]),0},
-{"ecdsa-with-Recommended","ecdsa-with-Recommended",
-	NID_ecdsa_with_Recommended,7,&(lvalues[5251]),0},
-{"ecdsa-with-Specified","ecdsa-with-Specified",
-	NID_ecdsa_with_Specified,7,&(lvalues[5258]),0},
-{"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8,
-	&(lvalues[5265]),0},
-{"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8,
-	&(lvalues[5273]),0},
-{"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8,
-	&(lvalues[5281]),0},
-{"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8,
-	&(lvalues[5289]),0},
-{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5297]),0},
-{"hmacWithSHA224","hmacWithSHA224",NID_hmacWithSHA224,8,
-	&(lvalues[5305]),0},
-{"hmacWithSHA256","hmacWithSHA256",NID_hmacWithSHA256,8,
-	&(lvalues[5313]),0},
-{"hmacWithSHA384","hmacWithSHA384",NID_hmacWithSHA384,8,
-	&(lvalues[5321]),0},
-{"hmacWithSHA512","hmacWithSHA512",NID_hmacWithSHA512,8,
-	&(lvalues[5329]),0},
-{"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9,
-	&(lvalues[5337]),0},
-{"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9,
-	&(lvalues[5346]),0},
-{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5355]),0},
-{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5361]),0},
-{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5366]),0},
-{"id-GostR3411-94-with-GostR3410-2001",
-	"GOST R 34.11-94 with GOST R 34.10-2001",
-	NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5371]),0},
-{"id-GostR3411-94-with-GostR3410-94",
-	"GOST R 34.11-94 with GOST R 34.10-94",
-	NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5377]),0},
-{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5383]),0},
-{"id-HMACGostR3411-94","HMAC GOST 34.11-94",NID_id_HMACGostR3411_94,6,
-	&(lvalues[5389]),0},
-{"gost2001","GOST R 34.10-2001",NID_id_GostR3410_2001,6,
-	&(lvalues[5395]),0},
-{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5401]),0},
-{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5407]),0},
-{"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0},
-{"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6,
-	&(lvalues[5413]),0},
-{"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6,
-	&(lvalues[5419]),0},
-{"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH,
-	6,&(lvalues[5425]),0},
-{"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6,
-	&(lvalues[5431]),0},
-{"id-Gost28147-89-CryptoPro-KeyMeshing",
-	"id-Gost28147-89-CryptoPro-KeyMeshing",
-	NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5437]),0},
-{"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing",
-	NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5444]),0},
-{"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet",
-	NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5451]),0},
-{"id-GostR3411-94-CryptoProParamSet",
-	"id-GostR3411-94-CryptoProParamSet",
-	NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5458]),0},
-{"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet",
-	NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5465]),0},
-{"id-Gost28147-89-CryptoPro-A-ParamSet",
-	"id-Gost28147-89-CryptoPro-A-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5472]),0},
-{"id-Gost28147-89-CryptoPro-B-ParamSet",
-	"id-Gost28147-89-CryptoPro-B-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5479]),0},
-{"id-Gost28147-89-CryptoPro-C-ParamSet",
-	"id-Gost28147-89-CryptoPro-C-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5486]),0},
-{"id-Gost28147-89-CryptoPro-D-ParamSet",
-	"id-Gost28147-89-CryptoPro-D-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5493]),0},
-{"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet",
-	"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5500]),
-	0},
-{"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet",
-	"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5507]),
-	0},
-{"id-Gost28147-89-CryptoPro-RIC-1-ParamSet",
-	"id-Gost28147-89-CryptoPro-RIC-1-ParamSet",
-	NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5514]),0},
-{"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet",
-	NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5521]),0},
-{"id-GostR3410-94-CryptoPro-A-ParamSet",
-	"id-GostR3410-94-CryptoPro-A-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5528]),0},
-{"id-GostR3410-94-CryptoPro-B-ParamSet",
-	"id-GostR3410-94-CryptoPro-B-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5535]),0},
-{"id-GostR3410-94-CryptoPro-C-ParamSet",
-	"id-GostR3410-94-CryptoPro-C-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5542]),0},
-{"id-GostR3410-94-CryptoPro-D-ParamSet",
-	"id-GostR3410-94-CryptoPro-D-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5549]),0},
-{"id-GostR3410-94-CryptoPro-XchA-ParamSet",
-	"id-GostR3410-94-CryptoPro-XchA-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5556]),0},
-{"id-GostR3410-94-CryptoPro-XchB-ParamSet",
-	"id-GostR3410-94-CryptoPro-XchB-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5563]),0},
-{"id-GostR3410-94-CryptoPro-XchC-ParamSet",
-	"id-GostR3410-94-CryptoPro-XchC-ParamSet",
-	NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5570]),0},
-{"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet",
-	NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5577]),0},
-{"id-GostR3410-2001-CryptoPro-A-ParamSet",
-	"id-GostR3410-2001-CryptoPro-A-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5584]),0},
-{"id-GostR3410-2001-CryptoPro-B-ParamSet",
-	"id-GostR3410-2001-CryptoPro-B-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5591]),0},
-{"id-GostR3410-2001-CryptoPro-C-ParamSet",
-	"id-GostR3410-2001-CryptoPro-C-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5598]),0},
-{"id-GostR3410-2001-CryptoPro-XchA-ParamSet",
-	"id-GostR3410-2001-CryptoPro-XchA-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5605]),0},
-	
-{"id-GostR3410-2001-CryptoPro-XchB-ParamSet",
-	"id-GostR3410-2001-CryptoPro-XchB-ParamSet",
-	NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5612]),0},
-	
-{"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7,
-	&(lvalues[5619]),0},
-{"id-GostR3410-94-aBis","id-GostR3410-94-aBis",
-	NID_id_GostR3410_94_aBis,7,&(lvalues[5626]),0},
-{"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7,
-	&(lvalues[5633]),0},
-{"id-GostR3410-94-bBis","id-GostR3410-94-bBis",
-	NID_id_GostR3410_94_bBis,7,&(lvalues[5640]),0},
-{"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet",
-	NID_id_Gost28147_89_cc,8,&(lvalues[5647]),0},
-{"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8,
-	&(lvalues[5655]),0},
-{"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8,
-	&(lvalues[5663]),0},
-{"id-GostR3411-94-with-GostR3410-94-cc",
-	"GOST R 34.11-94 with GOST R 34.10-94 Cryptocom",
-	NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5671]),0},
-{"id-GostR3411-94-with-GostR3410-2001-cc",
-	"GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom",
-	NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5679]),0},
-{"id-GostR3410-2001-ParamSet-cc",
-	"GOST R 3410-2001 Parameter Set Cryptocom",
-	NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5687]),0},
-{"HMAC","hmac",NID_hmac,0,NULL,0},
-{"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9,
-	&(lvalues[5695]),0},
-{"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3,
-	&(lvalues[5704]),0},
-{"id-on-permanentIdentifier","Permanent Identifier",
-	NID_id_on_permanentIdentifier,8,&(lvalues[5707]),0},
-{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5715]),0},
-{"businessCategory","businessCategory",NID_businessCategory,3,
-	&(lvalues[5718]),0},
-{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5721]),0},
-{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5724]),0},
-{"physicalDeliveryOfficeName","physicalDeliveryOfficeName",
-	NID_physicalDeliveryOfficeName,3,&(lvalues[5727]),0},
-{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3,
-	&(lvalues[5730]),0},
-{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5733]),0},
-{"teletexTerminalIdentifier","teletexTerminalIdentifier",
-	NID_teletexTerminalIdentifier,3,&(lvalues[5736]),0},
-{"facsimileTelephoneNumber","facsimileTelephoneNumber",
-	NID_facsimileTelephoneNumber,3,&(lvalues[5739]),0},
-{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5742]),0},
-{"internationaliSDNNumber","internationaliSDNNumber",
-	NID_internationaliSDNNumber,3,&(lvalues[5745]),0},
-{"registeredAddress","registeredAddress",NID_registeredAddress,3,
-	&(lvalues[5748]),0},
-{"destinationIndicator","destinationIndicator",
-	NID_destinationIndicator,3,&(lvalues[5751]),0},
-{"preferredDeliveryMethod","preferredDeliveryMethod",
-	NID_preferredDeliveryMethod,3,&(lvalues[5754]),0},
-{"presentationAddress","presentationAddress",NID_presentationAddress,
-	3,&(lvalues[5757]),0},
-{"supportedApplicationContext","supportedApplicationContext",
-	NID_supportedApplicationContext,3,&(lvalues[5760]),0},
-{"member","member",NID_member,3,&(lvalues[5763]),0},
-{"owner","owner",NID_owner,3,&(lvalues[5766]),0},
-{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5769]),0},
-{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5772]),0},
-{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5775]),0},
-{"userCertificate","userCertificate",NID_userCertificate,3,
-	&(lvalues[5778]),0},
-{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5781]),0},
-{"authorityRevocationList","authorityRevocationList",
-	NID_authorityRevocationList,3,&(lvalues[5784]),0},
-{"certificateRevocationList","certificateRevocationList",
-	NID_certificateRevocationList,3,&(lvalues[5787]),0},
-{"crossCertificatePair","crossCertificatePair",
-	NID_crossCertificatePair,3,&(lvalues[5790]),0},
-{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide,
-	3,&(lvalues[5793]),0},
-{"protocolInformation","protocolInformation",NID_protocolInformation,
-	3,&(lvalues[5796]),0},
-{"distinguishedName","distinguishedName",NID_distinguishedName,3,
-	&(lvalues[5799]),0},
-{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5802]),0},
-{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3,
-	&(lvalues[5805]),0},
-{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms,
-	3,&(lvalues[5808]),0},
-{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList,
-	3,&(lvalues[5811]),0},
-{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5814]),0},
-{"id-alg-PWRI-KEK","id-alg-PWRI-KEK",NID_id_alg_PWRI_KEK,11,
-	&(lvalues[5817]),0},
-{"CMAC","cmac",NID_cmac,0,NULL,0},
-{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5828]),0},
-{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5837]),0},
-{"id-aes128-wrap-pad","id-aes128-wrap-pad",NID_id_aes128_wrap_pad,9,
-	&(lvalues[5846]),0},
-{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5855]),0},
-{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5864]),0},
-{"id-aes192-wrap-pad","id-aes192-wrap-pad",NID_id_aes192_wrap_pad,9,
-	&(lvalues[5873]),0},
-{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5882]),0},
-{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5891]),0},
-{"id-aes256-wrap-pad","id-aes256-wrap-pad",NID_id_aes256_wrap_pad,9,
-	&(lvalues[5900]),0},
-{"AES-128-CTR","aes-128-ctr",NID_aes_128_ctr,0,NULL,0},
-{"AES-192-CTR","aes-192-ctr",NID_aes_192_ctr,0,NULL,0},
-{"AES-256-CTR","aes-256-ctr",NID_aes_256_ctr,0,NULL,0},
-{"id-camellia128-wrap","id-camellia128-wrap",NID_id_camellia128_wrap,
-	11,&(lvalues[5909]),0},
-{"id-camellia192-wrap","id-camellia192-wrap",NID_id_camellia192_wrap,
-	11,&(lvalues[5920]),0},
-{"id-camellia256-wrap","id-camellia256-wrap",NID_id_camellia256_wrap,
-	11,&(lvalues[5931]),0},
-{"anyExtendedKeyUsage","Any Extended Key Usage",
-	NID_anyExtendedKeyUsage,4,&(lvalues[5942]),0},
-{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5946]),0},
-{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5955]),0},
-{"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0},
-{"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0},
-{"RC4-HMAC-MD5","rc4-hmac-md5",NID_rc4_hmac_md5,0,NULL,0},
-{"AES-128-CBC-HMAC-SHA1","aes-128-cbc-hmac-sha1",
-	NID_aes_128_cbc_hmac_sha1,0,NULL,0},
-{"AES-192-CBC-HMAC-SHA1","aes-192-cbc-hmac-sha1",
-	NID_aes_192_cbc_hmac_sha1,0,NULL,0},
-{"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
-	NID_aes_256_cbc_hmac_sha1,0,NULL,0},
-{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0},
-};
-
-static const unsigned int sn_objs[NUM_SN]={
-364,	/* "AD_DVCS" */
-419,	/* "AES-128-CBC" */
-916,	/* "AES-128-CBC-HMAC-SHA1" */
-421,	/* "AES-128-CFB" */
-650,	/* "AES-128-CFB1" */
-653,	/* "AES-128-CFB8" */
-904,	/* "AES-128-CTR" */
-418,	/* "AES-128-ECB" */
-420,	/* "AES-128-OFB" */
-913,	/* "AES-128-XTS" */
-423,	/* "AES-192-CBC" */
-917,	/* "AES-192-CBC-HMAC-SHA1" */
-425,	/* "AES-192-CFB" */
-651,	/* "AES-192-CFB1" */
-654,	/* "AES-192-CFB8" */
-905,	/* "AES-192-CTR" */
-422,	/* "AES-192-ECB" */
-424,	/* "AES-192-OFB" */
-427,	/* "AES-256-CBC" */
-918,	/* "AES-256-CBC-HMAC-SHA1" */
-429,	/* "AES-256-CFB" */
-652,	/* "AES-256-CFB1" */
-655,	/* "AES-256-CFB8" */
-906,	/* "AES-256-CTR" */
-426,	/* "AES-256-ECB" */
-428,	/* "AES-256-OFB" */
-914,	/* "AES-256-XTS" */
-91,	/* "BF-CBC" */
-93,	/* "BF-CFB" */
-92,	/* "BF-ECB" */
-94,	/* "BF-OFB" */
-14,	/* "C" */
-751,	/* "CAMELLIA-128-CBC" */
-757,	/* "CAMELLIA-128-CFB" */
-760,	/* "CAMELLIA-128-CFB1" */
-763,	/* "CAMELLIA-128-CFB8" */
-754,	/* "CAMELLIA-128-ECB" */
-766,	/* "CAMELLIA-128-OFB" */
-752,	/* "CAMELLIA-192-CBC" */
-758,	/* "CAMELLIA-192-CFB" */
-761,	/* "CAMELLIA-192-CFB1" */
-764,	/* "CAMELLIA-192-CFB8" */
-755,	/* "CAMELLIA-192-ECB" */
-767,	/* "CAMELLIA-192-OFB" */
-753,	/* "CAMELLIA-256-CBC" */
-759,	/* "CAMELLIA-256-CFB" */
-762,	/* "CAMELLIA-256-CFB1" */
-765,	/* "CAMELLIA-256-CFB8" */
-756,	/* "CAMELLIA-256-ECB" */
-768,	/* "CAMELLIA-256-OFB" */
-108,	/* "CAST5-CBC" */
-110,	/* "CAST5-CFB" */
-109,	/* "CAST5-ECB" */
-111,	/* "CAST5-OFB" */
-894,	/* "CMAC" */
-13,	/* "CN" */
-141,	/* "CRLReason" */
-417,	/* "CSPName" */
-367,	/* "CrlID" */
-391,	/* "DC" */
-31,	/* "DES-CBC" */
-643,	/* "DES-CDMF" */
-30,	/* "DES-CFB" */
-656,	/* "DES-CFB1" */
-657,	/* "DES-CFB8" */
-29,	/* "DES-ECB" */
-32,	/* "DES-EDE" */
-43,	/* "DES-EDE-CBC" */
-60,	/* "DES-EDE-CFB" */
-62,	/* "DES-EDE-OFB" */
-33,	/* "DES-EDE3" */
-44,	/* "DES-EDE3-CBC" */
-61,	/* "DES-EDE3-CFB" */
-658,	/* "DES-EDE3-CFB1" */
-659,	/* "DES-EDE3-CFB8" */
-63,	/* "DES-EDE3-OFB" */
-45,	/* "DES-OFB" */
-80,	/* "DESX-CBC" */
-380,	/* "DOD" */
-116,	/* "DSA" */
-66,	/* "DSA-SHA" */
-113,	/* "DSA-SHA1" */
-70,	/* "DSA-SHA1-old" */
-67,	/* "DSA-old" */
-297,	/* "DVCS" */
-99,	/* "GN" */
-855,	/* "HMAC" */
-780,	/* "HMAC-MD5" */
-781,	/* "HMAC-SHA1" */
-381,	/* "IANA" */
-34,	/* "IDEA-CBC" */
-35,	/* "IDEA-CFB" */
-36,	/* "IDEA-ECB" */
-46,	/* "IDEA-OFB" */
-181,	/* "ISO" */
-183,	/* "ISO-US" */
-645,	/* "ITU-T" */
-646,	/* "JOINT-ISO-ITU-T" */
-773,	/* "KISA" */
-15,	/* "L" */
-856,	/* "LocalKeySet" */
- 3,	/* "MD2" */
-257,	/* "MD4" */
- 4,	/* "MD5" */
-114,	/* "MD5-SHA1" */
-95,	/* "MDC2" */
-911,	/* "MGF1" */
-388,	/* "Mail" */
-393,	/* "NULL" */
-404,	/* "NULL" */
-57,	/* "Netscape" */
-366,	/* "Nonce" */
-17,	/* "O" */
-178,	/* "OCSP" */
-180,	/* "OCSPSigning" */
-379,	/* "ORG" */
-18,	/* "OU" */
-749,	/* "Oakley-EC2N-3" */
-750,	/* "Oakley-EC2N-4" */
- 9,	/* "PBE-MD2-DES" */
-168,	/* "PBE-MD2-RC2-64" */
-10,	/* "PBE-MD5-DES" */
-169,	/* "PBE-MD5-RC2-64" */
-147,	/* "PBE-SHA1-2DES" */
-146,	/* "PBE-SHA1-3DES" */
-170,	/* "PBE-SHA1-DES" */
-148,	/* "PBE-SHA1-RC2-128" */
-149,	/* "PBE-SHA1-RC2-40" */
-68,	/* "PBE-SHA1-RC2-64" */
-144,	/* "PBE-SHA1-RC4-128" */
-145,	/* "PBE-SHA1-RC4-40" */
-161,	/* "PBES2" */
-69,	/* "PBKDF2" */
-162,	/* "PBMAC1" */
-127,	/* "PKIX" */
-98,	/* "RC2-40-CBC" */
-166,	/* "RC2-64-CBC" */
-37,	/* "RC2-CBC" */
-39,	/* "RC2-CFB" */
-38,	/* "RC2-ECB" */
-40,	/* "RC2-OFB" */
- 5,	/* "RC4" */
-97,	/* "RC4-40" */
-915,	/* "RC4-HMAC-MD5" */
-120,	/* "RC5-CBC" */
-122,	/* "RC5-CFB" */
-121,	/* "RC5-ECB" */
-123,	/* "RC5-OFB" */
-117,	/* "RIPEMD160" */
-124,	/* "RLE" */
-19,	/* "RSA" */
- 7,	/* "RSA-MD2" */
-396,	/* "RSA-MD4" */
- 8,	/* "RSA-MD5" */
-96,	/* "RSA-MDC2" */
-104,	/* "RSA-NP-MD5" */
-119,	/* "RSA-RIPEMD160" */
-42,	/* "RSA-SHA" */
-65,	/* "RSA-SHA1" */
-115,	/* "RSA-SHA1-2" */
-671,	/* "RSA-SHA224" */
-668,	/* "RSA-SHA256" */
-669,	/* "RSA-SHA384" */
-670,	/* "RSA-SHA512" */
-919,	/* "RSAES-OAEP" */
-912,	/* "RSASSA-PSS" */
-777,	/* "SEED-CBC" */
-779,	/* "SEED-CFB" */
-776,	/* "SEED-ECB" */
-778,	/* "SEED-OFB" */
-41,	/* "SHA" */
-64,	/* "SHA1" */
-675,	/* "SHA224" */
-672,	/* "SHA256" */
-673,	/* "SHA384" */
-674,	/* "SHA512" */
-188,	/* "SMIME" */
-167,	/* "SMIME-CAPS" */
-100,	/* "SN" */
-16,	/* "ST" */
-143,	/* "SXNetID" */
-458,	/* "UID" */
- 0,	/* "UNDEF" */
-11,	/* "X500" */
-378,	/* "X500algorithms" */
-12,	/* "X509" */
-184,	/* "X9-57" */
-185,	/* "X9cm" */
-125,	/* "ZLIB" */
-478,	/* "aRecord" */
-289,	/* "aaControls" */
-287,	/* "ac-auditEntity" */
-397,	/* "ac-proxying" */
-288,	/* "ac-targeting" */
-368,	/* "acceptableResponses" */
-446,	/* "account" */
-363,	/* "ad_timestamping" */
-376,	/* "algorithm" */
-405,	/* "ansi-X9-62" */
-910,	/* "anyExtendedKeyUsage" */
-746,	/* "anyPolicy" */
-370,	/* "archiveCutoff" */
-484,	/* "associatedDomain" */
-485,	/* "associatedName" */
-501,	/* "audio" */
-177,	/* "authorityInfoAccess" */
-90,	/* "authorityKeyIdentifier" */
-882,	/* "authorityRevocationList" */
-87,	/* "basicConstraints" */
-365,	/* "basicOCSPResponse" */
-285,	/* "biometricInfo" */
-494,	/* "buildingName" */
-860,	/* "businessCategory" */
-691,	/* "c2onb191v4" */
-692,	/* "c2onb191v5" */
-697,	/* "c2onb239v4" */
-698,	/* "c2onb239v5" */
-684,	/* "c2pnb163v1" */
-685,	/* "c2pnb163v2" */
-686,	/* "c2pnb163v3" */
-687,	/* "c2pnb176v1" */
-693,	/* "c2pnb208w1" */
-699,	/* "c2pnb272w1" */
-700,	/* "c2pnb304w1" */
-702,	/* "c2pnb368w1" */
-688,	/* "c2tnb191v1" */
-689,	/* "c2tnb191v2" */
-690,	/* "c2tnb191v3" */
-694,	/* "c2tnb239v1" */
-695,	/* "c2tnb239v2" */
-696,	/* "c2tnb239v3" */
-701,	/* "c2tnb359v1" */
-703,	/* "c2tnb431r1" */
-881,	/* "cACertificate" */
-483,	/* "cNAMERecord" */
-179,	/* "caIssuers" */
-785,	/* "caRepository" */
-443,	/* "caseIgnoreIA5StringSyntax" */
-152,	/* "certBag" */
-677,	/* "certicom-arc" */
-771,	/* "certificateIssuer" */
-89,	/* "certificatePolicies" */
-883,	/* "certificateRevocationList" */
-54,	/* "challengePassword" */
-407,	/* "characteristic-two-field" */
-395,	/* "clearance" */
-130,	/* "clientAuth" */
-131,	/* "codeSigning" */
-50,	/* "contentType" */
-53,	/* "countersignature" */
-153,	/* "crlBag" */
-103,	/* "crlDistributionPoints" */
-88,	/* "crlNumber" */
-884,	/* "crossCertificatePair" */
-806,	/* "cryptocom" */
-805,	/* "cryptopro" */
-500,	/* "dITRedirect" */
-451,	/* "dNSDomain" */
-495,	/* "dSAQuality" */
-434,	/* "data" */
-390,	/* "dcobject" */
-140,	/* "deltaCRL" */
-891,	/* "deltaRevocationList" */
-107,	/* "description" */
-871,	/* "destinationIndicator" */
-28,	/* "dhKeyAgreement" */
-382,	/* "directory" */
-887,	/* "distinguishedName" */
-892,	/* "dmdName" */
-174,	/* "dnQualifier" */
-447,	/* "document" */
-471,	/* "documentAuthor" */
-468,	/* "documentIdentifier" */
-472,	/* "documentLocation" */
-502,	/* "documentPublisher" */
-449,	/* "documentSeries" */
-469,	/* "documentTitle" */
-470,	/* "documentVersion" */
-392,	/* "domain" */
-452,	/* "domainRelatedObject" */
-802,	/* "dsa_with_SHA224" */
-803,	/* "dsa_with_SHA256" */
-791,	/* "ecdsa-with-Recommended" */
-416,	/* "ecdsa-with-SHA1" */
-793,	/* "ecdsa-with-SHA224" */
-794,	/* "ecdsa-with-SHA256" */
-795,	/* "ecdsa-with-SHA384" */
-796,	/* "ecdsa-with-SHA512" */
-792,	/* "ecdsa-with-Specified" */
-48,	/* "emailAddress" */
-132,	/* "emailProtection" */
-885,	/* "enhancedSearchGuide" */
-389,	/* "enterprises" */
-384,	/* "experimental" */
-172,	/* "extReq" */
-56,	/* "extendedCertificateAttributes" */
-126,	/* "extendedKeyUsage" */
-372,	/* "extendedStatus" */
-867,	/* "facsimileTelephoneNumber" */
-462,	/* "favouriteDrink" */
-857,	/* "freshestCRL" */
-453,	/* "friendlyCountry" */
-490,	/* "friendlyCountryName" */
-156,	/* "friendlyName" */
-509,	/* "generationQualifier" */
-815,	/* "gost-mac" */
-811,	/* "gost2001" */
-851,	/* "gost2001cc" */
-813,	/* "gost89" */
-814,	/* "gost89-cnt" */
-812,	/* "gost94" */
-850,	/* "gost94cc" */
-797,	/* "hmacWithMD5" */
-163,	/* "hmacWithSHA1" */
-798,	/* "hmacWithSHA224" */
-799,	/* "hmacWithSHA256" */
-800,	/* "hmacWithSHA384" */
-801,	/* "hmacWithSHA512" */
-432,	/* "holdInstructionCallIssuer" */
-430,	/* "holdInstructionCode" */
-431,	/* "holdInstructionNone" */
-433,	/* "holdInstructionReject" */
-486,	/* "homePostalAddress" */
-473,	/* "homeTelephoneNumber" */
-466,	/* "host" */
-889,	/* "houseIdentifier" */
-442,	/* "iA5StringSyntax" */
-783,	/* "id-DHBasedMac" */
-824,	/* "id-Gost28147-89-CryptoPro-A-ParamSet" */
-825,	/* "id-Gost28147-89-CryptoPro-B-ParamSet" */
-826,	/* "id-Gost28147-89-CryptoPro-C-ParamSet" */
-827,	/* "id-Gost28147-89-CryptoPro-D-ParamSet" */
-819,	/* "id-Gost28147-89-CryptoPro-KeyMeshing" */
-829,	/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
-828,	/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
-830,	/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
-820,	/* "id-Gost28147-89-None-KeyMeshing" */
-823,	/* "id-Gost28147-89-TestParamSet" */
-849,	/* "id-Gost28147-89-cc" */
-840,	/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
-841,	/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
-842,	/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
-843,	/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
-844,	/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
-854,	/* "id-GostR3410-2001-ParamSet-cc" */
-839,	/* "id-GostR3410-2001-TestParamSet" */
-817,	/* "id-GostR3410-2001DH" */
-832,	/* "id-GostR3410-94-CryptoPro-A-ParamSet" */
-833,	/* "id-GostR3410-94-CryptoPro-B-ParamSet" */
-834,	/* "id-GostR3410-94-CryptoPro-C-ParamSet" */
-835,	/* "id-GostR3410-94-CryptoPro-D-ParamSet" */
-836,	/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
-837,	/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
-838,	/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
-831,	/* "id-GostR3410-94-TestParamSet" */
-845,	/* "id-GostR3410-94-a" */
-846,	/* "id-GostR3410-94-aBis" */
-847,	/* "id-GostR3410-94-b" */
-848,	/* "id-GostR3410-94-bBis" */
-818,	/* "id-GostR3410-94DH" */
-822,	/* "id-GostR3411-94-CryptoProParamSet" */
-821,	/* "id-GostR3411-94-TestParamSet" */
-807,	/* "id-GostR3411-94-with-GostR3410-2001" */
-853,	/* "id-GostR3411-94-with-GostR3410-2001-cc" */
-808,	/* "id-GostR3411-94-with-GostR3410-94" */
-852,	/* "id-GostR3411-94-with-GostR3410-94-cc" */
-810,	/* "id-HMACGostR3411-94" */
-782,	/* "id-PasswordBasedMAC" */
-266,	/* "id-aca" */
-355,	/* "id-aca-accessIdentity" */
-354,	/* "id-aca-authenticationInfo" */
-356,	/* "id-aca-chargingIdentity" */
-399,	/* "id-aca-encAttrs" */
-357,	/* "id-aca-group" */
-358,	/* "id-aca-role" */
-176,	/* "id-ad" */
-896,	/* "id-aes128-CCM" */
-895,	/* "id-aes128-GCM" */
-788,	/* "id-aes128-wrap" */
-897,	/* "id-aes128-wrap-pad" */
-899,	/* "id-aes192-CCM" */
-898,	/* "id-aes192-GCM" */
-789,	/* "id-aes192-wrap" */
-900,	/* "id-aes192-wrap-pad" */
-902,	/* "id-aes256-CCM" */
-901,	/* "id-aes256-GCM" */
-790,	/* "id-aes256-wrap" */
-903,	/* "id-aes256-wrap-pad" */
-262,	/* "id-alg" */
-893,	/* "id-alg-PWRI-KEK" */
-323,	/* "id-alg-des40" */
-326,	/* "id-alg-dh-pop" */
-325,	/* "id-alg-dh-sig-hmac-sha1" */
-324,	/* "id-alg-noSignature" */
-907,	/* "id-camellia128-wrap" */
-908,	/* "id-camellia192-wrap" */
-909,	/* "id-camellia256-wrap" */
-268,	/* "id-cct" */
-361,	/* "id-cct-PKIData" */
-362,	/* "id-cct-PKIResponse" */
-360,	/* "id-cct-crs" */
-81,	/* "id-ce" */
-680,	/* "id-characteristic-two-basis" */
-263,	/* "id-cmc" */
-334,	/* "id-cmc-addExtensions" */
-346,	/* "id-cmc-confirmCertAcceptance" */
-330,	/* "id-cmc-dataReturn" */
-336,	/* "id-cmc-decryptedPOP" */
-335,	/* "id-cmc-encryptedPOP" */
-339,	/* "id-cmc-getCRL" */
-338,	/* "id-cmc-getCert" */
-328,	/* "id-cmc-identification" */
-329,	/* "id-cmc-identityProof" */
-337,	/* "id-cmc-lraPOPWitness" */
-344,	/* "id-cmc-popLinkRandom" */
-345,	/* "id-cmc-popLinkWitness" */
-343,	/* "id-cmc-queryPending" */
-333,	/* "id-cmc-recipientNonce" */
-341,	/* "id-cmc-regInfo" */
-342,	/* "id-cmc-responseInfo" */
-340,	/* "id-cmc-revokeRequest" */
-332,	/* "id-cmc-senderNonce" */
-327,	/* "id-cmc-statusInfo" */
-331,	/* "id-cmc-transactionId" */
-787,	/* "id-ct-asciiTextWithCRLF" */
-408,	/* "id-ecPublicKey" */
-508,	/* "id-hex-multipart-message" */
-507,	/* "id-hex-partial-message" */
-260,	/* "id-it" */
-302,	/* "id-it-caKeyUpdateInfo" */
-298,	/* "id-it-caProtEncCert" */
-311,	/* "id-it-confirmWaitTime" */
-303,	/* "id-it-currentCRL" */
-300,	/* "id-it-encKeyPairTypes" */
-310,	/* "id-it-implicitConfirm" */
-308,	/* "id-it-keyPairParamRep" */
-307,	/* "id-it-keyPairParamReq" */
-312,	/* "id-it-origPKIMessage" */
-301,	/* "id-it-preferredSymmAlg" */
-309,	/* "id-it-revPassphrase" */
-299,	/* "id-it-signKeyPairTypes" */
-305,	/* "id-it-subscriptionRequest" */
-306,	/* "id-it-subscriptionResponse" */
-784,	/* "id-it-suppLangTags" */
-304,	/* "id-it-unsupportedOIDs" */
-128,	/* "id-kp" */
-280,	/* "id-mod-attribute-cert" */
-274,	/* "id-mod-cmc" */
-277,	/* "id-mod-cmp" */
-284,	/* "id-mod-cmp2000" */
-273,	/* "id-mod-crmf" */
-283,	/* "id-mod-dvcs" */
-275,	/* "id-mod-kea-profile-88" */
-276,	/* "id-mod-kea-profile-93" */
-282,	/* "id-mod-ocsp" */
-278,	/* "id-mod-qualified-cert-88" */
-279,	/* "id-mod-qualified-cert-93" */
-281,	/* "id-mod-timestamp-protocol" */
-264,	/* "id-on" */
-858,	/* "id-on-permanentIdentifier" */
-347,	/* "id-on-personalData" */
-265,	/* "id-pda" */
-352,	/* "id-pda-countryOfCitizenship" */
-353,	/* "id-pda-countryOfResidence" */
-348,	/* "id-pda-dateOfBirth" */
-351,	/* "id-pda-gender" */
-349,	/* "id-pda-placeOfBirth" */
-175,	/* "id-pe" */
-261,	/* "id-pkip" */
-258,	/* "id-pkix-mod" */
-269,	/* "id-pkix1-explicit-88" */
-271,	/* "id-pkix1-explicit-93" */
-270,	/* "id-pkix1-implicit-88" */
-272,	/* "id-pkix1-implicit-93" */
-662,	/* "id-ppl" */
-664,	/* "id-ppl-anyLanguage" */
-667,	/* "id-ppl-independent" */
-665,	/* "id-ppl-inheritAll" */
-267,	/* "id-qcs" */
-359,	/* "id-qcs-pkixQCSyntax-v1" */
-259,	/* "id-qt" */
-164,	/* "id-qt-cps" */
-165,	/* "id-qt-unotice" */
-313,	/* "id-regCtrl" */
-316,	/* "id-regCtrl-authenticator" */
-319,	/* "id-regCtrl-oldCertID" */
-318,	/* "id-regCtrl-pkiArchiveOptions" */
-317,	/* "id-regCtrl-pkiPublicationInfo" */
-320,	/* "id-regCtrl-protocolEncrKey" */
-315,	/* "id-regCtrl-regToken" */
-314,	/* "id-regInfo" */
-322,	/* "id-regInfo-certReq" */
-321,	/* "id-regInfo-utf8Pairs" */
-512,	/* "id-set" */
-191,	/* "id-smime-aa" */
-215,	/* "id-smime-aa-contentHint" */
-218,	/* "id-smime-aa-contentIdentifier" */
-221,	/* "id-smime-aa-contentReference" */
-240,	/* "id-smime-aa-dvcs-dvc" */
-217,	/* "id-smime-aa-encapContentType" */
-222,	/* "id-smime-aa-encrypKeyPref" */
-220,	/* "id-smime-aa-equivalentLabels" */
-232,	/* "id-smime-aa-ets-CertificateRefs" */
-233,	/* "id-smime-aa-ets-RevocationRefs" */
-238,	/* "id-smime-aa-ets-archiveTimeStamp" */
-237,	/* "id-smime-aa-ets-certCRLTimestamp" */
-234,	/* "id-smime-aa-ets-certValues" */
-227,	/* "id-smime-aa-ets-commitmentType" */
-231,	/* "id-smime-aa-ets-contentTimestamp" */
-236,	/* "id-smime-aa-ets-escTimeStamp" */
-230,	/* "id-smime-aa-ets-otherSigCert" */
-235,	/* "id-smime-aa-ets-revocationValues" */
-226,	/* "id-smime-aa-ets-sigPolicyId" */
-229,	/* "id-smime-aa-ets-signerAttr" */
-228,	/* "id-smime-aa-ets-signerLocation" */
-219,	/* "id-smime-aa-macValue" */
-214,	/* "id-smime-aa-mlExpandHistory" */
-216,	/* "id-smime-aa-msgSigDigest" */
-212,	/* "id-smime-aa-receiptRequest" */
-213,	/* "id-smime-aa-securityLabel" */
-239,	/* "id-smime-aa-signatureType" */
-223,	/* "id-smime-aa-signingCertificate" */
-224,	/* "id-smime-aa-smimeEncryptCerts" */
-225,	/* "id-smime-aa-timeStampToken" */
-192,	/* "id-smime-alg" */
-243,	/* "id-smime-alg-3DESwrap" */
-246,	/* "id-smime-alg-CMS3DESwrap" */
-247,	/* "id-smime-alg-CMSRC2wrap" */
-245,	/* "id-smime-alg-ESDH" */
-241,	/* "id-smime-alg-ESDHwith3DES" */
-242,	/* "id-smime-alg-ESDHwithRC2" */
-244,	/* "id-smime-alg-RC2wrap" */
-193,	/* "id-smime-cd" */
-248,	/* "id-smime-cd-ldap" */
-190,	/* "id-smime-ct" */
-210,	/* "id-smime-ct-DVCSRequestData" */
-211,	/* "id-smime-ct-DVCSResponseData" */
-208,	/* "id-smime-ct-TDTInfo" */
-207,	/* "id-smime-ct-TSTInfo" */
-205,	/* "id-smime-ct-authData" */
-786,	/* "id-smime-ct-compressedData" */
-209,	/* "id-smime-ct-contentInfo" */
-206,	/* "id-smime-ct-publishCert" */
-204,	/* "id-smime-ct-receipt" */
-195,	/* "id-smime-cti" */
-255,	/* "id-smime-cti-ets-proofOfApproval" */
-256,	/* "id-smime-cti-ets-proofOfCreation" */
-253,	/* "id-smime-cti-ets-proofOfDelivery" */
-251,	/* "id-smime-cti-ets-proofOfOrigin" */
-252,	/* "id-smime-cti-ets-proofOfReceipt" */
-254,	/* "id-smime-cti-ets-proofOfSender" */
-189,	/* "id-smime-mod" */
-196,	/* "id-smime-mod-cms" */
-197,	/* "id-smime-mod-ess" */
-202,	/* "id-smime-mod-ets-eSigPolicy-88" */
-203,	/* "id-smime-mod-ets-eSigPolicy-97" */
-200,	/* "id-smime-mod-ets-eSignature-88" */
-201,	/* "id-smime-mod-ets-eSignature-97" */
-199,	/* "id-smime-mod-msg-v3" */
-198,	/* "id-smime-mod-oid" */
-194,	/* "id-smime-spq" */
-250,	/* "id-smime-spq-ets-sqt-unotice" */
-249,	/* "id-smime-spq-ets-sqt-uri" */
-676,	/* "identified-organization" */
-461,	/* "info" */
-748,	/* "inhibitAnyPolicy" */
-101,	/* "initials" */
-647,	/* "international-organizations" */
-869,	/* "internationaliSDNNumber" */
-142,	/* "invalidityDate" */
-294,	/* "ipsecEndSystem" */
-295,	/* "ipsecTunnel" */
-296,	/* "ipsecUser" */
-86,	/* "issuerAltName" */
-770,	/* "issuingDistributionPoint" */
-492,	/* "janetMailbox" */
-150,	/* "keyBag" */
-83,	/* "keyUsage" */
-477,	/* "lastModifiedBy" */
-476,	/* "lastModifiedTime" */
-157,	/* "localKeyID" */
-480,	/* "mXRecord" */
-460,	/* "mail" */
-493,	/* "mailPreferenceOption" */
-467,	/* "manager" */
-809,	/* "md_gost94" */
-875,	/* "member" */
-182,	/* "member-body" */
-51,	/* "messageDigest" */
-383,	/* "mgmt" */
-504,	/* "mime-mhs" */
-506,	/* "mime-mhs-bodies" */
-505,	/* "mime-mhs-headings" */
-488,	/* "mobileTelephoneNumber" */
-136,	/* "msCTLSign" */
-135,	/* "msCodeCom" */
-134,	/* "msCodeInd" */
-138,	/* "msEFS" */
-171,	/* "msExtReq" */
-137,	/* "msSGC" */
-648,	/* "msSmartcardLogin" */
-649,	/* "msUPN" */
-481,	/* "nSRecord" */
-173,	/* "name" */
-666,	/* "nameConstraints" */
-369,	/* "noCheck" */
-403,	/* "noRevAvail" */
-72,	/* "nsBaseUrl" */
-76,	/* "nsCaPolicyUrl" */
-74,	/* "nsCaRevocationUrl" */
-58,	/* "nsCertExt" */
-79,	/* "nsCertSequence" */
-71,	/* "nsCertType" */
-78,	/* "nsComment" */
-59,	/* "nsDataType" */
-75,	/* "nsRenewalUrl" */
-73,	/* "nsRevocationUrl" */
-139,	/* "nsSGC" */
-77,	/* "nsSslServerName" */
-681,	/* "onBasis" */
-491,	/* "organizationalStatus" */
-475,	/* "otherMailbox" */
-876,	/* "owner" */
-489,	/* "pagerTelephoneNumber" */
-374,	/* "path" */
-112,	/* "pbeWithMD5AndCast5CBC" */
-499,	/* "personalSignature" */
-487,	/* "personalTitle" */
-464,	/* "photo" */
-863,	/* "physicalDeliveryOfficeName" */
-437,	/* "pilot" */
-439,	/* "pilotAttributeSyntax" */
-438,	/* "pilotAttributeType" */
-479,	/* "pilotAttributeType27" */
-456,	/* "pilotDSA" */
-441,	/* "pilotGroups" */
-444,	/* "pilotObject" */
-440,	/* "pilotObjectClass" */
-455,	/* "pilotOrganization" */
-445,	/* "pilotPerson" */
- 2,	/* "pkcs" */
-186,	/* "pkcs1" */
-27,	/* "pkcs3" */
-187,	/* "pkcs5" */
-20,	/* "pkcs7" */
-21,	/* "pkcs7-data" */
-25,	/* "pkcs7-digestData" */
-26,	/* "pkcs7-encryptedData" */
-23,	/* "pkcs7-envelopedData" */
-24,	/* "pkcs7-signedAndEnvelopedData" */
-22,	/* "pkcs7-signedData" */
-151,	/* "pkcs8ShroudedKeyBag" */
-47,	/* "pkcs9" */
-401,	/* "policyConstraints" */
-747,	/* "policyMappings" */
-862,	/* "postOfficeBox" */
-861,	/* "postalAddress" */
-661,	/* "postalCode" */
-683,	/* "ppBasis" */
-872,	/* "preferredDeliveryMethod" */
-873,	/* "presentationAddress" */
-816,	/* "prf-gostr3411-94" */
-406,	/* "prime-field" */
-409,	/* "prime192v1" */
-410,	/* "prime192v2" */
-411,	/* "prime192v3" */
-412,	/* "prime239v1" */
-413,	/* "prime239v2" */
-414,	/* "prime239v3" */
-415,	/* "prime256v1" */
-385,	/* "private" */
-84,	/* "privateKeyUsagePeriod" */
-886,	/* "protocolInformation" */
-663,	/* "proxyCertInfo" */
-510,	/* "pseudonym" */
-435,	/* "pss" */
-286,	/* "qcStatements" */
-457,	/* "qualityLabelledData" */
-450,	/* "rFC822localPart" */
-870,	/* "registeredAddress" */
-400,	/* "role" */
-877,	/* "roleOccupant" */
-448,	/* "room" */
-463,	/* "roomNumber" */
- 6,	/* "rsaEncryption" */
-644,	/* "rsaOAEPEncryptionSET" */
-377,	/* "rsaSignature" */
- 1,	/* "rsadsi" */
-482,	/* "sOARecord" */
-155,	/* "safeContentsBag" */
-291,	/* "sbgp-autonomousSysNum" */
-290,	/* "sbgp-ipAddrBlock" */
-292,	/* "sbgp-routerIdentifier" */
-159,	/* "sdsiCertificate" */
-859,	/* "searchGuide" */
-704,	/* "secp112r1" */
-705,	/* "secp112r2" */
-706,	/* "secp128r1" */
-707,	/* "secp128r2" */
-708,	/* "secp160k1" */
-709,	/* "secp160r1" */
-710,	/* "secp160r2" */
-711,	/* "secp192k1" */
-712,	/* "secp224k1" */
-713,	/* "secp224r1" */
-714,	/* "secp256k1" */
-715,	/* "secp384r1" */
-716,	/* "secp521r1" */
-154,	/* "secretBag" */
-474,	/* "secretary" */
-717,	/* "sect113r1" */
-718,	/* "sect113r2" */
-719,	/* "sect131r1" */
-720,	/* "sect131r2" */
-721,	/* "sect163k1" */
-722,	/* "sect163r1" */
-723,	/* "sect163r2" */
-724,	/* "sect193r1" */
-725,	/* "sect193r2" */
-726,	/* "sect233k1" */
-727,	/* "sect233r1" */
-728,	/* "sect239k1" */
-729,	/* "sect283k1" */
-730,	/* "sect283r1" */
-731,	/* "sect409k1" */
-732,	/* "sect409r1" */
-733,	/* "sect571k1" */
-734,	/* "sect571r1" */
-386,	/* "security" */
-878,	/* "seeAlso" */
-394,	/* "selected-attribute-types" */
-105,	/* "serialNumber" */
-129,	/* "serverAuth" */
-371,	/* "serviceLocator" */
-625,	/* "set-addPolicy" */
-515,	/* "set-attr" */
-518,	/* "set-brand" */
-638,	/* "set-brand-AmericanExpress" */
-637,	/* "set-brand-Diners" */
-636,	/* "set-brand-IATA-ATA" */
-639,	/* "set-brand-JCB" */
-641,	/* "set-brand-MasterCard" */
-642,	/* "set-brand-Novus" */
-640,	/* "set-brand-Visa" */
-517,	/* "set-certExt" */
-513,	/* "set-ctype" */
-514,	/* "set-msgExt" */
-516,	/* "set-policy" */
-607,	/* "set-policy-root" */
-624,	/* "set-rootKeyThumb" */
-620,	/* "setAttr-Cert" */
-631,	/* "setAttr-GenCryptgrm" */
-623,	/* "setAttr-IssCap" */
-628,	/* "setAttr-IssCap-CVM" */
-630,	/* "setAttr-IssCap-Sig" */
-629,	/* "setAttr-IssCap-T2" */
-621,	/* "setAttr-PGWYcap" */
-635,	/* "setAttr-SecDevSig" */
-632,	/* "setAttr-T2Enc" */
-633,	/* "setAttr-T2cleartxt" */
-634,	/* "setAttr-TokICCsig" */
-627,	/* "setAttr-Token-B0Prime" */
-626,	/* "setAttr-Token-EMV" */
-622,	/* "setAttr-TokenType" */
-619,	/* "setCext-IssuerCapabilities" */
-615,	/* "setCext-PGWYcapabilities" */
-616,	/* "setCext-TokenIdentifier" */
-618,	/* "setCext-TokenType" */
-617,	/* "setCext-Track2Data" */
-611,	/* "setCext-cCertRequired" */
-609,	/* "setCext-certType" */
-608,	/* "setCext-hashedRoot" */
-610,	/* "setCext-merchData" */
-613,	/* "setCext-setExt" */
-614,	/* "setCext-setQualf" */
-612,	/* "setCext-tunneling" */
-540,	/* "setct-AcqCardCodeMsg" */
-576,	/* "setct-AcqCardCodeMsgTBE" */
-570,	/* "setct-AuthReqTBE" */
-534,	/* "setct-AuthReqTBS" */
-527,	/* "setct-AuthResBaggage" */
-571,	/* "setct-AuthResTBE" */
-572,	/* "setct-AuthResTBEX" */
-535,	/* "setct-AuthResTBS" */
-536,	/* "setct-AuthResTBSX" */
-528,	/* "setct-AuthRevReqBaggage" */
-577,	/* "setct-AuthRevReqTBE" */
-541,	/* "setct-AuthRevReqTBS" */
-529,	/* "setct-AuthRevResBaggage" */
-542,	/* "setct-AuthRevResData" */
-578,	/* "setct-AuthRevResTBE" */
-579,	/* "setct-AuthRevResTBEB" */
-543,	/* "setct-AuthRevResTBS" */
-573,	/* "setct-AuthTokenTBE" */
-537,	/* "setct-AuthTokenTBS" */
-600,	/* "setct-BCIDistributionTBS" */
-558,	/* "setct-BatchAdminReqData" */
-592,	/* "setct-BatchAdminReqTBE" */
-559,	/* "setct-BatchAdminResData" */
-593,	/* "setct-BatchAdminResTBE" */
-599,	/* "setct-CRLNotificationResTBS" */
-598,	/* "setct-CRLNotificationTBS" */
-580,	/* "setct-CapReqTBE" */
-581,	/* "setct-CapReqTBEX" */
-544,	/* "setct-CapReqTBS" */
-545,	/* "setct-CapReqTBSX" */
-546,	/* "setct-CapResData" */
-582,	/* "setct-CapResTBE" */
-583,	/* "setct-CapRevReqTBE" */
-584,	/* "setct-CapRevReqTBEX" */
-547,	/* "setct-CapRevReqTBS" */
-548,	/* "setct-CapRevReqTBSX" */
-549,	/* "setct-CapRevResData" */
-585,	/* "setct-CapRevResTBE" */
-538,	/* "setct-CapTokenData" */
-530,	/* "setct-CapTokenSeq" */
-574,	/* "setct-CapTokenTBE" */
-575,	/* "setct-CapTokenTBEX" */
-539,	/* "setct-CapTokenTBS" */
-560,	/* "setct-CardCInitResTBS" */
-566,	/* "setct-CertInqReqTBS" */
-563,	/* "setct-CertReqData" */
-595,	/* "setct-CertReqTBE" */
-596,	/* "setct-CertReqTBEX" */
-564,	/* "setct-CertReqTBS" */
-565,	/* "setct-CertResData" */
-597,	/* "setct-CertResTBE" */
-586,	/* "setct-CredReqTBE" */
-587,	/* "setct-CredReqTBEX" */
-550,	/* "setct-CredReqTBS" */
-551,	/* "setct-CredReqTBSX" */
-552,	/* "setct-CredResData" */
-588,	/* "setct-CredResTBE" */
-589,	/* "setct-CredRevReqTBE" */
-590,	/* "setct-CredRevReqTBEX" */
-553,	/* "setct-CredRevReqTBS" */
-554,	/* "setct-CredRevReqTBSX" */
-555,	/* "setct-CredRevResData" */
-591,	/* "setct-CredRevResTBE" */
-567,	/* "setct-ErrorTBS" */
-526,	/* "setct-HODInput" */
-561,	/* "setct-MeAqCInitResTBS" */
-522,	/* "setct-OIData" */
-519,	/* "setct-PANData" */
-521,	/* "setct-PANOnly" */
-520,	/* "setct-PANToken" */
-556,	/* "setct-PCertReqData" */
-557,	/* "setct-PCertResTBS" */
-523,	/* "setct-PI" */
-532,	/* "setct-PI-TBS" */
-524,	/* "setct-PIData" */
-525,	/* "setct-PIDataUnsigned" */
-568,	/* "setct-PIDualSignedTBE" */
-569,	/* "setct-PIUnsignedTBE" */
-531,	/* "setct-PInitResData" */
-533,	/* "setct-PResData" */
-594,	/* "setct-RegFormReqTBE" */
-562,	/* "setct-RegFormResTBS" */
-606,	/* "setext-cv" */
-601,	/* "setext-genCrypt" */
-602,	/* "setext-miAuth" */
-604,	/* "setext-pinAny" */
-603,	/* "setext-pinSecure" */
-605,	/* "setext-track2" */
-52,	/* "signingTime" */
-454,	/* "simpleSecurityObject" */
-496,	/* "singleLevelQuality" */
-387,	/* "snmpv2" */
-660,	/* "street" */
-85,	/* "subjectAltName" */
-769,	/* "subjectDirectoryAttributes" */
-398,	/* "subjectInfoAccess" */
-82,	/* "subjectKeyIdentifier" */
-498,	/* "subtreeMaximumQuality" */
-497,	/* "subtreeMinimumQuality" */
-890,	/* "supportedAlgorithms" */
-874,	/* "supportedApplicationContext" */
-402,	/* "targetInformation" */
-864,	/* "telephoneNumber" */
-866,	/* "teletexTerminalIdentifier" */
-865,	/* "telexNumber" */
-459,	/* "textEncodedORAddress" */
-293,	/* "textNotice" */
-133,	/* "timeStamping" */
-106,	/* "title" */
-682,	/* "tpBasis" */
-375,	/* "trustRoot" */
-436,	/* "ucl" */
-888,	/* "uniqueMember" */
-55,	/* "unstructuredAddress" */
-49,	/* "unstructuredName" */
-880,	/* "userCertificate" */
-465,	/* "userClass" */
-879,	/* "userPassword" */
-373,	/* "valid" */
-678,	/* "wap" */
-679,	/* "wap-wsg" */
-735,	/* "wap-wsg-idm-ecid-wtls1" */
-743,	/* "wap-wsg-idm-ecid-wtls10" */
-744,	/* "wap-wsg-idm-ecid-wtls11" */
-745,	/* "wap-wsg-idm-ecid-wtls12" */
-736,	/* "wap-wsg-idm-ecid-wtls3" */
-737,	/* "wap-wsg-idm-ecid-wtls4" */
-738,	/* "wap-wsg-idm-ecid-wtls5" */
-739,	/* "wap-wsg-idm-ecid-wtls6" */
-740,	/* "wap-wsg-idm-ecid-wtls7" */
-741,	/* "wap-wsg-idm-ecid-wtls8" */
-742,	/* "wap-wsg-idm-ecid-wtls9" */
-804,	/* "whirlpool" */
-868,	/* "x121Address" */
-503,	/* "x500UniqueIdentifier" */
-158,	/* "x509Certificate" */
-160,	/* "x509Crl" */
-};
-
-static const unsigned int ln_objs[NUM_LN]={
-363,	/* "AD Time Stamping" */
-405,	/* "ANSI X9.62" */
-368,	/* "Acceptable OCSP Responses" */
-910,	/* "Any Extended Key Usage" */
-664,	/* "Any language" */
-177,	/* "Authority Information Access" */
-365,	/* "Basic OCSP Response" */
-285,	/* "Biometric Info" */
-179,	/* "CA Issuers" */
-785,	/* "CA Repository" */
-131,	/* "Code Signing" */
-783,	/* "Diffie-Hellman based MAC" */
-382,	/* "Directory" */
-392,	/* "Domain" */
-132,	/* "E-mail Protection" */
-389,	/* "Enterprises" */
-384,	/* "Experimental" */
-372,	/* "Extended OCSP Status" */
-172,	/* "Extension Request" */
-813,	/* "GOST 28147-89" */
-849,	/* "GOST 28147-89 Cryptocom ParamSet" */
-815,	/* "GOST 28147-89 MAC" */
-851,	/* "GOST 34.10-2001 Cryptocom" */
-850,	/* "GOST 34.10-94 Cryptocom" */
-811,	/* "GOST R 34.10-2001" */
-817,	/* "GOST R 34.10-2001 DH" */
-812,	/* "GOST R 34.10-94" */
-818,	/* "GOST R 34.10-94 DH" */
-809,	/* "GOST R 34.11-94" */
-816,	/* "GOST R 34.11-94 PRF" */
-807,	/* "GOST R 34.11-94 with GOST R 34.10-2001" */
-853,	/* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */
-808,	/* "GOST R 34.11-94 with GOST R 34.10-94" */
-852,	/* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
-854,	/* "GOST R 3410-2001 Parameter Set Cryptocom" */
-810,	/* "HMAC GOST 34.11-94" */
-432,	/* "Hold Instruction Call Issuer" */
-430,	/* "Hold Instruction Code" */
-431,	/* "Hold Instruction None" */
-433,	/* "Hold Instruction Reject" */
-634,	/* "ICC or token signature" */
-294,	/* "IPSec End System" */
-295,	/* "IPSec Tunnel" */
-296,	/* "IPSec User" */
-182,	/* "ISO Member Body" */
-183,	/* "ISO US Member Body" */
-667,	/* "Independent" */
-665,	/* "Inherit all" */
-647,	/* "International Organizations" */
-142,	/* "Invalidity Date" */
-504,	/* "MIME MHS" */
-388,	/* "Mail" */
-383,	/* "Management" */
-417,	/* "Microsoft CSP Name" */
-135,	/* "Microsoft Commercial Code Signing" */
-138,	/* "Microsoft Encrypted File System" */
-171,	/* "Microsoft Extension Request" */
-134,	/* "Microsoft Individual Code Signing" */
-856,	/* "Microsoft Local Key set" */
-137,	/* "Microsoft Server Gated Crypto" */
-648,	/* "Microsoft Smartcardlogin" */
-136,	/* "Microsoft Trust List Signing" */
-649,	/* "Microsoft Universal Principal Name" */
-393,	/* "NULL" */
-404,	/* "NULL" */
-72,	/* "Netscape Base Url" */
-76,	/* "Netscape CA Policy Url" */
-74,	/* "Netscape CA Revocation Url" */
-71,	/* "Netscape Cert Type" */
-58,	/* "Netscape Certificate Extension" */
-79,	/* "Netscape Certificate Sequence" */
-78,	/* "Netscape Comment" */
-57,	/* "Netscape Communications Corp." */
-59,	/* "Netscape Data Type" */
-75,	/* "Netscape Renewal Url" */
-73,	/* "Netscape Revocation Url" */
-77,	/* "Netscape SSL Server Name" */
-139,	/* "Netscape Server Gated Crypto" */
-178,	/* "OCSP" */
-370,	/* "OCSP Archive Cutoff" */
-367,	/* "OCSP CRL ID" */
-369,	/* "OCSP No Check" */
-366,	/* "OCSP Nonce" */
-371,	/* "OCSP Service Locator" */
-180,	/* "OCSP Signing" */
-161,	/* "PBES2" */
-69,	/* "PBKDF2" */
-162,	/* "PBMAC1" */
-127,	/* "PKIX" */
-858,	/* "Permanent Identifier" */
-164,	/* "Policy Qualifier CPS" */
-165,	/* "Policy Qualifier User Notice" */
-385,	/* "Private" */
-663,	/* "Proxy Certificate Information" */
- 1,	/* "RSA Data Security, Inc." */
- 2,	/* "RSA Data Security, Inc. PKCS" */
-188,	/* "S/MIME" */
-167,	/* "S/MIME Capabilities" */
-387,	/* "SNMPv2" */
-512,	/* "Secure Electronic Transactions" */
-386,	/* "Security" */
-394,	/* "Selected Attribute Types" */
-143,	/* "Strong Extranet ID" */
-398,	/* "Subject Information Access" */
-130,	/* "TLS Web Client Authentication" */
-129,	/* "TLS Web Server Authentication" */
-133,	/* "Time Stamping" */
-375,	/* "Trust Root" */
-12,	/* "X509" */
-402,	/* "X509v3 AC Targeting" */
-746,	/* "X509v3 Any Policy" */
-90,	/* "X509v3 Authority Key Identifier" */
-87,	/* "X509v3 Basic Constraints" */
-103,	/* "X509v3 CRL Distribution Points" */
-88,	/* "X509v3 CRL Number" */
-141,	/* "X509v3 CRL Reason Code" */
-771,	/* "X509v3 Certificate Issuer" */
-89,	/* "X509v3 Certificate Policies" */
-140,	/* "X509v3 Delta CRL Indicator" */
-126,	/* "X509v3 Extended Key Usage" */
-857,	/* "X509v3 Freshest CRL" */
-748,	/* "X509v3 Inhibit Any Policy" */
-86,	/* "X509v3 Issuer Alternative Name" */
-770,	/* "X509v3 Issuing Distrubution Point" */
-83,	/* "X509v3 Key Usage" */
-666,	/* "X509v3 Name Constraints" */
-403,	/* "X509v3 No Revocation Available" */
-401,	/* "X509v3 Policy Constraints" */
-747,	/* "X509v3 Policy Mappings" */
-84,	/* "X509v3 Private Key Usage Period" */
-85,	/* "X509v3 Subject Alternative Name" */
-769,	/* "X509v3 Subject Directory Attributes" */
-82,	/* "X509v3 Subject Key Identifier" */
-184,	/* "X9.57" */
-185,	/* "X9.57 CM ?" */
-478,	/* "aRecord" */
-289,	/* "aaControls" */
-287,	/* "ac-auditEntity" */
-397,	/* "ac-proxying" */
-288,	/* "ac-targeting" */
-446,	/* "account" */
-364,	/* "ad dvcs" */
-606,	/* "additional verification" */
-419,	/* "aes-128-cbc" */
-916,	/* "aes-128-cbc-hmac-sha1" */
-896,	/* "aes-128-ccm" */
-421,	/* "aes-128-cfb" */
-650,	/* "aes-128-cfb1" */
-653,	/* "aes-128-cfb8" */
-904,	/* "aes-128-ctr" */
-418,	/* "aes-128-ecb" */
-895,	/* "aes-128-gcm" */
-420,	/* "aes-128-ofb" */
-913,	/* "aes-128-xts" */
-423,	/* "aes-192-cbc" */
-917,	/* "aes-192-cbc-hmac-sha1" */
-899,	/* "aes-192-ccm" */
-425,	/* "aes-192-cfb" */
-651,	/* "aes-192-cfb1" */
-654,	/* "aes-192-cfb8" */
-905,	/* "aes-192-ctr" */
-422,	/* "aes-192-ecb" */
-898,	/* "aes-192-gcm" */
-424,	/* "aes-192-ofb" */
-427,	/* "aes-256-cbc" */
-918,	/* "aes-256-cbc-hmac-sha1" */
-902,	/* "aes-256-ccm" */
-429,	/* "aes-256-cfb" */
-652,	/* "aes-256-cfb1" */
-655,	/* "aes-256-cfb8" */
-906,	/* "aes-256-ctr" */
-426,	/* "aes-256-ecb" */
-901,	/* "aes-256-gcm" */
-428,	/* "aes-256-ofb" */
-914,	/* "aes-256-xts" */
-376,	/* "algorithm" */
-484,	/* "associatedDomain" */
-485,	/* "associatedName" */
-501,	/* "audio" */
-882,	/* "authorityRevocationList" */
-91,	/* "bf-cbc" */
-93,	/* "bf-cfb" */
-92,	/* "bf-ecb" */
-94,	/* "bf-ofb" */
-494,	/* "buildingName" */
-860,	/* "businessCategory" */
-691,	/* "c2onb191v4" */
-692,	/* "c2onb191v5" */
-697,	/* "c2onb239v4" */
-698,	/* "c2onb239v5" */
-684,	/* "c2pnb163v1" */
-685,	/* "c2pnb163v2" */
-686,	/* "c2pnb163v3" */
-687,	/* "c2pnb176v1" */
-693,	/* "c2pnb208w1" */
-699,	/* "c2pnb272w1" */
-700,	/* "c2pnb304w1" */
-702,	/* "c2pnb368w1" */
-688,	/* "c2tnb191v1" */
-689,	/* "c2tnb191v2" */
-690,	/* "c2tnb191v3" */
-694,	/* "c2tnb239v1" */
-695,	/* "c2tnb239v2" */
-696,	/* "c2tnb239v3" */
-701,	/* "c2tnb359v1" */
-703,	/* "c2tnb431r1" */
-881,	/* "cACertificate" */
-483,	/* "cNAMERecord" */
-751,	/* "camellia-128-cbc" */
-757,	/* "camellia-128-cfb" */
-760,	/* "camellia-128-cfb1" */
-763,	/* "camellia-128-cfb8" */
-754,	/* "camellia-128-ecb" */
-766,	/* "camellia-128-ofb" */
-752,	/* "camellia-192-cbc" */
-758,	/* "camellia-192-cfb" */
-761,	/* "camellia-192-cfb1" */
-764,	/* "camellia-192-cfb8" */
-755,	/* "camellia-192-ecb" */
-767,	/* "camellia-192-ofb" */
-753,	/* "camellia-256-cbc" */
-759,	/* "camellia-256-cfb" */
-762,	/* "camellia-256-cfb1" */
-765,	/* "camellia-256-cfb8" */
-756,	/* "camellia-256-ecb" */
-768,	/* "camellia-256-ofb" */
-443,	/* "caseIgnoreIA5StringSyntax" */
-108,	/* "cast5-cbc" */
-110,	/* "cast5-cfb" */
-109,	/* "cast5-ecb" */
-111,	/* "cast5-ofb" */
-152,	/* "certBag" */
-677,	/* "certicom-arc" */
-517,	/* "certificate extensions" */
-883,	/* "certificateRevocationList" */
-54,	/* "challengePassword" */
-407,	/* "characteristic-two-field" */
-395,	/* "clearance" */
-633,	/* "cleartext track 2" */
-894,	/* "cmac" */
-13,	/* "commonName" */
-513,	/* "content types" */
-50,	/* "contentType" */
-53,	/* "countersignature" */
-14,	/* "countryName" */
-153,	/* "crlBag" */
-884,	/* "crossCertificatePair" */
-806,	/* "cryptocom" */
-805,	/* "cryptopro" */
-500,	/* "dITRedirect" */
-451,	/* "dNSDomain" */
-495,	/* "dSAQuality" */
-434,	/* "data" */
-390,	/* "dcObject" */
-891,	/* "deltaRevocationList" */
-31,	/* "des-cbc" */
-643,	/* "des-cdmf" */
-30,	/* "des-cfb" */
-656,	/* "des-cfb1" */
-657,	/* "des-cfb8" */
-29,	/* "des-ecb" */
-32,	/* "des-ede" */
-43,	/* "des-ede-cbc" */
-60,	/* "des-ede-cfb" */
-62,	/* "des-ede-ofb" */
-33,	/* "des-ede3" */
-44,	/* "des-ede3-cbc" */
-61,	/* "des-ede3-cfb" */
-658,	/* "des-ede3-cfb1" */
-659,	/* "des-ede3-cfb8" */
-63,	/* "des-ede3-ofb" */
-45,	/* "des-ofb" */
-107,	/* "description" */
-871,	/* "destinationIndicator" */
-80,	/* "desx-cbc" */
-28,	/* "dhKeyAgreement" */
-11,	/* "directory services (X.500)" */
-378,	/* "directory services - algorithms" */
-887,	/* "distinguishedName" */
-892,	/* "dmdName" */
-174,	/* "dnQualifier" */
-447,	/* "document" */
-471,	/* "documentAuthor" */
-468,	/* "documentIdentifier" */
-472,	/* "documentLocation" */
-502,	/* "documentPublisher" */
-449,	/* "documentSeries" */
-469,	/* "documentTitle" */
-470,	/* "documentVersion" */
-380,	/* "dod" */
-391,	/* "domainComponent" */
-452,	/* "domainRelatedObject" */
-116,	/* "dsaEncryption" */
-67,	/* "dsaEncryption-old" */
-66,	/* "dsaWithSHA" */
-113,	/* "dsaWithSHA1" */
-70,	/* "dsaWithSHA1-old" */
-802,	/* "dsa_with_SHA224" */
-803,	/* "dsa_with_SHA256" */
-297,	/* "dvcs" */
-791,	/* "ecdsa-with-Recommended" */
-416,	/* "ecdsa-with-SHA1" */
-793,	/* "ecdsa-with-SHA224" */
-794,	/* "ecdsa-with-SHA256" */
-795,	/* "ecdsa-with-SHA384" */
-796,	/* "ecdsa-with-SHA512" */
-792,	/* "ecdsa-with-Specified" */
-48,	/* "emailAddress" */
-632,	/* "encrypted track 2" */
-885,	/* "enhancedSearchGuide" */
-56,	/* "extendedCertificateAttributes" */
-867,	/* "facsimileTelephoneNumber" */
-462,	/* "favouriteDrink" */
-453,	/* "friendlyCountry" */
-490,	/* "friendlyCountryName" */
-156,	/* "friendlyName" */
-631,	/* "generate cryptogram" */
-509,	/* "generationQualifier" */
-601,	/* "generic cryptogram" */
-99,	/* "givenName" */
-814,	/* "gost89-cnt" */
-855,	/* "hmac" */
-780,	/* "hmac-md5" */
-781,	/* "hmac-sha1" */
-797,	/* "hmacWithMD5" */
-163,	/* "hmacWithSHA1" */
-798,	/* "hmacWithSHA224" */
-799,	/* "hmacWithSHA256" */
-800,	/* "hmacWithSHA384" */
-801,	/* "hmacWithSHA512" */
-486,	/* "homePostalAddress" */
-473,	/* "homeTelephoneNumber" */
-466,	/* "host" */
-889,	/* "houseIdentifier" */
-442,	/* "iA5StringSyntax" */
-381,	/* "iana" */
-824,	/* "id-Gost28147-89-CryptoPro-A-ParamSet" */
-825,	/* "id-Gost28147-89-CryptoPro-B-ParamSet" */
-826,	/* "id-Gost28147-89-CryptoPro-C-ParamSet" */
-827,	/* "id-Gost28147-89-CryptoPro-D-ParamSet" */
-819,	/* "id-Gost28147-89-CryptoPro-KeyMeshing" */
-829,	/* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
-828,	/* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
-830,	/* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
-820,	/* "id-Gost28147-89-None-KeyMeshing" */
-823,	/* "id-Gost28147-89-TestParamSet" */
-840,	/* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
-841,	/* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
-842,	/* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
-843,	/* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
-844,	/* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
-839,	/* "id-GostR3410-2001-TestParamSet" */
-832,	/* "id-GostR3410-94-CryptoPro-A-ParamSet" */
-833,	/* "id-GostR3410-94-CryptoPro-B-ParamSet" */
-834,	/* "id-GostR3410-94-CryptoPro-C-ParamSet" */
-835,	/* "id-GostR3410-94-CryptoPro-D-ParamSet" */
-836,	/* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
-837,	/* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
-838,	/* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
-831,	/* "id-GostR3410-94-TestParamSet" */
-845,	/* "id-GostR3410-94-a" */
-846,	/* "id-GostR3410-94-aBis" */
-847,	/* "id-GostR3410-94-b" */
-848,	/* "id-GostR3410-94-bBis" */
-822,	/* "id-GostR3411-94-CryptoProParamSet" */
-821,	/* "id-GostR3411-94-TestParamSet" */
-266,	/* "id-aca" */
-355,	/* "id-aca-accessIdentity" */
-354,	/* "id-aca-authenticationInfo" */
-356,	/* "id-aca-chargingIdentity" */
-399,	/* "id-aca-encAttrs" */
-357,	/* "id-aca-group" */
-358,	/* "id-aca-role" */
-176,	/* "id-ad" */
-788,	/* "id-aes128-wrap" */
-897,	/* "id-aes128-wrap-pad" */
-789,	/* "id-aes192-wrap" */
-900,	/* "id-aes192-wrap-pad" */
-790,	/* "id-aes256-wrap" */
-903,	/* "id-aes256-wrap-pad" */
-262,	/* "id-alg" */
-893,	/* "id-alg-PWRI-KEK" */
-323,	/* "id-alg-des40" */
-326,	/* "id-alg-dh-pop" */
-325,	/* "id-alg-dh-sig-hmac-sha1" */
-324,	/* "id-alg-noSignature" */
-907,	/* "id-camellia128-wrap" */
-908,	/* "id-camellia192-wrap" */
-909,	/* "id-camellia256-wrap" */
-268,	/* "id-cct" */
-361,	/* "id-cct-PKIData" */
-362,	/* "id-cct-PKIResponse" */
-360,	/* "id-cct-crs" */
-81,	/* "id-ce" */
-680,	/* "id-characteristic-two-basis" */
-263,	/* "id-cmc" */
-334,	/* "id-cmc-addExtensions" */
-346,	/* "id-cmc-confirmCertAcceptance" */
-330,	/* "id-cmc-dataReturn" */
-336,	/* "id-cmc-decryptedPOP" */
-335,	/* "id-cmc-encryptedPOP" */
-339,	/* "id-cmc-getCRL" */
-338,	/* "id-cmc-getCert" */
-328,	/* "id-cmc-identification" */
-329,	/* "id-cmc-identityProof" */
-337,	/* "id-cmc-lraPOPWitness" */
-344,	/* "id-cmc-popLinkRandom" */
-345,	/* "id-cmc-popLinkWitness" */
-343,	/* "id-cmc-queryPending" */
-333,	/* "id-cmc-recipientNonce" */
-341,	/* "id-cmc-regInfo" */
-342,	/* "id-cmc-responseInfo" */
-340,	/* "id-cmc-revokeRequest" */
-332,	/* "id-cmc-senderNonce" */
-327,	/* "id-cmc-statusInfo" */
-331,	/* "id-cmc-transactionId" */
-787,	/* "id-ct-asciiTextWithCRLF" */
-408,	/* "id-ecPublicKey" */
-508,	/* "id-hex-multipart-message" */
-507,	/* "id-hex-partial-message" */
-260,	/* "id-it" */
-302,	/* "id-it-caKeyUpdateInfo" */
-298,	/* "id-it-caProtEncCert" */
-311,	/* "id-it-confirmWaitTime" */
-303,	/* "id-it-currentCRL" */
-300,	/* "id-it-encKeyPairTypes" */
-310,	/* "id-it-implicitConfirm" */
-308,	/* "id-it-keyPairParamRep" */
-307,	/* "id-it-keyPairParamReq" */
-312,	/* "id-it-origPKIMessage" */
-301,	/* "id-it-preferredSymmAlg" */
-309,	/* "id-it-revPassphrase" */
-299,	/* "id-it-signKeyPairTypes" */
-305,	/* "id-it-subscriptionRequest" */
-306,	/* "id-it-subscriptionResponse" */
-784,	/* "id-it-suppLangTags" */
-304,	/* "id-it-unsupportedOIDs" */
-128,	/* "id-kp" */
-280,	/* "id-mod-attribute-cert" */
-274,	/* "id-mod-cmc" */
-277,	/* "id-mod-cmp" */
-284,	/* "id-mod-cmp2000" */
-273,	/* "id-mod-crmf" */
-283,	/* "id-mod-dvcs" */
-275,	/* "id-mod-kea-profile-88" */
-276,	/* "id-mod-kea-profile-93" */
-282,	/* "id-mod-ocsp" */
-278,	/* "id-mod-qualified-cert-88" */
-279,	/* "id-mod-qualified-cert-93" */
-281,	/* "id-mod-timestamp-protocol" */
-264,	/* "id-on" */
-347,	/* "id-on-personalData" */
-265,	/* "id-pda" */
-352,	/* "id-pda-countryOfCitizenship" */
-353,	/* "id-pda-countryOfResidence" */
-348,	/* "id-pda-dateOfBirth" */
-351,	/* "id-pda-gender" */
-349,	/* "id-pda-placeOfBirth" */
-175,	/* "id-pe" */
-261,	/* "id-pkip" */
-258,	/* "id-pkix-mod" */
-269,	/* "id-pkix1-explicit-88" */
-271,	/* "id-pkix1-explicit-93" */
-270,	/* "id-pkix1-implicit-88" */
-272,	/* "id-pkix1-implicit-93" */
-662,	/* "id-ppl" */
-267,	/* "id-qcs" */
-359,	/* "id-qcs-pkixQCSyntax-v1" */
-259,	/* "id-qt" */
-313,	/* "id-regCtrl" */
-316,	/* "id-regCtrl-authenticator" */
-319,	/* "id-regCtrl-oldCertID" */
-318,	/* "id-regCtrl-pkiArchiveOptions" */
-317,	/* "id-regCtrl-pkiPublicationInfo" */
-320,	/* "id-regCtrl-protocolEncrKey" */
-315,	/* "id-regCtrl-regToken" */
-314,	/* "id-regInfo" */
-322,	/* "id-regInfo-certReq" */
-321,	/* "id-regInfo-utf8Pairs" */
-191,	/* "id-smime-aa" */
-215,	/* "id-smime-aa-contentHint" */
-218,	/* "id-smime-aa-contentIdentifier" */
-221,	/* "id-smime-aa-contentReference" */
-240,	/* "id-smime-aa-dvcs-dvc" */
-217,	/* "id-smime-aa-encapContentType" */
-222,	/* "id-smime-aa-encrypKeyPref" */
-220,	/* "id-smime-aa-equivalentLabels" */
-232,	/* "id-smime-aa-ets-CertificateRefs" */
-233,	/* "id-smime-aa-ets-RevocationRefs" */
-238,	/* "id-smime-aa-ets-archiveTimeStamp" */
-237,	/* "id-smime-aa-ets-certCRLTimestamp" */
-234,	/* "id-smime-aa-ets-certValues" */
-227,	/* "id-smime-aa-ets-commitmentType" */
-231,	/* "id-smime-aa-ets-contentTimestamp" */
-236,	/* "id-smime-aa-ets-escTimeStamp" */
-230,	/* "id-smime-aa-ets-otherSigCert" */
-235,	/* "id-smime-aa-ets-revocationValues" */
-226,	/* "id-smime-aa-ets-sigPolicyId" */
-229,	/* "id-smime-aa-ets-signerAttr" */
-228,	/* "id-smime-aa-ets-signerLocation" */
-219,	/* "id-smime-aa-macValue" */
-214,	/* "id-smime-aa-mlExpandHistory" */
-216,	/* "id-smime-aa-msgSigDigest" */
-212,	/* "id-smime-aa-receiptRequest" */
-213,	/* "id-smime-aa-securityLabel" */
-239,	/* "id-smime-aa-signatureType" */
-223,	/* "id-smime-aa-signingCertificate" */
-224,	/* "id-smime-aa-smimeEncryptCerts" */
-225,	/* "id-smime-aa-timeStampToken" */
-192,	/* "id-smime-alg" */
-243,	/* "id-smime-alg-3DESwrap" */
-246,	/* "id-smime-alg-CMS3DESwrap" */
-247,	/* "id-smime-alg-CMSRC2wrap" */
-245,	/* "id-smime-alg-ESDH" */
-241,	/* "id-smime-alg-ESDHwith3DES" */
-242,	/* "id-smime-alg-ESDHwithRC2" */
-244,	/* "id-smime-alg-RC2wrap" */
-193,	/* "id-smime-cd" */
-248,	/* "id-smime-cd-ldap" */
-190,	/* "id-smime-ct" */
-210,	/* "id-smime-ct-DVCSRequestData" */
-211,	/* "id-smime-ct-DVCSResponseData" */
-208,	/* "id-smime-ct-TDTInfo" */
-207,	/* "id-smime-ct-TSTInfo" */
-205,	/* "id-smime-ct-authData" */
-786,	/* "id-smime-ct-compressedData" */
-209,	/* "id-smime-ct-contentInfo" */
-206,	/* "id-smime-ct-publishCert" */
-204,	/* "id-smime-ct-receipt" */
-195,	/* "id-smime-cti" */
-255,	/* "id-smime-cti-ets-proofOfApproval" */
-256,	/* "id-smime-cti-ets-proofOfCreation" */
-253,	/* "id-smime-cti-ets-proofOfDelivery" */
-251,	/* "id-smime-cti-ets-proofOfOrigin" */
-252,	/* "id-smime-cti-ets-proofOfReceipt" */
-254,	/* "id-smime-cti-ets-proofOfSender" */
-189,	/* "id-smime-mod" */
-196,	/* "id-smime-mod-cms" */
-197,	/* "id-smime-mod-ess" */
-202,	/* "id-smime-mod-ets-eSigPolicy-88" */
-203,	/* "id-smime-mod-ets-eSigPolicy-97" */
-200,	/* "id-smime-mod-ets-eSignature-88" */
-201,	/* "id-smime-mod-ets-eSignature-97" */
-199,	/* "id-smime-mod-msg-v3" */
-198,	/* "id-smime-mod-oid" */
-194,	/* "id-smime-spq" */
-250,	/* "id-smime-spq-ets-sqt-unotice" */
-249,	/* "id-smime-spq-ets-sqt-uri" */
-34,	/* "idea-cbc" */
-35,	/* "idea-cfb" */
-36,	/* "idea-ecb" */
-46,	/* "idea-ofb" */
-676,	/* "identified-organization" */
-461,	/* "info" */
-101,	/* "initials" */
-869,	/* "internationaliSDNNumber" */
-749,	/* "ipsec3" */
-750,	/* "ipsec4" */
-181,	/* "iso" */
-623,	/* "issuer capabilities" */
-645,	/* "itu-t" */
-492,	/* "janetMailbox" */
-646,	/* "joint-iso-itu-t" */
-150,	/* "keyBag" */
-773,	/* "kisa" */
-477,	/* "lastModifiedBy" */
-476,	/* "lastModifiedTime" */
-157,	/* "localKeyID" */
-15,	/* "localityName" */
-480,	/* "mXRecord" */
-493,	/* "mailPreferenceOption" */
-467,	/* "manager" */
- 3,	/* "md2" */
- 7,	/* "md2WithRSAEncryption" */
-257,	/* "md4" */
-396,	/* "md4WithRSAEncryption" */
- 4,	/* "md5" */
-114,	/* "md5-sha1" */
-104,	/* "md5WithRSA" */
- 8,	/* "md5WithRSAEncryption" */
-95,	/* "mdc2" */
-96,	/* "mdc2WithRSA" */
-875,	/* "member" */
-602,	/* "merchant initiated auth" */
-514,	/* "message extensions" */
-51,	/* "messageDigest" */
-911,	/* "mgf1" */
-506,	/* "mime-mhs-bodies" */
-505,	/* "mime-mhs-headings" */
-488,	/* "mobileTelephoneNumber" */
-481,	/* "nSRecord" */
-173,	/* "name" */
-681,	/* "onBasis" */
-379,	/* "org" */
-17,	/* "organizationName" */
-491,	/* "organizationalStatus" */
-18,	/* "organizationalUnitName" */
-475,	/* "otherMailbox" */
-876,	/* "owner" */
-489,	/* "pagerTelephoneNumber" */
-782,	/* "password based MAC" */
-374,	/* "path" */
-621,	/* "payment gateway capabilities" */
- 9,	/* "pbeWithMD2AndDES-CBC" */
-168,	/* "pbeWithMD2AndRC2-CBC" */
-112,	/* "pbeWithMD5AndCast5CBC" */
-10,	/* "pbeWithMD5AndDES-CBC" */
-169,	/* "pbeWithMD5AndRC2-CBC" */
-148,	/* "pbeWithSHA1And128BitRC2-CBC" */
-144,	/* "pbeWithSHA1And128BitRC4" */
-147,	/* "pbeWithSHA1And2-KeyTripleDES-CBC" */
-146,	/* "pbeWithSHA1And3-KeyTripleDES-CBC" */
-149,	/* "pbeWithSHA1And40BitRC2-CBC" */
-145,	/* "pbeWithSHA1And40BitRC4" */
-170,	/* "pbeWithSHA1AndDES-CBC" */
-68,	/* "pbeWithSHA1AndRC2-CBC" */
-499,	/* "personalSignature" */
-487,	/* "personalTitle" */
-464,	/* "photo" */
-863,	/* "physicalDeliveryOfficeName" */
-437,	/* "pilot" */
-439,	/* "pilotAttributeSyntax" */
-438,	/* "pilotAttributeType" */
-479,	/* "pilotAttributeType27" */
-456,	/* "pilotDSA" */
-441,	/* "pilotGroups" */
-444,	/* "pilotObject" */
-440,	/* "pilotObjectClass" */
-455,	/* "pilotOrganization" */
-445,	/* "pilotPerson" */
-186,	/* "pkcs1" */
-27,	/* "pkcs3" */
-187,	/* "pkcs5" */
-20,	/* "pkcs7" */
-21,	/* "pkcs7-data" */
-25,	/* "pkcs7-digestData" */
-26,	/* "pkcs7-encryptedData" */
-23,	/* "pkcs7-envelopedData" */
-24,	/* "pkcs7-signedAndEnvelopedData" */
-22,	/* "pkcs7-signedData" */
-151,	/* "pkcs8ShroudedKeyBag" */
-47,	/* "pkcs9" */
-862,	/* "postOfficeBox" */
-861,	/* "postalAddress" */
-661,	/* "postalCode" */
-683,	/* "ppBasis" */
-872,	/* "preferredDeliveryMethod" */
-873,	/* "presentationAddress" */
-406,	/* "prime-field" */
-409,	/* "prime192v1" */
-410,	/* "prime192v2" */
-411,	/* "prime192v3" */
-412,	/* "prime239v1" */
-413,	/* "prime239v2" */
-414,	/* "prime239v3" */
-415,	/* "prime256v1" */
-886,	/* "protocolInformation" */
-510,	/* "pseudonym" */
-435,	/* "pss" */
-286,	/* "qcStatements" */
-457,	/* "qualityLabelledData" */
-450,	/* "rFC822localPart" */
-98,	/* "rc2-40-cbc" */
-166,	/* "rc2-64-cbc" */
-37,	/* "rc2-cbc" */
-39,	/* "rc2-cfb" */
-38,	/* "rc2-ecb" */
-40,	/* "rc2-ofb" */
- 5,	/* "rc4" */
-97,	/* "rc4-40" */
-915,	/* "rc4-hmac-md5" */
-120,	/* "rc5-cbc" */
-122,	/* "rc5-cfb" */
-121,	/* "rc5-ecb" */
-123,	/* "rc5-ofb" */
-870,	/* "registeredAddress" */
-460,	/* "rfc822Mailbox" */
-117,	/* "ripemd160" */
-119,	/* "ripemd160WithRSA" */
-400,	/* "role" */
-877,	/* "roleOccupant" */
-448,	/* "room" */
-463,	/* "roomNumber" */
-19,	/* "rsa" */
- 6,	/* "rsaEncryption" */
-644,	/* "rsaOAEPEncryptionSET" */
-377,	/* "rsaSignature" */
-919,	/* "rsaesOaep" */
-912,	/* "rsassaPss" */
-124,	/* "run length compression" */
-482,	/* "sOARecord" */
-155,	/* "safeContentsBag" */
-291,	/* "sbgp-autonomousSysNum" */
-290,	/* "sbgp-ipAddrBlock" */
-292,	/* "sbgp-routerIdentifier" */
-159,	/* "sdsiCertificate" */
-859,	/* "searchGuide" */
-704,	/* "secp112r1" */
-705,	/* "secp112r2" */
-706,	/* "secp128r1" */
-707,	/* "secp128r2" */
-708,	/* "secp160k1" */
-709,	/* "secp160r1" */
-710,	/* "secp160r2" */
-711,	/* "secp192k1" */
-712,	/* "secp224k1" */
-713,	/* "secp224r1" */
-714,	/* "secp256k1" */
-715,	/* "secp384r1" */
-716,	/* "secp521r1" */
-154,	/* "secretBag" */
-474,	/* "secretary" */
-717,	/* "sect113r1" */
-718,	/* "sect113r2" */
-719,	/* "sect131r1" */
-720,	/* "sect131r2" */
-721,	/* "sect163k1" */
-722,	/* "sect163r1" */
-723,	/* "sect163r2" */
-724,	/* "sect193r1" */
-725,	/* "sect193r2" */
-726,	/* "sect233k1" */
-727,	/* "sect233r1" */
-728,	/* "sect239k1" */
-729,	/* "sect283k1" */
-730,	/* "sect283r1" */
-731,	/* "sect409k1" */
-732,	/* "sect409r1" */
-733,	/* "sect571k1" */
-734,	/* "sect571r1" */
-635,	/* "secure device signature" */
-878,	/* "seeAlso" */
-777,	/* "seed-cbc" */
-779,	/* "seed-cfb" */
-776,	/* "seed-ecb" */
-778,	/* "seed-ofb" */
-105,	/* "serialNumber" */
-625,	/* "set-addPolicy" */
-515,	/* "set-attr" */
-518,	/* "set-brand" */
-638,	/* "set-brand-AmericanExpress" */
-637,	/* "set-brand-Diners" */
-636,	/* "set-brand-IATA-ATA" */
-639,	/* "set-brand-JCB" */
-641,	/* "set-brand-MasterCard" */
-642,	/* "set-brand-Novus" */
-640,	/* "set-brand-Visa" */
-516,	/* "set-policy" */
-607,	/* "set-policy-root" */
-624,	/* "set-rootKeyThumb" */
-620,	/* "setAttr-Cert" */
-628,	/* "setAttr-IssCap-CVM" */
-630,	/* "setAttr-IssCap-Sig" */
-629,	/* "setAttr-IssCap-T2" */
-627,	/* "setAttr-Token-B0Prime" */
-626,	/* "setAttr-Token-EMV" */
-622,	/* "setAttr-TokenType" */
-619,	/* "setCext-IssuerCapabilities" */
-615,	/* "setCext-PGWYcapabilities" */
-616,	/* "setCext-TokenIdentifier" */
-618,	/* "setCext-TokenType" */
-617,	/* "setCext-Track2Data" */
-611,	/* "setCext-cCertRequired" */
-609,	/* "setCext-certType" */
-608,	/* "setCext-hashedRoot" */
-610,	/* "setCext-merchData" */
-613,	/* "setCext-setExt" */
-614,	/* "setCext-setQualf" */
-612,	/* "setCext-tunneling" */
-540,	/* "setct-AcqCardCodeMsg" */
-576,	/* "setct-AcqCardCodeMsgTBE" */
-570,	/* "setct-AuthReqTBE" */
-534,	/* "setct-AuthReqTBS" */
-527,	/* "setct-AuthResBaggage" */
-571,	/* "setct-AuthResTBE" */
-572,	/* "setct-AuthResTBEX" */
-535,	/* "setct-AuthResTBS" */
-536,	/* "setct-AuthResTBSX" */
-528,	/* "setct-AuthRevReqBaggage" */
-577,	/* "setct-AuthRevReqTBE" */
-541,	/* "setct-AuthRevReqTBS" */
-529,	/* "setct-AuthRevResBaggage" */
-542,	/* "setct-AuthRevResData" */
-578,	/* "setct-AuthRevResTBE" */
-579,	/* "setct-AuthRevResTBEB" */
-543,	/* "setct-AuthRevResTBS" */
-573,	/* "setct-AuthTokenTBE" */
-537,	/* "setct-AuthTokenTBS" */
-600,	/* "setct-BCIDistributionTBS" */
-558,	/* "setct-BatchAdminReqData" */
-592,	/* "setct-BatchAdminReqTBE" */
-559,	/* "setct-BatchAdminResData" */
-593,	/* "setct-BatchAdminResTBE" */
-599,	/* "setct-CRLNotificationResTBS" */
-598,	/* "setct-CRLNotificationTBS" */
-580,	/* "setct-CapReqTBE" */
-581,	/* "setct-CapReqTBEX" */
-544,	/* "setct-CapReqTBS" */
-545,	/* "setct-CapReqTBSX" */
-546,	/* "setct-CapResData" */
-582,	/* "setct-CapResTBE" */
-583,	/* "setct-CapRevReqTBE" */
-584,	/* "setct-CapRevReqTBEX" */
-547,	/* "setct-CapRevReqTBS" */
-548,	/* "setct-CapRevReqTBSX" */
-549,	/* "setct-CapRevResData" */
-585,	/* "setct-CapRevResTBE" */
-538,	/* "setct-CapTokenData" */
-530,	/* "setct-CapTokenSeq" */
-574,	/* "setct-CapTokenTBE" */
-575,	/* "setct-CapTokenTBEX" */
-539,	/* "setct-CapTokenTBS" */
-560,	/* "setct-CardCInitResTBS" */
-566,	/* "setct-CertInqReqTBS" */
-563,	/* "setct-CertReqData" */
-595,	/* "setct-CertReqTBE" */
-596,	/* "setct-CertReqTBEX" */
-564,	/* "setct-CertReqTBS" */
-565,	/* "setct-CertResData" */
-597,	/* "setct-CertResTBE" */
-586,	/* "setct-CredReqTBE" */
-587,	/* "setct-CredReqTBEX" */
-550,	/* "setct-CredReqTBS" */
-551,	/* "setct-CredReqTBSX" */
-552,	/* "setct-CredResData" */
-588,	/* "setct-CredResTBE" */
-589,	/* "setct-CredRevReqTBE" */
-590,	/* "setct-CredRevReqTBEX" */
-553,	/* "setct-CredRevReqTBS" */
-554,	/* "setct-CredRevReqTBSX" */
-555,	/* "setct-CredRevResData" */
-591,	/* "setct-CredRevResTBE" */
-567,	/* "setct-ErrorTBS" */
-526,	/* "setct-HODInput" */
-561,	/* "setct-MeAqCInitResTBS" */
-522,	/* "setct-OIData" */
-519,	/* "setct-PANData" */
-521,	/* "setct-PANOnly" */
-520,	/* "setct-PANToken" */
-556,	/* "setct-PCertReqData" */
-557,	/* "setct-PCertResTBS" */
-523,	/* "setct-PI" */
-532,	/* "setct-PI-TBS" */
-524,	/* "setct-PIData" */
-525,	/* "setct-PIDataUnsigned" */
-568,	/* "setct-PIDualSignedTBE" */
-569,	/* "setct-PIUnsignedTBE" */
-531,	/* "setct-PInitResData" */
-533,	/* "setct-PResData" */
-594,	/* "setct-RegFormReqTBE" */
-562,	/* "setct-RegFormResTBS" */
-604,	/* "setext-pinAny" */
-603,	/* "setext-pinSecure" */
-605,	/* "setext-track2" */
-41,	/* "sha" */
-64,	/* "sha1" */
-115,	/* "sha1WithRSA" */
-65,	/* "sha1WithRSAEncryption" */
-675,	/* "sha224" */
-671,	/* "sha224WithRSAEncryption" */
-672,	/* "sha256" */
-668,	/* "sha256WithRSAEncryption" */
-673,	/* "sha384" */
-669,	/* "sha384WithRSAEncryption" */
-674,	/* "sha512" */
-670,	/* "sha512WithRSAEncryption" */
-42,	/* "shaWithRSAEncryption" */
-52,	/* "signingTime" */
-454,	/* "simpleSecurityObject" */
-496,	/* "singleLevelQuality" */
-16,	/* "stateOrProvinceName" */
-660,	/* "streetAddress" */
-498,	/* "subtreeMaximumQuality" */
-497,	/* "subtreeMinimumQuality" */
-890,	/* "supportedAlgorithms" */
-874,	/* "supportedApplicationContext" */
-100,	/* "surname" */
-864,	/* "telephoneNumber" */
-866,	/* "teletexTerminalIdentifier" */
-865,	/* "telexNumber" */
-459,	/* "textEncodedORAddress" */
-293,	/* "textNotice" */
-106,	/* "title" */
-682,	/* "tpBasis" */
-436,	/* "ucl" */
- 0,	/* "undefined" */
-888,	/* "uniqueMember" */
-55,	/* "unstructuredAddress" */
-49,	/* "unstructuredName" */
-880,	/* "userCertificate" */
-465,	/* "userClass" */
-458,	/* "userId" */
-879,	/* "userPassword" */
-373,	/* "valid" */
-678,	/* "wap" */
-679,	/* "wap-wsg" */
-735,	/* "wap-wsg-idm-ecid-wtls1" */
-743,	/* "wap-wsg-idm-ecid-wtls10" */
-744,	/* "wap-wsg-idm-ecid-wtls11" */
-745,	/* "wap-wsg-idm-ecid-wtls12" */
-736,	/* "wap-wsg-idm-ecid-wtls3" */
-737,	/* "wap-wsg-idm-ecid-wtls4" */
-738,	/* "wap-wsg-idm-ecid-wtls5" */
-739,	/* "wap-wsg-idm-ecid-wtls6" */
-740,	/* "wap-wsg-idm-ecid-wtls7" */
-741,	/* "wap-wsg-idm-ecid-wtls8" */
-742,	/* "wap-wsg-idm-ecid-wtls9" */
-804,	/* "whirlpool" */
-868,	/* "x121Address" */
-503,	/* "x500UniqueIdentifier" */
-158,	/* "x509Certificate" */
-160,	/* "x509Crl" */
-125,	/* "zlib compression" */
-};
-
-static const unsigned int obj_objs[NUM_OBJ]={
- 0,	/* OBJ_undef                        0 */
-181,	/* OBJ_iso                          1 */
-393,	/* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
-404,	/* OBJ_ccitt                        OBJ_itu_t */
-645,	/* OBJ_itu_t                        0 */
-646,	/* OBJ_joint_iso_itu_t              2 */
-434,	/* OBJ_data                         0 9 */
-182,	/* OBJ_member_body                  1 2 */
-379,	/* OBJ_org                          1 3 */
-676,	/* OBJ_identified_organization      1 3 */
-11,	/* OBJ_X500                         2 5 */
-647,	/* OBJ_international_organizations  2 23 */
-380,	/* OBJ_dod                          1 3 6 */
-12,	/* OBJ_X509                         2 5 4 */
-378,	/* OBJ_X500algorithms               2 5 8 */
-81,	/* OBJ_id_ce                        2 5 29 */
-512,	/* OBJ_id_set                       2 23 42 */
-678,	/* OBJ_wap                          2 23 43 */
-435,	/* OBJ_pss                          0 9 2342 */
-183,	/* OBJ_ISO_US                       1 2 840 */
-381,	/* OBJ_iana                         1 3 6 1 */
-677,	/* OBJ_certicom_arc                 1 3 132 */
-394,	/* OBJ_selected_attribute_types     2 5 1 5 */
-13,	/* OBJ_commonName                   2 5 4 3 */
-100,	/* OBJ_surname                      2 5 4 4 */
-105,	/* OBJ_serialNumber                 2 5 4 5 */
-14,	/* OBJ_countryName                  2 5 4 6 */
-15,	/* OBJ_localityName                 2 5 4 7 */
-16,	/* OBJ_stateOrProvinceName          2 5 4 8 */
-660,	/* OBJ_streetAddress                2 5 4 9 */
-17,	/* OBJ_organizationName             2 5 4 10 */
-18,	/* OBJ_organizationalUnitName       2 5 4 11 */
-106,	/* OBJ_title                        2 5 4 12 */
-107,	/* OBJ_description                  2 5 4 13 */
-859,	/* OBJ_searchGuide                  2 5 4 14 */
-860,	/* OBJ_businessCategory             2 5 4 15 */
-861,	/* OBJ_postalAddress                2 5 4 16 */
-661,	/* OBJ_postalCode                   2 5 4 17 */
-862,	/* OBJ_postOfficeBox                2 5 4 18 */
-863,	/* OBJ_physicalDeliveryOfficeName   2 5 4 19 */
-864,	/* OBJ_telephoneNumber              2 5 4 20 */
-865,	/* OBJ_telexNumber                  2 5 4 21 */
-866,	/* OBJ_teletexTerminalIdentifier    2 5 4 22 */
-867,	/* OBJ_facsimileTelephoneNumber     2 5 4 23 */
-868,	/* OBJ_x121Address                  2 5 4 24 */
-869,	/* OBJ_internationaliSDNNumber      2 5 4 25 */
-870,	/* OBJ_registeredAddress            2 5 4 26 */
-871,	/* OBJ_destinationIndicator         2 5 4 27 */
-872,	/* OBJ_preferredDeliveryMethod      2 5 4 28 */
-873,	/* OBJ_presentationAddress          2 5 4 29 */
-874,	/* OBJ_supportedApplicationContext  2 5 4 30 */
-875,	/* OBJ_member                       2 5 4 31 */
-876,	/* OBJ_owner                        2 5 4 32 */
-877,	/* OBJ_roleOccupant                 2 5 4 33 */
-878,	/* OBJ_seeAlso                      2 5 4 34 */
-879,	/* OBJ_userPassword                 2 5 4 35 */
-880,	/* OBJ_userCertificate              2 5 4 36 */
-881,	/* OBJ_cACertificate                2 5 4 37 */
-882,	/* OBJ_authorityRevocationList      2 5 4 38 */
-883,	/* OBJ_certificateRevocationList    2 5 4 39 */
-884,	/* OBJ_crossCertificatePair         2 5 4 40 */
-173,	/* OBJ_name                         2 5 4 41 */
-99,	/* OBJ_givenName                    2 5 4 42 */
-101,	/* OBJ_initials                     2 5 4 43 */
-509,	/* OBJ_generationQualifier          2 5 4 44 */
-503,	/* OBJ_x500UniqueIdentifier         2 5 4 45 */
-174,	/* OBJ_dnQualifier                  2 5 4 46 */
-885,	/* OBJ_enhancedSearchGuide          2 5 4 47 */
-886,	/* OBJ_protocolInformation          2 5 4 48 */
-887,	/* OBJ_distinguishedName            2 5 4 49 */
-888,	/* OBJ_uniqueMember                 2 5 4 50 */
-889,	/* OBJ_houseIdentifier              2 5 4 51 */
-890,	/* OBJ_supportedAlgorithms          2 5 4 52 */
-891,	/* OBJ_deltaRevocationList          2 5 4 53 */
-892,	/* OBJ_dmdName                      2 5 4 54 */
-510,	/* OBJ_pseudonym                    2 5 4 65 */
-400,	/* OBJ_role                         2 5 4 72 */
-769,	/* OBJ_subject_directory_attributes 2 5 29 9 */
-82,	/* OBJ_subject_key_identifier       2 5 29 14 */
-83,	/* OBJ_key_usage                    2 5 29 15 */
-84,	/* OBJ_private_key_usage_period     2 5 29 16 */
-85,	/* OBJ_subject_alt_name             2 5 29 17 */
-86,	/* OBJ_issuer_alt_name              2 5 29 18 */
-87,	/* OBJ_basic_constraints            2 5 29 19 */
-88,	/* OBJ_crl_number                   2 5 29 20 */
-141,	/* OBJ_crl_reason                   2 5 29 21 */
-430,	/* OBJ_hold_instruction_code        2 5 29 23 */
-142,	/* OBJ_invalidity_date              2 5 29 24 */
-140,	/* OBJ_delta_crl                    2 5 29 27 */
-770,	/* OBJ_issuing_distribution_point   2 5 29 28 */
-771,	/* OBJ_certificate_issuer           2 5 29 29 */
-666,	/* OBJ_name_constraints             2 5 29 30 */
-103,	/* OBJ_crl_distribution_points      2 5 29 31 */
-89,	/* OBJ_certificate_policies         2 5 29 32 */
-747,	/* OBJ_policy_mappings              2 5 29 33 */
-90,	/* OBJ_authority_key_identifier     2 5 29 35 */
-401,	/* OBJ_policy_constraints           2 5 29 36 */
-126,	/* OBJ_ext_key_usage                2 5 29 37 */
-857,	/* OBJ_freshest_crl                 2 5 29 46 */
-748,	/* OBJ_inhibit_any_policy           2 5 29 54 */
-402,	/* OBJ_target_information           2 5 29 55 */
-403,	/* OBJ_no_rev_avail                 2 5 29 56 */
-513,	/* OBJ_set_ctype                    2 23 42 0 */
-514,	/* OBJ_set_msgExt                   2 23 42 1 */
-515,	/* OBJ_set_attr                     2 23 42 3 */
-516,	/* OBJ_set_policy                   2 23 42 5 */
-517,	/* OBJ_set_certExt                  2 23 42 7 */
-518,	/* OBJ_set_brand                    2 23 42 8 */
-679,	/* OBJ_wap_wsg                      2 23 43 1 */
-382,	/* OBJ_Directory                    1 3 6 1 1 */
-383,	/* OBJ_Management                   1 3 6 1 2 */
-384,	/* OBJ_Experimental                 1 3 6 1 3 */
-385,	/* OBJ_Private                      1 3 6 1 4 */
-386,	/* OBJ_Security                     1 3 6 1 5 */
-387,	/* OBJ_SNMPv2                       1 3 6 1 6 */
-388,	/* OBJ_Mail                         1 3 6 1 7 */
-376,	/* OBJ_algorithm                    1 3 14 3 2 */
-395,	/* OBJ_clearance                    2 5 1 5 55 */
-19,	/* OBJ_rsa                          2 5 8 1 1 */
-96,	/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
-95,	/* OBJ_mdc2                         2 5 8 3 101 */
-746,	/* OBJ_any_policy                   2 5 29 32 0 */
-910,	/* OBJ_anyExtendedKeyUsage          2 5 29 37 0 */
-519,	/* OBJ_setct_PANData                2 23 42 0 0 */
-520,	/* OBJ_setct_PANToken               2 23 42 0 1 */
-521,	/* OBJ_setct_PANOnly                2 23 42 0 2 */
-522,	/* OBJ_setct_OIData                 2 23 42 0 3 */
-523,	/* OBJ_setct_PI                     2 23 42 0 4 */
-524,	/* OBJ_setct_PIData                 2 23 42 0 5 */
-525,	/* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
-526,	/* OBJ_setct_HODInput               2 23 42 0 7 */
-527,	/* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
-528,	/* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
-529,	/* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
-530,	/* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
-531,	/* OBJ_setct_PInitResData           2 23 42 0 12 */
-532,	/* OBJ_setct_PI_TBS                 2 23 42 0 13 */
-533,	/* OBJ_setct_PResData               2 23 42 0 14 */
-534,	/* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
-535,	/* OBJ_setct_AuthResTBS             2 23 42 0 17 */
-536,	/* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
-537,	/* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
-538,	/* OBJ_setct_CapTokenData           2 23 42 0 20 */
-539,	/* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
-540,	/* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
-541,	/* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
-542,	/* OBJ_setct_AuthRevResData         2 23 42 0 24 */
-543,	/* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
-544,	/* OBJ_setct_CapReqTBS              2 23 42 0 26 */
-545,	/* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
-546,	/* OBJ_setct_CapResData             2 23 42 0 28 */
-547,	/* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
-548,	/* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
-549,	/* OBJ_setct_CapRevResData          2 23 42 0 31 */
-550,	/* OBJ_setct_CredReqTBS             2 23 42 0 32 */
-551,	/* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
-552,	/* OBJ_setct_CredResData            2 23 42 0 34 */
-553,	/* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
-554,	/* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
-555,	/* OBJ_setct_CredRevResData         2 23 42 0 37 */
-556,	/* OBJ_setct_PCertReqData           2 23 42 0 38 */
-557,	/* OBJ_setct_PCertResTBS            2 23 42 0 39 */
-558,	/* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
-559,	/* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
-560,	/* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
-561,	/* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
-562,	/* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
-563,	/* OBJ_setct_CertReqData            2 23 42 0 45 */
-564,	/* OBJ_setct_CertReqTBS             2 23 42 0 46 */
-565,	/* OBJ_setct_CertResData            2 23 42 0 47 */
-566,	/* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
-567,	/* OBJ_setct_ErrorTBS               2 23 42 0 49 */
-568,	/* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
-569,	/* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
-570,	/* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
-571,	/* OBJ_setct_AuthResTBE             2 23 42 0 53 */
-572,	/* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
-573,	/* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
-574,	/* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
-575,	/* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
-576,	/* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
-577,	/* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
-578,	/* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
-579,	/* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
-580,	/* OBJ_setct_CapReqTBE              2 23 42 0 62 */
-581,	/* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
-582,	/* OBJ_setct_CapResTBE              2 23 42 0 64 */
-583,	/* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
-584,	/* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
-585,	/* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
-586,	/* OBJ_setct_CredReqTBE             2 23 42 0 68 */
-587,	/* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
-588,	/* OBJ_setct_CredResTBE             2 23 42 0 70 */
-589,	/* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
-590,	/* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
-591,	/* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
-592,	/* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
-593,	/* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
-594,	/* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
-595,	/* OBJ_setct_CertReqTBE             2 23 42 0 77 */
-596,	/* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
-597,	/* OBJ_setct_CertResTBE             2 23 42 0 79 */
-598,	/* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
-599,	/* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
-600,	/* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
-601,	/* OBJ_setext_genCrypt              2 23 42 1 1 */
-602,	/* OBJ_setext_miAuth                2 23 42 1 3 */
-603,	/* OBJ_setext_pinSecure             2 23 42 1 4 */
-604,	/* OBJ_setext_pinAny                2 23 42 1 5 */
-605,	/* OBJ_setext_track2                2 23 42 1 7 */
-606,	/* OBJ_setext_cv                    2 23 42 1 8 */
-620,	/* OBJ_setAttr_Cert                 2 23 42 3 0 */
-621,	/* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
-622,	/* OBJ_setAttr_TokenType            2 23 42 3 2 */
-623,	/* OBJ_setAttr_IssCap               2 23 42 3 3 */
-607,	/* OBJ_set_policy_root              2 23 42 5 0 */
-608,	/* OBJ_setCext_hashedRoot           2 23 42 7 0 */
-609,	/* OBJ_setCext_certType             2 23 42 7 1 */
-610,	/* OBJ_setCext_merchData            2 23 42 7 2 */
-611,	/* OBJ_setCext_cCertRequired        2 23 42 7 3 */
-612,	/* OBJ_setCext_tunneling            2 23 42 7 4 */
-613,	/* OBJ_setCext_setExt               2 23 42 7 5 */
-614,	/* OBJ_setCext_setQualf             2 23 42 7 6 */
-615,	/* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
-616,	/* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
-617,	/* OBJ_setCext_Track2Data           2 23 42 7 9 */
-618,	/* OBJ_setCext_TokenType            2 23 42 7 10 */
-619,	/* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
-636,	/* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
-640,	/* OBJ_set_brand_Visa               2 23 42 8 4 */
-641,	/* OBJ_set_brand_MasterCard         2 23 42 8 5 */
-637,	/* OBJ_set_brand_Diners             2 23 42 8 30 */
-638,	/* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
-639,	/* OBJ_set_brand_JCB                2 23 42 8 35 */
-805,	/* OBJ_cryptopro                    1 2 643 2 2 */
-806,	/* OBJ_cryptocom                    1 2 643 2 9 */
-184,	/* OBJ_X9_57                        1 2 840 10040 */
-405,	/* OBJ_ansi_X9_62                   1 2 840 10045 */
-389,	/* OBJ_Enterprises                  1 3 6 1 4 1 */
-504,	/* OBJ_mime_mhs                     1 3 6 1 7 1 */
-104,	/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
-29,	/* OBJ_des_ecb                      1 3 14 3 2 6 */
-31,	/* OBJ_des_cbc                      1 3 14 3 2 7 */
-45,	/* OBJ_des_ofb64                    1 3 14 3 2 8 */
-30,	/* OBJ_des_cfb64                    1 3 14 3 2 9 */
-377,	/* OBJ_rsaSignature                 1 3 14 3 2 11 */
-67,	/* OBJ_dsa_2                        1 3 14 3 2 12 */
-66,	/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
-42,	/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
-32,	/* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
-41,	/* OBJ_sha                          1 3 14 3 2 18 */
-64,	/* OBJ_sha1                         1 3 14 3 2 26 */
-70,	/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
-115,	/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
-117,	/* OBJ_ripemd160                    1 3 36 3 2 1 */
-143,	/* OBJ_sxnet                        1 3 101 1 4 1 */
-721,	/* OBJ_sect163k1                    1 3 132 0 1 */
-722,	/* OBJ_sect163r1                    1 3 132 0 2 */
-728,	/* OBJ_sect239k1                    1 3 132 0 3 */
-717,	/* OBJ_sect113r1                    1 3 132 0 4 */
-718,	/* OBJ_sect113r2                    1 3 132 0 5 */
-704,	/* OBJ_secp112r1                    1 3 132 0 6 */
-705,	/* OBJ_secp112r2                    1 3 132 0 7 */
-709,	/* OBJ_secp160r1                    1 3 132 0 8 */
-708,	/* OBJ_secp160k1                    1 3 132 0 9 */
-714,	/* OBJ_secp256k1                    1 3 132 0 10 */
-723,	/* OBJ_sect163r2                    1 3 132 0 15 */
-729,	/* OBJ_sect283k1                    1 3 132 0 16 */
-730,	/* OBJ_sect283r1                    1 3 132 0 17 */
-719,	/* OBJ_sect131r1                    1 3 132 0 22 */
-720,	/* OBJ_sect131r2                    1 3 132 0 23 */
-724,	/* OBJ_sect193r1                    1 3 132 0 24 */
-725,	/* OBJ_sect193r2                    1 3 132 0 25 */
-726,	/* OBJ_sect233k1                    1 3 132 0 26 */
-727,	/* OBJ_sect233r1                    1 3 132 0 27 */
-706,	/* OBJ_secp128r1                    1 3 132 0 28 */
-707,	/* OBJ_secp128r2                    1 3 132 0 29 */
-710,	/* OBJ_secp160r2                    1 3 132 0 30 */
-711,	/* OBJ_secp192k1                    1 3 132 0 31 */
-712,	/* OBJ_secp224k1                    1 3 132 0 32 */
-713,	/* OBJ_secp224r1                    1 3 132 0 33 */
-715,	/* OBJ_secp384r1                    1 3 132 0 34 */
-716,	/* OBJ_secp521r1                    1 3 132 0 35 */
-731,	/* OBJ_sect409k1                    1 3 132 0 36 */
-732,	/* OBJ_sect409r1                    1 3 132 0 37 */
-733,	/* OBJ_sect571k1                    1 3 132 0 38 */
-734,	/* OBJ_sect571r1                    1 3 132 0 39 */
-624,	/* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
-625,	/* OBJ_set_addPolicy                2 23 42 3 0 1 */
-626,	/* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
-627,	/* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
-628,	/* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
-629,	/* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
-630,	/* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
-642,	/* OBJ_set_brand_Novus              2 23 42 8 6011 */
-735,	/* OBJ_wap_wsg_idm_ecid_wtls1       2 23 43 1 4 1 */
-736,	/* OBJ_wap_wsg_idm_ecid_wtls3       2 23 43 1 4 3 */
-737,	/* OBJ_wap_wsg_idm_ecid_wtls4       2 23 43 1 4 4 */
-738,	/* OBJ_wap_wsg_idm_ecid_wtls5       2 23 43 1 4 5 */
-739,	/* OBJ_wap_wsg_idm_ecid_wtls6       2 23 43 1 4 6 */
-740,	/* OBJ_wap_wsg_idm_ecid_wtls7       2 23 43 1 4 7 */
-741,	/* OBJ_wap_wsg_idm_ecid_wtls8       2 23 43 1 4 8 */
-742,	/* OBJ_wap_wsg_idm_ecid_wtls9       2 23 43 1 4 9 */
-743,	/* OBJ_wap_wsg_idm_ecid_wtls10      2 23 43 1 4 10 */
-744,	/* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 1 4 11 */
-745,	/* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 1 4 12 */
-804,	/* OBJ_whirlpool                    1 0 10118 3 0 55 */
-124,	/* OBJ_rle_compression              1 1 1 1 666 1 */
-773,	/* OBJ_kisa                         1 2 410 200004 */
-807,	/* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
-808,	/* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
-809,	/* OBJ_id_GostR3411_94              1 2 643 2 2 9 */
-810,	/* OBJ_id_HMACGostR3411_94          1 2 643 2 2 10 */
-811,	/* OBJ_id_GostR3410_2001            1 2 643 2 2 19 */
-812,	/* OBJ_id_GostR3410_94              1 2 643 2 2 20 */
-813,	/* OBJ_id_Gost28147_89              1 2 643 2 2 21 */
-815,	/* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
-816,	/* OBJ_id_GostR3411_94_prf          1 2 643 2 2 23 */
-817,	/* OBJ_id_GostR3410_2001DH          1 2 643 2 2 98 */
-818,	/* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
- 1,	/* OBJ_rsadsi                       1 2 840 113549 */
-185,	/* OBJ_X9cm                         1 2 840 10040 4 */
-127,	/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
-505,	/* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
-506,	/* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
-119,	/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
-631,	/* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
-632,	/* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
-633,	/* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
-634,	/* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
-635,	/* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
-436,	/* OBJ_ucl                          0 9 2342 19200300 */
-820,	/* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
-819,	/* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
-845,	/* OBJ_id_GostR3410_94_a            1 2 643 2 2 20 1 */
-846,	/* OBJ_id_GostR3410_94_aBis         1 2 643 2 2 20 2 */
-847,	/* OBJ_id_GostR3410_94_b            1 2 643 2 2 20 3 */
-848,	/* OBJ_id_GostR3410_94_bBis         1 2 643 2 2 20 4 */
-821,	/* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */
-822,	/* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */
-823,	/* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */
-824,	/* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */
-825,	/* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */
-826,	/* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */
-827,	/* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */
-828,	/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */
-829,	/* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */
-830,	/* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */
-831,	/* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */
-832,	/* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */
-833,	/* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */
-834,	/* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */
-835,	/* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */
-836,	/* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */
-837,	/* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */
-838,	/* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */
-839,	/* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */
-840,	/* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */
-841,	/* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */
-842,	/* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
-843,	/* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
-844,	/* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
- 2,	/* OBJ_pkcs                         1 2 840 113549 1 */
-431,	/* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
-432,	/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
-433,	/* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
-116,	/* OBJ_dsa                          1 2 840 10040 4 1 */
-113,	/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
-406,	/* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
-407,	/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
-408,	/* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
-416,	/* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
-791,	/* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
-792,	/* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
-258,	/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
-175,	/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
-259,	/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
-128,	/* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
-260,	/* OBJ_id_it                        1 3 6 1 5 5 7 4 */
-261,	/* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
-262,	/* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
-263,	/* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
-264,	/* OBJ_id_on                        1 3 6 1 5 5 7 8 */
-265,	/* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
-266,	/* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
-267,	/* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
-268,	/* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
-662,	/* OBJ_id_ppl                       1 3 6 1 5 5 7 21 */
-176,	/* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
-507,	/* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
-508,	/* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
-57,	/* OBJ_netscape                     2 16 840 1 113730 */
-754,	/* OBJ_camellia_128_ecb             0 3 4401 5 3 1 9 1 */
-766,	/* OBJ_camellia_128_ofb128          0 3 4401 5 3 1 9 3 */
-757,	/* OBJ_camellia_128_cfb128          0 3 4401 5 3 1 9 4 */
-755,	/* OBJ_camellia_192_ecb             0 3 4401 5 3 1 9 21 */
-767,	/* OBJ_camellia_192_ofb128          0 3 4401 5 3 1 9 23 */
-758,	/* OBJ_camellia_192_cfb128          0 3 4401 5 3 1 9 24 */
-756,	/* OBJ_camellia_256_ecb             0 3 4401 5 3 1 9 41 */
-768,	/* OBJ_camellia_256_ofb128          0 3 4401 5 3 1 9 43 */
-759,	/* OBJ_camellia_256_cfb128          0 3 4401 5 3 1 9 44 */
-437,	/* OBJ_pilot                        0 9 2342 19200300 100 */
-776,	/* OBJ_seed_ecb                     1 2 410 200004 1 3 */
-777,	/* OBJ_seed_cbc                     1 2 410 200004 1 4 */
-779,	/* OBJ_seed_cfb128                  1 2 410 200004 1 5 */
-778,	/* OBJ_seed_ofb128                  1 2 410 200004 1 6 */
-852,	/* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */
-853,	/* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */
-850,	/* OBJ_id_GostR3410_94_cc           1 2 643 2 9 1 5 3 */
-851,	/* OBJ_id_GostR3410_2001_cc         1 2 643 2 9 1 5 4 */
-849,	/* OBJ_id_Gost28147_89_cc           1 2 643 2 9 1 6 1 */
-854,	/* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
-186,	/* OBJ_pkcs1                        1 2 840 113549 1 1 */
-27,	/* OBJ_pkcs3                        1 2 840 113549 1 3 */
-187,	/* OBJ_pkcs5                        1 2 840 113549 1 5 */
-20,	/* OBJ_pkcs7                        1 2 840 113549 1 7 */
-47,	/* OBJ_pkcs9                        1 2 840 113549 1 9 */
- 3,	/* OBJ_md2                          1 2 840 113549 2 2 */
-257,	/* OBJ_md4                          1 2 840 113549 2 4 */
- 4,	/* OBJ_md5                          1 2 840 113549 2 5 */
-797,	/* OBJ_hmacWithMD5                  1 2 840 113549 2 6 */
-163,	/* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
-798,	/* OBJ_hmacWithSHA224               1 2 840 113549 2 8 */
-799,	/* OBJ_hmacWithSHA256               1 2 840 113549 2 9 */
-800,	/* OBJ_hmacWithSHA384               1 2 840 113549 2 10 */
-801,	/* OBJ_hmacWithSHA512               1 2 840 113549 2 11 */
-37,	/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
- 5,	/* OBJ_rc4                          1 2 840 113549 3 4 */
-44,	/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
-120,	/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
-643,	/* OBJ_des_cdmf                     1 2 840 113549 3 10 */
-680,	/* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
-684,	/* OBJ_X9_62_c2pnb163v1             1 2 840 10045 3 0 1 */
-685,	/* OBJ_X9_62_c2pnb163v2             1 2 840 10045 3 0 2 */
-686,	/* OBJ_X9_62_c2pnb163v3             1 2 840 10045 3 0 3 */
-687,	/* OBJ_X9_62_c2pnb176v1             1 2 840 10045 3 0 4 */
-688,	/* OBJ_X9_62_c2tnb191v1             1 2 840 10045 3 0 5 */
-689,	/* OBJ_X9_62_c2tnb191v2             1 2 840 10045 3 0 6 */
-690,	/* OBJ_X9_62_c2tnb191v3             1 2 840 10045 3 0 7 */
-691,	/* OBJ_X9_62_c2onb191v4             1 2 840 10045 3 0 8 */
-692,	/* OBJ_X9_62_c2onb191v5             1 2 840 10045 3 0 9 */
-693,	/* OBJ_X9_62_c2pnb208w1             1 2 840 10045 3 0 10 */
-694,	/* OBJ_X9_62_c2tnb239v1             1 2 840 10045 3 0 11 */
-695,	/* OBJ_X9_62_c2tnb239v2             1 2 840 10045 3 0 12 */
-696,	/* OBJ_X9_62_c2tnb239v3             1 2 840 10045 3 0 13 */
-697,	/* OBJ_X9_62_c2onb239v4             1 2 840 10045 3 0 14 */
-698,	/* OBJ_X9_62_c2onb239v5             1 2 840 10045 3 0 15 */
-699,	/* OBJ_X9_62_c2pnb272w1             1 2 840 10045 3 0 16 */
-700,	/* OBJ_X9_62_c2pnb304w1             1 2 840 10045 3 0 17 */
-701,	/* OBJ_X9_62_c2tnb359v1             1 2 840 10045 3 0 18 */
-702,	/* OBJ_X9_62_c2pnb368w1             1 2 840 10045 3 0 19 */
-703,	/* OBJ_X9_62_c2tnb431r1             1 2 840 10045 3 0 20 */
-409,	/* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
-410,	/* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
-411,	/* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
-412,	/* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
-413,	/* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
-414,	/* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
-415,	/* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
-793,	/* OBJ_ecdsa_with_SHA224            1 2 840 10045 4 3 1 */
-794,	/* OBJ_ecdsa_with_SHA256            1 2 840 10045 4 3 2 */
-795,	/* OBJ_ecdsa_with_SHA384            1 2 840 10045 4 3 3 */
-796,	/* OBJ_ecdsa_with_SHA512            1 2 840 10045 4 3 4 */
-269,	/* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
-270,	/* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
-271,	/* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
-272,	/* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
-273,	/* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
-274,	/* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
-275,	/* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
-276,	/* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
-277,	/* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
-278,	/* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
-279,	/* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
-280,	/* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
-281,	/* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
-282,	/* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
-283,	/* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
-284,	/* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
-177,	/* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
-285,	/* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
-286,	/* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
-287,	/* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
-288,	/* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
-289,	/* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
-290,	/* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
-291,	/* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
-292,	/* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
-397,	/* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
-398,	/* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
-663,	/* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
-164,	/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
-165,	/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
-293,	/* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
-129,	/* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
-130,	/* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
-131,	/* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
-132,	/* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
-294,	/* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
-295,	/* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
-296,	/* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
-133,	/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
-180,	/* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
-297,	/* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
-298,	/* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
-299,	/* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
-300,	/* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
-301,	/* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
-302,	/* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
-303,	/* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
-304,	/* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
-305,	/* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
-306,	/* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
-307,	/* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
-308,	/* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
-309,	/* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
-310,	/* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
-311,	/* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
-312,	/* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
-784,	/* OBJ_id_it_suppLangTags           1 3 6 1 5 5 7 4 16 */
-313,	/* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
-314,	/* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
-323,	/* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
-324,	/* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
-325,	/* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
-326,	/* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
-327,	/* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
-328,	/* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
-329,	/* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
-330,	/* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
-331,	/* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
-332,	/* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
-333,	/* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
-334,	/* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
-335,	/* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
-336,	/* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
-337,	/* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
-338,	/* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
-339,	/* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
-340,	/* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
-341,	/* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
-342,	/* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
-343,	/* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
-344,	/* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
-345,	/* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
-346,	/* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
-347,	/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
-858,	/* OBJ_id_on_permanentIdentifier    1 3 6 1 5 5 7 8 3 */
-348,	/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
-349,	/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
-351,	/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
-352,	/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
-353,	/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
-354,	/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
-355,	/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
-356,	/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
-357,	/* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
-358,	/* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
-399,	/* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
-359,	/* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
-360,	/* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
-361,	/* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
-362,	/* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
-664,	/* OBJ_id_ppl_anyLanguage           1 3 6 1 5 5 7 21 0 */
-665,	/* OBJ_id_ppl_inheritAll            1 3 6 1 5 5 7 21 1 */
-667,	/* OBJ_Independent                  1 3 6 1 5 5 7 21 2 */
-178,	/* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
-179,	/* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
-363,	/* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
-364,	/* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
-785,	/* OBJ_caRepository                 1 3 6 1 5 5 7 48 5 */
-780,	/* OBJ_hmac_md5                     1 3 6 1 5 5 8 1 1 */
-781,	/* OBJ_hmac_sha1                    1 3 6 1 5 5 8 1 2 */
-58,	/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
-59,	/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
-438,	/* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
-439,	/* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
-440,	/* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
-441,	/* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
-108,	/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
-112,	/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
-782,	/* OBJ_id_PasswordBasedMAC          1 2 840 113533 7 66 13 */
-783,	/* OBJ_id_DHBasedMac                1 2 840 113533 7 66 30 */
- 6,	/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
- 7,	/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
-396,	/* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
- 8,	/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
-65,	/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
-644,	/* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
-919,	/* OBJ_rsaesOaep                    1 2 840 113549 1 1 7 */
-911,	/* OBJ_mgf1                         1 2 840 113549 1 1 8 */
-912,	/* OBJ_rsassaPss                    1 2 840 113549 1 1 10 */
-668,	/* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
-669,	/* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
-670,	/* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
-671,	/* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
-28,	/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
- 9,	/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
-10,	/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
-168,	/* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
-169,	/* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
-170,	/* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
-68,	/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
-69,	/* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
-161,	/* OBJ_pbes2                        1 2 840 113549 1 5 13 */
-162,	/* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
-21,	/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
-22,	/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
-23,	/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
-24,	/* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
-25,	/* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
-26,	/* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
-48,	/* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
-49,	/* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
-50,	/* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
-51,	/* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
-52,	/* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
-53,	/* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
-54,	/* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
-55,	/* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
-56,	/* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
-172,	/* OBJ_ext_req                      1 2 840 113549 1 9 14 */
-167,	/* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
-188,	/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
-156,	/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
-157,	/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
-681,	/* OBJ_X9_62_onBasis                1 2 840 10045 1 2 3 1 */
-682,	/* OBJ_X9_62_tpBasis                1 2 840 10045 1 2 3 2 */
-683,	/* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */
-417,	/* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
-856,	/* OBJ_LocalKeySet                  1 3 6 1 4 1 311 17 2 */
-390,	/* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
-91,	/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
-315,	/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
-316,	/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
-317,	/* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
-318,	/* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
-319,	/* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
-320,	/* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
-321,	/* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
-322,	/* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
-365,	/* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
-366,	/* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
-367,	/* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
-368,	/* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
-369,	/* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
-370,	/* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
-371,	/* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
-372,	/* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
-373,	/* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
-374,	/* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
-375,	/* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
-418,	/* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
-419,	/* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
-420,	/* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
-421,	/* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
-788,	/* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
-895,	/* OBJ_aes_128_gcm                  2 16 840 1 101 3 4 1 6 */
-896,	/* OBJ_aes_128_ccm                  2 16 840 1 101 3 4 1 7 */
-897,	/* OBJ_id_aes128_wrap_pad           2 16 840 1 101 3 4 1 8 */
-422,	/* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
-423,	/* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
-424,	/* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
-425,	/* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
-789,	/* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
-898,	/* OBJ_aes_192_gcm                  2 16 840 1 101 3 4 1 26 */
-899,	/* OBJ_aes_192_ccm                  2 16 840 1 101 3 4 1 27 */
-900,	/* OBJ_id_aes192_wrap_pad           2 16 840 1 101 3 4 1 28 */
-426,	/* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
-427,	/* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
-428,	/* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
-429,	/* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
-790,	/* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
-901,	/* OBJ_aes_256_gcm                  2 16 840 1 101 3 4 1 46 */
-902,	/* OBJ_aes_256_ccm                  2 16 840 1 101 3 4 1 47 */
-903,	/* OBJ_id_aes256_wrap_pad           2 16 840 1 101 3 4 1 48 */
-672,	/* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
-673,	/* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
-674,	/* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
-675,	/* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
-802,	/* OBJ_dsa_with_SHA224              2 16 840 1 101 3 4 3 1 */
-803,	/* OBJ_dsa_with_SHA256              2 16 840 1 101 3 4 3 2 */
-71,	/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
-72,	/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
-73,	/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
-74,	/* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
-75,	/* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
-76,	/* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
-77,	/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
-78,	/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
-79,	/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
-139,	/* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
-458,	/* OBJ_userId                       0 9 2342 19200300 100 1 1 */
-459,	/* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
-460,	/* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
-461,	/* OBJ_info                         0 9 2342 19200300 100 1 4 */
-462,	/* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
-463,	/* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
-464,	/* OBJ_photo                        0 9 2342 19200300 100 1 7 */
-465,	/* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
-466,	/* OBJ_host                         0 9 2342 19200300 100 1 9 */
-467,	/* OBJ_manager                      0 9 2342 19200300 100 1 10 */
-468,	/* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
-469,	/* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
-470,	/* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
-471,	/* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
-472,	/* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
-473,	/* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
-474,	/* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
-475,	/* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
-476,	/* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
-477,	/* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
-391,	/* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
-478,	/* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
-479,	/* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
-480,	/* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
-481,	/* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
-482,	/* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
-483,	/* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
-484,	/* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
-485,	/* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
-486,	/* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
-487,	/* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
-488,	/* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
-489,	/* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
-490,	/* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
-491,	/* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
-492,	/* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
-493,	/* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
-494,	/* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
-495,	/* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
-496,	/* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
-497,	/* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
-498,	/* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
-499,	/* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
-500,	/* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
-501,	/* OBJ_audio                        0 9 2342 19200300 100 1 55 */
-502,	/* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
-442,	/* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
-443,	/* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
-444,	/* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
-445,	/* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
-446,	/* OBJ_account                      0 9 2342 19200300 100 4 5 */
-447,	/* OBJ_document                     0 9 2342 19200300 100 4 6 */
-448,	/* OBJ_room                         0 9 2342 19200300 100 4 7 */
-449,	/* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
-392,	/* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
-450,	/* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
-451,	/* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
-452,	/* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
-453,	/* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
-454,	/* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
-455,	/* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
-456,	/* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
-457,	/* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
-189,	/* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
-190,	/* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
-191,	/* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
-192,	/* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
-193,	/* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
-194,	/* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
-195,	/* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
-158,	/* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
-159,	/* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
-160,	/* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
-144,	/* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
-145,	/* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
-146,	/* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
-147,	/* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
-148,	/* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
-149,	/* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
-171,	/* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
-134,	/* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
-135,	/* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
-136,	/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
-137,	/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
-138,	/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
-648,	/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
-649,	/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
-751,	/* OBJ_camellia_128_cbc             1 2 392 200011 61 1 1 1 2 */
-752,	/* OBJ_camellia_192_cbc             1 2 392 200011 61 1 1 1 3 */
-753,	/* OBJ_camellia_256_cbc             1 2 392 200011 61 1 1 1 4 */
-907,	/* OBJ_id_camellia128_wrap          1 2 392 200011 61 1 1 3 2 */
-908,	/* OBJ_id_camellia192_wrap          1 2 392 200011 61 1 1 3 3 */
-909,	/* OBJ_id_camellia256_wrap          1 2 392 200011 61 1 1 3 4 */
-196,	/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
-197,	/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
-198,	/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
-199,	/* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
-200,	/* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
-201,	/* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
-202,	/* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
-203,	/* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
-204,	/* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
-205,	/* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
-206,	/* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
-207,	/* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
-208,	/* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
-209,	/* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
-210,	/* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
-211,	/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
-786,	/* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */
-787,	/* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */
-212,	/* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
-213,	/* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
-214,	/* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
-215,	/* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
-216,	/* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
-217,	/* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
-218,	/* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
-219,	/* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
-220,	/* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
-221,	/* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
-222,	/* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
-223,	/* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
-224,	/* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
-225,	/* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
-226,	/* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
-227,	/* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
-228,	/* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
-229,	/* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
-230,	/* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
-231,	/* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
-232,	/* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
-233,	/* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
-234,	/* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
-235,	/* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
-236,	/* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
-237,	/* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
-238,	/* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
-239,	/* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
-240,	/* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
-241,	/* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
-242,	/* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
-243,	/* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
-244,	/* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
-245,	/* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
-246,	/* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
-247,	/* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
-125,	/* OBJ_zlib_compression             1 2 840 113549 1 9 16 3 8 */
-893,	/* OBJ_id_alg_PWRI_KEK              1 2 840 113549 1 9 16 3 9 */
-248,	/* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
-249,	/* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
-250,	/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
-251,	/* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
-252,	/* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
-253,	/* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
-254,	/* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
-255,	/* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
-256,	/* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
-150,	/* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
-151,	/* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
-152,	/* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
-153,	/* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
-154,	/* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
-155,	/* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
-34,	/* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
-};
-
diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl
deleted file mode 100644
index 86bcefb97a..0000000000
--- a/crypto/objects/obj_dat.pl
+++ /dev/null
@@ -1,307 +0,0 @@
-#!/usr/local/bin/perl
-
-# fixes bug in floating point emulation on sparc64 when
-# this script produces off-by-one output on sparc64
-use integer;
-
-sub obj_cmp
-	{
-	local(@a,@b,$_,$r);
-
-	$A=$obj_len{$obj{$nid{$a}}};
-	$B=$obj_len{$obj{$nid{$b}}};
-
-	$r=($A-$B);
-	return($r) if $r != 0;
-
-	$A=$obj_der{$obj{$nid{$a}}};
-	$B=$obj_der{$obj{$nid{$b}}};
-
-	return($A cmp $B);
-	}
-
-sub expand_obj
-	{
-	local(*v)=@_;
-	local($k,$d);
-	local($i);
-
-	do	{
-		$i=0;
-		foreach $k (keys %v)
-			{
-			if (($v{$k} =~ s/(OBJ_[^,]+),/$v{$1},/))
-				{ $i++; }
-			}
-		} while($i);
-	foreach $k (keys %v)
-		{
-		@a=split(/,/,$v{$k});
-		$objn{$k}=$#a+1;
-		}
-	return(%objn);
-	}
-
-open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
-open (OUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
-
-while (<IN>)
-	{
-	next unless /^\#define\s+(\S+)\s+(.*)$/;
-	$v=$1;
-	$d=$2;
-	$d =~ s/^\"//;
-	$d =~ s/\"$//;
-	if ($v =~ /^SN_(.*)$/)
-		{
-		if(defined $snames{$d})
-			{
-			print "WARNING: Duplicate short name \"$d\"\n";
-			}
-		else 
-			{ $snames{$d} = "X"; }
-		$sn{$1}=$d;
-		}
-	elsif ($v =~ /^LN_(.*)$/)
-		{
-		if(defined $lnames{$d})
-			{
-			print "WARNING: Duplicate long name \"$d\"\n";
-			}
-		else 
-			{ $lnames{$d} = "X"; }
-		$ln{$1}=$d;
-		}
-	elsif ($v =~ /^NID_(.*)$/)
-		{ $nid{$d}=$1; }
-	elsif ($v =~ /^OBJ_(.*)$/)
-		{
-		$obj{$1}=$v;
-		$objd{$v}=$d;
-		}
-	}
-close IN;
-
-%ob=&expand_obj(*objd);
-
-@a=sort { $a <=> $b } keys %nid;
-$n=$a[$#a]+1;
-
-@lvalues=();
-$lvalues=0;
-
-for ($i=0; $i<$n; $i++)
-	{
-	if (!defined($nid{$i}))
-		{
-		push(@out,"{NULL,NULL,NID_undef,0,NULL,0},\n");
-		}
-	else
-		{
-		$sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL";
-		$ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL";
-
-		if ($sn eq "NULL") {
-			$sn=$ln;
-			$sn{$nid{$i}} = $ln;
-		}
-
-		if ($ln eq "NULL") {
-			$ln=$sn;
-			$ln{$nid{$i}} = $sn;
-		}
-			
-		$out ="{";
-		$out.="\"$sn\"";
-		$out.=","."\"$ln\"";
-		$out.=",NID_$nid{$i},";
-		if (defined($obj{$nid{$i}}) && $objd{$obj{$nid{$i}}} =~ /,/)
-			{
-			$v=$objd{$obj{$nid{$i}}};
-			$v =~ s/L//g;
-			$v =~ s/,/ /g;
-			$r=&der_it($v);
-			$z="";
-			$length=0;
-			foreach (unpack("C*",$r))
-				{
-				$z.=sprintf("0x%02X,",$_);
-				$length++;
-				}
-			$obj_der{$obj{$nid{$i}}}=$z;
-			$obj_len{$obj{$nid{$i}}}=$length;
-
-			push(@lvalues,sprintf("%-45s/* [%3d] %s */\n",
-				$z,$lvalues,$obj{$nid{$i}}));
-			$out.="$length,&(lvalues[$lvalues]),0";
-			$lvalues+=$length;
-			}
-		else
-			{
-			$out.="0,NULL,0";
-			}
-		$out.="},\n";
-		push(@out,$out);
-		}
-	}
-
-@a=grep(defined($sn{$nid{$_}}),0 .. $n);
-foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a)
-	{
-	push(@sn,sprintf("%2d,\t/* \"$sn{$nid{$_}}\" */\n",$_));
-	}
-
-@a=grep(defined($ln{$nid{$_}}),0 .. $n);
-foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a)
-	{
-	push(@ln,sprintf("%2d,\t/* \"$ln{$nid{$_}}\" */\n",$_));
-	}
-
-@a=grep(defined($obj{$nid{$_}}),0 .. $n);
-foreach (sort obj_cmp @a)
-	{
-	$m=$obj{$nid{$_}};
-	$v=$objd{$m};
-	$v =~ s/L//g;
-	$v =~ s/,/ /g;
-	push(@ob,sprintf("%2d,\t/* %-32s %s */\n",$_,$m,$v));
-	}
-
-print OUT <<'EOF';
-/* crypto/objects/obj_dat.h */
-
-/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
- * following command:
- * perl obj_dat.pl obj_mac.h obj_dat.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-EOF
-
-printf OUT "#define NUM_NID %d\n",$n;
-printf OUT "#define NUM_SN %d\n",$#sn+1;
-printf OUT "#define NUM_LN %d\n",$#ln+1;
-printf OUT "#define NUM_OBJ %d\n\n",$#ob+1;
-
-printf OUT "static const unsigned char lvalues[%d]={\n",$lvalues+1;
-print OUT @lvalues;
-print OUT "};\n\n";
-
-printf OUT "static const ASN1_OBJECT nid_objs[NUM_NID]={\n";
-foreach (@out)
-	{
-	if (length($_) > 75)
-		{
-		$out="";
-		foreach (split(/,/))
-			{
-			$t=$out.$_.",";
-			if (length($t) > 70)
-				{
-				print OUT "$out\n";
-				$t="\t$_,";
-				}
-			$out=$t;
-			}
-		chop $out;
-		print OUT "$out";
-		}
-	else
-		{ print OUT $_; }
-	}
-print  OUT "};\n\n";
-
-printf OUT "static const unsigned int sn_objs[NUM_SN]={\n";
-print  OUT @sn;
-print  OUT "};\n\n";
-
-printf OUT "static const unsigned int ln_objs[NUM_LN]={\n";
-print  OUT @ln;
-print  OUT "};\n\n";
-
-printf OUT "static const unsigned int obj_objs[NUM_OBJ]={\n";
-print  OUT @ob;
-print  OUT "};\n\n";
-
-close OUT;
-
-sub der_it
-	{
-	local($v)=@_;
-	local(@a,$i,$ret,@r);
-
-	@a=split(/\s+/,$v);
-	$ret.=pack("C*",$a[0]*40+$a[1]);
-	shift @a;
-	shift @a;
-	foreach (@a)
-		{
-		@r=();
-		$t=0;
-		while ($_ >= 128)
-			{
-			$x=$_%128;
-			$_/=128;
-			push(@r,((($t++)?0x80:0)|$x));
-			}
-		push(@r,((($t++)?0x80:0)|$_));
-		$ret.=pack("C*",reverse(@r));
-		}
-	return($ret);
-	}
diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c
deleted file mode 100644
index 2e7a034c3f..0000000000
--- a/crypto/objects/obj_err.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* crypto/objects/obj_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/objects.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
-
-static ERR_STRING_DATA OBJ_str_functs[]=
-	{
-{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT),	"OBJ_add_object"},
-{ERR_FUNC(OBJ_F_OBJ_CREATE),	"OBJ_create"},
-{ERR_FUNC(OBJ_F_OBJ_DUP),	"OBJ_dup"},
-{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX),	"OBJ_NAME_new_index"},
-{ERR_FUNC(OBJ_F_OBJ_NID2LN),	"OBJ_nid2ln"},
-{ERR_FUNC(OBJ_F_OBJ_NID2OBJ),	"OBJ_nid2obj"},
-{ERR_FUNC(OBJ_F_OBJ_NID2SN),	"OBJ_nid2sn"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA OBJ_str_reasons[]=
-	{
-{ERR_REASON(OBJ_R_MALLOC_FAILURE)        ,"malloc failure"},
-{ERR_REASON(OBJ_R_UNKNOWN_NID)           ,"unknown nid"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_OBJ_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,OBJ_str_functs);
-		ERR_load_strings(0,OBJ_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c
deleted file mode 100644
index 23e9d48cdf..0000000000
--- a/crypto/objects/obj_lib.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/* crypto/objects/obj_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-
-ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
-	{
-	ASN1_OBJECT *r;
-	int i;
-	char *ln=NULL,*sn=NULL;
-	unsigned char *data=NULL;
-
-	if (o == NULL) return(NULL);
-	if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-		return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of
-					     duplication is this??? */
-
-	r=ASN1_OBJECT_new();
-	if (r == NULL)
-		{
-		OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);
-		return(NULL);
-		}
-	data=OPENSSL_malloc(o->length);
-	if (data == NULL)
-		goto err;
-	if (o->data != NULL)
-		memcpy(data,o->data,o->length);
-	/* once data attached to object it remains const */
-	r->data = data;
-	r->length=o->length;
-	r->nid=o->nid;
-	r->ln=r->sn=NULL;
-	if (o->ln != NULL)
-		{
-		i=strlen(o->ln)+1;
-		ln=OPENSSL_malloc(i);
-		if (ln == NULL) goto err;
-		memcpy(ln,o->ln,i);
-		r->ln=ln;
-		}
-
-	if (o->sn != NULL)
-		{
-		i=strlen(o->sn)+1;
-		sn=OPENSSL_malloc(i);
-		if (sn == NULL) goto err;
-		memcpy(sn,o->sn,i);
-		r->sn=sn;
-		}
-	r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC|
-		ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA);
-	return(r);
-err:
-	OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
-	if (ln != NULL)		OPENSSL_free(ln);
-	if (sn != NULL)		OPENSSL_free(sn);
-	if (data != NULL)	OPENSSL_free(data);
-	if (r != NULL)		OPENSSL_free(r);
-	return(NULL);
-	}
-
-int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
-	{
-	int ret;
-
-	ret=(a->length-b->length);
-	if (ret) return(ret);
-	return(memcmp(a->data,b->data,a->length));
-	}
diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
deleted file mode 100644
index b5ea7cdab4..0000000000
--- a/crypto/objects/obj_mac.h
+++ /dev/null
@@ -1,4032 +0,0 @@
-/* crypto/objects/obj_mac.h */
-
-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
- * following command:
- * perl objects.pl objects.txt obj_mac.num obj_mac.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define SN_undef			"UNDEF"
-#define LN_undef			"undefined"
-#define NID_undef			0
-#define OBJ_undef			0L
-
-#define SN_itu_t		"ITU-T"
-#define LN_itu_t		"itu-t"
-#define NID_itu_t		645
-#define OBJ_itu_t		0L
-
-#define NID_ccitt		404
-#define OBJ_ccitt		OBJ_itu_t
-
-#define SN_iso		"ISO"
-#define LN_iso		"iso"
-#define NID_iso		181
-#define OBJ_iso		1L
-
-#define SN_joint_iso_itu_t		"JOINT-ISO-ITU-T"
-#define LN_joint_iso_itu_t		"joint-iso-itu-t"
-#define NID_joint_iso_itu_t		646
-#define OBJ_joint_iso_itu_t		2L
-
-#define NID_joint_iso_ccitt		393
-#define OBJ_joint_iso_ccitt		OBJ_joint_iso_itu_t
-
-#define SN_member_body		"member-body"
-#define LN_member_body		"ISO Member Body"
-#define NID_member_body		182
-#define OBJ_member_body		OBJ_iso,2L
-
-#define SN_identified_organization		"identified-organization"
-#define NID_identified_organization		676
-#define OBJ_identified_organization		OBJ_iso,3L
-
-#define SN_hmac_md5		"HMAC-MD5"
-#define LN_hmac_md5		"hmac-md5"
-#define NID_hmac_md5		780
-#define OBJ_hmac_md5		OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L
-
-#define SN_hmac_sha1		"HMAC-SHA1"
-#define LN_hmac_sha1		"hmac-sha1"
-#define NID_hmac_sha1		781
-#define OBJ_hmac_sha1		OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L
-
-#define SN_certicom_arc		"certicom-arc"
-#define NID_certicom_arc		677
-#define OBJ_certicom_arc		OBJ_identified_organization,132L
-
-#define SN_international_organizations		"international-organizations"
-#define LN_international_organizations		"International Organizations"
-#define NID_international_organizations		647
-#define OBJ_international_organizations		OBJ_joint_iso_itu_t,23L
-
-#define SN_wap		"wap"
-#define NID_wap		678
-#define OBJ_wap		OBJ_international_organizations,43L
-
-#define SN_wap_wsg		"wap-wsg"
-#define NID_wap_wsg		679
-#define OBJ_wap_wsg		OBJ_wap,1L
-
-#define SN_selected_attribute_types		"selected-attribute-types"
-#define LN_selected_attribute_types		"Selected Attribute Types"
-#define NID_selected_attribute_types		394
-#define OBJ_selected_attribute_types		OBJ_joint_iso_itu_t,5L,1L,5L
-
-#define SN_clearance		"clearance"
-#define NID_clearance		395
-#define OBJ_clearance		OBJ_selected_attribute_types,55L
-
-#define SN_ISO_US		"ISO-US"
-#define LN_ISO_US		"ISO US Member Body"
-#define NID_ISO_US		183
-#define OBJ_ISO_US		OBJ_member_body,840L
-
-#define SN_X9_57		"X9-57"
-#define LN_X9_57		"X9.57"
-#define NID_X9_57		184
-#define OBJ_X9_57		OBJ_ISO_US,10040L
-
-#define SN_X9cm		"X9cm"
-#define LN_X9cm		"X9.57 CM ?"
-#define NID_X9cm		185
-#define OBJ_X9cm		OBJ_X9_57,4L
-
-#define SN_dsa		"DSA"
-#define LN_dsa		"dsaEncryption"
-#define NID_dsa		116
-#define OBJ_dsa		OBJ_X9cm,1L
-
-#define SN_dsaWithSHA1		"DSA-SHA1"
-#define LN_dsaWithSHA1		"dsaWithSHA1"
-#define NID_dsaWithSHA1		113
-#define OBJ_dsaWithSHA1		OBJ_X9cm,3L
-
-#define SN_ansi_X9_62		"ansi-X9-62"
-#define LN_ansi_X9_62		"ANSI X9.62"
-#define NID_ansi_X9_62		405
-#define OBJ_ansi_X9_62		OBJ_ISO_US,10045L
-
-#define OBJ_X9_62_id_fieldType		OBJ_ansi_X9_62,1L
-
-#define SN_X9_62_prime_field		"prime-field"
-#define NID_X9_62_prime_field		406
-#define OBJ_X9_62_prime_field		OBJ_X9_62_id_fieldType,1L
-
-#define SN_X9_62_characteristic_two_field		"characteristic-two-field"
-#define NID_X9_62_characteristic_two_field		407
-#define OBJ_X9_62_characteristic_two_field		OBJ_X9_62_id_fieldType,2L
-
-#define SN_X9_62_id_characteristic_two_basis		"id-characteristic-two-basis"
-#define NID_X9_62_id_characteristic_two_basis		680
-#define OBJ_X9_62_id_characteristic_two_basis		OBJ_X9_62_characteristic_two_field,3L
-
-#define SN_X9_62_onBasis		"onBasis"
-#define NID_X9_62_onBasis		681
-#define OBJ_X9_62_onBasis		OBJ_X9_62_id_characteristic_two_basis,1L
-
-#define SN_X9_62_tpBasis		"tpBasis"
-#define NID_X9_62_tpBasis		682
-#define OBJ_X9_62_tpBasis		OBJ_X9_62_id_characteristic_two_basis,2L
-
-#define SN_X9_62_ppBasis		"ppBasis"
-#define NID_X9_62_ppBasis		683
-#define OBJ_X9_62_ppBasis		OBJ_X9_62_id_characteristic_two_basis,3L
-
-#define OBJ_X9_62_id_publicKeyType		OBJ_ansi_X9_62,2L
-
-#define SN_X9_62_id_ecPublicKey		"id-ecPublicKey"
-#define NID_X9_62_id_ecPublicKey		408
-#define OBJ_X9_62_id_ecPublicKey		OBJ_X9_62_id_publicKeyType,1L
-
-#define OBJ_X9_62_ellipticCurve		OBJ_ansi_X9_62,3L
-
-#define OBJ_X9_62_c_TwoCurve		OBJ_X9_62_ellipticCurve,0L
-
-#define SN_X9_62_c2pnb163v1		"c2pnb163v1"
-#define NID_X9_62_c2pnb163v1		684
-#define OBJ_X9_62_c2pnb163v1		OBJ_X9_62_c_TwoCurve,1L
-
-#define SN_X9_62_c2pnb163v2		"c2pnb163v2"
-#define NID_X9_62_c2pnb163v2		685
-#define OBJ_X9_62_c2pnb163v2		OBJ_X9_62_c_TwoCurve,2L
-
-#define SN_X9_62_c2pnb163v3		"c2pnb163v3"
-#define NID_X9_62_c2pnb163v3		686
-#define OBJ_X9_62_c2pnb163v3		OBJ_X9_62_c_TwoCurve,3L
-
-#define SN_X9_62_c2pnb176v1		"c2pnb176v1"
-#define NID_X9_62_c2pnb176v1		687
-#define OBJ_X9_62_c2pnb176v1		OBJ_X9_62_c_TwoCurve,4L
-
-#define SN_X9_62_c2tnb191v1		"c2tnb191v1"
-#define NID_X9_62_c2tnb191v1		688
-#define OBJ_X9_62_c2tnb191v1		OBJ_X9_62_c_TwoCurve,5L
-
-#define SN_X9_62_c2tnb191v2		"c2tnb191v2"
-#define NID_X9_62_c2tnb191v2		689
-#define OBJ_X9_62_c2tnb191v2		OBJ_X9_62_c_TwoCurve,6L
-
-#define SN_X9_62_c2tnb191v3		"c2tnb191v3"
-#define NID_X9_62_c2tnb191v3		690
-#define OBJ_X9_62_c2tnb191v3		OBJ_X9_62_c_TwoCurve,7L
-
-#define SN_X9_62_c2onb191v4		"c2onb191v4"
-#define NID_X9_62_c2onb191v4		691
-#define OBJ_X9_62_c2onb191v4		OBJ_X9_62_c_TwoCurve,8L
-
-#define SN_X9_62_c2onb191v5		"c2onb191v5"
-#define NID_X9_62_c2onb191v5		692
-#define OBJ_X9_62_c2onb191v5		OBJ_X9_62_c_TwoCurve,9L
-
-#define SN_X9_62_c2pnb208w1		"c2pnb208w1"
-#define NID_X9_62_c2pnb208w1		693
-#define OBJ_X9_62_c2pnb208w1		OBJ_X9_62_c_TwoCurve,10L
-
-#define SN_X9_62_c2tnb239v1		"c2tnb239v1"
-#define NID_X9_62_c2tnb239v1		694
-#define OBJ_X9_62_c2tnb239v1		OBJ_X9_62_c_TwoCurve,11L
-
-#define SN_X9_62_c2tnb239v2		"c2tnb239v2"
-#define NID_X9_62_c2tnb239v2		695
-#define OBJ_X9_62_c2tnb239v2		OBJ_X9_62_c_TwoCurve,12L
-
-#define SN_X9_62_c2tnb239v3		"c2tnb239v3"
-#define NID_X9_62_c2tnb239v3		696
-#define OBJ_X9_62_c2tnb239v3		OBJ_X9_62_c_TwoCurve,13L
-
-#define SN_X9_62_c2onb239v4		"c2onb239v4"
-#define NID_X9_62_c2onb239v4		697
-#define OBJ_X9_62_c2onb239v4		OBJ_X9_62_c_TwoCurve,14L
-
-#define SN_X9_62_c2onb239v5		"c2onb239v5"
-#define NID_X9_62_c2onb239v5		698
-#define OBJ_X9_62_c2onb239v5		OBJ_X9_62_c_TwoCurve,15L
-
-#define SN_X9_62_c2pnb272w1		"c2pnb272w1"
-#define NID_X9_62_c2pnb272w1		699
-#define OBJ_X9_62_c2pnb272w1		OBJ_X9_62_c_TwoCurve,16L
-
-#define SN_X9_62_c2pnb304w1		"c2pnb304w1"
-#define NID_X9_62_c2pnb304w1		700
-#define OBJ_X9_62_c2pnb304w1		OBJ_X9_62_c_TwoCurve,17L
-
-#define SN_X9_62_c2tnb359v1		"c2tnb359v1"
-#define NID_X9_62_c2tnb359v1		701
-#define OBJ_X9_62_c2tnb359v1		OBJ_X9_62_c_TwoCurve,18L
-
-#define SN_X9_62_c2pnb368w1		"c2pnb368w1"
-#define NID_X9_62_c2pnb368w1		702
-#define OBJ_X9_62_c2pnb368w1		OBJ_X9_62_c_TwoCurve,19L
-
-#define SN_X9_62_c2tnb431r1		"c2tnb431r1"
-#define NID_X9_62_c2tnb431r1		703
-#define OBJ_X9_62_c2tnb431r1		OBJ_X9_62_c_TwoCurve,20L
-
-#define OBJ_X9_62_primeCurve		OBJ_X9_62_ellipticCurve,1L
-
-#define SN_X9_62_prime192v1		"prime192v1"
-#define NID_X9_62_prime192v1		409
-#define OBJ_X9_62_prime192v1		OBJ_X9_62_primeCurve,1L
-
-#define SN_X9_62_prime192v2		"prime192v2"
-#define NID_X9_62_prime192v2		410
-#define OBJ_X9_62_prime192v2		OBJ_X9_62_primeCurve,2L
-
-#define SN_X9_62_prime192v3		"prime192v3"
-#define NID_X9_62_prime192v3		411
-#define OBJ_X9_62_prime192v3		OBJ_X9_62_primeCurve,3L
-
-#define SN_X9_62_prime239v1		"prime239v1"
-#define NID_X9_62_prime239v1		412
-#define OBJ_X9_62_prime239v1		OBJ_X9_62_primeCurve,4L
-
-#define SN_X9_62_prime239v2		"prime239v2"
-#define NID_X9_62_prime239v2		413
-#define OBJ_X9_62_prime239v2		OBJ_X9_62_primeCurve,5L
-
-#define SN_X9_62_prime239v3		"prime239v3"
-#define NID_X9_62_prime239v3		414
-#define OBJ_X9_62_prime239v3		OBJ_X9_62_primeCurve,6L
-
-#define SN_X9_62_prime256v1		"prime256v1"
-#define NID_X9_62_prime256v1		415
-#define OBJ_X9_62_prime256v1		OBJ_X9_62_primeCurve,7L
-
-#define OBJ_X9_62_id_ecSigType		OBJ_ansi_X9_62,4L
-
-#define SN_ecdsa_with_SHA1		"ecdsa-with-SHA1"
-#define NID_ecdsa_with_SHA1		416
-#define OBJ_ecdsa_with_SHA1		OBJ_X9_62_id_ecSigType,1L
-
-#define SN_ecdsa_with_Recommended		"ecdsa-with-Recommended"
-#define NID_ecdsa_with_Recommended		791
-#define OBJ_ecdsa_with_Recommended		OBJ_X9_62_id_ecSigType,2L
-
-#define SN_ecdsa_with_Specified		"ecdsa-with-Specified"
-#define NID_ecdsa_with_Specified		792
-#define OBJ_ecdsa_with_Specified		OBJ_X9_62_id_ecSigType,3L
-
-#define SN_ecdsa_with_SHA224		"ecdsa-with-SHA224"
-#define NID_ecdsa_with_SHA224		793
-#define OBJ_ecdsa_with_SHA224		OBJ_ecdsa_with_Specified,1L
-
-#define SN_ecdsa_with_SHA256		"ecdsa-with-SHA256"
-#define NID_ecdsa_with_SHA256		794
-#define OBJ_ecdsa_with_SHA256		OBJ_ecdsa_with_Specified,2L
-
-#define SN_ecdsa_with_SHA384		"ecdsa-with-SHA384"
-#define NID_ecdsa_with_SHA384		795
-#define OBJ_ecdsa_with_SHA384		OBJ_ecdsa_with_Specified,3L
-
-#define SN_ecdsa_with_SHA512		"ecdsa-with-SHA512"
-#define NID_ecdsa_with_SHA512		796
-#define OBJ_ecdsa_with_SHA512		OBJ_ecdsa_with_Specified,4L
-
-#define OBJ_secg_ellipticCurve		OBJ_certicom_arc,0L
-
-#define SN_secp112r1		"secp112r1"
-#define NID_secp112r1		704
-#define OBJ_secp112r1		OBJ_secg_ellipticCurve,6L
-
-#define SN_secp112r2		"secp112r2"
-#define NID_secp112r2		705
-#define OBJ_secp112r2		OBJ_secg_ellipticCurve,7L
-
-#define SN_secp128r1		"secp128r1"
-#define NID_secp128r1		706
-#define OBJ_secp128r1		OBJ_secg_ellipticCurve,28L
-
-#define SN_secp128r2		"secp128r2"
-#define NID_secp128r2		707
-#define OBJ_secp128r2		OBJ_secg_ellipticCurve,29L
-
-#define SN_secp160k1		"secp160k1"
-#define NID_secp160k1		708
-#define OBJ_secp160k1		OBJ_secg_ellipticCurve,9L
-
-#define SN_secp160r1		"secp160r1"
-#define NID_secp160r1		709
-#define OBJ_secp160r1		OBJ_secg_ellipticCurve,8L
-
-#define SN_secp160r2		"secp160r2"
-#define NID_secp160r2		710
-#define OBJ_secp160r2		OBJ_secg_ellipticCurve,30L
-
-#define SN_secp192k1		"secp192k1"
-#define NID_secp192k1		711
-#define OBJ_secp192k1		OBJ_secg_ellipticCurve,31L
-
-#define SN_secp224k1		"secp224k1"
-#define NID_secp224k1		712
-#define OBJ_secp224k1		OBJ_secg_ellipticCurve,32L
-
-#define SN_secp224r1		"secp224r1"
-#define NID_secp224r1		713
-#define OBJ_secp224r1		OBJ_secg_ellipticCurve,33L
-
-#define SN_secp256k1		"secp256k1"
-#define NID_secp256k1		714
-#define OBJ_secp256k1		OBJ_secg_ellipticCurve,10L
-
-#define SN_secp384r1		"secp384r1"
-#define NID_secp384r1		715
-#define OBJ_secp384r1		OBJ_secg_ellipticCurve,34L
-
-#define SN_secp521r1		"secp521r1"
-#define NID_secp521r1		716
-#define OBJ_secp521r1		OBJ_secg_ellipticCurve,35L
-
-#define SN_sect113r1		"sect113r1"
-#define NID_sect113r1		717
-#define OBJ_sect113r1		OBJ_secg_ellipticCurve,4L
-
-#define SN_sect113r2		"sect113r2"
-#define NID_sect113r2		718
-#define OBJ_sect113r2		OBJ_secg_ellipticCurve,5L
-
-#define SN_sect131r1		"sect131r1"
-#define NID_sect131r1		719
-#define OBJ_sect131r1		OBJ_secg_ellipticCurve,22L
-
-#define SN_sect131r2		"sect131r2"
-#define NID_sect131r2		720
-#define OBJ_sect131r2		OBJ_secg_ellipticCurve,23L
-
-#define SN_sect163k1		"sect163k1"
-#define NID_sect163k1		721
-#define OBJ_sect163k1		OBJ_secg_ellipticCurve,1L
-
-#define SN_sect163r1		"sect163r1"
-#define NID_sect163r1		722
-#define OBJ_sect163r1		OBJ_secg_ellipticCurve,2L
-
-#define SN_sect163r2		"sect163r2"
-#define NID_sect163r2		723
-#define OBJ_sect163r2		OBJ_secg_ellipticCurve,15L
-
-#define SN_sect193r1		"sect193r1"
-#define NID_sect193r1		724
-#define OBJ_sect193r1		OBJ_secg_ellipticCurve,24L
-
-#define SN_sect193r2		"sect193r2"
-#define NID_sect193r2		725
-#define OBJ_sect193r2		OBJ_secg_ellipticCurve,25L
-
-#define SN_sect233k1		"sect233k1"
-#define NID_sect233k1		726
-#define OBJ_sect233k1		OBJ_secg_ellipticCurve,26L
-
-#define SN_sect233r1		"sect233r1"
-#define NID_sect233r1		727
-#define OBJ_sect233r1		OBJ_secg_ellipticCurve,27L
-
-#define SN_sect239k1		"sect239k1"
-#define NID_sect239k1		728
-#define OBJ_sect239k1		OBJ_secg_ellipticCurve,3L
-
-#define SN_sect283k1		"sect283k1"
-#define NID_sect283k1		729
-#define OBJ_sect283k1		OBJ_secg_ellipticCurve,16L
-
-#define SN_sect283r1		"sect283r1"
-#define NID_sect283r1		730
-#define OBJ_sect283r1		OBJ_secg_ellipticCurve,17L
-
-#define SN_sect409k1		"sect409k1"
-#define NID_sect409k1		731
-#define OBJ_sect409k1		OBJ_secg_ellipticCurve,36L
-
-#define SN_sect409r1		"sect409r1"
-#define NID_sect409r1		732
-#define OBJ_sect409r1		OBJ_secg_ellipticCurve,37L
-
-#define SN_sect571k1		"sect571k1"
-#define NID_sect571k1		733
-#define OBJ_sect571k1		OBJ_secg_ellipticCurve,38L
-
-#define SN_sect571r1		"sect571r1"
-#define NID_sect571r1		734
-#define OBJ_sect571r1		OBJ_secg_ellipticCurve,39L
-
-#define OBJ_wap_wsg_idm_ecid		OBJ_wap_wsg,4L
-
-#define SN_wap_wsg_idm_ecid_wtls1		"wap-wsg-idm-ecid-wtls1"
-#define NID_wap_wsg_idm_ecid_wtls1		735
-#define OBJ_wap_wsg_idm_ecid_wtls1		OBJ_wap_wsg_idm_ecid,1L
-
-#define SN_wap_wsg_idm_ecid_wtls3		"wap-wsg-idm-ecid-wtls3"
-#define NID_wap_wsg_idm_ecid_wtls3		736
-#define OBJ_wap_wsg_idm_ecid_wtls3		OBJ_wap_wsg_idm_ecid,3L
-
-#define SN_wap_wsg_idm_ecid_wtls4		"wap-wsg-idm-ecid-wtls4"
-#define NID_wap_wsg_idm_ecid_wtls4		737
-#define OBJ_wap_wsg_idm_ecid_wtls4		OBJ_wap_wsg_idm_ecid,4L
-
-#define SN_wap_wsg_idm_ecid_wtls5		"wap-wsg-idm-ecid-wtls5"
-#define NID_wap_wsg_idm_ecid_wtls5		738
-#define OBJ_wap_wsg_idm_ecid_wtls5		OBJ_wap_wsg_idm_ecid,5L
-
-#define SN_wap_wsg_idm_ecid_wtls6		"wap-wsg-idm-ecid-wtls6"
-#define NID_wap_wsg_idm_ecid_wtls6		739
-#define OBJ_wap_wsg_idm_ecid_wtls6		OBJ_wap_wsg_idm_ecid,6L
-
-#define SN_wap_wsg_idm_ecid_wtls7		"wap-wsg-idm-ecid-wtls7"
-#define NID_wap_wsg_idm_ecid_wtls7		740
-#define OBJ_wap_wsg_idm_ecid_wtls7		OBJ_wap_wsg_idm_ecid,7L
-
-#define SN_wap_wsg_idm_ecid_wtls8		"wap-wsg-idm-ecid-wtls8"
-#define NID_wap_wsg_idm_ecid_wtls8		741
-#define OBJ_wap_wsg_idm_ecid_wtls8		OBJ_wap_wsg_idm_ecid,8L
-
-#define SN_wap_wsg_idm_ecid_wtls9		"wap-wsg-idm-ecid-wtls9"
-#define NID_wap_wsg_idm_ecid_wtls9		742
-#define OBJ_wap_wsg_idm_ecid_wtls9		OBJ_wap_wsg_idm_ecid,9L
-
-#define SN_wap_wsg_idm_ecid_wtls10		"wap-wsg-idm-ecid-wtls10"
-#define NID_wap_wsg_idm_ecid_wtls10		743
-#define OBJ_wap_wsg_idm_ecid_wtls10		OBJ_wap_wsg_idm_ecid,10L
-
-#define SN_wap_wsg_idm_ecid_wtls11		"wap-wsg-idm-ecid-wtls11"
-#define NID_wap_wsg_idm_ecid_wtls11		744
-#define OBJ_wap_wsg_idm_ecid_wtls11		OBJ_wap_wsg_idm_ecid,11L
-
-#define SN_wap_wsg_idm_ecid_wtls12		"wap-wsg-idm-ecid-wtls12"
-#define NID_wap_wsg_idm_ecid_wtls12		745
-#define OBJ_wap_wsg_idm_ecid_wtls12		OBJ_wap_wsg_idm_ecid,12L
-
-#define SN_cast5_cbc		"CAST5-CBC"
-#define LN_cast5_cbc		"cast5-cbc"
-#define NID_cast5_cbc		108
-#define OBJ_cast5_cbc		OBJ_ISO_US,113533L,7L,66L,10L
-
-#define SN_cast5_ecb		"CAST5-ECB"
-#define LN_cast5_ecb		"cast5-ecb"
-#define NID_cast5_ecb		109
-
-#define SN_cast5_cfb64		"CAST5-CFB"
-#define LN_cast5_cfb64		"cast5-cfb"
-#define NID_cast5_cfb64		110
-
-#define SN_cast5_ofb64		"CAST5-OFB"
-#define LN_cast5_ofb64		"cast5-ofb"
-#define NID_cast5_ofb64		111
-
-#define LN_pbeWithMD5AndCast5_CBC		"pbeWithMD5AndCast5CBC"
-#define NID_pbeWithMD5AndCast5_CBC		112
-#define OBJ_pbeWithMD5AndCast5_CBC		OBJ_ISO_US,113533L,7L,66L,12L
-
-#define SN_id_PasswordBasedMAC		"id-PasswordBasedMAC"
-#define LN_id_PasswordBasedMAC		"password based MAC"
-#define NID_id_PasswordBasedMAC		782
-#define OBJ_id_PasswordBasedMAC		OBJ_ISO_US,113533L,7L,66L,13L
-
-#define SN_id_DHBasedMac		"id-DHBasedMac"
-#define LN_id_DHBasedMac		"Diffie-Hellman based MAC"
-#define NID_id_DHBasedMac		783
-#define OBJ_id_DHBasedMac		OBJ_ISO_US,113533L,7L,66L,30L
-
-#define SN_rsadsi		"rsadsi"
-#define LN_rsadsi		"RSA Data Security, Inc."
-#define NID_rsadsi		1
-#define OBJ_rsadsi		OBJ_ISO_US,113549L
-
-#define SN_pkcs		"pkcs"
-#define LN_pkcs		"RSA Data Security, Inc. PKCS"
-#define NID_pkcs		2
-#define OBJ_pkcs		OBJ_rsadsi,1L
-
-#define SN_pkcs1		"pkcs1"
-#define NID_pkcs1		186
-#define OBJ_pkcs1		OBJ_pkcs,1L
-
-#define LN_rsaEncryption		"rsaEncryption"
-#define NID_rsaEncryption		6
-#define OBJ_rsaEncryption		OBJ_pkcs1,1L
-
-#define SN_md2WithRSAEncryption		"RSA-MD2"
-#define LN_md2WithRSAEncryption		"md2WithRSAEncryption"
-#define NID_md2WithRSAEncryption		7
-#define OBJ_md2WithRSAEncryption		OBJ_pkcs1,2L
-
-#define SN_md4WithRSAEncryption		"RSA-MD4"
-#define LN_md4WithRSAEncryption		"md4WithRSAEncryption"
-#define NID_md4WithRSAEncryption		396
-#define OBJ_md4WithRSAEncryption		OBJ_pkcs1,3L
-
-#define SN_md5WithRSAEncryption		"RSA-MD5"
-#define LN_md5WithRSAEncryption		"md5WithRSAEncryption"
-#define NID_md5WithRSAEncryption		8
-#define OBJ_md5WithRSAEncryption		OBJ_pkcs1,4L
-
-#define SN_sha1WithRSAEncryption		"RSA-SHA1"
-#define LN_sha1WithRSAEncryption		"sha1WithRSAEncryption"
-#define NID_sha1WithRSAEncryption		65
-#define OBJ_sha1WithRSAEncryption		OBJ_pkcs1,5L
-
-#define SN_rsaesOaep		"RSAES-OAEP"
-#define LN_rsaesOaep		"rsaesOaep"
-#define NID_rsaesOaep		919
-#define OBJ_rsaesOaep		OBJ_pkcs1,7L
-
-#define SN_mgf1		"MGF1"
-#define LN_mgf1		"mgf1"
-#define NID_mgf1		911
-#define OBJ_mgf1		OBJ_pkcs1,8L
-
-#define SN_rsassaPss		"RSASSA-PSS"
-#define LN_rsassaPss		"rsassaPss"
-#define NID_rsassaPss		912
-#define OBJ_rsassaPss		OBJ_pkcs1,10L
-
-#define SN_sha256WithRSAEncryption		"RSA-SHA256"
-#define LN_sha256WithRSAEncryption		"sha256WithRSAEncryption"
-#define NID_sha256WithRSAEncryption		668
-#define OBJ_sha256WithRSAEncryption		OBJ_pkcs1,11L
-
-#define SN_sha384WithRSAEncryption		"RSA-SHA384"
-#define LN_sha384WithRSAEncryption		"sha384WithRSAEncryption"
-#define NID_sha384WithRSAEncryption		669
-#define OBJ_sha384WithRSAEncryption		OBJ_pkcs1,12L
-
-#define SN_sha512WithRSAEncryption		"RSA-SHA512"
-#define LN_sha512WithRSAEncryption		"sha512WithRSAEncryption"
-#define NID_sha512WithRSAEncryption		670
-#define OBJ_sha512WithRSAEncryption		OBJ_pkcs1,13L
-
-#define SN_sha224WithRSAEncryption		"RSA-SHA224"
-#define LN_sha224WithRSAEncryption		"sha224WithRSAEncryption"
-#define NID_sha224WithRSAEncryption		671
-#define OBJ_sha224WithRSAEncryption		OBJ_pkcs1,14L
-
-#define SN_pkcs3		"pkcs3"
-#define NID_pkcs3		27
-#define OBJ_pkcs3		OBJ_pkcs,3L
-
-#define LN_dhKeyAgreement		"dhKeyAgreement"
-#define NID_dhKeyAgreement		28
-#define OBJ_dhKeyAgreement		OBJ_pkcs3,1L
-
-#define SN_pkcs5		"pkcs5"
-#define NID_pkcs5		187
-#define OBJ_pkcs5		OBJ_pkcs,5L
-
-#define SN_pbeWithMD2AndDES_CBC		"PBE-MD2-DES"
-#define LN_pbeWithMD2AndDES_CBC		"pbeWithMD2AndDES-CBC"
-#define NID_pbeWithMD2AndDES_CBC		9
-#define OBJ_pbeWithMD2AndDES_CBC		OBJ_pkcs5,1L
-
-#define SN_pbeWithMD5AndDES_CBC		"PBE-MD5-DES"
-#define LN_pbeWithMD5AndDES_CBC		"pbeWithMD5AndDES-CBC"
-#define NID_pbeWithMD5AndDES_CBC		10
-#define OBJ_pbeWithMD5AndDES_CBC		OBJ_pkcs5,3L
-
-#define SN_pbeWithMD2AndRC2_CBC		"PBE-MD2-RC2-64"
-#define LN_pbeWithMD2AndRC2_CBC		"pbeWithMD2AndRC2-CBC"
-#define NID_pbeWithMD2AndRC2_CBC		168
-#define OBJ_pbeWithMD2AndRC2_CBC		OBJ_pkcs5,4L
-
-#define SN_pbeWithMD5AndRC2_CBC		"PBE-MD5-RC2-64"
-#define LN_pbeWithMD5AndRC2_CBC		"pbeWithMD5AndRC2-CBC"
-#define NID_pbeWithMD5AndRC2_CBC		169
-#define OBJ_pbeWithMD5AndRC2_CBC		OBJ_pkcs5,6L
-
-#define SN_pbeWithSHA1AndDES_CBC		"PBE-SHA1-DES"
-#define LN_pbeWithSHA1AndDES_CBC		"pbeWithSHA1AndDES-CBC"
-#define NID_pbeWithSHA1AndDES_CBC		170
-#define OBJ_pbeWithSHA1AndDES_CBC		OBJ_pkcs5,10L
-
-#define SN_pbeWithSHA1AndRC2_CBC		"PBE-SHA1-RC2-64"
-#define LN_pbeWithSHA1AndRC2_CBC		"pbeWithSHA1AndRC2-CBC"
-#define NID_pbeWithSHA1AndRC2_CBC		68
-#define OBJ_pbeWithSHA1AndRC2_CBC		OBJ_pkcs5,11L
-
-#define LN_id_pbkdf2		"PBKDF2"
-#define NID_id_pbkdf2		69
-#define OBJ_id_pbkdf2		OBJ_pkcs5,12L
-
-#define LN_pbes2		"PBES2"
-#define NID_pbes2		161
-#define OBJ_pbes2		OBJ_pkcs5,13L
-
-#define LN_pbmac1		"PBMAC1"
-#define NID_pbmac1		162
-#define OBJ_pbmac1		OBJ_pkcs5,14L
-
-#define SN_pkcs7		"pkcs7"
-#define NID_pkcs7		20
-#define OBJ_pkcs7		OBJ_pkcs,7L
-
-#define LN_pkcs7_data		"pkcs7-data"
-#define NID_pkcs7_data		21
-#define OBJ_pkcs7_data		OBJ_pkcs7,1L
-
-#define LN_pkcs7_signed		"pkcs7-signedData"
-#define NID_pkcs7_signed		22
-#define OBJ_pkcs7_signed		OBJ_pkcs7,2L
-
-#define LN_pkcs7_enveloped		"pkcs7-envelopedData"
-#define NID_pkcs7_enveloped		23
-#define OBJ_pkcs7_enveloped		OBJ_pkcs7,3L
-
-#define LN_pkcs7_signedAndEnveloped		"pkcs7-signedAndEnvelopedData"
-#define NID_pkcs7_signedAndEnveloped		24
-#define OBJ_pkcs7_signedAndEnveloped		OBJ_pkcs7,4L
-
-#define LN_pkcs7_digest		"pkcs7-digestData"
-#define NID_pkcs7_digest		25
-#define OBJ_pkcs7_digest		OBJ_pkcs7,5L
-
-#define LN_pkcs7_encrypted		"pkcs7-encryptedData"
-#define NID_pkcs7_encrypted		26
-#define OBJ_pkcs7_encrypted		OBJ_pkcs7,6L
-
-#define SN_pkcs9		"pkcs9"
-#define NID_pkcs9		47
-#define OBJ_pkcs9		OBJ_pkcs,9L
-
-#define LN_pkcs9_emailAddress		"emailAddress"
-#define NID_pkcs9_emailAddress		48
-#define OBJ_pkcs9_emailAddress		OBJ_pkcs9,1L
-
-#define LN_pkcs9_unstructuredName		"unstructuredName"
-#define NID_pkcs9_unstructuredName		49
-#define OBJ_pkcs9_unstructuredName		OBJ_pkcs9,2L
-
-#define LN_pkcs9_contentType		"contentType"
-#define NID_pkcs9_contentType		50
-#define OBJ_pkcs9_contentType		OBJ_pkcs9,3L
-
-#define LN_pkcs9_messageDigest		"messageDigest"
-#define NID_pkcs9_messageDigest		51
-#define OBJ_pkcs9_messageDigest		OBJ_pkcs9,4L
-
-#define LN_pkcs9_signingTime		"signingTime"
-#define NID_pkcs9_signingTime		52
-#define OBJ_pkcs9_signingTime		OBJ_pkcs9,5L
-
-#define LN_pkcs9_countersignature		"countersignature"
-#define NID_pkcs9_countersignature		53
-#define OBJ_pkcs9_countersignature		OBJ_pkcs9,6L
-
-#define LN_pkcs9_challengePassword		"challengePassword"
-#define NID_pkcs9_challengePassword		54
-#define OBJ_pkcs9_challengePassword		OBJ_pkcs9,7L
-
-#define LN_pkcs9_unstructuredAddress		"unstructuredAddress"
-#define NID_pkcs9_unstructuredAddress		55
-#define OBJ_pkcs9_unstructuredAddress		OBJ_pkcs9,8L
-
-#define LN_pkcs9_extCertAttributes		"extendedCertificateAttributes"
-#define NID_pkcs9_extCertAttributes		56
-#define OBJ_pkcs9_extCertAttributes		OBJ_pkcs9,9L
-
-#define SN_ext_req		"extReq"
-#define LN_ext_req		"Extension Request"
-#define NID_ext_req		172
-#define OBJ_ext_req		OBJ_pkcs9,14L
-
-#define SN_SMIMECapabilities		"SMIME-CAPS"
-#define LN_SMIMECapabilities		"S/MIME Capabilities"
-#define NID_SMIMECapabilities		167
-#define OBJ_SMIMECapabilities		OBJ_pkcs9,15L
-
-#define SN_SMIME		"SMIME"
-#define LN_SMIME		"S/MIME"
-#define NID_SMIME		188
-#define OBJ_SMIME		OBJ_pkcs9,16L
-
-#define SN_id_smime_mod		"id-smime-mod"
-#define NID_id_smime_mod		189
-#define OBJ_id_smime_mod		OBJ_SMIME,0L
-
-#define SN_id_smime_ct		"id-smime-ct"
-#define NID_id_smime_ct		190
-#define OBJ_id_smime_ct		OBJ_SMIME,1L
-
-#define SN_id_smime_aa		"id-smime-aa"
-#define NID_id_smime_aa		191
-#define OBJ_id_smime_aa		OBJ_SMIME,2L
-
-#define SN_id_smime_alg		"id-smime-alg"
-#define NID_id_smime_alg		192
-#define OBJ_id_smime_alg		OBJ_SMIME,3L
-
-#define SN_id_smime_cd		"id-smime-cd"
-#define NID_id_smime_cd		193
-#define OBJ_id_smime_cd		OBJ_SMIME,4L
-
-#define SN_id_smime_spq		"id-smime-spq"
-#define NID_id_smime_spq		194
-#define OBJ_id_smime_spq		OBJ_SMIME,5L
-
-#define SN_id_smime_cti		"id-smime-cti"
-#define NID_id_smime_cti		195
-#define OBJ_id_smime_cti		OBJ_SMIME,6L
-
-#define SN_id_smime_mod_cms		"id-smime-mod-cms"
-#define NID_id_smime_mod_cms		196
-#define OBJ_id_smime_mod_cms		OBJ_id_smime_mod,1L
-
-#define SN_id_smime_mod_ess		"id-smime-mod-ess"
-#define NID_id_smime_mod_ess		197
-#define OBJ_id_smime_mod_ess		OBJ_id_smime_mod,2L
-
-#define SN_id_smime_mod_oid		"id-smime-mod-oid"
-#define NID_id_smime_mod_oid		198
-#define OBJ_id_smime_mod_oid		OBJ_id_smime_mod,3L
-
-#define SN_id_smime_mod_msg_v3		"id-smime-mod-msg-v3"
-#define NID_id_smime_mod_msg_v3		199
-#define OBJ_id_smime_mod_msg_v3		OBJ_id_smime_mod,4L
-
-#define SN_id_smime_mod_ets_eSignature_88		"id-smime-mod-ets-eSignature-88"
-#define NID_id_smime_mod_ets_eSignature_88		200
-#define OBJ_id_smime_mod_ets_eSignature_88		OBJ_id_smime_mod,5L
-
-#define SN_id_smime_mod_ets_eSignature_97		"id-smime-mod-ets-eSignature-97"
-#define NID_id_smime_mod_ets_eSignature_97		201
-#define OBJ_id_smime_mod_ets_eSignature_97		OBJ_id_smime_mod,6L
-
-#define SN_id_smime_mod_ets_eSigPolicy_88		"id-smime-mod-ets-eSigPolicy-88"
-#define NID_id_smime_mod_ets_eSigPolicy_88		202
-#define OBJ_id_smime_mod_ets_eSigPolicy_88		OBJ_id_smime_mod,7L
-
-#define SN_id_smime_mod_ets_eSigPolicy_97		"id-smime-mod-ets-eSigPolicy-97"
-#define NID_id_smime_mod_ets_eSigPolicy_97		203
-#define OBJ_id_smime_mod_ets_eSigPolicy_97		OBJ_id_smime_mod,8L
-
-#define SN_id_smime_ct_receipt		"id-smime-ct-receipt"
-#define NID_id_smime_ct_receipt		204
-#define OBJ_id_smime_ct_receipt		OBJ_id_smime_ct,1L
-
-#define SN_id_smime_ct_authData		"id-smime-ct-authData"
-#define NID_id_smime_ct_authData		205
-#define OBJ_id_smime_ct_authData		OBJ_id_smime_ct,2L
-
-#define SN_id_smime_ct_publishCert		"id-smime-ct-publishCert"
-#define NID_id_smime_ct_publishCert		206
-#define OBJ_id_smime_ct_publishCert		OBJ_id_smime_ct,3L
-
-#define SN_id_smime_ct_TSTInfo		"id-smime-ct-TSTInfo"
-#define NID_id_smime_ct_TSTInfo		207
-#define OBJ_id_smime_ct_TSTInfo		OBJ_id_smime_ct,4L
-
-#define SN_id_smime_ct_TDTInfo		"id-smime-ct-TDTInfo"
-#define NID_id_smime_ct_TDTInfo		208
-#define OBJ_id_smime_ct_TDTInfo		OBJ_id_smime_ct,5L
-
-#define SN_id_smime_ct_contentInfo		"id-smime-ct-contentInfo"
-#define NID_id_smime_ct_contentInfo		209
-#define OBJ_id_smime_ct_contentInfo		OBJ_id_smime_ct,6L
-
-#define SN_id_smime_ct_DVCSRequestData		"id-smime-ct-DVCSRequestData"
-#define NID_id_smime_ct_DVCSRequestData		210
-#define OBJ_id_smime_ct_DVCSRequestData		OBJ_id_smime_ct,7L
-
-#define SN_id_smime_ct_DVCSResponseData		"id-smime-ct-DVCSResponseData"
-#define NID_id_smime_ct_DVCSResponseData		211
-#define OBJ_id_smime_ct_DVCSResponseData		OBJ_id_smime_ct,8L
-
-#define SN_id_smime_ct_compressedData		"id-smime-ct-compressedData"
-#define NID_id_smime_ct_compressedData		786
-#define OBJ_id_smime_ct_compressedData		OBJ_id_smime_ct,9L
-
-#define SN_id_ct_asciiTextWithCRLF		"id-ct-asciiTextWithCRLF"
-#define NID_id_ct_asciiTextWithCRLF		787
-#define OBJ_id_ct_asciiTextWithCRLF		OBJ_id_smime_ct,27L
-
-#define SN_id_smime_aa_receiptRequest		"id-smime-aa-receiptRequest"
-#define NID_id_smime_aa_receiptRequest		212
-#define OBJ_id_smime_aa_receiptRequest		OBJ_id_smime_aa,1L
-
-#define SN_id_smime_aa_securityLabel		"id-smime-aa-securityLabel"
-#define NID_id_smime_aa_securityLabel		213
-#define OBJ_id_smime_aa_securityLabel		OBJ_id_smime_aa,2L
-
-#define SN_id_smime_aa_mlExpandHistory		"id-smime-aa-mlExpandHistory"
-#define NID_id_smime_aa_mlExpandHistory		214
-#define OBJ_id_smime_aa_mlExpandHistory		OBJ_id_smime_aa,3L
-
-#define SN_id_smime_aa_contentHint		"id-smime-aa-contentHint"
-#define NID_id_smime_aa_contentHint		215
-#define OBJ_id_smime_aa_contentHint		OBJ_id_smime_aa,4L
-
-#define SN_id_smime_aa_msgSigDigest		"id-smime-aa-msgSigDigest"
-#define NID_id_smime_aa_msgSigDigest		216
-#define OBJ_id_smime_aa_msgSigDigest		OBJ_id_smime_aa,5L
-
-#define SN_id_smime_aa_encapContentType		"id-smime-aa-encapContentType"
-#define NID_id_smime_aa_encapContentType		217
-#define OBJ_id_smime_aa_encapContentType		OBJ_id_smime_aa,6L
-
-#define SN_id_smime_aa_contentIdentifier		"id-smime-aa-contentIdentifier"
-#define NID_id_smime_aa_contentIdentifier		218
-#define OBJ_id_smime_aa_contentIdentifier		OBJ_id_smime_aa,7L
-
-#define SN_id_smime_aa_macValue		"id-smime-aa-macValue"
-#define NID_id_smime_aa_macValue		219
-#define OBJ_id_smime_aa_macValue		OBJ_id_smime_aa,8L
-
-#define SN_id_smime_aa_equivalentLabels		"id-smime-aa-equivalentLabels"
-#define NID_id_smime_aa_equivalentLabels		220
-#define OBJ_id_smime_aa_equivalentLabels		OBJ_id_smime_aa,9L
-
-#define SN_id_smime_aa_contentReference		"id-smime-aa-contentReference"
-#define NID_id_smime_aa_contentReference		221
-#define OBJ_id_smime_aa_contentReference		OBJ_id_smime_aa,10L
-
-#define SN_id_smime_aa_encrypKeyPref		"id-smime-aa-encrypKeyPref"
-#define NID_id_smime_aa_encrypKeyPref		222
-#define OBJ_id_smime_aa_encrypKeyPref		OBJ_id_smime_aa,11L
-
-#define SN_id_smime_aa_signingCertificate		"id-smime-aa-signingCertificate"
-#define NID_id_smime_aa_signingCertificate		223
-#define OBJ_id_smime_aa_signingCertificate		OBJ_id_smime_aa,12L
-
-#define SN_id_smime_aa_smimeEncryptCerts		"id-smime-aa-smimeEncryptCerts"
-#define NID_id_smime_aa_smimeEncryptCerts		224
-#define OBJ_id_smime_aa_smimeEncryptCerts		OBJ_id_smime_aa,13L
-
-#define SN_id_smime_aa_timeStampToken		"id-smime-aa-timeStampToken"
-#define NID_id_smime_aa_timeStampToken		225
-#define OBJ_id_smime_aa_timeStampToken		OBJ_id_smime_aa,14L
-
-#define SN_id_smime_aa_ets_sigPolicyId		"id-smime-aa-ets-sigPolicyId"
-#define NID_id_smime_aa_ets_sigPolicyId		226
-#define OBJ_id_smime_aa_ets_sigPolicyId		OBJ_id_smime_aa,15L
-
-#define SN_id_smime_aa_ets_commitmentType		"id-smime-aa-ets-commitmentType"
-#define NID_id_smime_aa_ets_commitmentType		227
-#define OBJ_id_smime_aa_ets_commitmentType		OBJ_id_smime_aa,16L
-
-#define SN_id_smime_aa_ets_signerLocation		"id-smime-aa-ets-signerLocation"
-#define NID_id_smime_aa_ets_signerLocation		228
-#define OBJ_id_smime_aa_ets_signerLocation		OBJ_id_smime_aa,17L
-
-#define SN_id_smime_aa_ets_signerAttr		"id-smime-aa-ets-signerAttr"
-#define NID_id_smime_aa_ets_signerAttr		229
-#define OBJ_id_smime_aa_ets_signerAttr		OBJ_id_smime_aa,18L
-
-#define SN_id_smime_aa_ets_otherSigCert		"id-smime-aa-ets-otherSigCert"
-#define NID_id_smime_aa_ets_otherSigCert		230
-#define OBJ_id_smime_aa_ets_otherSigCert		OBJ_id_smime_aa,19L
-
-#define SN_id_smime_aa_ets_contentTimestamp		"id-smime-aa-ets-contentTimestamp"
-#define NID_id_smime_aa_ets_contentTimestamp		231
-#define OBJ_id_smime_aa_ets_contentTimestamp		OBJ_id_smime_aa,20L
-
-#define SN_id_smime_aa_ets_CertificateRefs		"id-smime-aa-ets-CertificateRefs"
-#define NID_id_smime_aa_ets_CertificateRefs		232
-#define OBJ_id_smime_aa_ets_CertificateRefs		OBJ_id_smime_aa,21L
-
-#define SN_id_smime_aa_ets_RevocationRefs		"id-smime-aa-ets-RevocationRefs"
-#define NID_id_smime_aa_ets_RevocationRefs		233
-#define OBJ_id_smime_aa_ets_RevocationRefs		OBJ_id_smime_aa,22L
-
-#define SN_id_smime_aa_ets_certValues		"id-smime-aa-ets-certValues"
-#define NID_id_smime_aa_ets_certValues		234
-#define OBJ_id_smime_aa_ets_certValues		OBJ_id_smime_aa,23L
-
-#define SN_id_smime_aa_ets_revocationValues		"id-smime-aa-ets-revocationValues"
-#define NID_id_smime_aa_ets_revocationValues		235
-#define OBJ_id_smime_aa_ets_revocationValues		OBJ_id_smime_aa,24L
-
-#define SN_id_smime_aa_ets_escTimeStamp		"id-smime-aa-ets-escTimeStamp"
-#define NID_id_smime_aa_ets_escTimeStamp		236
-#define OBJ_id_smime_aa_ets_escTimeStamp		OBJ_id_smime_aa,25L
-
-#define SN_id_smime_aa_ets_certCRLTimestamp		"id-smime-aa-ets-certCRLTimestamp"
-#define NID_id_smime_aa_ets_certCRLTimestamp		237
-#define OBJ_id_smime_aa_ets_certCRLTimestamp		OBJ_id_smime_aa,26L
-
-#define SN_id_smime_aa_ets_archiveTimeStamp		"id-smime-aa-ets-archiveTimeStamp"
-#define NID_id_smime_aa_ets_archiveTimeStamp		238
-#define OBJ_id_smime_aa_ets_archiveTimeStamp		OBJ_id_smime_aa,27L
-
-#define SN_id_smime_aa_signatureType		"id-smime-aa-signatureType"
-#define NID_id_smime_aa_signatureType		239
-#define OBJ_id_smime_aa_signatureType		OBJ_id_smime_aa,28L
-
-#define SN_id_smime_aa_dvcs_dvc		"id-smime-aa-dvcs-dvc"
-#define NID_id_smime_aa_dvcs_dvc		240
-#define OBJ_id_smime_aa_dvcs_dvc		OBJ_id_smime_aa,29L
-
-#define SN_id_smime_alg_ESDHwith3DES		"id-smime-alg-ESDHwith3DES"
-#define NID_id_smime_alg_ESDHwith3DES		241
-#define OBJ_id_smime_alg_ESDHwith3DES		OBJ_id_smime_alg,1L
-
-#define SN_id_smime_alg_ESDHwithRC2		"id-smime-alg-ESDHwithRC2"
-#define NID_id_smime_alg_ESDHwithRC2		242
-#define OBJ_id_smime_alg_ESDHwithRC2		OBJ_id_smime_alg,2L
-
-#define SN_id_smime_alg_3DESwrap		"id-smime-alg-3DESwrap"
-#define NID_id_smime_alg_3DESwrap		243
-#define OBJ_id_smime_alg_3DESwrap		OBJ_id_smime_alg,3L
-
-#define SN_id_smime_alg_RC2wrap		"id-smime-alg-RC2wrap"
-#define NID_id_smime_alg_RC2wrap		244
-#define OBJ_id_smime_alg_RC2wrap		OBJ_id_smime_alg,4L
-
-#define SN_id_smime_alg_ESDH		"id-smime-alg-ESDH"
-#define NID_id_smime_alg_ESDH		245
-#define OBJ_id_smime_alg_ESDH		OBJ_id_smime_alg,5L
-
-#define SN_id_smime_alg_CMS3DESwrap		"id-smime-alg-CMS3DESwrap"
-#define NID_id_smime_alg_CMS3DESwrap		246
-#define OBJ_id_smime_alg_CMS3DESwrap		OBJ_id_smime_alg,6L
-
-#define SN_id_smime_alg_CMSRC2wrap		"id-smime-alg-CMSRC2wrap"
-#define NID_id_smime_alg_CMSRC2wrap		247
-#define OBJ_id_smime_alg_CMSRC2wrap		OBJ_id_smime_alg,7L
-
-#define SN_id_alg_PWRI_KEK		"id-alg-PWRI-KEK"
-#define NID_id_alg_PWRI_KEK		893
-#define OBJ_id_alg_PWRI_KEK		OBJ_id_smime_alg,9L
-
-#define SN_id_smime_cd_ldap		"id-smime-cd-ldap"
-#define NID_id_smime_cd_ldap		248
-#define OBJ_id_smime_cd_ldap		OBJ_id_smime_cd,1L
-
-#define SN_id_smime_spq_ets_sqt_uri		"id-smime-spq-ets-sqt-uri"
-#define NID_id_smime_spq_ets_sqt_uri		249
-#define OBJ_id_smime_spq_ets_sqt_uri		OBJ_id_smime_spq,1L
-
-#define SN_id_smime_spq_ets_sqt_unotice		"id-smime-spq-ets-sqt-unotice"
-#define NID_id_smime_spq_ets_sqt_unotice		250
-#define OBJ_id_smime_spq_ets_sqt_unotice		OBJ_id_smime_spq,2L
-
-#define SN_id_smime_cti_ets_proofOfOrigin		"id-smime-cti-ets-proofOfOrigin"
-#define NID_id_smime_cti_ets_proofOfOrigin		251
-#define OBJ_id_smime_cti_ets_proofOfOrigin		OBJ_id_smime_cti,1L
-
-#define SN_id_smime_cti_ets_proofOfReceipt		"id-smime-cti-ets-proofOfReceipt"
-#define NID_id_smime_cti_ets_proofOfReceipt		252
-#define OBJ_id_smime_cti_ets_proofOfReceipt		OBJ_id_smime_cti,2L
-
-#define SN_id_smime_cti_ets_proofOfDelivery		"id-smime-cti-ets-proofOfDelivery"
-#define NID_id_smime_cti_ets_proofOfDelivery		253
-#define OBJ_id_smime_cti_ets_proofOfDelivery		OBJ_id_smime_cti,3L
-
-#define SN_id_smime_cti_ets_proofOfSender		"id-smime-cti-ets-proofOfSender"
-#define NID_id_smime_cti_ets_proofOfSender		254
-#define OBJ_id_smime_cti_ets_proofOfSender		OBJ_id_smime_cti,4L
-
-#define SN_id_smime_cti_ets_proofOfApproval		"id-smime-cti-ets-proofOfApproval"
-#define NID_id_smime_cti_ets_proofOfApproval		255
-#define OBJ_id_smime_cti_ets_proofOfApproval		OBJ_id_smime_cti,5L
-
-#define SN_id_smime_cti_ets_proofOfCreation		"id-smime-cti-ets-proofOfCreation"
-#define NID_id_smime_cti_ets_proofOfCreation		256
-#define OBJ_id_smime_cti_ets_proofOfCreation		OBJ_id_smime_cti,6L
-
-#define LN_friendlyName		"friendlyName"
-#define NID_friendlyName		156
-#define OBJ_friendlyName		OBJ_pkcs9,20L
-
-#define LN_localKeyID		"localKeyID"
-#define NID_localKeyID		157
-#define OBJ_localKeyID		OBJ_pkcs9,21L
-
-#define SN_ms_csp_name		"CSPName"
-#define LN_ms_csp_name		"Microsoft CSP Name"
-#define NID_ms_csp_name		417
-#define OBJ_ms_csp_name		1L,3L,6L,1L,4L,1L,311L,17L,1L
-
-#define SN_LocalKeySet		"LocalKeySet"
-#define LN_LocalKeySet		"Microsoft Local Key set"
-#define NID_LocalKeySet		856
-#define OBJ_LocalKeySet		1L,3L,6L,1L,4L,1L,311L,17L,2L
-
-#define OBJ_certTypes		OBJ_pkcs9,22L
-
-#define LN_x509Certificate		"x509Certificate"
-#define NID_x509Certificate		158
-#define OBJ_x509Certificate		OBJ_certTypes,1L
-
-#define LN_sdsiCertificate		"sdsiCertificate"
-#define NID_sdsiCertificate		159
-#define OBJ_sdsiCertificate		OBJ_certTypes,2L
-
-#define OBJ_crlTypes		OBJ_pkcs9,23L
-
-#define LN_x509Crl		"x509Crl"
-#define NID_x509Crl		160
-#define OBJ_x509Crl		OBJ_crlTypes,1L
-
-#define OBJ_pkcs12		OBJ_pkcs,12L
-
-#define OBJ_pkcs12_pbeids		OBJ_pkcs12,1L
-
-#define SN_pbe_WithSHA1And128BitRC4		"PBE-SHA1-RC4-128"
-#define LN_pbe_WithSHA1And128BitRC4		"pbeWithSHA1And128BitRC4"
-#define NID_pbe_WithSHA1And128BitRC4		144
-#define OBJ_pbe_WithSHA1And128BitRC4		OBJ_pkcs12_pbeids,1L
-
-#define SN_pbe_WithSHA1And40BitRC4		"PBE-SHA1-RC4-40"
-#define LN_pbe_WithSHA1And40BitRC4		"pbeWithSHA1And40BitRC4"
-#define NID_pbe_WithSHA1And40BitRC4		145
-#define OBJ_pbe_WithSHA1And40BitRC4		OBJ_pkcs12_pbeids,2L
-
-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC		"PBE-SHA1-3DES"
-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC		"pbeWithSHA1And3-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC		146
-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC		OBJ_pkcs12_pbeids,3L
-
-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC		"PBE-SHA1-2DES"
-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC		"pbeWithSHA1And2-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC		147
-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC		OBJ_pkcs12_pbeids,4L
-
-#define SN_pbe_WithSHA1And128BitRC2_CBC		"PBE-SHA1-RC2-128"
-#define LN_pbe_WithSHA1And128BitRC2_CBC		"pbeWithSHA1And128BitRC2-CBC"
-#define NID_pbe_WithSHA1And128BitRC2_CBC		148
-#define OBJ_pbe_WithSHA1And128BitRC2_CBC		OBJ_pkcs12_pbeids,5L
-
-#define SN_pbe_WithSHA1And40BitRC2_CBC		"PBE-SHA1-RC2-40"
-#define LN_pbe_WithSHA1And40BitRC2_CBC		"pbeWithSHA1And40BitRC2-CBC"
-#define NID_pbe_WithSHA1And40BitRC2_CBC		149
-#define OBJ_pbe_WithSHA1And40BitRC2_CBC		OBJ_pkcs12_pbeids,6L
-
-#define OBJ_pkcs12_Version1		OBJ_pkcs12,10L
-
-#define OBJ_pkcs12_BagIds		OBJ_pkcs12_Version1,1L
-
-#define LN_keyBag		"keyBag"
-#define NID_keyBag		150
-#define OBJ_keyBag		OBJ_pkcs12_BagIds,1L
-
-#define LN_pkcs8ShroudedKeyBag		"pkcs8ShroudedKeyBag"
-#define NID_pkcs8ShroudedKeyBag		151
-#define OBJ_pkcs8ShroudedKeyBag		OBJ_pkcs12_BagIds,2L
-
-#define LN_certBag		"certBag"
-#define NID_certBag		152
-#define OBJ_certBag		OBJ_pkcs12_BagIds,3L
-
-#define LN_crlBag		"crlBag"
-#define NID_crlBag		153
-#define OBJ_crlBag		OBJ_pkcs12_BagIds,4L
-
-#define LN_secretBag		"secretBag"
-#define NID_secretBag		154
-#define OBJ_secretBag		OBJ_pkcs12_BagIds,5L
-
-#define LN_safeContentsBag		"safeContentsBag"
-#define NID_safeContentsBag		155
-#define OBJ_safeContentsBag		OBJ_pkcs12_BagIds,6L
-
-#define SN_md2		"MD2"
-#define LN_md2		"md2"
-#define NID_md2		3
-#define OBJ_md2		OBJ_rsadsi,2L,2L
-
-#define SN_md4		"MD4"
-#define LN_md4		"md4"
-#define NID_md4		257
-#define OBJ_md4		OBJ_rsadsi,2L,4L
-
-#define SN_md5		"MD5"
-#define LN_md5		"md5"
-#define NID_md5		4
-#define OBJ_md5		OBJ_rsadsi,2L,5L
-
-#define SN_md5_sha1		"MD5-SHA1"
-#define LN_md5_sha1		"md5-sha1"
-#define NID_md5_sha1		114
-
-#define LN_hmacWithMD5		"hmacWithMD5"
-#define NID_hmacWithMD5		797
-#define OBJ_hmacWithMD5		OBJ_rsadsi,2L,6L
-
-#define LN_hmacWithSHA1		"hmacWithSHA1"
-#define NID_hmacWithSHA1		163
-#define OBJ_hmacWithSHA1		OBJ_rsadsi,2L,7L
-
-#define LN_hmacWithSHA224		"hmacWithSHA224"
-#define NID_hmacWithSHA224		798
-#define OBJ_hmacWithSHA224		OBJ_rsadsi,2L,8L
-
-#define LN_hmacWithSHA256		"hmacWithSHA256"
-#define NID_hmacWithSHA256		799
-#define OBJ_hmacWithSHA256		OBJ_rsadsi,2L,9L
-
-#define LN_hmacWithSHA384		"hmacWithSHA384"
-#define NID_hmacWithSHA384		800
-#define OBJ_hmacWithSHA384		OBJ_rsadsi,2L,10L
-
-#define LN_hmacWithSHA512		"hmacWithSHA512"
-#define NID_hmacWithSHA512		801
-#define OBJ_hmacWithSHA512		OBJ_rsadsi,2L,11L
-
-#define SN_rc2_cbc		"RC2-CBC"
-#define LN_rc2_cbc		"rc2-cbc"
-#define NID_rc2_cbc		37
-#define OBJ_rc2_cbc		OBJ_rsadsi,3L,2L
-
-#define SN_rc2_ecb		"RC2-ECB"
-#define LN_rc2_ecb		"rc2-ecb"
-#define NID_rc2_ecb		38
-
-#define SN_rc2_cfb64		"RC2-CFB"
-#define LN_rc2_cfb64		"rc2-cfb"
-#define NID_rc2_cfb64		39
-
-#define SN_rc2_ofb64		"RC2-OFB"
-#define LN_rc2_ofb64		"rc2-ofb"
-#define NID_rc2_ofb64		40
-
-#define SN_rc2_40_cbc		"RC2-40-CBC"
-#define LN_rc2_40_cbc		"rc2-40-cbc"
-#define NID_rc2_40_cbc		98
-
-#define SN_rc2_64_cbc		"RC2-64-CBC"
-#define LN_rc2_64_cbc		"rc2-64-cbc"
-#define NID_rc2_64_cbc		166
-
-#define SN_rc4		"RC4"
-#define LN_rc4		"rc4"
-#define NID_rc4		5
-#define OBJ_rc4		OBJ_rsadsi,3L,4L
-
-#define SN_rc4_40		"RC4-40"
-#define LN_rc4_40		"rc4-40"
-#define NID_rc4_40		97
-
-#define SN_des_ede3_cbc		"DES-EDE3-CBC"
-#define LN_des_ede3_cbc		"des-ede3-cbc"
-#define NID_des_ede3_cbc		44
-#define OBJ_des_ede3_cbc		OBJ_rsadsi,3L,7L
-
-#define SN_rc5_cbc		"RC5-CBC"
-#define LN_rc5_cbc		"rc5-cbc"
-#define NID_rc5_cbc		120
-#define OBJ_rc5_cbc		OBJ_rsadsi,3L,8L
-
-#define SN_rc5_ecb		"RC5-ECB"
-#define LN_rc5_ecb		"rc5-ecb"
-#define NID_rc5_ecb		121
-
-#define SN_rc5_cfb64		"RC5-CFB"
-#define LN_rc5_cfb64		"rc5-cfb"
-#define NID_rc5_cfb64		122
-
-#define SN_rc5_ofb64		"RC5-OFB"
-#define LN_rc5_ofb64		"rc5-ofb"
-#define NID_rc5_ofb64		123
-
-#define SN_ms_ext_req		"msExtReq"
-#define LN_ms_ext_req		"Microsoft Extension Request"
-#define NID_ms_ext_req		171
-#define OBJ_ms_ext_req		1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
-
-#define SN_ms_code_ind		"msCodeInd"
-#define LN_ms_code_ind		"Microsoft Individual Code Signing"
-#define NID_ms_code_ind		134
-#define OBJ_ms_code_ind		1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
-
-#define SN_ms_code_com		"msCodeCom"
-#define LN_ms_code_com		"Microsoft Commercial Code Signing"
-#define NID_ms_code_com		135
-#define OBJ_ms_code_com		1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
-
-#define SN_ms_ctl_sign		"msCTLSign"
-#define LN_ms_ctl_sign		"Microsoft Trust List Signing"
-#define NID_ms_ctl_sign		136
-#define OBJ_ms_ctl_sign		1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
-
-#define SN_ms_sgc		"msSGC"
-#define LN_ms_sgc		"Microsoft Server Gated Crypto"
-#define NID_ms_sgc		137
-#define OBJ_ms_sgc		1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
-
-#define SN_ms_efs		"msEFS"
-#define LN_ms_efs		"Microsoft Encrypted File System"
-#define NID_ms_efs		138
-#define OBJ_ms_efs		1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
-
-#define SN_ms_smartcard_login		"msSmartcardLogin"
-#define LN_ms_smartcard_login		"Microsoft Smartcardlogin"
-#define NID_ms_smartcard_login		648
-#define OBJ_ms_smartcard_login		1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
-
-#define SN_ms_upn		"msUPN"
-#define LN_ms_upn		"Microsoft Universal Principal Name"
-#define NID_ms_upn		649
-#define OBJ_ms_upn		1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
-
-#define SN_idea_cbc		"IDEA-CBC"
-#define LN_idea_cbc		"idea-cbc"
-#define NID_idea_cbc		34
-#define OBJ_idea_cbc		1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
-
-#define SN_idea_ecb		"IDEA-ECB"
-#define LN_idea_ecb		"idea-ecb"
-#define NID_idea_ecb		36
-
-#define SN_idea_cfb64		"IDEA-CFB"
-#define LN_idea_cfb64		"idea-cfb"
-#define NID_idea_cfb64		35
-
-#define SN_idea_ofb64		"IDEA-OFB"
-#define LN_idea_ofb64		"idea-ofb"
-#define NID_idea_ofb64		46
-
-#define SN_bf_cbc		"BF-CBC"
-#define LN_bf_cbc		"bf-cbc"
-#define NID_bf_cbc		91
-#define OBJ_bf_cbc		1L,3L,6L,1L,4L,1L,3029L,1L,2L
-
-#define SN_bf_ecb		"BF-ECB"
-#define LN_bf_ecb		"bf-ecb"
-#define NID_bf_ecb		92
-
-#define SN_bf_cfb64		"BF-CFB"
-#define LN_bf_cfb64		"bf-cfb"
-#define NID_bf_cfb64		93
-
-#define SN_bf_ofb64		"BF-OFB"
-#define LN_bf_ofb64		"bf-ofb"
-#define NID_bf_ofb64		94
-
-#define SN_id_pkix		"PKIX"
-#define NID_id_pkix		127
-#define OBJ_id_pkix		1L,3L,6L,1L,5L,5L,7L
-
-#define SN_id_pkix_mod		"id-pkix-mod"
-#define NID_id_pkix_mod		258
-#define OBJ_id_pkix_mod		OBJ_id_pkix,0L
-
-#define SN_id_pe		"id-pe"
-#define NID_id_pe		175
-#define OBJ_id_pe		OBJ_id_pkix,1L
-
-#define SN_id_qt		"id-qt"
-#define NID_id_qt		259
-#define OBJ_id_qt		OBJ_id_pkix,2L
-
-#define SN_id_kp		"id-kp"
-#define NID_id_kp		128
-#define OBJ_id_kp		OBJ_id_pkix,3L
-
-#define SN_id_it		"id-it"
-#define NID_id_it		260
-#define OBJ_id_it		OBJ_id_pkix,4L
-
-#define SN_id_pkip		"id-pkip"
-#define NID_id_pkip		261
-#define OBJ_id_pkip		OBJ_id_pkix,5L
-
-#define SN_id_alg		"id-alg"
-#define NID_id_alg		262
-#define OBJ_id_alg		OBJ_id_pkix,6L
-
-#define SN_id_cmc		"id-cmc"
-#define NID_id_cmc		263
-#define OBJ_id_cmc		OBJ_id_pkix,7L
-
-#define SN_id_on		"id-on"
-#define NID_id_on		264
-#define OBJ_id_on		OBJ_id_pkix,8L
-
-#define SN_id_pda		"id-pda"
-#define NID_id_pda		265
-#define OBJ_id_pda		OBJ_id_pkix,9L
-
-#define SN_id_aca		"id-aca"
-#define NID_id_aca		266
-#define OBJ_id_aca		OBJ_id_pkix,10L
-
-#define SN_id_qcs		"id-qcs"
-#define NID_id_qcs		267
-#define OBJ_id_qcs		OBJ_id_pkix,11L
-
-#define SN_id_cct		"id-cct"
-#define NID_id_cct		268
-#define OBJ_id_cct		OBJ_id_pkix,12L
-
-#define SN_id_ppl		"id-ppl"
-#define NID_id_ppl		662
-#define OBJ_id_ppl		OBJ_id_pkix,21L
-
-#define SN_id_ad		"id-ad"
-#define NID_id_ad		176
-#define OBJ_id_ad		OBJ_id_pkix,48L
-
-#define SN_id_pkix1_explicit_88		"id-pkix1-explicit-88"
-#define NID_id_pkix1_explicit_88		269
-#define OBJ_id_pkix1_explicit_88		OBJ_id_pkix_mod,1L
-
-#define SN_id_pkix1_implicit_88		"id-pkix1-implicit-88"
-#define NID_id_pkix1_implicit_88		270
-#define OBJ_id_pkix1_implicit_88		OBJ_id_pkix_mod,2L
-
-#define SN_id_pkix1_explicit_93		"id-pkix1-explicit-93"
-#define NID_id_pkix1_explicit_93		271
-#define OBJ_id_pkix1_explicit_93		OBJ_id_pkix_mod,3L
-
-#define SN_id_pkix1_implicit_93		"id-pkix1-implicit-93"
-#define NID_id_pkix1_implicit_93		272
-#define OBJ_id_pkix1_implicit_93		OBJ_id_pkix_mod,4L
-
-#define SN_id_mod_crmf		"id-mod-crmf"
-#define NID_id_mod_crmf		273
-#define OBJ_id_mod_crmf		OBJ_id_pkix_mod,5L
-
-#define SN_id_mod_cmc		"id-mod-cmc"
-#define NID_id_mod_cmc		274
-#define OBJ_id_mod_cmc		OBJ_id_pkix_mod,6L
-
-#define SN_id_mod_kea_profile_88		"id-mod-kea-profile-88"
-#define NID_id_mod_kea_profile_88		275
-#define OBJ_id_mod_kea_profile_88		OBJ_id_pkix_mod,7L
-
-#define SN_id_mod_kea_profile_93		"id-mod-kea-profile-93"
-#define NID_id_mod_kea_profile_93		276
-#define OBJ_id_mod_kea_profile_93		OBJ_id_pkix_mod,8L
-
-#define SN_id_mod_cmp		"id-mod-cmp"
-#define NID_id_mod_cmp		277
-#define OBJ_id_mod_cmp		OBJ_id_pkix_mod,9L
-
-#define SN_id_mod_qualified_cert_88		"id-mod-qualified-cert-88"
-#define NID_id_mod_qualified_cert_88		278
-#define OBJ_id_mod_qualified_cert_88		OBJ_id_pkix_mod,10L
-
-#define SN_id_mod_qualified_cert_93		"id-mod-qualified-cert-93"
-#define NID_id_mod_qualified_cert_93		279
-#define OBJ_id_mod_qualified_cert_93		OBJ_id_pkix_mod,11L
-
-#define SN_id_mod_attribute_cert		"id-mod-attribute-cert"
-#define NID_id_mod_attribute_cert		280
-#define OBJ_id_mod_attribute_cert		OBJ_id_pkix_mod,12L
-
-#define SN_id_mod_timestamp_protocol		"id-mod-timestamp-protocol"
-#define NID_id_mod_timestamp_protocol		281
-#define OBJ_id_mod_timestamp_protocol		OBJ_id_pkix_mod,13L
-
-#define SN_id_mod_ocsp		"id-mod-ocsp"
-#define NID_id_mod_ocsp		282
-#define OBJ_id_mod_ocsp		OBJ_id_pkix_mod,14L
-
-#define SN_id_mod_dvcs		"id-mod-dvcs"
-#define NID_id_mod_dvcs		283
-#define OBJ_id_mod_dvcs		OBJ_id_pkix_mod,15L
-
-#define SN_id_mod_cmp2000		"id-mod-cmp2000"
-#define NID_id_mod_cmp2000		284
-#define OBJ_id_mod_cmp2000		OBJ_id_pkix_mod,16L
-
-#define SN_info_access		"authorityInfoAccess"
-#define LN_info_access		"Authority Information Access"
-#define NID_info_access		177
-#define OBJ_info_access		OBJ_id_pe,1L
-
-#define SN_biometricInfo		"biometricInfo"
-#define LN_biometricInfo		"Biometric Info"
-#define NID_biometricInfo		285
-#define OBJ_biometricInfo		OBJ_id_pe,2L
-
-#define SN_qcStatements		"qcStatements"
-#define NID_qcStatements		286
-#define OBJ_qcStatements		OBJ_id_pe,3L
-
-#define SN_ac_auditEntity		"ac-auditEntity"
-#define NID_ac_auditEntity		287
-#define OBJ_ac_auditEntity		OBJ_id_pe,4L
-
-#define SN_ac_targeting		"ac-targeting"
-#define NID_ac_targeting		288
-#define OBJ_ac_targeting		OBJ_id_pe,5L
-
-#define SN_aaControls		"aaControls"
-#define NID_aaControls		289
-#define OBJ_aaControls		OBJ_id_pe,6L
-
-#define SN_sbgp_ipAddrBlock		"sbgp-ipAddrBlock"
-#define NID_sbgp_ipAddrBlock		290
-#define OBJ_sbgp_ipAddrBlock		OBJ_id_pe,7L
-
-#define SN_sbgp_autonomousSysNum		"sbgp-autonomousSysNum"
-#define NID_sbgp_autonomousSysNum		291
-#define OBJ_sbgp_autonomousSysNum		OBJ_id_pe,8L
-
-#define SN_sbgp_routerIdentifier		"sbgp-routerIdentifier"
-#define NID_sbgp_routerIdentifier		292
-#define OBJ_sbgp_routerIdentifier		OBJ_id_pe,9L
-
-#define SN_ac_proxying		"ac-proxying"
-#define NID_ac_proxying		397
-#define OBJ_ac_proxying		OBJ_id_pe,10L
-
-#define SN_sinfo_access		"subjectInfoAccess"
-#define LN_sinfo_access		"Subject Information Access"
-#define NID_sinfo_access		398
-#define OBJ_sinfo_access		OBJ_id_pe,11L
-
-#define SN_proxyCertInfo		"proxyCertInfo"
-#define LN_proxyCertInfo		"Proxy Certificate Information"
-#define NID_proxyCertInfo		663
-#define OBJ_proxyCertInfo		OBJ_id_pe,14L
-
-#define SN_id_qt_cps		"id-qt-cps"
-#define LN_id_qt_cps		"Policy Qualifier CPS"
-#define NID_id_qt_cps		164
-#define OBJ_id_qt_cps		OBJ_id_qt,1L
-
-#define SN_id_qt_unotice		"id-qt-unotice"
-#define LN_id_qt_unotice		"Policy Qualifier User Notice"
-#define NID_id_qt_unotice		165
-#define OBJ_id_qt_unotice		OBJ_id_qt,2L
-
-#define SN_textNotice		"textNotice"
-#define NID_textNotice		293
-#define OBJ_textNotice		OBJ_id_qt,3L
-
-#define SN_server_auth		"serverAuth"
-#define LN_server_auth		"TLS Web Server Authentication"
-#define NID_server_auth		129
-#define OBJ_server_auth		OBJ_id_kp,1L
-
-#define SN_client_auth		"clientAuth"
-#define LN_client_auth		"TLS Web Client Authentication"
-#define NID_client_auth		130
-#define OBJ_client_auth		OBJ_id_kp,2L
-
-#define SN_code_sign		"codeSigning"
-#define LN_code_sign		"Code Signing"
-#define NID_code_sign		131
-#define OBJ_code_sign		OBJ_id_kp,3L
-
-#define SN_email_protect		"emailProtection"
-#define LN_email_protect		"E-mail Protection"
-#define NID_email_protect		132
-#define OBJ_email_protect		OBJ_id_kp,4L
-
-#define SN_ipsecEndSystem		"ipsecEndSystem"
-#define LN_ipsecEndSystem		"IPSec End System"
-#define NID_ipsecEndSystem		294
-#define OBJ_ipsecEndSystem		OBJ_id_kp,5L
-
-#define SN_ipsecTunnel		"ipsecTunnel"
-#define LN_ipsecTunnel		"IPSec Tunnel"
-#define NID_ipsecTunnel		295
-#define OBJ_ipsecTunnel		OBJ_id_kp,6L
-
-#define SN_ipsecUser		"ipsecUser"
-#define LN_ipsecUser		"IPSec User"
-#define NID_ipsecUser		296
-#define OBJ_ipsecUser		OBJ_id_kp,7L
-
-#define SN_time_stamp		"timeStamping"
-#define LN_time_stamp		"Time Stamping"
-#define NID_time_stamp		133
-#define OBJ_time_stamp		OBJ_id_kp,8L
-
-#define SN_OCSP_sign		"OCSPSigning"
-#define LN_OCSP_sign		"OCSP Signing"
-#define NID_OCSP_sign		180
-#define OBJ_OCSP_sign		OBJ_id_kp,9L
-
-#define SN_dvcs		"DVCS"
-#define LN_dvcs		"dvcs"
-#define NID_dvcs		297
-#define OBJ_dvcs		OBJ_id_kp,10L
-
-#define SN_id_it_caProtEncCert		"id-it-caProtEncCert"
-#define NID_id_it_caProtEncCert		298
-#define OBJ_id_it_caProtEncCert		OBJ_id_it,1L
-
-#define SN_id_it_signKeyPairTypes		"id-it-signKeyPairTypes"
-#define NID_id_it_signKeyPairTypes		299
-#define OBJ_id_it_signKeyPairTypes		OBJ_id_it,2L
-
-#define SN_id_it_encKeyPairTypes		"id-it-encKeyPairTypes"
-#define NID_id_it_encKeyPairTypes		300
-#define OBJ_id_it_encKeyPairTypes		OBJ_id_it,3L
-
-#define SN_id_it_preferredSymmAlg		"id-it-preferredSymmAlg"
-#define NID_id_it_preferredSymmAlg		301
-#define OBJ_id_it_preferredSymmAlg		OBJ_id_it,4L
-
-#define SN_id_it_caKeyUpdateInfo		"id-it-caKeyUpdateInfo"
-#define NID_id_it_caKeyUpdateInfo		302
-#define OBJ_id_it_caKeyUpdateInfo		OBJ_id_it,5L
-
-#define SN_id_it_currentCRL		"id-it-currentCRL"
-#define NID_id_it_currentCRL		303
-#define OBJ_id_it_currentCRL		OBJ_id_it,6L
-
-#define SN_id_it_unsupportedOIDs		"id-it-unsupportedOIDs"
-#define NID_id_it_unsupportedOIDs		304
-#define OBJ_id_it_unsupportedOIDs		OBJ_id_it,7L
-
-#define SN_id_it_subscriptionRequest		"id-it-subscriptionRequest"
-#define NID_id_it_subscriptionRequest		305
-#define OBJ_id_it_subscriptionRequest		OBJ_id_it,8L
-
-#define SN_id_it_subscriptionResponse		"id-it-subscriptionResponse"
-#define NID_id_it_subscriptionResponse		306
-#define OBJ_id_it_subscriptionResponse		OBJ_id_it,9L
-
-#define SN_id_it_keyPairParamReq		"id-it-keyPairParamReq"
-#define NID_id_it_keyPairParamReq		307
-#define OBJ_id_it_keyPairParamReq		OBJ_id_it,10L
-
-#define SN_id_it_keyPairParamRep		"id-it-keyPairParamRep"
-#define NID_id_it_keyPairParamRep		308
-#define OBJ_id_it_keyPairParamRep		OBJ_id_it,11L
-
-#define SN_id_it_revPassphrase		"id-it-revPassphrase"
-#define NID_id_it_revPassphrase		309
-#define OBJ_id_it_revPassphrase		OBJ_id_it,12L
-
-#define SN_id_it_implicitConfirm		"id-it-implicitConfirm"
-#define NID_id_it_implicitConfirm		310
-#define OBJ_id_it_implicitConfirm		OBJ_id_it,13L
-
-#define SN_id_it_confirmWaitTime		"id-it-confirmWaitTime"
-#define NID_id_it_confirmWaitTime		311
-#define OBJ_id_it_confirmWaitTime		OBJ_id_it,14L
-
-#define SN_id_it_origPKIMessage		"id-it-origPKIMessage"
-#define NID_id_it_origPKIMessage		312
-#define OBJ_id_it_origPKIMessage		OBJ_id_it,15L
-
-#define SN_id_it_suppLangTags		"id-it-suppLangTags"
-#define NID_id_it_suppLangTags		784
-#define OBJ_id_it_suppLangTags		OBJ_id_it,16L
-
-#define SN_id_regCtrl		"id-regCtrl"
-#define NID_id_regCtrl		313
-#define OBJ_id_regCtrl		OBJ_id_pkip,1L
-
-#define SN_id_regInfo		"id-regInfo"
-#define NID_id_regInfo		314
-#define OBJ_id_regInfo		OBJ_id_pkip,2L
-
-#define SN_id_regCtrl_regToken		"id-regCtrl-regToken"
-#define NID_id_regCtrl_regToken		315
-#define OBJ_id_regCtrl_regToken		OBJ_id_regCtrl,1L
-
-#define SN_id_regCtrl_authenticator		"id-regCtrl-authenticator"
-#define NID_id_regCtrl_authenticator		316
-#define OBJ_id_regCtrl_authenticator		OBJ_id_regCtrl,2L
-
-#define SN_id_regCtrl_pkiPublicationInfo		"id-regCtrl-pkiPublicationInfo"
-#define NID_id_regCtrl_pkiPublicationInfo		317
-#define OBJ_id_regCtrl_pkiPublicationInfo		OBJ_id_regCtrl,3L
-
-#define SN_id_regCtrl_pkiArchiveOptions		"id-regCtrl-pkiArchiveOptions"
-#define NID_id_regCtrl_pkiArchiveOptions		318
-#define OBJ_id_regCtrl_pkiArchiveOptions		OBJ_id_regCtrl,4L
-
-#define SN_id_regCtrl_oldCertID		"id-regCtrl-oldCertID"
-#define NID_id_regCtrl_oldCertID		319
-#define OBJ_id_regCtrl_oldCertID		OBJ_id_regCtrl,5L
-
-#define SN_id_regCtrl_protocolEncrKey		"id-regCtrl-protocolEncrKey"
-#define NID_id_regCtrl_protocolEncrKey		320
-#define OBJ_id_regCtrl_protocolEncrKey		OBJ_id_regCtrl,6L
-
-#define SN_id_regInfo_utf8Pairs		"id-regInfo-utf8Pairs"
-#define NID_id_regInfo_utf8Pairs		321
-#define OBJ_id_regInfo_utf8Pairs		OBJ_id_regInfo,1L
-
-#define SN_id_regInfo_certReq		"id-regInfo-certReq"
-#define NID_id_regInfo_certReq		322
-#define OBJ_id_regInfo_certReq		OBJ_id_regInfo,2L
-
-#define SN_id_alg_des40		"id-alg-des40"
-#define NID_id_alg_des40		323
-#define OBJ_id_alg_des40		OBJ_id_alg,1L
-
-#define SN_id_alg_noSignature		"id-alg-noSignature"
-#define NID_id_alg_noSignature		324
-#define OBJ_id_alg_noSignature		OBJ_id_alg,2L
-
-#define SN_id_alg_dh_sig_hmac_sha1		"id-alg-dh-sig-hmac-sha1"
-#define NID_id_alg_dh_sig_hmac_sha1		325
-#define OBJ_id_alg_dh_sig_hmac_sha1		OBJ_id_alg,3L
-
-#define SN_id_alg_dh_pop		"id-alg-dh-pop"
-#define NID_id_alg_dh_pop		326
-#define OBJ_id_alg_dh_pop		OBJ_id_alg,4L
-
-#define SN_id_cmc_statusInfo		"id-cmc-statusInfo"
-#define NID_id_cmc_statusInfo		327
-#define OBJ_id_cmc_statusInfo		OBJ_id_cmc,1L
-
-#define SN_id_cmc_identification		"id-cmc-identification"
-#define NID_id_cmc_identification		328
-#define OBJ_id_cmc_identification		OBJ_id_cmc,2L
-
-#define SN_id_cmc_identityProof		"id-cmc-identityProof"
-#define NID_id_cmc_identityProof		329
-#define OBJ_id_cmc_identityProof		OBJ_id_cmc,3L
-
-#define SN_id_cmc_dataReturn		"id-cmc-dataReturn"
-#define NID_id_cmc_dataReturn		330
-#define OBJ_id_cmc_dataReturn		OBJ_id_cmc,4L
-
-#define SN_id_cmc_transactionId		"id-cmc-transactionId"
-#define NID_id_cmc_transactionId		331
-#define OBJ_id_cmc_transactionId		OBJ_id_cmc,5L
-
-#define SN_id_cmc_senderNonce		"id-cmc-senderNonce"
-#define NID_id_cmc_senderNonce		332
-#define OBJ_id_cmc_senderNonce		OBJ_id_cmc,6L
-
-#define SN_id_cmc_recipientNonce		"id-cmc-recipientNonce"
-#define NID_id_cmc_recipientNonce		333
-#define OBJ_id_cmc_recipientNonce		OBJ_id_cmc,7L
-
-#define SN_id_cmc_addExtensions		"id-cmc-addExtensions"
-#define NID_id_cmc_addExtensions		334
-#define OBJ_id_cmc_addExtensions		OBJ_id_cmc,8L
-
-#define SN_id_cmc_encryptedPOP		"id-cmc-encryptedPOP"
-#define NID_id_cmc_encryptedPOP		335
-#define OBJ_id_cmc_encryptedPOP		OBJ_id_cmc,9L
-
-#define SN_id_cmc_decryptedPOP		"id-cmc-decryptedPOP"
-#define NID_id_cmc_decryptedPOP		336
-#define OBJ_id_cmc_decryptedPOP		OBJ_id_cmc,10L
-
-#define SN_id_cmc_lraPOPWitness		"id-cmc-lraPOPWitness"
-#define NID_id_cmc_lraPOPWitness		337
-#define OBJ_id_cmc_lraPOPWitness		OBJ_id_cmc,11L
-
-#define SN_id_cmc_getCert		"id-cmc-getCert"
-#define NID_id_cmc_getCert		338
-#define OBJ_id_cmc_getCert		OBJ_id_cmc,15L
-
-#define SN_id_cmc_getCRL		"id-cmc-getCRL"
-#define NID_id_cmc_getCRL		339
-#define OBJ_id_cmc_getCRL		OBJ_id_cmc,16L
-
-#define SN_id_cmc_revokeRequest		"id-cmc-revokeRequest"
-#define NID_id_cmc_revokeRequest		340
-#define OBJ_id_cmc_revokeRequest		OBJ_id_cmc,17L
-
-#define SN_id_cmc_regInfo		"id-cmc-regInfo"
-#define NID_id_cmc_regInfo		341
-#define OBJ_id_cmc_regInfo		OBJ_id_cmc,18L
-
-#define SN_id_cmc_responseInfo		"id-cmc-responseInfo"
-#define NID_id_cmc_responseInfo		342
-#define OBJ_id_cmc_responseInfo		OBJ_id_cmc,19L
-
-#define SN_id_cmc_queryPending		"id-cmc-queryPending"
-#define NID_id_cmc_queryPending		343
-#define OBJ_id_cmc_queryPending		OBJ_id_cmc,21L
-
-#define SN_id_cmc_popLinkRandom		"id-cmc-popLinkRandom"
-#define NID_id_cmc_popLinkRandom		344
-#define OBJ_id_cmc_popLinkRandom		OBJ_id_cmc,22L
-
-#define SN_id_cmc_popLinkWitness		"id-cmc-popLinkWitness"
-#define NID_id_cmc_popLinkWitness		345
-#define OBJ_id_cmc_popLinkWitness		OBJ_id_cmc,23L
-
-#define SN_id_cmc_confirmCertAcceptance		"id-cmc-confirmCertAcceptance"
-#define NID_id_cmc_confirmCertAcceptance		346
-#define OBJ_id_cmc_confirmCertAcceptance		OBJ_id_cmc,24L
-
-#define SN_id_on_personalData		"id-on-personalData"
-#define NID_id_on_personalData		347
-#define OBJ_id_on_personalData		OBJ_id_on,1L
-
-#define SN_id_on_permanentIdentifier		"id-on-permanentIdentifier"
-#define LN_id_on_permanentIdentifier		"Permanent Identifier"
-#define NID_id_on_permanentIdentifier		858
-#define OBJ_id_on_permanentIdentifier		OBJ_id_on,3L
-
-#define SN_id_pda_dateOfBirth		"id-pda-dateOfBirth"
-#define NID_id_pda_dateOfBirth		348
-#define OBJ_id_pda_dateOfBirth		OBJ_id_pda,1L
-
-#define SN_id_pda_placeOfBirth		"id-pda-placeOfBirth"
-#define NID_id_pda_placeOfBirth		349
-#define OBJ_id_pda_placeOfBirth		OBJ_id_pda,2L
-
-#define SN_id_pda_gender		"id-pda-gender"
-#define NID_id_pda_gender		351
-#define OBJ_id_pda_gender		OBJ_id_pda,3L
-
-#define SN_id_pda_countryOfCitizenship		"id-pda-countryOfCitizenship"
-#define NID_id_pda_countryOfCitizenship		352
-#define OBJ_id_pda_countryOfCitizenship		OBJ_id_pda,4L
-
-#define SN_id_pda_countryOfResidence		"id-pda-countryOfResidence"
-#define NID_id_pda_countryOfResidence		353
-#define OBJ_id_pda_countryOfResidence		OBJ_id_pda,5L
-
-#define SN_id_aca_authenticationInfo		"id-aca-authenticationInfo"
-#define NID_id_aca_authenticationInfo		354
-#define OBJ_id_aca_authenticationInfo		OBJ_id_aca,1L
-
-#define SN_id_aca_accessIdentity		"id-aca-accessIdentity"
-#define NID_id_aca_accessIdentity		355
-#define OBJ_id_aca_accessIdentity		OBJ_id_aca,2L
-
-#define SN_id_aca_chargingIdentity		"id-aca-chargingIdentity"
-#define NID_id_aca_chargingIdentity		356
-#define OBJ_id_aca_chargingIdentity		OBJ_id_aca,3L
-
-#define SN_id_aca_group		"id-aca-group"
-#define NID_id_aca_group		357
-#define OBJ_id_aca_group		OBJ_id_aca,4L
-
-#define SN_id_aca_role		"id-aca-role"
-#define NID_id_aca_role		358
-#define OBJ_id_aca_role		OBJ_id_aca,5L
-
-#define SN_id_aca_encAttrs		"id-aca-encAttrs"
-#define NID_id_aca_encAttrs		399
-#define OBJ_id_aca_encAttrs		OBJ_id_aca,6L
-
-#define SN_id_qcs_pkixQCSyntax_v1		"id-qcs-pkixQCSyntax-v1"
-#define NID_id_qcs_pkixQCSyntax_v1		359
-#define OBJ_id_qcs_pkixQCSyntax_v1		OBJ_id_qcs,1L
-
-#define SN_id_cct_crs		"id-cct-crs"
-#define NID_id_cct_crs		360
-#define OBJ_id_cct_crs		OBJ_id_cct,1L
-
-#define SN_id_cct_PKIData		"id-cct-PKIData"
-#define NID_id_cct_PKIData		361
-#define OBJ_id_cct_PKIData		OBJ_id_cct,2L
-
-#define SN_id_cct_PKIResponse		"id-cct-PKIResponse"
-#define NID_id_cct_PKIResponse		362
-#define OBJ_id_cct_PKIResponse		OBJ_id_cct,3L
-
-#define SN_id_ppl_anyLanguage		"id-ppl-anyLanguage"
-#define LN_id_ppl_anyLanguage		"Any language"
-#define NID_id_ppl_anyLanguage		664
-#define OBJ_id_ppl_anyLanguage		OBJ_id_ppl,0L
-
-#define SN_id_ppl_inheritAll		"id-ppl-inheritAll"
-#define LN_id_ppl_inheritAll		"Inherit all"
-#define NID_id_ppl_inheritAll		665
-#define OBJ_id_ppl_inheritAll		OBJ_id_ppl,1L
-
-#define SN_Independent		"id-ppl-independent"
-#define LN_Independent		"Independent"
-#define NID_Independent		667
-#define OBJ_Independent		OBJ_id_ppl,2L
-
-#define SN_ad_OCSP		"OCSP"
-#define LN_ad_OCSP		"OCSP"
-#define NID_ad_OCSP		178
-#define OBJ_ad_OCSP		OBJ_id_ad,1L
-
-#define SN_ad_ca_issuers		"caIssuers"
-#define LN_ad_ca_issuers		"CA Issuers"
-#define NID_ad_ca_issuers		179
-#define OBJ_ad_ca_issuers		OBJ_id_ad,2L
-
-#define SN_ad_timeStamping		"ad_timestamping"
-#define LN_ad_timeStamping		"AD Time Stamping"
-#define NID_ad_timeStamping		363
-#define OBJ_ad_timeStamping		OBJ_id_ad,3L
-
-#define SN_ad_dvcs		"AD_DVCS"
-#define LN_ad_dvcs		"ad dvcs"
-#define NID_ad_dvcs		364
-#define OBJ_ad_dvcs		OBJ_id_ad,4L
-
-#define SN_caRepository		"caRepository"
-#define LN_caRepository		"CA Repository"
-#define NID_caRepository		785
-#define OBJ_caRepository		OBJ_id_ad,5L
-
-#define OBJ_id_pkix_OCSP		OBJ_ad_OCSP
-
-#define SN_id_pkix_OCSP_basic		"basicOCSPResponse"
-#define LN_id_pkix_OCSP_basic		"Basic OCSP Response"
-#define NID_id_pkix_OCSP_basic		365
-#define OBJ_id_pkix_OCSP_basic		OBJ_id_pkix_OCSP,1L
-
-#define SN_id_pkix_OCSP_Nonce		"Nonce"
-#define LN_id_pkix_OCSP_Nonce		"OCSP Nonce"
-#define NID_id_pkix_OCSP_Nonce		366
-#define OBJ_id_pkix_OCSP_Nonce		OBJ_id_pkix_OCSP,2L
-
-#define SN_id_pkix_OCSP_CrlID		"CrlID"
-#define LN_id_pkix_OCSP_CrlID		"OCSP CRL ID"
-#define NID_id_pkix_OCSP_CrlID		367
-#define OBJ_id_pkix_OCSP_CrlID		OBJ_id_pkix_OCSP,3L
-
-#define SN_id_pkix_OCSP_acceptableResponses		"acceptableResponses"
-#define LN_id_pkix_OCSP_acceptableResponses		"Acceptable OCSP Responses"
-#define NID_id_pkix_OCSP_acceptableResponses		368
-#define OBJ_id_pkix_OCSP_acceptableResponses		OBJ_id_pkix_OCSP,4L
-
-#define SN_id_pkix_OCSP_noCheck		"noCheck"
-#define LN_id_pkix_OCSP_noCheck		"OCSP No Check"
-#define NID_id_pkix_OCSP_noCheck		369
-#define OBJ_id_pkix_OCSP_noCheck		OBJ_id_pkix_OCSP,5L
-
-#define SN_id_pkix_OCSP_archiveCutoff		"archiveCutoff"
-#define LN_id_pkix_OCSP_archiveCutoff		"OCSP Archive Cutoff"
-#define NID_id_pkix_OCSP_archiveCutoff		370
-#define OBJ_id_pkix_OCSP_archiveCutoff		OBJ_id_pkix_OCSP,6L
-
-#define SN_id_pkix_OCSP_serviceLocator		"serviceLocator"
-#define LN_id_pkix_OCSP_serviceLocator		"OCSP Service Locator"
-#define NID_id_pkix_OCSP_serviceLocator		371
-#define OBJ_id_pkix_OCSP_serviceLocator		OBJ_id_pkix_OCSP,7L
-
-#define SN_id_pkix_OCSP_extendedStatus		"extendedStatus"
-#define LN_id_pkix_OCSP_extendedStatus		"Extended OCSP Status"
-#define NID_id_pkix_OCSP_extendedStatus		372
-#define OBJ_id_pkix_OCSP_extendedStatus		OBJ_id_pkix_OCSP,8L
-
-#define SN_id_pkix_OCSP_valid		"valid"
-#define NID_id_pkix_OCSP_valid		373
-#define OBJ_id_pkix_OCSP_valid		OBJ_id_pkix_OCSP,9L
-
-#define SN_id_pkix_OCSP_path		"path"
-#define NID_id_pkix_OCSP_path		374
-#define OBJ_id_pkix_OCSP_path		OBJ_id_pkix_OCSP,10L
-
-#define SN_id_pkix_OCSP_trustRoot		"trustRoot"
-#define LN_id_pkix_OCSP_trustRoot		"Trust Root"
-#define NID_id_pkix_OCSP_trustRoot		375
-#define OBJ_id_pkix_OCSP_trustRoot		OBJ_id_pkix_OCSP,11L
-
-#define SN_algorithm		"algorithm"
-#define LN_algorithm		"algorithm"
-#define NID_algorithm		376
-#define OBJ_algorithm		1L,3L,14L,3L,2L
-
-#define SN_md5WithRSA		"RSA-NP-MD5"
-#define LN_md5WithRSA		"md5WithRSA"
-#define NID_md5WithRSA		104
-#define OBJ_md5WithRSA		OBJ_algorithm,3L
-
-#define SN_des_ecb		"DES-ECB"
-#define LN_des_ecb		"des-ecb"
-#define NID_des_ecb		29
-#define OBJ_des_ecb		OBJ_algorithm,6L
-
-#define SN_des_cbc		"DES-CBC"
-#define LN_des_cbc		"des-cbc"
-#define NID_des_cbc		31
-#define OBJ_des_cbc		OBJ_algorithm,7L
-
-#define SN_des_ofb64		"DES-OFB"
-#define LN_des_ofb64		"des-ofb"
-#define NID_des_ofb64		45
-#define OBJ_des_ofb64		OBJ_algorithm,8L
-
-#define SN_des_cfb64		"DES-CFB"
-#define LN_des_cfb64		"des-cfb"
-#define NID_des_cfb64		30
-#define OBJ_des_cfb64		OBJ_algorithm,9L
-
-#define SN_rsaSignature		"rsaSignature"
-#define NID_rsaSignature		377
-#define OBJ_rsaSignature		OBJ_algorithm,11L
-
-#define SN_dsa_2		"DSA-old"
-#define LN_dsa_2		"dsaEncryption-old"
-#define NID_dsa_2		67
-#define OBJ_dsa_2		OBJ_algorithm,12L
-
-#define SN_dsaWithSHA		"DSA-SHA"
-#define LN_dsaWithSHA		"dsaWithSHA"
-#define NID_dsaWithSHA		66
-#define OBJ_dsaWithSHA		OBJ_algorithm,13L
-
-#define SN_shaWithRSAEncryption		"RSA-SHA"
-#define LN_shaWithRSAEncryption		"shaWithRSAEncryption"
-#define NID_shaWithRSAEncryption		42
-#define OBJ_shaWithRSAEncryption		OBJ_algorithm,15L
-
-#define SN_des_ede_ecb		"DES-EDE"
-#define LN_des_ede_ecb		"des-ede"
-#define NID_des_ede_ecb		32
-#define OBJ_des_ede_ecb		OBJ_algorithm,17L
-
-#define SN_des_ede3_ecb		"DES-EDE3"
-#define LN_des_ede3_ecb		"des-ede3"
-#define NID_des_ede3_ecb		33
-
-#define SN_des_ede_cbc		"DES-EDE-CBC"
-#define LN_des_ede_cbc		"des-ede-cbc"
-#define NID_des_ede_cbc		43
-
-#define SN_des_ede_cfb64		"DES-EDE-CFB"
-#define LN_des_ede_cfb64		"des-ede-cfb"
-#define NID_des_ede_cfb64		60
-
-#define SN_des_ede3_cfb64		"DES-EDE3-CFB"
-#define LN_des_ede3_cfb64		"des-ede3-cfb"
-#define NID_des_ede3_cfb64		61
-
-#define SN_des_ede_ofb64		"DES-EDE-OFB"
-#define LN_des_ede_ofb64		"des-ede-ofb"
-#define NID_des_ede_ofb64		62
-
-#define SN_des_ede3_ofb64		"DES-EDE3-OFB"
-#define LN_des_ede3_ofb64		"des-ede3-ofb"
-#define NID_des_ede3_ofb64		63
-
-#define SN_desx_cbc		"DESX-CBC"
-#define LN_desx_cbc		"desx-cbc"
-#define NID_desx_cbc		80
-
-#define SN_sha		"SHA"
-#define LN_sha		"sha"
-#define NID_sha		41
-#define OBJ_sha		OBJ_algorithm,18L
-
-#define SN_sha1		"SHA1"
-#define LN_sha1		"sha1"
-#define NID_sha1		64
-#define OBJ_sha1		OBJ_algorithm,26L
-
-#define SN_dsaWithSHA1_2		"DSA-SHA1-old"
-#define LN_dsaWithSHA1_2		"dsaWithSHA1-old"
-#define NID_dsaWithSHA1_2		70
-#define OBJ_dsaWithSHA1_2		OBJ_algorithm,27L
-
-#define SN_sha1WithRSA		"RSA-SHA1-2"
-#define LN_sha1WithRSA		"sha1WithRSA"
-#define NID_sha1WithRSA		115
-#define OBJ_sha1WithRSA		OBJ_algorithm,29L
-
-#define SN_ripemd160		"RIPEMD160"
-#define LN_ripemd160		"ripemd160"
-#define NID_ripemd160		117
-#define OBJ_ripemd160		1L,3L,36L,3L,2L,1L
-
-#define SN_ripemd160WithRSA		"RSA-RIPEMD160"
-#define LN_ripemd160WithRSA		"ripemd160WithRSA"
-#define NID_ripemd160WithRSA		119
-#define OBJ_ripemd160WithRSA		1L,3L,36L,3L,3L,1L,2L
-
-#define SN_sxnet		"SXNetID"
-#define LN_sxnet		"Strong Extranet ID"
-#define NID_sxnet		143
-#define OBJ_sxnet		1L,3L,101L,1L,4L,1L
-
-#define SN_X500		"X500"
-#define LN_X500		"directory services (X.500)"
-#define NID_X500		11
-#define OBJ_X500		2L,5L
-
-#define SN_X509		"X509"
-#define NID_X509		12
-#define OBJ_X509		OBJ_X500,4L
-
-#define SN_commonName		"CN"
-#define LN_commonName		"commonName"
-#define NID_commonName		13
-#define OBJ_commonName		OBJ_X509,3L
-
-#define SN_surname		"SN"
-#define LN_surname		"surname"
-#define NID_surname		100
-#define OBJ_surname		OBJ_X509,4L
-
-#define LN_serialNumber		"serialNumber"
-#define NID_serialNumber		105
-#define OBJ_serialNumber		OBJ_X509,5L
-
-#define SN_countryName		"C"
-#define LN_countryName		"countryName"
-#define NID_countryName		14
-#define OBJ_countryName		OBJ_X509,6L
-
-#define SN_localityName		"L"
-#define LN_localityName		"localityName"
-#define NID_localityName		15
-#define OBJ_localityName		OBJ_X509,7L
-
-#define SN_stateOrProvinceName		"ST"
-#define LN_stateOrProvinceName		"stateOrProvinceName"
-#define NID_stateOrProvinceName		16
-#define OBJ_stateOrProvinceName		OBJ_X509,8L
-
-#define SN_streetAddress		"street"
-#define LN_streetAddress		"streetAddress"
-#define NID_streetAddress		660
-#define OBJ_streetAddress		OBJ_X509,9L
-
-#define SN_organizationName		"O"
-#define LN_organizationName		"organizationName"
-#define NID_organizationName		17
-#define OBJ_organizationName		OBJ_X509,10L
-
-#define SN_organizationalUnitName		"OU"
-#define LN_organizationalUnitName		"organizationalUnitName"
-#define NID_organizationalUnitName		18
-#define OBJ_organizationalUnitName		OBJ_X509,11L
-
-#define SN_title		"title"
-#define LN_title		"title"
-#define NID_title		106
-#define OBJ_title		OBJ_X509,12L
-
-#define LN_description		"description"
-#define NID_description		107
-#define OBJ_description		OBJ_X509,13L
-
-#define LN_searchGuide		"searchGuide"
-#define NID_searchGuide		859
-#define OBJ_searchGuide		OBJ_X509,14L
-
-#define LN_businessCategory		"businessCategory"
-#define NID_businessCategory		860
-#define OBJ_businessCategory		OBJ_X509,15L
-
-#define LN_postalAddress		"postalAddress"
-#define NID_postalAddress		861
-#define OBJ_postalAddress		OBJ_X509,16L
-
-#define LN_postalCode		"postalCode"
-#define NID_postalCode		661
-#define OBJ_postalCode		OBJ_X509,17L
-
-#define LN_postOfficeBox		"postOfficeBox"
-#define NID_postOfficeBox		862
-#define OBJ_postOfficeBox		OBJ_X509,18L
-
-#define LN_physicalDeliveryOfficeName		"physicalDeliveryOfficeName"
-#define NID_physicalDeliveryOfficeName		863
-#define OBJ_physicalDeliveryOfficeName		OBJ_X509,19L
-
-#define LN_telephoneNumber		"telephoneNumber"
-#define NID_telephoneNumber		864
-#define OBJ_telephoneNumber		OBJ_X509,20L
-
-#define LN_telexNumber		"telexNumber"
-#define NID_telexNumber		865
-#define OBJ_telexNumber		OBJ_X509,21L
-
-#define LN_teletexTerminalIdentifier		"teletexTerminalIdentifier"
-#define NID_teletexTerminalIdentifier		866
-#define OBJ_teletexTerminalIdentifier		OBJ_X509,22L
-
-#define LN_facsimileTelephoneNumber		"facsimileTelephoneNumber"
-#define NID_facsimileTelephoneNumber		867
-#define OBJ_facsimileTelephoneNumber		OBJ_X509,23L
-
-#define LN_x121Address		"x121Address"
-#define NID_x121Address		868
-#define OBJ_x121Address		OBJ_X509,24L
-
-#define LN_internationaliSDNNumber		"internationaliSDNNumber"
-#define NID_internationaliSDNNumber		869
-#define OBJ_internationaliSDNNumber		OBJ_X509,25L
-
-#define LN_registeredAddress		"registeredAddress"
-#define NID_registeredAddress		870
-#define OBJ_registeredAddress		OBJ_X509,26L
-
-#define LN_destinationIndicator		"destinationIndicator"
-#define NID_destinationIndicator		871
-#define OBJ_destinationIndicator		OBJ_X509,27L
-
-#define LN_preferredDeliveryMethod		"preferredDeliveryMethod"
-#define NID_preferredDeliveryMethod		872
-#define OBJ_preferredDeliveryMethod		OBJ_X509,28L
-
-#define LN_presentationAddress		"presentationAddress"
-#define NID_presentationAddress		873
-#define OBJ_presentationAddress		OBJ_X509,29L
-
-#define LN_supportedApplicationContext		"supportedApplicationContext"
-#define NID_supportedApplicationContext		874
-#define OBJ_supportedApplicationContext		OBJ_X509,30L
-
-#define SN_member		"member"
-#define NID_member		875
-#define OBJ_member		OBJ_X509,31L
-
-#define SN_owner		"owner"
-#define NID_owner		876
-#define OBJ_owner		OBJ_X509,32L
-
-#define LN_roleOccupant		"roleOccupant"
-#define NID_roleOccupant		877
-#define OBJ_roleOccupant		OBJ_X509,33L
-
-#define SN_seeAlso		"seeAlso"
-#define NID_seeAlso		878
-#define OBJ_seeAlso		OBJ_X509,34L
-
-#define LN_userPassword		"userPassword"
-#define NID_userPassword		879
-#define OBJ_userPassword		OBJ_X509,35L
-
-#define LN_userCertificate		"userCertificate"
-#define NID_userCertificate		880
-#define OBJ_userCertificate		OBJ_X509,36L
-
-#define LN_cACertificate		"cACertificate"
-#define NID_cACertificate		881
-#define OBJ_cACertificate		OBJ_X509,37L
-
-#define LN_authorityRevocationList		"authorityRevocationList"
-#define NID_authorityRevocationList		882
-#define OBJ_authorityRevocationList		OBJ_X509,38L
-
-#define LN_certificateRevocationList		"certificateRevocationList"
-#define NID_certificateRevocationList		883
-#define OBJ_certificateRevocationList		OBJ_X509,39L
-
-#define LN_crossCertificatePair		"crossCertificatePair"
-#define NID_crossCertificatePair		884
-#define OBJ_crossCertificatePair		OBJ_X509,40L
-
-#define SN_name		"name"
-#define LN_name		"name"
-#define NID_name		173
-#define OBJ_name		OBJ_X509,41L
-
-#define SN_givenName		"GN"
-#define LN_givenName		"givenName"
-#define NID_givenName		99
-#define OBJ_givenName		OBJ_X509,42L
-
-#define SN_initials		"initials"
-#define LN_initials		"initials"
-#define NID_initials		101
-#define OBJ_initials		OBJ_X509,43L
-
-#define LN_generationQualifier		"generationQualifier"
-#define NID_generationQualifier		509
-#define OBJ_generationQualifier		OBJ_X509,44L
-
-#define LN_x500UniqueIdentifier		"x500UniqueIdentifier"
-#define NID_x500UniqueIdentifier		503
-#define OBJ_x500UniqueIdentifier		OBJ_X509,45L
-
-#define SN_dnQualifier		"dnQualifier"
-#define LN_dnQualifier		"dnQualifier"
-#define NID_dnQualifier		174
-#define OBJ_dnQualifier		OBJ_X509,46L
-
-#define LN_enhancedSearchGuide		"enhancedSearchGuide"
-#define NID_enhancedSearchGuide		885
-#define OBJ_enhancedSearchGuide		OBJ_X509,47L
-
-#define LN_protocolInformation		"protocolInformation"
-#define NID_protocolInformation		886
-#define OBJ_protocolInformation		OBJ_X509,48L
-
-#define LN_distinguishedName		"distinguishedName"
-#define NID_distinguishedName		887
-#define OBJ_distinguishedName		OBJ_X509,49L
-
-#define LN_uniqueMember		"uniqueMember"
-#define NID_uniqueMember		888
-#define OBJ_uniqueMember		OBJ_X509,50L
-
-#define LN_houseIdentifier		"houseIdentifier"
-#define NID_houseIdentifier		889
-#define OBJ_houseIdentifier		OBJ_X509,51L
-
-#define LN_supportedAlgorithms		"supportedAlgorithms"
-#define NID_supportedAlgorithms		890
-#define OBJ_supportedAlgorithms		OBJ_X509,52L
-
-#define LN_deltaRevocationList		"deltaRevocationList"
-#define NID_deltaRevocationList		891
-#define OBJ_deltaRevocationList		OBJ_X509,53L
-
-#define SN_dmdName		"dmdName"
-#define NID_dmdName		892
-#define OBJ_dmdName		OBJ_X509,54L
-
-#define LN_pseudonym		"pseudonym"
-#define NID_pseudonym		510
-#define OBJ_pseudonym		OBJ_X509,65L
-
-#define SN_role		"role"
-#define LN_role		"role"
-#define NID_role		400
-#define OBJ_role		OBJ_X509,72L
-
-#define SN_X500algorithms		"X500algorithms"
-#define LN_X500algorithms		"directory services - algorithms"
-#define NID_X500algorithms		378
-#define OBJ_X500algorithms		OBJ_X500,8L
-
-#define SN_rsa		"RSA"
-#define LN_rsa		"rsa"
-#define NID_rsa		19
-#define OBJ_rsa		OBJ_X500algorithms,1L,1L
-
-#define SN_mdc2WithRSA		"RSA-MDC2"
-#define LN_mdc2WithRSA		"mdc2WithRSA"
-#define NID_mdc2WithRSA		96
-#define OBJ_mdc2WithRSA		OBJ_X500algorithms,3L,100L
-
-#define SN_mdc2		"MDC2"
-#define LN_mdc2		"mdc2"
-#define NID_mdc2		95
-#define OBJ_mdc2		OBJ_X500algorithms,3L,101L
-
-#define SN_id_ce		"id-ce"
-#define NID_id_ce		81
-#define OBJ_id_ce		OBJ_X500,29L
-
-#define SN_subject_directory_attributes		"subjectDirectoryAttributes"
-#define LN_subject_directory_attributes		"X509v3 Subject Directory Attributes"
-#define NID_subject_directory_attributes		769
-#define OBJ_subject_directory_attributes		OBJ_id_ce,9L
-
-#define SN_subject_key_identifier		"subjectKeyIdentifier"
-#define LN_subject_key_identifier		"X509v3 Subject Key Identifier"
-#define NID_subject_key_identifier		82
-#define OBJ_subject_key_identifier		OBJ_id_ce,14L
-
-#define SN_key_usage		"keyUsage"
-#define LN_key_usage		"X509v3 Key Usage"
-#define NID_key_usage		83
-#define OBJ_key_usage		OBJ_id_ce,15L
-
-#define SN_private_key_usage_period		"privateKeyUsagePeriod"
-#define LN_private_key_usage_period		"X509v3 Private Key Usage Period"
-#define NID_private_key_usage_period		84
-#define OBJ_private_key_usage_period		OBJ_id_ce,16L
-
-#define SN_subject_alt_name		"subjectAltName"
-#define LN_subject_alt_name		"X509v3 Subject Alternative Name"
-#define NID_subject_alt_name		85
-#define OBJ_subject_alt_name		OBJ_id_ce,17L
-
-#define SN_issuer_alt_name		"issuerAltName"
-#define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"
-#define NID_issuer_alt_name		86
-#define OBJ_issuer_alt_name		OBJ_id_ce,18L
-
-#define SN_basic_constraints		"basicConstraints"
-#define LN_basic_constraints		"X509v3 Basic Constraints"
-#define NID_basic_constraints		87
-#define OBJ_basic_constraints		OBJ_id_ce,19L
-
-#define SN_crl_number		"crlNumber"
-#define LN_crl_number		"X509v3 CRL Number"
-#define NID_crl_number		88
-#define OBJ_crl_number		OBJ_id_ce,20L
-
-#define SN_crl_reason		"CRLReason"
-#define LN_crl_reason		"X509v3 CRL Reason Code"
-#define NID_crl_reason		141
-#define OBJ_crl_reason		OBJ_id_ce,21L
-
-#define SN_invalidity_date		"invalidityDate"
-#define LN_invalidity_date		"Invalidity Date"
-#define NID_invalidity_date		142
-#define OBJ_invalidity_date		OBJ_id_ce,24L
-
-#define SN_delta_crl		"deltaCRL"
-#define LN_delta_crl		"X509v3 Delta CRL Indicator"
-#define NID_delta_crl		140
-#define OBJ_delta_crl		OBJ_id_ce,27L
-
-#define SN_issuing_distribution_point		"issuingDistributionPoint"
-#define LN_issuing_distribution_point		"X509v3 Issuing Distrubution Point"
-#define NID_issuing_distribution_point		770
-#define OBJ_issuing_distribution_point		OBJ_id_ce,28L
-
-#define SN_certificate_issuer		"certificateIssuer"
-#define LN_certificate_issuer		"X509v3 Certificate Issuer"
-#define NID_certificate_issuer		771
-#define OBJ_certificate_issuer		OBJ_id_ce,29L
-
-#define SN_name_constraints		"nameConstraints"
-#define LN_name_constraints		"X509v3 Name Constraints"
-#define NID_name_constraints		666
-#define OBJ_name_constraints		OBJ_id_ce,30L
-
-#define SN_crl_distribution_points		"crlDistributionPoints"
-#define LN_crl_distribution_points		"X509v3 CRL Distribution Points"
-#define NID_crl_distribution_points		103
-#define OBJ_crl_distribution_points		OBJ_id_ce,31L
-
-#define SN_certificate_policies		"certificatePolicies"
-#define LN_certificate_policies		"X509v3 Certificate Policies"
-#define NID_certificate_policies		89
-#define OBJ_certificate_policies		OBJ_id_ce,32L
-
-#define SN_any_policy		"anyPolicy"
-#define LN_any_policy		"X509v3 Any Policy"
-#define NID_any_policy		746
-#define OBJ_any_policy		OBJ_certificate_policies,0L
-
-#define SN_policy_mappings		"policyMappings"
-#define LN_policy_mappings		"X509v3 Policy Mappings"
-#define NID_policy_mappings		747
-#define OBJ_policy_mappings		OBJ_id_ce,33L
-
-#define SN_authority_key_identifier		"authorityKeyIdentifier"
-#define LN_authority_key_identifier		"X509v3 Authority Key Identifier"
-#define NID_authority_key_identifier		90
-#define OBJ_authority_key_identifier		OBJ_id_ce,35L
-
-#define SN_policy_constraints		"policyConstraints"
-#define LN_policy_constraints		"X509v3 Policy Constraints"
-#define NID_policy_constraints		401
-#define OBJ_policy_constraints		OBJ_id_ce,36L
-
-#define SN_ext_key_usage		"extendedKeyUsage"
-#define LN_ext_key_usage		"X509v3 Extended Key Usage"
-#define NID_ext_key_usage		126
-#define OBJ_ext_key_usage		OBJ_id_ce,37L
-
-#define SN_freshest_crl		"freshestCRL"
-#define LN_freshest_crl		"X509v3 Freshest CRL"
-#define NID_freshest_crl		857
-#define OBJ_freshest_crl		OBJ_id_ce,46L
-
-#define SN_inhibit_any_policy		"inhibitAnyPolicy"
-#define LN_inhibit_any_policy		"X509v3 Inhibit Any Policy"
-#define NID_inhibit_any_policy		748
-#define OBJ_inhibit_any_policy		OBJ_id_ce,54L
-
-#define SN_target_information		"targetInformation"
-#define LN_target_information		"X509v3 AC Targeting"
-#define NID_target_information		402
-#define OBJ_target_information		OBJ_id_ce,55L
-
-#define SN_no_rev_avail		"noRevAvail"
-#define LN_no_rev_avail		"X509v3 No Revocation Available"
-#define NID_no_rev_avail		403
-#define OBJ_no_rev_avail		OBJ_id_ce,56L
-
-#define SN_anyExtendedKeyUsage		"anyExtendedKeyUsage"
-#define LN_anyExtendedKeyUsage		"Any Extended Key Usage"
-#define NID_anyExtendedKeyUsage		910
-#define OBJ_anyExtendedKeyUsage		OBJ_ext_key_usage,0L
-
-#define SN_netscape		"Netscape"
-#define LN_netscape		"Netscape Communications Corp."
-#define NID_netscape		57
-#define OBJ_netscape		2L,16L,840L,1L,113730L
-
-#define SN_netscape_cert_extension		"nsCertExt"
-#define LN_netscape_cert_extension		"Netscape Certificate Extension"
-#define NID_netscape_cert_extension		58
-#define OBJ_netscape_cert_extension		OBJ_netscape,1L
-
-#define SN_netscape_data_type		"nsDataType"
-#define LN_netscape_data_type		"Netscape Data Type"
-#define NID_netscape_data_type		59
-#define OBJ_netscape_data_type		OBJ_netscape,2L
-
-#define SN_netscape_cert_type		"nsCertType"
-#define LN_netscape_cert_type		"Netscape Cert Type"
-#define NID_netscape_cert_type		71
-#define OBJ_netscape_cert_type		OBJ_netscape_cert_extension,1L
-
-#define SN_netscape_base_url		"nsBaseUrl"
-#define LN_netscape_base_url		"Netscape Base Url"
-#define NID_netscape_base_url		72
-#define OBJ_netscape_base_url		OBJ_netscape_cert_extension,2L
-
-#define SN_netscape_revocation_url		"nsRevocationUrl"
-#define LN_netscape_revocation_url		"Netscape Revocation Url"
-#define NID_netscape_revocation_url		73
-#define OBJ_netscape_revocation_url		OBJ_netscape_cert_extension,3L
-
-#define SN_netscape_ca_revocation_url		"nsCaRevocationUrl"
-#define LN_netscape_ca_revocation_url		"Netscape CA Revocation Url"
-#define NID_netscape_ca_revocation_url		74
-#define OBJ_netscape_ca_revocation_url		OBJ_netscape_cert_extension,4L
-
-#define SN_netscape_renewal_url		"nsRenewalUrl"
-#define LN_netscape_renewal_url		"Netscape Renewal Url"
-#define NID_netscape_renewal_url		75
-#define OBJ_netscape_renewal_url		OBJ_netscape_cert_extension,7L
-
-#define SN_netscape_ca_policy_url		"nsCaPolicyUrl"
-#define LN_netscape_ca_policy_url		"Netscape CA Policy Url"
-#define NID_netscape_ca_policy_url		76
-#define OBJ_netscape_ca_policy_url		OBJ_netscape_cert_extension,8L
-
-#define SN_netscape_ssl_server_name		"nsSslServerName"
-#define LN_netscape_ssl_server_name		"Netscape SSL Server Name"
-#define NID_netscape_ssl_server_name		77
-#define OBJ_netscape_ssl_server_name		OBJ_netscape_cert_extension,12L
-
-#define SN_netscape_comment		"nsComment"
-#define LN_netscape_comment		"Netscape Comment"
-#define NID_netscape_comment		78
-#define OBJ_netscape_comment		OBJ_netscape_cert_extension,13L
-
-#define SN_netscape_cert_sequence		"nsCertSequence"
-#define LN_netscape_cert_sequence		"Netscape Certificate Sequence"
-#define NID_netscape_cert_sequence		79
-#define OBJ_netscape_cert_sequence		OBJ_netscape_data_type,5L
-
-#define SN_ns_sgc		"nsSGC"
-#define LN_ns_sgc		"Netscape Server Gated Crypto"
-#define NID_ns_sgc		139
-#define OBJ_ns_sgc		OBJ_netscape,4L,1L
-
-#define SN_org		"ORG"
-#define LN_org		"org"
-#define NID_org		379
-#define OBJ_org		OBJ_iso,3L
-
-#define SN_dod		"DOD"
-#define LN_dod		"dod"
-#define NID_dod		380
-#define OBJ_dod		OBJ_org,6L
-
-#define SN_iana		"IANA"
-#define LN_iana		"iana"
-#define NID_iana		381
-#define OBJ_iana		OBJ_dod,1L
-
-#define OBJ_internet		OBJ_iana
-
-#define SN_Directory		"directory"
-#define LN_Directory		"Directory"
-#define NID_Directory		382
-#define OBJ_Directory		OBJ_internet,1L
-
-#define SN_Management		"mgmt"
-#define LN_Management		"Management"
-#define NID_Management		383
-#define OBJ_Management		OBJ_internet,2L
-
-#define SN_Experimental		"experimental"
-#define LN_Experimental		"Experimental"
-#define NID_Experimental		384
-#define OBJ_Experimental		OBJ_internet,3L
-
-#define SN_Private		"private"
-#define LN_Private		"Private"
-#define NID_Private		385
-#define OBJ_Private		OBJ_internet,4L
-
-#define SN_Security		"security"
-#define LN_Security		"Security"
-#define NID_Security		386
-#define OBJ_Security		OBJ_internet,5L
-
-#define SN_SNMPv2		"snmpv2"
-#define LN_SNMPv2		"SNMPv2"
-#define NID_SNMPv2		387
-#define OBJ_SNMPv2		OBJ_internet,6L
-
-#define LN_Mail		"Mail"
-#define NID_Mail		388
-#define OBJ_Mail		OBJ_internet,7L
-
-#define SN_Enterprises		"enterprises"
-#define LN_Enterprises		"Enterprises"
-#define NID_Enterprises		389
-#define OBJ_Enterprises		OBJ_Private,1L
-
-#define SN_dcObject		"dcobject"
-#define LN_dcObject		"dcObject"
-#define NID_dcObject		390
-#define OBJ_dcObject		OBJ_Enterprises,1466L,344L
-
-#define SN_mime_mhs		"mime-mhs"
-#define LN_mime_mhs		"MIME MHS"
-#define NID_mime_mhs		504
-#define OBJ_mime_mhs		OBJ_Mail,1L
-
-#define SN_mime_mhs_headings		"mime-mhs-headings"
-#define LN_mime_mhs_headings		"mime-mhs-headings"
-#define NID_mime_mhs_headings		505
-#define OBJ_mime_mhs_headings		OBJ_mime_mhs,1L
-
-#define SN_mime_mhs_bodies		"mime-mhs-bodies"
-#define LN_mime_mhs_bodies		"mime-mhs-bodies"
-#define NID_mime_mhs_bodies		506
-#define OBJ_mime_mhs_bodies		OBJ_mime_mhs,2L
-
-#define SN_id_hex_partial_message		"id-hex-partial-message"
-#define LN_id_hex_partial_message		"id-hex-partial-message"
-#define NID_id_hex_partial_message		507
-#define OBJ_id_hex_partial_message		OBJ_mime_mhs_headings,1L
-
-#define SN_id_hex_multipart_message		"id-hex-multipart-message"
-#define LN_id_hex_multipart_message		"id-hex-multipart-message"
-#define NID_id_hex_multipart_message		508
-#define OBJ_id_hex_multipart_message		OBJ_mime_mhs_headings,2L
-
-#define SN_rle_compression		"RLE"
-#define LN_rle_compression		"run length compression"
-#define NID_rle_compression		124
-#define OBJ_rle_compression		1L,1L,1L,1L,666L,1L
-
-#define SN_zlib_compression		"ZLIB"
-#define LN_zlib_compression		"zlib compression"
-#define NID_zlib_compression		125
-#define OBJ_zlib_compression		OBJ_id_smime_alg,8L
-
-#define OBJ_csor		2L,16L,840L,1L,101L,3L
-
-#define OBJ_nistAlgorithms		OBJ_csor,4L
-
-#define OBJ_aes		OBJ_nistAlgorithms,1L
-
-#define SN_aes_128_ecb		"AES-128-ECB"
-#define LN_aes_128_ecb		"aes-128-ecb"
-#define NID_aes_128_ecb		418
-#define OBJ_aes_128_ecb		OBJ_aes,1L
-
-#define SN_aes_128_cbc		"AES-128-CBC"
-#define LN_aes_128_cbc		"aes-128-cbc"
-#define NID_aes_128_cbc		419
-#define OBJ_aes_128_cbc		OBJ_aes,2L
-
-#define SN_aes_128_ofb128		"AES-128-OFB"
-#define LN_aes_128_ofb128		"aes-128-ofb"
-#define NID_aes_128_ofb128		420
-#define OBJ_aes_128_ofb128		OBJ_aes,3L
-
-#define SN_aes_128_cfb128		"AES-128-CFB"
-#define LN_aes_128_cfb128		"aes-128-cfb"
-#define NID_aes_128_cfb128		421
-#define OBJ_aes_128_cfb128		OBJ_aes,4L
-
-#define SN_id_aes128_wrap		"id-aes128-wrap"
-#define NID_id_aes128_wrap		788
-#define OBJ_id_aes128_wrap		OBJ_aes,5L
-
-#define SN_aes_128_gcm		"id-aes128-GCM"
-#define LN_aes_128_gcm		"aes-128-gcm"
-#define NID_aes_128_gcm		895
-#define OBJ_aes_128_gcm		OBJ_aes,6L
-
-#define SN_aes_128_ccm		"id-aes128-CCM"
-#define LN_aes_128_ccm		"aes-128-ccm"
-#define NID_aes_128_ccm		896
-#define OBJ_aes_128_ccm		OBJ_aes,7L
-
-#define SN_id_aes128_wrap_pad		"id-aes128-wrap-pad"
-#define NID_id_aes128_wrap_pad		897
-#define OBJ_id_aes128_wrap_pad		OBJ_aes,8L
-
-#define SN_aes_192_ecb		"AES-192-ECB"
-#define LN_aes_192_ecb		"aes-192-ecb"
-#define NID_aes_192_ecb		422
-#define OBJ_aes_192_ecb		OBJ_aes,21L
-
-#define SN_aes_192_cbc		"AES-192-CBC"
-#define LN_aes_192_cbc		"aes-192-cbc"
-#define NID_aes_192_cbc		423
-#define OBJ_aes_192_cbc		OBJ_aes,22L
-
-#define SN_aes_192_ofb128		"AES-192-OFB"
-#define LN_aes_192_ofb128		"aes-192-ofb"
-#define NID_aes_192_ofb128		424
-#define OBJ_aes_192_ofb128		OBJ_aes,23L
-
-#define SN_aes_192_cfb128		"AES-192-CFB"
-#define LN_aes_192_cfb128		"aes-192-cfb"
-#define NID_aes_192_cfb128		425
-#define OBJ_aes_192_cfb128		OBJ_aes,24L
-
-#define SN_id_aes192_wrap		"id-aes192-wrap"
-#define NID_id_aes192_wrap		789
-#define OBJ_id_aes192_wrap		OBJ_aes,25L
-
-#define SN_aes_192_gcm		"id-aes192-GCM"
-#define LN_aes_192_gcm		"aes-192-gcm"
-#define NID_aes_192_gcm		898
-#define OBJ_aes_192_gcm		OBJ_aes,26L
-
-#define SN_aes_192_ccm		"id-aes192-CCM"
-#define LN_aes_192_ccm		"aes-192-ccm"
-#define NID_aes_192_ccm		899
-#define OBJ_aes_192_ccm		OBJ_aes,27L
-
-#define SN_id_aes192_wrap_pad		"id-aes192-wrap-pad"
-#define NID_id_aes192_wrap_pad		900
-#define OBJ_id_aes192_wrap_pad		OBJ_aes,28L
-
-#define SN_aes_256_ecb		"AES-256-ECB"
-#define LN_aes_256_ecb		"aes-256-ecb"
-#define NID_aes_256_ecb		426
-#define OBJ_aes_256_ecb		OBJ_aes,41L
-
-#define SN_aes_256_cbc		"AES-256-CBC"
-#define LN_aes_256_cbc		"aes-256-cbc"
-#define NID_aes_256_cbc		427
-#define OBJ_aes_256_cbc		OBJ_aes,42L
-
-#define SN_aes_256_ofb128		"AES-256-OFB"
-#define LN_aes_256_ofb128		"aes-256-ofb"
-#define NID_aes_256_ofb128		428
-#define OBJ_aes_256_ofb128		OBJ_aes,43L
-
-#define SN_aes_256_cfb128		"AES-256-CFB"
-#define LN_aes_256_cfb128		"aes-256-cfb"
-#define NID_aes_256_cfb128		429
-#define OBJ_aes_256_cfb128		OBJ_aes,44L
-
-#define SN_id_aes256_wrap		"id-aes256-wrap"
-#define NID_id_aes256_wrap		790
-#define OBJ_id_aes256_wrap		OBJ_aes,45L
-
-#define SN_aes_256_gcm		"id-aes256-GCM"
-#define LN_aes_256_gcm		"aes-256-gcm"
-#define NID_aes_256_gcm		901
-#define OBJ_aes_256_gcm		OBJ_aes,46L
-
-#define SN_aes_256_ccm		"id-aes256-CCM"
-#define LN_aes_256_ccm		"aes-256-ccm"
-#define NID_aes_256_ccm		902
-#define OBJ_aes_256_ccm		OBJ_aes,47L
-
-#define SN_id_aes256_wrap_pad		"id-aes256-wrap-pad"
-#define NID_id_aes256_wrap_pad		903
-#define OBJ_id_aes256_wrap_pad		OBJ_aes,48L
-
-#define SN_aes_128_cfb1		"AES-128-CFB1"
-#define LN_aes_128_cfb1		"aes-128-cfb1"
-#define NID_aes_128_cfb1		650
-
-#define SN_aes_192_cfb1		"AES-192-CFB1"
-#define LN_aes_192_cfb1		"aes-192-cfb1"
-#define NID_aes_192_cfb1		651
-
-#define SN_aes_256_cfb1		"AES-256-CFB1"
-#define LN_aes_256_cfb1		"aes-256-cfb1"
-#define NID_aes_256_cfb1		652
-
-#define SN_aes_128_cfb8		"AES-128-CFB8"
-#define LN_aes_128_cfb8		"aes-128-cfb8"
-#define NID_aes_128_cfb8		653
-
-#define SN_aes_192_cfb8		"AES-192-CFB8"
-#define LN_aes_192_cfb8		"aes-192-cfb8"
-#define NID_aes_192_cfb8		654
-
-#define SN_aes_256_cfb8		"AES-256-CFB8"
-#define LN_aes_256_cfb8		"aes-256-cfb8"
-#define NID_aes_256_cfb8		655
-
-#define SN_aes_128_ctr		"AES-128-CTR"
-#define LN_aes_128_ctr		"aes-128-ctr"
-#define NID_aes_128_ctr		904
-
-#define SN_aes_192_ctr		"AES-192-CTR"
-#define LN_aes_192_ctr		"aes-192-ctr"
-#define NID_aes_192_ctr		905
-
-#define SN_aes_256_ctr		"AES-256-CTR"
-#define LN_aes_256_ctr		"aes-256-ctr"
-#define NID_aes_256_ctr		906
-
-#define SN_aes_128_xts		"AES-128-XTS"
-#define LN_aes_128_xts		"aes-128-xts"
-#define NID_aes_128_xts		913
-
-#define SN_aes_256_xts		"AES-256-XTS"
-#define LN_aes_256_xts		"aes-256-xts"
-#define NID_aes_256_xts		914
-
-#define SN_des_cfb1		"DES-CFB1"
-#define LN_des_cfb1		"des-cfb1"
-#define NID_des_cfb1		656
-
-#define SN_des_cfb8		"DES-CFB8"
-#define LN_des_cfb8		"des-cfb8"
-#define NID_des_cfb8		657
-
-#define SN_des_ede3_cfb1		"DES-EDE3-CFB1"
-#define LN_des_ede3_cfb1		"des-ede3-cfb1"
-#define NID_des_ede3_cfb1		658
-
-#define SN_des_ede3_cfb8		"DES-EDE3-CFB8"
-#define LN_des_ede3_cfb8		"des-ede3-cfb8"
-#define NID_des_ede3_cfb8		659
-
-#define OBJ_nist_hashalgs		OBJ_nistAlgorithms,2L
-
-#define SN_sha256		"SHA256"
-#define LN_sha256		"sha256"
-#define NID_sha256		672
-#define OBJ_sha256		OBJ_nist_hashalgs,1L
-
-#define SN_sha384		"SHA384"
-#define LN_sha384		"sha384"
-#define NID_sha384		673
-#define OBJ_sha384		OBJ_nist_hashalgs,2L
-
-#define SN_sha512		"SHA512"
-#define LN_sha512		"sha512"
-#define NID_sha512		674
-#define OBJ_sha512		OBJ_nist_hashalgs,3L
-
-#define SN_sha224		"SHA224"
-#define LN_sha224		"sha224"
-#define NID_sha224		675
-#define OBJ_sha224		OBJ_nist_hashalgs,4L
-
-#define OBJ_dsa_with_sha2		OBJ_nistAlgorithms,3L
-
-#define SN_dsa_with_SHA224		"dsa_with_SHA224"
-#define NID_dsa_with_SHA224		802
-#define OBJ_dsa_with_SHA224		OBJ_dsa_with_sha2,1L
-
-#define SN_dsa_with_SHA256		"dsa_with_SHA256"
-#define NID_dsa_with_SHA256		803
-#define OBJ_dsa_with_SHA256		OBJ_dsa_with_sha2,2L
-
-#define SN_hold_instruction_code		"holdInstructionCode"
-#define LN_hold_instruction_code		"Hold Instruction Code"
-#define NID_hold_instruction_code		430
-#define OBJ_hold_instruction_code		OBJ_id_ce,23L
-
-#define OBJ_holdInstruction		OBJ_X9_57,2L
-
-#define SN_hold_instruction_none		"holdInstructionNone"
-#define LN_hold_instruction_none		"Hold Instruction None"
-#define NID_hold_instruction_none		431
-#define OBJ_hold_instruction_none		OBJ_holdInstruction,1L
-
-#define SN_hold_instruction_call_issuer		"holdInstructionCallIssuer"
-#define LN_hold_instruction_call_issuer		"Hold Instruction Call Issuer"
-#define NID_hold_instruction_call_issuer		432
-#define OBJ_hold_instruction_call_issuer		OBJ_holdInstruction,2L
-
-#define SN_hold_instruction_reject		"holdInstructionReject"
-#define LN_hold_instruction_reject		"Hold Instruction Reject"
-#define NID_hold_instruction_reject		433
-#define OBJ_hold_instruction_reject		OBJ_holdInstruction,3L
-
-#define SN_data		"data"
-#define NID_data		434
-#define OBJ_data		OBJ_itu_t,9L
-
-#define SN_pss		"pss"
-#define NID_pss		435
-#define OBJ_pss		OBJ_data,2342L
-
-#define SN_ucl		"ucl"
-#define NID_ucl		436
-#define OBJ_ucl		OBJ_pss,19200300L
-
-#define SN_pilot		"pilot"
-#define NID_pilot		437
-#define OBJ_pilot		OBJ_ucl,100L
-
-#define LN_pilotAttributeType		"pilotAttributeType"
-#define NID_pilotAttributeType		438
-#define OBJ_pilotAttributeType		OBJ_pilot,1L
-
-#define LN_pilotAttributeSyntax		"pilotAttributeSyntax"
-#define NID_pilotAttributeSyntax		439
-#define OBJ_pilotAttributeSyntax		OBJ_pilot,3L
-
-#define LN_pilotObjectClass		"pilotObjectClass"
-#define NID_pilotObjectClass		440
-#define OBJ_pilotObjectClass		OBJ_pilot,4L
-
-#define LN_pilotGroups		"pilotGroups"
-#define NID_pilotGroups		441
-#define OBJ_pilotGroups		OBJ_pilot,10L
-
-#define LN_iA5StringSyntax		"iA5StringSyntax"
-#define NID_iA5StringSyntax		442
-#define OBJ_iA5StringSyntax		OBJ_pilotAttributeSyntax,4L
-
-#define LN_caseIgnoreIA5StringSyntax		"caseIgnoreIA5StringSyntax"
-#define NID_caseIgnoreIA5StringSyntax		443
-#define OBJ_caseIgnoreIA5StringSyntax		OBJ_pilotAttributeSyntax,5L
-
-#define LN_pilotObject		"pilotObject"
-#define NID_pilotObject		444
-#define OBJ_pilotObject		OBJ_pilotObjectClass,3L
-
-#define LN_pilotPerson		"pilotPerson"
-#define NID_pilotPerson		445
-#define OBJ_pilotPerson		OBJ_pilotObjectClass,4L
-
-#define SN_account		"account"
-#define NID_account		446
-#define OBJ_account		OBJ_pilotObjectClass,5L
-
-#define SN_document		"document"
-#define NID_document		447
-#define OBJ_document		OBJ_pilotObjectClass,6L
-
-#define SN_room		"room"
-#define NID_room		448
-#define OBJ_room		OBJ_pilotObjectClass,7L
-
-#define LN_documentSeries		"documentSeries"
-#define NID_documentSeries		449
-#define OBJ_documentSeries		OBJ_pilotObjectClass,9L
-
-#define SN_Domain		"domain"
-#define LN_Domain		"Domain"
-#define NID_Domain		392
-#define OBJ_Domain		OBJ_pilotObjectClass,13L
-
-#define LN_rFC822localPart		"rFC822localPart"
-#define NID_rFC822localPart		450
-#define OBJ_rFC822localPart		OBJ_pilotObjectClass,14L
-
-#define LN_dNSDomain		"dNSDomain"
-#define NID_dNSDomain		451
-#define OBJ_dNSDomain		OBJ_pilotObjectClass,15L
-
-#define LN_domainRelatedObject		"domainRelatedObject"
-#define NID_domainRelatedObject		452
-#define OBJ_domainRelatedObject		OBJ_pilotObjectClass,17L
-
-#define LN_friendlyCountry		"friendlyCountry"
-#define NID_friendlyCountry		453
-#define OBJ_friendlyCountry		OBJ_pilotObjectClass,18L
-
-#define LN_simpleSecurityObject		"simpleSecurityObject"
-#define NID_simpleSecurityObject		454
-#define OBJ_simpleSecurityObject		OBJ_pilotObjectClass,19L
-
-#define LN_pilotOrganization		"pilotOrganization"
-#define NID_pilotOrganization		455
-#define OBJ_pilotOrganization		OBJ_pilotObjectClass,20L
-
-#define LN_pilotDSA		"pilotDSA"
-#define NID_pilotDSA		456
-#define OBJ_pilotDSA		OBJ_pilotObjectClass,21L
-
-#define LN_qualityLabelledData		"qualityLabelledData"
-#define NID_qualityLabelledData		457
-#define OBJ_qualityLabelledData		OBJ_pilotObjectClass,22L
-
-#define SN_userId		"UID"
-#define LN_userId		"userId"
-#define NID_userId		458
-#define OBJ_userId		OBJ_pilotAttributeType,1L
-
-#define LN_textEncodedORAddress		"textEncodedORAddress"
-#define NID_textEncodedORAddress		459
-#define OBJ_textEncodedORAddress		OBJ_pilotAttributeType,2L
-
-#define SN_rfc822Mailbox		"mail"
-#define LN_rfc822Mailbox		"rfc822Mailbox"
-#define NID_rfc822Mailbox		460
-#define OBJ_rfc822Mailbox		OBJ_pilotAttributeType,3L
-
-#define SN_info		"info"
-#define NID_info		461
-#define OBJ_info		OBJ_pilotAttributeType,4L
-
-#define LN_favouriteDrink		"favouriteDrink"
-#define NID_favouriteDrink		462
-#define OBJ_favouriteDrink		OBJ_pilotAttributeType,5L
-
-#define LN_roomNumber		"roomNumber"
-#define NID_roomNumber		463
-#define OBJ_roomNumber		OBJ_pilotAttributeType,6L
-
-#define SN_photo		"photo"
-#define NID_photo		464
-#define OBJ_photo		OBJ_pilotAttributeType,7L
-
-#define LN_userClass		"userClass"
-#define NID_userClass		465
-#define OBJ_userClass		OBJ_pilotAttributeType,8L
-
-#define SN_host		"host"
-#define NID_host		466
-#define OBJ_host		OBJ_pilotAttributeType,9L
-
-#define SN_manager		"manager"
-#define NID_manager		467
-#define OBJ_manager		OBJ_pilotAttributeType,10L
-
-#define LN_documentIdentifier		"documentIdentifier"
-#define NID_documentIdentifier		468
-#define OBJ_documentIdentifier		OBJ_pilotAttributeType,11L
-
-#define LN_documentTitle		"documentTitle"
-#define NID_documentTitle		469
-#define OBJ_documentTitle		OBJ_pilotAttributeType,12L
-
-#define LN_documentVersion		"documentVersion"
-#define NID_documentVersion		470
-#define OBJ_documentVersion		OBJ_pilotAttributeType,13L
-
-#define LN_documentAuthor		"documentAuthor"
-#define NID_documentAuthor		471
-#define OBJ_documentAuthor		OBJ_pilotAttributeType,14L
-
-#define LN_documentLocation		"documentLocation"
-#define NID_documentLocation		472
-#define OBJ_documentLocation		OBJ_pilotAttributeType,15L
-
-#define LN_homeTelephoneNumber		"homeTelephoneNumber"
-#define NID_homeTelephoneNumber		473
-#define OBJ_homeTelephoneNumber		OBJ_pilotAttributeType,20L
-
-#define SN_secretary		"secretary"
-#define NID_secretary		474
-#define OBJ_secretary		OBJ_pilotAttributeType,21L
-
-#define LN_otherMailbox		"otherMailbox"
-#define NID_otherMailbox		475
-#define OBJ_otherMailbox		OBJ_pilotAttributeType,22L
-
-#define LN_lastModifiedTime		"lastModifiedTime"
-#define NID_lastModifiedTime		476
-#define OBJ_lastModifiedTime		OBJ_pilotAttributeType,23L
-
-#define LN_lastModifiedBy		"lastModifiedBy"
-#define NID_lastModifiedBy		477
-#define OBJ_lastModifiedBy		OBJ_pilotAttributeType,24L
-
-#define SN_domainComponent		"DC"
-#define LN_domainComponent		"domainComponent"
-#define NID_domainComponent		391
-#define OBJ_domainComponent		OBJ_pilotAttributeType,25L
-
-#define LN_aRecord		"aRecord"
-#define NID_aRecord		478
-#define OBJ_aRecord		OBJ_pilotAttributeType,26L
-
-#define LN_pilotAttributeType27		"pilotAttributeType27"
-#define NID_pilotAttributeType27		479
-#define OBJ_pilotAttributeType27		OBJ_pilotAttributeType,27L
-
-#define LN_mXRecord		"mXRecord"
-#define NID_mXRecord		480
-#define OBJ_mXRecord		OBJ_pilotAttributeType,28L
-
-#define LN_nSRecord		"nSRecord"
-#define NID_nSRecord		481
-#define OBJ_nSRecord		OBJ_pilotAttributeType,29L
-
-#define LN_sOARecord		"sOARecord"
-#define NID_sOARecord		482
-#define OBJ_sOARecord		OBJ_pilotAttributeType,30L
-
-#define LN_cNAMERecord		"cNAMERecord"
-#define NID_cNAMERecord		483
-#define OBJ_cNAMERecord		OBJ_pilotAttributeType,31L
-
-#define LN_associatedDomain		"associatedDomain"
-#define NID_associatedDomain		484
-#define OBJ_associatedDomain		OBJ_pilotAttributeType,37L
-
-#define LN_associatedName		"associatedName"
-#define NID_associatedName		485
-#define OBJ_associatedName		OBJ_pilotAttributeType,38L
-
-#define LN_homePostalAddress		"homePostalAddress"
-#define NID_homePostalAddress		486
-#define OBJ_homePostalAddress		OBJ_pilotAttributeType,39L
-
-#define LN_personalTitle		"personalTitle"
-#define NID_personalTitle		487
-#define OBJ_personalTitle		OBJ_pilotAttributeType,40L
-
-#define LN_mobileTelephoneNumber		"mobileTelephoneNumber"
-#define NID_mobileTelephoneNumber		488
-#define OBJ_mobileTelephoneNumber		OBJ_pilotAttributeType,41L
-
-#define LN_pagerTelephoneNumber		"pagerTelephoneNumber"
-#define NID_pagerTelephoneNumber		489
-#define OBJ_pagerTelephoneNumber		OBJ_pilotAttributeType,42L
-
-#define LN_friendlyCountryName		"friendlyCountryName"
-#define NID_friendlyCountryName		490
-#define OBJ_friendlyCountryName		OBJ_pilotAttributeType,43L
-
-#define LN_organizationalStatus		"organizationalStatus"
-#define NID_organizationalStatus		491
-#define OBJ_organizationalStatus		OBJ_pilotAttributeType,45L
-
-#define LN_janetMailbox		"janetMailbox"
-#define NID_janetMailbox		492
-#define OBJ_janetMailbox		OBJ_pilotAttributeType,46L
-
-#define LN_mailPreferenceOption		"mailPreferenceOption"
-#define NID_mailPreferenceOption		493
-#define OBJ_mailPreferenceOption		OBJ_pilotAttributeType,47L
-
-#define LN_buildingName		"buildingName"
-#define NID_buildingName		494
-#define OBJ_buildingName		OBJ_pilotAttributeType,48L
-
-#define LN_dSAQuality		"dSAQuality"
-#define NID_dSAQuality		495
-#define OBJ_dSAQuality		OBJ_pilotAttributeType,49L
-
-#define LN_singleLevelQuality		"singleLevelQuality"
-#define NID_singleLevelQuality		496
-#define OBJ_singleLevelQuality		OBJ_pilotAttributeType,50L
-
-#define LN_subtreeMinimumQuality		"subtreeMinimumQuality"
-#define NID_subtreeMinimumQuality		497
-#define OBJ_subtreeMinimumQuality		OBJ_pilotAttributeType,51L
-
-#define LN_subtreeMaximumQuality		"subtreeMaximumQuality"
-#define NID_subtreeMaximumQuality		498
-#define OBJ_subtreeMaximumQuality		OBJ_pilotAttributeType,52L
-
-#define LN_personalSignature		"personalSignature"
-#define NID_personalSignature		499
-#define OBJ_personalSignature		OBJ_pilotAttributeType,53L
-
-#define LN_dITRedirect		"dITRedirect"
-#define NID_dITRedirect		500
-#define OBJ_dITRedirect		OBJ_pilotAttributeType,54L
-
-#define SN_audio		"audio"
-#define NID_audio		501
-#define OBJ_audio		OBJ_pilotAttributeType,55L
-
-#define LN_documentPublisher		"documentPublisher"
-#define NID_documentPublisher		502
-#define OBJ_documentPublisher		OBJ_pilotAttributeType,56L
-
-#define SN_id_set		"id-set"
-#define LN_id_set		"Secure Electronic Transactions"
-#define NID_id_set		512
-#define OBJ_id_set		OBJ_international_organizations,42L
-
-#define SN_set_ctype		"set-ctype"
-#define LN_set_ctype		"content types"
-#define NID_set_ctype		513
-#define OBJ_set_ctype		OBJ_id_set,0L
-
-#define SN_set_msgExt		"set-msgExt"
-#define LN_set_msgExt		"message extensions"
-#define NID_set_msgExt		514
-#define OBJ_set_msgExt		OBJ_id_set,1L
-
-#define SN_set_attr		"set-attr"
-#define NID_set_attr		515
-#define OBJ_set_attr		OBJ_id_set,3L
-
-#define SN_set_policy		"set-policy"
-#define NID_set_policy		516
-#define OBJ_set_policy		OBJ_id_set,5L
-
-#define SN_set_certExt		"set-certExt"
-#define LN_set_certExt		"certificate extensions"
-#define NID_set_certExt		517
-#define OBJ_set_certExt		OBJ_id_set,7L
-
-#define SN_set_brand		"set-brand"
-#define NID_set_brand		518
-#define OBJ_set_brand		OBJ_id_set,8L
-
-#define SN_setct_PANData		"setct-PANData"
-#define NID_setct_PANData		519
-#define OBJ_setct_PANData		OBJ_set_ctype,0L
-
-#define SN_setct_PANToken		"setct-PANToken"
-#define NID_setct_PANToken		520
-#define OBJ_setct_PANToken		OBJ_set_ctype,1L
-
-#define SN_setct_PANOnly		"setct-PANOnly"
-#define NID_setct_PANOnly		521
-#define OBJ_setct_PANOnly		OBJ_set_ctype,2L
-
-#define SN_setct_OIData		"setct-OIData"
-#define NID_setct_OIData		522
-#define OBJ_setct_OIData		OBJ_set_ctype,3L
-
-#define SN_setct_PI		"setct-PI"
-#define NID_setct_PI		523
-#define OBJ_setct_PI		OBJ_set_ctype,4L
-
-#define SN_setct_PIData		"setct-PIData"
-#define NID_setct_PIData		524
-#define OBJ_setct_PIData		OBJ_set_ctype,5L
-
-#define SN_setct_PIDataUnsigned		"setct-PIDataUnsigned"
-#define NID_setct_PIDataUnsigned		525
-#define OBJ_setct_PIDataUnsigned		OBJ_set_ctype,6L
-
-#define SN_setct_HODInput		"setct-HODInput"
-#define NID_setct_HODInput		526
-#define OBJ_setct_HODInput		OBJ_set_ctype,7L
-
-#define SN_setct_AuthResBaggage		"setct-AuthResBaggage"
-#define NID_setct_AuthResBaggage		527
-#define OBJ_setct_AuthResBaggage		OBJ_set_ctype,8L
-
-#define SN_setct_AuthRevReqBaggage		"setct-AuthRevReqBaggage"
-#define NID_setct_AuthRevReqBaggage		528
-#define OBJ_setct_AuthRevReqBaggage		OBJ_set_ctype,9L
-
-#define SN_setct_AuthRevResBaggage		"setct-AuthRevResBaggage"
-#define NID_setct_AuthRevResBaggage		529
-#define OBJ_setct_AuthRevResBaggage		OBJ_set_ctype,10L
-
-#define SN_setct_CapTokenSeq		"setct-CapTokenSeq"
-#define NID_setct_CapTokenSeq		530
-#define OBJ_setct_CapTokenSeq		OBJ_set_ctype,11L
-
-#define SN_setct_PInitResData		"setct-PInitResData"
-#define NID_setct_PInitResData		531
-#define OBJ_setct_PInitResData		OBJ_set_ctype,12L
-
-#define SN_setct_PI_TBS		"setct-PI-TBS"
-#define NID_setct_PI_TBS		532
-#define OBJ_setct_PI_TBS		OBJ_set_ctype,13L
-
-#define SN_setct_PResData		"setct-PResData"
-#define NID_setct_PResData		533
-#define OBJ_setct_PResData		OBJ_set_ctype,14L
-
-#define SN_setct_AuthReqTBS		"setct-AuthReqTBS"
-#define NID_setct_AuthReqTBS		534
-#define OBJ_setct_AuthReqTBS		OBJ_set_ctype,16L
-
-#define SN_setct_AuthResTBS		"setct-AuthResTBS"
-#define NID_setct_AuthResTBS		535
-#define OBJ_setct_AuthResTBS		OBJ_set_ctype,17L
-
-#define SN_setct_AuthResTBSX		"setct-AuthResTBSX"
-#define NID_setct_AuthResTBSX		536
-#define OBJ_setct_AuthResTBSX		OBJ_set_ctype,18L
-
-#define SN_setct_AuthTokenTBS		"setct-AuthTokenTBS"
-#define NID_setct_AuthTokenTBS		537
-#define OBJ_setct_AuthTokenTBS		OBJ_set_ctype,19L
-
-#define SN_setct_CapTokenData		"setct-CapTokenData"
-#define NID_setct_CapTokenData		538
-#define OBJ_setct_CapTokenData		OBJ_set_ctype,20L
-
-#define SN_setct_CapTokenTBS		"setct-CapTokenTBS"
-#define NID_setct_CapTokenTBS		539
-#define OBJ_setct_CapTokenTBS		OBJ_set_ctype,21L
-
-#define SN_setct_AcqCardCodeMsg		"setct-AcqCardCodeMsg"
-#define NID_setct_AcqCardCodeMsg		540
-#define OBJ_setct_AcqCardCodeMsg		OBJ_set_ctype,22L
-
-#define SN_setct_AuthRevReqTBS		"setct-AuthRevReqTBS"
-#define NID_setct_AuthRevReqTBS		541
-#define OBJ_setct_AuthRevReqTBS		OBJ_set_ctype,23L
-
-#define SN_setct_AuthRevResData		"setct-AuthRevResData"
-#define NID_setct_AuthRevResData		542
-#define OBJ_setct_AuthRevResData		OBJ_set_ctype,24L
-
-#define SN_setct_AuthRevResTBS		"setct-AuthRevResTBS"
-#define NID_setct_AuthRevResTBS		543
-#define OBJ_setct_AuthRevResTBS		OBJ_set_ctype,25L
-
-#define SN_setct_CapReqTBS		"setct-CapReqTBS"
-#define NID_setct_CapReqTBS		544
-#define OBJ_setct_CapReqTBS		OBJ_set_ctype,26L
-
-#define SN_setct_CapReqTBSX		"setct-CapReqTBSX"
-#define NID_setct_CapReqTBSX		545
-#define OBJ_setct_CapReqTBSX		OBJ_set_ctype,27L
-
-#define SN_setct_CapResData		"setct-CapResData"
-#define NID_setct_CapResData		546
-#define OBJ_setct_CapResData		OBJ_set_ctype,28L
-
-#define SN_setct_CapRevReqTBS		"setct-CapRevReqTBS"
-#define NID_setct_CapRevReqTBS		547
-#define OBJ_setct_CapRevReqTBS		OBJ_set_ctype,29L
-
-#define SN_setct_CapRevReqTBSX		"setct-CapRevReqTBSX"
-#define NID_setct_CapRevReqTBSX		548
-#define OBJ_setct_CapRevReqTBSX		OBJ_set_ctype,30L
-
-#define SN_setct_CapRevResData		"setct-CapRevResData"
-#define NID_setct_CapRevResData		549
-#define OBJ_setct_CapRevResData		OBJ_set_ctype,31L
-
-#define SN_setct_CredReqTBS		"setct-CredReqTBS"
-#define NID_setct_CredReqTBS		550
-#define OBJ_setct_CredReqTBS		OBJ_set_ctype,32L
-
-#define SN_setct_CredReqTBSX		"setct-CredReqTBSX"
-#define NID_setct_CredReqTBSX		551
-#define OBJ_setct_CredReqTBSX		OBJ_set_ctype,33L
-
-#define SN_setct_CredResData		"setct-CredResData"
-#define NID_setct_CredResData		552
-#define OBJ_setct_CredResData		OBJ_set_ctype,34L
-
-#define SN_setct_CredRevReqTBS		"setct-CredRevReqTBS"
-#define NID_setct_CredRevReqTBS		553
-#define OBJ_setct_CredRevReqTBS		OBJ_set_ctype,35L
-
-#define SN_setct_CredRevReqTBSX		"setct-CredRevReqTBSX"
-#define NID_setct_CredRevReqTBSX		554
-#define OBJ_setct_CredRevReqTBSX		OBJ_set_ctype,36L
-
-#define SN_setct_CredRevResData		"setct-CredRevResData"
-#define NID_setct_CredRevResData		555
-#define OBJ_setct_CredRevResData		OBJ_set_ctype,37L
-
-#define SN_setct_PCertReqData		"setct-PCertReqData"
-#define NID_setct_PCertReqData		556
-#define OBJ_setct_PCertReqData		OBJ_set_ctype,38L
-
-#define SN_setct_PCertResTBS		"setct-PCertResTBS"
-#define NID_setct_PCertResTBS		557
-#define OBJ_setct_PCertResTBS		OBJ_set_ctype,39L
-
-#define SN_setct_BatchAdminReqData		"setct-BatchAdminReqData"
-#define NID_setct_BatchAdminReqData		558
-#define OBJ_setct_BatchAdminReqData		OBJ_set_ctype,40L
-
-#define SN_setct_BatchAdminResData		"setct-BatchAdminResData"
-#define NID_setct_BatchAdminResData		559
-#define OBJ_setct_BatchAdminResData		OBJ_set_ctype,41L
-
-#define SN_setct_CardCInitResTBS		"setct-CardCInitResTBS"
-#define NID_setct_CardCInitResTBS		560
-#define OBJ_setct_CardCInitResTBS		OBJ_set_ctype,42L
-
-#define SN_setct_MeAqCInitResTBS		"setct-MeAqCInitResTBS"
-#define NID_setct_MeAqCInitResTBS		561
-#define OBJ_setct_MeAqCInitResTBS		OBJ_set_ctype,43L
-
-#define SN_setct_RegFormResTBS		"setct-RegFormResTBS"
-#define NID_setct_RegFormResTBS		562
-#define OBJ_setct_RegFormResTBS		OBJ_set_ctype,44L
-
-#define SN_setct_CertReqData		"setct-CertReqData"
-#define NID_setct_CertReqData		563
-#define OBJ_setct_CertReqData		OBJ_set_ctype,45L
-
-#define SN_setct_CertReqTBS		"setct-CertReqTBS"
-#define NID_setct_CertReqTBS		564
-#define OBJ_setct_CertReqTBS		OBJ_set_ctype,46L
-
-#define SN_setct_CertResData		"setct-CertResData"
-#define NID_setct_CertResData		565
-#define OBJ_setct_CertResData		OBJ_set_ctype,47L
-
-#define SN_setct_CertInqReqTBS		"setct-CertInqReqTBS"
-#define NID_setct_CertInqReqTBS		566
-#define OBJ_setct_CertInqReqTBS		OBJ_set_ctype,48L
-
-#define SN_setct_ErrorTBS		"setct-ErrorTBS"
-#define NID_setct_ErrorTBS		567
-#define OBJ_setct_ErrorTBS		OBJ_set_ctype,49L
-
-#define SN_setct_PIDualSignedTBE		"setct-PIDualSignedTBE"
-#define NID_setct_PIDualSignedTBE		568
-#define OBJ_setct_PIDualSignedTBE		OBJ_set_ctype,50L
-
-#define SN_setct_PIUnsignedTBE		"setct-PIUnsignedTBE"
-#define NID_setct_PIUnsignedTBE		569
-#define OBJ_setct_PIUnsignedTBE		OBJ_set_ctype,51L
-
-#define SN_setct_AuthReqTBE		"setct-AuthReqTBE"
-#define NID_setct_AuthReqTBE		570
-#define OBJ_setct_AuthReqTBE		OBJ_set_ctype,52L
-
-#define SN_setct_AuthResTBE		"setct-AuthResTBE"
-#define NID_setct_AuthResTBE		571
-#define OBJ_setct_AuthResTBE		OBJ_set_ctype,53L
-
-#define SN_setct_AuthResTBEX		"setct-AuthResTBEX"
-#define NID_setct_AuthResTBEX		572
-#define OBJ_setct_AuthResTBEX		OBJ_set_ctype,54L
-
-#define SN_setct_AuthTokenTBE		"setct-AuthTokenTBE"
-#define NID_setct_AuthTokenTBE		573
-#define OBJ_setct_AuthTokenTBE		OBJ_set_ctype,55L
-
-#define SN_setct_CapTokenTBE		"setct-CapTokenTBE"
-#define NID_setct_CapTokenTBE		574
-#define OBJ_setct_CapTokenTBE		OBJ_set_ctype,56L
-
-#define SN_setct_CapTokenTBEX		"setct-CapTokenTBEX"
-#define NID_setct_CapTokenTBEX		575
-#define OBJ_setct_CapTokenTBEX		OBJ_set_ctype,57L
-
-#define SN_setct_AcqCardCodeMsgTBE		"setct-AcqCardCodeMsgTBE"
-#define NID_setct_AcqCardCodeMsgTBE		576
-#define OBJ_setct_AcqCardCodeMsgTBE		OBJ_set_ctype,58L
-
-#define SN_setct_AuthRevReqTBE		"setct-AuthRevReqTBE"
-#define NID_setct_AuthRevReqTBE		577
-#define OBJ_setct_AuthRevReqTBE		OBJ_set_ctype,59L
-
-#define SN_setct_AuthRevResTBE		"setct-AuthRevResTBE"
-#define NID_setct_AuthRevResTBE		578
-#define OBJ_setct_AuthRevResTBE		OBJ_set_ctype,60L
-
-#define SN_setct_AuthRevResTBEB		"setct-AuthRevResTBEB"
-#define NID_setct_AuthRevResTBEB		579
-#define OBJ_setct_AuthRevResTBEB		OBJ_set_ctype,61L
-
-#define SN_setct_CapReqTBE		"setct-CapReqTBE"
-#define NID_setct_CapReqTBE		580
-#define OBJ_setct_CapReqTBE		OBJ_set_ctype,62L
-
-#define SN_setct_CapReqTBEX		"setct-CapReqTBEX"
-#define NID_setct_CapReqTBEX		581
-#define OBJ_setct_CapReqTBEX		OBJ_set_ctype,63L
-
-#define SN_setct_CapResTBE		"setct-CapResTBE"
-#define NID_setct_CapResTBE		582
-#define OBJ_setct_CapResTBE		OBJ_set_ctype,64L
-
-#define SN_setct_CapRevReqTBE		"setct-CapRevReqTBE"
-#define NID_setct_CapRevReqTBE		583
-#define OBJ_setct_CapRevReqTBE		OBJ_set_ctype,65L
-
-#define SN_setct_CapRevReqTBEX		"setct-CapRevReqTBEX"
-#define NID_setct_CapRevReqTBEX		584
-#define OBJ_setct_CapRevReqTBEX		OBJ_set_ctype,66L
-
-#define SN_setct_CapRevResTBE		"setct-CapRevResTBE"
-#define NID_setct_CapRevResTBE		585
-#define OBJ_setct_CapRevResTBE		OBJ_set_ctype,67L
-
-#define SN_setct_CredReqTBE		"setct-CredReqTBE"
-#define NID_setct_CredReqTBE		586
-#define OBJ_setct_CredReqTBE		OBJ_set_ctype,68L
-
-#define SN_setct_CredReqTBEX		"setct-CredReqTBEX"
-#define NID_setct_CredReqTBEX		587
-#define OBJ_setct_CredReqTBEX		OBJ_set_ctype,69L
-
-#define SN_setct_CredResTBE		"setct-CredResTBE"
-#define NID_setct_CredResTBE		588
-#define OBJ_setct_CredResTBE		OBJ_set_ctype,70L
-
-#define SN_setct_CredRevReqTBE		"setct-CredRevReqTBE"
-#define NID_setct_CredRevReqTBE		589
-#define OBJ_setct_CredRevReqTBE		OBJ_set_ctype,71L
-
-#define SN_setct_CredRevReqTBEX		"setct-CredRevReqTBEX"
-#define NID_setct_CredRevReqTBEX		590
-#define OBJ_setct_CredRevReqTBEX		OBJ_set_ctype,72L
-
-#define SN_setct_CredRevResTBE		"setct-CredRevResTBE"
-#define NID_setct_CredRevResTBE		591
-#define OBJ_setct_CredRevResTBE		OBJ_set_ctype,73L
-
-#define SN_setct_BatchAdminReqTBE		"setct-BatchAdminReqTBE"
-#define NID_setct_BatchAdminReqTBE		592
-#define OBJ_setct_BatchAdminReqTBE		OBJ_set_ctype,74L
-
-#define SN_setct_BatchAdminResTBE		"setct-BatchAdminResTBE"
-#define NID_setct_BatchAdminResTBE		593
-#define OBJ_setct_BatchAdminResTBE		OBJ_set_ctype,75L
-
-#define SN_setct_RegFormReqTBE		"setct-RegFormReqTBE"
-#define NID_setct_RegFormReqTBE		594
-#define OBJ_setct_RegFormReqTBE		OBJ_set_ctype,76L
-
-#define SN_setct_CertReqTBE		"setct-CertReqTBE"
-#define NID_setct_CertReqTBE		595
-#define OBJ_setct_CertReqTBE		OBJ_set_ctype,77L
-
-#define SN_setct_CertReqTBEX		"setct-CertReqTBEX"
-#define NID_setct_CertReqTBEX		596
-#define OBJ_setct_CertReqTBEX		OBJ_set_ctype,78L
-
-#define SN_setct_CertResTBE		"setct-CertResTBE"
-#define NID_setct_CertResTBE		597
-#define OBJ_setct_CertResTBE		OBJ_set_ctype,79L
-
-#define SN_setct_CRLNotificationTBS		"setct-CRLNotificationTBS"
-#define NID_setct_CRLNotificationTBS		598
-#define OBJ_setct_CRLNotificationTBS		OBJ_set_ctype,80L
-
-#define SN_setct_CRLNotificationResTBS		"setct-CRLNotificationResTBS"
-#define NID_setct_CRLNotificationResTBS		599
-#define OBJ_setct_CRLNotificationResTBS		OBJ_set_ctype,81L
-
-#define SN_setct_BCIDistributionTBS		"setct-BCIDistributionTBS"
-#define NID_setct_BCIDistributionTBS		600
-#define OBJ_setct_BCIDistributionTBS		OBJ_set_ctype,82L
-
-#define SN_setext_genCrypt		"setext-genCrypt"
-#define LN_setext_genCrypt		"generic cryptogram"
-#define NID_setext_genCrypt		601
-#define OBJ_setext_genCrypt		OBJ_set_msgExt,1L
-
-#define SN_setext_miAuth		"setext-miAuth"
-#define LN_setext_miAuth		"merchant initiated auth"
-#define NID_setext_miAuth		602
-#define OBJ_setext_miAuth		OBJ_set_msgExt,3L
-
-#define SN_setext_pinSecure		"setext-pinSecure"
-#define NID_setext_pinSecure		603
-#define OBJ_setext_pinSecure		OBJ_set_msgExt,4L
-
-#define SN_setext_pinAny		"setext-pinAny"
-#define NID_setext_pinAny		604
-#define OBJ_setext_pinAny		OBJ_set_msgExt,5L
-
-#define SN_setext_track2		"setext-track2"
-#define NID_setext_track2		605
-#define OBJ_setext_track2		OBJ_set_msgExt,7L
-
-#define SN_setext_cv		"setext-cv"
-#define LN_setext_cv		"additional verification"
-#define NID_setext_cv		606
-#define OBJ_setext_cv		OBJ_set_msgExt,8L
-
-#define SN_set_policy_root		"set-policy-root"
-#define NID_set_policy_root		607
-#define OBJ_set_policy_root		OBJ_set_policy,0L
-
-#define SN_setCext_hashedRoot		"setCext-hashedRoot"
-#define NID_setCext_hashedRoot		608
-#define OBJ_setCext_hashedRoot		OBJ_set_certExt,0L
-
-#define SN_setCext_certType		"setCext-certType"
-#define NID_setCext_certType		609
-#define OBJ_setCext_certType		OBJ_set_certExt,1L
-
-#define SN_setCext_merchData		"setCext-merchData"
-#define NID_setCext_merchData		610
-#define OBJ_setCext_merchData		OBJ_set_certExt,2L
-
-#define SN_setCext_cCertRequired		"setCext-cCertRequired"
-#define NID_setCext_cCertRequired		611
-#define OBJ_setCext_cCertRequired		OBJ_set_certExt,3L
-
-#define SN_setCext_tunneling		"setCext-tunneling"
-#define NID_setCext_tunneling		612
-#define OBJ_setCext_tunneling		OBJ_set_certExt,4L
-
-#define SN_setCext_setExt		"setCext-setExt"
-#define NID_setCext_setExt		613
-#define OBJ_setCext_setExt		OBJ_set_certExt,5L
-
-#define SN_setCext_setQualf		"setCext-setQualf"
-#define NID_setCext_setQualf		614
-#define OBJ_setCext_setQualf		OBJ_set_certExt,6L
-
-#define SN_setCext_PGWYcapabilities		"setCext-PGWYcapabilities"
-#define NID_setCext_PGWYcapabilities		615
-#define OBJ_setCext_PGWYcapabilities		OBJ_set_certExt,7L
-
-#define SN_setCext_TokenIdentifier		"setCext-TokenIdentifier"
-#define NID_setCext_TokenIdentifier		616
-#define OBJ_setCext_TokenIdentifier		OBJ_set_certExt,8L
-
-#define SN_setCext_Track2Data		"setCext-Track2Data"
-#define NID_setCext_Track2Data		617
-#define OBJ_setCext_Track2Data		OBJ_set_certExt,9L
-
-#define SN_setCext_TokenType		"setCext-TokenType"
-#define NID_setCext_TokenType		618
-#define OBJ_setCext_TokenType		OBJ_set_certExt,10L
-
-#define SN_setCext_IssuerCapabilities		"setCext-IssuerCapabilities"
-#define NID_setCext_IssuerCapabilities		619
-#define OBJ_setCext_IssuerCapabilities		OBJ_set_certExt,11L
-
-#define SN_setAttr_Cert		"setAttr-Cert"
-#define NID_setAttr_Cert		620
-#define OBJ_setAttr_Cert		OBJ_set_attr,0L
-
-#define SN_setAttr_PGWYcap		"setAttr-PGWYcap"
-#define LN_setAttr_PGWYcap		"payment gateway capabilities"
-#define NID_setAttr_PGWYcap		621
-#define OBJ_setAttr_PGWYcap		OBJ_set_attr,1L
-
-#define SN_setAttr_TokenType		"setAttr-TokenType"
-#define NID_setAttr_TokenType		622
-#define OBJ_setAttr_TokenType		OBJ_set_attr,2L
-
-#define SN_setAttr_IssCap		"setAttr-IssCap"
-#define LN_setAttr_IssCap		"issuer capabilities"
-#define NID_setAttr_IssCap		623
-#define OBJ_setAttr_IssCap		OBJ_set_attr,3L
-
-#define SN_set_rootKeyThumb		"set-rootKeyThumb"
-#define NID_set_rootKeyThumb		624
-#define OBJ_set_rootKeyThumb		OBJ_setAttr_Cert,0L
-
-#define SN_set_addPolicy		"set-addPolicy"
-#define NID_set_addPolicy		625
-#define OBJ_set_addPolicy		OBJ_setAttr_Cert,1L
-
-#define SN_setAttr_Token_EMV		"setAttr-Token-EMV"
-#define NID_setAttr_Token_EMV		626
-#define OBJ_setAttr_Token_EMV		OBJ_setAttr_TokenType,1L
-
-#define SN_setAttr_Token_B0Prime		"setAttr-Token-B0Prime"
-#define NID_setAttr_Token_B0Prime		627
-#define OBJ_setAttr_Token_B0Prime		OBJ_setAttr_TokenType,2L
-
-#define SN_setAttr_IssCap_CVM		"setAttr-IssCap-CVM"
-#define NID_setAttr_IssCap_CVM		628
-#define OBJ_setAttr_IssCap_CVM		OBJ_setAttr_IssCap,3L
-
-#define SN_setAttr_IssCap_T2		"setAttr-IssCap-T2"
-#define NID_setAttr_IssCap_T2		629
-#define OBJ_setAttr_IssCap_T2		OBJ_setAttr_IssCap,4L
-
-#define SN_setAttr_IssCap_Sig		"setAttr-IssCap-Sig"
-#define NID_setAttr_IssCap_Sig		630
-#define OBJ_setAttr_IssCap_Sig		OBJ_setAttr_IssCap,5L
-
-#define SN_setAttr_GenCryptgrm		"setAttr-GenCryptgrm"
-#define LN_setAttr_GenCryptgrm		"generate cryptogram"
-#define NID_setAttr_GenCryptgrm		631
-#define OBJ_setAttr_GenCryptgrm		OBJ_setAttr_IssCap_CVM,1L
-
-#define SN_setAttr_T2Enc		"setAttr-T2Enc"
-#define LN_setAttr_T2Enc		"encrypted track 2"
-#define NID_setAttr_T2Enc		632
-#define OBJ_setAttr_T2Enc		OBJ_setAttr_IssCap_T2,1L
-
-#define SN_setAttr_T2cleartxt		"setAttr-T2cleartxt"
-#define LN_setAttr_T2cleartxt		"cleartext track 2"
-#define NID_setAttr_T2cleartxt		633
-#define OBJ_setAttr_T2cleartxt		OBJ_setAttr_IssCap_T2,2L
-
-#define SN_setAttr_TokICCsig		"setAttr-TokICCsig"
-#define LN_setAttr_TokICCsig		"ICC or token signature"
-#define NID_setAttr_TokICCsig		634
-#define OBJ_setAttr_TokICCsig		OBJ_setAttr_IssCap_Sig,1L
-
-#define SN_setAttr_SecDevSig		"setAttr-SecDevSig"
-#define LN_setAttr_SecDevSig		"secure device signature"
-#define NID_setAttr_SecDevSig		635
-#define OBJ_setAttr_SecDevSig		OBJ_setAttr_IssCap_Sig,2L
-
-#define SN_set_brand_IATA_ATA		"set-brand-IATA-ATA"
-#define NID_set_brand_IATA_ATA		636
-#define OBJ_set_brand_IATA_ATA		OBJ_set_brand,1L
-
-#define SN_set_brand_Diners		"set-brand-Diners"
-#define NID_set_brand_Diners		637
-#define OBJ_set_brand_Diners		OBJ_set_brand,30L
-
-#define SN_set_brand_AmericanExpress		"set-brand-AmericanExpress"
-#define NID_set_brand_AmericanExpress		638
-#define OBJ_set_brand_AmericanExpress		OBJ_set_brand,34L
-
-#define SN_set_brand_JCB		"set-brand-JCB"
-#define NID_set_brand_JCB		639
-#define OBJ_set_brand_JCB		OBJ_set_brand,35L
-
-#define SN_set_brand_Visa		"set-brand-Visa"
-#define NID_set_brand_Visa		640
-#define OBJ_set_brand_Visa		OBJ_set_brand,4L
-
-#define SN_set_brand_MasterCard		"set-brand-MasterCard"
-#define NID_set_brand_MasterCard		641
-#define OBJ_set_brand_MasterCard		OBJ_set_brand,5L
-
-#define SN_set_brand_Novus		"set-brand-Novus"
-#define NID_set_brand_Novus		642
-#define OBJ_set_brand_Novus		OBJ_set_brand,6011L
-
-#define SN_des_cdmf		"DES-CDMF"
-#define LN_des_cdmf		"des-cdmf"
-#define NID_des_cdmf		643
-#define OBJ_des_cdmf		OBJ_rsadsi,3L,10L
-
-#define SN_rsaOAEPEncryptionSET		"rsaOAEPEncryptionSET"
-#define NID_rsaOAEPEncryptionSET		644
-#define OBJ_rsaOAEPEncryptionSET		OBJ_rsadsi,1L,1L,6L
-
-#define SN_ipsec3		"Oakley-EC2N-3"
-#define LN_ipsec3		"ipsec3"
-#define NID_ipsec3		749
-
-#define SN_ipsec4		"Oakley-EC2N-4"
-#define LN_ipsec4		"ipsec4"
-#define NID_ipsec4		750
-
-#define SN_whirlpool		"whirlpool"
-#define NID_whirlpool		804
-#define OBJ_whirlpool		OBJ_iso,0L,10118L,3L,0L,55L
-
-#define SN_cryptopro		"cryptopro"
-#define NID_cryptopro		805
-#define OBJ_cryptopro		OBJ_member_body,643L,2L,2L
-
-#define SN_cryptocom		"cryptocom"
-#define NID_cryptocom		806
-#define OBJ_cryptocom		OBJ_member_body,643L,2L,9L
-
-#define SN_id_GostR3411_94_with_GostR3410_2001		"id-GostR3411-94-with-GostR3410-2001"
-#define LN_id_GostR3411_94_with_GostR3410_2001		"GOST R 34.11-94 with GOST R 34.10-2001"
-#define NID_id_GostR3411_94_with_GostR3410_2001		807
-#define OBJ_id_GostR3411_94_with_GostR3410_2001		OBJ_cryptopro,3L
-
-#define SN_id_GostR3411_94_with_GostR3410_94		"id-GostR3411-94-with-GostR3410-94"
-#define LN_id_GostR3411_94_with_GostR3410_94		"GOST R 34.11-94 with GOST R 34.10-94"
-#define NID_id_GostR3411_94_with_GostR3410_94		808
-#define OBJ_id_GostR3411_94_with_GostR3410_94		OBJ_cryptopro,4L
-
-#define SN_id_GostR3411_94		"md_gost94"
-#define LN_id_GostR3411_94		"GOST R 34.11-94"
-#define NID_id_GostR3411_94		809
-#define OBJ_id_GostR3411_94		OBJ_cryptopro,9L
-
-#define SN_id_HMACGostR3411_94		"id-HMACGostR3411-94"
-#define LN_id_HMACGostR3411_94		"HMAC GOST 34.11-94"
-#define NID_id_HMACGostR3411_94		810
-#define OBJ_id_HMACGostR3411_94		OBJ_cryptopro,10L
-
-#define SN_id_GostR3410_2001		"gost2001"
-#define LN_id_GostR3410_2001		"GOST R 34.10-2001"
-#define NID_id_GostR3410_2001		811
-#define OBJ_id_GostR3410_2001		OBJ_cryptopro,19L
-
-#define SN_id_GostR3410_94		"gost94"
-#define LN_id_GostR3410_94		"GOST R 34.10-94"
-#define NID_id_GostR3410_94		812
-#define OBJ_id_GostR3410_94		OBJ_cryptopro,20L
-
-#define SN_id_Gost28147_89		"gost89"
-#define LN_id_Gost28147_89		"GOST 28147-89"
-#define NID_id_Gost28147_89		813
-#define OBJ_id_Gost28147_89		OBJ_cryptopro,21L
-
-#define SN_gost89_cnt		"gost89-cnt"
-#define NID_gost89_cnt		814
-
-#define SN_id_Gost28147_89_MAC		"gost-mac"
-#define LN_id_Gost28147_89_MAC		"GOST 28147-89 MAC"
-#define NID_id_Gost28147_89_MAC		815
-#define OBJ_id_Gost28147_89_MAC		OBJ_cryptopro,22L
-
-#define SN_id_GostR3411_94_prf		"prf-gostr3411-94"
-#define LN_id_GostR3411_94_prf		"GOST R 34.11-94 PRF"
-#define NID_id_GostR3411_94_prf		816
-#define OBJ_id_GostR3411_94_prf		OBJ_cryptopro,23L
-
-#define SN_id_GostR3410_2001DH		"id-GostR3410-2001DH"
-#define LN_id_GostR3410_2001DH		"GOST R 34.10-2001 DH"
-#define NID_id_GostR3410_2001DH		817
-#define OBJ_id_GostR3410_2001DH		OBJ_cryptopro,98L
-
-#define SN_id_GostR3410_94DH		"id-GostR3410-94DH"
-#define LN_id_GostR3410_94DH		"GOST R 34.10-94 DH"
-#define NID_id_GostR3410_94DH		818
-#define OBJ_id_GostR3410_94DH		OBJ_cryptopro,99L
-
-#define SN_id_Gost28147_89_CryptoPro_KeyMeshing		"id-Gost28147-89-CryptoPro-KeyMeshing"
-#define NID_id_Gost28147_89_CryptoPro_KeyMeshing		819
-#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing		OBJ_cryptopro,14L,1L
-
-#define SN_id_Gost28147_89_None_KeyMeshing		"id-Gost28147-89-None-KeyMeshing"
-#define NID_id_Gost28147_89_None_KeyMeshing		820
-#define OBJ_id_Gost28147_89_None_KeyMeshing		OBJ_cryptopro,14L,0L
-
-#define SN_id_GostR3411_94_TestParamSet		"id-GostR3411-94-TestParamSet"
-#define NID_id_GostR3411_94_TestParamSet		821
-#define OBJ_id_GostR3411_94_TestParamSet		OBJ_cryptopro,30L,0L
-
-#define SN_id_GostR3411_94_CryptoProParamSet		"id-GostR3411-94-CryptoProParamSet"
-#define NID_id_GostR3411_94_CryptoProParamSet		822
-#define OBJ_id_GostR3411_94_CryptoProParamSet		OBJ_cryptopro,30L,1L
-
-#define SN_id_Gost28147_89_TestParamSet		"id-Gost28147-89-TestParamSet"
-#define NID_id_Gost28147_89_TestParamSet		823
-#define OBJ_id_Gost28147_89_TestParamSet		OBJ_cryptopro,31L,0L
-
-#define SN_id_Gost28147_89_CryptoPro_A_ParamSet		"id-Gost28147-89-CryptoPro-A-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_A_ParamSet		824
-#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet		OBJ_cryptopro,31L,1L
-
-#define SN_id_Gost28147_89_CryptoPro_B_ParamSet		"id-Gost28147-89-CryptoPro-B-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_B_ParamSet		825
-#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet		OBJ_cryptopro,31L,2L
-
-#define SN_id_Gost28147_89_CryptoPro_C_ParamSet		"id-Gost28147-89-CryptoPro-C-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_C_ParamSet		826
-#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet		OBJ_cryptopro,31L,3L
-
-#define SN_id_Gost28147_89_CryptoPro_D_ParamSet		"id-Gost28147-89-CryptoPro-D-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_D_ParamSet		827
-#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet		OBJ_cryptopro,31L,4L
-
-#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet		"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet		828
-#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet		OBJ_cryptopro,31L,5L
-
-#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet		"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet		829
-#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet		OBJ_cryptopro,31L,6L
-
-#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet		"id-Gost28147-89-CryptoPro-RIC-1-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet		830
-#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet		OBJ_cryptopro,31L,7L
-
-#define SN_id_GostR3410_94_TestParamSet		"id-GostR3410-94-TestParamSet"
-#define NID_id_GostR3410_94_TestParamSet		831
-#define OBJ_id_GostR3410_94_TestParamSet		OBJ_cryptopro,32L,0L
-
-#define SN_id_GostR3410_94_CryptoPro_A_ParamSet		"id-GostR3410-94-CryptoPro-A-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_A_ParamSet		832
-#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet		OBJ_cryptopro,32L,2L
-
-#define SN_id_GostR3410_94_CryptoPro_B_ParamSet		"id-GostR3410-94-CryptoPro-B-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_B_ParamSet		833
-#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet		OBJ_cryptopro,32L,3L
-
-#define SN_id_GostR3410_94_CryptoPro_C_ParamSet		"id-GostR3410-94-CryptoPro-C-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_C_ParamSet		834
-#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet		OBJ_cryptopro,32L,4L
-
-#define SN_id_GostR3410_94_CryptoPro_D_ParamSet		"id-GostR3410-94-CryptoPro-D-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_D_ParamSet		835
-#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet		OBJ_cryptopro,32L,5L
-
-#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet		"id-GostR3410-94-CryptoPro-XchA-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet		836
-#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet		OBJ_cryptopro,33L,1L
-
-#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet		"id-GostR3410-94-CryptoPro-XchB-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet		837
-#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet		OBJ_cryptopro,33L,2L
-
-#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet		"id-GostR3410-94-CryptoPro-XchC-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet		838
-#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet		OBJ_cryptopro,33L,3L
-
-#define SN_id_GostR3410_2001_TestParamSet		"id-GostR3410-2001-TestParamSet"
-#define NID_id_GostR3410_2001_TestParamSet		839
-#define OBJ_id_GostR3410_2001_TestParamSet		OBJ_cryptopro,35L,0L
-
-#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet		"id-GostR3410-2001-CryptoPro-A-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet		840
-#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet		OBJ_cryptopro,35L,1L
-
-#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet		"id-GostR3410-2001-CryptoPro-B-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet		841
-#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet		OBJ_cryptopro,35L,2L
-
-#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet		"id-GostR3410-2001-CryptoPro-C-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet		842
-#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet		OBJ_cryptopro,35L,3L
-
-#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet		"id-GostR3410-2001-CryptoPro-XchA-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet		843
-#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet		OBJ_cryptopro,36L,0L
-
-#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet		"id-GostR3410-2001-CryptoPro-XchB-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet		844
-#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet		OBJ_cryptopro,36L,1L
-
-#define SN_id_GostR3410_94_a		"id-GostR3410-94-a"
-#define NID_id_GostR3410_94_a		845
-#define OBJ_id_GostR3410_94_a		OBJ_id_GostR3410_94,1L
-
-#define SN_id_GostR3410_94_aBis		"id-GostR3410-94-aBis"
-#define NID_id_GostR3410_94_aBis		846
-#define OBJ_id_GostR3410_94_aBis		OBJ_id_GostR3410_94,2L
-
-#define SN_id_GostR3410_94_b		"id-GostR3410-94-b"
-#define NID_id_GostR3410_94_b		847
-#define OBJ_id_GostR3410_94_b		OBJ_id_GostR3410_94,3L
-
-#define SN_id_GostR3410_94_bBis		"id-GostR3410-94-bBis"
-#define NID_id_GostR3410_94_bBis		848
-#define OBJ_id_GostR3410_94_bBis		OBJ_id_GostR3410_94,4L
-
-#define SN_id_Gost28147_89_cc		"id-Gost28147-89-cc"
-#define LN_id_Gost28147_89_cc		"GOST 28147-89 Cryptocom ParamSet"
-#define NID_id_Gost28147_89_cc		849
-#define OBJ_id_Gost28147_89_cc		OBJ_cryptocom,1L,6L,1L
-
-#define SN_id_GostR3410_94_cc		"gost94cc"
-#define LN_id_GostR3410_94_cc		"GOST 34.10-94 Cryptocom"
-#define NID_id_GostR3410_94_cc		850
-#define OBJ_id_GostR3410_94_cc		OBJ_cryptocom,1L,5L,3L
-
-#define SN_id_GostR3410_2001_cc		"gost2001cc"
-#define LN_id_GostR3410_2001_cc		"GOST 34.10-2001 Cryptocom"
-#define NID_id_GostR3410_2001_cc		851
-#define OBJ_id_GostR3410_2001_cc		OBJ_cryptocom,1L,5L,4L
-
-#define SN_id_GostR3411_94_with_GostR3410_94_cc		"id-GostR3411-94-with-GostR3410-94-cc"
-#define LN_id_GostR3411_94_with_GostR3410_94_cc		"GOST R 34.11-94 with GOST R 34.10-94 Cryptocom"
-#define NID_id_GostR3411_94_with_GostR3410_94_cc		852
-#define OBJ_id_GostR3411_94_with_GostR3410_94_cc		OBJ_cryptocom,1L,3L,3L
-
-#define SN_id_GostR3411_94_with_GostR3410_2001_cc		"id-GostR3411-94-with-GostR3410-2001-cc"
-#define LN_id_GostR3411_94_with_GostR3410_2001_cc		"GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom"
-#define NID_id_GostR3411_94_with_GostR3410_2001_cc		853
-#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc		OBJ_cryptocom,1L,3L,4L
-
-#define SN_id_GostR3410_2001_ParamSet_cc		"id-GostR3410-2001-ParamSet-cc"
-#define LN_id_GostR3410_2001_ParamSet_cc		"GOST R 3410-2001 Parameter Set Cryptocom"
-#define NID_id_GostR3410_2001_ParamSet_cc		854
-#define OBJ_id_GostR3410_2001_ParamSet_cc		OBJ_cryptocom,1L,8L,1L
-
-#define SN_camellia_128_cbc		"CAMELLIA-128-CBC"
-#define LN_camellia_128_cbc		"camellia-128-cbc"
-#define NID_camellia_128_cbc		751
-#define OBJ_camellia_128_cbc		1L,2L,392L,200011L,61L,1L,1L,1L,2L
-
-#define SN_camellia_192_cbc		"CAMELLIA-192-CBC"
-#define LN_camellia_192_cbc		"camellia-192-cbc"
-#define NID_camellia_192_cbc		752
-#define OBJ_camellia_192_cbc		1L,2L,392L,200011L,61L,1L,1L,1L,3L
-
-#define SN_camellia_256_cbc		"CAMELLIA-256-CBC"
-#define LN_camellia_256_cbc		"camellia-256-cbc"
-#define NID_camellia_256_cbc		753
-#define OBJ_camellia_256_cbc		1L,2L,392L,200011L,61L,1L,1L,1L,4L
-
-#define SN_id_camellia128_wrap		"id-camellia128-wrap"
-#define NID_id_camellia128_wrap		907
-#define OBJ_id_camellia128_wrap		1L,2L,392L,200011L,61L,1L,1L,3L,2L
-
-#define SN_id_camellia192_wrap		"id-camellia192-wrap"
-#define NID_id_camellia192_wrap		908
-#define OBJ_id_camellia192_wrap		1L,2L,392L,200011L,61L,1L,1L,3L,3L
-
-#define SN_id_camellia256_wrap		"id-camellia256-wrap"
-#define NID_id_camellia256_wrap		909
-#define OBJ_id_camellia256_wrap		1L,2L,392L,200011L,61L,1L,1L,3L,4L
-
-#define OBJ_ntt_ds		0L,3L,4401L,5L
-
-#define OBJ_camellia		OBJ_ntt_ds,3L,1L,9L
-
-#define SN_camellia_128_ecb		"CAMELLIA-128-ECB"
-#define LN_camellia_128_ecb		"camellia-128-ecb"
-#define NID_camellia_128_ecb		754
-#define OBJ_camellia_128_ecb		OBJ_camellia,1L
-
-#define SN_camellia_128_ofb128		"CAMELLIA-128-OFB"
-#define LN_camellia_128_ofb128		"camellia-128-ofb"
-#define NID_camellia_128_ofb128		766
-#define OBJ_camellia_128_ofb128		OBJ_camellia,3L
-
-#define SN_camellia_128_cfb128		"CAMELLIA-128-CFB"
-#define LN_camellia_128_cfb128		"camellia-128-cfb"
-#define NID_camellia_128_cfb128		757
-#define OBJ_camellia_128_cfb128		OBJ_camellia,4L
-
-#define SN_camellia_192_ecb		"CAMELLIA-192-ECB"
-#define LN_camellia_192_ecb		"camellia-192-ecb"
-#define NID_camellia_192_ecb		755
-#define OBJ_camellia_192_ecb		OBJ_camellia,21L
-
-#define SN_camellia_192_ofb128		"CAMELLIA-192-OFB"
-#define LN_camellia_192_ofb128		"camellia-192-ofb"
-#define NID_camellia_192_ofb128		767
-#define OBJ_camellia_192_ofb128		OBJ_camellia,23L
-
-#define SN_camellia_192_cfb128		"CAMELLIA-192-CFB"
-#define LN_camellia_192_cfb128		"camellia-192-cfb"
-#define NID_camellia_192_cfb128		758
-#define OBJ_camellia_192_cfb128		OBJ_camellia,24L
-
-#define SN_camellia_256_ecb		"CAMELLIA-256-ECB"
-#define LN_camellia_256_ecb		"camellia-256-ecb"
-#define NID_camellia_256_ecb		756
-#define OBJ_camellia_256_ecb		OBJ_camellia,41L
-
-#define SN_camellia_256_ofb128		"CAMELLIA-256-OFB"
-#define LN_camellia_256_ofb128		"camellia-256-ofb"
-#define NID_camellia_256_ofb128		768
-#define OBJ_camellia_256_ofb128		OBJ_camellia,43L
-
-#define SN_camellia_256_cfb128		"CAMELLIA-256-CFB"
-#define LN_camellia_256_cfb128		"camellia-256-cfb"
-#define NID_camellia_256_cfb128		759
-#define OBJ_camellia_256_cfb128		OBJ_camellia,44L
-
-#define SN_camellia_128_cfb1		"CAMELLIA-128-CFB1"
-#define LN_camellia_128_cfb1		"camellia-128-cfb1"
-#define NID_camellia_128_cfb1		760
-
-#define SN_camellia_192_cfb1		"CAMELLIA-192-CFB1"
-#define LN_camellia_192_cfb1		"camellia-192-cfb1"
-#define NID_camellia_192_cfb1		761
-
-#define SN_camellia_256_cfb1		"CAMELLIA-256-CFB1"
-#define LN_camellia_256_cfb1		"camellia-256-cfb1"
-#define NID_camellia_256_cfb1		762
-
-#define SN_camellia_128_cfb8		"CAMELLIA-128-CFB8"
-#define LN_camellia_128_cfb8		"camellia-128-cfb8"
-#define NID_camellia_128_cfb8		763
-
-#define SN_camellia_192_cfb8		"CAMELLIA-192-CFB8"
-#define LN_camellia_192_cfb8		"camellia-192-cfb8"
-#define NID_camellia_192_cfb8		764
-
-#define SN_camellia_256_cfb8		"CAMELLIA-256-CFB8"
-#define LN_camellia_256_cfb8		"camellia-256-cfb8"
-#define NID_camellia_256_cfb8		765
-
-#define SN_kisa		"KISA"
-#define LN_kisa		"kisa"
-#define NID_kisa		773
-#define OBJ_kisa		OBJ_member_body,410L,200004L
-
-#define SN_seed_ecb		"SEED-ECB"
-#define LN_seed_ecb		"seed-ecb"
-#define NID_seed_ecb		776
-#define OBJ_seed_ecb		OBJ_kisa,1L,3L
-
-#define SN_seed_cbc		"SEED-CBC"
-#define LN_seed_cbc		"seed-cbc"
-#define NID_seed_cbc		777
-#define OBJ_seed_cbc		OBJ_kisa,1L,4L
-
-#define SN_seed_cfb128		"SEED-CFB"
-#define LN_seed_cfb128		"seed-cfb"
-#define NID_seed_cfb128		779
-#define OBJ_seed_cfb128		OBJ_kisa,1L,5L
-
-#define SN_seed_ofb128		"SEED-OFB"
-#define LN_seed_ofb128		"seed-ofb"
-#define NID_seed_ofb128		778
-#define OBJ_seed_ofb128		OBJ_kisa,1L,6L
-
-#define SN_hmac		"HMAC"
-#define LN_hmac		"hmac"
-#define NID_hmac		855
-
-#define SN_cmac		"CMAC"
-#define LN_cmac		"cmac"
-#define NID_cmac		894
-
-#define SN_rc4_hmac_md5		"RC4-HMAC-MD5"
-#define LN_rc4_hmac_md5		"rc4-hmac-md5"
-#define NID_rc4_hmac_md5		915
-
-#define SN_aes_128_cbc_hmac_sha1		"AES-128-CBC-HMAC-SHA1"
-#define LN_aes_128_cbc_hmac_sha1		"aes-128-cbc-hmac-sha1"
-#define NID_aes_128_cbc_hmac_sha1		916
-
-#define SN_aes_192_cbc_hmac_sha1		"AES-192-CBC-HMAC-SHA1"
-#define LN_aes_192_cbc_hmac_sha1		"aes-192-cbc-hmac-sha1"
-#define NID_aes_192_cbc_hmac_sha1		917
-
-#define SN_aes_256_cbc_hmac_sha1		"AES-256-CBC-HMAC-SHA1"
-#define LN_aes_256_cbc_hmac_sha1		"aes-256-cbc-hmac-sha1"
-#define NID_aes_256_cbc_hmac_sha1		918
-
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
deleted file mode 100644
index 1d0a7c802d..0000000000
--- a/crypto/objects/obj_mac.num
+++ /dev/null
@@ -1,919 +0,0 @@
-undef		0
-rsadsi		1
-pkcs		2
-md2		3
-md5		4
-rc4		5
-rsaEncryption		6
-md2WithRSAEncryption		7
-md5WithRSAEncryption		8
-pbeWithMD2AndDES_CBC		9
-pbeWithMD5AndDES_CBC		10
-X500		11
-X509		12
-commonName		13
-countryName		14
-localityName		15
-stateOrProvinceName		16
-organizationName		17
-organizationalUnitName		18
-rsa		19
-pkcs7		20
-pkcs7_data		21
-pkcs7_signed		22
-pkcs7_enveloped		23
-pkcs7_signedAndEnveloped		24
-pkcs7_digest		25
-pkcs7_encrypted		26
-pkcs3		27
-dhKeyAgreement		28
-des_ecb		29
-des_cfb64		30
-des_cbc		31
-des_ede_ecb		32
-des_ede3_ecb		33
-idea_cbc		34
-idea_cfb64		35
-idea_ecb		36
-rc2_cbc		37
-rc2_ecb		38
-rc2_cfb64		39
-rc2_ofb64		40
-sha		41
-shaWithRSAEncryption		42
-des_ede_cbc		43
-des_ede3_cbc		44
-des_ofb64		45
-idea_ofb64		46
-pkcs9		47
-pkcs9_emailAddress		48
-pkcs9_unstructuredName		49
-pkcs9_contentType		50
-pkcs9_messageDigest		51
-pkcs9_signingTime		52
-pkcs9_countersignature		53
-pkcs9_challengePassword		54
-pkcs9_unstructuredAddress		55
-pkcs9_extCertAttributes		56
-netscape		57
-netscape_cert_extension		58
-netscape_data_type		59
-des_ede_cfb64		60
-des_ede3_cfb64		61
-des_ede_ofb64		62
-des_ede3_ofb64		63
-sha1		64
-sha1WithRSAEncryption		65
-dsaWithSHA		66
-dsa_2		67
-pbeWithSHA1AndRC2_CBC		68
-id_pbkdf2		69
-dsaWithSHA1_2		70
-netscape_cert_type		71
-netscape_base_url		72
-netscape_revocation_url		73
-netscape_ca_revocation_url		74
-netscape_renewal_url		75
-netscape_ca_policy_url		76
-netscape_ssl_server_name		77
-netscape_comment		78
-netscape_cert_sequence		79
-desx_cbc		80
-id_ce		81
-subject_key_identifier		82
-key_usage		83
-private_key_usage_period		84
-subject_alt_name		85
-issuer_alt_name		86
-basic_constraints		87
-crl_number		88
-certificate_policies		89
-authority_key_identifier		90
-bf_cbc		91
-bf_ecb		92
-bf_cfb64		93
-bf_ofb64		94
-mdc2		95
-mdc2WithRSA		96
-rc4_40		97
-rc2_40_cbc		98
-givenName		99
-surname		100
-initials		101
-uniqueIdentifier		102
-crl_distribution_points		103
-md5WithRSA		104
-serialNumber		105
-title		106
-description		107
-cast5_cbc		108
-cast5_ecb		109
-cast5_cfb64		110
-cast5_ofb64		111
-pbeWithMD5AndCast5_CBC		112
-dsaWithSHA1		113
-md5_sha1		114
-sha1WithRSA		115
-dsa		116
-ripemd160		117
-ripemd160WithRSA		119
-rc5_cbc		120
-rc5_ecb		121
-rc5_cfb64		122
-rc5_ofb64		123
-rle_compression		124
-zlib_compression		125
-ext_key_usage		126
-id_pkix		127
-id_kp		128
-server_auth		129
-client_auth		130
-code_sign		131
-email_protect		132
-time_stamp		133
-ms_code_ind		134
-ms_code_com		135
-ms_ctl_sign		136
-ms_sgc		137
-ms_efs		138
-ns_sgc		139
-delta_crl		140
-crl_reason		141
-invalidity_date		142
-sxnet		143
-pbe_WithSHA1And128BitRC4		144
-pbe_WithSHA1And40BitRC4		145
-pbe_WithSHA1And3_Key_TripleDES_CBC		146
-pbe_WithSHA1And2_Key_TripleDES_CBC		147
-pbe_WithSHA1And128BitRC2_CBC		148
-pbe_WithSHA1And40BitRC2_CBC		149
-keyBag		150
-pkcs8ShroudedKeyBag		151
-certBag		152
-crlBag		153
-secretBag		154
-safeContentsBag		155
-friendlyName		156
-localKeyID		157
-x509Certificate		158
-sdsiCertificate		159
-x509Crl		160
-pbes2		161
-pbmac1		162
-hmacWithSHA1		163
-id_qt_cps		164
-id_qt_unotice		165
-rc2_64_cbc		166
-SMIMECapabilities		167
-pbeWithMD2AndRC2_CBC		168
-pbeWithMD5AndRC2_CBC		169
-pbeWithSHA1AndDES_CBC		170
-ms_ext_req		171
-ext_req		172
-name		173
-dnQualifier		174
-id_pe		175
-id_ad		176
-info_access		177
-ad_OCSP		178
-ad_ca_issuers		179
-OCSP_sign		180
-iso		181
-member_body		182
-ISO_US		183
-X9_57		184
-X9cm		185
-pkcs1		186
-pkcs5		187
-SMIME		188
-id_smime_mod		189
-id_smime_ct		190
-id_smime_aa		191
-id_smime_alg		192
-id_smime_cd		193
-id_smime_spq		194
-id_smime_cti		195
-id_smime_mod_cms		196
-id_smime_mod_ess		197
-id_smime_mod_oid		198
-id_smime_mod_msg_v3		199
-id_smime_mod_ets_eSignature_88		200
-id_smime_mod_ets_eSignature_97		201
-id_smime_mod_ets_eSigPolicy_88		202
-id_smime_mod_ets_eSigPolicy_97		203
-id_smime_ct_receipt		204
-id_smime_ct_authData		205
-id_smime_ct_publishCert		206
-id_smime_ct_TSTInfo		207
-id_smime_ct_TDTInfo		208
-id_smime_ct_contentInfo		209
-id_smime_ct_DVCSRequestData		210
-id_smime_ct_DVCSResponseData		211
-id_smime_aa_receiptRequest		212
-id_smime_aa_securityLabel		213
-id_smime_aa_mlExpandHistory		214
-id_smime_aa_contentHint		215
-id_smime_aa_msgSigDigest		216
-id_smime_aa_encapContentType		217
-id_smime_aa_contentIdentifier		218
-id_smime_aa_macValue		219
-id_smime_aa_equivalentLabels		220
-id_smime_aa_contentReference		221
-id_smime_aa_encrypKeyPref		222
-id_smime_aa_signingCertificate		223
-id_smime_aa_smimeEncryptCerts		224
-id_smime_aa_timeStampToken		225
-id_smime_aa_ets_sigPolicyId		226
-id_smime_aa_ets_commitmentType		227
-id_smime_aa_ets_signerLocation		228
-id_smime_aa_ets_signerAttr		229
-id_smime_aa_ets_otherSigCert		230
-id_smime_aa_ets_contentTimestamp		231
-id_smime_aa_ets_CertificateRefs		232
-id_smime_aa_ets_RevocationRefs		233
-id_smime_aa_ets_certValues		234
-id_smime_aa_ets_revocationValues		235
-id_smime_aa_ets_escTimeStamp		236
-id_smime_aa_ets_certCRLTimestamp		237
-id_smime_aa_ets_archiveTimeStamp		238
-id_smime_aa_signatureType		239
-id_smime_aa_dvcs_dvc		240
-id_smime_alg_ESDHwith3DES		241
-id_smime_alg_ESDHwithRC2		242
-id_smime_alg_3DESwrap		243
-id_smime_alg_RC2wrap		244
-id_smime_alg_ESDH		245
-id_smime_alg_CMS3DESwrap		246
-id_smime_alg_CMSRC2wrap		247
-id_smime_cd_ldap		248
-id_smime_spq_ets_sqt_uri		249
-id_smime_spq_ets_sqt_unotice		250
-id_smime_cti_ets_proofOfOrigin		251
-id_smime_cti_ets_proofOfReceipt		252
-id_smime_cti_ets_proofOfDelivery		253
-id_smime_cti_ets_proofOfSender		254
-id_smime_cti_ets_proofOfApproval		255
-id_smime_cti_ets_proofOfCreation		256
-md4		257
-id_pkix_mod		258
-id_qt		259
-id_it		260
-id_pkip		261
-id_alg		262
-id_cmc		263
-id_on		264
-id_pda		265
-id_aca		266
-id_qcs		267
-id_cct		268
-id_pkix1_explicit_88		269
-id_pkix1_implicit_88		270
-id_pkix1_explicit_93		271
-id_pkix1_implicit_93		272
-id_mod_crmf		273
-id_mod_cmc		274
-id_mod_kea_profile_88		275
-id_mod_kea_profile_93		276
-id_mod_cmp		277
-id_mod_qualified_cert_88		278
-id_mod_qualified_cert_93		279
-id_mod_attribute_cert		280
-id_mod_timestamp_protocol		281
-id_mod_ocsp		282
-id_mod_dvcs		283
-id_mod_cmp2000		284
-biometricInfo		285
-qcStatements		286
-ac_auditEntity		287
-ac_targeting		288
-aaControls		289
-sbgp_ipAddrBlock		290
-sbgp_autonomousSysNum		291
-sbgp_routerIdentifier		292
-textNotice		293
-ipsecEndSystem		294
-ipsecTunnel		295
-ipsecUser		296
-dvcs		297
-id_it_caProtEncCert		298
-id_it_signKeyPairTypes		299
-id_it_encKeyPairTypes		300
-id_it_preferredSymmAlg		301
-id_it_caKeyUpdateInfo		302
-id_it_currentCRL		303
-id_it_unsupportedOIDs		304
-id_it_subscriptionRequest		305
-id_it_subscriptionResponse		306
-id_it_keyPairParamReq		307
-id_it_keyPairParamRep		308
-id_it_revPassphrase		309
-id_it_implicitConfirm		310
-id_it_confirmWaitTime		311
-id_it_origPKIMessage		312
-id_regCtrl		313
-id_regInfo		314
-id_regCtrl_regToken		315
-id_regCtrl_authenticator		316
-id_regCtrl_pkiPublicationInfo		317
-id_regCtrl_pkiArchiveOptions		318
-id_regCtrl_oldCertID		319
-id_regCtrl_protocolEncrKey		320
-id_regInfo_utf8Pairs		321
-id_regInfo_certReq		322
-id_alg_des40		323
-id_alg_noSignature		324
-id_alg_dh_sig_hmac_sha1		325
-id_alg_dh_pop		326
-id_cmc_statusInfo		327
-id_cmc_identification		328
-id_cmc_identityProof		329
-id_cmc_dataReturn		330
-id_cmc_transactionId		331
-id_cmc_senderNonce		332
-id_cmc_recipientNonce		333
-id_cmc_addExtensions		334
-id_cmc_encryptedPOP		335
-id_cmc_decryptedPOP		336
-id_cmc_lraPOPWitness		337
-id_cmc_getCert		338
-id_cmc_getCRL		339
-id_cmc_revokeRequest		340
-id_cmc_regInfo		341
-id_cmc_responseInfo		342
-id_cmc_queryPending		343
-id_cmc_popLinkRandom		344
-id_cmc_popLinkWitness		345
-id_cmc_confirmCertAcceptance		346
-id_on_personalData		347
-id_pda_dateOfBirth		348
-id_pda_placeOfBirth		349
-id_pda_pseudonym		350
-id_pda_gender		351
-id_pda_countryOfCitizenship		352
-id_pda_countryOfResidence		353
-id_aca_authenticationInfo		354
-id_aca_accessIdentity		355
-id_aca_chargingIdentity		356
-id_aca_group		357
-id_aca_role		358
-id_qcs_pkixQCSyntax_v1		359
-id_cct_crs		360
-id_cct_PKIData		361
-id_cct_PKIResponse		362
-ad_timeStamping		363
-ad_dvcs		364
-id_pkix_OCSP_basic		365
-id_pkix_OCSP_Nonce		366
-id_pkix_OCSP_CrlID		367
-id_pkix_OCSP_acceptableResponses		368
-id_pkix_OCSP_noCheck		369
-id_pkix_OCSP_archiveCutoff		370
-id_pkix_OCSP_serviceLocator		371
-id_pkix_OCSP_extendedStatus		372
-id_pkix_OCSP_valid		373
-id_pkix_OCSP_path		374
-id_pkix_OCSP_trustRoot		375
-algorithm		376
-rsaSignature		377
-X500algorithms		378
-org		379
-dod		380
-iana		381
-Directory		382
-Management		383
-Experimental		384
-Private		385
-Security		386
-SNMPv2		387
-Mail		388
-Enterprises		389
-dcObject		390
-domainComponent		391
-Domain		392
-joint_iso_ccitt		393
-selected_attribute_types		394
-clearance		395
-md4WithRSAEncryption		396
-ac_proxying		397
-sinfo_access		398
-id_aca_encAttrs		399
-role		400
-policy_constraints		401
-target_information		402
-no_rev_avail		403
-ccitt		404
-ansi_X9_62		405
-X9_62_prime_field		406
-X9_62_characteristic_two_field		407
-X9_62_id_ecPublicKey		408
-X9_62_prime192v1		409
-X9_62_prime192v2		410
-X9_62_prime192v3		411
-X9_62_prime239v1		412
-X9_62_prime239v2		413
-X9_62_prime239v3		414
-X9_62_prime256v1		415
-ecdsa_with_SHA1		416
-ms_csp_name		417
-aes_128_ecb		418
-aes_128_cbc		419
-aes_128_ofb128		420
-aes_128_cfb128		421
-aes_192_ecb		422
-aes_192_cbc		423
-aes_192_ofb128		424
-aes_192_cfb128		425
-aes_256_ecb		426
-aes_256_cbc		427
-aes_256_ofb128		428
-aes_256_cfb128		429
-hold_instruction_code		430
-hold_instruction_none		431
-hold_instruction_call_issuer		432
-hold_instruction_reject		433
-data		434
-pss		435
-ucl		436
-pilot		437
-pilotAttributeType		438
-pilotAttributeSyntax		439
-pilotObjectClass		440
-pilotGroups		441
-iA5StringSyntax		442
-caseIgnoreIA5StringSyntax		443
-pilotObject		444
-pilotPerson		445
-account		446
-document		447
-room		448
-documentSeries		449
-rFC822localPart		450
-dNSDomain		451
-domainRelatedObject		452
-friendlyCountry		453
-simpleSecurityObject		454
-pilotOrganization		455
-pilotDSA		456
-qualityLabelledData		457
-userId		458
-textEncodedORAddress		459
-rfc822Mailbox		460
-info		461
-favouriteDrink		462
-roomNumber		463
-photo		464
-userClass		465
-host		466
-manager		467
-documentIdentifier		468
-documentTitle		469
-documentVersion		470
-documentAuthor		471
-documentLocation		472
-homeTelephoneNumber		473
-secretary		474
-otherMailbox		475
-lastModifiedTime		476
-lastModifiedBy		477
-aRecord		478
-pilotAttributeType27		479
-mXRecord		480
-nSRecord		481
-sOARecord		482
-cNAMERecord		483
-associatedDomain		484
-associatedName		485
-homePostalAddress		486
-personalTitle		487
-mobileTelephoneNumber		488
-pagerTelephoneNumber		489
-friendlyCountryName		490
-organizationalStatus		491
-janetMailbox		492
-mailPreferenceOption		493
-buildingName		494
-dSAQuality		495
-singleLevelQuality		496
-subtreeMinimumQuality		497
-subtreeMaximumQuality		498
-personalSignature		499
-dITRedirect		500
-audio		501
-documentPublisher		502
-x500UniqueIdentifier		503
-mime_mhs		504
-mime_mhs_headings		505
-mime_mhs_bodies		506
-id_hex_partial_message		507
-id_hex_multipart_message		508
-generationQualifier		509
-pseudonym		510
-InternationalRA		511
-id_set		512
-set_ctype		513
-set_msgExt		514
-set_attr		515
-set_policy		516
-set_certExt		517
-set_brand		518
-setct_PANData		519
-setct_PANToken		520
-setct_PANOnly		521
-setct_OIData		522
-setct_PI		523
-setct_PIData		524
-setct_PIDataUnsigned		525
-setct_HODInput		526
-setct_AuthResBaggage		527
-setct_AuthRevReqBaggage		528
-setct_AuthRevResBaggage		529
-setct_CapTokenSeq		530
-setct_PInitResData		531
-setct_PI_TBS		532
-setct_PResData		533
-setct_AuthReqTBS		534
-setct_AuthResTBS		535
-setct_AuthResTBSX		536
-setct_AuthTokenTBS		537
-setct_CapTokenData		538
-setct_CapTokenTBS		539
-setct_AcqCardCodeMsg		540
-setct_AuthRevReqTBS		541
-setct_AuthRevResData		542
-setct_AuthRevResTBS		543
-setct_CapReqTBS		544
-setct_CapReqTBSX		545
-setct_CapResData		546
-setct_CapRevReqTBS		547
-setct_CapRevReqTBSX		548
-setct_CapRevResData		549
-setct_CredReqTBS		550
-setct_CredReqTBSX		551
-setct_CredResData		552
-setct_CredRevReqTBS		553
-setct_CredRevReqTBSX		554
-setct_CredRevResData		555
-setct_PCertReqData		556
-setct_PCertResTBS		557
-setct_BatchAdminReqData		558
-setct_BatchAdminResData		559
-setct_CardCInitResTBS		560
-setct_MeAqCInitResTBS		561
-setct_RegFormResTBS		562
-setct_CertReqData		563
-setct_CertReqTBS		564
-setct_CertResData		565
-setct_CertInqReqTBS		566
-setct_ErrorTBS		567
-setct_PIDualSignedTBE		568
-setct_PIUnsignedTBE		569
-setct_AuthReqTBE		570
-setct_AuthResTBE		571
-setct_AuthResTBEX		572
-setct_AuthTokenTBE		573
-setct_CapTokenTBE		574
-setct_CapTokenTBEX		575
-setct_AcqCardCodeMsgTBE		576
-setct_AuthRevReqTBE		577
-setct_AuthRevResTBE		578
-setct_AuthRevResTBEB		579
-setct_CapReqTBE		580
-setct_CapReqTBEX		581
-setct_CapResTBE		582
-setct_CapRevReqTBE		583
-setct_CapRevReqTBEX		584
-setct_CapRevResTBE		585
-setct_CredReqTBE		586
-setct_CredReqTBEX		587
-setct_CredResTBE		588
-setct_CredRevReqTBE		589
-setct_CredRevReqTBEX		590
-setct_CredRevResTBE		591
-setct_BatchAdminReqTBE		592
-setct_BatchAdminResTBE		593
-setct_RegFormReqTBE		594
-setct_CertReqTBE		595
-setct_CertReqTBEX		596
-setct_CertResTBE		597
-setct_CRLNotificationTBS		598
-setct_CRLNotificationResTBS		599
-setct_BCIDistributionTBS		600
-setext_genCrypt		601
-setext_miAuth		602
-setext_pinSecure		603
-setext_pinAny		604
-setext_track2		605
-setext_cv		606
-set_policy_root		607
-setCext_hashedRoot		608
-setCext_certType		609
-setCext_merchData		610
-setCext_cCertRequired		611
-setCext_tunneling		612
-setCext_setExt		613
-setCext_setQualf		614
-setCext_PGWYcapabilities		615
-setCext_TokenIdentifier		616
-setCext_Track2Data		617
-setCext_TokenType		618
-setCext_IssuerCapabilities		619
-setAttr_Cert		620
-setAttr_PGWYcap		621
-setAttr_TokenType		622
-setAttr_IssCap		623
-set_rootKeyThumb		624
-set_addPolicy		625
-setAttr_Token_EMV		626
-setAttr_Token_B0Prime		627
-setAttr_IssCap_CVM		628
-setAttr_IssCap_T2		629
-setAttr_IssCap_Sig		630
-setAttr_GenCryptgrm		631
-setAttr_T2Enc		632
-setAttr_T2cleartxt		633
-setAttr_TokICCsig		634
-setAttr_SecDevSig		635
-set_brand_IATA_ATA		636
-set_brand_Diners		637
-set_brand_AmericanExpress		638
-set_brand_JCB		639
-set_brand_Visa		640
-set_brand_MasterCard		641
-set_brand_Novus		642
-des_cdmf		643
-rsaOAEPEncryptionSET		644
-itu_t		645
-joint_iso_itu_t		646
-international_organizations		647
-ms_smartcard_login		648
-ms_upn		649
-aes_128_cfb1		650
-aes_192_cfb1		651
-aes_256_cfb1		652
-aes_128_cfb8		653
-aes_192_cfb8		654
-aes_256_cfb8		655
-des_cfb1		656
-des_cfb8		657
-des_ede3_cfb1		658
-des_ede3_cfb8		659
-streetAddress		660
-postalCode		661
-id_ppl		662
-proxyCertInfo		663
-id_ppl_anyLanguage		664
-id_ppl_inheritAll		665
-name_constraints		666
-Independent		667
-sha256WithRSAEncryption		668
-sha384WithRSAEncryption		669
-sha512WithRSAEncryption		670
-sha224WithRSAEncryption		671
-sha256		672
-sha384		673
-sha512		674
-sha224		675
-identified_organization		676
-certicom_arc		677
-wap		678
-wap_wsg		679
-X9_62_id_characteristic_two_basis		680
-X9_62_onBasis		681
-X9_62_tpBasis		682
-X9_62_ppBasis		683
-X9_62_c2pnb163v1		684
-X9_62_c2pnb163v2		685
-X9_62_c2pnb163v3		686
-X9_62_c2pnb176v1		687
-X9_62_c2tnb191v1		688
-X9_62_c2tnb191v2		689
-X9_62_c2tnb191v3		690
-X9_62_c2onb191v4		691
-X9_62_c2onb191v5		692
-X9_62_c2pnb208w1		693
-X9_62_c2tnb239v1		694
-X9_62_c2tnb239v2		695
-X9_62_c2tnb239v3		696
-X9_62_c2onb239v4		697
-X9_62_c2onb239v5		698
-X9_62_c2pnb272w1		699
-X9_62_c2pnb304w1		700
-X9_62_c2tnb359v1		701
-X9_62_c2pnb368w1		702
-X9_62_c2tnb431r1		703
-secp112r1		704
-secp112r2		705
-secp128r1		706
-secp128r2		707
-secp160k1		708
-secp160r1		709
-secp160r2		710
-secp192k1		711
-secp224k1		712
-secp224r1		713
-secp256k1		714
-secp384r1		715
-secp521r1		716
-sect113r1		717
-sect113r2		718
-sect131r1		719
-sect131r2		720
-sect163k1		721
-sect163r1		722
-sect163r2		723
-sect193r1		724
-sect193r2		725
-sect233k1		726
-sect233r1		727
-sect239k1		728
-sect283k1		729
-sect283r1		730
-sect409k1		731
-sect409r1		732
-sect571k1		733
-sect571r1		734
-wap_wsg_idm_ecid_wtls1		735
-wap_wsg_idm_ecid_wtls3		736
-wap_wsg_idm_ecid_wtls4		737
-wap_wsg_idm_ecid_wtls5		738
-wap_wsg_idm_ecid_wtls6		739
-wap_wsg_idm_ecid_wtls7		740
-wap_wsg_idm_ecid_wtls8		741
-wap_wsg_idm_ecid_wtls9		742
-wap_wsg_idm_ecid_wtls10		743
-wap_wsg_idm_ecid_wtls11		744
-wap_wsg_idm_ecid_wtls12		745
-any_policy		746
-policy_mappings		747
-inhibit_any_policy		748
-ipsec3		749
-ipsec4		750
-camellia_128_cbc		751
-camellia_192_cbc		752
-camellia_256_cbc		753
-camellia_128_ecb		754
-camellia_192_ecb		755
-camellia_256_ecb		756
-camellia_128_cfb128		757
-camellia_192_cfb128		758
-camellia_256_cfb128		759
-camellia_128_cfb1		760
-camellia_192_cfb1		761
-camellia_256_cfb1		762
-camellia_128_cfb8		763
-camellia_192_cfb8		764
-camellia_256_cfb8		765
-camellia_128_ofb128		766
-camellia_192_ofb128		767
-camellia_256_ofb128		768
-subject_directory_attributes		769
-issuing_distribution_point		770
-certificate_issuer		771
-korea		772
-kisa		773
-kftc		774
-npki_alg		775
-seed_ecb		776
-seed_cbc		777
-seed_ofb128		778
-seed_cfb128		779
-hmac_md5		780
-hmac_sha1		781
-id_PasswordBasedMAC		782
-id_DHBasedMac		783
-id_it_suppLangTags		784
-caRepository		785
-id_smime_ct_compressedData		786
-id_ct_asciiTextWithCRLF		787
-id_aes128_wrap		788
-id_aes192_wrap		789
-id_aes256_wrap		790
-ecdsa_with_Recommended		791
-ecdsa_with_Specified		792
-ecdsa_with_SHA224		793
-ecdsa_with_SHA256		794
-ecdsa_with_SHA384		795
-ecdsa_with_SHA512		796
-hmacWithMD5		797
-hmacWithSHA224		798
-hmacWithSHA256		799
-hmacWithSHA384		800
-hmacWithSHA512		801
-dsa_with_SHA224		802
-dsa_with_SHA256		803
-whirlpool		804
-cryptopro		805
-cryptocom		806
-id_GostR3411_94_with_GostR3410_2001		807
-id_GostR3411_94_with_GostR3410_94		808
-id_GostR3411_94		809
-id_HMACGostR3411_94		810
-id_GostR3410_2001		811
-id_GostR3410_94		812
-id_Gost28147_89		813
-gost89_cnt		814
-id_Gost28147_89_MAC		815
-id_GostR3411_94_prf		816
-id_GostR3410_2001DH		817
-id_GostR3410_94DH		818
-id_Gost28147_89_CryptoPro_KeyMeshing		819
-id_Gost28147_89_None_KeyMeshing		820
-id_GostR3411_94_TestParamSet		821
-id_GostR3411_94_CryptoProParamSet		822
-id_Gost28147_89_TestParamSet		823
-id_Gost28147_89_CryptoPro_A_ParamSet		824
-id_Gost28147_89_CryptoPro_B_ParamSet		825
-id_Gost28147_89_CryptoPro_C_ParamSet		826
-id_Gost28147_89_CryptoPro_D_ParamSet		827
-id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet		828
-id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet		829
-id_Gost28147_89_CryptoPro_RIC_1_ParamSet		830
-id_GostR3410_94_TestParamSet		831
-id_GostR3410_94_CryptoPro_A_ParamSet		832
-id_GostR3410_94_CryptoPro_B_ParamSet		833
-id_GostR3410_94_CryptoPro_C_ParamSet		834
-id_GostR3410_94_CryptoPro_D_ParamSet		835
-id_GostR3410_94_CryptoPro_XchA_ParamSet		836
-id_GostR3410_94_CryptoPro_XchB_ParamSet		837
-id_GostR3410_94_CryptoPro_XchC_ParamSet		838
-id_GostR3410_2001_TestParamSet		839
-id_GostR3410_2001_CryptoPro_A_ParamSet		840
-id_GostR3410_2001_CryptoPro_B_ParamSet		841
-id_GostR3410_2001_CryptoPro_C_ParamSet		842
-id_GostR3410_2001_CryptoPro_XchA_ParamSet		843
-id_GostR3410_2001_CryptoPro_XchB_ParamSet		844
-id_GostR3410_94_a		845
-id_GostR3410_94_aBis		846
-id_GostR3410_94_b		847
-id_GostR3410_94_bBis		848
-id_Gost28147_89_cc		849
-id_GostR3410_94_cc		850
-id_GostR3410_2001_cc		851
-id_GostR3411_94_with_GostR3410_94_cc		852
-id_GostR3411_94_with_GostR3410_2001_cc		853
-id_GostR3410_2001_ParamSet_cc		854
-hmac		855
-LocalKeySet		856
-freshest_crl		857
-id_on_permanentIdentifier		858
-searchGuide		859
-businessCategory		860
-postalAddress		861
-postOfficeBox		862
-physicalDeliveryOfficeName		863
-telephoneNumber		864
-telexNumber		865
-teletexTerminalIdentifier		866
-facsimileTelephoneNumber		867
-x121Address		868
-internationaliSDNNumber		869
-registeredAddress		870
-destinationIndicator		871
-preferredDeliveryMethod		872
-presentationAddress		873
-supportedApplicationContext		874
-member		875
-owner		876
-roleOccupant		877
-seeAlso		878
-userPassword		879
-userCertificate		880
-cACertificate		881
-authorityRevocationList		882
-certificateRevocationList		883
-crossCertificatePair		884
-enhancedSearchGuide		885
-protocolInformation		886
-distinguishedName		887
-uniqueMember		888
-houseIdentifier		889
-supportedAlgorithms		890
-deltaRevocationList		891
-dmdName		892
-id_alg_PWRI_KEK		893
-cmac		894
-aes_128_gcm		895
-aes_128_ccm		896
-id_aes128_wrap_pad		897
-aes_192_gcm		898
-aes_192_ccm		899
-id_aes192_wrap_pad		900
-aes_256_gcm		901
-aes_256_ccm		902
-id_aes256_wrap_pad		903
-aes_128_ctr		904
-aes_192_ctr		905
-aes_256_ctr		906
-id_camellia128_wrap		907
-id_camellia192_wrap		908
-id_camellia256_wrap		909
-anyExtendedKeyUsage		910
-mgf1		911
-rsassaPss		912
-aes_128_xts		913
-aes_256_xts		914
-rc4_hmac_md5		915
-aes_128_cbc_hmac_sha1		916
-aes_192_cbc_hmac_sha1		917
-aes_256_cbc_hmac_sha1		918
-rsaesOaep		919
diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c
deleted file mode 100644
index 9f744bcede..0000000000
--- a/crypto/objects/obj_xref.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/* crypto/objects/obj_xref.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/objects.h>
-#include "obj_xref.h"
-
-DECLARE_STACK_OF(nid_triple)
-STACK_OF(nid_triple) *sig_app, *sigx_app;
-
-static int sig_cmp(const nid_triple *a, const nid_triple *b)
-	{
-	return a->sign_id - b->sign_id;
-	}
-
-DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
-
-static int sig_sk_cmp(const nid_triple * const *a, const nid_triple * const *b)
-	{
-	return (*a)->sign_id - (*b)->sign_id;
-	}
-
-DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
-
-static int sigx_cmp(const nid_triple * const *a, const nid_triple * const *b)
-	{
-	int ret;
-	ret = (*a)->hash_id - (*b)->hash_id;
-	if (ret)
-		return ret;
-	return (*a)->pkey_id - (*b)->pkey_id;
-	}
-
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
-
-int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
-	{
-	nid_triple tmp;
-	const nid_triple *rv = NULL;
-	tmp.sign_id = signid;
-
-	if (sig_app)
-		{
-		int idx = sk_nid_triple_find(sig_app, &tmp);
-		if (idx >= 0)
-			rv = sk_nid_triple_value(sig_app, idx);
-		}
-
-#ifndef OBJ_XREF_TEST2
-	if (rv == NULL)
-		{
-		rv = OBJ_bsearch_sig(&tmp, sigoid_srt,
-				 sizeof(sigoid_srt) / sizeof(nid_triple));
-		}
-#endif
-	if (rv == NULL)
-		return 0;
-	if (pdig_nid)
-		*pdig_nid = rv->hash_id;
-	if (ppkey_nid)
-		*ppkey_nid = rv->pkey_id;
-	return 1;
-	}
-
-int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
-	{
-	nid_triple tmp;
-	const nid_triple *t=&tmp;
-	const nid_triple **rv = NULL;
-
-	tmp.hash_id = dig_nid;
-	tmp.pkey_id = pkey_nid;
-
-	if (sigx_app)
-		{
-		int idx = sk_nid_triple_find(sigx_app, &tmp);
-		if (idx >= 0)
-			{
-			t = sk_nid_triple_value(sigx_app, idx);
-			rv = &t;
-			}
-		}
-
-#ifndef OBJ_XREF_TEST2
-	if (rv == NULL)
-		{
-		rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref,
-				 sizeof(sigoid_srt_xref) / sizeof(nid_triple *)
-				 );
-		}
-#endif
-	if (rv == NULL)
-		return 0;
-	if (psignid)
-		*psignid = (*rv)->sign_id;
-	return 1;
-	}
-
-int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
-	{
-	nid_triple *ntr;
-	if (!sig_app)
-		sig_app = sk_nid_triple_new(sig_sk_cmp);
-	if (!sig_app)
-		return 0;
-	if (!sigx_app)
-		sigx_app = sk_nid_triple_new(sigx_cmp);
-	if (!sigx_app)
-		return 0;
-	ntr = OPENSSL_malloc(sizeof(int) * 3);
-	if (!ntr)
-		return 0;
-	ntr->sign_id = signid;
-	ntr->hash_id = dig_id;
-	ntr->pkey_id = pkey_id;
-
-	if (!sk_nid_triple_push(sig_app, ntr))
-		{
-		OPENSSL_free(ntr);
-		return 0;
-		}
-
-	if (!sk_nid_triple_push(sigx_app, ntr))
-		return 0;
-
-	sk_nid_triple_sort(sig_app);
-	sk_nid_triple_sort(sigx_app);
-
-	return 1;
-	}
-
-static void sid_free(nid_triple *tt)
-	{
-	OPENSSL_free(tt);
-	}
-
-void OBJ_sigid_free(void)
-	{
-	if (sig_app)
-		{
-		sk_nid_triple_pop_free(sig_app, sid_free);
-		sig_app = NULL;
-		}
-	if (sigx_app)
-		{
-		sk_nid_triple_free(sigx_app);
-		sigx_app = NULL;
-		}
-	}
-		
-#ifdef OBJ_XREF_TEST
-
-main()
-	{
-	int n1, n2, n3;
-
-	int i, rv;
-#ifdef OBJ_XREF_TEST2
-	for (i = 0; i <	sizeof(sigoid_srt) / sizeof(nid_triple); i++)
-		{
-		OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1],
-				sigoid_srt[i][2]);
-		}
-#endif
-
-	for (i = 0; i <	sizeof(sigoid_srt) / sizeof(nid_triple); i++)
-		{
-		n1 = sigoid_srt[i][0];
-		rv = OBJ_find_sigid_algs(n1, &n2, &n3);
-		printf("Forward: %d, %s %s %s\n", rv,
-			OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3));
-		n1=0;
-		rv = OBJ_find_sigid_by_algs(&n1, n2, n3);
-		printf("Reverse: %d, %s %s %s\n", rv,
-			OBJ_nid2ln(n1), OBJ_nid2ln(n2), OBJ_nid2ln(n3));
-		}
-	}
-	
-#endif
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
deleted file mode 100644
index 33cb24b070..0000000000
--- a/crypto/objects/obj_xref.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */
-
-typedef struct
-	{
-	int sign_id;
-	int hash_id;
-	int pkey_id;
-	} nid_triple;
-
-static const nid_triple sigoid_srt[] =
-	{
-	{NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
-	{NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
-	{NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption},
-	{NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
-	{NID_dsaWithSHA, NID_sha, NID_dsa},
-	{NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
-	{NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption},
-	{NID_md5WithRSA, NID_md5, NID_rsa},
-	{NID_dsaWithSHA1, NID_sha1, NID_dsa},
-	{NID_sha1WithRSA, NID_sha1, NID_rsa},
-	{NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption},
-	{NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
-	{NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
-	{NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
-	{NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
-	{NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
-	{NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
-	{NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey},
-	{NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey},
-	{NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
-	{NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
-	{NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
-	{NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
-	{NID_dsa_with_SHA224, NID_sha224, NID_dsa},
-	{NID_dsa_with_SHA256, NID_sha256, NID_dsa},
-	{NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001},
-	{NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94},
-	{NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc},
-	{NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc},
-	{NID_rsassaPss, NID_undef, NID_rsaEncryption},
-	};
-
-static const nid_triple * const sigoid_srt_xref[] =
-	{
-	&sigoid_srt[0],
-	&sigoid_srt[1],
-	&sigoid_srt[7],
-	&sigoid_srt[2],
-	&sigoid_srt[4],
-	&sigoid_srt[3],
-	&sigoid_srt[9],
-	&sigoid_srt[5],
-	&sigoid_srt[8],
-	&sigoid_srt[12],
-	&sigoid_srt[6],
-	&sigoid_srt[10],
-	&sigoid_srt[11],
-	&sigoid_srt[13],
-	&sigoid_srt[24],
-	&sigoid_srt[20],
-	&sigoid_srt[14],
-	&sigoid_srt[21],
-	&sigoid_srt[15],
-	&sigoid_srt[22],
-	&sigoid_srt[16],
-	&sigoid_srt[23],
-	&sigoid_srt[19],
-	&sigoid_srt[25],
-	&sigoid_srt[26],
-	&sigoid_srt[27],
-	&sigoid_srt[28],
-	};
-
diff --git a/crypto/objects/obj_xref.txt b/crypto/objects/obj_xref.txt
deleted file mode 100644
index cb917182ee..0000000000
--- a/crypto/objects/obj_xref.txt
+++ /dev/null
@@ -1,46 +0,0 @@
-# OID cross reference table.
-# Links signatures OIDs to their corresponding public key algorithms
-# and digests.
-
-md2WithRSAEncryption	md2	rsaEncryption
-md5WithRSAEncryption	md5	rsaEncryption
-shaWithRSAEncryption	sha	rsaEncryption
-sha1WithRSAEncryption	sha1	rsaEncryption
-md4WithRSAEncryption	md4	rsaEncryption
-sha256WithRSAEncryption sha256	rsaEncryption
-sha384WithRSAEncryption	sha384	rsaEncryption
-sha512WithRSAEncryption	sha512	rsaEncryption
-sha224WithRSAEncryption	sha224	rsaEncryption
-mdc2WithRSA		mdc2	rsaEncryption
-ripemd160WithRSA	ripemd160 rsaEncryption
-# For PSS the digest algorithm can vary and depends on the included
-# AlgorithmIdentifier. The digest "undef" indicates the public key
-# method should handle this explicitly.
-rsassaPss		undef	rsaEncryption
-
-# Alternative deprecated OIDs. By using the older "rsa" OID this
-# type will be recognized by not normally used.
-
-md5WithRSA		md5	rsa
-sha1WithRSA		sha1	rsa
-
-dsaWithSHA		sha	dsa
-dsaWithSHA1		sha1	dsa
-
-dsaWithSHA1_2		sha1	dsa_2
-
-ecdsa_with_SHA1		sha1	X9_62_id_ecPublicKey
-ecdsa_with_SHA224	sha224	X9_62_id_ecPublicKey
-ecdsa_with_SHA256	sha256	X9_62_id_ecPublicKey
-ecdsa_with_SHA384	sha384	X9_62_id_ecPublicKey
-ecdsa_with_SHA512	sha512	X9_62_id_ecPublicKey
-ecdsa_with_Recommended	undef	X9_62_id_ecPublicKey
-ecdsa_with_Specified	undef	X9_62_id_ecPublicKey
-
-dsa_with_SHA224		sha224	dsa
-dsa_with_SHA256		sha256	dsa
-
-id_GostR3411_94_with_GostR3410_2001	id_GostR3411_94 id_GostR3410_2001
-id_GostR3411_94_with_GostR3410_94	id_GostR3411_94 id_GostR3410_94
-id_GostR3411_94_with_GostR3410_94_cc	id_GostR3411_94 id_GostR3410_94_cc
-id_GostR3411_94_with_GostR3410_2001_cc	id_GostR3411_94 id_GostR3410_2001_cc
diff --git a/crypto/objects/objects.README b/crypto/objects/objects.README
deleted file mode 100644
index 4d745508d8..0000000000
--- a/crypto/objects/objects.README
+++ /dev/null
@@ -1,44 +0,0 @@
-objects.txt syntax
-------------------
-
-To cover all the naming hacks that were previously in objects.h needed some
-kind of hacks in objects.txt.
-
-The basic syntax for adding an object is as follows:
-
-	1 2 3 4		: shortName	: Long Name
-
-		If the long name doesn't contain spaces, or no short name
-		exists, the long name is used as basis for the base name
-		in C.  Otherwise, the short name is used.
-
-		The base name (let's call it 'base') will then be used to
-		create the C macros SN_base, LN_base, NID_base and OBJ_base.
-
-		Note that if the base name contains spaces, dashes or periods,
-		those will be converte to underscore.
-
-Then there are some extra commands:
-
-	!Alias foo 1 2 3 4
-
-		This juts makes a name foo for an OID.  The C macro
-		OBJ_foo will be created as a result.
-
-	!Cname foo
-
-		This makes sure that the name foo will be used as base name
-		in C.
-
-	!module foo
-	1 2 3 4		: shortName	: Long Name
-	!global
-
-		The !module command was meant to define a kind of modularity.
-		What it does is to make sure the module name is prepended
-		to the base name.  !global turns this off.  This construction
-		is not recursive.
-
-Lines starting with # are treated as comments, as well as any line starting
-with ! and not matching the commands above.
-
diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h
deleted file mode 100644
index bd0ee52feb..0000000000
--- a/crypto/objects/objects.h
+++ /dev/null
@@ -1,1138 +0,0 @@
-/* crypto/objects/objects.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_OBJECTS_H
-#define HEADER_OBJECTS_H
-
-#define USE_OBJ_MAC
-
-#ifdef USE_OBJ_MAC
-#include <openssl/obj_mac.h>
-#else
-#define SN_undef			"UNDEF"
-#define LN_undef			"undefined"
-#define NID_undef			0
-#define OBJ_undef			0L
-
-#define SN_Algorithm			"Algorithm"
-#define LN_algorithm			"algorithm"
-#define NID_algorithm			38
-#define OBJ_algorithm			1L,3L,14L,3L,2L
-
-#define LN_rsadsi			"rsadsi"
-#define NID_rsadsi			1
-#define OBJ_rsadsi			1L,2L,840L,113549L
-
-#define LN_pkcs				"pkcs"
-#define NID_pkcs			2
-#define OBJ_pkcs			OBJ_rsadsi,1L
-
-#define SN_md2				"MD2"
-#define LN_md2				"md2"
-#define NID_md2				3
-#define OBJ_md2				OBJ_rsadsi,2L,2L
-
-#define SN_md5				"MD5"
-#define LN_md5				"md5"
-#define NID_md5				4
-#define OBJ_md5				OBJ_rsadsi,2L,5L
-
-#define SN_rc4				"RC4"
-#define LN_rc4				"rc4"
-#define NID_rc4				5
-#define OBJ_rc4				OBJ_rsadsi,3L,4L
-
-#define LN_rsaEncryption		"rsaEncryption"
-#define NID_rsaEncryption		6
-#define OBJ_rsaEncryption		OBJ_pkcs,1L,1L
-
-#define SN_md2WithRSAEncryption		"RSA-MD2"
-#define LN_md2WithRSAEncryption		"md2WithRSAEncryption"
-#define NID_md2WithRSAEncryption	7
-#define OBJ_md2WithRSAEncryption	OBJ_pkcs,1L,2L
-
-#define SN_md5WithRSAEncryption		"RSA-MD5"
-#define LN_md5WithRSAEncryption		"md5WithRSAEncryption"
-#define NID_md5WithRSAEncryption	8
-#define OBJ_md5WithRSAEncryption	OBJ_pkcs,1L,4L
-
-#define SN_pbeWithMD2AndDES_CBC		"PBE-MD2-DES"
-#define LN_pbeWithMD2AndDES_CBC		"pbeWithMD2AndDES-CBC"
-#define NID_pbeWithMD2AndDES_CBC	9
-#define OBJ_pbeWithMD2AndDES_CBC	OBJ_pkcs,5L,1L
-
-#define SN_pbeWithMD5AndDES_CBC		"PBE-MD5-DES"
-#define LN_pbeWithMD5AndDES_CBC		"pbeWithMD5AndDES-CBC"
-#define NID_pbeWithMD5AndDES_CBC	10
-#define OBJ_pbeWithMD5AndDES_CBC	OBJ_pkcs,5L,3L
-
-#define LN_X500				"X500"
-#define NID_X500			11
-#define OBJ_X500			2L,5L
-
-#define LN_X509				"X509"
-#define NID_X509			12
-#define OBJ_X509			OBJ_X500,4L
-
-#define SN_commonName			"CN"
-#define LN_commonName			"commonName"
-#define NID_commonName			13
-#define OBJ_commonName			OBJ_X509,3L
-
-#define SN_countryName			"C"
-#define LN_countryName			"countryName"
-#define NID_countryName			14
-#define OBJ_countryName			OBJ_X509,6L
-
-#define SN_localityName			"L"
-#define LN_localityName			"localityName"
-#define NID_localityName		15
-#define OBJ_localityName		OBJ_X509,7L
-
-/* Postal Address? PA */
-
-/* should be "ST" (rfc1327) but MS uses 'S' */
-#define SN_stateOrProvinceName		"ST"
-#define LN_stateOrProvinceName		"stateOrProvinceName"
-#define NID_stateOrProvinceName		16
-#define OBJ_stateOrProvinceName		OBJ_X509,8L
-
-#define SN_organizationName		"O"
-#define LN_organizationName		"organizationName"
-#define NID_organizationName		17
-#define OBJ_organizationName		OBJ_X509,10L
-
-#define SN_organizationalUnitName	"OU"
-#define LN_organizationalUnitName	"organizationalUnitName"
-#define NID_organizationalUnitName	18
-#define OBJ_organizationalUnitName	OBJ_X509,11L
-
-#define SN_rsa				"RSA"
-#define LN_rsa				"rsa"
-#define NID_rsa				19
-#define OBJ_rsa				OBJ_X500,8L,1L,1L
-
-#define LN_pkcs7			"pkcs7"
-#define NID_pkcs7			20
-#define OBJ_pkcs7			OBJ_pkcs,7L
-
-#define LN_pkcs7_data			"pkcs7-data"
-#define NID_pkcs7_data			21
-#define OBJ_pkcs7_data			OBJ_pkcs7,1L
-
-#define LN_pkcs7_signed			"pkcs7-signedData"
-#define NID_pkcs7_signed		22
-#define OBJ_pkcs7_signed		OBJ_pkcs7,2L
-
-#define LN_pkcs7_enveloped		"pkcs7-envelopedData"
-#define NID_pkcs7_enveloped		23
-#define OBJ_pkcs7_enveloped		OBJ_pkcs7,3L
-
-#define LN_pkcs7_signedAndEnveloped	"pkcs7-signedAndEnvelopedData"
-#define NID_pkcs7_signedAndEnveloped	24
-#define OBJ_pkcs7_signedAndEnveloped	OBJ_pkcs7,4L
-
-#define LN_pkcs7_digest			"pkcs7-digestData"
-#define NID_pkcs7_digest		25
-#define OBJ_pkcs7_digest		OBJ_pkcs7,5L
-
-#define LN_pkcs7_encrypted		"pkcs7-encryptedData"
-#define NID_pkcs7_encrypted		26
-#define OBJ_pkcs7_encrypted		OBJ_pkcs7,6L
-
-#define LN_pkcs3			"pkcs3"
-#define NID_pkcs3			27
-#define OBJ_pkcs3			OBJ_pkcs,3L
-
-#define LN_dhKeyAgreement		"dhKeyAgreement"
-#define NID_dhKeyAgreement		28
-#define OBJ_dhKeyAgreement		OBJ_pkcs3,1L
-
-#define SN_des_ecb			"DES-ECB"
-#define LN_des_ecb			"des-ecb"
-#define NID_des_ecb			29
-#define OBJ_des_ecb			OBJ_algorithm,6L
-
-#define SN_des_cfb64			"DES-CFB"
-#define LN_des_cfb64			"des-cfb"
-#define NID_des_cfb64			30
-/* IV + num */
-#define OBJ_des_cfb64			OBJ_algorithm,9L
-
-#define SN_des_cbc			"DES-CBC"
-#define LN_des_cbc			"des-cbc"
-#define NID_des_cbc			31
-/* IV */
-#define OBJ_des_cbc			OBJ_algorithm,7L
-
-#define SN_des_ede			"DES-EDE"
-#define LN_des_ede			"des-ede"
-#define NID_des_ede			32
-/* ?? */
-#define OBJ_des_ede			OBJ_algorithm,17L
-
-#define SN_des_ede3			"DES-EDE3"
-#define LN_des_ede3			"des-ede3"
-#define NID_des_ede3			33
-
-#define SN_idea_cbc			"IDEA-CBC"
-#define LN_idea_cbc			"idea-cbc"
-#define NID_idea_cbc			34
-#define OBJ_idea_cbc			1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
-
-#define SN_idea_cfb64			"IDEA-CFB"
-#define LN_idea_cfb64			"idea-cfb"
-#define NID_idea_cfb64			35
-
-#define SN_idea_ecb			"IDEA-ECB"
-#define LN_idea_ecb			"idea-ecb"
-#define NID_idea_ecb			36
-
-#define SN_rc2_cbc			"RC2-CBC"
-#define LN_rc2_cbc			"rc2-cbc"
-#define NID_rc2_cbc			37
-#define OBJ_rc2_cbc			OBJ_rsadsi,3L,2L
-
-#define SN_rc2_ecb			"RC2-ECB"
-#define LN_rc2_ecb			"rc2-ecb"
-#define NID_rc2_ecb			38
-
-#define SN_rc2_cfb64			"RC2-CFB"
-#define LN_rc2_cfb64			"rc2-cfb"
-#define NID_rc2_cfb64			39
-
-#define SN_rc2_ofb64			"RC2-OFB"
-#define LN_rc2_ofb64			"rc2-ofb"
-#define NID_rc2_ofb64			40
-
-#define SN_sha				"SHA"
-#define LN_sha				"sha"
-#define NID_sha				41
-#define OBJ_sha				OBJ_algorithm,18L
-
-#define SN_shaWithRSAEncryption		"RSA-SHA"
-#define LN_shaWithRSAEncryption		"shaWithRSAEncryption"
-#define NID_shaWithRSAEncryption	42
-#define OBJ_shaWithRSAEncryption	OBJ_algorithm,15L
-
-#define SN_des_ede_cbc			"DES-EDE-CBC"
-#define LN_des_ede_cbc			"des-ede-cbc"
-#define NID_des_ede_cbc			43
-
-#define SN_des_ede3_cbc			"DES-EDE3-CBC"
-#define LN_des_ede3_cbc			"des-ede3-cbc"
-#define NID_des_ede3_cbc		44
-#define OBJ_des_ede3_cbc		OBJ_rsadsi,3L,7L
-
-#define SN_des_ofb64			"DES-OFB"
-#define LN_des_ofb64			"des-ofb"
-#define NID_des_ofb64			45
-#define OBJ_des_ofb64			OBJ_algorithm,8L
-
-#define SN_idea_ofb64			"IDEA-OFB"
-#define LN_idea_ofb64			"idea-ofb"
-#define NID_idea_ofb64			46
-
-#define LN_pkcs9			"pkcs9"
-#define NID_pkcs9			47
-#define OBJ_pkcs9			OBJ_pkcs,9L
-
-#define SN_pkcs9_emailAddress		"Email"
-#define LN_pkcs9_emailAddress		"emailAddress"
-#define NID_pkcs9_emailAddress		48
-#define OBJ_pkcs9_emailAddress		OBJ_pkcs9,1L
-
-#define LN_pkcs9_unstructuredName	"unstructuredName"
-#define NID_pkcs9_unstructuredName	49
-#define OBJ_pkcs9_unstructuredName	OBJ_pkcs9,2L
-
-#define LN_pkcs9_contentType		"contentType"
-#define NID_pkcs9_contentType		50
-#define OBJ_pkcs9_contentType		OBJ_pkcs9,3L
-
-#define LN_pkcs9_messageDigest		"messageDigest"
-#define NID_pkcs9_messageDigest		51
-#define OBJ_pkcs9_messageDigest		OBJ_pkcs9,4L
-
-#define LN_pkcs9_signingTime		"signingTime"
-#define NID_pkcs9_signingTime		52
-#define OBJ_pkcs9_signingTime		OBJ_pkcs9,5L
-
-#define LN_pkcs9_countersignature	"countersignature"
-#define NID_pkcs9_countersignature	53
-#define OBJ_pkcs9_countersignature	OBJ_pkcs9,6L
-
-#define LN_pkcs9_challengePassword	"challengePassword"
-#define NID_pkcs9_challengePassword	54
-#define OBJ_pkcs9_challengePassword	OBJ_pkcs9,7L
-
-#define LN_pkcs9_unstructuredAddress	"unstructuredAddress"
-#define NID_pkcs9_unstructuredAddress	55
-#define OBJ_pkcs9_unstructuredAddress	OBJ_pkcs9,8L
-
-#define LN_pkcs9_extCertAttributes	"extendedCertificateAttributes"
-#define NID_pkcs9_extCertAttributes	56
-#define OBJ_pkcs9_extCertAttributes	OBJ_pkcs9,9L
-
-#define SN_netscape			"Netscape"
-#define LN_netscape			"Netscape Communications Corp."
-#define NID_netscape			57
-#define OBJ_netscape			2L,16L,840L,1L,113730L
-
-#define SN_netscape_cert_extension	"nsCertExt"
-#define LN_netscape_cert_extension	"Netscape Certificate Extension"
-#define NID_netscape_cert_extension	58
-#define OBJ_netscape_cert_extension	OBJ_netscape,1L
-
-#define SN_netscape_data_type		"nsDataType"
-#define LN_netscape_data_type		"Netscape Data Type"
-#define NID_netscape_data_type		59
-#define OBJ_netscape_data_type		OBJ_netscape,2L
-
-#define SN_des_ede_cfb64		"DES-EDE-CFB"
-#define LN_des_ede_cfb64		"des-ede-cfb"
-#define NID_des_ede_cfb64		60
-
-#define SN_des_ede3_cfb64		"DES-EDE3-CFB"
-#define LN_des_ede3_cfb64		"des-ede3-cfb"
-#define NID_des_ede3_cfb64		61
-
-#define SN_des_ede_ofb64		"DES-EDE-OFB"
-#define LN_des_ede_ofb64		"des-ede-ofb"
-#define NID_des_ede_ofb64		62
-
-#define SN_des_ede3_ofb64		"DES-EDE3-OFB"
-#define LN_des_ede3_ofb64		"des-ede3-ofb"
-#define NID_des_ede3_ofb64		63
-
-/* I'm not sure about the object ID */
-#define SN_sha1				"SHA1"
-#define LN_sha1				"sha1"
-#define NID_sha1			64
-#define OBJ_sha1			OBJ_algorithm,26L
-/* 28 Jun 1996 - eay */
-/* #define OBJ_sha1			1L,3L,14L,2L,26L,05L <- wrong */
-
-#define SN_sha1WithRSAEncryption	"RSA-SHA1"
-#define LN_sha1WithRSAEncryption	"sha1WithRSAEncryption"
-#define NID_sha1WithRSAEncryption	65
-#define OBJ_sha1WithRSAEncryption	OBJ_pkcs,1L,5L
-
-#define SN_dsaWithSHA			"DSA-SHA"
-#define LN_dsaWithSHA			"dsaWithSHA"
-#define NID_dsaWithSHA			66
-#define OBJ_dsaWithSHA			OBJ_algorithm,13L
-
-#define SN_dsa_2			"DSA-old"
-#define LN_dsa_2			"dsaEncryption-old"
-#define NID_dsa_2			67
-#define OBJ_dsa_2			OBJ_algorithm,12L
-
-/* proposed by microsoft to RSA */
-#define SN_pbeWithSHA1AndRC2_CBC	"PBE-SHA1-RC2-64"
-#define LN_pbeWithSHA1AndRC2_CBC	"pbeWithSHA1AndRC2-CBC"
-#define NID_pbeWithSHA1AndRC2_CBC	68
-#define OBJ_pbeWithSHA1AndRC2_CBC	OBJ_pkcs,5L,11L 
-
-/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now
- * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something
- * completely different.
- */
-#define LN_id_pbkdf2			"PBKDF2"
-#define NID_id_pbkdf2			69
-#define OBJ_id_pbkdf2			OBJ_pkcs,5L,12L 
-
-#define SN_dsaWithSHA1_2		"DSA-SHA1-old"
-#define LN_dsaWithSHA1_2		"dsaWithSHA1-old"
-#define NID_dsaWithSHA1_2		70
-/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */
-#define OBJ_dsaWithSHA1_2		OBJ_algorithm,27L
-
-#define SN_netscape_cert_type		"nsCertType"
-#define LN_netscape_cert_type		"Netscape Cert Type"
-#define NID_netscape_cert_type		71
-#define OBJ_netscape_cert_type		OBJ_netscape_cert_extension,1L
-
-#define SN_netscape_base_url		"nsBaseUrl"
-#define LN_netscape_base_url		"Netscape Base Url"
-#define NID_netscape_base_url		72
-#define OBJ_netscape_base_url		OBJ_netscape_cert_extension,2L
-
-#define SN_netscape_revocation_url	"nsRevocationUrl"
-#define LN_netscape_revocation_url	"Netscape Revocation Url"
-#define NID_netscape_revocation_url	73
-#define OBJ_netscape_revocation_url	OBJ_netscape_cert_extension,3L
-
-#define SN_netscape_ca_revocation_url	"nsCaRevocationUrl"
-#define LN_netscape_ca_revocation_url	"Netscape CA Revocation Url"
-#define NID_netscape_ca_revocation_url	74
-#define OBJ_netscape_ca_revocation_url	OBJ_netscape_cert_extension,4L
-
-#define SN_netscape_renewal_url		"nsRenewalUrl"
-#define LN_netscape_renewal_url		"Netscape Renewal Url"
-#define NID_netscape_renewal_url	75
-#define OBJ_netscape_renewal_url	OBJ_netscape_cert_extension,7L
-
-#define SN_netscape_ca_policy_url	"nsCaPolicyUrl"
-#define LN_netscape_ca_policy_url	"Netscape CA Policy Url"
-#define NID_netscape_ca_policy_url	76
-#define OBJ_netscape_ca_policy_url	OBJ_netscape_cert_extension,8L
-
-#define SN_netscape_ssl_server_name	"nsSslServerName"
-#define LN_netscape_ssl_server_name	"Netscape SSL Server Name"
-#define NID_netscape_ssl_server_name	77
-#define OBJ_netscape_ssl_server_name	OBJ_netscape_cert_extension,12L
-
-#define SN_netscape_comment		"nsComment"
-#define LN_netscape_comment		"Netscape Comment"
-#define NID_netscape_comment		78
-#define OBJ_netscape_comment		OBJ_netscape_cert_extension,13L
-
-#define SN_netscape_cert_sequence	"nsCertSequence"
-#define LN_netscape_cert_sequence	"Netscape Certificate Sequence"
-#define NID_netscape_cert_sequence	79
-#define OBJ_netscape_cert_sequence	OBJ_netscape_data_type,5L
-
-#define SN_desx_cbc			"DESX-CBC"
-#define LN_desx_cbc			"desx-cbc"
-#define NID_desx_cbc			80
-
-#define SN_id_ce			"id-ce"
-#define NID_id_ce			81
-#define OBJ_id_ce			2L,5L,29L
-
-#define SN_subject_key_identifier	"subjectKeyIdentifier"
-#define LN_subject_key_identifier	"X509v3 Subject Key Identifier"
-#define NID_subject_key_identifier	82
-#define OBJ_subject_key_identifier	OBJ_id_ce,14L
-
-#define SN_key_usage			"keyUsage"
-#define LN_key_usage			"X509v3 Key Usage"
-#define NID_key_usage			83
-#define OBJ_key_usage			OBJ_id_ce,15L
-
-#define SN_private_key_usage_period	"privateKeyUsagePeriod"
-#define LN_private_key_usage_period	"X509v3 Private Key Usage Period"
-#define NID_private_key_usage_period	84
-#define OBJ_private_key_usage_period	OBJ_id_ce,16L
-
-#define SN_subject_alt_name		"subjectAltName"
-#define LN_subject_alt_name		"X509v3 Subject Alternative Name"
-#define NID_subject_alt_name		85
-#define OBJ_subject_alt_name		OBJ_id_ce,17L
-
-#define SN_issuer_alt_name		"issuerAltName"
-#define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"
-#define NID_issuer_alt_name		86
-#define OBJ_issuer_alt_name		OBJ_id_ce,18L
-
-#define SN_basic_constraints		"basicConstraints"
-#define LN_basic_constraints		"X509v3 Basic Constraints"
-#define NID_basic_constraints		87
-#define OBJ_basic_constraints		OBJ_id_ce,19L
-
-#define SN_crl_number			"crlNumber"
-#define LN_crl_number			"X509v3 CRL Number"
-#define NID_crl_number			88
-#define OBJ_crl_number			OBJ_id_ce,20L
-
-#define SN_certificate_policies		"certificatePolicies"
-#define LN_certificate_policies		"X509v3 Certificate Policies"
-#define NID_certificate_policies	89
-#define OBJ_certificate_policies	OBJ_id_ce,32L
-
-#define SN_authority_key_identifier	"authorityKeyIdentifier"
-#define LN_authority_key_identifier	"X509v3 Authority Key Identifier"
-#define NID_authority_key_identifier	90
-#define OBJ_authority_key_identifier	OBJ_id_ce,35L
-
-#define SN_bf_cbc			"BF-CBC"
-#define LN_bf_cbc			"bf-cbc"
-#define NID_bf_cbc			91
-#define OBJ_bf_cbc			1L,3L,6L,1L,4L,1L,3029L,1L,2L
-
-#define SN_bf_ecb			"BF-ECB"
-#define LN_bf_ecb			"bf-ecb"
-#define NID_bf_ecb			92
-
-#define SN_bf_cfb64			"BF-CFB"
-#define LN_bf_cfb64			"bf-cfb"
-#define NID_bf_cfb64			93
-
-#define SN_bf_ofb64			"BF-OFB"
-#define LN_bf_ofb64			"bf-ofb"
-#define NID_bf_ofb64			94
-
-#define SN_mdc2				"MDC2"
-#define LN_mdc2				"mdc2"
-#define NID_mdc2			95
-#define OBJ_mdc2			2L,5L,8L,3L,101L
-/* An alternative?			1L,3L,14L,3L,2L,19L */
-
-#define SN_mdc2WithRSA			"RSA-MDC2"
-#define LN_mdc2WithRSA			"mdc2withRSA"
-#define NID_mdc2WithRSA			96
-#define OBJ_mdc2WithRSA			2L,5L,8L,3L,100L
-
-#define SN_rc4_40			"RC4-40"
-#define LN_rc4_40			"rc4-40"
-#define NID_rc4_40			97
-
-#define SN_rc2_40_cbc			"RC2-40-CBC"
-#define LN_rc2_40_cbc			"rc2-40-cbc"
-#define NID_rc2_40_cbc			98
-
-#define SN_givenName			"G"
-#define LN_givenName			"givenName"
-#define NID_givenName			99
-#define OBJ_givenName			OBJ_X509,42L
-
-#define SN_surname			"S"
-#define LN_surname			"surname"
-#define NID_surname			100
-#define OBJ_surname			OBJ_X509,4L
-
-#define SN_initials			"I"
-#define LN_initials			"initials"
-#define NID_initials			101
-#define OBJ_initials			OBJ_X509,43L
-
-#define SN_uniqueIdentifier		"UID"
-#define LN_uniqueIdentifier		"uniqueIdentifier"
-#define NID_uniqueIdentifier		102
-#define OBJ_uniqueIdentifier		OBJ_X509,45L
-
-#define SN_crl_distribution_points	"crlDistributionPoints"
-#define LN_crl_distribution_points	"X509v3 CRL Distribution Points"
-#define NID_crl_distribution_points	103
-#define OBJ_crl_distribution_points	OBJ_id_ce,31L
-
-#define SN_md5WithRSA			"RSA-NP-MD5"
-#define LN_md5WithRSA			"md5WithRSA"
-#define NID_md5WithRSA			104
-#define OBJ_md5WithRSA			OBJ_algorithm,3L
-
-#define SN_serialNumber			"SN"
-#define LN_serialNumber			"serialNumber"
-#define NID_serialNumber		105
-#define OBJ_serialNumber		OBJ_X509,5L
-
-#define SN_title			"T"
-#define LN_title			"title"
-#define NID_title			106
-#define OBJ_title			OBJ_X509,12L
-
-#define SN_description			"D"
-#define LN_description			"description"
-#define NID_description			107
-#define OBJ_description			OBJ_X509,13L
-
-/* CAST5 is CAST-128, I'm just sticking with the documentation */
-#define SN_cast5_cbc			"CAST5-CBC"
-#define LN_cast5_cbc			"cast5-cbc"
-#define NID_cast5_cbc			108
-#define OBJ_cast5_cbc			1L,2L,840L,113533L,7L,66L,10L
-
-#define SN_cast5_ecb			"CAST5-ECB"
-#define LN_cast5_ecb			"cast5-ecb"
-#define NID_cast5_ecb			109
-
-#define SN_cast5_cfb64			"CAST5-CFB"
-#define LN_cast5_cfb64			"cast5-cfb"
-#define NID_cast5_cfb64			110
-
-#define SN_cast5_ofb64			"CAST5-OFB"
-#define LN_cast5_ofb64			"cast5-ofb"
-#define NID_cast5_ofb64			111
-
-#define LN_pbeWithMD5AndCast5_CBC	"pbeWithMD5AndCast5CBC"
-#define NID_pbeWithMD5AndCast5_CBC	112
-#define OBJ_pbeWithMD5AndCast5_CBC	1L,2L,840L,113533L,7L,66L,12L
-
-/* This is one sun will soon be using :-(
- * id-dsa-with-sha1 ID  ::= {
- *   iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }
- */
-#define SN_dsaWithSHA1			"DSA-SHA1"
-#define LN_dsaWithSHA1			"dsaWithSHA1"
-#define NID_dsaWithSHA1			113
-#define OBJ_dsaWithSHA1			1L,2L,840L,10040L,4L,3L
-
-#define NID_md5_sha1			114
-#define SN_md5_sha1			"MD5-SHA1"
-#define LN_md5_sha1			"md5-sha1"
-
-#define SN_sha1WithRSA			"RSA-SHA1-2"
-#define LN_sha1WithRSA			"sha1WithRSA"
-#define NID_sha1WithRSA			115
-#define OBJ_sha1WithRSA			OBJ_algorithm,29L
-
-#define SN_dsa				"DSA"
-#define LN_dsa				"dsaEncryption"
-#define NID_dsa				116
-#define OBJ_dsa				1L,2L,840L,10040L,4L,1L
-
-#define SN_ripemd160			"RIPEMD160"
-#define LN_ripemd160			"ripemd160"
-#define NID_ripemd160			117
-#define OBJ_ripemd160			1L,3L,36L,3L,2L,1L
-
-/* The name should actually be rsaSignatureWithripemd160, but I'm going
- * to continue using the convention I'm using with the other ciphers */
-#define SN_ripemd160WithRSA		"RSA-RIPEMD160"
-#define LN_ripemd160WithRSA		"ripemd160WithRSA"
-#define NID_ripemd160WithRSA		119
-#define OBJ_ripemd160WithRSA		1L,3L,36L,3L,3L,1L,2L
-
-/* Taken from rfc2040
- *  RC5_CBC_Parameters ::= SEQUENCE {
- *	version           INTEGER (v1_0(16)),
- *	rounds            INTEGER (8..127),
- *	blockSizeInBits   INTEGER (64, 128),
- *	iv                OCTET STRING OPTIONAL
- *	}
- */
-#define SN_rc5_cbc			"RC5-CBC"
-#define LN_rc5_cbc			"rc5-cbc"
-#define NID_rc5_cbc			120
-#define OBJ_rc5_cbc			OBJ_rsadsi,3L,8L
-
-#define SN_rc5_ecb			"RC5-ECB"
-#define LN_rc5_ecb			"rc5-ecb"
-#define NID_rc5_ecb			121
-
-#define SN_rc5_cfb64			"RC5-CFB"
-#define LN_rc5_cfb64			"rc5-cfb"
-#define NID_rc5_cfb64			122
-
-#define SN_rc5_ofb64			"RC5-OFB"
-#define LN_rc5_ofb64			"rc5-ofb"
-#define NID_rc5_ofb64			123
-
-#define SN_rle_compression		"RLE"
-#define LN_rle_compression		"run length compression"
-#define NID_rle_compression		124
-#define OBJ_rle_compression		1L,1L,1L,1L,666L,1L
-
-#define SN_zlib_compression		"ZLIB"
-#define LN_zlib_compression		"zlib compression"
-#define NID_zlib_compression		125
-#define OBJ_zlib_compression		1L,1L,1L,1L,666L,2L
-
-#define SN_ext_key_usage		"extendedKeyUsage"
-#define LN_ext_key_usage		"X509v3 Extended Key Usage"
-#define NID_ext_key_usage		126
-#define OBJ_ext_key_usage		OBJ_id_ce,37
-
-#define SN_id_pkix			"PKIX"
-#define NID_id_pkix			127
-#define OBJ_id_pkix			1L,3L,6L,1L,5L,5L,7L
-
-#define SN_id_kp			"id-kp"
-#define NID_id_kp			128
-#define OBJ_id_kp			OBJ_id_pkix,3L
-
-/* PKIX extended key usage OIDs */
-
-#define SN_server_auth			"serverAuth"
-#define LN_server_auth			"TLS Web Server Authentication"
-#define NID_server_auth			129
-#define OBJ_server_auth			OBJ_id_kp,1L
-
-#define SN_client_auth			"clientAuth"
-#define LN_client_auth			"TLS Web Client Authentication"
-#define NID_client_auth			130
-#define OBJ_client_auth			OBJ_id_kp,2L
-
-#define SN_code_sign			"codeSigning"
-#define LN_code_sign			"Code Signing"
-#define NID_code_sign			131
-#define OBJ_code_sign			OBJ_id_kp,3L
-
-#define SN_email_protect		"emailProtection"
-#define LN_email_protect		"E-mail Protection"
-#define NID_email_protect		132
-#define OBJ_email_protect		OBJ_id_kp,4L
-
-#define SN_time_stamp			"timeStamping"
-#define LN_time_stamp			"Time Stamping"
-#define NID_time_stamp			133
-#define OBJ_time_stamp			OBJ_id_kp,8L
-
-/* Additional extended key usage OIDs: Microsoft */
-
-#define SN_ms_code_ind			"msCodeInd"
-#define LN_ms_code_ind			"Microsoft Individual Code Signing"
-#define NID_ms_code_ind			134
-#define OBJ_ms_code_ind			1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
-
-#define SN_ms_code_com			"msCodeCom"
-#define LN_ms_code_com			"Microsoft Commercial Code Signing"
-#define NID_ms_code_com			135
-#define OBJ_ms_code_com			1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
-
-#define SN_ms_ctl_sign			"msCTLSign"
-#define LN_ms_ctl_sign			"Microsoft Trust List Signing"
-#define NID_ms_ctl_sign			136
-#define OBJ_ms_ctl_sign			1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
-
-#define SN_ms_sgc			"msSGC"
-#define LN_ms_sgc			"Microsoft Server Gated Crypto"
-#define NID_ms_sgc			137
-#define OBJ_ms_sgc			1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
-
-#define SN_ms_efs			"msEFS"
-#define LN_ms_efs			"Microsoft Encrypted File System"
-#define NID_ms_efs			138
-#define OBJ_ms_efs			1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
-
-/* Additional usage: Netscape */
-
-#define SN_ns_sgc			"nsSGC"
-#define LN_ns_sgc			"Netscape Server Gated Crypto"
-#define NID_ns_sgc			139
-#define OBJ_ns_sgc			OBJ_netscape,4L,1L
-
-#define SN_delta_crl			"deltaCRL"
-#define LN_delta_crl			"X509v3 Delta CRL Indicator"
-#define NID_delta_crl			140
-#define OBJ_delta_crl			OBJ_id_ce,27L
-
-#define SN_crl_reason			"CRLReason"
-#define LN_crl_reason			"CRL Reason Code"
-#define NID_crl_reason			141
-#define OBJ_crl_reason			OBJ_id_ce,21L
-
-#define SN_invalidity_date		"invalidityDate"
-#define LN_invalidity_date		"Invalidity Date"
-#define NID_invalidity_date		142
-#define OBJ_invalidity_date		OBJ_id_ce,24L
-
-#define SN_sxnet			"SXNetID"
-#define LN_sxnet			"Strong Extranet ID"
-#define NID_sxnet			143
-#define OBJ_sxnet			1L,3L,101L,1L,4L,1L
-
-/* PKCS12 and related OBJECT IDENTIFIERS */
-
-#define OBJ_pkcs12			OBJ_pkcs,12L
-#define OBJ_pkcs12_pbeids		OBJ_pkcs12, 1
-
-#define SN_pbe_WithSHA1And128BitRC4	"PBE-SHA1-RC4-128"
-#define LN_pbe_WithSHA1And128BitRC4	"pbeWithSHA1And128BitRC4"
-#define NID_pbe_WithSHA1And128BitRC4	144
-#define OBJ_pbe_WithSHA1And128BitRC4	OBJ_pkcs12_pbeids, 1L
-
-#define SN_pbe_WithSHA1And40BitRC4	"PBE-SHA1-RC4-40"
-#define LN_pbe_WithSHA1And40BitRC4	"pbeWithSHA1And40BitRC4"
-#define NID_pbe_WithSHA1And40BitRC4	145
-#define OBJ_pbe_WithSHA1And40BitRC4	OBJ_pkcs12_pbeids, 2L
-
-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC	"PBE-SHA1-3DES"
-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC	"pbeWithSHA1And3-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC	146
-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 3L
-
-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC	"PBE-SHA1-2DES"
-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC	"pbeWithSHA1And2-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC	147
-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 4L
-
-#define SN_pbe_WithSHA1And128BitRC2_CBC		"PBE-SHA1-RC2-128"
-#define LN_pbe_WithSHA1And128BitRC2_CBC		"pbeWithSHA1And128BitRC2-CBC"
-#define NID_pbe_WithSHA1And128BitRC2_CBC	148
-#define OBJ_pbe_WithSHA1And128BitRC2_CBC	OBJ_pkcs12_pbeids, 5L
-
-#define SN_pbe_WithSHA1And40BitRC2_CBC	"PBE-SHA1-RC2-40"
-#define LN_pbe_WithSHA1And40BitRC2_CBC	"pbeWithSHA1And40BitRC2-CBC"
-#define NID_pbe_WithSHA1And40BitRC2_CBC	149
-#define OBJ_pbe_WithSHA1And40BitRC2_CBC	OBJ_pkcs12_pbeids, 6L
-
-#define OBJ_pkcs12_Version1	OBJ_pkcs12, 10L
-
-#define OBJ_pkcs12_BagIds	OBJ_pkcs12_Version1, 1L
-
-#define LN_keyBag		"keyBag"
-#define NID_keyBag		150
-#define OBJ_keyBag		OBJ_pkcs12_BagIds, 1L
-
-#define LN_pkcs8ShroudedKeyBag	"pkcs8ShroudedKeyBag"
-#define NID_pkcs8ShroudedKeyBag	151
-#define OBJ_pkcs8ShroudedKeyBag	OBJ_pkcs12_BagIds, 2L
-
-#define LN_certBag		"certBag"
-#define NID_certBag		152
-#define OBJ_certBag		OBJ_pkcs12_BagIds, 3L
-
-#define LN_crlBag		"crlBag"
-#define NID_crlBag		153
-#define OBJ_crlBag		OBJ_pkcs12_BagIds, 4L
-
-#define LN_secretBag		"secretBag"
-#define NID_secretBag		154
-#define OBJ_secretBag		OBJ_pkcs12_BagIds, 5L
-
-#define LN_safeContentsBag	"safeContentsBag"
-#define NID_safeContentsBag	155
-#define OBJ_safeContentsBag	OBJ_pkcs12_BagIds, 6L
-
-#define LN_friendlyName		"friendlyName"
-#define	NID_friendlyName	156
-#define OBJ_friendlyName	OBJ_pkcs9, 20L
-
-#define LN_localKeyID		"localKeyID"
-#define	NID_localKeyID		157
-#define OBJ_localKeyID		OBJ_pkcs9, 21L
-
-#define OBJ_certTypes		OBJ_pkcs9, 22L
-
-#define LN_x509Certificate	"x509Certificate"
-#define	NID_x509Certificate	158
-#define OBJ_x509Certificate	OBJ_certTypes, 1L
-
-#define LN_sdsiCertificate	"sdsiCertificate"
-#define	NID_sdsiCertificate	159
-#define OBJ_sdsiCertificate	OBJ_certTypes, 2L
-
-#define OBJ_crlTypes		OBJ_pkcs9, 23L
-
-#define LN_x509Crl		"x509Crl"
-#define	NID_x509Crl		160
-#define OBJ_x509Crl		OBJ_crlTypes, 1L
-
-/* PKCS#5 v2 OIDs */
-
-#define LN_pbes2		"PBES2"
-#define NID_pbes2		161
-#define OBJ_pbes2		OBJ_pkcs,5L,13L
-
-#define LN_pbmac1		"PBMAC1"
-#define NID_pbmac1		162
-#define OBJ_pbmac1		OBJ_pkcs,5L,14L
-
-#define LN_hmacWithSHA1		"hmacWithSHA1"
-#define NID_hmacWithSHA1	163
-#define OBJ_hmacWithSHA1	OBJ_rsadsi,2L,7L
-
-/* Policy Qualifier Ids */
-
-#define LN_id_qt_cps		"Policy Qualifier CPS"
-#define SN_id_qt_cps		"id-qt-cps"
-#define NID_id_qt_cps		164
-#define OBJ_id_qt_cps		OBJ_id_pkix,2L,1L
-
-#define LN_id_qt_unotice	"Policy Qualifier User Notice"
-#define SN_id_qt_unotice	"id-qt-unotice"
-#define NID_id_qt_unotice	165
-#define OBJ_id_qt_unotice	OBJ_id_pkix,2L,2L
-
-#define SN_rc2_64_cbc			"RC2-64-CBC"
-#define LN_rc2_64_cbc			"rc2-64-cbc"
-#define NID_rc2_64_cbc			166
-
-#define SN_SMIMECapabilities		"SMIME-CAPS"
-#define LN_SMIMECapabilities		"S/MIME Capabilities"
-#define NID_SMIMECapabilities		167
-#define OBJ_SMIMECapabilities		OBJ_pkcs9,15L
-
-#define SN_pbeWithMD2AndRC2_CBC		"PBE-MD2-RC2-64"
-#define LN_pbeWithMD2AndRC2_CBC		"pbeWithMD2AndRC2-CBC"
-#define NID_pbeWithMD2AndRC2_CBC	168
-#define OBJ_pbeWithMD2AndRC2_CBC	OBJ_pkcs,5L,4L
-
-#define SN_pbeWithMD5AndRC2_CBC		"PBE-MD5-RC2-64"
-#define LN_pbeWithMD5AndRC2_CBC		"pbeWithMD5AndRC2-CBC"
-#define NID_pbeWithMD5AndRC2_CBC	169
-#define OBJ_pbeWithMD5AndRC2_CBC	OBJ_pkcs,5L,6L
-
-#define SN_pbeWithSHA1AndDES_CBC	"PBE-SHA1-DES"
-#define LN_pbeWithSHA1AndDES_CBC	"pbeWithSHA1AndDES-CBC"
-#define NID_pbeWithSHA1AndDES_CBC	170
-#define OBJ_pbeWithSHA1AndDES_CBC	OBJ_pkcs,5L,10L
-
-/* Extension request OIDs */
-
-#define LN_ms_ext_req			"Microsoft Extension Request"
-#define SN_ms_ext_req			"msExtReq"
-#define NID_ms_ext_req			171
-#define OBJ_ms_ext_req			1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
-
-#define LN_ext_req			"Extension Request"
-#define SN_ext_req			"extReq"
-#define NID_ext_req			172
-#define OBJ_ext_req			OBJ_pkcs9,14L
-
-#define SN_name				"name"
-#define LN_name				"name"
-#define NID_name			173
-#define OBJ_name			OBJ_X509,41L
-
-#define SN_dnQualifier			"dnQualifier"
-#define LN_dnQualifier			"dnQualifier"
-#define NID_dnQualifier			174
-#define OBJ_dnQualifier			OBJ_X509,46L
-
-#define SN_id_pe			"id-pe"
-#define NID_id_pe			175
-#define OBJ_id_pe			OBJ_id_pkix,1L
-
-#define SN_id_ad			"id-ad"
-#define NID_id_ad			176
-#define OBJ_id_ad			OBJ_id_pkix,48L
-
-#define SN_info_access			"authorityInfoAccess"
-#define LN_info_access			"Authority Information Access"
-#define NID_info_access			177
-#define OBJ_info_access			OBJ_id_pe,1L
-
-#define SN_ad_OCSP			"OCSP"
-#define LN_ad_OCSP			"OCSP"
-#define NID_ad_OCSP			178
-#define OBJ_ad_OCSP			OBJ_id_ad,1L
-
-#define SN_ad_ca_issuers		"caIssuers"
-#define LN_ad_ca_issuers		"CA Issuers"
-#define NID_ad_ca_issuers		179
-#define OBJ_ad_ca_issuers		OBJ_id_ad,2L
-
-#define SN_OCSP_sign			"OCSPSigning"
-#define LN_OCSP_sign			"OCSP Signing"
-#define NID_OCSP_sign			180
-#define OBJ_OCSP_sign			OBJ_id_kp,9L
-#endif /* USE_OBJ_MAC */
-
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-
-#define	OBJ_NAME_TYPE_UNDEF		0x00
-#define	OBJ_NAME_TYPE_MD_METH		0x01
-#define	OBJ_NAME_TYPE_CIPHER_METH	0x02
-#define	OBJ_NAME_TYPE_PKEY_METH		0x03
-#define	OBJ_NAME_TYPE_COMP_METH		0x04
-#define	OBJ_NAME_TYPE_NUM		0x05
-
-#define	OBJ_NAME_ALIAS			0x8000
-
-#define OBJ_BSEARCH_VALUE_ON_NOMATCH		0x01
-#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH	0x02
-
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct obj_name_st
-	{
-	int type;
-	int alias;
-	const char *name;
-	const char *data;
-	} OBJ_NAME;
-
-#define		OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
-
-
-int OBJ_NAME_init(void);
-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
-		       int (*cmp_func)(const char *, const char *),
-		       void (*free_func)(const char *, int, const char *));
-const char *OBJ_NAME_get(const char *name,int type);
-int OBJ_NAME_add(const char *name,int type,const char *data);
-int OBJ_NAME_remove(const char *name,int type);
-void OBJ_NAME_cleanup(int type); /* -1 for everything */
-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),
-		     void *arg);
-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
-			    void *arg);
-
-ASN1_OBJECT *	OBJ_dup(const ASN1_OBJECT *o);
-ASN1_OBJECT *	OBJ_nid2obj(int n);
-const char *	OBJ_nid2ln(int n);
-const char *	OBJ_nid2sn(int n);
-int		OBJ_obj2nid(const ASN1_OBJECT *o);
-ASN1_OBJECT *	OBJ_txt2obj(const char *s, int no_name);
-int	OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
-int		OBJ_txt2nid(const char *s);
-int		OBJ_ln2nid(const char *s);
-int		OBJ_sn2nid(const char *s);
-int		OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
-const void *	OBJ_bsearch_(const void *key,const void *base,int num,int size,
-			     int (*cmp)(const void *, const void *));
-const void *	OBJ_bsearch_ex_(const void *key,const void *base,int num,
-				int size,
-				int (*cmp)(const void *, const void *),
-				int flags);
-
-#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)	\
-  static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
-  static int nm##_cmp(type1 const *, type2 const *); \
-  scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
-
-#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)	\
-  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
-#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)	\
-  type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
-
-/*
- * Unsolved problem: if a type is actually a pointer type, like
- * nid_triple is, then its impossible to get a const where you need
- * it. Consider:
- *
- * typedef int nid_triple[3];
- * const void *a_;
- * const nid_triple const *a = a_;
- *
- * The assignement discards a const because what you really want is:
- *
- * const int const * const *a = a_;
- *
- * But if you do that, you lose the fact that a is an array of 3 ints,
- * which breaks comparison functions.
- *
- * Thus we end up having to cast, sadly, or unpack the
- * declarations. Or, as I finally did in this case, delcare nid_triple
- * to be a struct, which it should have been in the first place.
- *
- * Ben, August 2008.
- *
- * Also, strictly speaking not all types need be const, but handling
- * the non-constness means a lot of complication, and in practice
- * comparison routines do always not touch their arguments.
- */
-
-#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm)	\
-  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)	\
-      { \
-      type1 const *a = a_; \
-      type2 const *b = b_; \
-      return nm##_cmp(a,b); \
-      } \
-  static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
-      { \
-      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
-					nm##_cmp_BSEARCH_CMP_FN); \
-      } \
-      extern void dummy_prototype(void)
-
-#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)	\
-  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)	\
-      { \
-      type1 const *a = a_; \
-      type2 const *b = b_; \
-      return nm##_cmp(a,b); \
-      } \
-  type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
-      { \
-      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
-					nm##_cmp_BSEARCH_CMP_FN); \
-      } \
-      extern void dummy_prototype(void)
-
-#define OBJ_bsearch(type1,key,type2,base,num,cmp)			       \
-  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
-			 num,sizeof(type2),				\
-			 ((void)CHECKED_PTR_OF(type1,cmp##_type_1),	\
-			  (void)CHECKED_PTR_OF(type2,cmp##_type_2),	\
-			  cmp##_BSEARCH_CMP_FN)))
-
-#define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags)			\
-  ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
-			 num,sizeof(type2),				\
-			 ((void)CHECKED_PTR_OF(type1,cmp##_type_1),	\
-			  (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
-			  cmp##_BSEARCH_CMP_FN)),flags)
-
-int		OBJ_new_nid(int num);
-int		OBJ_add_object(const ASN1_OBJECT *obj);
-int		OBJ_create(const char *oid,const char *sn,const char *ln);
-void		OBJ_cleanup(void );
-int		OBJ_create_objects(BIO *in);
-
-int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
-int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
-int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
-void OBJ_sigid_free(void);
-
-extern int obj_cleanup_defer;
-void check_defer(int nid);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_OBJ_strings(void);
-
-/* Error codes for the OBJ functions. */
-
-/* Function codes. */
-#define OBJ_F_OBJ_ADD_OBJECT				 105
-#define OBJ_F_OBJ_CREATE				 100
-#define OBJ_F_OBJ_DUP					 101
-#define OBJ_F_OBJ_NAME_NEW_INDEX			 106
-#define OBJ_F_OBJ_NID2LN				 102
-#define OBJ_F_OBJ_NID2OBJ				 103
-#define OBJ_F_OBJ_NID2SN				 104
-
-/* Reason codes. */
-#define OBJ_R_MALLOC_FAILURE				 100
-#define OBJ_R_UNKNOWN_NID				 101
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl
deleted file mode 100644
index 15c00bbd52..0000000000
--- a/crypto/objects/objects.pl
+++ /dev/null
@@ -1,232 +0,0 @@
-#!/usr/local/bin/perl
-
-open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]";
-$max_nid=0;
-$o=0;
-while(<NUMIN>)
-	{
-	chop;
-	$o++;
-	s/#.*$//;
-	next if /^\s*$/;
-	$_ = 'X'.$_;
-	($Cname,$mynum) = split;
-	$Cname =~ s/^X//;
-	if (defined($nidn{$mynum}))
-		{ die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }
-	if (defined($nid{$Cname}))
-		{ die "$ARGV[1]:$o:There's already an object with name ",$Cname," on line ",$order{$nid{$Cname}},"\n"; }
-	$nid{$Cname} = $mynum;
-	$nidn{$mynum} = $Cname;
-	$order{$mynum} = $o;
-	$max_nid = $mynum if $mynum > $max_nid;
-	}
-close NUMIN;
-
-open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
-$Cname="";
-$o=0;
-while (<IN>)
-	{
-	chop;
-	$o++;
-        if (/^!module\s+(.*)$/)
-		{
-		$module = $1."-";
-		$module =~ s/\./_/g;
-		$module =~ s/-/_/g;
-		}
-        if (/^!global$/)
-		{ $module = ""; }
-	if (/^!Cname\s+(.*)$/)
-		{ $Cname = $1; }
-	if (/^!Alias\s+(.+?)\s+(.*)$/)
-		{
-		$Cname = $module.$1;
-		$myoid = $2;
-		$myoid = &process_oid($myoid);
-		$Cname =~ s/-/_/g;
-		$ordern{$o} = $Cname;
-		$order{$Cname} = $o;
-		$obj{$Cname} = $myoid;
-		$_ = "";
-		$Cname = "";
-		}
-	s/!.*$//;
-	s/#.*$//;
-	next if /^\s*$/;
-	($myoid,$mysn,$myln) = split ':';
-	$mysn =~ s/^\s*//;
-	$mysn =~ s/\s*$//;
-	$myln =~ s/^\s*//;
-	$myln =~ s/\s*$//;
-	$myoid =~ s/^\s*//;
-	$myoid =~ s/\s*$//;
-	if ($myoid ne "")
-		{
-		$myoid = &process_oid($myoid);
-		}
-
-	if ($Cname eq "" && !($myln =~ / /))
-		{
-		$Cname = $myln;
-		$Cname =~ s/\./_/g;
-		$Cname =~ s/-/_/g;
-		if ($Cname ne "" && defined($ln{$module.$Cname}))
-			{ die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
-		}
-	if ($Cname eq "")
-		{
-		$Cname = $mysn;
-		$Cname =~ s/-/_/g;
-		if ($Cname ne "" && defined($sn{$module.$Cname}))
-			{ die "objects.txt:$o:There's already an object with short name ",$sn{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
-		}
-	if ($Cname eq "")
-		{
-		$Cname = $myln;
-		$Cname =~ s/-/_/g;
-		$Cname =~ s/\./_/g;
-		$Cname =~ s/ /_/g;
-		if ($Cname ne "" && defined($ln{$module.$Cname}))
-			{ die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
-		}
-	$Cname =~ s/\./_/g;
-	$Cname =~ s/-/_/g;
-	$Cname = $module.$Cname;
-	$ordern{$o} = $Cname;
-	$order{$Cname} = $o;
-	$sn{$Cname} = $mysn;
-	$ln{$Cname} = $myln;
-	$obj{$Cname} = $myoid;
-	if (!defined($nid{$Cname}))
-		{
-		$max_nid++;
-		$nid{$Cname} = $max_nid;
-		$nidn{$max_nid} = $Cname;
-print STDERR "Added OID $Cname\n";
-		}
-	$Cname="";
-	}
-close IN;
-
-open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
-foreach (sort { $a <=> $b } keys %nidn)
-	{
-	print NUMOUT $nidn{$_},"\t\t",$_,"\n";
-	}
-close NUMOUT;
-
-open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
-print OUT <<'EOF';
-/* crypto/objects/obj_mac.h */
-
-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
- * following command:
- * perl objects.pl objects.txt obj_mac.num obj_mac.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define SN_undef			"UNDEF"
-#define LN_undef			"undefined"
-#define NID_undef			0
-#define OBJ_undef			0L
-
-EOF
-
-foreach (sort { $a <=> $b } keys %ordern)
-	{
-	$Cname=$ordern{$_};
-	print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne "";
-	print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne "";
-	print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne "";
-	print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne "";
-	print OUT "\n";
-	}
-
-close OUT;
-
-sub process_oid
-	{
-	local($oid)=@_;
-	local(@a,$oid_pref);
-
-	@a = split(/\s+/,$myoid);
-	$pref_oid = "";
-	$pref_sep = "";
-	if (!($a[0] =~ /^[0-9]+$/))
-		{
-		$a[0] =~ s/-/_/g;
-		if (!defined($obj{$a[0]}))
-			{ die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; }
-		$pref_oid = "OBJ_" . $a[0];
-		$pref_sep = ",";
-		shift @a;
-		}
-	$oids = join('L,',@a) . "L";
-	if ($oids ne "L")
-		{
-		$oids = $pref_oid . $pref_sep . $oids;
-		}
-	else
-		{
-		$oids = $pref_oid;
-		}
-	return($oids);
-	}
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
deleted file mode 100644
index d3bfad72a2..0000000000
--- a/crypto/objects/objects.txt
+++ /dev/null
@@ -1,1292 +0,0 @@
-# CCITT was renamed to ITU-T quite some time ago
-0			: ITU-T			: itu-t
-!Alias ccitt itu-t
-
-1			: ISO			: iso
-
-2			: JOINT-ISO-ITU-T	: joint-iso-itu-t
-!Alias joint-iso-ccitt joint-iso-itu-t
-
-iso 2			: member-body		: ISO Member Body
-
-iso 3			: identified-organization
-
-# HMAC OIDs
-identified-organization 6 1 5 5 8 1 1	: HMAC-MD5	: hmac-md5
-identified-organization 6 1 5 5 8 1 2	: HMAC-SHA1	: hmac-sha1
-
-identified-organization 132	: certicom-arc
-
-joint-iso-itu-t 23	: international-organizations	: International Organizations
-
-international-organizations 43	: wap
-wap 1			: wap-wsg
-
-joint-iso-itu-t 5 1 5	: selected-attribute-types	: Selected Attribute Types
-
-selected-attribute-types 55	: clearance
-
-member-body 840		: ISO-US		: ISO US Member Body
-ISO-US 10040		: X9-57			: X9.57
-X9-57 4			: X9cm			: X9.57 CM ?
-
-!Cname dsa
-X9cm 1			: DSA			: dsaEncryption
-X9cm 3			: DSA-SHA1		: dsaWithSHA1
-
-
-ISO-US 10045		: ansi-X9-62		: ANSI X9.62
-!module X9-62
-!Alias id-fieldType ansi-X9-62 1
-X9-62_id-fieldType 1		: prime-field
-X9-62_id-fieldType 2		: characteristic-two-field
-X9-62_characteristic-two-field 3 : id-characteristic-two-basis
-X9-62_id-characteristic-two-basis 1 : onBasis
-X9-62_id-characteristic-two-basis 2 : tpBasis
-X9-62_id-characteristic-two-basis 3 : ppBasis
-!Alias id-publicKeyType ansi-X9-62 2
-X9-62_id-publicKeyType 1	: id-ecPublicKey
-!Alias ellipticCurve ansi-X9-62 3
-!Alias c-TwoCurve X9-62_ellipticCurve 0
-X9-62_c-TwoCurve 1		: c2pnb163v1
-X9-62_c-TwoCurve 2		: c2pnb163v2
-X9-62_c-TwoCurve 3		: c2pnb163v3
-X9-62_c-TwoCurve 4		: c2pnb176v1
-X9-62_c-TwoCurve 5		: c2tnb191v1
-X9-62_c-TwoCurve 6		: c2tnb191v2
-X9-62_c-TwoCurve 7		: c2tnb191v3
-X9-62_c-TwoCurve 8		: c2onb191v4
-X9-62_c-TwoCurve 9		: c2onb191v5
-X9-62_c-TwoCurve 10		: c2pnb208w1
-X9-62_c-TwoCurve 11		: c2tnb239v1
-X9-62_c-TwoCurve 12		: c2tnb239v2
-X9-62_c-TwoCurve 13		: c2tnb239v3
-X9-62_c-TwoCurve 14		: c2onb239v4
-X9-62_c-TwoCurve 15		: c2onb239v5
-X9-62_c-TwoCurve 16		: c2pnb272w1
-X9-62_c-TwoCurve 17		: c2pnb304w1
-X9-62_c-TwoCurve 18		: c2tnb359v1
-X9-62_c-TwoCurve 19		: c2pnb368w1
-X9-62_c-TwoCurve 20		: c2tnb431r1
-!Alias primeCurve X9-62_ellipticCurve 1
-X9-62_primeCurve 1	 	: prime192v1
-X9-62_primeCurve 2	 	: prime192v2
-X9-62_primeCurve 3	 	: prime192v3
-X9-62_primeCurve 4	 	: prime239v1
-X9-62_primeCurve 5	 	: prime239v2
-X9-62_primeCurve 6	 	: prime239v3
-X9-62_primeCurve 7	 	: prime256v1
-!Alias id-ecSigType ansi-X9-62 4
-!global
-X9-62_id-ecSigType 1		: ecdsa-with-SHA1
-X9-62_id-ecSigType 2		: ecdsa-with-Recommended
-X9-62_id-ecSigType 3		: ecdsa-with-Specified
-ecdsa-with-Specified 1		: ecdsa-with-SHA224
-ecdsa-with-Specified 2		: ecdsa-with-SHA256
-ecdsa-with-Specified 3		: ecdsa-with-SHA384
-ecdsa-with-Specified 4		: ecdsa-with-SHA512
-
-# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
-# (http://www.secg.org/)
-!Alias secg_ellipticCurve certicom-arc 0
-# SECG prime curves OIDs
-secg-ellipticCurve 6		: secp112r1
-secg-ellipticCurve 7		: secp112r2
-secg-ellipticCurve 28		: secp128r1
-secg-ellipticCurve 29		: secp128r2
-secg-ellipticCurve 9		: secp160k1
-secg-ellipticCurve 8		: secp160r1
-secg-ellipticCurve 30		: secp160r2
-secg-ellipticCurve 31		: secp192k1
-# NOTE: the curve secp192r1 is the same as prime192v1 defined above
-#       and is therefore omitted
-secg-ellipticCurve 32		: secp224k1
-secg-ellipticCurve 33		: secp224r1
-secg-ellipticCurve 10		: secp256k1
-# NOTE: the curve secp256r1 is the same as prime256v1 defined above
-#       and is therefore omitted
-secg-ellipticCurve 34		: secp384r1
-secg-ellipticCurve 35		: secp521r1
-# SECG characteristic two curves OIDs
-secg-ellipticCurve 4		: sect113r1
-secg-ellipticCurve 5		: sect113r2
-secg-ellipticCurve 22		: sect131r1
-secg-ellipticCurve 23		: sect131r2
-secg-ellipticCurve 1		: sect163k1
-secg-ellipticCurve 2		: sect163r1
-secg-ellipticCurve 15		: sect163r2
-secg-ellipticCurve 24		: sect193r1
-secg-ellipticCurve 25		: sect193r2
-secg-ellipticCurve 26		: sect233k1
-secg-ellipticCurve 27		: sect233r1
-secg-ellipticCurve 3		: sect239k1
-secg-ellipticCurve 16		: sect283k1
-secg-ellipticCurve 17		: sect283r1
-secg-ellipticCurve 36		: sect409k1
-secg-ellipticCurve 37		: sect409r1
-secg-ellipticCurve 38		: sect571k1
-secg-ellipticCurve 39		: sect571r1
-
-# WAP/TLS curve OIDs (http://www.wapforum.org/)
-!Alias wap-wsg-idm-ecid wap-wsg 4
-wap-wsg-idm-ecid 1	: wap-wsg-idm-ecid-wtls1
-wap-wsg-idm-ecid 3	: wap-wsg-idm-ecid-wtls3
-wap-wsg-idm-ecid 4	: wap-wsg-idm-ecid-wtls4
-wap-wsg-idm-ecid 5	: wap-wsg-idm-ecid-wtls5
-wap-wsg-idm-ecid 6	: wap-wsg-idm-ecid-wtls6
-wap-wsg-idm-ecid 7	: wap-wsg-idm-ecid-wtls7
-wap-wsg-idm-ecid 8	: wap-wsg-idm-ecid-wtls8
-wap-wsg-idm-ecid 9	: wap-wsg-idm-ecid-wtls9
-wap-wsg-idm-ecid 10	: wap-wsg-idm-ecid-wtls10
-wap-wsg-idm-ecid 11	: wap-wsg-idm-ecid-wtls11
-wap-wsg-idm-ecid 12	: wap-wsg-idm-ecid-wtls12
-
-
-ISO-US 113533 7 66 10	: CAST5-CBC		: cast5-cbc
-			: CAST5-ECB		: cast5-ecb
-!Cname cast5-cfb64
-			: CAST5-CFB		: cast5-cfb
-!Cname cast5-ofb64
-			: CAST5-OFB		: cast5-ofb
-!Cname pbeWithMD5AndCast5-CBC
-ISO-US 113533 7 66 12	:			: pbeWithMD5AndCast5CBC
-
-# Macs for CMP and CRMF
-ISO-US 113533 7 66 13	: id-PasswordBasedMAC	: password based MAC
-ISO-US 113533 7 66 30	: id-DHBasedMac		: Diffie-Hellman based MAC
-
-ISO-US 113549		: rsadsi		: RSA Data Security, Inc.
-
-rsadsi 1		: pkcs			: RSA Data Security, Inc. PKCS
-
-pkcs 1			: pkcs1
-pkcs1 1			:			: rsaEncryption
-pkcs1 2			: RSA-MD2		: md2WithRSAEncryption
-pkcs1 3			: RSA-MD4		: md4WithRSAEncryption
-pkcs1 4			: RSA-MD5		: md5WithRSAEncryption
-pkcs1 5			: RSA-SHA1		: sha1WithRSAEncryption
-# According to PKCS #1 version 2.1
-pkcs1 7			: RSAES-OAEP		: rsaesOaep
-pkcs1 8			: MGF1			: mgf1
-pkcs1 10		: RSASSA-PSS		: rsassaPss
-
-pkcs1 11		: RSA-SHA256		: sha256WithRSAEncryption
-pkcs1 12		: RSA-SHA384		: sha384WithRSAEncryption
-pkcs1 13		: RSA-SHA512		: sha512WithRSAEncryption
-pkcs1 14		: RSA-SHA224		: sha224WithRSAEncryption
-
-pkcs 3			: pkcs3
-pkcs3 1			:			: dhKeyAgreement
-
-pkcs 5			: pkcs5
-pkcs5 1			: PBE-MD2-DES		: pbeWithMD2AndDES-CBC
-pkcs5 3			: PBE-MD5-DES		: pbeWithMD5AndDES-CBC
-pkcs5 4			: PBE-MD2-RC2-64	: pbeWithMD2AndRC2-CBC
-pkcs5 6			: PBE-MD5-RC2-64	: pbeWithMD5AndRC2-CBC
-pkcs5 10		: PBE-SHA1-DES		: pbeWithSHA1AndDES-CBC
-pkcs5 11		: PBE-SHA1-RC2-64	: pbeWithSHA1AndRC2-CBC
-!Cname id_pbkdf2
-pkcs5 12		:			: PBKDF2
-!Cname pbes2
-pkcs5 13		:			: PBES2
-!Cname pbmac1
-pkcs5 14		:			: PBMAC1
-
-pkcs 7			: pkcs7
-pkcs7 1			:			: pkcs7-data
-!Cname pkcs7-signed
-pkcs7 2			:			: pkcs7-signedData
-!Cname pkcs7-enveloped
-pkcs7 3			:			: pkcs7-envelopedData
-!Cname pkcs7-signedAndEnveloped
-pkcs7 4			:			: pkcs7-signedAndEnvelopedData
-!Cname pkcs7-digest
-pkcs7 5			:			: pkcs7-digestData
-!Cname pkcs7-encrypted
-pkcs7 6			:			: pkcs7-encryptedData
-
-pkcs 9			: pkcs9
-!module pkcs9
-pkcs9 1			: 			: emailAddress
-pkcs9 2			:			: unstructuredName
-pkcs9 3			:			: contentType
-pkcs9 4			:			: messageDigest
-pkcs9 5			:			: signingTime
-pkcs9 6			:			: countersignature
-pkcs9 7			:			: challengePassword
-pkcs9 8			:			: unstructuredAddress
-!Cname extCertAttributes
-pkcs9 9			:			: extendedCertificateAttributes
-!global
-
-!Cname ext-req
-pkcs9 14		: extReq		: Extension Request
-
-!Cname SMIMECapabilities
-pkcs9 15		: SMIME-CAPS		: S/MIME Capabilities
-
-# S/MIME
-!Cname SMIME
-pkcs9 16		: SMIME			: S/MIME
-SMIME 0			: id-smime-mod
-SMIME 1			: id-smime-ct
-SMIME 2			: id-smime-aa
-SMIME 3			: id-smime-alg
-SMIME 4			: id-smime-cd
-SMIME 5			: id-smime-spq
-SMIME 6			: id-smime-cti
-
-# S/MIME Modules
-id-smime-mod 1		: id-smime-mod-cms
-id-smime-mod 2		: id-smime-mod-ess
-id-smime-mod 3		: id-smime-mod-oid
-id-smime-mod 4		: id-smime-mod-msg-v3
-id-smime-mod 5		: id-smime-mod-ets-eSignature-88
-id-smime-mod 6		: id-smime-mod-ets-eSignature-97
-id-smime-mod 7		: id-smime-mod-ets-eSigPolicy-88
-id-smime-mod 8		: id-smime-mod-ets-eSigPolicy-97
-
-# S/MIME Content Types
-id-smime-ct 1		: id-smime-ct-receipt
-id-smime-ct 2		: id-smime-ct-authData
-id-smime-ct 3		: id-smime-ct-publishCert
-id-smime-ct 4		: id-smime-ct-TSTInfo
-id-smime-ct 5		: id-smime-ct-TDTInfo
-id-smime-ct 6		: id-smime-ct-contentInfo
-id-smime-ct 7		: id-smime-ct-DVCSRequestData
-id-smime-ct 8		: id-smime-ct-DVCSResponseData
-id-smime-ct 9		: id-smime-ct-compressedData
-id-smime-ct 27		: id-ct-asciiTextWithCRLF
-
-# S/MIME Attributes
-id-smime-aa 1		: id-smime-aa-receiptRequest
-id-smime-aa 2		: id-smime-aa-securityLabel
-id-smime-aa 3		: id-smime-aa-mlExpandHistory
-id-smime-aa 4		: id-smime-aa-contentHint
-id-smime-aa 5		: id-smime-aa-msgSigDigest
-# obsolete
-id-smime-aa 6		: id-smime-aa-encapContentType
-id-smime-aa 7		: id-smime-aa-contentIdentifier
-# obsolete
-id-smime-aa 8		: id-smime-aa-macValue
-id-smime-aa 9		: id-smime-aa-equivalentLabels
-id-smime-aa 10		: id-smime-aa-contentReference
-id-smime-aa 11		: id-smime-aa-encrypKeyPref
-id-smime-aa 12		: id-smime-aa-signingCertificate
-id-smime-aa 13		: id-smime-aa-smimeEncryptCerts
-id-smime-aa 14		: id-smime-aa-timeStampToken
-id-smime-aa 15		: id-smime-aa-ets-sigPolicyId
-id-smime-aa 16		: id-smime-aa-ets-commitmentType
-id-smime-aa 17		: id-smime-aa-ets-signerLocation
-id-smime-aa 18		: id-smime-aa-ets-signerAttr
-id-smime-aa 19		: id-smime-aa-ets-otherSigCert
-id-smime-aa 20		: id-smime-aa-ets-contentTimestamp
-id-smime-aa 21		: id-smime-aa-ets-CertificateRefs
-id-smime-aa 22		: id-smime-aa-ets-RevocationRefs
-id-smime-aa 23		: id-smime-aa-ets-certValues
-id-smime-aa 24		: id-smime-aa-ets-revocationValues
-id-smime-aa 25		: id-smime-aa-ets-escTimeStamp
-id-smime-aa 26		: id-smime-aa-ets-certCRLTimestamp
-id-smime-aa 27		: id-smime-aa-ets-archiveTimeStamp
-id-smime-aa 28		: id-smime-aa-signatureType
-id-smime-aa 29		: id-smime-aa-dvcs-dvc
-
-# S/MIME Algorithm Identifiers
-# obsolete
-id-smime-alg 1		: id-smime-alg-ESDHwith3DES
-# obsolete
-id-smime-alg 2		: id-smime-alg-ESDHwithRC2
-# obsolete
-id-smime-alg 3		: id-smime-alg-3DESwrap
-# obsolete
-id-smime-alg 4		: id-smime-alg-RC2wrap
-id-smime-alg 5		: id-smime-alg-ESDH
-id-smime-alg 6		: id-smime-alg-CMS3DESwrap
-id-smime-alg 7		: id-smime-alg-CMSRC2wrap
-id-smime-alg 9		: id-alg-PWRI-KEK
-
-# S/MIME Certificate Distribution
-id-smime-cd 1		: id-smime-cd-ldap
-
-# S/MIME Signature Policy Qualifier
-id-smime-spq 1		: id-smime-spq-ets-sqt-uri
-id-smime-spq 2		: id-smime-spq-ets-sqt-unotice
-
-# S/MIME Commitment Type Identifier
-id-smime-cti 1		: id-smime-cti-ets-proofOfOrigin
-id-smime-cti 2		: id-smime-cti-ets-proofOfReceipt
-id-smime-cti 3		: id-smime-cti-ets-proofOfDelivery
-id-smime-cti 4		: id-smime-cti-ets-proofOfSender
-id-smime-cti 5		: id-smime-cti-ets-proofOfApproval
-id-smime-cti 6		: id-smime-cti-ets-proofOfCreation
-
-pkcs9 20		:			: friendlyName
-pkcs9 21		:			: localKeyID
-!Cname ms-csp-name
-1 3 6 1 4 1 311 17 1	: CSPName		: Microsoft CSP Name
-1 3 6 1 4 1 311 17 2	: LocalKeySet		: Microsoft Local Key set
-!Alias certTypes pkcs9 22
-certTypes 1		:			: x509Certificate
-certTypes 2		:			: sdsiCertificate
-!Alias crlTypes pkcs9 23
-crlTypes 1		:			: x509Crl
-
-!Alias pkcs12 pkcs 12
-!Alias pkcs12-pbeids pkcs12 1
-
-!Cname pbe-WithSHA1And128BitRC4
-pkcs12-pbeids 1		: PBE-SHA1-RC4-128	: pbeWithSHA1And128BitRC4
-!Cname pbe-WithSHA1And40BitRC4
-pkcs12-pbeids 2		: PBE-SHA1-RC4-40	: pbeWithSHA1And40BitRC4
-!Cname pbe-WithSHA1And3_Key_TripleDES-CBC
-pkcs12-pbeids 3		: PBE-SHA1-3DES		: pbeWithSHA1And3-KeyTripleDES-CBC
-!Cname pbe-WithSHA1And2_Key_TripleDES-CBC
-pkcs12-pbeids 4		: PBE-SHA1-2DES		: pbeWithSHA1And2-KeyTripleDES-CBC
-!Cname pbe-WithSHA1And128BitRC2-CBC
-pkcs12-pbeids 5		: PBE-SHA1-RC2-128	: pbeWithSHA1And128BitRC2-CBC
-!Cname pbe-WithSHA1And40BitRC2-CBC
-pkcs12-pbeids 6		: PBE-SHA1-RC2-40	: pbeWithSHA1And40BitRC2-CBC
-
-!Alias pkcs12-Version1 pkcs12 10
-!Alias pkcs12-BagIds pkcs12-Version1 1
-pkcs12-BagIds 1		:			: keyBag
-pkcs12-BagIds 2		:			: pkcs8ShroudedKeyBag
-pkcs12-BagIds 3		:			: certBag
-pkcs12-BagIds 4		:			: crlBag
-pkcs12-BagIds 5		:			: secretBag
-pkcs12-BagIds 6		:			: safeContentsBag
-
-rsadsi 2 2		: MD2			: md2
-rsadsi 2 4		: MD4			: md4
-rsadsi 2 5		: MD5			: md5
-			: MD5-SHA1		: md5-sha1
-rsadsi 2 6		:			: hmacWithMD5
-rsadsi 2 7		:			: hmacWithSHA1
-
-# From RFC4231
-rsadsi 2 8		:			: hmacWithSHA224
-rsadsi 2 9		:			: hmacWithSHA256
-rsadsi 2 10		:			: hmacWithSHA384
-rsadsi 2 11		:			: hmacWithSHA512
-
-rsadsi 3 2		: RC2-CBC		: rc2-cbc
-			: RC2-ECB		: rc2-ecb
-!Cname rc2-cfb64
-			: RC2-CFB		: rc2-cfb
-!Cname rc2-ofb64
-			: RC2-OFB		: rc2-ofb
-			: RC2-40-CBC		: rc2-40-cbc
-			: RC2-64-CBC		: rc2-64-cbc
-rsadsi 3 4		: RC4			: rc4
-			: RC4-40		: rc4-40
-rsadsi 3 7		: DES-EDE3-CBC		: des-ede3-cbc
-rsadsi 3 8		: RC5-CBC		: rc5-cbc
-			: RC5-ECB		: rc5-ecb
-!Cname rc5-cfb64
-			: RC5-CFB		: rc5-cfb
-!Cname rc5-ofb64
-			: RC5-OFB		: rc5-ofb
-
-!Cname ms-ext-req
-1 3 6 1 4 1 311 2 1 14	: msExtReq		: Microsoft Extension Request
-!Cname ms-code-ind
-1 3 6 1 4 1 311 2 1 21	: msCodeInd		: Microsoft Individual Code Signing
-!Cname ms-code-com
-1 3 6 1 4 1 311 2 1 22	: msCodeCom		: Microsoft Commercial Code Signing
-!Cname ms-ctl-sign
-1 3 6 1 4 1 311 10 3 1	: msCTLSign		: Microsoft Trust List Signing
-!Cname ms-sgc
-1 3 6 1 4 1 311 10 3 3	: msSGC			: Microsoft Server Gated Crypto
-!Cname ms-efs
-1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System
-!Cname ms-smartcard-login
-1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcardlogin
-!Cname ms-upn
-1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft Universal Principal Name
-
-1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
-			: IDEA-ECB		: idea-ecb
-!Cname idea-cfb64
-			: IDEA-CFB		: idea-cfb
-!Cname idea-ofb64
-			: IDEA-OFB		: idea-ofb
-
-1 3 6 1 4 1 3029 1 2	: BF-CBC		: bf-cbc
-			: BF-ECB		: bf-ecb
-!Cname bf-cfb64
-			: BF-CFB		: bf-cfb
-!Cname bf-ofb64
-			: BF-OFB		: bf-ofb
-
-!Cname id-pkix
-1 3 6 1 5 5 7		: PKIX
-
-# PKIX Arcs
-id-pkix 0		: id-pkix-mod
-id-pkix 1		: id-pe
-id-pkix 2		: id-qt
-id-pkix 3		: id-kp
-id-pkix 4		: id-it
-id-pkix 5		: id-pkip
-id-pkix 6		: id-alg
-id-pkix 7		: id-cmc
-id-pkix 8		: id-on
-id-pkix 9		: id-pda
-id-pkix 10		: id-aca
-id-pkix 11		: id-qcs
-id-pkix 12		: id-cct
-id-pkix 21		: id-ppl
-id-pkix 48		: id-ad
-
-# PKIX Modules
-id-pkix-mod 1		: id-pkix1-explicit-88
-id-pkix-mod 2		: id-pkix1-implicit-88
-id-pkix-mod 3		: id-pkix1-explicit-93
-id-pkix-mod 4		: id-pkix1-implicit-93
-id-pkix-mod 5		: id-mod-crmf
-id-pkix-mod 6		: id-mod-cmc
-id-pkix-mod 7		: id-mod-kea-profile-88
-id-pkix-mod 8		: id-mod-kea-profile-93
-id-pkix-mod 9		: id-mod-cmp
-id-pkix-mod 10		: id-mod-qualified-cert-88
-id-pkix-mod 11		: id-mod-qualified-cert-93
-id-pkix-mod 12		: id-mod-attribute-cert
-id-pkix-mod 13		: id-mod-timestamp-protocol
-id-pkix-mod 14		: id-mod-ocsp
-id-pkix-mod 15		: id-mod-dvcs
-id-pkix-mod 16		: id-mod-cmp2000
-
-# PKIX Private Extensions
-!Cname info-access
-id-pe 1			: authorityInfoAccess	: Authority Information Access
-id-pe 2			: biometricInfo		: Biometric Info
-id-pe 3			: qcStatements
-id-pe 4			: ac-auditEntity
-id-pe 5			: ac-targeting
-id-pe 6			: aaControls
-id-pe 7			: sbgp-ipAddrBlock
-id-pe 8			: sbgp-autonomousSysNum
-id-pe 9			: sbgp-routerIdentifier
-id-pe 10		: ac-proxying
-!Cname sinfo-access
-id-pe 11		: subjectInfoAccess	: Subject Information Access
-id-pe 14		: proxyCertInfo		: Proxy Certificate Information
-
-# PKIX policyQualifiers for Internet policy qualifiers
-id-qt 1			: id-qt-cps		: Policy Qualifier CPS
-id-qt 2			: id-qt-unotice		: Policy Qualifier User Notice
-id-qt 3			: textNotice
-
-# PKIX key purpose identifiers
-!Cname server-auth
-id-kp 1			: serverAuth		: TLS Web Server Authentication
-!Cname client-auth
-id-kp 2			: clientAuth		: TLS Web Client Authentication
-!Cname code-sign
-id-kp 3			: codeSigning		: Code Signing
-!Cname email-protect
-id-kp 4			: emailProtection	: E-mail Protection
-id-kp 5			: ipsecEndSystem	: IPSec End System
-id-kp 6			: ipsecTunnel		: IPSec Tunnel
-id-kp 7			: ipsecUser		: IPSec User
-!Cname time-stamp
-id-kp 8			: timeStamping		: Time Stamping
-# From OCSP spec RFC2560
-!Cname OCSP-sign
-id-kp 9			: OCSPSigning		: OCSP Signing
-id-kp 10		: DVCS			: dvcs
-
-# CMP information types
-id-it 1			: id-it-caProtEncCert
-id-it 2			: id-it-signKeyPairTypes
-id-it 3			: id-it-encKeyPairTypes
-id-it 4			: id-it-preferredSymmAlg
-id-it 5			: id-it-caKeyUpdateInfo
-id-it 6			: id-it-currentCRL
-id-it 7			: id-it-unsupportedOIDs
-# obsolete
-id-it 8			: id-it-subscriptionRequest
-# obsolete
-id-it 9			: id-it-subscriptionResponse
-id-it 10		: id-it-keyPairParamReq
-id-it 11		: id-it-keyPairParamRep
-id-it 12		: id-it-revPassphrase
-id-it 13		: id-it-implicitConfirm
-id-it 14		: id-it-confirmWaitTime
-id-it 15		: id-it-origPKIMessage
-id-it 16		: id-it-suppLangTags
-
-# CRMF registration
-id-pkip 1		: id-regCtrl
-id-pkip 2		: id-regInfo
-
-# CRMF registration controls
-id-regCtrl 1		: id-regCtrl-regToken
-id-regCtrl 2		: id-regCtrl-authenticator
-id-regCtrl 3		: id-regCtrl-pkiPublicationInfo
-id-regCtrl 4		: id-regCtrl-pkiArchiveOptions
-id-regCtrl 5		: id-regCtrl-oldCertID
-id-regCtrl 6		: id-regCtrl-protocolEncrKey
-
-# CRMF registration information
-id-regInfo 1		: id-regInfo-utf8Pairs
-id-regInfo 2		: id-regInfo-certReq
-
-# algorithms
-id-alg 1		: id-alg-des40
-id-alg 2		: id-alg-noSignature
-id-alg 3		: id-alg-dh-sig-hmac-sha1
-id-alg 4		: id-alg-dh-pop
-
-# CMC controls
-id-cmc 1		: id-cmc-statusInfo
-id-cmc 2		: id-cmc-identification
-id-cmc 3		: id-cmc-identityProof
-id-cmc 4		: id-cmc-dataReturn
-id-cmc 5		: id-cmc-transactionId
-id-cmc 6		: id-cmc-senderNonce
-id-cmc 7		: id-cmc-recipientNonce
-id-cmc 8		: id-cmc-addExtensions
-id-cmc 9		: id-cmc-encryptedPOP
-id-cmc 10		: id-cmc-decryptedPOP
-id-cmc 11		: id-cmc-lraPOPWitness
-id-cmc 15		: id-cmc-getCert
-id-cmc 16		: id-cmc-getCRL
-id-cmc 17		: id-cmc-revokeRequest
-id-cmc 18		: id-cmc-regInfo
-id-cmc 19		: id-cmc-responseInfo
-id-cmc 21		: id-cmc-queryPending
-id-cmc 22		: id-cmc-popLinkRandom
-id-cmc 23		: id-cmc-popLinkWitness
-id-cmc 24		: id-cmc-confirmCertAcceptance 
-
-# other names
-id-on 1			: id-on-personalData
-id-on 3			: id-on-permanentIdentifier : Permanent Identifier
-
-# personal data attributes
-id-pda 1		: id-pda-dateOfBirth
-id-pda 2		: id-pda-placeOfBirth
-id-pda 3		: id-pda-gender
-id-pda 4		: id-pda-countryOfCitizenship
-id-pda 5		: id-pda-countryOfResidence
-
-# attribute certificate attributes
-id-aca 1		: id-aca-authenticationInfo
-id-aca 2		: id-aca-accessIdentity
-id-aca 3		: id-aca-chargingIdentity
-id-aca 4		: id-aca-group
-# attention : the following seems to be obsolete, replace by 'role'
-id-aca 5		: id-aca-role
-id-aca 6		: id-aca-encAttrs
-
-# qualified certificate statements
-id-qcs 1		: id-qcs-pkixQCSyntax-v1
-
-# CMC content types
-id-cct 1		: id-cct-crs
-id-cct 2		: id-cct-PKIData
-id-cct 3		: id-cct-PKIResponse
-
-# Predefined Proxy Certificate policy languages
-id-ppl 0		: id-ppl-anyLanguage	: Any language
-id-ppl 1		: id-ppl-inheritAll	: Inherit all
-id-ppl 2		: id-ppl-independent	: Independent
-
-# access descriptors for authority info access extension
-!Cname ad-OCSP
-id-ad 1			: OCSP			: OCSP
-!Cname ad-ca-issuers
-id-ad 2			: caIssuers		: CA Issuers
-!Cname ad-timeStamping
-id-ad 3			: ad_timestamping	: AD Time Stamping
-!Cname ad-dvcs
-id-ad 4			: AD_DVCS		: ad dvcs
-id-ad 5			: caRepository		: CA Repository
-
-
-!Alias id-pkix-OCSP ad-OCSP
-!module id-pkix-OCSP
-!Cname basic
-id-pkix-OCSP 1		: basicOCSPResponse	: Basic OCSP Response
-id-pkix-OCSP 2		: Nonce			: OCSP Nonce
-id-pkix-OCSP 3		: CrlID			: OCSP CRL ID
-id-pkix-OCSP 4		: acceptableResponses	: Acceptable OCSP Responses
-id-pkix-OCSP 5		: noCheck		: OCSP No Check
-id-pkix-OCSP 6		: archiveCutoff		: OCSP Archive Cutoff
-id-pkix-OCSP 7		: serviceLocator	: OCSP Service Locator
-id-pkix-OCSP 8		: extendedStatus	: Extended OCSP Status
-id-pkix-OCSP 9		: valid
-id-pkix-OCSP 10		: path
-id-pkix-OCSP 11		: trustRoot		: Trust Root
-!global
-
-1 3 14 3 2		: algorithm		: algorithm
-algorithm 3		: RSA-NP-MD5		: md5WithRSA
-algorithm 6		: DES-ECB		: des-ecb
-algorithm 7		: DES-CBC		: des-cbc
-!Cname des-ofb64
-algorithm 8		: DES-OFB		: des-ofb
-!Cname des-cfb64
-algorithm 9		: DES-CFB		: des-cfb
-algorithm 11		: rsaSignature
-!Cname dsa-2
-algorithm 12		: DSA-old		: dsaEncryption-old
-algorithm 13		: DSA-SHA		: dsaWithSHA
-algorithm 15		: RSA-SHA		: shaWithRSAEncryption
-!Cname des-ede-ecb
-algorithm 17		: DES-EDE		: des-ede
-!Cname des-ede3-ecb
-			: DES-EDE3		: des-ede3
-			: DES-EDE-CBC		: des-ede-cbc
-!Cname des-ede-cfb64
-			: DES-EDE-CFB		: des-ede-cfb
-!Cname des-ede3-cfb64
-			: DES-EDE3-CFB		: des-ede3-cfb
-!Cname des-ede-ofb64
-			: DES-EDE-OFB		: des-ede-ofb
-!Cname des-ede3-ofb64
-			: DES-EDE3-OFB		: des-ede3-ofb
-			: DESX-CBC		: desx-cbc
-algorithm 18		: SHA			: sha
-algorithm 26		: SHA1			: sha1
-!Cname dsaWithSHA1-2
-algorithm 27		: DSA-SHA1-old		: dsaWithSHA1-old
-algorithm 29		: RSA-SHA1-2		: sha1WithRSA
-
-1 3 36 3 2 1		: RIPEMD160		: ripemd160
-1 3 36 3 3 1 2		: RSA-RIPEMD160		: ripemd160WithRSA
-
-!Cname sxnet
-1 3 101 1 4 1		: SXNetID		: Strong Extranet ID
-
-2 5			: X500			: directory services (X.500)
-
-X500 4			: X509
-X509 3			: CN			: commonName
-X509 4			: SN			: surname
-X509 5			: 			: serialNumber
-X509 6			: C			: countryName
-X509 7			: L			: localityName
-X509 8			: ST			: stateOrProvinceName
-X509 9			: street		: streetAddress
-X509 10			: O			: organizationName
-X509 11			: OU			: organizationalUnitName
-X509 12			: title			: title
-X509 13			: 			: description
-X509 14			: 			: searchGuide
-X509 15			: 			: businessCategory
-X509 16			: 			: postalAddress
-X509 17			: 			: postalCode
-X509 18			: 			: postOfficeBox
-X509 19			: 			: physicalDeliveryOfficeName
-X509 20			: 			: telephoneNumber
-X509 21			: 			: telexNumber
-X509 22			: 			: teletexTerminalIdentifier
-X509 23			: 			: facsimileTelephoneNumber
-X509 24			: 			: x121Address
-X509 25			: 			: internationaliSDNNumber
-X509 26			: 			: registeredAddress
-X509 27			: 			: destinationIndicator
-X509 28			: 			: preferredDeliveryMethod
-X509 29			: 			: presentationAddress
-X509 30			: 			: supportedApplicationContext
-X509 31			: member		:
-X509 32			: owner			:
-X509 33			: 			: roleOccupant
-X509 34			: seeAlso		:
-X509 35			: 			: userPassword
-X509 36			: 			: userCertificate
-X509 37			: 			: cACertificate
-X509 38			: 			: authorityRevocationList
-X509 39			: 			: certificateRevocationList
-X509 40			: 			: crossCertificatePair
-X509 41			: name			: name
-X509 42			: GN			: givenName
-X509 43			: initials		: initials
-X509 44			: 			: generationQualifier
-X509 45			: 			: x500UniqueIdentifier
-X509 46			: dnQualifier		: dnQualifier
-X509 47			: 			: enhancedSearchGuide
-X509 48			: 			: protocolInformation
-X509 49			: 			: distinguishedName
-X509 50			: 			: uniqueMember
-X509 51			: 			: houseIdentifier
-X509 52			: 			: supportedAlgorithms
-X509 53			: 			: deltaRevocationList
-X509 54			: dmdName		:
-X509 65			:			: pseudonym
-X509 72			: role			: role
-
-X500 8			: X500algorithms	: directory services - algorithms
-X500algorithms 1 1	: RSA			: rsa
-X500algorithms 3 100	: RSA-MDC2		: mdc2WithRSA
-X500algorithms 3 101	: MDC2			: mdc2
-
-X500 29			: id-ce
-!Cname subject-directory-attributes
-id-ce 9			: subjectDirectoryAttributes : X509v3 Subject Directory Attributes
-!Cname subject-key-identifier
-id-ce 14		: subjectKeyIdentifier	: X509v3 Subject Key Identifier
-!Cname key-usage
-id-ce 15		: keyUsage		: X509v3 Key Usage
-!Cname private-key-usage-period
-id-ce 16		: privateKeyUsagePeriod	: X509v3 Private Key Usage Period
-!Cname subject-alt-name
-id-ce 17		: subjectAltName	: X509v3 Subject Alternative Name
-!Cname issuer-alt-name
-id-ce 18		: issuerAltName		: X509v3 Issuer Alternative Name
-!Cname basic-constraints
-id-ce 19		: basicConstraints	: X509v3 Basic Constraints
-!Cname crl-number
-id-ce 20		: crlNumber		: X509v3 CRL Number
-!Cname crl-reason
-id-ce 21		: CRLReason		: X509v3 CRL Reason Code
-!Cname invalidity-date
-id-ce 24		: invalidityDate	: Invalidity Date
-!Cname delta-crl
-id-ce 27		: deltaCRL		: X509v3 Delta CRL Indicator
-!Cname issuing-distribution-point
-id-ce 28		: issuingDistributionPoint : X509v3 Issuing Distrubution Point
-!Cname certificate-issuer
-id-ce 29		: certificateIssuer	: X509v3 Certificate Issuer
-!Cname name-constraints
-id-ce 30		: nameConstraints	: X509v3 Name Constraints
-!Cname crl-distribution-points
-id-ce 31		: crlDistributionPoints	: X509v3 CRL Distribution Points
-!Cname certificate-policies
-id-ce 32		: certificatePolicies	: X509v3 Certificate Policies
-!Cname any-policy
-certificate-policies 0	: anyPolicy		: X509v3 Any Policy
-!Cname policy-mappings
-id-ce 33		: policyMappings	: X509v3 Policy Mappings
-!Cname authority-key-identifier
-id-ce 35		: authorityKeyIdentifier : X509v3 Authority Key Identifier
-!Cname policy-constraints
-id-ce 36		: policyConstraints	: X509v3 Policy Constraints
-!Cname ext-key-usage
-id-ce 37		: extendedKeyUsage	: X509v3 Extended Key Usage
-!Cname freshest-crl
-id-ce 46		: freshestCRL		: X509v3 Freshest CRL
-!Cname inhibit-any-policy
-id-ce 54		: inhibitAnyPolicy	: X509v3 Inhibit Any Policy
-!Cname target-information
-id-ce 55		: targetInformation	: X509v3 AC Targeting
-!Cname no-rev-avail
-id-ce 56		: noRevAvail		: X509v3 No Revocation Available
-
-# From RFC5280
-ext-key-usage 0		: anyExtendedKeyUsage	: Any Extended Key Usage
-
-
-!Cname netscape
-2 16 840 1 113730	: Netscape		: Netscape Communications Corp.
-!Cname netscape-cert-extension
-netscape 1		: nsCertExt		: Netscape Certificate Extension
-!Cname netscape-data-type
-netscape 2		: nsDataType		: Netscape Data Type
-!Cname netscape-cert-type
-netscape-cert-extension 1 : nsCertType		: Netscape Cert Type
-!Cname netscape-base-url
-netscape-cert-extension 2 : nsBaseUrl		: Netscape Base Url
-!Cname netscape-revocation-url
-netscape-cert-extension 3 : nsRevocationUrl	: Netscape Revocation Url
-!Cname netscape-ca-revocation-url
-netscape-cert-extension 4 : nsCaRevocationUrl	: Netscape CA Revocation Url
-!Cname netscape-renewal-url
-netscape-cert-extension 7 : nsRenewalUrl	: Netscape Renewal Url
-!Cname netscape-ca-policy-url
-netscape-cert-extension 8 : nsCaPolicyUrl	: Netscape CA Policy Url
-!Cname netscape-ssl-server-name
-netscape-cert-extension 12 : nsSslServerName	: Netscape SSL Server Name
-!Cname netscape-comment
-netscape-cert-extension 13 : nsComment		: Netscape Comment
-!Cname netscape-cert-sequence
-netscape-data-type 5	: nsCertSequence	: Netscape Certificate Sequence
-!Cname ns-sgc
-netscape 4 1		: nsSGC			: Netscape Server Gated Crypto
-
-# iso(1)
-iso 3			: ORG			: org
-org 6			: DOD			: dod
-dod 1			: IANA			: iana
-!Alias internet iana
-
-internet 1		: directory		: Directory
-internet 2		: mgmt			: Management
-internet 3		: experimental		: Experimental
-internet 4		: private		: Private
-internet 5		: security		: Security
-internet 6		: snmpv2		: SNMPv2
-# Documents refer to "internet 7" as "mail". This however leads to ambiguities
-# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
-# rfc822Mailbox. The short name is therefore here left out for a reason.
-# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
-# references are realized via long name "Mail" (with capital M).
-internet 7		:			: Mail
-
-Private 1		: enterprises		: Enterprises
-
-# RFC 2247
-Enterprises 1466 344	: dcobject		: dcObject
-
-# RFC 1495
-Mail 1			: mime-mhs		: MIME MHS
-mime-mhs 1		: mime-mhs-headings	: mime-mhs-headings
-mime-mhs 2		: mime-mhs-bodies	: mime-mhs-bodies
-mime-mhs-headings 1	: id-hex-partial-message : id-hex-partial-message
-mime-mhs-headings 2	: id-hex-multipart-message : id-hex-multipart-message
-
-# What the hell are these OIDs, really?
-!Cname rle-compression
-1 1 1 1 666 1		: RLE			: run length compression
-!Cname zlib-compression
-id-smime-alg 8		: ZLIB			: zlib compression
-
-# AES aka Rijndael
-
-!Alias csor 2 16 840 1 101 3
-!Alias nistAlgorithms csor 4
-!Alias aes nistAlgorithms 1
-
-aes 1			: AES-128-ECB		: aes-128-ecb
-aes 2			: AES-128-CBC		: aes-128-cbc
-!Cname aes-128-ofb128
-aes 3			: AES-128-OFB		: aes-128-ofb
-!Cname aes-128-cfb128
-aes 4			: AES-128-CFB		: aes-128-cfb
-aes 5			: id-aes128-wrap
-aes 6			: id-aes128-GCM		: aes-128-gcm
-aes 7			: id-aes128-CCM		: aes-128-ccm
-aes 8			: id-aes128-wrap-pad
-
-aes 21			: AES-192-ECB		: aes-192-ecb
-aes 22			: AES-192-CBC		: aes-192-cbc
-!Cname aes-192-ofb128
-aes 23			: AES-192-OFB		: aes-192-ofb
-!Cname aes-192-cfb128
-aes 24			: AES-192-CFB		: aes-192-cfb
-aes 25			: id-aes192-wrap
-aes 26			: id-aes192-GCM		: aes-192-gcm
-aes 27			: id-aes192-CCM		: aes-192-ccm
-aes 28			: id-aes192-wrap-pad
-
-aes 41			: AES-256-ECB		: aes-256-ecb
-aes 42			: AES-256-CBC		: aes-256-cbc
-!Cname aes-256-ofb128
-aes 43			: AES-256-OFB		: aes-256-ofb
-!Cname aes-256-cfb128
-aes 44			: AES-256-CFB		: aes-256-cfb
-aes 45			: id-aes256-wrap
-aes 46			: id-aes256-GCM		: aes-256-gcm
-aes 47			: id-aes256-CCM		: aes-256-ccm
-aes 48			: id-aes256-wrap-pad
-
-# There are no OIDs for these modes...
-
-			: AES-128-CFB1		: aes-128-cfb1
-			: AES-192-CFB1		: aes-192-cfb1
-			: AES-256-CFB1		: aes-256-cfb1
-			: AES-128-CFB8		: aes-128-cfb8
-			: AES-192-CFB8		: aes-192-cfb8
-			: AES-256-CFB8		: aes-256-cfb8
-			: AES-128-CTR		: aes-128-ctr
-			: AES-192-CTR		: aes-192-ctr
-			: AES-256-CTR		: aes-256-ctr
-			: AES-128-XTS		: aes-128-xts
-			: AES-256-XTS		: aes-256-xts
-			: DES-CFB1		: des-cfb1
-			: DES-CFB8		: des-cfb8
-			: DES-EDE3-CFB1		: des-ede3-cfb1
-			: DES-EDE3-CFB8		: des-ede3-cfb8
-
-# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
-!Alias nist_hashalgs nistAlgorithms 2
-nist_hashalgs 1		: SHA256		: sha256
-nist_hashalgs 2		: SHA384		: sha384
-nist_hashalgs 3		: SHA512		: sha512
-nist_hashalgs 4		: SHA224		: sha224
-
-# OIDs for dsa-with-sha224 and dsa-with-sha256
-!Alias dsa_with_sha2 nistAlgorithms 3
-dsa_with_sha2 1		: dsa_with_SHA224
-dsa_with_sha2 2		: dsa_with_SHA256
-
-# Hold instruction CRL entry extension
-!Cname hold-instruction-code
-id-ce 23		: holdInstructionCode	: Hold Instruction Code
-!Alias holdInstruction	X9-57 2
-!Cname hold-instruction-none
-holdInstruction 1	: holdInstructionNone	: Hold Instruction None
-!Cname hold-instruction-call-issuer
-holdInstruction 2	: holdInstructionCallIssuer : Hold Instruction Call Issuer
-!Cname hold-instruction-reject
-holdInstruction 3	: holdInstructionReject	: Hold Instruction Reject
-
-# OID's from ITU-T.  Most of this is defined in RFC 1274.  A couple of
-# them are also mentioned in RFC 2247
-itu-t 9			: data
-data 2342		: pss
-pss 19200300		: ucl
-ucl 100			: pilot
-pilot 1			:			: pilotAttributeType
-pilot 3			:			: pilotAttributeSyntax
-pilot 4			:			: pilotObjectClass
-pilot 10		:			: pilotGroups
-pilotAttributeSyntax 4	:			: iA5StringSyntax
-pilotAttributeSyntax 5	:			: caseIgnoreIA5StringSyntax
-pilotObjectClass 3	:			: pilotObject
-pilotObjectClass 4	:			: pilotPerson
-pilotObjectClass 5	: account
-pilotObjectClass 6	: document
-pilotObjectClass 7	: room
-pilotObjectClass 9	:			: documentSeries
-pilotObjectClass 13	: domain		: Domain
-pilotObjectClass 14	:			: rFC822localPart
-pilotObjectClass 15	:			: dNSDomain
-pilotObjectClass 17	:			: domainRelatedObject
-pilotObjectClass 18	:			: friendlyCountry
-pilotObjectClass 19	:			: simpleSecurityObject
-pilotObjectClass 20	:			: pilotOrganization
-pilotObjectClass 21	:			: pilotDSA
-pilotObjectClass 22	:			: qualityLabelledData
-pilotAttributeType 1	: UID			: userId
-pilotAttributeType 2	:			: textEncodedORAddress
-pilotAttributeType 3	: mail			: rfc822Mailbox
-pilotAttributeType 4	: info
-pilotAttributeType 5	:			: favouriteDrink
-pilotAttributeType 6	:			: roomNumber
-pilotAttributeType 7	: photo
-pilotAttributeType 8	:			: userClass
-pilotAttributeType 9	: host
-pilotAttributeType 10	: manager
-pilotAttributeType 11	:			: documentIdentifier
-pilotAttributeType 12	:			: documentTitle
-pilotAttributeType 13	:			: documentVersion
-pilotAttributeType 14	:			: documentAuthor
-pilotAttributeType 15	:			: documentLocation
-pilotAttributeType 20	:			: homeTelephoneNumber
-pilotAttributeType 21	: secretary
-pilotAttributeType 22	:			: otherMailbox
-pilotAttributeType 23	:			: lastModifiedTime
-pilotAttributeType 24	:			: lastModifiedBy
-pilotAttributeType 25	: DC			: domainComponent
-pilotAttributeType 26	:			: aRecord
-pilotAttributeType 27	:			: pilotAttributeType27
-pilotAttributeType 28	:			: mXRecord
-pilotAttributeType 29	:			: nSRecord
-pilotAttributeType 30	:			: sOARecord
-pilotAttributeType 31	:			: cNAMERecord
-pilotAttributeType 37	:			: associatedDomain
-pilotAttributeType 38	:			: associatedName
-pilotAttributeType 39	:			: homePostalAddress
-pilotAttributeType 40	:			: personalTitle
-pilotAttributeType 41	:			: mobileTelephoneNumber
-pilotAttributeType 42	:			: pagerTelephoneNumber
-pilotAttributeType 43	:			: friendlyCountryName
-# The following clashes with 2.5.4.45, so commented away
-#pilotAttributeType 44	: uid			: uniqueIdentifier
-pilotAttributeType 45	:			: organizationalStatus
-pilotAttributeType 46	:			: janetMailbox
-pilotAttributeType 47	:			: mailPreferenceOption
-pilotAttributeType 48	:			: buildingName
-pilotAttributeType 49	:			: dSAQuality
-pilotAttributeType 50	:			: singleLevelQuality
-pilotAttributeType 51	:			: subtreeMinimumQuality
-pilotAttributeType 52	:			: subtreeMaximumQuality
-pilotAttributeType 53	:			: personalSignature
-pilotAttributeType 54	:			: dITRedirect
-pilotAttributeType 55	: audio
-pilotAttributeType 56	:			: documentPublisher
-
-international-organizations 42	: id-set	: Secure Electronic Transactions
-
-id-set 0		: set-ctype		: content types
-id-set 1		: set-msgExt		: message extensions
-id-set 3		: set-attr
-id-set 5		: set-policy
-id-set 7		: set-certExt		: certificate extensions
-id-set 8		: set-brand
-
-set-ctype 0		: setct-PANData
-set-ctype 1		: setct-PANToken
-set-ctype 2		: setct-PANOnly
-set-ctype 3		: setct-OIData
-set-ctype 4		: setct-PI
-set-ctype 5		: setct-PIData
-set-ctype 6		: setct-PIDataUnsigned
-set-ctype 7		: setct-HODInput
-set-ctype 8		: setct-AuthResBaggage
-set-ctype 9		: setct-AuthRevReqBaggage
-set-ctype 10		: setct-AuthRevResBaggage
-set-ctype 11		: setct-CapTokenSeq
-set-ctype 12		: setct-PInitResData
-set-ctype 13		: setct-PI-TBS
-set-ctype 14		: setct-PResData
-set-ctype 16		: setct-AuthReqTBS
-set-ctype 17		: setct-AuthResTBS
-set-ctype 18		: setct-AuthResTBSX
-set-ctype 19		: setct-AuthTokenTBS
-set-ctype 20		: setct-CapTokenData
-set-ctype 21		: setct-CapTokenTBS
-set-ctype 22		: setct-AcqCardCodeMsg
-set-ctype 23		: setct-AuthRevReqTBS
-set-ctype 24		: setct-AuthRevResData
-set-ctype 25		: setct-AuthRevResTBS
-set-ctype 26		: setct-CapReqTBS
-set-ctype 27		: setct-CapReqTBSX
-set-ctype 28		: setct-CapResData
-set-ctype 29		: setct-CapRevReqTBS
-set-ctype 30		: setct-CapRevReqTBSX
-set-ctype 31		: setct-CapRevResData
-set-ctype 32		: setct-CredReqTBS
-set-ctype 33		: setct-CredReqTBSX
-set-ctype 34		: setct-CredResData
-set-ctype 35		: setct-CredRevReqTBS
-set-ctype 36		: setct-CredRevReqTBSX
-set-ctype 37		: setct-CredRevResData
-set-ctype 38		: setct-PCertReqData
-set-ctype 39		: setct-PCertResTBS
-set-ctype 40		: setct-BatchAdminReqData
-set-ctype 41		: setct-BatchAdminResData
-set-ctype 42		: setct-CardCInitResTBS
-set-ctype 43		: setct-MeAqCInitResTBS
-set-ctype 44		: setct-RegFormResTBS
-set-ctype 45		: setct-CertReqData
-set-ctype 46		: setct-CertReqTBS
-set-ctype 47		: setct-CertResData
-set-ctype 48		: setct-CertInqReqTBS
-set-ctype 49		: setct-ErrorTBS
-set-ctype 50		: setct-PIDualSignedTBE
-set-ctype 51		: setct-PIUnsignedTBE
-set-ctype 52		: setct-AuthReqTBE
-set-ctype 53		: setct-AuthResTBE
-set-ctype 54		: setct-AuthResTBEX
-set-ctype 55		: setct-AuthTokenTBE
-set-ctype 56		: setct-CapTokenTBE
-set-ctype 57		: setct-CapTokenTBEX
-set-ctype 58		: setct-AcqCardCodeMsgTBE
-set-ctype 59		: setct-AuthRevReqTBE
-set-ctype 60		: setct-AuthRevResTBE
-set-ctype 61		: setct-AuthRevResTBEB
-set-ctype 62		: setct-CapReqTBE
-set-ctype 63		: setct-CapReqTBEX
-set-ctype 64		: setct-CapResTBE
-set-ctype 65		: setct-CapRevReqTBE
-set-ctype 66		: setct-CapRevReqTBEX
-set-ctype 67		: setct-CapRevResTBE
-set-ctype 68		: setct-CredReqTBE
-set-ctype 69		: setct-CredReqTBEX
-set-ctype 70		: setct-CredResTBE
-set-ctype 71		: setct-CredRevReqTBE
-set-ctype 72		: setct-CredRevReqTBEX
-set-ctype 73		: setct-CredRevResTBE
-set-ctype 74		: setct-BatchAdminReqTBE
-set-ctype 75		: setct-BatchAdminResTBE
-set-ctype 76		: setct-RegFormReqTBE
-set-ctype 77		: setct-CertReqTBE
-set-ctype 78		: setct-CertReqTBEX
-set-ctype 79		: setct-CertResTBE
-set-ctype 80		: setct-CRLNotificationTBS
-set-ctype 81		: setct-CRLNotificationResTBS
-set-ctype 82		: setct-BCIDistributionTBS
-
-set-msgExt 1		: setext-genCrypt	: generic cryptogram
-set-msgExt 3		: setext-miAuth		: merchant initiated auth
-set-msgExt 4		: setext-pinSecure
-set-msgExt 5		: setext-pinAny
-set-msgExt 7		: setext-track2
-set-msgExt 8		: setext-cv		: additional verification
-
-set-policy 0		: set-policy-root
-
-set-certExt 0		: setCext-hashedRoot
-set-certExt 1		: setCext-certType
-set-certExt 2		: setCext-merchData
-set-certExt 3		: setCext-cCertRequired
-set-certExt 4		: setCext-tunneling
-set-certExt 5		: setCext-setExt
-set-certExt 6		: setCext-setQualf
-set-certExt 7		: setCext-PGWYcapabilities
-set-certExt 8		: setCext-TokenIdentifier
-set-certExt 9		: setCext-Track2Data
-set-certExt 10		: setCext-TokenType
-set-certExt 11		: setCext-IssuerCapabilities
-
-set-attr 0		: setAttr-Cert
-set-attr 1		: setAttr-PGWYcap	: payment gateway capabilities
-set-attr 2		: setAttr-TokenType
-set-attr 3		: setAttr-IssCap	: issuer capabilities
-
-setAttr-Cert 0		: set-rootKeyThumb
-setAttr-Cert 1		: set-addPolicy
-
-setAttr-TokenType 1	: setAttr-Token-EMV
-setAttr-TokenType 2	: setAttr-Token-B0Prime
-
-setAttr-IssCap 3	: setAttr-IssCap-CVM
-setAttr-IssCap 4	: setAttr-IssCap-T2
-setAttr-IssCap 5	: setAttr-IssCap-Sig
-
-setAttr-IssCap-CVM 1	: setAttr-GenCryptgrm	: generate cryptogram
-setAttr-IssCap-T2 1	: setAttr-T2Enc		: encrypted track 2
-setAttr-IssCap-T2 2	: setAttr-T2cleartxt	: cleartext track 2
-
-setAttr-IssCap-Sig 1	: setAttr-TokICCsig	: ICC or token signature
-setAttr-IssCap-Sig 2	: setAttr-SecDevSig	: secure device signature
-
-set-brand 1		: set-brand-IATA-ATA
-set-brand 30		: set-brand-Diners
-set-brand 34		: set-brand-AmericanExpress
-set-brand 35		: set-brand-JCB
-set-brand 4		: set-brand-Visa
-set-brand 5		: set-brand-MasterCard
-set-brand 6011		: set-brand-Novus
-
-rsadsi 3 10		: DES-CDMF		: des-cdmf
-rsadsi 1 1 6		: rsaOAEPEncryptionSET
-
-			: Oakley-EC2N-3		: ipsec3
-			: Oakley-EC2N-4		: ipsec4
-
-iso 0 10118 3 0 55	: whirlpool
-
-# GOST OIDs
-
-member-body 643 2 2	: cryptopro
-member-body 643 2 9	: cryptocom
-
-cryptopro 3		: id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001
-cryptopro 4		: id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94
-!Cname id-GostR3411-94
-cryptopro 9		: md_gost94		: GOST R 34.11-94
-cryptopro 10		: id-HMACGostR3411-94	: HMAC GOST 34.11-94
-!Cname id-GostR3410-2001
-cryptopro 19		: gost2001	: GOST R 34.10-2001
-!Cname id-GostR3410-94
-cryptopro 20		: gost94	: GOST R 34.10-94
-!Cname id-Gost28147-89
-cryptopro 21		: gost89 		: GOST 28147-89
-			: gost89-cnt
-!Cname id-Gost28147-89-MAC
-cryptopro 22		: gost-mac	: GOST 28147-89 MAC
-!Cname id-GostR3411-94-prf
-cryptopro 23		: prf-gostr3411-94	: GOST R 34.11-94 PRF
-cryptopro 98		: id-GostR3410-2001DH	: GOST R 34.10-2001 DH
-cryptopro 99		: id-GostR3410-94DH	: GOST R 34.10-94 DH
-
-cryptopro 14 1		: id-Gost28147-89-CryptoPro-KeyMeshing
-cryptopro 14 0		: id-Gost28147-89-None-KeyMeshing
-
-# GOST parameter set OIDs
-
-cryptopro 30 0		: id-GostR3411-94-TestParamSet
-cryptopro 30 1		: id-GostR3411-94-CryptoProParamSet
-
-cryptopro 31 0		: id-Gost28147-89-TestParamSet
-cryptopro 31 1		: id-Gost28147-89-CryptoPro-A-ParamSet
-cryptopro 31 2		: id-Gost28147-89-CryptoPro-B-ParamSet
-cryptopro 31 3		: id-Gost28147-89-CryptoPro-C-ParamSet
-cryptopro 31 4		: id-Gost28147-89-CryptoPro-D-ParamSet
-cryptopro 31 5		: id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet
-cryptopro 31 6		: id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet
-cryptopro 31 7		: id-Gost28147-89-CryptoPro-RIC-1-ParamSet
-
-cryptopro 32 0		: id-GostR3410-94-TestParamSet
-cryptopro 32 2		: id-GostR3410-94-CryptoPro-A-ParamSet
-cryptopro 32 3		: id-GostR3410-94-CryptoPro-B-ParamSet
-cryptopro 32 4		: id-GostR3410-94-CryptoPro-C-ParamSet
-cryptopro 32 5		: id-GostR3410-94-CryptoPro-D-ParamSet
-
-cryptopro 33 1		: id-GostR3410-94-CryptoPro-XchA-ParamSet
-cryptopro 33 2		: id-GostR3410-94-CryptoPro-XchB-ParamSet
-cryptopro 33 3		: id-GostR3410-94-CryptoPro-XchC-ParamSet
-
-cryptopro 35 0		: id-GostR3410-2001-TestParamSet
-cryptopro 35 1		: id-GostR3410-2001-CryptoPro-A-ParamSet
-cryptopro 35 2		: id-GostR3410-2001-CryptoPro-B-ParamSet
-cryptopro 35 3		: id-GostR3410-2001-CryptoPro-C-ParamSet
-
-cryptopro 36 0		: id-GostR3410-2001-CryptoPro-XchA-ParamSet
-cryptopro 36 1		: id-GostR3410-2001-CryptoPro-XchB-ParamSet
-
-id-GostR3410-94 1	: id-GostR3410-94-a
-id-GostR3410-94 2	: id-GostR3410-94-aBis
-id-GostR3410-94 3	: id-GostR3410-94-b
-id-GostR3410-94 4	: id-GostR3410-94-bBis
-
-# Cryptocom LTD GOST OIDs
-
-cryptocom 1 6 1		: id-Gost28147-89-cc	: GOST 28147-89 Cryptocom ParamSet
-!Cname id-GostR3410-94-cc
-cryptocom 1 5 3		: gost94cc	: GOST 34.10-94 Cryptocom
-!Cname id-GostR3410-2001-cc
-cryptocom 1 5 4		: gost2001cc	: GOST 34.10-2001 Cryptocom
-
-cryptocom 1 3 3		: id-GostR3411-94-with-GostR3410-94-cc : GOST R 34.11-94 with GOST R 34.10-94 Cryptocom
-cryptocom 1 3 4		: id-GostR3411-94-with-GostR3410-2001-cc : GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom
-
-cryptocom 1 8 1		: id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom
-
-# Definitions for Camellia cipher - CBC MODE
-
-1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC		: camellia-128-cbc
-1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC		: camellia-192-cbc
-1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC		: camellia-256-cbc
-1 2 392 200011 61 1 1 3 2 : id-camellia128-wrap
-1 2 392 200011 61 1 1 3 3 : id-camellia192-wrap
-1 2 392 200011 61 1 1 3 4 : id-camellia256-wrap
-
-# Definitions for Camellia cipher - ECB, CFB, OFB MODE
-
-!Alias ntt-ds 0 3 4401 5
-!Alias camellia ntt-ds 3 1 9 
-
-camellia 1		: CAMELLIA-128-ECB		: camellia-128-ecb
-!Cname camellia-128-ofb128
-camellia 3		: CAMELLIA-128-OFB		: camellia-128-ofb
-!Cname camellia-128-cfb128
-camellia 4		: CAMELLIA-128-CFB		: camellia-128-cfb
-
-camellia 21		: CAMELLIA-192-ECB		: camellia-192-ecb
-!Cname camellia-192-ofb128
-camellia 23		: CAMELLIA-192-OFB		: camellia-192-ofb
-!Cname camellia-192-cfb128
-camellia 24		: CAMELLIA-192-CFB		: camellia-192-cfb
-
-camellia 41		: CAMELLIA-256-ECB		: camellia-256-ecb
-!Cname camellia-256-ofb128
-camellia 43		: CAMELLIA-256-OFB		: camellia-256-ofb
-!Cname camellia-256-cfb128
-camellia 44		: CAMELLIA-256-CFB		: camellia-256-cfb
-
-# There are no OIDs for these modes...
-
-			: CAMELLIA-128-CFB1		: camellia-128-cfb1
-			: CAMELLIA-192-CFB1		: camellia-192-cfb1
-			: CAMELLIA-256-CFB1		: camellia-256-cfb1
-			: CAMELLIA-128-CFB8		: camellia-128-cfb8
-			: CAMELLIA-192-CFB8		: camellia-192-cfb8
-			: CAMELLIA-256-CFB8		: camellia-256-cfb8
-
-# Definitions for SEED cipher - ECB, CBC, OFB mode
-
-member-body 410 200004  : KISA          : kisa
-kisa 1 3                : SEED-ECB      : seed-ecb
-kisa 1 4                : SEED-CBC      : seed-cbc
-!Cname seed-cfb128
-kisa 1 5                : SEED-CFB      : seed-cfb
-!Cname seed-ofb128
-kisa 1 6                : SEED-OFB      : seed-ofb
-
-# There is no OID that just denotes "HMAC" oddly enough...
-
-			: HMAC				: hmac
-# Nor CMAC either
-			: CMAC				: cmac
-
-# Synthetic composite ciphersuites
-			: RC4-HMAC-MD5			: rc4-hmac-md5
-			: AES-128-CBC-HMAC-SHA1		: aes-128-cbc-hmac-sha1
-			: AES-192-CBC-HMAC-SHA1		: aes-192-cbc-hmac-sha1
-			: AES-256-CBC-HMAC-SHA1		: aes-256-cbc-hmac-sha1
diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl
deleted file mode 100644
index 6c4c832ab2..0000000000
--- a/crypto/objects/objxref.pl
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/usr/local/bin/perl
-
-use strict;
-
-my %xref_tbl;
-my %oid_tbl;
-
-my ($mac_file, $xref_file) = @ARGV;
-
-open(IN, $mac_file) || die "Can't open $mac_file";
-
-# Read in OID nid values for a lookup table.
-
-while (<IN>)
-	{
-	chomp;
-	my ($name, $num) = /^(\S+)\s+(\S+)$/;
-	$oid_tbl{$name} = $num;
-	}
-close IN;
-
-open(IN, $xref_file) || die "Can't open $xref_file";
-
-my $ln = 1;
-
-while (<IN>)
-	{
-	chomp;
-	s/#.*$//;
-	next if (/^\S*$/);
-	my ($xr, $p1, $p2) = /^(\S+)\s+(\S+)\s+(\S+)/;
-	check_oid($xr);
-	check_oid($p1);
-	check_oid($p2);
-	$xref_tbl{$xr} = [$p1, $p2, $ln];
-	}
-
-my @xrkeys = keys %xref_tbl;
-
-my @srt1 = sort { $oid_tbl{$a} <=> $oid_tbl{$b}} @xrkeys;
-
-for(my $i = 0; $i <= $#srt1; $i++)
-	{
-	$xref_tbl{$srt1[$i]}[2] = $i;
-	}
-
-my @srt2 = sort
-	{
-	my$ap1 = $oid_tbl{$xref_tbl{$a}[0]};
-	my$bp1 = $oid_tbl{$xref_tbl{$b}[0]};
-	return $ap1 - $bp1 if ($ap1 != $bp1);
-	my$ap2 = $oid_tbl{$xref_tbl{$a}[1]};
-	my$bp2 = $oid_tbl{$xref_tbl{$b}[1]};
-
-	return $ap2 - $bp2;
-	} @xrkeys;
-
-my $pname = $0;
-
-$pname =~ s|^.[^/]/||;
-
-print <<EOF;
-/* AUTOGENERATED BY $pname, DO NOT EDIT */
-
-typedef struct
-	{
-	int sign_id;
-	int hash_id;
-	int pkey_id;
-	} nid_triple;
-
-static const nid_triple sigoid_srt[] =
-	{
-EOF
-
-foreach (@srt1)
-	{
-	my $xr = $_;
-	my ($p1, $p2) = @{$xref_tbl{$_}};
-	print "\t{NID_$xr, NID_$p1, NID_$p2},\n";
-	}
-
-print "\t};";
-print <<EOF;
-
-
-static const nid_triple * const sigoid_srt_xref[] =
-	{
-EOF
-
-foreach (@srt2)
-	{
-	my ($p1, $p2, $x) = @{$xref_tbl{$_}};
-	# If digest or signature algorithm is "undef" then the algorithm
-	# needs special handling and is excluded from the cross reference table.
-	next if $p1 eq "undef" || $p2 eq "undef";
-	print "\t\&sigoid_srt\[$x\],\n";
-	}
-
-print "\t};\n\n";
-
-sub check_oid
-	{
-	my ($chk) = @_;
-	if (!exists $oid_tbl{$chk})
-		{
-		die "Not Found \"$chk\"\n";
-		}
-	}
-
diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h
deleted file mode 100644
index f14e9f7e11..0000000000
--- a/crypto/ocsp/ocsp.h
+++ /dev/null
@@ -1,630 +0,0 @@
-/* ocsp.h */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
-
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_OCSP_H
-#define HEADER_OCSP_H
-
-#include <openssl/ossl_typ.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/safestack.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Various flags and values */
-
-#define OCSP_DEFAULT_NONCE_LENGTH	16
-
-#define OCSP_NOCERTS			0x1
-#define OCSP_NOINTERN			0x2
-#define OCSP_NOSIGS			0x4
-#define OCSP_NOCHAIN			0x8
-#define OCSP_NOVERIFY			0x10
-#define OCSP_NOEXPLICIT			0x20
-#define OCSP_NOCASIGN			0x40
-#define OCSP_NODELEGATED		0x80
-#define OCSP_NOCHECKS			0x100
-#define OCSP_TRUSTOTHER			0x200
-#define OCSP_RESPID_KEY			0x400
-#define OCSP_NOTIME			0x800
-
-#ifdef OPENSSL_SYS_WIN32
-  /* Under Win32 these are defined in wincrypt.h */
-#undef OCSP_REQUEST
-#undef X509_NAME
-#undef OCSP_RESPONSE
-#endif
-
-/*   CertID ::= SEQUENCE {
- *       hashAlgorithm            AlgorithmIdentifier,
- *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
- *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
- *       serialNumber       CertificateSerialNumber }
- */
-typedef struct ocsp_cert_id_st
-	{
-	X509_ALGOR *hashAlgorithm;
-	ASN1_OCTET_STRING *issuerNameHash;
-	ASN1_OCTET_STRING *issuerKeyHash;
-	ASN1_INTEGER *serialNumber;
-	} OCSP_CERTID;
-
-DECLARE_STACK_OF(OCSP_CERTID)
-
-/*   Request ::=     SEQUENCE {
- *       reqCert                    CertID,
- *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_one_request_st
-	{
-	OCSP_CERTID *reqCert;
-	STACK_OF(X509_EXTENSION) *singleRequestExtensions;
-	} OCSP_ONEREQ;
-
-DECLARE_STACK_OF(OCSP_ONEREQ)
-DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
-
-
-/*   TBSRequest      ::=     SEQUENCE {
- *       version             [0] EXPLICIT Version DEFAULT v1,
- *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
- *       requestList             SEQUENCE OF Request,
- *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_req_info_st
-	{
-	ASN1_INTEGER *version;
-	GENERAL_NAME *requestorName;
-	STACK_OF(OCSP_ONEREQ) *requestList;
-	STACK_OF(X509_EXTENSION) *requestExtensions;
-	} OCSP_REQINFO;
-
-/*   Signature       ::=     SEQUENCE {
- *       signatureAlgorithm   AlgorithmIdentifier,
- *       signature            BIT STRING,
- *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-typedef struct ocsp_signature_st
-	{
-	X509_ALGOR *signatureAlgorithm;
-	ASN1_BIT_STRING *signature;
-	STACK_OF(X509) *certs;
-	} OCSP_SIGNATURE;
-
-/*   OCSPRequest     ::=     SEQUENCE {
- *       tbsRequest                  TBSRequest,
- *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
- */
-typedef struct ocsp_request_st
-	{
-	OCSP_REQINFO *tbsRequest;
-	OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
-	} OCSP_REQUEST;
-
-/*   OCSPResponseStatus ::= ENUMERATED {
- *       successful            (0),      --Response has valid confirmations
- *       malformedRequest      (1),      --Illegal confirmation request
- *       internalError         (2),      --Internal error in issuer
- *       tryLater              (3),      --Try again later
- *                                       --(4) is not used
- *       sigRequired           (5),      --Must sign the request
- *       unauthorized          (6)       --Request unauthorized
- *   }
- */
-#define OCSP_RESPONSE_STATUS_SUCCESSFUL          0
-#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
-#define OCSP_RESPONSE_STATUS_INTERNALERROR        2
-#define OCSP_RESPONSE_STATUS_TRYLATER             3
-#define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
-#define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
-
-/*   ResponseBytes ::=       SEQUENCE {
- *       responseType   OBJECT IDENTIFIER,
- *       response       OCTET STRING }
- */
-typedef struct ocsp_resp_bytes_st
-	{
-	ASN1_OBJECT *responseType;
-	ASN1_OCTET_STRING *response;
-	} OCSP_RESPBYTES;
-
-/*   OCSPResponse ::= SEQUENCE {
- *      responseStatus         OCSPResponseStatus,
- *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
- */
-struct ocsp_response_st
-	{
-	ASN1_ENUMERATED *responseStatus;
-	OCSP_RESPBYTES  *responseBytes;
-	};
-
-/*   ResponderID ::= CHOICE {
- *      byName   [1] Name,
- *      byKey    [2] KeyHash }
- */
-#define V_OCSP_RESPID_NAME 0
-#define V_OCSP_RESPID_KEY  1
-struct ocsp_responder_id_st
-	{
-	int type;
-	union   {
-		X509_NAME* byName;
-        	ASN1_OCTET_STRING *byKey;
-		} value;
-	};
-
-DECLARE_STACK_OF(OCSP_RESPID)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
-
-/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
- *                            --(excluding the tag and length fields)
- */
-
-/*   RevokedInfo ::= SEQUENCE {
- *       revocationTime              GeneralizedTime,
- *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
- */
-typedef struct ocsp_revoked_info_st
-	{
-	ASN1_GENERALIZEDTIME *revocationTime;
-	ASN1_ENUMERATED *revocationReason;
-	} OCSP_REVOKEDINFO;
-
-/*   CertStatus ::= CHOICE {
- *       good                [0]     IMPLICIT NULL,
- *       revoked             [1]     IMPLICIT RevokedInfo,
- *       unknown             [2]     IMPLICIT UnknownInfo }
- */
-#define V_OCSP_CERTSTATUS_GOOD    0
-#define V_OCSP_CERTSTATUS_REVOKED 1
-#define V_OCSP_CERTSTATUS_UNKNOWN 2
-typedef struct ocsp_cert_status_st
-	{
-	int type;
-	union	{
-		ASN1_NULL *good;
-		OCSP_REVOKEDINFO *revoked;
-		ASN1_NULL *unknown;
-		} value;
-	} OCSP_CERTSTATUS;
-
-/*   SingleResponse ::= SEQUENCE {
- *      certID                       CertID,
- *      certStatus                   CertStatus,
- *      thisUpdate                   GeneralizedTime,
- *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
- *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_single_response_st
-	{
-	OCSP_CERTID *certId;
-	OCSP_CERTSTATUS *certStatus;
-	ASN1_GENERALIZEDTIME *thisUpdate;
-	ASN1_GENERALIZEDTIME *nextUpdate;
-	STACK_OF(X509_EXTENSION) *singleExtensions;
-	} OCSP_SINGLERESP;
-
-DECLARE_STACK_OF(OCSP_SINGLERESP)
-DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
-
-/*   ResponseData ::= SEQUENCE {
- *      version              [0] EXPLICIT Version DEFAULT v1,
- *      responderID              ResponderID,
- *      producedAt               GeneralizedTime,
- *      responses                SEQUENCE OF SingleResponse,
- *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_response_data_st
-	{
-	ASN1_INTEGER *version;
-	OCSP_RESPID  *responderId;
-	ASN1_GENERALIZEDTIME *producedAt;
-	STACK_OF(OCSP_SINGLERESP) *responses;
-	STACK_OF(X509_EXTENSION) *responseExtensions;
-	} OCSP_RESPDATA;
-
-/*   BasicOCSPResponse       ::= SEQUENCE {
- *      tbsResponseData      ResponseData,
- *      signatureAlgorithm   AlgorithmIdentifier,
- *      signature            BIT STRING,
- *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-  /* Note 1:
-     The value for "signature" is specified in the OCSP rfc2560 as follows:
-     "The value for the signature SHALL be computed on the hash of the DER
-     encoding ResponseData."  This means that you must hash the DER-encoded
-     tbsResponseData, and then run it through a crypto-signing function, which
-     will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems
-     a bit odd, but that's the spec.  Also note that the data structures do not
-     leave anywhere to independently specify the algorithm used for the initial
-     hash. So, we look at the signature-specification algorithm, and try to do
-     something intelligent.	-- Kathy Weinhold, CertCo */
-  /* Note 2:
-     It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
-     for interpretation.  I've done tests against another responder, and found
-     that it doesn't do the double hashing that the RFC seems to say one
-     should.  Therefore, all relevant functions take a flag saying which
-     variant should be used.	-- Richard Levitte, OpenSSL team and CeloCom */
-typedef struct ocsp_basic_response_st
-	{
-	OCSP_RESPDATA *tbsResponseData;
-	X509_ALGOR *signatureAlgorithm;
-	ASN1_BIT_STRING *signature;
-	STACK_OF(X509) *certs;
-	} OCSP_BASICRESP;
-
-/*
- *   CRLReason ::= ENUMERATED {
- *        unspecified             (0),
- *        keyCompromise           (1),
- *        cACompromise            (2),
- *        affiliationChanged      (3),
- *        superseded              (4),
- *        cessationOfOperation    (5),
- *        certificateHold         (6),
- *        removeFromCRL           (8) }
- */
-#define OCSP_REVOKED_STATUS_NOSTATUS               -1
-#define OCSP_REVOKED_STATUS_UNSPECIFIED             0
-#define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
-#define OCSP_REVOKED_STATUS_CACOMPROMISE            2
-#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
-#define OCSP_REVOKED_STATUS_SUPERSEDED              4
-#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
-#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
-#define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
-
-/* CrlID ::= SEQUENCE {
- *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
- *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
- *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
- */
-typedef struct ocsp_crl_id_st
-        {
-	ASN1_IA5STRING *crlUrl;
-	ASN1_INTEGER *crlNum;
-	ASN1_GENERALIZEDTIME *crlTime;
-        } OCSP_CRLID;
-
-/* ServiceLocator ::= SEQUENCE {
- *      issuer    Name,
- *      locator   AuthorityInfoAccessSyntax OPTIONAL }
- */
-typedef struct ocsp_service_locator_st
-        {
-	X509_NAME* issuer;
-	STACK_OF(ACCESS_DESCRIPTION) *locator;
-        } OCSP_SERVICELOC;
- 
-#define PEM_STRING_OCSP_REQUEST	"OCSP REQUEST"
-#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
-
-#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
-
-#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
-
-#define	PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
-     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
-
-#define	PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
-     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
-
-#define PEM_write_bio_OCSP_REQUEST(bp,o) \
-    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
-			bp,(char *)o, NULL,NULL,0,NULL,NULL)
-
-#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
-    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
-			bp,(char *)o, NULL,NULL,0,NULL,NULL)
-
-#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
-
-#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
-
-#define OCSP_REQUEST_sign(o,pkey,md) \
-	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
-		o->optionalSignature->signatureAlgorithm,NULL,\
-	        o->optionalSignature->signature,o->tbsRequest,pkey,md)
-
-#define OCSP_BASICRESP_sign(o,pkey,md,d) \
-	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
-		o->signature,o->tbsResponseData,pkey,md)
-
-#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
-        a->optionalSignature->signatureAlgorithm,\
-	a->optionalSignature->signature,a->tbsRequest,r)
-
-#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
-	a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
-
-#define ASN1_BIT_STRING_digest(data,type,md,len) \
-	ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
-
-#define OCSP_CERTSTATUS_dup(cs)\
-                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
-		(char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
-
-OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
-
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
-								int maxline);
-int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
-void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
-int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
-int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
-		const char *name, const char *value);
-
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
-
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
-			      X509_NAME *issuerName, 
-			      ASN1_BIT_STRING* issuerKey, 
-			      ASN1_INTEGER *serialNumber);
-
-OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
-
-int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
-int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
-int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
-int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
-
-int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
-int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
-
-int OCSP_request_sign(OCSP_REQUEST   *req,
-		      X509           *signer,
-		      EVP_PKEY       *key,
-		      const EVP_MD   *dgst,
-		      STACK_OF(X509) *certs,
-		      unsigned long flags);
-
-int OCSP_response_status(OCSP_RESPONSE *resp);
-OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
-
-int OCSP_resp_count(OCSP_BASICRESP *bs);
-OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
-int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
-int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
-				ASN1_GENERALIZEDTIME **revtime,
-				ASN1_GENERALIZEDTIME **thisupd,
-				ASN1_GENERALIZEDTIME **nextupd);
-int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
-				int *reason,
-				ASN1_GENERALIZEDTIME **revtime,
-				ASN1_GENERALIZEDTIME **thisupd,
-				ASN1_GENERALIZEDTIME **nextupd);
-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
-			ASN1_GENERALIZEDTIME *nextupd,
-			long sec, long maxsec);
-
-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);
-
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);
-
-int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
-int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
-
-int OCSP_request_onereq_count(OCSP_REQUEST *req);
-OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
-OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
-			ASN1_OCTET_STRING **pikeyHash,
-			ASN1_INTEGER **pserial, OCSP_CERTID *cid);
-int OCSP_request_is_signed(OCSP_REQUEST *req);
-OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
-OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
-						OCSP_CERTID *cid,
-						int status, int reason,
-						ASN1_TIME *revtime,
-					ASN1_TIME *thisupd, ASN1_TIME *nextupd);
-int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
-int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
-			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
-			STACK_OF(X509) *certs, unsigned long flags);
-
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
-
-X509_EXTENSION *OCSP_accept_responses_new(char **oids);
-
-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
-
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
-
-int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
-int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
-X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);
-int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
-							unsigned long flags);
-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
-int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
-X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
-int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
-							unsigned long flags);
-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
-int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
-X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);
-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
-							unsigned long flags);
-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
-int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
-X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);
-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
-							unsigned long flags);
-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
-
-DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
-DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
-DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
-DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
-DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
-DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
-DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
-DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
-DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
-DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
-DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
-
-const char *OCSP_response_status_str(long s);
-const char *OCSP_cert_status_str(long s);
-const char *OCSP_crl_reason_str(long s);
-
-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
-
-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-				X509_STORE *st, unsigned long flags);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_OCSP_strings(void);
-
-/* Error codes for the OCSP functions. */
-
-/* Function codes. */
-#define OCSP_F_ASN1_STRING_ENCODE			 100
-#define OCSP_F_D2I_OCSP_NONCE				 102
-#define OCSP_F_OCSP_BASIC_ADD1_STATUS			 103
-#define OCSP_F_OCSP_BASIC_SIGN				 104
-#define OCSP_F_OCSP_BASIC_VERIFY			 105
-#define OCSP_F_OCSP_CERT_ID_NEW				 101
-#define OCSP_F_OCSP_CHECK_DELEGATED			 106
-#define OCSP_F_OCSP_CHECK_IDS				 107
-#define OCSP_F_OCSP_CHECK_ISSUER			 108
-#define OCSP_F_OCSP_CHECK_VALIDITY			 115
-#define OCSP_F_OCSP_MATCH_ISSUERID			 109
-#define OCSP_F_OCSP_PARSE_URL				 114
-#define OCSP_F_OCSP_REQUEST_SIGN			 110
-#define OCSP_F_OCSP_REQUEST_VERIFY			 116
-#define OCSP_F_OCSP_RESPONSE_GET1_BASIC			 111
-#define OCSP_F_OCSP_SENDREQ_BIO				 112
-#define OCSP_F_OCSP_SENDREQ_NBIO			 117
-#define OCSP_F_PARSE_HTTP_LINE1				 118
-#define OCSP_F_REQUEST_VERIFY				 113
-
-/* Reason codes. */
-#define OCSP_R_BAD_DATA					 100
-#define OCSP_R_CERTIFICATE_VERIFY_ERROR			 101
-#define OCSP_R_DIGEST_ERR				 102
-#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD		 122
-#define OCSP_R_ERROR_IN_THISUPDATE_FIELD		 123
-#define OCSP_R_ERROR_PARSING_URL			 121
-#define OCSP_R_MISSING_OCSPSIGNING_USAGE		 103
-#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE		 124
-#define OCSP_R_NOT_BASIC_RESPONSE			 104
-#define OCSP_R_NO_CERTIFICATES_IN_CHAIN			 105
-#define OCSP_R_NO_CONTENT				 106
-#define OCSP_R_NO_PUBLIC_KEY				 107
-#define OCSP_R_NO_RESPONSE_DATA				 108
-#define OCSP_R_NO_REVOKED_TIME				 109
-#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 110
-#define OCSP_R_REQUEST_NOT_SIGNED			 128
-#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA	 111
-#define OCSP_R_ROOT_CA_NOT_TRUSTED			 112
-#define OCSP_R_SERVER_READ_ERROR			 113
-#define OCSP_R_SERVER_RESPONSE_ERROR			 114
-#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR		 115
-#define OCSP_R_SERVER_WRITE_ERROR			 116
-#define OCSP_R_SIGNATURE_FAILURE			 117
-#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND		 118
-#define OCSP_R_STATUS_EXPIRED				 125
-#define OCSP_R_STATUS_NOT_YET_VALID			 126
-#define OCSP_R_STATUS_TOO_OLD				 127
-#define OCSP_R_UNKNOWN_MESSAGE_DIGEST			 119
-#define OCSP_R_UNKNOWN_NID				 120
-#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE		 129
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c
deleted file mode 100644
index bfe892ac70..0000000000
--- a/crypto/ocsp/ocsp_asn.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/* ocsp_asn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/ocsp.h>
-
-ASN1_SEQUENCE(OCSP_SIGNATURE) = {
-	ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
-	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
-} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
-
-ASN1_SEQUENCE(OCSP_CERTID) = {
-	ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(OCSP_CERTID)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
-
-ASN1_SEQUENCE(OCSP_ONEREQ) = {
-	ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
-	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END(OCSP_ONEREQ)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)
-
-ASN1_SEQUENCE(OCSP_REQINFO) = {
-	ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
-	ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
-	ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),
-	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
-} ASN1_SEQUENCE_END(OCSP_REQINFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
-
-ASN1_SEQUENCE(OCSP_REQUEST) = {
-	ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
-	ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
-} ASN1_SEQUENCE_END(OCSP_REQUEST)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
-
-/* OCSP_RESPONSE templates */
-
-ASN1_SEQUENCE(OCSP_RESPBYTES) = {
-	    ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
-	    ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
-
-ASN1_SEQUENCE(OCSP_RESPONSE) = {
-	ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
-	ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
-} ASN1_SEQUENCE_END(OCSP_RESPONSE)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
-
-ASN1_CHOICE(OCSP_RESPID) = {
-	   ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
-	   ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
-} ASN1_CHOICE_END(OCSP_RESPID)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
-
-ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
-	ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
-  	ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
-} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
-
-ASN1_CHOICE(OCSP_CERTSTATUS) = {
-	ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
-	ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
-	ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
-} ASN1_CHOICE_END(OCSP_CERTSTATUS)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
-
-ASN1_SEQUENCE(OCSP_SINGLERESP) = {
-	   ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
-	   ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
-	   ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
-	   ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
-	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
-
-ASN1_SEQUENCE(OCSP_RESPDATA) = {
-	   ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
-	   ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
-	   ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
-	   ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
-	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(OCSP_RESPDATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
-
-ASN1_SEQUENCE(OCSP_BASICRESP) = {
-	   ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
-	   ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
-	   ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
-	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
-} ASN1_SEQUENCE_END(OCSP_BASICRESP)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
-
-ASN1_SEQUENCE(OCSP_CRLID) = {
-	   ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
-	   ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
-	   ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
-} ASN1_SEQUENCE_END(OCSP_CRLID)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
-
-ASN1_SEQUENCE(OCSP_SERVICELOC) = {
-	ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
-	ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
-} ASN1_SEQUENCE_END(OCSP_SERVICELOC)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
deleted file mode 100644
index 9c14d9da27..0000000000
--- a/crypto/ocsp/ocsp_cl.c
+++ /dev/null
@@ -1,371 +0,0 @@
-/* ocsp_cl.c */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
-
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/ocsp.h>
-
-/* Utility functions related to sending OCSP requests and extracting
- * relevant information from the response.
- */
-
-/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ 
- * pointer: useful if we want to add extensions.
- */
-
-OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
-        {
-	OCSP_ONEREQ *one = NULL;
-
-	if (!(one = OCSP_ONEREQ_new())) goto err;
-	if (one->reqCert) OCSP_CERTID_free(one->reqCert);
-	one->reqCert = cid;
-	if (req &&
-		!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
-				goto err;
-	return one;
-err:
-	OCSP_ONEREQ_free(one);
-	return NULL;
-        }
-
-/* Set requestorName from an X509_NAME structure */
-
-int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
-	{
-	GENERAL_NAME *gen;
-	gen = GENERAL_NAME_new();
-	if (gen == NULL)
-		return 0;
-	if (!X509_NAME_set(&gen->d.directoryName, nm))
-		{
-		GENERAL_NAME_free(gen);
-		return 0;
-		}
-	gen->type = GEN_DIRNAME;
-	if (req->tbsRequest->requestorName)
-		GENERAL_NAME_free(req->tbsRequest->requestorName);
-	req->tbsRequest->requestorName = gen;
-	return 1;
-	}
-	
-
-/* Add a certificate to an OCSP request */
-
-int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
-	{
-	OCSP_SIGNATURE *sig;
-	if (!req->optionalSignature)
-		req->optionalSignature = OCSP_SIGNATURE_new();
-	sig = req->optionalSignature;
-	if (!sig) return 0;
-	if (!cert) return 1;
-	if (!sig->certs && !(sig->certs = sk_X509_new_null()))
-		return 0;
-
-	if(!sk_X509_push(sig->certs, cert)) return 0;
-	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-	return 1;
-	}
-
-/* Sign an OCSP request set the requestorName to the subjec
- * name of an optional signers certificate and include one
- * or more optional certificates in the request. Behaves
- * like PKCS7_sign().
- */
-
-int OCSP_request_sign(OCSP_REQUEST   *req,
-		      X509           *signer,
-		      EVP_PKEY       *key,
-		      const EVP_MD   *dgst,
-		      STACK_OF(X509) *certs,
-		      unsigned long flags)
-        {
-	int i;
-	OCSP_SIGNATURE *sig;
-	X509 *x;
-
-	if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
-			goto err;
-
-	if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
-	if (key)
-		{
-		if (!X509_check_private_key(signer, key))
-			{
-			OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-			goto err;
-			}
-		if (!OCSP_REQUEST_sign(req, key, dgst)) goto err;
-		}
-
-	if (!(flags & OCSP_NOCERTS))
-		{
-		if(!OCSP_request_add1_cert(req, signer)) goto err;
-		for (i = 0; i < sk_X509_num(certs); i++)
-			{
-			x = sk_X509_value(certs, i);
-			if (!OCSP_request_add1_cert(req, x)) goto err;
-			}
-		}
-
-	return 1;
-err:
-	OCSP_SIGNATURE_free(req->optionalSignature);
-	req->optionalSignature = NULL;
-	return 0;
-	}
-
-/* Get response status */
-
-int OCSP_response_status(OCSP_RESPONSE *resp)
-	{
-	return ASN1_ENUMERATED_get(resp->responseStatus);
-	}
-
-/* Extract basic response from OCSP_RESPONSE or NULL if
- * no basic response present.
- */
- 
-
-OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
-	{
-	OCSP_RESPBYTES *rb;
-	rb = resp->responseBytes;
-	if (!rb)
-		{
-		OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
-		return NULL;
-		}
-	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
-		{
-		OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
-		return NULL;
-		}
-
-	return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
-	}
-
-/* Return number of OCSP_SINGLERESP reponses present in
- * a basic response.
- */
-
-int OCSP_resp_count(OCSP_BASICRESP *bs)
-	{
-	if (!bs) return -1;
-	return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
-	}
-
-/* Extract an OCSP_SINGLERESP response with a given index */
-
-OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
-	{
-	if (!bs) return NULL;
-	return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
-	}
-
-/* Look single response matching a given certificate ID */
-
-int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
-	{
-	int i;
-	STACK_OF(OCSP_SINGLERESP) *sresp;
-	OCSP_SINGLERESP *single;
-	if (!bs) return -1;
-	if (last < 0) last = 0;
-	else last++;
-	sresp = bs->tbsResponseData->responses;
-	for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++)
-		{
-		single = sk_OCSP_SINGLERESP_value(sresp, i);
-		if (!OCSP_id_cmp(id, single->certId)) return i;
-		}
-	return -1;
-	}
-
-/* Extract status information from an OCSP_SINGLERESP structure.
- * Note: the revtime and reason values are only set if the 
- * certificate status is revoked. Returns numerical value of
- * status.
- */
-
-int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
-				ASN1_GENERALIZEDTIME **revtime,
-				ASN1_GENERALIZEDTIME **thisupd,
-				ASN1_GENERALIZEDTIME **nextupd)
-	{
-	int ret;
-	OCSP_CERTSTATUS *cst;
-	if(!single) return -1;
-	cst = single->certStatus;
-	ret = cst->type;
-	if (ret == V_OCSP_CERTSTATUS_REVOKED)
-		{
-		OCSP_REVOKEDINFO *rev = cst->value.revoked;
-		if (revtime) *revtime = rev->revocationTime;
-		if (reason) 
-			{
-			if(rev->revocationReason)
-				*reason = ASN1_ENUMERATED_get(rev->revocationReason);
-			else *reason = -1;
-			}
-		}
-	if(thisupd) *thisupd = single->thisUpdate;
-	if(nextupd) *nextupd = single->nextUpdate;
-	return ret;
-	}
-
-/* This function combines the previous ones: look up a certificate ID and
- * if found extract status information. Return 0 is successful.
- */
-
-int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
-				int *reason,
-				ASN1_GENERALIZEDTIME **revtime,
-				ASN1_GENERALIZEDTIME **thisupd,
-				ASN1_GENERALIZEDTIME **nextupd)
-	{
-	int i;
-	OCSP_SINGLERESP *single;
-	i = OCSP_resp_find(bs, id, -1);
-	/* Maybe check for multiple responses and give an error? */
-	if(i < 0) return 0;
-	single = OCSP_resp_get0(bs, i);
-	i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
-	if(status) *status = i;
-	return 1;
-	}
-
-/* Check validity of thisUpdate and nextUpdate fields. It is possible that the request will
- * take a few seconds to process and/or the time wont be totally accurate. Therefore to avoid
- * rejecting otherwise valid time we allow the times to be within 'nsec' of the current time.
- * Also to avoid accepting very old responses without a nextUpdate field an optional maxage
- * parameter specifies the maximum age the thisUpdate field can be.
- */
-
-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
-	{
-	int ret = 1;
-	time_t t_now, t_tmp;
-	time(&t_now);
-	/* Check thisUpdate is valid and not more than nsec in the future */
-	if (!ASN1_GENERALIZEDTIME_check(thisupd))
-		{
-		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
-		ret = 0;
-		}
-	else 
-		{
-			t_tmp = t_now + nsec;
-			if (X509_cmp_time(thisupd, &t_tmp) > 0)
-			{
-			OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
-			ret = 0;
-			}
-
-		/* If maxsec specified check thisUpdate is not more than maxsec in the past */
-		if (maxsec >= 0)
-			{
-			t_tmp = t_now - maxsec;
-			if (X509_cmp_time(thisupd, &t_tmp) < 0)
-				{
-				OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
-				ret = 0;
-				}
-			}
-		}
-		
-
-	if (!nextupd) return ret;
-
-	/* Check nextUpdate is valid and not more than nsec in the past */
-	if (!ASN1_GENERALIZEDTIME_check(nextupd))
-		{
-		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
-		ret = 0;
-		}
-	else 
-		{
-		t_tmp = t_now - nsec;
-		if (X509_cmp_time(nextupd, &t_tmp) < 0)
-			{
-			OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
-			ret = 0;
-			}
-		}
-
-	/* Also don't allow nextUpdate to precede thisUpdate */
-	if (ASN1_STRING_cmp(nextupd, thisupd) < 0)
-		{
-		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
-		ret = 0;
-		}
-
-	return ret;
-	}
diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c
deleted file mode 100644
index 0cedcea682..0000000000
--- a/crypto/ocsp/ocsp_err.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/* crypto/ocsp/ocsp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ocsp.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
-
-static ERR_STRING_DATA OCSP_str_functs[]=
-	{
-{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE),	"ASN1_STRING_encode"},
-{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE),	"D2I_OCSP_NONCE"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS),	"OCSP_basic_add1_status"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN),	"OCSP_basic_sign"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY),	"OCSP_basic_verify"},
-{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW),	"OCSP_cert_id_new"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED),	"OCSP_CHECK_DELEGATED"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS),	"OCSP_CHECK_IDS"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER),	"OCSP_CHECK_ISSUER"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY),	"OCSP_check_validity"},
-{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID),	"OCSP_MATCH_ISSUERID"},
-{ERR_FUNC(OCSP_F_OCSP_PARSE_URL),	"OCSP_parse_url"},
-{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN),	"OCSP_request_sign"},
-{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY),	"OCSP_request_verify"},
-{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC),	"OCSP_response_get1_basic"},
-{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO),	"OCSP_sendreq_bio"},
-{ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO),	"OCSP_sendreq_nbio"},
-{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1),	"PARSE_HTTP_LINE1"},
-{ERR_FUNC(OCSP_F_REQUEST_VERIFY),	"REQUEST_VERIFY"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA OCSP_str_reasons[]=
-	{
-{ERR_REASON(OCSP_R_BAD_DATA)             ,"bad data"},
-{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(OCSP_R_DIGEST_ERR)           ,"digest err"},
-{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"},
-{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"},
-{ERR_REASON(OCSP_R_ERROR_PARSING_URL)    ,"error parsing url"},
-{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"},
-{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"},
-{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE)   ,"not basic response"},
-{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"},
-{ERR_REASON(OCSP_R_NO_CONTENT)           ,"no content"},
-{ERR_REASON(OCSP_R_NO_PUBLIC_KEY)        ,"no public key"},
-{ERR_REASON(OCSP_R_NO_RESPONSE_DATA)     ,"no response data"},
-{ERR_REASON(OCSP_R_NO_REVOKED_TIME)      ,"no revoked time"},
-{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED)   ,"request not signed"},
-{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"},
-{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED)  ,"root ca not trusted"},
-{ERR_REASON(OCSP_R_SERVER_READ_ERROR)    ,"server read error"},
-{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"},
-{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"},
-{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR)   ,"server write error"},
-{ERR_REASON(OCSP_R_SIGNATURE_FAILURE)    ,"signature failure"},
-{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(OCSP_R_STATUS_EXPIRED)       ,"status expired"},
-{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"},
-{ERR_REASON(OCSP_R_STATUS_TOO_OLD)       ,"status too old"},
-{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"},
-{ERR_REASON(OCSP_R_UNKNOWN_NID)          ,"unknown nid"},
-{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_OCSP_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,OCSP_str_functs);
-		ERR_load_strings(0,OCSP_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
deleted file mode 100644
index ec884cb08f..0000000000
--- a/crypto/ocsp/ocsp_ext.c
+++ /dev/null
@@ -1,518 +0,0 @@
-/* ocsp_ext.c */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
-
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/ocsp.h>
-#include <openssl/rand.h>
-#include <openssl/x509v3.h>
-
-/* Standard wrapper functions for extensions */
-
-/* OCSP request extensions */
-
-int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
-	{
-	return(X509v3_get_ext_count(x->tbsRequest->requestExtensions));
-	}
-
-int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions,nid,lastpos));
-	}
-
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions,obj,lastpos));
-	}
-
-int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions,crit,lastpos));
-	}
-
-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
-	{
-	return(X509v3_get_ext(x->tbsRequest->requestExtensions,loc));
-	}
-
-X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
-	{
-	return(X509v3_delete_ext(x->tbsRequest->requestExtensions,loc));
-	}
-
-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
-	{
-	return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
-	}
-
-int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
-							unsigned long flags)
-	{
-	return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, crit, flags);
-	}
-
-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->tbsRequest->requestExtensions),ex,loc) != NULL);
-	}
-
-/* Single extensions */
-
-int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
-	{
-	return(X509v3_get_ext_count(x->singleRequestExtensions));
-	}
-
-int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->singleRequestExtensions,nid,lastpos));
-	}
-
-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->singleRequestExtensions,obj,lastpos));
-	}
-
-int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->singleRequestExtensions,crit,lastpos));
-	}
-
-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
-	{
-	return(X509v3_get_ext(x->singleRequestExtensions,loc));
-	}
-
-X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
-	{
-	return(X509v3_delete_ext(x->singleRequestExtensions,loc));
-	}
-
-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
-	{
-	return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
-	}
-
-int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
-							unsigned long flags)
-	{
-	return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, flags);
-	}
-
-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->singleRequestExtensions),ex,loc) != NULL);
-	}
-
-/* OCSP Basic response */
-
-int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
-	{
-	return(X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
-	}
-
-int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,nid,lastpos));
-	}
-
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,obj,lastpos));
-	}
-
-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,crit,lastpos));
-	}
-
-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
-	{
-	return(X509v3_get_ext(x->tbsResponseData->responseExtensions,loc));
-	}
-
-X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
-	{
-	return(X509v3_delete_ext(x->tbsResponseData->responseExtensions,loc));
-	}
-
-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx)
-	{
-	return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, idx);
-	}
-
-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
-							unsigned long flags)
-	{
-	return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, value, crit, flags);
-	}
-
-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->tbsResponseData->responseExtensions),ex,loc) != NULL);
-	}
-
-/* OCSP single response extensions */
-
-int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
-	{
-	return(X509v3_get_ext_count(x->singleExtensions));
-	}
-
-int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->singleExtensions,nid,lastpos));
-	}
-
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->singleExtensions,obj,lastpos));
-	}
-
-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->singleExtensions,crit,lastpos));
-	}
-
-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
-	{
-	return(X509v3_get_ext(x->singleExtensions,loc));
-	}
-
-X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
-	{
-	return(X509v3_delete_ext(x->singleExtensions,loc));
-	}
-
-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx)
-	{
-	return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
-	}
-
-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
-							unsigned long flags)
-	{
-	return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
-	}
-
-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL);
-	}
-
-/* also CRL Entry Extensions */
-#if 0
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
-				void *data, STACK_OF(ASN1_OBJECT) *sk)
-        {
-	int i;
-	unsigned char *p, *b = NULL;
-
-	if (data)
-	        {
-		if ((i=i2d(data,NULL)) <= 0) goto err;
-		if (!(b=p=OPENSSL_malloc((unsigned int)i)))
-			goto err;
-	        if (i2d(data, &p) <= 0) goto err;
-		}
-	else if (sk)
-	        {
-		if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,
-						   (I2D_OF(ASN1_OBJECT))i2d,
-						   V_ASN1_SEQUENCE,
-						   V_ASN1_UNIVERSAL,
-						   IS_SEQUENCE))<=0) goto err;
-		if (!(b=p=OPENSSL_malloc((unsigned int)i)))
-			goto err;
-		if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d,
-						V_ASN1_SEQUENCE,
-						V_ASN1_UNIVERSAL,
-						IS_SEQUENCE)<=0) goto err;
-		}
-	else
-		{
-		OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA);
-		goto err;
-		}
-	if (!s && !(s = ASN1_STRING_new())) goto err;
-	if (!(ASN1_STRING_set(s, b, i))) goto err;
-	OPENSSL_free(b);
-	return s;
-err:
-	if (b) OPENSSL_free(b);
-	return NULL;
-	}
-#endif
-
-/* Nonce handling functions */
-
-/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
- * a random nonce will be generated.
- * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the 
- * nonce, previous versions used the raw nonce.
- */
-
-static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
-	{
-	unsigned char *tmpval;
-	ASN1_OCTET_STRING os;
-	int ret = 0;
-	if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
-	/* Create the OCTET STRING manually by writing out the header and
-	 * appending the content octets. This avoids an extra memory allocation
-	 * operation in some cases. Applications should *NOT* do this because
-         * it relies on library internals.
-	 */
-	os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
-	os.data = OPENSSL_malloc(os.length);
-	if (os.data == NULL)
-		goto err;
-	tmpval = os.data;
-	ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
-	if (val)
-		memcpy(tmpval, val, len);
-	else
-		RAND_pseudo_bytes(tmpval, len);
-	if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
-			&os, 0, X509V3_ADD_REPLACE))
-				goto err;
-	ret = 1;
-	err:
-	if (os.data)
-		OPENSSL_free(os.data);
-	return ret;
-	}
-
-
-/* Add nonce to an OCSP request */
-
-int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
-	{
-	return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
-	}
-
-/* Same as above but for a response */
-
-int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
-	{
-	return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len);
-	}
-
-/* Check nonce validity in a request and response.
- * Return value reflects result:
- *  1: nonces present and equal.
- *  2: nonces both absent.
- *  3: nonce present in response only.
- *  0: nonces both present and not equal.
- * -1: nonce in request only.
- *
- *  For most responders clients can check return > 0.
- *  If responder doesn't handle nonces return != 0 may be
- *  necessary. return == 0 is always an error.
- */
-
-int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
-	{
-	/*
-	 * Since we are only interested in the presence or absence of
-	 * the nonce and comparing its value there is no need to use
-	 * the X509V3 routines: this way we can avoid them allocating an
-	 * ASN1_OCTET_STRING structure for the value which would be
-	 * freed immediately anyway.
-	 */
-
-	int req_idx, resp_idx;
-	X509_EXTENSION *req_ext, *resp_ext;
-	req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
-	resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
-	/* Check both absent */
-	if((req_idx < 0) && (resp_idx < 0))
-		return 2;
-	/* Check in request only */
-	if((req_idx >= 0) && (resp_idx < 0))
-		return -1;
-	/* Check in response but not request */
-	if((req_idx < 0) && (resp_idx >= 0))
-		return 3;
-	/* Otherwise nonce in request and response so retrieve the extensions */
-	req_ext = OCSP_REQUEST_get_ext(req, req_idx);
-	resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
-	if(ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
-		return 0;
-	return 1;
-	}
-
-/* Copy the nonce value (if any) from an OCSP request to 
- * a response.
- */
-
-int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
-	{
-	X509_EXTENSION *req_ext;
-	int req_idx;
-	/* Check for nonce in request */
-	req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
-	/* If no nonce that's OK */
-	if (req_idx < 0) return 2;
-	req_ext = OCSP_REQUEST_get_ext(req, req_idx);
-	return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
-	}
-
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
-        {
-	X509_EXTENSION *x = NULL;
-	OCSP_CRLID *cid = NULL;
-	
-	if (!(cid = OCSP_CRLID_new())) goto err;
-	if (url)
-	        {
-		if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err;
-		if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err;
-		}
-	if (n)
-	        {
-		if (!(cid->crlNum = ASN1_INTEGER_new())) goto err;
-		if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err;
-		}
-	if (tim)
-	        {
-		if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err;
-		if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
-		        goto err;
-		}
-	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
-err:
-	if (cid) OCSP_CRLID_free(cid);
-	return x;
-	}
-
-/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
-X509_EXTENSION *OCSP_accept_responses_new(char **oids)
-        {
-	int nid;
-	STACK_OF(ASN1_OBJECT) *sk = NULL;
-	ASN1_OBJECT *o = NULL;
-        X509_EXTENSION *x = NULL;
-
-	if (!(sk = sk_ASN1_OBJECT_new_null())) goto err;
-	while (oids && *oids)
-	        {
-		if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) 
-		        sk_ASN1_OBJECT_push(sk, o);
-		oids++;
-		}
-	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
-err:
-	if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-	return x;
-        }
-
-/*  ArchiveCutoff ::= GeneralizedTime */
-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
-        {
-	X509_EXTENSION *x=NULL;
-	ASN1_GENERALIZEDTIME *gt = NULL;
-
-	if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
-	if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
-	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
-err:
-	if (gt) ASN1_GENERALIZEDTIME_free(gt);
-	return x;
-	}
-
-/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
- * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This
- * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
- */
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
-        {
-	X509_EXTENSION *x = NULL;
-	ASN1_IA5STRING *ia5 = NULL;
-	OCSP_SERVICELOC *sloc = NULL;
-	ACCESS_DESCRIPTION *ad = NULL;
-	
-	if (!(sloc = OCSP_SERVICELOC_new())) goto err;
-	if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err;
-	if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) goto err;
-	while (urls && *urls)
-	        {
-		if (!(ad = ACCESS_DESCRIPTION_new())) goto err;
-		if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err;
-		if (!(ad->location = GENERAL_NAME_new())) goto err;
-	        if (!(ia5 = ASN1_IA5STRING_new())) goto err;
-		if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err;
-		ad->location->type = GEN_URI;
-		ad->location->d.ia5 = ia5;
-		if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
-		urls++;
-		}
-	x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
-err:
-	if (sloc) OCSP_SERVICELOC_free(sloc);
-	return x;
-	}
-
diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
deleted file mode 100644
index 09eb855d4a..0000000000
--- a/crypto/ocsp/ocsp_ht.c
+++ /dev/null
@@ -1,512 +0,0 @@
-/* ocsp_ht.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include "e_os.h"
-#include <openssl/asn1.h>
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
-#include <openssl/buffer.h>
-#ifdef OPENSSL_SYS_SUNOS
-#define strtoul (unsigned long)strtol
-#endif /* OPENSSL_SYS_SUNOS */
-
-/* Stateful OCSP request code, supporting non-blocking I/O */
-
-/* Opaque OCSP request status structure */
-
-struct ocsp_req_ctx_st {
-	int state;		/* Current I/O state */
-	unsigned char *iobuf;	/* Line buffer */
-	int iobuflen;		/* Line buffer length */
-	BIO *io;		/* BIO to perform I/O with */
-	BIO *mem;		/* Memory BIO response is built into */
-	unsigned long asn1_len;	/* ASN1 length of response */
-	};
-
-#define OCSP_MAX_REQUEST_LENGTH	(100 * 1024)
-#define OCSP_MAX_LINE_LEN	4096;
-
-/* OCSP states */
-
-/* If set no reading should be performed */
-#define OHS_NOREAD		0x1000
-/* Error condition */
-#define OHS_ERROR		(0 | OHS_NOREAD)
-/* First line being read */
-#define OHS_FIRSTLINE		1
-/* MIME headers being read */
-#define OHS_HEADERS		2
-/* OCSP initial header (tag + length) being read */
-#define OHS_ASN1_HEADER		3
-/* OCSP content octets being read */
-#define OHS_ASN1_CONTENT	4
-/* Request being sent */
-#define OHS_ASN1_WRITE		(6 | OHS_NOREAD)
-/* Request being flushed */
-#define OHS_ASN1_FLUSH		(7 | OHS_NOREAD)
-/* Completed */
-#define OHS_DONE		(8 | OHS_NOREAD)
-
-
-static int parse_http_line1(char *line);
-
-void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
-	{
-	if (rctx->mem)
-		BIO_free(rctx->mem);
-	if (rctx->iobuf)
-		OPENSSL_free(rctx->iobuf);
-	OPENSSL_free(rctx);
-	}
-
-int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req)
-	{
-	static const char req_hdr[] =
-	"Content-Type: application/ocsp-request\r\n"
-	"Content-Length: %d\r\n\r\n";
-        if (BIO_printf(rctx->mem, req_hdr, i2d_OCSP_REQUEST(req, NULL)) <= 0)
-		return 0;
-        if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
-		return 0;
-	rctx->state = OHS_ASN1_WRITE;
-	rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
-	return 1;
-	}
-
-int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
-		const char *name, const char *value)
-	{
-	if (!name)
-		return 0;
-	if (BIO_puts(rctx->mem, name) <= 0)
-		return 0;
-	if (value)
-		{
-		if (BIO_write(rctx->mem, ": ", 2) != 2)
-			return 0;
-		if (BIO_puts(rctx->mem, value) <= 0)
-			return 0;
-		}
-	if (BIO_write(rctx->mem, "\r\n", 2) != 2)
-		return 0;
-	return 1;
-	}
-
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
-								int maxline)
-	{
-	static const char post_hdr[] = "POST %s HTTP/1.0\r\n";
-
-	OCSP_REQ_CTX *rctx;
-	rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
-	if (!rctx)
-		return NULL;
-	rctx->state = OHS_ERROR;
-	rctx->mem = BIO_new(BIO_s_mem());
-	rctx->io = io;
-	rctx->asn1_len = 0;
-	if (maxline > 0)
-		rctx->iobuflen = maxline;
-	else
-		rctx->iobuflen = OCSP_MAX_LINE_LEN;
-	rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
-	if (!rctx->mem || !rctx->iobuf)
-		goto err;
-	if (!path)
-		path = "/";
-
-        if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
-		goto err;
-
-	if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
-		goto err;
-
-	return rctx;
-	err:
-	OCSP_REQ_CTX_free(rctx);
-	return NULL;
-	}
-
-/* Parse the HTTP response. This will look like this:
- * "HTTP/1.0 200 OK". We need to obtain the numeric code and
- * (optional) informational message.
- */
-
-static int parse_http_line1(char *line)
-	{
-	int retcode;
-	char *p, *q, *r;
-	/* Skip to first white space (passed protocol info) */
-
-	for(p = line; *p && !isspace((unsigned char)*p); p++)
-		continue;
-	if(!*p)
-		{
-		OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
-					OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-		return 0;
-		}
-
-	/* Skip past white space to start of response code */
-	while(*p && isspace((unsigned char)*p))
-		p++;
-
-	if(!*p)
-		{
-		OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
-					OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-		return 0;
-		}
-
-	/* Find end of response code: first whitespace after start of code */
-	for(q = p; *q && !isspace((unsigned char)*q); q++)
-		continue;
-
-	if(!*q)
-		{
-		OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
-					OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-		return 0;
-		}
-
-	/* Set end of response code and start of message */ 
-	*q++ = 0;
-
-	/* Attempt to parse numeric code */
-	retcode = strtoul(p, &r, 10);
-
-	if(*r)
-		return 0;
-
-	/* Skip over any leading white space in message */
-	while(*q && isspace((unsigned char)*q))
-		q++;
-
-	if(*q)
-		{
-		/* Finally zap any trailing white space in message (include
-		 * CRLF) */
-
-		/* We know q has a non white space character so this is OK */
-		for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
-			*r = 0;
-		}
-	if(retcode != 200)
-		{
-		OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
-		if(!*q)
-			ERR_add_error_data(2, "Code=", p);
-		else
-			ERR_add_error_data(4, "Code=", p, ",Reason=", q);
-		return 0;
-		}
-
-
-	return 1;
-
-	}
-
-int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
-	{
-	int i, n;
-	const unsigned char *p;
-	next_io:
-	if (!(rctx->state & OHS_NOREAD))
-		{
-		n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);
-
-		if (n <= 0)
-			{
-			if (BIO_should_retry(rctx->io))
-				return -1;
-			return 0;
-			}
-
-		/* Write data to memory BIO */
-
-		if (BIO_write(rctx->mem, rctx->iobuf, n) != n)
-			return 0;
-		}
-
-	switch(rctx->state)
-		{
-
-		case OHS_ASN1_WRITE:
-		n = BIO_get_mem_data(rctx->mem, &p);
-
-		i = BIO_write(rctx->io,
-			p + (n - rctx->asn1_len), rctx->asn1_len);
-
-		if (i <= 0)
-			{
-			if (BIO_should_retry(rctx->io))
-				return -1;
-			rctx->state = OHS_ERROR;
-			return 0;
-			}
-
-		rctx->asn1_len -= i;
-
-		if (rctx->asn1_len > 0)
-			goto next_io;
-
-		rctx->state = OHS_ASN1_FLUSH;
-
-		(void)BIO_reset(rctx->mem);
-
-		case OHS_ASN1_FLUSH:
-
-		i = BIO_flush(rctx->io);
-
-		if (i > 0)
-			{
-			rctx->state = OHS_FIRSTLINE;
-			goto next_io;
-			}
-
-		if (BIO_should_retry(rctx->io))
-			return -1;
-
-		rctx->state = OHS_ERROR;
-		return 0;
-
-		case OHS_ERROR:
-		return 0;
-
-		case OHS_FIRSTLINE:
-		case OHS_HEADERS:
-
-		/* Attempt to read a line in */
-
-		next_line:
-		/* Due to &%^*$" memory BIO behaviour with BIO_gets we
-		 * have to check there's a complete line in there before
-		 * calling BIO_gets or we'll just get a partial read.
-		 */
-		n = BIO_get_mem_data(rctx->mem, &p);
-		if ((n <= 0) || !memchr(p, '\n', n))
-			{
-			if (n >= rctx->iobuflen)
-				{
-				rctx->state = OHS_ERROR;
-				return 0;
-				}
-			goto next_io;
-			}
-		n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);
-
-		if (n <= 0)
-			{
-			if (BIO_should_retry(rctx->mem))
-				goto next_io;
-			rctx->state = OHS_ERROR;
-			return 0;
-			}
-
-		/* Don't allow excessive lines */
-		if (n == rctx->iobuflen)
-			{
-			rctx->state = OHS_ERROR;
-			return 0;
-			}
-
-		/* First line */
-		if (rctx->state == OHS_FIRSTLINE)
-			{
-			if (parse_http_line1((char *)rctx->iobuf))
-				{
-				rctx->state = OHS_HEADERS;
-				goto next_line;
-				}
-			else
-				{
-				rctx->state = OHS_ERROR;
-				return 0;
-				}
-			}
-		else
-			{
-			/* Look for blank line: end of headers */
-			for (p = rctx->iobuf; *p; p++)
-				{
-				if ((*p != '\r') && (*p != '\n'))
-					break;
-				}
-			if (*p)
-				goto next_line;
-
-			rctx->state = OHS_ASN1_HEADER;
-
-			}
- 
-		/* Fall thru */
-
-
-		case OHS_ASN1_HEADER:
-		/* Now reading ASN1 header: can read at least 2 bytes which
-		 * is enough for ASN1 SEQUENCE header and either length field
-		 * or at least the length of the length field.
-		 */
-		n = BIO_get_mem_data(rctx->mem, &p);
-		if (n < 2)
-			goto next_io;
-
-		/* Check it is an ASN1 SEQUENCE */
-		if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
-			{
-			rctx->state = OHS_ERROR;
-			return 0;
-			}
-
-		/* Check out length field */
-		if (*p & 0x80)
-			{
-			/* If MSB set on initial length octet we can now
-			 * always read 6 octets: make sure we have them.
-			 */
-			if (n < 6)
-				goto next_io;
-			n = *p & 0x7F;
-			/* Not NDEF or excessive length */
-			if (!n || (n > 4))
-				{
-				rctx->state = OHS_ERROR;
-				return 0;
-				}
-			p++;
-			rctx->asn1_len = 0;
-			for (i = 0; i < n; i++)
-				{
-				rctx->asn1_len <<= 8;
-				rctx->asn1_len |= *p++;
-				}
-
-			if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH)
-				{
-				rctx->state = OHS_ERROR;
-				return 0;
-				}
-
-			rctx->asn1_len += n + 2;
-			}
-		else
-			rctx->asn1_len = *p + 2;
-
-		rctx->state = OHS_ASN1_CONTENT;
-
-		/* Fall thru */
-		
-		case OHS_ASN1_CONTENT:
-		n = BIO_get_mem_data(rctx->mem, &p);
-		if (n < (int)rctx->asn1_len)
-			goto next_io;
-
-
-		*presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len);
-		if (*presp)
-			{
-			rctx->state = OHS_DONE;
-			return 1;
-			}
-
-		rctx->state = OHS_ERROR;
-		return 0;
-
-		break;
-
-		case OHS_DONE:
-		return 1;
-
-		}
-
-
-
-	return 0;
-
-
-	}
-
-/* Blocking OCSP request handler: now a special case of non-blocking I/O */
-
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
-	{
-	OCSP_RESPONSE *resp = NULL;
-	OCSP_REQ_CTX *ctx;
-	int rv;
-
-	ctx = OCSP_sendreq_new(b, path, req, -1);
-
-	if (!ctx)
-		return NULL;
-
-	do
-		{
-		rv = OCSP_sendreq_nbio(&resp, ctx);
-		} while ((rv == -1) && BIO_should_retry(b));
-
-	OCSP_REQ_CTX_free(ctx);
-
-	if (rv)
-		return resp;
-
-	return NULL;
-	}
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
deleted file mode 100644
index 5061c0578b..0000000000
--- a/crypto/ocsp/ocsp_lib.c
+++ /dev/null
@@ -1,277 +0,0 @@
-/* ocsp_lib.c */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
-
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/ocsp.h>
-#include <openssl/asn1t.h>
-
-/* Convert a certificate and its issuer to an OCSP_CERTID */
-
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
-{
-	X509_NAME *iname;
-	ASN1_INTEGER *serial;
-	ASN1_BIT_STRING *ikey;
-#ifndef OPENSSL_NO_SHA1
-	if(!dgst) dgst = EVP_sha1();
-#endif
-	if (subject)
-		{
-		iname = X509_get_issuer_name(subject);
-		serial = X509_get_serialNumber(subject);
-		}
-	else
-		{
-		iname = X509_get_subject_name(issuer);
-		serial = NULL;
-		}
-	ikey = X509_get0_pubkey_bitstr(issuer);
-	return OCSP_cert_id_new(dgst, iname, ikey, serial);
-}
-
-
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
-			      X509_NAME *issuerName, 
-			      ASN1_BIT_STRING* issuerKey, 
-			      ASN1_INTEGER *serialNumber)
-        {
-	int nid;
-        unsigned int i;
-	X509_ALGOR *alg;
-	OCSP_CERTID *cid = NULL;
-	unsigned char md[EVP_MAX_MD_SIZE];
-
-	if (!(cid = OCSP_CERTID_new())) goto err;
-
-	alg = cid->hashAlgorithm;
-	if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
-	if ((nid = EVP_MD_type(dgst)) == NID_undef)
-	        {
-		OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
-		goto err;
-		}
-	if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
-	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
-	alg->parameter->type=V_ASN1_NULL;
-
-	if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;
-	if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
-
-	/* Calculate the issuerKey hash, excluding tag and length */
-	if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
-		goto err;
-
-	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
-
-	if (serialNumber)
-		{
-		ASN1_INTEGER_free(cid->serialNumber);
-		if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
-		}
-	return cid;
-digerr:
-	OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
-err:
-	if (cid) OCSP_CERTID_free(cid);
-	return NULL;
-	}
-
-int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
-	{
-	int ret;
-	ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
-	if (ret) return ret;
-	ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
-	if (ret) return ret;
-	return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
-	}
-
-int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
-	{
-	int ret;
-	ret = OCSP_id_issuer_cmp(a, b);
-	if (ret) return ret;
-	return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
-	}
-
-
-/* Parse a URL and split it up into host, port and path components and whether
- * it is SSL.
- */
-
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
-	{
-	char *p, *buf;
-
-	char *host, *port;
-
-	*phost = NULL;
-	*pport = NULL;
-	*ppath = NULL;
-
-	/* dup the buffer since we are going to mess with it */
-	buf = BUF_strdup(url);
-	if (!buf) goto mem_err;
-
-	/* Check for initial colon */
-	p = strchr(buf, ':');
-
-	if (!p) goto parse_err;
-
-	*(p++) = '\0';
-
-	if (!strcmp(buf, "http"))
-		{
-		*pssl = 0;
-		port = "80";
-		}
-	else if (!strcmp(buf, "https"))
-		{
-		*pssl = 1;
-		port = "443";
-		}
-	else
-		goto parse_err;
-
-	/* Check for double slash */
-	if ((p[0] != '/') || (p[1] != '/'))
-		goto parse_err;
-
-	p += 2;
-
-	host = p;
-
-	/* Check for trailing part of path */
-
-	p = strchr(p, '/');
-
-	if (!p) 
-		*ppath = BUF_strdup("/");
-	else
-		{
-		*ppath = BUF_strdup(p);
-		/* Set start of path to 0 so hostname is valid */
-		*p = '\0';
-		}
-
-	if (!*ppath) goto mem_err;
-
-	p = host;
-	if(host[0] == '[')
-		{
-		/* ipv6 literal */
-		host++;
-		p = strchr(host, ']');
-		if(!p) goto parse_err;
-		*p = '\0';
-		p++;
-		}
-
-	/* Look for optional ':' for port number */
-	if ((p = strchr(p, ':')))
-		{
-		*p = 0;
-		port = p + 1;
-		}
-	else
-		{
-		/* Not found: set default port */
-		if (*pssl) port = "443";
-		else port = "80";
-		}
-
-	*pport = BUF_strdup(port);
-	if (!*pport) goto mem_err;
-
-	*phost = BUF_strdup(host);
-
-	if (!*phost) goto mem_err;
-
-	OPENSSL_free(buf);
-
-	return 1;
-
-	mem_err:
-	OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
-	goto err;
-
-	parse_err:
-	OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
-
-
-	err:
-	if (buf) OPENSSL_free(buf);
-	if (*ppath) OPENSSL_free(*ppath);
-	if (*pport) OPENSSL_free(*pport);
-	if (*phost) OPENSSL_free(*phost);
-	return 0;
-
-	}
-
-IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
deleted file mode 100644
index 87608ff399..0000000000
--- a/crypto/ocsp/ocsp_prn.c
+++ /dev/null
@@ -1,290 +0,0 @@
-/* ocsp_prn.c */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
-
-/* History:
-   This file was originally part of ocsp.c and was transfered to Richard
-   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
-   in OpenSSL or released as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/ocsp.h>
-#include <openssl/pem.h>
-
-static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
-        {
-	BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
-	indent += 2;
-	BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
-	i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
-	BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
-	i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
-	BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
-	i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
-	BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
-	i2a_ASN1_INTEGER(bp, a->serialNumber);
-	BIO_printf(bp, "\n");
-	return 1;
-	}
-
-typedef struct
-	{
-	long t;
-	const char *m;
-	} OCSP_TBLSTR;
-
-static const char *table2string(long s, const OCSP_TBLSTR *ts, int len)
-{
-	const OCSP_TBLSTR *p;
-	for (p=ts; p < ts + len; p++)
-	        if (p->t == s)
-		         return p->m;
-	return "(UNKNOWN)";
-}
-
-const char *OCSP_response_status_str(long s)
-        {
-	static const OCSP_TBLSTR rstat_tbl[] = {
-	        { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
-	        { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
-	        { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
-	        { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
-	        { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
-	        { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } };
-	return table2string(s, rstat_tbl, 6);
-	} 
-
-const char *OCSP_cert_status_str(long s)
-        {
-	static const OCSP_TBLSTR cstat_tbl[] = {
-	        { V_OCSP_CERTSTATUS_GOOD, "good" },
-	        { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
-	        { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } };
-	return table2string(s, cstat_tbl, 3);
-	} 
-
-const char *OCSP_crl_reason_str(long s)
-        {
-	static const OCSP_TBLSTR reason_tbl[] = {
-	  { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
-          { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
-          { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
-          { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
-          { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
-          { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
-          { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
-          { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } };
-	return table2string(s, reason_tbl, 8);
-	} 
-
-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
-        {
-	int i;
-	long l;
-	OCSP_CERTID* cid = NULL;
-	OCSP_ONEREQ *one = NULL;
-	OCSP_REQINFO *inf = o->tbsRequest;
-	OCSP_SIGNATURE *sig = o->optionalSignature;
-
-	if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
-	l=ASN1_INTEGER_get(inf->version);
-	if (BIO_printf(bp,"    Version: %lu (0x%lx)",l+1,l) <= 0) goto err;
-	if (inf->requestorName != NULL)
-	        {
-		if (BIO_write(bp,"\n    Requestor Name: ",21) <= 0) 
-		        goto err;
-		GENERAL_NAME_print(bp, inf->requestorName);
-		}
-	if (BIO_write(bp,"\n    Requestor List:\n",21) <= 0) goto err;
-	for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
-	        {
-		one = sk_OCSP_ONEREQ_value(inf->requestList, i);
-		cid = one->reqCert;
-		ocsp_certid_print(bp, cid, 8);
-		if (!X509V3_extensions_print(bp,
-					"Request Single Extensions",
-					one->singleRequestExtensions, flags, 8))
-							goto err;
-		}
-	if (!X509V3_extensions_print(bp, "Request Extensions",
-			inf->requestExtensions, flags, 4))
-							goto err;
-	if (sig)
-	        {
-		X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
-		for (i=0; i<sk_X509_num(sig->certs); i++)
-			{
-			X509_print(bp, sk_X509_value(sig->certs,i));
-			PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
-			}
-		}
-	return 1;
-err:
-	return 0;
-	}
-
-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
-        {
-	int i, ret = 0;
-	long l;
-	OCSP_CERTID *cid = NULL;
-	OCSP_BASICRESP *br = NULL;
-	OCSP_RESPID *rid = NULL;
-	OCSP_RESPDATA  *rd = NULL;
-	OCSP_CERTSTATUS *cst = NULL;
-	OCSP_REVOKEDINFO *rev = NULL;
-	OCSP_SINGLERESP *single = NULL;
-	OCSP_RESPBYTES *rb = o->responseBytes;
-
-	if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
-	l=ASN1_ENUMERATED_get(o->responseStatus);
-	if (BIO_printf(bp,"    OCSP Response Status: %s (0x%lx)\n",
-		       OCSP_response_status_str(l), l) <= 0) goto err;
-	if (rb == NULL) return 1;
-        if (BIO_puts(bp,"    Response Type: ") <= 0)
-	        goto err;
-	if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
-	        goto err;
-	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) 
-	        {
-		BIO_puts(bp," (unknown response type)\n");
-		return 1;
-		}
-
-	i = ASN1_STRING_length(rb->response);
-	if (!(br = OCSP_response_get1_basic(o))) goto err;
-	rd = br->tbsResponseData;
-	l=ASN1_INTEGER_get(rd->version);
-	if (BIO_printf(bp,"\n    Version: %lu (0x%lx)\n",
-		       l+1,l) <= 0) goto err;
-	if (BIO_puts(bp,"    Responder Id: ") <= 0) goto err;
-
-	rid =  rd->responderId;
-	switch (rid->type)
-		{
-		case V_OCSP_RESPID_NAME:
-		        X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
-		        break;
-		case V_OCSP_RESPID_KEY:
-		        i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
-		        break;
-		}
-
-	if (BIO_printf(bp,"\n    Produced At: ")<=0) goto err;
-	if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;
-	if (BIO_printf(bp,"\n    Responses:\n") <= 0) goto err;
-	for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
-	        {
-		if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;
-		single = sk_OCSP_SINGLERESP_value(rd->responses, i);
-		cid = single->certId;
-		if(ocsp_certid_print(bp, cid, 4) <= 0) goto err;
-		cst = single->certStatus;
-		if (BIO_printf(bp,"    Cert Status: %s",
-			       OCSP_cert_status_str(cst->type)) <= 0)
-		        goto err;
-		if (cst->type == V_OCSP_CERTSTATUS_REVOKED)
-		        {
-		        rev = cst->value.revoked;
-			if (BIO_printf(bp, "\n    Revocation Time: ") <= 0) 
-			        goto err;
-			if (!ASN1_GENERALIZEDTIME_print(bp, 
-							rev->revocationTime)) 
-				goto err;
-			if (rev->revocationReason) 
-			        {
-				l=ASN1_ENUMERATED_get(rev->revocationReason);
-				if (BIO_printf(bp, 
-					 "\n    Revocation Reason: %s (0x%lx)",
-					       OCSP_crl_reason_str(l), l) <= 0)
-				        goto err;
-				}
-			}
-		if (BIO_printf(bp,"\n    This Update: ") <= 0) goto err;
-		if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) 
-			goto err;
-		if (single->nextUpdate)
-		        {
-			if (BIO_printf(bp,"\n    Next Update: ") <= 0)goto err;
-			if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
-				goto err;
-			}
-		if (BIO_write(bp,"\n",1) <= 0) goto err;
-		if (!X509V3_extensions_print(bp,
-					"Response Single Extensions",
-					single->singleExtensions, flags, 8))
-							goto err;
-		if (BIO_write(bp,"\n",1) <= 0) goto err;
-		}
-	if (!X509V3_extensions_print(bp, "Response Extensions",
-					rd->responseExtensions, flags, 4))
-							goto err;
-	if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
-							goto err;
-
-	for (i=0; i<sk_X509_num(br->certs); i++)
-		{
-		X509_print(bp, sk_X509_value(br->certs,i));
-		PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
-		}
-
-	ret = 1;
-err:
-	OCSP_BASICRESP_free(br);
-	return ret;
-	}
diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
deleted file mode 100644
index 1c606dd0b6..0000000000
--- a/crypto/ocsp/ocsp_srv.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/* ocsp_srv.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/ocsp.h>
-
-/* Utility functions related to sending OCSP responses and extracting
- * relevant information from the request.
- */
-
-int OCSP_request_onereq_count(OCSP_REQUEST *req)
-	{
-	return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
-	}
-
-OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
-	{
-	return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
-	}
-
-OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
-	{
-	return one->reqCert;
-	}
-
-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
-			ASN1_OCTET_STRING **pikeyHash,
-			ASN1_INTEGER **pserial, OCSP_CERTID *cid)
-	{
-	if (!cid) return 0;
-	if (pmd) *pmd = cid->hashAlgorithm->algorithm;
-	if(piNameHash) *piNameHash = cid->issuerNameHash;
-	if (pikeyHash) *pikeyHash = cid->issuerKeyHash;
-	if (pserial) *pserial = cid->serialNumber;
-	return 1;
-	}
-
-int OCSP_request_is_signed(OCSP_REQUEST *req)
-	{
-	if(req->optionalSignature) return 1;
-	return 0;
-	}
-
-/* Create an OCSP response and encode an optional basic response */
-OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
-        {
-        OCSP_RESPONSE *rsp = NULL;
-
-	if (!(rsp = OCSP_RESPONSE_new())) goto err;
-	if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;
-	if (!bs) return rsp;
-	if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
-	rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
-	if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
-				goto err;
-	return rsp;
-err:
-	if (rsp) OCSP_RESPONSE_free(rsp);
-	return NULL;
-	}
-
-
-OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
-						OCSP_CERTID *cid,
-						int status, int reason,
-						ASN1_TIME *revtime,
-					ASN1_TIME *thisupd, ASN1_TIME *nextupd)
-	{
-	OCSP_SINGLERESP *single = NULL;
-	OCSP_CERTSTATUS *cs;
-	OCSP_REVOKEDINFO *ri;
-
-	if(!rsp->tbsResponseData->responses &&
-	    !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
-		goto err;
-
-	if (!(single = OCSP_SINGLERESP_new()))
-		goto err;
-
-
-
-	if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
-		goto err;
-	if (nextupd &&
-		!ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
-		goto err;
-
-	OCSP_CERTID_free(single->certId);
-
-	if(!(single->certId = OCSP_CERTID_dup(cid)))
-		goto err;
-
-	cs = single->certStatus;
-	switch(cs->type = status)
-		{
-	case V_OCSP_CERTSTATUS_REVOKED:
-		if (!revtime)
-		        {
-		        OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME);
-			goto err;
-		        }
-		if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
-		if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
-			goto err;	
-		if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
-		        {
-			if (!(ri->revocationReason = ASN1_ENUMERATED_new())) 
-			        goto err;
-			if (!(ASN1_ENUMERATED_set(ri->revocationReason, 
-						  reason)))
-			        goto err;	
-			}
-		break;
-
-	case V_OCSP_CERTSTATUS_GOOD:
-		cs->value.good = ASN1_NULL_new();
-		break;
-
-	case V_OCSP_CERTSTATUS_UNKNOWN:
-		cs->value.unknown = ASN1_NULL_new();
-		break;
-
-	default:
-		goto err;
-
-		}
-	if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
-		goto err;
-	return single;
-err:
-	OCSP_SINGLERESP_free(single);
-	return NULL;
-	}
-
-/* Add a certificate to an OCSP request */
-
-int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
-	{
-	if (!resp->certs && !(resp->certs = sk_X509_new_null()))
-		return 0;
-
-	if(!sk_X509_push(resp->certs, cert)) return 0;
-	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-	return 1;
-	}
-
-int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
-			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
-			STACK_OF(X509) *certs, unsigned long flags)
-        {
-	int i;
-	OCSP_RESPID *rid;
-
-	if (!X509_check_private_key(signer, key))
-		{
-		OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-		goto err;
-		}
-
-	if(!(flags & OCSP_NOCERTS))
-		{
-		if(!OCSP_basic_add1_cert(brsp, signer))
-			goto err;
-		for (i = 0; i < sk_X509_num(certs); i++)
-			{
-			X509 *tmpcert = sk_X509_value(certs, i);
-			if(!OCSP_basic_add1_cert(brsp, tmpcert))
-				goto err;
-			}
-		}
-
-	rid = brsp->tbsResponseData->responderId;
-	if (flags & OCSP_RESPID_KEY)
-		{
-		unsigned char md[SHA_DIGEST_LENGTH];
-		X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
-		if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
-			goto err;
-		if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))
-				goto err;
-		rid->type = V_OCSP_RESPID_KEY;
-		}
-	else
-		{
-		if (!X509_NAME_set(&rid->value.byName,
-					X509_get_subject_name(signer)))
-				goto err;
-		rid->type = V_OCSP_RESPID_NAME;
-		}
-
-	if (!(flags & OCSP_NOTIME) &&
-		!X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
-		goto err;
-
-	/* Right now, I think that not doing double hashing is the right
-	   thing.	-- Richard Levitte */
-
-	if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;
-
-	return 1;
-err:
-	return 0;
-	}
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
deleted file mode 100644
index fc0d4cc0f5..0000000000
--- a/crypto/ocsp/ocsp_vfy.c
+++ /dev/null
@@ -1,453 +0,0 @@
-/* ocsp_vfy.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
-#include <string.h>
-
-static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-				X509_STORE *st, unsigned long flags);
-static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags);
-static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
-static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp);
-static int ocsp_check_delegated(X509 *x, int flags);
-static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
-				X509_STORE *st, unsigned long flags);
-
-/* Verify a basic response message */
-
-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-				X509_STORE *st, unsigned long flags)
-	{
-	X509 *signer, *x;
-	STACK_OF(X509) *chain = NULL;
-	X509_STORE_CTX ctx;
-	int i, ret = 0;
-	ret = ocsp_find_signer(&signer, bs, certs, st, flags);
-	if (!ret)
-		{
-		OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
-		goto end;
-		}
-	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
-		flags |= OCSP_NOVERIFY;
-	if (!(flags & OCSP_NOSIGS))
-		{
-		EVP_PKEY *skey;
-		skey = X509_get_pubkey(signer);
-		if (skey)
-			{
-			ret = OCSP_BASICRESP_verify(bs, skey, 0);
-			EVP_PKEY_free(skey);
-			}
-		if(!skey || ret <= 0)
-			{
-			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
-			goto end;
-			}
-		}
-	if (!(flags & OCSP_NOVERIFY))
-		{
-		int init_res;
-		if(flags & OCSP_NOCHAIN)
-			init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
-		else
-			init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
-		if(!init_res)
-			{
-			ret = -1;
-			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
-			goto end;
-			}
-
-		X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
-		ret = X509_verify_cert(&ctx);
-		chain = X509_STORE_CTX_get1_chain(&ctx);
-		X509_STORE_CTX_cleanup(&ctx);
-                if (ret <= 0)
-			{
-			i = X509_STORE_CTX_get_error(&ctx);	
-			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
-			ERR_add_error_data(2, "Verify error:",
-					X509_verify_cert_error_string(i));
-                        goto end;
-                	}
-		if(flags & OCSP_NOCHECKS)
-			{
-			ret = 1;
-			goto end;
-			}
-		/* At this point we have a valid certificate chain
-		 * need to verify it against the OCSP issuer criteria.
-		 */
-		ret = ocsp_check_issuer(bs, chain, flags);
-
-		/* If fatal error or valid match then finish */
-		if (ret != 0) goto end;
-
-		/* Easy case: explicitly trusted. Get root CA and
-		 * check for explicit trust
-		 */
-		if(flags & OCSP_NOEXPLICIT) goto end;
-
-		x = sk_X509_value(chain, sk_X509_num(chain) - 1);
-		if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED)
-			{
-			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED);
-			goto end;
-			}
-		ret = 1;
-		}
-
-
-
-	end:
-	if(chain) sk_X509_pop_free(chain, X509_free);
-	return ret;
-	}
-
-
-static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-				X509_STORE *st, unsigned long flags)
-	{
-	X509 *signer;
-	OCSP_RESPID *rid = bs->tbsResponseData->responderId;
-	if ((signer = ocsp_find_signer_sk(certs, rid)))
-		{
-		*psigner = signer;
-		return 2;
-		}
-	if(!(flags & OCSP_NOINTERN) &&
-	    (signer = ocsp_find_signer_sk(bs->certs, rid)))
-		{
-		*psigner = signer;
-		return 1;
-		}
-	/* Maybe lookup from store if by subject name */
-
-	*psigner = NULL;
-	return 0;
-	}
-
-
-static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
-	{
-	int i;
-	unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
-	X509 *x;
-
-	/* Easy if lookup by name */
-	if (id->type == V_OCSP_RESPID_NAME)
-		return X509_find_by_subject(certs, id->value.byName);
-
-	/* Lookup by key hash */
-
-	/* If key hash isn't SHA1 length then forget it */
-	if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL;
-	keyhash = id->value.byKey->data;
-	/* Calculate hash of each key and compare */
-	for (i = 0; i < sk_X509_num(certs); i++)
-		{
-		x = sk_X509_value(certs, i);
-		X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
-		if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
-			return x;
-		}
-	return NULL;
-	}
-
-
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags)
-	{
-	STACK_OF(OCSP_SINGLERESP) *sresp;
-	X509 *signer, *sca;
-	OCSP_CERTID *caid = NULL;
-	int i;
-	sresp = bs->tbsResponseData->responses;
-
-	if (sk_X509_num(chain) <= 0)
-		{
-		OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
-		return -1;
-		}
-
-	/* See if the issuer IDs match. */
-	i = ocsp_check_ids(sresp, &caid);
-
-	/* If ID mismatch or other error then return */
-	if (i <= 0) return i;
-
-	signer = sk_X509_value(chain, 0);
-	/* Check to see if OCSP responder CA matches request CA */
-	if (sk_X509_num(chain) > 1)
-		{
-		sca = sk_X509_value(chain, 1);
-		i = ocsp_match_issuerid(sca, caid, sresp);
-		if (i < 0) return i;
-		if (i)
-			{
-			/* We have a match, if extensions OK then success */
-			if (ocsp_check_delegated(signer, flags)) return 1;
-			return 0;
-			}
-		}
-
-	/* Otherwise check if OCSP request signed directly by request CA */
-	return ocsp_match_issuerid(signer, caid, sresp);
-	}
-
-
-/* Check the issuer certificate IDs for equality. If there is a mismatch with the same
- * algorithm then there's no point trying to match any certificates against the issuer.
- * If the issuer IDs all match then we just need to check equality against one of them.
- */
-	
-static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
-	{
-	OCSP_CERTID *tmpid, *cid;
-	int i, idcount;
-
-	idcount = sk_OCSP_SINGLERESP_num(sresp);
-	if (idcount <= 0)
-		{
-		OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
-		return -1;
-		}
-
-	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
-
-	*ret = NULL;
-
-	for (i = 1; i < idcount; i++)
-		{
-		tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
-		/* Check to see if IDs match */
-		if (OCSP_id_issuer_cmp(cid, tmpid))
-			{
-			/* If algoritm mismatch let caller deal with it */
-			if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
-					cid->hashAlgorithm->algorithm))
-					return 2;
-			/* Else mismatch */
-			return 0;
-			}
-		}
-
-	/* All IDs match: only need to check one ID */
-	*ret = cid;
-	return 1;
-	}
-
-
-static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
-			STACK_OF(OCSP_SINGLERESP) *sresp)
-	{
-	/* If only one ID to match then do it */
-	if(cid)
-		{
-		const EVP_MD *dgst;
-		X509_NAME *iname;
-		int mdlen;
-		unsigned char md[EVP_MAX_MD_SIZE];
-		if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)))
-			{
-			OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
-			return -1;
-			}
-
-		mdlen = EVP_MD_size(dgst);
-		if (mdlen < 0)
-		    return -1;
-		if ((cid->issuerNameHash->length != mdlen) ||
-		   (cid->issuerKeyHash->length != mdlen))
-			return 0;
-		iname = X509_get_subject_name(cert);
-		if (!X509_NAME_digest(iname, dgst, md, NULL))
-			return -1;
-		if (memcmp(md, cid->issuerNameHash->data, mdlen))
-			return 0;
-		X509_pubkey_digest(cert, dgst, md, NULL);
-		if (memcmp(md, cid->issuerKeyHash->data, mdlen))
-			return 0;
-
-		return 1;
-
-		}
-	else
-		{
-		/* We have to match the whole lot */
-		int i, ret;
-		OCSP_CERTID *tmpid;
-		for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
-			{
-			tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
-			ret = ocsp_match_issuerid(cert, tmpid, NULL);
-			if (ret <= 0) return ret;
-			}
-		return 1;
-		}
-			
-	}
-
-static int ocsp_check_delegated(X509 *x, int flags)
-	{
-	X509_check_purpose(x, -1, 0);
-	if ((x->ex_flags & EXFLAG_XKUSAGE) &&
-	    (x->ex_xkusage & XKU_OCSP_SIGN))
-		return 1;
-	OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
-	return 0;
-	}
-
-/* Verify an OCSP request. This is fortunately much easier than OCSP
- * response verify. Just find the signers certificate and verify it
- * against a given trust value.
- */
-
-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags)
-        {
-	X509 *signer;
-	X509_NAME *nm;
-	GENERAL_NAME *gen;
-	int ret;
-	X509_STORE_CTX ctx;
-	if (!req->optionalSignature) 
-		{
-		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
-		return 0;
-		}
-	gen = req->tbsRequest->requestorName;
-	if (!gen || gen->type != GEN_DIRNAME)
-		{
-		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
-		return 0;
-		}
-	nm = gen->d.directoryName;
-	ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
-	if (ret <= 0)
-		{
-		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
-		return 0;
-		}
-	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
-		flags |= OCSP_NOVERIFY;
-	if (!(flags & OCSP_NOSIGS))
-		{
-		EVP_PKEY *skey;
-		skey = X509_get_pubkey(signer);
-		ret = OCSP_REQUEST_verify(req, skey);
-		EVP_PKEY_free(skey);
-		if(ret <= 0)
-			{
-			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
-			return 0;
-			}
-		}
-	if (!(flags & OCSP_NOVERIFY))
-		{
-		int init_res;
-		if(flags & OCSP_NOCHAIN)
-			init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
-		else
-			init_res = X509_STORE_CTX_init(&ctx, store, signer,
-					req->optionalSignature->certs);
-		if(!init_res)
-			{
-			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);
-			return 0;
-			}
-
-		X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
-		X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
-		ret = X509_verify_cert(&ctx);
-		X509_STORE_CTX_cleanup(&ctx);
-                if (ret <= 0)
-			{
-			ret = X509_STORE_CTX_get_error(&ctx);	
-			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
-			ERR_add_error_data(2, "Verify error:",
-					X509_verify_cert_error_string(ret));
-                        return 0;
-                	}
-		}
-	return 1;
-        }
-
-static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
-				X509_STORE *st, unsigned long flags)
-	{
-	X509 *signer;
-	if(!(flags & OCSP_NOINTERN))
-		{
-		signer = X509_find_by_subject(req->optionalSignature->certs, nm);
-		if (signer)
-			{
-			*psigner = signer;
-			return 1;
-			}
-		}
-
-	signer = X509_find_by_subject(certs, nm);
-	if (signer)
-		{
-		*psigner = signer;
-		return 2;
-		}
-	return 0;
-	}
diff --git a/crypto/opensslconf-32.h b/crypto/opensslconf-32.h
deleted file mode 100644
index b5b3dd2b6e..0000000000
--- a/crypto/opensslconf-32.h
+++ /dev/null
@@ -1,334 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# define OPENSSL_NO_RDRAND
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_RSAX
-# define OPENSSL_NO_RSAX
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_DTLS1) && !defined(NO_DTLS1)
-#  define NO_DTLS1
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_GOST
-# endif
-# if defined(OPENSSL_NO_HEARTBEATS) && !defined(NO_HEARTBEATS)
-#  define NO_HEARTBEATS
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RDRAND) && !defined(NO_RDRAND)
-#  define NO_RDRAND
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_RSAX) && !defined(NO_RSAX)
-#  define NO_RSAX
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_STATIC_ENGINE) && !defined(NO_STATIC_ENGINE)
-#  define NO_STATIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-#  define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned char
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/crypto/opensslconf-64.h b/crypto/opensslconf-64.h
deleted file mode 100644
index 30e7ad8641..0000000000
--- a/crypto/opensslconf-64.h
+++ /dev/null
@@ -1,334 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# define OPENSSL_NO_RDRAND
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_RSAX
-# define OPENSSL_NO_RSAX
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_DTLS1) && !defined(NO_DTLS1)
-#  define NO_DTLS1
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_GOST
-# endif
-# if defined(OPENSSL_NO_HEARTBEATS) && !defined(NO_HEARTBEATS)
-#  define NO_HEARTBEATS
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RDRAND) && !defined(NO_RDRAND)
-#  define NO_RDRAND
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_RSAX) && !defined(NO_RSAX)
-#  define NO_RSAX
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_STATIC_ENGINE) && !defined(NO_STATIC_ENGINE)
-#  define NO_STATIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-#  define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned char
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#define SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#undef THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/crypto/opensslconf-static-32.h b/crypto/opensslconf-static-32.h
deleted file mode 100644
index b5b3dd2b6e..0000000000
--- a/crypto/opensslconf-static-32.h
+++ /dev/null
@@ -1,334 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# define OPENSSL_NO_RDRAND
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_RSAX
-# define OPENSSL_NO_RSAX
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_DTLS1) && !defined(NO_DTLS1)
-#  define NO_DTLS1
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_GOST
-# endif
-# if defined(OPENSSL_NO_HEARTBEATS) && !defined(NO_HEARTBEATS)
-#  define NO_HEARTBEATS
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RDRAND) && !defined(NO_RDRAND)
-#  define NO_RDRAND
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_RSAX) && !defined(NO_RSAX)
-#  define NO_RSAX
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_STATIC_ENGINE) && !defined(NO_STATIC_ENGINE)
-#  define NO_STATIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-#  define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned char
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/crypto/opensslconf-static-64.h b/crypto/opensslconf-static-64.h
deleted file mode 100644
index 30e7ad8641..0000000000
--- a/crypto/opensslconf-static-64.h
+++ /dev/null
@@ -1,334 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# define OPENSSL_NO_RDRAND
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_RSAX
-# define OPENSSL_NO_RSAX
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_DTLS1) && !defined(NO_DTLS1)
-#  define NO_DTLS1
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_GOST
-# endif
-# if defined(OPENSSL_NO_HEARTBEATS) && !defined(NO_HEARTBEATS)
-#  define NO_HEARTBEATS
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RDRAND) && !defined(NO_RDRAND)
-#  define NO_RDRAND
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_RSAX) && !defined(NO_RSAX)
-#  define NO_RSAX
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_STATIC_ENGINE) && !defined(NO_STATIC_ENGINE)
-#  define NO_STATIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-#  define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned char
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#define SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#undef THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/crypto/opensslconf-static-trusty.h b/crypto/opensslconf-static-trusty.h
deleted file mode 100644
index bff5910c30..0000000000
--- a/crypto/opensslconf-static-trusty.h
+++ /dev/null
@@ -1,460 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_COMP
-# define OPENSSL_NO_COMP
-#endif
-#ifndef OPENSSL_NO_CONF
-# define OPENSSL_NO_CONF
-#endif
-#ifndef OPENSSL_NO_DES
-# define OPENSSL_NO_DES
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_LOCKING
-# define OPENSSL_NO_LOCKING
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MD4
-# define OPENSSL_NO_MD4
-#endif
-#ifndef OPENSSL_NO_MD5
-# define OPENSSL_NO_MD5
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_OCSP
-# define OPENSSL_NO_OCSP
-#endif
-#ifndef OPENSSL_NO_PEM
-# define OPENSSL_NO_PEM
-#endif
-#ifndef OPENSSL_NO_PKCS12
-# define OPENSSL_NO_PKCS12
-#endif
-#ifndef OPENSSL_NO_PQUEUE
-# define OPENSSL_NO_PQUEUE
-#endif
-#ifndef OPENSSL_NO_RC2
-# define OPENSSL_NO_RC2
-#endif
-#ifndef OPENSSL_NO_RC4
-# define OPENSSL_NO_RC4
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# define OPENSSL_NO_RDRAND
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_RSAX
-# define OPENSSL_NO_RSAX
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_SRP
-# define OPENSSL_NO_SRP
-#endif
-#ifndef OPENSSL_NO_SSL2
-# define OPENSSL_NO_SSL2
-#endif
-#ifndef OPENSSL_NO_SSL3
-# define OPENSSL_NO_SSL3
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_TLS1
-# define OPENSSL_NO_TLS1
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-# define OPENSSL_NO_TLSEXT
-#endif
-#ifndef OPENSSL_NO_TS
-# define OPENSSL_NO_TS
-#endif
-#ifndef OPENSSL_NO_TXT_DB
-# define OPENSSL_NO_TXT_DB
-#endif
-#ifndef OPENSSL_NO_UI
-# define OPENSSL_NO_UI
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_NO_ERR
-# define OPENSSL_NO_ERR
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
-#  define NO_CMS
-# endif
-# if defined(OPENSSL_NO_COMP) && !defined(NO_COMP)
-#  define NO_COMP
-# endif
-# if defined(OPENSSL_NO_CONF) && !defined(NO_CONF)
-#  define NO_CONF
-# endif
-# if defined(OPENSSL_NO_DES) && !defined(NO_DES)
-#  define NO_DES
-# endif
-# if defined(OPENSSL_NO_DTLS1) && !defined(NO_DTLS1)
-#  define NO_DTLS1
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_GOST
-# endif
-# if defined(OPENSSL_NO_HEARTBEATS) && !defined(NO_HEARTBEATS)
-#  define NO_HEARTBEATS
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_LOCKING) && !defined(NO_LOCKING)
-#  define NO_LOCKING
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MD4) && !defined(NO_MD4)
-#  define NO_MD4
-# endif
-# if defined(OPENSSL_NO_MD5) && !defined(NO_MD5)
-#  define NO_MD5
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_OCSP) && !defined(NO_OCSP)
-#  define NO_OCSP
-# endif
-# if defined(OPENSSL_NO_PEM) && !defined(NO_PEM)
-#  define NO_PEM
-# endif
-# if defined(OPENSSL_NO_PKCS12) && !defined(NO_PKCS12)
-#  define NO_PKCS12
-# endif
-# if defined(OPENSSL_NO_PQUEUE) && !defined(NO_PQUEUE)
-#  define NO_PQUEUE
-# endif
-# if defined(OPENSSL_NO_RC2) && !defined(NO_RC2)
-#  define NO_RC2
-# endif
-# if defined(OPENSSL_NO_RC4) && !defined(NO_RC4)
-#  define NO_RC4
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RDRAND) && !defined(NO_RDRAND)
-#  define NO_RDRAND
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_RSAX) && !defined(NO_RSAX)
-#  define NO_RSAX
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
-#  define NO_SRP
-# endif
-# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
-#  define NO_SSL2
-# endif
-# if defined(OPENSSL_NO_SSL3) && !defined(NO_SSL3)
-#  define NO_SSL3
-# endif
-# if defined(OPENSSL_NO_STATIC_ENGINE) && !defined(NO_STATIC_ENGINE)
-#  define NO_STATIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_TLS1) && !defined(NO_TLS1)
-#  define NO_TLS1
-# endif
-# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT)
-#  define NO_TLSEXT
-# endif
-# if defined(OPENSSL_NO_TS) && !defined(NO_TS)
-#  define NO_TS
-# endif
-# if defined(OPENSSL_NO_TXT_DB) && !defined(NO_TXT_DB)
-#  define NO_TXT_DB
-# endif
-# if defined(OPENSSL_NO_UI) && !defined(NO_UI)
-#  define NO_UI
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-#  define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <trusty_std.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/crypto/opensslconf-static.h b/crypto/opensslconf-static.h
deleted file mode 100644
index f63a6e0a1b..0000000000
--- a/crypto/opensslconf-static.h
+++ /dev/null
@@ -1,6 +0,0 @@
-// Auto-generated - DO NOT EDIT!
-#if defined(__LP64__)
-#include "opensslconf-static-64.h"
-#else
-#include "opensslconf-static-32.h"
-#endif
diff --git a/crypto/opensslconf-trusty.h b/crypto/opensslconf-trusty.h
deleted file mode 100644
index bff5910c30..0000000000
--- a/crypto/opensslconf-trusty.h
+++ /dev/null
@@ -1,460 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_COMP
-# define OPENSSL_NO_COMP
-#endif
-#ifndef OPENSSL_NO_CONF
-# define OPENSSL_NO_CONF
-#endif
-#ifndef OPENSSL_NO_DES
-# define OPENSSL_NO_DES
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_LOCKING
-# define OPENSSL_NO_LOCKING
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MD4
-# define OPENSSL_NO_MD4
-#endif
-#ifndef OPENSSL_NO_MD5
-# define OPENSSL_NO_MD5
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_OCSP
-# define OPENSSL_NO_OCSP
-#endif
-#ifndef OPENSSL_NO_PEM
-# define OPENSSL_NO_PEM
-#endif
-#ifndef OPENSSL_NO_PKCS12
-# define OPENSSL_NO_PKCS12
-#endif
-#ifndef OPENSSL_NO_PQUEUE
-# define OPENSSL_NO_PQUEUE
-#endif
-#ifndef OPENSSL_NO_RC2
-# define OPENSSL_NO_RC2
-#endif
-#ifndef OPENSSL_NO_RC4
-# define OPENSSL_NO_RC4
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# define OPENSSL_NO_RDRAND
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_RSAX
-# define OPENSSL_NO_RSAX
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_SRP
-# define OPENSSL_NO_SRP
-#endif
-#ifndef OPENSSL_NO_SSL2
-# define OPENSSL_NO_SSL2
-#endif
-#ifndef OPENSSL_NO_SSL3
-# define OPENSSL_NO_SSL3
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_TLS1
-# define OPENSSL_NO_TLS1
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-# define OPENSSL_NO_TLSEXT
-#endif
-#ifndef OPENSSL_NO_TS
-# define OPENSSL_NO_TS
-#endif
-#ifndef OPENSSL_NO_TXT_DB
-# define OPENSSL_NO_TXT_DB
-#endif
-#ifndef OPENSSL_NO_UI
-# define OPENSSL_NO_UI
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_NO_ERR
-# define OPENSSL_NO_ERR
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
-#  define NO_CMS
-# endif
-# if defined(OPENSSL_NO_COMP) && !defined(NO_COMP)
-#  define NO_COMP
-# endif
-# if defined(OPENSSL_NO_CONF) && !defined(NO_CONF)
-#  define NO_CONF
-# endif
-# if defined(OPENSSL_NO_DES) && !defined(NO_DES)
-#  define NO_DES
-# endif
-# if defined(OPENSSL_NO_DTLS1) && !defined(NO_DTLS1)
-#  define NO_DTLS1
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_GOST
-# endif
-# if defined(OPENSSL_NO_HEARTBEATS) && !defined(NO_HEARTBEATS)
-#  define NO_HEARTBEATS
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_LOCKING) && !defined(NO_LOCKING)
-#  define NO_LOCKING
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MD4) && !defined(NO_MD4)
-#  define NO_MD4
-# endif
-# if defined(OPENSSL_NO_MD5) && !defined(NO_MD5)
-#  define NO_MD5
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_OCSP) && !defined(NO_OCSP)
-#  define NO_OCSP
-# endif
-# if defined(OPENSSL_NO_PEM) && !defined(NO_PEM)
-#  define NO_PEM
-# endif
-# if defined(OPENSSL_NO_PKCS12) && !defined(NO_PKCS12)
-#  define NO_PKCS12
-# endif
-# if defined(OPENSSL_NO_PQUEUE) && !defined(NO_PQUEUE)
-#  define NO_PQUEUE
-# endif
-# if defined(OPENSSL_NO_RC2) && !defined(NO_RC2)
-#  define NO_RC2
-# endif
-# if defined(OPENSSL_NO_RC4) && !defined(NO_RC4)
-#  define NO_RC4
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RDRAND) && !defined(NO_RDRAND)
-#  define NO_RDRAND
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_RSAX) && !defined(NO_RSAX)
-#  define NO_RSAX
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
-#  define NO_SRP
-# endif
-# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
-#  define NO_SSL2
-# endif
-# if defined(OPENSSL_NO_SSL3) && !defined(NO_SSL3)
-#  define NO_SSL3
-# endif
-# if defined(OPENSSL_NO_STATIC_ENGINE) && !defined(NO_STATIC_ENGINE)
-#  define NO_STATIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_TLS1) && !defined(NO_TLS1)
-#  define NO_TLS1
-# endif
-# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT)
-#  define NO_TLSEXT
-# endif
-# if defined(OPENSSL_NO_TS) && !defined(NO_TS)
-#  define NO_TS
-# endif
-# if defined(OPENSSL_NO_TXT_DB) && !defined(NO_TXT_DB)
-#  define NO_TXT_DB
-# endif
-# if defined(OPENSSL_NO_UI) && !defined(NO_UI)
-#  define NO_UI
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-#  define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <trusty_std.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/crypto/opensslconf.h b/crypto/opensslconf.h
deleted file mode 100644
index 94212a083a..0000000000
--- a/crypto/opensslconf.h
+++ /dev/null
@@ -1,10 +0,0 @@
-// Auto-generated - DO NOT EDIT!
-#ifndef OPENSSL_SYS_TRUSTY
-#if defined(__LP64__)
-#include "opensslconf-64.h"
-#else
-#include "opensslconf-32.h"
-#endif
-#else
-#include "opensslconf-trusty.h"
-#endif
diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
deleted file mode 100644
index 97e3745563..0000000000
--- a/crypto/opensslconf.h.in
+++ /dev/null
@@ -1,154 +0,0 @@
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
deleted file mode 100644
index 4a1df08f6c..0000000000
--- a/crypto/opensslv.h
+++ /dev/null
@@ -1,96 +0,0 @@
-#ifndef HEADER_OPENSSLV_H
-#define HEADER_OPENSSLV_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Numeric release version identifier:
- * MNNFFPPS: major minor fix patch status
- * The status nibble has one of the values 0 for development, 1 to e for betas
- * 1 to 14, and f for release.  The patch level is exactly that.
- * For example:
- * 0.9.3-dev	  0x00903000
- * 0.9.3-beta1	  0x00903001
- * 0.9.3-beta2-dev 0x00903002
- * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
- * 0.9.3	  0x0090300f
- * 0.9.3a	  0x0090301f
- * 0.9.4 	  0x0090400f
- * 1.2.3z	  0x102031af
- *
- * For continuity reasons (because 0.9.5 is already out, and is coded
- * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
- * part is slightly different, by setting the highest bit.  This means
- * that 0.9.5a looks like this: 0x0090581f.  At 0.9.6, we can start
- * with 0x0090600S...
- *
- * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
- * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
- *  major minor fix final patch/beta)
- */
-#define OPENSSL_VERSION_NUMBER	0x100010cfL
-#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1l-fips 15 Jan 2015"
-#else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1l 15 Jan 2015"
-#endif
-#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
-
-
-/* The macros below are to be used for shared library (.so, .dll, ...)
- * versioning.  That kind of versioning works a bit differently between
- * operating systems.  The most usual scheme is to set a major and a minor
- * number, and have the runtime loader check that the major number is equal
- * to what it was at application link time, while the minor number has to
- * be greater or equal to what it was at application link time.  With this
- * scheme, the version number is usually part of the file name, like this:
- *
- *	libcrypto.so.0.9
- *
- * Some unixen also make a softlink with the major verson number only:
- *
- *	libcrypto.so.0
- *
- * On Tru64 and IRIX 6.x it works a little bit differently.  There, the
- * shared library version is stored in the file, and is actually a series
- * of versions, separated by colons.  The rightmost version present in the
- * library when linking an application is stored in the application to be
- * matched at run time.  When the application is run, a check is done to
- * see if the library version stored in the application matches any of the
- * versions in the version string of the library itself.
- * This version string can be constructed in any way, depending on what
- * kind of matching is desired.  However, to implement the same scheme as
- * the one used in the other unixen, all compatible versions, from lowest
- * to highest, should be part of the string.  Consecutive builds would
- * give the following versions strings:
- *
- *	3.0
- *	3.0:3.1
- *	3.0:3.1:3.2
- *	4.0
- *	4.0:4.1
- *
- * Notice how version 4 is completely incompatible with version, and
- * therefore give the breach you can see.
- *
- * There may be other schemes as well that I haven't yet discovered.
- *
- * So, here's the way it works here: first of all, the library version
- * number doesn't need at all to match the overall OpenSSL version.
- * However, it's nice and more understandable if it actually does.
- * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
- * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
- * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
- * we need to keep a history of version numbers, which is done in the
- * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
- * should only keep the versions that are binary compatible with the current.
- */
-#define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "1.0.0"
-
-
-#ifdef  __cplusplus
-}
-#endif
-#endif /* HEADER_OPENSSLV_H */
diff --git a/crypto/ossl_typ.h b/crypto/ossl_typ.h
deleted file mode 100644
index 12cdd43be9..0000000000
--- a/crypto/ossl_typ.h
+++ /dev/null
@@ -1,209 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_OPENSSL_TYPES_H
-#define HEADER_OPENSSL_TYPES_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include <openssl/e_os2.h>
-
-#ifdef NO_ASN1_TYPEDEFS
-#define ASN1_INTEGER		ASN1_STRING
-#define ASN1_ENUMERATED		ASN1_STRING
-#define ASN1_BIT_STRING		ASN1_STRING
-#define ASN1_OCTET_STRING	ASN1_STRING
-#define ASN1_PRINTABLESTRING	ASN1_STRING
-#define ASN1_T61STRING		ASN1_STRING
-#define ASN1_IA5STRING		ASN1_STRING
-#define ASN1_UTCTIME		ASN1_STRING
-#define ASN1_GENERALIZEDTIME	ASN1_STRING
-#define ASN1_TIME		ASN1_STRING
-#define ASN1_GENERALSTRING	ASN1_STRING
-#define ASN1_UNIVERSALSTRING	ASN1_STRING
-#define ASN1_BMPSTRING		ASN1_STRING
-#define ASN1_VISIBLESTRING	ASN1_STRING
-#define ASN1_UTF8STRING		ASN1_STRING
-#define ASN1_BOOLEAN		int
-#define ASN1_NULL		int
-#else
-typedef struct asn1_string_st ASN1_INTEGER;
-typedef struct asn1_string_st ASN1_ENUMERATED;
-typedef struct asn1_string_st ASN1_BIT_STRING;
-typedef struct asn1_string_st ASN1_OCTET_STRING;
-typedef struct asn1_string_st ASN1_PRINTABLESTRING;
-typedef struct asn1_string_st ASN1_T61STRING;
-typedef struct asn1_string_st ASN1_IA5STRING;
-typedef struct asn1_string_st ASN1_GENERALSTRING;
-typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
-typedef struct asn1_string_st ASN1_BMPSTRING;
-typedef struct asn1_string_st ASN1_UTCTIME;
-typedef struct asn1_string_st ASN1_TIME;
-typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
-typedef struct asn1_string_st ASN1_VISIBLESTRING;
-typedef struct asn1_string_st ASN1_UTF8STRING;
-typedef struct asn1_string_st ASN1_STRING;
-typedef int ASN1_BOOLEAN;
-typedef int ASN1_NULL;
-#endif
-
-typedef struct ASN1_ITEM_st ASN1_ITEM;
-typedef struct asn1_pctx_st ASN1_PCTX;
-
-#ifdef OPENSSL_SYS_WIN32
-#undef X509_NAME
-#undef X509_EXTENSIONS
-#undef X509_CERT_PAIR
-#undef PKCS7_ISSUER_AND_SERIAL
-#undef OCSP_REQUEST
-#undef OCSP_RESPONSE
-#endif
-
-#ifdef BIGNUM
-#undef BIGNUM
-#endif
-typedef struct bignum_st BIGNUM;
-typedef struct bignum_ctx BN_CTX;
-typedef struct bn_blinding_st BN_BLINDING;
-typedef struct bn_mont_ctx_st BN_MONT_CTX;
-typedef struct bn_recp_ctx_st BN_RECP_CTX;
-typedef struct bn_gencb_st BN_GENCB;
-
-typedef struct buf_mem_st BUF_MEM;
-
-typedef struct evp_cipher_st EVP_CIPHER;
-typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
-typedef struct env_md_st EVP_MD;
-typedef struct env_md_ctx_st EVP_MD_CTX;
-typedef struct evp_pkey_st EVP_PKEY;
-
-typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
-
-typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
-typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
-
-typedef struct dh_st DH;
-typedef struct dh_method DH_METHOD;
-
-typedef struct dsa_st DSA;
-typedef struct dsa_method DSA_METHOD;
-
-typedef struct rsa_st RSA;
-typedef struct rsa_meth_st RSA_METHOD;
-
-typedef struct rand_meth_st RAND_METHOD;
-
-typedef struct ecdh_method ECDH_METHOD;
-typedef struct ecdsa_method ECDSA_METHOD;
-
-typedef struct x509_st X509;
-typedef struct X509_algor_st X509_ALGOR;
-typedef struct X509_crl_st X509_CRL;
-typedef struct x509_crl_method_st X509_CRL_METHOD;
-typedef struct x509_revoked_st X509_REVOKED;
-typedef struct X509_name_st X509_NAME;
-typedef struct X509_pubkey_st X509_PUBKEY;
-typedef struct x509_store_st X509_STORE;
-typedef struct x509_store_ctx_st X509_STORE_CTX;
-
-typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
-
-typedef struct v3_ext_ctx X509V3_CTX;
-typedef struct conf_st CONF;
-
-typedef struct store_st STORE;
-typedef struct store_method_st STORE_METHOD;
-
-typedef struct ui_st UI;
-typedef struct ui_method_st UI_METHOD;
-
-typedef struct st_ERR_FNS ERR_FNS;
-
-typedef struct engine_st ENGINE;
-typedef struct ssl_st SSL;
-typedef struct ssl_ctx_st SSL_CTX;
-
-typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
-typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
-typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
-typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
-
-typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
-typedef struct DIST_POINT_st DIST_POINT;
-typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
-typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
-
-  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
-#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
-#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
-
-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
-/* Callback types for crypto.h */
-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-					int idx, long argl, void *argp);
-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-					int idx, long argl, void *argp);
-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
-					int idx, long argl, void *argp);
-
-typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
-typedef struct ocsp_response_st OCSP_RESPONSE;
-typedef struct ocsp_responder_id_st OCSP_RESPID;
-
-#ifdef  __cplusplus
-}
-#endif
-#endif /* def HEADER_OPENSSL_TYPES_H */
diff --git a/crypto/pariscid.pl b/crypto/pariscid.pl
deleted file mode 100644
index bfc56fdc7f..0000000000
--- a/crypto/pariscid.pl
+++ /dev/null
@@ -1,225 +0,0 @@
-#!/usr/bin/env perl
-
-$flavour = shift;
-$output = shift;
-open STDOUT,">$output";
-
-if ($flavour =~ /64/) {
-	$LEVEL		="2.0W";
-	$SIZE_T		=8;
-	$ST		="std";
-} else {
-	$LEVEL		="1.1";
-	$SIZE_T		=4;
-	$ST		="stw";
-}
-
-$rp="%r2";
-$sp="%r30";
-$rv="%r28";
-
-$code=<<___;
-	.LEVEL	$LEVEL
-	.SPACE	\$TEXT\$
-	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
-
-	.EXPORT	OPENSSL_cpuid_setup,ENTRY
-	.ALIGN	8
-OPENSSL_cpuid_setup
-	.PROC
-	.CALLINFO	NO_CALLS
-	.ENTRY
-	bv	($rp)
-	.EXIT
-	nop
-	.PROCEND
-
-	.EXPORT	OPENSSL_rdtsc,ENTRY
-	.ALIGN	8
-OPENSSL_rdtsc
-	.PROC
-	.CALLINFO	NO_CALLS
-	.ENTRY
-	mfctl	%cr16,$rv
-	bv	($rp)
-	.EXIT
-	nop
-	.PROCEND
-
-	.EXPORT	OPENSSL_wipe_cpu,ENTRY
-	.ALIGN	8
-OPENSSL_wipe_cpu
-	.PROC
-	.CALLINFO	NO_CALLS
-	.ENTRY
-	xor		%r0,%r0,%r1
-	fcpy,dbl	%fr0,%fr4
-	xor		%r0,%r0,%r19
-	fcpy,dbl	%fr0,%fr5
-	xor		%r0,%r0,%r20
-	fcpy,dbl	%fr0,%fr6
-	xor		%r0,%r0,%r21
-	fcpy,dbl	%fr0,%fr7
-	xor		%r0,%r0,%r22
-	fcpy,dbl	%fr0,%fr8
-	xor		%r0,%r0,%r23
-	fcpy,dbl	%fr0,%fr9
-	xor		%r0,%r0,%r24
-	fcpy,dbl	%fr0,%fr10
-	xor		%r0,%r0,%r25
-	fcpy,dbl	%fr0,%fr11
-	xor		%r0,%r0,%r26
-	fcpy,dbl	%fr0,%fr22
-	xor		%r0,%r0,%r29
-	fcpy,dbl	%fr0,%fr23
-	xor		%r0,%r0,%r31
-	fcpy,dbl	%fr0,%fr24
-	fcpy,dbl	%fr0,%fr25
-	fcpy,dbl	%fr0,%fr26
-	fcpy,dbl	%fr0,%fr27
-	fcpy,dbl	%fr0,%fr28
-	fcpy,dbl	%fr0,%fr29
-	fcpy,dbl	%fr0,%fr30
-	fcpy,dbl	%fr0,%fr31
-	bv		($rp)
-	.EXIT
-	ldo		0($sp),$rv
-	.PROCEND
-___
-{
-my $inp="%r26";
-my $len="%r25";
-
-$code.=<<___;
-	.EXPORT	OPENSSL_cleanse,ENTRY,ARGW0=GR,ARGW1=GR
-	.ALIGN	8
-OPENSSL_cleanse
-	.PROC
-	.CALLINFO	NO_CALLS
-	.ENTRY
-	cmpib,*=	0,$len,L\$done
-	nop
-	cmpib,*>>=	15,$len,L\$ittle
-	ldi		$SIZE_T-1,%r1
-
-L\$align
-	and,*<>		$inp,%r1,%r28
-	b,n		L\$aligned
-	stb		%r0,0($inp)
-	ldo		-1($len),$len
-	b		L\$align
-	ldo		1($inp),$inp
-
-L\$aligned
-	andcm		$len,%r1,%r28
-L\$ot
-	$ST		%r0,0($inp)
-	addib,*<>	-$SIZE_T,%r28,L\$ot
-	ldo		$SIZE_T($inp),$inp
-
-	and,*<>		$len,%r1,$len
-	b,n		L\$done
-L\$ittle
-	stb		%r0,0($inp)
-	addib,*<>	-1,$len,L\$ittle
-	ldo		1($inp),$inp
-L\$done
-	bv		($rp)
-	.EXIT
-	nop
-	.PROCEND
-___
-}
-{
-my ($out,$cnt,$max)=("%r26","%r25","%r24");
-my ($tick,$lasttick)=("%r23","%r22");
-my ($diff,$lastdiff)=("%r21","%r20");
-
-$code.=<<___;
-	.EXPORT	OPENSSL_instrument_bus,ENTRY,ARGW0=GR,ARGW1=GR
-	.ALIGN	8
-OPENSSL_instrument_bus
-	.PROC
-	.CALLINFO	NO_CALLS
-	.ENTRY
-	copy		$cnt,$rv
-	mfctl		%cr16,$tick
-	copy		$tick,$lasttick
-	ldi		0,$diff
-
-	fdc		0($out)
-	ldw		0($out),$tick
-	add		$diff,$tick,$tick
-	stw		$tick,0($out)
-L\$oop
-	mfctl		%cr16,$tick
-	sub		$tick,$lasttick,$diff
-	copy		$tick,$lasttick
-
-	fdc		0($out)
-	ldw		0($out),$tick
-	add		$diff,$tick,$tick
-	stw		$tick,0($out)
-
-	addib,<>	-1,$cnt,L\$oop
-	addi		4,$out,$out
-
-	bv		($rp)
-	.EXIT
-	sub		$rv,$cnt,$rv
-	.PROCEND
-
-	.EXPORT	OPENSSL_instrument_bus2,ENTRY,ARGW0=GR,ARGW1=GR
-	.ALIGN	8
-OPENSSL_instrument_bus2
-	.PROC
-	.CALLINFO	NO_CALLS
-	.ENTRY
-	copy		$cnt,$rv
-	sub		%r0,$cnt,$cnt
-
-	mfctl		%cr16,$tick
-	copy		$tick,$lasttick
-	ldi		0,$diff
-
-	fdc		0($out)
-	ldw		0($out),$tick
-	add		$diff,$tick,$tick
-	stw		$tick,0($out)
-
-	mfctl		%cr16,$tick
-	sub		$tick,$lasttick,$diff
-	copy		$tick,$lasttick
-L\$oop2
-	copy		$diff,$lastdiff
-	fdc		0($out)
-	ldw		0($out),$tick
-	add		$diff,$tick,$tick
-	stw		$tick,0($out)
-
-	addib,=		-1,$max,L\$done2
-	nop
-
-	mfctl		%cr16,$tick
-	sub		$tick,$lasttick,$diff
-	copy		$tick,$lasttick
-	cmpclr,<>	$lastdiff,$diff,$tick
-	ldi		1,$tick
-
-	ldi		1,%r1
-	xor		%r1,$tick,$tick
-	addb,<>		$tick,$cnt,L\$oop2
-	shladd,l	$tick,2,$out,$out
-L\$done2
-	bv		($rp)
-	.EXIT
-	add		$rv,$cnt,$rv
-	.PROCEND
-___
-}
-$code =~ s/cmpib,\*/comib,/gm	if ($SIZE_T==4);
-$code =~ s/,\*/,/gm		if ($SIZE_T==4);
-$code =~ s/\bbv\b/bve/gm	if ($SIZE_T==8);
-print $code;
-close STDOUT;
-
diff --git a/crypto/pem/message b/crypto/pem/message
deleted file mode 100644
index e8bf9d7592..0000000000
--- a/crypto/pem/message
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PRIVACY-ENHANCED MESSAGE-----
-Proc-Type: 4,ENCRYPTED
-Proc-Type: 4,MIC-ONLY
-Proc-Type: 4,MIC-CLEAR
-Content-Domain: RFC822
-DEK-Info: DES-CBC,0123456789abcdef
-Originator-Certificate
- xxxx
-Issuer-Certificate
- xxxx
-MIC-Info: RSA-MD5,RSA,
- xxxx
-
-
------END PRIVACY-ENHANCED MESSAGE-----
-
diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
deleted file mode 100644
index 8a6ababe3a..0000000000
--- a/crypto/pem/pem.h
+++ /dev/null
@@ -1,641 +0,0 @@
-/* crypto/pem/pem.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_PEM_H
-#define HEADER_PEM_H
-
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_STACK
-#include <openssl/stack.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define PEM_BUFSIZE		1024
-
-#define PEM_OBJ_UNDEF		0
-#define PEM_OBJ_X509		1
-#define PEM_OBJ_X509_REQ	2
-#define PEM_OBJ_CRL		3
-#define PEM_OBJ_SSL_SESSION	4
-#define PEM_OBJ_PRIV_KEY	10
-#define PEM_OBJ_PRIV_RSA	11
-#define PEM_OBJ_PRIV_DSA	12
-#define PEM_OBJ_PRIV_DH		13
-#define PEM_OBJ_PUB_RSA		14
-#define PEM_OBJ_PUB_DSA		15
-#define PEM_OBJ_PUB_DH		16
-#define PEM_OBJ_DHPARAMS	17
-#define PEM_OBJ_DSAPARAMS	18
-#define PEM_OBJ_PRIV_RSA_PUBLIC	19
-#define PEM_OBJ_PRIV_ECDSA	20
-#define PEM_OBJ_PUB_ECDSA	21
-#define PEM_OBJ_ECPARAMETERS	22
-
-#define PEM_ERROR		30
-#define PEM_DEK_DES_CBC         40
-#define PEM_DEK_IDEA_CBC        45
-#define PEM_DEK_DES_EDE         50
-#define PEM_DEK_DES_ECB         60
-#define PEM_DEK_RSA             70
-#define PEM_DEK_RSA_MD2         80
-#define PEM_DEK_RSA_MD5         90
-
-#define PEM_MD_MD2		NID_md2
-#define PEM_MD_MD5		NID_md5
-#define PEM_MD_SHA		NID_sha
-#define PEM_MD_MD2_RSA		NID_md2WithRSAEncryption
-#define PEM_MD_MD5_RSA		NID_md5WithRSAEncryption
-#define PEM_MD_SHA_RSA		NID_sha1WithRSAEncryption
-
-#define PEM_STRING_X509_OLD	"X509 CERTIFICATE"
-#define PEM_STRING_X509		"CERTIFICATE"
-#define PEM_STRING_X509_PAIR	"CERTIFICATE PAIR"
-#define PEM_STRING_X509_TRUSTED	"TRUSTED CERTIFICATE"
-#define PEM_STRING_X509_REQ_OLD	"NEW CERTIFICATE REQUEST"
-#define PEM_STRING_X509_REQ	"CERTIFICATE REQUEST"
-#define PEM_STRING_X509_CRL	"X509 CRL"
-#define PEM_STRING_EVP_PKEY	"ANY PRIVATE KEY"
-#define PEM_STRING_PUBLIC	"PUBLIC KEY"
-#define PEM_STRING_RSA		"RSA PRIVATE KEY"
-#define PEM_STRING_RSA_PUBLIC	"RSA PUBLIC KEY"
-#define PEM_STRING_DSA		"DSA PRIVATE KEY"
-#define PEM_STRING_DSA_PUBLIC	"DSA PUBLIC KEY"
-#define PEM_STRING_PKCS7	"PKCS7"
-#define PEM_STRING_PKCS7_SIGNED	"PKCS #7 SIGNED DATA"
-#define PEM_STRING_PKCS8	"ENCRYPTED PRIVATE KEY"
-#define PEM_STRING_PKCS8INF	"PRIVATE KEY"
-#define PEM_STRING_DHPARAMS	"DH PARAMETERS"
-#define PEM_STRING_SSL_SESSION	"SSL SESSION PARAMETERS"
-#define PEM_STRING_DSAPARAMS	"DSA PARAMETERS"
-#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
-#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
-#define PEM_STRING_ECPRIVATEKEY	"EC PRIVATE KEY"
-#define PEM_STRING_PARAMETERS	"PARAMETERS"
-#define PEM_STRING_CMS		"CMS"
-
-  /* Note that this structure is initialised by PEM_SealInit and cleaned up
-     by PEM_SealFinal (at least for now) */
-typedef struct PEM_Encode_Seal_st
-	{
-	EVP_ENCODE_CTX encode;
-	EVP_MD_CTX md;
-	EVP_CIPHER_CTX cipher;
-	} PEM_ENCODE_SEAL_CTX;
-
-/* enc_type is one off */
-#define PEM_TYPE_ENCRYPTED      10
-#define PEM_TYPE_MIC_ONLY       20
-#define PEM_TYPE_MIC_CLEAR      30
-#define PEM_TYPE_CLEAR		40
-
-typedef struct pem_recip_st
-	{
-	char *name;
-	X509_NAME *dn;
-
-	int cipher;
-	int key_enc;
-	/*	char iv[8]; unused and wrong size */
-	} PEM_USER;
-
-typedef struct pem_ctx_st
-	{
-	int type;		/* what type of object */
-
-	struct	{
-		int version;	
-		int mode;		
-		} proc_type;
-
-	char *domain;
-
-	struct	{
-		int cipher;
-	/* unused, and wrong size
-	   unsigned char iv[8]; */
-		} DEK_info;
-		
-	PEM_USER *originator;
-
-	int num_recipient;
-	PEM_USER **recipient;
-
-	/* XXX(ben): don#t think this is used! 
-		STACK *x509_chain;	/ * certificate chain */
-	EVP_MD *md;		/* signature type */
-
-	int md_enc;		/* is the md encrypted or not? */
-	int md_len;		/* length of md_data */
-	char *md_data;		/* message digest, could be pkey encrypted */
-
-	EVP_CIPHER *dec;	/* date encryption cipher */
-	int key_len;		/* key length */
-	unsigned char *key;	/* key */
-	/* unused, and wrong size
-	   unsigned char iv[8]; */
-
-	
-	int  data_enc;		/* is the data encrypted */
-	int data_len;
-	unsigned char *data;
-	} PEM_CTX;
-
-/* These macros make the PEM_read/PEM_write functions easier to maintain and
- * write. Now they are all implemented with either:
- * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
- */
-
-#ifdef OPENSSL_NO_FP_API
-
-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
-
-#else
-
-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
-type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
-{ \
-return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
-} 
-
-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x) \
-{ \
-return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
-}
-
-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, const type *x) \
-{ \
-return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
-}
-
-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, \
-		  void *u) \
-	{ \
-	return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
-	}
-
-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, \
-		  void *u) \
-	{ \
-	return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
-	}
-
-#endif
-
-#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
-type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
-{ \
-return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
-}
-
-#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x) \
-{ \
-return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
-}
-
-#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, const type *x) \
-{ \
-return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
-}
-
-#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
-	{ \
-	return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
-	}
-
-#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
-	{ \
-	return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
-	}
-
-#define IMPLEMENT_PEM_write(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_fp(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_read(name, type, str, asn1) \
-	IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
-	IMPLEMENT_PEM_read_fp(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
-	IMPLEMENT_PEM_read(name, type, str, asn1) \
-	IMPLEMENT_PEM_write(name, type, str, asn1)
-
-#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
-	IMPLEMENT_PEM_read(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_const(name, type, str, asn1)
-
-#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
-	IMPLEMENT_PEM_read(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_cb(name, type, str, asn1)
-
-/* These are the same except they are for the declarations */
-
-#if defined(OPENSSL_NO_FP_API)
-
-#define DECLARE_PEM_read_fp(name, type) /**/
-#define DECLARE_PEM_write_fp(name, type) /**/
-#define DECLARE_PEM_write_cb_fp(name, type) /**/
-
-#else
-
-#define DECLARE_PEM_read_fp(name, type) \
-	type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
-
-#define DECLARE_PEM_write_fp(name, type) \
-	int PEM_write_##name(FILE *fp, type *x);
-
-#define DECLARE_PEM_write_fp_const(name, type) \
-	int PEM_write_##name(FILE *fp, const type *x);
-
-#define DECLARE_PEM_write_cb_fp(name, type) \
-	int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
-
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#define DECLARE_PEM_read_bio(name, type) \
-	type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
-
-#define DECLARE_PEM_write_bio(name, type) \
-	int PEM_write_bio_##name(BIO *bp, type *x);
-
-#define DECLARE_PEM_write_bio_const(name, type) \
-	int PEM_write_bio_##name(BIO *bp, const type *x);
-
-#define DECLARE_PEM_write_cb_bio(name, type) \
-	int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
-
-#else
-
-#define DECLARE_PEM_read_bio(name, type) /**/
-#define DECLARE_PEM_write_bio(name, type) /**/
-#define DECLARE_PEM_write_bio_const(name, type) /**/
-#define DECLARE_PEM_write_cb_bio(name, type) /**/
-
-#endif
-
-#define DECLARE_PEM_write(name, type) \
-	DECLARE_PEM_write_bio(name, type) \
-	DECLARE_PEM_write_fp(name, type) 
-
-#define DECLARE_PEM_write_const(name, type) \
-	DECLARE_PEM_write_bio_const(name, type) \
-	DECLARE_PEM_write_fp_const(name, type)
-
-#define DECLARE_PEM_write_cb(name, type) \
-	DECLARE_PEM_write_cb_bio(name, type) \
-	DECLARE_PEM_write_cb_fp(name, type) 
-
-#define DECLARE_PEM_read(name, type) \
-	DECLARE_PEM_read_bio(name, type) \
-	DECLARE_PEM_read_fp(name, type)
-
-#define DECLARE_PEM_rw(name, type) \
-	DECLARE_PEM_read(name, type) \
-	DECLARE_PEM_write(name, type)
-
-#define DECLARE_PEM_rw_const(name, type) \
-	DECLARE_PEM_read(name, type) \
-	DECLARE_PEM_write_const(name, type)
-
-#define DECLARE_PEM_rw_cb(name, type) \
-	DECLARE_PEM_read(name, type) \
-	DECLARE_PEM_write_cb(name, type)
-
-#if 1
-/* "userdata": new with OpenSSL 0.9.4 */
-typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
-#else
-/* OpenSSL 0.9.3, 0.9.3a */
-typedef int pem_password_cb(char *buf, int size, int rwflag);
-#endif
-
-int	PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
-int	PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
-	pem_password_cb *callback,void *u);
-
-#ifndef OPENSSL_NO_BIO
-int	PEM_read_bio(BIO *bp, char **name, char **header,
-		unsigned char **data,long *len);
-int	PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
-		long len);
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
-	     pem_password_cb *cb, void *u);
-void *	PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
-			  void **x, pem_password_cb *cb, void *u);
-int	PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x,
-			   const EVP_CIPHER *enc,unsigned char *kstr,int klen,
-			   pem_password_cb *cb, void *u);
-
-STACK_OF(X509_INFO) *	PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
-int	PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
-		unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
-#endif
-
-int	PEM_read(FILE *fp, char **name, char **header,
-		unsigned char **data,long *len);
-int	PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
-void *  PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
-		      pem_password_cb *cb, void *u);
-int	PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp,
-		       void *x,const EVP_CIPHER *enc,unsigned char *kstr,
-		       int klen,pem_password_cb *callback, void *u);
-STACK_OF(X509_INFO) *	PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
-	pem_password_cb *cb, void *u);
-
-int	PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
-		EVP_MD *md_type, unsigned char **ek, int *ekl,
-		unsigned char *iv, EVP_PKEY **pubk, int npubk);
-void	PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
-		unsigned char *in, int inl);
-int	PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,
-		unsigned char *out, int *outl, EVP_PKEY *priv);
-
-void    PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
-void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
-int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
-		unsigned int *siglen, EVP_PKEY *pkey);
-
-int	PEM_def_callback(char *buf, int num, int w, void *key);
-void	PEM_proc_type(char *buf, int type);
-void	PEM_dek_info(char *buf, const char *type, int len, char *str);
-
-
-#include <openssl/symhacks.h>
-
-DECLARE_PEM_rw(X509, X509)
-
-DECLARE_PEM_rw(X509_AUX, X509)
-
-DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
-
-DECLARE_PEM_rw(X509_REQ, X509_REQ)
-DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
-
-DECLARE_PEM_rw(X509_CRL, X509_CRL)
-
-DECLARE_PEM_rw(PKCS7, PKCS7)
-
-DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
-
-DECLARE_PEM_rw(PKCS8, X509_SIG)
-
-DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
-
-#ifndef OPENSSL_NO_RSA
-
-DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
-
-DECLARE_PEM_rw_const(RSAPublicKey, RSA)
-DECLARE_PEM_rw(RSA_PUBKEY, RSA)
-
-#endif
-
-#ifndef OPENSSL_NO_DSA
-
-DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
-
-DECLARE_PEM_rw(DSA_PUBKEY, DSA)
-
-DECLARE_PEM_rw_const(DSAparams, DSA)
-
-#endif
-
-#ifndef OPENSSL_NO_EC
-DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
-DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
-DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
-#endif
-
-#ifndef OPENSSL_NO_DH
-
-DECLARE_PEM_rw_const(DHparams, DH)
-
-#endif
-
-DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
-
-DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
-
-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u);
-int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
-                                  char *, int, pem_password_cb *, void *);
-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u);
-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u);
-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-
-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u);
-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u);
-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u);
-
-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-
-int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
-			      char *kstr,int klen, pem_password_cb *cd, void *u);
-
-EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
-int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
-
-
-EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
-EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
-EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
-EVP_PKEY *b2i_PublicKey_bio(BIO *in);
-int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
-int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
-#ifndef OPENSSL_NO_RC4
-EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
-int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
-		pem_password_cb *cb, void *u);
-#endif
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PEM_strings(void);
-
-/* Error codes for the PEM functions. */
-
-/* Function codes. */
-#define PEM_F_B2I_DSS					 127
-#define PEM_F_B2I_PVK_BIO				 128
-#define PEM_F_B2I_RSA					 129
-#define PEM_F_CHECK_BITLEN_DSA				 130
-#define PEM_F_CHECK_BITLEN_RSA				 131
-#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO			 120
-#define PEM_F_D2I_PKCS8PRIVATEKEY_FP			 121
-#define PEM_F_DO_B2I					 132
-#define PEM_F_DO_B2I_BIO				 133
-#define PEM_F_DO_BLOB_HEADER				 134
-#define PEM_F_DO_PK8PKEY				 126
-#define PEM_F_DO_PK8PKEY_FP				 125
-#define PEM_F_DO_PVK_BODY				 135
-#define PEM_F_DO_PVK_HEADER				 136
-#define PEM_F_I2B_PVK					 137
-#define PEM_F_I2B_PVK_BIO				 138
-#define PEM_F_LOAD_IV					 101
-#define PEM_F_PEM_ASN1_READ				 102
-#define PEM_F_PEM_ASN1_READ_BIO				 103
-#define PEM_F_PEM_ASN1_WRITE				 104
-#define PEM_F_PEM_ASN1_WRITE_BIO			 105
-#define PEM_F_PEM_DEF_CALLBACK				 100
-#define PEM_F_PEM_DO_HEADER				 106
-#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY		 118
-#define PEM_F_PEM_GET_EVP_CIPHER_INFO			 107
-#define PEM_F_PEM_PK8PKEY				 119
-#define PEM_F_PEM_READ					 108
-#define PEM_F_PEM_READ_BIO				 109
-#define PEM_F_PEM_READ_BIO_PARAMETERS			 140
-#define PEM_F_PEM_READ_BIO_PRIVATEKEY			 123
-#define PEM_F_PEM_READ_PRIVATEKEY			 124
-#define PEM_F_PEM_SEALFINAL				 110
-#define PEM_F_PEM_SEALINIT				 111
-#define PEM_F_PEM_SIGNFINAL				 112
-#define PEM_F_PEM_WRITE					 113
-#define PEM_F_PEM_WRITE_BIO				 114
-#define PEM_F_PEM_WRITE_PRIVATEKEY			 139
-#define PEM_F_PEM_X509_INFO_READ			 115
-#define PEM_F_PEM_X509_INFO_READ_BIO			 116
-#define PEM_F_PEM_X509_INFO_WRITE_BIO			 117
-
-/* Reason codes. */
-#define PEM_R_BAD_BASE64_DECODE				 100
-#define PEM_R_BAD_DECRYPT				 101
-#define PEM_R_BAD_END_LINE				 102
-#define PEM_R_BAD_IV_CHARS				 103
-#define PEM_R_BAD_MAGIC_NUMBER				 116
-#define PEM_R_BAD_PASSWORD_READ				 104
-#define PEM_R_BAD_VERSION_NUMBER			 117
-#define PEM_R_BIO_WRITE_FAILURE				 118
-#define PEM_R_CIPHER_IS_NULL				 127
-#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY		 115
-#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB		 119
-#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB			 120
-#define PEM_R_INCONSISTENT_HEADER			 121
-#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR		 122
-#define PEM_R_KEYBLOB_TOO_SHORT				 123
-#define PEM_R_NOT_DEK_INFO				 105
-#define PEM_R_NOT_ENCRYPTED				 106
-#define PEM_R_NOT_PROC_TYPE				 107
-#define PEM_R_NO_START_LINE				 108
-#define PEM_R_PROBLEMS_GETTING_PASSWORD			 109
-#define PEM_R_PUBLIC_KEY_NO_RSA				 110
-#define PEM_R_PVK_DATA_TOO_SHORT			 124
-#define PEM_R_PVK_TOO_SHORT				 125
-#define PEM_R_READ_KEY					 111
-#define PEM_R_SHORT_HEADER				 112
-#define PEM_R_UNSUPPORTED_CIPHER			 113
-#define PEM_R_UNSUPPORTED_ENCRYPTION			 114
-#define PEM_R_UNSUPPORTED_KEY_COMPONENTS		 126
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/pem/pem2.h b/crypto/pem/pem2.h
deleted file mode 100644
index f31790d69c..0000000000
--- a/crypto/pem/pem2.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * This header only exists to break a circular dependency between pem and err
- * Ben 30 Jan 1999.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef HEADER_PEM_H
-void ERR_load_PEM_strings(void);
-#endif
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
deleted file mode 100644
index eac0460e3e..0000000000
--- a/crypto/pem/pem_all.c
+++ /dev/null
@@ -1,457 +0,0 @@
-/* crypto/pem/pem_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
-#endif
-#ifndef OPENSSL_NO_DSA
-static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
-#endif
-
-#ifndef OPENSSL_NO_EC
-static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
-#endif
-
-IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
-
-IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
-
-IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
-
-IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
-
-IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
-					PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
-
-
-#ifndef OPENSSL_NO_RSA
-
-/* We treat RSA or DSA private keys as a special case.
- *
- * For private keys we read in an EVP_PKEY structure with
- * PEM_read_bio_PrivateKey() and extract the relevant private
- * key: this means can handle "traditional" and PKCS#8 formats
- * transparently.
- */
-
-static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
-{
-	RSA *rtmp;
-	if(!key) return NULL;
-	rtmp = EVP_PKEY_get1_RSA(key);
-	EVP_PKEY_free(key);
-	if(!rtmp) return NULL;
-	if(rsa) {
-		RSA_free(*rsa);
-		*rsa = rtmp;
-	}
-	return rtmp;
-}
-
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
-								void *u)
-{
-	EVP_PKEY *pktmp;
-	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-	return pkey_get_rsa(pktmp, rsa);
-}
-
-#ifndef OPENSSL_NO_FP_API
-
-RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
-								void *u)
-{
-	EVP_PKEY *pktmp;
-	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-	return pkey_get_rsa(pktmp, rsa);
-}
-
-#endif
-
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-	if (FIPS_mode())
-		{
-		EVP_PKEY *k;
-		int ret;
-		k = EVP_PKEY_new();
-		if (!k)
-			return 0;
-		EVP_PKEY_set1_RSA(k, x);
-
-		ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-		EVP_PKEY_free(k);
-		return ret;
-		}
-	else
-		return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
-					PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-	if (FIPS_mode())
-		{
-		EVP_PKEY *k;
-		int ret;
-		k = EVP_PKEY_new();
-		if (!k)
-			return 0;
-
-		EVP_PKEY_set1_RSA(k, x);
-
-		ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-		EVP_PKEY_free(k);
-		return ret;
-		}
-	else
-		return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
-					PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
-IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
-
-#endif
-
-IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
-IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
-
-#endif
-
-#ifndef OPENSSL_NO_DSA
-
-static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
-{
-	DSA *dtmp;
-	if(!key) return NULL;
-	dtmp = EVP_PKEY_get1_DSA(key);
-	EVP_PKEY_free(key);
-	if(!dtmp) return NULL;
-	if(dsa) {
-		DSA_free(*dsa);
-		*dsa = dtmp;
-	}
-	return dtmp;
-}
-
-DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
-								void *u)
-{
-	EVP_PKEY *pktmp;
-	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-	return pkey_get_dsa(pktmp, dsa);	/* will free pktmp */
-}
-
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-	if (FIPS_mode())
-		{
-		EVP_PKEY *k;
-		int ret;
-		k = EVP_PKEY_new();
-		if (!k)
-			return 0;
-		EVP_PKEY_set1_DSA(k, x);
-
-		ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-		EVP_PKEY_free(k);
-		return ret;
-		}
-	else
-		return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
-					PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-	if (FIPS_mode())
-		{
-		EVP_PKEY *k;
-		int ret;
-		k = EVP_PKEY_new();
-		if (!k)
-			return 0;
-		EVP_PKEY_set1_DSA(k, x);
-		ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-		EVP_PKEY_free(k);
-		return ret;
-		}
-	else
-		return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
-					PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
-IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
-
-#endif
-
-IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
-
-#ifndef OPENSSL_NO_FP_API
-
-DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
-								void *u)
-{
-	EVP_PKEY *pktmp;
-	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-	return pkey_get_dsa(pktmp, dsa);	/* will free pktmp */
-}
-
-#endif
-
-IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
-
-#endif
-
-
-#ifndef OPENSSL_NO_EC
-static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
-{
-	EC_KEY *dtmp;
-	if(!key) return NULL;
-	dtmp = EVP_PKEY_get1_EC_KEY(key);
-	EVP_PKEY_free(key);
-	if(!dtmp) return NULL;
-	if(eckey) 
-	{
- 		EC_KEY_free(*eckey);
-		*eckey = dtmp;
-	}
-	return dtmp;
-}
-
-EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
-							void *u)
-{
-	EVP_PKEY *pktmp;
-	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-	return pkey_get_eckey(pktmp, key);	/* will free pktmp */
-}
-
-IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
-
-
-
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-	if (FIPS_mode())
-		{
-		EVP_PKEY *k;
-		int ret;
-		k = EVP_PKEY_new();
-		if (!k)
-			return 0;
-		EVP_PKEY_set1_EC_KEY(k, x);
-
-		ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-		EVP_PKEY_free(k);
-		return ret;
-		}
-	else
-		return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
-						PEM_STRING_ECPRIVATEKEY,
-						bp,x,enc,kstr,klen,cb,u);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-{
-	if (FIPS_mode())
-		{
-		EVP_PKEY *k;
-		int ret;
-		k = EVP_PKEY_new();
-		if (!k)
-			return 0;
-		EVP_PKEY_set1_EC_KEY(k, x);
-		ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-		EVP_PKEY_free(k);
-		return ret;
-		}
-	else
-		return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
-						PEM_STRING_ECPRIVATEKEY,
-						fp,x,enc,kstr,klen,cb,u);
-}
-#endif
-
-#else
-
-IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
-
-#endif
-
-IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
-
-#ifndef OPENSSL_NO_FP_API
- 
-EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
- 								void *u)
-{
-	EVP_PKEY *pktmp;
-	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-	return pkey_get_eckey(pktmp, eckey);	/* will free pktmp */
-}
-
-#endif
-
-#endif
-
-#ifndef OPENSSL_NO_DH
-
-IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
-
-#endif
-
-IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c
deleted file mode 100644
index d644aeedd4..0000000000
--- a/crypto/pem/pem_err.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/* crypto/pem/pem_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
-
-static ERR_STRING_DATA PEM_str_functs[]=
-	{
-{ERR_FUNC(PEM_F_B2I_DSS),	"B2I_DSS"},
-{ERR_FUNC(PEM_F_B2I_PVK_BIO),	"b2i_PVK_bio"},
-{ERR_FUNC(PEM_F_B2I_RSA),	"B2I_RSA"},
-{ERR_FUNC(PEM_F_CHECK_BITLEN_DSA),	"CHECK_BITLEN_DSA"},
-{ERR_FUNC(PEM_F_CHECK_BITLEN_RSA),	"CHECK_BITLEN_RSA"},
-{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO),	"d2i_PKCS8PrivateKey_bio"},
-{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP),	"d2i_PKCS8PrivateKey_fp"},
-{ERR_FUNC(PEM_F_DO_B2I),	"DO_B2I"},
-{ERR_FUNC(PEM_F_DO_B2I_BIO),	"DO_B2I_BIO"},
-{ERR_FUNC(PEM_F_DO_BLOB_HEADER),	"DO_BLOB_HEADER"},
-{ERR_FUNC(PEM_F_DO_PK8PKEY),	"DO_PK8PKEY"},
-{ERR_FUNC(PEM_F_DO_PK8PKEY_FP),	"DO_PK8PKEY_FP"},
-{ERR_FUNC(PEM_F_DO_PVK_BODY),	"DO_PVK_BODY"},
-{ERR_FUNC(PEM_F_DO_PVK_HEADER),	"DO_PVK_HEADER"},
-{ERR_FUNC(PEM_F_I2B_PVK),	"I2B_PVK"},
-{ERR_FUNC(PEM_F_I2B_PVK_BIO),	"i2b_PVK_bio"},
-{ERR_FUNC(PEM_F_LOAD_IV),	"LOAD_IV"},
-{ERR_FUNC(PEM_F_PEM_ASN1_READ),	"PEM_ASN1_read"},
-{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO),	"PEM_ASN1_read_bio"},
-{ERR_FUNC(PEM_F_PEM_ASN1_WRITE),	"PEM_ASN1_write"},
-{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO),	"PEM_ASN1_write_bio"},
-{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK),	"PEM_def_callback"},
-{ERR_FUNC(PEM_F_PEM_DO_HEADER),	"PEM_do_header"},
-{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),	"PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
-{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO),	"PEM_get_EVP_CIPHER_INFO"},
-{ERR_FUNC(PEM_F_PEM_PK8PKEY),	"PEM_PK8PKEY"},
-{ERR_FUNC(PEM_F_PEM_READ),	"PEM_read"},
-{ERR_FUNC(PEM_F_PEM_READ_BIO),	"PEM_read_bio"},
-{ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS),	"PEM_read_bio_Parameters"},
-{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY),	"PEM_READ_BIO_PRIVATEKEY"},
-{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY),	"PEM_READ_PRIVATEKEY"},
-{ERR_FUNC(PEM_F_PEM_SEALFINAL),	"PEM_SealFinal"},
-{ERR_FUNC(PEM_F_PEM_SEALINIT),	"PEM_SealInit"},
-{ERR_FUNC(PEM_F_PEM_SIGNFINAL),	"PEM_SignFinal"},
-{ERR_FUNC(PEM_F_PEM_WRITE),	"PEM_write"},
-{ERR_FUNC(PEM_F_PEM_WRITE_BIO),	"PEM_write_bio"},
-{ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY),	"PEM_WRITE_PRIVATEKEY"},
-{ERR_FUNC(PEM_F_PEM_X509_INFO_READ),	"PEM_X509_INFO_read"},
-{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO),	"PEM_X509_INFO_read_bio"},
-{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO),	"PEM_X509_INFO_write_bio"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA PEM_str_reasons[]=
-	{
-{ERR_REASON(PEM_R_BAD_BASE64_DECODE)     ,"bad base64 decode"},
-{ERR_REASON(PEM_R_BAD_DECRYPT)           ,"bad decrypt"},
-{ERR_REASON(PEM_R_BAD_END_LINE)          ,"bad end line"},
-{ERR_REASON(PEM_R_BAD_IV_CHARS)          ,"bad iv chars"},
-{ERR_REASON(PEM_R_BAD_MAGIC_NUMBER)      ,"bad magic number"},
-{ERR_REASON(PEM_R_BAD_PASSWORD_READ)     ,"bad password read"},
-{ERR_REASON(PEM_R_BAD_VERSION_NUMBER)    ,"bad version number"},
-{ERR_REASON(PEM_R_BIO_WRITE_FAILURE)     ,"bio write failure"},
-{ERR_REASON(PEM_R_CIPHER_IS_NULL)        ,"cipher is null"},
-{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
-{ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB),"expecting private key blob"},
-{ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB),"expecting public key blob"},
-{ERR_REASON(PEM_R_INCONSISTENT_HEADER)   ,"inconsistent header"},
-{ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR),"keyblob header parse error"},
-{ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT)     ,"keyblob too short"},
-{ERR_REASON(PEM_R_NOT_DEK_INFO)          ,"not dek info"},
-{ERR_REASON(PEM_R_NOT_ENCRYPTED)         ,"not encrypted"},
-{ERR_REASON(PEM_R_NOT_PROC_TYPE)         ,"not proc type"},
-{ERR_REASON(PEM_R_NO_START_LINE)         ,"no start line"},
-{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
-{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA)     ,"public key no rsa"},
-{ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT)    ,"pvk data too short"},
-{ERR_REASON(PEM_R_PVK_TOO_SHORT)         ,"pvk too short"},
-{ERR_REASON(PEM_R_READ_KEY)              ,"read key"},
-{ERR_REASON(PEM_R_SHORT_HEADER)          ,"short header"},
-{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
-{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
-{ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS),"unsupported key components"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_PEM_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(PEM_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,PEM_str_functs);
-		ERR_load_strings(0,PEM_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
deleted file mode 100644
index cc7f24a9c1..0000000000
--- a/crypto/pem/pem_info.c
+++ /dev/null
@@ -1,406 +0,0 @@
-/* crypto/pem/pem_info.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
-	{
-        BIO *b;
-        STACK_OF(X509_INFO) *ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
-        BIO_free(b);
-        return(ret);
-	}
-#endif
-
-STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
-	{
-	X509_INFO *xi=NULL;
-	char *name=NULL,*header=NULL;
-	void *pp;
-	unsigned char *data=NULL;
-	const unsigned char *p;
-	long len,error=0;
-	int ok=0;
-	STACK_OF(X509_INFO) *ret=NULL;
-	unsigned int i,raw,ptype;
-	d2i_of_void *d2i = 0;
-
-	if (sk == NULL)
-		{
-		if ((ret=sk_X509_INFO_new_null()) == NULL)
-			{
-			PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	else
-		ret=sk;
-
-	if ((xi=X509_INFO_new()) == NULL) goto err;
-	for (;;)
-		{
-		raw=0;
-		ptype = 0;
-		i=PEM_read_bio(bp,&name,&header,&data,&len);
-		if (i == 0)
-			{
-			error=ERR_GET_REASON(ERR_peek_last_error());
-			if (error == PEM_R_NO_START_LINE)
-				{
-				ERR_clear_error();
-				break;
-				}
-			goto err;
-			}
-start:
-		if (	(strcmp(name,PEM_STRING_X509) == 0) ||
-			(strcmp(name,PEM_STRING_X509_OLD) == 0))
-			{
-			d2i=(D2I_OF(void))d2i_X509;
-			if (xi->x509 != NULL)
-				{
-				if (!sk_X509_INFO_push(ret,xi)) goto err;
-				if ((xi=X509_INFO_new()) == NULL) goto err;
-				goto start;
-				}
-			pp=&(xi->x509);
-			}
-		else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
-			{
-			d2i=(D2I_OF(void))d2i_X509_AUX;
-			if (xi->x509 != NULL)
-				{
-				if (!sk_X509_INFO_push(ret,xi)) goto err;
-				if ((xi=X509_INFO_new()) == NULL) goto err;
-				goto start;
-				}
-			pp=&(xi->x509);
-			}
-		else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
-			{
-			d2i=(D2I_OF(void))d2i_X509_CRL;
-			if (xi->crl != NULL)
-				{
-				if (!sk_X509_INFO_push(ret,xi)) goto err;
-				if ((xi=X509_INFO_new()) == NULL) goto err;
-				goto start;
-				}
-			pp=&(xi->crl);
-			}
-		else
-#ifndef OPENSSL_NO_RSA
-			if (strcmp(name,PEM_STRING_RSA) == 0)
-			{
-			d2i=(D2I_OF(void))d2i_RSAPrivateKey;
-			if (xi->x_pkey != NULL) 
-				{
-				if (!sk_X509_INFO_push(ret,xi)) goto err;
-				if ((xi=X509_INFO_new()) == NULL) goto err;
-				goto start;
-				}
-
-			xi->enc_data=NULL;
-			xi->enc_len=0;
-
-			xi->x_pkey=X509_PKEY_new();
-			ptype=EVP_PKEY_RSA;
-			pp=&xi->x_pkey->dec_pkey;
-			if ((int)strlen(header) > 10) /* assume encrypted */
-				raw=1;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_DSA
-			if (strcmp(name,PEM_STRING_DSA) == 0)
-			{
-			d2i=(D2I_OF(void))d2i_DSAPrivateKey;
-			if (xi->x_pkey != NULL) 
-				{
-				if (!sk_X509_INFO_push(ret,xi)) goto err;
-				if ((xi=X509_INFO_new()) == NULL) goto err;
-				goto start;
-				}
-
-			xi->enc_data=NULL;
-			xi->enc_len=0;
-
-			xi->x_pkey=X509_PKEY_new();
-			ptype = EVP_PKEY_DSA;
-			pp=&xi->x_pkey->dec_pkey;
-			if ((int)strlen(header) > 10) /* assume encrypted */
-				raw=1;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_EC
- 			if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0)
- 			{
- 				d2i=(D2I_OF(void))d2i_ECPrivateKey;
- 				if (xi->x_pkey != NULL) 
- 				{
- 					if (!sk_X509_INFO_push(ret,xi)) goto err;
- 					if ((xi=X509_INFO_new()) == NULL) goto err;
- 						goto start;
- 				}
- 
- 			xi->enc_data=NULL;
- 			xi->enc_len=0;
- 
- 			xi->x_pkey=X509_PKEY_new();
-			ptype = EVP_PKEY_EC;
- 			pp=&xi->x_pkey->dec_pkey;
- 			if ((int)strlen(header) > 10) /* assume encrypted */
- 				raw=1;
-			}
-		else
-#endif
-			{
-			d2i=NULL;
-			pp=NULL;
-			}
-
-		if (d2i != NULL)
-			{
-			if (!raw)
-				{
-				EVP_CIPHER_INFO cipher;
-
-				if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
-					goto err;
-				if (!PEM_do_header(&cipher,data,&len,cb,u))
-					goto err;
-				p=data;
-				if (ptype)
-					{
-					if (!d2i_PrivateKey(ptype, pp, &p, len))
-						{
-						PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
-						goto err;
-						}
-					}
-				else if (d2i(pp,&p,len) == NULL)
-					{
-					PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
-					goto err;
-					}
-				}
-			else
-				{ /* encrypted RSA data */
-				if (!PEM_get_EVP_CIPHER_INFO(header,
-					&xi->enc_cipher)) goto err;
-				xi->enc_data=(char *)data;
-				xi->enc_len=(int)len;
-				data=NULL;
-				}
-			}
-		else	{
-			/* unknown */
-			}
-		if (name != NULL) OPENSSL_free(name);
-		if (header != NULL) OPENSSL_free(header);
-		if (data != NULL) OPENSSL_free(data);
-		name=NULL;
-		header=NULL;
-		data=NULL;
-		}
-
-	/* if the last one hasn't been pushed yet and there is anything
-	 * in it then add it to the stack ... 
-	 */
-	if ((xi->x509 != NULL) || (xi->crl != NULL) ||
-		(xi->x_pkey != NULL) || (xi->enc_data != NULL))
-		{
-		if (!sk_X509_INFO_push(ret,xi)) goto err;
-		xi=NULL;
-		}
-	ok=1;
-err:
-	if (xi != NULL) X509_INFO_free(xi);
-	if (!ok)
-		{
-		for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
-			{
-			xi=sk_X509_INFO_value(ret,i);
-			X509_INFO_free(xi);
-			}
-		if (ret != sk) sk_X509_INFO_free(ret);
-		ret=NULL;
-		}
-		
-	if (name != NULL) OPENSSL_free(name);
-	if (header != NULL) OPENSSL_free(header);
-	if (data != NULL) OPENSSL_free(data);
-	return(ret);
-	}
-
-
-/* A TJH addition */
-int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
-	{
-	EVP_CIPHER_CTX ctx;
-	int i,ret=0;
-	unsigned char *data=NULL;
-	const char *objstr=NULL;
-	char buf[PEM_BUFSIZE];
-	unsigned char *iv=NULL;
-	
-	if (enc != NULL)
-		{
-		objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
-		if (objstr == NULL)
-			{
-			PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
-			goto err;
-			}
-		}
-
-	/* now for the fun part ... if we have a private key then 
-	 * we have to be able to handle a not-yet-decrypted key
-	 * being written out correctly ... if it is decrypted or
-	 * it is non-encrypted then we use the base code
-	 */
-	if (xi->x_pkey!=NULL)
-		{
-		if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
-			{
-			if (enc == NULL)
-				{
-				PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_CIPHER_IS_NULL);
-				goto err;
-				}
-
-			/* copy from weirdo names into more normal things */
-			iv=xi->enc_cipher.iv;
-			data=(unsigned char *)xi->enc_data;
-			i=xi->enc_len;
-
-			/* we take the encryption data from the
-			 * internal stuff rather than what the
-			 * user has passed us ... as we have to 
-			 * match exactly for some strange reason
-			 */
-			objstr=OBJ_nid2sn(
-				EVP_CIPHER_nid(xi->enc_cipher.cipher));
-			if (objstr == NULL)
-				{
-				PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
-				goto err;
-				}
-
-			/* create the right magic header stuff */
-			OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
-			buf[0]='\0';
-			PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
-			PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
-
-			/* use the normal code to write things out */
-			i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
-			if (i <= 0) goto err;
-			}
-		else
-			{
-			/* Add DSA/DH */
-#ifndef OPENSSL_NO_RSA
-			/* normal optionally encrypted stuff */
-			if (PEM_write_bio_RSAPrivateKey(bp,
-				xi->x_pkey->dec_pkey->pkey.rsa,
-				enc,kstr,klen,cb,u)<=0)
-				goto err;
-#endif
-			}
-		}
-
-	/* if we have a certificate then write it out now */
-	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
-		goto err;
-
-	/* we are ignoring anything else that is loaded into the X509_INFO
-	 * structure for the moment ... as I don't need it so I'm not
-	 * coding it here and Eric can do it when this makes it into the
-	 * base library --tjh
-	 */
-
-	ret=1;
-
-err:
-	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
-	OPENSSL_cleanse(buf,PEM_BUFSIZE);
-	return(ret);
-	}
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
deleted file mode 100644
index 5a421fc4b6..0000000000
--- a/crypto/pem/pem_lib.c
+++ /dev/null
@@ -1,859 +0,0 @@
-/* crypto/pem/pem_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-#include "asn1_locl.h"
-#ifndef OPENSSL_NO_DES
-#include <openssl/des.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
-
-#define MIN_LENGTH	4
-
-static int load_iv(char **fromp,unsigned char *to, int num);
-static int check_pem(const char *nm, const char *name);
-int pem_check_suffix(const char *pem_str, const char *suffix);
-
-int PEM_def_callback(char *buf, int num, int w, void *key)
-	{
-#ifdef OPENSSL_NO_FP_API
-	/* We should not ever call the default callback routine from
-	 * windows. */
-	PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-	return(-1);
-#else
-	int i,j;
-	const char *prompt;
-	if(key) {
-		i=strlen(key);
-		i=(i > num)?num:i;
-		memcpy(buf,key,i);
-		return(i);
-	}
-
-	prompt=EVP_get_pw_prompt();
-	if (prompt == NULL)
-		prompt="Enter PEM pass phrase:";
-
-	for (;;)
-		{
-		i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w);
-		if (i != 0)
-			{
-			PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
-			memset(buf,0,(unsigned int)num);
-			return(-1);
-			}
-		j=strlen(buf);
-		if (j < MIN_LENGTH)
-			{
-			fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);
-			}
-		else
-			break;
-		}
-	return(j);
-#endif
-	}
-
-void PEM_proc_type(char *buf, int type)
-	{
-	const char *str;
-
-	if (type == PEM_TYPE_ENCRYPTED)
-		str="ENCRYPTED";
-	else if (type == PEM_TYPE_MIC_CLEAR)
-		str="MIC-CLEAR";
-	else if (type == PEM_TYPE_MIC_ONLY)
-		str="MIC-ONLY";
-	else
-		str="BAD-TYPE";
-		
-	BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
-	BUF_strlcat(buf,str,PEM_BUFSIZE);
-	BUF_strlcat(buf,"\n",PEM_BUFSIZE);
-	}
-
-void PEM_dek_info(char *buf, const char *type, int len, char *str)
-	{
-	static const unsigned char map[17]="0123456789ABCDEF";
-	long i;
-	int j;
-
-	BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
-	BUF_strlcat(buf,type,PEM_BUFSIZE);
-	BUF_strlcat(buf,",",PEM_BUFSIZE);
-	j=strlen(buf);
-	if (j + (len * 2) + 1 > PEM_BUFSIZE)
-        	return;
-	for (i=0; i<len; i++)
-		{
-		buf[j+i*2]  =map[(str[i]>>4)&0x0f];
-		buf[j+i*2+1]=map[(str[i]   )&0x0f];
-		}
-	buf[j+i*2]='\n';
-	buf[j+i*2+1]='\0';
-	}
-
-#ifndef OPENSSL_NO_FP_API
-void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
-		    pem_password_cb *cb, void *u)
-	{
-        BIO *b;
-        void *ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
-        BIO_free(b);
-        return(ret);
-	}
-#endif
-
-static int check_pem(const char *nm, const char *name)
-{
-	/* Normal matching nm and name */
-	if (!strcmp(nm,name)) return 1;
-
-	/* Make PEM_STRING_EVP_PKEY match any private key */
-
-	if(!strcmp(name,PEM_STRING_EVP_PKEY))
-		{
-		int slen;
-		const EVP_PKEY_ASN1_METHOD *ameth;
-		if(!strcmp(nm,PEM_STRING_PKCS8))
-			return 1;
-		if(!strcmp(nm,PEM_STRING_PKCS8INF))
-			return 1;
-		slen = pem_check_suffix(nm, "PRIVATE KEY"); 
-		if (slen > 0)
-			{
-			/* NB: ENGINE implementations wont contain
-			 * a deprecated old private key decode function
-			 * so don't look for them.
-			 */
-			ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
-			if (ameth && ameth->old_priv_decode)
-				return 1;
-			}
-		return 0;
-		}
-
-	if(!strcmp(name,PEM_STRING_PARAMETERS))
-		{
-		int slen;
-		const EVP_PKEY_ASN1_METHOD *ameth;
-		slen = pem_check_suffix(nm, "PARAMETERS"); 
-		if (slen > 0)
-			{
-			ENGINE *e;
-			ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
-			if (ameth)
-				{
-				int r;
-				if (ameth->param_decode)
-					r = 1;
-				else
-					r = 0;
-#ifndef OPENSSL_NO_ENGINE
-				if (e)
-					ENGINE_finish(e);
-#endif
-				return r;
-				}
-			}
-		return 0;
-		}
-
-	/* Permit older strings */
-
-	if(!strcmp(nm,PEM_STRING_X509_OLD) &&
-		!strcmp(name,PEM_STRING_X509)) return 1;
-
-	if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) &&
-		!strcmp(name,PEM_STRING_X509_REQ)) return 1;
-
-	/* Allow normal certs to be read as trusted certs */
-	if(!strcmp(nm,PEM_STRING_X509) &&
-		!strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
-
-	if(!strcmp(nm,PEM_STRING_X509_OLD) &&
-		!strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
-
-	/* Some CAs use PKCS#7 with CERTIFICATE headers */
-	if(!strcmp(nm, PEM_STRING_X509) &&
-		!strcmp(name, PEM_STRING_PKCS7)) return 1;
-
-	if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
-		!strcmp(name, PEM_STRING_PKCS7)) return 1;
-
-#ifndef OPENSSL_NO_CMS
-	if(!strcmp(nm, PEM_STRING_X509) &&
-		!strcmp(name, PEM_STRING_CMS)) return 1;
-	/* Allow CMS to be read from PKCS#7 headers */
-	if(!strcmp(nm, PEM_STRING_PKCS7) &&
-		!strcmp(name, PEM_STRING_CMS)) return 1;
-#endif
-
-	return 0;
-}
-
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
-	     pem_password_cb *cb, void *u)
-	{
-	EVP_CIPHER_INFO cipher;
-	char *nm=NULL,*header=NULL;
-	unsigned char *data=NULL;
-	long len;
-	int ret = 0;
-
-	for (;;)
-		{
-		if (!PEM_read_bio(bp,&nm,&header,&data,&len)) {
-			if(ERR_GET_REASON(ERR_peek_error()) ==
-				PEM_R_NO_START_LINE)
-				ERR_add_error_data(2, "Expecting: ", name);
-			return 0;
-		}
-		if(check_pem(nm, name)) break;
-		OPENSSL_free(nm);
-		OPENSSL_free(header);
-		OPENSSL_free(data);
-		}
-	if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
-	if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
-
-	*pdata = data;
-	*plen = len;
-
-	if (pnm)
-		*pnm = nm;
-
-	ret = 1;
-
-err:
-	if (!ret || !pnm) OPENSSL_free(nm);
-	OPENSSL_free(header);
-	if (!ret) OPENSSL_free(data);
-	return ret;
-	}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
-		   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
-		   int klen, pem_password_cb *callback, void *u)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
-		       void *x, const EVP_CIPHER *enc, unsigned char *kstr,
-		       int klen, pem_password_cb *callback, void *u)
-	{
-	EVP_CIPHER_CTX ctx;
-	int dsize=0,i,j,ret=0;
-	unsigned char *p,*data=NULL;
-	const char *objstr=NULL;
-	char buf[PEM_BUFSIZE];
-	unsigned char key[EVP_MAX_KEY_LENGTH];
-	unsigned char iv[EVP_MAX_IV_LENGTH];
-	
-	if (enc != NULL)
-		{
-		objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
-		if (objstr == NULL)
-			{
-			PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
-			goto err;
-			}
-		}
-
-	if ((dsize=i2d(x,NULL)) < 0)
-		{
-		PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
-		dsize=0;
-		goto err;
-		}
-	/* dzise + 8 bytes are needed */
-	/* actually it needs the cipher block size extra... */
-	data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
-	if (data == NULL)
-		{
-		PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	p=data;
-	i=i2d(x,&p);
-
-	if (enc != NULL)
-		{
-		if (kstr == NULL)
-			{
-			if (callback == NULL)
-				klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
-			else
-				klen=(*callback)(buf,PEM_BUFSIZE,1,u);
-			if (klen <= 0)
-				{
-				PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
-				goto err;
-				}
-#ifdef CHARSET_EBCDIC
-			/* Convert the pass phrase from EBCDIC */
-			ebcdic2ascii(buf, buf, klen);
-#endif
-			kstr=(unsigned char *)buf;
-			}
-		RAND_add(data,i,0);/* put in the RSA key. */
-		OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
-		if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
-			goto err;
-		/* The 'iv' is used as the iv and as a salt.  It is
-		 * NOT taken from the BytesToKey function */
-		if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
-			goto err;
-
-		if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
-
-		OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
-
-		buf[0]='\0';
-		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
-		PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
-		/* k=strlen(buf); */
-
-		EVP_CIPHER_CTX_init(&ctx);
-		ret = 1;
-		if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
-			|| !EVP_EncryptUpdate(&ctx,data,&j,data,i)
-			|| !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
-			ret = 0;
-		EVP_CIPHER_CTX_cleanup(&ctx);
-		if (ret == 0)
-			goto err;
-		i+=j;
-		}
-	else
-		{
-		ret=1;
-		buf[0]='\0';
-		}
-	i=PEM_write_bio(bp,name,buf,data,i);
-	if (i <= 0) ret=0;
-err:
-	OPENSSL_cleanse(key,sizeof(key));
-	OPENSSL_cleanse(iv,sizeof(iv));
-	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
-	OPENSSL_cleanse(buf,PEM_BUFSIZE);
-	if (data != NULL)
-		{
-		OPENSSL_cleanse(data,(unsigned int)dsize);
-		OPENSSL_free(data);
-		}
-	return(ret);
-	}
-
-int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
-	     pem_password_cb *callback,void *u)
-	{
-	int i,j,o,klen;
-	long len;
-	EVP_CIPHER_CTX ctx;
-	unsigned char key[EVP_MAX_KEY_LENGTH];
-	char buf[PEM_BUFSIZE];
-
-	len= *plen;
-
-	if (cipher->cipher == NULL) return(1);
-	if (callback == NULL)
-		klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
-	else
-		klen=callback(buf,PEM_BUFSIZE,0,u);
-	if (klen <= 0)
-		{
-		PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
-		return(0);
-		}
-#ifdef CHARSET_EBCDIC
-	/* Convert the pass phrase from EBCDIC */
-	ebcdic2ascii(buf, buf, klen);
-#endif
-
-	if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
-		(unsigned char *)buf,klen,1,key,NULL))
-		return 0;
-
-	j=(int)len;
-	EVP_CIPHER_CTX_init(&ctx);
-	o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
-	if (o)
-		o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
-	if (o)
-		o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
-	EVP_CIPHER_CTX_cleanup(&ctx);
-	OPENSSL_cleanse((char *)buf,sizeof(buf));
-	OPENSSL_cleanse((char *)key,sizeof(key));
-	j+=i;
-	if (!o)
-		{
-		PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
-		return(0);
-		}
-	*plen=j;
-	return(1);
-	}
-
-int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
-	{
-	const EVP_CIPHER *enc=NULL;
-	char *p,c;
-	char **header_pp = &header;
-
-	cipher->cipher=NULL;
-	if ((header == NULL) || (*header == '\0') || (*header == '\n'))
-		return(1);
-	if (strncmp(header,"Proc-Type: ",11) != 0)
-		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); }
-	header+=11;
-	if (*header != '4') return(0); header++;
-	if (*header != ',') return(0); header++;
-	if (strncmp(header,"ENCRYPTED",9) != 0)
-		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); }
-	for (; (*header != '\n') && (*header != '\0'); header++)
-		;
-	if (*header == '\0')
-		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); }
-	header++;
-	if (strncmp(header,"DEK-Info: ",10) != 0)
-		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); }
-	header+=10;
-
-	p=header;
-	for (;;)
-		{
-		c= *header;
-#ifndef CHARSET_EBCDIC
-		if (!(	((c >= 'A') && (c <= 'Z')) || (c == '-') ||
-			((c >= '0') && (c <= '9'))))
-			break;
-#else
-		if (!(	isupper(c) || (c == '-') ||
-			isdigit(c)))
-			break;
-#endif
-		header++;
-		}
-	*header='\0';
-	cipher->cipher=enc=EVP_get_cipherbyname(p);
-	*header=c;
-	header++;
-
-	if (enc == NULL)
-		{
-		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
-		return(0);
-		}
-	if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
-		return(0);
-
-	return(1);
-	}
-
-static int load_iv(char **fromp, unsigned char *to, int num)
-	{
-	int v,i;
-	char *from;
-
-	from= *fromp;
-	for (i=0; i<num; i++) to[i]=0;
-	num*=2;
-	for (i=0; i<num; i++)
-		{
-		if ((*from >= '0') && (*from <= '9'))
-			v= *from-'0';
-		else if ((*from >= 'A') && (*from <= 'F'))
-			v= *from-'A'+10;
-		else if ((*from >= 'a') && (*from <= 'f'))
-			v= *from-'a'+10;
-		else
-			{
-			PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS);
-			return(0);
-			}
-		from++;
-		to[i/2]|=v<<(long)((!(i&1))*4);
-		}
-
-	*fromp=from;
-	return(1);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
-	     long len)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_write_bio(b, name, header, data,len);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
-	     long len)
-	{
-	int nlen,n,i,j,outl;
-	unsigned char *buf = NULL;
-	EVP_ENCODE_CTX ctx;
-	int reason=ERR_R_BUF_LIB;
-	
-	EVP_EncodeInit(&ctx);
-	nlen=strlen(name);
-
-	if (	(BIO_write(bp,"-----BEGIN ",11) != 11) ||
-		(BIO_write(bp,name,nlen) != nlen) ||
-		(BIO_write(bp,"-----\n",6) != 6))
-		goto err;
-		
-	i=strlen(header);
-	if (i > 0)
-		{
-		if (	(BIO_write(bp,header,i) != i) ||
-			(BIO_write(bp,"\n",1) != 1))
-			goto err;
-		}
-
-	buf = OPENSSL_malloc(PEM_BUFSIZE*8);
-	if (buf == NULL)
-		{
-		reason=ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-
-	i=j=0;
-	while (len > 0)
-		{
-		n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);
-		EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n);
-		if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
-			goto err;
-		i+=outl;
-		len-=n;
-		j+=n;
-		}
-	EVP_EncodeFinal(&ctx,buf,&outl);
-	if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
-	OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
-	OPENSSL_free(buf);
-	buf = NULL;
-	if (	(BIO_write(bp,"-----END ",9) != 9) ||
-		(BIO_write(bp,name,nlen) != nlen) ||
-		(BIO_write(bp,"-----\n",6) != 6))
-		goto err;
-	return(i+outl);
-err:
-	if (buf) {
-		OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
-		OPENSSL_free(buf);
-	}
-	PEMerr(PEM_F_PEM_WRITE_BIO,reason);
-	return(0);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
-	     long *len)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_read_bio(b, name, header, data,len);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-
-int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
-	     long *len)
-	{
-	EVP_ENCODE_CTX ctx;
-	int end=0,i,k,bl=0,hl=0,nohead=0;
-	char buf[256];
-	BUF_MEM *nameB;
-	BUF_MEM *headerB;
-	BUF_MEM *dataB,*tmpB;
-	
-	nameB=BUF_MEM_new();
-	headerB=BUF_MEM_new();
-	dataB=BUF_MEM_new();
-	if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
-		{
-		BUF_MEM_free(nameB);
-		BUF_MEM_free(headerB);
-		BUF_MEM_free(dataB);
-		PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-
-	buf[254]='\0';
-	for (;;)
-		{
-		i=BIO_gets(bp,buf,254);
-
-		if (i <= 0)
-			{
-			PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
-			goto err;
-			}
-
-		while ((i >= 0) && (buf[i] <= ' ')) i--;
-		buf[++i]='\n'; buf[++i]='\0';
-
-		if (strncmp(buf,"-----BEGIN ",11) == 0)
-			{
-			i=strlen(&(buf[11]));
-
-			if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0)
-				continue;
-			if (!BUF_MEM_grow(nameB,i+9))
-				{
-				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			memcpy(nameB->data,&(buf[11]),i-6);
-			nameB->data[i-6]='\0';
-			break;
-			}
-		}
-	hl=0;
-	if (!BUF_MEM_grow(headerB,256))
-		{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
-	headerB->data[0]='\0';
-	for (;;)
-		{
-		i=BIO_gets(bp,buf,254);
-		if (i <= 0) break;
-
-		while ((i >= 0) && (buf[i] <= ' ')) i--;
-		buf[++i]='\n'; buf[++i]='\0';
-
-		if (buf[0] == '\n') break;
-		if (!BUF_MEM_grow(headerB,hl+i+9))
-			{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
-		if (strncmp(buf,"-----END ",9) == 0)
-			{
-			nohead=1;
-			break;
-			}
-		memcpy(&(headerB->data[hl]),buf,i);
-		headerB->data[hl+i]='\0';
-		hl+=i;
-		}
-
-	bl=0;
-	if (!BUF_MEM_grow(dataB,1024))
-		{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
-	dataB->data[0]='\0';
-	if (!nohead)
-		{
-		for (;;)
-			{
-			i=BIO_gets(bp,buf,254);
-			if (i <= 0) break;
-
-			while ((i >= 0) && (buf[i] <= ' ')) i--;
-			buf[++i]='\n'; buf[++i]='\0';
-
-			if (i != 65) end=1;
-			if (strncmp(buf,"-----END ",9) == 0)
-				break;
-			if (i > 65) break;
-			if (!BUF_MEM_grow_clean(dataB,i+bl+9))
-				{
-				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			memcpy(&(dataB->data[bl]),buf,i);
-			dataB->data[bl+i]='\0';
-			bl+=i;
-			if (end)
-				{
-				buf[0]='\0';
-				i=BIO_gets(bp,buf,254);
-				if (i <= 0) break;
-
-				while ((i >= 0) && (buf[i] <= ' ')) i--;
-				buf[++i]='\n'; buf[++i]='\0';
-
-				break;
-				}
-			}
-		}
-	else
-		{
-		tmpB=headerB;
-		headerB=dataB;
-		dataB=tmpB;
-		bl=hl;
-		}
-	i=strlen(nameB->data);
-	if (	(strncmp(buf,"-----END ",9) != 0) ||
-		(strncmp(nameB->data,&(buf[9]),i) != 0) ||
-		(strncmp(&(buf[9+i]),"-----\n",6) != 0))
-		{
-		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
-		goto err;
-		}
-
-	EVP_DecodeInit(&ctx);
-	i=EVP_DecodeUpdate(&ctx,
-		(unsigned char *)dataB->data,&bl,
-		(unsigned char *)dataB->data,bl);
-	if (i < 0)
-		{
-		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
-		goto err;
-		}
-	i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k);
-	if (i < 0)
-		{
-		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
-		goto err;
-		}
-	bl+=k;
-
-	if (bl == 0) goto err;
-	*name=nameB->data;
-	*header=headerB->data;
-	*data=(unsigned char *)dataB->data;
-	*len=bl;
-	OPENSSL_free(nameB);
-	OPENSSL_free(headerB);
-	OPENSSL_free(dataB);
-	return(1);
-err:
-	BUF_MEM_free(nameB);
-	BUF_MEM_free(headerB);
-	BUF_MEM_free(dataB);
-	return(0);
-	}
-
-/* Check pem string and return prefix length.
- * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY"
- * the return value is 3 for the string "RSA".
- */
-
-int pem_check_suffix(const char *pem_str, const char *suffix)
-	{
-	int pem_len = strlen(pem_str);
-	int suffix_len = strlen(suffix);
-	const char *p;
-	if (suffix_len + 1 >= pem_len)
-		return 0;
-	p = pem_str + pem_len - suffix_len;
-	if (strcmp(p, suffix))
-		return 0;
-	p--;
-	if (*p != ' ')
-		return 0;
-	return p - pem_str;
-	}
-
diff --git a/crypto/pem/pem_oth.c b/crypto/pem/pem_oth.c
deleted file mode 100644
index b33868d25a..0000000000
--- a/crypto/pem/pem_oth.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/* crypto/pem/pem_oth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-/* Handle 'other' PEMs: not private keys */
-
-void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
-			pem_password_cb *cb, void *u)
-	{
-	const unsigned char *p=NULL;
-	unsigned char *data=NULL;
-	long len;
-	char *ret=NULL;
-
-	if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
-		return NULL;
-	p = data;
-	ret=d2i(x,&p,len);
-	if (ret == NULL)
-		PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
-	OPENSSL_free(data);
-	return(ret);
-	}
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
deleted file mode 100644
index 6deab8c338..0000000000
--- a/crypto/pem/pem_pk8.c
+++ /dev/null
@@ -1,242 +0,0 @@
-/* crypto/pem/pem_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs12.h>
-#include <openssl/pem.h>
-
-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
-				int nid, const EVP_CIPHER *enc,
-				char *kstr, int klen,
-				pem_password_cb *cb, void *u);
-static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
-				int nid, const EVP_CIPHER *enc,
-				char *kstr, int klen,
-				pem_password_cb *cb, void *u);
-
-/* These functions write a private key in PKCS#8 format: it is a "drop in"
- * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
- * is NULL then it uses the unencrypted private key form. The 'nid' versions
- * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
- */
-
-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
-}
-
-int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
-}
-
-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
-}
-
-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
-}
-
-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	X509_SIG *p8;
-	PKCS8_PRIV_KEY_INFO *p8inf;
-	char buf[PEM_BUFSIZE];
-	int ret;
-	if(!(p8inf = EVP_PKEY2PKCS8(x))) {
-		PEMerr(PEM_F_DO_PK8PKEY,
-					PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
-		return 0;
-	}
-	if(enc || (nid != -1)) {
-		if(!kstr) {
-			if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
-			else klen = cb(buf, PEM_BUFSIZE, 1, u);
-			if(klen <= 0) {
-				PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY);
-				PKCS8_PRIV_KEY_INFO_free(p8inf);
-				return 0;
-			}
-				
-			kstr = buf;
-		}
-		p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
-		if(kstr == buf) OPENSSL_cleanse(buf, klen);
-		PKCS8_PRIV_KEY_INFO_free(p8inf);
-		if(isder) ret = i2d_PKCS8_bio(bp, p8);
-		else ret = PEM_write_bio_PKCS8(bp, p8);
-		X509_SIG_free(p8);
-		return ret;
-	} else {
-		if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
-		else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
-		PKCS8_PRIV_KEY_INFO_free(p8inf);
-		return ret;
-	}
-}
-
-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-{
-	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
-	X509_SIG *p8 = NULL;
-	int klen;
-	EVP_PKEY *ret;
-	char psbuf[PEM_BUFSIZE];
-	p8 = d2i_PKCS8_bio(bp, NULL);
-	if(!p8) return NULL;
-	if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
-	else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
-	if (klen <= 0) {
-		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
-		X509_SIG_free(p8);
-		return NULL;	
-	}
-	p8inf = PKCS8_decrypt(p8, psbuf, klen);
-	X509_SIG_free(p8);
-	if(!p8inf) return NULL;
-	ret = EVP_PKCS82PKEY(p8inf);
-	PKCS8_PRIV_KEY_INFO_free(p8inf);
-	if(!ret) return NULL;
-	if(x) {
-		if(*x) EVP_PKEY_free(*x);
-		*x = ret;
-	}
-	return ret;
-}
-
-#ifndef OPENSSL_NO_FP_API
-
-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
-}
-
-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
-}
-
-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
-}
-
-int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-			      char *kstr, int klen, pem_password_cb *cb, void *u)
-{
-	return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
-}
-
-static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
-{
-	BIO *bp;
-	int ret;
-	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-		PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB);
-                return(0);
-	}
-	ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
-	BIO_free(bp);
-	return ret;
-}
-
-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-{
-	BIO *bp;
-	EVP_PKEY *ret;
-	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
-                return NULL;
-	}
-	ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
-	BIO_free(bp);
-	return ret;
-}
-
-#endif
-
-IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
-IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
-							 PKCS8_PRIV_KEY_INFO)
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
deleted file mode 100644
index 8ecf24903b..0000000000
--- a/crypto/pem/pem_pkey.c
+++ /dev/null
@@ -1,242 +0,0 @@
-/* crypto/pem/pem_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs12.h>
-#include <openssl/pem.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include "asn1_locl.h"
-
-int pem_check_suffix(const char *pem_str, const char *suffix);
-
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-	{
-	char *nm=NULL;
-	const unsigned char *p=NULL;
-	unsigned char *data=NULL;
-	long len;
-	int slen;
-	EVP_PKEY *ret=NULL;
-
-	if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
-		return NULL;
-	p = data;
-
-	if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
-		PKCS8_PRIV_KEY_INFO *p8inf;
-		p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
-		if(!p8inf) goto p8err;
-		ret = EVP_PKCS82PKEY(p8inf);
-		if(x) {
-			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
-			*x = ret;
-		}
-		PKCS8_PRIV_KEY_INFO_free(p8inf);
-	} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
-		PKCS8_PRIV_KEY_INFO *p8inf;
-		X509_SIG *p8;
-		int klen;
-		char psbuf[PEM_BUFSIZE];
-		p8 = d2i_X509_SIG(NULL, &p, len);
-		if(!p8) goto p8err;
-		if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
-		else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
-		if (klen <= 0) {
-			PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
-					PEM_R_BAD_PASSWORD_READ);
-			X509_SIG_free(p8);
-			goto err;
-		}
-		p8inf = PKCS8_decrypt(p8, psbuf, klen);
-		X509_SIG_free(p8);
-		if(!p8inf) goto p8err;
-		ret = EVP_PKCS82PKEY(p8inf);
-		if(x) {
-			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
-			*x = ret;
-		}
-		PKCS8_PRIV_KEY_INFO_free(p8inf);
-	} else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0)
-		{
-		const EVP_PKEY_ASN1_METHOD *ameth;
-		ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
-		if (!ameth || !ameth->old_priv_decode)
-			goto p8err;
-		ret=d2i_PrivateKey(ameth->pkey_id,x,&p,len);
-		}
-p8err:
-	if (ret == NULL)
-		PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
-err:
-	OPENSSL_free(nm);
-	OPENSSL_cleanse(data, len);
-	OPENSSL_free(data);
-	return(ret);
-	}
-
-int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-	{
-	char pem_str[80];
-	if (!x->ameth || x->ameth->priv_encode)
-		return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
-							(char *)kstr, klen,
-							cb, u);
-
-	BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
-	return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
-				pem_str,bp,x,enc,kstr,klen,cb,u);
-	}
-
-EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
-	{
-	char *nm=NULL;
-	const unsigned char *p=NULL;
-	unsigned char *data=NULL;
-	long len;
-	int slen;
-	EVP_PKEY *ret=NULL;
-
-	if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
-								bp, 0, NULL))
-		return NULL;
-	p = data;
-
-	if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0)
-		{
-		ret = EVP_PKEY_new();
-		if (!ret)
-			goto err;
-		if (!EVP_PKEY_set_type_str(ret, nm, slen)
-			|| !ret->ameth->param_decode
-			|| !ret->ameth->param_decode(ret, &p, len))
-			{
-			EVP_PKEY_free(ret);
-			ret = NULL;
-			goto err;
-			}
-		if(x)
-			{
-			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
-			*x = ret;
-			}
-		}
-err:
-	if (ret == NULL)
-		PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS,ERR_R_ASN1_LIB);
-	OPENSSL_free(nm);
-	OPENSSL_free(data);
-	return(ret);
-	}
-
-int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
-	{
-	char pem_str[80];
-	if (!x->ameth || !x->ameth->param_encode)
-		return 0;
-
-	BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
-	return PEM_ASN1_write_bio(
-		(i2d_of_void *)x->ameth->param_encode,
-				pem_str,bp,x,NULL,NULL,0,0,NULL);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-	{
-        BIO *b;
-        EVP_PKEY *ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_read_bio_PrivateKey(b,x,cb,u);
-        BIO_free(b);
-        return(ret);
-	}
-
-int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-	{
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new_fp(fp, BIO_NOCLOSE)) == NULL)
-		{
-		PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY,ERR_R_BUF_LIB);
-                return 0;
-		}
-        ret=PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
-        BIO_free(b);
-        return ret;
-	}
-
-#endif
diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c
deleted file mode 100644
index b6b4e13498..0000000000
--- a/crypto/pem/pem_seal.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/* crypto/pem/pem_seal.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_RSA */
-#ifndef OPENSSL_NO_RSA
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/rsa.h>
-
-int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
-	     unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
-	     int npubk)
-	{
-	unsigned char key[EVP_MAX_KEY_LENGTH];
-	int ret= -1;
-	int i,j,max=0;
-	char *s=NULL;
-
-	for (i=0; i<npubk; i++)
-		{
-		if (pubk[i]->type != EVP_PKEY_RSA)
-			{
-			PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);
-			goto err;
-			}
-		j=RSA_size(pubk[i]->pkey.rsa);
-		if (j > max) max=j;
-		}
-	s=(char *)OPENSSL_malloc(max*2);
-	if (s == NULL)
-		{
-		PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	EVP_EncodeInit(&ctx->encode);
-
-	EVP_MD_CTX_init(&ctx->md);
-	if (!EVP_SignInit(&ctx->md,md_type))
-		goto err;
-
-	EVP_CIPHER_CTX_init(&ctx->cipher);
-	ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
-	if (ret <= 0) goto err;
-
-	/* base64 encode the keys */
-	for (i=0; i<npubk; i++)
-		{
-		j=EVP_EncodeBlock((unsigned char *)s,ek[i],
-			RSA_size(pubk[i]->pkey.rsa));
-		ekl[i]=j;
-		memcpy(ek[i],s,j+1);
-		}
-
-	ret=npubk;
-err:
-	if (s != NULL) OPENSSL_free(s);
-	OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
-	return(ret);
-	}
-
-void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
-	     unsigned char *in, int inl)
-	{
-	unsigned char buffer[1600];
-	int i,j;
-
-	*outl=0;
-	EVP_SignUpdate(&ctx->md,in,inl);
-	for (;;)
-		{
-		if (inl <= 0) break;
-		if (inl > 1200)
-			i=1200;
-		else
-			i=inl;
-		EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);
-		EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);
-		*outl+=j;
-		out+=j;
-		in+=i;
-		inl-=i;
-		}
-	}
-
-int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
-	     unsigned char *out, int *outl, EVP_PKEY *priv)
-	{
-	unsigned char *s=NULL;
-	int ret=0,j;
-	unsigned int i;
-
-	if (priv->type != EVP_PKEY_RSA)
-		{
-		PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);
-		goto err;
-		}
-	i=RSA_size(priv->pkey.rsa);
-	if (i < 100) i=100;
-	s=(unsigned char *)OPENSSL_malloc(i*2);
-	if (s == NULL)
-		{
-		PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i))
-		goto err;
-	EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
-	*outl=j;
-	out+=j;
-	EVP_EncodeFinal(&ctx->encode,out,&j);
-	*outl+=j;
-
-	if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err;
-	*sigl=EVP_EncodeBlock(sig,s,i);
-
-	ret=1;
-err:
-	EVP_MD_CTX_cleanup(&ctx->md);
-	EVP_CIPHER_CTX_cleanup(&ctx->cipher);
-	if (s != NULL) OPENSSL_free(s);
-	return(ret);
-	}
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c
deleted file mode 100644
index c3b9808cb2..0000000000
--- a/crypto/pem/pem_sign.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* crypto/pem/pem_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
-	{
-	EVP_DigestInit_ex(ctx, type, NULL);
-	}
-
-void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
-	     unsigned int count)
-	{
-	EVP_DigestUpdate(ctx,data,count);
-	}
-
-int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
-	     EVP_PKEY *pkey)
-	{
-	unsigned char *m;
-	int i,ret=0;
-	unsigned int m_len;
-
-	m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2);
-	if (m == NULL)
-		{
-		PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err;
-
-	i=EVP_EncodeBlock(sigret,m,m_len);
-	*siglen=i;
-	ret=1;
-err:
-	/* ctx has been zeroed by EVP_SignFinal() */
-	if (m != NULL) OPENSSL_free(m);
-	return(ret);
-	}
-
diff --git a/crypto/pem/pem_x509.c b/crypto/pem/pem_x509.c
deleted file mode 100644
index b531057dc9..0000000000
--- a/crypto/pem/pem_x509.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* pem_x509.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-
-IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
-
diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c
deleted file mode 100644
index 328f796200..0000000000
--- a/crypto/pem/pem_xaux.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* pem_xaux.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-
-IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
-IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR)
diff --git a/crypto/pem/pkcs7.lis b/crypto/pem/pkcs7.lis
deleted file mode 100644
index be90c5d87f..0000000000
--- a/crypto/pem/pkcs7.lis
+++ /dev/null
@@ -1,22 +0,0 @@
-21     0:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
- 00     2:d=0 hl=2 l=  9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-signedData
- 21    13:d=0 hl=2 l=  0 cons: cont: 00			# explicit tag
-  21    15:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
-   00    17:d=0 hl=2 l=  1 prim: univ: INTEGER          # version 
-   20    20:d=0 hl=2 l=  0 cons: univ: SET               
-   21    22:d=0 hl=2 l=  0 cons: univ: SEQUENCE          
-    00    24:d=0 hl=2 l=  9 prim: univ: OBJECT_IDENTIFIER :pkcs-7-data
-    00    35:d=0 hl=2 l=  0 prim: univ: EOC               
-   21    37:d=0 hl=2 l=  0 cons: cont: 00               # cert tag
-    20    39:d=0 hl=4 l=545 cons: univ: SEQUENCE          
-    20   588:d=0 hl=4 l=524 cons: univ: SEQUENCE          
-    00  1116:d=0 hl=2 l=  0 prim: univ: EOC               
-   21  1118:d=0 hl=2 l=  0 cons: cont: 01		# crl tag
-    20  1120:d=0 hl=4 l=653 cons: univ: SEQUENCE          
-    20  1777:d=0 hl=4 l=285 cons: univ: SEQUENCE          
-    00  2066:d=0 hl=2 l=  0 prim: univ: EOC               
-   21  2068:d=0 hl=2 l=  0 cons: univ: SET              # signers 
-    00  2070:d=0 hl=2 l=  0 prim: univ: EOC               
-  00  2072:d=0 hl=2 l=  0 prim: univ: EOC               
- 00  2074:d=0 hl=2 l=  0 prim: univ: EOC               
-00  2076:d=0 hl=2 l=  0 prim: univ: EOC               
diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c
deleted file mode 100644
index ae89f8281a..0000000000
--- a/crypto/pem/pvkfmt.c
+++ /dev/null
@@ -1,955 +0,0 @@
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Support for PVK format keys and related structures (such a PUBLICKEYBLOB
- * and PRIVATEKEYBLOB).
- */
-
-#include "cryptlib.h"
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
-
-/* Utility function: read a DWORD (4 byte unsigned integer) in little endian
- * format
- */
-
-static unsigned int read_ledword(const unsigned char **in)
-	{
-	const unsigned char *p = *in;
-	unsigned int ret;
-	ret = *p++;
-	ret |= (*p++ << 8);
-	ret |= (*p++ << 16);
-	ret |= (*p++ << 24);
-	*in = p;
-	return ret;
-	}
-
-/* Read a BIGNUM in little endian format. The docs say that this should take up 
- * bitlen/8 bytes.
- */
-
-static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
-	{
-	const unsigned char *p;
-	unsigned char *tmpbuf, *q;
-	unsigned int i;
-	p = *in + nbyte - 1;
-	tmpbuf = OPENSSL_malloc(nbyte);
-	if (!tmpbuf)
-		return 0;
-	q = tmpbuf;
-	for (i = 0; i < nbyte; i++)
-		*q++ = *p--;
-	*r = BN_bin2bn(tmpbuf, nbyte, NULL);
-	OPENSSL_free(tmpbuf);
-	if (*r)
-		{
-		*in += nbyte;
-		return 1;
-		}
-	else
-		return 0;
-	}
-
-
-/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
-
-#define MS_PUBLICKEYBLOB	0x6
-#define MS_PRIVATEKEYBLOB	0x7
-#define MS_RSA1MAGIC		0x31415352L
-#define MS_RSA2MAGIC		0x32415352L
-#define MS_DSS1MAGIC		0x31535344L
-#define MS_DSS2MAGIC		0x32535344L
-
-#define MS_KEYALG_RSA_KEYX	0xa400
-#define MS_KEYALG_DSS_SIGN	0x2200
-
-#define MS_KEYTYPE_KEYX		0x1
-#define MS_KEYTYPE_SIGN		0x2
-
-/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
-#define MS_PVKMAGIC		0xb0b5f11eL
-/* Salt length for PVK files */
-#define PVK_SALTLEN		0x10
-
-static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
-						unsigned int bitlen, int ispub);
-static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
-						unsigned int bitlen, int ispub);
-
-static int do_blob_header(const unsigned char **in, unsigned int length,
-				unsigned int *pmagic, unsigned int *pbitlen,
-				int *pisdss, int *pispub)
-	{
-	const unsigned char *p = *in;
-	if (length < 16)
-		return 0;
-	/* bType */
-	if (*p == MS_PUBLICKEYBLOB)
-		{
-		if (*pispub == 0)
-			{
-			PEMerr(PEM_F_DO_BLOB_HEADER,
-					PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
-			return 0;
-			}
-		*pispub = 1;
-		}
-	else if (*p == MS_PRIVATEKEYBLOB)
-		{
-		if (*pispub == 1)
-			{
-			PEMerr(PEM_F_DO_BLOB_HEADER,
-					PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
-			return 0;
-			}
-		*pispub = 0;
-		}
-	else
-		return 0;
-	p++;
-	/* Version */
-	if (*p++ != 0x2)
-		{
-		PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
-		return 0;
-		}
-	/* Ignore reserved, aiKeyAlg */
-	p+= 6;
-	*pmagic = read_ledword(&p);
-	*pbitlen = read_ledword(&p);
-	*pisdss = 0;
-	switch (*pmagic)
-		{
-
-		case MS_DSS1MAGIC:
-		*pisdss = 1;
-		case MS_RSA1MAGIC:
-		if (*pispub == 0)
-			{
-			PEMerr(PEM_F_DO_BLOB_HEADER,
-					PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
-			return 0;
-			}
-		break;
-
-		case MS_DSS2MAGIC:
-		*pisdss = 1;
-		case MS_RSA2MAGIC:
-		if (*pispub == 1)
-			{
-			PEMerr(PEM_F_DO_BLOB_HEADER,
-					PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
-			return 0;
-			}
-		break;
-
-		default:
-		PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
-		return -1;
-		}
-	*in = p;
-	return 1;
-	}
-
-static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
-	{
-	unsigned int nbyte, hnbyte;
-	nbyte = (bitlen + 7) >> 3;
-	hnbyte = (bitlen + 15) >> 4;
-	if (isdss)
-		{
-
-		/* Expected length: 20 for q + 3 components bitlen each + 24
-		 * for seed structure.
-		 */
-		if (ispub)
-			return  44 + 3 * nbyte;
-		/* Expected length: 20 for q, priv, 2 bitlen components + 24
-		 * for seed structure.
-		 */
-		else
-			return 64 + 2 * nbyte;
-		}
-	else
-		{
-		/* Expected length: 4 for 'e' + 'n' */
-		if (ispub)
-			return 4 + nbyte;
-		else
-		/* Expected length: 4 for 'e' and 7 other components.
-		 * 2 components are bitlen size, 5 are bitlen/2
-		 */
-			return 4 + 2*nbyte + 5*hnbyte;
-		}
-
-	}
-
-static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
-								int ispub)
-	{
-	const unsigned char *p = *in;
-	unsigned int bitlen, magic;
-	int isdss;
-	if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0)
-		{
-		PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
-		return NULL;
-		}
-	length -= 16;
-	if (length < blob_length(bitlen, isdss, ispub))
-		{
-		PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
-		return NULL;
-		}
-	if (isdss)
-		return b2i_dss(&p, length, bitlen, ispub);
-	else
-		return b2i_rsa(&p, length, bitlen, ispub);
-	}
-
-static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
-	{
-	const unsigned char *p;
-	unsigned char hdr_buf[16], *buf = NULL;
-	unsigned int bitlen, magic, length;
-	int isdss;
-	EVP_PKEY *ret = NULL;
-	if (BIO_read(in, hdr_buf, 16) != 16)
-		{
-		PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
-		return NULL;
-		}
-	p = hdr_buf;
-	if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
-		return NULL;
-
-	length = blob_length(bitlen, isdss, ispub);
-	buf = OPENSSL_malloc(length);
-	if (!buf)
-		{
-		PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	p = buf;
-	if (BIO_read(in, buf, length) != (int)length)
-		{
-		PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
-		goto err;
-		}
-
-	if (isdss)
-		ret = b2i_dss(&p, length, bitlen, ispub);
-	else
-		ret = b2i_rsa(&p, length, bitlen, ispub);
-
-	err:
-	if (buf)
-		OPENSSL_free(buf);
-	return ret;
-	}
-
-static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length,
-						unsigned int bitlen, int ispub)
-	{
-	const unsigned char *p = *in;
-	EVP_PKEY *ret = NULL;
-	DSA *dsa = NULL;
-	BN_CTX *ctx = NULL;
-	unsigned int nbyte;
-	nbyte = (bitlen + 7) >> 3;
-
-	dsa = DSA_new();
-	ret = EVP_PKEY_new();
-	if (!dsa || !ret)
-		goto memerr;
-	if (!read_lebn(&p, nbyte, &dsa->p))
-		goto memerr;
-	if (!read_lebn(&p, 20, &dsa->q))
-		goto memerr;
-	if (!read_lebn(&p, nbyte, &dsa->g))
-		goto memerr;
-	if (ispub)
-		{
-		if (!read_lebn(&p, nbyte, &dsa->pub_key))
-			goto memerr;
-		}
-	else
-		{
-		if (!read_lebn(&p, 20, &dsa->priv_key))
-			goto memerr;
-		/* Calculate public key */
-		if (!(dsa->pub_key = BN_new()))
-			goto memerr;
-		if (!(ctx = BN_CTX_new()))
-			goto memerr;
-			
-		if (!BN_mod_exp(dsa->pub_key, dsa->g,
-						 dsa->priv_key, dsa->p, ctx))
-			
-			goto memerr;
-		BN_CTX_free(ctx);
-		}
-
-	EVP_PKEY_set1_DSA(ret, dsa);
-	DSA_free(dsa);
-	*in = p;
-	return ret;
-
-	memerr:
-	PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
-	if (dsa)
-		DSA_free(dsa);
-	if (ret)
-		EVP_PKEY_free(ret);
-	if (ctx)
-		BN_CTX_free(ctx);
-	return NULL;
-	}
-
-static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
-						unsigned int bitlen, int ispub)
-		
-	{
-	const unsigned char *p = *in;
-	EVP_PKEY *ret = NULL;
-	RSA *rsa = NULL;
-	unsigned int nbyte, hnbyte;
-	nbyte = (bitlen + 7) >> 3;
-	hnbyte = (bitlen + 15) >> 4;
-	rsa = RSA_new();
-	ret = EVP_PKEY_new();
-	if (!rsa || !ret)
-		goto memerr;
-	rsa->e = BN_new();
-	if (!rsa->e)
-		goto memerr;
-	if (!BN_set_word(rsa->e, read_ledword(&p)))
-		goto memerr;
-	if (!read_lebn(&p, nbyte, &rsa->n))
-		goto memerr;
-	if (!ispub)
-		{
-		if (!read_lebn(&p, hnbyte, &rsa->p))
-			goto memerr;
-		if (!read_lebn(&p, hnbyte, &rsa->q))
-			goto memerr;
-		if (!read_lebn(&p, hnbyte, &rsa->dmp1))
-			goto memerr;
-		if (!read_lebn(&p, hnbyte, &rsa->dmq1))
-			goto memerr;
-		if (!read_lebn(&p, hnbyte, &rsa->iqmp))
-			goto memerr;
-		if (!read_lebn(&p, nbyte, &rsa->d))
-			goto memerr;
-		}
-
-	EVP_PKEY_set1_RSA(ret, rsa);
-	RSA_free(rsa);
-	*in = p;
-	return ret;
-	memerr:
-	PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
-	if (rsa)
-		RSA_free(rsa);
-	if (ret)
-		EVP_PKEY_free(ret);
-	return NULL;
-	}
-
-EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length)
-	{
-	return do_b2i(in, length, 0);
-	}
-
-EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length)
-	{
-	return do_b2i(in, length, 1);
-	}
-
-
-EVP_PKEY *b2i_PrivateKey_bio(BIO *in)
-	{
-	return do_b2i_bio(in, 0);
-	}
-
-EVP_PKEY *b2i_PublicKey_bio(BIO *in)
-	{
-	return do_b2i_bio(in, 1);
-	}
-
-static void write_ledword(unsigned char **out, unsigned int dw)
-	{
-	unsigned char *p = *out;
-	*p++ = dw & 0xff;
-	*p++ = (dw>>8) & 0xff;
-	*p++ = (dw>>16) & 0xff;
-	*p++ = (dw>>24) & 0xff;
-	*out = p;
-	}
-
-static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
-	{
-	int nb, i;
-	unsigned char *p = *out, *q, c;
-	nb = BN_num_bytes(bn);
-	BN_bn2bin(bn, p);
-	q = p + nb - 1;
-	/* In place byte order reversal */
-	for (i = 0; i < nb/2; i++)
-		{
-		c = *p;
-		*p++ = *q;
-		*q-- = c;
-		}
-	*out += nb;
-	/* Pad with zeroes if we have to */
-	if (len > 0)
-		{
-		len -= nb;
-		if (len > 0)
-			{
-			memset(*out, 0, len);
-			*out += len;
-			}
-		}
-	}
-
-
-static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
-static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
-
-static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
-static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
-	
-static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
-	{
-	unsigned char *p;
-	unsigned int bitlen, magic = 0, keyalg;
-	int outlen, noinc = 0;
-	if (pk->type == EVP_PKEY_DSA)
-		{
-		bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic);
-		keyalg = MS_KEYALG_DSS_SIGN;
-		}
-	else if (pk->type == EVP_PKEY_RSA)
-		{
-		bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic);
-		keyalg = MS_KEYALG_RSA_KEYX;
-		}
-	else
-		return -1;
-	if (bitlen == 0)
-		return -1;
-	outlen = 16 + blob_length(bitlen,
-			keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
-	if (out == NULL)
-		return outlen;
-	if (*out)
-		p = *out;
-	else
-		{
-		p = OPENSSL_malloc(outlen);
-		if (!p)
-			return -1;
-		*out = p;
-		noinc = 1;
-		}
-	if (ispub)
-		*p++ = MS_PUBLICKEYBLOB;
-	else
-		*p++ = MS_PRIVATEKEYBLOB;
-	*p++ = 0x2;
-	*p++ = 0;
-	*p++ = 0;
-	write_ledword(&p, keyalg);
-	write_ledword(&p, magic);
-	write_ledword(&p, bitlen);
-	if (keyalg == MS_KEYALG_DSS_SIGN)
-		write_dsa(&p, pk->pkey.dsa, ispub);
-	else
-		write_rsa(&p, pk->pkey.rsa, ispub);
-	if (!noinc)
-		*out += outlen;
-	return outlen;
-	}
-
-static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
-	{
-	unsigned char *tmp = NULL;
-	int outlen, wrlen;
-	outlen = do_i2b(&tmp, pk, ispub);
-	if (outlen < 0)
-		return -1;
-	wrlen = BIO_write(out, tmp, outlen);
-	OPENSSL_free(tmp);
-	if (wrlen == outlen)
-		return outlen;
-	return -1;
-	}
-
-static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
-	{
-	int bitlen;
-	bitlen = BN_num_bits(dsa->p);
-	if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160)
-		|| (BN_num_bits(dsa->g) > bitlen))
-		goto badkey;
-	if (ispub)
-		{
-		if (BN_num_bits(dsa->pub_key) > bitlen)
-			goto badkey;
-		*pmagic = MS_DSS1MAGIC;
-		}
-	else
-		{
-		if (BN_num_bits(dsa->priv_key) > 160)
-			goto badkey;
-		*pmagic = MS_DSS2MAGIC;
-		}
-	
-	return bitlen;
-	badkey:
-	PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
-	return 0;
-	}
-
-static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
-	{
-	int nbyte, hnbyte, bitlen;
-	if (BN_num_bits(rsa->e) > 32)
-		goto badkey;
-	bitlen = BN_num_bits(rsa->n);
-	nbyte = BN_num_bytes(rsa->n);
-	hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
-	if (ispub)
-		{
-		*pmagic = MS_RSA1MAGIC;
-		return bitlen;
-		}
-	else
-	{
-		*pmagic = MS_RSA2MAGIC;
-		/* For private key each component must fit within nbyte or
-		 * hnbyte.
-		 */
-		if (BN_num_bytes(rsa->d) > nbyte)
-			goto badkey;
-		if ((BN_num_bytes(rsa->iqmp) > hnbyte)
-			|| (BN_num_bytes(rsa->p) > hnbyte)
-			|| (BN_num_bytes(rsa->q) > hnbyte)
-			|| (BN_num_bytes(rsa->dmp1) > hnbyte)
-			|| (BN_num_bytes(rsa->dmq1) > hnbyte))
-			goto badkey;
-	}
-	return bitlen;
-	badkey:
-	PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
-	return 0;
-	}
-
-
-static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
-	{
-	int nbyte, hnbyte;
-	nbyte = BN_num_bytes(rsa->n);
-	hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
-	write_lebn(out, rsa->e, 4);
-	write_lebn(out, rsa->n, -1);
-	if (ispub)
-		return;
-	write_lebn(out, rsa->p, hnbyte);
-	write_lebn(out, rsa->q, hnbyte);
-	write_lebn(out, rsa->dmp1, hnbyte);
-	write_lebn(out, rsa->dmq1, hnbyte);
-	write_lebn(out, rsa->iqmp, hnbyte);
-	write_lebn(out, rsa->d, nbyte);
-	}
-
-	
-static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
-	{
-	int nbyte;
-	nbyte = BN_num_bytes(dsa->p);
-	write_lebn(out, dsa->p, nbyte);
-	write_lebn(out, dsa->q, 20);
-	write_lebn(out, dsa->g, nbyte);
-	if (ispub)
-		write_lebn(out, dsa->pub_key, nbyte);
-	else
-		write_lebn(out, dsa->priv_key, 20);
-	/* Set "invalid" for seed structure values */
-	memset(*out, 0xff, 24);
-	*out += 24;
-	return;
-	}
-	
-
-int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
-	{
-	return do_i2b_bio(out, pk, 0);
-	}
-
-int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
-	{
-	return do_i2b_bio(out, pk, 1);
-	}
-
-#ifndef OPENSSL_NO_RC4
-
-static int do_PVK_header(const unsigned char **in, unsigned int length,
-		int skip_magic,
-	       	unsigned int *psaltlen, unsigned int *pkeylen)
-		
-	{
-	const unsigned char *p = *in;
-	unsigned int pvk_magic, is_encrypted;
-	if (skip_magic)
-		{
-		if (length < 20)
-			{
-			PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
-			return 0;
-			}
-		length -= 20;
-		}
-	else
-		{
-		if (length < 24)
-			{
-			PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
-			return 0;
-			}
-		length -= 24;
-		pvk_magic = read_ledword(&p);
-		if (pvk_magic != MS_PVKMAGIC)
-			{
-			PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
-			return 0;
-			}
-		}
-	/* Skip reserved */
-	p += 4;
-	/*keytype = */read_ledword(&p);
-	is_encrypted = read_ledword(&p);
-	*psaltlen = read_ledword(&p);
-	*pkeylen = read_ledword(&p);
-
-	if (is_encrypted && !*psaltlen)
-		{
-		PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
-		return 0;
-		}
-
-	*in = p;
-	return 1;
-	}
-
-static int derive_pvk_key(unsigned char *key, 
-			const unsigned char *salt, unsigned int saltlen,
-			const unsigned char *pass, int passlen)
-	{
-	EVP_MD_CTX mctx;
-	int rv = 1;
-	EVP_MD_CTX_init(&mctx);
-	if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)
-		|| !EVP_DigestUpdate(&mctx, salt, saltlen)
-		|| !EVP_DigestUpdate(&mctx, pass, passlen)
-		|| !EVP_DigestFinal_ex(&mctx, key, NULL))
-			rv = 0;
-
-	EVP_MD_CTX_cleanup(&mctx);
-	return rv;
-	}
-	
-
-static EVP_PKEY *do_PVK_body(const unsigned char **in,
-		unsigned int saltlen, unsigned int keylen,
-		pem_password_cb *cb, void *u)
-	{
-	EVP_PKEY *ret = NULL;
-	const unsigned char *p = *in;
-	unsigned int magic;
-	unsigned char *enctmp = NULL, *q;
-	EVP_CIPHER_CTX cctx;
-	EVP_CIPHER_CTX_init(&cctx);
-	if (saltlen)
-		{
-		char psbuf[PEM_BUFSIZE];
-		unsigned char keybuf[20];
-		int enctmplen, inlen;
-		if (cb)
-			inlen=cb(psbuf,PEM_BUFSIZE,0,u);
-		else
-			inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
-		if (inlen <= 0)
-			{
-			PEMerr(PEM_F_DO_PVK_BODY,PEM_R_BAD_PASSWORD_READ);
-			return NULL;
-			}
-		enctmp = OPENSSL_malloc(keylen + 8);
-		if (!enctmp)
-			{
-			PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
-			return NULL;
-			}
-		if (!derive_pvk_key(keybuf, p, saltlen,
-			    (unsigned char *)psbuf, inlen))
-			return NULL;
-		p += saltlen;
-		/* Copy BLOBHEADER across, decrypt rest */
-		memcpy(enctmp, p, 8);
-		p += 8;
-		if (keylen < 8)
-			{
-			PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
-			return NULL;
-			}
-		inlen = keylen - 8;
-		q = enctmp + 8;
-		if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
-			goto err;
-		if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
-			goto err;
-		if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
-			goto err;
-		magic = read_ledword((const unsigned char **)&q);
-		if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
-			{
-			q = enctmp + 8;
-			memset(keybuf + 5, 0, 11);
-			if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
-								NULL))
-				goto err;
-			OPENSSL_cleanse(keybuf, 20);
-			if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
-				goto err;
-			if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen,
-								&enctmplen))
-				goto err;
-			magic = read_ledword((const unsigned char **)&q);
-			if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
-				{
-				PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
-				goto err;
-				}
-			}
-		else
-			OPENSSL_cleanse(keybuf, 20);
-		p = enctmp;
-		}
-
-	ret = b2i_PrivateKey(&p, keylen);
-	err:
-	EVP_CIPHER_CTX_cleanup(&cctx);
-	if (enctmp && saltlen)
-		OPENSSL_free(enctmp);
-	return ret;
-	}
-
-
-EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
-	{
-	unsigned char pvk_hdr[24], *buf = NULL;
-	const unsigned char *p;
-	int buflen;
-	EVP_PKEY *ret = NULL;
-	unsigned int saltlen, keylen;
-	if (BIO_read(in, pvk_hdr, 24) != 24)
-		{
-		PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
-		return NULL;
-		}
-	p = pvk_hdr;
-
-	if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
-		return 0;
-	buflen = (int) keylen + saltlen;
-	buf = OPENSSL_malloc(buflen);
-	if (!buf)
-		{
-		PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	p = buf;
-	if (BIO_read(in, buf, buflen) != buflen)
-		{
-		PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
-		goto err;
-		}
-	ret = do_PVK_body(&p, saltlen, keylen, cb, u);
-
-	err:
-	if (buf)
-		{
-		OPENSSL_cleanse(buf, buflen);
-		OPENSSL_free(buf);
-		}
-	return ret;
-	}
-
-	
-	
-static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
-		pem_password_cb *cb, void *u)
-	{
-	int outlen = 24, pklen;
-	unsigned char *p, *salt = NULL;
-	EVP_CIPHER_CTX cctx;
-	EVP_CIPHER_CTX_init(&cctx);
-	if (enclevel)
-		outlen += PVK_SALTLEN;
-	pklen = do_i2b(NULL, pk, 0);
-	if (pklen < 0)
-		return -1;
-	outlen += pklen;
-	if (!out)
-		return outlen;
-	if (*out)
-		p = *out;
-	else
-		{
-		p = OPENSSL_malloc(outlen);
-		if (!p)
-			{
-			PEMerr(PEM_F_I2B_PVK,ERR_R_MALLOC_FAILURE);
-			return -1;
-			}
-		*out = p;
-		}
-
-	write_ledword(&p, MS_PVKMAGIC);
-	write_ledword(&p, 0);
-	if (pk->type == EVP_PKEY_DSA)
-		write_ledword(&p, MS_KEYTYPE_SIGN);
-	else
-		write_ledword(&p, MS_KEYTYPE_KEYX);
-	write_ledword(&p, enclevel ? 1 : 0);
-	write_ledword(&p, enclevel ? PVK_SALTLEN: 0);
-	write_ledword(&p, pklen);
-	if (enclevel)
-		{
-		if (RAND_bytes(p, PVK_SALTLEN) <= 0)
-			goto error;
-		salt = p;
-		p += PVK_SALTLEN;
-		}
-	do_i2b(&p, pk, 0);
-	if (enclevel == 0)
-		return outlen;
-	else
-		{
-		char psbuf[PEM_BUFSIZE];
-		unsigned char keybuf[20];
-		int enctmplen, inlen;
-		if (cb)
-			inlen=cb(psbuf,PEM_BUFSIZE,1,u);
-		else
-			inlen=PEM_def_callback(psbuf,PEM_BUFSIZE,1,u);
-		if (inlen <= 0)
-			{
-			PEMerr(PEM_F_I2B_PVK,PEM_R_BAD_PASSWORD_READ);
-			goto error;
-			}
-		if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
-			    (unsigned char *)psbuf, inlen))
-			goto error;
-		if (enclevel == 1)
-			memset(keybuf + 5, 0, 11);
-		p = salt + PVK_SALTLEN + 8;
-		if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
-			goto error;
-		OPENSSL_cleanse(keybuf, 20);
-		if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
-			goto error;
-		if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
-			goto error;
-		}
-	EVP_CIPHER_CTX_cleanup(&cctx);
-	return outlen;
-
-	error:
-	EVP_CIPHER_CTX_cleanup(&cctx);
-	return -1;
-	}
-
-int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
-		pem_password_cb *cb, void *u)
-	{
-	unsigned char *tmp = NULL;
-	int outlen, wrlen;
-	outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
-	if (outlen < 0)
-		return -1;
-	wrlen = BIO_write(out, tmp, outlen);
-	OPENSSL_free(tmp);
-	if (wrlen == outlen)
-		{
-		PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
-		return outlen;
-		}
-	return -1;
-	}
-
-#endif
-
-#endif
diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl
deleted file mode 100644
index 24561e759a..0000000000
--- a/crypto/perlasm/cbc.pl
+++ /dev/null
@@ -1,349 +0,0 @@
-#!/usr/local/bin/perl
-
-# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
-# des_cblock (*input);
-# des_cblock (*output);
-# long length;
-# des_key_schedule schedule;
-# des_cblock (*ivec);
-# int enc;
-#
-# calls 
-# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
-#
-
-#&cbc("des_ncbc_encrypt","des_encrypt",0);
-#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",
-#	1,4,5,3,5,-1);
-#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",
-#	0,4,5,3,5,-1);
-#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",
-#	0,6,7,3,4,5);
-#
-# When doing a cipher that needs bigendian order,
-# for encrypt, the iv is kept in bigendian form,
-# while for decrypt, it is kept in little endian.
-sub cbc
-	{
-	local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_;
-	# name is the function name
-	# enc_func and dec_func and the functions to call for encrypt/decrypt
-	# swap is true if byte order needs to be reversed
-	# iv_off is parameter number for the iv 
-	# enc_off is parameter number for the encrypt/decrypt flag
-	# p1,p2,p3 are the offsets for parameters to be passed to the
-	# underlying calls.
-
-	&function_begin_B($name,"");
-	&comment("");
-
-	$in="esi";
-	$out="edi";
-	$count="ebp";
-
-	&push("ebp");
-	&push("ebx");
-	&push("esi");
-	&push("edi");
-
-	$data_off=4;
-	$data_off+=4 if ($p1 > 0);
-	$data_off+=4 if ($p2 > 0);
-	$data_off+=4 if ($p3 > 0);
-
-	&mov($count,	&wparam(2));	# length
-
-	&comment("getting iv ptr from parameter $iv_off");
-	&mov("ebx",	&wparam($iv_off));	# Get iv ptr
-
-	&mov($in,	&DWP(0,"ebx","",0));#	iv[0]
-	&mov($out,	&DWP(4,"ebx","",0));#	iv[1]
-
-	&push($out);
-	&push($in);
-	&push($out);	# used in decrypt for iv[1]
-	&push($in);	# used in decrypt for iv[0]
-
-	&mov("ebx",	"esp");		# This is the address of tin[2]
-
-	&mov($in,	&wparam(0));	# in
-	&mov($out,	&wparam(1));	# out
-
-	# We have loaded them all, how lets push things
-	&comment("getting encrypt flag from parameter $enc_off");
-	&mov("ecx",	&wparam($enc_off));	# Get enc flag
-	if ($p3 > 0)
-		{
-		&comment("get and push parameter $p3");
-		if ($enc_off != $p3)
-			{ &mov("eax",	&wparam($p3)); &push("eax"); }
-		else	{ &push("ecx"); }
-		}
-	if ($p2 > 0)
-		{
-		&comment("get and push parameter $p2");
-		if ($enc_off != $p2)
-			{ &mov("eax",	&wparam($p2)); &push("eax"); }
-		else	{ &push("ecx"); }
-		}
-	if ($p1 > 0)
-		{
-		&comment("get and push parameter $p1");
-		if ($enc_off != $p1)
-			{ &mov("eax",	&wparam($p1)); &push("eax"); }
-		else	{ &push("ecx"); }
-		}
-	&push("ebx");		# push data/iv
-
-	&cmp("ecx",0);
-	&jz(&label("decrypt"));
-
-	&and($count,0xfffffff8);
-	&mov("eax",	&DWP($data_off,"esp","",0));	# load iv[0]
-	&mov("ebx",	&DWP($data_off+4,"esp","",0));	# load iv[1]
-
-	&jz(&label("encrypt_finish"));
-
-	#############################################################
-
-	&set_label("encrypt_loop");
-	# encrypt start 
-	# "eax" and "ebx" hold iv (or the last cipher text)
-
-	&mov("ecx",	&DWP(0,$in,"",0));	# load first 4 bytes
-	&mov("edx",	&DWP(4,$in,"",0));	# second 4 bytes
-
-	&xor("eax",	"ecx");
-	&xor("ebx",	"edx");
-
-	&bswap("eax")	if $swap;
-	&bswap("ebx")	if $swap;
-
-	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
-	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
-
-	&call($enc_func);
-
-	&mov("eax",	&DWP($data_off,"esp","",0));
-	&mov("ebx",	&DWP($data_off+4,"esp","",0));
-
-	&bswap("eax")	if $swap;
-	&bswap("ebx")	if $swap;
-
-	&mov(&DWP(0,$out,"",0),"eax");
-	&mov(&DWP(4,$out,"",0),"ebx");
-
-	# eax and ebx are the next iv.
-
-	&add($in,	8);
-	&add($out,	8);
-
-	&sub($count,	8);
-	&jnz(&label("encrypt_loop"));
-
-###################################################################3
-	&set_label("encrypt_finish");
-	&mov($count,	&wparam(2));	# length
-	&and($count,	7);
-	&jz(&label("finish"));
-	&call(&label("PIC_point"));
-&set_label("PIC_point");
-	&blindpop("edx");
-	&lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
-	&mov($count,&DWP(0,"ecx",$count,4));
-	&add($count,"edx");
-	&xor("ecx","ecx");
-	&xor("edx","edx");
-	#&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4));
-	&jmp_ptr($count);
-
-&set_label("ej7");
-	&movb(&HB("edx"),	&BP(6,$in,"",0));
-	&shl("edx",8);
-&set_label("ej6");
-	&movb(&HB("edx"),	&BP(5,$in,"",0));
-&set_label("ej5");
-	&movb(&LB("edx"),	&BP(4,$in,"",0));
-&set_label("ej4");
-	&mov("ecx",		&DWP(0,$in,"",0));
-	&jmp(&label("ejend"));
-&set_label("ej3");
-	&movb(&HB("ecx"),	&BP(2,$in,"",0));
-	&shl("ecx",8);
-&set_label("ej2");
-	&movb(&HB("ecx"),	&BP(1,$in,"",0));
-&set_label("ej1");
-	&movb(&LB("ecx"),	&BP(0,$in,"",0));
-&set_label("ejend");
-
-	&xor("eax",	"ecx");
-	&xor("ebx",	"edx");
-
-	&bswap("eax")	if $swap;
-	&bswap("ebx")	if $swap;
-
-	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
-	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
-
-	&call($enc_func);
-
-	&mov("eax",	&DWP($data_off,"esp","",0));
-	&mov("ebx",	&DWP($data_off+4,"esp","",0));
-
-	&bswap("eax")	if $swap;
-	&bswap("ebx")	if $swap;
-
-	&mov(&DWP(0,$out,"",0),"eax");
-	&mov(&DWP(4,$out,"",0),"ebx");
-
-	&jmp(&label("finish"));
-
-	#############################################################
-	#############################################################
-	&set_label("decrypt",1);
-	# decrypt start 
-	&and($count,0xfffffff8);
-	# The next 2 instructions are only for if the jz is taken
-	&mov("eax",	&DWP($data_off+8,"esp","",0));	# get iv[0]
-	&mov("ebx",	&DWP($data_off+12,"esp","",0));	# get iv[1]
-	&jz(&label("decrypt_finish"));
-
-	&set_label("decrypt_loop");
-	&mov("eax",	&DWP(0,$in,"",0));	# load first 4 bytes
-	&mov("ebx",	&DWP(4,$in,"",0));	# second 4 bytes
-
-	&bswap("eax")	if $swap;
-	&bswap("ebx")	if $swap;
-
-	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
-	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
-
-	&call($dec_func);
-
-	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
-	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
-
-	&bswap("eax")	if $swap;
-	&bswap("ebx")	if $swap;
-
-	&mov("ecx",	&DWP($data_off+8,"esp","",0));	# get iv[0]
-	&mov("edx",	&DWP($data_off+12,"esp","",0));	# get iv[1]
-
-	&xor("ecx",	"eax");
-	&xor("edx",	"ebx");
-
-	&mov("eax",	&DWP(0,$in,"",0));	# get old cipher text,
-	&mov("ebx",	&DWP(4,$in,"",0));	# next iv actually
-
-	&mov(&DWP(0,$out,"",0),"ecx");
-	&mov(&DWP(4,$out,"",0),"edx");
-
-	&mov(&DWP($data_off+8,"esp","",0),	"eax");	# save iv
-	&mov(&DWP($data_off+12,"esp","",0),	"ebx");	#
-
-	&add($in,	8);
-	&add($out,	8);
-
-	&sub($count,	8);
-	&jnz(&label("decrypt_loop"));
-############################ ENDIT #######################3
-	&set_label("decrypt_finish");
-	&mov($count,	&wparam(2));	# length
-	&and($count,	7);
-	&jz(&label("finish"));
-
-	&mov("eax",	&DWP(0,$in,"",0));	# load first 4 bytes
-	&mov("ebx",	&DWP(4,$in,"",0));	# second 4 bytes
-
-	&bswap("eax")	if $swap;
-	&bswap("ebx")	if $swap;
-
-	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
-	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
-
-	&call($dec_func);
-
-	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
-	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
-
-	&bswap("eax")	if $swap;
-	&bswap("ebx")	if $swap;
-
-	&mov("ecx",	&DWP($data_off+8,"esp","",0));	# get iv[0]
-	&mov("edx",	&DWP($data_off+12,"esp","",0));	# get iv[1]
-
-	&xor("ecx",	"eax");
-	&xor("edx",	"ebx");
-
-	# this is for when we exit
-	&mov("eax",	&DWP(0,$in,"",0));	# get old cipher text,
-	&mov("ebx",	&DWP(4,$in,"",0));	# next iv actually
-
-&set_label("dj7");
-	&rotr("edx",	16);
-	&movb(&BP(6,$out,"",0),	&LB("edx"));
-	&shr("edx",16);
-&set_label("dj6");
-	&movb(&BP(5,$out,"",0),	&HB("edx"));
-&set_label("dj5");
-	&movb(&BP(4,$out,"",0),	&LB("edx"));
-&set_label("dj4");
-	&mov(&DWP(0,$out,"",0),	"ecx");
-	&jmp(&label("djend"));
-&set_label("dj3");
-	&rotr("ecx",	16);
-	&movb(&BP(2,$out,"",0),	&LB("ecx"));
-	&shl("ecx",16);
-&set_label("dj2");
-	&movb(&BP(1,$in,"",0),	&HB("ecx"));
-&set_label("dj1");
-	&movb(&BP(0,$in,"",0),	&LB("ecx"));
-&set_label("djend");
-
-	# final iv is still in eax:ebx
-	&jmp(&label("finish"));
-
-
-############################ FINISH #######################3
-	&set_label("finish",1);
-	&mov("ecx",	&wparam($iv_off));	# Get iv ptr
-
-	#################################################
-	$total=16+4;
-	$total+=4 if ($p1 > 0);
-	$total+=4 if ($p2 > 0);
-	$total+=4 if ($p3 > 0);
-	&add("esp",$total);
-
-	&mov(&DWP(0,"ecx","",0),	"eax");	# save iv
-	&mov(&DWP(4,"ecx","",0),	"ebx");	# save iv
-
-	&function_end_A($name);
-
-	&align(64);
-	&set_label("cbc_enc_jmp_table");
-	&data_word("0");
-	&data_word(&label("ej1")."-".&label("PIC_point"));
-	&data_word(&label("ej2")."-".&label("PIC_point"));
-	&data_word(&label("ej3")."-".&label("PIC_point"));
-	&data_word(&label("ej4")."-".&label("PIC_point"));
-	&data_word(&label("ej5")."-".&label("PIC_point"));
-	&data_word(&label("ej6")."-".&label("PIC_point"));
-	&data_word(&label("ej7")."-".&label("PIC_point"));
-	# not used
-	#&set_label("cbc_dec_jmp_table",1);
-	#&data_word("0");
-	#&data_word(&label("dj1")."-".&label("PIC_point"));
-	#&data_word(&label("dj2")."-".&label("PIC_point"));
-	#&data_word(&label("dj3")."-".&label("PIC_point"));
-	#&data_word(&label("dj4")."-".&label("PIC_point"));
-	#&data_word(&label("dj5")."-".&label("PIC_point"));
-	#&data_word(&label("dj6")."-".&label("PIC_point"));
-	#&data_word(&label("dj7")."-".&label("PIC_point"));
-	&align(64);
-
-	&function_end_B($name);
-	
-	}
-
-1;
diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl
deleted file mode 100755
index a3edd982b6..0000000000
--- a/crypto/perlasm/ppc-xlate.pl
+++ /dev/null
@@ -1,159 +0,0 @@
-#!/usr/bin/env perl
-
-# PowerPC assembler distiller by <appro>.
-
-my $flavour = shift;
-my $output = shift;
-open STDOUT,">$output" || die "can't open $output: $!";
-
-my %GLOBALS;
-my $dotinlocallabels=($flavour=~/linux/)?1:0;
-
-################################################################
-# directives which need special treatment on different platforms
-################################################################
-my $globl = sub {
-    my $junk = shift;
-    my $name = shift;
-    my $global = \$GLOBALS{$name};
-    my $ret;
-
-    $name =~ s|^[\.\_]||;
- 
-    SWITCH: for ($flavour) {
-	/aix/		&& do { $name = ".$name";
-				last;
-			      };
-	/osx/		&& do { $name = "_$name";
-				last;
-			      };
-	/linux.*32/	&& do {	$ret .= ".globl	$name\n";
-				$ret .= ".type	$name,\@function";
-				last;
-			      };
-	/linux.*64/	&& do {	$ret .= ".globl	$name\n";
-				$ret .= ".type	$name,\@function\n";
-				$ret .= ".section	\".opd\",\"aw\"\n";
-				$ret .= ".align	3\n";
-				$ret .= "$name:\n";
-				$ret .= ".quad	.$name,.TOC.\@tocbase,0\n";
-				$ret .= ".size	$name,24\n";
-				$ret .= ".previous\n";
-
-				$name = ".$name";
-				last;
-			      };
-    }
-
-    $ret = ".globl	$name" if (!$ret);
-    $$global = $name;
-    $ret;
-};
-my $text = sub {
-    ($flavour =~ /aix/) ? ".csect" : ".text";
-};
-my $machine = sub {
-    my $junk = shift;
-    my $arch = shift;
-    if ($flavour =~ /osx/)
-    {	$arch =~ s/\"//g;
-	$arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any");
-    }
-    ".machine	$arch";
-};
-my $size = sub {
-    if ($flavour =~ /linux.*32/)
-    {	shift;
-	".size	" . join(",",@_);
-    }
-    else
-    {	"";	}
-};
-my $asciz = sub {
-    shift;
-    my $line = join(",",@_);
-    if ($line =~ /^"(.*)"$/)
-    {	".byte	" . join(",",unpack("C*",$1),0) . "\n.align	2";	}
-    else
-    {	"";	}
-};
-
-################################################################
-# simplified mnemonics not handled by at least one assembler
-################################################################
-my $cmplw = sub {
-    my $f = shift;
-    my $cr = 0; $cr = shift if ($#_>1);
-    # Some out-of-date 32-bit GNU assembler just can't handle cmplw...
-    ($flavour =~ /linux.*32/) ?
-	"	.long	".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 :
-	"	cmplw	".join(',',$cr,@_);
-};
-my $bdnz = sub {
-    my $f = shift;
-    my $bo = $f=~/[\+\-]/ ? 16+9 : 16;	# optional "to be taken" hint
-    "	bc	$bo,0,".shift;
-} if ($flavour!~/linux/);
-my $bltlr = sub {
-    my $f = shift;
-    my $bo = $f=~/\-/ ? 12+2 : 12;	# optional "not to be taken" hint
-    ($flavour =~ /linux/) ?		# GNU as doesn't allow most recent hints
-	"	.long	".sprintf "0x%x",19<<26|$bo<<21|16<<1 :
-	"	bclr	$bo,0";
-};
-my $bnelr = sub {
-    my $f = shift;
-    my $bo = $f=~/\-/ ? 4+2 : 4;	# optional "not to be taken" hint
-    ($flavour =~ /linux/) ?		# GNU as doesn't allow most recent hints
-	"	.long	".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 :
-	"	bclr	$bo,2";
-};
-my $beqlr = sub {
-    my $f = shift;
-    my $bo = $f=~/-/ ? 12+2 : 12;	# optional "not to be taken" hint
-    ($flavour =~ /linux/) ?		# GNU as doesn't allow most recent hints
-	"	.long	".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 :
-	"	bclr	$bo,2";
-};
-# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two
-# arguments is 64, with "operand out of range" error.
-my $extrdi = sub {
-    my ($f,$ra,$rs,$n,$b) = @_;
-    $b = ($b+$n)&63; $n = 64-$n;
-    "	rldicl	$ra,$rs,$b,$n";
-};
-
-while($line=<>) {
-
-    $line =~ s|[#!;].*$||;	# get rid of asm-style comments...
-    $line =~ s|/\*.*\*/||;	# ... and C-style comments...
-    $line =~ s|^\s+||;		# ... and skip white spaces in beginning...
-    $line =~ s|\s+$||;		# ... and at the end
-
-    {
-	$line =~ s|\b\.L(\w+)|L$1|g;	# common denominator for Locallabel
-	$line =~ s|\bL(\w+)|\.L$1|g	if ($dotinlocallabels);
-    }
-
-    {
-	$line =~ s|(^[\.\w]+)\:\s*||;
-	my $label = $1;
-	printf "%s:",($GLOBALS{$label} or $label) if ($label);
-    }
-
-    {
-	$line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||;
-	my $c = $1; $c = "\t" if ($c eq "");
-	my $mnemonic = $2;
-	my $f = $3;
-	my $opcode = eval("\$$mnemonic");
-	$line =~ s|\bc?[rf]([0-9]+)\b|$1|g if ($c ne "." and $flavour !~ /osx/);
-	if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(',',$line)); }
-	elsif ($mnemonic)           { $line = $c.$mnemonic.$f."\t".$line; }
-    }
-
-    print $line if ($line);
-    print "\n";
-}
-
-close STDOUT;
diff --git a/crypto/perlasm/readme b/crypto/perlasm/readme
deleted file mode 100644
index f02bbee75a..0000000000
--- a/crypto/perlasm/readme
+++ /dev/null
@@ -1,124 +0,0 @@
-The perl scripts in this directory are my 'hack' to generate
-multiple different assembler formats via the one origional script.
-
-The way to use this library is to start with adding the path to this directory
-and then include it.
-
-push(@INC,"perlasm","../../perlasm");
-require "x86asm.pl";
-
-The first thing we do is setup the file and type of assember
-
-&asm_init($ARGV[0],$0);
-
-The first argument is the 'type'.  Currently
-'cpp', 'sol', 'a.out', 'elf' or 'win32'.
-Argument 2 is the file name.
-
-The reciprocal function is
-&asm_finish() which should be called at the end.
-
-There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler,
-and x86unix.pl which is the unix (gas) version.
-
-Functions of interest are:
-&external_label("des_SPtrans");	declare and external variable
-&LB(reg);			Low byte for a register
-&HB(reg);			High byte for a register
-&BP(off,base,index,scale)	Byte pointer addressing
-&DWP(off,base,index,scale)	Word pointer addressing
-&stack_push(num)		Basically a 'sub esp, num*4' with extra
-&stack_pop(num)			inverse of stack_push
-&function_begin(name,extra)	Start a function with pushing of
-				edi, esi, ebx and ebp.  extra is extra win32
-				external info that may be required.
-&function_begin_B(name,extra)	Same as norma function_begin but no pushing.
-&function_end(name)		Call at end of function.
-&function_end_A(name)		Standard pop and ret, for use inside functions
-&function_end_B(name)		Call at end but with poping or 'ret'.
-&swtmp(num)			Address on stack temp word.
-&wparam(num)			Parameter number num, that was push
-				in C convention.  This all works over pushes
-				and pops.
-&comment("hello there")		Put in a comment.
-&label("loop")			Refer to a label, normally a jmp target.
-&set_label("loop")		Set a label at this point.
-&data_word(word)		Put in a word of data.
-
-So how does this all hold together?  Given
-
-int calc(int len, int *data)
-	{
-	int i,j=0;
-
-	for (i=0; i<len; i++)
-		{
-		j+=other(data[i]);
-		}
-	}
-
-So a very simple version of this function could be coded as
-
-	push(@INC,"perlasm","../../perlasm");
-	require "x86asm.pl";
-	
-	&asm_init($ARGV[0],"cacl.pl");
-
-	&external_label("other");
-
-	$tmp1=	"eax";
-	$j=	"edi";
-	$data=	"esi";
-	$i=	"ebp";
-
-	&comment("a simple function");
-	&function_begin("calc");
-	&mov(	$data,		&wparam(1)); # data
-	&xor(	$j,		$j);
-	&xor(	$i,		$i);
-
-	&set_label("loop");
-	&cmp(	$i,		&wparam(0));
-	&jge(	&label("end"));
-
-	&mov(	$tmp1,		&DWP(0,$data,$i,4));
-	&push(	$tmp1);
-	&call(	"other");
-	&add(	$j,		"eax");
-	&pop(	$tmp1);
-	&inc(	$i);
-	&jmp(	&label("loop"));
-
-	&set_label("end");
-	&mov(	"eax",		$j);
-
-	&function_end("calc");
-
-	&asm_finish();
-
-The above example is very very unoptimised but gives an idea of how
-things work.
-
-There is also a cbc mode function generator in cbc.pl
-
-&cbc(	$name,
-	$encrypt_function_name,
-	$decrypt_function_name,
-	$true_if_byte_swap_needed,
-	$parameter_number_for_iv,
-	$parameter_number_for_encrypt_flag,
-	$first_parameter_to_pass,
-	$second_parameter_to_pass,
-	$third_parameter_to_pass);
-
-So for example, given
-void BF_encrypt(BF_LONG *data,BF_KEY *key);
-void BF_decrypt(BF_LONG *data,BF_KEY *key);
-void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-        BF_KEY *ks, unsigned char *iv, int enc);
-
-&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt",1,4,5,3,-1,-1);
-
-&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
-&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
-
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
deleted file mode 100755
index 56d9b64b6f..0000000000
--- a/crypto/perlasm/x86_64-xlate.pl
+++ /dev/null
@@ -1,1080 +0,0 @@
-#!/usr/bin/env perl
-
-# Ascetic x86_64 AT&T to MASM/NASM assembler translator by <appro>.
-#
-# Why AT&T to MASM and not vice versa? Several reasons. Because AT&T
-# format is way easier to parse. Because it's simpler to "gear" from
-# Unix ABI to Windows one [see cross-reference "card" at the end of
-# file]. Because Linux targets were available first...
-#
-# In addition the script also "distills" code suitable for GNU
-# assembler, so that it can be compiled with more rigid assemblers,
-# such as Solaris /usr/ccs/bin/as.
-#
-# This translator is not designed to convert *arbitrary* assembler
-# code from AT&T format to MASM one. It's designed to convert just
-# enough to provide for dual-ABI OpenSSL modules development...
-# There *are* limitations and you might have to modify your assembler
-# code or this script to achieve the desired result...
-#
-# Currently recognized limitations:
-#
-# - can't use multiple ops per line;
-#
-# Dual-ABI styling rules.
-#
-# 1. Adhere to Unix register and stack layout [see cross-reference
-#    ABI "card" at the end for explanation].
-# 2. Forget about "red zone," stick to more traditional blended
-#    stack frame allocation. If volatile storage is actually required
-#    that is. If not, just leave the stack as is.
-# 3. Functions tagged with ".type name,@function" get crafted with
-#    unified Win64 prologue and epilogue automatically. If you want
-#    to take care of ABI differences yourself, tag functions as
-#    ".type name,@abi-omnipotent" instead.
-# 4. To optimize the Win64 prologue you can specify number of input
-#    arguments as ".type name,@function,N." Keep in mind that if N is
-#    larger than 6, then you *have to* write "abi-omnipotent" code,
-#    because >6 cases can't be addressed with unified prologue.
-# 5. Name local labels as .L*, do *not* use dynamic labels such as 1:
-#    (sorry about latter).
-# 6. Don't use [or hand-code with .byte] "rep ret." "ret" mnemonic is
-#    required to identify the spots, where to inject Win64 epilogue!
-#    But on the pros, it's then prefixed with rep automatically:-)
-# 7. Stick to explicit ip-relative addressing. If you have to use
-#    GOTPCREL addressing, stick to mov symbol@GOTPCREL(%rip),%r??.
-#    Both are recognized and translated to proper Win64 addressing
-#    modes. To support legacy code a synthetic directive, .picmeup,
-#    is implemented. It puts address of the *next* instruction into
-#    target register, e.g.:
-#
-#		.picmeup	%rax
-#		lea		.Label-.(%rax),%rax
-#
-# 8. In order to provide for structured exception handling unified
-#    Win64 prologue copies %rsp value to %rax. For further details
-#    see SEH paragraph at the end.
-# 9. .init segment is allowed to contain calls to functions only.
-# a. If function accepts more than 4 arguments *and* >4th argument
-#    is declared as non 64-bit value, do clear its upper part.
-
-my $flavour = shift;
-my $output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-open STDOUT,">$output" || die "can't open $output: $!"
-	if (defined($output));
-
-my $gas=1;	$gas=0 if ($output =~ /\.asm$/);
-my $elf=1;	$elf=0 if (!$gas);
-my $win64=0;
-my $prefix="";
-my $decor=".L";
-
-my $masmref=8 + 50727*2**-32;	# 8.00.50727 shipped with VS2005
-my $masm=0;
-my $PTR=" PTR";
-
-my $nasmref=2.03;
-my $nasm=0;
-
-if    ($flavour eq "mingw64")	{ $gas=1; $elf=0; $win64=1;
-				  $prefix=`echo __USER_LABEL_PREFIX__ | $ENV{CC} -E -P -`;
-				  chomp($prefix);
-				}
-elsif ($flavour eq "macosx")	{ $gas=1; $elf=0; $prefix="_"; $decor="L\$"; }
-elsif ($flavour eq "masm")	{ $gas=0; $elf=0; $masm=$masmref; $win64=1; $decor="\$L\$"; }
-elsif ($flavour eq "nasm")	{ $gas=0; $elf=0; $nasm=$nasmref; $win64=1; $decor="\$L\$"; $PTR=""; }
-elsif (!$gas)
-{   if ($ENV{ASM} =~ m/nasm/ && `nasm -v` =~ m/version ([0-9]+)\.([0-9]+)/i)
-    {	$nasm = $1 + $2*0.01; $PTR="";  }
-    elsif (`ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/)
-    {	$masm = $1 + $2*2**-16 + $4*2**-32;   }
-    die "no assembler found on %PATH" if (!($nasm || $masm));
-    $win64=1;
-    $elf=0;
-    $decor="\$L\$";
-}
-
-my $current_segment;
-my $current_function;
-my %globals;
-
-{ package opcode;	# pick up opcodes
-    sub re {
-	my	$self = shift;	# single instance in enough...
-	local	*line = shift;
-	undef	$ret;
-
-	if ($line =~ /^([a-z][a-z0-9]*)/i) {
-	    $self->{op} = $1;
-	    $ret = $self;
-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;
-
-	    undef $self->{sz};
-	    if ($self->{op} =~ /^(movz)x?([bw]).*/) {	# movz is pain...
-		$self->{op} = $1;
-		$self->{sz} = $2;
-	    } elsif ($self->{op} =~ /call|jmp/) {
-		$self->{sz} = "";
-	    } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op|insrw)/) { # SSEn
-		$self->{sz} = "";
-	    } elsif ($self->{op} =~ /^v/) { # VEX
-		$self->{sz} = "";
-	    } elsif ($self->{op} =~ /movq/ && $line =~ /%xmm/) {
-		$self->{sz} = "";
-	    } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
-		$self->{op} = $1;
-		$self->{sz} = $2;
-	    }
-	}
-	$ret;
-    }
-    sub size {
-	my $self = shift;
-	my $sz   = shift;
-	$self->{sz} = $sz if (defined($sz) && !defined($self->{sz}));
-	$self->{sz};
-    }
-    sub out {
-	my $self = shift;
-	if ($gas) {
-	    if ($self->{op} eq "movz") {	# movz is pain...
-		sprintf "%s%s%s",$self->{op},$self->{sz},shift;
-	    } elsif ($self->{op} =~ /^set/) { 
-		"$self->{op}";
-	    } elsif ($self->{op} eq "ret") {
-		my $epilogue = "";
-		if ($win64 && $current_function->{abi} eq "svr4") {
-		    $epilogue = "movq	8(%rsp),%rdi\n\t" .
-				"movq	16(%rsp),%rsi\n\t";
-		}
-	    	$epilogue . ".byte	0xf3,0xc3";
-	    } elsif ($self->{op} eq "call" && !$elf && $current_segment eq ".init") {
-		".p2align\t3\n\t.quad";
-	    } else {
-		"$self->{op}$self->{sz}";
-	    }
-	} else {
-	    $self->{op} =~ s/^movz/movzx/;
-	    if ($self->{op} eq "ret") {
-		$self->{op} = "";
-		if ($win64 && $current_function->{abi} eq "svr4") {
-		    $self->{op} = "mov	rdi,QWORD${PTR}[8+rsp]\t;WIN64 epilogue\n\t".
-				  "mov	rsi,QWORD${PTR}[16+rsp]\n\t";
-	    	}
-		$self->{op} .= "DB\t0F3h,0C3h\t\t;repret";
-	    } elsif ($self->{op} =~ /^(pop|push)f/) {
-		$self->{op} .= $self->{sz};
-	    } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") {
-		$self->{op} = "\tDQ";
-	    } 
-	    $self->{op};
-	}
-    }
-    sub mnemonic {
-	my $self=shift;
-	my $op=shift;
-	$self->{op}=$op if (defined($op));
-	$self->{op};
-    }
-}
-{ package const;	# pick up constants, which start with $
-    sub re {
-	my	$self = shift;	# single instance in enough...
-	local	*line = shift;
-	undef	$ret;
-
-	if ($line =~ /^\$([^,]+)/) {
-	    $self->{value} = $1;
-	    $ret = $self;
-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;
-	}
-	$ret;
-    }
-    sub out {
-    	my $self = shift;
-
-	if ($gas) {
-	    # Solaris /usr/ccs/bin/as can't handle multiplications
-	    # in $self->{value}
-	    $self->{value} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
-	    $self->{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
-	    sprintf "\$%s",$self->{value};
-	} else {
-	    $self->{value} =~ s/(0b[0-1]+)/oct($1)/eig;
-	    $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm);
-	    sprintf "%s",$self->{value};
-	}
-    }
-}
-{ package ea;		# pick up effective addresses: expr(%reg,%reg,scale)
-    sub re {
-	my	$self = shift;	# single instance in enough...
-	local	*line = shift;
-	undef	$ret;
-
-	# optional * ---vvv--- appears in indirect jmp/call
-	if ($line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)/) {
-	    $self->{asterisk} = $1;
-	    $self->{label} = $2;
-	    ($self->{base},$self->{index},$self->{scale})=split(/,/,$3);
-	    $self->{scale} = 1 if (!defined($self->{scale}));
-	    $ret = $self;
-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;
-
-	    if ($win64 && $self->{label} =~ s/\@GOTPCREL//) {
-		die if (opcode->mnemonic() ne "mov");
-		opcode->mnemonic("lea");
-	    }
-	    $self->{base}  =~ s/^%//;
-	    $self->{index} =~ s/^%// if (defined($self->{index}));
-	}
-	$ret;
-    }
-    sub size {}
-    sub out {
-    	my $self = shift;
-	my $sz = shift;
-
-	$self->{label} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
-	$self->{label} =~ s/\.L/$decor/g;
-
-	# Silently convert all EAs to 64-bit. This is required for
-	# elder GNU assembler and results in more compact code,
-	# *but* most importantly AES module depends on this feature!
-	$self->{index} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
-	$self->{base}  =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
-
-	# Solaris /usr/ccs/bin/as can't handle multiplications
-	# in $self->{label}, new gas requires sign extension...
-	use integer;
-	$self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
-	$self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
-	$self->{label} =~ s/([0-9]+)/$1<<32>>32/eg;
-
-	if ($gas) {
-	    $self->{label} =~ s/^___imp_/__imp__/   if ($flavour eq "mingw64");
-
-	    if (defined($self->{index})) {
-		sprintf "%s%s(%s,%%%s,%d)",$self->{asterisk},
-					$self->{label},
-					$self->{base}?"%$self->{base}":"",
-					$self->{index},$self->{scale};
-	    } else {
-		sprintf "%s%s(%%%s)",	$self->{asterisk},$self->{label},$self->{base};
-	    }
-	} else {
-	    %szmap = (	b=>"BYTE$PTR", w=>"WORD$PTR", l=>"DWORD$PTR",
-	    		q=>"QWORD$PTR",o=>"OWORD$PTR",x=>"XMMWORD$PTR" );
-
-	    $self->{label} =~ s/\./\$/g;
-	    $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig;
-	    $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/);
-	    $sz="q" if ($self->{asterisk} || opcode->mnemonic() eq "movq");
-	    $sz="l" if (opcode->mnemonic() eq "movd");
-
-	    if (defined($self->{index})) {
-		sprintf "%s[%s%s*%d%s]",$szmap{$sz},
-					$self->{label}?"$self->{label}+":"",
-					$self->{index},$self->{scale},
-					$self->{base}?"+$self->{base}":"";
-	    } elsif ($self->{base} eq "rip") {
-		sprintf "%s[%s]",$szmap{$sz},$self->{label};
-	    } else {
-		sprintf "%s[%s%s]",$szmap{$sz},
-					$self->{label}?"$self->{label}+":"",
-					$self->{base};
-	    }
-	}
-    }
-}
-{ package register;	# pick up registers, which start with %.
-    sub re {
-	my	$class = shift;	# muliple instances...
-	my	$self = {};
-	local	*line = shift;
-	undef	$ret;
-
-	# optional * ---vvv--- appears in indirect jmp/call
-	if ($line =~ /^(\*?)%(\w+)/) {
-	    bless $self,$class;
-	    $self->{asterisk} = $1;
-	    $self->{value} = $2;
-	    $ret = $self;
-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;
-	}
-	$ret;
-    }
-    sub size {
-	my	$self = shift;
-	undef	$ret;
-
-	if    ($self->{value} =~ /^r[\d]+b$/i)	{ $ret="b"; }
-	elsif ($self->{value} =~ /^r[\d]+w$/i)	{ $ret="w"; }
-	elsif ($self->{value} =~ /^r[\d]+d$/i)	{ $ret="l"; }
-	elsif ($self->{value} =~ /^r[\w]+$/i)	{ $ret="q"; }
-	elsif ($self->{value} =~ /^[a-d][hl]$/i){ $ret="b"; }
-	elsif ($self->{value} =~ /^[\w]{2}l$/i)	{ $ret="b"; }
-	elsif ($self->{value} =~ /^[\w]{2}$/i)	{ $ret="w"; }
-	elsif ($self->{value} =~ /^e[a-z]{2}$/i){ $ret="l"; }
-
-	$ret;
-    }
-    sub out {
-    	my $self = shift;
-	if ($gas)	{ sprintf "%s%%%s",$self->{asterisk},$self->{value}; }
-	else		{ $self->{value}; }
-    }
-}
-{ package label;	# pick up labels, which end with :
-    sub re {
-	my	$self = shift;	# single instance is enough...
-	local	*line = shift;
-	undef	$ret;
-
-	if ($line =~ /(^[\.\w]+)\:/) {
-	    $self->{value} = $1;
-	    $ret = $self;
-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;
-
-	    $self->{value} =~ s/^\.L/$decor/;
-	}
-	$ret;
-    }
-    sub out {
-	my $self = shift;
-
-	if ($gas) {
-	    my $func = ($globals{$self->{value}} or $self->{value}) . ":";
-	    if ($win64	&&
-			$current_function->{name} eq $self->{value} &&
-			$current_function->{abi} eq "svr4") {
-		$func .= "\n";
-		$func .= "	movq	%rdi,8(%rsp)\n";
-		$func .= "	movq	%rsi,16(%rsp)\n";
-		$func .= "	movq	%rsp,%rax\n";
-		$func .= "${decor}SEH_begin_$current_function->{name}:\n";
-		my $narg = $current_function->{narg};
-		$narg=6 if (!defined($narg));
-		$func .= "	movq	%rcx,%rdi\n" if ($narg>0);
-		$func .= "	movq	%rdx,%rsi\n" if ($narg>1);
-		$func .= "	movq	%r8,%rdx\n"  if ($narg>2);
-		$func .= "	movq	%r9,%rcx\n"  if ($narg>3);
-		$func .= "	movq	40(%rsp),%r8\n" if ($narg>4);
-		$func .= "	movq	48(%rsp),%r9\n" if ($narg>5);
-	    }
-	    $func;
-	} elsif ($self->{value} ne "$current_function->{name}") {
-	    $self->{value} .= ":" if ($masm && $ret!~m/^\$/);
-	    $self->{value} . ":";
-	} elsif ($win64 && $current_function->{abi} eq "svr4") {
-	    my $func =	"$current_function->{name}" .
-			($nasm ? ":" : "\tPROC $current_function->{scope}") .
-			"\n";
-	    $func .= "	mov	QWORD${PTR}[8+rsp],rdi\t;WIN64 prologue\n";
-	    $func .= "	mov	QWORD${PTR}[16+rsp],rsi\n";
-	    $func .= "	mov	rax,rsp\n";
-	    $func .= "${decor}SEH_begin_$current_function->{name}:";
-	    $func .= ":" if ($masm);
-	    $func .= "\n";
-	    my $narg = $current_function->{narg};
-	    $narg=6 if (!defined($narg));
-	    $func .= "	mov	rdi,rcx\n" if ($narg>0);
-	    $func .= "	mov	rsi,rdx\n" if ($narg>1);
-	    $func .= "	mov	rdx,r8\n"  if ($narg>2);
-	    $func .= "	mov	rcx,r9\n"  if ($narg>3);
-	    $func .= "	mov	r8,QWORD${PTR}[40+rsp]\n" if ($narg>4);
-	    $func .= "	mov	r9,QWORD${PTR}[48+rsp]\n" if ($narg>5);
-	    $func .= "\n";
-	} else {
-	   "$current_function->{name}".
-			($nasm ? ":" : "\tPROC $current_function->{scope}");
-	}
-    }
-}
-{ package expr;		# pick up expressioins
-    sub re {
-	my	$self = shift;	# single instance is enough...
-	local	*line = shift;
-	undef	$ret;
-
-	if ($line =~ /(^[^,]+)/) {
-	    $self->{value} = $1;
-	    $ret = $self;
-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;
-
-	    $self->{value} =~ s/\@PLT// if (!$elf);
-	    $self->{value} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
-	    $self->{value} =~ s/\.L/$decor/g;
-	}
-	$ret;
-    }
-    sub out {
-	my $self = shift;
-	if ($nasm && opcode->mnemonic()=~m/^j/) {
-	    "NEAR ".$self->{value};
-	} else {
-	    $self->{value};
-	}
-    }
-}
-{ package directive;	# pick up directives, which start with .
-    sub re {
-	my	$self = shift;	# single instance is enough...
-	local	*line = shift;
-	undef	$ret;
-	my	$dir;
-	my	%opcode =	# lea 2f-1f(%rip),%dst; 1: nop; 2:
-		(	"%rax"=>0x01058d48,	"%rcx"=>0x010d8d48,
-			"%rdx"=>0x01158d48,	"%rbx"=>0x011d8d48,
-			"%rsp"=>0x01258d48,	"%rbp"=>0x012d8d48,
-			"%rsi"=>0x01358d48,	"%rdi"=>0x013d8d48,
-			"%r8" =>0x01058d4c,	"%r9" =>0x010d8d4c,
-			"%r10"=>0x01158d4c,	"%r11"=>0x011d8d4c,
-			"%r12"=>0x01258d4c,	"%r13"=>0x012d8d4c,
-			"%r14"=>0x01358d4c,	"%r15"=>0x013d8d4c	);
-
-	if ($line =~ /^\s*(\.\w+)/) {
-	    $dir = $1;
-	    $ret = $self;
-	    undef $self->{value};
-	    $line = substr($line,@+[0]); $line =~ s/^\s+//;
-
-	    SWITCH: for ($dir) {
-		/\.picmeup/ && do { if ($line =~ /(%r[\w]+)/i) {
-			    		$dir="\t.long";
-					$line=sprintf "0x%x,0x90000000",$opcode{$1};
-				    }
-				    last;
-				  };
-		/\.global|\.globl|\.extern/
-			    && do { $globals{$line} = $prefix . $line;
-				    $line = $globals{$line} if ($prefix);
-				    last;
-				  };
-		/\.type/    && do { ($sym,$type,$narg) = split(',',$line);
-				    if ($type eq "\@function") {
-					undef $current_function;
-					$current_function->{name} = $sym;
-					$current_function->{abi}  = "svr4";
-					$current_function->{narg} = $narg;
-					$current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
-				    } elsif ($type eq "\@abi-omnipotent") {
-					undef $current_function;
-					$current_function->{name} = $sym;
-					$current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE";
-				    }
-				    $line =~ s/\@abi\-omnipotent/\@function/;
-				    $line =~ s/\@function.*/\@function/;
-				    last;
-				  };
-		/\.asciz/   && do { if ($line =~ /^"(.*)"$/) {
-					$dir  = ".byte";
-					$line = join(",",unpack("C*",$1),0);
-				    }
-				    last;
-				  };
-		/\.rva|\.long|\.quad/
-			    && do { $line =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei;
-				    $line =~ s/\.L/$decor/g;
-				    last;
-				  };
-	    }
-
-	    if ($gas) {
-		$self->{value} = $dir . "\t" . $line;
-
-		if ($dir =~ /\.extern/) {
-		    $self->{value} = ""; # swallow extern
-		} elsif (!$elf && $dir =~ /\.type/) {
-		    $self->{value} = "";
-		    $self->{value} = ".def\t" . ($globals{$1} or $1) . ";\t" .
-				(defined($globals{$1})?".scl 2;":".scl 3;") .
-				"\t.type 32;\t.endef"
-				if ($win64 && $line =~ /([^,]+),\@function/);
-		} elsif (!$elf && $dir =~ /\.size/) {
-		    $self->{value} = "";
-		    if (defined($current_function)) {
-			$self->{value} .= "${decor}SEH_end_$current_function->{name}:"
-				if ($win64 && $current_function->{abi} eq "svr4");
-			undef $current_function;
-		    }
-		} elsif (!$elf && $dir =~ /\.align/) {
-		    $self->{value} = ".p2align\t" . (log($line)/log(2));
-		} elsif ($dir eq ".section") {
-		    $current_segment=$line;
-		    if (!$elf && $current_segment eq ".init") {
-			if	($flavour eq "macosx")	{ $self->{value} = ".mod_init_func"; }
-			elsif	($flavour eq "mingw64")	{ $self->{value} = ".section\t.ctors"; }
-		    }
-		} elsif ($dir =~ /\.(text|data)/) {
-		    $current_segment=".$1";
-		} elsif ($dir =~ /\.hidden/) {
-		    if    ($flavour eq "macosx")  { $self->{value} = ".private_extern\t$prefix$line"; }
-		    elsif ($flavour eq "mingw64") { $self->{value} = ""; }
-		} elsif ($dir =~ /\.comm/) {
-		    $self->{value} = "$dir\t$prefix$line";
-		    $self->{value} =~ s|,([0-9]+),([0-9]+)$|",$1,".log($2)/log(2)|e if ($flavour eq "macosx");
-		}
-		$line = "";
-		return $self;
-	    }
-
-	    # non-gas case or nasm/masm
-	    SWITCH: for ($dir) {
-		/\.text/    && do { my $v=undef;
-				    if ($nasm) {
-					$v="section	.text code align=64\n";
-				    } else {
-					$v="$current_segment\tENDS\n" if ($current_segment);
-					$current_segment = ".text\$";
-					$v.="$current_segment\tSEGMENT ";
-					$v.=$masm>=$masmref ? "ALIGN(64)" : "PAGE";
-					$v.=" 'CODE'";
-				    }
-				    $self->{value} = $v;
-				    last;
-				  };
-		/\.data/    && do { my $v=undef;
-				    if ($nasm) {
-					$v="section	.data data align=8\n";
-				    } else {
-					$v="$current_segment\tENDS\n" if ($current_segment);
-					$current_segment = "_DATA";
-					$v.="$current_segment\tSEGMENT";
-				    }
-				    $self->{value} = $v;
-				    last;
-				  };
-		/\.section/ && do { my $v=undef;
-				    $line =~ s/([^,]*).*/$1/;
-				    $line = ".CRT\$XCU" if ($line eq ".init");
-				    if ($nasm) {
-					$v="section	$line";
-					if ($line=~/\.([px])data/) {
-					    $v.=" rdata align=";
-					    $v.=$1 eq "p"? 4 : 8;
-					} elsif ($line=~/\.CRT\$/i) {
-					    $v.=" rdata align=8";
-					}
-				    } else {
-					$v="$current_segment\tENDS\n" if ($current_segment);
-					$v.="$line\tSEGMENT";
-					if ($line=~/\.([px])data/) {
-					    $v.=" READONLY";
-					    $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref);
-					} elsif ($line=~/\.CRT\$/i) {
-					    $v.=" READONLY ";
-					    $v.=$masm>=$masmref ? "ALIGN(8)" : "DWORD";
-					}
-				    }
-				    $current_segment = $line;
-				    $self->{value} = $v;
-				    last;
-				  };
-		/\.extern/  && do { $self->{value}  = "EXTERN\t".$line;
-				    $self->{value} .= ":NEAR" if ($masm);
-				    last;
-				  };
-		/\.globl|.global/
-			    && do { $self->{value}  = $masm?"PUBLIC":"global";
-				    $self->{value} .= "\t".$line;
-				    last;
-				  };
-		/\.size/    && do { if (defined($current_function)) {
-					undef $self->{value};
-					if ($current_function->{abi} eq "svr4") {
-					    $self->{value}="${decor}SEH_end_$current_function->{name}:";
-					    $self->{value}.=":\n" if($masm);
-					}
-					$self->{value}.="$current_function->{name}\tENDP" if($masm && $current_function->{name});
-					undef $current_function;
-				    }
-				    last;
-				  };
-		/\.align/   && do { $self->{value} = "ALIGN\t".$line; last; };
-		/\.(value|long|rva|quad)/
-			    && do { my $sz  = substr($1,0,1);
-				    my @arr = split(/,\s*/,$line);
-				    my $last = pop(@arr);
-				    my $conv = sub  {	my $var=shift;
-							$var=~s/^(0b[0-1]+)/oct($1)/eig;
-							$var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm);
-							if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva"))
-							{ $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; }
-							$var;
-						    };  
-
-				    $sz =~ tr/bvlrq/BWDDQ/;
-				    $self->{value} = "\tD$sz\t";
-				    for (@arr) { $self->{value} .= &$conv($_).","; }
-				    $self->{value} .= &$conv($last);
-				    last;
-				  };
-		/\.byte/    && do { my @str=split(/,\s*/,$line);
-				    map(s/(0b[0-1]+)/oct($1)/eig,@str);
-				    map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm);	
-				    while ($#str>15) {
-					$self->{value}.="DB\t"
-						.join(",",@str[0..15])."\n";
-					foreach (0..15) { shift @str; }
-				    }
-				    $self->{value}.="DB\t"
-						.join(",",@str) if (@str);
-				    last;
-				  };
-		/\.comm/    && do { my @str=split(/,\s*/,$line);
-				    my $v=undef;
-				    if ($nasm) {
-					$v.="common	$prefix@str[0] @str[1]";
-				    } else {
-					$v="$current_segment\tENDS\n" if ($current_segment);
-					$current_segment = "_DATA";
-					$v.="$current_segment\tSEGMENT\n";
-					$v.="COMM	@str[0]:DWORD:".@str[1]/4;
-				    }
-				    $self->{value} = $v;
-				    last;
-				  };
-	    }
-	    $line = "";
-	}
-
-	$ret;
-    }
-    sub out {
-	my $self = shift;
-	$self->{value};
-    }
-}
-
-sub rex {
- local *opcode=shift;
- my ($dst,$src,$rex)=@_;
-
-   $rex|=0x04 if($dst>=8);
-   $rex|=0x01 if($src>=8);
-   push @opcode,($rex|0x40) if ($rex);
-}
-
-# older gas and ml64 don't handle SSE>2 instructions
-my %regrm = (	"%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3,
-		"%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7	);
-
-my $movq = sub {	# elderly gas can't handle inter-register movq
-  my $arg = shift;
-  my @opcode=(0x66);
-    if ($arg =~ /%xmm([0-9]+),\s*%r(\w+)/) {
-	my ($src,$dst)=($1,$2);
-	if ($dst !~ /[0-9]+/)	{ $dst = $regrm{"%e$dst"}; }
-	rex(\@opcode,$src,$dst,0x8);
-	push @opcode,0x0f,0x7e;
-	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
-	@opcode;
-    } elsif ($arg =~ /%r(\w+),\s*%xmm([0-9]+)/) {
-	my ($src,$dst)=($2,$1);
-	if ($dst !~ /[0-9]+/)	{ $dst = $regrm{"%e$dst"}; }
-	rex(\@opcode,$src,$dst,0x8);
-	push @opcode,0x0f,0x6e;
-	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
-	@opcode;
-    } else {
-	();
-    }
-};
-
-my $pextrd = sub {
-    if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*(%\w+)/) {
-      my @opcode=(0x66);
-	$imm=$1;
-	$src=$2;
-	$dst=$3;
-	if ($dst =~ /%r([0-9]+)d/)	{ $dst = $1; }
-	elsif ($dst =~ /%e/)		{ $dst = $regrm{$dst}; }
-	rex(\@opcode,$src,$dst);
-	push @opcode,0x0f,0x3a,0x16;
-	push @opcode,0xc0|(($src&7)<<3)|($dst&7);	# ModR/M
-	push @opcode,$imm;
-	@opcode;
-    } else {
-	();
-    }
-};
-
-my $pinsrd = sub {
-    if (shift =~ /\$([0-9]+),\s*(%\w+),\s*%xmm([0-9]+)/) {
-      my @opcode=(0x66);
-	$imm=$1;
-	$src=$2;
-	$dst=$3;
-	if ($src =~ /%r([0-9]+)/)	{ $src = $1; }
-	elsif ($src =~ /%e/)		{ $src = $regrm{$src}; }
-	rex(\@opcode,$dst,$src);
-	push @opcode,0x0f,0x3a,0x22;
-	push @opcode,0xc0|(($dst&7)<<3)|($src&7);	# ModR/M
-	push @opcode,$imm;
-	@opcode;
-    } else {
-	();
-    }
-};
-
-my $pshufb = sub {
-    if (shift =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
-      my @opcode=(0x66);
-	rex(\@opcode,$2,$1);
-	push @opcode,0x0f,0x38,0x00;
-	push @opcode,0xc0|($1&7)|(($2&7)<<3);		# ModR/M
-	@opcode;
-    } else {
-	();
-    }
-};
-
-my $palignr = sub {
-    if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
-      my @opcode=(0x66);
-	rex(\@opcode,$3,$2);
-	push @opcode,0x0f,0x3a,0x0f;
-	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
-	push @opcode,$1;
-	@opcode;
-    } else {
-	();
-    }
-};
-
-my $pclmulqdq = sub {
-    if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
-      my @opcode=(0x66);
-	rex(\@opcode,$3,$2);
-	push @opcode,0x0f,0x3a,0x44;
-	push @opcode,0xc0|($2&7)|(($3&7)<<3);		# ModR/M
-	my $c=$1;
-	push @opcode,$c=~/^0/?oct($c):$c;
-	@opcode;
-    } else {
-	();
-    }
-};
-
-my $rdrand = sub {
-    if (shift =~ /%[er](\w+)/) {
-      my @opcode=();
-      my $dst=$1;
-	if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
-	rex(\@opcode,0,$1,8);
-	push @opcode,0x0f,0xc7,0xf0|($dst&7);
-	@opcode;
-    } else {
-	();
-    }
-};
-
-if ($nasm) {
-    print <<___;
-default	rel
-%define XMMWORD
-___
-} elsif ($masm) {
-    print <<___;
-OPTION	DOTNAME
-___
-}
-while($line=<>) {
-
-    chomp($line);
-
-    $line =~ s|[#!].*$||;	# get rid of asm-style comments...
-    $line =~ s|/\*.*\*/||;	# ... and C-style comments...
-    $line =~ s|^\s+||;		# ... and skip white spaces in beginning
-
-    undef $label;
-    undef $opcode;
-    undef @args;
-
-    if ($label=label->re(\$line))	{ print $label->out(); }
-
-    if (directive->re(\$line)) {
-	printf "%s",directive->out();
-    } elsif ($opcode=opcode->re(\$line)) {
-	my $asm = eval("\$".$opcode->mnemonic());
-	undef @bytes;
-	
-	if ((ref($asm) eq 'CODE') && scalar(@bytes=&$asm($line))) {
-	    print $gas?".byte\t":"DB\t",join(',',@bytes),"\n";
-	    next;
-	}
-
-	ARGUMENT: while (1) {
-	my $arg;
-
-	if ($arg=register->re(\$line))	{ opcode->size($arg->size()); }
-	elsif ($arg=const->re(\$line))	{ }
-	elsif ($arg=ea->re(\$line))	{ }
-	elsif ($arg=expr->re(\$line))	{ }
-	else				{ last ARGUMENT; }
-
-	push @args,$arg;
-
-	last ARGUMENT if ($line !~ /^,/);
-
-	$line =~ s/^,\s*//;
-	} # ARGUMENT:
-
-	if ($#args>=0) {
-	    my $insn;
-	    my $sz=opcode->size();
-
-	    if ($gas) {
-		$insn = $opcode->out($#args>=1?$args[$#args]->size():$sz);
-		@args = map($_->out($sz),@args);
-		printf "\t%s\t%s",$insn,join(",",@args);
-	    } else {
-		$insn = $opcode->out();
-		foreach (@args) {
-		    my $arg = $_->out();
-		    # $insn.=$sz compensates for movq, pinsrw, ...
-		    if ($arg =~ /^xmm[0-9]+$/) { $insn.=$sz; $sz="x" if(!$sz); last; }
-		    if ($arg =~ /^mm[0-9]+$/)  { $insn.=$sz; $sz="q" if(!$sz); last; }
-		}
-		@args = reverse(@args);
-		undef $sz if ($nasm && $opcode->mnemonic() eq "lea");
-		printf "\t%s\t%s",$insn,join(",",map($_->out($sz),@args));
-	    }
-	} else {
-	    printf "\t%s",$opcode->out();
-	}
-    }
-
-    print $line,"\n";
-}
-
-print "\n$current_segment\tENDS\n"	if ($current_segment && $masm);
-print "END\n"				if ($masm);
-
-close STDOUT;
-
-#################################################
-# Cross-reference x86_64 ABI "card"
-#
-# 		Unix		Win64
-# %rax		*		*
-# %rbx		-		-
-# %rcx		#4		#1
-# %rdx		#3		#2
-# %rsi		#2		-
-# %rdi		#1		-
-# %rbp		-		-
-# %rsp		-		-
-# %r8		#5		#3
-# %r9		#6		#4
-# %r10		*		*
-# %r11		*		*
-# %r12		-		-
-# %r13		-		-
-# %r14		-		-
-# %r15		-		-
-# 
-# (*)	volatile register
-# (-)	preserved by callee
-# (#)	Nth argument, volatile
-#
-# In Unix terms top of stack is argument transfer area for arguments
-# which could not be accomodated in registers. Or in other words 7th
-# [integer] argument resides at 8(%rsp) upon function entry point.
-# 128 bytes above %rsp constitute a "red zone" which is not touched
-# by signal handlers and can be used as temporal storage without
-# allocating a frame.
-#
-# In Win64 terms N*8 bytes on top of stack is argument transfer area,
-# which belongs to/can be overwritten by callee. N is the number of
-# arguments passed to callee, *but* not less than 4! This means that
-# upon function entry point 5th argument resides at 40(%rsp), as well
-# as that 32 bytes from 8(%rsp) can always be used as temporal
-# storage [without allocating a frame]. One can actually argue that
-# one can assume a "red zone" above stack pointer under Win64 as well.
-# Point is that at apparently no occasion Windows kernel would alter
-# the area above user stack pointer in true asynchronous manner...
-#
-# All the above means that if assembler programmer adheres to Unix
-# register and stack layout, but disregards the "red zone" existense,
-# it's possible to use following prologue and epilogue to "gear" from
-# Unix to Win64 ABI in leaf functions with not more than 6 arguments.
-#
-# omnipotent_function:
-# ifdef WIN64
-#	movq	%rdi,8(%rsp)
-#	movq	%rsi,16(%rsp)
-#	movq	%rcx,%rdi	; if 1st argument is actually present
-#	movq	%rdx,%rsi	; if 2nd argument is actually ...
-#	movq	%r8,%rdx	; if 3rd argument is ...
-#	movq	%r9,%rcx	; if 4th argument ...
-#	movq	40(%rsp),%r8	; if 5th ...
-#	movq	48(%rsp),%r9	; if 6th ...
-# endif
-#	...
-# ifdef WIN64
-#	movq	8(%rsp),%rdi
-#	movq	16(%rsp),%rsi
-# endif
-#	ret
-#
-#################################################
-# Win64 SEH, Structured Exception Handling.
-#
-# Unlike on Unix systems(*) lack of Win64 stack unwinding information
-# has undesired side-effect at run-time: if an exception is raised in
-# assembler subroutine such as those in question (basically we're
-# referring to segmentation violations caused by malformed input
-# parameters), the application is briskly terminated without invoking
-# any exception handlers, most notably without generating memory dump
-# or any user notification whatsoever. This poses a problem. It's
-# possible to address it by registering custom language-specific
-# handler that would restore processor context to the state at
-# subroutine entry point and return "exception is not handled, keep
-# unwinding" code. Writing such handler can be a challenge... But it's
-# doable, though requires certain coding convention. Consider following
-# snippet:
-#
-# .type	function,@function
-# function:
-#	movq	%rsp,%rax	# copy rsp to volatile register
-#	pushq	%r15		# save non-volatile registers
-#	pushq	%rbx
-#	pushq	%rbp
-#	movq	%rsp,%r11
-#	subq	%rdi,%r11	# prepare [variable] stack frame
-#	andq	$-64,%r11
-#	movq	%rax,0(%r11)	# check for exceptions
-#	movq	%r11,%rsp	# allocate [variable] stack frame
-#	movq	%rax,0(%rsp)	# save original rsp value
-# magic_point:
-#	...
-#	movq	0(%rsp),%rcx	# pull original rsp value
-#	movq	-24(%rcx),%rbp	# restore non-volatile registers
-#	movq	-16(%rcx),%rbx
-#	movq	-8(%rcx),%r15
-#	movq	%rcx,%rsp	# restore original rsp
-#	ret
-# .size function,.-function
-#
-# The key is that up to magic_point copy of original rsp value remains
-# in chosen volatile register and no non-volatile register, except for
-# rsp, is modified. While past magic_point rsp remains constant till
-# the very end of the function. In this case custom language-specific
-# exception handler would look like this:
-#
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-# {	ULONG64 *rsp = (ULONG64 *)context->Rax;
-#	if (context->Rip >= magic_point)
-#	{   rsp = ((ULONG64 **)context->Rsp)[0];
-#	    context->Rbp = rsp[-3];
-#	    context->Rbx = rsp[-2];
-#	    context->R15 = rsp[-1];
-#	}
-#	context->Rsp = (ULONG64)rsp;
-#	context->Rdi = rsp[1];
-#	context->Rsi = rsp[2];
-#
-#	memcpy (disp->ContextRecord,context,sizeof(CONTEXT));
-#	RtlVirtualUnwind(UNW_FLAG_NHANDLER,disp->ImageBase,
-#		dips->ControlPc,disp->FunctionEntry,disp->ContextRecord,
-#		&disp->HandlerData,&disp->EstablisherFrame,NULL);
-#	return ExceptionContinueSearch;
-# }
-#
-# It's appropriate to implement this handler in assembler, directly in
-# function's module. In order to do that one has to know members'
-# offsets in CONTEXT and DISPATCHER_CONTEXT structures and some constant
-# values. Here they are:
-#
-#	CONTEXT.Rax				120
-#	CONTEXT.Rcx				128
-#	CONTEXT.Rdx				136
-#	CONTEXT.Rbx				144
-#	CONTEXT.Rsp				152
-#	CONTEXT.Rbp				160
-#	CONTEXT.Rsi				168
-#	CONTEXT.Rdi				176
-#	CONTEXT.R8				184
-#	CONTEXT.R9				192
-#	CONTEXT.R10				200
-#	CONTEXT.R11				208
-#	CONTEXT.R12				216
-#	CONTEXT.R13				224
-#	CONTEXT.R14				232
-#	CONTEXT.R15				240
-#	CONTEXT.Rip				248
-#	CONTEXT.Xmm6				512
-#	sizeof(CONTEXT)				1232
-#	DISPATCHER_CONTEXT.ControlPc		0
-#	DISPATCHER_CONTEXT.ImageBase		8
-#	DISPATCHER_CONTEXT.FunctionEntry	16
-#	DISPATCHER_CONTEXT.EstablisherFrame	24
-#	DISPATCHER_CONTEXT.TargetIp		32
-#	DISPATCHER_CONTEXT.ContextRecord	40
-#	DISPATCHER_CONTEXT.LanguageHandler	48
-#	DISPATCHER_CONTEXT.HandlerData		56
-#	UNW_FLAG_NHANDLER			0
-#	ExceptionContinueSearch			1
-#
-# In order to tie the handler to the function one has to compose
-# couple of structures: one for .xdata segment and one for .pdata.
-#
-# UNWIND_INFO structure for .xdata segment would be
-#
-# function_unwind_info:
-#	.byte	9,0,0,0
-#	.rva	handler
-#
-# This structure designates exception handler for a function with
-# zero-length prologue, no stack frame or frame register.
-#
-# To facilitate composing of .pdata structures, auto-generated "gear"
-# prologue copies rsp value to rax and denotes next instruction with
-# .LSEH_begin_{function_name} label. This essentially defines the SEH
-# styling rule mentioned in the beginning. Position of this label is
-# chosen in such manner that possible exceptions raised in the "gear"
-# prologue would be accounted to caller and unwound from latter's frame.
-# End of function is marked with respective .LSEH_end_{function_name}
-# label. To summarize, .pdata segment would contain
-#
-#	.rva	.LSEH_begin_function
-#	.rva	.LSEH_end_function
-#	.rva	function_unwind_info
-#
-# Reference to functon_unwind_info from .xdata segment is the anchor.
-# In case you wonder why references are 32-bit .rvas and not 64-bit
-# .quads. References put into these two segments are required to be
-# *relative* to the base address of the current binary module, a.k.a.
-# image base. No Win64 module, be it .exe or .dll, can be larger than
-# 2GB and thus such relative references can be and are accommodated in
-# 32 bits.
-#
-# Having reviewed the example function code, one can argue that "movq
-# %rsp,%rax" above is redundant. It is not! Keep in mind that on Unix
-# rax would contain an undefined value. If this "offends" you, use
-# another register and refrain from modifying rax till magic_point is
-# reached, i.e. as if it was a non-volatile register. If more registers
-# are required prior [variable] frame setup is completed, note that
-# nobody says that you can have only one "magic point." You can
-# "liberate" non-volatile registers by denoting last stack off-load
-# instruction and reflecting it in finer grade unwind logic in handler.
-# After all, isn't it why it's called *language-specific* handler...
-#
-# Attentive reader can notice that exceptions would be mishandled in
-# auto-generated "gear" epilogue. Well, exception effectively can't
-# occur there, because if memory area used by it was subject to
-# segmentation violation, then it would be raised upon call to the
-# function (and as already mentioned be accounted to caller, which is
-# not a problem). If you're still not comfortable, then define tail
-# "magic point" just prior ret instruction and have handler treat it...
-#
-# (*)	Note that we're talking about run-time, not debug-time. Lack of
-#	unwind information makes debugging hard on both Windows and
-#	Unix. "Unlike" referes to the fact that on Unix signal handler
-#	will always be invoked, core dumped and appropriate exit code
-#	returned to parent (for user notification).
diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl
deleted file mode 100644
index 3f190ae590..0000000000
--- a/crypto/perlasm/x86asm.pl
+++ /dev/null
@@ -1,262 +0,0 @@
-#!/usr/bin/env perl
-
-# require 'x86asm.pl';
-# &asm_init(<flavor>,"des-586.pl"[,$i386only]);
-# &function_begin("foo");
-# ...
-# &function_end("foo");
-# &asm_finish
-
-$out=();
-$i386=0;
-
-# AUTOLOAD is this context has quite unpleasant side effect, namely
-# that typos in function calls effectively go to assembler output,
-# but on the pros side we don't have to implement one subroutine per
-# each opcode...
-sub ::AUTOLOAD
-{ my $opcode = $AUTOLOAD;
-
-    die "more than 4 arguments passed to $opcode" if ($#_>3);
-
-    $opcode =~ s/.*:://;
-    if    ($opcode =~ /^push/) { $stack+=4; }
-    elsif ($opcode =~ /^pop/)  { $stack-=4; }
-
-    &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD";
-}
-
-sub ::emit
-{ my $opcode=shift;
-
-    if ($#_==-1)    { push(@out,"\t$opcode\n");				}
-    else            { push(@out,"\t$opcode\t".join(',',@_)."\n");	}
-}
-
-sub ::LB
-{   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'";
-  $1."l";
-}
-sub ::HB
-{   $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'";
-  $1."h";
-}
-sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num);	}
-sub ::stack_pop	{ my $num=$_[0]*4; $stack-=$num; &add("esp",$num);	}
-sub ::blindpop	{ &pop($_[0]); $stack+=4;				}
-sub ::wparam	{ &DWP($stack+4*$_[0],"esp");				}
-sub ::swtmp	{ &DWP(4*$_[0],"esp");					}
-
-sub ::bswap
-{   if ($i386)	# emulate bswap for i386
-    {	&comment("bswap @_");
-	&xchg(&HB(@_),&LB(@_));
-	&ror (@_,16);
-	&xchg(&HB(@_),&LB(@_));
-    }
-    else
-    {	&generic("bswap",@_);	}
-}
-# These are made-up opcodes introduced over the years essentially
-# by ignorance, just alias them to real ones...
-sub ::movb	{ &mov(@_);	}
-sub ::xorb	{ &xor(@_);	}
-sub ::rotl	{ &rol(@_);	}
-sub ::rotr	{ &ror(@_);	}
-sub ::exch	{ &xchg(@_);	}
-sub ::halt	{ &hlt;		}
-sub ::movz	{ &movzx(@_);	}
-sub ::pushf	{ &pushfd;	}
-sub ::popf	{ &popfd;	}
-
-# 3 argument instructions
-sub ::movq
-{ my($p1,$p2,$optimize)=@_;
-
-    if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/)
-    # movq between mmx registers can sink Intel CPUs
-    {	&::pshufw($p1,$p2,0xe4);		}
-    else
-    {	&::generic("movq",@_);			}
-}
-
-# SSE>2 instructions
-my %regrm = (	"eax"=>0, "ecx"=>1, "edx"=>2, "ebx"=>3,
-		"esp"=>4, "ebp"=>5, "esi"=>6, "edi"=>7	);
-sub ::pextrd
-{ my($dst,$src,$imm)=@_;
-    if ("$dst:$src" =~ /(e[a-dsd][ixp]):xmm([0-7])/)
-    {	&::data_byte(0x66,0x0f,0x3a,0x16,0xc0|($2<<3)|$regrm{$1},$imm);	}
-    else
-    {	&::generic("pextrd",@_);		}
-}
-
-sub ::pinsrd
-{ my($dst,$src,$imm)=@_;
-    if ("$dst:$src" =~ /xmm([0-7]):(e[a-dsd][ixp])/)
-    {	&::data_byte(0x66,0x0f,0x3a,0x22,0xc0|($1<<3)|$regrm{$2},$imm);	}
-    else
-    {	&::generic("pinsrd",@_);		}
-}
-
-sub ::pshufb
-{ my($dst,$src)=@_;
-    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
-    {	&data_byte(0x66,0x0f,0x38,0x00,0xc0|($1<<3)|$2);	}
-    else
-    {	&::generic("pshufb",@_);		}
-}
-
-sub ::palignr
-{ my($dst,$src,$imm)=@_;
-    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
-    {	&::data_byte(0x66,0x0f,0x3a,0x0f,0xc0|($1<<3)|$2,$imm);	}
-    else
-    {	&::generic("palignr",@_);		}
-}
-
-sub ::pclmulqdq
-{ my($dst,$src,$imm)=@_;
-    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
-    {	&::data_byte(0x66,0x0f,0x3a,0x44,0xc0|($1<<3)|$2,$imm);	}
-    else
-    {	&::generic("pclmulqdq",@_);		}
-}
-
-sub ::rdrand
-{ my ($dst)=@_;
-    if ($dst =~ /(e[a-dsd][ixp])/)
-    {	&::data_byte(0x0f,0xc7,0xf0|$regrm{$dst});	}
-    else
-    {	&::generic("rdrand",@_);	}
-}
-
-# label management
-$lbdecor="L";		# local label decoration, set by package
-$label="000";
-
-sub ::islabel		# see is argument is a known label
-{ my $i;
-    foreach $i (values %label) { return $i if ($i eq $_[0]); }
-  $label{$_[0]};	# can be undef
-}
-
-sub ::label		# instantiate a function-scope label
-{   if (!defined($label{$_[0]}))
-    {	$label{$_[0]}="${lbdecor}${label}${_[0]}"; $label++;   }
-  $label{$_[0]};
-}
-
-sub ::LABEL		# instantiate a file-scope label
-{   $label{$_[0]}=$_[1] if (!defined($label{$_[0]}));
-  $label{$_[0]};
-}
-
-sub ::static_label	{ &::LABEL($_[0],$lbdecor.$_[0]); }
-
-sub ::set_label_B	{ push(@out,"@_:\n"); }
-sub ::set_label
-{ my $label=&::label($_[0]);
-    &::align($_[1]) if ($_[1]>1);
-    &::set_label_B($label);
-  $label;
-}
-
-sub ::wipe_labels	# wipes function-scope labels
-{   foreach $i (keys %label)
-    {	delete $label{$i} if ($label{$i} =~ /^\Q${lbdecor}\E[0-9]{3}/);	}
-}
-
-# subroutine management
-sub ::function_begin
-{   &function_begin_B(@_);
-    $stack=4;
-    &push("ebp");
-    &push("ebx");
-    &push("esi");
-    &push("edi");
-}
-
-sub ::function_end
-{   &pop("edi");
-    &pop("esi");
-    &pop("ebx");
-    &pop("ebp");
-    &ret();
-    &function_end_B(@_);
-    $stack=0;
-    &wipe_labels();
-}
-
-sub ::function_end_A
-{   &pop("edi");
-    &pop("esi");
-    &pop("ebx");
-    &pop("ebp");
-    &ret();
-    $stack+=16;	# readjust esp as if we didn't pop anything
-}
-
-sub ::asciz
-{ my @str=unpack("C*",shift);
-    push @str,0;
-    while ($#str>15) {
-	&data_byte(@str[0..15]);
-	foreach (0..15) { shift @str; }
-    }
-    &data_byte(@str) if (@str);
-}
-
-sub ::asm_finish
-{   &file_end();
-    print @out;
-}
-
-sub ::asm_init
-{ my ($type,$fn,$cpu)=@_;
-
-    $filename=$fn;
-    $i386=$cpu;
-
-    $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=$android=0;
-    if    (($type eq "elf"))
-    {	$elf=1;			require "x86gas.pl";	}
-    elsif (($type eq "a\.out"))
-    {	$aout=1;		require "x86gas.pl";	}
-    elsif (($type eq "coff" or $type eq "gaswin"))
-    {	$coff=1;		require "x86gas.pl";	}
-    elsif (($type eq "win32n"))
-    {	$win32=1;		require "x86nasm.pl";	}
-    elsif (($type eq "nw-nasm"))
-    {	$netware=1;		require "x86nasm.pl";	}
-    #elsif (($type eq "nw-mwasm"))
-    #{	$netware=1; $mwerks=1;	require "x86nasm.pl";	}
-    elsif (($type eq "win32"))
-    {	$win32=1;		require "x86masm.pl";	}
-    elsif (($type eq "macosx"))
-    {	$aout=1; $macosx=1;	require "x86gas.pl";	}
-    elsif (($type eq "android"))
-    {	$elf=1; $android=1;	require "x86gas.pl";	}
-    else
-    {	print STDERR <<"EOF";
-Pick one target type from
-	elf	- Linux, FreeBSD, Solaris x86, etc.
-	a.out	- DJGPP, elder OpenBSD, etc.
-	coff	- GAS/COFF such as Win32 targets
-	win32n	- Windows 95/Windows NT NASM format
-	nw-nasm - NetWare NASM format
-	macosx	- Mac OS X
-EOF
-	exit(1);
-    }
-
-    $pic=0;
-    for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
-
-    $filename =~ s/\.pl$//;
-    &file($filename);
-}
-
-sub ::hidden {}
-
-1;
diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl
deleted file mode 100644
index 735c1ad2bb..0000000000
--- a/crypto/perlasm/x86gas.pl
+++ /dev/null
@@ -1,255 +0,0 @@
-#!/usr/bin/env perl
-
-package x86gas;
-
-*out=\@::out;
-
-$::lbdecor=$::aout?"L":".L";		# local label decoration
-$nmdecor=($::aout or $::coff)?"_":"";	# external name decoration
-
-$initseg="";
-
-$align=16;
-$align=log($align)/log(2) if ($::aout);
-$com_start="#" if ($::aout or $::coff);
-
-sub opsize()
-{ my $reg=shift;
-    if    ($reg =~ m/^%e/o)		{ "l"; }
-    elsif ($reg =~ m/^%[a-d][hl]$/o)	{ "b"; }
-    elsif ($reg =~ m/^%[xm]/o)		{ undef; }
-    else				{ "w"; }
-}
-
-# swap arguments;
-# expand opcode with size suffix;
-# prefix numeric constants with $;
-sub ::generic
-{ my($opcode,@arg)=@_;
-  my($suffix,$dst,$src);
-
-    @arg=reverse(@arg);
-
-    for (@arg)
-    {	s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o;	# gp registers
-	s/^([xy]?mm[0-7])$/%$1/o;		# xmm/mmx registers
-	s/^(\-?[0-9]+)$/\$$1/o;			# constants
-	s/^(\-?0x[0-9a-f]+)$/\$$1/o;		# constants
-    }
-
-    $dst = $arg[$#arg]		if ($#arg>=0);
-    $src = $arg[$#arg-1]	if ($#arg>=1);
-    if    ($dst =~ m/^%/o)	{ $suffix=&opsize($dst); }
-    elsif ($src =~ m/^%/o)	{ $suffix=&opsize($src); }
-    else			{ $suffix="l";           }
-    undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o);
-
-    if ($#_==0)				{ &::emit($opcode);		}
-    elsif ($#_==1 && $opcode =~ m/^(call|clflush|j|loop|set)/o)
-					{ &::emit($opcode,@arg);	}
-    else				{ &::emit($opcode.$suffix,@arg);}
-
-  1;
-}
-#
-# opcodes not covered by ::generic above, mostly inconsistent namings...
-#
-sub ::movzx	{ &::movzb(@_);			}
-sub ::pushfd	{ &::pushfl;			}
-sub ::popfd	{ &::popfl;			}
-sub ::cpuid	{ &::emit(".byte\t0x0f,0xa2");	}
-sub ::rdtsc	{ &::emit(".byte\t0x0f,0x31");	}
-
-sub ::call	{ &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
-sub ::call_ptr	{ &::generic("call","*$_[0]");	}
-sub ::jmp_ptr	{ &::generic("jmp","*$_[0]");	}
-
-*::bswap = sub	{ &::emit("bswap","%$_[0]");	} if (!$::i386);
-
-sub ::DWP
-{ my($addr,$reg1,$reg2,$idx)=@_;
-  my $ret="";
-
-    $addr =~ s/^\s+//;
-    # prepend global references with optional underscore
-    $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige;
-
-    $reg1 = "%$reg1" if ($reg1);
-    $reg2 = "%$reg2" if ($reg2);
-
-    $ret .= $addr if (($addr ne "") && ($addr ne 0));
-
-    if ($reg2)
-    {	$idx!= 0 or $idx=1;
-	$ret .= "($reg1,$reg2,$idx)";
-    }
-    elsif ($reg1)
-    {	$ret .= "($reg1)";	}
-
-  $ret;
-}
-sub ::QWP	{ &::DWP(@_);	}
-sub ::BP	{ &::DWP(@_);	}
-sub ::WP	{ &::DWP(@_);	}
-sub ::BC	{ @_;		}
-sub ::DWC	{ @_;		}
-
-sub ::file
-{   push(@out,".file\t\"$_[0].s\"\n.text\n");	}
-
-sub ::function_begin_B
-{ my $func=shift;
-  my $global=($func !~ /^_/);
-  my $begin="${::lbdecor}_${func}_begin";
-
-    &::LABEL($func,$global?"$begin":"$nmdecor$func");
-    $func=$nmdecor.$func;
-
-    push(@out,".globl\t$func\n")	if ($global);
-    if ($::coff)
-    {	push(@out,".def\t$func;\t.scl\t".(3-$global).";\t.type\t32;\t.endef\n"); }
-    elsif (($::aout and !$::pic) or $::macosx)
-    { }
-    else
-    {	push(@out,".type	$func,\@function\n"); }
-    push(@out,".align\t$align\n");
-    push(@out,"$func:\n");
-    push(@out,"$begin:\n")		if ($global);
-    $::stack=4;
-}
-
-sub ::function_end_B
-{ my $func=shift;
-    push(@out,".size\t$nmdecor$func,.-".&::LABEL($func)."\n") if ($::elf);
-    $::stack=0;
-    &::wipe_labels();
-}
-
-sub ::comment
-	{
-	if (!defined($com_start) or $::elf)
-		{	# Regarding $::elf above...
-			# GNU and SVR4 as'es use different comment delimiters,
-		push(@out,"\n");	# so we just skip ELF comments...
-		return;
-		}
-	foreach (@_)
-		{
-		if (/^\s*$/)
-			{ push(@out,"\n"); }
-		else
-			{ push(@out,"\t$com_start $_ $com_end\n"); }
-		}
-	}
-
-sub ::external_label
-{   foreach(@_) { &::LABEL($_,$nmdecor.$_); }   }
-
-sub ::public_label
-{   push(@out,".globl\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");   }
-
-sub ::file_end
-{   if ($::macosx)
-    {	if (%non_lazy_ptr)
-    	{   push(@out,".section __IMPORT,__pointers,non_lazy_symbol_pointers\n");
-	    foreach $i (keys %non_lazy_ptr)
-	    {	push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n");   }
-	}
-    }
-    if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) {
-	my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,8";
-	if ($::macosx)	{ push (@out,"$tmp,2\n"); }
-	elsif ($::elf)	{ push (@out,"$tmp,4\n"); }
-	else		{ push (@out,"$tmp\n"); }
-    }
-    push(@out,$initseg) if ($initseg);
-}
-
-sub ::data_byte	{   push(@out,".byte\t".join(',',@_)."\n");   }
-sub ::data_short{   push(@out,".value\t".join(',',@_)."\n");  }
-sub ::data_word {   push(@out,".long\t".join(',',@_)."\n");   }
-
-sub ::align
-{ my $val=$_[0],$p2,$i;
-    if ($::aout)
-    {	for ($p2=0;$val!=0;$val>>=1) { $p2++; }
-	$val=$p2-1;
-	$val.=",0x90";
-    }
-    push(@out,".align\t$val\n");
-}
-
-sub ::picmeup
-{ my($dst,$sym,$base,$reflabel)=@_;
-
-    if (($::pic && ($::elf || $::aout)) || $::macosx)
-    {	if (!defined($base))
-	{   &::call(&::label("PIC_me_up"));
-	    &::set_label("PIC_me_up");
-	    &::blindpop($dst);
-	    $base=$dst;
-	    $reflabel=&::label("PIC_me_up");
-	}
-	if ($::macosx)
-	{   my $indirect=&::static_label("$nmdecor$sym\$non_lazy_ptr");
-	    &::mov($dst,&::DWP("$indirect-$reflabel",$base));
-	    $non_lazy_ptr{"$nmdecor$sym"}=$indirect;
-	}
-	else
-	{   &::lea($dst,&::DWP("_GLOBAL_OFFSET_TABLE_+[.-$reflabel]",
-			    $base));
-	    &::mov($dst,&::DWP("$sym\@GOT",$dst));
-	}
-    }
-    else
-    {	&::lea($dst,&::DWP($sym));	}
-}
-
-sub ::initseg
-{ my $f=$nmdecor.shift;
-
-    if ($::android)
-    {	$initseg.=<<___;
-.section	.init_array
-.align	4
-.long	$f
-___
-    }
-    elsif ($::elf)
-    {	$initseg.=<<___;
-.section	.init
-	call	$f
-___
-    }
-    elsif ($::coff)
-    {   $initseg.=<<___;	# applies to both Cygwin and Mingw
-.section	.ctors
-.long	$f
-___
-    }
-    elsif ($::macosx)
-    {	$initseg.=<<___;
-.mod_init_func
-.align 2
-.long   $f
-___
-    }
-    elsif ($::aout)
-    {	my $ctor="${nmdecor}_GLOBAL_\$I\$$f";
-	$initseg.=".text\n";
-	$initseg.=".type	$ctor,\@function\n" if ($::pic);
-	$initseg.=<<___;	# OpenBSD way...
-.globl	$ctor
-.align	2
-$ctor:
-	jmp	$f
-___
-    }
-}
-
-sub ::dataseg
-{   push(@out,".data\n");   }
-
-*::hidden = sub { push(@out,".hidden\t$nmdecor$_[0]\n"); } if ($::elf);
-
-1;
diff --git a/crypto/perlasm/x86masm.pl b/crypto/perlasm/x86masm.pl
deleted file mode 100644
index f937d07c87..0000000000
--- a/crypto/perlasm/x86masm.pl
+++ /dev/null
@@ -1,198 +0,0 @@
-#!/usr/bin/env perl
-
-package x86masm;
-
-*out=\@::out;
-
-$::lbdecor="\$L";	# local label decoration
-$nmdecor="_";		# external name decoration
-
-$initseg="";
-$segment="";
-
-sub ::generic
-{ my ($opcode,@arg)=@_;
-
-    # fix hexadecimal constants
-    for (@arg) { s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/oi; }
-
-    if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/)	# no []
-    {	$opcode="mov";	}
-    elsif ($opcode !~ /movq/)
-    {	# fix xmm references
-	$arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[1]=~/\bxmm[0-7]\b/i);
-	$arg[1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i);
-    }
-
-    &::emit($opcode,@arg);
-  1;
-}
-#
-# opcodes not covered by ::generic above, mostly inconsistent namings...
-#
-sub ::call	{ &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
-sub ::call_ptr	{ &::emit("call",@_);	}
-sub ::jmp_ptr	{ &::emit("jmp",@_);	}
-sub ::lock	{ &::data_byte(0xf0);	}
-
-sub get_mem
-{ my($size,$addr,$reg1,$reg2,$idx)=@_;
-  my($post,$ret);
-
-    $ret .= "$size PTR " if ($size ne "");
-
-    $addr =~ s/^\s+//;
-    # prepend global references with optional underscore
-    $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige;
-    # put address arithmetic expression in parenthesis
-    $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
-
-    if (($addr ne "") && ($addr ne 0))
-    {	if ($addr !~ /^-/)	{ $ret .= "$addr";  }
-	else			{ $post=$addr;      }
-    }
-    $ret .= "[";
-
-    if ($reg2 ne "")
-    {	$idx!=0 or $idx=1;
-	$ret .= "$reg2*$idx";
-	$ret .= "+$reg1" if ($reg1 ne "");
-    }
-    else
-    {	$ret .= "$reg1";   }
-
-    $ret .= "$post]";
-    $ret =~ s/\+\]/]/; # in case $addr was the only argument
-    $ret =~ s/\[\s*\]//;
-
-  $ret;
-}
-sub ::BP	{ &get_mem("BYTE",@_);  }
-sub ::WP	{ &get_mem("WORD",@_);	}
-sub ::DWP	{ &get_mem("DWORD",@_); }
-sub ::QWP	{ &get_mem("QWORD",@_); }
-sub ::BC	{ "@_";  }
-sub ::DWC	{ "@_"; }
-
-sub ::file
-{ my $tmp=<<___;
-TITLE	$_[0].asm
-IF \@Version LT 800
-ECHO MASM version 8.00 or later is strongly recommended.
-ENDIF
-.486
-.MODEL	FLAT
-OPTION	DOTNAME
-IF \@Version LT 800
-.text\$	SEGMENT PAGE 'CODE'
-ELSE
-.text\$	SEGMENT ALIGN(64) 'CODE'
-ENDIF
-___
-    push(@out,$tmp);
-    $segment = ".text\$";
-}
-
-sub ::function_begin_B
-{ my $func=shift;
-  my $global=($func !~ /^_/);
-  my $begin="${::lbdecor}_${func}_begin";
-
-    &::LABEL($func,$global?"$begin":"$nmdecor$func");
-    $func="ALIGN\t16\n".$nmdecor.$func."\tPROC";
-
-    if ($global)    { $func.=" PUBLIC\n${begin}::\n"; }
-    else	    { $func.=" PRIVATE\n";            }
-    push(@out,$func);
-    $::stack=4;
-}
-sub ::function_end_B
-{ my $func=shift;
-
-    push(@out,"$nmdecor$func ENDP\n");
-    $::stack=0;
-    &::wipe_labels();
-}
-
-sub ::file_end
-{ my $xmmheader=<<___;
-.686
-.XMM
-IF \@Version LT 800
-XMMWORD STRUCT 16
-DQ	2 dup (?)
-XMMWORD	ENDS
-ENDIF
-___
-    if (grep {/\b[x]?mm[0-7]\b/i} @out) {
-	grep {s/\.[3-7]86/$xmmheader/} @out;
-    }
-
-    push(@out,"$segment	ENDS\n");
-
-    if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
-    {	my $comm=<<___;
-.bss	SEGMENT 'BSS'
-COMM	${nmdecor}OPENSSL_ia32cap_P:QWORD
-.bss	ENDS
-___
-	# comment out OPENSSL_ia32cap_P declarations
-	grep {s/(^EXTERN\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
-	push (@out,$comm);
-    }
-    push (@out,$initseg) if ($initseg);
-    push (@out,"END\n");
-}
-
-sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
-
-*::set_label_B = sub
-{ my $l=shift; push(@out,$l.($l=~/^\Q${::lbdecor}\E[0-9]{3}/?":\n":"::\n")); };
-
-sub ::external_label
-{   foreach(@_)
-    {	push(@out, "EXTERN\t".&::LABEL($_,$nmdecor.$_).":NEAR\n");   }
-}
-
-sub ::public_label
-{   push(@out,"PUBLIC\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");   }
-
-sub ::data_byte
-{   push(@out,("DB\t").join(',',@_)."\n");	}
-
-sub ::data_short
-{   push(@out,("DW\t").join(',',@_)."\n");	}
-
-sub ::data_word
-{   push(@out,("DD\t").join(',',@_)."\n");	}
-
-sub ::align
-{   push(@out,"ALIGN\t$_[0]\n");	}
-
-sub ::picmeup
-{ my($dst,$sym)=@_;
-    &::lea($dst,&::DWP($sym));
-}
-
-sub ::initseg
-{ my $f=$nmdecor.shift;
-
-    $initseg.=<<___;
-.CRT\$XCU	SEGMENT DWORD PUBLIC 'DATA'
-EXTERN	$f:NEAR
-DD	$f
-.CRT\$XCU	ENDS
-___
-}
-
-sub ::dataseg
-{   push(@out,"$segment\tENDS\n_DATA\tSEGMENT\n"); $segment="_DATA";   }
-
-sub ::safeseh
-{ my $nm=shift;
-    push(@out,"IF \@Version GE 710\n");
-    push(@out,".SAFESEH	".&::LABEL($nm,$nmdecor.$nm)."\n");
-    push(@out,"ENDIF\n");
-}
-
-1;
diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl
deleted file mode 100644
index ca2511c9eb..0000000000
--- a/crypto/perlasm/x86nasm.pl
+++ /dev/null
@@ -1,177 +0,0 @@
-#!/usr/bin/env perl
-
-package x86nasm;
-
-*out=\@::out;
-
-$::lbdecor="L\$";		# local label decoration
-$nmdecor=$::netware?"":"_";	# external name decoration
-$drdecor=$::mwerks?".":"";	# directive decoration
-
-$initseg="";
-
-sub ::generic
-{ my $opcode=shift;
-  my $tmp;
-
-    if (!$::mwerks)
-    {   if    ($opcode =~ m/^j/o && $#_==0) # optimize jumps
-	{   $_[0] = "NEAR $_[0]";   	}
-	elsif ($opcode eq "lea" && $#_==1)  # wipe storage qualifier from lea
-	{   $_[1] =~ s/^[^\[]*\[/\[/o;	}
-	elsif ($opcode eq "clflush" && $#_==0)
-	{   $_[0] =~ s/^[^\[]*\[/\[/o;	}
-    }
-    &::emit($opcode,@_);
-  1;
-}
-#
-# opcodes not covered by ::generic above, mostly inconsistent namings...
-#
-sub ::call	{ &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
-sub ::call_ptr	{ &::emit("call",@_);	}
-sub ::jmp_ptr	{ &::emit("jmp",@_);	}
-
-sub get_mem
-{ my($size,$addr,$reg1,$reg2,$idx)=@_;
-  my($post,$ret);
-
-    if ($size ne "")
-    {	$ret .= "$size";
-	$ret .= " PTR" if ($::mwerks);
-	$ret .= " ";
-    }
-    $ret .= "[";
-
-    $addr =~ s/^\s+//;
-    # prepend global references with optional underscore
-    $addr =~ s/^([^\+\-0-9][^\+\-]*)/::islabel($1) or "$nmdecor$1"/ige;
-    # put address arithmetic expression in parenthesis
-    $addr="($addr)" if ($addr =~ /^.+[\-\+].+$/);
-
-    if (($addr ne "") && ($addr ne 0))
-    {	if ($addr !~ /^-/)	{ $ret .= "$addr+"; }
-	else			{ $post=$addr;      }
-    }
-
-    if ($reg2 ne "")
-    {	$idx!=0 or $idx=1;
-	$ret .= "$reg2*$idx";
-	$ret .= "+$reg1" if ($reg1 ne "");
-    }
-    else
-    {	$ret .= "$reg1";   }
-
-    $ret .= "$post]";
-    $ret =~ s/\+\]/]/; # in case $addr was the only argument
-
-  $ret;
-}
-sub ::BP	{ &get_mem("BYTE",@_);  }
-sub ::DWP	{ &get_mem("DWORD",@_); }
-sub ::WP	{ &get_mem("WORD",@_);	}
-sub ::QWP	{ &get_mem("",@_);      }
-sub ::BC	{ (($::mwerks)?"":"BYTE ")."@_";  }
-sub ::DWC	{ (($::mwerks)?"":"DWORD ")."@_"; }
-
-sub ::file
-{   if ($::mwerks)	{ push(@out,".section\t.text,64\n"); }
-    else
-    { my $tmp=<<___;
-%ifidn __OUTPUT_FORMAT__,obj
-section	code	use32 class=code align=64
-%elifidn __OUTPUT_FORMAT__,win32
-\$\@feat.00 equ 1
-section	.text	code align=64
-%else
-section	.text	code
-%endif
-___
-	push(@out,$tmp);
-    }
-}
-
-sub ::function_begin_B
-{ my $func=shift;
-  my $global=($func !~ /^_/);
-  my $begin="${::lbdecor}_${func}_begin";
-
-    $begin =~ s/^\@/./ if ($::mwerks);	# the torture never stops
-
-    &::LABEL($func,$global?"$begin":"$nmdecor$func");
-    $func=$nmdecor.$func;
-
-    push(@out,"${drdecor}global	$func\n")	if ($global);
-    push(@out,"${drdecor}align	16\n");
-    push(@out,"$func:\n");
-    push(@out,"$begin:\n")			if ($global);
-    $::stack=4;
-}
-
-sub ::function_end_B
-{   $::stack=0;
-    &::wipe_labels();
-}
-
-sub ::file_end
-{   if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
-    {	my $comm=<<___;
-${drdecor}segment	.bss
-${drdecor}common	${nmdecor}OPENSSL_ia32cap_P 8
-___
-	# comment out OPENSSL_ia32cap_P declarations
-	grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
-	push (@out,$comm)
-    }
-    push (@out,$initseg) if ($initseg);		
-}
-
-sub ::comment {   foreach (@_) { push(@out,"\t; $_\n"); }   }
-
-sub ::external_label
-{   foreach(@_)
-    {	push(@out,"${drdecor}extern\t".&::LABEL($_,$nmdecor.$_)."\n");   }
-}
-
-sub ::public_label
-{   push(@out,"${drdecor}global\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");  }
-
-sub ::data_byte
-{   push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n");	}
-sub ::data_short
-{   push(@out,(($::mwerks)?".word\t":"dw\t").join(',',@_)."\n");	}
-sub ::data_word
-{   push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n");	}
-
-sub ::align
-{   push(@out,"${drdecor}align\t$_[0]\n");	}
-
-sub ::picmeup
-{ my($dst,$sym)=@_;
-    &::lea($dst,&::DWP($sym));
-}
-
-sub ::initseg
-{ my $f=$nmdecor.shift;
-    if ($::win32)
-    {	$initseg=<<___;
-segment	.CRT\$XCU data align=4
-extern	$f
-dd	$f
-___
-    }
-}
-
-sub ::dataseg
-{   if ($mwerks)	{ push(@out,".section\t.data,4\n");   }
-    else		{ push(@out,"section\t.data align=4\n"); }
-}
-
-sub ::safeseh
-{ my $nm=shift;
-    push(@out,"%if	__NASM_VERSION_ID__ >= 0x02030000\n");
-    push(@out,"safeseh	".&::LABEL($nm,$nmdecor.$nm)."\n");
-    push(@out,"%endif\n");
-}
-
-1;
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
deleted file mode 100644
index 27ac5facfa..0000000000
--- a/crypto/pkcs12/p12_add.c
+++ /dev/null
@@ -1,240 +0,0 @@
-/* p12_add.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Pack an object into an OCTET STRING and turn into a safebag */
-
-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
-	     int nid2)
-{
-	PKCS12_BAGS *bag;
-	PKCS12_SAFEBAG *safebag;
-	if (!(bag = PKCS12_BAGS_new())) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	bag->type = OBJ_nid2obj(nid1);
-	if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	if (!(safebag = PKCS12_SAFEBAG_new())) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	safebag->value.bag = bag;
-	safebag->type = OBJ_nid2obj(nid2);
-	return safebag;
-}
-
-/* Turn PKCS8 object into a keybag */
-
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
-{
-	PKCS12_SAFEBAG *bag;
-	if (!(bag = PKCS12_SAFEBAG_new())) {
-		PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	bag->type = OBJ_nid2obj(NID_keyBag);
-	bag->value.keybag = p8;
-	return bag;
-}
-
-/* Turn PKCS8 object into a shrouded keybag */
-
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
-	     int passlen, unsigned char *salt, int saltlen, int iter,
-	     PKCS8_PRIV_KEY_INFO *p8)
-{
-	PKCS12_SAFEBAG *bag;
-	const EVP_CIPHER *pbe_ciph;
-
-	/* Set up the safe bag */
-	if (!(bag = PKCS12_SAFEBAG_new())) {
-		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
-
-	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
-
-	if (pbe_ciph)
-		pbe_nid = -1;
-
-	if (!(bag->value.shkeybag = 
-	  PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
-									 p8))) {
-		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	return bag;
-}
-
-/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
-{
-	PKCS7 *p7;
-	if (!(p7 = PKCS7_new())) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	p7->type = OBJ_nid2obj(NID_pkcs7_data);
-	if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	
-	if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
-		return NULL;
-	}
-	return p7;
-}
-
-/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
-{
-	if(!PKCS7_type_is_data(p7))
-		{
-		PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
-		return NULL;
-		}
-	return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
-}
-
-/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
-
-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
-			      unsigned char *salt, int saltlen, int iter,
-			      STACK_OF(PKCS12_SAFEBAG) *bags)
-{
-	PKCS7 *p7;
-	X509_ALGOR *pbe;
-	const EVP_CIPHER *pbe_ciph;
-	if (!(p7 = PKCS7_new())) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
-				PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
-		return NULL;
-	}
-
-	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
-
-	if (pbe_ciph)
-		pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
-	else
-		pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
-
-	if (!pbe) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
-	p7->d.encrypted->enc_data->algorithm = pbe;
-	M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
-	if (!(p7->d.encrypted->enc_data->enc_data =
-	PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
-				 bags, 1))) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
-		return NULL;
-	}
-
-	return p7;
-}
-
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
-{
-	if(!PKCS7_type_is_encrypted(p7)) return NULL;
-	return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
-			           ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
-				   pass, passlen,
-			           p7->d.encrypted->enc_data->enc_data, 1);
-}
-
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
-								int passlen)
-{
-	return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
-}
-
-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) 
-{
-	if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
-		&p12->authsafes->d.data)) 
-			return 1;
-	return 0;
-}
-
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
-{
-	if (!PKCS7_type_is_data(p12->authsafes))
-		{
-		PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
-		return NULL;
-		}
-	return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
-}
diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c
deleted file mode 100644
index 6e27633817..0000000000
--- a/crypto/pkcs12/p12_asn.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/* p12_asn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pkcs12.h>
-
-/* PKCS#12 ASN1 module */
-
-ASN1_SEQUENCE(PKCS12) = {
-	ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
-	ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
-} ASN1_SEQUENCE_END(PKCS12)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
-
-ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
-	ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
-	ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
-	ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
-
-ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
-
-ASN1_ADB(PKCS12_BAGS) = {
-	ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
-	ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
-	ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
-} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
-
-ASN1_SEQUENCE(PKCS12_BAGS) = {
-	ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(PKCS12_BAGS),
-} ASN1_SEQUENCE_END(PKCS12_BAGS)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
-
-ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
-
-ASN1_ADB(PKCS12_SAFEBAG) = {
-	ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
-	ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
-	ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
-	ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
-	ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
-	ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
-} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
-
-ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
-	ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
-	ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
-} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
-
-/* SEQUENCE OF SafeBag */
-ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
-ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
-
-/* Authsafes: SEQUENCE OF PKCS7 */
-ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
-ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
-
diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c
deleted file mode 100644
index e4d9c25647..0000000000
--- a/crypto/pkcs12/p12_attr.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/* p12_attr.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Add a local keyid to a safebag */
-
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
-	     int namelen)
-{
-	if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
-				V_ASN1_OCTET_STRING, name, namelen))
-		return 1;
-	else 
-		return 0;
-}
-
-/* Add key usage to PKCS#8 structure */
-
-int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
-{
-	unsigned char us_val;
-	us_val = (unsigned char) usage;
-	if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
-				V_ASN1_BIT_STRING, &us_val, 1))
-		return 1;
-	else
-		return 0;
-}
-
-/* Add a friendlyname to a safebag */
-
-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
-				 int namelen)
-{
-	if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
-				MBSTRING_ASC, (unsigned char *)name, namelen))
-		return 1;
-	else
-		return 0;
-}
-
-
-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
-				 const unsigned char *name, int namelen)
-{
-	if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
-				MBSTRING_BMP, name, namelen))
-		return 1;
-	else
-		return 0;
-}
-
-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
-				 int namelen)
-{
-	if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
-				MBSTRING_ASC, (unsigned char *)name, namelen))
-		return 1;
-	else
-		return 0;
-}
-
-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
-{
-	X509_ATTRIBUTE *attrib;
-	int i;
-	if (!attrs) return NULL;
-	for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
-		attrib = sk_X509_ATTRIBUTE_value (attrs, i);
-		if (OBJ_obj2nid (attrib->object) == attr_nid) {
-			if (sk_ASN1_TYPE_num (attrib->value.set))
-			    return sk_ASN1_TYPE_value(attrib->value.set, 0);
-			else return NULL;
-		}
-	}
-	return NULL;
-}
-
-char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
-{
-	ASN1_TYPE *atype;
-	if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
-	if (atype->type != V_ASN1_BMPSTRING) return NULL;
-	return OPENSSL_uni2asc(atype->value.bmpstring->data,
-				 atype->value.bmpstring->length);
-}
-
diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
deleted file mode 100644
index b71d07b4d0..0000000000
--- a/crypto/pkcs12/p12_crpt.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/* p12_crpt.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* PKCS#12 PBE algorithms now in static table */
-
-void PKCS12_PBE_add(void)
-{
-}
-
-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-		ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
-{
-	PBEPARAM *pbe;
-	int saltlen, iter, ret;
-	unsigned char *salt;
-	const unsigned char *pbuf;
-	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-
-	/* Extract useful info from parameter */
-	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-	    param->value.sequence == NULL) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
-		return 0;
-	}
-
-	pbuf = param->value.sequence->data;
-	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
-		return 0;
-	}
-
-	if (!pbe->iter) iter = 1;
-	else iter = ASN1_INTEGER_get (pbe->iter);
-	salt = pbe->salt->data;
-	saltlen = pbe->salt->length;
-	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
-			     iter, EVP_CIPHER_key_length(cipher), key, md)) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
-		PBEPARAM_free(pbe);
-		return 0;
-	}
-	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
-				iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
-		PBEPARAM_free(pbe);
-		return 0;
-	}
-	PBEPARAM_free(pbe);
-	ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
-	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
-	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
-	return ret;
-}
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
deleted file mode 100644
index 35e8a4a8d4..0000000000
--- a/crypto/pkcs12/p12_crt.c
+++ /dev/null
@@ -1,374 +0,0 @@
-/* p12_crt.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-
-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
-
-static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
-	{
-	int idx;
-	X509_ATTRIBUTE *attr;
-	idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
-	if (idx < 0)
-		return 1;
-	attr = EVP_PKEY_get_attr(pkey, idx);
-	if (!X509at_add1_attr(&bag->attrib, attr))
-		return 0;
-	return 1;
-	}
-
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-	     STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
-	     int keytype)
-{
-	PKCS12 *p12 = NULL;
-	STACK_OF(PKCS7) *safes = NULL;
-	STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
-	PKCS12_SAFEBAG *bag = NULL;
-	int i;
-	unsigned char keyid[EVP_MAX_MD_SIZE];
-	unsigned int keyidlen = 0;
-
-	/* Set defaults */
-	if (!nid_cert)
-		{
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-		else
-#endif
-#ifdef OPENSSL_NO_RC2
-		nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-#else
-		nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
-#endif
-		}
-	if (!nid_key)
-		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-	if (!iter)
-		iter = PKCS12_DEFAULT_ITER;
-	if (!mac_iter)
-		mac_iter = 1;
-
-	if(!pkey && !cert && !ca)
-		{
-		PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
-		return NULL;
-		}
-
-	if (pkey && cert)
-		{
-		if(!X509_check_private_key(cert, pkey))
-			return NULL;
-		X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
-		}
-
-	if (cert)
-		{
-		bag = PKCS12_add_cert(&bags, cert);
-		if(name && !PKCS12_add_friendlyname(bag, name, -1))
-			goto err;
-		if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-			goto err;
-		}
-
-	/* Add all other certificates */
-	for(i = 0; i < sk_X509_num(ca); i++)
-		{
-		if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
-			goto err;
-		}
-
-	if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
-			goto err;
-
-	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	bags = NULL;
-
-	if (pkey)
-		{
-		bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
-
-		if (!bag)
-			goto err;
-
-		if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
-			goto err;
-		if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
-			goto err;
-
-		if(name && !PKCS12_add_friendlyname(bag, name, -1))
-			goto err;
-		if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-			goto err;
-		}
-
-	if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
-			goto err;
-
-	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	bags = NULL;
-
-	p12 = PKCS12_add_safes(safes, 0);
-
-	if (!p12)
-		goto err;
-
-	sk_PKCS7_pop_free(safes, PKCS7_free);
-
-	safes = NULL;
-
-	if ((mac_iter != -1) &&
-		!PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
-	    goto err;
-
-	return p12;
-
-	err:
-
-	if (p12)
-		PKCS12_free(p12);
-	if (safes)
-		sk_PKCS7_pop_free(safes, PKCS7_free);
-	if (bags)
-		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	return NULL;
-
-}
-
-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
-	{
-	PKCS12_SAFEBAG *bag = NULL;
-	char *name;
-	int namelen = -1;
-	unsigned char *keyid;
-	int keyidlen = -1;
-
-	/* Add user certificate */
-	if(!(bag = PKCS12_x5092certbag(cert)))
-		goto err;
-
-	/* Use friendlyName and localKeyID in certificate.
-	 * (if present)
-	 */
-
-	name = (char *)X509_alias_get0(cert, &namelen);
-
-	if(name && !PKCS12_add_friendlyname(bag, name, namelen))
-		goto err;
-
-	keyid = X509_keyid_get0(cert, &keyidlen);
-
-	if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-		goto err;
-
-	if (!pkcs12_add_bag(pbags, bag))
-		goto err;
-
-	return bag;
-
-	err:
-
-	if (bag)
-		PKCS12_SAFEBAG_free(bag);
-
-	return NULL;
-
-	}
-
-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
-						int key_usage, int iter,
-						int nid_key, char *pass)
-	{
-
-	PKCS12_SAFEBAG *bag = NULL;
-	PKCS8_PRIV_KEY_INFO *p8 = NULL;
-
-	/* Make a PKCS#8 structure */
-	if(!(p8 = EVP_PKEY2PKCS8(key)))
-		goto err;
-	if(key_usage && !PKCS8_add_keyusage(p8, key_usage))
-		goto err;
-	if (nid_key != -1)
-		{
-		bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
-		PKCS8_PRIV_KEY_INFO_free(p8);
-		}
-	else
-		bag = PKCS12_MAKE_KEYBAG(p8);
-
-	if(!bag)
-		goto err;
-
-	if (!pkcs12_add_bag(pbags, bag))
-		goto err;
-
-	return bag;
-
-	err:
-
-	if (bag)
-		PKCS12_SAFEBAG_free(bag);
-
-	return NULL;
-
-	}
-
-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
-						int nid_safe, int iter, char *pass)
-	{
-	PKCS7 *p7 = NULL;
-	int free_safes = 0;
-
-	if (!*psafes)
-		{
-		*psafes = sk_PKCS7_new_null();
-		if (!*psafes)
-			return 0;
-		free_safes = 1;
-		}
-	else
-		free_safes = 0;
-
-	if (nid_safe == 0)
-#ifdef OPENSSL_NO_RC2
-		nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-#else
-		nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
-#endif
-
-	if (nid_safe == -1)
-		p7 = PKCS12_pack_p7data(bags);
-	else
-		p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
-					  iter, bags);
-	if (!p7)
-		goto err;
-
-	if (!sk_PKCS7_push(*psafes, p7))
-		goto err;
-
-	return 1;
-
-	err:
-	if (free_safes)
-		{
-		sk_PKCS7_free(*psafes);
-		*psafes = NULL;
-		}
-
-	if (p7)
-		PKCS7_free(p7);
-
-	return 0;
-
-	}
-
-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
-	{
-	int free_bags;
-	if (!pbags)
-		return 1;
-	if (!*pbags)
-		{
-		*pbags = sk_PKCS12_SAFEBAG_new_null();
-		if (!*pbags)
-			return 0;
-		free_bags = 1;
-		}
-	else 
-		free_bags = 0;
-
-	if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))
-		{
-		if (free_bags)
-			{
-			sk_PKCS12_SAFEBAG_free(*pbags);
-			*pbags = NULL;
-			}
-		return 0;
-		}
-
-	return 1;
-
-	}
-		
-
-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
-	{
-	PKCS12 *p12;
-	if (nid_p7 <= 0)
-		nid_p7 = NID_pkcs7_data;
-	p12 = PKCS12_init(nid_p7);
-
-	if (!p12)
-		return NULL;
-
-	if(!PKCS12_pack_authsafes(p12, safes))
-		{
-		PKCS12_free(p12);
-		return NULL;
-		}
-
-	return p12;
-
-	}
diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
deleted file mode 100644
index 9d3557e8d7..0000000000
--- a/crypto/pkcs12/p12_decr.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/* p12_decr.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Define this to dump decrypted output to files called DERnnn */
-/*#define DEBUG_DECRYPT*/
-
-
-/* Encrypt/Decrypt a buffer based on password and algor, result in a
- * OPENSSL_malloc'ed buffer
- */
-
-unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
-	     int passlen, unsigned char *in, int inlen, unsigned char **data,
-	     int *datalen, int en_de)
-{
-	unsigned char *out;
-	int outlen, i;
-	EVP_CIPHER_CTX ctx;
-
-	EVP_CIPHER_CTX_init(&ctx);
-	/* Decrypt data */
-        if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
-					 algor->parameter, &ctx, en_de)) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
-		return NULL;
-	}
-
-	if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen))
-		{
-		OPENSSL_free(out);
-		out = NULL;
-		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_EVP_LIB);
-		goto err;
-		}
-
-	outlen = i;
-	if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
-		OPENSSL_free(out);
-		out = NULL;
-		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
-		goto err;
-	}
-	outlen += i;
-	if (datalen) *datalen = outlen;
-	if (data) *data = out;
-	err:
-	EVP_CIPHER_CTX_cleanup(&ctx);
-	return out;
-
-}
-
-/* Decrypt an OCTET STRING and decode ASN1 structure 
- * if zbuf set zero buffer after use.
- */
-
-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
-	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
-{
-	unsigned char *out;
-	const unsigned char *p;
-	void *ret;
-	int outlen;
-
-	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
-			       &out, &outlen, 0)) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
-		return NULL;
-	}
-	p = out;
-#ifdef DEBUG_DECRYPT
-	{
-		FILE *op;
-
-		char fname[30];
-		static int fnm = 1;
-		sprintf(fname, "DER%d", fnm++);
-		op = fopen(fname, "wb");
-		fwrite (p, 1, outlen, op);
-		fclose(op);
-	}
-#endif
-	ret = ASN1_item_d2i(NULL, &p, outlen, it);
-	if (zbuf) OPENSSL_cleanse(out, outlen);
-	if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
-	OPENSSL_free(out);
-	return ret;
-}
-
-/* Encode ASN1 structure and encrypt, return OCTET STRING 
- * if zbuf set zero encoding.
- */
-
-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
-				       const char *pass, int passlen,
-				       void *obj, int zbuf)
-{
-	ASN1_OCTET_STRING *oct;
-	unsigned char *in = NULL;
-	int inlen;
-	if (!(oct = M_ASN1_OCTET_STRING_new ())) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	inlen = ASN1_item_i2d(obj, &in, it);
-	if (!in) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
-		return NULL;
-	}
-	if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
-				 &oct->length, 1)) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
-		OPENSSL_free(in);
-		return NULL;
-	}
-	if (zbuf) OPENSSL_cleanse(in, inlen);
-	OPENSSL_free(in);
-	return oct;
-}
-
-IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c
deleted file mode 100644
index d4d84b056a..0000000000
--- a/crypto/pkcs12/p12_init.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/* p12_init.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Initialise a PKCS12 structure to take data */
-
-PKCS12 *PKCS12_init(int mode)
-{
-	PKCS12 *pkcs12;
-	if (!(pkcs12 = PKCS12_new())) {
-		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	ASN1_INTEGER_set(pkcs12->version, 3);
-	pkcs12->authsafes->type = OBJ_nid2obj(mode);
-	switch (mode) {
-		case NID_pkcs7_data:
-			if (!(pkcs12->authsafes->d.data =
-				 M_ASN1_OCTET_STRING_new())) {
-			PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		break;
-		default:
-			PKCS12err(PKCS12_F_PKCS12_INIT,
-				PKCS12_R_UNSUPPORTED_PKCS12_MODE);
-			goto err;
-	}
-		
-	return pkcs12;
-err:
-	if (pkcs12 != NULL) PKCS12_free(pkcs12);
-	return NULL;
-}
diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
deleted file mode 100644
index 61d58502fd..0000000000
--- a/crypto/pkcs12/p12_key.c
+++ /dev/null
@@ -1,227 +0,0 @@
-/* p12_key.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-#include <openssl/bn.h>
-
-/* Uncomment out this line to get debugging info about key generation */
-/*#define DEBUG_KEYGEN*/
-#ifdef DEBUG_KEYGEN
-#include <openssl/bio.h>
-extern BIO *bio_err;
-void h__dump (unsigned char *p, int len);
-#endif
-
-/* PKCS12 compatible key/IV generation */
-#ifndef min
-#define min(a,b) ((a) < (b) ? (a) : (b))
-#endif
-
-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
-	     int saltlen, int id, int iter, int n, unsigned char *out,
-	     const EVP_MD *md_type)
-{
-	int ret;
-	unsigned char *unipass;
-	int uniplen;
-
-	if(!pass) {
-		unipass = NULL;
-		uniplen = 0;
-	} else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
-		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
-						 id, iter, n, out, md_type);
-	if (ret <= 0)
-	    return 0;
-	if(unipass) {
-		OPENSSL_cleanse(unipass, uniplen);	/* Clear password from memory */
-		OPENSSL_free(unipass);
-	}
-	return ret;
-}
-
-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
-	     int saltlen, int id, int iter, int n, unsigned char *out,
-	     const EVP_MD *md_type)
-{
-	unsigned char *B, *D, *I, *p, *Ai;
-	int Slen, Plen, Ilen, Ijlen;
-	int i, j, u, v;
-	int ret = 0;
-	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */
-	EVP_MD_CTX ctx;
-#ifdef  DEBUG_KEYGEN
-	unsigned char *tmpout = out;
-	int tmpn = n;
-#endif
-
-#if 0
-	if (!pass) {
-		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-	}
-#endif
-
-	EVP_MD_CTX_init(&ctx);
-#ifdef  DEBUG_KEYGEN
-	fprintf(stderr, "KEYGEN DEBUG\n");
-	fprintf(stderr, "ID %d, ITER %d\n", id, iter);
-	fprintf(stderr, "Password (length %d):\n", passlen);
-	h__dump(pass, passlen);
-	fprintf(stderr, "Salt (length %d):\n", saltlen);
-	h__dump(salt, saltlen);
-#endif
-	v = EVP_MD_block_size (md_type);
-	u = EVP_MD_size (md_type);
-	if (u < 0)
-	    return 0;
-	D = OPENSSL_malloc (v);
-	Ai = OPENSSL_malloc (u);
-	B = OPENSSL_malloc (v + 1);
-	Slen = v * ((saltlen+v-1)/v);
-	if(passlen) Plen = v * ((passlen+v-1)/v);
-	else Plen = 0;
-	Ilen = Slen + Plen;
-	I = OPENSSL_malloc (Ilen);
-	Ij = BN_new();
-	Bpl1 = BN_new();
-	if (!D || !Ai || !B || !I || !Ij || !Bpl1)
-		goto err;
-	for (i = 0; i < v; i++) D[i] = id;
-	p = I;
-	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
-	for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
-	for (;;) {
-		if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
-			|| !EVP_DigestUpdate(&ctx, D, v)
-			|| !EVP_DigestUpdate(&ctx, I, Ilen)
-			|| !EVP_DigestFinal_ex(&ctx, Ai, NULL))
-			goto err;
-		for (j = 1; j < iter; j++) {
-			if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
-				|| !EVP_DigestUpdate(&ctx, Ai, u)
-				|| !EVP_DigestFinal_ex(&ctx, Ai, NULL))
-			goto err;
-		}
-		memcpy (out, Ai, min (n, u));
-		if (u >= n) {
-#ifdef DEBUG_KEYGEN
-			fprintf(stderr, "Output KEY (length %d)\n", tmpn);
-			h__dump(tmpout, tmpn);
-#endif
-			ret = 1;
-			goto end;
-		}
-		n -= u;
-		out += u;
-		for (j = 0; j < v; j++) B[j] = Ai[j % u];
-		/* Work out B + 1 first then can use B as tmp space */
-		if (!BN_bin2bn (B, v, Bpl1))
-			goto err;
-		if (!BN_add_word (Bpl1, 1))
-			goto err;
-		for (j = 0; j < Ilen ; j+=v) {
-			if (!BN_bin2bn(I + j, v, Ij))
-				goto err;
-			if (!BN_add(Ij, Ij, Bpl1))
-				goto err;
-			if (!BN_bn2bin(Ij, B))
-				goto err;
-			Ijlen = BN_num_bytes (Ij);
-			/* If more than 2^(v*8) - 1 cut off MSB */
-			if (Ijlen > v) {
-				if (!BN_bn2bin (Ij, B))
-					goto err;
-				memcpy (I + j, B + 1, v);
-#ifndef PKCS12_BROKEN_KEYGEN
-			/* If less than v bytes pad with zeroes */
-			} else if (Ijlen < v) {
-				memset(I + j, 0, v - Ijlen);
-				if (!BN_bn2bin(Ij, I + j + v - Ijlen))
-					goto err;
-#endif
-			} else if (!BN_bn2bin (Ij, I + j))
-				goto err;
-		}
-	}
-
-err:
-	PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
-
-end:
-	OPENSSL_free (Ai);
-	OPENSSL_free (B);
-	OPENSSL_free (D);
-	OPENSSL_free (I);
-	BN_free (Ij);
-	BN_free (Bpl1);
-	EVP_MD_CTX_cleanup(&ctx);
-	return ret;
-}
-#ifdef DEBUG_KEYGEN
-void h__dump (unsigned char *p, int len)
-{
-	for (; len --; p++) fprintf(stderr, "%02X", *p);
-	fprintf(stderr, "\n");	
-}
-#endif
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
deleted file mode 100644
index c9b7ab61d1..0000000000
--- a/crypto/pkcs12/p12_kiss.c
+++ /dev/null
@@ -1,302 +0,0 @@
-/* p12_kiss.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Simplified PKCS#12 routines */
-
-static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
-		EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
-
-static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-		       int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
-
-static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-			EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
-
-/* Parse and decrypt a PKCS#12 structure returning user key, user cert
- * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
- * or it should point to a valid STACK structure. pkey and cert can be
- * passed unitialised.
- */
-
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
-	     STACK_OF(X509) **ca)
-{
-	STACK_OF(X509) *ocerts = NULL;
-	X509 *x = NULL;
-	/* Check for NULL PKCS12 structure */
-
-	if(!p12)
-		{
-		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
-		return 0;
-		}
-
-	if(pkey)
-		*pkey = NULL;
-	if(cert)
-		*cert = NULL;
-
-	/* Check the mac */
-
-	/* If password is zero length or NULL then try verifying both cases
-	 * to determine which password is correct. The reason for this is that
-	 * under PKCS#12 password based encryption no password and a zero length
-	 * password are two different things...
-	 */
-
-	if(!pass || !*pass) {
-		if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL;
-		else if(PKCS12_verify_mac(p12, "", 0)) pass = "";
-		else {
-			PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
-			goto err;
-		}
-	} else if (!PKCS12_verify_mac(p12, pass, -1)) {
-		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
-		goto err;
-	}
-
-	/* Allocate stack for other certificates */
-	ocerts = sk_X509_new_null();
-
-	if (!ocerts)
-		{
-		PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	if (!parse_pk12 (p12, pass, -1, pkey, ocerts))
-		{
-		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
-		goto err;
-		}
-
-	while ((x = sk_X509_pop(ocerts)))
-		{
-		if (pkey && *pkey && cert && !*cert)
-			{
-			if (X509_check_private_key(x, *pkey))
-				{
-				*cert = x;
-				x = NULL;
-				}
-			}
-
-		if (ca && x)
-			{
-			if (!*ca)
-				*ca = sk_X509_new_null();
-			if (!*ca)
-				goto err;
-			if (!sk_X509_push(*ca, x))
-				goto err;
-			x = NULL;
-			}
-		if (x)
-			X509_free(x);
-		}
-
-	if (ocerts)
-		sk_X509_pop_free(ocerts, X509_free);
-
-	return 1;
-
- err:
-
-	if (pkey && *pkey)
-		EVP_PKEY_free(*pkey);
-	if (cert && *cert)
-		X509_free(*cert);
-	if (x)
-		X509_free(x);
-	if (ocerts)
-		sk_X509_pop_free(ocerts, X509_free);
-	return 0;
-
-}
-
-/* Parse the outer PKCS#12 structure */
-
-static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
-	     EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
-{
-	STACK_OF(PKCS7) *asafes;
-	STACK_OF(PKCS12_SAFEBAG) *bags;
-	int i, bagnid;
-	PKCS7 *p7;
-
-	if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
-	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
-		p7 = sk_PKCS7_value (asafes, i);
-		bagnid = OBJ_obj2nid (p7->type);
-		if (bagnid == NID_pkcs7_data) {
-			bags = PKCS12_unpack_p7data(p7);
-		} else if (bagnid == NID_pkcs7_encrypted) {
-			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
-		} else continue;
-		if (!bags) {
-			sk_PKCS7_pop_free(asafes, PKCS7_free);
-			return 0;
-		}
-	    	if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
-			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-			sk_PKCS7_pop_free(asafes, PKCS7_free);
-			return 0;
-		}
-		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	}
-	sk_PKCS7_pop_free(asafes, PKCS7_free);
-	return 1;
-}
-
-
-static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-		      int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
-{
-	int i;
-	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
-		if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
-				 pass, passlen, pkey, ocerts))
-			return 0;
-	}
-	return 1;
-}
-
-static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-		     EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
-{
-	PKCS8_PRIV_KEY_INFO *p8;
-	X509 *x509;
-	ASN1_TYPE *attrib;
-	ASN1_BMPSTRING *fname = NULL;
-	ASN1_OCTET_STRING *lkid = NULL;
-
-	if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
-		fname = attrib->value.bmpstring;
-
-	if ((attrib = PKCS12_get_attr (bag, NID_localKeyID)))
-		lkid = attrib->value.octet_string;
-
-	switch (M_PKCS12_bag_type(bag))
-	{
-	case NID_keyBag:
-		if (!pkey || *pkey)
-			return 1;	
-		if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
-			return 0;
-	break;
-
-	case NID_pkcs8ShroudedKeyBag:
-		if (!pkey || *pkey)
-			return 1;	
-		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
-				return 0;
-		*pkey = EVP_PKCS82PKEY(p8);
-		PKCS8_PRIV_KEY_INFO_free(p8);
-		if (!(*pkey)) return 0;
-	break;
-
-	case NID_certBag:
-		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
-			return 1;
-		if (!(x509 = PKCS12_certbag2x509(bag)))
-			return 0;
-		if(lkid && !X509_keyid_set1(x509, lkid->data, lkid->length))
-			{
-			X509_free(x509);
-			return 0;
-			}
-		if(fname) {
-			int len, r;
-			unsigned char *data;
-			len = ASN1_STRING_to_UTF8(&data, fname);
-			if(len >= 0) {
-				r = X509_alias_set1(x509, data, len);
-				OPENSSL_free(data);
-				if (!r)
-					{
-					X509_free(x509);
-					return 0;
-					}
-			}
-		}
-
-		if(!sk_X509_push(ocerts, x509))
-			{
-			X509_free(x509);
-			return 0;
-			}
-
-	break;
-
-	case NID_safeContentsBag:
-		return parse_bags(bag->value.safes, pass, passlen,
-			 		pkey, ocerts);
-	break;
-
-	default:
-		return 1;
-	break;
-	}
-	return 1;
-}
-
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
deleted file mode 100644
index 96de1bd11e..0000000000
--- a/crypto/pkcs12/p12_mutl.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/* p12_mutl.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef OPENSSL_NO_HMAC
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/hmac.h>
-#include <openssl/rand.h>
-#include <openssl/pkcs12.h>
-
-/* Generate a MAC */
-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
-		   unsigned char *mac, unsigned int *maclen)
-{
-	const EVP_MD *md_type;
-	HMAC_CTX hmac;
-	unsigned char key[EVP_MAX_MD_SIZE], *salt;
-	int saltlen, iter;
-	int md_size;
-
-	if (!PKCS7_type_is_data(p12->authsafes))
-		{
-		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
-		return 0;
-		}
-
-	salt = p12->mac->salt->data;
-	saltlen = p12->mac->salt->length;
-	if (!p12->mac->iter) iter = 1;
-	else iter = ASN1_INTEGER_get (p12->mac->iter);
-    	if(!(md_type =
-		 EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {
-		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
-		return 0;
-	}
-	md_size = EVP_MD_size(md_type);
-	if (md_size < 0)
-	    return 0;
-	if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
-				 md_size, key, md_type)) {
-		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
-		return 0;
-	}
-	HMAC_CTX_init(&hmac);
-	if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL)
-    		|| !HMAC_Update(&hmac, p12->authsafes->d.data->data,
-					 p12->authsafes->d.data->length)
-    		|| !HMAC_Final(&hmac, mac, maclen))
-		{
-    		HMAC_CTX_cleanup(&hmac);
-		return 0;
-		}
-    	HMAC_CTX_cleanup(&hmac);
-	return 1;
-}
-
-/* Verify the mac */
-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
-{
-	unsigned char mac[EVP_MAX_MD_SIZE];
-	unsigned int maclen;
-	if(p12->mac == NULL) {
-		PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
-		return 0;
-	}
-	if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
-		PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
-		return 0;
-	}
-	if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
-	|| memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
-	return 1;
-}
-
-/* Set a mac */
-
-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
-	     unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
-{
-	unsigned char mac[EVP_MAX_MD_SIZE];
-	unsigned int maclen;
-
-	if (!md_type) md_type = EVP_sha1();
-	if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==
-				 	PKCS12_ERROR) {
-		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);
-		return 0;
-	}
-	if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
-		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
-		return 0;
-	}
-	if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
-		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
-						return 0;
-	}
-	return 1;
-}
-
-/* Set up a mac structure */
-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
-	     const EVP_MD *md_type)
-{
-	if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
-	if (iter > 1) {
-		if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
-			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
-			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-	}
-	if (!saltlen) saltlen = PKCS12_SALT_LEN;
-	p12->mac->salt->length = saltlen;
-	if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
-		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	if (!salt) {
-		if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
-			return 0;
-	}
-	else memcpy (p12->mac->salt->data, salt, saltlen);
-	p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
-	if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
-		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
-	
-	return 1;
-}
-#endif
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
deleted file mode 100644
index 2f71355150..0000000000
--- a/crypto/pkcs12/p12_npas.c
+++ /dev/null
@@ -1,225 +0,0 @@
-/* p12_npas.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/pkcs12.h>
-
-/* PKCS#12 password change routine */
-
-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
-			char *newpass);
-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
-static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
-
-/* 
- * Change the password on a PKCS#12 structure.
- */
-
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
-{
-	/* Check for NULL PKCS12 structure */
-
-	if(!p12) {
-		PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
-		return 0;
-	}
-
-	/* Check the mac */
-	
-	if (!PKCS12_verify_mac(p12, oldpass, -1)) {
-		PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
-		return 0;
-	}
-
-	if (!newpass_p12(p12, oldpass, newpass)) {
-		PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
-		return 0;
-	}
-
-	return 1;
-}
-
-/* Parse the outer PKCS#12 structure */
-
-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
-{
-	STACK_OF(PKCS7) *asafes, *newsafes;
-	STACK_OF(PKCS12_SAFEBAG) *bags;
-	int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
-	PKCS7 *p7, *p7new;
-	ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
-	unsigned char mac[EVP_MAX_MD_SIZE];
-	unsigned int maclen;
-
-	if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0;
-	if(!(newsafes = sk_PKCS7_new_null())) return 0;
-	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
-		p7 = sk_PKCS7_value(asafes, i);
-		bagnid = OBJ_obj2nid(p7->type);
-		if (bagnid == NID_pkcs7_data) {
-			bags = PKCS12_unpack_p7data(p7);
-		} else if (bagnid == NID_pkcs7_encrypted) {
-			bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
-			if (!alg_get(p7->d.encrypted->enc_data->algorithm,
-				&pbe_nid, &pbe_iter, &pbe_saltlen))
-				{
-				sk_PKCS12_SAFEBAG_pop_free(bags,
-						PKCS12_SAFEBAG_free);
-				bags = NULL;
-				}
-		} else continue;
-		if (!bags) {
-			sk_PKCS7_pop_free(asafes, PKCS7_free);
-			return 0;
-		}
-	    	if (!newpass_bags(bags, oldpass, newpass)) {
-			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-			sk_PKCS7_pop_free(asafes, PKCS7_free);
-			return 0;
-		}
-		/* Repack bag in same form with new password */
-		if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
-		else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
-						 pbe_saltlen, pbe_iter, bags);
-		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-		if(!p7new) {
-			sk_PKCS7_pop_free(asafes, PKCS7_free);
-			return 0;
-		}
-		sk_PKCS7_push(newsafes, p7new);
-	}
-	sk_PKCS7_pop_free(asafes, PKCS7_free);
-
-	/* Repack safe: save old safe in case of error */
-
-	p12_data_tmp = p12->authsafes->d.data;
-	if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
-	if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
-
-	if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
-	if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
-	if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;
-	ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
-	p12->mac->dinfo->digest = macnew;
-	ASN1_OCTET_STRING_free(p12_data_tmp);
-
-	return 1;
-
-	saferr:
-	/* Restore old safe */
-	ASN1_OCTET_STRING_free(p12->authsafes->d.data);
-	ASN1_OCTET_STRING_free(macnew);
-	p12->authsafes->d.data = p12_data_tmp;
-	return 0;
-
-}
-
-
-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
-			char *newpass)
-{
-	int i;
-	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
-		if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
-				 oldpass, newpass))
-		    return 0;
-	}
-	return 1;
-}
-
-/* Change password of safebag: only needs handle shrouded keybags */
-
-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
-{
-	PKCS8_PRIV_KEY_INFO *p8;
-	X509_SIG *p8new;
-	int p8_nid, p8_saltlen, p8_iter;
-
-	if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
-
-	if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
-	if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
-							&p8_saltlen))
-		return 0;
-	if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
-						     p8_iter, p8))) return 0;
-	X509_SIG_free(bag->value.shkeybag);
-	bag->value.shkeybag = p8new;
-	return 1;
-}
-
-static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
-{
-        PBEPARAM *pbe;
-        const unsigned char *p;
-
-        p = alg->parameter->value.sequence->data;
-        pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
-	if (!pbe)
-		return 0;
-        *pnid = OBJ_obj2nid(alg->algorithm);
-	*piter = ASN1_INTEGER_get(pbe->iter);
-	*psaltlen = pbe->salt->length;
-        PBEPARAM_free(pbe);
-        return 1;
-}
diff --git a/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c
deleted file mode 100644
index deba81e4a9..0000000000
--- a/crypto/pkcs12/p12_p8d.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* p12_p8d.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
-{
-	return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
-					passlen, p8->digest, 1);
-}
-
diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
deleted file mode 100644
index bf20a77b4c..0000000000
--- a/crypto/pkcs12/p12_p8e.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* p12_p8e.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
-			 const char *pass, int passlen,
-			 unsigned char *salt, int saltlen, int iter,
-						PKCS8_PRIV_KEY_INFO *p8inf)
-{
-	X509_SIG *p8 = NULL;
-	X509_ALGOR *pbe;
-
-	if (!(p8 = X509_SIG_new())) {
-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
-	else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
-	if(!pbe) {
-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
-		goto err;
-	}
-	X509_ALGOR_free(p8->algor);
-	p8->algor = pbe;
-	M_ASN1_OCTET_STRING_free(p8->digest);
-	p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
-					pass, passlen, p8inf, 1);
-	if(!p8->digest) {
-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
-		goto err;
-	}
-
-	return p8;
-
-	err:
-	X509_SIG_free(p8);
-	return NULL;
-}
diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
deleted file mode 100644
index 59c6f453f6..0000000000
--- a/crypto/pkcs12/p12_utl.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/* p12_utl.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Cheap and nasty Unicode stuff */
-
-unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
-{
-	int ulen, i;
-	unsigned char *unitmp;
-	if (asclen == -1) asclen = strlen(asc);
-	ulen = asclen*2  + 2;
-	if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
-	for (i = 0; i < ulen - 2; i+=2) {
-		unitmp[i] = 0;
-		unitmp[i + 1] = asc[i>>1];
-	}
-	/* Make result double null terminated */
-	unitmp[ulen - 2] = 0;
-	unitmp[ulen - 1] = 0;
-	if (unilen) *unilen = ulen;
-	if (uni) *uni = unitmp;
-	return unitmp;
-}
-
-char *OPENSSL_uni2asc(unsigned char *uni, int unilen)
-{
-	int asclen, i;
-	char *asctmp;
-	asclen = unilen / 2;
-	/* If no terminating zero allow for one */
-	if (!unilen || uni[unilen - 1]) asclen++;
-	uni++;
-	if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
-	for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
-	asctmp[asclen - 1] = 0;
-	return asctmp;
-}
-
-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
-{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
-{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
-}
-#endif
-
-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
-{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
-}
-#ifndef OPENSSL_NO_FP_API
-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
-{
-        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
-}
-#endif
-
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
-{
-	return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
-			NID_x509Certificate, NID_certBag);
-}
-
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
-{
-	return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
-			NID_x509Crl, NID_crlBag);
-}
-
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
-{
-	if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL;
-	if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL;
-	return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509));
-}
-
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
-{
-	if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL;
-	if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL;
-	return ASN1_item_unpack(bag->value.bag->value.octet,
-							ASN1_ITEM_rptr(X509_CRL));
-}
diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
deleted file mode 100644
index f6ddf2df12..0000000000
--- a/crypto/pkcs12/pk12err.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/* crypto/pkcs12/pk12err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/pkcs12.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
-
-static ERR_STRING_DATA PKCS12_str_functs[]=
-	{
-{ERR_FUNC(PKCS12_F_PARSE_BAG),	"PARSE_BAG"},
-{ERR_FUNC(PKCS12_F_PARSE_BAGS),	"PARSE_BAGS"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME),	"PKCS12_ADD_FRIENDLYNAME"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC),	"PKCS12_add_friendlyname_asc"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI),	"PKCS12_add_friendlyname_uni"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID),	"PKCS12_add_localkeyid"},
-{ERR_FUNC(PKCS12_F_PKCS12_CREATE),	"PKCS12_create"},
-{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC),	"PKCS12_gen_mac"},
-{ERR_FUNC(PKCS12_F_PKCS12_INIT),	"PKCS12_init"},
-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I),	"PKCS12_item_decrypt_d2i"},
-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT),	"PKCS12_item_i2d_encrypt"},
-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG),	"PKCS12_item_pack_safebag"},
-{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC),	"PKCS12_key_gen_asc"},
-{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI),	"PKCS12_key_gen_uni"},
-{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG),	"PKCS12_MAKE_KEYBAG"},
-{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG),	"PKCS12_MAKE_SHKEYBAG"},
-{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS),	"PKCS12_newpass"},
-{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA),	"PKCS12_pack_p7data"},
-{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA),	"PKCS12_pack_p7encdata"},
-{ERR_FUNC(PKCS12_F_PKCS12_PARSE),	"PKCS12_parse"},
-{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT),	"PKCS12_pbe_crypt"},
-{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN),	"PKCS12_PBE_keyivgen"},
-{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC),	"PKCS12_setup_mac"},
-{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC),	"PKCS12_set_mac"},
-{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES),	"PKCS12_unpack_authsafes"},
-{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA),	"PKCS12_unpack_p7data"},
-{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC),	"PKCS12_verify_mac"},
-{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE),	"PKCS8_add_keyusage"},
-{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT),	"PKCS8_encrypt"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA PKCS12_str_reasons[]=
-	{
-{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
-{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},
-{ERR_REASON(PKCS12_R_DECODE_ERROR)       ,"decode error"},
-{ERR_REASON(PKCS12_R_ENCODE_ERROR)       ,"encode error"},
-{ERR_REASON(PKCS12_R_ENCRYPT_ERROR)      ,"encrypt error"},
-{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"},
-{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
-{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"},
-{ERR_REASON(PKCS12_R_IV_GEN_ERROR)       ,"iv gen error"},
-{ERR_REASON(PKCS12_R_KEY_GEN_ERROR)      ,"key gen error"},
-{ERR_REASON(PKCS12_R_MAC_ABSENT)         ,"mac absent"},
-{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"},
-{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR)    ,"mac setup error"},
-{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"},
-{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR)   ,"mac verify error"},
-{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"},
-{ERR_REASON(PKCS12_R_PARSE_ERROR)        ,"parse error"},
-{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"},
-{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"},
-{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"},
-{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"},
-{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_PKCS12_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,PKCS12_str_functs);
-		ERR_load_strings(0,PKCS12_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h
deleted file mode 100644
index b17eb9f42b..0000000000
--- a/crypto/pkcs12/pkcs12.h
+++ /dev/null
@@ -1,331 +0,0 @@
-/* pkcs12.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_PKCS12_H
-#define HEADER_PKCS12_H
-
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define PKCS12_KEY_ID	1
-#define PKCS12_IV_ID	2
-#define PKCS12_MAC_ID	3
-
-/* Default iteration count */
-#ifndef PKCS12_DEFAULT_ITER
-#define PKCS12_DEFAULT_ITER	PKCS5_DEFAULT_ITER
-#endif
-
-#define PKCS12_MAC_KEY_LENGTH 20
-
-#define PKCS12_SALT_LEN	8
-
-/* Uncomment out next line for unicode password and names, otherwise ASCII */
-
-/*#define PBE_UNICODE*/
-
-#ifdef PBE_UNICODE
-#define PKCS12_key_gen PKCS12_key_gen_uni
-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
-#else
-#define PKCS12_key_gen PKCS12_key_gen_asc
-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
-#endif
-
-/* MS key usage constants */
-
-#define KEY_EX	0x10
-#define KEY_SIG 0x80
-
-typedef struct {
-X509_SIG *dinfo;
-ASN1_OCTET_STRING *salt;
-ASN1_INTEGER *iter;	/* defaults to 1 */
-} PKCS12_MAC_DATA;
-
-typedef struct {
-ASN1_INTEGER *version;
-PKCS12_MAC_DATA *mac;
-PKCS7 *authsafes;
-} PKCS12;
-
-typedef struct {
-ASN1_OBJECT *type;
-union {
-	struct pkcs12_bag_st *bag; /* secret, crl and certbag */
-	struct pkcs8_priv_key_info_st	*keybag; /* keybag */
-	X509_SIG *shkeybag; /* shrouded key bag */
-	STACK_OF(PKCS12_SAFEBAG) *safes;
-	ASN1_TYPE *other;
-}value;
-STACK_OF(X509_ATTRIBUTE) *attrib;
-} PKCS12_SAFEBAG;
-
-DECLARE_STACK_OF(PKCS12_SAFEBAG)
-DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
-DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
-
-typedef struct pkcs12_bag_st {
-ASN1_OBJECT *type;
-union {
-	ASN1_OCTET_STRING *x509cert;
-	ASN1_OCTET_STRING *x509crl;
-	ASN1_OCTET_STRING *octet;
-	ASN1_IA5STRING *sdsicert;
-	ASN1_TYPE *other; /* Secret or other bag */
-}value;
-} PKCS12_BAGS;
-
-#define PKCS12_ERROR	0
-#define PKCS12_OK	1
-
-/* Compatibility macros */
-
-#define M_PKCS12_x5092certbag PKCS12_x5092certbag
-#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
-
-#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
-#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl 
-
-#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
-#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
-#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
-#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
-
-#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
-#define M_PKCS8_decrypt PKCS8_decrypt
-
-#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
-#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
-#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
-
-#define PKCS12_get_attr(bag, attr_nid) \
-			 PKCS12_get_attr_gen(bag->attrib, attr_nid)
-
-#define PKCS8_get_attr(p8, attr_nid) \
-		PKCS12_get_attr_gen(p8->attributes, attr_nid)
-
-#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
-
-
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
-
-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
-	     int nid2);
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
-								int passlen);
-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 
-			const char *pass, int passlen,
-			unsigned char *salt, int saltlen, int iter,
-			PKCS8_PRIV_KEY_INFO *p8);
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
-				     int passlen, unsigned char *salt,
-				     int saltlen, int iter,
-				     PKCS8_PRIV_KEY_INFO *p8);
-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
-			     unsigned char *salt, int saltlen, int iter,
-			     STACK_OF(PKCS12_SAFEBAG) *bags);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);
-
-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
-
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
-				int namelen);
-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
-				int namelen);
-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
-				int namelen);
-int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
-char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
-unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
-				int passlen, unsigned char *in, int inlen,
-				unsigned char **data, int *datalen, int en_de);
-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
-	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
-				       const char *pass, int passlen,
-				       void *obj, int zbuf);
-PKCS12 *PKCS12_init(int mode);
-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
-		       int saltlen, int id, int iter, int n,
-		       unsigned char *out, const EVP_MD *md_type);
-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
-			 int en_de);
-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
-			 unsigned char *mac, unsigned int *maclen);
-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
-		   unsigned char *salt, int saltlen, int iter,
-		   const EVP_MD *md_type);
-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
-					 int saltlen, const EVP_MD *md_type);
-unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
-char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
-
-DECLARE_ASN1_FUNCTIONS(PKCS12)
-DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
-DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
-DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
-
-DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
-DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
-
-void PKCS12_PBE_add(void);
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
-		 STACK_OF(X509) **ca);
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-			 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
-						 int mac_iter, int keytype);
-
-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
-						int key_usage, int iter,
-						int key_nid, char *pass);
-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
-					int safe_nid, int iter, char *pass);
-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
-
-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PKCS12_strings(void);
-
-/* Error codes for the PKCS12 functions. */
-
-/* Function codes. */
-#define PKCS12_F_PARSE_BAG				 129
-#define PKCS12_F_PARSE_BAGS				 103
-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME		 100
-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC		 127
-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI		 102
-#define PKCS12_F_PKCS12_ADD_LOCALKEYID			 104
-#define PKCS12_F_PKCS12_CREATE				 105
-#define PKCS12_F_PKCS12_GEN_MAC				 107
-#define PKCS12_F_PKCS12_INIT				 109
-#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I		 106
-#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT		 108
-#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG		 117
-#define PKCS12_F_PKCS12_KEY_GEN_ASC			 110
-#define PKCS12_F_PKCS12_KEY_GEN_UNI			 111
-#define PKCS12_F_PKCS12_MAKE_KEYBAG			 112
-#define PKCS12_F_PKCS12_MAKE_SHKEYBAG			 113
-#define PKCS12_F_PKCS12_NEWPASS				 128
-#define PKCS12_F_PKCS12_PACK_P7DATA			 114
-#define PKCS12_F_PKCS12_PACK_P7ENCDATA			 115
-#define PKCS12_F_PKCS12_PARSE				 118
-#define PKCS12_F_PKCS12_PBE_CRYPT			 119
-#define PKCS12_F_PKCS12_PBE_KEYIVGEN			 120
-#define PKCS12_F_PKCS12_SETUP_MAC			 122
-#define PKCS12_F_PKCS12_SET_MAC				 123
-#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES		 130
-#define PKCS12_F_PKCS12_UNPACK_P7DATA			 131
-#define PKCS12_F_PKCS12_VERIFY_MAC			 126
-#define PKCS12_F_PKCS8_ADD_KEYUSAGE			 124
-#define PKCS12_F_PKCS8_ENCRYPT				 125
-
-/* Reason codes. */
-#define PKCS12_R_CANT_PACK_STRUCTURE			 100
-#define PKCS12_R_CONTENT_TYPE_NOT_DATA			 121
-#define PKCS12_R_DECODE_ERROR				 101
-#define PKCS12_R_ENCODE_ERROR				 102
-#define PKCS12_R_ENCRYPT_ERROR				 103
-#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE	 120
-#define PKCS12_R_INVALID_NULL_ARGUMENT			 104
-#define PKCS12_R_INVALID_NULL_PKCS12_POINTER		 105
-#define PKCS12_R_IV_GEN_ERROR				 106
-#define PKCS12_R_KEY_GEN_ERROR				 107
-#define PKCS12_R_MAC_ABSENT				 108
-#define PKCS12_R_MAC_GENERATION_ERROR			 109
-#define PKCS12_R_MAC_SETUP_ERROR			 110
-#define PKCS12_R_MAC_STRING_SET_ERROR			 111
-#define PKCS12_R_MAC_VERIFY_ERROR			 112
-#define PKCS12_R_MAC_VERIFY_FAILURE			 113
-#define PKCS12_R_PARSE_ERROR				 114
-#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR		 115
-#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR		 116
-#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR			 117
-#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM		 118
-#define PKCS12_R_UNSUPPORTED_PKCS12_MODE		 119
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c
deleted file mode 100644
index b7ec2883cb..0000000000
--- a/crypto/pkcs7/pk7_asn1.c
+++ /dev/null
@@ -1,247 +0,0 @@
-/* pk7_asn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pkcs7.h>
-#include <openssl/x509.h>
-
-/* PKCS#7 ASN1 module */
-
-/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
-
-ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
-
-ASN1_ADB(PKCS7) = {
-	ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
-	ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
-	ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
-	ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
-	ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
-	ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
-} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
-
-/* PKCS#7 streaming support */
-static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
-{
-	ASN1_STREAM_ARG *sarg = exarg;
-	PKCS7 **pp7 = (PKCS7 **)pval;
-
-	switch(operation)
-		{
-
-		case ASN1_OP_STREAM_PRE:
-		if (PKCS7_stream(&sarg->boundary, *pp7) <= 0)
-			return 0;
-		case ASN1_OP_DETACHED_PRE:
-		sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out);
-		if (!sarg->ndef_bio)
-			return 0;
-		break;
-
-		case ASN1_OP_STREAM_POST:
-		case ASN1_OP_DETACHED_POST:
-		if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0)
-			return 0;
-		break;
-
-		}
-	return 1;
-}
-
-ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = {
-	ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(PKCS7)
-}ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
-IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)
-IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
-
-ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
-	ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
-	ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
-	ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
-	ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
-	ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
-	ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
-
-/* Minor tweak to operation: free up EVP_PKEY */
-static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
-{
-	if(operation == ASN1_OP_FREE_POST) {
-		PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
-		EVP_PKEY_free(si->pkey);
-	}
-	return 1;
-}
-
-ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
-	/* NB this should be a SET OF but we use a SEQUENCE OF so the
-	 * original order * is retained when the structure is reencoded.
-	 * Since the attributes are implicitly tagged this will not affect
-	 * the encoding.
-	 */
-	ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
-	ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
-} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
-
-ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
-	ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
-	ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
-
-ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
-	ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
-	ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
-	ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
-
-/* Minor tweak to operation: free up X509 */
-static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-								void *exarg)
-{
-	if(operation == ASN1_OP_FREE_POST) {
-		PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
-		X509_free(ri->cert);
-	}
-	return 1;
-}
-
-ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
-	ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
-	ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
-	ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
-
-ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {
-	ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
-	ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
-	ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
-
-ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
-	ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
-	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
-	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
-	ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
-	ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
-	ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
-	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
-
-ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = {
-	ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
-
-ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = {
-	ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
-	ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
-	ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
-
-/* Specials for authenticated attributes */
-
-/* When signing attributes we want to reorder them to match the sorted
- * encoding.
- */
-
-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
-ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
-
-/* When verifying attributes we need to use the received order. So 
- * we use SEQUENCE OF and tag it to SET OF
- */
-
-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
-				V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
-ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
-
-IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7)
diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
deleted file mode 100644
index a97db51210..0000000000
--- a/crypto/pkcs7/pk7_attr.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/* pk7_attr.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs7.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-
-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
-{
-	ASN1_STRING *seq;
-	if(!(seq = ASN1_STRING_new())) {
-		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	seq->length = ASN1_item_i2d((ASN1_VALUE *)cap,&seq->data,
-				ASN1_ITEM_rptr(X509_ALGORS));
-        return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
-							V_ASN1_SEQUENCE, seq);
-}
-
-STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
-	{
-	ASN1_TYPE *cap;
-	const unsigned char *p;
-
-	cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
-	if (!cap || (cap->type != V_ASN1_SEQUENCE))
-		return NULL;
-	p = cap->value.sequence->data;
-	return (STACK_OF(X509_ALGOR) *)
-		ASN1_item_d2i(NULL, &p, cap->value.sequence->length,
-				ASN1_ITEM_rptr(X509_ALGORS));
-	}
-
-/* Basic smime-capabilities OID and optional integer arg */
-int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
-{
-	X509_ALGOR *alg;
-
-	if(!(alg = X509_ALGOR_new())) {
-		PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	ASN1_OBJECT_free(alg->algorithm);
-	alg->algorithm = OBJ_nid2obj (nid);
-	if (arg > 0) {
-		ASN1_INTEGER *nbit;
-		if(!(alg->parameter = ASN1_TYPE_new())) {
-			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		if(!(nbit = ASN1_INTEGER_new())) {
-			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		if(!ASN1_INTEGER_set (nbit, arg)) {
-			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		alg->parameter->value.integer = nbit;
-		alg->parameter->type = V_ASN1_INTEGER;
-	}
-	sk_X509_ALGOR_push (sk, alg);
-	return 1;
-}
-
-int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
-	{
-	if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType))
-		return 0;
-	if (!coid)
-		coid = OBJ_nid2obj(NID_pkcs7_data);
-	return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
-				V_ASN1_OBJECT, coid);
-	}
-
-int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
-	{
-	if (!t && !(t=X509_gmtime_adj(NULL,0)))
-		{
-		PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,
-				ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
-						V_ASN1_UTCTIME, t);
-	}
-
-int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
-				const unsigned char *md, int mdlen)
-	{
-	ASN1_OCTET_STRING *os;
-	os = ASN1_OCTET_STRING_new();
-	if (!os)
-		return 0;
-	if (!ASN1_STRING_set(os, md, mdlen)
-		|| !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest,
-						V_ASN1_OCTET_STRING, os))
-		{
-		ASN1_OCTET_STRING_free(os);
-		return 0;
-		}
-	return 1;
-	}
diff --git a/crypto/pkcs7/pk7_dgst.c b/crypto/pkcs7/pk7_dgst.c
deleted file mode 100644
index 90edfa5001..0000000000
--- a/crypto/pkcs7/pk7_dgst.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/* crypto/pkcs7/pk7_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
deleted file mode 100644
index d91aa116a9..0000000000
--- a/crypto/pkcs7/pk7_doit.c
+++ /dev/null
@@ -1,1305 +0,0 @@
-/* crypto/pkcs7/pk7_doit.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-
-static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
-			 void *value);
-static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
-
-static int PKCS7_type_is_other(PKCS7* p7)
-	{
-	int isOther=1;
-	
-	int nid=OBJ_obj2nid(p7->type);
-
-	switch( nid )
-		{
-	case NID_pkcs7_data:
-	case NID_pkcs7_signed:
-	case NID_pkcs7_enveloped:
-	case NID_pkcs7_signedAndEnveloped:
-	case NID_pkcs7_digest:
-	case NID_pkcs7_encrypted:
-		isOther=0;
-		break;
-	default:
-		isOther=1;
-		}
-
-	return isOther;
-
-	}
-
-static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
-	{
-	if ( PKCS7_type_is_data(p7))
-		return p7->d.data;
-	if ( PKCS7_type_is_other(p7) && p7->d.other
-		&& (p7->d.other->type == V_ASN1_OCTET_STRING))
-		return p7->d.other->value.octet_string;
-	return NULL;
-	}
-
-static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
-	{
-	BIO *btmp;
-	const EVP_MD *md;
-	if ((btmp=BIO_new(BIO_f_md())) == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
-		goto err;
-		}
-
-	md=EVP_get_digestbyobj(alg->algorithm);
-	if (md == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE);
-		goto err;
-		}
-
-	BIO_set_md(btmp,md);
-	if (*pbio == NULL)
-		*pbio=btmp;
-	else if (!BIO_push(*pbio,btmp))
-		{
-		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
-		goto err;
-		}
-	btmp=NULL;
-
-	return 1;
-
-	err:
-	if (btmp)
-		BIO_free(btmp);
-	return 0;
-
-	}
-
-static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
-					unsigned char *key, int keylen)
-	{
-	EVP_PKEY_CTX *pctx = NULL;
-	EVP_PKEY *pkey = NULL;
-	unsigned char *ek = NULL;
-	int ret = 0;
-	size_t eklen;
-
-	pkey = X509_get_pubkey(ri->cert);
-
-	if (!pkey)
-		return 0;
-
-	pctx = EVP_PKEY_CTX_new(pkey, NULL);
-	if (!pctx)
-		return 0;
-
-	if (EVP_PKEY_encrypt_init(pctx) <= 0)
-		goto err;
-
-	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
-				EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0)
-		{
-		PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
-		goto err;
-		}
-
-	if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
-		goto err;
-
-	ek = OPENSSL_malloc(eklen);
-
-	if (ek == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
-		goto err;
-
-	ASN1_STRING_set0(ri->enc_key, ek, eklen);
-	ek = NULL;
-
-	ret = 1;
-
-	err:
-	if (pkey)
-		EVP_PKEY_free(pkey);
-	if (pctx)
-		EVP_PKEY_CTX_free(pctx);
-	if (ek)
-		OPENSSL_free(ek);
-	return ret;
-
-	}
-
-
-static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
-			       PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
-	{
-	EVP_PKEY_CTX *pctx = NULL;
-	unsigned char *ek = NULL;
-	size_t eklen;
-
-	int ret = -1;
-
-	pctx = EVP_PKEY_CTX_new(pkey, NULL);
-	if (!pctx)
-		return -1;
-
-	if (EVP_PKEY_decrypt_init(pctx) <= 0)
-		goto err;
-
-	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
-				EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0)
-		{
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
-		goto err;
-		}
-
-	if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
-				ri->enc_key->data, ri->enc_key->length) <= 0)
-		goto err;
-
-	ek = OPENSSL_malloc(eklen);
-
-	if (ek == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (EVP_PKEY_decrypt(pctx, ek, &eklen,
-				ri->enc_key->data, ri->enc_key->length) <= 0)
-		{
-		ret = 0;
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
-		goto err;
-		}
-
-	ret = 1;
-
-	if (*pek)
-		{
-		OPENSSL_cleanse(*pek, *peklen);
-		OPENSSL_free(*pek);
-		}
-
-	*pek = ek;
-	*peklen = eklen;
-
-	err:
-	if (pctx)
-		EVP_PKEY_CTX_free(pctx);
-	if (!ret && ek)
-		OPENSSL_free(ek);
-
-	return ret;
-	}
-
-BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
-	{
-	int i;
-	BIO *out=NULL,*btmp=NULL;
-	X509_ALGOR *xa = NULL;
-	const EVP_CIPHER *evp_cipher=NULL;
-	STACK_OF(X509_ALGOR) *md_sk=NULL;
-	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
-	X509_ALGOR *xalg=NULL;
-	PKCS7_RECIP_INFO *ri=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-
-	i=OBJ_obj2nid(p7->type);
-	p7->state=PKCS7_S_HEADER;
-
-	switch (i)
-		{
-	case NID_pkcs7_signed:
-		md_sk=p7->d.sign->md_algs;
-		os = PKCS7_get_octet_string(p7->d.sign->contents);
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		rsk=p7->d.signed_and_enveloped->recipientinfo;
-		md_sk=p7->d.signed_and_enveloped->md_algs;
-		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
-		evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
-		if (evp_cipher == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-						PKCS7_R_CIPHER_NOT_INITIALIZED);
-			goto err;
-			}
-		break;
-	case NID_pkcs7_enveloped:
-		rsk=p7->d.enveloped->recipientinfo;
-		xalg=p7->d.enveloped->enc_data->algorithm;
-		evp_cipher=p7->d.enveloped->enc_data->cipher;
-		if (evp_cipher == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-						PKCS7_R_CIPHER_NOT_INITIALIZED);
-			goto err;
-			}
-		break;
-	case NID_pkcs7_digest:
-		xa = p7->d.digest->md;
-		os = PKCS7_get_octet_string(p7->d.digest->contents);
-		break;
-	case NID_pkcs7_data:
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-	        goto err;
-		}
-
-	for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
-		if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
-			goto err;
-
-	if (xa && !PKCS7_bio_add_digest(&out, xa))
-			goto err;
-
-	if (evp_cipher != NULL)
-		{
-		unsigned char key[EVP_MAX_KEY_LENGTH];
-		unsigned char iv[EVP_MAX_IV_LENGTH];
-		int keylen,ivlen;
-		EVP_CIPHER_CTX *ctx;
-
-		if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
-			goto err;
-			}
-		BIO_get_cipher_ctx(btmp, &ctx);
-		keylen=EVP_CIPHER_key_length(evp_cipher);
-		ivlen=EVP_CIPHER_iv_length(evp_cipher);
-		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
-		if (ivlen > 0)
-			if (RAND_pseudo_bytes(iv,ivlen) <= 0)
-				goto err;
-		if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0)
-			goto err;
-		if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
-			goto err;
-		if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
-			goto err;
-
-		if (ivlen > 0) {
-			if (xalg->parameter == NULL) {
-				xalg->parameter = ASN1_TYPE_new();
-				if (xalg->parameter == NULL)
-					goto err;
-			}
-			if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
-				goto err;
-		}
-
-		/* Lets do the pub key stuff :-) */
-		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-			{
-			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-			if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
-				goto err;
-			}
-		OPENSSL_cleanse(key, keylen);
-
-		if (out == NULL)
-			out=btmp;
-		else
-			BIO_push(out,btmp);
-		btmp=NULL;
-		}
-
-	if (bio == NULL)
-		{
-		if (PKCS7_is_detached(p7))
-			bio=BIO_new(BIO_s_null());
-		else if (os && os->length > 0)
-			bio = BIO_new_mem_buf(os->data, os->length);
-		if(bio == NULL)
-			{
-			bio=BIO_new(BIO_s_mem());
-			if (bio == NULL)
-				goto err;
-			BIO_set_mem_eof_return(bio,0);
-			}
-		}
-	if (out)
-		BIO_push(out,bio);
-	else
-		out = bio;
-	bio=NULL;
-	if (0)
-		{
-err:
-		if (out != NULL)
-			BIO_free_all(out);
-		if (btmp != NULL)
-			BIO_free_all(btmp);
-		out=NULL;
-		}
-	return(out);
-	}
-
-static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
-	{
-	int ret;
-	ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
-				pcert->cert_info->issuer);
-	if (ret)
-		return ret;
-	return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
-					ri->issuer_and_serial->serial);
-	}
-
-/* int */
-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
-	{
-	int i,j;
-	BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
-	X509_ALGOR *xa;
-	ASN1_OCTET_STRING *data_body=NULL;
-	const EVP_MD *evp_md;
-	const EVP_CIPHER *evp_cipher=NULL;
-	EVP_CIPHER_CTX *evp_ctx=NULL;
-	X509_ALGOR *enc_alg=NULL;
-	STACK_OF(X509_ALGOR) *md_sk=NULL;
-	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
-	PKCS7_RECIP_INFO *ri=NULL;
-       unsigned char *ek = NULL, *tkey = NULL;
-       int eklen = 0, tkeylen = 0;
-
-	i=OBJ_obj2nid(p7->type);
-	p7->state=PKCS7_S_HEADER;
-
-	switch (i)
-		{
-	case NID_pkcs7_signed:
-		data_body=PKCS7_get_octet_string(p7->d.sign->contents);
-		if (!PKCS7_is_detached(p7) && data_body == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_INVALID_SIGNED_DATA_TYPE);
-			goto err;
-			}
-		md_sk=p7->d.sign->md_algs;
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		rsk=p7->d.signed_and_enveloped->recipientinfo;
-		md_sk=p7->d.signed_and_enveloped->md_algs;
-		data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
-		enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
-		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
-		if (evp_cipher == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
-			goto err;
-			}
-		break;
-	case NID_pkcs7_enveloped:
-		rsk=p7->d.enveloped->recipientinfo;
-		enc_alg=p7->d.enveloped->enc_data->algorithm;
-		data_body=p7->d.enveloped->enc_data->enc_data;
-		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
-		if (evp_cipher == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
-			goto err;
-			}
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-	        goto err;
-		}
-
-	/* We will be checking the signature */
-	if (md_sk != NULL)
-		{
-		for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
-			{
-			xa=sk_X509_ALGOR_value(md_sk,i);
-			if ((btmp=BIO_new(BIO_f_md())) == NULL)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
-				goto err;
-				}
-
-			j=OBJ_obj2nid(xa->algorithm);
-			evp_md=EVP_get_digestbynid(j);
-			if (evp_md == NULL)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
-				goto err;
-				}
-
-			BIO_set_md(btmp,evp_md);
-			if (out == NULL)
-				out=btmp;
-			else
-				BIO_push(out,btmp);
-			btmp=NULL;
-			}
-		}
-
-	if (evp_cipher != NULL)
-		{
-#if 0
-		unsigned char key[EVP_MAX_KEY_LENGTH];
-		unsigned char iv[EVP_MAX_IV_LENGTH];
-		unsigned char *p;
-		int keylen,ivlen;
-		int max;
-		X509_OBJECT ret;
-#endif
-
-		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
-			goto err;
-			}
-
-		/* It was encrypted, we need to decrypt the secret key
-		 * with the private key */
-
-		/* Find the recipientInfo which matches the passed certificate
-		 * (if any)
-		 */
-
-		if (pcert)
-			{
-			for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-				{
-				ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-				if (!pkcs7_cmp_ri(ri, pcert))
-					break;
-				ri=NULL;
-				}
-			if (ri == NULL)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-				      PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
-				goto err;
-				}
-			}
-
-		/* If we haven't got a certificate try each ri in turn */
-		if (pcert == NULL)
-			{
-			/* Always attempt to decrypt all rinfo even
-			 * after sucess as a defence against MMA timing
-			 * attacks.
-			 */
-			for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-				{
-				ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-				
-				if (pkcs7_decrypt_rinfo(&ek, &eklen,
-							ri, pkey) < 0)
-					goto err;
-				ERR_clear_error();
-				}
-			}
-		else
-			{
-			/* Only exit on fatal errors, not decrypt failure */
-			if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
-				goto err;
-			ERR_clear_error();
-			}
-
-		evp_ctx=NULL;
-		BIO_get_cipher_ctx(etmp,&evp_ctx);
-		if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0)
-			goto err;
-		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
-			goto err;
-		/* Generate random key as MMA defence */
-		tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
-		tkey = OPENSSL_malloc(tkeylen);
-		if (!tkey)
-			goto err;
-		if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
-			goto err;
-		if (ek == NULL)
-			{
-			ek = tkey;
-			eklen = tkeylen;
-			tkey = NULL;
-			}
-
-		if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
-			/* Some S/MIME clients don't use the same key
-			 * and effective key length. The key length is
-			 * determined by the size of the decrypted RSA key.
-			 */
-			if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen))
-				{
-				/* Use random key as MMA defence */
-				OPENSSL_cleanse(ek, eklen);
-				OPENSSL_free(ek);
-				ek = tkey;
-				eklen = tkeylen;
-				tkey = NULL;
-				}
-		} 
-		/* Clear errors so we don't leak information useful in MMA */
-		ERR_clear_error();
-		if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0)
-			goto err;
-
-		if (ek)
-			{
-			OPENSSL_cleanse(ek,eklen);
-			OPENSSL_free(ek);
-                       ek = NULL;
-			}
-		if (tkey)
-			{
-			OPENSSL_cleanse(tkey,tkeylen);
-			OPENSSL_free(tkey);
-                       tkey = NULL;
-			}
-
-		if (out == NULL)
-			out=etmp;
-		else
-			BIO_push(out,etmp);
-		etmp=NULL;
-		}
-
-#if 1
-	if (PKCS7_is_detached(p7) || (in_bio != NULL))
-		{
-		bio=in_bio;
-		}
-	else 
-		{
-#if 0
-		bio=BIO_new(BIO_s_mem());
-		/* We need to set this so that when we have read all
-		 * the data, the encrypt BIO, if present, will read
-		 * EOF and encode the last few bytes */
-		BIO_set_mem_eof_return(bio,0);
-
-		if (data_body->length > 0)
-			BIO_write(bio,(char *)data_body->data,data_body->length);
-#else
-		if (data_body->length > 0)
-		      bio = BIO_new_mem_buf(data_body->data,data_body->length);
-		else {
-			bio=BIO_new(BIO_s_mem());
-			BIO_set_mem_eof_return(bio,0);
-		}
-		if (bio == NULL)
-			goto err;
-#endif
-		}
-	BIO_push(out,bio);
-	bio=NULL;
-#endif
-	if (0)
-		{
-err:
-               if (ek)
-                       {
-                       OPENSSL_cleanse(ek,eklen);
-                       OPENSSL_free(ek);
-                       }
-               if (tkey)
-                       {
-                       OPENSSL_cleanse(tkey,tkeylen);
-                       OPENSSL_free(tkey);
-                       }
-		if (out != NULL) BIO_free_all(out);
-		if (btmp != NULL) BIO_free_all(btmp);
-		if (etmp != NULL) BIO_free_all(etmp);
-		if (bio != NULL) BIO_free_all(bio);
-		out=NULL;
-		}
-	return(out);
-	}
-
-static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
-	{
-	for (;;)
-		{
-		bio=BIO_find_type(bio,BIO_TYPE_MD);
-		if (bio == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-			return NULL;	
-			}
-		BIO_get_md_ctx(bio,pmd);
-		if (*pmd == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR);
-			return NULL;
-			}	
-		if (EVP_MD_CTX_type(*pmd) == nid)
-			return bio;
-		bio=BIO_next(bio);
-		}
-	return NULL;
-	}
-
-static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
-	{
-	unsigned char md_data[EVP_MAX_MD_SIZE];
-	unsigned int md_len;
-
-	/* Add signing time if not already present */
-	if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime))
-		{
-		if (!PKCS7_add0_attrib_signing_time(si, NULL))
-			{
-			PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB,
-					ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		}
-
-	/* Add digest */
-	if (!EVP_DigestFinal_ex(mctx, md_data,&md_len))
-		{
-		PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
-		return 0;
-		}
-	if (!PKCS7_add1_attrib_digest(si, md_data, md_len))
-		{
-		PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	/* Now sign the attributes */
-	if (!PKCS7_SIGNER_INFO_sign(si))
-			return 0;
-
-	return 1;
-	}
-	
-				
-int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
-	{
-	int ret=0;
-	int i,j;
-	BIO *btmp;
-	PKCS7_SIGNER_INFO *si;
-	EVP_MD_CTX *mdc,ctx_tmp;
-	STACK_OF(X509_ATTRIBUTE) *sk;
-	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-
-	EVP_MD_CTX_init(&ctx_tmp);
-	i=OBJ_obj2nid(p7->type);
-	p7->state=PKCS7_S_HEADER;
-
-	switch (i)
-		{
-	case NID_pkcs7_data:
-		os = p7->d.data;
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		/* XXXXXXXXXXXXXXXX */
-		si_sk=p7->d.signed_and_enveloped->signer_info;
-		os = p7->d.signed_and_enveloped->enc_data->enc_data;
-		if (!os)
-			{
-			os=M_ASN1_OCTET_STRING_new();
-			if (!os)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			p7->d.signed_and_enveloped->enc_data->enc_data=os;
-			}
-		break;
-	case NID_pkcs7_enveloped:
-		/* XXXXXXXXXXXXXXXX */
-		os = p7->d.enveloped->enc_data->enc_data;
-		if (!os)
-			{
-			os=M_ASN1_OCTET_STRING_new();
-			if (!os)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			p7->d.enveloped->enc_data->enc_data=os;
-			}
-		break;
-	case NID_pkcs7_signed:
-		si_sk=p7->d.sign->signer_info;
-		os=PKCS7_get_octet_string(p7->d.sign->contents);
-		/* If detached data then the content is excluded */
-		if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
-			M_ASN1_OCTET_STRING_free(os);
-			p7->d.sign->contents->d.data = NULL;
-		}
-		break;
-
-	case NID_pkcs7_digest:
-		os=PKCS7_get_octet_string(p7->d.digest->contents);
-		/* If detached data then the content is excluded */
-		if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
-			{
-			M_ASN1_OCTET_STRING_free(os);
-			p7->d.digest->contents->d.data = NULL;
-			}
-		break;
-
-	default:
-		PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-	        goto err;
-		}
-
-	if (si_sk != NULL)
-		{
-		for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
-			{
-			si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
-			if (si->pkey == NULL)
-				continue;
-
-			j = OBJ_obj2nid(si->digest_alg->algorithm);
-
-			btmp=bio;
-
-			btmp = PKCS7_find_digest(&mdc, btmp, j);
-
-			if (btmp == NULL)
-				goto err;
-
-			/* We now have the EVP_MD_CTX, lets do the
-			 * signing. */
-			if (!EVP_MD_CTX_copy_ex(&ctx_tmp,mdc))
-				goto err;
-
-			sk=si->auth_attr;
-
-			/* If there are attributes, we add the digest
-			 * attribute and only sign the attributes */
-			if (sk_X509_ATTRIBUTE_num(sk) > 0)
-				{
-				if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
-					goto err;
-				}
-			else
-				{
-				unsigned char *abuf = NULL;
-				unsigned int abuflen;
-				abuflen = EVP_PKEY_size(si->pkey);
-				abuf = OPENSSL_malloc(abuflen);
-				if (!abuf)
-					goto err;
-
-				if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
-							si->pkey))
-					{
-					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-							ERR_R_EVP_LIB);
-					goto err;
-					}
-				ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
-				}
-			}
-		}
-	else if (i == NID_pkcs7_digest)
-		{
-		unsigned char md_data[EVP_MAX_MD_SIZE];
-		unsigned int md_len;
-		if (!PKCS7_find_digest(&mdc, bio,
-				OBJ_obj2nid(p7->d.digest->md->algorithm)))
-			goto err;
-		if (!EVP_DigestFinal_ex(mdc,md_data,&md_len))
-			goto err;
-		M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
-		}
-
-	if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
-		{
-		char *cont;
-		long contlen;
-		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
-		if (btmp == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
-			goto err;
-			}
-		contlen = BIO_get_mem_data(btmp, &cont);
-		/* Mark the BIO read only then we can use its copy of the data
-		 * instead of making an extra copy.
-		 */
-		BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
-		BIO_set_mem_eof_return(btmp, 0);
-		ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
-		}
-	ret=1;
-err:
-	EVP_MD_CTX_cleanup(&ctx_tmp);
-	return(ret);
-	}
-
-int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
-	{
-	EVP_MD_CTX mctx;
-	EVP_PKEY_CTX *pctx;
-	unsigned char *abuf = NULL;
-	int alen;
-	size_t siglen;
-	const EVP_MD *md = NULL;
-
-	md = EVP_get_digestbyobj(si->digest_alg->algorithm);
-	if (md == NULL)
-		return 0;
-
-	EVP_MD_CTX_init(&mctx);
-	if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0)
-		goto err;
-
-	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-				EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0)
-		{
-		PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
-		goto err;
-		}
-
-	alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf,
-				ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
-	if(!abuf)
-		goto err;
-	if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
-		goto err;
-	OPENSSL_free(abuf);
-	abuf = NULL;
-	if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
-		goto err;
-	abuf = OPENSSL_malloc(siglen);
-	if(!abuf)
-		goto err;
-	if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
-		goto err;
-
-	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-				EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0)
-		{
-		PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
-		goto err;
-		}
-
-	EVP_MD_CTX_cleanup(&mctx);
-
-	ASN1_STRING_set0(si->enc_digest, abuf, siglen);
-
-	return 1;
-
-	err:
-	if (abuf)
-		OPENSSL_free(abuf);
-	EVP_MD_CTX_cleanup(&mctx);
-	return 0;
-
-	}
-
-int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
-	     PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-	{
-	PKCS7_ISSUER_AND_SERIAL *ias;
-	int ret=0,i;
-	STACK_OF(X509) *cert;
-	X509 *x509;
-
-	if (PKCS7_type_is_signed(p7))
-		{
-		cert=p7->d.sign->cert;
-		}
-	else if (PKCS7_type_is_signedAndEnveloped(p7))
-		{
-		cert=p7->d.signed_and_enveloped->cert;
-		}
-	else
-		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
-		goto err;
-		}
-	/* XXXXXXXXXXXXXXXXXXXXXXX */
-	ias=si->issuer_and_serial;
-
-	x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
-
-	/* were we able to find the cert in passed to us */
-	if (x509 == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
-		goto err;
-		}
-
-	/* Lets verify */
-	if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
-		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
-		goto err;
-		}
-	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
-	i=X509_verify_cert(ctx);
-	if (i <= 0) 
-		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
-		X509_STORE_CTX_cleanup(ctx);
-		goto err;
-		}
-	X509_STORE_CTX_cleanup(ctx);
-
-	return PKCS7_signatureVerify(bio, p7, si, x509);
-	err:
-	return ret;
-	}
-
-int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-								X509 *x509)
-	{
-	ASN1_OCTET_STRING *os;
-	EVP_MD_CTX mdc_tmp,*mdc;
-	int ret=0,i;
-	int md_type;
-	STACK_OF(X509_ATTRIBUTE) *sk;
-	BIO *btmp;
-	EVP_PKEY *pkey;
-
-	EVP_MD_CTX_init(&mdc_tmp);
-
-	if (!PKCS7_type_is_signed(p7) && 
-				!PKCS7_type_is_signedAndEnveloped(p7)) {
-		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-						PKCS7_R_WRONG_PKCS7_TYPE);
-		goto err;
-	}
-
-	md_type=OBJ_obj2nid(si->digest_alg->algorithm);
-
-	btmp=bio;
-	for (;;)
-		{
-		if ((btmp == NULL) ||
-			((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
-			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-			goto err;
-			}
-		BIO_get_md_ctx(btmp,&mdc);
-		if (mdc == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-							ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		if (EVP_MD_CTX_type(mdc) == md_type)
-			break;
-		/* Workaround for some broken clients that put the signature
-		 * OID instead of the digest OID in digest_alg->algorithm
-		 */
-		if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
-			break;
-		btmp=BIO_next(btmp);
-		}
-
-	/* mdc is the digest ctx that we want, unless there are attributes,
-	 * in which case the digest is the signed attributes */
-	if (!EVP_MD_CTX_copy_ex(&mdc_tmp,mdc))
-		goto err;
-
-	sk=si->auth_attr;
-	if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
-		{
-		unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
-                unsigned int md_len;
-		int alen;
-		ASN1_OCTET_STRING *message_digest;
-
-		if (!EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len))
-			goto err;
-		message_digest=PKCS7_digest_from_attributes(sk);
-		if (!message_digest)
-			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-			goto err;
-			}
-		if ((message_digest->length != (int)md_len) ||
-			(memcmp(message_digest->data,md_dat,md_len)))
-			{
-#if 0
-{
-int ii;
-for (ii=0; ii<message_digest->length; ii++)
-	printf("%02X",message_digest->data[ii]); printf(" sent\n");
-for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
-}
-#endif
-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-							PKCS7_R_DIGEST_FAILURE);
-			ret= -1;
-			goto err;
-			}
-
-		if (!EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL))
-			goto err;
-
-		alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
-						ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
-		if (alen <= 0) 
-			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,ERR_R_ASN1_LIB);
-			ret = -1;
-			goto err;
-			}
-		if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
-			goto err;
-
-		OPENSSL_free(abuf);
-		}
-
-	os=si->enc_digest;
-	pkey = X509_get_pubkey(x509);
-	if (!pkey)
-		{
-		ret = -1;
-		goto err;
-		}
-
-	i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
-	EVP_PKEY_free(pkey);
-	if (i <= 0)
-		{
-		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-						PKCS7_R_SIGNATURE_FAILURE);
-		ret= -1;
-		goto err;
-		}
-	else
-		ret=1;
-err:
-	EVP_MD_CTX_cleanup(&mdc_tmp);
-	return(ret);
-	}
-
-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
-	{
-	STACK_OF(PKCS7_RECIP_INFO) *rsk;
-	PKCS7_RECIP_INFO *ri;
-	int i;
-
-	i=OBJ_obj2nid(p7->type);
-	if (i != NID_pkcs7_signedAndEnveloped)
-		return NULL;
-	if (p7->d.signed_and_enveloped == NULL)
-		return NULL;
-	rsk=p7->d.signed_and_enveloped->recipientinfo;
-	if (rsk == NULL)
-		return NULL;
-	ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
-	if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
-	ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
-	return(ri->issuer_and_serial);
-	}
-
-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
-	{
-	return(get_attribute(si->auth_attr,nid));
-	}
-
-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
-	{
-	return(get_attribute(si->unauth_attr,nid));
-	}
-
-static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
-	{
-	int i;
-	X509_ATTRIBUTE *xa;
-	ASN1_OBJECT *o;
-
-	o=OBJ_nid2obj(nid);
-	if (!o || !sk) return(NULL);
-	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-		{
-		xa=sk_X509_ATTRIBUTE_value(sk,i);
-		if (OBJ_cmp(xa->object,o) == 0)
-			{
-			if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
-				return(sk_ASN1_TYPE_value(xa->value.set,0));
-			else
-				return(NULL);
-			}
-		}
-	return(NULL);
-	}
-
-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
-{
-	ASN1_TYPE *astype;
-	if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
-	return astype->value.octet_string;
-}
-
-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
-				STACK_OF(X509_ATTRIBUTE) *sk)
-	{
-	int i;
-
-	if (p7si->auth_attr != NULL)
-		sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
-	p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
-	if (p7si->auth_attr == NULL)
-		return 0;
-	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-		{
-		if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
-			X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
-		    == NULL)
-			return(0);
-		}
-	return(1);
-	}
-
-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
-	{
-	int i;
-
-	if (p7si->unauth_attr != NULL)
-		sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
-					   X509_ATTRIBUTE_free);
-	p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
-	if (p7si->unauth_attr == NULL)
-		return 0;
-	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-		{
-		if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
-                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
-		    == NULL)
-			return(0);
-		}
-	return(1);
-	}
-
-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-	     void *value)
-	{
-	return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
-	}
-
-int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-	     void *value)
-	{
-	return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
-	}
-
-static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
-			 void *value)
-	{
-	X509_ATTRIBUTE *attr=NULL;
-
-	if (*sk == NULL)
-		{
-		*sk = sk_X509_ATTRIBUTE_new_null();
-		if (*sk == NULL)
-			return 0;	
-new_attrib:
-		if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value)))
-			return 0;
-		if (!sk_X509_ATTRIBUTE_push(*sk,attr))
-			{
-			X509_ATTRIBUTE_free(attr);
-			return 0;
-			}
-		}
-	else
-		{
-		int i;
-
-		for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
-			{
-			attr=sk_X509_ATTRIBUTE_value(*sk,i);
-			if (OBJ_obj2nid(attr->object) == nid)
-				{
-				X509_ATTRIBUTE_free(attr);
-				attr=X509_ATTRIBUTE_create(nid,atrtype,value);
-				if (attr == NULL)
-					return 0;
-				if (!sk_X509_ATTRIBUTE_set(*sk,i,attr))
-					{
-					X509_ATTRIBUTE_free(attr);
-					return 0;
-					}
-				goto end;
-				}
-			}
-		goto new_attrib;
-		}
-end:
-	return(1);
-	}
-
diff --git a/crypto/pkcs7/pk7_enc.c b/crypto/pkcs7/pk7_enc.c
deleted file mode 100644
index acbb189c59..0000000000
--- a/crypto/pkcs7/pk7_enc.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/* crypto/pkcs7/pk7_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-
-PKCS7_in_bio(PKCS7 *p7,BIO *in);
-PKCS7_out_bio(PKCS7 *p7,BIO *out);
-
-PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key);
-PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher);
-
-PKCS7_Init(PKCS7 *p7);
-PKCS7_Update(PKCS7 *p7);
-PKCS7_Finish(PKCS7 *p7);
-
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
deleted file mode 100644
index d411269b50..0000000000
--- a/crypto/pkcs7/pk7_lib.c
+++ /dev/null
@@ -1,665 +0,0 @@
-/* crypto/pkcs7/pk7_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include "asn1_locl.h"
-
-long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
-	{
-	int nid;
-	long ret;
-
-	nid=OBJ_obj2nid(p7->type);
-
-	switch (cmd)
-		{
-	case PKCS7_OP_SET_DETACHED_SIGNATURE:
-		if (nid == NID_pkcs7_signed)
-			{
-			ret=p7->detached=(int)larg;
-			if (ret && PKCS7_type_is_data(p7->d.sign->contents))
-					{
-					ASN1_OCTET_STRING *os;
-					os=p7->d.sign->contents->d.data;
-					ASN1_OCTET_STRING_free(os);
-					p7->d.sign->contents->d.data = NULL;
-					}
-			}
-		else
-			{
-			PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
-			ret=0;
-			}
-		break;
-	case PKCS7_OP_GET_DETACHED_SIGNATURE:
-		if (nid == NID_pkcs7_signed)
-			{
-			if(!p7->d.sign  || !p7->d.sign->contents->d.ptr)
-				ret = 1;
-			else ret = 0;
-				
-			p7->detached = ret;
-			}
-		else
-			{
-			PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
-			ret=0;
-			}
-			
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
-		ret=0;
-		}
-	return(ret);
-	}
-
-int PKCS7_content_new(PKCS7 *p7, int type)
-	{
-	PKCS7 *ret=NULL;
-
-	if ((ret=PKCS7_new()) == NULL) goto err;
-	if (!PKCS7_set_type(ret,type)) goto err;
-	if (!PKCS7_set_content(p7,ret)) goto err;
-
-	return(1);
-err:
-	if (ret != NULL) PKCS7_free(ret);
-	return(0);
-	}
-
-int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
-	{
-	int i;
-
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
-	case NID_pkcs7_signed:
-		if (p7->d.sign->contents != NULL)
-			PKCS7_free(p7->d.sign->contents);
-		p7->d.sign->contents=p7_data;
-		break;
-	case NID_pkcs7_digest:
-		if (p7->d.digest->contents != NULL)
-			PKCS7_free(p7->d.digest->contents);
-		p7->d.digest->contents=p7_data;
-		break;
-	case NID_pkcs7_data:
-	case NID_pkcs7_enveloped:
-	case NID_pkcs7_signedAndEnveloped:
-	case NID_pkcs7_encrypted:
-	default:
-		PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-		goto err;
-		}
-	return(1);
-err:
-	return(0);
-	}
-
-int PKCS7_set_type(PKCS7 *p7, int type)
-	{
-	ASN1_OBJECT *obj;
-
-	/*PKCS7_content_free(p7);*/
-	obj=OBJ_nid2obj(type); /* will not fail */
-
-	switch (type)
-		{
-	case NID_pkcs7_signed:
-		p7->type=obj;
-		if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
-			goto err;
-		if (!ASN1_INTEGER_set(p7->d.sign->version,1))
-			{
-			PKCS7_SIGNED_free(p7->d.sign);
-			p7->d.sign=NULL;
-			goto err;
-			}
-		break;
-	case NID_pkcs7_data:
-		p7->type=obj;
-		if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
-			goto err;
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		p7->type=obj;
-		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
-			== NULL) goto err;
-		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
-		if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1))
-			goto err;
-		p7->d.signed_and_enveloped->enc_data->content_type
-						= OBJ_nid2obj(NID_pkcs7_data);
-		break;
-	case NID_pkcs7_enveloped:
-		p7->type=obj;
-		if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
-			== NULL) goto err;
-		if (!ASN1_INTEGER_set(p7->d.enveloped->version,0))
-			goto err;
-		p7->d.enveloped->enc_data->content_type
-						= OBJ_nid2obj(NID_pkcs7_data);
-		break;
-	case NID_pkcs7_encrypted:
-		p7->type=obj;
-		if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
-			== NULL) goto err;
-		if (!ASN1_INTEGER_set(p7->d.encrypted->version,0))
-			goto err;
-		p7->d.encrypted->enc_data->content_type
-						= OBJ_nid2obj(NID_pkcs7_data);
-		break;
-
-	case NID_pkcs7_digest:
-		p7->type=obj;
-		if ((p7->d.digest=PKCS7_DIGEST_new())
-			== NULL) goto err;
-		if (!ASN1_INTEGER_set(p7->d.digest->version,0))
-			goto err;
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-		goto err;
-		}
-	return(1);
-err:
-	return(0);
-	}
-
-int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
-	{
-	p7->type = OBJ_nid2obj(type);
-	p7->d.other = other;
-	return 1;
-	}
-
-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
-	{
-	int i,j,nid;
-	X509_ALGOR *alg;
-	STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
-	STACK_OF(X509_ALGOR) *md_sk;
-
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
-	case NID_pkcs7_signed:
-		signer_sk=	p7->d.sign->signer_info;
-		md_sk=		p7->d.sign->md_algs;
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		signer_sk=	p7->d.signed_and_enveloped->signer_info;
-		md_sk=		p7->d.signed_and_enveloped->md_algs;
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
-
-	nid=OBJ_obj2nid(psi->digest_alg->algorithm);
-
-	/* If the digest is not currently listed, add it */
-	j=0;
-	for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
-		{
-		alg=sk_X509_ALGOR_value(md_sk,i);
-		if (OBJ_obj2nid(alg->algorithm) == nid)
-			{
-			j=1;
-			break;
-			}
-		}
-	if (!j) /* we need to add another algorithm */
-		{
-		if(!(alg=X509_ALGOR_new())
-			|| !(alg->parameter = ASN1_TYPE_new()))
-			{
-			X509_ALGOR_free(alg);
-			PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		alg->algorithm=OBJ_nid2obj(nid);
-		alg->parameter->type = V_ASN1_NULL;
-		if (!sk_X509_ALGOR_push(md_sk,alg))
-			{
-			X509_ALGOR_free(alg);
-			return 0;
-			}
-		}
-
-	if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi))
-		return 0;
-	return(1);
-	}
-
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
-	{
-	int i;
-	STACK_OF(X509) **sk;
-
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
-	case NID_pkcs7_signed:
-		sk= &(p7->d.sign->cert);
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		sk= &(p7->d.signed_and_enveloped->cert);
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
-
-	if (*sk == NULL)
-		*sk=sk_X509_new_null();
-	if (*sk == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-	if (!sk_X509_push(*sk,x509))
-		{
-		X509_free(x509);
-		return 0;
-		}
-	return(1);
-	}
-
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
-	{
-	int i;
-	STACK_OF(X509_CRL) **sk;
-
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
-	case NID_pkcs7_signed:
-		sk= &(p7->d.sign->crl);
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		sk= &(p7->d.signed_and_enveloped->crl);
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
-
-	if (*sk == NULL)
-		*sk=sk_X509_CRL_new_null();
-	if (*sk == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
-	if (!sk_X509_CRL_push(*sk,crl))
-		{
-		X509_CRL_free(crl);
-		return 0;
-		}
-	return(1);
-	}
-
-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-	     const EVP_MD *dgst)
-	{
-	int ret;
-
-	/* We now need to add another PKCS7_SIGNER_INFO entry */
-	if (!ASN1_INTEGER_set(p7i->version,1))
-		goto err;
-	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
-			X509_get_issuer_name(x509)))
-		goto err;
-
-	/* because ASN1_INTEGER_set is used to set a 'long' we will do
-	 * things the ugly way. */
-	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
-	if (!(p7i->issuer_and_serial->serial=
-			M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
-		goto err;
-
-	/* lets keep the pkey around for a while */
-	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-	p7i->pkey=pkey;
-
-	/* Set the algorithms */
-
-	X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
-				V_ASN1_NULL, NULL);
-
-	if (pkey->ameth && pkey->ameth->pkey_ctrl)
-		{
-		ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN,
-						0, p7i);
-		if (ret > 0)
-			return 1;
-		if (ret != -2)
-			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
-					PKCS7_R_SIGNING_CTRL_FAILURE);
-			return 0;
-			}
-		}
-	PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
-			PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-err:
-	return 0;
-	}
-
-PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
-	     const EVP_MD *dgst)
-	{
-	PKCS7_SIGNER_INFO *si = NULL;
-
-	if (dgst == NULL)
-		{
-		int def_nid;
-		if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
-			goto err;
-		dgst = EVP_get_digestbynid(def_nid);
-		if (dgst == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE,
-						PKCS7_R_NO_DEFAULT_DIGEST);
-			goto err;
-			}
-		}
-
-	if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
-	if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
-	if (!PKCS7_add_signer(p7,si)) goto err;
-	return(si);
-err:
-	if (si)
-		PKCS7_SIGNER_INFO_free(si);
-	return(NULL);
-	}
-
-int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
-	{
-	if (PKCS7_type_is_digest(p7))
-		{
-		if(!(p7->d.digest->md->parameter = ASN1_TYPE_new()))
-			{
-			PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		p7->d.digest->md->parameter->type = V_ASN1_NULL;
-		p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
-		return 1;
-		}
-		
-	PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE);
-	return 1;
-	}
-
-STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
-	{
-	if (PKCS7_type_is_signed(p7))
-		{
-		return(p7->d.sign->signer_info);
-		}
-	else if (PKCS7_type_is_signedAndEnveloped(p7))
-		{
-		return(p7->d.signed_and_enveloped->signer_info);
-		}
-	else
-		return(NULL);
-	}
-
-void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
-					X509_ALGOR **pdig, X509_ALGOR **psig)
-	{
-	if (pk)
-		*pk = si->pkey;
-	if (pdig)
-		*pdig = si->digest_alg;
-	if (psig)
-		*psig = si->digest_enc_alg;
-	}
-
-void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
-	{
-	if (penc)
-		*penc = ri->key_enc_algor;
-	}
-
-PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
-	{
-	PKCS7_RECIP_INFO *ri;
-
-	if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
-	if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
-	if (!PKCS7_add_recipient_info(p7,ri)) goto err;
-	return ri;
-err:
-	if (ri)
-		PKCS7_RECIP_INFO_free(ri);
-	return NULL;
-	}
-
-int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
-	{
-	int i;
-	STACK_OF(PKCS7_RECIP_INFO) *sk;
-
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
-	case NID_pkcs7_signedAndEnveloped:
-		sk=	p7->d.signed_and_enveloped->recipientinfo;
-		break;
-	case NID_pkcs7_enveloped:
-		sk=	p7->d.enveloped->recipientinfo;
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
-
-	if (!sk_PKCS7_RECIP_INFO_push(sk,ri))
-		return 0;
-	return(1);
-	}
-
-int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
-	{
-	int ret;
-	EVP_PKEY *pkey = NULL;
-	if (!ASN1_INTEGER_set(p7i->version,0))
-		return 0;
-	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
-		X509_get_issuer_name(x509)))
-		return 0;
-
-	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
-	if (!(p7i->issuer_and_serial->serial=
-		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
-		return 0;
-
-	pkey = X509_get_pubkey(x509);
-
-	if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl)
-		{
-		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
-			PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-		goto err;
-		}
-
-	ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT,
-						0, p7i);
-	if (ret == -2)
-		{
-		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
-			PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
-		goto err;
-		}
-	if (ret <= 0)
-		{
-		PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
-				PKCS7_R_ENCRYPTION_CTRL_FAILURE);
-		goto err;
-		}
-
-	EVP_PKEY_free(pkey);
-
-	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-	p7i->cert=x509;
-
-	return 1;
-
-	err:
-	if (pkey)
-		EVP_PKEY_free(pkey);
-	return 0;
-	}
-
-X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-	{
-	if (PKCS7_type_is_signed(p7))
-		return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
-			si->issuer_and_serial->issuer,
-			si->issuer_and_serial->serial));
-	else
-		return(NULL);
-	}
-
-int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
-	{
-	int i;
-	PKCS7_ENC_CONTENT *ec;
-
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
-	case NID_pkcs7_signedAndEnveloped:
-		ec=p7->d.signed_and_enveloped->enc_data;
-		break;
-	case NID_pkcs7_enveloped:
-		ec=p7->d.enveloped->enc_data;
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
-
-	/* Check cipher OID exists and has data in it*/
-	i = EVP_CIPHER_type(cipher);
-	if(i == NID_undef) {
-		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
-		return(0);
-	}
-
-	ec->cipher = cipher;
-	return 1;
-	}
-
-int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
-	{
-	ASN1_OCTET_STRING *os = NULL;
-
-	switch (OBJ_obj2nid(p7->type))
-		{
-		case NID_pkcs7_data:
-		os = p7->d.data;
-		break;
-
-		case NID_pkcs7_signedAndEnveloped:
-		os = p7->d.signed_and_enveloped->enc_data->enc_data;
-		if (os == NULL)
-			{
-			os=M_ASN1_OCTET_STRING_new();
-			p7->d.signed_and_enveloped->enc_data->enc_data=os;
-			}
-		break;
-
-		case NID_pkcs7_enveloped:
-		os = p7->d.enveloped->enc_data->enc_data;
-		if (os == NULL)
-			{
-			os=M_ASN1_OCTET_STRING_new();
-			p7->d.enveloped->enc_data->enc_data=os;
-			}
-		break;
-
-		case NID_pkcs7_signed:
-		os=p7->d.sign->contents->d.data;
-		break;
-
-		default:
-		os = NULL;
-		break;
-		}
-	
-	if (os == NULL)
-		return 0;
-
-	os->flags |= ASN1_STRING_FLAG_NDEF;
-	*boundary = &os->data;
-
-	return 1;
-	}
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
deleted file mode 100644
index 938f79a646..0000000000
--- a/crypto/pkcs7/pk7_mime.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* pk7_mime.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-
-/* PKCS#7 wrappers round generalised stream and MIME routines */
-
-int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
-	{
-	return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags,
-					ASN1_ITEM_rptr(PKCS7));
-	}
-
-int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
-	{
-	return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags,
-						"PKCS7",
-						ASN1_ITEM_rptr(PKCS7));
-	}
-
-int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
-	{
-	STACK_OF(X509_ALGOR) *mdalgs;
-	int ctype_nid = OBJ_obj2nid(p7->type);
-	if (ctype_nid == NID_pkcs7_signed)
-		mdalgs = p7->d.sign->md_algs;
-	else
-		mdalgs = NULL;
-
-	flags ^= SMIME_OLDMIME;
-
-
-	return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
-					ctype_nid, NID_undef, mdalgs,
-					ASN1_ITEM_rptr(PKCS7));	
-	}
-
-PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
-	{
-	return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
-	}
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
deleted file mode 100644
index a5104f8d05..0000000000
--- a/crypto/pkcs7/pk7_smime.c
+++ /dev/null
@@ -1,606 +0,0 @@
-/* pk7_smime.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Simple PKCS#7 processing functions */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
-
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-		  BIO *data, int flags)
-{
-	PKCS7 *p7;
-	int i;
-
-	if(!(p7 = PKCS7_new()))
-		{
-		PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	if (!PKCS7_set_type(p7, NID_pkcs7_signed))
-		goto err;
-
-	if (!PKCS7_content_new(p7, NID_pkcs7_data))
-		goto err;
-
-    	if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags))
-		{
-		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
-		goto err;
-		}
-
-	if(!(flags & PKCS7_NOCERTS))
-		{
-		for(i = 0; i < sk_X509_num(certs); i++)
-			{
-			if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
-				goto err;
-			}
-		}
-
-	if(flags & PKCS7_DETACHED)
-		PKCS7_set_detached(p7, 1);
-
-	if (flags & (PKCS7_STREAM|PKCS7_PARTIAL))
-		return p7;
-
-	if (PKCS7_final(p7, data, flags))
-		return p7;
-
-	err:
-	PKCS7_free(p7);
-	return NULL;
-}
-
-int PKCS7_final(PKCS7 *p7, BIO *data, int flags)
-	{
-	BIO *p7bio;
-	int ret = 0;
-	if (!(p7bio = PKCS7_dataInit(p7, NULL)))
-		{
-		PKCS7err(PKCS7_F_PKCS7_FINAL,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	SMIME_crlf_copy(data, p7bio, flags);
-
-	(void)BIO_flush(p7bio);
-
-
-        if (!PKCS7_dataFinal(p7,p7bio))
-		{
-		PKCS7err(PKCS7_F_PKCS7_FINAL,PKCS7_R_PKCS7_DATASIGN);
-		goto err;
-		}
-
-	ret = 1;
-
-	err:
-	BIO_free_all(p7bio);
-
-	return ret;
-
-	}
-
-/* Check to see if a cipher exists and if so add S/MIME capabilities */
-
-static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
-	{
-	if (EVP_get_cipherbynid(nid))
-		return PKCS7_simple_smimecap(sk, nid, arg);
-	return 1;
-	}
-
-static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
-	{
-	if (EVP_get_digestbynid(nid))
-		return PKCS7_simple_smimecap(sk, nid, arg);
-	return 1;
-	}
-
-PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
-					EVP_PKEY *pkey, const EVP_MD *md,
-					int flags)
-	{
-	PKCS7_SIGNER_INFO *si = NULL;
-	STACK_OF(X509_ALGOR) *smcap = NULL;
-	if(!X509_check_private_key(signcert, pkey))
-		{
-		PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
-			PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                return NULL;
-		}
-
-    	if (!(si = PKCS7_add_signature(p7,signcert,pkey, md)))
-		{
-		PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
-				PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
-		return NULL;
-		}
-
-	if(!(flags & PKCS7_NOCERTS))
-		{
-		if (!PKCS7_add_certificate(p7, signcert))
-			goto err;
-		}
-
-	if(!(flags & PKCS7_NOATTR))
-		{
-		if (!PKCS7_add_attrib_content_type(si, NULL))
-			goto err;
-		/* Add SMIMECapabilities */
-		if(!(flags & PKCS7_NOSMIMECAP))
-			{
-			if(!(smcap = sk_X509_ALGOR_new_null()))
-				{
-				PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
-					ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
-			|| !add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
-			|| !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
-				|| !add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
-				|| !add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
-			|| !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
-				|| !add_cipher_smcap(smcap, NID_rc2_cbc, 128)
-				|| !add_cipher_smcap(smcap, NID_rc2_cbc, 64)
-				|| !add_cipher_smcap(smcap, NID_des_cbc, -1)
-				|| !add_cipher_smcap(smcap, NID_rc2_cbc, 40)
-				|| !PKCS7_add_attrib_smimecap (si, smcap))
-				goto err;
-			sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
-			smcap = NULL;
-			}
-		if (flags & PKCS7_REUSE_DIGEST)
-			{
-			if (!pkcs7_copy_existing_digest(p7, si))
-				goto err;
-			if (!(flags & PKCS7_PARTIAL) &&
-					!PKCS7_SIGNER_INFO_sign(si))
-				goto err;
-			}
-		}
-	return si;
-	err:
-	if (smcap)
-		sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
-	return NULL;
-	}
-
-/* Search for a digest matching SignerInfo digest type and if found
- * copy across.
- */
-
-static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-	{
-	int i;
-	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
-	PKCS7_SIGNER_INFO *sitmp;
-	ASN1_OCTET_STRING *osdig = NULL;
-	sinfos = PKCS7_get_signer_info(p7);
-	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
-		{
-		sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
-		if (si == sitmp)
-			break;
-		if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0)
-			continue;
-		if (!OBJ_cmp(si->digest_alg->algorithm,
-				sitmp->digest_alg->algorithm))
-			{
-			osdig = PKCS7_digest_from_attributes(sitmp->auth_attr);
-			break;
-			}
-
-		}
-
-	if (osdig)
-		return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
-
-	PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
-			PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
-	return 0;
-	}
-
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
-					BIO *indata, BIO *out, int flags)
-{
-	STACK_OF(X509) *signers;
-	X509 *signer;
-	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
-	PKCS7_SIGNER_INFO *si;
-	X509_STORE_CTX cert_ctx;
-	char buf[4096];
-	int i, j=0, k, ret = 0;
-	BIO *p7bio;
-	BIO *tmpin, *tmpout;
-
-	if(!p7) {
-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
-		return 0;
-	}
-
-	if(!PKCS7_type_is_signed(p7)) {
-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
-		return 0;
-	}
-
-	/* Check for no data and no content: no data to verify signature */
-	if(PKCS7_get_detached(p7) && !indata) {
-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
-		return 0;
-	}
-#if 0
-	/* NB: this test commented out because some versions of Netscape
-	 * illegally include zero length content when signing data.
-	 */
-
-	/* Check for data and content: two sets of data */
-	if(!PKCS7_get_detached(p7) && indata) {
-				PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
-		return 0;
-	}
-#endif
-
-	sinfos = PKCS7_get_signer_info(p7);
-
-	if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
-		return 0;
-	}
-
-
-	signers = PKCS7_get0_signers(p7, certs, flags);
-
-	if(!signers) return 0;
-
-	/* Now verify the certificates */
-
-	if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
-		signer = sk_X509_value (signers, k);
-		if (!(flags & PKCS7_NOCHAIN)) {
-			if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
-							p7->d.sign->cert))
-				{
-				PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
-				sk_X509_free(signers);
-				return 0;
-				}
-			X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
-		} else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
-			sk_X509_free(signers);
-			return 0;
-		}
-		if (!(flags & PKCS7_NOCRL))
-			X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
-		i = X509_verify_cert(&cert_ctx);
-		if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
-		X509_STORE_CTX_cleanup(&cert_ctx);
-		if (i <= 0) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
-			ERR_add_error_data(2, "Verify error:",
-					 X509_verify_cert_error_string(j));
-			sk_X509_free(signers);
-			return 0;
-		}
-		/* Check for revocation status here */
-	}
-
-	/* Performance optimization: if the content is a memory BIO then
-	 * store its contents in a temporary read only memory BIO. This
-	 * avoids potentially large numbers of slow copies of data which will
-	 * occur when reading from a read write memory BIO when signatures
-	 * are calculated.
-	 */
-
-	if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
-		{
-		char *ptr;
-		long len;
-		len = BIO_get_mem_data(indata, &ptr);
-		tmpin = BIO_new_mem_buf(ptr, len);
-		if (tmpin == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		}
-	else
-		tmpin = indata;
-		
-
-	if (!(p7bio=PKCS7_dataInit(p7,tmpin)))
-		goto err;
-
-	if(flags & PKCS7_TEXT) {
-		if(!(tmpout = BIO_new(BIO_s_mem()))) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		BIO_set_mem_eof_return(tmpout, 0);
-	} else tmpout = out;
-
-	/* We now have to 'read' from p7bio to calculate digests etc. */
-	for (;;)
-	{
-		i=BIO_read(p7bio,buf,sizeof(buf));
-		if (i <= 0) break;
-		if (tmpout) BIO_write(tmpout, buf, i);
-	}
-
-	if(flags & PKCS7_TEXT) {
-		if(!SMIME_text(tmpout, out)) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
-			BIO_free(tmpout);
-			goto err;
-		}
-		BIO_free(tmpout);
-	}
-
-	/* Now Verify All Signatures */
-	if (!(flags & PKCS7_NOSIGS))
-	    for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
-		{
-		si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
-		signer = sk_X509_value (signers, i);
-		j=PKCS7_signatureVerify(p7bio,p7,si, signer);
-		if (j <= 0) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
-			goto err;
-		}
-	}
-
-	ret = 1;
-
-	err:
-	
-	if (tmpin == indata)
-		{
-		if (indata) BIO_pop(p7bio);
-		}
-	BIO_free_all(p7bio);
-
-	sk_X509_free(signers);
-
-	return ret;
-}
-
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
-{
-	STACK_OF(X509) *signers;
-	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
-	PKCS7_SIGNER_INFO *si;
-	PKCS7_ISSUER_AND_SERIAL *ias;
-	X509 *signer;
-	int i;
-
-	if(!p7) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
-		return NULL;
-	}
-
-	if(!PKCS7_type_is_signed(p7)) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
-		return NULL;
-	}
-
-	/* Collect all the signers together */
-
-	sinfos = PKCS7_get_signer_info(p7);
-
-	if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
-		return 0;
-	}
-
-	if(!(signers = sk_X509_new_null())) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
-	{
-	    si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
-	    ias = si->issuer_and_serial;
-	    signer = NULL;
-		/* If any certificates passed they take priority */
-	    if (certs) signer = X509_find_by_issuer_and_serial (certs,
-					 	ias->issuer, ias->serial);
-	    if (!signer && !(flags & PKCS7_NOINTERN)
-			&& p7->d.sign->cert) signer =
-		              X509_find_by_issuer_and_serial (p7->d.sign->cert,
-					      	ias->issuer, ias->serial);
-	    if (!signer) {
-			PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
-			sk_X509_free(signers);
-			return 0;
-	    }
-
-	    if (!sk_X509_push(signers, signer)) {
-		sk_X509_free(signers);
-		return NULL;
-	    }
-	}
-	return signers;
-}
-
-
-/* Build a complete PKCS#7 enveloped data */
-
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
-								int flags)
-{
-	PKCS7 *p7;
-	BIO *p7bio = NULL;
-	int i;
-	X509 *x509;
-	if(!(p7 = PKCS7_new())) {
-		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
-		goto err;
-	if (!PKCS7_set_cipher(p7, cipher)) {
-		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
-		goto err;
-	}
-
-	for(i = 0; i < sk_X509_num(certs); i++) {
-		x509 = sk_X509_value(certs, i);
-		if(!PKCS7_add_recipient(p7, x509)) {
-			PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
-					PKCS7_R_ERROR_ADDING_RECIPIENT);
-			goto err;
-		}
-	}
-
-	if (flags & PKCS7_STREAM)
-		return p7;
-
-	if (PKCS7_final(p7, in, flags))
-		return p7;
-
-	err:
-
-	BIO_free_all(p7bio);
-	PKCS7_free(p7);
-	return NULL;
-
-}
-
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
-{
-	BIO *tmpmem;
-	int ret, i;
-	char buf[4096];
-
-	if(!p7) {
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
-		return 0;
-	}
-
-	if(!PKCS7_type_is_enveloped(p7)) {
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
-		return 0;
-	}
-
-	if(cert && !X509_check_private_key(cert, pkey)) {
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT,
-				PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-		return 0;
-	}
-
-	if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
-		return 0;
-	}
-
-	if (flags & PKCS7_TEXT) {
-		BIO *tmpbuf, *bread;
-		/* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
-		if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
-			PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
-			BIO_free_all(tmpmem);
-			return 0;
-		}
-		if(!(bread = BIO_push(tmpbuf, tmpmem))) {
-			PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
-			BIO_free_all(tmpbuf);
-			BIO_free_all(tmpmem);
-			return 0;
-		}
-		ret = SMIME_text(bread, data);
-		if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
-			{
-			if (!BIO_get_cipher_status(tmpmem))
-				ret = 0;
-			}
-		BIO_free_all(bread);
-		return ret;
-	} else {
-		for(;;) {
-			i = BIO_read(tmpmem, buf, sizeof(buf));
-			if(i <= 0)
-				{
-				ret = 1;
-				if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
-					{
-					if (!BIO_get_cipher_status(tmpmem))
-						ret = 0;
-					}
-					
-				break;
-				}
-			if (BIO_write(data, buf, i) != i)
-				{
-				ret = 0;
-				break;
-				}
-		}
-		BIO_free_all(tmpmem);
-		return ret;
-	}
-}
diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h
deleted file mode 100644
index 5d54c4ac27..0000000000
--- a/crypto/pkcs7/pkcs7.h
+++ /dev/null
@@ -1,496 +0,0 @@
-/* crypto/pkcs7/pkcs7.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_PKCS7_H
-#define HEADER_PKCS7_H
-
-#include <openssl/asn1.h>
-#include <openssl/bio.h>
-#include <openssl/e_os2.h>
-
-#include <openssl/symhacks.h>
-#include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
-/* Under Win32 thes are defined in wincrypt.h */
-#undef PKCS7_ISSUER_AND_SERIAL
-#undef PKCS7_SIGNER_INFO
-#endif
-
-/*
-Encryption_ID		DES-CBC
-Digest_ID		MD5
-Digest_Encryption_ID	rsaEncryption
-Key_Encryption_ID	rsaEncryption
-*/
-
-typedef struct pkcs7_issuer_and_serial_st
-	{
-	X509_NAME *issuer;
-	ASN1_INTEGER *serial;
-	} PKCS7_ISSUER_AND_SERIAL;
-
-typedef struct pkcs7_signer_info_st
-	{
-	ASN1_INTEGER 			*version;	/* version 1 */
-	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;
-	X509_ALGOR			*digest_alg;
-	STACK_OF(X509_ATTRIBUTE)	*auth_attr;	/* [ 0 ] */
-	X509_ALGOR			*digest_enc_alg;
-	ASN1_OCTET_STRING		*enc_digest;
-	STACK_OF(X509_ATTRIBUTE)	*unauth_attr;	/* [ 1 ] */
-
-	/* The private key to sign with */
-	EVP_PKEY			*pkey;
-	} PKCS7_SIGNER_INFO;
-
-DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
-DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
-
-typedef struct pkcs7_recip_info_st
-	{
-	ASN1_INTEGER			*version;	/* version 0 */
-	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;
-	X509_ALGOR			*key_enc_algor;
-	ASN1_OCTET_STRING		*enc_key;
-	X509				*cert; /* get the pub-key from this */
-	} PKCS7_RECIP_INFO;
-
-DECLARE_STACK_OF(PKCS7_RECIP_INFO)
-DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
-
-typedef struct pkcs7_signed_st
-	{
-	ASN1_INTEGER			*version;	/* version 1 */
-	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */
-	STACK_OF(X509)			*cert;		/* [ 0 ] */
-	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */
-	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;
-
-	struct pkcs7_st			*contents;
-	} PKCS7_SIGNED;
-/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.
- * How about merging the two */
-
-typedef struct pkcs7_enc_content_st
-	{
-	ASN1_OBJECT			*content_type;
-	X509_ALGOR			*algorithm;
-	ASN1_OCTET_STRING		*enc_data;	/* [ 0 ] */
-	const EVP_CIPHER		*cipher;
-	} PKCS7_ENC_CONTENT;
-
-typedef struct pkcs7_enveloped_st
-	{
-	ASN1_INTEGER			*version;	/* version 0 */
-	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;
-	PKCS7_ENC_CONTENT		*enc_data;
-	} PKCS7_ENVELOPE;
-
-typedef struct pkcs7_signedandenveloped_st
-	{
-	ASN1_INTEGER			*version;	/* version 1 */
-	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */
-	STACK_OF(X509)			*cert;		/* [ 0 ] */
-	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */
-	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;
-
-	PKCS7_ENC_CONTENT		*enc_data;
-	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;
-	} PKCS7_SIGN_ENVELOPE;
-
-typedef struct pkcs7_digest_st
-	{
-	ASN1_INTEGER			*version;	/* version 0 */
-	X509_ALGOR			*md;		/* md used */
-	struct pkcs7_st 		*contents;
-	ASN1_OCTET_STRING		*digest;
-	} PKCS7_DIGEST;
-
-typedef struct pkcs7_encrypted_st
-	{
-	ASN1_INTEGER			*version;	/* version 0 */
-	PKCS7_ENC_CONTENT		*enc_data;
-	} PKCS7_ENCRYPT;
-
-typedef struct pkcs7_st
-	{
-	/* The following is non NULL if it contains ASN1 encoding of
-	 * this structure */
-	unsigned char *asn1;
-	long length;
-
-#define PKCS7_S_HEADER	0
-#define PKCS7_S_BODY	1
-#define PKCS7_S_TAIL	2
-	int state; /* used during processing */
-
-	int detached;
-
-	ASN1_OBJECT *type;
-	/* content as defined by the type */
-	/* all encryption/message digests are applied to the 'contents',
-	 * leaving out the 'type' field. */
-	union	{
-		char *ptr;
-
-		/* NID_pkcs7_data */
-		ASN1_OCTET_STRING *data;
-
-		/* NID_pkcs7_signed */
-		PKCS7_SIGNED *sign;
-
-		/* NID_pkcs7_enveloped */
-		PKCS7_ENVELOPE *enveloped;
-
-		/* NID_pkcs7_signedAndEnveloped */
-		PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
-
-		/* NID_pkcs7_digest */
-		PKCS7_DIGEST *digest;
-
-		/* NID_pkcs7_encrypted */
-		PKCS7_ENCRYPT *encrypted;
-
-		/* Anything else */
-		ASN1_TYPE *other;
-		} d;
-	} PKCS7;
-
-DECLARE_STACK_OF(PKCS7)
-DECLARE_ASN1_SET_OF(PKCS7)
-DECLARE_PKCS12_STACK_OF(PKCS7)
-
-#define PKCS7_OP_SET_DETACHED_SIGNATURE	1
-#define PKCS7_OP_GET_DETACHED_SIGNATURE	2
-
-#define PKCS7_get_signed_attributes(si)	((si)->auth_attr)
-#define PKCS7_get_attributes(si)	((si)->unauth_attr)
-
-#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
-#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
-#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
-#define PKCS7_type_is_signedAndEnveloped(a) \
-		(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
-#define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
-#define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
-
-#define PKCS7_set_detached(p,v) \
-		PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
-#define PKCS7_get_detached(p) \
-		PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
-
-#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
-
-/* S/MIME related flags */
-
-#define PKCS7_TEXT		0x1
-#define PKCS7_NOCERTS		0x2
-#define PKCS7_NOSIGS		0x4
-#define PKCS7_NOCHAIN		0x8
-#define PKCS7_NOINTERN		0x10
-#define PKCS7_NOVERIFY		0x20
-#define PKCS7_DETACHED		0x40
-#define PKCS7_BINARY		0x80
-#define PKCS7_NOATTR		0x100
-#define	PKCS7_NOSMIMECAP	0x200
-#define PKCS7_NOOLDMIMETYPE	0x400
-#define PKCS7_CRLFEOL		0x800
-#define PKCS7_STREAM		0x1000
-#define PKCS7_NOCRL		0x2000
-#define PKCS7_PARTIAL		0x4000
-#define PKCS7_REUSE_DIGEST	0x8000
-
-/* Flags: for compatibility with older code */
-
-#define SMIME_TEXT	PKCS7_TEXT
-#define SMIME_NOCERTS	PKCS7_NOCERTS
-#define SMIME_NOSIGS	PKCS7_NOSIGS
-#define SMIME_NOCHAIN	PKCS7_NOCHAIN
-#define SMIME_NOINTERN	PKCS7_NOINTERN
-#define SMIME_NOVERIFY	PKCS7_NOVERIFY
-#define SMIME_DETACHED	PKCS7_DETACHED
-#define SMIME_BINARY	PKCS7_BINARY
-#define SMIME_NOATTR	PKCS7_NOATTR
-
-DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
-
-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,
-	unsigned char *md,unsigned int *len);
-#ifndef OPENSSL_NO_FP_API
-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
-int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
-#endif
-PKCS7 *PKCS7_dup(PKCS7 *p7);
-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
-int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
-int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
-int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
-
-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
-DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)
-DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
-DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
-DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
-DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
-DECLARE_ASN1_FUNCTIONS(PKCS7)
-
-DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
-DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
-
-DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
-DECLARE_ASN1_PRINT_FUNCTION(PKCS7)
-
-long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
-
-int PKCS7_set_type(PKCS7 *p7, int type);
-int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
-int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-	const EVP_MD *dgst);
-int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
-int PKCS7_content_new(PKCS7 *p7, int nid);
-int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
-	BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); 
-int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-								X509 *x509);
-
-BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
-int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
-
-
-PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
-	EVP_PKEY *pkey, const EVP_MD *dgst);
-X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
-int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
-STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
-
-PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
-void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
-					X509_ALGOR **pdig, X509_ALGOR **psig);
-void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc);
-int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
-int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
-int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
-int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7);
-
-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
-	void *data);
-int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-	void *value);
-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
-				STACK_OF(X509_ATTRIBUTE) *sk);
-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
-
-
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-							BIO *data, int flags);
-
-PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7,
-			X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md,
-			int flags);
-
-int PKCS7_final(PKCS7 *p7, BIO *data, int flags);
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
-					BIO *indata, BIO *out, int flags);
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
-								int flags);
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
-
-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
-			      STACK_OF(X509_ALGOR) *cap);
-STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
-int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
-
-int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid);
-int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t);
-int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
-				const unsigned char *md, int mdlen);
-
-int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
-PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
-
-BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PKCS7_strings(void);
-
-/* Error codes for the PKCS7 functions. */
-
-/* Function codes. */
-#define PKCS7_F_B64_READ_PKCS7				 120
-#define PKCS7_F_B64_WRITE_PKCS7				 121
-#define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB			 136
-#define PKCS7_F_I2D_PKCS7_BIO_STREAM			 140
-#define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME		 135
-#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP		 118
-#define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100
-#define PKCS7_F_PKCS7_ADD_CRL				 101
-#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102
-#define PKCS7_F_PKCS7_ADD_SIGNATURE			 131
-#define PKCS7_F_PKCS7_ADD_SIGNER			 103
-#define PKCS7_F_PKCS7_BIO_ADD_DIGEST			 125
-#define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST		 138
-#define PKCS7_F_PKCS7_CTRL				 104
-#define PKCS7_F_PKCS7_DATADECODE			 112
-#define PKCS7_F_PKCS7_DATAFINAL				 128
-#define PKCS7_F_PKCS7_DATAINIT				 105
-#define PKCS7_F_PKCS7_DATASIGN				 106
-#define PKCS7_F_PKCS7_DATAVERIFY			 107
-#define PKCS7_F_PKCS7_DECRYPT				 114
-#define PKCS7_F_PKCS7_DECRYPT_RINFO			 133
-#define PKCS7_F_PKCS7_ENCODE_RINFO			 132
-#define PKCS7_F_PKCS7_ENCRYPT				 115
-#define PKCS7_F_PKCS7_FINAL				 134
-#define PKCS7_F_PKCS7_FIND_DIGEST			 127
-#define PKCS7_F_PKCS7_GET0_SIGNERS			 124
-#define PKCS7_F_PKCS7_RECIP_INFO_SET			 130
-#define PKCS7_F_PKCS7_SET_CIPHER			 108
-#define PKCS7_F_PKCS7_SET_CONTENT			 109
-#define PKCS7_F_PKCS7_SET_DIGEST			 126
-#define PKCS7_F_PKCS7_SET_TYPE				 110
-#define PKCS7_F_PKCS7_SIGN				 116
-#define PKCS7_F_PKCS7_SIGNATUREVERIFY			 113
-#define PKCS7_F_PKCS7_SIGNER_INFO_SET			 129
-#define PKCS7_F_PKCS7_SIGNER_INFO_SIGN			 139
-#define PKCS7_F_PKCS7_SIGN_ADD_SIGNER			 137
-#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP			 119
-#define PKCS7_F_PKCS7_VERIFY				 117
-#define PKCS7_F_SMIME_READ_PKCS7			 122
-#define PKCS7_F_SMIME_TEXT				 123
-
-/* Reason codes. */
-#define PKCS7_R_CERTIFICATE_VERIFY_ERROR		 117
-#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 144
-#define PKCS7_R_CIPHER_NOT_INITIALIZED			 116
-#define PKCS7_R_CONTENT_AND_DATA_PRESENT		 118
-#define PKCS7_R_CTRL_ERROR				 152
-#define PKCS7_R_DECODE_ERROR				 130
-#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH		 100
-#define PKCS7_R_DECRYPT_ERROR				 119
-#define PKCS7_R_DIGEST_FAILURE				 101
-#define PKCS7_R_ENCRYPTION_CTRL_FAILURE			 149
-#define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
-#define PKCS7_R_ERROR_ADDING_RECIPIENT			 120
-#define PKCS7_R_ERROR_SETTING_CIPHER			 121
-#define PKCS7_R_INVALID_MIME_TYPE			 131
-#define PKCS7_R_INVALID_NULL_POINTER			 143
-#define PKCS7_R_INVALID_SIGNED_DATA_TYPE		 155
-#define PKCS7_R_MIME_NO_CONTENT_TYPE			 132
-#define PKCS7_R_MIME_PARSE_ERROR			 133
-#define PKCS7_R_MIME_SIG_PARSE_ERROR			 134
-#define PKCS7_R_MISSING_CERIPEND_INFO			 103
-#define PKCS7_R_NO_CONTENT				 122
-#define PKCS7_R_NO_CONTENT_TYPE				 135
-#define PKCS7_R_NO_DEFAULT_DIGEST			 151
-#define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND		 154
-#define PKCS7_R_NO_MULTIPART_BODY_FAILURE		 136
-#define PKCS7_R_NO_MULTIPART_BOUNDARY			 137
-#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE	 115
-#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY		 146
-#define PKCS7_R_NO_SIGNATURES_ON_DATA			 123
-#define PKCS7_R_NO_SIGNERS				 142
-#define PKCS7_R_NO_SIG_CONTENT_TYPE			 138
-#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE	 104
-#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR		 124
-#define PKCS7_R_PKCS7_ADD_SIGNER_ERROR			 153
-#define PKCS7_R_PKCS7_DATAFINAL				 126
-#define PKCS7_R_PKCS7_DATAFINAL_ERROR			 125
-#define PKCS7_R_PKCS7_DATASIGN				 145
-#define PKCS7_R_PKCS7_PARSE_ERROR			 139
-#define PKCS7_R_PKCS7_SIG_PARSE_ERROR			 140
-#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 127
-#define PKCS7_R_SIGNATURE_FAILURE			 105
-#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND		 128
-#define PKCS7_R_SIGNING_CTRL_FAILURE			 147
-#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE	 148
-#define PKCS7_R_SIG_INVALID_MIME_TYPE			 141
-#define PKCS7_R_SMIME_TEXT_ERROR			 129
-#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE		 106
-#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 107
-#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 108
-#define PKCS7_R_UNKNOWN_DIGEST_TYPE			 109
-#define PKCS7_R_UNKNOWN_OPERATION			 110
-#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 111
-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 112
-#define PKCS7_R_WRONG_CONTENT_TYPE			 113
-#define PKCS7_R_WRONG_PKCS7_TYPE			 114
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c
deleted file mode 100644
index f3db08e007..0000000000
--- a/crypto/pkcs7/pkcs7err.c
+++ /dev/null
@@ -1,188 +0,0 @@
-/* crypto/pkcs7/pkcs7err.c */
-/* ====================================================================
- * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/pkcs7.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
-
-static ERR_STRING_DATA PKCS7_str_functs[]=
-	{
-{ERR_FUNC(PKCS7_F_B64_READ_PKCS7),	"B64_READ_PKCS7"},
-{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7),	"B64_WRITE_PKCS7"},
-{ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB),	"DO_PKCS7_SIGNED_ATTRIB"},
-{ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM),	"i2d_PKCS7_bio_stream"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME),	"PKCS7_add0_attrib_signing_time"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),	"PKCS7_add_attrib_smimecap"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE),	"PKCS7_add_certificate"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL),	"PKCS7_add_crl"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO),	"PKCS7_add_recipient_info"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE),	"PKCS7_add_signature"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER),	"PKCS7_add_signer"},
-{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST),	"PKCS7_BIO_ADD_DIGEST"},
-{ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST),	"PKCS7_COPY_EXISTING_DIGEST"},
-{ERR_FUNC(PKCS7_F_PKCS7_CTRL),	"PKCS7_ctrl"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE),	"PKCS7_dataDecode"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL),	"PKCS7_dataFinal"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT),	"PKCS7_dataInit"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN),	"PKCS7_DATASIGN"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY),	"PKCS7_dataVerify"},
-{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT),	"PKCS7_decrypt"},
-{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO),	"PKCS7_DECRYPT_RINFO"},
-{ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO),	"PKCS7_ENCODE_RINFO"},
-{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT),	"PKCS7_encrypt"},
-{ERR_FUNC(PKCS7_F_PKCS7_FINAL),	"PKCS7_final"},
-{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST),	"PKCS7_FIND_DIGEST"},
-{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS),	"PKCS7_get0_signers"},
-{ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET),	"PKCS7_RECIP_INFO_set"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER),	"PKCS7_set_cipher"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT),	"PKCS7_set_content"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST),	"PKCS7_set_digest"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE),	"PKCS7_set_type"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGN),	"PKCS7_sign"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY),	"PKCS7_signatureVerify"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET),	"PKCS7_SIGNER_INFO_set"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN),	"PKCS7_SIGNER_INFO_sign"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER),	"PKCS7_sign_add_signer"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP),	"PKCS7_simple_smimecap"},
-{ERR_FUNC(PKCS7_F_PKCS7_VERIFY),	"PKCS7_verify"},
-{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7),	"SMIME_read_PKCS7"},
-{ERR_FUNC(PKCS7_F_SMIME_TEXT),	"SMIME_text"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA PKCS7_str_reasons[]=
-	{
-{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
-{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"},
-{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"},
-{ERR_REASON(PKCS7_R_CTRL_ERROR)          ,"ctrl error"},
-{ERR_REASON(PKCS7_R_DECODE_ERROR)        ,"decode error"},
-{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"},
-{ERR_REASON(PKCS7_R_DECRYPT_ERROR)       ,"decrypt error"},
-{ERR_REASON(PKCS7_R_DIGEST_FAILURE)      ,"digest failure"},
-{ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE),"encryption ctrl failure"},
-{ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"encryption not supported for this key type"},
-{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"},
-{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
-{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE)   ,"invalid mime type"},
-{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},
-{ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE),"invalid signed data type"},
-{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},
-{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR)    ,"mime parse error"},
-{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},
-{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"},
-{ERR_REASON(PKCS7_R_NO_CONTENT)          ,"no content"},
-{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE)     ,"no content type"},
-{ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST)   ,"no default digest"},
-{ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),"no matching digest type found"},
-{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
-{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"},
-{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},
-{ERR_REASON(PKCS7_R_NO_SIGNERS)          ,"no signers"},
-{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
-{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
-{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
-{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR),"pkcs7 add signer error"},
-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL)     ,"pkcs7 datafinal"},
-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
-{ERR_REASON(PKCS7_R_PKCS7_DATASIGN)      ,"pkcs7 datasign"},
-{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR)   ,"pkcs7 parse error"},
-{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"},
-{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE)   ,"signature failure"},
-{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE),"signing ctrl failure"},
-{ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"signing not supported for this key type"},
-{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
-{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR)    ,"smime text error"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"},
-{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"},
-{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION)   ,"unknown operation"},
-{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"},
-{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
-{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE)  ,"wrong content type"},
-{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE)    ,"wrong pkcs7 type"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_PKCS7_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,PKCS7_str_functs);
-		ERR_load_strings(0,PKCS7_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/ppccpuid.pl b/crypto/ppccpuid.pl
deleted file mode 100755
index 4ba736a1d1..0000000000
--- a/crypto/ppccpuid.pl
+++ /dev/null
@@ -1,132 +0,0 @@
-#!/usr/bin/env perl
-
-$flavour = shift;
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}perlasm/ppc-xlate.pl" and -f $xlate) or
-die "can't locate ppc-xlate.pl";
-
-open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
-
-if ($flavour=~/64/) {
-    $CMPLI="cmpldi";
-    $SHRLI="srdi";
-    $SIGNX="extsw";
-} else {
-    $CMPLI="cmplwi";
-    $SHRLI="srwi";
-    $SIGNX="mr";
-}
-
-$code=<<___;
-.machine	"any"
-.text
-
-.globl	.OPENSSL_ppc64_probe
-.align	4
-.OPENSSL_ppc64_probe:
-	fcfid	f1,f1
-	extrdi	r0,r0,32,0
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-
-.globl	.OPENSSL_altivec_probe
-.align	4
-.OPENSSL_altivec_probe:
-	.long	0x10000484	# vor	v0,v0,v0
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-
-.globl	.OPENSSL_wipe_cpu
-.align	4
-.OPENSSL_wipe_cpu:
-	xor	r0,r0,r0
-	fmr	f0,f31
-	fmr	f1,f31
-	fmr	f2,f31
-	mr	r3,r1
-	fmr	f3,f31
-	xor	r4,r4,r4
-	fmr	f4,f31
-	xor	r5,r5,r5
-	fmr	f5,f31
-	xor	r6,r6,r6
-	fmr	f6,f31
-	xor	r7,r7,r7
-	fmr	f7,f31
-	xor	r8,r8,r8
-	fmr	f8,f31
-	xor	r9,r9,r9
-	fmr	f9,f31
-	xor	r10,r10,r10
-	fmr	f10,f31
-	xor	r11,r11,r11
-	fmr	f11,f31
-	xor	r12,r12,r12
-	fmr	f12,f31
-	fmr	f13,f31
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-
-.globl	.OPENSSL_atomic_add
-.align	4
-.OPENSSL_atomic_add:
-Ladd:	lwarx	r5,0,r3
-	add	r0,r4,r5
-	stwcx.	r0,0,r3
-	bne-	Ladd
-	$SIGNX	r3,r0
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,2,0
-	.long	0
-
-.globl	.OPENSSL_rdtsc
-.align	4
-.OPENSSL_rdtsc:
-	mftb	r3
-	mftbu	r4
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-
-.globl	.OPENSSL_cleanse
-.align	4
-.OPENSSL_cleanse:
-	$CMPLI	r4,7
-	li	r0,0
-	bge	Lot
-	$CMPLI	r4,0
-	beqlr-
-Little:	mtctr	r4
-	stb	r0,0(r3)
-	addi	r3,r3,1
-	bdnz	\$-8
-	blr
-Lot:	andi.	r5,r3,3
-	beq	Laligned
-	stb	r0,0(r3)
-	subi	r4,r4,1
-	addi	r3,r3,1
-	b	Lot
-Laligned:
-	$SHRLI	r5,r4,2
-	mtctr	r5
-	stw	r0,0(r3)
-	addi	r3,r3,4
-	bdnz	\$-8
-	andi.	r4,r4,3
-	bne	Little
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,2,0
-	.long	0
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/pqueue/pq_test.c b/crypto/pqueue/pq_test.c
deleted file mode 100644
index 8d496dfc65..0000000000
--- a/crypto/pqueue/pq_test.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/* crypto/pqueue/pq_test.c */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "pqueue.h"
-
-int
-main(void)
-	{
-	pitem *item;
-	pqueue pq;
-
-	pq = pqueue_new();
-
-	item = pitem_new(3, NULL);
-	pqueue_insert(pq, item);
-
-	item = pitem_new(1, NULL);
-	pqueue_insert(pq, item);
-
-	item = pitem_new(2, NULL);
-	pqueue_insert(pq, item);
-
-	item = pqueue_find(pq, 1);
-	fprintf(stderr, "found %ld\n", item->priority);
-
-	item = pqueue_find(pq, 2);
-	fprintf(stderr, "found %ld\n", item->priority);
-
-	item = pqueue_find(pq, 3);
-	fprintf(stderr, "found %ld\n", item ? item->priority: 0);
-
-	pqueue_print(pq);
-
-	for(item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))
-		pitem_free(item);
-
-	pqueue_free(pq);
-	return 0;
-	}
diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c
deleted file mode 100644
index eab13a1250..0000000000
--- a/crypto/pqueue/pqueue.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/* crypto/pqueue/pqueue.c */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include "pqueue.h"
-
-typedef struct _pqueue
-	{
-	pitem *items;
-	int count;
-	} pqueue_s;
-
-pitem *
-pitem_new(unsigned char *prio64be, void *data)
-	{
-	pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem));
-	if (item == NULL) return NULL;
-
-	memcpy(item->priority,prio64be,sizeof(item->priority));
-
-	item->data = data;
-	item->next = NULL;
-
-	return item;
-	}
-
-void
-pitem_free(pitem *item)
-	{
-	if (item == NULL) return;
-
-	OPENSSL_free(item);
-	}
-
-pqueue_s *
-pqueue_new()
-	{
-	pqueue_s *pq = (pqueue_s *) OPENSSL_malloc(sizeof(pqueue_s));
-	if (pq == NULL) return NULL;
-
-	memset(pq, 0x00, sizeof(pqueue_s));
-	return pq;
-	}
-
-void
-pqueue_free(pqueue_s *pq)
-	{
-	if (pq == NULL) return;
-
-	OPENSSL_free(pq);
-	}
-
-pitem *
-pqueue_insert(pqueue_s *pq, pitem *item)
-	{
-	pitem *curr, *next;
-
-	if (pq->items == NULL)
-		{
-		pq->items = item;
-		return item;
-		}
-
-	for(curr = NULL, next = pq->items; 
-		next != NULL;
-		curr = next, next = next->next)
-		{
-		/* we can compare 64-bit value in big-endian encoding
-		 * with memcmp:-) */
-		int cmp = memcmp(next->priority, item->priority,8);
-		if (cmp > 0)		/* next > item */
-			{
-			item->next = next;
-
-			if (curr == NULL) 
-				pq->items = item;
-			else  
-				curr->next = item;
-
-			return item;
-			}
-		
-		else if (cmp == 0)	/* duplicates not allowed */
-			return NULL;
-		}
-
-	item->next = NULL;
-	curr->next = item;
-
-	return item;
-	}
-
-pitem *
-pqueue_peek(pqueue_s *pq)
-	{
-	return pq->items;
-	}
-
-pitem *
-pqueue_pop(pqueue_s *pq)
-	{
-	pitem *item = pq->items;
-
-	if (pq->items != NULL)
-		pq->items = pq->items->next;
-
-	return item;
-	}
-
-pitem *
-pqueue_find(pqueue_s *pq, unsigned char *prio64be)
-	{
-	pitem *next;
-	pitem *found = NULL;
-
-	if ( pq->items == NULL)
-		return NULL;
-
-	for ( next = pq->items; next->next != NULL; next = next->next)
-		{
-		if ( memcmp(next->priority, prio64be,8) == 0)
-			{
-			found = next;
-			break;
-			}
-		}
-	
-	/* check the one last node */
-	if ( memcmp(next->priority, prio64be,8) ==0)
-		found = next;
-
-	if ( ! found)
-		return NULL;
-
-#if 0 /* find works in peek mode */
-	if ( prev == NULL)
-		pq->items = next->next;
-	else
-		prev->next = next->next;
-#endif
-
-	return found;
-	}
-
-void
-pqueue_print(pqueue_s *pq)
-	{
-	pitem *item = pq->items;
-
-	while(item != NULL)
-		{
-		printf("item\t%02x%02x%02x%02x%02x%02x%02x%02x\n",
-			item->priority[0],item->priority[1],
-			item->priority[2],item->priority[3],
-			item->priority[4],item->priority[5],
-			item->priority[6],item->priority[7]);
-		item = item->next;
-		}
-	}
-
-pitem *
-pqueue_iterator(pqueue_s *pq)
-	{
-	return pqueue_peek(pq);
-	}
-
-pitem *
-pqueue_next(pitem **item)
-	{
-	pitem *ret;
-
-	if ( item == NULL || *item == NULL)
-		return NULL;
-
-
-	/* *item != NULL */
-	ret = *item;
-	*item = (*item)->next;
-
-	return ret;
-	}
-
-int
-pqueue_size(pqueue_s *pq)
-{
-	pitem *item = pq->items;
-	int count = 0;
-	
-	while(item != NULL)
-	{
-		count++;
-		item = item->next;
-	}
-	return count;
-}
diff --git a/crypto/pqueue/pqueue.h b/crypto/pqueue/pqueue.h
deleted file mode 100644
index 26b5348089..0000000000
--- a/crypto/pqueue/pqueue.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/* crypto/pqueue/pqueue.h */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_PQUEUE_H
-#define HEADER_PQUEUE_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-typedef struct _pqueue *pqueue;
-
-typedef struct _pitem
-	{
-	unsigned char priority[8]; /* 64-bit value in big-endian encoding */
-	void *data;
-	struct _pitem *next;
-	} pitem;
-
-typedef struct _pitem *piterator;
-
-pitem *pitem_new(unsigned char *prio64be, void *data);
-void   pitem_free(pitem *item);
-
-pqueue pqueue_new(void);
-void   pqueue_free(pqueue pq);
-
-pitem *pqueue_insert(pqueue pq, pitem *item);
-pitem *pqueue_peek(pqueue pq);
-pitem *pqueue_pop(pqueue pq);
-pitem *pqueue_find(pqueue pq, unsigned char *prio64be);
-pitem *pqueue_iterator(pqueue pq);
-pitem *pqueue_next(piterator *iter);
-
-void   pqueue_print(pqueue pq);
-int    pqueue_size(pqueue pq);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif /* ! HEADER_PQUEUE_H */
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
deleted file mode 100644
index 888b4eb8dd..0000000000
--- a/crypto/rand/md_rand.c
+++ /dev/null
@@ -1,597 +0,0 @@
-/* crypto/rand/md_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define OPENSSL_FIPSEVP
-
-#ifdef MD_RAND_DEBUG
-# ifndef NDEBUG
-#   define NDEBUG
-# endif
-#endif
-
-#include <assert.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#include <openssl/err.h>
-
-#ifdef BN_DEBUG
-# define PREDICT
-#endif
-
-/* #define PREDICT	1 */
-
-#define STATE_SIZE	1023
-static int state_num=0,state_index=0;
-static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
-static unsigned char md[MD_DIGEST_LENGTH];
-static long md_count[2]={0,0};
-static double entropy=0;
-static int initialized=0;
-
-static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
-                                           * holds CRYPTO_LOCK_RAND
-                                           * (to prevent double locking) */
-/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
-static CRYPTO_THREADID locking_threadid; /* valid iff crypto_lock_rand is set */
-
-
-#ifdef PREDICT
-int rand_predictable=0;
-#endif
-
-const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
-
-static void ssleay_rand_cleanup(void);
-static void ssleay_rand_seed(const void *buf, int num);
-static void ssleay_rand_add(const void *buf, int num, double add_entropy);
-static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num);
-static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
-static int ssleay_rand_status(void);
-
-RAND_METHOD rand_ssleay_meth={
-	ssleay_rand_seed,
-	ssleay_rand_nopseudo_bytes,
-	ssleay_rand_cleanup,
-	ssleay_rand_add,
-	ssleay_rand_pseudo_bytes,
-	ssleay_rand_status
-	}; 
-
-RAND_METHOD *RAND_SSLeay(void)
-	{
-	return(&rand_ssleay_meth);
-	}
-
-static void ssleay_rand_cleanup(void)
-	{
-	OPENSSL_cleanse(state,sizeof(state));
-	state_num=0;
-	state_index=0;
-	OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
-	md_count[0]=0;
-	md_count[1]=0;
-	entropy=0;
-	initialized=0;
-	}
-
-static void ssleay_rand_add(const void *buf, int num, double add)
-	{
-	int i,j,k,st_idx;
-	long md_c[2];
-	unsigned char local_md[MD_DIGEST_LENGTH];
-	EVP_MD_CTX m;
-	int do_not_lock;
-
-	if (!num)
-		return;
-
-	/*
-	 * (Based on the rand(3) manpage)
-	 *
-	 * The input is chopped up into units of 20 bytes (or less for
-	 * the last block).  Each of these blocks is run through the hash
-	 * function as follows:  The data passed to the hash function
-	 * is the current 'md', the same number of bytes from the 'state'
-	 * (the location determined by in incremented looping index) as
-	 * the current 'block', the new key data 'block', and 'count'
-	 * (which is incremented after each use).
-	 * The result of this is kept in 'md' and also xored into the
-	 * 'state' at the same locations that were used as input into the
-         * hash function.
-	 */
-
-	/* check if we already have the lock */
-	if (crypto_lock_rand)
-		{
-		CRYPTO_THREADID cur;
-		CRYPTO_THREADID_current(&cur);
-		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-		do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
-		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
-		}
-	else
-		do_not_lock = 0;
-
-	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-	st_idx=state_index;
-
-	/* use our own copies of the counters so that even
-	 * if a concurrent thread seeds with exactly the
-	 * same data and uses the same subarray there's _some_
-	 * difference */
-	md_c[0] = md_count[0];
-	md_c[1] = md_count[1];
-
-	memcpy(local_md, md, sizeof md);
-
-	/* state_index <= state_num <= STATE_SIZE */
-	state_index += num;
-	if (state_index >= STATE_SIZE)
-		{
-		state_index%=STATE_SIZE;
-		state_num=STATE_SIZE;
-		}
-	else if (state_num < STATE_SIZE)	
-		{
-		if (state_index > state_num)
-			state_num=state_index;
-		}
-	/* state_index <= state_num <= STATE_SIZE */
-
-	/* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE]
-	 * are what we will use now, but other threads may use them
-	 * as well */
-
-	md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
-
-	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-	EVP_MD_CTX_init(&m);
-	for (i=0; i<num; i+=MD_DIGEST_LENGTH)
-		{
-		j=(num-i);
-		j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
-
-		MD_Init(&m);
-		MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-		k=(st_idx+j)-STATE_SIZE;
-		if (k > 0)
-			{
-			MD_Update(&m,&(state[st_idx]),j-k);
-			MD_Update(&m,&(state[0]),k);
-			}
-		else
-			MD_Update(&m,&(state[st_idx]),j);
-
-		/* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */
-		MD_Update(&m,buf,j);
-		/* We know that line may cause programs such as
-		   purify and valgrind to complain about use of
-		   uninitialized data.  The problem is not, it's
-		   with the caller.  Removing that line will make
-		   sure you get really bad randomness and thereby
-		   other problems such as very insecure keys. */
-
-		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-		MD_Final(&m,local_md);
-		md_c[1]++;
-
-		buf=(const char *)buf + j;
-
-		for (k=0; k<j; k++)
-			{
-			/* Parallel threads may interfere with this,
-			 * but always each byte of the new state is
-			 * the XOR of some previous value of its
-			 * and local_md (itermediate values may be lost).
-			 * Alway using locking could hurt performance more
-			 * than necessary given that conflicts occur only
-			 * when the total seeding is longer than the random
-			 * state. */
-			state[st_idx++]^=local_md[k];
-			if (st_idx >= STATE_SIZE)
-				st_idx=0;
-			}
-		}
-	EVP_MD_CTX_cleanup(&m);
-
-	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-	/* Don't just copy back local_md into md -- this could mean that
-	 * other thread's seeding remains without effect (except for
-	 * the incremented counter).  By XORing it we keep at least as
-	 * much entropy as fits into md. */
-	for (k = 0; k < (int)sizeof(md); k++)
-		{
-		md[k] ^= local_md[k];
-		}
-	if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
-	    entropy += add;
-	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-	
-#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
-	assert(md_c[1] == md_count[1]);
-#endif
-	}
-
-static void ssleay_rand_seed(const void *buf, int num)
-	{
-	ssleay_rand_add(buf, num, (double)num);
-	}
-
-int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
-	{
-	static volatile int stirred_pool = 0;
-	int i,j,k,st_num,st_idx;
-	int num_ceil;
-	int ok;
-	long md_c[2];
-	unsigned char local_md[MD_DIGEST_LENGTH];
-	EVP_MD_CTX m;
-#ifndef GETPID_IS_MEANINGLESS
-	pid_t curr_pid = getpid();
-#endif
-	int do_stir_pool = 0;
-
-#ifdef PREDICT
-	if (rand_predictable)
-		{
-		static unsigned char val=0;
-
-		for (i=0; i<num; i++)
-			buf[i]=val++;
-		return(1);
-		}
-#endif
-
-	if (num <= 0)
-		return 1;
-
-	EVP_MD_CTX_init(&m);
-	/* round upwards to multiple of MD_DIGEST_LENGTH/2 */
-	num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
-
-	/*
-	 * (Based on the rand(3) manpage:)
-	 *
-	 * For each group of 10 bytes (or less), we do the following:
-	 *
-	 * Input into the hash function the local 'md' (which is initialized from
-	 * the global 'md' before any bytes are generated), the bytes that are to
-	 * be overwritten by the random bytes, and bytes from the 'state'
-	 * (incrementing looping index). From this digest output (which is kept
-	 * in 'md'), the top (up to) 10 bytes are returned to the caller and the
-	 * bottom 10 bytes are xored into the 'state'.
-	 * 
-	 * Finally, after we have finished 'num' random bytes for the
-	 * caller, 'count' (which is incremented) and the local and global 'md'
-	 * are fed into the hash function and the results are kept in the
-	 * global 'md'.
-	 */
-	if (lock)
-		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
-	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
-	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-	CRYPTO_THREADID_current(&locking_threadid);
-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
-	crypto_lock_rand = 1;
-
-	if (!initialized)
-		{
-		RAND_poll();
-		initialized = 1;
-		}
-	
-	if (!stirred_pool)
-		do_stir_pool = 1;
-	
-	ok = (entropy >= ENTROPY_NEEDED);
-	if (!ok)
-		{
-		/* If the PRNG state is not yet unpredictable, then seeing
-		 * the PRNG output may help attackers to determine the new
-		 * state; thus we have to decrease the entropy estimate.
-		 * Once we've had enough initial seeding we don't bother to
-		 * adjust the entropy count, though, because we're not ambitious
-		 * to provide *information-theoretic* randomness.
-		 *
-		 * NOTE: This approach fails if the program forks before
-		 * we have enough entropy. Entropy should be collected
-		 * in a separate input pool and be transferred to the
-		 * output pool only when the entropy limit has been reached.
-		 */
-		entropy -= num;
-		if (entropy < 0)
-			entropy = 0;
-		}
-
-	if (do_stir_pool)
-		{
-		/* In the output function only half of 'md' remains secret,
-		 * so we better make sure that the required entropy gets
-		 * 'evenly distributed' through 'state', our randomness pool.
-		 * The input function (ssleay_rand_add) chains all of 'md',
-		 * which makes it more suitable for this purpose.
-		 */
-
-		int n = STATE_SIZE; /* so that the complete pool gets accessed */
-		while (n > 0)
-			{
-#if MD_DIGEST_LENGTH > 20
-# error "Please adjust DUMMY_SEED."
-#endif
-#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
-			/* Note that the seed does not matter, it's just that
-			 * ssleay_rand_add expects to have something to hash. */
-			ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
-			n -= MD_DIGEST_LENGTH;
-			}
-		if (ok)
-			stirred_pool = 1;
-		}
-
-	st_idx=state_index;
-	st_num=state_num;
-	md_c[0] = md_count[0];
-	md_c[1] = md_count[1];
-	memcpy(local_md, md, sizeof md);
-
-	state_index+=num_ceil;
-	if (state_index > state_num)
-		state_index %= state_num;
-
-	/* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num]
-	 * are now ours (but other threads may use them too) */
-
-	md_count[0] += 1;
-
-	/* before unlocking, we must clear 'crypto_lock_rand' */
-	crypto_lock_rand = 0;
-	if (lock)
-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-	while (num > 0)
-		{
-		/* num_ceil -= MD_DIGEST_LENGTH/2 */
-		j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
-		num-=j;
-		MD_Init(&m);
-#ifndef GETPID_IS_MEANINGLESS
-		if (curr_pid) /* just in the first iteration to save time */
-			{
-			MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid);
-			curr_pid = 0;
-			}
-#endif
-		MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-
-#ifndef PURIFY /* purify complains */
-		/* The following line uses the supplied buffer as a small
-		 * source of entropy: since this buffer is often uninitialised
-		 * it may cause programs such as purify or valgrind to
-		 * complain. So for those builds it is not used: the removal
-		 * of such a small source of entropy has negligible impact on
-		 * security.
-		 */
-		MD_Update(&m,buf,j);
-#endif
-
-		k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
-		if (k > 0)
-			{
-			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
-			MD_Update(&m,&(state[0]),k);
-			}
-		else
-			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
-		MD_Final(&m,local_md);
-
-		for (i=0; i<MD_DIGEST_LENGTH/2; i++)
-			{
-			state[st_idx++]^=local_md[i]; /* may compete with other threads */
-			if (st_idx >= st_num)
-				st_idx=0;
-			if (i < j)
-				*(buf++)=local_md[i+MD_DIGEST_LENGTH/2];
-			}
-		}
-
-	MD_Init(&m);
-	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-	if (lock)
-		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-	MD_Update(&m,md,MD_DIGEST_LENGTH);
-	MD_Final(&m,md);
-	if (lock)
-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-	EVP_MD_CTX_cleanup(&m);
-	if (ok)
-		return(1);
-	else if (pseudo)
-		return 0;
-	else 
-		{
-		RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
-		ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
-			"http://www.openssl.org/support/faq.html");
-		return(0);
-		}
-	}
-
-static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num)
-	{
-	return ssleay_rand_bytes(buf, num, 0, 1);
-	}
-
-/* pseudo-random bytes that are guaranteed to be unique but not
-   unpredictable */
-static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
-	{
-	return ssleay_rand_bytes(buf, num, 1, 1);
-	}
-
-static int ssleay_rand_status(void)
-	{
-	CRYPTO_THREADID cur;
-	int ret;
-	int do_not_lock;
-
-	CRYPTO_THREADID_current(&cur);
-	/* check if we already have the lock
-	 * (could happen if a RAND_poll() implementation calls RAND_status()) */
-	if (crypto_lock_rand)
-		{
-		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-		do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur);
-		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
-		}
-	else
-		do_not_lock = 0;
-	
-	if (!do_not_lock)
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-		
-		/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
-		CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-		CRYPTO_THREADID_cpy(&locking_threadid, &cur);
-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
-		crypto_lock_rand = 1;
-		}
-	
-	if (!initialized)
-		{
-		RAND_poll();
-		initialized = 1;
-		}
-
-	ret = entropy >= ENTROPY_NEEDED;
-
-	if (!do_not_lock)
-		{
-		/* before unlocking, we must clear 'crypto_lock_rand' */
-		crypto_lock_rand = 0;
-		
-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-		}
-	
-	return ret;
-	}
diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h
deleted file mode 100644
index bb5520e80a..0000000000
--- a/crypto/rand/rand.h
+++ /dev/null
@@ -1,150 +0,0 @@
-/* crypto/rand/rand.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RAND_H
-#define HEADER_RAND_H
-
-#include <stdlib.h>
-#include <openssl/ossl_typ.h>
-#include <openssl/e_os2.h>
-
-#if defined(OPENSSL_SYS_WINDOWS)
-#include <windows.h>
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T size_t
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct rand_meth_st RAND_METHOD; */
-
-struct rand_meth_st
-	{
-	void (*seed)(const void *buf, int num);
-	int (*bytes)(unsigned char *buf, int num);
-	void (*cleanup)(void);
-	void (*add)(const void *buf, int num, double entropy);
-	int (*pseudorand)(unsigned char *buf, int num);
-	int (*status)(void);
-	};
-
-#ifdef BN_DEBUG
-extern int rand_predictable;
-#endif
-
-int RAND_set_rand_method(const RAND_METHOD *meth);
-const RAND_METHOD *RAND_get_rand_method(void);
-#ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine);
-#endif
-RAND_METHOD *RAND_SSLeay(void);
-void RAND_cleanup(void );
-int  RAND_bytes(unsigned char *buf,int num);
-int  RAND_pseudo_bytes(unsigned char *buf,int num);
-void RAND_seed(const void *buf,int num);
-void RAND_add(const void *buf,int num,double entropy);
-int  RAND_load_file(const char *file,long max_bytes);
-int  RAND_write_file(const char *file);
-const char *RAND_file_name(char *file,size_t num);
-int RAND_status(void);
-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
-int RAND_egd(const char *path);
-int RAND_egd_bytes(const char *path,int bytes);
-int RAND_poll(void);
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-
-void RAND_screen(void);
-int RAND_event(UINT, WPARAM, LPARAM);
-
-#endif
-
-#ifdef OPENSSL_FIPS
-void RAND_set_fips_drbg_type(int type, int flags);
-int RAND_init_fips(void);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_RAND_strings(void);
-
-/* Error codes for the RAND functions. */
-
-/* Function codes. */
-#define RAND_F_RAND_GET_RAND_METHOD			 101
-#define RAND_F_RAND_INIT_FIPS				 102
-#define RAND_F_SSLEAY_RAND_BYTES			 100
-
-/* Reason codes. */
-#define RAND_R_DUAL_EC_DRBG_DISABLED			 104
-#define RAND_R_ERROR_INITIALISING_DRBG			 102
-#define RAND_R_ERROR_INSTANTIATING_DRBG			 103
-#define RAND_R_NO_FIPS_RANDOM_METHOD_SET		 101
-#define RAND_R_PRNG_NOT_SEEDED				 100
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
deleted file mode 100644
index d53b916ebe..0000000000
--- a/crypto/rand/rand_egd.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/* crypto/rand/rand_egd.c */
-/* Written by Ulf Moeller and Lutz Jaenicke for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/e_os2.h>
-#include <openssl/rand.h>
-#include <openssl/buffer.h>
-
-/*
- * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
- *
- * This module supplies three routines:
- *
- * RAND_query_egd_bytes(path, buf, bytes)
- *   will actually query "bytes" bytes of entropy form the egd-socket located
- *   at path and will write them to buf (if supplied) or will directly feed
- *   it to RAND_seed() if buf==NULL.
- *   The number of bytes is not limited by the maximum chunk size of EGD,
- *   which is 255 bytes. If more than 255 bytes are wanted, several chunks
- *   of entropy bytes are requested. The connection is left open until the
- *   query is competed.
- *   RAND_query_egd_bytes() returns with
- *     -1  if an error occured during connection or communication.
- *     num the number of bytes read from the EGD socket. This number is either
- *         the number of bytes requested or smaller, if the EGD pool is
- *         drained and the daemon signals that the pool is empty.
- *   This routine does not touch any RAND_status(). This is necessary, since
- *   PRNG functions may call it during initialization.
- *
- * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them
- *   used to seed the PRNG.
- *   RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
- *   Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
- *   seed status so that the return value can reflect the seed state:
- *     -1  if an error occured during connection or communication _or_
- *         if the PRNG has still not received the required seeding.
- *     num the number of bytes read from the EGD socket. This number is either
- *         the number of bytes requested or smaller, if the EGD pool is
- *         drained and the daemon signals that the pool is empty.
- *
- * RAND_egd(path) will query 255 bytes and use the bytes retreived to seed
- *   the PRNG.
- *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
- */
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_BEOS)
-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
-	{
-	return(-1);
-	}
-int RAND_egd(const char *path)
-	{
-	return(-1);
-	}
-
-int RAND_egd_bytes(const char *path,int bytes)
-	{
-	return(-1);
-	}
-#else
-#include <openssl/opensslconf.h>
-#include OPENSSL_UNISTD
-#include <sys/types.h>
-#include <sys/socket.h>
-#ifndef NO_SYS_UN_H
-# ifdef OPENSSL_SYS_VXWORKS
-#   include <streams/un.h>
-# else
-#   include <sys/un.h>
-# endif
-#else
-struct	sockaddr_un {
-	short	sun_family;		/* AF_UNIX */
-	char	sun_path[108];		/* path name (gag) */
-};
-#endif /* NO_SYS_UN_H */
-#include <string.h>
-#include <errno.h>
-
-#ifndef offsetof
-#  define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
-#endif
-
-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
-	{
-	int ret = 0;
-	struct sockaddr_un addr;
-	int len, num, numbytes;
-	int fd = -1;
-	int success;
-	unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
-
-	memset(&addr, 0, sizeof(addr));
-	addr.sun_family = AF_UNIX;
-	if (strlen(path) >= sizeof(addr.sun_path))
-		return (-1);
-	BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);
-	len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
-	fd = socket(AF_UNIX, SOCK_STREAM, 0);
-	if (fd == -1) return (-1);
-	success = 0;
-	while (!success)
-	    {
-	    if (connect(fd, (struct sockaddr *)&addr, len) == 0)
-	       success = 1;
-	    else
-		{
-		switch (errno)
-		    {
-#ifdef EINTR
-		    case EINTR:
-#endif
-#ifdef EAGAIN
-		    case EAGAIN:
-#endif
-#ifdef EINPROGRESS
-		    case EINPROGRESS:
-#endif
-#ifdef EALREADY
-		    case EALREADY:
-#endif
-			/* No error, try again */
-			break;
-#ifdef EISCONN
-		    case EISCONN:
-			success = 1;
-			break;
-#endif
-		    default:
-			goto err;	/* failure */
-		    }
-		}
-	    }
-
-	while(bytes > 0)
-	    {
-	    egdbuf[0] = 1;
-	    egdbuf[1] = bytes < 255 ? bytes : 255;
-	    numbytes = 0;
-	    while (numbytes != 2)
-		{
-	        num = write(fd, egdbuf + numbytes, 2 - numbytes);
-	        if (num >= 0)
-		    numbytes += num;
-	    	else
-		    {
-		    switch (errno)
-		    	{
-#ifdef EINTR
-		    	case EINTR:
-#endif
-#ifdef EAGAIN
-		    	case EAGAIN:
-#endif
-			    /* No error, try again */
-			    break;
-		    	default:
-			    ret = -1;
-			    goto err;	/* failure */
-			}
-		    }
-		}
-	    numbytes = 0;
-	    while (numbytes != 1)
-		{
-	        num = read(fd, egdbuf, 1);
-	        if (num == 0)
-			goto err;	/* descriptor closed */
-		else if (num > 0)
-		    numbytes += num;
-	    	else
-		    {
-		    switch (errno)
-		    	{
-#ifdef EINTR
-		    	case EINTR:
-#endif
-#ifdef EAGAIN
-		    	case EAGAIN:
-#endif
-			    /* No error, try again */
-			    break;
-		    	default:
-			    ret = -1;
-			    goto err;	/* failure */
-			}
-		    }
-		}
-	    if(egdbuf[0] == 0)
-		goto err;
-	    if (buf)
-		retrievebuf = buf + ret;
-	    else
-		retrievebuf = tempbuf;
-	    numbytes = 0;
-	    while (numbytes != egdbuf[0])
-		{
-	        num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
-		if (num == 0)
-			goto err;	/* descriptor closed */
-	        else if (num > 0)
-		    numbytes += num;
-	    	else
-		    {
-		    switch (errno)
-		    	{
-#ifdef EINTR
-		    	case EINTR:
-#endif
-#ifdef EAGAIN
-		    	case EAGAIN:
-#endif
-			    /* No error, try again */
-			    break;
-		    	default:
-			    ret = -1;
-			    goto err;	/* failure */
-			}
-		    }
-		}
-	    ret += egdbuf[0];
-	    bytes -= egdbuf[0];
-	    if (!buf)
-		RAND_seed(tempbuf, egdbuf[0]);
-	    }
- err:
-	if (fd != -1) close(fd);
-	return(ret);
-	}
-
-
-int RAND_egd_bytes(const char *path, int bytes)
-	{
-	int num, ret = 0;
-
-	num = RAND_query_egd_bytes(path, NULL, bytes);
-	if (num < 1) goto err;
-	if (RAND_status() == 1)
-	    ret = num;
- err:
-	return(ret);
-	}
-
-
-int RAND_egd(const char *path)
-	{
-	return (RAND_egd_bytes(path, 255));
-	}
-
-
-#endif
diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
deleted file mode 100644
index c4c80fc8cc..0000000000
--- a/crypto/rand/rand_err.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* crypto/rand/rand_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
-
-static ERR_STRING_DATA RAND_str_functs[]=
-	{
-{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD),	"RAND_get_rand_method"},
-{ERR_FUNC(RAND_F_RAND_INIT_FIPS),	"RAND_init_fips"},
-{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),	"SSLEAY_RAND_BYTES"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA RAND_str_reasons[]=
-	{
-{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"},
-{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
-{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
-{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
-{ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_RAND_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(RAND_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,RAND_str_functs);
-		ERR_load_strings(0,RAND_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
deleted file mode 100644
index 0fabf8dc5d..0000000000
--- a/crypto/rand/rand_lcl.h
+++ /dev/null
@@ -1,159 +0,0 @@
-/* crypto/rand/rand_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_RAND_LCL_H
-#define HEADER_RAND_LCL_H
-
-#define ENTROPY_NEEDED 32  /* require 256 bits = 32 bytes of randomness */
-
-
-#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-#define USE_SHA1_RAND
-#elif !defined(OPENSSL_NO_MD5)
-#define USE_MD5_RAND
-#elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-#define USE_MDC2_RAND
-#elif !defined(OPENSSL_NO_MD2)
-#define USE_MD2_RAND
-#else
-#error No message digest algorithm available
-#endif
-#endif
-
-#include <openssl/evp.h>
-#define MD_Update(a,b,c)	EVP_DigestUpdate(a,b,c)
-#define	MD_Final(a,b)		EVP_DigestFinal_ex(a,b,NULL)
-#if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
-#define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
-#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_md5(), NULL)
-#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)
-#elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
-#define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
-#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_sha1(), NULL)
-#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)
-#elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
-#define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
-#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
-#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)
-#elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
-#define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
-#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_md2(), NULL)
-#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
-#endif
-
-int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock);
-
-#endif
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
deleted file mode 100644
index 239a1cde81..0000000000
--- a/crypto/rand/rand_lib.c
+++ /dev/null
@@ -1,307 +0,0 @@
-/* crypto/rand/rand_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include "rand_lcl.h"
-#endif
-
-#ifndef OPENSSL_NO_ENGINE
-/* non-NULL if default_RAND_meth is ENGINE-provided */
-static ENGINE *funct_ref =NULL;
-#endif
-static const RAND_METHOD *default_RAND_meth = NULL;
-
-int RAND_set_rand_method(const RAND_METHOD *meth)
-	{
-#ifndef OPENSSL_NO_ENGINE
-	if(funct_ref)
-		{
-		ENGINE_finish(funct_ref);
-		funct_ref = NULL;
-		}
-#endif
-	default_RAND_meth = meth;
-	return 1;
-	}
-
-const RAND_METHOD *RAND_get_rand_method(void)
-	{
-	if (!default_RAND_meth)
-		{
-#ifndef OPENSSL_NO_ENGINE
-		ENGINE *e = ENGINE_get_default_RAND();
-		if(e)
-			{
-			default_RAND_meth = ENGINE_get_RAND(e);
-			if(!default_RAND_meth)
-				{
-				ENGINE_finish(e);
-				e = NULL;
-				}
-			}
-		if(e)
-			funct_ref = e;
-		else
-#endif
-			default_RAND_meth = RAND_SSLeay();
-		}
-	return default_RAND_meth;
-	}
-
-#ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine)
-	{
-	const RAND_METHOD *tmp_meth = NULL;
-	if(engine)
-		{
-		if(!ENGINE_init(engine))
-			return 0;
-		tmp_meth = ENGINE_get_RAND(engine);
-		if(!tmp_meth)
-			{
-			ENGINE_finish(engine);
-			return 0;
-			}
-		}
-	/* This function releases any prior ENGINE so call it first */
-	RAND_set_rand_method(tmp_meth);
-	funct_ref = engine;
-	return 1;
-	}
-#endif
-
-void RAND_cleanup(void)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->cleanup)
-		meth->cleanup();
-	RAND_set_rand_method(NULL);
-	}
-
-void RAND_seed(const void *buf, int num)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->seed)
-		meth->seed(buf,num);
-	}
-
-void RAND_add(const void *buf, int num, double entropy)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->add)
-		meth->add(buf,num,entropy);
-	}
-
-int RAND_bytes(unsigned char *buf, int num)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->bytes)
-		return meth->bytes(buf,num);
-	return(-1);
-	}
-
-int RAND_pseudo_bytes(unsigned char *buf, int num)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->pseudorand)
-		return meth->pseudorand(buf,num);
-	return(-1);
-	}
-
-int RAND_status(void)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->status)
-		return meth->status();
-	return 0;
-	}
-
-#ifdef OPENSSL_FIPS
-
-/* FIPS DRBG initialisation code. This sets up the DRBG for use by the
- * rest of OpenSSL. 
- */
-
-/* Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather
- * entropy internally through RAND_poll().
- */
-
-static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
-                                int entropy, size_t min_len, size_t max_len)
-        {
-	/* Round up request to multiple of block size */
-	min_len = ((min_len + 19) / 20) * 20;
-	*pout = OPENSSL_malloc(min_len);
-	if (!*pout)
-		return 0;
-	if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0)
-		{
-		OPENSSL_free(*pout);
-		*pout = NULL;
-		return 0;
-		}
-        return min_len;
-        }
-
-static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
-	{
-	if (out)
-		{
-		OPENSSL_cleanse(out, olen);
-		OPENSSL_free(out);
-		}
-	}
-
-/* Set "additional input" when generating random data. This uses the
- * current PID, a time value and a counter.
- */
-
-static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout)
-    	{
-	/* Use of static variables is OK as this happens under a lock */
-	static unsigned char buf[16];
-	static unsigned long counter;
-	FIPS_get_timevec(buf, &counter);
-	*pout = buf;
-	return sizeof(buf);
-	}
-
-/* RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is 
- * correctly seeded by RAND_poll().
- */
-
-static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
-				double entropy)
-	{
-	RAND_SSLeay()->add(in, inlen, entropy);
-	return 1;
-	}
-
-static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
-	{
-	RAND_SSLeay()->seed(in, inlen);
-	return 1;
-	}
-
-#ifndef OPENSSL_DRBG_DEFAULT_TYPE
-#define OPENSSL_DRBG_DEFAULT_TYPE	NID_aes_256_ctr
-#endif
-#ifndef OPENSSL_DRBG_DEFAULT_FLAGS
-#define OPENSSL_DRBG_DEFAULT_FLAGS	DRBG_FLAG_CTR_USE_DF
-#endif 
-
-static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE;
-static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS;
-
-void RAND_set_fips_drbg_type(int type, int flags)
-	{
-	fips_drbg_type = type;
-	fips_drbg_flags = flags;
-	}
-
-int RAND_init_fips(void)
-	{
-	DRBG_CTX *dctx;
-	size_t plen;
-	unsigned char pers[32], *p;
-#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
-	if (fips_drbg_type >> 16)
-		{
-		RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
-		return 0;
-		}
-#endif
-		
-	dctx = FIPS_get_default_drbg();
-        if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
-		{
-		RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG);
-		return 0;
-		}
-		
-        FIPS_drbg_set_callbacks(dctx,
-				drbg_get_entropy, drbg_free_entropy, 20,
-				drbg_get_entropy, drbg_free_entropy);
-	FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
-					drbg_rand_seed, drbg_rand_add);
-	/* Personalisation string: a string followed by date time vector */
-	strcpy((char *)pers, "OpenSSL DRBG2.0");
-	plen = drbg_get_adin(dctx, &p);
-	memcpy(pers + 16, p, plen);
-
-        if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0)
-		{
-		RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG);
-		return 0;
-		}
-        FIPS_rand_set_method(FIPS_drbg_method());
-	return 1;
-	}
-
-#endif
diff --git a/crypto/rand/rand_nw.c b/crypto/rand/rand_nw.c
deleted file mode 100644
index 8d5b8d2e32..0000000000
--- a/crypto/rand/rand_nw.c
+++ /dev/null
@@ -1,183 +0,0 @@
-/* crypto/rand/rand_nw.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#if defined (OPENSSL_SYS_NETWARE)
-
-#if defined(NETWARE_LIBC)
-#include <nks/thread.h>
-#else
-#include <nwthread.h>
-#endif
-
-extern int GetProcessSwitchCount(void);
-#if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000)
-extern void *RunningProcess; /* declare here same as found in newer NDKs */
-extern unsigned long GetSuperHighResolutionTimer(void);
-#endif
-
-   /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed
-   */
-int RAND_poll(void)
-{
-   unsigned long l;
-   unsigned long tsc;
-   int i; 
-
-      /* There are several options to gather miscellaneous data
-       * but for now we will loop checking the time stamp counter (rdtsc) and
-       * the SuperHighResolutionTimer.  Each iteration will collect 8 bytes
-       * of data but it is treated as only 1 byte of entropy.  The call to
-       * ThreadSwitchWithDelay() will introduce additional variability into
-       * the data returned by rdtsc.
-       *
-       * Applications can agument the seed material by adding additional
-       * stuff with RAND_add() and should probably do so.
-      */
-   l = GetProcessSwitchCount();
-   RAND_add(&l,sizeof(l),1);
-   
-   /* need to cast the void* to unsigned long here */
-   l = (unsigned long)RunningProcess;
-   RAND_add(&l,sizeof(l),1);
-
-   for( i=2; i<ENTROPY_NEEDED; i++)
-   {
-#ifdef __MWERKS__
-      asm 
-      {
-         rdtsc
-         mov tsc, eax        
-      }
-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-      asm volatile("rdtsc":"=a"(tsc)::"edx");
-#endif
-
-      RAND_add(&tsc, sizeof(tsc), 1);
-
-      l = GetSuperHighResolutionTimer();
-      RAND_add(&l, sizeof(l), 0);
-
-# if defined(NETWARE_LIBC)
-      NXThreadYield();
-# else /* NETWARE_CLIB */
-      ThreadSwitchWithDelay();
-# endif
-   }
-
-   return 1;
-}
-
-#endif 
-
diff --git a/crypto/rand/rand_os2.c b/crypto/rand/rand_os2.c
deleted file mode 100644
index fc1e78b179..0000000000
--- a/crypto/rand/rand_os2.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/* crypto/rand/rand_os2.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#ifdef OPENSSL_SYS_OS2
-
-#define INCL_DOSPROCESS
-#define INCL_DOSPROFILE
-#define INCL_DOSMISC
-#define INCL_DOSMODULEMGR
-#include <os2.h>
-
-#define   CMD_KI_RDCNT    (0x63)
-
-typedef struct _CPUUTIL {
-    ULONG ulTimeLow;            /* Low 32 bits of time stamp      */
-    ULONG ulTimeHigh;           /* High 32 bits of time stamp     */
-    ULONG ulIdleLow;            /* Low 32 bits of idle time       */
-    ULONG ulIdleHigh;           /* High 32 bits of idle time      */
-    ULONG ulBusyLow;            /* Low 32 bits of busy time       */
-    ULONG ulBusyHigh;           /* High 32 bits of busy time      */
-    ULONG ulIntrLow;            /* Low 32 bits of interrupt time  */
-    ULONG ulIntrHigh;           /* High 32 bits of interrupt time */
-} CPUUTIL;
-
-#ifndef __KLIBC__
-APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL;
-APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL;
-#endif
-HMODULE hDoscalls = 0;
-
-int RAND_poll(void)
-{
-    char failed_module[20];
-    QWORD qwTime;
-    ULONG SysVars[QSV_FOREGROUND_PROCESS];
-
-    if (hDoscalls == 0) {
-        ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls);
-
-#ifndef __KLIBC__
-        if (rc == 0) {
-            rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall);
-
-            if (rc)
-                DosPerfSysCall = NULL;
-
-            rc = DosQueryProcAddr(hDoscalls, 368, NULL, (PFN *)&DosQuerySysState);
-
-            if (rc)
-                DosQuerySysState = NULL;
-        }
-#endif
-    }
-
-    /* Sample the hi-res timer, runs at around 1.1 MHz */
-    DosTmrQueryTime(&qwTime);
-    RAND_add(&qwTime, sizeof(qwTime), 2);
-
-    /* Sample a bunch of system variables, includes various process & memory statistics */
-    DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars));
-    RAND_add(SysVars, sizeof(SysVars), 4);
-
-    /* If available, sample CPU registers that count at CPU MHz
-     * Only fairly new CPUs (PPro & K6 onwards) & OS/2 versions support this
-     */
-    if (DosPerfSysCall) {
-        CPUUTIL util;
-
-        if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG)&util, 0, 0) == 0) {
-            RAND_add(&util, sizeof(util), 10);
-        }
-        else {
-#ifndef __KLIBC__
-            DosPerfSysCall = NULL;
-#endif
-        }
-    }
-
-    /* DosQuerySysState() gives us a huge quantity of process, thread, memory & handle stats */
-    if (DosQuerySysState) {
-        char *buffer = OPENSSL_malloc(256 * 1024);
-
-        if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) {
-            /* First 4 bytes in buffer is a pointer to the thread count
-             * there should be at least 1 byte of entropy per thread
-             */
-            RAND_add(buffer, 256 * 1024, **(ULONG **)buffer);
-        }
-
-        OPENSSL_free(buffer);
-        return 1;
-    }
-
-    return 0;
-}
-
-#endif /* OPENSSL_SYS_OS2 */
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
deleted file mode 100644
index e3a65571c8..0000000000
--- a/crypto/rand/rand_unix.c
+++ /dev/null
@@ -1,431 +0,0 @@
-/* crypto/rand/rand_unix.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-
-#define USE_SOCKETS
-#include "e_os.h"
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/times.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <time.h>
-#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */
-# include <poll.h>
-#endif
-#include <limits.h>
-#ifndef FD_SETSIZE
-# define FD_SETSIZE (8*sizeof(fd_set))
-#endif
-
-#if defined(OPENSSL_SYS_VOS)
-
-/* The following algorithm repeatedly samples the real-time clock
-   (RTC) to generate a sequence of unpredictable data.  The algorithm
-   relies upon the uneven execution speed of the code (due to factors
-   such as cache misses, interrupts, bus activity, and scheduling) and
-   upon the rather large relative difference between the speed of the
-   clock and the rate at which it can be read.
-
-   If this code is ported to an environment where execution speed is
-   more constant or where the RTC ticks at a much slower rate, or the
-   clock can be read with fewer instructions, it is likely that the
-   results would be far more predictable.
-
-   As a precaution, we generate 4 times the minimum required amount of
-   seed data.  */
-
-int RAND_poll(void)
-{
-	short int code;
-	gid_t curr_gid;
-	pid_t curr_pid;
-	uid_t curr_uid;
-	int i, k;
-	struct timespec ts;
-	unsigned char v;
-
-#ifdef OPENSSL_SYS_VOS_HPPA
-	long duration;
-	extern void s$sleep (long *_duration, short int *_code);
-#else
-#ifdef OPENSSL_SYS_VOS_IA32
-	long long duration;
-	extern void s$sleep2 (long long *_duration, short int *_code);
-#else
-#error "Unsupported Platform."
-#endif /* OPENSSL_SYS_VOS_IA32 */
-#endif /* OPENSSL_SYS_VOS_HPPA */
-
-	/* Seed with the gid, pid, and uid, to ensure *some*
-	   variation between different processes.  */
-
-	curr_gid = getgid();
-	RAND_add (&curr_gid, sizeof curr_gid, 1);
-	curr_gid = 0;
-
-	curr_pid = getpid();
-	RAND_add (&curr_pid, sizeof curr_pid, 1);
-	curr_pid = 0;
-
-	curr_uid = getuid();
-	RAND_add (&curr_uid, sizeof curr_uid, 1);
-	curr_uid = 0;
-
-	for (i=0; i<(ENTROPY_NEEDED*4); i++)
-	{
-		/* burn some cpu; hope for interrupts, cache
-		   collisions, bus interference, etc.  */
-		for (k=0; k<99; k++)
-			ts.tv_nsec = random ();
-
-#ifdef OPENSSL_SYS_VOS_HPPA
-		/* sleep for 1/1024 of a second (976 us).  */
-		duration = 1;
-		s$sleep (&duration, &code);
-#else
-#ifdef OPENSSL_SYS_VOS_IA32
-		/* sleep for 1/65536 of a second (15 us).  */
-		duration = 1;
-		s$sleep2 (&duration, &code);
-#endif /* OPENSSL_SYS_VOS_IA32 */
-#endif /* OPENSSL_SYS_VOS_HPPA */
-
-		/* get wall clock time.  */
-		clock_gettime (CLOCK_REALTIME, &ts);
-
-		/* take 8 bits */
-		v = (unsigned char) (ts.tv_nsec % 256);
-		RAND_add (&v, sizeof v, 1);
-		v = 0;
-	}
-	return 1;
-}
-#elif defined __OpenBSD__
-int RAND_poll(void)
-{
-	u_int32_t rnd = 0, i;
-	unsigned char buf[ENTROPY_NEEDED];
-
-	for (i = 0; i < sizeof(buf); i++) {
-		if (i % 4 == 0)
-			rnd = arc4random();
-		buf[i] = rnd;
-		rnd >>= 8;
-	}
-	RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
-	memset(buf, 0, sizeof(buf));
-
-	return 1;
-}
-#else /* !defined(__OpenBSD__) */
-int RAND_poll(void)
-{
-	unsigned long l;
-	pid_t curr_pid = getpid();
-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-	unsigned char tmpbuf[ENTROPY_NEEDED];
-	int n = 0;
-#endif
-#ifdef DEVRANDOM
-	static const char *randomfiles[] = { DEVRANDOM };
-	struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
-	int fd;
-	unsigned int i;
-#endif
-#ifdef DEVRANDOM_EGD
-	static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
-	const char **egdsocket = NULL;
-#endif
-
-#ifdef DEVRANDOM
-	memset(randomstats,0,sizeof(randomstats));
-	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
-	 * have this. Use /dev/urandom if you can as /dev/random may block
-	 * if it runs out of random entries.  */
-
-	for (i = 0; (i < sizeof(randomfiles)/sizeof(randomfiles[0])) &&
-			(n < ENTROPY_NEEDED); i++)
-		{
-		if ((fd = open(randomfiles[i], O_RDONLY
-#ifdef O_NONBLOCK
-			|O_NONBLOCK
-#endif
-#ifdef O_BINARY
-			|O_BINARY
-#endif
-#ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it
-		   our controlling tty */
-			|O_NOCTTY
-#endif
-			)) >= 0)
-			{
-			int usec = 10*1000; /* spend 10ms on each file */
-			int r;
-			unsigned int j;
-			struct stat *st=&randomstats[i];
-
-			/* Avoid using same input... Used to be O_NOFOLLOW
-			 * above, but it's not universally appropriate... */
-			if (fstat(fd,st) != 0)	{ close(fd); continue; }
-			for (j=0;j<i;j++)
-				{
-				if (randomstats[j].st_ino==st->st_ino &&
-				    randomstats[j].st_dev==st->st_dev)
-					break;
-				}
-			if (j<i)		{ close(fd); continue; }
-
-			do
-				{
-				int try_read = 0;
-
-#if defined(OPENSSL_SYS_BEOS_R5)
-				/* select() is broken in BeOS R5, so we simply
-				 *  try to read something and snooze if we couldn't */
-				try_read = 1;
-
-#elif defined(OPENSSL_SYS_LINUX)
-				/* use poll() */
-				struct pollfd pset;
-				
-				pset.fd = fd;
-				pset.events = POLLIN;
-				pset.revents = 0;
-
-				if (poll(&pset, 1, usec / 1000) < 0)
-					usec = 0;
-				else
-					try_read = (pset.revents & POLLIN) != 0;
-
-#else
-				/* use select() */
-				fd_set fset;
-				struct timeval t;
-				
-				t.tv_sec = 0;
-				t.tv_usec = usec;
-
-				if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE)
-					{
-					/* can't use select, so just try to read once anyway */
-					try_read = 1;
-					}
-				else
-					{
-					FD_ZERO(&fset);
-					FD_SET(fd, &fset);
-					
-					if (select(fd+1,&fset,NULL,NULL,&t) >= 0)
-						{
-						usec = t.tv_usec;
-						if (FD_ISSET(fd, &fset))
-							try_read = 1;
-						}
-					else
-						usec = 0;
-					}
-#endif
-				
-				if (try_read)
-					{
-					r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n);
-					if (r > 0)
-						n += r;
-#if defined(OPENSSL_SYS_BEOS_R5)
-					if (r == 0)
-						snooze(t.tv_usec);
-#endif
-					}
-				else
-					r = -1;
-				
-				/* Some Unixen will update t in select(), some
-				   won't.  For those who won't, or if we
-				   didn't use select() in the first place,
-				   give up here, otherwise, we will do
-				   this once again for the remaining
-				   time. */
-				if (usec == 10*1000)
-					usec = 0;
-				}
-			while ((r > 0 ||
-			       (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);
-
-			close(fd);
-			}
-		}
-#endif /* defined(DEVRANDOM) */
-
-#ifdef DEVRANDOM_EGD
-	/* Use an EGD socket to read entropy from an EGD or PRNGD entropy
-	 * collecting daemon. */
-
-	for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++)
-		{
-		int r;
-
-		r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n,
-					 ENTROPY_NEEDED-n);
-		if (r > 0)
-			n += r;
-		}
-#endif /* defined(DEVRANDOM_EGD) */
-
-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-	if (n > 0)
-		{
-		RAND_add(tmpbuf,sizeof tmpbuf,(double)n);
-		OPENSSL_cleanse(tmpbuf,n);
-		}
-#endif
-
-	/* put in some default random data, we need more than just this */
-	l=curr_pid;
-	RAND_add(&l,sizeof(l),0.0);
-	l=getuid();
-	RAND_add(&l,sizeof(l),0.0);
-
-	l=time(NULL);
-	RAND_add(&l,sizeof(l),0.0);
-
-#if defined(OPENSSL_SYS_BEOS)
-	{
-	system_info sysInfo;
-	get_system_info(&sysInfo);
-	RAND_add(&sysInfo,sizeof(sysInfo),0);
-	}
-#endif
-
-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-	return 1;
-#else
-	return 0;
-#endif
-}
-
-#endif /* defined(__OpenBSD__) */
-#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
-
-
-#if defined(OPENSSL_SYS_VXWORKS)
-int RAND_poll(void)
-	{
-	return 0;
-	}
-#endif
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
deleted file mode 100644
index c37c416b88..0000000000
--- a/crypto/rand/rand_win.c
+++ /dev/null
@@ -1,750 +0,0 @@
-/* crypto/rand/rand_win.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-#include <windows.h>
-#ifndef _WIN32_WINNT
-# define _WIN32_WINNT 0x0400
-#endif
-#include <wincrypt.h>
-#include <tlhelp32.h>
-
-/* Limit the time spent walking through the heap, processes, threads and modules to
-   a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */
-#define MAXDELAY 1000
-
-/* Intel hardware RNG CSP -- available from
- * http://developer.intel.com/design/security/rng/redist_license.htm
- */
-#define PROV_INTEL_SEC 22
-#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
-
-static void readtimer(void);
-static void readscreen(void);
-
-/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
-   when WINVER is 0x0500 and up, which currently only happens on Win2000.
-   Unfortunately, those are typedefs, so they're a little bit difficult to
-   detect properly.  On the other hand, the macro CURSOR_SHOWING is defined
-   within the same conditional, so it can be use to detect the absence of said
-   typedefs. */
-
-#ifndef CURSOR_SHOWING
-/*
- * Information about the global cursor.
- */
-typedef struct tagCURSORINFO
-{
-    DWORD   cbSize;
-    DWORD   flags;
-    HCURSOR hCursor;
-    POINT   ptScreenPos;
-} CURSORINFO, *PCURSORINFO, *LPCURSORINFO;
-
-#define CURSOR_SHOWING     0x00000001
-#endif /* CURSOR_SHOWING */
-
-#if !defined(OPENSSL_SYS_WINCE)
-typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR,
-				    DWORD, DWORD);
-typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
-typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
-
-typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID);
-typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
-typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
-
-typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
-typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
-typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t);
-typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
-typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
-typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
-typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
-typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
-
-#include <lmcons.h>
-#include <lmstats.h>
-#if 1 /* The NET API is Unicode only.  It requires the use of the UNICODE
-       * macro.  When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was
-       * was added to the Platform SDK to allow the NET API to be used in
-       * non-Unicode applications provided that Unicode strings were still
-       * used for input.  LMSTR is defined as LPWSTR.
-       */
-typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
-        (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);
-typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
-#endif /* 1 */
-#endif /* !OPENSSL_SYS_WINCE */
-
-int RAND_poll(void)
-{
-	MEMORYSTATUS m;
-	HCRYPTPROV hProvider = 0;
-	DWORD w;
-	int good = 0;
-
-
-#if defined(OPENSSL_SYS_WINCE)
-# if defined(_WIN32_WCE) && _WIN32_WCE>=300
-/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
- * in commonly available implementations prior 300... */
-	{
-	BYTE buf[64];
-	/* poll the CryptoAPI PRNG */
-	/* The CryptoAPI returns sizeof(buf) bytes of randomness */
-	if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
-				CRYPT_VERIFYCONTEXT))
-		{
-		if (CryptGenRandom(hProvider, sizeof(buf), buf))
-			RAND_add(buf, sizeof(buf), sizeof(buf));
-		CryptReleaseContext(hProvider, 0); 
-		}
-	}
-# endif
-#else	/* OPENSSL_SYS_WINCE */
-	/*
-	 * None of below libraries are present on Windows CE, which is
-	 * why we #ifndef the whole section. This also excuses us from
-	 * handling the GetProcAddress issue. The trouble is that in
-	 * real Win32 API GetProcAddress is available in ANSI flavor
-	 * only. In WinCE on the other hand GetProcAddress is a macro
-	 * most commonly defined as GetProcAddressW, which accepts
-	 * Unicode argument. If we were to call GetProcAddress under
-	 * WinCE, I'd recommend to either redefine GetProcAddress as
-	 * GetProcAddressA (there seem to be one in common CE spec) or
-	 * implement own shim routine, which would accept ANSI argument
-	 * and expand it to Unicode.
-	 */
-	{
-	/* load functions dynamically - not available on all systems */
-	HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
-	HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
-	HMODULE user = NULL;
-	HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
-	CRYPTACQUIRECONTEXTW acquire = NULL;
-	CRYPTGENRANDOM gen = NULL;
-	CRYPTRELEASECONTEXT release = NULL;
-	NETSTATGET netstatget = NULL;
-	NETFREE netfree = NULL;
-	BYTE buf[64];
-
-	if (netapi)
-		{
-		netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
-		netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");
-		}
-
-	if (netstatget && netfree)
-		{
-		LPBYTE outbuf;
-		/* NetStatisticsGet() is a Unicode only function
- 		 * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
-		 * contains 17 fields.  We treat each field as a source of
-		 * one byte of entropy.
-                 */
-
-		if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
-			{
-			RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
-			netfree(outbuf);
-			}
-		if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)
-			{
-			RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
-			netfree(outbuf);
-			}
-		}
-
-	if (netapi)
-		FreeLibrary(netapi);
-
-        /* It appears like this can cause an exception deep within ADVAPI32.DLL
-         * at random times on Windows 2000.  Reported by Jeffrey Altman.  
-         * Only use it on NT.
-	 */
-
-	if (advapi)
-		{
-		/*
-		 * If it's available, then it's available in both ANSI
-		 * and UNICODE flavors even in Win9x, documentation says.
-		 * We favor Unicode...
-		 */
-		acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
-			"CryptAcquireContextW");
-		gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
-			"CryptGenRandom");
-		release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
-			"CryptReleaseContext");
-		}
-
-	if (acquire && gen && release)
-		{
-		/* poll the CryptoAPI PRNG */
-                /* The CryptoAPI returns sizeof(buf) bytes of randomness */
-		if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
-			CRYPT_VERIFYCONTEXT))
-			{
-			if (gen(hProvider, sizeof(buf), buf) != 0)
-				{
-				RAND_add(buf, sizeof(buf), 0);
-				good = 1;
-#if 0
-				printf("randomness from PROV_RSA_FULL\n");
-#endif
-				}
-			release(hProvider, 0); 
-			}
-		
-		/* poll the Pentium PRG with CryptoAPI */
-		if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
-			{
-			if (gen(hProvider, sizeof(buf), buf) != 0)
-				{
-				RAND_add(buf, sizeof(buf), sizeof(buf));
-				good = 1;
-#if 0
-				printf("randomness from PROV_INTEL_SEC\n");
-#endif
-				}
-			release(hProvider, 0);
-			}
-		}
-
-        if (advapi)
-		FreeLibrary(advapi);
-
-	if ((!check_winnt() ||
-	     !OPENSSL_isservice()) &&
-	    (user = LoadLibrary(TEXT("USER32.DLL"))))
-		{
-		GETCURSORINFO cursor;
-		GETFOREGROUNDWINDOW win;
-		GETQUEUESTATUS queue;
-
-		win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
-		cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
-		queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
-
-		if (win)
-			{
-			/* window handle */
-			HWND h = win();
-			RAND_add(&h, sizeof(h), 0);
-			}
-		if (cursor)
-			{
-			/* unfortunately, its not safe to call GetCursorInfo()
-			 * on NT4 even though it exists in SP3 (or SP6) and
-			 * higher.
-			 */
-			if (check_winnt() && !check_win_minplat(5))
-				cursor = 0;
-			}
-		if (cursor)
-			{
-			/* cursor position */
-                        /* assume 2 bytes of entropy */
-			CURSORINFO ci;
-			ci.cbSize = sizeof(CURSORINFO);
-			if (cursor(&ci))
-				RAND_add(&ci, ci.cbSize, 2);
-			}
-
-		if (queue)
-			{
-			/* message queue status */
-                        /* assume 1 byte of entropy */
-			w = queue(QS_ALLEVENTS);
-			RAND_add(&w, sizeof(w), 1);
-			}
-
-		FreeLibrary(user);
-		}
-
-	/* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
-	 * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
-	 * (Win 9x and 2000 only, not available on NT)
-	 *
-	 * This seeding method was proposed in Peter Gutmann, Software
-	 * Generation of Practically Strong Random Numbers,
-	 * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
-	 * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
-	 * (The assignment of entropy estimates below is arbitrary, but based
-	 * on Peter's analysis the full poll appears to be safe. Additional
-	 * interactive seeding is encouraged.)
-	 */
-
-	if (kernel)
-		{
-		CREATETOOLHELP32SNAPSHOT snap;
-		CLOSETOOLHELP32SNAPSHOT close_snap;
-		HANDLE handle;
-
-		HEAP32FIRST heap_first;
-		HEAP32NEXT heap_next;
-		HEAP32LIST heaplist_first, heaplist_next;
-		PROCESS32 process_first, process_next;
-		THREAD32 thread_first, thread_next;
-		MODULE32 module_first, module_next;
-
-		HEAPLIST32 hlist;
-		HEAPENTRY32 hentry;
-		PROCESSENTRY32 p;
-		THREADENTRY32 t;
-		MODULEENTRY32 m;
-		DWORD starttime = 0;
-
-		snap = (CREATETOOLHELP32SNAPSHOT)
-			GetProcAddress(kernel, "CreateToolhelp32Snapshot");
-		close_snap = (CLOSETOOLHELP32SNAPSHOT)
-			GetProcAddress(kernel, "CloseToolhelp32Snapshot");
-		heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
-		heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
-		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
-		heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
-		process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
-		process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
-		thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
-		thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
-		module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
-		module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
-
-		if (snap && heap_first && heap_next && heaplist_first &&
-			heaplist_next && process_first && process_next &&
-			thread_first && thread_next && module_first &&
-			module_next && (handle = snap(TH32CS_SNAPALL,0))
-			!= INVALID_HANDLE_VALUE)
-			{
-			/* heap list and heap walking */
-                        /* HEAPLIST32 contains 3 fields that will change with
-                         * each entry.  Consider each field a source of 1 byte
-                         * of entropy.
-                         * HEAPENTRY32 contains 5 fields that will change with 
-                         * each entry.  Consider each field a source of 1 byte
-                         * of entropy.
-                         */
-			ZeroMemory(&hlist, sizeof(HEAPLIST32));
-			hlist.dwSize = sizeof(HEAPLIST32);		
-			if (good) starttime = GetTickCount();
-#ifdef _MSC_VER
-			if (heaplist_first(handle, &hlist))
-				{
-				/*
-				   following discussion on dev ML, exception on WinCE (or other Win
-				   platform) is theoretically of unknown origin; prevent infinite
-				   loop here when this theoretical case occurs; otherwise cope with
-				   the expected (MSDN documented) exception-throwing behaviour of
-				   Heap32Next() on WinCE.
-
-				   based on patch in original message by Tanguy Fautré (2009/03/02)
-			           Subject: RAND_poll() and CreateToolhelp32Snapshot() stability
-			     */
-				int ex_cnt_limit = 42; 
-				do
-					{
-					RAND_add(&hlist, hlist.dwSize, 3);
-					__try
-						{
-						ZeroMemory(&hentry, sizeof(HEAPENTRY32));
-					hentry.dwSize = sizeof(HEAPENTRY32);
-					if (heap_first(&hentry,
-						hlist.th32ProcessID,
-						hlist.th32HeapID))
-						{
-						int entrycnt = 80;
-						do
-							RAND_add(&hentry,
-								hentry.dwSize, 5);
-						while (heap_next(&hentry)
-						&& (!good || (GetTickCount()-starttime)<MAXDELAY)
-							&& --entrycnt > 0);
-						}
-						}
-					__except (EXCEPTION_EXECUTE_HANDLER)
-						{
-							/* ignore access violations when walking the heap list */
-							ex_cnt_limit--;
-						}
-					} while (heaplist_next(handle, &hlist) 
-						&& (!good || (GetTickCount()-starttime)<MAXDELAY)
-						&& ex_cnt_limit > 0);
-				}
-
-#else
-			if (heaplist_first(handle, &hlist))
-				{
-				do
-					{
-					RAND_add(&hlist, hlist.dwSize, 3);
-					hentry.dwSize = sizeof(HEAPENTRY32);
-					if (heap_first(&hentry,
-						hlist.th32ProcessID,
-						hlist.th32HeapID))
-						{
-						int entrycnt = 80;
-						do
-							RAND_add(&hentry,
-								hentry.dwSize, 5);
-						while (heap_next(&hentry)
-							&& --entrycnt > 0);
-						}
-					} while (heaplist_next(handle, &hlist) 
-						&& (!good || (GetTickCount()-starttime)<MAXDELAY));
-				}
-#endif
-
-			/* process walking */
-                        /* PROCESSENTRY32 contains 9 fields that will change
-                         * with each entry.  Consider each field a source of
-                         * 1 byte of entropy.
-                         */
-			p.dwSize = sizeof(PROCESSENTRY32);
-		
-			if (good) starttime = GetTickCount();
-			if (process_first(handle, &p))
-				do
-					RAND_add(&p, p.dwSize, 9);
-				while (process_next(handle, &p) && (!good || (GetTickCount()-starttime)<MAXDELAY));
-
-			/* thread walking */
-                        /* THREADENTRY32 contains 6 fields that will change
-                         * with each entry.  Consider each field a source of
-                         * 1 byte of entropy.
-                         */
-			t.dwSize = sizeof(THREADENTRY32);
-			if (good) starttime = GetTickCount();
-			if (thread_first(handle, &t))
-				do
-					RAND_add(&t, t.dwSize, 6);
-				while (thread_next(handle, &t) && (!good || (GetTickCount()-starttime)<MAXDELAY));
-
-			/* module walking */
-                        /* MODULEENTRY32 contains 9 fields that will change
-                         * with each entry.  Consider each field a source of
-                         * 1 byte of entropy.
-                         */
-			m.dwSize = sizeof(MODULEENTRY32);
-			if (good) starttime = GetTickCount();
-			if (module_first(handle, &m))
-				do
-					RAND_add(&m, m.dwSize, 9);
-				while (module_next(handle, &m)
-					       	&& (!good || (GetTickCount()-starttime)<MAXDELAY));
-			if (close_snap)
-				close_snap(handle);
-			else
-				CloseHandle(handle);
-
-			}
-
-		FreeLibrary(kernel);
-		}
-	}
-#endif /* !OPENSSL_SYS_WINCE */
-
-	/* timer data */
-	readtimer();
-	
-	/* memory usage statistics */
-	GlobalMemoryStatus(&m);
-	RAND_add(&m, sizeof(m), 1);
-
-	/* process ID */
-	w = GetCurrentProcessId();
-	RAND_add(&w, sizeof(w), 1);
-
-#if 0
-	printf("Exiting RAND_poll\n");
-#endif
-
-	return(1);
-}
-
-int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
-        {
-        double add_entropy=0;
-
-        switch (iMsg)
-                {
-        case WM_KEYDOWN:
-                        {
-                        static WPARAM key;
-                        if (key != wParam)
-                                add_entropy = 0.05;
-                        key = wParam;
-                        }
-                        break;
-	case WM_MOUSEMOVE:
-                        {
-                        static int lastx,lasty,lastdx,lastdy;
-                        int x,y,dx,dy;
-
-                        x=LOWORD(lParam);
-                        y=HIWORD(lParam);
-                        dx=lastx-x;
-                        dy=lasty-y;
-                        if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0)
-                                add_entropy=.2;
-                        lastx=x, lasty=y;
-                        lastdx=dx, lastdy=dy;
-                        }
-		break;
-		}
-
-	readtimer();
-        RAND_add(&iMsg, sizeof(iMsg), add_entropy);
-	RAND_add(&wParam, sizeof(wParam), 0);
-	RAND_add(&lParam, sizeof(lParam), 0);
- 
-	return (RAND_status());
-	}
-
-
-void RAND_screen(void) /* function available for backward compatibility */
-{
-	RAND_poll();
-	readscreen();
-}
-
-
-/* feed timing information to the PRNG */
-static void readtimer(void)
-{
-	DWORD w;
-	LARGE_INTEGER l;
-	static int have_perfc = 1;
-#if defined(_MSC_VER) && defined(_M_X86)
-	static int have_tsc = 1;
-	DWORD cyclecount;
-
-	if (have_tsc) {
-	  __try {
-	    __asm {
-	      _emit 0x0f
-	      _emit 0x31
-	      mov cyclecount, eax
-	      }
-	    RAND_add(&cyclecount, sizeof(cyclecount), 1);
-	  } __except(EXCEPTION_EXECUTE_HANDLER) {
-	    have_tsc = 0;
-	  }
-	}
-#else
-# define have_tsc 0
-#endif
-
-	if (have_perfc) {
-	  if (QueryPerformanceCounter(&l) == 0)
-	    have_perfc = 0;
-	  else
-	    RAND_add(&l, sizeof(l), 0);
-	}
-
-	if (!have_tsc && !have_perfc) {
-	  w = GetTickCount();
-	  RAND_add(&w, sizeof(w), 0);
-	}
-}
-
-/* feed screen contents to PRNG */
-/*****************************************************************************
- *
- * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
- *
- * Code adapted from
- * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
- * the original copyright message is:
- *
- *   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
- *
- *   You have a royalty-free right to use, modify, reproduce and
- *   distribute the Sample Files (and/or any modified version) in
- *   any way you find useful, provided that you agree that
- *   Microsoft has no warranty obligations or liability for any
- *   Sample Application Files which are modified.
- */
-
-static void readscreen(void)
-{
-#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
-  HDC		hScrDC;		/* screen DC */
-  HDC		hMemDC;		/* memory DC */
-  HBITMAP	hBitmap;	/* handle for our bitmap */
-  HBITMAP	hOldBitmap;	/* handle for previous bitmap */
-  BITMAP	bm;		/* bitmap properties */
-  unsigned int	size;		/* size of bitmap */
-  char		*bmbits;	/* contents of bitmap */
-  int		w;		/* screen width */
-  int		h;		/* screen height */
-  int		y;		/* y-coordinate of screen lines to grab */
-  int		n = 16;		/* number of screen lines to grab at a time */
-
-  if (check_winnt() && OPENSSL_isservice()>0)
-    return;
-
-  /* Create a screen DC and a memory DC compatible to screen DC */
-  hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
-  hMemDC = CreateCompatibleDC(hScrDC);
-
-  /* Get screen resolution */
-  w = GetDeviceCaps(hScrDC, HORZRES);
-  h = GetDeviceCaps(hScrDC, VERTRES);
-
-  /* Create a bitmap compatible with the screen DC */
-  hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
-
-  /* Select new bitmap into memory DC */
-  hOldBitmap = SelectObject(hMemDC, hBitmap);
-
-  /* Get bitmap properties */
-  GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
-  size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
-
-  bmbits = OPENSSL_malloc(size);
-  if (bmbits) {
-    /* Now go through the whole screen, repeatedly grabbing n lines */
-    for (y = 0; y < h-n; y += n)
-    	{
-	unsigned char md[MD_DIGEST_LENGTH];
-
-	/* Bitblt screen DC to memory DC */
-	BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
-
-	/* Copy bitmap bits from memory DC to bmbits */
-	GetBitmapBits(hBitmap, size, bmbits);
-
-	/* Get the hash of the bitmap */
-	MD(bmbits,size,md);
-
-	/* Seed the random generator with the hash value */
-	RAND_add(md, MD_DIGEST_LENGTH, 0);
-	}
-
-    OPENSSL_free(bmbits);
-  }
-
-  /* Select old bitmap back into memory DC */
-  hBitmap = SelectObject(hMemDC, hOldBitmap);
-
-  /* Clean up */
-  DeleteObject(hBitmap);
-  DeleteDC(hMemDC);
-  DeleteDC(hScrDC);
-#endif /* !OPENSSL_SYS_WINCE */
-}
-
-#endif
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
deleted file mode 100644
index 14ba69d4c6..0000000000
--- a/crypto/rand/randfile.c
+++ /dev/null
@@ -1,329 +0,0 @@
-/* crypto/rand/randfile.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* We need to define this to get macros like S_IFBLK and S_IFCHR */
-#if !defined(OPENSSL_SYS_VXWORKS)
-#define _XOPEN_SOURCE 500
-#endif
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "e_os.h"
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/buffer.h>
-
-#ifdef OPENSSL_SYS_VMS
-#include <unixio.h>
-#endif
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifndef OPENSSL_NO_POSIX_IO
-# include <sys/stat.h>
-# include <fcntl.h>
-#endif
-
-#ifdef _WIN32
-#define stat	_stat
-#define chmod	_chmod
-#define open	_open
-#define fdopen	_fdopen
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE	1024
-#define RAND_DATA 1024
-
-#ifdef OPENSSL_SYS_VMS
-/* This declaration is a nasty hack to get around vms' extension to fopen
- * for passing in sharing options being disabled by our /STANDARD=ANSI89 */
-static FILE *(*const vms_fopen)(const char *, const char *, ...) =
-    (FILE *(*)(const char *, const char *, ...))fopen;
-#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
-#endif
-
-/* #define RFILE ".rnd" - defined in ../../e_os.h */
-
-/* Note that these functions are intended for seed files only.
- * Entropy devices and EGD sockets are handled in rand_unix.c */
-
-int RAND_load_file(const char *file, long bytes)
-	{
-	/* If bytes >= 0, read up to 'bytes' bytes.
-	 * if bytes == -1, read complete file. */
-
-	MS_STATIC unsigned char buf[BUFSIZE];
-#ifndef OPENSSL_NO_POSIX_IO
-	struct stat sb;
-#endif
-	int i,ret=0,n;
-	FILE *in;
-
-	if (file == NULL) return(0);
-
-#ifndef OPENSSL_NO_POSIX_IO
-#ifdef PURIFY
-	/* struct stat can have padding and unused fields that may not be
-	 * initialized in the call to stat(). We need to clear the entire
-	 * structure before calling RAND_add() to avoid complaints from
-	 * applications such as Valgrind.
-	 */
-	memset(&sb, 0, sizeof(sb));
-#endif
-	if (stat(file,&sb) < 0) return(0);
-	RAND_add(&sb,sizeof(sb),0.0);
-#endif
-	if (bytes == 0) return(ret);
-
-#ifdef OPENSSL_SYS_VMS
-	in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
-#else
-	in=fopen(file,"rb");
-#endif
-	if (in == NULL) goto err;
-#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
-	if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
-	  /* this file is a device. we don't want read an infinite number
-	   * of bytes from a random device, nor do we want to use buffered
-	   * I/O because we will waste system entropy. 
-	   */
-	  bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
-#ifndef OPENSSL_NO_SETVBUF_IONBF
-	  setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
-#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
-	}
-#endif
-	for (;;)
-		{
-		if (bytes > 0)
-			n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE;
-		else
-			n = BUFSIZE;
-		i=fread(buf,1,n,in);
-		if (i <= 0) break;
-#ifdef PURIFY
-		RAND_add(buf,i,(double)i);
-#else
-		/* even if n != i, use the full array */
-		RAND_add(buf,n,(double)i);
-#endif
-		ret+=i;
-		if (bytes > 0)
-			{
-			bytes-=n;
-			if (bytes <= 0) break;
-			}
-		}
-	fclose(in);
-	OPENSSL_cleanse(buf,BUFSIZE);
-err:
-	return(ret);
-	}
-
-int RAND_write_file(const char *file)
-	{
-	unsigned char buf[BUFSIZE];
-	int i,ret=0,rand_err=0;
-	FILE *out = NULL;
-	int n;
-#ifndef OPENSSL_NO_POSIX_IO
-	struct stat sb;
-	
-	i=stat(file,&sb);
-	if (i != -1) { 
-#if defined(S_ISBLK) && defined(S_ISCHR)
-	  if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
-	    /* this file is a device. we don't write back to it. 
-	     * we "succeed" on the assumption this is some sort 
-	     * of random device. Otherwise attempting to write to 
-	     * and chmod the device causes problems.
-	     */
-	    return(1); 
-	  }
-#endif
-	}
-#endif
-
-#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS)
-	{
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-	/* chmod(..., 0600) is too late to protect the file,
-	 * permissions should be restrictive from the start */
-	int fd = open(file, O_WRONLY|O_CREAT|O_BINARY, 0600);
-	if (fd != -1)
-		out = fdopen(fd, "wb");
-	}
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-	/* VMS NOTE: Prior versions of this routine created a _new_
-	 * version of the rand file for each call into this routine, then
-	 * deleted all existing versions named ;-1, and finally renamed
-	 * the current version as ';1'. Under concurrent usage, this
-	 * resulted in an RMS race condition in rename() which could
-	 * orphan files (see vms message help for RMS$_REENT). With the
-	 * fopen() calls below, openssl/VMS now shares the top-level
-	 * version of the rand file. Note that there may still be
-	 * conditions where the top-level rand file is locked. If so, this
-	 * code will then create a new version of the rand file. Without
-	 * the delete and rename code, this can result in ascending file
-	 * versions that stop at version 32767, and this routine will then
-	 * return an error. The remedy for this is to recode the calling
-	 * application to avoid concurrent use of the rand file, or
-	 * synchronize usage at the application level. Also consider
-	 * whether or not you NEED a persistent rand file in a concurrent
-	 * use situation. 
-	 */
-
-	out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS);
-	if (out == NULL)
-		out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
-#else
-	if (out == NULL)
-		out = fopen(file,"wb");
-#endif
-	if (out == NULL) goto err;
-
-#ifndef NO_CHMOD
-	chmod(file,0600);
-#endif
-	n=RAND_DATA;
-	for (;;)
-		{
-		i=(n > BUFSIZE)?BUFSIZE:n;
-		n-=BUFSIZE;
-		if (RAND_bytes(buf,i) <= 0)
-			rand_err=1;
-		i=fwrite(buf,1,i,out);
-		if (i <= 0)
-			{
-			ret=0;
-			break;
-			}
-		ret+=i;
-		if (n <= 0) break;
-                }
-
-	fclose(out);
-	OPENSSL_cleanse(buf,BUFSIZE);
-err:
-	return (rand_err ? -1 : ret);
-	}
-
-const char *RAND_file_name(char *buf, size_t size)
-	{
-	char *s=NULL;
-#ifdef __OpenBSD__
-	struct stat sb;
-#endif
-
-	if (OPENSSL_issetugid() == 0)
-		s=getenv("RANDFILE");
-	if (s != NULL && *s && strlen(s) + 1 < size)
-		{
-		if (BUF_strlcpy(buf,s,size) >= size)
-			return NULL;
-		}
-	else
-		{
-		if (OPENSSL_issetugid() == 0)
-			s=getenv("HOME");
-#ifdef DEFAULT_HOME
-		if (s == NULL)
-			{
-			s = DEFAULT_HOME;
-			}
-#endif
-		if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
-			{
-			BUF_strlcpy(buf,s,size);
-#ifndef OPENSSL_SYS_VMS
-			BUF_strlcat(buf,"/",size);
-#endif
-			BUF_strlcat(buf,RFILE,size);
-			}
-		else
-		  	buf[0] = '\0'; /* no file name */
-		}
-
-#ifdef __OpenBSD__
-	/* given that all random loads just fail if the file can't be 
-	 * seen on a stat, we stat the file we're returning, if it
-	 * fails, use /dev/arandom instead. this allows the user to 
-	 * use their own source for good random data, but defaults
-	 * to something hopefully decent if that isn't available. 
-	 */
-
-	if (!buf[0])
-		if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
-			return(NULL);
-		}	
-	if (stat(buf,&sb) == -1)
-		if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
-			return(NULL);
-		}	
-
-#endif
-	return(buf);
-	}
diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c
deleted file mode 100644
index 9e92a70b03..0000000000
--- a/crypto/rand/randtest.c
+++ /dev/null
@@ -1,219 +0,0 @@
-/* crypto/rand/randtest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/rand.h>
-
-#include "../e_os.h"
-
-/* some FIPS 140-1 random number test */
-/* some simple tests */
-
-int main(int argc,char **argv)
-	{
-	unsigned char buf[2500];
-	int i,j,k,s,sign,nsign,err=0;
-	unsigned long n1;
-	unsigned long n2[16];
-	unsigned long runs[2][34];
-	/*double d; */
-	long d;
-
-	i = RAND_pseudo_bytes(buf,2500);
-	if (i < 0)
-		{
-		printf ("init failed, the rand method is not properly installed\n");
-		err++;
-		goto err;
-		}
-
-	n1=0;
-	for (i=0; i<16; i++) n2[i]=0;
-	for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
-
-	/* test 1 and 2 */
-	sign=0;
-	nsign=0;
-	for (i=0; i<2500; i++)
-		{
-		j=buf[i];
-
-		n2[j&0x0f]++;
-		n2[(j>>4)&0x0f]++;
-
-		for (k=0; k<8; k++)
-			{
-			s=(j&0x01);
-			if (s == sign)
-				nsign++;
-			else
-				{
-				if (nsign > 34) nsign=34;
-				if (nsign != 0)
-					{
-					runs[sign][nsign-1]++;
-					if (nsign > 6)
-						runs[sign][5]++;
-					}
-				sign=s;
-				nsign=1;
-				}
-
-			if (s) n1++;
-			j>>=1;
-			}
-		}
-		if (nsign > 34) nsign=34;
-		if (nsign != 0) runs[sign][nsign-1]++;
-
-	/* test 1 */
-	if (!((9654 < n1) && (n1 < 10346)))
-		{
-		printf("test 1 failed, X=%lu\n",n1);
-		err++;
-		}
-	printf("test 1 done\n");
-
-	/* test 2 */
-#ifdef undef
-	d=0;
-	for (i=0; i<16; i++)
-		d+=n2[i]*n2[i];
-	d=d*16.0/5000.0-5000.0;
-	if (!((1.03 < d) && (d < 57.4)))
-		{
-		printf("test 2 failed, X=%.2f\n",d);
-		err++;
-		}
-#endif
-	d=0;
-	for (i=0; i<16; i++)
-		d+=n2[i]*n2[i];
-	d=(d*8)/25-500000;
-	if (!((103 < d) && (d < 5740)))
-		{
-		printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
-		err++;
-		}
-	printf("test 2 done\n");
-
-	/* test 3 */
-	for (i=0; i<2; i++)
-		{
-		if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
-			{
-			printf("test 3 failed, bit=%d run=%d num=%lu\n",
-				i,1,runs[i][0]);
-			err++;
-			}
-		if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
-			{
-			printf("test 3 failed, bit=%d run=%d num=%lu\n",
-				i,2,runs[i][1]);
-			err++;
-			}
-		if (!(( 502 < runs[i][2]) && (runs[i][2] <  748)))
-			{
-			printf("test 3 failed, bit=%d run=%d num=%lu\n",
-				i,3,runs[i][2]);
-			err++;
-			}
-		if (!(( 223 < runs[i][3]) && (runs[i][3] <  402)))
-			{
-			printf("test 3 failed, bit=%d run=%d num=%lu\n",
-				i,4,runs[i][3]);
-			err++;
-			}
-		if (!((  90 < runs[i][4]) && (runs[i][4] <  223)))
-			{
-			printf("test 3 failed, bit=%d run=%d num=%lu\n",
-				i,5,runs[i][4]);
-			err++;
-			}
-		if (!((  90 < runs[i][5]) && (runs[i][5] <  223)))
-			{
-			printf("test 3 failed, bit=%d run=%d num=%lu\n",
-				i,6,runs[i][5]);
-			err++;
-			}
-		}
-	printf("test 3 done\n");
-	
-	/* test 4 */
-	if (runs[0][33] != 0)
-		{
-		printf("test 4 failed, bit=%d run=%d num=%lu\n",
-			0,34,runs[0][33]);
-		err++;
-		}
-	if (runs[1][33] != 0)
-		{
-		printf("test 4 failed, bit=%d run=%d num=%lu\n",
-			1,34,runs[1][33]);
-		err++;
-		}
-	printf("test 4 done\n");
- err:
-	err=((err)?1:0);
-#ifdef OPENSSL_SYS_NETWARE
-    if (err) printf("ERROR: %d\n", err);
-#endif
-	EXIT(err);
-	return(err);
-	}
diff --git a/crypto/rc2/rc2.h b/crypto/rc2/rc2.h
deleted file mode 100644
index e542ec94ff..0000000000
--- a/crypto/rc2/rc2.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/* crypto/rc2/rc2.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RC2_H
-#define HEADER_RC2_H
-
-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC2, RC2_INT */
-#ifdef OPENSSL_NO_RC2
-#error RC2 is disabled.
-#endif
-
-#define RC2_ENCRYPT	1
-#define RC2_DECRYPT	0
-
-#define RC2_BLOCK	8
-#define RC2_KEY_LENGTH	16
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct rc2_key_st
-	{
-	RC2_INT data[64];
-	} RC2_KEY;
-
-#ifdef OPENSSL_FIPS 
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-#endif
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
-		     int enc);
-void RC2_encrypt(unsigned long *data,RC2_KEY *key);
-void RC2_decrypt(unsigned long *data,RC2_KEY *key);
-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	RC2_KEY *ks, unsigned char *iv, int enc);
-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-		       long length, RC2_KEY *schedule, unsigned char *ivec,
-		       int *num, int enc);
-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-		       long length, RC2_KEY *schedule, unsigned char *ivec,
-		       int *num);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c
deleted file mode 100644
index 74f48d3d87..0000000000
--- a/crypto/rc2/rc2_cbc.c
+++ /dev/null
@@ -1,226 +0,0 @@
-/* crypto/rc2/rc2_cbc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-
-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     RC2_KEY *ks, unsigned char *iv, int encrypt)
-	{
-	register unsigned long tin0,tin1;
-	register unsigned long tout0,tout1,xor0,xor1;
-	register long l=length;
-	unsigned long tin[2];
-
-	if (encrypt)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		iv-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			RC2_encrypt(tin,ks);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			RC2_encrypt(tin,ks);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-		}
-	else
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		iv-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			RC2_decrypt(tin,ks);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			RC2_decrypt(tin,ks);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2cn(tout0,tout1,out,l+8);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
-
-void RC2_encrypt(unsigned long *d, RC2_KEY *key)
-	{
-	int i,n;
-	register RC2_INT *p0,*p1;
-	register RC2_INT x0,x1,x2,x3,t;
-	unsigned long l;
-
-	l=d[0];
-	x0=(RC2_INT)l&0xffff;
-	x1=(RC2_INT)(l>>16L);
-	l=d[1];
-	x2=(RC2_INT)l&0xffff;
-	x3=(RC2_INT)(l>>16L);
-
-	n=3;
-	i=5;
-
-	p0=p1= &(key->data[0]);
-	for (;;)
-		{
-		t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff;
-		x0=(t<<1)|(t>>15);
-		t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff;
-		x1=(t<<2)|(t>>14);
-		t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff;
-		x2=(t<<3)|(t>>13);
-		t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff;
-		x3=(t<<5)|(t>>11);
-
-		if (--i == 0)
-			{
-			if (--n == 0) break;
-			i=(n == 2)?6:5;
-
-			x0+=p1[x3&0x3f];
-			x1+=p1[x0&0x3f];
-			x2+=p1[x1&0x3f];
-			x3+=p1[x2&0x3f];
-			}
-		}
-
-	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
-	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
-	}
-
-void RC2_decrypt(unsigned long *d, RC2_KEY *key)
-	{
-	int i,n;
-	register RC2_INT *p0,*p1;
-	register RC2_INT x0,x1,x2,x3,t;
-	unsigned long l;
-
-	l=d[0];
-	x0=(RC2_INT)l&0xffff;
-	x1=(RC2_INT)(l>>16L);
-	l=d[1];
-	x2=(RC2_INT)l&0xffff;
-	x3=(RC2_INT)(l>>16L);
-
-	n=3;
-	i=5;
-
-	p0= &(key->data[63]);
-	p1= &(key->data[0]);
-	for (;;)
-		{
-		t=((x3<<11)|(x3>>5))&0xffff;
-		x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff;
-		t=((x2<<13)|(x2>>3))&0xffff;
-		x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff;
-		t=((x1<<14)|(x1>>2))&0xffff;
-		x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff;
-		t=((x0<<15)|(x0>>1))&0xffff;
-		x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff;
-
-		if (--i == 0)
-			{
-			if (--n == 0) break;
-			i=(n == 2)?6:5;
-
-			x3=(x3-p1[x2&0x3f])&0xffff;
-			x2=(x2-p1[x1&0x3f])&0xffff;
-			x1=(x1-p1[x0&0x3f])&0xffff;
-			x0=(x0-p1[x3&0x3f])&0xffff;
-			}
-		}
-
-	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
-	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
-	}
-
diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c
deleted file mode 100644
index fff86c7af8..0000000000
--- a/crypto/rc2/rc2_ecb.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* crypto/rc2/rc2_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-#include <openssl/opensslv.h>
-
-const char RC2_version[]="RC2" OPENSSL_VERSION_PTEXT;
-
-/* RC2 as implemented frm a posting from
- * Newsgroups: sci.crypt
- * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
- * Subject: Specification for Ron Rivests Cipher No.2
- * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
- * Date: 11 Feb 1996 06:45:03 GMT
- */
-
-void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
-		     int encrypt)
-	{
-	unsigned long l,d[2];
-
-	c2l(in,l); d[0]=l;
-	c2l(in,l); d[1]=l;
-	if (encrypt)
-		RC2_encrypt(d,ks);
-	else
-		RC2_decrypt(d,ks);
-	l=d[0]; l2c(l,out);
-	l=d[1]; l2c(l,out);
-	l=d[0]=d[1]=0;
-	}
-
diff --git a/crypto/rc2/rc2_locl.h b/crypto/rc2/rc2_locl.h
deleted file mode 100644
index 565cd17619..0000000000
--- a/crypto/rc2/rc2_locl.h
+++ /dev/null
@@ -1,156 +0,0 @@
-/* crypto/rc2/rc2_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#undef c2l
-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
-			 l|=((unsigned long)(*((c)++)))<< 8L, \
-			 l|=((unsigned long)(*((c)++)))<<16L, \
-			 l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#undef c2ln
-#define c2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
-			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
-			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-			case 5: l2|=((unsigned long)(*(--(c))));     \
-			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
-			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
-			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-			case 1: l1|=((unsigned long)(*(--(c))));     \
-				} \
-			}
-
-#undef l2c
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-				} \
-			}
-
-/* NOTE - c is not incremented as per n2l */
-#define n2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))    ; \
-			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
-			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
-			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
-			case 4: l1 =((unsigned long)(*(--(c))))    ; \
-			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
-			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
-			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
-				} \
-			}
-
-/* NOTE - c is not incremented as per l2n */
-#define l2nn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-				} \
-			}
-
-#undef n2l
-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++))))
-
-#undef l2n
-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)     )&0xff))
-
-#define C_RC2(n) \
-	t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
-	x0=(t<<1)|(t>>15); \
-	t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \
-	x1=(t<<2)|(t>>14); \
-	t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \
-	x2=(t<<3)|(t>>13); \
-	t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
-	x3=(t<<5)|(t>>11);
-
diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c
deleted file mode 100644
index 6668ac011f..0000000000
--- a/crypto/rc2/rc2_skey.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/* crypto/rc2/rc2_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/crypto.h>
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-
-static const unsigned char key_table[256]={
-	0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,
-	0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,
-	0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,
-	0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32,
-	0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22,
-	0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c,
-	0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f,
-	0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26,
-	0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b,
-	0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7,
-	0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde,
-	0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a,
-	0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e,
-	0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc,
-	0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85,
-	0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31,
-	0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10,
-	0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c,
-	0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b,
-	0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e,
-	0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68,
-	0xfe,0x7f,0xc1,0xad,
-	};
-
-#if defined(_MSC_VER) && defined(_ARM_)
-#pragma optimize("g",off)
-#endif
-
-/* It has come to my attention that there are 2 versions of the RC2
- * key schedule.  One which is normal, and anther which has a hook to
- * use a reduced key length.
- * BSAFE uses the 'retarded' version.  What I previously shipped is
- * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
- * a version where the bits parameter is the same as len*8 */
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#ifdef OPENSSL_FIPS
-	{
-	fips_cipher_abort(RC2);
-	private_RC2_set_key(key, len, data, bits);
-	}
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#endif
-	{
-	int i,j;
-	unsigned char *k;
-	RC2_INT *ki;
-	unsigned int c,d;
-
-	k= (unsigned char *)&(key->data[0]);
-	*k=0; /* for if there is a zero length key */
-
-	if (len > 128) len=128;
-	if (bits <= 0) bits=1024;
-	if (bits > 1024) bits=1024;
-
-	for (i=0; i<len; i++)
-		k[i]=data[i];
-
-	/* expand table */
-	d=k[len-1];
-	j=0;
-	for (i=len; i < 128; i++,j++)
-		{
-		d=key_table[(k[j]+d)&0xff];
-		k[i]=d;
-		}
-
-	/* hmm.... key reduction to 'bits' bits */
-
-	j=(bits+7)>>3;
-	i=128-j;
-	c= (0xff>>(-bits & 0x07));
-
-	d=key_table[k[i]&c];
-	k[i]=d;
-	while (i--)
-		{
-		d=key_table[k[i+j]^d];
-		k[i]=d;
-		}
-
-	/* copy from bytes into RC2_INT's */
-	ki= &(key->data[63]);
-	for (i=127; i>=0; i-=2)
-		*(ki--)=((k[i]<<8)|k[i-1])&0xffff;
-	}
-
-#if defined(_MSC_VER)
-#pragma optimize("",on)
-#endif
diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c
deleted file mode 100644
index b3a0158a6e..0000000000
--- a/crypto/rc2/rc2cfb64.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/rc2/rc2cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-		       long length, RC2_KEY *schedule, unsigned char *ivec,
-		       int *num, int encrypt)
-	{
-	register unsigned long v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	unsigned long ti[2];
-	unsigned char *iv,c,cc;
-
-	iv=(unsigned char *)ivec;
-	if (encrypt)
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0); ti[0]=v0;
-				c2l(iv,v1); ti[1]=v1;
-				RC2_encrypt((unsigned long *)ti,schedule);
-				iv=(unsigned char *)ivec;
-				t=ti[0]; l2c(t,iv);
-				t=ti[1]; l2c(t,iv);
-				iv=(unsigned char *)ivec;
-				}
-			c= *(in++)^iv[n];
-			*(out++)=c;
-			iv[n]=c;
-			n=(n+1)&0x07;
-			}
-		}
-	else
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0); ti[0]=v0;
-				c2l(iv,v1); ti[1]=v1;
-				RC2_encrypt((unsigned long *)ti,schedule);
-				iv=(unsigned char *)ivec;
-				t=ti[0]; l2c(t,iv);
-				t=ti[1]; l2c(t,iv);
-				iv=(unsigned char *)ivec;
-				}
-			cc= *(in++);
-			c=iv[n];
-			iv[n]=cc;
-			*(out++)=c^cc;
-			n=(n+1)&0x07;
-			}
-		}
-	v0=v1=ti[0]=ti[1]=t=c=cc=0;
-	*num=n;
-	}
-
diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c
deleted file mode 100644
index 9e297867ed..0000000000
--- a/crypto/rc2/rc2ofb64.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/* crypto/rc2/rc2ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-		       long length, RC2_KEY *schedule, unsigned char *ivec,
-		       int *num)
-	{
-	register unsigned long v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	unsigned char d[8];
-	register char *dp;
-	unsigned long ti[2];
-	unsigned char *iv;
-	int save=0;
-
-	iv=(unsigned char *)ivec;
-	c2l(iv,v0);
-	c2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	dp=(char *)d;
-	l2c(v0,dp);
-	l2c(v1,dp);
-	while (l--)
-		{
-		if (n == 0)
-			{
-			RC2_encrypt((unsigned long *)ti,schedule);
-			dp=(char *)d;
-			t=ti[0]; l2c(t,dp);
-			t=ti[1]; l2c(t,dp);
-			save++;
-			}
-		*(out++)= *(in++)^d[n];
-		n=(n+1)&0x07;
-		}
-	if (save)
-		{
-		v0=ti[0];
-		v1=ti[1];
-		iv=(unsigned char *)ivec;
-		l2c(v0,iv);
-		l2c(v1,iv);
-		}
-	t=v0=v1=ti[0]=ti[1]=0;
-	*num=n;
-	}
-
diff --git a/crypto/rc2/rc2speed.c b/crypto/rc2/rc2speed.c
deleted file mode 100644
index 85cf6f65bf..0000000000
--- a/crypto/rc2/rc2speed.c
+++ /dev/null
@@ -1,277 +0,0 @@
-/* crypto/rc2/rc2speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
-   The __TMS macro will show if it was.  If it wasn't defined, we should
-   undefine TIMES, since that tells the rest of the program how things
-   should be handled.				-- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/rc2.h>
-
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-#ifndef CLK_TCK
-#define HZ	100.0
-#else	/* CLK_TCK */
-#define HZ ((double)CLK_TCK)
-#endif	/* CLK_TCK */
-#endif	/* HZ */
-
-#define BUFSIZE	((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
-	{
-	signal(SIGALRM,sig_done);
-	run=0;
-#ifdef LINT
-	sig=sig;
-#endif
-	}
-#endif
-
-#define START	0
-#define STOP	1
-
-double Time_F(int s)
-	{
-	double ret;
-#ifdef TIMES
-	static struct tms tstart,tend;
-
-	if (s == START)
-		{
-		times(&tstart);
-		return(0);
-		}
-	else
-		{
-		times(&tend);
-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
-		return((ret == 0.0)?1e-6:ret);
-		}
-#else /* !times() */
-	static struct timeb tstart,tend;
-	long i;
-
-	if (s == START)
-		{
-		ftime(&tstart);
-		return(0);
-		}
-	else
-		{
-		ftime(&tend);
-		i=(long)tend.millitm-(long)tstart.millitm;
-		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
-		return((ret == 0.0)?1e-6:ret);
-		}
-#endif
-	}
-
-int main(int argc, char **argv)
-	{
-	long count;
-	static unsigned char buf[BUFSIZE];
-	static unsigned char key[] ={
-			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
-			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
-			};
-	RC2_KEY sch;
-	double a,b,c,d;
-#ifndef SIGALRM
-	long ca,cb,cc;
-#endif
-
-#ifndef TIMES
-	printf("To get the most accurate results, try to run this\n");
-	printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
-	printf("First we calculate the approximate speed ...\n");
-	RC2_set_key(&sch,16,key,128);
-	count=10;
-	do	{
-		long i;
-		unsigned long data[2];
-
-		count*=2;
-		Time_F(START);
-		for (i=count; i; i--)
-			RC2_encrypt(data,&sch);
-		d=Time_F(STOP);
-		} while (d < 3.0);
-	ca=count/512;
-	cb=count;
-	cc=count*8/BUFSIZE+1;
-	printf("Doing RC2_set_key %ld times\n",ca);
-#define COND(d)	(count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c)	(run)
-#define COUNT(d) (count)
-	signal(SIGALRM,sig_done);
-	printf("Doing RC2_set_key for 10 seconds\n");
-	alarm(10);
-#endif
-
-	Time_F(START);
-	for (count=0,run=1; COND(ca); count+=4)
-		{
-		RC2_set_key(&sch,16,key,128);
-		RC2_set_key(&sch,16,key,128);
-		RC2_set_key(&sch,16,key,128);
-		RC2_set_key(&sch,16,key,128);
-		}
-	d=Time_F(STOP);
-	printf("%ld RC2_set_key's in %.2f seconds\n",count,d);
-	a=((double)COUNT(ca))/d;
-
-#ifdef SIGALRM
-	printf("Doing RC2_encrypt's for 10 seconds\n");
-	alarm(10);
-#else
-	printf("Doing RC2_encrypt %ld times\n",cb);
-#endif
-	Time_F(START);
-	for (count=0,run=1; COND(cb); count+=4)
-		{
-		unsigned long data[2];
-
-		RC2_encrypt(data,&sch);
-		RC2_encrypt(data,&sch);
-		RC2_encrypt(data,&sch);
-		RC2_encrypt(data,&sch);
-		}
-	d=Time_F(STOP);
-	printf("%ld RC2_encrypt's in %.2f second\n",count,d);
-	b=((double)COUNT(cb)*8)/d;
-
-#ifdef SIGALRM
-	printf("Doing RC2_cbc_encrypt on %ld byte blocks for 10 seconds\n",
-		BUFSIZE);
-	alarm(10);
-#else
-	printf("Doing RC2_cbc_encrypt %ld times on %ld byte blocks\n",cc,
-		BUFSIZE);
-#endif
-	Time_F(START);
-	for (count=0,run=1; COND(cc); count++)
-		RC2_cbc_encrypt(buf,buf,BUFSIZE,&sch,
-			&(key[0]),RC2_ENCRYPT);
-	d=Time_F(STOP);
-	printf("%ld RC2_cbc_encrypt's of %ld byte blocks in %.2f second\n",
-		count,BUFSIZE,d);
-	c=((double)COUNT(cc)*BUFSIZE)/d;
-
-	printf("RC2 set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
-	printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
-	printf("RC2 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
-	exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
-	return(0);
-#endif
-	}
diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c
deleted file mode 100644
index 0e117436bb..0000000000
--- a/crypto/rc2/rc2test.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/* crypto/rc2/rc2test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
- * RC2 modes, more of the code will be uncommented. */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_RC2
-int main(int argc, char *argv[])
-{
-    printf("No RC2 support\n");
-    return(0);
-}
-#else
-#include <openssl/rc2.h>
-
-static unsigned char RC2key[4][16]={
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
-	 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F},
-	};
-
-static unsigned char RC2plain[4][8]={
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	};
-
-static unsigned char RC2cipher[4][8]={
-	{0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7},
-	{0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74},
-	{0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E},
-	{0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31},
-	};
-/************/
-#ifdef undef
-unsigned char k[16]={
-	0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
-	0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
-
-unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
-unsigned char  c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
-unsigned char out[80];
-
-char *text="Hello to all people out there";
-
-static unsigned char cfb_key[16]={
-	0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
-	0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
-	};
-static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
-static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
-#define CFB_TEST_SIZE 24
-static unsigned char plain[CFB_TEST_SIZE]=
-        {
-        0x4e,0x6f,0x77,0x20,0x69,0x73,
-        0x20,0x74,0x68,0x65,0x20,0x74,
-        0x69,0x6d,0x65,0x20,0x66,0x6f,
-        0x72,0x20,0x61,0x6c,0x6c,0x20
-        };
-static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
-	0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
-	0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
-	0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
-
-/*	0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
-	0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
-	0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
-	}; 
-
-
-/*static int cfb64_test(unsigned char *cfb_cipher);*/
-static char *pt(unsigned char *p);
-#endif
-
-int main(int argc, char *argv[])
-	{
-	int i,n,err=0;
-	RC2_KEY key; 
-	unsigned char buf[8],buf2[8];
-
-	for (n=0; n<4; n++)
-		{
-		RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */);
-
-		RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT);
-		if (memcmp(&(RC2cipher[n][0]),buf,8) != 0)
-			{
-			printf("ecb rc2 error encrypting\n");
-			printf("got     :");
-			for (i=0; i<8; i++)
-				printf("%02X ",buf[i]);
-			printf("\n");
-			printf("expected:");
-			for (i=0; i<8; i++)
-				printf("%02X ",RC2cipher[n][i]);
-			err=20;
-			printf("\n");
-			}
-
-		RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT);
-		if (memcmp(&(RC2plain[n][0]),buf2,8) != 0)
-			{
-			printf("ecb RC2 error decrypting\n");
-			printf("got     :");
-			for (i=0; i<8; i++)
-				printf("%02X ",buf[i]);
-			printf("\n");
-			printf("expected:");
-			for (i=0; i<8; i++)
-				printf("%02X ",RC2plain[n][i]);
-			printf("\n");
-			err=3;
-			}
-		}
-
-	if (err == 0) printf("ecb RC2 ok\n");
-#ifdef undef
-	memcpy(iv,k,8);
-	idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
-	memcpy(iv,k,8);
-	idea_cbc_encrypt(out,out,8,&dkey,iv,0);
-	idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
-	if (memcmp(text,out,strlen(text)+1) != 0)
-		{
-		printf("cbc idea bad\n");
-		err=4;
-		}
-	else
-		printf("cbc idea ok\n");
-
-	printf("cfb64 idea ");
-	if (cfb64_test(cfb_cipher64))
-		{
-		printf("bad\n");
-		err=5;
-		}
-	else
-		printf("ok\n");
-#endif
-
-#ifdef OPENSSL_SYS_NETWARE
-    if (err) printf("ERROR: %d\n", err);
-#endif
-	EXIT(err);
-	return(err);
-	}
-
-#ifdef undef
-static int cfb64_test(unsigned char *cfb_cipher)
-        {
-        IDEA_KEY_SCHEDULE eks,dks;
-        int err=0,i,n;
-
-        idea_set_encrypt_key(cfb_key,&eks);
-        idea_set_decrypt_key(&eks,&dks);
-        memcpy(cfb_tmp,cfb_iv,8);
-        n=0;
-        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
-                cfb_tmp,&n,IDEA_ENCRYPT);
-        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
-                (long)CFB_TEST_SIZE-12,&eks,
-                cfb_tmp,&n,IDEA_ENCRYPT);
-        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
-                {
-                err=1;
-                printf("idea_cfb64_encrypt encrypt error\n");
-                for (i=0; i<CFB_TEST_SIZE; i+=8)
-                        printf("%s\n",pt(&(cfb_buf1[i])));
-                }
-        memcpy(cfb_tmp,cfb_iv,8);
-        n=0;
-        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
-                cfb_tmp,&n,IDEA_DECRYPT);
-        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
-                (long)CFB_TEST_SIZE-17,&dks,
-                cfb_tmp,&n,IDEA_DECRYPT);
-        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
-                {
-                err=1;
-                printf("idea_cfb_encrypt decrypt error\n");
-                for (i=0; i<24; i+=8)
-                        printf("%s\n",pt(&(cfb_buf2[i])));
-                }
-        return(err);
-        }
-
-static char *pt(unsigned char *p)
-	{
-	static char bufs[10][20];
-	static int bnum=0;
-	char *ret;
-	int i;
-	static char *f="0123456789ABCDEF";
-
-	ret= &(bufs[bnum++][0]);
-	bnum%=10;
-	for (i=0; i<8; i++)
-		{
-		ret[i*2]=f[(p[i]>>4)&0xf];
-		ret[i*2+1]=f[p[i]&0xf];
-		}
-	ret[16]='\0';
-	return(ret);
-	}
-	
-#endif
-#endif
diff --git a/crypto/rc2/rrc2.doc b/crypto/rc2/rrc2.doc
deleted file mode 100644
index f93ee003d2..0000000000
--- a/crypto/rc2/rrc2.doc
+++ /dev/null
@@ -1,219 +0,0 @@
->From cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news Mon Feb 12 18:48:17 EST 1996
-Article 23601 of sci.crypt:
-Path: cygnus.mincom.oz.au!minbne.mincom.oz.au!bunyip.cc.uq.oz.au!munnari.OZ.AU!comp.vuw.ac.nz!waikato!auckland.ac.nz!news
->From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
-Newsgroups: sci.crypt
-Subject: Specification for Ron Rivests Cipher No.2
-Date: 11 Feb 1996 06:45:03 GMT
-Organization: University of Auckland
-Lines: 203
-Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
-Message-ID: <4fk39f$f70@net.auckland.ac.nz>
-NNTP-Posting-Host: cs26.cs.auckland.ac.nz
-X-Newsreader: NN version 6.5.0 #3 (NOV)
-
-
-
-
-                           Ron Rivest's Cipher No.2
-                           ------------------------
- 
-Ron Rivest's Cipher No.2 (hereafter referred to as RRC.2, other people may
-refer to it by other names) is word oriented, operating on a block of 64 bits
-divided into four 16-bit words, with a key table of 64 words.  All data units
-are little-endian.  This functional description of the algorithm is based in
-the paper "The RC5 Encryption Algorithm" (RC5 is a trademark of RSADSI), using
-the same general layout, terminology, and pseudocode style.
- 
- 
-Notation and RRC.2 Primitive Operations
- 
-RRC.2 uses the following primitive operations:
- 
-1. Two's-complement addition of words, denoted by "+".  The inverse operation,
-   subtraction, is denoted by "-".
-2. Bitwise exclusive OR, denoted by "^".
-3. Bitwise AND, denoted by "&".
-4. Bitwise NOT, denoted by "~".
-5. A left-rotation of words; the rotation of word x left by y is denoted
-   x <<< y.  The inverse operation, right-rotation, is denoted x >>> y.
- 
-These operations are directly and efficiently supported by most processors.
- 
- 
-The RRC.2 Algorithm
- 
-RRC.2 consists of three components, a *key expansion* algorithm, an
-*encryption* algorithm, and a *decryption* algorithm.
- 
- 
-Key Expansion
- 
-The purpose of the key-expansion routine is to expand the user's key K to fill
-the expanded key array S, so S resembles an array of random binary words
-determined by the user's secret key K.
- 
-Initialising the S-box
- 
-RRC.2 uses a single 256-byte S-box derived from the ciphertext contents of
-Beale Cipher No.1 XOR'd with a one-time pad.  The Beale Ciphers predate modern
-cryptography by enough time that there should be no concerns about trapdoors
-hidden in the data.  They have been published widely, and the S-box can be
-easily recreated from the one-time pad values and the Beale Cipher data taken
-from a standard source.  To initialise the S-box:
- 
-  for i = 0 to 255 do
-    sBox[ i ] = ( beale[ i ] mod 256 ) ^ pad[ i ]
- 
-The contents of Beale Cipher No.1 and the necessary one-time pad are given as
-an appendix at the end of this document.  For efficiency, implementors may wish
-to skip the Beale Cipher expansion and store the sBox table directly.
- 
-Expanding the Secret Key to 128 Bytes
- 
-The secret key is first expanded to fill 128 bytes (64 words).  The expansion
-consists of taking the sum of the first and last bytes in the user key, looking
-up the sum (modulo 256) in the S-box, and appending the result to the key.  The
-operation is repeated with the second byte and new last byte of the key until
-all 128 bytes have been generated.  Note that the following pseudocode treats
-the S array as an array of 128 bytes rather than 64 words.
- 
-  for j = 0 to length-1 do
-    S[ j ] = K[ j ]
-  for j = length to 127 do
-    s[ j ] = sBox[ ( S[ j-length ] + S[ j-1 ] ) mod 256 ];
- 
-At this point it is possible to perform a truncation of the effective key
-length to ease the creation of espionage-enabled software products.  However
-since the author cannot conceive why anyone would want to do this, it will not
-be considered further.
- 
-The final phase of the key expansion involves replacing the first byte of S
-with the entry selected from the S-box:
- 
-  S[ 0 ] = sBox[ S[ 0 ] ]
- 
- 
-Encryption
- 
-The cipher has 16 full rounds, each divided into 4 subrounds.  Two of the full
-rounds perform an additional transformation on the data.  Note that the
-following pseudocode treats the S array as an array of 64 words rather than 128
-bytes.
- 
-  for i = 0 to 15 do
-    j = i * 4;
-    word0 = ( word0 + ( word1 & ~word3 ) + ( word2 & word3 ) + S[ j+0 ] ) <<< 1
-    word1 = ( word1 + ( word2 & ~word0 ) + ( word3 & word0 ) + S[ j+1 ] ) <<< 2
-    word2 = ( word2 + ( word3 & ~word1 ) + ( word0 & word1 ) + S[ j+2 ] ) <<< 3
-    word3 = ( word3 + ( word0 & ~word2 ) + ( word1 & word2 ) + S[ j+3 ] ) <<< 5
- 
-In addition the fifth and eleventh rounds add the contents of the S-box indexed
-by one of the data words to another of the data words following the four
-subrounds as follows:
- 
-    word0 = word0 + S[ word3 & 63 ];
-    word1 = word1 + S[ word0 & 63 ];
-    word2 = word2 + S[ word1 & 63 ];
-    word3 = word3 + S[ word2 & 63 ];
- 
- 
-Decryption
- 
-The decryption operation is simply the inverse of the encryption operation.
-Note that the following pseudocode treats the S array as an array of 64 words
-rather than 128 bytes.
- 
-  for i = 15 downto 0 do
-    j = i * 4;
-    word3 = ( word3 >>> 5 ) - ( word0 & ~word2 ) - ( word1 & word2 ) - S[ j+3 ]
-    word2 = ( word2 >>> 3 ) - ( word3 & ~word1 ) - ( word0 & word1 ) - S[ j+2 ]
-    word1 = ( word1 >>> 2 ) - ( word2 & ~word0 ) - ( word3 & word0 ) - S[ j+1 ]
-    word0 = ( word0 >>> 1 ) - ( word1 & ~word3 ) - ( word2 & word3 ) - S[ j+0 ]
- 
-In addition the fifth and eleventh rounds subtract the contents of the S-box
-indexed by one of the data words from another one of the data words following
-the four subrounds as follows:
- 
-    word3 = word3 - S[ word2 & 63 ]
-    word2 = word2 - S[ word1 & 63 ]
-    word1 = word1 - S[ word0 & 63 ]
-    word0 = word0 - S[ word3 & 63 ]
- 
- 
-Test Vectors
- 
-The following test vectors may be used to test the correctness of an RRC.2
-implementation:
- 
-  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-  Cipher:   0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7
- 
-  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
-  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-  Cipher:   0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74
- 
-  Key:      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-  Plain:    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
-  Cipher:   0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E
- 
-  Key:      0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-            0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-  Plain:    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-  Cipher:   0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31
- 
- 
-Appendix: Beale Cipher No.1, "The Locality of the Vault", and One-time Pad for
-          Creating the S-Box
- 
-Beale Cipher No.1.
- 
-  71, 194,  38,1701,  89,  76,  11,  83,1629,  48,  94,  63, 132,  16, 111,  95,
-  84, 341, 975,  14,  40,  64,  27,  81, 139, 213,  63,  90,1120,   8,  15,   3,
- 126,2018,  40,  74, 758, 485, 604, 230, 436, 664, 582, 150, 251, 284, 308, 231,
- 124, 211, 486, 225, 401, 370,  11, 101, 305, 139, 189,  17,  33,  88, 208, 193,
- 145,   1,  94,  73, 416, 918, 263,  28, 500, 538, 356, 117, 136, 219,  27, 176,
- 130,  10, 460,  25, 485,  18, 436,  65,  84, 200, 283, 118, 320, 138,  36, 416,
- 280,  15,  71, 224, 961,  44,  16, 401,  39,  88,  61, 304,  12,  21,  24, 283,
- 134,  92,  63, 246, 486, 682,   7, 219, 184, 360, 780,  18,  64, 463, 474, 131,
- 160,  79,  73, 440,  95,  18,  64, 581,  34,  69, 128, 367, 460,  17,  81,  12,
- 103, 820,  62, 110,  97, 103, 862,  70,  60,1317, 471, 540, 208, 121, 890, 346,
-  36, 150,  59, 568, 614,  13, 120,  63, 219, 812,2160,1780,  99,  35,  18,  21,
- 136, 872,  15,  28, 170,  88,   4,  30,  44, 112,  18, 147, 436, 195, 320,  37,
- 122, 113,   6, 140,   8, 120, 305,  42,  58, 461,  44, 106, 301,  13, 408, 680,
-  93,  86, 116, 530,  82, 568,   9, 102,  38, 416,  89,  71, 216, 728, 965, 818,
-   2,  38, 121, 195,  14, 326, 148, 234,  18,  55, 131, 234, 361, 824,   5,  81,
- 623,  48, 961,  19,  26,  33,  10,1101, 365,  92,  88, 181, 275, 346, 201, 206
- 
-One-time Pad.
- 
- 158, 186, 223,  97,  64, 145, 190, 190, 117, 217, 163,  70, 206, 176, 183, 194,
- 146,  43, 248, 141,   3,  54,  72, 223, 233, 153,  91, 210,  36, 131, 244, 161,
- 105, 120, 113, 191, 113,  86,  19, 245, 213, 221,  43,  27, 242, 157,  73, 213,
- 193,  92, 166,  10,  23, 197, 112, 110, 193,  30, 156,  51, 125,  51, 158,  67,
- 197, 215,  59, 218, 110, 246, 181,   0, 135,  76, 164,  97,  47,  87, 234, 108,
- 144, 127,   6,   6, 222, 172,  80, 144,  22, 245, 207,  70, 227, 182, 146, 134,
- 119, 176,  73,  58, 135,  69,  23, 198,   0, 170,  32, 171, 176, 129,  91,  24,
- 126,  77, 248,   0, 118,  69,  57,  60, 190, 171, 217,  61, 136, 169, 196,  84,
- 168, 167, 163, 102, 223,  64, 174, 178, 166, 239, 242, 195, 249,  92,  59,  38,
- 241,  46, 236,  31,  59, 114,  23,  50, 119, 186,   7,  66, 212,  97, 222, 182,
- 230, 118, 122,  86, 105,  92, 179, 243, 255, 189, 223, 164, 194, 215,  98,  44,
-  17,  20,  53, 153, 137, 224, 176, 100, 208, 114,  36, 200, 145, 150, 215,  20,
-  87,  44, 252,  20, 235, 242, 163, 132,  63,  18,   5, 122,  74,  97,  34,  97,
- 142,  86, 146, 221, 179, 166, 161,  74,  69, 182,  88, 120, 128,  58,  76, 155,
-  15,  30,  77, 216, 165, 117, 107,  90, 169, 127, 143, 181, 208, 137, 200, 127,
- 170, 195,  26,  84, 255, 132, 150,  58, 103, 250, 120, 221, 237,  37,   8,  99
- 
- 
-Implementation
- 
-A non-US based programmer who has never seen any encryption code before will
-shortly be implementing RRC.2 based solely on this specification and not on
-knowledge of any other encryption algorithms.  Stand by.
-
-
-
diff --git a/crypto/rc2/tab.c b/crypto/rc2/tab.c
deleted file mode 100644
index 25dc14eeba..0000000000
--- a/crypto/rc2/tab.c
+++ /dev/null
@@ -1,86 +0,0 @@
-#include <stdio.h>
-
-unsigned char ebits_to_num[256]={
-	0xbd,0x56,0xea,0xf2,0xa2,0xf1,0xac,0x2a,
-	0xb0,0x93,0xd1,0x9c,0x1b,0x33,0xfd,0xd0,
-	0x30,0x04,0xb6,0xdc,0x7d,0xdf,0x32,0x4b,
-	0xf7,0xcb,0x45,0x9b,0x31,0xbb,0x21,0x5a,
-	0x41,0x9f,0xe1,0xd9,0x4a,0x4d,0x9e,0xda,
-	0xa0,0x68,0x2c,0xc3,0x27,0x5f,0x80,0x36,
-	0x3e,0xee,0xfb,0x95,0x1a,0xfe,0xce,0xa8,
-	0x34,0xa9,0x13,0xf0,0xa6,0x3f,0xd8,0x0c,
-	0x78,0x24,0xaf,0x23,0x52,0xc1,0x67,0x17,
-	0xf5,0x66,0x90,0xe7,0xe8,0x07,0xb8,0x60,
-	0x48,0xe6,0x1e,0x53,0xf3,0x92,0xa4,0x72,
-	0x8c,0x08,0x15,0x6e,0x86,0x00,0x84,0xfa,
-	0xf4,0x7f,0x8a,0x42,0x19,0xf6,0xdb,0xcd,
-	0x14,0x8d,0x50,0x12,0xba,0x3c,0x06,0x4e,
-	0xec,0xb3,0x35,0x11,0xa1,0x88,0x8e,0x2b,
-	0x94,0x99,0xb7,0x71,0x74,0xd3,0xe4,0xbf,
-	0x3a,0xde,0x96,0x0e,0xbc,0x0a,0xed,0x77,
-	0xfc,0x37,0x6b,0x03,0x79,0x89,0x62,0xc6,
-	0xd7,0xc0,0xd2,0x7c,0x6a,0x8b,0x22,0xa3,
-	0x5b,0x05,0x5d,0x02,0x75,0xd5,0x61,0xe3,
-	0x18,0x8f,0x55,0x51,0xad,0x1f,0x0b,0x5e,
-	0x85,0xe5,0xc2,0x57,0x63,0xca,0x3d,0x6c,
-	0xb4,0xc5,0xcc,0x70,0xb2,0x91,0x59,0x0d,
-	0x47,0x20,0xc8,0x4f,0x58,0xe0,0x01,0xe2,
-	0x16,0x38,0xc4,0x6f,0x3b,0x0f,0x65,0x46,
-	0xbe,0x7e,0x2d,0x7b,0x82,0xf9,0x40,0xb5,
-	0x1d,0x73,0xf8,0xeb,0x26,0xc7,0x87,0x97,
-	0x25,0x54,0xb1,0x28,0xaa,0x98,0x9d,0xa5,
-	0x64,0x6d,0x7a,0xd4,0x10,0x81,0x44,0xef,
-	0x49,0xd6,0xae,0x2e,0xdd,0x76,0x5c,0x2f,
-	0xa7,0x1c,0xc9,0x09,0x69,0x9a,0x83,0xcf,
-	0x29,0x39,0xb9,0xe9,0x4c,0xff,0x43,0xab,
-	};
-
-unsigned char num_to_ebits[256]={
-	0x5d,0xbe,0x9b,0x8b,0x11,0x99,0x6e,0x4d,
-	0x59,0xf3,0x85,0xa6,0x3f,0xb7,0x83,0xc5,
-	0xe4,0x73,0x6b,0x3a,0x68,0x5a,0xc0,0x47,
-	0xa0,0x64,0x34,0x0c,0xf1,0xd0,0x52,0xa5,
-	0xb9,0x1e,0x96,0x43,0x41,0xd8,0xd4,0x2c,
-	0xdb,0xf8,0x07,0x77,0x2a,0xca,0xeb,0xef,
-	0x10,0x1c,0x16,0x0d,0x38,0x72,0x2f,0x89,
-	0xc1,0xf9,0x80,0xc4,0x6d,0xae,0x30,0x3d,
-	0xce,0x20,0x63,0xfe,0xe6,0x1a,0xc7,0xb8,
-	0x50,0xe8,0x24,0x17,0xfc,0x25,0x6f,0xbb,
-	0x6a,0xa3,0x44,0x53,0xd9,0xa2,0x01,0xab,
-	0xbc,0xb6,0x1f,0x98,0xee,0x9a,0xa7,0x2d,
-	0x4f,0x9e,0x8e,0xac,0xe0,0xc6,0x49,0x46,
-	0x29,0xf4,0x94,0x8a,0xaf,0xe1,0x5b,0xc3,
-	0xb3,0x7b,0x57,0xd1,0x7c,0x9c,0xed,0x87,
-	0x40,0x8c,0xe2,0xcb,0x93,0x14,0xc9,0x61,
-	0x2e,0xe5,0xcc,0xf6,0x5e,0xa8,0x5c,0xd6,
-	0x75,0x8d,0x62,0x95,0x58,0x69,0x76,0xa1,
-	0x4a,0xb5,0x55,0x09,0x78,0x33,0x82,0xd7,
-	0xdd,0x79,0xf5,0x1b,0x0b,0xde,0x26,0x21,
-	0x28,0x74,0x04,0x97,0x56,0xdf,0x3c,0xf0,
-	0x37,0x39,0xdc,0xff,0x06,0xa4,0xea,0x42,
-	0x08,0xda,0xb4,0x71,0xb0,0xcf,0x12,0x7a,
-	0x4e,0xfa,0x6c,0x1d,0x84,0x00,0xc8,0x7f,
-	0x91,0x45,0xaa,0x2b,0xc2,0xb1,0x8f,0xd5,
-	0xba,0xf2,0xad,0x19,0xb2,0x67,0x36,0xf7,
-	0x0f,0x0a,0x92,0x7d,0xe3,0x9d,0xe9,0x90,
-	0x3e,0x23,0x27,0x66,0x13,0xec,0x81,0x15,
-	0xbd,0x22,0xbf,0x9f,0x7e,0xa9,0x51,0x4b,
-	0x4c,0xfb,0x02,0xd3,0x70,0x86,0x31,0xe7,
-	0x3b,0x05,0x03,0x54,0x60,0x48,0x65,0x18,
-	0xd2,0xcd,0x5f,0x32,0x88,0x0e,0x35,0xfd,
-	};
-	
-main()
-	{
-	int i,j;
-
-	for (i=0; i<256; i++)
-		{
-		for (j=0; j<256; j++)
-			if (ebits_to_num[j] == i)
-				{
-				printf("0x%02x,",j);
-				break;
-				}
-		}
-	}
diff --git a/crypto/rc2/version b/crypto/rc2/version
deleted file mode 100644
index 6f89d595f1..0000000000
--- a/crypto/rc2/version
+++ /dev/null
@@ -1,22 +0,0 @@
-1.1 23/08/96 - eay
-	Changed RC2_set_key() so it now takes another argument.  Many
-	thanks to Peter Gutmann <pgut01@cs.auckland.ac.nz> for the
-	clarification and origional specification of RC2.  BSAFE uses
-	this last parameter, 'bits'.  It the key is 128 bits, BSAFE
-	also sets this parameter to 128.  The old behaviour can be
-	duplicated by setting this parameter to 1024.
-
-1.0 08/04/96 - eay
-	First version of SSLeay with rc2.  This has been written from the spec
-	posted sci.crypt.  It is in this directory under rrc2.doc
-	I have no test values for any mode other than ecb, my wrappers for the
-	other modes should be ok since they are basically the same as
-	the ones taken from idea and des :-).  I have implemented them as
-	little-endian operators.
-	While rc2 is included because it is used with SSL, I don't know how
-	far I trust it.  It is about the same speed as IDEA and DES.
-	So if you are paranoid, used Tripple DES, else IDEA.  If RC2
-	does get used more, perhaps more people will look for weaknesses in
-	it.
-	
-
diff --git a/crypto/rc4/asm/rc4-586.pl b/crypto/rc4/asm/rc4-586.pl
deleted file mode 100644
index 5c9ac6ad28..0000000000
--- a/crypto/rc4/asm/rc4-586.pl
+++ /dev/null
@@ -1,410 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# [Re]written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# At some point it became apparent that the original SSLeay RC4
-# assembler implementation performs suboptimally on latest IA-32
-# microarchitectures. After re-tuning performance has changed as
-# following:
-#
-# Pentium	-10%
-# Pentium III	+12%
-# AMD		+50%(*)
-# P4		+250%(**)
-#
-# (*)	This number is actually a trade-off:-) It's possible to
-#	achieve	+72%, but at the cost of -48% off PIII performance.
-#	In other words code performing further 13% faster on AMD
-#	would perform almost 2 times slower on Intel PIII...
-#	For reference! This code delivers ~80% of rc4-amd64.pl
-#	performance on the same Opteron machine.
-# (**)	This number requires compressed key schedule set up by
-#	RC4_set_key [see commentary below for further details].
-#
-#					<appro@fy.chalmers.se>
-
-# May 2011
-#
-# Optimize for Core2 and Westmere [and incidentally Opteron]. Current
-# performance in cycles per processed byte (less is better) and
-# improvement relative to previous version of this module is:
-#
-# Pentium	10.2			# original numbers
-# Pentium III	7.8(*)
-# Intel P4	7.5
-#
-# Opteron	6.1/+20%		# new MMX numbers
-# Core2		5.3/+67%(**)
-# Westmere	5.1/+94%(**)
-# Sandy Bridge	5.0/+8%
-# Atom		12.6/+6%
-#
-# (*)	PIII can actually deliver 6.6 cycles per byte with MMX code,
-#	but this specific code performs poorly on Core2. And vice
-#	versa, below MMX/SSE code delivering 5.8/7.1 on Core2 performs
-#	poorly on PIII, at 8.0/14.5:-( As PIII is not a "hot" CPU
-#	[anymore], I chose to discard PIII-specific code path and opt
-#	for original IALU-only code, which is why MMX/SSE code path
-#	is guarded by SSE2 bit (see below), not MMX/SSE.
-# (**)	Performance vs. block size on Core2 and Westmere had a maximum
-#	at ... 64 bytes block size. And it was quite a maximum, 40-60%
-#	in comparison to largest 8KB block size. Above improvement
-#	coefficients are for the largest block size.
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"rc4-586.pl");
-
-$xx="eax";
-$yy="ebx";
-$tx="ecx";
-$ty="edx";
-$inp="esi";
-$out="ebp";
-$dat="edi";
-
-sub RC4_loop {
-  my $i=shift;
-  my $func = ($i==0)?*mov:*or;
-
-	&add	(&LB($yy),&LB($tx));
-	&mov	($ty,&DWP(0,$dat,$yy,4));
-	&mov	(&DWP(0,$dat,$yy,4),$tx);
-	&mov	(&DWP(0,$dat,$xx,4),$ty);
-	&add	($ty,$tx);
-	&inc	(&LB($xx));
-	&and	($ty,0xff);
-	&ror	($out,8)	if ($i!=0);
-	if ($i<3) {
-	  &mov	($tx,&DWP(0,$dat,$xx,4));
-	} else {
-	  &mov	($tx,&wparam(3));	# reload [re-biased] out
-	}
-	&$func	($out,&DWP(0,$dat,$ty,4));
-}
-
-if ($alt=0) {
-  # >20% faster on Atom and Sandy Bridge[!], 8% faster on Opteron,
-  # but ~40% slower on Core2 and Westmere... Attempt to add movz
-  # brings down Opteron by 25%, Atom and Sandy Bridge by 15%, yet
-  # on Core2 with movz it's almost 20% slower than below alternative
-  # code... Yes, it's a total mess...
-  my @XX=($xx,$out);
-  $RC4_loop_mmx = sub {		# SSE actually...
-    my $i=shift;
-    my $j=$i<=0?0:$i>>1;
-    my $mm=$i<=0?"mm0":"mm".($i&1);
-
-	&add	(&LB($yy),&LB($tx));
-	&lea	(@XX[1],&DWP(1,@XX[0]));
-	&pxor	("mm2","mm0")				if ($i==0);
-	&psllq	("mm1",8)				if ($i==0);
-	&and	(@XX[1],0xff);
-	&pxor	("mm0","mm0")				if ($i<=0);
-	&mov	($ty,&DWP(0,$dat,$yy,4));
-	&mov	(&DWP(0,$dat,$yy,4),$tx);
-	&pxor	("mm1","mm2")				if ($i==0);
-	&mov	(&DWP(0,$dat,$XX[0],4),$ty);
-	&add	(&LB($ty),&LB($tx));
-	&movd	(@XX[0],"mm7")				if ($i==0);
-	&mov	($tx,&DWP(0,$dat,@XX[1],4));
-	&pxor	("mm1","mm1")				if ($i==1);
-	&movq	("mm2",&QWP(0,$inp))			if ($i==1);
-	&movq	(&QWP(-8,(@XX[0],$inp)),"mm1")		if ($i==0);
-	&pinsrw	($mm,&DWP(0,$dat,$ty,4),$j);
-
-	push	(@XX,shift(@XX))			if ($i>=0);
-  }
-} else {
-  # Using pinsrw here improves performane on Intel CPUs by 2-3%, but
-  # brings down AMD by 7%...
-  $RC4_loop_mmx = sub {
-    my $i=shift;
-
-	&add	(&LB($yy),&LB($tx));
-	&psllq	("mm1",8*(($i-1)&7))			if (abs($i)!=1);
-	&mov	($ty,&DWP(0,$dat,$yy,4));
-	&mov	(&DWP(0,$dat,$yy,4),$tx);
-	&mov	(&DWP(0,$dat,$xx,4),$ty);
-	&inc	($xx);
-	&add	($ty,$tx);
-	&movz	($xx,&LB($xx));				# (*)
-	&movz	($ty,&LB($ty));				# (*)
-	&pxor	("mm2",$i==1?"mm0":"mm1")		if ($i>=0);
-	&movq	("mm0",&QWP(0,$inp))			if ($i<=0);
-	&movq	(&QWP(-8,($out,$inp)),"mm2")		if ($i==0);
-	&mov	($tx,&DWP(0,$dat,$xx,4));
-	&movd	($i>0?"mm1":"mm2",&DWP(0,$dat,$ty,4));
-
-	# (*)	This is the key to Core2 and Westmere performance.
-	#	Whithout movz out-of-order execution logic confuses
-	#	itself and fails to reorder loads and stores. Problem
-	#	appears to be fixed in Sandy Bridge...
-  }
-}
-
-&external_label("OPENSSL_ia32cap_P");
-
-# void RC4(RC4_KEY *key,size_t len,const unsigned char *inp,unsigned char *out);
-&function_begin("RC4");
-	&mov	($dat,&wparam(0));	# load key schedule pointer
-	&mov	($ty, &wparam(1));	# load len
-	&mov	($inp,&wparam(2));	# load inp
-	&mov	($out,&wparam(3));	# load out
-
-	&xor	($xx,$xx);		# avoid partial register stalls
-	&xor	($yy,$yy);
-
-	&cmp	($ty,0);		# safety net
-	&je	(&label("abort"));
-
-	&mov	(&LB($xx),&BP(0,$dat));	# load key->x
-	&mov	(&LB($yy),&BP(4,$dat));	# load key->y
-	&add	($dat,8);
-
-	&lea	($tx,&DWP(0,$inp,$ty));
-	&sub	($out,$inp);		# re-bias out
-	&mov	(&wparam(1),$tx);	# save input+len
-
-	&inc	(&LB($xx));
-
-	# detect compressed key schedule...
-	&cmp	(&DWP(256,$dat),-1);
-	&je	(&label("RC4_CHAR"));
-
-	&mov	($tx,&DWP(0,$dat,$xx,4));
-
-	&and	($ty,-4);		# how many 4-byte chunks?
-	&jz	(&label("loop1"));
-
-	&test	($ty,-8);
-	&mov	(&wparam(3),$out);	# $out as accumulator in these loops
-	&jz	(&label("go4loop4"));
-
-	&picmeup($out,"OPENSSL_ia32cap_P");
-	&bt	(&DWP(0,$out),26);	# check SSE2 bit [could have been MMX]
-	&jnc	(&label("go4loop4"));
-
-	&mov	($out,&wparam(3))	if (!$alt);
-	&movd	("mm7",&wparam(3))	if ($alt);
-	&and	($ty,-8);
-	&lea	($ty,&DWP(-8,$inp,$ty));
-	&mov	(&DWP(-4,$dat),$ty);	# save input+(len/8)*8-8
-
-	&$RC4_loop_mmx(-1);
-	&jmp(&label("loop_mmx_enter"));
-
-	&set_label("loop_mmx",16);
-		&$RC4_loop_mmx(0);
-	&set_label("loop_mmx_enter");
-		for 	($i=1;$i<8;$i++) { &$RC4_loop_mmx($i); }
-		&mov	($ty,$yy);
-		&xor	($yy,$yy);		# this is second key to Core2
-		&mov	(&LB($yy),&LB($ty));	# and Westmere performance...
-		&cmp	($inp,&DWP(-4,$dat));
-		&lea	($inp,&DWP(8,$inp));
-	&jb	(&label("loop_mmx"));
-
-    if ($alt) {
-	&movd	($out,"mm7");
-	&pxor	("mm2","mm0");
-	&psllq	("mm1",8);
-	&pxor	("mm1","mm2");
-	&movq	(&QWP(-8,$out,$inp),"mm1");
-    } else {
-	&psllq	("mm1",56);
-	&pxor	("mm2","mm1");
-	&movq	(&QWP(-8,$out,$inp),"mm2");
-    }
-	&emms	();
-
-	&cmp	($inp,&wparam(1));	# compare to input+len
-	&je	(&label("done"));
-	&jmp	(&label("loop1"));
-
-&set_label("go4loop4",16);
-	&lea	($ty,&DWP(-4,$inp,$ty));
-	&mov	(&wparam(2),$ty);	# save input+(len/4)*4-4
-
-	&set_label("loop4");
-		for ($i=0;$i<4;$i++) { RC4_loop($i); }
-		&ror	($out,8);
-		&xor	($out,&DWP(0,$inp));
-		&cmp	($inp,&wparam(2));	# compare to input+(len/4)*4-4
-		&mov	(&DWP(0,$tx,$inp),$out);# $tx holds re-biased out here
-		&lea	($inp,&DWP(4,$inp));
-		&mov	($tx,&DWP(0,$dat,$xx,4));
-	&jb	(&label("loop4"));
-
-	&cmp	($inp,&wparam(1));	# compare to input+len
-	&je	(&label("done"));
-	&mov	($out,&wparam(3));	# restore $out
-
-	&set_label("loop1",16);
-		&add	(&LB($yy),&LB($tx));
-		&mov	($ty,&DWP(0,$dat,$yy,4));
-		&mov	(&DWP(0,$dat,$yy,4),$tx);
-		&mov	(&DWP(0,$dat,$xx,4),$ty);
-		&add	($ty,$tx);
-		&inc	(&LB($xx));
-		&and	($ty,0xff);
-		&mov	($ty,&DWP(0,$dat,$ty,4));
-		&xor	(&LB($ty),&BP(0,$inp));
-		&lea	($inp,&DWP(1,$inp));
-		&mov	($tx,&DWP(0,$dat,$xx,4));
-		&cmp	($inp,&wparam(1));	# compare to input+len
-		&mov	(&BP(-1,$out,$inp),&LB($ty));
-	&jb	(&label("loop1"));
-
-	&jmp	(&label("done"));
-
-# this is essentially Intel P4 specific codepath...
-&set_label("RC4_CHAR",16);
-	&movz	($tx,&BP(0,$dat,$xx));
-	# strangely enough unrolled loop performs over 20% slower...
-	&set_label("cloop1");
-		&add	(&LB($yy),&LB($tx));
-		&movz	($ty,&BP(0,$dat,$yy));
-		&mov	(&BP(0,$dat,$yy),&LB($tx));
-		&mov	(&BP(0,$dat,$xx),&LB($ty));
-		&add	(&LB($ty),&LB($tx));
-		&movz	($ty,&BP(0,$dat,$ty));
-		&add	(&LB($xx),1);
-		&xor	(&LB($ty),&BP(0,$inp));
-		&lea	($inp,&DWP(1,$inp));
-		&movz	($tx,&BP(0,$dat,$xx));
-		&cmp	($inp,&wparam(1));
-		&mov	(&BP(-1,$out,$inp),&LB($ty));
-	&jb	(&label("cloop1"));
-
-&set_label("done");
-	&dec	(&LB($xx));
-	&mov	(&DWP(-4,$dat),$yy);		# save key->y
-	&mov	(&BP(-8,$dat),&LB($xx));	# save key->x
-&set_label("abort");
-&function_end("RC4");
-
-########################################################################
-
-$inp="esi";
-$out="edi";
-$idi="ebp";
-$ido="ecx";
-$idx="edx";
-
-# void RC4_set_key(RC4_KEY *key,int len,const unsigned char *data);
-&function_begin("private_RC4_set_key");
-	&mov	($out,&wparam(0));		# load key
-	&mov	($idi,&wparam(1));		# load len
-	&mov	($inp,&wparam(2));		# load data
-	&picmeup($idx,"OPENSSL_ia32cap_P");
-
-	&lea	($out,&DWP(2*4,$out));		# &key->data
-	&lea	($inp,&DWP(0,$inp,$idi));	# $inp to point at the end
-	&neg	($idi);
-	&xor	("eax","eax");
-	&mov	(&DWP(-4,$out),$idi);		# borrow key->y
-
-	&bt	(&DWP(0,$idx),20);		# check for bit#20
-	&jc	(&label("c1stloop"));
-
-&set_label("w1stloop",16);
-	&mov	(&DWP(0,$out,"eax",4),"eax");	# key->data[i]=i;
-	&add	(&LB("eax"),1);			# i++;
-	&jnc	(&label("w1stloop"));
-
-	&xor	($ido,$ido);
-	&xor	($idx,$idx);
-
-&set_label("w2ndloop",16);
-	&mov	("eax",&DWP(0,$out,$ido,4));
-	&add	(&LB($idx),&BP(0,$inp,$idi));
-	&add	(&LB($idx),&LB("eax"));
-	&add	($idi,1);
-	&mov	("ebx",&DWP(0,$out,$idx,4));
-	&jnz	(&label("wnowrap"));
-	  &mov	($idi,&DWP(-4,$out));
-	&set_label("wnowrap");
-	&mov	(&DWP(0,$out,$idx,4),"eax");
-	&mov	(&DWP(0,$out,$ido,4),"ebx");
-	&add	(&LB($ido),1);
-	&jnc	(&label("w2ndloop"));
-&jmp	(&label("exit"));
-
-# Unlike all other x86 [and x86_64] implementations, Intel P4 core
-# [including EM64T] was found to perform poorly with above "32-bit" key
-# schedule, a.k.a. RC4_INT. Performance improvement for IA-32 hand-coded
-# assembler turned out to be 3.5x if re-coded for compressed 8-bit one,
-# a.k.a. RC4_CHAR! It's however inappropriate to just switch to 8-bit
-# schedule for x86[_64], because non-P4 implementations suffer from
-# significant performance losses then, e.g. PIII exhibits >2x
-# deterioration, and so does Opteron. In order to assure optimal
-# all-round performance, we detect P4 at run-time and set up compressed
-# key schedule, which is recognized by RC4 procedure.
-
-&set_label("c1stloop",16);
-	&mov	(&BP(0,$out,"eax"),&LB("eax"));	# key->data[i]=i;
-	&add	(&LB("eax"),1);			# i++;
-	&jnc	(&label("c1stloop"));
-
-	&xor	($ido,$ido);
-	&xor	($idx,$idx);
-	&xor	("ebx","ebx");
-
-&set_label("c2ndloop",16);
-	&mov	(&LB("eax"),&BP(0,$out,$ido));
-	&add	(&LB($idx),&BP(0,$inp,$idi));
-	&add	(&LB($idx),&LB("eax"));
-	&add	($idi,1);
-	&mov	(&LB("ebx"),&BP(0,$out,$idx));
-	&jnz	(&label("cnowrap"));
-	  &mov	($idi,&DWP(-4,$out));
-	&set_label("cnowrap");
-	&mov	(&BP(0,$out,$idx),&LB("eax"));
-	&mov	(&BP(0,$out,$ido),&LB("ebx"));
-	&add	(&LB($ido),1);
-	&jnc	(&label("c2ndloop"));
-
-	&mov	(&DWP(256,$out),-1);		# mark schedule as compressed
-
-&set_label("exit");
-	&xor	("eax","eax");
-	&mov	(&DWP(-8,$out),"eax");		# key->x=0;
-	&mov	(&DWP(-4,$out),"eax");		# key->y=0;
-&function_end("private_RC4_set_key");
-
-# const char *RC4_options(void);
-&function_begin_B("RC4_options");
-	&call	(&label("pic_point"));
-&set_label("pic_point");
-	&blindpop("eax");
-	&lea	("eax",&DWP(&label("opts")."-".&label("pic_point"),"eax"));
-	&picmeup("edx","OPENSSL_ia32cap_P");
-	&mov	("edx",&DWP(0,"edx"));
-	&bt	("edx",20);
-	&jc	(&label("1xchar"));
-	&bt	("edx",26);
-	&jnc	(&label("ret"));
-	&add	("eax",25);
-	&ret	();
-&set_label("1xchar");
-	&add	("eax",12);
-&set_label("ret");
-	&ret	();
-&set_label("opts",64);
-&asciz	("rc4(4x,int)");
-&asciz	("rc4(1x,char)");
-&asciz	("rc4(8x,mmx)");
-&asciz	("RC4 for x86, CRYPTOGAMS by <appro\@openssl.org>");
-&align	(64);
-&function_end_B("RC4_options");
-
-&asm_finish();
-
diff --git a/crypto/rc4/asm/rc4-ia64.pl b/crypto/rc4/asm/rc4-ia64.pl
deleted file mode 100644
index 49cd5b5e69..0000000000
--- a/crypto/rc4/asm/rc4-ia64.pl
+++ /dev/null
@@ -1,755 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by David Mosberger <David.Mosberger@acm.org> based on the
-# Itanium optimized Crypto code which was released by HP Labs at
-# http://www.hpl.hp.com/research/linux/crypto/.
-#
-# Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
-
-
-
-# This is a little helper program which generates a software-pipelined
-# for RC4 encryption.  The basic algorithm looks like this:
-#
-#   for (counter = 0; counter < len; ++counter)
-#     {
-#       in = inp[counter];
-#       SI = S[I];
-#       J = (SI + J) & 0xff;
-#       SJ = S[J];
-#       T = (SI + SJ) & 0xff;
-#       S[I] = SJ, S[J] = SI;
-#       ST = S[T];
-#       outp[counter] = in ^ ST;
-#       I = (I + 1) & 0xff;
-#     }
-#
-# Pipelining this loop isn't easy, because the stores to the S[] array
-# need to be observed in the right order.  The loop generated by the
-# code below has the following pipeline diagram:
-#
-#      cycle
-#     | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |10 |11 |12 |13 |14 |15 |16 |17 |
-# iter
-#   1: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
-#   2:             xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
-#   3:                         xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
-#
-#   where:
-# 	LDI = load of S[I]
-# 	LDJ = load of S[J]
-# 	SWP = swap of S[I] and S[J]
-# 	LDT = load of S[T]
-#
-# Note that in the above diagram, the major trouble-spot is that LDI
-# of the 2nd iteration is performed BEFORE the SWP of the first
-# iteration.  Fortunately, this is easy to detect (I of the 1st
-# iteration will be equal to J of the 2nd iteration) and when this
-# happens, we simply forward the proper value from the 1st iteration
-# to the 2nd one.  The proper value in this case is simply the value
-# of S[I] from the first iteration (thanks to the fact that SWP
-# simply swaps the contents of S[I] and S[J]).
-#
-# Another potential trouble-spot is in cycle 7, where SWP of the 1st
-# iteration issues at the same time as the LDI of the 3rd iteration.
-# However, thanks to IA-64 execution semantics, this can be taken
-# care of simply by placing LDI later in the instruction-group than
-# SWP.  IA-64 CPUs will automatically forward the value if they
-# detect that the SWP and LDI are accessing the same memory-location.
-
-# The core-loop that can be pipelined then looks like this (annotated
-# with McKinley/Madison issue port & latency numbers, assuming L1
-# cache hits for the most part):
-
-# operation:	    instruction:		    issue-ports:  latency
-# ------------------  -----------------------------   ------------- -------
-
-# Data = *inp++       ld1 data = [inp], 1             M0-M1         1 cyc     c0
-#                     shladd Iptr = I, KeyTable, 3    M0-M3, I0, I1 1 cyc
-# I = (I + 1) & 0xff  padd1 nextI = I, one            M0-M3, I0, I1 3 cyc
-#                     ;;
-# SI = S[I]           ld8 SI = [Iptr]                 M0-M1         1 cyc     c1 * after SWAP!
-#                     ;;
-#                     cmp.eq.unc pBypass = I, J                                  * after J is valid!
-# J = SI + J          add J = J, SI                   M0-M3, I0, I1 1 cyc     c2
-#                     (pBypass) br.cond.spnt Bypass
-#                     ;;
-# ---------------------------------------------------------------------------------------
-# J = J & 0xff        zxt1 J = J                      I0, I1, 1 cyc           c3
-#                     ;;
-#                     shladd Jptr = J, KeyTable, 3    M0-M3, I0, I1 1 cyc     c4
-#                     ;;
-# SJ = S[J]           ld8 SJ = [Jptr]                 M0-M1         1 cyc     c5
-#                     ;;
-# ---------------------------------------------------------------------------------------
-# T = (SI + SJ)       add T = SI, SJ                  M0-M3, I0, I1 1 cyc     c6
-#                     ;;
-# T = T & 0xff        zxt1 T = T                      I0, I1        1 cyc
-# S[I] = SJ           st8 [Iptr] = SJ                 M2-M3                   c7
-# S[J] = SI           st8 [Jptr] = SI                 M2-M3
-#                     ;;
-#                     shladd Tptr = T, KeyTable, 3    M0-M3, I0, I1 1 cyc     c8
-#                     ;;
-# ---------------------------------------------------------------------------------------
-# T = S[T]            ld8 T = [Tptr]                  M0-M1         1 cyc     c9
-#                     ;;
-# data ^= T           xor data = data, T              M0-M3, I0, I1 1 cyc     c10
-#                     ;;
-# *out++ = Data ^ T   dep word = word, data, 8, POS   I0, I1        1 cyc     c11
-#                     ;;
-# ---------------------------------------------------------------------------------------
-
-# There are several points worth making here:
-
-#   - Note that due to the bypass/forwarding-path, the first two
-#     phases of the loop are strangly mingled together.  In
-#     particular, note that the first stage of the pipeline is
-#     using the value of "J", as calculated by the second stage.
-#   - Each bundle-pair will have exactly 6 instructions.
-#   - Pipelined, the loop can execute in 3 cycles/iteration and
-#     4 stages.  However, McKinley/Madison can issue "st1" to
-#     the same bank at a rate of at most one per 4 cycles.  Thus,
-#     instead of storing each byte, we accumulate them in a word
-#     and then write them back at once with a single "st8" (this
-#     implies that the setup code needs to ensure that the output
-#     buffer is properly aligned, if need be, by encoding the
-#     first few bytes separately).
-#   - There is no space for a "br.ctop" instruction.  For this
-#     reason we can't use module-loop support in IA-64 and have
-#     to do a traditional, purely software-pipelined loop.
-#   - We can't replace any of the remaining "add/zxt1" pairs with
-#     "padd1" because the latency for that instruction is too high
-#     and would push the loop to the point where more bypasses
-#     would be needed, which we don't have space for.
-#   - The above loop runs at around 3.26 cycles/byte, or roughly
-#     440 MByte/sec on a 1.5GHz Madison.  This is well below the
-#     system bus bandwidth and hence with judicious use of
-#     "lfetch" this loop can run at (almost) peak speed even when
-#     the input and output data reside in memory.  The
-#     max. latency that can be tolerated is (PREFETCH_DISTANCE *
-#     L2_LINE_SIZE * 3 cyc), or about 384 cycles assuming (at
-#     least) 1-ahead prefetching of 128 byte cache-lines.  Note
-#     that we do NOT prefetch into L1, since that would only
-#     interfere with the S[] table values stored there.  This is
-#     acceptable because there is a 10 cycle latency between
-#     load and first use of the input data.
-#   - We use a branch to out-of-line bypass-code of cycle-pressure:
-#     we calculate the next J, check for the need to activate the
-#     bypass path, and activate the bypass path ALL IN THE SAME
-#     CYCLE.  If we didn't have these constraints, we could do
-#     the bypass with a simple conditional move instruction.
-#     Fortunately, the bypass paths get activated relatively
-#     infrequently, so the extra branches don't cost all that much
-#     (about 0.04 cycles/byte, measured on a 16396 byte file with
-#     random input data).
-#
-
-$phases = 4;		# number of stages/phases in the pipelined-loop
-$unroll_count = 6;	# number of times we unrolled it
-$pComI = (1 << 0);
-$pComJ = (1 << 1);
-$pComT = (1 << 2);
-$pOut  = (1 << 3);
-
-$NData = 4;
-$NIP = 3;
-$NJP = 2;
-$NI = 2;
-$NSI = 3;
-$NSJ = 2;
-$NT = 2;
-$NOutWord = 2;
-
-#
-# $threshold is the minimum length before we attempt to use the
-# big software-pipelined loop.  It MUST be greater-or-equal
-# to:
-#  		PHASES * (UNROLL_COUNT + 1) + 7
-#
-# The "+ 7" comes from the fact we may have to encode up to
-#   7 bytes separately before the output pointer is aligned.
-#
-$threshold = (3 * ($phases * ($unroll_count + 1)) + 7);
-
-sub I {
-    local *code = shift;
-    local $format = shift;
-    $code .= sprintf ("\t\t".$format."\n", @_);
-}
-
-sub P {
-    local *code = shift;
-    local $format = shift;
-    $code .= sprintf ($format."\n", @_);
-}
-
-sub STOP {
-    local *code = shift;
-    $code .=<<___;
-		;;
-___
-}
-
-sub emit_body {
-    local *c = shift;
-    local *bypass = shift;
-    local ($iteration, $p) = @_;
-
-    local $i0 = $iteration;
-    local $i1 = $iteration - 1;
-    local $i2 = $iteration - 2;
-    local $i3 = $iteration - 3;
-    local $iw0 = ($iteration - 3) / 8;
-    local $iw1 = ($iteration > 3) ? ($iteration - 4) / 8 : 1;
-    local $byte_num = ($iteration - 3) % 8;
-    local $label = $iteration + 1;
-    local $pAny = ($p & 0xf) == 0xf;
-    local $pByp = (($p & $pComI) && ($iteration > 0));
-
-    $c.=<<___;
-//////////////////////////////////////////////////
-___
-
-    if (($p & 0xf) == 0) {
-	$c.="#ifdef HOST_IS_BIG_ENDIAN\n";
-	&I(\$c,"shr.u	OutWord[%u] = OutWord[%u], 32;;",
-				$iw1 % $NOutWord, $iw1 % $NOutWord);
-	$c.="#endif\n";
-	&I(\$c, "st4 [OutPtr] = OutWord[%u], 4", $iw1 % $NOutWord);
-	return;
-    }
-
-    # Cycle 0
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "ld1    Data[%u] = [InPtr], 1", $i0 % $NData)     if ($p & $pComI);
-    &I(\$c, "padd1  I[%u] = One, I[%u]", $i0 % $NI, $i1 % $NI)if ($p & $pComI);
-    &I(\$c, "zxt1   J = J")				      if ($p & $pComJ);
-    &I(\$c, "}")					      if ($pAny);
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "LKEY   T[%u] = [T[%u]]", $i1 % $NT, $i1 % $NT)   if ($p & $pOut);
-    &I(\$c, "add    T[%u] = SI[%u], SJ[%u]",
-       $i0 % $NT, $i2 % $NSI, $i1 % $NSJ)		      if ($p & $pComT);
-    &I(\$c, "KEYADDR(IPr[%u], I[%u])", $i0 % $NIP, $i1 % $NI) if ($p & $pComI);
-    &I(\$c, "}")					      if ($pAny);
-    &STOP(\$c);
-
-    # Cycle 1
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "SKEY   [IPr[%u]] = SJ[%u]", $i2 % $NIP, $i1%$NSJ)if ($p & $pComT);
-    &I(\$c, "SKEY   [JP[%u]] = SI[%u]", $i1 % $NJP, $i2%$NSI) if ($p & $pComT);
-    &I(\$c, "zxt1   T[%u] = T[%u]", $i0 % $NT, $i0 % $NT)     if ($p & $pComT);
-    &I(\$c, "}")					      if ($pAny);
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "LKEY   SI[%u] = [IPr[%u]]", $i0 % $NSI, $i0%$NIP)if ($p & $pComI);
-    &I(\$c, "KEYADDR(JP[%u], J)", $i0 % $NJP)		      if ($p & $pComJ);
-    &I(\$c, "xor    Data[%u] = Data[%u], T[%u]",
-       $i3 % $NData, $i3 % $NData, $i1 % $NT)		      if ($p & $pOut);
-    &I(\$c, "}")					      if ($pAny);
-    &STOP(\$c);
-
-    # Cycle 2
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "LKEY   SJ[%u] = [JP[%u]]", $i0 % $NSJ, $i0%$NJP) if ($p & $pComJ);
-    &I(\$c, "cmp.eq pBypass, p0 = I[%u], J", $i1 % $NI)	      if ($pByp);
-    &I(\$c, "dep OutWord[%u] = Data[%u], OutWord[%u], BYTE_POS(%u), 8",
-       $iw0%$NOutWord, $i3%$NData, $iw1%$NOutWord, $byte_num) if ($p & $pOut);
-    &I(\$c, "}")					      if ($pAny);
-    &I(\$c, "{ .mmb")					      if ($pAny);
-    &I(\$c, "add    J = J, SI[%u]", $i0 % $NSI)		      if ($p & $pComI);
-    &I(\$c, "KEYADDR(T[%u], T[%u])", $i0 % $NT, $i0 % $NT)    if ($p & $pComT);
-    &P(\$c, "(pBypass)\tbr.cond.spnt.many .rc4Bypass%u",$label)if ($pByp);
-    &I(\$c, "}") if ($pAny);
-    &STOP(\$c);
-
-    &P(\$c, ".rc4Resume%u:", $label)			      if ($pByp);
-    if ($byte_num == 0 && $iteration >= $phases) {
-	&I(\$c, "st8 [OutPtr] = OutWord[%u], 8",
-	   $iw1 % $NOutWord)				      if ($p & $pOut);
-	if ($iteration == (1 + $unroll_count) * $phases - 1) {
-	    if ($unroll_count == 6) {
-		&I(\$c, "mov OutWord[%u] = OutWord[%u]",
-		   $iw1 % $NOutWord, $iw0 % $NOutWord);
-	    }
-	    &I(\$c, "lfetch.nt1 [InPrefetch], %u",
-	       $unroll_count * $phases);
-	    &I(\$c, "lfetch.excl.nt1 [OutPrefetch], %u",
-	       $unroll_count * $phases);
-	    &I(\$c, "br.cloop.sptk.few .rc4Loop");
-	}
-    }
-
-    if ($pByp) {
-	&P(\$bypass, ".rc4Bypass%u:", $label);
-	&I(\$bypass, "sub J = J, SI[%u]", $i0 % $NSI);
-	&I(\$bypass, "nop 0");
-	&I(\$bypass, "nop 0");
-	&I(\$bypass, ";;");
-	&I(\$bypass, "add J = J, SI[%u]", $i1 % $NSI);
-	&I(\$bypass, "mov SI[%u] = SI[%u]", $i0 % $NSI, $i1 % $NSI);
-	&I(\$bypass, "br.sptk.many .rc4Resume%u\n", $label);
-	&I(\$bypass, ";;");
-    }
-}
-
-$code=<<___;
-.ident \"rc4-ia64.s, version 3.0\"
-.ident \"Copyright (c) 2005 Hewlett-Packard Development Company, L.P.\"
-
-#define LCSave		r8
-#define PRSave		r9
-
-/* Inputs become invalid once rotation begins!  */
-
-#define StateTable	in0
-#define DataLen		in1
-#define InputBuffer	in2
-#define OutputBuffer	in3
-
-#define KTable		r14
-#define J		r15
-#define InPtr		r16
-#define OutPtr		r17
-#define InPrefetch	r18
-#define OutPrefetch	r19
-#define One		r20
-#define LoopCount	r21
-#define Remainder	r22
-#define IFinal		r23
-#define EndPtr		r24
-
-#define tmp0		r25
-#define tmp1		r26
-
-#define pBypass		p6
-#define pDone		p7
-#define pSmall		p8
-#define pAligned	p9
-#define pUnaligned	p10
-
-#define pComputeI	pPhase[0]
-#define pComputeJ	pPhase[1]
-#define pComputeT	pPhase[2]
-#define pOutput		pPhase[3]
-
-#define RetVal		r8
-#define L_OK		p7
-#define L_NOK		p8
-
-#define	_NINPUTS	4
-#define	_NOUTPUT	0
-
-#define	_NROTATE	24
-#define	_NLOCALS	(_NROTATE - _NINPUTS - _NOUTPUT)
-
-#ifndef SZ
-# define SZ	4	// this must be set to sizeof(RC4_INT)
-#endif
-
-#if SZ == 1
-# define LKEY			ld1
-# define SKEY			st1
-# define KEYADDR(dst, i)	add dst = i, KTable
-#elif SZ == 2
-# define LKEY			ld2
-# define SKEY			st2
-# define KEYADDR(dst, i)	shladd dst = i, 1, KTable
-#elif SZ == 4
-# define LKEY			ld4
-# define SKEY			st4
-# define KEYADDR(dst, i)	shladd dst = i, 2, KTable
-#else
-# define LKEY			ld8
-# define SKEY			st8
-# define KEYADDR(dst, i)	shladd dst = i, 3, KTable
-#endif
-
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-# define ADDP	addp4
-#else
-# define ADDP	add
-#endif
-
-/* Define a macro for the bit number of the n-th byte: */
-
-#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
-# define HOST_IS_BIG_ENDIAN
-# define BYTE_POS(n)	(56 - (8 * (n)))
-#else
-# define BYTE_POS(n)	(8 * (n))
-#endif
-
-/*
-   We must perform the first phase of the pipeline explicitly since
-   we will always load from the stable the first time. The br.cexit
-   will never be taken since regardless of the number of bytes because
-   the epilogue count is 4.
-*/
-/* MODSCHED_RC4 macro was split to _PROLOGUE and _LOOP, because HP-UX
-   assembler failed on original macro with syntax error. <appro> */
-#define MODSCHED_RC4_PROLOGUE						   \\
-	{								   \\
-				ld1		Data[0] = [InPtr], 1;	   \\
-				add		IFinal = 1, I[1];	   \\
-				KEYADDR(IPr[0], I[1]);			   \\
-	} ;;								   \\
-	{								   \\
-				LKEY		SI[0] = [IPr[0]];	   \\
-				mov		pr.rot = 0x10000;	   \\
-				mov		ar.ec = 4;		   \\
-	} ;;								   \\
-	{								   \\
-				add		J = J, SI[0];		   \\
-				zxt1		I[0] = IFinal;		   \\
-				br.cexit.spnt.few .+16; /* never taken */  \\
-	} ;;
-#define MODSCHED_RC4_LOOP(label)					   \\
-label:									   \\
-	{	.mmi;							   \\
-		(pComputeI)	ld1		Data[0] = [InPtr], 1;	   \\
-		(pComputeI)	add		IFinal = 1, I[1];	   \\
-		(pComputeJ)	zxt1		J = J;			   \\
-	}{	.mmi;							   \\
-		(pOutput)	LKEY		T[1] = [T[1]];		   \\
-		(pComputeT)	add		T[0] = SI[2], SJ[1];	   \\
-		(pComputeI)	KEYADDR(IPr[0], I[1]);			   \\
-	} ;;								   \\
-	{	.mmi;							   \\
-		(pComputeT)	SKEY		[IPr[2]] = SJ[1];	   \\
-		(pComputeT)	SKEY		[JP[1]] = SI[2];	   \\
-		(pComputeT)	zxt1		T[0] = T[0];		   \\
-	}{	.mmi;							   \\
-		(pComputeI)	LKEY		SI[0] = [IPr[0]];	   \\
-		(pComputeJ)	KEYADDR(JP[0], J);			   \\
-		(pComputeI)	cmp.eq.unc	pBypass, p0 = I[1], J;	   \\
-	} ;;								   \\
-	{	.mmi;							   \\
-		(pComputeJ)	LKEY		SJ[0] = [JP[0]];	   \\
-		(pOutput)	xor		Data[3] = Data[3], T[1];   \\
-				nop		0x0;			   \\
-	}{	.mmi;							   \\
-		(pComputeT)	KEYADDR(T[0], T[0]);			   \\
-		(pBypass)	mov		SI[0] = SI[1];		   \\
-		(pComputeI)	zxt1		I[0] = IFinal;		   \\
-	} ;;								   \\
-	{	.mmb;							   \\
-		(pOutput)	st1		[OutPtr] = Data[3], 1;	   \\
-		(pComputeI)	add		J = J, SI[0];		   \\
-				br.ctop.sptk.few label;			   \\
-	} ;;
-
-	.text
-
-	.align	32
-
-	.type	RC4, \@function
-	.global	RC4
-
-	.proc	RC4
-	.prologue
-
-RC4:
-	{
-	  	.mmi
-		alloc	r2 = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
-
-		.rotr Data[4], I[2], IPr[3], SI[3], JP[2], SJ[2], T[2], \\
-		      OutWord[2]
-		.rotp pPhase[4]
-
-		ADDP		InPrefetch = 0, InputBuffer
-		ADDP		KTable = 0, StateTable
-	}
-	{
-		.mmi
-		ADDP		InPtr = 0, InputBuffer
-		ADDP		OutPtr = 0, OutputBuffer
-		mov		RetVal = r0
-	}
-	;;
-	{
-		.mmi
-		lfetch.nt1	[InPrefetch], 0x80
-		ADDP		OutPrefetch = 0, OutputBuffer
-	}
-	{               // Return 0 if the input length is nonsensical
-        	.mib
-		ADDP		StateTable = 0, StateTable
-        	cmp.ge.unc  	L_NOK, L_OK = r0, DataLen
-	(L_NOK) br.ret.sptk.few rp
-	}
-	;;
-	{
-        	.mib
-        	cmp.eq.or  	L_NOK, L_OK = r0, InPtr
-        	cmp.eq.or  	L_NOK, L_OK = r0, OutPtr
-		nop		0x0
-	}
-	{
-		.mib
-        	cmp.eq.or  	L_NOK, L_OK = r0, StateTable
-		nop		0x0
-	(L_NOK) br.ret.sptk.few rp
-	}
-	;;
-		LKEY		I[1] = [KTable], SZ
-/* Prefetch the state-table. It contains 256 elements of size SZ */
-
-#if SZ == 1
-		ADDP		tmp0 = 1*128, StateTable
-#elif SZ == 2
-		ADDP		tmp0 = 3*128, StateTable
-		ADDP		tmp1 = 2*128, StateTable
-#elif SZ == 4
-		ADDP		tmp0 = 7*128, StateTable
-		ADDP		tmp1 = 6*128, StateTable
-#elif SZ == 8
-		ADDP		tmp0 = 15*128, StateTable
-		ADDP		tmp1 = 14*128, StateTable
-#endif
-		;;
-#if SZ >= 8
-		lfetch.fault.nt1		[tmp0], -256	// 15
-		lfetch.fault.nt1		[tmp1], -256;;
-		lfetch.fault.nt1		[tmp0], -256	// 13
-		lfetch.fault.nt1		[tmp1], -256;;
-		lfetch.fault.nt1		[tmp0], -256	// 11
-		lfetch.fault.nt1		[tmp1], -256;;
-		lfetch.fault.nt1		[tmp0], -256	//  9
-		lfetch.fault.nt1		[tmp1], -256;;
-#endif
-#if SZ >= 4
-		lfetch.fault.nt1		[tmp0], -256	//  7
-		lfetch.fault.nt1		[tmp1], -256;;
-		lfetch.fault.nt1		[tmp0], -256	//  5
-		lfetch.fault.nt1		[tmp1], -256;;
-#endif
-#if SZ >= 2
-		lfetch.fault.nt1		[tmp0], -256	//  3
-		lfetch.fault.nt1		[tmp1], -256;;
-#endif
-	{
-		.mii
-		lfetch.fault.nt1		[tmp0]		//  1
-		add		I[1]=1,I[1];;
-		zxt1		I[1]=I[1]
-	}
-	{
-		.mmi
-		lfetch.nt1	[InPrefetch], 0x80
-		lfetch.excl.nt1	[OutPrefetch], 0x80
-		.save		pr, PRSave
-		mov		PRSave = pr
-	} ;;
-	{
-		.mmi
-		lfetch.excl.nt1	[OutPrefetch], 0x80
-		LKEY		J = [KTable], SZ
-		ADDP		EndPtr = DataLen, InPtr
-	}  ;;
-	{
-		.mmi
-		ADDP		EndPtr = -1, EndPtr	// Make it point to
-							// last data byte.
-		mov		One = 1
-		.save		ar.lc, LCSave
-		mov		LCSave = ar.lc
-		.body
-	} ;;
-	{
-		.mmb
-		sub		Remainder = 0, OutPtr
-		cmp.gtu		pSmall, p0 = $threshold, DataLen
-(pSmall)	br.cond.dpnt	.rc4Remainder		// Data too small for
-							// big loop.
-	} ;;
-	{
-		.mmi
-		and		Remainder = 0x7, Remainder
-		;;
-		cmp.eq		pAligned, pUnaligned = Remainder, r0
-		nop		0x0
-	} ;;
-	{
-		.mmb
-.pred.rel	"mutex",pUnaligned,pAligned
-(pUnaligned)	add		Remainder = -1, Remainder
-(pAligned)	sub		Remainder = EndPtr, InPtr
-(pAligned)	br.cond.dptk.many .rc4Aligned
-	} ;;
-	{
-		.mmi
-		nop		0x0
-		nop		0x0
-		mov.i		ar.lc = Remainder
-	}
-
-/* Do the initial few bytes via the compact, modulo-scheduled loop
-   until the output pointer is 8-byte-aligned.  */
-
-		MODSCHED_RC4_PROLOGUE
-		MODSCHED_RC4_LOOP(.RC4AlignLoop)
-
-	{
-		.mib
-		sub		Remainder = EndPtr, InPtr
-		zxt1		IFinal = IFinal
-		clrrrb				// Clear CFM.rrb.pr so
-		;;				// next "mov pr.rot = N"
-						// does the right thing.
-	}
-	{
-		.mmi
-		mov		I[1] = IFinal
-		nop		0x0
-		nop		0x0
-	} ;;
-
-
-.rc4Aligned:
-
-/*
-   Unrolled loop count = (Remainder - ($unroll_count+1)*$phases)/($unroll_count*$phases)
- */
-
-	{
-		.mlx
-		add	LoopCount = 1 - ($unroll_count + 1)*$phases, Remainder
-		movl		Remainder = 0xaaaaaaaaaaaaaaab
-	} ;;
-	{
-		.mmi
-		setf.sig	f6 = LoopCount		// M2, M3	6 cyc
-		setf.sig	f7 = Remainder		// M2, M3	6 cyc
-		nop		0x0
-	} ;;
-	{
-		.mfb
-		nop		0x0
-		xmpy.hu		f6 = f6, f7
-		nop		0x0
-	} ;;
-	{
-		.mmi
-		getf.sig	LoopCount = f6;;	// M2		5 cyc
-		nop		0x0
-		shr.u		LoopCount = LoopCount, 4
-	} ;;
-	{
-		.mmi
-		nop		0x0
-		nop		0x0
-		mov.i		ar.lc = LoopCount
-	} ;;
-
-/* Now comes the unrolled loop: */
-
-.rc4Prologue:
-___
-
-$iteration = 0;
-
-# Generate the prologue:
-$predicates = 1;
-for ($i = 0; $i < $phases; ++$i) {
-    &emit_body (\$code, \$bypass, $iteration++, $predicates);
-    $predicates = ($predicates << 1) | 1;
-}
-
-$code.=<<___;
-.rc4Loop:
-___
-
-# Generate the body:
-for ($i = 0; $i < $unroll_count*$phases; ++$i) {
-    &emit_body (\$code, \$bypass, $iteration++, $predicates);
-}
-
-$code.=<<___;
-.rc4Epilogue:
-___
-
-# Generate the epilogue:
-for ($i = 0; $i < $phases; ++$i) {
-    $predicates <<= 1;
-    &emit_body (\$code, \$bypass, $iteration++, $predicates);
-}
-
-$code.=<<___;
-	{
-		.mmi
-		lfetch.nt1	[EndPtr]	// fetch line with last byte
-		mov		IFinal = I[1]
-		nop		0x0
-	}
-
-.rc4Remainder:
-	{
-		.mmi
-		sub		Remainder = EndPtr, InPtr	// Calculate
-								// # of bytes
-								// left - 1
-		nop		0x0
-		nop		0x0
-	} ;;
-	{
-		.mib
-		cmp.eq		pDone, p0 = -1, Remainder // done already?
-		mov.i		ar.lc = Remainder
-(pDone)		br.cond.dptk.few .rc4Complete
-	}
-
-/* Do the remaining bytes via the compact, modulo-scheduled loop */
-
-		MODSCHED_RC4_PROLOGUE
-		MODSCHED_RC4_LOOP(.RC4RestLoop)
-
-.rc4Complete:
-	{
-		.mmi
-		add		KTable = -SZ, KTable
-		add		IFinal = -1, IFinal
-		mov		ar.lc = LCSave
-	} ;;
-	{
-		.mii
-		SKEY		[KTable] = J,-SZ
-		zxt1		IFinal = IFinal
-		mov		pr = PRSave, 0x1FFFF
-	} ;;
-	{
-		.mib
-		SKEY		[KTable] = IFinal
-		add		RetVal = 1, r0
-		br.ret.sptk.few	rp
-	} ;;
-___
-
-# Last but not least, emit the code for the bypass-code of the unrolled loop:
-
-$code.=$bypass;
-
-$code.=<<___;
-	.endp RC4
-___
-
-print $code;
diff --git a/crypto/rc4/asm/rc4-md5-x86_64.S b/crypto/rc4/asm/rc4-md5-x86_64.S
deleted file mode 100644
index aab3c6db13..0000000000
--- a/crypto/rc4/asm/rc4-md5-x86_64.S
+++ /dev/null
@@ -1,1259 +0,0 @@
-.text	
-.align	16
-
-.globl	rc4_md5_enc
-.type	rc4_md5_enc,@function
-rc4_md5_enc:
-	cmpq	$0,%r9
-	je	.Labort
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	subq	$40,%rsp
-.Lbody:
-	movq	%rcx,%r11
-	movq	%r9,%r12
-	movq	%rsi,%r13
-	movq	%rdx,%r14
-	movq	%r8,%r15
-	xorq	%rbp,%rbp
-	xorq	%rcx,%rcx
-
-	leaq	8(%rdi),%rdi
-	movb	-8(%rdi),%bpl
-	movb	-4(%rdi),%cl
-
-	incb	%bpl
-	subq	%r13,%r14
-	movl	(%rdi,%rbp,4),%eax
-	addb	%al,%cl
-	leaq	(%rdi,%rbp,4),%rsi
-	shlq	$6,%r12
-	addq	%r15,%r12
-	movq	%r12,16(%rsp)
-
-	movq	%r11,24(%rsp)
-	movl	0(%r11),%r8d
-	movl	4(%r11),%r9d
-	movl	8(%r11),%r10d
-	movl	12(%r11),%r11d
-	jmp	.Loop
-
-.align	16
-.Loop:
-	movl	%r8d,0(%rsp)
-	movl	%r9d,4(%rsp)
-	movl	%r10d,8(%rsp)
-	movl	%r11d,%r12d
-	movl	%r11d,12(%rsp)
-	pxor	%xmm0,%xmm0
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r9d,%r12d
-	addl	0(%r15),%r8d
-	addb	%dl,%al
-	movl	4(%rsi),%ebx
-	addl	$3614090360,%r8d
-	xorl	%r11d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,0(%rsi)
-	addl	%r12d,%r8d
-	addb	%bl,%cl
-	roll	$7,%r8d
-	movl	%r10d,%r12d
-	movd	(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	pxor	%xmm1,%xmm1
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r8d,%r12d
-	addl	4(%r15),%r11d
-	addb	%dl,%bl
-	movl	8(%rsi),%eax
-	addl	$3905402710,%r11d
-	xorl	%r10d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,4(%rsi)
-	addl	%r12d,%r11d
-	addb	%al,%cl
-	roll	$12,%r11d
-	movl	%r9d,%r12d
-	movd	(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r11d,%r12d
-	addl	8(%r15),%r10d
-	addb	%dl,%al
-	movl	12(%rsi),%ebx
-	addl	$606105819,%r10d
-	xorl	%r9d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,8(%rsi)
-	addl	%r12d,%r10d
-	addb	%bl,%cl
-	roll	$17,%r10d
-	movl	%r8d,%r12d
-	pinsrw	$1,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r10d,%r12d
-	addl	12(%r15),%r9d
-	addb	%dl,%bl
-	movl	16(%rsi),%eax
-	addl	$3250441966,%r9d
-	xorl	%r8d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,12(%rsi)
-	addl	%r12d,%r9d
-	addb	%al,%cl
-	roll	$22,%r9d
-	movl	%r11d,%r12d
-	pinsrw	$1,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r9d,%r12d
-	addl	16(%r15),%r8d
-	addb	%dl,%al
-	movl	20(%rsi),%ebx
-	addl	$4118548399,%r8d
-	xorl	%r11d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,16(%rsi)
-	addl	%r12d,%r8d
-	addb	%bl,%cl
-	roll	$7,%r8d
-	movl	%r10d,%r12d
-	pinsrw	$2,(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r8d,%r12d
-	addl	20(%r15),%r11d
-	addb	%dl,%bl
-	movl	24(%rsi),%eax
-	addl	$1200080426,%r11d
-	xorl	%r10d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,20(%rsi)
-	addl	%r12d,%r11d
-	addb	%al,%cl
-	roll	$12,%r11d
-	movl	%r9d,%r12d
-	pinsrw	$2,(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r11d,%r12d
-	addl	24(%r15),%r10d
-	addb	%dl,%al
-	movl	28(%rsi),%ebx
-	addl	$2821735955,%r10d
-	xorl	%r9d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,24(%rsi)
-	addl	%r12d,%r10d
-	addb	%bl,%cl
-	roll	$17,%r10d
-	movl	%r8d,%r12d
-	pinsrw	$3,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r10d,%r12d
-	addl	28(%r15),%r9d
-	addb	%dl,%bl
-	movl	32(%rsi),%eax
-	addl	$4249261313,%r9d
-	xorl	%r8d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,28(%rsi)
-	addl	%r12d,%r9d
-	addb	%al,%cl
-	roll	$22,%r9d
-	movl	%r11d,%r12d
-	pinsrw	$3,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r9d,%r12d
-	addl	32(%r15),%r8d
-	addb	%dl,%al
-	movl	36(%rsi),%ebx
-	addl	$1770035416,%r8d
-	xorl	%r11d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,32(%rsi)
-	addl	%r12d,%r8d
-	addb	%bl,%cl
-	roll	$7,%r8d
-	movl	%r10d,%r12d
-	pinsrw	$4,(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r8d,%r12d
-	addl	36(%r15),%r11d
-	addb	%dl,%bl
-	movl	40(%rsi),%eax
-	addl	$2336552879,%r11d
-	xorl	%r10d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,36(%rsi)
-	addl	%r12d,%r11d
-	addb	%al,%cl
-	roll	$12,%r11d
-	movl	%r9d,%r12d
-	pinsrw	$4,(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r11d,%r12d
-	addl	40(%r15),%r10d
-	addb	%dl,%al
-	movl	44(%rsi),%ebx
-	addl	$4294925233,%r10d
-	xorl	%r9d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,40(%rsi)
-	addl	%r12d,%r10d
-	addb	%bl,%cl
-	roll	$17,%r10d
-	movl	%r8d,%r12d
-	pinsrw	$5,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r10d,%r12d
-	addl	44(%r15),%r9d
-	addb	%dl,%bl
-	movl	48(%rsi),%eax
-	addl	$2304563134,%r9d
-	xorl	%r8d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,44(%rsi)
-	addl	%r12d,%r9d
-	addb	%al,%cl
-	roll	$22,%r9d
-	movl	%r11d,%r12d
-	pinsrw	$5,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r9d,%r12d
-	addl	48(%r15),%r8d
-	addb	%dl,%al
-	movl	52(%rsi),%ebx
-	addl	$1804603682,%r8d
-	xorl	%r11d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,48(%rsi)
-	addl	%r12d,%r8d
-	addb	%bl,%cl
-	roll	$7,%r8d
-	movl	%r10d,%r12d
-	pinsrw	$6,(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r8d,%r12d
-	addl	52(%r15),%r11d
-	addb	%dl,%bl
-	movl	56(%rsi),%eax
-	addl	$4254626195,%r11d
-	xorl	%r10d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,52(%rsi)
-	addl	%r12d,%r11d
-	addb	%al,%cl
-	roll	$12,%r11d
-	movl	%r9d,%r12d
-	pinsrw	$6,(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r11d,%r12d
-	addl	56(%r15),%r10d
-	addb	%dl,%al
-	movl	60(%rsi),%ebx
-	addl	$2792965006,%r10d
-	xorl	%r9d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,56(%rsi)
-	addl	%r12d,%r10d
-	addb	%bl,%cl
-	roll	$17,%r10d
-	movl	%r8d,%r12d
-	pinsrw	$7,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movdqu	(%r13),%xmm2
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r10d,%r12d
-	addl	60(%r15),%r9d
-	addb	%dl,%bl
-	movl	64(%rsi),%eax
-	addl	$1236535329,%r9d
-	xorl	%r8d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,60(%rsi)
-	addl	%r12d,%r9d
-	addb	%al,%cl
-	roll	$22,%r9d
-	movl	%r10d,%r12d
-	pinsrw	$7,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	psllq	$8,%xmm1
-	pxor	%xmm0,%xmm2
-	pxor	%xmm1,%xmm2
-	pxor	%xmm0,%xmm0
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r11d,%r12d
-	addl	4(%r15),%r8d
-	addb	%dl,%al
-	movl	68(%rsi),%ebx
-	addl	$4129170786,%r8d
-	xorl	%r10d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,64(%rsi)
-	addl	%r12d,%r8d
-	addb	%bl,%cl
-	roll	$5,%r8d
-	movl	%r9d,%r12d
-	movd	(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	pxor	%xmm1,%xmm1
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r10d,%r12d
-	addl	24(%r15),%r11d
-	addb	%dl,%bl
-	movl	72(%rsi),%eax
-	addl	$3225465664,%r11d
-	xorl	%r9d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,68(%rsi)
-	addl	%r12d,%r11d
-	addb	%al,%cl
-	roll	$9,%r11d
-	movl	%r8d,%r12d
-	movd	(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r9d,%r12d
-	addl	44(%r15),%r10d
-	addb	%dl,%al
-	movl	76(%rsi),%ebx
-	addl	$643717713,%r10d
-	xorl	%r8d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,72(%rsi)
-	addl	%r12d,%r10d
-	addb	%bl,%cl
-	roll	$14,%r10d
-	movl	%r11d,%r12d
-	pinsrw	$1,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r8d,%r12d
-	addl	0(%r15),%r9d
-	addb	%dl,%bl
-	movl	80(%rsi),%eax
-	addl	$3921069994,%r9d
-	xorl	%r11d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,76(%rsi)
-	addl	%r12d,%r9d
-	addb	%al,%cl
-	roll	$20,%r9d
-	movl	%r10d,%r12d
-	pinsrw	$1,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r11d,%r12d
-	addl	20(%r15),%r8d
-	addb	%dl,%al
-	movl	84(%rsi),%ebx
-	addl	$3593408605,%r8d
-	xorl	%r10d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,80(%rsi)
-	addl	%r12d,%r8d
-	addb	%bl,%cl
-	roll	$5,%r8d
-	movl	%r9d,%r12d
-	pinsrw	$2,(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r10d,%r12d
-	addl	40(%r15),%r11d
-	addb	%dl,%bl
-	movl	88(%rsi),%eax
-	addl	$38016083,%r11d
-	xorl	%r9d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,84(%rsi)
-	addl	%r12d,%r11d
-	addb	%al,%cl
-	roll	$9,%r11d
-	movl	%r8d,%r12d
-	pinsrw	$2,(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r9d,%r12d
-	addl	60(%r15),%r10d
-	addb	%dl,%al
-	movl	92(%rsi),%ebx
-	addl	$3634488961,%r10d
-	xorl	%r8d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,88(%rsi)
-	addl	%r12d,%r10d
-	addb	%bl,%cl
-	roll	$14,%r10d
-	movl	%r11d,%r12d
-	pinsrw	$3,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r8d,%r12d
-	addl	16(%r15),%r9d
-	addb	%dl,%bl
-	movl	96(%rsi),%eax
-	addl	$3889429448,%r9d
-	xorl	%r11d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,92(%rsi)
-	addl	%r12d,%r9d
-	addb	%al,%cl
-	roll	$20,%r9d
-	movl	%r10d,%r12d
-	pinsrw	$3,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r11d,%r12d
-	addl	36(%r15),%r8d
-	addb	%dl,%al
-	movl	100(%rsi),%ebx
-	addl	$568446438,%r8d
-	xorl	%r10d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,96(%rsi)
-	addl	%r12d,%r8d
-	addb	%bl,%cl
-	roll	$5,%r8d
-	movl	%r9d,%r12d
-	pinsrw	$4,(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r10d,%r12d
-	addl	56(%r15),%r11d
-	addb	%dl,%bl
-	movl	104(%rsi),%eax
-	addl	$3275163606,%r11d
-	xorl	%r9d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,100(%rsi)
-	addl	%r12d,%r11d
-	addb	%al,%cl
-	roll	$9,%r11d
-	movl	%r8d,%r12d
-	pinsrw	$4,(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r9d,%r12d
-	addl	12(%r15),%r10d
-	addb	%dl,%al
-	movl	108(%rsi),%ebx
-	addl	$4107603335,%r10d
-	xorl	%r8d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,104(%rsi)
-	addl	%r12d,%r10d
-	addb	%bl,%cl
-	roll	$14,%r10d
-	movl	%r11d,%r12d
-	pinsrw	$5,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r8d,%r12d
-	addl	32(%r15),%r9d
-	addb	%dl,%bl
-	movl	112(%rsi),%eax
-	addl	$1163531501,%r9d
-	xorl	%r11d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,108(%rsi)
-	addl	%r12d,%r9d
-	addb	%al,%cl
-	roll	$20,%r9d
-	movl	%r10d,%r12d
-	pinsrw	$5,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r11d,%r12d
-	addl	52(%r15),%r8d
-	addb	%dl,%al
-	movl	116(%rsi),%ebx
-	addl	$2850285829,%r8d
-	xorl	%r10d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,112(%rsi)
-	addl	%r12d,%r8d
-	addb	%bl,%cl
-	roll	$5,%r8d
-	movl	%r9d,%r12d
-	pinsrw	$6,(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r10d,%r12d
-	addl	8(%r15),%r11d
-	addb	%dl,%bl
-	movl	120(%rsi),%eax
-	addl	$4243563512,%r11d
-	xorl	%r9d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,116(%rsi)
-	addl	%r12d,%r11d
-	addb	%al,%cl
-	roll	$9,%r11d
-	movl	%r8d,%r12d
-	pinsrw	$6,(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	andl	%r9d,%r12d
-	addl	28(%r15),%r10d
-	addb	%dl,%al
-	movl	124(%rsi),%ebx
-	addl	$1735328473,%r10d
-	xorl	%r8d,%r12d
-	movzbl	%al,%eax
-	movl	%edx,120(%rsi)
-	addl	%r12d,%r10d
-	addb	%bl,%cl
-	roll	$14,%r10d
-	movl	%r11d,%r12d
-	pinsrw	$7,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movdqu	16(%r13),%xmm3
-	addb	$32,%bpl
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	andl	%r8d,%r12d
-	addl	48(%r15),%r9d
-	addb	%dl,%bl
-	movl	0(%rdi,%rbp,4),%eax
-	addl	$2368359562,%r9d
-	xorl	%r11d,%r12d
-	movzbl	%bl,%ebx
-	movl	%edx,124(%rsi)
-	addl	%r12d,%r9d
-	addb	%al,%cl
-	roll	$20,%r9d
-	movl	%r11d,%r12d
-	pinsrw	$7,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movq	%rcx,%rsi
-	xorq	%rcx,%rcx
-	movb	%sil,%cl
-	leaq	(%rdi,%rbp,4),%rsi
-	psllq	$8,%xmm1
-	pxor	%xmm0,%xmm3
-	pxor	%xmm1,%xmm3
-	pxor	%xmm0,%xmm0
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	xorl	%r9d,%r12d
-	addl	20(%r15),%r8d
-	addb	%dl,%al
-	movl	4(%rsi),%ebx
-	addl	$4294588738,%r8d
-	movzbl	%al,%eax
-	addl	%r12d,%r8d
-	movl	%edx,0(%rsi)
-	addb	%bl,%cl
-	roll	$4,%r8d
-	movl	%r10d,%r12d
-	movd	(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	pxor	%xmm1,%xmm1
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	xorl	%r8d,%r12d
-	addl	32(%r15),%r11d
-	addb	%dl,%bl
-	movl	8(%rsi),%eax
-	addl	$2272392833,%r11d
-	movzbl	%bl,%ebx
-	addl	%r12d,%r11d
-	movl	%edx,4(%rsi)
-	addb	%al,%cl
-	roll	$11,%r11d
-	movl	%r9d,%r12d
-	movd	(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	xorl	%r11d,%r12d
-	addl	44(%r15),%r10d
-	addb	%dl,%al
-	movl	12(%rsi),%ebx
-	addl	$1839030562,%r10d
-	movzbl	%al,%eax
-	addl	%r12d,%r10d
-	movl	%edx,8(%rsi)
-	addb	%bl,%cl
-	roll	$16,%r10d
-	movl	%r8d,%r12d
-	pinsrw	$1,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	xorl	%r10d,%r12d
-	addl	56(%r15),%r9d
-	addb	%dl,%bl
-	movl	16(%rsi),%eax
-	addl	$4259657740,%r9d
-	movzbl	%bl,%ebx
-	addl	%r12d,%r9d
-	movl	%edx,12(%rsi)
-	addb	%al,%cl
-	roll	$23,%r9d
-	movl	%r11d,%r12d
-	pinsrw	$1,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	xorl	%r9d,%r12d
-	addl	4(%r15),%r8d
-	addb	%dl,%al
-	movl	20(%rsi),%ebx
-	addl	$2763975236,%r8d
-	movzbl	%al,%eax
-	addl	%r12d,%r8d
-	movl	%edx,16(%rsi)
-	addb	%bl,%cl
-	roll	$4,%r8d
-	movl	%r10d,%r12d
-	pinsrw	$2,(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	xorl	%r8d,%r12d
-	addl	16(%r15),%r11d
-	addb	%dl,%bl
-	movl	24(%rsi),%eax
-	addl	$1272893353,%r11d
-	movzbl	%bl,%ebx
-	addl	%r12d,%r11d
-	movl	%edx,20(%rsi)
-	addb	%al,%cl
-	roll	$11,%r11d
-	movl	%r9d,%r12d
-	pinsrw	$2,(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	xorl	%r11d,%r12d
-	addl	28(%r15),%r10d
-	addb	%dl,%al
-	movl	28(%rsi),%ebx
-	addl	$4139469664,%r10d
-	movzbl	%al,%eax
-	addl	%r12d,%r10d
-	movl	%edx,24(%rsi)
-	addb	%bl,%cl
-	roll	$16,%r10d
-	movl	%r8d,%r12d
-	pinsrw	$3,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	xorl	%r10d,%r12d
-	addl	40(%r15),%r9d
-	addb	%dl,%bl
-	movl	32(%rsi),%eax
-	addl	$3200236656,%r9d
-	movzbl	%bl,%ebx
-	addl	%r12d,%r9d
-	movl	%edx,28(%rsi)
-	addb	%al,%cl
-	roll	$23,%r9d
-	movl	%r11d,%r12d
-	pinsrw	$3,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	xorl	%r9d,%r12d
-	addl	52(%r15),%r8d
-	addb	%dl,%al
-	movl	36(%rsi),%ebx
-	addl	$681279174,%r8d
-	movzbl	%al,%eax
-	addl	%r12d,%r8d
-	movl	%edx,32(%rsi)
-	addb	%bl,%cl
-	roll	$4,%r8d
-	movl	%r10d,%r12d
-	pinsrw	$4,(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	xorl	%r8d,%r12d
-	addl	0(%r15),%r11d
-	addb	%dl,%bl
-	movl	40(%rsi),%eax
-	addl	$3936430074,%r11d
-	movzbl	%bl,%ebx
-	addl	%r12d,%r11d
-	movl	%edx,36(%rsi)
-	addb	%al,%cl
-	roll	$11,%r11d
-	movl	%r9d,%r12d
-	pinsrw	$4,(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	xorl	%r11d,%r12d
-	addl	12(%r15),%r10d
-	addb	%dl,%al
-	movl	44(%rsi),%ebx
-	addl	$3572445317,%r10d
-	movzbl	%al,%eax
-	addl	%r12d,%r10d
-	movl	%edx,40(%rsi)
-	addb	%bl,%cl
-	roll	$16,%r10d
-	movl	%r8d,%r12d
-	pinsrw	$5,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	xorl	%r10d,%r12d
-	addl	24(%r15),%r9d
-	addb	%dl,%bl
-	movl	48(%rsi),%eax
-	addl	$76029189,%r9d
-	movzbl	%bl,%ebx
-	addl	%r12d,%r9d
-	movl	%edx,44(%rsi)
-	addb	%al,%cl
-	roll	$23,%r9d
-	movl	%r11d,%r12d
-	pinsrw	$5,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	xorl	%r9d,%r12d
-	addl	36(%r15),%r8d
-	addb	%dl,%al
-	movl	52(%rsi),%ebx
-	addl	$3654602809,%r8d
-	movzbl	%al,%eax
-	addl	%r12d,%r8d
-	movl	%edx,48(%rsi)
-	addb	%bl,%cl
-	roll	$4,%r8d
-	movl	%r10d,%r12d
-	pinsrw	$6,(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	xorl	%r8d,%r12d
-	addl	48(%r15),%r11d
-	addb	%dl,%bl
-	movl	56(%rsi),%eax
-	addl	$3873151461,%r11d
-	movzbl	%bl,%ebx
-	addl	%r12d,%r11d
-	movl	%edx,52(%rsi)
-	addb	%al,%cl
-	roll	$11,%r11d
-	movl	%r9d,%r12d
-	pinsrw	$6,(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	xorl	%r11d,%r12d
-	addl	60(%r15),%r10d
-	addb	%dl,%al
-	movl	60(%rsi),%ebx
-	addl	$530742520,%r10d
-	movzbl	%al,%eax
-	addl	%r12d,%r10d
-	movl	%edx,56(%rsi)
-	addb	%bl,%cl
-	roll	$16,%r10d
-	movl	%r8d,%r12d
-	pinsrw	$7,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movdqu	32(%r13),%xmm4
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	xorl	%r10d,%r12d
-	addl	8(%r15),%r9d
-	addb	%dl,%bl
-	movl	64(%rsi),%eax
-	addl	$3299628645,%r9d
-	movzbl	%bl,%ebx
-	addl	%r12d,%r9d
-	movl	%edx,60(%rsi)
-	addb	%al,%cl
-	roll	$23,%r9d
-	movl	$-1,%r12d
-	pinsrw	$7,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	psllq	$8,%xmm1
-	pxor	%xmm0,%xmm4
-	pxor	%xmm1,%xmm4
-	pxor	%xmm0,%xmm0
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	orl	%r9d,%r12d
-	addl	0(%r15),%r8d
-	addb	%dl,%al
-	movl	68(%rsi),%ebx
-	addl	$4096336452,%r8d
-	movzbl	%al,%eax
-	xorl	%r10d,%r12d
-	movl	%edx,64(%rsi)
-	addl	%r12d,%r8d
-	addb	%bl,%cl
-	roll	$6,%r8d
-	movl	$-1,%r12d
-	movd	(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	pxor	%xmm1,%xmm1
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	orl	%r8d,%r12d
-	addl	28(%r15),%r11d
-	addb	%dl,%bl
-	movl	72(%rsi),%eax
-	addl	$1126891415,%r11d
-	movzbl	%bl,%ebx
-	xorl	%r9d,%r12d
-	movl	%edx,68(%rsi)
-	addl	%r12d,%r11d
-	addb	%al,%cl
-	roll	$10,%r11d
-	movl	$-1,%r12d
-	movd	(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	orl	%r11d,%r12d
-	addl	56(%r15),%r10d
-	addb	%dl,%al
-	movl	76(%rsi),%ebx
-	addl	$2878612391,%r10d
-	movzbl	%al,%eax
-	xorl	%r8d,%r12d
-	movl	%edx,72(%rsi)
-	addl	%r12d,%r10d
-	addb	%bl,%cl
-	roll	$15,%r10d
-	movl	$-1,%r12d
-	pinsrw	$1,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	orl	%r10d,%r12d
-	addl	20(%r15),%r9d
-	addb	%dl,%bl
-	movl	80(%rsi),%eax
-	addl	$4237533241,%r9d
-	movzbl	%bl,%ebx
-	xorl	%r11d,%r12d
-	movl	%edx,76(%rsi)
-	addl	%r12d,%r9d
-	addb	%al,%cl
-	roll	$21,%r9d
-	movl	$-1,%r12d
-	pinsrw	$1,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	orl	%r9d,%r12d
-	addl	48(%r15),%r8d
-	addb	%dl,%al
-	movl	84(%rsi),%ebx
-	addl	$1700485571,%r8d
-	movzbl	%al,%eax
-	xorl	%r10d,%r12d
-	movl	%edx,80(%rsi)
-	addl	%r12d,%r8d
-	addb	%bl,%cl
-	roll	$6,%r8d
-	movl	$-1,%r12d
-	pinsrw	$2,(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	orl	%r8d,%r12d
-	addl	12(%r15),%r11d
-	addb	%dl,%bl
-	movl	88(%rsi),%eax
-	addl	$2399980690,%r11d
-	movzbl	%bl,%ebx
-	xorl	%r9d,%r12d
-	movl	%edx,84(%rsi)
-	addl	%r12d,%r11d
-	addb	%al,%cl
-	roll	$10,%r11d
-	movl	$-1,%r12d
-	pinsrw	$2,(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	orl	%r11d,%r12d
-	addl	40(%r15),%r10d
-	addb	%dl,%al
-	movl	92(%rsi),%ebx
-	addl	$4293915773,%r10d
-	movzbl	%al,%eax
-	xorl	%r8d,%r12d
-	movl	%edx,88(%rsi)
-	addl	%r12d,%r10d
-	addb	%bl,%cl
-	roll	$15,%r10d
-	movl	$-1,%r12d
-	pinsrw	$3,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	orl	%r10d,%r12d
-	addl	4(%r15),%r9d
-	addb	%dl,%bl
-	movl	96(%rsi),%eax
-	addl	$2240044497,%r9d
-	movzbl	%bl,%ebx
-	xorl	%r11d,%r12d
-	movl	%edx,92(%rsi)
-	addl	%r12d,%r9d
-	addb	%al,%cl
-	roll	$21,%r9d
-	movl	$-1,%r12d
-	pinsrw	$3,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	orl	%r9d,%r12d
-	addl	32(%r15),%r8d
-	addb	%dl,%al
-	movl	100(%rsi),%ebx
-	addl	$1873313359,%r8d
-	movzbl	%al,%eax
-	xorl	%r10d,%r12d
-	movl	%edx,96(%rsi)
-	addl	%r12d,%r8d
-	addb	%bl,%cl
-	roll	$6,%r8d
-	movl	$-1,%r12d
-	pinsrw	$4,(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	orl	%r8d,%r12d
-	addl	60(%r15),%r11d
-	addb	%dl,%bl
-	movl	104(%rsi),%eax
-	addl	$4264355552,%r11d
-	movzbl	%bl,%ebx
-	xorl	%r9d,%r12d
-	movl	%edx,100(%rsi)
-	addl	%r12d,%r11d
-	addb	%al,%cl
-	roll	$10,%r11d
-	movl	$-1,%r12d
-	pinsrw	$4,(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	orl	%r11d,%r12d
-	addl	24(%r15),%r10d
-	addb	%dl,%al
-	movl	108(%rsi),%ebx
-	addl	$2734768916,%r10d
-	movzbl	%al,%eax
-	xorl	%r8d,%r12d
-	movl	%edx,104(%rsi)
-	addl	%r12d,%r10d
-	addb	%bl,%cl
-	roll	$15,%r10d
-	movl	$-1,%r12d
-	pinsrw	$5,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	orl	%r10d,%r12d
-	addl	52(%r15),%r9d
-	addb	%dl,%bl
-	movl	112(%rsi),%eax
-	addl	$1309151649,%r9d
-	movzbl	%bl,%ebx
-	xorl	%r11d,%r12d
-	movl	%edx,108(%rsi)
-	addl	%r12d,%r9d
-	addb	%al,%cl
-	roll	$21,%r9d
-	movl	$-1,%r12d
-	pinsrw	$5,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r11d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	orl	%r9d,%r12d
-	addl	16(%r15),%r8d
-	addb	%dl,%al
-	movl	116(%rsi),%ebx
-	addl	$4149444226,%r8d
-	movzbl	%al,%eax
-	xorl	%r10d,%r12d
-	movl	%edx,112(%rsi)
-	addl	%r12d,%r8d
-	addb	%bl,%cl
-	roll	$6,%r8d
-	movl	$-1,%r12d
-	pinsrw	$6,(%rdi,%rax,4),%xmm0
-
-	addl	%r9d,%r8d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r10d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	orl	%r8d,%r12d
-	addl	44(%r15),%r11d
-	addb	%dl,%bl
-	movl	120(%rsi),%eax
-	addl	$3174756917,%r11d
-	movzbl	%bl,%ebx
-	xorl	%r9d,%r12d
-	movl	%edx,116(%rsi)
-	addl	%r12d,%r11d
-	addb	%al,%cl
-	roll	$10,%r11d
-	movl	$-1,%r12d
-	pinsrw	$6,(%rdi,%rbx,4),%xmm1
-
-	addl	%r8d,%r11d
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r9d,%r12d
-	movl	%eax,(%rdi,%rcx,4)
-	orl	%r11d,%r12d
-	addl	8(%r15),%r10d
-	addb	%dl,%al
-	movl	124(%rsi),%ebx
-	addl	$718787259,%r10d
-	movzbl	%al,%eax
-	xorl	%r8d,%r12d
-	movl	%edx,120(%rsi)
-	addl	%r12d,%r10d
-	addb	%bl,%cl
-	roll	$15,%r10d
-	movl	$-1,%r12d
-	pinsrw	$7,(%rdi,%rax,4),%xmm0
-
-	addl	%r11d,%r10d
-	movdqu	48(%r13),%xmm5
-	addb	$32,%bpl
-	movl	(%rdi,%rcx,4),%edx
-	xorl	%r8d,%r12d
-	movl	%ebx,(%rdi,%rcx,4)
-	orl	%r10d,%r12d
-	addl	36(%r15),%r9d
-	addb	%dl,%bl
-	movl	0(%rdi,%rbp,4),%eax
-	addl	$3951481745,%r9d
-	movzbl	%bl,%ebx
-	xorl	%r11d,%r12d
-	movl	%edx,124(%rsi)
-	addl	%r12d,%r9d
-	addb	%al,%cl
-	roll	$21,%r9d
-	movl	$-1,%r12d
-	pinsrw	$7,(%rdi,%rbx,4),%xmm1
-
-	addl	%r10d,%r9d
-	movq	%rbp,%rsi
-	xorq	%rbp,%rbp
-	movb	%sil,%bpl
-	movq	%rcx,%rsi
-	xorq	%rcx,%rcx
-	movb	%sil,%cl
-	leaq	(%rdi,%rbp,4),%rsi
-	psllq	$8,%xmm1
-	pxor	%xmm0,%xmm5
-	pxor	%xmm1,%xmm5
-	addl	0(%rsp),%r8d
-	addl	4(%rsp),%r9d
-	addl	8(%rsp),%r10d
-	addl	12(%rsp),%r11d
-
-	movdqu	%xmm2,(%r14,%r13,1)
-	movdqu	%xmm3,16(%r14,%r13,1)
-	movdqu	%xmm4,32(%r14,%r13,1)
-	movdqu	%xmm5,48(%r14,%r13,1)
-	leaq	64(%r15),%r15
-	leaq	64(%r13),%r13
-	cmpq	16(%rsp),%r15
-	jb	.Loop
-
-	movq	24(%rsp),%r12
-	subb	%al,%cl
-	movl	%r8d,0(%r12)
-	movl	%r9d,4(%r12)
-	movl	%r10d,8(%r12)
-	movl	%r11d,12(%r12)
-	subb	$1,%bpl
-	movl	%ebp,-8(%rdi)
-	movl	%ecx,-4(%rdi)
-
-	movq	40(%rsp),%r15
-	movq	48(%rsp),%r14
-	movq	56(%rsp),%r13
-	movq	64(%rsp),%r12
-	movq	72(%rsp),%rbp
-	movq	80(%rsp),%rbx
-	leaq	88(%rsp),%rsp
-.Lepilogue:
-.Labort:
-	.byte	0xf3,0xc3
-.size	rc4_md5_enc,.-rc4_md5_enc
diff --git a/crypto/rc4/asm/rc4-md5-x86_64.pl b/crypto/rc4/asm/rc4-md5-x86_64.pl
deleted file mode 100644
index 272fa91e1a..0000000000
--- a/crypto/rc4/asm/rc4-md5-x86_64.pl
+++ /dev/null
@@ -1,632 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# June 2011
-#
-# This is RC4+MD5 "stitch" implementation. The idea, as spelled in
-# http://download.intel.com/design/intarch/papers/323686.pdf, is that
-# since both algorithms exhibit instruction-level parallelism, ILP,
-# below theoretical maximum, interleaving them would allow to utilize
-# processor resources better and achieve better performance. RC4
-# instruction sequence is virtually identical to rc4-x86_64.pl, which
-# is heavily based on submission by Maxim Perminov, Maxim Locktyukhin
-# and Jim Guilford of Intel. MD5 is fresh implementation aiming to
-# minimize register usage, which was used as "main thread" with RC4
-# weaved into it, one RC4 round per one MD5 round. In addition to the
-# stiched subroutine the script can generate standalone replacement
-# md5_block_asm_data_order and RC4. Below are performance numbers in
-# cycles per processed byte, less is better, for these the standalone
-# subroutines, sum of them, and stitched one:
-#
-#		RC4	MD5	RC4+MD5	stitch	gain
-# Opteron	6.5(*)	5.4	11.9	7.0	+70%(*)
-# Core2		6.5	5.8	12.3	7.7	+60%
-# Westmere	4.3	5.2	9.5	7.0	+36%
-# Sandy Bridge	4.2	5.5	9.7	6.8	+43%
-# Atom		9.3	6.5	15.8	11.1	+42%
-#
-# (*)	rc4-x86_64.pl delivers 5.3 on Opteron, so real improvement
-#	is +53%...
-
-my ($rc4,$md5)=(1,1);	# what to generate?
-my $D="#" if (!$md5);	# if set to "#", MD5 is stitched into RC4(),
-			# but its result is discarded. Idea here is
-			# to be able to use 'openssl speed rc4' for
-			# benchmarking the stitched subroutine... 
-
-my $flavour = shift;
-my $output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs);
-
-if ($rc4 && !$md5) {
-  ($dat,$len,$in0,$out) = ("%rdi","%rsi","%rdx","%rcx");
-  $func="RC4";				$nargs=4;
-} elsif ($md5 && !$rc4) {
-  ($ctx,$inp,$len) = ("%rdi","%rsi","%rdx");
-  $func="md5_block_asm_data_order";	$nargs=3;
-} else {
-  ($dat,$in0,$out,$ctx,$inp,$len) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9");
-  $func="rc4_md5_enc";			$nargs=6;
-  # void rc4_md5_enc(
-  #		RC4_KEY *key,		#
-  #		const void *in0,	# RC4 input
-  #		void *out,		# RC4 output
-  #		MD5_CTX *ctx,		#
-  #		const void *inp,	# MD5 input
-  #		size_t len);		# number of 64-byte blocks
-}
-
-my @K=(	0xd76aa478,0xe8c7b756,0x242070db,0xc1bdceee,
-	0xf57c0faf,0x4787c62a,0xa8304613,0xfd469501,
-	0x698098d8,0x8b44f7af,0xffff5bb1,0x895cd7be,
-	0x6b901122,0xfd987193,0xa679438e,0x49b40821,
-
-	0xf61e2562,0xc040b340,0x265e5a51,0xe9b6c7aa,
-	0xd62f105d,0x02441453,0xd8a1e681,0xe7d3fbc8,
-	0x21e1cde6,0xc33707d6,0xf4d50d87,0x455a14ed,
-	0xa9e3e905,0xfcefa3f8,0x676f02d9,0x8d2a4c8a,
-
-	0xfffa3942,0x8771f681,0x6d9d6122,0xfde5380c,
-	0xa4beea44,0x4bdecfa9,0xf6bb4b60,0xbebfbc70,
-	0x289b7ec6,0xeaa127fa,0xd4ef3085,0x04881d05,
-	0xd9d4d039,0xe6db99e5,0x1fa27cf8,0xc4ac5665,
-
-	0xf4292244,0x432aff97,0xab9423a7,0xfc93a039,
-	0x655b59c3,0x8f0ccc92,0xffeff47d,0x85845dd1,
-	0x6fa87e4f,0xfe2ce6e0,0xa3014314,0x4e0811a1,
-	0xf7537e82,0xbd3af235,0x2ad7d2bb,0xeb86d391	);
-
-my @V=("%r8d","%r9d","%r10d","%r11d");	# MD5 registers
-my $tmp="%r12d";
-
-my @XX=("%rbp","%rsi");			# RC4 registers
-my @TX=("%rax","%rbx");
-my $YY="%rcx";
-my $TY="%rdx";
-
-my $MOD=32;				# 16, 32 or 64
-
-$code.=<<___;
-.text
-.align 16
-
-.globl	$func
-.type	$func,\@function,$nargs
-$func:
-	cmp	\$0,$len
-	je	.Labort
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	sub	\$40,%rsp
-.Lbody:
-___
-if ($rc4) {
-$code.=<<___;
-$D#md5#	mov	$ctx,%r11		# reassign arguments
-	mov	$len,%r12
-	mov	$in0,%r13
-	mov	$out,%r14
-$D#md5#	mov	$inp,%r15
-___
-    $ctx="%r11"	if ($md5);		# reassign arguments
-    $len="%r12";
-    $in0="%r13";
-    $out="%r14";
-    $inp="%r15"	if ($md5);
-    $inp=$in0	if (!$md5);
-$code.=<<___;
-	xor	$XX[0],$XX[0]
-	xor	$YY,$YY
-
-	lea	8($dat),$dat
-	mov	-8($dat),$XX[0]#b
-	mov	-4($dat),$YY#b
-
-	inc	$XX[0]#b
-	sub	$in0,$out
-	movl	($dat,$XX[0],4),$TX[0]#d
-___
-$code.=<<___ if (!$md5);
-	xor	$TX[1],$TX[1]
-	test	\$-128,$len
-	jz	.Loop1
-	sub	$XX[0],$TX[1]
-	and	\$`$MOD-1`,$TX[1]
-	jz	.Loop${MOD}_is_hot
-	sub	$TX[1],$len
-.Loop${MOD}_warmup:
-	add	$TX[0]#b,$YY#b
-	movl	($dat,$YY,4),$TY#d
-	movl	$TX[0]#d,($dat,$YY,4)
-	movl	$TY#d,($dat,$XX[0],4)
-	add	$TY#b,$TX[0]#b
-	inc	$XX[0]#b
-	movl	($dat,$TX[0],4),$TY#d
-	movl	($dat,$XX[0],4),$TX[0]#d
-	xorb	($in0),$TY#b
-	movb	$TY#b,($out,$in0)
-	lea	1($in0),$in0
-	dec	$TX[1]
-	jnz	.Loop${MOD}_warmup
-
-	mov	$YY,$TX[1]
-	xor	$YY,$YY
-	mov	$TX[1]#b,$YY#b
-
-.Loop${MOD}_is_hot:
-	mov	$len,32(%rsp)		# save original $len
-	shr	\$6,$len		# number of 64-byte blocks
-___
-  if ($D && !$md5) {			# stitch in dummy MD5
-    $md5=1;
-    $ctx="%r11";
-    $inp="%r15";
-    $code.=<<___;
-	mov	%rsp,$ctx
-	mov	$in0,$inp
-___
-  }
-}
-$code.=<<___;
-#rc4#	add	$TX[0]#b,$YY#b
-#rc4#	lea	($dat,$XX[0],4),$XX[1]
-	shl	\$6,$len
-	add	$inp,$len		# pointer to the end of input
-	mov	$len,16(%rsp)
-
-#md5#	mov	$ctx,24(%rsp)		# save pointer to MD5_CTX
-#md5#	mov	0*4($ctx),$V[0]		# load current hash value from MD5_CTX
-#md5#	mov	1*4($ctx),$V[1]
-#md5#	mov	2*4($ctx),$V[2]
-#md5#	mov	3*4($ctx),$V[3]
-	jmp	.Loop
-
-.align	16
-.Loop:
-#md5#	mov	$V[0],0*4(%rsp)		# put aside current hash value
-#md5#	mov	$V[1],1*4(%rsp)
-#md5#	mov	$V[2],2*4(%rsp)
-#md5#	mov	$V[3],$tmp		# forward reference
-#md5#	mov	$V[3],3*4(%rsp)
-___
-
-sub R0 {
-  my ($i,$a,$b,$c,$d)=@_;
-  my @rot0=(7,12,17,22);
-  my $j=$i%16;
-  my $k=$i%$MOD;
-  my $xmm="%xmm".($j&1);
-    $code.="	movdqu	($in0),%xmm2\n"		if ($rc4 && $j==15);
-    $code.="	add	\$$MOD,$XX[0]#b\n"	if ($rc4 && $j==15 && $k==$MOD-1);
-    $code.="	pxor	$xmm,$xmm\n"		if ($rc4 && $j<=1);
-    $code.=<<___;
-#rc4#	movl	($dat,$YY,4),$TY#d
-#md5#	xor	$c,$tmp
-#rc4#	movl	$TX[0]#d,($dat,$YY,4)
-#md5#	and	$b,$tmp
-#md5#	add	4*`$j`($inp),$a
-#rc4#	add	$TY#b,$TX[0]#b
-#rc4#	movl	`4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
-#md5#	add	\$$K[$i],$a
-#md5#	xor	$d,$tmp
-#rc4#	movz	$TX[0]#b,$TX[0]#d
-#rc4#	movl	$TY#d,4*$k($XX[1])
-#md5#	add	$tmp,$a
-#rc4#	add	$TX[1]#b,$YY#b
-#md5#	rol	\$$rot0[$j%4],$a
-#md5#	mov	`$j==15?"$b":"$c"`,$tmp		# forward reference
-#rc4#	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
-#md5#	add	$b,$a
-___
-    $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1);
-	mov	$YY,$XX[1]
-	xor	$YY,$YY				# keyword to partial register
-	mov	$XX[1]#b,$YY#b
-	lea	($dat,$XX[0],4),$XX[1]
-___
-    $code.=<<___ if ($rc4 && $j==15);
-	psllq	\$8,%xmm1
-	pxor	%xmm0,%xmm2
-	pxor	%xmm1,%xmm2
-___
-}
-sub R1 {
-  my ($i,$a,$b,$c,$d)=@_;
-  my @rot1=(5,9,14,20);
-  my $j=$i%16;
-  my $k=$i%$MOD;
-  my $xmm="%xmm".($j&1);
-    $code.="	movdqu	16($in0),%xmm3\n"	if ($rc4 && $j==15);
-    $code.="	add	\$$MOD,$XX[0]#b\n"	if ($rc4 && $j==15 && $k==$MOD-1);
-    $code.="	pxor	$xmm,$xmm\n"		if ($rc4 && $j<=1);
-    $code.=<<___;
-#rc4#	movl	($dat,$YY,4),$TY#d
-#md5#	xor	$b,$tmp
-#rc4#	movl	$TX[0]#d,($dat,$YY,4)
-#md5#	and	$d,$tmp
-#md5#	add	4*`((1+5*$j)%16)`($inp),$a
-#rc4#	add	$TY#b,$TX[0]#b
-#rc4#	movl	`4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
-#md5#	add	\$$K[$i],$a
-#md5#	xor	$c,$tmp
-#rc4#	movz	$TX[0]#b,$TX[0]#d
-#rc4#	movl	$TY#d,4*$k($XX[1])
-#md5#	add	$tmp,$a
-#rc4#	add	$TX[1]#b,$YY#b
-#md5#	rol	\$$rot1[$j%4],$a
-#md5#	mov	`$j==15?"$c":"$b"`,$tmp		# forward reference
-#rc4#	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
-#md5#	add	$b,$a
-___
-    $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1);
-	mov	$YY,$XX[1]
-	xor	$YY,$YY				# keyword to partial register
-	mov	$XX[1]#b,$YY#b
-	lea	($dat,$XX[0],4),$XX[1]
-___
-    $code.=<<___ if ($rc4 && $j==15);
-	psllq	\$8,%xmm1
-	pxor	%xmm0,%xmm3
-	pxor	%xmm1,%xmm3
-___
-}
-sub R2 {
-  my ($i,$a,$b,$c,$d)=@_;
-  my @rot2=(4,11,16,23);
-  my $j=$i%16;
-  my $k=$i%$MOD;
-  my $xmm="%xmm".($j&1);
-    $code.="	movdqu	32($in0),%xmm4\n"	if ($rc4 && $j==15);
-    $code.="	add	\$$MOD,$XX[0]#b\n"	if ($rc4 && $j==15 && $k==$MOD-1);
-    $code.="	pxor	$xmm,$xmm\n"		if ($rc4 && $j<=1);
-    $code.=<<___;
-#rc4#	movl	($dat,$YY,4),$TY#d
-#md5#	xor	$c,$tmp
-#rc4#	movl	$TX[0]#d,($dat,$YY,4)
-#md5#	xor	$b,$tmp
-#md5#	add	4*`((5+3*$j)%16)`($inp),$a
-#rc4#	add	$TY#b,$TX[0]#b
-#rc4#	movl	`4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
-#md5#	add	\$$K[$i],$a
-#rc4#	movz	$TX[0]#b,$TX[0]#d
-#md5#	add	$tmp,$a
-#rc4#	movl	$TY#d,4*$k($XX[1])
-#rc4#	add	$TX[1]#b,$YY#b
-#md5#	rol	\$$rot2[$j%4],$a
-#md5#	mov	`$j==15?"\\\$-1":"$c"`,$tmp	# forward reference
-#rc4#	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
-#md5#	add	$b,$a
-___
-    $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1);
-	mov	$YY,$XX[1]
-	xor	$YY,$YY				# keyword to partial register
-	mov	$XX[1]#b,$YY#b
-	lea	($dat,$XX[0],4),$XX[1]
-___
-    $code.=<<___ if ($rc4 && $j==15);
-	psllq	\$8,%xmm1
-	pxor	%xmm0,%xmm4
-	pxor	%xmm1,%xmm4
-___
-}
-sub R3 {
-  my ($i,$a,$b,$c,$d)=@_;
-  my @rot3=(6,10,15,21);
-  my $j=$i%16;
-  my $k=$i%$MOD;
-  my $xmm="%xmm".($j&1);
-    $code.="	movdqu	48($in0),%xmm5\n"	if ($rc4 && $j==15);
-    $code.="	add	\$$MOD,$XX[0]#b\n"	if ($rc4 && $j==15 && $k==$MOD-1);
-    $code.="	pxor	$xmm,$xmm\n"		if ($rc4 && $j<=1);
-    $code.=<<___;
-#rc4#	movl	($dat,$YY,4),$TY#d
-#md5#	xor	$d,$tmp
-#rc4#	movl	$TX[0]#d,($dat,$YY,4)
-#md5#	or	$b,$tmp
-#md5#	add	4*`((7*$j)%16)`($inp),$a
-#rc4#	add	$TY#b,$TX[0]#b
-#rc4#	movl	`4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d
-#md5#	add	\$$K[$i],$a
-#rc4#	movz	$TX[0]#b,$TX[0]#d
-#md5#	xor	$c,$tmp
-#rc4#	movl	$TY#d,4*$k($XX[1])
-#md5#	add	$tmp,$a
-#rc4#	add	$TX[1]#b,$YY#b
-#md5#	rol	\$$rot3[$j%4],$a
-#md5#	mov	\$-1,$tmp			# forward reference
-#rc4#	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n
-#md5#	add	$b,$a
-___
-    $code.=<<___ if ($rc4 && $j==15);
-	mov	$XX[0],$XX[1]
-	xor	$XX[0],$XX[0]			# keyword to partial register
-	mov	$XX[1]#b,$XX[0]#b
-	mov	$YY,$XX[1]
-	xor	$YY,$YY				# keyword to partial register
-	mov	$XX[1]#b,$YY#b
-	lea	($dat,$XX[0],4),$XX[1]
-	psllq	\$8,%xmm1
-	pxor	%xmm0,%xmm5
-	pxor	%xmm1,%xmm5
-___
-}
-
-my $i=0;
-for(;$i<16;$i++) { R0($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
-for(;$i<32;$i++) { R1($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
-for(;$i<48;$i++) { R2($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
-for(;$i<64;$i++) { R3($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); }
-
-$code.=<<___;
-#md5#	add	0*4(%rsp),$V[0]		# accumulate hash value
-#md5#	add	1*4(%rsp),$V[1]
-#md5#	add	2*4(%rsp),$V[2]
-#md5#	add	3*4(%rsp),$V[3]
-
-#rc4#	movdqu	%xmm2,($out,$in0)	# write RC4 output
-#rc4#	movdqu	%xmm3,16($out,$in0)
-#rc4#	movdqu	%xmm4,32($out,$in0)
-#rc4#	movdqu	%xmm5,48($out,$in0)
-#md5#	lea	64($inp),$inp
-#rc4#	lea	64($in0),$in0
-	cmp	16(%rsp),$inp		# are we done?
-	jb	.Loop
-
-#md5#	mov	24(%rsp),$len		# restore pointer to MD5_CTX
-#rc4#	sub	$TX[0]#b,$YY#b		# correct $YY
-#md5#	mov	$V[0],0*4($len)		# write MD5_CTX
-#md5#	mov	$V[1],1*4($len)
-#md5#	mov	$V[2],2*4($len)
-#md5#	mov	$V[3],3*4($len)
-___
-$code.=<<___ if ($rc4 && (!$md5 || $D));
-	mov	32(%rsp),$len		# restore original $len
-	and	\$63,$len		# remaining bytes
-	jnz	.Loop1
-	jmp	.Ldone
-	
-.align	16
-.Loop1:
-	add	$TX[0]#b,$YY#b
-	movl	($dat,$YY,4),$TY#d
-	movl	$TX[0]#d,($dat,$YY,4)
-	movl	$TY#d,($dat,$XX[0],4)
-	add	$TY#b,$TX[0]#b
-	inc	$XX[0]#b
-	movl	($dat,$TX[0],4),$TY#d
-	movl	($dat,$XX[0],4),$TX[0]#d
-	xorb	($in0),$TY#b
-	movb	$TY#b,($out,$in0)
-	lea	1($in0),$in0
-	dec	$len
-	jnz	.Loop1
-
-.Ldone:
-___
-$code.=<<___;
-#rc4#	sub	\$1,$XX[0]#b
-#rc4#	movl	$XX[0]#d,-8($dat)
-#rc4#	movl	$YY#d,-4($dat)
-
-	mov	40(%rsp),%r15
-	mov	48(%rsp),%r14
-	mov	56(%rsp),%r13
-	mov	64(%rsp),%r12
-	mov	72(%rsp),%rbp
-	mov	80(%rsp),%rbx
-	lea	88(%rsp),%rsp
-.Lepilogue:
-.Labort:
-	ret
-.size $func,.-$func
-___
-
-if ($rc4 && $D) {	# sole purpose of this section is to provide
-			# option to use the generated module as drop-in
-			# replacement for rc4-x86_64.pl for debugging
-			# and testing purposes...
-my ($idx,$ido)=("%r8","%r9");
-my ($dat,$len,$inp)=("%rdi","%rsi","%rdx");
-
-$code.=<<___;
-.globl	RC4_set_key
-.type	RC4_set_key,\@function,3
-.align	16
-RC4_set_key:
-	lea	8($dat),$dat
-	lea	($inp,$len),$inp
-	neg	$len
-	mov	$len,%rcx
-	xor	%eax,%eax
-	xor	$ido,$ido
-	xor	%r10,%r10
-	xor	%r11,%r11
-	jmp	.Lw1stloop
-
-.align	16
-.Lw1stloop:
-	mov	%eax,($dat,%rax,4)
-	add	\$1,%al
-	jnc	.Lw1stloop
-
-	xor	$ido,$ido
-	xor	$idx,$idx
-.align	16
-.Lw2ndloop:
-	mov	($dat,$ido,4),%r10d
-	add	($inp,$len,1),$idx#b
-	add	%r10b,$idx#b
-	add	\$1,$len
-	mov	($dat,$idx,4),%r11d
-	cmovz	%rcx,$len
-	mov	%r10d,($dat,$idx,4)
-	mov	%r11d,($dat,$ido,4)
-	add	\$1,$ido#b
-	jnc	.Lw2ndloop
-
-	xor	%eax,%eax
-	mov	%eax,-8($dat)
-	mov	%eax,-4($dat)
-	ret
-.size	RC4_set_key,.-RC4_set_key
-
-.globl	RC4_options
-.type	RC4_options,\@abi-omnipotent
-.align	16
-RC4_options:
-	lea	.Lopts(%rip),%rax
-	ret
-.align	64
-.Lopts:
-.asciz	"rc4(64x,int)"
-.align	64
-.size	RC4_options,.-RC4_options
-___
-}
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-my $rec="%rcx";
-my $frame="%rdx";
-my $context="%r8";
-my $disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	se_handler,\@abi-omnipotent
-.align	16
-se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	lea	.Lbody(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<.Lbody
-	jb	.Lin_prologue
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	lea	.Lepilogue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
-	jae	.Lin_prologue
-
-	mov	40(%rax),%r15
-	mov	48(%rax),%r14
-	mov	56(%rax),%r13
-	mov	64(%rax),%r12
-	mov	72(%rax),%rbp
-	mov	80(%rax),%rbx
-	lea	88(%rax),%rax
-
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R12
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-.Lin_prologue:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	se_handler,.-se_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_$func
-	.rva	.LSEH_end_$func
-	.rva	.LSEH_info_$func
-
-.section	.xdata
-.align	8
-.LSEH_info_$func:
-	.byte	9,0,0,0
-	.rva	se_handler
-___
-}
-
-sub reg_part {
-my ($reg,$conv)=@_;
-    if ($reg =~ /%r[0-9]+/)     { $reg .= $conv; }
-    elsif ($conv eq "b")        { $reg =~ s/%[er]([^x]+)x?/%$1l/;       }
-    elsif ($conv eq "w")        { $reg =~ s/%[er](.+)/%$1/;             }
-    elsif ($conv eq "d")        { $reg =~ s/%[er](.+)/%e$1/;            }
-    return $reg;
-}
-
-$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem;
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/pinsrw\s+\$0,/movd	/gm;
-
-$code =~ s/#md5#//gm	if ($md5);
-$code =~ s/#rc4#//gm	if ($rc4);
-
-print $code;
-
-close STDOUT;
diff --git a/crypto/rc4/asm/rc4-parisc.pl b/crypto/rc4/asm/rc4-parisc.pl
deleted file mode 100644
index ad7e65651c..0000000000
--- a/crypto/rc4/asm/rc4-parisc.pl
+++ /dev/null
@@ -1,314 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# RC4 for PA-RISC.
-
-# June 2009.
-#
-# Performance is 33% better than gcc 3.2 generated code on PA-7100LC.
-# For reference, [4x] unrolled loop is >40% faster than folded one.
-# It's possible to unroll loop 8 times on PA-RISC 2.0, but improvement
-# is believed to be not sufficient to justify the effort...
-#
-# Special thanks to polarhome.com for providing HP-UX account.
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-
-$flavour = shift;
-$output = shift;
-open STDOUT,">$output";
-
-if ($flavour =~ /64/) {
-	$LEVEL		="2.0W";
-	$SIZE_T		=8;
-	$FRAME_MARKER	=80;
-	$SAVED_RP	=16;
-	$PUSH		="std";
-	$PUSHMA		="std,ma";
-	$POP		="ldd";
-	$POPMB		="ldd,mb";
-} else {
-	$LEVEL		="1.0";
-	$SIZE_T		=4;
-	$FRAME_MARKER	=48;
-	$SAVED_RP	=20;
-	$PUSH		="stw";
-	$PUSHMA		="stwm";
-	$POP		="ldw";
-	$POPMB		="ldwm";
-}
-
-$FRAME=4*$SIZE_T+$FRAME_MARKER;	# 4 saved regs + frame marker
-				#                [+ argument transfer]
-$SZ=1;				# defaults to RC4_CHAR
-if (open CONF,"<${dir}../../opensslconf.h") {
-    while(<CONF>) {
-	if (m/#\s*define\s+RC4_INT\s+(.*)/) {
-	    $SZ = ($1=~/char$/) ? 1 : 4;
-	    last;
-	}
-    }
-    close CONF;
-}
-
-if ($SZ==1) {	# RC4_CHAR
-    $LD="ldb";
-    $LDX="ldbx";
-    $MKX="addl";
-    $ST="stb";
-} else {	# RC4_INT (~5% faster than RC4_CHAR on PA-7100LC)
-    $LD="ldw";
-    $LDX="ldwx,s";
-    $MKX="sh2addl";
-    $ST="stw";
-}
-
-$key="%r26";
-$len="%r25";
-$inp="%r24";
-$out="%r23";
-
-@XX=("%r19","%r20");
-@TX=("%r21","%r22");
-$YY="%r28";
-$TY="%r29";
-
-$acc="%r1";
-$ix="%r2";
-$iy="%r3";
-$dat0="%r4";
-$dat1="%r5";
-$rem="%r6";
-$mask="%r31";
-
-sub unrolledloopbody {
-for ($i=0;$i<4;$i++) {
-$code.=<<___;
-	ldo	1($XX[0]),$XX[1]
-	`sprintf("$LDX	%$TY(%$key),%$dat1") if ($i>0)`	
-	and	$mask,$XX[1],$XX[1]
-	$LDX	$YY($key),$TY
-	$MKX	$YY,$key,$ix
-	$LDX	$XX[1]($key),$TX[1]
-	$MKX	$XX[0],$key,$iy
-	$ST	$TX[0],0($ix)
-	comclr,<> $XX[1],$YY,%r0	; conditional
-	copy	$TX[0],$TX[1]		; move
-	`sprintf("%sdep	%$dat1,%d,8,%$acc",$i==1?"z":"",8*($i-1)+7) if ($i>0)`
-	$ST	$TY,0($iy)
-	addl	$TX[0],$TY,$TY
-	addl	$TX[1],$YY,$YY
-	and	$mask,$TY,$TY
-	and	$mask,$YY,$YY
-___
-push(@TX,shift(@TX)); push(@XX,shift(@XX));	# "rotate" registers
-} }
-
-sub foldedloop {
-my ($label,$count)=@_;
-$code.=<<___;
-$label
-	$MKX	$YY,$key,$iy
-	$LDX	$YY($key),$TY
-	$MKX	$XX[0],$key,$ix
-	$ST	$TX[0],0($iy)
-	ldo	1($XX[0]),$XX[0]
-	$ST	$TY,0($ix)
-	addl	$TX[0],$TY,$TY
-	ldbx	$inp($out),$dat1
-	and	$mask,$TY,$TY
-	and	$mask,$XX[0],$XX[0]
-	$LDX	$TY($key),$acc
-	$LDX	$XX[0]($key),$TX[0]
-	ldo	1($out),$out
-	xor	$dat1,$acc,$acc
-	addl	$TX[0],$YY,$YY
-	stb	$acc,-1($out)
-	addib,<> -1,$count,$label	; $count is always small
-	and	$mask,$YY,$YY
-___
-}
-
-$code=<<___;
-	.LEVEL	$LEVEL
-	.SPACE	\$TEXT\$
-	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
-
-	.EXPORT	RC4,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR
-RC4
-	.PROC
-	.CALLINFO	FRAME=`$FRAME-4*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=6
-	.ENTRY
-	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
-	$PUSHMA	%r3,$FRAME(%sp)
-	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
-	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
-	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
-
-	cmpib,*= 0,$len,L\$abort
-	sub	$inp,$out,$inp		; distance between $inp and $out
-
-	$LD	`0*$SZ`($key),$XX[0]
-	$LD	`1*$SZ`($key),$YY
-	ldo	`2*$SZ`($key),$key
-
-	ldi	0xff,$mask
-	ldi	3,$dat0		
-
-	ldo	1($XX[0]),$XX[0]	; warm up loop
-	and	$mask,$XX[0],$XX[0]
-	$LDX	$XX[0]($key),$TX[0]
-	addl	$TX[0],$YY,$YY
-	cmpib,*>>= 6,$len,L\$oop1	; is $len large enough to bother?
-	and	$mask,$YY,$YY
-
-	and,<>	$out,$dat0,$rem		; is $out aligned?
-	b	L\$alignedout
-	subi	4,$rem,$rem
-	sub	$len,$rem,$len
-___
-&foldedloop("L\$alignout",$rem);	# process till $out is aligned
-
-$code.=<<___;
-L\$alignedout				; $len is at least 4 here
-	and,<>	$inp,$dat0,$acc		; is $inp aligned?
-	b	L\$oop4
-	sub	$inp,$acc,$rem		; align $inp
-
-	sh3addl	$acc,%r0,$acc
-	subi	32,$acc,$acc
-	mtctl	$acc,%cr11		; load %sar with vshd align factor
-	ldwx	$rem($out),$dat0
-	ldo	4($rem),$rem
-L\$oop4misalignedinp
-___
-&unrolledloopbody();
-$code.=<<___;
-	$LDX	$TY($key),$ix
-	ldwx	$rem($out),$dat1
-	ldo	-4($len),$len
-	or	$ix,$acc,$acc		; last piece, no need to dep
-	vshd	$dat0,$dat1,$iy		; align data
-	copy	$dat1,$dat0
-	xor	$iy,$acc,$acc
-	stw	$acc,0($out)
-	cmpib,*<< 3,$len,L\$oop4misalignedinp
-	ldo	4($out),$out
-	cmpib,*= 0,$len,L\$done
-	nop
-	b	L\$oop1
-	nop
-
-	.ALIGN	8
-L\$oop4
-___
-&unrolledloopbody();
-$code.=<<___;
-	$LDX	$TY($key),$ix
-	ldwx	$inp($out),$dat0
-	ldo	-4($len),$len
-	or	$ix,$acc,$acc		; last piece, no need to dep
-	xor	$dat0,$acc,$acc
-	stw	$acc,0($out)
-	cmpib,*<< 3,$len,L\$oop4
-	ldo	4($out),$out
-	cmpib,*= 0,$len,L\$done
-	nop
-___
-&foldedloop("L\$oop1",$len);
-$code.=<<___;
-L\$done
-	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2
-	ldo	-1($XX[0]),$XX[0]	; chill out loop
-	sub	$YY,$TX[0],$YY
-	and	$mask,$XX[0],$XX[0]
-	and	$mask,$YY,$YY
-	$ST	$XX[0],`-2*$SZ`($key)
-	$ST	$YY,`-1*$SZ`($key)
-	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
-	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
-	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
-L\$abort
-	bv	(%r2)
-	.EXIT
-	$POPMB	-$FRAME(%sp),%r3
-	.PROCEND
-___
-
-$code.=<<___;
-
-	.EXPORT	private_RC4_set_key,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
-	.ALIGN	8
-private_RC4_set_key
-	.PROC
-	.CALLINFO	NO_CALLS
-	.ENTRY
-	$ST	%r0,`0*$SZ`($key)
-	$ST	%r0,`1*$SZ`($key)
-	ldo	`2*$SZ`($key),$key
-	copy	%r0,@XX[0]
-L\$1st
-	$ST	@XX[0],0($key)
-	ldo	1(@XX[0]),@XX[0]
-	bb,>=	@XX[0],`31-8`,L\$1st	; @XX[0]<256
-	ldo	$SZ($key),$key
-
-	ldo	`-256*$SZ`($key),$key	; rewind $key
-	addl	$len,$inp,$inp		; $inp to point at the end
-	sub	%r0,$len,%r23		; inverse index
-	copy	%r0,@XX[0]
-	copy	%r0,@XX[1]
-	ldi	0xff,$mask
-
-L\$2nd
-	$LDX	@XX[0]($key),@TX[0]
-	ldbx	%r23($inp),@TX[1]
-	addi,nuv 1,%r23,%r23		; increment and conditional
-	sub	%r0,$len,%r23		; inverse index
-	addl	@TX[0],@XX[1],@XX[1]
-	addl	@TX[1],@XX[1],@XX[1]
-	and	$mask,@XX[1],@XX[1]
-	$MKX	@XX[0],$key,$TY
-	$LDX	@XX[1]($key),@TX[1]
-	$MKX	@XX[1],$key,$YY
-	ldo	1(@XX[0]),@XX[0]
-	$ST	@TX[0],0($YY)
-	bb,>=	@XX[0],`31-8`,L\$2nd	; @XX[0]<256
-	$ST	@TX[1],0($TY)
-
-	bv,n	(%r2)
-	.EXIT
-	nop
-	.PROCEND
-
-	.EXPORT	RC4_options,ENTRY
-	.ALIGN	8
-RC4_options
-	.PROC
-	.CALLINFO	NO_CALLS
-	.ENTRY
-	blr	%r0,%r28
-	ldi	3,%r1
-L\$pic
-	andcm	%r28,%r1,%r28
-	bv	(%r2)
-	.EXIT
-	ldo	L\$opts-L\$pic(%r28),%r28
-	.PROCEND
-	.ALIGN	8
-L\$opts
-	.STRINGZ "rc4(4x,`$SZ==1?"char":"int"`)"
-	.STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
-___
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/cmpib,\*/comib,/gm	if ($SIZE_T==4);
-$code =~ s/\bbv\b/bve/gm	if ($SIZE_T==8);
-
-print $code;
-close STDOUT;
diff --git a/crypto/rc4/asm/rc4-s390x.pl b/crypto/rc4/asm/rc4-s390x.pl
deleted file mode 100644
index 7528ece13c..0000000000
--- a/crypto/rc4/asm/rc4-s390x.pl
+++ /dev/null
@@ -1,234 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# February 2009
-#
-# Performance is 2x of gcc 3.4.6 on z10. Coding "secret" is to
-# "cluster" Address Generation Interlocks, so that one pipeline stall
-# resolves several dependencies.
-
-# November 2010.
-#
-# Adapt for -m31 build. If kernel supports what's called "highgprs"
-# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
-# instructions and achieve "64-bit" performance even in 31-bit legacy
-# application context. The feature is not specific to any particular
-# processor, as long as it's "z-CPU". Latter implies that the code
-# remains z/Architecture specific. On z990 it was measured to perform
-# 50% better than code generated by gcc 4.3.
-
-$flavour = shift;
-
-if ($flavour =~ /3[12]/) {
-	$SIZE_T=4;
-	$g="";
-} else {
-	$SIZE_T=8;
-	$g="g";
-}
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$rp="%r14";
-$sp="%r15";
-$code=<<___;
-.text
-
-___
-
-# void RC4(RC4_KEY *key,size_t len,const void *inp,void *out)
-{
-$acc="%r0";
-$cnt="%r1";
-$key="%r2";
-$len="%r3";
-$inp="%r4";
-$out="%r5";
-
-@XX=("%r6","%r7");
-@TX=("%r8","%r9");
-$YY="%r10";
-$TY="%r11";
-
-$code.=<<___;
-.globl	RC4
-.type	RC4,\@function
-.align	64
-RC4:
-	stm${g}	%r6,%r11,6*$SIZE_T($sp)
-___
-$code.=<<___ if ($flavour =~ /3[12]/);
-	llgfr	$len,$len
-___
-$code.=<<___;
-	llgc	$XX[0],0($key)
-	llgc	$YY,1($key)
-	la	$XX[0],1($XX[0])
-	nill	$XX[0],0xff
-	srlg	$cnt,$len,3
-	ltgr	$cnt,$cnt
-	llgc	$TX[0],2($XX[0],$key)
-	jz	.Lshort
-	j	.Loop8
-
-.align	64
-.Loop8:
-___
-for ($i=0;$i<8;$i++) {
-$code.=<<___;
-	la	$YY,0($YY,$TX[0])	# $i
-	nill	$YY,255
-	la	$XX[1],1($XX[0])
-	nill	$XX[1],255
-___
-$code.=<<___ if ($i==1);
-	llgc	$acc,2($TY,$key)
-___
-$code.=<<___ if ($i>1);
-	sllg	$acc,$acc,8
-	ic	$acc,2($TY,$key)
-___
-$code.=<<___;
-	llgc	$TY,2($YY,$key)
-	stc	$TX[0],2($YY,$key)
-	llgc	$TX[1],2($XX[1],$key)
-	stc	$TY,2($XX[0],$key)
-	cr	$XX[1],$YY
-	jne	.Lcmov$i
-	la	$TX[1],0($TX[0])
-.Lcmov$i:
-	la	$TY,0($TY,$TX[0])
-	nill	$TY,255
-___
-push(@TX,shift(@TX)); push(@XX,shift(@XX));     # "rotate" registers
-}
-
-$code.=<<___;
-	lg	$TX[1],0($inp)
-	sllg	$acc,$acc,8
-	la	$inp,8($inp)
-	ic	$acc,2($TY,$key)
-	xgr	$acc,$TX[1]
-	stg	$acc,0($out)
-	la	$out,8($out)
-	brctg	$cnt,.Loop8
-
-.Lshort:
-	lghi	$acc,7
-	ngr	$len,$acc
-	jz	.Lexit
-	j	.Loop1
-
-.align	16
-.Loop1:
-	la	$YY,0($YY,$TX[0])
-	nill	$YY,255
-	llgc	$TY,2($YY,$key)
-	stc	$TX[0],2($YY,$key)
-	stc	$TY,2($XX[0],$key)
-	ar	$TY,$TX[0]
-	ahi	$XX[0],1
-	nill	$TY,255
-	nill	$XX[0],255
-	llgc	$acc,0($inp)
-	la	$inp,1($inp)
-	llgc	$TY,2($TY,$key)
-	llgc	$TX[0],2($XX[0],$key)
-	xr	$acc,$TY
-	stc	$acc,0($out)
-	la	$out,1($out)
-	brct	$len,.Loop1
-
-.Lexit:
-	ahi	$XX[0],-1
-	stc	$XX[0],0($key)
-	stc	$YY,1($key)
-	lm${g}	%r6,%r11,6*$SIZE_T($sp)
-	br	$rp
-.size	RC4,.-RC4
-.string	"RC4 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-
-___
-}
-
-# void RC4_set_key(RC4_KEY *key,unsigned int len,const void *inp)
-{
-$cnt="%r0";
-$idx="%r1";
-$key="%r2";
-$len="%r3";
-$inp="%r4";
-$acc="%r5";
-$dat="%r6";
-$ikey="%r7";
-$iinp="%r8";
-
-$code.=<<___;
-.globl	private_RC4_set_key
-.type	private_RC4_set_key,\@function
-.align	64
-private_RC4_set_key:
-	stm${g}	%r6,%r8,6*$SIZE_T($sp)
-	lhi	$cnt,256
-	la	$idx,0(%r0)
-	sth	$idx,0($key)
-.align	4
-.L1stloop:
-	stc	$idx,2($idx,$key)
-	la	$idx,1($idx)
-	brct	$cnt,.L1stloop
-
-	lghi	$ikey,-256
-	lr	$cnt,$len
-	la	$iinp,0(%r0)
-	la	$idx,0(%r0)
-.align	16
-.L2ndloop:
-	llgc	$acc,2+256($ikey,$key)
-	llgc	$dat,0($iinp,$inp)
-	la	$idx,0($idx,$acc)
-	la	$ikey,1($ikey)
-	la	$idx,0($idx,$dat)
-	nill	$idx,255
-	la	$iinp,1($iinp)
-	tml	$ikey,255
-	llgc	$dat,2($idx,$key)
-	stc	$dat,2+256-1($ikey,$key)
-	stc	$acc,2($idx,$key)
-	jz	.Ldone
-	brct	$cnt,.L2ndloop
-	lr	$cnt,$len
-	la	$iinp,0(%r0)
-	j	.L2ndloop
-.Ldone:
-	lm${g}	%r6,%r8,6*$SIZE_T($sp)
-	br	$rp
-.size	private_RC4_set_key,.-private_RC4_set_key
-
-___
-}
-
-# const char *RC4_options()
-$code.=<<___;
-.globl	RC4_options
-.type	RC4_options,\@function
-.align	16
-RC4_options:
-	larl	%r2,.Loptions
-	br	%r14
-.size	RC4_options,.-RC4_options
-.section	.rodata
-.Loptions:
-.align	8
-.string	"rc4(8x,char)"
-___
-
-print $code;
-close STDOUT;	# force flush
diff --git a/crypto/rc4/asm/rc4-x86_64.S b/crypto/rc4/asm/rc4-x86_64.S
deleted file mode 100644
index af161582aa..0000000000
--- a/crypto/rc4/asm/rc4-x86_64.S
+++ /dev/null
@@ -1,615 +0,0 @@
-.text	
-
-
-.globl	RC4
-.type	RC4,@function
-.align	16
-RC4:	orq	%rsi,%rsi
-	jne	.Lentry
-	.byte	0xf3,0xc3
-.Lentry:
-	pushq	%rbx
-	pushq	%r12
-	pushq	%r13
-.Lprologue:
-	movq	%rsi,%r11
-	movq	%rdx,%r12
-	movq	%rcx,%r13
-	xorq	%r10,%r10
-	xorq	%rcx,%rcx
-
-	leaq	8(%rdi),%rdi
-	movb	-8(%rdi),%r10b
-	movb	-4(%rdi),%cl
-	cmpl	$-1,256(%rdi)
-	je	.LRC4_CHAR
-	movl	OPENSSL_ia32cap_P(%rip),%r8d
-	xorq	%rbx,%rbx
-	incb	%r10b
-	subq	%r10,%rbx
-	subq	%r12,%r13
-	movl	(%rdi,%r10,4),%eax
-	testq	$-16,%r11
-	jz	.Lloop1
-	btl	$30,%r8d
-	jc	.Lintel
-	andq	$7,%rbx
-	leaq	1(%r10),%rsi
-	jz	.Loop8
-	subq	%rbx,%r11
-.Loop8_warmup:
-	addb	%al,%cl
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	movl	%edx,(%rdi,%r10,4)
-	addb	%dl,%al
-	incb	%r10b
-	movl	(%rdi,%rax,4),%edx
-	movl	(%rdi,%r10,4),%eax
-	xorb	(%r12),%dl
-	movb	%dl,(%r13,%r12,1)
-	leaq	1(%r12),%r12
-	decq	%rbx
-	jnz	.Loop8_warmup
-
-	leaq	1(%r10),%rsi
-	jmp	.Loop8
-.align	16
-.Loop8:
-	addb	%al,%cl
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	movl	0(%rdi,%rsi,4),%ebx
-	rorq	$8,%r8
-	movl	%edx,0(%rdi,%r10,4)
-	addb	%al,%dl
-	movb	(%rdi,%rdx,4),%r8b
-	addb	%bl,%cl
-	movl	(%rdi,%rcx,4),%edx
-	movl	%ebx,(%rdi,%rcx,4)
-	movl	4(%rdi,%rsi,4),%eax
-	rorq	$8,%r8
-	movl	%edx,4(%rdi,%r10,4)
-	addb	%bl,%dl
-	movb	(%rdi,%rdx,4),%r8b
-	addb	%al,%cl
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	movl	8(%rdi,%rsi,4),%ebx
-	rorq	$8,%r8
-	movl	%edx,8(%rdi,%r10,4)
-	addb	%al,%dl
-	movb	(%rdi,%rdx,4),%r8b
-	addb	%bl,%cl
-	movl	(%rdi,%rcx,4),%edx
-	movl	%ebx,(%rdi,%rcx,4)
-	movl	12(%rdi,%rsi,4),%eax
-	rorq	$8,%r8
-	movl	%edx,12(%rdi,%r10,4)
-	addb	%bl,%dl
-	movb	(%rdi,%rdx,4),%r8b
-	addb	%al,%cl
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	movl	16(%rdi,%rsi,4),%ebx
-	rorq	$8,%r8
-	movl	%edx,16(%rdi,%r10,4)
-	addb	%al,%dl
-	movb	(%rdi,%rdx,4),%r8b
-	addb	%bl,%cl
-	movl	(%rdi,%rcx,4),%edx
-	movl	%ebx,(%rdi,%rcx,4)
-	movl	20(%rdi,%rsi,4),%eax
-	rorq	$8,%r8
-	movl	%edx,20(%rdi,%r10,4)
-	addb	%bl,%dl
-	movb	(%rdi,%rdx,4),%r8b
-	addb	%al,%cl
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	movl	24(%rdi,%rsi,4),%ebx
-	rorq	$8,%r8
-	movl	%edx,24(%rdi,%r10,4)
-	addb	%al,%dl
-	movb	(%rdi,%rdx,4),%r8b
-	addb	$8,%sil
-	addb	%bl,%cl
-	movl	(%rdi,%rcx,4),%edx
-	movl	%ebx,(%rdi,%rcx,4)
-	movl	-4(%rdi,%rsi,4),%eax
-	rorq	$8,%r8
-	movl	%edx,28(%rdi,%r10,4)
-	addb	%bl,%dl
-	movb	(%rdi,%rdx,4),%r8b
-	addb	$8,%r10b
-	rorq	$8,%r8
-	subq	$8,%r11
-
-	xorq	(%r12),%r8
-	movq	%r8,(%r13,%r12,1)
-	leaq	8(%r12),%r12
-
-	testq	$-8,%r11
-	jnz	.Loop8
-	cmpq	$0,%r11
-	jne	.Lloop1
-	jmp	.Lexit
-
-.align	16
-.Lintel:
-	testq	$-32,%r11
-	jz	.Lloop1
-	andq	$15,%rbx
-	jz	.Loop16_is_hot
-	subq	%rbx,%r11
-.Loop16_warmup:
-	addb	%al,%cl
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	movl	%edx,(%rdi,%r10,4)
-	addb	%dl,%al
-	incb	%r10b
-	movl	(%rdi,%rax,4),%edx
-	movl	(%rdi,%r10,4),%eax
-	xorb	(%r12),%dl
-	movb	%dl,(%r13,%r12,1)
-	leaq	1(%r12),%r12
-	decq	%rbx
-	jnz	.Loop16_warmup
-
-	movq	%rcx,%rbx
-	xorq	%rcx,%rcx
-	movb	%bl,%cl
-
-.Loop16_is_hot:
-	leaq	(%rdi,%r10,4),%rsi
-	addb	%al,%cl
-	movl	(%rdi,%rcx,4),%edx
-	pxor	%xmm0,%xmm0
-	movl	%eax,(%rdi,%rcx,4)
-	addb	%dl,%al
-	movl	4(%rsi),%ebx
-	movzbl	%al,%eax
-	movl	%edx,0(%rsi)
-	addb	%bl,%cl
-	pinsrw	$0,(%rdi,%rax,4),%xmm0
-	jmp	.Loop16_enter
-.align	16
-.Loop16:
-	addb	%al,%cl
-	movl	(%rdi,%rcx,4),%edx
-	pxor	%xmm0,%xmm2
-	psllq	$8,%xmm1
-	pxor	%xmm0,%xmm0
-	movl	%eax,(%rdi,%rcx,4)
-	addb	%dl,%al
-	movl	4(%rsi),%ebx
-	movzbl	%al,%eax
-	movl	%edx,0(%rsi)
-	pxor	%xmm1,%xmm2
-	addb	%bl,%cl
-	pinsrw	$0,(%rdi,%rax,4),%xmm0
-	movdqu	%xmm2,(%r13,%r12,1)
-	leaq	16(%r12),%r12
-.Loop16_enter:
-	movl	(%rdi,%rcx,4),%edx
-	pxor	%xmm1,%xmm1
-	movl	%ebx,(%rdi,%rcx,4)
-	addb	%dl,%bl
-	movl	8(%rsi),%eax
-	movzbl	%bl,%ebx
-	movl	%edx,4(%rsi)
-	addb	%al,%cl
-	pinsrw	$0,(%rdi,%rbx,4),%xmm1
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	addb	%dl,%al
-	movl	12(%rsi),%ebx
-	movzbl	%al,%eax
-	movl	%edx,8(%rsi)
-	addb	%bl,%cl
-	pinsrw	$1,(%rdi,%rax,4),%xmm0
-	movl	(%rdi,%rcx,4),%edx
-	movl	%ebx,(%rdi,%rcx,4)
-	addb	%dl,%bl
-	movl	16(%rsi),%eax
-	movzbl	%bl,%ebx
-	movl	%edx,12(%rsi)
-	addb	%al,%cl
-	pinsrw	$1,(%rdi,%rbx,4),%xmm1
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	addb	%dl,%al
-	movl	20(%rsi),%ebx
-	movzbl	%al,%eax
-	movl	%edx,16(%rsi)
-	addb	%bl,%cl
-	pinsrw	$2,(%rdi,%rax,4),%xmm0
-	movl	(%rdi,%rcx,4),%edx
-	movl	%ebx,(%rdi,%rcx,4)
-	addb	%dl,%bl
-	movl	24(%rsi),%eax
-	movzbl	%bl,%ebx
-	movl	%edx,20(%rsi)
-	addb	%al,%cl
-	pinsrw	$2,(%rdi,%rbx,4),%xmm1
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	addb	%dl,%al
-	movl	28(%rsi),%ebx
-	movzbl	%al,%eax
-	movl	%edx,24(%rsi)
-	addb	%bl,%cl
-	pinsrw	$3,(%rdi,%rax,4),%xmm0
-	movl	(%rdi,%rcx,4),%edx
-	movl	%ebx,(%rdi,%rcx,4)
-	addb	%dl,%bl
-	movl	32(%rsi),%eax
-	movzbl	%bl,%ebx
-	movl	%edx,28(%rsi)
-	addb	%al,%cl
-	pinsrw	$3,(%rdi,%rbx,4),%xmm1
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	addb	%dl,%al
-	movl	36(%rsi),%ebx
-	movzbl	%al,%eax
-	movl	%edx,32(%rsi)
-	addb	%bl,%cl
-	pinsrw	$4,(%rdi,%rax,4),%xmm0
-	movl	(%rdi,%rcx,4),%edx
-	movl	%ebx,(%rdi,%rcx,4)
-	addb	%dl,%bl
-	movl	40(%rsi),%eax
-	movzbl	%bl,%ebx
-	movl	%edx,36(%rsi)
-	addb	%al,%cl
-	pinsrw	$4,(%rdi,%rbx,4),%xmm1
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	addb	%dl,%al
-	movl	44(%rsi),%ebx
-	movzbl	%al,%eax
-	movl	%edx,40(%rsi)
-	addb	%bl,%cl
-	pinsrw	$5,(%rdi,%rax,4),%xmm0
-	movl	(%rdi,%rcx,4),%edx
-	movl	%ebx,(%rdi,%rcx,4)
-	addb	%dl,%bl
-	movl	48(%rsi),%eax
-	movzbl	%bl,%ebx
-	movl	%edx,44(%rsi)
-	addb	%al,%cl
-	pinsrw	$5,(%rdi,%rbx,4),%xmm1
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	addb	%dl,%al
-	movl	52(%rsi),%ebx
-	movzbl	%al,%eax
-	movl	%edx,48(%rsi)
-	addb	%bl,%cl
-	pinsrw	$6,(%rdi,%rax,4),%xmm0
-	movl	(%rdi,%rcx,4),%edx
-	movl	%ebx,(%rdi,%rcx,4)
-	addb	%dl,%bl
-	movl	56(%rsi),%eax
-	movzbl	%bl,%ebx
-	movl	%edx,52(%rsi)
-	addb	%al,%cl
-	pinsrw	$6,(%rdi,%rbx,4),%xmm1
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	addb	%dl,%al
-	movl	60(%rsi),%ebx
-	movzbl	%al,%eax
-	movl	%edx,56(%rsi)
-	addb	%bl,%cl
-	pinsrw	$7,(%rdi,%rax,4),%xmm0
-	addb	$16,%r10b
-	movdqu	(%r12),%xmm2
-	movl	(%rdi,%rcx,4),%edx
-	movl	%ebx,(%rdi,%rcx,4)
-	addb	%dl,%bl
-	movzbl	%bl,%ebx
-	movl	%edx,60(%rsi)
-	leaq	(%rdi,%r10,4),%rsi
-	pinsrw	$7,(%rdi,%rbx,4),%xmm1
-	movl	(%rsi),%eax
-	movq	%rcx,%rbx
-	xorq	%rcx,%rcx
-	subq	$16,%r11
-	movb	%bl,%cl
-	testq	$-16,%r11
-	jnz	.Loop16
-
-	psllq	$8,%xmm1
-	pxor	%xmm0,%xmm2
-	pxor	%xmm1,%xmm2
-	movdqu	%xmm2,(%r13,%r12,1)
-	leaq	16(%r12),%r12
-
-	cmpq	$0,%r11
-	jne	.Lloop1
-	jmp	.Lexit
-
-.align	16
-.Lloop1:
-	addb	%al,%cl
-	movl	(%rdi,%rcx,4),%edx
-	movl	%eax,(%rdi,%rcx,4)
-	movl	%edx,(%rdi,%r10,4)
-	addb	%dl,%al
-	incb	%r10b
-	movl	(%rdi,%rax,4),%edx
-	movl	(%rdi,%r10,4),%eax
-	xorb	(%r12),%dl
-	movb	%dl,(%r13,%r12,1)
-	leaq	1(%r12),%r12
-	decq	%r11
-	jnz	.Lloop1
-	jmp	.Lexit
-
-.align	16
-.LRC4_CHAR:
-	addb	$1,%r10b
-	movzbl	(%rdi,%r10,1),%eax
-	testq	$-8,%r11
-	jz	.Lcloop1
-	jmp	.Lcloop8
-.align	16
-.Lcloop8:
-	movl	(%r12),%r8d
-	movl	4(%r12),%r9d
-	addb	%al,%cl
-	leaq	1(%r10),%rsi
-	movzbl	(%rdi,%rcx,1),%edx
-	movzbl	%sil,%esi
-	movzbl	(%rdi,%rsi,1),%ebx
-	movb	%al,(%rdi,%rcx,1)
-	cmpq	%rsi,%rcx
-	movb	%dl,(%rdi,%r10,1)
-	jne	.Lcmov0			
-	movq	%rax,%rbx
-.Lcmov0:
-	addb	%al,%dl
-	xorb	(%rdi,%rdx,1),%r8b
-	rorl	$8,%r8d
-	addb	%bl,%cl
-	leaq	1(%rsi),%r10
-	movzbl	(%rdi,%rcx,1),%edx
-	movzbl	%r10b,%r10d
-	movzbl	(%rdi,%r10,1),%eax
-	movb	%bl,(%rdi,%rcx,1)
-	cmpq	%r10,%rcx
-	movb	%dl,(%rdi,%rsi,1)
-	jne	.Lcmov1			
-	movq	%rbx,%rax
-.Lcmov1:
-	addb	%bl,%dl
-	xorb	(%rdi,%rdx,1),%r8b
-	rorl	$8,%r8d
-	addb	%al,%cl
-	leaq	1(%r10),%rsi
-	movzbl	(%rdi,%rcx,1),%edx
-	movzbl	%sil,%esi
-	movzbl	(%rdi,%rsi,1),%ebx
-	movb	%al,(%rdi,%rcx,1)
-	cmpq	%rsi,%rcx
-	movb	%dl,(%rdi,%r10,1)
-	jne	.Lcmov2			
-	movq	%rax,%rbx
-.Lcmov2:
-	addb	%al,%dl
-	xorb	(%rdi,%rdx,1),%r8b
-	rorl	$8,%r8d
-	addb	%bl,%cl
-	leaq	1(%rsi),%r10
-	movzbl	(%rdi,%rcx,1),%edx
-	movzbl	%r10b,%r10d
-	movzbl	(%rdi,%r10,1),%eax
-	movb	%bl,(%rdi,%rcx,1)
-	cmpq	%r10,%rcx
-	movb	%dl,(%rdi,%rsi,1)
-	jne	.Lcmov3			
-	movq	%rbx,%rax
-.Lcmov3:
-	addb	%bl,%dl
-	xorb	(%rdi,%rdx,1),%r8b
-	rorl	$8,%r8d
-	addb	%al,%cl
-	leaq	1(%r10),%rsi
-	movzbl	(%rdi,%rcx,1),%edx
-	movzbl	%sil,%esi
-	movzbl	(%rdi,%rsi,1),%ebx
-	movb	%al,(%rdi,%rcx,1)
-	cmpq	%rsi,%rcx
-	movb	%dl,(%rdi,%r10,1)
-	jne	.Lcmov4			
-	movq	%rax,%rbx
-.Lcmov4:
-	addb	%al,%dl
-	xorb	(%rdi,%rdx,1),%r9b
-	rorl	$8,%r9d
-	addb	%bl,%cl
-	leaq	1(%rsi),%r10
-	movzbl	(%rdi,%rcx,1),%edx
-	movzbl	%r10b,%r10d
-	movzbl	(%rdi,%r10,1),%eax
-	movb	%bl,(%rdi,%rcx,1)
-	cmpq	%r10,%rcx
-	movb	%dl,(%rdi,%rsi,1)
-	jne	.Lcmov5			
-	movq	%rbx,%rax
-.Lcmov5:
-	addb	%bl,%dl
-	xorb	(%rdi,%rdx,1),%r9b
-	rorl	$8,%r9d
-	addb	%al,%cl
-	leaq	1(%r10),%rsi
-	movzbl	(%rdi,%rcx,1),%edx
-	movzbl	%sil,%esi
-	movzbl	(%rdi,%rsi,1),%ebx
-	movb	%al,(%rdi,%rcx,1)
-	cmpq	%rsi,%rcx
-	movb	%dl,(%rdi,%r10,1)
-	jne	.Lcmov6			
-	movq	%rax,%rbx
-.Lcmov6:
-	addb	%al,%dl
-	xorb	(%rdi,%rdx,1),%r9b
-	rorl	$8,%r9d
-	addb	%bl,%cl
-	leaq	1(%rsi),%r10
-	movzbl	(%rdi,%rcx,1),%edx
-	movzbl	%r10b,%r10d
-	movzbl	(%rdi,%r10,1),%eax
-	movb	%bl,(%rdi,%rcx,1)
-	cmpq	%r10,%rcx
-	movb	%dl,(%rdi,%rsi,1)
-	jne	.Lcmov7			
-	movq	%rbx,%rax
-.Lcmov7:
-	addb	%bl,%dl
-	xorb	(%rdi,%rdx,1),%r9b
-	rorl	$8,%r9d
-	leaq	-8(%r11),%r11
-	movl	%r8d,(%r13)
-	leaq	8(%r12),%r12
-	movl	%r9d,4(%r13)
-	leaq	8(%r13),%r13
-
-	testq	$-8,%r11
-	jnz	.Lcloop8
-	cmpq	$0,%r11
-	jne	.Lcloop1
-	jmp	.Lexit
-.align	16
-.Lcloop1:
-	addb	%al,%cl
-	movzbl	%cl,%ecx
-	movzbl	(%rdi,%rcx,1),%edx
-	movb	%al,(%rdi,%rcx,1)
-	movb	%dl,(%rdi,%r10,1)
-	addb	%al,%dl
-	addb	$1,%r10b
-	movzbl	%dl,%edx
-	movzbl	%r10b,%r10d
-	movzbl	(%rdi,%rdx,1),%edx
-	movzbl	(%rdi,%r10,1),%eax
-	xorb	(%r12),%dl
-	leaq	1(%r12),%r12
-	movb	%dl,(%r13)
-	leaq	1(%r13),%r13
-	subq	$1,%r11
-	jnz	.Lcloop1
-	jmp	.Lexit
-
-.align	16
-.Lexit:
-	subb	$1,%r10b
-	movl	%r10d,-8(%rdi)
-	movl	%ecx,-4(%rdi)
-
-	movq	(%rsp),%r13
-	movq	8(%rsp),%r12
-	movq	16(%rsp),%rbx
-	addq	$24,%rsp
-.Lepilogue:
-	.byte	0xf3,0xc3
-.size	RC4,.-RC4
-.globl	private_RC4_set_key
-.type	private_RC4_set_key,@function
-.align	16
-private_RC4_set_key:
-	leaq	8(%rdi),%rdi
-	leaq	(%rdx,%rsi,1),%rdx
-	negq	%rsi
-	movq	%rsi,%rcx
-	xorl	%eax,%eax
-	xorq	%r9,%r9
-	xorq	%r10,%r10
-	xorq	%r11,%r11
-
-	movl	OPENSSL_ia32cap_P(%rip),%r8d
-	btl	$20,%r8d
-	jc	.Lc1stloop
-	jmp	.Lw1stloop
-
-.align	16
-.Lw1stloop:
-	movl	%eax,(%rdi,%rax,4)
-	addb	$1,%al
-	jnc	.Lw1stloop
-
-	xorq	%r9,%r9
-	xorq	%r8,%r8
-.align	16
-.Lw2ndloop:
-	movl	(%rdi,%r9,4),%r10d
-	addb	(%rdx,%rsi,1),%r8b
-	addb	%r10b,%r8b
-	addq	$1,%rsi
-	movl	(%rdi,%r8,4),%r11d
-	cmovzq	%rcx,%rsi
-	movl	%r10d,(%rdi,%r8,4)
-	movl	%r11d,(%rdi,%r9,4)
-	addb	$1,%r9b
-	jnc	.Lw2ndloop
-	jmp	.Lexit_key
-
-.align	16
-.Lc1stloop:
-	movb	%al,(%rdi,%rax,1)
-	addb	$1,%al
-	jnc	.Lc1stloop
-
-	xorq	%r9,%r9
-	xorq	%r8,%r8
-.align	16
-.Lc2ndloop:
-	movb	(%rdi,%r9,1),%r10b
-	addb	(%rdx,%rsi,1),%r8b
-	addb	%r10b,%r8b
-	addq	$1,%rsi
-	movb	(%rdi,%r8,1),%r11b
-	jnz	.Lcnowrap
-	movq	%rcx,%rsi
-.Lcnowrap:
-	movb	%r10b,(%rdi,%r8,1)
-	movb	%r11b,(%rdi,%r9,1)
-	addb	$1,%r9b
-	jnc	.Lc2ndloop
-	movl	$-1,256(%rdi)
-
-.align	16
-.Lexit_key:
-	xorl	%eax,%eax
-	movl	%eax,-8(%rdi)
-	movl	%eax,-4(%rdi)
-	.byte	0xf3,0xc3
-.size	private_RC4_set_key,.-private_RC4_set_key
-
-.globl	RC4_options
-.type	RC4_options,@function
-.align	16
-RC4_options:
-	leaq	.Lopts(%rip),%rax
-	movl	OPENSSL_ia32cap_P(%rip),%edx
-	btl	$20,%edx
-	jc	.L8xchar
-	btl	$30,%edx
-	jnc	.Ldone
-	addq	$25,%rax
-	.byte	0xf3,0xc3
-.L8xchar:
-	addq	$12,%rax
-.Ldone:
-	.byte	0xf3,0xc3
-.align	64
-.Lopts:
-.byte	114,99,52,40,56,120,44,105,110,116,41,0
-.byte	114,99,52,40,56,120,44,99,104,97,114,41,0
-.byte	114,99,52,40,49,54,120,44,105,110,116,41,0
-.byte	82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.align	64
-.size	RC4_options,.-RC4_options
diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl
deleted file mode 100644
index 20722d3e72..0000000000
--- a/crypto/rc4/asm/rc4-x86_64.pl
+++ /dev/null
@@ -1,677 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# July 2004
-#
-# 2.22x RC4 tune-up:-) It should be noted though that my hand [as in
-# "hand-coded assembler"] doesn't stand for the whole improvement
-# coefficient. It turned out that eliminating RC4_CHAR from config
-# line results in ~40% improvement (yes, even for C implementation).
-# Presumably it has everything to do with AMD cache architecture and
-# RAW or whatever penalties. Once again! The module *requires* config
-# line *without* RC4_CHAR! As for coding "secret," I bet on partial
-# register arithmetics. For example instead of 'inc %r8; and $255,%r8'
-# I simply 'inc %r8b'. Even though optimization manual discourages
-# to operate on partial registers, it turned out to be the best bet.
-# At least for AMD... How IA32E would perform remains to be seen...
-
-# November 2004
-#
-# As was shown by Marc Bevand reordering of couple of load operations
-# results in even higher performance gain of 3.3x:-) At least on
-# Opteron... For reference, 1x in this case is RC4_CHAR C-code
-# compiled with gcc 3.3.2, which performs at ~54MBps per 1GHz clock.
-# Latter means that if you want to *estimate* what to expect from
-# *your* Opteron, then multiply 54 by 3.3 and clock frequency in GHz.
-
-# November 2004
-#
-# Intel P4 EM64T core was found to run the AMD64 code really slow...
-# The only way to achieve comparable performance on P4 was to keep
-# RC4_CHAR. Kind of ironic, huh? As it's apparently impossible to
-# compose blended code, which would perform even within 30% marginal
-# on either AMD and Intel platforms, I implement both cases. See
-# rc4_skey.c for further details...
-
-# April 2005
-#
-# P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing 
-# those with add/sub results in 50% performance improvement of folded
-# loop...
-
-# May 2005
-#
-# As was shown by Zou Nanhai loop unrolling can improve Intel EM64T
-# performance by >30% [unlike P4 32-bit case that is]. But this is
-# provided that loads are reordered even more aggressively! Both code
-# pathes, AMD64 and EM64T, reorder loads in essentially same manner
-# as my IA-64 implementation. On Opteron this resulted in modest 5%
-# improvement [I had to test it], while final Intel P4 performance
-# achieves respectful 432MBps on 2.8GHz processor now. For reference.
-# If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than
-# RC4_INT code-path. While if executed on Opteron, it's only 25%
-# slower than the RC4_INT one [meaning that if CPU µ-arch detection
-# is not implemented, then this final RC4_CHAR code-path should be
-# preferred, as it provides better *all-round* performance].
-
-# March 2007
-#
-# Intel Core2 was observed to perform poorly on both code paths:-( It
-# apparently suffers from some kind of partial register stall, which
-# occurs in 64-bit mode only [as virtually identical 32-bit loop was
-# observed to outperform 64-bit one by almost 50%]. Adding two movzb to
-# cloop1 boosts its performance by 80%! This loop appears to be optimal
-# fit for Core2 and therefore the code was modified to skip cloop8 on
-# this CPU.
-
-# May 2010
-#
-# Intel Westmere was observed to perform suboptimally. Adding yet
-# another movzb to cloop1 improved performance by almost 50%! Core2
-# performance is improved too, but nominally...
-
-# May 2011
-#
-# The only code path that was not modified is P4-specific one. Non-P4
-# Intel code path optimization is heavily based on submission by Maxim
-# Perminov, Maxim Locktyukhin and Jim Guilford of Intel. I've used
-# some of the ideas even in attempt to optmize the original RC4_INT
-# code path... Current performance in cycles per processed byte (less
-# is better) and improvement coefficients relative to previous
-# version of this module are:
-#
-# Opteron	5.3/+0%(*)
-# P4		6.5
-# Core2		6.2/+15%(**)
-# Westmere	4.2/+60%
-# Sandy Bridge	4.2/+120%
-# Atom		9.3/+80%
-#
-# (*)	But corresponding loop has less instructions, which should have
-#	positive effect on upcoming Bulldozer, which has one less ALU.
-#	For reference, Intel code runs at 6.8 cpb rate on Opteron.
-# (**)	Note that Core2 result is ~15% lower than corresponding result
-#	for 32-bit code, meaning that it's possible to improve it,
-#	but more than likely at the cost of the others (see rc4-586.pl
-#	to get the idea)...
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-$dat="%rdi";	    # arg1
-$len="%rsi";	    # arg2
-$inp="%rdx";	    # arg3
-$out="%rcx";	    # arg4
-
-{
-$code=<<___;
-.text
-.extern	OPENSSL_ia32cap_P
-
-.globl	RC4
-.type	RC4,\@function,4
-.align	16
-RC4:	or	$len,$len
-	jne	.Lentry
-	ret
-.Lentry:
-	push	%rbx
-	push	%r12
-	push	%r13
-.Lprologue:
-	mov	$len,%r11
-	mov	$inp,%r12
-	mov	$out,%r13
-___
-my $len="%r11";		# reassign input arguments
-my $inp="%r12";
-my $out="%r13";
-
-my @XX=("%r10","%rsi");
-my @TX=("%rax","%rbx");
-my $YY="%rcx";
-my $TY="%rdx";
-
-$code.=<<___;
-	xor	$XX[0],$XX[0]
-	xor	$YY,$YY
-
-	lea	8($dat),$dat
-	mov	-8($dat),$XX[0]#b
-	mov	-4($dat),$YY#b
-	cmpl	\$-1,256($dat)
-	je	.LRC4_CHAR
-	mov	OPENSSL_ia32cap_P(%rip),%r8d
-	xor	$TX[1],$TX[1]
-	inc	$XX[0]#b
-	sub	$XX[0],$TX[1]
-	sub	$inp,$out
-	movl	($dat,$XX[0],4),$TX[0]#d
-	test	\$-16,$len
-	jz	.Lloop1
-	bt	\$30,%r8d	# Intel CPU?
-	jc	.Lintel
-	and	\$7,$TX[1]
-	lea	1($XX[0]),$XX[1]
-	jz	.Loop8
-	sub	$TX[1],$len
-.Loop8_warmup:
-	add	$TX[0]#b,$YY#b
-	movl	($dat,$YY,4),$TY#d
-	movl	$TX[0]#d,($dat,$YY,4)
-	movl	$TY#d,($dat,$XX[0],4)
-	add	$TY#b,$TX[0]#b
-	inc	$XX[0]#b
-	movl	($dat,$TX[0],4),$TY#d
-	movl	($dat,$XX[0],4),$TX[0]#d
-	xorb	($inp),$TY#b
-	movb	$TY#b,($out,$inp)
-	lea	1($inp),$inp
-	dec	$TX[1]
-	jnz	.Loop8_warmup
-
-	lea	1($XX[0]),$XX[1]
-	jmp	.Loop8
-.align	16
-.Loop8:
-___
-for ($i=0;$i<8;$i++) {
-$code.=<<___ if ($i==7);
-	add	\$8,$XX[1]#b
-___
-$code.=<<___;
-	add	$TX[0]#b,$YY#b
-	movl	($dat,$YY,4),$TY#d
-	movl	$TX[0]#d,($dat,$YY,4)
-	movl	`4*($i==7?-1:$i)`($dat,$XX[1],4),$TX[1]#d
-	ror	\$8,%r8				# ror is redundant when $i=0
-	movl	$TY#d,4*$i($dat,$XX[0],4)
-	add	$TX[0]#b,$TY#b
-	movb	($dat,$TY,4),%r8b
-___
-push(@TX,shift(@TX)); #push(@XX,shift(@XX));	# "rotate" registers
-}
-$code.=<<___;
-	add	\$8,$XX[0]#b
-	ror	\$8,%r8
-	sub	\$8,$len
-
-	xor	($inp),%r8
-	mov	%r8,($out,$inp)
-	lea	8($inp),$inp
-
-	test	\$-8,$len
-	jnz	.Loop8
-	cmp	\$0,$len
-	jne	.Lloop1
-	jmp	.Lexit
-
-.align	16
-.Lintel:
-	test	\$-32,$len
-	jz	.Lloop1
-	and	\$15,$TX[1]
-	jz	.Loop16_is_hot
-	sub	$TX[1],$len
-.Loop16_warmup:
-	add	$TX[0]#b,$YY#b
-	movl	($dat,$YY,4),$TY#d
-	movl	$TX[0]#d,($dat,$YY,4)
-	movl	$TY#d,($dat,$XX[0],4)
-	add	$TY#b,$TX[0]#b
-	inc	$XX[0]#b
-	movl	($dat,$TX[0],4),$TY#d
-	movl	($dat,$XX[0],4),$TX[0]#d
-	xorb	($inp),$TY#b
-	movb	$TY#b,($out,$inp)
-	lea	1($inp),$inp
-	dec	$TX[1]
-	jnz	.Loop16_warmup
-
-	mov	$YY,$TX[1]
-	xor	$YY,$YY
-	mov	$TX[1]#b,$YY#b
-
-.Loop16_is_hot:
-	lea	($dat,$XX[0],4),$XX[1]
-___
-sub RC4_loop {
-  my $i=shift;
-  my $j=$i<0?0:$i;
-  my $xmm="%xmm".($j&1);
-
-    $code.="	add	\$16,$XX[0]#b\n"		if ($i==15);
-    $code.="	movdqu	($inp),%xmm2\n"			if ($i==15);
-    $code.="	add	$TX[0]#b,$YY#b\n"		if ($i<=0);
-    $code.="	movl	($dat,$YY,4),$TY#d\n";
-    $code.="	pxor	%xmm0,%xmm2\n"			if ($i==0);
-    $code.="	psllq	\$8,%xmm1\n"			if ($i==0);
-    $code.="	pxor	$xmm,$xmm\n"			if ($i<=1);
-    $code.="	movl	$TX[0]#d,($dat,$YY,4)\n";
-    $code.="	add	$TY#b,$TX[0]#b\n";
-    $code.="	movl	`4*($j+1)`($XX[1]),$TX[1]#d\n"	if ($i<15);
-    $code.="	movz	$TX[0]#b,$TX[0]#d\n";
-    $code.="	movl	$TY#d,4*$j($XX[1])\n";
-    $code.="	pxor	%xmm1,%xmm2\n"			if ($i==0);
-    $code.="	lea	($dat,$XX[0],4),$XX[1]\n"	if ($i==15);
-    $code.="	add	$TX[1]#b,$YY#b\n"		if ($i<15);
-    $code.="	pinsrw	\$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n";
-    $code.="	movdqu	%xmm2,($out,$inp)\n"		if ($i==0);
-    $code.="	lea	16($inp),$inp\n"		if ($i==0);
-    $code.="	movl	($XX[1]),$TX[1]#d\n"		if ($i==15);
-}
-	RC4_loop(-1);
-$code.=<<___;
-	jmp	.Loop16_enter
-.align	16
-.Loop16:
-___
-
-for ($i=0;$i<16;$i++) {
-    $code.=".Loop16_enter:\n"		if ($i==1);
-	RC4_loop($i);
-	push(@TX,shift(@TX)); 		# "rotate" registers
-}
-$code.=<<___;
-	mov	$YY,$TX[1]
-	xor	$YY,$YY			# keyword to partial register
-	sub	\$16,$len
-	mov	$TX[1]#b,$YY#b
-	test	\$-16,$len
-	jnz	.Loop16
-
-	psllq	\$8,%xmm1
-	pxor	%xmm0,%xmm2
-	pxor	%xmm1,%xmm2
-	movdqu	%xmm2,($out,$inp)
-	lea	16($inp),$inp
-
-	cmp	\$0,$len
-	jne	.Lloop1
-	jmp	.Lexit
-
-.align	16
-.Lloop1:
-	add	$TX[0]#b,$YY#b
-	movl	($dat,$YY,4),$TY#d
-	movl	$TX[0]#d,($dat,$YY,4)
-	movl	$TY#d,($dat,$XX[0],4)
-	add	$TY#b,$TX[0]#b
-	inc	$XX[0]#b
-	movl	($dat,$TX[0],4),$TY#d
-	movl	($dat,$XX[0],4),$TX[0]#d
-	xorb	($inp),$TY#b
-	movb	$TY#b,($out,$inp)
-	lea	1($inp),$inp
-	dec	$len
-	jnz	.Lloop1
-	jmp	.Lexit
-
-.align	16
-.LRC4_CHAR:
-	add	\$1,$XX[0]#b
-	movzb	($dat,$XX[0]),$TX[0]#d
-	test	\$-8,$len
-	jz	.Lcloop1
-	jmp	.Lcloop8
-.align	16
-.Lcloop8:
-	mov	($inp),%r8d
-	mov	4($inp),%r9d
-___
-# unroll 2x4-wise, because 64-bit rotates kill Intel P4...
-for ($i=0;$i<4;$i++) {
-$code.=<<___;
-	add	$TX[0]#b,$YY#b
-	lea	1($XX[0]),$XX[1]
-	movzb	($dat,$YY),$TY#d
-	movzb	$XX[1]#b,$XX[1]#d
-	movzb	($dat,$XX[1]),$TX[1]#d
-	movb	$TX[0]#b,($dat,$YY)
-	cmp	$XX[1],$YY
-	movb	$TY#b,($dat,$XX[0])
-	jne	.Lcmov$i			# Intel cmov is sloooow...
-	mov	$TX[0],$TX[1]
-.Lcmov$i:
-	add	$TX[0]#b,$TY#b
-	xor	($dat,$TY),%r8b
-	ror	\$8,%r8d
-___
-push(@TX,shift(@TX)); push(@XX,shift(@XX));	# "rotate" registers
-}
-for ($i=4;$i<8;$i++) {
-$code.=<<___;
-	add	$TX[0]#b,$YY#b
-	lea	1($XX[0]),$XX[1]
-	movzb	($dat,$YY),$TY#d
-	movzb	$XX[1]#b,$XX[1]#d
-	movzb	($dat,$XX[1]),$TX[1]#d
-	movb	$TX[0]#b,($dat,$YY)
-	cmp	$XX[1],$YY
-	movb	$TY#b,($dat,$XX[0])
-	jne	.Lcmov$i			# Intel cmov is sloooow...
-	mov	$TX[0],$TX[1]
-.Lcmov$i:
-	add	$TX[0]#b,$TY#b
-	xor	($dat,$TY),%r9b
-	ror	\$8,%r9d
-___
-push(@TX,shift(@TX)); push(@XX,shift(@XX));	# "rotate" registers
-}
-$code.=<<___;
-	lea	-8($len),$len
-	mov	%r8d,($out)
-	lea	8($inp),$inp
-	mov	%r9d,4($out)
-	lea	8($out),$out
-
-	test	\$-8,$len
-	jnz	.Lcloop8
-	cmp	\$0,$len
-	jne	.Lcloop1
-	jmp	.Lexit
-___
-$code.=<<___;
-.align	16
-.Lcloop1:
-	add	$TX[0]#b,$YY#b
-	movzb	$YY#b,$YY#d
-	movzb	($dat,$YY),$TY#d
-	movb	$TX[0]#b,($dat,$YY)
-	movb	$TY#b,($dat,$XX[0])
-	add	$TX[0]#b,$TY#b
-	add	\$1,$XX[0]#b
-	movzb	$TY#b,$TY#d
-	movzb	$XX[0]#b,$XX[0]#d
-	movzb	($dat,$TY),$TY#d
-	movzb	($dat,$XX[0]),$TX[0]#d
-	xorb	($inp),$TY#b
-	lea	1($inp),$inp
-	movb	$TY#b,($out)
-	lea	1($out),$out
-	sub	\$1,$len
-	jnz	.Lcloop1
-	jmp	.Lexit
-
-.align	16
-.Lexit:
-	sub	\$1,$XX[0]#b
-	movl	$XX[0]#d,-8($dat)
-	movl	$YY#d,-4($dat)
-
-	mov	(%rsp),%r13
-	mov	8(%rsp),%r12
-	mov	16(%rsp),%rbx
-	add	\$24,%rsp
-.Lepilogue:
-	ret
-.size	RC4,.-RC4
-___
-}
-
-$idx="%r8";
-$ido="%r9";
-
-$code.=<<___;
-.globl	private_RC4_set_key
-.type	private_RC4_set_key,\@function,3
-.align	16
-private_RC4_set_key:
-	lea	8($dat),$dat
-	lea	($inp,$len),$inp
-	neg	$len
-	mov	$len,%rcx
-	xor	%eax,%eax
-	xor	$ido,$ido
-	xor	%r10,%r10
-	xor	%r11,%r11
-
-	mov	OPENSSL_ia32cap_P(%rip),$idx#d
-	bt	\$20,$idx#d	# RC4_CHAR?
-	jc	.Lc1stloop
-	jmp	.Lw1stloop
-
-.align	16
-.Lw1stloop:
-	mov	%eax,($dat,%rax,4)
-	add	\$1,%al
-	jnc	.Lw1stloop
-
-	xor	$ido,$ido
-	xor	$idx,$idx
-.align	16
-.Lw2ndloop:
-	mov	($dat,$ido,4),%r10d
-	add	($inp,$len,1),$idx#b
-	add	%r10b,$idx#b
-	add	\$1,$len
-	mov	($dat,$idx,4),%r11d
-	cmovz	%rcx,$len
-	mov	%r10d,($dat,$idx,4)
-	mov	%r11d,($dat,$ido,4)
-	add	\$1,$ido#b
-	jnc	.Lw2ndloop
-	jmp	.Lexit_key
-
-.align	16
-.Lc1stloop:
-	mov	%al,($dat,%rax)
-	add	\$1,%al
-	jnc	.Lc1stloop
-
-	xor	$ido,$ido
-	xor	$idx,$idx
-.align	16
-.Lc2ndloop:
-	mov	($dat,$ido),%r10b
-	add	($inp,$len),$idx#b
-	add	%r10b,$idx#b
-	add	\$1,$len
-	mov	($dat,$idx),%r11b
-	jnz	.Lcnowrap
-	mov	%rcx,$len
-.Lcnowrap:
-	mov	%r10b,($dat,$idx)
-	mov	%r11b,($dat,$ido)
-	add	\$1,$ido#b
-	jnc	.Lc2ndloop
-	movl	\$-1,256($dat)
-
-.align	16
-.Lexit_key:
-	xor	%eax,%eax
-	mov	%eax,-8($dat)
-	mov	%eax,-4($dat)
-	ret
-.size	private_RC4_set_key,.-private_RC4_set_key
-
-.globl	RC4_options
-.type	RC4_options,\@abi-omnipotent
-.align	16
-RC4_options:
-	lea	.Lopts(%rip),%rax
-	mov	OPENSSL_ia32cap_P(%rip),%edx
-	bt	\$20,%edx
-	jc	.L8xchar
-	bt	\$30,%edx
-	jnc	.Ldone
-	add	\$25,%rax
-	ret
-.L8xchar:
-	add	\$12,%rax
-.Ldone:
-	ret
-.align	64
-.Lopts:
-.asciz	"rc4(8x,int)"
-.asciz	"rc4(8x,char)"
-.asciz	"rc4(16x,int)"
-.asciz	"RC4 for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-.align	64
-.size	RC4_options,.-RC4_options
-___
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	stream_se_handler,\@abi-omnipotent
-.align	16
-stream_se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	lea	.Lprologue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<prologue label
-	jb	.Lin_prologue
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	lea	.Lepilogue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lin_prologue
-
-	lea	24(%rax),%rax
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%r12
-	mov	-24(%rax),%r13
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-
-.Lin_prologue:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	jmp	.Lcommon_seh_exit
-.size	stream_se_handler,.-stream_se_handler
-
-.type	key_se_handler,\@abi-omnipotent
-.align	16
-key_se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	152($context),%rax	# pull context->Rsp
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-.Lcommon_seh_exit:
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	key_se_handler,.-key_se_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_RC4
-	.rva	.LSEH_end_RC4
-	.rva	.LSEH_info_RC4
-
-	.rva	.LSEH_begin_private_RC4_set_key
-	.rva	.LSEH_end_private_RC4_set_key
-	.rva	.LSEH_info_private_RC4_set_key
-
-.section	.xdata
-.align	8
-.LSEH_info_RC4:
-	.byte	9,0,0,0
-	.rva	stream_se_handler
-.LSEH_info_private_RC4_set_key:
-	.byte	9,0,0,0
-	.rva	key_se_handler
-___
-}
-
-sub reg_part {
-my ($reg,$conv)=@_;
-    if ($reg =~ /%r[0-9]+/)	{ $reg .= $conv; }
-    elsif ($conv eq "b")	{ $reg =~ s/%[er]([^x]+)x?/%$1l/;	}
-    elsif ($conv eq "w")	{ $reg =~ s/%[er](.+)/%$1/;		}
-    elsif ($conv eq "d")	{ $reg =~ s/%[er](.+)/%e$1/;		}
-    return $reg;
-}
-
-$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem;
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-
-print $code;
-
-close STDOUT;
diff --git a/crypto/rc4/rc4.c b/crypto/rc4/rc4.c
deleted file mode 100644
index c900b26055..0000000000
--- a/crypto/rc4/rc4.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/* crypto/rc4/rc4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/rc4.h>
-#include <openssl/evp.h>
-
-char *usage[]={
-"usage: rc4 args\n",
-"\n",
-" -in arg         - input file - default stdin\n",
-" -out arg        - output file - default stdout\n",
-" -key key        - password\n",
-NULL
-};
-
-int main(int argc, char *argv[])
-	{
-	FILE *in=NULL,*out=NULL;
-	char *infile=NULL,*outfile=NULL,*keystr=NULL;
-	RC4_KEY key;
-	char buf[BUFSIZ];
-	int badops=0,i;
-	char **pp;
-	unsigned char md[MD5_DIGEST_LENGTH];
-
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if 	(strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			keystr= *(++argv);
-			}
-		else
-			{
-			fprintf(stderr,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		for (pp=usage; (*pp != NULL); pp++)
-			fprintf(stderr,"%s",*pp);
-		exit(1);
-		}
-
-	if (infile == NULL)
-		in=stdin;
-	else
-		{
-		in=fopen(infile,"r");
-		if (in == NULL)
-			{
-			perror("open");
-			exit(1);
-			}
-
-		}
-	if (outfile == NULL)
-		out=stdout;
-	else
-		{
-		out=fopen(outfile,"w");
-		if (out == NULL)
-			{
-			perror("open");
-			exit(1);
-			}
-		}
-		
-#ifdef OPENSSL_SYS_MSDOS
-	/* This should set the file to binary mode. */
-	{
-#include <fcntl.h>
-	setmode(fileno(in),O_BINARY);
-	setmode(fileno(out),O_BINARY);
-	}
-#endif
-
-	if (keystr == NULL)
-		{ /* get key */
-		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
-		if (i != 0)
-			{
-			OPENSSL_cleanse(buf,BUFSIZ);
-			fprintf(stderr,"bad password read\n");
-			exit(1);
-			}
-		keystr=buf;
-		}
-
-	EVP_Digest((unsigned char *)keystr,strlen(keystr),md,NULL,EVP_md5(),NULL);
-	OPENSSL_cleanse(keystr,strlen(keystr));
-	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
-	
-	for(;;)
-		{
-		i=fread(buf,1,BUFSIZ,in);
-		if (i == 0) break;
-		if (i < 0)
-			{
-			perror("read");
-			exit(1);
-			}
-		RC4(&key,(unsigned int)i,(unsigned char *)buf,
-			(unsigned char *)buf);
-		i=fwrite(buf,(unsigned int)i,1,out);
-		if (i != 1)
-			{
-			perror("write");
-			exit(1);
-			}
-		}
-	fclose(out);
-	fclose(in);
-	exit(0);
-	return(1);
-	}
-
diff --git a/crypto/rc4/rc4.h b/crypto/rc4/rc4.h
deleted file mode 100644
index 88ceb46bc5..0000000000
--- a/crypto/rc4/rc4.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/* crypto/rc4/rc4.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RC4_H
-#define HEADER_RC4_H
-
-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC4, RC4_INT */
-#ifdef OPENSSL_NO_RC4
-#error RC4 is disabled.
-#endif
-
-#include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct rc4_key_st
-	{
-	RC4_INT x,y;
-	RC4_INT data[256];
-	} RC4_KEY;
-
- 
-const char *RC4_options(void);
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
-		unsigned char *outdata);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c
deleted file mode 100644
index 8c4fc6c7a3..0000000000
--- a/crypto/rc4/rc4_enc.c
+++ /dev/null
@@ -1,315 +0,0 @@
-/* crypto/rc4/rc4_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc4.h>
-#include "rc4_locl.h"
-
-/* RC4 as implemented from a posting from
- * Newsgroups: sci.crypt
- * From: sterndark@netcom.com (David Sterndark)
- * Subject: RC4 Algorithm revealed.
- * Message-ID: <sternCvKL4B.Hyy@netcom.com>
- * Date: Wed, 14 Sep 1994 06:35:31 GMT
- */
-
-void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
-	     unsigned char *outdata)
-	{
-        register RC4_INT *d;
-        register RC4_INT x,y,tx,ty;
-	size_t i;
-        
-        x=key->x;     
-        y=key->y;     
-        d=key->data; 
-
-#if defined(RC4_CHUNK)
-	/*
-	 * The original reason for implementing this(*) was the fact that
-	 * pre-21164a Alpha CPUs don't have byte load/store instructions
-	 * and e.g. a byte store has to be done with 64-bit load, shift,
-	 * and, or and finally 64-bit store. Peaking data and operating
-	 * at natural word size made it possible to reduce amount of
-	 * instructions as well as to perform early read-ahead without
-	 * suffering from RAW (read-after-write) hazard. This resulted
-	 * in ~40%(**) performance improvement on 21064 box with gcc.
-	 * But it's not only Alpha users who win here:-) Thanks to the
-	 * early-n-wide read-ahead this implementation also exhibits
-	 * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending
-	 * on sizeof(RC4_INT)).
-	 *
-	 * (*)	"this" means code which recognizes the case when input
-	 *	and output pointers appear to be aligned at natural CPU
-	 *	word boundary
-	 * (**)	i.e. according to 'apps/openssl speed rc4' benchmark,
-	 *	crypto/rc4/rc4speed.c exhibits almost 70% speed-up...
-	 *
-	 * Cavets.
-	 *
-	 * - RC4_CHUNK="unsigned long long" should be a #1 choice for
-	 *   UltraSPARC. Unfortunately gcc generates very slow code
-	 *   (2.5-3 times slower than one generated by Sun's WorkShop
-	 *   C) and therefore gcc (at least 2.95 and earlier) should
-	 *   always be told that RC4_CHUNK="unsigned long".
-	 *
-	 *					<appro@fy.chalmers.se>
-	 */
-
-# define RC4_STEP	( \
-			x=(x+1) &0xff,	\
-			tx=d[x],	\
-			y=(tx+y)&0xff,	\
-			ty=d[y],	\
-			d[y]=tx,	\
-			d[x]=ty,	\
-			(RC4_CHUNK)d[(tx+ty)&0xff]\
-			)
-
-	if ( ( ((size_t)indata  & (sizeof(RC4_CHUNK)-1)) | 
-	       ((size_t)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 )
-		{
-		RC4_CHUNK ichunk,otp;
-		const union { long one; char little; } is_endian = {1};
-
-		/*
-		 * I reckon we can afford to implement both endian
-		 * cases and to decide which way to take at run-time
-		 * because the machine code appears to be very compact
-		 * and redundant 1-2KB is perfectly tolerable (i.e.
-		 * in case the compiler fails to eliminate it:-). By
-		 * suggestion from Terrel Larson <terr@terralogic.net>
-		 * who also stands for the is_endian union:-)
-		 *
-		 * Special notes.
-		 *
-		 * - is_endian is declared automatic as doing otherwise
-		 *   (declaring static) prevents gcc from eliminating
-		 *   the redundant code;
-		 * - compilers (those I've tried) don't seem to have
-		 *   problems eliminating either the operators guarded
-		 *   by "if (sizeof(RC4_CHUNK)==8)" or the condition
-		 *   expressions themselves so I've got 'em to replace
-		 *   corresponding #ifdefs from the previous version;
-		 * - I chose to let the redundant switch cases when
-		 *   sizeof(RC4_CHUNK)!=8 be (were also #ifdefed
-		 *   before);
-		 * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in
-		 *   [LB]ESHFT guards against "shift is out of range"
-		 *   warnings when sizeof(RC4_CHUNK)!=8 
-		 *
-		 *			<appro@fy.chalmers.se>
-		 */
-		if (!is_endian.little)
-			{	/* BIG-ENDIAN CASE */
-# define BESHFT(c)	(((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
-			for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK))
-				{
-				ichunk  = *(RC4_CHUNK *)indata;
-				otp  = RC4_STEP<<BESHFT(0);
-				otp |= RC4_STEP<<BESHFT(1);
-				otp |= RC4_STEP<<BESHFT(2);
-				otp |= RC4_STEP<<BESHFT(3);
-				if (sizeof(RC4_CHUNK)==8)
-					{
-					otp |= RC4_STEP<<BESHFT(4);
-					otp |= RC4_STEP<<BESHFT(5);
-					otp |= RC4_STEP<<BESHFT(6);
-					otp |= RC4_STEP<<BESHFT(7);
-					}
-				*(RC4_CHUNK *)outdata = otp^ichunk;
-				indata  += sizeof(RC4_CHUNK);
-				outdata += sizeof(RC4_CHUNK);
-				}
-			if (len)
-				{
-				RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
-
-				ichunk = *(RC4_CHUNK *)indata;
-				ochunk = *(RC4_CHUNK *)outdata;
-				otp = 0;
-				i = BESHFT(0);
-				mask <<= (sizeof(RC4_CHUNK)-len)<<3;
-				switch (len&(sizeof(RC4_CHUNK)-1))
-					{
-					case 7:	otp  = RC4_STEP<<i, i-=8;
-					case 6:	otp |= RC4_STEP<<i, i-=8;
-					case 5:	otp |= RC4_STEP<<i, i-=8;
-					case 4:	otp |= RC4_STEP<<i, i-=8;
-					case 3:	otp |= RC4_STEP<<i, i-=8;
-					case 2:	otp |= RC4_STEP<<i, i-=8;
-					case 1:	otp |= RC4_STEP<<i, i-=8;
-					case 0: ; /*
-						   * it's never the case,
-						   * but it has to be here
-						   * for ultrix?
-						   */
-					}
-				ochunk &= ~mask;
-				ochunk |= (otp^ichunk) & mask;
-				*(RC4_CHUNK *)outdata = ochunk;
-				}
-			key->x=x;     
-			key->y=y;
-			return;
-			}
-		else
-			{	/* LITTLE-ENDIAN CASE */
-# define LESHFT(c)	(((c)*8)&(sizeof(RC4_CHUNK)*8-1))
-			for (;len&(0-sizeof(RC4_CHUNK));len-=sizeof(RC4_CHUNK))
-				{
-				ichunk  = *(RC4_CHUNK *)indata;
-				otp  = RC4_STEP;
-				otp |= RC4_STEP<<8;
-				otp |= RC4_STEP<<16;
-				otp |= RC4_STEP<<24;
-				if (sizeof(RC4_CHUNK)==8)
-					{
-					otp |= RC4_STEP<<LESHFT(4);
-					otp |= RC4_STEP<<LESHFT(5);
-					otp |= RC4_STEP<<LESHFT(6);
-					otp |= RC4_STEP<<LESHFT(7);
-					}
-				*(RC4_CHUNK *)outdata = otp^ichunk;
-				indata  += sizeof(RC4_CHUNK);
-				outdata += sizeof(RC4_CHUNK);
-				}
-			if (len)
-				{
-				RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
-
-				ichunk = *(RC4_CHUNK *)indata;
-				ochunk = *(RC4_CHUNK *)outdata;
-				otp = 0;
-				i   = 0;
-				mask >>= (sizeof(RC4_CHUNK)-len)<<3;
-				switch (len&(sizeof(RC4_CHUNK)-1))
-					{
-					case 7:	otp  = RC4_STEP,    i+=8;
-					case 6:	otp |= RC4_STEP<<i, i+=8;
-					case 5:	otp |= RC4_STEP<<i, i+=8;
-					case 4:	otp |= RC4_STEP<<i, i+=8;
-					case 3:	otp |= RC4_STEP<<i, i+=8;
-					case 2:	otp |= RC4_STEP<<i, i+=8;
-					case 1:	otp |= RC4_STEP<<i, i+=8;
-					case 0: ; /*
-						   * it's never the case,
-						   * but it has to be here
-						   * for ultrix?
-						   */
-					}
-				ochunk &= ~mask;
-				ochunk |= (otp^ichunk) & mask;
-				*(RC4_CHUNK *)outdata = ochunk;
-				}
-			key->x=x;     
-			key->y=y;
-			return;
-			}
-		}
-#endif
-#define LOOP(in,out) \
-		x=((x+1)&0xff); \
-		tx=d[x]; \
-		y=(tx+y)&0xff; \
-		d[x]=ty=d[y]; \
-		d[y]=tx; \
-		(out) = d[(tx+ty)&0xff]^ (in);
-
-#ifndef RC4_INDEX
-#define RC4_LOOP(a,b,i)	LOOP(*((a)++),*((b)++))
-#else
-#define RC4_LOOP(a,b,i)	LOOP(a[i],b[i])
-#endif
-
-	i=len>>3;
-	if (i)
-		{
-		for (;;)
-			{
-			RC4_LOOP(indata,outdata,0);
-			RC4_LOOP(indata,outdata,1);
-			RC4_LOOP(indata,outdata,2);
-			RC4_LOOP(indata,outdata,3);
-			RC4_LOOP(indata,outdata,4);
-			RC4_LOOP(indata,outdata,5);
-			RC4_LOOP(indata,outdata,6);
-			RC4_LOOP(indata,outdata,7);
-#ifdef RC4_INDEX
-			indata+=8;
-			outdata+=8;
-#endif
-			if (--i == 0) break;
-			}
-		}
-	i=len&0x07;
-	if (i)
-		{
-		for (;;)
-			{
-			RC4_LOOP(indata,outdata,0); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,1); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,2); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,3); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,4); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,5); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,6); if (--i == 0) break;
-			}
-		}               
-	key->x=x;     
-	key->y=y;
-	}
diff --git a/crypto/rc4/rc4_locl.h b/crypto/rc4/rc4_locl.h
deleted file mode 100644
index c712e1632e..0000000000
--- a/crypto/rc4/rc4_locl.h
+++ /dev/null
@@ -1,5 +0,0 @@
-#ifndef HEADER_RC4_LOCL_H
-#define HEADER_RC4_LOCL_H
-#include <openssl/opensslconf.h>
-#include <cryptlib.h>
-#endif
diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c
deleted file mode 100644
index fda27636e7..0000000000
--- a/crypto/rc4/rc4_skey.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/* crypto/rc4/rc4_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc4.h>
-#include "rc4_locl.h"
-#include <openssl/opensslv.h>
-
-const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;
-
-const char *RC4_options(void)
-	{
-#ifdef RC4_INDEX
-	if (sizeof(RC4_INT) == 1)
-		return("rc4(idx,char)");
-	else
-		return("rc4(idx,int)");
-#else
-	if (sizeof(RC4_INT) == 1)
-		return("rc4(ptr,char)");
-	else
-		return("rc4(ptr,int)");
-#endif
-	}
-
-/* RC4 as implemented from a posting from
- * Newsgroups: sci.crypt
- * From: sterndark@netcom.com (David Sterndark)
- * Subject: RC4 Algorithm revealed.
- * Message-ID: <sternCvKL4B.Hyy@netcom.com>
- * Date: Wed, 14 Sep 1994 06:35:31 GMT
- */
-
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
-	{
-        register RC4_INT tmp;
-        register int id1,id2;
-        register RC4_INT *d;
-        unsigned int i;
-        
-        d= &(key->data[0]);
-        key->x = 0;     
-        key->y = 0;     
-        id1=id2=0;     
-
-#define SK_LOOP(d,n) { \
-		tmp=d[(n)]; \
-		id2 = (data[id1] + tmp + id2) & 0xff; \
-		if (++id1 == len) id1=0; \
-		d[(n)]=d[id2]; \
-		d[id2]=tmp; }
-
-	for (i=0; i < 256; i++) d[i]=i;
-	for (i=0; i < 256; i+=4)
-		{
-		SK_LOOP(d,i+0);
-		SK_LOOP(d,i+1);
-		SK_LOOP(d,i+2);
-		SK_LOOP(d,i+3);
-		}
-	}
-    
diff --git a/crypto/rc4/rc4_utl.c b/crypto/rc4/rc4_utl.c
deleted file mode 100644
index ab3f02fe6a..0000000000
--- a/crypto/rc4/rc4_utl.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/* crypto/rc4/rc4_utl.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#include <openssl/rc4.h>
-
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
-	{
-#ifdef OPENSSL_FIPS
-	fips_cipher_abort(RC4);
-#endif
-	private_RC4_set_key(key, len, data);
-	}
diff --git a/crypto/rc4/rc4s.cpp b/crypto/rc4/rc4s.cpp
deleted file mode 100644
index 3814fde997..0000000000
--- a/crypto/rc4/rc4s.cpp
+++ /dev/null
@@ -1,73 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
-  asm volatile(".byte 15, 49\n\t"
-	       : "=eax" (tsc)
-	       :
-	       : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
-  unsigned long a;
-  __asm _emit 0fh
-  __asm _emit 31h
-  __asm mov a, eax;
-  tsc=a;
-}
-#endif      
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/rc4.h>
-
-void main(int argc,char *argv[])
-	{
-	unsigned char buffer[1024];
-	RC4_KEY ctx;
-	unsigned long s1,s2,e1,e2;
-	unsigned char k[16];
-	unsigned long data[2];
-	unsigned char iv[8];
-	int i,num=64,numm;
-	int j=0;
-
-	if (argc >= 2)
-		num=atoi(argv[1]);
-
-	if (num == 0) num=256;
-	if (num > 1024-16) num=1024-16;
-	numm=num+8;
-
-	for (j=0; j<6; j++)
-		{
-		for (i=0; i<10; i++) /**/
-			{
-			RC4(&ctx,numm,buffer,buffer);
-			GetTSC(s1);
-			RC4(&ctx,numm,buffer,buffer);
-			GetTSC(e1);
-			GetTSC(s2);
-			RC4(&ctx,num,buffer,buffer);
-			GetTSC(e2);
-			RC4(&ctx,num,buffer,buffer);
-			}
-
-		printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num,
-			e1-s1,e2-s2,(e1-s1)-(e2-s2));
-		}
-	}
-
diff --git a/crypto/rc4/rc4speed.c b/crypto/rc4/rc4speed.c
deleted file mode 100644
index 0ebd38123d..0000000000
--- a/crypto/rc4/rc4speed.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/* crypto/rc4/rc4speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
-   The __TMS macro will show if it was.  If it wasn't defined, we should
-   undefine TIMES, since that tells the rest of the program how things
-   should be handled.				-- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/rc4.h>
-
-/* The following if from times(3) man page.  It may need to be changed */
-#ifndef HZ
-#ifndef CLK_TCK
-#define HZ	100.0
-#else /* CLK_TCK */
-#define HZ ((double)CLK_TCK)
-#endif
-#endif
-
-#define BUFSIZE	((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
-	{
-	signal(SIGALRM,sig_done);
-	run=0;
-#ifdef LINT
-	sig=sig;
-#endif
-	}
-#endif
-
-#define START	0
-#define STOP	1
-
-double Time_F(int s)
-	{
-	double ret;
-#ifdef TIMES
-	static struct tms tstart,tend;
-
-	if (s == START)
-		{
-		times(&tstart);
-		return(0);
-		}
-	else
-		{
-		times(&tend);
-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
-		return((ret == 0.0)?1e-6:ret);
-		}
-#else /* !times() */
-	static struct timeb tstart,tend;
-	long i;
-
-	if (s == START)
-		{
-		ftime(&tstart);
-		return(0);
-		}
-	else
-		{
-		ftime(&tend);
-		i=(long)tend.millitm-(long)tstart.millitm;
-		ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
-		return((ret == 0.0)?1e-6:ret);
-		}
-#endif
-	}
-
-int main(int argc, char **argv)
-	{
-	long count;
-	static unsigned char buf[BUFSIZE];
-	static unsigned char key[] ={
-			0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
-			0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
-			};
-	RC4_KEY sch;
-	double a,b,c,d;
-#ifndef SIGALRM
-	long ca,cb,cc;
-#endif
-
-#ifndef TIMES
-	printf("To get the most accurate results, try to run this\n");
-	printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
-	printf("First we calculate the approximate speed ...\n");
-	RC4_set_key(&sch,16,key);
-	count=10;
-	do	{
-		long i;
-		unsigned long data[2];
-
-		count*=2;
-		Time_F(START);
-		for (i=count; i; i--)
-			RC4(&sch,8,buf,buf);
-		d=Time_F(STOP);
-		} while (d < 3.0);
-	ca=count/512;
-	cc=count*8/BUFSIZE+1;
-	printf("Doing RC4_set_key %ld times\n",ca);
-#define COND(d)	(count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c)	(run)
-#define COUNT(d) (count)
-	signal(SIGALRM,sig_done);
-	printf("Doing RC4_set_key for 10 seconds\n");
-	alarm(10);
-#endif
-
-	Time_F(START);
-	for (count=0,run=1; COND(ca); count+=4)
-		{
-		RC4_set_key(&sch,16,key);
-		RC4_set_key(&sch,16,key);
-		RC4_set_key(&sch,16,key);
-		RC4_set_key(&sch,16,key);
-		}
-	d=Time_F(STOP);
-	printf("%ld RC4_set_key's in %.2f seconds\n",count,d);
-	a=((double)COUNT(ca))/d;
-
-#ifdef SIGALRM
-	printf("Doing RC4 on %ld byte blocks for 10 seconds\n",BUFSIZE);
-	alarm(10);
-#else
-	printf("Doing RC4 %ld times on %ld byte blocks\n",cc,BUFSIZE);
-#endif
-	Time_F(START);
-	for (count=0,run=1; COND(cc); count++)
-		RC4(&sch,BUFSIZE,buf,buf);
-	d=Time_F(STOP);
-	printf("%ld RC4's of %ld byte blocks in %.2f second\n",
-		count,BUFSIZE,d);
-	c=((double)COUNT(cc)*BUFSIZE)/d;
-
-	printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
-	printf("RC4   bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
-	exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
-	return(0);
-#endif
-	}
-
diff --git a/crypto/rc4/rc4test.c b/crypto/rc4/rc4test.c
deleted file mode 100644
index 4312605ccb..0000000000
--- a/crypto/rc4/rc4test.c
+++ /dev/null
@@ -1,242 +0,0 @@
-/* crypto/rc4/rc4test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_RC4
-int main(int argc, char *argv[])
-{
-    printf("No RC4 support\n");
-    return(0);
-}
-#else
-#include <openssl/rc4.h>
-#include <openssl/sha.h>
-
-static unsigned char keys[7][30]={
-	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
-	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
-	{8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
-	{4,0xef,0x01,0x23,0x45},
-	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
-	{4,0xef,0x01,0x23,0x45},
-	};
-
-static unsigned char data_len[7]={8,8,8,20,28,10};
-static unsigned char data[7][30]={
-	{0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	   0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	   0x00,0x00,0x00,0x00,0xff},
-	{0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
-	   0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
-	   0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
-	   0x12,0x34,0x56,0x78,0xff},
-	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
-	{0},
-	};
-
-static unsigned char output[7][30]={
-	{0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
-	{0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
-	{0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
-	{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
-	 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
-	 0x36,0xb6,0x78,0x58,0x00},
-	{0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
-	 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
-	 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
-	 0x40,0x01,0x1e,0xcf,0x00},
-	{0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
-	{0},
-	};
-
-int main(int argc, char *argv[])
-	{
-	int i,err=0;
-	int j;
-	unsigned char *p;
-	RC4_KEY key;
-	unsigned char obuf[512];
-
-#if !defined(OPENSSL_PIC)
-	void OPENSSL_cpuid_setup(void);
-
-	OPENSSL_cpuid_setup();
-#endif
-
-	for (i=0; i<6; i++)
-		{
-		RC4_set_key(&key,keys[i][0],&(keys[i][1]));
-		memset(obuf,0x00,sizeof(obuf));
-		RC4(&key,data_len[i],&(data[i][0]),obuf);
-		if (memcmp(obuf,output[i],data_len[i]+1) != 0)
-			{
-			printf("error calculating RC4\n");
-			printf("output:");
-			for (j=0; j<data_len[i]+1; j++)
-				printf(" %02x",obuf[j]);
-			printf("\n");
-			printf("expect:");
-			p= &(output[i][0]);
-			for (j=0; j<data_len[i]+1; j++)
-				printf(" %02x",*(p++));
-			printf("\n");
-			err++;
-			}
-		else
-			printf("test %d ok\n",i);
-		}
-	printf("test end processing ");
-	for (i=0; i<data_len[3]; i++)
-		{
-		RC4_set_key(&key,keys[3][0],&(keys[3][1]));
-		memset(obuf,0x00,sizeof(obuf));
-		RC4(&key,i,&(data[3][0]),obuf);
-		if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))
-			{
-			printf("error in RC4 length processing\n");
-			printf("output:");
-			for (j=0; j<i+1; j++)
-				printf(" %02x",obuf[j]);
-			printf("\n");
-			printf("expect:");
-			p= &(output[3][0]);
-			for (j=0; j<i; j++)
-				printf(" %02x",*(p++));
-			printf(" 00\n");
-			err++;
-			}
-		else
-			{
-			printf(".");
-			fflush(stdout);
-			}
-		}
-	printf("done\n");
-	printf("test multi-call ");
-	for (i=0; i<data_len[3]; i++)
-		{
-		RC4_set_key(&key,keys[3][0],&(keys[3][1]));
-		memset(obuf,0x00,sizeof(obuf));
-		RC4(&key,i,&(data[3][0]),obuf);
-		RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));
-		if (memcmp(obuf,output[3],data_len[3]+1) != 0)
-			{
-			printf("error in RC4 multi-call processing\n");
-			printf("output:");
-			for (j=0; j<data_len[3]+1; j++)
-				printf(" %02x",obuf[j]);
-			printf("\n");
-			printf("expect:");
-			p= &(output[3][0]);
-			for (j=0; j<data_len[3]+1; j++)
-				printf(" %02x",*(p++));
-			err++;
-			}
-		else
-			{
-			printf(".");
-			fflush(stdout);
-			}
-		}
-	printf("done\n");
-	printf("bulk test ");
-	{   unsigned char buf[513];
-	    SHA_CTX c;
-	    unsigned char md[SHA_DIGEST_LENGTH];
-	    static unsigned char expected[]={
-		0xa4,0x7b,0xcc,0x00,0x3d,0xd0,0xbd,0xe1,0xac,0x5f,
-		0x12,0x1e,0x45,0xbc,0xfb,0x1a,0xa1,0xf2,0x7f,0xc5 };
-
-		RC4_set_key(&key,keys[0][0],&(keys[3][1]));
-		memset(buf,'\0',sizeof(buf));
-		SHA1_Init(&c);
-		for (i=0;i<2571;i++) {
-			RC4(&key,sizeof(buf),buf,buf);
-			SHA1_Update(&c,buf,sizeof(buf));
-		}
-		SHA1_Final(md,&c);
-
-		if (memcmp(md,expected,sizeof(md))) {
-			printf("error in RC4 bulk test\n");
-			printf("output:");
-			for (j=0; j<(int)sizeof(md); j++)
-				printf(" %02x",md[j]);
-			printf("\n");
-			printf("expect:");
-			for (j=0; j<(int)sizeof(md); j++)
-				printf(" %02x",expected[j]);
-			printf("\n");
-			err++;
-		}
-		else	printf("ok\n");
-	}
-#ifdef OPENSSL_SYS_NETWARE
-    if (err) printf("ERROR: %d\n", err);
-#endif
-	EXIT(err);
-	return(0);
-	}
-#endif
diff --git a/crypto/rc4/rrc4.doc b/crypto/rc4/rrc4.doc
deleted file mode 100644
index 2f9a953c12..0000000000
--- a/crypto/rc4/rrc4.doc
+++ /dev/null
@@ -1,278 +0,0 @@
-Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.privacy
-Path: ghost.dsi.unimi.it!univ-lyon1.fr!jussieu.fr!zaphod.crihan.fr!warwick!clyde.open.ac.uk!strath-cs!bnr.co.uk!bt!pipex!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!yeshua.marcam.com!charnel.ecst.csuchico.edu!csusac!csus.edu!netcom.com!sterndark
-From: sterndark@netcom.com (David Sterndark)
-Subject: RC4 Algorithm revealed.
-Message-ID: <sternCvKL4B.Hyy@netcom.com>
-Sender: sterndark@netcom.com 
-Organization: NETCOM On-line Communication Services (408 261-4700 guest)
-X-Newsreader: TIN [version 1.2 PL1]
-Date: Wed, 14 Sep 1994 06:35:31 GMT
-Lines: 263
-Xref: ghost.dsi.unimi.it sci.crypt:27332 alt.security:14732 comp.security.misc:11701 alt.privacy:16026
-
-I am shocked,  shocked, I tell you,  shocked, to discover
-that the cypherpunks have illegaly and criminally revealed
-a crucial RSA trade secret and harmed the security of
-America by reverse engineering the RC4 algorithm and
-publishing it to the world.
- 
-On Saturday morning an anonymous cypherpunk wrote:
- 
- 
-   SUBJECT:  RC4 Source Code
- 
- 
-   I've tested this.  It is compatible with the RC4 object module
-   that comes in the various RSA toolkits.  
- 
-   /* rc4.h */
-   typedef struct rc4_key
-   {      
-        unsigned char state[256];       
-        unsigned char x;        
-        unsigned char y;
-   } rc4_key;
-   void prepare_key(unsigned char *key_data_ptr,int key_data_len,
-   rc4_key *key);
-   void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key);
-   
-   
-   /*rc4.c */
-   #include "rc4.h"
-   static void swap_byte(unsigned char *a, unsigned char *b);
-   void prepare_key(unsigned char *key_data_ptr, int key_data_len,
-   rc4_key *key)
-   {
-        unsigned char swapByte;
-        unsigned char index1;
-        unsigned char index2;
-        unsigned char* state;
-        short counter;     
-        
-        state = &key->state[0];         
-        for(counter = 0; counter < 256; counter++)              
-        state[counter] = counter;               
-        key->x = 0;     
-        key->y = 0;     
-        index1 = 0;     
-        index2 = 0;             
-        for(counter = 0; counter < 256; counter++)      
-        {               
-             index2 = (key_data_ptr[index1] + state[counter] +
-                index2) % 256;                
-             swap_byte(&state[counter], &state[index2]);            
-   
-             index1 = (index1 + 1) % key_data_len;  
-        }       
-    }
-    
-    void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key)
-    { 
-        unsigned char x;
-        unsigned char y;
-        unsigned char* state;
-        unsigned char xorIndex;
-        short counter;              
-        
-        x = key->x;     
-        y = key->y;     
-        
-        state = &key->state[0];         
-        for(counter = 0; counter < buffer_len; counter ++)      
-        {               
-             x = (x + 1) % 256;                      
-             y = (state[x] + y) % 256;               
-             swap_byte(&state[x], &state[y]);                        
-                  
-             xorIndex = (state[x] + state[y]) % 256;                 
-                  
-             buffer_ptr[counter] ^= state[xorIndex];         
-         }               
-         key->x = x;     
-         key->y = y;
-    }
-    
-    static void swap_byte(unsigned char *a, unsigned char *b)
-    {
-        unsigned char swapByte; 
-        
-        swapByte = *a; 
-        *a = *b;      
-        *b = swapByte;
-    }
- 
- 
- 
-Another cypherpunk, this one not anonymous, tested the
-output from this algorithm against the output from
-official RC4 object code
- 
- 
-   Date: Tue, 13 Sep 94 18:37:56 PDT
-   From: ekr@eit.COM (Eric Rescorla)
-   Message-Id: <9409140137.AA17743@eitech.eit.com>
-   Subject: RC4 compatibility testing
-   Cc: cypherpunks@toad.com
-   
-   One data point:
-   
-   I can't say anything about the internals of RC4 versus the
-   algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4',
-   since I don't know anything about RC4's internals. 
-   
-   However, I do have a (legitimately acquired) copy of BSAFE2 and
-   so I'm able to compare the output of this algorithm to the output
-   of genuine RC4 as found in BSAFE. I chose a set of test vectors
-   and ran them through both algorithms. The algorithms appear to
-   give identical results, at least with these key/plaintext pairs.
-   
-   I note that this is the algorithm _without_ Hal Finney's
-   proposed modification
-   
-   (see <199409130605.XAA24133@jobe.shell.portal.com>).
-   
-   The vectors I used (together with the ciphertext they produce)
-   follow at the end of this message.
-   
-   -Ekr
-   
-   Disclaimer: This posting does not reflect the opinions of EIT.
-   
-   --------------------results follow--------------
-   Test vector 0
-   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
-   Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
-   0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96 
-   
-   Test vector 1
-   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
-   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
-   0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79 
-   
-   Test vector 2
-   Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
-   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
-   0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a 
-   
-   Test vector 3
-   Key: 0xef 0x01 0x23 0x45 
-   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
-   0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61 
-   
-   Test vector 4
-   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
-   Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
-   0x01 
-   0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4 
-   0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f 
-   0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca 
-   0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d 
-   0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1 
-   0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6 
-   0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95 
-   0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a 
-   0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3 
-   0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56 
-   0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa 
-   0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd 
-   0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5 
-   0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6 
-   0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a 
-   0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6 
-   0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53 
-   0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32 
-   0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8 
-   0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0 
-   0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10 
-   0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62 
-   0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e 
-   0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef 
-   0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90 
-   0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29 
-   0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b 
-   0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16 
-   0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64 
-   0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86 
-   0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26 
-   0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91 
-   0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3 
-   0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35 
-   0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b 
-   0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8 
-   0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80 
-   0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2 
-   0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8 
-   0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d 
-   0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6 
-   0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c 
-   0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37 
-   0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00 
-   0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd 
-   0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f 
-   0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58 
-   0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12 
-   0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58 
-   0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4 
-   0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0 
-   0xc0 
-   
-
-
--- 
- ---------------------------------------------------------------------
-We have the right to defend ourselves and our
-property, because of the kind of animals that we              James A. Donald
-are.  True law derives from this right, not from
-the arbitrary power of the omnipotent state.                jamesd@netcom.com
-
-
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
deleted file mode 100644
index 11853fee5f..0000000000
--- a/crypto/rsa/rsa.h
+++ /dev/null
@@ -1,583 +0,0 @@
-/* crypto/rsa/rsa.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RSA_H
-#define HEADER_RSA_H
-
-#include <openssl/asn1.h>
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/crypto.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef OPENSSL_NO_RSA
-#error RSA is disabled.
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Declared already in ossl_typ.h */
-/* typedef struct rsa_st RSA; */
-/* typedef struct rsa_meth_st RSA_METHOD; */
-
-struct rsa_meth_st
-	{
-	const char *name;
-	int (*rsa_pub_enc)(int flen,const unsigned char *from,
-			   unsigned char *to,
-			   RSA *rsa,int padding);
-	int (*rsa_pub_dec)(int flen,const unsigned char *from,
-			   unsigned char *to,
-			   RSA *rsa,int padding);
-	int (*rsa_priv_enc)(int flen,const unsigned char *from,
-			    unsigned char *to,
-			    RSA *rsa,int padding);
-	int (*rsa_priv_dec)(int flen,const unsigned char *from,
-			    unsigned char *to,
-			    RSA *rsa,int padding);
-	int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */
-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-			  const BIGNUM *m, BN_CTX *ctx,
-			  BN_MONT_CTX *m_ctx); /* Can be null */
-	int (*init)(RSA *rsa);		/* called at new */
-	int (*finish)(RSA *rsa);	/* called at free */
-	int flags;			/* RSA_METHOD_FLAG_* things */
-	char *app_data;			/* may be needed! */
-/* New sign and verify functions: some libraries don't allow arbitrary data
- * to be signed/verified: this allows them to be used. Note: for this to work
- * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
- * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
- * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
- * option is set in 'flags'.
- */
-	int (*rsa_sign)(int type,
-		const unsigned char *m, unsigned int m_length,
-		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-	int (*rsa_verify)(int dtype,
-		const unsigned char *m, unsigned int m_length,
-		const unsigned char *sigbuf, unsigned int siglen,
-								const RSA *rsa);
-/* If this callback is NULL, the builtin software RSA key-gen will be used. This
- * is for behavioural compatibility whilst the code gets rewired, but one day
- * it would be nice to assume there are no such things as "builtin software"
- * implementations. */
-	int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-	};
-
-struct rsa_st
-	{
-	/* The first parameter is used to pickup errors where
-	 * this is passed instead of aEVP_PKEY, it is set to 0 */
-	int pad;
-	long version;
-	const RSA_METHOD *meth;
-	/* functional reference if 'meth' is ENGINE-provided */
-	ENGINE *engine;
-	BIGNUM *n;
-	BIGNUM *e;
-	BIGNUM *d;
-	BIGNUM *p;
-	BIGNUM *q;
-	BIGNUM *dmp1;
-	BIGNUM *dmq1;
-	BIGNUM *iqmp;
-	/* be careful using this if the RSA structure is shared */
-	CRYPTO_EX_DATA ex_data;
-	int references;
-	int flags;
-
-	/* Used to cache montgomery values */
-	BN_MONT_CTX *_method_mod_n;
-	BN_MONT_CTX *_method_mod_p;
-	BN_MONT_CTX *_method_mod_q;
-
-	/* all BIGNUM values are actually in the following data, if it is not
-	 * NULL */
-	char *bignum_data;
-	BN_BLINDING *blinding;
-	BN_BLINDING *mt_blinding;
-	};
-
-#ifndef OPENSSL_RSA_MAX_MODULUS_BITS
-# define OPENSSL_RSA_MAX_MODULUS_BITS	16384
-#endif
-
-#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
-# define OPENSSL_RSA_SMALL_MODULUS_BITS	3072
-#endif
-#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
-# define OPENSSL_RSA_MAX_PUBEXP_BITS	64 /* exponent limit enforced for "large" modulus only */
-#endif
-
-#define RSA_3	0x3L
-#define RSA_F4	0x10001L
-
-#define RSA_METHOD_FLAG_NO_CHECK	0x0001 /* don't check pub/private match */
-
-#define RSA_FLAG_CACHE_PUBLIC		0x0002
-#define RSA_FLAG_CACHE_PRIVATE		0x0004
-#define RSA_FLAG_BLINDING		0x0008
-#define RSA_FLAG_THREAD_SAFE		0x0010
-/* This flag means the private key operations will be handled by rsa_mod_exp
- * and that they do not depend on the private key components being present:
- * for example a key stored in external hardware. Without this flag bn_mod_exp
- * gets called when private key components are absent.
- */
-#define RSA_FLAG_EXT_PKEY		0x0020
-
-/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
- */
-#define RSA_FLAG_SIGN_VER		0x0040
-
-#define RSA_FLAG_NO_BLINDING		0x0080 /* new with 0.9.6j and 0.9.7b; the built-in
-                                                * RSA implementation now uses blinding by
-                                                * default (ignoring RSA_FLAG_BLINDING),
-                                                * but other engines might not need it
-                                                */
-#define RSA_FLAG_NO_CONSTTIME		0x0100 /* new with 0.9.8f; the built-in RSA
-						* implementation now uses constant time
-						* operations by default in private key operations,
-						* e.g., constant time modular exponentiation, 
-                                                * modular inverse without leaking branches, 
-                                                * division without leaking branches. This 
-                                                * flag disables these constant time 
-                                                * operations and results in faster RSA 
-                                                * private key operations.
-                                                */ 
-#ifndef OPENSSL_NO_DEPRECATED
-#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/
-                                                /* new with 0.9.7h; the built-in RSA
-                                                * implementation now uses constant time
-                                                * modular exponentiation for secret exponents
-                                                * by default. This flag causes the
-                                                * faster variable sliding window method to
-                                                * be used for all exponents.
-                                                */
-#endif
-
-
-#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
-				pad, NULL)
-
-#define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \
-				EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
-
-#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
-				(EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
-				EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
-				len, NULL)
-
-#define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
-				(EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
-				EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \
-				0, plen)
-
-#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
-				EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
-
-#define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
-				EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
-
-#define	 EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md)	\
-		EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG,  \
-				EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md)
-
-#define	 EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd)	\
-		EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG,  \
-				EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd)
-
-#define EVP_PKEY_CTRL_RSA_PADDING	(EVP_PKEY_ALG_CTRL + 1)
-#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN	(EVP_PKEY_ALG_CTRL + 2)
-
-#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS	(EVP_PKEY_ALG_CTRL + 3)
-#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP	(EVP_PKEY_ALG_CTRL + 4)
-#define EVP_PKEY_CTRL_RSA_MGF1_MD	(EVP_PKEY_ALG_CTRL + 5)
-
-#define EVP_PKEY_CTRL_GET_RSA_PADDING		(EVP_PKEY_ALG_CTRL + 6)
-#define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN	(EVP_PKEY_ALG_CTRL + 7)
-#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD		(EVP_PKEY_ALG_CTRL + 8)
-
-#define RSA_PKCS1_PADDING	1
-#define RSA_SSLV23_PADDING	2
-#define RSA_NO_PADDING		3
-#define RSA_PKCS1_OAEP_PADDING	4
-#define RSA_X931_PADDING	5
-/* EVP_PKEY_ only */
-#define RSA_PKCS1_PSS_PADDING	6
-
-#define RSA_PKCS1_PADDING_SIZE	11
-
-#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
-#define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
-
-RSA *	RSA_new(void);
-RSA *	RSA_new_method(ENGINE *engine);
-int	RSA_size(const RSA *rsa);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-RSA *	RSA_generate_key(int bits, unsigned long e,void
-		(*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int	RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-
-int	RSA_check_key(const RSA *);
-	/* next 4 return -1 on error */
-int	RSA_public_encrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-int	RSA_private_encrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-int	RSA_public_decrypt(int flen, const unsigned char *from, 
-		unsigned char *to, RSA *rsa,int padding);
-int	RSA_private_decrypt(int flen, const unsigned char *from, 
-		unsigned char *to, RSA *rsa,int padding);
-void	RSA_free (RSA *r);
-/* "up" the RSA object's reference count */
-int	RSA_up_ref(RSA *r);
-
-int	RSA_flags(const RSA *r);
-
-void RSA_set_default_method(const RSA_METHOD *meth);
-const RSA_METHOD *RSA_get_default_method(void);
-const RSA_METHOD *RSA_get_method(const RSA *rsa);
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
-
-/* This function needs the memory locking malloc callbacks to be installed */
-int RSA_memory_lock(RSA *r);
-
-/* these are the actual SSLeay RSA functions */
-const RSA_METHOD *RSA_PKCS1_SSLeay(void);
-
-const RSA_METHOD *RSA_null_method(void);
-
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
-
-typedef struct rsa_pss_params_st
-	{
-	X509_ALGOR *hashAlgorithm;
-	X509_ALGOR *maskGenAlgorithm;
-	ASN1_INTEGER *saltLength;
-	ASN1_INTEGER *trailerField;
-	} RSA_PSS_PARAMS;
-
-DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
-
-#ifndef OPENSSL_NO_FP_API
-int	RSA_print_fp(FILE *fp, const RSA *r,int offset);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-int	RSA_print(BIO *bp, const RSA *r,int offset);
-#endif
-
-#ifndef OPENSSL_NO_RC4
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
-		int (*cb)(char *buf, int len, const char *prompt, int verify),
-		int sgckey);
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-		 int (*cb)(char *buf, int len, const char *prompt, int verify),
-		 int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-		     int (*cb)(char *buf, int len, const char *prompt,
-			       int verify));
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-		      int (*cb)(char *buf, int len, const char *prompt,
-				int verify));
-#endif
-
-/* The following 2 functions sign and verify a X509_SIG ASN1 object
- * inside PKCS#1 padded RSA encryption */
-int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
-	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
-	const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
-/* The following 2 function sign and verify a ASN1_OCTET_STRING
- * object inside PKCS#1 padded RSA encryption */
-int RSA_sign_ASN1_OCTET_STRING(int type,
-	const unsigned char *m, unsigned int m_length,
-	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify_ASN1_OCTET_STRING(int type,
-	const unsigned char *m, unsigned int m_length,
-	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
-void RSA_blinding_off(RSA *rsa);
-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
-
-int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
-	const unsigned char *f,int fl);
-int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,int rsa_len);
-int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
-	const unsigned char *f,int fl);
-int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,int rsa_len);
-int PKCS1_MGF1(unsigned char *mask, long len,
-	const unsigned char *seed, long seedlen, const EVP_MD *dgst);
-int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,
-	const unsigned char *p,int pl);
-int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,int rsa_len,
-	const unsigned char *p,int pl);
-int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
-	const unsigned char *f,int fl);
-int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,int rsa_len);
-int RSA_padding_add_none(unsigned char *to,int tlen,
-	const unsigned char *f,int fl);
-int RSA_padding_check_none(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,int rsa_len);
-int RSA_padding_add_X931(unsigned char *to,int tlen,
-	const unsigned char *f,int fl);
-int RSA_padding_check_X931(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,int rsa_len);
-int RSA_X931_hash_id(int nid);
-
-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
-			const EVP_MD *Hash, const unsigned char *EM, int sLen);
-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
-			const unsigned char *mHash,
-			const EVP_MD *Hash, int sLen);
-
-int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
-			const EVP_MD *Hash, const EVP_MD *mgf1Hash, 
-			const unsigned char *EM, int sLen);
-
-int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
-			const unsigned char *mHash,
-			const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen);
-
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int RSA_set_ex_data(RSA *r,int idx,void *arg);
-void *RSA_get_ex_data(const RSA *r, int idx);
-
-RSA *RSAPublicKey_dup(RSA *rsa);
-RSA *RSAPrivateKey_dup(RSA *rsa);
-
-/* If this flag is set the RSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its responsibility
- * to ensure the result is compliant.
- */
-
-#define RSA_FLAG_FIPS_METHOD			0x0400
-
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-#define RSA_FLAG_NON_FIPS_ALLOW			0x0400
-/* Application has decided PRNG is good enough to generate a key: don't
- * check.
- */
-#define RSA_FLAG_CHECKED			0x0800
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_RSA_strings(void);
-
-/* Error codes for the RSA functions. */
-
-/* Function codes. */
-#define RSA_F_CHECK_PADDING_MD				 140
-#define RSA_F_DO_RSA_PRINT				 146
-#define RSA_F_INT_RSA_VERIFY				 145
-#define RSA_F_MEMORY_LOCK				 100
-#define RSA_F_OLD_RSA_PRIV_DECODE			 147
-#define RSA_F_PKEY_RSA_CTRL				 143
-#define RSA_F_PKEY_RSA_CTRL_STR				 144
-#define RSA_F_PKEY_RSA_SIGN				 142
-#define RSA_F_PKEY_RSA_VERIFY				 154
-#define RSA_F_PKEY_RSA_VERIFYRECOVER			 141
-#define RSA_F_RSA_BUILTIN_KEYGEN			 129
-#define RSA_F_RSA_CHECK_KEY				 123
-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT			 101
-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT			 102
-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT			 103
-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 104
-#define RSA_F_RSA_GENERATE_KEY				 105
-#define RSA_F_RSA_GENERATE_KEY_EX			 155
-#define RSA_F_RSA_ITEM_VERIFY				 156
-#define RSA_F_RSA_MEMORY_LOCK				 130
-#define RSA_F_RSA_NEW_METHOD				 106
-#define RSA_F_RSA_NULL					 124
-#define RSA_F_RSA_NULL_MOD_EXP				 131
-#define RSA_F_RSA_NULL_PRIVATE_DECRYPT			 132
-#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT			 133
-#define RSA_F_RSA_NULL_PUBLIC_DECRYPT			 134
-#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT			 135
-#define RSA_F_RSA_PADDING_ADD_NONE			 107
-#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP		 121
-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS			 125
-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1		 148
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 109
-#define RSA_F_RSA_PADDING_ADD_SSLV23			 110
-#define RSA_F_RSA_PADDING_ADD_X931			 127
-#define RSA_F_RSA_PADDING_CHECK_NONE			 111
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP		 122
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 112
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 113
-#define RSA_F_RSA_PADDING_CHECK_SSLV23			 114
-#define RSA_F_RSA_PADDING_CHECK_X931			 128
-#define RSA_F_RSA_PRINT					 115
-#define RSA_F_RSA_PRINT_FP				 116
-#define RSA_F_RSA_PRIVATE_DECRYPT			 150
-#define RSA_F_RSA_PRIVATE_ENCRYPT			 151
-#define RSA_F_RSA_PRIV_DECODE				 137
-#define RSA_F_RSA_PRIV_ENCODE				 138
-#define RSA_F_RSA_PUBLIC_DECRYPT			 152
-#define RSA_F_RSA_PUBLIC_ENCRYPT			 153
-#define RSA_F_RSA_PUB_DECODE				 139
-#define RSA_F_RSA_SETUP_BLINDING			 136
-#define RSA_F_RSA_SIGN					 117
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 118
-#define RSA_F_RSA_VERIFY				 119
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 120
-#define RSA_F_RSA_VERIFY_PKCS1_PSS			 126
-#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1			 149
-
-/* Reason codes. */
-#define RSA_R_ALGORITHM_MISMATCH			 100
-#define RSA_R_BAD_E_VALUE				 101
-#define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102
-#define RSA_R_BAD_PAD_BYTE_COUNT			 103
-#define RSA_R_BAD_SIGNATURE				 104
-#define RSA_R_BLOCK_TYPE_IS_NOT_01			 106
-#define RSA_R_BLOCK_TYPE_IS_NOT_02			 107
-#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
-#define RSA_R_DATA_TOO_LARGE				 109
-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
-#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS		 132
-#define RSA_R_DATA_TOO_SMALL				 111
-#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE		 122
-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
-#define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124
-#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125
-#define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123
-#define RSA_R_FIRST_OCTET_INVALID			 133
-#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE	 144
-#define RSA_R_INVALID_DIGEST_LENGTH			 143
-#define RSA_R_INVALID_HEADER				 137
-#define RSA_R_INVALID_KEYBITS				 145
-#define RSA_R_INVALID_MESSAGE_LENGTH			 131
-#define RSA_R_INVALID_MGF1_MD				 156
-#define RSA_R_INVALID_PADDING				 138
-#define RSA_R_INVALID_PADDING_MODE			 141
-#define RSA_R_INVALID_PSS_PARAMETERS			 149
-#define RSA_R_INVALID_PSS_SALTLEN			 146
-#define RSA_R_INVALID_SALT_LENGTH			 150
-#define RSA_R_INVALID_TRAILER				 139
-#define RSA_R_INVALID_X931_DIGEST			 142
-#define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
-#define RSA_R_KEY_SIZE_TOO_SMALL			 120
-#define RSA_R_LAST_OCTET_INVALID			 134
-#define RSA_R_MODULUS_TOO_LARGE				 105
-#define RSA_R_NON_FIPS_RSA_METHOD			 157
-#define RSA_R_NO_PUBLIC_EXPONENT			 140
-#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
-#define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
-#define RSA_R_OAEP_DECODING_ERROR			 121
-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE	 158
-#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE	 148
-#define RSA_R_PADDING_CHECK_FAILED			 114
-#define RSA_R_PKCS_DECODING_ERROR			 159
-#define RSA_R_P_NOT_PRIME				 128
-#define RSA_R_Q_NOT_PRIME				 129
-#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED		 130
-#define RSA_R_SLEN_CHECK_FAILED				 136
-#define RSA_R_SLEN_RECOVERY_FAILED			 135
-#define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
-#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
-#define RSA_R_UNKNOWN_MASK_DIGEST			 151
-#define RSA_R_UNKNOWN_PADDING_TYPE			 118
-#define RSA_R_UNKNOWN_PSS_DIGEST			 152
-#define RSA_R_UNSUPPORTED_MASK_ALGORITHM		 153
-#define RSA_R_UNSUPPORTED_MASK_PARAMETER		 154
-#define RSA_R_UNSUPPORTED_SIGNATURE_TYPE		 155
-#define RSA_R_VALUE_MISSING				 147
-#define RSA_R_WRONG_SIGNATURE_LENGTH			 119
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
deleted file mode 100644
index 4c8ecd9233..0000000000
--- a/crypto/rsa/rsa_ameth.c
+++ /dev/null
@@ -1,698 +0,0 @@
-/* crypto/rsa/rsa_ameth.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/rsa.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_CMS
-#include <openssl/cms.h>
-#endif
-#include "asn1_locl.h"
-
-static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
-	{
-	unsigned char *penc = NULL;
-	int penclen;
-	penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
-	if (penclen <= 0)
-		return 0;
-	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
-				V_ASN1_NULL, NULL, penc, penclen))
-		return 1;
-
-	OPENSSL_free(penc);
-	return 0;
-	}
-
-static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
-	{
-	const unsigned char *p;
-	int pklen;
-	RSA *rsa = NULL;
-	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
-		return 0;
-	if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen)))
-		{
-		RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
-		return 0;
-		}
-	EVP_PKEY_assign_RSA (pkey, rsa);
-	return 1;
-	}
-
-static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-	{
-	if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
-		|| BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
-			return 0;
-	return 1;
-	}
-
-static int old_rsa_priv_decode(EVP_PKEY *pkey,
-					const unsigned char **pder, int derlen)
-	{
-	RSA *rsa;
-	if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen)))
-		{
-		RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
-		return 0;
-		}
-	EVP_PKEY_assign_RSA(pkey, rsa);
-	return 1;
-	}
-
-static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
-	{
-	return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
-	}
-
-static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
-	{
-	unsigned char *rk = NULL;
-	int rklen;
-	rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
-
-	if (rklen <= 0)
-		{
-		RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
-				V_ASN1_NULL, NULL, rk, rklen))
-		{
-		RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	return 1;
-	}
-
-static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
-	{
-	const unsigned char *p;
-	int pklen;
-	if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
-		return 0;
-	return old_rsa_priv_decode(pkey, &p, pklen);
-	}
-
-static int int_rsa_size(const EVP_PKEY *pkey)
-	{
-	return RSA_size(pkey->pkey.rsa);
-	}
-
-static int rsa_bits(const EVP_PKEY *pkey)
-	{
-	return BN_num_bits(pkey->pkey.rsa->n);
-	}
-
-static void int_rsa_free(EVP_PKEY *pkey)
-	{
-	RSA_free(pkey->pkey.rsa);
-	}
-
-
-static void update_buflen(const BIGNUM *b, size_t *pbuflen)
-	{
-	size_t i;
-	if (!b)
-		return;
-	if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
-			*pbuflen = i;
-	}
-
-static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
-	{
-	char *str;
-	const char *s;
-	unsigned char *m=NULL;
-	int ret=0, mod_len = 0;
-	size_t buf_len=0;
-
-	update_buflen(x->n, &buf_len);
-	update_buflen(x->e, &buf_len);
-
-	if (priv)
-		{
-		update_buflen(x->d, &buf_len);
-		update_buflen(x->p, &buf_len);
-		update_buflen(x->q, &buf_len);
-		update_buflen(x->dmp1, &buf_len);
-		update_buflen(x->dmq1, &buf_len);
-		update_buflen(x->iqmp, &buf_len);
-		}
-
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-	if (m == NULL)
-		{
-		RSAerr(RSA_F_DO_RSA_PRINT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (x->n != NULL)
-		mod_len = BN_num_bits(x->n);
-
-	if(!BIO_indent(bp,off,128))
-		goto err;
-
-	if (priv && x->d)
-		{
-		if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
-			<= 0) goto err;
-		str = "modulus:";
-		s = "publicExponent:";
-		}
-	else
-		{
-		if (BIO_printf(bp,"Public-Key: (%d bit)\n", mod_len)
-			<= 0) goto err;
-		str = "Modulus:";
-		s= "Exponent:";
-		}
-	if (!ASN1_bn_print(bp,str,x->n,m,off)) goto err;
-	if (!ASN1_bn_print(bp,s,x->e,m,off))
-		goto err;
-	if (priv)
-		{
-		if (!ASN1_bn_print(bp,"privateExponent:",x->d,m,off))
-			goto err;
-		if (!ASN1_bn_print(bp,"prime1:",x->p,m,off))
-			goto err;
-		if (!ASN1_bn_print(bp,"prime2:",x->q,m,off))
-			goto err;
-		if (!ASN1_bn_print(bp,"exponent1:",x->dmp1,m,off))
-			goto err;
-		if (!ASN1_bn_print(bp,"exponent2:",x->dmq1,m,off))
-			goto err;
-		if (!ASN1_bn_print(bp,"coefficient:",x->iqmp,m,off))
-			goto err;
-		}
-	ret=1;
-err:
-	if (m != NULL) OPENSSL_free(m);
-	return(ret);
-	}
-
-static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *ctx)
-	{
-	return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
-	}
-
-
-static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *ctx)
-	{
-	return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
-	}
-
-static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,
-					X509_ALGOR **pmaskHash)
-	{
-	const unsigned char *p;
-	int plen;
-	RSA_PSS_PARAMS *pss;
-
-	*pmaskHash = NULL;
-
-	if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
-		return NULL;
-	p = alg->parameter->value.sequence->data;
-	plen = alg->parameter->value.sequence->length;
-	pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
-
-	if (!pss)
-		return NULL;
-	
-	if (pss->maskGenAlgorithm)
-		{
-		ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
-		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1
-			&& param->type == V_ASN1_SEQUENCE)
-			{
-			p = param->value.sequence->data;
-			plen = param->value.sequence->length;
-			*pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
-			}
-		}
-
-	return pss;
-	}
-
-static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, 
-				X509_ALGOR *maskHash, int indent)
-	{
-	int rv = 0;
-	if (!pss)
-		{
-		if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
-			return 0;
-		return 1;
-		}
-	if (BIO_puts(bp, "\n") <= 0)
-		goto err;
-	if (!BIO_indent(bp, indent, 128))
-		goto err;
-	if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
-		goto err;
-
-	if (pss->hashAlgorithm)
-		{
-		if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
-			goto err;
-		}
-	else if (BIO_puts(bp, "sha1 (default)") <= 0)
-		goto err;
-
-	if (BIO_puts(bp, "\n") <= 0)
-		goto err;
-
-	if (!BIO_indent(bp, indent, 128))
-		goto err;
-
-	if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
-			goto err;
-	if (pss->maskGenAlgorithm)
-		{
-		if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
-			goto err;
-		if (BIO_puts(bp, " with ") <= 0)
-			goto err;
-		if (maskHash)
-			{
-			if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
-			goto err;
-			}
-		else if (BIO_puts(bp, "INVALID") <= 0)
-			goto err;
-		}
-	else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
-		goto err;
-	BIO_puts(bp, "\n");
-
-	if (!BIO_indent(bp, indent, 128))
-		goto err;
-	if (BIO_puts(bp, "Salt Length: 0x") <= 0)
-			goto err;
-	if (pss->saltLength)
-		{
-		if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
-			goto err;
-		}
-	else if (BIO_puts(bp, "14 (default)") <= 0)
-		goto err;
-	BIO_puts(bp, "\n");
-
-	if (!BIO_indent(bp, indent, 128))
-		goto err;
-	if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
-			goto err;
-	if (pss->trailerField)
-		{
-		if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
-			goto err;
-		}
-	else if (BIO_puts(bp, "BC (default)") <= 0)
-		goto err;
-	BIO_puts(bp, "\n");
-	
-	rv = 1;
-
-	err:
-	return rv;
-
-	}
-
-static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
-					const ASN1_STRING *sig,
-					int indent, ASN1_PCTX *pctx)
-	{
-	if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss)
-		{
-		int rv;
-		RSA_PSS_PARAMS *pss;
-		X509_ALGOR *maskHash;
-		pss = rsa_pss_decode(sigalg, &maskHash);
-		rv = rsa_pss_param_print(bp, pss, maskHash, indent);
-		if (pss)
-			RSA_PSS_PARAMS_free(pss);
-		if (maskHash)
-			X509_ALGOR_free(maskHash);
-		if (!rv)
-			return 0;
-		}
-	else if (!sig && BIO_puts(bp, "\n") <= 0)
-		return 0;
-	if (sig)
-		return X509_signature_dump(bp, sig, indent);
-	return 1;
-	}
-
-static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
-	{
-	X509_ALGOR *alg = NULL;
-	switch (op)
-		{
-
-		case ASN1_PKEY_CTRL_PKCS7_SIGN:
-		if (arg1 == 0)
-			PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
-		break;
-
-		case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
-		if (arg1 == 0)
-			PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
-		break;
-#ifndef OPENSSL_NO_CMS
-		case ASN1_PKEY_CTRL_CMS_SIGN:
-		if (arg1 == 0)
-			CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
-		break;
-
-		case ASN1_PKEY_CTRL_CMS_ENVELOPE:
-		if (arg1 == 0)
-			CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
-		break;
-#endif
-
-		case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-		*(int *)arg2 = NID_sha1;
-		return 1;
-
-		default:
-		return -2;
-
-		}
-
-	if (alg)
-		X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
-							V_ASN1_NULL, 0);
-
-	return 1;
-
-	}
-
-/* Customised RSA item verification routine. This is called 
- * when a signature is encountered requiring special handling. We 
- * currently only handle PSS.
- */
-
-
-static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-			X509_ALGOR *sigalg, ASN1_BIT_STRING *sig,
-			EVP_PKEY *pkey)
-	{
-	int rv = -1;
-	int saltlen;
-	const EVP_MD *mgf1md = NULL, *md = NULL;
-	RSA_PSS_PARAMS *pss;
-	X509_ALGOR *maskHash;
-	EVP_PKEY_CTX *pkctx;
-	/* Sanity check: make sure it is PSS */
-	if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss)
-		{
-		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
-		return -1;
-		}
-	/* Decode PSS parameters */
-	pss = rsa_pss_decode(sigalg, &maskHash);
-
-	if (pss == NULL)
-		{
-		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS);
-		goto err;
-		}
-	/* Check mask and lookup mask hash algorithm */
-	if (pss->maskGenAlgorithm)
-		{
-		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1)
-			{
-			RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_ALGORITHM);
-			goto err;
-			}
-		if (!maskHash)
-			{
-			RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_PARAMETER);
-			goto err;
-			}
-		mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
-		if (mgf1md == NULL)
-			{
-			RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_MASK_DIGEST);
-			goto err;
-			}
-		}
-	else
-		mgf1md = EVP_sha1();
-
-	if (pss->hashAlgorithm)
-		{
-		md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
-		if (md == NULL)
-			{
-			RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST);
-			goto err;
-			}
-		}
-	else
-		md = EVP_sha1();
-
-	if (pss->saltLength)
-		{
-		saltlen = ASN1_INTEGER_get(pss->saltLength);
-
-		/* Could perform more salt length sanity checks but the main
-		 * RSA routines will trap other invalid values anyway.
-		 */
-		if (saltlen < 0)
-			{
-			RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_SALT_LENGTH);
-			goto err;
-			}
-		}
-	else
-		saltlen = 20;
-
-	/* low-level routines support only trailer field 0xbc (value 1)
-	 * and PKCS#1 says we should reject any other value anyway.
-	 */
-	if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1)
-		{
-		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
-		goto err;
-		}
-
-	/* We have all parameters now set up context */
-
-	if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
-		goto err;
-
-	if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
-		goto err;
-
-	if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
-		goto err;
-
-	if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
-		goto err;
-	/* Carry on */
-	rv = 2;
-
-	err:
-	RSA_PSS_PARAMS_free(pss);
-	if (maskHash)
-		X509_ALGOR_free(maskHash);
-	return rv;
-	}
-
-static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-				X509_ALGOR *alg1, X509_ALGOR *alg2, 
-				ASN1_BIT_STRING *sig)
-	{
-	int pad_mode;
-	EVP_PKEY_CTX *pkctx = ctx->pctx;
-	if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
-		return 0;
-	if (pad_mode == RSA_PKCS1_PADDING)
-		return 2;
-	if (pad_mode == RSA_PKCS1_PSS_PADDING)
-		{
-		const EVP_MD *sigmd, *mgf1md;
-		RSA_PSS_PARAMS *pss = NULL;
-		X509_ALGOR *mgf1alg = NULL;
-		ASN1_STRING *os1 = NULL, *os2 = NULL;
-		EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
-		int saltlen, rv = 0;
-		sigmd = EVP_MD_CTX_md(ctx);
-		if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
-			goto err;
-		if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
-			goto err;
-		if (saltlen == -1)
-			saltlen = EVP_MD_size(sigmd);
-		else if (saltlen == -2)
-			{
-			saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
-			if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
-				saltlen--;
-			}
-		pss = RSA_PSS_PARAMS_new();
-		if (!pss)
-			goto err;
-		if (saltlen != 20)
-			{
-			pss->saltLength = ASN1_INTEGER_new();
-			if (!pss->saltLength)
-				goto err;
-			if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
-				goto err;
-			}
-		if (EVP_MD_type(sigmd) != NID_sha1)
-			{
-			pss->hashAlgorithm = X509_ALGOR_new();
-			if (!pss->hashAlgorithm)
-				goto err;
-			X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
-			}
-		if (EVP_MD_type(mgf1md) != NID_sha1)
-			{
-			ASN1_STRING *stmp = NULL;
-			/* need to embed algorithm ID inside another */
-			mgf1alg = X509_ALGOR_new();
-			X509_ALGOR_set_md(mgf1alg, mgf1md);
-			if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR),
-									&stmp))
-					goto err;
-			pss->maskGenAlgorithm = X509_ALGOR_new();
-			if (!pss->maskGenAlgorithm)
-				goto err;
-			X509_ALGOR_set0(pss->maskGenAlgorithm,
-					OBJ_nid2obj(NID_mgf1),
-					V_ASN1_SEQUENCE, stmp);
-			}
-		/* Finally create string with pss parameter encoding. */
-		if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1))
-			goto err;
-		if (alg2)
-			{
-			os2 = ASN1_STRING_dup(os1);
-			if (!os2)
-				goto err;
-			X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
-						V_ASN1_SEQUENCE, os2);
-			}
-		X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
-					V_ASN1_SEQUENCE, os1);
-		os1 = os2 = NULL;
-		rv = 3;
-		err:
-		if (mgf1alg)
-			X509_ALGOR_free(mgf1alg);
-		if (pss)
-			RSA_PSS_PARAMS_free(pss);
-		if (os1)
-			ASN1_STRING_free(os1);
-		return rv;
-		
-		}
-	return 2;
-	}
-
-const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = 
-	{
-		{
-		EVP_PKEY_RSA,
-		EVP_PKEY_RSA,
-		ASN1_PKEY_SIGPARAM_NULL,
-
-		"RSA",
-		"OpenSSL RSA method",
-
-		rsa_pub_decode,
-		rsa_pub_encode,
-		rsa_pub_cmp,
-		rsa_pub_print,
-
-		rsa_priv_decode,
-		rsa_priv_encode,
-		rsa_priv_print,
-
-		int_rsa_size,
-		rsa_bits,
-
-		0,0,0,0,0,0,
-
-		rsa_sig_print,
-		int_rsa_free,
-		rsa_pkey_ctrl,
-		old_rsa_priv_decode,
-		old_rsa_priv_encode,
-		rsa_item_verify,
-		rsa_item_sign
-		},
-
-		{
-		EVP_PKEY_RSA2,
-		EVP_PKEY_RSA,
-		ASN1_PKEY_ALIAS
-		}
-	};
diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c
deleted file mode 100644
index 6ed5de3db4..0000000000
--- a/crypto/rsa/rsa_asn1.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* rsa_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-#include <openssl/asn1t.h>
-
-/* Override the default free and new methods */
-static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-								void *exarg)
-{
-	if(operation == ASN1_OP_NEW_PRE) {
-		*pval = (ASN1_VALUE *)RSA_new();
-		if(*pval) return 2;
-		return 0;
-	} else if(operation == ASN1_OP_FREE_PRE) {
-		RSA_free((RSA *)*pval);
-		*pval = NULL;
-		return 2;
-	}
-	return 1;
-}
-
-ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
-	ASN1_SIMPLE(RSA, version, LONG),
-	ASN1_SIMPLE(RSA, n, BIGNUM),
-	ASN1_SIMPLE(RSA, e, BIGNUM),
-	ASN1_SIMPLE(RSA, d, BIGNUM),
-	ASN1_SIMPLE(RSA, p, BIGNUM),
-	ASN1_SIMPLE(RSA, q, BIGNUM),
-	ASN1_SIMPLE(RSA, dmp1, BIGNUM),
-	ASN1_SIMPLE(RSA, dmq1, BIGNUM),
-	ASN1_SIMPLE(RSA, iqmp, BIGNUM)
-} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
-
-
-ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
-	ASN1_SIMPLE(RSA, n, BIGNUM),
-	ASN1_SIMPLE(RSA, e, BIGNUM),
-} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
-
-ASN1_SEQUENCE(RSA_PSS_PARAMS) = {
-	ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
-	ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
-	ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
-	ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
-} ASN1_SEQUENCE_END(RSA_PSS_PARAMS)
-
-IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)
-
-RSA *RSAPublicKey_dup(RSA *rsa)
-	{
-	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
-	}
-
-RSA *RSAPrivateKey_dup(RSA *rsa)
-	{
-	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
-	}
diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c
deleted file mode 100644
index cc30e77132..0000000000
--- a/crypto/rsa/rsa_chk.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/* crypto/rsa/rsa_chk.c  -*- Mode: C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-
-int RSA_check_key(const RSA *key)
-	{
-	BIGNUM *i, *j, *k, *l, *m;
-	BN_CTX *ctx;
-	int r;
-	int ret=1;
-
-	if (!key->p || !key->q || !key->n || !key->e || !key->d)
-		{
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
-		return 0;
-		}
-	
-	i = BN_new();
-	j = BN_new();
-	k = BN_new();
-	l = BN_new();
-	m = BN_new();
-	ctx = BN_CTX_new();
-	if (i == NULL || j == NULL || k == NULL || l == NULL ||
-		m == NULL || ctx == NULL)
-		{
-		ret = -1;
-		RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	
-	/* p prime? */
-	r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
-	if (r != 1)
-		{
-		ret = r;
-		if (r != 0)
-			goto err;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
-		}
-	
-	/* q prime? */
-	r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
-	if (r != 1)
-		{
-		ret = r;
-		if (r != 0)
-			goto err;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
-		}
-	
-	/* n = p*q? */
-	r = BN_mul(i, key->p, key->q, ctx);
-	if (!r) { ret = -1; goto err; }
-	
-	if (BN_cmp(i, key->n) != 0)
-		{
-		ret = 0;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
-		}
-	
-	/* d*e = 1  mod lcm(p-1,q-1)? */
-
-	r = BN_sub(i, key->p, BN_value_one());
-	if (!r) { ret = -1; goto err; }
-	r = BN_sub(j, key->q, BN_value_one());
-	if (!r) { ret = -1; goto err; }
-
-	/* now compute k = lcm(i,j) */
-	r = BN_mul(l, i, j, ctx);
-	if (!r) { ret = -1; goto err; }
-	r = BN_gcd(m, i, j, ctx);
-	if (!r) { ret = -1; goto err; }
-	r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
-	if (!r) { ret = -1; goto err; }
-
-	r = BN_mod_mul(i, key->d, key->e, k, ctx);
-	if (!r) { ret = -1; goto err; }
-
-	if (!BN_is_one(i))
-		{
-		ret = 0;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
-		}
-	
-	if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL)
-		{
-		/* dmp1 = d mod (p-1)? */
-		r = BN_sub(i, key->p, BN_value_one());
-		if (!r) { ret = -1; goto err; }
-
-		r = BN_mod(j, key->d, i, ctx);
-		if (!r) { ret = -1; goto err; }
-
-		if (BN_cmp(j, key->dmp1) != 0)
-			{
-			ret = 0;
-			RSAerr(RSA_F_RSA_CHECK_KEY,
-				RSA_R_DMP1_NOT_CONGRUENT_TO_D);
-			}
-	
-		/* dmq1 = d mod (q-1)? */    
-		r = BN_sub(i, key->q, BN_value_one());
-		if (!r) { ret = -1; goto err; }
-	
-		r = BN_mod(j, key->d, i, ctx);
-		if (!r) { ret = -1; goto err; }
-
-		if (BN_cmp(j, key->dmq1) != 0)
-			{
-			ret = 0;
-			RSAerr(RSA_F_RSA_CHECK_KEY,
-				RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
-			}
-	
-		/* iqmp = q^-1 mod p? */
-		if(!BN_mod_inverse(i, key->q, key->p, ctx))
-			{
-			ret = -1;
-			goto err;
-			}
-
-		if (BN_cmp(i, key->iqmp) != 0)
-			{
-			ret = 0;
-			RSAerr(RSA_F_RSA_CHECK_KEY,
-				RSA_R_IQMP_NOT_INVERSE_OF_Q);
-			}
-		}
-
- err:
-	if (i != NULL) BN_free(i);
-	if (j != NULL) BN_free(j);
-	if (k != NULL) BN_free(k);
-	if (l != NULL) BN_free(l);
-	if (m != NULL) BN_free(m);
-	if (ctx != NULL) BN_CTX_free(ctx);
-	return (ret);
-	}
diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c
deleted file mode 100644
index d3e44785dc..0000000000
--- a/crypto/rsa/rsa_crpt.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/* crypto/rsa/rsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-int RSA_size(const RSA *r)
-	{
-	return(BN_num_bytes(r->n));
-	}
-
-int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
-	     RSA *rsa, int padding)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-		{
-		RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-		return -1;
-		}
-#endif
-	return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
-	}
-
-int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
-	     RSA *rsa, int padding)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-		{
-		RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-		return -1;
-		}
-#endif
-	return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
-	}
-
-int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
-	     RSA *rsa, int padding)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-		{
-		RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-		return -1;
-		}
-#endif
-	return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
-	}
-
-int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
-	     RSA *rsa, int padding)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-		{
-		RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
-		return -1;
-		}
-#endif
-	return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
-	}
-
-int RSA_flags(const RSA *r)
-	{
-	return((r == NULL)?0:r->meth->flags);
-	}
-
-void RSA_blinding_off(RSA *rsa)
-	{
-	if (rsa->blinding != NULL)
-		{
-		BN_BLINDING_free(rsa->blinding);
-		rsa->blinding=NULL;
-		}
-	rsa->flags &= ~RSA_FLAG_BLINDING;
-	rsa->flags |= RSA_FLAG_NO_BLINDING;
-	}
-
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
-	{
-	int ret=0;
-
-	if (rsa->blinding != NULL)
-		RSA_blinding_off(rsa);
-
-	rsa->blinding = RSA_setup_blinding(rsa, ctx);
-	if (rsa->blinding == NULL)
-		goto err;
-
-	rsa->flags |= RSA_FLAG_BLINDING;
-	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
-	ret=1;
-err:
-	return(ret);
-	}
-
-static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
-	const BIGNUM *q, BN_CTX *ctx)
-{
-	BIGNUM *ret = NULL, *r0, *r1, *r2;
-
-	if (d == NULL || p == NULL || q == NULL)
-		return NULL;
-
-	BN_CTX_start(ctx);
-	r0 = BN_CTX_get(ctx);
-	r1 = BN_CTX_get(ctx);
-	r2 = BN_CTX_get(ctx);
-	if (r2 == NULL)
-		goto err;
-
-	if (!BN_sub(r1, p, BN_value_one())) goto err;
-	if (!BN_sub(r2, q, BN_value_one())) goto err;
-	if (!BN_mul(r0, r1, r2, ctx)) goto err;
-
-	ret = BN_mod_inverse(NULL, d, r0, ctx);
-err:
-	BN_CTX_end(ctx);
-	return ret;
-}
-
-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
-{
-	BIGNUM local_n;
-	BIGNUM *e,*n;
-	BN_CTX *ctx;
-	BN_BLINDING *ret = NULL;
-
-	if (in_ctx == NULL)
-		{
-		if ((ctx = BN_CTX_new()) == NULL) return 0;
-		}
-	else
-		ctx = in_ctx;
-
-	BN_CTX_start(ctx);
-	e  = BN_CTX_get(ctx);
-	if (e == NULL)
-		{
-		RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (rsa->e == NULL)
-		{
-		e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
-		if (e == NULL)
-			{
-			RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
-			goto err;
-			}
-		}
-	else
-		e = rsa->e;
-
-	
-	if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
-		{
-		/* if PRNG is not properly seeded, resort to secret
-		 * exponent as unpredictable seed */
-		RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
-		}
-
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		/* Set BN_FLG_CONSTTIME flag */
-		n = &local_n;
-		BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
-		}
-	else
-		n = rsa->n;
-
-	ret = BN_BLINDING_create_param(NULL, e, n, ctx,
-			rsa->meth->bn_mod_exp, rsa->_method_mod_n);
-	if (ret == NULL)
-		{
-		RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
-		goto err;
-		}
-	CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
-err:
-	BN_CTX_end(ctx);
-	if (in_ctx == NULL)
-		BN_CTX_free(ctx);
-	if(rsa->e == NULL)
-		BN_free(e);
-
-	return ret;
-}
diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c
deleted file mode 100644
index a859ded987..0000000000
--- a/crypto/rsa/rsa_depr.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* crypto/rsa/rsa_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NB: This file contains deprecated functions (compatibility wrappers to the
- * "new" versions). */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-#ifdef OPENSSL_NO_DEPRECATED
-
-static void *dummy=&dummy;
-
-#else
-
-RSA *RSA_generate_key(int bits, unsigned long e_value,
-	     void (*callback)(int,int,void *), void *cb_arg)
-	{
-	BN_GENCB cb;
-	int i;
-	RSA *rsa = RSA_new();
-	BIGNUM *e = BN_new();
-
-	if(!rsa || !e) goto err;
-
-	/* The problem is when building with 8, 16, or 32 BN_ULONG,
-	 * unsigned long can be larger */
-	for (i=0; i<(int)sizeof(unsigned long)*8; i++)
-		{
-		if (e_value & (1UL<<i))
-			if (BN_set_bit(e,i) == 0)
-				goto err;
-		}
-
-	BN_GENCB_set_old(&cb, callback, cb_arg);
-
-	if(RSA_generate_key_ex(rsa, bits, e, &cb)) {
-		BN_free(e);
-		return rsa;
-	}
-err:
-	if(e) BN_free(e);
-	if(rsa) RSA_free(rsa);
-	return 0;
-	}
-#endif
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
deleted file mode 100644
index aa810459a1..0000000000
--- a/crypto/rsa/rsa_eay.c
+++ /dev/null
@@ -1,915 +0,0 @@
-/* crypto/rsa/rsa_eay.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-#ifndef RSA_NULL
-
-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
-static int RSA_eay_init(RSA *rsa);
-static int RSA_eay_finish(RSA *rsa);
-static RSA_METHOD rsa_pkcs1_eay_meth={
-	"Eric Young's PKCS#1 RSA",
-	RSA_eay_public_encrypt,
-	RSA_eay_public_decrypt, /* signature verification */
-	RSA_eay_private_encrypt, /* signing */
-	RSA_eay_private_decrypt,
-	RSA_eay_mod_exp,
-	BN_mod_exp_mont, /* XXX probably we should not use Montgomery if  e == 3 */
-	RSA_eay_init,
-	RSA_eay_finish,
-	0, /* flags */
-	NULL,
-	0, /* rsa_sign */
-	0, /* rsa_verify */
-	NULL /* rsa_keygen */
-	};
-
-const RSA_METHOD *RSA_PKCS1_SSLeay(void)
-	{
-	return(&rsa_pkcs1_eay_meth);
-	}
-
-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	BIGNUM *f,*ret;
-	int i,j,k,num=0,r= -1;
-	unsigned char *buf=NULL;
-	BN_CTX *ctx=NULL;
-
-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
-		return -1;
-		}
-
-	if (BN_ucmp(rsa->n, rsa->e) <= 0)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
-		return -1;
-		}
-
-	/* for large moduli, enforce exponent limit */
-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
-		{
-		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
-			{
-			RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
-			return -1;
-			}
-		}
-	
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-	BN_CTX_start(ctx);
-	f = BN_CTX_get(ctx);
-	ret = BN_CTX_get(ctx);
-	num=BN_num_bytes(rsa->n);
-	buf = OPENSSL_malloc(num);
-	if (!f || !ret || !buf)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	switch (padding)
-		{
-	case RSA_PKCS1_PADDING:
-		i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
-		break;
-#ifndef OPENSSL_NO_SHA
-	case RSA_PKCS1_OAEP_PADDING:
-	        i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
-		break;
-#endif
-	case RSA_SSLV23_PADDING:
-		i=RSA_padding_add_SSLv23(buf,num,from,flen);
-		break;
-	case RSA_NO_PADDING:
-		i=RSA_padding_add_none(buf,num,from,flen);
-		break;
-	default:
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-		}
-	if (i <= 0) goto err;
-
-	if (BN_bin2bn(buf,num,f) == NULL) goto err;
-	
-	if (BN_ucmp(f, rsa->n) >= 0)
-		{
-		/* usually the padding functions would catch this */
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-		goto err;
-		}
-
-	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-			goto err;
-
-	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
-		rsa->_method_mod_n)) goto err;
-
-	/* put in leading 0 bytes if the number is less than the
-	 * length of the modulus */
-	j=BN_num_bytes(ret);
-	i=BN_bn2bin(ret,&(to[num-j]));
-	for (k=0; k<(num-i); k++)
-		to[k]=0;
-
-	r=num;
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	if (buf != NULL) 
-		{
-		OPENSSL_cleanse(buf,num);
-		OPENSSL_free(buf);
-		}
-	return(r);
-	}
-
-static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
-{
-	BN_BLINDING *ret;
-	int got_write_lock = 0;
-	CRYPTO_THREADID cur;
-
-	CRYPTO_r_lock(CRYPTO_LOCK_RSA);
-
-	if (rsa->blinding == NULL)
-		{
-		CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-		CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-		got_write_lock = 1;
-
-		if (rsa->blinding == NULL)
-			rsa->blinding = RSA_setup_blinding(rsa, ctx);
-		}
-
-	ret = rsa->blinding;
-	if (ret == NULL)
-		goto err;
-
-	CRYPTO_THREADID_current(&cur);
-	if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret)))
-		{
-		/* rsa->blinding is ours! */
-
-		*local = 1;
-		}
-	else
-		{
-		/* resort to rsa->mt_blinding instead */
-
-		*local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
-		             * that the BN_BLINDING is shared, meaning that accesses
-		             * require locks, and that the blinding factor must be
-		             * stored outside the BN_BLINDING
-		             */
-
-		if (rsa->mt_blinding == NULL)
-			{
-			if (!got_write_lock)
-				{
-				CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-				CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-				got_write_lock = 1;
-				}
-			
-			if (rsa->mt_blinding == NULL)
-				rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
-			}
-		ret = rsa->mt_blinding;
-		}
-
- err:
-	if (got_write_lock)
-		CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-	else
-		CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-	return ret;
-}
-
-static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
-	BN_CTX *ctx)
-	{
-	if (unblind == NULL)
-		/* Local blinding: store the unblinding factor
-		 * in BN_BLINDING. */
-		return BN_BLINDING_convert_ex(f, NULL, b, ctx);
-	else
-		{
-		/* Shared blinding: store the unblinding factor
-		 * outside BN_BLINDING. */
-		int ret;
-		CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
-		ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
-		CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
-		return ret;
-		}
-	}
-
-static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
-	BN_CTX *ctx)
-	{
-	/* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
-	 * will use the unblinding factor stored in BN_BLINDING.
-	 * If BN_BLINDING is shared between threads, unblind must be non-null:
-	 * BN_BLINDING_invert_ex will then use the local unblinding factor,
-	 * and will only read the modulus from BN_BLINDING.
-	 * In both cases it's safe to access the blinding without a lock.
-	 */
-	return BN_BLINDING_invert_ex(f, unblind, b, ctx);
-	}
-
-/* signing */
-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	BIGNUM *f, *ret, *res;
-	int i,j,k,num=0,r= -1;
-	unsigned char *buf=NULL;
-	BN_CTX *ctx=NULL;
-	int local_blinding = 0;
-	/* Used only if the blinding structure is shared. A non-NULL unblind
-	 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
-	 * the unblinding factor outside the blinding structure. */
-	BIGNUM *unblind = NULL;
-	BN_BLINDING *blinding = NULL;
-
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-	BN_CTX_start(ctx);
-	f   = BN_CTX_get(ctx);
-	ret = BN_CTX_get(ctx);
-	num = BN_num_bytes(rsa->n);
-	buf = OPENSSL_malloc(num);
-	if(!f || !ret || !buf)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	switch (padding)
-		{
-	case RSA_PKCS1_PADDING:
-		i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
-		break;
-	case RSA_X931_PADDING:
-		i=RSA_padding_add_X931(buf,num,from,flen);
-		break;
-	case RSA_NO_PADDING:
-		i=RSA_padding_add_none(buf,num,from,flen);
-		break;
-	case RSA_SSLV23_PADDING:
-	default:
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-		}
-	if (i <= 0) goto err;
-
-	if (BN_bin2bn(buf,num,f) == NULL) goto err;
-	
-	if (BN_ucmp(f, rsa->n) >= 0)
-		{	
-		/* usually the padding functions would catch this */
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-		goto err;
-		}
-
-	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
-		{
-		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
-		if (blinding == NULL)
-			{
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		}
-	
-	if (blinding != NULL)
-		{
-		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
-			{
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (!rsa_blinding_convert(blinding, f, unblind, ctx))
-			goto err;
-		}
-
-	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
-		((rsa->p != NULL) &&
-		(rsa->q != NULL) &&
-		(rsa->dmp1 != NULL) &&
-		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL)) )
-		{ 
-		if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
-		}
-	else
-		{
-		BIGNUM local_d;
-		BIGNUM *d = NULL;
-		
-		if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-			{
-			BN_init(&local_d);
-			d = &local_d;
-			BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-			}
-		else
-			d= rsa->d;
-
-		if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-			if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-				goto err;
-
-		if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
-				rsa->_method_mod_n)) goto err;
-		}
-
-	if (blinding)
-		if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
-			goto err;
-
-	if (padding == RSA_X931_PADDING)
-		{
-		BN_sub(f, rsa->n, ret);
-		if (BN_cmp(ret, f) > 0)
-			res = f;
-		else
-			res = ret;
-		}
-	else
-		res = ret;
-
-	/* put in leading 0 bytes if the number is less than the
-	 * length of the modulus */
-	j=BN_num_bytes(res);
-	i=BN_bn2bin(res,&(to[num-j]));
-	for (k=0; k<(num-i); k++)
-		to[k]=0;
-
-	r=num;
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	if (buf != NULL)
-		{
-		OPENSSL_cleanse(buf,num);
-		OPENSSL_free(buf);
-		}
-	return(r);
-	}
-
-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	BIGNUM *f, *ret;
-	int j,num=0,r= -1;
-	unsigned char *p;
-	unsigned char *buf=NULL;
-	BN_CTX *ctx=NULL;
-	int local_blinding = 0;
-	/* Used only if the blinding structure is shared. A non-NULL unblind
-	 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
-	 * the unblinding factor outside the blinding structure. */
-	BIGNUM *unblind = NULL;
-	BN_BLINDING *blinding = NULL;
-
-	if((ctx = BN_CTX_new()) == NULL) goto err;
-	BN_CTX_start(ctx);
-	f   = BN_CTX_get(ctx);
-	ret = BN_CTX_get(ctx);
-	num = BN_num_bytes(rsa->n);
-	buf = OPENSSL_malloc(num);
-	if(!f || !ret || !buf)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	/* This check was for equality but PGP does evil things
-	 * and chops off the top '0' bytes */
-	if (flen > num)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-		goto err;
-		}
-
-	/* make data into a big number */
-	if (BN_bin2bn(from,(int)flen,f) == NULL) goto err;
-
-	if (BN_ucmp(f, rsa->n) >= 0)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-		goto err;
-		}
-
-	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
-		{
-		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
-		if (blinding == NULL)
-			{
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		}
-	
-	if (blinding != NULL)
-		{
-		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
-			{
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (!rsa_blinding_convert(blinding, f, unblind, ctx))
-			goto err;
-		}
-
-	/* do the decrypt */
-	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
-		((rsa->p != NULL) &&
-		(rsa->q != NULL) &&
-		(rsa->dmp1 != NULL) &&
-		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL)) )
-		{
-		if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
-		}
-	else
-		{
-		BIGNUM local_d;
-		BIGNUM *d = NULL;
-		
-		if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-			{
-			d = &local_d;
-			BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-			}
-		else
-			d = rsa->d;
-
-		if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-			if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-				goto err;
-		if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
-				rsa->_method_mod_n))
-		  goto err;
-		}
-
-	if (blinding)
-		if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
-			goto err;
-
-	p=buf;
-	j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */
-
-	switch (padding)
-		{
-	case RSA_PKCS1_PADDING:
-		r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
-		break;
-#ifndef OPENSSL_NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-	        r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
-                break;
-#endif
- 	case RSA_SSLV23_PADDING:
-		r=RSA_padding_check_SSLv23(to,num,buf,j,num);
-		break;
-	case RSA_NO_PADDING:
-		r=RSA_padding_check_none(to,num,buf,j,num);
-		break;
-	default:
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-		}
-	if (r < 0)
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	if (buf != NULL)
-		{
-		OPENSSL_cleanse(buf,num);
-		OPENSSL_free(buf);
-		}
-	return(r);
-	}
-
-/* signature verification */
-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	BIGNUM *f,*ret;
-	int i,num=0,r= -1;
-	unsigned char *p;
-	unsigned char *buf=NULL;
-	BN_CTX *ctx=NULL;
-
-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
-		return -1;
-		}
-
-	if (BN_ucmp(rsa->n, rsa->e) <= 0)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
-		return -1;
-		}
-
-	/* for large moduli, enforce exponent limit */
-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
-		{
-		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
-			{
-			RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
-			return -1;
-			}
-		}
-	
-	if((ctx = BN_CTX_new()) == NULL) goto err;
-	BN_CTX_start(ctx);
-	f = BN_CTX_get(ctx);
-	ret = BN_CTX_get(ctx);
-	num=BN_num_bytes(rsa->n);
-	buf = OPENSSL_malloc(num);
-	if(!f || !ret || !buf)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	/* This check was for equality but PGP does evil things
-	 * and chops off the top '0' bytes */
-	if (flen > num)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-		goto err;
-		}
-
-	if (BN_bin2bn(from,flen,f) == NULL) goto err;
-
-	if (BN_ucmp(f, rsa->n) >= 0)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-		goto err;
-		}
-
-	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-			goto err;
-
-	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
-		rsa->_method_mod_n)) goto err;
-
-	if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
-		if (!BN_sub(ret, rsa->n, ret)) goto err;
-
-	p=buf;
-	i=BN_bn2bin(ret,p);
-
-	switch (padding)
-		{
-	case RSA_PKCS1_PADDING:
-		r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
-		break;
-	case RSA_X931_PADDING:
-		r=RSA_padding_check_X931(to,num,buf,i,num);
-		break;
-	case RSA_NO_PADDING:
-		r=RSA_padding_check_none(to,num,buf,i,num);
-		break;
-	default:
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-		}
-	if (r < 0)
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	if (buf != NULL)
-		{
-		OPENSSL_cleanse(buf,num);
-		OPENSSL_free(buf);
-		}
-	return(r);
-	}
-
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-	{
-	BIGNUM *r1,*m1,*vrfy;
-	BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
-	BIGNUM *dmp1,*dmq1,*c,*pr1;
-	int ret=0;
-
-	BN_CTX_start(ctx);
-	r1 = BN_CTX_get(ctx);
-	m1 = BN_CTX_get(ctx);
-	vrfy = BN_CTX_get(ctx);
-
-	{
-		BIGNUM local_p, local_q;
-		BIGNUM *p = NULL, *q = NULL;
-
-		/* Make sure BN_mod_inverse in Montgomery intialization uses the
-		 * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
-		 */
-		if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-			{
-			BN_init(&local_p);
-			p = &local_p;
-			BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-
-			BN_init(&local_q);
-			q = &local_q;
-			BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
-			}
-		else
-			{
-			p = rsa->p;
-			q = rsa->q;
-			}
-
-		if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
-			{
-			if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
-				goto err;
-			if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
-				goto err;
-			}
-	}
-
-	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-			goto err;
-
-	/* compute I mod q */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		c = &local_c;
-		BN_with_flags(c, I, BN_FLG_CONSTTIME);
-		if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
-		}
-
-	/* compute r1^dmq1 mod q */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		dmq1 = &local_dmq1;
-		BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
-		}
-	else
-		dmq1 = rsa->dmq1;
-	if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx,
-		rsa->_method_mod_q)) goto err;
-
-	/* compute I mod p */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		c = &local_c;
-		BN_with_flags(c, I, BN_FLG_CONSTTIME);
-		if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
-		}
-
-	/* compute r1^dmp1 mod p */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		dmp1 = &local_dmp1;
-		BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
-		}
-	else
-		dmp1 = rsa->dmp1;
-	if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx,
-		rsa->_method_mod_p)) goto err;
-
-	if (!BN_sub(r0,r0,m1)) goto err;
-	/* This will help stop the size of r0 increasing, which does
-	 * affect the multiply if it optimised for a power of 2 size */
-	if (BN_is_negative(r0))
-		if (!BN_add(r0,r0,rsa->p)) goto err;
-
-	if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
-
-	/* Turn BN_FLG_CONSTTIME flag on before division operation */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		pr1 = &local_r1;
-		BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
-		}
-	else
-		pr1 = r1;
-	if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
-
-	/* If p < q it is occasionally possible for the correction of
-	 * adding 'p' if r0 is negative above to leave the result still
-	 * negative. This can break the private key operations: the following
-	 * second correction should *always* correct this rare occurrence.
-	 * This will *never* happen with OpenSSL generated keys because
-	 * they ensure p > q [steve]
-	 */
-	if (BN_is_negative(r0))
-		if (!BN_add(r0,r0,rsa->p)) goto err;
-	if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
-	if (!BN_add(r0,r1,m1)) goto err;
-
-	if (rsa->e && rsa->n)
-		{
-		if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err;
-		/* If 'I' was greater than (or equal to) rsa->n, the operation
-		 * will be equivalent to using 'I mod n'. However, the result of
-		 * the verify will *always* be less than 'n' so we don't check
-		 * for absolute equality, just congruency. */
-		if (!BN_sub(vrfy, vrfy, I)) goto err;
-		if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err;
-		if (BN_is_negative(vrfy))
-			if (!BN_add(vrfy, vrfy, rsa->n)) goto err;
-		if (!BN_is_zero(vrfy))
-			{
-			/* 'I' and 'vrfy' aren't congruent mod n. Don't leak
-			 * miscalculated CRT output, just do a raw (slower)
-			 * mod_exp and return that instead. */
-
-			BIGNUM local_d;
-			BIGNUM *d = NULL;
-		
-			if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-				{
-				d = &local_d;
-				BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-				}
-			else
-				d = rsa->d;
-			if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,
-						   rsa->_method_mod_n)) goto err;
-			}
-		}
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	return(ret);
-	}
-
-static int RSA_eay_init(RSA *rsa)
-	{
-	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
-	return(1);
-	}
-
-static int RSA_eay_finish(RSA *rsa)
-	{
-	if (rsa->_method_mod_n != NULL)
-		BN_MONT_CTX_free(rsa->_method_mod_n);
-	if (rsa->_method_mod_p != NULL)
-		BN_MONT_CTX_free(rsa->_method_mod_p);
-	if (rsa->_method_mod_q != NULL)
-		BN_MONT_CTX_free(rsa->_method_mod_q);
-	return(1);
-	}
-
-#endif
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
deleted file mode 100644
index 9da79d920e..0000000000
--- a/crypto/rsa/rsa_err.c
+++ /dev/null
@@ -1,210 +0,0 @@
-/* crypto/rsa/rsa_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
-
-static ERR_STRING_DATA RSA_str_functs[]=
-	{
-{ERR_FUNC(RSA_F_CHECK_PADDING_MD),	"CHECK_PADDING_MD"},
-{ERR_FUNC(RSA_F_DO_RSA_PRINT),	"DO_RSA_PRINT"},
-{ERR_FUNC(RSA_F_INT_RSA_VERIFY),	"INT_RSA_VERIFY"},
-{ERR_FUNC(RSA_F_MEMORY_LOCK),	"MEMORY_LOCK"},
-{ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE),	"OLD_RSA_PRIV_DECODE"},
-{ERR_FUNC(RSA_F_PKEY_RSA_CTRL),	"PKEY_RSA_CTRL"},
-{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR),	"PKEY_RSA_CTRL_STR"},
-{ERR_FUNC(RSA_F_PKEY_RSA_SIGN),	"PKEY_RSA_SIGN"},
-{ERR_FUNC(RSA_F_PKEY_RSA_VERIFY),	"PKEY_RSA_VERIFY"},
-{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER),	"PKEY_RSA_VERIFYRECOVER"},
-{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),	"RSA_BUILTIN_KEYGEN"},
-{ERR_FUNC(RSA_F_RSA_CHECK_KEY),	"RSA_check_key"},
-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT),	"RSA_EAY_PRIVATE_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT),	"RSA_EAY_PRIVATE_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),	"RSA_EAY_PUBLIC_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),	"RSA_EAY_PUBLIC_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_GENERATE_KEY),	"RSA_generate_key"},
-{ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX),	"RSA_generate_key_ex"},
-{ERR_FUNC(RSA_F_RSA_ITEM_VERIFY),	"RSA_ITEM_VERIFY"},
-{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK),	"RSA_memory_lock"},
-{ERR_FUNC(RSA_F_RSA_NEW_METHOD),	"RSA_new_method"},
-{ERR_FUNC(RSA_F_RSA_NULL),	"RSA_NULL"},
-{ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP),	"RSA_NULL_MOD_EXP"},
-{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT),	"RSA_NULL_PRIVATE_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT),	"RSA_NULL_PRIVATE_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT),	"RSA_NULL_PUBLIC_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT),	"RSA_NULL_PUBLIC_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE),	"RSA_padding_add_none"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),	"RSA_padding_add_PKCS1_OAEP"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),	"RSA_padding_add_PKCS1_PSS"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1),	"RSA_padding_add_PKCS1_PSS_mgf1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),	"RSA_padding_add_PKCS1_type_1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),	"RSA_padding_add_PKCS1_type_2"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23),	"RSA_padding_add_SSLv23"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931),	"RSA_padding_add_X931"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE),	"RSA_padding_check_none"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),	"RSA_padding_check_PKCS1_OAEP"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),	"RSA_padding_check_PKCS1_type_1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),	"RSA_padding_check_PKCS1_type_2"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23),	"RSA_padding_check_SSLv23"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),	"RSA_padding_check_X931"},
-{ERR_FUNC(RSA_F_RSA_PRINT),	"RSA_print"},
-{ERR_FUNC(RSA_F_RSA_PRINT_FP),	"RSA_print_fp"},
-{ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT),	"RSA_private_decrypt"},
-{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT),	"RSA_private_encrypt"},
-{ERR_FUNC(RSA_F_RSA_PRIV_DECODE),	"RSA_PRIV_DECODE"},
-{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE),	"RSA_PRIV_ENCODE"},
-{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT),	"RSA_public_decrypt"},
-{ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT),	"RSA_public_encrypt"},
-{ERR_FUNC(RSA_F_RSA_PUB_DECODE),	"RSA_PUB_DECODE"},
-{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),	"RSA_setup_blinding"},
-{ERR_FUNC(RSA_F_RSA_SIGN),	"RSA_sign"},
-{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),	"RSA_sign_ASN1_OCTET_STRING"},
-{ERR_FUNC(RSA_F_RSA_VERIFY),	"RSA_verify"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),	"RSA_verify_ASN1_OCTET_STRING"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS),	"RSA_verify_PKCS1_PSS"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1),	"RSA_verify_PKCS1_PSS_mgf1"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA RSA_str_reasons[]=
-	{
-{ERR_REASON(RSA_R_ALGORITHM_MISMATCH)    ,"algorithm mismatch"},
-{ERR_REASON(RSA_R_BAD_E_VALUE)           ,"bad e value"},
-{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"},
-{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT)    ,"bad pad byte count"},
-{ERR_REASON(RSA_R_BAD_SIGNATURE)         ,"bad signature"},
-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01)  ,"block type is not 01"},
-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02)  ,"block type is not 02"},
-{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE)        ,"data too large"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"},
-{ERR_REASON(RSA_R_DATA_TOO_SMALL)        ,"data too small"},
-{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"},
-{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"},
-{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
-{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
-{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
-{ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   ,"first octet invalid"},
-{ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),"illegal or unsupported padding mode"},
-{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) ,"invalid digest length"},
-{ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},
-{ERR_REASON(RSA_R_INVALID_KEYBITS)       ,"invalid keybits"},
-{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
-{ERR_REASON(RSA_R_INVALID_MGF1_MD)       ,"invalid mgf1 md"},
-{ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},
-{ERR_REASON(RSA_R_INVALID_PADDING_MODE)  ,"invalid padding mode"},
-{ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS),"invalid pss parameters"},
-{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN)   ,"invalid pss saltlen"},
-{ERR_REASON(RSA_R_INVALID_SALT_LENGTH)   ,"invalid salt length"},
-{ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},
-{ERR_REASON(RSA_R_INVALID_X931_DIGEST)   ,"invalid x931 digest"},
-{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
-{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
-{ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},
-{ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD)   ,"non fips rsa method"},
-{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    ,"no public exponent"},
-{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
-{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
-{ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
-{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
-{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
-{ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
-{ERR_REASON(RSA_R_PKCS_DECODING_ERROR)   ,"pkcs decoding error"},
-{ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
-{ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
-{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
-{ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     ,"salt length check failed"},
-{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  ,"salt length recovery failed"},
-{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
-{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
-{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
-{ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST)   ,"unknown mask digest"},
-{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
-{ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST)    ,"unknown pss digest"},
-{ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM),"unsupported mask algorithm"},
-{ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER),"unsupported mask parameter"},
-{ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE),"unsupported signature type"},
-{ERR_REASON(RSA_R_VALUE_MISSING)         ,"value missing"},
-{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_RSA_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(RSA_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,RSA_str_functs);
-		ERR_load_strings(0,RSA_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
deleted file mode 100644
index 42290cce66..0000000000
--- a/crypto/rsa/rsa_gen.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/* crypto/rsa/rsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-
-/* NB: these functions have been "upgraded", the deprecated versions (which are
- * compatibility wrappers using these functions) are in rsa_depr.c.
- * - Geoff
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
-
-/* NB: this wrapper would normally be placed in rsa_lib.c and the static
- * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so
- * that we don't introduce a new linker dependency. Eg. any application that
- * wasn't previously linking object code related to key-generation won't have to
- * now just because key-generation is part of RSA_METHOD. */
-int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-		{
-		RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
-		return 0;
-		}
-#endif
-	if(rsa->meth->rsa_keygen)
-		return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
-#endif
-	return rsa_builtin_keygen(rsa, bits, e_value, cb);
-	}
-
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
-	{
-	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
-	BIGNUM local_r0,local_d,local_p;
-	BIGNUM *pr0,*d,*p;
-	int bitsp,bitsq,ok= -1,n=0;
-	BN_CTX *ctx=NULL;
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-	BN_CTX_start(ctx);
-	r0 = BN_CTX_get(ctx);
-	r1 = BN_CTX_get(ctx);
-	r2 = BN_CTX_get(ctx);
-	r3 = BN_CTX_get(ctx);
-	if (r3 == NULL) goto err;
-
-	bitsp=(bits+1)/2;
-	bitsq=bits-bitsp;
-
-	/* We need the RSA components non-NULL */
-	if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
-	if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
-	if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
-	if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
-	if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
-	if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
-	if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
-	if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
-
-	BN_copy(rsa->e, e_value);
-
-	/* generate p and q */
-	for (;;)
-		{
-		if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
-			goto err;
-		if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
-		if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
-		if (BN_is_one(r1)) break;
-		if(!BN_GENCB_call(cb, 2, n++))
-			goto err;
-		}
-	if(!BN_GENCB_call(cb, 3, 0))
-		goto err;
-	for (;;)
-		{
-		/* When generating ridiculously small keys, we can get stuck
-		 * continually regenerating the same prime values. Check for
-		 * this and bail if it happens 3 times. */
-		unsigned int degenerate = 0;
-		do
-			{
-			if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
-				goto err;
-			} while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
-		if(degenerate == 3)
-			{
-			ok = 0; /* we set our own err */
-			RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL);
-			goto err;
-			}
-		if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
-		if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
-		if (BN_is_one(r1))
-			break;
-		if(!BN_GENCB_call(cb, 2, n++))
-			goto err;
-		}
-	if(!BN_GENCB_call(cb, 3, 1))
-		goto err;
-	if (BN_cmp(rsa->p,rsa->q) < 0)
-		{
-		tmp=rsa->p;
-		rsa->p=rsa->q;
-		rsa->q=tmp;
-		}
-
-	/* calculate n */
-	if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
-
-	/* calculate d */
-	if (!BN_sub(r1,rsa->p,BN_value_one())) goto err;	/* p-1 */
-	if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;	/* q-1 */
-	if (!BN_mul(r0,r1,r2,ctx)) goto err;	/* (p-1)(q-1) */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		  pr0 = &local_r0;
-		  BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
-		}
-	else
-	  pr0 = r0;
-	if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err;	/* d */
-
-	/* set up d for correct BN_FLG_CONSTTIME flag */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		d = &local_d;
-		BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-		}
-	else
-		d = rsa->d;
-
-	/* calculate d mod (p-1) */
-	if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;
-
-	/* calculate d mod (q-1) */
-	if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;
-
-	/* calculate inverse of q mod p */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		p = &local_p;
-		BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-		}
-	else
-		p = rsa->p;
-	if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
-
-	ok=1;
-err:
-	if (ok == -1)
-		{
-		RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);
-		ok=0;
-		}
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-
-	return ok;
-	}
-
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
deleted file mode 100644
index c95ceafc82..0000000000
--- a/crypto/rsa/rsa_lib.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/* crypto/rsa/rsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
-
-static const RSA_METHOD *default_RSA_meth=NULL;
-
-RSA *RSA_new(void)
-	{
-	RSA *r=RSA_new_method(NULL);
-
-	return r;
-	}
-
-void RSA_set_default_method(const RSA_METHOD *meth)
-	{
-	default_RSA_meth = meth;
-	}
-
-const RSA_METHOD *RSA_get_default_method(void)
-	{
-	if (default_RSA_meth == NULL)
-		{
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return FIPS_rsa_pkcs1_ssleay();
-		else
-			return RSA_PKCS1_SSLeay();
-#else
-#ifdef RSA_NULL
-		default_RSA_meth=RSA_null_method();
-#else
-		default_RSA_meth=RSA_PKCS1_SSLeay();
-#endif
-#endif
-		}
-
-	return default_RSA_meth;
-	}
-
-const RSA_METHOD *RSA_get_method(const RSA *rsa)
-	{
-	return rsa->meth;
-	}
-
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
-	{
-	/* NB: The caller is specifically setting a method, so it's not up to us
-	 * to deal with which ENGINE it comes from. */
-	const RSA_METHOD *mtmp;
-	mtmp = rsa->meth;
-	if (mtmp->finish) mtmp->finish(rsa);
-#ifndef OPENSSL_NO_ENGINE
-	if (rsa->engine)
-		{
-		ENGINE_finish(rsa->engine);
-		rsa->engine = NULL;
-		}
-#endif
-	rsa->meth = meth;
-	if (meth->init) meth->init(rsa);
-	return 1;
-	}
-
-RSA *RSA_new_method(ENGINE *engine)
-	{
-	RSA *ret;
-
-	ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
-	if (ret == NULL)
-		{
-		RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	ret->meth = RSA_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
-	if (engine)
-		{
-		if (!ENGINE_init(engine))
-			{
-			RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		ret->engine = engine;
-		}
-	else
-		ret->engine = ENGINE_get_default_RSA();
-	if(ret->engine)
-		{
-		ret->meth = ENGINE_get_RSA(ret->engine);
-		if(!ret->meth)
-			{
-			RSAerr(RSA_F_RSA_NEW_METHOD,
-				ERR_R_ENGINE_LIB);
-			ENGINE_finish(ret->engine);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		}
-#endif
-
-	ret->pad=0;
-	ret->version=0;
-	ret->n=NULL;
-	ret->e=NULL;
-	ret->d=NULL;
-	ret->p=NULL;
-	ret->q=NULL;
-	ret->dmp1=NULL;
-	ret->dmq1=NULL;
-	ret->iqmp=NULL;
-	ret->references=1;
-	ret->_method_mod_n=NULL;
-	ret->_method_mod_p=NULL;
-	ret->_method_mod_q=NULL;
-	ret->blinding=NULL;
-	ret->mt_blinding=NULL;
-	ret->bignum_data=NULL;
-	ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
-	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
-		{
-#ifndef OPENSSL_NO_ENGINE
-	if (ret->engine)
-		ENGINE_finish(ret->engine);
-#endif
-		OPENSSL_free(ret);
-		return(NULL);
-		}
-
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-		{
-#ifndef OPENSSL_NO_ENGINE
-		if (ret->engine)
-			ENGINE_finish(ret->engine);
-#endif
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
-
-void RSA_free(RSA *r)
-	{
-	int i;
-
-	if (r == NULL) return;
-
-	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
-#ifdef REF_PRINT
-	REF_PRINT("RSA",r);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"RSA_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	if (r->meth->finish)
-		r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
-	if (r->engine)
-		ENGINE_finish(r->engine);
-#endif
-
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
-
-	if (r->n != NULL) BN_clear_free(r->n);
-	if (r->e != NULL) BN_clear_free(r->e);
-	if (r->d != NULL) BN_clear_free(r->d);
-	if (r->p != NULL) BN_clear_free(r->p);
-	if (r->q != NULL) BN_clear_free(r->q);
-	if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
-	if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
-	if (r->iqmp != NULL) BN_clear_free(r->iqmp);
-	if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
-	if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
-	if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
-	OPENSSL_free(r);
-	}
-
-int RSA_up_ref(RSA *r)
-	{
-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
-#ifdef REF_PRINT
-	REF_PRINT("RSA",r);
-#endif
-#ifdef REF_CHECK
-	if (i < 2)
-		{
-		fprintf(stderr, "RSA_up_ref, bad reference count\n");
-		abort();
-		}
-#endif
-	return ((i > 1) ? 1 : 0);
-	}
-
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
-				new_func, dup_func, free_func);
-        }
-
-int RSA_set_ex_data(RSA *r, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
-	}
-
-void *RSA_get_ex_data(const RSA *r, int idx)
-	{
-	return(CRYPTO_get_ex_data(&r->ex_data,idx));
-	}
-
-int RSA_memory_lock(RSA *r)
-	{
-	int i,j,k,off;
-	char *p;
-	BIGNUM *bn,**t[6],*b;
-	BN_ULONG *ul;
-
-	if (r->d == NULL) return(1);
-	t[0]= &r->d;
-	t[1]= &r->p;
-	t[2]= &r->q;
-	t[3]= &r->dmp1;
-	t[4]= &r->dmq1;
-	t[5]= &r->iqmp;
-	k=sizeof(BIGNUM)*6;
-	off=k/sizeof(BN_ULONG)+1;
-	j=1;
-	for (i=0; i<6; i++)
-		j+= (*t[i])->top;
-	if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
-		{
-		RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	bn=(BIGNUM *)p;
-	ul=(BN_ULONG *)&(p[off]);
-	for (i=0; i<6; i++)
-		{
-		b= *(t[i]);
-		*(t[i])= &(bn[i]);
-		memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
-		bn[i].flags=BN_FLG_STATIC_DATA;
-		bn[i].d=ul;
-		memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
-		ul+=b->top;
-		BN_clear_free(b);
-		}
-	
-	/* I should fix this so it can still be done */
-	r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
-
-	r->bignum_data=p;
-	return(1);
-	}
diff --git a/crypto/rsa/rsa_locl.h b/crypto/rsa/rsa_locl.h
deleted file mode 100644
index f5d2d56628..0000000000
--- a/crypto/rsa/rsa_locl.h
+++ /dev/null
@@ -1,4 +0,0 @@
-extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
-		unsigned char *rm, size_t *prm_len,
-		const unsigned char *sigbuf, size_t siglen,
-		RSA *rsa);
diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c
deleted file mode 100644
index e6f3e627ca..0000000000
--- a/crypto/rsa/rsa_none.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/* crypto/rsa/rsa_none.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-int RSA_padding_add_none(unsigned char *to, int tlen,
-	const unsigned char *from, int flen)
-	{
-	if (flen > tlen)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return(0);
-		}
-
-	if (flen < tlen)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
-		return(0);
-		}
-	
-	memcpy(to,from,(unsigned int)flen);
-	return(1);
-	}
-
-int RSA_padding_check_none(unsigned char *to, int tlen,
-	const unsigned char *from, int flen, int num)
-	{
-
-	if (flen > tlen)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE);
-		return(-1);
-		}
-
-	memset(to,0,tlen-flen);
-	memcpy(to+tlen-flen,from,flen);
-	return(tlen);
-	}
-
diff --git a/crypto/rsa/rsa_null.c b/crypto/rsa/rsa_null.c
deleted file mode 100644
index 2f2202f142..0000000000
--- a/crypto/rsa/rsa_null.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/* rsa_null.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-/* This is a dummy RSA implementation that just returns errors when called.
- * It is designed to allow some RSA functions to work while stopping those
- * covered by the RSA patent. That is RSA, encryption, decryption, signing
- * and verify is not allowed but RSA key generation, key checking and other
- * operations (like storing RSA keys) are permitted.
- */
-
-static int RSA_null_public_encrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-static int RSA_null_private_encrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-static int RSA_null_public_decrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-static int RSA_null_private_decrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-#if 0 /* not currently used */
-static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
-#endif
-static int RSA_null_init(RSA *rsa);
-static int RSA_null_finish(RSA *rsa);
-static RSA_METHOD rsa_null_meth={
-	"Null RSA",
-	RSA_null_public_encrypt,
-	RSA_null_public_decrypt,
-	RSA_null_private_encrypt,
-	RSA_null_private_decrypt,
-	NULL,
-	NULL,
-	RSA_null_init,
-	RSA_null_finish,
-	0,
-	NULL,
-	NULL,
-	NULL,
-	NULL
-	};
-
-const RSA_METHOD *RSA_null_method(void)
-	{
-	return(&rsa_null_meth);
-	}
-
-static int RSA_null_public_encrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-	return -1;
-	}
-
-static int RSA_null_private_encrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-	return -1;
-	}
-
-static int RSA_null_private_decrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-	return -1;
-	}
-
-static int RSA_null_public_decrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-	return -1;
-	}
-
-#if 0 /* not currently used */
-static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
-	{
-	...err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-	return -1;
-	}
-#endif
-
-static int RSA_null_init(RSA *rsa)
-	{
-	return(1);
-	}
-
-static int RSA_null_finish(RSA *rsa)
-	{
-	return(1);
-	}
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
deleted file mode 100644
index c363331992..0000000000
--- a/crypto/rsa/rsa_oaep.c
+++ /dev/null
@@ -1,261 +0,0 @@
-/* crypto/rsa/rsa_oaep.c */
-/* Written by Ulf Moeller. This software is distributed on an "AS IS"
-   basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
-
-/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
-
-/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
- * <URL: http://www.shoup.net/papers/oaep.ps.Z>
- * for problems with the security proof for the
- * original OAEP scheme, which EME-OAEP is based on.
- * 
- * A new proof can be found in E. Fujisaki, T. Okamoto,
- * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
- * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
- * The new proof has stronger requirements for the
- * underlying permutation: "partial-one-wayness" instead
- * of one-wayness.  For the RSA function, this is
- * an equivalent notion.
- */
-
-#include "constant_time_locl.h"
-
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-static int MGF1(unsigned char *mask, long len,
-	const unsigned char *seed, long seedlen);
-
-int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
-	const unsigned char *from, int flen,
-	const unsigned char *param, int plen)
-	{
-	int i, emlen = tlen - 1;
-	unsigned char *db, *seed;
-	unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
-
-	if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
-		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return 0;
-		}
-
-	if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
-		return 0;
-		}
-
-	to[0] = 0;
-	seed = to + 1;
-	db = to + SHA_DIGEST_LENGTH + 1;
-
-	if (!EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL))
-		return 0;
-	memset(db + SHA_DIGEST_LENGTH, 0,
-		emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
-	db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
-	memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
-	if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
-		return 0;
-#ifdef PKCS_TESTVECT
-	memcpy(seed,
-	   "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
-	   20);
-#endif
-
-	dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
-	if (dbmask == NULL)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH) < 0)
-		return 0;
-	for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
-		db[i] ^= dbmask[i];
-
-	if (MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH) < 0)
-		return 0;
-	for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-		seed[i] ^= seedmask[i];
-
-	OPENSSL_free(dbmask);
-	return 1;
-	}
-
-int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
-	const unsigned char *from, int flen, int num,
-	const unsigned char *param, int plen)
-	{
-	int i, dblen, mlen = -1, one_index = 0, msg_index;
-	unsigned int good, found_one_byte;
-	const unsigned char *maskedseed, *maskeddb;
-	/* |em| is the encoded message, zero-padded to exactly |num| bytes:
-	 * em = Y || maskedSeed || maskedDB */
-	unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE],
-		phash[EVP_MAX_MD_SIZE];
-
-        if (tlen <= 0 || flen <= 0)
-		return -1;
-
-	/*
-	 * |num| is the length of the modulus; |flen| is the length of the
-	 * encoded message. Therefore, for any |from| that was obtained by
-	 * decrypting a ciphertext, we must have |flen| <= |num|. Similarly,
-	 * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus
-	 * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2.
-	 * This does not leak any side-channel information.
-	 */
-	if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2)
-		goto decoding_err;
-
-	dblen = num - SHA_DIGEST_LENGTH - 1;
-	db = OPENSSL_malloc(dblen);
-	em = OPENSSL_malloc(num);
-	if (db == NULL || em == NULL)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
-		goto cleanup;
-		}
-
-	/*
-	 * Always do this zero-padding copy (even when num == flen) to avoid
-	 * leaking that information. The copy still leaks some side-channel
-	 * information, but it's impossible to have a fixed  memory access
-	 * pattern since we can't read out of the bounds of |from|.
-	 *
-	 * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
-	 */
-	memset(em, 0, num);
-	memcpy(em + num - flen, from, flen);
-
-	/*
-	 * The first byte must be zero, however we must not leak if this is
-	 * true. See James H. Manger, "A Chosen Ciphertext  Attack on RSA
-	 * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
-	 */
-	good = constant_time_is_zero(em[0]);
-
-	maskedseed = em + 1;
-	maskeddb = em + 1 + SHA_DIGEST_LENGTH;
-
-	if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen))
-		goto cleanup;
-	for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-		seed[i] ^= maskedseed[i];
-
-	if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH))
-		goto cleanup;
-	for (i = 0; i < dblen; i++)
-		db[i] ^= maskeddb[i];
-
-	if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
-		goto cleanup;
-
-	good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH));
-
-	found_one_byte = 0;
-	for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
-		{
-		/* Padding consists of a number of 0-bytes, followed by a 1. */
-		unsigned int equals1 = constant_time_eq(db[i], 1);
-		unsigned int equals0 = constant_time_is_zero(db[i]);
-		one_index = constant_time_select_int(~found_one_byte & equals1,
-			i, one_index);
-		found_one_byte |= equals1;
-		good &= (found_one_byte | equals0);
-		}
-
-	good &= found_one_byte;
-
-	/*
-	 * At this point |good| is zero unless the plaintext was valid,
-	 * so plaintext-awareness ensures timing side-channels are no longer a
-	 * concern.
-	 */
-	if (!good)
-		goto decoding_err;
-
-	msg_index = one_index + 1;
-	mlen = dblen - msg_index;
-
-	if (tlen < mlen)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
-		mlen = -1;
-		}
-	else
-		{
-		memcpy(to, db + msg_index, mlen);
-		goto cleanup;
-		}
-
-decoding_err:
-	/* To avoid chosen ciphertext attacks, the error message should not reveal
-	 * which kind of decoding error happened. */
-	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
-cleanup:
-	if (db != NULL) OPENSSL_free(db);
-	if (em != NULL) OPENSSL_free(em);
-	return mlen;
-	}
-
-int PKCS1_MGF1(unsigned char *mask, long len,
-	const unsigned char *seed, long seedlen, const EVP_MD *dgst)
-	{
-	long i, outlen = 0;
-	unsigned char cnt[4];
-	EVP_MD_CTX c;
-	unsigned char md[EVP_MAX_MD_SIZE];
-	int mdlen;
-	int rv = -1;
-
-	EVP_MD_CTX_init(&c);
-	mdlen = EVP_MD_size(dgst);
-	if (mdlen < 0)
-		goto err;
-	for (i = 0; outlen < len; i++)
-		{
-		cnt[0] = (unsigned char)((i >> 24) & 255);
-		cnt[1] = (unsigned char)((i >> 16) & 255);
-		cnt[2] = (unsigned char)((i >> 8)) & 255;
-		cnt[3] = (unsigned char)(i & 255);
-		if (!EVP_DigestInit_ex(&c,dgst, NULL)
-			|| !EVP_DigestUpdate(&c, seed, seedlen)
-			|| !EVP_DigestUpdate(&c, cnt, 4))
-			goto err;
-		if (outlen + mdlen <= len)
-			{
-			if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL))
-				goto err;
-			outlen += mdlen;
-			}
-		else
-			{
-			if (!EVP_DigestFinal_ex(&c, md, NULL))
-				goto err;
-			memcpy(mask + outlen, md, len - outlen);
-			outlen = len;
-			}
-		}
-	rv = 0;
-	err:
-	EVP_MD_CTX_cleanup(&c);
-	return rv;
-	}
-
-static int MGF1(unsigned char *mask, long len, const unsigned char *seed,
-		 long seedlen)
-	{
-	return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
-	}
-#endif
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
deleted file mode 100644
index c2da56f6ca..0000000000
--- a/crypto/rsa/rsa_pk1.c
+++ /dev/null
@@ -1,269 +0,0 @@
-/* crypto/rsa/rsa_pk1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "constant_time_locl.h"
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
-	     const unsigned char *from, int flen)
-	{
-	int j;
-	unsigned char *p;
-
-	if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return(0);
-		}
-	
-	p=(unsigned char *)to;
-
-	*(p++)=0;
-	*(p++)=1; /* Private Key BT (Block Type) */
-
-	/* pad out with 0xff data */
-	j=tlen-3-flen;
-	memset(p,0xff,j);
-	p+=j;
-	*(p++)='\0';
-	memcpy(p,from,(unsigned int)flen);
-	return(1);
-	}
-
-int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
-	     const unsigned char *from, int flen, int num)
-	{
-	int i,j;
-	const unsigned char *p;
-
-	p=from;
-	if ((num != (flen+1)) || (*(p++) != 01))
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
-		return(-1);
-		}
-
-	/* scan over padding data */
-	j=flen-1; /* one for type. */
-	for (i=0; i<j; i++)
-		{
-		if (*p != 0xff) /* should decrypt to 0xff */
-			{
-			if (*p == 0)
-				{ p++; break; }
-			else	{
-				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_FIXED_HEADER_DECRYPT);
-				return(-1);
-				}
-			}
-		p++;
-		}
-
-	if (i == j)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_NULL_BEFORE_BLOCK_MISSING);
-		return(-1);
-		}
-
-	if (i < 8)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_PAD_BYTE_COUNT);
-		return(-1);
-		}
-	i++; /* Skip over the '\0' */
-	j-=i;
-	if (j > tlen)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);
-		return(-1);
-		}
-	memcpy(to,p,(unsigned int)j);
-
-	return(j);
-	}
-
-int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
-	     const unsigned char *from, int flen)
-	{
-	int i,j;
-	unsigned char *p;
-	
-	if (flen > (tlen-11))
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return(0);
-		}
-	
-	p=(unsigned char *)to;
-
-	*(p++)=0;
-	*(p++)=2; /* Public Key BT (Block Type) */
-
-	/* pad out with non-zero random data */
-	j=tlen-3-flen;
-
-	if (RAND_bytes(p,j) <= 0)
-		return(0);
-	for (i=0; i<j; i++)
-		{
-		if (*p == '\0')
-			do	{
-				if (RAND_bytes(p,1) <= 0)
-					return(0);
-				} while (*p == '\0');
-		p++;
-		}
-
-	*(p++)='\0';
-
-	memcpy(p,from,(unsigned int)flen);
-	return(1);
-	}
-
-int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
-	     const unsigned char *from, int flen, int num)
-	{
-	int i;
-	/* |em| is the encoded message, zero-padded to exactly |num| bytes */
-	unsigned char *em = NULL;
-	unsigned int good, found_zero_byte;
-	int zero_index = 0, msg_index, mlen = -1;
-
-        if (tlen < 0 || flen < 0)
-		return -1;
-
-	/* PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography
-	 * Standard", section 7.2.2. */
-
-	if (flen > num)
-		goto err;
-
-	if (num < 11)
-		goto err;
-
-	em = OPENSSL_malloc(num);
-	if (em == NULL)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
-		return -1;
-		}
-	memset(em, 0, num);
-	/*
-	 * Always do this zero-padding copy (even when num == flen) to avoid
-	 * leaking that information. The copy still leaks some side-channel
-	 * information, but it's impossible to have a fixed  memory access
-	 * pattern since we can't read out of the bounds of |from|.
-	 *
-	 * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
-	 */
-	memcpy(em + num - flen, from, flen);
-
-	good = constant_time_is_zero(em[0]);
-	good &= constant_time_eq(em[1], 2);
-
-	found_zero_byte = 0;
-	for (i = 2; i < num; i++)
-		{
-		unsigned int equals0 = constant_time_is_zero(em[i]);
-		zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index);
-		found_zero_byte |= equals0;
-		}
-
-	/*
-	 * PS must be at least 8 bytes long, and it starts two bytes into |em|.
-         * If we never found a 0-byte, then |zero_index| is 0 and the check
-	 * also fails.
-	 */
-	good &= constant_time_ge((unsigned int)(zero_index), 2 + 8);
-
-	/* Skip the zero byte. This is incorrect if we never found a zero-byte
-	 * but in this case we also do not copy the message out. */
-	msg_index = zero_index + 1;
-	mlen = num - msg_index;
-
-	/* For good measure, do this check in constant time as well; it could
-	 * leak something if |tlen| was assuming valid padding. */
-	good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen));
-
-	/*
-	 * We can't continue in constant-time because we need to copy the result
-	 * and we cannot fake its length. This unavoidably leaks timing
-	 * information at the API boundary.
-	 * TODO(emilia): this could be addressed at the call site,
-	 * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26.
-	 */
-	if (!good)
-		{
-		mlen = -1;
-		goto err;
-		}
-
-	memcpy(to, em + msg_index, mlen);
-
-err:
-	if (em != NULL)
-		OPENSSL_free(em);
-	if (mlen == -1)
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR);
-	return mlen;
-	}
diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
deleted file mode 100644
index 157aa5c41d..0000000000
--- a/crypto/rsa/rsa_pmeth.c
+++ /dev/null
@@ -1,725 +0,0 @@
-/* crypto/rsa/rsa_pmeth.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/rsa.h>
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_CMS
-#include <openssl/cms.h>
-#endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-#include "evp_locl.h"
-#include "rsa_locl.h"
-
-/* RSA pkey context structure */
-
-typedef struct
-	{
-	/* Key gen parameters */
-	int nbits;
-	BIGNUM *pub_exp;
-	/* Keygen callback info */
-	int gentmp[2];
-	/* RSA padding mode */
-	int pad_mode;
-	/* message digest */
-	const EVP_MD *md;
-	/* message digest for MGF1 */
-	const EVP_MD *mgf1md;
-	/* PSS/OAEP salt length */
-	int saltlen;
-	/* Temp buffer */
-	unsigned char *tbuf;
-	} RSA_PKEY_CTX;
-
-static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
-	{
-	RSA_PKEY_CTX *rctx;
-	rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
-	if (!rctx)
-		return 0;
-	rctx->nbits = 1024;
-	rctx->pub_exp = NULL;
-	rctx->pad_mode = RSA_PKCS1_PADDING;
-	rctx->md = NULL;
-	rctx->mgf1md = NULL;
-	rctx->tbuf = NULL;
-
-	rctx->saltlen = -2;
-
-	ctx->data = rctx;
-	ctx->keygen_info = rctx->gentmp;
-	ctx->keygen_info_count = 2;
-	
-	return 1;
-	}
-
-static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-	{
-	RSA_PKEY_CTX *dctx, *sctx;
-	if (!pkey_rsa_init(dst))
-		return 0;
-       	sctx = src->data;
-	dctx = dst->data;
-	dctx->nbits = sctx->nbits;
-	if (sctx->pub_exp)
-		{
-		dctx->pub_exp = BN_dup(sctx->pub_exp);
-		if (!dctx->pub_exp)
-			return 0;
-		}
-	dctx->pad_mode = sctx->pad_mode;
-	dctx->md = sctx->md;
-	return 1;
-	}
-
-static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
-	{
-	if (ctx->tbuf)
-		return 1;
-	ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
-	if (!ctx->tbuf)
-		return 0;
-	return 1;
-	}
-
-static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
-	{
-	RSA_PKEY_CTX *rctx = ctx->data;
-	if (rctx)
-		{
-		if (rctx->pub_exp)
-			BN_free(rctx->pub_exp);
-		if (rctx->tbuf)
-			OPENSSL_free(rctx->tbuf);
-		OPENSSL_free(rctx);
-		}
-	}
-#ifdef OPENSSL_FIPS
-/* FIP checker. Return value indicates status of context parameters:
- * 1  : redirect to FIPS.
- * 0  : don't redirect to FIPS.
- * -1 : illegal operation in FIPS mode.
- */
-
-static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
-	{
-	RSA_PKEY_CTX *rctx = ctx->data;
-	RSA *rsa = ctx->pkey->pkey.rsa;
-	int rv = -1;
-	if (!FIPS_mode())
-		return 0;
-	if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
-		rv = 0;
-	if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
-		return -1;
-	if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS))
-		return rv;
-	if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS))
-		return rv;
-	return 1;
-	}
-#endif
-
-static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-					const unsigned char *tbs, size_t tbslen)
-	{
-	int ret;
-	RSA_PKEY_CTX *rctx = ctx->data;
-	RSA *rsa = ctx->pkey->pkey.rsa;
-
-#ifdef OPENSSL_FIPS
-	ret = pkey_fips_check_ctx(ctx);
-	if (ret < 0)
-		{
-		RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-		return -1;
-		}
-#endif
-
-	if (rctx->md)
-		{
-		if (tbslen != (size_t)EVP_MD_size(rctx->md))
-			{
-			RSAerr(RSA_F_PKEY_RSA_SIGN,
-					RSA_R_INVALID_DIGEST_LENGTH);
-			return -1;
-			}
-#ifdef OPENSSL_FIPS
-		if (ret > 0)
-			{
-			unsigned int slen;
-			ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
-							rctx->pad_mode,
-							rctx->saltlen,
-							rctx->mgf1md,
-							sig, &slen);
-			if (ret > 0)
-				*siglen = slen;
-			else
-				*siglen = 0;
-			return ret;
-			}
-#endif
-
-		if (EVP_MD_type(rctx->md) == NID_mdc2)
-			{
-			unsigned int sltmp;
-			if (rctx->pad_mode != RSA_PKCS1_PADDING)
-				return -1;
-			ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
-						tbs, tbslen, sig, &sltmp, rsa);
-
-			if (ret <= 0)
-				return ret;
-			ret = sltmp;
-			}
-		else if (rctx->pad_mode == RSA_X931_PADDING)
-			{
-			if (!setup_tbuf(rctx, ctx))
-				return -1;
-			memcpy(rctx->tbuf, tbs, tbslen);
-			rctx->tbuf[tbslen] =
-				RSA_X931_hash_id(EVP_MD_type(rctx->md));
-			ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
-						sig, rsa, RSA_X931_PADDING);
-			}
-		else if (rctx->pad_mode == RSA_PKCS1_PADDING)
-			{
-			unsigned int sltmp;
-			ret = RSA_sign(EVP_MD_type(rctx->md),
-						tbs, tbslen, sig, &sltmp, rsa);
-			if (ret <= 0)
-				return ret;
-			ret = sltmp;
-			}
-		else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
-			{
-			if (!setup_tbuf(rctx, ctx))
-				return -1;
-			if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
-						rctx->tbuf, tbs,
-						rctx->md, rctx->mgf1md,
-						rctx->saltlen))
-				return -1;
-			ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
-						sig, rsa, RSA_NO_PADDING);
-			}
-		else
-			return -1;
-		}
-	else
-		ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
-							rctx->pad_mode);
-	if (ret < 0)
-		return ret;
-	*siglen = ret;
-	return 1;
-	}
-
-
-static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
-					unsigned char *rout, size_t *routlen,
-					const unsigned char *sig, size_t siglen)
-	{
-	int ret;
-	RSA_PKEY_CTX *rctx = ctx->data;
-
-	if (rctx->md)
-		{
-		if (rctx->pad_mode == RSA_X931_PADDING)
-			{
-			if (!setup_tbuf(rctx, ctx))
-				return -1;
-			ret = RSA_public_decrypt(siglen, sig,
-						rctx->tbuf, ctx->pkey->pkey.rsa,
-						RSA_X931_PADDING);
-			if (ret < 1)
-				return 0;
-			ret--;
-			if (rctx->tbuf[ret] !=
-				RSA_X931_hash_id(EVP_MD_type(rctx->md)))
-				{
-				RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
-						RSA_R_ALGORITHM_MISMATCH);
-				return 0;
-				}
-			if (ret != EVP_MD_size(rctx->md))
-				{
-				RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
-					RSA_R_INVALID_DIGEST_LENGTH);
-				return 0;
-				}
-			if (rout)
-				memcpy(rout, rctx->tbuf, ret);
-			}
-		else if (rctx->pad_mode == RSA_PKCS1_PADDING)
-			{
-			size_t sltmp;
-			ret = int_rsa_verify(EVP_MD_type(rctx->md),
-						NULL, 0, rout, &sltmp,
-					sig, siglen, ctx->pkey->pkey.rsa);
-			if (ret <= 0)
-				return 0;
-			ret = sltmp;
-			}
-		else
-			return -1;
-		}
-	else
-		ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
-							rctx->pad_mode);
-	if (ret < 0)
-		return ret;
-	*routlen = ret;
-	return 1;
-	}
-
-static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
-					const unsigned char *sig, size_t siglen,
-					const unsigned char *tbs, size_t tbslen)
-	{
-	RSA_PKEY_CTX *rctx = ctx->data;
-	RSA *rsa = ctx->pkey->pkey.rsa;
-	size_t rslen;
-#ifdef OPENSSL_FIPS
-	int rv;
-	rv = pkey_fips_check_ctx(ctx);
-	if (rv < 0)
-		{
-		RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-		return -1;
-		}
-#endif
-	if (rctx->md)
-		{
-#ifdef OPENSSL_FIPS
-		if (rv > 0)
-			{
-			return FIPS_rsa_verify_digest(rsa,
-							tbs, tbslen,
-							rctx->md,
-							rctx->pad_mode,
-							rctx->saltlen,
-							rctx->mgf1md,
-							sig, siglen);
-							
-			}
-#endif
-		if (rctx->pad_mode == RSA_PKCS1_PADDING)
-			return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
-					sig, siglen, rsa);
-		if (rctx->pad_mode == RSA_X931_PADDING)
-			{
-			if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
-					sig, siglen) <= 0)
-				return 0;
-			}
-		else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
-			{
-			int ret;
-			if (!setup_tbuf(rctx, ctx))
-				return -1;
-			ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
-							rsa, RSA_NO_PADDING);
-			if (ret <= 0)
-				return 0;
-			ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
-						rctx->md, rctx->mgf1md,
-						rctx->tbuf, rctx->saltlen);
-			if (ret <= 0)
-				return 0;
-			return 1;
-			}
-		else
-			return -1;
-		}
-	else
-		{
-		if (!setup_tbuf(rctx, ctx))
-			return -1;
-		rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
-						rsa, rctx->pad_mode);
-		if (rslen == 0)
-			return 0;
-		}
-
-	if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
-		return 0;
-
-	return 1;
-			
-	}
-	
-
-static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
-					unsigned char *out, size_t *outlen,
-					const unsigned char *in, size_t inlen)
-	{
-	int ret;
-	RSA_PKEY_CTX *rctx = ctx->data;
-	ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
-							rctx->pad_mode);
-	if (ret < 0)
-		return ret;
-	*outlen = ret;
-	return 1;
-	}
-
-static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
-					unsigned char *out, size_t *outlen,
-					const unsigned char *in, size_t inlen)
-	{
-	int ret;
-	RSA_PKEY_CTX *rctx = ctx->data;
-	ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
-							rctx->pad_mode);
-	if (ret < 0)
-		return ret;
-	*outlen = ret;
-	return 1;
-	}
-
-static int check_padding_md(const EVP_MD *md, int padding)
-	{
-	if (!md)
-		return 1;
-
-	if (padding == RSA_NO_PADDING)
-		{
-		RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
-		return 0;
-		}
-
-	if (padding == RSA_X931_PADDING)
-		{
-		if (RSA_X931_hash_id(EVP_MD_type(md)) == -1)
-			{
-			RSAerr(RSA_F_CHECK_PADDING_MD,
-						RSA_R_INVALID_X931_DIGEST);
-			return 0;
-			}
-		return 1;
-		}
-
-	return 1;
-	}
-			
-
-static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-	{
-	RSA_PKEY_CTX *rctx = ctx->data;
-	switch (type)
-		{
-		case EVP_PKEY_CTRL_RSA_PADDING:
-		if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING))
-			{
-			if (!check_padding_md(rctx->md, p1))
-				return 0;
-			if (p1 == RSA_PKCS1_PSS_PADDING) 
-				{
-				if (!(ctx->operation &
-				     (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
-					goto bad_pad;
-				if (!rctx->md)
-					rctx->md = EVP_sha1();
-				}
-			if (p1 == RSA_PKCS1_OAEP_PADDING) 
-				{
-				if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
-					goto bad_pad;
-				if (!rctx->md)
-					rctx->md = EVP_sha1();
-				}
-			rctx->pad_mode = p1;
-			return 1;
-			}
-		bad_pad:
-		RSAerr(RSA_F_PKEY_RSA_CTRL,
-				RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
-		return -2;
-
-		case EVP_PKEY_CTRL_GET_RSA_PADDING:
-		*(int *)p2 = rctx->pad_mode;
-		return 1;
-
-		case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
-		case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
-		if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
-			{
-			RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
-			return -2;
-			}
-		if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
-			*(int *)p2 = rctx->saltlen;
-		else
-			{
-			if (p1 < -2)
-				return -2;
-			rctx->saltlen = p1;
-			}
-		return 1;
-
-		case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
-		if (p1 < 256)
-			{
-			RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
-			return -2;
-			}
-		rctx->nbits = p1;
-		return 1;
-
-		case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
-		if (!p2)
-			return -2;
-		rctx->pub_exp = p2;
-		return 1;
-
-		case EVP_PKEY_CTRL_MD:
-		if (!check_padding_md(p2, rctx->pad_mode))
-			return 0;
-		rctx->md = p2;
-		return 1;
-
-		case EVP_PKEY_CTRL_RSA_MGF1_MD:
-		case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
-		if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
-			{
-			RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
-			return -2;
-			}
-		if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD)
-			{
-			if (rctx->mgf1md)
-				*(const EVP_MD **)p2 = rctx->mgf1md;
-			else
-				*(const EVP_MD **)p2 = rctx->md;
-			}
-		else
-			rctx->mgf1md = p2;
-		return 1;
-
-		case EVP_PKEY_CTRL_DIGESTINIT:
-		case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
-		case EVP_PKEY_CTRL_PKCS7_DECRYPT:
-		case EVP_PKEY_CTRL_PKCS7_SIGN:
-		return 1;
-#ifndef OPENSSL_NO_CMS
-		case EVP_PKEY_CTRL_CMS_DECRYPT:
-		{
-		X509_ALGOR *alg = NULL;
-		ASN1_OBJECT *encalg = NULL;
-		if (p2)
-			CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg);
-		if (alg)
-			X509_ALGOR_get0(&encalg, NULL, NULL, alg);
-		if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
-			rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
-		}
-		case EVP_PKEY_CTRL_CMS_ENCRYPT:
-		case EVP_PKEY_CTRL_CMS_SIGN:
-		return 1;
-#endif
-		case EVP_PKEY_CTRL_PEER_KEY:
-			RSAerr(RSA_F_PKEY_RSA_CTRL,
-			RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-			return -2;	
-
-		default:
-		return -2;
-
-		}
-	}
-			
-static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
-			const char *type, const char *value)
-	{
-	if (!value)
-		{
-		RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
-		return 0;
-		}
-	if (!strcmp(type, "rsa_padding_mode"))
-		{
-		int pm;
-		if (!strcmp(value, "pkcs1"))
-			pm = RSA_PKCS1_PADDING;
-		else if (!strcmp(value, "sslv23"))
-			pm = RSA_SSLV23_PADDING;
-		else if (!strcmp(value, "none"))
-			pm = RSA_NO_PADDING;
-		else if (!strcmp(value, "oeap"))
-			pm = RSA_PKCS1_OAEP_PADDING;
-		else if (!strcmp(value, "oaep"))
-			pm = RSA_PKCS1_OAEP_PADDING;
-		else if (!strcmp(value, "x931"))
-			pm = RSA_X931_PADDING;
-		else if (!strcmp(value, "pss"))
-			pm = RSA_PKCS1_PSS_PADDING;
-		else
-			{
-			RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
-						RSA_R_UNKNOWN_PADDING_TYPE);
-			return -2;
-			}
-		return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
-		}
-
-	if (!strcmp(type, "rsa_pss_saltlen"))
-		{
-		int saltlen;
-		saltlen = atoi(value);
-		return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
-		}
-
-	if (!strcmp(type, "rsa_keygen_bits"))
-		{
-		int nbits;
-		nbits = atoi(value);
-		return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
-		}
-
-	if (!strcmp(type, "rsa_keygen_pubexp"))
-		{
-		int ret;
-		BIGNUM *pubexp = NULL;
-		if (!BN_asc2bn(&pubexp, value))
-			return 0;
-		ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
-		if (ret <= 0)
-			BN_free(pubexp);
-		return ret;
-		}
-
-	return -2;
-	}
-
-static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-	{
-	RSA *rsa = NULL;
-	RSA_PKEY_CTX *rctx = ctx->data;
-	BN_GENCB *pcb, cb;
-	int ret;
-	if (!rctx->pub_exp)
-		{
-		rctx->pub_exp = BN_new();
-		if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
-			return 0;
-		}
-	rsa = RSA_new();
-	if (!rsa)
-		return 0;
-	if (ctx->pkey_gencb)
-		{
-		pcb = &cb;
-		evp_pkey_set_cb_translate(pcb, ctx);
-		}
-	else
-		pcb = NULL;
-	ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
-	if (ret > 0)
-		EVP_PKEY_assign_RSA(pkey, rsa);
-	else
-		RSA_free(rsa);
-	return ret;
-	}
-
-const EVP_PKEY_METHOD rsa_pkey_meth = 
-	{
-	EVP_PKEY_RSA,
-	EVP_PKEY_FLAG_AUTOARGLEN,
-	pkey_rsa_init,
-	pkey_rsa_copy,
-	pkey_rsa_cleanup,
-
-	0,0,
-
-	0,
-	pkey_rsa_keygen,
-
-	0,
-	pkey_rsa_sign,
-
-	0,
-	pkey_rsa_verify,
-
-	0,
-	pkey_rsa_verifyrecover,
-
-
-	0,0,0,0,
-
-	0,
-	pkey_rsa_encrypt,
-
-	0,
-	pkey_rsa_decrypt,
-
-	0,0,
-
-	pkey_rsa_ctrl,
-	pkey_rsa_ctrl_str
-
-
-	};
diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c
deleted file mode 100644
index 224db0fae5..0000000000
--- a/crypto/rsa/rsa_prn.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/* crypto/rsa/rsa_prn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-
-#ifndef OPENSSL_NO_FP_API
-int RSA_print_fp(FILE *fp, const RSA *x, int off)
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
-		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=RSA_print(b,x,off);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
-
-int RSA_print(BIO *bp, const RSA *x, int off)
-	{
-	EVP_PKEY *pk;
-	int ret;
-	pk = EVP_PKEY_new();
-	if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
-		return 0;
-	ret = EVP_PKEY_print_private(bp, pk, off, NULL);
-	EVP_PKEY_free(pk);
-	return ret;
-	}
-
diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
deleted file mode 100644
index 5f9f533d0c..0000000000
--- a/crypto/rsa/rsa_pss.c
+++ /dev/null
@@ -1,300 +0,0 @@
-/* rsa_pss.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
-
-#if defined(_MSC_VER) && defined(_ARM_)
-#pragma optimize("g", off)
-#endif
-
-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
-			const EVP_MD *Hash, const unsigned char *EM, int sLen)
-	{
-	return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen);
-	}
-
-int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
-			const EVP_MD *Hash, const EVP_MD *mgf1Hash,
-			const unsigned char *EM, int sLen)
-	{
-	int i;
-	int ret = 0;
-	int hLen, maskedDBLen, MSBits, emLen;
-	const unsigned char *H;
-	unsigned char *DB = NULL;
-	EVP_MD_CTX ctx;
-	unsigned char H_[EVP_MAX_MD_SIZE];
-	EVP_MD_CTX_init(&ctx);
-
-	if (mgf1Hash == NULL)
-		mgf1Hash = Hash;
-
-	hLen = EVP_MD_size(Hash);
-	if (hLen < 0)
-		goto err;
-	/*
-	 * Negative sLen has special meanings:
-	 *	-1	sLen == hLen
-	 *	-2	salt length is autorecovered from signature
-	 *	-N	reserved
-	 */
-	if      (sLen == -1)	sLen = hLen;
-	else if (sLen == -2)	sLen = -2;
-	else if (sLen < -2)
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
-		goto err;
-		}
-
-	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
-	emLen = RSA_size(rsa);
-	if (EM[0] & (0xFF << MSBits))
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_FIRST_OCTET_INVALID);
-		goto err;
-		}
-	if (MSBits == 0)
-		{
-		EM++;
-		emLen--;
-		}
-	if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
-		goto err;
-		}
-	if (EM[emLen - 1] != 0xbc)
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_LAST_OCTET_INVALID);
-		goto err;
-		}
-	maskedDBLen = emLen - hLen - 1;
-	H = EM + maskedDBLen;
-	DB = OPENSSL_malloc(maskedDBLen);
-	if (!DB)
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
-		goto err;
-	for (i = 0; i < maskedDBLen; i++)
-		DB[i] ^= EM[i];
-	if (MSBits)
-		DB[0] &= 0xFF >> (8 - MSBits);
-	for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ;
-	if (DB[i++] != 0x1)
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_RECOVERY_FAILED);
-		goto err;
-		}
-	if (sLen >= 0 && (maskedDBLen - i) != sLen)
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
-		goto err;
-		}
-	if (!EVP_DigestInit_ex(&ctx, Hash, NULL)
-		|| !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes)
-		|| !EVP_DigestUpdate(&ctx, mHash, hLen))
-		goto err;
-	if (maskedDBLen - i)
-		{
-		if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i))
-			goto err;
-		}
-	if (!EVP_DigestFinal_ex(&ctx, H_, NULL))
-		goto err;
-	if (memcmp(H_, H, hLen))
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
-		ret = 0;
-		}
-	else 
-		ret = 1;
-
-	err:
-	if (DB)
-		OPENSSL_free(DB);
-	EVP_MD_CTX_cleanup(&ctx);
-
-	return ret;
-
-	}
-
-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
-			const unsigned char *mHash,
-			const EVP_MD *Hash, int sLen)
-	{
-	return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen);
-	}
-
-int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
-			const unsigned char *mHash,
-			const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen)
-	{
-	int i;
-	int ret = 0;
-	int hLen, maskedDBLen, MSBits, emLen;
-	unsigned char *H, *salt = NULL, *p;
-	EVP_MD_CTX ctx;
-
-	if (mgf1Hash == NULL)
-		mgf1Hash = Hash;
-
-	hLen = EVP_MD_size(Hash);
-	if (hLen < 0)
-		goto err;
-	/*
-	 * Negative sLen has special meanings:
-	 *	-1	sLen == hLen
-	 *	-2	salt length is maximized
-	 *	-N	reserved
-	 */
-	if      (sLen == -1)	sLen = hLen;
-	else if (sLen == -2)	sLen = -2;
-	else if (sLen < -2)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
-		goto err;
-		}
-
-	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
-	emLen = RSA_size(rsa);
-	if (MSBits == 0)
-		{
-		*EM++ = 0;
-		emLen--;
-		}
-	if (sLen == -2)
-		{
-		sLen = emLen - hLen - 2;
-		}
-	else if (emLen < (hLen + sLen + 2))
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		goto err;
-		}
-	if (sLen > 0)
-		{
-		salt = OPENSSL_malloc(sLen);
-		if (!salt)
-			{
-			RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (RAND_bytes(salt, sLen) <= 0)
-			goto err;
-		}
-	maskedDBLen = emLen - hLen - 1;
-	H = EM + maskedDBLen;
-	EVP_MD_CTX_init(&ctx);
-	if (!EVP_DigestInit_ex(&ctx, Hash, NULL)
-		|| !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes)
-		|| !EVP_DigestUpdate(&ctx, mHash, hLen))
-		goto err;
-	if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen))
-		goto err;
-	if (!EVP_DigestFinal_ex(&ctx, H, NULL))
-		goto err;
-	EVP_MD_CTX_cleanup(&ctx);
-
-	/* Generate dbMask in place then perform XOR on it */
-	if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
-		goto err;
-
-	p = EM;
-
-	/* Initial PS XORs with all zeroes which is a NOP so just update
-	 * pointer. Note from a test above this value is guaranteed to
-	 * be non-negative.
-	 */
-	p += emLen - sLen - hLen - 2;
-	*p++ ^= 0x1;
-	if (sLen > 0)
-		{
-		for (i = 0; i < sLen; i++)
-			*p++ ^= salt[i];
-		}
-	if (MSBits)
-		EM[0] &= 0xFF >> (8 - MSBits);
-
-	/* H is already in place so just set final 0xbc */
-
-	EM[emLen - 1] = 0xbc;
-
-	ret = 1;
-
-	err:
-	if (salt)
-		OPENSSL_free(salt);
-
-	return ret;
-
-	}
-
-#if defined(_MSC_VER)
-#pragma optimize("",on)
-#endif
diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
deleted file mode 100644
index f98e0a80a6..0000000000
--- a/crypto/rsa/rsa_saos.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/* crypto/rsa/rsa_saos.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int RSA_sign_ASN1_OCTET_STRING(int type,
-	const unsigned char *m, unsigned int m_len,
-	unsigned char *sigret, unsigned int *siglen, RSA *rsa)
-	{
-	ASN1_OCTET_STRING sig;
-	int i,j,ret=1;
-	unsigned char *p,*s;
-
-	sig.type=V_ASN1_OCTET_STRING;
-	sig.length=m_len;
-	sig.data=(unsigned char *)m;
-
-	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
-	j=RSA_size(rsa);
-	if (i > (j-RSA_PKCS1_PADDING_SIZE))
-		{
-		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-		return(0);
-		}
-	s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
-	if (s == NULL)
-		{
-		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	p=s;
-	i2d_ASN1_OCTET_STRING(&sig,&p);
-	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
-	if (i <= 0)
-		ret=0;
-	else
-		*siglen=i;
-
-	OPENSSL_cleanse(s,(unsigned int)j+1);
-	OPENSSL_free(s);
-	return(ret);
-	}
-
-int RSA_verify_ASN1_OCTET_STRING(int dtype,
-	const unsigned char *m,
-	unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-	RSA *rsa)
-	{
-	int i,ret=0;
-	unsigned char *s;
-	const unsigned char *p;
-	ASN1_OCTET_STRING *sig=NULL;
-
-	if (siglen != (unsigned int)RSA_size(rsa))
-		{
-		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH);
-		return(0);
-		}
-
-	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
-	if (s == NULL)
-		{
-		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
-
-	if (i <= 0) goto err;
-
-	p=s;
-	sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i);
-	if (sig == NULL) goto err;
-
-	if (	((unsigned int)sig->length != m_len) ||
-		(memcmp(m,sig->data,m_len) != 0))
-		{
-		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE);
-		}
-	else
-		ret=1;
-err:
-	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
-	if (s != NULL)
-		{
-		OPENSSL_cleanse(s,(unsigned int)siglen);
-		OPENSSL_free(s);
-		}
-	return(ret);
-	}
-
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
deleted file mode 100644
index 225bcfe2dc..0000000000
--- a/crypto/rsa/rsa_sign.c
+++ /dev/null
@@ -1,337 +0,0 @@
-/* crypto/rsa/rsa_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include "rsa_locl.h"
-
-/* Size of an SSL signature: MD5+SHA1 */
-#define SSL_SIG_LENGTH	36
-
-int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)
-	{
-	X509_SIG sig;
-	ASN1_TYPE parameter;
-	int i,j,ret=1;
-	unsigned char *p, *tmps = NULL;
-	const unsigned char *s = NULL;
-	X509_ALGOR algor;
-	ASN1_OCTET_STRING digest;
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-		{
-		RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
-		return 0;
-		}
-#endif
-	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
-		{
-		return rsa->meth->rsa_sign(type, m, m_len,
-			sigret, siglen, rsa);
-		}
-	/* Special case: SSL signature, just check the length */
-	if(type == NID_md5_sha1) {
-		if(m_len != SSL_SIG_LENGTH) {
-			RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);
-			return(0);
-		}
-		i = SSL_SIG_LENGTH;
-		s = m;
-	} else {
-		sig.algor= &algor;
-		sig.algor->algorithm=OBJ_nid2obj(type);
-		if (sig.algor->algorithm == NULL)
-			{
-			RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
-			return(0);
-			}
-		if (sig.algor->algorithm->length == 0)
-			{
-			RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-			return(0);
-			}
-		parameter.type=V_ASN1_NULL;
-		parameter.value.ptr=NULL;
-		sig.algor->parameter= &parameter;
-
-		sig.digest= &digest;
-		sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */
-		sig.digest->length=m_len;
-
-		i=i2d_X509_SIG(&sig,NULL);
-	}
-	j=RSA_size(rsa);
-	if (i > (j-RSA_PKCS1_PADDING_SIZE))
-		{
-		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-		return(0);
-		}
-	if(type != NID_md5_sha1) {
-		tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
-		if (tmps == NULL)
-			{
-			RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		p=tmps;
-		i2d_X509_SIG(&sig,&p);
-		s=tmps;
-	}
-	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
-	if (i <= 0)
-		ret=0;
-	else
-		*siglen=i;
-
-	if(type != NID_md5_sha1) {
-		OPENSSL_cleanse(tmps,(unsigned int)j+1);
-		OPENSSL_free(tmps);
-	}
-	return(ret);
-	}
-
-/*
- * Check DigestInfo structure does not contain extraneous data by reencoding
- * using DER and checking encoding against original. 
- */
-static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, int dinfolen)
-	{
-	unsigned char *der = NULL;
-	int derlen;
-	int ret = 0;
-	derlen = i2d_X509_SIG(sig, &der);
-	if (derlen <= 0)
-		return 0;
-	if (derlen == dinfolen && !memcmp(dinfo, der, derlen))
-		ret = 1;
-	OPENSSL_cleanse(der, derlen);
-	OPENSSL_free(der);
-	return ret;
-	}
-
-int int_rsa_verify(int dtype, const unsigned char *m,
-			  unsigned int m_len,
-			  unsigned char *rm, size_t *prm_len,
-			  const unsigned char *sigbuf, size_t siglen,
-			  RSA *rsa)
-	{
-	int i,ret=0,sigtype;
-	unsigned char *s;
-	X509_SIG *sig=NULL;
-
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-		{
-		RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
-		return 0;
-		}
-#endif
-
-	if (siglen != (unsigned int)RSA_size(rsa))
-		{
-		RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
-		return(0);
-		}
-
-	if((dtype == NID_md5_sha1) && rm)
-		{
-		i = RSA_public_decrypt((int)siglen,
-					sigbuf,rm,rsa,RSA_PKCS1_PADDING);
-		if (i <= 0)
-			return 0;
-		*prm_len = i;
-		return 1;
-		}
-
-	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
-	if (s == NULL)
-		{
-		RSAerr(RSA_F_INT_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
-			RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
-			goto err;
-	}
-	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
-
-	if (i <= 0) goto err;
-	/* Oddball MDC2 case: signature can be OCTET STRING.
-	 * check for correct tag and length octets.
-	 */
-	if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10)
-		{
-		if (rm)
-			{
-			memcpy(rm, s + 2, 16);
-			*prm_len = 16;
-			ret = 1;
-			}
-		else if(memcmp(m, s + 2, 16))
-			RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-		else
-			ret = 1;
-		}
-
-	/* Special case: SSL signature */
-	if(dtype == NID_md5_sha1) {
-		if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
-				RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-		else ret = 1;
-	} else {
-		const unsigned char *p=s;
-		sig=d2i_X509_SIG(NULL,&p,(long)i);
-
-		if (sig == NULL) goto err;
-
-		/* Excess data can be used to create forgeries */
-		if(p != s+i || !rsa_check_digestinfo(sig, s, i))
-			{
-			RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-			goto err;
-			}
-
-		/* Parameters to the signature algorithm can also be used to
-		   create forgeries */
-		if(sig->algor->parameter
-		   && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
-			{
-			RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-			goto err;
-			}
-
-		sigtype=OBJ_obj2nid(sig->algor->algorithm);
-
-
-	#ifdef RSA_DEBUG
-		/* put a backward compatibility flag in EAY */
-		fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
-			OBJ_nid2ln(dtype));
-	#endif
-		if (sigtype != dtype)
-			{
-			if (((dtype == NID_md5) &&
-				(sigtype == NID_md5WithRSAEncryption)) ||
-				((dtype == NID_md2) &&
-				(sigtype == NID_md2WithRSAEncryption)))
-				{
-				/* ok, we will let it through */
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
-				fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
-#endif
-				}
-			else
-				{
-				RSAerr(RSA_F_INT_RSA_VERIFY,
-						RSA_R_ALGORITHM_MISMATCH);
-				goto err;
-				}
-			}
-		if (rm)
-			{
-			const EVP_MD *md;
-			md = EVP_get_digestbynid(dtype);
-			if (md && (EVP_MD_size(md) != sig->digest->length))
-				RSAerr(RSA_F_INT_RSA_VERIFY,
-						RSA_R_INVALID_DIGEST_LENGTH);
-			else
-				{
-				memcpy(rm, sig->digest->data,
-							sig->digest->length);
-				*prm_len = sig->digest->length;
-				ret = 1;
-				}
-			}
-		else if (((unsigned int)sig->digest->length != m_len) ||
-			(memcmp(m,sig->digest->data,m_len) != 0))
-			{
-			RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-			}
-		else
-			ret=1;
-	}
-err:
-	if (sig != NULL) X509_SIG_free(sig);
-	if (s != NULL)
-		{
-		OPENSSL_cleanse(s,(unsigned int)siglen);
-		OPENSSL_free(s);
-		}
-	return(ret);
-	}
-
-int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
-		const unsigned char *sigbuf, unsigned int siglen,
-		RSA *rsa)
-	{
-
-	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
-		{
-		return rsa->meth->rsa_verify(dtype, m, m_len,
-			sigbuf, siglen, rsa);
-		}
-
-	return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
-	}
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
deleted file mode 100644
index cfeff15bc9..0000000000
--- a/crypto/rsa/rsa_ssl.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/* crypto/rsa/rsa_ssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
-	const unsigned char *from, int flen)
-	{
-	int i,j;
-	unsigned char *p;
-	
-	if (flen > (tlen-11))
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return(0);
-		}
-	
-	p=(unsigned char *)to;
-
-	*(p++)=0;
-	*(p++)=2; /* Public Key BT (Block Type) */
-
-	/* pad out with non-zero random data */
-	j=tlen-3-8-flen;
-
-	if (RAND_bytes(p,j) <= 0)
-		return(0);
-	for (i=0; i<j; i++)
-		{
-		if (*p == '\0')
-			do	{
-				if (RAND_bytes(p,1) <= 0)
-					return(0);
-				} while (*p == '\0');
-		p++;
-		}
-
-	memset(p,3,8);
-	p+=8;
-	*(p++)='\0';
-
-	memcpy(p,from,(unsigned int)flen);
-	return(1);
-	}
-
-int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
-	const unsigned char *from, int flen, int num)
-	{
-	int i,j,k;
-	const unsigned char *p;
-
-	p=from;
-	if (flen < 10)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL);
-		return(-1);
-		}
-	if ((num != (flen+1)) || (*(p++) != 02))
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02);
-		return(-1);
-		}
-
-	/* scan over padding data */
-	j=flen-1; /* one for type */
-	for (i=0; i<j; i++)
-		if (*(p++) == 0) break;
-
-	if ((i == j) || (i < 8))
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);
-		return(-1);
-		}
-	for (k = -9; k<-1; k++)
-		{
-		if (p[k] !=  0x03) break;
-		}
-	if (k == -1)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
-		return(-1);
-		}
-
-	i++; /* Skip over the '\0' */
-	j-=i;
-	if (j > tlen)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);
-		return(-1);
-		}
-	memcpy(to,p,(unsigned int)j);
-
-	return(j);
-	}
-
diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c
deleted file mode 100644
index c8705a0f6e..0000000000
--- a/crypto/rsa/rsa_test.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/* test vectors from p1ovect1.txt */
-
-#include <stdio.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-#ifdef OPENSSL_NO_RSA
-int main(int argc, char *argv[])
-{
-    printf("No RSA support\n");
-    return(0);
-}
-#else
-#include <openssl/rsa.h>
-
-#define SetKey \
-  key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
-  key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
-  key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
-  key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
-  key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
-  key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
-  key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
-  key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
-  memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
-  return (sizeof(ctext_ex) - 1);
-
-static int key1(RSA *key, unsigned char *c)
-    {
-    static unsigned char n[] =
-"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
-"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
-"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
-"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
-"\xF5";
-
-    static unsigned char e[] = "\x11";
-
-    static unsigned char d[] =
-"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
-"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
-"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
-"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
-
-    static unsigned char p[] =
-"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
-"\x0D";
-    
-    static unsigned char q[] =
-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
-"\x89";
-
-    static unsigned char dmp1[] =
-"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
-"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
-
-    static unsigned char dmq1[] =
-"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
-"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
-"\x51";
-
-    static unsigned char iqmp[] =
-"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
-"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
-
-    static unsigned char ctext_ex[] =
-"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
-"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
-"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
-"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
-
-    SetKey;
-    }
-
-static int key2(RSA *key, unsigned char *c)
-    {
-    static unsigned char n[] =
-"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
-"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
-"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
-"\x34\x77\xCF";
-
-    static unsigned char e[] = "\x3";
-
-    static unsigned char d[] =
-"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
-"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
-"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
-"\xE5\xEB";
-
-    static unsigned char p[] =
-"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
-"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
-
-    static unsigned char q[] =
-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
-    
-    static unsigned char dmp1[] =
-"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
-"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
-
-    static unsigned char dmq1[] =
-"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
-"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
-
-    static unsigned char iqmp[] =
-"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
-"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
-
-    static unsigned char ctext_ex[] =
-"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
-"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
-"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
-"\x62\x51";
-
-    SetKey;
-    }
-
-static int key3(RSA *key, unsigned char *c)
-    {
-    static unsigned char n[] =
-"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
-"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
-"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
-"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
-"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
-"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
-"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
-"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
-"\xCB";
-
-    static unsigned char e[] = "\x11";
-
-    static unsigned char d[] =
-"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
-"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
-"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
-"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
-"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
-"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
-"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
-"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
-"\xC1";
-
-    static unsigned char p[] =
-"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
-"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
-"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
-"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
-"\x99";
-
-    static unsigned char q[] =
-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
-"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
-"\x03";
-
-    static unsigned char dmp1[] =
-"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
-"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
-"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
-"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
-
-    static unsigned char dmq1[] =
-"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
-"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
-"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
-"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
-    
-    static unsigned char iqmp[] =
-"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
-"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
-"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
-"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
-"\xF7";
-
-    static unsigned char ctext_ex[] =
-"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
-"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
-"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
-"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
-"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
-"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
-"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
-"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
-
-    SetKey;
-    }
-
-static int pad_unknown(void)
-{
-    unsigned long l;
-    while ((l = ERR_get_error()) != 0)
-      if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
-	return(1);
-    return(0);
-}
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int main(int argc, char *argv[])
-    {
-    int err=0;
-    int v;
-    RSA *key;
-    unsigned char ptext[256];
-    unsigned char ctext[256];
-    static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
-    unsigned char ctext_ex[256];
-    int plen;
-    int clen = 0;
-    int num;
-    int n;
-
-    CRYPTO_malloc_debug_init();
-    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
-
-    plen = sizeof(ptext_ex) - 1;
-
-    for (v = 0; v < 6; v++)
-	{
-	key = RSA_new();
-	switch (v%3) {
-    case 0:
-	clen = key1(key, ctext_ex);
-	break;
-    case 1:
-	clen = key2(key, ctext_ex);
-	break;
-    case 2:
-	clen = key3(key, ctext_ex);
-	break;
-	}
-	if (v/3 >= 1) key->flags |= RSA_FLAG_NO_CONSTTIME;
-
-	num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
-				 RSA_PKCS1_PADDING);
-	if (num != clen)
-	    {
-	    printf("PKCS#1 v1.5 encryption failed!\n");
-	    err=1;
-	    goto oaep;
-	    }
-  
-	num = RSA_private_decrypt(num, ctext, ptext, key,
-				  RSA_PKCS1_PADDING);
-	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
-	    {
-	    printf("PKCS#1 v1.5 decryption failed!\n");
-	    err=1;
-	    }
-	else
-	    printf("PKCS #1 v1.5 encryption/decryption ok\n");
-
-    oaep:
-	ERR_clear_error();
-	num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
-				 RSA_PKCS1_OAEP_PADDING);
-	if (num == -1 && pad_unknown())
-	    {
-	    printf("No OAEP support\n");
-	    goto next;
-	    }
-	if (num != clen)
-	    {
-	    printf("OAEP encryption failed!\n");
-	    err=1;
-	    goto next;
-	    }
-
-	num = RSA_private_decrypt(num, ctext, ptext, key,
-				  RSA_PKCS1_OAEP_PADDING);
-	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
-	    {
-	    printf("OAEP decryption (encrypted data) failed!\n");
-	    err=1;
-	    }
-	else if (memcmp(ctext, ctext_ex, num) == 0)
-	    printf("OAEP test vector %d passed!\n", v);
-    
-	/* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
-	   Try decrypting ctext_ex */
-
-	num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
-				  RSA_PKCS1_OAEP_PADDING);
-
-	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
-	    {
-	    printf("OAEP decryption (test vector data) failed!\n");
-	    err=1;
-	    }
-	else
-	    printf("OAEP encryption/decryption ok\n");
-
-	/* Try decrypting corrupted ciphertexts */
-	for(n = 0 ; n < clen ; ++n)
-	    {
-	    int b;
-	    unsigned char saved = ctext[n];
-	    for(b = 0 ; b < 256 ; ++b)
-		{
-		if(b == saved)
-		    continue;
-		ctext[n] = b;
-		num = RSA_private_decrypt(num, ctext, ptext, key,
-					  RSA_PKCS1_OAEP_PADDING);
-		if(num > 0)
-		    {
-		    printf("Corrupt data decrypted!\n");
-		    err = 1;
-		    }
-		}
-	    }
-    next:
-	RSA_free(key);
-	}
-
-    CRYPTO_cleanup_all_ex_data();
-    ERR_remove_thread_state(NULL);
-
-    CRYPTO_mem_leaks_fp(stderr);
-
-#ifdef OPENSSL_SYS_NETWARE
-    if (err) printf("ERROR: %d\n", err);
-#endif
-    return err;
-    }
-#endif
diff --git a/crypto/rsa/rsa_x931.c b/crypto/rsa/rsa_x931.c
deleted file mode 100644
index 21548e37ed..0000000000
--- a/crypto/rsa/rsa_x931.c
+++ /dev/null
@@ -1,177 +0,0 @@
-/* rsa_x931.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-
-int RSA_padding_add_X931(unsigned char *to, int tlen,
-	     const unsigned char *from, int flen)
-	{
-	int j;
-	unsigned char *p;
-
-	/* Absolute minimum amount of padding is 1 header nibble, 1 padding
-	 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
-	 */
-
-	j = tlen - flen - 2;
-
-	if (j < 0)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return -1;
-		}
-	
-	p=(unsigned char *)to;
-
-	/* If no padding start and end nibbles are in one byte */
-	if (j == 0)
-		*p++ = 0x6A;
-	else
-		{
-		*p++ = 0x6B;
-		if (j > 1)
-			{
-			memset(p, 0xBB, j - 1);
-			p += j - 1;
-			}
-		*p++ = 0xBA;
-		}
-	memcpy(p,from,(unsigned int)flen);
-	p += flen;
-	*p = 0xCC;
-	return(1);
-	}
-
-int RSA_padding_check_X931(unsigned char *to, int tlen,
-	     const unsigned char *from, int flen, int num)
-	{
-	int i = 0,j;
-	const unsigned char *p;
-
-	p=from;
-	if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B)))
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER);
-		return -1;
-		}
-
-	if (*p++ == 0x6B)
-		{
-		j=flen-3;
-		for (i = 0; i < j; i++)
-			{
-			unsigned char c = *p++;
-			if (c == 0xBA)
-				break;
-			if (c != 0xBB)
-				{
-				RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
-					RSA_R_INVALID_PADDING);
-				return -1;
-				}
-			}
-
-		j -= i;
-
-		if (i == 0)
-			{
-			RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
-			return -1;
-			}
-
-		}
-	else j = flen - 2;
-
-	if (p[j] != 0xCC)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
-		return -1;
-		}
-
-	memcpy(to,p,(unsigned int)j);
-
-	return(j);
-	}
-
-/* Translate between X931 hash ids and NIDs */
-
-int RSA_X931_hash_id(int nid)
-	{
-	switch (nid)
-		{
-		case NID_sha1:
-		return 0x33;
-
-		case NID_sha256:
-		return 0x34;
-
-		case NID_sha384:
-		return 0x36;
-
-		case NID_sha512:
-		return 0x35;
-
-		}
-	return -1;
-	}
-
diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c
deleted file mode 100644
index f2e94ef47e..0000000000
--- a/crypto/s390xcap.c
+++ /dev/null
@@ -1,37 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <setjmp.h>
-#include <signal.h>
-
-extern unsigned long OPENSSL_s390xcap_P[];
-
-static sigjmp_buf ill_jmp;
-static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
-
-unsigned long OPENSSL_s390x_facilities(void);
-
-void OPENSSL_cpuid_setup(void)
-	{
-	sigset_t oset;
-	struct sigaction ill_act,oact;
-
-	if (OPENSSL_s390xcap_P[0]) return;
-
-	OPENSSL_s390xcap_P[0] = 1UL<<(8*sizeof(unsigned long)-1);
-
-	memset(&ill_act,0,sizeof(ill_act));
-	ill_act.sa_handler = ill_handler;
-	sigfillset(&ill_act.sa_mask);
-	sigdelset(&ill_act.sa_mask,SIGILL);
-	sigdelset(&ill_act.sa_mask,SIGTRAP);
-	sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset);
-	sigaction (SIGILL,&ill_act,&oact);
-
-	/* protection against missing store-facility-list-extended */
-	if (sigsetjmp(ill_jmp,1) == 0)
-		OPENSSL_s390x_facilities();
-
-	sigaction (SIGILL,&oact,NULL);
-	sigprocmask(SIG_SETMASK,&oset,NULL);
-	}
diff --git a/crypto/s390xcpuid.S b/crypto/s390xcpuid.S
deleted file mode 100644
index 06815347e6..0000000000
--- a/crypto/s390xcpuid.S
+++ /dev/null
@@ -1,99 +0,0 @@
-.text
-
-.globl	OPENSSL_s390x_facilities
-.type	OPENSSL_s390x_facilities,@function
-.align	16
-OPENSSL_s390x_facilities:
-	lghi	%r0,0
-	larl	%r2,OPENSSL_s390xcap_P
-	stg	%r0,8(%r2)
-	.long	0xb2b02000	# stfle	0(%r2)
-	brc	8,.Ldone
-	lghi	%r0,1
-	.long	0xb2b02000	# stfle 0(%r2)
-.Ldone:
-	lg	%r2,0(%r2)
-	br	%r14
-.size	OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
-
-.globl	OPENSSL_rdtsc
-.type	OPENSSL_rdtsc,@function
-.align	16
-OPENSSL_rdtsc:
-	stck	16(%r15)
-	lg	%r2,16(%r15)
-	br	%r14
-.size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
-
-.globl	OPENSSL_atomic_add
-.type	OPENSSL_atomic_add,@function
-.align	16
-OPENSSL_atomic_add:
-	l	%r1,0(%r2)
-.Lspin:	lr	%r0,%r1
-	ar	%r0,%r3
-	cs	%r1,%r0,0(%r2)
-	brc	4,.Lspin
-	lgfr	%r2,%r0		# OpenSSL expects the new value
-	br	%r14
-.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
-
-.globl	OPENSSL_wipe_cpu
-.type	OPENSSL_wipe_cpu,@function
-.align	16
-OPENSSL_wipe_cpu:
-	xgr	%r0,%r0
-	xgr	%r1,%r1
-	lgr	%r2,%r15
-	xgr	%r3,%r3
-	xgr	%r4,%r4
-	lzdr	%f0
-	lzdr	%f1
-	lzdr	%f2
-	lzdr	%f3
-	lzdr	%f4
-	lzdr	%f5
-	lzdr	%f6
-	lzdr	%f7
-	br	%r14
-.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
-
-.globl	OPENSSL_cleanse
-.type	OPENSSL_cleanse,@function
-.align	16
-OPENSSL_cleanse:
-#if !defined(__s390x__) && !defined(__s390x)
-	llgfr	%r3,%r3
-#endif
-	lghi	%r4,15
-	lghi	%r0,0
-	clgr	%r3,%r4
-	jh	.Lot
-	clgr	%r3,%r0
-	bcr	8,%r14
-.Little:
-	stc	%r0,0(%r2)
-	la	%r2,1(%r2)
-	brctg	%r3,.Little
-	br	%r14
-.align	4
-.Lot:	tmll	%r2,7
-	jz	.Laligned
-	stc	%r0,0(%r2)
-	la	%r2,1(%r2)
-	brctg	%r3,.Lot
-.Laligned:
-	srlg	%r4,%r3,3
-.Loop:	stg	%r0,0(%r2)
-	la	%r2,8(%r2)
-	brctg	%r4,.Loop
-	lghi	%r4,7
-	ngr	%r3,%r4
-	jnz	.Little
-	br	%r14
-.size	OPENSSL_cleanse,.-OPENSSL_cleanse
-
-.section	.init
-	brasl	%r14,OPENSSL_cpuid_setup
-
-.comm	OPENSSL_s390xcap_P,16,8
diff --git a/crypto/sha/asm/README b/crypto/sha/asm/README
deleted file mode 100644
index b7e755765f..0000000000
--- a/crypto/sha/asm/README
+++ /dev/null
@@ -1 +0,0 @@
-C2.pl works
diff --git a/crypto/sha/asm/sha1-586.S b/crypto/sha/asm/sha1-586.S
deleted file mode 100644
index 47bef2a949..0000000000
--- a/crypto/sha/asm/sha1-586.S
+++ /dev/null
@@ -1,2639 +0,0 @@
-.file	"sha1-586.s"
-.text
-.globl	sha1_block_data_order
-.type	sha1_block_data_order,@function
-.align	16
-sha1_block_data_order:
-.L_sha1_block_data_order_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	call	.L000pic_point
-.L000pic_point:
-	popl	%ebp
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L000pic_point](%ebp),%esi
-	movl	OPENSSL_ia32cap_P@GOT(%esi),%esi
-	leal	.LK_XX_XX-.L000pic_point(%ebp),%ebp
-	movl	(%esi),%eax
-	movl	4(%esi),%edx
-	testl	$512,%edx
-	jz	.L001x86
-	testl	$16777216,%eax
-	jz	.L001x86
-	jmp	.Lssse3_shortcut
-.align	16
-.L001x86:
-	movl	20(%esp),%ebp
-	movl	24(%esp),%esi
-	movl	28(%esp),%eax
-	subl	$76,%esp
-	shll	$6,%eax
-	addl	%esi,%eax
-	movl	%eax,104(%esp)
-	movl	16(%ebp),%edi
-	jmp	.L002loop
-.align	16
-.L002loop:
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	movl	%eax,(%esp)
-	movl	%ebx,4(%esp)
-	movl	%ecx,8(%esp)
-	movl	%edx,12(%esp)
-	movl	16(%esi),%eax
-	movl	20(%esi),%ebx
-	movl	24(%esi),%ecx
-	movl	28(%esi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	movl	%eax,16(%esp)
-	movl	%ebx,20(%esp)
-	movl	%ecx,24(%esp)
-	movl	%edx,28(%esp)
-	movl	32(%esi),%eax
-	movl	36(%esi),%ebx
-	movl	40(%esi),%ecx
-	movl	44(%esi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	movl	%eax,32(%esp)
-	movl	%ebx,36(%esp)
-	movl	%ecx,40(%esp)
-	movl	%edx,44(%esp)
-	movl	48(%esi),%eax
-	movl	52(%esi),%ebx
-	movl	56(%esi),%ecx
-	movl	60(%esi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	movl	%eax,48(%esp)
-	movl	%ebx,52(%esp)
-	movl	%ecx,56(%esp)
-	movl	%edx,60(%esp)
-	movl	%esi,100(%esp)
-	movl	(%ebp),%eax
-	movl	4(%ebp),%ebx
-	movl	8(%ebp),%ecx
-	movl	12(%ebp),%edx
-
-	movl	%ecx,%esi
-	movl	%eax,%ebp
-	roll	$5,%ebp
-	xorl	%edx,%esi
-	addl	%edi,%ebp
-	movl	(%esp),%edi
-	andl	%ebx,%esi
-	rorl	$2,%ebx
-	xorl	%edx,%esi
-	leal	1518500249(%ebp,%edi,1),%ebp
-	addl	%esi,%ebp
-
-	movl	%ebx,%edi
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	xorl	%ecx,%edi
-	addl	%edx,%ebp
-	movl	4(%esp),%edx
-	andl	%eax,%edi
-	rorl	$2,%eax
-	xorl	%ecx,%edi
-	leal	1518500249(%ebp,%edx,1),%ebp
-	addl	%edi,%ebp
-
-	movl	%eax,%edx
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	xorl	%ebx,%edx
-	addl	%ecx,%ebp
-	movl	8(%esp),%ecx
-	andl	%esi,%edx
-	rorl	$2,%esi
-	xorl	%ebx,%edx
-	leal	1518500249(%ebp,%ecx,1),%ebp
-	addl	%edx,%ebp
-
-	movl	%esi,%ecx
-	movl	%ebp,%edx
-	roll	$5,%ebp
-	xorl	%eax,%ecx
-	addl	%ebx,%ebp
-	movl	12(%esp),%ebx
-	andl	%edi,%ecx
-	rorl	$2,%edi
-	xorl	%eax,%ecx
-	leal	1518500249(%ebp,%ebx,1),%ebp
-	addl	%ecx,%ebp
-
-	movl	%edi,%ebx
-	movl	%ebp,%ecx
-	roll	$5,%ebp
-	xorl	%esi,%ebx
-	addl	%eax,%ebp
-	movl	16(%esp),%eax
-	andl	%edx,%ebx
-	rorl	$2,%edx
-	xorl	%esi,%ebx
-	leal	1518500249(%ebp,%eax,1),%ebp
-	addl	%ebx,%ebp
-
-	movl	%edx,%eax
-	movl	%ebp,%ebx
-	roll	$5,%ebp
-	xorl	%edi,%eax
-	addl	%esi,%ebp
-	movl	20(%esp),%esi
-	andl	%ecx,%eax
-	rorl	$2,%ecx
-	xorl	%edi,%eax
-	leal	1518500249(%ebp,%esi,1),%ebp
-	addl	%eax,%ebp
-
-	movl	%ecx,%esi
-	movl	%ebp,%eax
-	roll	$5,%ebp
-	xorl	%edx,%esi
-	addl	%edi,%ebp
-	movl	24(%esp),%edi
-	andl	%ebx,%esi
-	rorl	$2,%ebx
-	xorl	%edx,%esi
-	leal	1518500249(%ebp,%edi,1),%ebp
-	addl	%esi,%ebp
-
-	movl	%ebx,%edi
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	xorl	%ecx,%edi
-	addl	%edx,%ebp
-	movl	28(%esp),%edx
-	andl	%eax,%edi
-	rorl	$2,%eax
-	xorl	%ecx,%edi
-	leal	1518500249(%ebp,%edx,1),%ebp
-	addl	%edi,%ebp
-
-	movl	%eax,%edx
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	xorl	%ebx,%edx
-	addl	%ecx,%ebp
-	movl	32(%esp),%ecx
-	andl	%esi,%edx
-	rorl	$2,%esi
-	xorl	%ebx,%edx
-	leal	1518500249(%ebp,%ecx,1),%ebp
-	addl	%edx,%ebp
-
-	movl	%esi,%ecx
-	movl	%ebp,%edx
-	roll	$5,%ebp
-	xorl	%eax,%ecx
-	addl	%ebx,%ebp
-	movl	36(%esp),%ebx
-	andl	%edi,%ecx
-	rorl	$2,%edi
-	xorl	%eax,%ecx
-	leal	1518500249(%ebp,%ebx,1),%ebp
-	addl	%ecx,%ebp
-
-	movl	%edi,%ebx
-	movl	%ebp,%ecx
-	roll	$5,%ebp
-	xorl	%esi,%ebx
-	addl	%eax,%ebp
-	movl	40(%esp),%eax
-	andl	%edx,%ebx
-	rorl	$2,%edx
-	xorl	%esi,%ebx
-	leal	1518500249(%ebp,%eax,1),%ebp
-	addl	%ebx,%ebp
-
-	movl	%edx,%eax
-	movl	%ebp,%ebx
-	roll	$5,%ebp
-	xorl	%edi,%eax
-	addl	%esi,%ebp
-	movl	44(%esp),%esi
-	andl	%ecx,%eax
-	rorl	$2,%ecx
-	xorl	%edi,%eax
-	leal	1518500249(%ebp,%esi,1),%ebp
-	addl	%eax,%ebp
-
-	movl	%ecx,%esi
-	movl	%ebp,%eax
-	roll	$5,%ebp
-	xorl	%edx,%esi
-	addl	%edi,%ebp
-	movl	48(%esp),%edi
-	andl	%ebx,%esi
-	rorl	$2,%ebx
-	xorl	%edx,%esi
-	leal	1518500249(%ebp,%edi,1),%ebp
-	addl	%esi,%ebp
-
-	movl	%ebx,%edi
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	xorl	%ecx,%edi
-	addl	%edx,%ebp
-	movl	52(%esp),%edx
-	andl	%eax,%edi
-	rorl	$2,%eax
-	xorl	%ecx,%edi
-	leal	1518500249(%ebp,%edx,1),%ebp
-	addl	%edi,%ebp
-
-	movl	%eax,%edx
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	xorl	%ebx,%edx
-	addl	%ecx,%ebp
-	movl	56(%esp),%ecx
-	andl	%esi,%edx
-	rorl	$2,%esi
-	xorl	%ebx,%edx
-	leal	1518500249(%ebp,%ecx,1),%ebp
-	addl	%edx,%ebp
-
-	movl	%esi,%ecx
-	movl	%ebp,%edx
-	roll	$5,%ebp
-	xorl	%eax,%ecx
-	addl	%ebx,%ebp
-	movl	60(%esp),%ebx
-	andl	%edi,%ecx
-	rorl	$2,%edi
-	xorl	%eax,%ecx
-	leal	1518500249(%ebp,%ebx,1),%ebp
-	movl	(%esp),%ebx
-	addl	%ebp,%ecx
-
-	movl	%edi,%ebp
-	xorl	8(%esp),%ebx
-	xorl	%esi,%ebp
-	xorl	32(%esp),%ebx
-	andl	%edx,%ebp
-	xorl	52(%esp),%ebx
-	roll	$1,%ebx
-	xorl	%esi,%ebp
-	addl	%ebp,%eax
-	movl	%ecx,%ebp
-	rorl	$2,%edx
-	movl	%ebx,(%esp)
-	roll	$5,%ebp
-	leal	1518500249(%ebx,%eax,1),%ebx
-	movl	4(%esp),%eax
-	addl	%ebp,%ebx
-
-	movl	%edx,%ebp
-	xorl	12(%esp),%eax
-	xorl	%edi,%ebp
-	xorl	36(%esp),%eax
-	andl	%ecx,%ebp
-	xorl	56(%esp),%eax
-	roll	$1,%eax
-	xorl	%edi,%ebp
-	addl	%ebp,%esi
-	movl	%ebx,%ebp
-	rorl	$2,%ecx
-	movl	%eax,4(%esp)
-	roll	$5,%ebp
-	leal	1518500249(%eax,%esi,1),%eax
-	movl	8(%esp),%esi
-	addl	%ebp,%eax
-
-	movl	%ecx,%ebp
-	xorl	16(%esp),%esi
-	xorl	%edx,%ebp
-	xorl	40(%esp),%esi
-	andl	%ebx,%ebp
-	xorl	60(%esp),%esi
-	roll	$1,%esi
-	xorl	%edx,%ebp
-	addl	%ebp,%edi
-	movl	%eax,%ebp
-	rorl	$2,%ebx
-	movl	%esi,8(%esp)
-	roll	$5,%ebp
-	leal	1518500249(%esi,%edi,1),%esi
-	movl	12(%esp),%edi
-	addl	%ebp,%esi
-
-	movl	%ebx,%ebp
-	xorl	20(%esp),%edi
-	xorl	%ecx,%ebp
-	xorl	44(%esp),%edi
-	andl	%eax,%ebp
-	xorl	(%esp),%edi
-	roll	$1,%edi
-	xorl	%ecx,%ebp
-	addl	%ebp,%edx
-	movl	%esi,%ebp
-	rorl	$2,%eax
-	movl	%edi,12(%esp)
-	roll	$5,%ebp
-	leal	1518500249(%edi,%edx,1),%edi
-	movl	16(%esp),%edx
-	addl	%ebp,%edi
-
-	movl	%esi,%ebp
-	xorl	24(%esp),%edx
-	xorl	%eax,%ebp
-	xorl	48(%esp),%edx
-	xorl	%ebx,%ebp
-	xorl	4(%esp),%edx
-	roll	$1,%edx
-	addl	%ebp,%ecx
-	rorl	$2,%esi
-	movl	%edi,%ebp
-	roll	$5,%ebp
-	movl	%edx,16(%esp)
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	20(%esp),%ecx
-	addl	%ebp,%edx
-
-	movl	%edi,%ebp
-	xorl	28(%esp),%ecx
-	xorl	%esi,%ebp
-	xorl	52(%esp),%ecx
-	xorl	%eax,%ebp
-	xorl	8(%esp),%ecx
-	roll	$1,%ecx
-	addl	%ebp,%ebx
-	rorl	$2,%edi
-	movl	%edx,%ebp
-	roll	$5,%ebp
-	movl	%ecx,20(%esp)
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	24(%esp),%ebx
-	addl	%ebp,%ecx
-
-	movl	%edx,%ebp
-	xorl	32(%esp),%ebx
-	xorl	%edi,%ebp
-	xorl	56(%esp),%ebx
-	xorl	%esi,%ebp
-	xorl	12(%esp),%ebx
-	roll	$1,%ebx
-	addl	%ebp,%eax
-	rorl	$2,%edx
-	movl	%ecx,%ebp
-	roll	$5,%ebp
-	movl	%ebx,24(%esp)
-	leal	1859775393(%ebx,%eax,1),%ebx
-	movl	28(%esp),%eax
-	addl	%ebp,%ebx
-
-	movl	%ecx,%ebp
-	xorl	36(%esp),%eax
-	xorl	%edx,%ebp
-	xorl	60(%esp),%eax
-	xorl	%edi,%ebp
-	xorl	16(%esp),%eax
-	roll	$1,%eax
-	addl	%ebp,%esi
-	rorl	$2,%ecx
-	movl	%ebx,%ebp
-	roll	$5,%ebp
-	movl	%eax,28(%esp)
-	leal	1859775393(%eax,%esi,1),%eax
-	movl	32(%esp),%esi
-	addl	%ebp,%eax
-
-	movl	%ebx,%ebp
-	xorl	40(%esp),%esi
-	xorl	%ecx,%ebp
-	xorl	(%esp),%esi
-	xorl	%edx,%ebp
-	xorl	20(%esp),%esi
-	roll	$1,%esi
-	addl	%ebp,%edi
-	rorl	$2,%ebx
-	movl	%eax,%ebp
-	roll	$5,%ebp
-	movl	%esi,32(%esp)
-	leal	1859775393(%esi,%edi,1),%esi
-	movl	36(%esp),%edi
-	addl	%ebp,%esi
-
-	movl	%eax,%ebp
-	xorl	44(%esp),%edi
-	xorl	%ebx,%ebp
-	xorl	4(%esp),%edi
-	xorl	%ecx,%ebp
-	xorl	24(%esp),%edi
-	roll	$1,%edi
-	addl	%ebp,%edx
-	rorl	$2,%eax
-	movl	%esi,%ebp
-	roll	$5,%ebp
-	movl	%edi,36(%esp)
-	leal	1859775393(%edi,%edx,1),%edi
-	movl	40(%esp),%edx
-	addl	%ebp,%edi
-
-	movl	%esi,%ebp
-	xorl	48(%esp),%edx
-	xorl	%eax,%ebp
-	xorl	8(%esp),%edx
-	xorl	%ebx,%ebp
-	xorl	28(%esp),%edx
-	roll	$1,%edx
-	addl	%ebp,%ecx
-	rorl	$2,%esi
-	movl	%edi,%ebp
-	roll	$5,%ebp
-	movl	%edx,40(%esp)
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	44(%esp),%ecx
-	addl	%ebp,%edx
-
-	movl	%edi,%ebp
-	xorl	52(%esp),%ecx
-	xorl	%esi,%ebp
-	xorl	12(%esp),%ecx
-	xorl	%eax,%ebp
-	xorl	32(%esp),%ecx
-	roll	$1,%ecx
-	addl	%ebp,%ebx
-	rorl	$2,%edi
-	movl	%edx,%ebp
-	roll	$5,%ebp
-	movl	%ecx,44(%esp)
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	48(%esp),%ebx
-	addl	%ebp,%ecx
-
-	movl	%edx,%ebp
-	xorl	56(%esp),%ebx
-	xorl	%edi,%ebp
-	xorl	16(%esp),%ebx
-	xorl	%esi,%ebp
-	xorl	36(%esp),%ebx
-	roll	$1,%ebx
-	addl	%ebp,%eax
-	rorl	$2,%edx
-	movl	%ecx,%ebp
-	roll	$5,%ebp
-	movl	%ebx,48(%esp)
-	leal	1859775393(%ebx,%eax,1),%ebx
-	movl	52(%esp),%eax
-	addl	%ebp,%ebx
-
-	movl	%ecx,%ebp
-	xorl	60(%esp),%eax
-	xorl	%edx,%ebp
-	xorl	20(%esp),%eax
-	xorl	%edi,%ebp
-	xorl	40(%esp),%eax
-	roll	$1,%eax
-	addl	%ebp,%esi
-	rorl	$2,%ecx
-	movl	%ebx,%ebp
-	roll	$5,%ebp
-	movl	%eax,52(%esp)
-	leal	1859775393(%eax,%esi,1),%eax
-	movl	56(%esp),%esi
-	addl	%ebp,%eax
-
-	movl	%ebx,%ebp
-	xorl	(%esp),%esi
-	xorl	%ecx,%ebp
-	xorl	24(%esp),%esi
-	xorl	%edx,%ebp
-	xorl	44(%esp),%esi
-	roll	$1,%esi
-	addl	%ebp,%edi
-	rorl	$2,%ebx
-	movl	%eax,%ebp
-	roll	$5,%ebp
-	movl	%esi,56(%esp)
-	leal	1859775393(%esi,%edi,1),%esi
-	movl	60(%esp),%edi
-	addl	%ebp,%esi
-
-	movl	%eax,%ebp
-	xorl	4(%esp),%edi
-	xorl	%ebx,%ebp
-	xorl	28(%esp),%edi
-	xorl	%ecx,%ebp
-	xorl	48(%esp),%edi
-	roll	$1,%edi
-	addl	%ebp,%edx
-	rorl	$2,%eax
-	movl	%esi,%ebp
-	roll	$5,%ebp
-	movl	%edi,60(%esp)
-	leal	1859775393(%edi,%edx,1),%edi
-	movl	(%esp),%edx
-	addl	%ebp,%edi
-
-	movl	%esi,%ebp
-	xorl	8(%esp),%edx
-	xorl	%eax,%ebp
-	xorl	32(%esp),%edx
-	xorl	%ebx,%ebp
-	xorl	52(%esp),%edx
-	roll	$1,%edx
-	addl	%ebp,%ecx
-	rorl	$2,%esi
-	movl	%edi,%ebp
-	roll	$5,%ebp
-	movl	%edx,(%esp)
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	4(%esp),%ecx
-	addl	%ebp,%edx
-
-	movl	%edi,%ebp
-	xorl	12(%esp),%ecx
-	xorl	%esi,%ebp
-	xorl	36(%esp),%ecx
-	xorl	%eax,%ebp
-	xorl	56(%esp),%ecx
-	roll	$1,%ecx
-	addl	%ebp,%ebx
-	rorl	$2,%edi
-	movl	%edx,%ebp
-	roll	$5,%ebp
-	movl	%ecx,4(%esp)
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	8(%esp),%ebx
-	addl	%ebp,%ecx
-
-	movl	%edx,%ebp
-	xorl	16(%esp),%ebx
-	xorl	%edi,%ebp
-	xorl	40(%esp),%ebx
-	xorl	%esi,%ebp
-	xorl	60(%esp),%ebx
-	roll	$1,%ebx
-	addl	%ebp,%eax
-	rorl	$2,%edx
-	movl	%ecx,%ebp
-	roll	$5,%ebp
-	movl	%ebx,8(%esp)
-	leal	1859775393(%ebx,%eax,1),%ebx
-	movl	12(%esp),%eax
-	addl	%ebp,%ebx
-
-	movl	%ecx,%ebp
-	xorl	20(%esp),%eax
-	xorl	%edx,%ebp
-	xorl	44(%esp),%eax
-	xorl	%edi,%ebp
-	xorl	(%esp),%eax
-	roll	$1,%eax
-	addl	%ebp,%esi
-	rorl	$2,%ecx
-	movl	%ebx,%ebp
-	roll	$5,%ebp
-	movl	%eax,12(%esp)
-	leal	1859775393(%eax,%esi,1),%eax
-	movl	16(%esp),%esi
-	addl	%ebp,%eax
-
-	movl	%ebx,%ebp
-	xorl	24(%esp),%esi
-	xorl	%ecx,%ebp
-	xorl	48(%esp),%esi
-	xorl	%edx,%ebp
-	xorl	4(%esp),%esi
-	roll	$1,%esi
-	addl	%ebp,%edi
-	rorl	$2,%ebx
-	movl	%eax,%ebp
-	roll	$5,%ebp
-	movl	%esi,16(%esp)
-	leal	1859775393(%esi,%edi,1),%esi
-	movl	20(%esp),%edi
-	addl	%ebp,%esi
-
-	movl	%eax,%ebp
-	xorl	28(%esp),%edi
-	xorl	%ebx,%ebp
-	xorl	52(%esp),%edi
-	xorl	%ecx,%ebp
-	xorl	8(%esp),%edi
-	roll	$1,%edi
-	addl	%ebp,%edx
-	rorl	$2,%eax
-	movl	%esi,%ebp
-	roll	$5,%ebp
-	movl	%edi,20(%esp)
-	leal	1859775393(%edi,%edx,1),%edi
-	movl	24(%esp),%edx
-	addl	%ebp,%edi
-
-	movl	%esi,%ebp
-	xorl	32(%esp),%edx
-	xorl	%eax,%ebp
-	xorl	56(%esp),%edx
-	xorl	%ebx,%ebp
-	xorl	12(%esp),%edx
-	roll	$1,%edx
-	addl	%ebp,%ecx
-	rorl	$2,%esi
-	movl	%edi,%ebp
-	roll	$5,%ebp
-	movl	%edx,24(%esp)
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	28(%esp),%ecx
-	addl	%ebp,%edx
-
-	movl	%edi,%ebp
-	xorl	36(%esp),%ecx
-	xorl	%esi,%ebp
-	xorl	60(%esp),%ecx
-	xorl	%eax,%ebp
-	xorl	16(%esp),%ecx
-	roll	$1,%ecx
-	addl	%ebp,%ebx
-	rorl	$2,%edi
-	movl	%edx,%ebp
-	roll	$5,%ebp
-	movl	%ecx,28(%esp)
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	32(%esp),%ebx
-	addl	%ebp,%ecx
-
-	movl	%edi,%ebp
-	xorl	40(%esp),%ebx
-	xorl	%esi,%ebp
-	xorl	(%esp),%ebx
-	andl	%edx,%ebp
-	xorl	20(%esp),%ebx
-	roll	$1,%ebx
-	addl	%eax,%ebp
-	rorl	$2,%edx
-	movl	%ecx,%eax
-	roll	$5,%eax
-	movl	%ebx,32(%esp)
-	leal	2400959708(%ebx,%ebp,1),%ebx
-	movl	%edi,%ebp
-	addl	%eax,%ebx
-	andl	%esi,%ebp
-	movl	36(%esp),%eax
-	addl	%ebp,%ebx
-
-	movl	%edx,%ebp
-	xorl	44(%esp),%eax
-	xorl	%edi,%ebp
-	xorl	4(%esp),%eax
-	andl	%ecx,%ebp
-	xorl	24(%esp),%eax
-	roll	$1,%eax
-	addl	%esi,%ebp
-	rorl	$2,%ecx
-	movl	%ebx,%esi
-	roll	$5,%esi
-	movl	%eax,36(%esp)
-	leal	2400959708(%eax,%ebp,1),%eax
-	movl	%edx,%ebp
-	addl	%esi,%eax
-	andl	%edi,%ebp
-	movl	40(%esp),%esi
-	addl	%ebp,%eax
-
-	movl	%ecx,%ebp
-	xorl	48(%esp),%esi
-	xorl	%edx,%ebp
-	xorl	8(%esp),%esi
-	andl	%ebx,%ebp
-	xorl	28(%esp),%esi
-	roll	$1,%esi
-	addl	%edi,%ebp
-	rorl	$2,%ebx
-	movl	%eax,%edi
-	roll	$5,%edi
-	movl	%esi,40(%esp)
-	leal	2400959708(%esi,%ebp,1),%esi
-	movl	%ecx,%ebp
-	addl	%edi,%esi
-	andl	%edx,%ebp
-	movl	44(%esp),%edi
-	addl	%ebp,%esi
-
-	movl	%ebx,%ebp
-	xorl	52(%esp),%edi
-	xorl	%ecx,%ebp
-	xorl	12(%esp),%edi
-	andl	%eax,%ebp
-	xorl	32(%esp),%edi
-	roll	$1,%edi
-	addl	%edx,%ebp
-	rorl	$2,%eax
-	movl	%esi,%edx
-	roll	$5,%edx
-	movl	%edi,44(%esp)
-	leal	2400959708(%edi,%ebp,1),%edi
-	movl	%ebx,%ebp
-	addl	%edx,%edi
-	andl	%ecx,%ebp
-	movl	48(%esp),%edx
-	addl	%ebp,%edi
-
-	movl	%eax,%ebp
-	xorl	56(%esp),%edx
-	xorl	%ebx,%ebp
-	xorl	16(%esp),%edx
-	andl	%esi,%ebp
-	xorl	36(%esp),%edx
-	roll	$1,%edx
-	addl	%ecx,%ebp
-	rorl	$2,%esi
-	movl	%edi,%ecx
-	roll	$5,%ecx
-	movl	%edx,48(%esp)
-	leal	2400959708(%edx,%ebp,1),%edx
-	movl	%eax,%ebp
-	addl	%ecx,%edx
-	andl	%ebx,%ebp
-	movl	52(%esp),%ecx
-	addl	%ebp,%edx
-
-	movl	%esi,%ebp
-	xorl	60(%esp),%ecx
-	xorl	%eax,%ebp
-	xorl	20(%esp),%ecx
-	andl	%edi,%ebp
-	xorl	40(%esp),%ecx
-	roll	$1,%ecx
-	addl	%ebx,%ebp
-	rorl	$2,%edi
-	movl	%edx,%ebx
-	roll	$5,%ebx
-	movl	%ecx,52(%esp)
-	leal	2400959708(%ecx,%ebp,1),%ecx
-	movl	%esi,%ebp
-	addl	%ebx,%ecx
-	andl	%eax,%ebp
-	movl	56(%esp),%ebx
-	addl	%ebp,%ecx
-
-	movl	%edi,%ebp
-	xorl	(%esp),%ebx
-	xorl	%esi,%ebp
-	xorl	24(%esp),%ebx
-	andl	%edx,%ebp
-	xorl	44(%esp),%ebx
-	roll	$1,%ebx
-	addl	%eax,%ebp
-	rorl	$2,%edx
-	movl	%ecx,%eax
-	roll	$5,%eax
-	movl	%ebx,56(%esp)
-	leal	2400959708(%ebx,%ebp,1),%ebx
-	movl	%edi,%ebp
-	addl	%eax,%ebx
-	andl	%esi,%ebp
-	movl	60(%esp),%eax
-	addl	%ebp,%ebx
-
-	movl	%edx,%ebp
-	xorl	4(%esp),%eax
-	xorl	%edi,%ebp
-	xorl	28(%esp),%eax
-	andl	%ecx,%ebp
-	xorl	48(%esp),%eax
-	roll	$1,%eax
-	addl	%esi,%ebp
-	rorl	$2,%ecx
-	movl	%ebx,%esi
-	roll	$5,%esi
-	movl	%eax,60(%esp)
-	leal	2400959708(%eax,%ebp,1),%eax
-	movl	%edx,%ebp
-	addl	%esi,%eax
-	andl	%edi,%ebp
-	movl	(%esp),%esi
-	addl	%ebp,%eax
-
-	movl	%ecx,%ebp
-	xorl	8(%esp),%esi
-	xorl	%edx,%ebp
-	xorl	32(%esp),%esi
-	andl	%ebx,%ebp
-	xorl	52(%esp),%esi
-	roll	$1,%esi
-	addl	%edi,%ebp
-	rorl	$2,%ebx
-	movl	%eax,%edi
-	roll	$5,%edi
-	movl	%esi,(%esp)
-	leal	2400959708(%esi,%ebp,1),%esi
-	movl	%ecx,%ebp
-	addl	%edi,%esi
-	andl	%edx,%ebp
-	movl	4(%esp),%edi
-	addl	%ebp,%esi
-
-	movl	%ebx,%ebp
-	xorl	12(%esp),%edi
-	xorl	%ecx,%ebp
-	xorl	36(%esp),%edi
-	andl	%eax,%ebp
-	xorl	56(%esp),%edi
-	roll	$1,%edi
-	addl	%edx,%ebp
-	rorl	$2,%eax
-	movl	%esi,%edx
-	roll	$5,%edx
-	movl	%edi,4(%esp)
-	leal	2400959708(%edi,%ebp,1),%edi
-	movl	%ebx,%ebp
-	addl	%edx,%edi
-	andl	%ecx,%ebp
-	movl	8(%esp),%edx
-	addl	%ebp,%edi
-
-	movl	%eax,%ebp
-	xorl	16(%esp),%edx
-	xorl	%ebx,%ebp
-	xorl	40(%esp),%edx
-	andl	%esi,%ebp
-	xorl	60(%esp),%edx
-	roll	$1,%edx
-	addl	%ecx,%ebp
-	rorl	$2,%esi
-	movl	%edi,%ecx
-	roll	$5,%ecx
-	movl	%edx,8(%esp)
-	leal	2400959708(%edx,%ebp,1),%edx
-	movl	%eax,%ebp
-	addl	%ecx,%edx
-	andl	%ebx,%ebp
-	movl	12(%esp),%ecx
-	addl	%ebp,%edx
-
-	movl	%esi,%ebp
-	xorl	20(%esp),%ecx
-	xorl	%eax,%ebp
-	xorl	44(%esp),%ecx
-	andl	%edi,%ebp
-	xorl	(%esp),%ecx
-	roll	$1,%ecx
-	addl	%ebx,%ebp
-	rorl	$2,%edi
-	movl	%edx,%ebx
-	roll	$5,%ebx
-	movl	%ecx,12(%esp)
-	leal	2400959708(%ecx,%ebp,1),%ecx
-	movl	%esi,%ebp
-	addl	%ebx,%ecx
-	andl	%eax,%ebp
-	movl	16(%esp),%ebx
-	addl	%ebp,%ecx
-
-	movl	%edi,%ebp
-	xorl	24(%esp),%ebx
-	xorl	%esi,%ebp
-	xorl	48(%esp),%ebx
-	andl	%edx,%ebp
-	xorl	4(%esp),%ebx
-	roll	$1,%ebx
-	addl	%eax,%ebp
-	rorl	$2,%edx
-	movl	%ecx,%eax
-	roll	$5,%eax
-	movl	%ebx,16(%esp)
-	leal	2400959708(%ebx,%ebp,1),%ebx
-	movl	%edi,%ebp
-	addl	%eax,%ebx
-	andl	%esi,%ebp
-	movl	20(%esp),%eax
-	addl	%ebp,%ebx
-
-	movl	%edx,%ebp
-	xorl	28(%esp),%eax
-	xorl	%edi,%ebp
-	xorl	52(%esp),%eax
-	andl	%ecx,%ebp
-	xorl	8(%esp),%eax
-	roll	$1,%eax
-	addl	%esi,%ebp
-	rorl	$2,%ecx
-	movl	%ebx,%esi
-	roll	$5,%esi
-	movl	%eax,20(%esp)
-	leal	2400959708(%eax,%ebp,1),%eax
-	movl	%edx,%ebp
-	addl	%esi,%eax
-	andl	%edi,%ebp
-	movl	24(%esp),%esi
-	addl	%ebp,%eax
-
-	movl	%ecx,%ebp
-	xorl	32(%esp),%esi
-	xorl	%edx,%ebp
-	xorl	56(%esp),%esi
-	andl	%ebx,%ebp
-	xorl	12(%esp),%esi
-	roll	$1,%esi
-	addl	%edi,%ebp
-	rorl	$2,%ebx
-	movl	%eax,%edi
-	roll	$5,%edi
-	movl	%esi,24(%esp)
-	leal	2400959708(%esi,%ebp,1),%esi
-	movl	%ecx,%ebp
-	addl	%edi,%esi
-	andl	%edx,%ebp
-	movl	28(%esp),%edi
-	addl	%ebp,%esi
-
-	movl	%ebx,%ebp
-	xorl	36(%esp),%edi
-	xorl	%ecx,%ebp
-	xorl	60(%esp),%edi
-	andl	%eax,%ebp
-	xorl	16(%esp),%edi
-	roll	$1,%edi
-	addl	%edx,%ebp
-	rorl	$2,%eax
-	movl	%esi,%edx
-	roll	$5,%edx
-	movl	%edi,28(%esp)
-	leal	2400959708(%edi,%ebp,1),%edi
-	movl	%ebx,%ebp
-	addl	%edx,%edi
-	andl	%ecx,%ebp
-	movl	32(%esp),%edx
-	addl	%ebp,%edi
-
-	movl	%eax,%ebp
-	xorl	40(%esp),%edx
-	xorl	%ebx,%ebp
-	xorl	(%esp),%edx
-	andl	%esi,%ebp
-	xorl	20(%esp),%edx
-	roll	$1,%edx
-	addl	%ecx,%ebp
-	rorl	$2,%esi
-	movl	%edi,%ecx
-	roll	$5,%ecx
-	movl	%edx,32(%esp)
-	leal	2400959708(%edx,%ebp,1),%edx
-	movl	%eax,%ebp
-	addl	%ecx,%edx
-	andl	%ebx,%ebp
-	movl	36(%esp),%ecx
-	addl	%ebp,%edx
-
-	movl	%esi,%ebp
-	xorl	44(%esp),%ecx
-	xorl	%eax,%ebp
-	xorl	4(%esp),%ecx
-	andl	%edi,%ebp
-	xorl	24(%esp),%ecx
-	roll	$1,%ecx
-	addl	%ebx,%ebp
-	rorl	$2,%edi
-	movl	%edx,%ebx
-	roll	$5,%ebx
-	movl	%ecx,36(%esp)
-	leal	2400959708(%ecx,%ebp,1),%ecx
-	movl	%esi,%ebp
-	addl	%ebx,%ecx
-	andl	%eax,%ebp
-	movl	40(%esp),%ebx
-	addl	%ebp,%ecx
-
-	movl	%edi,%ebp
-	xorl	48(%esp),%ebx
-	xorl	%esi,%ebp
-	xorl	8(%esp),%ebx
-	andl	%edx,%ebp
-	xorl	28(%esp),%ebx
-	roll	$1,%ebx
-	addl	%eax,%ebp
-	rorl	$2,%edx
-	movl	%ecx,%eax
-	roll	$5,%eax
-	movl	%ebx,40(%esp)
-	leal	2400959708(%ebx,%ebp,1),%ebx
-	movl	%edi,%ebp
-	addl	%eax,%ebx
-	andl	%esi,%ebp
-	movl	44(%esp),%eax
-	addl	%ebp,%ebx
-
-	movl	%edx,%ebp
-	xorl	52(%esp),%eax
-	xorl	%edi,%ebp
-	xorl	12(%esp),%eax
-	andl	%ecx,%ebp
-	xorl	32(%esp),%eax
-	roll	$1,%eax
-	addl	%esi,%ebp
-	rorl	$2,%ecx
-	movl	%ebx,%esi
-	roll	$5,%esi
-	movl	%eax,44(%esp)
-	leal	2400959708(%eax,%ebp,1),%eax
-	movl	%edx,%ebp
-	addl	%esi,%eax
-	andl	%edi,%ebp
-	movl	48(%esp),%esi
-	addl	%ebp,%eax
-
-	movl	%ebx,%ebp
-	xorl	56(%esp),%esi
-	xorl	%ecx,%ebp
-	xorl	16(%esp),%esi
-	xorl	%edx,%ebp
-	xorl	36(%esp),%esi
-	roll	$1,%esi
-	addl	%ebp,%edi
-	rorl	$2,%ebx
-	movl	%eax,%ebp
-	roll	$5,%ebp
-	movl	%esi,48(%esp)
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	52(%esp),%edi
-	addl	%ebp,%esi
-
-	movl	%eax,%ebp
-	xorl	60(%esp),%edi
-	xorl	%ebx,%ebp
-	xorl	20(%esp),%edi
-	xorl	%ecx,%ebp
-	xorl	40(%esp),%edi
-	roll	$1,%edi
-	addl	%ebp,%edx
-	rorl	$2,%eax
-	movl	%esi,%ebp
-	roll	$5,%ebp
-	movl	%edi,52(%esp)
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	56(%esp),%edx
-	addl	%ebp,%edi
-
-	movl	%esi,%ebp
-	xorl	(%esp),%edx
-	xorl	%eax,%ebp
-	xorl	24(%esp),%edx
-	xorl	%ebx,%ebp
-	xorl	44(%esp),%edx
-	roll	$1,%edx
-	addl	%ebp,%ecx
-	rorl	$2,%esi
-	movl	%edi,%ebp
-	roll	$5,%ebp
-	movl	%edx,56(%esp)
-	leal	3395469782(%edx,%ecx,1),%edx
-	movl	60(%esp),%ecx
-	addl	%ebp,%edx
-
-	movl	%edi,%ebp
-	xorl	4(%esp),%ecx
-	xorl	%esi,%ebp
-	xorl	28(%esp),%ecx
-	xorl	%eax,%ebp
-	xorl	48(%esp),%ecx
-	roll	$1,%ecx
-	addl	%ebp,%ebx
-	rorl	$2,%edi
-	movl	%edx,%ebp
-	roll	$5,%ebp
-	movl	%ecx,60(%esp)
-	leal	3395469782(%ecx,%ebx,1),%ecx
-	movl	(%esp),%ebx
-	addl	%ebp,%ecx
-
-	movl	%edx,%ebp
-	xorl	8(%esp),%ebx
-	xorl	%edi,%ebp
-	xorl	32(%esp),%ebx
-	xorl	%esi,%ebp
-	xorl	52(%esp),%ebx
-	roll	$1,%ebx
-	addl	%ebp,%eax
-	rorl	$2,%edx
-	movl	%ecx,%ebp
-	roll	$5,%ebp
-	movl	%ebx,(%esp)
-	leal	3395469782(%ebx,%eax,1),%ebx
-	movl	4(%esp),%eax
-	addl	%ebp,%ebx
-
-	movl	%ecx,%ebp
-	xorl	12(%esp),%eax
-	xorl	%edx,%ebp
-	xorl	36(%esp),%eax
-	xorl	%edi,%ebp
-	xorl	56(%esp),%eax
-	roll	$1,%eax
-	addl	%ebp,%esi
-	rorl	$2,%ecx
-	movl	%ebx,%ebp
-	roll	$5,%ebp
-	movl	%eax,4(%esp)
-	leal	3395469782(%eax,%esi,1),%eax
-	movl	8(%esp),%esi
-	addl	%ebp,%eax
-
-	movl	%ebx,%ebp
-	xorl	16(%esp),%esi
-	xorl	%ecx,%ebp
-	xorl	40(%esp),%esi
-	xorl	%edx,%ebp
-	xorl	60(%esp),%esi
-	roll	$1,%esi
-	addl	%ebp,%edi
-	rorl	$2,%ebx
-	movl	%eax,%ebp
-	roll	$5,%ebp
-	movl	%esi,8(%esp)
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	12(%esp),%edi
-	addl	%ebp,%esi
-
-	movl	%eax,%ebp
-	xorl	20(%esp),%edi
-	xorl	%ebx,%ebp
-	xorl	44(%esp),%edi
-	xorl	%ecx,%ebp
-	xorl	(%esp),%edi
-	roll	$1,%edi
-	addl	%ebp,%edx
-	rorl	$2,%eax
-	movl	%esi,%ebp
-	roll	$5,%ebp
-	movl	%edi,12(%esp)
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	16(%esp),%edx
-	addl	%ebp,%edi
-
-	movl	%esi,%ebp
-	xorl	24(%esp),%edx
-	xorl	%eax,%ebp
-	xorl	48(%esp),%edx
-	xorl	%ebx,%ebp
-	xorl	4(%esp),%edx
-	roll	$1,%edx
-	addl	%ebp,%ecx
-	rorl	$2,%esi
-	movl	%edi,%ebp
-	roll	$5,%ebp
-	movl	%edx,16(%esp)
-	leal	3395469782(%edx,%ecx,1),%edx
-	movl	20(%esp),%ecx
-	addl	%ebp,%edx
-
-	movl	%edi,%ebp
-	xorl	28(%esp),%ecx
-	xorl	%esi,%ebp
-	xorl	52(%esp),%ecx
-	xorl	%eax,%ebp
-	xorl	8(%esp),%ecx
-	roll	$1,%ecx
-	addl	%ebp,%ebx
-	rorl	$2,%edi
-	movl	%edx,%ebp
-	roll	$5,%ebp
-	movl	%ecx,20(%esp)
-	leal	3395469782(%ecx,%ebx,1),%ecx
-	movl	24(%esp),%ebx
-	addl	%ebp,%ecx
-
-	movl	%edx,%ebp
-	xorl	32(%esp),%ebx
-	xorl	%edi,%ebp
-	xorl	56(%esp),%ebx
-	xorl	%esi,%ebp
-	xorl	12(%esp),%ebx
-	roll	$1,%ebx
-	addl	%ebp,%eax
-	rorl	$2,%edx
-	movl	%ecx,%ebp
-	roll	$5,%ebp
-	movl	%ebx,24(%esp)
-	leal	3395469782(%ebx,%eax,1),%ebx
-	movl	28(%esp),%eax
-	addl	%ebp,%ebx
-
-	movl	%ecx,%ebp
-	xorl	36(%esp),%eax
-	xorl	%edx,%ebp
-	xorl	60(%esp),%eax
-	xorl	%edi,%ebp
-	xorl	16(%esp),%eax
-	roll	$1,%eax
-	addl	%ebp,%esi
-	rorl	$2,%ecx
-	movl	%ebx,%ebp
-	roll	$5,%ebp
-	movl	%eax,28(%esp)
-	leal	3395469782(%eax,%esi,1),%eax
-	movl	32(%esp),%esi
-	addl	%ebp,%eax
-
-	movl	%ebx,%ebp
-	xorl	40(%esp),%esi
-	xorl	%ecx,%ebp
-	xorl	(%esp),%esi
-	xorl	%edx,%ebp
-	xorl	20(%esp),%esi
-	roll	$1,%esi
-	addl	%ebp,%edi
-	rorl	$2,%ebx
-	movl	%eax,%ebp
-	roll	$5,%ebp
-	movl	%esi,32(%esp)
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	36(%esp),%edi
-	addl	%ebp,%esi
-
-	movl	%eax,%ebp
-	xorl	44(%esp),%edi
-	xorl	%ebx,%ebp
-	xorl	4(%esp),%edi
-	xorl	%ecx,%ebp
-	xorl	24(%esp),%edi
-	roll	$1,%edi
-	addl	%ebp,%edx
-	rorl	$2,%eax
-	movl	%esi,%ebp
-	roll	$5,%ebp
-	movl	%edi,36(%esp)
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	40(%esp),%edx
-	addl	%ebp,%edi
-
-	movl	%esi,%ebp
-	xorl	48(%esp),%edx
-	xorl	%eax,%ebp
-	xorl	8(%esp),%edx
-	xorl	%ebx,%ebp
-	xorl	28(%esp),%edx
-	roll	$1,%edx
-	addl	%ebp,%ecx
-	rorl	$2,%esi
-	movl	%edi,%ebp
-	roll	$5,%ebp
-	movl	%edx,40(%esp)
-	leal	3395469782(%edx,%ecx,1),%edx
-	movl	44(%esp),%ecx
-	addl	%ebp,%edx
-
-	movl	%edi,%ebp
-	xorl	52(%esp),%ecx
-	xorl	%esi,%ebp
-	xorl	12(%esp),%ecx
-	xorl	%eax,%ebp
-	xorl	32(%esp),%ecx
-	roll	$1,%ecx
-	addl	%ebp,%ebx
-	rorl	$2,%edi
-	movl	%edx,%ebp
-	roll	$5,%ebp
-	movl	%ecx,44(%esp)
-	leal	3395469782(%ecx,%ebx,1),%ecx
-	movl	48(%esp),%ebx
-	addl	%ebp,%ecx
-
-	movl	%edx,%ebp
-	xorl	56(%esp),%ebx
-	xorl	%edi,%ebp
-	xorl	16(%esp),%ebx
-	xorl	%esi,%ebp
-	xorl	36(%esp),%ebx
-	roll	$1,%ebx
-	addl	%ebp,%eax
-	rorl	$2,%edx
-	movl	%ecx,%ebp
-	roll	$5,%ebp
-	movl	%ebx,48(%esp)
-	leal	3395469782(%ebx,%eax,1),%ebx
-	movl	52(%esp),%eax
-	addl	%ebp,%ebx
-
-	movl	%ecx,%ebp
-	xorl	60(%esp),%eax
-	xorl	%edx,%ebp
-	xorl	20(%esp),%eax
-	xorl	%edi,%ebp
-	xorl	40(%esp),%eax
-	roll	$1,%eax
-	addl	%ebp,%esi
-	rorl	$2,%ecx
-	movl	%ebx,%ebp
-	roll	$5,%ebp
-	leal	3395469782(%eax,%esi,1),%eax
-	movl	56(%esp),%esi
-	addl	%ebp,%eax
-
-	movl	%ebx,%ebp
-	xorl	(%esp),%esi
-	xorl	%ecx,%ebp
-	xorl	24(%esp),%esi
-	xorl	%edx,%ebp
-	xorl	44(%esp),%esi
-	roll	$1,%esi
-	addl	%ebp,%edi
-	rorl	$2,%ebx
-	movl	%eax,%ebp
-	roll	$5,%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	60(%esp),%edi
-	addl	%ebp,%esi
-
-	movl	%eax,%ebp
-	xorl	4(%esp),%edi
-	xorl	%ebx,%ebp
-	xorl	28(%esp),%edi
-	xorl	%ecx,%ebp
-	xorl	48(%esp),%edi
-	roll	$1,%edi
-	addl	%ebp,%edx
-	rorl	$2,%eax
-	movl	%esi,%ebp
-	roll	$5,%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	addl	%ebp,%edi
-	movl	96(%esp),%ebp
-	movl	100(%esp),%edx
-	addl	(%ebp),%edi
-	addl	4(%ebp),%esi
-	addl	8(%ebp),%eax
-	addl	12(%ebp),%ebx
-	addl	16(%ebp),%ecx
-	movl	%edi,(%ebp)
-	addl	$64,%edx
-	movl	%esi,4(%ebp)
-	cmpl	104(%esp),%edx
-	movl	%eax,8(%ebp)
-	movl	%ecx,%edi
-	movl	%ebx,12(%ebp)
-	movl	%edx,%esi
-	movl	%ecx,16(%ebp)
-	jb	.L002loop
-	addl	$76,%esp
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	sha1_block_data_order,.-.L_sha1_block_data_order_begin
-.type	_sha1_block_data_order_ssse3,@function
-.align	16
-_sha1_block_data_order_ssse3:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	call	.L003pic_point
-.L003pic_point:
-	popl	%ebp
-	leal	.LK_XX_XX-.L003pic_point(%ebp),%ebp
-.Lssse3_shortcut:
-	movdqa	(%ebp),%xmm7
-	movdqa	16(%ebp),%xmm0
-	movdqa	32(%ebp),%xmm1
-	movdqa	48(%ebp),%xmm2
-	movdqa	64(%ebp),%xmm6
-	movl	20(%esp),%edi
-	movl	24(%esp),%ebp
-	movl	28(%esp),%edx
-	movl	%esp,%esi
-	subl	$208,%esp
-	andl	$-64,%esp
-	movdqa	%xmm0,112(%esp)
-	movdqa	%xmm1,128(%esp)
-	movdqa	%xmm2,144(%esp)
-	shll	$6,%edx
-	movdqa	%xmm7,160(%esp)
-	addl	%ebp,%edx
-	movdqa	%xmm6,176(%esp)
-	addl	$64,%ebp
-	movl	%edi,192(%esp)
-	movl	%ebp,196(%esp)
-	movl	%edx,200(%esp)
-	movl	%esi,204(%esp)
-	movl	(%edi),%eax
-	movl	4(%edi),%ebx
-	movl	8(%edi),%ecx
-	movl	12(%edi),%edx
-	movl	16(%edi),%edi
-	movl	%ebx,%esi
-	movdqu	-64(%ebp),%xmm0
-	movdqu	-48(%ebp),%xmm1
-	movdqu	-32(%ebp),%xmm2
-	movdqu	-16(%ebp),%xmm3
-.byte	102,15,56,0,198
-.byte	102,15,56,0,206
-.byte	102,15,56,0,214
-	movdqa	%xmm7,96(%esp)
-.byte	102,15,56,0,222
-	paddd	%xmm7,%xmm0
-	paddd	%xmm7,%xmm1
-	paddd	%xmm7,%xmm2
-	movdqa	%xmm0,(%esp)
-	psubd	%xmm7,%xmm0
-	movdqa	%xmm1,16(%esp)
-	psubd	%xmm7,%xmm1
-	movdqa	%xmm2,32(%esp)
-	psubd	%xmm7,%xmm2
-	movdqa	%xmm1,%xmm4
-	jmp	.L004loop
-.align	16
-.L004loop:
-	addl	(%esp),%edi
-	xorl	%edx,%ecx
-.byte	102,15,58,15,224,8
-	movdqa	%xmm3,%xmm6
-	movl	%eax,%ebp
-	roll	$5,%eax
-	paddd	%xmm3,%xmm7
-	movdqa	%xmm0,64(%esp)
-	andl	%ecx,%esi
-	xorl	%edx,%ecx
-	psrldq	$4,%xmm6
-	xorl	%edx,%esi
-	addl	%eax,%edi
-	pxor	%xmm0,%xmm4
-	rorl	$2,%ebx
-	addl	%esi,%edi
-	pxor	%xmm2,%xmm6
-	addl	4(%esp),%edx
-	xorl	%ecx,%ebx
-	movl	%edi,%esi
-	roll	$5,%edi
-	pxor	%xmm6,%xmm4
-	andl	%ebx,%ebp
-	xorl	%ecx,%ebx
-	movdqa	%xmm7,48(%esp)
-	xorl	%ecx,%ebp
-	addl	%edi,%edx
-	movdqa	%xmm4,%xmm0
-	movdqa	%xmm4,%xmm6
-	rorl	$7,%eax
-	addl	%ebp,%edx
-	addl	8(%esp),%ecx
-	xorl	%ebx,%eax
-	pslldq	$12,%xmm0
-	paddd	%xmm4,%xmm4
-	movl	%edx,%ebp
-	roll	$5,%edx
-	andl	%eax,%esi
-	xorl	%ebx,%eax
-	psrld	$31,%xmm6
-	xorl	%ebx,%esi
-	addl	%edx,%ecx
-	movdqa	%xmm0,%xmm7
-	rorl	$7,%edi
-	addl	%esi,%ecx
-	psrld	$30,%xmm0
-	por	%xmm6,%xmm4
-	addl	12(%esp),%ebx
-	xorl	%eax,%edi
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	pslld	$2,%xmm7
-	pxor	%xmm0,%xmm4
-	andl	%edi,%ebp
-	xorl	%eax,%edi
-	movdqa	96(%esp),%xmm0
-	xorl	%eax,%ebp
-	addl	%ecx,%ebx
-	pxor	%xmm7,%xmm4
-	movdqa	%xmm2,%xmm5
-	rorl	$7,%edx
-	addl	%ebp,%ebx
-	addl	16(%esp),%eax
-	xorl	%edi,%edx
-.byte	102,15,58,15,233,8
-	movdqa	%xmm4,%xmm7
-	movl	%ebx,%ebp
-	roll	$5,%ebx
-	paddd	%xmm4,%xmm0
-	movdqa	%xmm1,80(%esp)
-	andl	%edx,%esi
-	xorl	%edi,%edx
-	psrldq	$4,%xmm7
-	xorl	%edi,%esi
-	addl	%ebx,%eax
-	pxor	%xmm1,%xmm5
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	pxor	%xmm3,%xmm7
-	addl	20(%esp),%edi
-	xorl	%edx,%ecx
-	movl	%eax,%esi
-	roll	$5,%eax
-	pxor	%xmm7,%xmm5
-	andl	%ecx,%ebp
-	xorl	%edx,%ecx
-	movdqa	%xmm0,(%esp)
-	xorl	%edx,%ebp
-	addl	%eax,%edi
-	movdqa	%xmm5,%xmm1
-	movdqa	%xmm5,%xmm7
-	rorl	$7,%ebx
-	addl	%ebp,%edi
-	addl	24(%esp),%edx
-	xorl	%ecx,%ebx
-	pslldq	$12,%xmm1
-	paddd	%xmm5,%xmm5
-	movl	%edi,%ebp
-	roll	$5,%edi
-	andl	%ebx,%esi
-	xorl	%ecx,%ebx
-	psrld	$31,%xmm7
-	xorl	%ecx,%esi
-	addl	%edi,%edx
-	movdqa	%xmm1,%xmm0
-	rorl	$7,%eax
-	addl	%esi,%edx
-	psrld	$30,%xmm1
-	por	%xmm7,%xmm5
-	addl	28(%esp),%ecx
-	xorl	%ebx,%eax
-	movl	%edx,%esi
-	roll	$5,%edx
-	pslld	$2,%xmm0
-	pxor	%xmm1,%xmm5
-	andl	%eax,%ebp
-	xorl	%ebx,%eax
-	movdqa	112(%esp),%xmm1
-	xorl	%ebx,%ebp
-	addl	%edx,%ecx
-	pxor	%xmm0,%xmm5
-	movdqa	%xmm3,%xmm6
-	rorl	$7,%edi
-	addl	%ebp,%ecx
-	addl	32(%esp),%ebx
-	xorl	%eax,%edi
-.byte	102,15,58,15,242,8
-	movdqa	%xmm5,%xmm0
-	movl	%ecx,%ebp
-	roll	$5,%ecx
-	paddd	%xmm5,%xmm1
-	movdqa	%xmm2,96(%esp)
-	andl	%edi,%esi
-	xorl	%eax,%edi
-	psrldq	$4,%xmm0
-	xorl	%eax,%esi
-	addl	%ecx,%ebx
-	pxor	%xmm2,%xmm6
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	pxor	%xmm4,%xmm0
-	addl	36(%esp),%eax
-	xorl	%edi,%edx
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	pxor	%xmm0,%xmm6
-	andl	%edx,%ebp
-	xorl	%edi,%edx
-	movdqa	%xmm1,16(%esp)
-	xorl	%edi,%ebp
-	addl	%ebx,%eax
-	movdqa	%xmm6,%xmm2
-	movdqa	%xmm6,%xmm0
-	rorl	$7,%ecx
-	addl	%ebp,%eax
-	addl	40(%esp),%edi
-	xorl	%edx,%ecx
-	pslldq	$12,%xmm2
-	paddd	%xmm6,%xmm6
-	movl	%eax,%ebp
-	roll	$5,%eax
-	andl	%ecx,%esi
-	xorl	%edx,%ecx
-	psrld	$31,%xmm0
-	xorl	%edx,%esi
-	addl	%eax,%edi
-	movdqa	%xmm2,%xmm1
-	rorl	$7,%ebx
-	addl	%esi,%edi
-	psrld	$30,%xmm2
-	por	%xmm0,%xmm6
-	addl	44(%esp),%edx
-	xorl	%ecx,%ebx
-	movdqa	64(%esp),%xmm0
-	movl	%edi,%esi
-	roll	$5,%edi
-	pslld	$2,%xmm1
-	pxor	%xmm2,%xmm6
-	andl	%ebx,%ebp
-	xorl	%ecx,%ebx
-	movdqa	112(%esp),%xmm2
-	xorl	%ecx,%ebp
-	addl	%edi,%edx
-	pxor	%xmm1,%xmm6
-	movdqa	%xmm4,%xmm7
-	rorl	$7,%eax
-	addl	%ebp,%edx
-	addl	48(%esp),%ecx
-	xorl	%ebx,%eax
-.byte	102,15,58,15,251,8
-	movdqa	%xmm6,%xmm1
-	movl	%edx,%ebp
-	roll	$5,%edx
-	paddd	%xmm6,%xmm2
-	movdqa	%xmm3,64(%esp)
-	andl	%eax,%esi
-	xorl	%ebx,%eax
-	psrldq	$4,%xmm1
-	xorl	%ebx,%esi
-	addl	%edx,%ecx
-	pxor	%xmm3,%xmm7
-	rorl	$7,%edi
-	addl	%esi,%ecx
-	pxor	%xmm5,%xmm1
-	addl	52(%esp),%ebx
-	xorl	%eax,%edi
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	pxor	%xmm1,%xmm7
-	andl	%edi,%ebp
-	xorl	%eax,%edi
-	movdqa	%xmm2,32(%esp)
-	xorl	%eax,%ebp
-	addl	%ecx,%ebx
-	movdqa	%xmm7,%xmm3
-	movdqa	%xmm7,%xmm1
-	rorl	$7,%edx
-	addl	%ebp,%ebx
-	addl	56(%esp),%eax
-	xorl	%edi,%edx
-	pslldq	$12,%xmm3
-	paddd	%xmm7,%xmm7
-	movl	%ebx,%ebp
-	roll	$5,%ebx
-	andl	%edx,%esi
-	xorl	%edi,%edx
-	psrld	$31,%xmm1
-	xorl	%edi,%esi
-	addl	%ebx,%eax
-	movdqa	%xmm3,%xmm2
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	psrld	$30,%xmm3
-	por	%xmm1,%xmm7
-	addl	60(%esp),%edi
-	xorl	%edx,%ecx
-	movdqa	80(%esp),%xmm1
-	movl	%eax,%esi
-	roll	$5,%eax
-	pslld	$2,%xmm2
-	pxor	%xmm3,%xmm7
-	andl	%ecx,%ebp
-	xorl	%edx,%ecx
-	movdqa	112(%esp),%xmm3
-	xorl	%edx,%ebp
-	addl	%eax,%edi
-	pxor	%xmm2,%xmm7
-	rorl	$7,%ebx
-	addl	%ebp,%edi
-	movdqa	%xmm7,%xmm2
-	addl	(%esp),%edx
-	pxor	%xmm4,%xmm0
-.byte	102,15,58,15,214,8
-	xorl	%ecx,%ebx
-	movl	%edi,%ebp
-	roll	$5,%edi
-	pxor	%xmm1,%xmm0
-	movdqa	%xmm4,80(%esp)
-	andl	%ebx,%esi
-	xorl	%ecx,%ebx
-	movdqa	%xmm3,%xmm4
-	paddd	%xmm7,%xmm3
-	xorl	%ecx,%esi
-	addl	%edi,%edx
-	pxor	%xmm2,%xmm0
-	rorl	$7,%eax
-	addl	%esi,%edx
-	addl	4(%esp),%ecx
-	xorl	%ebx,%eax
-	movdqa	%xmm0,%xmm2
-	movdqa	%xmm3,48(%esp)
-	movl	%edx,%esi
-	roll	$5,%edx
-	andl	%eax,%ebp
-	xorl	%ebx,%eax
-	pslld	$2,%xmm0
-	xorl	%ebx,%ebp
-	addl	%edx,%ecx
-	psrld	$30,%xmm2
-	rorl	$7,%edi
-	addl	%ebp,%ecx
-	addl	8(%esp),%ebx
-	xorl	%eax,%edi
-	movl	%ecx,%ebp
-	roll	$5,%ecx
-	por	%xmm2,%xmm0
-	andl	%edi,%esi
-	xorl	%eax,%edi
-	movdqa	96(%esp),%xmm2
-	xorl	%eax,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	addl	12(%esp),%eax
-	movdqa	%xmm0,%xmm3
-	xorl	%edi,%edx
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	andl	%edx,%ebp
-	xorl	%edi,%edx
-	xorl	%edi,%ebp
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%ebp,%eax
-	addl	16(%esp),%edi
-	pxor	%xmm5,%xmm1
-.byte	102,15,58,15,223,8
-	xorl	%edx,%esi
-	movl	%eax,%ebp
-	roll	$5,%eax
-	pxor	%xmm2,%xmm1
-	movdqa	%xmm5,96(%esp)
-	xorl	%ecx,%esi
-	addl	%eax,%edi
-	movdqa	%xmm4,%xmm5
-	paddd	%xmm0,%xmm4
-	rorl	$7,%ebx
-	addl	%esi,%edi
-	pxor	%xmm3,%xmm1
-	addl	20(%esp),%edx
-	xorl	%ecx,%ebp
-	movl	%edi,%esi
-	roll	$5,%edi
-	movdqa	%xmm1,%xmm3
-	movdqa	%xmm4,(%esp)
-	xorl	%ebx,%ebp
-	addl	%edi,%edx
-	rorl	$7,%eax
-	addl	%ebp,%edx
-	pslld	$2,%xmm1
-	addl	24(%esp),%ecx
-	xorl	%ebx,%esi
-	psrld	$30,%xmm3
-	movl	%edx,%ebp
-	roll	$5,%edx
-	xorl	%eax,%esi
-	addl	%edx,%ecx
-	rorl	$7,%edi
-	addl	%esi,%ecx
-	por	%xmm3,%xmm1
-	addl	28(%esp),%ebx
-	xorl	%eax,%ebp
-	movdqa	64(%esp),%xmm3
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	xorl	%edi,%ebp
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	movdqa	%xmm1,%xmm4
-	addl	%ebp,%ebx
-	addl	32(%esp),%eax
-	pxor	%xmm6,%xmm2
-.byte	102,15,58,15,224,8
-	xorl	%edi,%esi
-	movl	%ebx,%ebp
-	roll	$5,%ebx
-	pxor	%xmm3,%xmm2
-	movdqa	%xmm6,64(%esp)
-	xorl	%edx,%esi
-	addl	%ebx,%eax
-	movdqa	128(%esp),%xmm6
-	paddd	%xmm1,%xmm5
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	pxor	%xmm4,%xmm2
-	addl	36(%esp),%edi
-	xorl	%edx,%ebp
-	movl	%eax,%esi
-	roll	$5,%eax
-	movdqa	%xmm2,%xmm4
-	movdqa	%xmm5,16(%esp)
-	xorl	%ecx,%ebp
-	addl	%eax,%edi
-	rorl	$7,%ebx
-	addl	%ebp,%edi
-	pslld	$2,%xmm2
-	addl	40(%esp),%edx
-	xorl	%ecx,%esi
-	psrld	$30,%xmm4
-	movl	%edi,%ebp
-	roll	$5,%edi
-	xorl	%ebx,%esi
-	addl	%edi,%edx
-	rorl	$7,%eax
-	addl	%esi,%edx
-	por	%xmm4,%xmm2
-	addl	44(%esp),%ecx
-	xorl	%ebx,%ebp
-	movdqa	80(%esp),%xmm4
-	movl	%edx,%esi
-	roll	$5,%edx
-	xorl	%eax,%ebp
-	addl	%edx,%ecx
-	rorl	$7,%edi
-	movdqa	%xmm2,%xmm5
-	addl	%ebp,%ecx
-	addl	48(%esp),%ebx
-	pxor	%xmm7,%xmm3
-.byte	102,15,58,15,233,8
-	xorl	%eax,%esi
-	movl	%ecx,%ebp
-	roll	$5,%ecx
-	pxor	%xmm4,%xmm3
-	movdqa	%xmm7,80(%esp)
-	xorl	%edi,%esi
-	addl	%ecx,%ebx
-	movdqa	%xmm6,%xmm7
-	paddd	%xmm2,%xmm6
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	pxor	%xmm5,%xmm3
-	addl	52(%esp),%eax
-	xorl	%edi,%ebp
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	movdqa	%xmm3,%xmm5
-	movdqa	%xmm6,32(%esp)
-	xorl	%edx,%ebp
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%ebp,%eax
-	pslld	$2,%xmm3
-	addl	56(%esp),%edi
-	xorl	%edx,%esi
-	psrld	$30,%xmm5
-	movl	%eax,%ebp
-	roll	$5,%eax
-	xorl	%ecx,%esi
-	addl	%eax,%edi
-	rorl	$7,%ebx
-	addl	%esi,%edi
-	por	%xmm5,%xmm3
-	addl	60(%esp),%edx
-	xorl	%ecx,%ebp
-	movdqa	96(%esp),%xmm5
-	movl	%edi,%esi
-	roll	$5,%edi
-	xorl	%ebx,%ebp
-	addl	%edi,%edx
-	rorl	$7,%eax
-	movdqa	%xmm3,%xmm6
-	addl	%ebp,%edx
-	addl	(%esp),%ecx
-	pxor	%xmm0,%xmm4
-.byte	102,15,58,15,242,8
-	xorl	%ebx,%esi
-	movl	%edx,%ebp
-	roll	$5,%edx
-	pxor	%xmm5,%xmm4
-	movdqa	%xmm0,96(%esp)
-	xorl	%eax,%esi
-	addl	%edx,%ecx
-	movdqa	%xmm7,%xmm0
-	paddd	%xmm3,%xmm7
-	rorl	$7,%edi
-	addl	%esi,%ecx
-	pxor	%xmm6,%xmm4
-	addl	4(%esp),%ebx
-	xorl	%eax,%ebp
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	movdqa	%xmm4,%xmm6
-	movdqa	%xmm7,48(%esp)
-	xorl	%edi,%ebp
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%ebp,%ebx
-	pslld	$2,%xmm4
-	addl	8(%esp),%eax
-	xorl	%edi,%esi
-	psrld	$30,%xmm6
-	movl	%ebx,%ebp
-	roll	$5,%ebx
-	xorl	%edx,%esi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	por	%xmm6,%xmm4
-	addl	12(%esp),%edi
-	xorl	%edx,%ebp
-	movdqa	64(%esp),%xmm6
-	movl	%eax,%esi
-	roll	$5,%eax
-	xorl	%ecx,%ebp
-	addl	%eax,%edi
-	rorl	$7,%ebx
-	movdqa	%xmm4,%xmm7
-	addl	%ebp,%edi
-	addl	16(%esp),%edx
-	pxor	%xmm1,%xmm5
-.byte	102,15,58,15,251,8
-	xorl	%ecx,%esi
-	movl	%edi,%ebp
-	roll	$5,%edi
-	pxor	%xmm6,%xmm5
-	movdqa	%xmm1,64(%esp)
-	xorl	%ebx,%esi
-	addl	%edi,%edx
-	movdqa	%xmm0,%xmm1
-	paddd	%xmm4,%xmm0
-	rorl	$7,%eax
-	addl	%esi,%edx
-	pxor	%xmm7,%xmm5
-	addl	20(%esp),%ecx
-	xorl	%ebx,%ebp
-	movl	%edx,%esi
-	roll	$5,%edx
-	movdqa	%xmm5,%xmm7
-	movdqa	%xmm0,(%esp)
-	xorl	%eax,%ebp
-	addl	%edx,%ecx
-	rorl	$7,%edi
-	addl	%ebp,%ecx
-	pslld	$2,%xmm5
-	addl	24(%esp),%ebx
-	xorl	%eax,%esi
-	psrld	$30,%xmm7
-	movl	%ecx,%ebp
-	roll	$5,%ecx
-	xorl	%edi,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	por	%xmm7,%xmm5
-	addl	28(%esp),%eax
-	xorl	%edi,%ebp
-	movdqa	80(%esp),%xmm7
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%ebp
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	movdqa	%xmm5,%xmm0
-	addl	%ebp,%eax
-	movl	%ecx,%ebp
-	pxor	%xmm2,%xmm6
-.byte	102,15,58,15,196,8
-	xorl	%edx,%ecx
-	addl	32(%esp),%edi
-	andl	%edx,%ebp
-	pxor	%xmm7,%xmm6
-	movdqa	%xmm2,80(%esp)
-	andl	%ecx,%esi
-	rorl	$7,%ebx
-	movdqa	%xmm1,%xmm2
-	paddd	%xmm5,%xmm1
-	addl	%ebp,%edi
-	movl	%eax,%ebp
-	pxor	%xmm0,%xmm6
-	roll	$5,%eax
-	addl	%esi,%edi
-	xorl	%edx,%ecx
-	addl	%eax,%edi
-	movdqa	%xmm6,%xmm0
-	movdqa	%xmm1,16(%esp)
-	movl	%ebx,%esi
-	xorl	%ecx,%ebx
-	addl	36(%esp),%edx
-	andl	%ecx,%esi
-	pslld	$2,%xmm6
-	andl	%ebx,%ebp
-	rorl	$7,%eax
-	psrld	$30,%xmm0
-	addl	%esi,%edx
-	movl	%edi,%esi
-	roll	$5,%edi
-	addl	%ebp,%edx
-	xorl	%ecx,%ebx
-	addl	%edi,%edx
-	por	%xmm0,%xmm6
-	movl	%eax,%ebp
-	xorl	%ebx,%eax
-	movdqa	96(%esp),%xmm0
-	addl	40(%esp),%ecx
-	andl	%ebx,%ebp
-	andl	%eax,%esi
-	rorl	$7,%edi
-	addl	%ebp,%ecx
-	movdqa	%xmm6,%xmm1
-	movl	%edx,%ebp
-	roll	$5,%edx
-	addl	%esi,%ecx
-	xorl	%ebx,%eax
-	addl	%edx,%ecx
-	movl	%edi,%esi
-	xorl	%eax,%edi
-	addl	44(%esp),%ebx
-	andl	%eax,%esi
-	andl	%edi,%ebp
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	addl	%ebp,%ebx
-	xorl	%eax,%edi
-	addl	%ecx,%ebx
-	movl	%edx,%ebp
-	pxor	%xmm3,%xmm7
-.byte	102,15,58,15,205,8
-	xorl	%edi,%edx
-	addl	48(%esp),%eax
-	andl	%edi,%ebp
-	pxor	%xmm0,%xmm7
-	movdqa	%xmm3,96(%esp)
-	andl	%edx,%esi
-	rorl	$7,%ecx
-	movdqa	144(%esp),%xmm3
-	paddd	%xmm6,%xmm2
-	addl	%ebp,%eax
-	movl	%ebx,%ebp
-	pxor	%xmm1,%xmm7
-	roll	$5,%ebx
-	addl	%esi,%eax
-	xorl	%edi,%edx
-	addl	%ebx,%eax
-	movdqa	%xmm7,%xmm1
-	movdqa	%xmm2,32(%esp)
-	movl	%ecx,%esi
-	xorl	%edx,%ecx
-	addl	52(%esp),%edi
-	andl	%edx,%esi
-	pslld	$2,%xmm7
-	andl	%ecx,%ebp
-	rorl	$7,%ebx
-	psrld	$30,%xmm1
-	addl	%esi,%edi
-	movl	%eax,%esi
-	roll	$5,%eax
-	addl	%ebp,%edi
-	xorl	%edx,%ecx
-	addl	%eax,%edi
-	por	%xmm1,%xmm7
-	movl	%ebx,%ebp
-	xorl	%ecx,%ebx
-	movdqa	64(%esp),%xmm1
-	addl	56(%esp),%edx
-	andl	%ecx,%ebp
-	andl	%ebx,%esi
-	rorl	$7,%eax
-	addl	%ebp,%edx
-	movdqa	%xmm7,%xmm2
-	movl	%edi,%ebp
-	roll	$5,%edi
-	addl	%esi,%edx
-	xorl	%ecx,%ebx
-	addl	%edi,%edx
-	movl	%eax,%esi
-	xorl	%ebx,%eax
-	addl	60(%esp),%ecx
-	andl	%ebx,%esi
-	andl	%eax,%ebp
-	rorl	$7,%edi
-	addl	%esi,%ecx
-	movl	%edx,%esi
-	roll	$5,%edx
-	addl	%ebp,%ecx
-	xorl	%ebx,%eax
-	addl	%edx,%ecx
-	movl	%edi,%ebp
-	pxor	%xmm4,%xmm0
-.byte	102,15,58,15,214,8
-	xorl	%eax,%edi
-	addl	(%esp),%ebx
-	andl	%eax,%ebp
-	pxor	%xmm1,%xmm0
-	movdqa	%xmm4,64(%esp)
-	andl	%edi,%esi
-	rorl	$7,%edx
-	movdqa	%xmm3,%xmm4
-	paddd	%xmm7,%xmm3
-	addl	%ebp,%ebx
-	movl	%ecx,%ebp
-	pxor	%xmm2,%xmm0
-	roll	$5,%ecx
-	addl	%esi,%ebx
-	xorl	%eax,%edi
-	addl	%ecx,%ebx
-	movdqa	%xmm0,%xmm2
-	movdqa	%xmm3,48(%esp)
-	movl	%edx,%esi
-	xorl	%edi,%edx
-	addl	4(%esp),%eax
-	andl	%edi,%esi
-	pslld	$2,%xmm0
-	andl	%edx,%ebp
-	rorl	$7,%ecx
-	psrld	$30,%xmm2
-	addl	%esi,%eax
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	addl	%ebp,%eax
-	xorl	%edi,%edx
-	addl	%ebx,%eax
-	por	%xmm2,%xmm0
-	movl	%ecx,%ebp
-	xorl	%edx,%ecx
-	movdqa	80(%esp),%xmm2
-	addl	8(%esp),%edi
-	andl	%edx,%ebp
-	andl	%ecx,%esi
-	rorl	$7,%ebx
-	addl	%ebp,%edi
-	movdqa	%xmm0,%xmm3
-	movl	%eax,%ebp
-	roll	$5,%eax
-	addl	%esi,%edi
-	xorl	%edx,%ecx
-	addl	%eax,%edi
-	movl	%ebx,%esi
-	xorl	%ecx,%ebx
-	addl	12(%esp),%edx
-	andl	%ecx,%esi
-	andl	%ebx,%ebp
-	rorl	$7,%eax
-	addl	%esi,%edx
-	movl	%edi,%esi
-	roll	$5,%edi
-	addl	%ebp,%edx
-	xorl	%ecx,%ebx
-	addl	%edi,%edx
-	movl	%eax,%ebp
-	pxor	%xmm5,%xmm1
-.byte	102,15,58,15,223,8
-	xorl	%ebx,%eax
-	addl	16(%esp),%ecx
-	andl	%ebx,%ebp
-	pxor	%xmm2,%xmm1
-	movdqa	%xmm5,80(%esp)
-	andl	%eax,%esi
-	rorl	$7,%edi
-	movdqa	%xmm4,%xmm5
-	paddd	%xmm0,%xmm4
-	addl	%ebp,%ecx
-	movl	%edx,%ebp
-	pxor	%xmm3,%xmm1
-	roll	$5,%edx
-	addl	%esi,%ecx
-	xorl	%ebx,%eax
-	addl	%edx,%ecx
-	movdqa	%xmm1,%xmm3
-	movdqa	%xmm4,(%esp)
-	movl	%edi,%esi
-	xorl	%eax,%edi
-	addl	20(%esp),%ebx
-	andl	%eax,%esi
-	pslld	$2,%xmm1
-	andl	%edi,%ebp
-	rorl	$7,%edx
-	psrld	$30,%xmm3
-	addl	%esi,%ebx
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	addl	%ebp,%ebx
-	xorl	%eax,%edi
-	addl	%ecx,%ebx
-	por	%xmm3,%xmm1
-	movl	%edx,%ebp
-	xorl	%edi,%edx
-	movdqa	96(%esp),%xmm3
-	addl	24(%esp),%eax
-	andl	%edi,%ebp
-	andl	%edx,%esi
-	rorl	$7,%ecx
-	addl	%ebp,%eax
-	movdqa	%xmm1,%xmm4
-	movl	%ebx,%ebp
-	roll	$5,%ebx
-	addl	%esi,%eax
-	xorl	%edi,%edx
-	addl	%ebx,%eax
-	movl	%ecx,%esi
-	xorl	%edx,%ecx
-	addl	28(%esp),%edi
-	andl	%edx,%esi
-	andl	%ecx,%ebp
-	rorl	$7,%ebx
-	addl	%esi,%edi
-	movl	%eax,%esi
-	roll	$5,%eax
-	addl	%ebp,%edi
-	xorl	%edx,%ecx
-	addl	%eax,%edi
-	movl	%ebx,%ebp
-	pxor	%xmm6,%xmm2
-.byte	102,15,58,15,224,8
-	xorl	%ecx,%ebx
-	addl	32(%esp),%edx
-	andl	%ecx,%ebp
-	pxor	%xmm3,%xmm2
-	movdqa	%xmm6,96(%esp)
-	andl	%ebx,%esi
-	rorl	$7,%eax
-	movdqa	%xmm5,%xmm6
-	paddd	%xmm1,%xmm5
-	addl	%ebp,%edx
-	movl	%edi,%ebp
-	pxor	%xmm4,%xmm2
-	roll	$5,%edi
-	addl	%esi,%edx
-	xorl	%ecx,%ebx
-	addl	%edi,%edx
-	movdqa	%xmm2,%xmm4
-	movdqa	%xmm5,16(%esp)
-	movl	%eax,%esi
-	xorl	%ebx,%eax
-	addl	36(%esp),%ecx
-	andl	%ebx,%esi
-	pslld	$2,%xmm2
-	andl	%eax,%ebp
-	rorl	$7,%edi
-	psrld	$30,%xmm4
-	addl	%esi,%ecx
-	movl	%edx,%esi
-	roll	$5,%edx
-	addl	%ebp,%ecx
-	xorl	%ebx,%eax
-	addl	%edx,%ecx
-	por	%xmm4,%xmm2
-	movl	%edi,%ebp
-	xorl	%eax,%edi
-	movdqa	64(%esp),%xmm4
-	addl	40(%esp),%ebx
-	andl	%eax,%ebp
-	andl	%edi,%esi
-	rorl	$7,%edx
-	addl	%ebp,%ebx
-	movdqa	%xmm2,%xmm5
-	movl	%ecx,%ebp
-	roll	$5,%ecx
-	addl	%esi,%ebx
-	xorl	%eax,%edi
-	addl	%ecx,%ebx
-	movl	%edx,%esi
-	xorl	%edi,%edx
-	addl	44(%esp),%eax
-	andl	%edi,%esi
-	andl	%edx,%ebp
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	addl	%ebp,%eax
-	xorl	%edi,%edx
-	addl	%ebx,%eax
-	addl	48(%esp),%edi
-	pxor	%xmm7,%xmm3
-.byte	102,15,58,15,233,8
-	xorl	%edx,%esi
-	movl	%eax,%ebp
-	roll	$5,%eax
-	pxor	%xmm4,%xmm3
-	movdqa	%xmm7,64(%esp)
-	xorl	%ecx,%esi
-	addl	%eax,%edi
-	movdqa	%xmm6,%xmm7
-	paddd	%xmm2,%xmm6
-	rorl	$7,%ebx
-	addl	%esi,%edi
-	pxor	%xmm5,%xmm3
-	addl	52(%esp),%edx
-	xorl	%ecx,%ebp
-	movl	%edi,%esi
-	roll	$5,%edi
-	movdqa	%xmm3,%xmm5
-	movdqa	%xmm6,32(%esp)
-	xorl	%ebx,%ebp
-	addl	%edi,%edx
-	rorl	$7,%eax
-	addl	%ebp,%edx
-	pslld	$2,%xmm3
-	addl	56(%esp),%ecx
-	xorl	%ebx,%esi
-	psrld	$30,%xmm5
-	movl	%edx,%ebp
-	roll	$5,%edx
-	xorl	%eax,%esi
-	addl	%edx,%ecx
-	rorl	$7,%edi
-	addl	%esi,%ecx
-	por	%xmm5,%xmm3
-	addl	60(%esp),%ebx
-	xorl	%eax,%ebp
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	xorl	%edi,%ebp
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%ebp,%ebx
-	addl	(%esp),%eax
-	paddd	%xmm3,%xmm7
-	xorl	%edi,%esi
-	movl	%ebx,%ebp
-	roll	$5,%ebx
-	xorl	%edx,%esi
-	movdqa	%xmm7,48(%esp)
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	addl	4(%esp),%edi
-	xorl	%edx,%ebp
-	movl	%eax,%esi
-	roll	$5,%eax
-	xorl	%ecx,%ebp
-	addl	%eax,%edi
-	rorl	$7,%ebx
-	addl	%ebp,%edi
-	addl	8(%esp),%edx
-	xorl	%ecx,%esi
-	movl	%edi,%ebp
-	roll	$5,%edi
-	xorl	%ebx,%esi
-	addl	%edi,%edx
-	rorl	$7,%eax
-	addl	%esi,%edx
-	addl	12(%esp),%ecx
-	xorl	%ebx,%ebp
-	movl	%edx,%esi
-	roll	$5,%edx
-	xorl	%eax,%ebp
-	addl	%edx,%ecx
-	rorl	$7,%edi
-	addl	%ebp,%ecx
-	movl	196(%esp),%ebp
-	cmpl	200(%esp),%ebp
-	je	.L005done
-	movdqa	160(%esp),%xmm7
-	movdqa	176(%esp),%xmm6
-	movdqu	(%ebp),%xmm0
-	movdqu	16(%ebp),%xmm1
-	movdqu	32(%ebp),%xmm2
-	movdqu	48(%ebp),%xmm3
-	addl	$64,%ebp
-.byte	102,15,56,0,198
-	movl	%ebp,196(%esp)
-	movdqa	%xmm7,96(%esp)
-	addl	16(%esp),%ebx
-	xorl	%eax,%esi
-.byte	102,15,56,0,206
-	movl	%ecx,%ebp
-	roll	$5,%ecx
-	paddd	%xmm7,%xmm0
-	xorl	%edi,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	movdqa	%xmm0,(%esp)
-	addl	20(%esp),%eax
-	xorl	%edi,%ebp
-	psubd	%xmm7,%xmm0
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%ebp
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%ebp,%eax
-	addl	24(%esp),%edi
-	xorl	%edx,%esi
-	movl	%eax,%ebp
-	roll	$5,%eax
-	xorl	%ecx,%esi
-	addl	%eax,%edi
-	rorl	$7,%ebx
-	addl	%esi,%edi
-	addl	28(%esp),%edx
-	xorl	%ecx,%ebp
-	movl	%edi,%esi
-	roll	$5,%edi
-	xorl	%ebx,%ebp
-	addl	%edi,%edx
-	rorl	$7,%eax
-	addl	%ebp,%edx
-	addl	32(%esp),%ecx
-	xorl	%ebx,%esi
-.byte	102,15,56,0,214
-	movl	%edx,%ebp
-	roll	$5,%edx
-	paddd	%xmm7,%xmm1
-	xorl	%eax,%esi
-	addl	%edx,%ecx
-	rorl	$7,%edi
-	addl	%esi,%ecx
-	movdqa	%xmm1,16(%esp)
-	addl	36(%esp),%ebx
-	xorl	%eax,%ebp
-	psubd	%xmm7,%xmm1
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	xorl	%edi,%ebp
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%ebp,%ebx
-	addl	40(%esp),%eax
-	xorl	%edi,%esi
-	movl	%ebx,%ebp
-	roll	$5,%ebx
-	xorl	%edx,%esi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	addl	44(%esp),%edi
-	xorl	%edx,%ebp
-	movl	%eax,%esi
-	roll	$5,%eax
-	xorl	%ecx,%ebp
-	addl	%eax,%edi
-	rorl	$7,%ebx
-	addl	%ebp,%edi
-	addl	48(%esp),%edx
-	xorl	%ecx,%esi
-.byte	102,15,56,0,222
-	movl	%edi,%ebp
-	roll	$5,%edi
-	paddd	%xmm7,%xmm2
-	xorl	%ebx,%esi
-	addl	%edi,%edx
-	rorl	$7,%eax
-	addl	%esi,%edx
-	movdqa	%xmm2,32(%esp)
-	addl	52(%esp),%ecx
-	xorl	%ebx,%ebp
-	psubd	%xmm7,%xmm2
-	movl	%edx,%esi
-	roll	$5,%edx
-	xorl	%eax,%ebp
-	addl	%edx,%ecx
-	rorl	$7,%edi
-	addl	%ebp,%ecx
-	addl	56(%esp),%ebx
-	xorl	%eax,%esi
-	movl	%ecx,%ebp
-	roll	$5,%ecx
-	xorl	%edi,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	addl	60(%esp),%eax
-	xorl	%edi,%ebp
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%ebp
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%ebp,%eax
-	movl	192(%esp),%ebp
-	addl	(%ebp),%eax
-	addl	4(%ebp),%esi
-	addl	8(%ebp),%ecx
-	movl	%eax,(%ebp)
-	addl	12(%ebp),%edx
-	movl	%esi,4(%ebp)
-	addl	16(%ebp),%edi
-	movl	%ecx,8(%ebp)
-	movl	%esi,%ebx
-	movl	%edx,12(%ebp)
-	movl	%edi,16(%ebp)
-	movdqa	%xmm1,%xmm4
-	jmp	.L004loop
-.align	16
-.L005done:
-	addl	16(%esp),%ebx
-	xorl	%eax,%esi
-	movl	%ecx,%ebp
-	roll	$5,%ecx
-	xorl	%edi,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	addl	20(%esp),%eax
-	xorl	%edi,%ebp
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%ebp
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%ebp,%eax
-	addl	24(%esp),%edi
-	xorl	%edx,%esi
-	movl	%eax,%ebp
-	roll	$5,%eax
-	xorl	%ecx,%esi
-	addl	%eax,%edi
-	rorl	$7,%ebx
-	addl	%esi,%edi
-	addl	28(%esp),%edx
-	xorl	%ecx,%ebp
-	movl	%edi,%esi
-	roll	$5,%edi
-	xorl	%ebx,%ebp
-	addl	%edi,%edx
-	rorl	$7,%eax
-	addl	%ebp,%edx
-	addl	32(%esp),%ecx
-	xorl	%ebx,%esi
-	movl	%edx,%ebp
-	roll	$5,%edx
-	xorl	%eax,%esi
-	addl	%edx,%ecx
-	rorl	$7,%edi
-	addl	%esi,%ecx
-	addl	36(%esp),%ebx
-	xorl	%eax,%ebp
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	xorl	%edi,%ebp
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%ebp,%ebx
-	addl	40(%esp),%eax
-	xorl	%edi,%esi
-	movl	%ebx,%ebp
-	roll	$5,%ebx
-	xorl	%edx,%esi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	addl	44(%esp),%edi
-	xorl	%edx,%ebp
-	movl	%eax,%esi
-	roll	$5,%eax
-	xorl	%ecx,%ebp
-	addl	%eax,%edi
-	rorl	$7,%ebx
-	addl	%ebp,%edi
-	addl	48(%esp),%edx
-	xorl	%ecx,%esi
-	movl	%edi,%ebp
-	roll	$5,%edi
-	xorl	%ebx,%esi
-	addl	%edi,%edx
-	rorl	$7,%eax
-	addl	%esi,%edx
-	addl	52(%esp),%ecx
-	xorl	%ebx,%ebp
-	movl	%edx,%esi
-	roll	$5,%edx
-	xorl	%eax,%ebp
-	addl	%edx,%ecx
-	rorl	$7,%edi
-	addl	%ebp,%ecx
-	addl	56(%esp),%ebx
-	xorl	%eax,%esi
-	movl	%ecx,%ebp
-	roll	$5,%ecx
-	xorl	%edi,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	addl	60(%esp),%eax
-	xorl	%edi,%ebp
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%ebp
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%ebp,%eax
-	movl	192(%esp),%ebp
-	addl	(%ebp),%eax
-	movl	204(%esp),%esp
-	addl	4(%ebp),%esi
-	addl	8(%ebp),%ecx
-	movl	%eax,(%ebp)
-	addl	12(%ebp),%edx
-	movl	%esi,4(%ebp)
-	addl	16(%ebp),%edi
-	movl	%ecx,8(%ebp)
-	movl	%edx,12(%ebp)
-	movl	%edi,16(%ebp)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	_sha1_block_data_order_ssse3,.-_sha1_block_data_order_ssse3
-.align	64
-.LK_XX_XX:
-.long	1518500249,1518500249,1518500249,1518500249
-.long	1859775393,1859775393,1859775393,1859775393
-.long	2400959708,2400959708,2400959708,2400959708
-.long	3395469782,3395469782,3395469782,3395469782
-.long	66051,67438087,134810123,202182159
-.byte	83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115
-.byte	102,111,114,109,32,102,111,114,32,120,56,54,44,32,67,82
-.byte	89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112
-.byte	114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.comm	OPENSSL_ia32cap_P,8,4
diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl
deleted file mode 100644
index 2b119ffa46..0000000000
--- a/crypto/sha/asm/sha1-586.pl
+++ /dev/null
@@ -1,1229 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# [Re]written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# "[Re]written" was achieved in two major overhauls. In 2004 BODY_*
-# functions were re-implemented to address P4 performance issue [see
-# commentary below], and in 2006 the rest was rewritten in order to
-# gain freedom to liberate licensing terms.
-
-# January, September 2004.
-#
-# It was noted that Intel IA-32 C compiler generates code which
-# performs ~30% *faster* on P4 CPU than original *hand-coded*
-# SHA1 assembler implementation. To address this problem (and
-# prove that humans are still better than machines:-), the
-# original code was overhauled, which resulted in following
-# performance changes:
-#
-#		compared with original	compared with Intel cc
-#		assembler impl.		generated code
-# Pentium	-16%			+48%
-# PIII/AMD	+8%			+16%
-# P4		+85%(!)			+45%
-#
-# As you can see Pentium came out as looser:-( Yet I reckoned that
-# improvement on P4 outweights the loss and incorporate this
-# re-tuned code to 0.9.7 and later.
-# ----------------------------------------------------------------
-#					<appro@fy.chalmers.se>
-
-# August 2009.
-#
-# George Spelvin has tipped that F_40_59(b,c,d) can be rewritten as
-# '(c&d) + (b&(c^d))', which allows to accumulate partial results
-# and lighten "pressure" on scratch registers. This resulted in
-# >12% performance improvement on contemporary AMD cores (with no
-# degradation on other CPUs:-). Also, the code was revised to maximize
-# "distance" between instructions producing input to 'lea' instruction
-# and the 'lea' instruction itself, which is essential for Intel Atom
-# core and resulted in ~15% improvement.
-
-# October 2010.
-#
-# Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
-# is to offload message schedule denoted by Wt in NIST specification,
-# or Xupdate in OpenSSL source, to SIMD unit. The idea is not novel,
-# and in SSE2 context was first explored by Dean Gaudet in 2004, see
-# http://arctic.org/~dean/crypto/sha1.html. Since then several things
-# have changed that made it interesting again:
-#
-# a) XMM units became faster and wider;
-# b) instruction set became more versatile;
-# c) an important observation was made by Max Locktykhin, which made
-#    it possible to reduce amount of instructions required to perform
-#    the operation in question, for further details see
-#    http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1/.
-
-# April 2011.
-#
-# Add AVX code path, probably most controversial... The thing is that
-# switch to AVX alone improves performance by as little as 4% in
-# comparison to SSSE3 code path. But below result doesn't look like
-# 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as
-# pair of µ-ops, and it's the additional µ-ops, two per round, that
-# make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded
-# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with
-# equivalent 'sh[rl]d' that is responsible for the impressive 5.1
-# cycles per processed byte. But 'sh[rl]d' is not something that used
-# to be fast, nor does it appear to be fast in upcoming Bulldozer
-# [according to its optimization manual]. Which is why AVX code path
-# is guarded by *both* AVX and synthetic bit denoting Intel CPUs.
-# One can argue that it's unfair to AMD, but without 'sh[rl]d' it
-# makes no sense to keep the AVX code path. If somebody feels that
-# strongly, it's probably more appropriate to discuss possibility of
-# using vector rotate XOP on AMD...
-
-######################################################################
-# Current performance is summarized in following table. Numbers are
-# CPU clock cycles spent to process single byte (less is better).
-#
-#		x86		SSSE3		AVX
-# Pentium	15.7		-
-# PIII		11.5		-
-# P4		10.6		-
-# AMD K8	7.1		-
-# Core2		7.3		6.1/+20%	-
-# Atom		12.5		9.5(*)/+32%	-
-# Westmere	7.3		5.6/+30%	-
-# Sandy Bridge	8.8		6.2/+40%	5.1(**)/+70%
-#
-# (*)	Loop is 1056 instructions long and expected result is ~8.25.
-#	It remains mystery [to me] why ILP is limited to 1.7.
-#
-# (**)	As per above comment, the result is for AVX *plus* sh[rl]d.
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");
-
-$xmm=$ymm=0;
-for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); }
-
-$ymm=1 if ($xmm &&
-		`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
-			=~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
-		$1>=2.19);	# first version supporting AVX
-
-$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" && 
-		`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
-		$1>=2.03);	# first version supporting AVX
-
-&external_label("OPENSSL_ia32cap_P") if ($xmm);
-
-
-$A="eax";
-$B="ebx";
-$C="ecx";
-$D="edx";
-$E="edi";
-$T="esi";
-$tmp1="ebp";
-
-@V=($A,$B,$C,$D,$E,$T);
-
-$alt=0;	# 1 denotes alternative IALU implementation, which performs
-	# 8% *worse* on P4, same on Westmere and Atom, 2% better on
-	# Sandy Bridge...
-
-sub BODY_00_15
-	{
-	local($n,$a,$b,$c,$d,$e,$f)=@_;
-
-	&comment("00_15 $n");
-
-	&mov($f,$c);			# f to hold F_00_19(b,c,d)
-	 if ($n==0)  { &mov($tmp1,$a); }
-	 else        { &mov($a,$tmp1); }
-	&rotl($tmp1,5);			# tmp1=ROTATE(a,5)
-	 &xor($f,$d);
-	&add($tmp1,$e);			# tmp1+=e;
-	 &mov($e,&swtmp($n%16));	# e becomes volatile and is loaded
-	 				# with xi, also note that e becomes
-					# f in next round...
-	&and($f,$b);
-	&rotr($b,2);			# b=ROTATE(b,30)
-	 &xor($f,$d);			# f holds F_00_19(b,c,d)
-	&lea($tmp1,&DWP(0x5a827999,$tmp1,$e));	# tmp1+=K_00_19+xi
-
-	if ($n==15) { &mov($e,&swtmp(($n+1)%16));# pre-fetch f for next round
-		      &add($f,$tmp1); }	# f+=tmp1
-	else        { &add($tmp1,$f); }	# f becomes a in next round
-	&mov($tmp1,$a)			if ($alt && $n==15);
-	}
-
-sub BODY_16_19
-	{
-	local($n,$a,$b,$c,$d,$e,$f)=@_;
-
-	&comment("16_19 $n");
-
-if ($alt) {
-	&xor($c,$d);
-	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
-	&and($tmp1,$c);			# tmp1 to hold F_00_19(b,c,d), b&=c^d
-	 &xor($f,&swtmp(($n+8)%16));
-	&xor($tmp1,$d);			# tmp1=F_00_19(b,c,d)
-	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
-	&rotl($f,1);			# f=ROTATE(f,1)
-	 &add($e,$tmp1);		# e+=F_00_19(b,c,d)
-	&xor($c,$d);			# restore $c
-	 &mov($tmp1,$a);		# b in next round
-	&rotr($b,$n==16?2:7);		# b=ROTATE(b,30)
-	 &mov(&swtmp($n%16),$f);	# xi=f
-	&rotl($a,5);			# ROTATE(a,5)
-	 &lea($f,&DWP(0x5a827999,$f,$e));# f+=F_00_19(b,c,d)+e
-	&mov($e,&swtmp(($n+1)%16));	# pre-fetch f for next round
-	 &add($f,$a);			# f+=ROTATE(a,5)
-} else {
-	&mov($tmp1,$c);			# tmp1 to hold F_00_19(b,c,d)
-	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
-	&xor($tmp1,$d);
-	 &xor($f,&swtmp(($n+8)%16));
-	&and($tmp1,$b);
-	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
-	&rotl($f,1);			# f=ROTATE(f,1)
-	 &xor($tmp1,$d);		# tmp1=F_00_19(b,c,d)
-	&add($e,$tmp1);			# e+=F_00_19(b,c,d)
-	 &mov($tmp1,$a);
-	&rotr($b,2);			# b=ROTATE(b,30)
-	 &mov(&swtmp($n%16),$f);	# xi=f
-	&rotl($tmp1,5);			# ROTATE(a,5)
-	 &lea($f,&DWP(0x5a827999,$f,$e));# f+=F_00_19(b,c,d)+e
-	&mov($e,&swtmp(($n+1)%16));	# pre-fetch f for next round
-	 &add($f,$tmp1);		# f+=ROTATE(a,5)
-}
-	}
-
-sub BODY_20_39
-	{
-	local($n,$a,$b,$c,$d,$e,$f)=@_;
-	local $K=($n<40)?0x6ed9eba1:0xca62c1d6;
-
-	&comment("20_39 $n");
-
-if ($alt) {
-	&xor($tmp1,$c);			# tmp1 to hold F_20_39(b,c,d), b^=c
-	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
-	&xor($tmp1,$d);			# tmp1 holds F_20_39(b,c,d)
-	 &xor($f,&swtmp(($n+8)%16));
-	&add($e,$tmp1);			# e+=F_20_39(b,c,d)
-	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
-	&rotl($f,1);			# f=ROTATE(f,1)
-	 &mov($tmp1,$a);		# b in next round
-	&rotr($b,7);			# b=ROTATE(b,30)
-	 &mov(&swtmp($n%16),$f)		if($n<77);# xi=f
-	&rotl($a,5);			# ROTATE(a,5)
-	 &xor($b,$c)			if($n==39);# warm up for BODY_40_59
-	&and($tmp1,$b)			if($n==39);
-	 &lea($f,&DWP($K,$f,$e));	# f+=e+K_XX_YY
-	&mov($e,&swtmp(($n+1)%16))	if($n<79);# pre-fetch f for next round
-	 &add($f,$a);			# f+=ROTATE(a,5)
-	&rotr($a,5)			if ($n==79);
-} else {
-	&mov($tmp1,$b);			# tmp1 to hold F_20_39(b,c,d)
-	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
-	&xor($tmp1,$c);
-	 &xor($f,&swtmp(($n+8)%16));
-	&xor($tmp1,$d);			# tmp1 holds F_20_39(b,c,d)
-	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
-	&rotl($f,1);			# f=ROTATE(f,1)
-	 &add($e,$tmp1);		# e+=F_20_39(b,c,d)
-	&rotr($b,2);			# b=ROTATE(b,30)
-	 &mov($tmp1,$a);
-	&rotl($tmp1,5);			# ROTATE(a,5)
-	 &mov(&swtmp($n%16),$f) if($n<77);# xi=f
-	&lea($f,&DWP($K,$f,$e));	# f+=e+K_XX_YY
-	 &mov($e,&swtmp(($n+1)%16)) if($n<79);# pre-fetch f for next round
-	&add($f,$tmp1);			# f+=ROTATE(a,5)
-}
-	}
-
-sub BODY_40_59
-	{
-	local($n,$a,$b,$c,$d,$e,$f)=@_;
-
-	&comment("40_59 $n");
-
-if ($alt) {
-	&add($e,$tmp1);			# e+=b&(c^d)
-	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
-	&mov($tmp1,$d);
-	 &xor($f,&swtmp(($n+8)%16));
-	&xor($c,$d);			# restore $c
-	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
-	&rotl($f,1);			# f=ROTATE(f,1)
-	 &and($tmp1,$c);
-	&rotr($b,7);			# b=ROTATE(b,30)
-	 &add($e,$tmp1);		# e+=c&d
-	&mov($tmp1,$a);			# b in next round
-	 &mov(&swtmp($n%16),$f);	# xi=f
-	&rotl($a,5);			# ROTATE(a,5)
-	 &xor($b,$c)			if ($n<59);
-	&and($tmp1,$b)			if ($n<59);# tmp1 to hold F_40_59(b,c,d)
-	 &lea($f,&DWP(0x8f1bbcdc,$f,$e));# f+=K_40_59+e+(b&(c^d))
-	&mov($e,&swtmp(($n+1)%16));	# pre-fetch f for next round
-	 &add($f,$a);			# f+=ROTATE(a,5)
-} else {
-	&mov($tmp1,$c);			# tmp1 to hold F_40_59(b,c,d)
-	 &xor($f,&swtmp(($n+2)%16));	# f to hold Xupdate(xi,xa,xb,xc,xd)
-	&xor($tmp1,$d);
-	 &xor($f,&swtmp(($n+8)%16));
-	&and($tmp1,$b);
-	 &xor($f,&swtmp(($n+13)%16));	# f holds xa^xb^xc^xd
-	&rotl($f,1);			# f=ROTATE(f,1)
-	 &add($tmp1,$e);		# b&(c^d)+=e
-	&rotr($b,2);			# b=ROTATE(b,30)
-	 &mov($e,$a);			# e becomes volatile
-	&rotl($e,5);			# ROTATE(a,5)
-	 &mov(&swtmp($n%16),$f);	# xi=f
-	&lea($f,&DWP(0x8f1bbcdc,$f,$tmp1));# f+=K_40_59+e+(b&(c^d))
-	 &mov($tmp1,$c);
-	&add($f,$e);			# f+=ROTATE(a,5)
-	 &and($tmp1,$d);
-	&mov($e,&swtmp(($n+1)%16));	# pre-fetch f for next round
-	 &add($f,$tmp1);		# f+=c&d
-}
-	}
-
-&function_begin("sha1_block_data_order");
-if ($xmm) {
-  &static_label("ssse3_shortcut");
-  &static_label("avx_shortcut")		if ($ymm);
-  &static_label("K_XX_XX");
-
-	&call	(&label("pic_point"));	# make it PIC!
-  &set_label("pic_point");
-	&blindpop($tmp1);
-	&picmeup($T,"OPENSSL_ia32cap_P",$tmp1,&label("pic_point"));
-	&lea	($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
-
-	&mov	($A,&DWP(0,$T));
-	&mov	($D,&DWP(4,$T));
-	&test	($D,1<<9);		# check SSSE3 bit
-	&jz	(&label("x86"));
-	&test	($A,1<<24);		# check FXSR bit
-	&jz	(&label("x86"));
-	if ($ymm) {
-		&and	($D,1<<28);		# mask AVX bit
-		&and	($A,1<<30);		# mask "Intel CPU" bit
-		&or	($A,$D);
-		&cmp	($A,1<<28|1<<30);
-		&je	(&label("avx_shortcut"));
-	}
-	&jmp	(&label("ssse3_shortcut"));
-  &set_label("x86",16);
-}
-	&mov($tmp1,&wparam(0));	# SHA_CTX *c
-	&mov($T,&wparam(1));	# const void *input
-	&mov($A,&wparam(2));	# size_t num
-	&stack_push(16+3);	# allocate X[16]
-	&shl($A,6);
-	&add($A,$T);
-	&mov(&wparam(2),$A);	# pointer beyond the end of input
-	&mov($E,&DWP(16,$tmp1));# pre-load E
-	&jmp(&label("loop"));
-
-&set_label("loop",16);
-
-	# copy input chunk to X, but reversing byte order!
-	for ($i=0; $i<16; $i+=4)
-		{
-		&mov($A,&DWP(4*($i+0),$T));
-		&mov($B,&DWP(4*($i+1),$T));
-		&mov($C,&DWP(4*($i+2),$T));
-		&mov($D,&DWP(4*($i+3),$T));
-		&bswap($A);
-		&bswap($B);
-		&bswap($C);
-		&bswap($D);
-		&mov(&swtmp($i+0),$A);
-		&mov(&swtmp($i+1),$B);
-		&mov(&swtmp($i+2),$C);
-		&mov(&swtmp($i+3),$D);
-		}
-	&mov(&wparam(1),$T);	# redundant in 1st spin
-
-	&mov($A,&DWP(0,$tmp1));	# load SHA_CTX
-	&mov($B,&DWP(4,$tmp1));
-	&mov($C,&DWP(8,$tmp1));
-	&mov($D,&DWP(12,$tmp1));
-	# E is pre-loaded
-
-	for($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
-	for(;$i<20;$i++)	{ &BODY_16_19($i,@V); unshift(@V,pop(@V)); }
-	for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-	for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
-	for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-
-	(($V[5] eq $D) and ($V[0] eq $E)) or die;	# double-check
-
-	&mov($tmp1,&wparam(0));	# re-load SHA_CTX*
-	&mov($D,&wparam(1));	# D is last "T" and is discarded
-
-	&add($E,&DWP(0,$tmp1));	# E is last "A"...
-	&add($T,&DWP(4,$tmp1));
-	&add($A,&DWP(8,$tmp1));
-	&add($B,&DWP(12,$tmp1));
-	&add($C,&DWP(16,$tmp1));
-
-	&mov(&DWP(0,$tmp1),$E);	# update SHA_CTX
-	 &add($D,64);		# advance input pointer
-	&mov(&DWP(4,$tmp1),$T);
-	 &cmp($D,&wparam(2));	# have we reached the end yet?
-	&mov(&DWP(8,$tmp1),$A);
-	 &mov($E,$C);		# C is last "E" which needs to be "pre-loaded"
-	&mov(&DWP(12,$tmp1),$B);
-	 &mov($T,$D);		# input pointer
-	&mov(&DWP(16,$tmp1),$C);
-	&jb(&label("loop"));
-
-	&stack_pop(16+3);
-&function_end("sha1_block_data_order");
-
-if ($xmm) {
-######################################################################
-# The SSSE3 implementation.
-#
-# %xmm[0-7] are used as ring @X[] buffer containing quadruples of last
-# 32 elements of the message schedule or Xupdate outputs. First 4
-# quadruples are simply byte-swapped input, next 4 are calculated
-# according to method originally suggested by Dean Gaudet (modulo
-# being implemented in SSSE3). Once 8 quadruples or 32 elements are
-# collected, it switches to routine proposed by Max Locktyukhin.
-#
-# Calculations inevitably require temporary reqisters, and there are
-# no %xmm registers left to spare. For this reason part of the ring
-# buffer, X[2..4] to be specific, is offloaded to 3 quadriples ring
-# buffer on the stack. Keep in mind that X[2] is alias X[-6], X[3] -
-# X[-5], and X[4] - X[-4]...
-#
-# Another notable optimization is aggressive stack frame compression
-# aiming to minimize amount of 9-byte instructions...
-#
-# Yet another notable optimization is "jumping" $B variable. It means
-# that there is no register permanently allocated for $B value. This
-# allowed to eliminate one instruction from body_20_39...
-#
-my $Xi=4;			# 4xSIMD Xupdate round, start pre-seeded
-my @X=map("xmm$_",(4..7,0..3));	# pre-seeded for $Xi=4
-my @V=($A,$B,$C,$D,$E);
-my $j=0;			# hash round
-my @T=($T,$tmp1);
-my $inp;
-
-my $_rol=sub { &rol(@_) };
-my $_ror=sub { &ror(@_) };
-
-&function_begin("_sha1_block_data_order_ssse3");
-	&call	(&label("pic_point"));	# make it PIC!
-	&set_label("pic_point");
-	&blindpop($tmp1);
-	&lea	($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
-&set_label("ssse3_shortcut");
-
-	&movdqa	(@X[3],&QWP(0,$tmp1));		# K_00_19
-	&movdqa	(@X[4],&QWP(16,$tmp1));		# K_20_39
-	&movdqa	(@X[5],&QWP(32,$tmp1));		# K_40_59
-	&movdqa	(@X[6],&QWP(48,$tmp1));		# K_60_79
-	&movdqa	(@X[2],&QWP(64,$tmp1));		# pbswap mask
-
-	&mov	($E,&wparam(0));		# load argument block
-	&mov	($inp=@T[1],&wparam(1));
-	&mov	($D,&wparam(2));
-	&mov	(@T[0],"esp");
-
-	# stack frame layout
-	#
-	# +0	X[0]+K	X[1]+K	X[2]+K	X[3]+K	# XMM->IALU xfer area
-	#	X[4]+K	X[5]+K	X[6]+K	X[7]+K
-	#	X[8]+K	X[9]+K	X[10]+K	X[11]+K
-	#	X[12]+K	X[13]+K	X[14]+K	X[15]+K
-	#
-	# +64	X[0]	X[1]	X[2]	X[3]	# XMM->XMM backtrace area
-	#	X[4]	X[5]	X[6]	X[7]
-	#	X[8]	X[9]	X[10]	X[11]	# even borrowed for K_00_19
-	#
-	# +112	K_20_39	K_20_39	K_20_39	K_20_39	# constants
-	#	K_40_59	K_40_59	K_40_59	K_40_59
-	#	K_60_79	K_60_79	K_60_79	K_60_79
-	#	K_00_19	K_00_19	K_00_19	K_00_19
-	#	pbswap mask
-	#
-	# +192	ctx				# argument block
-	# +196	inp
-	# +200	end
-	# +204	esp
-	&sub	("esp",208);
-	&and	("esp",-64);
-
-	&movdqa	(&QWP(112+0,"esp"),@X[4]);	# copy constants
-	&movdqa	(&QWP(112+16,"esp"),@X[5]);
-	&movdqa	(&QWP(112+32,"esp"),@X[6]);
-	&shl	($D,6);				# len*64
-	&movdqa	(&QWP(112+48,"esp"),@X[3]);
-	&add	($D,$inp);			# end of input
-	&movdqa	(&QWP(112+64,"esp"),@X[2]);
-	&add	($inp,64);
-	&mov	(&DWP(192+0,"esp"),$E);		# save argument block
-	&mov	(&DWP(192+4,"esp"),$inp);
-	&mov	(&DWP(192+8,"esp"),$D);
-	&mov	(&DWP(192+12,"esp"),@T[0]);	# save original %esp
-
-	&mov	($A,&DWP(0,$E));		# load context
-	&mov	($B,&DWP(4,$E));
-	&mov	($C,&DWP(8,$E));
-	&mov	($D,&DWP(12,$E));
-	&mov	($E,&DWP(16,$E));
-	&mov	(@T[0],$B);			# magic seed
-
-	&movdqu	(@X[-4&7],&QWP(-64,$inp));	# load input to %xmm[0-3]
-	&movdqu	(@X[-3&7],&QWP(-48,$inp));
-	&movdqu	(@X[-2&7],&QWP(-32,$inp));
-	&movdqu	(@X[-1&7],&QWP(-16,$inp));
-	&pshufb	(@X[-4&7],@X[2]);		# byte swap
-	&pshufb	(@X[-3&7],@X[2]);
-	&pshufb	(@X[-2&7],@X[2]);
-	&movdqa	(&QWP(112-16,"esp"),@X[3]);	# borrow last backtrace slot
-	&pshufb	(@X[-1&7],@X[2]);
-	&paddd	(@X[-4&7],@X[3]);		# add K_00_19
-	&paddd	(@X[-3&7],@X[3]);
-	&paddd	(@X[-2&7],@X[3]);
-	&movdqa	(&QWP(0,"esp"),@X[-4&7]);	# X[]+K xfer to IALU
-	&psubd	(@X[-4&7],@X[3]);		# restore X[]
-	&movdqa	(&QWP(0+16,"esp"),@X[-3&7]);
-	&psubd	(@X[-3&7],@X[3]);
-	&movdqa	(&QWP(0+32,"esp"),@X[-2&7]);
-	&psubd	(@X[-2&7],@X[3]);
-	&movdqa	(@X[0],@X[-3&7]);
-	&jmp	(&label("loop"));
-
-######################################################################
-# SSE instruction sequence is first broken to groups of indepentent
-# instructions, independent in respect to their inputs and shifter
-# (not all architectures have more than one). Then IALU instructions
-# are "knitted in" between the SSE groups. Distance is maintained for
-# SSE latency of 2 in hope that it fits better upcoming AMD Bulldozer
-# [which allegedly also implements SSSE3]...
-#
-# Temporary registers usage. X[2] is volatile at the entry and at the
-# end is restored from backtrace ring buffer. X[3] is expected to
-# contain current K_XX_XX constant and is used to caclulate X[-1]+K
-# from previous round, it becomes volatile the moment the value is
-# saved to stack for transfer to IALU. X[4] becomes volatile whenever
-# X[-4] is accumulated and offloaded to backtrace ring buffer, at the
-# end it is loaded with next K_XX_XX [which becomes X[3] in next
-# round]...
-#
-sub Xupdate_ssse3_16_31()		# recall that $Xi starts wtih 4
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&palignr(@X[0],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
-	&movdqa	(@X[2],@X[-1&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	  &paddd	(@X[3],@X[-1&7]);
-	  &movdqa	(&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&psrldq	(@X[2],4);		# "X[-3]", 3 dwords
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&pxor	(@X[0],@X[-4&7]);	# "X[0]"^="X[-16]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pxor	(@X[2],@X[-2&7]);	# "X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pxor	(@X[0],@X[2]);		# "X[0]"^="X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &movdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&movdqa	(@X[4],@X[0]);
-	&movdqa	(@X[2],@X[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pslldq	(@X[4],12);		# "X[0]"<<96, extract one dword
-	&paddd	(@X[0],@X[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&psrld	(@X[2],31);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&movdqa	(@X[3],@X[4]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&psrld	(@X[4],30);
-	&por	(@X[0],@X[2]);		# "X[0]"<<<=1
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &movdqa	(@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5);	# restore X[] from backtrace buffer
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pslld	(@X[3],2);
-	&pxor	(@X[0],@X[4]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &movdqa	(@X[4],&QWP(112-16+16*(($Xi)/5),"esp"));	# K_XX_XX
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pxor	(@X[0],@X[3]);		# "X[0]"^=("X[0]"<<96)<<<2
-	  &movdqa	(@X[1],@X[-2&7])	if ($Xi<7);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	 foreach (@insns) { eval; }	# remaining instructions [if any]
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-}
-
-sub Xupdate_ssse3_32_79()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 48 instructions
-  my ($a,$b,$c,$d,$e);
-
-	&movdqa	(@X[2],@X[-1&7])	if ($Xi==8);
-	 eval(shift(@insns));		# body_20_39
-	&pxor	(@X[0],@X[-4&7]);	# "X[0]"="X[-32]"^"X[-16]"
-	&palignr(@X[2],@X[-2&7],8);	# compose "X[-6]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-
-	&pxor	(@X[0],@X[-7&7]);	# "X[0]"^="X[-28]"
-	  &movdqa	(&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);	# save X[] to backtrace buffer
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 if ($Xi%5) {
-	  &movdqa	(@X[4],@X[3]);	# "perpetuate" K_XX_XX...
-	 } else {			# ... or load next one
-	  &movdqa	(@X[4],&QWP(112-16+16*($Xi/5),"esp"));
-	 }
-	  &paddd	(@X[3],@X[-1&7]);
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&pxor	(@X[0],@X[2]);		# "X[0]"^="X[-6]"
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-
-	&movdqa	(@X[2],@X[0]);
-	  &movdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&pslld	(@X[0],2);
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	&psrld	(@X[2],30);
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&por	(@X[0],@X[2]);		# "X[0]"<<<=2
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	  &movdqa	(@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if($Xi<19);	# restore X[] from backtrace buffer
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	  &movdqa	(@X[3],@X[0])	if ($Xi<19);
-	 eval(shift(@insns));
-
-	 foreach (@insns) { eval; }	# remaining instructions
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-}
-
-sub Xuplast_ssse3_80()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	  &paddd	(@X[3],@X[-1&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	  &movdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer IALU
-
-	 foreach (@insns) { eval; }		# remaining instructions
-
-	&mov	($inp=@T[1],&DWP(192+4,"esp"));
-	&cmp	($inp,&DWP(192+8,"esp"));
-	&je	(&label("done"));
-
-	&movdqa	(@X[3],&QWP(112+48,"esp"));	# K_00_19
-	&movdqa	(@X[2],&QWP(112+64,"esp"));	# pbswap mask
-	&movdqu	(@X[-4&7],&QWP(0,$inp));	# load input
-	&movdqu	(@X[-3&7],&QWP(16,$inp));
-	&movdqu	(@X[-2&7],&QWP(32,$inp));
-	&movdqu	(@X[-1&7],&QWP(48,$inp));
-	&add	($inp,64);
-	&pshufb	(@X[-4&7],@X[2]);		# byte swap
-	&mov	(&DWP(192+4,"esp"),$inp);
-	&movdqa	(&QWP(112-16,"esp"),@X[3]);	# borrow last backtrace slot
-
-  $Xi=0;
-}
-
-sub Xloop_ssse3()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&pshufb	(@X[($Xi-3)&7],@X[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&paddd	(@X[($Xi-4)&7],@X[3]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&movdqa	(&QWP(0+16*$Xi,"esp"),@X[($Xi-4)&7]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&psubd	(@X[($Xi-4)&7],@X[3]);
-
-	foreach (@insns) { eval; }
-  $Xi++;
-}
-
-sub Xtail_ssse3()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	foreach (@insns) { eval; }
-}
-
-sub body_00_19 () {
-	(
-	'($a,$b,$c,$d,$e)=@V;'.
-	'&add	($e,&DWP(4*($j&15),"esp"));',	# X[]+K xfer
-	'&xor	($c,$d);',
-	'&mov	(@T[1],$a);',	# $b in next round
-	'&$_rol	($a,5);',
-	'&and	(@T[0],$c);',	# ($b&($c^$d))
-	'&xor	($c,$d);',	# restore $c
-	'&xor	(@T[0],$d);',
-	'&add	($e,$a);',
-	'&$_ror	($b,$j?7:2);',	# $b>>>2
-	'&add	($e,@T[0]);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
-	);
-}
-
-sub body_20_39 () {
-	(
-	'($a,$b,$c,$d,$e)=@V;'.
-	'&add	($e,&DWP(4*($j++&15),"esp"));',	# X[]+K xfer
-	'&xor	(@T[0],$d);',	# ($b^$d)
-	'&mov	(@T[1],$a);',	# $b in next round
-	'&$_rol	($a,5);',
-	'&xor	(@T[0],$c);',	# ($b^$d^$c)
-	'&add	($e,$a);',
-	'&$_ror	($b,7);',	# $b>>>2
-	'&add	($e,@T[0]);'	.'unshift(@V,pop(@V)); unshift(@T,pop(@T));'
-	);
-}
-
-sub body_40_59 () {
-	(
-	'($a,$b,$c,$d,$e)=@V;'.
-	'&mov	(@T[1],$c);',
-	'&xor	($c,$d);',
-	'&add	($e,&DWP(4*($j++&15),"esp"));',	# X[]+K xfer
-	'&and	(@T[1],$d);',
-	'&and	(@T[0],$c);',	# ($b&($c^$d))
-	'&$_ror	($b,7);',	# $b>>>2
-	'&add	($e,@T[1]);',
-	'&mov	(@T[1],$a);',	# $b in next round
-	'&$_rol	($a,5);',
-	'&add	($e,@T[0]);',
-	'&xor	($c,$d);',	# restore $c
-	'&add	($e,$a);'	.'unshift(@V,pop(@V)); unshift(@T,pop(@T));'
-	);
-}
-
-&set_label("loop",16);
-	&Xupdate_ssse3_16_31(\&body_00_19);
-	&Xupdate_ssse3_16_31(\&body_00_19);
-	&Xupdate_ssse3_16_31(\&body_00_19);
-	&Xupdate_ssse3_16_31(\&body_00_19);
-	&Xupdate_ssse3_32_79(\&body_00_19);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xuplast_ssse3_80(\&body_20_39);	# can jump to "done"
-
-				$saved_j=$j; @saved_V=@V;
-
-	&Xloop_ssse3(\&body_20_39);
-	&Xloop_ssse3(\&body_20_39);
-	&Xloop_ssse3(\&body_20_39);
-
-	&mov	(@T[1],&DWP(192,"esp"));	# update context
-	&add	($A,&DWP(0,@T[1]));
-	&add	(@T[0],&DWP(4,@T[1]));		# $b
-	&add	($C,&DWP(8,@T[1]));
-	&mov	(&DWP(0,@T[1]),$A);
-	&add	($D,&DWP(12,@T[1]));
-	&mov	(&DWP(4,@T[1]),@T[0]);
-	&add	($E,&DWP(16,@T[1]));
-	&mov	(&DWP(8,@T[1]),$C);
-	&mov	($B,@T[0]);
-	&mov	(&DWP(12,@T[1]),$D);
-	&mov	(&DWP(16,@T[1]),$E);
-	&movdqa	(@X[0],@X[-3&7]);
-
-	&jmp	(&label("loop"));
-
-&set_label("done",16);		$j=$saved_j; @V=@saved_V;
-
-	&Xtail_ssse3(\&body_20_39);
-	&Xtail_ssse3(\&body_20_39);
-	&Xtail_ssse3(\&body_20_39);
-
-	&mov	(@T[1],&DWP(192,"esp"));	# update context
-	&add	($A,&DWP(0,@T[1]));
-	&mov	("esp",&DWP(192+12,"esp"));	# restore %esp
-	&add	(@T[0],&DWP(4,@T[1]));		# $b
-	&add	($C,&DWP(8,@T[1]));
-	&mov	(&DWP(0,@T[1]),$A);
-	&add	($D,&DWP(12,@T[1]));
-	&mov	(&DWP(4,@T[1]),@T[0]);
-	&add	($E,&DWP(16,@T[1]));
-	&mov	(&DWP(8,@T[1]),$C);
-	&mov	(&DWP(12,@T[1]),$D);
-	&mov	(&DWP(16,@T[1]),$E);
-
-&function_end("_sha1_block_data_order_ssse3");
-
-if ($ymm) {
-my $Xi=4;			# 4xSIMD Xupdate round, start pre-seeded
-my @X=map("xmm$_",(4..7,0..3));	# pre-seeded for $Xi=4
-my @V=($A,$B,$C,$D,$E);
-my $j=0;			# hash round
-my @T=($T,$tmp1);
-my $inp;
-
-my $_rol=sub { &shld(@_[0],@_) };
-my $_ror=sub { &shrd(@_[0],@_) };
-
-&function_begin("_sha1_block_data_order_avx");
-	&call	(&label("pic_point"));	# make it PIC!
-	&set_label("pic_point");
-	&blindpop($tmp1);
-	&lea	($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
-&set_label("avx_shortcut");
-	&vzeroall();
-
-	&vmovdqa(@X[3],&QWP(0,$tmp1));		# K_00_19
-	&vmovdqa(@X[4],&QWP(16,$tmp1));		# K_20_39
-	&vmovdqa(@X[5],&QWP(32,$tmp1));		# K_40_59
-	&vmovdqa(@X[6],&QWP(48,$tmp1));		# K_60_79
-	&vmovdqa(@X[2],&QWP(64,$tmp1));		# pbswap mask
-
-	&mov	($E,&wparam(0));		# load argument block
-	&mov	($inp=@T[1],&wparam(1));
-	&mov	($D,&wparam(2));
-	&mov	(@T[0],"esp");
-
-	# stack frame layout
-	#
-	# +0	X[0]+K	X[1]+K	X[2]+K	X[3]+K	# XMM->IALU xfer area
-	#	X[4]+K	X[5]+K	X[6]+K	X[7]+K
-	#	X[8]+K	X[9]+K	X[10]+K	X[11]+K
-	#	X[12]+K	X[13]+K	X[14]+K	X[15]+K
-	#
-	# +64	X[0]	X[1]	X[2]	X[3]	# XMM->XMM backtrace area
-	#	X[4]	X[5]	X[6]	X[7]
-	#	X[8]	X[9]	X[10]	X[11]	# even borrowed for K_00_19
-	#
-	# +112	K_20_39	K_20_39	K_20_39	K_20_39	# constants
-	#	K_40_59	K_40_59	K_40_59	K_40_59
-	#	K_60_79	K_60_79	K_60_79	K_60_79
-	#	K_00_19	K_00_19	K_00_19	K_00_19
-	#	pbswap mask
-	#
-	# +192	ctx				# argument block
-	# +196	inp
-	# +200	end
-	# +204	esp
-	&sub	("esp",208);
-	&and	("esp",-64);
-
-	&vmovdqa(&QWP(112+0,"esp"),@X[4]);	# copy constants
-	&vmovdqa(&QWP(112+16,"esp"),@X[5]);
-	&vmovdqa(&QWP(112+32,"esp"),@X[6]);
-	&shl	($D,6);				# len*64
-	&vmovdqa(&QWP(112+48,"esp"),@X[3]);
-	&add	($D,$inp);			# end of input
-	&vmovdqa(&QWP(112+64,"esp"),@X[2]);
-	&add	($inp,64);
-	&mov	(&DWP(192+0,"esp"),$E);		# save argument block
-	&mov	(&DWP(192+4,"esp"),$inp);
-	&mov	(&DWP(192+8,"esp"),$D);
-	&mov	(&DWP(192+12,"esp"),@T[0]);	# save original %esp
-
-	&mov	($A,&DWP(0,$E));		# load context
-	&mov	($B,&DWP(4,$E));
-	&mov	($C,&DWP(8,$E));
-	&mov	($D,&DWP(12,$E));
-	&mov	($E,&DWP(16,$E));
-	&mov	(@T[0],$B);			# magic seed
-
-	&vmovdqu(@X[-4&7],&QWP(-64,$inp));	# load input to %xmm[0-3]
-	&vmovdqu(@X[-3&7],&QWP(-48,$inp));
-	&vmovdqu(@X[-2&7],&QWP(-32,$inp));
-	&vmovdqu(@X[-1&7],&QWP(-16,$inp));
-	&vpshufb(@X[-4&7],@X[-4&7],@X[2]);	# byte swap
-	&vpshufb(@X[-3&7],@X[-3&7],@X[2]);
-	&vpshufb(@X[-2&7],@X[-2&7],@X[2]);
-	&vmovdqa(&QWP(112-16,"esp"),@X[3]);	# borrow last backtrace slot
-	&vpshufb(@X[-1&7],@X[-1&7],@X[2]);
-	&vpaddd	(@X[0],@X[-4&7],@X[3]);		# add K_00_19
-	&vpaddd	(@X[1],@X[-3&7],@X[3]);
-	&vpaddd	(@X[2],@X[-2&7],@X[3]);
-	&vmovdqa(&QWP(0,"esp"),@X[0]);		# X[]+K xfer to IALU
-	&vmovdqa(&QWP(0+16,"esp"),@X[1]);
-	&vmovdqa(&QWP(0+32,"esp"),@X[2]);
-	&jmp	(&label("loop"));
-
-sub Xupdate_avx_16_31()		# recall that $Xi starts wtih 4
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	  &vpaddd	(@X[3],@X[3],@X[-1&7]);
-	  &vmovdqa	(&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpsrldq(@X[2],@X[-1&7],4);		# "X[-3]", 3 dwords
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpxor	(@X[2],@X[2],@X[-2&7]);		# "X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vmovdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpxor	(@X[0],@X[0],@X[2]);		# "X[0]"^="X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpsrld	(@X[2],@X[0],31);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpslldq(@X[4],@X[0],12);		# "X[0]"<<96, extract one dword
-	&vpaddd	(@X[0],@X[0],@X[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpsrld	(@X[3],@X[4],30);
-	&vpor	(@X[0],@X[0],@X[2]);		# "X[0]"<<<=1
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpslld	(@X[4],@X[4],2);
-	  &vmovdqa	(@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5);	# restore X[] from backtrace buffer
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpxor	(@X[0],@X[0],@X[3]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpxor	(@X[0],@X[0],@X[4]);		# "X[0]"^=("X[0]"<<96)<<<2
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vmovdqa	(@X[4],&QWP(112-16+16*(($Xi)/5),"esp"));	# K_XX_XX
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	 foreach (@insns) { eval; }	# remaining instructions [if any]
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-}
-
-sub Xupdate_avx_32_79()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 48 instructions
-  my ($a,$b,$c,$d,$e);
-
-	&vpalignr(@X[2],@X[-1&7],@X[-2&7],8);	# compose "X[-6]"
-	&vpxor	(@X[0],@X[0],@X[-4&7]);	# "X[0]"="X[-32]"^"X[-16]"
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-
-	&vpxor	(@X[0],@X[0],@X[-7&7]);	# "X[0]"^="X[-28]"
-	  &vmovdqa	(&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);	# save X[] to backtrace buffer
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 if ($Xi%5) {
-	  &vmovdqa	(@X[4],@X[3]);	# "perpetuate" K_XX_XX...
-	 } else {			# ... or load next one
-	  &vmovdqa	(@X[4],&QWP(112-16+16*($Xi/5),"esp"));
-	 }
-	  &vpaddd	(@X[3],@X[3],@X[-1&7]);
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&vpxor	(@X[0],@X[0],@X[2]);		# "X[0]"^="X[-6]"
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-
-	&vpsrld	(@X[2],@X[0],30);
-	  &vmovdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&vpslld	(@X[0],@X[0],2);
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&vpor	(@X[0],@X[0],@X[2]);	# "X[0]"<<<=2
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	  &vmovdqa	(@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if($Xi<19);	# restore X[] from backtrace buffer
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	 foreach (@insns) { eval; }	# remaining instructions
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-}
-
-sub Xuplast_avx_80()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	  &vpaddd	(@X[3],@X[3],@X[-1&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	  &vmovdqa	(&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);	# X[]+K xfer IALU
-
-	 foreach (@insns) { eval; }		# remaining instructions
-
-	&mov	($inp=@T[1],&DWP(192+4,"esp"));
-	&cmp	($inp,&DWP(192+8,"esp"));
-	&je	(&label("done"));
-
-	&vmovdqa(@X[3],&QWP(112+48,"esp"));	# K_00_19
-	&vmovdqa(@X[2],&QWP(112+64,"esp"));	# pbswap mask
-	&vmovdqu(@X[-4&7],&QWP(0,$inp));	# load input
-	&vmovdqu(@X[-3&7],&QWP(16,$inp));
-	&vmovdqu(@X[-2&7],&QWP(32,$inp));
-	&vmovdqu(@X[-1&7],&QWP(48,$inp));
-	&add	($inp,64);
-	&vpshufb(@X[-4&7],@X[-4&7],@X[2]);		# byte swap
-	&mov	(&DWP(192+4,"esp"),$inp);
-	&vmovdqa(&QWP(112-16,"esp"),@X[3]);	# borrow last backtrace slot
-
-  $Xi=0;
-}
-
-sub Xloop_avx()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpshufb	(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpaddd	(@X[$Xi&7],@X[($Xi-4)&7],@X[3]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vmovdqa	(&QWP(0+16*$Xi,"esp"),@X[$Xi&7]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	foreach (@insns) { eval; }
-  $Xi++;
-}
-
-sub Xtail_avx()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	foreach (@insns) { eval; }
-}
-
-&set_label("loop",16);
-	&Xupdate_avx_16_31(\&body_00_19);
-	&Xupdate_avx_16_31(\&body_00_19);
-	&Xupdate_avx_16_31(\&body_00_19);
-	&Xupdate_avx_16_31(\&body_00_19);
-	&Xupdate_avx_32_79(\&body_00_19);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xuplast_avx_80(\&body_20_39);	# can jump to "done"
-
-				$saved_j=$j; @saved_V=@V;
-
-	&Xloop_avx(\&body_20_39);
-	&Xloop_avx(\&body_20_39);
-	&Xloop_avx(\&body_20_39);
-
-	&mov	(@T[1],&DWP(192,"esp"));	# update context
-	&add	($A,&DWP(0,@T[1]));
-	&add	(@T[0],&DWP(4,@T[1]));		# $b
-	&add	($C,&DWP(8,@T[1]));
-	&mov	(&DWP(0,@T[1]),$A);
-	&add	($D,&DWP(12,@T[1]));
-	&mov	(&DWP(4,@T[1]),@T[0]);
-	&add	($E,&DWP(16,@T[1]));
-	&mov	(&DWP(8,@T[1]),$C);
-	&mov	($B,@T[0]);
-	&mov	(&DWP(12,@T[1]),$D);
-	&mov	(&DWP(16,@T[1]),$E);
-
-	&jmp	(&label("loop"));
-
-&set_label("done",16);		$j=$saved_j; @V=@saved_V;
-
-	&Xtail_avx(\&body_20_39);
-	&Xtail_avx(\&body_20_39);
-	&Xtail_avx(\&body_20_39);
-
-	&vzeroall();
-
-	&mov	(@T[1],&DWP(192,"esp"));	# update context
-	&add	($A,&DWP(0,@T[1]));
-	&mov	("esp",&DWP(192+12,"esp"));	# restore %esp
-	&add	(@T[0],&DWP(4,@T[1]));		# $b
-	&add	($C,&DWP(8,@T[1]));
-	&mov	(&DWP(0,@T[1]),$A);
-	&add	($D,&DWP(12,@T[1]));
-	&mov	(&DWP(4,@T[1]),@T[0]);
-	&add	($E,&DWP(16,@T[1]));
-	&mov	(&DWP(8,@T[1]),$C);
-	&mov	(&DWP(12,@T[1]),$D);
-	&mov	(&DWP(16,@T[1]),$E);
-&function_end("_sha1_block_data_order_avx");
-}
-&set_label("K_XX_XX",64);
-&data_word(0x5a827999,0x5a827999,0x5a827999,0x5a827999);	# K_00_19
-&data_word(0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1);	# K_20_39
-&data_word(0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc);	# K_40_59
-&data_word(0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6);	# K_60_79
-&data_word(0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f);	# pbswap mask
-}
-&asciz("SHA1 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
-
-&asm_finish();
diff --git a/crypto/sha/asm/sha1-alpha.pl b/crypto/sha/asm/sha1-alpha.pl
deleted file mode 100644
index 6c4b9251fd..0000000000
--- a/crypto/sha/asm/sha1-alpha.pl
+++ /dev/null
@@ -1,322 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# SHA1 block procedure for Alpha.
-
-# On 21264 performance is 33% better than code generated by vendor
-# compiler, and 75% better than GCC [3.4], and in absolute terms is
-# 8.7 cycles per processed byte. Implementation features vectorized
-# byte swap, but not Xupdate.
-
-@X=(	"\$0",	"\$1",	"\$2",	"\$3",	"\$4",	"\$5",	"\$6",	"\$7",
-	"\$8",	"\$9",	"\$10",	"\$11",	"\$12",	"\$13",	"\$14",	"\$15");
-$ctx="a0";	# $16
-$inp="a1";
-$num="a2";
-$A="a3";
-$B="a4";	# 20
-$C="a5";
-$D="t8";
-$E="t9";	@V=($A,$B,$C,$D,$E);
-$t0="t10";	# 24
-$t1="t11";
-$t2="ra";
-$t3="t12";
-$K="AT";	# 28
-
-sub BODY_00_19 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-$code.=<<___ if ($i==0);
-	ldq_u	@X[0],0+0($inp)
-	ldq_u	@X[1],0+7($inp)
-___
-$code.=<<___ if (!($i&1) && $i<14);
-	ldq_u	@X[$i+2],($i+2)*4+0($inp)
-	ldq_u	@X[$i+3],($i+2)*4+7($inp)
-___
-$code.=<<___ if (!($i&1) && $i<15);
-	extql	@X[$i],$inp,@X[$i]
-	extqh	@X[$i+1],$inp,@X[$i+1]
-
-	or	@X[$i+1],@X[$i],@X[$i]	# pair of 32-bit values are fetched
-
-	srl	@X[$i],24,$t0		# vectorized byte swap
-	srl	@X[$i],8,$t2
-
-	sll	@X[$i],8,$t3
-	sll	@X[$i],24,@X[$i]
-	zapnot	$t0,0x11,$t0
-	zapnot	$t2,0x22,$t2
-
-	zapnot	@X[$i],0x88,@X[$i]
-	or	$t0,$t2,$t0
-	zapnot	$t3,0x44,$t3
-	sll	$a,5,$t1
-
-	or	@X[$i],$t0,@X[$i]
-	addl	$K,$e,$e
-	and	$b,$c,$t2
-	zapnot	$a,0xf,$a
-
-	or	@X[$i],$t3,@X[$i]
-	srl	$a,27,$t0
-	bic	$d,$b,$t3
-	sll	$b,30,$b
-
-	extll	@X[$i],4,@X[$i+1]	# extract upper half
-	or	$t2,$t3,$t2
-	addl	@X[$i],$e,$e
-
-	addl	$t1,$e,$e
-	srl	$b,32,$t3
-	zapnot	@X[$i],0xf,@X[$i]
-
-	addl	$t0,$e,$e
-	addl	$t2,$e,$e
-	or	$t3,$b,$b
-___
-$code.=<<___ if (($i&1) && $i<15);
-	sll	$a,5,$t1
-	addl	$K,$e,$e
-	and	$b,$c,$t2
-	zapnot	$a,0xf,$a
-
-	srl	$a,27,$t0
-	addl	@X[$i%16],$e,$e
-	bic	$d,$b,$t3
-	sll	$b,30,$b
-
-	or	$t2,$t3,$t2
-	addl	$t1,$e,$e
-	srl	$b,32,$t3
-	zapnot	@X[$i],0xf,@X[$i]
-
-	addl	$t0,$e,$e
-	addl	$t2,$e,$e
-	or	$t3,$b,$b
-___
-$code.=<<___ if ($i>=15);	# with forward Xupdate
-	sll	$a,5,$t1
-	addl	$K,$e,$e
-	and	$b,$c,$t2
-	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
-
-	zapnot	$a,0xf,$a
-	addl	@X[$i%16],$e,$e
-	bic	$d,$b,$t3
-	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
-
-	srl	$a,27,$t0
-	addl	$t1,$e,$e
-	or	$t2,$t3,$t2
-	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
-
-	sll	$b,30,$b
-	addl	$t0,$e,$e
-	srl	@X[$j%16],31,$t1
-
-	addl	$t2,$e,$e
-	srl	$b,32,$t3
-	addl	@X[$j%16],@X[$j%16],@X[$j%16]
-
-	or	$t3,$b,$b
-	zapnot	@X[$i%16],0xf,@X[$i%16]
-	or	$t1,@X[$j%16],@X[$j%16]
-___
-}
-
-sub BODY_20_39 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-$code.=<<___ if ($i<79);	# with forward Xupdate
-	sll	$a,5,$t1
-	addl	$K,$e,$e
-	zapnot	$a,0xf,$a
-	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
-
-	sll	$b,30,$t3
-	addl	$t1,$e,$e
-	xor	$b,$c,$t2
-	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
-
-	srl	$b,2,$b
-	addl	@X[$i%16],$e,$e
-	xor	$d,$t2,$t2
-	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
-
-	srl	@X[$j%16],31,$t1
-	addl	$t2,$e,$e
-	srl	$a,27,$t0
-	addl	@X[$j%16],@X[$j%16],@X[$j%16]
-
-	or	$t3,$b,$b
-	addl	$t0,$e,$e
-	or	$t1,@X[$j%16],@X[$j%16]
-___
-$code.=<<___ if ($i<77);
-	zapnot	@X[$i%16],0xf,@X[$i%16]
-___
-$code.=<<___ if ($i==79);	# with context fetch
-	sll	$a,5,$t1
-	addl	$K,$e,$e
-	zapnot	$a,0xf,$a
-	ldl	@X[0],0($ctx)
-
-	sll	$b,30,$t3
-	addl	$t1,$e,$e
-	xor	$b,$c,$t2
-	ldl	@X[1],4($ctx)
-
-	srl	$b,2,$b
-	addl	@X[$i%16],$e,$e
-	xor	$d,$t2,$t2
-	ldl	@X[2],8($ctx)
-
-	srl	$a,27,$t0
-	addl	$t2,$e,$e
-	ldl	@X[3],12($ctx)
-
-	or	$t3,$b,$b
-	addl	$t0,$e,$e
-	ldl	@X[4],16($ctx)
-___
-}
-
-sub BODY_40_59 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-$code.=<<___;	# with forward Xupdate
-	sll	$a,5,$t1
-	addl	$K,$e,$e
-	zapnot	$a,0xf,$a
-	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
-
-	srl	$a,27,$t0
-	and	$b,$c,$t2
-	and	$b,$d,$t3
-	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
-
-	sll	$b,30,$b
-	addl	$t1,$e,$e
-	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
-
-	srl	@X[$j%16],31,$t1
-	addl	$t0,$e,$e
-	or	$t2,$t3,$t2
-	and	$c,$d,$t3
-
-	or	$t2,$t3,$t2
-	srl	$b,32,$t3
-	addl	@X[$i%16],$e,$e
-	addl	@X[$j%16],@X[$j%16],@X[$j%16]
-
-	or	$t3,$b,$b
-	addl	$t2,$e,$e
-	or	$t1,@X[$j%16],@X[$j%16]
-	zapnot	@X[$i%16],0xf,@X[$i%16]
-___
-}
-
-$code=<<___;
-#ifdef __linux__
-#include <asm/regdef.h>
-#else
-#include <asm.h>
-#include <regdef.h>
-#endif
-
-.text
-
-.set	noat
-.set	noreorder
-.globl	sha1_block_data_order
-.align	5
-.ent	sha1_block_data_order
-sha1_block_data_order:
-	lda	sp,-64(sp)
-	stq	ra,0(sp)
-	stq	s0,8(sp)
-	stq	s1,16(sp)
-	stq	s2,24(sp)
-	stq	s3,32(sp)
-	stq	s4,40(sp)
-	stq	s5,48(sp)
-	stq	fp,56(sp)
-	.mask	0x0400fe00,-64
-	.frame	sp,64,ra
-	.prologue 0
-
-	ldl	$A,0($ctx)
-	ldl	$B,4($ctx)
-	sll	$num,6,$num
-	ldl	$C,8($ctx)
-	ldl	$D,12($ctx)
-	ldl	$E,16($ctx)
-	addq	$inp,$num,$num
-
-.Lloop:
-	.set	noreorder
-	ldah	$K,23170(zero)
-	zapnot	$B,0xf,$B
-	lda	$K,31129($K)	# K_00_19
-___
-for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
-
-$code.=<<___;
-	ldah	$K,28378(zero)
-	lda	$K,-5215($K)	# K_20_39
-___
-for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-
-$code.=<<___;
-	ldah	$K,-28900(zero)
-	lda	$K,-17188($K)	# K_40_59
-___
-for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
-
-$code.=<<___;
-	ldah	$K,-13725(zero)
-	lda	$K,-15914($K)	# K_60_79
-___
-for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-
-$code.=<<___;
-	addl	@X[0],$A,$A
-	addl	@X[1],$B,$B
-	addl	@X[2],$C,$C
-	addl	@X[3],$D,$D
-	addl	@X[4],$E,$E
-	stl	$A,0($ctx)
-	stl	$B,4($ctx)
-	addq	$inp,64,$inp
-	stl	$C,8($ctx)
-	stl	$D,12($ctx)
-	stl	$E,16($ctx)
-	cmpult	$inp,$num,$t1
-	bne	$t1,.Lloop
-
-	.set	noreorder
-	ldq	ra,0(sp)
-	ldq	s0,8(sp)
-	ldq	s1,16(sp)
-	ldq	s2,24(sp)
-	ldq	s3,32(sp)
-	ldq	s4,40(sp)
-	ldq	s5,48(sp)
-	ldq	fp,56(sp)
-	lda	sp,64(sp)
-	ret	(ra)
-.end	sha1_block_data_order
-.ascii	"SHA1 block transform for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
-.align	2
-___
-$output=shift and open STDOUT,">$output";
-print $code;
-close STDOUT;
diff --git a/crypto/sha/asm/sha1-armv4-large.S b/crypto/sha/asm/sha1-armv4-large.S
deleted file mode 100644
index a156288353..0000000000
--- a/crypto/sha/asm/sha1-armv4-large.S
+++ /dev/null
@@ -1,1450 +0,0 @@
-#include "arm_arch.h"
-
-.text
-.code	32
-
-.global	sha1_block_data_order
-.type	sha1_block_data_order,%function
-
-.align	5
-sha1_block_data_order:
-#if __ARM_ARCH__>=7
-	sub	r3,pc,#8		@ sha1_block_data_order
-	ldr	r12,.LOPENSSL_armcap
-	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
-	tst	r12,#ARMV8_SHA1
-	bne	.LARMv8
-	tst	r12,#ARMV7_NEON
-	bne	.LNEON
-#endif
-	stmdb	sp!,{r4-r12,lr}
-	add	r2,r1,r2,lsl#6	@ r2 to point at the end of r1
-	ldmia	r0,{r3,r4,r5,r6,r7}
-.Lloop:
-	ldr	r8,.LK_00_19
-	mov	r14,sp
-	sub	sp,sp,#15*4
-	mov	r5,r5,ror#30
-	mov	r6,r6,ror#30
-	mov	r7,r7,ror#30		@ [6]
-.L_00_15:
-#if __ARM_ARCH__<7
-	ldrb	r10,[r1,#2]
-	ldrb	r9,[r1,#3]
-	ldrb	r11,[r1,#1]
-	add	r7,r8,r7,ror#2			@ E+=K_00_19
-	ldrb	r12,[r1],#4
-	orr	r9,r9,r10,lsl#8
-	eor	r10,r5,r6			@ F_xx_xx
-	orr	r9,r9,r11,lsl#16
-	add	r7,r7,r3,ror#27			@ E+=ROR(A,27)
-	orr	r9,r9,r12,lsl#24
-#else
-	ldr	r9,[r1],#4			@ handles unaligned
-	add	r7,r8,r7,ror#2			@ E+=K_00_19
-	eor	r10,r5,r6			@ F_xx_xx
-	add	r7,r7,r3,ror#27			@ E+=ROR(A,27)
-#ifdef __ARMEL__
-	rev	r9,r9				@ byte swap
-#endif
-#endif
-	and	r10,r4,r10,ror#2
-	add	r7,r7,r9			@ E+=X[i]
-	eor	r10,r10,r6,ror#2		@ F_00_19(B,C,D)
-	str	r9,[r14,#-4]!
-	add	r7,r7,r10			@ E+=F_00_19(B,C,D)
-#if __ARM_ARCH__<7
-	ldrb	r10,[r1,#2]
-	ldrb	r9,[r1,#3]
-	ldrb	r11,[r1,#1]
-	add	r6,r8,r6,ror#2			@ E+=K_00_19
-	ldrb	r12,[r1],#4
-	orr	r9,r9,r10,lsl#8
-	eor	r10,r4,r5			@ F_xx_xx
-	orr	r9,r9,r11,lsl#16
-	add	r6,r6,r7,ror#27			@ E+=ROR(A,27)
-	orr	r9,r9,r12,lsl#24
-#else
-	ldr	r9,[r1],#4			@ handles unaligned
-	add	r6,r8,r6,ror#2			@ E+=K_00_19
-	eor	r10,r4,r5			@ F_xx_xx
-	add	r6,r6,r7,ror#27			@ E+=ROR(A,27)
-#ifdef __ARMEL__
-	rev	r9,r9				@ byte swap
-#endif
-#endif
-	and	r10,r3,r10,ror#2
-	add	r6,r6,r9			@ E+=X[i]
-	eor	r10,r10,r5,ror#2		@ F_00_19(B,C,D)
-	str	r9,[r14,#-4]!
-	add	r6,r6,r10			@ E+=F_00_19(B,C,D)
-#if __ARM_ARCH__<7
-	ldrb	r10,[r1,#2]
-	ldrb	r9,[r1,#3]
-	ldrb	r11,[r1,#1]
-	add	r5,r8,r5,ror#2			@ E+=K_00_19
-	ldrb	r12,[r1],#4
-	orr	r9,r9,r10,lsl#8
-	eor	r10,r3,r4			@ F_xx_xx
-	orr	r9,r9,r11,lsl#16
-	add	r5,r5,r6,ror#27			@ E+=ROR(A,27)
-	orr	r9,r9,r12,lsl#24
-#else
-	ldr	r9,[r1],#4			@ handles unaligned
-	add	r5,r8,r5,ror#2			@ E+=K_00_19
-	eor	r10,r3,r4			@ F_xx_xx
-	add	r5,r5,r6,ror#27			@ E+=ROR(A,27)
-#ifdef __ARMEL__
-	rev	r9,r9				@ byte swap
-#endif
-#endif
-	and	r10,r7,r10,ror#2
-	add	r5,r5,r9			@ E+=X[i]
-	eor	r10,r10,r4,ror#2		@ F_00_19(B,C,D)
-	str	r9,[r14,#-4]!
-	add	r5,r5,r10			@ E+=F_00_19(B,C,D)
-#if __ARM_ARCH__<7
-	ldrb	r10,[r1,#2]
-	ldrb	r9,[r1,#3]
-	ldrb	r11,[r1,#1]
-	add	r4,r8,r4,ror#2			@ E+=K_00_19
-	ldrb	r12,[r1],#4
-	orr	r9,r9,r10,lsl#8
-	eor	r10,r7,r3			@ F_xx_xx
-	orr	r9,r9,r11,lsl#16
-	add	r4,r4,r5,ror#27			@ E+=ROR(A,27)
-	orr	r9,r9,r12,lsl#24
-#else
-	ldr	r9,[r1],#4			@ handles unaligned
-	add	r4,r8,r4,ror#2			@ E+=K_00_19
-	eor	r10,r7,r3			@ F_xx_xx
-	add	r4,r4,r5,ror#27			@ E+=ROR(A,27)
-#ifdef __ARMEL__
-	rev	r9,r9				@ byte swap
-#endif
-#endif
-	and	r10,r6,r10,ror#2
-	add	r4,r4,r9			@ E+=X[i]
-	eor	r10,r10,r3,ror#2		@ F_00_19(B,C,D)
-	str	r9,[r14,#-4]!
-	add	r4,r4,r10			@ E+=F_00_19(B,C,D)
-#if __ARM_ARCH__<7
-	ldrb	r10,[r1,#2]
-	ldrb	r9,[r1,#3]
-	ldrb	r11,[r1,#1]
-	add	r3,r8,r3,ror#2			@ E+=K_00_19
-	ldrb	r12,[r1],#4
-	orr	r9,r9,r10,lsl#8
-	eor	r10,r6,r7			@ F_xx_xx
-	orr	r9,r9,r11,lsl#16
-	add	r3,r3,r4,ror#27			@ E+=ROR(A,27)
-	orr	r9,r9,r12,lsl#24
-#else
-	ldr	r9,[r1],#4			@ handles unaligned
-	add	r3,r8,r3,ror#2			@ E+=K_00_19
-	eor	r10,r6,r7			@ F_xx_xx
-	add	r3,r3,r4,ror#27			@ E+=ROR(A,27)
-#ifdef __ARMEL__
-	rev	r9,r9				@ byte swap
-#endif
-#endif
-	and	r10,r5,r10,ror#2
-	add	r3,r3,r9			@ E+=X[i]
-	eor	r10,r10,r7,ror#2		@ F_00_19(B,C,D)
-	str	r9,[r14,#-4]!
-	add	r3,r3,r10			@ E+=F_00_19(B,C,D)
-	teq	r14,sp
-	bne	.L_00_15		@ [((11+4)*5+2)*3]
-	sub	sp,sp,#25*4
-#if __ARM_ARCH__<7
-	ldrb	r10,[r1,#2]
-	ldrb	r9,[r1,#3]
-	ldrb	r11,[r1,#1]
-	add	r7,r8,r7,ror#2			@ E+=K_00_19
-	ldrb	r12,[r1],#4
-	orr	r9,r9,r10,lsl#8
-	eor	r10,r5,r6			@ F_xx_xx
-	orr	r9,r9,r11,lsl#16
-	add	r7,r7,r3,ror#27			@ E+=ROR(A,27)
-	orr	r9,r9,r12,lsl#24
-#else
-	ldr	r9,[r1],#4			@ handles unaligned
-	add	r7,r8,r7,ror#2			@ E+=K_00_19
-	eor	r10,r5,r6			@ F_xx_xx
-	add	r7,r7,r3,ror#27			@ E+=ROR(A,27)
-#ifdef __ARMEL__
-	rev	r9,r9				@ byte swap
-#endif
-#endif
-	and	r10,r4,r10,ror#2
-	add	r7,r7,r9			@ E+=X[i]
-	eor	r10,r10,r6,ror#2		@ F_00_19(B,C,D)
-	str	r9,[r14,#-4]!
-	add	r7,r7,r10			@ E+=F_00_19(B,C,D)
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r6,r8,r6,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r4,r5			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r6,r6,r7,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	and r10,r3,r10,ror#2					@ F_xx_xx
-						@ F_xx_xx
-	add	r6,r6,r9			@ E+=X[i]
-	eor	r10,r10,r5,ror#2		@ F_00_19(B,C,D)
-	add	r6,r6,r10			@ E+=F_00_19(B,C,D)
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r5,r8,r5,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r3,r4			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r5,r5,r6,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	and r10,r7,r10,ror#2					@ F_xx_xx
-						@ F_xx_xx
-	add	r5,r5,r9			@ E+=X[i]
-	eor	r10,r10,r4,ror#2		@ F_00_19(B,C,D)
-	add	r5,r5,r10			@ E+=F_00_19(B,C,D)
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r4,r8,r4,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r7,r3			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r4,r4,r5,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	and r10,r6,r10,ror#2					@ F_xx_xx
-						@ F_xx_xx
-	add	r4,r4,r9			@ E+=X[i]
-	eor	r10,r10,r3,ror#2		@ F_00_19(B,C,D)
-	add	r4,r4,r10			@ E+=F_00_19(B,C,D)
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r3,r8,r3,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r6,r7			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r3,r3,r4,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	and r10,r5,r10,ror#2					@ F_xx_xx
-						@ F_xx_xx
-	add	r3,r3,r9			@ E+=X[i]
-	eor	r10,r10,r7,ror#2		@ F_00_19(B,C,D)
-	add	r3,r3,r10			@ E+=F_00_19(B,C,D)
-
-	ldr	r8,.LK_20_39		@ [+15+16*4]
-	cmn	sp,#0			@ [+3], clear carry to denote 20_39
-.L_20_39_or_60_79:
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r7,r8,r7,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r5,r6			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r7,r7,r3,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	eor r10,r4,r10,ror#2					@ F_xx_xx
-						@ F_xx_xx
-	add	r7,r7,r9			@ E+=X[i]
-	add	r7,r7,r10			@ E+=F_20_39(B,C,D)
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r6,r8,r6,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r4,r5			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r6,r6,r7,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	eor r10,r3,r10,ror#2					@ F_xx_xx
-						@ F_xx_xx
-	add	r6,r6,r9			@ E+=X[i]
-	add	r6,r6,r10			@ E+=F_20_39(B,C,D)
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r5,r8,r5,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r3,r4			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r5,r5,r6,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	eor r10,r7,r10,ror#2					@ F_xx_xx
-						@ F_xx_xx
-	add	r5,r5,r9			@ E+=X[i]
-	add	r5,r5,r10			@ E+=F_20_39(B,C,D)
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r4,r8,r4,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r7,r3			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r4,r4,r5,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	eor r10,r6,r10,ror#2					@ F_xx_xx
-						@ F_xx_xx
-	add	r4,r4,r9			@ E+=X[i]
-	add	r4,r4,r10			@ E+=F_20_39(B,C,D)
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r3,r8,r3,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r6,r7			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r3,r3,r4,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	eor r10,r5,r10,ror#2					@ F_xx_xx
-						@ F_xx_xx
-	add	r3,r3,r9			@ E+=X[i]
-	add	r3,r3,r10			@ E+=F_20_39(B,C,D)
-	teq	r14,sp			@ preserve carry
-	bne	.L_20_39_or_60_79	@ [+((12+3)*5+2)*4]
-	bcs	.L_done			@ [+((12+3)*5+2)*4], spare 300 bytes
-
-	ldr	r8,.LK_40_59
-	sub	sp,sp,#20*4		@ [+2]
-.L_40_59:
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r7,r8,r7,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r5,r6			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r7,r7,r3,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	and r10,r4,r10,ror#2					@ F_xx_xx
-	and r11,r5,r6					@ F_xx_xx
-	add	r7,r7,r9			@ E+=X[i]
-	add	r7,r7,r10			@ E+=F_40_59(B,C,D)
-	add	r7,r7,r11,ror#2
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r6,r8,r6,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r4,r5			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r6,r6,r7,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	and r10,r3,r10,ror#2					@ F_xx_xx
-	and r11,r4,r5					@ F_xx_xx
-	add	r6,r6,r9			@ E+=X[i]
-	add	r6,r6,r10			@ E+=F_40_59(B,C,D)
-	add	r6,r6,r11,ror#2
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r5,r8,r5,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r3,r4			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r5,r5,r6,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	and r10,r7,r10,ror#2					@ F_xx_xx
-	and r11,r3,r4					@ F_xx_xx
-	add	r5,r5,r9			@ E+=X[i]
-	add	r5,r5,r10			@ E+=F_40_59(B,C,D)
-	add	r5,r5,r11,ror#2
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r4,r8,r4,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r7,r3			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r4,r4,r5,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	and r10,r6,r10,ror#2					@ F_xx_xx
-	and r11,r7,r3					@ F_xx_xx
-	add	r4,r4,r9			@ E+=X[i]
-	add	r4,r4,r10			@ E+=F_40_59(B,C,D)
-	add	r4,r4,r11,ror#2
-	ldr	r9,[r14,#15*4]
-	ldr	r10,[r14,#13*4]
-	ldr	r11,[r14,#7*4]
-	add	r3,r8,r3,ror#2			@ E+=K_xx_xx
-	ldr	r12,[r14,#2*4]
-	eor	r9,r9,r10
-	eor	r11,r11,r12			@ 1 cycle stall
-	eor	r10,r6,r7			@ F_xx_xx
-	mov	r9,r9,ror#31
-	add	r3,r3,r4,ror#27			@ E+=ROR(A,27)
-	eor	r9,r9,r11,ror#31
-	str	r9,[r14,#-4]!
-	and r10,r5,r10,ror#2					@ F_xx_xx
-	and r11,r6,r7					@ F_xx_xx
-	add	r3,r3,r9			@ E+=X[i]
-	add	r3,r3,r10			@ E+=F_40_59(B,C,D)
-	add	r3,r3,r11,ror#2
-	teq	r14,sp
-	bne	.L_40_59		@ [+((12+5)*5+2)*4]
-
-	ldr	r8,.LK_60_79
-	sub	sp,sp,#20*4
-	cmp	sp,#0			@ set carry to denote 60_79
-	b	.L_20_39_or_60_79	@ [+4], spare 300 bytes
-.L_done:
-	add	sp,sp,#80*4		@ "deallocate" stack frame
-	ldmia	r0,{r8,r9,r10,r11,r12}
-	add	r3,r8,r3
-	add	r4,r9,r4
-	add	r5,r10,r5,ror#2
-	add	r6,r11,r6,ror#2
-	add	r7,r12,r7,ror#2
-	stmia	r0,{r3,r4,r5,r6,r7}
-	teq	r1,r2
-	bne	.Lloop			@ [+18], total 1307
-
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r12,pc}
-#else
-	ldmia	sp!,{r4-r12,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
-#endif
-.size	sha1_block_data_order,.-sha1_block_data_order
-
-.align	5
-.LK_00_19:	.word	0x5a827999
-.LK_20_39:	.word	0x6ed9eba1
-.LK_40_59:	.word	0x8f1bbcdc
-.LK_60_79:	.word	0xca62c1d6
-.LOPENSSL_armcap:
-.word	OPENSSL_armcap_P-sha1_block_data_order
-.asciz	"SHA1 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by <appro@openssl.org>"
-.align	5
-#if __ARM_ARCH__>=7
-.fpu	neon
-
-.type	sha1_block_data_order_neon,%function
-.align	4
-sha1_block_data_order_neon:
-.LNEON:
-	stmdb	sp!,{r4-r12,lr}
-	add	r2,r1,r2,lsl#6	@ r2 to point at the end of r1
-	@ dmb				@ errata #451034 on early Cortex A8
-	@ vstmdb	sp!,{d8-d15}	@ ABI specification says so
-	mov	r14,sp
-	sub	sp,sp,#64		@ alloca
-	adr	r8,.LK_00_19
-	bic	sp,sp,#15		@ align for 128-bit stores
-
-	ldmia	r0,{r3,r4,r5,r6,r7}	@ load context
-	mov	r12,sp
-
-	vld1.8		{q0-q1},[r1]!	@ handles unaligned
-	veor		q15,q15,q15
-	vld1.8		{q2-q3},[r1]!
-	vld1.32		{d28[],d29[]},[r8,:32]!	@ load K_00_19
-	vrev32.8	q0,q0		@ yes, even on
-	vrev32.8	q1,q1		@ big-endian...
-	vrev32.8	q2,q2
-	vadd.i32	q8,q0,q14
-	vrev32.8	q3,q3
-	vadd.i32	q9,q1,q14
-	vst1.32		{q8},[r12,:128]!
-	vadd.i32	q10,q2,q14
-	vst1.32		{q9},[r12,:128]!
-	vst1.32		{q10},[r12,:128]!
-	ldr		r9,[sp]			@ big RAW stall
-
-.Loop_neon:
-	vext.8	q8,q0,q1,#8
-	bic	r10,r6,r4
-	add	r7,r7,r9
-	and	r11,r5,r4
-	vadd.i32	q13,q3,q14
-	ldr	r9,[sp,#4]
-	add	r7,r7,r3,ror#27
-	vext.8	q12,q3,q15,#4
-	eor	r11,r11,r10
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	veor	q8,q8,q0
-	bic	r10,r5,r3
-	add	r6,r6,r9
-	veor	q12,q12,q2
-	and	r11,r4,r3
-	ldr	r9,[sp,#8]
-	veor	q12,q12,q8
-	add	r6,r6,r7,ror#27
-	eor	r11,r11,r10
-	vst1.32	{q13},[r12,:128]!
-	sub	r12,r12,#64
-	mov	r3,r3,ror#2
-	add	r6,r6,r11
-	vext.8	q13,q15,q12,#4
-	bic	r10,r4,r7
-	add	r5,r5,r9
-	vadd.i32	q8,q12,q12
-	and	r11,r3,r7
-	ldr	r9,[sp,#12]
-	vsri.32	q8,q12,#31
-	add	r5,r5,r6,ror#27
-	eor	r11,r11,r10
-	mov	r7,r7,ror#2
-	vshr.u32	q12,q13,#30
-	add	r5,r5,r11
-	bic	r10,r3,r6
-	vshl.u32	q13,q13,#2
-	add	r4,r4,r9
-	and	r11,r7,r6
-	veor	q8,q8,q12
-	ldr	r9,[sp,#16]
-	add	r4,r4,r5,ror#27
-	veor	q8,q8,q13
-	eor	r11,r11,r10
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	vext.8	q9,q1,q2,#8
-	bic	r10,r7,r5
-	add	r3,r3,r9
-	and	r11,r6,r5
-	vadd.i32	q13,q8,q14
-	ldr	r9,[sp,#20]
-	vld1.32	{d28[],d29[]},[r8,:32]!
-	add	r3,r3,r4,ror#27
-	vext.8	q12,q8,q15,#4
-	eor	r11,r11,r10
-	mov	r5,r5,ror#2
-	add	r3,r3,r11
-	veor	q9,q9,q1
-	bic	r10,r6,r4
-	add	r7,r7,r9
-	veor	q12,q12,q3
-	and	r11,r5,r4
-	ldr	r9,[sp,#24]
-	veor	q12,q12,q9
-	add	r7,r7,r3,ror#27
-	eor	r11,r11,r10
-	vst1.32	{q13},[r12,:128]!
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	vext.8	q13,q15,q12,#4
-	bic	r10,r5,r3
-	add	r6,r6,r9
-	vadd.i32	q9,q12,q12
-	and	r11,r4,r3
-	ldr	r9,[sp,#28]
-	vsri.32	q9,q12,#31
-	add	r6,r6,r7,ror#27
-	eor	r11,r11,r10
-	mov	r3,r3,ror#2
-	vshr.u32	q12,q13,#30
-	add	r6,r6,r11
-	bic	r10,r4,r7
-	vshl.u32	q13,q13,#2
-	add	r5,r5,r9
-	and	r11,r3,r7
-	veor	q9,q9,q12
-	ldr	r9,[sp,#32]
-	add	r5,r5,r6,ror#27
-	veor	q9,q9,q13
-	eor	r11,r11,r10
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	vext.8	q10,q2,q3,#8
-	bic	r10,r3,r6
-	add	r4,r4,r9
-	and	r11,r7,r6
-	vadd.i32	q13,q9,q14
-	ldr	r9,[sp,#36]
-	add	r4,r4,r5,ror#27
-	vext.8	q12,q9,q15,#4
-	eor	r11,r11,r10
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	veor	q10,q10,q2
-	bic	r10,r7,r5
-	add	r3,r3,r9
-	veor	q12,q12,q8
-	and	r11,r6,r5
-	ldr	r9,[sp,#40]
-	veor	q12,q12,q10
-	add	r3,r3,r4,ror#27
-	eor	r11,r11,r10
-	vst1.32	{q13},[r12,:128]!
-	mov	r5,r5,ror#2
-	add	r3,r3,r11
-	vext.8	q13,q15,q12,#4
-	bic	r10,r6,r4
-	add	r7,r7,r9
-	vadd.i32	q10,q12,q12
-	and	r11,r5,r4
-	ldr	r9,[sp,#44]
-	vsri.32	q10,q12,#31
-	add	r7,r7,r3,ror#27
-	eor	r11,r11,r10
-	mov	r4,r4,ror#2
-	vshr.u32	q12,q13,#30
-	add	r7,r7,r11
-	bic	r10,r5,r3
-	vshl.u32	q13,q13,#2
-	add	r6,r6,r9
-	and	r11,r4,r3
-	veor	q10,q10,q12
-	ldr	r9,[sp,#48]
-	add	r6,r6,r7,ror#27
-	veor	q10,q10,q13
-	eor	r11,r11,r10
-	mov	r3,r3,ror#2
-	add	r6,r6,r11
-	vext.8	q11,q3,q8,#8
-	bic	r10,r4,r7
-	add	r5,r5,r9
-	and	r11,r3,r7
-	vadd.i32	q13,q10,q14
-	ldr	r9,[sp,#52]
-	add	r5,r5,r6,ror#27
-	vext.8	q12,q10,q15,#4
-	eor	r11,r11,r10
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	veor	q11,q11,q3
-	bic	r10,r3,r6
-	add	r4,r4,r9
-	veor	q12,q12,q9
-	and	r11,r7,r6
-	ldr	r9,[sp,#56]
-	veor	q12,q12,q11
-	add	r4,r4,r5,ror#27
-	eor	r11,r11,r10
-	vst1.32	{q13},[r12,:128]!
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	vext.8	q13,q15,q12,#4
-	bic	r10,r7,r5
-	add	r3,r3,r9
-	vadd.i32	q11,q12,q12
-	and	r11,r6,r5
-	ldr	r9,[sp,#60]
-	vsri.32	q11,q12,#31
-	add	r3,r3,r4,ror#27
-	eor	r11,r11,r10
-	mov	r5,r5,ror#2
-	vshr.u32	q12,q13,#30
-	add	r3,r3,r11
-	bic	r10,r6,r4
-	vshl.u32	q13,q13,#2
-	add	r7,r7,r9
-	and	r11,r5,r4
-	veor	q11,q11,q12
-	ldr	r9,[sp,#0]
-	add	r7,r7,r3,ror#27
-	veor	q11,q11,q13
-	eor	r11,r11,r10
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	vext.8	q12,q10,q11,#8
-	bic	r10,r5,r3
-	add	r6,r6,r9
-	and	r11,r4,r3
-	veor	q0,q0,q8
-	ldr	r9,[sp,#4]
-	add	r6,r6,r7,ror#27
-	veor	q0,q0,q1
-	eor	r11,r11,r10
-	mov	r3,r3,ror#2
-	vadd.i32	q13,q11,q14
-	add	r6,r6,r11
-	bic	r10,r4,r7
-	veor	q12,q12,q0
-	add	r5,r5,r9
-	and	r11,r3,r7
-	vshr.u32	q0,q12,#30
-	ldr	r9,[sp,#8]
-	add	r5,r5,r6,ror#27
-	vst1.32	{q13},[r12,:128]!
-	sub	r12,r12,#64
-	eor	r11,r11,r10
-	mov	r7,r7,ror#2
-	vsli.32	q0,q12,#2
-	add	r5,r5,r11
-	bic	r10,r3,r6
-	add	r4,r4,r9
-	and	r11,r7,r6
-	ldr	r9,[sp,#12]
-	add	r4,r4,r5,ror#27
-	eor	r11,r11,r10
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	bic	r10,r7,r5
-	add	r3,r3,r9
-	and	r11,r6,r5
-	ldr	r9,[sp,#16]
-	add	r3,r3,r4,ror#27
-	eor	r11,r11,r10
-	mov	r5,r5,ror#2
-	add	r3,r3,r11
-	vext.8	q12,q11,q0,#8
-	eor	r10,r4,r6
-	add	r7,r7,r9
-	ldr	r9,[sp,#20]
-	veor	q1,q1,q9
-	eor	r11,r10,r5
-	add	r7,r7,r3,ror#27
-	veor	q1,q1,q2
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	vadd.i32	q13,q0,q14
-	eor	r10,r3,r5
-	add	r6,r6,r9
-	veor	q12,q12,q1
-	ldr	r9,[sp,#24]
-	eor	r11,r10,r4
-	vshr.u32	q1,q12,#30
-	add	r6,r6,r7,ror#27
-	mov	r3,r3,ror#2
-	vst1.32	{q13},[r12,:128]!
-	add	r6,r6,r11
-	eor	r10,r7,r4
-	vsli.32	q1,q12,#2
-	add	r5,r5,r9
-	ldr	r9,[sp,#28]
-	eor	r11,r10,r3
-	add	r5,r5,r6,ror#27
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	eor	r10,r6,r3
-	add	r4,r4,r9
-	ldr	r9,[sp,#32]
-	eor	r11,r10,r7
-	add	r4,r4,r5,ror#27
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	vext.8	q12,q0,q1,#8
-	eor	r10,r5,r7
-	add	r3,r3,r9
-	ldr	r9,[sp,#36]
-	veor	q2,q2,q10
-	eor	r11,r10,r6
-	add	r3,r3,r4,ror#27
-	veor	q2,q2,q3
-	mov	r5,r5,ror#2
-	add	r3,r3,r11
-	vadd.i32	q13,q1,q14
-	eor	r10,r4,r6
-	vld1.32	{d28[],d29[]},[r8,:32]!
-	add	r7,r7,r9
-	veor	q12,q12,q2
-	ldr	r9,[sp,#40]
-	eor	r11,r10,r5
-	vshr.u32	q2,q12,#30
-	add	r7,r7,r3,ror#27
-	mov	r4,r4,ror#2
-	vst1.32	{q13},[r12,:128]!
-	add	r7,r7,r11
-	eor	r10,r3,r5
-	vsli.32	q2,q12,#2
-	add	r6,r6,r9
-	ldr	r9,[sp,#44]
-	eor	r11,r10,r4
-	add	r6,r6,r7,ror#27
-	mov	r3,r3,ror#2
-	add	r6,r6,r11
-	eor	r10,r7,r4
-	add	r5,r5,r9
-	ldr	r9,[sp,#48]
-	eor	r11,r10,r3
-	add	r5,r5,r6,ror#27
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	vext.8	q12,q1,q2,#8
-	eor	r10,r6,r3
-	add	r4,r4,r9
-	ldr	r9,[sp,#52]
-	veor	q3,q3,q11
-	eor	r11,r10,r7
-	add	r4,r4,r5,ror#27
-	veor	q3,q3,q8
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	vadd.i32	q13,q2,q14
-	eor	r10,r5,r7
-	add	r3,r3,r9
-	veor	q12,q12,q3
-	ldr	r9,[sp,#56]
-	eor	r11,r10,r6
-	vshr.u32	q3,q12,#30
-	add	r3,r3,r4,ror#27
-	mov	r5,r5,ror#2
-	vst1.32	{q13},[r12,:128]!
-	add	r3,r3,r11
-	eor	r10,r4,r6
-	vsli.32	q3,q12,#2
-	add	r7,r7,r9
-	ldr	r9,[sp,#60]
-	eor	r11,r10,r5
-	add	r7,r7,r3,ror#27
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	eor	r10,r3,r5
-	add	r6,r6,r9
-	ldr	r9,[sp,#0]
-	eor	r11,r10,r4
-	add	r6,r6,r7,ror#27
-	mov	r3,r3,ror#2
-	add	r6,r6,r11
-	vext.8	q12,q2,q3,#8
-	eor	r10,r7,r4
-	add	r5,r5,r9
-	ldr	r9,[sp,#4]
-	veor	q8,q8,q0
-	eor	r11,r10,r3
-	add	r5,r5,r6,ror#27
-	veor	q8,q8,q9
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	vadd.i32	q13,q3,q14
-	eor	r10,r6,r3
-	add	r4,r4,r9
-	veor	q12,q12,q8
-	ldr	r9,[sp,#8]
-	eor	r11,r10,r7
-	vshr.u32	q8,q12,#30
-	add	r4,r4,r5,ror#27
-	mov	r6,r6,ror#2
-	vst1.32	{q13},[r12,:128]!
-	sub	r12,r12,#64
-	add	r4,r4,r11
-	eor	r10,r5,r7
-	vsli.32	q8,q12,#2
-	add	r3,r3,r9
-	ldr	r9,[sp,#12]
-	eor	r11,r10,r6
-	add	r3,r3,r4,ror#27
-	mov	r5,r5,ror#2
-	add	r3,r3,r11
-	eor	r10,r4,r6
-	add	r7,r7,r9
-	ldr	r9,[sp,#16]
-	eor	r11,r10,r5
-	add	r7,r7,r3,ror#27
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	vext.8	q12,q3,q8,#8
-	eor	r10,r3,r5
-	add	r6,r6,r9
-	ldr	r9,[sp,#20]
-	veor	q9,q9,q1
-	eor	r11,r10,r4
-	add	r6,r6,r7,ror#27
-	veor	q9,q9,q10
-	mov	r3,r3,ror#2
-	add	r6,r6,r11
-	vadd.i32	q13,q8,q14
-	eor	r10,r7,r4
-	add	r5,r5,r9
-	veor	q12,q12,q9
-	ldr	r9,[sp,#24]
-	eor	r11,r10,r3
-	vshr.u32	q9,q12,#30
-	add	r5,r5,r6,ror#27
-	mov	r7,r7,ror#2
-	vst1.32	{q13},[r12,:128]!
-	add	r5,r5,r11
-	eor	r10,r6,r3
-	vsli.32	q9,q12,#2
-	add	r4,r4,r9
-	ldr	r9,[sp,#28]
-	eor	r11,r10,r7
-	add	r4,r4,r5,ror#27
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	eor	r10,r5,r7
-	add	r3,r3,r9
-	ldr	r9,[sp,#32]
-	eor	r11,r10,r6
-	add	r3,r3,r4,ror#27
-	mov	r5,r5,ror#2
-	add	r3,r3,r11
-	vext.8	q12,q8,q9,#8
-	add	r7,r7,r9
-	and	r10,r5,r6
-	ldr	r9,[sp,#36]
-	veor	q10,q10,q2
-	add	r7,r7,r3,ror#27
-	eor	r11,r5,r6
-	veor	q10,q10,q11
-	add	r7,r7,r10
-	and	r11,r11,r4
-	vadd.i32	q13,q9,q14
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	veor	q12,q12,q10
-	add	r6,r6,r9
-	and	r10,r4,r5
-	vshr.u32	q10,q12,#30
-	ldr	r9,[sp,#40]
-	add	r6,r6,r7,ror#27
-	vst1.32	{q13},[r12,:128]!
-	eor	r11,r4,r5
-	add	r6,r6,r10
-	vsli.32	q10,q12,#2
-	and	r11,r11,r3
-	mov	r3,r3,ror#2
-	add	r6,r6,r11
-	add	r5,r5,r9
-	and	r10,r3,r4
-	ldr	r9,[sp,#44]
-	add	r5,r5,r6,ror#27
-	eor	r11,r3,r4
-	add	r5,r5,r10
-	and	r11,r11,r7
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	add	r4,r4,r9
-	and	r10,r7,r3
-	ldr	r9,[sp,#48]
-	add	r4,r4,r5,ror#27
-	eor	r11,r7,r3
-	add	r4,r4,r10
-	and	r11,r11,r6
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	vext.8	q12,q9,q10,#8
-	add	r3,r3,r9
-	and	r10,r6,r7
-	ldr	r9,[sp,#52]
-	veor	q11,q11,q3
-	add	r3,r3,r4,ror#27
-	eor	r11,r6,r7
-	veor	q11,q11,q0
-	add	r3,r3,r10
-	and	r11,r11,r5
-	vadd.i32	q13,q10,q14
-	mov	r5,r5,ror#2
-	vld1.32	{d28[],d29[]},[r8,:32]!
-	add	r3,r3,r11
-	veor	q12,q12,q11
-	add	r7,r7,r9
-	and	r10,r5,r6
-	vshr.u32	q11,q12,#30
-	ldr	r9,[sp,#56]
-	add	r7,r7,r3,ror#27
-	vst1.32	{q13},[r12,:128]!
-	eor	r11,r5,r6
-	add	r7,r7,r10
-	vsli.32	q11,q12,#2
-	and	r11,r11,r4
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	add	r6,r6,r9
-	and	r10,r4,r5
-	ldr	r9,[sp,#60]
-	add	r6,r6,r7,ror#27
-	eor	r11,r4,r5
-	add	r6,r6,r10
-	and	r11,r11,r3
-	mov	r3,r3,ror#2
-	add	r6,r6,r11
-	add	r5,r5,r9
-	and	r10,r3,r4
-	ldr	r9,[sp,#0]
-	add	r5,r5,r6,ror#27
-	eor	r11,r3,r4
-	add	r5,r5,r10
-	and	r11,r11,r7
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	vext.8	q12,q10,q11,#8
-	add	r4,r4,r9
-	and	r10,r7,r3
-	ldr	r9,[sp,#4]
-	veor	q0,q0,q8
-	add	r4,r4,r5,ror#27
-	eor	r11,r7,r3
-	veor	q0,q0,q1
-	add	r4,r4,r10
-	and	r11,r11,r6
-	vadd.i32	q13,q11,q14
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	veor	q12,q12,q0
-	add	r3,r3,r9
-	and	r10,r6,r7
-	vshr.u32	q0,q12,#30
-	ldr	r9,[sp,#8]
-	add	r3,r3,r4,ror#27
-	vst1.32	{q13},[r12,:128]!
-	sub	r12,r12,#64
-	eor	r11,r6,r7
-	add	r3,r3,r10
-	vsli.32	q0,q12,#2
-	and	r11,r11,r5
-	mov	r5,r5,ror#2
-	add	r3,r3,r11
-	add	r7,r7,r9
-	and	r10,r5,r6
-	ldr	r9,[sp,#12]
-	add	r7,r7,r3,ror#27
-	eor	r11,r5,r6
-	add	r7,r7,r10
-	and	r11,r11,r4
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	add	r6,r6,r9
-	and	r10,r4,r5
-	ldr	r9,[sp,#16]
-	add	r6,r6,r7,ror#27
-	eor	r11,r4,r5
-	add	r6,r6,r10
-	and	r11,r11,r3
-	mov	r3,r3,ror#2
-	add	r6,r6,r11
-	vext.8	q12,q11,q0,#8
-	add	r5,r5,r9
-	and	r10,r3,r4
-	ldr	r9,[sp,#20]
-	veor	q1,q1,q9
-	add	r5,r5,r6,ror#27
-	eor	r11,r3,r4
-	veor	q1,q1,q2
-	add	r5,r5,r10
-	and	r11,r11,r7
-	vadd.i32	q13,q0,q14
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	veor	q12,q12,q1
-	add	r4,r4,r9
-	and	r10,r7,r3
-	vshr.u32	q1,q12,#30
-	ldr	r9,[sp,#24]
-	add	r4,r4,r5,ror#27
-	vst1.32	{q13},[r12,:128]!
-	eor	r11,r7,r3
-	add	r4,r4,r10
-	vsli.32	q1,q12,#2
-	and	r11,r11,r6
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	add	r3,r3,r9
-	and	r10,r6,r7
-	ldr	r9,[sp,#28]
-	add	r3,r3,r4,ror#27
-	eor	r11,r6,r7
-	add	r3,r3,r10
-	and	r11,r11,r5
-	mov	r5,r5,ror#2
-	add	r3,r3,r11
-	add	r7,r7,r9
-	and	r10,r5,r6
-	ldr	r9,[sp,#32]
-	add	r7,r7,r3,ror#27
-	eor	r11,r5,r6
-	add	r7,r7,r10
-	and	r11,r11,r4
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	vext.8	q12,q0,q1,#8
-	add	r6,r6,r9
-	and	r10,r4,r5
-	ldr	r9,[sp,#36]
-	veor	q2,q2,q10
-	add	r6,r6,r7,ror#27
-	eor	r11,r4,r5
-	veor	q2,q2,q3
-	add	r6,r6,r10
-	and	r11,r11,r3
-	vadd.i32	q13,q1,q14
-	mov	r3,r3,ror#2
-	add	r6,r6,r11
-	veor	q12,q12,q2
-	add	r5,r5,r9
-	and	r10,r3,r4
-	vshr.u32	q2,q12,#30
-	ldr	r9,[sp,#40]
-	add	r5,r5,r6,ror#27
-	vst1.32	{q13},[r12,:128]!
-	eor	r11,r3,r4
-	add	r5,r5,r10
-	vsli.32	q2,q12,#2
-	and	r11,r11,r7
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	add	r4,r4,r9
-	and	r10,r7,r3
-	ldr	r9,[sp,#44]
-	add	r4,r4,r5,ror#27
-	eor	r11,r7,r3
-	add	r4,r4,r10
-	and	r11,r11,r6
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	add	r3,r3,r9
-	and	r10,r6,r7
-	ldr	r9,[sp,#48]
-	add	r3,r3,r4,ror#27
-	eor	r11,r6,r7
-	add	r3,r3,r10
-	and	r11,r11,r5
-	mov	r5,r5,ror#2
-	add	r3,r3,r11
-	vext.8	q12,q1,q2,#8
-	eor	r10,r4,r6
-	add	r7,r7,r9
-	ldr	r9,[sp,#52]
-	veor	q3,q3,q11
-	eor	r11,r10,r5
-	add	r7,r7,r3,ror#27
-	veor	q3,q3,q8
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	vadd.i32	q13,q2,q14
-	eor	r10,r3,r5
-	add	r6,r6,r9
-	veor	q12,q12,q3
-	ldr	r9,[sp,#56]
-	eor	r11,r10,r4
-	vshr.u32	q3,q12,#30
-	add	r6,r6,r7,ror#27
-	mov	r3,r3,ror#2
-	vst1.32	{q13},[r12,:128]!
-	add	r6,r6,r11
-	eor	r10,r7,r4
-	vsli.32	q3,q12,#2
-	add	r5,r5,r9
-	ldr	r9,[sp,#60]
-	eor	r11,r10,r3
-	add	r5,r5,r6,ror#27
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	eor	r10,r6,r3
-	add	r4,r4,r9
-	ldr	r9,[sp,#0]
-	eor	r11,r10,r7
-	add	r4,r4,r5,ror#27
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	vadd.i32	q13,q3,q14
-	eor	r10,r5,r7
-	add	r3,r3,r9
-	vst1.32	{q13},[r12,:128]!
-	sub	r12,r12,#64
-	teq	r1,r2
-	sub	r8,r8,#16
-	subeq	r1,r1,#64
-	vld1.8	{q0-q1},[r1]!
-	ldr	r9,[sp,#4]
-	eor	r11,r10,r6
-	vld1.8	{q2-q3},[r1]!
-	add	r3,r3,r4,ror#27
-	mov	r5,r5,ror#2
-	vld1.32	{d28[],d29[]},[r8,:32]!
-	add	r3,r3,r11
-	eor	r10,r4,r6
-	vrev32.8	q0,q0
-	add	r7,r7,r9
-	ldr	r9,[sp,#8]
-	eor	r11,r10,r5
-	add	r7,r7,r3,ror#27
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	eor	r10,r3,r5
-	add	r6,r6,r9
-	ldr	r9,[sp,#12]
-	eor	r11,r10,r4
-	add	r6,r6,r7,ror#27
-	mov	r3,r3,ror#2
-	add	r6,r6,r11
-	eor	r10,r7,r4
-	add	r5,r5,r9
-	ldr	r9,[sp,#16]
-	eor	r11,r10,r3
-	add	r5,r5,r6,ror#27
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	vrev32.8	q1,q1
-	eor	r10,r6,r3
-	add	r4,r4,r9
-	vadd.i32	q8,q0,q14
-	ldr	r9,[sp,#20]
-	eor	r11,r10,r7
-	vst1.32	{q8},[r12,:128]!
-	add	r4,r4,r5,ror#27
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	eor	r10,r5,r7
-	add	r3,r3,r9
-	ldr	r9,[sp,#24]
-	eor	r11,r10,r6
-	add	r3,r3,r4,ror#27
-	mov	r5,r5,ror#2
-	add	r3,r3,r11
-	eor	r10,r4,r6
-	add	r7,r7,r9
-	ldr	r9,[sp,#28]
-	eor	r11,r10,r5
-	add	r7,r7,r3,ror#27
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	eor	r10,r3,r5
-	add	r6,r6,r9
-	ldr	r9,[sp,#32]
-	eor	r11,r10,r4
-	add	r6,r6,r7,ror#27
-	mov	r3,r3,ror#2
-	add	r6,r6,r11
-	vrev32.8	q2,q2
-	eor	r10,r7,r4
-	add	r5,r5,r9
-	vadd.i32	q9,q1,q14
-	ldr	r9,[sp,#36]
-	eor	r11,r10,r3
-	vst1.32	{q9},[r12,:128]!
-	add	r5,r5,r6,ror#27
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	eor	r10,r6,r3
-	add	r4,r4,r9
-	ldr	r9,[sp,#40]
-	eor	r11,r10,r7
-	add	r4,r4,r5,ror#27
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	eor	r10,r5,r7
-	add	r3,r3,r9
-	ldr	r9,[sp,#44]
-	eor	r11,r10,r6
-	add	r3,r3,r4,ror#27
-	mov	r5,r5,ror#2
-	add	r3,r3,r11
-	eor	r10,r4,r6
-	add	r7,r7,r9
-	ldr	r9,[sp,#48]
-	eor	r11,r10,r5
-	add	r7,r7,r3,ror#27
-	mov	r4,r4,ror#2
-	add	r7,r7,r11
-	vrev32.8	q3,q3
-	eor	r10,r3,r5
-	add	r6,r6,r9
-	vadd.i32	q10,q2,q14
-	ldr	r9,[sp,#52]
-	eor	r11,r10,r4
-	vst1.32	{q10},[r12,:128]!
-	add	r6,r6,r7,ror#27
-	mov	r3,r3,ror#2
-	add	r6,r6,r11
-	eor	r10,r7,r4
-	add	r5,r5,r9
-	ldr	r9,[sp,#56]
-	eor	r11,r10,r3
-	add	r5,r5,r6,ror#27
-	mov	r7,r7,ror#2
-	add	r5,r5,r11
-	eor	r10,r6,r3
-	add	r4,r4,r9
-	ldr	r9,[sp,#60]
-	eor	r11,r10,r7
-	add	r4,r4,r5,ror#27
-	mov	r6,r6,ror#2
-	add	r4,r4,r11
-	eor	r10,r5,r7
-	add	r3,r3,r9
-	eor	r11,r10,r6
-	add	r3,r3,r4,ror#27
-	mov	r5,r5,ror#2
-	add	r3,r3,r11
-	ldmia	r0,{r9,r10,r11,r12}	@ accumulate context
-	add	r3,r3,r9
-	ldr	r9,[r0,#16]
-	add	r4,r4,r10
-	add	r5,r5,r11
-	add	r6,r6,r12
-	moveq	sp,r14
-	add	r7,r7,r9
-	ldrne	r9,[sp]
-	stmia	r0,{r3,r4,r5,r6,r7}
-	addne	r12,sp,#3*16
-	bne	.Loop_neon
-
-	@ vldmia	sp!,{d8-d15}
-	ldmia	sp!,{r4-r12,pc}
-.size	sha1_block_data_order_neon,.-sha1_block_data_order_neon
-#endif
-#if __ARM_ARCH__>=7
-.type	sha1_block_data_order_armv8,%function
-.align	5
-sha1_block_data_order_armv8:
-.LARMv8:
-	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-
-	veor	q1,q1,q1
-	adr	r3,.LK_00_19
-	vld1.32	{q0},[r0]!
-	vld1.32	{d2[0]},[r0]
-	sub	r0,r0,#16
-	vld1.32	{d16[],d17[]},[r3,:32]!
-	vld1.32	{d18[],d19[]},[r3,:32]!
-	vld1.32	{d20[],d21[]},[r3,:32]!
-	vld1.32	{d22[],d23[]},[r3,:32]
-
-.Loop_v8:
-	vld1.8		{q4-q5},[r1]!
-	vld1.8		{q6-q7},[r1]!
-	vrev32.8	q4,q4
-	vrev32.8	q5,q5
-
-	vadd.i32	q12,q8,q4
-	vrev32.8	q6,q6
-	vmov		q14,q0	@ offload
-	subs		r2,r2,#1
-
-	vadd.i32	q13,q8,q5
-	vrev32.8	q7,q7
-	.byte	0xc0,0x62,0xb9,0xf3	@ sha1h q3,q0		@ 0
-	.byte	0x68,0x0c,0x02,0xf2	@ sha1c q0,q1,q12
-	vadd.i32	q12,q8,q6
-	.byte	0x4c,0x8c,0x3a,0xf2	@ sha1su0 q4,q5,q6
-	.byte	0xc0,0x42,0xb9,0xf3	@ sha1h q2,q0		@ 1
-	.byte	0x6a,0x0c,0x06,0xf2	@ sha1c q0,q3,q13
-	vadd.i32	q13,q8,q7
-	.byte	0x8e,0x83,0xba,0xf3	@ sha1su1 q4,q7
-	.byte	0x4e,0xac,0x3c,0xf2	@ sha1su0 q5,q6,q7
-	.byte	0xc0,0x62,0xb9,0xf3	@ sha1h q3,q0		@ 2
-	.byte	0x68,0x0c,0x04,0xf2	@ sha1c q0,q2,q12
-	vadd.i32	q12,q8,q4
-	.byte	0x88,0xa3,0xba,0xf3	@ sha1su1 q5,q4
-	.byte	0x48,0xcc,0x3e,0xf2	@ sha1su0 q6,q7,q4
-	.byte	0xc0,0x42,0xb9,0xf3	@ sha1h q2,q0		@ 3
-	.byte	0x6a,0x0c,0x06,0xf2	@ sha1c q0,q3,q13
-	vadd.i32	q13,q9,q5
-	.byte	0x8a,0xc3,0xba,0xf3	@ sha1su1 q6,q5
-	.byte	0x4a,0xec,0x38,0xf2	@ sha1su0 q7,q4,q5
-	.byte	0xc0,0x62,0xb9,0xf3	@ sha1h q3,q0		@ 4
-	.byte	0x68,0x0c,0x04,0xf2	@ sha1c q0,q2,q12
-	vadd.i32	q12,q9,q6
-	.byte	0x8c,0xe3,0xba,0xf3	@ sha1su1 q7,q6
-	.byte	0x4c,0x8c,0x3a,0xf2	@ sha1su0 q4,q5,q6
-	.byte	0xc0,0x42,0xb9,0xf3	@ sha1h q2,q0		@ 5
-	.byte	0x6a,0x0c,0x16,0xf2	@ sha1p q0,q3,q13
-	vadd.i32	q13,q9,q7
-	.byte	0x8e,0x83,0xba,0xf3	@ sha1su1 q4,q7
-	.byte	0x4e,0xac,0x3c,0xf2	@ sha1su0 q5,q6,q7
-	.byte	0xc0,0x62,0xb9,0xf3	@ sha1h q3,q0		@ 6
-	.byte	0x68,0x0c,0x14,0xf2	@ sha1p q0,q2,q12
-	vadd.i32	q12,q9,q4
-	.byte	0x88,0xa3,0xba,0xf3	@ sha1su1 q5,q4
-	.byte	0x48,0xcc,0x3e,0xf2	@ sha1su0 q6,q7,q4
-	.byte	0xc0,0x42,0xb9,0xf3	@ sha1h q2,q0		@ 7
-	.byte	0x6a,0x0c,0x16,0xf2	@ sha1p q0,q3,q13
-	vadd.i32	q13,q9,q5
-	.byte	0x8a,0xc3,0xba,0xf3	@ sha1su1 q6,q5
-	.byte	0x4a,0xec,0x38,0xf2	@ sha1su0 q7,q4,q5
-	.byte	0xc0,0x62,0xb9,0xf3	@ sha1h q3,q0		@ 8
-	.byte	0x68,0x0c,0x14,0xf2	@ sha1p q0,q2,q12
-	vadd.i32	q12,q10,q6
-	.byte	0x8c,0xe3,0xba,0xf3	@ sha1su1 q7,q6
-	.byte	0x4c,0x8c,0x3a,0xf2	@ sha1su0 q4,q5,q6
-	.byte	0xc0,0x42,0xb9,0xf3	@ sha1h q2,q0		@ 9
-	.byte	0x6a,0x0c,0x16,0xf2	@ sha1p q0,q3,q13
-	vadd.i32	q13,q10,q7
-	.byte	0x8e,0x83,0xba,0xf3	@ sha1su1 q4,q7
-	.byte	0x4e,0xac,0x3c,0xf2	@ sha1su0 q5,q6,q7
-	.byte	0xc0,0x62,0xb9,0xf3	@ sha1h q3,q0		@ 10
-	.byte	0x68,0x0c,0x24,0xf2	@ sha1m q0,q2,q12
-	vadd.i32	q12,q10,q4
-	.byte	0x88,0xa3,0xba,0xf3	@ sha1su1 q5,q4
-	.byte	0x48,0xcc,0x3e,0xf2	@ sha1su0 q6,q7,q4
-	.byte	0xc0,0x42,0xb9,0xf3	@ sha1h q2,q0		@ 11
-	.byte	0x6a,0x0c,0x26,0xf2	@ sha1m q0,q3,q13
-	vadd.i32	q13,q10,q5
-	.byte	0x8a,0xc3,0xba,0xf3	@ sha1su1 q6,q5
-	.byte	0x4a,0xec,0x38,0xf2	@ sha1su0 q7,q4,q5
-	.byte	0xc0,0x62,0xb9,0xf3	@ sha1h q3,q0		@ 12
-	.byte	0x68,0x0c,0x24,0xf2	@ sha1m q0,q2,q12
-	vadd.i32	q12,q10,q6
-	.byte	0x8c,0xe3,0xba,0xf3	@ sha1su1 q7,q6
-	.byte	0x4c,0x8c,0x3a,0xf2	@ sha1su0 q4,q5,q6
-	.byte	0xc0,0x42,0xb9,0xf3	@ sha1h q2,q0		@ 13
-	.byte	0x6a,0x0c,0x26,0xf2	@ sha1m q0,q3,q13
-	vadd.i32	q13,q11,q7
-	.byte	0x8e,0x83,0xba,0xf3	@ sha1su1 q4,q7
-	.byte	0x4e,0xac,0x3c,0xf2	@ sha1su0 q5,q6,q7
-	.byte	0xc0,0x62,0xb9,0xf3	@ sha1h q3,q0		@ 14
-	.byte	0x68,0x0c,0x24,0xf2	@ sha1m q0,q2,q12
-	vadd.i32	q12,q11,q4
-	.byte	0x88,0xa3,0xba,0xf3	@ sha1su1 q5,q4
-	.byte	0x48,0xcc,0x3e,0xf2	@ sha1su0 q6,q7,q4
-	.byte	0xc0,0x42,0xb9,0xf3	@ sha1h q2,q0		@ 15
-	.byte	0x6a,0x0c,0x16,0xf2	@ sha1p q0,q3,q13
-	vadd.i32	q13,q11,q5
-	.byte	0x8a,0xc3,0xba,0xf3	@ sha1su1 q6,q5
-	.byte	0x4a,0xec,0x38,0xf2	@ sha1su0 q7,q4,q5
-	.byte	0xc0,0x62,0xb9,0xf3	@ sha1h q3,q0		@ 16
-	.byte	0x68,0x0c,0x14,0xf2	@ sha1p q0,q2,q12
-	vadd.i32	q12,q11,q6
-	.byte	0x8c,0xe3,0xba,0xf3	@ sha1su1 q7,q6
-	.byte	0xc0,0x42,0xb9,0xf3	@ sha1h q2,q0		@ 17
-	.byte	0x6a,0x0c,0x16,0xf2	@ sha1p q0,q3,q13
-	vadd.i32	q13,q11,q7
-
-	.byte	0xc0,0x62,0xb9,0xf3	@ sha1h q3,q0		@ 18
-	.byte	0x68,0x0c,0x14,0xf2	@ sha1p q0,q2,q12
-
-	.byte	0xc0,0x42,0xb9,0xf3	@ sha1h q2,q0		@ 19
-	.byte	0x6a,0x0c,0x16,0xf2	@ sha1p q0,q3,q13
-
-	vadd.i32	q1,q1,q2
-	vadd.i32	q0,q0,q14
-	bne		.Loop_v8
-
-	vst1.32		{q0},[r0]!
-	vst1.32		{d2[0]},[r0]
-
-	vldmia	sp!,{d8-d15}
-	bx	lr					@ bx lr
-.size	sha1_block_data_order_armv8,.-sha1_block_data_order_armv8
-#endif
-.comm	OPENSSL_armcap_P,4,4
diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl
deleted file mode 100644
index 50bd07b331..0000000000
--- a/crypto/sha/asm/sha1-armv4-large.pl
+++ /dev/null
@@ -1,678 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# sha1_block procedure for ARMv4.
-#
-# January 2007.
-
-# Size/performance trade-off
-# ====================================================================
-# impl		size in bytes	comp cycles[*]	measured performance
-# ====================================================================
-# thumb		304		3212		4420
-# armv4-small	392/+29%	1958/+64%	2250/+96%
-# armv4-compact	740/+89%	1552/+26%	1840/+22%
-# armv4-large	1420/+92%	1307/+19%	1370/+34%[***]
-# full unroll	~5100/+260%	~1260/+4%	~1300/+5%
-# ====================================================================
-# thumb		= same as 'small' but in Thumb instructions[**] and
-#		  with recurring code in two private functions;
-# small		= detached Xload/update, loops are folded;
-# compact	= detached Xload/update, 5x unroll;
-# large		= interleaved Xload/update, 5x unroll;
-# full unroll	= interleaved Xload/update, full unroll, estimated[!];
-#
-# [*]	Manually counted instructions in "grand" loop body. Measured
-#	performance is affected by prologue and epilogue overhead,
-#	i-cache availability, branch penalties, etc.
-# [**]	While each Thumb instruction is twice smaller, they are not as
-#	diverse as ARM ones: e.g., there are only two arithmetic
-#	instructions with 3 arguments, no [fixed] rotate, addressing
-#	modes are limited. As result it takes more instructions to do
-#	the same job in Thumb, therefore the code is never twice as
-#	small and always slower.
-# [***]	which is also ~35% better than compiler generated code. Dual-
-#	issue Cortex A8 core was measured to process input block in
-#	~990 cycles.
-
-# August 2010.
-#
-# Rescheduling for dual-issue pipeline resulted in 13% improvement on
-# Cortex A8 core and in absolute terms ~870 cycles per input block
-# [or 13.6 cycles per byte].
-
-# February 2011.
-#
-# Profiler-assisted and platform-specific optimization resulted in 10%
-# improvement on Cortex A8 core and 12.2 cycles per byte.
-
-# September 2013.
-#
-# Add NEON implementation (see sha1-586.pl for background info). On
-# Cortex A8 it was measured to process one byte in 6.7 cycles or >80%
-# faster than integer-only code. Because [fully unrolled] NEON code
-# is ~2.5x larger and there are some redundant instructions executed
-# when processing last block, improvement is not as big for smallest
-# blocks, only ~30%. Snapdragon S4 is a tad faster, 6.4 cycles per
-# byte, which is also >80% faster than integer-only code.
-
-# May 2014.
-#
-# Add ARMv8 code path performing at 2.35 cpb on Apple A7.
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$ctx="r0";
-$inp="r1";
-$len="r2";
-$a="r3";
-$b="r4";
-$c="r5";
-$d="r6";
-$e="r7";
-$K="r8";
-$t0="r9";
-$t1="r10";
-$t2="r11";
-$t3="r12";
-$Xi="r14";
-@V=($a,$b,$c,$d,$e);
-
-sub Xupdate {
-my ($a,$b,$c,$d,$e,$opt1,$opt2)=@_;
-$code.=<<___;
-	ldr	$t0,[$Xi,#15*4]
-	ldr	$t1,[$Xi,#13*4]
-	ldr	$t2,[$Xi,#7*4]
-	add	$e,$K,$e,ror#2			@ E+=K_xx_xx
-	ldr	$t3,[$Xi,#2*4]
-	eor	$t0,$t0,$t1
-	eor	$t2,$t2,$t3			@ 1 cycle stall
-	eor	$t1,$c,$d			@ F_xx_xx
-	mov	$t0,$t0,ror#31
-	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
-	eor	$t0,$t0,$t2,ror#31
-	str	$t0,[$Xi,#-4]!
-	$opt1					@ F_xx_xx
-	$opt2					@ F_xx_xx
-	add	$e,$e,$t0			@ E+=X[i]
-___
-}
-
-sub BODY_00_15 {
-my ($a,$b,$c,$d,$e)=@_;
-$code.=<<___;
-#if __ARM_ARCH__<7
-	ldrb	$t1,[$inp,#2]
-	ldrb	$t0,[$inp,#3]
-	ldrb	$t2,[$inp,#1]
-	add	$e,$K,$e,ror#2			@ E+=K_00_19
-	ldrb	$t3,[$inp],#4
-	orr	$t0,$t0,$t1,lsl#8
-	eor	$t1,$c,$d			@ F_xx_xx
-	orr	$t0,$t0,$t2,lsl#16
-	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
-	orr	$t0,$t0,$t3,lsl#24
-#else
-	ldr	$t0,[$inp],#4			@ handles unaligned
-	add	$e,$K,$e,ror#2			@ E+=K_00_19
-	eor	$t1,$c,$d			@ F_xx_xx
-	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
-#ifdef __ARMEL__
-	rev	$t0,$t0				@ byte swap
-#endif
-#endif
-	and	$t1,$b,$t1,ror#2
-	add	$e,$e,$t0			@ E+=X[i]
-	eor	$t1,$t1,$d,ror#2		@ F_00_19(B,C,D)
-	str	$t0,[$Xi,#-4]!
-	add	$e,$e,$t1			@ E+=F_00_19(B,C,D)
-___
-}
-
-sub BODY_16_19 {
-my ($a,$b,$c,$d,$e)=@_;
-	&Xupdate(@_,"and $t1,$b,$t1,ror#2");
-$code.=<<___;
-	eor	$t1,$t1,$d,ror#2		@ F_00_19(B,C,D)
-	add	$e,$e,$t1			@ E+=F_00_19(B,C,D)
-___
-}
-
-sub BODY_20_39 {
-my ($a,$b,$c,$d,$e)=@_;
-	&Xupdate(@_,"eor $t1,$b,$t1,ror#2");
-$code.=<<___;
-	add	$e,$e,$t1			@ E+=F_20_39(B,C,D)
-___
-}
-
-sub BODY_40_59 {
-my ($a,$b,$c,$d,$e)=@_;
-	&Xupdate(@_,"and $t1,$b,$t1,ror#2","and $t2,$c,$d");
-$code.=<<___;
-	add	$e,$e,$t1			@ E+=F_40_59(B,C,D)
-	add	$e,$e,$t2,ror#2
-___
-}
-
-$code=<<___;
-#include "arm_arch.h"
-
-.text
-.code	32
-
-.global	sha1_block_data_order
-.type	sha1_block_data_order,%function
-
-.align	5
-sha1_block_data_order:
-#if __ARM_ARCH__>=7
-	sub	r3,pc,#8		@ sha1_block_data_order
-	ldr	r12,.LOPENSSL_armcap
-	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
-	tst	r12,#ARMV8_SHA1
-	bne	.LARMv8
-	tst	r12,#ARMV7_NEON
-	bne	.LNEON
-#endif
-	stmdb	sp!,{r4-r12,lr}
-	add	$len,$inp,$len,lsl#6	@ $len to point at the end of $inp
-	ldmia	$ctx,{$a,$b,$c,$d,$e}
-.Lloop:
-	ldr	$K,.LK_00_19
-	mov	$Xi,sp
-	sub	sp,sp,#15*4
-	mov	$c,$c,ror#30
-	mov	$d,$d,ror#30
-	mov	$e,$e,ror#30		@ [6]
-.L_00_15:
-___
-for($i=0;$i<5;$i++) {
-	&BODY_00_15(@V);	unshift(@V,pop(@V));
-}
-$code.=<<___;
-	teq	$Xi,sp
-	bne	.L_00_15		@ [((11+4)*5+2)*3]
-	sub	sp,sp,#25*4
-___
-	&BODY_00_15(@V);	unshift(@V,pop(@V));
-	&BODY_16_19(@V);	unshift(@V,pop(@V));
-	&BODY_16_19(@V);	unshift(@V,pop(@V));
-	&BODY_16_19(@V);	unshift(@V,pop(@V));
-	&BODY_16_19(@V);	unshift(@V,pop(@V));
-$code.=<<___;
-
-	ldr	$K,.LK_20_39		@ [+15+16*4]
-	cmn	sp,#0			@ [+3], clear carry to denote 20_39
-.L_20_39_or_60_79:
-___
-for($i=0;$i<5;$i++) {
-	&BODY_20_39(@V);	unshift(@V,pop(@V));
-}
-$code.=<<___;
-	teq	$Xi,sp			@ preserve carry
-	bne	.L_20_39_or_60_79	@ [+((12+3)*5+2)*4]
-	bcs	.L_done			@ [+((12+3)*5+2)*4], spare 300 bytes
-
-	ldr	$K,.LK_40_59
-	sub	sp,sp,#20*4		@ [+2]
-.L_40_59:
-___
-for($i=0;$i<5;$i++) {
-	&BODY_40_59(@V);	unshift(@V,pop(@V));
-}
-$code.=<<___;
-	teq	$Xi,sp
-	bne	.L_40_59		@ [+((12+5)*5+2)*4]
-
-	ldr	$K,.LK_60_79
-	sub	sp,sp,#20*4
-	cmp	sp,#0			@ set carry to denote 60_79
-	b	.L_20_39_or_60_79	@ [+4], spare 300 bytes
-.L_done:
-	add	sp,sp,#80*4		@ "deallocate" stack frame
-	ldmia	$ctx,{$K,$t0,$t1,$t2,$t3}
-	add	$a,$K,$a
-	add	$b,$t0,$b
-	add	$c,$t1,$c,ror#2
-	add	$d,$t2,$d,ror#2
-	add	$e,$t3,$e,ror#2
-	stmia	$ctx,{$a,$b,$c,$d,$e}
-	teq	$inp,$len
-	bne	.Lloop			@ [+18], total 1307
-
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r12,pc}
-#else
-	ldmia	sp!,{r4-r12,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	bx	lr			@ interoperable with Thumb ISA:-)
-#endif
-.size	sha1_block_data_order,.-sha1_block_data_order
-
-.align	5
-.LK_00_19:	.word	0x5a827999
-.LK_20_39:	.word	0x6ed9eba1
-.LK_40_59:	.word	0x8f1bbcdc
-.LK_60_79:	.word	0xca62c1d6
-.LOPENSSL_armcap:
-.word	OPENSSL_armcap_P-sha1_block_data_order
-.asciz	"SHA1 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
-.align	5
-___
-#####################################################################
-# NEON stuff
-#
-{{{
-my @V=($a,$b,$c,$d,$e);
-my ($K_XX_XX,$Ki,$t0,$t1,$Xfer,$saved_sp)=map("r$_",(8..12,14));
-my $Xi=4;
-my @X=map("q$_",(8..11,0..3));
-my @Tx=("q12","q13");
-my ($K,$zero)=("q14","q15");
-my $j=0;
-
-sub AUTOLOAD()          # thunk [simplified] x86-style perlasm
-{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
-  my $arg = pop;
-    $arg = "#$arg" if ($arg*1 eq $arg);
-    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
-}
-
-sub body_00_19 () {
-	(
-	'($a,$b,$c,$d,$e)=@V;'.		# '$code.="@ $j\n";'.
-	'&bic	($t0,$d,$b)',
-	'&add	($e,$e,$Ki)',		# e+=X[i]+K
-	'&and	($t1,$c,$b)',
-	'&ldr	($Ki,sprintf "[sp,#%d]",4*(($j+1)&15))',
-	'&add	($e,$e,$a,"ror#27")',	# e+=ROR(A,27)
-	'&eor	($t1,$t1,$t0)',		# F_00_19
-	'&mov	($b,$b,"ror#2")',	# b=ROR(b,2)
-	'&add	($e,$e,$t1);'.		# e+=F_00_19
-	'$j++;	unshift(@V,pop(@V));'
-	)
-}
-sub body_20_39 () {
-	(
-	'($a,$b,$c,$d,$e)=@V;'.		# '$code.="@ $j\n";'.
-	'&eor	($t0,$b,$d)',
-	'&add	($e,$e,$Ki)',		# e+=X[i]+K
-	'&ldr	($Ki,sprintf "[sp,#%d]",4*(($j+1)&15)) if ($j<79)',
-	'&eor	($t1,$t0,$c)',		# F_20_39
-	'&add	($e,$e,$a,"ror#27")',	# e+=ROR(A,27)
-	'&mov	($b,$b,"ror#2")',	# b=ROR(b,2)
-	'&add	($e,$e,$t1);'.		# e+=F_20_39
-	'$j++;	unshift(@V,pop(@V));'
-	)
-}
-sub body_40_59 () {
-	(
-	'($a,$b,$c,$d,$e)=@V;'.		# '$code.="@ $j\n";'.
-	'&add	($e,$e,$Ki)',		# e+=X[i]+K
-	'&and	($t0,$c,$d)',
-	'&ldr	($Ki,sprintf "[sp,#%d]",4*(($j+1)&15))',
-	'&add	($e,$e,$a,"ror#27")',	# e+=ROR(A,27)
-	'&eor	($t1,$c,$d)',
-	'&add	($e,$e,$t0)',
-	'&and	($t1,$t1,$b)',
-	'&mov	($b,$b,"ror#2")',	# b=ROR(b,2)
-	'&add	($e,$e,$t1);'.		# e+=F_40_59
-	'$j++;	unshift(@V,pop(@V));'
-	)
-}
-
-sub Xupdate_16_31 ()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);
-  my ($a,$b,$c,$d,$e);
-
-	&vext_8		(@X[0],@X[-4&7],@X[-3&7],8);	# compose "X[-14]" in "X[0]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vadd_i32	(@Tx[1],@X[-1&7],$K);
-	 eval(shift(@insns));
-	  &vld1_32	("{$K\[]}","[$K_XX_XX,:32]!")	if ($Xi%5==0);
-	 eval(shift(@insns));
-	&vext_8		(@Tx[0],@X[-1&7],$zero,4);	# "X[-3]", 3 words
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&veor		(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&veor		(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&veor		(@Tx[0],@Tx[0],@X[0]);		# "X[0]"^="X[-3]"^"X[-8]
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vst1_32	("{@Tx[1]}","[$Xfer,:128]!");	# X[]+K xfer
-	  &sub		($Xfer,$Xfer,64)		if ($Xi%4==0);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vext_8		(@Tx[1],$zero,@Tx[0],4);	# "X[0]"<<96, extract one dword
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vadd_i32	(@X[0],@Tx[0],@Tx[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vsri_32	(@X[0],@Tx[0],31);		# "X[0]"<<<=1
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vshr_u32	(@Tx[0],@Tx[1],30);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vshl_u32	(@Tx[1],@Tx[1],2);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&veor		(@X[0],@X[0],@Tx[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&veor		(@X[0],@X[0],@Tx[1]);		# "X[0]"^=("X[0]">>96)<<<2
-
-	foreach (@insns) { eval; }	# remaining instructions [if any]
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-}
-
-sub Xupdate_32_79 ()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);
-  my ($a,$b,$c,$d,$e);
-
-	&vext_8		(@Tx[0],@X[-2&7],@X[-1&7],8);	# compose "X[-6]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&veor		(@X[0],@X[0],@X[-4&7]);		# "X[0]"="X[-32]"^"X[-16]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&veor		(@X[0],@X[0],@X[-7&7]);		# "X[0]"^="X[-28]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vadd_i32	(@Tx[1],@X[-1&7],$K);
-	 eval(shift(@insns));
-	  &vld1_32	("{$K\[]}","[$K_XX_XX,:32]!")	if ($Xi%5==0);
-	 eval(shift(@insns));
-	&veor		(@Tx[0],@Tx[0],@X[0]);		# "X[-6]"^="X[0]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vshr_u32	(@X[0],@Tx[0],30);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vst1_32	("{@Tx[1]}","[$Xfer,:128]!");	# X[]+K xfer
-	  &sub		($Xfer,$Xfer,64)		if ($Xi%4==0);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vsli_32	(@X[0],@Tx[0],2);		# "X[0]"="X[-6]"<<<2
-
-	foreach (@insns) { eval; }	# remaining instructions [if any]
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-}
-
-sub Xuplast_80 ()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);
-  my ($a,$b,$c,$d,$e);
-
-	&vadd_i32	(@Tx[1],@X[-1&7],$K);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vst1_32	("{@Tx[1]}","[$Xfer,:128]!");
-	&sub		($Xfer,$Xfer,64);
-
-	&teq		($inp,$len);
-	&sub		($K_XX_XX,$K_XX_XX,16);	# rewind $K_XX_XX
-	&subeq		($inp,$inp,64);		# reload last block to avoid SEGV
-	&vld1_8		("{@X[-4&7]-@X[-3&7]}","[$inp]!");
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vld1_8		("{@X[-2&7]-@X[-1&7]}","[$inp]!");
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vld1_32	("{$K\[]}","[$K_XX_XX,:32]!");	# load K_00_19
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vrev32_8	(@X[-4&7],@X[-4&7]);
-
-	foreach (@insns) { eval; }		# remaining instructions
-
-   $Xi=0;
-}
-
-sub Xloop()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);
-  my ($a,$b,$c,$d,$e);
-
-	&vrev32_8	(@X[($Xi-3)&7],@X[($Xi-3)&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vadd_i32	(@X[$Xi&7],@X[($Xi-4)&7],$K);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vst1_32	("{@X[$Xi&7]}","[$Xfer,:128]!");# X[]+K xfer to IALU
-
-	foreach (@insns) { eval; }
-
-  $Xi++;
-}
-
-$code.=<<___;
-#if __ARM_ARCH__>=7
-.fpu	neon
-
-.type	sha1_block_data_order_neon,%function
-.align	4
-sha1_block_data_order_neon:
-.LNEON:
-	stmdb	sp!,{r4-r12,lr}
-	add	$len,$inp,$len,lsl#6	@ $len to point at the end of $inp
-	@ dmb				@ errata #451034 on early Cortex A8
-	@ vstmdb	sp!,{d8-d15}	@ ABI specification says so
-	mov	$saved_sp,sp
-	sub	sp,sp,#64		@ alloca
-	adr	$K_XX_XX,.LK_00_19
-	bic	sp,sp,#15		@ align for 128-bit stores
-
-	ldmia	$ctx,{$a,$b,$c,$d,$e}	@ load context
-	mov	$Xfer,sp
-
-	vld1.8		{@X[-4&7]-@X[-3&7]},[$inp]!	@ handles unaligned
-	veor		$zero,$zero,$zero
-	vld1.8		{@X[-2&7]-@X[-1&7]},[$inp]!
-	vld1.32		{${K}\[]},[$K_XX_XX,:32]!	@ load K_00_19
-	vrev32.8	@X[-4&7],@X[-4&7]		@ yes, even on
-	vrev32.8	@X[-3&7],@X[-3&7]		@ big-endian...
-	vrev32.8	@X[-2&7],@X[-2&7]
-	vadd.i32	@X[0],@X[-4&7],$K
-	vrev32.8	@X[-1&7],@X[-1&7]
-	vadd.i32	@X[1],@X[-3&7],$K
-	vst1.32		{@X[0]},[$Xfer,:128]!
-	vadd.i32	@X[2],@X[-2&7],$K
-	vst1.32		{@X[1]},[$Xfer,:128]!
-	vst1.32		{@X[2]},[$Xfer,:128]!
-	ldr		$Ki,[sp]			@ big RAW stall
-
-.Loop_neon:
-___
-	&Xupdate_16_31(\&body_00_19);
-	&Xupdate_16_31(\&body_00_19);
-	&Xupdate_16_31(\&body_00_19);
-	&Xupdate_16_31(\&body_00_19);
-	&Xupdate_32_79(\&body_00_19);
-	&Xupdate_32_79(\&body_20_39);
-	&Xupdate_32_79(\&body_20_39);
-	&Xupdate_32_79(\&body_20_39);
-	&Xupdate_32_79(\&body_20_39);
-	&Xupdate_32_79(\&body_20_39);
-	&Xupdate_32_79(\&body_40_59);
-	&Xupdate_32_79(\&body_40_59);
-	&Xupdate_32_79(\&body_40_59);
-	&Xupdate_32_79(\&body_40_59);
-	&Xupdate_32_79(\&body_40_59);
-	&Xupdate_32_79(\&body_20_39);
-	&Xuplast_80(\&body_20_39);
-	&Xloop(\&body_20_39);
-	&Xloop(\&body_20_39);
-	&Xloop(\&body_20_39);
-$code.=<<___;
-	ldmia	$ctx,{$Ki,$t0,$t1,$Xfer}	@ accumulate context
-	add	$a,$a,$Ki
-	ldr	$Ki,[$ctx,#16]
-	add	$b,$b,$t0
-	add	$c,$c,$t1
-	add	$d,$d,$Xfer
-	moveq	sp,$saved_sp
-	add	$e,$e,$Ki
-	ldrne	$Ki,[sp]
-	stmia	$ctx,{$a,$b,$c,$d,$e}
-	addne	$Xfer,sp,#3*16
-	bne	.Loop_neon
-
-	@ vldmia	sp!,{d8-d15}
-	ldmia	sp!,{r4-r12,pc}
-.size	sha1_block_data_order_neon,.-sha1_block_data_order_neon
-#endif
-___
-}}}
-#####################################################################
-# ARMv8 stuff
-#
-{{{
-my ($ABCD,$E,$E0,$E1)=map("q$_",(0..3));
-my @MSG=map("q$_",(4..7));
-my @Kxx=map("q$_",(8..11));
-my ($W0,$W1,$ABCD_SAVE)=map("q$_",(12..14));
-
-$code.=<<___;
-#if __ARM_ARCH__>=7
-.type	sha1_block_data_order_armv8,%function
-.align	5
-sha1_block_data_order_armv8:
-.LARMv8:
-	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-
-	veor	$E,$E,$E
-	adr	r3,.LK_00_19
-	vld1.32	{$ABCD},[$ctx]!
-	vld1.32	{$E\[0]},[$ctx]
-	sub	$ctx,$ctx,#16
-	vld1.32	{@Kxx[0]\[]},[r3,:32]!
-	vld1.32	{@Kxx[1]\[]},[r3,:32]!
-	vld1.32	{@Kxx[2]\[]},[r3,:32]!
-	vld1.32	{@Kxx[3]\[]},[r3,:32]
-
-.Loop_v8:
-	vld1.8		{@MSG[0]-@MSG[1]},[$inp]!
-	vld1.8		{@MSG[2]-@MSG[3]},[$inp]!
-	vrev32.8	@MSG[0],@MSG[0]
-	vrev32.8	@MSG[1],@MSG[1]
-
-	vadd.i32	$W0,@Kxx[0],@MSG[0]
-	vrev32.8	@MSG[2],@MSG[2]
-	vmov		$ABCD_SAVE,$ABCD	@ offload
-	subs		$len,$len,#1
-
-	vadd.i32	$W1,@Kxx[0],@MSG[1]
-	vrev32.8	@MSG[3],@MSG[3]
-	sha1h		$E1,$ABCD		@ 0
-	sha1c		$ABCD,$E,$W0
-	vadd.i32	$W0,@Kxx[$j],@MSG[2]
-	sha1su0		@MSG[0],@MSG[1],@MSG[2]
-___
-for ($j=0,$i=1;$i<20-3;$i++) {
-my $f=("c","p","m","p")[$i/5];
-$code.=<<___;
-	sha1h		$E0,$ABCD		@ $i
-	sha1$f		$ABCD,$E1,$W1
-	vadd.i32	$W1,@Kxx[$j],@MSG[3]
-	sha1su1		@MSG[0],@MSG[3]
-___
-$code.=<<___ if ($i<20-4);
-	sha1su0		@MSG[1],@MSG[2],@MSG[3]
-___
-	($E0,$E1)=($E1,$E0);	($W0,$W1)=($W1,$W0);
-	push(@MSG,shift(@MSG));	$j++ if ((($i+3)%5)==0);
-}
-$code.=<<___;
-	sha1h		$E0,$ABCD		@ $i
-	sha1p		$ABCD,$E1,$W1
-	vadd.i32	$W1,@Kxx[$j],@MSG[3]
-
-	sha1h		$E1,$ABCD		@ 18
-	sha1p		$ABCD,$E0,$W0
-
-	sha1h		$E0,$ABCD		@ 19
-	sha1p		$ABCD,$E1,$W1
-
-	vadd.i32	$E,$E,$E0
-	vadd.i32	$ABCD,$ABCD,$ABCD_SAVE
-	bne		.Loop_v8
-
-	vst1.32		{$ABCD},[$ctx]!
-	vst1.32		{$E\[0]},[$ctx]
-
-	vldmia	sp!,{d8-d15}
-	ret					@ bx lr
-.size	sha1_block_data_order_armv8,.-sha1_block_data_order_armv8
-#endif
-___
-}}}
-$code.=<<___;
-.comm	OPENSSL_armcap_P,4,4
-___
-
-{   my  %opcode = (
-	"sha1c"		=> 0xf2000c40,	"sha1p"		=> 0xf2100c40,
-	"sha1m"		=> 0xf2200c40,	"sha1su0"	=> 0xf2300c40,
-	"sha1h"		=> 0xf3b902c0,	"sha1su1"	=> 0xf3ba0380	);
-
-    sub unsha1 {
-	my ($mnemonic,$arg)=@_;
-
-	if ($arg =~ m/q([0-9]+)(?:,\s*q([0-9]+))?,\s*q([0-9]+)/o) {
-	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
-					 |(($2&7)<<17)|(($2&8)<<4)
-					 |(($3&7)<<1) |(($3&8)<<2);
-	    # since ARMv7 instructions are always encoded little-endian.
-	    # correct solution is to use .inst directive, but older
-	    # assemblers don't implement it:-(
-	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
-			$word&0xff,($word>>8)&0xff,
-			($word>>16)&0xff,($word>>24)&0xff,
-			$mnemonic,$arg;
-	}
-    }
-}
-
-foreach (split($/,$code)) {
-	s/{q([0-9]+)\[\]}/sprintf "{d%d[],d%d[]}",2*$1,2*$1+1/eo	or
-	s/{q([0-9]+)\[0\]}/sprintf "{d%d[0]}",2*$1/eo;
-
-	s/\b(sha1\w+)\s+(q.*)/unsha1($1,$2)/geo;
-
-	s/\bret\b/bx	lr/o		or
-	s/\bbx\s+lr\b/.word\t0xe12fff1e/o;	# make it possible to compile with -march=armv4
-
-	print $_,$/;
-}
-
-close STDOUT; # enforce flush
diff --git a/crypto/sha/asm/sha1-armv8.S b/crypto/sha/asm/sha1-armv8.S
deleted file mode 100644
index f9d126252e..0000000000
--- a/crypto/sha/asm/sha1-armv8.S
+++ /dev/null
@@ -1,1211 +0,0 @@
-#include "arm_arch.h"
-
-.text
-
-.globl	sha1_block_data_order
-.type	sha1_block_data_order,%function
-.align	6
-sha1_block_data_order:
-	ldr	x16,.LOPENSSL_armcap_P
-	adr	x17,.LOPENSSL_armcap_P
-	add	x16,x16,x17
-	ldr	w16,[x16]
-	tst	w16,#ARMV8_SHA1
-	b.ne	.Lv8_entry
-
-	stp	x29,x30,[sp,#-96]!
-	add	x29,sp,#0
-	stp	x19,x20,[sp,#16]
-	stp	x21,x22,[sp,#32]
-	stp	x23,x24,[sp,#48]
-	stp	x25,x26,[sp,#64]
-	stp	x27,x28,[sp,#80]
-
-	ldp	w20,w21,[x0]
-	ldp	w22,w23,[x0,#8]
-	ldr	w24,[x0,#16]
-
-.Loop:
-	ldr	x3,[x1],#64
-	movz	w28,#0x7999
-	sub	x2,x2,#1
-	movk	w28,#0x5a82,lsl#16
-#ifdef	__ARMEB__
-	ror	x3,x3,#32
-#else
-	rev32	x3,x3
-#endif
-	add	w24,w24,w28		// warm it up
-	add	w24,w24,w3
-	lsr	x4,x3,#32
-	ldr	x5,[x1,#-56]
-	bic	w25,w23,w21
-	and	w26,w22,w21
-	ror	w27,w20,#27
-	add	w23,w23,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w24,w24,w27		// e+=rot(a,5)
-	ror	w21,w21,#2
-	add	w23,w23,w4	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-#ifdef	__ARMEB__
-	ror	x5,x5,#32
-#else
-	rev32	x5,x5
-#endif
-	bic	w25,w22,w20
-	and	w26,w21,w20
-	ror	w27,w24,#27
-	add	w22,w22,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w23,w23,w27		// e+=rot(a,5)
-	ror	w20,w20,#2
-	add	w22,w22,w5	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	lsr	x6,x5,#32
-	ldr	x7,[x1,#-48]
-	bic	w25,w21,w24
-	and	w26,w20,w24
-	ror	w27,w23,#27
-	add	w21,w21,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w22,w22,w27		// e+=rot(a,5)
-	ror	w24,w24,#2
-	add	w21,w21,w6	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-#ifdef	__ARMEB__
-	ror	x7,x7,#32
-#else
-	rev32	x7,x7
-#endif
-	bic	w25,w20,w23
-	and	w26,w24,w23
-	ror	w27,w22,#27
-	add	w20,w20,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w21,w21,w27		// e+=rot(a,5)
-	ror	w23,w23,#2
-	add	w20,w20,w7	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	lsr	x8,x7,#32
-	ldr	x9,[x1,#-40]
-	bic	w25,w24,w22
-	and	w26,w23,w22
-	ror	w27,w21,#27
-	add	w24,w24,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w20,w20,w27		// e+=rot(a,5)
-	ror	w22,w22,#2
-	add	w24,w24,w8	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-#ifdef	__ARMEB__
-	ror	x9,x9,#32
-#else
-	rev32	x9,x9
-#endif
-	bic	w25,w23,w21
-	and	w26,w22,w21
-	ror	w27,w20,#27
-	add	w23,w23,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w24,w24,w27		// e+=rot(a,5)
-	ror	w21,w21,#2
-	add	w23,w23,w9	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	lsr	x10,x9,#32
-	ldr	x11,[x1,#-32]
-	bic	w25,w22,w20
-	and	w26,w21,w20
-	ror	w27,w24,#27
-	add	w22,w22,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w23,w23,w27		// e+=rot(a,5)
-	ror	w20,w20,#2
-	add	w22,w22,w10	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-#ifdef	__ARMEB__
-	ror	x11,x11,#32
-#else
-	rev32	x11,x11
-#endif
-	bic	w25,w21,w24
-	and	w26,w20,w24
-	ror	w27,w23,#27
-	add	w21,w21,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w22,w22,w27		// e+=rot(a,5)
-	ror	w24,w24,#2
-	add	w21,w21,w11	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	lsr	x12,x11,#32
-	ldr	x13,[x1,#-24]
-	bic	w25,w20,w23
-	and	w26,w24,w23
-	ror	w27,w22,#27
-	add	w20,w20,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w21,w21,w27		// e+=rot(a,5)
-	ror	w23,w23,#2
-	add	w20,w20,w12	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-#ifdef	__ARMEB__
-	ror	x13,x13,#32
-#else
-	rev32	x13,x13
-#endif
-	bic	w25,w24,w22
-	and	w26,w23,w22
-	ror	w27,w21,#27
-	add	w24,w24,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w20,w20,w27		// e+=rot(a,5)
-	ror	w22,w22,#2
-	add	w24,w24,w13	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	lsr	x14,x13,#32
-	ldr	x15,[x1,#-16]
-	bic	w25,w23,w21
-	and	w26,w22,w21
-	ror	w27,w20,#27
-	add	w23,w23,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w24,w24,w27		// e+=rot(a,5)
-	ror	w21,w21,#2
-	add	w23,w23,w14	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-#ifdef	__ARMEB__
-	ror	x15,x15,#32
-#else
-	rev32	x15,x15
-#endif
-	bic	w25,w22,w20
-	and	w26,w21,w20
-	ror	w27,w24,#27
-	add	w22,w22,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w23,w23,w27		// e+=rot(a,5)
-	ror	w20,w20,#2
-	add	w22,w22,w15	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	lsr	x16,x15,#32
-	ldr	x17,[x1,#-8]
-	bic	w25,w21,w24
-	and	w26,w20,w24
-	ror	w27,w23,#27
-	add	w21,w21,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w22,w22,w27		// e+=rot(a,5)
-	ror	w24,w24,#2
-	add	w21,w21,w16	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-#ifdef	__ARMEB__
-	ror	x17,x17,#32
-#else
-	rev32	x17,x17
-#endif
-	bic	w25,w20,w23
-	and	w26,w24,w23
-	ror	w27,w22,#27
-	add	w20,w20,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w21,w21,w27		// e+=rot(a,5)
-	ror	w23,w23,#2
-	add	w20,w20,w17	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	lsr	x19,x17,#32
-	 eor	w3,w3,w5
-	bic	w25,w24,w22
-	and	w26,w23,w22
-	ror	w27,w21,#27
-	 eor	w3,w3,w11
-	add	w24,w24,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w20,w20,w27		// e+=rot(a,5)
-	 eor	w3,w3,w16
-	ror	w22,w22,#2
-	add	w24,w24,w19	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w3,w3,#31
-	 eor	w4,w4,w6
-	bic	w25,w23,w21
-	and	w26,w22,w21
-	ror	w27,w20,#27
-	 eor	w4,w4,w12
-	add	w23,w23,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w24,w24,w27		// e+=rot(a,5)
-	 eor	w4,w4,w17
-	ror	w21,w21,#2
-	add	w23,w23,w3	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w4,w4,#31
-	 eor	w5,w5,w7
-	bic	w25,w22,w20
-	and	w26,w21,w20
-	ror	w27,w24,#27
-	 eor	w5,w5,w13
-	add	w22,w22,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w23,w23,w27		// e+=rot(a,5)
-	 eor	w5,w5,w19
-	ror	w20,w20,#2
-	add	w22,w22,w4	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w5,w5,#31
-	 eor	w6,w6,w8
-	bic	w25,w21,w24
-	and	w26,w20,w24
-	ror	w27,w23,#27
-	 eor	w6,w6,w14
-	add	w21,w21,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w22,w22,w27		// e+=rot(a,5)
-	 eor	w6,w6,w3
-	ror	w24,w24,#2
-	add	w21,w21,w5	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w6,w6,#31
-	 eor	w7,w7,w9
-	bic	w25,w20,w23
-	and	w26,w24,w23
-	ror	w27,w22,#27
-	 eor	w7,w7,w15
-	add	w20,w20,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w21,w21,w27		// e+=rot(a,5)
-	 eor	w7,w7,w4
-	ror	w23,w23,#2
-	add	w20,w20,w6	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	 ror	w7,w7,#31
-	movz	w28,#0xeba1
-	movk	w28,#0x6ed9,lsl#16
-	 eor	w8,w8,w10
-	bic	w25,w24,w22
-	and	w26,w23,w22
-	ror	w27,w21,#27
-	 eor	w8,w8,w16
-	add	w24,w24,w28		// future e+=K
-	orr	w25,w25,w26
-	add	w20,w20,w27		// e+=rot(a,5)
-	 eor	w8,w8,w5
-	ror	w22,w22,#2
-	add	w24,w24,w7	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w8,w8,#31
-	 eor	w9,w9,w11
-	eor	w25,w23,w21
-	ror	w27,w20,#27
-	add	w23,w23,w28		// future e+=K
-	 eor	w9,w9,w17
-	eor	w25,w25,w22
-	add	w24,w24,w27		// e+=rot(a,5)
-	ror	w21,w21,#2
-	 eor	w9,w9,w6
-	add	w23,w23,w8	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w9,w9,#31
-	 eor	w10,w10,w12
-	eor	w25,w22,w20
-	ror	w27,w24,#27
-	add	w22,w22,w28		// future e+=K
-	 eor	w10,w10,w19
-	eor	w25,w25,w21
-	add	w23,w23,w27		// e+=rot(a,5)
-	ror	w20,w20,#2
-	 eor	w10,w10,w7
-	add	w22,w22,w9	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w10,w10,#31
-	 eor	w11,w11,w13
-	eor	w25,w21,w24
-	ror	w27,w23,#27
-	add	w21,w21,w28		// future e+=K
-	 eor	w11,w11,w3
-	eor	w25,w25,w20
-	add	w22,w22,w27		// e+=rot(a,5)
-	ror	w24,w24,#2
-	 eor	w11,w11,w8
-	add	w21,w21,w10	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w11,w11,#31
-	 eor	w12,w12,w14
-	eor	w25,w20,w23
-	ror	w27,w22,#27
-	add	w20,w20,w28		// future e+=K
-	 eor	w12,w12,w4
-	eor	w25,w25,w24
-	add	w21,w21,w27		// e+=rot(a,5)
-	ror	w23,w23,#2
-	 eor	w12,w12,w9
-	add	w20,w20,w11	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	 ror	w12,w12,#31
-	 eor	w13,w13,w15
-	eor	w25,w24,w22
-	ror	w27,w21,#27
-	add	w24,w24,w28		// future e+=K
-	 eor	w13,w13,w5
-	eor	w25,w25,w23
-	add	w20,w20,w27		// e+=rot(a,5)
-	ror	w22,w22,#2
-	 eor	w13,w13,w10
-	add	w24,w24,w12	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w13,w13,#31
-	 eor	w14,w14,w16
-	eor	w25,w23,w21
-	ror	w27,w20,#27
-	add	w23,w23,w28		// future e+=K
-	 eor	w14,w14,w6
-	eor	w25,w25,w22
-	add	w24,w24,w27		// e+=rot(a,5)
-	ror	w21,w21,#2
-	 eor	w14,w14,w11
-	add	w23,w23,w13	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w14,w14,#31
-	 eor	w15,w15,w17
-	eor	w25,w22,w20
-	ror	w27,w24,#27
-	add	w22,w22,w28		// future e+=K
-	 eor	w15,w15,w7
-	eor	w25,w25,w21
-	add	w23,w23,w27		// e+=rot(a,5)
-	ror	w20,w20,#2
-	 eor	w15,w15,w12
-	add	w22,w22,w14	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w15,w15,#31
-	 eor	w16,w16,w19
-	eor	w25,w21,w24
-	ror	w27,w23,#27
-	add	w21,w21,w28		// future e+=K
-	 eor	w16,w16,w8
-	eor	w25,w25,w20
-	add	w22,w22,w27		// e+=rot(a,5)
-	ror	w24,w24,#2
-	 eor	w16,w16,w13
-	add	w21,w21,w15	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w16,w16,#31
-	 eor	w17,w17,w3
-	eor	w25,w20,w23
-	ror	w27,w22,#27
-	add	w20,w20,w28		// future e+=K
-	 eor	w17,w17,w9
-	eor	w25,w25,w24
-	add	w21,w21,w27		// e+=rot(a,5)
-	ror	w23,w23,#2
-	 eor	w17,w17,w14
-	add	w20,w20,w16	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	 ror	w17,w17,#31
-	 eor	w19,w19,w4
-	eor	w25,w24,w22
-	ror	w27,w21,#27
-	add	w24,w24,w28		// future e+=K
-	 eor	w19,w19,w10
-	eor	w25,w25,w23
-	add	w20,w20,w27		// e+=rot(a,5)
-	ror	w22,w22,#2
-	 eor	w19,w19,w15
-	add	w24,w24,w17	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w19,w19,#31
-	 eor	w3,w3,w5
-	eor	w25,w23,w21
-	ror	w27,w20,#27
-	add	w23,w23,w28		// future e+=K
-	 eor	w3,w3,w11
-	eor	w25,w25,w22
-	add	w24,w24,w27		// e+=rot(a,5)
-	ror	w21,w21,#2
-	 eor	w3,w3,w16
-	add	w23,w23,w19	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w3,w3,#31
-	 eor	w4,w4,w6
-	eor	w25,w22,w20
-	ror	w27,w24,#27
-	add	w22,w22,w28		// future e+=K
-	 eor	w4,w4,w12
-	eor	w25,w25,w21
-	add	w23,w23,w27		// e+=rot(a,5)
-	ror	w20,w20,#2
-	 eor	w4,w4,w17
-	add	w22,w22,w3	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w4,w4,#31
-	 eor	w5,w5,w7
-	eor	w25,w21,w24
-	ror	w27,w23,#27
-	add	w21,w21,w28		// future e+=K
-	 eor	w5,w5,w13
-	eor	w25,w25,w20
-	add	w22,w22,w27		// e+=rot(a,5)
-	ror	w24,w24,#2
-	 eor	w5,w5,w19
-	add	w21,w21,w4	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w5,w5,#31
-	 eor	w6,w6,w8
-	eor	w25,w20,w23
-	ror	w27,w22,#27
-	add	w20,w20,w28		// future e+=K
-	 eor	w6,w6,w14
-	eor	w25,w25,w24
-	add	w21,w21,w27		// e+=rot(a,5)
-	ror	w23,w23,#2
-	 eor	w6,w6,w3
-	add	w20,w20,w5	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	 ror	w6,w6,#31
-	 eor	w7,w7,w9
-	eor	w25,w24,w22
-	ror	w27,w21,#27
-	add	w24,w24,w28		// future e+=K
-	 eor	w7,w7,w15
-	eor	w25,w25,w23
-	add	w20,w20,w27		// e+=rot(a,5)
-	ror	w22,w22,#2
-	 eor	w7,w7,w4
-	add	w24,w24,w6	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w7,w7,#31
-	 eor	w8,w8,w10
-	eor	w25,w23,w21
-	ror	w27,w20,#27
-	add	w23,w23,w28		// future e+=K
-	 eor	w8,w8,w16
-	eor	w25,w25,w22
-	add	w24,w24,w27		// e+=rot(a,5)
-	ror	w21,w21,#2
-	 eor	w8,w8,w5
-	add	w23,w23,w7	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w8,w8,#31
-	 eor	w9,w9,w11
-	eor	w25,w22,w20
-	ror	w27,w24,#27
-	add	w22,w22,w28		// future e+=K
-	 eor	w9,w9,w17
-	eor	w25,w25,w21
-	add	w23,w23,w27		// e+=rot(a,5)
-	ror	w20,w20,#2
-	 eor	w9,w9,w6
-	add	w22,w22,w8	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w9,w9,#31
-	 eor	w10,w10,w12
-	eor	w25,w21,w24
-	ror	w27,w23,#27
-	add	w21,w21,w28		// future e+=K
-	 eor	w10,w10,w19
-	eor	w25,w25,w20
-	add	w22,w22,w27		// e+=rot(a,5)
-	ror	w24,w24,#2
-	 eor	w10,w10,w7
-	add	w21,w21,w9	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w10,w10,#31
-	 eor	w11,w11,w13
-	eor	w25,w20,w23
-	ror	w27,w22,#27
-	add	w20,w20,w28		// future e+=K
-	 eor	w11,w11,w3
-	eor	w25,w25,w24
-	add	w21,w21,w27		// e+=rot(a,5)
-	ror	w23,w23,#2
-	 eor	w11,w11,w8
-	add	w20,w20,w10	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	 ror	w11,w11,#31
-	movz	w28,#0xbcdc
-	movk	w28,#0x8f1b,lsl#16
-	 eor	w12,w12,w14
-	eor	w25,w24,w22
-	ror	w27,w21,#27
-	add	w24,w24,w28		// future e+=K
-	 eor	w12,w12,w4
-	eor	w25,w25,w23
-	add	w20,w20,w27		// e+=rot(a,5)
-	ror	w22,w22,#2
-	 eor	w12,w12,w9
-	add	w24,w24,w11	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w12,w12,#31
-	orr	w25,w21,w22
-	and	w26,w21,w22
-	 eor	w13,w13,w15
-	ror	w27,w20,#27
-	and	w25,w25,w23
-	add	w23,w23,w28		// future e+=K
-	 eor	w13,w13,w5
-	add	w24,w24,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w21,w21,#2
-	 eor	w13,w13,w10
-	add	w23,w23,w12	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w13,w13,#31
-	orr	w25,w20,w21
-	and	w26,w20,w21
-	 eor	w14,w14,w16
-	ror	w27,w24,#27
-	and	w25,w25,w22
-	add	w22,w22,w28		// future e+=K
-	 eor	w14,w14,w6
-	add	w23,w23,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w20,w20,#2
-	 eor	w14,w14,w11
-	add	w22,w22,w13	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w14,w14,#31
-	orr	w25,w24,w20
-	and	w26,w24,w20
-	 eor	w15,w15,w17
-	ror	w27,w23,#27
-	and	w25,w25,w21
-	add	w21,w21,w28		// future e+=K
-	 eor	w15,w15,w7
-	add	w22,w22,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w24,w24,#2
-	 eor	w15,w15,w12
-	add	w21,w21,w14	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w15,w15,#31
-	orr	w25,w23,w24
-	and	w26,w23,w24
-	 eor	w16,w16,w19
-	ror	w27,w22,#27
-	and	w25,w25,w20
-	add	w20,w20,w28		// future e+=K
-	 eor	w16,w16,w8
-	add	w21,w21,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w23,w23,#2
-	 eor	w16,w16,w13
-	add	w20,w20,w15	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	 ror	w16,w16,#31
-	orr	w25,w22,w23
-	and	w26,w22,w23
-	 eor	w17,w17,w3
-	ror	w27,w21,#27
-	and	w25,w25,w24
-	add	w24,w24,w28		// future e+=K
-	 eor	w17,w17,w9
-	add	w20,w20,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w22,w22,#2
-	 eor	w17,w17,w14
-	add	w24,w24,w16	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w17,w17,#31
-	orr	w25,w21,w22
-	and	w26,w21,w22
-	 eor	w19,w19,w4
-	ror	w27,w20,#27
-	and	w25,w25,w23
-	add	w23,w23,w28		// future e+=K
-	 eor	w19,w19,w10
-	add	w24,w24,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w21,w21,#2
-	 eor	w19,w19,w15
-	add	w23,w23,w17	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w19,w19,#31
-	orr	w25,w20,w21
-	and	w26,w20,w21
-	 eor	w3,w3,w5
-	ror	w27,w24,#27
-	and	w25,w25,w22
-	add	w22,w22,w28		// future e+=K
-	 eor	w3,w3,w11
-	add	w23,w23,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w20,w20,#2
-	 eor	w3,w3,w16
-	add	w22,w22,w19	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w3,w3,#31
-	orr	w25,w24,w20
-	and	w26,w24,w20
-	 eor	w4,w4,w6
-	ror	w27,w23,#27
-	and	w25,w25,w21
-	add	w21,w21,w28		// future e+=K
-	 eor	w4,w4,w12
-	add	w22,w22,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w24,w24,#2
-	 eor	w4,w4,w17
-	add	w21,w21,w3	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w4,w4,#31
-	orr	w25,w23,w24
-	and	w26,w23,w24
-	 eor	w5,w5,w7
-	ror	w27,w22,#27
-	and	w25,w25,w20
-	add	w20,w20,w28		// future e+=K
-	 eor	w5,w5,w13
-	add	w21,w21,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w23,w23,#2
-	 eor	w5,w5,w19
-	add	w20,w20,w4	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	 ror	w5,w5,#31
-	orr	w25,w22,w23
-	and	w26,w22,w23
-	 eor	w6,w6,w8
-	ror	w27,w21,#27
-	and	w25,w25,w24
-	add	w24,w24,w28		// future e+=K
-	 eor	w6,w6,w14
-	add	w20,w20,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w22,w22,#2
-	 eor	w6,w6,w3
-	add	w24,w24,w5	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w6,w6,#31
-	orr	w25,w21,w22
-	and	w26,w21,w22
-	 eor	w7,w7,w9
-	ror	w27,w20,#27
-	and	w25,w25,w23
-	add	w23,w23,w28		// future e+=K
-	 eor	w7,w7,w15
-	add	w24,w24,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w21,w21,#2
-	 eor	w7,w7,w4
-	add	w23,w23,w6	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w7,w7,#31
-	orr	w25,w20,w21
-	and	w26,w20,w21
-	 eor	w8,w8,w10
-	ror	w27,w24,#27
-	and	w25,w25,w22
-	add	w22,w22,w28		// future e+=K
-	 eor	w8,w8,w16
-	add	w23,w23,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w20,w20,#2
-	 eor	w8,w8,w5
-	add	w22,w22,w7	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w8,w8,#31
-	orr	w25,w24,w20
-	and	w26,w24,w20
-	 eor	w9,w9,w11
-	ror	w27,w23,#27
-	and	w25,w25,w21
-	add	w21,w21,w28		// future e+=K
-	 eor	w9,w9,w17
-	add	w22,w22,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w24,w24,#2
-	 eor	w9,w9,w6
-	add	w21,w21,w8	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w9,w9,#31
-	orr	w25,w23,w24
-	and	w26,w23,w24
-	 eor	w10,w10,w12
-	ror	w27,w22,#27
-	and	w25,w25,w20
-	add	w20,w20,w28		// future e+=K
-	 eor	w10,w10,w19
-	add	w21,w21,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w23,w23,#2
-	 eor	w10,w10,w7
-	add	w20,w20,w9	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	 ror	w10,w10,#31
-	orr	w25,w22,w23
-	and	w26,w22,w23
-	 eor	w11,w11,w13
-	ror	w27,w21,#27
-	and	w25,w25,w24
-	add	w24,w24,w28		// future e+=K
-	 eor	w11,w11,w3
-	add	w20,w20,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w22,w22,#2
-	 eor	w11,w11,w8
-	add	w24,w24,w10	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w11,w11,#31
-	orr	w25,w21,w22
-	and	w26,w21,w22
-	 eor	w12,w12,w14
-	ror	w27,w20,#27
-	and	w25,w25,w23
-	add	w23,w23,w28		// future e+=K
-	 eor	w12,w12,w4
-	add	w24,w24,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w21,w21,#2
-	 eor	w12,w12,w9
-	add	w23,w23,w11	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w12,w12,#31
-	orr	w25,w20,w21
-	and	w26,w20,w21
-	 eor	w13,w13,w15
-	ror	w27,w24,#27
-	and	w25,w25,w22
-	add	w22,w22,w28		// future e+=K
-	 eor	w13,w13,w5
-	add	w23,w23,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w20,w20,#2
-	 eor	w13,w13,w10
-	add	w22,w22,w12	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w13,w13,#31
-	orr	w25,w24,w20
-	and	w26,w24,w20
-	 eor	w14,w14,w16
-	ror	w27,w23,#27
-	and	w25,w25,w21
-	add	w21,w21,w28		// future e+=K
-	 eor	w14,w14,w6
-	add	w22,w22,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w24,w24,#2
-	 eor	w14,w14,w11
-	add	w21,w21,w13	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w14,w14,#31
-	orr	w25,w23,w24
-	and	w26,w23,w24
-	 eor	w15,w15,w17
-	ror	w27,w22,#27
-	and	w25,w25,w20
-	add	w20,w20,w28		// future e+=K
-	 eor	w15,w15,w7
-	add	w21,w21,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w23,w23,#2
-	 eor	w15,w15,w12
-	add	w20,w20,w14	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	 ror	w15,w15,#31
-	movz	w28,#0xc1d6
-	movk	w28,#0xca62,lsl#16
-	orr	w25,w22,w23
-	and	w26,w22,w23
-	 eor	w16,w16,w19
-	ror	w27,w21,#27
-	and	w25,w25,w24
-	add	w24,w24,w28		// future e+=K
-	 eor	w16,w16,w8
-	add	w20,w20,w27		// e+=rot(a,5)
-	orr	w25,w25,w26
-	ror	w22,w22,#2
-	 eor	w16,w16,w13
-	add	w24,w24,w15	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w16,w16,#31
-	 eor	w17,w17,w3
-	eor	w25,w23,w21
-	ror	w27,w20,#27
-	add	w23,w23,w28		// future e+=K
-	 eor	w17,w17,w9
-	eor	w25,w25,w22
-	add	w24,w24,w27		// e+=rot(a,5)
-	ror	w21,w21,#2
-	 eor	w17,w17,w14
-	add	w23,w23,w16	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w17,w17,#31
-	 eor	w19,w19,w4
-	eor	w25,w22,w20
-	ror	w27,w24,#27
-	add	w22,w22,w28		// future e+=K
-	 eor	w19,w19,w10
-	eor	w25,w25,w21
-	add	w23,w23,w27		// e+=rot(a,5)
-	ror	w20,w20,#2
-	 eor	w19,w19,w15
-	add	w22,w22,w17	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w19,w19,#31
-	 eor	w3,w3,w5
-	eor	w25,w21,w24
-	ror	w27,w23,#27
-	add	w21,w21,w28		// future e+=K
-	 eor	w3,w3,w11
-	eor	w25,w25,w20
-	add	w22,w22,w27		// e+=rot(a,5)
-	ror	w24,w24,#2
-	 eor	w3,w3,w16
-	add	w21,w21,w19	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w3,w3,#31
-	 eor	w4,w4,w6
-	eor	w25,w20,w23
-	ror	w27,w22,#27
-	add	w20,w20,w28		// future e+=K
-	 eor	w4,w4,w12
-	eor	w25,w25,w24
-	add	w21,w21,w27		// e+=rot(a,5)
-	ror	w23,w23,#2
-	 eor	w4,w4,w17
-	add	w20,w20,w3	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	 ror	w4,w4,#31
-	 eor	w5,w5,w7
-	eor	w25,w24,w22
-	ror	w27,w21,#27
-	add	w24,w24,w28		// future e+=K
-	 eor	w5,w5,w13
-	eor	w25,w25,w23
-	add	w20,w20,w27		// e+=rot(a,5)
-	ror	w22,w22,#2
-	 eor	w5,w5,w19
-	add	w24,w24,w4	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w5,w5,#31
-	 eor	w6,w6,w8
-	eor	w25,w23,w21
-	ror	w27,w20,#27
-	add	w23,w23,w28		// future e+=K
-	 eor	w6,w6,w14
-	eor	w25,w25,w22
-	add	w24,w24,w27		// e+=rot(a,5)
-	ror	w21,w21,#2
-	 eor	w6,w6,w3
-	add	w23,w23,w5	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w6,w6,#31
-	 eor	w7,w7,w9
-	eor	w25,w22,w20
-	ror	w27,w24,#27
-	add	w22,w22,w28		// future e+=K
-	 eor	w7,w7,w15
-	eor	w25,w25,w21
-	add	w23,w23,w27		// e+=rot(a,5)
-	ror	w20,w20,#2
-	 eor	w7,w7,w4
-	add	w22,w22,w6	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w7,w7,#31
-	 eor	w8,w8,w10
-	eor	w25,w21,w24
-	ror	w27,w23,#27
-	add	w21,w21,w28		// future e+=K
-	 eor	w8,w8,w16
-	eor	w25,w25,w20
-	add	w22,w22,w27		// e+=rot(a,5)
-	ror	w24,w24,#2
-	 eor	w8,w8,w5
-	add	w21,w21,w7	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w8,w8,#31
-	 eor	w9,w9,w11
-	eor	w25,w20,w23
-	ror	w27,w22,#27
-	add	w20,w20,w28		// future e+=K
-	 eor	w9,w9,w17
-	eor	w25,w25,w24
-	add	w21,w21,w27		// e+=rot(a,5)
-	ror	w23,w23,#2
-	 eor	w9,w9,w6
-	add	w20,w20,w8	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	 ror	w9,w9,#31
-	 eor	w10,w10,w12
-	eor	w25,w24,w22
-	ror	w27,w21,#27
-	add	w24,w24,w28		// future e+=K
-	 eor	w10,w10,w19
-	eor	w25,w25,w23
-	add	w20,w20,w27		// e+=rot(a,5)
-	ror	w22,w22,#2
-	 eor	w10,w10,w7
-	add	w24,w24,w9	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w10,w10,#31
-	 eor	w11,w11,w13
-	eor	w25,w23,w21
-	ror	w27,w20,#27
-	add	w23,w23,w28		// future e+=K
-	 eor	w11,w11,w3
-	eor	w25,w25,w22
-	add	w24,w24,w27		// e+=rot(a,5)
-	ror	w21,w21,#2
-	 eor	w11,w11,w8
-	add	w23,w23,w10	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w11,w11,#31
-	 eor	w12,w12,w14
-	eor	w25,w22,w20
-	ror	w27,w24,#27
-	add	w22,w22,w28		// future e+=K
-	 eor	w12,w12,w4
-	eor	w25,w25,w21
-	add	w23,w23,w27		// e+=rot(a,5)
-	ror	w20,w20,#2
-	 eor	w12,w12,w9
-	add	w22,w22,w11	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w12,w12,#31
-	 eor	w13,w13,w15
-	eor	w25,w21,w24
-	ror	w27,w23,#27
-	add	w21,w21,w28		// future e+=K
-	 eor	w13,w13,w5
-	eor	w25,w25,w20
-	add	w22,w22,w27		// e+=rot(a,5)
-	ror	w24,w24,#2
-	 eor	w13,w13,w10
-	add	w21,w21,w12	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w13,w13,#31
-	 eor	w14,w14,w16
-	eor	w25,w20,w23
-	ror	w27,w22,#27
-	add	w20,w20,w28		// future e+=K
-	 eor	w14,w14,w6
-	eor	w25,w25,w24
-	add	w21,w21,w27		// e+=rot(a,5)
-	ror	w23,w23,#2
-	 eor	w14,w14,w11
-	add	w20,w20,w13	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	 ror	w14,w14,#31
-	 eor	w15,w15,w17
-	eor	w25,w24,w22
-	ror	w27,w21,#27
-	add	w24,w24,w28		// future e+=K
-	 eor	w15,w15,w7
-	eor	w25,w25,w23
-	add	w20,w20,w27		// e+=rot(a,5)
-	ror	w22,w22,#2
-	 eor	w15,w15,w12
-	add	w24,w24,w14	// future e+=X[i]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	 ror	w15,w15,#31
-	 eor	w16,w16,w19
-	eor	w25,w23,w21
-	ror	w27,w20,#27
-	add	w23,w23,w28		// future e+=K
-	 eor	w16,w16,w8
-	eor	w25,w25,w22
-	add	w24,w24,w27		// e+=rot(a,5)
-	ror	w21,w21,#2
-	 eor	w16,w16,w13
-	add	w23,w23,w15	// future e+=X[i]
-	add	w24,w24,w25		// e+=F(b,c,d)
-	 ror	w16,w16,#31
-	 eor	w17,w17,w3
-	eor	w25,w22,w20
-	ror	w27,w24,#27
-	add	w22,w22,w28		// future e+=K
-	 eor	w17,w17,w9
-	eor	w25,w25,w21
-	add	w23,w23,w27		// e+=rot(a,5)
-	ror	w20,w20,#2
-	 eor	w17,w17,w14
-	add	w22,w22,w16	// future e+=X[i]
-	add	w23,w23,w25		// e+=F(b,c,d)
-	 ror	w17,w17,#31
-	 eor	w19,w19,w4
-	eor	w25,w21,w24
-	ror	w27,w23,#27
-	add	w21,w21,w28		// future e+=K
-	 eor	w19,w19,w10
-	eor	w25,w25,w20
-	add	w22,w22,w27		// e+=rot(a,5)
-	ror	w24,w24,#2
-	 eor	w19,w19,w15
-	add	w21,w21,w17	// future e+=X[i]
-	add	w22,w22,w25		// e+=F(b,c,d)
-	 ror	w19,w19,#31
-	ldp	w4,w5,[x0]
-	eor	w25,w20,w23
-	ror	w27,w22,#27
-	add	w20,w20,w28		// future e+=K
-	eor	w25,w25,w24
-	add	w21,w21,w27		// e+=rot(a,5)
-	ror	w23,w23,#2
-	add	w20,w20,w19	// future e+=X[i]
-	add	w21,w21,w25		// e+=F(b,c,d)
-	ldp	w6,w7,[x0,#8]
-	eor	w25,w24,w22
-	ror	w27,w21,#27
-	eor	w25,w25,w23
-	add	w20,w20,w27		// e+=rot(a,5)
-	ror	w22,w22,#2
-	ldr	w8,[x0,#16]
-	add	w20,w20,w25		// e+=F(b,c,d)
-	add	w21,w21,w5
-	add	w22,w22,w6
-	add	w20,w20,w4
-	add	w23,w23,w7
-	add	w24,w24,w8
-	stp	w20,w21,[x0]
-	stp	w22,w23,[x0,#8]
-	str	w24,[x0,#16]
-	cbnz	x2,.Loop
-
-	ldp	x19,x20,[sp,#16]
-	ldp	x21,x22,[sp,#32]
-	ldp	x23,x24,[sp,#48]
-	ldp	x25,x26,[sp,#64]
-	ldp	x27,x28,[sp,#80]
-	ldr	x29,[sp],#96
-	ret
-.size	sha1_block_data_order,.-sha1_block_data_order
-.type	sha1_block_armv8,%function
-.align	6
-sha1_block_armv8:
-.Lv8_entry:
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-
-	adr	x4,.Lconst
-	eor	v1.16b,v1.16b,v1.16b
-	ld1	{v0.4s},[x0],#16
-	ld1	{v1.s}[0],[x0]
-	sub	x0,x0,#16
-	ld1	{v16.4s-v19.4s},[x4]
-
-.Loop_hw:
-	ld1	{v4.16b-v7.16b},[x1],#64
-	sub	x2,x2,#1
-	rev32	v4.16b,v4.16b
-	rev32	v5.16b,v5.16b
-
-	add	v20.4s,v16.4s,v4.4s
-	rev32	v6.16b,v6.16b
-	orr	v22.16b,v0.16b,v0.16b	// offload
-
-	add	v21.4s,v16.4s,v5.4s
-	rev32	v7.16b,v7.16b
-	.inst	0x5e280803	//sha1h v3.16b,v0.16b
-	.inst	0x5e140020	//sha1c v0.16b,v1.16b,v20.4s		// 0
-	add	v20.4s,v16.4s,v6.4s
-	.inst	0x5e0630a4	//sha1su0 v4.16b,v5.16b,v6.16b
-	.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 1
-	.inst	0x5e150060	//sha1c v0.16b,v3.16b,v21.4s
-	add	v21.4s,v16.4s,v7.4s
-	.inst	0x5e2818e4	//sha1su1 v4.16b,v7.16b
-	.inst	0x5e0730c5	//sha1su0 v5.16b,v6.16b,v7.16b
-	.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 2
-	.inst	0x5e140040	//sha1c v0.16b,v2.16b,v20.4s
-	add	v20.4s,v16.4s,v4.4s
-	.inst	0x5e281885	//sha1su1 v5.16b,v4.16b
-	.inst	0x5e0430e6	//sha1su0 v6.16b,v7.16b,v4.16b
-	.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 3
-	.inst	0x5e150060	//sha1c v0.16b,v3.16b,v21.4s
-	add	v21.4s,v17.4s,v5.4s
-	.inst	0x5e2818a6	//sha1su1 v6.16b,v5.16b
-	.inst	0x5e053087	//sha1su0 v7.16b,v4.16b,v5.16b
-	.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 4
-	.inst	0x5e140040	//sha1c v0.16b,v2.16b,v20.4s
-	add	v20.4s,v17.4s,v6.4s
-	.inst	0x5e2818c7	//sha1su1 v7.16b,v6.16b
-	.inst	0x5e0630a4	//sha1su0 v4.16b,v5.16b,v6.16b
-	.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 5
-	.inst	0x5e151060	//sha1p v0.16b,v3.16b,v21.4s
-	add	v21.4s,v17.4s,v7.4s
-	.inst	0x5e2818e4	//sha1su1 v4.16b,v7.16b
-	.inst	0x5e0730c5	//sha1su0 v5.16b,v6.16b,v7.16b
-	.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 6
-	.inst	0x5e141040	//sha1p v0.16b,v2.16b,v20.4s
-	add	v20.4s,v17.4s,v4.4s
-	.inst	0x5e281885	//sha1su1 v5.16b,v4.16b
-	.inst	0x5e0430e6	//sha1su0 v6.16b,v7.16b,v4.16b
-	.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 7
-	.inst	0x5e151060	//sha1p v0.16b,v3.16b,v21.4s
-	add	v21.4s,v17.4s,v5.4s
-	.inst	0x5e2818a6	//sha1su1 v6.16b,v5.16b
-	.inst	0x5e053087	//sha1su0 v7.16b,v4.16b,v5.16b
-	.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 8
-	.inst	0x5e141040	//sha1p v0.16b,v2.16b,v20.4s
-	add	v20.4s,v18.4s,v6.4s
-	.inst	0x5e2818c7	//sha1su1 v7.16b,v6.16b
-	.inst	0x5e0630a4	//sha1su0 v4.16b,v5.16b,v6.16b
-	.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 9
-	.inst	0x5e151060	//sha1p v0.16b,v3.16b,v21.4s
-	add	v21.4s,v18.4s,v7.4s
-	.inst	0x5e2818e4	//sha1su1 v4.16b,v7.16b
-	.inst	0x5e0730c5	//sha1su0 v5.16b,v6.16b,v7.16b
-	.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 10
-	.inst	0x5e142040	//sha1m v0.16b,v2.16b,v20.4s
-	add	v20.4s,v18.4s,v4.4s
-	.inst	0x5e281885	//sha1su1 v5.16b,v4.16b
-	.inst	0x5e0430e6	//sha1su0 v6.16b,v7.16b,v4.16b
-	.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 11
-	.inst	0x5e152060	//sha1m v0.16b,v3.16b,v21.4s
-	add	v21.4s,v18.4s,v5.4s
-	.inst	0x5e2818a6	//sha1su1 v6.16b,v5.16b
-	.inst	0x5e053087	//sha1su0 v7.16b,v4.16b,v5.16b
-	.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 12
-	.inst	0x5e142040	//sha1m v0.16b,v2.16b,v20.4s
-	add	v20.4s,v18.4s,v6.4s
-	.inst	0x5e2818c7	//sha1su1 v7.16b,v6.16b
-	.inst	0x5e0630a4	//sha1su0 v4.16b,v5.16b,v6.16b
-	.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 13
-	.inst	0x5e152060	//sha1m v0.16b,v3.16b,v21.4s
-	add	v21.4s,v19.4s,v7.4s
-	.inst	0x5e2818e4	//sha1su1 v4.16b,v7.16b
-	.inst	0x5e0730c5	//sha1su0 v5.16b,v6.16b,v7.16b
-	.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 14
-	.inst	0x5e142040	//sha1m v0.16b,v2.16b,v20.4s
-	add	v20.4s,v19.4s,v4.4s
-	.inst	0x5e281885	//sha1su1 v5.16b,v4.16b
-	.inst	0x5e0430e6	//sha1su0 v6.16b,v7.16b,v4.16b
-	.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 15
-	.inst	0x5e151060	//sha1p v0.16b,v3.16b,v21.4s
-	add	v21.4s,v19.4s,v5.4s
-	.inst	0x5e2818a6	//sha1su1 v6.16b,v5.16b
-	.inst	0x5e053087	//sha1su0 v7.16b,v4.16b,v5.16b
-	.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 16
-	.inst	0x5e141040	//sha1p v0.16b,v2.16b,v20.4s
-	add	v20.4s,v19.4s,v6.4s
-	.inst	0x5e2818c7	//sha1su1 v7.16b,v6.16b
-	.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 17
-	.inst	0x5e151060	//sha1p v0.16b,v3.16b,v21.4s
-	add	v21.4s,v19.4s,v7.4s
-
-	.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 18
-	.inst	0x5e141040	//sha1p v0.16b,v2.16b,v20.4s
-
-	.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 19
-	.inst	0x5e151060	//sha1p v0.16b,v3.16b,v21.4s
-
-	add	v1.4s,v1.4s,v2.4s
-	add	v0.4s,v0.4s,v22.4s
-
-	cbnz	x2,.Loop_hw
-
-	st1	{v0.4s},[x0],#16
-	st1	{v1.s}[0],[x0]
-
-	ldr	x29,[sp],#16
-	ret
-.size	sha1_block_armv8,.-sha1_block_armv8
-.align	6
-.Lconst:
-.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	//K_00_19
-.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	//K_20_39
-.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	//K_40_59
-.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	//K_60_79
-.LOPENSSL_armcap_P:
-.quad	OPENSSL_armcap_P-.
-.asciz	"SHA1 block transform for ARMv8, CRYPTOGAMS by <appro@openssl.org>"
-.align	2
-.comm	OPENSSL_armcap_P,4,4
diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl
deleted file mode 100644
index c1f552b6b3..0000000000
--- a/crypto/sha/asm/sha1-armv8.pl
+++ /dev/null
@@ -1,333 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# SHA1 for ARMv8.
-#
-# Performance in cycles per processed byte and improvement coefficient
-# over code generated with "default" compiler:
-#
-#		hardware-assisted	software(*)
-# Apple A7	2.31			4.13 (+14%)
-# Cortex-A5x	n/a			n/a
-#
-# (*)	Software results are presented mostly for reference purposes.
-
-$flavour = shift;
-open STDOUT,">".shift;
-
-($ctx,$inp,$num)=("x0","x1","x2");
-@Xw=map("w$_",(3..17,19));
-@Xx=map("x$_",(3..17,19));
-@V=($A,$B,$C,$D,$E)=map("w$_",(20..24));
-($t0,$t1,$t2,$K)=map("w$_",(25..28));
-
-
-sub BODY_00_19 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=($i+2)&15;
-
-$code.=<<___ if ($i<15 && !($i&1));
-	lsr	@Xx[$i+1],@Xx[$i],#32
-___
-$code.=<<___ if ($i<14 && !($i&1));
-	ldr	@Xx[$i+2],[$inp,#`($i+2)*4-64`]
-___
-$code.=<<___ if ($i<14 && ($i&1));
-#ifdef	__ARMEB__
-	ror	@Xx[$i+1],@Xx[$i+1],#32
-#else
-	rev32	@Xx[$i+1],@Xx[$i+1]
-#endif
-___
-$code.=<<___ if ($i<14);
-	bic	$t0,$d,$b
-	and	$t1,$c,$b
-	ror	$t2,$a,#27
-	add	$d,$d,$K		// future e+=K
-	orr	$t0,$t0,$t1
-	add	$e,$e,$t2		// e+=rot(a,5)
-	ror	$b,$b,#2
-	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
-	add	$e,$e,$t0		// e+=F(b,c,d)
-___
-$code.=<<___ if ($i==19);
-	movz	$K,#0xeba1
-	movk	$K,#0x6ed9,lsl#16
-___
-$code.=<<___ if ($i>=14);
-	 eor	@Xw[$j],@Xw[$j],@Xw[($j+2)&15]
-	bic	$t0,$d,$b
-	and	$t1,$c,$b
-	ror	$t2,$a,#27
-	 eor	@Xw[$j],@Xw[$j],@Xw[($j+8)&15]
-	add	$d,$d,$K		// future e+=K
-	orr	$t0,$t0,$t1
-	add	$e,$e,$t2		// e+=rot(a,5)
-	 eor	@Xw[$j],@Xw[$j],@Xw[($j+13)&15]
-	ror	$b,$b,#2
-	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
-	add	$e,$e,$t0		// e+=F(b,c,d)
-	 ror	@Xw[$j],@Xw[$j],#31
-___
-}
-
-sub BODY_40_59 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=($i+2)&15;
-
-$code.=<<___ if ($i==59);
-	movz	$K,#0xc1d6
-	movk	$K,#0xca62,lsl#16
-___
-$code.=<<___;
-	orr	$t0,$b,$c
-	and	$t1,$b,$c
-	 eor	@Xw[$j],@Xw[$j],@Xw[($j+2)&15]
-	ror	$t2,$a,#27
-	and	$t0,$t0,$d
-	add	$d,$d,$K		// future e+=K
-	 eor	@Xw[$j],@Xw[$j],@Xw[($j+8)&15]
-	add	$e,$e,$t2		// e+=rot(a,5)
-	orr	$t0,$t0,$t1
-	ror	$b,$b,#2
-	 eor	@Xw[$j],@Xw[$j],@Xw[($j+13)&15]
-	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
-	add	$e,$e,$t0		// e+=F(b,c,d)
-	 ror	@Xw[$j],@Xw[$j],#31
-___
-}
-
-sub BODY_20_39 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=($i+2)&15;
-
-$code.=<<___ if ($i==39);
-	movz	$K,#0xbcdc
-	movk	$K,#0x8f1b,lsl#16
-___
-$code.=<<___ if ($i<78);
-	 eor	@Xw[$j],@Xw[$j],@Xw[($j+2)&15]
-	eor	$t0,$d,$b
-	ror	$t2,$a,#27
-	add	$d,$d,$K		// future e+=K
-	 eor	@Xw[$j],@Xw[$j],@Xw[($j+8)&15]
-	eor	$t0,$t0,$c
-	add	$e,$e,$t2		// e+=rot(a,5)
-	ror	$b,$b,#2
-	 eor	@Xw[$j],@Xw[$j],@Xw[($j+13)&15]
-	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
-	add	$e,$e,$t0		// e+=F(b,c,d)
-	 ror	@Xw[$j],@Xw[$j],#31
-___
-$code.=<<___ if ($i==78);
-	ldp	@Xw[1],@Xw[2],[$ctx]
-	eor	$t0,$d,$b
-	ror	$t2,$a,#27
-	add	$d,$d,$K		// future e+=K
-	eor	$t0,$t0,$c
-	add	$e,$e,$t2		// e+=rot(a,5)
-	ror	$b,$b,#2
-	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
-	add	$e,$e,$t0		// e+=F(b,c,d)
-___
-$code.=<<___ if ($i==79);
-	ldp	@Xw[3],@Xw[4],[$ctx,#8]
-	eor	$t0,$d,$b
-	ror	$t2,$a,#27
-	eor	$t0,$t0,$c
-	add	$e,$e,$t2		// e+=rot(a,5)
-	ror	$b,$b,#2
-	ldr	@Xw[5],[$ctx,#16]
-	add	$e,$e,$t0		// e+=F(b,c,d)
-___
-}
-
-$code.=<<___;
-#include "arm_arch.h"
-
-.text
-
-.globl	sha1_block_data_order
-.type	sha1_block_data_order,%function
-.align	6
-sha1_block_data_order:
-	ldr	x16,.LOPENSSL_armcap_P
-	adr	x17,.LOPENSSL_armcap_P
-	add	x16,x16,x17
-	ldr	w16,[x16]
-	tst	w16,#ARMV8_SHA1
-	b.ne	.Lv8_entry
-
-	stp	x29,x30,[sp,#-96]!
-	add	x29,sp,#0
-	stp	x19,x20,[sp,#16]
-	stp	x21,x22,[sp,#32]
-	stp	x23,x24,[sp,#48]
-	stp	x25,x26,[sp,#64]
-	stp	x27,x28,[sp,#80]
-
-	ldp	$A,$B,[$ctx]
-	ldp	$C,$D,[$ctx,#8]
-	ldr	$E,[$ctx,#16]
-
-.Loop:
-	ldr	@Xx[0],[$inp],#64
-	movz	$K,#0x7999
-	sub	$num,$num,#1
-	movk	$K,#0x5a82,lsl#16
-#ifdef	__ARMEB__
-	ror	$Xx[0],@Xx[0],#32
-#else
-	rev32	@Xx[0],@Xx[0]
-#endif
-	add	$E,$E,$K		// warm it up
-	add	$E,$E,@Xw[0]
-___
-for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
-for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
-for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	add	$B,$B,@Xw[2]
-	add	$C,$C,@Xw[3]
-	add	$A,$A,@Xw[1]
-	add	$D,$D,@Xw[4]
-	add	$E,$E,@Xw[5]
-	stp	$A,$B,[$ctx]
-	stp	$C,$D,[$ctx,#8]
-	str	$E,[$ctx,#16]
-	cbnz	$num,.Loop
-
-	ldp	x19,x20,[sp,#16]
-	ldp	x21,x22,[sp,#32]
-	ldp	x23,x24,[sp,#48]
-	ldp	x25,x26,[sp,#64]
-	ldp	x27,x28,[sp,#80]
-	ldr	x29,[sp],#96
-	ret
-.size	sha1_block_data_order,.-sha1_block_data_order
-___
-{{{
-my ($ABCD,$E,$E0,$E1)=map("v$_.16b",(0..3));
-my @MSG=map("v$_.16b",(4..7));
-my @Kxx=map("v$_.4s",(16..19));
-my ($W0,$W1)=("v20.4s","v21.4s");
-my $ABCD_SAVE="v22.16b";
-
-$code.=<<___;
-.type	sha1_block_armv8,%function
-.align	6
-sha1_block_armv8:
-.Lv8_entry:
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-
-	adr	x4,.Lconst
-	eor	$E,$E,$E
-	ld1.32	{$ABCD},[$ctx],#16
-	ld1.32	{$E}[0],[$ctx]
-	sub	$ctx,$ctx,#16
-	ld1.32	{@Kxx[0]-@Kxx[3]},[x4]
-
-.Loop_hw:
-	ld1	{@MSG[0]-@MSG[3]},[$inp],#64
-	sub	$num,$num,#1
-	rev32	@MSG[0],@MSG[0]
-	rev32	@MSG[1],@MSG[1]
-
-	add.i32	$W0,@Kxx[0],@MSG[0]
-	rev32	@MSG[2],@MSG[2]
-	orr	$ABCD_SAVE,$ABCD,$ABCD	// offload
-
-	add.i32	$W1,@Kxx[0],@MSG[1]
-	rev32	@MSG[3],@MSG[3]
-	sha1h	$E1,$ABCD
-	sha1c	$ABCD,$E,$W0		// 0
-	add.i32	$W0,@Kxx[$j],@MSG[2]
-	sha1su0	@MSG[0],@MSG[1],@MSG[2]
-___
-for ($j=0,$i=1;$i<20-3;$i++) {
-my $f=("c","p","m","p")[$i/5];
-$code.=<<___;
-	sha1h	$E0,$ABCD		// $i
-	sha1$f	$ABCD,$E1,$W1
-	add.i32	$W1,@Kxx[$j],@MSG[3]
-	sha1su1	@MSG[0],@MSG[3]
-___
-$code.=<<___ if ($i<20-4);
-	sha1su0	@MSG[1],@MSG[2],@MSG[3]
-___
-	($E0,$E1)=($E1,$E0);		($W0,$W1)=($W1,$W0);
-	push(@MSG,shift(@MSG));		$j++ if ((($i+3)%5)==0);
-}
-$code.=<<___;
-	sha1h	$E0,$ABCD		// $i
-	sha1p	$ABCD,$E1,$W1
-	add.i32	$W1,@Kxx[$j],@MSG[3]
-
-	sha1h	$E1,$ABCD		// 18
-	sha1p	$ABCD,$E0,$W0
-
-	sha1h	$E0,$ABCD		// 19
-	sha1p	$ABCD,$E1,$W1
-
-	add.i32	$E,$E,$E0
-	add.i32	$ABCD,$ABCD,$ABCD_SAVE
-
-	cbnz	$num,.Loop_hw
-
-	st1.32	{$ABCD},[$ctx],#16
-	st1.32	{$E}[0],[$ctx]
-
-	ldr	x29,[sp],#16
-	ret
-.size	sha1_block_armv8,.-sha1_block_armv8
-.align	6
-.Lconst:
-.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	//K_00_19
-.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	//K_20_39
-.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	//K_40_59
-.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	//K_60_79
-.LOPENSSL_armcap_P:
-.quad	OPENSSL_armcap_P-.
-.asciz	"SHA1 block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
-.align	2
-.comm	OPENSSL_armcap_P,4,4
-___
-}}}
-
-{   my	%opcode = (
-	"sha1c"		=> 0x5e000000,	"sha1p"		=> 0x5e001000,
-	"sha1m"		=> 0x5e002000,	"sha1su0"	=> 0x5e003000,
-	"sha1h"		=> 0x5e280800,	"sha1su1"	=> 0x5e281800	);
-
-    sub unsha1 {
-	my ($mnemonic,$arg)=@_;
-
-	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o
-	&&
-	sprintf ".inst\t0x%08x\t//%s %s",
-			$opcode{$mnemonic}|$1|($2<<5)|($3<<16),
-			$mnemonic,$arg;
-    }
-}
-
-foreach(split("\n",$code)) {
-
-	s/\`([^\`]*)\`/eval($1)/geo;
-
-	s/\b(sha1\w+)\s+([qv].*)/unsha1($1,$2)/geo;
-
-	s/\.\w?32\b//o		and s/\.16b/\.4s/go;
-	m/(ld|st)1[^\[]+\[0\]/o	and s/\.4s/\.s/go;
-
-	print $_,"\n";
-}
-
-close STDOUT;
diff --git a/crypto/sha/asm/sha1-ia64.pl b/crypto/sha/asm/sha1-ia64.pl
deleted file mode 100644
index 02d35d1614..0000000000
--- a/crypto/sha/asm/sha1-ia64.pl
+++ /dev/null
@@ -1,305 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# Eternal question is what's wrong with compiler generated code? The
-# trick is that it's possible to reduce the number of shifts required
-# to perform rotations by maintaining copy of 32-bit value in upper
-# bits of 64-bit register. Just follow mux2 and shrp instructions...
-# Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which
-# is >50% better than HP C and >2x better than gcc.
-
-$code=<<___;
-.ident  \"sha1-ia64.s, version 1.3\"
-.ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
-.explicit
-
-___
-
-
-if ($^O eq "hpux") {
-    $ADDP="addp4";
-    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
-} else { $ADDP="add"; }
-
-#$human=1;
-if ($human) {	# useful for visual code auditing...
-	($A,$B,$C,$D,$E)   = ("A","B","C","D","E");
-	($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4");
-	($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
-	    (	"K_00_19","K_20_39","K_40_59","K_60_79"	);
-	@X= (	"X0", "X1", "X2", "X3", "X4", "X5", "X6", "X7",
-		"X8", "X9","X10","X11","X12","X13","X14","X15"	);
-}
-else {
-	($A,$B,$C,$D,$E)   =    ("loc0","loc1","loc2","loc3","loc4");
-	($h0,$h1,$h2,$h3,$h4) = ("loc5","loc6","loc7","loc8","loc9");
-	($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
-	    (	"r14", "r15", "loc10", "loc11"	);
-	@X= (	"r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
-		"r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31"	);
-}
-
-sub BODY_00_15 {
-local	*code=shift;
-my	($i,$a,$b,$c,$d,$e)=@_;
-my	$j=$i+1;
-my	$Xn=@X[$j%16];
-
-$code.=<<___ if ($i==0);
-{ .mmi;	ld1	$X[$i]=[inp],2		    // MSB
-	ld1	tmp2=[tmp3],2		};;
-{ .mmi;	ld1	tmp0=[inp],2
-	ld1	tmp4=[tmp3],2		    // LSB
-	dep	$X[$i]=$X[$i],tmp2,8,8	};;
-___
-if ($i<15) {
-	$code.=<<___;
-{ .mmi;	ld1	$Xn=[inp],2		    // forward Xload
-	nop.m	0x0
-	dep	tmp1=tmp0,tmp4,8,8	};;
-{ .mmi;	ld1	tmp2=[tmp3],2		    // forward Xload
-	and	tmp4=$c,$b
-	dep	$X[$i]=$X[$i],tmp1,16,16} //;;
-{ .mmi;	add	$e=$e,$K_00_19		    // e+=K_00_19
-	andcm	tmp1=$d,$b
-	dep.z	tmp5=$a,5,27		};; // a<<5
-{ .mmi;	add	$e=$e,$X[$i]		    // e+=Xload
-	or	tmp4=tmp4,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
-	extr.u	tmp1=$a,27,5		};; // a>>27
-{ .mmi;	ld1	tmp0=[inp],2		    // forward Xload
-	add	$e=$e,tmp4		    // e+=F_00_19(b,c,d)
-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
-{ .mmi;	ld1	tmp4=[tmp3],2		    // forward Xload
-	or	tmp5=tmp1,tmp5		    // ROTATE(a,5)
-	mux2	tmp6=$a,0x44		};; // see b in next iteration
-{ .mii;	add	$e=$e,tmp5		    // e+=ROTATE(a,5)
-	dep	$Xn=$Xn,tmp2,8,8	    // forward Xload
-	mux2	$X[$i]=$X[$i],0x44	} //;;
-
-___
-	}
-else	{
-	$code.=<<___;
-{ .mii;	and	tmp3=$c,$b
-	dep	tmp1=tmp0,tmp4,8,8;;
-	dep	$X[$i]=$X[$i],tmp1,16,16} //;;
-{ .mmi;	add	$e=$e,$K_00_19		    // e+=K_00_19
-	andcm	tmp1=$d,$b
-	dep.z	tmp5=$a,5,27		};; // a<<5
-{ .mmi;	add	$e=$e,$X[$i]		    // e+=Xupdate
-	or	tmp4=tmp3,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
-	extr.u	tmp1=$a,27,5		}   // a>>27
-{ .mmi;	xor	$Xn=$Xn,$X[($j+2)%16]	    // forward Xupdate
-	xor	tmp3=$X[($j+8)%16],$X[($j+13)%16] // forward Xupdate
-	nop.i	0			};;
-{ .mmi;	add	$e=$e,tmp4		    // e+=F_00_19(b,c,d)
-	xor	$Xn=$Xn,tmp3		    // forward Xupdate
-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
-{ .mmi; or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
-	mux2	tmp6=$a,0x44		};; // see b in next iteration
-{ .mii;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
-	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
-	mux2	$X[$i]=$X[$i],0x44	};;
-
-___
-	}
-}
-
-sub BODY_16_19 {
-local	*code=shift;
-my	($i,$a,$b,$c,$d,$e)=@_;
-my	$j=$i+1;
-my	$Xn=@X[$j%16];
-
-$code.=<<___;
-{ .mib;	add	$e=$e,$K_00_19		    // e+=K_00_19
-	dep.z	tmp5=$a,5,27		}   // a<<5
-{ .mib;	andcm	tmp1=$d,$b
-	and	tmp0=$c,$b		};;
-{ .mmi;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
-	or	tmp0=tmp0,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
-	extr.u	tmp1=$a,27,5		}   // a>>27
-{ .mmi;	xor	$Xn=$Xn,$X[($j+2)%16]	    // forward Xupdate
-	xor	tmp3=$X[($j+8)%16],$X[($j+13)%16]	// forward Xupdate
-	nop.i	0			};;
-{ .mmi;	add	$e=$e,tmp0		    // f+=F_00_19(b,c,d)
-	xor	$Xn=$Xn,tmp3		    // forward Xupdate
-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
-{ .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
-	mux2	tmp6=$a,0x44		};; // see b in next iteration
-{ .mii;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
-	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
-	nop.i	0			};;
-
-___
-}
-
-sub BODY_20_39 {
-local	*code=shift;
-my	($i,$a,$b,$c,$d,$e,$Konst)=@_;
-	$Konst = $K_20_39 if (!defined($Konst));
-my	$j=$i+1;
-my	$Xn=@X[$j%16];
-
-if ($i<79) {
-$code.=<<___;
-{ .mib;	add	$e=$e,$Konst		    // e+=K_XX_XX
-	dep.z	tmp5=$a,5,27		}   // a<<5
-{ .mib;	xor	tmp0=$c,$b
-	xor	$Xn=$Xn,$X[($j+2)%16]	};; // forward Xupdate
-{ .mib;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
-	extr.u	tmp1=$a,27,5		}   // a>>27
-{ .mib;	xor	tmp0=tmp0,$d		    // F_20_39(b,c,d)=b^c^d
-	xor	$Xn=$Xn,$X[($j+8)%16]	};; // forward Xupdate
-{ .mmi;	add	$e=$e,tmp0		    // e+=F_20_39(b,c,d)
-	xor	$Xn=$Xn,$X[($j+13)%16]	    // forward Xupdate
-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
-{ .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
-	mux2	tmp6=$a,0x44		};; // see b in next iteration
-{ .mii;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
-	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
-	nop.i	0			};;
-
-___
-}
-else {
-$code.=<<___;
-{ .mib;	add	$e=$e,$Konst		    // e+=K_60_79
-	dep.z	tmp5=$a,5,27		}   // a<<5
-{ .mib;	xor	tmp0=$c,$b
-	add	$h1=$h1,$a		};; // wrap up
-{ .mib;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
-	extr.u	tmp1=$a,27,5		}   // a>>27
-{ .mib;	xor	tmp0=tmp0,$d		    // F_20_39(b,c,d)=b^c^d
-	add	$h3=$h3,$c		};; // wrap up
-{ .mmi;	add	$e=$e,tmp0		    // e+=F_20_39(b,c,d)
-	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
-	shrp	$b=tmp6,tmp6,2		};; // b=ROTATE(b,30) ;;?
-{ .mmi;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
-	add	tmp3=1,inp		    // used in unaligned codepath
-	add	$h4=$h4,$d		};; // wrap up
-
-___
-}
-}
-
-sub BODY_40_59 {
-local	*code=shift;
-my	($i,$a,$b,$c,$d,$e)=@_;
-my	$j=$i+1;
-my	$Xn=@X[$j%16];
-
-$code.=<<___;
-{ .mib;	add	$e=$e,$K_40_59		    // e+=K_40_59
-	dep.z	tmp5=$a,5,27		}   // a<<5
-{ .mib;	and	tmp1=$c,$d
-	xor	tmp0=$c,$d		};;
-{ .mmi;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
-	add	tmp5=tmp5,tmp1		    // a<<5+(c&d)
-	extr.u	tmp1=$a,27,5		}   // a>>27
-{ .mmi;	and	tmp0=tmp0,$b
-	xor	$Xn=$Xn,$X[($j+2)%16]	    // forward Xupdate
-	xor	tmp3=$X[($j+8)%16],$X[($j+13)%16] };;	// forward Xupdate
-{ .mmi;	add	$e=$e,tmp0		    // e+=b&(c^d)
-	add	tmp5=tmp5,tmp1		    // ROTATE(a,5)+(c&d)
-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
-{ .mmi;	xor	$Xn=$Xn,tmp3
-	mux2	tmp6=$a,0x44		};; // see b in next iteration
-{ .mii;	add	$e=$e,tmp5		    // e+=ROTATE(a,5)+(c&d)
-	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
-	nop.i	0x0			};;
-
-___
-}
-sub BODY_60_79	{ &BODY_20_39(@_,$K_60_79); }
-
-$code.=<<___;
-.text
-
-tmp0=r8;
-tmp1=r9;
-tmp2=r10;
-tmp3=r11;
-ctx=r32;	// in0
-inp=r33;	// in1
-
-// void sha1_block_data_order(SHA_CTX *c,const void *p,size_t num);
-.global	sha1_block_data_order#
-.proc	sha1_block_data_order#
-.align	32
-sha1_block_data_order:
-	.prologue
-{ .mmi;	alloc	tmp1=ar.pfs,3,14,0,0
-	$ADDP	tmp0=4,ctx
-	.save	ar.lc,r3
-	mov	r3=ar.lc		}
-{ .mmi;	$ADDP	ctx=0,ctx
-	$ADDP	inp=0,inp
-	mov	r2=pr			};;
-tmp4=in2;
-tmp5=loc12;
-tmp6=loc13;
-	.body
-{ .mlx;	ld4	$h0=[ctx],8
-	movl	$K_00_19=0x5a827999	}
-{ .mlx;	ld4	$h1=[tmp0],8
-	movl	$K_20_39=0x6ed9eba1	};;
-{ .mlx;	ld4	$h2=[ctx],8
-	movl	$K_40_59=0x8f1bbcdc	}
-{ .mlx;	ld4	$h3=[tmp0]
-	movl	$K_60_79=0xca62c1d6	};;
-{ .mmi;	ld4	$h4=[ctx],-16
-	add	in2=-1,in2		    // adjust num for ar.lc
-	mov	ar.ec=1			};;
-{ .mmi;	nop.m	0
-	add	tmp3=1,inp
-	mov	ar.lc=in2		};; // brp.loop.imp: too far
-
-.Ldtop:
-{ .mmi;	mov	$A=$h0
-	mov	$B=$h1
-	mux2	tmp6=$h1,0x44		}
-{ .mmi;	mov	$C=$h2
-	mov	$D=$h3
-	mov	$E=$h4			};;
-
-___
-
-{ my $i;
-  my @V=($A,$B,$C,$D,$E);
-
-	for($i=0;$i<16;$i++)	{ &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); }
-	for(;$i<20;$i++)	{ &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); }
-	for(;$i<40;$i++)	{ &BODY_20_39(\$code,$i,@V); unshift(@V,pop(@V)); }
-	for(;$i<60;$i++)	{ &BODY_40_59(\$code,$i,@V); unshift(@V,pop(@V)); }
-	for(;$i<80;$i++)	{ &BODY_60_79(\$code,$i,@V); unshift(@V,pop(@V)); }
-
-	(($V[0] eq $A) and ($V[4] eq $E)) or die;	# double-check
-}
-
-$code.=<<___;
-{ .mmb;	add	$h0=$h0,$A
-	add	$h2=$h2,$C
-	br.ctop.dptk.many	.Ldtop	};;
-.Ldend:
-{ .mmi;	add	tmp0=4,ctx
-	mov	ar.lc=r3		};;
-{ .mmi;	st4	[ctx]=$h0,8
-	st4	[tmp0]=$h1,8		};;
-{ .mmi;	st4	[ctx]=$h2,8
-	st4	[tmp0]=$h3		};;
-{ .mib;	st4	[ctx]=$h4,-16
-	mov	pr=r2,0x1ffff
-	br.ret.sptk.many	b0	};;
-.endp	sha1_block_data_order#
-stringz	"SHA1 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-$output=shift and open STDOUT,">$output";
-print $code;
diff --git a/crypto/sha/asm/sha1-mips.S b/crypto/sha/asm/sha1-mips.S
deleted file mode 100644
index 865da25585..0000000000
--- a/crypto/sha/asm/sha1-mips.S
+++ /dev/null
@@ -1,1664 +0,0 @@
-#ifdef OPENSSL_FIPSCANISTER
-# include <openssl/fipssyms.h>
-#endif
-
-.text
-
-.set	noat
-.set	noreorder
-.align	5
-.globl	sha1_block_data_order
-.ent	sha1_block_data_order
-sha1_block_data_order:
-	.frame	$29,16*4,$31
-	.mask	3237937152,-4
-	.set	noreorder
-	sub $29,16*4
-	sw	$31,(16-1)*4($29)
-	sw	$30,(16-2)*4($29)
-	sw	$23,(16-3)*4($29)
-	sw	$22,(16-4)*4($29)
-	sw	$21,(16-5)*4($29)
-	sw	$20,(16-6)*4($29)
-	sw	$19,(16-7)*4($29)
-	sw	$18,(16-8)*4($29)
-	sw	$17,(16-9)*4($29)
-	sw	$16,(16-10)*4($29)
-	sll $6,6
-	add $6,$5
-	sw	$6,0($29)
-	lw	$1,0($4)
-	lw	$2,4($4)
-	lw	$3,8($4)
-	lw	$7,12($4)
-	b	.Loop
-	lw	$24,16($4)
-.align	4
-.Loop:
-	.set	reorder
-	lwl	$8,3($5)
-	lui	$31,0x5a82
-	lwr	$8,0($5)
-	ori	$31,0x7999	# K_00_19
-	srl	$25,$8,24	# byte swap(0)
-	srl	$6,$8,8
-	andi	$30,$8,0xFF00
-	sll	$8,$8,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$8,$25
-	or	$6,$30
-	or	$8,$6
-	 lwl	$9,1*4+3($5)
-	sll	$25,$1,5	# 0
-	addu	$24,$31
-	 lwr	$9,1*4+0($5)
-	srl	$6,$1,27
-	addu	$24,$25
-	xor	$25,$3,$7
-	addu	$24,$6
-	sll	$30,$2,30
-	and	$25,$2
-	srl	$2,$2,2
-	xor	$25,$7
-	addu	$24,$8
-	or	$2,$30
-	addu	$24,$25
-	srl	$25,$9,24	# byte swap(1)
-	srl	$6,$9,8
-	andi	$30,$9,0xFF00
-	sll	$9,$9,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$9,$25
-	or	$6,$30
-	or	$9,$6
-	 lwl	$10,2*4+3($5)
-	sll	$25,$24,5	# 1
-	addu	$7,$31
-	 lwr	$10,2*4+0($5)
-	srl	$6,$24,27
-	addu	$7,$25
-	xor	$25,$2,$3
-	addu	$7,$6
-	sll	$30,$1,30
-	and	$25,$1
-	srl	$1,$1,2
-	xor	$25,$3
-	addu	$7,$9
-	or	$1,$30
-	addu	$7,$25
-	srl	$25,$10,24	# byte swap(2)
-	srl	$6,$10,8
-	andi	$30,$10,0xFF00
-	sll	$10,$10,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$10,$25
-	or	$6,$30
-	or	$10,$6
-	 lwl	$11,3*4+3($5)
-	sll	$25,$7,5	# 2
-	addu	$3,$31
-	 lwr	$11,3*4+0($5)
-	srl	$6,$7,27
-	addu	$3,$25
-	xor	$25,$1,$2
-	addu	$3,$6
-	sll	$30,$24,30
-	and	$25,$24
-	srl	$24,$24,2
-	xor	$25,$2
-	addu	$3,$10
-	or	$24,$30
-	addu	$3,$25
-	srl	$25,$11,24	# byte swap(3)
-	srl	$6,$11,8
-	andi	$30,$11,0xFF00
-	sll	$11,$11,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$11,$25
-	or	$6,$30
-	or	$11,$6
-	 lwl	$12,4*4+3($5)
-	sll	$25,$3,5	# 3
-	addu	$2,$31
-	 lwr	$12,4*4+0($5)
-	srl	$6,$3,27
-	addu	$2,$25
-	xor	$25,$24,$1
-	addu	$2,$6
-	sll	$30,$7,30
-	and	$25,$7
-	srl	$7,$7,2
-	xor	$25,$1
-	addu	$2,$11
-	or	$7,$30
-	addu	$2,$25
-	srl	$25,$12,24	# byte swap(4)
-	srl	$6,$12,8
-	andi	$30,$12,0xFF00
-	sll	$12,$12,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$12,$25
-	or	$6,$30
-	or	$12,$6
-	 lwl	$13,5*4+3($5)
-	sll	$25,$2,5	# 4
-	addu	$1,$31
-	 lwr	$13,5*4+0($5)
-	srl	$6,$2,27
-	addu	$1,$25
-	xor	$25,$7,$24
-	addu	$1,$6
-	sll	$30,$3,30
-	and	$25,$3
-	srl	$3,$3,2
-	xor	$25,$24
-	addu	$1,$12
-	or	$3,$30
-	addu	$1,$25
-	srl	$25,$13,24	# byte swap(5)
-	srl	$6,$13,8
-	andi	$30,$13,0xFF00
-	sll	$13,$13,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$13,$25
-	or	$6,$30
-	or	$13,$6
-	 lwl	$14,6*4+3($5)
-	sll	$25,$1,5	# 5
-	addu	$24,$31
-	 lwr	$14,6*4+0($5)
-	srl	$6,$1,27
-	addu	$24,$25
-	xor	$25,$3,$7
-	addu	$24,$6
-	sll	$30,$2,30
-	and	$25,$2
-	srl	$2,$2,2
-	xor	$25,$7
-	addu	$24,$13
-	or	$2,$30
-	addu	$24,$25
-	srl	$25,$14,24	# byte swap(6)
-	srl	$6,$14,8
-	andi	$30,$14,0xFF00
-	sll	$14,$14,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$14,$25
-	or	$6,$30
-	or	$14,$6
-	 lwl	$15,7*4+3($5)
-	sll	$25,$24,5	# 6
-	addu	$7,$31
-	 lwr	$15,7*4+0($5)
-	srl	$6,$24,27
-	addu	$7,$25
-	xor	$25,$2,$3
-	addu	$7,$6
-	sll	$30,$1,30
-	and	$25,$1
-	srl	$1,$1,2
-	xor	$25,$3
-	addu	$7,$14
-	or	$1,$30
-	addu	$7,$25
-	srl	$25,$15,24	# byte swap(7)
-	srl	$6,$15,8
-	andi	$30,$15,0xFF00
-	sll	$15,$15,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$15,$25
-	or	$6,$30
-	or	$15,$6
-	 lwl	$16,8*4+3($5)
-	sll	$25,$7,5	# 7
-	addu	$3,$31
-	 lwr	$16,8*4+0($5)
-	srl	$6,$7,27
-	addu	$3,$25
-	xor	$25,$1,$2
-	addu	$3,$6
-	sll	$30,$24,30
-	and	$25,$24
-	srl	$24,$24,2
-	xor	$25,$2
-	addu	$3,$15
-	or	$24,$30
-	addu	$3,$25
-	srl	$25,$16,24	# byte swap(8)
-	srl	$6,$16,8
-	andi	$30,$16,0xFF00
-	sll	$16,$16,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$16,$25
-	or	$6,$30
-	or	$16,$6
-	 lwl	$17,9*4+3($5)
-	sll	$25,$3,5	# 8
-	addu	$2,$31
-	 lwr	$17,9*4+0($5)
-	srl	$6,$3,27
-	addu	$2,$25
-	xor	$25,$24,$1
-	addu	$2,$6
-	sll	$30,$7,30
-	and	$25,$7
-	srl	$7,$7,2
-	xor	$25,$1
-	addu	$2,$16
-	or	$7,$30
-	addu	$2,$25
-	srl	$25,$17,24	# byte swap(9)
-	srl	$6,$17,8
-	andi	$30,$17,0xFF00
-	sll	$17,$17,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$17,$25
-	or	$6,$30
-	or	$17,$6
-	 lwl	$18,10*4+3($5)
-	sll	$25,$2,5	# 9
-	addu	$1,$31
-	 lwr	$18,10*4+0($5)
-	srl	$6,$2,27
-	addu	$1,$25
-	xor	$25,$7,$24
-	addu	$1,$6
-	sll	$30,$3,30
-	and	$25,$3
-	srl	$3,$3,2
-	xor	$25,$24
-	addu	$1,$17
-	or	$3,$30
-	addu	$1,$25
-	srl	$25,$18,24	# byte swap(10)
-	srl	$6,$18,8
-	andi	$30,$18,0xFF00
-	sll	$18,$18,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$18,$25
-	or	$6,$30
-	or	$18,$6
-	 lwl	$19,11*4+3($5)
-	sll	$25,$1,5	# 10
-	addu	$24,$31
-	 lwr	$19,11*4+0($5)
-	srl	$6,$1,27
-	addu	$24,$25
-	xor	$25,$3,$7
-	addu	$24,$6
-	sll	$30,$2,30
-	and	$25,$2
-	srl	$2,$2,2
-	xor	$25,$7
-	addu	$24,$18
-	or	$2,$30
-	addu	$24,$25
-	srl	$25,$19,24	# byte swap(11)
-	srl	$6,$19,8
-	andi	$30,$19,0xFF00
-	sll	$19,$19,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$19,$25
-	or	$6,$30
-	or	$19,$6
-	 lwl	$20,12*4+3($5)
-	sll	$25,$24,5	# 11
-	addu	$7,$31
-	 lwr	$20,12*4+0($5)
-	srl	$6,$24,27
-	addu	$7,$25
-	xor	$25,$2,$3
-	addu	$7,$6
-	sll	$30,$1,30
-	and	$25,$1
-	srl	$1,$1,2
-	xor	$25,$3
-	addu	$7,$19
-	or	$1,$30
-	addu	$7,$25
-	srl	$25,$20,24	# byte swap(12)
-	srl	$6,$20,8
-	andi	$30,$20,0xFF00
-	sll	$20,$20,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$20,$25
-	or	$6,$30
-	or	$20,$6
-	 lwl	$21,13*4+3($5)
-	sll	$25,$7,5	# 12
-	addu	$3,$31
-	 lwr	$21,13*4+0($5)
-	srl	$6,$7,27
-	addu	$3,$25
-	xor	$25,$1,$2
-	addu	$3,$6
-	sll	$30,$24,30
-	and	$25,$24
-	srl	$24,$24,2
-	xor	$25,$2
-	addu	$3,$20
-	or	$24,$30
-	addu	$3,$25
-	srl	$25,$21,24	# byte swap(13)
-	srl	$6,$21,8
-	andi	$30,$21,0xFF00
-	sll	$21,$21,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$21,$25
-	or	$6,$30
-	or	$21,$6
-	 lwl	$22,14*4+3($5)
-	sll	$25,$3,5	# 13
-	addu	$2,$31
-	 lwr	$22,14*4+0($5)
-	srl	$6,$3,27
-	addu	$2,$25
-	xor	$25,$24,$1
-	addu	$2,$6
-	sll	$30,$7,30
-	and	$25,$7
-	srl	$7,$7,2
-	xor	$25,$1
-	addu	$2,$21
-	or	$7,$30
-	addu	$2,$25
-	srl	$25,$22,24	# byte swap(14)
-	srl	$6,$22,8
-	andi	$30,$22,0xFF00
-	sll	$22,$22,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$22,$25
-	or	$6,$30
-	or	$22,$6
-	 lwl	$23,15*4+3($5)
-	sll	$25,$2,5	# 14
-	addu	$1,$31
-	 lwr	$23,15*4+0($5)
-	srl	$6,$2,27
-	addu	$1,$25
-	xor	$25,$7,$24
-	addu	$1,$6
-	sll	$30,$3,30
-	and	$25,$3
-	srl	$3,$3,2
-	xor	$25,$24
-	addu	$1,$22
-	or	$3,$30
-	addu	$1,$25
-	srl	$25,$23,24	# byte swap(15)
-	srl	$6,$23,8
-	andi	$30,$23,0xFF00
-	sll	$23,$23,24
-	andi	$6,0xFF00
-	sll	$30,$30,8
-	or	$23,$25
-	or	$23,$6
-	or	$23,$30
-	 xor	$8,$10
-	sll	$25,$1,5	# 15
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$8,$16
-	xor	$25,$3,$7
-	addu	$24,$6
-	 xor	$8,$21
-	sll	$30,$2,30
-	and	$25,$2
-	 srl	$6,$8,31
-	 addu	$8,$8
-	srl	$2,$2,2
-	xor	$25,$7
-	 or	$8,$6
-	addu	$24,$23
-	or	$2,$30
-	addu	$24,$25
-	 xor	$9,$11
-	sll	$25,$24,5	# 16
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$9,$17
-	xor	$25,$2,$3
-	addu	$7,$6
-	 xor	$9,$22
-	sll	$30,$1,30
-	and	$25,$1
-	 srl	$6,$9,31
-	 addu	$9,$9
-	srl	$1,$1,2
-	xor	$25,$3
-	 or	$9,$6
-	addu	$7,$8
-	or	$1,$30
-	addu	$7,$25
-	 xor	$10,$12
-	sll	$25,$7,5	# 17
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$10,$18
-	xor	$25,$1,$2
-	addu	$3,$6
-	 xor	$10,$23
-	sll	$30,$24,30
-	and	$25,$24
-	 srl	$6,$10,31
-	 addu	$10,$10
-	srl	$24,$24,2
-	xor	$25,$2
-	 or	$10,$6
-	addu	$3,$9
-	or	$24,$30
-	addu	$3,$25
-	 xor	$11,$13
-	sll	$25,$3,5	# 18
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$11,$19
-	xor	$25,$24,$1
-	addu	$2,$6
-	 xor	$11,$8
-	sll	$30,$7,30
-	and	$25,$7
-	 srl	$6,$11,31
-	 addu	$11,$11
-	srl	$7,$7,2
-	xor	$25,$1
-	 or	$11,$6
-	addu	$2,$10
-	or	$7,$30
-	addu	$2,$25
-	 xor	$12,$14
-	sll	$25,$2,5	# 19
-	addu	$1,$31
-	srl	$6,$2,27
-	addu	$1,$25
-	 xor	$12,$20
-	xor	$25,$7,$24
-	addu	$1,$6
-	 xor	$12,$9
-	sll	$30,$3,30
-	and	$25,$3
-	 srl	$6,$12,31
-	 addu	$12,$12
-	srl	$3,$3,2
-	xor	$25,$24
-	 or	$12,$6
-	addu	$1,$11
-	or	$3,$30
-	addu	$1,$25
-	lui	$31,0x6ed9
-	ori	$31,0xeba1	# K_20_39
-	 xor	$13,$15
-	sll	$25,$1,5	# 20
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$13,$21
-	xor	$25,$3,$7
-	addu	$24,$6
-	 xor	$13,$10
-	sll	$30,$2,30
-	xor	$25,$2
-	 srl	$6,$13,31
-	 addu	$13,$13
-	srl	$2,$2,2
-	addu	$24,$12
-	 or	$13,$6
-	or	$2,$30
-	addu	$24,$25
-	 xor	$14,$16
-	sll	$25,$24,5	# 21
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$14,$22
-	xor	$25,$2,$3
-	addu	$7,$6
-	 xor	$14,$11
-	sll	$30,$1,30
-	xor	$25,$1
-	 srl	$6,$14,31
-	 addu	$14,$14
-	srl	$1,$1,2
-	addu	$7,$13
-	 or	$14,$6
-	or	$1,$30
-	addu	$7,$25
-	 xor	$15,$17
-	sll	$25,$7,5	# 22
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$15,$23
-	xor	$25,$1,$2
-	addu	$3,$6
-	 xor	$15,$12
-	sll	$30,$24,30
-	xor	$25,$24
-	 srl	$6,$15,31
-	 addu	$15,$15
-	srl	$24,$24,2
-	addu	$3,$14
-	 or	$15,$6
-	or	$24,$30
-	addu	$3,$25
-	 xor	$16,$18
-	sll	$25,$3,5	# 23
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$16,$8
-	xor	$25,$24,$1
-	addu	$2,$6
-	 xor	$16,$13
-	sll	$30,$7,30
-	xor	$25,$7
-	 srl	$6,$16,31
-	 addu	$16,$16
-	srl	$7,$7,2
-	addu	$2,$15
-	 or	$16,$6
-	or	$7,$30
-	addu	$2,$25
-	 xor	$17,$19
-	sll	$25,$2,5	# 24
-	addu	$1,$31
-	srl	$6,$2,27
-	addu	$1,$25
-	 xor	$17,$9
-	xor	$25,$7,$24
-	addu	$1,$6
-	 xor	$17,$14
-	sll	$30,$3,30
-	xor	$25,$3
-	 srl	$6,$17,31
-	 addu	$17,$17
-	srl	$3,$3,2
-	addu	$1,$16
-	 or	$17,$6
-	or	$3,$30
-	addu	$1,$25
-	 xor	$18,$20
-	sll	$25,$1,5	# 25
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$18,$10
-	xor	$25,$3,$7
-	addu	$24,$6
-	 xor	$18,$15
-	sll	$30,$2,30
-	xor	$25,$2
-	 srl	$6,$18,31
-	 addu	$18,$18
-	srl	$2,$2,2
-	addu	$24,$17
-	 or	$18,$6
-	or	$2,$30
-	addu	$24,$25
-	 xor	$19,$21
-	sll	$25,$24,5	# 26
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$19,$11
-	xor	$25,$2,$3
-	addu	$7,$6
-	 xor	$19,$16
-	sll	$30,$1,30
-	xor	$25,$1
-	 srl	$6,$19,31
-	 addu	$19,$19
-	srl	$1,$1,2
-	addu	$7,$18
-	 or	$19,$6
-	or	$1,$30
-	addu	$7,$25
-	 xor	$20,$22
-	sll	$25,$7,5	# 27
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$20,$12
-	xor	$25,$1,$2
-	addu	$3,$6
-	 xor	$20,$17
-	sll	$30,$24,30
-	xor	$25,$24
-	 srl	$6,$20,31
-	 addu	$20,$20
-	srl	$24,$24,2
-	addu	$3,$19
-	 or	$20,$6
-	or	$24,$30
-	addu	$3,$25
-	 xor	$21,$23
-	sll	$25,$3,5	# 28
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$21,$13
-	xor	$25,$24,$1
-	addu	$2,$6
-	 xor	$21,$18
-	sll	$30,$7,30
-	xor	$25,$7
-	 srl	$6,$21,31
-	 addu	$21,$21
-	srl	$7,$7,2
-	addu	$2,$20
-	 or	$21,$6
-	or	$7,$30
-	addu	$2,$25
-	 xor	$22,$8
-	sll	$25,$2,5	# 29
-	addu	$1,$31
-	srl	$6,$2,27
-	addu	$1,$25
-	 xor	$22,$14
-	xor	$25,$7,$24
-	addu	$1,$6
-	 xor	$22,$19
-	sll	$30,$3,30
-	xor	$25,$3
-	 srl	$6,$22,31
-	 addu	$22,$22
-	srl	$3,$3,2
-	addu	$1,$21
-	 or	$22,$6
-	or	$3,$30
-	addu	$1,$25
-	 xor	$23,$9
-	sll	$25,$1,5	# 30
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$23,$15
-	xor	$25,$3,$7
-	addu	$24,$6
-	 xor	$23,$20
-	sll	$30,$2,30
-	xor	$25,$2
-	 srl	$6,$23,31
-	 addu	$23,$23
-	srl	$2,$2,2
-	addu	$24,$22
-	 or	$23,$6
-	or	$2,$30
-	addu	$24,$25
-	 xor	$8,$10
-	sll	$25,$24,5	# 31
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$8,$16
-	xor	$25,$2,$3
-	addu	$7,$6
-	 xor	$8,$21
-	sll	$30,$1,30
-	xor	$25,$1
-	 srl	$6,$8,31
-	 addu	$8,$8
-	srl	$1,$1,2
-	addu	$7,$23
-	 or	$8,$6
-	or	$1,$30
-	addu	$7,$25
-	 xor	$9,$11
-	sll	$25,$7,5	# 32
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$9,$17
-	xor	$25,$1,$2
-	addu	$3,$6
-	 xor	$9,$22
-	sll	$30,$24,30
-	xor	$25,$24
-	 srl	$6,$9,31
-	 addu	$9,$9
-	srl	$24,$24,2
-	addu	$3,$8
-	 or	$9,$6
-	or	$24,$30
-	addu	$3,$25
-	 xor	$10,$12
-	sll	$25,$3,5	# 33
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$10,$18
-	xor	$25,$24,$1
-	addu	$2,$6
-	 xor	$10,$23
-	sll	$30,$7,30
-	xor	$25,$7
-	 srl	$6,$10,31
-	 addu	$10,$10
-	srl	$7,$7,2
-	addu	$2,$9
-	 or	$10,$6
-	or	$7,$30
-	addu	$2,$25
-	 xor	$11,$13
-	sll	$25,$2,5	# 34
-	addu	$1,$31
-	srl	$6,$2,27
-	addu	$1,$25
-	 xor	$11,$19
-	xor	$25,$7,$24
-	addu	$1,$6
-	 xor	$11,$8
-	sll	$30,$3,30
-	xor	$25,$3
-	 srl	$6,$11,31
-	 addu	$11,$11
-	srl	$3,$3,2
-	addu	$1,$10
-	 or	$11,$6
-	or	$3,$30
-	addu	$1,$25
-	 xor	$12,$14
-	sll	$25,$1,5	# 35
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$12,$20
-	xor	$25,$3,$7
-	addu	$24,$6
-	 xor	$12,$9
-	sll	$30,$2,30
-	xor	$25,$2
-	 srl	$6,$12,31
-	 addu	$12,$12
-	srl	$2,$2,2
-	addu	$24,$11
-	 or	$12,$6
-	or	$2,$30
-	addu	$24,$25
-	 xor	$13,$15
-	sll	$25,$24,5	# 36
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$13,$21
-	xor	$25,$2,$3
-	addu	$7,$6
-	 xor	$13,$10
-	sll	$30,$1,30
-	xor	$25,$1
-	 srl	$6,$13,31
-	 addu	$13,$13
-	srl	$1,$1,2
-	addu	$7,$12
-	 or	$13,$6
-	or	$1,$30
-	addu	$7,$25
-	 xor	$14,$16
-	sll	$25,$7,5	# 37
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$14,$22
-	xor	$25,$1,$2
-	addu	$3,$6
-	 xor	$14,$11
-	sll	$30,$24,30
-	xor	$25,$24
-	 srl	$6,$14,31
-	 addu	$14,$14
-	srl	$24,$24,2
-	addu	$3,$13
-	 or	$14,$6
-	or	$24,$30
-	addu	$3,$25
-	 xor	$15,$17
-	sll	$25,$3,5	# 38
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$15,$23
-	xor	$25,$24,$1
-	addu	$2,$6
-	 xor	$15,$12
-	sll	$30,$7,30
-	xor	$25,$7
-	 srl	$6,$15,31
-	 addu	$15,$15
-	srl	$7,$7,2
-	addu	$2,$14
-	 or	$15,$6
-	or	$7,$30
-	addu	$2,$25
-	 xor	$16,$18
-	sll	$25,$2,5	# 39
-	addu	$1,$31
-	srl	$6,$2,27
-	addu	$1,$25
-	 xor	$16,$8
-	xor	$25,$7,$24
-	addu	$1,$6
-	 xor	$16,$13
-	sll	$30,$3,30
-	xor	$25,$3
-	 srl	$6,$16,31
-	 addu	$16,$16
-	srl	$3,$3,2
-	addu	$1,$15
-	 or	$16,$6
-	or	$3,$30
-	addu	$1,$25
-	lui	$31,0x8f1b
-	ori	$31,0xbcdc	# K_40_59
-	 xor	$17,$19
-	sll	$25,$1,5	# 40
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$17,$9
-	and	$25,$3,$7
-	addu	$24,$6
-	 xor	$17,$14
-	sll	$30,$2,30
-	addu	$24,$25
-	 srl	$6,$17,31
-	xor	$25,$3,$7
-	 addu	$17,$17
-	and	$25,$2
-	srl	$2,$2,2
-	 or	$17,$6
-	addu	$24,$16
-	or	$2,$30
-	addu	$24,$25
-	 xor	$18,$20
-	sll	$25,$24,5	# 41
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$18,$10
-	and	$25,$2,$3
-	addu	$7,$6
-	 xor	$18,$15
-	sll	$30,$1,30
-	addu	$7,$25
-	 srl	$6,$18,31
-	xor	$25,$2,$3
-	 addu	$18,$18
-	and	$25,$1
-	srl	$1,$1,2
-	 or	$18,$6
-	addu	$7,$17
-	or	$1,$30
-	addu	$7,$25
-	 xor	$19,$21
-	sll	$25,$7,5	# 42
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$19,$11
-	and	$25,$1,$2
-	addu	$3,$6
-	 xor	$19,$16
-	sll	$30,$24,30
-	addu	$3,$25
-	 srl	$6,$19,31
-	xor	$25,$1,$2
-	 addu	$19,$19
-	and	$25,$24
-	srl	$24,$24,2
-	 or	$19,$6
-	addu	$3,$18
-	or	$24,$30
-	addu	$3,$25
-	 xor	$20,$22
-	sll	$25,$3,5	# 43
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$20,$12
-	and	$25,$24,$1
-	addu	$2,$6
-	 xor	$20,$17
-	sll	$30,$7,30
-	addu	$2,$25
-	 srl	$6,$20,31
-	xor	$25,$24,$1
-	 addu	$20,$20
-	and	$25,$7
-	srl	$7,$7,2
-	 or	$20,$6
-	addu	$2,$19
-	or	$7,$30
-	addu	$2,$25
-	 xor	$21,$23
-	sll	$25,$2,5	# 44
-	addu	$1,$31
-	srl	$6,$2,27
-	addu	$1,$25
-	 xor	$21,$13
-	and	$25,$7,$24
-	addu	$1,$6
-	 xor	$21,$18
-	sll	$30,$3,30
-	addu	$1,$25
-	 srl	$6,$21,31
-	xor	$25,$7,$24
-	 addu	$21,$21
-	and	$25,$3
-	srl	$3,$3,2
-	 or	$21,$6
-	addu	$1,$20
-	or	$3,$30
-	addu	$1,$25
-	 xor	$22,$8
-	sll	$25,$1,5	# 45
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$22,$14
-	and	$25,$3,$7
-	addu	$24,$6
-	 xor	$22,$19
-	sll	$30,$2,30
-	addu	$24,$25
-	 srl	$6,$22,31
-	xor	$25,$3,$7
-	 addu	$22,$22
-	and	$25,$2
-	srl	$2,$2,2
-	 or	$22,$6
-	addu	$24,$21
-	or	$2,$30
-	addu	$24,$25
-	 xor	$23,$9
-	sll	$25,$24,5	# 46
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$23,$15
-	and	$25,$2,$3
-	addu	$7,$6
-	 xor	$23,$20
-	sll	$30,$1,30
-	addu	$7,$25
-	 srl	$6,$23,31
-	xor	$25,$2,$3
-	 addu	$23,$23
-	and	$25,$1
-	srl	$1,$1,2
-	 or	$23,$6
-	addu	$7,$22
-	or	$1,$30
-	addu	$7,$25
-	 xor	$8,$10
-	sll	$25,$7,5	# 47
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$8,$16
-	and	$25,$1,$2
-	addu	$3,$6
-	 xor	$8,$21
-	sll	$30,$24,30
-	addu	$3,$25
-	 srl	$6,$8,31
-	xor	$25,$1,$2
-	 addu	$8,$8
-	and	$25,$24
-	srl	$24,$24,2
-	 or	$8,$6
-	addu	$3,$23
-	or	$24,$30
-	addu	$3,$25
-	 xor	$9,$11
-	sll	$25,$3,5	# 48
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$9,$17
-	and	$25,$24,$1
-	addu	$2,$6
-	 xor	$9,$22
-	sll	$30,$7,30
-	addu	$2,$25
-	 srl	$6,$9,31
-	xor	$25,$24,$1
-	 addu	$9,$9
-	and	$25,$7
-	srl	$7,$7,2
-	 or	$9,$6
-	addu	$2,$8
-	or	$7,$30
-	addu	$2,$25
-	 xor	$10,$12
-	sll	$25,$2,5	# 49
-	addu	$1,$31
-	srl	$6,$2,27
-	addu	$1,$25
-	 xor	$10,$18
-	and	$25,$7,$24
-	addu	$1,$6
-	 xor	$10,$23
-	sll	$30,$3,30
-	addu	$1,$25
-	 srl	$6,$10,31
-	xor	$25,$7,$24
-	 addu	$10,$10
-	and	$25,$3
-	srl	$3,$3,2
-	 or	$10,$6
-	addu	$1,$9
-	or	$3,$30
-	addu	$1,$25
-	 xor	$11,$13
-	sll	$25,$1,5	# 50
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$11,$19
-	and	$25,$3,$7
-	addu	$24,$6
-	 xor	$11,$8
-	sll	$30,$2,30
-	addu	$24,$25
-	 srl	$6,$11,31
-	xor	$25,$3,$7
-	 addu	$11,$11
-	and	$25,$2
-	srl	$2,$2,2
-	 or	$11,$6
-	addu	$24,$10
-	or	$2,$30
-	addu	$24,$25
-	 xor	$12,$14
-	sll	$25,$24,5	# 51
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$12,$20
-	and	$25,$2,$3
-	addu	$7,$6
-	 xor	$12,$9
-	sll	$30,$1,30
-	addu	$7,$25
-	 srl	$6,$12,31
-	xor	$25,$2,$3
-	 addu	$12,$12
-	and	$25,$1
-	srl	$1,$1,2
-	 or	$12,$6
-	addu	$7,$11
-	or	$1,$30
-	addu	$7,$25
-	 xor	$13,$15
-	sll	$25,$7,5	# 52
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$13,$21
-	and	$25,$1,$2
-	addu	$3,$6
-	 xor	$13,$10
-	sll	$30,$24,30
-	addu	$3,$25
-	 srl	$6,$13,31
-	xor	$25,$1,$2
-	 addu	$13,$13
-	and	$25,$24
-	srl	$24,$24,2
-	 or	$13,$6
-	addu	$3,$12
-	or	$24,$30
-	addu	$3,$25
-	 xor	$14,$16
-	sll	$25,$3,5	# 53
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$14,$22
-	and	$25,$24,$1
-	addu	$2,$6
-	 xor	$14,$11
-	sll	$30,$7,30
-	addu	$2,$25
-	 srl	$6,$14,31
-	xor	$25,$24,$1
-	 addu	$14,$14
-	and	$25,$7
-	srl	$7,$7,2
-	 or	$14,$6
-	addu	$2,$13
-	or	$7,$30
-	addu	$2,$25
-	 xor	$15,$17
-	sll	$25,$2,5	# 54
-	addu	$1,$31
-	srl	$6,$2,27
-	addu	$1,$25
-	 xor	$15,$23
-	and	$25,$7,$24
-	addu	$1,$6
-	 xor	$15,$12
-	sll	$30,$3,30
-	addu	$1,$25
-	 srl	$6,$15,31
-	xor	$25,$7,$24
-	 addu	$15,$15
-	and	$25,$3
-	srl	$3,$3,2
-	 or	$15,$6
-	addu	$1,$14
-	or	$3,$30
-	addu	$1,$25
-	 xor	$16,$18
-	sll	$25,$1,5	# 55
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$16,$8
-	and	$25,$3,$7
-	addu	$24,$6
-	 xor	$16,$13
-	sll	$30,$2,30
-	addu	$24,$25
-	 srl	$6,$16,31
-	xor	$25,$3,$7
-	 addu	$16,$16
-	and	$25,$2
-	srl	$2,$2,2
-	 or	$16,$6
-	addu	$24,$15
-	or	$2,$30
-	addu	$24,$25
-	 xor	$17,$19
-	sll	$25,$24,5	# 56
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$17,$9
-	and	$25,$2,$3
-	addu	$7,$6
-	 xor	$17,$14
-	sll	$30,$1,30
-	addu	$7,$25
-	 srl	$6,$17,31
-	xor	$25,$2,$3
-	 addu	$17,$17
-	and	$25,$1
-	srl	$1,$1,2
-	 or	$17,$6
-	addu	$7,$16
-	or	$1,$30
-	addu	$7,$25
-	 xor	$18,$20
-	sll	$25,$7,5	# 57
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$18,$10
-	and	$25,$1,$2
-	addu	$3,$6
-	 xor	$18,$15
-	sll	$30,$24,30
-	addu	$3,$25
-	 srl	$6,$18,31
-	xor	$25,$1,$2
-	 addu	$18,$18
-	and	$25,$24
-	srl	$24,$24,2
-	 or	$18,$6
-	addu	$3,$17
-	or	$24,$30
-	addu	$3,$25
-	 xor	$19,$21
-	sll	$25,$3,5	# 58
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$19,$11
-	and	$25,$24,$1
-	addu	$2,$6
-	 xor	$19,$16
-	sll	$30,$7,30
-	addu	$2,$25
-	 srl	$6,$19,31
-	xor	$25,$24,$1
-	 addu	$19,$19
-	and	$25,$7
-	srl	$7,$7,2
-	 or	$19,$6
-	addu	$2,$18
-	or	$7,$30
-	addu	$2,$25
-	 xor	$20,$22
-	sll	$25,$2,5	# 59
-	addu	$1,$31
-	srl	$6,$2,27
-	addu	$1,$25
-	 xor	$20,$12
-	and	$25,$7,$24
-	addu	$1,$6
-	 xor	$20,$17
-	sll	$30,$3,30
-	addu	$1,$25
-	 srl	$6,$20,31
-	xor	$25,$7,$24
-	 addu	$20,$20
-	and	$25,$3
-	srl	$3,$3,2
-	 or	$20,$6
-	addu	$1,$19
-	or	$3,$30
-	addu	$1,$25
-	lui	$31,0xca62
-	ori	$31,0xc1d6	# K_60_79
-	 xor	$21,$23
-	sll	$25,$1,5	# 60
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$21,$13
-	xor	$25,$3,$7
-	addu	$24,$6
-	 xor	$21,$18
-	sll	$30,$2,30
-	xor	$25,$2
-	 srl	$6,$21,31
-	 addu	$21,$21
-	srl	$2,$2,2
-	addu	$24,$20
-	 or	$21,$6
-	or	$2,$30
-	addu	$24,$25
-	 xor	$22,$8
-	sll	$25,$24,5	# 61
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$22,$14
-	xor	$25,$2,$3
-	addu	$7,$6
-	 xor	$22,$19
-	sll	$30,$1,30
-	xor	$25,$1
-	 srl	$6,$22,31
-	 addu	$22,$22
-	srl	$1,$1,2
-	addu	$7,$21
-	 or	$22,$6
-	or	$1,$30
-	addu	$7,$25
-	 xor	$23,$9
-	sll	$25,$7,5	# 62
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$23,$15
-	xor	$25,$1,$2
-	addu	$3,$6
-	 xor	$23,$20
-	sll	$30,$24,30
-	xor	$25,$24
-	 srl	$6,$23,31
-	 addu	$23,$23
-	srl	$24,$24,2
-	addu	$3,$22
-	 or	$23,$6
-	or	$24,$30
-	addu	$3,$25
-	 xor	$8,$10
-	sll	$25,$3,5	# 63
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$8,$16
-	xor	$25,$24,$1
-	addu	$2,$6
-	 xor	$8,$21
-	sll	$30,$7,30
-	xor	$25,$7
-	 srl	$6,$8,31
-	 addu	$8,$8
-	srl	$7,$7,2
-	addu	$2,$23
-	 or	$8,$6
-	or	$7,$30
-	addu	$2,$25
-	 xor	$9,$11
-	sll	$25,$2,5	# 64
-	addu	$1,$31
-	srl	$6,$2,27
-	addu	$1,$25
-	 xor	$9,$17
-	xor	$25,$7,$24
-	addu	$1,$6
-	 xor	$9,$22
-	sll	$30,$3,30
-	xor	$25,$3
-	 srl	$6,$9,31
-	 addu	$9,$9
-	srl	$3,$3,2
-	addu	$1,$8
-	 or	$9,$6
-	or	$3,$30
-	addu	$1,$25
-	 xor	$10,$12
-	sll	$25,$1,5	# 65
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$10,$18
-	xor	$25,$3,$7
-	addu	$24,$6
-	 xor	$10,$23
-	sll	$30,$2,30
-	xor	$25,$2
-	 srl	$6,$10,31
-	 addu	$10,$10
-	srl	$2,$2,2
-	addu	$24,$9
-	 or	$10,$6
-	or	$2,$30
-	addu	$24,$25
-	 xor	$11,$13
-	sll	$25,$24,5	# 66
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$11,$19
-	xor	$25,$2,$3
-	addu	$7,$6
-	 xor	$11,$8
-	sll	$30,$1,30
-	xor	$25,$1
-	 srl	$6,$11,31
-	 addu	$11,$11
-	srl	$1,$1,2
-	addu	$7,$10
-	 or	$11,$6
-	or	$1,$30
-	addu	$7,$25
-	 xor	$12,$14
-	sll	$25,$7,5	# 67
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$12,$20
-	xor	$25,$1,$2
-	addu	$3,$6
-	 xor	$12,$9
-	sll	$30,$24,30
-	xor	$25,$24
-	 srl	$6,$12,31
-	 addu	$12,$12
-	srl	$24,$24,2
-	addu	$3,$11
-	 or	$12,$6
-	or	$24,$30
-	addu	$3,$25
-	 xor	$13,$15
-	sll	$25,$3,5	# 68
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$13,$21
-	xor	$25,$24,$1
-	addu	$2,$6
-	 xor	$13,$10
-	sll	$30,$7,30
-	xor	$25,$7
-	 srl	$6,$13,31
-	 addu	$13,$13
-	srl	$7,$7,2
-	addu	$2,$12
-	 or	$13,$6
-	or	$7,$30
-	addu	$2,$25
-	 xor	$14,$16
-	sll	$25,$2,5	# 69
-	addu	$1,$31
-	srl	$6,$2,27
-	addu	$1,$25
-	 xor	$14,$22
-	xor	$25,$7,$24
-	addu	$1,$6
-	 xor	$14,$11
-	sll	$30,$3,30
-	xor	$25,$3
-	 srl	$6,$14,31
-	 addu	$14,$14
-	srl	$3,$3,2
-	addu	$1,$13
-	 or	$14,$6
-	or	$3,$30
-	addu	$1,$25
-	 xor	$15,$17
-	sll	$25,$1,5	# 70
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$15,$23
-	xor	$25,$3,$7
-	addu	$24,$6
-	 xor	$15,$12
-	sll	$30,$2,30
-	xor	$25,$2
-	 srl	$6,$15,31
-	 addu	$15,$15
-	srl	$2,$2,2
-	addu	$24,$14
-	 or	$15,$6
-	or	$2,$30
-	addu	$24,$25
-	 xor	$16,$18
-	sll	$25,$24,5	# 71
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$16,$8
-	xor	$25,$2,$3
-	addu	$7,$6
-	 xor	$16,$13
-	sll	$30,$1,30
-	xor	$25,$1
-	 srl	$6,$16,31
-	 addu	$16,$16
-	srl	$1,$1,2
-	addu	$7,$15
-	 or	$16,$6
-	or	$1,$30
-	addu	$7,$25
-	 xor	$17,$19
-	sll	$25,$7,5	# 72
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$17,$9
-	xor	$25,$1,$2
-	addu	$3,$6
-	 xor	$17,$14
-	sll	$30,$24,30
-	xor	$25,$24
-	 srl	$6,$17,31
-	 addu	$17,$17
-	srl	$24,$24,2
-	addu	$3,$16
-	 or	$17,$6
-	or	$24,$30
-	addu	$3,$25
-	 xor	$18,$20
-	sll	$25,$3,5	# 73
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$18,$10
-	xor	$25,$24,$1
-	addu	$2,$6
-	 xor	$18,$15
-	sll	$30,$7,30
-	xor	$25,$7
-	 srl	$6,$18,31
-	 addu	$18,$18
-	srl	$7,$7,2
-	addu	$2,$17
-	 or	$18,$6
-	or	$7,$30
-	addu	$2,$25
-	 xor	$19,$21
-	sll	$25,$2,5	# 74
-	addu	$1,$31
-	srl	$6,$2,27
-	addu	$1,$25
-	 xor	$19,$11
-	xor	$25,$7,$24
-	addu	$1,$6
-	 xor	$19,$16
-	sll	$30,$3,30
-	xor	$25,$3
-	 srl	$6,$19,31
-	 addu	$19,$19
-	srl	$3,$3,2
-	addu	$1,$18
-	 or	$19,$6
-	or	$3,$30
-	addu	$1,$25
-	 xor	$20,$22
-	sll	$25,$1,5	# 75
-	addu	$24,$31
-	srl	$6,$1,27
-	addu	$24,$25
-	 xor	$20,$12
-	xor	$25,$3,$7
-	addu	$24,$6
-	 xor	$20,$17
-	sll	$30,$2,30
-	xor	$25,$2
-	 srl	$6,$20,31
-	 addu	$20,$20
-	srl	$2,$2,2
-	addu	$24,$19
-	 or	$20,$6
-	or	$2,$30
-	addu	$24,$25
-	 xor	$21,$23
-	sll	$25,$24,5	# 76
-	addu	$7,$31
-	srl	$6,$24,27
-	addu	$7,$25
-	 xor	$21,$13
-	xor	$25,$2,$3
-	addu	$7,$6
-	 xor	$21,$18
-	sll	$30,$1,30
-	xor	$25,$1
-	 srl	$6,$21,31
-	 addu	$21,$21
-	srl	$1,$1,2
-	addu	$7,$20
-	 or	$21,$6
-	or	$1,$30
-	addu	$7,$25
-	 xor	$22,$8
-	sll	$25,$7,5	# 77
-	addu	$3,$31
-	srl	$6,$7,27
-	addu	$3,$25
-	 xor	$22,$14
-	xor	$25,$1,$2
-	addu	$3,$6
-	 xor	$22,$19
-	sll	$30,$24,30
-	xor	$25,$24
-	 srl	$6,$22,31
-	 addu	$22,$22
-	srl	$24,$24,2
-	addu	$3,$21
-	 or	$22,$6
-	or	$24,$30
-	addu	$3,$25
-	 xor	$23,$9
-	sll	$25,$3,5	# 78
-	addu	$2,$31
-	srl	$6,$3,27
-	addu	$2,$25
-	 xor	$23,$15
-	xor	$25,$24,$1
-	addu	$2,$6
-	 xor	$23,$20
-	sll	$30,$7,30
-	xor	$25,$7
-	 srl	$6,$23,31
-	 addu	$23,$23
-	srl	$7,$7,2
-	addu	$2,$22
-	 or	$23,$6
-	or	$7,$30
-	addu	$2,$25
-	 lw	$8,0($4)
-	sll	$25,$2,5	# 79
-	addu	$1,$31
-	 lw	$9,4($4)
-	srl	$6,$2,27
-	addu	$1,$25
-	 lw	$10,8($4)
-	xor	$25,$7,$24
-	addu	$1,$6
-	 lw	$11,12($4)
-	sll	$30,$3,30
-	xor	$25,$3
-	 lw	$12,16($4)
-	srl	$3,$3,2
-	addu	$1,$23
-	or	$3,$30
-	addu	$1,$25
-	add $5,64
-	lw	$6,0($29)
-
-	addu	$1,$8
-	addu	$2,$9
-	sw	$1,0($4)
-	addu	$3,$10
-	addu	$7,$11
-	sw	$2,4($4)
-	addu	$24,$12
-	sw	$3,8($4)
-	sw	$7,12($4)
-	sw	$24,16($4)
-	.set	noreorder
-	bne	$5,$6,.Loop
-	nop
-
-	.set	noreorder
-	lw	$31,(16-1)*4($29)
-	lw	$30,(16-2)*4($29)
-	lw	$23,(16-3)*4($29)
-	lw	$22,(16-4)*4($29)
-	lw	$21,(16-5)*4($29)
-	lw	$20,(16-6)*4($29)
-	lw	$19,(16-7)*4($29)
-	lw	$18,(16-8)*4($29)
-	lw	$17,(16-9)*4($29)
-	lw	$16,(16-10)*4($29)
-	jr	$31
-	add $29,16*4
-.end	sha1_block_data_order
-.rdata
-.asciiz	"SHA1 for MIPS, CRYPTOGAMS by <appro@openssl.org>"
diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl
deleted file mode 100644
index 197bc6b50e..0000000000
--- a/crypto/sha/asm/sha1-mips.pl
+++ /dev/null
@@ -1,354 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# SHA1 block procedure for MIPS.
-
-# Performance improvement is 30% on unaligned input. The "secret" is
-# to deploy lwl/lwr pair to load unaligned input. One could have
-# vectorized Xupdate on MIPSIII/IV, but the goal was to code MIPS32-
-# compatible subroutine. There is room for minor optimization on
-# little-endian platforms...
-
-######################################################################
-# There is a number of MIPS ABI in use, O32 and N32/64 are most
-# widely used. Then there is a new contender: NUBI. It appears that if
-# one picks the latter, it's possible to arrange code in ABI neutral
-# manner. Therefore let's stick to NUBI register layout:
-#
-($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
-($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
-($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
-($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
-#
-# The return value is placed in $a0. Following coding rules facilitate
-# interoperability:
-#
-# - never ever touch $tp, "thread pointer", former $gp;
-# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
-#   old code];
-# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
-#
-# For reference here is register layout for N32/64 MIPS ABIs:
-#
-# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
-# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
-# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
-# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
-# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
-#
-$flavour = shift; # supported flavours are o32,n32,64,nubi32,nubi64
-
-if ($flavour =~ /64|n32/i) {
-	$PTR_ADD="dadd";	# incidentally works even on n32
-	$PTR_SUB="dsub";	# incidentally works even on n32
-	$REG_S="sd";
-	$REG_L="ld";
-	$PTR_SLL="dsll";	# incidentally works even on n32
-	$SZREG=8;
-} else {
-	$PTR_ADD="add";
-	$PTR_SUB="sub";
-	$REG_S="sw";
-	$REG_L="lw";
-	$PTR_SLL="sll";
-	$SZREG=4;
-}
-#
-# <appro@openssl.org>
-#
-######################################################################
-
-$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
-
-for (@ARGV) {	$output=$_ if (/^\w[\w\-]*\.\w+$/);   }
-open STDOUT,">$output";
-
-if (!defined($big_endian))
-            {   $big_endian=(unpack('L',pack('N',1))==1);   }
-
-# offsets of the Most and Least Significant Bytes
-$MSB=$big_endian?0:3;
-$LSB=3&~$MSB;
-
-@X=map("\$$_",(8..23));	# a4-a7,s0-s11
-
-$ctx=$a0;
-$inp=$a1;
-$num=$a2;
-$A="\$1";
-$B="\$2";
-$C="\$3";
-$D="\$7";
-$E="\$24";	@V=($A,$B,$C,$D,$E);
-$t0="\$25";
-$t1=$num;	# $num is offloaded to stack
-$t2="\$30";	# fp
-$K="\$31";	# ra
-
-sub BODY_00_14 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-$code.=<<___	if (!$big_endian);
-	srl	$t0,@X[$i],24	# byte swap($i)
-	srl	$t1,@X[$i],8
-	andi	$t2,@X[$i],0xFF00
-	sll	@X[$i],@X[$i],24
-	andi	$t1,0xFF00
-	sll	$t2,$t2,8
-	or	@X[$i],$t0
-	or	$t1,$t2
-	or	@X[$i],$t1
-___
-$code.=<<___;
-	 lwl	@X[$j],$j*4+$MSB($inp)
-	sll	$t0,$a,5	# $i
-	addu	$e,$K
-	 lwr	@X[$j],$j*4+$LSB($inp)
-	srl	$t1,$a,27
-	addu	$e,$t0
-	xor	$t0,$c,$d
-	addu	$e,$t1
-	sll	$t2,$b,30
-	and	$t0,$b
-	srl	$b,$b,2
-	xor	$t0,$d
-	addu	$e,@X[$i]
-	or	$b,$t2
-	addu	$e,$t0
-___
-}
-
-sub BODY_15_19 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-
-$code.=<<___	if (!$big_endian && $i==15);
-	srl	$t0,@X[$i],24	# byte swap($i)
-	srl	$t1,@X[$i],8
-	andi	$t2,@X[$i],0xFF00
-	sll	@X[$i],@X[$i],24
-	andi	$t1,0xFF00
-	sll	$t2,$t2,8
-	or	@X[$i],$t0
-	or	@X[$i],$t1
-	or	@X[$i],$t2
-___
-$code.=<<___;
-	 xor	@X[$j%16],@X[($j+2)%16]
-	sll	$t0,$a,5	# $i
-	addu	$e,$K
-	srl	$t1,$a,27
-	addu	$e,$t0
-	 xor	@X[$j%16],@X[($j+8)%16]
-	xor	$t0,$c,$d
-	addu	$e,$t1
-	 xor	@X[$j%16],@X[($j+13)%16]
-	sll	$t2,$b,30
-	and	$t0,$b
-	 srl	$t1,@X[$j%16],31
-	 addu	@X[$j%16],@X[$j%16]
-	srl	$b,$b,2
-	xor	$t0,$d
-	 or	@X[$j%16],$t1
-	addu	$e,@X[$i%16]
-	or	$b,$t2
-	addu	$e,$t0
-___
-}
-
-sub BODY_20_39 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-$code.=<<___ if ($i<79);
-	 xor	@X[$j%16],@X[($j+2)%16]
-	sll	$t0,$a,5	# $i
-	addu	$e,$K
-	srl	$t1,$a,27
-	addu	$e,$t0
-	 xor	@X[$j%16],@X[($j+8)%16]
-	xor	$t0,$c,$d
-	addu	$e,$t1
-	 xor	@X[$j%16],@X[($j+13)%16]
-	sll	$t2,$b,30
-	xor	$t0,$b
-	 srl	$t1,@X[$j%16],31
-	 addu	@X[$j%16],@X[$j%16]
-	srl	$b,$b,2
-	addu	$e,@X[$i%16]
-	 or	@X[$j%16],$t1
-	or	$b,$t2
-	addu	$e,$t0
-___
-$code.=<<___ if ($i==79);
-	 lw	@X[0],0($ctx)
-	sll	$t0,$a,5	# $i
-	addu	$e,$K
-	 lw	@X[1],4($ctx)
-	srl	$t1,$a,27
-	addu	$e,$t0
-	 lw	@X[2],8($ctx)
-	xor	$t0,$c,$d
-	addu	$e,$t1
-	 lw	@X[3],12($ctx)
-	sll	$t2,$b,30
-	xor	$t0,$b
-	 lw	@X[4],16($ctx)
-	srl	$b,$b,2
-	addu	$e,@X[$i%16]
-	or	$b,$t2
-	addu	$e,$t0
-___
-}
-
-sub BODY_40_59 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-$code.=<<___ if ($i<79);
-	 xor	@X[$j%16],@X[($j+2)%16]
-	sll	$t0,$a,5	# $i
-	addu	$e,$K
-	srl	$t1,$a,27
-	addu	$e,$t0
-	 xor	@X[$j%16],@X[($j+8)%16]
-	and	$t0,$c,$d
-	addu	$e,$t1
-	 xor	@X[$j%16],@X[($j+13)%16]
-	sll	$t2,$b,30
-	addu	$e,$t0
-	 srl	$t1,@X[$j%16],31
-	xor	$t0,$c,$d
-	 addu	@X[$j%16],@X[$j%16]
-	and	$t0,$b
-	srl	$b,$b,2
-	 or	@X[$j%16],$t1
-	addu	$e,@X[$i%16]
-	or	$b,$t2
-	addu	$e,$t0
-___
-}
-
-$FRAMESIZE=16;	# large enough to accomodate NUBI saved registers
-$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc0fff008 : 0xc0ff0000;
-
-$code=<<___;
-#ifdef OPENSSL_FIPSCANISTER
-# include <openssl/fipssyms.h>
-#endif
-
-.text
-
-.set	noat
-.set	noreorder
-.align	5
-.globl	sha1_block_data_order
-.ent	sha1_block_data_order
-sha1_block_data_order:
-	.frame	$sp,$FRAMESIZE*$SZREG,$ra
-	.mask	$SAVED_REGS_MASK,-$SZREG
-	.set	noreorder
-	$PTR_SUB $sp,$FRAMESIZE*$SZREG
-	$REG_S	$ra,($FRAMESIZE-1)*$SZREG($sp)
-	$REG_S	$fp,($FRAMESIZE-2)*$SZREG($sp)
-	$REG_S	$s11,($FRAMESIZE-3)*$SZREG($sp)
-	$REG_S	$s10,($FRAMESIZE-4)*$SZREG($sp)
-	$REG_S	$s9,($FRAMESIZE-5)*$SZREG($sp)
-	$REG_S	$s8,($FRAMESIZE-6)*$SZREG($sp)
-	$REG_S	$s7,($FRAMESIZE-7)*$SZREG($sp)
-	$REG_S	$s6,($FRAMESIZE-8)*$SZREG($sp)
-	$REG_S	$s5,($FRAMESIZE-9)*$SZREG($sp)
-	$REG_S	$s4,($FRAMESIZE-10)*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
-	$REG_S	$s3,($FRAMESIZE-11)*$SZREG($sp)
-	$REG_S	$s2,($FRAMESIZE-12)*$SZREG($sp)
-	$REG_S	$s1,($FRAMESIZE-13)*$SZREG($sp)
-	$REG_S	$s0,($FRAMESIZE-14)*$SZREG($sp)
-	$REG_S	$gp,($FRAMESIZE-15)*$SZREG($sp)
-___
-$code.=<<___;
-	$PTR_SLL $num,6
-	$PTR_ADD $num,$inp
-	$REG_S	$num,0($sp)
-	lw	$A,0($ctx)
-	lw	$B,4($ctx)
-	lw	$C,8($ctx)
-	lw	$D,12($ctx)
-	b	.Loop
-	lw	$E,16($ctx)
-.align	4
-.Loop:
-	.set	reorder
-	lwl	@X[0],$MSB($inp)
-	lui	$K,0x5a82
-	lwr	@X[0],$LSB($inp)
-	ori	$K,0x7999	# K_00_19
-___
-for ($i=0;$i<15;$i++)	{ &BODY_00_14($i,@V); unshift(@V,pop(@V)); }
-for (;$i<20;$i++)	{ &BODY_15_19($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	lui	$K,0x6ed9
-	ori	$K,0xeba1	# K_20_39
-___
-for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	lui	$K,0x8f1b
-	ori	$K,0xbcdc	# K_40_59
-___
-for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	lui	$K,0xca62
-	ori	$K,0xc1d6	# K_60_79
-___
-for (;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	$PTR_ADD $inp,64
-	$REG_L	$num,0($sp)
-
-	addu	$A,$X[0]
-	addu	$B,$X[1]
-	sw	$A,0($ctx)
-	addu	$C,$X[2]
-	addu	$D,$X[3]
-	sw	$B,4($ctx)
-	addu	$E,$X[4]
-	sw	$C,8($ctx)
-	sw	$D,12($ctx)
-	sw	$E,16($ctx)
-	.set	noreorder
-	bne	$inp,$num,.Loop
-	nop
-
-	.set	noreorder
-	$REG_L	$ra,($FRAMESIZE-1)*$SZREG($sp)
-	$REG_L	$fp,($FRAMESIZE-2)*$SZREG($sp)
-	$REG_L	$s11,($FRAMESIZE-3)*$SZREG($sp)
-	$REG_L	$s10,($FRAMESIZE-4)*$SZREG($sp)
-	$REG_L	$s9,($FRAMESIZE-5)*$SZREG($sp)
-	$REG_L	$s8,($FRAMESIZE-6)*$SZREG($sp)
-	$REG_L	$s7,($FRAMESIZE-7)*$SZREG($sp)
-	$REG_L	$s6,($FRAMESIZE-8)*$SZREG($sp)
-	$REG_L	$s5,($FRAMESIZE-9)*$SZREG($sp)
-	$REG_L	$s4,($FRAMESIZE-10)*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$s3,($FRAMESIZE-11)*$SZREG($sp)
-	$REG_L	$s2,($FRAMESIZE-12)*$SZREG($sp)
-	$REG_L	$s1,($FRAMESIZE-13)*$SZREG($sp)
-	$REG_L	$s0,($FRAMESIZE-14)*$SZREG($sp)
-	$REG_L	$gp,($FRAMESIZE-15)*$SZREG($sp)
-___
-$code.=<<___;
-	jr	$ra
-	$PTR_ADD $sp,$FRAMESIZE*$SZREG
-.end	sha1_block_data_order
-.rdata
-.asciiz	"SHA1 for MIPS, CRYPTOGAMS by <appro\@openssl.org>"
-___
-print $code;
-close STDOUT;
diff --git a/crypto/sha/asm/sha1-parisc.pl b/crypto/sha/asm/sha1-parisc.pl
deleted file mode 100644
index 6e5a328a6f..0000000000
--- a/crypto/sha/asm/sha1-parisc.pl
+++ /dev/null
@@ -1,260 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# SHA1 block procedure for PA-RISC.
-
-# June 2009.
-#
-# On PA-7100LC performance is >30% better than gcc 3.2 generated code
-# for aligned input and >50% better for unaligned. Compared to vendor
-# compiler on PA-8600 it's almost 60% faster in 64-bit build and just
-# few percent faster in 32-bit one (this for aligned input, data for
-# unaligned input is not available).
-#
-# Special thanks to polarhome.com for providing HP-UX account.
-
-$flavour = shift;
-$output = shift;
-open STDOUT,">$output";
-
-if ($flavour =~ /64/) {
-	$LEVEL		="2.0W";
-	$SIZE_T		=8;
-	$FRAME_MARKER	=80;
-	$SAVED_RP	=16;
-	$PUSH		="std";
-	$PUSHMA		="std,ma";
-	$POP		="ldd";
-	$POPMB		="ldd,mb";
-} else {
-	$LEVEL		="1.0";
-	$SIZE_T		=4;
-	$FRAME_MARKER	=48;
-	$SAVED_RP	=20;
-	$PUSH		="stw";
-	$PUSHMA		="stwm";
-	$POP		="ldw";
-	$POPMB		="ldwm";
-}
-
-$FRAME=14*$SIZE_T+$FRAME_MARKER;# 14 saved regs + frame marker
-				#                 [+ argument transfer]
-$ctx="%r26";		# arg0
-$inp="%r25";		# arg1
-$num="%r24";		# arg2
-
-$t0="%r28";
-$t1="%r29";
-$K="%r31";
-
-@X=("%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8",
-    "%r9", "%r10","%r11","%r12","%r13","%r14","%r15","%r16",$t0);
-
-@V=($A,$B,$C,$D,$E)=("%r19","%r20","%r21","%r22","%r23");
-
-sub BODY_00_19 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-$code.=<<___ if ($i<15);
-	addl	$K,$e,$e	; $i
-	shd	$a,$a,27,$t1
-	addl	@X[$i],$e,$e
-	and	$c,$b,$t0
-	addl	$t1,$e,$e
-	andcm	$d,$b,$t1
-	shd	$b,$b,2,$b
-	or	$t1,$t0,$t0
-	addl	$t0,$e,$e
-___
-$code.=<<___ if ($i>=15);	# with forward Xupdate
-	addl	$K,$e,$e	; $i
-	shd	$a,$a,27,$t1
-	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
-	addl	@X[$i%16],$e,$e
-	and	$c,$b,$t0
-	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
-	addl	$t1,$e,$e
-	andcm	$d,$b,$t1
-	shd	$b,$b,2,$b
-	or	$t1,$t0,$t0
-	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
-	add	$t0,$e,$e
-	shd	@X[$j%16],@X[$j%16],31,@X[$j%16]
-___
-}
-
-sub BODY_20_39 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-$code.=<<___ if ($i<79);
-	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]	; $i
-	addl	$K,$e,$e
-	shd	$a,$a,27,$t1
-	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
-	addl	@X[$i%16],$e,$e
-	xor	$b,$c,$t0
-	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
-	addl	$t1,$e,$e
-	shd	$b,$b,2,$b
-	xor	$d,$t0,$t0
-	shd	@X[$j%16],@X[$j%16],31,@X[$j%16]
-	addl	$t0,$e,$e
-___
-$code.=<<___ if ($i==79);	# with context load
-	ldw	0($ctx),@X[0]	; $i
-	addl	$K,$e,$e
-	shd	$a,$a,27,$t1
-	ldw	4($ctx),@X[1]
-	addl	@X[$i%16],$e,$e
-	xor	$b,$c,$t0
-	ldw	8($ctx),@X[2]
-	addl	$t1,$e,$e
-	shd	$b,$b,2,$b
-	xor	$d,$t0,$t0
-	ldw	12($ctx),@X[3]
-	addl	$t0,$e,$e
-	ldw	16($ctx),@X[4]
-___
-}
-
-sub BODY_40_59 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-$code.=<<___;
-	shd	$a,$a,27,$t1	; $i
-	addl	$K,$e,$e
-	xor	@X[($j+2)%16],@X[$j%16],@X[$j%16]
-	xor	$d,$c,$t0
-	addl	@X[$i%16],$e,$e
-	xor	@X[($j+8)%16],@X[$j%16],@X[$j%16]
-	and	$b,$t0,$t0
-	addl	$t1,$e,$e
-	shd	$b,$b,2,$b
-	xor	@X[($j+13)%16],@X[$j%16],@X[$j%16]
-	addl	$t0,$e,$e
-	and	$d,$c,$t1
-	shd	@X[$j%16],@X[$j%16],31,@X[$j%16]
-	addl	$t1,$e,$e
-___
-}
-
-$code=<<___;
-	.LEVEL	$LEVEL
-	.SPACE	\$TEXT\$
-	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
-
-	.EXPORT	sha1_block_data_order,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
-sha1_block_data_order
-	.PROC
-	.CALLINFO	FRAME=`$FRAME-14*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=16
-	.ENTRY
-	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
-	$PUSHMA	%r3,$FRAME(%sp)
-	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
-	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
-	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
-	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
-	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
-	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
-	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
-	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
-	$PUSH	%r12,`-$FRAME+9*$SIZE_T`(%sp)
-	$PUSH	%r13,`-$FRAME+10*$SIZE_T`(%sp)
-	$PUSH	%r14,`-$FRAME+11*$SIZE_T`(%sp)
-	$PUSH	%r15,`-$FRAME+12*$SIZE_T`(%sp)
-	$PUSH	%r16,`-$FRAME+13*$SIZE_T`(%sp)
-
-	ldw	0($ctx),$A
-	ldw	4($ctx),$B
-	ldw	8($ctx),$C
-	ldw	12($ctx),$D
-	ldw	16($ctx),$E
-
-	extru	$inp,31,2,$t0		; t0=inp&3;
-	sh3addl	$t0,%r0,$t0		; t0*=8;
-	subi	32,$t0,$t0		; t0=32-t0;
-	mtctl	$t0,%cr11		; %sar=t0;
-
-L\$oop
-	ldi	3,$t0
-	andcm	$inp,$t0,$t0		; 64-bit neutral
-___
-	for ($i=0;$i<15;$i++) {		# load input block
-	$code.="\tldw	`4*$i`($t0),@X[$i]\n";		}
-$code.=<<___;
-	cmpb,*=	$inp,$t0,L\$aligned
-	ldw	60($t0),@X[15]
-	ldw	64($t0),@X[16]
-___
-	for ($i=0;$i<16;$i++) {		# align input
-	$code.="\tvshd	@X[$i],@X[$i+1],@X[$i]\n";	}
-$code.=<<___;
-L\$aligned
-	ldil	L'0x5a827000,$K		; K_00_19
-	ldo	0x999($K),$K
-___
-for ($i=0;$i<20;$i++)   { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	ldil	L'0x6ed9e000,$K		; K_20_39
-	ldo	0xba1($K),$K
-___
-
-for (;$i<40;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	ldil	L'0x8f1bb000,$K		; K_40_59
-	ldo	0xcdc($K),$K
-___
-
-for (;$i<60;$i++)       { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	ldil	L'0xca62c000,$K		; K_60_79
-	ldo	0x1d6($K),$K
-___
-for (;$i<80;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-
-$code.=<<___;
-	addl	@X[0],$A,$A
-	addl	@X[1],$B,$B
-	addl	@X[2],$C,$C
-	addl	@X[3],$D,$D
-	addl	@X[4],$E,$E
-	stw	$A,0($ctx)
-	stw	$B,4($ctx)
-	stw	$C,8($ctx)
-	stw	$D,12($ctx)
-	stw	$E,16($ctx)
-	addib,*<> -1,$num,L\$oop
-	ldo	64($inp),$inp
-
-	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2	; standard epilogue
-	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
-	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
-	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
-	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
-	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
-	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
-	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
-	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
-	$POP	`-$FRAME+9*$SIZE_T`(%sp),%r12
-	$POP	`-$FRAME+10*$SIZE_T`(%sp),%r13
-	$POP	`-$FRAME+11*$SIZE_T`(%sp),%r14
-	$POP	`-$FRAME+12*$SIZE_T`(%sp),%r15
-	$POP	`-$FRAME+13*$SIZE_T`(%sp),%r16
-	bv	(%r2)
-	.EXIT
-	$POPMB	-$FRAME(%sp),%r3
-	.PROCEND
-	.STRINGZ "SHA1 block transform for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/,\*/,/gm		if ($SIZE_T==4);
-$code =~ s/\bbv\b/bve/gm	if ($SIZE_T==8);
-print $code;
-close STDOUT;
diff --git a/crypto/sha/asm/sha1-ppc.pl b/crypto/sha/asm/sha1-ppc.pl
deleted file mode 100755
index 2140dd2f8d..0000000000
--- a/crypto/sha/asm/sha1-ppc.pl
+++ /dev/null
@@ -1,326 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# I let hardware handle unaligned input(*), except on page boundaries
-# (see below for details). Otherwise straightforward implementation
-# with X vector in register bank. The module is big-endian [which is
-# not big deal as there're no little-endian targets left around].
-#
-# (*) this means that this module is inappropriate for PPC403? Does
-#     anybody know if pre-POWER3 can sustain unaligned load?
-
-# 			-m64	-m32
-# ----------------------------------
-# PPC970,gcc-4.0.0	+76%	+59%
-# Power6,xlc-7		+68%	+33%
-
-$flavour = shift;
-
-if ($flavour =~ /64/) {
-	$SIZE_T	=8;
-	$LRSAVE	=2*$SIZE_T;
-	$UCMP	="cmpld";
-	$STU	="stdu";
-	$POP	="ld";
-	$PUSH	="std";
-} elsif ($flavour =~ /32/) {
-	$SIZE_T	=4;
-	$LRSAVE	=$SIZE_T;
-	$UCMP	="cmplw";
-	$STU	="stwu";
-	$POP	="lwz";
-	$PUSH	="stw";
-} else { die "nonsense $flavour"; }
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
-die "can't locate ppc-xlate.pl";
-
-open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
-
-$FRAME=24*$SIZE_T+64;
-$LOCALS=6*$SIZE_T;
-
-$K  ="r0";
-$sp ="r1";
-$toc="r2";
-$ctx="r3";
-$inp="r4";
-$num="r5";
-$t0 ="r15";
-$t1 ="r6";
-
-$A  ="r7";
-$B  ="r8";
-$C  ="r9";
-$D  ="r10";
-$E  ="r11";
-$T  ="r12";
-
-@V=($A,$B,$C,$D,$E,$T);
-@X=("r16","r17","r18","r19","r20","r21","r22","r23",
-    "r24","r25","r26","r27","r28","r29","r30","r31");
-
-sub BODY_00_19 {
-my ($i,$a,$b,$c,$d,$e,$f)=@_;
-my $j=$i+1;
-$code.=<<___ if ($i==0);
-	lwz	@X[$i],`$i*4`($inp)
-___
-$code.=<<___ if ($i<15);
-	lwz	@X[$j],`$j*4`($inp)
-	add	$f,$K,$e
-	rotlwi	$e,$a,5
-	add	$f,$f,@X[$i]
-	and	$t0,$c,$b
-	add	$f,$f,$e
-	andc	$t1,$d,$b
-	rotlwi	$b,$b,30
-	or	$t0,$t0,$t1
-	add	$f,$f,$t0
-___
-$code.=<<___ if ($i>=15);
-	add	$f,$K,$e
-	rotlwi	$e,$a,5
-	xor	@X[$j%16],@X[$j%16],@X[($j+2)%16]
-	add	$f,$f,@X[$i%16]
-	and	$t0,$c,$b
-	xor	@X[$j%16],@X[$j%16],@X[($j+8)%16]
-	add	$f,$f,$e
-	andc	$t1,$d,$b
-	rotlwi	$b,$b,30
-	or	$t0,$t0,$t1
-	xor	@X[$j%16],@X[$j%16],@X[($j+13)%16]
-	add	$f,$f,$t0
-	rotlwi	@X[$j%16],@X[$j%16],1
-___
-}
-
-sub BODY_20_39 {
-my ($i,$a,$b,$c,$d,$e,$f)=@_;
-my $j=$i+1;
-$code.=<<___ if ($i<79);
-	add	$f,$K,$e
-	rotlwi	$e,$a,5
-	xor	@X[$j%16],@X[$j%16],@X[($j+2)%16]
-	add	$f,$f,@X[$i%16]
-	xor	$t0,$b,$c
-	xor	@X[$j%16],@X[$j%16],@X[($j+8)%16]
-	add	$f,$f,$e
-	rotlwi	$b,$b,30
-	xor	$t0,$t0,$d
-	xor	@X[$j%16],@X[$j%16],@X[($j+13)%16]
-	add	$f,$f,$t0
-	rotlwi	@X[$j%16],@X[$j%16],1
-___
-$code.=<<___ if ($i==79);
-	add	$f,$K,$e
-	rotlwi	$e,$a,5
-	lwz	r16,0($ctx)
-	add	$f,$f,@X[$i%16]
-	xor	$t0,$b,$c
-	lwz	r17,4($ctx)
-	add	$f,$f,$e
-	rotlwi	$b,$b,30
-	lwz	r18,8($ctx)
-	xor	$t0,$t0,$d
-	lwz	r19,12($ctx)
-	add	$f,$f,$t0
-	lwz	r20,16($ctx)
-___
-}
-
-sub BODY_40_59 {
-my ($i,$a,$b,$c,$d,$e,$f)=@_;
-my $j=$i+1;
-$code.=<<___;
-	add	$f,$K,$e
-	rotlwi	$e,$a,5
-	xor	@X[$j%16],@X[$j%16],@X[($j+2)%16]
-	add	$f,$f,@X[$i%16]
-	and	$t0,$b,$c
-	xor	@X[$j%16],@X[$j%16],@X[($j+8)%16]
-	add	$f,$f,$e
-	or	$t1,$b,$c
-	rotlwi	$b,$b,30
-	xor	@X[$j%16],@X[$j%16],@X[($j+13)%16]
-	and	$t1,$t1,$d
-	or	$t0,$t0,$t1
-	rotlwi	@X[$j%16],@X[$j%16],1
-	add	$f,$f,$t0
-___
-}
-
-$code=<<___;
-.machine	"any"
-.text
-
-.globl	.sha1_block_data_order
-.align	4
-.sha1_block_data_order:
-	$STU	$sp,-$FRAME($sp)
-	mflr	r0
-	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
-	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
-	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
-	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
-	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
-	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
-	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
-	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
-	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
-	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
-	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
-	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
-	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
-	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
-	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
-	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
-	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
-	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
-	lwz	$A,0($ctx)
-	lwz	$B,4($ctx)
-	lwz	$C,8($ctx)
-	lwz	$D,12($ctx)
-	lwz	$E,16($ctx)
-	andi.	r0,$inp,3
-	bne	Lunaligned
-Laligned:
-	mtctr	$num
-	bl	Lsha1_block_private
-	b	Ldone
-
-; PowerPC specification allows an implementation to be ill-behaved
-; upon unaligned access which crosses page boundary. "Better safe
-; than sorry" principle makes me treat it specially. But I don't
-; look for particular offending word, but rather for 64-byte input
-; block which crosses the boundary. Once found that block is aligned
-; and hashed separately...
-.align	4
-Lunaligned:
-	subfic	$t1,$inp,4096
-	andi.	$t1,$t1,4095	; distance to closest page boundary
-	srwi.	$t1,$t1,6	; t1/=64
-	beq	Lcross_page
-	$UCMP	$num,$t1
-	ble-	Laligned	; didn't cross the page boundary
-	mtctr	$t1
-	subfc	$num,$t1,$num
-	bl	Lsha1_block_private
-Lcross_page:
-	li	$t1,16
-	mtctr	$t1
-	addi	r20,$sp,$LOCALS	; spot within the frame
-Lmemcpy:
-	lbz	r16,0($inp)
-	lbz	r17,1($inp)
-	lbz	r18,2($inp)
-	lbz	r19,3($inp)
-	addi	$inp,$inp,4
-	stb	r16,0(r20)
-	stb	r17,1(r20)
-	stb	r18,2(r20)
-	stb	r19,3(r20)
-	addi	r20,r20,4
-	bdnz	Lmemcpy
-
-	$PUSH	$inp,`$FRAME-$SIZE_T*18`($sp)
-	li	$t1,1
-	addi	$inp,$sp,$LOCALS
-	mtctr	$t1
-	bl	Lsha1_block_private
-	$POP	$inp,`$FRAME-$SIZE_T*18`($sp)
-	addic.	$num,$num,-1
-	bne-	Lunaligned
-
-Ldone:
-	$POP	r0,`$FRAME+$LRSAVE`($sp)
-	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
-	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
-	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
-	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
-	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
-	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
-	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
-	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
-	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
-	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
-	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
-	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
-	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
-	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
-	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
-	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
-	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
-	mtlr	r0
-	addi	$sp,$sp,$FRAME
-	blr
-	.long	0
-	.byte	0,12,4,1,0x80,18,3,0
-	.long	0
-___
-
-# This is private block function, which uses tailored calling
-# interface, namely upon entry SHA_CTX is pre-loaded to given
-# registers and counter register contains amount of chunks to
-# digest...
-$code.=<<___;
-.align	4
-Lsha1_block_private:
-___
-$code.=<<___;	# load K_00_19
-	lis	$K,0x5a82
-	ori	$K,$K,0x7999
-___
-for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;	# load K_20_39
-	lis	$K,0x6ed9
-	ori	$K,$K,0xeba1
-___
-for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;	# load K_40_59
-	lis	$K,0x8f1b
-	ori	$K,$K,0xbcdc
-___
-for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;	# load K_60_79
-	lis	$K,0xca62
-	ori	$K,$K,0xc1d6
-___
-for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	add	r16,r16,$E
-	add	r17,r17,$T
-	add	r18,r18,$A
-	add	r19,r19,$B
-	add	r20,r20,$C
-	stw	r16,0($ctx)
-	mr	$A,r16
-	stw	r17,4($ctx)
-	mr	$B,r17
-	stw	r18,8($ctx)
-	mr	$C,r18
-	stw	r19,12($ctx)
-	mr	$D,r19
-	stw	r20,16($ctx)
-	mr	$E,r20
-	addi	$inp,$inp,`16*4`
-	bdnz-	Lsha1_block_private
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-___
-$code.=<<___;
-.asciz	"SHA1 block transform for PPC, CRYPTOGAMS by <appro\@fy.chalmers.se>"
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/sha/asm/sha1-s390x.pl b/crypto/sha/asm/sha1-s390x.pl
deleted file mode 100644
index 9193dda45e..0000000000
--- a/crypto/sha/asm/sha1-s390x.pl
+++ /dev/null
@@ -1,246 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# SHA1 block procedure for s390x.
-
-# April 2007.
-#
-# Performance is >30% better than gcc 3.3 generated code. But the real
-# twist is that SHA1 hardware support is detected and utilized. In
-# which case performance can reach further >4.5x for larger chunks.
-
-# January 2009.
-#
-# Optimize Xupdate for amount of memory references and reschedule
-# instructions to favour dual-issue z10 pipeline. On z10 hardware is
-# "only" ~2.3x faster than software.
-
-# November 2010.
-#
-# Adapt for -m31 build. If kernel supports what's called "highgprs"
-# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
-# instructions and achieve "64-bit" performance even in 31-bit legacy
-# application context. The feature is not specific to any particular
-# processor, as long as it's "z-CPU". Latter implies that the code
-# remains z/Architecture specific.
-
-$kimdfunc=1;	# magic function code for kimd instruction
-
-$flavour = shift;
-
-if ($flavour =~ /3[12]/) {
-	$SIZE_T=4;
-	$g="";
-} else {
-	$SIZE_T=8;
-	$g="g";
-}
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$K_00_39="%r0"; $K=$K_00_39;
-$K_40_79="%r1";
-$ctx="%r2";	$prefetch="%r2";
-$inp="%r3";
-$len="%r4";
-
-$A="%r5";
-$B="%r6";
-$C="%r7";
-$D="%r8";
-$E="%r9";	@V=($A,$B,$C,$D,$E);
-$t0="%r10";
-$t1="%r11";
-@X=("%r12","%r13","%r14");
-$sp="%r15";
-
-$stdframe=16*$SIZE_T+4*8;
-$frame=$stdframe+16*4;
-
-sub Xupdate {
-my $i=shift;
-
-$code.=<<___ if ($i==15);
-	lg	$prefetch,$stdframe($sp)	### Xupdate(16) warm-up
-	lr	$X[0],$X[2]
-___
-return if ($i&1);	# Xupdate is vectorized and executed every 2nd cycle
-$code.=<<___ if ($i<16);
-	lg	$X[0],`$i*4`($inp)	### Xload($i)
-	rllg	$X[1],$X[0],32
-___
-$code.=<<___ if ($i>=16);
-	xgr	$X[0],$prefetch		### Xupdate($i)
-	lg	$prefetch,`$stdframe+4*(($i+2)%16)`($sp)
-	xg	$X[0],`$stdframe+4*(($i+8)%16)`($sp)
-	xgr	$X[0],$prefetch
-	rll	$X[0],$X[0],1
-	rllg	$X[1],$X[0],32
-	rll	$X[1],$X[1],1
-	rllg	$X[0],$X[1],32
-	lr	$X[2],$X[1]		# feedback
-___
-$code.=<<___ if ($i<=70);
-	stg	$X[0],`$stdframe+4*($i%16)`($sp)
-___
-unshift(@X,pop(@X));
-}
-
-sub BODY_00_19 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $xi=$X[1];
-
-	&Xupdate($i);
-$code.=<<___;
-	alr	$e,$K		### $i
-	rll	$t1,$a,5
-	lr	$t0,$d
-	xr	$t0,$c
-	alr	$e,$t1
-	nr	$t0,$b
-	alr	$e,$xi
-	xr	$t0,$d
-	rll	$b,$b,30
-	alr	$e,$t0
-___
-}
-
-sub BODY_20_39 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $xi=$X[1];
-
-	&Xupdate($i);
-$code.=<<___;
-	alr	$e,$K		### $i
-	rll	$t1,$a,5
-	lr	$t0,$b
-	alr	$e,$t1
-	xr	$t0,$c
-	alr	$e,$xi
-	xr	$t0,$d
-	rll	$b,$b,30
-	alr	$e,$t0
-___
-}
-
-sub BODY_40_59 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $xi=$X[1];
-
-	&Xupdate($i);
-$code.=<<___;
-	alr	$e,$K		### $i
-	rll	$t1,$a,5
-	lr	$t0,$b
-	alr	$e,$t1
-	or	$t0,$c
-	lr	$t1,$b
-	nr	$t0,$d
-	nr	$t1,$c
-	alr	$e,$xi
-	or	$t0,$t1
-	rll	$b,$b,30
-	alr	$e,$t0
-___
-}
-
-$code.=<<___;
-.text
-.align	64
-.type	Ktable,\@object
-Ktable: .long	0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6
-	.skip	48	#.long	0,0,0,0,0,0,0,0,0,0,0,0
-.size	Ktable,.-Ktable
-.globl	sha1_block_data_order
-.type	sha1_block_data_order,\@function
-sha1_block_data_order:
-___
-$code.=<<___ if ($kimdfunc);
-	larl	%r1,OPENSSL_s390xcap_P
-	lg	%r0,0(%r1)
-	tmhl	%r0,0x4000	# check for message-security assist
-	jz	.Lsoftware
-	lghi	%r0,0
-	la	%r1,`2*$SIZE_T`($sp)
-	.long	0xb93e0002	# kimd %r0,%r2
-	lg	%r0,`2*$SIZE_T`($sp)
-	tmhh	%r0,`0x8000>>$kimdfunc`
-	jz	.Lsoftware
-	lghi	%r0,$kimdfunc
-	lgr	%r1,$ctx
-	lgr	%r2,$inp
-	sllg	%r3,$len,6
-	.long	0xb93e0002	# kimd %r0,%r2
-	brc	1,.-4		# pay attention to "partial completion"
-	br	%r14
-.align	16
-.Lsoftware:
-___
-$code.=<<___;
-	lghi	%r1,-$frame
-	st${g}	$ctx,`2*$SIZE_T`($sp)
-	stm${g}	%r6,%r15,`6*$SIZE_T`($sp)
-	lgr	%r0,$sp
-	la	$sp,0(%r1,$sp)
-	st${g}	%r0,0($sp)
-
-	larl	$t0,Ktable
-	llgf	$A,0($ctx)
-	llgf	$B,4($ctx)
-	llgf	$C,8($ctx)
-	llgf	$D,12($ctx)
-	llgf	$E,16($ctx)
-
-	lg	$K_00_39,0($t0)
-	lg	$K_40_79,8($t0)
-
-.Lloop:
-	rllg	$K_00_39,$K_00_39,32
-___
-for ($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	rllg	$K_00_39,$K_00_39,32
-___
-for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;	$K=$K_40_79;
-	rllg	$K_40_79,$K_40_79,32
-___
-for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	rllg	$K_40_79,$K_40_79,32
-___
-for (;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-
-	l${g}	$ctx,`$frame+2*$SIZE_T`($sp)
-	la	$inp,64($inp)
-	al	$A,0($ctx)
-	al	$B,4($ctx)
-	al	$C,8($ctx)
-	al	$D,12($ctx)
-	al	$E,16($ctx)
-	st	$A,0($ctx)
-	st	$B,4($ctx)
-	st	$C,8($ctx)
-	st	$D,12($ctx)
-	st	$E,16($ctx)
-	brct${g} $len,.Lloop
-
-	lm${g}	%r6,%r15,`$frame+6*$SIZE_T`($sp)
-	br	%r14
-.size	sha1_block_data_order,.-sha1_block_data_order
-.string	"SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-.comm	OPENSSL_s390xcap_P,16,8
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-
-print $code;
-close STDOUT;
diff --git a/crypto/sha/asm/sha1-sparcv9.pl b/crypto/sha/asm/sha1-sparcv9.pl
deleted file mode 100644
index 5c161cecd6..0000000000
--- a/crypto/sha/asm/sha1-sparcv9.pl
+++ /dev/null
@@ -1,284 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# Performance improvement is not really impressive on pre-T1 CPU: +8%
-# over Sun C and +25% over gcc [3.3]. While on T1, a.k.a. Niagara, it
-# turned to be 40% faster than 64-bit code generated by Sun C 5.8 and
-# >2x than 64-bit code generated by gcc 3.4. And there is a gimmick.
-# X[16] vector is packed to 8 64-bit registers and as result nothing
-# is spilled on stack. In addition input data is loaded in compact
-# instruction sequence, thus minimizing the window when the code is
-# subject to [inter-thread] cache-thrashing hazard. The goal is to
-# ensure scalability on UltraSPARC T1, or rather to avoid decay when
-# amount of active threads exceeds the number of physical cores.
-
-$bits=32;
-for (@ARGV)	{ $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
-if ($bits==64)	{ $bias=2047; $frame=192; }
-else		{ $bias=0;    $frame=112; }
-
-$output=shift;
-open STDOUT,">$output";
-
-@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7");
-$rot1m="%g2";
-$tmp64="%g3";
-$Xi="%g4";
-$A="%l0";
-$B="%l1";
-$C="%l2";
-$D="%l3";
-$E="%l4";
-@V=($A,$B,$C,$D,$E);
-$K_00_19="%l5";
-$K_20_39="%l6";
-$K_40_59="%l7";
-$K_60_79="%g5";
-@K=($K_00_19,$K_20_39,$K_40_59,$K_60_79);
-
-$ctx="%i0";
-$inp="%i1";
-$len="%i2";
-$tmp0="%i3";
-$tmp1="%i4";
-$tmp2="%i5";
-
-sub BODY_00_15 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $xi=($i&1)?@X[($i/2)%8]:$Xi;
-
-$code.=<<___;
-	sll	$a,5,$tmp0		!! $i
-	add	@K[$i/20],$e,$e
-	srl	$a,27,$tmp1
-	add	$tmp0,$e,$e
-	and	$c,$b,$tmp0
-	add	$tmp1,$e,$e
-	sll	$b,30,$tmp2
-	andn	$d,$b,$tmp1
-	srl	$b,2,$b
-	or	$tmp1,$tmp0,$tmp1
-	or	$tmp2,$b,$b
-	add	$xi,$e,$e
-___
-if ($i&1 && $i<15) {
-	$code.=
-	"	srlx	@X[(($i+1)/2)%8],32,$Xi\n";
-}
-$code.=<<___;
-	add	$tmp1,$e,$e
-___
-}
-
-sub Xupdate {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i/2;
-
-if ($i&1) {
-$code.=<<___;
-	sll	$a,5,$tmp0		!! $i
-	add	@K[$i/20],$e,$e
-	srl	$a,27,$tmp1
-___
-} else {
-$code.=<<___;
-	sllx	@X[($j+6)%8],32,$Xi	! Xupdate($i)
-	xor	@X[($j+1)%8],@X[$j%8],@X[$j%8]
-	srlx	@X[($j+7)%8],32,$tmp1
-	xor	@X[($j+4)%8],@X[$j%8],@X[$j%8]
-	sll	$a,5,$tmp0		!! $i
-	or	$tmp1,$Xi,$Xi
-	add	@K[$i/20],$e,$e		!!
-	xor	$Xi,@X[$j%8],@X[$j%8]
-	srlx	@X[$j%8],31,$Xi
-	add	@X[$j%8],@X[$j%8],@X[$j%8]
-	and	$Xi,$rot1m,$Xi
-	andn	@X[$j%8],$rot1m,@X[$j%8]
-	srl	$a,27,$tmp1		!!
-	or	$Xi,@X[$j%8],@X[$j%8]
-___
-}
-}
-
-sub BODY_16_19 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-
-	&Xupdate(@_);
-    if ($i&1) {
-	$xi=@X[($i/2)%8];
-    } else {
-	$xi=$Xi;
-	$code.="\tsrlx	@X[($i/2)%8],32,$xi\n";
-    }
-$code.=<<___;
-	add	$tmp0,$e,$e		!!
-	and	$c,$b,$tmp0
-	add	$tmp1,$e,$e
-	sll	$b,30,$tmp2
-	add	$xi,$e,$e
-	andn	$d,$b,$tmp1
-	srl	$b,2,$b
-	or	$tmp1,$tmp0,$tmp1
-	or	$tmp2,$b,$b
-	add	$tmp1,$e,$e
-___
-}
-
-sub BODY_20_39 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $xi;
-	&Xupdate(@_);
-    if ($i&1) {
-	$xi=@X[($i/2)%8];
-    } else {
-	$xi=$Xi;
-	$code.="\tsrlx	@X[($i/2)%8],32,$xi\n";
-    }
-$code.=<<___;
-	add	$tmp0,$e,$e		!!
-	xor	$c,$b,$tmp0
-	add	$tmp1,$e,$e
-	sll	$b,30,$tmp2
-	xor	$d,$tmp0,$tmp1
-	srl	$b,2,$b
-	add	$tmp1,$e,$e
-	or	$tmp2,$b,$b
-	add	$xi,$e,$e
-___
-}
-
-sub BODY_40_59 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $xi;
-	&Xupdate(@_);
-    if ($i&1) {
-	$xi=@X[($i/2)%8];
-    } else {
-	$xi=$Xi;
-	$code.="\tsrlx	@X[($i/2)%8],32,$xi\n";
-    }
-$code.=<<___;
-	add	$tmp0,$e,$e		!!
-	and	$c,$b,$tmp0
-	add	$tmp1,$e,$e
-	sll	$b,30,$tmp2
-	or	$c,$b,$tmp1
-	srl	$b,2,$b
-	and	$d,$tmp1,$tmp1
-	add	$xi,$e,$e
-	or	$tmp1,$tmp0,$tmp1
-	or	$tmp2,$b,$b
-	add	$tmp1,$e,$e
-___
-}
-
-$code.=<<___ if ($bits==64);
-.register	%g2,#scratch
-.register	%g3,#scratch
-___
-$code.=<<___;
-.section	".text",#alloc,#execinstr
-
-.align	32
-.globl	sha1_block_data_order
-sha1_block_data_order:
-	save	%sp,-$frame,%sp
-	sllx	$len,6,$len
-	add	$inp,$len,$len
-
-	or	%g0,1,$rot1m
-	sllx	$rot1m,32,$rot1m
-	or	$rot1m,1,$rot1m
-
-	ld	[$ctx+0],$A
-	ld	[$ctx+4],$B
-	ld	[$ctx+8],$C
-	ld	[$ctx+12],$D
-	ld	[$ctx+16],$E
-	andn	$inp,7,$tmp0
-
-	sethi	%hi(0x5a827999),$K_00_19
-	or	$K_00_19,%lo(0x5a827999),$K_00_19
-	sethi	%hi(0x6ed9eba1),$K_20_39
-	or	$K_20_39,%lo(0x6ed9eba1),$K_20_39
-	sethi	%hi(0x8f1bbcdc),$K_40_59
-	or	$K_40_59,%lo(0x8f1bbcdc),$K_40_59
-	sethi	%hi(0xca62c1d6),$K_60_79
-	or	$K_60_79,%lo(0xca62c1d6),$K_60_79
-
-.Lloop:
-	ldx	[$tmp0+0],@X[0]
-	ldx	[$tmp0+16],@X[2]
-	ldx	[$tmp0+32],@X[4]
-	ldx	[$tmp0+48],@X[6]
-	and	$inp,7,$tmp1
-	ldx	[$tmp0+8],@X[1]
-	sll	$tmp1,3,$tmp1
-	ldx	[$tmp0+24],@X[3]
-	subcc	%g0,$tmp1,$tmp2	! should be 64-$tmp1, but -$tmp1 works too
-	ldx	[$tmp0+40],@X[5]
-	bz,pt	%icc,.Laligned
-	ldx	[$tmp0+56],@X[7]
-
-	sllx	@X[0],$tmp1,@X[0]
-	ldx	[$tmp0+64],$tmp64
-___
-for($i=0;$i<7;$i++)
-{   $code.=<<___;
-	srlx	@X[$i+1],$tmp2,$Xi
-	sllx	@X[$i+1],$tmp1,@X[$i+1]
-	or	$Xi,@X[$i],@X[$i]
-___
-}
-$code.=<<___;
-	srlx	$tmp64,$tmp2,$tmp64
-	or	$tmp64,@X[7],@X[7]
-.Laligned:
-	srlx	@X[0],32,$Xi
-___
-for ($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
-for (;$i<20;$i++)	{ &BODY_16_19($i,@V); unshift(@V,pop(@V)); }
-for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
-for (;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-
-	ld	[$ctx+0],@X[0]
-	ld	[$ctx+4],@X[1]
-	ld	[$ctx+8],@X[2]
-	ld	[$ctx+12],@X[3]
-	add	$inp,64,$inp
-	ld	[$ctx+16],@X[4]
-	cmp	$inp,$len
-
-	add	$A,@X[0],$A
-	st	$A,[$ctx+0]
-	add	$B,@X[1],$B
-	st	$B,[$ctx+4]
-	add	$C,@X[2],$C
-	st	$C,[$ctx+8]
-	add	$D,@X[3],$D
-	st	$D,[$ctx+12]
-	add	$E,@X[4],$E
-	st	$E,[$ctx+16]
-
-	bne	`$bits==64?"%xcc":"%icc"`,.Lloop
-	andn	$inp,7,$tmp0
-
-	ret
-	restore
-.type	sha1_block_data_order,#function
-.size	sha1_block_data_order,(.-sha1_block_data_order)
-.asciz	"SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
-.align	4
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/sha/asm/sha1-sparcv9a.pl b/crypto/sha/asm/sha1-sparcv9a.pl
deleted file mode 100644
index e65291bbd9..0000000000
--- a/crypto/sha/asm/sha1-sparcv9a.pl
+++ /dev/null
@@ -1,601 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# January 2009
-#
-# Provided that UltraSPARC VIS instructions are pipe-lined(*) and
-# pairable(*) with IALU ones, offloading of Xupdate to the UltraSPARC
-# Graphic Unit would make it possible to achieve higher instruction-
-# level parallelism, ILP, and thus higher performance. It should be
-# explicitly noted that ILP is the keyword, and it means that this
-# code would be unsuitable for cores like UltraSPARC-Tx. The idea is
-# not really novel, Sun had VIS-powered implementation for a while.
-# Unlike Sun's implementation this one can process multiple unaligned
-# input blocks, and as such works as drop-in replacement for OpenSSL
-# sha1_block_data_order. Performance improvement was measured to be
-# 40% over pure IALU sha1-sparcv9.pl on UltraSPARC-IIi, but 12% on
-# UltraSPARC-III. See below for discussion...
-#
-# The module does not present direct interest for OpenSSL, because
-# it doesn't provide better performance on contemporary SPARCv9 CPUs,
-# UltraSPARC-Tx and SPARC64-V[II] to be specific. Those who feel they
-# absolutely must score on UltraSPARC-I-IV can simply replace
-# crypto/sha/asm/sha1-sparcv9.pl with this module.
-#
-# (*)	"Pipe-lined" means that even if it takes several cycles to
-#	complete, next instruction using same functional unit [but not
-#	depending on the result of the current instruction] can start
-#	execution without having to wait for the unit. "Pairable"
-#	means that two [or more] independent instructions can be
-#	issued at the very same time.
-
-$bits=32;
-for (@ARGV)	{ $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
-if ($bits==64)	{ $bias=2047; $frame=192; }
-else		{ $bias=0;    $frame=112; }
-
-$output=shift;
-open STDOUT,">$output";
-
-$ctx="%i0";
-$inp="%i1";
-$len="%i2";
-$tmp0="%i3";
-$tmp1="%i4";
-$tmp2="%i5";
-$tmp3="%g5";
-
-$base="%g1";
-$align="%g4";
-$Xfer="%o5";
-$nXfer=$tmp3;
-$Xi="%o7";
-
-$A="%l0";
-$B="%l1";
-$C="%l2";
-$D="%l3";
-$E="%l4";
-@V=($A,$B,$C,$D,$E);
-
-$Actx="%o0";
-$Bctx="%o1";
-$Cctx="%o2";
-$Dctx="%o3";
-$Ectx="%o4";
-
-$fmul="%f32";
-$VK_00_19="%f34";
-$VK_20_39="%f36";
-$VK_40_59="%f38";
-$VK_60_79="%f40";
-@VK=($VK_00_19,$VK_20_39,$VK_40_59,$VK_60_79);
-@X=("%f0", "%f1", "%f2", "%f3", "%f4", "%f5", "%f6", "%f7",
-    "%f8", "%f9","%f10","%f11","%f12","%f13","%f14","%f15","%f16");
-
-# This is reference 2x-parallelized VIS-powered Xupdate procedure. It
-# covers even K_NN_MM addition...
-sub Xupdate {
-my ($i)=@_;
-my $K=@VK[($i+16)/20];
-my $j=($i+16)%16;
-
-#	[ provided that GSR.alignaddr_offset is 5, $mul contains
-#	  0x100ULL<<32|0x100 value and K_NN_MM are pre-loaded to
-#	  chosen registers... ]
-$code.=<<___;
-	fxors		@X[($j+13)%16],@X[$j],@X[$j]	!-1/-1/-1:X[0]^=X[13]
-	fxors		@X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
-	fxor		@X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
-	fxor		%f18,@X[$j],@X[$j]		! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
-	faligndata	@X[$j],@X[$j],%f18		! 3/ 7/ 5:Tmp=X[0,1]>>>24
-	fpadd32		@X[$j],@X[$j],@X[$j]		! 4/ 8/ 6:X[0,1]<<=1
-	fmul8ulx16	%f18,$fmul,%f18			! 5/10/ 7:Tmp>>=7, Tmp&=1
-	![fxors		%f15,%f2,%f2]
-	for		%f18,@X[$j],@X[$j]		! 8/14/10:X[0,1]|=Tmp
-	![fxors		%f0,%f3,%f3]			!10/17/12:X[0] dependency
-	fpadd32		$K,@X[$j],%f20
-	std		%f20,[$Xfer+`4*$j`]
-___
-# The numbers delimited with slash are the earliest possible dispatch
-# cycles for given instruction assuming 1 cycle latency for simple VIS
-# instructions, such as on UltraSPARC-I&II, 3 cycles latency, such as
-# on UltraSPARC-III&IV, and 2 cycles latency(*), respectively. Being
-# 2x-parallelized the procedure is "worth" 5, 8.5 or 6 ticks per SHA1
-# round. As [long as] FPU/VIS instructions are perfectly pairable with
-# IALU ones, the round timing is defined by the maximum between VIS
-# and IALU timings. The latter varies from round to round and averages
-# out at 6.25 ticks. This means that USI&II should operate at IALU
-# rate, while USIII&IV - at VIS rate. This explains why performance
-# improvement varies among processors. Well, given that pure IALU
-# sha1-sparcv9.pl module exhibits virtually uniform performance of
-# ~9.3 cycles per SHA1 round. Timings mentioned above are theoretical
-# lower limits. Real-life performance was measured to be 6.6 cycles
-# per SHA1 round on USIIi and 8.3 on USIII. The latter is lower than
-# half-round VIS timing, because there are 16 Xupdate-free rounds,
-# which "push down" average theoretical timing to 8 cycles...
-
-# (*)	SPARC64-V[II] was originally believed to have 2 cycles VIS
-#	latency. Well, it might have, but it doesn't have dedicated
-#	VIS-unit. Instead, VIS instructions are executed by other
-#	functional units, ones used here - by IALU. This doesn't
-#	improve effective ILP...
-}
-
-# The reference Xupdate procedure is then "strained" over *pairs* of
-# BODY_NN_MM and kind of modulo-scheduled in respect to X[n]^=X[n+13]
-# and K_NN_MM addition. It's "running" 15 rounds ahead, which leaves
-# plenty of room to amortize for read-after-write hazard, as well as
-# to fetch and align input for the next spin. The VIS instructions are
-# scheduled for latency of 2 cycles, because there are not enough IALU
-# instructions to schedule for latency of 3, while scheduling for 1
-# would give no gain on USI&II anyway.
-
-sub BODY_00_19 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i&~1;
-my $k=($j+16+2)%16;	# ahead reference
-my $l=($j+16-2)%16;	# behind reference
-my $K=@VK[($j+16-2)/20];
-
-$j=($j+16)%16;
-
-$code.=<<___ if (!($i&1));
-	sll		$a,5,$tmp0			!! $i
-	and		$c,$b,$tmp3
-	ld		[$Xfer+`4*($i%16)`],$Xi
-	 fxors		@X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
-	srl		$a,27,$tmp1
-	add		$tmp0,$e,$e
-	 fxor		@X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
-	sll		$b,30,$tmp2
-	add		$tmp1,$e,$e
-	andn		$d,$b,$tmp1
-	add		$Xi,$e,$e
-	 fxor		%f18,@X[$j],@X[$j]		! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
-	srl		$b,2,$b
-	or		$tmp1,$tmp3,$tmp1
-	or		$tmp2,$b,$b
-	add		$tmp1,$e,$e
-	 faligndata	@X[$j],@X[$j],%f18		! 3/ 7/ 5:Tmp=X[0,1]>>>24
-___
-$code.=<<___ if ($i&1);
-	sll		$a,5,$tmp0			!! $i
-	and		$c,$b,$tmp3
-	ld		[$Xfer+`4*($i%16)`],$Xi
-	 fpadd32	@X[$j],@X[$j],@X[$j]		! 4/ 8/ 6:X[0,1]<<=1
-	srl		$a,27,$tmp1
-	add		$tmp0,$e,$e
-	 fmul8ulx16	%f18,$fmul,%f18			! 5/10/ 7:Tmp>>=7, Tmp&=1
-	sll		$b,30,$tmp2
-	add		$tmp1,$e,$e
-	 fpadd32	$K,@X[$l],%f20			!
-	andn		$d,$b,$tmp1
-	add		$Xi,$e,$e
-	 fxors		@X[($k+13)%16],@X[$k],@X[$k]	!-1/-1/-1:X[0]^=X[13]
-	srl		$b,2,$b
-	or		$tmp1,$tmp3,$tmp1
-	 fxor		%f18,@X[$j],@X[$j]		! 8/14/10:X[0,1]|=Tmp
-	or		$tmp2,$b,$b
-	add		$tmp1,$e,$e
-___
-$code.=<<___ if ($i&1 && $i>=2);
-	 std		%f20,[$Xfer+`4*$l`]		!
-___
-}
-
-sub BODY_20_39 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i&~1;
-my $k=($j+16+2)%16;	# ahead reference
-my $l=($j+16-2)%16;	# behind reference
-my $K=@VK[($j+16-2)/20];
-
-$j=($j+16)%16;
-
-$code.=<<___ if (!($i&1) && $i<64);
-	sll		$a,5,$tmp0			!! $i
-	ld		[$Xfer+`4*($i%16)`],$Xi
-	 fxors		@X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
-	srl		$a,27,$tmp1
-	add		$tmp0,$e,$e
-	 fxor		@X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
-	xor		$c,$b,$tmp0
-	add		$tmp1,$e,$e
-	sll		$b,30,$tmp2
-	xor		$d,$tmp0,$tmp1
-	 fxor		%f18,@X[$j],@X[$j]		! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
-	srl		$b,2,$b
-	add		$tmp1,$e,$e
-	or		$tmp2,$b,$b
-	add		$Xi,$e,$e
-	 faligndata	@X[$j],@X[$j],%f18		! 3/ 7/ 5:Tmp=X[0,1]>>>24
-___
-$code.=<<___ if ($i&1 && $i<64);
-	sll		$a,5,$tmp0			!! $i
-	ld		[$Xfer+`4*($i%16)`],$Xi
-	 fpadd32	@X[$j],@X[$j],@X[$j]		! 4/ 8/ 6:X[0,1]<<=1
-	srl		$a,27,$tmp1
-	add		$tmp0,$e,$e
-	 fmul8ulx16	%f18,$fmul,%f18			! 5/10/ 7:Tmp>>=7, Tmp&=1
-	xor		$c,$b,$tmp0
-	add		$tmp1,$e,$e
-	 fpadd32	$K,@X[$l],%f20			!
-	sll		$b,30,$tmp2
-	xor		$d,$tmp0,$tmp1
-	 fxors		@X[($k+13)%16],@X[$k],@X[$k]	!-1/-1/-1:X[0]^=X[13]
-	srl		$b,2,$b
-	add		$tmp1,$e,$e
-	 fxor		%f18,@X[$j],@X[$j]		! 8/14/10:X[0,1]|=Tmp
-	or		$tmp2,$b,$b
-	add		$Xi,$e,$e
-	 std		%f20,[$Xfer+`4*$l`]		!
-___
-$code.=<<___ if ($i==64);
-	sll		$a,5,$tmp0			!! $i
-	ld		[$Xfer+`4*($i%16)`],$Xi
-	 fpadd32	$K,@X[$l],%f20
-	srl		$a,27,$tmp1
-	add		$tmp0,$e,$e
-	xor		$c,$b,$tmp0
-	add		$tmp1,$e,$e
-	sll		$b,30,$tmp2
-	xor		$d,$tmp0,$tmp1
-	 std		%f20,[$Xfer+`4*$l`]
-	srl		$b,2,$b
-	add		$tmp1,$e,$e
-	or		$tmp2,$b,$b
-	add		$Xi,$e,$e
-___
-$code.=<<___ if ($i>64);
-	sll		$a,5,$tmp0			!! $i
-	ld		[$Xfer+`4*($i%16)`],$Xi
-	srl		$a,27,$tmp1
-	add		$tmp0,$e,$e
-	xor		$c,$b,$tmp0
-	add		$tmp1,$e,$e
-	sll		$b,30,$tmp2
-	xor		$d,$tmp0,$tmp1
-	srl		$b,2,$b
-	add		$tmp1,$e,$e
-	or		$tmp2,$b,$b
-	add		$Xi,$e,$e
-___
-}
-
-sub BODY_40_59 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i&~1;
-my $k=($j+16+2)%16;	# ahead reference
-my $l=($j+16-2)%16;	# behind reference
-my $K=@VK[($j+16-2)/20];
-
-$j=($j+16)%16;
-
-$code.=<<___ if (!($i&1));
-	sll		$a,5,$tmp0			!! $i
-	ld		[$Xfer+`4*($i%16)`],$Xi
-	 fxors		@X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14]
-	srl		$a,27,$tmp1
-	add		$tmp0,$e,$e
-	 fxor		@X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9]
-	and		$c,$b,$tmp0
-	add		$tmp1,$e,$e
-	sll		$b,30,$tmp2
-	or		$c,$b,$tmp1
-	 fxor		%f18,@X[$j],@X[$j]		! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9]
-	srl		$b,2,$b
-	and		$d,$tmp1,$tmp1
-	add		$Xi,$e,$e
-	or		$tmp1,$tmp0,$tmp1
-	 faligndata	@X[$j],@X[$j],%f18		! 3/ 7/ 5:Tmp=X[0,1]>>>24
-	or		$tmp2,$b,$b
-	add		$tmp1,$e,$e
-	 fpadd32	@X[$j],@X[$j],@X[$j]		! 4/ 8/ 6:X[0,1]<<=1
-___
-$code.=<<___ if ($i&1);
-	sll		$a,5,$tmp0			!! $i
-	ld		[$Xfer+`4*($i%16)`],$Xi
-	srl		$a,27,$tmp1
-	add		$tmp0,$e,$e
-	 fmul8ulx16	%f18,$fmul,%f18			! 5/10/ 7:Tmp>>=7, Tmp&=1
-	and		$c,$b,$tmp0
-	add		$tmp1,$e,$e
-	 fpadd32	$K,@X[$l],%f20			!
-	sll		$b,30,$tmp2
-	or		$c,$b,$tmp1
-	 fxors		@X[($k+13)%16],@X[$k],@X[$k]	!-1/-1/-1:X[0]^=X[13]
-	srl		$b,2,$b
-	and		$d,$tmp1,$tmp1
-	 fxor		%f18,@X[$j],@X[$j]		! 8/14/10:X[0,1]|=Tmp
-	add		$Xi,$e,$e
-	or		$tmp1,$tmp0,$tmp1
-	or		$tmp2,$b,$b
-	add		$tmp1,$e,$e
-	 std		%f20,[$Xfer+`4*$l`]		!
-___
-}
-
-# If there is more data to process, then we pre-fetch the data for
-# next iteration in last ten rounds...
-sub BODY_70_79 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i&~1;
-my $m=($i%8)*2;
-
-$j=($j+16)%16;
-
-$code.=<<___ if ($i==70);
-	sll		$a,5,$tmp0			!! $i
-	ld		[$Xfer+`4*($i%16)`],$Xi
-	srl		$a,27,$tmp1
-	add		$tmp0,$e,$e
-	 ldd		[$inp+64],@X[0]
-	xor		$c,$b,$tmp0
-	add		$tmp1,$e,$e
-	sll		$b,30,$tmp2
-	xor		$d,$tmp0,$tmp1
-	srl		$b,2,$b
-	add		$tmp1,$e,$e
-	or		$tmp2,$b,$b
-	add		$Xi,$e,$e
-
-	and		$inp,-64,$nXfer
-	inc		64,$inp
-	and		$nXfer,255,$nXfer
-	alignaddr	%g0,$align,%g0
-	add		$base,$nXfer,$nXfer
-___
-$code.=<<___ if ($i==71);
-	sll		$a,5,$tmp0			!! $i
-	ld		[$Xfer+`4*($i%16)`],$Xi
-	srl		$a,27,$tmp1
-	add		$tmp0,$e,$e
-	xor		$c,$b,$tmp0
-	add		$tmp1,$e,$e
-	sll		$b,30,$tmp2
-	xor		$d,$tmp0,$tmp1
-	srl		$b,2,$b
-	add		$tmp1,$e,$e
-	or		$tmp2,$b,$b
-	add		$Xi,$e,$e
-___
-$code.=<<___ if ($i>=72);
-	 faligndata	@X[$m],@X[$m+2],@X[$m]
-	sll		$a,5,$tmp0			!! $i
-	ld		[$Xfer+`4*($i%16)`],$Xi
-	srl		$a,27,$tmp1
-	add		$tmp0,$e,$e
-	xor		$c,$b,$tmp0
-	add		$tmp1,$e,$e
-	 fpadd32	$VK_00_19,@X[$m],%f20
-	sll		$b,30,$tmp2
-	xor		$d,$tmp0,$tmp1
-	srl		$b,2,$b
-	add		$tmp1,$e,$e
-	or		$tmp2,$b,$b
-	add		$Xi,$e,$e
-___
-$code.=<<___ if ($i<77);
-	 ldd		[$inp+`8*($i+1-70)`],@X[2*($i+1-70)]
-___
-$code.=<<___ if ($i==77);	# redundant if $inp was aligned
-	 add		$align,63,$tmp0
-	 and		$tmp0,-8,$tmp0
-	 ldd		[$inp+$tmp0],@X[16]
-___
-$code.=<<___ if ($i>=72);
-	 std		%f20,[$nXfer+`4*$m`]
-___
-}
-
-$code.=<<___;
-.section	".text",#alloc,#execinstr
-
-.align	64
-vis_const:
-.long	0x5a827999,0x5a827999	! K_00_19
-.long	0x6ed9eba1,0x6ed9eba1	! K_20_39
-.long	0x8f1bbcdc,0x8f1bbcdc	! K_40_59
-.long	0xca62c1d6,0xca62c1d6	! K_60_79
-.long	0x00000100,0x00000100
-.align	64
-.type	vis_const,#object
-.size	vis_const,(.-vis_const)
-
-.globl	sha1_block_data_order
-sha1_block_data_order:
-	save	%sp,-$frame,%sp
-	add	%fp,$bias-256,$base
-
-1:	call	.+8
-	add	%o7,vis_const-1b,$tmp0
-
-	ldd	[$tmp0+0],$VK_00_19
-	ldd	[$tmp0+8],$VK_20_39
-	ldd	[$tmp0+16],$VK_40_59
-	ldd	[$tmp0+24],$VK_60_79
-	ldd	[$tmp0+32],$fmul
-
-	ld	[$ctx+0],$Actx
-	and	$base,-256,$base
-	ld	[$ctx+4],$Bctx
-	sub	$base,$bias+$frame,%sp
-	ld	[$ctx+8],$Cctx
-	and	$inp,7,$align
-	ld	[$ctx+12],$Dctx
-	and	$inp,-8,$inp
-	ld	[$ctx+16],$Ectx
-
-	! X[16] is maintained in FP register bank
-	alignaddr	%g0,$align,%g0
-	ldd		[$inp+0],@X[0]
-	sub		$inp,-64,$Xfer
-	ldd		[$inp+8],@X[2]
-	and		$Xfer,-64,$Xfer
-	ldd		[$inp+16],@X[4]
-	and		$Xfer,255,$Xfer
-	ldd		[$inp+24],@X[6]
-	add		$base,$Xfer,$Xfer
-	ldd		[$inp+32],@X[8]
-	ldd		[$inp+40],@X[10]
-	ldd		[$inp+48],@X[12]
-	brz,pt		$align,.Laligned
-	ldd		[$inp+56],@X[14]
-
-	ldd		[$inp+64],@X[16]
-	faligndata	@X[0],@X[2],@X[0]
-	faligndata	@X[2],@X[4],@X[2]
-	faligndata	@X[4],@X[6],@X[4]
-	faligndata	@X[6],@X[8],@X[6]
-	faligndata	@X[8],@X[10],@X[8]
-	faligndata	@X[10],@X[12],@X[10]
-	faligndata	@X[12],@X[14],@X[12]
-	faligndata	@X[14],@X[16],@X[14]
-
-.Laligned:
-	mov		5,$tmp0
-	dec		1,$len
-	alignaddr	%g0,$tmp0,%g0
-	fpadd32		$VK_00_19,@X[0],%f16
-	fpadd32		$VK_00_19,@X[2],%f18
-	fpadd32		$VK_00_19,@X[4],%f20
-	fpadd32		$VK_00_19,@X[6],%f22
-	fpadd32		$VK_00_19,@X[8],%f24
-	fpadd32		$VK_00_19,@X[10],%f26
-	fpadd32		$VK_00_19,@X[12],%f28
-	fpadd32		$VK_00_19,@X[14],%f30
-	std		%f16,[$Xfer+0]
-	mov		$Actx,$A
-	std		%f18,[$Xfer+8]
-	mov		$Bctx,$B
-	std		%f20,[$Xfer+16]
-	mov		$Cctx,$C
-	std		%f22,[$Xfer+24]
-	mov		$Dctx,$D
-	std		%f24,[$Xfer+32]
-	mov		$Ectx,$E
-	std		%f26,[$Xfer+40]
-	fxors		@X[13],@X[0],@X[0]
-	std		%f28,[$Xfer+48]
-	ba		.Loop
-	std		%f30,[$Xfer+56]
-.align	32
-.Loop:
-___
-for ($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
-for (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-for (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
-for (;$i<70;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	tst		$len
-	bz,pn		`$bits==32?"%icc":"%xcc"`,.Ltail
-	nop
-___
-for (;$i<80;$i++)	{ &BODY_70_79($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	add		$A,$Actx,$Actx
-	add		$B,$Bctx,$Bctx
-	add		$C,$Cctx,$Cctx
-	add		$D,$Dctx,$Dctx
-	add		$E,$Ectx,$Ectx
-	mov		5,$tmp0
-	fxors		@X[13],@X[0],@X[0]
-	mov		$Actx,$A
-	mov		$Bctx,$B
-	mov		$Cctx,$C
-	mov		$Dctx,$D
-	mov		$Ectx,$E
-	alignaddr	%g0,$tmp0,%g0	
-	dec		1,$len
-	ba		.Loop
-	mov		$nXfer,$Xfer
-
-.align	32
-.Ltail:
-___
-for($i=70;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	add	$A,$Actx,$Actx
-	add	$B,$Bctx,$Bctx
-	add	$C,$Cctx,$Cctx
-	add	$D,$Dctx,$Dctx
-	add	$E,$Ectx,$Ectx
-
-	st	$Actx,[$ctx+0]
-	st	$Bctx,[$ctx+4]
-	st	$Cctx,[$ctx+8]
-	st	$Dctx,[$ctx+12]
-	st	$Ectx,[$ctx+16]
-
-	ret
-	restore
-.type	sha1_block_data_order,#function
-.size	sha1_block_data_order,(.-sha1_block_data_order)
-.asciz	"SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>"
-.align	4
-___
-
-# Purpose of these subroutines is to explicitly encode VIS instructions,
-# so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
-# Idea is to reserve for option to produce "universal" binary and let
-# programmer detect if current CPU is VIS capable at run-time.
-sub unvis {
-my ($mnemonic,$rs1,$rs2,$rd)=@_;
-my ($ref,$opf);
-my %visopf = (	"fmul8ulx16"	=> 0x037,
-		"faligndata"	=> 0x048,
-		"fpadd32"	=> 0x052,
-		"fxor"		=> 0x06c,
-		"fxors"		=> 0x06d	);
-
-    $ref = "$mnemonic\t$rs1,$rs2,$rd";
-
-    if ($opf=$visopf{$mnemonic}) {
-	foreach ($rs1,$rs2,$rd) {
-	    return $ref if (!/%f([0-9]{1,2})/);
-	    $_=$1;
-	    if ($1>=32) {
-		return $ref if ($1&1);
-		# re-encode for upper double register addressing
-		$_=($1|$1>>5)&31;
-	    }
-	}
-
-	return	sprintf ".word\t0x%08x !%s",
-			0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
-			$ref;
-    } else {
-	return $ref;
-    }
-}
-sub unalignaddr {
-my ($mnemonic,$rs1,$rs2,$rd)=@_;
-my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
-my $ref="$mnemonic\t$rs1,$rs2,$rd";
-
-    foreach ($rs1,$rs2,$rd) {
-	if (/%([goli])([0-7])/)	{ $_=$bias{$1}+$2; }
-	else			{ return $ref; }
-    }
-    return  sprintf ".word\t0x%08x !%s",
-		    0x81b00300|$rd<<25|$rs1<<14|$rs2,
-		    $ref;
-}
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),(%f[0-9]{1,2}),(%f[0-9]{1,2})/
-		&unvis($1,$2,$3,$4)
-	  /gem;
-$code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/
-		&unalignaddr($1,$2,$3,$4)
-	  /gem;
-print $code;
-close STDOUT;
diff --git a/crypto/sha/asm/sha1-thumb.pl b/crypto/sha/asm/sha1-thumb.pl
deleted file mode 100644
index 7c9ea9b029..0000000000
--- a/crypto/sha/asm/sha1-thumb.pl
+++ /dev/null
@@ -1,259 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# sha1_block for Thumb.
-#
-# January 2007.
-#
-# The code does not present direct interest to OpenSSL, because of low
-# performance. Its purpose is to establish _size_ benchmark. Pretty
-# useless one I must say, because 30% or 88 bytes larger ARMv4 code
-# [avialable on demand] is almost _twice_ as fast. It should also be
-# noted that in-lining of .Lcommon and .Lrotate improves performance
-# by over 40%, while code increases by only 10% or 32 bytes. But once
-# again, the goal was to establish _size_ benchmark, not performance.
-
-$output=shift;
-open STDOUT,">$output";
-
-$inline=0;
-#$cheat_on_binutils=1;
-
-$t0="r0";
-$t1="r1";
-$t2="r2";
-$a="r3";
-$b="r4";
-$c="r5";
-$d="r6";
-$e="r7";
-$K="r8";	# "upper" registers can be used in add/sub and mov insns
-$ctx="r9";
-$inp="r10";
-$len="r11";
-$Xi="r12";
-
-sub common {
-<<___;
-	sub	$t0,#4
-	ldr	$t1,[$t0]
-	add	$e,$K			@ E+=K_xx_xx
-	lsl	$t2,$a,#5
-	add	$t2,$e
-	lsr	$e,$a,#27
-	add	$t2,$e			@ E+=ROR(A,27)
-	add	$t2,$t1			@ E+=X[i]
-___
-}
-sub rotate {
-<<___;
-	mov	$e,$d			@ E=D
-	mov	$d,$c			@ D=C
-	lsl	$c,$b,#30
-	lsr	$b,$b,#2
-	orr	$c,$b			@ C=ROR(B,2)
-	mov	$b,$a			@ B=A
-	add	$a,$t2,$t1		@ A=E+F_xx_xx(B,C,D)
-___
-}
-
-sub BODY_00_19 {
-$code.=$inline?&common():"\tbl	.Lcommon\n";
-$code.=<<___;
-	mov	$t1,$c
-	eor	$t1,$d
-	and	$t1,$b
-	eor	$t1,$d			@ F_00_19(B,C,D)
-___
-$code.=$inline?&rotate():"\tbl	.Lrotate\n";
-}
-
-sub BODY_20_39 {
-$code.=$inline?&common():"\tbl	.Lcommon\n";
-$code.=<<___;
-	mov	$t1,$b
-	eor	$t1,$c
-	eor	$t1,$d			@ F_20_39(B,C,D)
-___
-$code.=$inline?&rotate():"\tbl	.Lrotate\n";
-}
-
-sub BODY_40_59 {
-$code.=$inline?&common():"\tbl	.Lcommon\n";
-$code.=<<___;
-	mov	$t1,$b
-	and	$t1,$c
-	mov	$e,$b
-	orr	$e,$c
-	and	$e,$d
-	orr	$t1,$e			@ F_40_59(B,C,D)
-___
-$code.=$inline?&rotate():"\tbl	.Lrotate\n";
-}
-
-$code=<<___;
-.text
-.code	16
-
-.global	sha1_block_data_order
-.type	sha1_block_data_order,%function
-
-.align	2
-sha1_block_data_order:
-___
-if ($cheat_on_binutils) {
-$code.=<<___;
-.code	32
-	add	r3,pc,#1
-	bx	r3			@ switch to Thumb ISA
-.code	16
-___
-}
-$code.=<<___;
-	push	{r4-r7}
-	mov	r3,r8
-	mov	r4,r9
-	mov	r5,r10
-	mov	r6,r11
-	mov	r7,r12
-	push	{r3-r7,lr}
-	lsl	r2,#6
-	mov	$ctx,r0			@ save context
-	mov	$inp,r1			@ save inp
-	mov	$len,r2			@ save len
-	add	$len,$inp		@ $len to point at inp end
-
-.Lloop:
-	mov	$Xi,sp
-	mov	$t2,sp
-	sub	$t2,#16*4		@ [3]
-.LXload:
-	ldrb	$a,[$t1,#0]		@ $t1 is r1 and holds inp
-	ldrb	$b,[$t1,#1]
-	ldrb	$c,[$t1,#2]
-	ldrb	$d,[$t1,#3]
-	lsl	$a,#24
-	lsl	$b,#16
-	lsl	$c,#8
-	orr	$a,$b
-	orr	$a,$c
-	orr	$a,$d
-	add	$t1,#4
-	push	{$a}
-	cmp	sp,$t2
-	bne	.LXload			@ [+14*16]
-
-	mov	$inp,$t1		@ update $inp
-	sub	$t2,#32*4
-	sub	$t2,#32*4
-	mov	$e,#31			@ [+4]
-.LXupdate:
-	ldr	$a,[sp,#15*4]
-	ldr	$b,[sp,#13*4]
-	ldr	$c,[sp,#7*4]
-	ldr	$d,[sp,#2*4]
-	eor	$a,$b
-	eor	$a,$c
-	eor	$a,$d
-	ror	$a,$e
-	push	{$a}
-	cmp	sp,$t2
-	bne	.LXupdate		@ [+(11+1)*64]
-
-	ldmia	$t0!,{$a,$b,$c,$d,$e}	@ $t0 is r0 and holds ctx
-	mov	$t0,$Xi
-
-	ldr	$t2,.LK_00_19
-	mov	$t1,$t0
-	sub	$t1,#20*4
-	mov	$Xi,$t1
-	mov	$K,$t2			@ [+7+4]
-.L_00_19:
-___
-	&BODY_00_19();
-$code.=<<___;
-	cmp	$Xi,$t0
-	bne	.L_00_19		@ [+(2+9+4+2+8+2)*20]
-
-	ldr	$t2,.LK_20_39
-	mov	$t1,$t0
-	sub	$t1,#20*4
-	mov	$Xi,$t1
-	mov	$K,$t2			@ [+5]
-.L_20_39_or_60_79:
-___
-	&BODY_20_39();
-$code.=<<___;
-	cmp	$Xi,$t0
-	bne	.L_20_39_or_60_79	@ [+(2+9+3+2+8+2)*20*2]
-	cmp	sp,$t0
-	beq	.Ldone			@ [+2]
-
-	ldr	$t2,.LK_40_59
-	mov	$t1,$t0
-	sub	$t1,#20*4
-	mov	$Xi,$t1
-	mov	$K,$t2			@ [+5]
-.L_40_59:
-___
-	&BODY_40_59();
-$code.=<<___;
-	cmp	$Xi,$t0
-	bne	.L_40_59		@ [+(2+9+6+2+8+2)*20]
-
-	ldr	$t2,.LK_60_79
-	mov	$Xi,sp
-	mov	$K,$t2
-	b	.L_20_39_or_60_79	@ [+4]
-.Ldone:
-	mov	$t0,$ctx
-	ldr	$t1,[$t0,#0]
-	ldr	$t2,[$t0,#4]
-	add	$a,$t1
-	ldr	$t1,[$t0,#8]
-	add	$b,$t2
-	ldr	$t2,[$t0,#12]
-	add	$c,$t1
-	ldr	$t1,[$t0,#16]
-	add	$d,$t2
-	add	$e,$t1
-	stmia	$t0!,{$a,$b,$c,$d,$e}	@ [+20]
-
-	add	sp,#80*4		@ deallocate stack frame
-	mov	$t0,$ctx		@ restore ctx
-	mov	$t1,$inp		@ restore inp
-	cmp	$t1,$len
-	beq	.Lexit
-	b	.Lloop			@ [+6] total 3212 cycles
-.Lexit:
-	pop	{r2-r7}
-	mov	r8,r2
-	mov	r9,r3
-	mov	r10,r4
-	mov	r11,r5
-	mov	r12,r6
-	mov	lr,r7
-	pop	{r4-r7}
-	bx	lr
-.align	2
-___
-$code.=".Lcommon:\n".&common()."\tmov	pc,lr\n" if (!$inline);
-$code.=".Lrotate:\n".&rotate()."\tmov	pc,lr\n" if (!$inline);
-$code.=<<___;
-.align	2
-.LK_00_19:	.word	0x5a827999
-.LK_20_39:	.word	0x6ed9eba1
-.LK_40_59:	.word	0x8f1bbcdc
-.LK_60_79:	.word	0xca62c1d6
-.size	sha1_block_data_order,.-sha1_block_data_order
-.asciz	"SHA1 block transform for Thumb, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-print $code;
-close STDOUT; # enforce flush
diff --git a/crypto/sha/asm/sha1-x86_64.S b/crypto/sha/asm/sha1-x86_64.S
deleted file mode 100644
index 3922e203b7..0000000000
--- a/crypto/sha/asm/sha1-x86_64.S
+++ /dev/null
@@ -1,2486 +0,0 @@
-.text	
-
-
-.globl	sha1_block_data_order
-.type	sha1_block_data_order,@function
-.align	16
-sha1_block_data_order:
-	movl	OPENSSL_ia32cap_P+0(%rip),%r9d
-	movl	OPENSSL_ia32cap_P+4(%rip),%r8d
-	testl	$512,%r8d
-	jz	.Lialu
-	jmp	_ssse3_shortcut
-
-.align	16
-.Lialu:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	movq	%rsp,%r11
-	movq	%rdi,%r8
-	subq	$72,%rsp
-	movq	%rsi,%r9
-	andq	$-64,%rsp
-	movq	%rdx,%r10
-	movq	%r11,64(%rsp)
-.Lprologue:
-
-	movl	0(%r8),%esi
-	movl	4(%r8),%edi
-	movl	8(%r8),%r11d
-	movl	12(%r8),%r12d
-	movl	16(%r8),%r13d
-	jmp	.Lloop
-
-.align	16
-.Lloop:
-	movl	0(%r9),%edx
-	bswapl	%edx
-	movl	%edx,0(%rsp)
-	movl	%r11d,%eax
-	movl	4(%r9),%ebp
-	movl	%esi,%ecx
-	xorl	%r12d,%eax
-	bswapl	%ebp
-	roll	$5,%ecx
-	leal	1518500249(%rdx,%r13,1),%r13d
-	andl	%edi,%eax
-	movl	%ebp,4(%rsp)
-	addl	%ecx,%r13d
-	xorl	%r12d,%eax
-	roll	$30,%edi
-	addl	%eax,%r13d
-	movl	%edi,%eax
-	movl	8(%r9),%edx
-	movl	%r13d,%ecx
-	xorl	%r11d,%eax
-	bswapl	%edx
-	roll	$5,%ecx
-	leal	1518500249(%rbp,%r12,1),%r12d
-	andl	%esi,%eax
-	movl	%edx,8(%rsp)
-	addl	%ecx,%r12d
-	xorl	%r11d,%eax
-	roll	$30,%esi
-	addl	%eax,%r12d
-	movl	%esi,%eax
-	movl	12(%r9),%ebp
-	movl	%r12d,%ecx
-	xorl	%edi,%eax
-	bswapl	%ebp
-	roll	$5,%ecx
-	leal	1518500249(%rdx,%r11,1),%r11d
-	andl	%r13d,%eax
-	movl	%ebp,12(%rsp)
-	addl	%ecx,%r11d
-	xorl	%edi,%eax
-	roll	$30,%r13d
-	addl	%eax,%r11d
-	movl	%r13d,%eax
-	movl	16(%r9),%edx
-	movl	%r11d,%ecx
-	xorl	%esi,%eax
-	bswapl	%edx
-	roll	$5,%ecx
-	leal	1518500249(%rbp,%rdi,1),%edi
-	andl	%r12d,%eax
-	movl	%edx,16(%rsp)
-	addl	%ecx,%edi
-	xorl	%esi,%eax
-	roll	$30,%r12d
-	addl	%eax,%edi
-	movl	%r12d,%eax
-	movl	20(%r9),%ebp
-	movl	%edi,%ecx
-	xorl	%r13d,%eax
-	bswapl	%ebp
-	roll	$5,%ecx
-	leal	1518500249(%rdx,%rsi,1),%esi
-	andl	%r11d,%eax
-	movl	%ebp,20(%rsp)
-	addl	%ecx,%esi
-	xorl	%r13d,%eax
-	roll	$30,%r11d
-	addl	%eax,%esi
-	movl	%r11d,%eax
-	movl	24(%r9),%edx
-	movl	%esi,%ecx
-	xorl	%r12d,%eax
-	bswapl	%edx
-	roll	$5,%ecx
-	leal	1518500249(%rbp,%r13,1),%r13d
-	andl	%edi,%eax
-	movl	%edx,24(%rsp)
-	addl	%ecx,%r13d
-	xorl	%r12d,%eax
-	roll	$30,%edi
-	addl	%eax,%r13d
-	movl	%edi,%eax
-	movl	28(%r9),%ebp
-	movl	%r13d,%ecx
-	xorl	%r11d,%eax
-	bswapl	%ebp
-	roll	$5,%ecx
-	leal	1518500249(%rdx,%r12,1),%r12d
-	andl	%esi,%eax
-	movl	%ebp,28(%rsp)
-	addl	%ecx,%r12d
-	xorl	%r11d,%eax
-	roll	$30,%esi
-	addl	%eax,%r12d
-	movl	%esi,%eax
-	movl	32(%r9),%edx
-	movl	%r12d,%ecx
-	xorl	%edi,%eax
-	bswapl	%edx
-	roll	$5,%ecx
-	leal	1518500249(%rbp,%r11,1),%r11d
-	andl	%r13d,%eax
-	movl	%edx,32(%rsp)
-	addl	%ecx,%r11d
-	xorl	%edi,%eax
-	roll	$30,%r13d
-	addl	%eax,%r11d
-	movl	%r13d,%eax
-	movl	36(%r9),%ebp
-	movl	%r11d,%ecx
-	xorl	%esi,%eax
-	bswapl	%ebp
-	roll	$5,%ecx
-	leal	1518500249(%rdx,%rdi,1),%edi
-	andl	%r12d,%eax
-	movl	%ebp,36(%rsp)
-	addl	%ecx,%edi
-	xorl	%esi,%eax
-	roll	$30,%r12d
-	addl	%eax,%edi
-	movl	%r12d,%eax
-	movl	40(%r9),%edx
-	movl	%edi,%ecx
-	xorl	%r13d,%eax
-	bswapl	%edx
-	roll	$5,%ecx
-	leal	1518500249(%rbp,%rsi,1),%esi
-	andl	%r11d,%eax
-	movl	%edx,40(%rsp)
-	addl	%ecx,%esi
-	xorl	%r13d,%eax
-	roll	$30,%r11d
-	addl	%eax,%esi
-	movl	%r11d,%eax
-	movl	44(%r9),%ebp
-	movl	%esi,%ecx
-	xorl	%r12d,%eax
-	bswapl	%ebp
-	roll	$5,%ecx
-	leal	1518500249(%rdx,%r13,1),%r13d
-	andl	%edi,%eax
-	movl	%ebp,44(%rsp)
-	addl	%ecx,%r13d
-	xorl	%r12d,%eax
-	roll	$30,%edi
-	addl	%eax,%r13d
-	movl	%edi,%eax
-	movl	48(%r9),%edx
-	movl	%r13d,%ecx
-	xorl	%r11d,%eax
-	bswapl	%edx
-	roll	$5,%ecx
-	leal	1518500249(%rbp,%r12,1),%r12d
-	andl	%esi,%eax
-	movl	%edx,48(%rsp)
-	addl	%ecx,%r12d
-	xorl	%r11d,%eax
-	roll	$30,%esi
-	addl	%eax,%r12d
-	movl	%esi,%eax
-	movl	52(%r9),%ebp
-	movl	%r12d,%ecx
-	xorl	%edi,%eax
-	bswapl	%ebp
-	roll	$5,%ecx
-	leal	1518500249(%rdx,%r11,1),%r11d
-	andl	%r13d,%eax
-	movl	%ebp,52(%rsp)
-	addl	%ecx,%r11d
-	xorl	%edi,%eax
-	roll	$30,%r13d
-	addl	%eax,%r11d
-	movl	%r13d,%eax
-	movl	56(%r9),%edx
-	movl	%r11d,%ecx
-	xorl	%esi,%eax
-	bswapl	%edx
-	roll	$5,%ecx
-	leal	1518500249(%rbp,%rdi,1),%edi
-	andl	%r12d,%eax
-	movl	%edx,56(%rsp)
-	addl	%ecx,%edi
-	xorl	%esi,%eax
-	roll	$30,%r12d
-	addl	%eax,%edi
-	movl	%r12d,%eax
-	movl	60(%r9),%ebp
-	movl	%edi,%ecx
-	xorl	%r13d,%eax
-	bswapl	%ebp
-	roll	$5,%ecx
-	leal	1518500249(%rdx,%rsi,1),%esi
-	andl	%r11d,%eax
-	movl	%ebp,60(%rsp)
-	addl	%ecx,%esi
-	xorl	%r13d,%eax
-	roll	$30,%r11d
-	addl	%eax,%esi
-	movl	0(%rsp),%edx
-	movl	%r11d,%eax
-	movl	%esi,%ecx
-	xorl	8(%rsp),%edx
-	xorl	%r12d,%eax
-	roll	$5,%ecx
-	xorl	32(%rsp),%edx
-	andl	%edi,%eax
-	leal	1518500249(%rbp,%r13,1),%r13d
-	xorl	52(%rsp),%edx
-	xorl	%r12d,%eax
-	roll	$1,%edx
-	addl	%ecx,%r13d
-	roll	$30,%edi
-	movl	%edx,0(%rsp)
-	addl	%eax,%r13d
-	movl	4(%rsp),%ebp
-	movl	%edi,%eax
-	movl	%r13d,%ecx
-	xorl	12(%rsp),%ebp
-	xorl	%r11d,%eax
-	roll	$5,%ecx
-	xorl	36(%rsp),%ebp
-	andl	%esi,%eax
-	leal	1518500249(%rdx,%r12,1),%r12d
-	xorl	56(%rsp),%ebp
-	xorl	%r11d,%eax
-	roll	$1,%ebp
-	addl	%ecx,%r12d
-	roll	$30,%esi
-	movl	%ebp,4(%rsp)
-	addl	%eax,%r12d
-	movl	8(%rsp),%edx
-	movl	%esi,%eax
-	movl	%r12d,%ecx
-	xorl	16(%rsp),%edx
-	xorl	%edi,%eax
-	roll	$5,%ecx
-	xorl	40(%rsp),%edx
-	andl	%r13d,%eax
-	leal	1518500249(%rbp,%r11,1),%r11d
-	xorl	60(%rsp),%edx
-	xorl	%edi,%eax
-	roll	$1,%edx
-	addl	%ecx,%r11d
-	roll	$30,%r13d
-	movl	%edx,8(%rsp)
-	addl	%eax,%r11d
-	movl	12(%rsp),%ebp
-	movl	%r13d,%eax
-	movl	%r11d,%ecx
-	xorl	20(%rsp),%ebp
-	xorl	%esi,%eax
-	roll	$5,%ecx
-	xorl	44(%rsp),%ebp
-	andl	%r12d,%eax
-	leal	1518500249(%rdx,%rdi,1),%edi
-	xorl	0(%rsp),%ebp
-	xorl	%esi,%eax
-	roll	$1,%ebp
-	addl	%ecx,%edi
-	roll	$30,%r12d
-	movl	%ebp,12(%rsp)
-	addl	%eax,%edi
-	movl	16(%rsp),%edx
-	movl	%r12d,%eax
-	movl	%edi,%ecx
-	xorl	24(%rsp),%edx
-	xorl	%r13d,%eax
-	roll	$5,%ecx
-	xorl	48(%rsp),%edx
-	andl	%r11d,%eax
-	leal	1518500249(%rbp,%rsi,1),%esi
-	xorl	4(%rsp),%edx
-	xorl	%r13d,%eax
-	roll	$1,%edx
-	addl	%ecx,%esi
-	roll	$30,%r11d
-	movl	%edx,16(%rsp)
-	addl	%eax,%esi
-	movl	20(%rsp),%ebp
-	movl	%r11d,%eax
-	movl	%esi,%ecx
-	xorl	28(%rsp),%ebp
-	xorl	%edi,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rdx,%r13,1),%r13d
-	xorl	52(%rsp),%ebp
-	xorl	%r12d,%eax
-	addl	%ecx,%r13d
-	xorl	8(%rsp),%ebp
-	roll	$30,%edi
-	addl	%eax,%r13d
-	roll	$1,%ebp
-	movl	%ebp,20(%rsp)
-	movl	24(%rsp),%edx
-	movl	%edi,%eax
-	movl	%r13d,%ecx
-	xorl	32(%rsp),%edx
-	xorl	%esi,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rbp,%r12,1),%r12d
-	xorl	56(%rsp),%edx
-	xorl	%r11d,%eax
-	addl	%ecx,%r12d
-	xorl	12(%rsp),%edx
-	roll	$30,%esi
-	addl	%eax,%r12d
-	roll	$1,%edx
-	movl	%edx,24(%rsp)
-	movl	28(%rsp),%ebp
-	movl	%esi,%eax
-	movl	%r12d,%ecx
-	xorl	36(%rsp),%ebp
-	xorl	%r13d,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rdx,%r11,1),%r11d
-	xorl	60(%rsp),%ebp
-	xorl	%edi,%eax
-	addl	%ecx,%r11d
-	xorl	16(%rsp),%ebp
-	roll	$30,%r13d
-	addl	%eax,%r11d
-	roll	$1,%ebp
-	movl	%ebp,28(%rsp)
-	movl	32(%rsp),%edx
-	movl	%r13d,%eax
-	movl	%r11d,%ecx
-	xorl	40(%rsp),%edx
-	xorl	%r12d,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rbp,%rdi,1),%edi
-	xorl	0(%rsp),%edx
-	xorl	%esi,%eax
-	addl	%ecx,%edi
-	xorl	20(%rsp),%edx
-	roll	$30,%r12d
-	addl	%eax,%edi
-	roll	$1,%edx
-	movl	%edx,32(%rsp)
-	movl	36(%rsp),%ebp
-	movl	%r12d,%eax
-	movl	%edi,%ecx
-	xorl	44(%rsp),%ebp
-	xorl	%r11d,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rdx,%rsi,1),%esi
-	xorl	4(%rsp),%ebp
-	xorl	%r13d,%eax
-	addl	%ecx,%esi
-	xorl	24(%rsp),%ebp
-	roll	$30,%r11d
-	addl	%eax,%esi
-	roll	$1,%ebp
-	movl	%ebp,36(%rsp)
-	movl	40(%rsp),%edx
-	movl	%r11d,%eax
-	movl	%esi,%ecx
-	xorl	48(%rsp),%edx
-	xorl	%edi,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rbp,%r13,1),%r13d
-	xorl	8(%rsp),%edx
-	xorl	%r12d,%eax
-	addl	%ecx,%r13d
-	xorl	28(%rsp),%edx
-	roll	$30,%edi
-	addl	%eax,%r13d
-	roll	$1,%edx
-	movl	%edx,40(%rsp)
-	movl	44(%rsp),%ebp
-	movl	%edi,%eax
-	movl	%r13d,%ecx
-	xorl	52(%rsp),%ebp
-	xorl	%esi,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rdx,%r12,1),%r12d
-	xorl	12(%rsp),%ebp
-	xorl	%r11d,%eax
-	addl	%ecx,%r12d
-	xorl	32(%rsp),%ebp
-	roll	$30,%esi
-	addl	%eax,%r12d
-	roll	$1,%ebp
-	movl	%ebp,44(%rsp)
-	movl	48(%rsp),%edx
-	movl	%esi,%eax
-	movl	%r12d,%ecx
-	xorl	56(%rsp),%edx
-	xorl	%r13d,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rbp,%r11,1),%r11d
-	xorl	16(%rsp),%edx
-	xorl	%edi,%eax
-	addl	%ecx,%r11d
-	xorl	36(%rsp),%edx
-	roll	$30,%r13d
-	addl	%eax,%r11d
-	roll	$1,%edx
-	movl	%edx,48(%rsp)
-	movl	52(%rsp),%ebp
-	movl	%r13d,%eax
-	movl	%r11d,%ecx
-	xorl	60(%rsp),%ebp
-	xorl	%r12d,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rdx,%rdi,1),%edi
-	xorl	20(%rsp),%ebp
-	xorl	%esi,%eax
-	addl	%ecx,%edi
-	xorl	40(%rsp),%ebp
-	roll	$30,%r12d
-	addl	%eax,%edi
-	roll	$1,%ebp
-	movl	%ebp,52(%rsp)
-	movl	56(%rsp),%edx
-	movl	%r12d,%eax
-	movl	%edi,%ecx
-	xorl	0(%rsp),%edx
-	xorl	%r11d,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rbp,%rsi,1),%esi
-	xorl	24(%rsp),%edx
-	xorl	%r13d,%eax
-	addl	%ecx,%esi
-	xorl	44(%rsp),%edx
-	roll	$30,%r11d
-	addl	%eax,%esi
-	roll	$1,%edx
-	movl	%edx,56(%rsp)
-	movl	60(%rsp),%ebp
-	movl	%r11d,%eax
-	movl	%esi,%ecx
-	xorl	4(%rsp),%ebp
-	xorl	%edi,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rdx,%r13,1),%r13d
-	xorl	28(%rsp),%ebp
-	xorl	%r12d,%eax
-	addl	%ecx,%r13d
-	xorl	48(%rsp),%ebp
-	roll	$30,%edi
-	addl	%eax,%r13d
-	roll	$1,%ebp
-	movl	%ebp,60(%rsp)
-	movl	0(%rsp),%edx
-	movl	%edi,%eax
-	movl	%r13d,%ecx
-	xorl	8(%rsp),%edx
-	xorl	%esi,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rbp,%r12,1),%r12d
-	xorl	32(%rsp),%edx
-	xorl	%r11d,%eax
-	addl	%ecx,%r12d
-	xorl	52(%rsp),%edx
-	roll	$30,%esi
-	addl	%eax,%r12d
-	roll	$1,%edx
-	movl	%edx,0(%rsp)
-	movl	4(%rsp),%ebp
-	movl	%esi,%eax
-	movl	%r12d,%ecx
-	xorl	12(%rsp),%ebp
-	xorl	%r13d,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rdx,%r11,1),%r11d
-	xorl	36(%rsp),%ebp
-	xorl	%edi,%eax
-	addl	%ecx,%r11d
-	xorl	56(%rsp),%ebp
-	roll	$30,%r13d
-	addl	%eax,%r11d
-	roll	$1,%ebp
-	movl	%ebp,4(%rsp)
-	movl	8(%rsp),%edx
-	movl	%r13d,%eax
-	movl	%r11d,%ecx
-	xorl	16(%rsp),%edx
-	xorl	%r12d,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rbp,%rdi,1),%edi
-	xorl	40(%rsp),%edx
-	xorl	%esi,%eax
-	addl	%ecx,%edi
-	xorl	60(%rsp),%edx
-	roll	$30,%r12d
-	addl	%eax,%edi
-	roll	$1,%edx
-	movl	%edx,8(%rsp)
-	movl	12(%rsp),%ebp
-	movl	%r12d,%eax
-	movl	%edi,%ecx
-	xorl	20(%rsp),%ebp
-	xorl	%r11d,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rdx,%rsi,1),%esi
-	xorl	44(%rsp),%ebp
-	xorl	%r13d,%eax
-	addl	%ecx,%esi
-	xorl	0(%rsp),%ebp
-	roll	$30,%r11d
-	addl	%eax,%esi
-	roll	$1,%ebp
-	movl	%ebp,12(%rsp)
-	movl	16(%rsp),%edx
-	movl	%r11d,%eax
-	movl	%esi,%ecx
-	xorl	24(%rsp),%edx
-	xorl	%edi,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rbp,%r13,1),%r13d
-	xorl	48(%rsp),%edx
-	xorl	%r12d,%eax
-	addl	%ecx,%r13d
-	xorl	4(%rsp),%edx
-	roll	$30,%edi
-	addl	%eax,%r13d
-	roll	$1,%edx
-	movl	%edx,16(%rsp)
-	movl	20(%rsp),%ebp
-	movl	%edi,%eax
-	movl	%r13d,%ecx
-	xorl	28(%rsp),%ebp
-	xorl	%esi,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rdx,%r12,1),%r12d
-	xorl	52(%rsp),%ebp
-	xorl	%r11d,%eax
-	addl	%ecx,%r12d
-	xorl	8(%rsp),%ebp
-	roll	$30,%esi
-	addl	%eax,%r12d
-	roll	$1,%ebp
-	movl	%ebp,20(%rsp)
-	movl	24(%rsp),%edx
-	movl	%esi,%eax
-	movl	%r12d,%ecx
-	xorl	32(%rsp),%edx
-	xorl	%r13d,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rbp,%r11,1),%r11d
-	xorl	56(%rsp),%edx
-	xorl	%edi,%eax
-	addl	%ecx,%r11d
-	xorl	12(%rsp),%edx
-	roll	$30,%r13d
-	addl	%eax,%r11d
-	roll	$1,%edx
-	movl	%edx,24(%rsp)
-	movl	28(%rsp),%ebp
-	movl	%r13d,%eax
-	movl	%r11d,%ecx
-	xorl	36(%rsp),%ebp
-	xorl	%r12d,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rdx,%rdi,1),%edi
-	xorl	60(%rsp),%ebp
-	xorl	%esi,%eax
-	addl	%ecx,%edi
-	xorl	16(%rsp),%ebp
-	roll	$30,%r12d
-	addl	%eax,%edi
-	roll	$1,%ebp
-	movl	%ebp,28(%rsp)
-	movl	32(%rsp),%edx
-	movl	%r12d,%eax
-	movl	%edi,%ecx
-	xorl	40(%rsp),%edx
-	xorl	%r11d,%eax
-	roll	$5,%ecx
-	leal	1859775393(%rbp,%rsi,1),%esi
-	xorl	0(%rsp),%edx
-	xorl	%r13d,%eax
-	addl	%ecx,%esi
-	xorl	20(%rsp),%edx
-	roll	$30,%r11d
-	addl	%eax,%esi
-	roll	$1,%edx
-	movl	%edx,32(%rsp)
-	movl	36(%rsp),%ebp
-	movl	%r11d,%eax
-	movl	%r11d,%ebx
-	xorl	44(%rsp),%ebp
-	andl	%r12d,%eax
-	movl	%esi,%ecx
-	xorl	4(%rsp),%ebp
-	xorl	%r12d,%ebx
-	leal	-1894007588(%rdx,%r13,1),%r13d
-	roll	$5,%ecx
-	xorl	24(%rsp),%ebp
-	addl	%eax,%r13d
-	andl	%edi,%ebx
-	roll	$1,%ebp
-	addl	%ebx,%r13d
-	roll	$30,%edi
-	movl	%ebp,36(%rsp)
-	addl	%ecx,%r13d
-	movl	40(%rsp),%edx
-	movl	%edi,%eax
-	movl	%edi,%ebx
-	xorl	48(%rsp),%edx
-	andl	%r11d,%eax
-	movl	%r13d,%ecx
-	xorl	8(%rsp),%edx
-	xorl	%r11d,%ebx
-	leal	-1894007588(%rbp,%r12,1),%r12d
-	roll	$5,%ecx
-	xorl	28(%rsp),%edx
-	addl	%eax,%r12d
-	andl	%esi,%ebx
-	roll	$1,%edx
-	addl	%ebx,%r12d
-	roll	$30,%esi
-	movl	%edx,40(%rsp)
-	addl	%ecx,%r12d
-	movl	44(%rsp),%ebp
-	movl	%esi,%eax
-	movl	%esi,%ebx
-	xorl	52(%rsp),%ebp
-	andl	%edi,%eax
-	movl	%r12d,%ecx
-	xorl	12(%rsp),%ebp
-	xorl	%edi,%ebx
-	leal	-1894007588(%rdx,%r11,1),%r11d
-	roll	$5,%ecx
-	xorl	32(%rsp),%ebp
-	addl	%eax,%r11d
-	andl	%r13d,%ebx
-	roll	$1,%ebp
-	addl	%ebx,%r11d
-	roll	$30,%r13d
-	movl	%ebp,44(%rsp)
-	addl	%ecx,%r11d
-	movl	48(%rsp),%edx
-	movl	%r13d,%eax
-	movl	%r13d,%ebx
-	xorl	56(%rsp),%edx
-	andl	%esi,%eax
-	movl	%r11d,%ecx
-	xorl	16(%rsp),%edx
-	xorl	%esi,%ebx
-	leal	-1894007588(%rbp,%rdi,1),%edi
-	roll	$5,%ecx
-	xorl	36(%rsp),%edx
-	addl	%eax,%edi
-	andl	%r12d,%ebx
-	roll	$1,%edx
-	addl	%ebx,%edi
-	roll	$30,%r12d
-	movl	%edx,48(%rsp)
-	addl	%ecx,%edi
-	movl	52(%rsp),%ebp
-	movl	%r12d,%eax
-	movl	%r12d,%ebx
-	xorl	60(%rsp),%ebp
-	andl	%r13d,%eax
-	movl	%edi,%ecx
-	xorl	20(%rsp),%ebp
-	xorl	%r13d,%ebx
-	leal	-1894007588(%rdx,%rsi,1),%esi
-	roll	$5,%ecx
-	xorl	40(%rsp),%ebp
-	addl	%eax,%esi
-	andl	%r11d,%ebx
-	roll	$1,%ebp
-	addl	%ebx,%esi
-	roll	$30,%r11d
-	movl	%ebp,52(%rsp)
-	addl	%ecx,%esi
-	movl	56(%rsp),%edx
-	movl	%r11d,%eax
-	movl	%r11d,%ebx
-	xorl	0(%rsp),%edx
-	andl	%r12d,%eax
-	movl	%esi,%ecx
-	xorl	24(%rsp),%edx
-	xorl	%r12d,%ebx
-	leal	-1894007588(%rbp,%r13,1),%r13d
-	roll	$5,%ecx
-	xorl	44(%rsp),%edx
-	addl	%eax,%r13d
-	andl	%edi,%ebx
-	roll	$1,%edx
-	addl	%ebx,%r13d
-	roll	$30,%edi
-	movl	%edx,56(%rsp)
-	addl	%ecx,%r13d
-	movl	60(%rsp),%ebp
-	movl	%edi,%eax
-	movl	%edi,%ebx
-	xorl	4(%rsp),%ebp
-	andl	%r11d,%eax
-	movl	%r13d,%ecx
-	xorl	28(%rsp),%ebp
-	xorl	%r11d,%ebx
-	leal	-1894007588(%rdx,%r12,1),%r12d
-	roll	$5,%ecx
-	xorl	48(%rsp),%ebp
-	addl	%eax,%r12d
-	andl	%esi,%ebx
-	roll	$1,%ebp
-	addl	%ebx,%r12d
-	roll	$30,%esi
-	movl	%ebp,60(%rsp)
-	addl	%ecx,%r12d
-	movl	0(%rsp),%edx
-	movl	%esi,%eax
-	movl	%esi,%ebx
-	xorl	8(%rsp),%edx
-	andl	%edi,%eax
-	movl	%r12d,%ecx
-	xorl	32(%rsp),%edx
-	xorl	%edi,%ebx
-	leal	-1894007588(%rbp,%r11,1),%r11d
-	roll	$5,%ecx
-	xorl	52(%rsp),%edx
-	addl	%eax,%r11d
-	andl	%r13d,%ebx
-	roll	$1,%edx
-	addl	%ebx,%r11d
-	roll	$30,%r13d
-	movl	%edx,0(%rsp)
-	addl	%ecx,%r11d
-	movl	4(%rsp),%ebp
-	movl	%r13d,%eax
-	movl	%r13d,%ebx
-	xorl	12(%rsp),%ebp
-	andl	%esi,%eax
-	movl	%r11d,%ecx
-	xorl	36(%rsp),%ebp
-	xorl	%esi,%ebx
-	leal	-1894007588(%rdx,%rdi,1),%edi
-	roll	$5,%ecx
-	xorl	56(%rsp),%ebp
-	addl	%eax,%edi
-	andl	%r12d,%ebx
-	roll	$1,%ebp
-	addl	%ebx,%edi
-	roll	$30,%r12d
-	movl	%ebp,4(%rsp)
-	addl	%ecx,%edi
-	movl	8(%rsp),%edx
-	movl	%r12d,%eax
-	movl	%r12d,%ebx
-	xorl	16(%rsp),%edx
-	andl	%r13d,%eax
-	movl	%edi,%ecx
-	xorl	40(%rsp),%edx
-	xorl	%r13d,%ebx
-	leal	-1894007588(%rbp,%rsi,1),%esi
-	roll	$5,%ecx
-	xorl	60(%rsp),%edx
-	addl	%eax,%esi
-	andl	%r11d,%ebx
-	roll	$1,%edx
-	addl	%ebx,%esi
-	roll	$30,%r11d
-	movl	%edx,8(%rsp)
-	addl	%ecx,%esi
-	movl	12(%rsp),%ebp
-	movl	%r11d,%eax
-	movl	%r11d,%ebx
-	xorl	20(%rsp),%ebp
-	andl	%r12d,%eax
-	movl	%esi,%ecx
-	xorl	44(%rsp),%ebp
-	xorl	%r12d,%ebx
-	leal	-1894007588(%rdx,%r13,1),%r13d
-	roll	$5,%ecx
-	xorl	0(%rsp),%ebp
-	addl	%eax,%r13d
-	andl	%edi,%ebx
-	roll	$1,%ebp
-	addl	%ebx,%r13d
-	roll	$30,%edi
-	movl	%ebp,12(%rsp)
-	addl	%ecx,%r13d
-	movl	16(%rsp),%edx
-	movl	%edi,%eax
-	movl	%edi,%ebx
-	xorl	24(%rsp),%edx
-	andl	%r11d,%eax
-	movl	%r13d,%ecx
-	xorl	48(%rsp),%edx
-	xorl	%r11d,%ebx
-	leal	-1894007588(%rbp,%r12,1),%r12d
-	roll	$5,%ecx
-	xorl	4(%rsp),%edx
-	addl	%eax,%r12d
-	andl	%esi,%ebx
-	roll	$1,%edx
-	addl	%ebx,%r12d
-	roll	$30,%esi
-	movl	%edx,16(%rsp)
-	addl	%ecx,%r12d
-	movl	20(%rsp),%ebp
-	movl	%esi,%eax
-	movl	%esi,%ebx
-	xorl	28(%rsp),%ebp
-	andl	%edi,%eax
-	movl	%r12d,%ecx
-	xorl	52(%rsp),%ebp
-	xorl	%edi,%ebx
-	leal	-1894007588(%rdx,%r11,1),%r11d
-	roll	$5,%ecx
-	xorl	8(%rsp),%ebp
-	addl	%eax,%r11d
-	andl	%r13d,%ebx
-	roll	$1,%ebp
-	addl	%ebx,%r11d
-	roll	$30,%r13d
-	movl	%ebp,20(%rsp)
-	addl	%ecx,%r11d
-	movl	24(%rsp),%edx
-	movl	%r13d,%eax
-	movl	%r13d,%ebx
-	xorl	32(%rsp),%edx
-	andl	%esi,%eax
-	movl	%r11d,%ecx
-	xorl	56(%rsp),%edx
-	xorl	%esi,%ebx
-	leal	-1894007588(%rbp,%rdi,1),%edi
-	roll	$5,%ecx
-	xorl	12(%rsp),%edx
-	addl	%eax,%edi
-	andl	%r12d,%ebx
-	roll	$1,%edx
-	addl	%ebx,%edi
-	roll	$30,%r12d
-	movl	%edx,24(%rsp)
-	addl	%ecx,%edi
-	movl	28(%rsp),%ebp
-	movl	%r12d,%eax
-	movl	%r12d,%ebx
-	xorl	36(%rsp),%ebp
-	andl	%r13d,%eax
-	movl	%edi,%ecx
-	xorl	60(%rsp),%ebp
-	xorl	%r13d,%ebx
-	leal	-1894007588(%rdx,%rsi,1),%esi
-	roll	$5,%ecx
-	xorl	16(%rsp),%ebp
-	addl	%eax,%esi
-	andl	%r11d,%ebx
-	roll	$1,%ebp
-	addl	%ebx,%esi
-	roll	$30,%r11d
-	movl	%ebp,28(%rsp)
-	addl	%ecx,%esi
-	movl	32(%rsp),%edx
-	movl	%r11d,%eax
-	movl	%r11d,%ebx
-	xorl	40(%rsp),%edx
-	andl	%r12d,%eax
-	movl	%esi,%ecx
-	xorl	0(%rsp),%edx
-	xorl	%r12d,%ebx
-	leal	-1894007588(%rbp,%r13,1),%r13d
-	roll	$5,%ecx
-	xorl	20(%rsp),%edx
-	addl	%eax,%r13d
-	andl	%edi,%ebx
-	roll	$1,%edx
-	addl	%ebx,%r13d
-	roll	$30,%edi
-	movl	%edx,32(%rsp)
-	addl	%ecx,%r13d
-	movl	36(%rsp),%ebp
-	movl	%edi,%eax
-	movl	%edi,%ebx
-	xorl	44(%rsp),%ebp
-	andl	%r11d,%eax
-	movl	%r13d,%ecx
-	xorl	4(%rsp),%ebp
-	xorl	%r11d,%ebx
-	leal	-1894007588(%rdx,%r12,1),%r12d
-	roll	$5,%ecx
-	xorl	24(%rsp),%ebp
-	addl	%eax,%r12d
-	andl	%esi,%ebx
-	roll	$1,%ebp
-	addl	%ebx,%r12d
-	roll	$30,%esi
-	movl	%ebp,36(%rsp)
-	addl	%ecx,%r12d
-	movl	40(%rsp),%edx
-	movl	%esi,%eax
-	movl	%esi,%ebx
-	xorl	48(%rsp),%edx
-	andl	%edi,%eax
-	movl	%r12d,%ecx
-	xorl	8(%rsp),%edx
-	xorl	%edi,%ebx
-	leal	-1894007588(%rbp,%r11,1),%r11d
-	roll	$5,%ecx
-	xorl	28(%rsp),%edx
-	addl	%eax,%r11d
-	andl	%r13d,%ebx
-	roll	$1,%edx
-	addl	%ebx,%r11d
-	roll	$30,%r13d
-	movl	%edx,40(%rsp)
-	addl	%ecx,%r11d
-	movl	44(%rsp),%ebp
-	movl	%r13d,%eax
-	movl	%r13d,%ebx
-	xorl	52(%rsp),%ebp
-	andl	%esi,%eax
-	movl	%r11d,%ecx
-	xorl	12(%rsp),%ebp
-	xorl	%esi,%ebx
-	leal	-1894007588(%rdx,%rdi,1),%edi
-	roll	$5,%ecx
-	xorl	32(%rsp),%ebp
-	addl	%eax,%edi
-	andl	%r12d,%ebx
-	roll	$1,%ebp
-	addl	%ebx,%edi
-	roll	$30,%r12d
-	movl	%ebp,44(%rsp)
-	addl	%ecx,%edi
-	movl	48(%rsp),%edx
-	movl	%r12d,%eax
-	movl	%r12d,%ebx
-	xorl	56(%rsp),%edx
-	andl	%r13d,%eax
-	movl	%edi,%ecx
-	xorl	16(%rsp),%edx
-	xorl	%r13d,%ebx
-	leal	-1894007588(%rbp,%rsi,1),%esi
-	roll	$5,%ecx
-	xorl	36(%rsp),%edx
-	addl	%eax,%esi
-	andl	%r11d,%ebx
-	roll	$1,%edx
-	addl	%ebx,%esi
-	roll	$30,%r11d
-	movl	%edx,48(%rsp)
-	addl	%ecx,%esi
-	movl	52(%rsp),%ebp
-	movl	%r11d,%eax
-	movl	%esi,%ecx
-	xorl	60(%rsp),%ebp
-	xorl	%edi,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rdx,%r13,1),%r13d
-	xorl	20(%rsp),%ebp
-	xorl	%r12d,%eax
-	addl	%ecx,%r13d
-	xorl	40(%rsp),%ebp
-	roll	$30,%edi
-	addl	%eax,%r13d
-	roll	$1,%ebp
-	movl	%ebp,52(%rsp)
-	movl	56(%rsp),%edx
-	movl	%edi,%eax
-	movl	%r13d,%ecx
-	xorl	0(%rsp),%edx
-	xorl	%esi,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rbp,%r12,1),%r12d
-	xorl	24(%rsp),%edx
-	xorl	%r11d,%eax
-	addl	%ecx,%r12d
-	xorl	44(%rsp),%edx
-	roll	$30,%esi
-	addl	%eax,%r12d
-	roll	$1,%edx
-	movl	%edx,56(%rsp)
-	movl	60(%rsp),%ebp
-	movl	%esi,%eax
-	movl	%r12d,%ecx
-	xorl	4(%rsp),%ebp
-	xorl	%r13d,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rdx,%r11,1),%r11d
-	xorl	28(%rsp),%ebp
-	xorl	%edi,%eax
-	addl	%ecx,%r11d
-	xorl	48(%rsp),%ebp
-	roll	$30,%r13d
-	addl	%eax,%r11d
-	roll	$1,%ebp
-	movl	%ebp,60(%rsp)
-	movl	0(%rsp),%edx
-	movl	%r13d,%eax
-	movl	%r11d,%ecx
-	xorl	8(%rsp),%edx
-	xorl	%r12d,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rbp,%rdi,1),%edi
-	xorl	32(%rsp),%edx
-	xorl	%esi,%eax
-	addl	%ecx,%edi
-	xorl	52(%rsp),%edx
-	roll	$30,%r12d
-	addl	%eax,%edi
-	roll	$1,%edx
-	movl	%edx,0(%rsp)
-	movl	4(%rsp),%ebp
-	movl	%r12d,%eax
-	movl	%edi,%ecx
-	xorl	12(%rsp),%ebp
-	xorl	%r11d,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rdx,%rsi,1),%esi
-	xorl	36(%rsp),%ebp
-	xorl	%r13d,%eax
-	addl	%ecx,%esi
-	xorl	56(%rsp),%ebp
-	roll	$30,%r11d
-	addl	%eax,%esi
-	roll	$1,%ebp
-	movl	%ebp,4(%rsp)
-	movl	8(%rsp),%edx
-	movl	%r11d,%eax
-	movl	%esi,%ecx
-	xorl	16(%rsp),%edx
-	xorl	%edi,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rbp,%r13,1),%r13d
-	xorl	40(%rsp),%edx
-	xorl	%r12d,%eax
-	addl	%ecx,%r13d
-	xorl	60(%rsp),%edx
-	roll	$30,%edi
-	addl	%eax,%r13d
-	roll	$1,%edx
-	movl	%edx,8(%rsp)
-	movl	12(%rsp),%ebp
-	movl	%edi,%eax
-	movl	%r13d,%ecx
-	xorl	20(%rsp),%ebp
-	xorl	%esi,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rdx,%r12,1),%r12d
-	xorl	44(%rsp),%ebp
-	xorl	%r11d,%eax
-	addl	%ecx,%r12d
-	xorl	0(%rsp),%ebp
-	roll	$30,%esi
-	addl	%eax,%r12d
-	roll	$1,%ebp
-	movl	%ebp,12(%rsp)
-	movl	16(%rsp),%edx
-	movl	%esi,%eax
-	movl	%r12d,%ecx
-	xorl	24(%rsp),%edx
-	xorl	%r13d,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rbp,%r11,1),%r11d
-	xorl	48(%rsp),%edx
-	xorl	%edi,%eax
-	addl	%ecx,%r11d
-	xorl	4(%rsp),%edx
-	roll	$30,%r13d
-	addl	%eax,%r11d
-	roll	$1,%edx
-	movl	%edx,16(%rsp)
-	movl	20(%rsp),%ebp
-	movl	%r13d,%eax
-	movl	%r11d,%ecx
-	xorl	28(%rsp),%ebp
-	xorl	%r12d,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rdx,%rdi,1),%edi
-	xorl	52(%rsp),%ebp
-	xorl	%esi,%eax
-	addl	%ecx,%edi
-	xorl	8(%rsp),%ebp
-	roll	$30,%r12d
-	addl	%eax,%edi
-	roll	$1,%ebp
-	movl	%ebp,20(%rsp)
-	movl	24(%rsp),%edx
-	movl	%r12d,%eax
-	movl	%edi,%ecx
-	xorl	32(%rsp),%edx
-	xorl	%r11d,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rbp,%rsi,1),%esi
-	xorl	56(%rsp),%edx
-	xorl	%r13d,%eax
-	addl	%ecx,%esi
-	xorl	12(%rsp),%edx
-	roll	$30,%r11d
-	addl	%eax,%esi
-	roll	$1,%edx
-	movl	%edx,24(%rsp)
-	movl	28(%rsp),%ebp
-	movl	%r11d,%eax
-	movl	%esi,%ecx
-	xorl	36(%rsp),%ebp
-	xorl	%edi,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rdx,%r13,1),%r13d
-	xorl	60(%rsp),%ebp
-	xorl	%r12d,%eax
-	addl	%ecx,%r13d
-	xorl	16(%rsp),%ebp
-	roll	$30,%edi
-	addl	%eax,%r13d
-	roll	$1,%ebp
-	movl	%ebp,28(%rsp)
-	movl	32(%rsp),%edx
-	movl	%edi,%eax
-	movl	%r13d,%ecx
-	xorl	40(%rsp),%edx
-	xorl	%esi,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rbp,%r12,1),%r12d
-	xorl	0(%rsp),%edx
-	xorl	%r11d,%eax
-	addl	%ecx,%r12d
-	xorl	20(%rsp),%edx
-	roll	$30,%esi
-	addl	%eax,%r12d
-	roll	$1,%edx
-	movl	%edx,32(%rsp)
-	movl	36(%rsp),%ebp
-	movl	%esi,%eax
-	movl	%r12d,%ecx
-	xorl	44(%rsp),%ebp
-	xorl	%r13d,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rdx,%r11,1),%r11d
-	xorl	4(%rsp),%ebp
-	xorl	%edi,%eax
-	addl	%ecx,%r11d
-	xorl	24(%rsp),%ebp
-	roll	$30,%r13d
-	addl	%eax,%r11d
-	roll	$1,%ebp
-	movl	%ebp,36(%rsp)
-	movl	40(%rsp),%edx
-	movl	%r13d,%eax
-	movl	%r11d,%ecx
-	xorl	48(%rsp),%edx
-	xorl	%r12d,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rbp,%rdi,1),%edi
-	xorl	8(%rsp),%edx
-	xorl	%esi,%eax
-	addl	%ecx,%edi
-	xorl	28(%rsp),%edx
-	roll	$30,%r12d
-	addl	%eax,%edi
-	roll	$1,%edx
-	movl	%edx,40(%rsp)
-	movl	44(%rsp),%ebp
-	movl	%r12d,%eax
-	movl	%edi,%ecx
-	xorl	52(%rsp),%ebp
-	xorl	%r11d,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rdx,%rsi,1),%esi
-	xorl	12(%rsp),%ebp
-	xorl	%r13d,%eax
-	addl	%ecx,%esi
-	xorl	32(%rsp),%ebp
-	roll	$30,%r11d
-	addl	%eax,%esi
-	roll	$1,%ebp
-	movl	%ebp,44(%rsp)
-	movl	48(%rsp),%edx
-	movl	%r11d,%eax
-	movl	%esi,%ecx
-	xorl	56(%rsp),%edx
-	xorl	%edi,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rbp,%r13,1),%r13d
-	xorl	16(%rsp),%edx
-	xorl	%r12d,%eax
-	addl	%ecx,%r13d
-	xorl	36(%rsp),%edx
-	roll	$30,%edi
-	addl	%eax,%r13d
-	roll	$1,%edx
-	movl	%edx,48(%rsp)
-	movl	52(%rsp),%ebp
-	movl	%edi,%eax
-	movl	%r13d,%ecx
-	xorl	60(%rsp),%ebp
-	xorl	%esi,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rdx,%r12,1),%r12d
-	xorl	20(%rsp),%ebp
-	xorl	%r11d,%eax
-	addl	%ecx,%r12d
-	xorl	40(%rsp),%ebp
-	roll	$30,%esi
-	addl	%eax,%r12d
-	roll	$1,%ebp
-	movl	56(%rsp),%edx
-	movl	%esi,%eax
-	movl	%r12d,%ecx
-	xorl	0(%rsp),%edx
-	xorl	%r13d,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rbp,%r11,1),%r11d
-	xorl	24(%rsp),%edx
-	xorl	%edi,%eax
-	addl	%ecx,%r11d
-	xorl	44(%rsp),%edx
-	roll	$30,%r13d
-	addl	%eax,%r11d
-	roll	$1,%edx
-	movl	60(%rsp),%ebp
-	movl	%r13d,%eax
-	movl	%r11d,%ecx
-	xorl	4(%rsp),%ebp
-	xorl	%r12d,%eax
-	roll	$5,%ecx
-	leal	-899497514(%rdx,%rdi,1),%edi
-	xorl	28(%rsp),%ebp
-	xorl	%esi,%eax
-	addl	%ecx,%edi
-	xorl	48(%rsp),%ebp
-	roll	$30,%r12d
-	addl	%eax,%edi
-	roll	$1,%ebp
-	movl	%r12d,%eax
-	movl	%edi,%ecx
-	xorl	%r11d,%eax
-	leal	-899497514(%rbp,%rsi,1),%esi
-	roll	$5,%ecx
-	xorl	%r13d,%eax
-	addl	%ecx,%esi
-	roll	$30,%r11d
-	addl	%eax,%esi
-	addl	0(%r8),%esi
-	addl	4(%r8),%edi
-	addl	8(%r8),%r11d
-	addl	12(%r8),%r12d
-	addl	16(%r8),%r13d
-	movl	%esi,0(%r8)
-	movl	%edi,4(%r8)
-	movl	%r11d,8(%r8)
-	movl	%r12d,12(%r8)
-	movl	%r13d,16(%r8)
-
-	subq	$1,%r10
-	leaq	64(%r9),%r9
-	jnz	.Lloop
-
-	movq	64(%rsp),%rsi
-	movq	(%rsi),%r13
-	movq	8(%rsi),%r12
-	movq	16(%rsi),%rbp
-	movq	24(%rsi),%rbx
-	leaq	32(%rsi),%rsp
-.Lepilogue:
-	.byte	0xf3,0xc3
-.size	sha1_block_data_order,.-sha1_block_data_order
-.type	sha1_block_data_order_ssse3,@function
-.align	16
-sha1_block_data_order_ssse3:
-_ssse3_shortcut:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	leaq	-64(%rsp),%rsp
-	movq	%rdi,%r8
-	movq	%rsi,%r9
-	movq	%rdx,%r10
-
-	shlq	$6,%r10
-	addq	%r9,%r10
-	leaq	K_XX_XX(%rip),%r11
-
-	movl	0(%r8),%eax
-	movl	4(%r8),%ebx
-	movl	8(%r8),%ecx
-	movl	12(%r8),%edx
-	movl	%ebx,%esi
-	movl	16(%r8),%ebp
-
-	movdqa	64(%r11),%xmm6
-	movdqa	0(%r11),%xmm9
-	movdqu	0(%r9),%xmm0
-	movdqu	16(%r9),%xmm1
-	movdqu	32(%r9),%xmm2
-	movdqu	48(%r9),%xmm3
-.byte	102,15,56,0,198
-	addq	$64,%r9
-.byte	102,15,56,0,206
-.byte	102,15,56,0,214
-.byte	102,15,56,0,222
-	paddd	%xmm9,%xmm0
-	paddd	%xmm9,%xmm1
-	paddd	%xmm9,%xmm2
-	movdqa	%xmm0,0(%rsp)
-	psubd	%xmm9,%xmm0
-	movdqa	%xmm1,16(%rsp)
-	psubd	%xmm9,%xmm1
-	movdqa	%xmm2,32(%rsp)
-	psubd	%xmm9,%xmm2
-	jmp	.Loop_ssse3
-.align	16
-.Loop_ssse3:
-	movdqa	%xmm1,%xmm4
-	addl	0(%rsp),%ebp
-	xorl	%edx,%ecx
-	movdqa	%xmm3,%xmm8
-.byte	102,15,58,15,224,8
-	movl	%eax,%edi
-	roll	$5,%eax
-	paddd	%xmm3,%xmm9
-	andl	%ecx,%esi
-	xorl	%edx,%ecx
-	psrldq	$4,%xmm8
-	xorl	%edx,%esi
-	addl	%eax,%ebp
-	pxor	%xmm0,%xmm4
-	rorl	$2,%ebx
-	addl	%esi,%ebp
-	pxor	%xmm2,%xmm8
-	addl	4(%rsp),%edx
-	xorl	%ecx,%ebx
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	pxor	%xmm8,%xmm4
-	andl	%ebx,%edi
-	xorl	%ecx,%ebx
-	movdqa	%xmm9,48(%rsp)
-	xorl	%ecx,%edi
-	addl	%ebp,%edx
-	movdqa	%xmm4,%xmm10
-	movdqa	%xmm4,%xmm8
-	rorl	$7,%eax
-	addl	%edi,%edx
-	addl	8(%rsp),%ecx
-	xorl	%ebx,%eax
-	pslldq	$12,%xmm10
-	paddd	%xmm4,%xmm4
-	movl	%edx,%edi
-	roll	$5,%edx
-	andl	%eax,%esi
-	xorl	%ebx,%eax
-	psrld	$31,%xmm8
-	xorl	%ebx,%esi
-	addl	%edx,%ecx
-	movdqa	%xmm10,%xmm9
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	psrld	$30,%xmm10
-	por	%xmm8,%xmm4
-	addl	12(%rsp),%ebx
-	xorl	%eax,%ebp
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	pslld	$2,%xmm9
-	pxor	%xmm10,%xmm4
-	andl	%ebp,%edi
-	xorl	%eax,%ebp
-	movdqa	0(%r11),%xmm10
-	xorl	%eax,%edi
-	addl	%ecx,%ebx
-	pxor	%xmm9,%xmm4
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	movdqa	%xmm2,%xmm5
-	addl	16(%rsp),%eax
-	xorl	%ebp,%edx
-	movdqa	%xmm4,%xmm9
-.byte	102,15,58,15,233,8
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	paddd	%xmm4,%xmm10
-	andl	%edx,%esi
-	xorl	%ebp,%edx
-	psrldq	$4,%xmm9
-	xorl	%ebp,%esi
-	addl	%ebx,%eax
-	pxor	%xmm1,%xmm5
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	pxor	%xmm3,%xmm9
-	addl	20(%rsp),%ebp
-	xorl	%edx,%ecx
-	movl	%eax,%esi
-	roll	$5,%eax
-	pxor	%xmm9,%xmm5
-	andl	%ecx,%edi
-	xorl	%edx,%ecx
-	movdqa	%xmm10,0(%rsp)
-	xorl	%edx,%edi
-	addl	%eax,%ebp
-	movdqa	%xmm5,%xmm8
-	movdqa	%xmm5,%xmm9
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	addl	24(%rsp),%edx
-	xorl	%ecx,%ebx
-	pslldq	$12,%xmm8
-	paddd	%xmm5,%xmm5
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	andl	%ebx,%esi
-	xorl	%ecx,%ebx
-	psrld	$31,%xmm9
-	xorl	%ecx,%esi
-	addl	%ebp,%edx
-	movdqa	%xmm8,%xmm10
-	rorl	$7,%eax
-	addl	%esi,%edx
-	psrld	$30,%xmm8
-	por	%xmm9,%xmm5
-	addl	28(%rsp),%ecx
-	xorl	%ebx,%eax
-	movl	%edx,%esi
-	roll	$5,%edx
-	pslld	$2,%xmm10
-	pxor	%xmm8,%xmm5
-	andl	%eax,%edi
-	xorl	%ebx,%eax
-	movdqa	16(%r11),%xmm8
-	xorl	%ebx,%edi
-	addl	%edx,%ecx
-	pxor	%xmm10,%xmm5
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	movdqa	%xmm3,%xmm6
-	addl	32(%rsp),%ebx
-	xorl	%eax,%ebp
-	movdqa	%xmm5,%xmm10
-.byte	102,15,58,15,242,8
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	paddd	%xmm5,%xmm8
-	andl	%ebp,%esi
-	xorl	%eax,%ebp
-	psrldq	$4,%xmm10
-	xorl	%eax,%esi
-	addl	%ecx,%ebx
-	pxor	%xmm2,%xmm6
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	pxor	%xmm4,%xmm10
-	addl	36(%rsp),%eax
-	xorl	%ebp,%edx
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	pxor	%xmm10,%xmm6
-	andl	%edx,%edi
-	xorl	%ebp,%edx
-	movdqa	%xmm8,16(%rsp)
-	xorl	%ebp,%edi
-	addl	%ebx,%eax
-	movdqa	%xmm6,%xmm9
-	movdqa	%xmm6,%xmm10
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	addl	40(%rsp),%ebp
-	xorl	%edx,%ecx
-	pslldq	$12,%xmm9
-	paddd	%xmm6,%xmm6
-	movl	%eax,%edi
-	roll	$5,%eax
-	andl	%ecx,%esi
-	xorl	%edx,%ecx
-	psrld	$31,%xmm10
-	xorl	%edx,%esi
-	addl	%eax,%ebp
-	movdqa	%xmm9,%xmm8
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	psrld	$30,%xmm9
-	por	%xmm10,%xmm6
-	addl	44(%rsp),%edx
-	xorl	%ecx,%ebx
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	pslld	$2,%xmm8
-	pxor	%xmm9,%xmm6
-	andl	%ebx,%edi
-	xorl	%ecx,%ebx
-	movdqa	16(%r11),%xmm9
-	xorl	%ecx,%edi
-	addl	%ebp,%edx
-	pxor	%xmm8,%xmm6
-	rorl	$7,%eax
-	addl	%edi,%edx
-	movdqa	%xmm4,%xmm7
-	addl	48(%rsp),%ecx
-	xorl	%ebx,%eax
-	movdqa	%xmm6,%xmm8
-.byte	102,15,58,15,251,8
-	movl	%edx,%edi
-	roll	$5,%edx
-	paddd	%xmm6,%xmm9
-	andl	%eax,%esi
-	xorl	%ebx,%eax
-	psrldq	$4,%xmm8
-	xorl	%ebx,%esi
-	addl	%edx,%ecx
-	pxor	%xmm3,%xmm7
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	pxor	%xmm5,%xmm8
-	addl	52(%rsp),%ebx
-	xorl	%eax,%ebp
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	pxor	%xmm8,%xmm7
-	andl	%ebp,%edi
-	xorl	%eax,%ebp
-	movdqa	%xmm9,32(%rsp)
-	xorl	%eax,%edi
-	addl	%ecx,%ebx
-	movdqa	%xmm7,%xmm10
-	movdqa	%xmm7,%xmm8
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	addl	56(%rsp),%eax
-	xorl	%ebp,%edx
-	pslldq	$12,%xmm10
-	paddd	%xmm7,%xmm7
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	andl	%edx,%esi
-	xorl	%ebp,%edx
-	psrld	$31,%xmm8
-	xorl	%ebp,%esi
-	addl	%ebx,%eax
-	movdqa	%xmm10,%xmm9
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	psrld	$30,%xmm10
-	por	%xmm8,%xmm7
-	addl	60(%rsp),%ebp
-	xorl	%edx,%ecx
-	movl	%eax,%esi
-	roll	$5,%eax
-	pslld	$2,%xmm9
-	pxor	%xmm10,%xmm7
-	andl	%ecx,%edi
-	xorl	%edx,%ecx
-	movdqa	16(%r11),%xmm10
-	xorl	%edx,%edi
-	addl	%eax,%ebp
-	pxor	%xmm9,%xmm7
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	movdqa	%xmm7,%xmm9
-	addl	0(%rsp),%edx
-	pxor	%xmm4,%xmm0
-.byte	102,68,15,58,15,206,8
-	xorl	%ecx,%ebx
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	pxor	%xmm1,%xmm0
-	andl	%ebx,%esi
-	xorl	%ecx,%ebx
-	movdqa	%xmm10,%xmm8
-	paddd	%xmm7,%xmm10
-	xorl	%ecx,%esi
-	addl	%ebp,%edx
-	pxor	%xmm9,%xmm0
-	rorl	$7,%eax
-	addl	%esi,%edx
-	addl	4(%rsp),%ecx
-	xorl	%ebx,%eax
-	movdqa	%xmm0,%xmm9
-	movdqa	%xmm10,48(%rsp)
-	movl	%edx,%esi
-	roll	$5,%edx
-	andl	%eax,%edi
-	xorl	%ebx,%eax
-	pslld	$2,%xmm0
-	xorl	%ebx,%edi
-	addl	%edx,%ecx
-	psrld	$30,%xmm9
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	addl	8(%rsp),%ebx
-	xorl	%eax,%ebp
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	por	%xmm9,%xmm0
-	andl	%ebp,%esi
-	xorl	%eax,%ebp
-	movdqa	%xmm0,%xmm10
-	xorl	%eax,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	addl	12(%rsp),%eax
-	xorl	%ebp,%edx
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	andl	%edx,%edi
-	xorl	%ebp,%edx
-	xorl	%ebp,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	addl	16(%rsp),%ebp
-	pxor	%xmm5,%xmm1
-.byte	102,68,15,58,15,215,8
-	xorl	%edx,%esi
-	movl	%eax,%edi
-	roll	$5,%eax
-	pxor	%xmm2,%xmm1
-	xorl	%ecx,%esi
-	addl	%eax,%ebp
-	movdqa	%xmm8,%xmm9
-	paddd	%xmm0,%xmm8
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	pxor	%xmm10,%xmm1
-	addl	20(%rsp),%edx
-	xorl	%ecx,%edi
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	movdqa	%xmm1,%xmm10
-	movdqa	%xmm8,0(%rsp)
-	xorl	%ebx,%edi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%edi,%edx
-	pslld	$2,%xmm1
-	addl	24(%rsp),%ecx
-	xorl	%ebx,%esi
-	psrld	$30,%xmm10
-	movl	%edx,%edi
-	roll	$5,%edx
-	xorl	%eax,%esi
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	por	%xmm10,%xmm1
-	addl	28(%rsp),%ebx
-	xorl	%eax,%edi
-	movdqa	%xmm1,%xmm8
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	xorl	%ebp,%edi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	addl	32(%rsp),%eax
-	pxor	%xmm6,%xmm2
-.byte	102,68,15,58,15,192,8
-	xorl	%ebp,%esi
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	pxor	%xmm3,%xmm2
-	xorl	%edx,%esi
-	addl	%ebx,%eax
-	movdqa	32(%r11),%xmm10
-	paddd	%xmm1,%xmm9
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	pxor	%xmm8,%xmm2
-	addl	36(%rsp),%ebp
-	xorl	%edx,%edi
-	movl	%eax,%esi
-	roll	$5,%eax
-	movdqa	%xmm2,%xmm8
-	movdqa	%xmm9,16(%rsp)
-	xorl	%ecx,%edi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	pslld	$2,%xmm2
-	addl	40(%rsp),%edx
-	xorl	%ecx,%esi
-	psrld	$30,%xmm8
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	xorl	%ebx,%esi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%esi,%edx
-	por	%xmm8,%xmm2
-	addl	44(%rsp),%ecx
-	xorl	%ebx,%edi
-	movdqa	%xmm2,%xmm9
-	movl	%edx,%esi
-	roll	$5,%edx
-	xorl	%eax,%edi
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	addl	48(%rsp),%ebx
-	pxor	%xmm7,%xmm3
-.byte	102,68,15,58,15,201,8
-	xorl	%eax,%esi
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	pxor	%xmm4,%xmm3
-	xorl	%ebp,%esi
-	addl	%ecx,%ebx
-	movdqa	%xmm10,%xmm8
-	paddd	%xmm2,%xmm10
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	pxor	%xmm9,%xmm3
-	addl	52(%rsp),%eax
-	xorl	%ebp,%edi
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	movdqa	%xmm3,%xmm9
-	movdqa	%xmm10,32(%rsp)
-	xorl	%edx,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	pslld	$2,%xmm3
-	addl	56(%rsp),%ebp
-	xorl	%edx,%esi
-	psrld	$30,%xmm9
-	movl	%eax,%edi
-	roll	$5,%eax
-	xorl	%ecx,%esi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	por	%xmm9,%xmm3
-	addl	60(%rsp),%edx
-	xorl	%ecx,%edi
-	movdqa	%xmm3,%xmm10
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	xorl	%ebx,%edi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%edi,%edx
-	addl	0(%rsp),%ecx
-	pxor	%xmm0,%xmm4
-.byte	102,68,15,58,15,210,8
-	xorl	%ebx,%esi
-	movl	%edx,%edi
-	roll	$5,%edx
-	pxor	%xmm5,%xmm4
-	xorl	%eax,%esi
-	addl	%edx,%ecx
-	movdqa	%xmm8,%xmm9
-	paddd	%xmm3,%xmm8
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	pxor	%xmm10,%xmm4
-	addl	4(%rsp),%ebx
-	xorl	%eax,%edi
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	movdqa	%xmm4,%xmm10
-	movdqa	%xmm8,48(%rsp)
-	xorl	%ebp,%edi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	pslld	$2,%xmm4
-	addl	8(%rsp),%eax
-	xorl	%ebp,%esi
-	psrld	$30,%xmm10
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	xorl	%edx,%esi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	por	%xmm10,%xmm4
-	addl	12(%rsp),%ebp
-	xorl	%edx,%edi
-	movdqa	%xmm4,%xmm8
-	movl	%eax,%esi
-	roll	$5,%eax
-	xorl	%ecx,%edi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	addl	16(%rsp),%edx
-	pxor	%xmm1,%xmm5
-.byte	102,68,15,58,15,195,8
-	xorl	%ecx,%esi
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	pxor	%xmm6,%xmm5
-	xorl	%ebx,%esi
-	addl	%ebp,%edx
-	movdqa	%xmm9,%xmm10
-	paddd	%xmm4,%xmm9
-	rorl	$7,%eax
-	addl	%esi,%edx
-	pxor	%xmm8,%xmm5
-	addl	20(%rsp),%ecx
-	xorl	%ebx,%edi
-	movl	%edx,%esi
-	roll	$5,%edx
-	movdqa	%xmm5,%xmm8
-	movdqa	%xmm9,0(%rsp)
-	xorl	%eax,%edi
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	pslld	$2,%xmm5
-	addl	24(%rsp),%ebx
-	xorl	%eax,%esi
-	psrld	$30,%xmm8
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	xorl	%ebp,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	por	%xmm8,%xmm5
-	addl	28(%rsp),%eax
-	xorl	%ebp,%edi
-	movdqa	%xmm5,%xmm9
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	movl	%ecx,%edi
-	pxor	%xmm2,%xmm6
-.byte	102,68,15,58,15,204,8
-	xorl	%edx,%ecx
-	addl	32(%rsp),%ebp
-	andl	%edx,%edi
-	pxor	%xmm7,%xmm6
-	andl	%ecx,%esi
-	rorl	$7,%ebx
-	movdqa	%xmm10,%xmm8
-	paddd	%xmm5,%xmm10
-	addl	%edi,%ebp
-	movl	%eax,%edi
-	pxor	%xmm9,%xmm6
-	roll	$5,%eax
-	addl	%esi,%ebp
-	xorl	%edx,%ecx
-	addl	%eax,%ebp
-	movdqa	%xmm6,%xmm9
-	movdqa	%xmm10,16(%rsp)
-	movl	%ebx,%esi
-	xorl	%ecx,%ebx
-	addl	36(%rsp),%edx
-	andl	%ecx,%esi
-	pslld	$2,%xmm6
-	andl	%ebx,%edi
-	rorl	$7,%eax
-	psrld	$30,%xmm9
-	addl	%esi,%edx
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	addl	%edi,%edx
-	xorl	%ecx,%ebx
-	addl	%ebp,%edx
-	por	%xmm9,%xmm6
-	movl	%eax,%edi
-	xorl	%ebx,%eax
-	movdqa	%xmm6,%xmm10
-	addl	40(%rsp),%ecx
-	andl	%ebx,%edi
-	andl	%eax,%esi
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	movl	%edx,%edi
-	roll	$5,%edx
-	addl	%esi,%ecx
-	xorl	%ebx,%eax
-	addl	%edx,%ecx
-	movl	%ebp,%esi
-	xorl	%eax,%ebp
-	addl	44(%rsp),%ebx
-	andl	%eax,%esi
-	andl	%ebp,%edi
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	addl	%edi,%ebx
-	xorl	%eax,%ebp
-	addl	%ecx,%ebx
-	movl	%edx,%edi
-	pxor	%xmm3,%xmm7
-.byte	102,68,15,58,15,213,8
-	xorl	%ebp,%edx
-	addl	48(%rsp),%eax
-	andl	%ebp,%edi
-	pxor	%xmm0,%xmm7
-	andl	%edx,%esi
-	rorl	$7,%ecx
-	movdqa	48(%r11),%xmm9
-	paddd	%xmm6,%xmm8
-	addl	%edi,%eax
-	movl	%ebx,%edi
-	pxor	%xmm10,%xmm7
-	roll	$5,%ebx
-	addl	%esi,%eax
-	xorl	%ebp,%edx
-	addl	%ebx,%eax
-	movdqa	%xmm7,%xmm10
-	movdqa	%xmm8,32(%rsp)
-	movl	%ecx,%esi
-	xorl	%edx,%ecx
-	addl	52(%rsp),%ebp
-	andl	%edx,%esi
-	pslld	$2,%xmm7
-	andl	%ecx,%edi
-	rorl	$7,%ebx
-	psrld	$30,%xmm10
-	addl	%esi,%ebp
-	movl	%eax,%esi
-	roll	$5,%eax
-	addl	%edi,%ebp
-	xorl	%edx,%ecx
-	addl	%eax,%ebp
-	por	%xmm10,%xmm7
-	movl	%ebx,%edi
-	xorl	%ecx,%ebx
-	movdqa	%xmm7,%xmm8
-	addl	56(%rsp),%edx
-	andl	%ecx,%edi
-	andl	%ebx,%esi
-	rorl	$7,%eax
-	addl	%edi,%edx
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	addl	%esi,%edx
-	xorl	%ecx,%ebx
-	addl	%ebp,%edx
-	movl	%eax,%esi
-	xorl	%ebx,%eax
-	addl	60(%rsp),%ecx
-	andl	%ebx,%esi
-	andl	%eax,%edi
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	movl	%edx,%esi
-	roll	$5,%edx
-	addl	%edi,%ecx
-	xorl	%ebx,%eax
-	addl	%edx,%ecx
-	movl	%ebp,%edi
-	pxor	%xmm4,%xmm0
-.byte	102,68,15,58,15,198,8
-	xorl	%eax,%ebp
-	addl	0(%rsp),%ebx
-	andl	%eax,%edi
-	pxor	%xmm1,%xmm0
-	andl	%ebp,%esi
-	rorl	$7,%edx
-	movdqa	%xmm9,%xmm10
-	paddd	%xmm7,%xmm9
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	pxor	%xmm8,%xmm0
-	roll	$5,%ecx
-	addl	%esi,%ebx
-	xorl	%eax,%ebp
-	addl	%ecx,%ebx
-	movdqa	%xmm0,%xmm8
-	movdqa	%xmm9,48(%rsp)
-	movl	%edx,%esi
-	xorl	%ebp,%edx
-	addl	4(%rsp),%eax
-	andl	%ebp,%esi
-	pslld	$2,%xmm0
-	andl	%edx,%edi
-	rorl	$7,%ecx
-	psrld	$30,%xmm8
-	addl	%esi,%eax
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	addl	%edi,%eax
-	xorl	%ebp,%edx
-	addl	%ebx,%eax
-	por	%xmm8,%xmm0
-	movl	%ecx,%edi
-	xorl	%edx,%ecx
-	movdqa	%xmm0,%xmm9
-	addl	8(%rsp),%ebp
-	andl	%edx,%edi
-	andl	%ecx,%esi
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	movl	%eax,%edi
-	roll	$5,%eax
-	addl	%esi,%ebp
-	xorl	%edx,%ecx
-	addl	%eax,%ebp
-	movl	%ebx,%esi
-	xorl	%ecx,%ebx
-	addl	12(%rsp),%edx
-	andl	%ecx,%esi
-	andl	%ebx,%edi
-	rorl	$7,%eax
-	addl	%esi,%edx
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	addl	%edi,%edx
-	xorl	%ecx,%ebx
-	addl	%ebp,%edx
-	movl	%eax,%edi
-	pxor	%xmm5,%xmm1
-.byte	102,68,15,58,15,207,8
-	xorl	%ebx,%eax
-	addl	16(%rsp),%ecx
-	andl	%ebx,%edi
-	pxor	%xmm2,%xmm1
-	andl	%eax,%esi
-	rorl	$7,%ebp
-	movdqa	%xmm10,%xmm8
-	paddd	%xmm0,%xmm10
-	addl	%edi,%ecx
-	movl	%edx,%edi
-	pxor	%xmm9,%xmm1
-	roll	$5,%edx
-	addl	%esi,%ecx
-	xorl	%ebx,%eax
-	addl	%edx,%ecx
-	movdqa	%xmm1,%xmm9
-	movdqa	%xmm10,0(%rsp)
-	movl	%ebp,%esi
-	xorl	%eax,%ebp
-	addl	20(%rsp),%ebx
-	andl	%eax,%esi
-	pslld	$2,%xmm1
-	andl	%ebp,%edi
-	rorl	$7,%edx
-	psrld	$30,%xmm9
-	addl	%esi,%ebx
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	addl	%edi,%ebx
-	xorl	%eax,%ebp
-	addl	%ecx,%ebx
-	por	%xmm9,%xmm1
-	movl	%edx,%edi
-	xorl	%ebp,%edx
-	movdqa	%xmm1,%xmm10
-	addl	24(%rsp),%eax
-	andl	%ebp,%edi
-	andl	%edx,%esi
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	addl	%esi,%eax
-	xorl	%ebp,%edx
-	addl	%ebx,%eax
-	movl	%ecx,%esi
-	xorl	%edx,%ecx
-	addl	28(%rsp),%ebp
-	andl	%edx,%esi
-	andl	%ecx,%edi
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	movl	%eax,%esi
-	roll	$5,%eax
-	addl	%edi,%ebp
-	xorl	%edx,%ecx
-	addl	%eax,%ebp
-	movl	%ebx,%edi
-	pxor	%xmm6,%xmm2
-.byte	102,68,15,58,15,208,8
-	xorl	%ecx,%ebx
-	addl	32(%rsp),%edx
-	andl	%ecx,%edi
-	pxor	%xmm3,%xmm2
-	andl	%ebx,%esi
-	rorl	$7,%eax
-	movdqa	%xmm8,%xmm9
-	paddd	%xmm1,%xmm8
-	addl	%edi,%edx
-	movl	%ebp,%edi
-	pxor	%xmm10,%xmm2
-	roll	$5,%ebp
-	addl	%esi,%edx
-	xorl	%ecx,%ebx
-	addl	%ebp,%edx
-	movdqa	%xmm2,%xmm10
-	movdqa	%xmm8,16(%rsp)
-	movl	%eax,%esi
-	xorl	%ebx,%eax
-	addl	36(%rsp),%ecx
-	andl	%ebx,%esi
-	pslld	$2,%xmm2
-	andl	%eax,%edi
-	rorl	$7,%ebp
-	psrld	$30,%xmm10
-	addl	%esi,%ecx
-	movl	%edx,%esi
-	roll	$5,%edx
-	addl	%edi,%ecx
-	xorl	%ebx,%eax
-	addl	%edx,%ecx
-	por	%xmm10,%xmm2
-	movl	%ebp,%edi
-	xorl	%eax,%ebp
-	movdqa	%xmm2,%xmm8
-	addl	40(%rsp),%ebx
-	andl	%eax,%edi
-	andl	%ebp,%esi
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	addl	%esi,%ebx
-	xorl	%eax,%ebp
-	addl	%ecx,%ebx
-	movl	%edx,%esi
-	xorl	%ebp,%edx
-	addl	44(%rsp),%eax
-	andl	%ebp,%esi
-	andl	%edx,%edi
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	addl	%edi,%eax
-	xorl	%ebp,%edx
-	addl	%ebx,%eax
-	addl	48(%rsp),%ebp
-	pxor	%xmm7,%xmm3
-.byte	102,68,15,58,15,193,8
-	xorl	%edx,%esi
-	movl	%eax,%edi
-	roll	$5,%eax
-	pxor	%xmm4,%xmm3
-	xorl	%ecx,%esi
-	addl	%eax,%ebp
-	movdqa	%xmm9,%xmm10
-	paddd	%xmm2,%xmm9
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	pxor	%xmm8,%xmm3
-	addl	52(%rsp),%edx
-	xorl	%ecx,%edi
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	movdqa	%xmm3,%xmm8
-	movdqa	%xmm9,32(%rsp)
-	xorl	%ebx,%edi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%edi,%edx
-	pslld	$2,%xmm3
-	addl	56(%rsp),%ecx
-	xorl	%ebx,%esi
-	psrld	$30,%xmm8
-	movl	%edx,%edi
-	roll	$5,%edx
-	xorl	%eax,%esi
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	por	%xmm8,%xmm3
-	addl	60(%rsp),%ebx
-	xorl	%eax,%edi
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	xorl	%ebp,%edi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	addl	0(%rsp),%eax
-	paddd	%xmm3,%xmm10
-	xorl	%ebp,%esi
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	xorl	%edx,%esi
-	movdqa	%xmm10,48(%rsp)
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	addl	4(%rsp),%ebp
-	xorl	%edx,%edi
-	movl	%eax,%esi
-	roll	$5,%eax
-	xorl	%ecx,%edi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	addl	8(%rsp),%edx
-	xorl	%ecx,%esi
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	xorl	%ebx,%esi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%esi,%edx
-	addl	12(%rsp),%ecx
-	xorl	%ebx,%edi
-	movl	%edx,%esi
-	roll	$5,%edx
-	xorl	%eax,%edi
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	cmpq	%r10,%r9
-	je	.Ldone_ssse3
-	movdqa	64(%r11),%xmm6
-	movdqa	0(%r11),%xmm9
-	movdqu	0(%r9),%xmm0
-	movdqu	16(%r9),%xmm1
-	movdqu	32(%r9),%xmm2
-	movdqu	48(%r9),%xmm3
-.byte	102,15,56,0,198
-	addq	$64,%r9
-	addl	16(%rsp),%ebx
-	xorl	%eax,%esi
-.byte	102,15,56,0,206
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	paddd	%xmm9,%xmm0
-	xorl	%ebp,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	movdqa	%xmm0,0(%rsp)
-	addl	20(%rsp),%eax
-	xorl	%ebp,%edi
-	psubd	%xmm9,%xmm0
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	addl	24(%rsp),%ebp
-	xorl	%edx,%esi
-	movl	%eax,%edi
-	roll	$5,%eax
-	xorl	%ecx,%esi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	addl	28(%rsp),%edx
-	xorl	%ecx,%edi
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	xorl	%ebx,%edi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%edi,%edx
-	addl	32(%rsp),%ecx
-	xorl	%ebx,%esi
-.byte	102,15,56,0,214
-	movl	%edx,%edi
-	roll	$5,%edx
-	paddd	%xmm9,%xmm1
-	xorl	%eax,%esi
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	movdqa	%xmm1,16(%rsp)
-	addl	36(%rsp),%ebx
-	xorl	%eax,%edi
-	psubd	%xmm9,%xmm1
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	xorl	%ebp,%edi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	addl	40(%rsp),%eax
-	xorl	%ebp,%esi
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	xorl	%edx,%esi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	addl	44(%rsp),%ebp
-	xorl	%edx,%edi
-	movl	%eax,%esi
-	roll	$5,%eax
-	xorl	%ecx,%edi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	addl	48(%rsp),%edx
-	xorl	%ecx,%esi
-.byte	102,15,56,0,222
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	paddd	%xmm9,%xmm2
-	xorl	%ebx,%esi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%esi,%edx
-	movdqa	%xmm2,32(%rsp)
-	addl	52(%rsp),%ecx
-	xorl	%ebx,%edi
-	psubd	%xmm9,%xmm2
-	movl	%edx,%esi
-	roll	$5,%edx
-	xorl	%eax,%edi
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	addl	56(%rsp),%ebx
-	xorl	%eax,%esi
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	xorl	%ebp,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	addl	60(%rsp),%eax
-	xorl	%ebp,%edi
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	addl	0(%r8),%eax
-	addl	4(%r8),%esi
-	addl	8(%r8),%ecx
-	addl	12(%r8),%edx
-	movl	%eax,0(%r8)
-	addl	16(%r8),%ebp
-	movl	%esi,4(%r8)
-	movl	%esi,%ebx
-	movl	%ecx,8(%r8)
-	movl	%edx,12(%r8)
-	movl	%ebp,16(%r8)
-	jmp	.Loop_ssse3
-
-.align	16
-.Ldone_ssse3:
-	addl	16(%rsp),%ebx
-	xorl	%eax,%esi
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	xorl	%ebp,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	addl	20(%rsp),%eax
-	xorl	%ebp,%edi
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	addl	24(%rsp),%ebp
-	xorl	%edx,%esi
-	movl	%eax,%edi
-	roll	$5,%eax
-	xorl	%ecx,%esi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%esi,%ebp
-	addl	28(%rsp),%edx
-	xorl	%ecx,%edi
-	movl	%ebp,%esi
-	roll	$5,%ebp
-	xorl	%ebx,%edi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%edi,%edx
-	addl	32(%rsp),%ecx
-	xorl	%ebx,%esi
-	movl	%edx,%edi
-	roll	$5,%edx
-	xorl	%eax,%esi
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%esi,%ecx
-	addl	36(%rsp),%ebx
-	xorl	%eax,%edi
-	movl	%ecx,%esi
-	roll	$5,%ecx
-	xorl	%ebp,%edi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%edi,%ebx
-	addl	40(%rsp),%eax
-	xorl	%ebp,%esi
-	movl	%ebx,%edi
-	roll	$5,%ebx
-	xorl	%edx,%esi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%esi,%eax
-	addl	44(%rsp),%ebp
-	xorl	%edx,%edi
-	movl	%eax,%esi
-	roll	$5,%eax
-	xorl	%ecx,%edi
-	addl	%eax,%ebp
-	rorl	$7,%ebx
-	addl	%edi,%ebp
-	addl	48(%rsp),%edx
-	xorl	%ecx,%esi
-	movl	%ebp,%edi
-	roll	$5,%ebp
-	xorl	%ebx,%esi
-	addl	%ebp,%edx
-	rorl	$7,%eax
-	addl	%esi,%edx
-	addl	52(%rsp),%ecx
-	xorl	%ebx,%edi
-	movl	%edx,%esi
-	roll	$5,%edx
-	xorl	%eax,%edi
-	addl	%edx,%ecx
-	rorl	$7,%ebp
-	addl	%edi,%ecx
-	addl	56(%rsp),%ebx
-	xorl	%eax,%esi
-	movl	%ecx,%edi
-	roll	$5,%ecx
-	xorl	%ebp,%esi
-	addl	%ecx,%ebx
-	rorl	$7,%edx
-	addl	%esi,%ebx
-	addl	60(%rsp),%eax
-	xorl	%ebp,%edi
-	movl	%ebx,%esi
-	roll	$5,%ebx
-	xorl	%edx,%edi
-	addl	%ebx,%eax
-	rorl	$7,%ecx
-	addl	%edi,%eax
-	addl	0(%r8),%eax
-	addl	4(%r8),%esi
-	addl	8(%r8),%ecx
-	movl	%eax,0(%r8)
-	addl	12(%r8),%edx
-	movl	%esi,4(%r8)
-	addl	16(%r8),%ebp
-	movl	%ecx,8(%r8)
-	movl	%edx,12(%r8)
-	movl	%ebp,16(%r8)
-	leaq	64(%rsp),%rsi
-	movq	0(%rsi),%r12
-	movq	8(%rsi),%rbp
-	movq	16(%rsi),%rbx
-	leaq	24(%rsi),%rsp
-.Lepilogue_ssse3:
-	.byte	0xf3,0xc3
-.size	sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
-.align	64
-K_XX_XX:
-.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	
-.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	
-.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	
-.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	
-.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	
-.byte	83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.align	64
diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl
deleted file mode 100755
index f15c7ec39b..0000000000
--- a/crypto/sha/asm/sha1-x86_64.pl
+++ /dev/null
@@ -1,1261 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# sha1_block procedure for x86_64.
-#
-# It was brought to my attention that on EM64T compiler-generated code
-# was far behind 32-bit assembler implementation. This is unlike on
-# Opteron where compiler-generated code was only 15% behind 32-bit
-# assembler, which originally made it hard to motivate the effort.
-# There was suggestion to mechanically translate 32-bit code, but I
-# dismissed it, reasoning that x86_64 offers enough register bank
-# capacity to fully utilize SHA-1 parallelism. Therefore this fresh
-# implementation:-) However! While 64-bit code does perform better
-# on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
-# x86_64 does offer larger *addressable* bank, but out-of-order core
-# reaches for even more registers through dynamic aliasing, and EM64T
-# core must have managed to run-time optimize even 32-bit code just as
-# good as 64-bit one. Performance improvement is summarized in the
-# following table:
-#
-#		gcc 3.4		32-bit asm	cycles/byte
-# Opteron	+45%		+20%		6.8
-# Xeon P4	+65%		+0%		9.9
-# Core2		+60%		+10%		7.0
-
-# August 2009.
-#
-# The code was revised to minimize code size and to maximize
-# "distance" between instructions producing input to 'lea'
-# instruction and the 'lea' instruction itself, which is essential
-# for Intel Atom core.
-
-# October 2010.
-#
-# Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
-# is to offload message schedule denoted by Wt in NIST specification,
-# or Xupdate in OpenSSL source, to SIMD unit. See sha1-586.pl module
-# for background and implementation details. The only difference from
-# 32-bit code is that 64-bit code doesn't have to spill @X[] elements
-# to free temporary registers.
-
-# April 2011.
-#
-# Add AVX code path. See sha1-586.pl for further information.
-
-######################################################################
-# Current performance is summarized in following table. Numbers are
-# CPU clock cycles spent to process single byte (less is better).
-#
-#		x86_64		SSSE3		AVX
-# P4		9.8		-
-# Opteron	6.6		-
-# Core2		6.7		6.1/+10%	-
-# Atom		11.0		9.7/+13%	-
-# Westmere	7.1		5.6/+27%	-
-# Sandy Bridge	7.9		6.3/+25%	5.2/+51%
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-$avx=1 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
-		=~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
-	   $1>=2.19);
-$avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
-	   `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
-	   $1>=2.09);
-$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
-	   `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
-	   $1>=10);
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-$ctx="%rdi";	# 1st arg
-$inp="%rsi";	# 2nd arg
-$num="%rdx";	# 3rd arg
-
-# reassign arguments in order to produce more compact code
-$ctx="%r8";
-$inp="%r9";
-$num="%r10";
-
-$t0="%eax";
-$t1="%ebx";
-$t2="%ecx";
-@xi=("%edx","%ebp");
-$A="%esi";
-$B="%edi";
-$C="%r11d";
-$D="%r12d";
-$E="%r13d";
-
-@V=($A,$B,$C,$D,$E);
-
-sub BODY_00_19 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-$code.=<<___ if ($i==0);
-	mov	`4*$i`($inp),$xi[0]
-	bswap	$xi[0]
-	mov	$xi[0],`4*$i`(%rsp)
-___
-$code.=<<___ if ($i<15);
-	mov	$c,$t0
-	mov	`4*$j`($inp),$xi[1]
-	mov	$a,$t2
-	xor	$d,$t0
-	bswap	$xi[1]
-	rol	\$5,$t2
-	lea	0x5a827999($xi[0],$e),$e
-	and	$b,$t0
-	mov	$xi[1],`4*$j`(%rsp)
-	add	$t2,$e
-	xor	$d,$t0
-	rol	\$30,$b
-	add	$t0,$e
-___
-$code.=<<___ if ($i>=15);
-	mov	`4*($j%16)`(%rsp),$xi[1]
-	mov	$c,$t0
-	mov	$a,$t2
-	xor	`4*(($j+2)%16)`(%rsp),$xi[1]
-	xor	$d,$t0
-	rol	\$5,$t2
-	xor	`4*(($j+8)%16)`(%rsp),$xi[1]
-	and	$b,$t0
-	lea	0x5a827999($xi[0],$e),$e
-	xor	`4*(($j+13)%16)`(%rsp),$xi[1]
-	xor	$d,$t0
-	rol	\$1,$xi[1]
-	add	$t2,$e
-	rol	\$30,$b
-	mov	$xi[1],`4*($j%16)`(%rsp)
-	add	$t0,$e
-___
-unshift(@xi,pop(@xi));
-}
-
-sub BODY_20_39 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
-$code.=<<___ if ($i<79);
-	mov	`4*($j%16)`(%rsp),$xi[1]
-	mov	$c,$t0
-	mov	$a,$t2
-	xor	`4*(($j+2)%16)`(%rsp),$xi[1]
-	xor	$b,$t0
-	rol	\$5,$t2
-	lea	$K($xi[0],$e),$e
-	xor	`4*(($j+8)%16)`(%rsp),$xi[1]
-	xor	$d,$t0
-	add	$t2,$e
-	xor	`4*(($j+13)%16)`(%rsp),$xi[1]
-	rol	\$30,$b
-	add	$t0,$e
-	rol	\$1,$xi[1]
-___
-$code.=<<___ if ($i<76);
-	mov	$xi[1],`4*($j%16)`(%rsp)
-___
-$code.=<<___ if ($i==79);
-	mov	$c,$t0
-	mov	$a,$t2
-	xor	$b,$t0
-	lea	$K($xi[0],$e),$e
-	rol	\$5,$t2
-	xor	$d,$t0
-	add	$t2,$e
-	rol	\$30,$b
-	add	$t0,$e
-___
-unshift(@xi,pop(@xi));
-}
-
-sub BODY_40_59 {
-my ($i,$a,$b,$c,$d,$e)=@_;
-my $j=$i+1;
-$code.=<<___;
-	mov	`4*($j%16)`(%rsp),$xi[1]
-	mov	$c,$t0
-	mov	$c,$t1
-	xor	`4*(($j+2)%16)`(%rsp),$xi[1]
-	and	$d,$t0
-	mov	$a,$t2
-	xor	`4*(($j+8)%16)`(%rsp),$xi[1]
-	xor	$d,$t1
-	lea	0x8f1bbcdc($xi[0],$e),$e
-	rol	\$5,$t2
-	xor	`4*(($j+13)%16)`(%rsp),$xi[1]
-	add	$t0,$e
-	and	$b,$t1
-	rol	\$1,$xi[1]
-	add	$t1,$e
-	rol	\$30,$b
-	mov	$xi[1],`4*($j%16)`(%rsp)
-	add	$t2,$e
-___
-unshift(@xi,pop(@xi));
-}
-
-$code.=<<___;
-.text
-.extern	OPENSSL_ia32cap_P
-
-.globl	sha1_block_data_order
-.type	sha1_block_data_order,\@function,3
-.align	16
-sha1_block_data_order:
-	mov	OPENSSL_ia32cap_P+0(%rip),%r9d
-	mov	OPENSSL_ia32cap_P+4(%rip),%r8d
-	test	\$`1<<9`,%r8d		# check SSSE3 bit
-	jz	.Lialu
-___
-$code.=<<___ if ($avx);
-	and	\$`1<<28`,%r8d		# mask AVX bit
-	and	\$`1<<30`,%r9d		# mask "Intel CPU" bit
-	or	%r9d,%r8d
-	cmp	\$`1<<28|1<<30`,%r8d
-	je	_avx_shortcut
-___
-$code.=<<___;
-	jmp	_ssse3_shortcut
-
-.align	16
-.Lialu:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	mov	%rsp,%r11
-	mov	%rdi,$ctx	# reassigned argument
-	sub	\$`8+16*4`,%rsp
-	mov	%rsi,$inp	# reassigned argument
-	and	\$-64,%rsp
-	mov	%rdx,$num	# reassigned argument
-	mov	%r11,`16*4`(%rsp)
-.Lprologue:
-
-	mov	0($ctx),$A
-	mov	4($ctx),$B
-	mov	8($ctx),$C
-	mov	12($ctx),$D
-	mov	16($ctx),$E
-	jmp	.Lloop
-
-.align	16
-.Lloop:
-___
-for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
-for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
-for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	add	0($ctx),$A
-	add	4($ctx),$B
-	add	8($ctx),$C
-	add	12($ctx),$D
-	add	16($ctx),$E
-	mov	$A,0($ctx)
-	mov	$B,4($ctx)
-	mov	$C,8($ctx)
-	mov	$D,12($ctx)
-	mov	$E,16($ctx)
-
-	sub	\$1,$num
-	lea	`16*4`($inp),$inp
-	jnz	.Lloop
-
-	mov	`16*4`(%rsp),%rsi
-	mov	(%rsi),%r13
-	mov	8(%rsi),%r12
-	mov	16(%rsi),%rbp
-	mov	24(%rsi),%rbx
-	lea	32(%rsi),%rsp
-.Lepilogue:
-	ret
-.size	sha1_block_data_order,.-sha1_block_data_order
-___
-{{{
-my $Xi=4;
-my @X=map("%xmm$_",(4..7,0..3));
-my @Tx=map("%xmm$_",(8..10));
-my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");	# size optimization
-my @T=("%esi","%edi");
-my $j=0;
-my $K_XX_XX="%r11";
-
-my $_rol=sub { &rol(@_) };
-my $_ror=sub { &ror(@_) };
-
-$code.=<<___;
-.type	sha1_block_data_order_ssse3,\@function,3
-.align	16
-sha1_block_data_order_ssse3:
-_ssse3_shortcut:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	lea	`-64-($win64?5*16:0)`(%rsp),%rsp
-___
-$code.=<<___ if ($win64);
-	movaps	%xmm6,64+0(%rsp)
-	movaps	%xmm7,64+16(%rsp)
-	movaps	%xmm8,64+32(%rsp)
-	movaps	%xmm9,64+48(%rsp)
-	movaps	%xmm10,64+64(%rsp)
-.Lprologue_ssse3:
-___
-$code.=<<___;
-	mov	%rdi,$ctx	# reassigned argument
-	mov	%rsi,$inp	# reassigned argument
-	mov	%rdx,$num	# reassigned argument
-
-	shl	\$6,$num
-	add	$inp,$num
-	lea	K_XX_XX(%rip),$K_XX_XX
-
-	mov	0($ctx),$A		# load context
-	mov	4($ctx),$B
-	mov	8($ctx),$C
-	mov	12($ctx),$D
-	mov	$B,@T[0]		# magic seed
-	mov	16($ctx),$E
-
-	movdqa	64($K_XX_XX),@X[2]	# pbswap mask
-	movdqa	0($K_XX_XX),@Tx[1]	# K_00_19
-	movdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
-	movdqu	16($inp),@X[-3&7]
-	movdqu	32($inp),@X[-2&7]
-	movdqu	48($inp),@X[-1&7]
-	pshufb	@X[2],@X[-4&7]		# byte swap
-	add	\$64,$inp
-	pshufb	@X[2],@X[-3&7]
-	pshufb	@X[2],@X[-2&7]
-	pshufb	@X[2],@X[-1&7]
-	paddd	@Tx[1],@X[-4&7]		# add K_00_19
-	paddd	@Tx[1],@X[-3&7]
-	paddd	@Tx[1],@X[-2&7]
-	movdqa	@X[-4&7],0(%rsp)	# X[]+K xfer to IALU
-	psubd	@Tx[1],@X[-4&7]		# restore X[]
-	movdqa	@X[-3&7],16(%rsp)
-	psubd	@Tx[1],@X[-3&7]
-	movdqa	@X[-2&7],32(%rsp)
-	psubd	@Tx[1],@X[-2&7]
-	jmp	.Loop_ssse3
-___
-
-sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
-{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
-  my $arg = pop;
-    $arg = "\$$arg" if ($arg*1 eq $arg);
-    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
-}
-
-sub Xupdate_ssse3_16_31()		# recall that $Xi starts wtih 4
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
-  my ($a,$b,$c,$d,$e);
-
-	&movdqa	(@X[0],@X[-3&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&movdqa	(@Tx[0],@X[-1&7]);
-	&palignr(@X[0],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	  &paddd	(@Tx[1],@X[-1&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&psrldq	(@Tx[0],4);		# "X[-3]", 3 dwords
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&pxor	(@X[0],@X[-4&7]);	# "X[0]"^="X[-16]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pxor	(@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pxor	(@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&movdqa	(@Tx[2],@X[0]);
-	&movdqa	(@Tx[0],@X[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pslldq	(@Tx[2],12);		# "X[0]"<<96, extract one dword
-	&paddd	(@X[0],@X[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&psrld	(@Tx[0],31);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&movdqa	(@Tx[1],@Tx[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&psrld	(@Tx[2],30);
-	&por	(@X[0],@Tx[0]);		# "X[0]"<<<=1
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pslld	(@Tx[1],2);
-	&pxor	(@X[0],@Tx[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &movdqa	(@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)");	# K_XX_XX
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&pxor	(@X[0],@Tx[1]);		# "X[0]"^=("X[0]">>96)<<<2
-
-	 foreach (@insns) { eval; }	# remaining instructions [if any]
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-		push(@Tx,shift(@Tx));
-}
-
-sub Xupdate_ssse3_32_79()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 48 instructions
-  my ($a,$b,$c,$d,$e);
-
-	&movdqa	(@Tx[0],@X[-1&7])	if ($Xi==8);
-	 eval(shift(@insns));		# body_20_39
-	&pxor	(@X[0],@X[-4&7]);	# "X[0]"="X[-32]"^"X[-16]"
-	&palignr(@Tx[0],@X[-2&7],8);	# compose "X[-6]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-
-	&pxor	(@X[0],@X[-7&7]);	# "X[0]"^="X[-28]"
-	 eval(shift(@insns));
-	 eval(shift(@insns))	if (@insns[0] !~ /&ro[rl]/);
-	if ($Xi%5) {
-	  &movdqa	(@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
-	} else {			# ... or load next one
-	  &movdqa	(@Tx[2],eval(16*($Xi/5))."($K_XX_XX)");
-	}
-	  &paddd	(@Tx[1],@X[-1&7]);
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&pxor	(@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-
-	&movdqa	(@Tx[0],@X[0]);
-	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&pslld	(@X[0],2);
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	&psrld	(@Tx[0],30);
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&por	(@X[0],@Tx[0]);		# "X[0]"<<<=2
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	  &movdqa	(@Tx[1],@X[0])	if ($Xi<19);
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-
-	 foreach (@insns) { eval; }	# remaining instructions
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-		push(@Tx,shift(@Tx));
-}
-
-sub Xuplast_ssse3_80()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	  &paddd	(@Tx[1],@X[-1&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer IALU
-
-	 foreach (@insns) { eval; }		# remaining instructions
-
-	&cmp	($inp,$num);
-	&je	(".Ldone_ssse3");
-
-	unshift(@Tx,pop(@Tx));
-
-	&movdqa	(@X[2],"64($K_XX_XX)");		# pbswap mask
-	&movdqa	(@Tx[1],"0($K_XX_XX)");		# K_00_19
-	&movdqu	(@X[-4&7],"0($inp)");		# load input
-	&movdqu	(@X[-3&7],"16($inp)");
-	&movdqu	(@X[-2&7],"32($inp)");
-	&movdqu	(@X[-1&7],"48($inp)");
-	&pshufb	(@X[-4&7],@X[2]);		# byte swap
-	&add	($inp,64);
-
-  $Xi=0;
-}
-
-sub Xloop_ssse3()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&pshufb	(@X[($Xi-3)&7],@X[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&paddd	(@X[($Xi-4)&7],@Tx[1]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&movdqa	(eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&psubd	(@X[($Xi-4)&7],@Tx[1]);
-
-	foreach (@insns) { eval; }
-  $Xi++;
-}
-
-sub Xtail_ssse3()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	foreach (@insns) { eval; }
-}
-
-sub body_00_19 () {
-	(
-	'($a,$b,$c,$d,$e)=@V;'.
-	'&add	($e,eval(4*($j&15))."(%rsp)");',	# X[]+K xfer
-	'&xor	($c,$d);',
-	'&mov	(@T[1],$a);',	# $b in next round
-	'&$_rol	($a,5);',
-	'&and	(@T[0],$c);',	# ($b&($c^$d))
-	'&xor	($c,$d);',	# restore $c
-	'&xor	(@T[0],$d);',
-	'&add	($e,$a);',
-	'&$_ror	($b,$j?7:2);',	# $b>>>2
-	'&add	($e,@T[0]);'	.'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
-	);
-}
-
-sub body_20_39 () {
-	(
-	'($a,$b,$c,$d,$e)=@V;'.
-	'&add	($e,eval(4*($j++&15))."(%rsp)");',	# X[]+K xfer
-	'&xor	(@T[0],$d);',	# ($b^$d)
-	'&mov	(@T[1],$a);',	# $b in next round
-	'&$_rol	($a,5);',
-	'&xor	(@T[0],$c);',	# ($b^$d^$c)
-	'&add	($e,$a);',
-	'&$_ror	($b,7);',	# $b>>>2
-	'&add	($e,@T[0]);'	.'unshift(@V,pop(@V)); unshift(@T,pop(@T));'
-	);
-}
-
-sub body_40_59 () {
-	(
-	'($a,$b,$c,$d,$e)=@V;'.
-	'&mov	(@T[1],$c);',
-	'&xor	($c,$d);',
-	'&add	($e,eval(4*($j++&15))."(%rsp)");',	# X[]+K xfer
-	'&and	(@T[1],$d);',
-	'&and	(@T[0],$c);',	# ($b&($c^$d))
-	'&$_ror	($b,7);',	# $b>>>2
-	'&add	($e,@T[1]);',
-	'&mov	(@T[1],$a);',	# $b in next round
-	'&$_rol	($a,5);',
-	'&add	($e,@T[0]);',
-	'&xor	($c,$d);',	# restore $c
-	'&add	($e,$a);'	.'unshift(@V,pop(@V)); unshift(@T,pop(@T));'
-	);
-}
-$code.=<<___;
-.align	16
-.Loop_ssse3:
-___
-	&Xupdate_ssse3_16_31(\&body_00_19);
-	&Xupdate_ssse3_16_31(\&body_00_19);
-	&Xupdate_ssse3_16_31(\&body_00_19);
-	&Xupdate_ssse3_16_31(\&body_00_19);
-	&Xupdate_ssse3_32_79(\&body_00_19);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_40_59);
-	&Xupdate_ssse3_32_79(\&body_20_39);
-	&Xuplast_ssse3_80(\&body_20_39);	# can jump to "done"
-
-				$saved_j=$j; @saved_V=@V;
-
-	&Xloop_ssse3(\&body_20_39);
-	&Xloop_ssse3(\&body_20_39);
-	&Xloop_ssse3(\&body_20_39);
-
-$code.=<<___;
-	add	0($ctx),$A			# update context
-	add	4($ctx),@T[0]
-	add	8($ctx),$C
-	add	12($ctx),$D
-	mov	$A,0($ctx)
-	add	16($ctx),$E
-	mov	@T[0],4($ctx)
-	mov	@T[0],$B			# magic seed
-	mov	$C,8($ctx)
-	mov	$D,12($ctx)
-	mov	$E,16($ctx)
-	jmp	.Loop_ssse3
-
-.align	16
-.Ldone_ssse3:
-___
-				$j=$saved_j; @V=@saved_V;
-
-	&Xtail_ssse3(\&body_20_39);
-	&Xtail_ssse3(\&body_20_39);
-	&Xtail_ssse3(\&body_20_39);
-
-$code.=<<___;
-	add	0($ctx),$A			# update context
-	add	4($ctx),@T[0]
-	add	8($ctx),$C
-	mov	$A,0($ctx)
-	add	12($ctx),$D
-	mov	@T[0],4($ctx)
-	add	16($ctx),$E
-	mov	$C,8($ctx)
-	mov	$D,12($ctx)
-	mov	$E,16($ctx)
-___
-$code.=<<___ if ($win64);
-	movaps	64+0(%rsp),%xmm6
-	movaps	64+16(%rsp),%xmm7
-	movaps	64+32(%rsp),%xmm8
-	movaps	64+48(%rsp),%xmm9
-	movaps	64+64(%rsp),%xmm10
-___
-$code.=<<___;
-	lea	`64+($win64?5*16:0)`(%rsp),%rsi
-	mov	0(%rsi),%r12
-	mov	8(%rsi),%rbp
-	mov	16(%rsi),%rbx
-	lea	24(%rsi),%rsp
-.Lepilogue_ssse3:
-	ret
-.size	sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
-___
-
-if ($avx) {
-my $Xi=4;
-my @X=map("%xmm$_",(4..7,0..3));
-my @Tx=map("%xmm$_",(8..10));
-my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");	# size optimization
-my @T=("%esi","%edi");
-my $j=0;
-my $K_XX_XX="%r11";
-
-my $_rol=sub { &shld(@_[0],@_) };
-my $_ror=sub { &shrd(@_[0],@_) };
-
-$code.=<<___;
-.type	sha1_block_data_order_avx,\@function,3
-.align	16
-sha1_block_data_order_avx:
-_avx_shortcut:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	lea	`-64-($win64?5*16:0)`(%rsp),%rsp
-___
-$code.=<<___ if ($win64);
-	movaps	%xmm6,64+0(%rsp)
-	movaps	%xmm7,64+16(%rsp)
-	movaps	%xmm8,64+32(%rsp)
-	movaps	%xmm9,64+48(%rsp)
-	movaps	%xmm10,64+64(%rsp)
-.Lprologue_avx:
-___
-$code.=<<___;
-	mov	%rdi,$ctx	# reassigned argument
-	mov	%rsi,$inp	# reassigned argument
-	mov	%rdx,$num	# reassigned argument
-	vzeroupper
-
-	shl	\$6,$num
-	add	$inp,$num
-	lea	K_XX_XX(%rip),$K_XX_XX
-
-	mov	0($ctx),$A		# load context
-	mov	4($ctx),$B
-	mov	8($ctx),$C
-	mov	12($ctx),$D
-	mov	$B,@T[0]		# magic seed
-	mov	16($ctx),$E
-
-	vmovdqa	64($K_XX_XX),@X[2]	# pbswap mask
-	vmovdqa	0($K_XX_XX),@Tx[1]	# K_00_19
-	vmovdqu	0($inp),@X[-4&7]	# load input to %xmm[0-3]
-	vmovdqu	16($inp),@X[-3&7]
-	vmovdqu	32($inp),@X[-2&7]
-	vmovdqu	48($inp),@X[-1&7]
-	vpshufb	@X[2],@X[-4&7],@X[-4&7]	# byte swap
-	add	\$64,$inp
-	vpshufb	@X[2],@X[-3&7],@X[-3&7]
-	vpshufb	@X[2],@X[-2&7],@X[-2&7]
-	vpshufb	@X[2],@X[-1&7],@X[-1&7]
-	vpaddd	@Tx[1],@X[-4&7],@X[0]	# add K_00_19
-	vpaddd	@Tx[1],@X[-3&7],@X[1]
-	vpaddd	@Tx[1],@X[-2&7],@X[2]
-	vmovdqa	@X[0],0(%rsp)		# X[]+K xfer to IALU
-	vmovdqa	@X[1],16(%rsp)
-	vmovdqa	@X[2],32(%rsp)
-	jmp	.Loop_avx
-___
-
-sub Xupdate_avx_16_31()		# recall that $Xi starts wtih 4
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpalignr(@X[0],@X[-3&7],@X[-4&7],8);	# compose "X[-14]" in "X[0]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	  &vpaddd	(@Tx[1],@Tx[1],@X[-1&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpsrldq(@Tx[0],@X[-1&7],4);	# "X[-3]", 3 dwords
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpxor	(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-3]"^"X[-8]"
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpsrld	(@Tx[0],@X[0],31);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpslldq(@Tx[2],@X[0],12);		# "X[0]"<<96, extract one dword
-	&vpaddd	(@X[0],@X[0],@X[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpsrld	(@Tx[1],@Tx[2],30);
-	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=1
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpslld	(@Tx[2],@Tx[2],2);
-	&vpxor	(@X[0],@X[0],@Tx[1]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	&vpxor	(@X[0],@X[0],@Tx[2]);		# "X[0]"^=("X[0]">>96)<<<2
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vmovdqa	(@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)");	# K_XX_XX
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-
-	 foreach (@insns) { eval; }	# remaining instructions [if any]
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-		push(@Tx,shift(@Tx));
-}
-
-sub Xupdate_avx_32_79()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 to 48 instructions
-  my ($a,$b,$c,$d,$e);
-
-	&vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8);	# compose "X[-6]"
-	&vpxor	(@X[0],@X[0],@X[-4&7]);		# "X[0]"="X[-32]"^"X[-16]"
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-
-	&vpxor	(@X[0],@X[0],@X[-7&7]);		# "X[0]"^="X[-28]"
-	 eval(shift(@insns));
-	 eval(shift(@insns))	if (@insns[0] !~ /&ro[rl]/);
-	if ($Xi%5) {
-	  &vmovdqa	(@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
-	} else {			# ... or load next one
-	  &vmovdqa	(@Tx[2],eval(16*($Xi/5))."($K_XX_XX)");
-	}
-	  &vpaddd	(@Tx[1],@Tx[1],@X[-1&7]);
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&vpxor	(@X[0],@X[0],@Tx[0]);		# "X[0]"^="X[-6]"
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-
-	&vpsrld	(@Tx[0],@X[0],30);
-	  &vmovdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&vpslld	(@X[0],@X[0],2);
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# ror
-	 eval(shift(@insns));
-
-	&vpor	(@X[0],@X[0],@Tx[0]);		# "X[0]"<<<=2
-	 eval(shift(@insns));		# body_20_39
-	 eval(shift(@insns));
-	  &vmovdqa	(@Tx[1],@X[0])	if ($Xi<19);
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));		# rol
-	 eval(shift(@insns));
-
-	 foreach (@insns) { eval; }	# remaining instructions
-
-  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-		push(@Tx,shift(@Tx));
-}
-
-sub Xuplast_avx_80()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	  &vpaddd	(@Tx[1],@Tx[1],@X[-1&7]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	  &movdqa	(eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]);	# X[]+K xfer IALU
-
-	 foreach (@insns) { eval; }		# remaining instructions
-
-	&cmp	($inp,$num);
-	&je	(".Ldone_avx");
-
-	unshift(@Tx,pop(@Tx));
-
-	&vmovdqa(@X[2],"64($K_XX_XX)");		# pbswap mask
-	&vmovdqa(@Tx[1],"0($K_XX_XX)");		# K_00_19
-	&vmovdqu(@X[-4&7],"0($inp)");		# load input
-	&vmovdqu(@X[-3&7],"16($inp)");
-	&vmovdqu(@X[-2&7],"32($inp)");
-	&vmovdqu(@X[-1&7],"48($inp)");
-	&vpshufb(@X[-4&7],@X[-4&7],@X[2]);	# byte swap
-	&add	($inp,64);
-
-  $Xi=0;
-}
-
-sub Xloop_avx()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vpaddd	(@X[$Xi&7],@X[($Xi-4)&7],@Tx[1]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]);	# X[]+K xfer to IALU
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	foreach (@insns) { eval; }
-  $Xi++;
-}
-
-sub Xtail_avx()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);	# 32 instructions
-  my ($a,$b,$c,$d,$e);
-
-	foreach (@insns) { eval; }
-}
-
-$code.=<<___;
-.align	16
-.Loop_avx:
-___
-	&Xupdate_avx_16_31(\&body_00_19);
-	&Xupdate_avx_16_31(\&body_00_19);
-	&Xupdate_avx_16_31(\&body_00_19);
-	&Xupdate_avx_16_31(\&body_00_19);
-	&Xupdate_avx_32_79(\&body_00_19);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_40_59);
-	&Xupdate_avx_32_79(\&body_20_39);
-	&Xuplast_avx_80(\&body_20_39);	# can jump to "done"
-
-				$saved_j=$j; @saved_V=@V;
-
-	&Xloop_avx(\&body_20_39);
-	&Xloop_avx(\&body_20_39);
-	&Xloop_avx(\&body_20_39);
-
-$code.=<<___;
-	add	0($ctx),$A			# update context
-	add	4($ctx),@T[0]
-	add	8($ctx),$C
-	add	12($ctx),$D
-	mov	$A,0($ctx)
-	add	16($ctx),$E
-	mov	@T[0],4($ctx)
-	mov	@T[0],$B			# magic seed
-	mov	$C,8($ctx)
-	mov	$D,12($ctx)
-	mov	$E,16($ctx)
-	jmp	.Loop_avx
-
-.align	16
-.Ldone_avx:
-___
-				$j=$saved_j; @V=@saved_V;
-
-	&Xtail_avx(\&body_20_39);
-	&Xtail_avx(\&body_20_39);
-	&Xtail_avx(\&body_20_39);
-
-$code.=<<___;
-	vzeroupper
-
-	add	0($ctx),$A			# update context
-	add	4($ctx),@T[0]
-	add	8($ctx),$C
-	mov	$A,0($ctx)
-	add	12($ctx),$D
-	mov	@T[0],4($ctx)
-	add	16($ctx),$E
-	mov	$C,8($ctx)
-	mov	$D,12($ctx)
-	mov	$E,16($ctx)
-___
-$code.=<<___ if ($win64);
-	movaps	64+0(%rsp),%xmm6
-	movaps	64+16(%rsp),%xmm7
-	movaps	64+32(%rsp),%xmm8
-	movaps	64+48(%rsp),%xmm9
-	movaps	64+64(%rsp),%xmm10
-___
-$code.=<<___;
-	lea	`64+($win64?5*16:0)`(%rsp),%rsi
-	mov	0(%rsi),%r12
-	mov	8(%rsi),%rbp
-	mov	16(%rsi),%rbx
-	lea	24(%rsi),%rsp
-.Lepilogue_avx:
-	ret
-.size	sha1_block_data_order_avx,.-sha1_block_data_order_avx
-___
-}
-$code.=<<___;
-.align	64
-K_XX_XX:
-.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	# K_00_19
-.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	# K_20_39
-.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	# K_40_59
-.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	# K_60_79
-.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f	# pbswap mask
-___
-}}}
-$code.=<<___;
-.asciz	"SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
-.align	64
-___
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	se_handler,\@abi-omnipotent
-.align	16
-se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	lea	.Lprologue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<.Lprologue
-	jb	.Lcommon_seh_tail
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	lea	.Lepilogue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
-	jae	.Lcommon_seh_tail
-
-	mov	`16*4`(%rax),%rax	# pull saved stack pointer
-	lea	32(%rax),%rax
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%rbp
-	mov	-24(%rax),%r12
-	mov	-32(%rax),%r13
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-
-	jmp	.Lcommon_seh_tail
-.size	se_handler,.-se_handler
-
-.type	ssse3_handler,\@abi-omnipotent
-.align	16
-ssse3_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	mov	8($disp),%rsi		# disp->ImageBase
-	mov	56($disp),%r11		# disp->HandlerData
-
-	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# prologue label
-	cmp	%r10,%rbx		# context->Rip<prologue label
-	jb	.Lcommon_seh_tail
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	mov	4(%r11),%r10d		# HandlerData[1]
-	lea	(%rsi,%r10),%r10	# epilogue label
-	cmp	%r10,%rbx		# context->Rip>=epilogue label
-	jae	.Lcommon_seh_tail
-
-	lea	64(%rax),%rsi
-	lea	512($context),%rdi	# &context.Xmm6
-	mov	\$10,%ecx
-	.long	0xa548f3fc		# cld; rep movsq
-	lea	`24+64+5*16`(%rax),%rax	# adjust stack pointer
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%rbp
-	mov	-24(%rax),%r12
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore cotnext->R12
-
-.Lcommon_seh_tail:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	ssse3_handler,.-ssse3_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_sha1_block_data_order
-	.rva	.LSEH_end_sha1_block_data_order
-	.rva	.LSEH_info_sha1_block_data_order
-	.rva	.LSEH_begin_sha1_block_data_order_ssse3
-	.rva	.LSEH_end_sha1_block_data_order_ssse3
-	.rva	.LSEH_info_sha1_block_data_order_ssse3
-___
-$code.=<<___ if ($avx);
-	.rva	.LSEH_begin_sha1_block_data_order_avx
-	.rva	.LSEH_end_sha1_block_data_order_avx
-	.rva	.LSEH_info_sha1_block_data_order_avx
-___
-$code.=<<___;
-.section	.xdata
-.align	8
-.LSEH_info_sha1_block_data_order:
-	.byte	9,0,0,0
-	.rva	se_handler
-.LSEH_info_sha1_block_data_order_ssse3:
-	.byte	9,0,0,0
-	.rva	ssse3_handler
-	.rva	.Lprologue_ssse3,.Lepilogue_ssse3	# HandlerData[]
-___
-$code.=<<___ if ($avx);
-.LSEH_info_sha1_block_data_order_avx:
-	.byte	9,0,0,0
-	.rva	ssse3_handler
-	.rva	.Lprologue_avx,.Lepilogue_avx		# HandlerData[]
-___
-}
-
-####################################################################
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/sha/asm/sha256-586.S b/crypto/sha/asm/sha256-586.S
deleted file mode 100644
index 77a89514f1..0000000000
--- a/crypto/sha/asm/sha256-586.S
+++ /dev/null
@@ -1,258 +0,0 @@
-.file	"sha512-586.s"
-.text
-.globl	sha256_block_data_order
-.type	sha256_block_data_order,@function
-.align	16
-sha256_block_data_order:
-.L_sha256_block_data_order_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%esi
-	movl	24(%esp),%edi
-	movl	28(%esp),%eax
-	movl	%esp,%ebx
-	call	.L000pic_point
-.L000pic_point:
-	popl	%ebp
-	leal	.L001K256-.L000pic_point(%ebp),%ebp
-	subl	$16,%esp
-	andl	$-64,%esp
-	shll	$6,%eax
-	addl	%edi,%eax
-	movl	%esi,(%esp)
-	movl	%edi,4(%esp)
-	movl	%eax,8(%esp)
-	movl	%ebx,12(%esp)
-.align	16
-.L002loop:
-	movl	(%edi),%eax
-	movl	4(%edi),%ebx
-	movl	8(%edi),%ecx
-	movl	12(%edi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	pushl	%eax
-	pushl	%ebx
-	pushl	%ecx
-	pushl	%edx
-	movl	16(%edi),%eax
-	movl	20(%edi),%ebx
-	movl	24(%edi),%ecx
-	movl	28(%edi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	pushl	%eax
-	pushl	%ebx
-	pushl	%ecx
-	pushl	%edx
-	movl	32(%edi),%eax
-	movl	36(%edi),%ebx
-	movl	40(%edi),%ecx
-	movl	44(%edi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	pushl	%eax
-	pushl	%ebx
-	pushl	%ecx
-	pushl	%edx
-	movl	48(%edi),%eax
-	movl	52(%edi),%ebx
-	movl	56(%edi),%ecx
-	movl	60(%edi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	pushl	%eax
-	pushl	%ebx
-	pushl	%ecx
-	pushl	%edx
-	addl	$64,%edi
-	subl	$32,%esp
-	movl	%edi,100(%esp)
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edi
-	movl	%ebx,4(%esp)
-	movl	%ecx,8(%esp)
-	movl	%edi,12(%esp)
-	movl	16(%esi),%edx
-	movl	20(%esi),%ebx
-	movl	24(%esi),%ecx
-	movl	28(%esi),%edi
-	movl	%ebx,20(%esp)
-	movl	%ecx,24(%esp)
-	movl	%edi,28(%esp)
-.align	16
-.L00300_15:
-	movl	92(%esp),%ebx
-	movl	%edx,%ecx
-	rorl	$14,%ecx
-	movl	20(%esp),%esi
-	xorl	%edx,%ecx
-	rorl	$5,%ecx
-	xorl	%edx,%ecx
-	rorl	$6,%ecx
-	movl	24(%esp),%edi
-	addl	%ecx,%ebx
-	xorl	%edi,%esi
-	movl	%edx,16(%esp)
-	movl	%eax,%ecx
-	andl	%edx,%esi
-	movl	12(%esp),%edx
-	xorl	%edi,%esi
-	movl	%eax,%edi
-	addl	%esi,%ebx
-	rorl	$9,%ecx
-	addl	28(%esp),%ebx
-	xorl	%eax,%ecx
-	rorl	$11,%ecx
-	movl	4(%esp),%esi
-	xorl	%eax,%ecx
-	rorl	$2,%ecx
-	addl	%ebx,%edx
-	movl	8(%esp),%edi
-	addl	%ecx,%ebx
-	movl	%eax,(%esp)
-	movl	%eax,%ecx
-	subl	$4,%esp
-	orl	%esi,%eax
-	andl	%esi,%ecx
-	andl	%edi,%eax
-	movl	(%ebp),%esi
-	orl	%ecx,%eax
-	addl	$4,%ebp
-	addl	%ebx,%eax
-	addl	%esi,%edx
-	addl	%esi,%eax
-	cmpl	$3248222580,%esi
-	jne	.L00300_15
-	movl	152(%esp),%ebx
-.align	16
-.L00416_63:
-	movl	%ebx,%esi
-	movl	100(%esp),%ecx
-	rorl	$11,%esi
-	movl	%ecx,%edi
-	xorl	%ebx,%esi
-	rorl	$7,%esi
-	shrl	$3,%ebx
-	rorl	$2,%edi
-	xorl	%esi,%ebx
-	xorl	%ecx,%edi
-	rorl	$17,%edi
-	shrl	$10,%ecx
-	addl	156(%esp),%ebx
-	xorl	%ecx,%edi
-	addl	120(%esp),%ebx
-	movl	%edx,%ecx
-	addl	%edi,%ebx
-	rorl	$14,%ecx
-	movl	20(%esp),%esi
-	xorl	%edx,%ecx
-	rorl	$5,%ecx
-	movl	%ebx,92(%esp)
-	xorl	%edx,%ecx
-	rorl	$6,%ecx
-	movl	24(%esp),%edi
-	addl	%ecx,%ebx
-	xorl	%edi,%esi
-	movl	%edx,16(%esp)
-	movl	%eax,%ecx
-	andl	%edx,%esi
-	movl	12(%esp),%edx
-	xorl	%edi,%esi
-	movl	%eax,%edi
-	addl	%esi,%ebx
-	rorl	$9,%ecx
-	addl	28(%esp),%ebx
-	xorl	%eax,%ecx
-	rorl	$11,%ecx
-	movl	4(%esp),%esi
-	xorl	%eax,%ecx
-	rorl	$2,%ecx
-	addl	%ebx,%edx
-	movl	8(%esp),%edi
-	addl	%ecx,%ebx
-	movl	%eax,(%esp)
-	movl	%eax,%ecx
-	subl	$4,%esp
-	orl	%esi,%eax
-	andl	%esi,%ecx
-	andl	%edi,%eax
-	movl	(%ebp),%esi
-	orl	%ecx,%eax
-	addl	$4,%ebp
-	addl	%ebx,%eax
-	movl	152(%esp),%ebx
-	addl	%esi,%edx
-	addl	%esi,%eax
-	cmpl	$3329325298,%esi
-	jne	.L00416_63
-	movl	352(%esp),%esi
-	movl	4(%esp),%ebx
-	movl	8(%esp),%ecx
-	movl	12(%esp),%edi
-	addl	(%esi),%eax
-	addl	4(%esi),%ebx
-	addl	8(%esi),%ecx
-	addl	12(%esi),%edi
-	movl	%eax,(%esi)
-	movl	%ebx,4(%esi)
-	movl	%ecx,8(%esi)
-	movl	%edi,12(%esi)
-	movl	20(%esp),%eax
-	movl	24(%esp),%ebx
-	movl	28(%esp),%ecx
-	movl	356(%esp),%edi
-	addl	16(%esi),%edx
-	addl	20(%esi),%eax
-	addl	24(%esi),%ebx
-	addl	28(%esi),%ecx
-	movl	%edx,16(%esi)
-	movl	%eax,20(%esi)
-	movl	%ebx,24(%esi)
-	movl	%ecx,28(%esi)
-	addl	$352,%esp
-	subl	$256,%ebp
-	cmpl	8(%esp),%edi
-	jb	.L002loop
-	movl	12(%esp),%esp
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align	64
-.L001K256:
-.long	1116352408,1899447441,3049323471,3921009573
-.long	961987163,1508970993,2453635748,2870763221
-.long	3624381080,310598401,607225278,1426881987
-.long	1925078388,2162078206,2614888103,3248222580
-.long	3835390401,4022224774,264347078,604807628
-.long	770255983,1249150122,1555081692,1996064986
-.long	2554220882,2821834349,2952996808,3210313671
-.long	3336571891,3584528711,113926993,338241895
-.long	666307205,773529912,1294757372,1396182291
-.long	1695183700,1986661051,2177026350,2456956037
-.long	2730485921,2820302411,3259730800,3345764771
-.long	3516065817,3600352804,4094571909,275423344
-.long	430227734,506948616,659060556,883997877
-.long	958139571,1322822218,1537002063,1747873779
-.long	1955562222,2024104815,2227730452,2361852424
-.long	2428436474,2756734187,3204031479,3329325298
-.size	sha256_block_data_order,.-.L_sha256_block_data_order_begin
-.byte	83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97
-.byte	110,115,102,111,114,109,32,102,111,114,32,120,56,54,44,32
-.byte	67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97
-.byte	112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103
-.byte	62,0
diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl
deleted file mode 100644
index 52a7c7f8a3..0000000000
--- a/crypto/sha/asm/sha256-586.pl
+++ /dev/null
@@ -1,249 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# SHA256 block transform for x86. September 2007.
-#
-# Performance in clock cycles per processed byte (less is better):
-#
-#		Pentium	PIII	P4	AMD K8	Core2
-# gcc		46	36	41	27	26
-# icc		57	33	38	25	23	
-# x86 asm	40	30	33	20	18
-# x86_64 asm(*)	-	-	21	16	16
-#
-# (*) x86_64 assembler performance is presented for reference
-#     purposes.
-#
-# Performance improvement over compiler generated code varies from
-# 10% to 40% [see above]. Not very impressive on some µ-archs, but
-# it's 5 times smaller and optimizies amount of writes.
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386");
-
-$A="eax";
-$E="edx";
-$T="ebx";
-$Aoff=&DWP(0,"esp");
-$Boff=&DWP(4,"esp");
-$Coff=&DWP(8,"esp");
-$Doff=&DWP(12,"esp");
-$Eoff=&DWP(16,"esp");
-$Foff=&DWP(20,"esp");
-$Goff=&DWP(24,"esp");
-$Hoff=&DWP(28,"esp");
-$Xoff=&DWP(32,"esp");
-$K256="ebp";
-
-sub BODY_00_15() {
-    my $in_16_63=shift;
-
-	&mov	("ecx",$E);
-	 &add	($T,"edi")			if ($in_16_63);	# T += sigma1(X[-2])
-	&ror	("ecx",25-11);
-	 &mov	("esi",$Foff);
-	&xor	("ecx",$E);
-	&ror	("ecx",11-6);
-	 &mov	(&DWP(4*(8+15),"esp"),$T)	if ($in_16_63);	# save X[0]
-	&xor	("ecx",$E);
-	&ror	("ecx",6);	# Sigma1(e)
-	 &mov	("edi",$Goff);
-	&add	($T,"ecx");	# T += Sigma1(e)
-
-	&xor	("esi","edi");
-	 &mov	($Eoff,$E);	# modulo-scheduled
-	 &mov	("ecx",$A);
-	&and	("esi",$E);
-	 &mov	($E,$Doff);	# e becomes d, which is e in next iteration
-	&xor	("esi","edi");	# Ch(e,f,g)
-	 &mov	("edi",$A);
-	&add	($T,"esi");	# T += Ch(e,f,g)
-
-	&ror	("ecx",22-13);
-	 &add	($T,$Hoff);	# T += h
-	&xor	("ecx",$A);
-	&ror	("ecx",13-2);
-	 &mov	("esi",$Boff);
-	&xor	("ecx",$A);
-	&ror	("ecx",2);	# Sigma0(a)
-	 &add	($E,$T);	# d += T
-	 &mov	("edi",$Coff);
-
-	&add	($T,"ecx");	# T += Sigma0(a)
-	 &mov	($Aoff,$A);	# modulo-scheduled
-
-	&mov	("ecx",$A);
-	 &sub	("esp",4);
-	&or	($A,"esi");	# a becomes h, which is a in next iteration
-	&and	("ecx","esi");
-	&and	($A,"edi");
-	 &mov	("esi",&DWP(0,$K256));
-	&or	($A,"ecx");	# h=Maj(a,b,c)
-
-	&add	($K256,4);
-	&add	($A,$T);	# h += T
-	 &mov	($T,&DWP(4*(8+15+16-1),"esp"))	if ($in_16_63);	# preload T
-	&add	($E,"esi");	# d += K256[i]
-	&add	($A,"esi");	# h += K256[i]
-}
-
-&function_begin("sha256_block_data_order");
-	&mov	("esi",wparam(0));	# ctx
-	&mov	("edi",wparam(1));	# inp
-	&mov	("eax",wparam(2));	# num
-	&mov	("ebx","esp");		# saved sp
-
-	&call	(&label("pic_point"));	# make it PIC!
-&set_label("pic_point");
-	&blindpop($K256);
-	&lea	($K256,&DWP(&label("K256")."-".&label("pic_point"),$K256));
-
-	&sub	("esp",16);
-	&and	("esp",-64);
-
-	&shl	("eax",6);
-	&add	("eax","edi");
-	&mov	(&DWP(0,"esp"),"esi");	# ctx
-	&mov	(&DWP(4,"esp"),"edi");	# inp
-	&mov	(&DWP(8,"esp"),"eax");	# inp+num*128
-	&mov	(&DWP(12,"esp"),"ebx");	# saved sp
-
-&set_label("loop",16);
-    # copy input block to stack reversing byte and dword order
-    for($i=0;$i<4;$i++) {
-	&mov	("eax",&DWP($i*16+0,"edi"));
-	&mov	("ebx",&DWP($i*16+4,"edi"));
-	&mov	("ecx",&DWP($i*16+8,"edi"));
-	&mov	("edx",&DWP($i*16+12,"edi"));
-	&bswap	("eax");
-	&bswap	("ebx");
-	&bswap	("ecx");
-	&bswap	("edx");
-	&push	("eax");
-	&push	("ebx");
-	&push	("ecx");
-	&push	("edx");
-    }
-	&add	("edi",64);
-	&sub	("esp",4*8);		# place for A,B,C,D,E,F,G,H
-	&mov	(&DWP(4*(8+16)+4,"esp"),"edi");
-
-	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
-	&mov	($A,&DWP(0,"esi"));
-	&mov	("ebx",&DWP(4,"esi"));
-	&mov	("ecx",&DWP(8,"esi"));
-	&mov	("edi",&DWP(12,"esi"));
-	# &mov	($Aoff,$A);
-	&mov	($Boff,"ebx");
-	&mov	($Coff,"ecx");
-	&mov	($Doff,"edi");
-	&mov	($E,&DWP(16,"esi"));	
-	&mov	("ebx",&DWP(20,"esi"));
-	&mov	("ecx",&DWP(24,"esi"));
-	&mov	("edi",&DWP(28,"esi"));
-	# &mov	($Eoff,$E);
-	&mov	($Foff,"ebx");
-	&mov	($Goff,"ecx");
-	&mov	($Hoff,"edi");
-
-&set_label("00_15",16);
-	&mov	($T,&DWP(4*(8+15),"esp"));
-
-	&BODY_00_15();
-
-	&cmp	("esi",0xc19bf174);
-	&jne	(&label("00_15"));
-
-	&mov	($T,&DWP(4*(8+15+16-1),"esp"));	# preloaded in BODY_00_15(1)
-&set_label("16_63",16);
-	&mov	("esi",$T);
-	 &mov	("ecx",&DWP(4*(8+15+16-14),"esp"));
-	&ror	("esi",18-7);
-	 &mov	("edi","ecx");
-	&xor	("esi",$T);
-	&ror	("esi",7);
-	&shr	($T,3);
-
-	&ror	("edi",19-17);
-	 &xor	($T,"esi");			# T = sigma0(X[-15])
-	&xor	("edi","ecx");
-	&ror	("edi",17);
-	&shr	("ecx",10);
-	 &add	($T,&DWP(4*(8+15+16),"esp"));	# T += X[-16]
-	&xor	("edi","ecx");			# sigma1(X[-2])
-
-	 &add	($T,&DWP(4*(8+15+16-9),"esp"));	# T += X[-7]
-	# &add	($T,"edi");			# T += sigma1(X[-2])
-	# &mov	(&DWP(4*(8+15),"esp"),$T);	# save X[0]
-
-	&BODY_00_15(1);
-
-	&cmp	("esi",0xc67178f2);
-	&jne	(&label("16_63"));
-
-	&mov	("esi",&DWP(4*(8+16+64)+0,"esp"));#ctx
-	# &mov	($A,$Aoff);
-	&mov	("ebx",$Boff);
-	&mov	("ecx",$Coff);
-	&mov	("edi",$Doff);
-	&add	($A,&DWP(0,"esi"));
-	&add	("ebx",&DWP(4,"esi"));
-	&add	("ecx",&DWP(8,"esi"));
-	&add	("edi",&DWP(12,"esi"));
-	&mov	(&DWP(0,"esi"),$A);
-	&mov	(&DWP(4,"esi"),"ebx");
-	&mov	(&DWP(8,"esi"),"ecx");
-	&mov	(&DWP(12,"esi"),"edi");
-	# &mov	($E,$Eoff);
-	&mov	("eax",$Foff);
-	&mov	("ebx",$Goff);
-	&mov	("ecx",$Hoff);
-	&mov	("edi",&DWP(4*(8+16+64)+4,"esp"));#inp
-	&add	($E,&DWP(16,"esi"));
-	&add	("eax",&DWP(20,"esi"));
-	&add	("ebx",&DWP(24,"esi"));
-	&add	("ecx",&DWP(28,"esi"));
-	&mov	(&DWP(16,"esi"),$E);
-	&mov	(&DWP(20,"esi"),"eax");
-	&mov	(&DWP(24,"esi"),"ebx");
-	&mov	(&DWP(28,"esi"),"ecx");
-
-	&add	("esp",4*(8+16+64));		# destroy frame
-	&sub	($K256,4*64);			# rewind K
-
-	&cmp	("edi",&DWP(8,"esp"));		# are we done yet?
-	&jb	(&label("loop"));
-
-	&mov	("esp",&DWP(12,"esp"));		# restore sp
-&function_end_A();
-
-&set_label("K256",64);	# Yes! I keep it in the code segment!
-	&data_word(0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5);
-	&data_word(0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5);
-	&data_word(0xd807aa98,0x12835b01,0x243185be,0x550c7dc3);
-	&data_word(0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174);
-	&data_word(0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc);
-	&data_word(0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da);
-	&data_word(0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7);
-	&data_word(0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967);
-	&data_word(0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13);
-	&data_word(0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85);
-	&data_word(0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3);
-	&data_word(0xd192e819,0xd6990624,0xf40e3585,0x106aa070);
-	&data_word(0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5);
-	&data_word(0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3);
-	&data_word(0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208);
-	&data_word(0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2);
-&function_end_B("sha256_block_data_order");
-&asciz("SHA256 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
-
-&asm_finish();
diff --git a/crypto/sha/asm/sha256-armv4.S b/crypto/sha/asm/sha256-armv4.S
deleted file mode 100644
index 853d7da59a..0000000000
--- a/crypto/sha/asm/sha256-armv4.S
+++ /dev/null
@@ -1,2690 +0,0 @@
-#include "arm_arch.h"
-
-.text
-.code	32
-
-.type	K256,%object
-.align	5
-K256:
-.word	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
-.word	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
-.word	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
-.word	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-.word	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
-.word	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
-.word	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-.word	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
-.word	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
-.word	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
-.word	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
-.word	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
-.word	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
-.word	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
-.word	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
-.word	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-.size	K256,.-K256
-.word	0				@ terminator
-.LOPENSSL_armcap:
-.word	OPENSSL_armcap_P-sha256_block_data_order
-.align	5
-
-.global	sha256_block_data_order
-.type	sha256_block_data_order,%function
-sha256_block_data_order:
-	sub	r3,pc,#8		@ sha256_block_data_order
-	add	r2,r1,r2,lsl#6	@ len to point at the end of inp
-#if __ARM_ARCH__>=7
-	ldr	r12,.LOPENSSL_armcap
-	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
-	tst	r12,#ARMV8_SHA256
-	bne	.LARMv8
-	tst	r12,#ARMV7_NEON
-	bne	.LNEON
-#endif
-	stmdb	sp!,{r0,r1,r2,r4-r11,lr}
-	ldmia	r0,{r4,r5,r6,r7,r8,r9,r10,r11}
-	sub	r14,r3,#256+32	@ K256
-	sub	sp,sp,#16*4		@ alloca(X[16])
-.Loop:
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r5,r6		@ magic
-	eor	r12,r12,r12
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 0
-# if 0==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r8,r8,ror#5
-	add	r4,r4,r12			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r8,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 0
-	add	r4,r4,r12			@ h+=Maj(a,b,c) from the past
-	ldrb	r12,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r12,lsl#8
-	ldrb	r12,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 0==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r8,r8,ror#5
-	orr	r2,r2,r12,lsl#24
-	eor	r0,r0,r8,ror#19	@ Sigma1(e)
-#endif
-	ldr	r12,[r14],#4			@ *K256++
-	add	r11,r11,r2			@ h+=X[i]
-	str	r2,[sp,#0*4]
-	eor	r2,r9,r10
-	add	r11,r11,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r8
-	add	r11,r11,r12			@ h+=K256[i]
-	eor	r2,r2,r10			@ Ch(e,f,g)
-	eor	r0,r4,r4,ror#11
-	add	r11,r11,r2			@ h+=Ch(e,f,g)
-#if 0==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 0<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r4,r5			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#2*4]		@ from future BODY_16_xx
-	eor	r12,r4,r5			@ a^b, b^c in next round
-	ldr	r1,[sp,#15*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r4,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r7,r7,r11			@ d+=h
-	eor	r3,r3,r5			@ Maj(a,b,c)
-	add	r11,r11,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r11,r11,r3			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 1
-# if 1==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r7,r7,ror#5
-	add	r11,r11,r3			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r7,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 1
-	add	r11,r11,r3			@ h+=Maj(a,b,c) from the past
-	ldrb	r3,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r3,lsl#8
-	ldrb	r3,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 1==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r7,r7,ror#5
-	orr	r2,r2,r3,lsl#24
-	eor	r0,r0,r7,ror#19	@ Sigma1(e)
-#endif
-	ldr	r3,[r14],#4			@ *K256++
-	add	r10,r10,r2			@ h+=X[i]
-	str	r2,[sp,#1*4]
-	eor	r2,r8,r9
-	add	r10,r10,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r7
-	add	r10,r10,r3			@ h+=K256[i]
-	eor	r2,r2,r9			@ Ch(e,f,g)
-	eor	r0,r11,r11,ror#11
-	add	r10,r10,r2			@ h+=Ch(e,f,g)
-#if 1==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 1<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r11,r4			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#3*4]		@ from future BODY_16_xx
-	eor	r3,r11,r4			@ a^b, b^c in next round
-	ldr	r1,[sp,#0*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r11,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r6,r6,r10			@ d+=h
-	eor	r12,r12,r4			@ Maj(a,b,c)
-	add	r10,r10,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r10,r10,r12			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 2
-# if 2==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r6,r6,ror#5
-	add	r10,r10,r12			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r6,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 2
-	add	r10,r10,r12			@ h+=Maj(a,b,c) from the past
-	ldrb	r12,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r12,lsl#8
-	ldrb	r12,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 2==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r6,r6,ror#5
-	orr	r2,r2,r12,lsl#24
-	eor	r0,r0,r6,ror#19	@ Sigma1(e)
-#endif
-	ldr	r12,[r14],#4			@ *K256++
-	add	r9,r9,r2			@ h+=X[i]
-	str	r2,[sp,#2*4]
-	eor	r2,r7,r8
-	add	r9,r9,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r6
-	add	r9,r9,r12			@ h+=K256[i]
-	eor	r2,r2,r8			@ Ch(e,f,g)
-	eor	r0,r10,r10,ror#11
-	add	r9,r9,r2			@ h+=Ch(e,f,g)
-#if 2==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 2<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r10,r11			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#4*4]		@ from future BODY_16_xx
-	eor	r12,r10,r11			@ a^b, b^c in next round
-	ldr	r1,[sp,#1*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r10,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r5,r5,r9			@ d+=h
-	eor	r3,r3,r11			@ Maj(a,b,c)
-	add	r9,r9,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r9,r9,r3			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 3
-# if 3==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r5,r5,ror#5
-	add	r9,r9,r3			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r5,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 3
-	add	r9,r9,r3			@ h+=Maj(a,b,c) from the past
-	ldrb	r3,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r3,lsl#8
-	ldrb	r3,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 3==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r5,r5,ror#5
-	orr	r2,r2,r3,lsl#24
-	eor	r0,r0,r5,ror#19	@ Sigma1(e)
-#endif
-	ldr	r3,[r14],#4			@ *K256++
-	add	r8,r8,r2			@ h+=X[i]
-	str	r2,[sp,#3*4]
-	eor	r2,r6,r7
-	add	r8,r8,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r5
-	add	r8,r8,r3			@ h+=K256[i]
-	eor	r2,r2,r7			@ Ch(e,f,g)
-	eor	r0,r9,r9,ror#11
-	add	r8,r8,r2			@ h+=Ch(e,f,g)
-#if 3==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 3<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r9,r10			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#5*4]		@ from future BODY_16_xx
-	eor	r3,r9,r10			@ a^b, b^c in next round
-	ldr	r1,[sp,#2*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r9,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r4,r4,r8			@ d+=h
-	eor	r12,r12,r10			@ Maj(a,b,c)
-	add	r8,r8,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r8,r8,r12			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 4
-# if 4==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r4,r4,ror#5
-	add	r8,r8,r12			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r4,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 4
-	add	r8,r8,r12			@ h+=Maj(a,b,c) from the past
-	ldrb	r12,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r12,lsl#8
-	ldrb	r12,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 4==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r4,r4,ror#5
-	orr	r2,r2,r12,lsl#24
-	eor	r0,r0,r4,ror#19	@ Sigma1(e)
-#endif
-	ldr	r12,[r14],#4			@ *K256++
-	add	r7,r7,r2			@ h+=X[i]
-	str	r2,[sp,#4*4]
-	eor	r2,r5,r6
-	add	r7,r7,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r4
-	add	r7,r7,r12			@ h+=K256[i]
-	eor	r2,r2,r6			@ Ch(e,f,g)
-	eor	r0,r8,r8,ror#11
-	add	r7,r7,r2			@ h+=Ch(e,f,g)
-#if 4==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 4<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r8,r9			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#6*4]		@ from future BODY_16_xx
-	eor	r12,r8,r9			@ a^b, b^c in next round
-	ldr	r1,[sp,#3*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r8,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r11,r11,r7			@ d+=h
-	eor	r3,r3,r9			@ Maj(a,b,c)
-	add	r7,r7,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r7,r7,r3			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 5
-# if 5==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r11,r11,ror#5
-	add	r7,r7,r3			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r11,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 5
-	add	r7,r7,r3			@ h+=Maj(a,b,c) from the past
-	ldrb	r3,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r3,lsl#8
-	ldrb	r3,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 5==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r11,r11,ror#5
-	orr	r2,r2,r3,lsl#24
-	eor	r0,r0,r11,ror#19	@ Sigma1(e)
-#endif
-	ldr	r3,[r14],#4			@ *K256++
-	add	r6,r6,r2			@ h+=X[i]
-	str	r2,[sp,#5*4]
-	eor	r2,r4,r5
-	add	r6,r6,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r11
-	add	r6,r6,r3			@ h+=K256[i]
-	eor	r2,r2,r5			@ Ch(e,f,g)
-	eor	r0,r7,r7,ror#11
-	add	r6,r6,r2			@ h+=Ch(e,f,g)
-#if 5==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 5<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r7,r8			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#7*4]		@ from future BODY_16_xx
-	eor	r3,r7,r8			@ a^b, b^c in next round
-	ldr	r1,[sp,#4*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r7,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r10,r10,r6			@ d+=h
-	eor	r12,r12,r8			@ Maj(a,b,c)
-	add	r6,r6,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r6,r6,r12			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 6
-# if 6==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r10,r10,ror#5
-	add	r6,r6,r12			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r10,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 6
-	add	r6,r6,r12			@ h+=Maj(a,b,c) from the past
-	ldrb	r12,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r12,lsl#8
-	ldrb	r12,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 6==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r10,r10,ror#5
-	orr	r2,r2,r12,lsl#24
-	eor	r0,r0,r10,ror#19	@ Sigma1(e)
-#endif
-	ldr	r12,[r14],#4			@ *K256++
-	add	r5,r5,r2			@ h+=X[i]
-	str	r2,[sp,#6*4]
-	eor	r2,r11,r4
-	add	r5,r5,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r10
-	add	r5,r5,r12			@ h+=K256[i]
-	eor	r2,r2,r4			@ Ch(e,f,g)
-	eor	r0,r6,r6,ror#11
-	add	r5,r5,r2			@ h+=Ch(e,f,g)
-#if 6==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 6<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r6,r7			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#8*4]		@ from future BODY_16_xx
-	eor	r12,r6,r7			@ a^b, b^c in next round
-	ldr	r1,[sp,#5*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r6,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r9,r9,r5			@ d+=h
-	eor	r3,r3,r7			@ Maj(a,b,c)
-	add	r5,r5,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r5,r5,r3			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 7
-# if 7==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r9,r9,ror#5
-	add	r5,r5,r3			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r9,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 7
-	add	r5,r5,r3			@ h+=Maj(a,b,c) from the past
-	ldrb	r3,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r3,lsl#8
-	ldrb	r3,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 7==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r9,r9,ror#5
-	orr	r2,r2,r3,lsl#24
-	eor	r0,r0,r9,ror#19	@ Sigma1(e)
-#endif
-	ldr	r3,[r14],#4			@ *K256++
-	add	r4,r4,r2			@ h+=X[i]
-	str	r2,[sp,#7*4]
-	eor	r2,r10,r11
-	add	r4,r4,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r9
-	add	r4,r4,r3			@ h+=K256[i]
-	eor	r2,r2,r11			@ Ch(e,f,g)
-	eor	r0,r5,r5,ror#11
-	add	r4,r4,r2			@ h+=Ch(e,f,g)
-#if 7==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 7<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r5,r6			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#9*4]		@ from future BODY_16_xx
-	eor	r3,r5,r6			@ a^b, b^c in next round
-	ldr	r1,[sp,#6*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r5,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r8,r8,r4			@ d+=h
-	eor	r12,r12,r6			@ Maj(a,b,c)
-	add	r4,r4,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r4,r4,r12			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 8
-# if 8==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r8,r8,ror#5
-	add	r4,r4,r12			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r8,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 8
-	add	r4,r4,r12			@ h+=Maj(a,b,c) from the past
-	ldrb	r12,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r12,lsl#8
-	ldrb	r12,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 8==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r8,r8,ror#5
-	orr	r2,r2,r12,lsl#24
-	eor	r0,r0,r8,ror#19	@ Sigma1(e)
-#endif
-	ldr	r12,[r14],#4			@ *K256++
-	add	r11,r11,r2			@ h+=X[i]
-	str	r2,[sp,#8*4]
-	eor	r2,r9,r10
-	add	r11,r11,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r8
-	add	r11,r11,r12			@ h+=K256[i]
-	eor	r2,r2,r10			@ Ch(e,f,g)
-	eor	r0,r4,r4,ror#11
-	add	r11,r11,r2			@ h+=Ch(e,f,g)
-#if 8==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 8<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r4,r5			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#10*4]		@ from future BODY_16_xx
-	eor	r12,r4,r5			@ a^b, b^c in next round
-	ldr	r1,[sp,#7*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r4,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r7,r7,r11			@ d+=h
-	eor	r3,r3,r5			@ Maj(a,b,c)
-	add	r11,r11,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r11,r11,r3			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 9
-# if 9==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r7,r7,ror#5
-	add	r11,r11,r3			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r7,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 9
-	add	r11,r11,r3			@ h+=Maj(a,b,c) from the past
-	ldrb	r3,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r3,lsl#8
-	ldrb	r3,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 9==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r7,r7,ror#5
-	orr	r2,r2,r3,lsl#24
-	eor	r0,r0,r7,ror#19	@ Sigma1(e)
-#endif
-	ldr	r3,[r14],#4			@ *K256++
-	add	r10,r10,r2			@ h+=X[i]
-	str	r2,[sp,#9*4]
-	eor	r2,r8,r9
-	add	r10,r10,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r7
-	add	r10,r10,r3			@ h+=K256[i]
-	eor	r2,r2,r9			@ Ch(e,f,g)
-	eor	r0,r11,r11,ror#11
-	add	r10,r10,r2			@ h+=Ch(e,f,g)
-#if 9==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 9<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r11,r4			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#11*4]		@ from future BODY_16_xx
-	eor	r3,r11,r4			@ a^b, b^c in next round
-	ldr	r1,[sp,#8*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r11,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r6,r6,r10			@ d+=h
-	eor	r12,r12,r4			@ Maj(a,b,c)
-	add	r10,r10,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r10,r10,r12			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 10
-# if 10==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r6,r6,ror#5
-	add	r10,r10,r12			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r6,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 10
-	add	r10,r10,r12			@ h+=Maj(a,b,c) from the past
-	ldrb	r12,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r12,lsl#8
-	ldrb	r12,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 10==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r6,r6,ror#5
-	orr	r2,r2,r12,lsl#24
-	eor	r0,r0,r6,ror#19	@ Sigma1(e)
-#endif
-	ldr	r12,[r14],#4			@ *K256++
-	add	r9,r9,r2			@ h+=X[i]
-	str	r2,[sp,#10*4]
-	eor	r2,r7,r8
-	add	r9,r9,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r6
-	add	r9,r9,r12			@ h+=K256[i]
-	eor	r2,r2,r8			@ Ch(e,f,g)
-	eor	r0,r10,r10,ror#11
-	add	r9,r9,r2			@ h+=Ch(e,f,g)
-#if 10==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 10<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r10,r11			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#12*4]		@ from future BODY_16_xx
-	eor	r12,r10,r11			@ a^b, b^c in next round
-	ldr	r1,[sp,#9*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r10,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r5,r5,r9			@ d+=h
-	eor	r3,r3,r11			@ Maj(a,b,c)
-	add	r9,r9,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r9,r9,r3			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 11
-# if 11==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r5,r5,ror#5
-	add	r9,r9,r3			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r5,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 11
-	add	r9,r9,r3			@ h+=Maj(a,b,c) from the past
-	ldrb	r3,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r3,lsl#8
-	ldrb	r3,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 11==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r5,r5,ror#5
-	orr	r2,r2,r3,lsl#24
-	eor	r0,r0,r5,ror#19	@ Sigma1(e)
-#endif
-	ldr	r3,[r14],#4			@ *K256++
-	add	r8,r8,r2			@ h+=X[i]
-	str	r2,[sp,#11*4]
-	eor	r2,r6,r7
-	add	r8,r8,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r5
-	add	r8,r8,r3			@ h+=K256[i]
-	eor	r2,r2,r7			@ Ch(e,f,g)
-	eor	r0,r9,r9,ror#11
-	add	r8,r8,r2			@ h+=Ch(e,f,g)
-#if 11==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 11<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r9,r10			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#13*4]		@ from future BODY_16_xx
-	eor	r3,r9,r10			@ a^b, b^c in next round
-	ldr	r1,[sp,#10*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r9,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r4,r4,r8			@ d+=h
-	eor	r12,r12,r10			@ Maj(a,b,c)
-	add	r8,r8,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r8,r8,r12			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 12
-# if 12==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r4,r4,ror#5
-	add	r8,r8,r12			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r4,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 12
-	add	r8,r8,r12			@ h+=Maj(a,b,c) from the past
-	ldrb	r12,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r12,lsl#8
-	ldrb	r12,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 12==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r4,r4,ror#5
-	orr	r2,r2,r12,lsl#24
-	eor	r0,r0,r4,ror#19	@ Sigma1(e)
-#endif
-	ldr	r12,[r14],#4			@ *K256++
-	add	r7,r7,r2			@ h+=X[i]
-	str	r2,[sp,#12*4]
-	eor	r2,r5,r6
-	add	r7,r7,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r4
-	add	r7,r7,r12			@ h+=K256[i]
-	eor	r2,r2,r6			@ Ch(e,f,g)
-	eor	r0,r8,r8,ror#11
-	add	r7,r7,r2			@ h+=Ch(e,f,g)
-#if 12==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 12<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r8,r9			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#14*4]		@ from future BODY_16_xx
-	eor	r12,r8,r9			@ a^b, b^c in next round
-	ldr	r1,[sp,#11*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r8,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r11,r11,r7			@ d+=h
-	eor	r3,r3,r9			@ Maj(a,b,c)
-	add	r7,r7,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r7,r7,r3			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 13
-# if 13==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r11,r11,ror#5
-	add	r7,r7,r3			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r11,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 13
-	add	r7,r7,r3			@ h+=Maj(a,b,c) from the past
-	ldrb	r3,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r3,lsl#8
-	ldrb	r3,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 13==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r11,r11,ror#5
-	orr	r2,r2,r3,lsl#24
-	eor	r0,r0,r11,ror#19	@ Sigma1(e)
-#endif
-	ldr	r3,[r14],#4			@ *K256++
-	add	r6,r6,r2			@ h+=X[i]
-	str	r2,[sp,#13*4]
-	eor	r2,r4,r5
-	add	r6,r6,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r11
-	add	r6,r6,r3			@ h+=K256[i]
-	eor	r2,r2,r5			@ Ch(e,f,g)
-	eor	r0,r7,r7,ror#11
-	add	r6,r6,r2			@ h+=Ch(e,f,g)
-#if 13==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 13<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r7,r8			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#15*4]		@ from future BODY_16_xx
-	eor	r3,r7,r8			@ a^b, b^c in next round
-	ldr	r1,[sp,#12*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r7,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r10,r10,r6			@ d+=h
-	eor	r12,r12,r8			@ Maj(a,b,c)
-	add	r6,r6,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r6,r6,r12			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 14
-# if 14==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r10,r10,ror#5
-	add	r6,r6,r12			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r10,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 14
-	add	r6,r6,r12			@ h+=Maj(a,b,c) from the past
-	ldrb	r12,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r12,lsl#8
-	ldrb	r12,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 14==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r10,r10,ror#5
-	orr	r2,r2,r12,lsl#24
-	eor	r0,r0,r10,ror#19	@ Sigma1(e)
-#endif
-	ldr	r12,[r14],#4			@ *K256++
-	add	r5,r5,r2			@ h+=X[i]
-	str	r2,[sp,#14*4]
-	eor	r2,r11,r4
-	add	r5,r5,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r10
-	add	r5,r5,r12			@ h+=K256[i]
-	eor	r2,r2,r4			@ Ch(e,f,g)
-	eor	r0,r6,r6,ror#11
-	add	r5,r5,r2			@ h+=Ch(e,f,g)
-#if 14==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 14<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r6,r7			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#0*4]		@ from future BODY_16_xx
-	eor	r12,r6,r7			@ a^b, b^c in next round
-	ldr	r1,[sp,#13*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r6,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r9,r9,r5			@ d+=h
-	eor	r3,r3,r7			@ Maj(a,b,c)
-	add	r5,r5,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r5,r5,r3			@ h+=Maj(a,b,c)
-#if __ARM_ARCH__>=7
-	@ ldr	r2,[r1],#4			@ 15
-# if 15==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r9,r9,ror#5
-	add	r5,r5,r3			@ h+=Maj(a,b,c) from the past
-	eor	r0,r0,r9,ror#19	@ Sigma1(e)
-	rev	r2,r2
-#else
-	@ ldrb	r2,[r1,#3]			@ 15
-	add	r5,r5,r3			@ h+=Maj(a,b,c) from the past
-	ldrb	r3,[r1,#2]
-	ldrb	r0,[r1,#1]
-	orr	r2,r2,r3,lsl#8
-	ldrb	r3,[r1],#4
-	orr	r2,r2,r0,lsl#16
-# if 15==15
-	str	r1,[sp,#17*4]			@ make room for r1
-# endif
-	eor	r0,r9,r9,ror#5
-	orr	r2,r2,r3,lsl#24
-	eor	r0,r0,r9,ror#19	@ Sigma1(e)
-#endif
-	ldr	r3,[r14],#4			@ *K256++
-	add	r4,r4,r2			@ h+=X[i]
-	str	r2,[sp,#15*4]
-	eor	r2,r10,r11
-	add	r4,r4,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r9
-	add	r4,r4,r3			@ h+=K256[i]
-	eor	r2,r2,r11			@ Ch(e,f,g)
-	eor	r0,r5,r5,ror#11
-	add	r4,r4,r2			@ h+=Ch(e,f,g)
-#if 15==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 15<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r5,r6			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#1*4]		@ from future BODY_16_xx
-	eor	r3,r5,r6			@ a^b, b^c in next round
-	ldr	r1,[sp,#14*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r5,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r8,r8,r4			@ d+=h
-	eor	r12,r12,r6			@ Maj(a,b,c)
-	add	r4,r4,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r4,r4,r12			@ h+=Maj(a,b,c)
-.Lrounds_16_xx:
-	@ ldr	r2,[sp,#1*4]		@ 16
-	@ ldr	r1,[sp,#14*4]
-	mov	r0,r2,ror#7
-	add	r4,r4,r12			@ h+=Maj(a,b,c) from the past
-	mov	r12,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r12,r12,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#0*4]
-	eor	r12,r12,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#9*4]
-
-	add	r12,r12,r0
-	eor	r0,r8,r8,ror#5	@ from BODY_00_15
-	add	r2,r2,r12
-	eor	r0,r0,r8,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r12,[r14],#4			@ *K256++
-	add	r11,r11,r2			@ h+=X[i]
-	str	r2,[sp,#0*4]
-	eor	r2,r9,r10
-	add	r11,r11,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r8
-	add	r11,r11,r12			@ h+=K256[i]
-	eor	r2,r2,r10			@ Ch(e,f,g)
-	eor	r0,r4,r4,ror#11
-	add	r11,r11,r2			@ h+=Ch(e,f,g)
-#if 16==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 16<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r4,r5			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#2*4]		@ from future BODY_16_xx
-	eor	r12,r4,r5			@ a^b, b^c in next round
-	ldr	r1,[sp,#15*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r4,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r7,r7,r11			@ d+=h
-	eor	r3,r3,r5			@ Maj(a,b,c)
-	add	r11,r11,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r11,r11,r3			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#2*4]		@ 17
-	@ ldr	r1,[sp,#15*4]
-	mov	r0,r2,ror#7
-	add	r11,r11,r3			@ h+=Maj(a,b,c) from the past
-	mov	r3,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r3,r3,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#1*4]
-	eor	r3,r3,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#10*4]
-
-	add	r3,r3,r0
-	eor	r0,r7,r7,ror#5	@ from BODY_00_15
-	add	r2,r2,r3
-	eor	r0,r0,r7,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r3,[r14],#4			@ *K256++
-	add	r10,r10,r2			@ h+=X[i]
-	str	r2,[sp,#1*4]
-	eor	r2,r8,r9
-	add	r10,r10,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r7
-	add	r10,r10,r3			@ h+=K256[i]
-	eor	r2,r2,r9			@ Ch(e,f,g)
-	eor	r0,r11,r11,ror#11
-	add	r10,r10,r2			@ h+=Ch(e,f,g)
-#if 17==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 17<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r11,r4			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#3*4]		@ from future BODY_16_xx
-	eor	r3,r11,r4			@ a^b, b^c in next round
-	ldr	r1,[sp,#0*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r11,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r6,r6,r10			@ d+=h
-	eor	r12,r12,r4			@ Maj(a,b,c)
-	add	r10,r10,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r10,r10,r12			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#3*4]		@ 18
-	@ ldr	r1,[sp,#0*4]
-	mov	r0,r2,ror#7
-	add	r10,r10,r12			@ h+=Maj(a,b,c) from the past
-	mov	r12,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r12,r12,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#2*4]
-	eor	r12,r12,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#11*4]
-
-	add	r12,r12,r0
-	eor	r0,r6,r6,ror#5	@ from BODY_00_15
-	add	r2,r2,r12
-	eor	r0,r0,r6,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r12,[r14],#4			@ *K256++
-	add	r9,r9,r2			@ h+=X[i]
-	str	r2,[sp,#2*4]
-	eor	r2,r7,r8
-	add	r9,r9,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r6
-	add	r9,r9,r12			@ h+=K256[i]
-	eor	r2,r2,r8			@ Ch(e,f,g)
-	eor	r0,r10,r10,ror#11
-	add	r9,r9,r2			@ h+=Ch(e,f,g)
-#if 18==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 18<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r10,r11			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#4*4]		@ from future BODY_16_xx
-	eor	r12,r10,r11			@ a^b, b^c in next round
-	ldr	r1,[sp,#1*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r10,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r5,r5,r9			@ d+=h
-	eor	r3,r3,r11			@ Maj(a,b,c)
-	add	r9,r9,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r9,r9,r3			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#4*4]		@ 19
-	@ ldr	r1,[sp,#1*4]
-	mov	r0,r2,ror#7
-	add	r9,r9,r3			@ h+=Maj(a,b,c) from the past
-	mov	r3,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r3,r3,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#3*4]
-	eor	r3,r3,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#12*4]
-
-	add	r3,r3,r0
-	eor	r0,r5,r5,ror#5	@ from BODY_00_15
-	add	r2,r2,r3
-	eor	r0,r0,r5,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r3,[r14],#4			@ *K256++
-	add	r8,r8,r2			@ h+=X[i]
-	str	r2,[sp,#3*4]
-	eor	r2,r6,r7
-	add	r8,r8,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r5
-	add	r8,r8,r3			@ h+=K256[i]
-	eor	r2,r2,r7			@ Ch(e,f,g)
-	eor	r0,r9,r9,ror#11
-	add	r8,r8,r2			@ h+=Ch(e,f,g)
-#if 19==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 19<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r9,r10			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#5*4]		@ from future BODY_16_xx
-	eor	r3,r9,r10			@ a^b, b^c in next round
-	ldr	r1,[sp,#2*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r9,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r4,r4,r8			@ d+=h
-	eor	r12,r12,r10			@ Maj(a,b,c)
-	add	r8,r8,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r8,r8,r12			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#5*4]		@ 20
-	@ ldr	r1,[sp,#2*4]
-	mov	r0,r2,ror#7
-	add	r8,r8,r12			@ h+=Maj(a,b,c) from the past
-	mov	r12,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r12,r12,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#4*4]
-	eor	r12,r12,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#13*4]
-
-	add	r12,r12,r0
-	eor	r0,r4,r4,ror#5	@ from BODY_00_15
-	add	r2,r2,r12
-	eor	r0,r0,r4,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r12,[r14],#4			@ *K256++
-	add	r7,r7,r2			@ h+=X[i]
-	str	r2,[sp,#4*4]
-	eor	r2,r5,r6
-	add	r7,r7,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r4
-	add	r7,r7,r12			@ h+=K256[i]
-	eor	r2,r2,r6			@ Ch(e,f,g)
-	eor	r0,r8,r8,ror#11
-	add	r7,r7,r2			@ h+=Ch(e,f,g)
-#if 20==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 20<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r8,r9			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#6*4]		@ from future BODY_16_xx
-	eor	r12,r8,r9			@ a^b, b^c in next round
-	ldr	r1,[sp,#3*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r8,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r11,r11,r7			@ d+=h
-	eor	r3,r3,r9			@ Maj(a,b,c)
-	add	r7,r7,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r7,r7,r3			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#6*4]		@ 21
-	@ ldr	r1,[sp,#3*4]
-	mov	r0,r2,ror#7
-	add	r7,r7,r3			@ h+=Maj(a,b,c) from the past
-	mov	r3,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r3,r3,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#5*4]
-	eor	r3,r3,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#14*4]
-
-	add	r3,r3,r0
-	eor	r0,r11,r11,ror#5	@ from BODY_00_15
-	add	r2,r2,r3
-	eor	r0,r0,r11,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r3,[r14],#4			@ *K256++
-	add	r6,r6,r2			@ h+=X[i]
-	str	r2,[sp,#5*4]
-	eor	r2,r4,r5
-	add	r6,r6,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r11
-	add	r6,r6,r3			@ h+=K256[i]
-	eor	r2,r2,r5			@ Ch(e,f,g)
-	eor	r0,r7,r7,ror#11
-	add	r6,r6,r2			@ h+=Ch(e,f,g)
-#if 21==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 21<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r7,r8			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#7*4]		@ from future BODY_16_xx
-	eor	r3,r7,r8			@ a^b, b^c in next round
-	ldr	r1,[sp,#4*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r7,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r10,r10,r6			@ d+=h
-	eor	r12,r12,r8			@ Maj(a,b,c)
-	add	r6,r6,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r6,r6,r12			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#7*4]		@ 22
-	@ ldr	r1,[sp,#4*4]
-	mov	r0,r2,ror#7
-	add	r6,r6,r12			@ h+=Maj(a,b,c) from the past
-	mov	r12,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r12,r12,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#6*4]
-	eor	r12,r12,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#15*4]
-
-	add	r12,r12,r0
-	eor	r0,r10,r10,ror#5	@ from BODY_00_15
-	add	r2,r2,r12
-	eor	r0,r0,r10,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r12,[r14],#4			@ *K256++
-	add	r5,r5,r2			@ h+=X[i]
-	str	r2,[sp,#6*4]
-	eor	r2,r11,r4
-	add	r5,r5,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r10
-	add	r5,r5,r12			@ h+=K256[i]
-	eor	r2,r2,r4			@ Ch(e,f,g)
-	eor	r0,r6,r6,ror#11
-	add	r5,r5,r2			@ h+=Ch(e,f,g)
-#if 22==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 22<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r6,r7			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#8*4]		@ from future BODY_16_xx
-	eor	r12,r6,r7			@ a^b, b^c in next round
-	ldr	r1,[sp,#5*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r6,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r9,r9,r5			@ d+=h
-	eor	r3,r3,r7			@ Maj(a,b,c)
-	add	r5,r5,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r5,r5,r3			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#8*4]		@ 23
-	@ ldr	r1,[sp,#5*4]
-	mov	r0,r2,ror#7
-	add	r5,r5,r3			@ h+=Maj(a,b,c) from the past
-	mov	r3,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r3,r3,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#7*4]
-	eor	r3,r3,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#0*4]
-
-	add	r3,r3,r0
-	eor	r0,r9,r9,ror#5	@ from BODY_00_15
-	add	r2,r2,r3
-	eor	r0,r0,r9,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r3,[r14],#4			@ *K256++
-	add	r4,r4,r2			@ h+=X[i]
-	str	r2,[sp,#7*4]
-	eor	r2,r10,r11
-	add	r4,r4,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r9
-	add	r4,r4,r3			@ h+=K256[i]
-	eor	r2,r2,r11			@ Ch(e,f,g)
-	eor	r0,r5,r5,ror#11
-	add	r4,r4,r2			@ h+=Ch(e,f,g)
-#if 23==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 23<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r5,r6			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#9*4]		@ from future BODY_16_xx
-	eor	r3,r5,r6			@ a^b, b^c in next round
-	ldr	r1,[sp,#6*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r5,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r8,r8,r4			@ d+=h
-	eor	r12,r12,r6			@ Maj(a,b,c)
-	add	r4,r4,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r4,r4,r12			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#9*4]		@ 24
-	@ ldr	r1,[sp,#6*4]
-	mov	r0,r2,ror#7
-	add	r4,r4,r12			@ h+=Maj(a,b,c) from the past
-	mov	r12,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r12,r12,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#8*4]
-	eor	r12,r12,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#1*4]
-
-	add	r12,r12,r0
-	eor	r0,r8,r8,ror#5	@ from BODY_00_15
-	add	r2,r2,r12
-	eor	r0,r0,r8,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r12,[r14],#4			@ *K256++
-	add	r11,r11,r2			@ h+=X[i]
-	str	r2,[sp,#8*4]
-	eor	r2,r9,r10
-	add	r11,r11,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r8
-	add	r11,r11,r12			@ h+=K256[i]
-	eor	r2,r2,r10			@ Ch(e,f,g)
-	eor	r0,r4,r4,ror#11
-	add	r11,r11,r2			@ h+=Ch(e,f,g)
-#if 24==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 24<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r4,r5			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#10*4]		@ from future BODY_16_xx
-	eor	r12,r4,r5			@ a^b, b^c in next round
-	ldr	r1,[sp,#7*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r4,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r7,r7,r11			@ d+=h
-	eor	r3,r3,r5			@ Maj(a,b,c)
-	add	r11,r11,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r11,r11,r3			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#10*4]		@ 25
-	@ ldr	r1,[sp,#7*4]
-	mov	r0,r2,ror#7
-	add	r11,r11,r3			@ h+=Maj(a,b,c) from the past
-	mov	r3,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r3,r3,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#9*4]
-	eor	r3,r3,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#2*4]
-
-	add	r3,r3,r0
-	eor	r0,r7,r7,ror#5	@ from BODY_00_15
-	add	r2,r2,r3
-	eor	r0,r0,r7,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r3,[r14],#4			@ *K256++
-	add	r10,r10,r2			@ h+=X[i]
-	str	r2,[sp,#9*4]
-	eor	r2,r8,r9
-	add	r10,r10,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r7
-	add	r10,r10,r3			@ h+=K256[i]
-	eor	r2,r2,r9			@ Ch(e,f,g)
-	eor	r0,r11,r11,ror#11
-	add	r10,r10,r2			@ h+=Ch(e,f,g)
-#if 25==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 25<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r11,r4			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#11*4]		@ from future BODY_16_xx
-	eor	r3,r11,r4			@ a^b, b^c in next round
-	ldr	r1,[sp,#8*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r11,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r6,r6,r10			@ d+=h
-	eor	r12,r12,r4			@ Maj(a,b,c)
-	add	r10,r10,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r10,r10,r12			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#11*4]		@ 26
-	@ ldr	r1,[sp,#8*4]
-	mov	r0,r2,ror#7
-	add	r10,r10,r12			@ h+=Maj(a,b,c) from the past
-	mov	r12,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r12,r12,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#10*4]
-	eor	r12,r12,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#3*4]
-
-	add	r12,r12,r0
-	eor	r0,r6,r6,ror#5	@ from BODY_00_15
-	add	r2,r2,r12
-	eor	r0,r0,r6,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r12,[r14],#4			@ *K256++
-	add	r9,r9,r2			@ h+=X[i]
-	str	r2,[sp,#10*4]
-	eor	r2,r7,r8
-	add	r9,r9,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r6
-	add	r9,r9,r12			@ h+=K256[i]
-	eor	r2,r2,r8			@ Ch(e,f,g)
-	eor	r0,r10,r10,ror#11
-	add	r9,r9,r2			@ h+=Ch(e,f,g)
-#if 26==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 26<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r10,r11			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#12*4]		@ from future BODY_16_xx
-	eor	r12,r10,r11			@ a^b, b^c in next round
-	ldr	r1,[sp,#9*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r10,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r5,r5,r9			@ d+=h
-	eor	r3,r3,r11			@ Maj(a,b,c)
-	add	r9,r9,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r9,r9,r3			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#12*4]		@ 27
-	@ ldr	r1,[sp,#9*4]
-	mov	r0,r2,ror#7
-	add	r9,r9,r3			@ h+=Maj(a,b,c) from the past
-	mov	r3,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r3,r3,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#11*4]
-	eor	r3,r3,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#4*4]
-
-	add	r3,r3,r0
-	eor	r0,r5,r5,ror#5	@ from BODY_00_15
-	add	r2,r2,r3
-	eor	r0,r0,r5,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r3,[r14],#4			@ *K256++
-	add	r8,r8,r2			@ h+=X[i]
-	str	r2,[sp,#11*4]
-	eor	r2,r6,r7
-	add	r8,r8,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r5
-	add	r8,r8,r3			@ h+=K256[i]
-	eor	r2,r2,r7			@ Ch(e,f,g)
-	eor	r0,r9,r9,ror#11
-	add	r8,r8,r2			@ h+=Ch(e,f,g)
-#if 27==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 27<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r9,r10			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#13*4]		@ from future BODY_16_xx
-	eor	r3,r9,r10			@ a^b, b^c in next round
-	ldr	r1,[sp,#10*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r9,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r4,r4,r8			@ d+=h
-	eor	r12,r12,r10			@ Maj(a,b,c)
-	add	r8,r8,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r8,r8,r12			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#13*4]		@ 28
-	@ ldr	r1,[sp,#10*4]
-	mov	r0,r2,ror#7
-	add	r8,r8,r12			@ h+=Maj(a,b,c) from the past
-	mov	r12,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r12,r12,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#12*4]
-	eor	r12,r12,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#5*4]
-
-	add	r12,r12,r0
-	eor	r0,r4,r4,ror#5	@ from BODY_00_15
-	add	r2,r2,r12
-	eor	r0,r0,r4,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r12,[r14],#4			@ *K256++
-	add	r7,r7,r2			@ h+=X[i]
-	str	r2,[sp,#12*4]
-	eor	r2,r5,r6
-	add	r7,r7,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r4
-	add	r7,r7,r12			@ h+=K256[i]
-	eor	r2,r2,r6			@ Ch(e,f,g)
-	eor	r0,r8,r8,ror#11
-	add	r7,r7,r2			@ h+=Ch(e,f,g)
-#if 28==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 28<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r8,r9			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#14*4]		@ from future BODY_16_xx
-	eor	r12,r8,r9			@ a^b, b^c in next round
-	ldr	r1,[sp,#11*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r8,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r11,r11,r7			@ d+=h
-	eor	r3,r3,r9			@ Maj(a,b,c)
-	add	r7,r7,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r7,r7,r3			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#14*4]		@ 29
-	@ ldr	r1,[sp,#11*4]
-	mov	r0,r2,ror#7
-	add	r7,r7,r3			@ h+=Maj(a,b,c) from the past
-	mov	r3,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r3,r3,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#13*4]
-	eor	r3,r3,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#6*4]
-
-	add	r3,r3,r0
-	eor	r0,r11,r11,ror#5	@ from BODY_00_15
-	add	r2,r2,r3
-	eor	r0,r0,r11,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r3,[r14],#4			@ *K256++
-	add	r6,r6,r2			@ h+=X[i]
-	str	r2,[sp,#13*4]
-	eor	r2,r4,r5
-	add	r6,r6,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r11
-	add	r6,r6,r3			@ h+=K256[i]
-	eor	r2,r2,r5			@ Ch(e,f,g)
-	eor	r0,r7,r7,ror#11
-	add	r6,r6,r2			@ h+=Ch(e,f,g)
-#if 29==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 29<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r7,r8			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#15*4]		@ from future BODY_16_xx
-	eor	r3,r7,r8			@ a^b, b^c in next round
-	ldr	r1,[sp,#12*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r7,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r10,r10,r6			@ d+=h
-	eor	r12,r12,r8			@ Maj(a,b,c)
-	add	r6,r6,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r6,r6,r12			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#15*4]		@ 30
-	@ ldr	r1,[sp,#12*4]
-	mov	r0,r2,ror#7
-	add	r6,r6,r12			@ h+=Maj(a,b,c) from the past
-	mov	r12,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r12,r12,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#14*4]
-	eor	r12,r12,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#7*4]
-
-	add	r12,r12,r0
-	eor	r0,r10,r10,ror#5	@ from BODY_00_15
-	add	r2,r2,r12
-	eor	r0,r0,r10,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r12,[r14],#4			@ *K256++
-	add	r5,r5,r2			@ h+=X[i]
-	str	r2,[sp,#14*4]
-	eor	r2,r11,r4
-	add	r5,r5,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r10
-	add	r5,r5,r12			@ h+=K256[i]
-	eor	r2,r2,r4			@ Ch(e,f,g)
-	eor	r0,r6,r6,ror#11
-	add	r5,r5,r2			@ h+=Ch(e,f,g)
-#if 30==31
-	and	r12,r12,#0xff
-	cmp	r12,#0xf2			@ done?
-#endif
-#if 30<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r12,r6,r7			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#0*4]		@ from future BODY_16_xx
-	eor	r12,r6,r7			@ a^b, b^c in next round
-	ldr	r1,[sp,#13*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r6,ror#20	@ Sigma0(a)
-	and	r3,r3,r12			@ (b^c)&=(a^b)
-	add	r9,r9,r5			@ d+=h
-	eor	r3,r3,r7			@ Maj(a,b,c)
-	add	r5,r5,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r5,r5,r3			@ h+=Maj(a,b,c)
-	@ ldr	r2,[sp,#0*4]		@ 31
-	@ ldr	r1,[sp,#13*4]
-	mov	r0,r2,ror#7
-	add	r5,r5,r3			@ h+=Maj(a,b,c) from the past
-	mov	r3,r1,ror#17
-	eor	r0,r0,r2,ror#18
-	eor	r3,r3,r1,ror#19
-	eor	r0,r0,r2,lsr#3	@ sigma0(X[i+1])
-	ldr	r2,[sp,#15*4]
-	eor	r3,r3,r1,lsr#10	@ sigma1(X[i+14])
-	ldr	r1,[sp,#8*4]
-
-	add	r3,r3,r0
-	eor	r0,r9,r9,ror#5	@ from BODY_00_15
-	add	r2,r2,r3
-	eor	r0,r0,r9,ror#19	@ Sigma1(e)
-	add	r2,r2,r1			@ X[i]
-	ldr	r3,[r14],#4			@ *K256++
-	add	r4,r4,r2			@ h+=X[i]
-	str	r2,[sp,#15*4]
-	eor	r2,r10,r11
-	add	r4,r4,r0,ror#6	@ h+=Sigma1(e)
-	and	r2,r2,r9
-	add	r4,r4,r3			@ h+=K256[i]
-	eor	r2,r2,r11			@ Ch(e,f,g)
-	eor	r0,r5,r5,ror#11
-	add	r4,r4,r2			@ h+=Ch(e,f,g)
-#if 31==31
-	and	r3,r3,#0xff
-	cmp	r3,#0xf2			@ done?
-#endif
-#if 31<15
-# if __ARM_ARCH__>=7
-	ldr	r2,[r1],#4			@ prefetch
-# else
-	ldrb	r2,[r1,#3]
-# endif
-	eor	r3,r5,r6			@ a^b, b^c in next round
-#else
-	ldr	r2,[sp,#1*4]		@ from future BODY_16_xx
-	eor	r3,r5,r6			@ a^b, b^c in next round
-	ldr	r1,[sp,#14*4]	@ from future BODY_16_xx
-#endif
-	eor	r0,r0,r5,ror#20	@ Sigma0(a)
-	and	r12,r12,r3			@ (b^c)&=(a^b)
-	add	r8,r8,r4			@ d+=h
-	eor	r12,r12,r6			@ Maj(a,b,c)
-	add	r4,r4,r0,ror#2	@ h+=Sigma0(a)
-	@ add	r4,r4,r12			@ h+=Maj(a,b,c)
-	ldreq	r3,[sp,#16*4]		@ pull ctx
-	bne	.Lrounds_16_xx
-
-	add	r4,r4,r12		@ h+=Maj(a,b,c) from the past
-	ldr	r0,[r3,#0]
-	ldr	r2,[r3,#4]
-	ldr	r12,[r3,#8]
-	add	r4,r4,r0
-	ldr	r0,[r3,#12]
-	add	r5,r5,r2
-	ldr	r2,[r3,#16]
-	add	r6,r6,r12
-	ldr	r12,[r3,#20]
-	add	r7,r7,r0
-	ldr	r0,[r3,#24]
-	add	r8,r8,r2
-	ldr	r2,[r3,#28]
-	add	r9,r9,r12
-	ldr	r1,[sp,#17*4]		@ pull inp
-	ldr	r12,[sp,#18*4]		@ pull inp+len
-	add	r10,r10,r0
-	add	r11,r11,r2
-	stmia	r3,{r4,r5,r6,r7,r8,r9,r10,r11}
-	cmp	r1,r12
-	sub	r14,r14,#256	@ rewind Ktbl
-	bne	.Loop
-
-	add	sp,sp,#19*4	@ destroy frame
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r11,pc}
-#else
-	ldmia	sp!,{r4-r11,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
-#endif
-.size	sha256_block_data_order,.-sha256_block_data_order
-#if __ARM_ARCH__>=7
-.fpu	neon
-
-.type	sha256_block_data_order_neon,%function
-.align	4
-sha256_block_data_order_neon:
-.LNEON:
-	stmdb	sp!,{r4-r12,lr}
-
-	mov	r12,sp
-	sub	sp,sp,#16*4+16		@ alloca
-	sub	r14,r3,#256+32	@ K256
-	bic	sp,sp,#15		@ align for 128-bit stores
-
-	vld1.8		{q0},[r1]!
-	vld1.8		{q1},[r1]!
-	vld1.8		{q2},[r1]!
-	vld1.8		{q3},[r1]!
-	vld1.32		{q8},[r14,:128]!
-	vld1.32		{q9},[r14,:128]!
-	vld1.32		{q10},[r14,:128]!
-	vld1.32		{q11},[r14,:128]!
-	vrev32.8	q0,q0		@ yes, even on
-	str		r0,[sp,#64]
-	vrev32.8	q1,q1		@ big-endian
-	str		r1,[sp,#68]
-	mov		r1,sp
-	vrev32.8	q2,q2
-	str		r2,[sp,#72]
-	vrev32.8	q3,q3
-	str		r12,[sp,#76]		@ save original sp
-	vadd.i32	q8,q8,q0
-	vadd.i32	q9,q9,q1
-	vst1.32		{q8},[r1,:128]!
-	vadd.i32	q10,q10,q2
-	vst1.32		{q9},[r1,:128]!
-	vadd.i32	q11,q11,q3
-	vst1.32		{q10},[r1,:128]!
-	vst1.32		{q11},[r1,:128]!
-
-	ldmia		r0,{r4-r11}
-	sub		r1,r1,#64
-	ldr		r2,[sp,#0]
-	eor		r12,r12,r12
-	eor		r3,r5,r6
-	b		.L_00_48
-
-.align	4
-.L_00_48:
-	vext.8	q8,q0,q1,#4
-	add	r11,r11,r2
-	eor	r2,r9,r10
-	eor	r0,r8,r8,ror#5
-	vext.8	q9,q2,q3,#4
-	add	r4,r4,r12
-	and	r2,r2,r8
-	eor	r12,r0,r8,ror#19
-	vshr.u32	q10,q8,#7
-	eor	r0,r4,r4,ror#11
-	eor	r2,r2,r10
-	vadd.i32	q0,q0,q9
-	add	r11,r11,r12,ror#6
-	eor	r12,r4,r5
-	vshr.u32	q9,q8,#3
-	eor	r0,r0,r4,ror#20
-	add	r11,r11,r2
-	vsli.32	q10,q8,#25
-	ldr	r2,[sp,#4]
-	and	r3,r3,r12
-	vshr.u32	q11,q8,#18
-	add	r7,r7,r11
-	add	r11,r11,r0,ror#2
-	eor	r3,r3,r5
-	veor	q9,q9,q10
-	add	r10,r10,r2
-	vsli.32	q11,q8,#14
-	eor	r2,r8,r9
-	eor	r0,r7,r7,ror#5
-	vshr.u32	d24,d7,#17
-	add	r11,r11,r3
-	and	r2,r2,r7
-	veor	q9,q9,q11
-	eor	r3,r0,r7,ror#19
-	eor	r0,r11,r11,ror#11
-	vsli.32	d24,d7,#15
-	eor	r2,r2,r9
-	add	r10,r10,r3,ror#6
-	vshr.u32	d25,d7,#10
-	eor	r3,r11,r4
-	eor	r0,r0,r11,ror#20
-	vadd.i32	q0,q0,q9
-	add	r10,r10,r2
-	ldr	r2,[sp,#8]
-	veor	d25,d25,d24
-	and	r12,r12,r3
-	add	r6,r6,r10
-	vshr.u32	d24,d7,#19
-	add	r10,r10,r0,ror#2
-	eor	r12,r12,r4
-	vsli.32	d24,d7,#13
-	add	r9,r9,r2
-	eor	r2,r7,r8
-	veor	d25,d25,d24
-	eor	r0,r6,r6,ror#5
-	add	r10,r10,r12
-	vadd.i32	d0,d0,d25
-	and	r2,r2,r6
-	eor	r12,r0,r6,ror#19
-	vshr.u32	d24,d0,#17
-	eor	r0,r10,r10,ror#11
-	eor	r2,r2,r8
-	vsli.32	d24,d0,#15
-	add	r9,r9,r12,ror#6
-	eor	r12,r10,r11
-	vshr.u32	d25,d0,#10
-	eor	r0,r0,r10,ror#20
-	add	r9,r9,r2
-	veor	d25,d25,d24
-	ldr	r2,[sp,#12]
-	and	r3,r3,r12
-	vshr.u32	d24,d0,#19
-	add	r5,r5,r9
-	add	r9,r9,r0,ror#2
-	eor	r3,r3,r11
-	vld1.32	{q8},[r14,:128]!
-	add	r8,r8,r2
-	vsli.32	d24,d0,#13
-	eor	r2,r6,r7
-	eor	r0,r5,r5,ror#5
-	veor	d25,d25,d24
-	add	r9,r9,r3
-	and	r2,r2,r5
-	vadd.i32	d1,d1,d25
-	eor	r3,r0,r5,ror#19
-	eor	r0,r9,r9,ror#11
-	vadd.i32	q8,q8,q0
-	eor	r2,r2,r7
-	add	r8,r8,r3,ror#6
-	eor	r3,r9,r10
-	eor	r0,r0,r9,ror#20
-	add	r8,r8,r2
-	ldr	r2,[sp,#16]
-	and	r12,r12,r3
-	add	r4,r4,r8
-	vst1.32	{q8},[r1,:128]!
-	add	r8,r8,r0,ror#2
-	eor	r12,r12,r10
-	vext.8	q8,q1,q2,#4
-	add	r7,r7,r2
-	eor	r2,r5,r6
-	eor	r0,r4,r4,ror#5
-	vext.8	q9,q3,q0,#4
-	add	r8,r8,r12
-	and	r2,r2,r4
-	eor	r12,r0,r4,ror#19
-	vshr.u32	q10,q8,#7
-	eor	r0,r8,r8,ror#11
-	eor	r2,r2,r6
-	vadd.i32	q1,q1,q9
-	add	r7,r7,r12,ror#6
-	eor	r12,r8,r9
-	vshr.u32	q9,q8,#3
-	eor	r0,r0,r8,ror#20
-	add	r7,r7,r2
-	vsli.32	q10,q8,#25
-	ldr	r2,[sp,#20]
-	and	r3,r3,r12
-	vshr.u32	q11,q8,#18
-	add	r11,r11,r7
-	add	r7,r7,r0,ror#2
-	eor	r3,r3,r9
-	veor	q9,q9,q10
-	add	r6,r6,r2
-	vsli.32	q11,q8,#14
-	eor	r2,r4,r5
-	eor	r0,r11,r11,ror#5
-	vshr.u32	d24,d1,#17
-	add	r7,r7,r3
-	and	r2,r2,r11
-	veor	q9,q9,q11
-	eor	r3,r0,r11,ror#19
-	eor	r0,r7,r7,ror#11
-	vsli.32	d24,d1,#15
-	eor	r2,r2,r5
-	add	r6,r6,r3,ror#6
-	vshr.u32	d25,d1,#10
-	eor	r3,r7,r8
-	eor	r0,r0,r7,ror#20
-	vadd.i32	q1,q1,q9
-	add	r6,r6,r2
-	ldr	r2,[sp,#24]
-	veor	d25,d25,d24
-	and	r12,r12,r3
-	add	r10,r10,r6
-	vshr.u32	d24,d1,#19
-	add	r6,r6,r0,ror#2
-	eor	r12,r12,r8
-	vsli.32	d24,d1,#13
-	add	r5,r5,r2
-	eor	r2,r11,r4
-	veor	d25,d25,d24
-	eor	r0,r10,r10,ror#5
-	add	r6,r6,r12
-	vadd.i32	d2,d2,d25
-	and	r2,r2,r10
-	eor	r12,r0,r10,ror#19
-	vshr.u32	d24,d2,#17
-	eor	r0,r6,r6,ror#11
-	eor	r2,r2,r4
-	vsli.32	d24,d2,#15
-	add	r5,r5,r12,ror#6
-	eor	r12,r6,r7
-	vshr.u32	d25,d2,#10
-	eor	r0,r0,r6,ror#20
-	add	r5,r5,r2
-	veor	d25,d25,d24
-	ldr	r2,[sp,#28]
-	and	r3,r3,r12
-	vshr.u32	d24,d2,#19
-	add	r9,r9,r5
-	add	r5,r5,r0,ror#2
-	eor	r3,r3,r7
-	vld1.32	{q8},[r14,:128]!
-	add	r4,r4,r2
-	vsli.32	d24,d2,#13
-	eor	r2,r10,r11
-	eor	r0,r9,r9,ror#5
-	veor	d25,d25,d24
-	add	r5,r5,r3
-	and	r2,r2,r9
-	vadd.i32	d3,d3,d25
-	eor	r3,r0,r9,ror#19
-	eor	r0,r5,r5,ror#11
-	vadd.i32	q8,q8,q1
-	eor	r2,r2,r11
-	add	r4,r4,r3,ror#6
-	eor	r3,r5,r6
-	eor	r0,r0,r5,ror#20
-	add	r4,r4,r2
-	ldr	r2,[sp,#32]
-	and	r12,r12,r3
-	add	r8,r8,r4
-	vst1.32	{q8},[r1,:128]!
-	add	r4,r4,r0,ror#2
-	eor	r12,r12,r6
-	vext.8	q8,q2,q3,#4
-	add	r11,r11,r2
-	eor	r2,r9,r10
-	eor	r0,r8,r8,ror#5
-	vext.8	q9,q0,q1,#4
-	add	r4,r4,r12
-	and	r2,r2,r8
-	eor	r12,r0,r8,ror#19
-	vshr.u32	q10,q8,#7
-	eor	r0,r4,r4,ror#11
-	eor	r2,r2,r10
-	vadd.i32	q2,q2,q9
-	add	r11,r11,r12,ror#6
-	eor	r12,r4,r5
-	vshr.u32	q9,q8,#3
-	eor	r0,r0,r4,ror#20
-	add	r11,r11,r2
-	vsli.32	q10,q8,#25
-	ldr	r2,[sp,#36]
-	and	r3,r3,r12
-	vshr.u32	q11,q8,#18
-	add	r7,r7,r11
-	add	r11,r11,r0,ror#2
-	eor	r3,r3,r5
-	veor	q9,q9,q10
-	add	r10,r10,r2
-	vsli.32	q11,q8,#14
-	eor	r2,r8,r9
-	eor	r0,r7,r7,ror#5
-	vshr.u32	d24,d3,#17
-	add	r11,r11,r3
-	and	r2,r2,r7
-	veor	q9,q9,q11
-	eor	r3,r0,r7,ror#19
-	eor	r0,r11,r11,ror#11
-	vsli.32	d24,d3,#15
-	eor	r2,r2,r9
-	add	r10,r10,r3,ror#6
-	vshr.u32	d25,d3,#10
-	eor	r3,r11,r4
-	eor	r0,r0,r11,ror#20
-	vadd.i32	q2,q2,q9
-	add	r10,r10,r2
-	ldr	r2,[sp,#40]
-	veor	d25,d25,d24
-	and	r12,r12,r3
-	add	r6,r6,r10
-	vshr.u32	d24,d3,#19
-	add	r10,r10,r0,ror#2
-	eor	r12,r12,r4
-	vsli.32	d24,d3,#13
-	add	r9,r9,r2
-	eor	r2,r7,r8
-	veor	d25,d25,d24
-	eor	r0,r6,r6,ror#5
-	add	r10,r10,r12
-	vadd.i32	d4,d4,d25
-	and	r2,r2,r6
-	eor	r12,r0,r6,ror#19
-	vshr.u32	d24,d4,#17
-	eor	r0,r10,r10,ror#11
-	eor	r2,r2,r8
-	vsli.32	d24,d4,#15
-	add	r9,r9,r12,ror#6
-	eor	r12,r10,r11
-	vshr.u32	d25,d4,#10
-	eor	r0,r0,r10,ror#20
-	add	r9,r9,r2
-	veor	d25,d25,d24
-	ldr	r2,[sp,#44]
-	and	r3,r3,r12
-	vshr.u32	d24,d4,#19
-	add	r5,r5,r9
-	add	r9,r9,r0,ror#2
-	eor	r3,r3,r11
-	vld1.32	{q8},[r14,:128]!
-	add	r8,r8,r2
-	vsli.32	d24,d4,#13
-	eor	r2,r6,r7
-	eor	r0,r5,r5,ror#5
-	veor	d25,d25,d24
-	add	r9,r9,r3
-	and	r2,r2,r5
-	vadd.i32	d5,d5,d25
-	eor	r3,r0,r5,ror#19
-	eor	r0,r9,r9,ror#11
-	vadd.i32	q8,q8,q2
-	eor	r2,r2,r7
-	add	r8,r8,r3,ror#6
-	eor	r3,r9,r10
-	eor	r0,r0,r9,ror#20
-	add	r8,r8,r2
-	ldr	r2,[sp,#48]
-	and	r12,r12,r3
-	add	r4,r4,r8
-	vst1.32	{q8},[r1,:128]!
-	add	r8,r8,r0,ror#2
-	eor	r12,r12,r10
-	vext.8	q8,q3,q0,#4
-	add	r7,r7,r2
-	eor	r2,r5,r6
-	eor	r0,r4,r4,ror#5
-	vext.8	q9,q1,q2,#4
-	add	r8,r8,r12
-	and	r2,r2,r4
-	eor	r12,r0,r4,ror#19
-	vshr.u32	q10,q8,#7
-	eor	r0,r8,r8,ror#11
-	eor	r2,r2,r6
-	vadd.i32	q3,q3,q9
-	add	r7,r7,r12,ror#6
-	eor	r12,r8,r9
-	vshr.u32	q9,q8,#3
-	eor	r0,r0,r8,ror#20
-	add	r7,r7,r2
-	vsli.32	q10,q8,#25
-	ldr	r2,[sp,#52]
-	and	r3,r3,r12
-	vshr.u32	q11,q8,#18
-	add	r11,r11,r7
-	add	r7,r7,r0,ror#2
-	eor	r3,r3,r9
-	veor	q9,q9,q10
-	add	r6,r6,r2
-	vsli.32	q11,q8,#14
-	eor	r2,r4,r5
-	eor	r0,r11,r11,ror#5
-	vshr.u32	d24,d5,#17
-	add	r7,r7,r3
-	and	r2,r2,r11
-	veor	q9,q9,q11
-	eor	r3,r0,r11,ror#19
-	eor	r0,r7,r7,ror#11
-	vsli.32	d24,d5,#15
-	eor	r2,r2,r5
-	add	r6,r6,r3,ror#6
-	vshr.u32	d25,d5,#10
-	eor	r3,r7,r8
-	eor	r0,r0,r7,ror#20
-	vadd.i32	q3,q3,q9
-	add	r6,r6,r2
-	ldr	r2,[sp,#56]
-	veor	d25,d25,d24
-	and	r12,r12,r3
-	add	r10,r10,r6
-	vshr.u32	d24,d5,#19
-	add	r6,r6,r0,ror#2
-	eor	r12,r12,r8
-	vsli.32	d24,d5,#13
-	add	r5,r5,r2
-	eor	r2,r11,r4
-	veor	d25,d25,d24
-	eor	r0,r10,r10,ror#5
-	add	r6,r6,r12
-	vadd.i32	d6,d6,d25
-	and	r2,r2,r10
-	eor	r12,r0,r10,ror#19
-	vshr.u32	d24,d6,#17
-	eor	r0,r6,r6,ror#11
-	eor	r2,r2,r4
-	vsli.32	d24,d6,#15
-	add	r5,r5,r12,ror#6
-	eor	r12,r6,r7
-	vshr.u32	d25,d6,#10
-	eor	r0,r0,r6,ror#20
-	add	r5,r5,r2
-	veor	d25,d25,d24
-	ldr	r2,[sp,#60]
-	and	r3,r3,r12
-	vshr.u32	d24,d6,#19
-	add	r9,r9,r5
-	add	r5,r5,r0,ror#2
-	eor	r3,r3,r7
-	vld1.32	{q8},[r14,:128]!
-	add	r4,r4,r2
-	vsli.32	d24,d6,#13
-	eor	r2,r10,r11
-	eor	r0,r9,r9,ror#5
-	veor	d25,d25,d24
-	add	r5,r5,r3
-	and	r2,r2,r9
-	vadd.i32	d7,d7,d25
-	eor	r3,r0,r9,ror#19
-	eor	r0,r5,r5,ror#11
-	vadd.i32	q8,q8,q3
-	eor	r2,r2,r11
-	add	r4,r4,r3,ror#6
-	eor	r3,r5,r6
-	eor	r0,r0,r5,ror#20
-	add	r4,r4,r2
-	ldr	r2,[r14]
-	and	r12,r12,r3
-	add	r8,r8,r4
-	vst1.32	{q8},[r1,:128]!
-	add	r4,r4,r0,ror#2
-	eor	r12,r12,r6
-	teq	r2,#0				@ check for K256 terminator
-	ldr	r2,[sp,#0]
-	sub	r1,r1,#64
-	bne	.L_00_48
-
-	ldr		r1,[sp,#68]
-	ldr		r0,[sp,#72]
-	sub		r14,r14,#256	@ rewind r14
-	teq		r1,r0
-	subeq		r1,r1,#64		@ avoid SEGV
-	vld1.8		{q0},[r1]!		@ load next input block
-	vld1.8		{q1},[r1]!
-	vld1.8		{q2},[r1]!
-	vld1.8		{q3},[r1]!
-	strne		r1,[sp,#68]
-	mov		r1,sp
-	add	r11,r11,r2
-	eor	r2,r9,r10
-	eor	r0,r8,r8,ror#5
-	add	r4,r4,r12
-	vld1.32	{q8},[r14,:128]!
-	and	r2,r2,r8
-	eor	r12,r0,r8,ror#19
-	eor	r0,r4,r4,ror#11
-	eor	r2,r2,r10
-	vrev32.8	q0,q0
-	add	r11,r11,r12,ror#6
-	eor	r12,r4,r5
-	eor	r0,r0,r4,ror#20
-	add	r11,r11,r2
-	vadd.i32	q8,q8,q0
-	ldr	r2,[sp,#4]
-	and	r3,r3,r12
-	add	r7,r7,r11
-	add	r11,r11,r0,ror#2
-	eor	r3,r3,r5
-	add	r10,r10,r2
-	eor	r2,r8,r9
-	eor	r0,r7,r7,ror#5
-	add	r11,r11,r3
-	and	r2,r2,r7
-	eor	r3,r0,r7,ror#19
-	eor	r0,r11,r11,ror#11
-	eor	r2,r2,r9
-	add	r10,r10,r3,ror#6
-	eor	r3,r11,r4
-	eor	r0,r0,r11,ror#20
-	add	r10,r10,r2
-	ldr	r2,[sp,#8]
-	and	r12,r12,r3
-	add	r6,r6,r10
-	add	r10,r10,r0,ror#2
-	eor	r12,r12,r4
-	add	r9,r9,r2
-	eor	r2,r7,r8
-	eor	r0,r6,r6,ror#5
-	add	r10,r10,r12
-	and	r2,r2,r6
-	eor	r12,r0,r6,ror#19
-	eor	r0,r10,r10,ror#11
-	eor	r2,r2,r8
-	add	r9,r9,r12,ror#6
-	eor	r12,r10,r11
-	eor	r0,r0,r10,ror#20
-	add	r9,r9,r2
-	ldr	r2,[sp,#12]
-	and	r3,r3,r12
-	add	r5,r5,r9
-	add	r9,r9,r0,ror#2
-	eor	r3,r3,r11
-	add	r8,r8,r2
-	eor	r2,r6,r7
-	eor	r0,r5,r5,ror#5
-	add	r9,r9,r3
-	and	r2,r2,r5
-	eor	r3,r0,r5,ror#19
-	eor	r0,r9,r9,ror#11
-	eor	r2,r2,r7
-	add	r8,r8,r3,ror#6
-	eor	r3,r9,r10
-	eor	r0,r0,r9,ror#20
-	add	r8,r8,r2
-	ldr	r2,[sp,#16]
-	and	r12,r12,r3
-	add	r4,r4,r8
-	add	r8,r8,r0,ror#2
-	eor	r12,r12,r10
-	vst1.32	{q8},[r1,:128]!
-	add	r7,r7,r2
-	eor	r2,r5,r6
-	eor	r0,r4,r4,ror#5
-	add	r8,r8,r12
-	vld1.32	{q8},[r14,:128]!
-	and	r2,r2,r4
-	eor	r12,r0,r4,ror#19
-	eor	r0,r8,r8,ror#11
-	eor	r2,r2,r6
-	vrev32.8	q1,q1
-	add	r7,r7,r12,ror#6
-	eor	r12,r8,r9
-	eor	r0,r0,r8,ror#20
-	add	r7,r7,r2
-	vadd.i32	q8,q8,q1
-	ldr	r2,[sp,#20]
-	and	r3,r3,r12
-	add	r11,r11,r7
-	add	r7,r7,r0,ror#2
-	eor	r3,r3,r9
-	add	r6,r6,r2
-	eor	r2,r4,r5
-	eor	r0,r11,r11,ror#5
-	add	r7,r7,r3
-	and	r2,r2,r11
-	eor	r3,r0,r11,ror#19
-	eor	r0,r7,r7,ror#11
-	eor	r2,r2,r5
-	add	r6,r6,r3,ror#6
-	eor	r3,r7,r8
-	eor	r0,r0,r7,ror#20
-	add	r6,r6,r2
-	ldr	r2,[sp,#24]
-	and	r12,r12,r3
-	add	r10,r10,r6
-	add	r6,r6,r0,ror#2
-	eor	r12,r12,r8
-	add	r5,r5,r2
-	eor	r2,r11,r4
-	eor	r0,r10,r10,ror#5
-	add	r6,r6,r12
-	and	r2,r2,r10
-	eor	r12,r0,r10,ror#19
-	eor	r0,r6,r6,ror#11
-	eor	r2,r2,r4
-	add	r5,r5,r12,ror#6
-	eor	r12,r6,r7
-	eor	r0,r0,r6,ror#20
-	add	r5,r5,r2
-	ldr	r2,[sp,#28]
-	and	r3,r3,r12
-	add	r9,r9,r5
-	add	r5,r5,r0,ror#2
-	eor	r3,r3,r7
-	add	r4,r4,r2
-	eor	r2,r10,r11
-	eor	r0,r9,r9,ror#5
-	add	r5,r5,r3
-	and	r2,r2,r9
-	eor	r3,r0,r9,ror#19
-	eor	r0,r5,r5,ror#11
-	eor	r2,r2,r11
-	add	r4,r4,r3,ror#6
-	eor	r3,r5,r6
-	eor	r0,r0,r5,ror#20
-	add	r4,r4,r2
-	ldr	r2,[sp,#32]
-	and	r12,r12,r3
-	add	r8,r8,r4
-	add	r4,r4,r0,ror#2
-	eor	r12,r12,r6
-	vst1.32	{q8},[r1,:128]!
-	add	r11,r11,r2
-	eor	r2,r9,r10
-	eor	r0,r8,r8,ror#5
-	add	r4,r4,r12
-	vld1.32	{q8},[r14,:128]!
-	and	r2,r2,r8
-	eor	r12,r0,r8,ror#19
-	eor	r0,r4,r4,ror#11
-	eor	r2,r2,r10
-	vrev32.8	q2,q2
-	add	r11,r11,r12,ror#6
-	eor	r12,r4,r5
-	eor	r0,r0,r4,ror#20
-	add	r11,r11,r2
-	vadd.i32	q8,q8,q2
-	ldr	r2,[sp,#36]
-	and	r3,r3,r12
-	add	r7,r7,r11
-	add	r11,r11,r0,ror#2
-	eor	r3,r3,r5
-	add	r10,r10,r2
-	eor	r2,r8,r9
-	eor	r0,r7,r7,ror#5
-	add	r11,r11,r3
-	and	r2,r2,r7
-	eor	r3,r0,r7,ror#19
-	eor	r0,r11,r11,ror#11
-	eor	r2,r2,r9
-	add	r10,r10,r3,ror#6
-	eor	r3,r11,r4
-	eor	r0,r0,r11,ror#20
-	add	r10,r10,r2
-	ldr	r2,[sp,#40]
-	and	r12,r12,r3
-	add	r6,r6,r10
-	add	r10,r10,r0,ror#2
-	eor	r12,r12,r4
-	add	r9,r9,r2
-	eor	r2,r7,r8
-	eor	r0,r6,r6,ror#5
-	add	r10,r10,r12
-	and	r2,r2,r6
-	eor	r12,r0,r6,ror#19
-	eor	r0,r10,r10,ror#11
-	eor	r2,r2,r8
-	add	r9,r9,r12,ror#6
-	eor	r12,r10,r11
-	eor	r0,r0,r10,ror#20
-	add	r9,r9,r2
-	ldr	r2,[sp,#44]
-	and	r3,r3,r12
-	add	r5,r5,r9
-	add	r9,r9,r0,ror#2
-	eor	r3,r3,r11
-	add	r8,r8,r2
-	eor	r2,r6,r7
-	eor	r0,r5,r5,ror#5
-	add	r9,r9,r3
-	and	r2,r2,r5
-	eor	r3,r0,r5,ror#19
-	eor	r0,r9,r9,ror#11
-	eor	r2,r2,r7
-	add	r8,r8,r3,ror#6
-	eor	r3,r9,r10
-	eor	r0,r0,r9,ror#20
-	add	r8,r8,r2
-	ldr	r2,[sp,#48]
-	and	r12,r12,r3
-	add	r4,r4,r8
-	add	r8,r8,r0,ror#2
-	eor	r12,r12,r10
-	vst1.32	{q8},[r1,:128]!
-	add	r7,r7,r2
-	eor	r2,r5,r6
-	eor	r0,r4,r4,ror#5
-	add	r8,r8,r12
-	vld1.32	{q8},[r14,:128]!
-	and	r2,r2,r4
-	eor	r12,r0,r4,ror#19
-	eor	r0,r8,r8,ror#11
-	eor	r2,r2,r6
-	vrev32.8	q3,q3
-	add	r7,r7,r12,ror#6
-	eor	r12,r8,r9
-	eor	r0,r0,r8,ror#20
-	add	r7,r7,r2
-	vadd.i32	q8,q8,q3
-	ldr	r2,[sp,#52]
-	and	r3,r3,r12
-	add	r11,r11,r7
-	add	r7,r7,r0,ror#2
-	eor	r3,r3,r9
-	add	r6,r6,r2
-	eor	r2,r4,r5
-	eor	r0,r11,r11,ror#5
-	add	r7,r7,r3
-	and	r2,r2,r11
-	eor	r3,r0,r11,ror#19
-	eor	r0,r7,r7,ror#11
-	eor	r2,r2,r5
-	add	r6,r6,r3,ror#6
-	eor	r3,r7,r8
-	eor	r0,r0,r7,ror#20
-	add	r6,r6,r2
-	ldr	r2,[sp,#56]
-	and	r12,r12,r3
-	add	r10,r10,r6
-	add	r6,r6,r0,ror#2
-	eor	r12,r12,r8
-	add	r5,r5,r2
-	eor	r2,r11,r4
-	eor	r0,r10,r10,ror#5
-	add	r6,r6,r12
-	and	r2,r2,r10
-	eor	r12,r0,r10,ror#19
-	eor	r0,r6,r6,ror#11
-	eor	r2,r2,r4
-	add	r5,r5,r12,ror#6
-	eor	r12,r6,r7
-	eor	r0,r0,r6,ror#20
-	add	r5,r5,r2
-	ldr	r2,[sp,#60]
-	and	r3,r3,r12
-	add	r9,r9,r5
-	add	r5,r5,r0,ror#2
-	eor	r3,r3,r7
-	add	r4,r4,r2
-	eor	r2,r10,r11
-	eor	r0,r9,r9,ror#5
-	add	r5,r5,r3
-	and	r2,r2,r9
-	eor	r3,r0,r9,ror#19
-	eor	r0,r5,r5,ror#11
-	eor	r2,r2,r11
-	add	r4,r4,r3,ror#6
-	eor	r3,r5,r6
-	eor	r0,r0,r5,ror#20
-	add	r4,r4,r2
-	ldr	r2,[sp,#64]
-	and	r12,r12,r3
-	add	r8,r8,r4
-	add	r4,r4,r0,ror#2
-	eor	r12,r12,r6
-	vst1.32	{q8},[r1,:128]!
-	ldr	r0,[r2,#0]
-	add	r4,r4,r12			@ h+=Maj(a,b,c) from the past
-	ldr	r12,[r2,#4]
-	ldr	r3,[r2,#8]
-	ldr	r1,[r2,#12]
-	add	r4,r4,r0			@ accumulate
-	ldr	r0,[r2,#16]
-	add	r5,r5,r12
-	ldr	r12,[r2,#20]
-	add	r6,r6,r3
-	ldr	r3,[r2,#24]
-	add	r7,r7,r1
-	ldr	r1,[r2,#28]
-	add	r8,r8,r0
-	str	r4,[r2],#4
-	add	r9,r9,r12
-	str	r5,[r2],#4
-	add	r10,r10,r3
-	str	r6,[r2],#4
-	add	r11,r11,r1
-	str	r7,[r2],#4
-	stmia	r2,{r8-r11}
-
-	movne	r1,sp
-	ldrne	r2,[sp,#0]
-	eorne	r12,r12,r12
-	ldreq	sp,[sp,#76]			@ restore original sp
-	eorne	r3,r5,r6
-	bne	.L_00_48
-
-	ldmia	sp!,{r4-r12,pc}
-.size	sha256_block_data_order_neon,.-sha256_block_data_order_neon
-#endif
-#if __ARM_ARCH__>=7
-.type	sha256_block_data_order_armv8,%function
-.align	5
-sha256_block_data_order_armv8:
-.LARMv8:
-	vld1.32	{q0,q1},[r0]
-	sub	r3,r3,#sha256_block_data_order-K256
-
-.Loop_v8:
-	vld1.8		{q8-q9},[r1]!
-	vld1.8		{q10-q11},[r1]!
-	vld1.32		{q12},[r3]!
-	vrev32.8	q8,q8
-	vrev32.8	q9,q9
-	vrev32.8	q10,q10
-	vrev32.8	q11,q11
-	vmov		q14,q0	@ offload
-	vmov		q15,q1
-	teq		r1,r2
-	vld1.32		{q13},[r3]!
-	vadd.i32	q12,q12,q8
-	.byte	0xe2,0x03,0xfa,0xf3	@ sha256su0 q8,q9
-	vmov		q2,q0
-	.byte	0x68,0x0c,0x02,0xf3	@ sha256h q0,q1,q12
-	.byte	0x68,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q12
-	.byte	0xe6,0x0c,0x64,0xf3	@ sha256su1 q8,q10,q11
-	vld1.32		{q12},[r3]!
-	vadd.i32	q13,q13,q9
-	.byte	0xe4,0x23,0xfa,0xf3	@ sha256su0 q9,q10
-	vmov		q2,q0
-	.byte	0x6a,0x0c,0x02,0xf3	@ sha256h q0,q1,q13
-	.byte	0x6a,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q13
-	.byte	0xe0,0x2c,0x66,0xf3	@ sha256su1 q9,q11,q8
-	vld1.32		{q13},[r3]!
-	vadd.i32	q12,q12,q10
-	.byte	0xe6,0x43,0xfa,0xf3	@ sha256su0 q10,q11
-	vmov		q2,q0
-	.byte	0x68,0x0c,0x02,0xf3	@ sha256h q0,q1,q12
-	.byte	0x68,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q12
-	.byte	0xe2,0x4c,0x60,0xf3	@ sha256su1 q10,q8,q9
-	vld1.32		{q12},[r3]!
-	vadd.i32	q13,q13,q11
-	.byte	0xe0,0x63,0xfa,0xf3	@ sha256su0 q11,q8
-	vmov		q2,q0
-	.byte	0x6a,0x0c,0x02,0xf3	@ sha256h q0,q1,q13
-	.byte	0x6a,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q13
-	.byte	0xe4,0x6c,0x62,0xf3	@ sha256su1 q11,q9,q10
-	vld1.32		{q13},[r3]!
-	vadd.i32	q12,q12,q8
-	.byte	0xe2,0x03,0xfa,0xf3	@ sha256su0 q8,q9
-	vmov		q2,q0
-	.byte	0x68,0x0c,0x02,0xf3	@ sha256h q0,q1,q12
-	.byte	0x68,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q12
-	.byte	0xe6,0x0c,0x64,0xf3	@ sha256su1 q8,q10,q11
-	vld1.32		{q12},[r3]!
-	vadd.i32	q13,q13,q9
-	.byte	0xe4,0x23,0xfa,0xf3	@ sha256su0 q9,q10
-	vmov		q2,q0
-	.byte	0x6a,0x0c,0x02,0xf3	@ sha256h q0,q1,q13
-	.byte	0x6a,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q13
-	.byte	0xe0,0x2c,0x66,0xf3	@ sha256su1 q9,q11,q8
-	vld1.32		{q13},[r3]!
-	vadd.i32	q12,q12,q10
-	.byte	0xe6,0x43,0xfa,0xf3	@ sha256su0 q10,q11
-	vmov		q2,q0
-	.byte	0x68,0x0c,0x02,0xf3	@ sha256h q0,q1,q12
-	.byte	0x68,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q12
-	.byte	0xe2,0x4c,0x60,0xf3	@ sha256su1 q10,q8,q9
-	vld1.32		{q12},[r3]!
-	vadd.i32	q13,q13,q11
-	.byte	0xe0,0x63,0xfa,0xf3	@ sha256su0 q11,q8
-	vmov		q2,q0
-	.byte	0x6a,0x0c,0x02,0xf3	@ sha256h q0,q1,q13
-	.byte	0x6a,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q13
-	.byte	0xe4,0x6c,0x62,0xf3	@ sha256su1 q11,q9,q10
-	vld1.32		{q13},[r3]!
-	vadd.i32	q12,q12,q8
-	.byte	0xe2,0x03,0xfa,0xf3	@ sha256su0 q8,q9
-	vmov		q2,q0
-	.byte	0x68,0x0c,0x02,0xf3	@ sha256h q0,q1,q12
-	.byte	0x68,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q12
-	.byte	0xe6,0x0c,0x64,0xf3	@ sha256su1 q8,q10,q11
-	vld1.32		{q12},[r3]!
-	vadd.i32	q13,q13,q9
-	.byte	0xe4,0x23,0xfa,0xf3	@ sha256su0 q9,q10
-	vmov		q2,q0
-	.byte	0x6a,0x0c,0x02,0xf3	@ sha256h q0,q1,q13
-	.byte	0x6a,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q13
-	.byte	0xe0,0x2c,0x66,0xf3	@ sha256su1 q9,q11,q8
-	vld1.32		{q13},[r3]!
-	vadd.i32	q12,q12,q10
-	.byte	0xe6,0x43,0xfa,0xf3	@ sha256su0 q10,q11
-	vmov		q2,q0
-	.byte	0x68,0x0c,0x02,0xf3	@ sha256h q0,q1,q12
-	.byte	0x68,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q12
-	.byte	0xe2,0x4c,0x60,0xf3	@ sha256su1 q10,q8,q9
-	vld1.32		{q12},[r3]!
-	vadd.i32	q13,q13,q11
-	.byte	0xe0,0x63,0xfa,0xf3	@ sha256su0 q11,q8
-	vmov		q2,q0
-	.byte	0x6a,0x0c,0x02,0xf3	@ sha256h q0,q1,q13
-	.byte	0x6a,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q13
-	.byte	0xe4,0x6c,0x62,0xf3	@ sha256su1 q11,q9,q10
-	vld1.32		{q13},[r3]!
-	vadd.i32	q12,q12,q8
-	vmov		q2,q0
-	.byte	0x68,0x0c,0x02,0xf3	@ sha256h q0,q1,q12
-	.byte	0x68,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q12
-
-	vld1.32		{q12},[r3]!
-	vadd.i32	q13,q13,q9
-	vmov		q2,q0
-	.byte	0x6a,0x0c,0x02,0xf3	@ sha256h q0,q1,q13
-	.byte	0x6a,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q13
-
-	vld1.32		{q13},[r3]
-	vadd.i32	q12,q12,q10
-	sub		r3,r3,#256-16	@ rewind
-	vmov		q2,q0
-	.byte	0x68,0x0c,0x02,0xf3	@ sha256h q0,q1,q12
-	.byte	0x68,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q12
-
-	vadd.i32	q13,q13,q11
-	vmov		q2,q0
-	.byte	0x6a,0x0c,0x02,0xf3	@ sha256h q0,q1,q13
-	.byte	0x6a,0x2c,0x14,0xf3	@ sha256h2 q1,q2,q13
-
-	vadd.i32	q0,q0,q14
-	vadd.i32	q1,q1,q15
-	bne		.Loop_v8
-
-	vst1.32		{q0,q1},[r0]
-
-	bx	lr		@ bx lr
-.size	sha256_block_data_order_armv8,.-sha256_block_data_order_armv8
-#endif
-.asciz  "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by <appro@openssl.org>"
-.align	2
-.comm   OPENSSL_armcap_P,4,4
diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl
deleted file mode 100644
index 505ca8f350..0000000000
--- a/crypto/sha/asm/sha256-armv4.pl
+++ /dev/null
@@ -1,656 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# SHA256 block procedure for ARMv4. May 2007.
-
-# Performance is ~2x better than gcc 3.4 generated code and in "abso-
-# lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per
-# byte [on single-issue Xscale PXA250 core].
-
-# July 2010.
-#
-# Rescheduling for dual-issue pipeline resulted in 22% improvement on
-# Cortex A8 core and ~20 cycles per processed byte.
-
-# February 2011.
-#
-# Profiler-assisted and platform-specific optimization resulted in 16%
-# improvement on Cortex A8 core and ~15.4 cycles per processed byte.
-
-# September 2013.
-#
-# Add NEON implementation. On Cortex A8 it was measured to process one
-# byte in 12.5 cycles or 23% faster than integer-only code. Snapdragon
-# S4 does it in 12.5 cycles too, but it's 50% faster than integer-only
-# code (meaning that latter performs sub-optimally, nothing was done
-# about it).
-
-# May 2014.
-#
-# Add ARMv8 code path performing at 2.0 cpb on Apple A7.
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$ctx="r0";	$t0="r0";
-$inp="r1";	$t4="r1";
-$len="r2";	$t1="r2";
-$T1="r3";	$t3="r3";
-$A="r4";
-$B="r5";
-$C="r6";
-$D="r7";
-$E="r8";
-$F="r9";
-$G="r10";
-$H="r11";
-@V=($A,$B,$C,$D,$E,$F,$G,$H);
-$t2="r12";
-$Ktbl="r14";
-
-@Sigma0=( 2,13,22);
-@Sigma1=( 6,11,25);
-@sigma0=( 7,18, 3);
-@sigma1=(17,19,10);
-
-sub BODY_00_15 {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
-
-$code.=<<___ if ($i<16);
-#if __ARM_ARCH__>=7
-	@ ldr	$t1,[$inp],#4			@ $i
-# if $i==15
-	str	$inp,[sp,#17*4]			@ make room for $t4
-# endif
-	eor	$t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]`
-	add	$a,$a,$t2			@ h+=Maj(a,b,c) from the past
-	eor	$t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]`	@ Sigma1(e)
-	rev	$t1,$t1
-#else
-	@ ldrb	$t1,[$inp,#3]			@ $i
-	add	$a,$a,$t2			@ h+=Maj(a,b,c) from the past
-	ldrb	$t2,[$inp,#2]
-	ldrb	$t0,[$inp,#1]
-	orr	$t1,$t1,$t2,lsl#8
-	ldrb	$t2,[$inp],#4
-	orr	$t1,$t1,$t0,lsl#16
-# if $i==15
-	str	$inp,[sp,#17*4]			@ make room for $t4
-# endif
-	eor	$t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]`
-	orr	$t1,$t1,$t2,lsl#24
-	eor	$t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]`	@ Sigma1(e)
-#endif
-___
-$code.=<<___;
-	ldr	$t2,[$Ktbl],#4			@ *K256++
-	add	$h,$h,$t1			@ h+=X[i]
-	str	$t1,[sp,#`$i%16`*4]
-	eor	$t1,$f,$g
-	add	$h,$h,$t0,ror#$Sigma1[0]	@ h+=Sigma1(e)
-	and	$t1,$t1,$e
-	add	$h,$h,$t2			@ h+=K256[i]
-	eor	$t1,$t1,$g			@ Ch(e,f,g)
-	eor	$t0,$a,$a,ror#`$Sigma0[1]-$Sigma0[0]`
-	add	$h,$h,$t1			@ h+=Ch(e,f,g)
-#if $i==31
-	and	$t2,$t2,#0xff
-	cmp	$t2,#0xf2			@ done?
-#endif
-#if $i<15
-# if __ARM_ARCH__>=7
-	ldr	$t1,[$inp],#4			@ prefetch
-# else
-	ldrb	$t1,[$inp,#3]
-# endif
-	eor	$t2,$a,$b			@ a^b, b^c in next round
-#else
-	ldr	$t1,[sp,#`($i+2)%16`*4]		@ from future BODY_16_xx
-	eor	$t2,$a,$b			@ a^b, b^c in next round
-	ldr	$t4,[sp,#`($i+15)%16`*4]	@ from future BODY_16_xx
-#endif
-	eor	$t0,$t0,$a,ror#`$Sigma0[2]-$Sigma0[0]`	@ Sigma0(a)
-	and	$t3,$t3,$t2			@ (b^c)&=(a^b)
-	add	$d,$d,$h			@ d+=h
-	eor	$t3,$t3,$b			@ Maj(a,b,c)
-	add	$h,$h,$t0,ror#$Sigma0[0]	@ h+=Sigma0(a)
-	@ add	$h,$h,$t3			@ h+=Maj(a,b,c)
-___
-	($t2,$t3)=($t3,$t2);
-}
-
-sub BODY_16_XX {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
-
-$code.=<<___;
-	@ ldr	$t1,[sp,#`($i+1)%16`*4]		@ $i
-	@ ldr	$t4,[sp,#`($i+14)%16`*4]
-	mov	$t0,$t1,ror#$sigma0[0]
-	add	$a,$a,$t2			@ h+=Maj(a,b,c) from the past
-	mov	$t2,$t4,ror#$sigma1[0]
-	eor	$t0,$t0,$t1,ror#$sigma0[1]
-	eor	$t2,$t2,$t4,ror#$sigma1[1]
-	eor	$t0,$t0,$t1,lsr#$sigma0[2]	@ sigma0(X[i+1])
-	ldr	$t1,[sp,#`($i+0)%16`*4]
-	eor	$t2,$t2,$t4,lsr#$sigma1[2]	@ sigma1(X[i+14])
-	ldr	$t4,[sp,#`($i+9)%16`*4]
-
-	add	$t2,$t2,$t0
-	eor	$t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]`	@ from BODY_00_15
-	add	$t1,$t1,$t2
-	eor	$t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]`	@ Sigma1(e)
-	add	$t1,$t1,$t4			@ X[i]
-___
-	&BODY_00_15(@_);
-}
-
-$code=<<___;
-#include "arm_arch.h"
-
-.text
-.code	32
-
-.type	K256,%object
-.align	5
-K256:
-.word	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
-.word	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
-.word	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
-.word	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-.word	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
-.word	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
-.word	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-.word	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
-.word	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
-.word	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
-.word	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
-.word	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
-.word	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
-.word	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
-.word	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
-.word	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-.size	K256,.-K256
-.word	0				@ terminator
-.LOPENSSL_armcap:
-.word	OPENSSL_armcap_P-sha256_block_data_order
-.align	5
-
-.global	sha256_block_data_order
-.type	sha256_block_data_order,%function
-sha256_block_data_order:
-	sub	r3,pc,#8		@ sha256_block_data_order
-	add	$len,$inp,$len,lsl#6	@ len to point at the end of inp
-#if __ARM_ARCH__>=7
-	ldr	r12,.LOPENSSL_armcap
-	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
-	tst	r12,#ARMV8_SHA256
-	bne	.LARMv8
-	tst	r12,#ARMV7_NEON
-	bne	.LNEON
-#endif
-	stmdb	sp!,{$ctx,$inp,$len,r4-r11,lr}
-	ldmia	$ctx,{$A,$B,$C,$D,$E,$F,$G,$H}
-	sub	$Ktbl,r3,#256+32	@ K256
-	sub	sp,sp,#16*4		@ alloca(X[16])
-.Loop:
-# if __ARM_ARCH__>=7
-	ldr	$t1,[$inp],#4
-# else
-	ldrb	$t1,[$inp,#3]
-# endif
-	eor	$t3,$B,$C		@ magic
-	eor	$t2,$t2,$t2
-___
-for($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
-$code.=".Lrounds_16_xx:\n";
-for (;$i<32;$i++)	{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	ldreq	$t3,[sp,#16*4]		@ pull ctx
-	bne	.Lrounds_16_xx
-
-	add	$A,$A,$t2		@ h+=Maj(a,b,c) from the past
-	ldr	$t0,[$t3,#0]
-	ldr	$t1,[$t3,#4]
-	ldr	$t2,[$t3,#8]
-	add	$A,$A,$t0
-	ldr	$t0,[$t3,#12]
-	add	$B,$B,$t1
-	ldr	$t1,[$t3,#16]
-	add	$C,$C,$t2
-	ldr	$t2,[$t3,#20]
-	add	$D,$D,$t0
-	ldr	$t0,[$t3,#24]
-	add	$E,$E,$t1
-	ldr	$t1,[$t3,#28]
-	add	$F,$F,$t2
-	ldr	$inp,[sp,#17*4]		@ pull inp
-	ldr	$t2,[sp,#18*4]		@ pull inp+len
-	add	$G,$G,$t0
-	add	$H,$H,$t1
-	stmia	$t3,{$A,$B,$C,$D,$E,$F,$G,$H}
-	cmp	$inp,$t2
-	sub	$Ktbl,$Ktbl,#256	@ rewind Ktbl
-	bne	.Loop
-
-	add	sp,sp,#`16+3`*4	@ destroy frame
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r11,pc}
-#else
-	ldmia	sp!,{r4-r11,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	bx	lr			@ interoperable with Thumb ISA:-)
-#endif
-.size	sha256_block_data_order,.-sha256_block_data_order
-___
-######################################################################
-# NEON stuff
-#
-{{{
-my @X=map("q$_",(0..3));
-my ($T0,$T1,$T2,$T3,$T4,$T5)=("q8","q9","q10","q11","d24","d25");
-my $Xfer=$t4;
-my $j=0;
-
-sub Dlo()   { shift=~m|q([1]?[0-9])|?"d".($1*2):"";     }
-sub Dhi()   { shift=~m|q([1]?[0-9])|?"d".($1*2+1):"";   }
-
-sub AUTOLOAD()          # thunk [simplified] x86-style perlasm
-{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
-  my $arg = pop;
-    $arg = "#$arg" if ($arg*1 eq $arg);
-    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
-}
-
-sub Xupdate()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);
-  my ($a,$b,$c,$d,$e,$f,$g,$h);
-
-	&vext_8		($T0,@X[0],@X[1],4);	# X[1..4]
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vext_8		($T1,@X[2],@X[3],4);	# X[9..12]
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vshr_u32	($T2,$T0,$sigma0[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vadd_i32	(@X[0],@X[0],$T1);	# X[0..3] += X[9..12]
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vshr_u32	($T1,$T0,$sigma0[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vsli_32	($T2,$T0,32-$sigma0[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vshr_u32	($T3,$T0,$sigma0[1]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&veor		($T1,$T1,$T2);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vsli_32	($T3,$T0,32-$sigma0[1]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vshr_u32	($T4,&Dhi(@X[3]),$sigma1[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&veor		($T1,$T1,$T3);		# sigma0(X[1..4])
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vsli_32	($T4,&Dhi(@X[3]),32-$sigma1[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vshr_u32	($T5,&Dhi(@X[3]),$sigma1[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vadd_i32	(@X[0],@X[0],$T1);	# X[0..3] += sigma0(X[1..4])
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &veor		($T5,$T5,$T4);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vshr_u32	($T4,&Dhi(@X[3]),$sigma1[1]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vsli_32	($T4,&Dhi(@X[3]),32-$sigma1[1]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &veor		($T5,$T5,$T4);		# sigma1(X[14..15])
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vadd_i32	(&Dlo(@X[0]),&Dlo(@X[0]),$T5);# X[0..1] += sigma1(X[14..15])
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vshr_u32	($T4,&Dlo(@X[0]),$sigma1[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vsli_32	($T4,&Dlo(@X[0]),32-$sigma1[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vshr_u32	($T5,&Dlo(@X[0]),$sigma1[2]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &veor		($T5,$T5,$T4);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vshr_u32	($T4,&Dlo(@X[0]),$sigma1[1]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vld1_32	("{$T0}","[$Ktbl,:128]!");
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &vsli_32	($T4,&Dlo(@X[0]),32-$sigma1[1]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	  &veor		($T5,$T5,$T4);		# sigma1(X[16..17])
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vadd_i32	(&Dhi(@X[0]),&Dhi(@X[0]),$T5);# X[2..3] += sigma1(X[16..17])
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vadd_i32	($T0,$T0,@X[0]);
-	 while($#insns>=2) { eval(shift(@insns)); }
-	&vst1_32	("{$T0}","[$Xfer,:128]!");
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-
-	push(@X,shift(@X));		# "rotate" X[]
-}
-
-sub Xpreload()
-{ use integer;
-  my $body = shift;
-  my @insns = (&$body,&$body,&$body,&$body);
-  my ($a,$b,$c,$d,$e,$f,$g,$h);
-
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vld1_32	("{$T0}","[$Ktbl,:128]!");
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vrev32_8	(@X[0],@X[0]);
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	 eval(shift(@insns));
-	&vadd_i32	($T0,$T0,@X[0]);
-	 foreach (@insns) { eval; }	# remaining instructions
-	&vst1_32	("{$T0}","[$Xfer,:128]!");
-
-	push(@X,shift(@X));		# "rotate" X[]
-}
-
-sub body_00_15 () {
-	(
-	'($a,$b,$c,$d,$e,$f,$g,$h)=@V;'.
-	'&add	($h,$h,$t1)',			# h+=X[i]+K[i]
-	'&eor	($t1,$f,$g)',
-	'&eor	($t0,$e,$e,"ror#".($Sigma1[1]-$Sigma1[0]))',
-	'&add	($a,$a,$t2)',			# h+=Maj(a,b,c) from the past
-	'&and	($t1,$t1,$e)',
-	'&eor	($t2,$t0,$e,"ror#".($Sigma1[2]-$Sigma1[0]))',	# Sigma1(e)
-	'&eor	($t0,$a,$a,"ror#".($Sigma0[1]-$Sigma0[0]))',
-	'&eor	($t1,$t1,$g)',			# Ch(e,f,g)
-	'&add	($h,$h,$t2,"ror#$Sigma1[0]")',	# h+=Sigma1(e)
-	'&eor	($t2,$a,$b)',			# a^b, b^c in next round
-	'&eor	($t0,$t0,$a,"ror#".($Sigma0[2]-$Sigma0[0]))',	# Sigma0(a)
-	'&add	($h,$h,$t1)',			# h+=Ch(e,f,g)
-	'&ldr	($t1,sprintf "[sp,#%d]",4*(($j+1)&15))	if (($j&15)!=15);'.
-	'&ldr	($t1,"[$Ktbl]")				if ($j==15);'.
-	'&ldr	($t1,"[sp,#64]")			if ($j==31)',
-	'&and	($t3,$t3,$t2)',			# (b^c)&=(a^b)
-	'&add	($d,$d,$h)',			# d+=h
-	'&add	($h,$h,$t0,"ror#$Sigma0[0]");'.	# h+=Sigma0(a)
-	'&eor	($t3,$t3,$b)',			# Maj(a,b,c)
-	'$j++;	unshift(@V,pop(@V)); ($t2,$t3)=($t3,$t2);'
-	)
-}
-
-$code.=<<___;
-#if __ARM_ARCH__>=7
-.fpu	neon
-
-.type	sha256_block_data_order_neon,%function
-.align	4
-sha256_block_data_order_neon:
-.LNEON:
-	stmdb	sp!,{r4-r12,lr}
-
-	mov	$t2,sp
-	sub	sp,sp,#16*4+16		@ alloca
-	sub	$Ktbl,r3,#256+32	@ K256
-	bic	sp,sp,#15		@ align for 128-bit stores
-
-	vld1.8		{@X[0]},[$inp]!
-	vld1.8		{@X[1]},[$inp]!
-	vld1.8		{@X[2]},[$inp]!
-	vld1.8		{@X[3]},[$inp]!
-	vld1.32		{$T0},[$Ktbl,:128]!
-	vld1.32		{$T1},[$Ktbl,:128]!
-	vld1.32		{$T2},[$Ktbl,:128]!
-	vld1.32		{$T3},[$Ktbl,:128]!
-	vrev32.8	@X[0],@X[0]		@ yes, even on
-	str		$ctx,[sp,#64]
-	vrev32.8	@X[1],@X[1]		@ big-endian
-	str		$inp,[sp,#68]
-	mov		$Xfer,sp
-	vrev32.8	@X[2],@X[2]
-	str		$len,[sp,#72]
-	vrev32.8	@X[3],@X[3]
-	str		$t2,[sp,#76]		@ save original sp
-	vadd.i32	$T0,$T0,@X[0]
-	vadd.i32	$T1,$T1,@X[1]
-	vst1.32		{$T0},[$Xfer,:128]!
-	vadd.i32	$T2,$T2,@X[2]
-	vst1.32		{$T1},[$Xfer,:128]!
-	vadd.i32	$T3,$T3,@X[3]
-	vst1.32		{$T2},[$Xfer,:128]!
-	vst1.32		{$T3},[$Xfer,:128]!
-
-	ldmia		$ctx,{$A-$H}
-	sub		$Xfer,$Xfer,#64
-	ldr		$t1,[sp,#0]
-	eor		$t2,$t2,$t2
-	eor		$t3,$B,$C
-	b		.L_00_48
-
-.align	4
-.L_00_48:
-___
-	&Xupdate(\&body_00_15);
-	&Xupdate(\&body_00_15);
-	&Xupdate(\&body_00_15);
-	&Xupdate(\&body_00_15);
-$code.=<<___;
-	teq	$t1,#0				@ check for K256 terminator
-	ldr	$t1,[sp,#0]
-	sub	$Xfer,$Xfer,#64
-	bne	.L_00_48
-
-	ldr		$inp,[sp,#68]
-	ldr		$t0,[sp,#72]
-	sub		$Ktbl,$Ktbl,#256	@ rewind $Ktbl
-	teq		$inp,$t0
-	subeq		$inp,$inp,#64		@ avoid SEGV
-	vld1.8		{@X[0]},[$inp]!		@ load next input block
-	vld1.8		{@X[1]},[$inp]!
-	vld1.8		{@X[2]},[$inp]!
-	vld1.8		{@X[3]},[$inp]!
-	strne		$inp,[sp,#68]
-	mov		$Xfer,sp
-___
-	&Xpreload(\&body_00_15);
-	&Xpreload(\&body_00_15);
-	&Xpreload(\&body_00_15);
-	&Xpreload(\&body_00_15);
-$code.=<<___;
-	ldr	$t0,[$t1,#0]
-	add	$A,$A,$t2			@ h+=Maj(a,b,c) from the past
-	ldr	$t2,[$t1,#4]
-	ldr	$t3,[$t1,#8]
-	ldr	$t4,[$t1,#12]
-	add	$A,$A,$t0			@ accumulate
-	ldr	$t0,[$t1,#16]
-	add	$B,$B,$t2
-	ldr	$t2,[$t1,#20]
-	add	$C,$C,$t3
-	ldr	$t3,[$t1,#24]
-	add	$D,$D,$t4
-	ldr	$t4,[$t1,#28]
-	add	$E,$E,$t0
-	str	$A,[$t1],#4
-	add	$F,$F,$t2
-	str	$B,[$t1],#4
-	add	$G,$G,$t3
-	str	$C,[$t1],#4
-	add	$H,$H,$t4
-	str	$D,[$t1],#4
-	stmia	$t1,{$E-$H}
-
-	movne	$Xfer,sp
-	ldrne	$t1,[sp,#0]
-	eorne	$t2,$t2,$t2
-	ldreq	sp,[sp,#76]			@ restore original sp
-	eorne	$t3,$B,$C
-	bne	.L_00_48
-
-	ldmia	sp!,{r4-r12,pc}
-.size	sha256_block_data_order_neon,.-sha256_block_data_order_neon
-#endif
-___
-}}}
-######################################################################
-# ARMv8 stuff
-#
-{{{
-my ($ABCD,$EFGH,$abcd)=map("q$_",(0..2));
-my @MSG=map("q$_",(8..11));
-my ($W0,$W1,$ABCD_SAVE,$EFGH_SAVE)=map("q$_",(12..15));
-my $Ktbl="r3";
-
-$code.=<<___;
-#if __ARM_ARCH__>=7
-.type	sha256_block_data_order_armv8,%function
-.align	5
-sha256_block_data_order_armv8:
-.LARMv8:
-	vld1.32	{$ABCD,$EFGH},[$ctx]
-	sub	$Ktbl,r3,#sha256_block_data_order-K256
-
-.Loop_v8:
-	vld1.8		{@MSG[0]-@MSG[1]},[$inp]!
-	vld1.8		{@MSG[2]-@MSG[3]},[$inp]!
-	vld1.32		{$W0},[$Ktbl]!
-	vrev32.8	@MSG[0],@MSG[0]
-	vrev32.8	@MSG[1],@MSG[1]
-	vrev32.8	@MSG[2],@MSG[2]
-	vrev32.8	@MSG[3],@MSG[3]
-	vmov		$ABCD_SAVE,$ABCD	@ offload
-	vmov		$EFGH_SAVE,$EFGH
-	teq		$inp,$len
-___
-for($i=0;$i<12;$i++) {
-$code.=<<___;
-	vld1.32		{$W1},[$Ktbl]!
-	vadd.i32	$W0,$W0,@MSG[0]
-	sha256su0	@MSG[0],@MSG[1]
-	vmov		$abcd,$ABCD
-	sha256h		$ABCD,$EFGH,$W0
-	sha256h2	$EFGH,$abcd,$W0
-	sha256su1	@MSG[0],@MSG[2],@MSG[3]
-___
-	($W0,$W1)=($W1,$W0);	push(@MSG,shift(@MSG));
-}
-$code.=<<___;
-	vld1.32		{$W1},[$Ktbl]!
-	vadd.i32	$W0,$W0,@MSG[0]
-	vmov		$abcd,$ABCD
-	sha256h		$ABCD,$EFGH,$W0
-	sha256h2	$EFGH,$abcd,$W0
-
-	vld1.32		{$W0},[$Ktbl]!
-	vadd.i32	$W1,$W1,@MSG[1]
-	vmov		$abcd,$ABCD
-	sha256h		$ABCD,$EFGH,$W1
-	sha256h2	$EFGH,$abcd,$W1
-
-	vld1.32		{$W1},[$Ktbl]
-	vadd.i32	$W0,$W0,@MSG[2]
-	sub		$Ktbl,$Ktbl,#256-16	@ rewind
-	vmov		$abcd,$ABCD
-	sha256h		$ABCD,$EFGH,$W0
-	sha256h2	$EFGH,$abcd,$W0
-
-	vadd.i32	$W1,$W1,@MSG[3]
-	vmov		$abcd,$ABCD
-	sha256h		$ABCD,$EFGH,$W1
-	sha256h2	$EFGH,$abcd,$W1
-
-	vadd.i32	$ABCD,$ABCD,$ABCD_SAVE
-	vadd.i32	$EFGH,$EFGH,$EFGH_SAVE
-	bne		.Loop_v8
-
-	vst1.32		{$ABCD,$EFGH},[$ctx]
-
-	ret		@ bx lr
-.size	sha256_block_data_order_armv8,.-sha256_block_data_order_armv8
-#endif
-___
-}}}
-$code.=<<___;
-.asciz  "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
-.align	2
-.comm   OPENSSL_armcap_P,4,4
-___
-
-{   my  %opcode = (
-	"sha256h"	=> 0xf3000c40,	"sha256h2"	=> 0xf3100c40,
-	"sha256su0"	=> 0xf3ba03c0,	"sha256su1"	=> 0xf3200c40	);
-
-    sub unsha256 {
-	my ($mnemonic,$arg)=@_;
-
-	if ($arg =~ m/q([0-9]+)(?:,\s*q([0-9]+))?,\s*q([0-9]+)/o) {
-	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
-					 |(($2&7)<<17)|(($2&8)<<4)
-					 |(($3&7)<<1) |(($3&8)<<2);
-	    # since ARMv7 instructions are always encoded little-endian.
-	    # correct solution is to use .inst directive, but older
-	    # assemblers don't implement it:-(
-	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
-			$word&0xff,($word>>8)&0xff,
-			($word>>16)&0xff,($word>>24)&0xff,
-			$mnemonic,$arg;
-	}
-    }
-}
-
-foreach (split($/,$code)) {
-
-	s/\`([^\`]*)\`/eval $1/geo;
-
-	s/\b(sha256\w+)\s+(q.*)/unsha256($1,$2)/geo;
-
-	s/\bret\b/bx	lr/go		or
-	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;	# make it possible to compile with -march=armv4
-
-	print $_,"\n";
-}
-
-close STDOUT; # enforce flush
diff --git a/crypto/sha/asm/sha256-armv8.S b/crypto/sha/asm/sha256-armv8.S
deleted file mode 100644
index bd43b1fe76..0000000000
--- a/crypto/sha/asm/sha256-armv8.S
+++ /dev/null
@@ -1,1141 +0,0 @@
-#include "arm_arch.h"
-
-.text
-
-.globl	sha256_block_data_order
-.type	sha256_block_data_order,%function
-.align	6
-sha256_block_data_order:
-	ldr	x16,.LOPENSSL_armcap_P
-	adr	x17,.LOPENSSL_armcap_P
-	add	x16,x16,x17
-	ldr	w16,[x16]
-	tst	w16,#ARMV8_SHA256
-	b.ne	.Lv8_entry
-	stp	x29,x30,[sp,#-128]!
-	add	x29,sp,#0
-
-	stp	x19,x20,[sp,#16]
-	stp	x21,x22,[sp,#32]
-	stp	x23,x24,[sp,#48]
-	stp	x25,x26,[sp,#64]
-	stp	x27,x28,[sp,#80]
-	sub	sp,sp,#4*4
-
-	ldp	w20,w21,[x0]				// load context
-	ldp	w22,w23,[x0,#2*4]
-	ldp	w24,w25,[x0,#4*4]
-	add	x2,x1,x2,lsl#6	// end of input
-	ldp	w26,w27,[x0,#6*4]
-	adr	x30,K256
-	stp	x0,x2,[x29,#96]
-
-.Loop:
-	ldp	w3,w4,[x1],#2*4
-	ldr	w19,[x30],#4			// *K++
-	eor	w28,w21,w22				// magic seed
-	str	x1,[x29,#112]
-#ifndef	__ARMEB__
-	rev	w3,w3			// 0
-#endif
-	ror	w16,w24,#6
-	add	w27,w27,w19			// h+=K[i]
-	eor	w6,w24,w24,ror#14
-	and	w17,w25,w24
-	bic	w19,w26,w24
-	add	w27,w27,w3			// h+=X[i]
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w20,w21			// a^b, b^c in next round
-	eor	w16,w16,w6,ror#11	// Sigma1(e)
-	ror	w6,w20,#2
-	add	w27,w27,w17			// h+=Ch(e,f,g)
-	eor	w17,w20,w20,ror#9
-	add	w27,w27,w16			// h+=Sigma1(e)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	add	w23,w23,w27			// d+=h
-	eor	w28,w28,w21			// Maj(a,b,c)
-	eor	w17,w6,w17,ror#13	// Sigma0(a)
-	add	w27,w27,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	//add	w27,w27,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w4,w4			// 1
-#endif
-	ldp	w5,w6,[x1],#2*4
-	add	w27,w27,w17			// h+=Sigma0(a)
-	ror	w16,w23,#6
-	add	w26,w26,w28			// h+=K[i]
-	eor	w7,w23,w23,ror#14
-	and	w17,w24,w23
-	bic	w28,w25,w23
-	add	w26,w26,w4			// h+=X[i]
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w27,w20			// a^b, b^c in next round
-	eor	w16,w16,w7,ror#11	// Sigma1(e)
-	ror	w7,w27,#2
-	add	w26,w26,w17			// h+=Ch(e,f,g)
-	eor	w17,w27,w27,ror#9
-	add	w26,w26,w16			// h+=Sigma1(e)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	add	w22,w22,w26			// d+=h
-	eor	w19,w19,w20			// Maj(a,b,c)
-	eor	w17,w7,w17,ror#13	// Sigma0(a)
-	add	w26,w26,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	//add	w26,w26,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w5,w5			// 2
-#endif
-	add	w26,w26,w17			// h+=Sigma0(a)
-	ror	w16,w22,#6
-	add	w25,w25,w19			// h+=K[i]
-	eor	w8,w22,w22,ror#14
-	and	w17,w23,w22
-	bic	w19,w24,w22
-	add	w25,w25,w5			// h+=X[i]
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w26,w27			// a^b, b^c in next round
-	eor	w16,w16,w8,ror#11	// Sigma1(e)
-	ror	w8,w26,#2
-	add	w25,w25,w17			// h+=Ch(e,f,g)
-	eor	w17,w26,w26,ror#9
-	add	w25,w25,w16			// h+=Sigma1(e)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	add	w21,w21,w25			// d+=h
-	eor	w28,w28,w27			// Maj(a,b,c)
-	eor	w17,w8,w17,ror#13	// Sigma0(a)
-	add	w25,w25,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	//add	w25,w25,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w6,w6			// 3
-#endif
-	ldp	w7,w8,[x1],#2*4
-	add	w25,w25,w17			// h+=Sigma0(a)
-	ror	w16,w21,#6
-	add	w24,w24,w28			// h+=K[i]
-	eor	w9,w21,w21,ror#14
-	and	w17,w22,w21
-	bic	w28,w23,w21
-	add	w24,w24,w6			// h+=X[i]
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w25,w26			// a^b, b^c in next round
-	eor	w16,w16,w9,ror#11	// Sigma1(e)
-	ror	w9,w25,#2
-	add	w24,w24,w17			// h+=Ch(e,f,g)
-	eor	w17,w25,w25,ror#9
-	add	w24,w24,w16			// h+=Sigma1(e)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	add	w20,w20,w24			// d+=h
-	eor	w19,w19,w26			// Maj(a,b,c)
-	eor	w17,w9,w17,ror#13	// Sigma0(a)
-	add	w24,w24,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	//add	w24,w24,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w7,w7			// 4
-#endif
-	add	w24,w24,w17			// h+=Sigma0(a)
-	ror	w16,w20,#6
-	add	w23,w23,w19			// h+=K[i]
-	eor	w10,w20,w20,ror#14
-	and	w17,w21,w20
-	bic	w19,w22,w20
-	add	w23,w23,w7			// h+=X[i]
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w24,w25			// a^b, b^c in next round
-	eor	w16,w16,w10,ror#11	// Sigma1(e)
-	ror	w10,w24,#2
-	add	w23,w23,w17			// h+=Ch(e,f,g)
-	eor	w17,w24,w24,ror#9
-	add	w23,w23,w16			// h+=Sigma1(e)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	add	w27,w27,w23			// d+=h
-	eor	w28,w28,w25			// Maj(a,b,c)
-	eor	w17,w10,w17,ror#13	// Sigma0(a)
-	add	w23,w23,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	//add	w23,w23,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w8,w8			// 5
-#endif
-	ldp	w9,w10,[x1],#2*4
-	add	w23,w23,w17			// h+=Sigma0(a)
-	ror	w16,w27,#6
-	add	w22,w22,w28			// h+=K[i]
-	eor	w11,w27,w27,ror#14
-	and	w17,w20,w27
-	bic	w28,w21,w27
-	add	w22,w22,w8			// h+=X[i]
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w23,w24			// a^b, b^c in next round
-	eor	w16,w16,w11,ror#11	// Sigma1(e)
-	ror	w11,w23,#2
-	add	w22,w22,w17			// h+=Ch(e,f,g)
-	eor	w17,w23,w23,ror#9
-	add	w22,w22,w16			// h+=Sigma1(e)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	add	w26,w26,w22			// d+=h
-	eor	w19,w19,w24			// Maj(a,b,c)
-	eor	w17,w11,w17,ror#13	// Sigma0(a)
-	add	w22,w22,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	//add	w22,w22,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w9,w9			// 6
-#endif
-	add	w22,w22,w17			// h+=Sigma0(a)
-	ror	w16,w26,#6
-	add	w21,w21,w19			// h+=K[i]
-	eor	w12,w26,w26,ror#14
-	and	w17,w27,w26
-	bic	w19,w20,w26
-	add	w21,w21,w9			// h+=X[i]
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w22,w23			// a^b, b^c in next round
-	eor	w16,w16,w12,ror#11	// Sigma1(e)
-	ror	w12,w22,#2
-	add	w21,w21,w17			// h+=Ch(e,f,g)
-	eor	w17,w22,w22,ror#9
-	add	w21,w21,w16			// h+=Sigma1(e)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	add	w25,w25,w21			// d+=h
-	eor	w28,w28,w23			// Maj(a,b,c)
-	eor	w17,w12,w17,ror#13	// Sigma0(a)
-	add	w21,w21,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	//add	w21,w21,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w10,w10			// 7
-#endif
-	ldp	w11,w12,[x1],#2*4
-	add	w21,w21,w17			// h+=Sigma0(a)
-	ror	w16,w25,#6
-	add	w20,w20,w28			// h+=K[i]
-	eor	w13,w25,w25,ror#14
-	and	w17,w26,w25
-	bic	w28,w27,w25
-	add	w20,w20,w10			// h+=X[i]
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w21,w22			// a^b, b^c in next round
-	eor	w16,w16,w13,ror#11	// Sigma1(e)
-	ror	w13,w21,#2
-	add	w20,w20,w17			// h+=Ch(e,f,g)
-	eor	w17,w21,w21,ror#9
-	add	w20,w20,w16			// h+=Sigma1(e)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	add	w24,w24,w20			// d+=h
-	eor	w19,w19,w22			// Maj(a,b,c)
-	eor	w17,w13,w17,ror#13	// Sigma0(a)
-	add	w20,w20,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	//add	w20,w20,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w11,w11			// 8
-#endif
-	add	w20,w20,w17			// h+=Sigma0(a)
-	ror	w16,w24,#6
-	add	w27,w27,w19			// h+=K[i]
-	eor	w14,w24,w24,ror#14
-	and	w17,w25,w24
-	bic	w19,w26,w24
-	add	w27,w27,w11			// h+=X[i]
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w20,w21			// a^b, b^c in next round
-	eor	w16,w16,w14,ror#11	// Sigma1(e)
-	ror	w14,w20,#2
-	add	w27,w27,w17			// h+=Ch(e,f,g)
-	eor	w17,w20,w20,ror#9
-	add	w27,w27,w16			// h+=Sigma1(e)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	add	w23,w23,w27			// d+=h
-	eor	w28,w28,w21			// Maj(a,b,c)
-	eor	w17,w14,w17,ror#13	// Sigma0(a)
-	add	w27,w27,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	//add	w27,w27,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w12,w12			// 9
-#endif
-	ldp	w13,w14,[x1],#2*4
-	add	w27,w27,w17			// h+=Sigma0(a)
-	ror	w16,w23,#6
-	add	w26,w26,w28			// h+=K[i]
-	eor	w15,w23,w23,ror#14
-	and	w17,w24,w23
-	bic	w28,w25,w23
-	add	w26,w26,w12			// h+=X[i]
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w27,w20			// a^b, b^c in next round
-	eor	w16,w16,w15,ror#11	// Sigma1(e)
-	ror	w15,w27,#2
-	add	w26,w26,w17			// h+=Ch(e,f,g)
-	eor	w17,w27,w27,ror#9
-	add	w26,w26,w16			// h+=Sigma1(e)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	add	w22,w22,w26			// d+=h
-	eor	w19,w19,w20			// Maj(a,b,c)
-	eor	w17,w15,w17,ror#13	// Sigma0(a)
-	add	w26,w26,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	//add	w26,w26,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w13,w13			// 10
-#endif
-	add	w26,w26,w17			// h+=Sigma0(a)
-	ror	w16,w22,#6
-	add	w25,w25,w19			// h+=K[i]
-	eor	w0,w22,w22,ror#14
-	and	w17,w23,w22
-	bic	w19,w24,w22
-	add	w25,w25,w13			// h+=X[i]
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w26,w27			// a^b, b^c in next round
-	eor	w16,w16,w0,ror#11	// Sigma1(e)
-	ror	w0,w26,#2
-	add	w25,w25,w17			// h+=Ch(e,f,g)
-	eor	w17,w26,w26,ror#9
-	add	w25,w25,w16			// h+=Sigma1(e)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	add	w21,w21,w25			// d+=h
-	eor	w28,w28,w27			// Maj(a,b,c)
-	eor	w17,w0,w17,ror#13	// Sigma0(a)
-	add	w25,w25,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	//add	w25,w25,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w14,w14			// 11
-#endif
-	ldp	w15,w0,[x1],#2*4
-	add	w25,w25,w17			// h+=Sigma0(a)
-	str	w6,[sp,#12]
-	ror	w16,w21,#6
-	add	w24,w24,w28			// h+=K[i]
-	eor	w6,w21,w21,ror#14
-	and	w17,w22,w21
-	bic	w28,w23,w21
-	add	w24,w24,w14			// h+=X[i]
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w25,w26			// a^b, b^c in next round
-	eor	w16,w16,w6,ror#11	// Sigma1(e)
-	ror	w6,w25,#2
-	add	w24,w24,w17			// h+=Ch(e,f,g)
-	eor	w17,w25,w25,ror#9
-	add	w24,w24,w16			// h+=Sigma1(e)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	add	w20,w20,w24			// d+=h
-	eor	w19,w19,w26			// Maj(a,b,c)
-	eor	w17,w6,w17,ror#13	// Sigma0(a)
-	add	w24,w24,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	//add	w24,w24,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w15,w15			// 12
-#endif
-	add	w24,w24,w17			// h+=Sigma0(a)
-	str	w7,[sp,#0]
-	ror	w16,w20,#6
-	add	w23,w23,w19			// h+=K[i]
-	eor	w7,w20,w20,ror#14
-	and	w17,w21,w20
-	bic	w19,w22,w20
-	add	w23,w23,w15			// h+=X[i]
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w24,w25			// a^b, b^c in next round
-	eor	w16,w16,w7,ror#11	// Sigma1(e)
-	ror	w7,w24,#2
-	add	w23,w23,w17			// h+=Ch(e,f,g)
-	eor	w17,w24,w24,ror#9
-	add	w23,w23,w16			// h+=Sigma1(e)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	add	w27,w27,w23			// d+=h
-	eor	w28,w28,w25			// Maj(a,b,c)
-	eor	w17,w7,w17,ror#13	// Sigma0(a)
-	add	w23,w23,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	//add	w23,w23,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w0,w0			// 13
-#endif
-	ldp	w1,w2,[x1]
-	add	w23,w23,w17			// h+=Sigma0(a)
-	str	w8,[sp,#4]
-	ror	w16,w27,#6
-	add	w22,w22,w28			// h+=K[i]
-	eor	w8,w27,w27,ror#14
-	and	w17,w20,w27
-	bic	w28,w21,w27
-	add	w22,w22,w0			// h+=X[i]
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w23,w24			// a^b, b^c in next round
-	eor	w16,w16,w8,ror#11	// Sigma1(e)
-	ror	w8,w23,#2
-	add	w22,w22,w17			// h+=Ch(e,f,g)
-	eor	w17,w23,w23,ror#9
-	add	w22,w22,w16			// h+=Sigma1(e)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	add	w26,w26,w22			// d+=h
-	eor	w19,w19,w24			// Maj(a,b,c)
-	eor	w17,w8,w17,ror#13	// Sigma0(a)
-	add	w22,w22,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	//add	w22,w22,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w1,w1			// 14
-#endif
-	ldr	w6,[sp,#12]
-	add	w22,w22,w17			// h+=Sigma0(a)
-	str	w9,[sp,#8]
-	ror	w16,w26,#6
-	add	w21,w21,w19			// h+=K[i]
-	eor	w9,w26,w26,ror#14
-	and	w17,w27,w26
-	bic	w19,w20,w26
-	add	w21,w21,w1			// h+=X[i]
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w22,w23			// a^b, b^c in next round
-	eor	w16,w16,w9,ror#11	// Sigma1(e)
-	ror	w9,w22,#2
-	add	w21,w21,w17			// h+=Ch(e,f,g)
-	eor	w17,w22,w22,ror#9
-	add	w21,w21,w16			// h+=Sigma1(e)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	add	w25,w25,w21			// d+=h
-	eor	w28,w28,w23			// Maj(a,b,c)
-	eor	w17,w9,w17,ror#13	// Sigma0(a)
-	add	w21,w21,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	//add	w21,w21,w17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	w2,w2			// 15
-#endif
-	ldr	w7,[sp,#0]
-	add	w21,w21,w17			// h+=Sigma0(a)
-	str	w10,[sp,#12]
-	ror	w16,w25,#6
-	add	w20,w20,w28			// h+=K[i]
-	ror	w9,w4,#7
-	and	w17,w26,w25
-	ror	w8,w1,#17
-	bic	w28,w27,w25
-	ror	w10,w21,#2
-	add	w20,w20,w2			// h+=X[i]
-	eor	w16,w16,w25,ror#11
-	eor	w9,w9,w4,ror#18
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w21,w22			// a^b, b^c in next round
-	eor	w16,w16,w25,ror#25	// Sigma1(e)
-	eor	w10,w10,w21,ror#13
-	add	w20,w20,w17			// h+=Ch(e,f,g)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	eor	w8,w8,w1,ror#19
-	eor	w9,w9,w4,lsr#3	// sigma0(X[i+1])
-	add	w20,w20,w16			// h+=Sigma1(e)
-	eor	w19,w19,w22			// Maj(a,b,c)
-	eor	w17,w10,w21,ror#22	// Sigma0(a)
-	eor	w8,w8,w1,lsr#10	// sigma1(X[i+14])
-	add	w3,w3,w12
-	add	w24,w24,w20			// d+=h
-	add	w20,w20,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	add	w3,w3,w9
-	add	w20,w20,w17			// h+=Sigma0(a)
-	add	w3,w3,w8
-.Loop_16_xx:
-	ldr	w8,[sp,#4]
-	str	w11,[sp,#0]
-	ror	w16,w24,#6
-	add	w27,w27,w19			// h+=K[i]
-	ror	w10,w5,#7
-	and	w17,w25,w24
-	ror	w9,w2,#17
-	bic	w19,w26,w24
-	ror	w11,w20,#2
-	add	w27,w27,w3			// h+=X[i]
-	eor	w16,w16,w24,ror#11
-	eor	w10,w10,w5,ror#18
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w20,w21			// a^b, b^c in next round
-	eor	w16,w16,w24,ror#25	// Sigma1(e)
-	eor	w11,w11,w20,ror#13
-	add	w27,w27,w17			// h+=Ch(e,f,g)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	eor	w9,w9,w2,ror#19
-	eor	w10,w10,w5,lsr#3	// sigma0(X[i+1])
-	add	w27,w27,w16			// h+=Sigma1(e)
-	eor	w28,w28,w21			// Maj(a,b,c)
-	eor	w17,w11,w20,ror#22	// Sigma0(a)
-	eor	w9,w9,w2,lsr#10	// sigma1(X[i+14])
-	add	w4,w4,w13
-	add	w23,w23,w27			// d+=h
-	add	w27,w27,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	add	w4,w4,w10
-	add	w27,w27,w17			// h+=Sigma0(a)
-	add	w4,w4,w9
-	ldr	w9,[sp,#8]
-	str	w12,[sp,#4]
-	ror	w16,w23,#6
-	add	w26,w26,w28			// h+=K[i]
-	ror	w11,w6,#7
-	and	w17,w24,w23
-	ror	w10,w3,#17
-	bic	w28,w25,w23
-	ror	w12,w27,#2
-	add	w26,w26,w4			// h+=X[i]
-	eor	w16,w16,w23,ror#11
-	eor	w11,w11,w6,ror#18
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w27,w20			// a^b, b^c in next round
-	eor	w16,w16,w23,ror#25	// Sigma1(e)
-	eor	w12,w12,w27,ror#13
-	add	w26,w26,w17			// h+=Ch(e,f,g)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	eor	w10,w10,w3,ror#19
-	eor	w11,w11,w6,lsr#3	// sigma0(X[i+1])
-	add	w26,w26,w16			// h+=Sigma1(e)
-	eor	w19,w19,w20			// Maj(a,b,c)
-	eor	w17,w12,w27,ror#22	// Sigma0(a)
-	eor	w10,w10,w3,lsr#10	// sigma1(X[i+14])
-	add	w5,w5,w14
-	add	w22,w22,w26			// d+=h
-	add	w26,w26,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	add	w5,w5,w11
-	add	w26,w26,w17			// h+=Sigma0(a)
-	add	w5,w5,w10
-	ldr	w10,[sp,#12]
-	str	w13,[sp,#8]
-	ror	w16,w22,#6
-	add	w25,w25,w19			// h+=K[i]
-	ror	w12,w7,#7
-	and	w17,w23,w22
-	ror	w11,w4,#17
-	bic	w19,w24,w22
-	ror	w13,w26,#2
-	add	w25,w25,w5			// h+=X[i]
-	eor	w16,w16,w22,ror#11
-	eor	w12,w12,w7,ror#18
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w26,w27			// a^b, b^c in next round
-	eor	w16,w16,w22,ror#25	// Sigma1(e)
-	eor	w13,w13,w26,ror#13
-	add	w25,w25,w17			// h+=Ch(e,f,g)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	eor	w11,w11,w4,ror#19
-	eor	w12,w12,w7,lsr#3	// sigma0(X[i+1])
-	add	w25,w25,w16			// h+=Sigma1(e)
-	eor	w28,w28,w27			// Maj(a,b,c)
-	eor	w17,w13,w26,ror#22	// Sigma0(a)
-	eor	w11,w11,w4,lsr#10	// sigma1(X[i+14])
-	add	w6,w6,w15
-	add	w21,w21,w25			// d+=h
-	add	w25,w25,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	add	w6,w6,w12
-	add	w25,w25,w17			// h+=Sigma0(a)
-	add	w6,w6,w11
-	ldr	w11,[sp,#0]
-	str	w14,[sp,#12]
-	ror	w16,w21,#6
-	add	w24,w24,w28			// h+=K[i]
-	ror	w13,w8,#7
-	and	w17,w22,w21
-	ror	w12,w5,#17
-	bic	w28,w23,w21
-	ror	w14,w25,#2
-	add	w24,w24,w6			// h+=X[i]
-	eor	w16,w16,w21,ror#11
-	eor	w13,w13,w8,ror#18
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w25,w26			// a^b, b^c in next round
-	eor	w16,w16,w21,ror#25	// Sigma1(e)
-	eor	w14,w14,w25,ror#13
-	add	w24,w24,w17			// h+=Ch(e,f,g)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	eor	w12,w12,w5,ror#19
-	eor	w13,w13,w8,lsr#3	// sigma0(X[i+1])
-	add	w24,w24,w16			// h+=Sigma1(e)
-	eor	w19,w19,w26			// Maj(a,b,c)
-	eor	w17,w14,w25,ror#22	// Sigma0(a)
-	eor	w12,w12,w5,lsr#10	// sigma1(X[i+14])
-	add	w7,w7,w0
-	add	w20,w20,w24			// d+=h
-	add	w24,w24,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	add	w7,w7,w13
-	add	w24,w24,w17			// h+=Sigma0(a)
-	add	w7,w7,w12
-	ldr	w12,[sp,#4]
-	str	w15,[sp,#0]
-	ror	w16,w20,#6
-	add	w23,w23,w19			// h+=K[i]
-	ror	w14,w9,#7
-	and	w17,w21,w20
-	ror	w13,w6,#17
-	bic	w19,w22,w20
-	ror	w15,w24,#2
-	add	w23,w23,w7			// h+=X[i]
-	eor	w16,w16,w20,ror#11
-	eor	w14,w14,w9,ror#18
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w24,w25			// a^b, b^c in next round
-	eor	w16,w16,w20,ror#25	// Sigma1(e)
-	eor	w15,w15,w24,ror#13
-	add	w23,w23,w17			// h+=Ch(e,f,g)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	eor	w13,w13,w6,ror#19
-	eor	w14,w14,w9,lsr#3	// sigma0(X[i+1])
-	add	w23,w23,w16			// h+=Sigma1(e)
-	eor	w28,w28,w25			// Maj(a,b,c)
-	eor	w17,w15,w24,ror#22	// Sigma0(a)
-	eor	w13,w13,w6,lsr#10	// sigma1(X[i+14])
-	add	w8,w8,w1
-	add	w27,w27,w23			// d+=h
-	add	w23,w23,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	add	w8,w8,w14
-	add	w23,w23,w17			// h+=Sigma0(a)
-	add	w8,w8,w13
-	ldr	w13,[sp,#8]
-	str	w0,[sp,#4]
-	ror	w16,w27,#6
-	add	w22,w22,w28			// h+=K[i]
-	ror	w15,w10,#7
-	and	w17,w20,w27
-	ror	w14,w7,#17
-	bic	w28,w21,w27
-	ror	w0,w23,#2
-	add	w22,w22,w8			// h+=X[i]
-	eor	w16,w16,w27,ror#11
-	eor	w15,w15,w10,ror#18
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w23,w24			// a^b, b^c in next round
-	eor	w16,w16,w27,ror#25	// Sigma1(e)
-	eor	w0,w0,w23,ror#13
-	add	w22,w22,w17			// h+=Ch(e,f,g)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	eor	w14,w14,w7,ror#19
-	eor	w15,w15,w10,lsr#3	// sigma0(X[i+1])
-	add	w22,w22,w16			// h+=Sigma1(e)
-	eor	w19,w19,w24			// Maj(a,b,c)
-	eor	w17,w0,w23,ror#22	// Sigma0(a)
-	eor	w14,w14,w7,lsr#10	// sigma1(X[i+14])
-	add	w9,w9,w2
-	add	w26,w26,w22			// d+=h
-	add	w22,w22,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	add	w9,w9,w15
-	add	w22,w22,w17			// h+=Sigma0(a)
-	add	w9,w9,w14
-	ldr	w14,[sp,#12]
-	str	w1,[sp,#8]
-	ror	w16,w26,#6
-	add	w21,w21,w19			// h+=K[i]
-	ror	w0,w11,#7
-	and	w17,w27,w26
-	ror	w15,w8,#17
-	bic	w19,w20,w26
-	ror	w1,w22,#2
-	add	w21,w21,w9			// h+=X[i]
-	eor	w16,w16,w26,ror#11
-	eor	w0,w0,w11,ror#18
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w22,w23			// a^b, b^c in next round
-	eor	w16,w16,w26,ror#25	// Sigma1(e)
-	eor	w1,w1,w22,ror#13
-	add	w21,w21,w17			// h+=Ch(e,f,g)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	eor	w15,w15,w8,ror#19
-	eor	w0,w0,w11,lsr#3	// sigma0(X[i+1])
-	add	w21,w21,w16			// h+=Sigma1(e)
-	eor	w28,w28,w23			// Maj(a,b,c)
-	eor	w17,w1,w22,ror#22	// Sigma0(a)
-	eor	w15,w15,w8,lsr#10	// sigma1(X[i+14])
-	add	w10,w10,w3
-	add	w25,w25,w21			// d+=h
-	add	w21,w21,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	add	w10,w10,w0
-	add	w21,w21,w17			// h+=Sigma0(a)
-	add	w10,w10,w15
-	ldr	w15,[sp,#0]
-	str	w2,[sp,#12]
-	ror	w16,w25,#6
-	add	w20,w20,w28			// h+=K[i]
-	ror	w1,w12,#7
-	and	w17,w26,w25
-	ror	w0,w9,#17
-	bic	w28,w27,w25
-	ror	w2,w21,#2
-	add	w20,w20,w10			// h+=X[i]
-	eor	w16,w16,w25,ror#11
-	eor	w1,w1,w12,ror#18
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w21,w22			// a^b, b^c in next round
-	eor	w16,w16,w25,ror#25	// Sigma1(e)
-	eor	w2,w2,w21,ror#13
-	add	w20,w20,w17			// h+=Ch(e,f,g)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	eor	w0,w0,w9,ror#19
-	eor	w1,w1,w12,lsr#3	// sigma0(X[i+1])
-	add	w20,w20,w16			// h+=Sigma1(e)
-	eor	w19,w19,w22			// Maj(a,b,c)
-	eor	w17,w2,w21,ror#22	// Sigma0(a)
-	eor	w0,w0,w9,lsr#10	// sigma1(X[i+14])
-	add	w11,w11,w4
-	add	w24,w24,w20			// d+=h
-	add	w20,w20,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	add	w11,w11,w1
-	add	w20,w20,w17			// h+=Sigma0(a)
-	add	w11,w11,w0
-	ldr	w0,[sp,#4]
-	str	w3,[sp,#0]
-	ror	w16,w24,#6
-	add	w27,w27,w19			// h+=K[i]
-	ror	w2,w13,#7
-	and	w17,w25,w24
-	ror	w1,w10,#17
-	bic	w19,w26,w24
-	ror	w3,w20,#2
-	add	w27,w27,w11			// h+=X[i]
-	eor	w16,w16,w24,ror#11
-	eor	w2,w2,w13,ror#18
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w20,w21			// a^b, b^c in next round
-	eor	w16,w16,w24,ror#25	// Sigma1(e)
-	eor	w3,w3,w20,ror#13
-	add	w27,w27,w17			// h+=Ch(e,f,g)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	eor	w1,w1,w10,ror#19
-	eor	w2,w2,w13,lsr#3	// sigma0(X[i+1])
-	add	w27,w27,w16			// h+=Sigma1(e)
-	eor	w28,w28,w21			// Maj(a,b,c)
-	eor	w17,w3,w20,ror#22	// Sigma0(a)
-	eor	w1,w1,w10,lsr#10	// sigma1(X[i+14])
-	add	w12,w12,w5
-	add	w23,w23,w27			// d+=h
-	add	w27,w27,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	add	w12,w12,w2
-	add	w27,w27,w17			// h+=Sigma0(a)
-	add	w12,w12,w1
-	ldr	w1,[sp,#8]
-	str	w4,[sp,#4]
-	ror	w16,w23,#6
-	add	w26,w26,w28			// h+=K[i]
-	ror	w3,w14,#7
-	and	w17,w24,w23
-	ror	w2,w11,#17
-	bic	w28,w25,w23
-	ror	w4,w27,#2
-	add	w26,w26,w12			// h+=X[i]
-	eor	w16,w16,w23,ror#11
-	eor	w3,w3,w14,ror#18
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w27,w20			// a^b, b^c in next round
-	eor	w16,w16,w23,ror#25	// Sigma1(e)
-	eor	w4,w4,w27,ror#13
-	add	w26,w26,w17			// h+=Ch(e,f,g)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	eor	w2,w2,w11,ror#19
-	eor	w3,w3,w14,lsr#3	// sigma0(X[i+1])
-	add	w26,w26,w16			// h+=Sigma1(e)
-	eor	w19,w19,w20			// Maj(a,b,c)
-	eor	w17,w4,w27,ror#22	// Sigma0(a)
-	eor	w2,w2,w11,lsr#10	// sigma1(X[i+14])
-	add	w13,w13,w6
-	add	w22,w22,w26			// d+=h
-	add	w26,w26,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	add	w13,w13,w3
-	add	w26,w26,w17			// h+=Sigma0(a)
-	add	w13,w13,w2
-	ldr	w2,[sp,#12]
-	str	w5,[sp,#8]
-	ror	w16,w22,#6
-	add	w25,w25,w19			// h+=K[i]
-	ror	w4,w15,#7
-	and	w17,w23,w22
-	ror	w3,w12,#17
-	bic	w19,w24,w22
-	ror	w5,w26,#2
-	add	w25,w25,w13			// h+=X[i]
-	eor	w16,w16,w22,ror#11
-	eor	w4,w4,w15,ror#18
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w26,w27			// a^b, b^c in next round
-	eor	w16,w16,w22,ror#25	// Sigma1(e)
-	eor	w5,w5,w26,ror#13
-	add	w25,w25,w17			// h+=Ch(e,f,g)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	eor	w3,w3,w12,ror#19
-	eor	w4,w4,w15,lsr#3	// sigma0(X[i+1])
-	add	w25,w25,w16			// h+=Sigma1(e)
-	eor	w28,w28,w27			// Maj(a,b,c)
-	eor	w17,w5,w26,ror#22	// Sigma0(a)
-	eor	w3,w3,w12,lsr#10	// sigma1(X[i+14])
-	add	w14,w14,w7
-	add	w21,w21,w25			// d+=h
-	add	w25,w25,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	add	w14,w14,w4
-	add	w25,w25,w17			// h+=Sigma0(a)
-	add	w14,w14,w3
-	ldr	w3,[sp,#0]
-	str	w6,[sp,#12]
-	ror	w16,w21,#6
-	add	w24,w24,w28			// h+=K[i]
-	ror	w5,w0,#7
-	and	w17,w22,w21
-	ror	w4,w13,#17
-	bic	w28,w23,w21
-	ror	w6,w25,#2
-	add	w24,w24,w14			// h+=X[i]
-	eor	w16,w16,w21,ror#11
-	eor	w5,w5,w0,ror#18
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w25,w26			// a^b, b^c in next round
-	eor	w16,w16,w21,ror#25	// Sigma1(e)
-	eor	w6,w6,w25,ror#13
-	add	w24,w24,w17			// h+=Ch(e,f,g)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	eor	w4,w4,w13,ror#19
-	eor	w5,w5,w0,lsr#3	// sigma0(X[i+1])
-	add	w24,w24,w16			// h+=Sigma1(e)
-	eor	w19,w19,w26			// Maj(a,b,c)
-	eor	w17,w6,w25,ror#22	// Sigma0(a)
-	eor	w4,w4,w13,lsr#10	// sigma1(X[i+14])
-	add	w15,w15,w8
-	add	w20,w20,w24			// d+=h
-	add	w24,w24,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	add	w15,w15,w5
-	add	w24,w24,w17			// h+=Sigma0(a)
-	add	w15,w15,w4
-	ldr	w4,[sp,#4]
-	str	w7,[sp,#0]
-	ror	w16,w20,#6
-	add	w23,w23,w19			// h+=K[i]
-	ror	w6,w1,#7
-	and	w17,w21,w20
-	ror	w5,w14,#17
-	bic	w19,w22,w20
-	ror	w7,w24,#2
-	add	w23,w23,w15			// h+=X[i]
-	eor	w16,w16,w20,ror#11
-	eor	w6,w6,w1,ror#18
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w24,w25			// a^b, b^c in next round
-	eor	w16,w16,w20,ror#25	// Sigma1(e)
-	eor	w7,w7,w24,ror#13
-	add	w23,w23,w17			// h+=Ch(e,f,g)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	eor	w5,w5,w14,ror#19
-	eor	w6,w6,w1,lsr#3	// sigma0(X[i+1])
-	add	w23,w23,w16			// h+=Sigma1(e)
-	eor	w28,w28,w25			// Maj(a,b,c)
-	eor	w17,w7,w24,ror#22	// Sigma0(a)
-	eor	w5,w5,w14,lsr#10	// sigma1(X[i+14])
-	add	w0,w0,w9
-	add	w27,w27,w23			// d+=h
-	add	w23,w23,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	add	w0,w0,w6
-	add	w23,w23,w17			// h+=Sigma0(a)
-	add	w0,w0,w5
-	ldr	w5,[sp,#8]
-	str	w8,[sp,#4]
-	ror	w16,w27,#6
-	add	w22,w22,w28			// h+=K[i]
-	ror	w7,w2,#7
-	and	w17,w20,w27
-	ror	w6,w15,#17
-	bic	w28,w21,w27
-	ror	w8,w23,#2
-	add	w22,w22,w0			// h+=X[i]
-	eor	w16,w16,w27,ror#11
-	eor	w7,w7,w2,ror#18
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w23,w24			// a^b, b^c in next round
-	eor	w16,w16,w27,ror#25	// Sigma1(e)
-	eor	w8,w8,w23,ror#13
-	add	w22,w22,w17			// h+=Ch(e,f,g)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	eor	w6,w6,w15,ror#19
-	eor	w7,w7,w2,lsr#3	// sigma0(X[i+1])
-	add	w22,w22,w16			// h+=Sigma1(e)
-	eor	w19,w19,w24			// Maj(a,b,c)
-	eor	w17,w8,w23,ror#22	// Sigma0(a)
-	eor	w6,w6,w15,lsr#10	// sigma1(X[i+14])
-	add	w1,w1,w10
-	add	w26,w26,w22			// d+=h
-	add	w22,w22,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	add	w1,w1,w7
-	add	w22,w22,w17			// h+=Sigma0(a)
-	add	w1,w1,w6
-	ldr	w6,[sp,#12]
-	str	w9,[sp,#8]
-	ror	w16,w26,#6
-	add	w21,w21,w19			// h+=K[i]
-	ror	w8,w3,#7
-	and	w17,w27,w26
-	ror	w7,w0,#17
-	bic	w19,w20,w26
-	ror	w9,w22,#2
-	add	w21,w21,w1			// h+=X[i]
-	eor	w16,w16,w26,ror#11
-	eor	w8,w8,w3,ror#18
-	orr	w17,w17,w19			// Ch(e,f,g)
-	eor	w19,w22,w23			// a^b, b^c in next round
-	eor	w16,w16,w26,ror#25	// Sigma1(e)
-	eor	w9,w9,w22,ror#13
-	add	w21,w21,w17			// h+=Ch(e,f,g)
-	and	w28,w28,w19			// (b^c)&=(a^b)
-	eor	w7,w7,w0,ror#19
-	eor	w8,w8,w3,lsr#3	// sigma0(X[i+1])
-	add	w21,w21,w16			// h+=Sigma1(e)
-	eor	w28,w28,w23			// Maj(a,b,c)
-	eor	w17,w9,w22,ror#22	// Sigma0(a)
-	eor	w7,w7,w0,lsr#10	// sigma1(X[i+14])
-	add	w2,w2,w11
-	add	w25,w25,w21			// d+=h
-	add	w21,w21,w28			// h+=Maj(a,b,c)
-	ldr	w28,[x30],#4		// *K++, w19 in next round
-	add	w2,w2,w8
-	add	w21,w21,w17			// h+=Sigma0(a)
-	add	w2,w2,w7
-	ldr	w7,[sp,#0]
-	str	w10,[sp,#12]
-	ror	w16,w25,#6
-	add	w20,w20,w28			// h+=K[i]
-	ror	w9,w4,#7
-	and	w17,w26,w25
-	ror	w8,w1,#17
-	bic	w28,w27,w25
-	ror	w10,w21,#2
-	add	w20,w20,w2			// h+=X[i]
-	eor	w16,w16,w25,ror#11
-	eor	w9,w9,w4,ror#18
-	orr	w17,w17,w28			// Ch(e,f,g)
-	eor	w28,w21,w22			// a^b, b^c in next round
-	eor	w16,w16,w25,ror#25	// Sigma1(e)
-	eor	w10,w10,w21,ror#13
-	add	w20,w20,w17			// h+=Ch(e,f,g)
-	and	w19,w19,w28			// (b^c)&=(a^b)
-	eor	w8,w8,w1,ror#19
-	eor	w9,w9,w4,lsr#3	// sigma0(X[i+1])
-	add	w20,w20,w16			// h+=Sigma1(e)
-	eor	w19,w19,w22			// Maj(a,b,c)
-	eor	w17,w10,w21,ror#22	// Sigma0(a)
-	eor	w8,w8,w1,lsr#10	// sigma1(X[i+14])
-	add	w3,w3,w12
-	add	w24,w24,w20			// d+=h
-	add	w20,w20,w19			// h+=Maj(a,b,c)
-	ldr	w19,[x30],#4		// *K++, w28 in next round
-	add	w3,w3,w9
-	add	w20,w20,w17			// h+=Sigma0(a)
-	add	w3,w3,w8
-	cbnz	w19,.Loop_16_xx
-
-	ldp	x0,x2,[x29,#96]
-	ldr	x1,[x29,#112]
-	sub	x30,x30,#260		// rewind
-
-	ldp	w3,w4,[x0]
-	ldp	w5,w6,[x0,#2*4]
-	add	x1,x1,#14*4			// advance input pointer
-	ldp	w7,w8,[x0,#4*4]
-	add	w20,w20,w3
-	ldp	w9,w10,[x0,#6*4]
-	add	w21,w21,w4
-	add	w22,w22,w5
-	add	w23,w23,w6
-	stp	w20,w21,[x0]
-	add	w24,w24,w7
-	add	w25,w25,w8
-	stp	w22,w23,[x0,#2*4]
-	add	w26,w26,w9
-	add	w27,w27,w10
-	cmp	x1,x2
-	stp	w24,w25,[x0,#4*4]
-	stp	w26,w27,[x0,#6*4]
-	b.ne	.Loop
-
-	ldp	x19,x20,[x29,#16]
-	add	sp,sp,#4*4
-	ldp	x21,x22,[x29,#32]
-	ldp	x23,x24,[x29,#48]
-	ldp	x25,x26,[x29,#64]
-	ldp	x27,x28,[x29,#80]
-	ldp	x29,x30,[sp],#128
-	ret
-.size	sha256_block_data_order,.-sha256_block_data_order
-
-.align	6
-.type	K256,%object
-K256:
-	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
-	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
-	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
-	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
-	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
-	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
-	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
-	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
-	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
-	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
-	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
-	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
-	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
-	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-	.long	0	//terminator
-.size	K256,.-K256
-.align	3
-.LOPENSSL_armcap_P:
-	.quad	OPENSSL_armcap_P-.
-.asciz	"SHA256 block transform for ARMv8, CRYPTOGAMS by <appro@openssl.org>"
-.align	2
-.type	sha256_block_armv8,%function
-.align	6
-sha256_block_armv8:
-.Lv8_entry:
-	stp		x29,x30,[sp,#-16]!
-	add		x29,sp,#0
-
-	ld1		{v0.4s,v1.4s},[x0]
-	adr		x3,K256
-
-.Loop_hw:
-	ld1		{v4.16b-v7.16b},[x1],#64
-	sub		x2,x2,#1
-	ld1		{v16.4s},[x3],#16
-	rev32		v4.16b,v4.16b
-	rev32		v5.16b,v5.16b
-	rev32		v6.16b,v6.16b
-	rev32		v7.16b,v7.16b
-	orr		v18.16b,v0.16b,v0.16b		// offload
-	orr		v19.16b,v1.16b,v1.16b
-	ld1		{v17.4s},[x3],#16
-	add		v16.4s,v16.4s,v4.4s
-	.inst	0x5e2828a4	//sha256su0 v4.16b,v5.16b
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
-	.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
-	.inst	0x5e0760c4	//sha256su1 v4.16b,v6.16b,v7.16b
-	ld1		{v16.4s},[x3],#16
-	add		v17.4s,v17.4s,v5.4s
-	.inst	0x5e2828c5	//sha256su0 v5.16b,v6.16b
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
-	.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
-	.inst	0x5e0460e5	//sha256su1 v5.16b,v7.16b,v4.16b
-	ld1		{v17.4s},[x3],#16
-	add		v16.4s,v16.4s,v6.4s
-	.inst	0x5e2828e6	//sha256su0 v6.16b,v7.16b
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
-	.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
-	.inst	0x5e056086	//sha256su1 v6.16b,v4.16b,v5.16b
-	ld1		{v16.4s},[x3],#16
-	add		v17.4s,v17.4s,v7.4s
-	.inst	0x5e282887	//sha256su0 v7.16b,v4.16b
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
-	.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
-	.inst	0x5e0660a7	//sha256su1 v7.16b,v5.16b,v6.16b
-	ld1		{v17.4s},[x3],#16
-	add		v16.4s,v16.4s,v4.4s
-	.inst	0x5e2828a4	//sha256su0 v4.16b,v5.16b
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
-	.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
-	.inst	0x5e0760c4	//sha256su1 v4.16b,v6.16b,v7.16b
-	ld1		{v16.4s},[x3],#16
-	add		v17.4s,v17.4s,v5.4s
-	.inst	0x5e2828c5	//sha256su0 v5.16b,v6.16b
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
-	.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
-	.inst	0x5e0460e5	//sha256su1 v5.16b,v7.16b,v4.16b
-	ld1		{v17.4s},[x3],#16
-	add		v16.4s,v16.4s,v6.4s
-	.inst	0x5e2828e6	//sha256su0 v6.16b,v7.16b
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
-	.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
-	.inst	0x5e056086	//sha256su1 v6.16b,v4.16b,v5.16b
-	ld1		{v16.4s},[x3],#16
-	add		v17.4s,v17.4s,v7.4s
-	.inst	0x5e282887	//sha256su0 v7.16b,v4.16b
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
-	.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
-	.inst	0x5e0660a7	//sha256su1 v7.16b,v5.16b,v6.16b
-	ld1		{v17.4s},[x3],#16
-	add		v16.4s,v16.4s,v4.4s
-	.inst	0x5e2828a4	//sha256su0 v4.16b,v5.16b
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
-	.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
-	.inst	0x5e0760c4	//sha256su1 v4.16b,v6.16b,v7.16b
-	ld1		{v16.4s},[x3],#16
-	add		v17.4s,v17.4s,v5.4s
-	.inst	0x5e2828c5	//sha256su0 v5.16b,v6.16b
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
-	.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
-	.inst	0x5e0460e5	//sha256su1 v5.16b,v7.16b,v4.16b
-	ld1		{v17.4s},[x3],#16
-	add		v16.4s,v16.4s,v6.4s
-	.inst	0x5e2828e6	//sha256su0 v6.16b,v7.16b
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
-	.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
-	.inst	0x5e056086	//sha256su1 v6.16b,v4.16b,v5.16b
-	ld1		{v16.4s},[x3],#16
-	add		v17.4s,v17.4s,v7.4s
-	.inst	0x5e282887	//sha256su0 v7.16b,v4.16b
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
-	.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
-	.inst	0x5e0660a7	//sha256su1 v7.16b,v5.16b,v6.16b
-	ld1		{v17.4s},[x3],#16
-	add		v16.4s,v16.4s,v4.4s
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
-	.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
-
-	ld1		{v16.4s},[x3],#16
-	add		v17.4s,v17.4s,v5.4s
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
-	.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
-
-	ld1		{v17.4s},[x3]
-	add		v16.4s,v16.4s,v6.4s
-	sub		x3,x3,#64*4-16	// rewind
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
-	.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
-
-	add		v17.4s,v17.4s,v7.4s
-	orr		v2.16b,v0.16b,v0.16b
-	.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
-	.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
-
-	add		v0.4s,v0.4s,v18.4s
-	add		v1.4s,v1.4s,v19.4s
-
-	cbnz		x2,.Loop_hw
-
-	st1		{v0.4s,v1.4s},[x0]
-
-	ldr		x29,[sp],#16
-	ret
-.size	sha256_block_armv8,.-sha256_block_armv8
-.comm	OPENSSL_armcap_P,4,4
diff --git a/crypto/sha/asm/sha256-mips.S b/crypto/sha/asm/sha256-mips.S
deleted file mode 100644
index 2bd728e9ea..0000000000
--- a/crypto/sha/asm/sha256-mips.S
+++ /dev/null
@@ -1,1998 +0,0 @@
-#ifdef OPENSSL_FIPSCANISTER
-# include <openssl/fipssyms.h>
-#endif
-
-.text
-.set	noat
-#if !defined(__vxworks) || defined(__pic__)
-.option	pic2
-#endif
-
-.align	5
-.globl	sha256_block_data_order
-.ent	sha256_block_data_order
-sha256_block_data_order:
-	.frame	$29,128,$31
-	.mask	3237937152,-4
-	.set	noreorder
-	.cpload	$25
-	sub $29,128
-	sw	$31,128-1*4($29)
-	sw	$30,128-2*4($29)
-	sw	$23,128-3*4($29)
-	sw	$22,128-4*4($29)
-	sw	$21,128-5*4($29)
-	sw	$20,128-6*4($29)
-	sw	$19,128-7*4($29)
-	sw	$18,128-8*4($29)
-	sw	$17,128-9*4($29)
-	sw	$16,128-10*4($29)
-	sll $23,$6,6
-	.set	reorder
-	la	$6,K256		# PIC-ified 'load address'
-
-	lw	$1,0*4($4)		# load context
-	lw	$2,1*4($4)
-	lw	$3,2*4($4)
-	lw	$7,3*4($4)
-	lw	$24,4*4($4)
-	lw	$25,5*4($4)
-	lw	$30,6*4($4)
-	lw	$31,7*4($4)
-
-	add $23,$5		# pointer to the end of input
-	sw	$23,16*4($29)
-	b	.Loop
-
-.align	5
-.Loop:
-	lwl	$8,3($5)
-	lwr	$8,0($5)
-	lwl	$9,7($5)
-	lwr	$9,4($5)
-	srl	$13,$8,24		# byte swap(0)
-	srl	$14,$8,8
-	andi	$15,$8,0xFF00
-	sll	$8,$8,24
-	andi	$14,0xFF00
-	sll	$15,$15,8
-	or	$8,$13
-	or	$14,$15
-	or	$8,$14
-	addu	$12,$8,$31			# 0
-	srl	$31,$24,6
-	xor	$15,$25,$30
-	sll	$14,$24,7
-	and	$15,$24
-	srl	$13,$24,11
-	xor	$31,$14
-	sll	$14,$24,21
-	xor	$31,$13
-	srl	$13,$24,25
-	xor	$31,$14
-	sll	$14,$24,26
-	xor	$31,$13
-	xor	$15,$30			# Ch(e,f,g)
-	xor	$13,$14,$31			# Sigma1(e)
-
-	srl	$31,$1,2
-	addu	$12,$15
-	lw	$15,0($6)		# K[0]
-	sll	$14,$1,10
-	addu	$12,$13
-	srl	$13,$1,13
-	xor	$31,$14
-	sll	$14,$1,19
-	xor	$31,$13
-	srl	$13,$1,22
-	xor	$31,$14
-	sll	$14,$1,30
-	xor	$31,$13
-	sw	$8,0($29)	# offload to ring buffer
-	xor	$31,$14			# Sigma0(a)
-
-	or	$13,$1,$2
-	and	$14,$1,$2
-	and	$13,$3
-	or	$14,$13			# Maj(a,b,c)
-	addu	$12,$15			# +=K[0]
-	addu	$31,$14
-
-	addu	$7,$12
-	addu	$31,$12
-	lwl	$10,11($5)
-	lwr	$10,8($5)
-	srl	$14,$9,24		# byte swap(1)
-	srl	$15,$9,8
-	andi	$16,$9,0xFF00
-	sll	$9,$9,24
-	andi	$15,0xFF00
-	sll	$16,$16,8
-	or	$9,$14
-	or	$15,$16
-	or	$9,$15
-	addu	$13,$9,$30			# 1
-	srl	$30,$7,6
-	xor	$16,$24,$25
-	sll	$15,$7,7
-	and	$16,$7
-	srl	$14,$7,11
-	xor	$30,$15
-	sll	$15,$7,21
-	xor	$30,$14
-	srl	$14,$7,25
-	xor	$30,$15
-	sll	$15,$7,26
-	xor	$30,$14
-	xor	$16,$25			# Ch(e,f,g)
-	xor	$14,$15,$30			# Sigma1(e)
-
-	srl	$30,$31,2
-	addu	$13,$16
-	lw	$16,4($6)		# K[1]
-	sll	$15,$31,10
-	addu	$13,$14
-	srl	$14,$31,13
-	xor	$30,$15
-	sll	$15,$31,19
-	xor	$30,$14
-	srl	$14,$31,22
-	xor	$30,$15
-	sll	$15,$31,30
-	xor	$30,$14
-	sw	$9,4($29)	# offload to ring buffer
-	xor	$30,$15			# Sigma0(a)
-
-	or	$14,$31,$1
-	and	$15,$31,$1
-	and	$14,$2
-	or	$15,$14			# Maj(a,b,c)
-	addu	$13,$16			# +=K[1]
-	addu	$30,$15
-
-	addu	$3,$13
-	addu	$30,$13
-	lwl	$11,15($5)
-	lwr	$11,12($5)
-	srl	$15,$10,24		# byte swap(2)
-	srl	$16,$10,8
-	andi	$17,$10,0xFF00
-	sll	$10,$10,24
-	andi	$16,0xFF00
-	sll	$17,$17,8
-	or	$10,$15
-	or	$16,$17
-	or	$10,$16
-	addu	$14,$10,$25			# 2
-	srl	$25,$3,6
-	xor	$17,$7,$24
-	sll	$16,$3,7
-	and	$17,$3
-	srl	$15,$3,11
-	xor	$25,$16
-	sll	$16,$3,21
-	xor	$25,$15
-	srl	$15,$3,25
-	xor	$25,$16
-	sll	$16,$3,26
-	xor	$25,$15
-	xor	$17,$24			# Ch(e,f,g)
-	xor	$15,$16,$25			# Sigma1(e)
-
-	srl	$25,$30,2
-	addu	$14,$17
-	lw	$17,8($6)		# K[2]
-	sll	$16,$30,10
-	addu	$14,$15
-	srl	$15,$30,13
-	xor	$25,$16
-	sll	$16,$30,19
-	xor	$25,$15
-	srl	$15,$30,22
-	xor	$25,$16
-	sll	$16,$30,30
-	xor	$25,$15
-	sw	$10,8($29)	# offload to ring buffer
-	xor	$25,$16			# Sigma0(a)
-
-	or	$15,$30,$31
-	and	$16,$30,$31
-	and	$15,$1
-	or	$16,$15			# Maj(a,b,c)
-	addu	$14,$17			# +=K[2]
-	addu	$25,$16
-
-	addu	$2,$14
-	addu	$25,$14
-	lwl	$12,19($5)
-	lwr	$12,16($5)
-	srl	$16,$11,24		# byte swap(3)
-	srl	$17,$11,8
-	andi	$18,$11,0xFF00
-	sll	$11,$11,24
-	andi	$17,0xFF00
-	sll	$18,$18,8
-	or	$11,$16
-	or	$17,$18
-	or	$11,$17
-	addu	$15,$11,$24			# 3
-	srl	$24,$2,6
-	xor	$18,$3,$7
-	sll	$17,$2,7
-	and	$18,$2
-	srl	$16,$2,11
-	xor	$24,$17
-	sll	$17,$2,21
-	xor	$24,$16
-	srl	$16,$2,25
-	xor	$24,$17
-	sll	$17,$2,26
-	xor	$24,$16
-	xor	$18,$7			# Ch(e,f,g)
-	xor	$16,$17,$24			# Sigma1(e)
-
-	srl	$24,$25,2
-	addu	$15,$18
-	lw	$18,12($6)		# K[3]
-	sll	$17,$25,10
-	addu	$15,$16
-	srl	$16,$25,13
-	xor	$24,$17
-	sll	$17,$25,19
-	xor	$24,$16
-	srl	$16,$25,22
-	xor	$24,$17
-	sll	$17,$25,30
-	xor	$24,$16
-	sw	$11,12($29)	# offload to ring buffer
-	xor	$24,$17			# Sigma0(a)
-
-	or	$16,$25,$30
-	and	$17,$25,$30
-	and	$16,$31
-	or	$17,$16			# Maj(a,b,c)
-	addu	$15,$18			# +=K[3]
-	addu	$24,$17
-
-	addu	$1,$15
-	addu	$24,$15
-	lwl	$13,23($5)
-	lwr	$13,20($5)
-	srl	$17,$12,24		# byte swap(4)
-	srl	$18,$12,8
-	andi	$19,$12,0xFF00
-	sll	$12,$12,24
-	andi	$18,0xFF00
-	sll	$19,$19,8
-	or	$12,$17
-	or	$18,$19
-	or	$12,$18
-	addu	$16,$12,$7			# 4
-	srl	$7,$1,6
-	xor	$19,$2,$3
-	sll	$18,$1,7
-	and	$19,$1
-	srl	$17,$1,11
-	xor	$7,$18
-	sll	$18,$1,21
-	xor	$7,$17
-	srl	$17,$1,25
-	xor	$7,$18
-	sll	$18,$1,26
-	xor	$7,$17
-	xor	$19,$3			# Ch(e,f,g)
-	xor	$17,$18,$7			# Sigma1(e)
-
-	srl	$7,$24,2
-	addu	$16,$19
-	lw	$19,16($6)		# K[4]
-	sll	$18,$24,10
-	addu	$16,$17
-	srl	$17,$24,13
-	xor	$7,$18
-	sll	$18,$24,19
-	xor	$7,$17
-	srl	$17,$24,22
-	xor	$7,$18
-	sll	$18,$24,30
-	xor	$7,$17
-	sw	$12,16($29)	# offload to ring buffer
-	xor	$7,$18			# Sigma0(a)
-
-	or	$17,$24,$25
-	and	$18,$24,$25
-	and	$17,$30
-	or	$18,$17			# Maj(a,b,c)
-	addu	$16,$19			# +=K[4]
-	addu	$7,$18
-
-	addu	$31,$16
-	addu	$7,$16
-	lwl	$14,27($5)
-	lwr	$14,24($5)
-	srl	$18,$13,24		# byte swap(5)
-	srl	$19,$13,8
-	andi	$20,$13,0xFF00
-	sll	$13,$13,24
-	andi	$19,0xFF00
-	sll	$20,$20,8
-	or	$13,$18
-	or	$19,$20
-	or	$13,$19
-	addu	$17,$13,$3			# 5
-	srl	$3,$31,6
-	xor	$20,$1,$2
-	sll	$19,$31,7
-	and	$20,$31
-	srl	$18,$31,11
-	xor	$3,$19
-	sll	$19,$31,21
-	xor	$3,$18
-	srl	$18,$31,25
-	xor	$3,$19
-	sll	$19,$31,26
-	xor	$3,$18
-	xor	$20,$2			# Ch(e,f,g)
-	xor	$18,$19,$3			# Sigma1(e)
-
-	srl	$3,$7,2
-	addu	$17,$20
-	lw	$20,20($6)		# K[5]
-	sll	$19,$7,10
-	addu	$17,$18
-	srl	$18,$7,13
-	xor	$3,$19
-	sll	$19,$7,19
-	xor	$3,$18
-	srl	$18,$7,22
-	xor	$3,$19
-	sll	$19,$7,30
-	xor	$3,$18
-	sw	$13,20($29)	# offload to ring buffer
-	xor	$3,$19			# Sigma0(a)
-
-	or	$18,$7,$24
-	and	$19,$7,$24
-	and	$18,$25
-	or	$19,$18			# Maj(a,b,c)
-	addu	$17,$20			# +=K[5]
-	addu	$3,$19
-
-	addu	$30,$17
-	addu	$3,$17
-	lwl	$15,31($5)
-	lwr	$15,28($5)
-	srl	$19,$14,24		# byte swap(6)
-	srl	$20,$14,8
-	andi	$21,$14,0xFF00
-	sll	$14,$14,24
-	andi	$20,0xFF00
-	sll	$21,$21,8
-	or	$14,$19
-	or	$20,$21
-	or	$14,$20
-	addu	$18,$14,$2			# 6
-	srl	$2,$30,6
-	xor	$21,$31,$1
-	sll	$20,$30,7
-	and	$21,$30
-	srl	$19,$30,11
-	xor	$2,$20
-	sll	$20,$30,21
-	xor	$2,$19
-	srl	$19,$30,25
-	xor	$2,$20
-	sll	$20,$30,26
-	xor	$2,$19
-	xor	$21,$1			# Ch(e,f,g)
-	xor	$19,$20,$2			# Sigma1(e)
-
-	srl	$2,$3,2
-	addu	$18,$21
-	lw	$21,24($6)		# K[6]
-	sll	$20,$3,10
-	addu	$18,$19
-	srl	$19,$3,13
-	xor	$2,$20
-	sll	$20,$3,19
-	xor	$2,$19
-	srl	$19,$3,22
-	xor	$2,$20
-	sll	$20,$3,30
-	xor	$2,$19
-	sw	$14,24($29)	# offload to ring buffer
-	xor	$2,$20			# Sigma0(a)
-
-	or	$19,$3,$7
-	and	$20,$3,$7
-	and	$19,$24
-	or	$20,$19			# Maj(a,b,c)
-	addu	$18,$21			# +=K[6]
-	addu	$2,$20
-
-	addu	$25,$18
-	addu	$2,$18
-	lwl	$16,35($5)
-	lwr	$16,32($5)
-	srl	$20,$15,24		# byte swap(7)
-	srl	$21,$15,8
-	andi	$22,$15,0xFF00
-	sll	$15,$15,24
-	andi	$21,0xFF00
-	sll	$22,$22,8
-	or	$15,$20
-	or	$21,$22
-	or	$15,$21
-	addu	$19,$15,$1			# 7
-	srl	$1,$25,6
-	xor	$22,$30,$31
-	sll	$21,$25,7
-	and	$22,$25
-	srl	$20,$25,11
-	xor	$1,$21
-	sll	$21,$25,21
-	xor	$1,$20
-	srl	$20,$25,25
-	xor	$1,$21
-	sll	$21,$25,26
-	xor	$1,$20
-	xor	$22,$31			# Ch(e,f,g)
-	xor	$20,$21,$1			# Sigma1(e)
-
-	srl	$1,$2,2
-	addu	$19,$22
-	lw	$22,28($6)		# K[7]
-	sll	$21,$2,10
-	addu	$19,$20
-	srl	$20,$2,13
-	xor	$1,$21
-	sll	$21,$2,19
-	xor	$1,$20
-	srl	$20,$2,22
-	xor	$1,$21
-	sll	$21,$2,30
-	xor	$1,$20
-	sw	$15,28($29)	# offload to ring buffer
-	xor	$1,$21			# Sigma0(a)
-
-	or	$20,$2,$3
-	and	$21,$2,$3
-	and	$20,$7
-	or	$21,$20			# Maj(a,b,c)
-	addu	$19,$22			# +=K[7]
-	addu	$1,$21
-
-	addu	$24,$19
-	addu	$1,$19
-	lwl	$17,39($5)
-	lwr	$17,36($5)
-	srl	$21,$16,24		# byte swap(8)
-	srl	$22,$16,8
-	andi	$23,$16,0xFF00
-	sll	$16,$16,24
-	andi	$22,0xFF00
-	sll	$23,$23,8
-	or	$16,$21
-	or	$22,$23
-	or	$16,$22
-	addu	$20,$16,$31			# 8
-	srl	$31,$24,6
-	xor	$23,$25,$30
-	sll	$22,$24,7
-	and	$23,$24
-	srl	$21,$24,11
-	xor	$31,$22
-	sll	$22,$24,21
-	xor	$31,$21
-	srl	$21,$24,25
-	xor	$31,$22
-	sll	$22,$24,26
-	xor	$31,$21
-	xor	$23,$30			# Ch(e,f,g)
-	xor	$21,$22,$31			# Sigma1(e)
-
-	srl	$31,$1,2
-	addu	$20,$23
-	lw	$23,32($6)		# K[8]
-	sll	$22,$1,10
-	addu	$20,$21
-	srl	$21,$1,13
-	xor	$31,$22
-	sll	$22,$1,19
-	xor	$31,$21
-	srl	$21,$1,22
-	xor	$31,$22
-	sll	$22,$1,30
-	xor	$31,$21
-	sw	$16,32($29)	# offload to ring buffer
-	xor	$31,$22			# Sigma0(a)
-
-	or	$21,$1,$2
-	and	$22,$1,$2
-	and	$21,$3
-	or	$22,$21			# Maj(a,b,c)
-	addu	$20,$23			# +=K[8]
-	addu	$31,$22
-
-	addu	$7,$20
-	addu	$31,$20
-	lwl	$18,43($5)
-	lwr	$18,40($5)
-	srl	$22,$17,24		# byte swap(9)
-	srl	$23,$17,8
-	andi	$8,$17,0xFF00
-	sll	$17,$17,24
-	andi	$23,0xFF00
-	sll	$8,$8,8
-	or	$17,$22
-	or	$23,$8
-	or	$17,$23
-	addu	$21,$17,$30			# 9
-	srl	$30,$7,6
-	xor	$8,$24,$25
-	sll	$23,$7,7
-	and	$8,$7
-	srl	$22,$7,11
-	xor	$30,$23
-	sll	$23,$7,21
-	xor	$30,$22
-	srl	$22,$7,25
-	xor	$30,$23
-	sll	$23,$7,26
-	xor	$30,$22
-	xor	$8,$25			# Ch(e,f,g)
-	xor	$22,$23,$30			# Sigma1(e)
-
-	srl	$30,$31,2
-	addu	$21,$8
-	lw	$8,36($6)		# K[9]
-	sll	$23,$31,10
-	addu	$21,$22
-	srl	$22,$31,13
-	xor	$30,$23
-	sll	$23,$31,19
-	xor	$30,$22
-	srl	$22,$31,22
-	xor	$30,$23
-	sll	$23,$31,30
-	xor	$30,$22
-	sw	$17,36($29)	# offload to ring buffer
-	xor	$30,$23			# Sigma0(a)
-
-	or	$22,$31,$1
-	and	$23,$31,$1
-	and	$22,$2
-	or	$23,$22			# Maj(a,b,c)
-	addu	$21,$8			# +=K[9]
-	addu	$30,$23
-
-	addu	$3,$21
-	addu	$30,$21
-	lwl	$19,47($5)
-	lwr	$19,44($5)
-	srl	$23,$18,24		# byte swap(10)
-	srl	$8,$18,8
-	andi	$9,$18,0xFF00
-	sll	$18,$18,24
-	andi	$8,0xFF00
-	sll	$9,$9,8
-	or	$18,$23
-	or	$8,$9
-	or	$18,$8
-	addu	$22,$18,$25			# 10
-	srl	$25,$3,6
-	xor	$9,$7,$24
-	sll	$8,$3,7
-	and	$9,$3
-	srl	$23,$3,11
-	xor	$25,$8
-	sll	$8,$3,21
-	xor	$25,$23
-	srl	$23,$3,25
-	xor	$25,$8
-	sll	$8,$3,26
-	xor	$25,$23
-	xor	$9,$24			# Ch(e,f,g)
-	xor	$23,$8,$25			# Sigma1(e)
-
-	srl	$25,$30,2
-	addu	$22,$9
-	lw	$9,40($6)		# K[10]
-	sll	$8,$30,10
-	addu	$22,$23
-	srl	$23,$30,13
-	xor	$25,$8
-	sll	$8,$30,19
-	xor	$25,$23
-	srl	$23,$30,22
-	xor	$25,$8
-	sll	$8,$30,30
-	xor	$25,$23
-	sw	$18,40($29)	# offload to ring buffer
-	xor	$25,$8			# Sigma0(a)
-
-	or	$23,$30,$31
-	and	$8,$30,$31
-	and	$23,$1
-	or	$8,$23			# Maj(a,b,c)
-	addu	$22,$9			# +=K[10]
-	addu	$25,$8
-
-	addu	$2,$22
-	addu	$25,$22
-	lwl	$20,51($5)
-	lwr	$20,48($5)
-	srl	$8,$19,24		# byte swap(11)
-	srl	$9,$19,8
-	andi	$10,$19,0xFF00
-	sll	$19,$19,24
-	andi	$9,0xFF00
-	sll	$10,$10,8
-	or	$19,$8
-	or	$9,$10
-	or	$19,$9
-	addu	$23,$19,$24			# 11
-	srl	$24,$2,6
-	xor	$10,$3,$7
-	sll	$9,$2,7
-	and	$10,$2
-	srl	$8,$2,11
-	xor	$24,$9
-	sll	$9,$2,21
-	xor	$24,$8
-	srl	$8,$2,25
-	xor	$24,$9
-	sll	$9,$2,26
-	xor	$24,$8
-	xor	$10,$7			# Ch(e,f,g)
-	xor	$8,$9,$24			# Sigma1(e)
-
-	srl	$24,$25,2
-	addu	$23,$10
-	lw	$10,44($6)		# K[11]
-	sll	$9,$25,10
-	addu	$23,$8
-	srl	$8,$25,13
-	xor	$24,$9
-	sll	$9,$25,19
-	xor	$24,$8
-	srl	$8,$25,22
-	xor	$24,$9
-	sll	$9,$25,30
-	xor	$24,$8
-	sw	$19,44($29)	# offload to ring buffer
-	xor	$24,$9			# Sigma0(a)
-
-	or	$8,$25,$30
-	and	$9,$25,$30
-	and	$8,$31
-	or	$9,$8			# Maj(a,b,c)
-	addu	$23,$10			# +=K[11]
-	addu	$24,$9
-
-	addu	$1,$23
-	addu	$24,$23
-	lwl	$21,55($5)
-	lwr	$21,52($5)
-	srl	$9,$20,24		# byte swap(12)
-	srl	$10,$20,8
-	andi	$11,$20,0xFF00
-	sll	$20,$20,24
-	andi	$10,0xFF00
-	sll	$11,$11,8
-	or	$20,$9
-	or	$10,$11
-	or	$20,$10
-	addu	$8,$20,$7			# 12
-	srl	$7,$1,6
-	xor	$11,$2,$3
-	sll	$10,$1,7
-	and	$11,$1
-	srl	$9,$1,11
-	xor	$7,$10
-	sll	$10,$1,21
-	xor	$7,$9
-	srl	$9,$1,25
-	xor	$7,$10
-	sll	$10,$1,26
-	xor	$7,$9
-	xor	$11,$3			# Ch(e,f,g)
-	xor	$9,$10,$7			# Sigma1(e)
-
-	srl	$7,$24,2
-	addu	$8,$11
-	lw	$11,48($6)		# K[12]
-	sll	$10,$24,10
-	addu	$8,$9
-	srl	$9,$24,13
-	xor	$7,$10
-	sll	$10,$24,19
-	xor	$7,$9
-	srl	$9,$24,22
-	xor	$7,$10
-	sll	$10,$24,30
-	xor	$7,$9
-	sw	$20,48($29)	# offload to ring buffer
-	xor	$7,$10			# Sigma0(a)
-
-	or	$9,$24,$25
-	and	$10,$24,$25
-	and	$9,$30
-	or	$10,$9			# Maj(a,b,c)
-	addu	$8,$11			# +=K[12]
-	addu	$7,$10
-
-	addu	$31,$8
-	addu	$7,$8
-	lwl	$22,59($5)
-	lwr	$22,56($5)
-	srl	$10,$21,24		# byte swap(13)
-	srl	$11,$21,8
-	andi	$12,$21,0xFF00
-	sll	$21,$21,24
-	andi	$11,0xFF00
-	sll	$12,$12,8
-	or	$21,$10
-	or	$11,$12
-	or	$21,$11
-	addu	$9,$21,$3			# 13
-	srl	$3,$31,6
-	xor	$12,$1,$2
-	sll	$11,$31,7
-	and	$12,$31
-	srl	$10,$31,11
-	xor	$3,$11
-	sll	$11,$31,21
-	xor	$3,$10
-	srl	$10,$31,25
-	xor	$3,$11
-	sll	$11,$31,26
-	xor	$3,$10
-	xor	$12,$2			# Ch(e,f,g)
-	xor	$10,$11,$3			# Sigma1(e)
-
-	srl	$3,$7,2
-	addu	$9,$12
-	lw	$12,52($6)		# K[13]
-	sll	$11,$7,10
-	addu	$9,$10
-	srl	$10,$7,13
-	xor	$3,$11
-	sll	$11,$7,19
-	xor	$3,$10
-	srl	$10,$7,22
-	xor	$3,$11
-	sll	$11,$7,30
-	xor	$3,$10
-	sw	$21,52($29)	# offload to ring buffer
-	xor	$3,$11			# Sigma0(a)
-
-	or	$10,$7,$24
-	and	$11,$7,$24
-	and	$10,$25
-	or	$11,$10			# Maj(a,b,c)
-	addu	$9,$12			# +=K[13]
-	addu	$3,$11
-
-	addu	$30,$9
-	addu	$3,$9
-	lw	$8,0($29)	# prefetch from ring buffer
-	lwl	$23,63($5)
-	lwr	$23,60($5)
-	srl	$11,$22,24		# byte swap(14)
-	srl	$12,$22,8
-	andi	$13,$22,0xFF00
-	sll	$22,$22,24
-	andi	$12,0xFF00
-	sll	$13,$13,8
-	or	$22,$11
-	or	$12,$13
-	or	$22,$12
-	addu	$10,$22,$2			# 14
-	srl	$2,$30,6
-	xor	$13,$31,$1
-	sll	$12,$30,7
-	and	$13,$30
-	srl	$11,$30,11
-	xor	$2,$12
-	sll	$12,$30,21
-	xor	$2,$11
-	srl	$11,$30,25
-	xor	$2,$12
-	sll	$12,$30,26
-	xor	$2,$11
-	xor	$13,$1			# Ch(e,f,g)
-	xor	$11,$12,$2			# Sigma1(e)
-
-	srl	$2,$3,2
-	addu	$10,$13
-	lw	$13,56($6)		# K[14]
-	sll	$12,$3,10
-	addu	$10,$11
-	srl	$11,$3,13
-	xor	$2,$12
-	sll	$12,$3,19
-	xor	$2,$11
-	srl	$11,$3,22
-	xor	$2,$12
-	sll	$12,$3,30
-	xor	$2,$11
-	sw	$22,56($29)	# offload to ring buffer
-	xor	$2,$12			# Sigma0(a)
-
-	or	$11,$3,$7
-	and	$12,$3,$7
-	and	$11,$24
-	or	$12,$11			# Maj(a,b,c)
-	addu	$10,$13			# +=K[14]
-	addu	$2,$12
-
-	addu	$25,$10
-	addu	$2,$10
-	lw	$9,4($29)	# prefetch from ring buffer
-	srl	$12,$23,24		# byte swap(15)
-	srl	$13,$23,8
-	andi	$14,$23,0xFF00
-	sll	$23,$23,24
-	andi	$13,0xFF00
-	sll	$14,$14,8
-	or	$23,$12
-	or	$13,$14
-	or	$23,$13
-	addu	$11,$23,$1			# 15
-	srl	$1,$25,6
-	xor	$14,$30,$31
-	sll	$13,$25,7
-	and	$14,$25
-	srl	$12,$25,11
-	xor	$1,$13
-	sll	$13,$25,21
-	xor	$1,$12
-	srl	$12,$25,25
-	xor	$1,$13
-	sll	$13,$25,26
-	xor	$1,$12
-	xor	$14,$31			# Ch(e,f,g)
-	xor	$12,$13,$1			# Sigma1(e)
-
-	srl	$1,$2,2
-	addu	$11,$14
-	lw	$14,60($6)		# K[15]
-	sll	$13,$2,10
-	addu	$11,$12
-	srl	$12,$2,13
-	xor	$1,$13
-	sll	$13,$2,19
-	xor	$1,$12
-	srl	$12,$2,22
-	xor	$1,$13
-	sll	$13,$2,30
-	xor	$1,$12
-	sw	$23,60($29)	# offload to ring buffer
-	xor	$1,$13			# Sigma0(a)
-
-	or	$12,$2,$3
-	and	$13,$2,$3
-	and	$12,$7
-	or	$13,$12			# Maj(a,b,c)
-	addu	$11,$14			# +=K[15]
-	addu	$1,$13
-
-	addu	$24,$11
-	addu	$1,$11
-	lw	$10,8($29)	# prefetch from ring buffer
-	b	.L16_xx
-.align	4
-.L16_xx:
-	srl	$14,$9,3		# Xupdate(16)
-	addu	$8,$17			# +=X[i+9]
-	sll	$13,$9,14
-	srl	$12,$9,7
-	xor	$14,$13
-	sll	$13,11
-	xor	$14,$12
-	srl	$12,$9,18
-	xor	$14,$13
-
-	srl	$15,$22,10
-	xor	$14,$12			# sigma0(X[i+1])
-	sll	$13,$22,13
-	addu	$8,$14
-	srl	$12,$22,17
-	xor	$15,$13
-	sll	$13,2
-	xor	$15,$12
-	srl	$12,$22,19
-	xor	$15,$13
-
-	xor	$15,$12			# sigma1(X[i+14])
-	addu	$8,$15
-	addu	$12,$8,$31			# 16
-	srl	$31,$24,6
-	xor	$15,$25,$30
-	sll	$14,$24,7
-	and	$15,$24
-	srl	$13,$24,11
-	xor	$31,$14
-	sll	$14,$24,21
-	xor	$31,$13
-	srl	$13,$24,25
-	xor	$31,$14
-	sll	$14,$24,26
-	xor	$31,$13
-	xor	$15,$30			# Ch(e,f,g)
-	xor	$13,$14,$31			# Sigma1(e)
-
-	srl	$31,$1,2
-	addu	$12,$15
-	lw	$15,64($6)		# K[16]
-	sll	$14,$1,10
-	addu	$12,$13
-	srl	$13,$1,13
-	xor	$31,$14
-	sll	$14,$1,19
-	xor	$31,$13
-	srl	$13,$1,22
-	xor	$31,$14
-	sll	$14,$1,30
-	xor	$31,$13
-	sw	$8,0($29)	# offload to ring buffer
-	xor	$31,$14			# Sigma0(a)
-
-	or	$13,$1,$2
-	and	$14,$1,$2
-	and	$13,$3
-	or	$14,$13			# Maj(a,b,c)
-	addu	$12,$15			# +=K[16]
-	addu	$31,$14
-
-	addu	$7,$12
-	addu	$31,$12
-	lw	$11,12($29)	# prefetch from ring buffer
-	srl	$15,$10,3		# Xupdate(17)
-	addu	$9,$18			# +=X[i+9]
-	sll	$14,$10,14
-	srl	$13,$10,7
-	xor	$15,$14
-	sll	$14,11
-	xor	$15,$13
-	srl	$13,$10,18
-	xor	$15,$14
-
-	srl	$16,$23,10
-	xor	$15,$13			# sigma0(X[i+1])
-	sll	$14,$23,13
-	addu	$9,$15
-	srl	$13,$23,17
-	xor	$16,$14
-	sll	$14,2
-	xor	$16,$13
-	srl	$13,$23,19
-	xor	$16,$14
-
-	xor	$16,$13			# sigma1(X[i+14])
-	addu	$9,$16
-	addu	$13,$9,$30			# 17
-	srl	$30,$7,6
-	xor	$16,$24,$25
-	sll	$15,$7,7
-	and	$16,$7
-	srl	$14,$7,11
-	xor	$30,$15
-	sll	$15,$7,21
-	xor	$30,$14
-	srl	$14,$7,25
-	xor	$30,$15
-	sll	$15,$7,26
-	xor	$30,$14
-	xor	$16,$25			# Ch(e,f,g)
-	xor	$14,$15,$30			# Sigma1(e)
-
-	srl	$30,$31,2
-	addu	$13,$16
-	lw	$16,68($6)		# K[17]
-	sll	$15,$31,10
-	addu	$13,$14
-	srl	$14,$31,13
-	xor	$30,$15
-	sll	$15,$31,19
-	xor	$30,$14
-	srl	$14,$31,22
-	xor	$30,$15
-	sll	$15,$31,30
-	xor	$30,$14
-	sw	$9,4($29)	# offload to ring buffer
-	xor	$30,$15			# Sigma0(a)
-
-	or	$14,$31,$1
-	and	$15,$31,$1
-	and	$14,$2
-	or	$15,$14			# Maj(a,b,c)
-	addu	$13,$16			# +=K[17]
-	addu	$30,$15
-
-	addu	$3,$13
-	addu	$30,$13
-	lw	$12,16($29)	# prefetch from ring buffer
-	srl	$16,$11,3		# Xupdate(18)
-	addu	$10,$19			# +=X[i+9]
-	sll	$15,$11,14
-	srl	$14,$11,7
-	xor	$16,$15
-	sll	$15,11
-	xor	$16,$14
-	srl	$14,$11,18
-	xor	$16,$15
-
-	srl	$17,$8,10
-	xor	$16,$14			# sigma0(X[i+1])
-	sll	$15,$8,13
-	addu	$10,$16
-	srl	$14,$8,17
-	xor	$17,$15
-	sll	$15,2
-	xor	$17,$14
-	srl	$14,$8,19
-	xor	$17,$15
-
-	xor	$17,$14			# sigma1(X[i+14])
-	addu	$10,$17
-	addu	$14,$10,$25			# 18
-	srl	$25,$3,6
-	xor	$17,$7,$24
-	sll	$16,$3,7
-	and	$17,$3
-	srl	$15,$3,11
-	xor	$25,$16
-	sll	$16,$3,21
-	xor	$25,$15
-	srl	$15,$3,25
-	xor	$25,$16
-	sll	$16,$3,26
-	xor	$25,$15
-	xor	$17,$24			# Ch(e,f,g)
-	xor	$15,$16,$25			# Sigma1(e)
-
-	srl	$25,$30,2
-	addu	$14,$17
-	lw	$17,72($6)		# K[18]
-	sll	$16,$30,10
-	addu	$14,$15
-	srl	$15,$30,13
-	xor	$25,$16
-	sll	$16,$30,19
-	xor	$25,$15
-	srl	$15,$30,22
-	xor	$25,$16
-	sll	$16,$30,30
-	xor	$25,$15
-	sw	$10,8($29)	# offload to ring buffer
-	xor	$25,$16			# Sigma0(a)
-
-	or	$15,$30,$31
-	and	$16,$30,$31
-	and	$15,$1
-	or	$16,$15			# Maj(a,b,c)
-	addu	$14,$17			# +=K[18]
-	addu	$25,$16
-
-	addu	$2,$14
-	addu	$25,$14
-	lw	$13,20($29)	# prefetch from ring buffer
-	srl	$17,$12,3		# Xupdate(19)
-	addu	$11,$20			# +=X[i+9]
-	sll	$16,$12,14
-	srl	$15,$12,7
-	xor	$17,$16
-	sll	$16,11
-	xor	$17,$15
-	srl	$15,$12,18
-	xor	$17,$16
-
-	srl	$18,$9,10
-	xor	$17,$15			# sigma0(X[i+1])
-	sll	$16,$9,13
-	addu	$11,$17
-	srl	$15,$9,17
-	xor	$18,$16
-	sll	$16,2
-	xor	$18,$15
-	srl	$15,$9,19
-	xor	$18,$16
-
-	xor	$18,$15			# sigma1(X[i+14])
-	addu	$11,$18
-	addu	$15,$11,$24			# 19
-	srl	$24,$2,6
-	xor	$18,$3,$7
-	sll	$17,$2,7
-	and	$18,$2
-	srl	$16,$2,11
-	xor	$24,$17
-	sll	$17,$2,21
-	xor	$24,$16
-	srl	$16,$2,25
-	xor	$24,$17
-	sll	$17,$2,26
-	xor	$24,$16
-	xor	$18,$7			# Ch(e,f,g)
-	xor	$16,$17,$24			# Sigma1(e)
-
-	srl	$24,$25,2
-	addu	$15,$18
-	lw	$18,76($6)		# K[19]
-	sll	$17,$25,10
-	addu	$15,$16
-	srl	$16,$25,13
-	xor	$24,$17
-	sll	$17,$25,19
-	xor	$24,$16
-	srl	$16,$25,22
-	xor	$24,$17
-	sll	$17,$25,30
-	xor	$24,$16
-	sw	$11,12($29)	# offload to ring buffer
-	xor	$24,$17			# Sigma0(a)
-
-	or	$16,$25,$30
-	and	$17,$25,$30
-	and	$16,$31
-	or	$17,$16			# Maj(a,b,c)
-	addu	$15,$18			# +=K[19]
-	addu	$24,$17
-
-	addu	$1,$15
-	addu	$24,$15
-	lw	$14,24($29)	# prefetch from ring buffer
-	srl	$18,$13,3		# Xupdate(20)
-	addu	$12,$21			# +=X[i+9]
-	sll	$17,$13,14
-	srl	$16,$13,7
-	xor	$18,$17
-	sll	$17,11
-	xor	$18,$16
-	srl	$16,$13,18
-	xor	$18,$17
-
-	srl	$19,$10,10
-	xor	$18,$16			# sigma0(X[i+1])
-	sll	$17,$10,13
-	addu	$12,$18
-	srl	$16,$10,17
-	xor	$19,$17
-	sll	$17,2
-	xor	$19,$16
-	srl	$16,$10,19
-	xor	$19,$17
-
-	xor	$19,$16			# sigma1(X[i+14])
-	addu	$12,$19
-	addu	$16,$12,$7			# 20
-	srl	$7,$1,6
-	xor	$19,$2,$3
-	sll	$18,$1,7
-	and	$19,$1
-	srl	$17,$1,11
-	xor	$7,$18
-	sll	$18,$1,21
-	xor	$7,$17
-	srl	$17,$1,25
-	xor	$7,$18
-	sll	$18,$1,26
-	xor	$7,$17
-	xor	$19,$3			# Ch(e,f,g)
-	xor	$17,$18,$7			# Sigma1(e)
-
-	srl	$7,$24,2
-	addu	$16,$19
-	lw	$19,80($6)		# K[20]
-	sll	$18,$24,10
-	addu	$16,$17
-	srl	$17,$24,13
-	xor	$7,$18
-	sll	$18,$24,19
-	xor	$7,$17
-	srl	$17,$24,22
-	xor	$7,$18
-	sll	$18,$24,30
-	xor	$7,$17
-	sw	$12,16($29)	# offload to ring buffer
-	xor	$7,$18			# Sigma0(a)
-
-	or	$17,$24,$25
-	and	$18,$24,$25
-	and	$17,$30
-	or	$18,$17			# Maj(a,b,c)
-	addu	$16,$19			# +=K[20]
-	addu	$7,$18
-
-	addu	$31,$16
-	addu	$7,$16
-	lw	$15,28($29)	# prefetch from ring buffer
-	srl	$19,$14,3		# Xupdate(21)
-	addu	$13,$22			# +=X[i+9]
-	sll	$18,$14,14
-	srl	$17,$14,7
-	xor	$19,$18
-	sll	$18,11
-	xor	$19,$17
-	srl	$17,$14,18
-	xor	$19,$18
-
-	srl	$20,$11,10
-	xor	$19,$17			# sigma0(X[i+1])
-	sll	$18,$11,13
-	addu	$13,$19
-	srl	$17,$11,17
-	xor	$20,$18
-	sll	$18,2
-	xor	$20,$17
-	srl	$17,$11,19
-	xor	$20,$18
-
-	xor	$20,$17			# sigma1(X[i+14])
-	addu	$13,$20
-	addu	$17,$13,$3			# 21
-	srl	$3,$31,6
-	xor	$20,$1,$2
-	sll	$19,$31,7
-	and	$20,$31
-	srl	$18,$31,11
-	xor	$3,$19
-	sll	$19,$31,21
-	xor	$3,$18
-	srl	$18,$31,25
-	xor	$3,$19
-	sll	$19,$31,26
-	xor	$3,$18
-	xor	$20,$2			# Ch(e,f,g)
-	xor	$18,$19,$3			# Sigma1(e)
-
-	srl	$3,$7,2
-	addu	$17,$20
-	lw	$20,84($6)		# K[21]
-	sll	$19,$7,10
-	addu	$17,$18
-	srl	$18,$7,13
-	xor	$3,$19
-	sll	$19,$7,19
-	xor	$3,$18
-	srl	$18,$7,22
-	xor	$3,$19
-	sll	$19,$7,30
-	xor	$3,$18
-	sw	$13,20($29)	# offload to ring buffer
-	xor	$3,$19			# Sigma0(a)
-
-	or	$18,$7,$24
-	and	$19,$7,$24
-	and	$18,$25
-	or	$19,$18			# Maj(a,b,c)
-	addu	$17,$20			# +=K[21]
-	addu	$3,$19
-
-	addu	$30,$17
-	addu	$3,$17
-	lw	$16,32($29)	# prefetch from ring buffer
-	srl	$20,$15,3		# Xupdate(22)
-	addu	$14,$23			# +=X[i+9]
-	sll	$19,$15,14
-	srl	$18,$15,7
-	xor	$20,$19
-	sll	$19,11
-	xor	$20,$18
-	srl	$18,$15,18
-	xor	$20,$19
-
-	srl	$21,$12,10
-	xor	$20,$18			# sigma0(X[i+1])
-	sll	$19,$12,13
-	addu	$14,$20
-	srl	$18,$12,17
-	xor	$21,$19
-	sll	$19,2
-	xor	$21,$18
-	srl	$18,$12,19
-	xor	$21,$19
-
-	xor	$21,$18			# sigma1(X[i+14])
-	addu	$14,$21
-	addu	$18,$14,$2			# 22
-	srl	$2,$30,6
-	xor	$21,$31,$1
-	sll	$20,$30,7
-	and	$21,$30
-	srl	$19,$30,11
-	xor	$2,$20
-	sll	$20,$30,21
-	xor	$2,$19
-	srl	$19,$30,25
-	xor	$2,$20
-	sll	$20,$30,26
-	xor	$2,$19
-	xor	$21,$1			# Ch(e,f,g)
-	xor	$19,$20,$2			# Sigma1(e)
-
-	srl	$2,$3,2
-	addu	$18,$21
-	lw	$21,88($6)		# K[22]
-	sll	$20,$3,10
-	addu	$18,$19
-	srl	$19,$3,13
-	xor	$2,$20
-	sll	$20,$3,19
-	xor	$2,$19
-	srl	$19,$3,22
-	xor	$2,$20
-	sll	$20,$3,30
-	xor	$2,$19
-	sw	$14,24($29)	# offload to ring buffer
-	xor	$2,$20			# Sigma0(a)
-
-	or	$19,$3,$7
-	and	$20,$3,$7
-	and	$19,$24
-	or	$20,$19			# Maj(a,b,c)
-	addu	$18,$21			# +=K[22]
-	addu	$2,$20
-
-	addu	$25,$18
-	addu	$2,$18
-	lw	$17,36($29)	# prefetch from ring buffer
-	srl	$21,$16,3		# Xupdate(23)
-	addu	$15,$8			# +=X[i+9]
-	sll	$20,$16,14
-	srl	$19,$16,7
-	xor	$21,$20
-	sll	$20,11
-	xor	$21,$19
-	srl	$19,$16,18
-	xor	$21,$20
-
-	srl	$22,$13,10
-	xor	$21,$19			# sigma0(X[i+1])
-	sll	$20,$13,13
-	addu	$15,$21
-	srl	$19,$13,17
-	xor	$22,$20
-	sll	$20,2
-	xor	$22,$19
-	srl	$19,$13,19
-	xor	$22,$20
-
-	xor	$22,$19			# sigma1(X[i+14])
-	addu	$15,$22
-	addu	$19,$15,$1			# 23
-	srl	$1,$25,6
-	xor	$22,$30,$31
-	sll	$21,$25,7
-	and	$22,$25
-	srl	$20,$25,11
-	xor	$1,$21
-	sll	$21,$25,21
-	xor	$1,$20
-	srl	$20,$25,25
-	xor	$1,$21
-	sll	$21,$25,26
-	xor	$1,$20
-	xor	$22,$31			# Ch(e,f,g)
-	xor	$20,$21,$1			# Sigma1(e)
-
-	srl	$1,$2,2
-	addu	$19,$22
-	lw	$22,92($6)		# K[23]
-	sll	$21,$2,10
-	addu	$19,$20
-	srl	$20,$2,13
-	xor	$1,$21
-	sll	$21,$2,19
-	xor	$1,$20
-	srl	$20,$2,22
-	xor	$1,$21
-	sll	$21,$2,30
-	xor	$1,$20
-	sw	$15,28($29)	# offload to ring buffer
-	xor	$1,$21			# Sigma0(a)
-
-	or	$20,$2,$3
-	and	$21,$2,$3
-	and	$20,$7
-	or	$21,$20			# Maj(a,b,c)
-	addu	$19,$22			# +=K[23]
-	addu	$1,$21
-
-	addu	$24,$19
-	addu	$1,$19
-	lw	$18,40($29)	# prefetch from ring buffer
-	srl	$22,$17,3		# Xupdate(24)
-	addu	$16,$9			# +=X[i+9]
-	sll	$21,$17,14
-	srl	$20,$17,7
-	xor	$22,$21
-	sll	$21,11
-	xor	$22,$20
-	srl	$20,$17,18
-	xor	$22,$21
-
-	srl	$23,$14,10
-	xor	$22,$20			# sigma0(X[i+1])
-	sll	$21,$14,13
-	addu	$16,$22
-	srl	$20,$14,17
-	xor	$23,$21
-	sll	$21,2
-	xor	$23,$20
-	srl	$20,$14,19
-	xor	$23,$21
-
-	xor	$23,$20			# sigma1(X[i+14])
-	addu	$16,$23
-	addu	$20,$16,$31			# 24
-	srl	$31,$24,6
-	xor	$23,$25,$30
-	sll	$22,$24,7
-	and	$23,$24
-	srl	$21,$24,11
-	xor	$31,$22
-	sll	$22,$24,21
-	xor	$31,$21
-	srl	$21,$24,25
-	xor	$31,$22
-	sll	$22,$24,26
-	xor	$31,$21
-	xor	$23,$30			# Ch(e,f,g)
-	xor	$21,$22,$31			# Sigma1(e)
-
-	srl	$31,$1,2
-	addu	$20,$23
-	lw	$23,96($6)		# K[24]
-	sll	$22,$1,10
-	addu	$20,$21
-	srl	$21,$1,13
-	xor	$31,$22
-	sll	$22,$1,19
-	xor	$31,$21
-	srl	$21,$1,22
-	xor	$31,$22
-	sll	$22,$1,30
-	xor	$31,$21
-	sw	$16,32($29)	# offload to ring buffer
-	xor	$31,$22			# Sigma0(a)
-
-	or	$21,$1,$2
-	and	$22,$1,$2
-	and	$21,$3
-	or	$22,$21			# Maj(a,b,c)
-	addu	$20,$23			# +=K[24]
-	addu	$31,$22
-
-	addu	$7,$20
-	addu	$31,$20
-	lw	$19,44($29)	# prefetch from ring buffer
-	srl	$23,$18,3		# Xupdate(25)
-	addu	$17,$10			# +=X[i+9]
-	sll	$22,$18,14
-	srl	$21,$18,7
-	xor	$23,$22
-	sll	$22,11
-	xor	$23,$21
-	srl	$21,$18,18
-	xor	$23,$22
-
-	srl	$8,$15,10
-	xor	$23,$21			# sigma0(X[i+1])
-	sll	$22,$15,13
-	addu	$17,$23
-	srl	$21,$15,17
-	xor	$8,$22
-	sll	$22,2
-	xor	$8,$21
-	srl	$21,$15,19
-	xor	$8,$22
-
-	xor	$8,$21			# sigma1(X[i+14])
-	addu	$17,$8
-	addu	$21,$17,$30			# 25
-	srl	$30,$7,6
-	xor	$8,$24,$25
-	sll	$23,$7,7
-	and	$8,$7
-	srl	$22,$7,11
-	xor	$30,$23
-	sll	$23,$7,21
-	xor	$30,$22
-	srl	$22,$7,25
-	xor	$30,$23
-	sll	$23,$7,26
-	xor	$30,$22
-	xor	$8,$25			# Ch(e,f,g)
-	xor	$22,$23,$30			# Sigma1(e)
-
-	srl	$30,$31,2
-	addu	$21,$8
-	lw	$8,100($6)		# K[25]
-	sll	$23,$31,10
-	addu	$21,$22
-	srl	$22,$31,13
-	xor	$30,$23
-	sll	$23,$31,19
-	xor	$30,$22
-	srl	$22,$31,22
-	xor	$30,$23
-	sll	$23,$31,30
-	xor	$30,$22
-	sw	$17,36($29)	# offload to ring buffer
-	xor	$30,$23			# Sigma0(a)
-
-	or	$22,$31,$1
-	and	$23,$31,$1
-	and	$22,$2
-	or	$23,$22			# Maj(a,b,c)
-	addu	$21,$8			# +=K[25]
-	addu	$30,$23
-
-	addu	$3,$21
-	addu	$30,$21
-	lw	$20,48($29)	# prefetch from ring buffer
-	srl	$8,$19,3		# Xupdate(26)
-	addu	$18,$11			# +=X[i+9]
-	sll	$23,$19,14
-	srl	$22,$19,7
-	xor	$8,$23
-	sll	$23,11
-	xor	$8,$22
-	srl	$22,$19,18
-	xor	$8,$23
-
-	srl	$9,$16,10
-	xor	$8,$22			# sigma0(X[i+1])
-	sll	$23,$16,13
-	addu	$18,$8
-	srl	$22,$16,17
-	xor	$9,$23
-	sll	$23,2
-	xor	$9,$22
-	srl	$22,$16,19
-	xor	$9,$23
-
-	xor	$9,$22			# sigma1(X[i+14])
-	addu	$18,$9
-	addu	$22,$18,$25			# 26
-	srl	$25,$3,6
-	xor	$9,$7,$24
-	sll	$8,$3,7
-	and	$9,$3
-	srl	$23,$3,11
-	xor	$25,$8
-	sll	$8,$3,21
-	xor	$25,$23
-	srl	$23,$3,25
-	xor	$25,$8
-	sll	$8,$3,26
-	xor	$25,$23
-	xor	$9,$24			# Ch(e,f,g)
-	xor	$23,$8,$25			# Sigma1(e)
-
-	srl	$25,$30,2
-	addu	$22,$9
-	lw	$9,104($6)		# K[26]
-	sll	$8,$30,10
-	addu	$22,$23
-	srl	$23,$30,13
-	xor	$25,$8
-	sll	$8,$30,19
-	xor	$25,$23
-	srl	$23,$30,22
-	xor	$25,$8
-	sll	$8,$30,30
-	xor	$25,$23
-	sw	$18,40($29)	# offload to ring buffer
-	xor	$25,$8			# Sigma0(a)
-
-	or	$23,$30,$31
-	and	$8,$30,$31
-	and	$23,$1
-	or	$8,$23			# Maj(a,b,c)
-	addu	$22,$9			# +=K[26]
-	addu	$25,$8
-
-	addu	$2,$22
-	addu	$25,$22
-	lw	$21,52($29)	# prefetch from ring buffer
-	srl	$9,$20,3		# Xupdate(27)
-	addu	$19,$12			# +=X[i+9]
-	sll	$8,$20,14
-	srl	$23,$20,7
-	xor	$9,$8
-	sll	$8,11
-	xor	$9,$23
-	srl	$23,$20,18
-	xor	$9,$8
-
-	srl	$10,$17,10
-	xor	$9,$23			# sigma0(X[i+1])
-	sll	$8,$17,13
-	addu	$19,$9
-	srl	$23,$17,17
-	xor	$10,$8
-	sll	$8,2
-	xor	$10,$23
-	srl	$23,$17,19
-	xor	$10,$8
-
-	xor	$10,$23			# sigma1(X[i+14])
-	addu	$19,$10
-	addu	$23,$19,$24			# 27
-	srl	$24,$2,6
-	xor	$10,$3,$7
-	sll	$9,$2,7
-	and	$10,$2
-	srl	$8,$2,11
-	xor	$24,$9
-	sll	$9,$2,21
-	xor	$24,$8
-	srl	$8,$2,25
-	xor	$24,$9
-	sll	$9,$2,26
-	xor	$24,$8
-	xor	$10,$7			# Ch(e,f,g)
-	xor	$8,$9,$24			# Sigma1(e)
-
-	srl	$24,$25,2
-	addu	$23,$10
-	lw	$10,108($6)		# K[27]
-	sll	$9,$25,10
-	addu	$23,$8
-	srl	$8,$25,13
-	xor	$24,$9
-	sll	$9,$25,19
-	xor	$24,$8
-	srl	$8,$25,22
-	xor	$24,$9
-	sll	$9,$25,30
-	xor	$24,$8
-	sw	$19,44($29)	# offload to ring buffer
-	xor	$24,$9			# Sigma0(a)
-
-	or	$8,$25,$30
-	and	$9,$25,$30
-	and	$8,$31
-	or	$9,$8			# Maj(a,b,c)
-	addu	$23,$10			# +=K[27]
-	addu	$24,$9
-
-	addu	$1,$23
-	addu	$24,$23
-	lw	$22,56($29)	# prefetch from ring buffer
-	srl	$10,$21,3		# Xupdate(28)
-	addu	$20,$13			# +=X[i+9]
-	sll	$9,$21,14
-	srl	$8,$21,7
-	xor	$10,$9
-	sll	$9,11
-	xor	$10,$8
-	srl	$8,$21,18
-	xor	$10,$9
-
-	srl	$11,$18,10
-	xor	$10,$8			# sigma0(X[i+1])
-	sll	$9,$18,13
-	addu	$20,$10
-	srl	$8,$18,17
-	xor	$11,$9
-	sll	$9,2
-	xor	$11,$8
-	srl	$8,$18,19
-	xor	$11,$9
-
-	xor	$11,$8			# sigma1(X[i+14])
-	addu	$20,$11
-	addu	$8,$20,$7			# 28
-	srl	$7,$1,6
-	xor	$11,$2,$3
-	sll	$10,$1,7
-	and	$11,$1
-	srl	$9,$1,11
-	xor	$7,$10
-	sll	$10,$1,21
-	xor	$7,$9
-	srl	$9,$1,25
-	xor	$7,$10
-	sll	$10,$1,26
-	xor	$7,$9
-	xor	$11,$3			# Ch(e,f,g)
-	xor	$9,$10,$7			# Sigma1(e)
-
-	srl	$7,$24,2
-	addu	$8,$11
-	lw	$11,112($6)		# K[28]
-	sll	$10,$24,10
-	addu	$8,$9
-	srl	$9,$24,13
-	xor	$7,$10
-	sll	$10,$24,19
-	xor	$7,$9
-	srl	$9,$24,22
-	xor	$7,$10
-	sll	$10,$24,30
-	xor	$7,$9
-	sw	$20,48($29)	# offload to ring buffer
-	xor	$7,$10			# Sigma0(a)
-
-	or	$9,$24,$25
-	and	$10,$24,$25
-	and	$9,$30
-	or	$10,$9			# Maj(a,b,c)
-	addu	$8,$11			# +=K[28]
-	addu	$7,$10
-
-	addu	$31,$8
-	addu	$7,$8
-	lw	$23,60($29)	# prefetch from ring buffer
-	srl	$11,$22,3		# Xupdate(29)
-	addu	$21,$14			# +=X[i+9]
-	sll	$10,$22,14
-	srl	$9,$22,7
-	xor	$11,$10
-	sll	$10,11
-	xor	$11,$9
-	srl	$9,$22,18
-	xor	$11,$10
-
-	srl	$12,$19,10
-	xor	$11,$9			# sigma0(X[i+1])
-	sll	$10,$19,13
-	addu	$21,$11
-	srl	$9,$19,17
-	xor	$12,$10
-	sll	$10,2
-	xor	$12,$9
-	srl	$9,$19,19
-	xor	$12,$10
-
-	xor	$12,$9			# sigma1(X[i+14])
-	addu	$21,$12
-	addu	$9,$21,$3			# 29
-	srl	$3,$31,6
-	xor	$12,$1,$2
-	sll	$11,$31,7
-	and	$12,$31
-	srl	$10,$31,11
-	xor	$3,$11
-	sll	$11,$31,21
-	xor	$3,$10
-	srl	$10,$31,25
-	xor	$3,$11
-	sll	$11,$31,26
-	xor	$3,$10
-	xor	$12,$2			# Ch(e,f,g)
-	xor	$10,$11,$3			# Sigma1(e)
-
-	srl	$3,$7,2
-	addu	$9,$12
-	lw	$12,116($6)		# K[29]
-	sll	$11,$7,10
-	addu	$9,$10
-	srl	$10,$7,13
-	xor	$3,$11
-	sll	$11,$7,19
-	xor	$3,$10
-	srl	$10,$7,22
-	xor	$3,$11
-	sll	$11,$7,30
-	xor	$3,$10
-	sw	$21,52($29)	# offload to ring buffer
-	xor	$3,$11			# Sigma0(a)
-
-	or	$10,$7,$24
-	and	$11,$7,$24
-	and	$10,$25
-	or	$11,$10			# Maj(a,b,c)
-	addu	$9,$12			# +=K[29]
-	addu	$3,$11
-
-	addu	$30,$9
-	addu	$3,$9
-	lw	$8,0($29)	# prefetch from ring buffer
-	srl	$12,$23,3		# Xupdate(30)
-	addu	$22,$15			# +=X[i+9]
-	sll	$11,$23,14
-	srl	$10,$23,7
-	xor	$12,$11
-	sll	$11,11
-	xor	$12,$10
-	srl	$10,$23,18
-	xor	$12,$11
-
-	srl	$13,$20,10
-	xor	$12,$10			# sigma0(X[i+1])
-	sll	$11,$20,13
-	addu	$22,$12
-	srl	$10,$20,17
-	xor	$13,$11
-	sll	$11,2
-	xor	$13,$10
-	srl	$10,$20,19
-	xor	$13,$11
-
-	xor	$13,$10			# sigma1(X[i+14])
-	addu	$22,$13
-	addu	$10,$22,$2			# 30
-	srl	$2,$30,6
-	xor	$13,$31,$1
-	sll	$12,$30,7
-	and	$13,$30
-	srl	$11,$30,11
-	xor	$2,$12
-	sll	$12,$30,21
-	xor	$2,$11
-	srl	$11,$30,25
-	xor	$2,$12
-	sll	$12,$30,26
-	xor	$2,$11
-	xor	$13,$1			# Ch(e,f,g)
-	xor	$11,$12,$2			# Sigma1(e)
-
-	srl	$2,$3,2
-	addu	$10,$13
-	lw	$13,120($6)		# K[30]
-	sll	$12,$3,10
-	addu	$10,$11
-	srl	$11,$3,13
-	xor	$2,$12
-	sll	$12,$3,19
-	xor	$2,$11
-	srl	$11,$3,22
-	xor	$2,$12
-	sll	$12,$3,30
-	xor	$2,$11
-	sw	$22,56($29)	# offload to ring buffer
-	xor	$2,$12			# Sigma0(a)
-
-	or	$11,$3,$7
-	and	$12,$3,$7
-	and	$11,$24
-	or	$12,$11			# Maj(a,b,c)
-	addu	$10,$13			# +=K[30]
-	addu	$2,$12
-
-	addu	$25,$10
-	addu	$2,$10
-	lw	$9,4($29)	# prefetch from ring buffer
-	srl	$13,$8,3		# Xupdate(31)
-	addu	$23,$16			# +=X[i+9]
-	sll	$12,$8,14
-	srl	$11,$8,7
-	xor	$13,$12
-	sll	$12,11
-	xor	$13,$11
-	srl	$11,$8,18
-	xor	$13,$12
-
-	srl	$14,$21,10
-	xor	$13,$11			# sigma0(X[i+1])
-	sll	$12,$21,13
-	addu	$23,$13
-	srl	$11,$21,17
-	xor	$14,$12
-	sll	$12,2
-	xor	$14,$11
-	srl	$11,$21,19
-	xor	$14,$12
-
-	xor	$14,$11			# sigma1(X[i+14])
-	addu	$23,$14
-	addu	$11,$23,$1			# 31
-	srl	$1,$25,6
-	xor	$14,$30,$31
-	sll	$13,$25,7
-	and	$14,$25
-	srl	$12,$25,11
-	xor	$1,$13
-	sll	$13,$25,21
-	xor	$1,$12
-	srl	$12,$25,25
-	xor	$1,$13
-	sll	$13,$25,26
-	xor	$1,$12
-	xor	$14,$31			# Ch(e,f,g)
-	xor	$12,$13,$1			# Sigma1(e)
-
-	srl	$1,$2,2
-	addu	$11,$14
-	lw	$14,124($6)		# K[31]
-	sll	$13,$2,10
-	addu	$11,$12
-	srl	$12,$2,13
-	xor	$1,$13
-	sll	$13,$2,19
-	xor	$1,$12
-	srl	$12,$2,22
-	xor	$1,$13
-	sll	$13,$2,30
-	xor	$1,$12
-	sw	$23,60($29)	# offload to ring buffer
-	xor	$1,$13			# Sigma0(a)
-
-	or	$12,$2,$3
-	and	$13,$2,$3
-	and	$12,$7
-	or	$13,$12			# Maj(a,b,c)
-	addu	$11,$14			# +=K[31]
-	addu	$1,$13
-
-	addu	$24,$11
-	addu	$1,$11
-	lw	$10,8($29)	# prefetch from ring buffer
-	and	$14,0xfff
-	li	$15,2290
-	.set	noreorder
-	bne	$14,$15,.L16_xx
-	add $6,16*4		# Ktbl+=16
-
-	lw	$23,16*4($29)	# restore pointer to the end of input
-	lw	$8,0*4($4)
-	lw	$9,1*4($4)
-	lw	$10,2*4($4)
-	add $5,16*4
-	lw	$11,3*4($4)
-	addu	$1,$8
-	lw	$12,4*4($4)
-	addu	$2,$9
-	lw	$13,5*4($4)
-	addu	$3,$10
-	lw	$14,6*4($4)
-	addu	$7,$11
-	lw	$15,7*4($4)
-	addu	$24,$12
-	sw	$1,0*4($4)
-	addu	$25,$13
-	sw	$2,1*4($4)
-	addu	$30,$14
-	sw	$3,2*4($4)
-	addu	$31,$15
-	sw	$7,3*4($4)
-	sw	$24,4*4($4)
-	sw	$25,5*4($4)
-	sw	$30,6*4($4)
-	sw	$31,7*4($4)
-
-	bne	$5,$23,.Loop
-	sub $6,192	# rewind $6
-
-	lw	$31,128-1*4($29)
-	lw	$30,128-2*4($29)
-	lw	$23,128-3*4($29)
-	lw	$22,128-4*4($29)
-	lw	$21,128-5*4($29)
-	lw	$20,128-6*4($29)
-	lw	$19,128-7*4($29)
-	lw	$18,128-8*4($29)
-	lw	$17,128-9*4($29)
-	lw	$16,128-10*4($29)
-	jr	$31
-	add $29,128
-.end	sha256_block_data_order
-
-.rdata
-.align	5
-K256:
-	.word	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
-	.word	0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
-	.word	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
-	.word	0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
-	.word	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
-	.word	0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
-	.word	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
-	.word	0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
-	.word	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
-	.word	0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
-	.word	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
-	.word	0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
-	.word	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
-	.word	0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
-	.word	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
-	.word	0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
-.asciiz	"SHA256 for MIPS, CRYPTOGAMS by <appro@openssl.org>"
-.align	5
-
diff --git a/crypto/sha/asm/sha256-x86_64.S b/crypto/sha/asm/sha256-x86_64.S
deleted file mode 100644
index db5b898f0f..0000000000
--- a/crypto/sha/asm/sha256-x86_64.S
+++ /dev/null
@@ -1,1778 +0,0 @@
-.text	
-
-.globl	sha256_block_data_order
-.type	sha256_block_data_order,@function
-.align	16
-sha256_block_data_order:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	movq	%rsp,%r11
-	shlq	$4,%rdx
-	subq	$64+32,%rsp
-	leaq	(%rsi,%rdx,4),%rdx
-	andq	$-64,%rsp
-	movq	%rdi,64+0(%rsp)
-	movq	%rsi,64+8(%rsp)
-	movq	%rdx,64+16(%rsp)
-	movq	%r11,64+24(%rsp)
-.Lprologue:
-
-	leaq	K256(%rip),%rbp
-
-	movl	0(%rdi),%eax
-	movl	4(%rdi),%ebx
-	movl	8(%rdi),%ecx
-	movl	12(%rdi),%edx
-	movl	16(%rdi),%r8d
-	movl	20(%rdi),%r9d
-	movl	24(%rdi),%r10d
-	movl	28(%rdi),%r11d
-	jmp	.Lloop
-
-.align	16
-.Lloop:
-	xorq	%rdi,%rdi
-	movl	0(%rsi),%r12d
-	movl	%r8d,%r13d
-	movl	%eax,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%r9d,%r15d
-	movl	%r12d,0(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r8d,%r13d
-	xorl	%r10d,%r15d
-
-	rorl	$5,%r13d
-	addl	%r11d,%r12d
-	xorl	%eax,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r8d,%r15d
-	movl	%ebx,%r11d
-
-	rorl	$11,%r14d
-	xorl	%r8d,%r13d
-	xorl	%r10d,%r15d
-
-	xorl	%ecx,%r11d
-	xorl	%eax,%r14d
-	addl	%r15d,%r12d
-	movl	%ebx,%r15d
-
-	rorl	$6,%r13d
-	andl	%eax,%r11d
-	andl	%ecx,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r11d
-
-	addl	%r12d,%edx
-	addl	%r12d,%r11d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r11d
-
-	movl	4(%rsi),%r12d
-	movl	%edx,%r13d
-	movl	%r11d,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%r8d,%r15d
-	movl	%r12d,4(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%edx,%r13d
-	xorl	%r9d,%r15d
-
-	rorl	$5,%r13d
-	addl	%r10d,%r12d
-	xorl	%r11d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%edx,%r15d
-	movl	%eax,%r10d
-
-	rorl	$11,%r14d
-	xorl	%edx,%r13d
-	xorl	%r9d,%r15d
-
-	xorl	%ebx,%r10d
-	xorl	%r11d,%r14d
-	addl	%r15d,%r12d
-	movl	%eax,%r15d
-
-	rorl	$6,%r13d
-	andl	%r11d,%r10d
-	andl	%ebx,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r10d
-
-	addl	%r12d,%ecx
-	addl	%r12d,%r10d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r10d
-
-	movl	8(%rsi),%r12d
-	movl	%ecx,%r13d
-	movl	%r10d,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%edx,%r15d
-	movl	%r12d,8(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%ecx,%r13d
-	xorl	%r8d,%r15d
-
-	rorl	$5,%r13d
-	addl	%r9d,%r12d
-	xorl	%r10d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%ecx,%r15d
-	movl	%r11d,%r9d
-
-	rorl	$11,%r14d
-	xorl	%ecx,%r13d
-	xorl	%r8d,%r15d
-
-	xorl	%eax,%r9d
-	xorl	%r10d,%r14d
-	addl	%r15d,%r12d
-	movl	%r11d,%r15d
-
-	rorl	$6,%r13d
-	andl	%r10d,%r9d
-	andl	%eax,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r9d
-
-	addl	%r12d,%ebx
-	addl	%r12d,%r9d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r9d
-
-	movl	12(%rsi),%r12d
-	movl	%ebx,%r13d
-	movl	%r9d,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%ecx,%r15d
-	movl	%r12d,12(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%ebx,%r13d
-	xorl	%edx,%r15d
-
-	rorl	$5,%r13d
-	addl	%r8d,%r12d
-	xorl	%r9d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%ebx,%r15d
-	movl	%r10d,%r8d
-
-	rorl	$11,%r14d
-	xorl	%ebx,%r13d
-	xorl	%edx,%r15d
-
-	xorl	%r11d,%r8d
-	xorl	%r9d,%r14d
-	addl	%r15d,%r12d
-	movl	%r10d,%r15d
-
-	rorl	$6,%r13d
-	andl	%r9d,%r8d
-	andl	%r11d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r8d
-
-	addl	%r12d,%eax
-	addl	%r12d,%r8d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r8d
-
-	movl	16(%rsi),%r12d
-	movl	%eax,%r13d
-	movl	%r8d,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%ebx,%r15d
-	movl	%r12d,16(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%eax,%r13d
-	xorl	%ecx,%r15d
-
-	rorl	$5,%r13d
-	addl	%edx,%r12d
-	xorl	%r8d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%eax,%r15d
-	movl	%r9d,%edx
-
-	rorl	$11,%r14d
-	xorl	%eax,%r13d
-	xorl	%ecx,%r15d
-
-	xorl	%r10d,%edx
-	xorl	%r8d,%r14d
-	addl	%r15d,%r12d
-	movl	%r9d,%r15d
-
-	rorl	$6,%r13d
-	andl	%r8d,%edx
-	andl	%r10d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%edx
-
-	addl	%r12d,%r11d
-	addl	%r12d,%edx
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%edx
-
-	movl	20(%rsi),%r12d
-	movl	%r11d,%r13d
-	movl	%edx,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%eax,%r15d
-	movl	%r12d,20(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r11d,%r13d
-	xorl	%ebx,%r15d
-
-	rorl	$5,%r13d
-	addl	%ecx,%r12d
-	xorl	%edx,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r11d,%r15d
-	movl	%r8d,%ecx
-
-	rorl	$11,%r14d
-	xorl	%r11d,%r13d
-	xorl	%ebx,%r15d
-
-	xorl	%r9d,%ecx
-	xorl	%edx,%r14d
-	addl	%r15d,%r12d
-	movl	%r8d,%r15d
-
-	rorl	$6,%r13d
-	andl	%edx,%ecx
-	andl	%r9d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%ecx
-
-	addl	%r12d,%r10d
-	addl	%r12d,%ecx
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%ecx
-
-	movl	24(%rsi),%r12d
-	movl	%r10d,%r13d
-	movl	%ecx,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%r11d,%r15d
-	movl	%r12d,24(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r10d,%r13d
-	xorl	%eax,%r15d
-
-	rorl	$5,%r13d
-	addl	%ebx,%r12d
-	xorl	%ecx,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r10d,%r15d
-	movl	%edx,%ebx
-
-	rorl	$11,%r14d
-	xorl	%r10d,%r13d
-	xorl	%eax,%r15d
-
-	xorl	%r8d,%ebx
-	xorl	%ecx,%r14d
-	addl	%r15d,%r12d
-	movl	%edx,%r15d
-
-	rorl	$6,%r13d
-	andl	%ecx,%ebx
-	andl	%r8d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%ebx
-
-	addl	%r12d,%r9d
-	addl	%r12d,%ebx
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%ebx
-
-	movl	28(%rsi),%r12d
-	movl	%r9d,%r13d
-	movl	%ebx,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%r10d,%r15d
-	movl	%r12d,28(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r9d,%r13d
-	xorl	%r11d,%r15d
-
-	rorl	$5,%r13d
-	addl	%eax,%r12d
-	xorl	%ebx,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r9d,%r15d
-	movl	%ecx,%eax
-
-	rorl	$11,%r14d
-	xorl	%r9d,%r13d
-	xorl	%r11d,%r15d
-
-	xorl	%edx,%eax
-	xorl	%ebx,%r14d
-	addl	%r15d,%r12d
-	movl	%ecx,%r15d
-
-	rorl	$6,%r13d
-	andl	%ebx,%eax
-	andl	%edx,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%eax
-
-	addl	%r12d,%r8d
-	addl	%r12d,%eax
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%eax
-
-	movl	32(%rsi),%r12d
-	movl	%r8d,%r13d
-	movl	%eax,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%r9d,%r15d
-	movl	%r12d,32(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r8d,%r13d
-	xorl	%r10d,%r15d
-
-	rorl	$5,%r13d
-	addl	%r11d,%r12d
-	xorl	%eax,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r8d,%r15d
-	movl	%ebx,%r11d
-
-	rorl	$11,%r14d
-	xorl	%r8d,%r13d
-	xorl	%r10d,%r15d
-
-	xorl	%ecx,%r11d
-	xorl	%eax,%r14d
-	addl	%r15d,%r12d
-	movl	%ebx,%r15d
-
-	rorl	$6,%r13d
-	andl	%eax,%r11d
-	andl	%ecx,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r11d
-
-	addl	%r12d,%edx
-	addl	%r12d,%r11d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r11d
-
-	movl	36(%rsi),%r12d
-	movl	%edx,%r13d
-	movl	%r11d,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%r8d,%r15d
-	movl	%r12d,36(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%edx,%r13d
-	xorl	%r9d,%r15d
-
-	rorl	$5,%r13d
-	addl	%r10d,%r12d
-	xorl	%r11d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%edx,%r15d
-	movl	%eax,%r10d
-
-	rorl	$11,%r14d
-	xorl	%edx,%r13d
-	xorl	%r9d,%r15d
-
-	xorl	%ebx,%r10d
-	xorl	%r11d,%r14d
-	addl	%r15d,%r12d
-	movl	%eax,%r15d
-
-	rorl	$6,%r13d
-	andl	%r11d,%r10d
-	andl	%ebx,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r10d
-
-	addl	%r12d,%ecx
-	addl	%r12d,%r10d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r10d
-
-	movl	40(%rsi),%r12d
-	movl	%ecx,%r13d
-	movl	%r10d,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%edx,%r15d
-	movl	%r12d,40(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%ecx,%r13d
-	xorl	%r8d,%r15d
-
-	rorl	$5,%r13d
-	addl	%r9d,%r12d
-	xorl	%r10d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%ecx,%r15d
-	movl	%r11d,%r9d
-
-	rorl	$11,%r14d
-	xorl	%ecx,%r13d
-	xorl	%r8d,%r15d
-
-	xorl	%eax,%r9d
-	xorl	%r10d,%r14d
-	addl	%r15d,%r12d
-	movl	%r11d,%r15d
-
-	rorl	$6,%r13d
-	andl	%r10d,%r9d
-	andl	%eax,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r9d
-
-	addl	%r12d,%ebx
-	addl	%r12d,%r9d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r9d
-
-	movl	44(%rsi),%r12d
-	movl	%ebx,%r13d
-	movl	%r9d,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%ecx,%r15d
-	movl	%r12d,44(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%ebx,%r13d
-	xorl	%edx,%r15d
-
-	rorl	$5,%r13d
-	addl	%r8d,%r12d
-	xorl	%r9d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%ebx,%r15d
-	movl	%r10d,%r8d
-
-	rorl	$11,%r14d
-	xorl	%ebx,%r13d
-	xorl	%edx,%r15d
-
-	xorl	%r11d,%r8d
-	xorl	%r9d,%r14d
-	addl	%r15d,%r12d
-	movl	%r10d,%r15d
-
-	rorl	$6,%r13d
-	andl	%r9d,%r8d
-	andl	%r11d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r8d
-
-	addl	%r12d,%eax
-	addl	%r12d,%r8d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r8d
-
-	movl	48(%rsi),%r12d
-	movl	%eax,%r13d
-	movl	%r8d,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%ebx,%r15d
-	movl	%r12d,48(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%eax,%r13d
-	xorl	%ecx,%r15d
-
-	rorl	$5,%r13d
-	addl	%edx,%r12d
-	xorl	%r8d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%eax,%r15d
-	movl	%r9d,%edx
-
-	rorl	$11,%r14d
-	xorl	%eax,%r13d
-	xorl	%ecx,%r15d
-
-	xorl	%r10d,%edx
-	xorl	%r8d,%r14d
-	addl	%r15d,%r12d
-	movl	%r9d,%r15d
-
-	rorl	$6,%r13d
-	andl	%r8d,%edx
-	andl	%r10d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%edx
-
-	addl	%r12d,%r11d
-	addl	%r12d,%edx
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%edx
-
-	movl	52(%rsi),%r12d
-	movl	%r11d,%r13d
-	movl	%edx,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%eax,%r15d
-	movl	%r12d,52(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r11d,%r13d
-	xorl	%ebx,%r15d
-
-	rorl	$5,%r13d
-	addl	%ecx,%r12d
-	xorl	%edx,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r11d,%r15d
-	movl	%r8d,%ecx
-
-	rorl	$11,%r14d
-	xorl	%r11d,%r13d
-	xorl	%ebx,%r15d
-
-	xorl	%r9d,%ecx
-	xorl	%edx,%r14d
-	addl	%r15d,%r12d
-	movl	%r8d,%r15d
-
-	rorl	$6,%r13d
-	andl	%edx,%ecx
-	andl	%r9d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%ecx
-
-	addl	%r12d,%r10d
-	addl	%r12d,%ecx
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%ecx
-
-	movl	56(%rsi),%r12d
-	movl	%r10d,%r13d
-	movl	%ecx,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%r11d,%r15d
-	movl	%r12d,56(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r10d,%r13d
-	xorl	%eax,%r15d
-
-	rorl	$5,%r13d
-	addl	%ebx,%r12d
-	xorl	%ecx,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r10d,%r15d
-	movl	%edx,%ebx
-
-	rorl	$11,%r14d
-	xorl	%r10d,%r13d
-	xorl	%eax,%r15d
-
-	xorl	%r8d,%ebx
-	xorl	%ecx,%r14d
-	addl	%r15d,%r12d
-	movl	%edx,%r15d
-
-	rorl	$6,%r13d
-	andl	%ecx,%ebx
-	andl	%r8d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%ebx
-
-	addl	%r12d,%r9d
-	addl	%r12d,%ebx
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%ebx
-
-	movl	60(%rsi),%r12d
-	movl	%r9d,%r13d
-	movl	%ebx,%r14d
-	bswapl	%r12d
-	rorl	$14,%r13d
-	movl	%r10d,%r15d
-	movl	%r12d,60(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r9d,%r13d
-	xorl	%r11d,%r15d
-
-	rorl	$5,%r13d
-	addl	%eax,%r12d
-	xorl	%ebx,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r9d,%r15d
-	movl	%ecx,%eax
-
-	rorl	$11,%r14d
-	xorl	%r9d,%r13d
-	xorl	%r11d,%r15d
-
-	xorl	%edx,%eax
-	xorl	%ebx,%r14d
-	addl	%r15d,%r12d
-	movl	%ecx,%r15d
-
-	rorl	$6,%r13d
-	andl	%ebx,%eax
-	andl	%edx,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%eax
-
-	addl	%r12d,%r8d
-	addl	%r12d,%eax
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%eax
-
-	jmp	.Lrounds_16_xx
-.align	16
-.Lrounds_16_xx:
-	movl	4(%rsp),%r13d
-	movl	56(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	36(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	0(%rsp),%r12d
-	movl	%r8d,%r13d
-	addl	%r14d,%r12d
-	movl	%eax,%r14d
-	rorl	$14,%r13d
-	movl	%r9d,%r15d
-	movl	%r12d,0(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r8d,%r13d
-	xorl	%r10d,%r15d
-
-	rorl	$5,%r13d
-	addl	%r11d,%r12d
-	xorl	%eax,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r8d,%r15d
-	movl	%ebx,%r11d
-
-	rorl	$11,%r14d
-	xorl	%r8d,%r13d
-	xorl	%r10d,%r15d
-
-	xorl	%ecx,%r11d
-	xorl	%eax,%r14d
-	addl	%r15d,%r12d
-	movl	%ebx,%r15d
-
-	rorl	$6,%r13d
-	andl	%eax,%r11d
-	andl	%ecx,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r11d
-
-	addl	%r12d,%edx
-	addl	%r12d,%r11d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r11d
-
-	movl	8(%rsp),%r13d
-	movl	60(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	40(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	4(%rsp),%r12d
-	movl	%edx,%r13d
-	addl	%r14d,%r12d
-	movl	%r11d,%r14d
-	rorl	$14,%r13d
-	movl	%r8d,%r15d
-	movl	%r12d,4(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%edx,%r13d
-	xorl	%r9d,%r15d
-
-	rorl	$5,%r13d
-	addl	%r10d,%r12d
-	xorl	%r11d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%edx,%r15d
-	movl	%eax,%r10d
-
-	rorl	$11,%r14d
-	xorl	%edx,%r13d
-	xorl	%r9d,%r15d
-
-	xorl	%ebx,%r10d
-	xorl	%r11d,%r14d
-	addl	%r15d,%r12d
-	movl	%eax,%r15d
-
-	rorl	$6,%r13d
-	andl	%r11d,%r10d
-	andl	%ebx,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r10d
-
-	addl	%r12d,%ecx
-	addl	%r12d,%r10d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r10d
-
-	movl	12(%rsp),%r13d
-	movl	0(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	44(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	8(%rsp),%r12d
-	movl	%ecx,%r13d
-	addl	%r14d,%r12d
-	movl	%r10d,%r14d
-	rorl	$14,%r13d
-	movl	%edx,%r15d
-	movl	%r12d,8(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%ecx,%r13d
-	xorl	%r8d,%r15d
-
-	rorl	$5,%r13d
-	addl	%r9d,%r12d
-	xorl	%r10d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%ecx,%r15d
-	movl	%r11d,%r9d
-
-	rorl	$11,%r14d
-	xorl	%ecx,%r13d
-	xorl	%r8d,%r15d
-
-	xorl	%eax,%r9d
-	xorl	%r10d,%r14d
-	addl	%r15d,%r12d
-	movl	%r11d,%r15d
-
-	rorl	$6,%r13d
-	andl	%r10d,%r9d
-	andl	%eax,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r9d
-
-	addl	%r12d,%ebx
-	addl	%r12d,%r9d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r9d
-
-	movl	16(%rsp),%r13d
-	movl	4(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	48(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	12(%rsp),%r12d
-	movl	%ebx,%r13d
-	addl	%r14d,%r12d
-	movl	%r9d,%r14d
-	rorl	$14,%r13d
-	movl	%ecx,%r15d
-	movl	%r12d,12(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%ebx,%r13d
-	xorl	%edx,%r15d
-
-	rorl	$5,%r13d
-	addl	%r8d,%r12d
-	xorl	%r9d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%ebx,%r15d
-	movl	%r10d,%r8d
-
-	rorl	$11,%r14d
-	xorl	%ebx,%r13d
-	xorl	%edx,%r15d
-
-	xorl	%r11d,%r8d
-	xorl	%r9d,%r14d
-	addl	%r15d,%r12d
-	movl	%r10d,%r15d
-
-	rorl	$6,%r13d
-	andl	%r9d,%r8d
-	andl	%r11d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r8d
-
-	addl	%r12d,%eax
-	addl	%r12d,%r8d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r8d
-
-	movl	20(%rsp),%r13d
-	movl	8(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	52(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	16(%rsp),%r12d
-	movl	%eax,%r13d
-	addl	%r14d,%r12d
-	movl	%r8d,%r14d
-	rorl	$14,%r13d
-	movl	%ebx,%r15d
-	movl	%r12d,16(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%eax,%r13d
-	xorl	%ecx,%r15d
-
-	rorl	$5,%r13d
-	addl	%edx,%r12d
-	xorl	%r8d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%eax,%r15d
-	movl	%r9d,%edx
-
-	rorl	$11,%r14d
-	xorl	%eax,%r13d
-	xorl	%ecx,%r15d
-
-	xorl	%r10d,%edx
-	xorl	%r8d,%r14d
-	addl	%r15d,%r12d
-	movl	%r9d,%r15d
-
-	rorl	$6,%r13d
-	andl	%r8d,%edx
-	andl	%r10d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%edx
-
-	addl	%r12d,%r11d
-	addl	%r12d,%edx
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%edx
-
-	movl	24(%rsp),%r13d
-	movl	12(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	56(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	20(%rsp),%r12d
-	movl	%r11d,%r13d
-	addl	%r14d,%r12d
-	movl	%edx,%r14d
-	rorl	$14,%r13d
-	movl	%eax,%r15d
-	movl	%r12d,20(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r11d,%r13d
-	xorl	%ebx,%r15d
-
-	rorl	$5,%r13d
-	addl	%ecx,%r12d
-	xorl	%edx,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r11d,%r15d
-	movl	%r8d,%ecx
-
-	rorl	$11,%r14d
-	xorl	%r11d,%r13d
-	xorl	%ebx,%r15d
-
-	xorl	%r9d,%ecx
-	xorl	%edx,%r14d
-	addl	%r15d,%r12d
-	movl	%r8d,%r15d
-
-	rorl	$6,%r13d
-	andl	%edx,%ecx
-	andl	%r9d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%ecx
-
-	addl	%r12d,%r10d
-	addl	%r12d,%ecx
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%ecx
-
-	movl	28(%rsp),%r13d
-	movl	16(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	60(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	24(%rsp),%r12d
-	movl	%r10d,%r13d
-	addl	%r14d,%r12d
-	movl	%ecx,%r14d
-	rorl	$14,%r13d
-	movl	%r11d,%r15d
-	movl	%r12d,24(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r10d,%r13d
-	xorl	%eax,%r15d
-
-	rorl	$5,%r13d
-	addl	%ebx,%r12d
-	xorl	%ecx,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r10d,%r15d
-	movl	%edx,%ebx
-
-	rorl	$11,%r14d
-	xorl	%r10d,%r13d
-	xorl	%eax,%r15d
-
-	xorl	%r8d,%ebx
-	xorl	%ecx,%r14d
-	addl	%r15d,%r12d
-	movl	%edx,%r15d
-
-	rorl	$6,%r13d
-	andl	%ecx,%ebx
-	andl	%r8d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%ebx
-
-	addl	%r12d,%r9d
-	addl	%r12d,%ebx
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%ebx
-
-	movl	32(%rsp),%r13d
-	movl	20(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	0(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	28(%rsp),%r12d
-	movl	%r9d,%r13d
-	addl	%r14d,%r12d
-	movl	%ebx,%r14d
-	rorl	$14,%r13d
-	movl	%r10d,%r15d
-	movl	%r12d,28(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r9d,%r13d
-	xorl	%r11d,%r15d
-
-	rorl	$5,%r13d
-	addl	%eax,%r12d
-	xorl	%ebx,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r9d,%r15d
-	movl	%ecx,%eax
-
-	rorl	$11,%r14d
-	xorl	%r9d,%r13d
-	xorl	%r11d,%r15d
-
-	xorl	%edx,%eax
-	xorl	%ebx,%r14d
-	addl	%r15d,%r12d
-	movl	%ecx,%r15d
-
-	rorl	$6,%r13d
-	andl	%ebx,%eax
-	andl	%edx,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%eax
-
-	addl	%r12d,%r8d
-	addl	%r12d,%eax
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%eax
-
-	movl	36(%rsp),%r13d
-	movl	24(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	4(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	32(%rsp),%r12d
-	movl	%r8d,%r13d
-	addl	%r14d,%r12d
-	movl	%eax,%r14d
-	rorl	$14,%r13d
-	movl	%r9d,%r15d
-	movl	%r12d,32(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r8d,%r13d
-	xorl	%r10d,%r15d
-
-	rorl	$5,%r13d
-	addl	%r11d,%r12d
-	xorl	%eax,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r8d,%r15d
-	movl	%ebx,%r11d
-
-	rorl	$11,%r14d
-	xorl	%r8d,%r13d
-	xorl	%r10d,%r15d
-
-	xorl	%ecx,%r11d
-	xorl	%eax,%r14d
-	addl	%r15d,%r12d
-	movl	%ebx,%r15d
-
-	rorl	$6,%r13d
-	andl	%eax,%r11d
-	andl	%ecx,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r11d
-
-	addl	%r12d,%edx
-	addl	%r12d,%r11d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r11d
-
-	movl	40(%rsp),%r13d
-	movl	28(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	8(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	36(%rsp),%r12d
-	movl	%edx,%r13d
-	addl	%r14d,%r12d
-	movl	%r11d,%r14d
-	rorl	$14,%r13d
-	movl	%r8d,%r15d
-	movl	%r12d,36(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%edx,%r13d
-	xorl	%r9d,%r15d
-
-	rorl	$5,%r13d
-	addl	%r10d,%r12d
-	xorl	%r11d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%edx,%r15d
-	movl	%eax,%r10d
-
-	rorl	$11,%r14d
-	xorl	%edx,%r13d
-	xorl	%r9d,%r15d
-
-	xorl	%ebx,%r10d
-	xorl	%r11d,%r14d
-	addl	%r15d,%r12d
-	movl	%eax,%r15d
-
-	rorl	$6,%r13d
-	andl	%r11d,%r10d
-	andl	%ebx,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r10d
-
-	addl	%r12d,%ecx
-	addl	%r12d,%r10d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r10d
-
-	movl	44(%rsp),%r13d
-	movl	32(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	12(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	40(%rsp),%r12d
-	movl	%ecx,%r13d
-	addl	%r14d,%r12d
-	movl	%r10d,%r14d
-	rorl	$14,%r13d
-	movl	%edx,%r15d
-	movl	%r12d,40(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%ecx,%r13d
-	xorl	%r8d,%r15d
-
-	rorl	$5,%r13d
-	addl	%r9d,%r12d
-	xorl	%r10d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%ecx,%r15d
-	movl	%r11d,%r9d
-
-	rorl	$11,%r14d
-	xorl	%ecx,%r13d
-	xorl	%r8d,%r15d
-
-	xorl	%eax,%r9d
-	xorl	%r10d,%r14d
-	addl	%r15d,%r12d
-	movl	%r11d,%r15d
-
-	rorl	$6,%r13d
-	andl	%r10d,%r9d
-	andl	%eax,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r9d
-
-	addl	%r12d,%ebx
-	addl	%r12d,%r9d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r9d
-
-	movl	48(%rsp),%r13d
-	movl	36(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	16(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	44(%rsp),%r12d
-	movl	%ebx,%r13d
-	addl	%r14d,%r12d
-	movl	%r9d,%r14d
-	rorl	$14,%r13d
-	movl	%ecx,%r15d
-	movl	%r12d,44(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%ebx,%r13d
-	xorl	%edx,%r15d
-
-	rorl	$5,%r13d
-	addl	%r8d,%r12d
-	xorl	%r9d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%ebx,%r15d
-	movl	%r10d,%r8d
-
-	rorl	$11,%r14d
-	xorl	%ebx,%r13d
-	xorl	%edx,%r15d
-
-	xorl	%r11d,%r8d
-	xorl	%r9d,%r14d
-	addl	%r15d,%r12d
-	movl	%r10d,%r15d
-
-	rorl	$6,%r13d
-	andl	%r9d,%r8d
-	andl	%r11d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%r8d
-
-	addl	%r12d,%eax
-	addl	%r12d,%r8d
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%r8d
-
-	movl	52(%rsp),%r13d
-	movl	40(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	20(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	48(%rsp),%r12d
-	movl	%eax,%r13d
-	addl	%r14d,%r12d
-	movl	%r8d,%r14d
-	rorl	$14,%r13d
-	movl	%ebx,%r15d
-	movl	%r12d,48(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%eax,%r13d
-	xorl	%ecx,%r15d
-
-	rorl	$5,%r13d
-	addl	%edx,%r12d
-	xorl	%r8d,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%eax,%r15d
-	movl	%r9d,%edx
-
-	rorl	$11,%r14d
-	xorl	%eax,%r13d
-	xorl	%ecx,%r15d
-
-	xorl	%r10d,%edx
-	xorl	%r8d,%r14d
-	addl	%r15d,%r12d
-	movl	%r9d,%r15d
-
-	rorl	$6,%r13d
-	andl	%r8d,%edx
-	andl	%r10d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%edx
-
-	addl	%r12d,%r11d
-	addl	%r12d,%edx
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%edx
-
-	movl	56(%rsp),%r13d
-	movl	44(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	24(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	52(%rsp),%r12d
-	movl	%r11d,%r13d
-	addl	%r14d,%r12d
-	movl	%edx,%r14d
-	rorl	$14,%r13d
-	movl	%eax,%r15d
-	movl	%r12d,52(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r11d,%r13d
-	xorl	%ebx,%r15d
-
-	rorl	$5,%r13d
-	addl	%ecx,%r12d
-	xorl	%edx,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r11d,%r15d
-	movl	%r8d,%ecx
-
-	rorl	$11,%r14d
-	xorl	%r11d,%r13d
-	xorl	%ebx,%r15d
-
-	xorl	%r9d,%ecx
-	xorl	%edx,%r14d
-	addl	%r15d,%r12d
-	movl	%r8d,%r15d
-
-	rorl	$6,%r13d
-	andl	%edx,%ecx
-	andl	%r9d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%ecx
-
-	addl	%r12d,%r10d
-	addl	%r12d,%ecx
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%ecx
-
-	movl	60(%rsp),%r13d
-	movl	48(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	28(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	56(%rsp),%r12d
-	movl	%r10d,%r13d
-	addl	%r14d,%r12d
-	movl	%ecx,%r14d
-	rorl	$14,%r13d
-	movl	%r11d,%r15d
-	movl	%r12d,56(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r10d,%r13d
-	xorl	%eax,%r15d
-
-	rorl	$5,%r13d
-	addl	%ebx,%r12d
-	xorl	%ecx,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r10d,%r15d
-	movl	%edx,%ebx
-
-	rorl	$11,%r14d
-	xorl	%r10d,%r13d
-	xorl	%eax,%r15d
-
-	xorl	%r8d,%ebx
-	xorl	%ecx,%r14d
-	addl	%r15d,%r12d
-	movl	%edx,%r15d
-
-	rorl	$6,%r13d
-	andl	%ecx,%ebx
-	andl	%r8d,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%ebx
-
-	addl	%r12d,%r9d
-	addl	%r12d,%ebx
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%ebx
-
-	movl	0(%rsp),%r13d
-	movl	52(%rsp),%r14d
-	movl	%r13d,%r12d
-	movl	%r14d,%r15d
-
-	rorl	$11,%r12d
-	xorl	%r13d,%r12d
-	shrl	$3,%r13d
-
-	rorl	$7,%r12d
-	xorl	%r12d,%r13d
-	movl	32(%rsp),%r12d
-
-	rorl	$2,%r15d
-	xorl	%r14d,%r15d
-	shrl	$10,%r14d
-
-	rorl	$17,%r15d
-	addl	%r13d,%r12d
-	xorl	%r15d,%r14d
-
-	addl	60(%rsp),%r12d
-	movl	%r9d,%r13d
-	addl	%r14d,%r12d
-	movl	%ebx,%r14d
-	rorl	$14,%r13d
-	movl	%r10d,%r15d
-	movl	%r12d,60(%rsp)
-
-	rorl	$9,%r14d
-	xorl	%r9d,%r13d
-	xorl	%r11d,%r15d
-
-	rorl	$5,%r13d
-	addl	%eax,%r12d
-	xorl	%ebx,%r14d
-
-	addl	(%rbp,%rdi,4),%r12d
-	andl	%r9d,%r15d
-	movl	%ecx,%eax
-
-	rorl	$11,%r14d
-	xorl	%r9d,%r13d
-	xorl	%r11d,%r15d
-
-	xorl	%edx,%eax
-	xorl	%ebx,%r14d
-	addl	%r15d,%r12d
-	movl	%ecx,%r15d
-
-	rorl	$6,%r13d
-	andl	%ebx,%eax
-	andl	%edx,%r15d
-
-	rorl	$2,%r14d
-	addl	%r13d,%r12d
-	addl	%r15d,%eax
-
-	addl	%r12d,%r8d
-	addl	%r12d,%eax
-	leaq	1(%rdi),%rdi
-	addl	%r14d,%eax
-
-	cmpq	$64,%rdi
-	jb	.Lrounds_16_xx
-
-	movq	64+0(%rsp),%rdi
-	leaq	64(%rsi),%rsi
-
-	addl	0(%rdi),%eax
-	addl	4(%rdi),%ebx
-	addl	8(%rdi),%ecx
-	addl	12(%rdi),%edx
-	addl	16(%rdi),%r8d
-	addl	20(%rdi),%r9d
-	addl	24(%rdi),%r10d
-	addl	28(%rdi),%r11d
-
-	cmpq	64+16(%rsp),%rsi
-
-	movl	%eax,0(%rdi)
-	movl	%ebx,4(%rdi)
-	movl	%ecx,8(%rdi)
-	movl	%edx,12(%rdi)
-	movl	%r8d,16(%rdi)
-	movl	%r9d,20(%rdi)
-	movl	%r10d,24(%rdi)
-	movl	%r11d,28(%rdi)
-	jb	.Lloop
-
-	movq	64+24(%rsp),%rsi
-	movq	(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbp
-	movq	40(%rsi),%rbx
-	leaq	48(%rsi),%rsp
-.Lepilogue:
-	.byte	0xf3,0xc3
-.size	sha256_block_data_order,.-sha256_block_data_order
-.align	64
-.type	K256,@object
-K256:
-.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
-.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
-.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
-.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
-.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
-.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
-.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
-.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
-.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
-.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
-.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
-.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
-.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
-.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
diff --git a/crypto/sha/asm/sha512-586.S b/crypto/sha/asm/sha512-586.S
deleted file mode 100644
index 82c76c412a..0000000000
--- a/crypto/sha/asm/sha512-586.S
+++ /dev/null
@@ -1,836 +0,0 @@
-.file	"sha512-586.s"
-.text
-.globl	sha512_block_data_order
-.type	sha512_block_data_order,@function
-.align	16
-sha512_block_data_order:
-.L_sha512_block_data_order_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	20(%esp),%esi
-	movl	24(%esp),%edi
-	movl	28(%esp),%eax
-	movl	%esp,%ebx
-	call	.L000pic_point
-.L000pic_point:
-	popl	%ebp
-	leal	.L001K512-.L000pic_point(%ebp),%ebp
-	subl	$16,%esp
-	andl	$-64,%esp
-	shll	$7,%eax
-	addl	%edi,%eax
-	movl	%esi,(%esp)
-	movl	%edi,4(%esp)
-	movl	%eax,8(%esp)
-	movl	%ebx,12(%esp)
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L001K512](%ebp),%edx
-	movl	OPENSSL_ia32cap_P@GOT(%edx),%edx
-	btl	$26,(%edx)
-	jnc	.L002loop_x86
-	movq	(%esi),%mm0
-	movq	8(%esi),%mm1
-	movq	16(%esi),%mm2
-	movq	24(%esi),%mm3
-	movq	32(%esi),%mm4
-	movq	40(%esi),%mm5
-	movq	48(%esi),%mm6
-	movq	56(%esi),%mm7
-	subl	$80,%esp
-.align	16
-.L003loop_sse2:
-	movq	%mm1,8(%esp)
-	movq	%mm2,16(%esp)
-	movq	%mm3,24(%esp)
-	movq	%mm5,40(%esp)
-	movq	%mm6,48(%esp)
-	movq	%mm7,56(%esp)
-	movl	(%edi),%ecx
-	movl	4(%edi),%edx
-	addl	$8,%edi
-	bswap	%ecx
-	bswap	%edx
-	movl	%ecx,76(%esp)
-	movl	%edx,72(%esp)
-.align	16
-.L00400_14_sse2:
-	movl	(%edi),%eax
-	movl	4(%edi),%ebx
-	addl	$8,%edi
-	bswap	%eax
-	bswap	%ebx
-	movl	%eax,68(%esp)
-	movl	%ebx,64(%esp)
-	movq	40(%esp),%mm5
-	movq	48(%esp),%mm6
-	movq	56(%esp),%mm7
-	movq	%mm4,%mm1
-	movq	%mm4,%mm2
-	psrlq	$14,%mm1
-	movq	%mm4,32(%esp)
-	psllq	$23,%mm2
-	movq	%mm1,%mm3
-	psrlq	$4,%mm1
-	pxor	%mm2,%mm3
-	psllq	$23,%mm2
-	pxor	%mm1,%mm3
-	psrlq	$23,%mm1
-	pxor	%mm2,%mm3
-	psllq	$4,%mm2
-	pxor	%mm1,%mm3
-	paddq	(%ebp),%mm7
-	pxor	%mm2,%mm3
-	pxor	%mm6,%mm5
-	movq	8(%esp),%mm1
-	pand	%mm4,%mm5
-	movq	16(%esp),%mm2
-	pxor	%mm6,%mm5
-	movq	24(%esp),%mm4
-	paddq	%mm5,%mm3
-	movq	%mm0,(%esp)
-	paddq	%mm7,%mm3
-	movq	%mm0,%mm5
-	movq	%mm0,%mm6
-	paddq	72(%esp),%mm3
-	psrlq	$28,%mm5
-	paddq	%mm3,%mm4
-	psllq	$25,%mm6
-	movq	%mm5,%mm7
-	psrlq	$6,%mm5
-	pxor	%mm6,%mm7
-	psllq	$5,%mm6
-	pxor	%mm5,%mm7
-	psrlq	$5,%mm5
-	pxor	%mm6,%mm7
-	psllq	$6,%mm6
-	pxor	%mm5,%mm7
-	subl	$8,%esp
-	pxor	%mm6,%mm7
-	movq	%mm0,%mm5
-	por	%mm2,%mm0
-	pand	%mm2,%mm5
-	pand	%mm1,%mm0
-	por	%mm0,%mm5
-	paddq	%mm5,%mm7
-	movq	%mm3,%mm0
-	movb	(%ebp),%dl
-	paddq	%mm7,%mm0
-	addl	$8,%ebp
-	cmpb	$53,%dl
-	jne	.L00400_14_sse2
-	movq	40(%esp),%mm5
-	movq	48(%esp),%mm6
-	movq	56(%esp),%mm7
-	movq	%mm4,%mm1
-	movq	%mm4,%mm2
-	psrlq	$14,%mm1
-	movq	%mm4,32(%esp)
-	psllq	$23,%mm2
-	movq	%mm1,%mm3
-	psrlq	$4,%mm1
-	pxor	%mm2,%mm3
-	psllq	$23,%mm2
-	pxor	%mm1,%mm3
-	psrlq	$23,%mm1
-	pxor	%mm2,%mm3
-	psllq	$4,%mm2
-	pxor	%mm1,%mm3
-	paddq	(%ebp),%mm7
-	pxor	%mm2,%mm3
-	pxor	%mm6,%mm5
-	movq	8(%esp),%mm1
-	pand	%mm4,%mm5
-	movq	16(%esp),%mm2
-	pxor	%mm6,%mm5
-	movq	24(%esp),%mm4
-	paddq	%mm5,%mm3
-	movq	%mm0,(%esp)
-	paddq	%mm7,%mm3
-	movq	%mm0,%mm5
-	movq	%mm0,%mm6
-	paddq	72(%esp),%mm3
-	psrlq	$28,%mm5
-	paddq	%mm3,%mm4
-	psllq	$25,%mm6
-	movq	%mm5,%mm7
-	psrlq	$6,%mm5
-	pxor	%mm6,%mm7
-	psllq	$5,%mm6
-	pxor	%mm5,%mm7
-	psrlq	$5,%mm5
-	pxor	%mm6,%mm7
-	psllq	$6,%mm6
-	pxor	%mm5,%mm7
-	subl	$8,%esp
-	pxor	%mm6,%mm7
-	movq	%mm0,%mm5
-	por	%mm2,%mm0
-	movq	88(%esp),%mm6
-	pand	%mm2,%mm5
-	pand	%mm1,%mm0
-	movq	192(%esp),%mm2
-	por	%mm0,%mm5
-	paddq	%mm5,%mm7
-	movq	%mm3,%mm0
-	movb	(%ebp),%dl
-	paddq	%mm7,%mm0
-	addl	$8,%ebp
-.align	16
-.L00516_79_sse2:
-	movq	%mm2,%mm1
-	psrlq	$1,%mm2
-	movq	%mm6,%mm7
-	psrlq	$6,%mm6
-	movq	%mm2,%mm3
-	psrlq	$6,%mm2
-	movq	%mm6,%mm5
-	psrlq	$13,%mm6
-	pxor	%mm2,%mm3
-	psrlq	$1,%mm2
-	pxor	%mm6,%mm5
-	psrlq	$42,%mm6
-	pxor	%mm2,%mm3
-	movq	200(%esp),%mm2
-	psllq	$56,%mm1
-	pxor	%mm6,%mm5
-	psllq	$3,%mm7
-	pxor	%mm1,%mm3
-	paddq	128(%esp),%mm2
-	psllq	$7,%mm1
-	pxor	%mm7,%mm5
-	psllq	$42,%mm7
-	pxor	%mm1,%mm3
-	pxor	%mm7,%mm5
-	paddq	%mm5,%mm3
-	paddq	%mm2,%mm3
-	movq	%mm3,72(%esp)
-	movq	40(%esp),%mm5
-	movq	48(%esp),%mm6
-	movq	56(%esp),%mm7
-	movq	%mm4,%mm1
-	movq	%mm4,%mm2
-	psrlq	$14,%mm1
-	movq	%mm4,32(%esp)
-	psllq	$23,%mm2
-	movq	%mm1,%mm3
-	psrlq	$4,%mm1
-	pxor	%mm2,%mm3
-	psllq	$23,%mm2
-	pxor	%mm1,%mm3
-	psrlq	$23,%mm1
-	pxor	%mm2,%mm3
-	psllq	$4,%mm2
-	pxor	%mm1,%mm3
-	paddq	(%ebp),%mm7
-	pxor	%mm2,%mm3
-	pxor	%mm6,%mm5
-	movq	8(%esp),%mm1
-	pand	%mm4,%mm5
-	movq	16(%esp),%mm2
-	pxor	%mm6,%mm5
-	movq	24(%esp),%mm4
-	paddq	%mm5,%mm3
-	movq	%mm0,(%esp)
-	paddq	%mm7,%mm3
-	movq	%mm0,%mm5
-	movq	%mm0,%mm6
-	paddq	72(%esp),%mm3
-	psrlq	$28,%mm5
-	paddq	%mm3,%mm4
-	psllq	$25,%mm6
-	movq	%mm5,%mm7
-	psrlq	$6,%mm5
-	pxor	%mm6,%mm7
-	psllq	$5,%mm6
-	pxor	%mm5,%mm7
-	psrlq	$5,%mm5
-	pxor	%mm6,%mm7
-	psllq	$6,%mm6
-	pxor	%mm5,%mm7
-	subl	$8,%esp
-	pxor	%mm6,%mm7
-	movq	%mm0,%mm5
-	por	%mm2,%mm0
-	movq	88(%esp),%mm6
-	pand	%mm2,%mm5
-	pand	%mm1,%mm0
-	movq	192(%esp),%mm2
-	por	%mm0,%mm5
-	paddq	%mm5,%mm7
-	movq	%mm3,%mm0
-	movb	(%ebp),%dl
-	paddq	%mm7,%mm0
-	addl	$8,%ebp
-	cmpb	$23,%dl
-	jne	.L00516_79_sse2
-	movq	8(%esp),%mm1
-	movq	16(%esp),%mm2
-	movq	24(%esp),%mm3
-	movq	40(%esp),%mm5
-	movq	48(%esp),%mm6
-	movq	56(%esp),%mm7
-	paddq	(%esi),%mm0
-	paddq	8(%esi),%mm1
-	paddq	16(%esi),%mm2
-	paddq	24(%esi),%mm3
-	paddq	32(%esi),%mm4
-	paddq	40(%esi),%mm5
-	paddq	48(%esi),%mm6
-	paddq	56(%esi),%mm7
-	movq	%mm0,(%esi)
-	movq	%mm1,8(%esi)
-	movq	%mm2,16(%esi)
-	movq	%mm3,24(%esi)
-	movq	%mm4,32(%esi)
-	movq	%mm5,40(%esi)
-	movq	%mm6,48(%esi)
-	movq	%mm7,56(%esi)
-	addl	$640,%esp
-	subl	$640,%ebp
-	cmpl	88(%esp),%edi
-	jb	.L003loop_sse2
-	emms
-	movl	92(%esp),%esp
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align	16
-.L002loop_x86:
-	movl	(%edi),%eax
-	movl	4(%edi),%ebx
-	movl	8(%edi),%ecx
-	movl	12(%edi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	pushl	%eax
-	pushl	%ebx
-	pushl	%ecx
-	pushl	%edx
-	movl	16(%edi),%eax
-	movl	20(%edi),%ebx
-	movl	24(%edi),%ecx
-	movl	28(%edi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	pushl	%eax
-	pushl	%ebx
-	pushl	%ecx
-	pushl	%edx
-	movl	32(%edi),%eax
-	movl	36(%edi),%ebx
-	movl	40(%edi),%ecx
-	movl	44(%edi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	pushl	%eax
-	pushl	%ebx
-	pushl	%ecx
-	pushl	%edx
-	movl	48(%edi),%eax
-	movl	52(%edi),%ebx
-	movl	56(%edi),%ecx
-	movl	60(%edi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	pushl	%eax
-	pushl	%ebx
-	pushl	%ecx
-	pushl	%edx
-	movl	64(%edi),%eax
-	movl	68(%edi),%ebx
-	movl	72(%edi),%ecx
-	movl	76(%edi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	pushl	%eax
-	pushl	%ebx
-	pushl	%ecx
-	pushl	%edx
-	movl	80(%edi),%eax
-	movl	84(%edi),%ebx
-	movl	88(%edi),%ecx
-	movl	92(%edi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	pushl	%eax
-	pushl	%ebx
-	pushl	%ecx
-	pushl	%edx
-	movl	96(%edi),%eax
-	movl	100(%edi),%ebx
-	movl	104(%edi),%ecx
-	movl	108(%edi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	pushl	%eax
-	pushl	%ebx
-	pushl	%ecx
-	pushl	%edx
-	movl	112(%edi),%eax
-	movl	116(%edi),%ebx
-	movl	120(%edi),%ecx
-	movl	124(%edi),%edx
-	bswap	%eax
-	bswap	%ebx
-	bswap	%ecx
-	bswap	%edx
-	pushl	%eax
-	pushl	%ebx
-	pushl	%ecx
-	pushl	%edx
-	addl	$128,%edi
-	subl	$72,%esp
-	movl	%edi,204(%esp)
-	leal	8(%esp),%edi
-	movl	$16,%ecx
-.long	2784229001
-.align	16
-.L00600_15_x86:
-	movl	40(%esp),%ecx
-	movl	44(%esp),%edx
-	movl	%ecx,%esi
-	shrl	$9,%ecx
-	movl	%edx,%edi
-	shrl	$9,%edx
-	movl	%ecx,%ebx
-	shll	$14,%esi
-	movl	%edx,%eax
-	shll	$14,%edi
-	xorl	%esi,%ebx
-	shrl	$5,%ecx
-	xorl	%edi,%eax
-	shrl	$5,%edx
-	xorl	%ecx,%eax
-	shll	$4,%esi
-	xorl	%edx,%ebx
-	shll	$4,%edi
-	xorl	%esi,%ebx
-	shrl	$4,%ecx
-	xorl	%edi,%eax
-	shrl	$4,%edx
-	xorl	%ecx,%eax
-	shll	$5,%esi
-	xorl	%edx,%ebx
-	shll	$5,%edi
-	xorl	%esi,%eax
-	xorl	%edi,%ebx
-	movl	48(%esp),%ecx
-	movl	52(%esp),%edx
-	movl	56(%esp),%esi
-	movl	60(%esp),%edi
-	addl	64(%esp),%eax
-	adcl	68(%esp),%ebx
-	xorl	%esi,%ecx
-	xorl	%edi,%edx
-	andl	40(%esp),%ecx
-	andl	44(%esp),%edx
-	addl	192(%esp),%eax
-	adcl	196(%esp),%ebx
-	xorl	%esi,%ecx
-	xorl	%edi,%edx
-	movl	(%ebp),%esi
-	movl	4(%ebp),%edi
-	addl	%ecx,%eax
-	adcl	%edx,%ebx
-	movl	32(%esp),%ecx
-	movl	36(%esp),%edx
-	addl	%esi,%eax
-	adcl	%edi,%ebx
-	movl	%eax,(%esp)
-	movl	%ebx,4(%esp)
-	addl	%ecx,%eax
-	adcl	%edx,%ebx
-	movl	8(%esp),%ecx
-	movl	12(%esp),%edx
-	movl	%eax,32(%esp)
-	movl	%ebx,36(%esp)
-	movl	%ecx,%esi
-	shrl	$2,%ecx
-	movl	%edx,%edi
-	shrl	$2,%edx
-	movl	%ecx,%ebx
-	shll	$4,%esi
-	movl	%edx,%eax
-	shll	$4,%edi
-	xorl	%esi,%ebx
-	shrl	$5,%ecx
-	xorl	%edi,%eax
-	shrl	$5,%edx
-	xorl	%ecx,%ebx
-	shll	$21,%esi
-	xorl	%edx,%eax
-	shll	$21,%edi
-	xorl	%esi,%eax
-	shrl	$21,%ecx
-	xorl	%edi,%ebx
-	shrl	$21,%edx
-	xorl	%ecx,%eax
-	shll	$5,%esi
-	xorl	%edx,%ebx
-	shll	$5,%edi
-	xorl	%esi,%eax
-	xorl	%edi,%ebx
-	movl	8(%esp),%ecx
-	movl	12(%esp),%edx
-	movl	16(%esp),%esi
-	movl	20(%esp),%edi
-	addl	(%esp),%eax
-	adcl	4(%esp),%ebx
-	orl	%esi,%ecx
-	orl	%edi,%edx
-	andl	24(%esp),%ecx
-	andl	28(%esp),%edx
-	andl	8(%esp),%esi
-	andl	12(%esp),%edi
-	orl	%esi,%ecx
-	orl	%edi,%edx
-	addl	%ecx,%eax
-	adcl	%edx,%ebx
-	movl	%eax,(%esp)
-	movl	%ebx,4(%esp)
-	movb	(%ebp),%dl
-	subl	$8,%esp
-	leal	8(%ebp),%ebp
-	cmpb	$148,%dl
-	jne	.L00600_15_x86
-.align	16
-.L00716_79_x86:
-	movl	312(%esp),%ecx
-	movl	316(%esp),%edx
-	movl	%ecx,%esi
-	shrl	$1,%ecx
-	movl	%edx,%edi
-	shrl	$1,%edx
-	movl	%ecx,%eax
-	shll	$24,%esi
-	movl	%edx,%ebx
-	shll	$24,%edi
-	xorl	%esi,%ebx
-	shrl	$6,%ecx
-	xorl	%edi,%eax
-	shrl	$6,%edx
-	xorl	%ecx,%eax
-	shll	$7,%esi
-	xorl	%edx,%ebx
-	shll	$1,%edi
-	xorl	%esi,%ebx
-	shrl	$1,%ecx
-	xorl	%edi,%eax
-	shrl	$1,%edx
-	xorl	%ecx,%eax
-	shll	$6,%edi
-	xorl	%edx,%ebx
-	xorl	%edi,%eax
-	movl	%eax,(%esp)
-	movl	%ebx,4(%esp)
-	movl	208(%esp),%ecx
-	movl	212(%esp),%edx
-	movl	%ecx,%esi
-	shrl	$6,%ecx
-	movl	%edx,%edi
-	shrl	$6,%edx
-	movl	%ecx,%eax
-	shll	$3,%esi
-	movl	%edx,%ebx
-	shll	$3,%edi
-	xorl	%esi,%eax
-	shrl	$13,%ecx
-	xorl	%edi,%ebx
-	shrl	$13,%edx
-	xorl	%ecx,%eax
-	shll	$10,%esi
-	xorl	%edx,%ebx
-	shll	$10,%edi
-	xorl	%esi,%ebx
-	shrl	$10,%ecx
-	xorl	%edi,%eax
-	shrl	$10,%edx
-	xorl	%ecx,%ebx
-	shll	$13,%edi
-	xorl	%edx,%eax
-	xorl	%edi,%eax
-	movl	320(%esp),%ecx
-	movl	324(%esp),%edx
-	addl	(%esp),%eax
-	adcl	4(%esp),%ebx
-	movl	248(%esp),%esi
-	movl	252(%esp),%edi
-	addl	%ecx,%eax
-	adcl	%edx,%ebx
-	addl	%esi,%eax
-	adcl	%edi,%ebx
-	movl	%eax,192(%esp)
-	movl	%ebx,196(%esp)
-	movl	40(%esp),%ecx
-	movl	44(%esp),%edx
-	movl	%ecx,%esi
-	shrl	$9,%ecx
-	movl	%edx,%edi
-	shrl	$9,%edx
-	movl	%ecx,%ebx
-	shll	$14,%esi
-	movl	%edx,%eax
-	shll	$14,%edi
-	xorl	%esi,%ebx
-	shrl	$5,%ecx
-	xorl	%edi,%eax
-	shrl	$5,%edx
-	xorl	%ecx,%eax
-	shll	$4,%esi
-	xorl	%edx,%ebx
-	shll	$4,%edi
-	xorl	%esi,%ebx
-	shrl	$4,%ecx
-	xorl	%edi,%eax
-	shrl	$4,%edx
-	xorl	%ecx,%eax
-	shll	$5,%esi
-	xorl	%edx,%ebx
-	shll	$5,%edi
-	xorl	%esi,%eax
-	xorl	%edi,%ebx
-	movl	48(%esp),%ecx
-	movl	52(%esp),%edx
-	movl	56(%esp),%esi
-	movl	60(%esp),%edi
-	addl	64(%esp),%eax
-	adcl	68(%esp),%ebx
-	xorl	%esi,%ecx
-	xorl	%edi,%edx
-	andl	40(%esp),%ecx
-	andl	44(%esp),%edx
-	addl	192(%esp),%eax
-	adcl	196(%esp),%ebx
-	xorl	%esi,%ecx
-	xorl	%edi,%edx
-	movl	(%ebp),%esi
-	movl	4(%ebp),%edi
-	addl	%ecx,%eax
-	adcl	%edx,%ebx
-	movl	32(%esp),%ecx
-	movl	36(%esp),%edx
-	addl	%esi,%eax
-	adcl	%edi,%ebx
-	movl	%eax,(%esp)
-	movl	%ebx,4(%esp)
-	addl	%ecx,%eax
-	adcl	%edx,%ebx
-	movl	8(%esp),%ecx
-	movl	12(%esp),%edx
-	movl	%eax,32(%esp)
-	movl	%ebx,36(%esp)
-	movl	%ecx,%esi
-	shrl	$2,%ecx
-	movl	%edx,%edi
-	shrl	$2,%edx
-	movl	%ecx,%ebx
-	shll	$4,%esi
-	movl	%edx,%eax
-	shll	$4,%edi
-	xorl	%esi,%ebx
-	shrl	$5,%ecx
-	xorl	%edi,%eax
-	shrl	$5,%edx
-	xorl	%ecx,%ebx
-	shll	$21,%esi
-	xorl	%edx,%eax
-	shll	$21,%edi
-	xorl	%esi,%eax
-	shrl	$21,%ecx
-	xorl	%edi,%ebx
-	shrl	$21,%edx
-	xorl	%ecx,%eax
-	shll	$5,%esi
-	xorl	%edx,%ebx
-	shll	$5,%edi
-	xorl	%esi,%eax
-	xorl	%edi,%ebx
-	movl	8(%esp),%ecx
-	movl	12(%esp),%edx
-	movl	16(%esp),%esi
-	movl	20(%esp),%edi
-	addl	(%esp),%eax
-	adcl	4(%esp),%ebx
-	orl	%esi,%ecx
-	orl	%edi,%edx
-	andl	24(%esp),%ecx
-	andl	28(%esp),%edx
-	andl	8(%esp),%esi
-	andl	12(%esp),%edi
-	orl	%esi,%ecx
-	orl	%edi,%edx
-	addl	%ecx,%eax
-	adcl	%edx,%ebx
-	movl	%eax,(%esp)
-	movl	%ebx,4(%esp)
-	movb	(%ebp),%dl
-	subl	$8,%esp
-	leal	8(%ebp),%ebp
-	cmpb	$23,%dl
-	jne	.L00716_79_x86
-	movl	840(%esp),%esi
-	movl	844(%esp),%edi
-	movl	(%esi),%eax
-	movl	4(%esi),%ebx
-	movl	8(%esi),%ecx
-	movl	12(%esi),%edx
-	addl	8(%esp),%eax
-	adcl	12(%esp),%ebx
-	movl	%eax,(%esi)
-	movl	%ebx,4(%esi)
-	addl	16(%esp),%ecx
-	adcl	20(%esp),%edx
-	movl	%ecx,8(%esi)
-	movl	%edx,12(%esi)
-	movl	16(%esi),%eax
-	movl	20(%esi),%ebx
-	movl	24(%esi),%ecx
-	movl	28(%esi),%edx
-	addl	24(%esp),%eax
-	adcl	28(%esp),%ebx
-	movl	%eax,16(%esi)
-	movl	%ebx,20(%esi)
-	addl	32(%esp),%ecx
-	adcl	36(%esp),%edx
-	movl	%ecx,24(%esi)
-	movl	%edx,28(%esi)
-	movl	32(%esi),%eax
-	movl	36(%esi),%ebx
-	movl	40(%esi),%ecx
-	movl	44(%esi),%edx
-	addl	40(%esp),%eax
-	adcl	44(%esp),%ebx
-	movl	%eax,32(%esi)
-	movl	%ebx,36(%esi)
-	addl	48(%esp),%ecx
-	adcl	52(%esp),%edx
-	movl	%ecx,40(%esi)
-	movl	%edx,44(%esi)
-	movl	48(%esi),%eax
-	movl	52(%esi),%ebx
-	movl	56(%esi),%ecx
-	movl	60(%esi),%edx
-	addl	56(%esp),%eax
-	adcl	60(%esp),%ebx
-	movl	%eax,48(%esi)
-	movl	%ebx,52(%esi)
-	addl	64(%esp),%ecx
-	adcl	68(%esp),%edx
-	movl	%ecx,56(%esi)
-	movl	%edx,60(%esi)
-	addl	$840,%esp
-	subl	$640,%ebp
-	cmpl	8(%esp),%edi
-	jb	.L002loop_x86
-	movl	12(%esp),%esp
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align	64
-.L001K512:
-.long	3609767458,1116352408
-.long	602891725,1899447441
-.long	3964484399,3049323471
-.long	2173295548,3921009573
-.long	4081628472,961987163
-.long	3053834265,1508970993
-.long	2937671579,2453635748
-.long	3664609560,2870763221
-.long	2734883394,3624381080
-.long	1164996542,310598401
-.long	1323610764,607225278
-.long	3590304994,1426881987
-.long	4068182383,1925078388
-.long	991336113,2162078206
-.long	633803317,2614888103
-.long	3479774868,3248222580
-.long	2666613458,3835390401
-.long	944711139,4022224774
-.long	2341262773,264347078
-.long	2007800933,604807628
-.long	1495990901,770255983
-.long	1856431235,1249150122
-.long	3175218132,1555081692
-.long	2198950837,1996064986
-.long	3999719339,2554220882
-.long	766784016,2821834349
-.long	2566594879,2952996808
-.long	3203337956,3210313671
-.long	1034457026,3336571891
-.long	2466948901,3584528711
-.long	3758326383,113926993
-.long	168717936,338241895
-.long	1188179964,666307205
-.long	1546045734,773529912
-.long	1522805485,1294757372
-.long	2643833823,1396182291
-.long	2343527390,1695183700
-.long	1014477480,1986661051
-.long	1206759142,2177026350
-.long	344077627,2456956037
-.long	1290863460,2730485921
-.long	3158454273,2820302411
-.long	3505952657,3259730800
-.long	106217008,3345764771
-.long	3606008344,3516065817
-.long	1432725776,3600352804
-.long	1467031594,4094571909
-.long	851169720,275423344
-.long	3100823752,430227734
-.long	1363258195,506948616
-.long	3750685593,659060556
-.long	3785050280,883997877
-.long	3318307427,958139571
-.long	3812723403,1322822218
-.long	2003034995,1537002063
-.long	3602036899,1747873779
-.long	1575990012,1955562222
-.long	1125592928,2024104815
-.long	2716904306,2227730452
-.long	442776044,2361852424
-.long	593698344,2428436474
-.long	3733110249,2756734187
-.long	2999351573,3204031479
-.long	3815920427,3329325298
-.long	3928383900,3391569614
-.long	566280711,3515267271
-.long	3454069534,3940187606
-.long	4000239992,4118630271
-.long	1914138554,116418474
-.long	2731055270,174292421
-.long	3203993006,289380356
-.long	320620315,460393269
-.long	587496836,685471733
-.long	1086792851,852142971
-.long	365543100,1017036298
-.long	2618297676,1126000580
-.long	3409855158,1288033470
-.long	4234509866,1501505948
-.long	987167468,1607167915
-.long	1246189591,1816402316
-.size	sha512_block_data_order,.-.L_sha512_block_data_order_begin
-.byte	83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97
-.byte	110,115,102,111,114,109,32,102,111,114,32,120,56,54,44,32
-.byte	67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97
-.byte	112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103
-.byte	62,0
-.comm	OPENSSL_ia32cap_P,8,4
diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl
deleted file mode 100644
index 9f8c51eb54..0000000000
--- a/crypto/sha/asm/sha512-586.pl
+++ /dev/null
@@ -1,644 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# SHA512 block transform for x86. September 2007.
-#
-# Performance in clock cycles per processed byte (less is better):
-#
-#		Pentium	PIII	P4	AMD K8	Core2
-# gcc		100	75	116	54	66
-# icc		97	77	95	55	57
-# x86 asm	61	56	82	36	40
-# SSE2 asm	-	-	38	24	20
-# x86_64 asm(*)	-	-	30	10.0	10.5
-#
-# (*) x86_64 assembler performance is presented for reference
-#     purposes.
-#
-# IALU code-path is optimized for elder Pentiums. On vanilla Pentium
-# performance improvement over compiler generated code reaches ~60%,
-# while on PIII - ~35%. On newer µ-archs improvement varies from 15%
-# to 50%, but it's less important as they are expected to execute SSE2
-# code-path, which is commonly ~2-3x faster [than compiler generated
-# code]. SSE2 code-path is as fast as original sha512-sse2.pl, even
-# though it does not use 128-bit operations. The latter means that
-# SSE2-aware kernel is no longer required to execute the code. Another
-# difference is that new code optimizes amount of writes, but at the
-# cost of increased data cache "footprint" by 1/2KB.
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386");
-
-$sse2=0;
-for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-
-&external_label("OPENSSL_ia32cap_P") if ($sse2);
-
-$Tlo=&DWP(0,"esp");	$Thi=&DWP(4,"esp");
-$Alo=&DWP(8,"esp");	$Ahi=&DWP(8+4,"esp");
-$Blo=&DWP(16,"esp");	$Bhi=&DWP(16+4,"esp");
-$Clo=&DWP(24,"esp");	$Chi=&DWP(24+4,"esp");
-$Dlo=&DWP(32,"esp");	$Dhi=&DWP(32+4,"esp");
-$Elo=&DWP(40,"esp");	$Ehi=&DWP(40+4,"esp");
-$Flo=&DWP(48,"esp");	$Fhi=&DWP(48+4,"esp");
-$Glo=&DWP(56,"esp");	$Ghi=&DWP(56+4,"esp");
-$Hlo=&DWP(64,"esp");	$Hhi=&DWP(64+4,"esp");
-$K512="ebp";
-
-$Asse2=&QWP(0,"esp");
-$Bsse2=&QWP(8,"esp");
-$Csse2=&QWP(16,"esp");
-$Dsse2=&QWP(24,"esp");
-$Esse2=&QWP(32,"esp");
-$Fsse2=&QWP(40,"esp");
-$Gsse2=&QWP(48,"esp");
-$Hsse2=&QWP(56,"esp");
-
-$A="mm0";	# B-D and
-$E="mm4";	# F-H are commonly loaded to respectively mm1-mm3 and
-		# mm5-mm7, but it's done on on-demand basis...
-
-sub BODY_00_15_sse2 {
-    my $prefetch=shift;
-
-	&movq	("mm5",$Fsse2);			# load f
-	&movq	("mm6",$Gsse2);			# load g
-	&movq	("mm7",$Hsse2);			# load h
-
-	&movq	("mm1",$E);			# %mm1 is sliding right
-	&movq	("mm2",$E);			# %mm2 is sliding left
-	&psrlq	("mm1",14);
-	&movq	($Esse2,$E);			# modulo-scheduled save e
-	&psllq	("mm2",23);
-	&movq	("mm3","mm1");			# %mm3 is T1
-	&psrlq	("mm1",4);
-	&pxor	("mm3","mm2");
-	&psllq	("mm2",23);
-	&pxor	("mm3","mm1");
-	&psrlq	("mm1",23);
-	&pxor	("mm3","mm2");
-	&psllq	("mm2",4);
-	&pxor	("mm3","mm1");
-	&paddq	("mm7",QWP(0,$K512));		# h+=K512[i]
-	&pxor	("mm3","mm2");			# T1=Sigma1_512(e)
-
-	&pxor	("mm5","mm6");			# f^=g
-	&movq	("mm1",$Bsse2);			# load b
-	&pand	("mm5",$E);			# f&=e
-	&movq	("mm2",$Csse2);			# load c
-	&pxor	("mm5","mm6");			# f^=g
-	&movq	($E,$Dsse2);			# e = load d
-	&paddq	("mm3","mm5");			# T1+=Ch(e,f,g)
-	&movq	(&QWP(0,"esp"),$A);		# modulo-scheduled save a
-	&paddq	("mm3","mm7");			# T1+=h
-
-	&movq	("mm5",$A);			# %mm5 is sliding right
-	&movq	("mm6",$A);			# %mm6 is sliding left
-	&paddq	("mm3",&QWP(8*9,"esp"));	# T1+=X[0]
-	&psrlq	("mm5",28);
-	&paddq	($E,"mm3");			# e += T1
-	&psllq	("mm6",25);
-	&movq	("mm7","mm5");			# %mm7 is T2
-	&psrlq	("mm5",6);
-	&pxor	("mm7","mm6");
-	&psllq	("mm6",5);
-	&pxor	("mm7","mm5");
-	&psrlq	("mm5",5);
-	&pxor	("mm7","mm6");
-	&psllq	("mm6",6);
-	&pxor	("mm7","mm5");
-	&sub	("esp",8);
-	&pxor	("mm7","mm6");			# T2=Sigma0_512(a)
-
-	&movq	("mm5",$A);			# %mm5=a
-	&por	($A,"mm2");			# a=a|c
-	&movq	("mm6",&QWP(8*(9+16-14),"esp"))	if ($prefetch);
-	&pand	("mm5","mm2");			# %mm5=a&c
-	&pand	($A,"mm1");			# a=(a|c)&b
-	&movq	("mm2",&QWP(8*(9+16-1),"esp"))	if ($prefetch);
-	&por	("mm5",$A);			# %mm5=(a&c)|((a|c)&b)
-	&paddq	("mm7","mm5");			# T2+=Maj(a,b,c)
-	&movq	($A,"mm3");			# a=T1
-
-	&mov	(&LB("edx"),&BP(0,$K512));
-	&paddq	($A,"mm7");			# a+=T2
-	&add	($K512,8);
-}
-
-sub BODY_00_15_x86 {
-	#define Sigma1(x)	(ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
-	#	LO		lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
-	#	HI		hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
-	&mov	("ecx",$Elo);
-	&mov	("edx",$Ehi);
-	&mov	("esi","ecx");
-
-	&shr	("ecx",9);	# lo>>9
-	&mov	("edi","edx");
-	&shr	("edx",9);	# hi>>9
-	&mov	("ebx","ecx");
-	&shl	("esi",14);	# lo<<14
-	&mov	("eax","edx");
-	&shl	("edi",14);	# hi<<14
-	&xor	("ebx","esi");
-
-	&shr	("ecx",14-9);	# lo>>14
-	&xor	("eax","edi");
-	&shr	("edx",14-9);	# hi>>14
-	&xor	("eax","ecx");
-	&shl	("esi",18-14);	# lo<<18
-	&xor	("ebx","edx");
-	&shl	("edi",18-14);	# hi<<18
-	&xor	("ebx","esi");
-
-	&shr	("ecx",18-14);	# lo>>18
-	&xor	("eax","edi");
-	&shr	("edx",18-14);	# hi>>18
-	&xor	("eax","ecx");
-	&shl	("esi",23-18);	# lo<<23
-	&xor	("ebx","edx");
-	&shl	("edi",23-18);	# hi<<23
-	&xor	("eax","esi");
-	&xor	("ebx","edi");			# T1 = Sigma1(e)
-
-	&mov	("ecx",$Flo);
-	&mov	("edx",$Fhi);
-	&mov	("esi",$Glo);
-	&mov	("edi",$Ghi);
-	 &add	("eax",$Hlo);
-	 &adc	("ebx",$Hhi);			# T1 += h
-	&xor	("ecx","esi");
-	&xor	("edx","edi");
-	&and	("ecx",$Elo);
-	&and	("edx",$Ehi);
-	 &add	("eax",&DWP(8*(9+15)+0,"esp"));
-	 &adc	("ebx",&DWP(8*(9+15)+4,"esp"));	# T1 += X[0]
-	&xor	("ecx","esi");
-	&xor	("edx","edi");			# Ch(e,f,g) = (f^g)&e)^g
-
-	&mov	("esi",&DWP(0,$K512));
-	&mov	("edi",&DWP(4,$K512));		# K[i]
-	&add	("eax","ecx");
-	&adc	("ebx","edx");			# T1 += Ch(e,f,g)
-	&mov	("ecx",$Dlo);
-	&mov	("edx",$Dhi);
-	&add	("eax","esi");
-	&adc	("ebx","edi");			# T1 += K[i]
-	&mov	($Tlo,"eax");
-	&mov	($Thi,"ebx");			# put T1 away
-	&add	("eax","ecx");
-	&adc	("ebx","edx");			# d += T1
-
-	#define Sigma0(x)	(ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
-	#	LO		lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
-	#	HI		hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
-	&mov	("ecx",$Alo);
-	&mov	("edx",$Ahi);
-	&mov	($Dlo,"eax");
-	&mov	($Dhi,"ebx");
-	&mov	("esi","ecx");
-
-	&shr	("ecx",2);	# lo>>2
-	&mov	("edi","edx");
-	&shr	("edx",2);	# hi>>2
-	&mov	("ebx","ecx");
-	&shl	("esi",4);	# lo<<4
-	&mov	("eax","edx");
-	&shl	("edi",4);	# hi<<4
-	&xor	("ebx","esi");
-
-	&shr	("ecx",7-2);	# lo>>7
-	&xor	("eax","edi");
-	&shr	("edx",7-2);	# hi>>7
-	&xor	("ebx","ecx");
-	&shl	("esi",25-4);	# lo<<25
-	&xor	("eax","edx");
-	&shl	("edi",25-4);	# hi<<25
-	&xor	("eax","esi");
-
-	&shr	("ecx",28-7);	# lo>>28
-	&xor	("ebx","edi");
-	&shr	("edx",28-7);	# hi>>28
-	&xor	("eax","ecx");
-	&shl	("esi",30-25);	# lo<<30
-	&xor	("ebx","edx");
-	&shl	("edi",30-25);	# hi<<30
-	&xor	("eax","esi");
-	&xor	("ebx","edi");			# Sigma0(a)
-
-	&mov	("ecx",$Alo);
-	&mov	("edx",$Ahi);
-	&mov	("esi",$Blo);
-	&mov	("edi",$Bhi);
-	&add	("eax",$Tlo);
-	&adc	("ebx",$Thi);			# T1 = Sigma0(a)+T1
-	&or	("ecx","esi");
-	&or	("edx","edi");
-	&and	("ecx",$Clo);
-	&and	("edx",$Chi);
-	&and	("esi",$Alo);
-	&and	("edi",$Ahi);
-	&or	("ecx","esi");
-	&or	("edx","edi");			# Maj(a,b,c) = ((a|b)&c)|(a&b)
-
-	&add	("eax","ecx");
-	&adc	("ebx","edx");			# T1 += Maj(a,b,c)
-	&mov	($Tlo,"eax");
-	&mov	($Thi,"ebx");
-
-	&mov	(&LB("edx"),&BP(0,$K512));	# pre-fetch LSB of *K
-	&sub	("esp",8);
-	&lea	($K512,&DWP(8,$K512));		# K++
-}
-
-
-&function_begin("sha512_block_data_order");
-	&mov	("esi",wparam(0));	# ctx
-	&mov	("edi",wparam(1));	# inp
-	&mov	("eax",wparam(2));	# num
-	&mov	("ebx","esp");		# saved sp
-
-	&call	(&label("pic_point"));	# make it PIC!
-&set_label("pic_point");
-	&blindpop($K512);
-	&lea	($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512));
-
-	&sub	("esp",16);
-	&and	("esp",-64);
-
-	&shl	("eax",7);
-	&add	("eax","edi");
-	&mov	(&DWP(0,"esp"),"esi");	# ctx
-	&mov	(&DWP(4,"esp"),"edi");	# inp
-	&mov	(&DWP(8,"esp"),"eax");	# inp+num*128
-	&mov	(&DWP(12,"esp"),"ebx");	# saved sp
-
-if ($sse2) {
-	&picmeup("edx","OPENSSL_ia32cap_P",$K512,&label("K512"));
-	&bt	(&DWP(0,"edx"),26);
-	&jnc	(&label("loop_x86"));
-
-	# load ctx->h[0-7]
-	&movq	($A,&QWP(0,"esi"));
-	&movq	("mm1",&QWP(8,"esi"));
-	&movq	("mm2",&QWP(16,"esi"));
-	&movq	("mm3",&QWP(24,"esi"));
-	&movq	($E,&QWP(32,"esi"));
-	&movq	("mm5",&QWP(40,"esi"));
-	&movq	("mm6",&QWP(48,"esi"));
-	&movq	("mm7",&QWP(56,"esi"));
-	&sub	("esp",8*10);
-
-&set_label("loop_sse2",16);
-	# &movq	($Asse2,$A);
-	&movq	($Bsse2,"mm1");
-	&movq	($Csse2,"mm2");
-	&movq	($Dsse2,"mm3");
-	# &movq	($Esse2,$E);
-	&movq	($Fsse2,"mm5");
-	&movq	($Gsse2,"mm6");
-	&movq	($Hsse2,"mm7");
-
-	&mov	("ecx",&DWP(0,"edi"));
-	&mov	("edx",&DWP(4,"edi"));
-	&add	("edi",8);
-	&bswap	("ecx");
-	&bswap	("edx");
-	&mov	(&DWP(8*9+4,"esp"),"ecx");
-	&mov	(&DWP(8*9+0,"esp"),"edx");
-
-&set_label("00_14_sse2",16);
-	&mov	("eax",&DWP(0,"edi"));
-	&mov	("ebx",&DWP(4,"edi"));
-	&add	("edi",8);
-	&bswap	("eax");
-	&bswap	("ebx");
-	&mov	(&DWP(8*8+4,"esp"),"eax");
-	&mov	(&DWP(8*8+0,"esp"),"ebx");
-
-	&BODY_00_15_sse2();
-
-	&cmp	(&LB("edx"),0x35);
-	&jne	(&label("00_14_sse2"));
-
-	&BODY_00_15_sse2(1);
-
-&set_label("16_79_sse2",16);
-	#&movq	("mm2",&QWP(8*(9+16-1),"esp"));	#prefetched in BODY_00_15 
-	#&movq	("mm6",&QWP(8*(9+16-14),"esp"));
-	&movq	("mm1","mm2");
-
-	&psrlq	("mm2",1);
-	&movq	("mm7","mm6");
-	&psrlq	("mm6",6);
-	&movq	("mm3","mm2");
-
-	&psrlq	("mm2",7-1);
-	&movq	("mm5","mm6");
-	&psrlq	("mm6",19-6);
-	&pxor	("mm3","mm2");
-
-	&psrlq	("mm2",8-7);
-	&pxor	("mm5","mm6");
-	&psrlq	("mm6",61-19);
-	&pxor	("mm3","mm2");
-
-	&movq	("mm2",&QWP(8*(9+16),"esp"));
-
-	&psllq	("mm1",56);
-	&pxor	("mm5","mm6");
-	&psllq	("mm7",3);
-	&pxor	("mm3","mm1");
-
-	&paddq	("mm2",&QWP(8*(9+16-9),"esp"));
-
-	&psllq	("mm1",63-56);
-	&pxor	("mm5","mm7");
-	&psllq	("mm7",45-3);
-	&pxor	("mm3","mm1");
-	&pxor	("mm5","mm7");
-
-	&paddq	("mm3","mm5");
-	&paddq	("mm3","mm2");
-	&movq	(&QWP(8*9,"esp"),"mm3");
-
-	&BODY_00_15_sse2(1);
-
-	&cmp	(&LB("edx"),0x17);
-	&jne	(&label("16_79_sse2"));
-
-	# &movq	($A,$Asse2);
-	&movq	("mm1",$Bsse2);
-	&movq	("mm2",$Csse2);
-	&movq	("mm3",$Dsse2);
-	# &movq	($E,$Esse2);
-	&movq	("mm5",$Fsse2);
-	&movq	("mm6",$Gsse2);
-	&movq	("mm7",$Hsse2);
-
-	&paddq	($A,&QWP(0,"esi"));
-	&paddq	("mm1",&QWP(8,"esi"));
-	&paddq	("mm2",&QWP(16,"esi"));
-	&paddq	("mm3",&QWP(24,"esi"));
-	&paddq	($E,&QWP(32,"esi"));
-	&paddq	("mm5",&QWP(40,"esi"));
-	&paddq	("mm6",&QWP(48,"esi"));
-	&paddq	("mm7",&QWP(56,"esi"));
-
-	&movq	(&QWP(0,"esi"),$A);
-	&movq	(&QWP(8,"esi"),"mm1");
-	&movq	(&QWP(16,"esi"),"mm2");
-	&movq	(&QWP(24,"esi"),"mm3");
-	&movq	(&QWP(32,"esi"),$E);
-	&movq	(&QWP(40,"esi"),"mm5");
-	&movq	(&QWP(48,"esi"),"mm6");
-	&movq	(&QWP(56,"esi"),"mm7");
-
-	&add	("esp",8*80);			# destroy frame
-	&sub	($K512,8*80);			# rewind K
-
-	&cmp	("edi",&DWP(8*10+8,"esp"));	# are we done yet?
-	&jb	(&label("loop_sse2"));
-
-	&emms	();
-	&mov	("esp",&DWP(8*10+12,"esp"));	# restore sp
-&function_end_A();
-}
-&set_label("loop_x86",16);
-    # copy input block to stack reversing byte and qword order
-    for ($i=0;$i<8;$i++) {
-	&mov	("eax",&DWP($i*16+0,"edi"));
-	&mov	("ebx",&DWP($i*16+4,"edi"));
-	&mov	("ecx",&DWP($i*16+8,"edi"));
-	&mov	("edx",&DWP($i*16+12,"edi"));
-	&bswap	("eax");
-	&bswap	("ebx");
-	&bswap	("ecx");
-	&bswap	("edx");
-	&push	("eax");
-	&push	("ebx");
-	&push	("ecx");
-	&push	("edx");
-    }
-	&add	("edi",128);
-	&sub	("esp",9*8);		# place for T,A,B,C,D,E,F,G,H
-	&mov	(&DWP(8*(9+16)+4,"esp"),"edi");
-
-	# copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack
-	&lea	("edi",&DWP(8,"esp"));
-	&mov	("ecx",16);
-	&data_word(0xA5F3F689);		# rep movsd
-
-&set_label("00_15_x86",16);
-	&BODY_00_15_x86();
-
-	&cmp	(&LB("edx"),0x94);
-	&jne	(&label("00_15_x86"));
-
-&set_label("16_79_x86",16);
-	#define sigma0(x)	(ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
-	#	LO		lo>>1^hi<<31  ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
-	#	HI		hi>>1^lo<<31  ^ hi>>8^lo<<24 ^ hi>>7
-	&mov	("ecx",&DWP(8*(9+15+16-1)+0,"esp"));
-	&mov	("edx",&DWP(8*(9+15+16-1)+4,"esp"));
-	&mov	("esi","ecx");
-
-	&shr	("ecx",1);	# lo>>1
-	&mov	("edi","edx");
-	&shr	("edx",1);	# hi>>1
-	&mov	("eax","ecx");
-	&shl	("esi",24);	# lo<<24
-	&mov	("ebx","edx");
-	&shl	("edi",24);	# hi<<24
-	&xor	("ebx","esi");
-
-	&shr	("ecx",7-1);	# lo>>7
-	&xor	("eax","edi");
-	&shr	("edx",7-1);	# hi>>7
-	&xor	("eax","ecx");
-	&shl	("esi",31-24);	# lo<<31
-	&xor	("ebx","edx");
-	&shl	("edi",25-24);	# hi<<25
-	&xor	("ebx","esi");
-
-	&shr	("ecx",8-7);	# lo>>8
-	&xor	("eax","edi");
-	&shr	("edx",8-7);	# hi>>8
-	&xor	("eax","ecx");
-	&shl	("edi",31-25);	# hi<<31
-	&xor	("ebx","edx");
-	&xor	("eax","edi");			# T1 = sigma0(X[-15])
-
-	&mov	(&DWP(0,"esp"),"eax");
-	&mov	(&DWP(4,"esp"),"ebx");		# put T1 away
-
-	#define sigma1(x)	(ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
-	#	LO		lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26
-	#	HI		hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6
-	&mov	("ecx",&DWP(8*(9+15+16-14)+0,"esp"));
-	&mov	("edx",&DWP(8*(9+15+16-14)+4,"esp"));
-	&mov	("esi","ecx");
-
-	&shr	("ecx",6);	# lo>>6
-	&mov	("edi","edx");
-	&shr	("edx",6);	# hi>>6
-	&mov	("eax","ecx");
-	&shl	("esi",3);	# lo<<3
-	&mov	("ebx","edx");
-	&shl	("edi",3);	# hi<<3
-	&xor	("eax","esi");
-
-	&shr	("ecx",19-6);	# lo>>19
-	&xor	("ebx","edi");
-	&shr	("edx",19-6);	# hi>>19
-	&xor	("eax","ecx");
-	&shl	("esi",13-3);	# lo<<13
-	&xor	("ebx","edx");
-	&shl	("edi",13-3);	# hi<<13
-	&xor	("ebx","esi");
-
-	&shr	("ecx",29-19);	# lo>>29
-	&xor	("eax","edi");
-	&shr	("edx",29-19);	# hi>>29
-	&xor	("ebx","ecx");
-	&shl	("edi",26-13);	# hi<<26
-	&xor	("eax","edx");
-	&xor	("eax","edi");			# sigma1(X[-2])
-
-	&mov	("ecx",&DWP(8*(9+15+16)+0,"esp"));
-	&mov	("edx",&DWP(8*(9+15+16)+4,"esp"));
-	&add	("eax",&DWP(0,"esp"));
-	&adc	("ebx",&DWP(4,"esp"));		# T1 = sigma1(X[-2])+T1
-	&mov	("esi",&DWP(8*(9+15+16-9)+0,"esp"));
-	&mov	("edi",&DWP(8*(9+15+16-9)+4,"esp"));
-	&add	("eax","ecx");
-	&adc	("ebx","edx");			# T1 += X[-16]
-	&add	("eax","esi");
-	&adc	("ebx","edi");			# T1 += X[-7]
-	&mov	(&DWP(8*(9+15)+0,"esp"),"eax");
-	&mov	(&DWP(8*(9+15)+4,"esp"),"ebx");	# save X[0]
-
-	&BODY_00_15_x86();
-
-	&cmp	(&LB("edx"),0x17);
-	&jne	(&label("16_79_x86"));
-
-	&mov	("esi",&DWP(8*(9+16+80)+0,"esp"));# ctx
-	&mov	("edi",&DWP(8*(9+16+80)+4,"esp"));# inp
-    for($i=0;$i<4;$i++) {
-	&mov	("eax",&DWP($i*16+0,"esi"));
-	&mov	("ebx",&DWP($i*16+4,"esi"));
-	&mov	("ecx",&DWP($i*16+8,"esi"));
-	&mov	("edx",&DWP($i*16+12,"esi"));
-	&add	("eax",&DWP(8+($i*16)+0,"esp"));
-	&adc	("ebx",&DWP(8+($i*16)+4,"esp"));
-	&mov	(&DWP($i*16+0,"esi"),"eax");
-	&mov	(&DWP($i*16+4,"esi"),"ebx");
-	&add	("ecx",&DWP(8+($i*16)+8,"esp"));
-	&adc	("edx",&DWP(8+($i*16)+12,"esp"));
-	&mov	(&DWP($i*16+8,"esi"),"ecx");
-	&mov	(&DWP($i*16+12,"esi"),"edx");
-    }
-	&add	("esp",8*(9+16+80));		# destroy frame
-	&sub	($K512,8*80);			# rewind K
-
-	&cmp	("edi",&DWP(8,"esp"));		# are we done yet?
-	&jb	(&label("loop_x86"));
-
-	&mov	("esp",&DWP(12,"esp"));		# restore sp
-&function_end_A();
-
-&set_label("K512",64);	# Yes! I keep it in the code segment!
-	&data_word(0xd728ae22,0x428a2f98);	# u64
-	&data_word(0x23ef65cd,0x71374491);	# u64
-	&data_word(0xec4d3b2f,0xb5c0fbcf);	# u64
-	&data_word(0x8189dbbc,0xe9b5dba5);	# u64
-	&data_word(0xf348b538,0x3956c25b);	# u64
-	&data_word(0xb605d019,0x59f111f1);	# u64
-	&data_word(0xaf194f9b,0x923f82a4);	# u64
-	&data_word(0xda6d8118,0xab1c5ed5);	# u64
-	&data_word(0xa3030242,0xd807aa98);	# u64
-	&data_word(0x45706fbe,0x12835b01);	# u64
-	&data_word(0x4ee4b28c,0x243185be);	# u64
-	&data_word(0xd5ffb4e2,0x550c7dc3);	# u64
-	&data_word(0xf27b896f,0x72be5d74);	# u64
-	&data_word(0x3b1696b1,0x80deb1fe);	# u64
-	&data_word(0x25c71235,0x9bdc06a7);	# u64
-	&data_word(0xcf692694,0xc19bf174);	# u64
-	&data_word(0x9ef14ad2,0xe49b69c1);	# u64
-	&data_word(0x384f25e3,0xefbe4786);	# u64
-	&data_word(0x8b8cd5b5,0x0fc19dc6);	# u64
-	&data_word(0x77ac9c65,0x240ca1cc);	# u64
-	&data_word(0x592b0275,0x2de92c6f);	# u64
-	&data_word(0x6ea6e483,0x4a7484aa);	# u64
-	&data_word(0xbd41fbd4,0x5cb0a9dc);	# u64
-	&data_word(0x831153b5,0x76f988da);	# u64
-	&data_word(0xee66dfab,0x983e5152);	# u64
-	&data_word(0x2db43210,0xa831c66d);	# u64
-	&data_word(0x98fb213f,0xb00327c8);	# u64
-	&data_word(0xbeef0ee4,0xbf597fc7);	# u64
-	&data_word(0x3da88fc2,0xc6e00bf3);	# u64
-	&data_word(0x930aa725,0xd5a79147);	# u64
-	&data_word(0xe003826f,0x06ca6351);	# u64
-	&data_word(0x0a0e6e70,0x14292967);	# u64
-	&data_word(0x46d22ffc,0x27b70a85);	# u64
-	&data_word(0x5c26c926,0x2e1b2138);	# u64
-	&data_word(0x5ac42aed,0x4d2c6dfc);	# u64
-	&data_word(0x9d95b3df,0x53380d13);	# u64
-	&data_word(0x8baf63de,0x650a7354);	# u64
-	&data_word(0x3c77b2a8,0x766a0abb);	# u64
-	&data_word(0x47edaee6,0x81c2c92e);	# u64
-	&data_word(0x1482353b,0x92722c85);	# u64
-	&data_word(0x4cf10364,0xa2bfe8a1);	# u64
-	&data_word(0xbc423001,0xa81a664b);	# u64
-	&data_word(0xd0f89791,0xc24b8b70);	# u64
-	&data_word(0x0654be30,0xc76c51a3);	# u64
-	&data_word(0xd6ef5218,0xd192e819);	# u64
-	&data_word(0x5565a910,0xd6990624);	# u64
-	&data_word(0x5771202a,0xf40e3585);	# u64
-	&data_word(0x32bbd1b8,0x106aa070);	# u64
-	&data_word(0xb8d2d0c8,0x19a4c116);	# u64
-	&data_word(0x5141ab53,0x1e376c08);	# u64
-	&data_word(0xdf8eeb99,0x2748774c);	# u64
-	&data_word(0xe19b48a8,0x34b0bcb5);	# u64
-	&data_word(0xc5c95a63,0x391c0cb3);	# u64
-	&data_word(0xe3418acb,0x4ed8aa4a);	# u64
-	&data_word(0x7763e373,0x5b9cca4f);	# u64
-	&data_word(0xd6b2b8a3,0x682e6ff3);	# u64
-	&data_word(0x5defb2fc,0x748f82ee);	# u64
-	&data_word(0x43172f60,0x78a5636f);	# u64
-	&data_word(0xa1f0ab72,0x84c87814);	# u64
-	&data_word(0x1a6439ec,0x8cc70208);	# u64
-	&data_word(0x23631e28,0x90befffa);	# u64
-	&data_word(0xde82bde9,0xa4506ceb);	# u64
-	&data_word(0xb2c67915,0xbef9a3f7);	# u64
-	&data_word(0xe372532b,0xc67178f2);	# u64
-	&data_word(0xea26619c,0xca273ece);	# u64
-	&data_word(0x21c0c207,0xd186b8c7);	# u64
-	&data_word(0xcde0eb1e,0xeada7dd6);	# u64
-	&data_word(0xee6ed178,0xf57d4f7f);	# u64
-	&data_word(0x72176fba,0x06f067aa);	# u64
-	&data_word(0xa2c898a6,0x0a637dc5);	# u64
-	&data_word(0xbef90dae,0x113f9804);	# u64
-	&data_word(0x131c471b,0x1b710b35);	# u64
-	&data_word(0x23047d84,0x28db77f5);	# u64
-	&data_word(0x40c72493,0x32caab7b);	# u64
-	&data_word(0x15c9bebc,0x3c9ebe0a);	# u64
-	&data_word(0x9c100d4c,0x431d67c4);	# u64
-	&data_word(0xcb3e42b6,0x4cc5d4be);	# u64
-	&data_word(0xfc657e2a,0x597f299c);	# u64
-	&data_word(0x3ad6faec,0x5fcb6fab);	# u64
-	&data_word(0x4a475817,0x6c44198c);	# u64
-&function_end_B("sha512_block_data_order");
-&asciz("SHA512 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
-
-&asm_finish();
diff --git a/crypto/sha/asm/sha512-armv4.S b/crypto/sha/asm/sha512-armv4.S
deleted file mode 100644
index fd46277141..0000000000
--- a/crypto/sha/asm/sha512-armv4.S
+++ /dev/null
@@ -1,1783 +0,0 @@
-#include "arm_arch.h"
-#ifdef __ARMEL__
-# define LO 0
-# define HI 4
-# define WORD64(hi0,lo0,hi1,lo1)	.word	lo0,hi0, lo1,hi1
-#else
-# define HI 0
-# define LO 4
-# define WORD64(hi0,lo0,hi1,lo1)	.word	hi0,lo0, hi1,lo1
-#endif
-
-.text
-.code	32
-.type	K512,%object
-.align	5
-K512:
-WORD64(0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd)
-WORD64(0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc)
-WORD64(0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019)
-WORD64(0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118)
-WORD64(0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe)
-WORD64(0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2)
-WORD64(0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1)
-WORD64(0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694)
-WORD64(0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3)
-WORD64(0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65)
-WORD64(0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483)
-WORD64(0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5)
-WORD64(0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210)
-WORD64(0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4)
-WORD64(0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725)
-WORD64(0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70)
-WORD64(0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926)
-WORD64(0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df)
-WORD64(0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8)
-WORD64(0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b)
-WORD64(0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001)
-WORD64(0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30)
-WORD64(0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910)
-WORD64(0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8)
-WORD64(0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53)
-WORD64(0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8)
-WORD64(0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb)
-WORD64(0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3)
-WORD64(0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60)
-WORD64(0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec)
-WORD64(0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9)
-WORD64(0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b)
-WORD64(0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207)
-WORD64(0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178)
-WORD64(0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6)
-WORD64(0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b)
-WORD64(0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493)
-WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c)
-WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a)
-WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817)
-.size	K512,.-K512
-.LOPENSSL_armcap:
-.word	OPENSSL_armcap_P-sha512_block_data_order
-.skip	32-4
-
-.global	sha512_block_data_order
-.type	sha512_block_data_order,%function
-sha512_block_data_order:
-	sub	r3,pc,#8		@ sha512_block_data_order
-	add	r2,r1,r2,lsl#7	@ len to point at the end of inp
-#if __ARM_ARCH__>=7
-	ldr	r12,.LOPENSSL_armcap
-	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
-	tst	r12,#1
-	bne	.LNEON
-#endif
-	stmdb	sp!,{r4-r12,lr}
-	sub	r14,r3,#672		@ K512
-	sub	sp,sp,#9*8
-
-	ldr	r7,[r0,#32+LO]
-	ldr	r8,[r0,#32+HI]
-	ldr	r9, [r0,#48+LO]
-	ldr	r10, [r0,#48+HI]
-	ldr	r11, [r0,#56+LO]
-	ldr	r12, [r0,#56+HI]
-.Loop:
-	str	r9, [sp,#48+0]
-	str	r10, [sp,#48+4]
-	str	r11, [sp,#56+0]
-	str	r12, [sp,#56+4]
-	ldr	r5,[r0,#0+LO]
-	ldr	r6,[r0,#0+HI]
-	ldr	r3,[r0,#8+LO]
-	ldr	r4,[r0,#8+HI]
-	ldr	r9, [r0,#16+LO]
-	ldr	r10, [r0,#16+HI]
-	ldr	r11, [r0,#24+LO]
-	ldr	r12, [r0,#24+HI]
-	str	r3,[sp,#8+0]
-	str	r4,[sp,#8+4]
-	str	r9, [sp,#16+0]
-	str	r10, [sp,#16+4]
-	str	r11, [sp,#24+0]
-	str	r12, [sp,#24+4]
-	ldr	r3,[r0,#40+LO]
-	ldr	r4,[r0,#40+HI]
-	str	r3,[sp,#40+0]
-	str	r4,[sp,#40+4]
-
-.L00_15:
-#if __ARM_ARCH__<7
-	ldrb	r3,[r1,#7]
-	ldrb	r9, [r1,#6]
-	ldrb	r10, [r1,#5]
-	ldrb	r11, [r1,#4]
-	ldrb	r4,[r1,#3]
-	ldrb	r12, [r1,#2]
-	orr	r3,r3,r9,lsl#8
-	ldrb	r9, [r1,#1]
-	orr	r3,r3,r10,lsl#16
-	ldrb	r10, [r1],#8
-	orr	r3,r3,r11,lsl#24
-	orr	r4,r4,r12,lsl#8
-	orr	r4,r4,r9,lsl#16
-	orr	r4,r4,r10,lsl#24
-#else
-	ldr	r3,[r1,#4]
-	ldr	r4,[r1],#8
-#ifdef __ARMEL__
-	rev	r3,r3
-	rev	r4,r4
-#endif
-#endif
-	@ Sigma1(x)	(ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
-	@ LO		lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
-	@ HI		hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
-	mov	r9,r7,lsr#14
-	str	r3,[sp,#64+0]
-	mov	r10,r8,lsr#14
-	str	r4,[sp,#64+4]
-	eor	r9,r9,r8,lsl#18
-	ldr	r11,[sp,#56+0]	@ h.lo
-	eor	r10,r10,r7,lsl#18
-	ldr	r12,[sp,#56+4]	@ h.hi
-	eor	r9,r9,r7,lsr#18
-	eor	r10,r10,r8,lsr#18
-	eor	r9,r9,r8,lsl#14
-	eor	r10,r10,r7,lsl#14
-	eor	r9,r9,r8,lsr#9
-	eor	r10,r10,r7,lsr#9
-	eor	r9,r9,r7,lsl#23
-	eor	r10,r10,r8,lsl#23	@ Sigma1(e)
-	adds	r3,r3,r9
-	ldr	r9,[sp,#40+0]	@ f.lo
-	adc	r4,r4,r10		@ T += Sigma1(e)
-	ldr	r10,[sp,#40+4]	@ f.hi
-	adds	r3,r3,r11
-	ldr	r11,[sp,#48+0]	@ g.lo
-	adc	r4,r4,r12		@ T += h
-	ldr	r12,[sp,#48+4]	@ g.hi
-
-	eor	r9,r9,r11
-	str	r7,[sp,#32+0]
-	eor	r10,r10,r12
-	str	r8,[sp,#32+4]
-	and	r9,r9,r7
-	str	r5,[sp,#0+0]
-	and	r10,r10,r8
-	str	r6,[sp,#0+4]
-	eor	r9,r9,r11
-	ldr	r11,[r14,#LO]	@ K[i].lo
-	eor	r10,r10,r12		@ Ch(e,f,g)
-	ldr	r12,[r14,#HI]	@ K[i].hi
-
-	adds	r3,r3,r9
-	ldr	r7,[sp,#24+0]	@ d.lo
-	adc	r4,r4,r10		@ T += Ch(e,f,g)
-	ldr	r8,[sp,#24+4]	@ d.hi
-	adds	r3,r3,r11
-	and	r9,r11,#0xff
-	adc	r4,r4,r12		@ T += K[i]
-	adds	r7,r7,r3
-	ldr	r11,[sp,#8+0]	@ b.lo
-	adc	r8,r8,r4		@ d += T
-	teq	r9,#148
-
-	ldr	r12,[sp,#16+0]	@ c.lo
-	orreq	r14,r14,#1
-	@ Sigma0(x)	(ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
-	@ LO		lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
-	@ HI		hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
-	mov	r9,r5,lsr#28
-	mov	r10,r6,lsr#28
-	eor	r9,r9,r6,lsl#4
-	eor	r10,r10,r5,lsl#4
-	eor	r9,r9,r6,lsr#2
-	eor	r10,r10,r5,lsr#2
-	eor	r9,r9,r5,lsl#30
-	eor	r10,r10,r6,lsl#30
-	eor	r9,r9,r6,lsr#7
-	eor	r10,r10,r5,lsr#7
-	eor	r9,r9,r5,lsl#25
-	eor	r10,r10,r6,lsl#25	@ Sigma0(a)
-	adds	r3,r3,r9
-	and	r9,r5,r11
-	adc	r4,r4,r10		@ T += Sigma0(a)
-
-	ldr	r10,[sp,#8+4]	@ b.hi
-	orr	r5,r5,r11
-	ldr	r11,[sp,#16+4]	@ c.hi
-	and	r5,r5,r12
-	and	r12,r6,r10
-	orr	r6,r6,r10
-	orr	r5,r5,r9		@ Maj(a,b,c).lo
-	and	r6,r6,r11
-	adds	r5,r5,r3
-	orr	r6,r6,r12		@ Maj(a,b,c).hi
-	sub	sp,sp,#8
-	adc	r6,r6,r4		@ h += T
-	tst	r14,#1
-	add	r14,r14,#8
-	tst	r14,#1
-	beq	.L00_15
-	ldr	r9,[sp,#184+0]
-	ldr	r10,[sp,#184+4]
-	bic	r14,r14,#1
-.L16_79:
-	@ sigma0(x)	(ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
-	@ LO		lo>>1^hi<<31  ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
-	@ HI		hi>>1^lo<<31  ^ hi>>8^lo<<24 ^ hi>>7
-	mov	r3,r9,lsr#1
-	ldr	r11,[sp,#80+0]
-	mov	r4,r10,lsr#1
-	ldr	r12,[sp,#80+4]
-	eor	r3,r3,r10,lsl#31
-	eor	r4,r4,r9,lsl#31
-	eor	r3,r3,r9,lsr#8
-	eor	r4,r4,r10,lsr#8
-	eor	r3,r3,r10,lsl#24
-	eor	r4,r4,r9,lsl#24
-	eor	r3,r3,r9,lsr#7
-	eor	r4,r4,r10,lsr#7
-	eor	r3,r3,r10,lsl#25
-
-	@ sigma1(x)	(ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
-	@ LO		lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26
-	@ HI		hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6
-	mov	r9,r11,lsr#19
-	mov	r10,r12,lsr#19
-	eor	r9,r9,r12,lsl#13
-	eor	r10,r10,r11,lsl#13
-	eor	r9,r9,r12,lsr#29
-	eor	r10,r10,r11,lsr#29
-	eor	r9,r9,r11,lsl#3
-	eor	r10,r10,r12,lsl#3
-	eor	r9,r9,r11,lsr#6
-	eor	r10,r10,r12,lsr#6
-	ldr	r11,[sp,#120+0]
-	eor	r9,r9,r12,lsl#26
-
-	ldr	r12,[sp,#120+4]
-	adds	r3,r3,r9
-	ldr	r9,[sp,#192+0]
-	adc	r4,r4,r10
-
-	ldr	r10,[sp,#192+4]
-	adds	r3,r3,r11
-	adc	r4,r4,r12
-	adds	r3,r3,r9
-	adc	r4,r4,r10
-	@ Sigma1(x)	(ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
-	@ LO		lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
-	@ HI		hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
-	mov	r9,r7,lsr#14
-	str	r3,[sp,#64+0]
-	mov	r10,r8,lsr#14
-	str	r4,[sp,#64+4]
-	eor	r9,r9,r8,lsl#18
-	ldr	r11,[sp,#56+0]	@ h.lo
-	eor	r10,r10,r7,lsl#18
-	ldr	r12,[sp,#56+4]	@ h.hi
-	eor	r9,r9,r7,lsr#18
-	eor	r10,r10,r8,lsr#18
-	eor	r9,r9,r8,lsl#14
-	eor	r10,r10,r7,lsl#14
-	eor	r9,r9,r8,lsr#9
-	eor	r10,r10,r7,lsr#9
-	eor	r9,r9,r7,lsl#23
-	eor	r10,r10,r8,lsl#23	@ Sigma1(e)
-	adds	r3,r3,r9
-	ldr	r9,[sp,#40+0]	@ f.lo
-	adc	r4,r4,r10		@ T += Sigma1(e)
-	ldr	r10,[sp,#40+4]	@ f.hi
-	adds	r3,r3,r11
-	ldr	r11,[sp,#48+0]	@ g.lo
-	adc	r4,r4,r12		@ T += h
-	ldr	r12,[sp,#48+4]	@ g.hi
-
-	eor	r9,r9,r11
-	str	r7,[sp,#32+0]
-	eor	r10,r10,r12
-	str	r8,[sp,#32+4]
-	and	r9,r9,r7
-	str	r5,[sp,#0+0]
-	and	r10,r10,r8
-	str	r6,[sp,#0+4]
-	eor	r9,r9,r11
-	ldr	r11,[r14,#LO]	@ K[i].lo
-	eor	r10,r10,r12		@ Ch(e,f,g)
-	ldr	r12,[r14,#HI]	@ K[i].hi
-
-	adds	r3,r3,r9
-	ldr	r7,[sp,#24+0]	@ d.lo
-	adc	r4,r4,r10		@ T += Ch(e,f,g)
-	ldr	r8,[sp,#24+4]	@ d.hi
-	adds	r3,r3,r11
-	and	r9,r11,#0xff
-	adc	r4,r4,r12		@ T += K[i]
-	adds	r7,r7,r3
-	ldr	r11,[sp,#8+0]	@ b.lo
-	adc	r8,r8,r4		@ d += T
-	teq	r9,#23
-
-	ldr	r12,[sp,#16+0]	@ c.lo
-	orreq	r14,r14,#1
-	@ Sigma0(x)	(ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
-	@ LO		lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
-	@ HI		hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
-	mov	r9,r5,lsr#28
-	mov	r10,r6,lsr#28
-	eor	r9,r9,r6,lsl#4
-	eor	r10,r10,r5,lsl#4
-	eor	r9,r9,r6,lsr#2
-	eor	r10,r10,r5,lsr#2
-	eor	r9,r9,r5,lsl#30
-	eor	r10,r10,r6,lsl#30
-	eor	r9,r9,r6,lsr#7
-	eor	r10,r10,r5,lsr#7
-	eor	r9,r9,r5,lsl#25
-	eor	r10,r10,r6,lsl#25	@ Sigma0(a)
-	adds	r3,r3,r9
-	and	r9,r5,r11
-	adc	r4,r4,r10		@ T += Sigma0(a)
-
-	ldr	r10,[sp,#8+4]	@ b.hi
-	orr	r5,r5,r11
-	ldr	r11,[sp,#16+4]	@ c.hi
-	and	r5,r5,r12
-	and	r12,r6,r10
-	orr	r6,r6,r10
-	orr	r5,r5,r9		@ Maj(a,b,c).lo
-	and	r6,r6,r11
-	adds	r5,r5,r3
-	orr	r6,r6,r12		@ Maj(a,b,c).hi
-	sub	sp,sp,#8
-	adc	r6,r6,r4		@ h += T
-	tst	r14,#1
-	add	r14,r14,#8
-	ldreq	r9,[sp,#184+0]
-	ldreq	r10,[sp,#184+4]
-	beq	.L16_79
-	bic	r14,r14,#1
-
-	ldr	r3,[sp,#8+0]
-	ldr	r4,[sp,#8+4]
-	ldr	r9, [r0,#0+LO]
-	ldr	r10, [r0,#0+HI]
-	ldr	r11, [r0,#8+LO]
-	ldr	r12, [r0,#8+HI]
-	adds	r9,r5,r9
-	str	r9, [r0,#0+LO]
-	adc	r10,r6,r10
-	str	r10, [r0,#0+HI]
-	adds	r11,r3,r11
-	str	r11, [r0,#8+LO]
-	adc	r12,r4,r12
-	str	r12, [r0,#8+HI]
-
-	ldr	r5,[sp,#16+0]
-	ldr	r6,[sp,#16+4]
-	ldr	r3,[sp,#24+0]
-	ldr	r4,[sp,#24+4]
-	ldr	r9, [r0,#16+LO]
-	ldr	r10, [r0,#16+HI]
-	ldr	r11, [r0,#24+LO]
-	ldr	r12, [r0,#24+HI]
-	adds	r9,r5,r9
-	str	r9, [r0,#16+LO]
-	adc	r10,r6,r10
-	str	r10, [r0,#16+HI]
-	adds	r11,r3,r11
-	str	r11, [r0,#24+LO]
-	adc	r12,r4,r12
-	str	r12, [r0,#24+HI]
-
-	ldr	r3,[sp,#40+0]
-	ldr	r4,[sp,#40+4]
-	ldr	r9, [r0,#32+LO]
-	ldr	r10, [r0,#32+HI]
-	ldr	r11, [r0,#40+LO]
-	ldr	r12, [r0,#40+HI]
-	adds	r7,r7,r9
-	str	r7,[r0,#32+LO]
-	adc	r8,r8,r10
-	str	r8,[r0,#32+HI]
-	adds	r11,r3,r11
-	str	r11, [r0,#40+LO]
-	adc	r12,r4,r12
-	str	r12, [r0,#40+HI]
-
-	ldr	r5,[sp,#48+0]
-	ldr	r6,[sp,#48+4]
-	ldr	r3,[sp,#56+0]
-	ldr	r4,[sp,#56+4]
-	ldr	r9, [r0,#48+LO]
-	ldr	r10, [r0,#48+HI]
-	ldr	r11, [r0,#56+LO]
-	ldr	r12, [r0,#56+HI]
-	adds	r9,r5,r9
-	str	r9, [r0,#48+LO]
-	adc	r10,r6,r10
-	str	r10, [r0,#48+HI]
-	adds	r11,r3,r11
-	str	r11, [r0,#56+LO]
-	adc	r12,r4,r12
-	str	r12, [r0,#56+HI]
-
-	add	sp,sp,#640
-	sub	r14,r14,#640
-
-	teq	r1,r2
-	bne	.Loop
-
-	add	sp,sp,#8*9		@ destroy frame
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r12,pc}
-#else
-	ldmia	sp!,{r4-r12,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
-#endif
-#if __ARM_ARCH__>=7
-.fpu	neon
-
-.align	4
-.LNEON:
-	dmb				@ errata #451034 on early Cortex A8
-	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-	sub	r3,r3,#672		@ K512
-	vldmia	r0,{d16-d23}		@ load context
-.Loop_neon:
-	vshr.u64	d24,d20,#14	@ 0
-#if 0<16
-	vld1.64		{d0},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d20,#18
-	vshr.u64	d26,d20,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d20,#50
-	vsli.64		d25,d20,#46
-	vsli.64		d26,d20,#23
-#if 0<16 && defined(__ARMEL__)
-	vrev64.8	d0,d0
-#endif
-	vadd.i64	d27,d28,d23
-	veor		d29,d21,d22
-	veor		d24,d25
-	vand		d29,d20
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d22			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d16,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d16,#34
-	vshr.u64	d26,d16,#39
-	vsli.64		d24,d16,#36
-	vsli.64		d25,d16,#30
-	vsli.64		d26,d16,#25
-	vadd.i64	d27,d0
-	vorr		d30,d16,d18
-	vand		d29,d16,d18
-	veor		d23,d24,d25
-	vand		d30,d17
-	veor		d23,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d23,d27
-	vadd.i64	d19,d27
-	vadd.i64	d23,d30
-	vshr.u64	d24,d19,#14	@ 1
-#if 1<16
-	vld1.64		{d1},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d19,#18
-	vshr.u64	d26,d19,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d19,#50
-	vsli.64		d25,d19,#46
-	vsli.64		d26,d19,#23
-#if 1<16 && defined(__ARMEL__)
-	vrev64.8	d1,d1
-#endif
-	vadd.i64	d27,d28,d22
-	veor		d29,d20,d21
-	veor		d24,d25
-	vand		d29,d19
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d21			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d23,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d23,#34
-	vshr.u64	d26,d23,#39
-	vsli.64		d24,d23,#36
-	vsli.64		d25,d23,#30
-	vsli.64		d26,d23,#25
-	vadd.i64	d27,d1
-	vorr		d30,d23,d17
-	vand		d29,d23,d17
-	veor		d22,d24,d25
-	vand		d30,d16
-	veor		d22,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d22,d27
-	vadd.i64	d18,d27
-	vadd.i64	d22,d30
-	vshr.u64	d24,d18,#14	@ 2
-#if 2<16
-	vld1.64		{d2},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d18,#18
-	vshr.u64	d26,d18,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d18,#50
-	vsli.64		d25,d18,#46
-	vsli.64		d26,d18,#23
-#if 2<16 && defined(__ARMEL__)
-	vrev64.8	d2,d2
-#endif
-	vadd.i64	d27,d28,d21
-	veor		d29,d19,d20
-	veor		d24,d25
-	vand		d29,d18
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d20			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d22,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d22,#34
-	vshr.u64	d26,d22,#39
-	vsli.64		d24,d22,#36
-	vsli.64		d25,d22,#30
-	vsli.64		d26,d22,#25
-	vadd.i64	d27,d2
-	vorr		d30,d22,d16
-	vand		d29,d22,d16
-	veor		d21,d24,d25
-	vand		d30,d23
-	veor		d21,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d21,d27
-	vadd.i64	d17,d27
-	vadd.i64	d21,d30
-	vshr.u64	d24,d17,#14	@ 3
-#if 3<16
-	vld1.64		{d3},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d17,#18
-	vshr.u64	d26,d17,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d17,#50
-	vsli.64		d25,d17,#46
-	vsli.64		d26,d17,#23
-#if 3<16 && defined(__ARMEL__)
-	vrev64.8	d3,d3
-#endif
-	vadd.i64	d27,d28,d20
-	veor		d29,d18,d19
-	veor		d24,d25
-	vand		d29,d17
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d19			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d21,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d21,#34
-	vshr.u64	d26,d21,#39
-	vsli.64		d24,d21,#36
-	vsli.64		d25,d21,#30
-	vsli.64		d26,d21,#25
-	vadd.i64	d27,d3
-	vorr		d30,d21,d23
-	vand		d29,d21,d23
-	veor		d20,d24,d25
-	vand		d30,d22
-	veor		d20,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d20,d27
-	vadd.i64	d16,d27
-	vadd.i64	d20,d30
-	vshr.u64	d24,d16,#14	@ 4
-#if 4<16
-	vld1.64		{d4},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d16,#18
-	vshr.u64	d26,d16,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d16,#50
-	vsli.64		d25,d16,#46
-	vsli.64		d26,d16,#23
-#if 4<16 && defined(__ARMEL__)
-	vrev64.8	d4,d4
-#endif
-	vadd.i64	d27,d28,d19
-	veor		d29,d17,d18
-	veor		d24,d25
-	vand		d29,d16
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d18			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d20,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d20,#34
-	vshr.u64	d26,d20,#39
-	vsli.64		d24,d20,#36
-	vsli.64		d25,d20,#30
-	vsli.64		d26,d20,#25
-	vadd.i64	d27,d4
-	vorr		d30,d20,d22
-	vand		d29,d20,d22
-	veor		d19,d24,d25
-	vand		d30,d21
-	veor		d19,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d19,d27
-	vadd.i64	d23,d27
-	vadd.i64	d19,d30
-	vshr.u64	d24,d23,#14	@ 5
-#if 5<16
-	vld1.64		{d5},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d23,#18
-	vshr.u64	d26,d23,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d23,#50
-	vsli.64		d25,d23,#46
-	vsli.64		d26,d23,#23
-#if 5<16 && defined(__ARMEL__)
-	vrev64.8	d5,d5
-#endif
-	vadd.i64	d27,d28,d18
-	veor		d29,d16,d17
-	veor		d24,d25
-	vand		d29,d23
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d17			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d19,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d19,#34
-	vshr.u64	d26,d19,#39
-	vsli.64		d24,d19,#36
-	vsli.64		d25,d19,#30
-	vsli.64		d26,d19,#25
-	vadd.i64	d27,d5
-	vorr		d30,d19,d21
-	vand		d29,d19,d21
-	veor		d18,d24,d25
-	vand		d30,d20
-	veor		d18,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d18,d27
-	vadd.i64	d22,d27
-	vadd.i64	d18,d30
-	vshr.u64	d24,d22,#14	@ 6
-#if 6<16
-	vld1.64		{d6},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d22,#18
-	vshr.u64	d26,d22,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d22,#50
-	vsli.64		d25,d22,#46
-	vsli.64		d26,d22,#23
-#if 6<16 && defined(__ARMEL__)
-	vrev64.8	d6,d6
-#endif
-	vadd.i64	d27,d28,d17
-	veor		d29,d23,d16
-	veor		d24,d25
-	vand		d29,d22
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d16			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d18,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d18,#34
-	vshr.u64	d26,d18,#39
-	vsli.64		d24,d18,#36
-	vsli.64		d25,d18,#30
-	vsli.64		d26,d18,#25
-	vadd.i64	d27,d6
-	vorr		d30,d18,d20
-	vand		d29,d18,d20
-	veor		d17,d24,d25
-	vand		d30,d19
-	veor		d17,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d17,d27
-	vadd.i64	d21,d27
-	vadd.i64	d17,d30
-	vshr.u64	d24,d21,#14	@ 7
-#if 7<16
-	vld1.64		{d7},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d21,#18
-	vshr.u64	d26,d21,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d21,#50
-	vsli.64		d25,d21,#46
-	vsli.64		d26,d21,#23
-#if 7<16 && defined(__ARMEL__)
-	vrev64.8	d7,d7
-#endif
-	vadd.i64	d27,d28,d16
-	veor		d29,d22,d23
-	veor		d24,d25
-	vand		d29,d21
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d23			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d17,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d17,#34
-	vshr.u64	d26,d17,#39
-	vsli.64		d24,d17,#36
-	vsli.64		d25,d17,#30
-	vsli.64		d26,d17,#25
-	vadd.i64	d27,d7
-	vorr		d30,d17,d19
-	vand		d29,d17,d19
-	veor		d16,d24,d25
-	vand		d30,d18
-	veor		d16,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d16,d27
-	vadd.i64	d20,d27
-	vadd.i64	d16,d30
-	vshr.u64	d24,d20,#14	@ 8
-#if 8<16
-	vld1.64		{d8},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d20,#18
-	vshr.u64	d26,d20,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d20,#50
-	vsli.64		d25,d20,#46
-	vsli.64		d26,d20,#23
-#if 8<16 && defined(__ARMEL__)
-	vrev64.8	d8,d8
-#endif
-	vadd.i64	d27,d28,d23
-	veor		d29,d21,d22
-	veor		d24,d25
-	vand		d29,d20
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d22			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d16,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d16,#34
-	vshr.u64	d26,d16,#39
-	vsli.64		d24,d16,#36
-	vsli.64		d25,d16,#30
-	vsli.64		d26,d16,#25
-	vadd.i64	d27,d8
-	vorr		d30,d16,d18
-	vand		d29,d16,d18
-	veor		d23,d24,d25
-	vand		d30,d17
-	veor		d23,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d23,d27
-	vadd.i64	d19,d27
-	vadd.i64	d23,d30
-	vshr.u64	d24,d19,#14	@ 9
-#if 9<16
-	vld1.64		{d9},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d19,#18
-	vshr.u64	d26,d19,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d19,#50
-	vsli.64		d25,d19,#46
-	vsli.64		d26,d19,#23
-#if 9<16 && defined(__ARMEL__)
-	vrev64.8	d9,d9
-#endif
-	vadd.i64	d27,d28,d22
-	veor		d29,d20,d21
-	veor		d24,d25
-	vand		d29,d19
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d21			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d23,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d23,#34
-	vshr.u64	d26,d23,#39
-	vsli.64		d24,d23,#36
-	vsli.64		d25,d23,#30
-	vsli.64		d26,d23,#25
-	vadd.i64	d27,d9
-	vorr		d30,d23,d17
-	vand		d29,d23,d17
-	veor		d22,d24,d25
-	vand		d30,d16
-	veor		d22,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d22,d27
-	vadd.i64	d18,d27
-	vadd.i64	d22,d30
-	vshr.u64	d24,d18,#14	@ 10
-#if 10<16
-	vld1.64		{d10},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d18,#18
-	vshr.u64	d26,d18,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d18,#50
-	vsli.64		d25,d18,#46
-	vsli.64		d26,d18,#23
-#if 10<16 && defined(__ARMEL__)
-	vrev64.8	d10,d10
-#endif
-	vadd.i64	d27,d28,d21
-	veor		d29,d19,d20
-	veor		d24,d25
-	vand		d29,d18
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d20			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d22,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d22,#34
-	vshr.u64	d26,d22,#39
-	vsli.64		d24,d22,#36
-	vsli.64		d25,d22,#30
-	vsli.64		d26,d22,#25
-	vadd.i64	d27,d10
-	vorr		d30,d22,d16
-	vand		d29,d22,d16
-	veor		d21,d24,d25
-	vand		d30,d23
-	veor		d21,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d21,d27
-	vadd.i64	d17,d27
-	vadd.i64	d21,d30
-	vshr.u64	d24,d17,#14	@ 11
-#if 11<16
-	vld1.64		{d11},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d17,#18
-	vshr.u64	d26,d17,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d17,#50
-	vsli.64		d25,d17,#46
-	vsli.64		d26,d17,#23
-#if 11<16 && defined(__ARMEL__)
-	vrev64.8	d11,d11
-#endif
-	vadd.i64	d27,d28,d20
-	veor		d29,d18,d19
-	veor		d24,d25
-	vand		d29,d17
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d19			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d21,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d21,#34
-	vshr.u64	d26,d21,#39
-	vsli.64		d24,d21,#36
-	vsli.64		d25,d21,#30
-	vsli.64		d26,d21,#25
-	vadd.i64	d27,d11
-	vorr		d30,d21,d23
-	vand		d29,d21,d23
-	veor		d20,d24,d25
-	vand		d30,d22
-	veor		d20,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d20,d27
-	vadd.i64	d16,d27
-	vadd.i64	d20,d30
-	vshr.u64	d24,d16,#14	@ 12
-#if 12<16
-	vld1.64		{d12},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d16,#18
-	vshr.u64	d26,d16,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d16,#50
-	vsli.64		d25,d16,#46
-	vsli.64		d26,d16,#23
-#if 12<16 && defined(__ARMEL__)
-	vrev64.8	d12,d12
-#endif
-	vadd.i64	d27,d28,d19
-	veor		d29,d17,d18
-	veor		d24,d25
-	vand		d29,d16
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d18			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d20,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d20,#34
-	vshr.u64	d26,d20,#39
-	vsli.64		d24,d20,#36
-	vsli.64		d25,d20,#30
-	vsli.64		d26,d20,#25
-	vadd.i64	d27,d12
-	vorr		d30,d20,d22
-	vand		d29,d20,d22
-	veor		d19,d24,d25
-	vand		d30,d21
-	veor		d19,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d19,d27
-	vadd.i64	d23,d27
-	vadd.i64	d19,d30
-	vshr.u64	d24,d23,#14	@ 13
-#if 13<16
-	vld1.64		{d13},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d23,#18
-	vshr.u64	d26,d23,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d23,#50
-	vsli.64		d25,d23,#46
-	vsli.64		d26,d23,#23
-#if 13<16 && defined(__ARMEL__)
-	vrev64.8	d13,d13
-#endif
-	vadd.i64	d27,d28,d18
-	veor		d29,d16,d17
-	veor		d24,d25
-	vand		d29,d23
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d17			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d19,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d19,#34
-	vshr.u64	d26,d19,#39
-	vsli.64		d24,d19,#36
-	vsli.64		d25,d19,#30
-	vsli.64		d26,d19,#25
-	vadd.i64	d27,d13
-	vorr		d30,d19,d21
-	vand		d29,d19,d21
-	veor		d18,d24,d25
-	vand		d30,d20
-	veor		d18,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d18,d27
-	vadd.i64	d22,d27
-	vadd.i64	d18,d30
-	vshr.u64	d24,d22,#14	@ 14
-#if 14<16
-	vld1.64		{d14},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d22,#18
-	vshr.u64	d26,d22,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d22,#50
-	vsli.64		d25,d22,#46
-	vsli.64		d26,d22,#23
-#if 14<16 && defined(__ARMEL__)
-	vrev64.8	d14,d14
-#endif
-	vadd.i64	d27,d28,d17
-	veor		d29,d23,d16
-	veor		d24,d25
-	vand		d29,d22
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d16			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d18,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d18,#34
-	vshr.u64	d26,d18,#39
-	vsli.64		d24,d18,#36
-	vsli.64		d25,d18,#30
-	vsli.64		d26,d18,#25
-	vadd.i64	d27,d14
-	vorr		d30,d18,d20
-	vand		d29,d18,d20
-	veor		d17,d24,d25
-	vand		d30,d19
-	veor		d17,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d17,d27
-	vadd.i64	d21,d27
-	vadd.i64	d17,d30
-	vshr.u64	d24,d21,#14	@ 15
-#if 15<16
-	vld1.64		{d15},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d21,#18
-	vshr.u64	d26,d21,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d21,#50
-	vsli.64		d25,d21,#46
-	vsli.64		d26,d21,#23
-#if 15<16 && defined(__ARMEL__)
-	vrev64.8	d15,d15
-#endif
-	vadd.i64	d27,d28,d16
-	veor		d29,d22,d23
-	veor		d24,d25
-	vand		d29,d21
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d23			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d17,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d17,#34
-	vshr.u64	d26,d17,#39
-	vsli.64		d24,d17,#36
-	vsli.64		d25,d17,#30
-	vsli.64		d26,d17,#25
-	vadd.i64	d27,d15
-	vorr		d30,d17,d19
-	vand		d29,d17,d19
-	veor		d16,d24,d25
-	vand		d30,d18
-	veor		d16,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d16,d27
-	vadd.i64	d20,d27
-	vadd.i64	d16,d30
-	mov		r12,#4
-.L16_79_neon:
-	subs		r12,#1
-	vshr.u64	q12,q7,#19
-	vshr.u64	q13,q7,#61
-	vshr.u64	q15,q7,#6
-	vsli.64		q12,q7,#45
-	vext.8		q14,q0,q1,#8	@ X[i+1]
-	vsli.64		q13,q7,#3
-	veor		q15,q12
-	vshr.u64	q12,q14,#1
-	veor		q15,q13				@ sigma1(X[i+14])
-	vshr.u64	q13,q14,#8
-	vadd.i64	q0,q15
-	vshr.u64	q15,q14,#7
-	vsli.64		q12,q14,#63
-	vsli.64		q13,q14,#56
-	vext.8		q14,q4,q5,#8	@ X[i+9]
-	veor		q15,q12
-	vshr.u64	d24,d20,#14		@ from NEON_00_15
-	vadd.i64	q0,q14
-	vshr.u64	d25,d20,#18		@ from NEON_00_15
-	veor		q15,q13				@ sigma0(X[i+1])
-	vshr.u64	d26,d20,#41		@ from NEON_00_15
-	vadd.i64	q0,q15
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d20,#50
-	vsli.64		d25,d20,#46
-	vsli.64		d26,d20,#23
-#if 16<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d23
-	veor		d29,d21,d22
-	veor		d24,d25
-	vand		d29,d20
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d22			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d16,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d16,#34
-	vshr.u64	d26,d16,#39
-	vsli.64		d24,d16,#36
-	vsli.64		d25,d16,#30
-	vsli.64		d26,d16,#25
-	vadd.i64	d27,d0
-	vorr		d30,d16,d18
-	vand		d29,d16,d18
-	veor		d23,d24,d25
-	vand		d30,d17
-	veor		d23,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d23,d27
-	vadd.i64	d19,d27
-	vadd.i64	d23,d30
-	vshr.u64	d24,d19,#14	@ 17
-#if 17<16
-	vld1.64		{d1},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d19,#18
-	vshr.u64	d26,d19,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d19,#50
-	vsli.64		d25,d19,#46
-	vsli.64		d26,d19,#23
-#if 17<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d22
-	veor		d29,d20,d21
-	veor		d24,d25
-	vand		d29,d19
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d21			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d23,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d23,#34
-	vshr.u64	d26,d23,#39
-	vsli.64		d24,d23,#36
-	vsli.64		d25,d23,#30
-	vsli.64		d26,d23,#25
-	vadd.i64	d27,d1
-	vorr		d30,d23,d17
-	vand		d29,d23,d17
-	veor		d22,d24,d25
-	vand		d30,d16
-	veor		d22,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d22,d27
-	vadd.i64	d18,d27
-	vadd.i64	d22,d30
-	vshr.u64	q12,q0,#19
-	vshr.u64	q13,q0,#61
-	vshr.u64	q15,q0,#6
-	vsli.64		q12,q0,#45
-	vext.8		q14,q1,q2,#8	@ X[i+1]
-	vsli.64		q13,q0,#3
-	veor		q15,q12
-	vshr.u64	q12,q14,#1
-	veor		q15,q13				@ sigma1(X[i+14])
-	vshr.u64	q13,q14,#8
-	vadd.i64	q1,q15
-	vshr.u64	q15,q14,#7
-	vsli.64		q12,q14,#63
-	vsli.64		q13,q14,#56
-	vext.8		q14,q5,q6,#8	@ X[i+9]
-	veor		q15,q12
-	vshr.u64	d24,d18,#14		@ from NEON_00_15
-	vadd.i64	q1,q14
-	vshr.u64	d25,d18,#18		@ from NEON_00_15
-	veor		q15,q13				@ sigma0(X[i+1])
-	vshr.u64	d26,d18,#41		@ from NEON_00_15
-	vadd.i64	q1,q15
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d18,#50
-	vsli.64		d25,d18,#46
-	vsli.64		d26,d18,#23
-#if 18<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d21
-	veor		d29,d19,d20
-	veor		d24,d25
-	vand		d29,d18
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d20			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d22,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d22,#34
-	vshr.u64	d26,d22,#39
-	vsli.64		d24,d22,#36
-	vsli.64		d25,d22,#30
-	vsli.64		d26,d22,#25
-	vadd.i64	d27,d2
-	vorr		d30,d22,d16
-	vand		d29,d22,d16
-	veor		d21,d24,d25
-	vand		d30,d23
-	veor		d21,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d21,d27
-	vadd.i64	d17,d27
-	vadd.i64	d21,d30
-	vshr.u64	d24,d17,#14	@ 19
-#if 19<16
-	vld1.64		{d3},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d17,#18
-	vshr.u64	d26,d17,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d17,#50
-	vsli.64		d25,d17,#46
-	vsli.64		d26,d17,#23
-#if 19<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d20
-	veor		d29,d18,d19
-	veor		d24,d25
-	vand		d29,d17
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d19			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d21,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d21,#34
-	vshr.u64	d26,d21,#39
-	vsli.64		d24,d21,#36
-	vsli.64		d25,d21,#30
-	vsli.64		d26,d21,#25
-	vadd.i64	d27,d3
-	vorr		d30,d21,d23
-	vand		d29,d21,d23
-	veor		d20,d24,d25
-	vand		d30,d22
-	veor		d20,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d20,d27
-	vadd.i64	d16,d27
-	vadd.i64	d20,d30
-	vshr.u64	q12,q1,#19
-	vshr.u64	q13,q1,#61
-	vshr.u64	q15,q1,#6
-	vsli.64		q12,q1,#45
-	vext.8		q14,q2,q3,#8	@ X[i+1]
-	vsli.64		q13,q1,#3
-	veor		q15,q12
-	vshr.u64	q12,q14,#1
-	veor		q15,q13				@ sigma1(X[i+14])
-	vshr.u64	q13,q14,#8
-	vadd.i64	q2,q15
-	vshr.u64	q15,q14,#7
-	vsli.64		q12,q14,#63
-	vsli.64		q13,q14,#56
-	vext.8		q14,q6,q7,#8	@ X[i+9]
-	veor		q15,q12
-	vshr.u64	d24,d16,#14		@ from NEON_00_15
-	vadd.i64	q2,q14
-	vshr.u64	d25,d16,#18		@ from NEON_00_15
-	veor		q15,q13				@ sigma0(X[i+1])
-	vshr.u64	d26,d16,#41		@ from NEON_00_15
-	vadd.i64	q2,q15
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d16,#50
-	vsli.64		d25,d16,#46
-	vsli.64		d26,d16,#23
-#if 20<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d19
-	veor		d29,d17,d18
-	veor		d24,d25
-	vand		d29,d16
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d18			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d20,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d20,#34
-	vshr.u64	d26,d20,#39
-	vsli.64		d24,d20,#36
-	vsli.64		d25,d20,#30
-	vsli.64		d26,d20,#25
-	vadd.i64	d27,d4
-	vorr		d30,d20,d22
-	vand		d29,d20,d22
-	veor		d19,d24,d25
-	vand		d30,d21
-	veor		d19,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d19,d27
-	vadd.i64	d23,d27
-	vadd.i64	d19,d30
-	vshr.u64	d24,d23,#14	@ 21
-#if 21<16
-	vld1.64		{d5},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d23,#18
-	vshr.u64	d26,d23,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d23,#50
-	vsli.64		d25,d23,#46
-	vsli.64		d26,d23,#23
-#if 21<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d18
-	veor		d29,d16,d17
-	veor		d24,d25
-	vand		d29,d23
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d17			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d19,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d19,#34
-	vshr.u64	d26,d19,#39
-	vsli.64		d24,d19,#36
-	vsli.64		d25,d19,#30
-	vsli.64		d26,d19,#25
-	vadd.i64	d27,d5
-	vorr		d30,d19,d21
-	vand		d29,d19,d21
-	veor		d18,d24,d25
-	vand		d30,d20
-	veor		d18,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d18,d27
-	vadd.i64	d22,d27
-	vadd.i64	d18,d30
-	vshr.u64	q12,q2,#19
-	vshr.u64	q13,q2,#61
-	vshr.u64	q15,q2,#6
-	vsli.64		q12,q2,#45
-	vext.8		q14,q3,q4,#8	@ X[i+1]
-	vsli.64		q13,q2,#3
-	veor		q15,q12
-	vshr.u64	q12,q14,#1
-	veor		q15,q13				@ sigma1(X[i+14])
-	vshr.u64	q13,q14,#8
-	vadd.i64	q3,q15
-	vshr.u64	q15,q14,#7
-	vsli.64		q12,q14,#63
-	vsli.64		q13,q14,#56
-	vext.8		q14,q7,q0,#8	@ X[i+9]
-	veor		q15,q12
-	vshr.u64	d24,d22,#14		@ from NEON_00_15
-	vadd.i64	q3,q14
-	vshr.u64	d25,d22,#18		@ from NEON_00_15
-	veor		q15,q13				@ sigma0(X[i+1])
-	vshr.u64	d26,d22,#41		@ from NEON_00_15
-	vadd.i64	q3,q15
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d22,#50
-	vsli.64		d25,d22,#46
-	vsli.64		d26,d22,#23
-#if 22<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d17
-	veor		d29,d23,d16
-	veor		d24,d25
-	vand		d29,d22
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d16			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d18,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d18,#34
-	vshr.u64	d26,d18,#39
-	vsli.64		d24,d18,#36
-	vsli.64		d25,d18,#30
-	vsli.64		d26,d18,#25
-	vadd.i64	d27,d6
-	vorr		d30,d18,d20
-	vand		d29,d18,d20
-	veor		d17,d24,d25
-	vand		d30,d19
-	veor		d17,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d17,d27
-	vadd.i64	d21,d27
-	vadd.i64	d17,d30
-	vshr.u64	d24,d21,#14	@ 23
-#if 23<16
-	vld1.64		{d7},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d21,#18
-	vshr.u64	d26,d21,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d21,#50
-	vsli.64		d25,d21,#46
-	vsli.64		d26,d21,#23
-#if 23<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d16
-	veor		d29,d22,d23
-	veor		d24,d25
-	vand		d29,d21
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d23			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d17,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d17,#34
-	vshr.u64	d26,d17,#39
-	vsli.64		d24,d17,#36
-	vsli.64		d25,d17,#30
-	vsli.64		d26,d17,#25
-	vadd.i64	d27,d7
-	vorr		d30,d17,d19
-	vand		d29,d17,d19
-	veor		d16,d24,d25
-	vand		d30,d18
-	veor		d16,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d16,d27
-	vadd.i64	d20,d27
-	vadd.i64	d16,d30
-	vshr.u64	q12,q3,#19
-	vshr.u64	q13,q3,#61
-	vshr.u64	q15,q3,#6
-	vsli.64		q12,q3,#45
-	vext.8		q14,q4,q5,#8	@ X[i+1]
-	vsli.64		q13,q3,#3
-	veor		q15,q12
-	vshr.u64	q12,q14,#1
-	veor		q15,q13				@ sigma1(X[i+14])
-	vshr.u64	q13,q14,#8
-	vadd.i64	q4,q15
-	vshr.u64	q15,q14,#7
-	vsli.64		q12,q14,#63
-	vsli.64		q13,q14,#56
-	vext.8		q14,q0,q1,#8	@ X[i+9]
-	veor		q15,q12
-	vshr.u64	d24,d20,#14		@ from NEON_00_15
-	vadd.i64	q4,q14
-	vshr.u64	d25,d20,#18		@ from NEON_00_15
-	veor		q15,q13				@ sigma0(X[i+1])
-	vshr.u64	d26,d20,#41		@ from NEON_00_15
-	vadd.i64	q4,q15
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d20,#50
-	vsli.64		d25,d20,#46
-	vsli.64		d26,d20,#23
-#if 24<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d23
-	veor		d29,d21,d22
-	veor		d24,d25
-	vand		d29,d20
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d22			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d16,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d16,#34
-	vshr.u64	d26,d16,#39
-	vsli.64		d24,d16,#36
-	vsli.64		d25,d16,#30
-	vsli.64		d26,d16,#25
-	vadd.i64	d27,d8
-	vorr		d30,d16,d18
-	vand		d29,d16,d18
-	veor		d23,d24,d25
-	vand		d30,d17
-	veor		d23,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d23,d27
-	vadd.i64	d19,d27
-	vadd.i64	d23,d30
-	vshr.u64	d24,d19,#14	@ 25
-#if 25<16
-	vld1.64		{d9},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d19,#18
-	vshr.u64	d26,d19,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d19,#50
-	vsli.64		d25,d19,#46
-	vsli.64		d26,d19,#23
-#if 25<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d22
-	veor		d29,d20,d21
-	veor		d24,d25
-	vand		d29,d19
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d21			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d23,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d23,#34
-	vshr.u64	d26,d23,#39
-	vsli.64		d24,d23,#36
-	vsli.64		d25,d23,#30
-	vsli.64		d26,d23,#25
-	vadd.i64	d27,d9
-	vorr		d30,d23,d17
-	vand		d29,d23,d17
-	veor		d22,d24,d25
-	vand		d30,d16
-	veor		d22,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d22,d27
-	vadd.i64	d18,d27
-	vadd.i64	d22,d30
-	vshr.u64	q12,q4,#19
-	vshr.u64	q13,q4,#61
-	vshr.u64	q15,q4,#6
-	vsli.64		q12,q4,#45
-	vext.8		q14,q5,q6,#8	@ X[i+1]
-	vsli.64		q13,q4,#3
-	veor		q15,q12
-	vshr.u64	q12,q14,#1
-	veor		q15,q13				@ sigma1(X[i+14])
-	vshr.u64	q13,q14,#8
-	vadd.i64	q5,q15
-	vshr.u64	q15,q14,#7
-	vsli.64		q12,q14,#63
-	vsli.64		q13,q14,#56
-	vext.8		q14,q1,q2,#8	@ X[i+9]
-	veor		q15,q12
-	vshr.u64	d24,d18,#14		@ from NEON_00_15
-	vadd.i64	q5,q14
-	vshr.u64	d25,d18,#18		@ from NEON_00_15
-	veor		q15,q13				@ sigma0(X[i+1])
-	vshr.u64	d26,d18,#41		@ from NEON_00_15
-	vadd.i64	q5,q15
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d18,#50
-	vsli.64		d25,d18,#46
-	vsli.64		d26,d18,#23
-#if 26<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d21
-	veor		d29,d19,d20
-	veor		d24,d25
-	vand		d29,d18
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d20			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d22,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d22,#34
-	vshr.u64	d26,d22,#39
-	vsli.64		d24,d22,#36
-	vsli.64		d25,d22,#30
-	vsli.64		d26,d22,#25
-	vadd.i64	d27,d10
-	vorr		d30,d22,d16
-	vand		d29,d22,d16
-	veor		d21,d24,d25
-	vand		d30,d23
-	veor		d21,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d21,d27
-	vadd.i64	d17,d27
-	vadd.i64	d21,d30
-	vshr.u64	d24,d17,#14	@ 27
-#if 27<16
-	vld1.64		{d11},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d17,#18
-	vshr.u64	d26,d17,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d17,#50
-	vsli.64		d25,d17,#46
-	vsli.64		d26,d17,#23
-#if 27<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d20
-	veor		d29,d18,d19
-	veor		d24,d25
-	vand		d29,d17
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d19			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d21,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d21,#34
-	vshr.u64	d26,d21,#39
-	vsli.64		d24,d21,#36
-	vsli.64		d25,d21,#30
-	vsli.64		d26,d21,#25
-	vadd.i64	d27,d11
-	vorr		d30,d21,d23
-	vand		d29,d21,d23
-	veor		d20,d24,d25
-	vand		d30,d22
-	veor		d20,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d20,d27
-	vadd.i64	d16,d27
-	vadd.i64	d20,d30
-	vshr.u64	q12,q5,#19
-	vshr.u64	q13,q5,#61
-	vshr.u64	q15,q5,#6
-	vsli.64		q12,q5,#45
-	vext.8		q14,q6,q7,#8	@ X[i+1]
-	vsli.64		q13,q5,#3
-	veor		q15,q12
-	vshr.u64	q12,q14,#1
-	veor		q15,q13				@ sigma1(X[i+14])
-	vshr.u64	q13,q14,#8
-	vadd.i64	q6,q15
-	vshr.u64	q15,q14,#7
-	vsli.64		q12,q14,#63
-	vsli.64		q13,q14,#56
-	vext.8		q14,q2,q3,#8	@ X[i+9]
-	veor		q15,q12
-	vshr.u64	d24,d16,#14		@ from NEON_00_15
-	vadd.i64	q6,q14
-	vshr.u64	d25,d16,#18		@ from NEON_00_15
-	veor		q15,q13				@ sigma0(X[i+1])
-	vshr.u64	d26,d16,#41		@ from NEON_00_15
-	vadd.i64	q6,q15
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d16,#50
-	vsli.64		d25,d16,#46
-	vsli.64		d26,d16,#23
-#if 28<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d19
-	veor		d29,d17,d18
-	veor		d24,d25
-	vand		d29,d16
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d18			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d20,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d20,#34
-	vshr.u64	d26,d20,#39
-	vsli.64		d24,d20,#36
-	vsli.64		d25,d20,#30
-	vsli.64		d26,d20,#25
-	vadd.i64	d27,d12
-	vorr		d30,d20,d22
-	vand		d29,d20,d22
-	veor		d19,d24,d25
-	vand		d30,d21
-	veor		d19,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d19,d27
-	vadd.i64	d23,d27
-	vadd.i64	d19,d30
-	vshr.u64	d24,d23,#14	@ 29
-#if 29<16
-	vld1.64		{d13},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d23,#18
-	vshr.u64	d26,d23,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d23,#50
-	vsli.64		d25,d23,#46
-	vsli.64		d26,d23,#23
-#if 29<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d18
-	veor		d29,d16,d17
-	veor		d24,d25
-	vand		d29,d23
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d17			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d19,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d19,#34
-	vshr.u64	d26,d19,#39
-	vsli.64		d24,d19,#36
-	vsli.64		d25,d19,#30
-	vsli.64		d26,d19,#25
-	vadd.i64	d27,d13
-	vorr		d30,d19,d21
-	vand		d29,d19,d21
-	veor		d18,d24,d25
-	vand		d30,d20
-	veor		d18,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d18,d27
-	vadd.i64	d22,d27
-	vadd.i64	d18,d30
-	vshr.u64	q12,q6,#19
-	vshr.u64	q13,q6,#61
-	vshr.u64	q15,q6,#6
-	vsli.64		q12,q6,#45
-	vext.8		q14,q7,q0,#8	@ X[i+1]
-	vsli.64		q13,q6,#3
-	veor		q15,q12
-	vshr.u64	q12,q14,#1
-	veor		q15,q13				@ sigma1(X[i+14])
-	vshr.u64	q13,q14,#8
-	vadd.i64	q7,q15
-	vshr.u64	q15,q14,#7
-	vsli.64		q12,q14,#63
-	vsli.64		q13,q14,#56
-	vext.8		q14,q3,q4,#8	@ X[i+9]
-	veor		q15,q12
-	vshr.u64	d24,d22,#14		@ from NEON_00_15
-	vadd.i64	q7,q14
-	vshr.u64	d25,d22,#18		@ from NEON_00_15
-	veor		q15,q13				@ sigma0(X[i+1])
-	vshr.u64	d26,d22,#41		@ from NEON_00_15
-	vadd.i64	q7,q15
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d22,#50
-	vsli.64		d25,d22,#46
-	vsli.64		d26,d22,#23
-#if 30<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d17
-	veor		d29,d23,d16
-	veor		d24,d25
-	vand		d29,d22
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d16			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d18,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d18,#34
-	vshr.u64	d26,d18,#39
-	vsli.64		d24,d18,#36
-	vsli.64		d25,d18,#30
-	vsli.64		d26,d18,#25
-	vadd.i64	d27,d14
-	vorr		d30,d18,d20
-	vand		d29,d18,d20
-	veor		d17,d24,d25
-	vand		d30,d19
-	veor		d17,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d17,d27
-	vadd.i64	d21,d27
-	vadd.i64	d17,d30
-	vshr.u64	d24,d21,#14	@ 31
-#if 31<16
-	vld1.64		{d15},[r1]!	@ handles unaligned
-#endif
-	vshr.u64	d25,d21,#18
-	vshr.u64	d26,d21,#41
-	vld1.64		{d28},[r3,:64]!	@ K[i++]
-	vsli.64		d24,d21,#50
-	vsli.64		d25,d21,#46
-	vsli.64		d26,d21,#23
-#if 31<16 && defined(__ARMEL__)
-	vrev64.8	,
-#endif
-	vadd.i64	d27,d28,d16
-	veor		d29,d22,d23
-	veor		d24,d25
-	vand		d29,d21
-	veor		d24,d26			@ Sigma1(e)
-	veor		d29,d23			@ Ch(e,f,g)
-	vadd.i64	d27,d24
-	vshr.u64	d24,d17,#28
-	vadd.i64	d27,d29
-	vshr.u64	d25,d17,#34
-	vshr.u64	d26,d17,#39
-	vsli.64		d24,d17,#36
-	vsli.64		d25,d17,#30
-	vsli.64		d26,d17,#25
-	vadd.i64	d27,d15
-	vorr		d30,d17,d19
-	vand		d29,d17,d19
-	veor		d16,d24,d25
-	vand		d30,d18
-	veor		d16,d26			@ Sigma0(a)
-	vorr		d30,d29		@ Maj(a,b,c)
-	vadd.i64	d16,d27
-	vadd.i64	d20,d27
-	vadd.i64	d16,d30
-	bne		.L16_79_neon
-
-	vldmia		r0,{d24-d31}	@ load context to temp
-	vadd.i64	q8,q12		@ vectorized accumulate
-	vadd.i64	q9,q13
-	vadd.i64	q10,q14
-	vadd.i64	q11,q15
-	vstmia		r0,{d16-d23}	@ save context
-	teq		r1,r2
-	sub		r3,#640	@ rewind K512
-	bne		.Loop_neon
-
-	vldmia	sp!,{d8-d15}		@ epilogue
-	bx	lr				@ .word	0xe12fff1e
-#endif
-.size	sha512_block_data_order,.-sha512_block_data_order
-.asciz	"SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by <appro@openssl.org>"
-.align	2
-.comm	OPENSSL_armcap_P,4,4
diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl
deleted file mode 100644
index 71aa9356f9..0000000000
--- a/crypto/sha/asm/sha512-armv4.pl
+++ /dev/null
@@ -1,583 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# SHA512 block procedure for ARMv4. September 2007.
-
-# This code is ~4.5 (four and a half) times faster than code generated
-# by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue
-# Xscale PXA250 core].
-#
-# July 2010.
-#
-# Rescheduling for dual-issue pipeline resulted in 6% improvement on
-# Cortex A8 core and ~40 cycles per processed byte.
-
-# February 2011.
-#
-# Profiler-assisted and platform-specific optimization resulted in 7%
-# improvement on Coxtex A8 core and ~38 cycles per byte.
-
-# March 2011.
-#
-# Add NEON implementation. On Cortex A8 it was measured to process
-# one byte in 25.5 cycles or 47% faster than integer-only code.
-
-# Byte order [in]dependence. =========================================
-#
-# Originally caller was expected to maintain specific *dword* order in
-# h[0-7], namely with most significant dword at *lower* address, which
-# was reflected in below two parameters as 0 and 4. Now caller is
-# expected to maintain native byte order for whole 64-bit values.
-$hi="HI";
-$lo="LO";
-# ====================================================================
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-$ctx="r0";	# parameter block
-$inp="r1";
-$len="r2";
-
-$Tlo="r3";
-$Thi="r4";
-$Alo="r5";
-$Ahi="r6";
-$Elo="r7";
-$Ehi="r8";
-$t0="r9";
-$t1="r10";
-$t2="r11";
-$t3="r12";
-############	r13 is stack pointer
-$Ktbl="r14";
-############	r15 is program counter
-
-$Aoff=8*0;
-$Boff=8*1;
-$Coff=8*2;
-$Doff=8*3;
-$Eoff=8*4;
-$Foff=8*5;
-$Goff=8*6;
-$Hoff=8*7;
-$Xoff=8*8;
-
-sub BODY_00_15() {
-my $magic = shift;
-$code.=<<___;
-	@ Sigma1(x)	(ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
-	@ LO		lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
-	@ HI		hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
-	mov	$t0,$Elo,lsr#14
-	str	$Tlo,[sp,#$Xoff+0]
-	mov	$t1,$Ehi,lsr#14
-	str	$Thi,[sp,#$Xoff+4]
-	eor	$t0,$t0,$Ehi,lsl#18
-	ldr	$t2,[sp,#$Hoff+0]	@ h.lo
-	eor	$t1,$t1,$Elo,lsl#18
-	ldr	$t3,[sp,#$Hoff+4]	@ h.hi
-	eor	$t0,$t0,$Elo,lsr#18
-	eor	$t1,$t1,$Ehi,lsr#18
-	eor	$t0,$t0,$Ehi,lsl#14
-	eor	$t1,$t1,$Elo,lsl#14
-	eor	$t0,$t0,$Ehi,lsr#9
-	eor	$t1,$t1,$Elo,lsr#9
-	eor	$t0,$t0,$Elo,lsl#23
-	eor	$t1,$t1,$Ehi,lsl#23	@ Sigma1(e)
-	adds	$Tlo,$Tlo,$t0
-	ldr	$t0,[sp,#$Foff+0]	@ f.lo
-	adc	$Thi,$Thi,$t1		@ T += Sigma1(e)
-	ldr	$t1,[sp,#$Foff+4]	@ f.hi
-	adds	$Tlo,$Tlo,$t2
-	ldr	$t2,[sp,#$Goff+0]	@ g.lo
-	adc	$Thi,$Thi,$t3		@ T += h
-	ldr	$t3,[sp,#$Goff+4]	@ g.hi
-
-	eor	$t0,$t0,$t2
-	str	$Elo,[sp,#$Eoff+0]
-	eor	$t1,$t1,$t3
-	str	$Ehi,[sp,#$Eoff+4]
-	and	$t0,$t0,$Elo
-	str	$Alo,[sp,#$Aoff+0]
-	and	$t1,$t1,$Ehi
-	str	$Ahi,[sp,#$Aoff+4]
-	eor	$t0,$t0,$t2
-	ldr	$t2,[$Ktbl,#$lo]	@ K[i].lo
-	eor	$t1,$t1,$t3		@ Ch(e,f,g)
-	ldr	$t3,[$Ktbl,#$hi]	@ K[i].hi
-
-	adds	$Tlo,$Tlo,$t0
-	ldr	$Elo,[sp,#$Doff+0]	@ d.lo
-	adc	$Thi,$Thi,$t1		@ T += Ch(e,f,g)
-	ldr	$Ehi,[sp,#$Doff+4]	@ d.hi
-	adds	$Tlo,$Tlo,$t2
-	and	$t0,$t2,#0xff
-	adc	$Thi,$Thi,$t3		@ T += K[i]
-	adds	$Elo,$Elo,$Tlo
-	ldr	$t2,[sp,#$Boff+0]	@ b.lo
-	adc	$Ehi,$Ehi,$Thi		@ d += T
-	teq	$t0,#$magic
-
-	ldr	$t3,[sp,#$Coff+0]	@ c.lo
-	orreq	$Ktbl,$Ktbl,#1
-	@ Sigma0(x)	(ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
-	@ LO		lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
-	@ HI		hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
-	mov	$t0,$Alo,lsr#28
-	mov	$t1,$Ahi,lsr#28
-	eor	$t0,$t0,$Ahi,lsl#4
-	eor	$t1,$t1,$Alo,lsl#4
-	eor	$t0,$t0,$Ahi,lsr#2
-	eor	$t1,$t1,$Alo,lsr#2
-	eor	$t0,$t0,$Alo,lsl#30
-	eor	$t1,$t1,$Ahi,lsl#30
-	eor	$t0,$t0,$Ahi,lsr#7
-	eor	$t1,$t1,$Alo,lsr#7
-	eor	$t0,$t0,$Alo,lsl#25
-	eor	$t1,$t1,$Ahi,lsl#25	@ Sigma0(a)
-	adds	$Tlo,$Tlo,$t0
-	and	$t0,$Alo,$t2
-	adc	$Thi,$Thi,$t1		@ T += Sigma0(a)
-
-	ldr	$t1,[sp,#$Boff+4]	@ b.hi
-	orr	$Alo,$Alo,$t2
-	ldr	$t2,[sp,#$Coff+4]	@ c.hi
-	and	$Alo,$Alo,$t3
-	and	$t3,$Ahi,$t1
-	orr	$Ahi,$Ahi,$t1
-	orr	$Alo,$Alo,$t0		@ Maj(a,b,c).lo
-	and	$Ahi,$Ahi,$t2
-	adds	$Alo,$Alo,$Tlo
-	orr	$Ahi,$Ahi,$t3		@ Maj(a,b,c).hi
-	sub	sp,sp,#8
-	adc	$Ahi,$Ahi,$Thi		@ h += T
-	tst	$Ktbl,#1
-	add	$Ktbl,$Ktbl,#8
-___
-}
-$code=<<___;
-#include "arm_arch.h"
-#ifdef __ARMEL__
-# define LO 0
-# define HI 4
-# define WORD64(hi0,lo0,hi1,lo1)	.word	lo0,hi0, lo1,hi1
-#else
-# define HI 0
-# define LO 4
-# define WORD64(hi0,lo0,hi1,lo1)	.word	hi0,lo0, hi1,lo1
-#endif
-
-.text
-.code	32
-.type	K512,%object
-.align	5
-K512:
-WORD64(0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd)
-WORD64(0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc)
-WORD64(0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019)
-WORD64(0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118)
-WORD64(0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe)
-WORD64(0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2)
-WORD64(0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1)
-WORD64(0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694)
-WORD64(0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3)
-WORD64(0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65)
-WORD64(0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483)
-WORD64(0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5)
-WORD64(0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210)
-WORD64(0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4)
-WORD64(0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725)
-WORD64(0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70)
-WORD64(0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926)
-WORD64(0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df)
-WORD64(0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8)
-WORD64(0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b)
-WORD64(0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001)
-WORD64(0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30)
-WORD64(0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910)
-WORD64(0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8)
-WORD64(0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53)
-WORD64(0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8)
-WORD64(0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb)
-WORD64(0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3)
-WORD64(0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60)
-WORD64(0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec)
-WORD64(0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9)
-WORD64(0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b)
-WORD64(0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207)
-WORD64(0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178)
-WORD64(0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6)
-WORD64(0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b)
-WORD64(0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493)
-WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c)
-WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a)
-WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817)
-.size	K512,.-K512
-.LOPENSSL_armcap:
-.word	OPENSSL_armcap_P-sha512_block_data_order
-.skip	32-4
-
-.global	sha512_block_data_order
-.type	sha512_block_data_order,%function
-sha512_block_data_order:
-	sub	r3,pc,#8		@ sha512_block_data_order
-	add	$len,$inp,$len,lsl#7	@ len to point at the end of inp
-#if __ARM_ARCH__>=7
-	ldr	r12,.LOPENSSL_armcap
-	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
-	tst	r12,#1
-	bne	.LNEON
-#endif
-	stmdb	sp!,{r4-r12,lr}
-	sub	$Ktbl,r3,#672		@ K512
-	sub	sp,sp,#9*8
-
-	ldr	$Elo,[$ctx,#$Eoff+$lo]
-	ldr	$Ehi,[$ctx,#$Eoff+$hi]
-	ldr	$t0, [$ctx,#$Goff+$lo]
-	ldr	$t1, [$ctx,#$Goff+$hi]
-	ldr	$t2, [$ctx,#$Hoff+$lo]
-	ldr	$t3, [$ctx,#$Hoff+$hi]
-.Loop:
-	str	$t0, [sp,#$Goff+0]
-	str	$t1, [sp,#$Goff+4]
-	str	$t2, [sp,#$Hoff+0]
-	str	$t3, [sp,#$Hoff+4]
-	ldr	$Alo,[$ctx,#$Aoff+$lo]
-	ldr	$Ahi,[$ctx,#$Aoff+$hi]
-	ldr	$Tlo,[$ctx,#$Boff+$lo]
-	ldr	$Thi,[$ctx,#$Boff+$hi]
-	ldr	$t0, [$ctx,#$Coff+$lo]
-	ldr	$t1, [$ctx,#$Coff+$hi]
-	ldr	$t2, [$ctx,#$Doff+$lo]
-	ldr	$t3, [$ctx,#$Doff+$hi]
-	str	$Tlo,[sp,#$Boff+0]
-	str	$Thi,[sp,#$Boff+4]
-	str	$t0, [sp,#$Coff+0]
-	str	$t1, [sp,#$Coff+4]
-	str	$t2, [sp,#$Doff+0]
-	str	$t3, [sp,#$Doff+4]
-	ldr	$Tlo,[$ctx,#$Foff+$lo]
-	ldr	$Thi,[$ctx,#$Foff+$hi]
-	str	$Tlo,[sp,#$Foff+0]
-	str	$Thi,[sp,#$Foff+4]
-
-.L00_15:
-#if __ARM_ARCH__<7
-	ldrb	$Tlo,[$inp,#7]
-	ldrb	$t0, [$inp,#6]
-	ldrb	$t1, [$inp,#5]
-	ldrb	$t2, [$inp,#4]
-	ldrb	$Thi,[$inp,#3]
-	ldrb	$t3, [$inp,#2]
-	orr	$Tlo,$Tlo,$t0,lsl#8
-	ldrb	$t0, [$inp,#1]
-	orr	$Tlo,$Tlo,$t1,lsl#16
-	ldrb	$t1, [$inp],#8
-	orr	$Tlo,$Tlo,$t2,lsl#24
-	orr	$Thi,$Thi,$t3,lsl#8
-	orr	$Thi,$Thi,$t0,lsl#16
-	orr	$Thi,$Thi,$t1,lsl#24
-#else
-	ldr	$Tlo,[$inp,#4]
-	ldr	$Thi,[$inp],#8
-#ifdef __ARMEL__
-	rev	$Tlo,$Tlo
-	rev	$Thi,$Thi
-#endif
-#endif
-___
-	&BODY_00_15(0x94);
-$code.=<<___;
-	tst	$Ktbl,#1
-	beq	.L00_15
-	ldr	$t0,[sp,#`$Xoff+8*(16-1)`+0]
-	ldr	$t1,[sp,#`$Xoff+8*(16-1)`+4]
-	bic	$Ktbl,$Ktbl,#1
-.L16_79:
-	@ sigma0(x)	(ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
-	@ LO		lo>>1^hi<<31  ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
-	@ HI		hi>>1^lo<<31  ^ hi>>8^lo<<24 ^ hi>>7
-	mov	$Tlo,$t0,lsr#1
-	ldr	$t2,[sp,#`$Xoff+8*(16-14)`+0]
-	mov	$Thi,$t1,lsr#1
-	ldr	$t3,[sp,#`$Xoff+8*(16-14)`+4]
-	eor	$Tlo,$Tlo,$t1,lsl#31
-	eor	$Thi,$Thi,$t0,lsl#31
-	eor	$Tlo,$Tlo,$t0,lsr#8
-	eor	$Thi,$Thi,$t1,lsr#8
-	eor	$Tlo,$Tlo,$t1,lsl#24
-	eor	$Thi,$Thi,$t0,lsl#24
-	eor	$Tlo,$Tlo,$t0,lsr#7
-	eor	$Thi,$Thi,$t1,lsr#7
-	eor	$Tlo,$Tlo,$t1,lsl#25
-
-	@ sigma1(x)	(ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
-	@ LO		lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26
-	@ HI		hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6
-	mov	$t0,$t2,lsr#19
-	mov	$t1,$t3,lsr#19
-	eor	$t0,$t0,$t3,lsl#13
-	eor	$t1,$t1,$t2,lsl#13
-	eor	$t0,$t0,$t3,lsr#29
-	eor	$t1,$t1,$t2,lsr#29
-	eor	$t0,$t0,$t2,lsl#3
-	eor	$t1,$t1,$t3,lsl#3
-	eor	$t0,$t0,$t2,lsr#6
-	eor	$t1,$t1,$t3,lsr#6
-	ldr	$t2,[sp,#`$Xoff+8*(16-9)`+0]
-	eor	$t0,$t0,$t3,lsl#26
-
-	ldr	$t3,[sp,#`$Xoff+8*(16-9)`+4]
-	adds	$Tlo,$Tlo,$t0
-	ldr	$t0,[sp,#`$Xoff+8*16`+0]
-	adc	$Thi,$Thi,$t1
-
-	ldr	$t1,[sp,#`$Xoff+8*16`+4]
-	adds	$Tlo,$Tlo,$t2
-	adc	$Thi,$Thi,$t3
-	adds	$Tlo,$Tlo,$t0
-	adc	$Thi,$Thi,$t1
-___
-	&BODY_00_15(0x17);
-$code.=<<___;
-	ldreq	$t0,[sp,#`$Xoff+8*(16-1)`+0]
-	ldreq	$t1,[sp,#`$Xoff+8*(16-1)`+4]
-	beq	.L16_79
-	bic	$Ktbl,$Ktbl,#1
-
-	ldr	$Tlo,[sp,#$Boff+0]
-	ldr	$Thi,[sp,#$Boff+4]
-	ldr	$t0, [$ctx,#$Aoff+$lo]
-	ldr	$t1, [$ctx,#$Aoff+$hi]
-	ldr	$t2, [$ctx,#$Boff+$lo]
-	ldr	$t3, [$ctx,#$Boff+$hi]
-	adds	$t0,$Alo,$t0
-	str	$t0, [$ctx,#$Aoff+$lo]
-	adc	$t1,$Ahi,$t1
-	str	$t1, [$ctx,#$Aoff+$hi]
-	adds	$t2,$Tlo,$t2
-	str	$t2, [$ctx,#$Boff+$lo]
-	adc	$t3,$Thi,$t3
-	str	$t3, [$ctx,#$Boff+$hi]
-
-	ldr	$Alo,[sp,#$Coff+0]
-	ldr	$Ahi,[sp,#$Coff+4]
-	ldr	$Tlo,[sp,#$Doff+0]
-	ldr	$Thi,[sp,#$Doff+4]
-	ldr	$t0, [$ctx,#$Coff+$lo]
-	ldr	$t1, [$ctx,#$Coff+$hi]
-	ldr	$t2, [$ctx,#$Doff+$lo]
-	ldr	$t3, [$ctx,#$Doff+$hi]
-	adds	$t0,$Alo,$t0
-	str	$t0, [$ctx,#$Coff+$lo]
-	adc	$t1,$Ahi,$t1
-	str	$t1, [$ctx,#$Coff+$hi]
-	adds	$t2,$Tlo,$t2
-	str	$t2, [$ctx,#$Doff+$lo]
-	adc	$t3,$Thi,$t3
-	str	$t3, [$ctx,#$Doff+$hi]
-
-	ldr	$Tlo,[sp,#$Foff+0]
-	ldr	$Thi,[sp,#$Foff+4]
-	ldr	$t0, [$ctx,#$Eoff+$lo]
-	ldr	$t1, [$ctx,#$Eoff+$hi]
-	ldr	$t2, [$ctx,#$Foff+$lo]
-	ldr	$t3, [$ctx,#$Foff+$hi]
-	adds	$Elo,$Elo,$t0
-	str	$Elo,[$ctx,#$Eoff+$lo]
-	adc	$Ehi,$Ehi,$t1
-	str	$Ehi,[$ctx,#$Eoff+$hi]
-	adds	$t2,$Tlo,$t2
-	str	$t2, [$ctx,#$Foff+$lo]
-	adc	$t3,$Thi,$t3
-	str	$t3, [$ctx,#$Foff+$hi]
-
-	ldr	$Alo,[sp,#$Goff+0]
-	ldr	$Ahi,[sp,#$Goff+4]
-	ldr	$Tlo,[sp,#$Hoff+0]
-	ldr	$Thi,[sp,#$Hoff+4]
-	ldr	$t0, [$ctx,#$Goff+$lo]
-	ldr	$t1, [$ctx,#$Goff+$hi]
-	ldr	$t2, [$ctx,#$Hoff+$lo]
-	ldr	$t3, [$ctx,#$Hoff+$hi]
-	adds	$t0,$Alo,$t0
-	str	$t0, [$ctx,#$Goff+$lo]
-	adc	$t1,$Ahi,$t1
-	str	$t1, [$ctx,#$Goff+$hi]
-	adds	$t2,$Tlo,$t2
-	str	$t2, [$ctx,#$Hoff+$lo]
-	adc	$t3,$Thi,$t3
-	str	$t3, [$ctx,#$Hoff+$hi]
-
-	add	sp,sp,#640
-	sub	$Ktbl,$Ktbl,#640
-
-	teq	$inp,$len
-	bne	.Loop
-
-	add	sp,sp,#8*9		@ destroy frame
-#if __ARM_ARCH__>=5
-	ldmia	sp!,{r4-r12,pc}
-#else
-	ldmia	sp!,{r4-r12,lr}
-	tst	lr,#1
-	moveq	pc,lr			@ be binary compatible with V4, yet
-	bx	lr			@ interoperable with Thumb ISA:-)
-#endif
-___
-
-{
-my @Sigma0=(28,34,39);
-my @Sigma1=(14,18,41);
-my @sigma0=(1, 8, 7);
-my @sigma1=(19,61,6);
-
-my $Ktbl="r3";
-my $cnt="r12";	# volatile register known as ip, intra-procedure-call scratch
-
-my @X=map("d$_",(0..15));
-my @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("d$_",(16..23));
-
-sub NEON_00_15() {
-my $i=shift;
-my ($a,$b,$c,$d,$e,$f,$g,$h)=@_;
-my ($t0,$t1,$t2,$T1,$K,$Ch,$Maj)=map("d$_",(24..31));	# temps
-
-$code.=<<___ if ($i<16 || $i&1);
-	vshr.u64	$t0,$e,#@Sigma1[0]	@ $i
-#if $i<16
-	vld1.64		{@X[$i%16]},[$inp]!	@ handles unaligned
-#endif
-	vshr.u64	$t1,$e,#@Sigma1[1]
-	vshr.u64	$t2,$e,#@Sigma1[2]
-___
-$code.=<<___;
-	vld1.64		{$K},[$Ktbl,:64]!	@ K[i++]
-	vsli.64		$t0,$e,#`64-@Sigma1[0]`
-	vsli.64		$t1,$e,#`64-@Sigma1[1]`
-	vsli.64		$t2,$e,#`64-@Sigma1[2]`
-#if $i<16 && defined(__ARMEL__)
-	vrev64.8	@X[$i],@X[$i]
-#endif
-	vadd.i64	$T1,$K,$h
-	veor		$Ch,$f,$g
-	veor		$t0,$t1
-	vand		$Ch,$e
-	veor		$t0,$t2			@ Sigma1(e)
-	veor		$Ch,$g			@ Ch(e,f,g)
-	vadd.i64	$T1,$t0
-	vshr.u64	$t0,$a,#@Sigma0[0]
-	vadd.i64	$T1,$Ch
-	vshr.u64	$t1,$a,#@Sigma0[1]
-	vshr.u64	$t2,$a,#@Sigma0[2]
-	vsli.64		$t0,$a,#`64-@Sigma0[0]`
-	vsli.64		$t1,$a,#`64-@Sigma0[1]`
-	vsli.64		$t2,$a,#`64-@Sigma0[2]`
-	vadd.i64	$T1,@X[$i%16]
-	vorr		$Maj,$a,$c
-	vand		$Ch,$a,$c
-	veor		$h,$t0,$t1
-	vand		$Maj,$b
-	veor		$h,$t2			@ Sigma0(a)
-	vorr		$Maj,$Ch		@ Maj(a,b,c)
-	vadd.i64	$h,$T1
-	vadd.i64	$d,$T1
-	vadd.i64	$h,$Maj
-___
-}
-
-sub NEON_16_79() {
-my $i=shift;
-
-if ($i&1)	{ &NEON_00_15($i,@_); return; }
-
-# 2x-vectorized, therefore runs every 2nd round
-my @X=map("q$_",(0..7));			# view @X as 128-bit vector
-my ($t0,$t1,$s0,$s1) = map("q$_",(12..15));	# temps
-my ($d0,$d1,$d2) = map("d$_",(24..26));		# temps from NEON_00_15
-my $e=@_[4];					# $e from NEON_00_15
-$i /= 2;
-$code.=<<___;
-	vshr.u64	$t0,@X[($i+7)%8],#@sigma1[0]
-	vshr.u64	$t1,@X[($i+7)%8],#@sigma1[1]
-	vshr.u64	$s1,@X[($i+7)%8],#@sigma1[2]
-	vsli.64		$t0,@X[($i+7)%8],#`64-@sigma1[0]`
-	vext.8		$s0,@X[$i%8],@X[($i+1)%8],#8	@ X[i+1]
-	vsli.64		$t1,@X[($i+7)%8],#`64-@sigma1[1]`
-	veor		$s1,$t0
-	vshr.u64	$t0,$s0,#@sigma0[0]
-	veor		$s1,$t1				@ sigma1(X[i+14])
-	vshr.u64	$t1,$s0,#@sigma0[1]
-	vadd.i64	@X[$i%8],$s1
-	vshr.u64	$s1,$s0,#@sigma0[2]
-	vsli.64		$t0,$s0,#`64-@sigma0[0]`
-	vsli.64		$t1,$s0,#`64-@sigma0[1]`
-	vext.8		$s0,@X[($i+4)%8],@X[($i+5)%8],#8	@ X[i+9]
-	veor		$s1,$t0
-	vshr.u64	$d0,$e,#@Sigma1[0]		@ from NEON_00_15
-	vadd.i64	@X[$i%8],$s0
-	vshr.u64	$d1,$e,#@Sigma1[1]		@ from NEON_00_15
-	veor		$s1,$t1				@ sigma0(X[i+1])
-	vshr.u64	$d2,$e,#@Sigma1[2]		@ from NEON_00_15
-	vadd.i64	@X[$i%8],$s1
-___
-	&NEON_00_15(2*$i,@_);
-}
-
-$code.=<<___;
-#if __ARM_ARCH__>=7
-.fpu	neon
-
-.align	4
-.LNEON:
-	dmb				@ errata #451034 on early Cortex A8
-	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-	sub	$Ktbl,r3,#672		@ K512
-	vldmia	$ctx,{$A-$H}		@ load context
-.Loop_neon:
-___
-for($i=0;$i<16;$i++)	{ &NEON_00_15($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	mov		$cnt,#4
-.L16_79_neon:
-	subs		$cnt,#1
-___
-for(;$i<32;$i++)	{ &NEON_16_79($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	bne		.L16_79_neon
-
-	vldmia		$ctx,{d24-d31}	@ load context to temp
-	vadd.i64	q8,q12		@ vectorized accumulate
-	vadd.i64	q9,q13
-	vadd.i64	q10,q14
-	vadd.i64	q11,q15
-	vstmia		$ctx,{$A-$H}	@ save context
-	teq		$inp,$len
-	sub		$Ktbl,#640	@ rewind K512
-	bne		.Loop_neon
-
-	vldmia	sp!,{d8-d15}		@ epilogue
-	ret				@ bx lr
-#endif
-___
-}
-$code.=<<___;
-.size	sha512_block_data_order,.-sha512_block_data_order
-.asciz	"SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
-.align	2
-.comm	OPENSSL_armcap_P,4,4
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
-$code =~ s/\bret\b/bx	lr/gm;
-print $code;
-close STDOUT; # enforce flush
diff --git a/crypto/sha/asm/sha512-armv8.S b/crypto/sha/asm/sha512-armv8.S
deleted file mode 100644
index 6b0d1940c6..0000000000
--- a/crypto/sha/asm/sha512-armv8.S
+++ /dev/null
@@ -1,1021 +0,0 @@
-#include "arm_arch.h"
-
-.text
-
-.globl	sha512_block_data_order
-.type	sha512_block_data_order,%function
-.align	6
-sha512_block_data_order:
-	stp	x29,x30,[sp,#-128]!
-	add	x29,sp,#0
-
-	stp	x19,x20,[sp,#16]
-	stp	x21,x22,[sp,#32]
-	stp	x23,x24,[sp,#48]
-	stp	x25,x26,[sp,#64]
-	stp	x27,x28,[sp,#80]
-	sub	sp,sp,#4*8
-
-	ldp	x20,x21,[x0]				// load context
-	ldp	x22,x23,[x0,#2*8]
-	ldp	x24,x25,[x0,#4*8]
-	add	x2,x1,x2,lsl#7	// end of input
-	ldp	x26,x27,[x0,#6*8]
-	adr	x30,K512
-	stp	x0,x2,[x29,#96]
-
-.Loop:
-	ldp	x3,x4,[x1],#2*8
-	ldr	x19,[x30],#8			// *K++
-	eor	x28,x21,x22				// magic seed
-	str	x1,[x29,#112]
-#ifndef	__ARMEB__
-	rev	x3,x3			// 0
-#endif
-	ror	x16,x24,#14
-	add	x27,x27,x19			// h+=K[i]
-	eor	x6,x24,x24,ror#23
-	and	x17,x25,x24
-	bic	x19,x26,x24
-	add	x27,x27,x3			// h+=X[i]
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x20,x21			// a^b, b^c in next round
-	eor	x16,x16,x6,ror#18	// Sigma1(e)
-	ror	x6,x20,#28
-	add	x27,x27,x17			// h+=Ch(e,f,g)
-	eor	x17,x20,x20,ror#5
-	add	x27,x27,x16			// h+=Sigma1(e)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	add	x23,x23,x27			// d+=h
-	eor	x28,x28,x21			// Maj(a,b,c)
-	eor	x17,x6,x17,ror#34	// Sigma0(a)
-	add	x27,x27,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	//add	x27,x27,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x4,x4			// 1
-#endif
-	ldp	x5,x6,[x1],#2*8
-	add	x27,x27,x17			// h+=Sigma0(a)
-	ror	x16,x23,#14
-	add	x26,x26,x28			// h+=K[i]
-	eor	x7,x23,x23,ror#23
-	and	x17,x24,x23
-	bic	x28,x25,x23
-	add	x26,x26,x4			// h+=X[i]
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x27,x20			// a^b, b^c in next round
-	eor	x16,x16,x7,ror#18	// Sigma1(e)
-	ror	x7,x27,#28
-	add	x26,x26,x17			// h+=Ch(e,f,g)
-	eor	x17,x27,x27,ror#5
-	add	x26,x26,x16			// h+=Sigma1(e)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	add	x22,x22,x26			// d+=h
-	eor	x19,x19,x20			// Maj(a,b,c)
-	eor	x17,x7,x17,ror#34	// Sigma0(a)
-	add	x26,x26,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	//add	x26,x26,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x5,x5			// 2
-#endif
-	add	x26,x26,x17			// h+=Sigma0(a)
-	ror	x16,x22,#14
-	add	x25,x25,x19			// h+=K[i]
-	eor	x8,x22,x22,ror#23
-	and	x17,x23,x22
-	bic	x19,x24,x22
-	add	x25,x25,x5			// h+=X[i]
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x26,x27			// a^b, b^c in next round
-	eor	x16,x16,x8,ror#18	// Sigma1(e)
-	ror	x8,x26,#28
-	add	x25,x25,x17			// h+=Ch(e,f,g)
-	eor	x17,x26,x26,ror#5
-	add	x25,x25,x16			// h+=Sigma1(e)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	add	x21,x21,x25			// d+=h
-	eor	x28,x28,x27			// Maj(a,b,c)
-	eor	x17,x8,x17,ror#34	// Sigma0(a)
-	add	x25,x25,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	//add	x25,x25,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x6,x6			// 3
-#endif
-	ldp	x7,x8,[x1],#2*8
-	add	x25,x25,x17			// h+=Sigma0(a)
-	ror	x16,x21,#14
-	add	x24,x24,x28			// h+=K[i]
-	eor	x9,x21,x21,ror#23
-	and	x17,x22,x21
-	bic	x28,x23,x21
-	add	x24,x24,x6			// h+=X[i]
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x25,x26			// a^b, b^c in next round
-	eor	x16,x16,x9,ror#18	// Sigma1(e)
-	ror	x9,x25,#28
-	add	x24,x24,x17			// h+=Ch(e,f,g)
-	eor	x17,x25,x25,ror#5
-	add	x24,x24,x16			// h+=Sigma1(e)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	add	x20,x20,x24			// d+=h
-	eor	x19,x19,x26			// Maj(a,b,c)
-	eor	x17,x9,x17,ror#34	// Sigma0(a)
-	add	x24,x24,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	//add	x24,x24,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x7,x7			// 4
-#endif
-	add	x24,x24,x17			// h+=Sigma0(a)
-	ror	x16,x20,#14
-	add	x23,x23,x19			// h+=K[i]
-	eor	x10,x20,x20,ror#23
-	and	x17,x21,x20
-	bic	x19,x22,x20
-	add	x23,x23,x7			// h+=X[i]
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x24,x25			// a^b, b^c in next round
-	eor	x16,x16,x10,ror#18	// Sigma1(e)
-	ror	x10,x24,#28
-	add	x23,x23,x17			// h+=Ch(e,f,g)
-	eor	x17,x24,x24,ror#5
-	add	x23,x23,x16			// h+=Sigma1(e)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	add	x27,x27,x23			// d+=h
-	eor	x28,x28,x25			// Maj(a,b,c)
-	eor	x17,x10,x17,ror#34	// Sigma0(a)
-	add	x23,x23,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	//add	x23,x23,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x8,x8			// 5
-#endif
-	ldp	x9,x10,[x1],#2*8
-	add	x23,x23,x17			// h+=Sigma0(a)
-	ror	x16,x27,#14
-	add	x22,x22,x28			// h+=K[i]
-	eor	x11,x27,x27,ror#23
-	and	x17,x20,x27
-	bic	x28,x21,x27
-	add	x22,x22,x8			// h+=X[i]
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x23,x24			// a^b, b^c in next round
-	eor	x16,x16,x11,ror#18	// Sigma1(e)
-	ror	x11,x23,#28
-	add	x22,x22,x17			// h+=Ch(e,f,g)
-	eor	x17,x23,x23,ror#5
-	add	x22,x22,x16			// h+=Sigma1(e)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	add	x26,x26,x22			// d+=h
-	eor	x19,x19,x24			// Maj(a,b,c)
-	eor	x17,x11,x17,ror#34	// Sigma0(a)
-	add	x22,x22,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	//add	x22,x22,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x9,x9			// 6
-#endif
-	add	x22,x22,x17			// h+=Sigma0(a)
-	ror	x16,x26,#14
-	add	x21,x21,x19			// h+=K[i]
-	eor	x12,x26,x26,ror#23
-	and	x17,x27,x26
-	bic	x19,x20,x26
-	add	x21,x21,x9			// h+=X[i]
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x22,x23			// a^b, b^c in next round
-	eor	x16,x16,x12,ror#18	// Sigma1(e)
-	ror	x12,x22,#28
-	add	x21,x21,x17			// h+=Ch(e,f,g)
-	eor	x17,x22,x22,ror#5
-	add	x21,x21,x16			// h+=Sigma1(e)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	add	x25,x25,x21			// d+=h
-	eor	x28,x28,x23			// Maj(a,b,c)
-	eor	x17,x12,x17,ror#34	// Sigma0(a)
-	add	x21,x21,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	//add	x21,x21,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x10,x10			// 7
-#endif
-	ldp	x11,x12,[x1],#2*8
-	add	x21,x21,x17			// h+=Sigma0(a)
-	ror	x16,x25,#14
-	add	x20,x20,x28			// h+=K[i]
-	eor	x13,x25,x25,ror#23
-	and	x17,x26,x25
-	bic	x28,x27,x25
-	add	x20,x20,x10			// h+=X[i]
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x21,x22			// a^b, b^c in next round
-	eor	x16,x16,x13,ror#18	// Sigma1(e)
-	ror	x13,x21,#28
-	add	x20,x20,x17			// h+=Ch(e,f,g)
-	eor	x17,x21,x21,ror#5
-	add	x20,x20,x16			// h+=Sigma1(e)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	add	x24,x24,x20			// d+=h
-	eor	x19,x19,x22			// Maj(a,b,c)
-	eor	x17,x13,x17,ror#34	// Sigma0(a)
-	add	x20,x20,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	//add	x20,x20,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x11,x11			// 8
-#endif
-	add	x20,x20,x17			// h+=Sigma0(a)
-	ror	x16,x24,#14
-	add	x27,x27,x19			// h+=K[i]
-	eor	x14,x24,x24,ror#23
-	and	x17,x25,x24
-	bic	x19,x26,x24
-	add	x27,x27,x11			// h+=X[i]
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x20,x21			// a^b, b^c in next round
-	eor	x16,x16,x14,ror#18	// Sigma1(e)
-	ror	x14,x20,#28
-	add	x27,x27,x17			// h+=Ch(e,f,g)
-	eor	x17,x20,x20,ror#5
-	add	x27,x27,x16			// h+=Sigma1(e)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	add	x23,x23,x27			// d+=h
-	eor	x28,x28,x21			// Maj(a,b,c)
-	eor	x17,x14,x17,ror#34	// Sigma0(a)
-	add	x27,x27,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	//add	x27,x27,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x12,x12			// 9
-#endif
-	ldp	x13,x14,[x1],#2*8
-	add	x27,x27,x17			// h+=Sigma0(a)
-	ror	x16,x23,#14
-	add	x26,x26,x28			// h+=K[i]
-	eor	x15,x23,x23,ror#23
-	and	x17,x24,x23
-	bic	x28,x25,x23
-	add	x26,x26,x12			// h+=X[i]
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x27,x20			// a^b, b^c in next round
-	eor	x16,x16,x15,ror#18	// Sigma1(e)
-	ror	x15,x27,#28
-	add	x26,x26,x17			// h+=Ch(e,f,g)
-	eor	x17,x27,x27,ror#5
-	add	x26,x26,x16			// h+=Sigma1(e)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	add	x22,x22,x26			// d+=h
-	eor	x19,x19,x20			// Maj(a,b,c)
-	eor	x17,x15,x17,ror#34	// Sigma0(a)
-	add	x26,x26,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	//add	x26,x26,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x13,x13			// 10
-#endif
-	add	x26,x26,x17			// h+=Sigma0(a)
-	ror	x16,x22,#14
-	add	x25,x25,x19			// h+=K[i]
-	eor	x0,x22,x22,ror#23
-	and	x17,x23,x22
-	bic	x19,x24,x22
-	add	x25,x25,x13			// h+=X[i]
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x26,x27			// a^b, b^c in next round
-	eor	x16,x16,x0,ror#18	// Sigma1(e)
-	ror	x0,x26,#28
-	add	x25,x25,x17			// h+=Ch(e,f,g)
-	eor	x17,x26,x26,ror#5
-	add	x25,x25,x16			// h+=Sigma1(e)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	add	x21,x21,x25			// d+=h
-	eor	x28,x28,x27			// Maj(a,b,c)
-	eor	x17,x0,x17,ror#34	// Sigma0(a)
-	add	x25,x25,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	//add	x25,x25,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x14,x14			// 11
-#endif
-	ldp	x15,x0,[x1],#2*8
-	add	x25,x25,x17			// h+=Sigma0(a)
-	str	x6,[sp,#24]
-	ror	x16,x21,#14
-	add	x24,x24,x28			// h+=K[i]
-	eor	x6,x21,x21,ror#23
-	and	x17,x22,x21
-	bic	x28,x23,x21
-	add	x24,x24,x14			// h+=X[i]
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x25,x26			// a^b, b^c in next round
-	eor	x16,x16,x6,ror#18	// Sigma1(e)
-	ror	x6,x25,#28
-	add	x24,x24,x17			// h+=Ch(e,f,g)
-	eor	x17,x25,x25,ror#5
-	add	x24,x24,x16			// h+=Sigma1(e)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	add	x20,x20,x24			// d+=h
-	eor	x19,x19,x26			// Maj(a,b,c)
-	eor	x17,x6,x17,ror#34	// Sigma0(a)
-	add	x24,x24,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	//add	x24,x24,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x15,x15			// 12
-#endif
-	add	x24,x24,x17			// h+=Sigma0(a)
-	str	x7,[sp,#0]
-	ror	x16,x20,#14
-	add	x23,x23,x19			// h+=K[i]
-	eor	x7,x20,x20,ror#23
-	and	x17,x21,x20
-	bic	x19,x22,x20
-	add	x23,x23,x15			// h+=X[i]
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x24,x25			// a^b, b^c in next round
-	eor	x16,x16,x7,ror#18	// Sigma1(e)
-	ror	x7,x24,#28
-	add	x23,x23,x17			// h+=Ch(e,f,g)
-	eor	x17,x24,x24,ror#5
-	add	x23,x23,x16			// h+=Sigma1(e)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	add	x27,x27,x23			// d+=h
-	eor	x28,x28,x25			// Maj(a,b,c)
-	eor	x17,x7,x17,ror#34	// Sigma0(a)
-	add	x23,x23,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	//add	x23,x23,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x0,x0			// 13
-#endif
-	ldp	x1,x2,[x1]
-	add	x23,x23,x17			// h+=Sigma0(a)
-	str	x8,[sp,#8]
-	ror	x16,x27,#14
-	add	x22,x22,x28			// h+=K[i]
-	eor	x8,x27,x27,ror#23
-	and	x17,x20,x27
-	bic	x28,x21,x27
-	add	x22,x22,x0			// h+=X[i]
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x23,x24			// a^b, b^c in next round
-	eor	x16,x16,x8,ror#18	// Sigma1(e)
-	ror	x8,x23,#28
-	add	x22,x22,x17			// h+=Ch(e,f,g)
-	eor	x17,x23,x23,ror#5
-	add	x22,x22,x16			// h+=Sigma1(e)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	add	x26,x26,x22			// d+=h
-	eor	x19,x19,x24			// Maj(a,b,c)
-	eor	x17,x8,x17,ror#34	// Sigma0(a)
-	add	x22,x22,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	//add	x22,x22,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x1,x1			// 14
-#endif
-	ldr	x6,[sp,#24]
-	add	x22,x22,x17			// h+=Sigma0(a)
-	str	x9,[sp,#16]
-	ror	x16,x26,#14
-	add	x21,x21,x19			// h+=K[i]
-	eor	x9,x26,x26,ror#23
-	and	x17,x27,x26
-	bic	x19,x20,x26
-	add	x21,x21,x1			// h+=X[i]
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x22,x23			// a^b, b^c in next round
-	eor	x16,x16,x9,ror#18	// Sigma1(e)
-	ror	x9,x22,#28
-	add	x21,x21,x17			// h+=Ch(e,f,g)
-	eor	x17,x22,x22,ror#5
-	add	x21,x21,x16			// h+=Sigma1(e)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	add	x25,x25,x21			// d+=h
-	eor	x28,x28,x23			// Maj(a,b,c)
-	eor	x17,x9,x17,ror#34	// Sigma0(a)
-	add	x21,x21,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	//add	x21,x21,x17			// h+=Sigma0(a)
-#ifndef	__ARMEB__
-	rev	x2,x2			// 15
-#endif
-	ldr	x7,[sp,#0]
-	add	x21,x21,x17			// h+=Sigma0(a)
-	str	x10,[sp,#24]
-	ror	x16,x25,#14
-	add	x20,x20,x28			// h+=K[i]
-	ror	x9,x4,#1
-	and	x17,x26,x25
-	ror	x8,x1,#19
-	bic	x28,x27,x25
-	ror	x10,x21,#28
-	add	x20,x20,x2			// h+=X[i]
-	eor	x16,x16,x25,ror#18
-	eor	x9,x9,x4,ror#8
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x21,x22			// a^b, b^c in next round
-	eor	x16,x16,x25,ror#41	// Sigma1(e)
-	eor	x10,x10,x21,ror#34
-	add	x20,x20,x17			// h+=Ch(e,f,g)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	eor	x8,x8,x1,ror#61
-	eor	x9,x9,x4,lsr#7	// sigma0(X[i+1])
-	add	x20,x20,x16			// h+=Sigma1(e)
-	eor	x19,x19,x22			// Maj(a,b,c)
-	eor	x17,x10,x21,ror#39	// Sigma0(a)
-	eor	x8,x8,x1,lsr#6	// sigma1(X[i+14])
-	add	x3,x3,x12
-	add	x24,x24,x20			// d+=h
-	add	x20,x20,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	add	x3,x3,x9
-	add	x20,x20,x17			// h+=Sigma0(a)
-	add	x3,x3,x8
-.Loop_16_xx:
-	ldr	x8,[sp,#8]
-	str	x11,[sp,#0]
-	ror	x16,x24,#14
-	add	x27,x27,x19			// h+=K[i]
-	ror	x10,x5,#1
-	and	x17,x25,x24
-	ror	x9,x2,#19
-	bic	x19,x26,x24
-	ror	x11,x20,#28
-	add	x27,x27,x3			// h+=X[i]
-	eor	x16,x16,x24,ror#18
-	eor	x10,x10,x5,ror#8
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x20,x21			// a^b, b^c in next round
-	eor	x16,x16,x24,ror#41	// Sigma1(e)
-	eor	x11,x11,x20,ror#34
-	add	x27,x27,x17			// h+=Ch(e,f,g)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	eor	x9,x9,x2,ror#61
-	eor	x10,x10,x5,lsr#7	// sigma0(X[i+1])
-	add	x27,x27,x16			// h+=Sigma1(e)
-	eor	x28,x28,x21			// Maj(a,b,c)
-	eor	x17,x11,x20,ror#39	// Sigma0(a)
-	eor	x9,x9,x2,lsr#6	// sigma1(X[i+14])
-	add	x4,x4,x13
-	add	x23,x23,x27			// d+=h
-	add	x27,x27,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	add	x4,x4,x10
-	add	x27,x27,x17			// h+=Sigma0(a)
-	add	x4,x4,x9
-	ldr	x9,[sp,#16]
-	str	x12,[sp,#8]
-	ror	x16,x23,#14
-	add	x26,x26,x28			// h+=K[i]
-	ror	x11,x6,#1
-	and	x17,x24,x23
-	ror	x10,x3,#19
-	bic	x28,x25,x23
-	ror	x12,x27,#28
-	add	x26,x26,x4			// h+=X[i]
-	eor	x16,x16,x23,ror#18
-	eor	x11,x11,x6,ror#8
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x27,x20			// a^b, b^c in next round
-	eor	x16,x16,x23,ror#41	// Sigma1(e)
-	eor	x12,x12,x27,ror#34
-	add	x26,x26,x17			// h+=Ch(e,f,g)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	eor	x10,x10,x3,ror#61
-	eor	x11,x11,x6,lsr#7	// sigma0(X[i+1])
-	add	x26,x26,x16			// h+=Sigma1(e)
-	eor	x19,x19,x20			// Maj(a,b,c)
-	eor	x17,x12,x27,ror#39	// Sigma0(a)
-	eor	x10,x10,x3,lsr#6	// sigma1(X[i+14])
-	add	x5,x5,x14
-	add	x22,x22,x26			// d+=h
-	add	x26,x26,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	add	x5,x5,x11
-	add	x26,x26,x17			// h+=Sigma0(a)
-	add	x5,x5,x10
-	ldr	x10,[sp,#24]
-	str	x13,[sp,#16]
-	ror	x16,x22,#14
-	add	x25,x25,x19			// h+=K[i]
-	ror	x12,x7,#1
-	and	x17,x23,x22
-	ror	x11,x4,#19
-	bic	x19,x24,x22
-	ror	x13,x26,#28
-	add	x25,x25,x5			// h+=X[i]
-	eor	x16,x16,x22,ror#18
-	eor	x12,x12,x7,ror#8
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x26,x27			// a^b, b^c in next round
-	eor	x16,x16,x22,ror#41	// Sigma1(e)
-	eor	x13,x13,x26,ror#34
-	add	x25,x25,x17			// h+=Ch(e,f,g)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	eor	x11,x11,x4,ror#61
-	eor	x12,x12,x7,lsr#7	// sigma0(X[i+1])
-	add	x25,x25,x16			// h+=Sigma1(e)
-	eor	x28,x28,x27			// Maj(a,b,c)
-	eor	x17,x13,x26,ror#39	// Sigma0(a)
-	eor	x11,x11,x4,lsr#6	// sigma1(X[i+14])
-	add	x6,x6,x15
-	add	x21,x21,x25			// d+=h
-	add	x25,x25,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	add	x6,x6,x12
-	add	x25,x25,x17			// h+=Sigma0(a)
-	add	x6,x6,x11
-	ldr	x11,[sp,#0]
-	str	x14,[sp,#24]
-	ror	x16,x21,#14
-	add	x24,x24,x28			// h+=K[i]
-	ror	x13,x8,#1
-	and	x17,x22,x21
-	ror	x12,x5,#19
-	bic	x28,x23,x21
-	ror	x14,x25,#28
-	add	x24,x24,x6			// h+=X[i]
-	eor	x16,x16,x21,ror#18
-	eor	x13,x13,x8,ror#8
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x25,x26			// a^b, b^c in next round
-	eor	x16,x16,x21,ror#41	// Sigma1(e)
-	eor	x14,x14,x25,ror#34
-	add	x24,x24,x17			// h+=Ch(e,f,g)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	eor	x12,x12,x5,ror#61
-	eor	x13,x13,x8,lsr#7	// sigma0(X[i+1])
-	add	x24,x24,x16			// h+=Sigma1(e)
-	eor	x19,x19,x26			// Maj(a,b,c)
-	eor	x17,x14,x25,ror#39	// Sigma0(a)
-	eor	x12,x12,x5,lsr#6	// sigma1(X[i+14])
-	add	x7,x7,x0
-	add	x20,x20,x24			// d+=h
-	add	x24,x24,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	add	x7,x7,x13
-	add	x24,x24,x17			// h+=Sigma0(a)
-	add	x7,x7,x12
-	ldr	x12,[sp,#8]
-	str	x15,[sp,#0]
-	ror	x16,x20,#14
-	add	x23,x23,x19			// h+=K[i]
-	ror	x14,x9,#1
-	and	x17,x21,x20
-	ror	x13,x6,#19
-	bic	x19,x22,x20
-	ror	x15,x24,#28
-	add	x23,x23,x7			// h+=X[i]
-	eor	x16,x16,x20,ror#18
-	eor	x14,x14,x9,ror#8
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x24,x25			// a^b, b^c in next round
-	eor	x16,x16,x20,ror#41	// Sigma1(e)
-	eor	x15,x15,x24,ror#34
-	add	x23,x23,x17			// h+=Ch(e,f,g)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	eor	x13,x13,x6,ror#61
-	eor	x14,x14,x9,lsr#7	// sigma0(X[i+1])
-	add	x23,x23,x16			// h+=Sigma1(e)
-	eor	x28,x28,x25			// Maj(a,b,c)
-	eor	x17,x15,x24,ror#39	// Sigma0(a)
-	eor	x13,x13,x6,lsr#6	// sigma1(X[i+14])
-	add	x8,x8,x1
-	add	x27,x27,x23			// d+=h
-	add	x23,x23,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	add	x8,x8,x14
-	add	x23,x23,x17			// h+=Sigma0(a)
-	add	x8,x8,x13
-	ldr	x13,[sp,#16]
-	str	x0,[sp,#8]
-	ror	x16,x27,#14
-	add	x22,x22,x28			// h+=K[i]
-	ror	x15,x10,#1
-	and	x17,x20,x27
-	ror	x14,x7,#19
-	bic	x28,x21,x27
-	ror	x0,x23,#28
-	add	x22,x22,x8			// h+=X[i]
-	eor	x16,x16,x27,ror#18
-	eor	x15,x15,x10,ror#8
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x23,x24			// a^b, b^c in next round
-	eor	x16,x16,x27,ror#41	// Sigma1(e)
-	eor	x0,x0,x23,ror#34
-	add	x22,x22,x17			// h+=Ch(e,f,g)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	eor	x14,x14,x7,ror#61
-	eor	x15,x15,x10,lsr#7	// sigma0(X[i+1])
-	add	x22,x22,x16			// h+=Sigma1(e)
-	eor	x19,x19,x24			// Maj(a,b,c)
-	eor	x17,x0,x23,ror#39	// Sigma0(a)
-	eor	x14,x14,x7,lsr#6	// sigma1(X[i+14])
-	add	x9,x9,x2
-	add	x26,x26,x22			// d+=h
-	add	x22,x22,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	add	x9,x9,x15
-	add	x22,x22,x17			// h+=Sigma0(a)
-	add	x9,x9,x14
-	ldr	x14,[sp,#24]
-	str	x1,[sp,#16]
-	ror	x16,x26,#14
-	add	x21,x21,x19			// h+=K[i]
-	ror	x0,x11,#1
-	and	x17,x27,x26
-	ror	x15,x8,#19
-	bic	x19,x20,x26
-	ror	x1,x22,#28
-	add	x21,x21,x9			// h+=X[i]
-	eor	x16,x16,x26,ror#18
-	eor	x0,x0,x11,ror#8
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x22,x23			// a^b, b^c in next round
-	eor	x16,x16,x26,ror#41	// Sigma1(e)
-	eor	x1,x1,x22,ror#34
-	add	x21,x21,x17			// h+=Ch(e,f,g)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	eor	x15,x15,x8,ror#61
-	eor	x0,x0,x11,lsr#7	// sigma0(X[i+1])
-	add	x21,x21,x16			// h+=Sigma1(e)
-	eor	x28,x28,x23			// Maj(a,b,c)
-	eor	x17,x1,x22,ror#39	// Sigma0(a)
-	eor	x15,x15,x8,lsr#6	// sigma1(X[i+14])
-	add	x10,x10,x3
-	add	x25,x25,x21			// d+=h
-	add	x21,x21,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	add	x10,x10,x0
-	add	x21,x21,x17			// h+=Sigma0(a)
-	add	x10,x10,x15
-	ldr	x15,[sp,#0]
-	str	x2,[sp,#24]
-	ror	x16,x25,#14
-	add	x20,x20,x28			// h+=K[i]
-	ror	x1,x12,#1
-	and	x17,x26,x25
-	ror	x0,x9,#19
-	bic	x28,x27,x25
-	ror	x2,x21,#28
-	add	x20,x20,x10			// h+=X[i]
-	eor	x16,x16,x25,ror#18
-	eor	x1,x1,x12,ror#8
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x21,x22			// a^b, b^c in next round
-	eor	x16,x16,x25,ror#41	// Sigma1(e)
-	eor	x2,x2,x21,ror#34
-	add	x20,x20,x17			// h+=Ch(e,f,g)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	eor	x0,x0,x9,ror#61
-	eor	x1,x1,x12,lsr#7	// sigma0(X[i+1])
-	add	x20,x20,x16			// h+=Sigma1(e)
-	eor	x19,x19,x22			// Maj(a,b,c)
-	eor	x17,x2,x21,ror#39	// Sigma0(a)
-	eor	x0,x0,x9,lsr#6	// sigma1(X[i+14])
-	add	x11,x11,x4
-	add	x24,x24,x20			// d+=h
-	add	x20,x20,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	add	x11,x11,x1
-	add	x20,x20,x17			// h+=Sigma0(a)
-	add	x11,x11,x0
-	ldr	x0,[sp,#8]
-	str	x3,[sp,#0]
-	ror	x16,x24,#14
-	add	x27,x27,x19			// h+=K[i]
-	ror	x2,x13,#1
-	and	x17,x25,x24
-	ror	x1,x10,#19
-	bic	x19,x26,x24
-	ror	x3,x20,#28
-	add	x27,x27,x11			// h+=X[i]
-	eor	x16,x16,x24,ror#18
-	eor	x2,x2,x13,ror#8
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x20,x21			// a^b, b^c in next round
-	eor	x16,x16,x24,ror#41	// Sigma1(e)
-	eor	x3,x3,x20,ror#34
-	add	x27,x27,x17			// h+=Ch(e,f,g)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	eor	x1,x1,x10,ror#61
-	eor	x2,x2,x13,lsr#7	// sigma0(X[i+1])
-	add	x27,x27,x16			// h+=Sigma1(e)
-	eor	x28,x28,x21			// Maj(a,b,c)
-	eor	x17,x3,x20,ror#39	// Sigma0(a)
-	eor	x1,x1,x10,lsr#6	// sigma1(X[i+14])
-	add	x12,x12,x5
-	add	x23,x23,x27			// d+=h
-	add	x27,x27,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	add	x12,x12,x2
-	add	x27,x27,x17			// h+=Sigma0(a)
-	add	x12,x12,x1
-	ldr	x1,[sp,#16]
-	str	x4,[sp,#8]
-	ror	x16,x23,#14
-	add	x26,x26,x28			// h+=K[i]
-	ror	x3,x14,#1
-	and	x17,x24,x23
-	ror	x2,x11,#19
-	bic	x28,x25,x23
-	ror	x4,x27,#28
-	add	x26,x26,x12			// h+=X[i]
-	eor	x16,x16,x23,ror#18
-	eor	x3,x3,x14,ror#8
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x27,x20			// a^b, b^c in next round
-	eor	x16,x16,x23,ror#41	// Sigma1(e)
-	eor	x4,x4,x27,ror#34
-	add	x26,x26,x17			// h+=Ch(e,f,g)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	eor	x2,x2,x11,ror#61
-	eor	x3,x3,x14,lsr#7	// sigma0(X[i+1])
-	add	x26,x26,x16			// h+=Sigma1(e)
-	eor	x19,x19,x20			// Maj(a,b,c)
-	eor	x17,x4,x27,ror#39	// Sigma0(a)
-	eor	x2,x2,x11,lsr#6	// sigma1(X[i+14])
-	add	x13,x13,x6
-	add	x22,x22,x26			// d+=h
-	add	x26,x26,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	add	x13,x13,x3
-	add	x26,x26,x17			// h+=Sigma0(a)
-	add	x13,x13,x2
-	ldr	x2,[sp,#24]
-	str	x5,[sp,#16]
-	ror	x16,x22,#14
-	add	x25,x25,x19			// h+=K[i]
-	ror	x4,x15,#1
-	and	x17,x23,x22
-	ror	x3,x12,#19
-	bic	x19,x24,x22
-	ror	x5,x26,#28
-	add	x25,x25,x13			// h+=X[i]
-	eor	x16,x16,x22,ror#18
-	eor	x4,x4,x15,ror#8
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x26,x27			// a^b, b^c in next round
-	eor	x16,x16,x22,ror#41	// Sigma1(e)
-	eor	x5,x5,x26,ror#34
-	add	x25,x25,x17			// h+=Ch(e,f,g)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	eor	x3,x3,x12,ror#61
-	eor	x4,x4,x15,lsr#7	// sigma0(X[i+1])
-	add	x25,x25,x16			// h+=Sigma1(e)
-	eor	x28,x28,x27			// Maj(a,b,c)
-	eor	x17,x5,x26,ror#39	// Sigma0(a)
-	eor	x3,x3,x12,lsr#6	// sigma1(X[i+14])
-	add	x14,x14,x7
-	add	x21,x21,x25			// d+=h
-	add	x25,x25,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	add	x14,x14,x4
-	add	x25,x25,x17			// h+=Sigma0(a)
-	add	x14,x14,x3
-	ldr	x3,[sp,#0]
-	str	x6,[sp,#24]
-	ror	x16,x21,#14
-	add	x24,x24,x28			// h+=K[i]
-	ror	x5,x0,#1
-	and	x17,x22,x21
-	ror	x4,x13,#19
-	bic	x28,x23,x21
-	ror	x6,x25,#28
-	add	x24,x24,x14			// h+=X[i]
-	eor	x16,x16,x21,ror#18
-	eor	x5,x5,x0,ror#8
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x25,x26			// a^b, b^c in next round
-	eor	x16,x16,x21,ror#41	// Sigma1(e)
-	eor	x6,x6,x25,ror#34
-	add	x24,x24,x17			// h+=Ch(e,f,g)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	eor	x4,x4,x13,ror#61
-	eor	x5,x5,x0,lsr#7	// sigma0(X[i+1])
-	add	x24,x24,x16			// h+=Sigma1(e)
-	eor	x19,x19,x26			// Maj(a,b,c)
-	eor	x17,x6,x25,ror#39	// Sigma0(a)
-	eor	x4,x4,x13,lsr#6	// sigma1(X[i+14])
-	add	x15,x15,x8
-	add	x20,x20,x24			// d+=h
-	add	x24,x24,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	add	x15,x15,x5
-	add	x24,x24,x17			// h+=Sigma0(a)
-	add	x15,x15,x4
-	ldr	x4,[sp,#8]
-	str	x7,[sp,#0]
-	ror	x16,x20,#14
-	add	x23,x23,x19			// h+=K[i]
-	ror	x6,x1,#1
-	and	x17,x21,x20
-	ror	x5,x14,#19
-	bic	x19,x22,x20
-	ror	x7,x24,#28
-	add	x23,x23,x15			// h+=X[i]
-	eor	x16,x16,x20,ror#18
-	eor	x6,x6,x1,ror#8
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x24,x25			// a^b, b^c in next round
-	eor	x16,x16,x20,ror#41	// Sigma1(e)
-	eor	x7,x7,x24,ror#34
-	add	x23,x23,x17			// h+=Ch(e,f,g)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	eor	x5,x5,x14,ror#61
-	eor	x6,x6,x1,lsr#7	// sigma0(X[i+1])
-	add	x23,x23,x16			// h+=Sigma1(e)
-	eor	x28,x28,x25			// Maj(a,b,c)
-	eor	x17,x7,x24,ror#39	// Sigma0(a)
-	eor	x5,x5,x14,lsr#6	// sigma1(X[i+14])
-	add	x0,x0,x9
-	add	x27,x27,x23			// d+=h
-	add	x23,x23,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	add	x0,x0,x6
-	add	x23,x23,x17			// h+=Sigma0(a)
-	add	x0,x0,x5
-	ldr	x5,[sp,#16]
-	str	x8,[sp,#8]
-	ror	x16,x27,#14
-	add	x22,x22,x28			// h+=K[i]
-	ror	x7,x2,#1
-	and	x17,x20,x27
-	ror	x6,x15,#19
-	bic	x28,x21,x27
-	ror	x8,x23,#28
-	add	x22,x22,x0			// h+=X[i]
-	eor	x16,x16,x27,ror#18
-	eor	x7,x7,x2,ror#8
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x23,x24			// a^b, b^c in next round
-	eor	x16,x16,x27,ror#41	// Sigma1(e)
-	eor	x8,x8,x23,ror#34
-	add	x22,x22,x17			// h+=Ch(e,f,g)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	eor	x6,x6,x15,ror#61
-	eor	x7,x7,x2,lsr#7	// sigma0(X[i+1])
-	add	x22,x22,x16			// h+=Sigma1(e)
-	eor	x19,x19,x24			// Maj(a,b,c)
-	eor	x17,x8,x23,ror#39	// Sigma0(a)
-	eor	x6,x6,x15,lsr#6	// sigma1(X[i+14])
-	add	x1,x1,x10
-	add	x26,x26,x22			// d+=h
-	add	x22,x22,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	add	x1,x1,x7
-	add	x22,x22,x17			// h+=Sigma0(a)
-	add	x1,x1,x6
-	ldr	x6,[sp,#24]
-	str	x9,[sp,#16]
-	ror	x16,x26,#14
-	add	x21,x21,x19			// h+=K[i]
-	ror	x8,x3,#1
-	and	x17,x27,x26
-	ror	x7,x0,#19
-	bic	x19,x20,x26
-	ror	x9,x22,#28
-	add	x21,x21,x1			// h+=X[i]
-	eor	x16,x16,x26,ror#18
-	eor	x8,x8,x3,ror#8
-	orr	x17,x17,x19			// Ch(e,f,g)
-	eor	x19,x22,x23			// a^b, b^c in next round
-	eor	x16,x16,x26,ror#41	// Sigma1(e)
-	eor	x9,x9,x22,ror#34
-	add	x21,x21,x17			// h+=Ch(e,f,g)
-	and	x28,x28,x19			// (b^c)&=(a^b)
-	eor	x7,x7,x0,ror#61
-	eor	x8,x8,x3,lsr#7	// sigma0(X[i+1])
-	add	x21,x21,x16			// h+=Sigma1(e)
-	eor	x28,x28,x23			// Maj(a,b,c)
-	eor	x17,x9,x22,ror#39	// Sigma0(a)
-	eor	x7,x7,x0,lsr#6	// sigma1(X[i+14])
-	add	x2,x2,x11
-	add	x25,x25,x21			// d+=h
-	add	x21,x21,x28			// h+=Maj(a,b,c)
-	ldr	x28,[x30],#8		// *K++, x19 in next round
-	add	x2,x2,x8
-	add	x21,x21,x17			// h+=Sigma0(a)
-	add	x2,x2,x7
-	ldr	x7,[sp,#0]
-	str	x10,[sp,#24]
-	ror	x16,x25,#14
-	add	x20,x20,x28			// h+=K[i]
-	ror	x9,x4,#1
-	and	x17,x26,x25
-	ror	x8,x1,#19
-	bic	x28,x27,x25
-	ror	x10,x21,#28
-	add	x20,x20,x2			// h+=X[i]
-	eor	x16,x16,x25,ror#18
-	eor	x9,x9,x4,ror#8
-	orr	x17,x17,x28			// Ch(e,f,g)
-	eor	x28,x21,x22			// a^b, b^c in next round
-	eor	x16,x16,x25,ror#41	// Sigma1(e)
-	eor	x10,x10,x21,ror#34
-	add	x20,x20,x17			// h+=Ch(e,f,g)
-	and	x19,x19,x28			// (b^c)&=(a^b)
-	eor	x8,x8,x1,ror#61
-	eor	x9,x9,x4,lsr#7	// sigma0(X[i+1])
-	add	x20,x20,x16			// h+=Sigma1(e)
-	eor	x19,x19,x22			// Maj(a,b,c)
-	eor	x17,x10,x21,ror#39	// Sigma0(a)
-	eor	x8,x8,x1,lsr#6	// sigma1(X[i+14])
-	add	x3,x3,x12
-	add	x24,x24,x20			// d+=h
-	add	x20,x20,x19			// h+=Maj(a,b,c)
-	ldr	x19,[x30],#8		// *K++, x28 in next round
-	add	x3,x3,x9
-	add	x20,x20,x17			// h+=Sigma0(a)
-	add	x3,x3,x8
-	cbnz	x19,.Loop_16_xx
-
-	ldp	x0,x2,[x29,#96]
-	ldr	x1,[x29,#112]
-	sub	x30,x30,#648		// rewind
-
-	ldp	x3,x4,[x0]
-	ldp	x5,x6,[x0,#2*8]
-	add	x1,x1,#14*8			// advance input pointer
-	ldp	x7,x8,[x0,#4*8]
-	add	x20,x20,x3
-	ldp	x9,x10,[x0,#6*8]
-	add	x21,x21,x4
-	add	x22,x22,x5
-	add	x23,x23,x6
-	stp	x20,x21,[x0]
-	add	x24,x24,x7
-	add	x25,x25,x8
-	stp	x22,x23,[x0,#2*8]
-	add	x26,x26,x9
-	add	x27,x27,x10
-	cmp	x1,x2
-	stp	x24,x25,[x0,#4*8]
-	stp	x26,x27,[x0,#6*8]
-	b.ne	.Loop
-
-	ldp	x19,x20,[x29,#16]
-	add	sp,sp,#4*8
-	ldp	x21,x22,[x29,#32]
-	ldp	x23,x24,[x29,#48]
-	ldp	x25,x26,[x29,#64]
-	ldp	x27,x28,[x29,#80]
-	ldp	x29,x30,[sp],#128
-	ret
-.size	sha512_block_data_order,.-sha512_block_data_order
-
-.align	6
-.type	K512,%object
-K512:
-	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
-	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
-	.quad	0x3956c25bf348b538,0x59f111f1b605d019
-	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
-	.quad	0xd807aa98a3030242,0x12835b0145706fbe
-	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
-	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
-	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
-	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
-	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
-	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
-	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
-	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
-	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
-	.quad	0x06ca6351e003826f,0x142929670a0e6e70
-	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
-	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
-	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
-	.quad	0x81c2c92e47edaee6,0x92722c851482353b
-	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
-	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
-	.quad	0xd192e819d6ef5218,0xd69906245565a910
-	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
-	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
-	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
-	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
-	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
-	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
-	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
-	.quad	0x90befffa23631e28,0xa4506cebde82bde9
-	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
-	.quad	0xca273eceea26619c,0xd186b8c721c0c207
-	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
-	.quad	0x113f9804bef90dae,0x1b710b35131c471b
-	.quad	0x28db77f523047d84,0x32caab7b40c72493
-	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
-	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
-	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
-	.quad	0	// terminator
-.size	K512,.-K512
-.align	3
-.LOPENSSL_armcap_P:
-	.quad	OPENSSL_armcap_P-.
-.asciz	"SHA512 block transform for ARMv8, CRYPTOGAMS by <appro@openssl.org>"
-.align	2
-.comm	OPENSSL_armcap_P,4,4
diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl
deleted file mode 100644
index 6935ed6521..0000000000
--- a/crypto/sha/asm/sha512-armv8.pl
+++ /dev/null
@@ -1,414 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# SHA256/512 for ARMv8.
-#
-# Performance in cycles per processed byte and improvement coefficient
-# over code generated with "default" compiler:
-#
-#		SHA256-hw	SHA256(*)	SHA512
-# Apple A7	1.97		10.5 (+33%)	6.73 (-1%(**))
-# Cortex-A5x	n/a		n/a		n/a
-# 
-# (*)	Software SHA256 results are of lesser relevance, presented
-#	mostly for informational purposes.
-# (**)	The result is a trade-off: it's possible to improve it by
-#	10%, but at the cost of 20% loss on Cortex-A5x.
-
-$flavour=shift;
-$output=shift;
-open STDOUT,">$output";
-
-if ($output =~ /512/) {
-	$BITS=512;
-	$SZ=8;
-	@Sigma0=(28,34,39);
-	@Sigma1=(14,18,41);
-	@sigma0=(1,  8, 7);
-	@sigma1=(19,61, 6);
-	$rounds=80;
-	$reg_t="x";
-} else {
-	$BITS=256;
-	$SZ=4;
-	@Sigma0=( 2,13,22);
-	@Sigma1=( 6,11,25);
-	@sigma0=( 7,18, 3);
-	@sigma1=(17,19,10);
-	$rounds=64;
-	$reg_t="w";
-}
-
-$func="sha${BITS}_block_data_order";
-
-($ctx,$inp,$num,$Ktbl)=map("x$_",(0..2,30));
-
-@X=map("$reg_t$_",(3..15,0..2));
-@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("$reg_t$_",(20..27));
-($t0,$t1,$t2,$t3)=map("$reg_t$_",(16,17,19,28));
-
-sub BODY_00_xx {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
-my $j=($i+1)&15;
-my ($T0,$T1,$T2)=(@X[($i-8)&15],@X[($i-9)&15],@X[($i-10)&15]);
-   $T0=@X[$i+3] if ($i<11);
-
-$code.=<<___	if ($i<16);
-#ifndef	__ARMEB__
-	rev	@X[$i],@X[$i]			// $i
-#endif
-___
-$code.=<<___	if ($i<13 && ($i&1));
-	ldp	@X[$i+1],@X[$i+2],[$inp],#2*$SZ
-___
-$code.=<<___	if ($i==13);
-	ldp	@X[14],@X[15],[$inp]
-___
-$code.=<<___	if ($i>=14);
-	ldr	@X[($i-11)&15],[sp,#`$SZ*(($i-11)%4)`]
-___
-$code.=<<___	if ($i>0 && $i<16);
-	add	$a,$a,$t1			// h+=Sigma0(a)
-___
-$code.=<<___	if ($i>=11);
-	str	@X[($i-8)&15],[sp,#`$SZ*(($i-8)%4)`]
-___
-# While ARMv8 specifies merged rotate-n-logical operation such as
-# 'eor x,y,z,ror#n', it was found to negatively affect performance
-# on Apple A7. The reason seems to be that it requires even 'y' to
-# be available earlier. This means that such merged instruction is
-# not necessarily best choice on critical path... On the other hand
-# Cortex-A5x handles merged instructions much better than disjoint
-# rotate and logical... See (**) footnote above.
-$code.=<<___	if ($i<15);
-	ror	$t0,$e,#$Sigma1[0]
-	add	$h,$h,$t2			// h+=K[i]
-	eor	$T0,$e,$e,ror#`$Sigma1[2]-$Sigma1[1]`
-	and	$t1,$f,$e
-	bic	$t2,$g,$e
-	add	$h,$h,@X[$i&15]			// h+=X[i]
-	orr	$t1,$t1,$t2			// Ch(e,f,g)
-	eor	$t2,$a,$b			// a^b, b^c in next round
-	eor	$t0,$t0,$T0,ror#$Sigma1[1]	// Sigma1(e)
-	ror	$T0,$a,#$Sigma0[0]
-	add	$h,$h,$t1			// h+=Ch(e,f,g)
-	eor	$t1,$a,$a,ror#`$Sigma0[2]-$Sigma0[1]`
-	add	$h,$h,$t0			// h+=Sigma1(e)
-	and	$t3,$t3,$t2			// (b^c)&=(a^b)
-	add	$d,$d,$h			// d+=h
-	eor	$t3,$t3,$b			// Maj(a,b,c)
-	eor	$t1,$T0,$t1,ror#$Sigma0[1]	// Sigma0(a)
-	add	$h,$h,$t3			// h+=Maj(a,b,c)
-	ldr	$t3,[$Ktbl],#$SZ		// *K++, $t2 in next round
-	//add	$h,$h,$t1			// h+=Sigma0(a)
-___
-$code.=<<___	if ($i>=15);
-	ror	$t0,$e,#$Sigma1[0]
-	add	$h,$h,$t2			// h+=K[i]
-	ror	$T1,@X[($j+1)&15],#$sigma0[0]
-	and	$t1,$f,$e
-	ror	$T2,@X[($j+14)&15],#$sigma1[0]
-	bic	$t2,$g,$e
-	ror	$T0,$a,#$Sigma0[0]
-	add	$h,$h,@X[$i&15]			// h+=X[i]
-	eor	$t0,$t0,$e,ror#$Sigma1[1]
-	eor	$T1,$T1,@X[($j+1)&15],ror#$sigma0[1]
-	orr	$t1,$t1,$t2			// Ch(e,f,g)
-	eor	$t2,$a,$b			// a^b, b^c in next round
-	eor	$t0,$t0,$e,ror#$Sigma1[2]	// Sigma1(e)
-	eor	$T0,$T0,$a,ror#$Sigma0[1]
-	add	$h,$h,$t1			// h+=Ch(e,f,g)
-	and	$t3,$t3,$t2			// (b^c)&=(a^b)
-	eor	$T2,$T2,@X[($j+14)&15],ror#$sigma1[1]
-	eor	$T1,$T1,@X[($j+1)&15],lsr#$sigma0[2]	// sigma0(X[i+1])
-	add	$h,$h,$t0			// h+=Sigma1(e)
-	eor	$t3,$t3,$b			// Maj(a,b,c)
-	eor	$t1,$T0,$a,ror#$Sigma0[2]	// Sigma0(a)
-	eor	$T2,$T2,@X[($j+14)&15],lsr#$sigma1[2]	// sigma1(X[i+14])
-	add	@X[$j],@X[$j],@X[($j+9)&15]
-	add	$d,$d,$h			// d+=h
-	add	$h,$h,$t3			// h+=Maj(a,b,c)
-	ldr	$t3,[$Ktbl],#$SZ		// *K++, $t2 in next round
-	add	@X[$j],@X[$j],$T1
-	add	$h,$h,$t1			// h+=Sigma0(a)
-	add	@X[$j],@X[$j],$T2
-___
-	($t2,$t3)=($t3,$t2);
-}
-
-$code.=<<___;
-#include "arm_arch.h"
-
-.text
-
-.globl	$func
-.type	$func,%function
-.align	6
-$func:
-___
-$code.=<<___	if ($SZ==4);
-	ldr	x16,.LOPENSSL_armcap_P
-	adr	x17,.LOPENSSL_armcap_P
-	add	x16,x16,x17
-	ldr	w16,[x16]
-	tst	w16,#ARMV8_SHA256
-	b.ne	.Lv8_entry
-___
-$code.=<<___;
-	stp	x29,x30,[sp,#-128]!
-	add	x29,sp,#0
-
-	stp	x19,x20,[sp,#16]
-	stp	x21,x22,[sp,#32]
-	stp	x23,x24,[sp,#48]
-	stp	x25,x26,[sp,#64]
-	stp	x27,x28,[sp,#80]
-	sub	sp,sp,#4*$SZ
-
-	ldp	$A,$B,[$ctx]				// load context
-	ldp	$C,$D,[$ctx,#2*$SZ]
-	ldp	$E,$F,[$ctx,#4*$SZ]
-	add	$num,$inp,$num,lsl#`log(16*$SZ)/log(2)`	// end of input
-	ldp	$G,$H,[$ctx,#6*$SZ]
-	adr	$Ktbl,K$BITS
-	stp	$ctx,$num,[x29,#96]
-
-.Loop:
-	ldp	@X[0],@X[1],[$inp],#2*$SZ
-	ldr	$t2,[$Ktbl],#$SZ			// *K++
-	eor	$t3,$B,$C				// magic seed
-	str	$inp,[x29,#112]
-___
-for ($i=0;$i<16;$i++)	{ &BODY_00_xx($i,@V); unshift(@V,pop(@V)); }
-$code.=".Loop_16_xx:\n";
-for (;$i<32;$i++)	{ &BODY_00_xx($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	cbnz	$t2,.Loop_16_xx
-
-	ldp	$ctx,$num,[x29,#96]
-	ldr	$inp,[x29,#112]
-	sub	$Ktbl,$Ktbl,#`$SZ*($rounds+1)`		// rewind
-
-	ldp	@X[0],@X[1],[$ctx]
-	ldp	@X[2],@X[3],[$ctx,#2*$SZ]
-	add	$inp,$inp,#14*$SZ			// advance input pointer
-	ldp	@X[4],@X[5],[$ctx,#4*$SZ]
-	add	$A,$A,@X[0]
-	ldp	@X[6],@X[7],[$ctx,#6*$SZ]
-	add	$B,$B,@X[1]
-	add	$C,$C,@X[2]
-	add	$D,$D,@X[3]
-	stp	$A,$B,[$ctx]
-	add	$E,$E,@X[4]
-	add	$F,$F,@X[5]
-	stp	$C,$D,[$ctx,#2*$SZ]
-	add	$G,$G,@X[6]
-	add	$H,$H,@X[7]
-	cmp	$inp,$num
-	stp	$E,$F,[$ctx,#4*$SZ]
-	stp	$G,$H,[$ctx,#6*$SZ]
-	b.ne	.Loop
-
-	ldp	x19,x20,[x29,#16]
-	add	sp,sp,#4*$SZ
-	ldp	x21,x22,[x29,#32]
-	ldp	x23,x24,[x29,#48]
-	ldp	x25,x26,[x29,#64]
-	ldp	x27,x28,[x29,#80]
-	ldp	x29,x30,[sp],#128
-	ret
-.size	$func,.-$func
-
-.align	6
-.type	K$BITS,%object
-K$BITS:
-___
-$code.=<<___ if ($SZ==8);
-	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
-	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
-	.quad	0x3956c25bf348b538,0x59f111f1b605d019
-	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
-	.quad	0xd807aa98a3030242,0x12835b0145706fbe
-	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
-	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
-	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
-	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
-	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
-	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
-	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
-	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
-	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
-	.quad	0x06ca6351e003826f,0x142929670a0e6e70
-	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
-	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
-	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
-	.quad	0x81c2c92e47edaee6,0x92722c851482353b
-	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
-	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
-	.quad	0xd192e819d6ef5218,0xd69906245565a910
-	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
-	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
-	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
-	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
-	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
-	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
-	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
-	.quad	0x90befffa23631e28,0xa4506cebde82bde9
-	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
-	.quad	0xca273eceea26619c,0xd186b8c721c0c207
-	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
-	.quad	0x113f9804bef90dae,0x1b710b35131c471b
-	.quad	0x28db77f523047d84,0x32caab7b40c72493
-	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
-	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
-	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
-	.quad	0	// terminator
-___
-$code.=<<___ if ($SZ==4);
-	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
-	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
-	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
-	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
-	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
-	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
-	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
-	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
-	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
-	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
-	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
-	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
-	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
-	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-	.long	0	//terminator
-___
-$code.=<<___;
-.size	K$BITS,.-K$BITS
-.align	3
-.LOPENSSL_armcap_P:
-	.quad	OPENSSL_armcap_P-.
-.asciz	"SHA$BITS block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
-.align	2
-___
-
-if ($SZ==4) {
-my $Ktbl="x3";
-
-my ($ABCD,$EFGH,$abcd)=map("v$_.16b",(0..2));
-my @MSG=map("v$_.16b",(4..7));
-my ($W0,$W1)=("v16.4s","v17.4s");
-my ($ABCD_SAVE,$EFGH_SAVE)=("v18.16b","v19.16b");
-
-$code.=<<___;
-.type	sha256_block_armv8,%function
-.align	6
-sha256_block_armv8:
-.Lv8_entry:
-	stp		x29,x30,[sp,#-16]!
-	add		x29,sp,#0
-
-	ld1.32		{$ABCD,$EFGH},[$ctx]
-	adr		$Ktbl,K256
-
-.Loop_hw:
-	ld1		{@MSG[0]-@MSG[3]},[$inp],#64
-	sub		$num,$num,#1
-	ld1.32		{$W0},[$Ktbl],#16
-	rev32		@MSG[0],@MSG[0]
-	rev32		@MSG[1],@MSG[1]
-	rev32		@MSG[2],@MSG[2]
-	rev32		@MSG[3],@MSG[3]
-	orr		$ABCD_SAVE,$ABCD,$ABCD		// offload
-	orr		$EFGH_SAVE,$EFGH,$EFGH
-___
-for($i=0;$i<12;$i++) {
-$code.=<<___;
-	ld1.32		{$W1},[$Ktbl],#16
-	add.i32		$W0,$W0,@MSG[0]
-	sha256su0	@MSG[0],@MSG[1]
-	orr		$abcd,$ABCD,$ABCD
-	sha256h		$ABCD,$EFGH,$W0
-	sha256h2	$EFGH,$abcd,$W0
-	sha256su1	@MSG[0],@MSG[2],@MSG[3]
-___
-	($W0,$W1)=($W1,$W0);	push(@MSG,shift(@MSG));
-}
-$code.=<<___;
-	ld1.32		{$W1},[$Ktbl],#16
-	add.i32		$W0,$W0,@MSG[0]
-	orr		$abcd,$ABCD,$ABCD
-	sha256h		$ABCD,$EFGH,$W0
-	sha256h2	$EFGH,$abcd,$W0
-
-	ld1.32		{$W0},[$Ktbl],#16
-	add.i32		$W1,$W1,@MSG[1]
-	orr		$abcd,$ABCD,$ABCD
-	sha256h		$ABCD,$EFGH,$W1
-	sha256h2	$EFGH,$abcd,$W1
-
-	ld1.32		{$W1},[$Ktbl]
-	add.i32		$W0,$W0,@MSG[2]
-	sub		$Ktbl,$Ktbl,#$rounds*$SZ-16	// rewind
-	orr		$abcd,$ABCD,$ABCD
-	sha256h		$ABCD,$EFGH,$W0
-	sha256h2	$EFGH,$abcd,$W0
-
-	add.i32		$W1,$W1,@MSG[3]
-	orr		$abcd,$ABCD,$ABCD
-	sha256h		$ABCD,$EFGH,$W1
-	sha256h2	$EFGH,$abcd,$W1
-
-	add.i32		$ABCD,$ABCD,$ABCD_SAVE
-	add.i32		$EFGH,$EFGH,$EFGH_SAVE
-
-	cbnz		$num,.Loop_hw
-
-	st1.32		{$ABCD,$EFGH},[$ctx]
-
-	ldr		x29,[sp],#16
-	ret
-.size	sha256_block_armv8,.-sha256_block_armv8
-___
-}
-
-$code.=<<___;
-.comm	OPENSSL_armcap_P,4,4
-___
-
-{   my  %opcode = (
-	"sha256h"	=> 0x5e004000,	"sha256h2"	=> 0x5e005000,
-	"sha256su0"	=> 0x5e282800,	"sha256su1"	=> 0x5e006000	);
-
-    sub unsha256 {
-	my ($mnemonic,$arg)=@_;
-
-	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o
-	&&
-	sprintf ".inst\t0x%08x\t//%s %s",
-			$opcode{$mnemonic}|$1|($2<<5)|($3<<16),
-			$mnemonic,$arg;
-    }
-}
-
-foreach(split("\n",$code)) {
-
-	s/\`([^\`]*)\`/eval($1)/geo;
-
-	s/\b(sha256\w+)\s+([qv].*)/unsha256($1,$2)/geo;
-
-	s/\.\w?32\b//o		and s/\.16b/\.4s/go;
-	m/(ld|st)1[^\[]+\[0\]/o	and s/\.4s/\.s/go;
-
-	print $_,"\n";
-}
-
-close STDOUT;
diff --git a/crypto/sha/asm/sha512-ia64.pl b/crypto/sha/asm/sha512-ia64.pl
deleted file mode 100755
index 1c6ce56522..0000000000
--- a/crypto/sha/asm/sha512-ia64.pl
+++ /dev/null
@@ -1,672 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# SHA256/512_Transform for Itanium.
-#
-# sha512_block runs in 1003 cycles on Itanium 2, which is almost 50%
-# faster than gcc and >60%(!) faster than code generated by HP-UX
-# compiler (yes, HP-UX is generating slower code, because unlike gcc,
-# it failed to deploy "shift right pair," 'shrp' instruction, which
-# substitutes for 64-bit rotate).
-#
-# 924 cycles long sha256_block outperforms gcc by over factor of 2(!)
-# and HP-UX compiler - by >40% (yes, gcc won sha512_block, but lost
-# this one big time). Note that "formally" 924 is about 100 cycles
-# too much. I mean it's 64 32-bit rounds vs. 80 virtually identical
-# 64-bit ones and 1003*64/80 gives 802. Extra cycles, 2 per round,
-# are spent on extra work to provide for 32-bit rotations. 32-bit
-# rotations are still handled by 'shrp' instruction and for this
-# reason lower 32 bits are deposited to upper half of 64-bit register
-# prior 'shrp' issue. And in order to minimize the amount of such
-# operations, X[16] values are *maintained* with copies of lower
-# halves in upper halves, which is why you'll spot such instructions
-# as custom 'mux2', "parallel 32-bit add," 'padd4' and "parallel
-# 32-bit unsigned right shift," 'pshr4.u' instructions here.
-#
-# Rules of engagement.
-#
-# There is only one integer shifter meaning that if I have two rotate,
-# deposit or extract instructions in adjacent bundles, they shall
-# split [at run-time if they have to]. But note that variable and
-# parallel shifts are performed by multi-media ALU and *are* pairable
-# with rotates [and alike]. On the backside MMALU is rather slow: it
-# takes 2 extra cycles before the result of integer operation is
-# available *to* MMALU and 2(*) extra cycles before the result of MM
-# operation is available "back" *to* integer ALU, not to mention that
-# MMALU itself has 2 cycles latency. However! I explicitly scheduled
-# these MM instructions to avoid MM stalls, so that all these extra
-# latencies get "hidden" in instruction-level parallelism.
-#
-# (*) 2 cycles on Itanium 1 and 1 cycle on Itanium 2. But I schedule
-#     for 2 in order to provide for best *overall* performance,
-#     because on Itanium 1 stall on MM result is accompanied by
-#     pipeline flush, which takes 6 cycles:-(
-#
-# Resulting performance numbers for 900MHz Itanium 2 system:
-#
-# The 'numbers' are in 1000s of bytes per second processed.
-# type     16 bytes    64 bytes   256 bytes  1024 bytes  8192 bytes
-# sha1(*)   6210.14k   20376.30k   52447.83k   85870.05k  105478.12k
-# sha256    7476.45k   20572.05k   41538.34k   56062.29k   62093.18k
-# sha512    4996.56k   20026.28k   47597.20k   85278.79k  111501.31k
-#
-# (*) SHA1 numbers are for HP-UX compiler and are presented purely
-#     for reference purposes. I bet it can improved too...
-#
-# To generate code, pass the file name with either 256 or 512 in its
-# name and compiler flags.
-
-$output=shift;
-
-if ($output =~ /512.*\.[s|asm]/) {
-	$SZ=8;
-	$BITS=8*$SZ;
-	$LDW="ld8";
-	$STW="st8";
-	$ADD="add";
-	$SHRU="shr.u";
-	$TABLE="K512";
-	$func="sha512_block_data_order";
-	@Sigma0=(28,34,39);
-	@Sigma1=(14,18,41);
-	@sigma0=(1,  8, 7);
-	@sigma1=(19,61, 6);
-	$rounds=80;
-} elsif ($output =~ /256.*\.[s|asm]/) {
-	$SZ=4;
-	$BITS=8*$SZ;
-	$LDW="ld4";
-	$STW="st4";
-	$ADD="padd4";
-	$SHRU="pshr4.u";
-	$TABLE="K256";
-	$func="sha256_block_data_order";
-	@Sigma0=( 2,13,22);
-	@Sigma1=( 6,11,25);
-	@sigma0=( 7,18, 3);
-	@sigma1=(17,19,10);
-	$rounds=64;
-} else { die "nonsense $output"; }
-
-open STDOUT,">$output" || die "can't open $output: $!";
-
-if ($^O eq "hpux") {
-    $ADDP="addp4";
-    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
-} else { $ADDP="add"; }
-for (@ARGV)  {	$big_endian=1 if (/\-DB_ENDIAN/);
-		$big_endian=0 if (/\-DL_ENDIAN/);  }
-if (!defined($big_endian))
-             {	$big_endian=(unpack('L',pack('N',1))==1);  }
-
-$code=<<___;
-.ident  \"$output, version 1.1\"
-.ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
-.explicit
-.text
-
-pfssave=r2;
-lcsave=r3;
-prsave=r14;
-K=r15;
-A=r16;	B=r17;	C=r18;	D=r19;
-E=r20;	F=r21;	G=r22;	H=r23;
-T1=r24;	T2=r25;
-s0=r26;	s1=r27;	t0=r28;	t1=r29;
-Ktbl=r30;
-ctx=r31;	// 1st arg
-input=r48;	// 2nd arg
-num=r49;	// 3rd arg
-sgm0=r50;	sgm1=r51;	// small constants
-A_=r54;	B_=r55;	C_=r56;	D_=r57;
-E_=r58;	F_=r59;	G_=r60;	H_=r61;
-
-// void $func (SHA_CTX *ctx, const void *in,size_t num[,int host])
-.global	$func#
-.proc	$func#
-.align	32
-$func:
-	.prologue
-	.save	ar.pfs,pfssave
-{ .mmi;	alloc	pfssave=ar.pfs,3,27,0,16
-	$ADDP	ctx=0,r32		// 1st arg
-	.save	ar.lc,lcsave
-	mov	lcsave=ar.lc	}
-{ .mmi;	$ADDP	input=0,r33		// 2nd arg
-	mov	num=r34			// 3rd arg
-	.save	pr,prsave
-	mov	prsave=pr	};;
-
-	.body
-{ .mib;	add	r8=0*$SZ,ctx
-	add	r9=1*$SZ,ctx
-	brp.loop.imp	.L_first16,.L_first16_end-16	}
-{ .mib;	add	r10=2*$SZ,ctx
-	add	r11=3*$SZ,ctx
-	brp.loop.imp	.L_rest,.L_rest_end-16		};;
-
-// load A-H
-.Lpic_point:
-{ .mmi;	$LDW	A_=[r8],4*$SZ
-	$LDW	B_=[r9],4*$SZ
-	mov	Ktbl=ip		}
-{ .mmi;	$LDW	C_=[r10],4*$SZ
-	$LDW	D_=[r11],4*$SZ
-	mov	sgm0=$sigma0[2]	};;
-{ .mmi;	$LDW	E_=[r8]
-	$LDW	F_=[r9]
-	add	Ktbl=($TABLE#-.Lpic_point),Ktbl		}
-{ .mmi;	$LDW	G_=[r10]
-	$LDW	H_=[r11]
-	cmp.ne	p0,p16=0,r0	};;	// used in sha256_block
-___
-$code.=<<___ if ($BITS==64);
-{ .mii;	and	r8=7,input
-	and	input=~7,input;;
-	cmp.eq	p9,p0=1,r8	}
-{ .mmi;	cmp.eq	p10,p0=2,r8
-	cmp.eq	p11,p0=3,r8
-	cmp.eq	p12,p0=4,r8	}
-{ .mmi;	cmp.eq	p13,p0=5,r8
-	cmp.eq	p14,p0=6,r8
-	cmp.eq	p15,p0=7,r8	};;
-___
-$code.=<<___;
-.L_outer:
-.rotr	X[16]
-{ .mmi;	mov	A=A_
-	mov	B=B_
-	mov	ar.lc=14	}
-{ .mmi;	mov	C=C_
-	mov	D=D_
-	mov	E=E_		}
-{ .mmi;	mov	F=F_
-	mov	G=G_
-	mov	ar.ec=2		}
-{ .mmi;	ld1	X[15]=[input],$SZ		// eliminated in 64-bit
-	mov	H=H_
-	mov	sgm1=$sigma1[2]	};;
-
-___
-$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);
-.align	32
-.L_first16:
-{ .mmi;		add	r9=1-$SZ,input
-		add	r10=2-$SZ,input
-		add	r11=3-$SZ,input	};;
-{ .mmi;		ld1	r9=[r9]
-		ld1	r10=[r10]
-		dep.z	$t1=E,32,32	}
-{ .mmi;		$LDW	K=[Ktbl],$SZ
-		ld1	r11=[r11]
-		zxt4	E=E		};;
-{ .mii;		or	$t1=$t1,E
-		dep	X[15]=X[15],r9,8,8
-		dep	r11=r10,r11,8,8	};;
-{ .mmi;		and	T1=F,E
-		and	T2=A,B
-		dep	X[15]=X[15],r11,16,16	}
-{ .mmi;		andcm	r8=G,E
-		and	r9=A,C
-		mux2	$t0=A,0x44	};;	// copy lower half to upper
-{ .mmi;	(p16)	ld1	X[15-1]=[input],$SZ	// prefetch
-		xor	T1=T1,r8		// T1=((e & f) ^ (~e & g))
-		_rotr	r11=$t1,$Sigma1[0] }	// ROTR(e,14)
-{ .mib;		and	r10=B,C
-		xor	T2=T2,r9	};;
-___
-$t0="A", $t1="E", $code.=<<___ if ($BITS==64);
-// in 64-bit mode I load whole X[16] at once and take care of alignment...
-{ .mmi;	add	r8=1*$SZ,input
-	add	r9=2*$SZ,input
-	add	r10=3*$SZ,input		};;
-{ .mmb;	$LDW	X[15]=[input],4*$SZ
-	$LDW	X[14]=[r8],4*$SZ
-(p9)	br.cond.dpnt.many	.L1byte	};;
-{ .mmb;	$LDW	X[13]=[r9],4*$SZ
-	$LDW	X[12]=[r10],4*$SZ
-(p10)	br.cond.dpnt.many	.L2byte	};;
-{ .mmb;	$LDW	X[11]=[input],4*$SZ
-	$LDW	X[10]=[r8],4*$SZ
-(p11)	br.cond.dpnt.many	.L3byte	};;
-{ .mmb;	$LDW	X[ 9]=[r9],4*$SZ
-	$LDW	X[ 8]=[r10],4*$SZ
-(p12)	br.cond.dpnt.many	.L4byte	};;
-{ .mmb;	$LDW	X[ 7]=[input],4*$SZ
-	$LDW	X[ 6]=[r8],4*$SZ
-(p13)	br.cond.dpnt.many	.L5byte	};;
-{ .mmb;	$LDW	X[ 5]=[r9],4*$SZ
-	$LDW	X[ 4]=[r10],4*$SZ
-(p14)	br.cond.dpnt.many	.L6byte	};;
-{ .mmb;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-(p15)	br.cond.dpnt.many	.L7byte	};;
-{ .mmb;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	br.many	.L_first16		};;
-.L1byte:
-{ .mmi;	$LDW	X[13]=[r9],4*$SZ
-	$LDW	X[12]=[r10],4*$SZ
-	shrp	X[15]=X[15],X[14],56	};;
-{ .mmi;	$LDW	X[11]=[input],4*$SZ
-	$LDW	X[10]=[r8],4*$SZ
-	shrp	X[14]=X[14],X[13],56	}
-{ .mmi;	$LDW	X[ 9]=[r9],4*$SZ
-	$LDW	X[ 8]=[r10],4*$SZ
-	shrp	X[13]=X[13],X[12],56	};;
-{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
-	$LDW	X[ 6]=[r8],4*$SZ
-	shrp	X[12]=X[12],X[11],56	}
-{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
-	$LDW	X[ 4]=[r10],4*$SZ
-	shrp	X[11]=X[11],X[10],56	};;
-{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-	shrp	X[10]=X[10],X[ 9],56	}
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[ 9]=X[ 9],X[ 8],56	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[ 8]=X[ 8],X[ 7],56
-	shrp	X[ 7]=X[ 7],X[ 6],56	}
-{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],56
-	shrp	X[ 5]=X[ 5],X[ 4],56	};;
-{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],56
-	shrp	X[ 3]=X[ 3],X[ 2],56	}
-{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],56
-	shrp	X[ 1]=X[ 1],X[ 0],56	}
-{ .mib;	shrp	X[ 0]=X[ 0],T1,56
-	br.many	.L_first16		};;
-.L2byte:
-{ .mmi;	$LDW	X[11]=[input],4*$SZ
-	$LDW	X[10]=[r8],4*$SZ
-	shrp	X[15]=X[15],X[14],48	}
-{ .mmi;	$LDW	X[ 9]=[r9],4*$SZ
-	$LDW	X[ 8]=[r10],4*$SZ
-	shrp	X[14]=X[14],X[13],48	};;
-{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
-	$LDW	X[ 6]=[r8],4*$SZ
-	shrp	X[13]=X[13],X[12],48	}
-{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
-	$LDW	X[ 4]=[r10],4*$SZ
-	shrp	X[12]=X[12],X[11],48	};;
-{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-	shrp	X[11]=X[11],X[10],48	}
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[10]=X[10],X[ 9],48	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[ 9]=X[ 9],X[ 8],48
-	shrp	X[ 8]=X[ 8],X[ 7],48	}
-{ .mii;	shrp	X[ 7]=X[ 7],X[ 6],48
-	shrp	X[ 6]=X[ 6],X[ 5],48	};;
-{ .mii;	shrp	X[ 5]=X[ 5],X[ 4],48
-	shrp	X[ 4]=X[ 4],X[ 3],48	}
-{ .mii;	shrp	X[ 3]=X[ 3],X[ 2],48
-	shrp	X[ 2]=X[ 2],X[ 1],48	}
-{ .mii;	shrp	X[ 1]=X[ 1],X[ 0],48
-	shrp	X[ 0]=X[ 0],T1,48	}
-{ .mfb;	br.many	.L_first16		};;
-.L3byte:
-{ .mmi;	$LDW	X[ 9]=[r9],4*$SZ
-	$LDW	X[ 8]=[r10],4*$SZ
-	shrp	X[15]=X[15],X[14],40	};;
-{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
-	$LDW	X[ 6]=[r8],4*$SZ
-	shrp	X[14]=X[14],X[13],40	}
-{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
-	$LDW	X[ 4]=[r10],4*$SZ
-	shrp	X[13]=X[13],X[12],40	};;
-{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-	shrp	X[12]=X[12],X[11],40	}
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[11]=X[11],X[10],40	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[10]=X[10],X[ 9],40
-	shrp	X[ 9]=X[ 9],X[ 8],40	}
-{ .mii;	shrp	X[ 8]=X[ 8],X[ 7],40
-	shrp	X[ 7]=X[ 7],X[ 6],40	};;
-{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],40
-	shrp	X[ 5]=X[ 5],X[ 4],40	}
-{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],40
-	shrp	X[ 3]=X[ 3],X[ 2],40	}
-{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],40
-	shrp	X[ 1]=X[ 1],X[ 0],40	}
-{ .mib;	shrp	X[ 0]=X[ 0],T1,40
-	br.many	.L_first16		};;
-.L4byte:
-{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
-	$LDW	X[ 6]=[r8],4*$SZ
-	shrp	X[15]=X[15],X[14],32	}
-{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
-	$LDW	X[ 4]=[r10],4*$SZ
-	shrp	X[14]=X[14],X[13],32	};;
-{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-	shrp	X[13]=X[13],X[12],32	}
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[12]=X[12],X[11],32	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[11]=X[11],X[10],32
-	shrp	X[10]=X[10],X[ 9],32	}
-{ .mii;	shrp	X[ 9]=X[ 9],X[ 8],32
-	shrp	X[ 8]=X[ 8],X[ 7],32	};;
-{ .mii;	shrp	X[ 7]=X[ 7],X[ 6],32
-	shrp	X[ 6]=X[ 6],X[ 5],32	}
-{ .mii;	shrp	X[ 5]=X[ 5],X[ 4],32
-	shrp	X[ 4]=X[ 4],X[ 3],32	}
-{ .mii;	shrp	X[ 3]=X[ 3],X[ 2],32
-	shrp	X[ 2]=X[ 2],X[ 1],32	}
-{ .mii;	shrp	X[ 1]=X[ 1],X[ 0],32
-	shrp	X[ 0]=X[ 0],T1,32	}
-{ .mfb;	br.many	.L_first16		};;
-.L5byte:
-{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
-	$LDW	X[ 4]=[r10],4*$SZ
-	shrp	X[15]=X[15],X[14],24	};;
-{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-	shrp	X[14]=X[14],X[13],24	}
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[13]=X[13],X[12],24	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[12]=X[12],X[11],24
-	shrp	X[11]=X[11],X[10],24	}
-{ .mii;	shrp	X[10]=X[10],X[ 9],24
-	shrp	X[ 9]=X[ 9],X[ 8],24	};;
-{ .mii;	shrp	X[ 8]=X[ 8],X[ 7],24
-	shrp	X[ 7]=X[ 7],X[ 6],24	}
-{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],24
-	shrp	X[ 5]=X[ 5],X[ 4],24	}
-{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],24
-	shrp	X[ 3]=X[ 3],X[ 2],24	}
-{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],24
-	shrp	X[ 1]=X[ 1],X[ 0],24	}
-{ .mib;	shrp	X[ 0]=X[ 0],T1,24
-	br.many	.L_first16		};;
-.L6byte:
-{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-	shrp	X[15]=X[15],X[14],16	}
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[14]=X[14],X[13],16	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[13]=X[13],X[12],16
-	shrp	X[12]=X[12],X[11],16	}
-{ .mii;	shrp	X[11]=X[11],X[10],16
-	shrp	X[10]=X[10],X[ 9],16	};;
-{ .mii;	shrp	X[ 9]=X[ 9],X[ 8],16
-	shrp	X[ 8]=X[ 8],X[ 7],16	}
-{ .mii;	shrp	X[ 7]=X[ 7],X[ 6],16
-	shrp	X[ 6]=X[ 6],X[ 5],16	}
-{ .mii;	shrp	X[ 5]=X[ 5],X[ 4],16
-	shrp	X[ 4]=X[ 4],X[ 3],16	}
-{ .mii;	shrp	X[ 3]=X[ 3],X[ 2],16
-	shrp	X[ 2]=X[ 2],X[ 1],16	}
-{ .mii;	shrp	X[ 1]=X[ 1],X[ 0],16
-	shrp	X[ 0]=X[ 0],T1,16	}
-{ .mfb;	br.many	.L_first16		};;
-.L7byte:
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[15]=X[15],X[14],8	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[14]=X[14],X[13],8
-	shrp	X[13]=X[13],X[12],8	}
-{ .mii;	shrp	X[12]=X[12],X[11],8
-	shrp	X[11]=X[11],X[10],8	};;
-{ .mii;	shrp	X[10]=X[10],X[ 9],8
-	shrp	X[ 9]=X[ 9],X[ 8],8	}
-{ .mii;	shrp	X[ 8]=X[ 8],X[ 7],8
-	shrp	X[ 7]=X[ 7],X[ 6],8	}
-{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],8
-	shrp	X[ 5]=X[ 5],X[ 4],8	}
-{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],8
-	shrp	X[ 3]=X[ 3],X[ 2],8	}
-{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],8
-	shrp	X[ 1]=X[ 1],X[ 0],8	}
-{ .mib;	shrp	X[ 0]=X[ 0],T1,8
-	br.many	.L_first16		};;
-
-.align	32
-.L_first16:
-{ .mmi;		$LDW	K=[Ktbl],$SZ
-		and	T1=F,E
-		and	T2=A,B		}
-{ .mmi;		//$LDW	X[15]=[input],$SZ	// X[i]=*input++
-		andcm	r8=G,E
-		and	r9=A,C		};;
-{ .mmi;		xor	T1=T1,r8		//T1=((e & f) ^ (~e & g))
-		and	r10=B,C
-		_rotr	r11=$t1,$Sigma1[0] }	// ROTR(e,14)
-{ .mmi;		xor	T2=T2,r9
-		mux1	X[15]=X[15],\@rev };;	// eliminated in big-endian
-___
-$code.=<<___;
-{ .mib;		add	T1=T1,H			// T1=Ch(e,f,g)+h
-		_rotr	r8=$t1,$Sigma1[1] }	// ROTR(e,18)
-{ .mib;		xor	T2=T2,r10		// T2=((a & b) ^ (a & c) ^ (b & c))
-		mov	H=G		};;
-{ .mib;		xor	r11=r8,r11
-		_rotr	r9=$t1,$Sigma1[2] }	// ROTR(e,41)
-{ .mib;		mov	G=F
-		mov	F=E		};;
-{ .mib;		xor	r9=r9,r11		// r9=Sigma1(e)
-		_rotr	r10=$t0,$Sigma0[0] }	// ROTR(a,28)
-{ .mib;		add	T1=T1,K			// T1=Ch(e,f,g)+h+K512[i]
-		mov	E=D		};;
-{ .mib;		add	T1=T1,r9		// T1+=Sigma1(e)
-		_rotr	r11=$t0,$Sigma0[1] }	// ROTR(a,34)
-{ .mib;		mov	D=C
-		mov	C=B		};;
-{ .mib;		add	T1=T1,X[15]		// T1+=X[i]
-		_rotr	r8=$t0,$Sigma0[2] }	// ROTR(a,39)
-{ .mib;		xor	r10=r10,r11
-		mux2	X[15]=X[15],0x44 };;	// eliminated in 64-bit
-{ .mmi;		xor	r10=r8,r10		// r10=Sigma0(a)
-		mov	B=A
-		add	A=T1,T2		};;
-{ .mib;		add	E=E,T1
-		add	A=A,r10			// T2=Maj(a,b,c)+Sigma0(a)
-	br.ctop.sptk	.L_first16	};;
-.L_first16_end:
-
-{ .mii;	mov	ar.lc=$rounds-17
-	mov	ar.ec=1			};;
-
-.align	32
-.L_rest:
-.rotr	X[16]
-{ .mib;		$LDW	K=[Ktbl],$SZ
-		_rotr	r8=X[15-1],$sigma0[0] }	// ROTR(s0,1)
-{ .mib; 	$ADD	X[15]=X[15],X[15-9]	// X[i&0xF]+=X[(i+9)&0xF]
-		$SHRU	s0=X[15-1],sgm0	};;	// s0=X[(i+1)&0xF]>>7
-{ .mib;		and	T1=F,E
-		_rotr	r9=X[15-1],$sigma0[1] }	// ROTR(s0,8)
-{ .mib;		andcm	r10=G,E
-		$SHRU	s1=X[15-14],sgm1 };;	// s1=X[(i+14)&0xF]>>6
-{ .mmi;		xor	T1=T1,r10		// T1=((e & f) ^ (~e & g))
-		xor	r9=r8,r9
-		_rotr	r10=X[15-14],$sigma1[0] };;// ROTR(s1,19)
-{ .mib;		and	T2=A,B		
-		_rotr	r11=X[15-14],$sigma1[1] }// ROTR(s1,61)
-{ .mib;		and	r8=A,C		};;
-___
-$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);
-// I adhere to mmi; in order to hold Itanium 1 back and avoid 6 cycle
-// pipeline flush in last bundle. Note that even on Itanium2 the
-// latter stalls for one clock cycle...
-{ .mmi;		xor	s0=s0,r9		// s0=sigma0(X[(i+1)&0xF])
-		dep.z	$t1=E,32,32	}
-{ .mmi;		xor	r10=r11,r10
-		zxt4	E=E		};;
-{ .mmi;		or	$t1=$t1,E
-		xor	s1=s1,r10		// s1=sigma1(X[(i+14)&0xF])
-		mux2	$t0=A,0x44	};;	// copy lower half to upper
-{ .mmi;		xor	T2=T2,r8
-		_rotr	r9=$t1,$Sigma1[0] }	// ROTR(e,14)
-{ .mmi;		and	r10=B,C
-		add	T1=T1,H			// T1=Ch(e,f,g)+h
-		$ADD	X[15]=X[15],s0	};;	// X[i&0xF]+=sigma0(X[(i+1)&0xF])
-___
-$t0="A", $t1="E", $code.=<<___ if ($BITS==64);
-{ .mib;		xor	s0=s0,r9		// s0=sigma0(X[(i+1)&0xF])
-		_rotr	r9=$t1,$Sigma1[0] }	// ROTR(e,14)
-{ .mib;		xor	r10=r11,r10
-		xor	T2=T2,r8	};;
-{ .mib;		xor	s1=s1,r10		// s1=sigma1(X[(i+14)&0xF])
-		add	T1=T1,H		}
-{ .mib;		and	r10=B,C
-		$ADD	X[15]=X[15],s0	};;	// X[i&0xF]+=sigma0(X[(i+1)&0xF])
-___
-$code.=<<___;
-{ .mmi;		xor	T2=T2,r10		// T2=((a & b) ^ (a & c) ^ (b & c))
-		mov	H=G
-		_rotr	r8=$t1,$Sigma1[1] };;	// ROTR(e,18)
-{ .mmi;		xor	r11=r8,r9
-		$ADD	X[15]=X[15],s1		// X[i&0xF]+=sigma1(X[(i+14)&0xF])
-		_rotr	r9=$t1,$Sigma1[2] }	// ROTR(e,41)
-{ .mmi;		mov	G=F
-		mov	F=E		};;
-{ .mib;		xor	r9=r9,r11		// r9=Sigma1(e)
-		_rotr	r10=$t0,$Sigma0[0] }	// ROTR(a,28)
-{ .mib;		add	T1=T1,K			// T1=Ch(e,f,g)+h+K512[i]
-		mov	E=D		};;
-{ .mib;		add	T1=T1,r9		// T1+=Sigma1(e)
-		_rotr	r11=$t0,$Sigma0[1] }	// ROTR(a,34)
-{ .mib;		mov	D=C
-		mov	C=B		};;
-{ .mmi;		add	T1=T1,X[15]		// T1+=X[i]
-		xor	r10=r10,r11
-		_rotr	r8=$t0,$Sigma0[2] };;	// ROTR(a,39)
-{ .mmi;		xor	r10=r8,r10		// r10=Sigma0(a)
-		mov	B=A
-		add	A=T1,T2		};;
-{ .mib;		add	E=E,T1
-		add	A=A,r10			// T2=Maj(a,b,c)+Sigma0(a)
-	br.ctop.sptk	.L_rest	};;
-.L_rest_end:
-
-{ .mmi;	add	A_=A_,A
-	add	B_=B_,B
-	add	C_=C_,C			}
-{ .mmi;	add	D_=D_,D
-	add	E_=E_,E
-	cmp.ltu	p16,p0=1,num		};;
-{ .mmi;	add	F_=F_,F
-	add	G_=G_,G
-	add	H_=H_,H			}
-{ .mmb;	add	Ktbl=-$SZ*$rounds,Ktbl
-(p16)	add	num=-1,num
-(p16)	br.dptk.many	.L_outer	};;
-
-{ .mib;	add	r8=0*$SZ,ctx
-	add	r9=1*$SZ,ctx		}
-{ .mib;	add	r10=2*$SZ,ctx
-	add	r11=3*$SZ,ctx		};;
-{ .mmi;	$STW	[r8]=A_,4*$SZ
-	$STW	[r9]=B_,4*$SZ
-	mov	ar.lc=lcsave		}
-{ .mmi;	$STW	[r10]=C_,4*$SZ
-	$STW	[r11]=D_,4*$SZ
-	mov	pr=prsave,0x1ffff	};;
-{ .mmb;	$STW	[r8]=E_
-	$STW	[r9]=F_			}
-{ .mmb;	$STW	[r10]=G_
-	$STW	[r11]=H_
-	br.ret.sptk.many	b0	};;
-.endp	$func#
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/_rotr(\s+)([^=]+)=([^,]+),([0-9]+)/shrp$1$2=$3,$3,$4/gm;
-if ($BITS==64) {
-    $code =~ s/mux2(\s+)\S+/nop.i$1 0x0/gm;
-    $code =~ s/mux1(\s+)\S+/nop.i$1 0x0/gm	if ($big_endian);
-    $code =~ s/(shrp\s+X\[[^=]+)=([^,]+),([^,]+),([1-9]+)/$1=$3,$2,64-$4/gm
-    						if (!$big_endian);
-    $code =~ s/ld1(\s+)X\[\S+/nop.m$1 0x0/gm;
-}
-
-print $code;
-
-print<<___ if ($BITS==32);
-.align	64
-.type	K256#,\@object
-K256:	data4	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
-	data4	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
-	data4	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
-	data4	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-	data4	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
-	data4	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
-	data4	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-	data4	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
-	data4	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
-	data4	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
-	data4	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
-	data4	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
-	data4	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
-	data4	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
-	data4	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
-	data4	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-.size	K256#,$SZ*$rounds
-stringz	"SHA256 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
-___
-print<<___ if ($BITS==64);
-.align	64
-.type	K512#,\@object
-K512:	data8	0x428a2f98d728ae22,0x7137449123ef65cd
-	data8	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
-	data8	0x3956c25bf348b538,0x59f111f1b605d019
-	data8	0x923f82a4af194f9b,0xab1c5ed5da6d8118
-	data8	0xd807aa98a3030242,0x12835b0145706fbe
-	data8	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
-	data8	0x72be5d74f27b896f,0x80deb1fe3b1696b1
-	data8	0x9bdc06a725c71235,0xc19bf174cf692694
-	data8	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-	data8	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
-	data8	0x2de92c6f592b0275,0x4a7484aa6ea6e483
-	data8	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
-	data8	0x983e5152ee66dfab,0xa831c66d2db43210
-	data8	0xb00327c898fb213f,0xbf597fc7beef0ee4
-	data8	0xc6e00bf33da88fc2,0xd5a79147930aa725
-	data8	0x06ca6351e003826f,0x142929670a0e6e70
-	data8	0x27b70a8546d22ffc,0x2e1b21385c26c926
-	data8	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
-	data8	0x650a73548baf63de,0x766a0abb3c77b2a8
-	data8	0x81c2c92e47edaee6,0x92722c851482353b
-	data8	0xa2bfe8a14cf10364,0xa81a664bbc423001
-	data8	0xc24b8b70d0f89791,0xc76c51a30654be30
-	data8	0xd192e819d6ef5218,0xd69906245565a910
-	data8	0xf40e35855771202a,0x106aa07032bbd1b8
-	data8	0x19a4c116b8d2d0c8,0x1e376c085141ab53
-	data8	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
-	data8	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
-	data8	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
-	data8	0x748f82ee5defb2fc,0x78a5636f43172f60
-	data8	0x84c87814a1f0ab72,0x8cc702081a6439ec
-	data8	0x90befffa23631e28,0xa4506cebde82bde9
-	data8	0xbef9a3f7b2c67915,0xc67178f2e372532b
-	data8	0xca273eceea26619c,0xd186b8c721c0c207
-	data8	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-	data8	0x06f067aa72176fba,0x0a637dc5a2c898a6
-	data8	0x113f9804bef90dae,0x1b710b35131c471b
-	data8	0x28db77f523047d84,0x32caab7b40c72493
-	data8	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
-	data8	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
-	data8	0x5fcb6fab3ad6faec,0x6c44198c4a475817
-.size	K512#,$SZ*$rounds
-stringz	"SHA512 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
-___
diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl
deleted file mode 100644
index 6807a2c722..0000000000
--- a/crypto/sha/asm/sha512-mips.pl
+++ /dev/null
@@ -1,455 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# SHA2 block procedures for MIPS.
-
-# October 2010.
-#
-# SHA256 performance improvement on MIPS R5000 CPU is ~27% over gcc-
-# generated code in o32 build and ~55% in n32/64 build. SHA512 [which
-# for now can only be compiled for MIPS64 ISA] improvement is modest
-# ~17%, but it comes for free, because it's same instruction sequence.
-# Improvement coefficients are for aligned input.
-
-######################################################################
-# There is a number of MIPS ABI in use, O32 and N32/64 are most
-# widely used. Then there is a new contender: NUBI. It appears that if
-# one picks the latter, it's possible to arrange code in ABI neutral
-# manner. Therefore let's stick to NUBI register layout:
-#
-($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25));
-($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
-($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23));
-($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31));
-#
-# The return value is placed in $a0. Following coding rules facilitate
-# interoperability:
-#
-# - never ever touch $tp, "thread pointer", former $gp [o32 can be
-#   excluded from the rule, because it's specified volatile];
-# - copy return value to $t0, former $v0 [or to $a0 if you're adapting
-#   old code];
-# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary;
-#
-# For reference here is register layout for N32/64 MIPS ABIs:
-#
-# ($zero,$at,$v0,$v1)=map("\$$_",(0..3));
-# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11));
-# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25));
-# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23));
-# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31));
-#
-$flavour = shift; # supported flavours are o32,n32,64,nubi32,nubi64
-
-if ($flavour =~ /64|n32/i) {
-	$PTR_ADD="dadd";	# incidentally works even on n32
-	$PTR_SUB="dsub";	# incidentally works even on n32
-	$REG_S="sd";
-	$REG_L="ld";
-	$PTR_SLL="dsll";	# incidentally works even on n32
-	$SZREG=8;
-} else {
-	$PTR_ADD="add";
-	$PTR_SUB="sub";
-	$REG_S="sw";
-	$REG_L="lw";
-	$PTR_SLL="sll";
-	$SZREG=4;
-}
-$pf = ($flavour =~ /nubi/i) ? $t0 : $t2;
-#
-# <appro@openssl.org>
-#
-######################################################################
-
-$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
-
-for (@ARGV) {	$output=$_ if (/^\w[\w\-]*\.\w+$/);	}
-open STDOUT,">$output";
-
-if (!defined($big_endian)) { $big_endian=(unpack('L',pack('N',1))==1); }
-
-if ($output =~ /512/) {
-	$label="512";
-	$SZ=8;
-	$LD="ld";		# load from memory
-	$ST="sd";		# store to memory
-	$SLL="dsll";		# shift left logical
-	$SRL="dsrl";		# shift right logical
-	$ADDU="daddu";
-	@Sigma0=(28,34,39);
-	@Sigma1=(14,18,41);
-	@sigma0=( 7, 1, 8);	# right shift first
-	@sigma1=( 6,19,61);	# right shift first
-	$lastK=0x817;
-	$rounds=80;
-} else {
-	$label="256";
-	$SZ=4;
-	$LD="lw";		# load from memory
-	$ST="sw";		# store to memory
-	$SLL="sll";		# shift left logical
-	$SRL="srl";		# shift right logical
-	$ADDU="addu";
-	@Sigma0=( 2,13,22);
-	@Sigma1=( 6,11,25);
-	@sigma0=( 3, 7,18);	# right shift first
-	@sigma1=(10,17,19);	# right shift first
-	$lastK=0x8f2;
-	$rounds=64;
-}
-
-$MSB = $big_endian ? 0 : ($SZ-1);
-$LSB = ($SZ-1)&~$MSB;
-
-@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("\$$_",(1,2,3,7,24,25,30,31));
-@X=map("\$$_",(8..23));
-
-$ctx=$a0;
-$inp=$a1;
-$len=$a2;	$Ktbl=$len;
-
-sub BODY_00_15 {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
-my ($T1,$tmp0,$tmp1,$tmp2)=(@X[4],@X[5],@X[6],@X[7]);
-
-$code.=<<___ if ($i<15);
-	${LD}l	@X[1],`($i+1)*$SZ+$MSB`($inp)
-	${LD}r	@X[1],`($i+1)*$SZ+$LSB`($inp)
-___
-$code.=<<___	if (!$big_endian && $i<16 && $SZ==4);
-	srl	$tmp0,@X[0],24		# byte swap($i)
-	srl	$tmp1,@X[0],8
-	andi	$tmp2,@X[0],0xFF00
-	sll	@X[0],@X[0],24
-	andi	$tmp1,0xFF00
-	sll	$tmp2,$tmp2,8
-	or	@X[0],$tmp0
-	or	$tmp1,$tmp2
-	or	@X[0],$tmp1
-___
-$code.=<<___	if (!$big_endian && $i<16 && $SZ==8);
-	ori	$tmp0,$zero,0xFF
-	dsll	$tmp2,$tmp0,32
-	or	$tmp0,$tmp2		# 0x000000FF000000FF
-	and	$tmp1,@X[0],$tmp0	# byte swap($i)
-	dsrl	$tmp2,@X[0],24
-	dsll	$tmp1,24
-	and	$tmp2,$tmp0
-	dsll	$tmp0,8			# 0x0000FF000000FF00
-	or	$tmp1,$tmp2
-	and	$tmp2,@X[0],$tmp0
-	dsrl	@X[0],8
-	dsll	$tmp2,8
-	and	@X[0],$tmp0
-	or	$tmp1,$tmp2
-	or	@X[0],$tmp1
-	dsrl	$tmp1,@X[0],32
-	dsll	@X[0],32
-	or	@X[0],$tmp1
-___
-$code.=<<___;
-	$ADDU	$T1,$X[0],$h			# $i
-	$SRL	$h,$e,@Sigma1[0]
-	xor	$tmp2,$f,$g
-	$SLL	$tmp1,$e,`$SZ*8-@Sigma1[2]`
-	and	$tmp2,$e
-	$SRL	$tmp0,$e,@Sigma1[1]
-	xor	$h,$tmp1
-	$SLL	$tmp1,$e,`$SZ*8-@Sigma1[1]`
-	xor	$h,$tmp0
-	$SRL	$tmp0,$e,@Sigma1[2]
-	xor	$h,$tmp1
-	$SLL	$tmp1,$e,`$SZ*8-@Sigma1[0]`
-	xor	$h,$tmp0
-	xor	$tmp2,$g			# Ch(e,f,g)
-	xor	$tmp0,$tmp1,$h			# Sigma1(e)
-
-	$SRL	$h,$a,@Sigma0[0]
-	$ADDU	$T1,$tmp2
-	$LD	$tmp2,`$i*$SZ`($Ktbl)		# K[$i]
-	$SLL	$tmp1,$a,`$SZ*8-@Sigma0[2]`
-	$ADDU	$T1,$tmp0
-	$SRL	$tmp0,$a,@Sigma0[1]
-	xor	$h,$tmp1
-	$SLL	$tmp1,$a,`$SZ*8-@Sigma0[1]`
-	xor	$h,$tmp0
-	$SRL	$tmp0,$a,@Sigma0[2]
-	xor	$h,$tmp1
-	$SLL	$tmp1,$a,`$SZ*8-@Sigma0[0]`
-	xor	$h,$tmp0
-	$ST	@X[0],`($i%16)*$SZ`($sp)	# offload to ring buffer
-	xor	$h,$tmp1			# Sigma0(a)
-
-	or	$tmp0,$a,$b
-	and	$tmp1,$a,$b
-	and	$tmp0,$c
-	or	$tmp1,$tmp0			# Maj(a,b,c)
-	$ADDU	$T1,$tmp2			# +=K[$i]
-	$ADDU	$h,$tmp1
-
-	$ADDU	$d,$T1
-	$ADDU	$h,$T1
-___
-$code.=<<___ if ($i>=13);
-	$LD	@X[3],`(($i+3)%16)*$SZ`($sp)	# prefetch from ring buffer
-___
-}
-
-sub BODY_16_XX {
-my $i=@_[0];
-my ($tmp0,$tmp1,$tmp2,$tmp3)=(@X[4],@X[5],@X[6],@X[7]);
-
-$code.=<<___;
-	$SRL	$tmp2,@X[1],@sigma0[0]		# Xupdate($i)
-	$ADDU	@X[0],@X[9]			# +=X[i+9]
-	$SLL	$tmp1,@X[1],`$SZ*8-@sigma0[2]`
-	$SRL	$tmp0,@X[1],@sigma0[1]
-	xor	$tmp2,$tmp1
-	$SLL	$tmp1,`@sigma0[2]-@sigma0[1]`
-	xor	$tmp2,$tmp0
-	$SRL	$tmp0,@X[1],@sigma0[2]
-	xor	$tmp2,$tmp1
-
-	$SRL	$tmp3,@X[14],@sigma1[0]
-	xor	$tmp2,$tmp0			# sigma0(X[i+1])
-	$SLL	$tmp1,@X[14],`$SZ*8-@sigma1[2]`
-	$ADDU	@X[0],$tmp2
-	$SRL	$tmp0,@X[14],@sigma1[1]
-	xor	$tmp3,$tmp1
-	$SLL	$tmp1,`@sigma1[2]-@sigma1[1]`
-	xor	$tmp3,$tmp0
-	$SRL	$tmp0,@X[14],@sigma1[2]
-	xor	$tmp3,$tmp1
-
-	xor	$tmp3,$tmp0			# sigma1(X[i+14])
-	$ADDU	@X[0],$tmp3
-___
-	&BODY_00_15(@_);
-}
-
-$FRAMESIZE=16*$SZ+16*$SZREG;
-$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc0fff008 : 0xc0ff0000;
-
-$code.=<<___;
-#ifdef OPENSSL_FIPSCANISTER
-# include <openssl/fipssyms.h>
-#endif
-
-.text
-.set	noat
-#if !defined(__vxworks) || defined(__pic__)
-.option	pic2
-#endif
-
-.align	5
-.globl	sha${label}_block_data_order
-.ent	sha${label}_block_data_order
-sha${label}_block_data_order:
-	.frame	$sp,$FRAMESIZE,$ra
-	.mask	$SAVED_REGS_MASK,-$SZREG
-	.set	noreorder
-___
-$code.=<<___ if ($flavour =~ /o32/i);	# o32 PIC-ification
-	.cpload	$pf
-___
-$code.=<<___;
-	$PTR_SUB $sp,$FRAMESIZE
-	$REG_S	$ra,$FRAMESIZE-1*$SZREG($sp)
-	$REG_S	$fp,$FRAMESIZE-2*$SZREG($sp)
-	$REG_S	$s11,$FRAMESIZE-3*$SZREG($sp)
-	$REG_S	$s10,$FRAMESIZE-4*$SZREG($sp)
-	$REG_S	$s9,$FRAMESIZE-5*$SZREG($sp)
-	$REG_S	$s8,$FRAMESIZE-6*$SZREG($sp)
-	$REG_S	$s7,$FRAMESIZE-7*$SZREG($sp)
-	$REG_S	$s6,$FRAMESIZE-8*$SZREG($sp)
-	$REG_S	$s5,$FRAMESIZE-9*$SZREG($sp)
-	$REG_S	$s4,$FRAMESIZE-10*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);	# optimize non-nubi prologue
-	$REG_S	$s3,$FRAMESIZE-11*$SZREG($sp)
-	$REG_S	$s2,$FRAMESIZE-12*$SZREG($sp)
-	$REG_S	$s1,$FRAMESIZE-13*$SZREG($sp)
-	$REG_S	$s0,$FRAMESIZE-14*$SZREG($sp)
-	$REG_S	$gp,$FRAMESIZE-15*$SZREG($sp)
-___
-$code.=<<___;
-	$PTR_SLL @X[15],$len,`log(16*$SZ)/log(2)`
-___
-$code.=<<___ if ($flavour !~ /o32/i);	# non-o32 PIC-ification
-	.cplocal	$Ktbl
-	.cpsetup	$pf,$zero,sha${label}_block_data_order
-___
-$code.=<<___;
-	.set	reorder
-	la	$Ktbl,K${label}		# PIC-ified 'load address'
-
-	$LD	$A,0*$SZ($ctx)		# load context
-	$LD	$B,1*$SZ($ctx)
-	$LD	$C,2*$SZ($ctx)
-	$LD	$D,3*$SZ($ctx)
-	$LD	$E,4*$SZ($ctx)
-	$LD	$F,5*$SZ($ctx)
-	$LD	$G,6*$SZ($ctx)
-	$LD	$H,7*$SZ($ctx)
-
-	$PTR_ADD @X[15],$inp		# pointer to the end of input
-	$REG_S	@X[15],16*$SZ($sp)
-	b	.Loop
-
-.align	5
-.Loop:
-	${LD}l	@X[0],$MSB($inp)
-	${LD}r	@X[0],$LSB($inp)
-___
-for ($i=0;$i<16;$i++)
-{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); push(@X,shift(@X)); }
-$code.=<<___;
-	b	.L16_xx
-.align	4
-.L16_xx:
-___
-for (;$i<32;$i++)
-{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); push(@X,shift(@X)); }
-$code.=<<___;
-	and	@X[6],0xfff
-	li	@X[7],$lastK
-	.set	noreorder
-	bne	@X[6],@X[7],.L16_xx
-	$PTR_ADD $Ktbl,16*$SZ		# Ktbl+=16
-
-	$REG_L	@X[15],16*$SZ($sp)	# restore pointer to the end of input
-	$LD	@X[0],0*$SZ($ctx)
-	$LD	@X[1],1*$SZ($ctx)
-	$LD	@X[2],2*$SZ($ctx)
-	$PTR_ADD $inp,16*$SZ
-	$LD	@X[3],3*$SZ($ctx)
-	$ADDU	$A,@X[0]
-	$LD	@X[4],4*$SZ($ctx)
-	$ADDU	$B,@X[1]
-	$LD	@X[5],5*$SZ($ctx)
-	$ADDU	$C,@X[2]
-	$LD	@X[6],6*$SZ($ctx)
-	$ADDU	$D,@X[3]
-	$LD	@X[7],7*$SZ($ctx)
-	$ADDU	$E,@X[4]
-	$ST	$A,0*$SZ($ctx)
-	$ADDU	$F,@X[5]
-	$ST	$B,1*$SZ($ctx)
-	$ADDU	$G,@X[6]
-	$ST	$C,2*$SZ($ctx)
-	$ADDU	$H,@X[7]
-	$ST	$D,3*$SZ($ctx)
-	$ST	$E,4*$SZ($ctx)
-	$ST	$F,5*$SZ($ctx)
-	$ST	$G,6*$SZ($ctx)
-	$ST	$H,7*$SZ($ctx)
-
-	bne	$inp,@X[15],.Loop
-	$PTR_SUB $Ktbl,`($rounds-16)*$SZ`	# rewind $Ktbl
-
-	$REG_L	$ra,$FRAMESIZE-1*$SZREG($sp)
-	$REG_L	$fp,$FRAMESIZE-2*$SZREG($sp)
-	$REG_L	$s11,$FRAMESIZE-3*$SZREG($sp)
-	$REG_L	$s10,$FRAMESIZE-4*$SZREG($sp)
-	$REG_L	$s9,$FRAMESIZE-5*$SZREG($sp)
-	$REG_L	$s8,$FRAMESIZE-6*$SZREG($sp)
-	$REG_L	$s7,$FRAMESIZE-7*$SZREG($sp)
-	$REG_L	$s6,$FRAMESIZE-8*$SZREG($sp)
-	$REG_L	$s5,$FRAMESIZE-9*$SZREG($sp)
-	$REG_L	$s4,$FRAMESIZE-10*$SZREG($sp)
-___
-$code.=<<___ if ($flavour =~ /nubi/i);
-	$REG_L	$s3,$FRAMESIZE-11*$SZREG($sp)
-	$REG_L	$s2,$FRAMESIZE-12*$SZREG($sp)
-	$REG_L	$s1,$FRAMESIZE-13*$SZREG($sp)
-	$REG_L	$s0,$FRAMESIZE-14*$SZREG($sp)
-	$REG_L	$gp,$FRAMESIZE-15*$SZREG($sp)
-___
-$code.=<<___;
-	jr	$ra
-	$PTR_ADD $sp,$FRAMESIZE
-.end	sha${label}_block_data_order
-
-.rdata
-.align	5
-K${label}:
-___
-if ($SZ==4) {
-$code.=<<___;
-	.word	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
-	.word	0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
-	.word	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
-	.word	0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
-	.word	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
-	.word	0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
-	.word	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
-	.word	0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
-	.word	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
-	.word	0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
-	.word	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
-	.word	0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
-	.word	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
-	.word	0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
-	.word	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
-	.word	0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
-___
-} else {
-$code.=<<___;
-	.dword	0x428a2f98d728ae22, 0x7137449123ef65cd
-	.dword	0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc
-	.dword	0x3956c25bf348b538, 0x59f111f1b605d019
-	.dword	0x923f82a4af194f9b, 0xab1c5ed5da6d8118
-	.dword	0xd807aa98a3030242, 0x12835b0145706fbe
-	.dword	0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2
-	.dword	0x72be5d74f27b896f, 0x80deb1fe3b1696b1
-	.dword	0x9bdc06a725c71235, 0xc19bf174cf692694
-	.dword	0xe49b69c19ef14ad2, 0xefbe4786384f25e3
-	.dword	0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65
-	.dword	0x2de92c6f592b0275, 0x4a7484aa6ea6e483
-	.dword	0x5cb0a9dcbd41fbd4, 0x76f988da831153b5
-	.dword	0x983e5152ee66dfab, 0xa831c66d2db43210
-	.dword	0xb00327c898fb213f, 0xbf597fc7beef0ee4
-	.dword	0xc6e00bf33da88fc2, 0xd5a79147930aa725
-	.dword	0x06ca6351e003826f, 0x142929670a0e6e70
-	.dword	0x27b70a8546d22ffc, 0x2e1b21385c26c926
-	.dword	0x4d2c6dfc5ac42aed, 0x53380d139d95b3df
-	.dword	0x650a73548baf63de, 0x766a0abb3c77b2a8
-	.dword	0x81c2c92e47edaee6, 0x92722c851482353b
-	.dword	0xa2bfe8a14cf10364, 0xa81a664bbc423001
-	.dword	0xc24b8b70d0f89791, 0xc76c51a30654be30
-	.dword	0xd192e819d6ef5218, 0xd69906245565a910
-	.dword	0xf40e35855771202a, 0x106aa07032bbd1b8
-	.dword	0x19a4c116b8d2d0c8, 0x1e376c085141ab53
-	.dword	0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8
-	.dword	0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb
-	.dword	0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3
-	.dword	0x748f82ee5defb2fc, 0x78a5636f43172f60
-	.dword	0x84c87814a1f0ab72, 0x8cc702081a6439ec
-	.dword	0x90befffa23631e28, 0xa4506cebde82bde9
-	.dword	0xbef9a3f7b2c67915, 0xc67178f2e372532b
-	.dword	0xca273eceea26619c, 0xd186b8c721c0c207
-	.dword	0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178
-	.dword	0x06f067aa72176fba, 0x0a637dc5a2c898a6
-	.dword	0x113f9804bef90dae, 0x1b710b35131c471b
-	.dword	0x28db77f523047d84, 0x32caab7b40c72493
-	.dword	0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c
-	.dword	0x4cc5d4becb3e42b6, 0x597f299cfc657e2a
-	.dword	0x5fcb6fab3ad6faec, 0x6c44198c4a475817
-___
-}
-$code.=<<___;
-.asciiz	"SHA${label} for MIPS, CRYPTOGAMS by <appro\@openssl.org>"
-.align	5
-
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/sha/asm/sha512-parisc.pl b/crypto/sha/asm/sha512-parisc.pl
deleted file mode 100755
index fc0e15b3c0..0000000000
--- a/crypto/sha/asm/sha512-parisc.pl
+++ /dev/null
@@ -1,793 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# SHA256/512 block procedure for PA-RISC.
-
-# June 2009.
-#
-# SHA256 performance is >75% better than gcc 3.2 generated code on
-# PA-7100LC. Compared to code generated by vendor compiler this
-# implementation is almost 70% faster in 64-bit build, but delivers
-# virtually same performance in 32-bit build on PA-8600.
-#
-# SHA512 performance is >2.9x better than gcc 3.2 generated code on
-# PA-7100LC, PA-RISC 1.1 processor. Then implementation detects if the
-# code is executed on PA-RISC 2.0 processor and switches to 64-bit
-# code path delivering adequate peformance even in "blended" 32-bit
-# build. Though 64-bit code is not any faster than code generated by
-# vendor compiler on PA-8600...
-#
-# Special thanks to polarhome.com for providing HP-UX account.
-
-$flavour = shift;
-$output = shift;
-open STDOUT,">$output";
-
-if ($flavour =~ /64/) {
-	$LEVEL		="2.0W";
-	$SIZE_T		=8;
-	$FRAME_MARKER	=80;
-	$SAVED_RP	=16;
-	$PUSH		="std";
-	$PUSHMA		="std,ma";
-	$POP		="ldd";
-	$POPMB		="ldd,mb";
-} else {
-	$LEVEL		="1.0";
-	$SIZE_T		=4;
-	$FRAME_MARKER	=48;
-	$SAVED_RP	=20;
-	$PUSH		="stw";
-	$PUSHMA		="stwm";
-	$POP		="ldw";
-	$POPMB		="ldwm";
-}
-
-if ($output =~ /512/) {
-	$func="sha512_block_data_order";
-	$SZ=8;
-	@Sigma0=(28,34,39);
-	@Sigma1=(14,18,41);
-	@sigma0=(1,  8, 7);
-	@sigma1=(19,61, 6);
-	$rounds=80;
-	$LAST10BITS=0x017;
-	$LD="ldd";
-	$LDM="ldd,ma";
-	$ST="std";
-} else {
-	$func="sha256_block_data_order";
-	$SZ=4;
-	@Sigma0=( 2,13,22);
-	@Sigma1=( 6,11,25);
-	@sigma0=( 7,18, 3);
-	@sigma1=(17,19,10);
-	$rounds=64;
-	$LAST10BITS=0x0f2;
-	$LD="ldw";
-	$LDM="ldwm";
-	$ST="stw";
-}
-
-$FRAME=16*$SIZE_T+$FRAME_MARKER;# 16 saved regs + frame marker
-				#                 [+ argument transfer]
-$XOFF=16*$SZ+32;		# local variables
-$FRAME+=$XOFF;
-$XOFF+=$FRAME_MARKER;		# distance between %sp and local variables
-
-$ctx="%r26";	# zapped by $a0
-$inp="%r25";	# zapped by $a1
-$num="%r24";	# zapped by $t0
-
-$a0 ="%r26";
-$a1 ="%r25";
-$t0 ="%r24";
-$t1 ="%r29";
-$Tbl="%r31";
-
-@V=($A,$B,$C,$D,$E,$F,$G,$H)=("%r17","%r18","%r19","%r20","%r21","%r22","%r23","%r28");
-
-@X=("%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8",
-    "%r9", "%r10","%r11","%r12","%r13","%r14","%r15","%r16",$inp);
-
-sub ROUND_00_15 {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
-$code.=<<___;
-	_ror	$e,$Sigma1[0],$a0
-	and	$f,$e,$t0
-	_ror	$e,$Sigma1[1],$a1
-	addl	$t1,$h,$h
-	andcm	$g,$e,$t1
-	xor	$a1,$a0,$a0
-	_ror	$a1,`$Sigma1[2]-$Sigma1[1]`,$a1
-	or	$t0,$t1,$t1		; Ch(e,f,g)
-	addl	@X[$i%16],$h,$h
-	xor	$a0,$a1,$a1		; Sigma1(e)
-	addl	$t1,$h,$h
-	_ror	$a,$Sigma0[0],$a0
-	addl	$a1,$h,$h
-
-	_ror	$a,$Sigma0[1],$a1
-	and	$a,$b,$t0
-	and	$a,$c,$t1
-	xor	$a1,$a0,$a0
-	_ror	$a1,`$Sigma0[2]-$Sigma0[1]`,$a1
-	xor	$t1,$t0,$t0
-	and	$b,$c,$t1
-	xor	$a0,$a1,$a1		; Sigma0(a)
-	addl	$h,$d,$d
-	xor	$t1,$t0,$t0		; Maj(a,b,c)
-	`"$LDM	$SZ($Tbl),$t1" if ($i<15)`
-	addl	$a1,$h,$h
-	addl	$t0,$h,$h
-
-___
-}
-
-sub ROUND_16_xx {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
-$i-=16;
-$code.=<<___;
-	_ror	@X[($i+1)%16],$sigma0[0],$a0
-	_ror	@X[($i+1)%16],$sigma0[1],$a1
-	addl	@X[($i+9)%16],@X[$i],@X[$i]
-	_ror	@X[($i+14)%16],$sigma1[0],$t0
-	_ror	@X[($i+14)%16],$sigma1[1],$t1
-	xor	$a1,$a0,$a0
-	_shr	@X[($i+1)%16],$sigma0[2],$a1
-	xor	$t1,$t0,$t0
-	_shr	@X[($i+14)%16],$sigma1[2],$t1
-	xor	$a1,$a0,$a0		; sigma0(X[(i+1)&0x0f])
-	xor	$t1,$t0,$t0		; sigma1(X[(i+14)&0x0f])
-	$LDM	$SZ($Tbl),$t1
-	addl	$a0,@X[$i],@X[$i]
-	addl	$t0,@X[$i],@X[$i]
-___
-$code.=<<___ if ($i==15);
-	extru	$t1,31,10,$a1
-	comiclr,<> $LAST10BITS,$a1,%r0
-	ldo	1($Tbl),$Tbl		; signal end of $Tbl
-___
-&ROUND_00_15($i+16,$a,$b,$c,$d,$e,$f,$g,$h);
-}
-
-$code=<<___;
-	.LEVEL	$LEVEL
-	.SPACE	\$TEXT\$
-	.SUBSPA	\$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
-
-	.ALIGN	64
-L\$table
-___
-$code.=<<___ if ($SZ==8);
-	.WORD	0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd
-	.WORD	0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc
-	.WORD	0x3956c25b,0xf348b538,0x59f111f1,0xb605d019
-	.WORD	0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118
-	.WORD	0xd807aa98,0xa3030242,0x12835b01,0x45706fbe
-	.WORD	0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2
-	.WORD	0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1
-	.WORD	0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694
-	.WORD	0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3
-	.WORD	0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65
-	.WORD	0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483
-	.WORD	0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5
-	.WORD	0x983e5152,0xee66dfab,0xa831c66d,0x2db43210
-	.WORD	0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4
-	.WORD	0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725
-	.WORD	0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70
-	.WORD	0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926
-	.WORD	0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df
-	.WORD	0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8
-	.WORD	0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b
-	.WORD	0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001
-	.WORD	0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30
-	.WORD	0xd192e819,0xd6ef5218,0xd6990624,0x5565a910
-	.WORD	0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8
-	.WORD	0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53
-	.WORD	0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8
-	.WORD	0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb
-	.WORD	0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3
-	.WORD	0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60
-	.WORD	0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec
-	.WORD	0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9
-	.WORD	0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b
-	.WORD	0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207
-	.WORD	0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178
-	.WORD	0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6
-	.WORD	0x113f9804,0xbef90dae,0x1b710b35,0x131c471b
-	.WORD	0x28db77f5,0x23047d84,0x32caab7b,0x40c72493
-	.WORD	0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c
-	.WORD	0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a
-	.WORD	0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817
-___
-$code.=<<___ if ($SZ==4);
-	.WORD	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
-	.WORD	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
-	.WORD	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
-	.WORD	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-	.WORD	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
-	.WORD	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
-	.WORD	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-	.WORD	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
-	.WORD	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
-	.WORD	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
-	.WORD	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
-	.WORD	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
-	.WORD	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
-	.WORD	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
-	.WORD	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
-	.WORD	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-___
-$code.=<<___;
-
-	.EXPORT	$func,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
-	.ALIGN	64
-$func
-	.PROC
-	.CALLINFO	FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
-	.ENTRY
-	$PUSH	%r2,-$SAVED_RP(%sp)	; standard prologue
-	$PUSHMA	%r3,$FRAME(%sp)
-	$PUSH	%r4,`-$FRAME+1*$SIZE_T`(%sp)
-	$PUSH	%r5,`-$FRAME+2*$SIZE_T`(%sp)
-	$PUSH	%r6,`-$FRAME+3*$SIZE_T`(%sp)
-	$PUSH	%r7,`-$FRAME+4*$SIZE_T`(%sp)
-	$PUSH	%r8,`-$FRAME+5*$SIZE_T`(%sp)
-	$PUSH	%r9,`-$FRAME+6*$SIZE_T`(%sp)
-	$PUSH	%r10,`-$FRAME+7*$SIZE_T`(%sp)
-	$PUSH	%r11,`-$FRAME+8*$SIZE_T`(%sp)
-	$PUSH	%r12,`-$FRAME+9*$SIZE_T`(%sp)
-	$PUSH	%r13,`-$FRAME+10*$SIZE_T`(%sp)
-	$PUSH	%r14,`-$FRAME+11*$SIZE_T`(%sp)
-	$PUSH	%r15,`-$FRAME+12*$SIZE_T`(%sp)
-	$PUSH	%r16,`-$FRAME+13*$SIZE_T`(%sp)
-	$PUSH	%r17,`-$FRAME+14*$SIZE_T`(%sp)
-	$PUSH	%r18,`-$FRAME+15*$SIZE_T`(%sp)
-
-	_shl	$num,`log(16*$SZ)/log(2)`,$num
-	addl	$inp,$num,$num		; $num to point at the end of $inp
-
-	$PUSH	$num,`-$FRAME_MARKER-4*$SIZE_T`(%sp)	; save arguments
-	$PUSH	$inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp)
-	$PUSH	$ctx,`-$FRAME_MARKER-2*$SIZE_T`(%sp)
-
-	blr	%r0,$Tbl
-	ldi	3,$t1
-L\$pic
-	andcm	$Tbl,$t1,$Tbl		; wipe privilege level
-	ldo	L\$table-L\$pic($Tbl),$Tbl
-___
-$code.=<<___ if ($SZ==8 && $SIZE_T==4);
-	ldi	31,$t1
-	mtctl	$t1,%cr11
-	extrd,u,*= $t1,%sar,1,$t1	; executes on PA-RISC 1.0
-	b	L\$parisc1
-	nop
-___
-$code.=<<___;
-	$LD	`0*$SZ`($ctx),$A	; load context
-	$LD	`1*$SZ`($ctx),$B
-	$LD	`2*$SZ`($ctx),$C
-	$LD	`3*$SZ`($ctx),$D
-	$LD	`4*$SZ`($ctx),$E
-	$LD	`5*$SZ`($ctx),$F
-	$LD	`6*$SZ`($ctx),$G
-	$LD	`7*$SZ`($ctx),$H
-
-	extru	$inp,31,`log($SZ)/log(2)`,$t0
-	sh3addl	$t0,%r0,$t0
-	subi	`8*$SZ`,$t0,$t0
-	mtctl	$t0,%cr11		; load %sar with align factor
-
-L\$oop
-	ldi	`$SZ-1`,$t0
-	$LDM	$SZ($Tbl),$t1
-	andcm	$inp,$t0,$t0		; align $inp
-___
-	for ($i=0;$i<15;$i++) {		# load input block
-	$code.="\t$LD	`$SZ*$i`($t0),@X[$i]\n";		}
-$code.=<<___;
-	cmpb,*=	$inp,$t0,L\$aligned
-	$LD	`$SZ*15`($t0),@X[15]
-	$LD	`$SZ*16`($t0),@X[16]
-___
-	for ($i=0;$i<16;$i++) {		# align data
-	$code.="\t_align	@X[$i],@X[$i+1],@X[$i]\n";	}
-$code.=<<___;
-L\$aligned
-	nop	; otherwise /usr/ccs/bin/as is confused by below .WORD
-___
-
-for($i=0;$i<16;$i++)	{ &ROUND_00_15($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-L\$rounds
-	nop	; otherwise /usr/ccs/bin/as is confused by below .WORD
-___
-for(;$i<32;$i++)	{ &ROUND_16_xx($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	bb,>=	$Tbl,31,L\$rounds	; end of $Tbl signalled?
-	nop
-
-	$POP	`-$FRAME_MARKER-2*$SIZE_T`(%sp),$ctx	; restore arguments
-	$POP	`-$FRAME_MARKER-3*$SIZE_T`(%sp),$inp
-	$POP	`-$FRAME_MARKER-4*$SIZE_T`(%sp),$num
-	ldo	`-$rounds*$SZ-1`($Tbl),$Tbl		; rewind $Tbl
-
-	$LD	`0*$SZ`($ctx),@X[0]	; load context
-	$LD	`1*$SZ`($ctx),@X[1]
-	$LD	`2*$SZ`($ctx),@X[2]
-	$LD	`3*$SZ`($ctx),@X[3]
-	$LD	`4*$SZ`($ctx),@X[4]
-	$LD	`5*$SZ`($ctx),@X[5]
-	addl	@X[0],$A,$A
-	$LD	`6*$SZ`($ctx),@X[6]
-	addl	@X[1],$B,$B
-	$LD	`7*$SZ`($ctx),@X[7]
-	ldo	`16*$SZ`($inp),$inp	; advance $inp
-
-	$ST	$A,`0*$SZ`($ctx)	; save context
-	addl	@X[2],$C,$C
-	$ST	$B,`1*$SZ`($ctx)
-	addl	@X[3],$D,$D
-	$ST	$C,`2*$SZ`($ctx)
-	addl	@X[4],$E,$E
-	$ST	$D,`3*$SZ`($ctx)
-	addl	@X[5],$F,$F
-	$ST	$E,`4*$SZ`($ctx)
-	addl	@X[6],$G,$G
-	$ST	$F,`5*$SZ`($ctx)
-	addl	@X[7],$H,$H
-	$ST	$G,`6*$SZ`($ctx)
-	$ST	$H,`7*$SZ`($ctx)
-
-	cmpb,*<>,n $inp,$num,L\$oop
-	$PUSH	$inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp)	; save $inp
-___
-if ($SZ==8 && $SIZE_T==4)	# SHA512 for 32-bit PA-RISC 1.0
-{{
-$code.=<<___;
-	b	L\$done
-	nop
-
-	.ALIGN	64
-L\$parisc1
-___
-
-@V=(  $Ahi,  $Alo,  $Bhi,  $Blo,  $Chi,  $Clo,  $Dhi,  $Dlo,
-      $Ehi,  $Elo,  $Fhi,  $Flo,  $Ghi,  $Glo,  $Hhi,  $Hlo) = 
-   ( "%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8",
-     "%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16");
-$a0 ="%r17";
-$a1 ="%r18";
-$a2 ="%r19";
-$a3 ="%r20";
-$t0 ="%r21";
-$t1 ="%r22";
-$t2 ="%r28";
-$t3 ="%r29";
-$Tbl="%r31";
-
-@X=("%r23","%r24","%r25","%r26");	# zaps $num,$inp,$ctx
-
-sub ROUND_00_15_pa1 {
-my ($i,$ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo,
-       $ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo,$flag)=@_;
-my ($Xhi,$Xlo,$Xnhi,$Xnlo) = @X;
-
-$code.=<<___ if (!$flag);
-	ldw	`-$XOFF+8*(($i+1)%16)`(%sp),$Xnhi
-	ldw	`-$XOFF+8*(($i+1)%16)+4`(%sp),$Xnlo	; load X[i+1]
-___
-$code.=<<___;
-	shd	$ehi,$elo,$Sigma1[0],$t0
-	 add	$Xlo,$hlo,$hlo
-	shd	$elo,$ehi,$Sigma1[0],$t1
-	 addc	$Xhi,$hhi,$hhi		; h += X[i]
-	shd	$ehi,$elo,$Sigma1[1],$t2
-	 ldwm	8($Tbl),$Xhi
-	shd	$elo,$ehi,$Sigma1[1],$t3
-	 ldw	-4($Tbl),$Xlo		; load K[i]
-	xor	$t2,$t0,$t0
-	xor	$t3,$t1,$t1
-	 and	$flo,$elo,$a0
-	 and	$fhi,$ehi,$a1
-	shd	$ehi,$elo,$Sigma1[2],$t2
-	 andcm	$glo,$elo,$a2
-	shd	$elo,$ehi,$Sigma1[2],$t3
-	 andcm	$ghi,$ehi,$a3
-	xor	$t2,$t0,$t0
-	xor	$t3,$t1,$t1		; Sigma1(e)
-	add	$Xlo,$hlo,$hlo
-	 xor	$a2,$a0,$a0
-	addc	$Xhi,$hhi,$hhi		; h += K[i]
-	 xor	$a3,$a1,$a1		; Ch(e,f,g)
-
-	 add	$t0,$hlo,$hlo
-	shd	$ahi,$alo,$Sigma0[0],$t0
-	 addc	$t1,$hhi,$hhi		; h += Sigma1(e)
-	shd	$alo,$ahi,$Sigma0[0],$t1	
-	 add	$a0,$hlo,$hlo
-	shd	$ahi,$alo,$Sigma0[1],$t2
-	 addc	$a1,$hhi,$hhi		; h += Ch(e,f,g)
-	shd	$alo,$ahi,$Sigma0[1],$t3
-
-	xor	$t2,$t0,$t0
-	xor	$t3,$t1,$t1
-	shd	$ahi,$alo,$Sigma0[2],$t2
-	and	$alo,$blo,$a0
-	shd	$alo,$ahi,$Sigma0[2],$t3
-	and	$ahi,$bhi,$a1
-	xor	$t2,$t0,$t0
-	xor	$t3,$t1,$t1		; Sigma0(a)
-
-	and	$alo,$clo,$a2
-	and	$ahi,$chi,$a3
-	xor	$a2,$a0,$a0
-	 add	$hlo,$dlo,$dlo
-	xor	$a3,$a1,$a1
-	 addc	$hhi,$dhi,$dhi		; d += h
-	and	$blo,$clo,$a2
-	 add	$t0,$hlo,$hlo
-	and	$bhi,$chi,$a3
-	 addc	$t1,$hhi,$hhi		; h += Sigma0(a)
-	xor	$a2,$a0,$a0
-	 add	$a0,$hlo,$hlo
-	xor	$a3,$a1,$a1		; Maj(a,b,c)
-	 addc	$a1,$hhi,$hhi		; h += Maj(a,b,c)
-
-___
-$code.=<<___ if ($i==15 && $flag);
-	extru	$Xlo,31,10,$Xlo
-	comiclr,= $LAST10BITS,$Xlo,%r0
-	b	L\$rounds_pa1
-	nop
-___
-push(@X,shift(@X)); push(@X,shift(@X));
-}
-
-sub ROUND_16_xx_pa1 {
-my ($Xhi,$Xlo,$Xnhi,$Xnlo) = @X;
-my ($i)=shift;
-$i-=16;
-$code.=<<___;
-	ldw	`-$XOFF+8*(($i+1)%16)`(%sp),$Xnhi
-	ldw	`-$XOFF+8*(($i+1)%16)+4`(%sp),$Xnlo	; load X[i+1]
-	ldw	`-$XOFF+8*(($i+9)%16)`(%sp),$a1
-	ldw	`-$XOFF+8*(($i+9)%16)+4`(%sp),$a0	; load X[i+9]
-	ldw	`-$XOFF+8*(($i+14)%16)`(%sp),$a3
-	ldw	`-$XOFF+8*(($i+14)%16)+4`(%sp),$a2	; load X[i+14]
-	shd	$Xnhi,$Xnlo,$sigma0[0],$t0
-	shd	$Xnlo,$Xnhi,$sigma0[0],$t1
-	 add	$a0,$Xlo,$Xlo
-	shd	$Xnhi,$Xnlo,$sigma0[1],$t2
-	 addc	$a1,$Xhi,$Xhi
-	shd	$Xnlo,$Xnhi,$sigma0[1],$t3
-	xor	$t2,$t0,$t0
-	shd	$Xnhi,$Xnlo,$sigma0[2],$t2
-	xor	$t3,$t1,$t1
-	extru	$Xnhi,`31-$sigma0[2]`,`32-$sigma0[2]`,$t3
-	xor	$t2,$t0,$t0
-	 shd	$a3,$a2,$sigma1[0],$a0
-	xor	$t3,$t1,$t1		; sigma0(X[i+1)&0x0f])
-	 shd	$a2,$a3,$sigma1[0],$a1
-	add	$t0,$Xlo,$Xlo
-	 shd	$a3,$a2,$sigma1[1],$t2
-	addc	$t1,$Xhi,$Xhi
-	 shd	$a2,$a3,$sigma1[1],$t3
-	xor	$t2,$a0,$a0
-	shd	$a3,$a2,$sigma1[2],$t2
-	xor	$t3,$a1,$a1
-	extru	$a3,`31-$sigma1[2]`,`32-$sigma1[2]`,$t3
-	xor	$t2,$a0,$a0
-	xor	$t3,$a1,$a1		; sigma0(X[i+14)&0x0f])
-	add	$a0,$Xlo,$Xlo
-	addc	$a1,$Xhi,$Xhi
-
-	stw	$Xhi,`-$XOFF+8*($i%16)`(%sp)
-	stw	$Xlo,`-$XOFF+8*($i%16)+4`(%sp)
-___
-&ROUND_00_15_pa1($i,@_,1);
-}
-$code.=<<___;
-	ldw	`0*4`($ctx),$Ahi		; load context
-	ldw	`1*4`($ctx),$Alo
-	ldw	`2*4`($ctx),$Bhi
-	ldw	`3*4`($ctx),$Blo
-	ldw	`4*4`($ctx),$Chi
-	ldw	`5*4`($ctx),$Clo
-	ldw	`6*4`($ctx),$Dhi
-	ldw	`7*4`($ctx),$Dlo
-	ldw	`8*4`($ctx),$Ehi
-	ldw	`9*4`($ctx),$Elo
-	ldw	`10*4`($ctx),$Fhi
-	ldw	`11*4`($ctx),$Flo
-	ldw	`12*4`($ctx),$Ghi
-	ldw	`13*4`($ctx),$Glo
-	ldw	`14*4`($ctx),$Hhi
-	ldw	`15*4`($ctx),$Hlo
-
-	extru	$inp,31,2,$t0
-	sh3addl	$t0,%r0,$t0
-	subi	32,$t0,$t0
-	mtctl	$t0,%cr11		; load %sar with align factor
-
-L\$oop_pa1
-	extru	$inp,31,2,$a3
-	comib,=	0,$a3,L\$aligned_pa1
-	sub	$inp,$a3,$inp
-
-	ldw	`0*4`($inp),$X[0]
-	ldw	`1*4`($inp),$X[1]
-	ldw	`2*4`($inp),$t2
-	ldw	`3*4`($inp),$t3
-	ldw	`4*4`($inp),$a0
-	ldw	`5*4`($inp),$a1
-	ldw	`6*4`($inp),$a2
-	ldw	`7*4`($inp),$a3
-	vshd	$X[0],$X[1],$X[0]
-	vshd	$X[1],$t2,$X[1]
-	stw	$X[0],`-$XOFF+0*4`(%sp)
-	ldw	`8*4`($inp),$t0
-	vshd	$t2,$t3,$t2
-	stw	$X[1],`-$XOFF+1*4`(%sp)
-	ldw	`9*4`($inp),$t1
-	vshd	$t3,$a0,$t3
-___
-{
-my @t=($t2,$t3,$a0,$a1,$a2,$a3,$t0,$t1);
-for ($i=2;$i<=(128/4-8);$i++) {
-$code.=<<___;
-	stw	$t[0],`-$XOFF+$i*4`(%sp)
-	ldw	`(8+$i)*4`($inp),$t[0]
-	vshd	$t[1],$t[2],$t[1]
-___
-push(@t,shift(@t));
-}
-for (;$i<(128/4-1);$i++) {
-$code.=<<___;
-	stw	$t[0],`-$XOFF+$i*4`(%sp)
-	vshd	$t[1],$t[2],$t[1]
-___
-push(@t,shift(@t));
-}
-$code.=<<___;
-	b	L\$collected_pa1
-	stw	$t[0],`-$XOFF+$i*4`(%sp)
-
-___
-}
-$code.=<<___;
-L\$aligned_pa1
-	ldw	`0*4`($inp),$X[0]
-	ldw	`1*4`($inp),$X[1]
-	ldw	`2*4`($inp),$t2
-	ldw	`3*4`($inp),$t3
-	ldw	`4*4`($inp),$a0
-	ldw	`5*4`($inp),$a1
-	ldw	`6*4`($inp),$a2
-	ldw	`7*4`($inp),$a3
-	stw	$X[0],`-$XOFF+0*4`(%sp)
-	ldw	`8*4`($inp),$t0
-	stw	$X[1],`-$XOFF+1*4`(%sp)
-	ldw	`9*4`($inp),$t1
-___
-{
-my @t=($t2,$t3,$a0,$a1,$a2,$a3,$t0,$t1);
-for ($i=2;$i<(128/4-8);$i++) {
-$code.=<<___;
-	stw	$t[0],`-$XOFF+$i*4`(%sp)
-	ldw	`(8+$i)*4`($inp),$t[0]
-___
-push(@t,shift(@t));
-}
-for (;$i<128/4;$i++) {
-$code.=<<___;
-	stw	$t[0],`-$XOFF+$i*4`(%sp)
-___
-push(@t,shift(@t));
-}
-$code.="L\$collected_pa1\n";
-}
-
-for($i=0;$i<16;$i++)	{ &ROUND_00_15_pa1($i,@V); unshift(@V,pop(@V)); unshift(@V,pop(@V)); }
-$code.="L\$rounds_pa1\n";
-for(;$i<32;$i++)	{ &ROUND_16_xx_pa1($i,@V); unshift(@V,pop(@V)); unshift(@V,pop(@V)); }
-
-$code.=<<___;
-	$POP	`-$FRAME_MARKER-2*$SIZE_T`(%sp),$ctx	; restore arguments
-	$POP	`-$FRAME_MARKER-3*$SIZE_T`(%sp),$inp
-	$POP	`-$FRAME_MARKER-4*$SIZE_T`(%sp),$num
-	ldo	`-$rounds*$SZ`($Tbl),$Tbl		; rewind $Tbl
-
-	ldw	`0*4`($ctx),$t1		; update context
-	ldw	`1*4`($ctx),$t0
-	ldw	`2*4`($ctx),$t3
-	ldw	`3*4`($ctx),$t2
-	ldw	`4*4`($ctx),$a1
-	ldw	`5*4`($ctx),$a0
-	ldw	`6*4`($ctx),$a3
-	add	$t0,$Alo,$Alo
-	ldw	`7*4`($ctx),$a2
-	addc	$t1,$Ahi,$Ahi
-	ldw	`8*4`($ctx),$t1
-	add	$t2,$Blo,$Blo
-	ldw	`9*4`($ctx),$t0
-	addc	$t3,$Bhi,$Bhi
-	ldw	`10*4`($ctx),$t3
-	add	$a0,$Clo,$Clo
-	ldw	`11*4`($ctx),$t2
-	addc	$a1,$Chi,$Chi
-	ldw	`12*4`($ctx),$a1
-	add	$a2,$Dlo,$Dlo
-	ldw	`13*4`($ctx),$a0
-	addc	$a3,$Dhi,$Dhi
-	ldw	`14*4`($ctx),$a3
-	add	$t0,$Elo,$Elo
-	ldw	`15*4`($ctx),$a2
-	addc	$t1,$Ehi,$Ehi
-	stw	$Ahi,`0*4`($ctx)
-	add	$t2,$Flo,$Flo
-	stw	$Alo,`1*4`($ctx)
-	addc	$t3,$Fhi,$Fhi
-	stw	$Bhi,`2*4`($ctx)
-	add	$a0,$Glo,$Glo
-	stw	$Blo,`3*4`($ctx)
-	addc	$a1,$Ghi,$Ghi
-	stw	$Chi,`4*4`($ctx)
-	add	$a2,$Hlo,$Hlo
-	stw	$Clo,`5*4`($ctx)
-	addc	$a3,$Hhi,$Hhi
-	stw	$Dhi,`6*4`($ctx)
-	ldo	`16*$SZ`($inp),$inp	; advance $inp
-	stw	$Dlo,`7*4`($ctx)
-	stw	$Ehi,`8*4`($ctx)
-	stw	$Elo,`9*4`($ctx)
-	stw	$Fhi,`10*4`($ctx)
-	stw	$Flo,`11*4`($ctx)
-	stw	$Ghi,`12*4`($ctx)
-	stw	$Glo,`13*4`($ctx)
-	stw	$Hhi,`14*4`($ctx)
-	comb,=	$inp,$num,L\$done
-	stw	$Hlo,`15*4`($ctx)
-	b	L\$oop_pa1
-	$PUSH	$inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp)	; save $inp
-L\$done
-___
-}}
-$code.=<<___;
-	$POP	`-$FRAME-$SAVED_RP`(%sp),%r2		; standard epilogue
-	$POP	`-$FRAME+1*$SIZE_T`(%sp),%r4
-	$POP	`-$FRAME+2*$SIZE_T`(%sp),%r5
-	$POP	`-$FRAME+3*$SIZE_T`(%sp),%r6
-	$POP	`-$FRAME+4*$SIZE_T`(%sp),%r7
-	$POP	`-$FRAME+5*$SIZE_T`(%sp),%r8
-	$POP	`-$FRAME+6*$SIZE_T`(%sp),%r9
-	$POP	`-$FRAME+7*$SIZE_T`(%sp),%r10
-	$POP	`-$FRAME+8*$SIZE_T`(%sp),%r11
-	$POP	`-$FRAME+9*$SIZE_T`(%sp),%r12
-	$POP	`-$FRAME+10*$SIZE_T`(%sp),%r13
-	$POP	`-$FRAME+11*$SIZE_T`(%sp),%r14
-	$POP	`-$FRAME+12*$SIZE_T`(%sp),%r15
-	$POP	`-$FRAME+13*$SIZE_T`(%sp),%r16
-	$POP	`-$FRAME+14*$SIZE_T`(%sp),%r17
-	$POP	`-$FRAME+15*$SIZE_T`(%sp),%r18
-	bv	(%r2)
-	.EXIT
-	$POPMB	-$FRAME(%sp),%r3
-	.PROCEND
-	.STRINGZ "SHA`64*$SZ` block transform for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-# Explicitly encode PA-RISC 2.0 instructions used in this module, so
-# that it can be compiled with .LEVEL 1.0. It should be noted that I
-# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0
-# directive...
-
-my $ldd = sub {
-  my ($mod,$args) = @_;
-  my $orig = "ldd$mod\t$args";
-
-    if ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 3 suffices
-    {	my $opcode=(0x14<<26)|($2<<21)|($3<<16)|(($1&0x1FF8)<<1)|(($1>>13)&1);
-	$opcode|=(1<<3) if ($mod =~ /^,m/);
-	$opcode|=(1<<2) if ($mod =~ /^,mb/);
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-my $std = sub {
-  my ($mod,$args) = @_;
-  my $orig = "std$mod\t$args";
-
-    if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 3 suffices
-    {	my $opcode=(0x1c<<26)|($3<<21)|($1<<16)|(($2&0x1FF8)<<1)|(($2>>13)&1);
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-my $extrd = sub {
-  my ($mod,$args) = @_;
-  my $orig = "extrd$mod\t$args";
-
-    # I only have ",u" completer, it's implicitly encoded...
-    if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/)	# format 15
-    {	my $opcode=(0x36<<26)|($1<<21)|($4<<16);
-	my $len=32-$3;
-	$opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5);		# encode pos
-	$opcode |= (($len&0x20)<<7)|($len&0x1f);		# encode len
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/)	# format 12
-    {	my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9);
-	my $len=32-$2;
-	$opcode |= (($len&0x20)<<3)|($len&0x1f);		# encode len
-	$opcode |= (1<<13) if ($mod =~ /,\**=/);
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-my $shrpd = sub {
-  my ($mod,$args) = @_;
-  my $orig = "shrpd$mod\t$args";
-
-    if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/)	# format 14
-    {	my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4;
-	my $cpos=63-$3;
-	$opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5);		# encode sa
-	sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
-    }
-    elsif ($args =~ /%r([0-9]+),%r([0-9]+),%sar,%r([0-9]+)/)	# format 11
-    {	sprintf "\t.WORD\t0x%08x\t; %s",
-		(0x34<<26)|($2<<21)|($1<<16)|(1<<9)|$3,$orig;
-    }
-    else { "\t".$orig; }
-};
-
-sub assemble {
-  my ($mnemonic,$mod,$args)=@_;
-  my $opcode = eval("\$$mnemonic");
-
-    ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
-}
-
-foreach (split("\n",$code)) {
-	s/\`([^\`]*)\`/eval $1/ge;
-
-	s/shd\s+(%r[0-9]+),(%r[0-9]+),([0-9]+)/
-		$3>31 ? sprintf("shd\t%$2,%$1,%d",$3-32)	# rotation for >=32
-		:       sprintf("shd\t%$1,%$2,%d",$3)/e			or
-	# translate made up instructons: _ror, _shr, _align, _shl
-	s/_ror(\s+)(%r[0-9]+),/
-		($SZ==4 ? "shd" : "shrpd")."$1$2,$2,"/e			or
-
-	s/_shr(\s+%r[0-9]+),([0-9]+),/
-		$SZ==4 ? sprintf("extru%s,%d,%d,",$1,31-$2,32-$2)
-		:        sprintf("extrd,u%s,%d,%d,",$1,63-$2,64-$2)/e	or
-
-	s/_align(\s+%r[0-9]+,%r[0-9]+),/
-		($SZ==4 ? "vshd$1," : "shrpd$1,%sar,")/e		or
-
-	s/_shl(\s+%r[0-9]+),([0-9]+),/
-		$SIZE_T==4 ? sprintf("zdep%s,%d,%d,",$1,31-$2,32-$2)
-		:            sprintf("depd,z%s,%d,%d,",$1,63-$2,64-$2)/e;
-
-	s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($SIZE_T==4);
-
-	s/cmpb,\*/comb,/ if ($SIZE_T==4);
-
-	s/\bbv\b/bve/    if ($SIZE_T==8);
-
-	print $_,"\n";
-}
-
-close STDOUT;
diff --git a/crypto/sha/asm/sha512-ppc.pl b/crypto/sha/asm/sha512-ppc.pl
deleted file mode 100755
index 6b44a68e59..0000000000
--- a/crypto/sha/asm/sha512-ppc.pl
+++ /dev/null
@@ -1,460 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# I let hardware handle unaligned input, except on page boundaries
-# (see below for details). Otherwise straightforward implementation
-# with X vector in register bank. The module is big-endian [which is
-# not big deal as there're no little-endian targets left around].
-
-#			sha256		|	sha512
-# 			-m64	-m32	|	-m64	-m32
-# --------------------------------------+-----------------------
-# PPC970,gcc-4.0.0	+50%	+38%	|	+40%	+410%(*)
-# Power6,xlc-7		+150%	+90%	|	+100%	+430%(*)
-#
-# (*)	64-bit code in 32-bit application context, which actually is
-#	on TODO list. It should be noted that for safe deployment in
-#	32-bit *mutli-threaded* context asyncronous signals should be
-#	blocked upon entry to SHA512 block routine. This is because
-#	32-bit signaling procedure invalidates upper halves of GPRs.
-#	Context switch procedure preserves them, but not signaling:-(
-
-# Second version is true multi-thread safe. Trouble with the original
-# version was that it was using thread local storage pointer register.
-# Well, it scrupulously preserved it, but the problem would arise the
-# moment asynchronous signal was delivered and signal handler would
-# dereference the TLS pointer. While it's never the case in openssl
-# application or test suite, we have to respect this scenario and not
-# use TLS pointer register. Alternative would be to require caller to
-# block signals prior calling this routine. For the record, in 32-bit
-# context R2 serves as TLS pointer, while in 64-bit context - R13.
-
-$flavour=shift;
-$output =shift;
-
-if ($flavour =~ /64/) {
-	$SIZE_T=8;
-	$LRSAVE=2*$SIZE_T;
-	$STU="stdu";
-	$UCMP="cmpld";
-	$SHL="sldi";
-	$POP="ld";
-	$PUSH="std";
-} elsif ($flavour =~ /32/) {
-	$SIZE_T=4;
-	$LRSAVE=$SIZE_T;
-	$STU="stwu";
-	$UCMP="cmplw";
-	$SHL="slwi";
-	$POP="lwz";
-	$PUSH="stw";
-} else { die "nonsense $flavour"; }
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
-die "can't locate ppc-xlate.pl";
-
-open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
-
-if ($output =~ /512/) {
-	$func="sha512_block_data_order";
-	$SZ=8;
-	@Sigma0=(28,34,39);
-	@Sigma1=(14,18,41);
-	@sigma0=(1,  8, 7);
-	@sigma1=(19,61, 6);
-	$rounds=80;
-	$LD="ld";
-	$ST="std";
-	$ROR="rotrdi";
-	$SHR="srdi";
-} else {
-	$func="sha256_block_data_order";
-	$SZ=4;
-	@Sigma0=( 2,13,22);
-	@Sigma1=( 6,11,25);
-	@sigma0=( 7,18, 3);
-	@sigma1=(17,19,10);
-	$rounds=64;
-	$LD="lwz";
-	$ST="stw";
-	$ROR="rotrwi";
-	$SHR="srwi";
-}
-
-$FRAME=32*$SIZE_T+16*$SZ;
-$LOCALS=6*$SIZE_T;
-
-$sp ="r1";
-$toc="r2";
-$ctx="r3";	# zapped by $a0
-$inp="r4";	# zapped by $a1
-$num="r5";	# zapped by $t0
-
-$T  ="r0";
-$a0 ="r3";
-$a1 ="r4";
-$t0 ="r5";
-$t1 ="r6";
-$Tbl="r7";
-
-$A  ="r8";
-$B  ="r9";
-$C  ="r10";
-$D  ="r11";
-$E  ="r12";
-$F  ="r13";	$F="r2" if ($SIZE_T==8);# reassigned to exempt TLS pointer
-$G  ="r14";
-$H  ="r15";
-
-@V=($A,$B,$C,$D,$E,$F,$G,$H);
-@X=("r16","r17","r18","r19","r20","r21","r22","r23",
-    "r24","r25","r26","r27","r28","r29","r30","r31");
-
-$inp="r31";	# reassigned $inp! aliases with @X[15]
-
-sub ROUND_00_15 {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
-$code.=<<___;
-	$LD	$T,`$i*$SZ`($Tbl)
-	$ROR	$a0,$e,$Sigma1[0]
-	$ROR	$a1,$e,$Sigma1[1]
-	and	$t0,$f,$e
-	andc	$t1,$g,$e
-	add	$T,$T,$h
-	xor	$a0,$a0,$a1
-	$ROR	$a1,$a1,`$Sigma1[2]-$Sigma1[1]`
-	or	$t0,$t0,$t1		; Ch(e,f,g)
-	add	$T,$T,@X[$i]
-	xor	$a0,$a0,$a1		; Sigma1(e)
-	add	$T,$T,$t0
-	add	$T,$T,$a0
-
-	$ROR	$a0,$a,$Sigma0[0]
-	$ROR	$a1,$a,$Sigma0[1]
-	and	$t0,$a,$b
-	and	$t1,$a,$c
-	xor	$a0,$a0,$a1
-	$ROR	$a1,$a1,`$Sigma0[2]-$Sigma0[1]`
-	xor	$t0,$t0,$t1
-	and	$t1,$b,$c
-	xor	$a0,$a0,$a1		; Sigma0(a)
-	add	$d,$d,$T
-	xor	$t0,$t0,$t1		; Maj(a,b,c)
-	add	$h,$T,$a0
-	add	$h,$h,$t0
-
-___
-}
-
-sub ROUND_16_xx {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
-$i-=16;
-$code.=<<___;
-	$ROR	$a0,@X[($i+1)%16],$sigma0[0]
-	$ROR	$a1,@X[($i+1)%16],$sigma0[1]
-	$ROR	$t0,@X[($i+14)%16],$sigma1[0]
-	$ROR	$t1,@X[($i+14)%16],$sigma1[1]
-	xor	$a0,$a0,$a1
-	$SHR	$a1,@X[($i+1)%16],$sigma0[2]
-	xor	$t0,$t0,$t1
-	$SHR	$t1,@X[($i+14)%16],$sigma1[2]
-	add	@X[$i],@X[$i],@X[($i+9)%16]
-	xor	$a0,$a0,$a1		; sigma0(X[(i+1)&0x0f])
-	xor	$t0,$t0,$t1		; sigma1(X[(i+14)&0x0f])
-	add	@X[$i],@X[$i],$a0
-	add	@X[$i],@X[$i],$t0
-___
-&ROUND_00_15($i,$a,$b,$c,$d,$e,$f,$g,$h);
-}
-
-$code=<<___;
-.machine	"any"
-.text
-
-.globl	$func
-.align	6
-$func:
-	$STU	$sp,-$FRAME($sp)
-	mflr	r0
-	$SHL	$num,$num,`log(16*$SZ)/log(2)`
-
-	$PUSH	$ctx,`$FRAME-$SIZE_T*22`($sp)
-
-	$PUSH	$toc,`$FRAME-$SIZE_T*20`($sp)
-	$PUSH	r13,`$FRAME-$SIZE_T*19`($sp)
-	$PUSH	r14,`$FRAME-$SIZE_T*18`($sp)
-	$PUSH	r15,`$FRAME-$SIZE_T*17`($sp)
-	$PUSH	r16,`$FRAME-$SIZE_T*16`($sp)
-	$PUSH	r17,`$FRAME-$SIZE_T*15`($sp)
-	$PUSH	r18,`$FRAME-$SIZE_T*14`($sp)
-	$PUSH	r19,`$FRAME-$SIZE_T*13`($sp)
-	$PUSH	r20,`$FRAME-$SIZE_T*12`($sp)
-	$PUSH	r21,`$FRAME-$SIZE_T*11`($sp)
-	$PUSH	r22,`$FRAME-$SIZE_T*10`($sp)
-	$PUSH	r23,`$FRAME-$SIZE_T*9`($sp)
-	$PUSH	r24,`$FRAME-$SIZE_T*8`($sp)
-	$PUSH	r25,`$FRAME-$SIZE_T*7`($sp)
-	$PUSH	r26,`$FRAME-$SIZE_T*6`($sp)
-	$PUSH	r27,`$FRAME-$SIZE_T*5`($sp)
-	$PUSH	r28,`$FRAME-$SIZE_T*4`($sp)
-	$PUSH	r29,`$FRAME-$SIZE_T*3`($sp)
-	$PUSH	r30,`$FRAME-$SIZE_T*2`($sp)
-	$PUSH	r31,`$FRAME-$SIZE_T*1`($sp)
-	$PUSH	r0,`$FRAME+$LRSAVE`($sp)
-
-	$LD	$A,`0*$SZ`($ctx)
-	mr	$inp,r4				; incarnate $inp
-	$LD	$B,`1*$SZ`($ctx)
-	$LD	$C,`2*$SZ`($ctx)
-	$LD	$D,`3*$SZ`($ctx)
-	$LD	$E,`4*$SZ`($ctx)
-	$LD	$F,`5*$SZ`($ctx)
-	$LD	$G,`6*$SZ`($ctx)
-	$LD	$H,`7*$SZ`($ctx)
-
-	bl	LPICmeup
-LPICedup:
-	andi.	r0,$inp,3
-	bne	Lunaligned
-Laligned:
-	add	$num,$inp,$num
-	$PUSH	$num,`$FRAME-$SIZE_T*24`($sp)	; end pointer
-	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
-	bl	Lsha2_block_private
-	b	Ldone
-
-; PowerPC specification allows an implementation to be ill-behaved
-; upon unaligned access which crosses page boundary. "Better safe
-; than sorry" principle makes me treat it specially. But I don't
-; look for particular offending word, but rather for the input
-; block which crosses the boundary. Once found that block is aligned
-; and hashed separately...
-.align	4
-Lunaligned:
-	subfic	$t1,$inp,4096
-	andi.	$t1,$t1,`4096-16*$SZ`	; distance to closest page boundary
-	beq	Lcross_page
-	$UCMP	$num,$t1
-	ble-	Laligned		; didn't cross the page boundary
-	subfc	$num,$t1,$num
-	add	$t1,$inp,$t1
-	$PUSH	$num,`$FRAME-$SIZE_T*25`($sp)	; save real remaining num
-	$PUSH	$t1,`$FRAME-$SIZE_T*24`($sp)	; intermediate end pointer
-	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
-	bl	Lsha2_block_private
-	; $inp equals to the intermediate end pointer here
-	$POP	$num,`$FRAME-$SIZE_T*25`($sp)	; restore real remaining num
-Lcross_page:
-	li	$t1,`16*$SZ/4`
-	mtctr	$t1
-	addi	r20,$sp,$LOCALS			; aligned spot below the frame
-Lmemcpy:
-	lbz	r16,0($inp)
-	lbz	r17,1($inp)
-	lbz	r18,2($inp)
-	lbz	r19,3($inp)
-	addi	$inp,$inp,4
-	stb	r16,0(r20)
-	stb	r17,1(r20)
-	stb	r18,2(r20)
-	stb	r19,3(r20)
-	addi	r20,r20,4
-	bdnz	Lmemcpy
-
-	$PUSH	$inp,`$FRAME-$SIZE_T*26`($sp)	; save real inp
-	addi	$t1,$sp,`$LOCALS+16*$SZ`	; fictitious end pointer
-	addi	$inp,$sp,$LOCALS		; fictitious inp pointer
-	$PUSH	$num,`$FRAME-$SIZE_T*25`($sp)	; save real num
-	$PUSH	$t1,`$FRAME-$SIZE_T*24`($sp)	; end pointer
-	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
-	bl	Lsha2_block_private
-	$POP	$inp,`$FRAME-$SIZE_T*26`($sp)	; restore real inp
-	$POP	$num,`$FRAME-$SIZE_T*25`($sp)	; restore real num
-	addic.	$num,$num,`-16*$SZ`		; num--
-	bne-	Lunaligned
-
-Ldone:
-	$POP	r0,`$FRAME+$LRSAVE`($sp)
-	$POP	$toc,`$FRAME-$SIZE_T*20`($sp)
-	$POP	r13,`$FRAME-$SIZE_T*19`($sp)
-	$POP	r14,`$FRAME-$SIZE_T*18`($sp)
-	$POP	r15,`$FRAME-$SIZE_T*17`($sp)
-	$POP	r16,`$FRAME-$SIZE_T*16`($sp)
-	$POP	r17,`$FRAME-$SIZE_T*15`($sp)
-	$POP	r18,`$FRAME-$SIZE_T*14`($sp)
-	$POP	r19,`$FRAME-$SIZE_T*13`($sp)
-	$POP	r20,`$FRAME-$SIZE_T*12`($sp)
-	$POP	r21,`$FRAME-$SIZE_T*11`($sp)
-	$POP	r22,`$FRAME-$SIZE_T*10`($sp)
-	$POP	r23,`$FRAME-$SIZE_T*9`($sp)
-	$POP	r24,`$FRAME-$SIZE_T*8`($sp)
-	$POP	r25,`$FRAME-$SIZE_T*7`($sp)
-	$POP	r26,`$FRAME-$SIZE_T*6`($sp)
-	$POP	r27,`$FRAME-$SIZE_T*5`($sp)
-	$POP	r28,`$FRAME-$SIZE_T*4`($sp)
-	$POP	r29,`$FRAME-$SIZE_T*3`($sp)
-	$POP	r30,`$FRAME-$SIZE_T*2`($sp)
-	$POP	r31,`$FRAME-$SIZE_T*1`($sp)
-	mtlr	r0
-	addi	$sp,$sp,$FRAME
-	blr
-	.long	0
-	.byte	0,12,4,1,0x80,18,3,0
-	.long	0
-
-.align	4
-Lsha2_block_private:
-___
-for($i=0;$i<16;$i++) {
-$code.=<<___ if ($SZ==4);
-	lwz	@X[$i],`$i*$SZ`($inp)
-___
-# 64-bit loads are split to 2x32-bit ones, as CPU can't handle
-# unaligned 64-bit loads, only 32-bit ones...
-$code.=<<___ if ($SZ==8);
-	lwz	$t0,`$i*$SZ`($inp)
-	lwz	@X[$i],`$i*$SZ+4`($inp)
-	insrdi	@X[$i],$t0,32,0
-___
-	&ROUND_00_15($i,@V);
-	unshift(@V,pop(@V));
-}
-$code.=<<___;
-	li	$T,`$rounds/16-1`
-	mtctr	$T
-.align	4
-Lrounds:
-	addi	$Tbl,$Tbl,`16*$SZ`
-___
-for(;$i<32;$i++) {
-	&ROUND_16_xx($i,@V);
-	unshift(@V,pop(@V));
-}
-$code.=<<___;
-	bdnz-	Lrounds
-
-	$POP	$ctx,`$FRAME-$SIZE_T*22`($sp)
-	$POP	$inp,`$FRAME-$SIZE_T*23`($sp)	; inp pointer
-	$POP	$num,`$FRAME-$SIZE_T*24`($sp)	; end pointer
-	subi	$Tbl,$Tbl,`($rounds-16)*$SZ`	; rewind Tbl
-
-	$LD	r16,`0*$SZ`($ctx)
-	$LD	r17,`1*$SZ`($ctx)
-	$LD	r18,`2*$SZ`($ctx)
-	$LD	r19,`3*$SZ`($ctx)
-	$LD	r20,`4*$SZ`($ctx)
-	$LD	r21,`5*$SZ`($ctx)
-	$LD	r22,`6*$SZ`($ctx)
-	addi	$inp,$inp,`16*$SZ`		; advance inp
-	$LD	r23,`7*$SZ`($ctx)
-	add	$A,$A,r16
-	add	$B,$B,r17
-	$PUSH	$inp,`$FRAME-$SIZE_T*23`($sp)
-	add	$C,$C,r18
-	$ST	$A,`0*$SZ`($ctx)
-	add	$D,$D,r19
-	$ST	$B,`1*$SZ`($ctx)
-	add	$E,$E,r20
-	$ST	$C,`2*$SZ`($ctx)
-	add	$F,$F,r21
-	$ST	$D,`3*$SZ`($ctx)
-	add	$G,$G,r22
-	$ST	$E,`4*$SZ`($ctx)
-	add	$H,$H,r23
-	$ST	$F,`5*$SZ`($ctx)
-	$ST	$G,`6*$SZ`($ctx)
-	$UCMP	$inp,$num
-	$ST	$H,`7*$SZ`($ctx)
-	bne	Lsha2_block_private
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-___
-
-# Ugly hack here, because PPC assembler syntax seem to vary too
-# much from platforms to platform...
-$code.=<<___;
-.align	6
-LPICmeup:
-	mflr	r0
-	bcl	20,31,\$+4
-	mflr	$Tbl	; vvvvvv "distance" between . and 1st data entry
-	addi	$Tbl,$Tbl,`64-8`
-	mtlr	r0
-	blr
-	.long	0
-	.byte	0,12,0x14,0,0,0,0,0
-	.space	`64-9*4`
-___
-$code.=<<___ if ($SZ==8);
-	.long	0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd
-	.long	0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc
-	.long	0x3956c25b,0xf348b538,0x59f111f1,0xb605d019
-	.long	0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118
-	.long	0xd807aa98,0xa3030242,0x12835b01,0x45706fbe
-	.long	0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2
-	.long	0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1
-	.long	0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694
-	.long	0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3
-	.long	0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65
-	.long	0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483
-	.long	0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5
-	.long	0x983e5152,0xee66dfab,0xa831c66d,0x2db43210
-	.long	0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4
-	.long	0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725
-	.long	0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70
-	.long	0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926
-	.long	0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df
-	.long	0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8
-	.long	0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b
-	.long	0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001
-	.long	0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30
-	.long	0xd192e819,0xd6ef5218,0xd6990624,0x5565a910
-	.long	0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8
-	.long	0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53
-	.long	0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8
-	.long	0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb
-	.long	0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3
-	.long	0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60
-	.long	0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec
-	.long	0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9
-	.long	0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b
-	.long	0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207
-	.long	0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178
-	.long	0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6
-	.long	0x113f9804,0xbef90dae,0x1b710b35,0x131c471b
-	.long	0x28db77f5,0x23047d84,0x32caab7b,0x40c72493
-	.long	0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c
-	.long	0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a
-	.long	0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817
-___
-$code.=<<___ if ($SZ==4);
-	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
-	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
-	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
-	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
-	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
-	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
-	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
-	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
-	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
-	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
-	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
-	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
-	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
-	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/sha/asm/sha512-s390x.pl b/crypto/sha/asm/sha512-s390x.pl
deleted file mode 100644
index 079a3fc78a..0000000000
--- a/crypto/sha/asm/sha512-s390x.pl
+++ /dev/null
@@ -1,322 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# SHA256/512 block procedures for s390x.
-
-# April 2007.
-#
-# sha256_block_data_order is reportedly >3 times faster than gcc 3.3
-# generated code (must be a bug in compiler, as improvement is
-# "pathologically" high, in particular in comparison to other SHA
-# modules). But the real twist is that it detects if hardware support
-# for SHA256 is available and in such case utilizes it. Then the
-# performance can reach >6.5x of assembler one for larger chunks.
-#
-# sha512_block_data_order is ~70% faster than gcc 3.3 generated code.
-
-# January 2009.
-#
-# Add support for hardware SHA512 and reschedule instructions to
-# favour dual-issue z10 pipeline. Hardware SHA256/512 is ~4.7x faster
-# than software.
-
-# November 2010.
-#
-# Adapt for -m31 build. If kernel supports what's called "highgprs"
-# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
-# instructions and achieve "64-bit" performance even in 31-bit legacy
-# application context. The feature is not specific to any particular
-# processor, as long as it's "z-CPU". Latter implies that the code
-# remains z/Architecture specific. On z900 SHA256 was measured to
-# perform 2.4x and SHA512 - 13x better than code generated by gcc 4.3.
-
-$flavour = shift;
-
-if ($flavour =~ /3[12]/) {
-	$SIZE_T=4;
-	$g="";
-} else {
-	$SIZE_T=8;
-	$g="g";
-}
-
-$t0="%r0";
-$t1="%r1";
-$ctx="%r2";	$t2="%r2";
-$inp="%r3";
-$len="%r4";	# used as index in inner loop
-
-$A="%r5";
-$B="%r6";
-$C="%r7";
-$D="%r8";
-$E="%r9";
-$F="%r10";
-$G="%r11";
-$H="%r12";	@V=($A,$B,$C,$D,$E,$F,$G,$H);
-$tbl="%r13";
-$T1="%r14";
-$sp="%r15";
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-open STDOUT,">$output";
-
-if ($output =~ /512/) {
-	$label="512";
-	$SZ=8;
-	$LD="lg";	# load from memory
-	$ST="stg";	# store to memory
-	$ADD="alg";	# add with memory operand
-	$ROT="rllg";	# rotate left
-	$SHR="srlg";	# logical right shift [see even at the end]
-	@Sigma0=(25,30,36);
-	@Sigma1=(23,46,50);
-	@sigma0=(56,63, 7);
-	@sigma1=( 3,45, 6);
-	$rounds=80;
-	$kimdfunc=3;	# 0 means unknown/unsupported/unimplemented/disabled
-} else {
-	$label="256";
-	$SZ=4;
-	$LD="llgf";	# load from memory
-	$ST="st";	# store to memory
-	$ADD="al";	# add with memory operand
-	$ROT="rll";	# rotate left
-	$SHR="srl";	# logical right shift
-	@Sigma0=(10,19,30);
-	@Sigma1=( 7,21,26);
-	@sigma0=(14,25, 3);
-	@sigma1=(13,15,10);
-	$rounds=64;
-	$kimdfunc=2;	# magic function code for kimd instruction
-}
-$Func="sha${label}_block_data_order";
-$Table="K${label}";
-$stdframe=16*$SIZE_T+4*8;
-$frame=$stdframe+16*$SZ;
-
-sub BODY_00_15 {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
-
-$code.=<<___ if ($i<16);
-	$LD	$T1,`$i*$SZ`($inp)	### $i
-___
-$code.=<<___;
-	$ROT	$t0,$e,$Sigma1[0]
-	$ROT	$t1,$e,$Sigma1[1]
-	 lgr	$t2,$f
-	xgr	$t0,$t1
-	$ROT	$t1,$t1,`$Sigma1[2]-$Sigma1[1]`
-	 xgr	$t2,$g
-	$ST	$T1,`$stdframe+$SZ*($i%16)`($sp)
-	xgr	$t0,$t1			# Sigma1(e)
-	algr	$T1,$h			# T1+=h
-	 ngr	$t2,$e
-	 lgr	$t1,$a
-	algr	$T1,$t0			# T1+=Sigma1(e)
-	$ROT	$h,$a,$Sigma0[0]
-	 xgr	$t2,$g			# Ch(e,f,g)
-	$ADD	$T1,`$i*$SZ`($len,$tbl)	# T1+=K[i]
-	$ROT	$t0,$a,$Sigma0[1]
-	algr	$T1,$t2			# T1+=Ch(e,f,g)
-	 ogr	$t1,$b
-	xgr	$h,$t0
-	 lgr	$t2,$a
-	 ngr	$t1,$c
-	$ROT	$t0,$t0,`$Sigma0[2]-$Sigma0[1]`
-	xgr	$h,$t0			# h=Sigma0(a)
-	 ngr	$t2,$b
-	algr	$h,$T1			# h+=T1
-	 ogr	$t2,$t1			# Maj(a,b,c)
-	algr	$d,$T1			# d+=T1
-	algr	$h,$t2			# h+=Maj(a,b,c)
-___
-}
-
-sub BODY_16_XX {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
-
-$code.=<<___;
-	$LD	$T1,`$stdframe+$SZ*(($i+1)%16)`($sp)	### $i
-	$LD	$t1,`$stdframe+$SZ*(($i+14)%16)`($sp)
-	$ROT	$t0,$T1,$sigma0[0]
-	$SHR	$T1,$sigma0[2]
-	$ROT	$t2,$t0,`$sigma0[1]-$sigma0[0]`
-	xgr	$T1,$t0
-	$ROT	$t0,$t1,$sigma1[0]
-	xgr	$T1,$t2					# sigma0(X[i+1])
-	$SHR	$t1,$sigma1[2]
-	$ADD	$T1,`$stdframe+$SZ*($i%16)`($sp)	# +=X[i]
-	xgr	$t1,$t0
-	$ROT	$t0,$t0,`$sigma1[1]-$sigma1[0]`
-	$ADD	$T1,`$stdframe+$SZ*(($i+9)%16)`($sp)	# +=X[i+9]
-	xgr	$t1,$t0				# sigma1(X[i+14])
-	algr	$T1,$t1				# +=sigma1(X[i+14])
-___
-	&BODY_00_15(@_);
-}
-
-$code.=<<___;
-.text
-.align	64
-.type	$Table,\@object
-$Table:
-___
-$code.=<<___ if ($SZ==4);
-	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
-	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
-	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
-	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
-	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
-	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
-	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
-	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
-	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
-	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
-	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
-	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
-	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
-	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-___
-$code.=<<___ if ($SZ==8);
-	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
-	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
-	.quad	0x3956c25bf348b538,0x59f111f1b605d019
-	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
-	.quad	0xd807aa98a3030242,0x12835b0145706fbe
-	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
-	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
-	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
-	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
-	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
-	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
-	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
-	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
-	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
-	.quad	0x06ca6351e003826f,0x142929670a0e6e70
-	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
-	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
-	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
-	.quad	0x81c2c92e47edaee6,0x92722c851482353b
-	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
-	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
-	.quad	0xd192e819d6ef5218,0xd69906245565a910
-	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
-	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
-	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
-	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
-	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
-	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
-	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
-	.quad	0x90befffa23631e28,0xa4506cebde82bde9
-	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
-	.quad	0xca273eceea26619c,0xd186b8c721c0c207
-	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
-	.quad	0x113f9804bef90dae,0x1b710b35131c471b
-	.quad	0x28db77f523047d84,0x32caab7b40c72493
-	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
-	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
-	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
-___
-$code.=<<___;
-.size	$Table,.-$Table
-.globl	$Func
-.type	$Func,\@function
-$Func:
-	sllg	$len,$len,`log(16*$SZ)/log(2)`
-___
-$code.=<<___ if ($kimdfunc);
-	larl	%r1,OPENSSL_s390xcap_P
-	lg	%r0,0(%r1)
-	tmhl	%r0,0x4000	# check for message-security assist
-	jz	.Lsoftware
-	lghi	%r0,0
-	la	%r1,`2*$SIZE_T`($sp)
-	.long	0xb93e0002	# kimd %r0,%r2
-	lg	%r0,`2*$SIZE_T`($sp)
-	tmhh	%r0,`0x8000>>$kimdfunc`
-	jz	.Lsoftware
-	lghi	%r0,$kimdfunc
-	lgr	%r1,$ctx
-	lgr	%r2,$inp
-	lgr	%r3,$len
-	.long	0xb93e0002	# kimd %r0,%r2
-	brc	1,.-4		# pay attention to "partial completion"
-	br	%r14
-.align	16
-.Lsoftware:
-___
-$code.=<<___;
-	lghi	%r1,-$frame
-	la	$len,0($len,$inp)
-	stm${g}	$ctx,%r15,`2*$SIZE_T`($sp)
-	lgr	%r0,$sp
-	la	$sp,0(%r1,$sp)
-	st${g}	%r0,0($sp)
-
-	larl	$tbl,$Table
-	$LD	$A,`0*$SZ`($ctx)
-	$LD	$B,`1*$SZ`($ctx)
-	$LD	$C,`2*$SZ`($ctx)
-	$LD	$D,`3*$SZ`($ctx)
-	$LD	$E,`4*$SZ`($ctx)
-	$LD	$F,`5*$SZ`($ctx)
-	$LD	$G,`6*$SZ`($ctx)
-	$LD	$H,`7*$SZ`($ctx)
-
-.Lloop:
-	lghi	$len,0
-___
-for ($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
-$code.=".Lrounds_16_xx:\n";
-for (;$i<32;$i++)	{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	aghi	$len,`16*$SZ`
-	lghi	$t0,`($rounds-16)*$SZ`
-	clgr	$len,$t0
-	jne	.Lrounds_16_xx
-
-	l${g}	$ctx,`$frame+2*$SIZE_T`($sp)
-	la	$inp,`16*$SZ`($inp)
-	$ADD	$A,`0*$SZ`($ctx)
-	$ADD	$B,`1*$SZ`($ctx)
-	$ADD	$C,`2*$SZ`($ctx)
-	$ADD	$D,`3*$SZ`($ctx)
-	$ADD	$E,`4*$SZ`($ctx)
-	$ADD	$F,`5*$SZ`($ctx)
-	$ADD	$G,`6*$SZ`($ctx)
-	$ADD	$H,`7*$SZ`($ctx)
-	$ST	$A,`0*$SZ`($ctx)
-	$ST	$B,`1*$SZ`($ctx)
-	$ST	$C,`2*$SZ`($ctx)
-	$ST	$D,`3*$SZ`($ctx)
-	$ST	$E,`4*$SZ`($ctx)
-	$ST	$F,`5*$SZ`($ctx)
-	$ST	$G,`6*$SZ`($ctx)
-	$ST	$H,`7*$SZ`($ctx)
-	cl${g}	$inp,`$frame+4*$SIZE_T`($sp)
-	jne	.Lloop
-
-	lm${g}	%r6,%r15,`$frame+6*$SIZE_T`($sp)	
-	br	%r14
-.size	$Func,.-$Func
-.string	"SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-.comm	OPENSSL_s390xcap_P,16,8
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-# unlike 32-bit shift 64-bit one takes three arguments
-$code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm;
-
-print $code;
-close STDOUT;
diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl
deleted file mode 100644
index 585740789e..0000000000
--- a/crypto/sha/asm/sha512-sparcv9.pl
+++ /dev/null
@@ -1,594 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# SHA256 performance improvement over compiler generated code varies
-# from 40% for Sun C [32-bit build] to 70% for gcc [3.3, 64-bit
-# build]. Just like in SHA1 module I aim to ensure scalability on
-# UltraSPARC T1 by packing X[16] to 8 64-bit registers.
-
-# SHA512 on pre-T1 UltraSPARC.
-#
-# Performance is >75% better than 64-bit code generated by Sun C and
-# over 2x than 32-bit code. X[16] resides on stack, but access to it
-# is scheduled for L2 latency and staged through 32 least significant
-# bits of %l0-%l7. The latter is done to achieve 32-/64-bit ABI
-# duality. Nevetheless it's ~40% faster than SHA256, which is pretty
-# good [optimal coefficient is 50%].
-#
-# SHA512 on UltraSPARC T1.
-#
-# It's not any faster than 64-bit code generated by Sun C 5.8. This is
-# because 64-bit code generator has the advantage of using 64-bit
-# loads(*) to access X[16], which I consciously traded for 32-/64-bit
-# ABI duality [as per above]. But it surpasses 32-bit Sun C generated
-# code by 60%, not to mention that it doesn't suffer from severe decay
-# when running 4 times physical cores threads and that it leaves gcc
-# [3.4] behind by over 4x factor! If compared to SHA256, single thread
-# performance is only 10% better, but overall throughput for maximum
-# amount of threads for given CPU exceeds corresponding one of SHA256
-# by 30% [again, optimal coefficient is 50%].
-#
-# (*)	Unlike pre-T1 UltraSPARC loads on T1 are executed strictly
-#	in-order, i.e. load instruction has to complete prior next
-#	instruction in given thread is executed, even if the latter is
-#	not dependent on load result! This means that on T1 two 32-bit
-#	loads are always slower than one 64-bit load. Once again this
-#	is unlike pre-T1 UltraSPARC, where, if scheduled appropriately,
-#	2x32-bit loads can be as fast as 1x64-bit ones.
-
-$bits=32;
-for (@ARGV)	{ $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
-if ($bits==64)	{ $bias=2047; $frame=192; }
-else		{ $bias=0;    $frame=112; }
-
-$output=shift;
-open STDOUT,">$output";
-
-if ($output =~ /512/) {
-	$label="512";
-	$SZ=8;
-	$LD="ldx";		# load from memory
-	$ST="stx";		# store to memory
-	$SLL="sllx";		# shift left logical
-	$SRL="srlx";		# shift right logical
-	@Sigma0=(28,34,39);
-	@Sigma1=(14,18,41);
-	@sigma0=( 7, 1, 8);	# right shift first
-	@sigma1=( 6,19,61);	# right shift first
-	$lastK=0x817;
-	$rounds=80;
-	$align=4;
-
-	$locals=16*$SZ;		# X[16]
-
-	$A="%o0";
-	$B="%o1";
-	$C="%o2";
-	$D="%o3";
-	$E="%o4";
-	$F="%o5";
-	$G="%g1";
-	$H="%o7";
-	@V=($A,$B,$C,$D,$E,$F,$G,$H);
-} else {
-	$label="256";
-	$SZ=4;
-	$LD="ld";		# load from memory
-	$ST="st";		# store to memory
-	$SLL="sll";		# shift left logical
-	$SRL="srl";		# shift right logical
-	@Sigma0=( 2,13,22);
-	@Sigma1=( 6,11,25);
-	@sigma0=( 3, 7,18);	# right shift first
-	@sigma1=(10,17,19);	# right shift first
-	$lastK=0x8f2;
-	$rounds=64;
-	$align=8;
-
-	$locals=0;		# X[16] is register resident
-	@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7");
-	
-	$A="%l0";
-	$B="%l1";
-	$C="%l2";
-	$D="%l3";
-	$E="%l4";
-	$F="%l5";
-	$G="%l6";
-	$H="%l7";
-	@V=($A,$B,$C,$D,$E,$F,$G,$H);
-}
-$T1="%g2";
-$tmp0="%g3";
-$tmp1="%g4";
-$tmp2="%g5";
-
-$ctx="%i0";
-$inp="%i1";
-$len="%i2";
-$Ktbl="%i3";
-$tmp31="%i4";
-$tmp32="%i5";
-
-########### SHA256
-$Xload = sub {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
-
-    if ($i==0) {
-$code.=<<___;
-	ldx	[$inp+0],@X[0]
-	ldx	[$inp+16],@X[2]
-	ldx	[$inp+32],@X[4]
-	ldx	[$inp+48],@X[6]
-	ldx	[$inp+8],@X[1]
-	ldx	[$inp+24],@X[3]
-	subcc	%g0,$tmp31,$tmp32 ! should be 64-$tmp31, but -$tmp31 works too
-	ldx	[$inp+40],@X[5]
-	bz,pt	%icc,.Laligned
-	ldx	[$inp+56],@X[7]
-
-	sllx	@X[0],$tmp31,@X[0]
-	ldx	[$inp+64],$T1
-___
-for($j=0;$j<7;$j++)
-{   $code.=<<___;
-	srlx	@X[$j+1],$tmp32,$tmp1
-	sllx	@X[$j+1],$tmp31,@X[$j+1]
-	or	$tmp1,@X[$j],@X[$j]
-___
-}
-$code.=<<___;
-	srlx	$T1,$tmp32,$T1
-	or	$T1,@X[7],@X[7]
-.Laligned:
-___
-    }
-
-    if ($i&1) {
-	$code.="\tadd	@X[$i/2],$h,$T1\n";
-    } else {
-	$code.="\tsrlx	@X[$i/2],32,$T1\n\tadd	$h,$T1,$T1\n";
-    }
-} if ($SZ==4);
-
-########### SHA512
-$Xload = sub {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
-my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1),"%l".eval((($i+1)*2)%8));
-
-$code.=<<___ if ($i==0);
-	ld	[$inp+0],%l0
-	ld	[$inp+4],%l1
-	ld	[$inp+8],%l2
-	ld	[$inp+12],%l3
-	ld	[$inp+16],%l4
-	ld	[$inp+20],%l5
-	ld	[$inp+24],%l6
-	ld	[$inp+28],%l7
-___
-$code.=<<___ if ($i<15);
-	sllx	@pair[1],$tmp31,$tmp2	! Xload($i)
-	add	$tmp31,32,$tmp0
-	sllx	@pair[0],$tmp0,$tmp1
-	`"ld	[$inp+".eval(32+0+$i*8)."],@pair[0]"	if ($i<12)`
-	srlx	@pair[2],$tmp32,@pair[1]
-	or	$tmp1,$tmp2,$tmp2
-	or	@pair[1],$tmp2,$tmp2
-	`"ld	[$inp+".eval(32+4+$i*8)."],@pair[1]"	if ($i<12)`
-	add	$h,$tmp2,$T1
-	$ST	$tmp2,[%sp+`$bias+$frame+$i*$SZ`]
-___
-$code.=<<___ if ($i==12);
-	brnz,a	$tmp31,.+8
-	ld	[$inp+128],%l0
-___
-$code.=<<___ if ($i==15);
-	ld	[%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+0`],%l2
-	sllx	@pair[1],$tmp31,$tmp2	! Xload($i)
-	add	$tmp31,32,$tmp0
-	ld	[%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+4`],%l3
-	sllx	@pair[0],$tmp0,$tmp1
-	ld	[%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+0`],%l4
-	srlx	@pair[2],$tmp32,@pair[1]
-	or	$tmp1,$tmp2,$tmp2
-	ld	[%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+4`],%l5
-	or	@pair[1],$tmp2,$tmp2
-	ld	[%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+0`],%l6
-	add	$h,$tmp2,$T1
-	$ST	$tmp2,[%sp+`$bias+$frame+$i*$SZ`]
-	ld	[%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+4`],%l7
-	ld	[%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+0`],%l0
-	ld	[%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+4`],%l1
-___
-} if ($SZ==8);
-
-########### common
-sub BODY_00_15 {
-my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
-
-    if ($i<16) {
-	&$Xload(@_);
-    } else {
-	$code.="\tadd	$h,$T1,$T1\n";
-    }
-
-$code.=<<___;
-	$SRL	$e,@Sigma1[0],$h	!! $i
-	xor	$f,$g,$tmp2
-	$SLL	$e,`$SZ*8-@Sigma1[2]`,$tmp1
-	and	$e,$tmp2,$tmp2
-	$SRL	$e,@Sigma1[1],$tmp0
-	xor	$tmp1,$h,$h
-	$SLL	$e,`$SZ*8-@Sigma1[1]`,$tmp1
-	xor	$tmp0,$h,$h
-	$SRL	$e,@Sigma1[2],$tmp0
-	xor	$tmp1,$h,$h
-	$SLL	$e,`$SZ*8-@Sigma1[0]`,$tmp1
-	xor	$tmp0,$h,$h
-	xor	$g,$tmp2,$tmp2		! Ch(e,f,g)
-	xor	$tmp1,$h,$tmp0		! Sigma1(e)
-
-	$SRL	$a,@Sigma0[0],$h
-	add	$tmp2,$T1,$T1
-	$LD	[$Ktbl+`$i*$SZ`],$tmp2	! K[$i]
-	$SLL	$a,`$SZ*8-@Sigma0[2]`,$tmp1
-	add	$tmp0,$T1,$T1
-	$SRL	$a,@Sigma0[1],$tmp0
-	xor	$tmp1,$h,$h
-	$SLL	$a,`$SZ*8-@Sigma0[1]`,$tmp1
-	xor	$tmp0,$h,$h
-	$SRL	$a,@Sigma0[2],$tmp0
-	xor	$tmp1,$h,$h	
-	$SLL	$a,`$SZ*8-@Sigma0[0]`,$tmp1
-	xor	$tmp0,$h,$h
-	xor	$tmp1,$h,$h		! Sigma0(a)
-
-	or	$a,$b,$tmp0
-	and	$a,$b,$tmp1
-	and	$c,$tmp0,$tmp0
-	or	$tmp0,$tmp1,$tmp1	! Maj(a,b,c)
-	add	$tmp2,$T1,$T1		! +=K[$i]
-	add	$tmp1,$h,$h
-
-	add	$T1,$d,$d
-	add	$T1,$h,$h
-___
-}
-
-########### SHA256
-$BODY_16_XX = sub {
-my $i=@_[0];
-my $xi;
-
-    if ($i&1) {
-	$xi=$tmp32;
-	$code.="\tsrlx	@X[(($i+1)/2)%8],32,$xi\n";
-    } else {
-	$xi=@X[(($i+1)/2)%8];
-    }
-$code.=<<___;
-	srl	$xi,@sigma0[0],$T1		!! Xupdate($i)
-	sll	$xi,`32-@sigma0[2]`,$tmp1
-	srl	$xi,@sigma0[1],$tmp0
-	xor	$tmp1,$T1,$T1
-	sll	$tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1
-	xor	$tmp0,$T1,$T1
-	srl	$xi,@sigma0[2],$tmp0
-	xor	$tmp1,$T1,$T1
-___
-    if ($i&1) {
-	$xi=@X[(($i+14)/2)%8];
-    } else {
-	$xi=$tmp32;
-	$code.="\tsrlx	@X[(($i+14)/2)%8],32,$xi\n";
-    }
-$code.=<<___;
-	srl	$xi,@sigma1[0],$tmp2
-	xor	$tmp0,$T1,$T1			! T1=sigma0(X[i+1])
-	sll	$xi,`32-@sigma1[2]`,$tmp1
-	srl	$xi,@sigma1[1],$tmp0
-	xor	$tmp1,$tmp2,$tmp2
-	sll	$tmp1,`@sigma1[2]-@sigma1[1]`,$tmp1
-	xor	$tmp0,$tmp2,$tmp2
-	srl	$xi,@sigma1[2],$tmp0
-	xor	$tmp1,$tmp2,$tmp2
-___
-    if ($i&1) {
-	$xi=@X[($i/2)%8];
-$code.=<<___;
-	srlx	@X[(($i+9)/2)%8],32,$tmp1	! X[i+9]
-	xor	$tmp0,$tmp2,$tmp2		! sigma1(X[i+14])
-	srl	@X[($i/2)%8],0,$tmp0
-	add	$tmp2,$tmp1,$tmp1
-	add	$xi,$T1,$T1			! +=X[i]
-	xor	$tmp0,@X[($i/2)%8],@X[($i/2)%8]
-	add	$tmp1,$T1,$T1
-
-	srl	$T1,0,$T1
-	or	$T1,@X[($i/2)%8],@X[($i/2)%8]
-___
-    } else {
-	$xi=@X[(($i+9)/2)%8];
-$code.=<<___;
-	srlx	@X[($i/2)%8],32,$tmp1		! X[i]
-	xor	$tmp0,$tmp2,$tmp2		! sigma1(X[i+14])
-	add	$xi,$T1,$T1			! +=X[i+9]
-	add	$tmp2,$tmp1,$tmp1
-	srl	@X[($i/2)%8],0,@X[($i/2)%8]
-	add	$tmp1,$T1,$T1
-
-	sllx	$T1,32,$tmp0
-	or	$tmp0,@X[($i/2)%8],@X[($i/2)%8]
-___
-    }
-    &BODY_00_15(@_);
-} if ($SZ==4);
-
-########### SHA512
-$BODY_16_XX = sub {
-my $i=@_[0];
-my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1));
-
-$code.=<<___;
-	sllx	%l2,32,$tmp0		!! Xupdate($i)
-	or	%l3,$tmp0,$tmp0
-
-	srlx	$tmp0,@sigma0[0],$T1
-	ld	[%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+0`],%l2
-	sllx	$tmp0,`64-@sigma0[2]`,$tmp1
-	ld	[%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+4`],%l3
-	srlx	$tmp0,@sigma0[1],$tmp0
-	xor	$tmp1,$T1,$T1
-	sllx	$tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1
-	xor	$tmp0,$T1,$T1
-	srlx	$tmp0,`@sigma0[2]-@sigma0[1]`,$tmp0
-	xor	$tmp1,$T1,$T1
-	sllx	%l6,32,$tmp2
-	xor	$tmp0,$T1,$T1		! sigma0(X[$i+1])
-	or	%l7,$tmp2,$tmp2
-
-	srlx	$tmp2,@sigma1[0],$tmp1
-	ld	[%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+0`],%l6
-	sllx	$tmp2,`64-@sigma1[2]`,$tmp0
-	ld	[%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+4`],%l7
-	srlx	$tmp2,@sigma1[1],$tmp2
-	xor	$tmp0,$tmp1,$tmp1
-	sllx	$tmp0,`@sigma1[2]-@sigma1[1]`,$tmp0
-	xor	$tmp2,$tmp1,$tmp1
-	srlx	$tmp2,`@sigma1[2]-@sigma1[1]`,$tmp2
-	xor	$tmp0,$tmp1,$tmp1
-	sllx	%l4,32,$tmp0
-	xor	$tmp2,$tmp1,$tmp1	! sigma1(X[$i+14])
-	ld	[%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+0`],%l4
-	or	%l5,$tmp0,$tmp0
-	ld	[%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+4`],%l5
-
-	sllx	%l0,32,$tmp2
-	add	$tmp1,$T1,$T1
-	ld	[%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+0`],%l0
-	or	%l1,$tmp2,$tmp2
-	add	$tmp0,$T1,$T1		! +=X[$i+9]
-	ld	[%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+4`],%l1
-	add	$tmp2,$T1,$T1		! +=X[$i]
-	$ST	$T1,[%sp+`$bias+$frame+($i%16)*$SZ`]
-___
-    &BODY_00_15(@_);
-} if ($SZ==8);
-
-$code.=<<___ if ($bits==64);
-.register	%g2,#scratch
-.register	%g3,#scratch
-___
-$code.=<<___;
-.section	".text",#alloc,#execinstr
-
-.align	64
-K${label}:
-.type	K${label},#object
-___
-if ($SZ==4) {
-$code.=<<___;
-	.long	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
-	.long	0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
-	.long	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
-	.long	0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
-	.long	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
-	.long	0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
-	.long	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
-	.long	0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
-	.long	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
-	.long	0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
-	.long	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
-	.long	0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
-	.long	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
-	.long	0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
-	.long	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
-	.long	0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
-___
-} else {
-$code.=<<___;
-	.long	0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd
-	.long	0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc
-	.long	0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019
-	.long	0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118
-	.long	0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe
-	.long	0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2
-	.long	0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1
-	.long	0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694
-	.long	0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3
-	.long	0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65
-	.long	0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483
-	.long	0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5
-	.long	0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210
-	.long	0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4
-	.long	0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725
-	.long	0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70
-	.long	0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926
-	.long	0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df
-	.long	0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8
-	.long	0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b
-	.long	0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001
-	.long	0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30
-	.long	0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910
-	.long	0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8
-	.long	0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53
-	.long	0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8
-	.long	0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb
-	.long	0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3
-	.long	0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60
-	.long	0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec
-	.long	0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9
-	.long	0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b
-	.long	0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207
-	.long	0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178
-	.long	0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6
-	.long	0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b
-	.long	0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493
-	.long	0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c
-	.long	0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a
-	.long	0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817
-___
-}
-$code.=<<___;
-.size	K${label},.-K${label}
-.globl	sha${label}_block_data_order
-sha${label}_block_data_order:
-	save	%sp,`-$frame-$locals`,%sp
-	and	$inp,`$align-1`,$tmp31
-	sllx	$len,`log(16*$SZ)/log(2)`,$len
-	andn	$inp,`$align-1`,$inp
-	sll	$tmp31,3,$tmp31
-	add	$inp,$len,$len
-___
-$code.=<<___ if ($SZ==8); # SHA512
-	mov	32,$tmp32
-	sub	$tmp32,$tmp31,$tmp32
-___
-$code.=<<___;
-.Lpic:	call	.+8
-	add	%o7,K${label}-.Lpic,$Ktbl
-
-	$LD	[$ctx+`0*$SZ`],$A
-	$LD	[$ctx+`1*$SZ`],$B
-	$LD	[$ctx+`2*$SZ`],$C
-	$LD	[$ctx+`3*$SZ`],$D
-	$LD	[$ctx+`4*$SZ`],$E
-	$LD	[$ctx+`5*$SZ`],$F
-	$LD	[$ctx+`6*$SZ`],$G
-	$LD	[$ctx+`7*$SZ`],$H
-
-.Lloop:
-___
-for ($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
-$code.=".L16_xx:\n";
-for (;$i<32;$i++)	{ &$BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
-	and	$tmp2,0xfff,$tmp2
-	cmp	$tmp2,$lastK
-	bne	.L16_xx
-	add	$Ktbl,`16*$SZ`,$Ktbl	! Ktbl+=16
-
-___
-$code.=<<___ if ($SZ==4); # SHA256
-	$LD	[$ctx+`0*$SZ`],@X[0]
-	$LD	[$ctx+`1*$SZ`],@X[1]
-	$LD	[$ctx+`2*$SZ`],@X[2]
-	$LD	[$ctx+`3*$SZ`],@X[3]
-	$LD	[$ctx+`4*$SZ`],@X[4]
-	$LD	[$ctx+`5*$SZ`],@X[5]
-	$LD	[$ctx+`6*$SZ`],@X[6]
-	$LD	[$ctx+`7*$SZ`],@X[7]
-
-	add	$A,@X[0],$A
-	$ST	$A,[$ctx+`0*$SZ`]
-	add	$B,@X[1],$B
-	$ST	$B,[$ctx+`1*$SZ`]
-	add	$C,@X[2],$C
-	$ST	$C,[$ctx+`2*$SZ`]
-	add	$D,@X[3],$D
-	$ST	$D,[$ctx+`3*$SZ`]
-	add	$E,@X[4],$E
-	$ST	$E,[$ctx+`4*$SZ`]
-	add	$F,@X[5],$F
-	$ST	$F,[$ctx+`5*$SZ`]
-	add	$G,@X[6],$G
-	$ST	$G,[$ctx+`6*$SZ`]
-	add	$H,@X[7],$H
-	$ST	$H,[$ctx+`7*$SZ`]
-___
-$code.=<<___ if ($SZ==8); # SHA512
-	ld	[$ctx+`0*$SZ+0`],%l0
-	ld	[$ctx+`0*$SZ+4`],%l1
-	ld	[$ctx+`1*$SZ+0`],%l2
-	ld	[$ctx+`1*$SZ+4`],%l3
-	ld	[$ctx+`2*$SZ+0`],%l4
-	ld	[$ctx+`2*$SZ+4`],%l5
-	ld	[$ctx+`3*$SZ+0`],%l6
-
-	sllx	%l0,32,$tmp0
-	ld	[$ctx+`3*$SZ+4`],%l7
-	sllx	%l2,32,$tmp1
-	or	%l1,$tmp0,$tmp0
-	or	%l3,$tmp1,$tmp1
-	add	$tmp0,$A,$A
-	add	$tmp1,$B,$B
-	$ST	$A,[$ctx+`0*$SZ`]
-	sllx	%l4,32,$tmp2
-	$ST	$B,[$ctx+`1*$SZ`]
-	sllx	%l6,32,$T1
-	or	%l5,$tmp2,$tmp2
-	or	%l7,$T1,$T1
-	add	$tmp2,$C,$C
-	$ST	$C,[$ctx+`2*$SZ`]
-	add	$T1,$D,$D
-	$ST	$D,[$ctx+`3*$SZ`]
-
-	ld	[$ctx+`4*$SZ+0`],%l0
-	ld	[$ctx+`4*$SZ+4`],%l1
-	ld	[$ctx+`5*$SZ+0`],%l2
-	ld	[$ctx+`5*$SZ+4`],%l3
-	ld	[$ctx+`6*$SZ+0`],%l4
-	ld	[$ctx+`6*$SZ+4`],%l5
-	ld	[$ctx+`7*$SZ+0`],%l6
-
-	sllx	%l0,32,$tmp0
-	ld	[$ctx+`7*$SZ+4`],%l7
-	sllx	%l2,32,$tmp1
-	or	%l1,$tmp0,$tmp0
-	or	%l3,$tmp1,$tmp1
-	add	$tmp0,$E,$E
-	add	$tmp1,$F,$F
-	$ST	$E,[$ctx+`4*$SZ`]
-	sllx	%l4,32,$tmp2
-	$ST	$F,[$ctx+`5*$SZ`]
-	sllx	%l6,32,$T1
-	or	%l5,$tmp2,$tmp2
-	or	%l7,$T1,$T1
-	add	$tmp2,$G,$G
-	$ST	$G,[$ctx+`6*$SZ`]
-	add	$T1,$H,$H
-	$ST	$H,[$ctx+`7*$SZ`]
-___
-$code.=<<___;
-	add	$inp,`16*$SZ`,$inp		! advance inp
-	cmp	$inp,$len
-	bne	`$bits==64?"%xcc":"%icc"`,.Lloop
-	sub	$Ktbl,`($rounds-16)*$SZ`,$Ktbl	! rewind Ktbl
-
-	ret
-	restore
-.type	sha${label}_block_data_order,#function
-.size	sha${label}_block_data_order,(.-sha${label}_block_data_order)
-.asciz	"SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
-.align	4
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/sha/asm/sha512-x86_64.S b/crypto/sha/asm/sha512-x86_64.S
deleted file mode 100644
index 2d3294e02d..0000000000
--- a/crypto/sha/asm/sha512-x86_64.S
+++ /dev/null
@@ -1,1802 +0,0 @@
-.text	
-
-.globl	sha512_block_data_order
-.type	sha512_block_data_order,@function
-.align	16
-sha512_block_data_order:
-	pushq	%rbx
-	pushq	%rbp
-	pushq	%r12
-	pushq	%r13
-	pushq	%r14
-	pushq	%r15
-	movq	%rsp,%r11
-	shlq	$4,%rdx
-	subq	$128+32,%rsp
-	leaq	(%rsi,%rdx,8),%rdx
-	andq	$-64,%rsp
-	movq	%rdi,128+0(%rsp)
-	movq	%rsi,128+8(%rsp)
-	movq	%rdx,128+16(%rsp)
-	movq	%r11,128+24(%rsp)
-.Lprologue:
-
-	leaq	K512(%rip),%rbp
-
-	movq	0(%rdi),%rax
-	movq	8(%rdi),%rbx
-	movq	16(%rdi),%rcx
-	movq	24(%rdi),%rdx
-	movq	32(%rdi),%r8
-	movq	40(%rdi),%r9
-	movq	48(%rdi),%r10
-	movq	56(%rdi),%r11
-	jmp	.Lloop
-
-.align	16
-.Lloop:
-	xorq	%rdi,%rdi
-	movq	0(%rsi),%r12
-	movq	%r8,%r13
-	movq	%rax,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%r9,%r15
-	movq	%r12,0(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r8,%r13
-	xorq	%r10,%r15
-
-	rorq	$4,%r13
-	addq	%r11,%r12
-	xorq	%rax,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r8,%r15
-	movq	%rbx,%r11
-
-	rorq	$6,%r14
-	xorq	%r8,%r13
-	xorq	%r10,%r15
-
-	xorq	%rcx,%r11
-	xorq	%rax,%r14
-	addq	%r15,%r12
-	movq	%rbx,%r15
-
-	rorq	$14,%r13
-	andq	%rax,%r11
-	andq	%rcx,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r11
-
-	addq	%r12,%rdx
-	addq	%r12,%r11
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r11
-
-	movq	8(%rsi),%r12
-	movq	%rdx,%r13
-	movq	%r11,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%r8,%r15
-	movq	%r12,8(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rdx,%r13
-	xorq	%r9,%r15
-
-	rorq	$4,%r13
-	addq	%r10,%r12
-	xorq	%r11,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rdx,%r15
-	movq	%rax,%r10
-
-	rorq	$6,%r14
-	xorq	%rdx,%r13
-	xorq	%r9,%r15
-
-	xorq	%rbx,%r10
-	xorq	%r11,%r14
-	addq	%r15,%r12
-	movq	%rax,%r15
-
-	rorq	$14,%r13
-	andq	%r11,%r10
-	andq	%rbx,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r10
-
-	addq	%r12,%rcx
-	addq	%r12,%r10
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r10
-
-	movq	16(%rsi),%r12
-	movq	%rcx,%r13
-	movq	%r10,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%rdx,%r15
-	movq	%r12,16(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rcx,%r13
-	xorq	%r8,%r15
-
-	rorq	$4,%r13
-	addq	%r9,%r12
-	xorq	%r10,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rcx,%r15
-	movq	%r11,%r9
-
-	rorq	$6,%r14
-	xorq	%rcx,%r13
-	xorq	%r8,%r15
-
-	xorq	%rax,%r9
-	xorq	%r10,%r14
-	addq	%r15,%r12
-	movq	%r11,%r15
-
-	rorq	$14,%r13
-	andq	%r10,%r9
-	andq	%rax,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r9
-
-	addq	%r12,%rbx
-	addq	%r12,%r9
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r9
-
-	movq	24(%rsi),%r12
-	movq	%rbx,%r13
-	movq	%r9,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%rcx,%r15
-	movq	%r12,24(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rbx,%r13
-	xorq	%rdx,%r15
-
-	rorq	$4,%r13
-	addq	%r8,%r12
-	xorq	%r9,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rbx,%r15
-	movq	%r10,%r8
-
-	rorq	$6,%r14
-	xorq	%rbx,%r13
-	xorq	%rdx,%r15
-
-	xorq	%r11,%r8
-	xorq	%r9,%r14
-	addq	%r15,%r12
-	movq	%r10,%r15
-
-	rorq	$14,%r13
-	andq	%r9,%r8
-	andq	%r11,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r8
-
-	addq	%r12,%rax
-	addq	%r12,%r8
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r8
-
-	movq	32(%rsi),%r12
-	movq	%rax,%r13
-	movq	%r8,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%rbx,%r15
-	movq	%r12,32(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rax,%r13
-	xorq	%rcx,%r15
-
-	rorq	$4,%r13
-	addq	%rdx,%r12
-	xorq	%r8,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rax,%r15
-	movq	%r9,%rdx
-
-	rorq	$6,%r14
-	xorq	%rax,%r13
-	xorq	%rcx,%r15
-
-	xorq	%r10,%rdx
-	xorq	%r8,%r14
-	addq	%r15,%r12
-	movq	%r9,%r15
-
-	rorq	$14,%r13
-	andq	%r8,%rdx
-	andq	%r10,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rdx
-
-	addq	%r12,%r11
-	addq	%r12,%rdx
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rdx
-
-	movq	40(%rsi),%r12
-	movq	%r11,%r13
-	movq	%rdx,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%rax,%r15
-	movq	%r12,40(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r11,%r13
-	xorq	%rbx,%r15
-
-	rorq	$4,%r13
-	addq	%rcx,%r12
-	xorq	%rdx,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r11,%r15
-	movq	%r8,%rcx
-
-	rorq	$6,%r14
-	xorq	%r11,%r13
-	xorq	%rbx,%r15
-
-	xorq	%r9,%rcx
-	xorq	%rdx,%r14
-	addq	%r15,%r12
-	movq	%r8,%r15
-
-	rorq	$14,%r13
-	andq	%rdx,%rcx
-	andq	%r9,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rcx
-
-	addq	%r12,%r10
-	addq	%r12,%rcx
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rcx
-
-	movq	48(%rsi),%r12
-	movq	%r10,%r13
-	movq	%rcx,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%r11,%r15
-	movq	%r12,48(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r10,%r13
-	xorq	%rax,%r15
-
-	rorq	$4,%r13
-	addq	%rbx,%r12
-	xorq	%rcx,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r10,%r15
-	movq	%rdx,%rbx
-
-	rorq	$6,%r14
-	xorq	%r10,%r13
-	xorq	%rax,%r15
-
-	xorq	%r8,%rbx
-	xorq	%rcx,%r14
-	addq	%r15,%r12
-	movq	%rdx,%r15
-
-	rorq	$14,%r13
-	andq	%rcx,%rbx
-	andq	%r8,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rbx
-
-	addq	%r12,%r9
-	addq	%r12,%rbx
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rbx
-
-	movq	56(%rsi),%r12
-	movq	%r9,%r13
-	movq	%rbx,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%r10,%r15
-	movq	%r12,56(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r9,%r13
-	xorq	%r11,%r15
-
-	rorq	$4,%r13
-	addq	%rax,%r12
-	xorq	%rbx,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r9,%r15
-	movq	%rcx,%rax
-
-	rorq	$6,%r14
-	xorq	%r9,%r13
-	xorq	%r11,%r15
-
-	xorq	%rdx,%rax
-	xorq	%rbx,%r14
-	addq	%r15,%r12
-	movq	%rcx,%r15
-
-	rorq	$14,%r13
-	andq	%rbx,%rax
-	andq	%rdx,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rax
-
-	addq	%r12,%r8
-	addq	%r12,%rax
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rax
-
-	movq	64(%rsi),%r12
-	movq	%r8,%r13
-	movq	%rax,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%r9,%r15
-	movq	%r12,64(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r8,%r13
-	xorq	%r10,%r15
-
-	rorq	$4,%r13
-	addq	%r11,%r12
-	xorq	%rax,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r8,%r15
-	movq	%rbx,%r11
-
-	rorq	$6,%r14
-	xorq	%r8,%r13
-	xorq	%r10,%r15
-
-	xorq	%rcx,%r11
-	xorq	%rax,%r14
-	addq	%r15,%r12
-	movq	%rbx,%r15
-
-	rorq	$14,%r13
-	andq	%rax,%r11
-	andq	%rcx,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r11
-
-	addq	%r12,%rdx
-	addq	%r12,%r11
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r11
-
-	movq	72(%rsi),%r12
-	movq	%rdx,%r13
-	movq	%r11,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%r8,%r15
-	movq	%r12,72(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rdx,%r13
-	xorq	%r9,%r15
-
-	rorq	$4,%r13
-	addq	%r10,%r12
-	xorq	%r11,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rdx,%r15
-	movq	%rax,%r10
-
-	rorq	$6,%r14
-	xorq	%rdx,%r13
-	xorq	%r9,%r15
-
-	xorq	%rbx,%r10
-	xorq	%r11,%r14
-	addq	%r15,%r12
-	movq	%rax,%r15
-
-	rorq	$14,%r13
-	andq	%r11,%r10
-	andq	%rbx,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r10
-
-	addq	%r12,%rcx
-	addq	%r12,%r10
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r10
-
-	movq	80(%rsi),%r12
-	movq	%rcx,%r13
-	movq	%r10,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%rdx,%r15
-	movq	%r12,80(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rcx,%r13
-	xorq	%r8,%r15
-
-	rorq	$4,%r13
-	addq	%r9,%r12
-	xorq	%r10,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rcx,%r15
-	movq	%r11,%r9
-
-	rorq	$6,%r14
-	xorq	%rcx,%r13
-	xorq	%r8,%r15
-
-	xorq	%rax,%r9
-	xorq	%r10,%r14
-	addq	%r15,%r12
-	movq	%r11,%r15
-
-	rorq	$14,%r13
-	andq	%r10,%r9
-	andq	%rax,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r9
-
-	addq	%r12,%rbx
-	addq	%r12,%r9
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r9
-
-	movq	88(%rsi),%r12
-	movq	%rbx,%r13
-	movq	%r9,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%rcx,%r15
-	movq	%r12,88(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rbx,%r13
-	xorq	%rdx,%r15
-
-	rorq	$4,%r13
-	addq	%r8,%r12
-	xorq	%r9,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rbx,%r15
-	movq	%r10,%r8
-
-	rorq	$6,%r14
-	xorq	%rbx,%r13
-	xorq	%rdx,%r15
-
-	xorq	%r11,%r8
-	xorq	%r9,%r14
-	addq	%r15,%r12
-	movq	%r10,%r15
-
-	rorq	$14,%r13
-	andq	%r9,%r8
-	andq	%r11,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r8
-
-	addq	%r12,%rax
-	addq	%r12,%r8
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r8
-
-	movq	96(%rsi),%r12
-	movq	%rax,%r13
-	movq	%r8,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%rbx,%r15
-	movq	%r12,96(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rax,%r13
-	xorq	%rcx,%r15
-
-	rorq	$4,%r13
-	addq	%rdx,%r12
-	xorq	%r8,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rax,%r15
-	movq	%r9,%rdx
-
-	rorq	$6,%r14
-	xorq	%rax,%r13
-	xorq	%rcx,%r15
-
-	xorq	%r10,%rdx
-	xorq	%r8,%r14
-	addq	%r15,%r12
-	movq	%r9,%r15
-
-	rorq	$14,%r13
-	andq	%r8,%rdx
-	andq	%r10,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rdx
-
-	addq	%r12,%r11
-	addq	%r12,%rdx
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rdx
-
-	movq	104(%rsi),%r12
-	movq	%r11,%r13
-	movq	%rdx,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%rax,%r15
-	movq	%r12,104(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r11,%r13
-	xorq	%rbx,%r15
-
-	rorq	$4,%r13
-	addq	%rcx,%r12
-	xorq	%rdx,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r11,%r15
-	movq	%r8,%rcx
-
-	rorq	$6,%r14
-	xorq	%r11,%r13
-	xorq	%rbx,%r15
-
-	xorq	%r9,%rcx
-	xorq	%rdx,%r14
-	addq	%r15,%r12
-	movq	%r8,%r15
-
-	rorq	$14,%r13
-	andq	%rdx,%rcx
-	andq	%r9,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rcx
-
-	addq	%r12,%r10
-	addq	%r12,%rcx
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rcx
-
-	movq	112(%rsi),%r12
-	movq	%r10,%r13
-	movq	%rcx,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%r11,%r15
-	movq	%r12,112(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r10,%r13
-	xorq	%rax,%r15
-
-	rorq	$4,%r13
-	addq	%rbx,%r12
-	xorq	%rcx,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r10,%r15
-	movq	%rdx,%rbx
-
-	rorq	$6,%r14
-	xorq	%r10,%r13
-	xorq	%rax,%r15
-
-	xorq	%r8,%rbx
-	xorq	%rcx,%r14
-	addq	%r15,%r12
-	movq	%rdx,%r15
-
-	rorq	$14,%r13
-	andq	%rcx,%rbx
-	andq	%r8,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rbx
-
-	addq	%r12,%r9
-	addq	%r12,%rbx
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rbx
-
-	movq	120(%rsi),%r12
-	movq	%r9,%r13
-	movq	%rbx,%r14
-	bswapq	%r12
-	rorq	$23,%r13
-	movq	%r10,%r15
-	movq	%r12,120(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r9,%r13
-	xorq	%r11,%r15
-
-	rorq	$4,%r13
-	addq	%rax,%r12
-	xorq	%rbx,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r9,%r15
-	movq	%rcx,%rax
-
-	rorq	$6,%r14
-	xorq	%r9,%r13
-	xorq	%r11,%r15
-
-	xorq	%rdx,%rax
-	xorq	%rbx,%r14
-	addq	%r15,%r12
-	movq	%rcx,%r15
-
-	rorq	$14,%r13
-	andq	%rbx,%rax
-	andq	%rdx,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rax
-
-	addq	%r12,%r8
-	addq	%r12,%rax
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rax
-
-	jmp	.Lrounds_16_xx
-.align	16
-.Lrounds_16_xx:
-	movq	8(%rsp),%r13
-	movq	112(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	72(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	0(%rsp),%r12
-	movq	%r8,%r13
-	addq	%r14,%r12
-	movq	%rax,%r14
-	rorq	$23,%r13
-	movq	%r9,%r15
-	movq	%r12,0(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r8,%r13
-	xorq	%r10,%r15
-
-	rorq	$4,%r13
-	addq	%r11,%r12
-	xorq	%rax,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r8,%r15
-	movq	%rbx,%r11
-
-	rorq	$6,%r14
-	xorq	%r8,%r13
-	xorq	%r10,%r15
-
-	xorq	%rcx,%r11
-	xorq	%rax,%r14
-	addq	%r15,%r12
-	movq	%rbx,%r15
-
-	rorq	$14,%r13
-	andq	%rax,%r11
-	andq	%rcx,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r11
-
-	addq	%r12,%rdx
-	addq	%r12,%r11
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r11
-
-	movq	16(%rsp),%r13
-	movq	120(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	80(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	8(%rsp),%r12
-	movq	%rdx,%r13
-	addq	%r14,%r12
-	movq	%r11,%r14
-	rorq	$23,%r13
-	movq	%r8,%r15
-	movq	%r12,8(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rdx,%r13
-	xorq	%r9,%r15
-
-	rorq	$4,%r13
-	addq	%r10,%r12
-	xorq	%r11,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rdx,%r15
-	movq	%rax,%r10
-
-	rorq	$6,%r14
-	xorq	%rdx,%r13
-	xorq	%r9,%r15
-
-	xorq	%rbx,%r10
-	xorq	%r11,%r14
-	addq	%r15,%r12
-	movq	%rax,%r15
-
-	rorq	$14,%r13
-	andq	%r11,%r10
-	andq	%rbx,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r10
-
-	addq	%r12,%rcx
-	addq	%r12,%r10
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r10
-
-	movq	24(%rsp),%r13
-	movq	0(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	88(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	16(%rsp),%r12
-	movq	%rcx,%r13
-	addq	%r14,%r12
-	movq	%r10,%r14
-	rorq	$23,%r13
-	movq	%rdx,%r15
-	movq	%r12,16(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rcx,%r13
-	xorq	%r8,%r15
-
-	rorq	$4,%r13
-	addq	%r9,%r12
-	xorq	%r10,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rcx,%r15
-	movq	%r11,%r9
-
-	rorq	$6,%r14
-	xorq	%rcx,%r13
-	xorq	%r8,%r15
-
-	xorq	%rax,%r9
-	xorq	%r10,%r14
-	addq	%r15,%r12
-	movq	%r11,%r15
-
-	rorq	$14,%r13
-	andq	%r10,%r9
-	andq	%rax,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r9
-
-	addq	%r12,%rbx
-	addq	%r12,%r9
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r9
-
-	movq	32(%rsp),%r13
-	movq	8(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	96(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	24(%rsp),%r12
-	movq	%rbx,%r13
-	addq	%r14,%r12
-	movq	%r9,%r14
-	rorq	$23,%r13
-	movq	%rcx,%r15
-	movq	%r12,24(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rbx,%r13
-	xorq	%rdx,%r15
-
-	rorq	$4,%r13
-	addq	%r8,%r12
-	xorq	%r9,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rbx,%r15
-	movq	%r10,%r8
-
-	rorq	$6,%r14
-	xorq	%rbx,%r13
-	xorq	%rdx,%r15
-
-	xorq	%r11,%r8
-	xorq	%r9,%r14
-	addq	%r15,%r12
-	movq	%r10,%r15
-
-	rorq	$14,%r13
-	andq	%r9,%r8
-	andq	%r11,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r8
-
-	addq	%r12,%rax
-	addq	%r12,%r8
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r8
-
-	movq	40(%rsp),%r13
-	movq	16(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	104(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	32(%rsp),%r12
-	movq	%rax,%r13
-	addq	%r14,%r12
-	movq	%r8,%r14
-	rorq	$23,%r13
-	movq	%rbx,%r15
-	movq	%r12,32(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rax,%r13
-	xorq	%rcx,%r15
-
-	rorq	$4,%r13
-	addq	%rdx,%r12
-	xorq	%r8,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rax,%r15
-	movq	%r9,%rdx
-
-	rorq	$6,%r14
-	xorq	%rax,%r13
-	xorq	%rcx,%r15
-
-	xorq	%r10,%rdx
-	xorq	%r8,%r14
-	addq	%r15,%r12
-	movq	%r9,%r15
-
-	rorq	$14,%r13
-	andq	%r8,%rdx
-	andq	%r10,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rdx
-
-	addq	%r12,%r11
-	addq	%r12,%rdx
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rdx
-
-	movq	48(%rsp),%r13
-	movq	24(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	112(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	40(%rsp),%r12
-	movq	%r11,%r13
-	addq	%r14,%r12
-	movq	%rdx,%r14
-	rorq	$23,%r13
-	movq	%rax,%r15
-	movq	%r12,40(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r11,%r13
-	xorq	%rbx,%r15
-
-	rorq	$4,%r13
-	addq	%rcx,%r12
-	xorq	%rdx,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r11,%r15
-	movq	%r8,%rcx
-
-	rorq	$6,%r14
-	xorq	%r11,%r13
-	xorq	%rbx,%r15
-
-	xorq	%r9,%rcx
-	xorq	%rdx,%r14
-	addq	%r15,%r12
-	movq	%r8,%r15
-
-	rorq	$14,%r13
-	andq	%rdx,%rcx
-	andq	%r9,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rcx
-
-	addq	%r12,%r10
-	addq	%r12,%rcx
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rcx
-
-	movq	56(%rsp),%r13
-	movq	32(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	120(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	48(%rsp),%r12
-	movq	%r10,%r13
-	addq	%r14,%r12
-	movq	%rcx,%r14
-	rorq	$23,%r13
-	movq	%r11,%r15
-	movq	%r12,48(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r10,%r13
-	xorq	%rax,%r15
-
-	rorq	$4,%r13
-	addq	%rbx,%r12
-	xorq	%rcx,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r10,%r15
-	movq	%rdx,%rbx
-
-	rorq	$6,%r14
-	xorq	%r10,%r13
-	xorq	%rax,%r15
-
-	xorq	%r8,%rbx
-	xorq	%rcx,%r14
-	addq	%r15,%r12
-	movq	%rdx,%r15
-
-	rorq	$14,%r13
-	andq	%rcx,%rbx
-	andq	%r8,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rbx
-
-	addq	%r12,%r9
-	addq	%r12,%rbx
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rbx
-
-	movq	64(%rsp),%r13
-	movq	40(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	0(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	56(%rsp),%r12
-	movq	%r9,%r13
-	addq	%r14,%r12
-	movq	%rbx,%r14
-	rorq	$23,%r13
-	movq	%r10,%r15
-	movq	%r12,56(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r9,%r13
-	xorq	%r11,%r15
-
-	rorq	$4,%r13
-	addq	%rax,%r12
-	xorq	%rbx,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r9,%r15
-	movq	%rcx,%rax
-
-	rorq	$6,%r14
-	xorq	%r9,%r13
-	xorq	%r11,%r15
-
-	xorq	%rdx,%rax
-	xorq	%rbx,%r14
-	addq	%r15,%r12
-	movq	%rcx,%r15
-
-	rorq	$14,%r13
-	andq	%rbx,%rax
-	andq	%rdx,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rax
-
-	addq	%r12,%r8
-	addq	%r12,%rax
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rax
-
-	movq	72(%rsp),%r13
-	movq	48(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	8(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	64(%rsp),%r12
-	movq	%r8,%r13
-	addq	%r14,%r12
-	movq	%rax,%r14
-	rorq	$23,%r13
-	movq	%r9,%r15
-	movq	%r12,64(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r8,%r13
-	xorq	%r10,%r15
-
-	rorq	$4,%r13
-	addq	%r11,%r12
-	xorq	%rax,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r8,%r15
-	movq	%rbx,%r11
-
-	rorq	$6,%r14
-	xorq	%r8,%r13
-	xorq	%r10,%r15
-
-	xorq	%rcx,%r11
-	xorq	%rax,%r14
-	addq	%r15,%r12
-	movq	%rbx,%r15
-
-	rorq	$14,%r13
-	andq	%rax,%r11
-	andq	%rcx,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r11
-
-	addq	%r12,%rdx
-	addq	%r12,%r11
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r11
-
-	movq	80(%rsp),%r13
-	movq	56(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	16(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	72(%rsp),%r12
-	movq	%rdx,%r13
-	addq	%r14,%r12
-	movq	%r11,%r14
-	rorq	$23,%r13
-	movq	%r8,%r15
-	movq	%r12,72(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rdx,%r13
-	xorq	%r9,%r15
-
-	rorq	$4,%r13
-	addq	%r10,%r12
-	xorq	%r11,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rdx,%r15
-	movq	%rax,%r10
-
-	rorq	$6,%r14
-	xorq	%rdx,%r13
-	xorq	%r9,%r15
-
-	xorq	%rbx,%r10
-	xorq	%r11,%r14
-	addq	%r15,%r12
-	movq	%rax,%r15
-
-	rorq	$14,%r13
-	andq	%r11,%r10
-	andq	%rbx,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r10
-
-	addq	%r12,%rcx
-	addq	%r12,%r10
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r10
-
-	movq	88(%rsp),%r13
-	movq	64(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	24(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	80(%rsp),%r12
-	movq	%rcx,%r13
-	addq	%r14,%r12
-	movq	%r10,%r14
-	rorq	$23,%r13
-	movq	%rdx,%r15
-	movq	%r12,80(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rcx,%r13
-	xorq	%r8,%r15
-
-	rorq	$4,%r13
-	addq	%r9,%r12
-	xorq	%r10,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rcx,%r15
-	movq	%r11,%r9
-
-	rorq	$6,%r14
-	xorq	%rcx,%r13
-	xorq	%r8,%r15
-
-	xorq	%rax,%r9
-	xorq	%r10,%r14
-	addq	%r15,%r12
-	movq	%r11,%r15
-
-	rorq	$14,%r13
-	andq	%r10,%r9
-	andq	%rax,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r9
-
-	addq	%r12,%rbx
-	addq	%r12,%r9
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r9
-
-	movq	96(%rsp),%r13
-	movq	72(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	32(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	88(%rsp),%r12
-	movq	%rbx,%r13
-	addq	%r14,%r12
-	movq	%r9,%r14
-	rorq	$23,%r13
-	movq	%rcx,%r15
-	movq	%r12,88(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rbx,%r13
-	xorq	%rdx,%r15
-
-	rorq	$4,%r13
-	addq	%r8,%r12
-	xorq	%r9,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rbx,%r15
-	movq	%r10,%r8
-
-	rorq	$6,%r14
-	xorq	%rbx,%r13
-	xorq	%rdx,%r15
-
-	xorq	%r11,%r8
-	xorq	%r9,%r14
-	addq	%r15,%r12
-	movq	%r10,%r15
-
-	rorq	$14,%r13
-	andq	%r9,%r8
-	andq	%r11,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%r8
-
-	addq	%r12,%rax
-	addq	%r12,%r8
-	leaq	1(%rdi),%rdi
-	addq	%r14,%r8
-
-	movq	104(%rsp),%r13
-	movq	80(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	40(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	96(%rsp),%r12
-	movq	%rax,%r13
-	addq	%r14,%r12
-	movq	%r8,%r14
-	rorq	$23,%r13
-	movq	%rbx,%r15
-	movq	%r12,96(%rsp)
-
-	rorq	$5,%r14
-	xorq	%rax,%r13
-	xorq	%rcx,%r15
-
-	rorq	$4,%r13
-	addq	%rdx,%r12
-	xorq	%r8,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%rax,%r15
-	movq	%r9,%rdx
-
-	rorq	$6,%r14
-	xorq	%rax,%r13
-	xorq	%rcx,%r15
-
-	xorq	%r10,%rdx
-	xorq	%r8,%r14
-	addq	%r15,%r12
-	movq	%r9,%r15
-
-	rorq	$14,%r13
-	andq	%r8,%rdx
-	andq	%r10,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rdx
-
-	addq	%r12,%r11
-	addq	%r12,%rdx
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rdx
-
-	movq	112(%rsp),%r13
-	movq	88(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	48(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	104(%rsp),%r12
-	movq	%r11,%r13
-	addq	%r14,%r12
-	movq	%rdx,%r14
-	rorq	$23,%r13
-	movq	%rax,%r15
-	movq	%r12,104(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r11,%r13
-	xorq	%rbx,%r15
-
-	rorq	$4,%r13
-	addq	%rcx,%r12
-	xorq	%rdx,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r11,%r15
-	movq	%r8,%rcx
-
-	rorq	$6,%r14
-	xorq	%r11,%r13
-	xorq	%rbx,%r15
-
-	xorq	%r9,%rcx
-	xorq	%rdx,%r14
-	addq	%r15,%r12
-	movq	%r8,%r15
-
-	rorq	$14,%r13
-	andq	%rdx,%rcx
-	andq	%r9,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rcx
-
-	addq	%r12,%r10
-	addq	%r12,%rcx
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rcx
-
-	movq	120(%rsp),%r13
-	movq	96(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	56(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	112(%rsp),%r12
-	movq	%r10,%r13
-	addq	%r14,%r12
-	movq	%rcx,%r14
-	rorq	$23,%r13
-	movq	%r11,%r15
-	movq	%r12,112(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r10,%r13
-	xorq	%rax,%r15
-
-	rorq	$4,%r13
-	addq	%rbx,%r12
-	xorq	%rcx,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r10,%r15
-	movq	%rdx,%rbx
-
-	rorq	$6,%r14
-	xorq	%r10,%r13
-	xorq	%rax,%r15
-
-	xorq	%r8,%rbx
-	xorq	%rcx,%r14
-	addq	%r15,%r12
-	movq	%rdx,%r15
-
-	rorq	$14,%r13
-	andq	%rcx,%rbx
-	andq	%r8,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rbx
-
-	addq	%r12,%r9
-	addq	%r12,%rbx
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rbx
-
-	movq	0(%rsp),%r13
-	movq	104(%rsp),%r14
-	movq	%r13,%r12
-	movq	%r14,%r15
-
-	rorq	$7,%r12
-	xorq	%r13,%r12
-	shrq	$7,%r13
-
-	rorq	$1,%r12
-	xorq	%r12,%r13
-	movq	64(%rsp),%r12
-
-	rorq	$42,%r15
-	xorq	%r14,%r15
-	shrq	$6,%r14
-
-	rorq	$19,%r15
-	addq	%r13,%r12
-	xorq	%r15,%r14
-
-	addq	120(%rsp),%r12
-	movq	%r9,%r13
-	addq	%r14,%r12
-	movq	%rbx,%r14
-	rorq	$23,%r13
-	movq	%r10,%r15
-	movq	%r12,120(%rsp)
-
-	rorq	$5,%r14
-	xorq	%r9,%r13
-	xorq	%r11,%r15
-
-	rorq	$4,%r13
-	addq	%rax,%r12
-	xorq	%rbx,%r14
-
-	addq	(%rbp,%rdi,8),%r12
-	andq	%r9,%r15
-	movq	%rcx,%rax
-
-	rorq	$6,%r14
-	xorq	%r9,%r13
-	xorq	%r11,%r15
-
-	xorq	%rdx,%rax
-	xorq	%rbx,%r14
-	addq	%r15,%r12
-	movq	%rcx,%r15
-
-	rorq	$14,%r13
-	andq	%rbx,%rax
-	andq	%rdx,%r15
-
-	rorq	$28,%r14
-	addq	%r13,%r12
-	addq	%r15,%rax
-
-	addq	%r12,%r8
-	addq	%r12,%rax
-	leaq	1(%rdi),%rdi
-	addq	%r14,%rax
-
-	cmpq	$80,%rdi
-	jb	.Lrounds_16_xx
-
-	movq	128+0(%rsp),%rdi
-	leaq	128(%rsi),%rsi
-
-	addq	0(%rdi),%rax
-	addq	8(%rdi),%rbx
-	addq	16(%rdi),%rcx
-	addq	24(%rdi),%rdx
-	addq	32(%rdi),%r8
-	addq	40(%rdi),%r9
-	addq	48(%rdi),%r10
-	addq	56(%rdi),%r11
-
-	cmpq	128+16(%rsp),%rsi
-
-	movq	%rax,0(%rdi)
-	movq	%rbx,8(%rdi)
-	movq	%rcx,16(%rdi)
-	movq	%rdx,24(%rdi)
-	movq	%r8,32(%rdi)
-	movq	%r9,40(%rdi)
-	movq	%r10,48(%rdi)
-	movq	%r11,56(%rdi)
-	jb	.Lloop
-
-	movq	128+24(%rsp),%rsi
-	movq	(%rsi),%r15
-	movq	8(%rsi),%r14
-	movq	16(%rsi),%r13
-	movq	24(%rsi),%r12
-	movq	32(%rsi),%rbp
-	movq	40(%rsi),%rbx
-	leaq	48(%rsi),%rsp
-.Lepilogue:
-	.byte	0xf3,0xc3
-.size	sha512_block_data_order,.-sha512_block_data_order
-.align	64
-.type	K512,@object
-K512:
-.quad	0x428a2f98d728ae22,0x7137449123ef65cd
-.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
-.quad	0x3956c25bf348b538,0x59f111f1b605d019
-.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
-.quad	0xd807aa98a3030242,0x12835b0145706fbe
-.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
-.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
-.quad	0x9bdc06a725c71235,0xc19bf174cf692694
-.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
-.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
-.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
-.quad	0x983e5152ee66dfab,0xa831c66d2db43210
-.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
-.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
-.quad	0x06ca6351e003826f,0x142929670a0e6e70
-.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
-.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
-.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
-.quad	0x81c2c92e47edaee6,0x92722c851482353b
-.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
-.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
-.quad	0xd192e819d6ef5218,0xd69906245565a910
-.quad	0xf40e35855771202a,0x106aa07032bbd1b8
-.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
-.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
-.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
-.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
-.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
-.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
-.quad	0x90befffa23631e28,0xa4506cebde82bde9
-.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
-.quad	0xca273eceea26619c,0xd186b8c721c0c207
-.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
-.quad	0x113f9804bef90dae,0x1b710b35131c471b
-.quad	0x28db77f523047d84,0x32caab7b40c72493
-.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
-.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
-.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
diff --git a/crypto/sha/asm/sha512-x86_64.pl b/crypto/sha/asm/sha512-x86_64.pl
deleted file mode 100755
index 8d51678557..0000000000
--- a/crypto/sha/asm/sha512-x86_64.pl
+++ /dev/null
@@ -1,451 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
-# forms are granted according to the OpenSSL license.
-# ====================================================================
-#
-# sha256/512_block procedure for x86_64.
-#
-# 40% improvement over compiler-generated code on Opteron. On EM64T
-# sha256 was observed to run >80% faster and sha512 - >40%. No magical
-# tricks, just straight implementation... I really wonder why gcc
-# [being armed with inline assembler] fails to generate as fast code.
-# The only thing which is cool about this module is that it's very
-# same instruction sequence used for both SHA-256 and SHA-512. In
-# former case the instructions operate on 32-bit operands, while in
-# latter - on 64-bit ones. All I had to do is to get one flavor right,
-# the other one passed the test right away:-)
-#
-# sha256_block runs in ~1005 cycles on Opteron, which gives you
-# asymptotic performance of 64*1000/1005=63.7MBps times CPU clock
-# frequency in GHz. sha512_block runs in ~1275 cycles, which results
-# in 128*1000/1275=100MBps per GHz. Is there room for improvement?
-# Well, if you compare it to IA-64 implementation, which maintains
-# X[16] in register bank[!], tends to 4 instructions per CPU clock
-# cycle and runs in 1003 cycles, 1275 is very good result for 3-way
-# issue Opteron pipeline and X[16] maintained in memory. So that *if*
-# there is a way to improve it, *then* the only way would be to try to
-# offload X[16] updates to SSE unit, but that would require "deeper"
-# loop unroll, which in turn would naturally cause size blow-up, not
-# to mention increased complexity! And once again, only *if* it's
-# actually possible to noticeably improve overall ILP, instruction
-# level parallelism, on a given CPU implementation in this case.
-#
-# Special note on Intel EM64T. While Opteron CPU exhibits perfect
-# perfromance ratio of 1.5 between 64- and 32-bit flavors [see above],
-# [currently available] EM64T CPUs apparently are far from it. On the
-# contrary, 64-bit version, sha512_block, is ~30% *slower* than 32-bit
-# sha256_block:-( This is presumably because 64-bit shifts/rotates
-# apparently are not atomic instructions, but implemented in microcode.
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-if ($output =~ /512/) {
-	$func="sha512_block_data_order";
-	$TABLE="K512";
-	$SZ=8;
-	@ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%rax","%rbx","%rcx","%rdx",
-					"%r8", "%r9", "%r10","%r11");
-	($T1,$a0,$a1,$a2)=("%r12","%r13","%r14","%r15");
-	@Sigma0=(28,34,39);
-	@Sigma1=(14,18,41);
-	@sigma0=(1,  8, 7);
-	@sigma1=(19,61, 6);
-	$rounds=80;
-} else {
-	$func="sha256_block_data_order";
-	$TABLE="K256";
-	$SZ=4;
-	@ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx",
-					"%r8d","%r9d","%r10d","%r11d");
-	($T1,$a0,$a1,$a2)=("%r12d","%r13d","%r14d","%r15d");
-	@Sigma0=( 2,13,22);
-	@Sigma1=( 6,11,25);
-	@sigma0=( 7,18, 3);
-	@sigma1=(17,19,10);
-	$rounds=64;
-}
-
-$ctx="%rdi";	# 1st arg
-$round="%rdi";	# zaps $ctx
-$inp="%rsi";	# 2nd arg
-$Tbl="%rbp";
-
-$_ctx="16*$SZ+0*8(%rsp)";
-$_inp="16*$SZ+1*8(%rsp)";
-$_end="16*$SZ+2*8(%rsp)";
-$_rsp="16*$SZ+3*8(%rsp)";
-$framesz="16*$SZ+4*8";
-
-
-sub ROUND_00_15()
-{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
-
-$code.=<<___;
-	ror	\$`$Sigma1[2]-$Sigma1[1]`,$a0
-	mov	$f,$a2
-	mov	$T1,`$SZ*($i&0xf)`(%rsp)
-
-	ror	\$`$Sigma0[2]-$Sigma0[1]`,$a1
-	xor	$e,$a0
-	xor	$g,$a2			# f^g
-
-	ror	\$`$Sigma1[1]-$Sigma1[0]`,$a0
-	add	$h,$T1			# T1+=h
-	xor	$a,$a1
-
-	add	($Tbl,$round,$SZ),$T1	# T1+=K[round]
-	and	$e,$a2			# (f^g)&e
-	mov	$b,$h
-
-	ror	\$`$Sigma0[1]-$Sigma0[0]`,$a1
-	xor	$e,$a0
-	xor	$g,$a2			# Ch(e,f,g)=((f^g)&e)^g
-
-	xor	$c,$h			# b^c
-	xor	$a,$a1
-	add	$a2,$T1			# T1+=Ch(e,f,g)
-	mov	$b,$a2
-
-	ror	\$$Sigma1[0],$a0	# Sigma1(e)
-	and	$a,$h			# h=(b^c)&a
-	and	$c,$a2			# b&c
-
-	ror	\$$Sigma0[0],$a1	# Sigma0(a)
-	add	$a0,$T1			# T1+=Sigma1(e)
-	add	$a2,$h			# h+=b&c (completes +=Maj(a,b,c)
-
-	add	$T1,$d			# d+=T1
-	add	$T1,$h			# h+=T1
-	lea	1($round),$round	# round++
-	add	$a1,$h			# h+=Sigma0(a)
-
-___
-}
-
-sub ROUND_16_XX()
-{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
-
-$code.=<<___;
-	mov	`$SZ*(($i+1)&0xf)`(%rsp),$a0
-	mov	`$SZ*(($i+14)&0xf)`(%rsp),$a1
-	mov	$a0,$T1
-	mov	$a1,$a2
-
-	ror	\$`$sigma0[1]-$sigma0[0]`,$T1
-	xor	$a0,$T1
-	shr	\$$sigma0[2],$a0
-
-	ror	\$$sigma0[0],$T1
-	xor	$T1,$a0			# sigma0(X[(i+1)&0xf])
-	mov	`$SZ*(($i+9)&0xf)`(%rsp),$T1
-
-	ror	\$`$sigma1[1]-$sigma1[0]`,$a2
-	xor	$a1,$a2
-	shr	\$$sigma1[2],$a1
-
-	ror	\$$sigma1[0],$a2
-	add	$a0,$T1
-	xor	$a2,$a1			# sigma1(X[(i+14)&0xf])
-
-	add	`$SZ*($i&0xf)`(%rsp),$T1
-	mov	$e,$a0
-	add	$a1,$T1
-	mov	$a,$a1
-___
-	&ROUND_00_15(@_);
-}
-
-$code=<<___;
-.text
-
-.globl	$func
-.type	$func,\@function,4
-.align	16
-$func:
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	mov	%rsp,%r11		# copy %rsp
-	shl	\$4,%rdx		# num*16
-	sub	\$$framesz,%rsp
-	lea	($inp,%rdx,$SZ),%rdx	# inp+num*16*$SZ
-	and	\$-64,%rsp		# align stack frame
-	mov	$ctx,$_ctx		# save ctx, 1st arg
-	mov	$inp,$_inp		# save inp, 2nd arh
-	mov	%rdx,$_end		# save end pointer, "3rd" arg
-	mov	%r11,$_rsp		# save copy of %rsp
-.Lprologue:
-
-	lea	$TABLE(%rip),$Tbl
-
-	mov	$SZ*0($ctx),$A
-	mov	$SZ*1($ctx),$B
-	mov	$SZ*2($ctx),$C
-	mov	$SZ*3($ctx),$D
-	mov	$SZ*4($ctx),$E
-	mov	$SZ*5($ctx),$F
-	mov	$SZ*6($ctx),$G
-	mov	$SZ*7($ctx),$H
-	jmp	.Lloop
-
-.align	16
-.Lloop:
-	xor	$round,$round
-___
-	for($i=0;$i<16;$i++) {
-		$code.="	mov	$SZ*$i($inp),$T1\n";
-		$code.="	mov	@ROT[4],$a0\n";
-		$code.="	mov	@ROT[0],$a1\n";
-		$code.="	bswap	$T1\n";
-		&ROUND_00_15($i,@ROT);
-		unshift(@ROT,pop(@ROT));
-	}
-$code.=<<___;
-	jmp	.Lrounds_16_xx
-.align	16
-.Lrounds_16_xx:
-___
-	for(;$i<32;$i++) {
-		&ROUND_16_XX($i,@ROT);
-		unshift(@ROT,pop(@ROT));
-	}
-
-$code.=<<___;
-	cmp	\$$rounds,$round
-	jb	.Lrounds_16_xx
-
-	mov	$_ctx,$ctx
-	lea	16*$SZ($inp),$inp
-
-	add	$SZ*0($ctx),$A
-	add	$SZ*1($ctx),$B
-	add	$SZ*2($ctx),$C
-	add	$SZ*3($ctx),$D
-	add	$SZ*4($ctx),$E
-	add	$SZ*5($ctx),$F
-	add	$SZ*6($ctx),$G
-	add	$SZ*7($ctx),$H
-
-	cmp	$_end,$inp
-
-	mov	$A,$SZ*0($ctx)
-	mov	$B,$SZ*1($ctx)
-	mov	$C,$SZ*2($ctx)
-	mov	$D,$SZ*3($ctx)
-	mov	$E,$SZ*4($ctx)
-	mov	$F,$SZ*5($ctx)
-	mov	$G,$SZ*6($ctx)
-	mov	$H,$SZ*7($ctx)
-	jb	.Lloop
-
-	mov	$_rsp,%rsi
-	mov	(%rsi),%r15
-	mov	8(%rsi),%r14
-	mov	16(%rsi),%r13
-	mov	24(%rsi),%r12
-	mov	32(%rsi),%rbp
-	mov	40(%rsi),%rbx
-	lea	48(%rsi),%rsp
-.Lepilogue:
-	ret
-.size	$func,.-$func
-___
-
-if ($SZ==4) {
-$code.=<<___;
-.align	64
-.type	$TABLE,\@object
-$TABLE:
-	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
-	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
-	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
-	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
-	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
-	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
-	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
-	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
-	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
-	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
-	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
-	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
-	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
-	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-___
-} else {
-$code.=<<___;
-.align	64
-.type	$TABLE,\@object
-$TABLE:
-	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
-	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
-	.quad	0x3956c25bf348b538,0x59f111f1b605d019
-	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
-	.quad	0xd807aa98a3030242,0x12835b0145706fbe
-	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
-	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
-	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
-	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
-	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
-	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
-	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
-	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
-	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
-	.quad	0x06ca6351e003826f,0x142929670a0e6e70
-	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
-	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
-	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
-	.quad	0x81c2c92e47edaee6,0x92722c851482353b
-	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
-	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
-	.quad	0xd192e819d6ef5218,0xd69906245565a910
-	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
-	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
-	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
-	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
-	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
-	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
-	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
-	.quad	0x90befffa23631e28,0xa4506cebde82bde9
-	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
-	.quad	0xca273eceea26619c,0xd186b8c721c0c207
-	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
-	.quad	0x113f9804bef90dae,0x1b710b35131c471b
-	.quad	0x28db77f523047d84,0x32caab7b40c72493
-	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
-	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
-	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
-___
-}
-
-# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
-#		CONTEXT *context,DISPATCHER_CONTEXT *disp)
-if ($win64) {
-$rec="%rcx";
-$frame="%rdx";
-$context="%r8";
-$disp="%r9";
-
-$code.=<<___;
-.extern	__imp_RtlVirtualUnwind
-.type	se_handler,\@abi-omnipotent
-.align	16
-se_handler:
-	push	%rsi
-	push	%rdi
-	push	%rbx
-	push	%rbp
-	push	%r12
-	push	%r13
-	push	%r14
-	push	%r15
-	pushfq
-	sub	\$64,%rsp
-
-	mov	120($context),%rax	# pull context->Rax
-	mov	248($context),%rbx	# pull context->Rip
-
-	lea	.Lprologue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip<.Lprologue
-	jb	.Lin_prologue
-
-	mov	152($context),%rax	# pull context->Rsp
-
-	lea	.Lepilogue(%rip),%r10
-	cmp	%r10,%rbx		# context->Rip>=.Lepilogue
-	jae	.Lin_prologue
-
-	mov	16*$SZ+3*8(%rax),%rax	# pull $_rsp
-	lea	48(%rax),%rax
-
-	mov	-8(%rax),%rbx
-	mov	-16(%rax),%rbp
-	mov	-24(%rax),%r12
-	mov	-32(%rax),%r13
-	mov	-40(%rax),%r14
-	mov	-48(%rax),%r15
-	mov	%rbx,144($context)	# restore context->Rbx
-	mov	%rbp,160($context)	# restore context->Rbp
-	mov	%r12,216($context)	# restore context->R12
-	mov	%r13,224($context)	# restore context->R13
-	mov	%r14,232($context)	# restore context->R14
-	mov	%r15,240($context)	# restore context->R15
-
-.Lin_prologue:
-	mov	8(%rax),%rdi
-	mov	16(%rax),%rsi
-	mov	%rax,152($context)	# restore context->Rsp
-	mov	%rsi,168($context)	# restore context->Rsi
-	mov	%rdi,176($context)	# restore context->Rdi
-
-	mov	40($disp),%rdi		# disp->ContextRecord
-	mov	$context,%rsi		# context
-	mov	\$154,%ecx		# sizeof(CONTEXT)
-	.long	0xa548f3fc		# cld; rep movsq
-
-	mov	$disp,%rsi
-	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER
-	mov	8(%rsi),%rdx		# arg2, disp->ImageBase
-	mov	0(%rsi),%r8		# arg3, disp->ControlPc
-	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry
-	mov	40(%rsi),%r10		# disp->ContextRecord
-	lea	56(%rsi),%r11		# &disp->HandlerData
-	lea	24(%rsi),%r12		# &disp->EstablisherFrame
-	mov	%r10,32(%rsp)		# arg5
-	mov	%r11,40(%rsp)		# arg6
-	mov	%r12,48(%rsp)		# arg7
-	mov	%rcx,56(%rsp)		# arg8, (NULL)
-	call	*__imp_RtlVirtualUnwind(%rip)
-
-	mov	\$1,%eax		# ExceptionContinueSearch
-	add	\$64,%rsp
-	popfq
-	pop	%r15
-	pop	%r14
-	pop	%r13
-	pop	%r12
-	pop	%rbp
-	pop	%rbx
-	pop	%rdi
-	pop	%rsi
-	ret
-.size	se_handler,.-se_handler
-
-.section	.pdata
-.align	4
-	.rva	.LSEH_begin_$func
-	.rva	.LSEH_end_$func
-	.rva	.LSEH_info_$func
-
-.section	.xdata
-.align	8
-.LSEH_info_$func:
-	.byte	9,0,0,0
-	.rva	se_handler
-___
-}
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-print $code;
-close STDOUT;
diff --git a/crypto/sha/sha.c b/crypto/sha/sha.c
deleted file mode 100644
index 42126551d1..0000000000
--- a/crypto/sha/sha.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/* crypto/sha/sha.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/sha.h>
-
-#define BUFSIZE	1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-int read(int, void *, unsigned int);
-int main(int argc, char **argv)
-	{
-	int i,err=0;
-	FILE *IN;
-
-	if (argc == 1)
-		{
-		do_fp(stdin);
-		}
-	else
-		{
-		for (i=1; i<argc; i++)
-			{
-			IN=fopen(argv[i],"r");
-			if (IN == NULL)
-				{
-				perror(argv[i]);
-				err++;
-				continue;
-				}
-			printf("SHA(%s)= ",argv[i]);
-			do_fp(IN);
-			fclose(IN);
-			}
-		}
-	exit(err);
-	}
-
-void do_fp(FILE *f)
-	{
-	SHA_CTX c;
-	unsigned char md[SHA_DIGEST_LENGTH];
-	int fd;
-	int i;
-	unsigned char buf[BUFSIZE];
-
-	fd=fileno(f);
-	SHA_Init(&c);
-	for (;;)
-		{
-		i=read(fd,buf,BUFSIZE);
-		if (i <= 0) break;
-		SHA_Update(&c,buf,(unsigned long)i);
-		}
-	SHA_Final(&(md[0]),&c);
-	pt(md);
-	}
-
-void pt(unsigned char *md)
-	{
-	int i;
-
-	for (i=0; i<SHA_DIGEST_LENGTH; i++)
-		printf("%02x",md[i]);
-	printf("\n");
-	}
-
diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h
deleted file mode 100644
index 8a6bf4bbbb..0000000000
--- a/crypto/sha/sha.h
+++ /dev/null
@@ -1,214 +0,0 @@
-/* crypto/sha/sha.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SHA_H
-#define HEADER_SHA_H
-
-#include <openssl/e_os2.h>
-#include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
-#error SHA is disabled.
-#endif
-
-#if defined(OPENSSL_FIPS)
-#define FIPS_SHA_SIZE_T size_t
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! SHA_LONG_LOG2 has to be defined along.                        !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(__LP32__)
-#define SHA_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define SHA_LONG unsigned long
-#define SHA_LONG_LOG2 3
-#else
-#define SHA_LONG unsigned int
-#endif
-
-#define SHA_LBLOCK	16
-#define SHA_CBLOCK	(SHA_LBLOCK*4)	/* SHA treats input data as a
-					 * contiguous array of 32 bit
-					 * wide big-endian values. */
-#define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
-#define SHA_DIGEST_LENGTH 20
-
-typedef struct SHAstate_st
-	{
-	SHA_LONG h0,h1,h2,h3,h4;
-	SHA_LONG Nl,Nh;
-	SHA_LONG data[SHA_LBLOCK];
-	unsigned int num;
-	} SHA_CTX;
-
-#ifndef OPENSSL_NO_SHA0
-#ifdef OPENSSL_FIPS
-int private_SHA_Init(SHA_CTX *c);
-#endif
-int SHA_Init(SHA_CTX *c);
-int SHA_Update(SHA_CTX *c, const void *data, size_t len);
-int SHA_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
-void SHA_Transform(SHA_CTX *c, const unsigned char *data);
-#endif
-#ifndef OPENSSL_NO_SHA1
-#ifdef OPENSSL_FIPS
-int private_SHA1_Init(SHA_CTX *c);
-#endif
-int SHA1_Init(SHA_CTX *c);
-int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
-int SHA1_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
-void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
-#endif
-
-#define SHA256_CBLOCK	(SHA_LBLOCK*4)	/* SHA-256 treats input data as a
-					 * contiguous array of 32 bit
-					 * wide big-endian values. */
-#define SHA224_DIGEST_LENGTH	28
-#define SHA256_DIGEST_LENGTH	32
-
-typedef struct SHA256state_st
-	{
-	SHA_LONG h[8];
-	SHA_LONG Nl,Nh;
-	SHA_LONG data[SHA_LBLOCK];
-	unsigned int num,md_len;
-	} SHA256_CTX;
-
-#ifndef OPENSSL_NO_SHA256
-#ifdef OPENSSL_FIPS
-int private_SHA224_Init(SHA256_CTX *c);
-int private_SHA256_Init(SHA256_CTX *c);
-#endif
-int SHA224_Init(SHA256_CTX *c);
-int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
-int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);
-int SHA256_Init(SHA256_CTX *c);
-int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
-int SHA256_Final(unsigned char *md, SHA256_CTX *c);
-unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);
-void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
-#endif
-
-#define SHA384_DIGEST_LENGTH	48
-#define SHA512_DIGEST_LENGTH	64
-
-#ifndef OPENSSL_NO_SHA512
-/*
- * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
- * being exactly 64-bit wide. See Implementation Notes in sha512.c
- * for further details.
- */
-#define SHA512_CBLOCK	(SHA_LBLOCK*8)	/* SHA-512 treats input data as a
-					 * contiguous array of 64 bit
-					 * wide big-endian values. */
-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-#define SHA_LONG64 unsigned __int64
-#define U64(C)     C##UI64
-#elif defined(__arch64__)
-#define SHA_LONG64 unsigned long
-#define U64(C)     C##UL
-#else
-#define SHA_LONG64 unsigned long long
-#define U64(C)     C##ULL
-#endif
-
-typedef struct SHA512state_st
-	{
-	SHA_LONG64 h[8];
-	SHA_LONG64 Nl,Nh;
-	union {
-		SHA_LONG64	d[SHA_LBLOCK];
-		unsigned char	p[SHA512_CBLOCK];
-	} u;
-	unsigned int num,md_len;
-	} SHA512_CTX;
-#endif
-
-#ifndef OPENSSL_NO_SHA512
-#ifdef OPENSSL_FIPS
-int private_SHA384_Init(SHA512_CTX *c);
-int private_SHA512_Init(SHA512_CTX *c);
-#endif
-int SHA384_Init(SHA512_CTX *c);
-int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
-int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);
-int SHA512_Init(SHA512_CTX *c);
-int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
-int SHA512_Final(unsigned char *md, SHA512_CTX *c);
-unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);
-void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/sha/sha1.c b/crypto/sha/sha1.c
deleted file mode 100644
index d350c88ee4..0000000000
--- a/crypto/sha/sha1.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* crypto/sha/sha1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/sha.h>
-
-#define BUFSIZE	1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-#ifndef _OSD_POSIX
-int read(int, void *, unsigned int);
-#endif
-
-int main(int argc, char **argv)
-	{
-	int i,err=0;
-	FILE *IN;
-
-	if (argc == 1)
-		{
-		do_fp(stdin);
-		}
-	else
-		{
-		for (i=1; i<argc; i++)
-			{
-			IN=fopen(argv[i],"r");
-			if (IN == NULL)
-				{
-				perror(argv[i]);
-				err++;
-				continue;
-				}
-			printf("SHA1(%s)= ",argv[i]);
-			do_fp(IN);
-			fclose(IN);
-			}
-		}
-	exit(err);
-	}
-
-void do_fp(FILE *f)
-	{
-	SHA_CTX c;
-	unsigned char md[SHA_DIGEST_LENGTH];
-	int fd;
-	int i;
-	unsigned char buf[BUFSIZE];
-
-	fd=fileno(f);
-	SHA1_Init(&c);
-	for (;;)
-		{
-		i=read(fd,buf,BUFSIZE);
-		if (i <= 0) break;
-		SHA1_Update(&c,buf,(unsigned long)i);
-		}
-	SHA1_Final(&(md[0]),&c);
-	pt(md);
-	}
-
-void pt(unsigned char *md)
-	{
-	int i;
-
-	for (i=0; i<SHA_DIGEST_LENGTH; i++)
-		printf("%02x",md[i]);
-	printf("\n");
-	}
-
diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
deleted file mode 100644
index c56ec94020..0000000000
--- a/crypto/sha/sha1_one.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/* crypto/sha/sha1_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/sha.h>
-
-#ifndef OPENSSL_NO_SHA1
-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	SHA_CTX c;
-	static unsigned char m[SHA_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	if (!SHA1_Init(&c))
-		return NULL;
-	SHA1_Update(&c,d,n);
-	SHA1_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c));
-	return(md);
-	}
-#endif
diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c
deleted file mode 100644
index a98690225f..0000000000
--- a/crypto/sha/sha1dgst.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/* crypto/sha/sha1dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/crypto.h>
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
-
-#undef  SHA_0
-#define SHA_1
-
-#include <openssl/opensslv.h>
-
-const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
-
-/* The implementation is in ../md32_common.h */
-
-#include "sha_locl.h"
-
-#endif
-
diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c
deleted file mode 100644
index 6feb3964c7..0000000000
--- a/crypto/sha/sha1test.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/* crypto/sha/sha1test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_SHA
-int main(int argc, char *argv[])
-{
-    printf("No SHA support\n");
-    return(0);
-}
-#else
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-#undef SHA_0 /* FIPS 180 */
-#define  SHA_1 /* FIPS 180-1 */
-
-static char *test[]={
-	"abc",
-	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
-	NULL,
-	};
-
-#ifdef SHA_0
-static char *ret[]={
-	"0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
-	"d2516ee1acfa5baf33dfc1c471e438449ef134c8",
-	};
-static char *bigret=
-	"3232affa48628a26653b5aaa44541fd90d690603";
-#endif
-#ifdef SHA_1
-static char *ret[]={
-	"a9993e364706816aba3e25717850c26c9cd0d89d",
-	"84983e441c3bd26ebaae4aa1f95129e5e54670f1",
-	};
-static char *bigret=
-	"34aa973cd4c4daa4f61eeb2bdbad27316534016f";
-#endif
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-	{
-	int i,err=0;
-	char **P,**R;
-	static unsigned char buf[1000];
-	char *p,*r;
-	EVP_MD_CTX c;
-	unsigned char md[SHA_DIGEST_LENGTH];
-
-#ifdef CHARSET_EBCDIC
-	ebcdic2ascii(test[0], test[0], strlen(test[0]));
-	ebcdic2ascii(test[1], test[1], strlen(test[1]));
-#endif
-
-	EVP_MD_CTX_init(&c);
-	P=test;
-	R=ret;
-	i=1;
-	while (*P != NULL)
-		{
-		EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha1(), NULL);
-		p=pt(md);
-		if (strcmp(p,(char *)*R) != 0)
-			{
-			printf("error calculating SHA1 on '%s'\n",*P);
-			printf("got %s instead of %s\n",p,*R);
-			err++;
-			}
-		else
-			printf("test %d ok\n",i);
-		i++;
-		R++;
-		P++;
-		}
-
-	memset(buf,'a',1000);
-#ifdef CHARSET_EBCDIC
-	ebcdic2ascii(buf, buf, 1000);
-#endif /*CHARSET_EBCDIC*/
-	EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
-	for (i=0; i<1000; i++)
-		EVP_DigestUpdate(&c,buf,1000);
-	EVP_DigestFinal_ex(&c,md,NULL);
-	p=pt(md);
-
-	r=bigret;
-	if (strcmp(p,r) != 0)
-		{
-		printf("error calculating SHA1 on 'a' * 1000\n");
-		printf("got %s instead of %s\n",p,r);
-		err++;
-		}
-	else
-		printf("test 3 ok\n");
-
-#ifdef OPENSSL_SYS_NETWARE
-    if (err) printf("ERROR: %d\n", err);
-#endif
-	EXIT(err);
-	EVP_MD_CTX_cleanup(&c);
-	return(0);
-	}
-
-static char *pt(unsigned char *md)
-	{
-	int i;
-	static char buf[80];
-
-	for (i=0; i<SHA_DIGEST_LENGTH; i++)
-		sprintf(&(buf[i*2]),"%02x",md[i]);
-	return(buf);
-	}
-#endif
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
deleted file mode 100644
index 4eae074849..0000000000
--- a/crypto/sha/sha256.c
+++ /dev/null
@@ -1,282 +0,0 @@
-/* crypto/sha/sha256.c */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved
- * according to the OpenSSL license [found in ../../LICENSE].
- * ====================================================================
- */
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/crypto.h>
-#include <openssl/sha.h>
-#include <openssl/opensslv.h>
-
-const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
-
-fips_md_init_ctx(SHA224, SHA256)
-	{
-	memset (c,0,sizeof(*c));
-	c->h[0]=0xc1059ed8UL;	c->h[1]=0x367cd507UL;
-	c->h[2]=0x3070dd17UL;	c->h[3]=0xf70e5939UL;
-	c->h[4]=0xffc00b31UL;	c->h[5]=0x68581511UL;
-	c->h[6]=0x64f98fa7UL;	c->h[7]=0xbefa4fa4UL;
-	c->md_len=SHA224_DIGEST_LENGTH;
-	return 1;
-	}
-
-fips_md_init(SHA256)
-	{
-	memset (c,0,sizeof(*c));
-	c->h[0]=0x6a09e667UL;	c->h[1]=0xbb67ae85UL;
-	c->h[2]=0x3c6ef372UL;	c->h[3]=0xa54ff53aUL;
-	c->h[4]=0x510e527fUL;	c->h[5]=0x9b05688cUL;
-	c->h[6]=0x1f83d9abUL;	c->h[7]=0x5be0cd19UL;
-	c->md_len=SHA256_DIGEST_LENGTH;
-	return 1;
-	}
-
-unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	SHA256_CTX c;
-	static unsigned char m[SHA224_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	SHA224_Init(&c);
-	SHA256_Update(&c,d,n);
-	SHA256_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c));
-	return(md);
-	}
-
-unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	SHA256_CTX c;
-	static unsigned char m[SHA256_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	SHA256_Init(&c);
-	SHA256_Update(&c,d,n);
-	SHA256_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c));
-	return(md);
-	}
-
-int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
-{   return SHA256_Update (c,data,len);   }
-int SHA224_Final (unsigned char *md, SHA256_CTX *c)
-{   return SHA256_Final (md,c);   }
-
-#define	DATA_ORDER_IS_BIG_ENDIAN
-
-#define	HASH_LONG		SHA_LONG
-#define	HASH_CTX		SHA256_CTX
-#define	HASH_CBLOCK		SHA_CBLOCK
-/*
- * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
- * default: case below covers for it. It's not clear however if it's
- * permitted to truncate to amount of bytes not divisible by 4. I bet not,
- * but if it is, then default: case shall be extended. For reference.
- * Idea behind separate cases for pre-defined lenghts is to let the
- * compiler decide if it's appropriate to unroll small loops.
- */
-#define	HASH_MAKE_STRING(c,s)	do {	\
-	unsigned long ll;		\
-	unsigned int  nn;		\
-	switch ((c)->md_len)		\
-	{   case SHA224_DIGEST_LENGTH:	\
-		for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++)	\
-		{   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }	\
-		break;			\
-	    case SHA256_DIGEST_LENGTH:	\
-		for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++)	\
-		{   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }	\
-		break;			\
-	    default:			\
-		if ((c)->md_len > SHA256_DIGEST_LENGTH)	\
-		    return 0;				\
-		for (nn=0;nn<(c)->md_len/4;nn++)		\
-		{   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }	\
-		break;			\
-	}				\
-	} while (0)
-
-#define	HASH_UPDATE		SHA256_Update
-#define	HASH_TRANSFORM		SHA256_Transform
-#define	HASH_FINAL		SHA256_Final
-#define	HASH_BLOCK_DATA_ORDER	sha256_block_data_order
-#ifndef SHA256_ASM
-static
-#endif
-void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
-
-#include "md32_common.h"
-
-#ifndef SHA256_ASM
-static const SHA_LONG K256[64] = {
-	0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,
-	0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,
-	0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL,
-	0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL,
-	0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL,
-	0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL,
-	0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL,
-	0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL,
-	0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL,
-	0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL,
-	0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL,
-	0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL,
-	0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL,
-	0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL,
-	0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL,
-	0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL };
-
-/*
- * FIPS specification refers to right rotations, while our ROTATE macro
- * is left one. This is why you might notice that rotation coefficients
- * differ from those observed in FIPS document by 32-N...
- */
-#define Sigma0(x)	(ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
-#define Sigma1(x)	(ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
-#define sigma0(x)	(ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
-#define sigma1(x)	(ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
-
-#define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))
-#define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-
-#ifdef OPENSSL_SMALL_FOOTPRINT
-
-static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num)
-	{
-	unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;
-	SHA_LONG	X[16],l;
-	int i;
-	const unsigned char *data=in;
-
-			while (num--) {
-
-	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
-	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
-
-	for (i=0;i<16;i++)
-		{
-		HOST_c2l(data,l); T1 = X[i] = l;
-		T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
-		T2 = Sigma0(a) + Maj(a,b,c);
-		h = g;	g = f;	f = e;	e = d + T1;
-		d = c;	c = b;	b = a;	a = T1 + T2;
-		}
-
-	for (;i<64;i++)
-		{
-		s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);
-		s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);
-
-		T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
-		T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
-		T2 = Sigma0(a) + Maj(a,b,c);
-		h = g;	g = f;	f = e;	e = d + T1;
-		d = c;	c = b;	b = a;	a = T1 + T2;
-		}
-
-	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;
-	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;
-
-			}
-}
-
-#else
-
-#define	ROUND_00_15(i,a,b,c,d,e,f,g,h)		do {	\
-	T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];	\
-	h = Sigma0(a) + Maj(a,b,c);			\
-	d += T1;	h += T1;		} while (0)
-
-#define	ROUND_16_63(i,a,b,c,d,e,f,g,h,X)	do {	\
-	s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);	\
-	s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);	\
-	T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];	\
-	ROUND_00_15(i,a,b,c,d,e,f,g,h);		} while (0)
-
-static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num)
-	{
-	unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;
-	SHA_LONG	X[16];
-	int i;
-	const unsigned char *data=in;
-	const union { long one; char little; } is_endian = {1};
-
-			while (num--) {
-
-	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
-	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
-
-	if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)in%4)==0)
-		{
-		const SHA_LONG *W=(const SHA_LONG *)data;
-
-		T1 = X[0] = W[0];	ROUND_00_15(0,a,b,c,d,e,f,g,h);
-		T1 = X[1] = W[1];	ROUND_00_15(1,h,a,b,c,d,e,f,g);
-		T1 = X[2] = W[2];	ROUND_00_15(2,g,h,a,b,c,d,e,f);
-		T1 = X[3] = W[3];	ROUND_00_15(3,f,g,h,a,b,c,d,e);
-		T1 = X[4] = W[4];	ROUND_00_15(4,e,f,g,h,a,b,c,d);
-		T1 = X[5] = W[5];	ROUND_00_15(5,d,e,f,g,h,a,b,c);
-		T1 = X[6] = W[6];	ROUND_00_15(6,c,d,e,f,g,h,a,b);
-		T1 = X[7] = W[7];	ROUND_00_15(7,b,c,d,e,f,g,h,a);
-		T1 = X[8] = W[8];	ROUND_00_15(8,a,b,c,d,e,f,g,h);
-		T1 = X[9] = W[9];	ROUND_00_15(9,h,a,b,c,d,e,f,g);
-		T1 = X[10] = W[10];	ROUND_00_15(10,g,h,a,b,c,d,e,f);
-		T1 = X[11] = W[11];	ROUND_00_15(11,f,g,h,a,b,c,d,e);
-		T1 = X[12] = W[12];	ROUND_00_15(12,e,f,g,h,a,b,c,d);
-		T1 = X[13] = W[13];	ROUND_00_15(13,d,e,f,g,h,a,b,c);
-		T1 = X[14] = W[14];	ROUND_00_15(14,c,d,e,f,g,h,a,b);
-		T1 = X[15] = W[15];	ROUND_00_15(15,b,c,d,e,f,g,h,a);
-
-		data += SHA256_CBLOCK;
-		}
-	else
-		{
-		SHA_LONG l;
-
-		HOST_c2l(data,l); T1 = X[0] = l;  ROUND_00_15(0,a,b,c,d,e,f,g,h);
-		HOST_c2l(data,l); T1 = X[1] = l;  ROUND_00_15(1,h,a,b,c,d,e,f,g);
-		HOST_c2l(data,l); T1 = X[2] = l;  ROUND_00_15(2,g,h,a,b,c,d,e,f);
-		HOST_c2l(data,l); T1 = X[3] = l;  ROUND_00_15(3,f,g,h,a,b,c,d,e);
-		HOST_c2l(data,l); T1 = X[4] = l;  ROUND_00_15(4,e,f,g,h,a,b,c,d);
-		HOST_c2l(data,l); T1 = X[5] = l;  ROUND_00_15(5,d,e,f,g,h,a,b,c);
-		HOST_c2l(data,l); T1 = X[6] = l;  ROUND_00_15(6,c,d,e,f,g,h,a,b);
-		HOST_c2l(data,l); T1 = X[7] = l;  ROUND_00_15(7,b,c,d,e,f,g,h,a);
-		HOST_c2l(data,l); T1 = X[8] = l;  ROUND_00_15(8,a,b,c,d,e,f,g,h);
-		HOST_c2l(data,l); T1 = X[9] = l;  ROUND_00_15(9,h,a,b,c,d,e,f,g);
-		HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f);
-		HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e);
-		HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d);
-		HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c);
-		HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b);
-		HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a);
-		}
-
-	for (i=16;i<64;i+=8)
-		{
-		ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X);
-		ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X);
-		ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X);
-		ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X);
-		ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X);
-		ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X);
-		ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X);
-		ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);
-		}
-
-	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;
-	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;
-
-			}
-	}
-
-#endif
-#endif /* SHA256_ASM */
-
-#endif /* OPENSSL_NO_SHA256 */
diff --git a/crypto/sha/sha256t.c b/crypto/sha/sha256t.c
deleted file mode 100644
index 6b4a3bd001..0000000000
--- a/crypto/sha/sha256t.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/* crypto/sha/sha256t.c */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- * ====================================================================
- */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256)
-int main(int argc, char *argv[])
-{
-    printf("No SHA256 support\n");
-    return(0);
-}
-#else
-
-unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
-	0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,
-	0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
-	0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,
-	0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad	};
-
-unsigned char app_b2[SHA256_DIGEST_LENGTH] = {
-	0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,
-	0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39,
-	0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,
-	0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1	};
-
-unsigned char app_b3[SHA256_DIGEST_LENGTH] = {
-	0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92,
-	0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67,
-	0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e,
-	0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0	};
-
-unsigned char addenum_1[SHA224_DIGEST_LENGTH] = {
-	0x23,0x09,0x7d,0x22,0x34,0x05,0xd8,0x22,
-	0x86,0x42,0xa4,0x77,0xbd,0xa2,0x55,0xb3,
-	0x2a,0xad,0xbc,0xe4,0xbd,0xa0,0xb3,0xf7,
-	0xe3,0x6c,0x9d,0xa7 };
-
-unsigned char addenum_2[SHA224_DIGEST_LENGTH] = {
-	0x75,0x38,0x8b,0x16,0x51,0x27,0x76,0xcc,
-	0x5d,0xba,0x5d,0xa1,0xfd,0x89,0x01,0x50,
-	0xb0,0xc6,0x45,0x5c,0xb4,0xf5,0x8b,0x19,
-	0x52,0x52,0x25,0x25 };
-
-unsigned char addenum_3[SHA224_DIGEST_LENGTH] = {
-	0x20,0x79,0x46,0x55,0x98,0x0c,0x91,0xd8,
-	0xbb,0xb4,0xc1,0xea,0x97,0x61,0x8a,0x4b,
-	0xf0,0x3f,0x42,0x58,0x19,0x48,0xb2,0xee,
-	0x4e,0xe7,0xad,0x67 };
-
-int main (int argc,char **argv)
-{ unsigned char md[SHA256_DIGEST_LENGTH];
-  int		i;
-  EVP_MD_CTX	evp;
-
-    fprintf(stdout,"Testing SHA-256 ");
-
-    EVP_Digest ("abc",3,md,NULL,EVP_sha256(),NULL);
-    if (memcmp(md,app_b1,sizeof(app_b1)))
-    {	fflush(stdout);
-	fprintf(stderr,"\nTEST 1 of 3 failed.\n");
-	return 1;
-    }
-    else
-	fprintf(stdout,"."); fflush(stdout);
-
-    EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk"
-		"ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha256(),NULL);
-    if (memcmp(md,app_b2,sizeof(app_b2)))
-    {	fflush(stdout);
-	fprintf(stderr,"\nTEST 2 of 3 failed.\n");
-	return 1;
-    }
-    else
-	fprintf(stdout,"."); fflush(stdout);
-
-    EVP_MD_CTX_init (&evp);
-    EVP_DigestInit_ex (&evp,EVP_sha256(),NULL);
-    for (i=0;i<1000000;i+=160)
-	EVP_DigestUpdate (&evp,	"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
-				(1000000-i)<160?1000000-i:160);
-    EVP_DigestFinal_ex (&evp,md,NULL);
-    EVP_MD_CTX_cleanup (&evp);
-
-    if (memcmp(md,app_b3,sizeof(app_b3)))
-    {	fflush(stdout);
-	fprintf(stderr,"\nTEST 3 of 3 failed.\n");
-	return 1;
-    }
-    else
-	fprintf(stdout,"."); fflush(stdout);
-
-    fprintf(stdout," passed.\n"); fflush(stdout);
-
-    fprintf(stdout,"Testing SHA-224 ");
-
-    EVP_Digest ("abc",3,md,NULL,EVP_sha224(),NULL);
-    if (memcmp(md,addenum_1,sizeof(addenum_1)))
-    {	fflush(stdout);
-	fprintf(stderr,"\nTEST 1 of 3 failed.\n");
-	return 1;
-    }
-    else
-	fprintf(stdout,"."); fflush(stdout);
-
-    EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk"
-		"ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha224(),NULL);
-    if (memcmp(md,addenum_2,sizeof(addenum_2)))
-    {	fflush(stdout);
-	fprintf(stderr,"\nTEST 2 of 3 failed.\n");
-	return 1;
-    }
-    else
-	fprintf(stdout,"."); fflush(stdout);
-
-    EVP_MD_CTX_init (&evp);
-    EVP_DigestInit_ex (&evp,EVP_sha224(),NULL);
-    for (i=0;i<1000000;i+=64)
-	EVP_DigestUpdate (&evp,	"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
-				(1000000-i)<64?1000000-i:64);
-    EVP_DigestFinal_ex (&evp,md,NULL);
-    EVP_MD_CTX_cleanup (&evp);
-
-    if (memcmp(md,addenum_3,sizeof(addenum_3)))
-    {	fflush(stdout);
-	fprintf(stderr,"\nTEST 3 of 3 failed.\n");
-	return 1;
-    }
-    else
-	fprintf(stdout,"."); fflush(stdout);
-
-    fprintf(stdout," passed.\n"); fflush(stdout);
-
-  return 0;
-}
-#endif
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
deleted file mode 100644
index 50c229ddeb..0000000000
--- a/crypto/sha/sha512.c
+++ /dev/null
@@ -1,604 +0,0 @@
-/* crypto/sha/sha512.c */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved
- * according to the OpenSSL license [found in ../../LICENSE].
- * ====================================================================
- */
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
-/*
- * IMPLEMENTATION NOTES.
- *
- * As you might have noticed 32-bit hash algorithms:
- *
- * - permit SHA_LONG to be wider than 32-bit (case on CRAY);
- * - optimized versions implement two transform functions: one operating
- *   on [aligned] data in host byte order and one - on data in input
- *   stream byte order;
- * - share common byte-order neutral collector and padding function
- *   implementations, ../md32_common.h;
- *
- * Neither of the above applies to this SHA-512 implementations. Reasons
- * [in reverse order] are:
- *
- * - it's the only 64-bit hash algorithm for the moment of this writing,
- *   there is no need for common collector/padding implementation [yet];
- * - by supporting only one transform function [which operates on
- *   *aligned* data in input stream byte order, big-endian in this case]
- *   we minimize burden of maintenance in two ways: a) collector/padding
- *   function is simpler; b) only one transform function to stare at;
- * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
- *   apply a number of optimizations to mitigate potential performance
- *   penalties caused by previous design decision;
- *
- * Caveat lector.
- *
- * Implementation relies on the fact that "long long" is 64-bit on
- * both 32- and 64-bit platforms. If some compiler vendor comes up
- * with 128-bit long long, adjustment to sha.h would be required.
- * As this implementation relies on 64-bit integer type, it's totally
- * inappropriate for platforms which don't support it, most notably
- * 16-bit platforms.
- *					<appro@fy.chalmers.se>
- */
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/crypto.h>
-#include <openssl/sha.h>
-#include <openssl/opensslv.h>
-
-#include "cryptlib.h"
-
-const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
-
-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
-    defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
-    defined(__s390__) || defined(__s390x__) || \
-    defined(SHA512_ASM)
-#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
-#endif
-
-fips_md_init_ctx(SHA384, SHA512)
-	{
-	c->h[0]=U64(0xcbbb9d5dc1059ed8);
-	c->h[1]=U64(0x629a292a367cd507);
-	c->h[2]=U64(0x9159015a3070dd17);
-	c->h[3]=U64(0x152fecd8f70e5939);
-	c->h[4]=U64(0x67332667ffc00b31);
-	c->h[5]=U64(0x8eb44a8768581511);
-	c->h[6]=U64(0xdb0c2e0d64f98fa7);
-	c->h[7]=U64(0x47b5481dbefa4fa4);
-
-        c->Nl=0;        c->Nh=0;
-        c->num=0;       c->md_len=SHA384_DIGEST_LENGTH;
-        return 1;
-	}
-
-fips_md_init(SHA512)
-	{
-	c->h[0]=U64(0x6a09e667f3bcc908);
-	c->h[1]=U64(0xbb67ae8584caa73b);
-	c->h[2]=U64(0x3c6ef372fe94f82b);
-	c->h[3]=U64(0xa54ff53a5f1d36f1);
-	c->h[4]=U64(0x510e527fade682d1);
-	c->h[5]=U64(0x9b05688c2b3e6c1f);
-	c->h[6]=U64(0x1f83d9abfb41bd6b);
-	c->h[7]=U64(0x5be0cd19137e2179);
-
-        c->Nl=0;        c->Nh=0;
-        c->num=0;       c->md_len=SHA512_DIGEST_LENGTH;
-        return 1;
-	}
-
-#ifndef SHA512_ASM
-static
-#endif
-void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num);
-
-int SHA512_Final (unsigned char *md, SHA512_CTX *c)
-	{
-	unsigned char *p=(unsigned char *)c->u.p;
-	size_t n=c->num;
-
-	p[n]=0x80;	/* There always is a room for one */
-	n++;
-	if (n > (sizeof(c->u)-16))
-		memset (p+n,0,sizeof(c->u)-n), n=0,
-		sha512_block_data_order (c,p,1);
-
-	memset (p+n,0,sizeof(c->u)-16-n);
-#ifdef	B_ENDIAN
-	c->u.d[SHA_LBLOCK-2] = c->Nh;
-	c->u.d[SHA_LBLOCK-1] = c->Nl;
-#else
-	p[sizeof(c->u)-1]  = (unsigned char)(c->Nl);
-	p[sizeof(c->u)-2]  = (unsigned char)(c->Nl>>8);
-	p[sizeof(c->u)-3]  = (unsigned char)(c->Nl>>16);
-	p[sizeof(c->u)-4]  = (unsigned char)(c->Nl>>24);
-	p[sizeof(c->u)-5]  = (unsigned char)(c->Nl>>32);
-	p[sizeof(c->u)-6]  = (unsigned char)(c->Nl>>40);
-	p[sizeof(c->u)-7]  = (unsigned char)(c->Nl>>48);
-	p[sizeof(c->u)-8]  = (unsigned char)(c->Nl>>56);
-	p[sizeof(c->u)-9]  = (unsigned char)(c->Nh);
-	p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8);
-	p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16);
-	p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24);
-	p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32);
-	p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40);
-	p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48);
-	p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56);
-#endif
-
-	sha512_block_data_order (c,p,1);
-
-	if (md==0) return 0;
-
-	switch (c->md_len)
-		{
-		/* Let compiler decide if it's appropriate to unroll... */
-		case SHA384_DIGEST_LENGTH:
-			for (n=0;n<SHA384_DIGEST_LENGTH/8;n++)
-				{
-				SHA_LONG64 t = c->h[n];
-
-				*(md++)	= (unsigned char)(t>>56);
-				*(md++)	= (unsigned char)(t>>48);
-				*(md++)	= (unsigned char)(t>>40);
-				*(md++)	= (unsigned char)(t>>32);
-				*(md++)	= (unsigned char)(t>>24);
-				*(md++)	= (unsigned char)(t>>16);
-				*(md++)	= (unsigned char)(t>>8);
-				*(md++)	= (unsigned char)(t);
-				}
-			break;
-		case SHA512_DIGEST_LENGTH:
-			for (n=0;n<SHA512_DIGEST_LENGTH/8;n++)
-				{
-				SHA_LONG64 t = c->h[n];
-
-				*(md++)	= (unsigned char)(t>>56);
-				*(md++)	= (unsigned char)(t>>48);
-				*(md++)	= (unsigned char)(t>>40);
-				*(md++)	= (unsigned char)(t>>32);
-				*(md++)	= (unsigned char)(t>>24);
-				*(md++)	= (unsigned char)(t>>16);
-				*(md++)	= (unsigned char)(t>>8);
-				*(md++)	= (unsigned char)(t);
-				}
-			break;
-		/* ... as well as make sure md_len is not abused. */
-		default:	return 0;
-		}
-
-	return 1;
-	}
-
-int SHA384_Final (unsigned char *md,SHA512_CTX *c)
-{   return SHA512_Final (md,c);   }
-
-int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
-	{
-	SHA_LONG64	l;
-	unsigned char  *p=c->u.p;
-	const unsigned char *data=(const unsigned char *)_data;
-
-	if (len==0) return  1;
-
-	l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);
-	if (l < c->Nl)		c->Nh++;
-	if (sizeof(len)>=8)	c->Nh+=(((SHA_LONG64)len)>>61);
-	c->Nl=l;
-
-	if (c->num != 0)
-		{
-		size_t n = sizeof(c->u) - c->num;
-
-		if (len < n)
-			{
-			memcpy (p+c->num,data,len), c->num += (unsigned int)len;
-			return 1;
-			}
-		else	{
-			memcpy (p+c->num,data,n), c->num = 0;
-			len-=n, data+=n;
-			sha512_block_data_order (c,p,1);
-			}
-		}
-
-	if (len >= sizeof(c->u))
-		{
-#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
-		if ((size_t)data%sizeof(c->u.d[0]) != 0)
-			while (len >= sizeof(c->u))
-				memcpy (p,data,sizeof(c->u)),
-				sha512_block_data_order (c,p,1),
-				len  -= sizeof(c->u),
-				data += sizeof(c->u);
-		else
-#endif
-			sha512_block_data_order (c,data,len/sizeof(c->u)),
-			data += len,
-			len  %= sizeof(c->u),
-			data -= len;
-		}
-
-	if (len != 0)	memcpy (p,data,len), c->num = (int)len;
-
-	return 1;
-	}
-
-int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
-{   return SHA512_Update (c,data,len);   }
-
-void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
-	{
-#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
-	if ((size_t)data%sizeof(c->u.d[0]) != 0)
-		memcpy(c->u.p,data,sizeof(c->u.p)),
-		data = c->u.p;
-#endif
-	sha512_block_data_order (c,data,1);
-	}
-
-unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	SHA512_CTX c;
-	static unsigned char m[SHA384_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	SHA384_Init(&c);
-	SHA512_Update(&c,d,n);
-	SHA512_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c));
-	return(md);
-	}
-
-unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	SHA512_CTX c;
-	static unsigned char m[SHA512_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	SHA512_Init(&c);
-	SHA512_Update(&c,d,n);
-	SHA512_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c));
-	return(md);
-	}
-
-#ifndef SHA512_ASM
-static const SHA_LONG64 K512[80] = {
-        U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),
-        U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),
-        U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),
-        U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),
-        U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),
-        U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),
-        U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),
-        U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),
-        U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),
-        U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),
-        U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),
-        U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),
-        U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),
-        U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),
-        U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),
-        U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),
-        U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),
-        U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),
-        U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),
-        U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),
-        U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),
-        U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),
-        U64(0xd192e819d6ef5218),U64(0xd69906245565a910),
-        U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),
-        U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),
-        U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),
-        U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),
-        U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),
-        U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),
-        U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),
-        U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),
-        U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),
-        U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),
-        U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),
-        U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),
-        U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),
-        U64(0x28db77f523047d84),U64(0x32caab7b40c72493),
-        U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),
-        U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),
-        U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };
-
-#ifndef PEDANTIC
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#  if defined(__x86_64) || defined(__x86_64__)
-#   define ROTR(a,n)	({ SHA_LONG64 ret;		\
-				asm ("rorq %1,%0"	\
-				: "=r"(ret)		\
-				: "J"(n),"0"(a)		\
-				: "cc"); ret;		})
-#   if !defined(B_ENDIAN)
-#    define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));	\
-				asm ("bswapq	%0"		\
-				: "=r"(ret)			\
-				: "0"(ret)); ret;		})
-#   endif
-#  elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
-#   if defined(I386_ONLY)
-#    define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
-			 unsigned int hi=p[0],lo=p[1];		\
-				asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
-				    "roll $16,%%eax; roll $16,%%edx; "\
-				    "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \
-				: "=a"(lo),"=d"(hi)		\
-				: "0"(lo),"1"(hi) : "cc");	\
-				((SHA_LONG64)hi)<<32|lo;	})
-#   else
-#    define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
-			 unsigned int hi=p[0],lo=p[1];		\
-				asm ("bswapl %0; bswapl %1;"	\
-				: "=r"(lo),"=r"(hi)		\
-				: "0"(lo),"1"(hi));		\
-				((SHA_LONG64)hi)<<32|lo;	})
-#   endif
-#  elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
-#   define ROTR(a,n)	({ SHA_LONG64 ret;		\
-				asm ("rotrdi %0,%1,%2"	\
-				: "=r"(ret)		\
-				: "r"(a),"K"(n)); ret;	})
-#  endif
-# elif defined(_MSC_VER)
-#  if defined(_WIN64)	/* applies to both IA-64 and AMD64 */
-#   pragma intrinsic(_rotr64)
-#   define ROTR(a,n)	_rotr64((a),n)
-#  endif
-#  if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#   if defined(I386_ONLY)
-    static SHA_LONG64 __fastcall __pull64be(const void *x)
-    {	_asm	mov	edx, [ecx + 0]
-	_asm	mov	eax, [ecx + 4]
-	_asm	xchg	dh,dl
-	_asm	xchg	ah,al
-	_asm	rol	edx,16
-	_asm	rol	eax,16
-	_asm	xchg	dh,dl
-	_asm	xchg	ah,al
-    }
-#   else
-    static SHA_LONG64 __fastcall __pull64be(const void *x)
-    {	_asm	mov	edx, [ecx + 0]
-	_asm	mov	eax, [ecx + 4]
-	_asm	bswap	edx
-	_asm	bswap	eax
-    }
-#   endif
-#   define PULL64(x) __pull64be(&(x))
-#   if _MSC_VER<=1200
-#    pragma inline_depth(0)
-#   endif
-#  endif
-# endif
-#endif
-
-#ifndef PULL64
-#define B(x,j)    (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
-#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
-#endif
-
-#ifndef ROTR
-#define ROTR(x,s)	(((x)>>s) | (x)<<(64-s))
-#endif
-
-#define Sigma0(x)	(ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
-#define Sigma1(x)	(ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
-#define sigma0(x)	(ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
-#define sigma1(x)	(ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
-
-#define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))
-#define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-
-
-#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
-/*
- * This code should give better results on 32-bit CPU with less than
- * ~24 registers, both size and performance wise...
- */
-static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
-	{
-	const SHA_LONG64 *W=in;
-	SHA_LONG64	A,E,T;
-	SHA_LONG64	X[9+80],*F;
-	int i;
-
-			while (num--) {
-
-	F    = X+80;
-	A    = ctx->h[0];	F[1] = ctx->h[1];
-	F[2] = ctx->h[2];	F[3] = ctx->h[3];
-	E    = ctx->h[4];	F[5] = ctx->h[5];
-	F[6] = ctx->h[6];	F[7] = ctx->h[7];
-
-	for (i=0;i<16;i++,F--)
-		{
-#ifdef B_ENDIAN
-		T = W[i];
-#else
-		T = PULL64(W[i]);
-#endif
-		F[0] = A;
-		F[4] = E;
-		F[8] = T;
-		T   += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i];
-		E    = F[3] + T;
-		A    = T + Sigma0(A) + Maj(A,F[1],F[2]);
-		}
-
-	for (;i<80;i++,F--)
-		{
-		T    = sigma0(F[8+16-1]);
-		T   += sigma1(F[8+16-14]);
-		T   += F[8+16] + F[8+16-9];
-
-		F[0] = A;
-		F[4] = E;
-		F[8] = T;
-		T   += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i];
-		E    = F[3] + T;
-		A    = T + Sigma0(A) + Maj(A,F[1],F[2]);
-		}
-
-	ctx->h[0] += A;		ctx->h[1] += F[1];
-	ctx->h[2] += F[2];	ctx->h[3] += F[3];
-	ctx->h[4] += E;		ctx->h[5] += F[5];
-	ctx->h[6] += F[6];	ctx->h[7] += F[7];
-
-			W+=SHA_LBLOCK;
-			}
-	}
-
-#elif defined(OPENSSL_SMALL_FOOTPRINT)
-
-static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
-	{
-	const SHA_LONG64 *W=in;
-	SHA_LONG64	a,b,c,d,e,f,g,h,s0,s1,T1,T2;
-	SHA_LONG64	X[16];
-	int i;
-
-			while (num--) {
-
-	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
-	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
-
-	for (i=0;i<16;i++)
-		{
-#ifdef B_ENDIAN
-		T1 = X[i] = W[i];
-#else
-		T1 = X[i] = PULL64(W[i]);
-#endif
-		T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
-		T2 = Sigma0(a) + Maj(a,b,c);
-		h = g;	g = f;	f = e;	e = d + T1;
-		d = c;	c = b;	b = a;	a = T1 + T2;
-		}
-
-	for (;i<80;i++)
-		{
-		s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);
-		s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);
-
-		T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
-		T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
-		T2 = Sigma0(a) + Maj(a,b,c);
-		h = g;	g = f;	f = e;	e = d + T1;
-		d = c;	c = b;	b = a;	a = T1 + T2;
-		}
-
-	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;
-	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;
-
-			W+=SHA_LBLOCK;
-			}
-	}
-
-#else
-
-#define	ROUND_00_15(i,a,b,c,d,e,f,g,h)		do {	\
-	T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];	\
-	h = Sigma0(a) + Maj(a,b,c);			\
-	d += T1;	h += T1;		} while (0)
-
-#define	ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X)	do {	\
-	s0 = X[(j+1)&0x0f];	s0 = sigma0(s0);	\
-	s1 = X[(j+14)&0x0f];	s1 = sigma1(s1);	\
-	T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f];	\
-	ROUND_00_15(i+j,a,b,c,d,e,f,g,h);		} while (0)
-
-static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
-	{
-	const SHA_LONG64 *W=in;
-	SHA_LONG64	a,b,c,d,e,f,g,h,s0,s1,T1;
-	SHA_LONG64	X[16];
-	int i;
-
-			while (num--) {
-
-	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
-	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
-
-#ifdef B_ENDIAN
-	T1 = X[0] = W[0];	ROUND_00_15(0,a,b,c,d,e,f,g,h);
-	T1 = X[1] = W[1];	ROUND_00_15(1,h,a,b,c,d,e,f,g);
-	T1 = X[2] = W[2];	ROUND_00_15(2,g,h,a,b,c,d,e,f);
-	T1 = X[3] = W[3];	ROUND_00_15(3,f,g,h,a,b,c,d,e);
-	T1 = X[4] = W[4];	ROUND_00_15(4,e,f,g,h,a,b,c,d);
-	T1 = X[5] = W[5];	ROUND_00_15(5,d,e,f,g,h,a,b,c);
-	T1 = X[6] = W[6];	ROUND_00_15(6,c,d,e,f,g,h,a,b);
-	T1 = X[7] = W[7];	ROUND_00_15(7,b,c,d,e,f,g,h,a);
-	T1 = X[8] = W[8];	ROUND_00_15(8,a,b,c,d,e,f,g,h);
-	T1 = X[9] = W[9];	ROUND_00_15(9,h,a,b,c,d,e,f,g);
-	T1 = X[10] = W[10];	ROUND_00_15(10,g,h,a,b,c,d,e,f);
-	T1 = X[11] = W[11];	ROUND_00_15(11,f,g,h,a,b,c,d,e);
-	T1 = X[12] = W[12];	ROUND_00_15(12,e,f,g,h,a,b,c,d);
-	T1 = X[13] = W[13];	ROUND_00_15(13,d,e,f,g,h,a,b,c);
-	T1 = X[14] = W[14];	ROUND_00_15(14,c,d,e,f,g,h,a,b);
-	T1 = X[15] = W[15];	ROUND_00_15(15,b,c,d,e,f,g,h,a);
-#else
-	T1 = X[0]  = PULL64(W[0]);	ROUND_00_15(0,a,b,c,d,e,f,g,h);
-	T1 = X[1]  = PULL64(W[1]);	ROUND_00_15(1,h,a,b,c,d,e,f,g);
-	T1 = X[2]  = PULL64(W[2]);	ROUND_00_15(2,g,h,a,b,c,d,e,f);
-	T1 = X[3]  = PULL64(W[3]);	ROUND_00_15(3,f,g,h,a,b,c,d,e);
-	T1 = X[4]  = PULL64(W[4]);	ROUND_00_15(4,e,f,g,h,a,b,c,d);
-	T1 = X[5]  = PULL64(W[5]);	ROUND_00_15(5,d,e,f,g,h,a,b,c);
-	T1 = X[6]  = PULL64(W[6]);	ROUND_00_15(6,c,d,e,f,g,h,a,b);
-	T1 = X[7]  = PULL64(W[7]);	ROUND_00_15(7,b,c,d,e,f,g,h,a);
-	T1 = X[8]  = PULL64(W[8]);	ROUND_00_15(8,a,b,c,d,e,f,g,h);
-	T1 = X[9]  = PULL64(W[9]);	ROUND_00_15(9,h,a,b,c,d,e,f,g);
-	T1 = X[10] = PULL64(W[10]);	ROUND_00_15(10,g,h,a,b,c,d,e,f);
-	T1 = X[11] = PULL64(W[11]);	ROUND_00_15(11,f,g,h,a,b,c,d,e);
-	T1 = X[12] = PULL64(W[12]);	ROUND_00_15(12,e,f,g,h,a,b,c,d);
-	T1 = X[13] = PULL64(W[13]);	ROUND_00_15(13,d,e,f,g,h,a,b,c);
-	T1 = X[14] = PULL64(W[14]);	ROUND_00_15(14,c,d,e,f,g,h,a,b);
-	T1 = X[15] = PULL64(W[15]);	ROUND_00_15(15,b,c,d,e,f,g,h,a);
-#endif
-
-	for (i=16;i<80;i+=16)
-		{
-		ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X);
-		ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X);
-		ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X);
-		ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X);
-		ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X);
-		ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X);
-		ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X);
-		ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X);
-		ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X);
-		ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X);
-		ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X);
-		ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X);
-		ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X);
-		ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X);
-		ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X);
-		ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X);
-		}
-
-	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;
-	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;
-
-			W+=SHA_LBLOCK;
-			}
-	}
-
-#endif
-
-#endif /* SHA512_ASM */
-
-#else /* !OPENSSL_NO_SHA512 */
-
-#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
-static void *dummy=&dummy;
-#endif
-
-#endif /* !OPENSSL_NO_SHA512 */
diff --git a/crypto/sha/sha512t.c b/crypto/sha/sha512t.c
deleted file mode 100644
index 210041d435..0000000000
--- a/crypto/sha/sha512t.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/* crypto/sha/sha512t.c */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- * ====================================================================
- */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-#include <openssl/crypto.h>
-
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512)
-int main(int argc, char *argv[])
-{
-    printf("No SHA512 support\n");
-    return(0);
-}
-#else
-
-unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
-	0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
-	0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
-	0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
-	0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
-	0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
-	0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
-	0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
-	0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f };
-
-unsigned char app_c2[SHA512_DIGEST_LENGTH] = {
-	0x8e,0x95,0x9b,0x75,0xda,0xe3,0x13,0xda,
-	0x8c,0xf4,0xf7,0x28,0x14,0xfc,0x14,0x3f,
-	0x8f,0x77,0x79,0xc6,0xeb,0x9f,0x7f,0xa1,
-	0x72,0x99,0xae,0xad,0xb6,0x88,0x90,0x18,
-	0x50,0x1d,0x28,0x9e,0x49,0x00,0xf7,0xe4,
-	0x33,0x1b,0x99,0xde,0xc4,0xb5,0x43,0x3a,
-	0xc7,0xd3,0x29,0xee,0xb6,0xdd,0x26,0x54,
-	0x5e,0x96,0xe5,0x5b,0x87,0x4b,0xe9,0x09 };
-
-unsigned char app_c3[SHA512_DIGEST_LENGTH] = {
-	0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64,
-	0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63,
-	0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28,
-	0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb,
-	0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a,
-	0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b,
-	0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e,
-	0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b };
-
-unsigned char app_d1[SHA384_DIGEST_LENGTH] = {
-	0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b,
-	0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07,
-	0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63,
-	0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed,
-	0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23,
-	0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 };
-
-unsigned char app_d2[SHA384_DIGEST_LENGTH] = {
-	0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8,
-	0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47,
-	0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2,
-	0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12,
-	0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9,
-	0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 };
-
-unsigned char app_d3[SHA384_DIGEST_LENGTH] = {
-	0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb,
-	0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c,
-	0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52,
-	0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b,
-	0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb,
-	0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 };
-
-int main (int argc,char **argv)
-{ unsigned char md[SHA512_DIGEST_LENGTH];
-  int		i;
-  EVP_MD_CTX	evp;
-
-#ifdef OPENSSL_IA32_SSE2
-    /* Alternative to this is to call OpenSSL_add_all_algorithms...
-     * The below code is retained exclusively for debugging purposes. */
-    { char      *env;
-
-	if ((env=getenv("OPENSSL_ia32cap")))
-	    OPENSSL_ia32cap = strtoul (env,NULL,0);
-    }
-#endif
-
-    fprintf(stdout,"Testing SHA-512 ");
-
-    EVP_Digest ("abc",3,md,NULL,EVP_sha512(),NULL);
-    if (memcmp(md,app_c1,sizeof(app_c1)))
-    {	fflush(stdout);
-	fprintf(stderr,"\nTEST 1 of 3 failed.\n");
-	return 1;
-    }
-    else
-	fprintf(stdout,"."); fflush(stdout);
-
-    EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk"
-		"efghijkl""fghijklm""ghijklmn""hijklmno"
-		"ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
-		"mnopqrst""nopqrstu",112,md,NULL,EVP_sha512(),NULL);
-    if (memcmp(md,app_c2,sizeof(app_c2)))
-    {	fflush(stdout);
-	fprintf(stderr,"\nTEST 2 of 3 failed.\n");
-	return 1;
-    }
-    else
-	fprintf(stdout,"."); fflush(stdout);
-
-    EVP_MD_CTX_init (&evp);
-    EVP_DigestInit_ex (&evp,EVP_sha512(),NULL);
-    for (i=0;i<1000000;i+=288)
-	EVP_DigestUpdate (&evp,	"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
-				(1000000-i)<288?1000000-i:288);
-    EVP_DigestFinal_ex (&evp,md,NULL);
-    EVP_MD_CTX_cleanup (&evp);
-
-    if (memcmp(md,app_c3,sizeof(app_c3)))
-    {	fflush(stdout);
-	fprintf(stderr,"\nTEST 3 of 3 failed.\n");
-	return 1;
-    }
-    else
-	fprintf(stdout,"."); fflush(stdout);
-
-    fprintf(stdout," passed.\n"); fflush(stdout);
-
-    fprintf(stdout,"Testing SHA-384 ");
-
-    EVP_Digest ("abc",3,md,NULL,EVP_sha384(),NULL);
-    if (memcmp(md,app_d1,sizeof(app_d1)))
-    {	fflush(stdout);
-	fprintf(stderr,"\nTEST 1 of 3 failed.\n");
-	return 1;
-    }
-    else
-	fprintf(stdout,"."); fflush(stdout);
-
-    EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk"
-		"efghijkl""fghijklm""ghijklmn""hijklmno"
-		"ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
-		"mnopqrst""nopqrstu",112,md,NULL,EVP_sha384(),NULL);
-    if (memcmp(md,app_d2,sizeof(app_d2)))
-    {	fflush(stdout);
-	fprintf(stderr,"\nTEST 2 of 3 failed.\n");
-	return 1;
-    }
-    else
-	fprintf(stdout,"."); fflush(stdout);
-
-    EVP_MD_CTX_init (&evp);
-    EVP_DigestInit_ex (&evp,EVP_sha384(),NULL);
-    for (i=0;i<1000000;i+=64)
-	EVP_DigestUpdate (&evp,	"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
-				"aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
-				(1000000-i)<64?1000000-i:64);
-    EVP_DigestFinal_ex (&evp,md,NULL);
-    EVP_MD_CTX_cleanup (&evp);
-
-    if (memcmp(md,app_d3,sizeof(app_d3)))
-    {	fflush(stdout);
-	fprintf(stderr,"\nTEST 3 of 3 failed.\n");
-	return 1;
-    }
-    else
-	fprintf(stdout,"."); fflush(stdout);
-
-    fprintf(stdout," passed.\n"); fflush(stdout);
-
-  return 0;
-}
-#endif
diff --git a/crypto/sha/sha_dgst.c b/crypto/sha/sha_dgst.c
deleted file mode 100644
index fb63b17ff2..0000000000
--- a/crypto/sha/sha_dgst.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/* crypto/sha/sha1dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/crypto.h>
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
-
-#undef  SHA_1
-#define SHA_0
-
-#include <openssl/opensslv.h>
-
-const char SHA_version[]="SHA" OPENSSL_VERSION_PTEXT;
-
-/* The implementation is in ../md32_common.h */
-
-#include "sha_locl.h"
-
-#endif
-
diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h
deleted file mode 100644
index d673255f78..0000000000
--- a/crypto/sha/sha_locl.h
+++ /dev/null
@@ -1,441 +0,0 @@
-/* crypto/sha/sha_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/opensslconf.h>
-#include <openssl/sha.h>
-
-#define DATA_ORDER_IS_BIG_ENDIAN
-
-#define HASH_LONG               SHA_LONG
-#define HASH_CTX                SHA_CTX
-#define HASH_CBLOCK             SHA_CBLOCK
-#define HASH_MAKE_STRING(c,s)   do {	\
-	unsigned long ll;		\
-	ll=(c)->h0; (void)HOST_l2c(ll,(s));	\
-	ll=(c)->h1; (void)HOST_l2c(ll,(s));	\
-	ll=(c)->h2; (void)HOST_l2c(ll,(s));	\
-	ll=(c)->h3; (void)HOST_l2c(ll,(s));	\
-	ll=(c)->h4; (void)HOST_l2c(ll,(s));	\
-	} while (0)
-
-#if defined(SHA_0)
-
-# define HASH_UPDATE             	SHA_Update
-# define HASH_TRANSFORM          	SHA_Transform
-# define HASH_FINAL              	SHA_Final
-# define HASH_INIT			SHA_Init
-# define HASH_BLOCK_DATA_ORDER   	sha_block_data_order
-# define Xupdate(a,ix,ia,ib,ic,id)	(ix=(a)=(ia^ib^ic^id))
-
-static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
-
-#elif defined(SHA_1)
-
-# define HASH_UPDATE             	SHA1_Update
-# define HASH_TRANSFORM          	SHA1_Transform
-# define HASH_FINAL              	SHA1_Final
-# define HASH_INIT			SHA1_Init
-# define HASH_BLOCK_DATA_ORDER   	sha1_block_data_order
-# if defined(__MWERKS__) && defined(__MC68K__)
-   /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
-#  define Xupdate(a,ix,ia,ib,ic,id)	do { (a)=(ia^ib^ic^id);		\
-					     ix=(a)=ROTATE((a),1);	\
-					} while (0)
-# else
-#  define Xupdate(a,ix,ia,ib,ic,id)	( (a)=(ia^ib^ic^id),	\
-					  ix=(a)=ROTATE((a),1)	\
-					)
-# endif
-
-#ifndef SHA1_ASM
-static
-#endif
-void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
-
-#else
-# error "Either SHA_0 or SHA_1 must be defined."
-#endif
-
-#include "md32_common.h"
-
-#define INIT_DATA_h0 0x67452301UL
-#define INIT_DATA_h1 0xefcdab89UL
-#define INIT_DATA_h2 0x98badcfeUL
-#define INIT_DATA_h3 0x10325476UL
-#define INIT_DATA_h4 0xc3d2e1f0UL
-
-#ifdef SHA_0
-fips_md_init(SHA)
-#else
-fips_md_init_ctx(SHA1, SHA)
-#endif
-	{
-	memset (c,0,sizeof(*c));
-	c->h0=INIT_DATA_h0;
-	c->h1=INIT_DATA_h1;
-	c->h2=INIT_DATA_h2;
-	c->h3=INIT_DATA_h3;
-	c->h4=INIT_DATA_h4;
-	return 1;
-	}
-
-#define K_00_19	0x5a827999UL
-#define K_20_39 0x6ed9eba1UL
-#define K_40_59 0x8f1bbcdcUL
-#define K_60_79 0xca62c1d6UL
-
-/* As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
- * simplified to the code in F_00_19.  Wei attributes these optimisations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- * #define F(x,y,z) (((x) & (y))  |  ((~(x)) & (z)))
- * I've just become aware of another tweak to be made, again from Wei Dai,
- * in F_40_59, (x&a)|(y&a) -> (x|y)&a
- */
-#define	F_00_19(b,c,d)	((((c) ^ (d)) & (b)) ^ (d)) 
-#define	F_20_39(b,c,d)	((b) ^ (c) ^ (d))
-#define F_40_59(b,c,d)	(((b) & (c)) | (((b)|(c)) & (d))) 
-#define	F_60_79(b,c,d)	F_20_39(b,c,d)
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-
-#define BODY_00_15(i,a,b,c,d,e,f,xi) \
-	(f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
-	Xupdate(f,xi,xa,xb,xc,xd); \
-	(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
-	Xupdate(f,xi,xa,xb,xc,xd); \
-	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
-	Xupdate(f,xa,xa,xb,xc,xd); \
-	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
-	Xupdate(f,xa,xa,xb,xc,xd); \
-	(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
-	Xupdate(f,xa,xa,xb,xc,xd); \
-	(f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#ifdef X
-#undef X
-#endif
-#ifndef MD32_XARRAY
-  /*
-   * Originally X was an array. As it's automatic it's natural
-   * to expect RISC compiler to accomodate at least part of it in
-   * the register bank, isn't it? Unfortunately not all compilers
-   * "find" this expectation reasonable:-( On order to make such
-   * compilers generate better code I replace X[] with a bunch of
-   * X0, X1, etc. See the function body below...
-   *					<appro@fy.chalmers.se>
-   */
-# define X(i)	XX##i
-#else
-  /*
-   * However! Some compilers (most notably HP C) get overwhelmed by
-   * that many local variables so that we have to have the way to
-   * fall down to the original behavior.
-   */
-# define X(i)	XX[i]
-#endif
-
-#if !defined(SHA_1) || !defined(SHA1_ASM)
-static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
-	{
-	const unsigned char *data=p;
-	register unsigned MD32_REG_T A,B,C,D,E,T,l;
-#ifndef MD32_XARRAY
-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-#else
-	SHA_LONG	XX[16];
-#endif
-
-	A=c->h0;
-	B=c->h1;
-	C=c->h2;
-	D=c->h3;
-	E=c->h4;
-
-	for (;;)
-			{
-	const union { long one; char little; } is_endian = {1};
-
-	if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)p%4)==0)
-		{
-		const SHA_LONG *W=(const SHA_LONG *)data;
-
-		X( 0) = W[0];				X( 1) = W[ 1];
-		BODY_00_15( 0,A,B,C,D,E,T,X( 0));	X( 2) = W[ 2];
-		BODY_00_15( 1,T,A,B,C,D,E,X( 1));	X( 3) = W[ 3];
-		BODY_00_15( 2,E,T,A,B,C,D,X( 2));	X( 4) = W[ 4];
-		BODY_00_15( 3,D,E,T,A,B,C,X( 3));	X( 5) = W[ 5];
-		BODY_00_15( 4,C,D,E,T,A,B,X( 4));	X( 6) = W[ 6];
-		BODY_00_15( 5,B,C,D,E,T,A,X( 5));	X( 7) = W[ 7];
-		BODY_00_15( 6,A,B,C,D,E,T,X( 6));	X( 8) = W[ 8];
-		BODY_00_15( 7,T,A,B,C,D,E,X( 7));	X( 9) = W[ 9];
-		BODY_00_15( 8,E,T,A,B,C,D,X( 8));	X(10) = W[10];
-		BODY_00_15( 9,D,E,T,A,B,C,X( 9));	X(11) = W[11];
-		BODY_00_15(10,C,D,E,T,A,B,X(10));	X(12) = W[12];
-		BODY_00_15(11,B,C,D,E,T,A,X(11));	X(13) = W[13];
-		BODY_00_15(12,A,B,C,D,E,T,X(12));	X(14) = W[14];
-		BODY_00_15(13,T,A,B,C,D,E,X(13));	X(15) = W[15];
-		BODY_00_15(14,E,T,A,B,C,D,X(14));
-		BODY_00_15(15,D,E,T,A,B,C,X(15));
-
-		data += SHA_CBLOCK;
-		}
-	else
-		{
-		(void)HOST_c2l(data,l); X( 0)=l;	(void)HOST_c2l(data,l); X( 1)=l;
-		BODY_00_15( 0,A,B,C,D,E,T,X( 0));	(void)HOST_c2l(data,l); X( 2)=l;
-		BODY_00_15( 1,T,A,B,C,D,E,X( 1));	(void)HOST_c2l(data,l); X( 3)=l;
-		BODY_00_15( 2,E,T,A,B,C,D,X( 2));	(void)HOST_c2l(data,l); X( 4)=l;
-		BODY_00_15( 3,D,E,T,A,B,C,X( 3));	(void)HOST_c2l(data,l); X( 5)=l;
-		BODY_00_15( 4,C,D,E,T,A,B,X( 4));	(void)HOST_c2l(data,l); X( 6)=l;
-		BODY_00_15( 5,B,C,D,E,T,A,X( 5));	(void)HOST_c2l(data,l); X( 7)=l;
-		BODY_00_15( 6,A,B,C,D,E,T,X( 6));	(void)HOST_c2l(data,l); X( 8)=l;
-		BODY_00_15( 7,T,A,B,C,D,E,X( 7));	(void)HOST_c2l(data,l); X( 9)=l;
-		BODY_00_15( 8,E,T,A,B,C,D,X( 8));	(void)HOST_c2l(data,l); X(10)=l;
-		BODY_00_15( 9,D,E,T,A,B,C,X( 9));	(void)HOST_c2l(data,l); X(11)=l;
-		BODY_00_15(10,C,D,E,T,A,B,X(10));	(void)HOST_c2l(data,l); X(12)=l;
-		BODY_00_15(11,B,C,D,E,T,A,X(11));	(void)HOST_c2l(data,l); X(13)=l;
-		BODY_00_15(12,A,B,C,D,E,T,X(12));	(void)HOST_c2l(data,l); X(14)=l;
-		BODY_00_15(13,T,A,B,C,D,E,X(13));	(void)HOST_c2l(data,l); X(15)=l;
-		BODY_00_15(14,E,T,A,B,C,D,X(14));
-		BODY_00_15(15,D,E,T,A,B,C,X(15));
-		}
-
-	BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
-	BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
-	BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
-	BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
-
-	BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
-	BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
-	BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
-	BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
-	BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));
-	BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));
-	BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));
-	BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));
-	BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));
-	BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));
-	BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));
-	BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));
-
-	BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
-	BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
-	BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
-	BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
-	BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
-	BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
-	BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
-	BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
-
-	BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
-	BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
-	BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
-	BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
-	BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
-	BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
-	BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
-	BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
-	BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
-	BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
-	BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
-	BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
-	BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
-	BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
-	BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
-	BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
-	BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
-	BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
-	BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
-	BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
-
-	BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
-	BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
-	BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
-	BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
-	BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
-	BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
-	BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
-	BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
-	BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
-	BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
-	BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
-	BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
-	BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
-	BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
-	BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
-	BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
-	BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
-	BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
-	BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
-	BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
-	
-	c->h0=(c->h0+E)&0xffffffffL; 
-	c->h1=(c->h1+T)&0xffffffffL;
-	c->h2=(c->h2+A)&0xffffffffL;
-	c->h3=(c->h3+B)&0xffffffffL;
-	c->h4=(c->h4+C)&0xffffffffL;
-
-	if (--num == 0) break;
-
-	A=c->h0;
-	B=c->h1;
-	C=c->h2;
-	D=c->h3;
-	E=c->h4;
-
-			}
-	}
-#endif
-
-#else	/* OPENSSL_SMALL_FOOTPRINT */
-
-#define BODY_00_15(xi)		 do {	\
-	T=E+K_00_19+F_00_19(B,C,D);	\
-	E=D, D=C, C=ROTATE(B,30), B=A;	\
-	A=ROTATE(A,5)+T+xi;	    } while(0)
-
-#define BODY_16_19(xa,xb,xc,xd)	 do {	\
-	Xupdate(T,xa,xa,xb,xc,xd);	\
-	T+=E+K_00_19+F_00_19(B,C,D);	\
-	E=D, D=C, C=ROTATE(B,30), B=A;	\
-	A=ROTATE(A,5)+T;	    } while(0)
-
-#define BODY_20_39(xa,xb,xc,xd)	 do {	\
-	Xupdate(T,xa,xa,xb,xc,xd);	\
-	T+=E+K_20_39+F_20_39(B,C,D);	\
-	E=D, D=C, C=ROTATE(B,30), B=A;	\
-	A=ROTATE(A,5)+T;	    } while(0)
-
-#define BODY_40_59(xa,xb,xc,xd)	 do {	\
-	Xupdate(T,xa,xa,xb,xc,xd);	\
-	T+=E+K_40_59+F_40_59(B,C,D);	\
-	E=D, D=C, C=ROTATE(B,30), B=A;	\
-	A=ROTATE(A,5)+T;	    } while(0)
-
-#define BODY_60_79(xa,xb,xc,xd)	 do {	\
-	Xupdate(T,xa,xa,xb,xc,xd);	\
-	T=E+K_60_79+F_60_79(B,C,D);	\
-	E=D, D=C, C=ROTATE(B,30), B=A;	\
-	A=ROTATE(A,5)+T+xa;	    } while(0)
-
-#if !defined(SHA_1) || !defined(SHA1_ASM)
-static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
-	{
-	const unsigned char *data=p;
-	register unsigned MD32_REG_T A,B,C,D,E,T,l;
-	int i;
-	SHA_LONG	X[16];
-
-	A=c->h0;
-	B=c->h1;
-	C=c->h2;
-	D=c->h3;
-	E=c->h4;
-
-	for (;;)
-		{
-	for (i=0;i<16;i++)
-	{ HOST_c2l(data,l); X[i]=l; BODY_00_15(X[i]); }
-	for (i=0;i<4;i++)
-	{ BODY_16_19(X[i],       X[i+2],      X[i+8],     X[(i+13)&15]); }
-	for (;i<24;i++)
-	{ BODY_20_39(X[i&15],    X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); }
-	for (i=0;i<20;i++)
-	{ BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }
-	for (i=4;i<24;i++)
-	{ BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }
-
-	c->h0=(c->h0+A)&0xffffffffL; 
-	c->h1=(c->h1+B)&0xffffffffL;
-	c->h2=(c->h2+C)&0xffffffffL;
-	c->h3=(c->h3+D)&0xffffffffL;
-	c->h4=(c->h4+E)&0xffffffffL;
-
-	if (--num == 0) break;
-
-	A=c->h0;
-	B=c->h1;
-	C=c->h2;
-	D=c->h3;
-	E=c->h4;
-
-		}
-	}
-#endif
-
-#endif
diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c
deleted file mode 100644
index 27614646d1..0000000000
--- a/crypto/sha/shatest.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/* crypto/sha/shatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0)
-int main(int argc, char *argv[])
-{
-    printf("No SHA0 support\n");
-    return(0);
-}
-#else
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-#define SHA_0 /* FIPS 180 */
-#undef  SHA_1 /* FIPS 180-1 */
-
-static char *test[]={
-	"abc",
-	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
-	NULL,
-	};
-
-#ifdef SHA_0
-static char *ret[]={
-	"0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
-	"d2516ee1acfa5baf33dfc1c471e438449ef134c8",
-	};
-static char *bigret=
-	"3232affa48628a26653b5aaa44541fd90d690603";
-#endif
-#ifdef SHA_1
-static char *ret[]={
-	"a9993e364706816aba3e25717850c26c9cd0d89d",
-	"84983e441c3bd26ebaae4aa1f95129e5e54670f1",
-	};
-static char *bigret=
-	"34aa973cd4c4daa4f61eeb2bdbad27316534016f";
-#endif
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-	{
-	int i,err=0;
-	char **P,**R;
-	static unsigned char buf[1000];
-	char *p,*r;
-	EVP_MD_CTX c;
-	unsigned char md[SHA_DIGEST_LENGTH];
-
-#ifdef CHARSET_EBCDIC
-	ebcdic2ascii(test[0], test[0], strlen(test[0]));
-	ebcdic2ascii(test[1], test[1], strlen(test[1]));
-#endif
-
-	EVP_MD_CTX_init(&c);
-	P=test;
-	R=ret;
-	i=1;
-	while (*P != NULL)
-		{
-		EVP_Digest(*P,strlen(*P),md,NULL,EVP_sha(), NULL);
-		p=pt(md);
-		if (strcmp(p,*R) != 0)
-			{
-			printf("error calculating SHA on '%s'\n",*P);
-			printf("got %s instead of %s\n",p,*R);
-			err++;
-			}
-		else
-			printf("test %d ok\n",i);
-		i++;
-		R++;
-		P++;
-		}
-
-	memset(buf,'a',1000);
-#ifdef CHARSET_EBCDIC
-	ebcdic2ascii(buf, buf, 1000);
-#endif /*CHARSET_EBCDIC*/
-	EVP_DigestInit_ex(&c,EVP_sha(), NULL);
-	for (i=0; i<1000; i++)
-		EVP_DigestUpdate(&c,buf,1000);
-	EVP_DigestFinal_ex(&c,md,NULL);
-	p=pt(md);
-
-	r=bigret;
-	if (strcmp(p,r) != 0)
-		{
-		printf("error calculating SHA on '%s'\n",p);
-		printf("got %s instead of %s\n",p,r);
-		err++;
-		}
-	else
-		printf("test 3 ok\n");
-
-#ifdef OPENSSL_SYS_NETWARE
-    if (err) printf("ERROR: %d\n", err);
-#endif
-	EVP_MD_CTX_cleanup(&c);
-	EXIT(err);
-	return(0);
-	}
-
-static char *pt(unsigned char *md)
-	{
-	int i;
-	static char buf[80];
-
-	for (i=0; i<SHA_DIGEST_LENGTH; i++)
-		sprintf(&(buf[i*2]),"%02x",md[i]);
-	return(buf);
-	}
-#endif
diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S
deleted file mode 100644
index c63d5da46f..0000000000
--- a/crypto/sparccpuid.S
+++ /dev/null
@@ -1,402 +0,0 @@
-#if defined(__SUNPRO_C) && defined(__sparcv9)
-# define ABI64  /* They've said -xarch=v9 at command line */
-#elif defined(__GNUC__) && defined(__arch64__)
-# define ABI64  /* They've said -m64 at command line */
-#endif
-
-#ifdef ABI64
-  .register	%g2,#scratch
-  .register	%g3,#scratch
-# define	FRAME	-192
-# define	BIAS	2047
-#else
-# define	FRAME	-96
-# define	BIAS	0
-#endif
-
-.text
-.align	32
-.global	OPENSSL_wipe_cpu
-.type	OPENSSL_wipe_cpu,#function
-! Keep in mind that this does not excuse us from wiping the stack!
-! This routine wipes registers, but not the backing store [which
-! resides on the stack, toward lower addresses]. To facilitate for
-! stack wiping I return pointer to the top of stack of the *caller*.
-OPENSSL_wipe_cpu:
-	save	%sp,FRAME,%sp
-	nop
-#ifdef __sun
-#include <sys/trap.h>
-	ta	ST_CLEAN_WINDOWS
-#else
-	call	.walk.reg.wins
-#endif
-	nop
-	call	.PIC.zero.up
-	mov	.zero-(.-4),%o0
-	ld	[%o0],%f0
-	ld	[%o0],%f1
-
-	subcc	%g0,1,%o0
-	! Following is V9 "rd %ccr,%o0" instruction. However! V8
-	! specification says that it ("rd %asr2,%o0" in V8 terms) does
-	! not cause illegal_instruction trap. It therefore can be used
-	! to determine if the CPU the code is executing on is V8- or
-	! V9-compliant, as V9 returns a distinct value of 0x99,
-	! "negative" and "borrow" bits set in both %icc and %xcc.
-	.word	0x91408000	!rd	%ccr,%o0
-	cmp	%o0,0x99
-	bne	.v8
-	nop
-			! Even though we do not use %fp register bank,
-			! we wipe it as memcpy might have used it...
-			.word	0xbfa00040	!fmovd	%f0,%f62
-			.word	0xbba00040	!...
-			.word	0xb7a00040
-			.word	0xb3a00040
-			.word	0xafa00040
-			.word	0xaba00040
-			.word	0xa7a00040
-			.word	0xa3a00040
-			.word	0x9fa00040
-			.word	0x9ba00040
-			.word	0x97a00040
-			.word	0x93a00040
-			.word	0x8fa00040
-			.word	0x8ba00040
-			.word	0x87a00040
-			.word	0x83a00040	!fmovd	%f0,%f32
-.v8:			fmovs	%f1,%f31
-	clr	%o0
-			fmovs	%f0,%f30
-	clr	%o1
-			fmovs	%f1,%f29
-	clr	%o2
-			fmovs	%f0,%f28
-	clr	%o3
-			fmovs	%f1,%f27
-	clr	%o4
-			fmovs	%f0,%f26
-	clr	%o5
-			fmovs	%f1,%f25
-	clr	%o7
-			fmovs	%f0,%f24
-	clr	%l0
-			fmovs	%f1,%f23
-	clr	%l1
-			fmovs	%f0,%f22
-	clr	%l2
-			fmovs	%f1,%f21
-	clr	%l3
-			fmovs	%f0,%f20
-	clr	%l4
-			fmovs	%f1,%f19
-	clr	%l5
-			fmovs	%f0,%f18
-	clr	%l6
-			fmovs	%f1,%f17
-	clr	%l7
-			fmovs	%f0,%f16
-	clr	%i0
-			fmovs	%f1,%f15
-	clr	%i1
-			fmovs	%f0,%f14
-	clr	%i2
-			fmovs	%f1,%f13
-	clr	%i3
-			fmovs	%f0,%f12
-	clr	%i4
-			fmovs	%f1,%f11
-	clr	%i5
-			fmovs	%f0,%f10
-	clr	%g1
-			fmovs	%f1,%f9
-	clr	%g2
-			fmovs	%f0,%f8
-	clr	%g3
-			fmovs	%f1,%f7
-	clr	%g4
-			fmovs	%f0,%f6
-	clr	%g5
-			fmovs	%f1,%f5
-			fmovs	%f0,%f4
-			fmovs	%f1,%f3
-			fmovs	%f0,%f2
-
-	add	%fp,BIAS,%i0	! return pointer to caller´s top of stack
-
-	ret
-	restore
-
-.zero:	.long	0x0,0x0
-.PIC.zero.up:
-	retl
-	add	%o0,%o7,%o0
-#ifdef DEBUG
-.global	walk_reg_wins
-.type	walk_reg_wins,#function
-walk_reg_wins:
-#endif
-.walk.reg.wins:
-	save	%sp,FRAME,%sp
-	cmp	%i7,%o7
-	be	2f
-	clr	%o0
-	cmp	%o7,0	! compiler never cleans %o7...
-	be	1f	! could have been a leaf function...
-	clr	%o1
-	call	.walk.reg.wins
-	nop
-1:	clr	%o2
-	clr	%o3
-	clr	%o4
-	clr	%o5
-	clr	%o7
-	clr	%l0
-	clr	%l1
-	clr	%l2
-	clr	%l3
-	clr	%l4
-	clr	%l5
-	clr	%l6
-	clr	%l7
-	add	%o0,1,%i0	! used for debugging
-2:	ret
-	restore
-.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
-
-.global	OPENSSL_atomic_add
-.type	OPENSSL_atomic_add,#function
-.align	32
-OPENSSL_atomic_add:
-#ifndef ABI64
-	subcc	%g0,1,%o2
-	.word	0x95408000	!rd	%ccr,%o2, see comment above
-	cmp	%o2,0x99
-	be	.v9
-	nop
-	save	%sp,FRAME,%sp
-	ba	.enter
-	nop
-#ifdef __sun
-! Note that you do not have to link with libthread to call thr_yield,
-! as libc provides a stub, which is overloaded the moment you link
-! with *either* libpthread or libthread...
-#define	YIELD_CPU	thr_yield
-#else
-! applies at least to Linux and FreeBSD... Feedback expected...
-#define	YIELD_CPU	sched_yield
-#endif
-.spin:	call	YIELD_CPU
-	nop
-.enter:	ld	[%i0],%i2
-	cmp	%i2,-4096
-	be	.spin
-	mov	-1,%i2
-	swap	[%i0],%i2
-	cmp	%i2,-1
-	be	.spin
-	add	%i2,%i1,%i2
-	stbar
-	st	%i2,[%i0]
-	sra	%i2,%g0,%i0
-	ret
-	restore
-.v9:
-#endif
-	ld	[%o0],%o2
-1:	add	%o1,%o2,%o3
-	.word	0xd7e2100a	!cas [%o0],%o2,%o3, compare [%o0] with %o2 and swap %o3
-	cmp	%o2,%o3
-	bne	1b
-	mov	%o3,%o2		! cas is always fetching to dest. register
-	add	%o1,%o2,%o0	! OpenSSL expects the new value
-	retl
-	sra	%o0,%g0,%o0	! we return signed int, remember?
-.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
-
-.global	_sparcv9_rdtick
-.align	32
-_sparcv9_rdtick:
-	subcc	%g0,1,%o0
-	.word	0x91408000	!rd	%ccr,%o0
-	cmp	%o0,0x99
-	bne	.notick
-	xor	%o0,%o0,%o0
-	.word	0x91410000	!rd	%tick,%o0
-	retl
-	.word	0x93323020	!srlx	%o0,32,%o1
-.notick:
-	retl
-	xor	%o1,%o1,%o1
-.type	_sparcv9_rdtick,#function
-.size	_sparcv9_rdtick,.-_sparcv9_rdtick
-
-.global	_sparcv9_vis1_probe
-.align	8
-_sparcv9_vis1_probe:
-	add	%sp,BIAS+2,%o1
-	.word	0xc19a5a40	!ldda	[%o1]ASI_FP16_P,%f0
-	retl
-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-.type	_sparcv9_vis1_probe,#function
-.size	_sparcv9_vis1_probe,.-_sparcv9_vis1_probe
-
-! Probe and instrument VIS1 instruction. Output is number of cycles it
-! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit
-! is slow (documented to be 6 cycles on T2) and the core is in-order
-! single-issue, it should be possible to distinguish Tx reliably...
-! Observed return values are:
-!
-!	UltraSPARC IIe		7
-!	UltraSPARC III		7
-!	UltraSPARC T1		24
-!
-! Numbers for T2 and SPARC64 V-VII are more than welcomed.
-!
-! It would be possible to detect specifically US-T1 by instrumenting
-! fmul8ulx16, which is emulated on T1 and as such accounts for quite
-! a lot of %tick-s, couple of thousand on Linux...
-.global	_sparcv9_vis1_instrument
-.align	8
-_sparcv9_vis1_instrument:
-	.word	0x91410000	!rd	%tick,%o0
-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-	.word	0x85b08d82	!fxor	%f2,%f2,%f2
-	.word	0x93410000	!rd	%tick,%o1
-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-	.word	0x85b08d82	!fxor	%f2,%f2,%f2
-	.word	0x95410000	!rd	%tick,%o2
-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-	.word	0x85b08d82	!fxor	%f2,%f2,%f2
-	.word	0x97410000	!rd	%tick,%o3
-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-	.word	0x85b08d82	!fxor	%f2,%f2,%f2
-	.word	0x99410000	!rd	%tick,%o4
-
-	! calculate intervals
-	sub	%o1,%o0,%o0
-	sub	%o2,%o1,%o1
-	sub	%o3,%o2,%o2
-	sub	%o4,%o3,%o3
-
-	! find minumum value
-	cmp	%o0,%o1
-	.word	0x38680002	!bgu,a	%xcc,.+8
-	mov	%o1,%o0
-	cmp	%o0,%o2
-	.word	0x38680002	!bgu,a	%xcc,.+8
-	mov	%o2,%o0
-	cmp	%o0,%o3
-	.word	0x38680002	!bgu,a	%xcc,.+8
-	mov	%o3,%o0
-
-	retl
-	nop
-.type	_sparcv9_vis1_instrument,#function
-.size	_sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument
-
-.global	_sparcv9_vis2_probe
-.align	8
-_sparcv9_vis2_probe:
-	retl
-	.word	0x81b00980	!bshuffle	%f0,%f0,%f0
-.type	_sparcv9_vis2_probe,#function
-.size	_sparcv9_vis2_probe,.-_sparcv9_vis2_probe
-
-.global	_sparcv9_fmadd_probe
-.align	8
-_sparcv9_fmadd_probe:
-	.word	0x81b00d80	!fxor	%f0,%f0,%f0
-	.word	0x85b08d82	!fxor	%f2,%f2,%f2
-	retl
-	.word	0x81b80440	!fmaddd	%f0,%f0,%f2,%f0
-.type	_sparcv9_fmadd_probe,#function
-.size	_sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe
-
-.global	OPENSSL_cleanse
-.align	32
-OPENSSL_cleanse:
-	cmp	%o1,14
-	nop
-#ifdef ABI64
-	bgu	%xcc,.Lot
-#else
-	bgu	.Lot
-#endif
-	cmp	%o1,0
-	bne	.Little
-	nop
-	retl
-	nop
-
-.Little:
-	stb	%g0,[%o0]
-	subcc	%o1,1,%o1
-	bnz	.Little
-	add	%o0,1,%o0
-	retl
-	nop
-.align	32
-.Lot:
-#ifndef ABI64
-	subcc	%g0,1,%g1
-	! see above for explanation
-	.word	0x83408000	!rd	%ccr,%g1
-	cmp	%g1,0x99
-	bne	.v8lot
-	nop
-#endif
-
-.v9lot:	andcc	%o0,7,%g0
-	bz	.v9aligned
-	nop
-	stb	%g0,[%o0]
-	sub	%o1,1,%o1
-	ba	.v9lot
-	add	%o0,1,%o0
-.align	16,0x01000000
-.v9aligned:
-	.word	0xc0720000	!stx	%g0,[%o0]
-	sub	%o1,8,%o1
-	andcc	%o1,-8,%g0
-#ifdef ABI64
-	.word	0x126ffffd	!bnz	%xcc,.v9aligned
-#else
-	.word	0x124ffffd	!bnz	%icc,.v9aligned
-#endif
-	add	%o0,8,%o0
-
-	cmp	%o1,0
-	bne	.Little
-	nop
-	retl
-	nop
-#ifndef ABI64
-.v8lot:	andcc	%o0,3,%g0
-	bz	.v8aligned
-	nop
-	stb	%g0,[%o0]
-	sub	%o1,1,%o1
-	ba	.v8lot
-	add	%o0,1,%o0
-	nop
-.v8aligned:
-	st	%g0,[%o0]
-	sub	%o1,4,%o1
-	andcc	%o1,-4,%g0
-	bnz	.v8aligned
-	add	%o0,4,%o0
-
-	cmp	%o1,0
-	bne	.Little
-	nop
-	retl
-	nop
-#endif
-.type	OPENSSL_cleanse,#function
-.size	OPENSSL_cleanse,.-OPENSSL_cleanse
-
-.section	".init",#alloc,#execinstr
-	call	OPENSSL_cpuid_setup
-	nop
diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c
deleted file mode 100644
index 43b3ac6f81..0000000000
--- a/crypto/sparcv9cap.c
+++ /dev/null
@@ -1,237 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <setjmp.h>
-#include <signal.h>
-#include <sys/time.h>
-#include <openssl/bn.h>
-
-#define SPARCV9_TICK_PRIVILEGED	(1<<0)
-#define SPARCV9_PREFER_FPU	(1<<1)
-#define SPARCV9_VIS1		(1<<2)
-#define SPARCV9_VIS2		(1<<3)	/* reserved */
-#define SPARCV9_FMADD		(1<<4)	/* reserved for SPARC64 V */
-
-static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED;
-
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
-	{
-	int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
-	int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
-
-	if (num>=8 && !(num&1) &&
-	    (OPENSSL_sparcv9cap_P&(SPARCV9_PREFER_FPU|SPARCV9_VIS1)) ==
-		(SPARCV9_PREFER_FPU|SPARCV9_VIS1))
-		return bn_mul_mont_fpu(rp,ap,bp,np,n0,num);
-	else
-		return bn_mul_mont_int(rp,ap,bp,np,n0,num);
-	}
-
-unsigned long	_sparcv9_rdtick(void);
-void		_sparcv9_vis1_probe(void);
-unsigned long	_sparcv9_vis1_instrument(void);
-void		_sparcv9_vis2_probe(void);
-void		_sparcv9_fmadd_probe(void);
-
-unsigned long OPENSSL_rdtsc(void)
-	{
-	if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED)
-#if defined(__sun) && defined(__SVR4)
-		return gethrtime();
-#else
-		return 0;
-#endif
-	else
-		return _sparcv9_rdtick();
-	}
-
-#if 0 && defined(__sun) && defined(__SVR4)
-/* This code path is disabled, because of incompatibility of
- * libdevinfo.so.1 and libmalloc.so.1 (see below for details)
- */
-#include <malloc.h>
-#include <dlfcn.h>
-#include <libdevinfo.h>
-#include <sys/systeminfo.h>
-
-typedef di_node_t (*di_init_t)(const char *,uint_t);
-typedef void      (*di_fini_t)(di_node_t);
-typedef char *    (*di_node_name_t)(di_node_t);
-typedef int       (*di_walk_node_t)(di_node_t,uint_t,di_node_name_t,int (*)(di_node_t,di_node_name_t));
-
-#define DLLINK(h,name) (name=(name##_t)dlsym((h),#name))
-
-static int walk_nodename(di_node_t node, di_node_name_t di_node_name)
-	{
-	char *name = (*di_node_name)(node);
-
-	/* This is expected to catch all UltraSPARC flavors prior T1 */
-	if (!strcmp (name,"SUNW,UltraSPARC") ||
-	    !strncmp(name,"SUNW,UltraSPARC-I",17))  /* covers II,III,IV */
-		{
-		OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU|SPARCV9_VIS1;
-
-		/* %tick is privileged only on UltraSPARC-I/II, but not IIe */
-		if (name[14]!='\0' && name[17]!='\0' && name[18]!='\0')
-			OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-
-		return DI_WALK_TERMINATE;
-		}
-	/* This is expected to catch remaining UltraSPARCs, such as T1 */
-	else if (!strncmp(name,"SUNW,UltraSPARC",15))
-		{
-		OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-
-		return DI_WALK_TERMINATE;
-		}
-
-	return DI_WALK_CONTINUE;
-	}
-
-void OPENSSL_cpuid_setup(void)
-	{
-	void *h;
-	char *e,si[256];
-	static int trigger=0;
-
-	if (trigger) return;
-	trigger=1;
-
-	if ((e=getenv("OPENSSL_sparcv9cap")))
-		{
-		OPENSSL_sparcv9cap_P=strtoul(e,NULL,0);
-		return;
-		}
-
-	if (sysinfo(SI_MACHINE,si,sizeof(si))>0)
-		{
-		if (strcmp(si,"sun4v"))
-			/* FPU is preferred for all CPUs, but US-T1/2 */
-			OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU;
-		}
-
-	if (sysinfo(SI_ISALIST,si,sizeof(si))>0)
-		{
-		if (strstr(si,"+vis"))
-			OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
-		if (strstr(si,"+vis2"))
-			{
-			OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
-			OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-			return;
-			}
-		}
-#ifdef M_KEEP
-	/*
-	 * Solaris libdevinfo.so.1 is effectively incomatible with
-	 * libmalloc.so.1. Specifically, if application is linked with
-	 * -lmalloc, it crashes upon startup with SIGSEGV in
-	 * free(3LIBMALLOC) called by di_fini. Prior call to
-	 * mallopt(M_KEEP,0) somehow helps... But not always...
-	 */
-	if ((h = dlopen(NULL,RTLD_LAZY)))
-		{
-		union { void *p; int (*f)(int,int); } sym;
-		if ((sym.p = dlsym(h,"mallopt"))) (*sym.f)(M_KEEP,0);
-		dlclose(h);
-		}
-#endif
-	if ((h = dlopen("libdevinfo.so.1",RTLD_LAZY))) do
-		{
-		di_init_t	di_init;
-		di_fini_t	di_fini;
-		di_walk_node_t	di_walk_node;
-		di_node_name_t	di_node_name;
-		di_node_t	root_node;
-
-		if (!DLLINK(h,di_init))		break;
-		if (!DLLINK(h,di_fini))		break;
-		if (!DLLINK(h,di_walk_node))	break;
-		if (!DLLINK(h,di_node_name))	break;
-
-		if ((root_node = (*di_init)("/",DINFOSUBTREE))!=DI_NODE_NIL)
-			{
-			(*di_walk_node)(root_node,DI_WALK_SIBFIRST,
-					di_node_name,walk_nodename);
-			(*di_fini)(root_node);
-			}
-		} while(0);
-
-	if (h) dlclose(h);
-	}
-
-#else
-
-static sigjmp_buf common_jmp;
-static void common_handler(int sig) { siglongjmp(common_jmp,sig); }
-
-void OPENSSL_cpuid_setup(void)
-	{
-	char *e;
-	struct sigaction	common_act,ill_oact,bus_oact;
-	sigset_t		all_masked,oset;
-	static int trigger=0;
-
-	if (trigger) return;
-	trigger=1;
- 
-	if ((e=getenv("OPENSSL_sparcv9cap")))
-		{
-		OPENSSL_sparcv9cap_P=strtoul(e,NULL,0);
-		return;
-		}
-
-	/* Initial value, fits UltraSPARC-I&II... */
-	OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED;
-
-	sigfillset(&all_masked);
-	sigdelset(&all_masked,SIGILL);
-	sigdelset(&all_masked,SIGTRAP);
-#ifdef SIGEMT
-	sigdelset(&all_masked,SIGEMT);
-#endif
-	sigdelset(&all_masked,SIGFPE);
-	sigdelset(&all_masked,SIGBUS);
-	sigdelset(&all_masked,SIGSEGV);
-	sigprocmask(SIG_SETMASK,&all_masked,&oset);
-
-	memset(&common_act,0,sizeof(common_act));
-	common_act.sa_handler = common_handler;
-	common_act.sa_mask    = all_masked;
-
-	sigaction(SIGILL,&common_act,&ill_oact);
-	sigaction(SIGBUS,&common_act,&bus_oact);/* T1 fails 16-bit ldda [on Linux] */
-
-	if (sigsetjmp(common_jmp,1) == 0)
-		{
-		_sparcv9_rdtick();
-		OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
-		}
-
-	if (sigsetjmp(common_jmp,1) == 0)
-		{
-		_sparcv9_vis1_probe();
-		OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
-		/* detect UltraSPARC-Tx, see sparccpud.S for details... */
-		if (_sparcv9_vis1_instrument() >= 12)
-			OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU);
-		else
-			{
-			_sparcv9_vis2_probe();
-			OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
-			}
-		}
-
-	if (sigsetjmp(common_jmp,1) == 0)
-		{
-		_sparcv9_fmadd_probe();
-		OPENSSL_sparcv9cap_P |= SPARCV9_FMADD;
-		}
-
-	sigaction(SIGBUS,&bus_oact,NULL);
-	sigaction(SIGILL,&ill_oact,NULL);
-
-	sigprocmask(SIG_SETMASK,&oset,NULL);
-	}
-
-#endif
diff --git a/crypto/srp/srp.h b/crypto/srp/srp.h
deleted file mode 100644
index 7ec7825cad..0000000000
--- a/crypto/srp/srp.h
+++ /dev/null
@@ -1,172 +0,0 @@
-/* crypto/srp/srp.h */
-/* Written by Christophe Renou (christophe.renou@edelweb.fr) with 
- * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) 
- * for the EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef __SRP_H__
-#define __SRP_H__
-
-#ifndef OPENSSL_NO_SRP
-
-#include <stdio.h>
-#include <string.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include <openssl/safestack.h>
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-
-typedef struct SRP_gN_cache_st
-	{
-	char *b64_bn;
-	BIGNUM *bn;
-	} SRP_gN_cache;
-
-
-DECLARE_STACK_OF(SRP_gN_cache)
-
-typedef struct SRP_user_pwd_st
-	{
-	char *id;
-	BIGNUM *s;
-	BIGNUM *v;
-	const BIGNUM *g;
-	const BIGNUM *N;
-	char *info;
-	} SRP_user_pwd;
-
-DECLARE_STACK_OF(SRP_user_pwd)
-
-typedef struct SRP_VBASE_st
-	{
-	STACK_OF(SRP_user_pwd) *users_pwd;
-	STACK_OF(SRP_gN_cache) *gN_cache;
-/* to simulate a user */
-	char *seed_key;
-	BIGNUM *default_g;
-	BIGNUM *default_N;
-	} SRP_VBASE;
-
-
-/*Structure interne pour retenir les couples N et g*/
-typedef struct SRP_gN_st
-	{
-	char *id;
-	BIGNUM *g;
-	BIGNUM *N;
-	} SRP_gN;
-
-DECLARE_STACK_OF(SRP_gN)
-
-SRP_VBASE *SRP_VBASE_new(char *seed_key);
-int SRP_VBASE_free(SRP_VBASE *vb);
-int SRP_VBASE_init(SRP_VBASE *vb, char * verifier_file);
-SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
-char *SRP_create_verifier(const char *user, const char *pass, char **salt,
-			  char **verifier, const char *N, const char *g);
-int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, BIGNUM *N, BIGNUM *g);
-
-
-#define SRP_NO_ERROR 0
-#define SRP_ERR_VBASE_INCOMPLETE_FILE 1
-#define SRP_ERR_VBASE_BN_LIB 2
-#define SRP_ERR_OPEN_FILE 3
-#define SRP_ERR_MEMORY 4
-
-#define DB_srptype	0
-#define DB_srpverifier	1
-#define DB_srpsalt 	2
-#define DB_srpid	3              
-#define DB_srpgN	4       
-#define DB_srpinfo	5 
-#undef  DB_NUMBER      
-#define DB_NUMBER       6
-
-#define DB_SRP_INDEX	'I'
-#define DB_SRP_VALID	'V'
-#define DB_SRP_REVOKED	'R'
-#define DB_SRP_MODIF	'v'
-
-
-/* see srp.c */
-char * SRP_check_known_gN_param(BIGNUM* g, BIGNUM* N); 
-SRP_gN *SRP_get_default_gN(const char * id) ;
-
-/* server side .... */
-BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM *N);
-BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v);
-int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N);
-BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) ;
-
-
-
-/* client side .... */
-BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass);
-BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g);
-BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM *a, BIGNUM *u);
-int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N);
-
-#define SRP_MINIMAL_N 1024
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
-#endif
diff --git a/crypto/srp/srp_grps.h b/crypto/srp/srp_grps.h
deleted file mode 100644
index 8e3c35e3f5..0000000000
--- a/crypto/srp/srp_grps.h
+++ /dev/null
@@ -1,517 +0,0 @@
-/* start of generated data */
-
-static BN_ULONG bn_group_1024_value[] = {
-	bn_pack4(0x9FC6,0x1D2F,0xC0EB,0x06E3),
-	bn_pack4(0xFD51,0x38FE,0x8376,0x435B),
-	bn_pack4(0x2FD4,0xCBF4,0x976E,0xAA9A),
-	bn_pack4(0x68ED,0xBC3C,0x0572,0x6CC0),
-	bn_pack4(0xC529,0xF566,0x660E,0x57EC),
-	bn_pack4(0x8255,0x9B29,0x7BCF,0x1885),
-	bn_pack4(0xCE8E,0xF4AD,0x69B1,0x5D49),
-	bn_pack4(0x5DC7,0xD7B4,0x6154,0xD6B6),
-	bn_pack4(0x8E49,0x5C1D,0x6089,0xDAD1),
-	bn_pack4(0xE0D5,0xD8E2,0x50B9,0x8BE4),
-	bn_pack4(0x383B,0x4813,0xD692,0xC6E0),
-	bn_pack4(0xD674,0xDF74,0x96EA,0x81D3),
-	bn_pack4(0x9EA2,0x314C,0x9C25,0x6576),
-	bn_pack4(0x6072,0x6187,0x75FF,0x3C0B),
-	bn_pack4(0x9C33,0xF80A,0xFA8F,0xC5E8),
-	bn_pack4(0xEEAF,0x0AB9,0xADB3,0x8DD6)
-};
-static BIGNUM bn_group_1024 = {
-	bn_group_1024_value,
-	(sizeof bn_group_1024_value)/sizeof(BN_ULONG),
-	(sizeof bn_group_1024_value)/sizeof(BN_ULONG),
-	0,
-	BN_FLG_STATIC_DATA
-};
-
-static BN_ULONG bn_group_1536_value[] = {
-	bn_pack4(0xCF76,0xE3FE,0xD135,0xF9BB),
-	bn_pack4(0x1518,0x0F93,0x499A,0x234D),
-	bn_pack4(0x8CE7,0xA28C,0x2442,0xC6F3),
-	bn_pack4(0x5A02,0x1FFF,0x5E91,0x479E),
-	bn_pack4(0x7F8A,0x2FE9,0xB8B5,0x292E),
-	bn_pack4(0x837C,0x264A,0xE3A9,0xBEB8),
-	bn_pack4(0xE442,0x734A,0xF7CC,0xB7AE),
-	bn_pack4(0x6577,0x2E43,0x7D6C,0x7F8C),
-	bn_pack4(0xDB2F,0xD53D,0x24B7,0xC486),
-	bn_pack4(0x6EDF,0x0195,0x3934,0x9627),
-	bn_pack4(0x158B,0xFD3E,0x2B9C,0x8CF5),
-	bn_pack4(0x764E,0x3F4B,0x53DD,0x9DA1),
-	bn_pack4(0x4754,0x8381,0xDBC5,0xB1FC),
-	bn_pack4(0x9B60,0x9E0B,0xE3BA,0xB63D),
-	bn_pack4(0x8134,0xB1C8,0xB979,0x8914),
-	bn_pack4(0xDF02,0x8A7C,0xEC67,0xF0D0),
-	bn_pack4(0x80B6,0x55BB,0x9A22,0xE8DC),
-	bn_pack4(0x1558,0x903B,0xA0D0,0xF843),
-	bn_pack4(0x51C6,0xA94B,0xE460,0x7A29),
-	bn_pack4(0x5F4F,0x5F55,0x6E27,0xCBDE),
-	bn_pack4(0xBEEE,0xA961,0x4B19,0xCC4D),
-	bn_pack4(0xDBA5,0x1DF4,0x99AC,0x4C80),
-	bn_pack4(0xB1F1,0x2A86,0x17A4,0x7BBB),
-	bn_pack4(0x9DEF,0x3CAF,0xB939,0x277A)
-};
-static BIGNUM bn_group_1536 = {
-	bn_group_1536_value,
-	(sizeof bn_group_1536_value)/sizeof(BN_ULONG),
-	(sizeof bn_group_1536_value)/sizeof(BN_ULONG),
-	0,
-	BN_FLG_STATIC_DATA
-};
-
-static BN_ULONG bn_group_2048_value[] = {
-	bn_pack4(0x0FA7,0x111F,0x9E4A,0xFF73),
-	bn_pack4(0x9B65,0xE372,0xFCD6,0x8EF2),
-	bn_pack4(0x35DE,0x236D,0x525F,0x5475),
-	bn_pack4(0x94B5,0xC803,0xD89F,0x7AE4),
-	bn_pack4(0x71AE,0x35F8,0xE9DB,0xFBB6),
-	bn_pack4(0x2A56,0x98F3,0xA8D0,0xC382),
-	bn_pack4(0x9CCC,0x041C,0x7BC3,0x08D8),
-	bn_pack4(0xAF87,0x4E73,0x03CE,0x5329),
-	bn_pack4(0x6160,0x2790,0x04E5,0x7AE6),
-	bn_pack4(0x032C,0xFBDB,0xF52F,0xB378),
-	bn_pack4(0x5EA7,0x7A27,0x75D2,0xECFA),
-	bn_pack4(0x5445,0x23B5,0x24B0,0xD57D),
-	bn_pack4(0x5B9D,0x32E6,0x88F8,0x7748),
-	bn_pack4(0xF1D2,0xB907,0x8717,0x461A),
-	bn_pack4(0x76BD,0x207A,0x436C,0x6481),
-	bn_pack4(0xCA97,0xB43A,0x23FB,0x8016),
-	bn_pack4(0x1D28,0x1E44,0x6B14,0x773B),
-	bn_pack4(0x7359,0xD041,0xD5C3,0x3EA7),
-	bn_pack4(0xA80D,0x740A,0xDBF4,0xFF74),
-	bn_pack4(0x55F9,0x7993,0xEC97,0x5EEA),
-	bn_pack4(0x2918,0xA996,0x2F0B,0x93B8),
-	bn_pack4(0x661A,0x05FB,0xD5FA,0xAAE8),
-	bn_pack4(0xCF60,0x9517,0x9A16,0x3AB3),
-	bn_pack4(0xE808,0x3969,0xEDB7,0x67B0),
-	bn_pack4(0xCD7F,0x48A9,0xDA04,0xFD50),
-	bn_pack4(0xD523,0x12AB,0x4B03,0x310D),
-	bn_pack4(0x8193,0xE075,0x7767,0xA13D),
-	bn_pack4(0xA373,0x29CB,0xB4A0,0x99ED),
-	bn_pack4(0xFC31,0x9294,0x3DB5,0x6050),
-	bn_pack4(0xAF72,0xB665,0x1987,0xEE07),
-	bn_pack4(0xF166,0xDE5E,0x1389,0x582F),
-	bn_pack4(0xAC6B,0xDB41,0x324A,0x9A9B)
-};
-static BIGNUM bn_group_2048 = {
-	bn_group_2048_value,
-	(sizeof bn_group_2048_value)/sizeof(BN_ULONG),
-	(sizeof bn_group_2048_value)/sizeof(BN_ULONG),
-	0,
-	BN_FLG_STATIC_DATA
-};
-
-static BN_ULONG bn_group_3072_value[] = {
-	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
-	bn_pack4(0x4B82,0xD120,0xA93A,0xD2CA),
-	bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
-	bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
-	bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
-	bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
-	bn_pack4(0x521F,0x2B18,0x177B,0x200C),
-	bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
-	bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
-	bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
-	bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
-	bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
-	bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
-	bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
-	bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
-	bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
-	bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
-	bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
-	bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
-	bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
-	bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
-	bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
-	bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
-	bn_pack4(0xE39E,0x772C,0x180E,0x8603),
-	bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
-	bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
-	bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
-	bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
-	bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
-	bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
-	bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
-	bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
-	bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
-	bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
-	bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
-	bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
-	bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
-	bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
-	bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
-	bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
-	bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
-	bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
-	bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
-	bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
-	bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
-	bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
-	bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
-	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
-};
-static BIGNUM bn_group_3072 = {
-	bn_group_3072_value,
-	(sizeof bn_group_3072_value)/sizeof(BN_ULONG),
-	(sizeof bn_group_3072_value)/sizeof(BN_ULONG),
-	0,
-	BN_FLG_STATIC_DATA
-};
-
-static BN_ULONG bn_group_4096_value[] = {
-	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
-	bn_pack4(0x4DF4,0x35C9,0x3406,0x3199),
-	bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
-	bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
-	bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
-	bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
-	bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
-	bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
-	bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
-	bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
-	bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
-	bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
-	bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
-	bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
-	bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
-	bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
-	bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
-	bn_pack4(0x4B82,0xD120,0xA921,0x0801),
-	bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
-	bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
-	bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
-	bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
-	bn_pack4(0x521F,0x2B18,0x177B,0x200C),
-	bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
-	bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
-	bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
-	bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
-	bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
-	bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
-	bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
-	bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
-	bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
-	bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
-	bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
-	bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
-	bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
-	bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
-	bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
-	bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
-	bn_pack4(0xE39E,0x772C,0x180E,0x8603),
-	bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
-	bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
-	bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
-	bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
-	bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
-	bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
-	bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
-	bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
-	bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
-	bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
-	bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
-	bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
-	bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
-	bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
-	bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
-	bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
-	bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
-	bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
-	bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
-	bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
-	bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
-	bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
-	bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
-	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
-};
-static BIGNUM bn_group_4096 = {
-	bn_group_4096_value,
-	(sizeof bn_group_4096_value)/sizeof(BN_ULONG),
-	(sizeof bn_group_4096_value)/sizeof(BN_ULONG),
-	0,
-	BN_FLG_STATIC_DATA
-};
-
-static BN_ULONG bn_group_6144_value[] = {
-	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
-	bn_pack4(0xE694,0xF91E,0x6DCC,0x4024),
-	bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
-	bn_pack4(0x043E,0x8F66,0x3F48,0x60EE),
-	bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468),
-	bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632),
-	bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C),
-	bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0),
-	bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76),
-	bn_pack4(0xA797,0x15EE,0xF29B,0xE328),
-	bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0),
-	bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8),
-	bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA),
-	bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5),
-	bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE),
-	bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3),
-	bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E),
-	bn_pack4(0xD55E,0x702F,0x4698,0x0C82),
-	bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6),
-	bn_pack4(0xF032,0xEA15,0xD172,0x1D03),
-	bn_pack4(0x5983,0xCA01,0xC64B,0x92EC),
-	bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF),
-	bn_pack4(0x3320,0x5151,0x2BD7,0xAF42),
-	bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B),
-	bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B),
-	bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED),
-	bn_pack4(0x1797,0x27B0,0x865A,0x8918),
-	bn_pack4(0xB06A,0x53ED,0x9027,0xD831),
-	bn_pack4(0xE5DB,0x382F,0x4130,0x01AE),
-	bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E),
-	bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD),
-	bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE),
-	bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026),
-	bn_pack4(0x4DF4,0x35C9,0x3402,0x8492),
-	bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
-	bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
-	bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
-	bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
-	bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
-	bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
-	bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
-	bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
-	bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
-	bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
-	bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
-	bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
-	bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
-	bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
-	bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
-	bn_pack4(0x4B82,0xD120,0xA921,0x0801),
-	bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
-	bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
-	bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
-	bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
-	bn_pack4(0x521F,0x2B18,0x177B,0x200C),
-	bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
-	bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
-	bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
-	bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
-	bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
-	bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
-	bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
-	bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
-	bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
-	bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
-	bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
-	bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
-	bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
-	bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
-	bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
-	bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
-	bn_pack4(0xE39E,0x772C,0x180E,0x8603),
-	bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
-	bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
-	bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
-	bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
-	bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
-	bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
-	bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
-	bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
-	bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
-	bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
-	bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
-	bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
-	bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
-	bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
-	bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
-	bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
-	bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
-	bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
-	bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
-	bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
-	bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
-	bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
-	bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
-	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
-};
-static BIGNUM bn_group_6144 = {
-	bn_group_6144_value,
-	(sizeof bn_group_6144_value)/sizeof(BN_ULONG),
-	(sizeof bn_group_6144_value)/sizeof(BN_ULONG),
-	0,
-	BN_FLG_STATIC_DATA
-};
-
-static BN_ULONG bn_group_8192_value[] = {
-	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF),
-	bn_pack4(0x60C9,0x80DD,0x98ED,0xD3DF),
-	bn_pack4(0xC81F,0x56E8,0x80B9,0x6E71),
-	bn_pack4(0x9E30,0x50E2,0x7656,0x94DF),
-	bn_pack4(0x9558,0xE447,0x5677,0xE9AA),
-	bn_pack4(0xC919,0x0DA6,0xFC02,0x6E47),
-	bn_pack4(0x889A,0x002E,0xD5EE,0x382B),
-	bn_pack4(0x4009,0x438B,0x481C,0x6CD7),
-	bn_pack4(0x3590,0x46F4,0xEB87,0x9F92),
-	bn_pack4(0xFAF3,0x6BC3,0x1ECF,0xA268),
-	bn_pack4(0xB1D5,0x10BD,0x7EE7,0x4D73),
-	bn_pack4(0xF9AB,0x4819,0x5DED,0x7EA1),
-	bn_pack4(0x64F3,0x1CC5,0x0846,0x851D),
-	bn_pack4(0x4597,0xE899,0xA025,0x5DC1),
-	bn_pack4(0xDF31,0x0EE0,0x74AB,0x6A36),
-	bn_pack4(0x6D2A,0x13F8,0x3F44,0xF82D),
-	bn_pack4(0x062B,0x3CF5,0xB3A2,0x78A6),
-	bn_pack4(0x7968,0x3303,0xED5B,0xDD3A),
-	bn_pack4(0xFA9D,0x4B7F,0xA2C0,0x87E8),
-	bn_pack4(0x4BCB,0xC886,0x2F83,0x85DD),
-	bn_pack4(0x3473,0xFC64,0x6CEA,0x306B),
-	bn_pack4(0x13EB,0x57A8,0x1A23,0xF0C7),
-	bn_pack4(0x2222,0x2E04,0xA403,0x7C07),
-	bn_pack4(0xE3FD,0xB8BE,0xFC84,0x8AD9),
-	bn_pack4(0x238F,0x16CB,0xE39D,0x652D),
-	bn_pack4(0x3423,0xB474,0x2BF1,0xC978),
-	bn_pack4(0x3AAB,0x639C,0x5AE4,0xF568),
-	bn_pack4(0x2576,0xF693,0x6BA4,0x2466),
-	bn_pack4(0x741F,0xA7BF,0x8AFC,0x47ED),
-	bn_pack4(0x3BC8,0x32B6,0x8D9D,0xD300),
-	bn_pack4(0xD8BE,0xC4D0,0x73B9,0x31BA),
-	bn_pack4(0x3877,0x7CB6,0xA932,0xDF8C),
-	bn_pack4(0x74A3,0x926F,0x12FE,0xE5E4),
-	bn_pack4(0xE694,0xF91E,0x6DBE,0x1159),
-	bn_pack4(0x12BF,0x2D5B,0x0B74,0x74D6),
-	bn_pack4(0x043E,0x8F66,0x3F48,0x60EE),
-	bn_pack4(0x387F,0xE8D7,0x6E3C,0x0468),
-	bn_pack4(0xDA56,0xC9EC,0x2EF2,0x9632),
-	bn_pack4(0xEB19,0xCCB1,0xA313,0xD55C),
-	bn_pack4(0xF550,0xAA3D,0x8A1F,0xBFF0),
-	bn_pack4(0x06A1,0xD58B,0xB7C5,0xDA76),
-	bn_pack4(0xA797,0x15EE,0xF29B,0xE328),
-	bn_pack4(0x14CC,0x5ED2,0x0F80,0x37E0),
-	bn_pack4(0xCC8F,0x6D7E,0xBF48,0xE1D8),
-	bn_pack4(0x4BD4,0x07B2,0x2B41,0x54AA),
-	bn_pack4(0x0F1D,0x45B7,0xFF58,0x5AC5),
-	bn_pack4(0x23A9,0x7A7E,0x36CC,0x88BE),
-	bn_pack4(0x59E7,0xC97F,0xBEC7,0xE8F3),
-	bn_pack4(0xB5A8,0x4031,0x900B,0x1C9E),
-	bn_pack4(0xD55E,0x702F,0x4698,0x0C82),
-	bn_pack4(0xF482,0xD7CE,0x6E74,0xFEF6),
-	bn_pack4(0xF032,0xEA15,0xD172,0x1D03),
-	bn_pack4(0x5983,0xCA01,0xC64B,0x92EC),
-	bn_pack4(0x6FB8,0xF401,0x378C,0xD2BF),
-	bn_pack4(0x3320,0x5151,0x2BD7,0xAF42),
-	bn_pack4(0xDB7F,0x1447,0xE6CC,0x254B),
-	bn_pack4(0x44CE,0x6CBA,0xCED4,0xBB1B),
-	bn_pack4(0xDA3E,0xDBEB,0xCF9B,0x14ED),
-	bn_pack4(0x1797,0x27B0,0x865A,0x8918),
-	bn_pack4(0xB06A,0x53ED,0x9027,0xD831),
-	bn_pack4(0xE5DB,0x382F,0x4130,0x01AE),
-	bn_pack4(0xF8FF,0x9406,0xAD9E,0x530E),
-	bn_pack4(0xC975,0x1E76,0x3DBA,0x37BD),
-	bn_pack4(0xC1D4,0xDCB2,0x6026,0x46DE),
-	bn_pack4(0x36C3,0xFAB4,0xD27C,0x7026),
-	bn_pack4(0x4DF4,0x35C9,0x3402,0x8492),
-	bn_pack4(0x86FF,0xB7DC,0x90A6,0xC08F),
-	bn_pack4(0x93B4,0xEA98,0x8D8F,0xDDC1),
-	bn_pack4(0xD006,0x9127,0xD5B0,0x5AA9),
-	bn_pack4(0xB81B,0xDD76,0x2170,0x481C),
-	bn_pack4(0x1F61,0x2970,0xCEE2,0xD7AF),
-	bn_pack4(0x233B,0xA186,0x515B,0xE7ED),
-	bn_pack4(0x99B2,0x964F,0xA090,0xC3A2),
-	bn_pack4(0x287C,0x5947,0x4E6B,0xC05D),
-	bn_pack4(0x2E8E,0xFC14,0x1FBE,0xCAA6),
-	bn_pack4(0xDBBB,0xC2DB,0x04DE,0x8EF9),
-	bn_pack4(0x2583,0xE9CA,0x2AD4,0x4CE8),
-	bn_pack4(0x1A94,0x6834,0xB615,0x0BDA),
-	bn_pack4(0x99C3,0x2718,0x6AF4,0xE23C),
-	bn_pack4(0x8871,0x9A10,0xBDBA,0x5B26),
-	bn_pack4(0x1A72,0x3C12,0xA787,0xE6D7),
-	bn_pack4(0x4B82,0xD120,0xA921,0x0801),
-	bn_pack4(0x43DB,0x5BFC,0xE0FD,0x108E),
-	bn_pack4(0x08E2,0x4FA0,0x74E5,0xAB31),
-	bn_pack4(0x7709,0x88C0,0xBAD9,0x46E2),
-	bn_pack4(0xBBE1,0x1757,0x7A61,0x5D6C),
-	bn_pack4(0x521F,0x2B18,0x177B,0x200C),
-	bn_pack4(0xD876,0x0273,0x3EC8,0x6A64),
-	bn_pack4(0xF12F,0xFA06,0xD98A,0x0864),
-	bn_pack4(0xCEE3,0xD226,0x1AD2,0xEE6B),
-	bn_pack4(0x1E8C,0x94E0,0x4A25,0x619D),
-	bn_pack4(0xABF5,0xAE8C,0xDB09,0x33D7),
-	bn_pack4(0xB397,0x0F85,0xA6E1,0xE4C7),
-	bn_pack4(0x8AEA,0x7157,0x5D06,0x0C7D),
-	bn_pack4(0xECFB,0x8504,0x58DB,0xEF0A),
-	bn_pack4(0xA855,0x21AB,0xDF1C,0xBA64),
-	bn_pack4(0xAD33,0x170D,0x0450,0x7A33),
-	bn_pack4(0x1572,0x8E5A,0x8AAA,0xC42D),
-	bn_pack4(0x15D2,0x2618,0x98FA,0x0510),
-	bn_pack4(0x3995,0x497C,0xEA95,0x6AE5),
-	bn_pack4(0xDE2B,0xCBF6,0x9558,0x1718),
-	bn_pack4(0xB5C5,0x5DF0,0x6F4C,0x52C9),
-	bn_pack4(0x9B27,0x83A2,0xEC07,0xA28F),
-	bn_pack4(0xE39E,0x772C,0x180E,0x8603),
-	bn_pack4(0x3290,0x5E46,0x2E36,0xCE3B),
-	bn_pack4(0xF174,0x6C08,0xCA18,0x217C),
-	bn_pack4(0x670C,0x354E,0x4ABC,0x9804),
-	bn_pack4(0x9ED5,0x2907,0x7096,0x966D),
-	bn_pack4(0x1C62,0xF356,0x2085,0x52BB),
-	bn_pack4(0x8365,0x5D23,0xDCA3,0xAD96),
-	bn_pack4(0x6916,0x3FA8,0xFD24,0xCF5F),
-	bn_pack4(0x98DA,0x4836,0x1C55,0xD39A),
-	bn_pack4(0xC200,0x7CB8,0xA163,0xBF05),
-	bn_pack4(0x4928,0x6651,0xECE4,0x5B3D),
-	bn_pack4(0xAE9F,0x2411,0x7C4B,0x1FE6),
-	bn_pack4(0xEE38,0x6BFB,0x5A89,0x9FA5),
-	bn_pack4(0x0BFF,0x5CB6,0xF406,0xB7ED),
-	bn_pack4(0xF44C,0x42E9,0xA637,0xED6B),
-	bn_pack4(0xE485,0xB576,0x625E,0x7EC6),
-	bn_pack4(0x4FE1,0x356D,0x6D51,0xC245),
-	bn_pack4(0x302B,0x0A6D,0xF25F,0x1437),
-	bn_pack4(0xEF95,0x19B3,0xCD3A,0x431B),
-	bn_pack4(0x514A,0x0879,0x8E34,0x04DD),
-	bn_pack4(0x020B,0xBEA6,0x3B13,0x9B22),
-	bn_pack4(0x2902,0x4E08,0x8A67,0xCC74),
-	bn_pack4(0xC4C6,0x628B,0x80DC,0x1CD1),
-	bn_pack4(0xC90F,0xDAA2,0x2168,0xC234),
-	bn_pack4(0xFFFF,0xFFFF,0xFFFF,0xFFFF)
-};
-static BIGNUM bn_group_8192 = {
-	bn_group_8192_value,
-	(sizeof bn_group_8192_value)/sizeof(BN_ULONG),
-	(sizeof bn_group_8192_value)/sizeof(BN_ULONG),
-	0,
-	BN_FLG_STATIC_DATA
-};
-
-static BN_ULONG bn_generator_19_value[] = {19} ;
-static BIGNUM bn_generator_19 = {
-	bn_generator_19_value,
-	1,
-	1,
-	0,
-	BN_FLG_STATIC_DATA
-};
-static BN_ULONG bn_generator_5_value[] = {5} ;
-static BIGNUM bn_generator_5 = {
-	bn_generator_5_value,
-	1,
-	1,
-	0,
-	BN_FLG_STATIC_DATA
-};
-static BN_ULONG bn_generator_2_value[] = {2} ;
-static BIGNUM bn_generator_2 = {
-	bn_generator_2_value,
-	1,
-	1,
-	0,
-	BN_FLG_STATIC_DATA
-};
-
-static SRP_gN knowngN[] = {
-	{"8192",&bn_generator_19 , &bn_group_8192},
-	{"6144",&bn_generator_5 , &bn_group_6144},
-	{"4096",&bn_generator_5 , &bn_group_4096},
-	{"3072",&bn_generator_5 , &bn_group_3072},
-	{"2048",&bn_generator_2 , &bn_group_2048},
-	{"1536",&bn_generator_2 , &bn_group_1536},
-	{"1024",&bn_generator_2 , &bn_group_1024},
-};
-#define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
-
-/* end of generated data */
diff --git a/crypto/srp/srp_lcl.h b/crypto/srp/srp_lcl.h
deleted file mode 100644
index 42bda3f148..0000000000
--- a/crypto/srp/srp_lcl.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/* crypto/srp/srp_lcl.h */
-/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)  
- * for the EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_SRP_LCL_H
-#define HEADER_SRP_LCL_H
-
-#include <openssl/srp.h>
-#include <openssl/sha.h>
-
-#if 0
-#define srp_bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
-   fprintf(stderr,"\n");}
-#else
-#define   srp_bn_print(a)
-#endif
-
-
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
deleted file mode 100644
index 83d417a308..0000000000
--- a/crypto/srp/srp_lib.c
+++ /dev/null
@@ -1,367 +0,0 @@
-/* crypto/srp/srp_lib.c */
-/* Written by Christophe Renou (christophe.renou@edelweb.fr) with 
- * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) 
- * for the EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef OPENSSL_NO_SRP
-#include "cryptlib.h"
-#include "srp_lcl.h"
-#include <openssl/srp.h>
-#include <openssl/evp.h>
-
-#if (BN_BYTES == 8)
-# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-#  define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
-# elif defined(__arch64__)
-#  define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
-# else
-#  define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
-# endif
-#elif (BN_BYTES == 4)
-# define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
-#else
-# error "unsupported BN_BYTES"
-#endif
-
-
-#include "srp_grps.h"
-
-static BIGNUM *srp_Calc_k(BIGNUM *N, BIGNUM *g)
-	{
-	/* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
-
-	unsigned char digest[SHA_DIGEST_LENGTH];
-	unsigned char *tmp;
-	EVP_MD_CTX ctxt;
-	int longg ;
-	int longN = BN_num_bytes(N);
-
-	if (BN_ucmp(g, N) >= 0)
-		return NULL;
-
-	if ((tmp = OPENSSL_malloc(longN)) == NULL)
-		return NULL;
-	BN_bn2bin(N,tmp) ;
-
-	EVP_MD_CTX_init(&ctxt);
-	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-	EVP_DigestUpdate(&ctxt, tmp, longN);
-
-	memset(tmp, 0, longN);
-	longg = BN_bn2bin(g,tmp) ;
-        /* use the zeros behind to pad on left */
-	EVP_DigestUpdate(&ctxt, tmp + longg, longN-longg);
-	EVP_DigestUpdate(&ctxt, tmp, longg);
-	OPENSSL_free(tmp);
-
-	EVP_DigestFinal_ex(&ctxt, digest, NULL);
-	EVP_MD_CTX_cleanup(&ctxt);
-	return BN_bin2bn(digest, sizeof(digest), NULL);	
-	}
-
-BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
-	{
-	/* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
-
-	BIGNUM *u;	
-	unsigned char cu[SHA_DIGEST_LENGTH];
-	unsigned char *cAB;
-	EVP_MD_CTX ctxt;
-	int longN;  
-	if ((A == NULL) ||(B == NULL) || (N == NULL))
-		return NULL;
-
-	if (BN_ucmp(A, N) >= 0 || BN_ucmp(B, N) >= 0)
-		return NULL;
-
-	longN= BN_num_bytes(N);
-
-	if ((cAB = OPENSSL_malloc(2*longN)) == NULL) 
-		return NULL;
-
-	memset(cAB, 0, longN);
-
-	EVP_MD_CTX_init(&ctxt);
-	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-	EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(A,cAB+longN), longN);
-	EVP_DigestUpdate(&ctxt, cAB + BN_bn2bin(B,cAB+longN), longN);
-	OPENSSL_free(cAB);
-	EVP_DigestFinal_ex(&ctxt, cu, NULL);
-	EVP_MD_CTX_cleanup(&ctxt);
-
-	if (!(u = BN_bin2bn(cu, sizeof(cu), NULL)))
-		return NULL;
-	if (!BN_is_zero(u))
-		return u;
-	BN_free(u);
-	return NULL;
-}
-
-BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM *N)
-	{
-	BIGNUM *tmp = NULL, *S = NULL;
-	BN_CTX *bn_ctx; 
-	
-	if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
-		return NULL; 
-
-	if ((bn_ctx = BN_CTX_new()) == NULL ||
-		(tmp = BN_new()) == NULL ||
-		(S = BN_new()) == NULL )
-		goto err;
-
-	/* S = (A*v**u) ** b */ 
-
-	if (!BN_mod_exp(tmp,v,u,N,bn_ctx))
-		goto err;
-	if (!BN_mod_mul(tmp,A,tmp,N,bn_ctx))
-		goto err;
-	if (!BN_mod_exp(S,tmp,b,N,bn_ctx))
-		goto err;
-err:
-	BN_CTX_free(bn_ctx);
-	BN_clear_free(tmp);
-	return S;
-	}
-
-BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v)
-	{
-	BIGNUM  *kv = NULL, *gb = NULL;
-	BIGNUM *B = NULL, *k = NULL;
-	BN_CTX *bn_ctx;
-
-	if (b == NULL || N == NULL || g == NULL || v == NULL ||
-		(bn_ctx = BN_CTX_new()) == NULL)
-		return NULL; 
-
-	if ( (kv = BN_new()) == NULL ||
-		(gb = BN_new()) == NULL ||
-		(B = BN_new())== NULL)
-		goto err;
-
-	/* B = g**b + k*v */
-
-	if (!BN_mod_exp(gb,g,b,N,bn_ctx) ||
-	   !(k = srp_Calc_k(N,g)) ||
-	   !BN_mod_mul(kv,v,k,N,bn_ctx) || 
-	   !BN_mod_add(B,gb,kv,N,bn_ctx))
-		{
-		BN_free(B);
-		B = NULL;
-		}
-err:
-	BN_CTX_free(bn_ctx);
-	BN_clear_free(kv);
-	BN_clear_free(gb);
-	BN_free(k); 
-	return B;
-	}
-
-BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass)
-	{
-	unsigned char dig[SHA_DIGEST_LENGTH];
-	EVP_MD_CTX ctxt;
-	unsigned char *cs;
-
-	if ((s == NULL) ||
-		(user == NULL) ||
-		(pass == NULL))
-		return NULL;
-
-	if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
-		return NULL;
-
-	EVP_MD_CTX_init(&ctxt);
-	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-	EVP_DigestUpdate(&ctxt, user, strlen(user));
-	EVP_DigestUpdate(&ctxt, ":", 1);
-	EVP_DigestUpdate(&ctxt, pass, strlen(pass));
-	EVP_DigestFinal_ex(&ctxt, dig, NULL);
-
-	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-	BN_bn2bin(s,cs);
-	EVP_DigestUpdate(&ctxt, cs, BN_num_bytes(s));
-	OPENSSL_free(cs);
-	EVP_DigestUpdate(&ctxt, dig, sizeof(dig));
-	EVP_DigestFinal_ex(&ctxt, dig, NULL);
-	EVP_MD_CTX_cleanup(&ctxt);
-
-	return BN_bin2bn(dig, sizeof(dig), NULL);
-	}
-
-BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g)
-	{
-	BN_CTX *bn_ctx; 
-	BIGNUM * A = NULL;
-
-	if (a == NULL || N == NULL || g == NULL ||
-		(bn_ctx = BN_CTX_new()) == NULL) 
-		return NULL;
-
-	if ((A = BN_new()) != NULL &&
-	   !BN_mod_exp(A,g,a,N,bn_ctx))
-		{
-		BN_free(A);
-		A = NULL;
-		}
-	BN_CTX_free(bn_ctx);
-	return A;
-	}
-
-
-BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM *a, BIGNUM *u)
-	{
-	BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL , *k = NULL, *K = NULL;
-	BN_CTX *bn_ctx;
-
-	if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL || a == NULL ||
-		(bn_ctx = BN_CTX_new()) == NULL)
-		return NULL; 
-
-	if ((tmp = BN_new()) == NULL ||
-		(tmp2 = BN_new())== NULL ||
-		(tmp3 = BN_new())== NULL ||
-		(K = BN_new()) == NULL)
-		goto err;
-	
-	if (!BN_mod_exp(tmp,g,x,N,bn_ctx))
-		goto err;
-	if (!(k = srp_Calc_k(N,g)))
-		goto err;
-	if (!BN_mod_mul(tmp2,tmp,k,N,bn_ctx))
-		goto err;
-	if (!BN_mod_sub(tmp,B,tmp2,N,bn_ctx))
-		goto err;
-
-	if (!BN_mod_mul(tmp3,u,x,N,bn_ctx))
-		goto err;
-	if (!BN_mod_add(tmp2,a,tmp3,N,bn_ctx))
-		goto err;
-	if (!BN_mod_exp(K,tmp,tmp2,N,bn_ctx))
-		goto err;
-
-err :
-	BN_CTX_free(bn_ctx);
-	BN_clear_free(tmp);
-	BN_clear_free(tmp2);
-	BN_clear_free(tmp3);
-	BN_free(k);
-	return K;	
-	}
-
-int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N)
-	{
-	BIGNUM *r;
-	BN_CTX *bn_ctx; 
-	int ret = 0;
-
-	if (B == NULL || N == NULL ||
-		(bn_ctx = BN_CTX_new()) == NULL)
-		return 0;
-
-	if ((r = BN_new()) == NULL)
-		goto err;
-	/* Checks if B % N == 0 */
-	if (!BN_nnmod(r,B,N,bn_ctx))
-		goto err;
-	ret = !BN_is_zero(r);
-err:
-	BN_CTX_free(bn_ctx);
-	BN_free(r);
-	return ret;
-	}
-
-int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N)
-	{
-	/* Checks if A % N == 0 */
-	return SRP_Verify_B_mod_N(A,N) ;
-	}
-
-
-/* Check if G and N are kwown parameters. 
-   The values have been generated from the ietf-tls-srp draft version 8
-*/
-char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
-	{
-	size_t i;
-	if ((g == NULL) || (N == NULL))
-		return 0;
-
-	srp_bn_print(g);
-	srp_bn_print(N);
-
-	for(i = 0; i < KNOWN_GN_NUMBER; i++)
-		{
-		if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0) 
-			return knowngN[i].id;
-		}
-	return NULL;
-	}
-
-SRP_gN *SRP_get_default_gN(const char *id)
-	{
-	size_t i;
-
-	if (id == NULL) 
-		return knowngN;
-	for(i = 0; i < KNOWN_GN_NUMBER; i++)
-		{
-		if (strcmp(knowngN[i].id, id)==0)
-			return knowngN + i;
-		}
-	return NULL;
-	}
-#endif
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
deleted file mode 100644
index fdca19ff7c..0000000000
--- a/crypto/srp/srp_vfy.c
+++ /dev/null
@@ -1,661 +0,0 @@
-/* crypto/srp/srp_vfy.c */
-/* Written by Christophe Renou (christophe.renou@edelweb.fr) with 
- * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) 
- * for the EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef OPENSSL_NO_SRP
-#include "cryptlib.h"
-#include "srp_lcl.h"
-#include <openssl/srp.h>
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/txt_db.h>
-
-#define SRP_RANDOM_SALT_LEN 20
-#define MAX_LEN 2500
-
-static char b64table[] =
-  "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
-
-/* the following two conversion routines have been inspired by code from Stanford */ 
-
-/*
- * Convert a base64 string into raw byte array representation.
- */
-static int t_fromb64(unsigned char *a, const char *src)
-	{
-	char *loc;
-	int i, j;
-	int size;
-
-	while(*src && (*src == ' ' || *src == '\t' || *src == '\n'))
-		++src;
-	size = strlen(src);
-	i = 0;
-	while(i < size)
-		{
-		loc = strchr(b64table, src[i]);
-		if(loc == (char *) 0) break;
-		else a[i] = loc - b64table;
-		++i;
-		}
-	/* if nothing valid to process we have a zero length response */
-	if (i == 0)
-		return 0;
-	size = i;
-	i = size - 1;
-	j = size;
-	while(1)
-		{
-		a[j] = a[i];
-		if(--i < 0) break;
-		a[j] |= (a[i] & 3) << 6;
-		--j;
-		a[j] = (unsigned char) ((a[i] & 0x3c) >> 2);
-		if(--i < 0) break;
-		a[j] |= (a[i] & 0xf) << 4;
-		--j;
-		a[j] = (unsigned char) ((a[i] & 0x30) >> 4);
-		if(--i < 0) break;
-		a[j] |= (a[i] << 2);
-
-		a[--j] = 0;
-		if(--i < 0) break;
-		}
-	while(a[j] == 0 && j <= size) ++j;
-	i = 0;
-	while (j <= size) a[i++] = a[j++];
-	return i;
-	}
-
-
-/*
- * Convert a raw byte string into a null-terminated base64 ASCII string.
- */
-static char *t_tob64(char *dst, const unsigned char *src, int size)
-	{
-	int c, pos = size % 3;
-	unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0;
-	char *olddst = dst;
-
-	switch(pos)
-		{
-	case 1:
-		b2 = src[0];
-		break;
-	case 2:
-		b1 = src[0];
-		b2 = src[1];
-		break;
-		}
-
-	while(1)
-		{
-		c = (b0 & 0xfc) >> 2;
-		if(notleading || c != 0)
-			{
-			*dst++ = b64table[c];
-			notleading = 1;
-			}
-		c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4);
-		if(notleading || c != 0)
-			{
-			*dst++ = b64table[c];
-			notleading = 1;
-			}
-		c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6);
-		if(notleading || c != 0)
-			{
-			*dst++ = b64table[c];
-			notleading = 1;
-			}
-		c = b2 & 0x3f;
-		if(notleading || c != 0)
-			{
-			*dst++ = b64table[c];
-			notleading = 1;
-			}
-		if(pos >= size) break;
-		else
-			{
-			b0 = src[pos++];
-			b1 = src[pos++];
-			b2 = src[pos++];
-			}
-		}
-
-	*dst++ = '\0';
-	return olddst;
-	}
-
-static void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
-	{
-	if (user_pwd == NULL) 
-		return;
-	BN_free(user_pwd->s);
-	BN_clear_free(user_pwd->v);
-	OPENSSL_free(user_pwd->id);
-	OPENSSL_free(user_pwd->info);
-	OPENSSL_free(user_pwd);
-	}
-
-static SRP_user_pwd *SRP_user_pwd_new()
-	{
-	SRP_user_pwd *ret = OPENSSL_malloc(sizeof(SRP_user_pwd));
-	if (ret == NULL)
-		return NULL;								
-	ret->N = NULL;
-	ret->g = NULL;	
-	ret->s = NULL;
-	ret->v = NULL;
-	ret->id = NULL ;
-	ret->info = NULL;
-	return ret;
-	}
-
-static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
-				const BIGNUM *N)
-	{
-	vinfo->N = N;
-	vinfo->g = g;	
-	}
-
-static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
-				const char *info)
-	{
-	if (id != NULL && NULL == (vinfo->id = BUF_strdup(id)))
-		return 0;
-	return (info == NULL || NULL != (vinfo->info = BUF_strdup(info))) ;
-	}
-
-static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
-			       const char *v)
-	{
-	unsigned char tmp[MAX_LEN];
-	int len;
-
-	if (strlen(s) > MAX_LEN || strlen(v) > MAX_LEN) 
-		return 0; 
-	len = t_fromb64(tmp, v);
-	if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)) )
-		return 0;
-	len = t_fromb64(tmp, s);
-	return ((vinfo->s = BN_bin2bn(tmp, len, NULL)) != NULL) ;
-	}
-
-static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
-	{
-	vinfo->v = v;
-	vinfo->s = s;
-	return (vinfo->s != NULL && vinfo->v != NULL) ;
-	}
-
-SRP_VBASE *SRP_VBASE_new(char *seed_key)
-	{
-	SRP_VBASE *vb = (SRP_VBASE *) OPENSSL_malloc(sizeof(SRP_VBASE));
-
-	if (vb == NULL)
-		return NULL;
-	if (!(vb->users_pwd = sk_SRP_user_pwd_new_null()) ||
-		!(vb->gN_cache = sk_SRP_gN_cache_new_null()))
-		{
-		OPENSSL_free(vb);
-		return NULL;
-		}
-	vb->default_g = NULL;
-	vb->default_N = NULL;
-	vb->seed_key = NULL;
-	if ((seed_key != NULL) && 
-		(vb->seed_key = BUF_strdup(seed_key)) == NULL)
-		{
-		sk_SRP_user_pwd_free(vb->users_pwd);
-		sk_SRP_gN_cache_free(vb->gN_cache);
-		OPENSSL_free(vb);
-		return NULL;
-		}
-	return vb;
-	}
-
-
-int SRP_VBASE_free(SRP_VBASE *vb)
-	{
-	sk_SRP_user_pwd_pop_free(vb->users_pwd,SRP_user_pwd_free);
-	sk_SRP_gN_cache_free(vb->gN_cache);
-	OPENSSL_free(vb->seed_key);
-	OPENSSL_free(vb);
-	return 0;
-	}
-
-
-static SRP_gN_cache *SRP_gN_new_init(const char *ch)
-	{
-	unsigned char tmp[MAX_LEN];
-	int len;
-
-	SRP_gN_cache *newgN = (SRP_gN_cache *)OPENSSL_malloc(sizeof(SRP_gN_cache));
-	if (newgN == NULL)
-		return NULL;
-
-	if ((newgN->b64_bn = BUF_strdup(ch)) == NULL)
-		goto err;
-
-	len = t_fromb64(tmp, ch);
-	if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
-		return newgN;
-
-	OPENSSL_free(newgN->b64_bn);
-err:
-	OPENSSL_free(newgN);
-	return NULL;
-	}
-
-
-static void SRP_gN_free(SRP_gN_cache *gN_cache)
-	{
-	if (gN_cache == NULL)
-		return;
-	OPENSSL_free(gN_cache->b64_bn);
-	BN_free(gN_cache->bn);
-	OPENSSL_free(gN_cache);
-	}
-
-static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
-	{
-	int i;
-
-	SRP_gN *gN;
-	if (gN_tab != NULL) 
-	for(i = 0; i < sk_SRP_gN_num(gN_tab); i++)
-		{
-		gN = sk_SRP_gN_value(gN_tab, i);
-		if (gN && (id == NULL || strcmp(gN->id,id)==0))
-			return gN;
-		}
-	
-	return SRP_get_default_gN(id);
-	}
-
-static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
-	{
-	int i;
-	if (gN_cache == NULL)
-		return NULL;
-
-	/* search if we have already one... */
-	for(i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++)
-		{
-		SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i);
-		if (strcmp(cache->b64_bn,ch)==0)
-			return cache->bn;
-		}
-		{		/* it is the first time that we find it */
-		SRP_gN_cache *newgN = SRP_gN_new_init(ch);
-		if (newgN)
-			{
-			if (sk_SRP_gN_cache_insert(gN_cache,newgN,0)>0)
-				return newgN->bn;
-			SRP_gN_free(newgN);
-			}
-		}
-	return NULL;
-	}
-
-/* this function parses verifier file. Format is:
- * string(index):base64(N):base64(g):0
- * string(username):base64(v):base64(salt):int(index)
- */
-
-
-int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
-	{
-	int error_code ;
-	STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null();
-	char *last_index = NULL;
-	int i;
-	char **pp;
-
-	SRP_gN *gN = NULL;
-	SRP_user_pwd *user_pwd = NULL ;
-
-	TXT_DB *tmpdb = NULL;
-	BIO *in = BIO_new(BIO_s_file());
-
-	error_code = SRP_ERR_OPEN_FILE;
-
-	if (in == NULL || BIO_read_filename(in,verifier_file) <= 0)
-		goto err;
-
-	error_code = SRP_ERR_VBASE_INCOMPLETE_FILE;
-
-	if ((tmpdb =TXT_DB_read(in,DB_NUMBER)) == NULL)
-		goto err;
-
-	error_code = SRP_ERR_MEMORY;
-
-
-	if (vb->seed_key)
-		{
-		last_index = SRP_get_default_gN(NULL)->id;
-		}
-	for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++)
-		{
-		pp = sk_OPENSSL_PSTRING_value(tmpdb->data,i);
-		if (pp[DB_srptype][0] == DB_SRP_INDEX)
-			{
-			/*we add this couple in the internal Stack */
-
-			if ((gN = (SRP_gN *)OPENSSL_malloc(sizeof(SRP_gN))) == NULL) 
- 				goto err;
-
-			if  (!(gN->id = BUF_strdup(pp[DB_srpid]))
-	                ||  !(gN->N = SRP_gN_place_bn(vb->gN_cache,pp[DB_srpverifier]))
-			||  !(gN->g = SRP_gN_place_bn(vb->gN_cache,pp[DB_srpsalt]))
-			||  sk_SRP_gN_insert(SRP_gN_tab,gN,0) == 0)
-				goto err;
-
-			gN = NULL;
-
-			if (vb->seed_key != NULL)
-				{
-				last_index = pp[DB_srpid];
-				}
-			}
-		else if (pp[DB_srptype][0] == DB_SRP_VALID)
-			{
-			/* it is a user .... */
-			SRP_gN *lgN;
-			if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN],SRP_gN_tab))!=NULL)
-				{
-				error_code = SRP_ERR_MEMORY;
-				if ((user_pwd = SRP_user_pwd_new()) == NULL) 
-					goto err;
-				
-				SRP_user_pwd_set_gN(user_pwd,lgN->g,lgN->N);
-				if (!SRP_user_pwd_set_ids(user_pwd, pp[DB_srpid],pp[DB_srpinfo]))
-					goto err;
-				
-				error_code = SRP_ERR_VBASE_BN_LIB;
-				if (!SRP_user_pwd_set_sv(user_pwd, pp[DB_srpsalt],pp[DB_srpverifier]))
-					goto err;
-
-				if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
-					goto err;
-				user_pwd = NULL; /* abandon responsability */
-				}
-			}
-		}
-	
-	if (last_index != NULL)
-		{
-		/* this means that we want to simulate a default user */
-
-		if (((gN = SRP_get_gN_by_id(last_index,SRP_gN_tab))==NULL))
-			{
-			error_code = SRP_ERR_VBASE_BN_LIB;
-			goto err;
-			}
-		vb->default_g = gN->g ;
-		vb->default_N = gN->N ;
-		gN = NULL ;
-		}
-	error_code = SRP_NO_ERROR;
-
- err:
-	/* there may be still some leaks to fix, if this fails, the application terminates most likely */
-
-	if (gN != NULL)
-		{
-		OPENSSL_free(gN->id);
-		OPENSSL_free(gN);
-		}
-
-	SRP_user_pwd_free(user_pwd);
-
-	if (tmpdb) TXT_DB_free(tmpdb);
-	if (in) BIO_free_all(in);
-
-	sk_SRP_gN_free(SRP_gN_tab);
-
-	return error_code;
-
-	}
-
-
-SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
-	{
-	int i;
-	SRP_user_pwd *user;
-	unsigned char digv[SHA_DIGEST_LENGTH];
-	unsigned char digs[SHA_DIGEST_LENGTH];
-	EVP_MD_CTX ctxt;
-
-	if (vb == NULL)
-		return NULL;
-	for(i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++)
-		{
-		user = sk_SRP_user_pwd_value(vb->users_pwd, i);
-		if (strcmp(user->id,username)==0)
-			return user;
-		}
-	if ((vb->seed_key == NULL) ||
-		(vb->default_g == NULL) ||
-		(vb->default_N == NULL))
-		return NULL;
-
-/* if the user is unknown we set parameters as well if we have a seed_key */
-
-	if ((user = SRP_user_pwd_new()) == NULL) 
-		return NULL;
-
-	SRP_user_pwd_set_gN(user,vb->default_g,vb->default_N);
-				
-	if (!SRP_user_pwd_set_ids(user,username,NULL))
-		goto err;
-		
-	RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH);
-	EVP_MD_CTX_init(&ctxt);
-	EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL);
-	EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key));
-	EVP_DigestUpdate(&ctxt, username, strlen(username));
-	EVP_DigestFinal_ex(&ctxt, digs, NULL);
-	EVP_MD_CTX_cleanup(&ctxt);
-	if (SRP_user_pwd_set_sv_BN(user, BN_bin2bn(digs,SHA_DIGEST_LENGTH,NULL), BN_bin2bn(digv,SHA_DIGEST_LENGTH, NULL))) 
-		return user;
-
-err:    SRP_user_pwd_free(user);
-	return NULL;
-	}
-
-
-/*
-   create a verifier (*salt,*verifier,g and N are in base64)
-*/
-char *SRP_create_verifier(const char *user, const char *pass, char **salt,
-			  char **verifier, const char *N, const char *g)
-	{
-	int len;
-	char * result=NULL;
-	char *vf;
-	BIGNUM *N_bn = NULL, *g_bn = NULL, *s = NULL, *v = NULL;
-	unsigned char tmp[MAX_LEN];
-	unsigned char tmp2[MAX_LEN];
-	char * defgNid = NULL;
-
-	if ((user == NULL)||
-		(pass == NULL)||
-		(salt == NULL)||
-		(verifier == NULL))
-		goto err;
-
-	if (N)
-		{
-		if (!(len = t_fromb64(tmp, N))) goto err;
-		N_bn = BN_bin2bn(tmp, len, NULL);
-		if (!(len = t_fromb64(tmp, g))) goto err;
-		g_bn = BN_bin2bn(tmp, len, NULL);
-		defgNid = "*";
-		}
-	else
-		{ 
-		SRP_gN * gN = SRP_get_gN_by_id(g, NULL) ;
-		if (gN == NULL)
-			goto err;
-		N_bn = gN->N;
-		g_bn = gN->g;
-		defgNid = gN->id;
-		}
-
-	if (*salt == NULL)
-		{
-		RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);
-
-		s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
-		}
-	else
-		{
-		if (!(len = t_fromb64(tmp2, *salt)))
-			goto err;
-		s = BN_bin2bn(tmp2, len, NULL);
-		}
-
-
-	if(!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) goto err;
-
-	BN_bn2bin(v,tmp);
-	if (((vf = OPENSSL_malloc(BN_num_bytes(v)*2)) == NULL))
-		goto err;
-	t_tob64(vf, tmp, BN_num_bytes(v));
-
-	*verifier = vf;
-	if (*salt == NULL)
-		{
-		char *tmp_salt;
-
-		if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
-			{
-			OPENSSL_free(vf);
-			goto err;
-			}
-		t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN);
-		*salt = tmp_salt;
-		}
-
-	result=defgNid;
-
-err:
-	if(N)
-		{
-		BN_free(N_bn);
-		BN_free(g_bn);
-		}
-	return result;
-	}
-
-/*
-   create a verifier (*salt,*verifier,g and N are BIGNUMs)
-*/
-int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, BIGNUM *N, BIGNUM *g)
-	{
-	int result=0;
-	BIGNUM *x = NULL;
-	BN_CTX *bn_ctx = BN_CTX_new();
-	unsigned char tmp2[MAX_LEN];
-
-	if ((user == NULL)||
-		(pass == NULL)||
-		(salt == NULL)||
-		(verifier == NULL)||
-		(N == NULL)||
-		(g == NULL)||
-		(bn_ctx == NULL))
-		goto err;
-
-	srp_bn_print(N);
-	srp_bn_print(g);
-
-	if (*salt == NULL)
-		{
-		RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);
-
-		*salt = BN_bin2bn(tmp2,SRP_RANDOM_SALT_LEN,NULL);
-		}
-
-	x = SRP_Calc_x(*salt,user,pass);
-
-	*verifier = BN_new();
-	if(*verifier == NULL) goto err;
-
-	if (!BN_mod_exp(*verifier,g,x,N,bn_ctx))
-		{
-		BN_clear_free(*verifier);
-		goto err;
-		}
-
-	srp_bn_print(*verifier);
-
-	result=1;
-
-err:
-
-	BN_clear_free(x);
-	BN_CTX_free(bn_ctx);
-	return result;
-	}
-
-
-
-#endif
diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h
deleted file mode 100644
index bc194cb268..0000000000
--- a/crypto/stack/safestack.h
+++ /dev/null
@@ -1,2671 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SAFESTACK_H
-#define HEADER_SAFESTACK_H
-
-#include <openssl/stack.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef CHECKED_PTR_OF
-#define CHECKED_PTR_OF(type, p) \
-    ((void*) (1 ? p : (type*)0))
-#endif
-
-/* In C++ we get problems because an explicit cast is needed from (void *)
- * we use CHECKED_STACK_OF to ensure the correct type is passed in the macros
- * below. 
- */
-
-#define CHECKED_STACK_OF(type, p) \
-    ((_STACK*) (1 ? p : (STACK_OF(type)*)0))
-
-#define CHECKED_SK_FREE_FUNC(type, p) \
-    ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))
-
-#define CHECKED_SK_FREE_FUNC2(type, p) \
-    ((void (*)(void *)) ((1 ? p : (void (*)(type))0)))
-
-#define CHECKED_SK_CMP_FUNC(type, p) \
-    ((int (*)(const void *, const void *)) \
-	((1 ? p : (int (*)(const type * const *, const type * const *))0)))
-
-#define STACK_OF(type) struct stack_st_##type
-#define PREDECLARE_STACK_OF(type) STACK_OF(type);
-
-#define DECLARE_STACK_OF(type) \
-STACK_OF(type) \
-    { \
-    _STACK stack; \
-    };
-#define DECLARE_SPECIAL_STACK_OF(type, type2) \
-STACK_OF(type) \
-    { \
-    _STACK stack; \
-    };
-
-#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/
-
-
-/* Strings are special: normally an lhash entry will point to a single
- * (somewhat) mutable object. In the case of strings:
- *
- * a) Instead of a single char, there is an array of chars, NUL-terminated.
- * b) The string may have be immutable.
- *
- * So, they need their own declarations. Especially important for
- * type-checking tools, such as Deputy.
- *
-o * In practice, however, it appears to be hard to have a const
- * string. For now, I'm settling for dealing with the fact it is a
- * string at all.
- */
-typedef char *OPENSSL_STRING;
-
-typedef const char *OPENSSL_CSTRING;
-
-/* Confusingly, LHASH_OF(STRING) deals with char ** throughout, but
- * STACK_OF(STRING) is really more like STACK_OF(char), only, as
- * mentioned above, instead of a single char each entry is a
- * NUL-terminated array of chars. So, we have to implement STRING
- * specially for STACK_OF. This is dealt with in the autogenerated
- * macros below.
- */
-
-DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
-
-/* Similarly, we sometimes use a block of characters, NOT
- * nul-terminated. These should also be distinguished from "normal"
- * stacks. */
-
-typedef void *OPENSSL_BLOCK;
-DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
-
-/* SKM_sk_... stack macros are internal to safestack.h:
- * never use them directly, use sk_<type>_... instead */
-#define SKM_sk_new(type, cmp) \
-	((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp)))
-#define SKM_sk_new_null(type) \
-	((STACK_OF(type) *)sk_new_null())
-#define SKM_sk_free(type, st) \
-	sk_free(CHECKED_STACK_OF(type, st))
-#define SKM_sk_num(type, st) \
-	sk_num(CHECKED_STACK_OF(type, st))
-#define SKM_sk_value(type, st,i) \
-	((type *)sk_value(CHECKED_STACK_OF(type, st), i))
-#define SKM_sk_set(type, st,i,val) \
-	sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val))
-#define SKM_sk_zero(type, st) \
-	sk_zero(CHECKED_STACK_OF(type, st))
-#define SKM_sk_push(type, st, val) \
-	sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_unshift(type, st, val) \
-	sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_find(type, st, val) \
-	sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_find_ex(type, st, val) \
-	sk_find_ex(CHECKED_STACK_OF(type, st), \
-		   CHECKED_PTR_OF(type, val))
-#define SKM_sk_delete(type, st, i) \
-	(type *)sk_delete(CHECKED_STACK_OF(type, st), i)
-#define SKM_sk_delete_ptr(type, st, ptr) \
-	(type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr))
-#define SKM_sk_insert(type, st,val, i) \
-	sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i)
-#define SKM_sk_set_cmp_func(type, st, cmp) \
-	((int (*)(const type * const *,const type * const *)) \
-	sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp)))
-#define SKM_sk_dup(type, st) \
-	(STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st))
-#define SKM_sk_pop_free(type, st, free_func) \
-	sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func))
-#define SKM_sk_shift(type, st) \
-	(type *)sk_shift(CHECKED_STACK_OF(type, st))
-#define SKM_sk_pop(type, st) \
-	(type *)sk_pop(CHECKED_STACK_OF(type, st))
-#define SKM_sk_sort(type, st) \
-	sk_sort(CHECKED_STACK_OF(type, st))
-#define SKM_sk_is_sorted(type, st) \
-	sk_is_sorted(CHECKED_STACK_OF(type, st))
-
-#define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-  (STACK_OF(type) *)d2i_ASN1_SET( \
-				(STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \
-				pp, length, \
-				CHECKED_D2I_OF(type, d2i_func), \
-				CHECKED_SK_FREE_FUNC(type, free_func), \
-				ex_tag, ex_class)
-
-#define	SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
-  i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \
-				CHECKED_I2D_OF(type, i2d_func), \
-				ex_tag, ex_class, is_set)
-
-#define	SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
-	ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \
-			CHECKED_I2D_OF(type, i2d_func), buf, len)
-
-#define	SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
-	(STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func))
-
-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
-	(STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \
-				CHECKED_D2I_OF(type, d2i_func), \
-				CHECKED_SK_FREE_FUNC(type, free_func), \
-				pass, passlen, oct, seq)
-
-/* This block of defines is updated by util/mkstack.pl, please do not touch! */
-#define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp))
-#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
-#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))
-#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val))
-#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i))
-#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr))
-#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i))
-#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp))
-#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st)
-#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func))
-#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))
-
-#define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp))
-#define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange)
-#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st))
-#define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st))
-#define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i))
-#define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val))
-#define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st))
-#define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i))
-#define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr))
-#define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i))
-#define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp))
-#define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st)
-#define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func))
-#define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st))
-#define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st))
-#define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st))
-#define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st))
-
-#define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp))
-#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
-#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i))
-#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val))
-#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))
-#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))
-#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))
-#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))
-#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)
-#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))
-#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st))
-
-#define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp))
-#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
-#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i))
-#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val))
-#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i))
-#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr))
-#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i))
-#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp))
-#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st)
-#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func))
-#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st))
-
-#define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp))
-#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)
-#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i))
-#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val))
-#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i))
-#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr))
-#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i))
-#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp))
-#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st)
-#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func))
-#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st))
-
-#define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp))
-#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)
-#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i))
-#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val))
-#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i))
-#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr))
-#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i))
-#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp))
-#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st)
-#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func))
-#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st))
-
-#define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp))
-#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)
-#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i))
-#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val))
-#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i))
-#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr))
-#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i))
-#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp))
-#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st)
-#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func))
-#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st))
-
-#define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp))
-#define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING)
-#define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st))
-#define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st))
-#define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i))
-#define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val))
-#define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st))
-#define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val))
-#define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val))
-#define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val))
-#define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val))
-#define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i))
-#define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr))
-#define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i))
-#define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp))
-#define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st)
-#define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func))
-#define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st))
-#define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st))
-#define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st))
-#define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st))
-
-#define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp))
-#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)
-#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i))
-#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val))
-#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i))
-#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr))
-#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i))
-#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp))
-#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st)
-#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func))
-#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st))
-
-#define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp))
-#define sk_BIO_new_null() SKM_sk_new_null(BIO)
-#define sk_BIO_free(st) SKM_sk_free(BIO, (st))
-#define sk_BIO_num(st) SKM_sk_num(BIO, (st))
-#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i))
-#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val))
-#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st))
-#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val))
-#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val))
-#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val))
-#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val))
-#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i))
-#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr))
-#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i))
-#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp))
-#define sk_BIO_dup(st) SKM_sk_dup(BIO, st)
-#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func))
-#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))
-#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
-#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
-#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))
-
-#define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp))
-#define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY)
-#define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st))
-#define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st))
-#define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i))
-#define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val))
-#define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st))
-#define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val))
-#define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val))
-#define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val))
-#define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val))
-#define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i))
-#define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr))
-#define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i))
-#define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp))
-#define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st)
-#define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func))
-#define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st))
-#define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st))
-#define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st))
-#define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st))
-
-#define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp))
-#define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH)
-#define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st))
-#define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st))
-#define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i))
-#define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val))
-#define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st))
-#define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val))
-#define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val))
-#define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val))
-#define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val))
-#define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i))
-#define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr))
-#define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i))
-#define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp))
-#define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st)
-#define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func))
-#define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st))
-#define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st))
-#define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st))
-#define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st))
-
-#define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp))
-#define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices)
-#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i))
-#define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val))
-#define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i))
-#define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr))
-#define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i))
-#define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp))
-#define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st)
-#define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func))
-#define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st))
-
-#define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp))
-#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo)
-#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i))
-#define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val))
-#define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i))
-#define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr))
-#define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i))
-#define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp))
-#define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st)
-#define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func))
-#define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st))
-
-#define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp))
-#define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice)
-#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i))
-#define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val))
-#define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i))
-#define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr))
-#define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i))
-#define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp))
-#define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st)
-#define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func))
-#define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st))
-
-#define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp))
-#define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo)
-#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i))
-#define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val))
-#define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i))
-#define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr))
-#define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i))
-#define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp))
-#define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st)
-#define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func))
-#define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st))
-
-#define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp))
-#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
-#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i))
-#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val))
-#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))
-#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))
-#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))
-#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))
-#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)
-#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))
-#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st))
-
-#define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp))
-#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
-#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
-#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))
-#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i))
-#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val))
-#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st))
-#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))
-#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))
-#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))
-#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))
-#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)
-#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))
-#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))
-#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))
-#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
-#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st))
-
-#define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp))
-#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
-#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
-#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))
-#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i))
-#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val))
-#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st))
-#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i))
-#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr))
-#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i))
-#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp))
-#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st)
-#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func))
-#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))
-#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))
-#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
-#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))
-
-#define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp))
-#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
-#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))
-#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))
-#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)
-#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))
-#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))
-
-#define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp))
-#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
-#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i))
-#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val))
-#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))
-#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))
-#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))
-#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))
-#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)
-#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))
-#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))
-
-#define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp))
-#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
-#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
-#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))
-#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i))
-#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val))
-#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st))
-#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i))
-#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr))
-#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i))
-#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp))
-#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st)
-#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func))
-#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))
-#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))
-#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
-#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st))
-
-#define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp))
-#define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)
-#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))
-#define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))
-#define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i))
-#define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val))
-#define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st))
-#define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val))
-#define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val))
-#define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val))
-#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val))
-#define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i))
-#define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr))
-#define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i))
-#define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp))
-#define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st)
-#define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func))
-#define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))
-#define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))
-#define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
-#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st))
-
-#define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp))
-#define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)
-#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i))
-#define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val))
-#define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i))
-#define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr))
-#define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i))
-#define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp))
-#define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st)
-#define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func))
-#define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))
-
-#define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp))
-#define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID)
-#define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st))
-#define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st))
-#define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i))
-#define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val))
-#define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st))
-#define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val))
-#define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val))
-#define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val))
-#define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val))
-#define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i))
-#define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr))
-#define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i))
-#define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp))
-#define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st)
-#define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func))
-#define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st))
-#define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st))
-#define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st))
-#define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st))
-
-#define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp))
-#define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD)
-#define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st))
-#define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st))
-#define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i))
-#define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val))
-#define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st))
-#define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val))
-#define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val))
-#define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val))
-#define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val))
-#define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i))
-#define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr))
-#define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i))
-#define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp))
-#define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st)
-#define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func))
-#define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st))
-#define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st))
-#define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st))
-#define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st))
-
-#define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp))
-#define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL)
-#define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st))
-#define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st))
-#define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i))
-#define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val))
-#define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st))
-#define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val))
-#define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val))
-#define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val))
-#define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val))
-#define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i))
-#define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr))
-#define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i))
-#define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp))
-#define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st)
-#define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func))
-#define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st))
-#define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st))
-#define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st))
-#define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st))
-
-#define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp))
-#define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD)
-#define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st))
-#define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st))
-#define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i))
-#define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val))
-#define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st))
-#define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val))
-#define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val))
-#define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val))
-#define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val))
-#define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i))
-#define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr))
-#define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i))
-#define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp))
-#define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st)
-#define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func))
-#define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st))
-#define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st))
-#define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st))
-#define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st))
-
-#define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp))
-#define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD)
-#define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st))
-#define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st))
-#define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i))
-#define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val))
-#define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st))
-#define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val))
-#define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val))
-#define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val))
-#define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val))
-#define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i))
-#define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr))
-#define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i))
-#define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp))
-#define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st)
-#define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func))
-#define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st))
-#define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st))
-#define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st))
-#define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st))
-
-#define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp))
-#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
-#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i))
-#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val))
-#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i))
-#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr))
-#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i))
-#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp))
-#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st)
-#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
-#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))
-
-#define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp))
-#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES)
-#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i))
-#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val))
-#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i))
-#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr))
-#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i))
-#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp))
-#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st)
-#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func))
-#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st))
-
-#define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp))
-#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)
-#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i))
-#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val))
-#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i))
-#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr))
-#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i))
-#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp))
-#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st)
-#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func))
-#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st))
-
-#define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp))
-#define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily)
-#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st))
-#define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st))
-#define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i))
-#define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val))
-#define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st))
-#define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i))
-#define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr))
-#define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i))
-#define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp))
-#define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st)
-#define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func))
-#define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st))
-#define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st))
-#define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st))
-#define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st))
-
-#define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp))
-#define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange)
-#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i))
-#define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val))
-#define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i))
-#define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr))
-#define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i))
-#define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp))
-#define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st)
-#define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func))
-#define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st))
-
-#define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp))
-#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
-#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i))
-#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val))
-#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))
-#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))
-#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))
-#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))
-#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)
-#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))
-#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))
-
-#define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp))
-#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
-#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i))
-#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val))
-#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))
-#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))
-#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))
-#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))
-#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)
-#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))
-#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))
-
-#define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp))
-#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
-#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i))
-#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val))
-#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))
-#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))
-#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))
-#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))
-#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)
-#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))
-#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))
-
-#define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp))
-#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
-#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i))
-#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val))
-#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))
-#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))
-#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))
-#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))
-#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)
-#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))
-#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))
-
-#define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp))
-#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
-#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i))
-#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val))
-#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))
-#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))
-#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))
-#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))
-#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)
-#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))
-#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))
-
-#define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp))
-#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
-#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i))
-#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val))
-#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))
-#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))
-#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))
-#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))
-#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)
-#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))
-#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))
-
-#define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp))
-#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
-#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i))
-#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val))
-#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))
-#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))
-#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))
-#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))
-#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)
-#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))
-#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))
-
-#define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp))
-#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
-#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i))
-#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val))
-#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))
-#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))
-#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))
-#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))
-#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)
-#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))
-#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))
-
-#define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp))
-#define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA)
-#define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st))
-#define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st))
-#define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i))
-#define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val))
-#define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st))
-#define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val))
-#define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val))
-#define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val))
-#define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val))
-#define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i))
-#define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr))
-#define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i))
-#define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp))
-#define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st)
-#define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func))
-#define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st))
-#define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st))
-#define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st))
-#define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st))
-
-#define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp))
-#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
-#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
-#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
-#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
-#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
-#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
-#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
-#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
-#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
-#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
-#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
-#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
-#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
-#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
-#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
-#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
-
-#define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp))
-#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
-#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
-#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
-#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
-#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
-#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
-#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
-#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
-#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
-#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
-#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
-#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
-#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
-#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
-#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
-#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
-
-#define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp))
-#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)
-#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i))
-#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val))
-#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i))
-#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr))
-#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i))
-#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp))
-#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st)
-#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func))
-#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st))
-
-#define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp))
-#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
-#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i))
-#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val))
-#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))
-#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))
-#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))
-#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))
-#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)
-#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))
-#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st))
-
-#define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp))
-#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
-#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
-#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
-#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
-#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
-#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
-#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
-#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
-#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
-#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))
-
-#define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp))
-#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID)
-#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i))
-#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val))
-#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i))
-#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr))
-#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i))
-#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp))
-#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st)
-#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func))
-#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st))
-
-#define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp))
-#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
-#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
-#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
-#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
-#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
-#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
-#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
-#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
-#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
-#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st))
-
-#define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp))
-#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
-#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i))
-#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val))
-#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i))
-#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr))
-#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i))
-#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp))
-#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st)
-#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func))
-#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st))
-
-#define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp))
-#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)
-#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))
-#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))
-#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i))
-#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val))
-#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st))
-#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val))
-#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val))
-#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val))
-#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val))
-#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i))
-#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr))
-#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i))
-#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp))
-#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st)
-#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func))
-#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))
-#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))
-#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
-#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st))
-
-#define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp))
-#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)
-#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i))
-#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val))
-#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i))
-#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr))
-#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i))
-#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp))
-#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st)
-#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func))
-#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st))
-
-#define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp))
-#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)
-#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i))
-#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val))
-#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i))
-#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr))
-#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i))
-#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp))
-#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st)
-#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func))
-#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st))
-
-#define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp))
-#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)
-#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))
-#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))
-#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i))
-#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val))
-#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st))
-#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i))
-#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr))
-#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i))
-#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp))
-#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st)
-#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func))
-#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))
-#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))
-#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
-#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st))
-
-#define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp))
-#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)
-#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i))
-#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val))
-#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i))
-#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr))
-#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i))
-#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp))
-#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st)
-#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func))
-#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))
-
-#define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp))
-#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING)
-#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i))
-#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val))
-#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i))
-#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr))
-#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i))
-#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp))
-#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st)
-#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func))
-#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))
-
-#define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp))
-#define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN)
-#define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st))
-#define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st))
-#define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i))
-#define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val))
-#define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st))
-#define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val))
-#define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val))
-#define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val))
-#define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val))
-#define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i))
-#define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr))
-#define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i))
-#define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp))
-#define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st)
-#define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func))
-#define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st))
-#define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st))
-#define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st))
-#define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st))
-
-#define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp))
-#define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache)
-#define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i))
-#define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val))
-#define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val))
-#define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val))
-#define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val))
-#define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val))
-#define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i))
-#define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr))
-#define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i))
-#define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp))
-#define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st)
-#define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func))
-#define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st))
-
-#define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp))
-#define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd)
-#define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i))
-#define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val))
-#define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val))
-#define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val))
-#define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val))
-#define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val))
-#define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i))
-#define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr))
-#define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i))
-#define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp))
-#define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st)
-#define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func))
-#define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st))
-
-#define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp))
-#define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE)
-#define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st))
-#define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st))
-#define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i))
-#define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val))
-#define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st))
-#define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val))
-#define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val))
-#define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val))
-#define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val))
-#define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i))
-#define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr))
-#define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i))
-#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp))
-#define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st)
-#define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func))
-#define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st))
-#define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st))
-#define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st))
-#define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st))
-
-#define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp))
-#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
-#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i))
-#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val))
-#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i))
-#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr))
-#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i))
-#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp))
-#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st)
-#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func))
-#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st))
-
-#define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp))
-#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)
-#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))
-#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))
-#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i))
-#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val))
-#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st))
-#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i))
-#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr))
-#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i))
-#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp))
-#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st)
-#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func))
-#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))
-#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))
-#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
-#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))
-
-#define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp))
-#define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY)
-#define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st))
-#define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st))
-#define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i))
-#define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val))
-#define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st))
-#define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val))
-#define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val))
-#define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val))
-#define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val))
-#define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i))
-#define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr))
-#define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i))
-#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp))
-#define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st)
-#define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func))
-#define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st))
-#define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st))
-#define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st))
-#define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st))
-
-#define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp))
-#define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO)
-#define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st))
-#define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st))
-#define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i))
-#define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val))
-#define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st))
-#define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val))
-#define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val))
-#define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val))
-#define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val))
-#define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i))
-#define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr))
-#define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i))
-#define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp))
-#define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st)
-#define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func))
-#define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st))
-#define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st))
-#define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st))
-#define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st))
-
-#define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp))
-#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT)
-#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i))
-#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val))
-#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i))
-#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr))
-#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i))
-#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp))
-#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st)
-#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func))
-#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st))
-
-#define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp))
-#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
-#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
-#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))
-#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i))
-#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val))
-#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st))
-#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))
-#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))
-#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))
-#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val))
-#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))
-#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))
-#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))
-#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))
-#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)
-#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))
-#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))
-#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
-#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
-#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))
-
-#define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp))
-#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
-#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
-#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))
-#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i))
-#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val))
-#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st))
-#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val))
-#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val))
-#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val))
-#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val))
-#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i))
-#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr))
-#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i))
-#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp))
-#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st)
-#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func))
-#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))
-#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))
-#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
-#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st))
-
-#define sk_X509_new(cmp) SKM_sk_new(X509, (cmp))
-#define sk_X509_new_null() SKM_sk_new_null(X509)
-#define sk_X509_free(st) SKM_sk_free(X509, (st))
-#define sk_X509_num(st) SKM_sk_num(X509, (st))
-#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i))
-#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val))
-#define sk_X509_zero(st) SKM_sk_zero(X509, (st))
-#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val))
-#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val))
-#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val))
-#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val))
-#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i))
-#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr))
-#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i))
-#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp))
-#define sk_X509_dup(st) SKM_sk_dup(X509, st)
-#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func))
-#define sk_X509_shift(st) SKM_sk_shift(X509, (st))
-#define sk_X509_pop(st) SKM_sk_pop(X509, (st))
-#define sk_X509_sort(st) SKM_sk_sort(X509, (st))
-#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st))
-
-#define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp))
-#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)
-#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i))
-#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val))
-#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i))
-#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr))
-#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i))
-#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp))
-#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st)
-#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func))
-#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st))
-
-#define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp))
-#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)
-#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))
-#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))
-#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i))
-#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val))
-#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st))
-#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i))
-#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr))
-#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i))
-#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp))
-#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st)
-#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func))
-#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))
-#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))
-#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
-#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st))
-
-#define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp))
-#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)
-#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i))
-#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val))
-#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i))
-#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr))
-#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i))
-#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp))
-#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st)
-#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func))
-#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st))
-
-#define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp))
-#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)
-#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))
-#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))
-#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i))
-#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val))
-#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st))
-#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val))
-#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val))
-#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val))
-#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val))
-#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i))
-#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr))
-#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i))
-#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp))
-#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st)
-#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func))
-#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))
-#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))
-#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
-#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st))
-
-#define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp))
-#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)
-#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i))
-#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val))
-#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i))
-#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr))
-#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i))
-#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp))
-#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st)
-#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func))
-#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st))
-
-#define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp))
-#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)
-#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))
-#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))
-#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i))
-#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val))
-#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st))
-#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val))
-#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val))
-#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val))
-#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val))
-#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i))
-#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr))
-#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i))
-#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp))
-#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st)
-#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func))
-#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))
-#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))
-#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
-#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st))
-
-#define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp))
-#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)
-#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i))
-#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val))
-#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i))
-#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr))
-#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i))
-#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp))
-#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st)
-#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func))
-#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st))
-
-#define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp))
-#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
-#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
-#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))
-#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i))
-#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val))
-#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st))
-#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))
-#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val))
-#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val))
-#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val))
-#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i))
-#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr))
-#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i))
-#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp))
-#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st)
-#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func))
-#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))
-#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))
-#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
-#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st))
-
-#define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp))
-#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)
-#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i))
-#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val))
-#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i))
-#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr))
-#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i))
-#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp))
-#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st)
-#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func))
-#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st))
-
-#define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp))
-#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)
-#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))
-#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))
-#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i))
-#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val))
-#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st))
-#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i))
-#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr))
-#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i))
-#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp))
-#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st)
-#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func))
-#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))
-#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))
-#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
-#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))
-
-#define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp))
-#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA)
-#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i))
-#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val))
-#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i))
-#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr))
-#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i))
-#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp))
-#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st)
-#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func))
-#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st))
-
-#define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp))
-#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE)
-#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i))
-#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val))
-#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i))
-#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr))
-#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i))
-#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp))
-#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st)
-#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func))
-#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
-
-#define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp))
-#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
-#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i))
-#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val))
-#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i))
-#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr))
-#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i))
-#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp))
-#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st)
-#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func))
-#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st))
-
-#define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp))
-#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)
-#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))
-#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))
-#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i))
-#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val))
-#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st))
-#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i))
-#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr))
-#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i))
-#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp))
-#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st)
-#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func))
-#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))
-#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))
-#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
-#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st))
-
-#define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp))
-#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)
-#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))
-#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))
-#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i))
-#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val))
-#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st))
-#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i))
-#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr))
-#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i))
-#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp))
-#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st)
-#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func))
-#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))
-#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))
-#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
-#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))
-
-#define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp))
-#define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM)
-#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i))
-#define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val))
-#define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i))
-#define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr))
-#define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i))
-#define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp))
-#define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st)
-#define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func))
-#define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st))
-
-#define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp))
-#define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple)
-#define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st))
-#define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st))
-#define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i))
-#define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val))
-#define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st))
-#define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val))
-#define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val))
-#define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val))
-#define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val))
-#define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i))
-#define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr))
-#define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i))
-#define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp))
-#define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st)
-#define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func))
-#define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st))
-#define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st))
-#define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st))
-#define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st))
-
-#define sk_void_new(cmp) SKM_sk_new(void, (cmp))
-#define sk_void_new_null() SKM_sk_new_null(void)
-#define sk_void_free(st) SKM_sk_free(void, (st))
-#define sk_void_num(st) SKM_sk_num(void, (st))
-#define sk_void_value(st, i) SKM_sk_value(void, (st), (i))
-#define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val))
-#define sk_void_zero(st) SKM_sk_zero(void, (st))
-#define sk_void_push(st, val) SKM_sk_push(void, (st), (val))
-#define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val))
-#define sk_void_find(st, val) SKM_sk_find(void, (st), (val))
-#define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val))
-#define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i))
-#define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr))
-#define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i))
-#define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp))
-#define sk_void_dup(st) SKM_sk_dup(void, st)
-#define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func))
-#define sk_void_shift(st) SKM_sk_shift(void, (st))
-#define sk_void_pop(st) SKM_sk_pop(void, (st))
-#define sk_void_sort(st) SKM_sk_sort(void, (st))
-#define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st))
-
-#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
-#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null())
-#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i))
-#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
-#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i)
-#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i))
-#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr))
-#define sk_OPENSSL_STRING_set_cmp_func(st, cmp)  \
-	((int (*)(const char * const *,const char * const *)) \
-	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp)))
-#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st))
-#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
-
-
-#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
-#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i))
-#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
-#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i)
-#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
-#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr))
-#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
-	((int (*)(const void * const *,const void * const *)) \
-	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st))
-#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
-
-
-#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
-#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
-#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i))
-#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
-#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
-#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i))
-#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
-#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp)  \
-	((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \
-	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
-#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st))
-#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
-
-
-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))
-
-#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \
-	SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-
-#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
-	SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-
-#define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj)
-#define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst)
-#define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst)
-#define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst)
-#define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn)
-#define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg)
-#define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh)
-#define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh)
-#define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh)
-#define lh_ADDED_OBJ_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(ADDED_OBJ,lh,out)
-#define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out)
-#define lh_ADDED_OBJ_stats_bio(lh,out) \
-  LHM_lh_stats_bio(ADDED_OBJ,lh,out)
-#define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh)
-
-#define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info)
-#define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst)
-#define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst)
-#define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst)
-#define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn)
-#define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg)
-#define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh)
-#define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh)
-#define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh)
-#define lh_APP_INFO_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(APP_INFO,lh,out)
-#define lh_APP_INFO_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(APP_INFO,lh,out)
-#define lh_APP_INFO_stats_bio(lh,out) \
-  LHM_lh_stats_bio(APP_INFO,lh,out)
-#define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh)
-
-#define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value)
-#define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst)
-#define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst)
-#define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst)
-#define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn)
-#define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg)
-#define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh)
-#define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh)
-#define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh)
-#define lh_CONF_VALUE_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(CONF_VALUE,lh,out)
-#define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out)
-#define lh_CONF_VALUE_stats_bio(lh,out) \
-  LHM_lh_stats_bio(CONF_VALUE,lh,out)
-#define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh)
-
-#define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile)
-#define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst)
-#define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst)
-#define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst)
-#define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn)
-#define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg)
-#define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh)
-#define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh)
-#define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh)
-#define lh_ENGINE_PILE_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(ENGINE_PILE,lh,out)
-#define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out)
-#define lh_ENGINE_PILE_stats_bio(lh,out) \
-  LHM_lh_stats_bio(ENGINE_PILE,lh,out)
-#define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh)
-
-#define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state)
-#define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst)
-#define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst)
-#define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst)
-#define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn)
-#define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg)
-#define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh)
-#define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh)
-#define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh)
-#define lh_ERR_STATE_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(ERR_STATE,lh,out)
-#define lh_ERR_STATE_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out)
-#define lh_ERR_STATE_stats_bio(lh,out) \
-  LHM_lh_stats_bio(ERR_STATE,lh,out)
-#define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh)
-
-#define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data)
-#define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst)
-#define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst)
-#define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst)
-#define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn)
-#define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg)
-#define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh)
-#define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh)
-#define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh)
-#define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out)
-#define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out)
-#define lh_ERR_STRING_DATA_stats_bio(lh,out) \
-  LHM_lh_stats_bio(ERR_STRING_DATA,lh,out)
-#define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh)
-
-#define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item)
-#define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst)
-#define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst)
-#define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst)
-#define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn)
-#define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg)
-#define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh)
-#define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh)
-#define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh)
-#define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out)
-#define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out)
-#define lh_EX_CLASS_ITEM_stats_bio(lh,out) \
-  LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out)
-#define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh)
-
-#define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function)
-#define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst)
-#define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst)
-#define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst)
-#define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn)
-#define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg)
-#define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh)
-#define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh)
-#define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh)
-#define lh_FUNCTION_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(FUNCTION,lh,out)
-#define lh_FUNCTION_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(FUNCTION,lh,out)
-#define lh_FUNCTION_stats_bio(lh,out) \
-  LHM_lh_stats_bio(FUNCTION,lh,out)
-#define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh)
-
-#define lh_MEM_new() LHM_lh_new(MEM,mem)
-#define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst)
-#define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst)
-#define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst)
-#define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn)
-#define lh_MEM_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg)
-#define lh_MEM_error(lh) LHM_lh_error(MEM,lh)
-#define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh)
-#define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh)
-#define lh_MEM_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(MEM,lh,out)
-#define lh_MEM_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(MEM,lh,out)
-#define lh_MEM_stats_bio(lh,out) \
-  LHM_lh_stats_bio(MEM,lh,out)
-#define lh_MEM_free(lh) LHM_lh_free(MEM,lh)
-
-#define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name)
-#define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst)
-#define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst)
-#define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst)
-#define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn)
-#define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg)
-#define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh)
-#define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh)
-#define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh)
-#define lh_OBJ_NAME_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(OBJ_NAME,lh,out)
-#define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out)
-#define lh_OBJ_NAME_stats_bio(lh,out) \
-  LHM_lh_stats_bio(OBJ_NAME,lh,out)
-#define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh)
-
-#define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring)
-#define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst)
-#define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst)
-#define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst)
-#define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn)
-#define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg)
-#define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh)
-#define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh)
-#define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh)
-#define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out)
-#define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out)
-#define lh_OPENSSL_CSTRING_stats_bio(lh,out) \
-  LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out)
-#define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh)
-
-#define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string)
-#define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst)
-#define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst)
-#define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst)
-#define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn)
-#define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg)
-#define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh)
-#define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh)
-#define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh)
-#define lh_OPENSSL_STRING_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out)
-#define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out)
-#define lh_OPENSSL_STRING_stats_bio(lh,out) \
-  LHM_lh_stats_bio(OPENSSL_STRING,lh,out)
-#define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh)
-
-#define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session)
-#define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst)
-#define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst)
-#define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst)
-#define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn)
-#define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg)
-#define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh)
-#define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh)
-#define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh)
-#define lh_SSL_SESSION_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(SSL_SESSION,lh,out)
-#define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out)
-#define lh_SSL_SESSION_stats_bio(lh,out) \
-  LHM_lh_stats_bio(SSL_SESSION,lh,out)
-#define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh)
-/* End of util/mkstack.pl block, you may now edit :-) */
-
-
-#ifdef  __cplusplus
-}
-#endif
-#endif /* !defined HEADER_SAFESTACK_H */
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
deleted file mode 100644
index 76cf1a1168..0000000000
--- a/crypto/stack/stack.c
+++ /dev/null
@@ -1,334 +0,0 @@
-/* crypto/stack/stack.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Code for stacks
- * Author - Eric Young v 1.0
- * 1.2 eay 12-Mar-97 -	Modified sk_find so that it _DOES_ return the
- *			lowest index for the searched item.
- *
- * 1.1 eay - Take from netdb and added to SSLeay
- *
- * 1.0 eay - First version 29/07/92
- */
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/stack.h>
-#include <openssl/objects.h>
-
-#undef MIN_NODES
-#define MIN_NODES	4
-
-const char STACK_version[]="Stack" OPENSSL_VERSION_PTEXT;
-
-#include <errno.h>
-
-int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))
-		(const void *, const void *)
-	{
-	int (*old)(const void *,const void *)=sk->comp;
-
-	if (sk->comp != c)
-		sk->sorted=0;
-	sk->comp=c;
-
-	return old;
-	}
-
-_STACK *sk_dup(_STACK *sk)
-	{
-	_STACK *ret;
-	char **s;
-
-	if ((ret=sk_new(sk->comp)) == NULL) goto err;
-	s=(char **)OPENSSL_realloc((char *)ret->data,
-		(unsigned int)sizeof(char *)*sk->num_alloc);
-	if (s == NULL) goto err;
-	ret->data=s;
-
-	ret->num=sk->num;
-	memcpy(ret->data,sk->data,sizeof(char *)*sk->num);
-	ret->sorted=sk->sorted;
-	ret->num_alloc=sk->num_alloc;
-	ret->comp=sk->comp;
-	return(ret);
-err:
-	if(ret)
-		sk_free(ret);
-	return(NULL);
-	}
-
-_STACK *sk_new_null(void)
-	{
-	return sk_new((int (*)(const void *, const void *))0);
-	}
-
-_STACK *sk_new(int (*c)(const void *, const void *))
-	{
-	_STACK *ret;
-	int i;
-
-	if ((ret=OPENSSL_malloc(sizeof(_STACK))) == NULL)
-		goto err;
-	if ((ret->data=OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)
-		goto err;
-	for (i=0; i<MIN_NODES; i++)
-		ret->data[i]=NULL;
-	ret->comp=c;
-	ret->num_alloc=MIN_NODES;
-	ret->num=0;
-	ret->sorted=0;
-	return(ret);
-err:
-	if(ret)
-		OPENSSL_free(ret);
-	return(NULL);
-	}
-
-int sk_insert(_STACK *st, void *data, int loc)
-	{
-	char **s;
-
-	if(st == NULL) return 0;
-	if (st->num_alloc <= st->num+1)
-		{
-		s=OPENSSL_realloc((char *)st->data,
-			(unsigned int)sizeof(char *)*st->num_alloc*2);
-		if (s == NULL)
-			return(0);
-		st->data=s;
-		st->num_alloc*=2;
-		}
-	if ((loc >= (int)st->num) || (loc < 0))
-		st->data[st->num]=data;
-	else
-		{
-		int i;
-		char **f,**t;
-
-		f=st->data;
-		t=&(st->data[1]);
-		for (i=st->num; i>=loc; i--)
-			t[i]=f[i];
-			
-#ifdef undef /* no memmove on sunos :-( */
-		memmove(&(st->data[loc+1]),
-			&(st->data[loc]),
-			sizeof(char *)*(st->num-loc));
-#endif
-		st->data[loc]=data;
-		}
-	st->num++;
-	st->sorted=0;
-	return(st->num);
-	}
-
-void *sk_delete_ptr(_STACK *st, void *p)
-	{
-	int i;
-
-	for (i=0; i<st->num; i++)
-		if (st->data[i] == p)
-			return(sk_delete(st,i));
-	return(NULL);
-	}
-
-void *sk_delete(_STACK *st, int loc)
-	{
-	char *ret;
-	int i,j;
-
-	if(!st || (loc < 0) || (loc >= st->num)) return NULL;
-
-	ret=st->data[loc];
-	if (loc != st->num-1)
-		{
-		j=st->num-1;
-		for (i=loc; i<j; i++)
-			st->data[i]=st->data[i+1];
-		/* In theory memcpy is not safe for this
-		 * memcpy( &(st->data[loc]),
-		 *	&(st->data[loc+1]),
-		 *	sizeof(char *)*(st->num-loc-1));
-		 */
-		}
-	st->num--;
-	return(ret);
-	}
-
-static int internal_find(_STACK *st, void *data, int ret_val_options)
-	{
-	const void * const *r;
-	int i;
-
-	if(st == NULL) return -1;
-
-	if (st->comp == NULL)
-		{
-		for (i=0; i<st->num; i++)
-			if (st->data[i] == data)
-				return(i);
-		return(-1);
-		}
-	sk_sort(st);
-	if (data == NULL) return(-1);
-	r=OBJ_bsearch_ex_(&data,st->data,st->num,sizeof(void *),st->comp,
-			  ret_val_options);
-	if (r == NULL) return(-1);
-	return (int)((char **)r-st->data);
-	}
-
-int sk_find(_STACK *st, void *data)
-	{
-	return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
-	}
-int sk_find_ex(_STACK *st, void *data)
-	{
-	return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
-	}
-
-int sk_push(_STACK *st, void *data)
-	{
-	return(sk_insert(st,data,st->num));
-	}
-
-int sk_unshift(_STACK *st, void *data)
-	{
-	return(sk_insert(st,data,0));
-	}
-
-void *sk_shift(_STACK *st)
-	{
-	if (st == NULL) return(NULL);
-	if (st->num <= 0) return(NULL);
-	return(sk_delete(st,0));
-	}
-
-void *sk_pop(_STACK *st)
-	{
-	if (st == NULL) return(NULL);
-	if (st->num <= 0) return(NULL);
-	return(sk_delete(st,st->num-1));
-	}
-
-void sk_zero(_STACK *st)
-	{
-	if (st == NULL) return;
-	if (st->num <= 0) return;
-	memset((char *)st->data,0,sizeof(st->data)*st->num);
-	st->num=0;
-	}
-
-void sk_pop_free(_STACK *st, void (*func)(void *))
-	{
-	int i;
-
-	if (st == NULL) return;
-	for (i=0; i<st->num; i++)
-		if (st->data[i] != NULL)
-			func(st->data[i]);
-	sk_free(st);
-	}
-
-void sk_free(_STACK *st)
-	{
-	if (st == NULL) return;
-	if (st->data != NULL) OPENSSL_free(st->data);
-	OPENSSL_free(st);
-	}
-
-int sk_num(const _STACK *st)
-{
-	if(st == NULL) return -1;
-	return st->num;
-}
-
-void *sk_value(const _STACK *st, int i)
-{
-	if(!st || (i < 0) || (i >= st->num)) return NULL;
-	return st->data[i];
-}
-
-void *sk_set(_STACK *st, int i, void *value)
-{
-	if(!st || (i < 0) || (i >= st->num)) return NULL;
-	return (st->data[i] = value);
-}
-
-void sk_sort(_STACK *st)
-	{
-	if (st && !st->sorted)
-		{
-		int (*comp_func)(const void *,const void *);
-
-		/* same comment as in sk_find ... previously st->comp was declared
-		 * as a (void*,void*) callback type, but this made the population
-		 * of the callback pointer illogical - our callbacks compare
-		 * type** with type**, so we leave the casting until absolutely
-		 * necessary (ie. "now"). */
-		comp_func=(int (*)(const void *,const void *))(st->comp);
-		qsort(st->data,st->num,sizeof(char *), comp_func);
-		st->sorted=1;
-		}
-	}
-
-int sk_is_sorted(const _STACK *st)
-	{
-	if (!st)
-		return 1;
-	return st->sorted;
-	}
diff --git a/crypto/stack/stack.h b/crypto/stack/stack.h
deleted file mode 100644
index ce35e554eb..0000000000
--- a/crypto/stack/stack.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/* crypto/stack/stack.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_STACK_H
-#define HEADER_STACK_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct stack_st
-	{
-	int num;
-	char **data;
-	int sorted;
-
-	int num_alloc;
-	int (*comp)(const void *, const void *);
-	} _STACK;  /* Use STACK_OF(...) instead */
-
-#define M_sk_num(sk)		((sk) ? (sk)->num:-1)
-#define M_sk_value(sk,n)	((sk) ? (sk)->data[n] : NULL)
-
-int sk_num(const _STACK *);
-void *sk_value(const _STACK *, int);
-
-void *sk_set(_STACK *, int, void *);
-
-_STACK *sk_new(int (*cmp)(const void *, const void *));
-_STACK *sk_new_null(void);
-void sk_free(_STACK *);
-void sk_pop_free(_STACK *st, void (*func)(void *));
-int sk_insert(_STACK *sk, void *data, int where);
-void *sk_delete(_STACK *st, int loc);
-void *sk_delete_ptr(_STACK *st, void *p);
-int sk_find(_STACK *st, void *data);
-int sk_find_ex(_STACK *st, void *data);
-int sk_push(_STACK *st, void *data);
-int sk_unshift(_STACK *st, void *data);
-void *sk_shift(_STACK *st);
-void *sk_pop(_STACK *st);
-void sk_zero(_STACK *st);
-int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))
-	(const void *, const void *);
-_STACK *sk_dup(_STACK *st);
-void sk_sort(_STACK *st);
-int sk_is_sorted(const _STACK *st);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/store/README b/crypto/store/README
deleted file mode 100644
index 966168f6a5..0000000000
--- a/crypto/store/README
+++ /dev/null
@@ -1,95 +0,0 @@
-The STORE type
-==============
-
-A STORE, as defined in this code section, is really a rather simple
-thing which stores objects and per-object associations to a number
-of attributes.  What attributes are supported entirely depends on
-the particular implementation of a STORE.  It has some support for
-generation of certain objects (for example, keys and CRLs).
-
-
-Supported object types
-----------------------
-
-For now, the objects that are supported are the following:
-
-X.509 certificate
-X.509 CRL
-private key
-public key
-number
-arbitrary (application) data
-
-The intention is that a STORE should be able to store everything
-needed by an application that wants a cert/key store, as well as
-the data a CA might need to store (this includes the serial number
-counter, which explains the support for numbers).
-
-
-Supported attribute types
--------------------------
-
-For now, the following attributes are supported:
-
-Friendly Name		- the value is a normal C string
-Key ID			- the value is a 160 bit SHA1 hash
-Issuer Key ID		- the value is a 160 bit SHA1 hash
-Subject Key ID		- the value is a 160 bit SHA1 hash
-Issuer/Serial Hash	- the value is a 160 bit SHA1 hash
-Issuer			- the value is a X509_NAME
-Serial			- the value is a BIGNUM
-Subject			- the value is a X509_NAME
-Certificate Hash	- the value is a 160 bit SHA1 hash
-Email			- the value is a normal C string
-Filename		- the value is a normal C string
-
-It is expected that these attributes should be enough to support
-the need from most, if not all, current applications.  Applications
-that need to do certificate verification would typically use Subject
-Key ID, Issuer/Serial Hash or Subject to look up issuer certificates.
-S/MIME applications would typically use Email to look up recipient
-and signer certificates.
-
-There's added support for combined sets of attributes to search for,
-with the special OR attribute.
-
-
-Supported basic functionality
------------------------------
-
-The functions that are supported through the STORE type are these:
-
-generate_object		- for example to generate keys and CRLs
-get_object		- to look up one object
-			  NOTE: this function is really rather
-			  redundant and probably of lesser usage
-			  than the list functions
-store_object		- store an object and the attributes
-			  associated with it
-modify_object		- modify the attributes associated with
-			  a specific object
-revoke_object		- revoke an object
-			  NOTE: this only marks an object as
-			  invalid, it doesn't remove the object
-			  from the database
-delete_object		- remove an object from the database
-list_object		- list objects associated with a given
-			  set of attributes
-			  NOTE: this is really four functions:
-			  list_start, list_next, list_end and
-			  list_endp
-update_store		- update the internal data of the store
-lock_store		- lock the store
-unlock_store		- unlock the store
-
-The list functions need some extra explanation: list_start is
-used to set up a lookup.  That's where the attributes to use in
-the search are set up.  It returns a search context.  list_next
-returns the next object searched for.  list_end closes the search.
-list_endp is used to check if we have reached the end.
-
-A few words on the store functions as well: update_store is
-typically used by a CA application to update the internal
-structure of a database.  This may for example involve automatic
-removal of expired certificates.  lock_store and unlock_store
-are used for locking a store to allow exclusive writes.
diff --git a/crypto/store/store.h b/crypto/store/store.h
deleted file mode 100644
index 0a28c7d5a2..0000000000
--- a/crypto/store/store.h
+++ /dev/null
@@ -1,561 +0,0 @@
-/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_STORE_H
-#define HEADER_STORE_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_STORE
-#error STORE is disabled.
-#endif
-
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct store_st STORE; */
-/* typedef struct store_method_st STORE_METHOD; */
-
-
-/* All the following functions return 0, a negative number or NULL on error.
-   When everything is fine, they return a positive value or a non-NULL
-   pointer, all depending on their purpose. */
-
-/* Creators and destructor.   */
-STORE *STORE_new_method(const STORE_METHOD *method);
-STORE *STORE_new_engine(ENGINE *engine);
-void STORE_free(STORE *ui);
-
-
-/* Give a user interface parametrised control commands.  This can be used to
-   send down an integer, a data pointer or a function pointer, as well as
-   be used to get information from a STORE. */
-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void));
-
-/* A control to set the directory with keys and certificates.  Used by the
-   built-in directory level method. */
-#define STORE_CTRL_SET_DIRECTORY	0x0001
-/* A control to set a file to load.  Used by the built-in file level method. */
-#define STORE_CTRL_SET_FILE		0x0002
-/* A control to set a configuration file to load.  Can be used by any method
-   that wishes to load a configuration file. */
-#define STORE_CTRL_SET_CONF_FILE	0x0003
-/* A control to set a the section of the loaded configuration file.  Can be
-   used by any method that wishes to load a configuration file. */
-#define STORE_CTRL_SET_CONF_SECTION	0x0004
-
-
-/* Some methods may use extra data */
-#define STORE_set_app_data(s,arg)	STORE_set_ex_data(s,0,arg)
-#define STORE_get_app_data(s)		STORE_get_ex_data(s,0)
-int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int STORE_set_ex_data(STORE *r,int idx,void *arg);
-void *STORE_get_ex_data(STORE *r, int idx);
-
-/* Use specific methods instead of the built-in one */
-const STORE_METHOD *STORE_get_method(STORE *store);
-const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth);
-
-/* The standard OpenSSL methods. */
-/* This is the in-memory method.  It does everything except revoking and updating,
-   and is of course volatile.  It's used by other methods that have an in-memory
-   cache. */
-const STORE_METHOD *STORE_Memory(void);
-#if 0 /* Not yet implemented */
-/* This is the directory store.  It does everything except revoking and updating,
-   and uses STORE_Memory() to cache things in memory. */
-const STORE_METHOD *STORE_Directory(void);
-/* This is the file store.  It does everything except revoking and updating,
-   and uses STORE_Memory() to cache things in memory.  Certificates are added
-   to it with the store operation, and it will only get cached certificates. */
-const STORE_METHOD *STORE_File(void);
-#endif
-
-/* Store functions take a type code for the type of data they should store
-   or fetch */
-typedef enum STORE_object_types
-	{
-	STORE_OBJECT_TYPE_X509_CERTIFICATE=	0x01, /* X509 * */
-	STORE_OBJECT_TYPE_X509_CRL=		0x02, /* X509_CRL * */
-	STORE_OBJECT_TYPE_PRIVATE_KEY=		0x03, /* EVP_PKEY * */
-	STORE_OBJECT_TYPE_PUBLIC_KEY=		0x04, /* EVP_PKEY * */
-	STORE_OBJECT_TYPE_NUMBER=		0x05, /* BIGNUM * */
-	STORE_OBJECT_TYPE_ARBITRARY=		0x06, /* BUF_MEM * */
-	STORE_OBJECT_TYPE_NUM=			0x06  /* The amount of known
-							 object types */
-	} STORE_OBJECT_TYPES;
-/* List of text strings corresponding to the object types. */
-extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1];
-
-/* Some store functions take a parameter list.  Those parameters come with
-   one of the following codes. The comments following the codes below indicate
-   what type the value should be a pointer to. */
-typedef enum STORE_params
-	{
-	STORE_PARAM_EVP_TYPE=			0x01, /* int */
-	STORE_PARAM_BITS=			0x02, /* size_t */
-	STORE_PARAM_KEY_PARAMETERS=		0x03, /* ??? */
-	STORE_PARAM_KEY_NO_PARAMETERS=		0x04, /* N/A */
-	STORE_PARAM_AUTH_PASSPHRASE=		0x05, /* char * */
-	STORE_PARAM_AUTH_KRB5_TICKET=		0x06, /* void * */
-	STORE_PARAM_TYPE_NUM=			0x06  /* The amount of known
-							 parameter types */
-	} STORE_PARAM_TYPES;
-/* Parameter value sizes.  -1 means unknown, anything else is the required size. */
-extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1];
-
-/* Store functions take attribute lists.  Those attributes come with codes.
-   The comments following the codes below indicate what type the value should
-   be a pointer to. */
-typedef enum STORE_attribs
-	{
-	STORE_ATTR_END=				0x00,
-	STORE_ATTR_FRIENDLYNAME=		0x01, /* C string */
-	STORE_ATTR_KEYID=			0x02, /* 160 bit string (SHA1) */
-	STORE_ATTR_ISSUERKEYID=			0x03, /* 160 bit string (SHA1) */
-	STORE_ATTR_SUBJECTKEYID=		0x04, /* 160 bit string (SHA1) */
-	STORE_ATTR_ISSUERSERIALHASH=		0x05, /* 160 bit string (SHA1) */
-	STORE_ATTR_ISSUER=			0x06, /* X509_NAME * */
-	STORE_ATTR_SERIAL=			0x07, /* BIGNUM * */
-	STORE_ATTR_SUBJECT=			0x08, /* X509_NAME * */
-	STORE_ATTR_CERTHASH=			0x09, /* 160 bit string (SHA1) */
-	STORE_ATTR_EMAIL=			0x0a, /* C string */
-	STORE_ATTR_FILENAME=			0x0b, /* C string */
-	STORE_ATTR_TYPE_NUM=			0x0b, /* The amount of known
-							 attribute types */
-	STORE_ATTR_OR=				0xff  /* This is a special
-							 separator, which
-							 expresses the OR
-							 operation.  */
-	} STORE_ATTR_TYPES;
-/* Attribute value sizes.  -1 means unknown, anything else is the required size. */
-extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1];
-
-typedef enum STORE_certificate_status
-	{
-	STORE_X509_VALID=			0x00,
-	STORE_X509_EXPIRED=			0x01,
-	STORE_X509_SUSPENDED=			0x02,
-	STORE_X509_REVOKED=			0x03
-	} STORE_CERTIFICATE_STATUS;
-
-/* Engine store functions will return a structure that contains all the necessary
- * information, including revokation status for certificates.  This is really not
- * needed for application authors, as the ENGINE framework functions will extract
- * the OpenSSL-specific information when at all possible.  However, for engine
- * authors, it's crucial to know this structure.  */
-typedef struct STORE_OBJECT_st
-	{
-	STORE_OBJECT_TYPES type;
-	union
-		{
-		struct
-			{
-			STORE_CERTIFICATE_STATUS status;
-			X509 *certificate;
-			} x509;
-		X509_CRL *crl;
-		EVP_PKEY *key;
-		BIGNUM *number;
-		BUF_MEM *arbitrary;
-		} data;
-	} STORE_OBJECT;
-DECLARE_STACK_OF(STORE_OBJECT)
-STORE_OBJECT *STORE_OBJECT_new(void);
-void STORE_OBJECT_free(STORE_OBJECT *data);
-
-
-
-/* The following functions handle the storage. They return 0, a negative number
-   or NULL on error, anything else on success. */
-X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-X509 *STORE_list_certificate_next(STORE *e, void *handle);
-int STORE_list_certificate_end(STORE *e, void *handle);
-int STORE_list_certificate_endp(STORE *e, void *handle);
-EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_store_private_key(STORE *e, EVP_PKEY *data,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle);
-int STORE_list_private_key_end(STORE *e, void *handle);
-int STORE_list_private_key_endp(STORE *e, void *handle);
-EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle);
-int STORE_list_public_key_end(STORE *e, void *handle);
-int STORE_list_public_key_endp(STORE *e, void *handle);
-X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-X509_CRL *STORE_list_crl_next(STORE *e, void *handle);
-int STORE_list_crl_end(STORE *e, void *handle);
-int STORE_list_crl_endp(STORE *e, void *handle);
-int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-
-
-/* Create and manipulate methods */
-STORE_METHOD *STORE_create_method(char *name);
-void STORE_destroy_method(STORE_METHOD *store_method);
-
-/* These callback types are use for store handlers */
-typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *);
-typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *);
-typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle);
-typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle);
-typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void));
-
-int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f);
-int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f);
-int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f);
-int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f);
-int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f);
-int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f);
-int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f);
-int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f);
-int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f);
-int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f);
-int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f);
-int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
-int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
-int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
-int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f);
-
-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm);
-STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm);
-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm);
-STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm);
-STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm);
-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm);
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm);
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm);
-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm);
-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm);
-STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm);
-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm);
-STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm);
-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm);
-STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm);
-
-/* Method helper structures and functions. */
-
-/* This structure is the result of parsing through the information in a list
-   of OPENSSL_ITEMs.  It stores all the necessary information in a structured
-   way.*/
-typedef struct STORE_attr_info_st STORE_ATTR_INFO;
-
-/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO.
-   Note that we do this in the list form, since the list of OPENSSL_ITEMs can
-   come in blocks separated with STORE_ATTR_OR.  Note that the value returned
-   by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */
-void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes);
-STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle);
-int STORE_parse_attrs_end(void *handle);
-int STORE_parse_attrs_endp(void *handle);
-
-/* Creator and destructor */
-STORE_ATTR_INFO *STORE_ATTR_INFO_new(void);
-int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs);
-
-/* Manipulators */
-char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
-unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
-	STORE_ATTR_TYPES code);
-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
-int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	char *cstr, size_t cstr_size);
-int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	unsigned char *sha1str, size_t sha1str_size);
-int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	X509_NAME *dn);
-int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	BIGNUM *number);
-int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	char *cstr, size_t cstr_size);
-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	unsigned char *sha1str, size_t sha1str_size);
-int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	X509_NAME *dn);
-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	BIGNUM *number);
-
-/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values
-   in each contained attribute. */
-int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO * const *a,
-			    const STORE_ATTR_INFO * const *b);
-/* Check if the set of attributes in a is within the range of attributes
-   set in b. */
-int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
-/* Check if the set of attributes in a are also set in b. */
-int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
-/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */
-int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_STORE_strings(void);
-
-/* Error codes for the STORE functions. */
-
-/* Function codes. */
-#define STORE_F_MEM_DELETE				 134
-#define STORE_F_MEM_GENERATE				 135
-#define STORE_F_MEM_LIST_END				 168
-#define STORE_F_MEM_LIST_NEXT				 136
-#define STORE_F_MEM_LIST_START				 137
-#define STORE_F_MEM_MODIFY				 169
-#define STORE_F_MEM_STORE				 138
-#define STORE_F_STORE_ATTR_INFO_GET0_CSTR		 139
-#define STORE_F_STORE_ATTR_INFO_GET0_DN			 140
-#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER		 141
-#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR		 142
-#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR		 143
-#define STORE_F_STORE_ATTR_INFO_MODIFY_DN		 144
-#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER		 145
-#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR		 146
-#define STORE_F_STORE_ATTR_INFO_SET_CSTR		 147
-#define STORE_F_STORE_ATTR_INFO_SET_DN			 148
-#define STORE_F_STORE_ATTR_INFO_SET_NUMBER		 149
-#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR		 150
-#define STORE_F_STORE_CERTIFICATE			 170
-#define STORE_F_STORE_CTRL				 161
-#define STORE_F_STORE_DELETE_ARBITRARY			 158
-#define STORE_F_STORE_DELETE_CERTIFICATE		 102
-#define STORE_F_STORE_DELETE_CRL			 103
-#define STORE_F_STORE_DELETE_NUMBER			 104
-#define STORE_F_STORE_DELETE_PRIVATE_KEY		 105
-#define STORE_F_STORE_DELETE_PUBLIC_KEY			 106
-#define STORE_F_STORE_GENERATE_CRL			 107
-#define STORE_F_STORE_GENERATE_KEY			 108
-#define STORE_F_STORE_GET_ARBITRARY			 159
-#define STORE_F_STORE_GET_CERTIFICATE			 109
-#define STORE_F_STORE_GET_CRL				 110
-#define STORE_F_STORE_GET_NUMBER			 111
-#define STORE_F_STORE_GET_PRIVATE_KEY			 112
-#define STORE_F_STORE_GET_PUBLIC_KEY			 113
-#define STORE_F_STORE_LIST_CERTIFICATE_END		 114
-#define STORE_F_STORE_LIST_CERTIFICATE_ENDP		 153
-#define STORE_F_STORE_LIST_CERTIFICATE_NEXT		 115
-#define STORE_F_STORE_LIST_CERTIFICATE_START		 116
-#define STORE_F_STORE_LIST_CRL_END			 117
-#define STORE_F_STORE_LIST_CRL_ENDP			 154
-#define STORE_F_STORE_LIST_CRL_NEXT			 118
-#define STORE_F_STORE_LIST_CRL_START			 119
-#define STORE_F_STORE_LIST_PRIVATE_KEY_END		 120
-#define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP		 155
-#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT		 121
-#define STORE_F_STORE_LIST_PRIVATE_KEY_START		 122
-#define STORE_F_STORE_LIST_PUBLIC_KEY_END		 123
-#define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP		 156
-#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT		 124
-#define STORE_F_STORE_LIST_PUBLIC_KEY_START		 125
-#define STORE_F_STORE_MODIFY_ARBITRARY			 162
-#define STORE_F_STORE_MODIFY_CERTIFICATE		 163
-#define STORE_F_STORE_MODIFY_CRL			 164
-#define STORE_F_STORE_MODIFY_NUMBER			 165
-#define STORE_F_STORE_MODIFY_PRIVATE_KEY		 166
-#define STORE_F_STORE_MODIFY_PUBLIC_KEY			 167
-#define STORE_F_STORE_NEW_ENGINE			 133
-#define STORE_F_STORE_NEW_METHOD			 132
-#define STORE_F_STORE_PARSE_ATTRS_END			 151
-#define STORE_F_STORE_PARSE_ATTRS_ENDP			 172
-#define STORE_F_STORE_PARSE_ATTRS_NEXT			 152
-#define STORE_F_STORE_PARSE_ATTRS_START			 171
-#define STORE_F_STORE_REVOKE_CERTIFICATE		 129
-#define STORE_F_STORE_REVOKE_PRIVATE_KEY		 130
-#define STORE_F_STORE_REVOKE_PUBLIC_KEY			 131
-#define STORE_F_STORE_STORE_ARBITRARY			 157
-#define STORE_F_STORE_STORE_CERTIFICATE			 100
-#define STORE_F_STORE_STORE_CRL				 101
-#define STORE_F_STORE_STORE_NUMBER			 126
-#define STORE_F_STORE_STORE_PRIVATE_KEY			 127
-#define STORE_F_STORE_STORE_PUBLIC_KEY			 128
-
-/* Reason codes. */
-#define STORE_R_ALREADY_HAS_A_VALUE			 127
-#define STORE_R_FAILED_DELETING_ARBITRARY		 132
-#define STORE_R_FAILED_DELETING_CERTIFICATE		 100
-#define STORE_R_FAILED_DELETING_KEY			 101
-#define STORE_R_FAILED_DELETING_NUMBER			 102
-#define STORE_R_FAILED_GENERATING_CRL			 103
-#define STORE_R_FAILED_GENERATING_KEY			 104
-#define STORE_R_FAILED_GETTING_ARBITRARY		 133
-#define STORE_R_FAILED_GETTING_CERTIFICATE		 105
-#define STORE_R_FAILED_GETTING_KEY			 106
-#define STORE_R_FAILED_GETTING_NUMBER			 107
-#define STORE_R_FAILED_LISTING_CERTIFICATES		 108
-#define STORE_R_FAILED_LISTING_KEYS			 109
-#define STORE_R_FAILED_MODIFYING_ARBITRARY		 138
-#define STORE_R_FAILED_MODIFYING_CERTIFICATE		 139
-#define STORE_R_FAILED_MODIFYING_CRL			 140
-#define STORE_R_FAILED_MODIFYING_NUMBER			 141
-#define STORE_R_FAILED_MODIFYING_PRIVATE_KEY		 142
-#define STORE_R_FAILED_MODIFYING_PUBLIC_KEY		 143
-#define STORE_R_FAILED_REVOKING_CERTIFICATE		 110
-#define STORE_R_FAILED_REVOKING_KEY			 111
-#define STORE_R_FAILED_STORING_ARBITRARY		 134
-#define STORE_R_FAILED_STORING_CERTIFICATE		 112
-#define STORE_R_FAILED_STORING_KEY			 113
-#define STORE_R_FAILED_STORING_NUMBER			 114
-#define STORE_R_NOT_IMPLEMENTED				 128
-#define STORE_R_NO_CONTROL_FUNCTION			 144
-#define STORE_R_NO_DELETE_ARBITRARY_FUNCTION		 135
-#define STORE_R_NO_DELETE_NUMBER_FUNCTION		 115
-#define STORE_R_NO_DELETE_OBJECT_FUNCTION		 116
-#define STORE_R_NO_GENERATE_CRL_FUNCTION		 117
-#define STORE_R_NO_GENERATE_OBJECT_FUNCTION		 118
-#define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION	 136
-#define STORE_R_NO_GET_OBJECT_FUNCTION			 119
-#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION		 120
-#define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION		 131
-#define STORE_R_NO_LIST_OBJECT_END_FUNCTION		 121
-#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION		 122
-#define STORE_R_NO_LIST_OBJECT_START_FUNCTION		 123
-#define STORE_R_NO_MODIFY_OBJECT_FUNCTION		 145
-#define STORE_R_NO_REVOKE_OBJECT_FUNCTION		 124
-#define STORE_R_NO_STORE				 129
-#define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION	 137
-#define STORE_R_NO_STORE_OBJECT_FUNCTION		 125
-#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION		 126
-#define STORE_R_NO_VALUE				 130
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/store/str_err.c b/crypto/store/str_err.c
deleted file mode 100644
index 924edf0505..0000000000
--- a/crypto/store/str_err.c
+++ /dev/null
@@ -1,211 +0,0 @@
-/* crypto/store/str_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/store.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason)
-
-static ERR_STRING_DATA STORE_str_functs[]=
-	{
-{ERR_FUNC(STORE_F_MEM_DELETE),	"MEM_DELETE"},
-{ERR_FUNC(STORE_F_MEM_GENERATE),	"MEM_GENERATE"},
-{ERR_FUNC(STORE_F_MEM_LIST_END),	"MEM_LIST_END"},
-{ERR_FUNC(STORE_F_MEM_LIST_NEXT),	"MEM_LIST_NEXT"},
-{ERR_FUNC(STORE_F_MEM_LIST_START),	"MEM_LIST_START"},
-{ERR_FUNC(STORE_F_MEM_MODIFY),	"MEM_MODIFY"},
-{ERR_FUNC(STORE_F_MEM_STORE),	"MEM_STORE"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR),	"STORE_ATTR_INFO_get0_cstr"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN),	"STORE_ATTR_INFO_get0_dn"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER),	"STORE_ATTR_INFO_get0_number"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR),	"STORE_ATTR_INFO_get0_sha1str"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR),	"STORE_ATTR_INFO_modify_cstr"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN),	"STORE_ATTR_INFO_modify_dn"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER),	"STORE_ATTR_INFO_modify_number"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR),	"STORE_ATTR_INFO_modify_sha1str"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR),	"STORE_ATTR_INFO_set_cstr"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN),	"STORE_ATTR_INFO_set_dn"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER),	"STORE_ATTR_INFO_set_number"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR),	"STORE_ATTR_INFO_set_sha1str"},
-{ERR_FUNC(STORE_F_STORE_CERTIFICATE),	"STORE_CERTIFICATE"},
-{ERR_FUNC(STORE_F_STORE_CTRL),	"STORE_ctrl"},
-{ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY),	"STORE_delete_arbitrary"},
-{ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE),	"STORE_delete_certificate"},
-{ERR_FUNC(STORE_F_STORE_DELETE_CRL),	"STORE_delete_crl"},
-{ERR_FUNC(STORE_F_STORE_DELETE_NUMBER),	"STORE_delete_number"},
-{ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY),	"STORE_delete_private_key"},
-{ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY),	"STORE_delete_public_key"},
-{ERR_FUNC(STORE_F_STORE_GENERATE_CRL),	"STORE_generate_crl"},
-{ERR_FUNC(STORE_F_STORE_GENERATE_KEY),	"STORE_generate_key"},
-{ERR_FUNC(STORE_F_STORE_GET_ARBITRARY),	"STORE_get_arbitrary"},
-{ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE),	"STORE_get_certificate"},
-{ERR_FUNC(STORE_F_STORE_GET_CRL),	"STORE_get_crl"},
-{ERR_FUNC(STORE_F_STORE_GET_NUMBER),	"STORE_get_number"},
-{ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY),	"STORE_get_private_key"},
-{ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY),	"STORE_get_public_key"},
-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END),	"STORE_list_certificate_end"},
-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP),	"STORE_list_certificate_endp"},
-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT),	"STORE_list_certificate_next"},
-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START),	"STORE_list_certificate_start"},
-{ERR_FUNC(STORE_F_STORE_LIST_CRL_END),	"STORE_list_crl_end"},
-{ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP),	"STORE_list_crl_endp"},
-{ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT),	"STORE_list_crl_next"},
-{ERR_FUNC(STORE_F_STORE_LIST_CRL_START),	"STORE_list_crl_start"},
-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END),	"STORE_list_private_key_end"},
-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP),	"STORE_list_private_key_endp"},
-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT),	"STORE_list_private_key_next"},
-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START),	"STORE_list_private_key_start"},
-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END),	"STORE_list_public_key_end"},
-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP),	"STORE_list_public_key_endp"},
-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT),	"STORE_list_public_key_next"},
-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START),	"STORE_list_public_key_start"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY),	"STORE_modify_arbitrary"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE),	"STORE_modify_certificate"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_CRL),	"STORE_modify_crl"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER),	"STORE_modify_number"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY),	"STORE_modify_private_key"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY),	"STORE_modify_public_key"},
-{ERR_FUNC(STORE_F_STORE_NEW_ENGINE),	"STORE_new_engine"},
-{ERR_FUNC(STORE_F_STORE_NEW_METHOD),	"STORE_new_method"},
-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END),	"STORE_parse_attrs_end"},
-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP),	"STORE_parse_attrs_endp"},
-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT),	"STORE_parse_attrs_next"},
-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START),	"STORE_parse_attrs_start"},
-{ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE),	"STORE_revoke_certificate"},
-{ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY),	"STORE_revoke_private_key"},
-{ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY),	"STORE_revoke_public_key"},
-{ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY),	"STORE_store_arbitrary"},
-{ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE),	"STORE_store_certificate"},
-{ERR_FUNC(STORE_F_STORE_STORE_CRL),	"STORE_store_crl"},
-{ERR_FUNC(STORE_F_STORE_STORE_NUMBER),	"STORE_store_number"},
-{ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY),	"STORE_store_private_key"},
-{ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY),	"STORE_store_public_key"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA STORE_str_reasons[]=
-	{
-{ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE) ,"already has a value"},
-{ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY),"failed deleting arbitrary"},
-{ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE),"failed deleting certificate"},
-{ERR_REASON(STORE_R_FAILED_DELETING_KEY) ,"failed deleting key"},
-{ERR_REASON(STORE_R_FAILED_DELETING_NUMBER),"failed deleting number"},
-{ERR_REASON(STORE_R_FAILED_GENERATING_CRL),"failed generating crl"},
-{ERR_REASON(STORE_R_FAILED_GENERATING_KEY),"failed generating key"},
-{ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY),"failed getting arbitrary"},
-{ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE),"failed getting certificate"},
-{ERR_REASON(STORE_R_FAILED_GETTING_KEY)  ,"failed getting key"},
-{ERR_REASON(STORE_R_FAILED_GETTING_NUMBER),"failed getting number"},
-{ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES),"failed listing certificates"},
-{ERR_REASON(STORE_R_FAILED_LISTING_KEYS) ,"failed listing keys"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY),"failed modifying arbitrary"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE),"failed modifying certificate"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_CRL),"failed modifying crl"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER),"failed modifying number"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY),"failed modifying private key"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY),"failed modifying public key"},
-{ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE),"failed revoking certificate"},
-{ERR_REASON(STORE_R_FAILED_REVOKING_KEY) ,"failed revoking key"},
-{ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY),"failed storing arbitrary"},
-{ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE),"failed storing certificate"},
-{ERR_REASON(STORE_R_FAILED_STORING_KEY)  ,"failed storing key"},
-{ERR_REASON(STORE_R_FAILED_STORING_NUMBER),"failed storing number"},
-{ERR_REASON(STORE_R_NOT_IMPLEMENTED)     ,"not implemented"},
-{ERR_REASON(STORE_R_NO_CONTROL_FUNCTION) ,"no control function"},
-{ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION),"no delete arbitrary function"},
-{ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION),"no delete number function"},
-{ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION),"no delete object function"},
-{ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION),"no generate crl function"},
-{ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION),"no generate object function"},
-{ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION),"no get object arbitrary function"},
-{ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION),"no get object function"},
-{ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION),"no get object number function"},
-{ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION),"no list object endp function"},
-{ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION),"no list object end function"},
-{ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION),"no list object next function"},
-{ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION),"no list object start function"},
-{ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION),"no modify object function"},
-{ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION),"no revoke object function"},
-{ERR_REASON(STORE_R_NO_STORE)            ,"no store"},
-{ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION),"no store object arbitrary function"},
-{ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION),"no store object function"},
-{ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION),"no store object number function"},
-{ERR_REASON(STORE_R_NO_VALUE)            ,"no value"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_STORE_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(STORE_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,STORE_str_functs);
-		ERR_load_strings(0,STORE_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c
deleted file mode 100644
index f1dbcbd0e0..0000000000
--- a/crypto/store/str_lib.c
+++ /dev/null
@@ -1,1828 +0,0 @@
-/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/sha.h>
-#include <openssl/x509.h>
-#include "str_locl.h"
-
-const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] =
-	{
-	0,
-	"X.509 Certificate",
-	"X.509 CRL",
-	"Private Key",
-	"Public Key",
-	"Number",
-	"Arbitrary Data"
-	};
-
-const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] =
-	{
-	0,
-	sizeof(int),		/* EVP_TYPE */
-	sizeof(size_t),		/* BITS */
-	-1,			/* KEY_PARAMETERS */
-	0			/* KEY_NO_PARAMETERS */
-	};	
-
-const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] =
-	{
-	0,
-	-1,			/* FRIENDLYNAME:	C string */
-	SHA_DIGEST_LENGTH,	/* KEYID:		SHA1 digest, 160 bits */
-	SHA_DIGEST_LENGTH,	/* ISSUERKEYID:		SHA1 digest, 160 bits */
-	SHA_DIGEST_LENGTH,	/* SUBJECTKEYID:	SHA1 digest, 160 bits */
-	SHA_DIGEST_LENGTH,	/* ISSUERSERIALHASH:	SHA1 digest, 160 bits */
-	sizeof(X509_NAME *),	/* ISSUER:		X509_NAME * */
-	sizeof(BIGNUM *),	/* SERIAL:		BIGNUM * */
-	sizeof(X509_NAME *),	/* SUBJECT:		X509_NAME * */
-	SHA_DIGEST_LENGTH,	/* CERTHASH:		SHA1 digest, 160 bits */
-	-1,			/* EMAIL:		C string */
-	-1,			/* FILENAME:		C string */
-	};	
-
-STORE *STORE_new_method(const STORE_METHOD *method)
-	{
-	STORE *ret;
-
-	if (method == NULL)
-		{
-		STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-
-	ret=(STORE *)OPENSSL_malloc(sizeof(STORE));
-	if (ret == NULL)
-		{
-		STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	ret->meth=method;
-
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
-	if (ret->meth->init && !ret->meth->init(ret))
-		{
-		STORE_free(ret);
-		ret = NULL;
-		}
-	return ret;
-	}
-
-STORE *STORE_new_engine(ENGINE *engine)
-	{
-	STORE *ret = NULL;
-	ENGINE *e = engine;
-	const STORE_METHOD *meth = 0;
-
-#ifdef OPENSSL_NO_ENGINE
-	e = NULL;
-#else
-	if (engine)
-		{
-		if (!ENGINE_init(engine))
-			{
-			STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
-			return NULL;
-			}
-		e = engine;
-		}
-	else
-		{
-		STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if(e)
-		{
-		meth = ENGINE_get_STORE(e);
-		if(!meth)
-			{
-			STOREerr(STORE_F_STORE_NEW_ENGINE,
-				ERR_R_ENGINE_LIB);
-			ENGINE_finish(e);
-			return NULL;
-			}
-		}
-#endif
-
-	ret = STORE_new_method(meth);
-	if (ret == NULL)
-		{
-		STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB);
-		return NULL;
-		}
-
-	ret->engine = e;
-
-	return(ret);
-	}
-
-void STORE_free(STORE *store)
-	{
-	if (store == NULL)
-		return;
-	if (store->meth->clean)
-		store->meth->clean(store);
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
-	OPENSSL_free(store);
-	}
-
-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void))
-	{
-	if (store == NULL)
-		{
-		STOREerr(STORE_F_STORE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (store->meth->ctrl)
-		return store->meth->ctrl(store, cmd, i, p, f);
-	STOREerr(STORE_F_STORE_CTRL,STORE_R_NO_CONTROL_FUNCTION);
-	return 0;
-	}
-
-
-int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp,
-				new_func, dup_func, free_func);
-        }
-
-int STORE_set_ex_data(STORE *r, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
-	}
-
-void *STORE_get_ex_data(STORE *r, int idx)
-	{
-	return(CRYPTO_get_ex_data(&r->ex_data,idx));
-	}
-
-const STORE_METHOD *STORE_get_method(STORE *store)
-	{
-	return store->meth;
-	}
-
-const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
-	{
-	store->meth=meth;
-	return store->meth;
-	}
-
-
-/* API helpers */
-
-#define check_store(s,fncode,fnname,fnerrcode) \
-	do \
-		{ \
-		if ((s) == NULL || (s)->meth == NULL) \
-			{ \
-			STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
-			return 0; \
-			} \
-		if ((s)->meth->fnname == NULL) \
-			{ \
-			STOREerr((fncode), (fnerrcode)); \
-			return 0; \
-			} \
-		} \
-	while(0)
-
-/* API functions */
-
-X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	X509 *x;
-
-	check_store(s,STORE_F_STORE_GET_CERTIFICATE,
-		get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
-
-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-		attributes, parameters);
-	if (!object || !object->data.x509.certificate)
-		{
-		STOREerr(STORE_F_STORE_GET_CERTIFICATE,
-			STORE_R_FAILED_GETTING_CERTIFICATE);
-		return 0;
-		}
-	CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
-	REF_PRINT("X509",data);
-#endif
-	x = object->data.x509.certificate;
-	STORE_OBJECT_free(object);
-	return x;
-	}
-
-int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	int i;
-
-	check_store(s,STORE_F_STORE_CERTIFICATE,
-		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
-
-	object = STORE_OBJECT_new();
-	if (!object)
-		{
-		STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	
-	CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
-	REF_PRINT("X509",data);
-#endif
-	object->data.x509.certificate = data;
-
-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-		object, attributes, parameters);
-
-	STORE_OBJECT_free(object);
-
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
-			STORE_R_FAILED_STORING_CERTIFICATE);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_MODIFY_CERTIFICATE,
-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-		    search_attributes, add_attributes, modify_attributes,
-		    delete_attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
-			STORE_R_FAILED_MODIFYING_CERTIFICATE);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE,
-		revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
-
-	if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-		    attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
-			STORE_R_FAILED_REVOKING_CERTIFICATE);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_DELETE_CERTIFICATE,
-		delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
-
-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-		    attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
-			STORE_R_FAILED_DELETING_CERTIFICATE);
-		return 0;
-		}
-	return 1;
-	}
-
-void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	void *handle;
-
-	check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START,
-		list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
-	handle = s->meth->list_object_start(s,
-		STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes, parameters);
-	if (!handle)
-		{
-		STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
-			STORE_R_FAILED_LISTING_CERTIFICATES);
-		return 0;
-		}
-	return handle;
-	}
-
-X509 *STORE_list_certificate_next(STORE *s, void *handle)
-	{
-	STORE_OBJECT *object;
-	X509 *x;
-
-	check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT,
-		list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
-	object = s->meth->list_object_next(s, handle);
-	if (!object || !object->data.x509.certificate)
-		{
-		STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
-			STORE_R_FAILED_LISTING_CERTIFICATES);
-		return 0;
-		}
-	CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
-	REF_PRINT("X509",data);
-#endif
-	x = object->data.x509.certificate;
-	STORE_OBJECT_free(object);
-	return x;
-	}
-
-int STORE_list_certificate_end(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END,
-		list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
-	if (!s->meth->list_object_end(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
-			STORE_R_FAILED_LISTING_CERTIFICATES);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_list_certificate_endp(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP,
-		list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
-	if (!s->meth->list_object_endp(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
-			STORE_R_FAILED_LISTING_CERTIFICATES);
-		return 0;
-		}
-	return 1;
-	}
-
-EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	EVP_PKEY *pkey;
-
-	check_store(s,STORE_F_STORE_GENERATE_KEY,
-		generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION);
-
-	object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-		attributes, parameters);
-	if (!object || !object->data.key)
-		{
-		STOREerr(STORE_F_STORE_GENERATE_KEY,
-			STORE_R_FAILED_GENERATING_KEY);
-		return 0;
-		}
-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
-#endif
-	pkey = object->data.key;
-	STORE_OBJECT_free(object);
-	return pkey;
-	}
-
-EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	EVP_PKEY *pkey;
-
-	check_store(s,STORE_F_STORE_GET_PRIVATE_KEY,
-		get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
-
-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-		attributes, parameters);
-	if (!object || !object->data.key || !object->data.key)
-		{
-		STOREerr(STORE_F_STORE_GET_PRIVATE_KEY,
-			STORE_R_FAILED_GETTING_KEY);
-		return 0;
-		}
-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
-#endif
-	pkey = object->data.key;
-	STORE_OBJECT_free(object);
-	return pkey;
-	}
-
-int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	int i;
-
-	check_store(s,STORE_F_STORE_STORE_PRIVATE_KEY,
-		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
-
-	object = STORE_OBJECT_new();
-	if (!object)
-		{
-		STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	object->data.key = EVP_PKEY_new();
-	if (!object->data.key)
-		{
-		STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	
-	CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
-#endif
-	object->data.key = data;
-
-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
-		attributes, parameters);
-
-	STORE_OBJECT_free(object);
-
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
-			STORE_R_FAILED_STORING_KEY);
-		return 0;
-		}
-	return i;
-	}
-
-int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_MODIFY_PRIVATE_KEY,
-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-		    search_attributes, add_attributes, modify_attributes,
-		    delete_attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
-			STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	int i;
-
-	check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY,
-		revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
-
-	i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-		attributes, parameters);
-
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
-			STORE_R_FAILED_REVOKING_KEY);
-		return 0;
-		}
-	return i;
-	}
-
-int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY,
-		delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
-	
-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-		    attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
-			STORE_R_FAILED_DELETING_KEY);
-		return 0;
-		}
-	return 1;
-	}
-
-void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	void *handle;
-
-	check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START,
-		list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
-	handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-		attributes, parameters);
-	if (!handle)
-		{
-		STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return handle;
-	}
-
-EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)
-	{
-	STORE_OBJECT *object;
-	EVP_PKEY *pkey;
-
-	check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
-		list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
-	object = s->meth->list_object_next(s, handle);
-	if (!object || !object->data.key || !object->data.key)
-		{
-		STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
-#endif
-	pkey = object->data.key;
-	STORE_OBJECT_free(object);
-	return pkey;
-	}
-
-int STORE_list_private_key_end(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END,
-		list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
-	if (!s->meth->list_object_end(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_list_private_key_endp(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
-		list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
-	if (!s->meth->list_object_endp(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return 1;
-	}
-
-EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	EVP_PKEY *pkey;
-
-	check_store(s,STORE_F_STORE_GET_PUBLIC_KEY,
-		get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
-
-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-		attributes, parameters);
-	if (!object || !object->data.key || !object->data.key)
-		{
-		STOREerr(STORE_F_STORE_GET_PUBLIC_KEY,
-			STORE_R_FAILED_GETTING_KEY);
-		return 0;
-		}
-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
-#endif
-	pkey = object->data.key;
-	STORE_OBJECT_free(object);
-	return pkey;
-	}
-
-int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	int i;
-
-	check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY,
-		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
-
-	object = STORE_OBJECT_new();
-	if (!object)
-		{
-		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	object->data.key = EVP_PKEY_new();
-	if (!object->data.key)
-		{
-		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	
-	CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
-#endif
-	object->data.key = data;
-
-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
-		attributes, parameters);
-
-	STORE_OBJECT_free(object);
-
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
-			STORE_R_FAILED_STORING_KEY);
-		return 0;
-		}
-	return i;
-	}
-
-int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_MODIFY_PUBLIC_KEY,
-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-		    search_attributes, add_attributes, modify_attributes,
-		    delete_attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
-			STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	int i;
-
-	check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY,
-		revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
-
-	i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-		attributes, parameters);
-
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
-			STORE_R_FAILED_REVOKING_KEY);
-		return 0;
-		}
-	return i;
-	}
-
-int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY,
-		delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
-	
-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-		    attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
-			STORE_R_FAILED_DELETING_KEY);
-		return 0;
-		}
-	return 1;
-	}
-
-void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	void *handle;
-
-	check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START,
-		list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
-	handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-		attributes, parameters);
-	if (!handle)
-		{
-		STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return handle;
-	}
-
-EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)
-	{
-	STORE_OBJECT *object;
-	EVP_PKEY *pkey;
-
-	check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
-		list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
-	object = s->meth->list_object_next(s, handle);
-	if (!object || !object->data.key || !object->data.key)
-		{
-		STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
-#endif
-	pkey = object->data.key;
-	STORE_OBJECT_free(object);
-	return pkey;
-	}
-
-int STORE_list_public_key_end(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_END,
-		list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
-	if (!s->meth->list_object_end(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_list_public_key_endp(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
-		list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
-	if (!s->meth->list_object_endp(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return 1;
-	}
-
-X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	X509_CRL *crl;
-
-	check_store(s,STORE_F_STORE_GENERATE_CRL,
-		generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION);
-
-	object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
-		attributes, parameters);
-	if (!object || !object->data.crl)
-		{
-		STOREerr(STORE_F_STORE_GENERATE_CRL,
-			STORE_R_FAILED_GENERATING_CRL);
-		return 0;
-		}
-	CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-	REF_PRINT("X509_CRL",data);
-#endif
-	crl = object->data.crl;
-	STORE_OBJECT_free(object);
-	return crl;
-	}
-
-X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	X509_CRL *crl;
-
-	check_store(s,STORE_F_STORE_GET_CRL,
-		get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
-
-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
-		attributes, parameters);
-	if (!object || !object->data.crl)
-		{
-		STOREerr(STORE_F_STORE_GET_CRL,
-			STORE_R_FAILED_GETTING_KEY);
-		return 0;
-		}
-	CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-	REF_PRINT("X509_CRL",data);
-#endif
-	crl = object->data.crl;
-	STORE_OBJECT_free(object);
-	return crl;
-	}
-
-int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	int i;
-
-	check_store(s,STORE_F_STORE_STORE_CRL,
-		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
-
-	object = STORE_OBJECT_new();
-	if (!object)
-		{
-		STOREerr(STORE_F_STORE_STORE_CRL,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	
-	CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-	REF_PRINT("X509_CRL",data);
-#endif
-	object->data.crl = data;
-
-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
-		attributes, parameters);
-
-	STORE_OBJECT_free(object);
-
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_STORE_CRL,
-			STORE_R_FAILED_STORING_KEY);
-		return 0;
-		}
-	return i;
-	}
-
-int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_MODIFY_CRL,
-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
-		    search_attributes, add_attributes, modify_attributes,
-		    delete_attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_MODIFY_CRL,
-			STORE_R_FAILED_MODIFYING_CRL);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_DELETE_CRL,
-		delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
-	
-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
-		    attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_DELETE_CRL,
-			STORE_R_FAILED_DELETING_KEY);
-		return 0;
-		}
-	return 1;
-	}
-
-void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	void *handle;
-
-	check_store(s,STORE_F_STORE_LIST_CRL_START,
-		list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
-	handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
-		attributes, parameters);
-	if (!handle)
-		{
-		STOREerr(STORE_F_STORE_LIST_CRL_START,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return handle;
-	}
-
-X509_CRL *STORE_list_crl_next(STORE *s, void *handle)
-	{
-	STORE_OBJECT *object;
-	X509_CRL *crl;
-
-	check_store(s,STORE_F_STORE_LIST_CRL_NEXT,
-		list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
-	object = s->meth->list_object_next(s, handle);
-	if (!object || !object->data.crl)
-		{
-		STOREerr(STORE_F_STORE_LIST_CRL_NEXT,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-	REF_PRINT("X509_CRL",data);
-#endif
-	crl = object->data.crl;
-	STORE_OBJECT_free(object);
-	return crl;
-	}
-
-int STORE_list_crl_end(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_CRL_END,
-		list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
-	if (!s->meth->list_object_end(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_CRL_END,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_list_crl_endp(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_CRL_ENDP,
-		list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
-	if (!s->meth->list_object_endp(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_CRL_ENDP,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	int i;
-
-	check_store(s,STORE_F_STORE_STORE_NUMBER,
-		store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
-
-	object = STORE_OBJECT_new();
-	if (!object)
-		{
-		STOREerr(STORE_F_STORE_STORE_NUMBER,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	
-	object->data.number = data;
-
-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
-		attributes, parameters);
-
-	STORE_OBJECT_free(object);
-
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_STORE_NUMBER,
-			STORE_R_FAILED_STORING_NUMBER);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_MODIFY_NUMBER,
-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
-		    search_attributes, add_attributes, modify_attributes,
-		    delete_attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_MODIFY_NUMBER,
-			STORE_R_FAILED_MODIFYING_NUMBER);
-		return 0;
-		}
-	return 1;
-	}
-
-BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	BIGNUM *n;
-
-	check_store(s,STORE_F_STORE_GET_NUMBER,
-		get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
-
-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
-		parameters);
-	if (!object || !object->data.number)
-		{
-		STOREerr(STORE_F_STORE_GET_NUMBER,
-			STORE_R_FAILED_GETTING_NUMBER);
-		return 0;
-		}
-	n = object->data.number;
-	object->data.number = NULL;
-	STORE_OBJECT_free(object);
-	return n;
-	}
-
-int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_DELETE_NUMBER,
-		delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION);
-
-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
-		    parameters))
-		{
-		STOREerr(STORE_F_STORE_DELETE_NUMBER,
-			STORE_R_FAILED_DELETING_NUMBER);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	int i;
-
-	check_store(s,STORE_F_STORE_STORE_ARBITRARY,
-		store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
-
-	object = STORE_OBJECT_new();
-	if (!object)
-		{
-		STOREerr(STORE_F_STORE_STORE_ARBITRARY,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	
-	object->data.arbitrary = data;
-
-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
-		attributes, parameters);
-
-	STORE_OBJECT_free(object);
-
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_STORE_ARBITRARY,
-			STORE_R_FAILED_STORING_ARBITRARY);
-		return 0;
-		}
-	return 1;
-	}
-
-int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_MODIFY_ARBITRARY,
-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
-		    search_attributes, add_attributes, modify_attributes,
-		    delete_attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
-			STORE_R_FAILED_MODIFYING_ARBITRARY);
-		return 0;
-		}
-	return 1;
-	}
-
-BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	BUF_MEM *b;
-
-	check_store(s,STORE_F_STORE_GET_ARBITRARY,
-		get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
-
-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
-		attributes, parameters);
-	if (!object || !object->data.arbitrary)
-		{
-		STOREerr(STORE_F_STORE_GET_ARBITRARY,
-			STORE_R_FAILED_GETTING_ARBITRARY);
-		return 0;
-		}
-	b = object->data.arbitrary;
-	object->data.arbitrary = NULL;
-	STORE_OBJECT_free(object);
-	return b;
-	}
-
-int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_DELETE_ARBITRARY,
-		delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
-
-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
-		    parameters))
-		{
-		STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
-			STORE_R_FAILED_DELETING_ARBITRARY);
-		return 0;
-		}
-	return 1;
-	}
-
-STORE_OBJECT *STORE_OBJECT_new(void)
-	{
-	STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT));
-	if (object) memset(object, 0, sizeof(STORE_OBJECT));
-	return object;
-	}
-void STORE_OBJECT_free(STORE_OBJECT *data)
-	{
-	if (!data) return;
-	switch (data->type)
-		{
-	case STORE_OBJECT_TYPE_X509_CERTIFICATE:
-		X509_free(data->data.x509.certificate);
-		break;
-	case STORE_OBJECT_TYPE_X509_CRL:
-		X509_CRL_free(data->data.crl);
-		break;
-	case STORE_OBJECT_TYPE_PRIVATE_KEY:
-	case STORE_OBJECT_TYPE_PUBLIC_KEY:
-		EVP_PKEY_free(data->data.key);
-		break;
-	case STORE_OBJECT_TYPE_NUMBER:
-		BN_free(data->data.number);
-		break;
-	case STORE_OBJECT_TYPE_ARBITRARY:
-		BUF_MEM_free(data->data.arbitrary);
-		break;
-		}
-	OPENSSL_free(data);
-	}
-
-IMPLEMENT_STACK_OF(STORE_OBJECT*)
-
-
-struct STORE_attr_info_st
-	{
-	unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
-	union
-		{
-		char *cstring;
-		unsigned char *sha1string;
-		X509_NAME *dn;
-		BIGNUM *number;
-		void *any;
-		} values[STORE_ATTR_TYPE_NUM+1];
-	size_t value_sizes[STORE_ATTR_TYPE_NUM+1];
-	};
-
-#define ATTR_IS_SET(a,i)	((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
-				&& ((a)->set[(i) / 8] & (1 << ((i) % 8))))
-#define SET_ATTRBIT(a,i)	((a)->set[(i) / 8] |= (1 << ((i) % 8)))
-#define CLEAR_ATTRBIT(a,i)	((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
-
-STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)
-	{
-	return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO));
-	}
-static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,
-	STORE_ATTR_TYPES code)
-	{
-	if (ATTR_IS_SET(attrs,code))
-		{
-		switch(code)
-			{
-		case STORE_ATTR_FRIENDLYNAME:
-		case STORE_ATTR_EMAIL:
-		case STORE_ATTR_FILENAME:
-			STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
-			break;
-		case STORE_ATTR_KEYID:
-		case STORE_ATTR_ISSUERKEYID:
-		case STORE_ATTR_SUBJECTKEYID:
-		case STORE_ATTR_ISSUERSERIALHASH:
-		case STORE_ATTR_CERTHASH:
-			STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
-			break;
-		case STORE_ATTR_ISSUER:
-		case STORE_ATTR_SUBJECT:
-			STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
-			break;
-		case STORE_ATTR_SERIAL:
-			STORE_ATTR_INFO_modify_number(attrs, code, NULL);
-			break;
-		default:
-			break;
-			}
-		}
-	}
-int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)
-	{
-	if (attrs)
-		{
-		STORE_ATTR_TYPES i;
-		for(i = 0; i++ < STORE_ATTR_TYPE_NUM;)
-			STORE_ATTR_INFO_attr_free(attrs, i);
-		OPENSSL_free(attrs);
-		}
-	return 1;
-	}
-char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		return attrs->values[code].cstring;
-	STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
-		STORE_R_NO_VALUE);
-	return NULL;
-	}
-unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
-	STORE_ATTR_TYPES code)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		return attrs->values[code].sha1string;
-	STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
-		STORE_R_NO_VALUE);
-	return NULL;
-	}
-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		return attrs->values[code].dn;
-	STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
-		STORE_R_NO_VALUE);
-	return NULL;
-	}
-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		return attrs->values[code].number;
-	STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
-		STORE_R_NO_VALUE);
-	return NULL;
-	}
-int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	char *cstr, size_t cstr_size)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (!ATTR_IS_SET(attrs,code))
-		{
-		if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))
-			return 1;
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
-	return 0;
-	}
-int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	unsigned char *sha1str, size_t sha1str_size)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (!ATTR_IS_SET(attrs,code))
-		{
-		if ((attrs->values[code].sha1string =
-			    (unsigned char *)BUF_memdup(sha1str,
-				    sha1str_size)))
-			return 1;
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, STORE_R_ALREADY_HAS_A_VALUE);
-	return 0;
-	}
-int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	X509_NAME *dn)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (!ATTR_IS_SET(attrs,code))
-		{
-		if ((attrs->values[code].dn = X509_NAME_dup(dn)))
-			return 1;
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
-	return 0;
-	}
-int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	BIGNUM *number)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (!ATTR_IS_SET(attrs,code))
-		{
-		if ((attrs->values[code].number = BN_dup(number)))
-			return 1;
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
-	return 0;
-	}
-int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	char *cstr, size_t cstr_size)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		{
-		OPENSSL_free(attrs->values[code].cstring);
-		attrs->values[code].cstring = NULL;
-		CLEAR_ATTRBIT(attrs, code);
-		}
-	return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
-	}
-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	unsigned char *sha1str, size_t sha1str_size)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		{
-		OPENSSL_free(attrs->values[code].sha1string);
-		attrs->values[code].sha1string = NULL;
-		CLEAR_ATTRBIT(attrs, code);
-		}
-	return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
-	}
-int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	X509_NAME *dn)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		{
-		OPENSSL_free(attrs->values[code].dn);
-		attrs->values[code].dn = NULL;
-		CLEAR_ATTRBIT(attrs, code);
-		}
-	return STORE_ATTR_INFO_set_dn(attrs, code, dn);
-	}
-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	BIGNUM *number)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		{
-		OPENSSL_free(attrs->values[code].number);
-		attrs->values[code].number = NULL;
-		CLEAR_ATTRBIT(attrs, code);
-		}
-	return STORE_ATTR_INFO_set_number(attrs, code, number);
-	}
-
-struct attr_list_ctx_st
-	{
-	OPENSSL_ITEM *attributes;
-	};
-void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)
-	{
-	if (attributes)
-		{
-		struct attr_list_ctx_st *context =
-			(struct attr_list_ctx_st *)OPENSSL_malloc(sizeof(struct attr_list_ctx_st));
-		if (context)
-			context->attributes = attributes;
-		else
-			STOREerr(STORE_F_STORE_PARSE_ATTRS_START,
-				ERR_R_MALLOC_FAILURE);
-		return context;
-		}
-	STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
-	return 0;
-	}
-STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)
-	{
-	struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
-
-	if (context && context->attributes)
-		{
-		STORE_ATTR_INFO *attrs = NULL;
-
-		while(context->attributes
-			&& context->attributes->code != STORE_ATTR_OR
-			&& context->attributes->code != STORE_ATTR_END)
-			{
-			switch(context->attributes->code)
-				{
-			case STORE_ATTR_FRIENDLYNAME:
-			case STORE_ATTR_EMAIL:
-			case STORE_ATTR_FILENAME:
-				if (!attrs) attrs = STORE_ATTR_INFO_new();
-				if (attrs == NULL)
-					{
-					STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
-						ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				STORE_ATTR_INFO_set_cstr(attrs,
-					context->attributes->code,
-					context->attributes->value,
-					context->attributes->value_size);
-				break;
-			case STORE_ATTR_KEYID:
-			case STORE_ATTR_ISSUERKEYID:
-			case STORE_ATTR_SUBJECTKEYID:
-			case STORE_ATTR_ISSUERSERIALHASH:
-			case STORE_ATTR_CERTHASH:
-				if (!attrs) attrs = STORE_ATTR_INFO_new();
-				if (attrs == NULL)
-					{
-					STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
-						ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				STORE_ATTR_INFO_set_sha1str(attrs,
-					context->attributes->code,
-					context->attributes->value,
-					context->attributes->value_size);
-				break;
-			case STORE_ATTR_ISSUER:
-			case STORE_ATTR_SUBJECT:
-				if (!attrs) attrs = STORE_ATTR_INFO_new();
-				if (attrs == NULL)
-					{
-					STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
-						ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				STORE_ATTR_INFO_modify_dn(attrs,
-					context->attributes->code,
-					context->attributes->value);
-				break;
-			case STORE_ATTR_SERIAL:
-				if (!attrs) attrs = STORE_ATTR_INFO_new();
-				if (attrs == NULL)
-					{
-					STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
-						ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				STORE_ATTR_INFO_modify_number(attrs,
-					context->attributes->code,
-					context->attributes->value);
-				break;
-				}
-			context->attributes++;
-			}
-		if (context->attributes->code == STORE_ATTR_OR)
-			context->attributes++;
-		return attrs;
-	err:
-		while(context->attributes
-			&& context->attributes->code != STORE_ATTR_OR
-			&& context->attributes->code != STORE_ATTR_END)
-			context->attributes++;
-		if (context->attributes->code == STORE_ATTR_OR)
-			context->attributes++;
-		return NULL;
-		}
-	STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
-	return NULL;
-	}
-int STORE_parse_attrs_end(void *handle)
-	{
-	struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
-
-	if (context && context->attributes)
-		{
-#if 0
-		OPENSSL_ITEM *attributes = context->attributes;
-#endif
-		OPENSSL_free(context);
-		return 1;
-		}
-	STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
-	return 0;
-	}
-
-int STORE_parse_attrs_endp(void *handle)
-	{
-	struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
-
-	if (context && context->attributes)
-		{
-		return context->attributes->code == STORE_ATTR_END;
-		}
-	STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
-	return 0;
-	}
-
-static int attr_info_compare_compute_range(
-	const unsigned char *abits, const unsigned char *bbits,
-	unsigned int *alowp, unsigned int *ahighp,
-	unsigned int *blowp, unsigned int *bhighp)
-	{
-	unsigned int alow = (unsigned int)-1, ahigh = 0;
-	unsigned int blow = (unsigned int)-1, bhigh = 0;
-	int i, res = 0;
-
-	for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)
-		{
-		if (res == 0)
-			{
-			if (*abits < *bbits) res = -1;
-			if (*abits > *bbits) res = 1;
-			}
-		if (*abits)
-			{
-			if (alow == (unsigned int)-1)
-				{
-				alow = i * 8;
-				if (!(*abits & 0x01)) alow++;
-				if (!(*abits & 0x02)) alow++;
-				if (!(*abits & 0x04)) alow++;
-				if (!(*abits & 0x08)) alow++;
-				if (!(*abits & 0x10)) alow++;
-				if (!(*abits & 0x20)) alow++;
-				if (!(*abits & 0x40)) alow++;
-				}
-			ahigh = i * 8 + 7;
-			if (!(*abits & 0x80)) ahigh++;
-			if (!(*abits & 0x40)) ahigh++;
-			if (!(*abits & 0x20)) ahigh++;
-			if (!(*abits & 0x10)) ahigh++;
-			if (!(*abits & 0x08)) ahigh++;
-			if (!(*abits & 0x04)) ahigh++;
-			if (!(*abits & 0x02)) ahigh++;
-			}
-		if (*bbits)
-			{
-			if (blow == (unsigned int)-1)
-				{
-				blow = i * 8;
-				if (!(*bbits & 0x01)) blow++;
-				if (!(*bbits & 0x02)) blow++;
-				if (!(*bbits & 0x04)) blow++;
-				if (!(*bbits & 0x08)) blow++;
-				if (!(*bbits & 0x10)) blow++;
-				if (!(*bbits & 0x20)) blow++;
-				if (!(*bbits & 0x40)) blow++;
-				}
-			bhigh = i * 8 + 7;
-			if (!(*bbits & 0x80)) bhigh++;
-			if (!(*bbits & 0x40)) bhigh++;
-			if (!(*bbits & 0x20)) bhigh++;
-			if (!(*bbits & 0x10)) bhigh++;
-			if (!(*bbits & 0x08)) bhigh++;
-			if (!(*bbits & 0x04)) bhigh++;
-			if (!(*bbits & 0x02)) bhigh++;
-			}
-		}
-	if (ahigh + alow < bhigh + blow) res = -1;
-	if (ahigh + alow > bhigh + blow) res = 1;
-	if (alowp) *alowp = alow;
-	if (ahighp) *ahighp = ahigh;
-	if (blowp) *blowp = blow;
-	if (bhighp) *bhighp = bhigh;
-	return res;
-	}
-
-int STORE_ATTR_INFO_compare(const STORE_ATTR_INFO * const *a,
-			    const STORE_ATTR_INFO * const *b)
-	{
-	if (a == b) return 0;
-	if (!a) return -1;
-	if (!b) return 1;
-	return attr_info_compare_compute_range((*a)->set, (*b)->set, 0, 0, 0, 0);
-	}
-
-int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
-	{
-	unsigned int alow, ahigh, blow, bhigh;
-
-	if (a == b) return 1;
-	if (!a) return 0;
-	if (!b) return 0;
-	attr_info_compare_compute_range(a->set, b->set,
-		&alow, &ahigh, &blow, &bhigh);
-	if (alow >= blow && ahigh <= bhigh)
-		return 1;
-	return 0;
-	}
-
-int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
-	{
-	unsigned char *abits, *bbits;
-	int i;
-
-	if (a == b) return 1;
-	if (!a) return 0;
-	if (!b) return 0;
-	abits = a->set;
-	bbits = b->set;
-	for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)
-		{
-		if (*abits && (*bbits & *abits) != *abits)
-			return 0;
-		}
-	return 1;
-	}
-
-int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
-	{
-	STORE_ATTR_TYPES i;
-
-	if (a == b) return 1;
-	if (!STORE_ATTR_INFO_in(a, b)) return 0;
-	for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
-		if (ATTR_IS_SET(a, i))
-			{
-			switch(i)
-				{
-			case STORE_ATTR_FRIENDLYNAME:
-			case STORE_ATTR_EMAIL:
-			case STORE_ATTR_FILENAME:
-				if (strcmp(a->values[i].cstring,
-					    b->values[i].cstring))
-					return 0;
-				break;
-			case STORE_ATTR_KEYID:
-			case STORE_ATTR_ISSUERKEYID:
-			case STORE_ATTR_SUBJECTKEYID:
-			case STORE_ATTR_ISSUERSERIALHASH:
-			case STORE_ATTR_CERTHASH:
-				if (memcmp(a->values[i].sha1string,
-					    b->values[i].sha1string,
-					    a->value_sizes[i]))
-					return 0;
-				break;
-			case STORE_ATTR_ISSUER:
-			case STORE_ATTR_SUBJECT:
-				if (X509_NAME_cmp(a->values[i].dn,
-					    b->values[i].dn))
-					return 0;
-				break;
-			case STORE_ATTR_SERIAL:
-				if (BN_cmp(a->values[i].number,
-					    b->values[i].number))
-					return 0;
-				break;
-			default:
-				break;
-				}
-			}
-
-	return 1;
-	}
diff --git a/crypto/store/str_locl.h b/crypto/store/str_locl.h
deleted file mode 100644
index 3f8cb75619..0000000000
--- a/crypto/store/str_locl.h
+++ /dev/null
@@ -1,124 +0,0 @@
-/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_STORE_LOCL_H
-#define HEADER_STORE_LOCL_H
-
-#include <openssl/crypto.h>
-#include <openssl/store.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-struct store_method_st
-	{
-	char *name;
-
-	/* All the functions return a positive integer or non-NULL for success
-	   and 0, a negative integer or NULL for failure */
-
-	/* Initialise the STORE with private data */
-	STORE_INITIALISE_FUNC_PTR init;
-	/* Initialise the STORE with private data */
-	STORE_CLEANUP_FUNC_PTR clean;
-	/* Generate an object of a given type */
-	STORE_GENERATE_OBJECT_FUNC_PTR generate_object;
-	/* Get an object of a given type.  This function isn't really very
-	   useful since the listing functions (below) can be used for the
-	   same purpose and are much more general. */
-	STORE_GET_OBJECT_FUNC_PTR get_object;
-	/* Store an object of a given type. */
-	STORE_STORE_OBJECT_FUNC_PTR store_object;
-	/* Modify the attributes bound to an object of a given type. */
-	STORE_MODIFY_OBJECT_FUNC_PTR modify_object;
-	/* Revoke an object of a given type. */
-	STORE_HANDLE_OBJECT_FUNC_PTR revoke_object;
-	/* Delete an object of a given type. */
-	STORE_HANDLE_OBJECT_FUNC_PTR delete_object;
-	/* List a bunch of objects of a given type and with the associated
-	   attributes. */
-	STORE_START_OBJECT_FUNC_PTR list_object_start;
-	STORE_NEXT_OBJECT_FUNC_PTR list_object_next;
-	STORE_END_OBJECT_FUNC_PTR list_object_end;
-	STORE_END_OBJECT_FUNC_PTR list_object_endp;
-	/* Store-level function to make any necessary update operations. */
-	STORE_GENERIC_FUNC_PTR update_store;
-	/* Store-level function to get exclusive access to the store. */
-	STORE_GENERIC_FUNC_PTR lock_store;
-	/* Store-level function to release exclusive access to the store. */
-	STORE_GENERIC_FUNC_PTR unlock_store;
-
-	/* Generic control function */
-	STORE_CTRL_FUNC_PTR ctrl;
-	};
-
-struct store_st
-	{
-	const STORE_METHOD *meth;
-	/* functional reference if 'meth' is ENGINE-provided */
-	ENGINE *engine;
-
-	CRYPTO_EX_DATA ex_data;
-	int references;
-	};
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c
deleted file mode 100644
index 8ac4f7e55c..0000000000
--- a/crypto/store/str_mem.c
+++ /dev/null
@@ -1,365 +0,0 @@
-/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/err.h>
-#include "str_locl.h"
-
-/* The memory store is currently highly experimental.  It's meant to become
-   a base store used by other stores for internal caching (for full caching
-   support, aging needs to be added).
-
-   The database use is meant to support as much attribute association as
-   possible, while providing for as small search ranges as possible.
-   This is currently provided for by sorting the entries by numbers that
-   are composed of bits set at the positions indicated by attribute type
-   codes.  This provides for ranges determined by the highest attribute
-   type code value.  A better idea might be to sort by values computed
-   from the range of attributes associated with the object (basically,
-   the difference between the highest and lowest attribute type code)
-   and it's distance from a base (basically, the lowest associated
-   attribute type code).
-*/
-
-typedef struct mem_object_data_st
-	{
-	STORE_OBJECT *object;
-	STORE_ATTR_INFO *attr_info;
-	int references;
-	} MEM_OBJECT_DATA;
-
-DECLARE_STACK_OF(MEM_OBJECT_DATA)
-struct mem_data_st
-	{
-	STACK_OF(MEM_OBJECT_DATA) *data; /* sorted with
-					  * STORE_ATTR_INFO_compare(). */
-	unsigned int compute_components : 1; /* Currently unused, but can
-						be used to add attributes
-						from parts of the data. */
-	};
-
-DECLARE_STACK_OF(STORE_ATTR_INFO)
-struct mem_ctx_st
-	{
-	int type;		/* The type we're searching for */
-	STACK_OF(STORE_ATTR_INFO) *search_attributes; /* Sets of
-				     attributes to search for.  Each
-				     element is a STORE_ATTR_INFO. */
-	int search_index;	/* which of the search attributes we
-				   found a match for, -1 when we still
-				   haven't found any */
-	int index;		/* -1 as long as we're searching for
-                                    the first */
-	};
-
-static int mem_init(STORE *s);
-static void mem_clean(STORE *s);
-static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
-	STORE_OBJECT *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
-	OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],
-	OPENSSL_ITEM parameters[]);
-static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-static STORE_OBJECT *mem_list_next(STORE *s, void *handle);
-static int mem_list_end(STORE *s, void *handle);
-static int mem_list_endp(STORE *s, void *handle);
-static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void));
-
-static STORE_METHOD store_memory =
-	{
-	"OpenSSL memory store interface",
-	mem_init,
-	mem_clean,
-	mem_generate,
-	mem_get,
-	mem_store,
-	mem_modify,
-	NULL, /* revoke */
-	mem_delete,
-	mem_list_start,
-	mem_list_next,
-	mem_list_end,
-	mem_list_endp,
-	NULL, /* update */
-	mem_lock,
-	mem_unlock,
-	mem_ctrl
-	};
-
-const STORE_METHOD *STORE_Memory(void)
-	{
-	return &store_memory;
-	}
-
-static int mem_init(STORE *s)
-	{
-	return 1;
-	}
-
-static void mem_clean(STORE *s)
-	{
-	return;
-	}
-
-static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
-	{
-	STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED);
-	return 0;
-	}
-static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
-	{
-	void *context = mem_list_start(s, type, attributes, parameters);
-	
-	if (context)
-		{
-		STORE_OBJECT *object = mem_list_next(s, context);
-
-		if (mem_list_end(s, context))
-			return object;
-		}
-	return NULL;
-	}
-static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
-	STORE_OBJECT *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);
-	return 0;
-	}
-static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
-	OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED);
-	return 0;
-	}
-static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
-	{
-	STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED);
-	return 0;
-	}
-
-/* The list functions may be the hardest to understand.  Basically,
-   mem_list_start compiles a stack of attribute info elements, and
-   puts that stack into the context to be returned.  mem_list_next
-   will then find the first matching element in the store, and then
-   walk all the way to the end of the store (since any combination
-   of attribute bits above the starting point may match the searched
-   for bit pattern...). */
-static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
-	{
-	struct mem_ctx_st *context =
-		(struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st));
-	void *attribute_context = NULL;
-	STORE_ATTR_INFO *attrs = NULL;
-
-	if (!context)
-		{
-		STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	memset(context, 0, sizeof(struct mem_ctx_st));
-
-	attribute_context = STORE_parse_attrs_start(attributes);
-	if (!attribute_context)
-		{
-		STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB);
-		goto err;
-		}
-
-	while((attrs = STORE_parse_attrs_next(attribute_context)))
-		{
-		if (context->search_attributes == NULL)
-			{
-			context->search_attributes =
-				sk_STORE_ATTR_INFO_new(STORE_ATTR_INFO_compare);
-			if (!context->search_attributes)
-				{
-				STOREerr(STORE_F_MEM_LIST_START,
-					ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			}
-		sk_STORE_ATTR_INFO_push(context->search_attributes,attrs);
-		}
-	if (!STORE_parse_attrs_endp(attribute_context))
-		goto err;
-	STORE_parse_attrs_end(attribute_context);
-	context->search_index = -1;
-	context->index = -1;
-	return context;
- err:
-	if (attribute_context) STORE_parse_attrs_end(attribute_context);
-	mem_list_end(s, context);
-	return NULL;
-	}
-static STORE_OBJECT *mem_list_next(STORE *s, void *handle)
-	{
-	int i;
-	struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
-	struct mem_object_data_st key = { 0, 0, 1 };
-	struct mem_data_st *store =
-		(struct mem_data_st *)STORE_get_ex_data(s, 1);
-	int srch;
-	int cres = 0;
-
-	if (!context)
-		{
-		STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (!store)
-		{
-		STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE);
-		return NULL;
-		}
-
-	if (context->search_index == -1)
-		{
-		for (i = 0;
-		     i < sk_STORE_ATTR_INFO_num(context->search_attributes);
-		     i++)
-			{
-			key.attr_info
-			  = sk_STORE_ATTR_INFO_value(context->search_attributes,
-						     i);
-			srch = sk_MEM_OBJECT_DATA_find_ex(store->data, &key);
-
-			if (srch >= 0)
-				{
-				context->search_index = srch;
-				break;
-				}
-			}
-		}
-	if (context->search_index < 0)
-		return NULL;
-	
-	key.attr_info =
-		sk_STORE_ATTR_INFO_value(context->search_attributes,
-					 context->search_index);
-	for(srch = context->search_index;
-	    srch < sk_MEM_OBJECT_DATA_num(store->data)
-		    && STORE_ATTR_INFO_in_range(key.attr_info,
-			    sk_MEM_OBJECT_DATA_value(store->data, srch)->attr_info)
-		    && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info,
-				 sk_MEM_OBJECT_DATA_value(store->data, srch)->attr_info));
-	    srch++)
-		;
-
-	context->search_index = srch;
-	if (cres)
-		return (sk_MEM_OBJECT_DATA_value(store->data, srch))->object;
-	return NULL;
-	}
-static int mem_list_end(STORE *s, void *handle)
-	{
-	struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
-
-	if (!context)
-		{
-		STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (context && context->search_attributes)
-		sk_STORE_ATTR_INFO_free(context->search_attributes);
-	if (context) OPENSSL_free(context);
-	return 1;
-	}
-static int mem_list_endp(STORE *s, void *handle)
-	{
-	struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
-
-	if (!context
-	    || context->search_index
-	       == sk_STORE_ATTR_INFO_num(context->search_attributes))
-		return 1;
-	return 0;
-	}
-static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	return 1;
-	}
-static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	return 1;
-	}
-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void))
-	{
-	return 1;
-	}
diff --git a/crypto/store/str_meth.c b/crypto/store/str_meth.c
deleted file mode 100644
index a46de03a26..0000000000
--- a/crypto/store/str_meth.c
+++ /dev/null
@@ -1,250 +0,0 @@
-/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/buffer.h>
-#include "str_locl.h"
-
-STORE_METHOD *STORE_create_method(char *name)
-	{
-	STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));
-
-	if (store_method)
-		{
-		memset(store_method, 0, sizeof(*store_method));
-		store_method->name = BUF_strdup(name);
-		}
-	return store_method;
-	}
-
-/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method
-   (that is, it hasn't been allocated using STORE_create_method(), you deserve
-   anything Murphy can throw at you and more!  You have been warned. */
-void STORE_destroy_method(STORE_METHOD *store_method)
-	{
-	if (!store_method) return;
-	OPENSSL_free(store_method->name);
-	store_method->name = NULL;
-	OPENSSL_free(store_method);
-	}
-
-int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f)
-	{
-	sm->init = init_f;
-	return 1;
-	}
-
-int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f)
-	{
-	sm->clean = clean_f;
-	return 1;
-	}
-
-int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f)
-	{
-	sm->generate_object = generate_f;
-	return 1;
-	}
-
-int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f)
-	{
-	sm->get_object = get_f;
-	return 1;
-	}
-
-int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f)
-	{
-	sm->store_object = store_f;
-	return 1;
-	}
-
-int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR modify_f)
-	{
-	sm->modify_object = modify_f;
-	return 1;
-	}
-
-int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f)
-	{
-	sm->revoke_object = revoke_f;
-	return 1;
-	}
-
-int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f)
-	{
-	sm->delete_object = delete_f;
-	return 1;
-	}
-
-int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f)
-	{
-	sm->list_object_start = list_start_f;
-	return 1;
-	}
-
-int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f)
-	{
-	sm->list_object_next = list_next_f;
-	return 1;
-	}
-
-int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f)
-	{
-	sm->list_object_end = list_end_f;
-	return 1;
-	}
-
-int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f)
-	{
-	sm->update_store = update_f;
-	return 1;
-	}
-
-int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f)
-	{
-	sm->lock_store = lock_f;
-	return 1;
-	}
-
-int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f)
-	{
-	sm->unlock_store = unlock_f;
-	return 1;
-	}
-
-int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f)
-	{
-	sm->ctrl = ctrl_f;
-	return 1;
-	}
-
-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm)
-	{
-	return sm->init;
-	}
-
-STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm)
-	{
-	return sm->clean;
-	}
-
-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm)
-	{
-	return sm->generate_object;
-	}
-
-STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm)
-	{
-	return sm->get_object;
-	}
-
-STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm)
-	{
-	return sm->store_object;
-	}
-
-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm)
-	{
-	return sm->modify_object;
-	}
-
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm)
-	{
-	return sm->revoke_object;
-	}
-
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm)
-	{
-	return sm->delete_object;
-	}
-
-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm)
-	{
-	return sm->list_object_start;
-	}
-
-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm)
-	{
-	return sm->list_object_next;
-	}
-
-STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm)
-	{
-	return sm->list_object_end;
-	}
-
-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm)
-	{
-	return sm->update_store;
-	}
-
-STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm)
-	{
-	return sm->lock_store;
-	}
-
-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm)
-	{
-	return sm->unlock_store;
-	}
-
-STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm)
-	{
-	return sm->ctrl;
-	}
-
diff --git a/crypto/symhacks.h b/crypto/symhacks.h
deleted file mode 100644
index bd2f000d59..0000000000
--- a/crypto/symhacks.h
+++ /dev/null
@@ -1,481 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SYMHACKS_H
-#define HEADER_SYMHACKS_H
-
-#include <openssl/e_os2.h>
-
-/* Hacks to solve the problem with linkers incapable of handling very long
-   symbol names.  In the case of VMS, the limit is 31 characters on VMS for
-   VAX. */
-/* Note that this affects util/libeay.num and util/ssleay.num...  you may
-   change those manually, but that's not recommended, as those files are
-   controlled centrally and updated on Unix, and the central definition
-   may disagree with yours, which in turn may come with shareable library
-   incompatibilities. */
-#ifdef OPENSSL_SYS_VMS
-
-/* Hack a long name in crypto/ex_data.c */
-#undef CRYPTO_get_ex_data_implementation
-#define CRYPTO_get_ex_data_implementation	CRYPTO_get_ex_data_impl
-#undef CRYPTO_set_ex_data_implementation
-#define CRYPTO_set_ex_data_implementation	CRYPTO_set_ex_data_impl
-
-/* Hack a long name in crypto/asn1/a_mbstr.c */
-#undef ASN1_STRING_set_default_mask_asc
-#define ASN1_STRING_set_default_mask_asc	ASN1_STRING_set_def_mask_asc
-
-#if 0 /* No longer needed, since safestack macro magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
-#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO	i2d_ASN1_SET_OF_PKCS7_SIGINF
-#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO
-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO	d2i_ASN1_SET_OF_PKCS7_SIGINF
-#endif
-
-#if 0 /* No longer needed, since safestack macro magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
-#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO	i2d_ASN1_SET_OF_PKCS7_RECINF
-#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO
-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO	d2i_ASN1_SET_OF_PKCS7_RECINF
-#endif
-
-#if 0 /* No longer needed, since safestack macro magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
-#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION	i2d_ASN1_SET_OF_ACC_DESC
-#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION
-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION	d2i_ASN1_SET_OF_ACC_DESC
-#endif
-
-/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
-#undef PEM_read_NETSCAPE_CERT_SEQUENCE
-#define PEM_read_NETSCAPE_CERT_SEQUENCE		PEM_read_NS_CERT_SEQ
-#undef PEM_write_NETSCAPE_CERT_SEQUENCE
-#define PEM_write_NETSCAPE_CERT_SEQUENCE	PEM_write_NS_CERT_SEQ
-#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE
-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE	PEM_read_bio_NS_CERT_SEQ
-#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE
-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_bio_NS_CERT_SEQ
-#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE
-#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_cb_bio_NS_CERT_SEQ
-
-/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */
-#undef PEM_read_PKCS8_PRIV_KEY_INFO
-#define PEM_read_PKCS8_PRIV_KEY_INFO		PEM_read_P8_PRIV_KEY_INFO
-#undef PEM_write_PKCS8_PRIV_KEY_INFO
-#define PEM_write_PKCS8_PRIV_KEY_INFO		PEM_write_P8_PRIV_KEY_INFO
-#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO
-#define PEM_read_bio_PKCS8_PRIV_KEY_INFO	PEM_read_bio_P8_PRIV_KEY_INFO
-#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO
-#define PEM_write_bio_PKCS8_PRIV_KEY_INFO	PEM_write_bio_P8_PRIV_KEY_INFO
-#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO
-#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO	PEM_wrt_cb_bio_P8_PRIV_KEY_INFO
-
-/* Hack other PEM names */
-#undef PEM_write_bio_PKCS8PrivateKey_nid
-#define PEM_write_bio_PKCS8PrivateKey_nid	PEM_write_bio_PKCS8PrivKey_nid
-
-/* Hack some long X509 names */
-#undef X509_REVOKED_get_ext_by_critical
-#define X509_REVOKED_get_ext_by_critical	X509_REVOKED_get_ext_by_critic
-#undef X509_policy_tree_get0_user_policies
-#define X509_policy_tree_get0_user_policies	X509_pcy_tree_get0_usr_policies
-#undef X509_policy_node_get0_qualifiers
-#define X509_policy_node_get0_qualifiers	X509_pcy_node_get0_qualifiers
-#undef X509_STORE_CTX_get_explicit_policy
-#define X509_STORE_CTX_get_explicit_policy	X509_STORE_CTX_get_expl_policy
-#undef X509_STORE_CTX_get0_current_issuer
-#define X509_STORE_CTX_get0_current_issuer	X509_STORE_CTX_get0_cur_issuer
-
-/* Hack some long CRYPTO names */
-#undef CRYPTO_set_dynlock_destroy_callback
-#define CRYPTO_set_dynlock_destroy_callback     CRYPTO_set_dynlock_destroy_cb
-#undef CRYPTO_set_dynlock_create_callback
-#define CRYPTO_set_dynlock_create_callback      CRYPTO_set_dynlock_create_cb
-#undef CRYPTO_set_dynlock_lock_callback
-#define CRYPTO_set_dynlock_lock_callback	CRYPTO_set_dynlock_lock_cb
-#undef CRYPTO_get_dynlock_lock_callback
-#define CRYPTO_get_dynlock_lock_callback	CRYPTO_get_dynlock_lock_cb
-#undef CRYPTO_get_dynlock_destroy_callback
-#define CRYPTO_get_dynlock_destroy_callback     CRYPTO_get_dynlock_destroy_cb
-#undef CRYPTO_get_dynlock_create_callback
-#define CRYPTO_get_dynlock_create_callback      CRYPTO_get_dynlock_create_cb
-#undef CRYPTO_set_locked_mem_ex_functions
-#define CRYPTO_set_locked_mem_ex_functions      CRYPTO_set_locked_mem_ex_funcs
-#undef CRYPTO_get_locked_mem_ex_functions
-#define CRYPTO_get_locked_mem_ex_functions      CRYPTO_get_locked_mem_ex_funcs
-
-/* Hack some long SSL names */
-#undef SSL_CTX_set_default_verify_paths
-#define SSL_CTX_set_default_verify_paths	SSL_CTX_set_def_verify_paths
-#undef SSL_get_ex_data_X509_STORE_CTX_idx
-#define SSL_get_ex_data_X509_STORE_CTX_idx      SSL_get_ex_d_X509_STORE_CTX_idx
-#undef SSL_add_file_cert_subjects_to_stack
-#define SSL_add_file_cert_subjects_to_stack     SSL_add_file_cert_subjs_to_stk
-#undef SSL_add_dir_cert_subjects_to_stack
-#define SSL_add_dir_cert_subjects_to_stack      SSL_add_dir_cert_subjs_to_stk
-#undef SSL_CTX_use_certificate_chain_file
-#define SSL_CTX_use_certificate_chain_file      SSL_CTX_use_cert_chain_file
-#undef SSL_CTX_set_cert_verify_callback
-#define SSL_CTX_set_cert_verify_callback	SSL_CTX_set_cert_verify_cb
-#undef SSL_CTX_set_default_passwd_cb_userdata
-#define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
-#undef SSL_COMP_get_compression_methods
-#define SSL_COMP_get_compression_methods	SSL_COMP_get_compress_methods
-#undef ssl_add_clienthello_renegotiate_ext
-#define ssl_add_clienthello_renegotiate_ext	ssl_add_clienthello_reneg_ext
-#undef ssl_add_serverhello_renegotiate_ext
-#define ssl_add_serverhello_renegotiate_ext	ssl_add_serverhello_reneg_ext
-#undef ssl_parse_clienthello_renegotiate_ext
-#define ssl_parse_clienthello_renegotiate_ext	ssl_parse_clienthello_reneg_ext
-#undef ssl_parse_serverhello_renegotiate_ext
-#define ssl_parse_serverhello_renegotiate_ext	ssl_parse_serverhello_reneg_ext
-#undef SSL_srp_server_param_with_username
-#define SSL_srp_server_param_with_username	SSL_srp_server_param_with_un
-#undef SSL_CTX_set_srp_client_pwd_callback
-#define SSL_CTX_set_srp_client_pwd_callback	SSL_CTX_set_srp_client_pwd_cb
-#undef SSL_CTX_set_srp_verify_param_callback
-#define SSL_CTX_set_srp_verify_param_callback	SSL_CTX_set_srp_vfy_param_cb
-#undef SSL_CTX_set_srp_username_callback
-#define SSL_CTX_set_srp_username_callback	SSL_CTX_set_srp_un_cb
-#undef ssl_add_clienthello_use_srtp_ext
-#define ssl_add_clienthello_use_srtp_ext	ssl_add_clihello_use_srtp_ext
-#undef ssl_add_serverhello_use_srtp_ext
-#define ssl_add_serverhello_use_srtp_ext	ssl_add_serhello_use_srtp_ext
-#undef ssl_parse_clienthello_use_srtp_ext
-#define ssl_parse_clienthello_use_srtp_ext	ssl_parse_clihello_use_srtp_ext
-#undef ssl_parse_serverhello_use_srtp_ext
-#define ssl_parse_serverhello_use_srtp_ext	ssl_parse_serhello_use_srtp_ext
-#undef SSL_CTX_set_next_protos_advertised_cb
-#define SSL_CTX_set_next_protos_advertised_cb	SSL_CTX_set_next_protos_adv_cb
-#undef SSL_CTX_set_next_proto_select_cb
-#define SSL_CTX_set_next_proto_select_cb	SSL_CTX_set_next_proto_sel_cb
-#undef ssl3_cbc_record_digest_supported
-#define ssl3_cbc_record_digest_supported        ssl3_cbc_record_digest_support
-#undef ssl_check_clienthello_tlsext_late
-#define ssl_check_clienthello_tlsext_late       ssl_check_clihello_tlsext_late
-#undef ssl_check_clienthello_tlsext_early
-#define ssl_check_clienthello_tlsext_early      ssl_check_clihello_tlsext_early
-
-/* Hack some long ENGINE names */
-#undef ENGINE_get_default_BN_mod_exp_crt
-#define ENGINE_get_default_BN_mod_exp_crt	ENGINE_get_def_BN_mod_exp_crt
-#undef ENGINE_set_default_BN_mod_exp_crt
-#define ENGINE_set_default_BN_mod_exp_crt	ENGINE_set_def_BN_mod_exp_crt
-#undef ENGINE_set_load_privkey_function
-#define ENGINE_set_load_privkey_function	ENGINE_set_load_privkey_fn
-#undef ENGINE_get_load_privkey_function
-#define ENGINE_get_load_privkey_function	ENGINE_get_load_privkey_fn
-#undef ENGINE_unregister_pkey_asn1_meths
-#define ENGINE_unregister_pkey_asn1_meths	ENGINE_unreg_pkey_asn1_meths
-#undef ENGINE_register_all_pkey_asn1_meths
-#define ENGINE_register_all_pkey_asn1_meths	ENGINE_reg_all_pkey_asn1_meths
-#undef ENGINE_set_default_pkey_asn1_meths
-#define ENGINE_set_default_pkey_asn1_meths	ENGINE_set_def_pkey_asn1_meths
-#undef ENGINE_get_pkey_asn1_meth_engine
-#define ENGINE_get_pkey_asn1_meth_engine	ENGINE_get_pkey_asn1_meth_eng
-#undef ENGINE_set_load_ssl_client_cert_function
-#define ENGINE_set_load_ssl_client_cert_function \
-						ENGINE_set_ld_ssl_clnt_cert_fn
-#undef ENGINE_get_ssl_client_cert_function
-#define ENGINE_get_ssl_client_cert_function	ENGINE_get_ssl_client_cert_fn
-
-/* Hack some long OCSP names */
-#undef OCSP_REQUEST_get_ext_by_critical
-#define OCSP_REQUEST_get_ext_by_critical	OCSP_REQUEST_get_ext_by_crit
-#undef OCSP_BASICRESP_get_ext_by_critical
-#define OCSP_BASICRESP_get_ext_by_critical      OCSP_BASICRESP_get_ext_by_crit
-#undef OCSP_SINGLERESP_get_ext_by_critical
-#define OCSP_SINGLERESP_get_ext_by_critical     OCSP_SINGLERESP_get_ext_by_crit
-
-/* Hack some long DES names */
-#undef _ossl_old_des_ede3_cfb64_encrypt
-#define _ossl_old_des_ede3_cfb64_encrypt	_ossl_odes_ede3_cfb64_encrypt
-#undef _ossl_old_des_ede3_ofb64_encrypt
-#define _ossl_old_des_ede3_ofb64_encrypt	_ossl_odes_ede3_ofb64_encrypt
-
-/* Hack some long EVP names */
-#undef OPENSSL_add_all_algorithms_noconf
-#define OPENSSL_add_all_algorithms_noconf	OPENSSL_add_all_algo_noconf
-#undef OPENSSL_add_all_algorithms_conf
-#define OPENSSL_add_all_algorithms_conf		OPENSSL_add_all_algo_conf
-#undef EVP_PKEY_meth_set_verify_recover
-#define EVP_PKEY_meth_set_verify_recover	EVP_PKEY_meth_set_vrfy_recover
-
-/* Hack some long EC names */
-#undef EC_GROUP_set_point_conversion_form
-#define EC_GROUP_set_point_conversion_form	EC_GROUP_set_point_conv_form
-#undef EC_GROUP_get_point_conversion_form
-#define EC_GROUP_get_point_conversion_form	EC_GROUP_get_point_conv_form
-#undef EC_GROUP_clear_free_all_extra_data
-#define EC_GROUP_clear_free_all_extra_data	EC_GROUP_clr_free_all_xtra_data
-#undef EC_KEY_set_public_key_affine_coordinates
-#define EC_KEY_set_public_key_affine_coordinates \
-						EC_KEY_set_pub_key_aff_coords
-#undef EC_POINT_set_Jprojective_coordinates_GFp
-#define EC_POINT_set_Jprojective_coordinates_GFp \
-                                                EC_POINT_set_Jproj_coords_GFp
-#undef EC_POINT_get_Jprojective_coordinates_GFp
-#define EC_POINT_get_Jprojective_coordinates_GFp \
-                                                EC_POINT_get_Jproj_coords_GFp
-#undef EC_POINT_set_affine_coordinates_GFp
-#define EC_POINT_set_affine_coordinates_GFp     EC_POINT_set_affine_coords_GFp
-#undef EC_POINT_get_affine_coordinates_GFp
-#define EC_POINT_get_affine_coordinates_GFp     EC_POINT_get_affine_coords_GFp
-#undef EC_POINT_set_compressed_coordinates_GFp
-#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp
-#undef EC_POINT_set_affine_coordinates_GF2m
-#define EC_POINT_set_affine_coordinates_GF2m    EC_POINT_set_affine_coords_GF2m
-#undef EC_POINT_get_affine_coordinates_GF2m
-#define EC_POINT_get_affine_coordinates_GF2m    EC_POINT_get_affine_coords_GF2m
-#undef EC_POINT_set_compressed_coordinates_GF2m
-#define EC_POINT_set_compressed_coordinates_GF2m \
-                                                EC_POINT_set_compr_coords_GF2m
-#undef ec_GF2m_simple_group_clear_finish
-#define ec_GF2m_simple_group_clear_finish	ec_GF2m_simple_grp_clr_finish
-#undef ec_GF2m_simple_group_check_discriminant
-#define ec_GF2m_simple_group_check_discriminant	ec_GF2m_simple_grp_chk_discrim
-#undef ec_GF2m_simple_point_clear_finish
-#define ec_GF2m_simple_point_clear_finish	ec_GF2m_simple_pt_clr_finish
-#undef ec_GF2m_simple_point_set_to_infinity
-#define ec_GF2m_simple_point_set_to_infinity	ec_GF2m_simple_pt_set_to_inf
-#undef ec_GF2m_simple_points_make_affine
-#define ec_GF2m_simple_points_make_affine	ec_GF2m_simple_pts_make_affine
-#undef ec_GF2m_simple_point_set_affine_coordinates
-#define ec_GF2m_simple_point_set_affine_coordinates \
-                                                ec_GF2m_smp_pt_set_af_coords
-#undef ec_GF2m_simple_point_get_affine_coordinates
-#define ec_GF2m_simple_point_get_affine_coordinates \
-                                                ec_GF2m_smp_pt_get_af_coords
-#undef ec_GF2m_simple_set_compressed_coordinates
-#define ec_GF2m_simple_set_compressed_coordinates \
-                                                ec_GF2m_smp_set_compr_coords
-#undef ec_GFp_simple_group_set_curve_GFp
-#define ec_GFp_simple_group_set_curve_GFp       ec_GFp_simple_grp_set_curve_GFp
-#undef ec_GFp_simple_group_get_curve_GFp
-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
-#undef ec_GFp_simple_group_clear_finish
-#define ec_GFp_simple_group_clear_finish	ec_GFp_simple_grp_clear_finish
-#undef ec_GFp_simple_group_set_generator
-#define ec_GFp_simple_group_set_generator       ec_GFp_simple_grp_set_generator
-#undef ec_GFp_simple_group_get0_generator
-#define ec_GFp_simple_group_get0_generator      ec_GFp_simple_grp_gt0_generator
-#undef ec_GFp_simple_group_get_cofactor
-#define ec_GFp_simple_group_get_cofactor	ec_GFp_simple_grp_get_cofactor
-#undef ec_GFp_simple_point_clear_finish
-#define ec_GFp_simple_point_clear_finish	ec_GFp_simple_pt_clear_finish
-#undef ec_GFp_simple_point_set_to_infinity
-#define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
-#undef ec_GFp_simple_points_make_affine
-#define ec_GFp_simple_points_make_affine	ec_GFp_simple_pts_make_affine
-#undef ec_GFp_simple_set_Jprojective_coordinates_GFp
-#define ec_GFp_simple_set_Jprojective_coordinates_GFp \
-                                                ec_GFp_smp_set_Jproj_coords_GFp
-#undef ec_GFp_simple_get_Jprojective_coordinates_GFp
-#define ec_GFp_simple_get_Jprojective_coordinates_GFp \
-                                                ec_GFp_smp_get_Jproj_coords_GFp
-#undef ec_GFp_simple_point_set_affine_coordinates_GFp
-#define ec_GFp_simple_point_set_affine_coordinates_GFp \
-                                                ec_GFp_smp_pt_set_af_coords_GFp
-#undef ec_GFp_simple_point_get_affine_coordinates_GFp
-#define ec_GFp_simple_point_get_affine_coordinates_GFp \
-                                                ec_GFp_smp_pt_get_af_coords_GFp
-#undef ec_GFp_simple_set_compressed_coordinates_GFp
-#define ec_GFp_simple_set_compressed_coordinates_GFp \
-                                                ec_GFp_smp_set_compr_coords_GFp
-#undef ec_GFp_simple_point_set_affine_coordinates
-#define ec_GFp_simple_point_set_affine_coordinates \
-                                                ec_GFp_smp_pt_set_af_coords
-#undef ec_GFp_simple_point_get_affine_coordinates
-#define ec_GFp_simple_point_get_affine_coordinates \
-                                                ec_GFp_smp_pt_get_af_coords
-#undef ec_GFp_simple_set_compressed_coordinates
-#define ec_GFp_simple_set_compressed_coordinates \
-                                                ec_GFp_smp_set_compr_coords
-#undef ec_GFp_simple_group_check_discriminant
-#define ec_GFp_simple_group_check_discriminant	ec_GFp_simple_grp_chk_discrim
-
-/* Hack som long STORE names */
-#undef STORE_method_set_initialise_function
-#define STORE_method_set_initialise_function	STORE_meth_set_initialise_fn
-#undef STORE_method_set_cleanup_function
-#define STORE_method_set_cleanup_function	STORE_meth_set_cleanup_fn
-#undef STORE_method_set_generate_function
-#define STORE_method_set_generate_function	STORE_meth_set_generate_fn
-#undef STORE_method_set_modify_function
-#define STORE_method_set_modify_function	STORE_meth_set_modify_fn
-#undef STORE_method_set_revoke_function
-#define STORE_method_set_revoke_function	STORE_meth_set_revoke_fn
-#undef STORE_method_set_delete_function
-#define STORE_method_set_delete_function	STORE_meth_set_delete_fn
-#undef STORE_method_set_list_start_function
-#define STORE_method_set_list_start_function	STORE_meth_set_list_start_fn
-#undef STORE_method_set_list_next_function
-#define STORE_method_set_list_next_function	STORE_meth_set_list_next_fn
-#undef STORE_method_set_list_end_function
-#define STORE_method_set_list_end_function	STORE_meth_set_list_end_fn
-#undef STORE_method_set_update_store_function
-#define STORE_method_set_update_store_function	STORE_meth_set_update_store_fn
-#undef STORE_method_set_lock_store_function
-#define STORE_method_set_lock_store_function	STORE_meth_set_lock_store_fn
-#undef STORE_method_set_unlock_store_function
-#define STORE_method_set_unlock_store_function	STORE_meth_set_unlock_store_fn
-#undef STORE_method_get_initialise_function
-#define STORE_method_get_initialise_function	STORE_meth_get_initialise_fn
-#undef STORE_method_get_cleanup_function
-#define STORE_method_get_cleanup_function	STORE_meth_get_cleanup_fn
-#undef STORE_method_get_generate_function
-#define STORE_method_get_generate_function	STORE_meth_get_generate_fn
-#undef STORE_method_get_modify_function
-#define STORE_method_get_modify_function	STORE_meth_get_modify_fn
-#undef STORE_method_get_revoke_function
-#define STORE_method_get_revoke_function	STORE_meth_get_revoke_fn
-#undef STORE_method_get_delete_function
-#define STORE_method_get_delete_function	STORE_meth_get_delete_fn
-#undef STORE_method_get_list_start_function
-#define STORE_method_get_list_start_function	STORE_meth_get_list_start_fn
-#undef STORE_method_get_list_next_function
-#define STORE_method_get_list_next_function	STORE_meth_get_list_next_fn
-#undef STORE_method_get_list_end_function
-#define STORE_method_get_list_end_function	STORE_meth_get_list_end_fn
-#undef STORE_method_get_update_store_function
-#define STORE_method_get_update_store_function	STORE_meth_get_update_store_fn
-#undef STORE_method_get_lock_store_function
-#define STORE_method_get_lock_store_function	STORE_meth_get_lock_store_fn
-#undef STORE_method_get_unlock_store_function
-#define STORE_method_get_unlock_store_function	STORE_meth_get_unlock_store_fn
-
-/* Hack some long TS names */
-#undef TS_RESP_CTX_set_status_info_cond
-#define TS_RESP_CTX_set_status_info_cond	TS_RESP_CTX_set_stat_info_cond
-#undef TS_RESP_CTX_set_clock_precision_digits
-#define TS_RESP_CTX_set_clock_precision_digits	TS_RESP_CTX_set_clk_prec_digits
-#undef TS_CONF_set_clock_precision_digits
-#define TS_CONF_set_clock_precision_digits	TS_CONF_set_clk_prec_digits
-
-/* Hack some long CMS names */
-#undef CMS_RecipientInfo_ktri_get0_algs
-#define CMS_RecipientInfo_ktri_get0_algs	CMS_RecipInfo_ktri_get0_algs
-#undef CMS_RecipientInfo_ktri_get0_signer_id
-#define CMS_RecipientInfo_ktri_get0_signer_id	CMS_RecipInfo_ktri_get0_sigr_id
-#undef CMS_OtherRevocationInfoFormat_it
-#define CMS_OtherRevocationInfoFormat_it	CMS_OtherRevocInfoFormat_it
-#undef CMS_KeyAgreeRecipientIdentifier_it
-#define CMS_KeyAgreeRecipientIdentifier_it	CMS_KeyAgreeRecipIdentifier_it
-#undef CMS_OriginatorIdentifierOrKey_it
-#define CMS_OriginatorIdentifierOrKey_it	CMS_OriginatorIdOrKey_it
-#undef cms_SignerIdentifier_get0_signer_id
-#define cms_SignerIdentifier_get0_signer_id	cms_SignerId_get0_signer_id
-
-/* Hack some long DTLS1 names */
-#undef dtls1_retransmit_buffered_messages
-#define dtls1_retransmit_buffered_messages	dtls1_retransmit_buffered_msgs
-
-/* Hack some long SRP names */
-#undef SRP_generate_server_master_secret
-#define SRP_generate_server_master_secret	SRP_gen_server_master_secret
-#undef SRP_generate_client_master_secret
-#define SRP_generate_client_master_secret	SRP_gen_client_master_secret
-
-/* Hack some long UI names */
-#undef UI_method_get_prompt_constructor
-#define UI_method_get_prompt_constructor	UI_method_get_prompt_constructr
-#undef UI_method_set_prompt_constructor
-#define UI_method_set_prompt_constructor	UI_method_set_prompt_constructr
-
-#endif /* defined OPENSSL_SYS_VMS */
-
-
-/* Case insensitive linking causes problems.... */
-#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
-#undef ERR_load_CRYPTO_strings
-#define ERR_load_CRYPTO_strings			ERR_load_CRYPTOlib_strings
-#undef OCSP_crlID_new
-#define OCSP_crlID_new				OCSP_crlID2_new
-
-#undef d2i_ECPARAMETERS
-#define d2i_ECPARAMETERS			d2i_UC_ECPARAMETERS
-#undef i2d_ECPARAMETERS
-#define i2d_ECPARAMETERS			i2d_UC_ECPARAMETERS
-#undef d2i_ECPKPARAMETERS
-#define d2i_ECPKPARAMETERS			d2i_UC_ECPKPARAMETERS
-#undef i2d_ECPKPARAMETERS
-#define i2d_ECPKPARAMETERS			i2d_UC_ECPKPARAMETERS
-
-/* These functions do not seem to exist!  However, I'm paranoid...
-   Original command in x509v3.h:
-   These functions are being redefined in another directory,
-   and clash when the linker is case-insensitive, so let's
-   hide them a little, by giving them an extra 'o' at the
-   beginning of the name... */
-#undef X509v3_cleanup_extensions
-#define X509v3_cleanup_extensions		oX509v3_cleanup_extensions
-#undef X509v3_add_extension
-#define X509v3_add_extension			oX509v3_add_extension
-#undef X509v3_add_netscape_extensions
-#define X509v3_add_netscape_extensions		oX509v3_add_netscape_extensions
-#undef X509v3_add_standard_extensions
-#define X509v3_add_standard_extensions		oX509v3_add_standard_extensions
-
-/* This one clashes with CMS_data_create */
-#undef cms_Data_create
-#define cms_Data_create				priv_cms_Data_create
-
-#endif
-
-
-#endif /* ! defined HEADER_VMS_IDHACKS_H */
diff --git a/crypto/threads/README b/crypto/threads/README
deleted file mode 100644
index df6b26e146..0000000000
--- a/crypto/threads/README
+++ /dev/null
@@ -1,14 +0,0 @@
-Mutithreading testing area.
-
-Since this stuff is very very platorm specific, this is not part of the
-normal build.  Have a read of doc/threads.doc.
-
-mttest will do some testing and will currently build under Windows NT/95,
-Solaris and Linux.  The IRIX stuff is not finished.
-
-I have tested this program on a 12 CPU ultra sparc box (solaris 2.5.1)
-and things seem to work ok.
-
-The Linux pthreads package can be retrieved from 
-http://www.mit.edu:8001/people/proven/pthreads.html
-
diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c
deleted file mode 100644
index eba7aa8a6e..0000000000
--- a/crypto/threads/mttest.c
+++ /dev/null
@@ -1,1310 +0,0 @@
-/* crypto/threads/mttest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#ifdef LINUX
-#include <typedefs.h>
-#endif
-#ifdef OPENSSL_SYS_WIN32
-#include <windows.h>
-#endif
-#ifdef SOLARIS
-#include <synch.h>
-#include <thread.h>
-#endif
-#ifdef IRIX
-#include <ulocks.h>
-#include <sys/prctl.h>
-#endif
-#ifdef PTHREADS
-#include <pthread.h>
-#endif
-#ifdef OPENSSL_SYS_NETWARE
-#if !defined __int64
-#  define __int64 long long
-#endif   
-#include <nwmpk.h>
-#endif
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include "../../e_os.h"
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-#ifdef OPENSSL_NO_FP_API
-#define APPS_WIN16
-#include "../buffer/bss_file.c"
-#endif
-
-#ifdef OPENSSL_SYS_NETWARE
-#define TEST_SERVER_CERT "/openssl/apps/server.pem"
-#define TEST_CLIENT_CERT "/openssl/apps/client.pem"
-#else
-#define TEST_SERVER_CERT "../../apps/server.pem"
-#define TEST_CLIENT_CERT "../../apps/client.pem"
-#endif
-
-#define MAX_THREAD_NUMBER	100
-
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *xs);
-void thread_setup(void);
-void thread_cleanup(void);
-void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
-
-void irix_locking_callback(int mode,int type,char *file,int line);
-void solaris_locking_callback(int mode,int type,char *file,int line);
-void win32_locking_callback(int mode,int type,char *file,int line);
-void pthreads_locking_callback(int mode,int type,char *file,int line);
-void netware_locking_callback(int mode,int type,char *file,int line);
-void beos_locking_callback(int mode,int type,const char *file,int line);
-
-unsigned long irix_thread_id(void );
-unsigned long solaris_thread_id(void );
-unsigned long pthreads_thread_id(void );
-unsigned long netware_thread_id(void );
-unsigned long beos_thread_id(void );
-
-#if defined(OPENSSL_SYS_NETWARE)
-static MPKMutex *lock_cs;
-static MPKSema ThreadSem;
-static long *lock_count;
-#endif
-
-BIO *bio_err=NULL;
-BIO *bio_stdout=NULL;
-
-static char *cipher=NULL;
-int verbose=0;
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-
-int thread_number=10;
-int number_of_loops=10;
-int reconnect=0;
-int cache_stats=0;
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int doit(char *ctx[4]);
-static void print_stats(FILE *fp, SSL_CTX *ctx)
-{
-	fprintf(fp,"%4ld items in the session cache\n",
-		SSL_CTX_sess_number(ctx));
-	fprintf(fp,"%4d client connects (SSL_connect())\n",
-		SSL_CTX_sess_connect(ctx));
-	fprintf(fp,"%4d client connects that finished\n",
-		SSL_CTX_sess_connect_good(ctx));
-	fprintf(fp,"%4d server connects (SSL_accept())\n",
-		SSL_CTX_sess_accept(ctx));
-	fprintf(fp,"%4d server connects that finished\n",
-		SSL_CTX_sess_accept_good(ctx));
-	fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));
-	fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));
-	fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
-	}
-
-static void sv_usage(void)
-	{
-	fprintf(stderr,"usage: ssltest [args ...]\n");
-	fprintf(stderr,"\n");
-	fprintf(stderr," -server_auth  - check server certificate\n");
-	fprintf(stderr," -client_auth  - do client authentication\n");
-	fprintf(stderr," -v            - more output\n");
-	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
-	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
-	fprintf(stderr," -threads arg  - number of threads\n");
-	fprintf(stderr," -loops arg    - number of 'connections', per thread\n");
-	fprintf(stderr," -reconnect    - reuse session-id's\n");
-	fprintf(stderr," -stats        - server session-id cache stats\n");
-	fprintf(stderr," -cert arg     - server certificate/key\n");
-	fprintf(stderr," -ccert arg    - client certificate/key\n");
-	fprintf(stderr," -ssl3         - just SSLv3n\n");
-	}
-
-int main(int argc, char *argv[])
-	{
-	char *CApath=NULL,*CAfile=NULL;
-	int badop=0;
-	int ret=1;
-	int client_auth=0;
-	int server_auth=0;
-	SSL_CTX *s_ctx=NULL;
-	SSL_CTX *c_ctx=NULL;
-	char *scert=TEST_SERVER_CERT;
-	char *ccert=TEST_CLIENT_CERT;
-	SSL_METHOD *ssl_method=SSLv23_method();
-
-	RAND_seed(rnd_seed, sizeof rnd_seed);
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-	if (bio_stdout == NULL)
-		bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
-	argc--;
-	argv++;
-
-	while (argc >= 1)
-		{
-		if	(strcmp(*argv,"-server_auth") == 0)
-			server_auth=1;
-		else if	(strcmp(*argv,"-client_auth") == 0)
-			client_auth=1;
-		else if	(strcmp(*argv,"-reconnect") == 0)
-			reconnect=1;
-		else if	(strcmp(*argv,"-stats") == 0)
-			cache_stats=1;
-		else if	(strcmp(*argv,"-ssl3") == 0)
-			ssl_method=SSLv3_method();
-		else if	(strcmp(*argv,"-ssl2") == 0)
-			ssl_method=SSLv2_method();
-		else if	(strcmp(*argv,"-CApath") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CApath= *(++argv);
-			}
-		else if	(strcmp(*argv,"-CAfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAfile= *(++argv);
-			}
-		else if	(strcmp(*argv,"-cert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			scert= *(++argv);
-			}
-		else if	(strcmp(*argv,"-ccert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			ccert= *(++argv);
-			}
-		else if	(strcmp(*argv,"-threads") == 0)
-			{
-			if (--argc < 1) goto bad;
-			thread_number= atoi(*(++argv));
-			if (thread_number == 0) thread_number=1;
-			if (thread_number > MAX_THREAD_NUMBER)
-				thread_number=MAX_THREAD_NUMBER;
-			}
-		else if	(strcmp(*argv,"-loops") == 0)
-			{
-			if (--argc < 1) goto bad;
-			number_of_loops= atoi(*(++argv));
-			if (number_of_loops == 0) number_of_loops=1;
-			}
-		else
-			{
-			fprintf(stderr,"unknown option %s\n",*argv);
-			badop=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-	if (badop)
-		{
-bad:
-		sv_usage();
-		goto end;
-		}
-
-	if (cipher == NULL && OPENSSL_issetugid() == 0)
-		cipher=getenv("SSL_CIPHER");
-
-	SSL_load_error_strings();
-	OpenSSL_add_ssl_algorithms();
-
-	c_ctx=SSL_CTX_new(ssl_method);
-	s_ctx=SSL_CTX_new(ssl_method);
-	if ((c_ctx == NULL) || (s_ctx == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	SSL_CTX_set_session_cache_mode(s_ctx,
-		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
-	SSL_CTX_set_session_cache_mode(c_ctx,
-		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
-
-	if (!SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM))
-		{
-		ERR_print_errors(bio_err);
-		}
-	else if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (client_auth)
-		{
-		SSL_CTX_use_certificate_file(c_ctx,ccert,
-			SSL_FILETYPE_PEM);
-		SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,
-			SSL_FILETYPE_PEM);
-		}
-
-	if (	(!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
-		(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
-		(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
-		(!SSL_CTX_set_default_verify_paths(c_ctx)))
-		{
-		fprintf(stderr,"SSL_load_verify_locations\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (client_auth)
-		{
-		fprintf(stderr,"client authentication\n");
-		SSL_CTX_set_verify(s_ctx,
-			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-			verify_callback);
-		}
-	if (server_auth)
-		{
-		fprintf(stderr,"server authentication\n");
-		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
-			verify_callback);
-		}
-
-	thread_setup();
-	do_threads(s_ctx,c_ctx);
-	thread_cleanup();
-end:
-	
-	if (c_ctx != NULL) 
-		{
-		fprintf(stderr,"Client SSL_CTX stats then free it\n");
-		print_stats(stderr,c_ctx);
-		SSL_CTX_free(c_ctx);
-		}
-	if (s_ctx != NULL)
-		{
-		fprintf(stderr,"Server SSL_CTX stats then free it\n");
-		print_stats(stderr,s_ctx);
-		if (cache_stats)
-			{
-			fprintf(stderr,"-----\n");
-			lh_stats(SSL_CTX_sessions(s_ctx),stderr);
-			fprintf(stderr,"-----\n");
-		/*	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
-			fprintf(stderr,"-----\n"); */
-			lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
-			fprintf(stderr,"-----\n");
-			}
-		SSL_CTX_free(s_ctx);
-		fprintf(stderr,"done free\n");
-		}
-	exit(ret);
-	return(0);
-	}
-
-#define W_READ	1
-#define W_WRITE	2
-#define C_DONE	1
-#define S_DONE	2
-
-int ndoit(SSL_CTX *ssl_ctx[2])
-	{
-	int i;
-	int ret;
-	char *ctx[4];
-
-	ctx[0]=(char *)ssl_ctx[0];
-	ctx[1]=(char *)ssl_ctx[1];
-
-	if (reconnect)
-		{
-		ctx[2]=(char *)SSL_new(ssl_ctx[0]);
-		ctx[3]=(char *)SSL_new(ssl_ctx[1]);
-		}
-	else
-		{
-		ctx[2]=NULL;
-		ctx[3]=NULL;
-		}
-
-	fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
-	for (i=0; i<number_of_loops; i++)
-		{
-/*		fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
-			CRYPTO_thread_id(),i,
-			ssl_ctx[0]->references,
-			ssl_ctx[1]->references); */
-	/*	pthread_delay_np(&tm);*/
-
-		ret=doit(ctx);
-		if (ret != 0)
-			{
-			fprintf(stdout,"error[%d] %lu - %d\n",
-				i,CRYPTO_thread_id(),ret);
-			return(ret);
-			}
-		}
-	fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());
-	if (reconnect)
-		{
-		SSL_free((SSL *)ctx[2]);
-		SSL_free((SSL *)ctx[3]);
-		}
-#   ifdef OPENSSL_SYS_NETWARE
-        MPKSemaphoreSignal(ThreadSem);
-#   endif
-	return(0);
-	}
-
-int doit(char *ctx[4])
-	{
-	SSL_CTX *s_ctx,*c_ctx;
-	static char cbuf[200],sbuf[200];
-	SSL *c_ssl=NULL;
-	SSL *s_ssl=NULL;
-	BIO *c_to_s=NULL;
-	BIO *s_to_c=NULL;
-	BIO *c_bio=NULL;
-	BIO *s_bio=NULL;
-	int c_r,c_w,s_r,s_w;
-	int c_want,s_want;
-	int i;
-	int done=0;
-	int c_write,s_write;
-	int do_server=0,do_client=0;
-
-	s_ctx=(SSL_CTX *)ctx[0];
-	c_ctx=(SSL_CTX *)ctx[1];
-
-	if (ctx[2] != NULL)
-		s_ssl=(SSL *)ctx[2];
-	else
-		s_ssl=SSL_new(s_ctx);
-
-	if (ctx[3] != NULL)
-		c_ssl=(SSL *)ctx[3];
-	else
-		c_ssl=SSL_new(c_ctx);
-
-	if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;
-
-	c_to_s=BIO_new(BIO_s_mem());
-	s_to_c=BIO_new(BIO_s_mem());
-	if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
-
-	c_bio=BIO_new(BIO_f_ssl());
-	s_bio=BIO_new(BIO_f_ssl());
-	if ((c_bio == NULL) || (s_bio == NULL)) goto err;
-
-	SSL_set_connect_state(c_ssl);
-	SSL_set_bio(c_ssl,s_to_c,c_to_s);
-	BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
-
-	SSL_set_accept_state(s_ssl);
-	SSL_set_bio(s_ssl,c_to_s,s_to_c);
-	BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
-
-	c_r=0; s_r=1;
-	c_w=1; s_w=0;
-	c_want=W_WRITE;
-	s_want=0;
-	c_write=1,s_write=0;
-
-	/* We can always do writes */
-	for (;;)
-		{
-		do_server=0;
-		do_client=0;
-
-		i=(int)BIO_pending(s_bio);
-		if ((i && s_r) || s_w) do_server=1;
-
-		i=(int)BIO_pending(c_bio);
-		if ((i && c_r) || c_w) do_client=1;
-
-		if (do_server && verbose)
-			{
-			if (SSL_in_init(s_ssl))
-				printf("server waiting in SSL_accept - %s\n",
-					SSL_state_string_long(s_ssl));
-			else if (s_write)
-				printf("server:SSL_write()\n");
-			else 
-				printf("server:SSL_read()\n");
-			}
-
-		if (do_client && verbose)
-			{
-			if (SSL_in_init(c_ssl))
-				printf("client waiting in SSL_connect - %s\n",
-					SSL_state_string_long(c_ssl));
-			else if (c_write)
-				printf("client:SSL_write()\n");
-			else
-				printf("client:SSL_read()\n");
-			}
-
-		if (!do_client && !do_server)
-			{
-			fprintf(stdout,"ERROR IN STARTUP\n");
-			break;
-			}
-		if (do_client && !(done & C_DONE))
-			{
-			if (c_write)
-				{
-				i=BIO_write(c_bio,"hello from client\n",18);
-				if (i < 0)
-					{
-					c_r=0;
-					c_w=0;
-					if (BIO_should_retry(c_bio))
-						{
-						if (BIO_should_read(c_bio))
-							c_r=1;
-						if (BIO_should_write(c_bio))
-							c_w=1;
-						}
-					else
-						{
-						fprintf(stderr,"ERROR in CLIENT\n");
-						ERR_print_errors_fp(stderr);
-						return(1);
-						}
-					}
-				else if (i == 0)
-					{
-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
-					return(1);
-					}
-				else
-					{
-					/* ok */
-					c_write=0;
-					}
-				}
-			else
-				{
-				i=BIO_read(c_bio,cbuf,100);
-				if (i < 0)
-					{
-					c_r=0;
-					c_w=0;
-					if (BIO_should_retry(c_bio))
-						{
-						if (BIO_should_read(c_bio))
-							c_r=1;
-						if (BIO_should_write(c_bio))
-							c_w=1;
-						}
-					else
-						{
-						fprintf(stderr,"ERROR in CLIENT\n");
-						ERR_print_errors_fp(stderr);
-						return(1);
-						}
-					}
-				else if (i == 0)
-					{
-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
-					return(1);
-					}
-				else
-					{
-					done|=C_DONE;
-#ifdef undef
-					fprintf(stdout,"CLIENT:from server:");
-					fwrite(cbuf,1,i,stdout);
-					fflush(stdout);
-#endif
-					}
-				}
-			}
-
-		if (do_server && !(done & S_DONE))
-			{
-			if (!s_write)
-				{
-				i=BIO_read(s_bio,sbuf,100);
-				if (i < 0)
-					{
-					s_r=0;
-					s_w=0;
-					if (BIO_should_retry(s_bio))
-						{
-						if (BIO_should_read(s_bio))
-							s_r=1;
-						if (BIO_should_write(s_bio))
-							s_w=1;
-						}
-					else
-						{
-						fprintf(stderr,"ERROR in SERVER\n");
-						ERR_print_errors_fp(stderr);
-						return(1);
-						}
-					}
-				else if (i == 0)
-					{
-					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
-					return(1);
-					}
-				else
-					{
-					s_write=1;
-					s_w=1;
-#ifdef undef
-					fprintf(stdout,"SERVER:from client:");
-					fwrite(sbuf,1,i,stdout);
-					fflush(stdout);
-#endif
-					}
-				}
-			else
-				{
-				i=BIO_write(s_bio,"hello from server\n",18);
-				if (i < 0)
-					{
-					s_r=0;
-					s_w=0;
-					if (BIO_should_retry(s_bio))
-						{
-						if (BIO_should_read(s_bio))
-							s_r=1;
-						if (BIO_should_write(s_bio))
-							s_w=1;
-						}
-					else
-						{
-						fprintf(stderr,"ERROR in SERVER\n");
-						ERR_print_errors_fp(stderr);
-						return(1);
-						}
-					}
-				else if (i == 0)
-					{
-					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
-					return(1);
-					}
-				else
-					{
-					s_write=0;
-					s_r=1;
-					done|=S_DONE;
-					}
-				}
-			}
-
-		if ((done & S_DONE) && (done & C_DONE)) break;
-#   if defined(OPENSSL_SYS_NETWARE)
-        ThreadSwitchWithDelay();
-#   endif
-		}
-
-	SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-	SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-
-#ifdef undef
-	fprintf(stdout,"DONE\n");
-#endif
-err:
-	/* We have to set the BIO's to NULL otherwise they will be
-	 * free()ed twice.  Once when th s_ssl is SSL_free()ed and
-	 * again when c_ssl is SSL_free()ed.
-	 * This is a hack required because s_ssl and c_ssl are sharing the same
-	 * BIO structure and SSL_set_bio() and SSL_free() automatically
-	 * BIO_free non NULL entries.
-	 * You should not normally do this or be required to do this */
-
-	if (s_ssl != NULL)
-		{
-		s_ssl->rbio=NULL;
-		s_ssl->wbio=NULL;
-		}
-	if (c_ssl != NULL)
-		{
-		c_ssl->rbio=NULL;
-		c_ssl->wbio=NULL;
-		}
-
-	/* The SSL's are optionally freed in the following calls */
-	if (c_to_s != NULL) BIO_free(c_to_s);
-	if (s_to_c != NULL) BIO_free(s_to_c);
-
-	if (c_bio != NULL) BIO_free(c_bio);
-	if (s_bio != NULL) BIO_free(s_bio);
-	return(0);
-	}
-
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
-	{
-	char *s, buf[256];
-
-	if (verbose)
-		{
-		s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),
-				    buf,256);
-		if (s != NULL)
-			{
-			if (ok)
-				fprintf(stderr,"depth=%d %s\n",
-					ctx->error_depth,buf);
-			else
-				fprintf(stderr,"depth=%d error=%d %s\n",
-					ctx->error_depth,ctx->error,buf);
-			}
-		}
-	return(ok);
-	}
-
-#define THREAD_STACK_SIZE (16*1024)
-
-#ifdef OPENSSL_SYS_WIN32
-
-static HANDLE *lock_cs;
-
-void thread_setup(void)
-	{
-	int i;
-
-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
-		}
-
-	CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
-	/* id callback defined */
-	}
-
-void thread_cleanup(void)
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		CloseHandle(lock_cs[i]);
-	OPENSSL_free(lock_cs);
-	}
-
-void win32_locking_callback(int mode, int type, char *file, int line)
-	{
-	if (mode & CRYPTO_LOCK)
-		{
-		WaitForSingleObject(lock_cs[type],INFINITE);
-		}
-	else
-		{
-		ReleaseMutex(lock_cs[type]);
-		}
-	}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-	{
-	double ret;
-	SSL_CTX *ssl_ctx[2];
-	DWORD thread_id[MAX_THREAD_NUMBER];
-	HANDLE thread_handle[MAX_THREAD_NUMBER];
-	int i;
-	SYSTEMTIME start,end;
-
-	ssl_ctx[0]=s_ctx;
-	ssl_ctx[1]=c_ctx;
-
-	GetSystemTime(&start);
-	for (i=0; i<thread_number; i++)
-		{
-		thread_handle[i]=CreateThread(NULL,
-			THREAD_STACK_SIZE,
-			(LPTHREAD_START_ROUTINE)ndoit,
-			(void *)ssl_ctx,
-			0L,
-			&(thread_id[i]));
-		}
-
-	printf("reaping\n");
-	for (i=0; i<thread_number; i+=50)
-		{
-		int j;
-
-		j=(thread_number < (i+50))?(thread_number-i):50;
-
-		if (WaitForMultipleObjects(j,
-			(CONST HANDLE *)&(thread_handle[i]),TRUE,INFINITE)
-			== WAIT_FAILED)
-			{
-			fprintf(stderr,"WaitForMultipleObjects failed:%d\n",GetLastError());
-			exit(1);
-			}
-		}
-	GetSystemTime(&end);
-
-	if (start.wDayOfWeek > end.wDayOfWeek) end.wDayOfWeek+=7;
-	ret=(end.wDayOfWeek-start.wDayOfWeek)*24;
-
-	ret=(ret+end.wHour-start.wHour)*60;
-	ret=(ret+end.wMinute-start.wMinute)*60;
-	ret=(ret+end.wSecond-start.wSecond);
-	ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0;
-
-	printf("win32 threads done - %.3f seconds\n",ret);
-	}
-
-#endif /* OPENSSL_SYS_WIN32 */
-
-#ifdef SOLARIS
-
-static mutex_t *lock_cs;
-/*static rwlock_t *lock_cs; */
-static long *lock_count;
-
-void thread_setup(void)
-	{
-	int i;
-
-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
-	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		lock_count[i]=0;
-		/* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
-		mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
-		}
-
-	CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
-	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
-	}
-
-void thread_cleanup(void)
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-
-	fprintf(stderr,"cleanup\n");
-
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		/* rwlock_destroy(&(lock_cs[i])); */
-		mutex_destroy(&(lock_cs[i]));
-		fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
-		}
-	OPENSSL_free(lock_cs);
-	OPENSSL_free(lock_count);
-
-	fprintf(stderr,"done cleanup\n");
-
-	}
-
-void solaris_locking_callback(int mode, int type, char *file, int line)
-	{
-#ifdef undef
-	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
-		CRYPTO_thread_id(),
-		(mode&CRYPTO_LOCK)?"l":"u",
-		(type&CRYPTO_READ)?"r":"w",file,line);
-#endif
-
-	/*
-	if (CRYPTO_LOCK_SSL_CERT == type)
-	fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
-		CRYPTO_thread_id(),
-		mode,file,line);
-	*/
-	if (mode & CRYPTO_LOCK)
-		{
-	/*	if (mode & CRYPTO_READ)
-			rw_rdlock(&(lock_cs[type]));
-		else
-			rw_wrlock(&(lock_cs[type])); */
-
-		mutex_lock(&(lock_cs[type]));
-		lock_count[type]++;
-		}
-	else
-		{
-/*		rw_unlock(&(lock_cs[type]));  */
-		mutex_unlock(&(lock_cs[type]));
-		}
-	}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-	{
-	SSL_CTX *ssl_ctx[2];
-	thread_t thread_ctx[MAX_THREAD_NUMBER];
-	int i;
-
-	ssl_ctx[0]=s_ctx;
-	ssl_ctx[1]=c_ctx;
-
-	thr_setconcurrency(thread_number);
-	for (i=0; i<thread_number; i++)
-		{
-		thr_create(NULL, THREAD_STACK_SIZE,
-			(void *(*)())ndoit,
-			(void *)ssl_ctx,
-			0L,
-			&(thread_ctx[i]));
-		}
-
-	printf("reaping\n");
-	for (i=0; i<thread_number; i++)
-		{
-		thr_join(thread_ctx[i],NULL,NULL);
-		}
-
-	printf("solaris threads done (%d,%d)\n",
-		s_ctx->references,c_ctx->references);
-	}
-
-unsigned long solaris_thread_id(void)
-	{
-	unsigned long ret;
-
-	ret=(unsigned long)thr_self();
-	return(ret);
-	}
-#endif /* SOLARIS */
-
-#ifdef IRIX
-
-
-static usptr_t *arena;
-static usema_t **lock_cs;
-
-void thread_setup(void)
-	{
-	int i;
-	char filename[20];
-
-	strcpy(filename,"/tmp/mttest.XXXXXX");
-	mktemp(filename);
-
-	usconfig(CONF_STHREADIOOFF);
-	usconfig(CONF_STHREADMALLOCOFF);
-	usconfig(CONF_INITUSERS,100);
-	usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
-	arena=usinit(filename);
-	unlink(filename);
-
-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		lock_cs[i]=usnewsema(arena,1);
-		}
-
-	CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
-	CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
-	}
-
-void thread_cleanup(void)
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		char buf[10];
-
-		sprintf(buf,"%2d:",i);
-		usdumpsema(lock_cs[i],stdout,buf);
-		usfreesema(lock_cs[i],arena);
-		}
-	OPENSSL_free(lock_cs);
-	}
-
-void irix_locking_callback(int mode, int type, char *file, int line)
-	{
-	if (mode & CRYPTO_LOCK)
-		{
-		printf("lock %d\n",type);
-		uspsema(lock_cs[type]);
-		}
-	else
-		{
-		printf("unlock %d\n",type);
-		usvsema(lock_cs[type]);
-		}
-	}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-	{
-	SSL_CTX *ssl_ctx[2];
-	int thread_ctx[MAX_THREAD_NUMBER];
-	int i;
-
-	ssl_ctx[0]=s_ctx;
-	ssl_ctx[1]=c_ctx;
-
-	for (i=0; i<thread_number; i++)
-		{
-		thread_ctx[i]=sproc((void (*)())ndoit,
-			PR_SADDR|PR_SFDS,(void *)ssl_ctx);
-		}
-
-	printf("reaping\n");
-	for (i=0; i<thread_number; i++)
-		{
-		wait(NULL);
-		}
-
-	printf("irix threads done (%d,%d)\n",
-		s_ctx->references,c_ctx->references);
-	}
-
-unsigned long irix_thread_id(void)
-	{
-	unsigned long ret;
-
-	ret=(unsigned long)getpid();
-	return(ret);
-	}
-#endif /* IRIX */
-
-#ifdef PTHREADS
-
-static pthread_mutex_t *lock_cs;
-static long *lock_count;
-
-void thread_setup(void)
-	{
-	int i;
-
-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
-	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		lock_count[i]=0;
-		pthread_mutex_init(&(lock_cs[i]),NULL);
-		}
-
-	CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
-	CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
-	}
-
-void thread_cleanup(void)
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-	fprintf(stderr,"cleanup\n");
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		pthread_mutex_destroy(&(lock_cs[i]));
-		fprintf(stderr,"%8ld:%s\n",lock_count[i],
-			CRYPTO_get_lock_name(i));
-		}
-	OPENSSL_free(lock_cs);
-	OPENSSL_free(lock_count);
-
-	fprintf(stderr,"done cleanup\n");
-	}
-
-void pthreads_locking_callback(int mode, int type, char *file,
-	     int line)
-      {
-#ifdef undef
-	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
-		CRYPTO_thread_id(),
-		(mode&CRYPTO_LOCK)?"l":"u",
-		(type&CRYPTO_READ)?"r":"w",file,line);
-#endif
-/*
-	if (CRYPTO_LOCK_SSL_CERT == type)
-		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
-		CRYPTO_thread_id(),
-		mode,file,line);
-*/
-	if (mode & CRYPTO_LOCK)
-		{
-		pthread_mutex_lock(&(lock_cs[type]));
-		lock_count[type]++;
-		}
-	else
-		{
-		pthread_mutex_unlock(&(lock_cs[type]));
-		}
-	}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-	{
-	SSL_CTX *ssl_ctx[2];
-	pthread_t thread_ctx[MAX_THREAD_NUMBER];
-	int i;
-
-	ssl_ctx[0]=s_ctx;
-	ssl_ctx[1]=c_ctx;
-
-	/*
-	thr_setconcurrency(thread_number);
-	*/
-	for (i=0; i<thread_number; i++)
-		{
-		pthread_create(&(thread_ctx[i]), NULL,
-			(void *(*)())ndoit, (void *)ssl_ctx);
-		}
-
-	printf("reaping\n");
-	for (i=0; i<thread_number; i++)
-		{
-		pthread_join(thread_ctx[i],NULL);
-		}
-
-	printf("pthreads threads done (%d,%d)\n",
-		s_ctx->references,c_ctx->references);
-	}
-
-unsigned long pthreads_thread_id(void)
-	{
-	unsigned long ret;
-
-	ret=(unsigned long)pthread_self();
-	return(ret);
-	}
-
-#endif /* PTHREADS */
-
-
-
-#ifdef OPENSSL_SYS_NETWARE
-
-void thread_setup(void)
-{
-   int i;
-
-   lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(MPKMutex));
-   lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-   for (i=0; i<CRYPTO_num_locks(); i++)
-   {
-      lock_count[i]=0;
-      lock_cs[i]=MPKMutexAlloc("OpenSSL mutex");
-   }
-
-   ThreadSem = MPKSemaphoreAlloc("OpenSSL mttest semaphore", 0 );
-
-   CRYPTO_set_id_callback((unsigned long (*)())netware_thread_id);
-   CRYPTO_set_locking_callback((void (*)())netware_locking_callback);
-}
-
-void thread_cleanup(void)
-{
-   int i;
-
-   CRYPTO_set_locking_callback(NULL);
-
-   fprintf(stdout,"thread_cleanup\n");
-
-   for (i=0; i<CRYPTO_num_locks(); i++)
-   {
-      MPKMutexFree(lock_cs[i]);
-      fprintf(stdout,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
-   }
-   OPENSSL_free(lock_cs);
-   OPENSSL_free(lock_count);
-
-   MPKSemaphoreFree(ThreadSem);
-
-   fprintf(stdout,"done cleanup\n");
-}
-
-void netware_locking_callback(int mode, int type, char *file, int line)
-{
-   if (mode & CRYPTO_LOCK)
-   {
-      MPKMutexLock(lock_cs[type]);
-      lock_count[type]++;
-   }
-   else
-      MPKMutexUnlock(lock_cs[type]);
-}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-{
-   SSL_CTX *ssl_ctx[2];
-   int i;
-   ssl_ctx[0]=s_ctx;
-   ssl_ctx[1]=c_ctx;
-
-   for (i=0; i<thread_number; i++)
-   {
-      BeginThread( (void(*)(void*))ndoit, NULL, THREAD_STACK_SIZE, 
-                   (void*)ssl_ctx);
-      ThreadSwitchWithDelay();
-   }
-
-   printf("reaping\n");
-
-      /* loop until all threads have signaled the semaphore */
-   for (i=0; i<thread_number; i++)
-   {
-      MPKSemaphoreWait(ThreadSem);
-   }
-   printf("netware threads done (%d,%d)\n",
-         s_ctx->references,c_ctx->references);
-}
-
-unsigned long netware_thread_id(void)
-{
-   unsigned long ret;
-
-   ret=(unsigned long)GetThreadID();
-   return(ret);
-}
-#endif /* NETWARE */
-
-#ifdef BEOS_THREADS
-
-#include <Locker.h>
-
-static BLocker** lock_cs;
-static long* lock_count;
-
-void thread_setup(void)
-	{
-	int i;
-
-	lock_cs=(BLocker**)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(BLocker*));
-	lock_count=(long*)OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		lock_count[i]=0;
-		lock_cs[i] = new BLocker(CRYPTO_get_lock_name(i));
-		}
-
-	CRYPTO_set_id_callback((unsigned long (*)())beos_thread_id);
-	CRYPTO_set_locking_callback(beos_locking_callback);
-	}
-
-void thread_cleanup(void)
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-	fprintf(stderr,"cleanup\n");
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		delete lock_cs[i];
-		fprintf(stderr,"%8ld:%s\n",lock_count[i],
-			CRYPTO_get_lock_name(i));
-		}
-	OPENSSL_free(lock_cs);
-	OPENSSL_free(lock_count);
-
-	fprintf(stderr,"done cleanup\n");
-	}
-
-void beos_locking_callback(int mode, int type, const char *file, int line)
-    {
-#if 0
-	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
-		CRYPTO_thread_id(),
-		(mode&CRYPTO_LOCK)?"l":"u",
-		(type&CRYPTO_READ)?"r":"w",file,line);
-#endif
-	if (mode & CRYPTO_LOCK)
-		{
-		lock_cs[type]->Lock();
-		lock_count[type]++;
-		}
-	else
-		{
-		lock_cs[type]->Unlock();
-		}
-	}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-	{
-	SSL_CTX *ssl_ctx[2];
-	thread_id thread_ctx[MAX_THREAD_NUMBER];
-	int i;
-
-	ssl_ctx[0]=s_ctx;
-	ssl_ctx[1]=c_ctx;
-
-	for (i=0; i<thread_number; i++)
-		{
-		thread_ctx[i] = spawn_thread((thread_func)ndoit,
-			NULL, B_NORMAL_PRIORITY, (void *)ssl_ctx);
-		resume_thread(thread_ctx[i]);
-		}
-
-	printf("waiting...\n");
-	for (i=0; i<thread_number; i++)
-		{
-		status_t result;
-		wait_for_thread(thread_ctx[i], &result);
-		}
-
-	printf("beos threads done (%d,%d)\n",
-		s_ctx->references,c_ctx->references);
-	}
-
-unsigned long beos_thread_id(void)
-	{
-	unsigned long ret;
-
-	ret=(unsigned long)find_thread(NULL);
-	return(ret);
-	}
-
-#endif /* BEOS_THREADS */
diff --git a/crypto/threads/netware.bat b/crypto/threads/netware.bat
deleted file mode 100644
index 0b3eca3caf..0000000000
--- a/crypto/threads/netware.bat
+++ /dev/null
@@ -1,79 +0,0 @@
-@echo off
-rem batch file to build multi-thread test ( mttest.nlm )
-
-rem command line arguments:
-rem      debug => build using debug settings
-
-rem
-rem After building, copy mttest.nlm to the server and run it, you'll probably
-rem want to redirect stdout and stderr.  An example command line would be
-rem "mttest.nlm -thread 20 -loops 10 -CAfile \openssl\apps\server.pem >mttest.out 2>mttest.err"
-rem 
-
-del mttest.nlm
-
-set BLD_DEBUG=
-set CFLAGS=
-set LFLAGS=
-set LIBS=
-
-if "%1" == "DEBUG" set BLD_DEBUG=YES
-if "%1" == "debug" set BLD_DEBUG=YES
-
-if "%MWCIncludes%" == "" goto inc_error
-if "%PRELUDE%" == "" goto prelude_error
-if "%IMPORTS%" == "" goto imports_error
-
-set CFLAGS=-c -I..\..\outinc_nw -nosyspath -DOPENSSL_SYS_NETWARE -opt off -g -sym internal -maxerrors 20
-
-if "%BLD_DEBUG%" == "YES" set LIBS=..\..\out_nw.dbg\ssl.lib ..\..\out_nw.dbg\crypto.lib
-if "%BLD_DEBUG%" == ""  set LIBS=..\..\out_nw\ssl.lib ..\..\out_nw\crypto.lib
-
-set LFLAGS=-msgstyle gcc -zerobss -stacksize 32768 -nostdlib -sym internal 
-  
-rem generate command file for metrowerks
-echo.
-echo Generating Metrowerks command file: mttest.def
-echo # dynamically generated command file for metrowerks build > mttest.def
-echo IMPORT @%IMPORTS%\clib.imp              >> mttest.def 
-echo IMPORT @%IMPORTS%\threads.imp           >> mttest.def 
-echo IMPORT @%IMPORTS%\ws2nlm.imp            >> mttest.def 
-echo IMPORT GetProcessSwitchCount            >> mttest.def
-echo MODULE clib                             >> mttest.def 
-
-rem compile
-echo.
-echo Compiling mttest.c
-mwccnlm.exe mttest.c %CFLAGS% 
-if errorlevel 1 goto end
-
-rem link               
-echo.
-echo Linking mttest.nlm
-mwldnlm.exe %LFLAGS% -screenname mttest -commandfile mttest.def mttest.o "%PRELUDE%" %LIBS% -o mttest.nlm
-if errorlevel 1 goto end
-
-goto end
-
-:inc_error
-echo.
-echo Environment variable MWCIncludes is not set - see install.nw
-goto end
-
-:prelude_error
-echo.
-echo Environment variable PRELUDE is not set - see install.nw
-goto end
-
-:imports_error
-echo.
-echo Environment variable IMPORTS is not set - see install.nw
-goto end
-    
-    
-:end
-set BLD_DEBUG=
-set CFLAGS=
-set LFLAGS=
-set LIBS=
-
diff --git a/crypto/threads/profile.sh b/crypto/threads/profile.sh
deleted file mode 100644
index 6e3e342fc0..0000000000
--- a/crypto/threads/profile.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-/bin/rm -f mttest
-cc -p -DSOLARIS -I../../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket
-
diff --git a/crypto/threads/ptest.bat b/crypto/threads/ptest.bat
deleted file mode 100755
index 4071b5ffea..0000000000
--- a/crypto/threads/ptest.bat
+++ /dev/null
@@ -1,4 +0,0 @@
-del mttest.exe
-
-purify cl /O2 -DWIN32 /MD -I..\..\out mttest.c /Femttest ..\..\out\ssl32.lib ..\..\out\crypt32.lib
-
diff --git a/crypto/threads/pthread.sh b/crypto/threads/pthread.sh
deleted file mode 100644
index f1c49821d2..0000000000
--- a/crypto/threads/pthread.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-#
-# build using pthreads
-#
-# http://www.mit.edu:8001/people/proven/pthreads.html
-#
-/bin/rm -f mttest
-pgcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto 
-
diff --git a/crypto/threads/pthread2.sh b/crypto/threads/pthread2.sh
deleted file mode 100755
index 41264c6a50..0000000000
--- a/crypto/threads/pthread2.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-#
-# build using pthreads where it's already built into the system
-#
-/bin/rm -f mttest
-gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread
-
diff --git a/crypto/threads/purify.sh b/crypto/threads/purify.sh
deleted file mode 100644
index 6d44fe26b7..0000000000
--- a/crypto/threads/purify.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-/bin/rm -f mttest
-purify cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket
-
diff --git a/crypto/threads/solaris.sh b/crypto/threads/solaris.sh
deleted file mode 100644
index bc93094a27..0000000000
--- a/crypto/threads/solaris.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-/bin/rm -f mttest
-cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket
-
diff --git a/crypto/threads/th-lock.c b/crypto/threads/th-lock.c
deleted file mode 100644
index 14aae5f912..0000000000
--- a/crypto/threads/th-lock.c
+++ /dev/null
@@ -1,387 +0,0 @@
-/* crypto/threads/th-lock.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#ifdef LINUX
-#include <typedefs.h>
-#endif
-#ifdef OPENSSL_SYS_WIN32
-#include <windows.h>
-#endif
-#ifdef SOLARIS
-#include <synch.h>
-#include <thread.h>
-#endif
-#ifdef IRIX
-#include <ulocks.h>
-#include <sys/prctl.h>
-#endif
-#ifdef PTHREADS
-#include <pthread.h>
-#endif
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include "../../e_os.h"
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-void CRYPTO_thread_setup(void);
-void CRYPTO_thread_cleanup(void);
-
-static void irix_locking_callback(int mode,int type,char *file,int line);
-static void solaris_locking_callback(int mode,int type,char *file,int line);
-static void win32_locking_callback(int mode,int type,char *file,int line);
-static void pthreads_locking_callback(int mode,int type,char *file,int line);
-
-static unsigned long irix_thread_id(void );
-static unsigned long solaris_thread_id(void );
-static unsigned long pthreads_thread_id(void );
-
-/* usage:
- * CRYPTO_thread_setup();
- * application code
- * CRYPTO_thread_cleanup();
- */
-
-#define THREAD_STACK_SIZE (16*1024)
-
-#ifdef OPENSSL_SYS_WIN32
-
-static HANDLE *lock_cs;
-
-void CRYPTO_thread_setup(void)
-	{
-	int i;
-
-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
-		}
-
-	CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
-	/* id callback defined */
-	return(1);
-	}
-
-static void CRYPTO_thread_cleanup(void)
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		CloseHandle(lock_cs[i]);
-	OPENSSL_free(lock_cs);
-	}
-
-void win32_locking_callback(int mode, int type, char *file, int line)
-	{
-	if (mode & CRYPTO_LOCK)
-		{
-		WaitForSingleObject(lock_cs[type],INFINITE);
-		}
-	else
-		{
-		ReleaseMutex(lock_cs[type]);
-		}
-	}
-
-#endif /* OPENSSL_SYS_WIN32 */
-
-#ifdef SOLARIS
-
-#define USE_MUTEX
-
-#ifdef USE_MUTEX
-static mutex_t *lock_cs;
-#else
-static rwlock_t *lock_cs;
-#endif
-static long *lock_count;
-
-void CRYPTO_thread_setup(void)
-	{
-	int i;
-
-#ifdef USE_MUTEX
-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
-#else
-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t));
-#endif
-	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		lock_count[i]=0;
-#ifdef USE_MUTEX
-		mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
-#else
-		rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL);
-#endif
-		}
-
-	CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
-	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
-	}
-
-void CRYPTO_thread_cleanup(void)
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-#ifdef USE_MUTEX
-		mutex_destroy(&(lock_cs[i]));
-#else
-		rwlock_destroy(&(lock_cs[i]));
-#endif
-		}
-	OPENSSL_free(lock_cs);
-	OPENSSL_free(lock_count);
-	}
-
-void solaris_locking_callback(int mode, int type, char *file, int line)
-	{
-#if 0
-	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
-		CRYPTO_thread_id(),
-		(mode&CRYPTO_LOCK)?"l":"u",
-		(type&CRYPTO_READ)?"r":"w",file,line);
-#endif
-
-#if 0
-	if (CRYPTO_LOCK_SSL_CERT == type)
-		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
-			CRYPTO_thread_id(),
-			mode,file,line);
-#endif
-	if (mode & CRYPTO_LOCK)
-		{
-#ifdef USE_MUTEX
-		mutex_lock(&(lock_cs[type]));
-#else
-		if (mode & CRYPTO_READ)
-			rw_rdlock(&(lock_cs[type]));
-		else
-			rw_wrlock(&(lock_cs[type]));
-#endif
-		lock_count[type]++;
-		}
-	else
-		{
-#ifdef USE_MUTEX
-		mutex_unlock(&(lock_cs[type]));
-#else
-		rw_unlock(&(lock_cs[type]));
-#endif
-		}
-	}
-
-unsigned long solaris_thread_id(void)
-	{
-	unsigned long ret;
-
-	ret=(unsigned long)thr_self();
-	return(ret);
-	}
-#endif /* SOLARIS */
-
-#ifdef IRIX
-/* I don't think this works..... */
-
-static usptr_t *arena;
-static usema_t **lock_cs;
-
-void CRYPTO_thread_setup(void)
-	{
-	int i;
-	char filename[20];
-
-	strcpy(filename,"/tmp/mttest.XXXXXX");
-	mktemp(filename);
-
-	usconfig(CONF_STHREADIOOFF);
-	usconfig(CONF_STHREADMALLOCOFF);
-	usconfig(CONF_INITUSERS,100);
-	usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
-	arena=usinit(filename);
-	unlink(filename);
-
-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		lock_cs[i]=usnewsema(arena,1);
-		}
-
-	CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
-	CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
-	}
-
-void CRYPTO_thread_cleanup(void)
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		char buf[10];
-
-		sprintf(buf,"%2d:",i);
-		usdumpsema(lock_cs[i],stdout,buf);
-		usfreesema(lock_cs[i],arena);
-		}
-	OPENSSL_free(lock_cs);
-	}
-
-void irix_locking_callback(int mode, int type, char *file, int line)
-	{
-	if (mode & CRYPTO_LOCK)
-		{
-		uspsema(lock_cs[type]);
-		}
-	else
-		{
-		usvsema(lock_cs[type]);
-		}
-	}
-
-unsigned long irix_thread_id(void)
-	{
-	unsigned long ret;
-
-	ret=(unsigned long)getpid();
-	return(ret);
-	}
-#endif /* IRIX */
-
-/* Linux and a few others */
-#ifdef PTHREADS
-
-static pthread_mutex_t *lock_cs;
-static long *lock_count;
-
-void CRYPTO_thread_setup(void)
-	{
-	int i;
-
-	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
-	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		lock_count[i]=0;
-		pthread_mutex_init(&(lock_cs[i]),NULL);
-		}
-
-	CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
-	CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
-	}
-
-void thread_cleanup(void)
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_num_locks(); i++)
-		{
-		pthread_mutex_destroy(&(lock_cs[i]));
-		}
-	OPENSSL_free(lock_cs);
-	OPENSSL_free(lock_count);
-	}
-
-void pthreads_locking_callback(int mode, int type, char *file,
-	     int line)
-      {
-#if 0
-	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
-		CRYPTO_thread_id(),
-		(mode&CRYPTO_LOCK)?"l":"u",
-		(type&CRYPTO_READ)?"r":"w",file,line);
-#endif
-#if 0
-	if (CRYPTO_LOCK_SSL_CERT == type)
-		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
-		CRYPTO_thread_id(),
-		mode,file,line);
-#endif
-	if (mode & CRYPTO_LOCK)
-		{
-		pthread_mutex_lock(&(lock_cs[type]));
-		lock_count[type]++;
-		}
-	else
-		{
-		pthread_mutex_unlock(&(lock_cs[type]));
-		}
-	}
-
-unsigned long pthreads_thread_id(void)
-	{
-	unsigned long ret;
-
-	ret=(unsigned long)pthread_self();
-	return(ret);
-	}
-
-#endif /* PTHREADS */
-
diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c
deleted file mode 100644
index a08b0ffa23..0000000000
--- a/crypto/ts/ts_err.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* crypto/ts/ts_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ts.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason)
-
-static ERR_STRING_DATA TS_str_functs[]=
-	{
-{ERR_FUNC(TS_F_D2I_TS_RESP),	"d2i_TS_RESP"},
-{ERR_FUNC(TS_F_DEF_SERIAL_CB),	"DEF_SERIAL_CB"},
-{ERR_FUNC(TS_F_DEF_TIME_CB),	"DEF_TIME_CB"},
-{ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT),	"ESS_ADD_SIGNING_CERT"},
-{ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT),	"ESS_CERT_ID_NEW_INIT"},
-{ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT),	"ESS_SIGNING_CERT_NEW_INIT"},
-{ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN),	"INT_TS_RESP_VERIFY_TOKEN"},
-{ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO),	"PKCS7_to_TS_TST_INFO"},
-{ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS),	"TS_ACCURACY_set_micros"},
-{ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS),	"TS_ACCURACY_set_millis"},
-{ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS),	"TS_ACCURACY_set_seconds"},
-{ERR_FUNC(TS_F_TS_CHECK_IMPRINTS),	"TS_CHECK_IMPRINTS"},
-{ERR_FUNC(TS_F_TS_CHECK_NONCES),	"TS_CHECK_NONCES"},
-{ERR_FUNC(TS_F_TS_CHECK_POLICY),	"TS_CHECK_POLICY"},
-{ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS),	"TS_CHECK_SIGNING_CERTS"},
-{ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO),	"TS_CHECK_STATUS_INFO"},
-{ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT),	"TS_COMPUTE_IMPRINT"},
-{ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE),	"TS_CONF_set_default_engine"},
-{ERR_FUNC(TS_F_TS_GET_STATUS_TEXT),	"TS_GET_STATUS_TEXT"},
-{ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO),	"TS_MSG_IMPRINT_set_algo"},
-{ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT),	"TS_REQ_set_msg_imprint"},
-{ERR_FUNC(TS_F_TS_REQ_SET_NONCE),	"TS_REQ_set_nonce"},
-{ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID),	"TS_REQ_set_policy_id"},
-{ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE),	"TS_RESP_create_response"},
-{ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO),	"TS_RESP_CREATE_TST_INFO"},
-{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO),	"TS_RESP_CTX_add_failure_info"},
-{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD),	"TS_RESP_CTX_add_md"},
-{ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY),	"TS_RESP_CTX_add_policy"},
-{ERR_FUNC(TS_F_TS_RESP_CTX_NEW),	"TS_RESP_CTX_new"},
-{ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY),	"TS_RESP_CTX_set_accuracy"},
-{ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS),	"TS_RESP_CTX_set_certs"},
-{ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY),	"TS_RESP_CTX_set_def_policy"},
-{ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT),	"TS_RESP_CTX_set_signer_cert"},
-{ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO),	"TS_RESP_CTX_set_status_info"},
-{ERR_FUNC(TS_F_TS_RESP_GET_POLICY),	"TS_RESP_GET_POLICY"},
-{ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION),	"TS_RESP_SET_GENTIME_WITH_PRECISION"},
-{ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO),	"TS_RESP_set_status_info"},
-{ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO),	"TS_RESP_set_tst_info"},
-{ERR_FUNC(TS_F_TS_RESP_SIGN),	"TS_RESP_SIGN"},
-{ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE),	"TS_RESP_verify_signature"},
-{ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN),	"TS_RESP_verify_token"},
-{ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY),	"TS_TST_INFO_set_accuracy"},
-{ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT),	"TS_TST_INFO_set_msg_imprint"},
-{ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE),	"TS_TST_INFO_set_nonce"},
-{ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID),	"TS_TST_INFO_set_policy_id"},
-{ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL),	"TS_TST_INFO_set_serial"},
-{ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME),	"TS_TST_INFO_set_time"},
-{ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA),	"TS_TST_INFO_set_tsa"},
-{ERR_FUNC(TS_F_TS_VERIFY),	"TS_VERIFY"},
-{ERR_FUNC(TS_F_TS_VERIFY_CERT),	"TS_VERIFY_CERT"},
-{ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW),	"TS_VERIFY_CTX_new"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA TS_str_reasons[]=
-	{
-{ERR_REASON(TS_R_BAD_PKCS7_TYPE)         ,"bad pkcs7 type"},
-{ERR_REASON(TS_R_BAD_TYPE)               ,"bad type"},
-{ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(TS_R_COULD_NOT_SET_ENGINE)   ,"could not set engine"},
-{ERR_REASON(TS_R_COULD_NOT_SET_TIME)     ,"could not set time"},
-{ERR_REASON(TS_R_D2I_TS_RESP_INT_FAILED) ,"d2i ts resp int failed"},
-{ERR_REASON(TS_R_DETACHED_CONTENT)       ,"detached content"},
-{ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR),"ess add signing cert error"},
-{ERR_REASON(TS_R_ESS_SIGNING_CERTIFICATE_ERROR),"ess signing certificate error"},
-{ERR_REASON(TS_R_INVALID_NULL_POINTER)   ,"invalid null pointer"},
-{ERR_REASON(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE),"invalid signer certificate purpose"},
-{ERR_REASON(TS_R_MESSAGE_IMPRINT_MISMATCH),"message imprint mismatch"},
-{ERR_REASON(TS_R_NONCE_MISMATCH)         ,"nonce mismatch"},
-{ERR_REASON(TS_R_NONCE_NOT_RETURNED)     ,"nonce not returned"},
-{ERR_REASON(TS_R_NO_CONTENT)             ,"no content"},
-{ERR_REASON(TS_R_NO_TIME_STAMP_TOKEN)    ,"no time stamp token"},
-{ERR_REASON(TS_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
-{ERR_REASON(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR),"pkcs7 add signed attr error"},
-{ERR_REASON(TS_R_PKCS7_TO_TS_TST_INFO_FAILED),"pkcs7 to ts tst info failed"},
-{ERR_REASON(TS_R_POLICY_MISMATCH)        ,"policy mismatch"},
-{ERR_REASON(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(TS_R_RESPONSE_SETUP_ERROR)   ,"response setup error"},
-{ERR_REASON(TS_R_SIGNATURE_FAILURE)      ,"signature failure"},
-{ERR_REASON(TS_R_THERE_MUST_BE_ONE_SIGNER),"there must be one signer"},
-{ERR_REASON(TS_R_TIME_SYSCALL_ERROR)     ,"time syscall error"},
-{ERR_REASON(TS_R_TOKEN_NOT_PRESENT)      ,"token not present"},
-{ERR_REASON(TS_R_TOKEN_PRESENT)          ,"token present"},
-{ERR_REASON(TS_R_TSA_NAME_MISMATCH)      ,"tsa name mismatch"},
-{ERR_REASON(TS_R_TSA_UNTRUSTED)          ,"tsa untrusted"},
-{ERR_REASON(TS_R_TST_INFO_SETUP_ERROR)   ,"tst info setup error"},
-{ERR_REASON(TS_R_TS_DATASIGN)            ,"ts datasign"},
-{ERR_REASON(TS_R_UNACCEPTABLE_POLICY)    ,"unacceptable policy"},
-{ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM),"unsupported md algorithm"},
-{ERR_REASON(TS_R_UNSUPPORTED_VERSION)    ,"unsupported version"},
-{ERR_REASON(TS_R_WRONG_CONTENT_TYPE)     ,"wrong content type"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_TS_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(TS_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,TS_str_functs);
-		ERR_load_strings(0,TS_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c
deleted file mode 100644
index 6f2ce3b5a4..0000000000
--- a/crypto/txt_db/txt_db.c
+++ /dev/null
@@ -1,388 +0,0 @@
-/* crypto/txt_db/txt_db.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/txt_db.h>
-
-#undef BUFSIZE
-#define BUFSIZE	512
-
-const char TXT_DB_version[]="TXT_DB" OPENSSL_VERSION_PTEXT;
-
-TXT_DB *TXT_DB_read(BIO *in, int num)
-	{
-	TXT_DB *ret=NULL;
-	int er=1;
-	int esc=0;
-	long ln=0;
-	int i,add,n;
-	int size=BUFSIZE;
-	int offset=0;
-	char *p,*f;
-	OPENSSL_STRING *pp;
-	BUF_MEM *buf=NULL;
-
-	if ((buf=BUF_MEM_new()) == NULL) goto err;
-	if (!BUF_MEM_grow(buf,size)) goto err;
-
-	if ((ret=OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
-		goto err;
-	ret->num_fields=num;
-	ret->index=NULL;
-	ret->qual=NULL;
-	if ((ret->data=sk_OPENSSL_PSTRING_new_null()) == NULL)
-		goto err;
-	if ((ret->index=OPENSSL_malloc(sizeof(*ret->index)*num)) == NULL)
-		goto err;
-	if ((ret->qual=OPENSSL_malloc(sizeof(*(ret->qual))*num)) == NULL)
-		goto err;
-	for (i=0; i<num; i++)
-		{
-		ret->index[i]=NULL;
-		ret->qual[i]=NULL;
-		}
-
-	add=(num+1)*sizeof(char *);
-	buf->data[size-1]='\0';
-	offset=0;
-	for (;;)
-		{
-		if (offset != 0)
-			{
-			size+=BUFSIZE;
-			if (!BUF_MEM_grow_clean(buf,size)) goto err;
-			}
-		buf->data[offset]='\0';
-		BIO_gets(in,&(buf->data[offset]),size-offset);
-		ln++;
-		if (buf->data[offset] == '\0') break;
-		if ((offset == 0) && (buf->data[0] == '#')) continue;
-		i=strlen(&(buf->data[offset]));
-		offset+=i;
-		if (buf->data[offset-1] != '\n')
-			continue;
-		else
-			{
-			buf->data[offset-1]='\0'; /* blat the '\n' */
-			if (!(p=OPENSSL_malloc(add+offset))) goto err;
-			offset=0;
-			}
-		pp=(char **)p;
-		p+=add;
-		n=0;
-		pp[n++]=p;
-		i=0;
-		f=buf->data;
-
-		esc=0;
-		for (;;)
-			{
-			if (*f == '\0') break;
-			if (*f == '\t')
-				{
-				if (esc)
-					p--;
-				else
-					{	
-					*(p++)='\0';
-					f++;
-					if (n >=  num) break;
-					pp[n++]=p;
-					continue;
-					}
-				}
-			esc=(*f == '\\');
-			*(p++)= *(f++);
-			}
-		*(p++)='\0';
-		if ((n != num) || (*f != '\0'))
-			{
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)	/* temporary fix :-( */
-			fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f);
-#endif
-			er=2;
-			goto err;
-			}
-		pp[n]=p;
-		if (!sk_OPENSSL_PSTRING_push(ret->data,pp))
-			{
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)	/* temporary fix :-( */
-			fprintf(stderr,"failure in sk_push\n");
-#endif
-			er=2;
-			goto err;
-			}
-		}
-	er=0;
-err:
-	BUF_MEM_free(buf);
-	if (er)
-		{
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
-		if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n");
-#endif
-		if (ret != NULL)
-			{
-			if (ret->data != NULL) sk_OPENSSL_PSTRING_free(ret->data);
-			if (ret->index != NULL) OPENSSL_free(ret->index);
-			if (ret->qual != NULL) OPENSSL_free(ret->qual);
-			if (ret != NULL) OPENSSL_free(ret);
-			}
-		return(NULL);
-		}
-	else
-		return(ret);
-	}
-
-OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value)
-	{
-	OPENSSL_STRING *ret;
-	LHASH_OF(OPENSSL_STRING) *lh;
-
-	if (idx >= db->num_fields)
-		{
-		db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
-		return(NULL);
-		}
-	lh=db->index[idx];
-	if (lh == NULL)
-		{
-		db->error=DB_ERROR_NO_INDEX;
-		return(NULL);
-		}
-	ret=lh_OPENSSL_STRING_retrieve(lh,value);
-	db->error=DB_ERROR_OK;
-	return(ret);
-	}
-
-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(OPENSSL_STRING *),
-			LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
-	{
-	LHASH_OF(OPENSSL_STRING) *idx;
-	OPENSSL_STRING *r;
-	int i,n;
-
-	if (field >= db->num_fields)
-		{
-		db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
-		return(0);
-		}
-	/* FIXME: we lose type checking at this point */
-	if ((idx=(LHASH_OF(OPENSSL_STRING) *)lh_new(hash,cmp)) == NULL)
-		{
-		db->error=DB_ERROR_MALLOC;
-		return(0);
-		}
-	n=sk_OPENSSL_PSTRING_num(db->data);
-	for (i=0; i<n; i++)
-		{
-		r=sk_OPENSSL_PSTRING_value(db->data,i);
-		if ((qual != NULL) && (qual(r) == 0)) continue;
-		if ((r=lh_OPENSSL_STRING_insert(idx,r)) != NULL)
-			{
-			db->error=DB_ERROR_INDEX_CLASH;
-			db->arg1=sk_OPENSSL_PSTRING_find(db->data,r);
-			db->arg2=i;
-			lh_OPENSSL_STRING_free(idx);
-			return(0);
-			}
-		}
-	if (db->index[field] != NULL) lh_OPENSSL_STRING_free(db->index[field]);
-	db->index[field]=idx;
-	db->qual[field]=qual;
-	return(1);
-	}
-
-long TXT_DB_write(BIO *out, TXT_DB *db)
-	{
-	long i,j,n,nn,l,tot=0;
-	char *p,**pp,*f;
-	BUF_MEM *buf=NULL;
-	long ret= -1;
-
-	if ((buf=BUF_MEM_new()) == NULL)
-		goto err;
-	n=sk_OPENSSL_PSTRING_num(db->data);
-	nn=db->num_fields;
-	for (i=0; i<n; i++)
-		{
-		pp=sk_OPENSSL_PSTRING_value(db->data,i);
-
-		l=0;
-		for (j=0; j<nn; j++)
-			{
-			if (pp[j] != NULL)
-				l+=strlen(pp[j]);
-			}
-		if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err;
-
-		p=buf->data;
-		for (j=0; j<nn; j++)
-			{
-			f=pp[j];
-			if (f != NULL)
-				for (;;) 
-					{
-					if (*f == '\0') break;
-					if (*f == '\t') *(p++)='\\';
-					*(p++)= *(f++);
-					}
-			*(p++)='\t';
-			}
-		p[-1]='\n';
-		j=p-buf->data;
-		if (BIO_write(out,buf->data,(int)j) != j)
-			goto err;
-		tot+=j;
-		}
-	ret=tot;
-err:
-	if (buf != NULL) BUF_MEM_free(buf);
-	return(ret);
-	}
-
-int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
-	{
-	int i;
-	OPENSSL_STRING *r;
-
-	for (i=0; i<db->num_fields; i++)
-		{
-		if (db->index[i] != NULL)
-			{
-			if ((db->qual[i] != NULL) &&
-				(db->qual[i](row) == 0)) continue;
-			r=lh_OPENSSL_STRING_retrieve(db->index[i],row);
-			if (r != NULL)
-				{
-				db->error=DB_ERROR_INDEX_CLASH;
-				db->arg1=i;
-				db->arg_row=r;
-				goto err;
-				}
-			}
-		}
-	/* We have passed the index checks, now just append and insert */
-	if (!sk_OPENSSL_PSTRING_push(db->data,row))
-		{
-		db->error=DB_ERROR_MALLOC;
-		goto err;
-		}
-
-	for (i=0; i<db->num_fields; i++)
-		{
-		if (db->index[i] != NULL)
-			{
-			if ((db->qual[i] != NULL) &&
-				(db->qual[i](row) == 0)) continue;
-			(void)lh_OPENSSL_STRING_insert(db->index[i],row);
-			}
-		}
-	return(1);
-err:
-	return(0);
-	}
-
-void TXT_DB_free(TXT_DB *db)
-	{
-	int i,n;
-	char **p,*max;
-
-	if(db == NULL)
-	    return;
-
-	if (db->index != NULL)
-		{
-		for (i=db->num_fields-1; i>=0; i--)
-			if (db->index[i] != NULL) lh_OPENSSL_STRING_free(db->index[i]);
-		OPENSSL_free(db->index);
-		}
-	if (db->qual != NULL)
-		OPENSSL_free(db->qual);
-	if (db->data != NULL)
-		{
-		for (i=sk_OPENSSL_PSTRING_num(db->data)-1; i>=0; i--)
-			{
-			/* check if any 'fields' have been allocated
-			 * from outside of the initial block */
-			p=sk_OPENSSL_PSTRING_value(db->data,i);
-			max=p[db->num_fields]; /* last address */
-			if (max == NULL) /* new row */
-				{
-				for (n=0; n<db->num_fields; n++)
-					if (p[n] != NULL) OPENSSL_free(p[n]);
-				}
-			else
-				{
-				for (n=0; n<db->num_fields; n++)
-					{
-					if (((p[n] < (char *)p) || (p[n] > max))
-						&& (p[n] != NULL))
-						OPENSSL_free(p[n]);
-					}
-				}
-			OPENSSL_free(sk_OPENSSL_PSTRING_value(db->data,i));
-			}
-		sk_OPENSSL_PSTRING_free(db->data);
-		}
-	OPENSSL_free(db);
-	}
diff --git a/crypto/txt_db/txt_db.h b/crypto/txt_db/txt_db.h
deleted file mode 100644
index 6abe435bc8..0000000000
--- a/crypto/txt_db/txt_db.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/* crypto/txt_db/txt_db.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_TXT_DB_H
-#define HEADER_TXT_DB_H
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/stack.h>
-#include <openssl/lhash.h>
-
-#define DB_ERROR_OK			0
-#define DB_ERROR_MALLOC			1
-#define DB_ERROR_INDEX_CLASH    	2
-#define DB_ERROR_INDEX_OUT_OF_RANGE	3
-#define DB_ERROR_NO_INDEX		4
-#define DB_ERROR_INSERT_INDEX_CLASH    	5
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef OPENSSL_STRING *OPENSSL_PSTRING;
-DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
-
-typedef struct txt_db_st
-	{
-	int num_fields;
-	STACK_OF(OPENSSL_PSTRING) *data;
-	LHASH_OF(OPENSSL_STRING) **index;
-	int (**qual)(OPENSSL_STRING *);
-	long error;
-	long arg1;
-	long arg2;
-	OPENSSL_STRING *arg_row;
-	} TXT_DB;
-
-#ifndef OPENSSL_NO_BIO
-TXT_DB *TXT_DB_read(BIO *in, int num);
-long TXT_DB_write(BIO *out, TXT_DB *db);
-#else
-TXT_DB *TXT_DB_read(char *in, int num);
-long TXT_DB_write(char *out, TXT_DB *db);
-#endif
-int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(OPENSSL_STRING *),
-			LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
-void TXT_DB_free(TXT_DB *db);
-OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value);
-int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/ui/ui.h b/crypto/ui/ui.h
deleted file mode 100644
index bd78aa413f..0000000000
--- a/crypto/ui/ui.h
+++ /dev/null
@@ -1,383 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_H
-#define HEADER_UI_H
-
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/crypto.h>
-#endif
-#include <openssl/safestack.h>
-#include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Declared already in ossl_typ.h */
-/* typedef struct ui_st UI; */
-/* typedef struct ui_method_st UI_METHOD; */
-
-
-/* All the following functions return -1 or NULL on error and in some cases
-   (UI_process()) -2 if interrupted or in some other way cancelled.
-   When everything is fine, they return 0, a positive value or a non-NULL
-   pointer, all depending on their purpose. */
-
-/* Creators and destructor.   */
-UI *UI_new(void);
-UI *UI_new_method(const UI_METHOD *method);
-void UI_free(UI *ui);
-
-/* The following functions are used to add strings to be printed and prompt
-   strings to prompt for data.  The names are UI_{add,dup}_<function>_string
-   and UI_{add,dup}_input_boolean.
-
-   UI_{add,dup}_<function>_string have the following meanings:
-	add	add a text or prompt string.  The pointers given to these
-		functions are used verbatim, no copying is done.
-	dup	make a copy of the text or prompt string, then add the copy
-		to the collection of strings in the user interface.
-	<function>
-		The function is a name for the functionality that the given
-		string shall be used for.  It can be one of:
-			input	use the string as data prompt.
-			verify	use the string as verification prompt.  This
-				is used to verify a previous input.
-			info	use the string for informational output.
-			error	use the string for error output.
-   Honestly, there's currently no difference between info and error for the
-   moment.
-
-   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
-   and are typically used when one wants to prompt for a yes/no response.
-
-
-   All of the functions in this group take a UI and a prompt string.
-   The string input and verify addition functions also take a flag argument,
-   a buffer for the result to end up with, a minimum input size and a maximum
-   input size (the result buffer MUST be large enough to be able to contain
-   the maximum number of characters).  Additionally, the verify addition
-   functions takes another buffer to compare the result against.
-   The boolean input functions take an action description string (which should
-   be safe to ignore if the expected user action is obvious, for example with
-   a dialog box with an OK button and a Cancel button), a string of acceptable
-   characters to mean OK and to mean Cancel.  The two last strings are checked
-   to make sure they don't have common characters.  Additionally, the same
-   flag argument as for the string input is taken, as well as a result buffer.
-   The result buffer is required to be at least one byte long.  Depending on
-   the answer, the first character from the OK or the Cancel character strings
-   will be stored in the first byte of the result buffer.  No NUL will be
-   added, so the result is *not* a string.
-
-   On success, the all return an index of the added information.  That index
-   is usefull when retrieving results with UI_get0_result(). */
-int UI_add_input_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize);
-int UI_dup_input_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize);
-int UI_add_verify_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize, const char *test_buf);
-int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize, const char *test_buf);
-int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-	const char *ok_chars, const char *cancel_chars,
-	int flags, char *result_buf);
-int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-	const char *ok_chars, const char *cancel_chars,
-	int flags, char *result_buf);
-int UI_add_info_string(UI *ui, const char *text);
-int UI_dup_info_string(UI *ui, const char *text);
-int UI_add_error_string(UI *ui, const char *text);
-int UI_dup_error_string(UI *ui, const char *text);
-
-/* These are the possible flags.  They can be or'ed together. */
-/* Use to have echoing of input */
-#define UI_INPUT_FLAG_ECHO		0x01
-/* Use a default password.  Where that password is found is completely
-   up to the application, it might for example be in the user data set
-   with UI_add_user_data().  It is not recommended to have more than
-   one input in each UI being marked with this flag, or the application
-   might get confused. */
-#define UI_INPUT_FLAG_DEFAULT_PWD	0x02
-
-/* The user of these routines may want to define flags of their own.  The core
-   UI won't look at those, but will pass them on to the method routines.  They
-   must use higher bits so they don't get confused with the UI bits above.
-   UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
-   example of use is this:
-
-	#define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE)
-
-*/
-#define UI_INPUT_FLAG_USER_BASE	16
-
-
-/* The following function helps construct a prompt.  object_desc is a
-   textual short description of the object, for example "pass phrase",
-   and object_name is the name of the object (might be a card name or
-   a file name.
-   The returned string shall always be allocated on the heap with
-   OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
-
-   If the ui_method doesn't contain a pointer to a user-defined prompt
-   constructor, a default string is built, looking like this:
-
-	"Enter {object_desc} for {object_name}:"
-
-   So, if object_desc has the value "pass phrase" and object_name has
-   the value "foo.key", the resulting string is:
-
-	"Enter pass phrase for foo.key:"
-*/
-char *UI_construct_prompt(UI *ui_method,
-	const char *object_desc, const char *object_name);
-
-
-/* The following function is used to store a pointer to user-specific data.
-   Any previous such pointer will be returned and replaced.
-
-   For callback purposes, this function makes a lot more sense than using
-   ex_data, since the latter requires that different parts of OpenSSL or
-   applications share the same ex_data index.
-
-   Note that the UI_OpenSSL() method completely ignores the user data.
-   Other methods may not, however.  */
-void *UI_add_user_data(UI *ui, void *user_data);
-/* We need a user data retrieving function as well.  */
-void *UI_get0_user_data(UI *ui);
-
-/* Return the result associated with a prompt given with the index i. */
-const char *UI_get0_result(UI *ui, int i);
-
-/* When all strings have been added, process the whole thing. */
-int UI_process(UI *ui);
-
-/* Give a user interface parametrised control commands.  This can be used to
-   send down an integer, a data pointer or a function pointer, as well as
-   be used to get information from a UI. */
-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void));
-
-/* The commands */
-/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
-   OpenSSL error stack before printing any info or added error messages and
-   before any prompting. */
-#define UI_CTRL_PRINT_ERRORS		1
-/* Check if a UI_process() is possible to do again with the same instance of
-   a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
-   if not. */
-#define UI_CTRL_IS_REDOABLE		2
-
-
-/* Some methods may use extra data */
-#define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
-#define UI_get_app_data(s)             UI_get_ex_data(s,0)
-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int UI_set_ex_data(UI *r,int idx,void *arg);
-void *UI_get_ex_data(UI *r, int idx);
-
-/* Use specific methods instead of the built-in one */
-void UI_set_default_method(const UI_METHOD *meth);
-const UI_METHOD *UI_get_default_method(void);
-const UI_METHOD *UI_get_method(UI *ui);
-const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
-
-/* The method with all the built-in thingies */
-UI_METHOD *UI_OpenSSL(void);
-
-
-/* ---------- For method writers ---------- */
-/* A method contains a number of functions that implement the low level
-   of the User Interface.  The functions are:
-
-	an opener	This function starts a session, maybe by opening
-			a channel to a tty, or by opening a window.
-	a writer	This function is called to write a given string,
-			maybe to the tty, maybe as a field label in a
-			window.
-	a flusher	This function is called to flush everything that
-			has been output so far.  It can be used to actually
-			display a dialog box after it has been built.
-	a reader	This function is called to read a given prompt,
-			maybe from the tty, maybe from a field in a
-			window.  Note that it's called wth all string
-			structures, not only the prompt ones, so it must
-			check such things itself.
-	a closer	This function closes the session, maybe by closing
-			the channel to the tty, or closing the window.
-
-   All these functions are expected to return:
-
-	0	on error.
-	1	on success.
-	-1	on out-of-band events, for example if some prompting has
-		been canceled (by pressing Ctrl-C, for example).  This is
-		only checked when returned by the flusher or the reader.
-
-   The way this is used, the opener is first called, then the writer for all
-   strings, then the flusher, then the reader for all strings and finally the
-   closer.  Note that if you want to prompt from a terminal or other command
-   line interface, the best is to have the reader also write the prompts
-   instead of having the writer do it.  If you want to prompt from a dialog
-   box, the writer can be used to build up the contents of the box, and the
-   flusher to actually display the box and run the event loop until all data
-   has been given, after which the reader only grabs the given data and puts
-   them back into the UI strings.
-
-   All method functions take a UI as argument.  Additionally, the writer and
-   the reader take a UI_STRING.
-*/
-
-/* The UI_STRING type is the data structure that contains all the needed info
-   about a string or a prompt, including test data for a verification prompt.
-*/
-typedef struct ui_string_st UI_STRING;
-DECLARE_STACK_OF(UI_STRING)
-
-/* The different types of strings that are currently supported.
-   This is only needed by method authors. */
-enum UI_string_types
-	{
-	UIT_NONE=0,
-	UIT_PROMPT,		/* Prompt for a string */
-	UIT_VERIFY,		/* Prompt for a string and verify */
-	UIT_BOOLEAN,		/* Prompt for a yes/no response */
-	UIT_INFO,		/* Send info to the user */
-	UIT_ERROR		/* Send an error message to the user */
-	};
-
-/* Create and manipulate methods */
-UI_METHOD *UI_create_method(char *name);
-void UI_destroy_method(UI_METHOD *ui_method);
-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui));
-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis));
-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui));
-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));
-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui));
-int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor)(UI* ui, const char* object_desc, const char* object_name));
-int (*UI_method_get_opener(UI_METHOD *method))(UI*);
-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);
-int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);
-int (*UI_method_get_closer(UI_METHOD *method))(UI*);
-char * (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*);
-
-/* The following functions are helpers for method writers to access relevant
-   data from a UI_STRING. */
-
-/* Return type of the UI_STRING */
-enum UI_string_types UI_get_string_type(UI_STRING *uis);
-/* Return input flags of the UI_STRING */
-int UI_get_input_flags(UI_STRING *uis);
-/* Return the actual string to output (the prompt, info or error) */
-const char *UI_get0_output_string(UI_STRING *uis);
-/* Return the optional action string to output (the boolean promtp instruction) */
-const char *UI_get0_action_string(UI_STRING *uis);
-/* Return the result of a prompt */
-const char *UI_get0_result_string(UI_STRING *uis);
-/* Return the string to test the result against.  Only useful with verifies. */
-const char *UI_get0_test_string(UI_STRING *uis);
-/* Return the required minimum size of the result */
-int UI_get_result_minsize(UI_STRING *uis);
-/* Return the required maximum size of the result */
-int UI_get_result_maxsize(UI_STRING *uis);
-/* Set the result of a UI_STRING. */
-int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
-
-
-/* A couple of popular utility functions */
-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify);
-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_UI_strings(void);
-
-/* Error codes for the UI functions. */
-
-/* Function codes. */
-#define UI_F_GENERAL_ALLOCATE_BOOLEAN			 108
-#define UI_F_GENERAL_ALLOCATE_PROMPT			 109
-#define UI_F_GENERAL_ALLOCATE_STRING			 100
-#define UI_F_UI_CTRL					 111
-#define UI_F_UI_DUP_ERROR_STRING			 101
-#define UI_F_UI_DUP_INFO_STRING				 102
-#define UI_F_UI_DUP_INPUT_BOOLEAN			 110
-#define UI_F_UI_DUP_INPUT_STRING			 103
-#define UI_F_UI_DUP_VERIFY_STRING			 106
-#define UI_F_UI_GET0_RESULT				 107
-#define UI_F_UI_NEW_METHOD				 104
-#define UI_F_UI_SET_RESULT				 105
-
-/* Reason codes. */
-#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS		 104
-#define UI_R_INDEX_TOO_LARGE				 102
-#define UI_R_INDEX_TOO_SMALL				 103
-#define UI_R_NO_RESULT_BUFFER				 105
-#define UI_R_RESULT_TOO_LARGE				 100
-#define UI_R_RESULT_TOO_SMALL				 101
-#define UI_R_UNKNOWN_CONTROL_COMMAND			 106
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/ui/ui_compat.c b/crypto/ui/ui_compat.c
deleted file mode 100644
index 13e0f70d90..0000000000
--- a/crypto/ui/ui_compat.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/ui_compat.h>
-
-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify)
-	{
-	return UI_UTIL_read_pw_string(buf, length, prompt, verify);
-	}
-
-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
-	{
-	return UI_UTIL_read_pw(buf, buff, size, prompt, verify);
-	}
diff --git a/crypto/ui/ui_compat.h b/crypto/ui/ui_compat.h
deleted file mode 100644
index b35c9bb7fd..0000000000
--- a/crypto/ui/ui_compat.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_COMPAT_H
-#define HEADER_UI_COMPAT_H
-
-#include <openssl/opensslconf.h>
-#include <openssl/ui.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* The following functions were previously part of the DES section,
-   and are provided here for backward compatibility reasons. */
-
-#define des_read_pw_string(b,l,p,v) \
-	_ossl_old_des_read_pw_string((b),(l),(p),(v))
-#define des_read_pw(b,bf,s,p,v) \
-	_ossl_old_des_read_pw((b),(bf),(s),(p),(v))
-
-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify);
-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/ui/ui_err.c b/crypto/ui/ui_err.c
deleted file mode 100644
index a6b96299a0..0000000000
--- a/crypto/ui/ui_err.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/* crypto/ui/ui_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ui.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
-
-static ERR_STRING_DATA UI_str_functs[]=
-	{
-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN),	"GENERAL_ALLOCATE_BOOLEAN"},
-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT),	"GENERAL_ALLOCATE_PROMPT"},
-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING),	"GENERAL_ALLOCATE_STRING"},
-{ERR_FUNC(UI_F_UI_CTRL),	"UI_ctrl"},
-{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING),	"UI_dup_error_string"},
-{ERR_FUNC(UI_F_UI_DUP_INFO_STRING),	"UI_dup_info_string"},
-{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN),	"UI_dup_input_boolean"},
-{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING),	"UI_dup_input_string"},
-{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING),	"UI_dup_verify_string"},
-{ERR_FUNC(UI_F_UI_GET0_RESULT),	"UI_get0_result"},
-{ERR_FUNC(UI_F_UI_NEW_METHOD),	"UI_new_method"},
-{ERR_FUNC(UI_F_UI_SET_RESULT),	"UI_set_result"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA UI_str_reasons[]=
-	{
-{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),"common ok and cancel characters"},
-{ERR_REASON(UI_R_INDEX_TOO_LARGE)        ,"index too large"},
-{ERR_REASON(UI_R_INDEX_TOO_SMALL)        ,"index too small"},
-{ERR_REASON(UI_R_NO_RESULT_BUFFER)       ,"no result buffer"},
-{ERR_REASON(UI_R_RESULT_TOO_LARGE)       ,"result too large"},
-{ERR_REASON(UI_R_RESULT_TOO_SMALL)       ,"result too small"},
-{ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND),"unknown control command"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_UI_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(UI_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,UI_str_functs);
-		ERR_load_strings(0,UI_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
deleted file mode 100644
index 167da002d2..0000000000
--- a/crypto/ui/ui_lib.c
+++ /dev/null
@@ -1,924 +0,0 @@
-/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/e_os2.h>
-#include <openssl/buffer.h>
-#include <openssl/ui.h>
-#include <openssl/err.h>
-#include "ui_locl.h"
-
-IMPLEMENT_STACK_OF(UI_STRING_ST)
-
-static const UI_METHOD *default_UI_meth=NULL;
-
-UI *UI_new(void)
-	{
-	return(UI_new_method(NULL));
-	}
-
-UI *UI_new_method(const UI_METHOD *method)
-	{
-	UI *ret;
-
-	ret=(UI *)OPENSSL_malloc(sizeof(UI));
-	if (ret == NULL)
-		{
-		UIerr(UI_F_UI_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	if (method == NULL)
-		ret->meth=UI_get_default_method();
-	else
-		ret->meth=method;
-
-	ret->strings=NULL;
-	ret->user_data=NULL;
-	ret->flags=0;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
-	return ret;
-	}
-
-static void free_string(UI_STRING *uis)
-	{
-	if (uis->flags & OUT_STRING_FREEABLE)
-		{
-		OPENSSL_free((char *)uis->out_string);
-		switch(uis->type)
-			{
-		case UIT_BOOLEAN:
-			OPENSSL_free((char *)uis->_.boolean_data.action_desc);
-			OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
-			OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
-			break;
-		default:
-			break;
-			}
-		}
-	OPENSSL_free(uis);
-	}
-
-void UI_free(UI *ui)
-	{
-	if (ui == NULL)
-		return;
-	sk_UI_STRING_pop_free(ui->strings,free_string);
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
-	OPENSSL_free(ui);
-	}
-
-static int allocate_string_stack(UI *ui)
-	{
-	if (ui->strings == NULL)
-		{
-		ui->strings=sk_UI_STRING_new_null();
-		if (ui->strings == NULL)
-			{
-			return -1;
-			}
-		}
-	return 0;
-	}
-
-static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
-	int prompt_freeable, enum UI_string_types type, int input_flags,
-	char *result_buf)
-	{
-	UI_STRING *ret = NULL;
-
-	if (prompt == NULL)
-		{
-		UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,ERR_R_PASSED_NULL_PARAMETER);
-		}
-	else if ((type == UIT_PROMPT || type == UIT_VERIFY
-			 || type == UIT_BOOLEAN) && result_buf == NULL)
-		{
-		UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,UI_R_NO_RESULT_BUFFER);
-		}
-	else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING))))
-		{
-		ret->out_string=prompt;
-		ret->flags=prompt_freeable ? OUT_STRING_FREEABLE : 0;
-		ret->input_flags=input_flags;
-		ret->type=type;
-		ret->result_buf=result_buf;
-		}
-	return ret;
-	}
-
-static int general_allocate_string(UI *ui, const char *prompt,
-	int prompt_freeable, enum UI_string_types type, int input_flags,
-	char *result_buf, int minsize, int maxsize, const char *test_buf)
-	{
-	int ret = -1;
-	UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
-		type, input_flags, result_buf);
-
-	if (s)
-		{
-		if (allocate_string_stack(ui) >= 0)
-			{
-			s->_.string_data.result_minsize=minsize;
-			s->_.string_data.result_maxsize=maxsize;
-			s->_.string_data.test_buf=test_buf;
-			ret=sk_UI_STRING_push(ui->strings, s);
-			/* sk_push() returns 0 on error.  Let's addapt that */
-			if (ret <= 0) ret--;
-			}
-		else
-			free_string(s);
-		}
-	return ret;
-	}
-
-static int general_allocate_boolean(UI *ui,
-	const char *prompt, const char *action_desc,
-	const char *ok_chars, const char *cancel_chars,
-	int prompt_freeable, enum UI_string_types type, int input_flags,
-	char *result_buf)
-	{
-	int ret = -1;
-	UI_STRING *s;
-	const char *p;
-
-	if (ok_chars == NULL)
-		{
-		UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
-		}
-	else if (cancel_chars == NULL)
-		{
-		UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
-		}
-	else
-		{
-		for(p = ok_chars; *p; p++)
-			{
-			if (strchr(cancel_chars, *p))
-				{
-				UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
-					UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
-				}
-			}
-
-		s = general_allocate_prompt(ui, prompt, prompt_freeable,
-			type, input_flags, result_buf);
-
-		if (s)
-			{
-			if (allocate_string_stack(ui) >= 0)
-				{
-				s->_.boolean_data.action_desc = action_desc;
-				s->_.boolean_data.ok_chars = ok_chars;
-				s->_.boolean_data.cancel_chars = cancel_chars;
-				ret=sk_UI_STRING_push(ui->strings, s);
-				/* sk_push() returns 0 on error.
-				   Let's addapt that */
-				if (ret <= 0) ret--;
-				}
-			else
-				free_string(s);
-			}
-		}
-	return ret;
-	}
-
-/* Returns the index to the place in the stack or -1 for error.  Uses a
-   direct reference to the prompt.  */
-int UI_add_input_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize)
-	{
-	return general_allocate_string(ui, prompt, 0,
-		UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
-	}
-
-/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
-int UI_dup_input_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize)
-	{
-	char *prompt_copy=NULL;
-
-	if (prompt)
-		{
-		prompt_copy=BUF_strdup(prompt);
-		if (prompt_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_INPUT_STRING,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		}
-	
-	return general_allocate_string(ui, prompt_copy, 1,
-		UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
-	}
-
-int UI_add_verify_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize, const char *test_buf)
-	{
-	return general_allocate_string(ui, prompt, 0,
-		UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
-	}
-
-int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize, const char *test_buf)
-	{
-	char *prompt_copy=NULL;
-
-	if (prompt)
-		{
-		prompt_copy=BUF_strdup(prompt);
-		if (prompt_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_VERIFY_STRING,ERR_R_MALLOC_FAILURE);
-			return -1;
-			}
-		}
-	
-	return general_allocate_string(ui, prompt_copy, 1,
-		UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
-	}
-
-int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-	const char *ok_chars, const char *cancel_chars,
-	int flags, char *result_buf)
-	{
-	return general_allocate_boolean(ui, prompt, action_desc,
-		ok_chars, cancel_chars, 0, UIT_BOOLEAN, flags, result_buf);
-	}
-
-int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-	const char *ok_chars, const char *cancel_chars,
-	int flags, char *result_buf)
-	{
-	char *prompt_copy = NULL;
-	char *action_desc_copy = NULL;
-	char *ok_chars_copy = NULL;
-	char *cancel_chars_copy = NULL;
-
-	if (prompt)
-		{
-		prompt_copy=BUF_strdup(prompt);
-		if (prompt_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	
-	if (action_desc)
-		{
-		action_desc_copy=BUF_strdup(action_desc);
-		if (action_desc_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	
-	if (ok_chars)
-		{
-		ok_chars_copy=BUF_strdup(ok_chars);
-		if (ok_chars_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	
-	if (cancel_chars)
-		{
-		cancel_chars_copy=BUF_strdup(cancel_chars);
-		if (cancel_chars_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	
-	return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
-		ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags,
-		result_buf);
- err:
-	if (prompt_copy) OPENSSL_free(prompt_copy);
-	if (action_desc_copy) OPENSSL_free(action_desc_copy);
-	if (ok_chars_copy) OPENSSL_free(ok_chars_copy);
-	if (cancel_chars_copy) OPENSSL_free(cancel_chars_copy);
-	return -1;
-	}
-
-int UI_add_info_string(UI *ui, const char *text)
-	{
-	return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
-		NULL);
-	}
-
-int UI_dup_info_string(UI *ui, const char *text)
-	{
-	char *text_copy=NULL;
-
-	if (text)
-		{
-		text_copy=BUF_strdup(text);
-		if (text_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_INFO_STRING,ERR_R_MALLOC_FAILURE);
-			return -1;
-			}
-		}
-
-	return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
-		0, 0, NULL);
-	}
-
-int UI_add_error_string(UI *ui, const char *text)
-	{
-	return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
-		NULL);
-	}
-
-int UI_dup_error_string(UI *ui, const char *text)
-	{
-	char *text_copy=NULL;
-
-	if (text)
-		{
-		text_copy=BUF_strdup(text);
-		if (text_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_ERROR_STRING,ERR_R_MALLOC_FAILURE);
-			return -1;
-			}
-		}
-	return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
-		0, 0, NULL);
-	}
-
-char *UI_construct_prompt(UI *ui, const char *object_desc,
-	const char *object_name)
-	{
-	char *prompt = NULL;
-
-	if (ui->meth->ui_construct_prompt)
-		prompt = ui->meth->ui_construct_prompt(ui,
-			object_desc, object_name);
-	else
-		{
-		char prompt1[] = "Enter ";
-		char prompt2[] = " for ";
-		char prompt3[] = ":";
-		int len = 0;
-
-		if (object_desc == NULL)
-			return NULL;
-		len = sizeof(prompt1) - 1 + strlen(object_desc);
-		if (object_name)
-			len += sizeof(prompt2) - 1 + strlen(object_name);
-		len += sizeof(prompt3) - 1;
-
-		prompt = (char *)OPENSSL_malloc(len + 1);
-		BUF_strlcpy(prompt, prompt1, len + 1);
-		BUF_strlcat(prompt, object_desc, len + 1);
-		if (object_name)
-			{
-			BUF_strlcat(prompt, prompt2, len + 1);
-			BUF_strlcat(prompt, object_name, len + 1);
-			}
-		BUF_strlcat(prompt, prompt3, len + 1);
-		}
-	return prompt;
-	}
-
-void *UI_add_user_data(UI *ui, void *user_data)
-	{
-	void *old_data = ui->user_data;
-	ui->user_data = user_data;
-	return old_data;
-	}
-
-void *UI_get0_user_data(UI *ui)
-	{
-	return ui->user_data;
-	}
-
-const char *UI_get0_result(UI *ui, int i)
-	{
-	if (i < 0)
-		{
-		UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_SMALL);
-		return NULL;
-		}
-	if (i >= sk_UI_STRING_num(ui->strings))
-		{
-		UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_LARGE);
-		return NULL;
-		}
-	return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
-	}
-
-static int print_error(const char *str, size_t len, UI *ui)
-	{
-	UI_STRING uis;
-
-	memset(&uis, 0, sizeof(uis));
-	uis.type = UIT_ERROR;
-	uis.out_string = str;
-
-	if (ui->meth->ui_write_string
-		&& !ui->meth->ui_write_string(ui, &uis))
-		return -1;
-	return 0;
-	}
-
-int UI_process(UI *ui)
-	{
-	int i, ok=0;
-
-	if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
-		return -1;
-
-	if (ui->flags & UI_FLAG_PRINT_ERRORS)
-		ERR_print_errors_cb(
-			(int (*)(const char *, size_t, void *))print_error,
-			(void *)ui);
-
-	for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
-		{
-		if (ui->meth->ui_write_string
-			&& !ui->meth->ui_write_string(ui,
-				sk_UI_STRING_value(ui->strings, i)))
-			{
-			ok=-1;
-			goto err;
-			}
-		}
-
-	if (ui->meth->ui_flush)
-		switch(ui->meth->ui_flush(ui))
-			{
-		case -1: /* Interrupt/Cancel/something... */
-			ok = -2;
-			goto err;
-		case 0: /* Errors */
-			ok = -1;
-			goto err;
-		default: /* Success */
-			ok = 0;
-			break;
-			}
-
-	for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
-		{
-		if (ui->meth->ui_read_string)
-			{
-			switch(ui->meth->ui_read_string(ui,
-				sk_UI_STRING_value(ui->strings, i)))
-				{
-			case -1: /* Interrupt/Cancel/something... */
-				ok = -2;
-				goto err;
-			case 0: /* Errors */
-				ok = -1;
-				goto err;
-			default: /* Success */
-				ok = 0;
-				break;
-				}
-			}
-		}
- err:
-	if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
-		return -1;
-	return ok;
-	}
-
-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void))
-	{
-	if (ui == NULL)
-		{
-		UIerr(UI_F_UI_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-		return -1;
-		}
-	switch(cmd)
-		{
-	case UI_CTRL_PRINT_ERRORS:
-		{
-		int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS);
-		if (i)
-			ui->flags |= UI_FLAG_PRINT_ERRORS;
-		else
-			ui->flags &= ~UI_FLAG_PRINT_ERRORS;
-		return save_flag;
-		}
-	case UI_CTRL_IS_REDOABLE:
-		return !!(ui->flags & UI_FLAG_REDOABLE);
-	default:
-		break;
-		}
-	UIerr(UI_F_UI_CTRL,UI_R_UNKNOWN_CONTROL_COMMAND);
-	return -1;
-	}
-
-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
-				new_func, dup_func, free_func);
-        }
-
-int UI_set_ex_data(UI *r, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
-	}
-
-void *UI_get_ex_data(UI *r, int idx)
-	{
-	return(CRYPTO_get_ex_data(&r->ex_data,idx));
-	}
-
-void UI_set_default_method(const UI_METHOD *meth)
-	{
-	default_UI_meth=meth;
-	}
-
-const UI_METHOD *UI_get_default_method(void)
-	{
-	if (default_UI_meth == NULL)
-		{
-		default_UI_meth=UI_OpenSSL();
-		}
-	return default_UI_meth;
-	}
-
-const UI_METHOD *UI_get_method(UI *ui)
-	{
-	return ui->meth;
-	}
-
-const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
-	{
-	ui->meth=meth;
-	return ui->meth;
-	}
-
-
-UI_METHOD *UI_create_method(char *name)
-	{
-	UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
-
-	if (ui_method)
-		{
-		memset(ui_method, 0, sizeof(*ui_method));
-		ui_method->name = BUF_strdup(name);
-		}
-	return ui_method;
-	}
-
-/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method
-   (that is, it hasn't been allocated using UI_create_method(), you deserve
-   anything Murphy can throw at you and more!  You have been warned. */
-void UI_destroy_method(UI_METHOD *ui_method)
-	{
-	OPENSSL_free(ui_method->name);
-	ui_method->name = NULL;
-	OPENSSL_free(ui_method);
-	}
-
-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui))
-	{
-	if (method)
-		{
-		method->ui_open_session = opener;
-		return 0;
-		}
-	else
-		return -1;
-	}
-
-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis))
-	{
-	if (method)
-		{
-		method->ui_write_string = writer;
-		return 0;
-		}
-	else
-		return -1;
-	}
-
-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui))
-	{
-	if (method)
-		{
-		method->ui_flush = flusher;
-		return 0;
-		}
-	else
-		return -1;
-	}
-
-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis))
-	{
-	if (method)
-		{
-		method->ui_read_string = reader;
-		return 0;
-		}
-	else
-		return -1;
-	}
-
-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui))
-	{
-	if (method)
-		{
-		method->ui_close_session = closer;
-		return 0;
-		}
-	else
-		return -1;
-	}
-
-int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor)(UI* ui, const char* object_desc, const char* object_name))
-	{
-	if (method)
-		{
-		method->ui_construct_prompt = prompt_constructor;
-		return 0;
-		}
-	else
-		return -1;
-	}
-
-int (*UI_method_get_opener(UI_METHOD *method))(UI*)
-	{
-	if (method)
-		return method->ui_open_session;
-	else
-		return NULL;
-	}
-
-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*)
-	{
-	if (method)
-		return method->ui_write_string;
-	else
-		return NULL;
-	}
-
-int (*UI_method_get_flusher(UI_METHOD *method))(UI*)
-	{
-	if (method)
-		return method->ui_flush;
-	else
-		return NULL;
-	}
-
-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*)
-	{
-	if (method)
-		return method->ui_read_string;
-	else
-		return NULL;
-	}
-
-int (*UI_method_get_closer(UI_METHOD *method))(UI*)
-	{
-	if (method)
-		return method->ui_close_session;
-	else
-		return NULL;
-	}
-
-char* (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*)
-	{
-	if (method)
-		return method->ui_construct_prompt;
-	else
-		return NULL;
-	}
-
-enum UI_string_types UI_get_string_type(UI_STRING *uis)
-	{
-	if (!uis)
-		return UIT_NONE;
-	return uis->type;
-	}
-
-int UI_get_input_flags(UI_STRING *uis)
-	{
-	if (!uis)
-		return 0;
-	return uis->input_flags;
-	}
-
-const char *UI_get0_output_string(UI_STRING *uis)
-	{
-	if (!uis)
-		return NULL;
-	return uis->out_string;
-	}
-
-const char *UI_get0_action_string(UI_STRING *uis)
-	{
-	if (!uis)
-		return NULL;
-	switch(uis->type)
-		{
-	case UIT_PROMPT:
-	case UIT_BOOLEAN:
-		return uis->_.boolean_data.action_desc;
-	default:
-		return NULL;
-		}
-	}
-
-const char *UI_get0_result_string(UI_STRING *uis)
-	{
-	if (!uis)
-		return NULL;
-	switch(uis->type)
-		{
-	case UIT_PROMPT:
-	case UIT_VERIFY:
-		return uis->result_buf;
-	default:
-		return NULL;
-		}
-	}
-
-const char *UI_get0_test_string(UI_STRING *uis)
-	{
-	if (!uis)
-		return NULL;
-	switch(uis->type)
-		{
-	case UIT_VERIFY:
-		return uis->_.string_data.test_buf;
-	default:
-		return NULL;
-		}
-	}
-
-int UI_get_result_minsize(UI_STRING *uis)
-	{
-	if (!uis)
-		return -1;
-	switch(uis->type)
-		{
-	case UIT_PROMPT:
-	case UIT_VERIFY:
-		return uis->_.string_data.result_minsize;
-	default:
-		return -1;
-		}
-	}
-
-int UI_get_result_maxsize(UI_STRING *uis)
-	{
-	if (!uis)
-		return -1;
-	switch(uis->type)
-		{
-	case UIT_PROMPT:
-	case UIT_VERIFY:
-		return uis->_.string_data.result_maxsize;
-	default:
-		return -1;
-		}
-	}
-
-int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
-	{
-	int l = strlen(result);
-
-	ui->flags &= ~UI_FLAG_REDOABLE;
-
-	if (!uis)
-		return -1;
-	switch (uis->type)
-		{
-	case UIT_PROMPT:
-	case UIT_VERIFY:
-		{
-		char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1];
-		char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1];
-
-		BIO_snprintf(number1, sizeof(number1), "%d",
-			uis->_.string_data.result_minsize);
-		BIO_snprintf(number2, sizeof(number2), "%d",
-			uis->_.string_data.result_maxsize);
-
-		if (l < uis->_.string_data.result_minsize)
-			{
-			ui->flags |= UI_FLAG_REDOABLE;
-			UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_SMALL);
-			ERR_add_error_data(5,"You must type in ",
-				number1," to ",number2," characters");
-			return -1;
-			}
-		if (l > uis->_.string_data.result_maxsize)
-			{
-			ui->flags |= UI_FLAG_REDOABLE;
-			UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_LARGE);
-			ERR_add_error_data(5,"You must type in ",
-				number1," to ",number2," characters");
-			return -1;
-			}
-		}
-
-		if (!uis->result_buf)
-			{
-			UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
-			return -1;
-			}
-
-		BUF_strlcpy(uis->result_buf, result,
-			    uis->_.string_data.result_maxsize + 1);
-		break;
-	case UIT_BOOLEAN:
-		{
-		const char *p;
-
-		if (!uis->result_buf)
-			{
-			UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
-			return -1;
-			}
-
-		uis->result_buf[0] = '\0';
-		for(p = result; *p; p++)
-			{
-			if (strchr(uis->_.boolean_data.ok_chars, *p))
-				{
-				uis->result_buf[0] =
-					uis->_.boolean_data.ok_chars[0];
-				break;
-				}
-			if (strchr(uis->_.boolean_data.cancel_chars, *p))
-				{
-				uis->result_buf[0] =
-					uis->_.boolean_data.cancel_chars[0];
-				break;
-				}
-			}
-		}
-	default:
-		break;
-		}
-	return 0;
-	}
diff --git a/crypto/ui/ui_locl.h b/crypto/ui/ui_locl.h
deleted file mode 100644
index aa4a55637d..0000000000
--- a/crypto/ui/ui_locl.h
+++ /dev/null
@@ -1,153 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_LOCL_H
-#define HEADER_UI_LOCL_H
-
-#include <openssl/ui.h>
-#include <openssl/crypto.h>
-
-#ifdef _
-#undef _
-#endif
-
-struct ui_method_st
-	{
-	char *name;
-
-	/* All the functions return 1 or non-NULL for success and 0 or NULL
-	   for failure */
-
-	/* Open whatever channel for this, be it the console, an X window
-	   or whatever.
-	   This function should use the ex_data structure to save
-	   intermediate data. */
-	int (*ui_open_session)(UI *ui);
-
-	int (*ui_write_string)(UI *ui, UI_STRING *uis);
-
-	/* Flush the output.  If a GUI dialog box is used, this function can
-	   be used to actually display it. */
-	int (*ui_flush)(UI *ui);
-
-	int (*ui_read_string)(UI *ui, UI_STRING *uis);
-
-	int (*ui_close_session)(UI *ui);
-
-	/* Construct a prompt in a user-defined manner.  object_desc is a
-	   textual short description of the object, for example "pass phrase",
-	   and object_name is the name of the object (might be a card name or
-	   a file name.
-	   The returned string shall always be allocated on the heap with
-	   OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). */
-	char *(*ui_construct_prompt)(UI *ui, const char *object_desc,
-		const char *object_name);
-	};
-
-struct ui_string_st
-	{
-	enum UI_string_types type; /* Input */
-	const char *out_string;	/* Input */
-	int input_flags;	/* Flags from the user */
-
-	/* The following parameters are completely irrelevant for UIT_INFO,
-	   and can therefore be set to 0 or NULL */
-	char *result_buf;	/* Input and Output: If not NULL, user-defined
-				   with size in result_maxsize.  Otherwise, it
-				   may be allocated by the UI routine, meaning
-				   result_minsize is going to be overwritten.*/
-	union
-		{
-		struct
-			{
-			int result_minsize;	/* Input: minimum required
-						   size of the result.
-						*/
-			int result_maxsize;	/* Input: maximum permitted
-						   size of the result */
-
-			const char *test_buf;	/* Input: test string to verify
-						   against */
-			} string_data;
-		struct
-			{
-			const char *action_desc; /* Input */
-			const char *ok_chars; /* Input */
-			const char *cancel_chars; /* Input */
-			} boolean_data;
-		} _;
-
-#define OUT_STRING_FREEABLE 0x01
-	int flags;		/* flags for internal use */
-	};
-
-struct ui_st
-	{
-	const UI_METHOD *meth;
-	STACK_OF(UI_STRING) *strings; /* We might want to prompt for more
-					 than one thing at a time, and
-					 with different echoing status.  */
-	void *user_data;
-	CRYPTO_EX_DATA ex_data;
-
-#define UI_FLAG_REDOABLE	0x0001
-#define UI_FLAG_PRINT_ERRORS	0x0100
-	int flags;
-	};
-
-#endif
diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
deleted file mode 100644
index e6ccd34a13..0000000000
--- a/crypto/ui/ui_openssl.c
+++ /dev/null
@@ -1,718 +0,0 @@
-/* crypto/ui/ui_openssl.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) and others
- * for the OpenSSL project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* The lowest level part of this file was previously in crypto/des/read_pwd.c,
- * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-
-#include <openssl/e_os2.h>
-
-/* need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc
- * [maybe others?], because it masks interfaces not discussed in standard,
- * sigaction and fileno included. -pedantic would be more appropriate for
- * the intended purposes, but we can't prevent users from adding -ansi.
- */
-#if defined(OPENSSL_SYSNAME_VXWORKS)
-#include <sys/types.h>
-#endif
-
-#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
-#ifndef _POSIX_C_SOURCE
-#define _POSIX_C_SOURCE 2
-#endif
-#endif
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
-# ifdef OPENSSL_UNISTD
-#  include OPENSSL_UNISTD
-# else
-#  include <unistd.h>
-# endif
-/* If unistd.h defines _POSIX_VERSION, we conclude that we
- * are on a POSIX system and have sigaction and termios. */
-# if defined(_POSIX_VERSION)
-
-#  define SIGACTION
-#  if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
-#   define TERMIOS
-#  endif
-
-# endif
-#endif
-
-#ifdef WIN16TTY
-# undef OPENSSL_SYS_WIN16
-# undef WIN16
-# undef _WINDOWS
-# include <graph.h>
-#endif
-
-/* 06-Apr-92 Luke Brennan    Support for VMS */
-#include "ui_locl.h"
-#include "cryptlib.h"
-
-#ifdef OPENSSL_SYS_VMS		/* prototypes for sys$whatever */
-# include <starlet.h>
-# ifdef __DECC
-#  pragma message disable DOLLARID
-# endif
-#endif
-
-#ifdef WIN_CONSOLE_BUG
-# include <windows.h>
-#ifndef OPENSSL_SYS_WINCE
-# include <wincon.h>
-#endif
-#endif
-
-
-/* There are 5 types of terminal interface supported,
- * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
- */
-
-#if defined(__sgi) && !defined(TERMIOS)
-# define TERMIOS
-# undef  TERMIO
-# undef  SGTTY
-#endif
-
-#if defined(linux) && !defined(TERMIO) && !defined(__ANDROID__)
-# undef  TERMIOS
-# define TERMIO
-# undef  SGTTY
-#endif
-
-#ifdef _LIBC
-# undef  TERMIOS
-# define TERMIO
-# undef  SGTTY
-#endif
-
-#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(MAC_OS_GUSI_SOURCE)
-# undef  TERMIOS
-# undef  TERMIO
-# define SGTTY
-#endif
-
-#if defined(OPENSSL_SYS_VXWORKS)
-#undef TERMIOS
-#undef TERMIO
-#undef SGTTY
-#endif
-
-#if defined(OPENSSL_SYS_NETWARE)
-#undef TERMIOS
-#undef TERMIO
-#undef SGTTY
-#endif
-
-#ifdef TERMIOS
-# include <termios.h>
-# define TTY_STRUCT		struct termios
-# define TTY_FLAGS		c_lflag
-# define TTY_get(tty,data)	tcgetattr(tty,data)
-# define TTY_set(tty,data)	tcsetattr(tty,TCSANOW,data)
-#endif
-
-#ifdef TERMIO
-# include <termio.h>
-# define TTY_STRUCT		struct termio
-# define TTY_FLAGS		c_lflag
-# define TTY_get(tty,data)	ioctl(tty,TCGETA,data)
-# define TTY_set(tty,data)	ioctl(tty,TCSETA,data)
-#endif
-
-#ifdef SGTTY
-# include <sgtty.h>
-# define TTY_STRUCT		struct sgttyb
-# define TTY_FLAGS		sg_flags
-# define TTY_get(tty,data)	ioctl(tty,TIOCGETP,data)
-# define TTY_set(tty,data)	ioctl(tty,TIOCSETP,data)
-#endif
-
-#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS)
-# include <sys/ioctl.h>
-#endif
-
-#ifdef OPENSSL_SYS_MSDOS
-# include <conio.h>
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-# include <ssdef.h>
-# include <iodef.h>
-# include <ttdef.h>
-# include <descrip.h>
-struct IOSB {
-	short iosb$w_value;
-	short iosb$w_count;
-	long  iosb$l_info;
-	};
-#endif
-
-#ifdef OPENSSL_SYS_SUNOS
-	typedef int sig_atomic_t;
-#endif
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE)
-/*
- * This one needs work. As a matter of fact the code is unoperational
- * and this is only a trick to get it compiled.
- *					<appro@fy.chalmers.se>
- */
-# define TTY_STRUCT int
-#endif
-
-#ifndef NX509_SIG
-# define NX509_SIG 32
-#endif
-
-
-/* Define globals.  They are protected by a lock */
-#ifdef SIGACTION
-static struct sigaction savsig[NX509_SIG];
-#else
-static void (*savsig[NX509_SIG])(int );
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-static struct IOSB iosb;
-static $DESCRIPTOR(terminal,"TT");
-static long tty_orig[3], tty_new[3]; /* XXX   Is there any guarantee that this will always suffice for the actual structures? */
-static long status;
-static unsigned short channel = 0;
-#else
-#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
-static TTY_STRUCT tty_orig,tty_new;
-#endif
-#endif
-static FILE *tty_in, *tty_out;
-static int is_a_tty;
-
-/* Declare static functions */
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-static int read_till_nl(FILE *);
-static void recsig(int);
-static void pushsig(void);
-static void popsig(void);
-#endif
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
-static int noecho_fgets(char *buf, int size, FILE *tty);
-#endif
-static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
-
-static int read_string(UI *ui, UI_STRING *uis);
-static int write_string(UI *ui, UI_STRING *uis);
-
-static int open_console(UI *ui);
-static int echo_console(UI *ui);
-static int noecho_console(UI *ui);
-static int close_console(UI *ui);
-
-static UI_METHOD ui_openssl =
-	{
-	"OpenSSL default user interface",
-	open_console,
-	write_string,
-	NULL,			/* No flusher is needed for command lines */
-	read_string,
-	close_console,
-	NULL
-	};
-
-/* The method with all the built-in thingies */
-UI_METHOD *UI_OpenSSL(void)
-	{
-	return &ui_openssl;
-	}
-
-/* The following function makes sure that info and error strings are printed
-   before any prompt. */
-static int write_string(UI *ui, UI_STRING *uis)
-	{
-	switch (UI_get_string_type(uis))
-		{
-	case UIT_ERROR:
-	case UIT_INFO:
-		fputs(UI_get0_output_string(uis), tty_out);
-		fflush(tty_out);
-		break;
-	default:
-		break;
-		}
-	return 1;
-	}
-
-static int read_string(UI *ui, UI_STRING *uis)
-	{
-	int ok = 0;
-
-	switch (UI_get_string_type(uis))
-		{
-	case UIT_BOOLEAN:
-		fputs(UI_get0_output_string(uis), tty_out);
-		fputs(UI_get0_action_string(uis), tty_out);
-		fflush(tty_out);
-		return read_string_inner(ui, uis,
-			UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 0);
-	case UIT_PROMPT:
-		fputs(UI_get0_output_string(uis), tty_out);
-		fflush(tty_out);
-		return read_string_inner(ui, uis,
-			UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1);
-	case UIT_VERIFY:
-		fprintf(tty_out,"Verifying - %s",
-			UI_get0_output_string(uis));
-		fflush(tty_out);
-		if ((ok = read_string_inner(ui, uis,
-			UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1)) <= 0)
-			return ok;
-		if (strcmp(UI_get0_result_string(uis),
-			UI_get0_test_string(uis)) != 0)
-			{
-			fprintf(tty_out,"Verify failure\n");
-			fflush(tty_out);
-			return 0;
-			}
-		break;
-	default:
-		break;
-		}
-	return 1;
-	}
-
-
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-/* Internal functions to read a string without echoing */
-static int read_till_nl(FILE *in)
-	{
-#define SIZE 4
-	char buf[SIZE+1];
-
-	do	{
-		if (!fgets(buf,SIZE,in))
-			return 0;
-		} while (strchr(buf,'\n') == NULL);
-	return 1;
-	}
-
-static volatile sig_atomic_t intr_signal;
-#endif
-
-static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
-	{
-	static int ps;
-	int ok;
-	char result[BUFSIZ];
-	int maxsize = BUFSIZ-1;
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-	char *p;
-
-	intr_signal=0;
-	ok=0;
-	ps=0;
-
-	pushsig();
-	ps=1;
-
-	if (!echo && !noecho_console(ui))
-		goto error;
-	ps=2;
-
-	result[0]='\0';
-#ifdef OPENSSL_SYS_MSDOS
-	if (!echo)
-		{
-		noecho_fgets(result,maxsize,tty_in);
-		p=result; /* FIXME: noecho_fgets doesn't return errors */
-		}
-	else
-		p=fgets(result,maxsize,tty_in);
-#else
-	p=fgets(result,maxsize,tty_in);
-#endif
-	if(!p)
-		goto error;
-	if (feof(tty_in)) goto error;
-	if (ferror(tty_in)) goto error;
-	if ((p=(char *)strchr(result,'\n')) != NULL)
-		{
-		if (strip_nl)
-			*p='\0';
-		}
-	else
-		if (!read_till_nl(tty_in))
-			goto error;
-	if (UI_set_result(ui, uis, result) >= 0)
-		ok=1;
-
-error:
-	if (intr_signal == SIGINT)
-		ok=-1;
-	if (!echo) fprintf(tty_out,"\n");
-	if (ps >= 2 && !echo && !echo_console(ui))
-		ok=0;
-
-	if (ps >= 1)
-		popsig();
-#else
-	ok=1;
-#endif
-
-	OPENSSL_cleanse(result,BUFSIZ);
-	return ok;
-	}
-
-
-/* Internal functions to open, handle and close a channel to the console.  */
-static int open_console(UI *ui)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_UI);
-	is_a_tty = 1;
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS)
-	tty_in=stdin;
-	tty_out=stderr;
-#else
-#  ifdef OPENSSL_SYS_MSDOS
-#    define DEV_TTY "con"
-#  else
-#    define DEV_TTY "/dev/tty"
-#  endif
-	if ((tty_in=fopen(DEV_TTY,"r")) == NULL)
-		tty_in=stdin;
-	if ((tty_out=fopen(DEV_TTY,"w")) == NULL)
-		tty_out=stderr;
-#endif
-
-#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
- 	if (TTY_get(fileno(tty_in),&tty_orig) == -1)
-		{
-#ifdef ENOTTY
-		if (errno == ENOTTY)
-			is_a_tty=0;
-		else
-#endif
-#ifdef EINVAL
-		/* Ariel Glenn ariel@columbia.edu reports that solaris
-		 * can return EINVAL instead.  This should be ok */
-		if (errno == EINVAL)
-			is_a_tty=0;
-		else
-#endif
-			return 0;
-		}
-#endif
-#ifdef OPENSSL_SYS_VMS
-	status = sys$assign(&terminal,&channel,0,0);
-	if (status != SS$_NORMAL)
-		return 0;
-	status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
-	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-		return 0;
-#endif
-	return 1;
-	}
-
-static int noecho_console(UI *ui)
-	{
-#ifdef TTY_FLAGS
-	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
-	tty_new.TTY_FLAGS &= ~ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-	if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))
-		return 0;
-#endif
-#ifdef OPENSSL_SYS_VMS
-	tty_new[0] = tty_orig[0];
-	tty_new[1] = tty_orig[1] | TT$M_NOECHO;
-	tty_new[2] = tty_orig[2];
-	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
-	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-		return 0;
-#endif
-	return 1;
-	}
-
-static int echo_console(UI *ui)
-	{
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
-	tty_new.TTY_FLAGS |= ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
-	if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))
-		return 0;
-#endif
-#ifdef OPENSSL_SYS_VMS
-	tty_new[0] = tty_orig[0];
-	tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
-	tty_new[2] = tty_orig[2];
-	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
-	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
-		return 0;
-#endif
-	return 1;
-	}
-
-static int close_console(UI *ui)
-	{
-	if (tty_in != stdin) fclose(tty_in);
-	if (tty_out != stderr) fclose(tty_out);
-#ifdef OPENSSL_SYS_VMS
-	status = sys$dassgn(channel);
-#endif
-	CRYPTO_w_unlock(CRYPTO_LOCK_UI);
-
-	return 1;
-	}
-
-
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-/* Internal functions to handle signals and act on them */
-static void pushsig(void)
-	{
-#ifndef OPENSSL_SYS_WIN32
-	int i;
-#endif
-#ifdef SIGACTION
-	struct sigaction sa;
-
-	memset(&sa,0,sizeof sa);
-	sa.sa_handler=recsig;
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
-	savsig[SIGABRT]=signal(SIGABRT,recsig);
-	savsig[SIGFPE]=signal(SIGFPE,recsig);
-	savsig[SIGILL]=signal(SIGILL,recsig);
-	savsig[SIGINT]=signal(SIGINT,recsig);
-	savsig[SIGSEGV]=signal(SIGSEGV,recsig);
-	savsig[SIGTERM]=signal(SIGTERM,recsig);
-#else
-	for (i=1; i<NX509_SIG; i++)
-		{
-#ifdef SIGUSR1
-		if (i == SIGUSR1)
-			continue;
-#endif
-#ifdef SIGUSR2
-		if (i == SIGUSR2)
-			continue;
-#endif
-#ifdef SIGKILL
-		if (i == SIGKILL) /* We can't make any action on that. */
-			continue;
-#endif
-#ifdef SIGACTION
-		sigaction(i,&sa,&savsig[i]);
-#else
-		savsig[i]=signal(i,recsig);
-#endif
-		}
-#endif
-
-#ifdef SIGWINCH
-	signal(SIGWINCH,SIG_DFL);
-#endif
-	}
-
-static void popsig(void)
-	{
-#ifdef OPENSSL_SYS_WIN32
-	signal(SIGABRT,savsig[SIGABRT]);
-	signal(SIGFPE,savsig[SIGFPE]);
-	signal(SIGILL,savsig[SIGILL]);
-	signal(SIGINT,savsig[SIGINT]);
-	signal(SIGSEGV,savsig[SIGSEGV]);
-	signal(SIGTERM,savsig[SIGTERM]);
-#else
-	int i;
-	for (i=1; i<NX509_SIG; i++)
-		{
-#ifdef SIGUSR1
-		if (i == SIGUSR1)
-			continue;
-#endif
-#ifdef SIGUSR2
-		if (i == SIGUSR2)
-			continue;
-#endif
-#ifdef SIGACTION
-		sigaction(i,&savsig[i],NULL);
-#else
-		signal(i,savsig[i]);
-#endif
-		}
-#endif
-	}
-
-static void recsig(int i)
-	{
-	intr_signal=i;
-	}
-#endif
-
-/* Internal functions specific for Windows */
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-static int noecho_fgets(char *buf, int size, FILE *tty)
-	{
-	int i;
-	char *p;
-
-	p=buf;
-	for (;;)
-		{
-		if (size == 0)
-			{
-			*p='\0';
-			break;
-			}
-		size--;
-#ifdef WIN16TTY
-		i=_inchar();
-#elif defined(_WIN32)
-		i=_getch();
-#else
-		i=getch();
-#endif
-		if (i == '\r') i='\n';
-		*(p++)=i;
-		if (i == '\n')
-			{
-			*p='\0';
-			break;
-			}
-		}
-#ifdef WIN_CONSOLE_BUG
-/* Win95 has several evil console bugs: one of these is that the
- * last character read using getch() is passed to the next read: this is
- * usually a CR so this can be trouble. No STDIO fix seems to work but
- * flushing the console appears to do the trick.
- */
-		{
-			HANDLE inh;
-			inh = GetStdHandle(STD_INPUT_HANDLE);
-			FlushConsoleInputBuffer(inh);
-		}
-#endif
-	return(strlen(buf));
-	}
-#endif
diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
deleted file mode 100644
index 5d9760bb7b..0000000000
--- a/crypto/ui/ui_util.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/* crypto/ui/ui_util.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include "ui_locl.h"
-
-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify)
-	{
-	char buff[BUFSIZ];
-	int ret;
-
-	ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
-	OPENSSL_cleanse(buff,BUFSIZ);
-	return(ret);
-	}
-
-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
-	{
-	int ok = 0;
-	UI *ui;
-
-	if (size < 1)
-		return -1;
-
-	ui = UI_new();
-	if (ui)
-		{
-		ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);
-		if (ok >= 0 && verify)
-			ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,
-				buf);
-		if (ok >= 0)
-			ok=UI_process(ui);
-		UI_free(ui);
-		}
-	if (ok > 0)
-		ok = 0;
-	return(ok);
-	}
diff --git a/crypto/uid.c b/crypto/uid.c
deleted file mode 100644
index b1fd52bada..0000000000
--- a/crypto/uid.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/* crypto/uid.c */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/crypto.h>
-#include <openssl/opensslconf.h>
-
-#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
-
-#include OPENSSL_UNISTD
-
-int OPENSSL_issetugid(void)
-	{
-	return issetugid();
-	}
-
-#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
-
-int OPENSSL_issetugid(void)
-	{
-	return 0;
-	}
-
-#else
-
-#include OPENSSL_UNISTD
-#include <sys/types.h>
-
-int OPENSSL_issetugid(void)
-	{
-	if (getuid() != geteuid()) return 1;
-	if (getgid() != getegid()) return 1;
-	return 0;
-	}
-#endif
-
-
-
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
deleted file mode 100644
index c6602dae4f..0000000000
--- a/crypto/x509/by_dir.c
+++ /dev/null
@@ -1,480 +0,0 @@
-/* crypto/x509/by_dir.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifndef OPENSSL_NO_POSIX_IO
-# include <sys/stat.h>
-#endif
-
-#include <openssl/lhash.h>
-#include <openssl/x509.h>
-
-
-typedef struct lookup_dir_hashes_st
-	{
-	unsigned long hash;
-	int suffix;
-	} BY_DIR_HASH;
-
-typedef struct lookup_dir_entry_st
-	{
-	char *dir;
-	int dir_type;
-	STACK_OF(BY_DIR_HASH) *hashes;
-	} BY_DIR_ENTRY;
-
-typedef struct lookup_dir_st
-	{
-	BUF_MEM *buffer;
-	STACK_OF(BY_DIR_ENTRY) *dirs;
-	} BY_DIR;
-
-DECLARE_STACK_OF(BY_DIR_HASH)
-DECLARE_STACK_OF(BY_DIR_ENTRY)
-
-static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
-	char **ret);
-static int new_dir(X509_LOOKUP *lu);
-static void free_dir(X509_LOOKUP *lu);
-static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
-static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
-	X509_OBJECT *ret);
-X509_LOOKUP_METHOD x509_dir_lookup=
-	{
-	"Load certs from files in a directory",
-	new_dir,		/* new */
-	free_dir,		/* free */
-	NULL, 			/* init */
-	NULL,			/* shutdown */
-	dir_ctrl,		/* ctrl */
-	get_cert_by_subject,	/* get_by_subject */
-	NULL,			/* get_by_issuer_serial */
-	NULL,			/* get_by_fingerprint */
-	NULL,			/* get_by_alias */
-	};
-
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
-	{
-	return(&x509_dir_lookup);
-	}
-
-static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
-	     char **retp)
-	{
-	int ret=0;
-	BY_DIR *ld;
-	char *dir = NULL;
-
-	ld=(BY_DIR *)ctx->method_data;
-
-	switch (cmd)
-		{
-	case X509_L_ADD_DIR:
-		if (argl == X509_FILETYPE_DEFAULT)
-			{
-			dir=(char *)getenv(X509_get_default_cert_dir_env());
-			if (dir)
-				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
-			else
-				ret=add_cert_dir(ld,X509_get_default_cert_dir(),
-					X509_FILETYPE_PEM);
-			if (!ret)
-				{
-				X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
-				}
-			}
-		else
-			ret=add_cert_dir(ld,argp,(int)argl);
-		break;
-		}
-	return(ret);
-	}
-
-static int new_dir(X509_LOOKUP *lu)
-	{
-	BY_DIR *a;
-
-	if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
-		return(0);
-	if ((a->buffer=BUF_MEM_new()) == NULL)
-		{
-		OPENSSL_free(a);
-		return(0);
-		}
-	a->dirs=NULL;
-	lu->method_data=(char *)a;
-	return(1);
-	}
-
-static void by_dir_hash_free(BY_DIR_HASH *hash)
-	{
-	OPENSSL_free(hash);
-	}
-
-static int by_dir_hash_cmp(const BY_DIR_HASH * const *a,
-			const BY_DIR_HASH * const *b)
-	{
-	if ((*a)->hash > (*b)->hash)
-		return 1;
-	if ((*a)->hash < (*b)->hash)
-		return -1;
-	return 0;
-	}
-
-static void by_dir_entry_free(BY_DIR_ENTRY *ent)
-	{
-	if (ent->dir)
-		OPENSSL_free(ent->dir);
-	if (ent->hashes)
-		sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
-	OPENSSL_free(ent);
-	}
-
-static void free_dir(X509_LOOKUP *lu)
-	{
-	BY_DIR *a;
-
-	a=(BY_DIR *)lu->method_data;
-	if (a->dirs != NULL)
-		sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
-	if (a->buffer != NULL)
-		BUF_MEM_free(a->buffer);
-	OPENSSL_free(a);
-	}
-
-static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
-	{
-	int j,len;
-	const char *s,*ss,*p;
-
-	if (dir == NULL || !*dir)
-	    {
-	    X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
-	    return 0;
-	    }
-
-	s=dir;
-	p=s;
-	do
-		{
-		if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
-			{
-			BY_DIR_ENTRY *ent;
-			ss=s;
-			s=p+1;
-			len=(int)(p-ss);
-			if (len == 0) continue;
-			for (j=0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++)
-				{
-				ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
-				if (strlen(ent->dir) == (size_t)len &&
-				    strncmp(ent->dir,ss,(unsigned int)len) == 0)
-					break;
-				}
-			if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
-				continue;
-			if (ctx->dirs == NULL)
-				{
-				ctx->dirs = sk_BY_DIR_ENTRY_new_null();
-				if (!ctx->dirs)
-					{
-					X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
-					return 0;
-					}
-				}
-			ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY));
-			if (!ent)
-				return 0;
-			ent->dir_type = type;
-			ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
-			ent->dir = OPENSSL_malloc((unsigned int)len+1);
-			if (!ent->dir || !ent->hashes)
-				{
-				by_dir_entry_free(ent);
-				return 0;
-				}
-			strncpy(ent->dir,ss,(unsigned int)len);
-			ent->dir[len] = '\0';
-			if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent))
-				{
-				by_dir_entry_free(ent);
-				return 0;
-				}
-			}
-		} while (*p++ != '\0');
-	return 1;
-	}
-
-static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
-	     X509_OBJECT *ret)
-	{
-	BY_DIR *ctx;
-	union	{
-		struct	{
-			X509 st_x509;
-			X509_CINF st_x509_cinf;
-			} x509;
-		struct	{
-			X509_CRL st_crl;
-			X509_CRL_INFO st_crl_info;
-			} crl;
-		} data;
-	int ok=0;
-	int i,j,k;
-	unsigned long h;
-	BUF_MEM *b=NULL;
-	X509_OBJECT stmp,*tmp;
-	const char *postfix="";
-
-	if (name == NULL) return(0);
-
-	stmp.type=type;
-	if (type == X509_LU_X509)
-		{
-		data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
-		data.x509.st_x509_cinf.subject=name;
-		stmp.data.x509= &data.x509.st_x509;
-		postfix="";
-		}
-	else if (type == X509_LU_CRL)
-		{
-		data.crl.st_crl.crl= &data.crl.st_crl_info;
-		data.crl.st_crl_info.issuer=name;
-		stmp.data.crl= &data.crl.st_crl;
-		postfix="r";
-		}
-	else
-		{
-		X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
-		goto finish;
-		}
-
-	if ((b=BUF_MEM_new()) == NULL)
-		{
-		X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
-		goto finish;
-		}
-	
-	ctx=(BY_DIR *)xl->method_data;
-
-	h=X509_NAME_hash(name);
-	for (i=0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++)
-		{
-		BY_DIR_ENTRY *ent;
-		int idx;
-		BY_DIR_HASH htmp, *hent;
-		ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
-		j=strlen(ent->dir)+1+8+6+1+1;
-		if (!BUF_MEM_grow(b,j))
-			{
-			X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
-			goto finish;
-			}
-		if (type == X509_LU_CRL && ent->hashes)
-			{
-			htmp.hash = h;
-			CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
-			idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
-			if (idx >= 0)
-				{
-				hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
-				k = hent->suffix;
-				}
-			else
-				{
-				hent = NULL;
-				k=0;
-				}
-			CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
-			}
-		else
-			{
-			k = 0;
-			hent = NULL;
-			}
-		for (;;)
-			{
-			char c = '/';
-#ifdef OPENSSL_SYS_VMS
-			c = ent->dir[strlen(ent->dir)-1];
-			if (c != ':' && c != '>' && c != ']')
-				{
-				/* If no separator is present, we assume the
-				   directory specifier is a logical name, and
-				   add a colon.  We really should use better
-				   VMS routines for merging things like this,
-				   but this will do for now...
-				   -- Richard Levitte */
-				c = ':';
-				}
-			else
-				{
-				c = '\0';
-				}
-#endif
-			if (c == '\0')
-				{
-				/* This is special.  When c == '\0', no
-				   directory separator should be added. */
-				BIO_snprintf(b->data,b->max,
-					"%s%08lx.%s%d",ent->dir,h,
-					postfix,k);
-				}
-			else
-				{
-				BIO_snprintf(b->data,b->max,
-					"%s%c%08lx.%s%d",ent->dir,c,h,
-					postfix,k);
-				}
-#ifndef OPENSSL_NO_POSIX_IO
-#ifdef _WIN32
-#define stat _stat
-#endif
-			{
-			struct stat st;
-			if (stat(b->data,&st) < 0)
-				break;
-			}
-#endif
-			/* found one. */
-			if (type == X509_LU_X509)
-				{
-				if ((X509_load_cert_file(xl,b->data,
-					ent->dir_type)) == 0)
-					break;
-				}
-			else if (type == X509_LU_CRL)
-				{
-				if ((X509_load_crl_file(xl,b->data,
-					ent->dir_type)) == 0)
-					break;
-				}
-			/* else case will caught higher up */
-			k++;
-			}
-
-		/* we have added it to the cache so now pull
-		 * it out again */
-		CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-		j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
-		if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
-		else tmp = NULL;
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-
-		/* If a CRL, update the last file suffix added for this */
-
-		if (type == X509_LU_CRL)
-			{
-			CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-			/* Look for entry again in case another thread added
-			 * an entry first.
-			 */
-			if (!hent)
-				{
-				htmp.hash = h;
-				idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
-				if (idx >= 0)
-					hent =
-					 sk_BY_DIR_HASH_value(ent->hashes, idx);
-				}
-			if (!hent)
-				{
-				hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
-				hent->hash = h;
-				hent->suffix = k;
-				if (!sk_BY_DIR_HASH_push(ent->hashes, hent))
-					{
-					CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-					OPENSSL_free(hent);
-					ok = 0;
-					goto finish;
-					}
-				}
-			else if (hent->suffix < k)
-				hent->suffix = k;
-
-			CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-			}
-
-		if (tmp != NULL)
-			{
-			ok=1;
-			ret->type=tmp->type;
-			memcpy(&ret->data,&tmp->data,sizeof(ret->data));
-			/* If we were going to up the reference count,
-			 * we would need to do it on a perl 'type'
-			 * basis */
-	/*		CRYPTO_add(&tmp->data.x509->references,1,
-				CRYPTO_LOCK_X509);*/
-			goto finish;
-			}
-		}
-finish:
-	if (b != NULL) BUF_MEM_free(b);
-	return(ok);
-	}
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
deleted file mode 100644
index 57b08ee094..0000000000
--- a/crypto/x509/by_file.c
+++ /dev/null
@@ -1,300 +0,0 @@
-/* crypto/x509/by_file.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#ifndef OPENSSL_NO_STDIO
-
-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
-	long argl, char **ret);
-X509_LOOKUP_METHOD x509_file_lookup=
-	{
-	"Load file into cache",
-	NULL,		/* new */
-	NULL,		/* free */
-	NULL, 		/* init */
-	NULL,		/* shutdown */
-	by_file_ctrl,	/* ctrl */
-	NULL,		/* get_by_subject */
-	NULL,		/* get_by_issuer_serial */
-	NULL,		/* get_by_fingerprint */
-	NULL,		/* get_by_alias */
-	};
-
-X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
-	{
-	return(&x509_file_lookup);
-	}
-
-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
-	     char **ret)
-	{
-	int ok=0;
-	char *file;
-
-	switch (cmd)
-		{
-	case X509_L_FILE_LOAD:
-		if (argl == X509_FILETYPE_DEFAULT)
-			{
-			file = (char *)getenv(X509_get_default_cert_file_env());
-			if (file)
-				ok = (X509_load_cert_crl_file(ctx,file,
-					      X509_FILETYPE_PEM) != 0);
-
-			else
-				ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
-					      X509_FILETYPE_PEM) != 0);
-
-			if (!ok)
-				{
-				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
-				}
-			}
-		else
-			{
-			if(argl == X509_FILETYPE_PEM)
-				ok = (X509_load_cert_crl_file(ctx,argp,
-					X509_FILETYPE_PEM) != 0);
-			else
-				ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
-			}
-		break;
-		}
-	return(ok);
-	}
-
-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
-	{
-	int ret=0;
-	BIO *in=NULL;
-	int i,count=0;
-	X509 *x=NULL;
-
-	if (file == NULL) return(1);
-	in=BIO_new(BIO_s_file_internal());
-
-	if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
-		{
-		X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
-		goto err;
-		}
-
-	if (type == X509_FILETYPE_PEM)
-		{
-		for (;;)
-			{
-			x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
-			if (x == NULL)
-				{
-				if ((ERR_GET_REASON(ERR_peek_last_error()) ==
-					PEM_R_NO_START_LINE) && (count > 0))
-					{
-					ERR_clear_error();
-					break;
-					}
-				else
-					{
-					X509err(X509_F_X509_LOAD_CERT_FILE,
-						ERR_R_PEM_LIB);
-					goto err;
-					}
-				}
-			i=X509_STORE_add_cert(ctx->store_ctx,x);
-			if (!i) goto err;
-			count++;
-			X509_free(x);
-			x=NULL;
-			}
-		ret=count;
-		}
-	else if (type == X509_FILETYPE_ASN1)
-		{
-		x=d2i_X509_bio(in,NULL);
-		if (x == NULL)
-			{
-			X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
-			goto err;
-			}
-		i=X509_STORE_add_cert(ctx->store_ctx,x);
-		if (!i) goto err;
-		ret=i;
-		}
-	else
-		{
-		X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
-		goto err;
-		}
-err:
-	if (x != NULL) X509_free(x);
-	if (in != NULL) BIO_free(in);
-	return(ret);
-	}
-
-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
-	{
-	int ret=0;
-	BIO *in=NULL;
-	int i,count=0;
-	X509_CRL *x=NULL;
-
-	if (file == NULL) return(1);
-	in=BIO_new(BIO_s_file_internal());
-
-	if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
-		{
-		X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
-		goto err;
-		}
-
-	if (type == X509_FILETYPE_PEM)
-		{
-		for (;;)
-			{
-			x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
-			if (x == NULL)
-				{
-				if ((ERR_GET_REASON(ERR_peek_last_error()) ==
-					PEM_R_NO_START_LINE) && (count > 0))
-					{
-					ERR_clear_error();
-					break;
-					}
-				else
-					{
-					X509err(X509_F_X509_LOAD_CRL_FILE,
-						ERR_R_PEM_LIB);
-					goto err;
-					}
-				}
-			i=X509_STORE_add_crl(ctx->store_ctx,x);
-			if (!i) goto err;
-			count++;
-			X509_CRL_free(x);
-			x=NULL;
-			}
-		ret=count;
-		}
-	else if (type == X509_FILETYPE_ASN1)
-		{
-		x=d2i_X509_CRL_bio(in,NULL);
-		if (x == NULL)
-			{
-			X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
-			goto err;
-			}
-		i=X509_STORE_add_crl(ctx->store_ctx,x);
-		if (!i) goto err;
-		ret=i;
-		}
-	else
-		{
-		X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
-		goto err;
-		}
-err:
-	if (x != NULL) X509_CRL_free(x);
-	if (in != NULL) BIO_free(in);
-	return(ret);
-	}
-
-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
-{
-	STACK_OF(X509_INFO) *inf;
-	X509_INFO *itmp;
-	BIO *in;
-	int i, count = 0;
-	if(type != X509_FILETYPE_PEM)
-		return X509_load_cert_file(ctx, file, type);
-	in = BIO_new_file(file, "r");
-	if(!in) {
-		X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
-		return 0;
-	}
-	inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
-	BIO_free(in);
-	if(!inf) {
-		X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
-		return 0;
-	}
-	for(i = 0; i < sk_X509_INFO_num(inf); i++) {
-		itmp = sk_X509_INFO_value(inf, i);
-		if(itmp->x509) {
-			X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
-			count++;
-		}
-		if(itmp->crl) {
-			X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
-			count++;
-		}
-	}
-	sk_X509_INFO_pop_free(inf, X509_INFO_free);
-	return count;
-}
-
-
-#endif /* OPENSSL_NO_STDIO */
-
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
deleted file mode 100644
index ed767f84dd..0000000000
--- a/crypto/x509/x509.h
+++ /dev/null
@@ -1,1298 +0,0 @@
-/* crypto/x509/x509.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_X509_H
-#define HEADER_X509_H
-
-#include <openssl/e_os2.h>
-#include <openssl/symhacks.h>
-#ifndef OPENSSL_NO_BUFFER
-#include <openssl/buffer.h>
-#endif
-#ifndef OPENSSL_NO_EVP
-#include <openssl/evp.h>
-#endif
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/stack.h>
-#include <openssl/asn1.h>
-#include <openssl/safestack.h>
-
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-
-#ifndef OPENSSL_NO_DEPRECATED
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#endif
-
-#ifndef OPENSSL_NO_SHA
-#include <openssl/sha.h>
-#endif
-#include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#undef X509_NAME
-#undef X509_CERT_PAIR
-#undef X509_EXTENSIONS
-#endif
-
-#define X509_FILETYPE_PEM	1
-#define X509_FILETYPE_ASN1	2
-#define X509_FILETYPE_DEFAULT	3
-
-#define X509v3_KU_DIGITAL_SIGNATURE	0x0080
-#define X509v3_KU_NON_REPUDIATION	0x0040
-#define X509v3_KU_KEY_ENCIPHERMENT	0x0020
-#define X509v3_KU_DATA_ENCIPHERMENT	0x0010
-#define X509v3_KU_KEY_AGREEMENT		0x0008
-#define X509v3_KU_KEY_CERT_SIGN		0x0004
-#define X509v3_KU_CRL_SIGN		0x0002
-#define X509v3_KU_ENCIPHER_ONLY		0x0001
-#define X509v3_KU_DECIPHER_ONLY		0x8000
-#define X509v3_KU_UNDEF			0xffff
-
-typedef struct X509_objects_st
-	{
-	int nid;
-	int (*a2i)(void);
-	int (*i2a)(void);
-	} X509_OBJECTS;
-
-struct X509_algor_st
-	{
-	ASN1_OBJECT *algorithm;
-	ASN1_TYPE *parameter;
-	} /* X509_ALGOR */;
-
-DECLARE_ASN1_SET_OF(X509_ALGOR)
-
-typedef STACK_OF(X509_ALGOR) X509_ALGORS;
-
-typedef struct X509_val_st
-	{
-	ASN1_TIME *notBefore;
-	ASN1_TIME *notAfter;
-	} X509_VAL;
-
-struct X509_pubkey_st
-	{
-	X509_ALGOR *algor;
-	ASN1_BIT_STRING *public_key;
-	EVP_PKEY *pkey;
-	};
-
-typedef struct X509_sig_st
-	{
-	X509_ALGOR *algor;
-	ASN1_OCTET_STRING *digest;
-	} X509_SIG;
-
-typedef struct X509_name_entry_st
-	{
-	ASN1_OBJECT *object;
-	ASN1_STRING *value;
-	int set;
-	int size; 	/* temp variable */
-	} X509_NAME_ENTRY;
-
-DECLARE_STACK_OF(X509_NAME_ENTRY)
-DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
-
-/* we always keep X509_NAMEs in 2 forms. */
-struct X509_name_st
-	{
-	STACK_OF(X509_NAME_ENTRY) *entries;
-	int modified;	/* true if 'bytes' needs to be built */
-#ifndef OPENSSL_NO_BUFFER
-	BUF_MEM *bytes;
-#else
-	char *bytes;
-#endif
-/*	unsigned long hash; Keep the hash around for lookups */
-	unsigned char *canon_enc;
-	int canon_enclen;
-	} /* X509_NAME */;
-
-DECLARE_STACK_OF(X509_NAME)
-
-#define X509_EX_V_NETSCAPE_HACK		0x8000
-#define X509_EX_V_INIT			0x0001
-typedef struct X509_extension_st
-	{
-	ASN1_OBJECT *object;
-	ASN1_BOOLEAN critical;
-	ASN1_OCTET_STRING *value;
-	} X509_EXTENSION;
-
-typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
-
-DECLARE_STACK_OF(X509_EXTENSION)
-DECLARE_ASN1_SET_OF(X509_EXTENSION)
-
-/* a sequence of these are used */
-typedef struct x509_attributes_st
-	{
-	ASN1_OBJECT *object;
-	int single; /* 0 for a set, 1 for a single item (which is wrong) */
-	union	{
-		char		*ptr;
-/* 0 */		STACK_OF(ASN1_TYPE) *set;
-/* 1 */		ASN1_TYPE	*single;
-		} value;
-	} X509_ATTRIBUTE;
-
-DECLARE_STACK_OF(X509_ATTRIBUTE)
-DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
-
-
-typedef struct X509_req_info_st
-	{
-	ASN1_ENCODING enc;
-	ASN1_INTEGER *version;
-	X509_NAME *subject;
-	X509_PUBKEY *pubkey;
-	/*  d=2 hl=2 l=  0 cons: cont: 00 */
-	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-	} X509_REQ_INFO;
-
-typedef struct X509_req_st
-	{
-	X509_REQ_INFO *req_info;
-	X509_ALGOR *sig_alg;
-	ASN1_BIT_STRING *signature;
-	int references;
-	} X509_REQ;
-
-typedef struct x509_cinf_st
-	{
-	ASN1_INTEGER *version;		/* [ 0 ] default of v1 */
-	ASN1_INTEGER *serialNumber;
-	X509_ALGOR *signature;
-	X509_NAME *issuer;
-	X509_VAL *validity;
-	X509_NAME *subject;
-	X509_PUBKEY *key;
-	ASN1_BIT_STRING *issuerUID;		/* [ 1 ] optional in v2 */
-	ASN1_BIT_STRING *subjectUID;		/* [ 2 ] optional in v2 */
-	STACK_OF(X509_EXTENSION) *extensions;	/* [ 3 ] optional in v3 */
-	ASN1_ENCODING enc;
-	} X509_CINF;
-
-/* This stuff is certificate "auxiliary info"
- * it contains details which are useful in certificate
- * stores and databases. When used this is tagged onto
- * the end of the certificate itself
- */
-
-typedef struct x509_cert_aux_st
-	{
-	STACK_OF(ASN1_OBJECT) *trust;		/* trusted uses */
-	STACK_OF(ASN1_OBJECT) *reject;		/* rejected uses */
-	ASN1_UTF8STRING *alias;			/* "friendly name" */
-	ASN1_OCTET_STRING *keyid;		/* key id of private key */
-	STACK_OF(X509_ALGOR) *other;		/* other unspecified info */
-	} X509_CERT_AUX;
-
-struct x509_st
-	{
-	X509_CINF *cert_info;
-	X509_ALGOR *sig_alg;
-	ASN1_BIT_STRING *signature;
-	int valid;
-	int references;
-	char *name;
-	CRYPTO_EX_DATA ex_data;
-	/* These contain copies of various extension values */
-	long ex_pathlen;
-	long ex_pcpathlen;
-	unsigned long ex_flags;
-	unsigned long ex_kusage;
-	unsigned long ex_xkusage;
-	unsigned long ex_nscert;
-	ASN1_OCTET_STRING *skid;
-	AUTHORITY_KEYID *akid;
-	X509_POLICY_CACHE *policy_cache;
-	STACK_OF(DIST_POINT) *crldp;
-	STACK_OF(GENERAL_NAME) *altname;
-	NAME_CONSTRAINTS *nc;
-#ifndef OPENSSL_NO_RFC3779
-	STACK_OF(IPAddressFamily) *rfc3779_addr;
-	struct ASIdentifiers_st *rfc3779_asid;
-#endif
-#ifndef OPENSSL_NO_SHA
-	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-#endif
-	X509_CERT_AUX *aux;
-	} /* X509 */;
-
-DECLARE_STACK_OF(X509)
-DECLARE_ASN1_SET_OF(X509)
-
-/* This is used for a table of trust checking functions */
-
-typedef struct x509_trust_st {
-	int trust;
-	int flags;
-	int (*check_trust)(struct x509_trust_st *, X509 *, int);
-	char *name;
-	int arg1;
-	void *arg2;
-} X509_TRUST;
-
-DECLARE_STACK_OF(X509_TRUST)
-
-typedef struct x509_cert_pair_st {
-	X509 *forward;
-	X509 *reverse;
-} X509_CERT_PAIR;
-
-/* standard trust ids */
-
-#define X509_TRUST_DEFAULT	-1	/* Only valid in purpose settings */
-
-#define X509_TRUST_COMPAT	1
-#define X509_TRUST_SSL_CLIENT	2
-#define X509_TRUST_SSL_SERVER	3
-#define X509_TRUST_EMAIL	4
-#define X509_TRUST_OBJECT_SIGN	5
-#define X509_TRUST_OCSP_SIGN	6
-#define X509_TRUST_OCSP_REQUEST	7
-#define X509_TRUST_TSA		8
-
-/* Keep these up to date! */
-#define X509_TRUST_MIN		1
-#define X509_TRUST_MAX		8
-
-
-/* trust_flags values */
-#define	X509_TRUST_DYNAMIC 	1
-#define	X509_TRUST_DYNAMIC_NAME	2
-
-/* check_trust return codes */
-
-#define X509_TRUST_TRUSTED	1
-#define X509_TRUST_REJECTED	2
-#define X509_TRUST_UNTRUSTED	3
-
-/* Flags for X509_print_ex() */
-
-#define	X509_FLAG_COMPAT		0
-#define	X509_FLAG_NO_HEADER		1L
-#define	X509_FLAG_NO_VERSION		(1L << 1)
-#define	X509_FLAG_NO_SERIAL		(1L << 2)
-#define	X509_FLAG_NO_SIGNAME		(1L << 3)
-#define	X509_FLAG_NO_ISSUER		(1L << 4)
-#define	X509_FLAG_NO_VALIDITY		(1L << 5)
-#define	X509_FLAG_NO_SUBJECT		(1L << 6)
-#define	X509_FLAG_NO_PUBKEY		(1L << 7)
-#define	X509_FLAG_NO_EXTENSIONS		(1L << 8)
-#define	X509_FLAG_NO_SIGDUMP		(1L << 9)
-#define	X509_FLAG_NO_AUX		(1L << 10)
-#define	X509_FLAG_NO_ATTRIBUTES		(1L << 11)
-
-/* Flags specific to X509_NAME_print_ex() */	
-
-/* The field separator information */
-
-#define XN_FLAG_SEP_MASK	(0xf << 16)
-
-#define XN_FLAG_COMPAT		0		/* Traditional SSLeay: use old X509_NAME_print */
-#define XN_FLAG_SEP_COMMA_PLUS	(1 << 16)	/* RFC2253 ,+ */
-#define XN_FLAG_SEP_CPLUS_SPC	(2 << 16)	/* ,+ spaced: more readable */
-#define XN_FLAG_SEP_SPLUS_SPC	(3 << 16)	/* ;+ spaced */
-#define XN_FLAG_SEP_MULTILINE	(4 << 16)	/* One line per field */
-
-#define XN_FLAG_DN_REV		(1 << 20)	/* Reverse DN order */
-
-/* How the field name is shown */
-
-#define XN_FLAG_FN_MASK		(0x3 << 21)
-
-#define XN_FLAG_FN_SN		0		/* Object short name */
-#define XN_FLAG_FN_LN		(1 << 21)	/* Object long name */
-#define XN_FLAG_FN_OID		(2 << 21)	/* Always use OIDs */
-#define XN_FLAG_FN_NONE		(3 << 21)	/* No field names */
-
-#define XN_FLAG_SPC_EQ		(1 << 23)	/* Put spaces round '=' */
-
-/* This determines if we dump fields we don't recognise:
- * RFC2253 requires this.
- */
-
-#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
-
-#define XN_FLAG_FN_ALIGN	(1 << 25)	/* Align field names to 20 characters */
-
-/* Complete set of RFC2253 flags */
-
-#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
-			XN_FLAG_SEP_COMMA_PLUS | \
-			XN_FLAG_DN_REV | \
-			XN_FLAG_FN_SN | \
-			XN_FLAG_DUMP_UNKNOWN_FIELDS)
-
-/* readable oneline form */
-
-#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
-			ASN1_STRFLGS_ESC_QUOTE | \
-			XN_FLAG_SEP_CPLUS_SPC | \
-			XN_FLAG_SPC_EQ | \
-			XN_FLAG_FN_SN)
-
-/* readable multiline form */
-
-#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
-			ASN1_STRFLGS_ESC_MSB | \
-			XN_FLAG_SEP_MULTILINE | \
-			XN_FLAG_SPC_EQ | \
-			XN_FLAG_FN_LN | \
-			XN_FLAG_FN_ALIGN)
-
-struct x509_revoked_st
-	{
-	ASN1_INTEGER *serialNumber;
-	ASN1_TIME *revocationDate;
-	STACK_OF(X509_EXTENSION) /* optional */ *extensions;
-	/* Set up if indirect CRL */
-	STACK_OF(GENERAL_NAME) *issuer;
-	/* Revocation reason */
-	int reason;
-	int sequence; /* load sequence */
-	};
-
-DECLARE_STACK_OF(X509_REVOKED)
-DECLARE_ASN1_SET_OF(X509_REVOKED)
-
-typedef struct X509_crl_info_st
-	{
-	ASN1_INTEGER *version;
-	X509_ALGOR *sig_alg;
-	X509_NAME *issuer;
-	ASN1_TIME *lastUpdate;
-	ASN1_TIME *nextUpdate;
-	STACK_OF(X509_REVOKED) *revoked;
-	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
-	ASN1_ENCODING enc;
-	} X509_CRL_INFO;
-
-struct X509_crl_st
-	{
-	/* actual signature */
-	X509_CRL_INFO *crl;
-	X509_ALGOR *sig_alg;
-	ASN1_BIT_STRING *signature;
-	int references;
-	int flags;
-	/* Copies of various extensions */
-	AUTHORITY_KEYID *akid;
-	ISSUING_DIST_POINT *idp;
-	/* Convenient breakdown of IDP */
-	int idp_flags;
-	int idp_reasons;
-	/* CRL and base CRL numbers for delta processing */
-	ASN1_INTEGER *crl_number;
-	ASN1_INTEGER *base_crl_number;
-#ifndef OPENSSL_NO_SHA
-	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-#endif
-	STACK_OF(GENERAL_NAMES) *issuers;
-	const X509_CRL_METHOD *meth;
-	void *meth_data;
-	} /* X509_CRL */;
-
-DECLARE_STACK_OF(X509_CRL)
-DECLARE_ASN1_SET_OF(X509_CRL)
-
-typedef struct private_key_st
-	{
-	int version;
-	/* The PKCS#8 data types */
-	X509_ALGOR *enc_algor;
-	ASN1_OCTET_STRING *enc_pkey;	/* encrypted pub key */
-
-	/* When decrypted, the following will not be NULL */
-	EVP_PKEY *dec_pkey;
-
-	/* used to encrypt and decrypt */
-	int key_length;
-	char *key_data;
-	int key_free;	/* true if we should auto free key_data */
-
-	/* expanded version of 'enc_algor' */
-	EVP_CIPHER_INFO cipher;
-
-	int references;
-	} X509_PKEY;
-
-#ifndef OPENSSL_NO_EVP
-typedef struct X509_info_st
-	{
-	X509 *x509;
-	X509_CRL *crl;
-	X509_PKEY *x_pkey;
-
-	EVP_CIPHER_INFO enc_cipher;
-	int enc_len;
-	char *enc_data;
-
-	int references;
-	} X509_INFO;
-
-DECLARE_STACK_OF(X509_INFO)
-#endif
-
-/* The next 2 structures and their 8 routines were sent to me by
- * Pat Richard <patr@x509.com> and are used to manipulate
- * Netscapes spki structures - useful if you are writing a CA web page
- */
-typedef struct Netscape_spkac_st
-	{
-	X509_PUBKEY *pubkey;
-	ASN1_IA5STRING *challenge;	/* challenge sent in atlas >= PR2 */
-	} NETSCAPE_SPKAC;
-
-typedef struct Netscape_spki_st
-	{
-	NETSCAPE_SPKAC *spkac;	/* signed public key and challenge */
-	X509_ALGOR *sig_algor;
-	ASN1_BIT_STRING *signature;
-	} NETSCAPE_SPKI;
-
-/* Netscape certificate sequence structure */
-typedef struct Netscape_certificate_sequence
-	{
-	ASN1_OBJECT *type;
-	STACK_OF(X509) *certs;
-	} NETSCAPE_CERT_SEQUENCE;
-
-/* Unused (and iv length is wrong)
-typedef struct CBCParameter_st
-	{
-	unsigned char iv[8];
-	} CBC_PARAM;
-*/
-
-/* Password based encryption structure */
-
-typedef struct PBEPARAM_st {
-ASN1_OCTET_STRING *salt;
-ASN1_INTEGER *iter;
-} PBEPARAM;
-
-/* Password based encryption V2 structures */
-
-typedef struct PBE2PARAM_st {
-X509_ALGOR *keyfunc;
-X509_ALGOR *encryption;
-} PBE2PARAM;
-
-typedef struct PBKDF2PARAM_st {
-ASN1_TYPE *salt;	/* Usually OCTET STRING but could be anything */
-ASN1_INTEGER *iter;
-ASN1_INTEGER *keylength;
-X509_ALGOR *prf;
-} PBKDF2PARAM;
-
-
-/* PKCS#8 private key info structure */
-
-struct pkcs8_priv_key_info_st
-        {
-        int broken;     /* Flag for various broken formats */
-#define PKCS8_OK		0
-#define PKCS8_NO_OCTET		1
-#define PKCS8_EMBEDDED_PARAM	2
-#define PKCS8_NS_DB		3
-#define PKCS8_NEG_PRIVKEY	4
-        ASN1_INTEGER *version;
-        X509_ALGOR *pkeyalg;
-        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
-        STACK_OF(X509_ATTRIBUTE) *attributes;
-        };
-
-#ifdef  __cplusplus
-}
-#endif
-
-#include <openssl/x509_vfy.h>
-#include <openssl/pkcs7.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define X509_EXT_PACK_UNKNOWN	1
-#define X509_EXT_PACK_STRING	2
-
-#define		X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
-/* #define	X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
-#define		X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
-#define		X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
-#define		X509_extract_key(x)	X509_get_pubkey(x) /*****/
-#define		X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
-#define		X509_REQ_get_subject_name(x) ((x)->req_info->subject)
-#define		X509_REQ_extract_key(a)	X509_REQ_get_pubkey(a)
-#define		X509_name_cmp(a,b)	X509_NAME_cmp((a),(b))
-#define		X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
-
-#define		X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
-#define 	X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-#define 	X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-#define		X509_CRL_get_issuer(x) ((x)->crl->issuer)
-#define		X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
-
-void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
-X509_CRL_METHOD *X509_CRL_METHOD_new(
-	int (*crl_init)(X509_CRL *crl),
-	int (*crl_free)(X509_CRL *crl),
-	int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
-				ASN1_INTEGER *ser, X509_NAME *issuer),
-	int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk));
-void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
-
-void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
-void *X509_CRL_get_meth_data(X509_CRL *crl);
-
-/* This one is only used so that a binary form can output, as in
- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
-#define 	X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
-
-
-const char *X509_verify_cert_error_string(long n);
-
-#ifndef OPENSSL_NO_EVP
-int X509_verify(X509 *a, EVP_PKEY *r);
-
-int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
-
-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
-EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
-int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
-
-int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
-
-int X509_signature_dump(BIO *bp,const ASN1_STRING *sig, int indent);
-int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
-
-int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
-
-int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-int X509_digest(const X509 *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-X509 *d2i_X509_fp(FILE *fp, X509 **x509);
-int i2d_X509_fp(FILE *fp,X509 *x509);
-X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
-int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
-int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
-#ifndef OPENSSL_NO_RSA
-RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
-int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
-RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
-int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
-RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
-int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
-#endif
-#ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
-int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
-#endif
-#ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
-int   i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
-int   i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
-#endif
-X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
-int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
-						PKCS8_PRIV_KEY_INFO **p8inf);
-int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
-int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
-int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
-int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-X509 *d2i_X509_bio(BIO *bp,X509 **x509);
-int i2d_X509_bio(BIO *bp,X509 *x509);
-X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
-int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
-int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
-#ifndef OPENSSL_NO_RSA
-RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
-int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
-RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
-int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
-RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
-int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
-#endif
-#ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
-int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
-#endif
-#ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
-int   i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
-int   i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
-#endif
-X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
-int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
-						PKCS8_PRIV_KEY_INFO **p8inf);
-int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
-int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
-int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
-int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
-#endif
-
-X509 *X509_dup(X509 *x509);
-X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
-X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
-X509_CRL *X509_CRL_dup(X509_CRL *crl);
-X509_REQ *X509_REQ_dup(X509_REQ *req);
-X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-						X509_ALGOR *algor);
-void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
-int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
-
-X509_NAME *X509_NAME_dup(X509_NAME *xn);
-X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
-
-int		X509_cmp_time(const ASN1_TIME *s, time_t *t);
-int		X509_cmp_current_time(const ASN1_TIME *s);
-ASN1_TIME *	X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
-ASN1_TIME *	X509_time_adj_ex(ASN1_TIME *s,
-				int offset_day, long offset_sec, time_t *t);
-ASN1_TIME *	X509_gmtime_adj(ASN1_TIME *s, long adj);
-
-const char *	X509_get_default_cert_area(void );
-const char *	X509_get_default_cert_dir(void );
-const char *	X509_get_default_cert_file(void );
-const char *	X509_get_default_cert_dir_env(void );
-const char *	X509_get_default_cert_file_env(void );
-const char *	X509_get_default_private_dir(void );
-
-X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
-X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
-
-DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
-DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
-DECLARE_ASN1_FUNCTIONS(X509_VAL)
-
-DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
-
-int		X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
-EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);
-int		X509_get_pubkey_parameters(EVP_PKEY *pkey,
-					   STACK_OF(X509) *chain);
-int		i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
-EVP_PKEY *	d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp,
-			long length);
-#ifndef OPENSSL_NO_RSA
-int		i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
-RSA *		d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp,
-			long length);
-#endif
-#ifndef OPENSSL_NO_DSA
-int		i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
-DSA *		d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp,
-			long length);
-#endif
-#ifndef OPENSSL_NO_EC
-int		i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
-EC_KEY 		*d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,
-			long length);
-#endif
-
-DECLARE_ASN1_FUNCTIONS(X509_SIG)
-DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
-DECLARE_ASN1_FUNCTIONS(X509_REQ)
-
-DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
-
-DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
-DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
-
-DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
-
-DECLARE_ASN1_FUNCTIONS(X509_NAME)
-
-int		X509_NAME_set(X509_NAME **xn, X509_NAME *name);
-
-DECLARE_ASN1_FUNCTIONS(X509_CINF)
-
-DECLARE_ASN1_FUNCTIONS(X509)
-DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
-
-DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)
-
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int X509_set_ex_data(X509 *r, int idx, void *arg);
-void *X509_get_ex_data(X509 *r, int idx);
-int		i2d_X509_AUX(X509 *a,unsigned char **pp);
-X509 *		d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
-
-int X509_alias_set1(X509 *x, unsigned char *name, int len);
-int X509_keyid_set1(X509 *x, unsigned char *id, int len);
-unsigned char * X509_alias_get0(X509 *x, int *len);
-unsigned char * X509_keyid_get0(X509 *x, int *len);
-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
-int X509_TRUST_set(int *t, int trust);
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
-void X509_trust_clear(X509 *x);
-void X509_reject_clear(X509 *x);
-
-DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
-DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
-DECLARE_ASN1_FUNCTIONS(X509_CRL)
-
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-int X509_CRL_get0_by_serial(X509_CRL *crl,
-		X509_REVOKED **ret, ASN1_INTEGER *serial);
-int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
-
-X509_PKEY *	X509_PKEY_new(void );
-void		X509_PKEY_free(X509_PKEY *a);
-int		i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
-X509_PKEY *	d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length);
-
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
-
-#ifndef OPENSSL_NO_EVP
-X509_INFO *	X509_INFO_new(void);
-void		X509_INFO_free(X509_INFO *a);
-char *		X509_NAME_oneline(X509_NAME *a,char *buf,int size);
-
-int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
-		ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
-
-int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data,
-		unsigned char *md,unsigned int *len);
-
-int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
-	      X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
-	      char *data,EVP_PKEY *pkey, const EVP_MD *type);
-
-int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
-	unsigned char *md,unsigned int *len);
-
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
-	ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
-
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
-	ASN1_BIT_STRING *signature,
-	void *data, EVP_PKEY *pkey, const EVP_MD *type);
-int ASN1_item_sign_ctx(const ASN1_ITEM *it,
-		X509_ALGOR *algor1, X509_ALGOR *algor2,
-	     	ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx);
-#endif
-
-int 		X509_set_version(X509 *x,long version);
-int 		X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
-ASN1_INTEGER *	X509_get_serialNumber(X509 *x);
-int 		X509_set_issuer_name(X509 *x, X509_NAME *name);
-X509_NAME *	X509_get_issuer_name(X509 *a);
-int 		X509_set_subject_name(X509 *x, X509_NAME *name);
-X509_NAME *	X509_get_subject_name(X509 *a);
-int 		X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
-int 		X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
-int 		X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
-EVP_PKEY *	X509_get_pubkey(X509 *x);
-ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
-int		X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
-
-int		X509_REQ_set_version(X509_REQ *x,long version);
-int		X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
-int		X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
-EVP_PKEY *	X509_REQ_get_pubkey(X509_REQ *req);
-int		X509_REQ_extension_nid(int nid);
-int *		X509_REQ_get_extension_nids(void);
-void		X509_REQ_set_extension_nids(int *nids);
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
-int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
-				int nid);
-int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
-int X509_REQ_get_attr_count(const X509_REQ *req);
-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
-			  int lastpos);
-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
-			  int lastpos);
-X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
-X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
-int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len);
-int X509_REQ_add1_attr_by_NID(X509_REQ *req,
-			int nid, int type,
-			const unsigned char *bytes, int len);
-int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len);
-
-int X509_CRL_set_version(X509_CRL *x, long version);
-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
-int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
-int X509_CRL_sort(X509_CRL *crl);
-
-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
-int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
-
-int		X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
-
-int		X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
-
-int		X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
-unsigned long	X509_issuer_and_serial_hash(X509 *a);
-
-int		X509_issuer_name_cmp(const X509 *a, const X509 *b);
-unsigned long	X509_issuer_name_hash(X509 *a);
-
-int		X509_subject_name_cmp(const X509 *a, const X509 *b);
-unsigned long	X509_subject_name_hash(X509 *x);
-
-#ifndef OPENSSL_NO_MD5
-unsigned long	X509_issuer_name_hash_old(X509 *a);
-unsigned long	X509_subject_name_hash_old(X509 *x);
-#endif
-
-int		X509_cmp(const X509 *a, const X509 *b);
-int		X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
-unsigned long	X509_NAME_hash(X509_NAME *x);
-unsigned long	X509_NAME_hash_old(X509_NAME *x);
-
-int		X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
-int		X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
-#ifndef OPENSSL_NO_FP_API
-int		X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
-int		X509_print_fp(FILE *bp,X509 *x);
-int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);
-int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
-int		X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
-int		X509_print(BIO *bp,X509 *x);
-int		X509_ocspid_print(BIO *bp,X509 *x);
-int		X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
-int		X509_CRL_print(BIO *bp,X509_CRL *x);
-int		X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
-int		X509_REQ_print(BIO *bp,X509_REQ *req);
-#endif
-
-int 		X509_NAME_entry_count(X509_NAME *name);
-int 		X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
-			char *buf,int len);
-int		X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
-			char *buf,int len);
-
-/* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
- * lastpos, search after that position on. */
-int 		X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-int 		X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
-			int lastpos);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-int 		X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
-			int loc, int set);
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
-			unsigned char *bytes, int len, int loc, int set);
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
-			unsigned char *bytes, int len, int loc, int set);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
-		const char *field, int type, const unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
-			int type,unsigned char *bytes, int len);
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
-			const unsigned char *bytes, int len, int loc, int set);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-			ASN1_OBJECT *obj, int type,const unsigned char *bytes,
-			int len);
-int 		X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
-			ASN1_OBJECT *obj);
-int 		X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
-			const unsigned char *bytes, int len);
-ASN1_OBJECT *	X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-ASN1_STRING *	X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-
-int		X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
-int		X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
-				      int nid, int lastpos);
-int		X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
-				      ASN1_OBJECT *obj,int lastpos);
-int		X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
-					   int crit, int lastpos);
-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
-X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
-STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
-					 X509_EXTENSION *ex, int loc);
-
-int		X509_get_ext_count(X509 *x);
-int		X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
-int		X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
-int		X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
-X509_EXTENSION *X509_get_ext(X509 *x, int loc);
-X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
-int		X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
-void	*	X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
-int		X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
-							unsigned long flags);
-
-int		X509_CRL_get_ext_count(X509_CRL *x);
-int		X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
-int		X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
-int		X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
-X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
-int		X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
-void	*	X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
-int		X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
-							unsigned long flags);
-
-int		X509_REVOKED_get_ext_count(X509_REVOKED *x);
-int		X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
-int		X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
-int		X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
-int		X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
-void	*	X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
-int		X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
-							unsigned long flags);
-
-X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
-			int nid, int crit, ASN1_OCTET_STRING *data);
-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
-			ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
-int		X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
-int		X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
-int		X509_EXTENSION_set_data(X509_EXTENSION *ex,
-			ASN1_OCTET_STRING *data);
-ASN1_OBJECT *	X509_EXTENSION_get_object(X509_EXTENSION *ex);
-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
-int		X509_EXTENSION_get_critical(X509_EXTENSION *ex);
-
-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
-			  int lastpos);
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
-			  int lastpos);
-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
-					 X509_ATTRIBUTE *attr);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
-			int nid, int type,
-			const unsigned char *bytes, int len);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len);
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
-				ASN1_OBJECT *obj, int lastpos, int type);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-	     int atrtype, const void *data, int len);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-	     const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-		const char *atrname, int type, const unsigned char *bytes, int len);
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
-					int atrtype, void *data);
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
-
-int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
-			  int lastpos);
-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
-			  int lastpos);
-X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
-X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
-int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
-int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len);
-int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
-			int nid, int type,
-			const unsigned char *bytes, int len);
-int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len);
-
-int		X509_verify_cert(X509_STORE_CTX *ctx);
-
-/* lookup a cert from a X509 STACK */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
-				     ASN1_INTEGER *serial);
-X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
-
-DECLARE_ASN1_FUNCTIONS(PBEPARAM)
-DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
-DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
-
-int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
-				const unsigned char *salt, int saltlen);
-
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
-				const unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-					 unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
-				 unsigned char *salt, int saltlen,
-				 unsigned char *aiv, int prf_nid);
-
-X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
-				int prf_nid, int keylen);
-
-/* PKCS#8 utilities */
-
-DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
-
-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
-
-int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
-			int version, int ptype, void *pval,
-				unsigned char *penc, int penclen);
-int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
-		const unsigned char **pk, int *ppklen,
-		X509_ALGOR **pa,
-		PKCS8_PRIV_KEY_INFO *p8);
-
-int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
-					int ptype, void *pval,
-					unsigned char *penc, int penclen);
-int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
-		const unsigned char **pk, int *ppklen,
-		X509_ALGOR **pa,
-		X509_PUBKEY *pub);
-
-int X509_check_trust(X509 *x, int id, int flags);
-int X509_TRUST_get_count(void);
-X509_TRUST * X509_TRUST_get0(int idx);
-int X509_TRUST_get_by_id(int id);
-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
-					char *name, int arg1, void *arg2);
-void X509_TRUST_cleanup(void);
-int X509_TRUST_get_flags(X509_TRUST *xp);
-char *X509_TRUST_get0_name(X509_TRUST *xp);
-int X509_TRUST_get_trust(X509_TRUST *xp);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_X509_strings(void);
-
-/* Error codes for the X509 functions. */
-
-/* Function codes. */
-#define X509_F_ADD_CERT_DIR				 100
-#define X509_F_BY_FILE_CTRL				 101
-#define X509_F_CHECK_POLICY				 145
-#define X509_F_DIR_CTRL					 102
-#define X509_F_GET_CERT_BY_SUBJECT			 103
-#define X509_F_NETSCAPE_SPKI_B64_DECODE			 129
-#define X509_F_NETSCAPE_SPKI_B64_ENCODE			 130
-#define X509_F_X509AT_ADD1_ATTR				 135
-#define X509_F_X509V3_ADD_EXT				 104
-#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID		 136
-#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ		 137
-#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT		 140
-#define X509_F_X509_ATTRIBUTE_GET0_DATA			 139
-#define X509_F_X509_ATTRIBUTE_SET1_DATA			 138
-#define X509_F_X509_CHECK_PRIVATE_KEY			 128
-#define X509_F_X509_CRL_PRINT_FP			 147
-#define X509_F_X509_EXTENSION_CREATE_BY_NID		 108
-#define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109
-#define X509_F_X509_GET_PUBKEY_PARAMETERS		 110
-#define X509_F_X509_LOAD_CERT_CRL_FILE			 132
-#define X509_F_X509_LOAD_CERT_FILE			 111
-#define X509_F_X509_LOAD_CRL_FILE			 112
-#define X509_F_X509_NAME_ADD_ENTRY			 113
-#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID		 114
-#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT		 131
-#define X509_F_X509_NAME_ENTRY_SET_OBJECT		 115
-#define X509_F_X509_NAME_ONELINE			 116
-#define X509_F_X509_NAME_PRINT				 117
-#define X509_F_X509_PRINT_EX_FP				 118
-#define X509_F_X509_PUBKEY_GET				 119
-#define X509_F_X509_PUBKEY_SET				 120
-#define X509_F_X509_REQ_CHECK_PRIVATE_KEY		 144
-#define X509_F_X509_REQ_PRINT_EX			 121
-#define X509_F_X509_REQ_PRINT_FP			 122
-#define X509_F_X509_REQ_TO_X509				 123
-#define X509_F_X509_STORE_ADD_CERT			 124
-#define X509_F_X509_STORE_ADD_CRL			 125
-#define X509_F_X509_STORE_CTX_GET1_ISSUER		 146
-#define X509_F_X509_STORE_CTX_INIT			 143
-#define X509_F_X509_STORE_CTX_NEW			 142
-#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT		 134
-#define X509_F_X509_TO_X509_REQ				 126
-#define X509_F_X509_TRUST_ADD				 133
-#define X509_F_X509_TRUST_SET				 141
-#define X509_F_X509_VERIFY_CERT				 127
-
-/* Reason codes. */
-#define X509_R_BAD_X509_FILETYPE			 100
-#define X509_R_BASE64_DECODE_ERROR			 118
-#define X509_R_CANT_CHECK_DH_KEY			 114
-#define X509_R_CERT_ALREADY_IN_HASH_TABLE		 101
-#define X509_R_ERR_ASN1_LIB				 102
-#define X509_R_INVALID_DIRECTORY			 113
-#define X509_R_INVALID_FIELD_NAME			 119
-#define X509_R_INVALID_TRUST				 123
-#define X509_R_KEY_TYPE_MISMATCH			 115
-#define X509_R_KEY_VALUES_MISMATCH			 116
-#define X509_R_LOADING_CERT_DIR				 103
-#define X509_R_LOADING_DEFAULTS				 104
-#define X509_R_METHOD_NOT_SUPPORTED			 124
-#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY		 105
-#define X509_R_PUBLIC_KEY_DECODE_ERROR			 125
-#define X509_R_PUBLIC_KEY_ENCODE_ERROR			 126
-#define X509_R_SHOULD_RETRY				 106
-#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN	 107
-#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY		 108
-#define X509_R_UNKNOWN_KEY_TYPE				 117
-#define X509_R_UNKNOWN_NID				 109
-#define X509_R_UNKNOWN_PURPOSE_ID			 121
-#define X509_R_UNKNOWN_TRUST_ID				 120
-#define X509_R_UNSUPPORTED_ALGORITHM			 111
-#define X509_R_WRONG_LOOKUP_TYPE			 112
-#define X509_R_WRONG_TYPE				 122
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
deleted file mode 100644
index 98460e8921..0000000000
--- a/crypto/x509/x509_att.c
+++ /dev/null
@@ -1,359 +0,0 @@
-/* crypto/x509/x509_att.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
-{
-	return sk_X509_ATTRIBUTE_num(x);
-}
-
-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
-			  int lastpos)
-{
-	ASN1_OBJECT *obj;
-
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL) return(-2);
-	return(X509at_get_attr_by_OBJ(x,obj,lastpos));
-}
-
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
-			  int lastpos)
-{
-	int n;
-	X509_ATTRIBUTE *ex;
-
-	if (sk == NULL) return(-1);
-	lastpos++;
-	if (lastpos < 0)
-		lastpos=0;
-	n=sk_X509_ATTRIBUTE_num(sk);
-	for ( ; lastpos < n; lastpos++)
-		{
-		ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
-		if (OBJ_cmp(ex->object,obj) == 0)
-			return(lastpos);
-		}
-	return(-1);
-}
-
-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
-{
-	if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
-		return NULL;
-	else
-		return sk_X509_ATTRIBUTE_value(x,loc);
-}
-
-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
-{
-	X509_ATTRIBUTE *ret;
-
-	if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
-		return(NULL);
-	ret=sk_X509_ATTRIBUTE_delete(x,loc);
-	return(ret);
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
-					 X509_ATTRIBUTE *attr)
-{
-	X509_ATTRIBUTE *new_attr=NULL;
-	STACK_OF(X509_ATTRIBUTE) *sk=NULL;
-
-	if (x == NULL)
-		{
-		X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
-		goto err2;
-		} 
-
-	if (*x == NULL)
-		{
-		if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
-			goto err;
-		}
-	else
-		sk= *x;
-
-	if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
-		goto err2;
-	if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
-		goto err;
-	if (*x == NULL)
-		*x=sk;
-	return(sk);
-err:
-	X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE);
-err2:
-	if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
-	if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
-	return(NULL);
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len)
-{
-	X509_ATTRIBUTE *attr;
-	STACK_OF(X509_ATTRIBUTE) *ret;
-	attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
-	if(!attr) return 0;
-	ret = X509at_add1_attr(x, attr);
-	X509_ATTRIBUTE_free(attr);
-	return ret;
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
-			int nid, int type,
-			const unsigned char *bytes, int len)
-{
-	X509_ATTRIBUTE *attr;
-	STACK_OF(X509_ATTRIBUTE) *ret;
-	attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
-	if(!attr) return 0;
-	ret = X509at_add1_attr(x, attr);
-	X509_ATTRIBUTE_free(attr);
-	return ret;
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len)
-{
-	X509_ATTRIBUTE *attr;
-	STACK_OF(X509_ATTRIBUTE) *ret;
-	attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
-	if(!attr) return 0;
-	ret = X509at_add1_attr(x, attr);
-	X509_ATTRIBUTE_free(attr);
-	return ret;
-}
-
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
-				ASN1_OBJECT *obj, int lastpos, int type)
-{
-	int i;
-	X509_ATTRIBUTE *at;
-	i = X509at_get_attr_by_OBJ(x, obj, lastpos);
-	if (i == -1)
-		return NULL;
-	if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
-		return NULL;
-	at = X509at_get_attr(x, i);
-	if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
-		return NULL;
-	return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
-}
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-	     int atrtype, const void *data, int len)
-{
-	ASN1_OBJECT *obj;
-	X509_ATTRIBUTE *ret;
-
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
-		return(NULL);
-		}
-	ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
-	if (ret == NULL) ASN1_OBJECT_free(obj);
-	return(ret);
-}
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-	     const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
-{
-	X509_ATTRIBUTE *ret;
-
-	if ((attr == NULL) || (*attr == NULL))
-		{
-		if ((ret=X509_ATTRIBUTE_new()) == NULL)
-			{
-			X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		}
-	else
-		ret= *attr;
-
-	if (!X509_ATTRIBUTE_set1_object(ret,obj))
-		goto err;
-	if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
-		goto err;
-
-	if ((attr != NULL) && (*attr == NULL)) *attr=ret;
-	return(ret);
-err:
-	if ((attr == NULL) || (ret != *attr))
-		X509_ATTRIBUTE_free(ret);
-	return(NULL);
-}
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-		const char *atrname, int type, const unsigned char *bytes, int len)
-	{
-	ASN1_OBJECT *obj;
-	X509_ATTRIBUTE *nattr;
-
-	obj=OBJ_txt2obj(atrname, 0);
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
-						X509_R_INVALID_FIELD_NAME);
-		ERR_add_error_data(2, "name=", atrname);
-		return(NULL);
-		}
-	nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
-	ASN1_OBJECT_free(obj);
-	return nattr;
-	}
-
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
-{
-	if ((attr == NULL) || (obj == NULL))
-		return(0);
-	ASN1_OBJECT_free(attr->object);
-	attr->object=OBJ_dup(obj);
-	return(1);
-}
-
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
-{
-	ASN1_TYPE *ttmp;
-	ASN1_STRING *stmp = NULL;
-	int atype = 0;
-	if (!attr) return 0;
-	if(attrtype & MBSTRING_FLAG) {
-		stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
-						OBJ_obj2nid(attr->object));
-		if(!stmp) {
-			X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
-			return 0;
-		}
-		atype = stmp->type;
-	} else if (len != -1){
-		if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
-		if(!ASN1_STRING_set(stmp, data, len)) goto err;
-		atype = attrtype;
-	}
-	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
-	attr->single = 0;
-	/* This is a bit naughty because the attribute should really have
-	 * at least one value but some types use and zero length SET and
-	 * require this.
-	 */
-	if (attrtype == 0)
-		return 1;
-	if(!(ttmp = ASN1_TYPE_new())) goto err;
-	if ((len == -1) && !(attrtype & MBSTRING_FLAG))
-		{
-		if (!ASN1_TYPE_set1(ttmp, attrtype, data))
-			goto err;
-		}
-	else
-		ASN1_TYPE_set(ttmp, atype, stmp);
-	if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
-	return 1;
-	err:
-	X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
-	return 0;
-}
-
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
-{
-	if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
-	if(attr->value.single) return 1;
-	return 0;
-}
-
-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
-{
-	if (attr == NULL) return(NULL);
-	return(attr->object);
-}
-
-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
-					int atrtype, void *data)
-{
-	ASN1_TYPE *ttmp;
-	ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
-	if(!ttmp) return NULL;
-	if(atrtype != ASN1_TYPE_get(ttmp)){
-		X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
-		return NULL;
-	}
-	return ttmp->value.ptr;
-}
-
-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
-{
-	if (attr == NULL) return(NULL);
-	if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
-	if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
-	else return attr->value.single;
-}
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
deleted file mode 100644
index 352aa37434..0000000000
--- a/crypto/x509/x509_cmp.c
+++ /dev/null
@@ -1,343 +0,0 @@
-/* crypto/x509/x509_cmp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
-	{
-	int i;
-	X509_CINF *ai,*bi;
-
-	ai=a->cert_info;
-	bi=b->cert_info;
-	i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
-	if (i) return(i);
-	return(X509_NAME_cmp(ai->issuer,bi->issuer));
-	}
-
-#ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_and_serial_hash(X509 *a)
-	{
-	unsigned long ret=0;
-	EVP_MD_CTX ctx;
-	unsigned char md[16];
-	char *f;
-
-	EVP_MD_CTX_init(&ctx);
-	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
-	if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
-		goto err;
-	if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))
-		goto err;
-	OPENSSL_free(f);
-	if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
-		(unsigned long)a->cert_info->serialNumber->length))
-		goto err;
-	if (!EVP_DigestFinal_ex(&ctx,&(md[0]),NULL))
-		goto err;
-	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-		)&0xffffffffL;
-	err:
-	EVP_MD_CTX_cleanup(&ctx);
-	return(ret);
-	}
-#endif
-	
-int X509_issuer_name_cmp(const X509 *a, const X509 *b)
-	{
-	return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
-	}
-
-int X509_subject_name_cmp(const X509 *a, const X509 *b)
-	{
-	return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
-	}
-
-int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
-	{
-	return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
-	}
-
-#ifndef OPENSSL_NO_SHA
-int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
-	{
-	return memcmp(a->sha1_hash, b->sha1_hash, 20);
-	}
-#endif
-
-X509_NAME *X509_get_issuer_name(X509 *a)
-	{
-	return(a->cert_info->issuer);
-	}
-
-unsigned long X509_issuer_name_hash(X509 *x)
-	{
-	return(X509_NAME_hash(x->cert_info->issuer));
-	}
-
-#ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_name_hash_old(X509 *x)
-	{
-	return(X509_NAME_hash_old(x->cert_info->issuer));
-	}
-#endif
-
-X509_NAME *X509_get_subject_name(X509 *a)
-	{
-	return(a->cert_info->subject);
-	}
-
-ASN1_INTEGER *X509_get_serialNumber(X509 *a)
-	{
-	return(a->cert_info->serialNumber);
-	}
-
-unsigned long X509_subject_name_hash(X509 *x)
-	{
-	return(X509_NAME_hash(x->cert_info->subject));
-	}
-
-#ifndef OPENSSL_NO_MD5
-unsigned long X509_subject_name_hash_old(X509 *x)
-	{
-	return(X509_NAME_hash_old(x->cert_info->subject));
-	}
-#endif
-
-#ifndef OPENSSL_NO_SHA
-/* Compare two certificates: they must be identical for
- * this to work. NB: Although "cmp" operations are generally
- * prototyped to take "const" arguments (eg. for use in
- * STACKs), the way X509 handling is - these operations may
- * involve ensuring the hashes are up-to-date and ensuring
- * certain cert information is cached. So this is the point
- * where the "depth-first" constification tree has to halt
- * with an evil cast.
- */
-int X509_cmp(const X509 *a, const X509 *b)
-{
-	/* ensure hash is valid */
-	X509_check_purpose((X509 *)a, -1, 0);
-	X509_check_purpose((X509 *)b, -1, 0);
-
-	return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
-}
-#endif
-
-
-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
-	{
-	int ret;
-
-	/* Ensure canonical encoding is present and up to date */
-
-	if (!a->canon_enc || a->modified)
-		{
-		ret = i2d_X509_NAME((X509_NAME *)a, NULL);
-		if (ret < 0)
-			return -2;
-		}
-
-	if (!b->canon_enc || b->modified)
-		{
-		ret = i2d_X509_NAME((X509_NAME *)b, NULL);
-		if (ret < 0)
-			return -2;
-		}
-
-	ret = a->canon_enclen - b->canon_enclen;
-
-	if (ret)
-		return ret;
-
-	return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
-
-	}
-
-unsigned long X509_NAME_hash(X509_NAME *x)
-	{
-	unsigned long ret=0;
-	unsigned char md[SHA_DIGEST_LENGTH];
-
-	/* Make sure X509_NAME structure contains valid cached encoding */
-	i2d_X509_NAME(x,NULL);
-	if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),
-		NULL))
-		return 0;
-
-	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-		)&0xffffffffL;
-	return(ret);
-	}
-
-
-#ifndef OPENSSL_NO_MD5
-/* I now DER encode the name and hash it.  Since I cache the DER encoding,
- * this is reasonably efficient. */
-
-unsigned long X509_NAME_hash_old(X509_NAME *x)
-	{
-	EVP_MD_CTX md_ctx;
-	unsigned long ret=0;
-	unsigned char md[16];
-
-	/* Make sure X509_NAME structure contains valid cached encoding */
-	i2d_X509_NAME(x,NULL);
-	EVP_MD_CTX_init(&md_ctx);
-	EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-	if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
-	    && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
-	    && EVP_DigestFinal_ex(&md_ctx,md,NULL))
-		ret=(((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-		     ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-		     )&0xffffffffL;
-	EVP_MD_CTX_cleanup(&md_ctx);
-
-	return(ret);
-	}
-#endif
-
-/* Search a stack of X509 for a match */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
-		ASN1_INTEGER *serial)
-	{
-	int i;
-	X509_CINF cinf;
-	X509 x,*x509=NULL;
-
-	if(!sk) return NULL;
-
-	x.cert_info= &cinf;
-	cinf.serialNumber=serial;
-	cinf.issuer=name;
-
-	for (i=0; i<sk_X509_num(sk); i++)
-		{
-		x509=sk_X509_value(sk,i);
-		if (X509_issuer_and_serial_cmp(x509,&x) == 0)
-			return(x509);
-		}
-	return(NULL);
-	}
-
-X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
-	{
-	X509 *x509;
-	int i;
-
-	for (i=0; i<sk_X509_num(sk); i++)
-		{
-		x509=sk_X509_value(sk,i);
-		if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
-			return(x509);
-		}
-	return(NULL);
-	}
-
-EVP_PKEY *X509_get_pubkey(X509 *x)
-	{
-	if ((x == NULL) || (x->cert_info == NULL))
-		return(NULL);
-	return(X509_PUBKEY_get(x->cert_info->key));
-	}
-
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
-	{
-	if(!x) return NULL;
-	return x->cert_info->key->public_key;
-	}
-
-int X509_check_private_key(X509 *x, EVP_PKEY *k)
-	{
-	EVP_PKEY *xk;
-	int ret;
-
-	xk=X509_get_pubkey(x);
-
-	if (xk)
-		ret = EVP_PKEY_cmp(xk, k);
-	else
-		ret = -2;
-
-	switch (ret)
-		{
-	case 1:
-		break;
-	case 0:
-		X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
-		break;
-	case -1:
-		X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
-		break;
-	case -2:
-	        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
-		}
-	if (xk)
-		EVP_PKEY_free(xk);
-	if (ret > 0)
-		return 1;
-	return 0;
-	}
diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c
deleted file mode 100644
index 51410cfd1a..0000000000
--- a/crypto/x509/x509_d2.c
+++ /dev/null
@@ -1,107 +0,0 @@
-/* crypto/x509/x509_d2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_STDIO
-int X509_STORE_set_default_paths(X509_STORE *ctx)
-	{
-	X509_LOOKUP *lookup;
-
-	lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
-	if (lookup == NULL) return(0);
-	X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-
-	lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
-	if (lookup == NULL) return(0);
-	X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-	
-	/* clear any errors */
-	ERR_clear_error();
-
-	return(1);
-	}
-
-int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
-		const char *path)
-	{
-	X509_LOOKUP *lookup;
-
-	if (file != NULL)
-		{
-		lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
-		if (lookup == NULL) return(0);
-		if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
-		    return(0);
-		}
-	if (path != NULL)
-		{
-		lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
-		if (lookup == NULL) return(0);
-		if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
-		    return(0);
-		}
-	if ((path == NULL) && (file == NULL))
-		return(0);
-	return(1);
-	}
-
-#endif
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
deleted file mode 100644
index e0ac151a76..0000000000
--- a/crypto/x509/x509_def.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* crypto/x509/x509_def.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-
-const char *X509_get_default_private_dir(void)
-	{ return(X509_PRIVATE_DIR); }
-	
-const char *X509_get_default_cert_area(void)
-	{ return(X509_CERT_AREA); }
-
-const char *X509_get_default_cert_dir(void)
-	{ return(X509_CERT_DIR); }
-
-const char *X509_get_default_cert_file(void)
-	{ return(X509_CERT_FILE); }
-
-const char *X509_get_default_cert_dir_env(void)
-	{ return(X509_CERT_DIR_EVP); }
-
-const char *X509_get_default_cert_file_env(void)
-	{ return(X509_CERT_FILE_EVP); }
-
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
deleted file mode 100644
index a01402f416..0000000000
--- a/crypto/x509/x509_err.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/* crypto/x509/x509_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
-
-static ERR_STRING_DATA X509_str_functs[]=
-	{
-{ERR_FUNC(X509_F_ADD_CERT_DIR),	"ADD_CERT_DIR"},
-{ERR_FUNC(X509_F_BY_FILE_CTRL),	"BY_FILE_CTRL"},
-{ERR_FUNC(X509_F_CHECK_POLICY),	"CHECK_POLICY"},
-{ERR_FUNC(X509_F_DIR_CTRL),	"DIR_CTRL"},
-{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT),	"GET_CERT_BY_SUBJECT"},
-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE),	"NETSCAPE_SPKI_b64_decode"},
-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE),	"NETSCAPE_SPKI_b64_encode"},
-{ERR_FUNC(X509_F_X509AT_ADD1_ATTR),	"X509at_add1_attr"},
-{ERR_FUNC(X509_F_X509V3_ADD_EXT),	"X509v3_add_ext"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID),	"X509_ATTRIBUTE_create_by_NID"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ),	"X509_ATTRIBUTE_create_by_OBJ"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT),	"X509_ATTRIBUTE_create_by_txt"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA),	"X509_ATTRIBUTE_get0_data"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA),	"X509_ATTRIBUTE_set1_data"},
-{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY),	"X509_check_private_key"},
-{ERR_FUNC(X509_F_X509_CRL_PRINT_FP),	"X509_CRL_print_fp"},
-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID),	"X509_EXTENSION_create_by_NID"},
-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ),	"X509_EXTENSION_create_by_OBJ"},
-{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),	"X509_get_pubkey_parameters"},
-{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE),	"X509_load_cert_crl_file"},
-{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE),	"X509_load_cert_file"},
-{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE),	"X509_load_crl_file"},
-{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY),	"X509_NAME_add_entry"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),	"X509_NAME_ENTRY_create_by_NID"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),	"X509_NAME_ENTRY_create_by_txt"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),	"X509_NAME_ENTRY_set_object"},
-{ERR_FUNC(X509_F_X509_NAME_ONELINE),	"X509_NAME_oneline"},
-{ERR_FUNC(X509_F_X509_NAME_PRINT),	"X509_NAME_print"},
-{ERR_FUNC(X509_F_X509_PRINT_EX_FP),	"X509_print_ex_fp"},
-{ERR_FUNC(X509_F_X509_PUBKEY_GET),	"X509_PUBKEY_get"},
-{ERR_FUNC(X509_F_X509_PUBKEY_SET),	"X509_PUBKEY_set"},
-{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),	"X509_REQ_check_private_key"},
-{ERR_FUNC(X509_F_X509_REQ_PRINT_EX),	"X509_REQ_print_ex"},
-{ERR_FUNC(X509_F_X509_REQ_PRINT_FP),	"X509_REQ_print_fp"},
-{ERR_FUNC(X509_F_X509_REQ_TO_X509),	"X509_REQ_to_X509"},
-{ERR_FUNC(X509_F_X509_STORE_ADD_CERT),	"X509_STORE_add_cert"},
-{ERR_FUNC(X509_F_X509_STORE_ADD_CRL),	"X509_STORE_add_crl"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),	"X509_STORE_CTX_get1_issuer"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_INIT),	"X509_STORE_CTX_init"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_NEW),	"X509_STORE_CTX_new"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),	"X509_STORE_CTX_purpose_inherit"},
-{ERR_FUNC(X509_F_X509_TO_X509_REQ),	"X509_to_X509_REQ"},
-{ERR_FUNC(X509_F_X509_TRUST_ADD),	"X509_TRUST_add"},
-{ERR_FUNC(X509_F_X509_TRUST_SET),	"X509_TRUST_set"},
-{ERR_FUNC(X509_F_X509_VERIFY_CERT),	"X509_verify_cert"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA X509_str_reasons[]=
-	{
-{ERR_REASON(X509_R_BAD_X509_FILETYPE)    ,"bad x509 filetype"},
-{ERR_REASON(X509_R_BASE64_DECODE_ERROR)  ,"base64 decode error"},
-{ERR_REASON(X509_R_CANT_CHECK_DH_KEY)    ,"cant check dh key"},
-{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},
-{ERR_REASON(X509_R_ERR_ASN1_LIB)         ,"err asn1 lib"},
-{ERR_REASON(X509_R_INVALID_DIRECTORY)    ,"invalid directory"},
-{ERR_REASON(X509_R_INVALID_FIELD_NAME)   ,"invalid field name"},
-{ERR_REASON(X509_R_INVALID_TRUST)        ,"invalid trust"},
-{ERR_REASON(X509_R_KEY_TYPE_MISMATCH)    ,"key type mismatch"},
-{ERR_REASON(X509_R_KEY_VALUES_MISMATCH)  ,"key values mismatch"},
-{ERR_REASON(X509_R_LOADING_CERT_DIR)     ,"loading cert dir"},
-{ERR_REASON(X509_R_LOADING_DEFAULTS)     ,"loading defaults"},
-{ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) ,"method not supported"},
-{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
-{ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR),"public key decode error"},
-{ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR),"public key encode error"},
-{ERR_REASON(X509_R_SHOULD_RETRY)         ,"should retry"},
-{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
-{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
-{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE)     ,"unknown key type"},
-{ERR_REASON(X509_R_UNKNOWN_NID)          ,"unknown nid"},
-{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID)   ,"unknown purpose id"},
-{ERR_REASON(X509_R_UNKNOWN_TRUST_ID)     ,"unknown trust id"},
-{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},
-{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE)    ,"wrong lookup type"},
-{ERR_REASON(X509_R_WRONG_TYPE)           ,"wrong type"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_X509_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(X509_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,X509_str_functs);
-		ERR_load_strings(0,X509_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c
deleted file mode 100644
index e7fdacb5e4..0000000000
--- a/crypto/x509/x509_ext.c
+++ /dev/null
@@ -1,210 +0,0 @@
-/* crypto/x509/x509_ext.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-
-int X509_CRL_get_ext_count(X509_CRL *x)
-	{
-	return(X509v3_get_ext_count(x->crl->extensions));
-	}
-
-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
-	}
-
-int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
-	}
-
-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
-	}
-
-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
-	{
-	return(X509v3_get_ext(x->crl->extensions,loc));
-	}
-
-X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
-	{
-	return(X509v3_delete_ext(x->crl->extensions,loc));
-	}
-
-void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
-{
-	return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
-}
-
-int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
-							unsigned long flags)
-{
-	return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
-}
-
-int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
-	}
-
-int X509_get_ext_count(X509 *x)
-	{
-	return(X509v3_get_ext_count(x->cert_info->extensions));
-	}
-
-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
-	}
-
-int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
-	}
-
-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
-	}
-
-X509_EXTENSION *X509_get_ext(X509 *x, int loc)
-	{
-	return(X509v3_get_ext(x->cert_info->extensions,loc));
-	}
-
-X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
-	{
-	return(X509v3_delete_ext(x->cert_info->extensions,loc));
-	}
-
-int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
-	}
-
-void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
-{
-	return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
-}
-
-int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
-							unsigned long flags)
-{
-	return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
-							flags);
-}
-
-int X509_REVOKED_get_ext_count(X509_REVOKED *x)
-	{
-	return(X509v3_get_ext_count(x->extensions));
-	}
-
-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
-	}
-
-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
-	     int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
-	}
-
-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
-	}
-
-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
-	{
-	return(X509v3_get_ext(x->extensions,loc));
-	}
-
-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
-	{
-	return(X509v3_delete_ext(x->extensions,loc));
-	}
-
-int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
-	}
-
-void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
-{
-	return X509V3_get_d2i(x->extensions, nid, crit, idx);
-}
-
-int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
-							unsigned long flags)
-{
-	return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
-}
-
-IMPLEMENT_STACK_OF(X509_EXTENSION)
-IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
deleted file mode 100644
index 38525a8cdd..0000000000
--- a/crypto/x509/x509_lu.c
+++ /dev/null
@@ -1,716 +0,0 @@
-/* crypto/x509/x509_lu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
-	{
-	X509_LOOKUP *ret;
-
-	ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
-	if (ret == NULL) return NULL;
-
-	ret->init=0;
-	ret->skip=0;
-	ret->method=method;
-	ret->method_data=NULL;
-	ret->store_ctx=NULL;
-	if ((method->new_item != NULL) && !method->new_item(ret))
-		{
-		OPENSSL_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
-
-void X509_LOOKUP_free(X509_LOOKUP *ctx)
-	{
-	if (ctx == NULL) return;
-	if (	(ctx->method != NULL) &&
-		(ctx->method->free != NULL))
-		(*ctx->method->free)(ctx);
-	OPENSSL_free(ctx);
-	}
-
-int X509_LOOKUP_init(X509_LOOKUP *ctx)
-	{
-	if (ctx->method == NULL) return 0;
-	if (ctx->method->init != NULL)
-		return ctx->method->init(ctx);
-	else
-		return 1;
-	}
-
-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
-	{
-	if (ctx->method == NULL) return 0;
-	if (ctx->method->shutdown != NULL)
-		return ctx->method->shutdown(ctx);
-	else
-		return 1;
-	}
-
-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
-	     char **ret)
-	{
-	if (ctx->method == NULL) return -1;
-	if (ctx->method->ctrl != NULL)
-		return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
-	else
-		return 1;
-	}
-
-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
-	     X509_OBJECT *ret)
-	{
-	if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
-		return X509_LU_FAIL;
-	if (ctx->skip) return 0;
-	return ctx->method->get_by_subject(ctx,type,name,ret);
-	}
-
-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
-	     ASN1_INTEGER *serial, X509_OBJECT *ret)
-	{
-	if ((ctx->method == NULL) ||
-		(ctx->method->get_by_issuer_serial == NULL))
-		return X509_LU_FAIL;
-	return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
-	}
-
-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
-	     unsigned char *bytes, int len, X509_OBJECT *ret)
-	{
-	if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
-		return X509_LU_FAIL;
-	return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
-	}
-
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
-	     X509_OBJECT *ret)
-	{
-	if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
-		return X509_LU_FAIL;
-	return ctx->method->get_by_alias(ctx,type,str,len,ret);
-	}
-
-  
-static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
-  	{
- 	int ret;
-
- 	ret=((*a)->type - (*b)->type);
- 	if (ret) return ret;
- 	switch ((*a)->type)
- 		{
- 	case X509_LU_X509:
- 		ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
- 		break;
- 	case X509_LU_CRL:
- 		ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
- 		break;
-	default:
-		/* abort(); */
-		return 0;
-		}
-	return ret;
-	}
-
-X509_STORE *X509_STORE_new(void)
-	{
-	X509_STORE *ret;
-
-	if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
-		return NULL;
-	ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
-	ret->cache=1;
-	ret->get_cert_methods=sk_X509_LOOKUP_new_null();
-	ret->verify=0;
-	ret->verify_cb=0;
-
-	if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
-		return NULL;
-
-	ret->get_issuer = 0;
-	ret->check_issued = 0;
-	ret->check_revocation = 0;
-	ret->get_crl = 0;
-	ret->check_crl = 0;
-	ret->cert_crl = 0;
-	ret->lookup_certs = 0;
-	ret->lookup_crls = 0;
-	ret->cleanup = 0;
-
-	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
-		{
-		sk_X509_OBJECT_free(ret->objs);
-		OPENSSL_free(ret);
-		return NULL;
-		}
-
-	ret->references=1;
-	return ret;
-	}
-
-static void cleanup(X509_OBJECT *a)
-	{
-	if (a->type == X509_LU_X509)
-		{
-		X509_free(a->data.x509);
-		}
-	else if (a->type == X509_LU_CRL)
-		{
-		X509_CRL_free(a->data.crl);
-		}
-	else
-		{
-		/* abort(); */
-		}
-
-	OPENSSL_free(a);
-	}
-
-void X509_STORE_free(X509_STORE *vfy)
-	{
-	int i;
-	STACK_OF(X509_LOOKUP) *sk;
-	X509_LOOKUP *lu;
-
-	if (vfy == NULL)
-	    return;
-
-	sk=vfy->get_cert_methods;
-	for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
-		{
-		lu=sk_X509_LOOKUP_value(sk,i);
-		X509_LOOKUP_shutdown(lu);
-		X509_LOOKUP_free(lu);
-		}
-	sk_X509_LOOKUP_free(sk);
-	sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
-
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
-	if (vfy->param)
-		X509_VERIFY_PARAM_free(vfy->param);
-	OPENSSL_free(vfy);
-	}
-
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
-	{
-	int i;
-	STACK_OF(X509_LOOKUP) *sk;
-	X509_LOOKUP *lu;
-
-	sk=v->get_cert_methods;
-	for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
-		{
-		lu=sk_X509_LOOKUP_value(sk,i);
-		if (m == lu->method)
-			{
-			return lu;
-			}
-		}
-	/* a new one */
-	lu=X509_LOOKUP_new(m);
-	if (lu == NULL)
-		return NULL;
-	else
-		{
-		lu->store_ctx=v;
-		if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
-			return lu;
-		else
-			{
-			X509_LOOKUP_free(lu);
-			return NULL;
-			}
-		}
-	}
-
-int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
-	     X509_OBJECT *ret)
-	{
-	X509_STORE *ctx=vs->ctx;
-	X509_LOOKUP *lu;
-	X509_OBJECT stmp,*tmp;
-	int i,j;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-	tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-	if (tmp == NULL || type == X509_LU_CRL)
-		{
-		for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
-			{
-			lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
-			j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
-			if (j < 0)
-				{
-				vs->current_method=j;
-				return j;
-				}
-			else if (j)
-				{
-				tmp= &stmp;
-				break;
-				}
-			}
-		vs->current_method=0;
-		if (tmp == NULL)
-			return 0;
-		}
-
-/*	if (ret->data.ptr != NULL)
-		X509_OBJECT_free_contents(ret); */
-
-	ret->type=tmp->type;
-	ret->data.ptr=tmp->data.ptr;
-
-	X509_OBJECT_up_ref_count(ret);
-
-	return 1;
-	}
-
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
-	{
-	X509_OBJECT *obj;
-	int ret=1;
-
-	if (x == NULL) return 0;
-	obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	obj->type=X509_LU_X509;
-	obj->data.x509=x;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
-	X509_OBJECT_up_ref_count(obj);
-
-	if (X509_OBJECT_retrieve_match(ctx->objs, obj))
-		{
-		X509_OBJECT_free_contents(obj);
-		OPENSSL_free(obj);
-		X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
-		ret=0;
-		} 
-	else sk_X509_OBJECT_push(ctx->objs, obj);
-
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-	return ret;
-	}
-
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
-	{
-	X509_OBJECT *obj;
-	int ret=1;
-
-	if (x == NULL) return 0;
-	obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	obj->type=X509_LU_CRL;
-	obj->data.crl=x;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
-	X509_OBJECT_up_ref_count(obj);
-
-	if (X509_OBJECT_retrieve_match(ctx->objs, obj))
-		{
-		X509_OBJECT_free_contents(obj);
-		OPENSSL_free(obj);
-		X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
-		ret=0;
-		}
-	else sk_X509_OBJECT_push(ctx->objs, obj);
-
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-	return ret;
-	}
-
-void X509_OBJECT_up_ref_count(X509_OBJECT *a)
-	{
-	switch (a->type)
-		{
-	case X509_LU_X509:
-		CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
-		break;
-	case X509_LU_CRL:
-		CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
-		break;
-		}
-	}
-
-void X509_OBJECT_free_contents(X509_OBJECT *a)
-	{
-	switch (a->type)
-		{
-	case X509_LU_X509:
-		X509_free(a->data.x509);
-		break;
-	case X509_LU_CRL:
-		X509_CRL_free(a->data.crl);
-		break;
-		}
-	}
-
-static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type,
-	     X509_NAME *name, int *pnmatch)
-	{
-	X509_OBJECT stmp;
-	X509 x509_s;
-	X509_CINF cinf_s;
-	X509_CRL crl_s;
-	X509_CRL_INFO crl_info_s;
-	int idx;
-
-	stmp.type=type;
-	switch (type)
-		{
-	case X509_LU_X509:
-		stmp.data.x509= &x509_s;
-		x509_s.cert_info= &cinf_s;
-		cinf_s.subject=name;
-		break;
-	case X509_LU_CRL:
-		stmp.data.crl= &crl_s;
-		crl_s.crl= &crl_info_s;
-		crl_info_s.issuer=name;
-		break;
-	default:
-		/* abort(); */
-		return -1;
-		}
-
-	idx = sk_X509_OBJECT_find(h,&stmp);
-	if (idx >= 0 && pnmatch)
-		{
-		int tidx;
-		const X509_OBJECT *tobj, *pstmp;
-		*pnmatch = 1;
-		pstmp = &stmp;
-		for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++)
-			{
-			tobj = sk_X509_OBJECT_value(h, tidx);
-			if (x509_object_cmp(&tobj, &pstmp))
-				break;
-			(*pnmatch)++;
-			}
-		}
-	return idx;
-	}
-
-
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
-	     X509_NAME *name)
-	{
-	return x509_object_idx_cnt(h, type, name, NULL);
-	}
-
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
-	     X509_NAME *name)
-	{
-	int idx;
-	idx = X509_OBJECT_idx_by_subject(h, type, name);
-	if (idx==-1) return NULL;
-	return sk_X509_OBJECT_value(h, idx);
-	}
-
-STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
-	{
-	int i, idx, cnt;
-	STACK_OF(X509) *sk;
-	X509 *x;
-	X509_OBJECT *obj;
-	sk = sk_X509_new_null();
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-	idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
-	if (idx < 0)
-		{
-		/* Nothing found in cache: do lookup to possibly add new
-		 * objects to cache
-		 */
-		X509_OBJECT xobj;
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-		if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj))
-			{
-			sk_X509_free(sk);
-			return NULL;
-			}
-		X509_OBJECT_free_contents(&xobj);
-		CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-		idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_X509,nm, &cnt);
-		if (idx < 0)
-			{
-			CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-			sk_X509_free(sk);
-			return NULL;
-			}
-		}
-	for (i = 0; i < cnt; i++, idx++)
-		{
-		obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
-		x = obj->data.x509;
-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-		if (!sk_X509_push(sk, x))
-			{
-			CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-			X509_free(x);
-			sk_X509_pop_free(sk, X509_free);
-			return NULL;
-			}
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-	return sk;
-
-	}
-
-STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
-	{
-	int i, idx, cnt;
-	STACK_OF(X509_CRL) *sk;
-	X509_CRL *x;
-	X509_OBJECT *obj, xobj;
-	sk = sk_X509_CRL_new_null();
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-	/* Check cache first */
-	idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt);
-
-	/* Always do lookup to possibly add new CRLs to cache
-	 */
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-	if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj))
-		{
-		sk_X509_CRL_free(sk);
-		return NULL;
-		}
-	X509_OBJECT_free_contents(&xobj);
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-	idx = x509_object_idx_cnt(ctx->ctx->objs,X509_LU_CRL, nm, &cnt);
-	if (idx < 0)
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-		sk_X509_CRL_free(sk);
-		return NULL;
-		}
-
-	for (i = 0; i < cnt; i++, idx++)
-		{
-		obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx);
-		x = obj->data.crl;
-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
-		if (!sk_X509_CRL_push(sk, x))
-			{
-			CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-			X509_CRL_free(x);
-			sk_X509_CRL_pop_free(sk, X509_CRL_free);
-			return NULL;
-			}
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-	return sk;
-	}
-
-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
-	{
-	int idx, i;
-	X509_OBJECT *obj;
-	idx = sk_X509_OBJECT_find(h, x);
-	if (idx == -1) return NULL;
-	if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
-		return sk_X509_OBJECT_value(h, idx);
-	for (i = idx; i < sk_X509_OBJECT_num(h); i++)
-		{
-		obj = sk_X509_OBJECT_value(h, i);
-		if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
-			return NULL;
-		if (x->type == X509_LU_X509)
-			{
-			if (!X509_cmp(obj->data.x509, x->data.x509))
-				return obj;
-			}
-		else if (x->type == X509_LU_CRL)
-			{
-			if (!X509_CRL_match(obj->data.crl, x->data.crl))
-				return obj;
-			}
-		else
-			return obj;
-		}
-	return NULL;
-	}
-
-
-/* Try to get issuer certificate from store. Due to limitations
- * of the API this can only retrieve a single certificate matching
- * a given subject name. However it will fill the cache with all
- * matching certificates, so we can examine the cache for all
- * matches.
- *
- * Return values are:
- *  1 lookup successful.
- *  0 certificate not found.
- * -1 some other error.
- */
-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
-	{
-	X509_NAME *xn;
-	X509_OBJECT obj, *pobj;
-	int i, ok, idx, ret;
-	xn=X509_get_issuer_name(x);
-	ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
-	if (ok != X509_LU_X509)
-		{
-		if (ok == X509_LU_RETRY)
-			{
-			X509_OBJECT_free_contents(&obj);
-			X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY);
-			return -1;
-			}
-		else if (ok != X509_LU_FAIL)
-			{
-			X509_OBJECT_free_contents(&obj);
-			/* not good :-(, break anyway */
-			return -1;
-			}
-		return 0;
-		}
-	/* If certificate matches all OK */
-	if (ctx->check_issued(ctx, x, obj.data.x509))
-		{
-		*issuer = obj.data.x509;
-		return 1;
-		}
-	X509_OBJECT_free_contents(&obj);
-
-	/* Else find index of first cert accepted by 'check_issued' */
-	ret = 0;
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-	idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
-	if (idx != -1) /* should be true as we've had at least one match */
-		{
-		/* Look through all matching certs for suitable issuer */
-		for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
-			{
-			pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
-			/* See if we've run past the matches */
-			if (pobj->type != X509_LU_X509)
-				break;
-			if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
-				break;
-			if (ctx->check_issued(ctx, x, pobj->data.x509))
-				{
-				*issuer = pobj->data.x509;
-				X509_OBJECT_up_ref_count(pobj);
-				ret = 1;
-				break;
-				}
-			}
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-	return ret;
-	}
-
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
-	{
-	return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
-	}
-
-int X509_STORE_set_depth(X509_STORE *ctx, int depth)
-	{
-	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
-	return 1;
-	}
-
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
-	{
-	return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
-	}
-
-int X509_STORE_set_trust(X509_STORE *ctx, int trust)
-	{
-	return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
-	}
-
-int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
-	{
-	return X509_VERIFY_PARAM_set1(ctx->param, param);
-	}
-
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
-				  int (*verify_cb)(int, X509_STORE_CTX *))
-	{
-	ctx->verify_cb = verify_cb;
-	}
-
-IMPLEMENT_STACK_OF(X509_LOOKUP)
-IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
deleted file mode 100644
index 21fed9f838..0000000000
--- a/crypto/x509/x509_obj.c
+++ /dev/null
@@ -1,226 +0,0 @@
-/* crypto/x509/x509_obj.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/buffer.h>
-
-char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
-	{
-	X509_NAME_ENTRY *ne;
-int i;
-	int n,lold,l,l1,l2,num,j,type;
-	const char *s;
-	char *p;
-	unsigned char *q;
-	BUF_MEM *b=NULL;
-	static const char hex[17]="0123456789ABCDEF";
-	int gs_doit[4];
-	char tmp_buf[80];
-#ifdef CHARSET_EBCDIC
-	char ebcdic_buf[1024];
-#endif
-
-	if (buf == NULL)
-		{
-		if ((b=BUF_MEM_new()) == NULL) goto err;
-		if (!BUF_MEM_grow(b,200)) goto err;
-		b->data[0]='\0';
-		len=200;
-		}
-	if (a == NULL)
-	    {
-	    if(b)
-		{
-		buf=b->data;
-		OPENSSL_free(b);
-		}
-	    strncpy(buf,"NO X509_NAME",len);
-	    buf[len-1]='\0';
-	    return buf;
-	    }
-
-	len--; /* space for '\0' */
-	l=0;
-	for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
-		{
-		ne=sk_X509_NAME_ENTRY_value(a->entries,i);
-		n=OBJ_obj2nid(ne->object);
-		if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
-			{
-			i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
-			s=tmp_buf;
-			}
-		l1=strlen(s);
-
-		type=ne->value->type;
-		num=ne->value->length;
-		q=ne->value->data;
-#ifdef CHARSET_EBCDIC
-                if (type == V_ASN1_GENERALSTRING ||
-		    type == V_ASN1_VISIBLESTRING ||
-		    type == V_ASN1_PRINTABLESTRING ||
-		    type == V_ASN1_TELETEXSTRING ||
-		    type == V_ASN1_VISIBLESTRING ||
-		    type == V_ASN1_IA5STRING) {
-                        ascii2ebcdic(ebcdic_buf, q,
-				     (num > sizeof ebcdic_buf)
-				     ? sizeof ebcdic_buf : num);
-                        q=ebcdic_buf;
-		}
-#endif
-
-		if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
-			{
-			gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
-			for (j=0; j<num; j++)
-				if (q[j] != 0) gs_doit[j&3]=1;
-
-			if (gs_doit[0]|gs_doit[1]|gs_doit[2])
-				gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
-			else
-				{
-				gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
-				gs_doit[3]=1;
-				}
-			}
-		else
-			gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
-
-		for (l2=j=0; j<num; j++)
-			{
-			if (!gs_doit[j&3]) continue;
-			l2++;
-#ifndef CHARSET_EBCDIC
-			if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
-#else
-			if ((os_toascii[q[j]] < os_toascii[' ']) ||
-			    (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
-#endif
-			}
-
-		lold=l;
-		l+=1+l1+1+l2;
-		if (b != NULL)
-			{
-			if (!BUF_MEM_grow(b,l+1)) goto err;
-			p= &(b->data[lold]);
-			}
-		else if (l > len)
-			{
-			break;
-			}
-		else
-			p= &(buf[lold]);
-		*(p++)='/';
-		memcpy(p,s,(unsigned int)l1); p+=l1;
-		*(p++)='=';
-
-#ifndef CHARSET_EBCDIC /* q was assigned above already. */
-		q=ne->value->data;
-#endif
-
-		for (j=0; j<num; j++)
-			{
-			if (!gs_doit[j&3]) continue;
-#ifndef CHARSET_EBCDIC
-			n=q[j];
-			if ((n < ' ') || (n > '~'))
-				{
-				*(p++)='\\';
-				*(p++)='x';
-				*(p++)=hex[(n>>4)&0x0f];
-				*(p++)=hex[n&0x0f];
-				}
-			else
-				*(p++)=n;
-#else
-			n=os_toascii[q[j]];
-			if ((n < os_toascii[' ']) ||
-			    (n > os_toascii['~']))
-				{
-				*(p++)='\\';
-				*(p++)='x';
-				*(p++)=hex[(n>>4)&0x0f];
-				*(p++)=hex[n&0x0f];
-				}
-			else
-				*(p++)=q[j];
-#endif
-			}
-		*p='\0';
-		}
-	if (b != NULL)
-		{
-		p=b->data;
-		OPENSSL_free(b);
-		}
-	else
-		p=buf;
-	if (i == 0)
-		*p = '\0';
-	return(p);
-err:
-	X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
-	if (b != NULL) BUF_MEM_free(b);
-	return(NULL);
-	}
-
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
deleted file mode 100644
index 254a14693d..0000000000
--- a/crypto/x509/x509_r2x.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/* crypto/x509/x509_r2x.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-
-X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
-	{
-	X509 *ret=NULL;
-	X509_CINF *xi=NULL;
-	X509_NAME *xn;
-
-	if ((ret=X509_new()) == NULL)
-		{
-		X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	/* duplicate the request */
-	xi=ret->cert_info;
-
-	if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
-		{
-		if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
-		if (!ASN1_INTEGER_set(xi->version,2)) goto err;
-/*		xi->extensions=ri->attributes; <- bad, should not ever be done
-		ri->attributes=NULL; */
-		}
-
-	xn=X509_REQ_get_subject_name(r);
-	if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0)
-		goto err;
-	if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0)
-		goto err;
-
-	if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
-		goto err;
-	if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)
-		goto err;
-
-	X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
-
-	if (!X509_sign(ret,pkey,EVP_md5()))
-		goto err;
-	if (0)
-		{
-err:
-		X509_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
-
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
deleted file mode 100644
index 48183dc00c..0000000000
--- a/crypto/x509/x509_req.c
+++ /dev/null
@@ -1,316 +0,0 @@
-/* crypto/x509/x509_req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/pem.h>
-
-X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
-	{
-	X509_REQ *ret;
-	X509_REQ_INFO *ri;
-	int i;
-	EVP_PKEY *pktmp;
-
-	ret=X509_REQ_new();
-	if (ret == NULL)
-		{
-		X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	ri=ret->req_info;
-
-	ri->version->length=1;
-	ri->version->data=(unsigned char *)OPENSSL_malloc(1);
-	if (ri->version->data == NULL) goto err;
-	ri->version->data[0]=0; /* version == 0 */
-
-	if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
-		goto err;
-
-	pktmp = X509_get_pubkey(x);
-	i=X509_REQ_set_pubkey(ret,pktmp);
-	EVP_PKEY_free(pktmp);
-	if (!i) goto err;
-
-	if (pkey != NULL)
-		{
-		if (!X509_REQ_sign(ret,pkey,md))
-			goto err;
-		}
-	return(ret);
-err:
-	X509_REQ_free(ret);
-	return(NULL);
-	}
-
-EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
-	{
-	if ((req == NULL) || (req->req_info == NULL))
-		return(NULL);
-	return(X509_PUBKEY_get(req->req_info->pubkey));
-	}
-
-int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
-	{
-	EVP_PKEY *xk=NULL;
-	int ok=0;
-
-	xk=X509_REQ_get_pubkey(x);
-	switch (EVP_PKEY_cmp(xk, k))
-		{
-	case 1:
-		ok=1;
-		break;
-	case 0:
-		X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
-		break;
-	case -1:
-		X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
-		break;
-	case -2:
-#ifndef OPENSSL_NO_EC
-		if (k->type == EVP_PKEY_EC)
-			{
-			X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
-			break;
-			}
-#endif
-#ifndef OPENSSL_NO_DH
-		if (k->type == EVP_PKEY_DH)
-			{
-			/* No idea */
-			X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
-			break;
-			}
-#endif
-	        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
-		}
-
-	EVP_PKEY_free(xk);
-	return(ok);
-	}
-
-/* It seems several organisations had the same idea of including a list of
- * extensions in a certificate request. There are at least two OIDs that are
- * used and there may be more: so the list is configurable.
- */
-
-static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
-
-static int *ext_nids = ext_nid_list;
-
-int X509_REQ_extension_nid(int req_nid)
-{
-	int i, nid;
-	for(i = 0; ; i++) {
-		nid = ext_nids[i];
-		if(nid == NID_undef) return 0;
-		else if (req_nid == nid) return 1;
-	}
-}
-
-int *X509_REQ_get_extension_nids(void)
-{
-	return ext_nids;
-}
-	
-void X509_REQ_set_extension_nids(int *nids)
-{
-	ext_nids = nids;
-}
-
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
-	{
-	X509_ATTRIBUTE *attr;
-	ASN1_TYPE *ext = NULL;
-	int idx, *pnid;
-	const unsigned char *p;
-
-	if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
-		return(NULL);
-	for (pnid = ext_nids; *pnid != NID_undef; pnid++)
-		{
-		idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
-		if (idx == -1)
-			continue;
-		attr = X509_REQ_get_attr(req, idx);
-		if(attr->single) ext = attr->value.single;
-		else if(sk_ASN1_TYPE_num(attr->value.set))
-			ext = sk_ASN1_TYPE_value(attr->value.set, 0);
-		break;
-		}
-	if(!ext || (ext->type != V_ASN1_SEQUENCE))
-		return NULL;
-	p = ext->value.sequence->data;
-	return (STACK_OF(X509_EXTENSION) *)
-		ASN1_item_d2i(NULL, &p, ext->value.sequence->length,
-				ASN1_ITEM_rptr(X509_EXTENSIONS));
-}
-
-/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
- * in case we want to create a non standard one.
- */
-
-int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
-				int nid)
-{
-	ASN1_TYPE *at = NULL;
-	X509_ATTRIBUTE *attr = NULL;
-	if(!(at = ASN1_TYPE_new()) ||
-		!(at->value.sequence = ASN1_STRING_new())) goto err;
-
-	at->type = V_ASN1_SEQUENCE;
-	/* Generate encoding of extensions */
-	at->value.sequence->length = 
-			ASN1_item_i2d((ASN1_VALUE *)exts,
-				&at->value.sequence->data,
-				ASN1_ITEM_rptr(X509_EXTENSIONS));
-	if(!(attr = X509_ATTRIBUTE_new())) goto err;
-	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
-	if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
-	at = NULL;
-	attr->single = 0;
-	attr->object = OBJ_nid2obj(nid);
-	if (!req->req_info->attributes)
-		{
-		if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
-			goto err;
-		}
-	if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
-	return 1;
-	err:
-	X509_ATTRIBUTE_free(attr);
-	ASN1_TYPE_free(at);
-	return 0;
-}
-/* This is the normal usage: use the "official" OID */
-int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
-{
-	return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
-}
-
-/* Request attribute functions */
-
-int X509_REQ_get_attr_count(const X509_REQ *req)
-{
-	return X509at_get_attr_count(req->req_info->attributes);
-}
-
-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
-			  int lastpos)
-{
-	return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
-}
-
-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
-			  int lastpos)
-{
-	return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
-}
-
-X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
-{
-	return X509at_get_attr(req->req_info->attributes, loc);
-}
-
-X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
-{
-	return X509at_delete_attr(req->req_info->attributes, loc);
-}
-
-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
-{
-	if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
-	return 0;
-}
-
-int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len)
-{
-	if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-int X509_REQ_add1_attr_by_NID(X509_REQ *req,
-			int nid, int type,
-			const unsigned char *bytes, int len)
-{
-	if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
-				type, bytes, len)) return 1;
-	return 0;
-}
-
-int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len)
-{
-	if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
-				type, bytes, len)) return 1;
-	return 0;
-}
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
deleted file mode 100644
index 4b94fc5847..0000000000
--- a/crypto/x509/x509_set.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/* crypto/x509/x509_set.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_set_version(X509 *x, long version)
-	{
-	if (x == NULL) return(0);
-	if (x->cert_info->version == NULL)
-		{
-		if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
-			return(0);
-		}
-	return(ASN1_INTEGER_set(x->cert_info->version,version));
-	}
-
-int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
-	{
-	ASN1_INTEGER *in;
-
-	if (x == NULL) return(0);
-	in=x->cert_info->serialNumber;
-	if (in != serial)
-		{
-		in=M_ASN1_INTEGER_dup(serial);
-		if (in != NULL)
-			{
-			M_ASN1_INTEGER_free(x->cert_info->serialNumber);
-			x->cert_info->serialNumber=in;
-			}
-		}
-	return(in != NULL);
-	}
-
-int X509_set_issuer_name(X509 *x, X509_NAME *name)
-	{
-	if ((x == NULL) || (x->cert_info == NULL)) return(0);
-	return(X509_NAME_set(&x->cert_info->issuer,name));
-	}
-
-int X509_set_subject_name(X509 *x, X509_NAME *name)
-	{
-	if ((x == NULL) || (x->cert_info == NULL)) return(0);
-	return(X509_NAME_set(&x->cert_info->subject,name));
-	}
-
-int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
-	{
-	ASN1_TIME *in;
-
-	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
-	in=x->cert_info->validity->notBefore;
-	if (in != tm)
-		{
-		in=M_ASN1_TIME_dup(tm);
-		if (in != NULL)
-			{
-			M_ASN1_TIME_free(x->cert_info->validity->notBefore);
-			x->cert_info->validity->notBefore=in;
-			}
-		}
-	return(in != NULL);
-	}
-
-int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
-	{
-	ASN1_TIME *in;
-
-	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
-	in=x->cert_info->validity->notAfter;
-	if (in != tm)
-		{
-		in=M_ASN1_TIME_dup(tm);
-		if (in != NULL)
-			{
-			M_ASN1_TIME_free(x->cert_info->validity->notAfter);
-			x->cert_info->validity->notAfter=in;
-			}
-		}
-	return(in != NULL);
-	}
-
-int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
-	{
-	if ((x == NULL) || (x->cert_info == NULL)) return(0);
-	return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
-	}
-
-
-
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
deleted file mode 100644
index a6cb9c8b1b..0000000000
--- a/crypto/x509/x509_trs.c
+++ /dev/null
@@ -1,288 +0,0 @@
-/* x509_trs.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-
-
-static int tr_cmp(const X509_TRUST * const *a,
-		const X509_TRUST * const *b);
-static void trtable_free(X509_TRUST *p);
-
-static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
-static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
-static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
-
-static int obj_trust(int id, X509 *x, int flags);
-static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
-
-/* WARNING: the following table should be kept in order of trust
- * and without any gaps so we can just subtract the minimum trust
- * value to get an index into the table
- */
-
-static X509_TRUST trstandard[] = {
-{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
-{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
-{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
-{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
-{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
-{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
-{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL},
-{X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
-};
-
-#define X509_TRUST_COUNT	(sizeof(trstandard)/sizeof(X509_TRUST))
-
-IMPLEMENT_STACK_OF(X509_TRUST)
-
-static STACK_OF(X509_TRUST) *trtable = NULL;
-
-static int tr_cmp(const X509_TRUST * const *a,
-		const X509_TRUST * const *b)
-{
-	return (*a)->trust - (*b)->trust;
-}
-
-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
-{
-	int (*oldtrust)(int , X509 *, int);
-	oldtrust = default_trust;
-	default_trust = trust;
-	return oldtrust;
-}
-
-
-int X509_check_trust(X509 *x, int id, int flags)
-{
-	X509_TRUST *pt;
-	int idx;
-	if(id == -1) return 1;
-	idx = X509_TRUST_get_by_id(id);
-	if(idx == -1) return default_trust(id, x, flags);
-	pt = X509_TRUST_get0(idx);
-	return pt->check_trust(pt, x, flags);
-}
-
-int X509_TRUST_get_count(void)
-{
-	if(!trtable) return X509_TRUST_COUNT;
-	return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
-}
-
-X509_TRUST * X509_TRUST_get0(int idx)
-{
-	if(idx < 0) return NULL;
-	if(idx < (int)X509_TRUST_COUNT) return trstandard + idx;
-	return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
-}
-
-int X509_TRUST_get_by_id(int id)
-{
-	X509_TRUST tmp;
-	int idx;
-	if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
-				 return id - X509_TRUST_MIN;
-	tmp.trust = id;
-	if(!trtable) return -1;
-	idx = sk_X509_TRUST_find(trtable, &tmp);
-	if(idx == -1) return -1;
-	return idx + X509_TRUST_COUNT;
-}
-
-int X509_TRUST_set(int *t, int trust)
-{
-	if(X509_TRUST_get_by_id(trust) == -1) {
-		X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
-		return 0;
-	}
-	*t = trust;
-	return 1;
-}
-
-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
-					char *name, int arg1, void *arg2)
-{
-	int idx;
-	X509_TRUST *trtmp;
-	/* This is set according to what we change: application can't set it */
-	flags &= ~X509_TRUST_DYNAMIC;
-	/* This will always be set for application modified trust entries */
-	flags |= X509_TRUST_DYNAMIC_NAME;
-	/* Get existing entry if any */
-	idx = X509_TRUST_get_by_id(id);
-	/* Need a new entry */
-	if(idx == -1) {
-		if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
-			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		trtmp->flags = X509_TRUST_DYNAMIC;
-	} else trtmp = X509_TRUST_get0(idx);
-
-	/* OPENSSL_free existing name if dynamic */
-	if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
-	/* dup supplied name */
-	if(!(trtmp->name = BUF_strdup(name))) {
-		X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	/* Keep the dynamic flag of existing entry */
-	trtmp->flags &= X509_TRUST_DYNAMIC;
-	/* Set all other flags */
-	trtmp->flags |= flags;
-
-	trtmp->trust = id;
-	trtmp->check_trust = ck;
-	trtmp->arg1 = arg1;
-	trtmp->arg2 = arg2;
-
-	/* If its a new entry manage the dynamic table */
-	if(idx == -1) {
-		if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
-			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		if (!sk_X509_TRUST_push(trtable, trtmp)) {
-			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-	}
-	return 1;
-}
-
-static void trtable_free(X509_TRUST *p)
-	{
-	if(!p) return;
-	if (p->flags & X509_TRUST_DYNAMIC) 
-		{
-		if (p->flags & X509_TRUST_DYNAMIC_NAME)
-			OPENSSL_free(p->name);
-		OPENSSL_free(p);
-		}
-	}
-
-void X509_TRUST_cleanup(void)
-{
-	unsigned int i;
-	for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
-	sk_X509_TRUST_pop_free(trtable, trtable_free);
-	trtable = NULL;
-}
-
-int X509_TRUST_get_flags(X509_TRUST *xp)
-{
-	return xp->flags;
-}
-
-char *X509_TRUST_get0_name(X509_TRUST *xp)
-{
-	return xp->name;
-}
-
-int X509_TRUST_get_trust(X509_TRUST *xp)
-{
-	return xp->trust;
-}
-
-static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
-{
-	if(x->aux && (x->aux->trust || x->aux->reject))
-		return obj_trust(trust->arg1, x, flags);
-	/* we don't have any trust settings: for compatibility
-	 * we return trusted if it is self signed
-	 */
-	return trust_compat(trust, x, flags);
-}
-
-static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
-{
-	if(x->aux) return obj_trust(trust->arg1, x, flags);
-	return X509_TRUST_UNTRUSTED;
-}
-
-static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
-{
-	X509_check_purpose(x, -1, 0);
-	if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
-	else return X509_TRUST_UNTRUSTED;
-}
-
-static int obj_trust(int id, X509 *x, int flags)
-{
-	ASN1_OBJECT *obj;
-	int i;
-	X509_CERT_AUX *ax;
-	ax = x->aux;
-	if(!ax) return X509_TRUST_UNTRUSTED;
-	if(ax->reject) {
-		for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
-			obj = sk_ASN1_OBJECT_value(ax->reject, i);
-			if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
-		}
-	}	
-	if(ax->trust) {
-		for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
-			obj = sk_ASN1_OBJECT_value(ax->trust, i);
-			if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
-		}
-	}
-	return X509_TRUST_UNTRUSTED;
-}
-
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
deleted file mode 100644
index c44f753c46..0000000000
--- a/crypto/x509/x509_txt.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/* crypto/x509/x509_txt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-
-const char *X509_verify_cert_error_string(long n)
-	{
-	static char buf[100];
-
-	switch ((int)n)
-		{
-	case X509_V_OK:
-		return("ok");
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-		return("unable to get issuer certificate");
-	case X509_V_ERR_UNABLE_TO_GET_CRL:
-		return("unable to get certificate CRL");
-	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-		return("unable to decrypt certificate's signature");
-	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-		return("unable to decrypt CRL's signature");
-	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-		return("unable to decode issuer public key");
-	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-		return("certificate signature failure");
-	case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-		return("CRL signature failure");
-	case X509_V_ERR_CERT_NOT_YET_VALID:
-		return("certificate is not yet valid");
-	case X509_V_ERR_CRL_NOT_YET_VALID:
-		return("CRL is not yet valid");
-	case X509_V_ERR_CERT_HAS_EXPIRED:
-		return("certificate has expired");
-	case X509_V_ERR_CRL_HAS_EXPIRED:
-		return("CRL has expired");
-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-		return("format error in certificate's notBefore field");
-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-		return("format error in certificate's notAfter field");
-	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-		return("format error in CRL's lastUpdate field");
-	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-		return("format error in CRL's nextUpdate field");
-	case X509_V_ERR_OUT_OF_MEM:
-		return("out of memory");
-	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-		return("self signed certificate");
-	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-		return("self signed certificate in certificate chain");
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-		return("unable to get local issuer certificate");
-	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-		return("unable to verify the first certificate");
-	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-		return("certificate chain too long");
-	case X509_V_ERR_CERT_REVOKED:
-		return("certificate revoked");
-	case X509_V_ERR_INVALID_CA:
-		return ("invalid CA certificate");
-	case X509_V_ERR_INVALID_NON_CA:
-		return ("invalid non-CA certificate (has CA markings)");
-	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-		return ("path length constraint exceeded");
-	case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
-		return("proxy path length constraint exceeded");
-	case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
-		return("proxy certificates not allowed, please set the appropriate flag");
-	case X509_V_ERR_INVALID_PURPOSE:
-		return ("unsupported certificate purpose");
-	case X509_V_ERR_CERT_UNTRUSTED:
-		return ("certificate not trusted");
-	case X509_V_ERR_CERT_REJECTED:
-		return ("certificate rejected");
-	case X509_V_ERR_APPLICATION_VERIFICATION:
-		return("application verification failure");
-	case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
-		return("subject issuer mismatch");
-	case X509_V_ERR_AKID_SKID_MISMATCH:
-		return("authority and subject key identifier mismatch");
-	case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
-		return("authority and issuer serial number mismatch");
-	case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
-		return("key usage does not include certificate signing");
-	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
-		return("unable to get CRL issuer certificate");
-	case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
-		return("unhandled critical extension");
-	case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
-		return("key usage does not include CRL signing");
-	case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
-		return("key usage does not include digital signature");
-	case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
-		return("unhandled critical CRL extension");
-	case X509_V_ERR_INVALID_EXTENSION:
-		return("invalid or inconsistent certificate extension");
-	case X509_V_ERR_INVALID_POLICY_EXTENSION:
-		return("invalid or inconsistent certificate policy extension");
-	case X509_V_ERR_NO_EXPLICIT_POLICY:
-		return("no explicit policy");
-	case X509_V_ERR_DIFFERENT_CRL_SCOPE:
-	return("Different CRL scope");
-	case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
-	return("Unsupported extension feature");
- 	case X509_V_ERR_UNNESTED_RESOURCE:
- 		return("RFC 3779 resource not subset of parent's resources");
-
-	case X509_V_ERR_PERMITTED_VIOLATION:
-		return("permitted subtree violation");
-	case X509_V_ERR_EXCLUDED_VIOLATION:
-		return("excluded subtree violation");
-	case X509_V_ERR_SUBTREE_MINMAX:
-		return("name constraints minimum and maximum not supported");
-	case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
-		return("unsupported name constraint type");
-	case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
-		return("unsupported or invalid name constraint syntax");
-	case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
-		return("unsupported or invalid name syntax");
-	case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
-		return("CRL path validation error");
-
-	default:
-		BIO_snprintf(buf,sizeof buf,"error number %ld",n);
-		return(buf);
-		}
-	}
-
-
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
deleted file mode 100644
index 42e6f0ab05..0000000000
--- a/crypto/x509/x509_v3.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/* crypto/x509/x509_v3.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
-	{
-	if (x == NULL) return(0);
-	return(sk_X509_EXTENSION_num(x));
-	}
-
-int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
-			  int lastpos)
-	{
-	ASN1_OBJECT *obj;
-
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL) return(-2);
-	return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
-	}
-
-int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
-			  int lastpos)
-	{
-	int n;
-	X509_EXTENSION *ex;
-
-	if (sk == NULL) return(-1);
-	lastpos++;
-	if (lastpos < 0)
-		lastpos=0;
-	n=sk_X509_EXTENSION_num(sk);
-	for ( ; lastpos < n; lastpos++)
-		{
-		ex=sk_X509_EXTENSION_value(sk,lastpos);
-		if (OBJ_cmp(ex->object,obj) == 0)
-			return(lastpos);
-		}
-	return(-1);
-	}
-
-int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
-			       int lastpos)
-	{
-	int n;
-	X509_EXTENSION *ex;
-
-	if (sk == NULL) return(-1);
-	lastpos++;
-	if (lastpos < 0)
-		lastpos=0;
-	n=sk_X509_EXTENSION_num(sk);
-	for ( ; lastpos < n; lastpos++)
-		{
-		ex=sk_X509_EXTENSION_value(sk,lastpos);
-		if (	((ex->critical > 0) && crit) ||
-			((ex->critical <= 0) && !crit))
-			return(lastpos);
-		}
-	return(-1);
-	}
-
-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
-	{
-	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
-		return NULL;
-	else
-		return sk_X509_EXTENSION_value(x,loc);
-	}
-
-X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
-	{
-	X509_EXTENSION *ret;
-
-	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
-		return(NULL);
-	ret=sk_X509_EXTENSION_delete(x,loc);
-	return(ret);
-	}
-
-STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
-					 X509_EXTENSION *ex, int loc)
-	{
-	X509_EXTENSION *new_ex=NULL;
-	int n;
-	STACK_OF(X509_EXTENSION) *sk=NULL;
-
-	if (x == NULL)
-		{
-		X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER);
-		goto err2;
-		}
-
-	if (*x == NULL)
-		{
-		if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
-			goto err;
-		}
-	else
-		sk= *x;
-
-	n=sk_X509_EXTENSION_num(sk);
-	if (loc > n) loc=n;
-	else if (loc < 0) loc=n;
-
-	if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
-		goto err2;
-	if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
-		goto err;
-	if (*x == NULL)
-		*x=sk;
-	return(sk);
-err:
-	X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
-err2:
-	if (new_ex != NULL) X509_EXTENSION_free(new_ex);
-	if (sk != NULL) sk_X509_EXTENSION_free(sk);
-	return(NULL);
-	}
-
-X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
-	     int crit, ASN1_OCTET_STRING *data)
-	{
-	ASN1_OBJECT *obj;
-	X509_EXTENSION *ret;
-
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
-		return(NULL);
-		}
-	ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
-	if (ret == NULL) ASN1_OBJECT_free(obj);
-	return(ret);
-	}
-
-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
-	     ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
-	{
-	X509_EXTENSION *ret;
-
-	if ((ex == NULL) || (*ex == NULL))
-		{
-		if ((ret=X509_EXTENSION_new()) == NULL)
-			{
-			X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		}
-	else
-		ret= *ex;
-
-	if (!X509_EXTENSION_set_object(ret,obj))
-		goto err;
-	if (!X509_EXTENSION_set_critical(ret,crit))
-		goto err;
-	if (!X509_EXTENSION_set_data(ret,data))
-		goto err;
-	
-	if ((ex != NULL) && (*ex == NULL)) *ex=ret;
-	return(ret);
-err:
-	if ((ex == NULL) || (ret != *ex))
-		X509_EXTENSION_free(ret);
-	return(NULL);
-	}
-
-int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
-	{
-	if ((ex == NULL) || (obj == NULL))
-		return(0);
-	ASN1_OBJECT_free(ex->object);
-	ex->object=OBJ_dup(obj);
-	return(1);
-	}
-
-int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
-	{
-	if (ex == NULL) return(0);
-	ex->critical=(crit)?0xFF:-1;
-	return(1);
-	}
-
-int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
-	{
-	int i;
-
-	if (ex == NULL) return(0);
-	i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
-	if (!i) return(0);
-	return(1);
-	}
-
-ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
-	{
-	if (ex == NULL) return(NULL);
-	return(ex->object);
-	}
-
-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
-	{
-	if (ex == NULL) return(NULL);
-	return(ex->value);
-	}
-
-int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
-	{
-	if (ex == NULL) return(0);
-	if(ex->critical > 0) return 1;
-	return 0;
-	}
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
deleted file mode 100644
index 920066aeba..0000000000
--- a/crypto/x509/x509_vfy.c
+++ /dev/null
@@ -1,2224 +0,0 @@
-/* crypto/x509/x509_vfy.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-
-/* CRL score values */
-
-/* No unhandled critical extensions */
-
-#define CRL_SCORE_NOCRITICAL	0x100
-
-/* certificate is within CRL scope */
-
-#define CRL_SCORE_SCOPE		0x080
-
-/* CRL times valid */
-
-#define CRL_SCORE_TIME		0x040
-
-/* Issuer name matches certificate */
-
-#define CRL_SCORE_ISSUER_NAME	0x020
-
-/* If this score or above CRL is probably valid */
-
-#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
-
-/* CRL issuer is certificate issuer */
-
-#define CRL_SCORE_ISSUER_CERT	0x018
-
-/* CRL issuer is on certificate path */
-
-#define CRL_SCORE_SAME_PATH	0x008
-
-/* CRL issuer matches CRL AKID */
-
-#define CRL_SCORE_AKID		0x004
-
-/* Have a delta CRL with valid times */
-
-#define CRL_SCORE_TIME_DELTA	0x002
-
-static int null_callback(int ok,X509_STORE_CTX *e);
-static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
-static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
-static int check_chain_extensions(X509_STORE_CTX *ctx);
-static int check_name_constraints(X509_STORE_CTX *ctx);
-static int check_trust(X509_STORE_CTX *ctx);
-static int check_revocation(X509_STORE_CTX *ctx);
-static int check_cert(X509_STORE_CTX *ctx);
-static int check_policy(X509_STORE_CTX *ctx);
-
-static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
-			unsigned int *preasons,
-			X509_CRL *crl, X509 *x);
-static int get_crl_delta(X509_STORE_CTX *ctx,
-				X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
-static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score,
-			X509_CRL *base, STACK_OF(X509_CRL) *crls);
-static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
-				X509 **pissuer, int *pcrl_score);
-static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
-				unsigned int *preasons);
-static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
-static int check_crl_chain(X509_STORE_CTX *ctx,
-			STACK_OF(X509) *cert_path,
-			STACK_OF(X509) *crl_path);
-
-static int internal_verify(X509_STORE_CTX *ctx);
-const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT;
-
-
-static int null_callback(int ok, X509_STORE_CTX *e)
-	{
-	return ok;
-	}
-
-#if 0
-static int x509_subject_cmp(X509 **a, X509 **b)
-	{
-	return X509_subject_name_cmp(*a,*b);
-	}
-#endif
-
-int X509_verify_cert(X509_STORE_CTX *ctx)
-	{
-	X509 *x,*xtmp,*chain_ss=NULL;
-	int bad_chain = 0;
-	X509_VERIFY_PARAM *param = ctx->param;
-	int depth,i,ok=0;
-	int num;
-	int (*cb)(int xok,X509_STORE_CTX *xctx);
-	STACK_OF(X509) *sktmp=NULL;
-	if (ctx->cert == NULL)
-		{
-		X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
-		return -1;
-		}
-
-	cb=ctx->verify_cb;
-
-	/* first we make sure the chain we are going to build is
-	 * present and that the first entry is in place */
-	if (ctx->chain == NULL)
-		{
-		if (	((ctx->chain=sk_X509_new_null()) == NULL) ||
-			(!sk_X509_push(ctx->chain,ctx->cert)))
-			{
-			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-			goto end;
-			}
-		CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
-		ctx->last_untrusted=1;
-		}
-
-	/* We use a temporary STACK so we can chop and hack at it */
-	if (ctx->untrusted != NULL
-	    && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
-		{
-		X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-		goto end;
-		}
-
-	num=sk_X509_num(ctx->chain);
-	x=sk_X509_value(ctx->chain,num-1);
-	depth=param->depth;
-
-
-	for (;;)
-		{
-		/* If we have enough, we break */
-		if (depth < num) break; /* FIXME: If this happens, we should take
-		                         * note of it and, if appropriate, use the
-		                         * X509_V_ERR_CERT_CHAIN_TOO_LONG error
-		                         * code later.
-		                         */
-
-		/* If we are self signed, we break */
-		if (ctx->check_issued(ctx, x,x)) break;
-
-		/* If we were passed a cert chain, use it first */
-		if (ctx->untrusted != NULL)
-			{
-			xtmp=find_issuer(ctx, sktmp,x);
-			if (xtmp != NULL)
-				{
-				if (!sk_X509_push(ctx->chain,xtmp))
-					{
-					X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-					goto end;
-					}
-				CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
-				(void)sk_X509_delete_ptr(sktmp,xtmp);
-				ctx->last_untrusted++;
-				x=xtmp;
-				num++;
-				/* reparse the full chain for
-				 * the next one */
-				continue;
-				}
-			}
-		break;
-		}
-
-	/* at this point, chain should contain a list of untrusted
-	 * certificates.  We now need to add at least one trusted one,
-	 * if possible, otherwise we complain. */
-
-	/* Examine last certificate in chain and see if it
- 	 * is self signed.
- 	 */
-
-	i=sk_X509_num(ctx->chain);
-	x=sk_X509_value(ctx->chain,i-1);
-	if (ctx->check_issued(ctx, x, x))
-		{
-		/* we have a self signed certificate */
-		if (sk_X509_num(ctx->chain) == 1)
-			{
-			/* We have a single self signed certificate: see if
-			 * we can find it in the store. We must have an exact
-			 * match to avoid possible impersonation.
-			 */
-			ok = ctx->get_issuer(&xtmp, ctx, x);
-			if ((ok <= 0) || X509_cmp(x, xtmp)) 
-				{
-				ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
-				ctx->current_cert=x;
-				ctx->error_depth=i-1;
-				if (ok == 1) X509_free(xtmp);
-				bad_chain = 1;
-				ok=cb(0,ctx);
-				if (!ok) goto end;
-				}
-			else 
-				{
-				/* We have a match: replace certificate with store version
-				 * so we get any trust settings.
-				 */
-				X509_free(x);
-				x = xtmp;
-				(void)sk_X509_set(ctx->chain, i - 1, x);
-				ctx->last_untrusted=0;
-				}
-			}
-		else
-			{
-			/* extract and save self signed certificate for later use */
-			chain_ss=sk_X509_pop(ctx->chain);
-			ctx->last_untrusted--;
-			num--;
-			x=sk_X509_value(ctx->chain,num-1);
-			}
-		}
-
-	/* We now lookup certs from the certificate store */
-	for (;;)
-		{
-		/* If we have enough, we break */
-		if (depth < num) break;
-
-		/* If we are self signed, we break */
-		if (ctx->check_issued(ctx,x,x)) break;
-
-		ok = ctx->get_issuer(&xtmp, ctx, x);
-
-		if (ok < 0) return ok;
-		if (ok == 0) break;
-
-		x = xtmp;
-		if (!sk_X509_push(ctx->chain,x))
-			{
-			X509_free(xtmp);
-			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		num++;
-		}
-
-	/* we now have our chain, lets check it... */
-
-	/* Is last certificate looked up self signed? */
-	if (!ctx->check_issued(ctx,x,x))
-		{
-		if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
-			{
-			if (ctx->last_untrusted >= num)
-				ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
-			else
-				ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
-			ctx->current_cert=x;
-			}
-		else
-			{
-
-			sk_X509_push(ctx->chain,chain_ss);
-			num++;
-			ctx->last_untrusted=num;
-			ctx->current_cert=chain_ss;
-			ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
-			chain_ss=NULL;
-			}
-
-		ctx->error_depth=num-1;
-		bad_chain = 1;
-		ok=cb(0,ctx);
-		if (!ok) goto end;
-		}
-
-	/* We have the chain complete: now we need to check its purpose */
-	ok = check_chain_extensions(ctx);
-
-	if (!ok) goto end;
-
-	/* Check name constraints */
-
-	ok = check_name_constraints(ctx);
-	
-	if (!ok) goto end;
-
-	/* The chain extensions are OK: check trust */
-
-	if (param->trust > 0) ok = check_trust(ctx);
-
-	if (!ok) goto end;
-
-	/* We may as well copy down any DSA parameters that are required */
-	X509_get_pubkey_parameters(NULL,ctx->chain);
-
-	/* Check revocation status: we do this after copying parameters
-	 * because they may be needed for CRL signature verification.
-	 */
-
-	ok = ctx->check_revocation(ctx);
-	if(!ok) goto end;
-
-	/* At this point, we have a chain and need to verify it */
-	if (ctx->verify != NULL)
-		ok=ctx->verify(ctx);
-	else
-		ok=internal_verify(ctx);
-	if(!ok) goto end;
-
-#ifndef OPENSSL_NO_RFC3779
-	/* RFC 3779 path validation, now that CRL check has been done */
-	ok = v3_asid_validate_path(ctx);
-	if (!ok) goto end;
-	ok = v3_addr_validate_path(ctx);
-	if (!ok) goto end;
-#endif
-
-	/* If we get this far evaluate policies */
-	if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
-		ok = ctx->check_policy(ctx);
-	if(!ok) goto end;
-	if (0)
-		{
-end:
-		X509_get_pubkey_parameters(NULL,ctx->chain);
-		}
-	if (sktmp != NULL) sk_X509_free(sktmp);
-	if (chain_ss != NULL) X509_free(chain_ss);
-	return ok;
-	}
-
-
-/* Given a STACK_OF(X509) find the issuer of cert (if any)
- */
-
-static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
-{
-	int i;
-	X509 *issuer;
-	for (i = 0; i < sk_X509_num(sk); i++)
-		{
-		issuer = sk_X509_value(sk, i);
-		if (ctx->check_issued(ctx, x, issuer))
-			return issuer;
-		}
-	return NULL;
-}
-
-/* Given a possible certificate and issuer check them */
-
-static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
-{
-	int ret;
-	ret = X509_check_issued(issuer, x);
-	if (ret == X509_V_OK)
-		return 1;
-	/* If we haven't asked for issuer errors don't set ctx */
-	if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
-		return 0;
-
-	ctx->error = ret;
-	ctx->current_cert = x;
-	ctx->current_issuer = issuer;
-	return ctx->verify_cb(0, ctx);
-	return 0;
-}
-
-/* Alternative lookup method: look from a STACK stored in other_ctx */
-
-static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
-{
-	*issuer = find_issuer(ctx, ctx->other_ctx, x);
-	if (*issuer)
-		{
-		CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
-		return 1;
-		}
-	else
-		return 0;
-}
-	
-
-/* Check a certificate chains extensions for consistency
- * with the supplied purpose
- */
-
-static int check_chain_extensions(X509_STORE_CTX *ctx)
-{
-#ifdef OPENSSL_NO_CHAIN_VERIFY
-	return 1;
-#else
-	int i, ok=0, must_be_ca, plen = 0;
-	X509 *x;
-	int (*cb)(int xok,X509_STORE_CTX *xctx);
-	int proxy_path_length = 0;
-	int purpose;
-	int allow_proxy_certs;
-	cb=ctx->verify_cb;
-
-	/* must_be_ca can have 1 of 3 values:
-	   -1: we accept both CA and non-CA certificates, to allow direct
-	       use of self-signed certificates (which are marked as CA).
-	   0:  we only accept non-CA certificates.  This is currently not
-	       used, but the possibility is present for future extensions.
-	   1:  we only accept CA certificates.  This is currently used for
-	       all certificates in the chain except the leaf certificate.
-	*/
-	must_be_ca = -1;
-
-	/* CRL path validation */
-	if (ctx->parent)
-		{
-		allow_proxy_certs = 0;
-		purpose = X509_PURPOSE_CRL_SIGN;
-		}
-	else
-		{
-		allow_proxy_certs =
-			!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
-		/* A hack to keep people who don't want to modify their
-		   software happy */
-		if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
-			allow_proxy_certs = 1;
-		purpose = ctx->param->purpose;
-		}
-
-	/* Check all untrusted certificates */
-	for (i = 0; i < ctx->last_untrusted; i++)
-		{
-		int ret;
-		x = sk_X509_value(ctx->chain, i);
-		if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-			&& (x->ex_flags & EXFLAG_CRITICAL))
-			{
-			ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
-			ctx->error_depth = i;
-			ctx->current_cert = x;
-			ok=cb(0,ctx);
-			if (!ok) goto end;
-			}
-		if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY))
-			{
-			ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
-			ctx->error_depth = i;
-			ctx->current_cert = x;
-			ok=cb(0,ctx);
-			if (!ok) goto end;
-			}
-		ret = X509_check_ca(x);
-		switch(must_be_ca)
-			{
-		case -1:
-			if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
-				&& (ret != 1) && (ret != 0))
-				{
-				ret = 0;
-				ctx->error = X509_V_ERR_INVALID_CA;
-				}
-			else
-				ret = 1;
-			break;
-		case 0:
-			if (ret != 0)
-				{
-				ret = 0;
-				ctx->error = X509_V_ERR_INVALID_NON_CA;
-				}
-			else
-				ret = 1;
-			break;
-		default:
-			if ((ret == 0)
-				|| ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
-					&& (ret != 1)))
-				{
-				ret = 0;
-				ctx->error = X509_V_ERR_INVALID_CA;
-				}
-			else
-				ret = 1;
-			break;
-			}
-		if (ret == 0)
-			{
-			ctx->error_depth = i;
-			ctx->current_cert = x;
-			ok=cb(0,ctx);
-			if (!ok) goto end;
-			}
-		if (ctx->param->purpose > 0)
-			{
-			ret = X509_check_purpose(x, purpose, must_be_ca > 0);
-			if ((ret == 0)
-				|| ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
-					&& (ret != 1)))
-				{
-				ctx->error = X509_V_ERR_INVALID_PURPOSE;
-				ctx->error_depth = i;
-				ctx->current_cert = x;
-				ok=cb(0,ctx);
-				if (!ok) goto end;
-				}
-			}
-		/* Check pathlen if not self issued */
-		if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
-			   && (x->ex_pathlen != -1)
-			   && (plen > (x->ex_pathlen + proxy_path_length + 1)))
-			{
-			ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
-			ctx->error_depth = i;
-			ctx->current_cert = x;
-			ok=cb(0,ctx);
-			if (!ok) goto end;
-			}
-		/* Increment path length if not self issued */
-		if (!(x->ex_flags & EXFLAG_SI))
-			plen++;
-		/* If this certificate is a proxy certificate, the next
-		   certificate must be another proxy certificate or a EE
-		   certificate.  If not, the next certificate must be a
-		   CA certificate.  */
-		if (x->ex_flags & EXFLAG_PROXY)
-			{
-			if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen)
-				{
-				ctx->error =
-					X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
-				ctx->error_depth = i;
-				ctx->current_cert = x;
-				ok=cb(0,ctx);
-				if (!ok) goto end;
-				}
-			proxy_path_length++;
-			must_be_ca = 0;
-			}
-		else
-			must_be_ca = 1;
-		}
-	ok = 1;
- end:
-	return ok;
-#endif
-}
-
-static int check_name_constraints(X509_STORE_CTX *ctx)
-	{
-	X509 *x;
-	int i, j, rv;
-	/* Check name constraints for all certificates */
-	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
-		{
-		x = sk_X509_value(ctx->chain, i);
-		/* Ignore self issued certs unless last in chain */
-		if (i && (x->ex_flags & EXFLAG_SI))
-			continue;
-		/* Check against constraints for all certificates higher in
-		 * chain including trust anchor. Trust anchor not strictly
-		 * speaking needed but if it includes constraints it is to be
-		 * assumed it expects them to be obeyed.
-		 */
-		for (j = sk_X509_num(ctx->chain) - 1; j > i; j--)
-			{
-			NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
-			if (nc)
-				{
-				rv = NAME_CONSTRAINTS_check(x, nc);
-				if (rv != X509_V_OK)
-					{
-					ctx->error = rv;
-					ctx->error_depth = i;
-					ctx->current_cert = x;
-					if (!ctx->verify_cb(0,ctx))
-						return 0;
-					}
-				}
-			}
-		}
-	return 1;
-	}
-
-static int check_trust(X509_STORE_CTX *ctx)
-{
-#ifdef OPENSSL_NO_CHAIN_VERIFY
-	return 1;
-#else
-	int i, ok;
-	X509 *x;
-	int (*cb)(int xok,X509_STORE_CTX *xctx);
-	cb=ctx->verify_cb;
-/* For now just check the last certificate in the chain */
-	i = sk_X509_num(ctx->chain) - 1;
-	x = sk_X509_value(ctx->chain, i);
-	ok = X509_check_trust(x, ctx->param->trust, 0);
-	if (ok == X509_TRUST_TRUSTED)
-		return 1;
-	ctx->error_depth = i;
-	ctx->current_cert = x;
-	if (ok == X509_TRUST_REJECTED)
-		ctx->error = X509_V_ERR_CERT_REJECTED;
-	else
-		ctx->error = X509_V_ERR_CERT_UNTRUSTED;
-	ok = cb(0, ctx);
-	return ok;
-#endif
-}
-
-static int check_revocation(X509_STORE_CTX *ctx)
-	{
-	int i, last, ok;
-	if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
-		return 1;
-	if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
-		last = sk_X509_num(ctx->chain) - 1;
-	else
-		{
-		/* If checking CRL paths this isn't the EE certificate */
-		if (ctx->parent)
-			return 1;
-		last = 0;
-		}
-	for(i = 0; i <= last; i++)
-		{
-		ctx->error_depth = i;
-		ok = check_cert(ctx);
-		if (!ok) return ok;
-		}
-	return 1;
-	}
-
-static int check_cert(X509_STORE_CTX *ctx)
-	{
-	X509_CRL *crl = NULL, *dcrl = NULL;
-	X509 *x;
-	int ok, cnum;
-	unsigned int last_reasons;
-	cnum = ctx->error_depth;
-	x = sk_X509_value(ctx->chain, cnum);
-	ctx->current_cert = x;
-	ctx->current_issuer = NULL;
-	ctx->current_crl_score = 0;
-	ctx->current_reasons = 0;
-	while (ctx->current_reasons != CRLDP_ALL_REASONS)
-		{
-		last_reasons = ctx->current_reasons;
-		/* Try to retrieve relevant CRL */
-		if (ctx->get_crl)
-			ok = ctx->get_crl(ctx, &crl, x);
-		else
-			ok = get_crl_delta(ctx, &crl, &dcrl, x);
-		/* If error looking up CRL, nothing we can do except
-		 * notify callback
-		 */
-		if(!ok)
-			{
-			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
-			ok = ctx->verify_cb(0, ctx);
-			goto err;
-			}
-		ctx->current_crl = crl;
-		ok = ctx->check_crl(ctx, crl);
-		if (!ok)
-			goto err;
-
-		if (dcrl)
-			{
-			ok = ctx->check_crl(ctx, dcrl);
-			if (!ok)
-				goto err;
-			ok = ctx->cert_crl(ctx, dcrl, x);
-			if (!ok)
-				goto err;
-			}
-		else
-			ok = 1;
-
-		/* Don't look in full CRL if delta reason is removefromCRL */
-		if (ok != 2)
-			{
-			ok = ctx->cert_crl(ctx, crl, x);
-			if (!ok)
-				goto err;
-			}
-
-		X509_CRL_free(crl);
-		X509_CRL_free(dcrl);
-		crl = NULL;
-		dcrl = NULL;
-		/* If reasons not updated we wont get anywhere by
-		 * another iteration, so exit loop.
-		 */
-		if (last_reasons == ctx->current_reasons)
-			{
-			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
-			ok = ctx->verify_cb(0, ctx);
-			goto err;
-			}
-		}
-	err:
-	X509_CRL_free(crl);
-	X509_CRL_free(dcrl);
-
-	ctx->current_crl = NULL;
-	return ok;
-
-	}
-
-/* Check CRL times against values in X509_STORE_CTX */
-
-static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
-	{
-	time_t *ptime;
-	int i;
-	if (notify)
-		ctx->current_crl = crl;
-	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
-		ptime = &ctx->param->check_time;
-	else
-		ptime = NULL;
-
-	i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
-	if (i == 0)
-		{
-		if (!notify)
-			return 0;
-		ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
-		if (!ctx->verify_cb(0, ctx))
-			return 0;
-		}
-
-	if (i > 0)
-		{
-		if (!notify)
-			return 0;
-		ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
-		if (!ctx->verify_cb(0, ctx))
-			return 0;
-		}
-
-	if(X509_CRL_get_nextUpdate(crl))
-		{
-		i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
-
-		if (i == 0)
-			{
-			if (!notify)
-				return 0;
-			ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
-			if (!ctx->verify_cb(0, ctx))
-				return 0;
-			}
-		/* Ignore expiry of base CRL is delta is valid */
-		if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA))
-			{
-			if (!notify)
-				return 0;
-			ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
-			if (!ctx->verify_cb(0, ctx))
-				return 0;
-			}
-		}
-
-	if (notify)
-		ctx->current_crl = NULL;
-
-	return 1;
-	}
-
-static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
-			X509 **pissuer, int *pscore, unsigned int *preasons,
-			STACK_OF(X509_CRL) *crls)
-	{
-	int i, crl_score, best_score = *pscore;
-	unsigned int reasons, best_reasons = 0;
-	X509 *x = ctx->current_cert;
-	X509_CRL *crl, *best_crl = NULL;
-	X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
-
-	for (i = 0; i < sk_X509_CRL_num(crls); i++)
-		{
-		crl = sk_X509_CRL_value(crls, i);
-		reasons = *preasons;
-		crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
-
-		if (crl_score > best_score)
-			{
-			best_crl = crl;
-			best_crl_issuer = crl_issuer;
-			best_score = crl_score;
-			best_reasons = reasons;
-			}
-		}
-
-	if (best_crl)
-		{
-		if (*pcrl)
-			X509_CRL_free(*pcrl);
-		*pcrl = best_crl;
-		*pissuer = best_crl_issuer;
-		*pscore = best_score;
-		*preasons = best_reasons;
-		CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL);
-		if (*pdcrl)
-			{
-			X509_CRL_free(*pdcrl);
-			*pdcrl = NULL;
-			}
-		get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
-		}
-
-	if (best_score >= CRL_SCORE_VALID)
-		return 1;
-
-	return 0;
-	}
-
-/* Compare two CRL extensions for delta checking purposes. They should be
- * both present or both absent. If both present all fields must be identical.
- */
-
-static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
-	{
-	ASN1_OCTET_STRING *exta, *extb;
-	int i;
-	i = X509_CRL_get_ext_by_NID(a, nid, -1);
-	if (i >= 0)
-		{
-		/* Can't have multiple occurrences */
-		if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
-			return 0;
-		exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
-		}
-	else
-		exta = NULL;
-
-	i = X509_CRL_get_ext_by_NID(b, nid, -1);
-
-	if (i >= 0)
-		{
-
-		if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
-			return 0;
-		extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
-		}
-	else
-		extb = NULL;
-
-	if (!exta && !extb)
-		return 1;
-
-	if (!exta || !extb)
-		return 0;
-
-
-	if (ASN1_OCTET_STRING_cmp(exta, extb))
-		return 0;
-
-	return 1;
-	}
-
-/* See if a base and delta are compatible */
-
-static int check_delta_base(X509_CRL *delta, X509_CRL *base)
-	{
-	/* Delta CRL must be a delta */
-	if (!delta->base_crl_number)
-			return 0;
-	/* Base must have a CRL number */
-	if (!base->crl_number)
-			return 0;
-	/* Issuer names must match */
-	if (X509_NAME_cmp(X509_CRL_get_issuer(base),
-				X509_CRL_get_issuer(delta)))
-		return 0;
-	/* AKID and IDP must match */
-	if (!crl_extension_match(delta, base, NID_authority_key_identifier))
-			return 0;
-	if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
-			return 0;
-	/* Delta CRL base number must not exceed Full CRL number. */
-	if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
-			return 0;
-	/* Delta CRL number must exceed full CRL number */
-	if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
-			return 1;
-	return 0;
-	}
-
-/* For a given base CRL find a delta... maybe extend to delta scoring
- * or retrieve a chain of deltas...
- */
-
-static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
-			X509_CRL *base, STACK_OF(X509_CRL) *crls)
-	{
-	X509_CRL *delta;
-	int i;
-	if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
-		return;
-	if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
-		return;
-	for (i = 0; i < sk_X509_CRL_num(crls); i++)
-		{
-		delta = sk_X509_CRL_value(crls, i);
-		if (check_delta_base(delta, base))
-			{
-			if (check_crl_time(ctx, delta, 0))
-				*pscore |= CRL_SCORE_TIME_DELTA;
-			CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL);
-			*dcrl = delta;
-			return;
-			}
-		}
-	*dcrl = NULL;
-	}
-
-/* For a given CRL return how suitable it is for the supplied certificate 'x'.
- * The return value is a mask of several criteria.
- * If the issuer is not the certificate issuer this is returned in *pissuer.
- * The reasons mask is also used to determine if the CRL is suitable: if
- * no new reasons the CRL is rejected, otherwise reasons is updated.
- */
-
-static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
-			unsigned int *preasons,
-			X509_CRL *crl, X509 *x)
-	{
-
-	int crl_score = 0;
-	unsigned int tmp_reasons = *preasons, crl_reasons;
-
-	/* First see if we can reject CRL straight away */
-
-	/* Invalid IDP cannot be processed */
-	if (crl->idp_flags & IDP_INVALID)
-		return 0;
-	/* Reason codes or indirect CRLs need extended CRL support */
-	if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
-		{
-		if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
-			return 0;
-		}
-	else if (crl->idp_flags & IDP_REASONS)
-		{
-		/* If no new reasons reject */
-		if (!(crl->idp_reasons & ~tmp_reasons))
-			return 0;
-		}
-	/* Don't process deltas at this stage */
-	else if (crl->base_crl_number)
-		return 0;
-	/* If issuer name doesn't match certificate need indirect CRL */
-	if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl)))
-		{
-		if (!(crl->idp_flags & IDP_INDIRECT))
-			return 0;
-		}
-	else
-		crl_score |= CRL_SCORE_ISSUER_NAME;
-
-	if (!(crl->flags & EXFLAG_CRITICAL))
-		crl_score |= CRL_SCORE_NOCRITICAL;
-
-	/* Check expiry */
-	if (check_crl_time(ctx, crl, 0))
-		crl_score |= CRL_SCORE_TIME;
-
-	/* Check authority key ID and locate certificate issuer */
-	crl_akid_check(ctx, crl, pissuer, &crl_score);
-
-	/* If we can't locate certificate issuer at this point forget it */
-
-	if (!(crl_score & CRL_SCORE_AKID))
-		return 0;
-
-	/* Check cert for matching CRL distribution points */
-
-	if (crl_crldp_check(x, crl, crl_score, &crl_reasons))
-		{
-		/* If no new reasons reject */
-		if (!(crl_reasons & ~tmp_reasons))
-			return 0;
-		tmp_reasons |= crl_reasons;
-		crl_score |= CRL_SCORE_SCOPE;
-		}
-
-	*preasons = tmp_reasons;
-
-	return crl_score;
-
-	}
-
-static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
-				X509 **pissuer, int *pcrl_score)
-	{
-	X509 *crl_issuer = NULL;
-	X509_NAME *cnm = X509_CRL_get_issuer(crl);
-	int cidx = ctx->error_depth;
-	int i;
-
-	if (cidx != sk_X509_num(ctx->chain) - 1)
-		cidx++;
-
-	crl_issuer = sk_X509_value(ctx->chain, cidx);
-
-	if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
-		{
-		if (*pcrl_score & CRL_SCORE_ISSUER_NAME)
-			{
-			*pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT;
-			*pissuer = crl_issuer;
-			return;
-			}
-		}
-
-	for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++)
-		{
-		crl_issuer = sk_X509_value(ctx->chain, cidx);
-		if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
-			continue;
-		if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
-			{
-			*pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH;
-			*pissuer = crl_issuer;
-			return;
-			}
-		}
-
-	/* Anything else needs extended CRL support */
-
-	if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
-		return;
-
-	/* Otherwise the CRL issuer is not on the path. Look for it in the
-	 * set of untrusted certificates.
-	 */
-	for (i = 0; i < sk_X509_num(ctx->untrusted); i++)
-		{
-		crl_issuer = sk_X509_value(ctx->untrusted, i);
-		if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
-			continue;
-		if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK)
-			{
-			*pissuer = crl_issuer;
-			*pcrl_score |= CRL_SCORE_AKID;
-			return;
-			}
-		}
-	}
-
-/* Check the path of a CRL issuer certificate. This creates a new
- * X509_STORE_CTX and populates it with most of the parameters from the
- * parent. This could be optimised somewhat since a lot of path checking
- * will be duplicated by the parent, but this will rarely be used in 
- * practice.
- */
-
-static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
-	{
-	X509_STORE_CTX crl_ctx;
-	int ret;
-	/* Don't allow recursive CRL path validation */
-	if (ctx->parent)
-		return 0;
-	if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
-		return -1;
-
-	crl_ctx.crls = ctx->crls;
-	/* Copy verify params across */
-	X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
-
-	crl_ctx.parent = ctx;
-	crl_ctx.verify_cb = ctx->verify_cb;
-
-	/* Verify CRL issuer */
-	ret = X509_verify_cert(&crl_ctx);
-
-	if (ret <= 0)
-		goto err;
-
-	/* Check chain is acceptable */
-
-	ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
-	err:
-	X509_STORE_CTX_cleanup(&crl_ctx);
-	return ret;
-	}
-
-/* RFC3280 says nothing about the relationship between CRL path
- * and certificate path, which could lead to situations where a
- * certificate could be revoked or validated by a CA not authorised
- * to do so. RFC5280 is more strict and states that the two paths must
- * end in the same trust anchor, though some discussions remain...
- * until this is resolved we use the RFC5280 version
- */
-
-static int check_crl_chain(X509_STORE_CTX *ctx,
-			STACK_OF(X509) *cert_path,
-			STACK_OF(X509) *crl_path)
-	{
-	X509 *cert_ta, *crl_ta;
-	cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
-	crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
-	if (!X509_cmp(cert_ta, crl_ta))
-		return 1;
-	return 0;
-	}
-
-/* Check for match between two dist point names: three separate cases.
- * 1. Both are relative names and compare X509_NAME types.
- * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES.
- * 3. Both are full names and compare two GENERAL_NAMES.
- * 4. One is NULL: automatic match.
- */
-
-
-static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
-	{
-	X509_NAME *nm = NULL;
-	GENERAL_NAMES *gens = NULL;
-	GENERAL_NAME *gena, *genb;
-	int i, j;
-	if (!a || !b)
-		return 1;
-	if (a->type == 1)
-		{
-		if (!a->dpname)
-			return 0;
-		/* Case 1: two X509_NAME */
-		if (b->type == 1)
-			{
-			if (!b->dpname)
-				return 0;
-			if (!X509_NAME_cmp(a->dpname, b->dpname))
-				return 1;
-			else
-				return 0;
-			}
-		/* Case 2: set name and GENERAL_NAMES appropriately */
-		nm = a->dpname;
-		gens = b->name.fullname;
-		}
-	else if (b->type == 1)
-		{
-		if (!b->dpname)
-			return 0;
-		/* Case 2: set name and GENERAL_NAMES appropriately */
-		gens = a->name.fullname;
-		nm = b->dpname;
-		}
-
-	/* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
-	if (nm)
-		{
-		for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)
-			{
-			gena = sk_GENERAL_NAME_value(gens, i);	
-			if (gena->type != GEN_DIRNAME)
-				continue;
-			if (!X509_NAME_cmp(nm, gena->d.directoryName))
-				return 1;
-			}
-		return 0;
-		}
-
-	/* Else case 3: two GENERAL_NAMES */
-
-	for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++)
-		{
-		gena = sk_GENERAL_NAME_value(a->name.fullname, i);
-		for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++)
-			{
-			genb = sk_GENERAL_NAME_value(b->name.fullname, j);
-			if (!GENERAL_NAME_cmp(gena, genb))
-				return 1;
-			}
-		}
-
-	return 0;
-
-	}
-
-static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
-	{
-	int i;
-	X509_NAME *nm = X509_CRL_get_issuer(crl);
-	/* If no CRLissuer return is successful iff don't need a match */
-	if (!dp->CRLissuer)
-		return !!(crl_score & CRL_SCORE_ISSUER_NAME);
-	for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++)
-		{
-		GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
-		if (gen->type != GEN_DIRNAME)
-			continue;
-		if (!X509_NAME_cmp(gen->d.directoryName, nm))
-			return 1;
-		}
-	return 0;
-	}
-
-/* Check CRLDP and IDP */
-
-static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
-				unsigned int *preasons)
-	{
-	int i;
-	if (crl->idp_flags & IDP_ONLYATTR)
-		return 0;
-	if (x->ex_flags & EXFLAG_CA)
-		{
-		if (crl->idp_flags & IDP_ONLYUSER)
-			return 0;
-		}
-	else
-		{
-		if (crl->idp_flags & IDP_ONLYCA)
-			return 0;
-		}
-	*preasons = crl->idp_reasons;
-	for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
-		{
-		DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
-		if (crldp_check_crlissuer(dp, crl, crl_score))
-			{
-			if (!crl->idp ||
-			     idp_check_dp(dp->distpoint, crl->idp->distpoint))
-				{
-				*preasons &= dp->dp_reasons;
-				return 1;
-				}
-			}
-		}
-	if ((!crl->idp || !crl->idp->distpoint) && (crl_score & CRL_SCORE_ISSUER_NAME))
-		return 1;
-	return 0;
-	}
-
-/* Retrieve CRL corresponding to current certificate.
- * If deltas enabled try to find a delta CRL too
- */
-	
-static int get_crl_delta(X509_STORE_CTX *ctx,
-				X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
-	{
-	int ok;
-	X509 *issuer = NULL;
-	int crl_score = 0;
-	unsigned int reasons;
-	X509_CRL *crl = NULL, *dcrl = NULL;
-	STACK_OF(X509_CRL) *skcrl;
-	X509_NAME *nm = X509_get_issuer_name(x);
-	reasons = ctx->current_reasons;
-	ok = get_crl_sk(ctx, &crl, &dcrl, 
-				&issuer, &crl_score, &reasons, ctx->crls);
-
-	if (ok)
-		goto done;
-
-	/* Lookup CRLs from store */
-
-	skcrl = ctx->lookup_crls(ctx, nm);
-
-	/* If no CRLs found and a near match from get_crl_sk use that */
-	if (!skcrl && crl)
-		goto done;
-
-	get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
-
-	sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
-
-	done:
-
-	/* If we got any kind of CRL use it and return success */
-	if (crl)
-		{
-		ctx->current_issuer = issuer;
-		ctx->current_crl_score = crl_score;
-		ctx->current_reasons = reasons;
-		*pcrl = crl;
-		*pdcrl = dcrl;
-		return 1;
-		}
-
-	return 0;
-	}
-
-/* Check CRL validity */
-static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
-	{
-	X509 *issuer = NULL;
-	EVP_PKEY *ikey = NULL;
-	int ok = 0, chnum, cnum;
-	cnum = ctx->error_depth;
-	chnum = sk_X509_num(ctx->chain) - 1;
-	/* if we have an alternative CRL issuer cert use that */
-	if (ctx->current_issuer)
-		issuer = ctx->current_issuer;
-
-	/* Else find CRL issuer: if not last certificate then issuer
-	 * is next certificate in chain.
-	 */
-	else if (cnum < chnum)
-		issuer = sk_X509_value(ctx->chain, cnum + 1);
-	else
-		{
-		issuer = sk_X509_value(ctx->chain, chnum);
-		/* If not self signed, can't check signature */
-		if(!ctx->check_issued(ctx, issuer, issuer))
-			{
-			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
-			ok = ctx->verify_cb(0, ctx);
-			if(!ok) goto err;
-			}
-		}
-
-	if(issuer)
-		{
-		/* Skip most tests for deltas because they have already
-		 * been done
-		 */
-		if (!crl->base_crl_number)
-			{
-			/* Check for cRLSign bit if keyUsage present */
-			if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
-				!(issuer->ex_kusage & KU_CRL_SIGN))
-				{
-				ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
-				ok = ctx->verify_cb(0, ctx);
-				if(!ok) goto err;
-				}
-
-			if (!(ctx->current_crl_score & CRL_SCORE_SCOPE))
-				{
-				ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
-				ok = ctx->verify_cb(0, ctx);
-				if(!ok) goto err;
-				}
-
-			if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH))
-				{
-				if (check_crl_path(ctx, ctx->current_issuer) <= 0)
-					{
-					ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
-					ok = ctx->verify_cb(0, ctx);
-					if(!ok) goto err;
-					}
-				}
-
-			if (crl->idp_flags & IDP_INVALID)
-				{
-				ctx->error = X509_V_ERR_INVALID_EXTENSION;
-				ok = ctx->verify_cb(0, ctx);
-				if(!ok) goto err;
-				}
-
-
-			}
-
-		if (!(ctx->current_crl_score & CRL_SCORE_TIME))
-			{
-			ok = check_crl_time(ctx, crl, 1);
-			if (!ok)
-				goto err;
-			}
-
-		/* Attempt to get issuer certificate public key */
-		ikey = X509_get_pubkey(issuer);
-
-		if(!ikey)
-			{
-			ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
-			ok = ctx->verify_cb(0, ctx);
-			if (!ok) goto err;
-			}
-		else
-			{
-			/* Verify CRL signature */
-			if(X509_CRL_verify(crl, ikey) <= 0)
-				{
-				ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
-				ok = ctx->verify_cb(0, ctx);
-				if (!ok) goto err;
-				}
-			}
-		}
-
-	ok = 1;
-
-	err:
-	EVP_PKEY_free(ikey);
-	return ok;
-	}
-
-/* Check certificate against CRL */
-static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
-	{
-	int ok;
-	X509_REVOKED *rev;
-	/* The rules changed for this... previously if a CRL contained
-	 * unhandled critical extensions it could still be used to indicate
-	 * a certificate was revoked. This has since been changed since 
-	 * critical extension can change the meaning of CRL entries.
-	 */
-	if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-		&& (crl->flags & EXFLAG_CRITICAL))
-		{
-		ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
-		ok = ctx->verify_cb(0, ctx);
-		if(!ok)
-			return 0;
-		}
-	/* Look for serial number of certificate in CRL
-	 * If found make sure reason is not removeFromCRL.
-	 */
-	if (X509_CRL_get0_by_cert(crl, &rev, x))
-		{
-		if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
-			return 2;
-		ctx->error = X509_V_ERR_CERT_REVOKED;
-		ok = ctx->verify_cb(0, ctx);
-		if (!ok)
-			return 0;
-		}
-
-	return 1;
-	}
-
-static int check_policy(X509_STORE_CTX *ctx)
-	{
-	int ret;
-	if (ctx->parent)
-		return 1;
-	ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
-				ctx->param->policies, ctx->param->flags);
-	if (ret == 0)
-		{
-		X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	/* Invalid or inconsistent extensions */
-	if (ret == -1)
-		{
-		/* Locate certificates with bad extensions and notify
-		 * callback.
-		 */
-		X509 *x;
-		int i;
-		for (i = 1; i < sk_X509_num(ctx->chain); i++)
-			{
-			x = sk_X509_value(ctx->chain, i);
-			if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
-				continue;
-			ctx->current_cert = x;
-			ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
-			if(!ctx->verify_cb(0, ctx))
-				return 0;
-			}
-		return 1;
-		}
-	if (ret == -2)
-		{
-		ctx->current_cert = NULL;
-		ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
-		return ctx->verify_cb(0, ctx);
-		}
-
-	if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY)
-		{
-		ctx->current_cert = NULL;
-		ctx->error = X509_V_OK;
-		if (!ctx->verify_cb(2, ctx))
-			return 0;
-		}
-
-	return 1;
-	}
-
-static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
-	{
-	time_t *ptime;
-	int i;
-
-	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
-		ptime = &ctx->param->check_time;
-	else
-		ptime = NULL;
-
-	i=X509_cmp_time(X509_get_notBefore(x), ptime);
-	if (i == 0)
-		{
-		ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
-		ctx->current_cert=x;
-		if (!ctx->verify_cb(0, ctx))
-			return 0;
-		}
-
-	if (i > 0)
-		{
-		ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
-		ctx->current_cert=x;
-		if (!ctx->verify_cb(0, ctx))
-			return 0;
-		}
-
-	i=X509_cmp_time(X509_get_notAfter(x), ptime);
-	if (i == 0)
-		{
-		ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
-		ctx->current_cert=x;
-		if (!ctx->verify_cb(0, ctx))
-			return 0;
-		}
-
-	if (i < 0)
-		{
-		ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
-		ctx->current_cert=x;
-		if (!ctx->verify_cb(0, ctx))
-			return 0;
-		}
-
-	return 1;
-	}
-
-static int internal_verify(X509_STORE_CTX *ctx)
-	{
-	int ok=0,n;
-	X509 *xs,*xi;
-	EVP_PKEY *pkey=NULL;
-	int (*cb)(int xok,X509_STORE_CTX *xctx);
-
-	cb=ctx->verify_cb;
-
-	n=sk_X509_num(ctx->chain);
-	ctx->error_depth=n-1;
-	n--;
-	xi=sk_X509_value(ctx->chain,n);
-
-	if (ctx->check_issued(ctx, xi, xi))
-		xs=xi;
-	else
-		{
-		if (n <= 0)
-			{
-			ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
-			ctx->current_cert=xi;
-			ok=cb(0,ctx);
-			goto end;
-			}
-		else
-			{
-			n--;
-			ctx->error_depth=n;
-			xs=sk_X509_value(ctx->chain,n);
-			}
-		}
-
-/*	ctx->error=0;  not needed */
-	while (n >= 0)
-		{
-		ctx->error_depth=n;
-
-		/* Skip signature check for self signed certificates unless
-		 * explicitly asked for. It doesn't add any security and
-		 * just wastes time.
-		 */
-		if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)))
-			{
-			if ((pkey=X509_get_pubkey(xi)) == NULL)
-				{
-				ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
-				ctx->current_cert=xi;
-				ok=(*cb)(0,ctx);
-				if (!ok) goto end;
-				}
-			else if (X509_verify(xs,pkey) <= 0)
-				{
-				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
-				ctx->current_cert=xs;
-				ok=(*cb)(0,ctx);
-				if (!ok)
-					{
-					EVP_PKEY_free(pkey);
-					goto end;
-					}
-				}
-			EVP_PKEY_free(pkey);
-			pkey=NULL;
-			}
-
-		xs->valid = 1;
-
-		ok = check_cert_time(ctx, xs);
-		if (!ok)
-			goto end;
-
-		/* The last error (if any) is still in the error value */
-		ctx->current_issuer=xi;
-		ctx->current_cert=xs;
-		ok=(*cb)(1,ctx);
-		if (!ok) goto end;
-
-		n--;
-		if (n >= 0)
-			{
-			xi=xs;
-			xs=sk_X509_value(ctx->chain,n);
-			}
-		}
-	ok=1;
-end:
-	return ok;
-	}
-
-int X509_cmp_current_time(const ASN1_TIME *ctm)
-{
-	return X509_cmp_time(ctm, NULL);
-}
-
-int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
-	{
-	char *str;
-	ASN1_TIME atm;
-	long offset;
-	char buff1[24],buff2[24],*p;
-	int i,j;
-
-	p=buff1;
-	i=ctm->length;
-	str=(char *)ctm->data;
-	if (ctm->type == V_ASN1_UTCTIME)
-		{
-		if ((i < 11) || (i > 17)) return 0;
-		memcpy(p,str,10);
-		p+=10;
-		str+=10;
-		}
-	else
-		{
-		if (i < 13) return 0;
-		memcpy(p,str,12);
-		p+=12;
-		str+=12;
-		}
-
-	if ((*str == 'Z') || (*str == '-') || (*str == '+'))
-		{ *(p++)='0'; *(p++)='0'; }
-	else
-		{ 
-		*(p++)= *(str++);
-		*(p++)= *(str++);
-		/* Skip any fractional seconds... */
-		if (*str == '.')
-			{
-			str++;
-			while ((*str >= '0') && (*str <= '9')) str++;
-			}
-		
-		}
-	*(p++)='Z';
-	*(p++)='\0';
-
-	if (*str == 'Z')
-		offset=0;
-	else
-		{
-		if ((*str != '+') && (*str != '-'))
-			return 0;
-		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
-		offset+=(str[3]-'0')*10+(str[4]-'0');
-		if (*str == '-')
-			offset= -offset;
-		}
-	atm.type=ctm->type;
-	atm.flags = 0;
-	atm.length=sizeof(buff2);
-	atm.data=(unsigned char *)buff2;
-
-	if (X509_time_adj(&atm, offset*60, cmp_time) == NULL)
-		return 0;
-
-	if (ctm->type == V_ASN1_UTCTIME)
-		{
-		i=(buff1[0]-'0')*10+(buff1[1]-'0');
-		if (i < 50) i+=100; /* cf. RFC 2459 */
-		j=(buff2[0]-'0')*10+(buff2[1]-'0');
-		if (j < 50) j+=100;
-
-		if (i < j) return -1;
-		if (i > j) return 1;
-		}
-	i=strcmp(buff1,buff2);
-	if (i == 0) /* wait a second then return younger :-) */
-		return -1;
-	else
-		return i;
-	}
-
-ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
-{
-	return X509_time_adj(s, adj, NULL);
-}
-
-ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
-	{
-	return X509_time_adj_ex(s, 0, offset_sec, in_tm);
-	}
-
-ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
-				int offset_day, long offset_sec, time_t *in_tm)
-	{
-	time_t t;
-
-	if (in_tm) t = *in_tm;
-	else time(&t);
-
-	if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING))
-		{
-		if (s->type == V_ASN1_UTCTIME)
-			return ASN1_UTCTIME_adj(s,t, offset_day, offset_sec);
-		if (s->type == V_ASN1_GENERALIZEDTIME)
-			return ASN1_GENERALIZEDTIME_adj(s, t, offset_day,
-								offset_sec);
-		}
-	return ASN1_TIME_adj(s, t, offset_day, offset_sec);
-	}
-
-int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
-	{
-	EVP_PKEY *ktmp=NULL,*ktmp2;
-	int i,j;
-
-	if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
-
-	for (i=0; i<sk_X509_num(chain); i++)
-		{
-		ktmp=X509_get_pubkey(sk_X509_value(chain,i));
-		if (ktmp == NULL)
-			{
-			X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
-			return 0;
-			}
-		if (!EVP_PKEY_missing_parameters(ktmp))
-			break;
-		else
-			{
-			EVP_PKEY_free(ktmp);
-			ktmp=NULL;
-			}
-		}
-	if (ktmp == NULL)
-		{
-		X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
-		return 0;
-		}
-
-	/* first, populate the other certs */
-	for (j=i-1; j >= 0; j--)
-		{
-		ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
-		EVP_PKEY_copy_parameters(ktmp2,ktmp);
-		EVP_PKEY_free(ktmp2);
-		}
-	
-	if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
-	EVP_PKEY_free(ktmp);
-	return 1;
-	}
-
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-	{
-	/* This function is (usually) called only once, by
-	 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
-			new_func, dup_func, free_func);
-	}
-
-int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
-	{
-	return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
-	}
-
-void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
-	{
-	return CRYPTO_get_ex_data(&ctx->ex_data,idx);
-	}
-
-int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
-	{
-	return ctx->error;
-	}
-
-void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
-	{
-	ctx->error=err;
-	}
-
-int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
-	{
-	return ctx->error_depth;
-	}
-
-X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
-	{
-	return ctx->current_cert;
-	}
-
-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
-	{
-	return ctx->chain;
-	}
-
-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
-	{
-	int i;
-	X509 *x;
-	STACK_OF(X509) *chain;
-	if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
-	for (i = 0; i < sk_X509_num(chain); i++)
-		{
-		x = sk_X509_value(chain, i);
-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-		}
-	return chain;
-	}
-
-X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
-	{
-	return ctx->current_issuer;
-	}
-
-X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
-	{
-	return ctx->current_crl;
-	}
-
-X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
-	{
-	return ctx->parent;
-	}
-
-void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
-	{
-	ctx->cert=x;
-	}
-
-void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-	{
-	ctx->untrusted=sk;
-	}
-
-void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
-	{
-	ctx->crls=sk;
-	}
-
-int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
-	{
-	return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
-	}
-
-int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
-	{
-	return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
-	}
-
-/* This function is used to set the X509_STORE_CTX purpose and trust
- * values. This is intended to be used when another structure has its
- * own trust and purpose values which (if set) will be inherited by
- * the ctx. If they aren't set then we will usually have a default
- * purpose in mind which should then be used to set the trust value.
- * An example of this is SSL use: an SSL structure will have its own
- * purpose and trust settings which the application can set: if they
- * aren't set then we use the default of SSL client/server.
- */
-
-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
-				int purpose, int trust)
-{
-	int idx;
-	/* If purpose not set use default */
-	if (!purpose) purpose = def_purpose;
-	/* If we have a purpose then check it is valid */
-	if (purpose)
-		{
-		X509_PURPOSE *ptmp;
-		idx = X509_PURPOSE_get_by_id(purpose);
-		if (idx == -1)
-			{
-			X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-						X509_R_UNKNOWN_PURPOSE_ID);
-			return 0;
-			}
-		ptmp = X509_PURPOSE_get0(idx);
-		if (ptmp->trust == X509_TRUST_DEFAULT)
-			{
-			idx = X509_PURPOSE_get_by_id(def_purpose);
-			if (idx == -1)
-				{
-				X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-						X509_R_UNKNOWN_PURPOSE_ID);
-				return 0;
-				}
-			ptmp = X509_PURPOSE_get0(idx);
-			}
-		/* If trust not set then get from purpose default */
-		if (!trust) trust = ptmp->trust;
-		}
-	if (trust)
-		{
-		idx = X509_TRUST_get_by_id(trust);
-		if (idx == -1)
-			{
-			X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-						X509_R_UNKNOWN_TRUST_ID);
-			return 0;
-			}
-		}
-
-	if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose;
-	if (trust && !ctx->param->trust) ctx->param->trust = trust;
-	return 1;
-}
-
-X509_STORE_CTX *X509_STORE_CTX_new(void)
-{
-	X509_STORE_CTX *ctx;
-	ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
-	if (!ctx)
-		{
-		X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	memset(ctx, 0, sizeof(X509_STORE_CTX));
-	return ctx;
-}
-
-void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
-{
-	X509_STORE_CTX_cleanup(ctx);
-	OPENSSL_free(ctx);
-}
-
-int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
-	     STACK_OF(X509) *chain)
-	{
-	int ret = 1;
-	ctx->ctx=store;
-	ctx->current_method=0;
-	ctx->cert=x509;
-	ctx->untrusted=chain;
-	ctx->crls = NULL;
-	ctx->last_untrusted=0;
-	ctx->other_ctx=NULL;
-	ctx->valid=0;
-	ctx->chain=NULL;
-	ctx->error=0;
-	ctx->explicit_policy=0;
-	ctx->error_depth=0;
-	ctx->current_cert=NULL;
-	ctx->current_issuer=NULL;
-	ctx->current_crl=NULL;
-	ctx->current_crl_score=0;
-	ctx->current_reasons=0;
-	ctx->tree = NULL;
-	ctx->parent = NULL;
-
-	ctx->param = X509_VERIFY_PARAM_new();
-
-	if (!ctx->param)
-		{
-		X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	/* Inherit callbacks and flags from X509_STORE if not set
-	 * use defaults.
-	 */
-
-
-	if (store)
-		ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
-	else
-		ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
-
-	if (store)
-		{
-		ctx->verify_cb = store->verify_cb;
-		ctx->cleanup = store->cleanup;
-		}
-	else
-		ctx->cleanup = 0;
-
-	if (ret)
-		ret = X509_VERIFY_PARAM_inherit(ctx->param,
-					X509_VERIFY_PARAM_lookup("default"));
-
-	if (ret == 0)
-		{
-		X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	if (store && store->check_issued)
-		ctx->check_issued = store->check_issued;
-	else
-		ctx->check_issued = check_issued;
-
-	if (store && store->get_issuer)
-		ctx->get_issuer = store->get_issuer;
-	else
-		ctx->get_issuer = X509_STORE_CTX_get1_issuer;
-
-	if (store && store->verify_cb)
-		ctx->verify_cb = store->verify_cb;
-	else
-		ctx->verify_cb = null_callback;
-
-	if (store && store->verify)
-		ctx->verify = store->verify;
-	else
-		ctx->verify = internal_verify;
-
-	if (store && store->check_revocation)
-		ctx->check_revocation = store->check_revocation;
-	else
-		ctx->check_revocation = check_revocation;
-
-	if (store && store->get_crl)
-		ctx->get_crl = store->get_crl;
-	else
-		ctx->get_crl = NULL;
-
-	if (store && store->check_crl)
-		ctx->check_crl = store->check_crl;
-	else
-		ctx->check_crl = check_crl;
-
-	if (store && store->cert_crl)
-		ctx->cert_crl = store->cert_crl;
-	else
-		ctx->cert_crl = cert_crl;
-
-	if (store && store->lookup_certs)
-		ctx->lookup_certs = store->lookup_certs;
-	else
-		ctx->lookup_certs = X509_STORE_get1_certs;
-
-	if (store && store->lookup_crls)
-		ctx->lookup_crls = store->lookup_crls;
-	else
-		ctx->lookup_crls = X509_STORE_get1_crls;
-
-	ctx->check_policy = check_policy;
-
-
-	/* This memset() can't make any sense anyway, so it's removed. As
-	 * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
-	 * corresponding "new" here and remove this bogus initialisation. */
-	/* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
-	if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
-				&(ctx->ex_data)))
-		{
-		OPENSSL_free(ctx);
-		X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	return 1;
-	}
-
-/* Set alternative lookup method: just a STACK of trusted certificates.
- * This avoids X509_STORE nastiness where it isn't needed.
- */
-
-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-{
-	ctx->other_ctx = sk;
-	ctx->get_issuer = get_issuer_sk;
-}
-
-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
-	{
-	if (ctx->cleanup) ctx->cleanup(ctx);
-	if (ctx->param != NULL)
-		{
-		if (ctx->parent == NULL)
-			X509_VERIFY_PARAM_free(ctx->param);
-		ctx->param=NULL;
-		}
-	if (ctx->tree != NULL)
-		{
-		X509_policy_tree_free(ctx->tree);
-		ctx->tree=NULL;
-		}
-	if (ctx->chain != NULL)
-		{
-		sk_X509_pop_free(ctx->chain,X509_free);
-		ctx->chain=NULL;
-		}
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
-	memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
-	}
-
-void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
-	{
-	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
-	}
-
-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
-	{
-	X509_VERIFY_PARAM_set_flags(ctx->param, flags);
-	}
-
-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t)
-	{
-	X509_VERIFY_PARAM_set_time(ctx->param, t);
-	}
-
-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-				  int (*verify_cb)(int, X509_STORE_CTX *))
-	{
-	ctx->verify_cb=verify_cb;
-	}
-
-X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
-	{
-	return ctx->tree;
-	}
-
-int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
-	{
-	return ctx->explicit_policy;
-	}
-
-int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
-	{
-	const X509_VERIFY_PARAM *param;
-	param = X509_VERIFY_PARAM_lookup(name);
-	if (!param)
-		return 0;
-	return X509_VERIFY_PARAM_inherit(ctx->param, param);
-	}
-
-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
-	{
-	return ctx->param;
-	}
-
-void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
-	{
-	if (ctx->param)
-		X509_VERIFY_PARAM_free(ctx->param);
-	ctx->param = param;
-	}
-
-IMPLEMENT_STACK_OF(X509)
-IMPLEMENT_ASN1_SET_OF(X509)
-
-IMPLEMENT_STACK_OF(X509_NAME)
-
-IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
-IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
deleted file mode 100644
index fe09b30aaa..0000000000
--- a/crypto/x509/x509_vfy.h
+++ /dev/null
@@ -1,567 +0,0 @@
-/* crypto/x509/x509_vfy.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_X509_H
-#include <openssl/x509.h>
-/* openssl/x509.h ends up #include-ing this file at about the only
- * appropriate moment. */
-#endif
-
-#ifndef HEADER_X509_VFY_H
-#define HEADER_X509_VFY_H
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_LHASH
-#include <openssl/lhash.h>
-#endif
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#if 0
-/* Outer object */
-typedef struct x509_hash_dir_st
-	{
-	int num_dirs;
-	char **dirs;
-	int *dirs_type;
-	int num_dirs_alloced;
-	} X509_HASH_DIR_CTX;
-#endif
-
-typedef struct x509_file_st
-	{
-	int num_paths;	/* number of paths to files or directories */
-	int num_alloced;
-	char **paths;	/* the list of paths or directories */
-	int *path_type;
-	} X509_CERT_FILE_CTX;
-
-/*******************************/
-/*
-SSL_CTX -> X509_STORE    
-		-> X509_LOOKUP
-			->X509_LOOKUP_METHOD
-		-> X509_LOOKUP
-			->X509_LOOKUP_METHOD
- 
-SSL	-> X509_STORE_CTX
-		->X509_STORE    
-
-The X509_STORE holds the tables etc for verification stuff.
-A X509_STORE_CTX is used while validating a single certificate.
-The X509_STORE has X509_LOOKUPs for looking up certs.
-The X509_STORE then calls a function to actually verify the
-certificate chain.
-*/
-
-#define X509_LU_RETRY		-1
-#define X509_LU_FAIL		0
-#define X509_LU_X509		1
-#define X509_LU_CRL		2
-#define X509_LU_PKEY		3
-
-typedef struct x509_object_st
-	{
-	/* one of the above types */
-	int type;
-	union	{
-		char *ptr;
-		X509 *x509;
-		X509_CRL *crl;
-		EVP_PKEY *pkey;
-		} data;
-	} X509_OBJECT;
-
-typedef struct x509_lookup_st X509_LOOKUP;
-
-DECLARE_STACK_OF(X509_LOOKUP)
-DECLARE_STACK_OF(X509_OBJECT)
-
-/* This is a static that defines the function interface */
-typedef struct x509_lookup_method_st
-	{
-	const char *name;
-	int (*new_item)(X509_LOOKUP *ctx);
-	void (*free)(X509_LOOKUP *ctx);
-	int (*init)(X509_LOOKUP *ctx);
-	int (*shutdown)(X509_LOOKUP *ctx);
-	int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
-			char **ret);
-	int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
-			      X509_OBJECT *ret);
-	int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
-				    ASN1_INTEGER *serial,X509_OBJECT *ret);
-	int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
-				  unsigned char *bytes,int len,
-				  X509_OBJECT *ret);
-	int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
-			    X509_OBJECT *ret);
-	} X509_LOOKUP_METHOD;
-
-/* This structure hold all parameters associated with a verify operation
- * by including an X509_VERIFY_PARAM structure in related structures the
- * parameters used can be customized
- */
-
-typedef struct X509_VERIFY_PARAM_st
-	{
-	char *name;
-	time_t check_time;	/* Time to use */
-	unsigned long inh_flags; /* Inheritance flags */
-	unsigned long flags;	/* Various verify flags */
-	int purpose;		/* purpose to check untrusted certificates */
-	int trust;		/* trust setting to check */
-	int depth;		/* Verify depth */
-	STACK_OF(ASN1_OBJECT) *policies;	/* Permissible policies */
-	} X509_VERIFY_PARAM;
-
-DECLARE_STACK_OF(X509_VERIFY_PARAM)
-
-/* This is used to hold everything.  It is used for all certificate
- * validation.  Once we have a certificate chain, the 'verify'
- * function is then called to actually check the cert chain. */
-struct x509_store_st
-	{
-	/* The following is a cache of trusted certs */
-	int cache; 	/* if true, stash any hits */
-	STACK_OF(X509_OBJECT) *objs;	/* Cache of all objects */
-
-	/* These are external lookup methods */
-	STACK_OF(X509_LOOKUP) *get_cert_methods;
-
-	X509_VERIFY_PARAM *param;
-
-	/* Callbacks for various operations */
-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);	/* error callback */
-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-	STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	int (*cleanup)(X509_STORE_CTX *ctx);
-
-	CRYPTO_EX_DATA ex_data;
-	int references;
-	} /* X509_STORE */;
-
-int X509_STORE_set_depth(X509_STORE *store, int depth);
-
-#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-#define X509_STORE_set_verify_func(ctx,func)	((ctx)->verify=(func))
-
-/* This is the functions plus an instance of the local variables. */
-struct x509_lookup_st
-	{
-	int init;			/* have we been started */
-	int skip;			/* don't use us. */
-	X509_LOOKUP_METHOD *method;	/* the functions */
-	char *method_data;		/* method data */
-
-	X509_STORE *store_ctx;	/* who owns us */
-	} /* X509_LOOKUP */;
-
-/* This is a used when verifying cert chains.  Since the
- * gathering of the cert chain can take some time (and have to be
- * 'retried', this needs to be kept and passed around. */
-struct x509_store_ctx_st      /* X509_STORE_CTX */
-	{
-	X509_STORE *ctx;
-	int current_method;	/* used when looking up certs */
-
-	/* The following are set by the caller */
-	X509 *cert;		/* The cert to check */
-	STACK_OF(X509) *untrusted;	/* chain of X509s - untrusted - passed in */
-	STACK_OF(X509_CRL) *crls;	/* set of CRLs passed in */
-
-	X509_VERIFY_PARAM *param;
-	void *other_ctx;	/* Other info for use with get_issuer() */
-
-	/* Callbacks for various operations */
-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);		/* error callback */
-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-	int (*check_policy)(X509_STORE_CTX *ctx);
-	STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	int (*cleanup)(X509_STORE_CTX *ctx);
-
-	/* The following is built up */
-	int valid;		/* if 0, rebuild chain */
-	int last_untrusted;	/* index of last untrusted cert */
-	STACK_OF(X509) *chain; 		/* chain of X509s - built up and trusted */
-	X509_POLICY_TREE *tree;	/* Valid policy tree */
-
-	int explicit_policy;	/* Require explicit policy value */
-
-	/* When something goes wrong, this is why */
-	int error_depth;
-	int error;
-	X509 *current_cert;
-	X509 *current_issuer;	/* cert currently being tested as valid issuer */
-	X509_CRL *current_crl;	/* current CRL */
-
-	int current_crl_score;  /* score of current CRL */
-	unsigned int current_reasons;  /* Reason mask */
-
-	X509_STORE_CTX *parent; /* For CRL path validation: parent context */
-
-	CRYPTO_EX_DATA ex_data;
-	} /* X509_STORE_CTX */;
-
-void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
-
-#define X509_STORE_CTX_set_app_data(ctx,data) \
-	X509_STORE_CTX_set_ex_data(ctx,0,data)
-#define X509_STORE_CTX_get_app_data(ctx) \
-	X509_STORE_CTX_get_ex_data(ctx,0)
-
-#define X509_L_FILE_LOAD	1
-#define X509_L_ADD_DIR		2
-
-#define X509_LOOKUP_load_file(x,name,type) \
-		X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
-
-#define X509_LOOKUP_add_dir(x,name,type) \
-		X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
-
-#define		X509_V_OK					0
-/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
-
-#define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT		2
-#define		X509_V_ERR_UNABLE_TO_GET_CRL			3
-#define		X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE	4
-#define		X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE	5
-#define		X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY	6
-#define		X509_V_ERR_CERT_SIGNATURE_FAILURE		7
-#define		X509_V_ERR_CRL_SIGNATURE_FAILURE		8
-#define		X509_V_ERR_CERT_NOT_YET_VALID			9
-#define		X509_V_ERR_CERT_HAS_EXPIRED			10
-#define		X509_V_ERR_CRL_NOT_YET_VALID			11
-#define		X509_V_ERR_CRL_HAS_EXPIRED			12
-#define		X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD	13
-#define		X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD	14
-#define		X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD	15
-#define		X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD	16
-#define		X509_V_ERR_OUT_OF_MEM				17
-#define		X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT		18
-#define		X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN		19
-#define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY	20
-#define		X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE	21
-#define		X509_V_ERR_CERT_CHAIN_TOO_LONG			22
-#define		X509_V_ERR_CERT_REVOKED				23
-#define		X509_V_ERR_INVALID_CA				24
-#define		X509_V_ERR_PATH_LENGTH_EXCEEDED			25
-#define		X509_V_ERR_INVALID_PURPOSE			26
-#define		X509_V_ERR_CERT_UNTRUSTED			27
-#define		X509_V_ERR_CERT_REJECTED			28
-/* These are 'informational' when looking for issuer cert */
-#define		X509_V_ERR_SUBJECT_ISSUER_MISMATCH		29
-#define		X509_V_ERR_AKID_SKID_MISMATCH			30
-#define		X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH		31
-#define		X509_V_ERR_KEYUSAGE_NO_CERTSIGN			32
-
-#define		X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER		33
-#define		X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION		34
-#define		X509_V_ERR_KEYUSAGE_NO_CRL_SIGN			35
-#define		X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION	36
-#define		X509_V_ERR_INVALID_NON_CA			37
-#define		X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED		38
-#define		X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE	39
-#define		X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED	40
-
-#define		X509_V_ERR_INVALID_EXTENSION			41
-#define		X509_V_ERR_INVALID_POLICY_EXTENSION		42
-#define		X509_V_ERR_NO_EXPLICIT_POLICY			43
-#define		X509_V_ERR_DIFFERENT_CRL_SCOPE			44
-#define		X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE	45
-
-#define		X509_V_ERR_UNNESTED_RESOURCE			46
-
-#define		X509_V_ERR_PERMITTED_VIOLATION			47
-#define		X509_V_ERR_EXCLUDED_VIOLATION			48
-#define		X509_V_ERR_SUBTREE_MINMAX			49
-#define		X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE		51
-#define		X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX	52
-#define		X509_V_ERR_UNSUPPORTED_NAME_SYNTAX		53
-#define		X509_V_ERR_CRL_PATH_VALIDATION_ERROR		54
-
-/* The application is not happy */
-#define		X509_V_ERR_APPLICATION_VERIFICATION		50
-
-/* Certificate verify flags */
-
-/* Send issuer+subject checks to verify_cb */
-#define	X509_V_FLAG_CB_ISSUER_CHECK		0x1
-/* Use check time instead of current time */
-#define	X509_V_FLAG_USE_CHECK_TIME		0x2
-/* Lookup CRLs */
-#define	X509_V_FLAG_CRL_CHECK			0x4
-/* Lookup CRLs for whole chain */
-#define	X509_V_FLAG_CRL_CHECK_ALL		0x8
-/* Ignore unhandled critical extensions */
-#define	X509_V_FLAG_IGNORE_CRITICAL		0x10
-/* Disable workarounds for broken certificates */
-#define	X509_V_FLAG_X509_STRICT			0x20
-/* Enable proxy certificate validation */
-#define	X509_V_FLAG_ALLOW_PROXY_CERTS		0x40
-/* Enable policy checking */
-#define X509_V_FLAG_POLICY_CHECK		0x80
-/* Policy variable require-explicit-policy */
-#define X509_V_FLAG_EXPLICIT_POLICY		0x100
-/* Policy variable inhibit-any-policy */
-#define	X509_V_FLAG_INHIBIT_ANY			0x200
-/* Policy variable inhibit-policy-mapping */
-#define X509_V_FLAG_INHIBIT_MAP			0x400
-/* Notify callback that policy is OK */
-#define X509_V_FLAG_NOTIFY_POLICY		0x800
-/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
-#define X509_V_FLAG_EXTENDED_CRL_SUPPORT	0x1000
-/* Delta CRL support */
-#define X509_V_FLAG_USE_DELTAS			0x2000
-/* Check selfsigned CA signature */
-#define X509_V_FLAG_CHECK_SS_SIGNATURE		0x4000
-
-
-#define X509_VP_FLAG_DEFAULT			0x1
-#define X509_VP_FLAG_OVERWRITE			0x2
-#define X509_VP_FLAG_RESET_FLAGS		0x4
-#define X509_VP_FLAG_LOCKED			0x8
-#define X509_VP_FLAG_ONCE			0x10
-
-/* Internal use: mask of policy related options */
-#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
-				| X509_V_FLAG_EXPLICIT_POLICY \
-				| X509_V_FLAG_INHIBIT_ANY \
-				| X509_V_FLAG_INHIBIT_MAP)
-
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
-	     X509_NAME *name);
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
-void X509_OBJECT_up_ref_count(X509_OBJECT *a);
-void X509_OBJECT_free_contents(X509_OBJECT *a);
-X509_STORE *X509_STORE_new(void );
-void X509_STORE_free(X509_STORE *v);
-
-STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
-STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
-
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
-				  int (*verify_cb)(int, X509_STORE_CTX *));
-
-X509_STORE_CTX *X509_STORE_CTX_new(void);
-
-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
-
-void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
-int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
-			 X509 *x509, STACK_OF(X509) *chain);
-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
-
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
-
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
-X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
-
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
-
-int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
-	X509_OBJECT *ret);
-
-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
-	long argl, char **ret);
-
-#ifndef OPENSSL_NO_STDIO
-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
-#endif
-
-
-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
-void X509_LOOKUP_free(X509_LOOKUP *ctx);
-int X509_LOOKUP_init(X509_LOOKUP *ctx);
-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
-	X509_OBJECT *ret);
-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
-	ASN1_INTEGER *serial, X509_OBJECT *ret);
-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
-	unsigned char *bytes, int len, X509_OBJECT *ret);
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
-	int len, X509_OBJECT *ret);
-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
-
-#ifndef OPENSSL_NO_STDIO
-int	X509_STORE_load_locations (X509_STORE *ctx,
-		const char *file, const char *dir);
-int	X509_STORE_set_default_paths(X509_STORE *ctx);
-#endif
-
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int	X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
-void *	X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
-int	X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
-void	X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
-int	X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
-X509 *	X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
-X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
-X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
-X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
-void	X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
-void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
-void	X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk);
-int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
-int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
-				int purpose, int trust);
-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
-								time_t t);
-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-				  int (*verify_cb)(int, X509_STORE_CTX *));
-  
-X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
-int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
-
-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
-int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
-
-/* X509_VERIFY_PARAM functions */
-
-X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
-void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
-int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
-						const X509_VERIFY_PARAM *from);
-int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, 
-						const X509_VERIFY_PARAM *from);
-int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
-int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
-int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
-							unsigned long flags);
-unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
-int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
-int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
-void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
-void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
-int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
-						ASN1_OBJECT *policy);
-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 
-					STACK_OF(ASN1_OBJECT) *policies);
-int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
-
-int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
-const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
-void X509_VERIFY_PARAM_table_cleanup(void);
-
-int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
-			STACK_OF(X509) *certs,
-			STACK_OF(ASN1_OBJECT) *policy_oids,
-			unsigned int flags);
-
-void X509_policy_tree_free(X509_POLICY_TREE *tree);
-
-int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
-X509_POLICY_LEVEL *
-	X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);
-
-STACK_OF(X509_POLICY_NODE) *
-	X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);
-
-STACK_OF(X509_POLICY_NODE) *
-	X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);
-
-int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
-
-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i);
-
-const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
-
-STACK_OF(POLICYQUALINFO) *
-	X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);
-const X509_POLICY_NODE *
-	X509_policy_node_get0_parent(const X509_POLICY_NODE *node);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
deleted file mode 100644
index ba546bd1fa..0000000000
--- a/crypto/x509/x509_vpm.c
+++ /dev/null
@@ -1,440 +0,0 @@
-/* x509_vpm.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-/* X509_VERIFY_PARAM functions */
-
-static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
-	{
-	if (!param)
-		return;
-	param->name = NULL;
-	param->purpose = 0;
-	param->trust = 0;
-	/*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
-	param->inh_flags = 0;
-	param->flags = 0;
-	param->depth = -1;
-	if (param->policies)
-		{
-		sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
-		param->policies = NULL;
-		}
-	}
-
-X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
-	{
-	X509_VERIFY_PARAM *param;
-	param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
-	if (!param)
-		return NULL;
-	memset(param, 0, sizeof(X509_VERIFY_PARAM));
-	x509_verify_param_zero(param);
-	return param;
-	}
-
-void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
-	{
-	x509_verify_param_zero(param);
-	OPENSSL_free(param);
-	}
-
-/* This function determines how parameters are "inherited" from one structure
- * to another. There are several different ways this can happen.
- *
- * 1. If a child structure needs to have its values initialized from a parent
- *    they are simply copied across. For example SSL_CTX copied to SSL.
- * 2. If the structure should take on values only if they are currently unset.
- *    For example the values in an SSL structure will take appropriate value
- *    for SSL servers or clients but only if the application has not set new
- *    ones.
- *
- * The "inh_flags" field determines how this function behaves. 
- *
- * Normally any values which are set in the default are not copied from the
- * destination and verify flags are ORed together.
- *
- * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
- * to the destination. Effectively the values in "to" become default values
- * which will be used only if nothing new is set in "from".
- *
- * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
- * they are set or not. Flags is still Ored though.
- *
- * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
- * of ORed.
- *
- * If X509_VP_FLAG_LOCKED is set then no values are copied.
- *
- * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
- * after the next call.
- */
-
-/* Macro to test if a field should be copied from src to dest */
-
-#define test_x509_verify_param_copy(field, def) \
-	(to_overwrite || \
-		((src->field != def) && (to_default || (dest->field == def))))
-
-/* Macro to test and copy a field if necessary */
-
-#define x509_verify_param_copy(field, def) \
-	if (test_x509_verify_param_copy(field, def)) \
-		dest->field = src->field
-		
-
-int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
-						const X509_VERIFY_PARAM *src)
-	{
-	unsigned long inh_flags;
-	int to_default, to_overwrite;
-	if (!src)
-		return 1;
-	inh_flags = dest->inh_flags | src->inh_flags;
-
-	if (inh_flags & X509_VP_FLAG_ONCE)
-		dest->inh_flags = 0;
-
-	if (inh_flags & X509_VP_FLAG_LOCKED)
-		return 1;
-
-	if (inh_flags & X509_VP_FLAG_DEFAULT)
-		to_default = 1;
-	else
-		to_default = 0;
-
-	if (inh_flags & X509_VP_FLAG_OVERWRITE)
-		to_overwrite = 1;
-	else
-		to_overwrite = 0;
-
-	x509_verify_param_copy(purpose, 0);
-	x509_verify_param_copy(trust, 0);
-	x509_verify_param_copy(depth, -1);
-
-	/* If overwrite or check time not set, copy across */
-
-	if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME))
-		{
-		dest->check_time = src->check_time;
-		dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
-		/* Don't need to copy flag: that is done below */
-		}
-
-	if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
-		dest->flags = 0;
-
-	dest->flags |= src->flags;
-
-	if (test_x509_verify_param_copy(policies, NULL))
-		{
-		if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
-			return 0;
-		}
-
-	return 1;
-	}
-
-int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
-						const X509_VERIFY_PARAM *from)
-	{
-	unsigned long save_flags = to->inh_flags;
-	int ret;
-	to->inh_flags |= X509_VP_FLAG_DEFAULT;
-	ret = X509_VERIFY_PARAM_inherit(to, from);
-	to->inh_flags = save_flags;
-	return ret;
-	}
-
-int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
-	{
-	if (param->name)
-		OPENSSL_free(param->name);
-	param->name = BUF_strdup(name);
-	if (param->name)
-		return 1;
-	return 0;
-	}
-
-int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
-	{
-	param->flags |= flags;
-	if (flags & X509_V_FLAG_POLICY_MASK)
-		param->flags |= X509_V_FLAG_POLICY_CHECK;
-	return 1;
-	}
-
-int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags)
-	{
-	param->flags &= ~flags;
-	return 1;
-	}
-
-unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
-	{
-	return param->flags;
-	}
-
-int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
-	{
-	return X509_PURPOSE_set(&param->purpose, purpose);
-	}
-
-int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
-	{
-	return X509_TRUST_set(&param->trust, trust);
-	}
-
-void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
-	{
-	param->depth = depth;
-	}
-
-void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
-	{
-	param->check_time = t;
-	param->flags |= X509_V_FLAG_USE_CHECK_TIME;
-	}
-
-int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy)
-	{
-	if (!param->policies)
-		{
-		param->policies = sk_ASN1_OBJECT_new_null();
-		if (!param->policies)
-			return 0;
-		}
-	if (!sk_ASN1_OBJECT_push(param->policies, policy))
-		return 0;
-	return 1;
-	}
-
-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 
-					STACK_OF(ASN1_OBJECT) *policies)
-	{
-	int i;
-	ASN1_OBJECT *oid, *doid;
-	if (!param)
-		return 0;
-	if (param->policies)
-		sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
-
-	if (!policies)
-		{
-		param->policies = NULL;
-		return 1;
-		}
-
-	param->policies = sk_ASN1_OBJECT_new_null();
-	if (!param->policies)
-		return 0;
-
-	for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++)
-		{
-		oid = sk_ASN1_OBJECT_value(policies, i);
-		doid = OBJ_dup(oid);
-		if (!doid)
-			return 0;
-		if (!sk_ASN1_OBJECT_push(param->policies, doid))
-			{
-			ASN1_OBJECT_free(doid);
-			return 0;
-			}
-		}
-	param->flags |= X509_V_FLAG_POLICY_CHECK;
-	return 1;
-	}
-
-int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
-	{
-	return param->depth;
-	}
-
-/* Default verify parameters: these are used for various
- * applications and can be overridden by the user specified table.
- * NB: the 'name' field *must* be in alphabetical order because it
- * will be searched using OBJ_search.
- */
-
-static const X509_VERIFY_PARAM default_table[] = {
-	{
-	"default",	/* X509 default parameters */
-	0,		/* Check time */
-	0,		/* internal flags */
-	0,		/* flags */
-	0,		/* purpose */
-	0,		/* trust */
-	100,		/* depth */
-	NULL		/* policies */
-	},
-	{
-	"pkcs7",			/* S/MIME sign parameters */
-	0,				/* Check time */
-	0,				/* internal flags */
-	0,				/* flags */
-	X509_PURPOSE_SMIME_SIGN,	/* purpose */
-	X509_TRUST_EMAIL,		/* trust */
-	-1,				/* depth */
-	NULL				/* policies */
-	},
-	{
-	"smime_sign",			/* S/MIME sign parameters */
-	0,				/* Check time */
-	0,				/* internal flags */
-	0,				/* flags */
-	X509_PURPOSE_SMIME_SIGN,	/* purpose */
-	X509_TRUST_EMAIL,		/* trust */
-	-1,				/* depth */
-	NULL				/* policies */
-	},
-	{
-	"ssl_client",			/* SSL/TLS client parameters */
-	0,				/* Check time */
-	0,				/* internal flags */
-	0,				/* flags */
-	X509_PURPOSE_SSL_CLIENT,	/* purpose */
-	X509_TRUST_SSL_CLIENT,		/* trust */
-	-1,				/* depth */
-	NULL				/* policies */
-	},
-	{
-	"ssl_server",			/* SSL/TLS server parameters */
-	0,				/* Check time */
-	0,				/* internal flags */
-	0,				/* flags */
-	X509_PURPOSE_SSL_SERVER,	/* purpose */
-	X509_TRUST_SSL_SERVER,		/* trust */
-	-1,				/* depth */
-	NULL				/* policies */
-	}};
-
-static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
-
-static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
-
-	{
-	return strcmp(a->name, b->name);
-	}
-
-DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM,
-			   table);
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM,
-			     table);
-
-static int param_cmp(const X509_VERIFY_PARAM * const *a,
-			const X509_VERIFY_PARAM * const *b)
-	{
-	return strcmp((*a)->name, (*b)->name);
-	}
-
-int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
-	{
-	int idx;
-	X509_VERIFY_PARAM *ptmp;
-	if (!param_table)
-		{
-		param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
-		if (!param_table)
-			return 0;
-		}
-	else
-		{
-		idx = sk_X509_VERIFY_PARAM_find(param_table, param);
-		if (idx != -1)
-			{
-			ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
-			X509_VERIFY_PARAM_free(ptmp);
-			(void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
-			}
-		}
-	if (!sk_X509_VERIFY_PARAM_push(param_table, param))
-		return 0;
-	return 1;
-	}
-
-const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
-	{
-	int idx;
-	X509_VERIFY_PARAM pm;
-
-	pm.name = (char *)name;
-	if (param_table)
-		{
-		idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
-		if (idx != -1)
-			return sk_X509_VERIFY_PARAM_value(param_table, idx);
-		}
-	return OBJ_bsearch_table(&pm, default_table,
-			   sizeof(default_table)/sizeof(X509_VERIFY_PARAM));
-	}
-
-void X509_VERIFY_PARAM_table_cleanup(void)
-	{
-	if (param_table)
-		sk_X509_VERIFY_PARAM_pop_free(param_table,
-						X509_VERIFY_PARAM_free);
-	param_table = NULL;
-	}
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
deleted file mode 100644
index 3109defb0b..0000000000
--- a/crypto/x509/x509cset.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/* crypto/x509/x509cset.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_CRL_set_version(X509_CRL *x, long version)
-	{
-	if (x == NULL) return(0);
-	if (x->crl->version == NULL)
-		{
-		if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
-			return(0);
-		}
-	return(ASN1_INTEGER_set(x->crl->version,version));
-	}
-
-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
-	{
-	if ((x == NULL) || (x->crl == NULL)) return(0);
-	return(X509_NAME_set(&x->crl->issuer,name));
-	}
-
-
-int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
-	{
-	ASN1_TIME *in;
-
-	if (x == NULL) return(0);
-	in=x->crl->lastUpdate;
-	if (in != tm)
-		{
-		in=M_ASN1_TIME_dup(tm);
-		if (in != NULL)
-			{
-			M_ASN1_TIME_free(x->crl->lastUpdate);
-			x->crl->lastUpdate=in;
-			}
-		}
-	return(in != NULL);
-	}
-
-int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
-	{
-	ASN1_TIME *in;
-
-	if (x == NULL) return(0);
-	in=x->crl->nextUpdate;
-	if (in != tm)
-		{
-		in=M_ASN1_TIME_dup(tm);
-		if (in != NULL)
-			{
-			M_ASN1_TIME_free(x->crl->nextUpdate);
-			x->crl->nextUpdate=in;
-			}
-		}
-	return(in != NULL);
-	}
-
-int X509_CRL_sort(X509_CRL *c)
-	{
-	int i;
-	X509_REVOKED *r;
-	/* sort the data so it will be written in serial
-	 * number order */
-	sk_X509_REVOKED_sort(c->crl->revoked);
-	for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
-		{
-		r=sk_X509_REVOKED_value(c->crl->revoked,i);
-		r->sequence=i;
-		}
-	c->crl->enc.modified = 1;
-	return 1;
-	}
-
-int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
-	{
-	ASN1_TIME *in;
-
-	if (x == NULL) return(0);
-	in=x->revocationDate;
-	if (in != tm)
-		{
-		in=M_ASN1_TIME_dup(tm);
-		if (in != NULL)
-			{
-			M_ASN1_TIME_free(x->revocationDate);
-			x->revocationDate=in;
-			}
-		}
-	return(in != NULL);
-	}
-
-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
-	{
-	ASN1_INTEGER *in;
-
-	if (x == NULL) return(0);
-	in=x->serialNumber;
-	if (in != serial)
-		{
-		in=M_ASN1_INTEGER_dup(serial);
-		if (in != NULL)
-			{
-			M_ASN1_INTEGER_free(x->serialNumber);
-			x->serialNumber=in;
-			}
-		}
-	return(in != NULL);
-	}
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
deleted file mode 100644
index 27bc4dc9a3..0000000000
--- a/crypto/x509/x509name.c
+++ /dev/null
@@ -1,383 +0,0 @@
-/* crypto/x509/x509name.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
-	{
-	ASN1_OBJECT *obj;
-
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL) return(-1);
-	return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
-	}
-
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
-	     int len)
-	{
-	int i;
-	ASN1_STRING *data;
-
-	i=X509_NAME_get_index_by_OBJ(name,obj,-1);
-	if (i < 0) return(-1);
-	data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
-	i=(data->length > (len-1))?(len-1):data->length;
-	if (buf == NULL) return(data->length);
-	memcpy(buf,data->data,i);
-	buf[i]='\0';
-	return(i);
-	}
-
-int X509_NAME_entry_count(X509_NAME *name)
-	{
-	if (name == NULL) return(0);
-	return(sk_X509_NAME_ENTRY_num(name->entries));
-	}
-
-int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
-	{
-	ASN1_OBJECT *obj;
-
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL) return(-2);
-	return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
-	}
-
-/* NOTE: you should be passsing -1, not 0 as lastpos */
-int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
-	     int lastpos)
-	{
-	int n;
-	X509_NAME_ENTRY *ne;
-	STACK_OF(X509_NAME_ENTRY) *sk;
-
-	if (name == NULL) return(-1);
-	if (lastpos < 0)
-		lastpos= -1;
-	sk=name->entries;
-	n=sk_X509_NAME_ENTRY_num(sk);
-	for (lastpos++; lastpos < n; lastpos++)
-		{
-		ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
-		if (OBJ_cmp(ne->object,obj) == 0)
-			return(lastpos);
-		}
-	return(-1);
-	}
-
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
-	{
-	if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
-	   || loc < 0)
-		return(NULL);
-	else
-		return(sk_X509_NAME_ENTRY_value(name->entries,loc));
-	}
-
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
-	{
-	X509_NAME_ENTRY *ret;
-	int i,n,set_prev,set_next;
-	STACK_OF(X509_NAME_ENTRY) *sk;
-
-	if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
-	    || loc < 0)
-		return(NULL);
-	sk=name->entries;
-	ret=sk_X509_NAME_ENTRY_delete(sk,loc);
-	n=sk_X509_NAME_ENTRY_num(sk);
-	name->modified=1;
-	if (loc == n) return(ret);
-
-	/* else we need to fixup the set field */
-	if (loc != 0)
-		set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
-	else
-		set_prev=ret->set-1;
-	set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
-
-	/* set_prev is the previous set
-	 * set is the current set
-	 * set_next is the following
-	 * prev  1 1	1 1	1 1	1 1
-	 * set   1	1	2	2
-	 * next  1 1	2 2	2 2	3 2
-	 * so basically only if prev and next differ by 2, then
-	 * re-number down by 1 */
-	if (set_prev+1 < set_next)
-		for (i=loc; i<n; i++)
-			sk_X509_NAME_ENTRY_value(sk,i)->set--;
-	return(ret);
-	}
-
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
-			unsigned char *bytes, int len, int loc, int set)
-{
-	X509_NAME_ENTRY *ne;
-	int ret;
-	ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
-	if(!ne) return 0;
-	ret = X509_NAME_add_entry(name, ne, loc, set);
-	X509_NAME_ENTRY_free(ne);
-	return ret;
-}
-
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
-			unsigned char *bytes, int len, int loc, int set)
-{
-	X509_NAME_ENTRY *ne;
-	int ret;
-	ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
-	if(!ne) return 0;
-	ret = X509_NAME_add_entry(name, ne, loc, set);
-	X509_NAME_ENTRY_free(ne);
-	return ret;
-}
-
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
-			const unsigned char *bytes, int len, int loc, int set)
-{
-	X509_NAME_ENTRY *ne;
-	int ret;
-	ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
-	if(!ne) return 0;
-	ret = X509_NAME_add_entry(name, ne, loc, set);
-	X509_NAME_ENTRY_free(ne);
-	return ret;
-}
-
-/* if set is -1, append to previous set, 0 'a new one', and 1,
- * prepend to the guy we are about to stomp on. */
-int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
-	     int set)
-	{
-	X509_NAME_ENTRY *new_name=NULL;
-	int n,i,inc;
-	STACK_OF(X509_NAME_ENTRY) *sk;
-
-	if (name == NULL) return(0);
-	sk=name->entries;
-	n=sk_X509_NAME_ENTRY_num(sk);
-	if (loc > n) loc=n;
-	else if (loc < 0) loc=n;
-
-	name->modified=1;
-
-	if (set == -1)
-		{
-		if (loc == 0)
-			{
-			set=0;
-			inc=1;
-			}
-		else
-			{
-			set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
-			inc=0;
-			}
-		}
-	else /* if (set >= 0) */
-		{
-		if (loc >= n)
-			{
-			if (loc != 0)
-				set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
-			else
-				set=0;
-			}
-		else
-			set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
-		inc=(set == 0)?1:0;
-		}
-
-	if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
-		goto err;
-	new_name->set=set;
-	if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
-		{
-		X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if (inc)
-		{
-		n=sk_X509_NAME_ENTRY_num(sk);
-		for (i=loc+1; i<n; i++)
-			sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
-		}	
-	return(1);
-err:
-	if (new_name != NULL)
-		X509_NAME_ENTRY_free(new_name);
-	return(0);
-	}
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
-		const char *field, int type, const unsigned char *bytes, int len)
-	{
-	ASN1_OBJECT *obj;
-	X509_NAME_ENTRY *nentry;
-
-	obj=OBJ_txt2obj(field, 0);
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
-						X509_R_INVALID_FIELD_NAME);
-		ERR_add_error_data(2, "name=", field);
-		return(NULL);
-		}
-	nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
-	ASN1_OBJECT_free(obj);
-	return nentry;
-	}
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
-	     int type, unsigned char *bytes, int len)
-	{
-	ASN1_OBJECT *obj;
-	X509_NAME_ENTRY *nentry;
-
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
-		return(NULL);
-		}
-	nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
-	ASN1_OBJECT_free(obj);
-	return nentry;
-	}
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-	     ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len)
-	{
-	X509_NAME_ENTRY *ret;
-
-	if ((ne == NULL) || (*ne == NULL))
-		{
-		if ((ret=X509_NAME_ENTRY_new()) == NULL)
-			return(NULL);
-		}
-	else
-		ret= *ne;
-
-	if (!X509_NAME_ENTRY_set_object(ret,obj))
-		goto err;
-	if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
-		goto err;
-
-	if ((ne != NULL) && (*ne == NULL)) *ne=ret;
-	return(ret);
-err:
-	if ((ne == NULL) || (ret != *ne))
-		X509_NAME_ENTRY_free(ret);
-	return(NULL);
-	}
-
-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
-	{
-	if ((ne == NULL) || (obj == NULL))
-		{
-		X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	ASN1_OBJECT_free(ne->object);
-	ne->object=OBJ_dup(obj);
-	return((ne->object == NULL)?0:1);
-	}
-
-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
-	     const unsigned char *bytes, int len)
-	{
-	int i;
-
-	if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
-	if((type > 0) && (type & MBSTRING_FLAG)) 
-		return ASN1_STRING_set_by_NID(&ne->value, bytes,
-						len, type,
-					OBJ_obj2nid(ne->object)) ? 1 : 0;
-	if (len < 0) len=strlen((const char *)bytes);
-	i=ASN1_STRING_set(ne->value,bytes,len);
-	if (!i) return(0);
-	if (type != V_ASN1_UNDEF)
-		{
-		if (type == V_ASN1_APP_CHOOSE)
-			ne->value->type=ASN1_PRINTABLE_type(bytes,len);
-		else
-			ne->value->type=type;
-		}
-	return(1);
-	}
-
-ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
-	{
-	if (ne == NULL) return(NULL);
-	return(ne->object);
-	}
-
-ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
-	{
-	if (ne == NULL) return(NULL);
-	return(ne->value);
-	}
-
diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c
deleted file mode 100644
index d9f6b57372..0000000000
--- a/crypto/x509/x509rset.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/* crypto/x509/x509rset.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_REQ_set_version(X509_REQ *x, long version)
-	{
-	if (x == NULL) return(0);
-	return(ASN1_INTEGER_set(x->req_info->version,version));
-	}
-
-int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
-	{
-	if ((x == NULL) || (x->req_info == NULL)) return(0);
-	return(X509_NAME_set(&x->req_info->subject,name));
-	}
-
-int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
-	{
-	if ((x == NULL) || (x->req_info == NULL)) return(0);
-	return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
-	}
-
diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c
deleted file mode 100644
index 02a203d72c..0000000000
--- a/crypto/x509/x509spki.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* x509spki.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-
-int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
-{
-	if ((x == NULL) || (x->spkac == NULL)) return(0);
-	return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
-}
-
-EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
-{
-	if ((x == NULL) || (x->spkac == NULL))
-		return(NULL);
-	return(X509_PUBKEY_get(x->spkac->pubkey));
-}
-
-/* Load a Netscape SPKI from a base64 encoded string */
-
-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
-{
-	unsigned char *spki_der;
-	const unsigned char *p;
-	int spki_len;
-	NETSCAPE_SPKI *spki;
-	if(len <= 0) len = strlen(str);
-	if (!(spki_der = OPENSSL_malloc(len + 1))) {
-		X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
-	if(spki_len < 0) {
-		X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
-						X509_R_BASE64_DECODE_ERROR);
-		OPENSSL_free(spki_der);
-		return NULL;
-	}
-	p = spki_der;
-	spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
-	OPENSSL_free(spki_der);
-	return spki;
-}
-
-/* Generate a base64 encoded string from an SPKI */
-
-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
-{
-	unsigned char *der_spki, *p;
-	char *b64_str;
-	int der_len;
-	der_len = i2d_NETSCAPE_SPKI(spki, NULL);
-	der_spki = OPENSSL_malloc(der_len);
-	b64_str = OPENSSL_malloc(der_len * 2);
-	if(!der_spki || !b64_str) {
-		X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	p = der_spki;
-	i2d_NETSCAPE_SPKI(spki, &p);
-	EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
-	OPENSSL_free(der_spki);
-	return b64_str;
-}
diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
deleted file mode 100644
index 9702ec5310..0000000000
--- a/crypto/x509/x509type.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/* crypto/x509/x509type.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
-	{
-	EVP_PKEY *pk;
-	int ret=0,i;
-
-	if (x == NULL) return(0);
-
-	if (pkey == NULL)
-		pk=X509_get_pubkey(x);
-	else
-		pk=pkey;
-
-	if (pk == NULL) return(0);
-
-	switch (pk->type)
-		{
-	case EVP_PKEY_RSA:
-		ret=EVP_PK_RSA|EVP_PKT_SIGN;
-/*		if (!sign only extension) */
-			ret|=EVP_PKT_ENC;
-	break;
-	case EVP_PKEY_DSA:
-		ret=EVP_PK_DSA|EVP_PKT_SIGN;
-		break;
-	case EVP_PKEY_EC:
-		ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH;
-		break;
-	case EVP_PKEY_DH:
-		ret=EVP_PK_DH|EVP_PKT_EXCH;
-		break;	
-	case NID_id_GostR3410_94:
-	case NID_id_GostR3410_2001:
-		ret=EVP_PKT_EXCH|EVP_PKT_SIGN;
-		break;
-	default:
-		break;
-		}
-
-	i=OBJ_obj2nid(x->sig_alg->algorithm);
-	if (i && OBJ_find_sigid_algs(i, NULL, &i))
-		{
-
-		switch (i)
-			{
-		case NID_rsaEncryption:
-		case NID_rsa:
-			ret|=EVP_PKS_RSA;
-			break;
-		case NID_dsa:
-		case NID_dsa_2:
-			ret|=EVP_PKS_DSA;
-			break;
-		case NID_X9_62_id_ecPublicKey:
-			ret|=EVP_PKS_EC;
-			break;
-		default:
-			break;
-			}
-		}
-
-	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
-					   for, not bytes */
-		ret|=EVP_PKT_EXP;
-	if(pkey==NULL) EVP_PKEY_free(pk);
-	return(ret);
-	}
-
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
deleted file mode 100644
index fef55f89d9..0000000000
--- a/crypto/x509/x_all.c
+++ /dev/null
@@ -1,539 +0,0 @@
-/* crypto/x509/x_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-int X509_verify(X509 *a, EVP_PKEY *r)
-	{
-	if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
-		return 0;
-	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
-		a->signature,a->cert_info,r));
-	}
-
-int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
-	{
-	return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
-		a->sig_alg,a->signature,a->req_info,r));
-	}
-
-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
-	{
-	return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
-		a->sig_algor,a->signature,a->spkac,r));
-	}
-
-int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
-	{
-	x->cert_info->enc.modified = 1;
-	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
-		x->sig_alg, x->signature, x->cert_info,pkey,md));
-	}
-
-int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
-	{
-	x->cert_info->enc.modified = 1;
-	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
-		x->cert_info->signature,
-		x->sig_alg, x->signature, x->cert_info, ctx);
-	}
-
-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
-	{
-	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
-		x->signature, x->req_info,pkey,md));
-	}
-
-int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
-	{
-	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
-		x->sig_alg, NULL, x->signature, x->req_info, ctx);
-	}
-
-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
-	{
-	x->crl->enc.modified = 1;
-	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
-		x->sig_alg, x->signature, x->crl,pkey,md));
-	}
-
-int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
-	{
-	x->crl->enc.modified = 1;
-	return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
-		x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
-	}
-
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
-	{
-	return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
-		x->signature, x->spkac,pkey,md));
-	}
-
-#ifndef OPENSSL_NO_FP_API
-X509 *d2i_X509_fp(FILE *fp, X509 **x509)
-	{
-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
-	}
-
-int i2d_X509_fp(FILE *fp, X509 *x509)
-	{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
-	}
-#endif
-
-X509 *d2i_X509_bio(BIO *bp, X509 **x509)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
-	}
-
-int i2d_X509_bio(BIO *bp, X509 *x509)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
-	{
-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
-	}
-
-int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
-	{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
-	}
-#endif
-
-X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
-	}
-
-int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
-	{
-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
-	}
-
-int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
-	{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
-	}
-#endif
-
-PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
-	}
-
-int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
-	{
-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
-	}
-
-int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
-	{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
-	}
-#endif
-
-X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
-	}
-
-int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
-	}
-
-#ifndef OPENSSL_NO_RSA
-
-#ifndef OPENSSL_NO_FP_API
-RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
-	{
-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
-	}
-
-int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
-	{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
-	}
-
-RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
-	{
-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
-	}
-
-
-RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
-	{
-	return ASN1_d2i_fp((void *(*)(void))
-			   RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp,
-			   (void **)rsa);
-	}
-
-int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
-	{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
-	}
-
-int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
-	{
-	return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa);
-	}
-#endif
-
-RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
-	}
-
-int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
-	}
-
-RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
-	}
-
-
-RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
-	{
-	return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa);
-	}
-
-int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
-	}
-
-int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
-	{
-	return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa);
-	}
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
-	{
-	return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa);
-	}
-
-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
-	{
-	return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa);
-	}
-
-DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
-	{
-	return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa);
-	}
-
-int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
-	{
-	return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa);
-	}
-#endif
-
-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
-	{
-	return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa
-);
-	}
-
-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
-	{
-	return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa);
-	}
-
-DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
-	{
-	return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa);
-	}
-
-int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
-	{
-	return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa);
-	}
-
-#endif
-
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
-	{
-	return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey);
-	}
-  
-int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
-	{
-	return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey);
-	}
-
-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
-	{
-	return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey);
-	}
-  
-int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
-	{
-	return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey);
-	}
-#endif
-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
-	{
-	return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey);
-	}
-  
-int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
-	{
-	return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa);
-	}
-
-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
-	{
-	return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey);
-	}
-  
-int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
-	{
-	return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey);
-	}
-#endif
-
-
-int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
-	     unsigned int *len)
-	{
-	ASN1_BIT_STRING *key;
-	key = X509_get0_pubkey_bitstr(data);
-	if(!key) return 0;
-	return EVP_Digest(key->data, key->length, md, len, type, NULL);
-	}
-
-int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
-	     unsigned int *len)
-	{
-	return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
-	}
-
-int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
-	     unsigned int *len)
-	{
-	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
-	}
-
-int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
-	     unsigned int *len)
-	{
-	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
-	}
-
-int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
-	     unsigned int *len)
-	{
-	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
-	}
-
-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
-	     unsigned char *md, unsigned int *len)
-	{
-	return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
-		(char *)data,md,len));
-	}
-
-
-#ifndef OPENSSL_NO_FP_API
-X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
-	{
-	return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8);
-	}
-
-int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
-	{
-	return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8);
-	}
-#endif
-
-X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
-	{
-	return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8);
-	}
-
-int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
-	{
-	return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8);
-	}
-
-#ifndef OPENSSL_NO_FP_API
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
-						 PKCS8_PRIV_KEY_INFO **p8inf)
-	{
-	return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
-			      d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf);
-	}
-
-int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
-	{
-	return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp,
-			      p8inf);
-	}
-
-int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
-	{
-	PKCS8_PRIV_KEY_INFO *p8inf;
-	int ret;
-	p8inf = EVP_PKEY2PKCS8(key);
-	if(!p8inf) return 0;
-	ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
-	PKCS8_PRIV_KEY_INFO_free(p8inf);
-	return ret;
-	}
-
-int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
-	{
-	return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey);
-	}
-
-EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
-{
-	return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a);
-}
-
-int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
-	{
-	return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey);
-	}
-
-EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
-{
-	return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a);
-}
-
-#endif
-
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
-						 PKCS8_PRIV_KEY_INFO **p8inf)
-	{
-	return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
-			    d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf);
-	}
-
-int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
-	{
-	return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp,
-			       p8inf);
-	}
-
-int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
-	{
-	PKCS8_PRIV_KEY_INFO *p8inf;
-	int ret;
-	p8inf = EVP_PKEY2PKCS8(key);
-	if(!p8inf) return 0;
-	ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
-	PKCS8_PRIV_KEY_INFO_free(p8inf);
-	return ret;
-	}
-
-int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
-	{
-	return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey);
-	}
-
-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
-	{
-	return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a);
-	}
-
-int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
-	{
-	return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey);
-	}
-
-EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
-	{
-	return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a);
-	}
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
deleted file mode 100644
index 76daee6fcd..0000000000
--- a/crypto/x509v3/ext_dat.h
+++ /dev/null
@@ -1,132 +0,0 @@
-/* ext_dat.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* This file contains a table of "standard" extensions */
-
-extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
-extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
-extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
-extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
-extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
-extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
-extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
-extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
-extern X509V3_EXT_METHOD v3_addr, v3_asid;
-
-/* This table will be searched using OBJ_bsearch so it *must* kept in
- * order of the ext_nid values.
- */
-
-static const X509V3_EXT_METHOD *standard_exts[] = {
-&v3_nscert,
-&v3_ns_ia5_list[0],
-&v3_ns_ia5_list[1],
-&v3_ns_ia5_list[2],
-&v3_ns_ia5_list[3],
-&v3_ns_ia5_list[4],
-&v3_ns_ia5_list[5],
-&v3_ns_ia5_list[6],
-&v3_skey_id,
-&v3_key_usage,
-&v3_pkey_usage_period,
-&v3_alt[0],
-&v3_alt[1],
-&v3_bcons,
-&v3_crl_num,
-&v3_cpols,
-&v3_akey_id,
-&v3_crld,
-&v3_ext_ku,
-&v3_delta_crl,
-&v3_crl_reason,
-#ifndef OPENSSL_NO_OCSP
-&v3_crl_invdate,
-#endif
-&v3_sxnet,
-&v3_info,
-#ifndef OPENSSL_NO_RFC3779
-&v3_addr,
-&v3_asid,
-#endif
-#ifndef OPENSSL_NO_OCSP
-&v3_ocsp_nonce,
-&v3_ocsp_crlid,
-&v3_ocsp_accresp,
-&v3_ocsp_nocheck,
-&v3_ocsp_acutoff,
-&v3_ocsp_serviceloc,
-#endif
-&v3_sinfo,
-&v3_policy_constraints,
-#ifndef OPENSSL_NO_OCSP
-&v3_crl_hold,
-#endif
-&v3_pci,
-&v3_name_constraints,
-&v3_policy_mappings,
-&v3_inhibit_anyp,
-&v3_idp,
-&v3_alt[2],
-&v3_freshest_crl,
-};
-
-/* Number of standard extensions */
-
-#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
-
diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
deleted file mode 100644
index 172b7e7ee4..0000000000
--- a/crypto/x509v3/pcy_cache.c
+++ /dev/null
@@ -1,286 +0,0 @@
-/* pcy_cache.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-static int policy_data_cmp(const X509_POLICY_DATA * const *a,
-				const X509_POLICY_DATA * const *b);
-static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
-
-/* Set cache entry according to CertificatePolicies extension.
- * Note: this destroys the passed CERTIFICATEPOLICIES structure.
- */
-
-static int policy_cache_create(X509 *x,
-			CERTIFICATEPOLICIES *policies, int crit)
-	{
-	int i;
-	int ret = 0;
-	X509_POLICY_CACHE *cache = x->policy_cache;
-	X509_POLICY_DATA *data = NULL;
-	POLICYINFO *policy;
-	if (sk_POLICYINFO_num(policies) == 0)
-		goto bad_policy;
-	cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
-	if (!cache->data)
-		goto bad_policy;
-	for (i = 0; i < sk_POLICYINFO_num(policies); i++)
-		{
-		policy = sk_POLICYINFO_value(policies, i);
-		data = policy_data_new(policy, NULL, crit);
-		if (!data)
-			goto bad_policy;
-		/* Duplicate policy OIDs are illegal: reject if matches
-		 * found.
-		 */
-		if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)
-			{
-			if (cache->anyPolicy)
-				{
-				ret = -1;
-				goto bad_policy;
-				}
-			cache->anyPolicy = data;
-			}
-		else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1)
-			{
-			ret = -1;
-			goto bad_policy;
-			}
-		else if (!sk_X509_POLICY_DATA_push(cache->data, data))
-			goto bad_policy;
-		data = NULL;
-		}
-	ret = 1;
-	bad_policy:
-	if (ret == -1)
-		x->ex_flags |= EXFLAG_INVALID_POLICY;
-	if (data)
-		policy_data_free(data);
-	sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
-	if (ret <= 0)
-		{
-		sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
-		cache->data = NULL;
-		}
-	return ret;
-	}
-
-	
-static int policy_cache_new(X509 *x)
-	{
-	X509_POLICY_CACHE *cache;
-	ASN1_INTEGER *ext_any = NULL;
-	POLICY_CONSTRAINTS *ext_pcons = NULL;
-	CERTIFICATEPOLICIES *ext_cpols = NULL;
-	POLICY_MAPPINGS *ext_pmaps = NULL;
-	int i;
-	cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE));
-	if (!cache)
-		return 0;
-	cache->anyPolicy = NULL;
-	cache->data = NULL;
-	cache->any_skip = -1;
-	cache->explicit_skip = -1;
-	cache->map_skip = -1;
-
-	x->policy_cache = cache;
-
-	/* Handle requireExplicitPolicy *first*. Need to process this
-	 * even if we don't have any policies.
-	 */
-	ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
-
-	if (!ext_pcons)
-		{
-		if (i != -1)
-			goto bad_cache;
-		}
-	else
-		{
-		if (!ext_pcons->requireExplicitPolicy
-			&& !ext_pcons->inhibitPolicyMapping)
-			goto bad_cache;
-		if (!policy_cache_set_int(&cache->explicit_skip,
-			ext_pcons->requireExplicitPolicy))
-			goto bad_cache;
-		if (!policy_cache_set_int(&cache->map_skip,
-			ext_pcons->inhibitPolicyMapping))
-			goto bad_cache;
-		}
-
-	/* Process CertificatePolicies */
-
-	ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
-	/* If no CertificatePolicies extension or problem decoding then
-	 * there is no point continuing because the valid policies will be
-	 * NULL.
-	 */
-	if (!ext_cpols)
-		{
-		/* If not absent some problem with extension */
-		if (i != -1)
-			goto bad_cache;
-		return 1;
-		}
-
-	i = policy_cache_create(x, ext_cpols, i);
-
-	/* NB: ext_cpols freed by policy_cache_set_policies */
-
-	if (i <= 0)
-		return i;
-
-	ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
-
-	if (!ext_pmaps)
-		{
-		/* If not absent some problem with extension */
-		if (i != -1)
-			goto bad_cache;
-		}
-	else
-		{
-		i = policy_cache_set_mapping(x, ext_pmaps);
-		if (i <= 0)
-			goto bad_cache;
-		}
-
-	ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
-
-	if (!ext_any)
-		{
-		if (i != -1)
-			goto bad_cache;
-		}
-	else if (!policy_cache_set_int(&cache->any_skip, ext_any))
-			goto bad_cache;
-
-	if (0)
-		{
-		bad_cache:
-		x->ex_flags |= EXFLAG_INVALID_POLICY;
-		}
-
-	if(ext_pcons)
-		POLICY_CONSTRAINTS_free(ext_pcons);
-
-	if (ext_any)
-		ASN1_INTEGER_free(ext_any);
-
-	return 1;
-
-	
-}
-
-void policy_cache_free(X509_POLICY_CACHE *cache)
-	{
-	if (!cache)
-		return;
-	if (cache->anyPolicy)
-		policy_data_free(cache->anyPolicy);
-	if (cache->data)
-		sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
-	OPENSSL_free(cache);
-	}
-
-const X509_POLICY_CACHE *policy_cache_set(X509 *x)
-	{
-
-	if (x->policy_cache == NULL)
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_X509);
-			policy_cache_new(x);
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-		}
-
-	return x->policy_cache;
-
-	}
-
-X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
-						const ASN1_OBJECT *id)
-	{
-	int idx;
-	X509_POLICY_DATA tmp;
-	tmp.valid_policy = (ASN1_OBJECT *)id;
-	idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
-	if (idx == -1)
-		return NULL;
-	return sk_X509_POLICY_DATA_value(cache->data, idx);
-	}
-
-static int policy_data_cmp(const X509_POLICY_DATA * const *a,
-				const X509_POLICY_DATA * const *b)
-	{
-	return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
-	}
-
-static int policy_cache_set_int(long *out, ASN1_INTEGER *value)
-	{
-	if (value == NULL)
-		return 1;
-	if (value->type == V_ASN1_NEG_INTEGER)
-		return 0;
-	*out = ASN1_INTEGER_get(value);
-	return 1;
-	}
diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c
deleted file mode 100644
index 3444b03195..0000000000
--- a/crypto/x509v3/pcy_data.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/* pcy_data.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-/* Policy Node routines */
-
-void policy_data_free(X509_POLICY_DATA *data)
-	{
-	ASN1_OBJECT_free(data->valid_policy);
-	/* Don't free qualifiers if shared */
-	if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
-		sk_POLICYQUALINFO_pop_free(data->qualifier_set,
-					POLICYQUALINFO_free);
-	sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);
-	OPENSSL_free(data);
-	}
-
-/* Create a data based on an existing policy. If 'id' is NULL use the
- * oid in the policy, otherwise use 'id'. This behaviour covers the two
- * types of data in RFC3280: data with from a CertificatePolcies extension
- * and additional data with just the qualifiers of anyPolicy and ID from
- * another source.
- */
-
-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
-					const ASN1_OBJECT *cid, int crit)
-	{
-	X509_POLICY_DATA *ret;
-	ASN1_OBJECT *id;
-	if (!policy && !cid)
-		return NULL;
-	if (cid)
-		{
-		id = OBJ_dup(cid);
-		if (!id)
-			return NULL;
-		}
-	else
-		id = NULL;
-	ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
-	if (!ret)
-		return NULL;
-	ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
-	if (!ret->expected_policy_set)
-		{
-		OPENSSL_free(ret);
-		if (id)
-			ASN1_OBJECT_free(id);
-		return NULL;
-		}
-
-	if (crit)
-		ret->flags = POLICY_DATA_FLAG_CRITICAL;
-	else
-		ret->flags = 0;
-
-	if (id)
-		ret->valid_policy = id;
-	else
-		{
-		ret->valid_policy = policy->policyid;
-		policy->policyid = NULL;
-		}
-
-	if (policy)
-		{
-		ret->qualifier_set = policy->qualifiers;
-		policy->qualifiers = NULL;
-		}
-	else
-		ret->qualifier_set = NULL;
-
-	return ret;
-	}
-
diff --git a/crypto/x509v3/pcy_int.h b/crypto/x509v3/pcy_int.h
deleted file mode 100644
index ccff92846e..0000000000
--- a/crypto/x509v3/pcy_int.h
+++ /dev/null
@@ -1,212 +0,0 @@
-/* pcy_int.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
-
-DECLARE_STACK_OF(X509_POLICY_DATA)
-
-/* Internal structures */
-
-/* This structure and the field names correspond to the Policy 'node' of
- * RFC3280. NB this structure contains no pointers to parent or child
- * data: X509_POLICY_NODE contains that. This means that the main policy data
- * can be kept static and cached with the certificate.
- */
-
-struct X509_POLICY_DATA_st
-	{
-	unsigned int flags;
-	/* Policy OID and qualifiers for this data */
-	ASN1_OBJECT *valid_policy;
-	STACK_OF(POLICYQUALINFO) *qualifier_set;
-	STACK_OF(ASN1_OBJECT) *expected_policy_set;
-	};
-
-/* X509_POLICY_DATA flags values */
-
-/* This flag indicates the structure has been mapped using a policy mapping
- * extension. If policy mapping is not active its references get deleted. 
- */
-
-#define POLICY_DATA_FLAG_MAPPED			0x1
-
-/* This flag indicates the data doesn't correspond to a policy in Certificate
- * Policies: it has been mapped to any policy.
- */
-
-#define POLICY_DATA_FLAG_MAPPED_ANY		0x2
-
-/* AND with flags to see if any mapping has occurred */
-
-#define POLICY_DATA_FLAG_MAP_MASK		0x3
-
-/* qualifiers are shared and shouldn't be freed */
-
-#define POLICY_DATA_FLAG_SHARED_QUALIFIERS	0x4
-
-/* Parent node is an extra node and should be freed */
-
-#define POLICY_DATA_FLAG_EXTRA_NODE		0x8
-
-/* Corresponding CertificatePolicies is critical */
-
-#define POLICY_DATA_FLAG_CRITICAL		0x10
-
-/* This structure is cached with a certificate */
-
-struct X509_POLICY_CACHE_st {
-	/* anyPolicy data or NULL if no anyPolicy */
-	X509_POLICY_DATA *anyPolicy;
-	/* other policy data */
-	STACK_OF(X509_POLICY_DATA) *data;
-	/* If InhibitAnyPolicy present this is its value or -1 if absent. */
-	long any_skip;
-	/* If policyConstraints and requireExplicitPolicy present this is its
-	 * value or -1 if absent.
-	 */
-	long explicit_skip;
-	/* If policyConstraints and policyMapping present this is its
-	 * value or -1 if absent.
-         */
-	long map_skip;
-	};
-
-/*#define POLICY_CACHE_FLAG_CRITICAL		POLICY_DATA_FLAG_CRITICAL*/
-
-/* This structure represents the relationship between nodes */
-
-struct X509_POLICY_NODE_st
-	{
-	/* node data this refers to */
-	const X509_POLICY_DATA *data;
-	/* Parent node */
-	X509_POLICY_NODE *parent;
-	/* Number of child nodes */
-	int nchild;
-	};
-
-struct X509_POLICY_LEVEL_st
-	{
-	/* Cert for this level */
-	X509 *cert;
-	/* nodes at this level */
-	STACK_OF(X509_POLICY_NODE) *nodes;
-	/* anyPolicy node */
-	X509_POLICY_NODE *anyPolicy;
-	/* Extra data */
-	/*STACK_OF(X509_POLICY_DATA) *extra_data;*/
-	unsigned int flags;
-	};
-
-struct X509_POLICY_TREE_st
-	{
-	/* This is the tree 'level' data */
-	X509_POLICY_LEVEL *levels;
-	int nlevel;
-	/* Extra policy data when additional nodes (not from the certificate)
-	 * are required.
-	 */
-	STACK_OF(X509_POLICY_DATA) *extra_data;
-	/* This is the authority constained policy set */
-	STACK_OF(X509_POLICY_NODE) *auth_policies;
-	STACK_OF(X509_POLICY_NODE) *user_policies;
-	unsigned int flags;
-	};
-
-/* Set if anyPolicy present in user policies */
-#define POLICY_FLAG_ANY_POLICY		0x2
-
-/* Useful macros */
-
-#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
-#define node_critical(node) node_data_critical(node->data)
-
-/* Internal functions */
-
-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
-								int crit);
-void policy_data_free(X509_POLICY_DATA *data);
-
-X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
-							const ASN1_OBJECT *id);
-int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
-
-
-STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
-
-void policy_cache_init(void);
-
-void policy_cache_free(X509_POLICY_CACHE *cache);
-
-X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
-					const X509_POLICY_NODE *parent,	
-					const ASN1_OBJECT *id);
-
-X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
-						const ASN1_OBJECT *id);
-
-X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
-			const X509_POLICY_DATA *data,
-			X509_POLICY_NODE *parent,
-			X509_POLICY_TREE *tree);
-void policy_node_free(X509_POLICY_NODE *node);
-int policy_node_match(const X509_POLICY_LEVEL *lvl,
-		      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
-
-const X509_POLICY_CACHE *policy_cache_set(X509 *x);
diff --git a/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c
deleted file mode 100644
index 93bfd92703..0000000000
--- a/crypto/x509v3/pcy_lib.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/* pcy_lib.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-/* accessor functions */
-
-/* X509_POLICY_TREE stuff */
-
-int X509_policy_tree_level_count(const X509_POLICY_TREE *tree)
-	{
-	if (!tree)
-		return 0;
-	return tree->nlevel;
-	}
-
-X509_POLICY_LEVEL *
-	X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i)
-	{
-	if (!tree || (i < 0) || (i >= tree->nlevel))
-		return NULL;
-	return tree->levels + i;
-	}
-
-STACK_OF(X509_POLICY_NODE) *
-		X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree)
-	{
-	if (!tree)
-		return NULL;
-	return tree->auth_policies;
-	}
-
-STACK_OF(X509_POLICY_NODE) *
-	X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree)
-	{
-	if (!tree)
-		return NULL;
-	if (tree->flags & POLICY_FLAG_ANY_POLICY)
-		return tree->auth_policies;
-	else
-		return tree->user_policies;
-	}
-
-/* X509_POLICY_LEVEL stuff */
-
-int X509_policy_level_node_count(X509_POLICY_LEVEL *level)
-	{
-	int n;
-	if (!level)
-		return 0;
-	if (level->anyPolicy)
-		n = 1;
-	else
-		n = 0;
-	if (level->nodes)
-		n += sk_X509_POLICY_NODE_num(level->nodes);
-	return n;
-	}
-
-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i)
-	{
-	if (!level)
-		return NULL;
-	if (level->anyPolicy)
-		{
-		if (i == 0)
-			return level->anyPolicy;
-		i--;
-		}
-	return sk_X509_POLICY_NODE_value(level->nodes, i);
-	}
-
-/* X509_POLICY_NODE stuff */
-
-const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node)
-	{
-	if (!node)
-		return NULL;
-	return node->data->valid_policy;
-	}
-
-#if 0
-int X509_policy_node_get_critical(const X509_POLICY_NODE *node)
-	{
-	if (node_critical(node))
-		return 1;
-	return 0;
-	}
-#endif
-
-STACK_OF(POLICYQUALINFO) *
-		X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node)
-	{
-	if (!node)
-		return NULL;
-	return node->data->qualifier_set;
-	}
-
-const X509_POLICY_NODE *
-		X509_policy_node_get0_parent(const X509_POLICY_NODE *node)
-	{
-	if (!node)
-		return NULL;
-	return node->parent;
-	}
-
-
diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c
deleted file mode 100644
index 21163b529d..0000000000
--- a/crypto/x509v3/pcy_map.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/* pcy_map.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-/* Set policy mapping entries in cache.
- * Note: this modifies the passed POLICY_MAPPINGS structure
- */
-
-int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
-	{
-	POLICY_MAPPING *map;
-	X509_POLICY_DATA *data;
-	X509_POLICY_CACHE *cache = x->policy_cache;
-	int i;
-	int ret = 0;
-	if (sk_POLICY_MAPPING_num(maps) == 0)
-		{
-		ret = -1;
-		goto bad_mapping;
-		}
-	for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++)
-		{
-		map = sk_POLICY_MAPPING_value(maps, i);
-		/* Reject if map to or from anyPolicy */
-		if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
-		   || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy))
-			{
-			ret = -1;
-			goto bad_mapping;
-			}
-
-		/* Attempt to find matching policy data */
-		data = policy_cache_find_data(cache, map->issuerDomainPolicy);
-		/* If we don't have anyPolicy can't map */
-		if (!data && !cache->anyPolicy)
-			continue;
-
-		/* Create a NODE from anyPolicy */
-		if (!data)
-			{
-			data = policy_data_new(NULL, map->issuerDomainPolicy,
-					cache->anyPolicy->flags
-						& POLICY_DATA_FLAG_CRITICAL);
-			if (!data)
-				goto bad_mapping;
-			data->qualifier_set = cache->anyPolicy->qualifier_set;
-			/*map->issuerDomainPolicy = NULL;*/
-			data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
-			data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-			if (!sk_X509_POLICY_DATA_push(cache->data, data))
-				{
-				policy_data_free(data);
-				goto bad_mapping;
-				}
-			}
-		else
-			data->flags |= POLICY_DATA_FLAG_MAPPED;
-		if (!sk_ASN1_OBJECT_push(data->expected_policy_set, 
-						map->subjectDomainPolicy))
-			goto bad_mapping;
-		map->subjectDomainPolicy = NULL;
-
-		}
-
-	ret = 1;
-	bad_mapping:
-	if (ret == -1)
-		x->ex_flags |= EXFLAG_INVALID_POLICY;
-	sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
-	return ret;
-
-	}
diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c
deleted file mode 100644
index bd1e7f1ae8..0000000000
--- a/crypto/x509v3/pcy_node.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/* pcy_node.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-static int node_cmp(const X509_POLICY_NODE * const *a,
-			const X509_POLICY_NODE * const *b)
-	{
-	return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
-	}
-
-STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
-	{
-	return sk_X509_POLICY_NODE_new(node_cmp);
-	}
-
-X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
-					const ASN1_OBJECT *id)
-	{
-	X509_POLICY_DATA n;
-	X509_POLICY_NODE l;
-	int idx;
-
-	n.valid_policy = (ASN1_OBJECT *)id;
-	l.data = &n;
-
-	idx = sk_X509_POLICY_NODE_find(nodes, &l);
-	if (idx == -1)
-		return NULL;
-
-	return sk_X509_POLICY_NODE_value(nodes, idx);
-
-	}
-
-X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
-					const X509_POLICY_NODE *parent,	
-					const ASN1_OBJECT *id)
-	{
-	X509_POLICY_NODE *node;
-	int i;
-	for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++)
-		{
-		node = sk_X509_POLICY_NODE_value(level->nodes, i);
-		if (node->parent == parent)
-			{
-			if (!OBJ_cmp(node->data->valid_policy, id))
-				return node;
-			}
-		}
-	return NULL;
-	}
-
-X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
-			const X509_POLICY_DATA *data,
-			X509_POLICY_NODE *parent,
-			X509_POLICY_TREE *tree)
-	{
-	X509_POLICY_NODE *node;
-	node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));
-	if (!node)
-		return NULL;
-	node->data = data;
-	node->parent = parent;
-	node->nchild = 0;
-	if (level)
-		{
-		if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)
-			{
-			if (level->anyPolicy)
-				goto node_error;
-			level->anyPolicy = node;
-			}
-		else
-			{
-
-			if (!level->nodes)
-				level->nodes = policy_node_cmp_new();
-			if (!level->nodes)
-				goto node_error;
-			if (!sk_X509_POLICY_NODE_push(level->nodes, node))
-				goto node_error;
-			}
-		}
-
-	if (tree)
-		{
-		if (!tree->extra_data)
-			 tree->extra_data = sk_X509_POLICY_DATA_new_null();
-		if (!tree->extra_data)
-			goto node_error;
-		if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
-			goto node_error;
-		}
-
-	if (parent)
-		parent->nchild++;
-
-	return node;
-
-	node_error:
-	policy_node_free(node);
-	return 0;
-
-	}
-
-void policy_node_free(X509_POLICY_NODE *node)
-	{
-	OPENSSL_free(node);
-	}
-
-/* See if a policy node matches a policy OID. If mapping enabled look through
- * expected policy set otherwise just valid policy.
- */
-
-int policy_node_match(const X509_POLICY_LEVEL *lvl,
-		      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)
-	{
-	int i;
-	ASN1_OBJECT *policy_oid;
-	const X509_POLICY_DATA *x = node->data;
-
-	if (	    (lvl->flags & X509_V_FLAG_INHIBIT_MAP)
-		|| !(x->flags & POLICY_DATA_FLAG_MAP_MASK))
-		{
-		if (!OBJ_cmp(x->valid_policy, oid))
-			return 1;
-		return 0;
-		}
-
-	for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++)
-		{
-		policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
-		if (!OBJ_cmp(policy_oid, oid))
-			return 1;
-		}
-	return 0;
-
-	}
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
deleted file mode 100644
index bb9777348f..0000000000
--- a/crypto/x509v3/pcy_tree.c
+++ /dev/null
@@ -1,872 +0,0 @@
-/* pcy_tree.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-/* Enable this to print out the complete policy tree at various point during
- * evaluation.
- */
-
-/*#define OPENSSL_POLICY_DEBUG*/
-
-#ifdef OPENSSL_POLICY_DEBUG
-
-static void expected_print(BIO *err, X509_POLICY_LEVEL *lev,
-				X509_POLICY_NODE *node, int indent)
-	{
-	if (	    (lev->flags & X509_V_FLAG_INHIBIT_MAP)
-		|| !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
-		BIO_puts(err, "  Not Mapped\n");
-	else
-		{
-		int i;
-		STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
-		ASN1_OBJECT *oid;
-		BIO_puts(err, "  Expected: ");
-		for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++)
-			{
-			oid = sk_ASN1_OBJECT_value(pset, i);
-			if (i)
-				BIO_puts(err, ", ");
-			i2a_ASN1_OBJECT(err, oid);
-			}
-		BIO_puts(err, "\n");
-		}
-	}
-
-static void tree_print(char *str, X509_POLICY_TREE *tree,
-			X509_POLICY_LEVEL *curr)
-	{
-	X509_POLICY_LEVEL *plev;
-	X509_POLICY_NODE *node;
-	int i;
-	BIO *err;
-	err = BIO_new_fp(stderr, BIO_NOCLOSE);
-	if (!curr)
-		curr = tree->levels + tree->nlevel;
-	else
-		curr++;
-	BIO_printf(err, "Level print after %s\n", str);
-	BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
-	for (plev = tree->levels; plev != curr; plev++)
-		{
-		BIO_printf(err, "Level %ld, flags = %x\n",
-				plev - tree->levels, plev->flags);
-		for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++)
-			{
-			node = sk_X509_POLICY_NODE_value(plev->nodes, i);
-			X509_POLICY_NODE_print(err, node, 2);
-			expected_print(err, plev, node, 2);
-			BIO_printf(err, "  Flags: %x\n", node->data->flags);
-			}
-		if (plev->anyPolicy)
-			X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
-		}
-
-	BIO_free(err);
-
-	}
-#else
-
-#define tree_print(a,b,c) /* */
-
-#endif
-
-/* Initialize policy tree. Return values:
- *  0 Some internal error occured.
- * -1 Inconsistent or invalid extensions in certificates.
- *  1 Tree initialized OK.
- *  2 Policy tree is empty.
- *  5 Tree OK and requireExplicitPolicy true.
- *  6 Tree empty and requireExplicitPolicy true.
- */
-
-static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
-			unsigned int flags)
-	{
-	X509_POLICY_TREE *tree;
-	X509_POLICY_LEVEL *level;
-	const X509_POLICY_CACHE *cache;
-	X509_POLICY_DATA *data = NULL;
-	X509 *x;
-	int ret = 1;
-	int i, n;
-	int explicit_policy;
-	int any_skip;
-	int map_skip;
-	*ptree = NULL;
-	n = sk_X509_num(certs);
-
-#if 0
-	/* Disable policy mapping for now... */
-	flags |= X509_V_FLAG_INHIBIT_MAP;
-#endif
-
-	if (flags & X509_V_FLAG_EXPLICIT_POLICY)
-		explicit_policy = 0;
-	else
-		explicit_policy = n + 1;
-
-	if (flags & X509_V_FLAG_INHIBIT_ANY)
-		any_skip = 0;
-	else
-		any_skip = n + 1;
-
-	if (flags & X509_V_FLAG_INHIBIT_MAP)
-		map_skip = 0;
-	else
-		map_skip = n + 1;
-
-	/* Can't do anything with just a trust anchor */
-	if (n == 1)
-		return 1;
-	/* First setup policy cache in all certificates apart from the
-	 * trust anchor. Note any bad cache results on the way. Also can
-	 * calculate explicit_policy value at this point.
-	 */
-	for (i = n - 2; i >= 0; i--)
-		{
-		x = sk_X509_value(certs, i);
-		X509_check_purpose(x, -1, -1);
-		cache = policy_cache_set(x);
-		/* If cache NULL something bad happened: return immediately */
-		if (cache == NULL)
-			return 0;
-		/* If inconsistent extensions keep a note of it but continue */
-		if (x->ex_flags & EXFLAG_INVALID_POLICY)
-			ret = -1;
-		/* Otherwise if we have no data (hence no CertificatePolicies)
-		 * and haven't already set an inconsistent code note it.
-		 */
-		else if ((ret == 1) && !cache->data)
-			ret = 2;
-		if (explicit_policy > 0)
-			{
-			if (!(x->ex_flags & EXFLAG_SI))
-				explicit_policy--;
-			if ((cache->explicit_skip != -1)
-				&& (cache->explicit_skip < explicit_policy))
-				explicit_policy = cache->explicit_skip;
-			}
-		}
-
-	if (ret != 1)
-		{
-		if (ret == 2 && !explicit_policy)
-			return 6;
-		return ret;
-		}
-
-
-	/* If we get this far initialize the tree */
-
-	tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE));
-
-	if (!tree)
-		return 0;
-
-	tree->flags = 0;
-	tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n);
-	tree->nlevel = 0;
-	tree->extra_data = NULL;
-	tree->auth_policies = NULL;
-	tree->user_policies = NULL;
-
-	if (!tree->levels)
-		{
-		OPENSSL_free(tree);
-		return 0;
-		}
-
-	memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL));
-
-	tree->nlevel = n;
-
-	level = tree->levels;
-
-	/* Root data: initialize to anyPolicy */
-
-	data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0);
-
-	if (!data || !level_add_node(level, data, NULL, tree))
-		goto bad_tree;
-
-	for (i = n - 2; i >= 0; i--)
-		{
-		level++;
-		x = sk_X509_value(certs, i);
-		cache = policy_cache_set(x);
-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-		level->cert = x;
-
-		if (!cache->anyPolicy)
-				level->flags |= X509_V_FLAG_INHIBIT_ANY;
-
-		/* Determine inhibit any and inhibit map flags */
-		if (any_skip == 0)
-			{
-			/* Any matching allowed if certificate is self
-			 * issued and not the last in the chain.
-			 */
-			if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
-				level->flags |= X509_V_FLAG_INHIBIT_ANY;
-			}
-		else
-			{
-			if (!(x->ex_flags & EXFLAG_SI))
-				any_skip--;
-			if ((cache->any_skip >= 0)
-				&& (cache->any_skip < any_skip))
-				any_skip = cache->any_skip;
-			}
-
-		if (map_skip == 0)
-			level->flags |= X509_V_FLAG_INHIBIT_MAP;
-		else
-			{
-			if (!(x->ex_flags & EXFLAG_SI))
-				map_skip--;
-			if ((cache->map_skip >= 0)
-				&& (cache->map_skip < map_skip))
-				map_skip = cache->map_skip;
-			}
-
-		}
-
-	*ptree = tree;
-
-	if (explicit_policy)
-		return 1;
-	else
-		return 5;
-
-	bad_tree:
-
-	X509_policy_tree_free(tree);
-
-	return 0;
-
-	}
-
-static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
-				const X509_POLICY_DATA *data)
-	{
-	X509_POLICY_LEVEL *last = curr - 1;
-	X509_POLICY_NODE *node;
-	int i, matched = 0;
-	/* Iterate through all in nodes linking matches */
-	for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++)
-		{
-		node = sk_X509_POLICY_NODE_value(last->nodes, i);
-		if (policy_node_match(last, node, data->valid_policy))
-			{
-			if (!level_add_node(curr, data, node, NULL))
-				return 0;
-			matched = 1;
-			}
-		}
-	if (!matched && last->anyPolicy)
-		{
-		if (!level_add_node(curr, data, last->anyPolicy, NULL))
-			return 0;
-		}
-	return 1;
-	}
-
-/* This corresponds to RFC3280 6.1.3(d)(1):
- * link any data from CertificatePolicies onto matching parent
- * or anyPolicy if no match.
- */
-
-static int tree_link_nodes(X509_POLICY_LEVEL *curr,
-				const X509_POLICY_CACHE *cache)
-	{
-	int i;
-	X509_POLICY_DATA *data;
-
-	for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++)
-		{
-		data = sk_X509_POLICY_DATA_value(cache->data, i);
-		/* If a node is mapped any it doesn't have a corresponding
-		 * CertificatePolicies entry. 
-		 * However such an identical node would be created
-		 * if anyPolicy matching is enabled because there would be
-		 * no match with the parent valid_policy_set. So we create
-		 * link because then it will have the mapping flags
-		 * right and we can prune it later.
-		 */
-#if 0
-		if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY)
-			&& !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
-			continue;
-#endif
-		/* Look for matching nodes in previous level */
-		if (!tree_link_matching_nodes(curr, data))
-				return 0;
-		}
-	return 1;
-	}
-
-/* This corresponds to RFC3280 6.1.3(d)(2):
- * Create new data for any unmatched policies in the parent and link
- * to anyPolicy.
- */
-
-static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
-			const X509_POLICY_CACHE *cache,
-			const ASN1_OBJECT *id,
-			X509_POLICY_NODE *node,
-			X509_POLICY_TREE *tree)
-	{
-	X509_POLICY_DATA *data;
-	if (id == NULL)
-		id = node->data->valid_policy;
-	/* Create a new node with qualifiers from anyPolicy and
-	 * id from unmatched node.
-	 */
-	data = policy_data_new(NULL, id, node_critical(node));
-
-	if (data == NULL)
-		return 0;
-	/* Curr may not have anyPolicy */
-	data->qualifier_set = cache->anyPolicy->qualifier_set;
-	data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-	if (!level_add_node(curr, data, node, tree))
-		{
-		policy_data_free(data);
-		return 0;
-		}
-
-	return 1;
-	}
-
-static int tree_link_unmatched(X509_POLICY_LEVEL *curr,
-			const X509_POLICY_CACHE *cache,
-			X509_POLICY_NODE *node,
-			X509_POLICY_TREE *tree)
-	{
-	const X509_POLICY_LEVEL *last = curr - 1;
-	int i;
-
-	if (	    (last->flags & X509_V_FLAG_INHIBIT_MAP)
-		|| !(node->data->flags & POLICY_DATA_FLAG_MAPPED))
-		{
-		/* If no policy mapping: matched if one child present */
-		if (node->nchild)
-			return 1;
-		if (!tree_add_unmatched(curr, cache, NULL, node, tree))
-			return 0;
-		/* Add it */
-		}
-	else
-		{
-		/* If mapping: matched if one child per expected policy set */
-		STACK_OF(ASN1_OBJECT) *expset = node->data->expected_policy_set;
-		if (node->nchild == sk_ASN1_OBJECT_num(expset))
-			return 1;
-		/* Locate unmatched nodes */
-		for (i = 0; i < sk_ASN1_OBJECT_num(expset); i++)
-			{
-			ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(expset, i);
-			if (level_find_node(curr, node, oid))
-				continue;
-			if (!tree_add_unmatched(curr, cache, oid, node, tree))
-				return 0;
-			}
-
-		}
-
-	return 1;
-
-	}
-
-static int tree_link_any(X509_POLICY_LEVEL *curr,
-			const X509_POLICY_CACHE *cache,
-			X509_POLICY_TREE *tree)
-	{
-	int i;
-	/*X509_POLICY_DATA *data;*/
-	X509_POLICY_NODE *node;
-	X509_POLICY_LEVEL *last = curr - 1;
-
-	for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++)
-		{
-		node = sk_X509_POLICY_NODE_value(last->nodes, i);
-
-		if (!tree_link_unmatched(curr, cache, node, tree))
-			return 0;
-
-#if 0
-
-		/* Skip any node with any children: we only want unmathced
-		 * nodes.
-		 *
-		 * Note: need something better for policy mapping
-		 * because each node may have multiple children 
-		 */
-		if (node->nchild)
-			continue;
-
-		/* Create a new node with qualifiers from anyPolicy and
-		 * id from unmatched node.
-		 */
-		data = policy_data_new(NULL, node->data->valid_policy, 
-						node_critical(node));
-
-		if (data == NULL)
-			return 0;
-		/* Curr may not have anyPolicy */
-		data->qualifier_set = cache->anyPolicy->qualifier_set;
-		data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-		if (!level_add_node(curr, data, node, tree))
-			{
-			policy_data_free(data);
-			return 0;
-			}
-
-#endif
-
-		}
-	/* Finally add link to anyPolicy */
-	if (last->anyPolicy)
-		{
-		if (!level_add_node(curr, cache->anyPolicy,
-						last->anyPolicy, NULL))
-			return 0;
-		}
-	return 1;
-	}
-
-/* Prune the tree: delete any child mapped child data on the current level
- * then proceed up the tree deleting any data with no children. If we ever
- * have no data on a level we can halt because the tree will be empty.
- */
-
-static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
-	{
-	STACK_OF(X509_POLICY_NODE) *nodes;
-	X509_POLICY_NODE *node;
-	int i;
-	nodes = curr->nodes;
-	if (curr->flags & X509_V_FLAG_INHIBIT_MAP)
-		{
-		for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--)
-			{
-			node = sk_X509_POLICY_NODE_value(nodes, i);
-			/* Delete any mapped data: see RFC3280 XXXX */
-			if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK)
-				{
-				node->parent->nchild--;
-				OPENSSL_free(node);
-				(void)sk_X509_POLICY_NODE_delete(nodes,i);
-				}
-			}
-		}
-
-	for(;;)	{
-		--curr;
-		nodes = curr->nodes;
-		for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--)
-			{
-			node = sk_X509_POLICY_NODE_value(nodes, i);
-			if (node->nchild == 0)
-				{
-				node->parent->nchild--;
-				OPENSSL_free(node);
-				(void)sk_X509_POLICY_NODE_delete(nodes, i);
-				}
-			}
-		if (curr->anyPolicy && !curr->anyPolicy->nchild)
-			{
-			if (curr->anyPolicy->parent)
-				curr->anyPolicy->parent->nchild--;
-			OPENSSL_free(curr->anyPolicy);
-			curr->anyPolicy = NULL;
-			}
-		if (curr == tree->levels)
-			{
-			/* If we zapped anyPolicy at top then tree is empty */
-			if (!curr->anyPolicy)
-					return 2;
-			return 1;
-			}
-		}
-
-	return 1;
-
-	}
-
-static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
-						 X509_POLICY_NODE *pcy)
-	{
-	if (!*pnodes)
-		{
-		*pnodes = policy_node_cmp_new();
-		if (!*pnodes)
-			return 0;
-		}
-	else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1)
-		return 1;
-
-	if (!sk_X509_POLICY_NODE_push(*pnodes, pcy))
-		return 0;
-
-	return 1;
-
-	}
-
-/* Calculate the authority set based on policy tree.
- * The 'pnodes' parameter is used as a store for the set of policy nodes
- * used to calculate the user set. If the authority set is not anyPolicy
- * then pnodes will just point to the authority set. If however the authority
- * set is anyPolicy then the set of valid policies (other than anyPolicy)
- * is store in pnodes. The return value of '2' is used in this case to indicate
- * that pnodes should be freed.
- */
-
-static int tree_calculate_authority_set(X509_POLICY_TREE *tree,
-					STACK_OF(X509_POLICY_NODE) **pnodes)
-	{
-	X509_POLICY_LEVEL *curr;
-	X509_POLICY_NODE *node, *anyptr;
-	STACK_OF(X509_POLICY_NODE) **addnodes;
-	int i, j;
-	curr = tree->levels + tree->nlevel - 1;
-
-	/* If last level contains anyPolicy set is anyPolicy */
-	if (curr->anyPolicy)
-		{
-		if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy))
-			return 0;
-		addnodes = pnodes;
-		}
-	else
-		/* Add policies to authority set */
-		addnodes = &tree->auth_policies;
-
-	curr = tree->levels;
-	for (i = 1; i < tree->nlevel; i++)
-		{
-		/* If no anyPolicy node on this this level it can't
-		 * appear on lower levels so end search.
-		 */
-		if (!(anyptr = curr->anyPolicy))
-			break;
-		curr++;
-		for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++)
-			{
-			node = sk_X509_POLICY_NODE_value(curr->nodes, j);
-			if ((node->parent == anyptr)
-				&& !tree_add_auth_node(addnodes, node))
-					return 0;
-			}
-		}
-
-	if (addnodes == pnodes)
-		return 2;
-
-	*pnodes = tree->auth_policies;
-
-	return 1;
-	}
-
-static int tree_calculate_user_set(X509_POLICY_TREE *tree,
-				STACK_OF(ASN1_OBJECT) *policy_oids,
-				STACK_OF(X509_POLICY_NODE) *auth_nodes)
-	{
-	int i;
-	X509_POLICY_NODE *node;
-	ASN1_OBJECT *oid;
-
-	X509_POLICY_NODE *anyPolicy;
-	X509_POLICY_DATA *extra;
-
-	/* Check if anyPolicy present in authority constrained policy set:
-	 * this will happen if it is a leaf node.
-	 */
-
-	if (sk_ASN1_OBJECT_num(policy_oids) <= 0)
-		return 1;
-
-	anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy;
-
-	for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++)
-		{
-		oid = sk_ASN1_OBJECT_value(policy_oids, i);
-		if (OBJ_obj2nid(oid) == NID_any_policy)
-			{
-			tree->flags |= POLICY_FLAG_ANY_POLICY;
-			return 1;
-			}
-		}
-
-	for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++)
-		{
-		oid = sk_ASN1_OBJECT_value(policy_oids, i);
-		node = tree_find_sk(auth_nodes, oid);
-		if (!node)
-			{
-			if (!anyPolicy)
-				continue;
-			/* Create a new node with policy ID from user set
-			 * and qualifiers from anyPolicy.
-			 */
-			extra = policy_data_new(NULL, oid,
-						node_critical(anyPolicy));
-			if (!extra)
-				return 0;
-			extra->qualifier_set = anyPolicy->data->qualifier_set;
-			extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
-						| POLICY_DATA_FLAG_EXTRA_NODE;
-			node = level_add_node(NULL, extra, anyPolicy->parent,
-						tree);
-			}
-		if (!tree->user_policies)
-			{
-			tree->user_policies = sk_X509_POLICY_NODE_new_null();
-			if (!tree->user_policies)
-				return 1;
-			}
-		if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
-			return 0;
-		}
-	return 1;
-
-	}
-
-static int tree_evaluate(X509_POLICY_TREE *tree)
-	{
-	int ret, i;
-	X509_POLICY_LEVEL *curr = tree->levels + 1;
-	const X509_POLICY_CACHE *cache;
-
-	for(i = 1; i < tree->nlevel; i++, curr++)
-		{
-		cache = policy_cache_set(curr->cert);
-		if (!tree_link_nodes(curr, cache))
-			return 0;
-
-		if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
-			&& !tree_link_any(curr, cache, tree))
-			return 0;
-	tree_print("before tree_prune()", tree, curr);
-		ret = tree_prune(tree, curr);
-		if (ret != 1)
-			return ret;
-		}
-
-	return 1;
-
-	}
-
-static void exnode_free(X509_POLICY_NODE *node)
-	{
-	if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE))
-		OPENSSL_free(node);
-	}
-
-
-void X509_policy_tree_free(X509_POLICY_TREE *tree)
-	{
-	X509_POLICY_LEVEL *curr;
-	int i;
-
-	if (!tree)
-		return;
-
-	sk_X509_POLICY_NODE_free(tree->auth_policies);
-	sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
-
-	for(i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++)
-		{
-		if (curr->cert)
-			X509_free(curr->cert);
-		if (curr->nodes)
-			sk_X509_POLICY_NODE_pop_free(curr->nodes,
-						policy_node_free);
-		if (curr->anyPolicy)
-			policy_node_free(curr->anyPolicy);
-		}
-
-	if (tree->extra_data)
-		sk_X509_POLICY_DATA_pop_free(tree->extra_data,
-						policy_data_free);
-
-	OPENSSL_free(tree->levels);
-	OPENSSL_free(tree);
-
-	}
-
-/* Application policy checking function.
- * Return codes:
- *  0 	Internal Error.
- *  1   Successful.
- * -1   One or more certificates contain invalid or inconsistent extensions
- * -2	User constrained policy set empty and requireExplicit true.
- */
-
-int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
-			STACK_OF(X509) *certs,
-			STACK_OF(ASN1_OBJECT) *policy_oids,
-			unsigned int flags)
-	{
-	int ret;
-	X509_POLICY_TREE *tree = NULL;
-	STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
-	*ptree = NULL;
-
-	*pexplicit_policy = 0;
-	ret = tree_init(&tree, certs, flags);
-
-	switch (ret)
-		{
-
-		/* Tree empty requireExplicit False: OK */
-		case 2:
-		return 1;
-
-		/* Some internal error */
-		case -1:
-		return -1;
-
-		/* Some internal error */
-		case 0:
-		return 0;
-
-		/* Tree empty requireExplicit True: Error */
-
-		case 6:
-		*pexplicit_policy = 1;
-		return -2;
-
-		/* Tree OK requireExplicit True: OK and continue */
-		case 5:
-		*pexplicit_policy = 1;
-		break;
-
-		/* Tree OK: continue */
-
-		case 1:
-		if (!tree)
-			/*
-			 * tree_init() returns success and a null tree
-			 * if it's just looking at a trust anchor.
-			 * I'm not sure that returning success here is
-			 * correct, but I'm sure that reporting this
-			 * as an internal error which our caller
-			 * interprets as a malloc failure is wrong.
-			 */
-			return 1;
-		break;
-		}
-
-	if (!tree) goto error;
-	ret = tree_evaluate(tree);
-
-	tree_print("tree_evaluate()", tree, NULL);
-
-	if (ret <= 0)
-		goto error;
-
-	/* Return value 2 means tree empty */
-	if (ret == 2)
-		{
-		X509_policy_tree_free(tree);
-		if (*pexplicit_policy)
-			return -2;
-		else
-			return 1;
-		}
-
-	/* Tree is not empty: continue */
-
-	ret = tree_calculate_authority_set(tree, &auth_nodes);
-
-	if (!ret)
-		goto error;
-
-	if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
-		goto error;
-	
-	if (ret == 2)
-		sk_X509_POLICY_NODE_free(auth_nodes);
-
-	if (tree)
-		*ptree = tree;
-
-	if (*pexplicit_policy)
-		{
-		nodes = X509_policy_tree_get0_user_policies(tree);
-		if (sk_X509_POLICY_NODE_num(nodes) <= 0)
-			return -2;
-		}
-
-	return 1;
-
-	error:
-
-	X509_policy_tree_free(tree);
-
-	return 0;
-
-	}
-
diff --git a/crypto/x509v3/tabtest.c b/crypto/x509v3/tabtest.c
deleted file mode 100644
index 5ed6eb6891..0000000000
--- a/crypto/x509v3/tabtest.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* tabtest.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Simple program to check the ext_dat.h is correct and print out
- * problems if it is not.
- */
-
-#include <stdio.h>
-
-#include <openssl/x509v3.h>
-
-#include "ext_dat.h"
-
-main()
-{
-	int i, prev = -1, bad = 0;
-	X509V3_EXT_METHOD **tmp;
-	i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *);
-	if(i != STANDARD_EXTENSION_COUNT)
-		fprintf(stderr, "Extension number invalid expecting %d\n", i);
-	tmp = standard_exts;
-	for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) {
-		if((*tmp)->ext_nid < prev) bad = 1;
-		prev = (*tmp)->ext_nid;
-		
-	}
-	if(bad) {
-		tmp = standard_exts;
-		fprintf(stderr, "Extensions out of order!\n");
-		for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
-		printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
-	} else fprintf(stderr, "Order OK\n");
-}
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
deleted file mode 100644
index df46a4983b..0000000000
--- a/crypto/x509v3/v3_addr.c
+++ /dev/null
@@ -1,1338 +0,0 @@
-/*
- * Contributed to the OpenSSL Project by the American Registry for
- * Internet Numbers ("ARIN").
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- */
-
-/*
- * Implementation of RFC 3779 section 2.2.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/buffer.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_NO_RFC3779
-
-/*
- * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
- */
-
-ASN1_SEQUENCE(IPAddressRange) = {
-  ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
-  ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(IPAddressRange)
-
-ASN1_CHOICE(IPAddressOrRange) = {
-  ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
-  ASN1_SIMPLE(IPAddressOrRange, u.addressRange,  IPAddressRange)
-} ASN1_CHOICE_END(IPAddressOrRange)
-
-ASN1_CHOICE(IPAddressChoice) = {
-  ASN1_SIMPLE(IPAddressChoice,      u.inherit,           ASN1_NULL),
-  ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
-} ASN1_CHOICE_END(IPAddressChoice)
-
-ASN1_SEQUENCE(IPAddressFamily) = {
-  ASN1_SIMPLE(IPAddressFamily, addressFamily,   ASN1_OCTET_STRING),
-  ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
-} ASN1_SEQUENCE_END(IPAddressFamily)
-
-ASN1_ITEM_TEMPLATE(IPAddrBlocks) = 
-  ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
-			IPAddrBlocks, IPAddressFamily)
-ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
-
-IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
-IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
-IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)
-IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
-
-/*
- * How much buffer space do we need for a raw address?
- */
-#define ADDR_RAW_BUF_LEN	16
-
-/*
- * What's the address length associated with this AFI?
- */
-static int length_from_afi(const unsigned afi)
-{
-  switch (afi) {
-  case IANA_AFI_IPV4:
-    return 4;
-  case IANA_AFI_IPV6:
-    return 16;
-  default:
-    return 0;
-  }
-}
-
-/*
- * Extract the AFI from an IPAddressFamily.
- */
-unsigned int v3_addr_get_afi(const IPAddressFamily *f)
-{
-  return ((f != NULL &&
-	   f->addressFamily != NULL &&
-	   f->addressFamily->data != NULL)
-	  ? ((f->addressFamily->data[0] << 8) |
-	     (f->addressFamily->data[1]))
-	  : 0);
-}
-
-/*
- * Expand the bitstring form of an address into a raw byte array.
- * At the moment this is coded for simplicity, not speed.
- */
-static int addr_expand(unsigned char *addr,
-			const ASN1_BIT_STRING *bs,
-			const int length,
-			const unsigned char fill)
-{
-  if (bs->length < 0 || bs->length > length)
-    return 0;
-  if (bs->length > 0) {
-    memcpy(addr, bs->data, bs->length);
-    if ((bs->flags & 7) != 0) {
-      unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
-      if (fill == 0)
-	addr[bs->length - 1] &= ~mask;
-      else
-	addr[bs->length - 1] |= mask;
-    }
-  }
-  memset(addr + bs->length, fill, length - bs->length);
-  return 1;
-}
-
-/*
- * Extract the prefix length from a bitstring.
- */
-#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
-
-/*
- * i2r handler for one address bitstring.
- */
-static int i2r_address(BIO *out,
-		       const unsigned afi,
-		       const unsigned char fill,
-		       const ASN1_BIT_STRING *bs)
-{
-  unsigned char addr[ADDR_RAW_BUF_LEN];
-  int i, n;
-
-  if (bs->length < 0)
-    return 0;
-  switch (afi) {
-  case IANA_AFI_IPV4:
-    if (!addr_expand(addr, bs, 4, fill))
-      return 0;
-    BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
-    break;
-  case IANA_AFI_IPV6:
-    if (!addr_expand(addr, bs, 16, fill))
-      return 0;
-    for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
-      ;
-    for (i = 0; i < n; i += 2)
-      BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : ""));
-    if (i < 16)
-      BIO_puts(out, ":");
-    if (i == 0)
-      BIO_puts(out, ":");
-    break;
-  default:
-    for (i = 0; i < bs->length; i++)
-      BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
-    BIO_printf(out, "[%d]", (int) (bs->flags & 7));
-    break;
-  }
-  return 1;
-}
-
-/*
- * i2r handler for a sequence of addresses and ranges.
- */
-static int i2r_IPAddressOrRanges(BIO *out,
-				 const int indent,
-				 const IPAddressOrRanges *aors,
-				 const unsigned afi)
-{
-  int i;
-  for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
-    const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
-    BIO_printf(out, "%*s", indent, "");
-    switch (aor->type) {
-    case IPAddressOrRange_addressPrefix:
-      if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
-	return 0;
-      BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
-      continue;
-    case IPAddressOrRange_addressRange:
-      if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
-	return 0;
-      BIO_puts(out, "-");
-      if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
-	return 0;
-      BIO_puts(out, "\n");
-      continue;
-    }
-  }
-  return 1;
-}
-
-/*
- * i2r handler for an IPAddrBlocks extension.
- */
-static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
-			    void *ext,
-			    BIO *out,
-			    int indent)
-{
-  const IPAddrBlocks *addr = ext;
-  int i;
-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-    const unsigned int afi = v3_addr_get_afi(f);
-    switch (afi) {
-    case IANA_AFI_IPV4:
-      BIO_printf(out, "%*sIPv4", indent, "");
-      break;
-    case IANA_AFI_IPV6:
-      BIO_printf(out, "%*sIPv6", indent, "");
-      break;
-    default:
-      BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
-      break;
-    }
-    if (f->addressFamily->length > 2) {
-      switch (f->addressFamily->data[2]) {
-      case   1:
-	BIO_puts(out, " (Unicast)");
-	break;
-      case   2:
-	BIO_puts(out, " (Multicast)");
-	break;
-      case   3:
-	BIO_puts(out, " (Unicast/Multicast)");
-	break;
-      case   4:
-	BIO_puts(out, " (MPLS)");
-	break;
-      case  64:
-	BIO_puts(out, " (Tunnel)");
-	break;
-      case  65:
-	BIO_puts(out, " (VPLS)");
-	break;
-      case  66:
-	BIO_puts(out, " (BGP MDT)");
-	break;
-      case 128:
-	BIO_puts(out, " (MPLS-labeled VPN)");
-	break;
-      default:  
-	BIO_printf(out, " (Unknown SAFI %u)",
-		   (unsigned) f->addressFamily->data[2]);
-	break;
-      }
-    }
-    switch (f->ipAddressChoice->type) {
-    case IPAddressChoice_inherit:
-      BIO_puts(out, ": inherit\n");
-      break;
-    case IPAddressChoice_addressesOrRanges:
-      BIO_puts(out, ":\n");
-      if (!i2r_IPAddressOrRanges(out,
-				 indent + 2,
-				 f->ipAddressChoice->u.addressesOrRanges,
-				 afi))
-	return 0;
-      break;
-    }
-  }
-  return 1;
-}
-
-/*
- * Sort comparison function for a sequence of IPAddressOrRange
- * elements.
- *
- * There's no sane answer we can give if addr_expand() fails, and an
- * assertion failure on externally supplied data is seriously uncool,
- * so we just arbitrarily declare that if given invalid inputs this
- * function returns -1.  If this messes up your preferred sort order
- * for garbage input, tough noogies.
- */
-static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
-				const IPAddressOrRange *b,
-				const int length)
-{
-  unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
-  int prefixlen_a = 0, prefixlen_b = 0;
-  int r;
-
-  switch (a->type) {
-  case IPAddressOrRange_addressPrefix:
-    if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
-      return -1;
-    prefixlen_a = addr_prefixlen(a->u.addressPrefix);
-    break;
-  case IPAddressOrRange_addressRange:
-    if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
-      return -1;
-    prefixlen_a = length * 8;
-    break;
-  }
-
-  switch (b->type) {
-  case IPAddressOrRange_addressPrefix:
-    if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
-      return -1;
-    prefixlen_b = addr_prefixlen(b->u.addressPrefix);
-    break;
-  case IPAddressOrRange_addressRange:
-    if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
-      return -1;
-    prefixlen_b = length * 8;
-    break;
-  }
-
-  if ((r = memcmp(addr_a, addr_b, length)) != 0)
-    return r;
-  else
-    return prefixlen_a - prefixlen_b;
-}
-
-/*
- * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
- * comparision routines are only allowed two arguments.
- */
-static int v4IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
-				  const IPAddressOrRange * const *b)
-{
-  return IPAddressOrRange_cmp(*a, *b, 4);
-}
-
-/*
- * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
- * comparision routines are only allowed two arguments.
- */
-static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
-				  const IPAddressOrRange * const *b)
-{
-  return IPAddressOrRange_cmp(*a, *b, 16);
-}
-
-/*
- * Calculate whether a range collapses to a prefix.
- * See last paragraph of RFC 3779 2.2.3.7.
- */
-static int range_should_be_prefix(const unsigned char *min,
-				  const unsigned char *max,
-				  const int length)
-{
-  unsigned char mask;
-  int i, j;
-
-  OPENSSL_assert(memcmp(min, max, length) <= 0);
-  for (i = 0; i < length && min[i] == max[i]; i++)
-    ;
-  for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)
-    ;
-  if (i < j)
-    return -1;
-  if (i > j)
-    return i * 8;
-  mask = min[i] ^ max[i];
-  switch (mask) {
-  case 0x01: j = 7; break;
-  case 0x03: j = 6; break;
-  case 0x07: j = 5; break;
-  case 0x0F: j = 4; break;
-  case 0x1F: j = 3; break;
-  case 0x3F: j = 2; break;
-  case 0x7F: j = 1; break;
-  default:   return -1;
-  }
-  if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
-    return -1;
-  else
-    return i * 8 + j;
-}
-
-/*
- * Construct a prefix.
- */
-static int make_addressPrefix(IPAddressOrRange **result,
-			      unsigned char *addr,
-			      const int prefixlen)
-{
-  int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
-  IPAddressOrRange *aor = IPAddressOrRange_new();
-
-  if (aor == NULL)
-    return 0;
-  aor->type = IPAddressOrRange_addressPrefix;
-  if (aor->u.addressPrefix == NULL &&
-      (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
-    goto err;
-  if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
-    goto err;
-  aor->u.addressPrefix->flags &= ~7;
-  aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-  if (bitlen > 0) {
-    aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
-    aor->u.addressPrefix->flags |= 8 - bitlen;
-  }
-  
-  *result = aor;
-  return 1;
-
- err:
-  IPAddressOrRange_free(aor);
-  return 0;
-}
-
-/*
- * Construct a range.  If it can be expressed as a prefix,
- * return a prefix instead.  Doing this here simplifies
- * the rest of the code considerably.
- */
-static int make_addressRange(IPAddressOrRange **result,
-			     unsigned char *min,
-			     unsigned char *max,
-			     const int length)
-{
-  IPAddressOrRange *aor;
-  int i, prefixlen;
-
-  if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
-    return make_addressPrefix(result, min, prefixlen);
-
-  if ((aor = IPAddressOrRange_new()) == NULL)
-    return 0;
-  aor->type = IPAddressOrRange_addressRange;
-  OPENSSL_assert(aor->u.addressRange == NULL);
-  if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
-    goto err;
-  if (aor->u.addressRange->min == NULL &&
-      (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
-    goto err;
-  if (aor->u.addressRange->max == NULL &&
-      (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
-    goto err;
-
-  for (i = length; i > 0 && min[i - 1] == 0x00; --i)
-    ;
-  if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
-    goto err;
-  aor->u.addressRange->min->flags &= ~7;
-  aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-  if (i > 0) {
-    unsigned char b = min[i - 1];
-    int j = 1;
-    while ((b & (0xFFU >> j)) != 0) 
-      ++j;
-    aor->u.addressRange->min->flags |= 8 - j;
-  }
-
-  for (i = length; i > 0 && max[i - 1] == 0xFF; --i)
-    ;
-  if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
-    goto err;
-  aor->u.addressRange->max->flags &= ~7;
-  aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-  if (i > 0) {
-    unsigned char b = max[i - 1];
-    int j = 1;
-    while ((b & (0xFFU >> j)) != (0xFFU >> j))
-      ++j;
-    aor->u.addressRange->max->flags |= 8 - j;
-  }
-
-  *result = aor;
-  return 1;
-
- err:
-  IPAddressOrRange_free(aor);
-  return 0;
-}
-
-/*
- * Construct a new address family or find an existing one.
- */
-static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
-					     const unsigned afi,
-					     const unsigned *safi)
-{
-  IPAddressFamily *f;
-  unsigned char key[3];
-  unsigned keylen;
-  int i;
-
-  key[0] = (afi >> 8) & 0xFF;
-  key[1] = afi & 0xFF;
-  if (safi != NULL) {
-    key[2] = *safi & 0xFF;
-    keylen = 3;
-  } else {
-    keylen = 2;
-  }
-
-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-    f = sk_IPAddressFamily_value(addr, i);
-    OPENSSL_assert(f->addressFamily->data != NULL);
-    if (f->addressFamily->length == keylen &&
-	!memcmp(f->addressFamily->data, key, keylen))
-      return f;
-  }
-
-  if ((f = IPAddressFamily_new()) == NULL)
-    goto err;
-  if (f->ipAddressChoice == NULL &&
-      (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
-    goto err;
-  if (f->addressFamily == NULL && 
-      (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
-    goto err;
-  if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
-    goto err;
-  if (!sk_IPAddressFamily_push(addr, f))
-    goto err;
-
-  return f;
-
- err:
-  IPAddressFamily_free(f);
-  return NULL;
-}
-
-/*
- * Add an inheritance element.
- */
-int v3_addr_add_inherit(IPAddrBlocks *addr,
-			const unsigned afi,
-			const unsigned *safi)
-{
-  IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
-  if (f == NULL ||
-      f->ipAddressChoice == NULL ||
-      (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
-       f->ipAddressChoice->u.addressesOrRanges != NULL))
-    return 0;
-  if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
-      f->ipAddressChoice->u.inherit != NULL)
-    return 1;
-  if (f->ipAddressChoice->u.inherit == NULL &&
-      (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
-    return 0;
-  f->ipAddressChoice->type = IPAddressChoice_inherit;
-  return 1;
-}
-
-/*
- * Construct an IPAddressOrRange sequence, or return an existing one.
- */
-static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
-					       const unsigned afi,
-					       const unsigned *safi)
-{
-  IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
-  IPAddressOrRanges *aors = NULL;
-
-  if (f == NULL ||
-      f->ipAddressChoice == NULL ||
-      (f->ipAddressChoice->type == IPAddressChoice_inherit &&
-       f->ipAddressChoice->u.inherit != NULL))
-    return NULL;
-  if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
-    aors = f->ipAddressChoice->u.addressesOrRanges;
-  if (aors != NULL)
-    return aors;
-  if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
-    return NULL;
-  switch (afi) {
-  case IANA_AFI_IPV4:
-    (void) sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
-    break;
-  case IANA_AFI_IPV6:
-    (void) sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
-    break;
-  }
-  f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
-  f->ipAddressChoice->u.addressesOrRanges = aors;
-  return aors;
-}
-
-/*
- * Add a prefix.
- */
-int v3_addr_add_prefix(IPAddrBlocks *addr,
-		       const unsigned afi,
-		       const unsigned *safi,
-		       unsigned char *a,
-		       const int prefixlen)
-{
-  IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
-  IPAddressOrRange *aor;
-  if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
-    return 0;
-  if (sk_IPAddressOrRange_push(aors, aor))
-    return 1;
-  IPAddressOrRange_free(aor);
-  return 0;
-}
-
-/*
- * Add a range.
- */
-int v3_addr_add_range(IPAddrBlocks *addr,
-		      const unsigned afi,
-		      const unsigned *safi,
-		      unsigned char *min,
-		      unsigned char *max)
-{
-  IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
-  IPAddressOrRange *aor;
-  int length = length_from_afi(afi);
-  if (aors == NULL)
-    return 0;
-  if (!make_addressRange(&aor, min, max, length))
-    return 0;
-  if (sk_IPAddressOrRange_push(aors, aor))
-    return 1;
-  IPAddressOrRange_free(aor);
-  return 0;
-}
-
-/*
- * Extract min and max values from an IPAddressOrRange.
- */
-static int extract_min_max(IPAddressOrRange *aor,
-			    unsigned char *min,
-			    unsigned char *max,
-			    int length)
-{
-  if (aor == NULL || min == NULL || max == NULL)
-    return 0;
-  switch (aor->type) {
-  case IPAddressOrRange_addressPrefix:
-    return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
-	    addr_expand(max, aor->u.addressPrefix, length, 0xFF));
-  case IPAddressOrRange_addressRange:
-    return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
-	    addr_expand(max, aor->u.addressRange->max, length, 0xFF));
-  }
-  return 0;
-}
-
-/*
- * Public wrapper for extract_min_max().
- */
-int v3_addr_get_range(IPAddressOrRange *aor,
-		      const unsigned afi,
-		      unsigned char *min,
-		      unsigned char *max,
-		      const int length)
-{
-  int afi_length = length_from_afi(afi);
-  if (aor == NULL || min == NULL || max == NULL ||
-      afi_length == 0 || length < afi_length ||
-      (aor->type != IPAddressOrRange_addressPrefix &&
-       aor->type != IPAddressOrRange_addressRange) ||
-      !extract_min_max(aor, min, max, afi_length))
-    return 0;
-
-  return afi_length;
-}
-
-/*
- * Sort comparision function for a sequence of IPAddressFamily.
- *
- * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
- * the ordering: I can read it as meaning that IPv6 without a SAFI
- * comes before IPv4 with a SAFI, which seems pretty weird.  The
- * examples in appendix B suggest that the author intended the
- * null-SAFI rule to apply only within a single AFI, which is what I
- * would have expected and is what the following code implements.
- */
-static int IPAddressFamily_cmp(const IPAddressFamily * const *a_,
-			       const IPAddressFamily * const *b_)
-{
-  const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
-  const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
-  int len = ((a->length <= b->length) ? a->length : b->length);
-  int cmp = memcmp(a->data, b->data, len);
-  return cmp ? cmp : a->length - b->length;
-}
-
-/*
- * Check whether an IPAddrBLocks is in canonical form.
- */
-int v3_addr_is_canonical(IPAddrBlocks *addr)
-{
-  unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
-  unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
-  IPAddressOrRanges *aors;
-  int i, j, k;
-
-  /*
-   * Empty extension is cannonical.
-   */
-  if (addr == NULL)
-    return 1;
-
-  /*
-   * Check whether the top-level list is in order.
-   */
-  for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
-    const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
-    const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
-    if (IPAddressFamily_cmp(&a, &b) >= 0)
-      return 0;
-  }
-
-  /*
-   * Top level's ok, now check each address family.
-   */
-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-    int length = length_from_afi(v3_addr_get_afi(f));
-
-    /*
-     * Inheritance is canonical.  Anything other than inheritance or
-     * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
-     */
-    if (f == NULL || f->ipAddressChoice == NULL)
-      return 0;
-    switch (f->ipAddressChoice->type) {
-    case IPAddressChoice_inherit:
-      continue;
-    case IPAddressChoice_addressesOrRanges:
-      break;
-    default:
-      return 0;
-    }
-
-    /*
-     * It's an IPAddressOrRanges sequence, check it.
-     */
-    aors = f->ipAddressChoice->u.addressesOrRanges;
-    if (sk_IPAddressOrRange_num(aors) == 0)
-      return 0;
-    for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
-      IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
-      IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
-
-      if (!extract_min_max(a, a_min, a_max, length) ||
-	  !extract_min_max(b, b_min, b_max, length))
-	return 0;
-
-      /*
-       * Punt misordered list, overlapping start, or inverted range.
-       */
-      if (memcmp(a_min, b_min, length) >= 0 ||
-	  memcmp(a_min, a_max, length) > 0 ||
-	  memcmp(b_min, b_max, length) > 0)
-	return 0;
-
-      /*
-       * Punt if adjacent or overlapping.  Check for adjacency by
-       * subtracting one from b_min first.
-       */
-      for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--)
-	;
-      if (memcmp(a_max, b_min, length) >= 0)
-	return 0;
-
-      /*
-       * Check for range that should be expressed as a prefix.
-       */
-      if (a->type == IPAddressOrRange_addressRange &&
-	  range_should_be_prefix(a_min, a_max, length) >= 0)
-	return 0;
-    }
-
-    /*
-     * Check range to see if it's inverted or should be a
-     * prefix.
-     */
-    j = sk_IPAddressOrRange_num(aors) - 1;
-    {
-      IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
-      if (a != NULL && a->type == IPAddressOrRange_addressRange) {
-	if (!extract_min_max(a, a_min, a_max, length))
-	  return 0;
-	if (memcmp(a_min, a_max, length) > 0 ||
-	    range_should_be_prefix(a_min, a_max, length) >= 0)
-	  return 0;
-      }
-    }
-  }
-
-  /*
-   * If we made it through all that, we're happy.
-   */
-  return 1;
-}
-
-/*
- * Whack an IPAddressOrRanges into canonical form.
- */
-static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
-				      const unsigned afi)
-{
-  int i, j, length = length_from_afi(afi);
-
-  /*
-   * Sort the IPAddressOrRanges sequence.
-   */
-  sk_IPAddressOrRange_sort(aors);
-
-  /*
-   * Clean up representation issues, punt on duplicates or overlaps.
-   */
-  for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
-    IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
-    IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
-    unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
-    unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
-
-    if (!extract_min_max(a, a_min, a_max, length) ||
-	!extract_min_max(b, b_min, b_max, length))
-      return 0;
-
-    /*
-     * Punt inverted ranges.
-     */
-    if (memcmp(a_min, a_max, length) > 0 ||
-	memcmp(b_min, b_max, length) > 0)
-      return 0;
-
-    /*
-     * Punt overlaps.
-     */
-    if (memcmp(a_max, b_min, length) >= 0)
-      return 0;
-
-    /*
-     * Merge if a and b are adjacent.  We check for
-     * adjacency by subtracting one from b_min first.
-     */
-    for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--)
-      ;
-    if (memcmp(a_max, b_min, length) == 0) {
-      IPAddressOrRange *merged;
-      if (!make_addressRange(&merged, a_min, b_max, length))
-	return 0;
-      (void) sk_IPAddressOrRange_set(aors, i, merged);
-      (void) sk_IPAddressOrRange_delete(aors, i + 1);
-      IPAddressOrRange_free(a);
-      IPAddressOrRange_free(b);
-      --i;
-      continue;
-    }
-  }
-
-  /*
-   * Check for inverted final range.
-   */
-  j = sk_IPAddressOrRange_num(aors) - 1;
-  {
-    IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
-    if (a != NULL && a->type == IPAddressOrRange_addressRange) {
-      unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
-      extract_min_max(a, a_min, a_max, length);
-      if (memcmp(a_min, a_max, length) > 0)
-	return 0;
-    }
-  }
-
-  return 1;
-}
-
-/*
- * Whack an IPAddrBlocks extension into canonical form.
- */
-int v3_addr_canonize(IPAddrBlocks *addr)
-{
-  int i;
-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-    if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
-	!IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges,
-				    v3_addr_get_afi(f)))
-      return 0;
-  }
-  (void) sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
-  sk_IPAddressFamily_sort(addr);
-  OPENSSL_assert(v3_addr_is_canonical(addr));
-  return 1;
-}
-
-/*
- * v2i handler for the IPAddrBlocks extension.
- */
-static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
-			      struct v3_ext_ctx *ctx,
-			      STACK_OF(CONF_VALUE) *values)
-{
-  static const char v4addr_chars[] = "0123456789.";
-  static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
-  IPAddrBlocks *addr = NULL;
-  char *s = NULL, *t;
-  int i;
-  
-  if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
-    X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-    return NULL;
-  }
-
-  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
-    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
-    unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
-    unsigned afi, *safi = NULL, safi_;
-    const char *addr_chars;
-    int prefixlen, i1, i2, delim, length;
-
-    if (       !name_cmp(val->name, "IPv4")) {
-      afi = IANA_AFI_IPV4;
-    } else if (!name_cmp(val->name, "IPv6")) {
-      afi = IANA_AFI_IPV6;
-    } else if (!name_cmp(val->name, "IPv4-SAFI")) {
-      afi = IANA_AFI_IPV4;
-      safi = &safi_;
-    } else if (!name_cmp(val->name, "IPv6-SAFI")) {
-      afi = IANA_AFI_IPV6;
-      safi = &safi_;
-    } else {
-      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_NAME_ERROR);
-      X509V3_conf_err(val);
-      goto err;
-    }
-
-    switch (afi) {
-    case IANA_AFI_IPV4:
-      addr_chars = v4addr_chars;
-      break;
-    case IANA_AFI_IPV6:
-      addr_chars = v6addr_chars;
-      break;
-    }
-
-    length = length_from_afi(afi);
-
-    /*
-     * Handle SAFI, if any, and BUF_strdup() so we can null-terminate
-     * the other input values.
-     */
-    if (safi != NULL) {
-      *safi = strtoul(val->value, &t, 0);
-      t += strspn(t, " \t");
-      if (*safi > 0xFF || *t++ != ':') {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      t += strspn(t, " \t");
-      s = BUF_strdup(t);
-    } else {
-      s = BUF_strdup(val->value);
-    }
-    if (s == NULL) {
-      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-      goto err;
-    }
-
-    /*
-     * Check for inheritance.  Not worth additional complexity to
-     * optimize this (seldom-used) case.
-     */
-    if (!strcmp(s, "inherit")) {
-      if (!v3_addr_add_inherit(addr, afi, safi)) {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      OPENSSL_free(s);
-      s = NULL;
-      continue;
-    }
-
-    i1 = strspn(s, addr_chars);
-    i2 = i1 + strspn(s + i1, " \t");
-    delim = s[i2++];
-    s[i1] = '\0';
-
-    if (a2i_ipadd(min, s) != length) {
-      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
-      X509V3_conf_err(val);
-      goto err;
-    }
-
-    switch (delim) {
-    case '/':
-      prefixlen = (int) strtoul(s + i2, &t, 10);
-      if (t == s + i2 || *t != '\0') {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-	goto err;
-      }
-      break;
-    case '-':
-      i1 = i2 + strspn(s + i2, " \t");
-      i2 = i1 + strspn(s + i1, addr_chars);
-      if (i1 == i2 || s[i2] != '\0') {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      if (a2i_ipadd(max, s + i1) != length) {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      if (memcmp(min, max, length_from_afi(afi)) > 0) {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      if (!v3_addr_add_range(addr, afi, safi, min, max)) {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-	goto err;
-      }
-      break;
-    case '\0':
-      if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-	goto err;
-      }
-      break;
-    default:
-      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
-      X509V3_conf_err(val);
-      goto err;
-    }
-
-    OPENSSL_free(s);
-    s = NULL;
-  }
-
-  /*
-   * Canonize the result, then we're done.
-   */
-  if (!v3_addr_canonize(addr))
-    goto err;    
-  return addr;
-
- err:
-  OPENSSL_free(s);
-  sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
-  return NULL;
-}
-
-/*
- * OpenSSL dispatch
- */
-const X509V3_EXT_METHOD v3_addr = {
-  NID_sbgp_ipAddrBlock,		/* nid */
-  0,				/* flags */
-  ASN1_ITEM_ref(IPAddrBlocks),	/* template */
-  0, 0, 0, 0,			/* old functions, ignored */
-  0,				/* i2s */
-  0,				/* s2i */
-  0,				/* i2v */
-  v2i_IPAddrBlocks,		/* v2i */
-  i2r_IPAddrBlocks,		/* i2r */
-  0,				/* r2i */
-  NULL				/* extension-specific data */
-};
-
-/*
- * Figure out whether extension sues inheritance.
- */
-int v3_addr_inherits(IPAddrBlocks *addr)
-{
-  int i;
-  if (addr == NULL)
-    return 0;
-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-    if (f->ipAddressChoice->type == IPAddressChoice_inherit)
-      return 1;
-  }
-  return 0;
-}
-
-/*
- * Figure out whether parent contains child.
- */
-static int addr_contains(IPAddressOrRanges *parent,
-			 IPAddressOrRanges *child,
-			 int length)
-{
-  unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
-  unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
-  int p, c;
-
-  if (child == NULL || parent == child)
-    return 1;
-  if (parent == NULL)
-    return 0;
-
-  p = 0;
-  for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
-    if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
-			 c_min, c_max, length))
-      return -1;
-    for (;; p++) {
-      if (p >= sk_IPAddressOrRange_num(parent))
-	return 0;
-      if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
-			   p_min, p_max, length))
-	return 0;
-      if (memcmp(p_max, c_max, length) < 0)
-	continue;
-      if (memcmp(p_min, c_min, length) > 0)
-	return 0;
-      break;
-    }
-  }
-
-  return 1;
-}
-
-/*
- * Test whether a is a subset of b.
- */
-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
-{
-  int i;
-  if (a == NULL || a == b)
-    return 1;
-  if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
-    return 0;
-  (void) sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
-  for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
-    IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
-    int j = sk_IPAddressFamily_find(b, fa);
-    IPAddressFamily *fb;
-    fb = sk_IPAddressFamily_value(b, j);
-    if (fb == NULL)
-       return 0;
-    if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, 
-		       fa->ipAddressChoice->u.addressesOrRanges,
-		       length_from_afi(v3_addr_get_afi(fb))))
-      return 0;
-  }
-  return 1;
-}
-
-/*
- * Validation error handling via callback.
- */
-#define validation_err(_err_)		\
-  do {					\
-    if (ctx != NULL) {			\
-      ctx->error = _err_;		\
-      ctx->error_depth = i;		\
-      ctx->current_cert = x;		\
-      ret = ctx->verify_cb(0, ctx);	\
-    } else {				\
-      ret = 0;				\
-    }					\
-    if (!ret)				\
-      goto done;			\
-  } while (0)
-
-/*
- * Core code for RFC 3779 2.3 path validation.
- */
-static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
-					  STACK_OF(X509) *chain,
-					  IPAddrBlocks *ext)
-{
-  IPAddrBlocks *child = NULL;
-  int i, j, ret = 1;
-  X509 *x;
-
-  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-  OPENSSL_assert(ctx != NULL || ext != NULL);
-  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
-
-  /*
-   * Figure out where to start.  If we don't have an extension to
-   * check, we're done.  Otherwise, check canonical form and
-   * set up for walking up the chain.
-   */
-  if (ext != NULL) {
-    i = -1;
-    x = NULL;
-  } else {
-    i = 0;
-    x = sk_X509_value(chain, i);
-    OPENSSL_assert(x != NULL);
-    if ((ext = x->rfc3779_addr) == NULL)
-      goto done;
-  }
-  if (!v3_addr_is_canonical(ext))
-    validation_err(X509_V_ERR_INVALID_EXTENSION);
-  (void) sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
-  if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
-    X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
-    ret = 0;
-    goto done;
-  }
-
-  /*
-   * Now walk up the chain.  No cert may list resources that its
-   * parent doesn't list.
-   */
-  for (i++; i < sk_X509_num(chain); i++) {
-    x = sk_X509_value(chain, i);
-    OPENSSL_assert(x != NULL);
-    if (!v3_addr_is_canonical(x->rfc3779_addr))
-      validation_err(X509_V_ERR_INVALID_EXTENSION);
-    if (x->rfc3779_addr == NULL) {
-      for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
-	IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
-	if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
-	  validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-	  break;
-	}
-      }
-      continue;
-    }
-    (void) sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
-    for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
-      IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
-      int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
-      IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k);
-      if (fp == NULL) {
-	if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
-	  validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-	  break;
-	}
-	continue;
-      }
-      if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
-	if (fc->ipAddressChoice->type == IPAddressChoice_inherit ||
-	    addr_contains(fp->ipAddressChoice->u.addressesOrRanges, 
-			  fc->ipAddressChoice->u.addressesOrRanges,
-			  length_from_afi(v3_addr_get_afi(fc))))
-	  sk_IPAddressFamily_set(child, j, fp);
-	else
-	  validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      }
-    }
-  }
-
-  /*
-   * Trust anchor can't inherit.
-   */
-  OPENSSL_assert(x != NULL);
-  if (x->rfc3779_addr != NULL) {
-    for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
-      IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j);
-      if (fp->ipAddressChoice->type == IPAddressChoice_inherit &&
-	  sk_IPAddressFamily_find(child, fp) >= 0)
-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-    }
-  }
-
- done:
-  sk_IPAddressFamily_free(child);
-  return ret;
-}
-
-#undef validation_err
-
-/*
- * RFC 3779 2.3 path validation -- called from X509_verify_cert().
- */
-int v3_addr_validate_path(X509_STORE_CTX *ctx)
-{
-  return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);
-}
-
-/*
- * RFC 3779 2.3 path validation of an extension.
- * Test whether chain covers extension.
- */
-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
-				  IPAddrBlocks *ext,
-				  int allow_inheritance)
-{
-  if (ext == NULL)
-    return 1;
-  if (chain == NULL || sk_X509_num(chain) == 0)
-    return 0;
-  if (!allow_inheritance && v3_addr_inherits(ext))
-    return 0;
-  return v3_addr_validate_path_internal(NULL, chain, ext);
-}
-
-#endif /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
deleted file mode 100644
index c6b68ee221..0000000000
--- a/crypto/x509v3/v3_akey.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/* v3_akey.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-			AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
-static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-
-const X509V3_EXT_METHOD v3_akey_id =
-	{
-	NID_authority_key_identifier,
-	X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
-	0,0,0,0,
-	0,0,
-	(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
-	(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
-	0,0,
-	NULL
-	};
-
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-	     AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
-{
-	char *tmp;
-	if(akeyid->keyid) {
-		tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
-		X509V3_add_value("keyid", tmp, &extlist);
-		OPENSSL_free(tmp);
-	}
-	if(akeyid->issuer) 
-		extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
-	if(akeyid->serial) {
-		tmp = hex_to_string(akeyid->serial->data,
-						 akeyid->serial->length);
-		X509V3_add_value("serial", tmp, &extlist);
-		OPENSSL_free(tmp);
-	}
-	return extlist;
-}
-
-/* Currently two options:
- * keyid: use the issuers subject keyid, the value 'always' means its is
- * an error if the issuer certificate doesn't have a key id.
- * issuer: use the issuers cert issuer and serial number. The default is
- * to only use this if keyid is not present. With the option 'always'
- * this is always included.
- */
-
-static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
-	{
-	char keyid=0, issuer=0;
-	int i;
-	CONF_VALUE *cnf;
-	ASN1_OCTET_STRING *ikeyid = NULL;
-	X509_NAME *isname = NULL;
-	GENERAL_NAMES * gens = NULL;
-	GENERAL_NAME *gen = NULL;
-	ASN1_INTEGER *serial = NULL;
-	X509_EXTENSION *ext;
-	X509 *cert;
-	AUTHORITY_KEYID *akeyid;
-
-	for(i = 0; i < sk_CONF_VALUE_num(values); i++)
-		{
-		cnf = sk_CONF_VALUE_value(values, i);
-		if(!strcmp(cnf->name, "keyid"))
-			{
-			keyid = 1;
-			if(cnf->value && !strcmp(cnf->value, "always"))
-				keyid = 2;
-			}
-		else if(!strcmp(cnf->name, "issuer"))
-			{
-			issuer = 1;
-			if(cnf->value && !strcmp(cnf->value, "always"))
-				issuer = 2;
-			}
-		else
-			{
-			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
-			ERR_add_error_data(2, "name=", cnf->name);
-			return NULL;
-			}
-		}
-
-	if(!ctx || !ctx->issuer_cert)
-		{
-		if(ctx && (ctx->flags==CTX_TEST))
-			return AUTHORITY_KEYID_new();
-		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
-		return NULL;
-		}
-
-	cert = ctx->issuer_cert;
-
-	if(keyid)
-		{
-		i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
-		if((i >= 0)  && (ext = X509_get_ext(cert, i)))
-			ikeyid = X509V3_EXT_d2i(ext);
-		if(keyid==2 && !ikeyid)
-			{
-			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
-			return NULL;
-			}
-		}
-
-	if((issuer && !ikeyid) || (issuer == 2))
-		{
-		isname = X509_NAME_dup(X509_get_issuer_name(cert));
-		serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
-		if(!isname || !serial)
-			{
-			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
-			goto err;
-			}
-		}
-
-	if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
-
-	if(isname)
-		{
-		if(!(gens = sk_GENERAL_NAME_new_null())
-			|| !(gen = GENERAL_NAME_new())
-			|| !sk_GENERAL_NAME_push(gens, gen))
-			{
-			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		gen->type = GEN_DIRNAME;
-		gen->d.dirn = isname;
-		}
-
-	akeyid->issuer = gens;
-	akeyid->serial = serial;
-	akeyid->keyid = ikeyid;
-
-	return akeyid;
-
- err:
-	X509_NAME_free(isname);
-	M_ASN1_INTEGER_free(serial);
-	M_ASN1_OCTET_STRING_free(ikeyid);
-	return NULL;
-	}
diff --git a/crypto/x509v3/v3_akeya.c b/crypto/x509v3/v3_akeya.c
deleted file mode 100644
index 2c50f7360e..0000000000
--- a/crypto/x509v3/v3_akeya.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/* v3_akey_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE(AUTHORITY_KEYID) = {
-	ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
-	ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
-	ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
-} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
-
-IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
deleted file mode 100644
index d29d94338e..0000000000
--- a/crypto/x509v3/v3_alt.c
+++ /dev/null
@@ -1,614 +0,0 @@
-/* v3_alt.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
-static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
-
-const X509V3_EXT_METHOD v3_alt[] = {
-{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
-(X509V3_EXT_V2I)v2i_subject_alt,
-NULL, NULL, NULL},
-
-{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
-(X509V3_EXT_V2I)v2i_issuer_alt,
-NULL, NULL, NULL},
-
-{ NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
-NULL, NULL, NULL, NULL},
-};
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-		GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
-{
-	int i;
-	GENERAL_NAME *gen;
-	for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-		gen = sk_GENERAL_NAME_value(gens, i);
-		ret = i2v_GENERAL_NAME(method, gen, ret);
-	}
-	if(!ret) return sk_CONF_VALUE_new_null();
-	return ret;
-}
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
-				GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
-{
-	unsigned char *p;
-	char oline[256], htmp[5];
-	int i;
-	switch (gen->type)
-	{
-		case GEN_OTHERNAME:
-		X509V3_add_value("othername","<unsupported>", &ret);
-		break;
-
-		case GEN_X400:
-		X509V3_add_value("X400Name","<unsupported>", &ret);
-		break;
-
-		case GEN_EDIPARTY:
-		X509V3_add_value("EdiPartyName","<unsupported>", &ret);
-		break;
-
-		case GEN_EMAIL:
-		X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
-		break;
-
-		case GEN_DNS:
-		X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
-		break;
-
-		case GEN_URI:
-		X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
-		break;
-
-		case GEN_DIRNAME:
-		X509_NAME_oneline(gen->d.dirn, oline, 256);
-		X509V3_add_value("DirName",oline, &ret);
-		break;
-
-		case GEN_IPADD:
-		p = gen->d.ip->data;
-		if(gen->d.ip->length == 4)
-			BIO_snprintf(oline, sizeof oline,
-				     "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
-		else if(gen->d.ip->length == 16)
-			{
-			oline[0] = 0;
-			for (i = 0; i < 8; i++)
-				{
-				BIO_snprintf(htmp, sizeof htmp,
-					     "%X", p[0] << 8 | p[1]);
-				p += 2;
-				strcat(oline, htmp);
-				if (i != 7)
-					strcat(oline, ":");
-				}
-			}
-		else
-			{
-			X509V3_add_value("IP Address","<invalid>", &ret);
-			break;
-			}
-		X509V3_add_value("IP Address",oline, &ret);
-		break;
-
-		case GEN_RID:
-		i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
-		X509V3_add_value("Registered ID",oline, &ret);
-		break;
-	}
-	return ret;
-}
-
-int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
-{
-	unsigned char *p;
-	int i;
-	switch (gen->type)
-	{
-		case GEN_OTHERNAME:
-		BIO_printf(out, "othername:<unsupported>");
-		break;
-
-		case GEN_X400:
-		BIO_printf(out, "X400Name:<unsupported>");
-		break;
-
-		case GEN_EDIPARTY:
-		/* Maybe fix this: it is supported now */
-		BIO_printf(out, "EdiPartyName:<unsupported>");
-		break;
-
-		case GEN_EMAIL:
-		BIO_printf(out, "email:%s",gen->d.ia5->data);
-		break;
-
-		case GEN_DNS:
-		BIO_printf(out, "DNS:%s",gen->d.ia5->data);
-		break;
-
-		case GEN_URI:
-		BIO_printf(out, "URI:%s",gen->d.ia5->data);
-		break;
-
-		case GEN_DIRNAME:
-		BIO_printf(out, "DirName: ");
-		X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
-		break;
-
-		case GEN_IPADD:
-		p = gen->d.ip->data;
-		if(gen->d.ip->length == 4)
-			BIO_printf(out, "IP Address:%d.%d.%d.%d",
-						p[0], p[1], p[2], p[3]);
-		else if(gen->d.ip->length == 16)
-			{
-			BIO_printf(out, "IP Address");
-			for (i = 0; i < 8; i++)
-				{
-				BIO_printf(out, ":%X", p[0] << 8 | p[1]);
-				p += 2;
-				}
-			BIO_puts(out, "\n");
-			}
-		else
-			{
-			BIO_printf(out,"IP Address:<invalid>");
-			break;
-			}
-		break;
-
-		case GEN_RID:
-		BIO_printf(out, "Registered ID");
-		i2a_ASN1_OBJECT(out, gen->d.rid);
-		break;
-	}
-	return 1;
-}
-
-static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-	GENERAL_NAMES *gens = NULL;
-	CONF_VALUE *cnf;
-	int i;
-	if(!(gens = sk_GENERAL_NAME_new_null())) {
-		X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if(!name_cmp(cnf->name, "issuer") && cnf->value &&
-						!strcmp(cnf->value, "copy")) {
-			if(!copy_issuer(ctx, gens)) goto err;
-		} else {
-			GENERAL_NAME *gen;
-			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
-								 goto err; 
-			sk_GENERAL_NAME_push(gens, gen);
-		}
-	}
-	return gens;
-	err:
-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-	return NULL;
-}
-
-/* Append subject altname of issuer to issuer alt name of subject */
-
-static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
-{
-	GENERAL_NAMES *ialt;
-	GENERAL_NAME *gen;
-	X509_EXTENSION *ext;
-	int i;
-	if(ctx && (ctx->flags == CTX_TEST)) return 1;
-	if(!ctx || !ctx->issuer_cert) {
-		X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
-		goto err;
-	}
-        i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
-	if(i < 0) return 1;
-        if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
-                        !(ialt = X509V3_EXT_d2i(ext)) ) {
-		X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
-		goto err;
-	}
-
-	for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
-		gen = sk_GENERAL_NAME_value(ialt, i);
-		if(!sk_GENERAL_NAME_push(gens, gen)) {
-			X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-	}
-	sk_GENERAL_NAME_free(ialt);
-
-	return 1;
-		
-	err:
-	return 0;
-	
-}
-
-static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-	GENERAL_NAMES *gens = NULL;
-	CONF_VALUE *cnf;
-	int i;
-	if(!(gens = sk_GENERAL_NAME_new_null())) {
-		X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if(!name_cmp(cnf->name, "email") && cnf->value &&
-						!strcmp(cnf->value, "copy")) {
-			if(!copy_email(ctx, gens, 0)) goto err;
-		} else if(!name_cmp(cnf->name, "email") && cnf->value &&
-						!strcmp(cnf->value, "move")) {
-			if(!copy_email(ctx, gens, 1)) goto err;
-		} else {
-			GENERAL_NAME *gen;
-			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
-								 goto err; 
-			sk_GENERAL_NAME_push(gens, gen);
-		}
-	}
-	return gens;
-	err:
-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-	return NULL;
-}
-
-/* Copy any email addresses in a certificate or request to 
- * GENERAL_NAMES
- */
-
-static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
-{
-	X509_NAME *nm;
-	ASN1_IA5STRING *email = NULL;
-	X509_NAME_ENTRY *ne;
-	GENERAL_NAME *gen = NULL;
-	int i;
-	if(ctx != NULL && ctx->flags == CTX_TEST)
-		return 1;
-	if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
-		X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
-		goto err;
-	}
-	/* Find the subject name */
-	if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
-	else nm = X509_REQ_get_subject_name(ctx->subject_req);
-
-	/* Now add any email address(es) to STACK */
-	i = -1;
-	while((i = X509_NAME_get_index_by_NID(nm,
-					 NID_pkcs9_emailAddress, i)) >= 0) {
-		ne = X509_NAME_get_entry(nm, i);
-		email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
-                if (move_p)
-                        {
-                        X509_NAME_delete_entry(nm, i);
-			X509_NAME_ENTRY_free(ne);
-                        i--;
-                        }
-		if(!email || !(gen = GENERAL_NAME_new())) {
-			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		gen->d.ia5 = email;
-		email = NULL;
-		gen->type = GEN_EMAIL;
-		if(!sk_GENERAL_NAME_push(gens, gen)) {
-			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		gen = NULL;
-	}
-
-	
-	return 1;
-		
-	err:
-	GENERAL_NAME_free(gen);
-	M_ASN1_IA5STRING_free(email);
-	return 0;
-	
-}
-
-GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-	GENERAL_NAME *gen;
-	GENERAL_NAMES *gens = NULL;
-	CONF_VALUE *cnf;
-	int i;
-	if(!(gens = sk_GENERAL_NAME_new_null())) {
-		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
-		sk_GENERAL_NAME_push(gens, gen);
-	}
-	return gens;
-	err:
-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-	return NULL;
-}
-
-GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-			       CONF_VALUE *cnf)
-	{
-	return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
-	}
-
-GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
-			       const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-			       int gen_type, char *value, int is_nc)
-	{
-	char is_string = 0;
-	GENERAL_NAME *gen = NULL;
-
-	if(!value)
-		{
-		X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
-		return NULL;
-		}
-
-	if (out)
-		gen = out;
-	else
-		{
-		gen = GENERAL_NAME_new();
-		if(gen == NULL)
-			{
-			X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
-			return NULL;
-			}
-		}
-
-	switch (gen_type)
-		{
-		case GEN_URI:
-		case GEN_EMAIL:
-		case GEN_DNS:
-		is_string = 1;
-		break;
-		
-		case GEN_RID:
-		{
-		ASN1_OBJECT *obj;
-		if(!(obj = OBJ_txt2obj(value,0)))
-			{
-			X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
-			ERR_add_error_data(2, "value=", value);
-			goto err;
-			}
-		gen->d.rid = obj;
-		}
-		break;
-
-		case GEN_IPADD:
-		if (is_nc)
-			gen->d.ip = a2i_IPADDRESS_NC(value);
-		else
-			gen->d.ip = a2i_IPADDRESS(value);
-		if(gen->d.ip == NULL)
-			{
-			X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
-			ERR_add_error_data(2, "value=", value);
-			goto err;
-			}
-		break;
-
-		case GEN_DIRNAME:
-		if (!do_dirname(gen, value, ctx))
-			{
-			X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR);
-			goto err;
-			}
-		break;
-
-		case GEN_OTHERNAME:
-		if (!do_othername(gen, value, ctx))
-			{
-			X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR);
-			goto err;
-			}
-		break;
-		default:
-		X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_TYPE);
-		goto err;
-		}
-
-	if(is_string)
-		{
-		if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
-			      !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
-					       strlen(value)))
-			{
-			X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-
-	gen->type = gen_type;
-
-	return gen;
-
-	err:
-	if (!out)
-		GENERAL_NAME_free(gen);
-	return NULL;
-	}
-
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-				  const X509V3_EXT_METHOD *method,
-				  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
-	{
-	int type;
-
-	char *name, *value;
-
-	name = cnf->name;
-	value = cnf->value;
-
-	if(!value)
-		{
-		X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
-		return NULL;
-		}
-
-	if(!name_cmp(name, "email"))
-		type = GEN_EMAIL;
-	else if(!name_cmp(name, "URI"))
-		type = GEN_URI;
-	else if(!name_cmp(name, "DNS"))
-		type = GEN_DNS;
-	else if(!name_cmp(name, "RID"))
-		type = GEN_RID;
-	else if(!name_cmp(name, "IP"))
-		type = GEN_IPADD;
-	else if(!name_cmp(name, "dirName"))
-		type = GEN_DIRNAME;
-	else if(!name_cmp(name, "otherName"))
-		type = GEN_OTHERNAME;
-	else
-		{
-		X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
-		ERR_add_error_data(2, "name=", name);
-		return NULL;
-		}
-
-	return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
-
-	}
-
-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
-	{
-	char *objtmp = NULL, *p;
-	int objlen;
-	if (!(p = strchr(value, ';')))
-		return 0;
-	if (!(gen->d.otherName = OTHERNAME_new()))
-		return 0;
-	/* Free this up because we will overwrite it.
-	 * no need to free type_id because it is static
-	 */
-	ASN1_TYPE_free(gen->d.otherName->value);
-	if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
-		return 0;
-	objlen = p - value;
-	objtmp = OPENSSL_malloc(objlen + 1);
-	strncpy(objtmp, value, objlen);
-	objtmp[objlen] = 0;
-	gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
-	OPENSSL_free(objtmp);	
-	if (!gen->d.otherName->type_id)
-		return 0;
-	return 1;
-	}
-
-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
-	{
-	int ret;
-	STACK_OF(CONF_VALUE) *sk;
-	X509_NAME *nm;
-	if (!(nm = X509_NAME_new()))
-		return 0;
-	sk = X509V3_get_section(ctx, value);
-	if (!sk)
-		{
-		X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND);
-		ERR_add_error_data(2, "section=", value);
-		X509_NAME_free(nm);
-		return 0;
-		}
-	/* FIXME: should allow other character types... */
-	ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
-	if (!ret)
-		X509_NAME_free(nm);
-	gen->d.dirn = nm;
-	X509V3_section_free(ctx, sk);
-		
-	return ret;
-	}
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
deleted file mode 100644
index 1587e8ed72..0000000000
--- a/crypto/x509v3/v3_asid.c
+++ /dev/null
@@ -1,890 +0,0 @@
-/*
- * Contributed to the OpenSSL Project by the American Registry for
- * Internet Numbers ("ARIN").
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- */
-
-/*
- * Implementation of RFC 3779 section 3.2.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-#include <openssl/x509.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_RFC3779
-
-/*
- * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
- */
-
-ASN1_SEQUENCE(ASRange) = {
-  ASN1_SIMPLE(ASRange, min, ASN1_INTEGER),
-  ASN1_SIMPLE(ASRange, max, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(ASRange)
-
-ASN1_CHOICE(ASIdOrRange) = {
-  ASN1_SIMPLE(ASIdOrRange, u.id,    ASN1_INTEGER),
-  ASN1_SIMPLE(ASIdOrRange, u.range, ASRange)
-} ASN1_CHOICE_END(ASIdOrRange)
-
-ASN1_CHOICE(ASIdentifierChoice) = {
-  ASN1_SIMPLE(ASIdentifierChoice,      u.inherit,       ASN1_NULL),
-  ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange)
-} ASN1_CHOICE_END(ASIdentifierChoice)
-
-ASN1_SEQUENCE(ASIdentifiers) = {
-  ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0),
-  ASN1_EXP_OPT(ASIdentifiers, rdi,   ASIdentifierChoice, 1)
-} ASN1_SEQUENCE_END(ASIdentifiers)
-
-IMPLEMENT_ASN1_FUNCTIONS(ASRange)
-IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
-IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
-IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
-
-/*
- * i2r method for an ASIdentifierChoice.
- */
-static int i2r_ASIdentifierChoice(BIO *out,
-				  ASIdentifierChoice *choice,
-				  int indent,
-				  const char *msg)
-{
-  int i;
-  char *s;
-  if (choice == NULL)
-    return 1;
-  BIO_printf(out, "%*s%s:\n", indent, "", msg);
-  switch (choice->type) {
-  case ASIdentifierChoice_inherit:
-    BIO_printf(out, "%*sinherit\n", indent + 2, "");
-    break;
-  case ASIdentifierChoice_asIdsOrRanges:
-    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {
-      ASIdOrRange *aor = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
-      switch (aor->type) {
-      case ASIdOrRange_id:
-	if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)
-	  return 0;
-	BIO_printf(out, "%*s%s\n", indent + 2, "", s);
-	OPENSSL_free(s);
-	break;
-      case ASIdOrRange_range:
-	if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)
-	  return 0;
-	BIO_printf(out, "%*s%s-", indent + 2, "", s);
-	OPENSSL_free(s);
-	if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)
-	  return 0;
-	BIO_printf(out, "%s\n", s);
-	OPENSSL_free(s);
-	break;
-      default:
-	return 0;
-      }
-    }
-    break;
-  default:
-    return 0;
-  }
-  return 1;
-}
-
-/*
- * i2r method for an ASIdentifier extension.
- */
-static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method,
-			     void *ext,
-			     BIO *out,
-			     int indent)
-{
-  ASIdentifiers *asid = ext;
-  return (i2r_ASIdentifierChoice(out, asid->asnum, indent,
-				 "Autonomous System Numbers") &&
-	  i2r_ASIdentifierChoice(out, asid->rdi, indent,
-				 "Routing Domain Identifiers"));
-}
-
-/*
- * Sort comparision function for a sequence of ASIdOrRange elements.
- */
-static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
-			   const ASIdOrRange * const *b_)
-{
-  const ASIdOrRange *a = *a_, *b = *b_;
-
-  OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
-	 (a->type == ASIdOrRange_range && a->u.range != NULL &&
-	  a->u.range->min != NULL && a->u.range->max != NULL));
-
-  OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
-	 (b->type == ASIdOrRange_range && b->u.range != NULL &&
-	  b->u.range->min != NULL && b->u.range->max != NULL));
-
-  if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
-    return ASN1_INTEGER_cmp(a->u.id, b->u.id);
-
-  if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {
-    int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);
-    return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, b->u.range->max);
-  }
-
-  if (a->type == ASIdOrRange_id)
-    return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);
-  else
-    return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);
-}
-
-/*
- * Add an inherit element.
- */
-int v3_asid_add_inherit(ASIdentifiers *asid, int which)
-{
-  ASIdentifierChoice **choice;
-  if (asid == NULL)
-    return 0;
-  switch (which) {
-  case V3_ASID_ASNUM:
-    choice = &asid->asnum;
-    break;
-  case V3_ASID_RDI:
-    choice = &asid->rdi;
-    break;
-  default:
-    return 0;
-  }
-  if (*choice == NULL) {
-    if ((*choice = ASIdentifierChoice_new()) == NULL)
-      return 0;
-    OPENSSL_assert((*choice)->u.inherit == NULL);
-    if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
-      return 0;
-    (*choice)->type = ASIdentifierChoice_inherit;
-  }
-  return (*choice)->type == ASIdentifierChoice_inherit;
-}
-
-/*
- * Add an ID or range to an ASIdentifierChoice.
- */
-int v3_asid_add_id_or_range(ASIdentifiers *asid,
-			    int which,
-			    ASN1_INTEGER *min,
-			    ASN1_INTEGER *max)
-{
-  ASIdentifierChoice **choice;
-  ASIdOrRange *aor;
-  if (asid == NULL)
-    return 0;
-  switch (which) {
-  case V3_ASID_ASNUM:
-    choice = &asid->asnum;
-    break;
-  case V3_ASID_RDI:
-    choice = &asid->rdi;
-    break;
-  default:
-    return 0;
-  }
-  if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
-    return 0;
-  if (*choice == NULL) {
-    if ((*choice = ASIdentifierChoice_new()) == NULL)
-      return 0;
-    OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
-    (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
-    if ((*choice)->u.asIdsOrRanges == NULL)
-      return 0;
-    (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
-  }
-  if ((aor = ASIdOrRange_new()) == NULL)
-    return 0;
-  if (max == NULL) {
-    aor->type = ASIdOrRange_id;
-    aor->u.id = min;
-  } else {
-    aor->type = ASIdOrRange_range;
-    if ((aor->u.range = ASRange_new()) == NULL)
-      goto err;
-    ASN1_INTEGER_free(aor->u.range->min);
-    aor->u.range->min = min;
-    ASN1_INTEGER_free(aor->u.range->max);
-    aor->u.range->max = max;
-  }
-  if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
-    goto err;
-  return 1;
-
- err:
-  ASIdOrRange_free(aor);
-  return 0;
-}
-
-/*
- * Extract min and max values from an ASIdOrRange.
- */
-static void extract_min_max(ASIdOrRange *aor,
-			    ASN1_INTEGER **min,
-			    ASN1_INTEGER **max)
-{
-  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
-  switch (aor->type) {
-  case ASIdOrRange_id:
-    *min = aor->u.id;
-    *max = aor->u.id;
-    return;
-  case ASIdOrRange_range:
-    *min = aor->u.range->min;
-    *max = aor->u.range->max;
-    return;
-  }
-}
-
-/*
- * Check whether an ASIdentifierChoice is in canonical form.
- */
-static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
-{
-  ASN1_INTEGER *a_max_plus_one = NULL;
-  BIGNUM *bn = NULL;
-  int i, ret = 0;
-
-  /*
-   * Empty element or inheritance is canonical.
-   */
-  if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
-    return 1;
-
-  /*
-   * If not a list, or if empty list, it's broken.
-   */
-  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
-      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
-    return 0;
-
-  /*
-   * It's a list, check it.
-   */
-  for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
-    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
-    ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
-    ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
-
-    extract_min_max(a, &a_min, &a_max);
-    extract_min_max(b, &b_min, &b_max);
-
-    /*
-     * Punt misordered list, overlapping start, or inverted range.
-     */
-    if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
-	ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
-	ASN1_INTEGER_cmp(b_min, b_max) > 0)
-      goto done;
-
-    /*
-     * Calculate a_max + 1 to check for adjacency.
-     */
-    if ((bn == NULL && (bn = BN_new()) == NULL) ||
-	ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
-	!BN_add_word(bn, 1) ||
-	(a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
-      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
-		ERR_R_MALLOC_FAILURE);
-      goto done;
-    }
-    
-    /*
-     * Punt if adjacent or overlapping.
-     */
-    if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
-      goto done;
-  }
-
-  /*
-   * Check for inverted range.
-   */
-  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
-  {
-    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
-    ASN1_INTEGER *a_min, *a_max;
-    if (a != NULL && a->type == ASIdOrRange_range) {
-      extract_min_max(a, &a_min, &a_max);
-      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
-	goto done;
-    }
-  }
-
-  ret = 1;
-
- done:
-  ASN1_INTEGER_free(a_max_plus_one);
-  BN_free(bn);
-  return ret;
-}
-
-/*
- * Check whether an ASIdentifier extension is in canonical form.
- */
-int v3_asid_is_canonical(ASIdentifiers *asid)
-{
-  return (asid == NULL ||
-	  (ASIdentifierChoice_is_canonical(asid->asnum) &&
-	   ASIdentifierChoice_is_canonical(asid->rdi)));
-}
-
-/*
- * Whack an ASIdentifierChoice into canonical form.
- */
-static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
-{
-  ASN1_INTEGER *a_max_plus_one = NULL;
-  BIGNUM *bn = NULL;
-  int i, ret = 0;
-
-  /*
-   * Nothing to do for empty element or inheritance.
-   */
-  if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
-    return 1;
-
-  /*
-   * If not a list, or if empty list, it's broken.
-   */
-  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
-      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
-    X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
-	      X509V3_R_EXTENSION_VALUE_ERROR);
-    return 0;
-  }
-
-  /*
-   * We have a non-empty list.  Sort it.
-   */
-  sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
-
-  /*
-   * Now check for errors and suboptimal encoding, rejecting the
-   * former and fixing the latter.
-   */
-  for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
-    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
-    ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
-    ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
-
-    extract_min_max(a, &a_min, &a_max);
-    extract_min_max(b, &b_min, &b_max);
-
-    /*
-     * Make sure we're properly sorted (paranoia).
-     */
-    OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
-
-    /*
-     * Punt inverted ranges.
-     */
-    if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
-	ASN1_INTEGER_cmp(b_min, b_max) > 0)
-      goto done;
-
-    /*
-     * Check for overlaps.
-     */
-    if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
-      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
-		X509V3_R_EXTENSION_VALUE_ERROR);
-      goto done;
-    }
-
-    /*
-     * Calculate a_max + 1 to check for adjacency.
-     */
-    if ((bn == NULL && (bn = BN_new()) == NULL) ||
-	ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
-	!BN_add_word(bn, 1) ||
-	(a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
-      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE);
-      goto done;
-    }
-    
-    /*
-     * If a and b are adjacent, merge them.
-     */
-    if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
-      ASRange *r;
-      switch (a->type) {
-      case ASIdOrRange_id:
-	if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) {
-	  X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
-		    ERR_R_MALLOC_FAILURE);
-	  goto done;
-	}
-	r->min = a_min;
-	r->max = b_max;
-	a->type = ASIdOrRange_range;
-	a->u.range = r;
-	break;
-      case ASIdOrRange_range:
-	ASN1_INTEGER_free(a->u.range->max);
-	a->u.range->max = b_max;
-	break;
-      }
-      switch (b->type) {
-      case ASIdOrRange_id:
-	b->u.id = NULL;
-	break;
-      case ASIdOrRange_range:
-	b->u.range->max = NULL;
-	break;
-      }
-      ASIdOrRange_free(b);
-      (void) sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
-      i--;
-      continue;
-    }
-  }
-
-  /*
-   * Check for final inverted range.
-   */
-  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
-  {
-    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
-    ASN1_INTEGER *a_min, *a_max;
-    if (a != NULL && a->type == ASIdOrRange_range) {
-      extract_min_max(a, &a_min, &a_max);
-      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
-	goto done;
-    }
-  }
-
-  OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
-
-  ret = 1;
-
- done:
-  ASN1_INTEGER_free(a_max_plus_one);
-  BN_free(bn);
-  return ret;
-}
-
-/*
- * Whack an ASIdentifier extension into canonical form.
- */
-int v3_asid_canonize(ASIdentifiers *asid)
-{
-  return (asid == NULL ||
-	  (ASIdentifierChoice_canonize(asid->asnum) &&
-	   ASIdentifierChoice_canonize(asid->rdi)));
-}
-
-/*
- * v2i method for an ASIdentifier extension.
- */
-static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
-			       struct v3_ext_ctx *ctx,
-			       STACK_OF(CONF_VALUE) *values)
-{
-  ASN1_INTEGER *min = NULL, *max = NULL;
-  ASIdentifiers *asid = NULL;
-  int i;
-
-  if ((asid = ASIdentifiers_new()) == NULL) {
-    X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
-    return NULL;
-  }
-
-  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
-    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
-    int i1, i2, i3, is_range, which;
-
-    /*
-     * Figure out whether this is an AS or an RDI.
-     */
-    if (       !name_cmp(val->name, "AS")) {
-      which = V3_ASID_ASNUM;
-    } else if (!name_cmp(val->name, "RDI")) {
-      which = V3_ASID_RDI;
-    } else {
-      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_NAME_ERROR);
-      X509V3_conf_err(val);
-      goto err;
-    }
-
-    /*
-     * Handle inheritance.
-     */
-    if (!strcmp(val->value, "inherit")) {
-      if (v3_asid_add_inherit(asid, which))
-	continue;
-      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE);
-      X509V3_conf_err(val);
-      goto err;
-    }
-
-    /*
-     * Number, range, or mistake, pick it apart and figure out which.
-     */
-    i1 = strspn(val->value, "0123456789");
-    if (val->value[i1] == '\0') {
-      is_range = 0;
-    } else {
-      is_range = 1;
-      i2 = i1 + strspn(val->value + i1, " \t");
-      if (val->value[i2] != '-') {
-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASNUMBER);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      i2++;
-      i2 = i2 + strspn(val->value + i2, " \t");
-      i3 = i2 + strspn(val->value + i2, "0123456789");
-      if (val->value[i3] != '\0') {
-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASRANGE);
-	X509V3_conf_err(val);
-	goto err;
-      }
-    }
-
-    /*
-     * Syntax is ok, read and add it.
-     */
-    if (!is_range) {
-      if (!X509V3_get_value_int(val, &min)) {
-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
-	goto err;
-      }
-    } else {
-      char *s = BUF_strdup(val->value);
-      if (s == NULL) {
-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
-	goto err;
-      }
-      s[i1] = '\0';
-      min = s2i_ASN1_INTEGER(NULL, s);
-      max = s2i_ASN1_INTEGER(NULL, s + i2);
-      OPENSSL_free(s);
-      if (min == NULL || max == NULL) {
-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
-	goto err;
-      }
-      if (ASN1_INTEGER_cmp(min, max) > 0) {
-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR);
-	goto err;
-      }
-    }
-    if (!v3_asid_add_id_or_range(asid, which, min, max)) {
-      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
-      goto err;
-    }
-    min = max = NULL;
-  }
-
-  /*
-   * Canonize the result, then we're done.
-   */
-  if (!v3_asid_canonize(asid))
-    goto err;
-  return asid;
-
- err:
-  ASIdentifiers_free(asid);
-  ASN1_INTEGER_free(min);
-  ASN1_INTEGER_free(max);
-  return NULL;
-}
-
-/*
- * OpenSSL dispatch.
- */
-const X509V3_EXT_METHOD v3_asid = {
-  NID_sbgp_autonomousSysNum,	/* nid */
-  0,				/* flags */
-  ASN1_ITEM_ref(ASIdentifiers),	/* template */
-  0, 0, 0, 0,			/* old functions, ignored */
-  0,				/* i2s */
-  0,				/* s2i */
-  0,				/* i2v */
-  v2i_ASIdentifiers,		/* v2i */
-  i2r_ASIdentifiers,		/* i2r */
-  0,				/* r2i */
-  NULL				/* extension-specific data */
-};
-
-/*
- * Figure out whether extension uses inheritance.
- */
-int v3_asid_inherits(ASIdentifiers *asid)
-{
-  return (asid != NULL &&
-	  ((asid->asnum != NULL &&
-	    asid->asnum->type == ASIdentifierChoice_inherit) ||
-	   (asid->rdi != NULL &&
-	    asid->rdi->type == ASIdentifierChoice_inherit)));
-}
-
-/*
- * Figure out whether parent contains child.
- */
-static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
-{
-  ASN1_INTEGER *p_min, *p_max, *c_min, *c_max;
-  int p, c;
-
-  if (child == NULL || parent == child)
-    return 1;
-  if (parent == NULL)
-    return 0;
-
-  p = 0;
-  for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
-    extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);
-    for (;; p++) {
-      if (p >= sk_ASIdOrRange_num(parent))
-	return 0;
-      extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);
-      if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
-	continue;
-      if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
-	return 0;
-      break;
-    }
-  }
-
-  return 1;
-}
-
-/*
- * Test whether a is a subet of b.
- */
-int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
-{
-  return (a == NULL ||
-	  a == b ||
-	  (b != NULL &&
-	   !v3_asid_inherits(a) &&
-	   !v3_asid_inherits(b) &&
-	   asid_contains(b->asnum->u.asIdsOrRanges,
-			 a->asnum->u.asIdsOrRanges) &&
-	   asid_contains(b->rdi->u.asIdsOrRanges,
-			 a->rdi->u.asIdsOrRanges)));
-}
-
-/*
- * Validation error handling via callback.
- */
-#define validation_err(_err_)		\
-  do {					\
-    if (ctx != NULL) {			\
-      ctx->error = _err_;		\
-      ctx->error_depth = i;		\
-      ctx->current_cert = x;		\
-      ret = ctx->verify_cb(0, ctx);	\
-    } else {				\
-      ret = 0;				\
-    }					\
-    if (!ret)				\
-      goto done;			\
-  } while (0)
-
-/*
- * Core code for RFC 3779 3.3 path validation.
- */
-static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
-					  STACK_OF(X509) *chain,
-					  ASIdentifiers *ext)
-{
-  ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
-  int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
-  X509 *x;
-
-  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-  OPENSSL_assert(ctx != NULL || ext != NULL);
-  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
-
-  /*
-   * Figure out where to start.  If we don't have an extension to
-   * check, we're done.  Otherwise, check canonical form and
-   * set up for walking up the chain.
-   */
-  if (ext != NULL) {
-    i = -1;
-    x = NULL;
-  } else {
-    i = 0;
-    x = sk_X509_value(chain, i);
-    OPENSSL_assert(x != NULL);
-    if ((ext = x->rfc3779_asid) == NULL)
-      goto done;
-  }
-  if (!v3_asid_is_canonical(ext))
-    validation_err(X509_V_ERR_INVALID_EXTENSION);
-  if (ext->asnum != NULL)  {
-    switch (ext->asnum->type) {
-    case ASIdentifierChoice_inherit:
-      inherit_as = 1;
-      break;
-    case ASIdentifierChoice_asIdsOrRanges:
-      child_as = ext->asnum->u.asIdsOrRanges;
-      break;
-    }
-  }
-  if (ext->rdi != NULL) {
-    switch (ext->rdi->type) {
-    case ASIdentifierChoice_inherit:
-      inherit_rdi = 1;
-      break;
-    case ASIdentifierChoice_asIdsOrRanges:
-      child_rdi = ext->rdi->u.asIdsOrRanges;
-      break;
-    }
-  }
-
-  /*
-   * Now walk up the chain.  Extensions must be in canonical form, no
-   * cert may list resources that its parent doesn't list.
-   */
-  for (i++; i < sk_X509_num(chain); i++) {
-    x = sk_X509_value(chain, i);
-    OPENSSL_assert(x != NULL);
-    if (x->rfc3779_asid == NULL) {
-      if (child_as != NULL || child_rdi != NULL)
-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      continue;
-    }
-    if (!v3_asid_is_canonical(x->rfc3779_asid))
-      validation_err(X509_V_ERR_INVALID_EXTENSION);
-    if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      child_as = NULL;
-      inherit_as = 0;
-    }
-    if (x->rfc3779_asid->asnum != NULL &&
-	x->rfc3779_asid->asnum->type == ASIdentifierChoice_asIdsOrRanges) {
-      if (inherit_as ||
-	  asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, child_as)) {
-	child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;
-	inherit_as = 0;
-      } else {
-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      }
-    }
-    if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {
-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      child_rdi = NULL;
-      inherit_rdi = 0;
-    }
-    if (x->rfc3779_asid->rdi != NULL &&
-	x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {
-      if (inherit_rdi ||
-	  asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, child_rdi)) {
-	child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;
-	inherit_rdi = 0;
-      } else {
-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      }
-    }
-  }
-
-  /*
-   * Trust anchor can't inherit.
-   */
-  OPENSSL_assert(x != NULL);
-  if (x->rfc3779_asid != NULL) {
-    if (x->rfc3779_asid->asnum != NULL &&
-	x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-    if (x->rfc3779_asid->rdi != NULL &&
-	x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)
-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-  }
-
- done:
-  return ret;
-}
-
-#undef validation_err
-
-/*
- * RFC 3779 3.3 path validation -- called from X509_verify_cert().
- */
-int v3_asid_validate_path(X509_STORE_CTX *ctx)
-{
-  return v3_asid_validate_path_internal(ctx, ctx->chain, NULL);
-}
-
-/*
- * RFC 3779 3.3 path validation of an extension.
- * Test whether chain covers extension.
- */
-int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
-				  ASIdentifiers *ext,
-				  int allow_inheritance)
-{
-  if (ext == NULL)
-    return 1;
-  if (chain == NULL || sk_X509_num(chain) == 0)
-    return 0;
-  if (!allow_inheritance && v3_asid_inherits(ext))
-    return 0;
-  return v3_asid_validate_path_internal(NULL, chain, ext);
-}
-
-#endif /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c
deleted file mode 100644
index 82aa488f75..0000000000
--- a/crypto/x509v3/v3_bcons.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/* v3_bcons.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-
-const X509V3_EXT_METHOD v3_bcons = {
-NID_basic_constraints, 0,
-ASN1_ITEM_ref(BASIC_CONSTRAINTS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
-(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
-NULL,NULL,
-NULL
-};
-
-ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
-	ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
-	ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
-
-IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
-
-
-static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
-	     BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
-{
-	X509V3_add_value_bool("CA", bcons->ca, &extlist);
-	X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
-	return extlist;
-}
-
-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
-{
-	BASIC_CONSTRAINTS *bcons=NULL;
-	CONF_VALUE *val;
-	int i;
-	if(!(bcons = BASIC_CONSTRAINTS_new())) {
-		X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
-		val = sk_CONF_VALUE_value(values, i);
-		if(!strcmp(val->name, "CA")) {
-			if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
-		} else if(!strcmp(val->name, "pathlen")) {
-			if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
-		} else {
-			X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
-			X509V3_conf_err(val);
-			goto err;
-		}
-	}
-	return bcons;
-	err:
-	BASIC_CONSTRAINTS_free(bcons);
-	return NULL;
-}
-
diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c
deleted file mode 100644
index 058d0d4dce..0000000000
--- a/crypto/x509v3/v3_bitst.c
+++ /dev/null
@@ -1,141 +0,0 @@
-/* v3_bitst.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static BIT_STRING_BITNAME ns_cert_type_table[] = {
-{0, "SSL Client", "client"},
-{1, "SSL Server", "server"},
-{2, "S/MIME", "email"},
-{3, "Object Signing", "objsign"},
-{4, "Unused", "reserved"},
-{5, "SSL CA", "sslCA"},
-{6, "S/MIME CA", "emailCA"},
-{7, "Object Signing CA", "objCA"},
-{-1, NULL, NULL}
-};
-
-static BIT_STRING_BITNAME key_usage_type_table[] = {
-{0, "Digital Signature", "digitalSignature"},
-{1, "Non Repudiation", "nonRepudiation"},
-{2, "Key Encipherment", "keyEncipherment"},
-{3, "Data Encipherment", "dataEncipherment"},
-{4, "Key Agreement", "keyAgreement"},
-{5, "Certificate Sign", "keyCertSign"},
-{6, "CRL Sign", "cRLSign"},
-{7, "Encipher Only", "encipherOnly"},
-{8, "Decipher Only", "decipherOnly"},
-{-1, NULL, NULL}
-};
-
-
-
-const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
-const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
-
-STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-	     ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
-{
-	BIT_STRING_BITNAME *bnam;
-	for(bnam =method->usr_data; bnam->lname; bnam++) {
-		if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 
-			X509V3_add_value(bnam->lname, NULL, &ret);
-	}
-	return ret;
-}
-	
-ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-	CONF_VALUE *val;
-	ASN1_BIT_STRING *bs;
-	int i;
-	BIT_STRING_BITNAME *bnam;
-	if(!(bs = M_ASN1_BIT_STRING_new())) {
-		X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		val = sk_CONF_VALUE_value(nval, i);
-		for(bnam = method->usr_data; bnam->lname; bnam++) {
-			if(!strcmp(bnam->sname, val->name) ||
-				!strcmp(bnam->lname, val->name) ) {
-				if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
-					X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
-						ERR_R_MALLOC_FAILURE);
-					M_ASN1_BIT_STRING_free(bs);
-					return NULL;
-				}
-				break;
-			}
-		}
-		if(!bnam->lname) {
-			X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
-					X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
-			X509V3_conf_err(val);
-			M_ASN1_BIT_STRING_free(bs);
-			return NULL;
-		}
-	}
-	return bs;
-}
-	
-
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
deleted file mode 100644
index 6730f9a6ee..0000000000
--- a/crypto/x509v3/v3_conf.c
+++ /dev/null
@@ -1,525 +0,0 @@
-/* v3_conf.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* extension creation utilities */
-
-
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-static int v3_check_critical(char **value);
-static int v3_check_generic(char **value);
-static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
-static char *conf_lhash_get_string(void *db, char *section, char *value);
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
-static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
-				  int crit, void *ext_struc);
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
-/* CONF *conf:  Config file    */
-/* char *name:  Name    */
-/* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
-				 char *value)
-	{
-	int crit;
-	int ext_type;
-	X509_EXTENSION *ret;
-	crit = v3_check_critical(&value);
-	if ((ext_type = v3_check_generic(&value))) 
-		return v3_generic_extension(name, value, crit, ext_type, ctx);
-	ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
-	if (!ret)
-		{
-		X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION);
-		ERR_add_error_data(4,"name=", name, ", value=", value);
-		}
-	return ret;
-	}
-
-/* CONF *conf:  Config file    */
-/* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-				     char *value)
-	{
-	int crit;
-	int ext_type;
-	crit = v3_check_critical(&value);
-	if ((ext_type = v3_check_generic(&value))) 
-		return v3_generic_extension(OBJ_nid2sn(ext_nid),
-						 value, crit, ext_type, ctx);
-	return do_ext_nconf(conf, ctx, ext_nid, crit, value);
-	}
-
-/* CONF *conf:  Config file    */
-/* char *value:  Value    */
-static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-				    int crit, char *value)
-	{
-	const X509V3_EXT_METHOD *method;
-	X509_EXTENSION *ext;
-	STACK_OF(CONF_VALUE) *nval;
-	void *ext_struc;
-	if (ext_nid == NID_undef)
-		{
-		X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
-		return NULL;
-		}
-	if (!(method = X509V3_EXT_get_nid(ext_nid)))
-		{
-		X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION);
-		return NULL;
-		}
-	/* Now get internal extension representation based on type */
-	if (method->v2i)
-		{
-		if(*value == '@') nval = NCONF_get_section(conf, value + 1);
-		else nval = X509V3_parse_list(value);
-		if(sk_CONF_VALUE_num(nval) <= 0)
-			{
-			X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING);
-			ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
-			return NULL;
-			}
-		ext_struc = method->v2i(method, ctx, nval);
-		if(*value != '@') sk_CONF_VALUE_pop_free(nval,
-							 X509V3_conf_free);
-		if(!ext_struc) return NULL;
-		}
-	else if(method->s2i)
-		{
-		if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
-		}
-	else if(method->r2i)
-		{
-		if(!ctx->db || !ctx->db_meth)
-			{
-			X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE);
-			return NULL;
-			}
-		if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
-		}
-	else
-		{
-		X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
-		ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
-		return NULL;
-		}
-
-	ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
-	if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
-	else method->ext_free(ext_struc);
-	return ext;
-
-	}
-
-static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
-				  int crit, void *ext_struc)
-	{
-	unsigned char *ext_der;
-	int ext_len;
-	ASN1_OCTET_STRING *ext_oct;
-	X509_EXTENSION *ext;
-	/* Convert internal representation to DER */
-	if (method->it)
-		{
-		ext_der = NULL;
-		ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
-		if (ext_len < 0) goto merr;
-		}
-	 else
-		{
-		unsigned char *p;
-		ext_len = method->i2d(ext_struc, NULL);
-		if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
-		p = ext_der;
-		method->i2d(ext_struc, &p);
-		}
-	if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
-	ext_oct->data = ext_der;
-	ext_oct->length = ext_len;
-
-	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
-	if (!ext) goto merr;
-	M_ASN1_OCTET_STRING_free(ext_oct);
-
-	return ext;
-
-	merr:
-	X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
-	return NULL;
-
-	}
-
-/* Given an internal structure, nid and critical flag create an extension */
-
-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
-	{
-	const X509V3_EXT_METHOD *method;
-	if (!(method = X509V3_EXT_get_nid(ext_nid))) {
-		X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
-		return NULL;
-	}
-	return do_ext_i2d(method, ext_nid, crit, ext_struc);
-}
-
-/* Check the extension string for critical flag */
-static int v3_check_critical(char **value)
-{
-	char *p = *value;
-	if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
-	p+=9;
-	while(isspace((unsigned char)*p)) p++;
-	*value = p;
-	return 1;
-}
-
-/* Check extension string for generic extension and return the type */
-static int v3_check_generic(char **value)
-{
-	int gen_type = 0;
-	char *p = *value;
-	if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4))
-		{
-		p+=4;
-		gen_type = 1;
-		}
-	else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5))
-		{
-		p+=5;
-		gen_type = 2;
-		}
-	else
-		return 0;
-
-	while (isspace((unsigned char)*p)) p++;
-	*value = p;
-	return gen_type;
-}
-
-/* Create a generic extension: for now just handle DER type */
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
-					    int crit, int gen_type,
-					    X509V3_CTX *ctx)
-	{
-	unsigned char *ext_der=NULL;
-	long ext_len;
-	ASN1_OBJECT *obj=NULL;
-	ASN1_OCTET_STRING *oct=NULL;
-	X509_EXTENSION *extension=NULL;
-	if (!(obj = OBJ_txt2obj(ext, 0)))
-		{
-		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
-		ERR_add_error_data(2, "name=", ext);
-		goto err;
-		}
-
-	if (gen_type == 1)
-		ext_der = string_to_hex(value, &ext_len);
-	else if (gen_type == 2)
-		ext_der = generic_asn1(value, ctx, &ext_len);
-
-	if (ext_der == NULL)
-		{
-		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
-		ERR_add_error_data(2, "value=", value);
-		goto err;
-		}
-
-	if (!(oct = M_ASN1_OCTET_STRING_new()))
-		{
-		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	oct->data = ext_der;
-	oct->length = ext_len;
-	ext_der = NULL;
-
-	extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
-
-	err:
-	ASN1_OBJECT_free(obj);
-	M_ASN1_OCTET_STRING_free(oct);
-	if(ext_der) OPENSSL_free(ext_der);
-	return extension;
-
-	}
-
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
-	{
-	ASN1_TYPE *typ;
-	unsigned char *ext_der = NULL;
-	typ = ASN1_generate_v3(value, ctx);
-	if (typ == NULL)
-		return NULL;
-	*ext_len = i2d_ASN1_TYPE(typ, &ext_der);
-	ASN1_TYPE_free(typ);
-	return ext_der;
-	}
-
-/* This is the main function: add a bunch of extensions based on a config file
- * section to an extension STACK.
- */
-
-
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
-			    STACK_OF(X509_EXTENSION) **sk)
-	{
-	X509_EXTENSION *ext;
-	STACK_OF(CONF_VALUE) *nval;
-	CONF_VALUE *val;	
-	int i;
-	if (!(nval = NCONF_get_section(conf, section))) return 0;
-	for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
-		{
-		val = sk_CONF_VALUE_value(nval, i);
-		if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
-								return 0;
-		if (sk) X509v3_add_ext(sk, ext, -1);
-		X509_EXTENSION_free(ext);
-		}
-	return 1;
-	}
-
-/* Convenience functions to add extensions to a certificate, CRL and request */
-
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-			 X509 *cert)
-	{
-	STACK_OF(X509_EXTENSION) **sk = NULL;
-	if (cert)
-		sk = &cert->cert_info->extensions;
-	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-	}
-
-/* Same as above but for a CRL */
-
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-			     X509_CRL *crl)
-	{
-	STACK_OF(X509_EXTENSION) **sk = NULL;
-	if (crl)
-		sk = &crl->crl->extensions;
-	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-	}
-
-/* Add extensions to certificate request */
-
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-	     X509_REQ *req)
-	{
-	STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
-	int i;
-	if (req)
-		sk = &extlist;
-	i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-	if (!i || !sk)
-		return i;
-	i = X509_REQ_add_extensions(req, extlist);
-	sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
-	return i;
-	}
-
-/* Config database functions */
-
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
-	{
-	if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string)
-		{
-		X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED);
-		return NULL;
-		}
-	if (ctx->db_meth->get_string)
-			return ctx->db_meth->get_string(ctx->db, name, section);
-	return NULL;
-	}
-
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
-	{
-	if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section)
-		{
-		X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED);
-		return NULL;
-		}
-	if (ctx->db_meth->get_section)
-			return ctx->db_meth->get_section(ctx->db, section);
-	return NULL;
-	}
-
-void X509V3_string_free(X509V3_CTX *ctx, char *str)
-	{
-	if (!str) return;
-	if (ctx->db_meth->free_string)
-			ctx->db_meth->free_string(ctx->db, str);
-	}
-
-void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
-	{
-	if (!section) return;
-	if (ctx->db_meth->free_section)
-			ctx->db_meth->free_section(ctx->db, section);
-	}
-
-static char *nconf_get_string(void *db, char *section, char *value)
-	{
-	return NCONF_get_string(db, section, value);
-	}
-
-static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
-	{
-	return NCONF_get_section(db, section);
-	}
-
-static X509V3_CONF_METHOD nconf_method = {
-nconf_get_string,
-nconf_get_section,
-NULL,
-NULL
-};
-
-void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
-	{
-	ctx->db_meth = &nconf_method;
-	ctx->db = conf;
-	}
-
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
-		    X509_CRL *crl, int flags)
-	{
-	ctx->issuer_cert = issuer;
-	ctx->subject_cert = subj;
-	ctx->crl = crl;
-	ctx->subject_req = req;
-	ctx->flags = flags;
-	}
-
-/* Old conf compatibility functions */
-
-X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-				char *name, char *value)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_nconf(&ctmp, ctx, name, value);
-	}
-
-/* LHASH *conf:  Config file    */
-/* char *value:  Value    */
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-				    int ext_nid, char *value)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
-	}
-
-static char *conf_lhash_get_string(void *db, char *section, char *value)
-	{
-	return CONF_get_string(db, section, value);
-	}
-
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
-	{
-	return CONF_get_section(db, section);
-	}
-
-static X509V3_CONF_METHOD conf_lhash_method = {
-conf_lhash_get_string,
-conf_lhash_get_section,
-NULL,
-NULL
-};
-
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
-	{
-	ctx->db_meth = &conf_lhash_method;
-	ctx->db = lhash;
-	}
-
-int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-			char *section, X509 *cert)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
-	}
-
-/* Same as above but for a CRL */
-
-int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-			    char *section, X509_CRL *crl)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
-	}
-
-/* Add extensions to certificate request */
-
-int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-			    char *section, X509_REQ *req)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
-	}
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
deleted file mode 100644
index 1f0798b946..0000000000
--- a/crypto/x509v3/v3_cpols.c
+++ /dev/null
@@ -1,457 +0,0 @@
-/* v3_cpols.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-/* Certificate policies extension support: this one is a bit complex... */
-
-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
-static void print_notice(BIO *out, USERNOTICE *notice, int indent);
-static POLICYINFO *policy_section(X509V3_CTX *ctx,
-				 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
-					STACK_OF(CONF_VALUE) *unot, int ia5org);
-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
-
-const X509V3_EXT_METHOD v3_cpols = {
-NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
-0,0,0,0,
-0,0,
-0,0,
-(X509V3_EXT_I2R)i2r_certpol,
-(X509V3_EXT_R2I)r2i_certpol,
-NULL
-};
-
-ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
-ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
-
-IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
-
-ASN1_SEQUENCE(POLICYINFO) = {
-	ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
-	ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
-} ASN1_SEQUENCE_END(POLICYINFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
-
-ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
-
-ASN1_ADB(POLICYQUALINFO) = {
-	ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
-	ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
-} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
-
-ASN1_SEQUENCE(POLICYQUALINFO) = {
-	ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(POLICYQUALINFO)
-} ASN1_SEQUENCE_END(POLICYQUALINFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
-
-ASN1_SEQUENCE(USERNOTICE) = {
-	ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
-	ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
-} ASN1_SEQUENCE_END(USERNOTICE)
-
-IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
-
-ASN1_SEQUENCE(NOTICEREF) = {
-	ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
-	ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(NOTICEREF)
-
-IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
-
-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
-		X509V3_CTX *ctx, char *value)
-{
-	STACK_OF(POLICYINFO) *pols = NULL;
-	char *pstr;
-	POLICYINFO *pol;
-	ASN1_OBJECT *pobj;
-	STACK_OF(CONF_VALUE) *vals;
-	CONF_VALUE *cnf;
-	int i, ia5org;
-	pols = sk_POLICYINFO_new_null();
-	if (pols == NULL) {
-		X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	vals =  X509V3_parse_list(value);
-	if (vals == NULL) {
-		X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
-		goto err;
-	}
-	ia5org = 0;
-	for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
-		cnf = sk_CONF_VALUE_value(vals, i);
-		if(cnf->value || !cnf->name ) {
-			X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
-			X509V3_conf_err(cnf);
-			goto err;
-		}
-		pstr = cnf->name;
-		if(!strcmp(pstr,"ia5org")) {
-			ia5org = 1;
-			continue;
-		} else if(*pstr == '@') {
-			STACK_OF(CONF_VALUE) *polsect;
-			polsect = X509V3_get_section(ctx, pstr + 1);
-			if(!polsect) {
-				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
-
-				X509V3_conf_err(cnf);
-				goto err;
-			}
-			pol = policy_section(ctx, polsect, ia5org);
-			X509V3_section_free(ctx, polsect);
-			if(!pol) goto err;
-		} else {
-			if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
-				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-				X509V3_conf_err(cnf);
-				goto err;
-			}
-			pol = POLICYINFO_new();
-			pol->policyid = pobj;
-		}
-		if (!sk_POLICYINFO_push(pols, pol)){
-			POLICYINFO_free(pol);
-			X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-	}
-	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-	return pols;
-	err:
-	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
-	return NULL;
-}
-
-static POLICYINFO *policy_section(X509V3_CTX *ctx,
-				STACK_OF(CONF_VALUE) *polstrs, int ia5org)
-{
-	int i;
-	CONF_VALUE *cnf;
-	POLICYINFO *pol;
-	POLICYQUALINFO *qual;
-	if(!(pol = POLICYINFO_new())) goto merr;
-	for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
-		cnf = sk_CONF_VALUE_value(polstrs, i);
-		if(!strcmp(cnf->name, "policyIdentifier")) {
-			ASN1_OBJECT *pobj;
-			if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
-				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-				X509V3_conf_err(cnf);
-				goto err;
-			}
-			pol->policyid = pobj;
-
-		} else if(!name_cmp(cnf->name, "CPS")) {
-			if(!pol->qualifiers) pol->qualifiers =
-						 sk_POLICYQUALINFO_new_null();
-			if(!(qual = POLICYQUALINFO_new())) goto merr;
-			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
-								 goto merr;
-			qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
-			qual->d.cpsuri = M_ASN1_IA5STRING_new();
-			if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
-						 strlen(cnf->value))) goto merr;
-		} else if(!name_cmp(cnf->name, "userNotice")) {
-			STACK_OF(CONF_VALUE) *unot;
-			if(*cnf->value != '@') {
-				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
-				X509V3_conf_err(cnf);
-				goto err;
-			}
-			unot = X509V3_get_section(ctx, cnf->value + 1);
-			if(!unot) {
-				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
-
-				X509V3_conf_err(cnf);
-				goto err;
-			}
-			qual = notice_section(ctx, unot, ia5org);
-			X509V3_section_free(ctx, unot);
-			if(!qual) goto err;
-			if(!pol->qualifiers) pol->qualifiers =
-						 sk_POLICYQUALINFO_new_null();
-			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
-								 goto merr;
-		} else {
-			X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
-
-			X509V3_conf_err(cnf);
-			goto err;
-		}
-	}
-	if(!pol->policyid) {
-		X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
-		goto err;
-	}
-
-	return pol;
-
-	merr:
-	X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
-
-	err:
-	POLICYINFO_free(pol);
-	return NULL;
-	
-	
-}
-
-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
-					STACK_OF(CONF_VALUE) *unot, int ia5org)
-{
-	int i, ret;
-	CONF_VALUE *cnf;
-	USERNOTICE *not;
-	POLICYQUALINFO *qual;
-	if(!(qual = POLICYQUALINFO_new())) goto merr;
-	qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
-	if(!(not = USERNOTICE_new())) goto merr;
-	qual->d.usernotice = not;
-	for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
-		cnf = sk_CONF_VALUE_value(unot, i);
-		if(!strcmp(cnf->name, "explicitText")) {
-			not->exptext = M_ASN1_VISIBLESTRING_new();
-			if(!ASN1_STRING_set(not->exptext, cnf->value,
-						 strlen(cnf->value))) goto merr;
-		} else if(!strcmp(cnf->name, "organization")) {
-			NOTICEREF *nref;
-			if(!not->noticeref) {
-				if(!(nref = NOTICEREF_new())) goto merr;
-				not->noticeref = nref;
-			} else nref = not->noticeref;
-			if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
-			else nref->organization->type = V_ASN1_VISIBLESTRING;
-			if(!ASN1_STRING_set(nref->organization, cnf->value,
-						 strlen(cnf->value))) goto merr;
-		} else if(!strcmp(cnf->name, "noticeNumbers")) {
-			NOTICEREF *nref;
-			STACK_OF(CONF_VALUE) *nos;
-			if(!not->noticeref) {
-				if(!(nref = NOTICEREF_new())) goto merr;
-				not->noticeref = nref;
-			} else nref = not->noticeref;
-			nos = X509V3_parse_list(cnf->value);
-			if(!nos || !sk_CONF_VALUE_num(nos)) {
-				X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
-				X509V3_conf_err(cnf);
-				goto err;
-			}
-			ret = nref_nos(nref->noticenos, nos);
-			sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
-			if (!ret)
-				goto err;
-		} else {
-			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
-			X509V3_conf_err(cnf);
-			goto err;
-		}
-	}
-
-	if(not->noticeref && 
-	      (!not->noticeref->noticenos || !not->noticeref->organization)) {
-			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
-			goto err;
-	}
-
-	return qual;
-
-	merr:
-	X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
-
-	err:
-	POLICYQUALINFO_free(qual);
-	return NULL;
-}
-
-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
-{
-	CONF_VALUE *cnf;
-	ASN1_INTEGER *aint;
-
-	int i;
-
-	for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
-		cnf = sk_CONF_VALUE_value(nos, i);
-		if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
-			X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
-			goto err;
-		}
-		if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
-	}
-	return 1;
-
-	merr:
-	X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE);
-
-	err:
-	sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
-	return 0;
-}
-
-
-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
-		BIO *out, int indent)
-{
-	int i;
-	POLICYINFO *pinfo;
-	/* First print out the policy OIDs */
-	for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
-		pinfo = sk_POLICYINFO_value(pol, i);
-		BIO_printf(out, "%*sPolicy: ", indent, "");
-		i2a_ASN1_OBJECT(out, pinfo->policyid);
-		BIO_puts(out, "\n");
-		if(pinfo->qualifiers)
-			 print_qualifiers(out, pinfo->qualifiers, indent + 2);
-	}
-	return 1;
-}
-
-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
-		int indent)
-{
-	POLICYQUALINFO *qualinfo;
-	int i;
-	for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
-		qualinfo = sk_POLICYQUALINFO_value(quals, i);
-		switch(OBJ_obj2nid(qualinfo->pqualid))
-		{
-			case NID_id_qt_cps:
-			BIO_printf(out, "%*sCPS: %s\n", indent, "",
-						qualinfo->d.cpsuri->data);
-			break;
-		
-			case NID_id_qt_unotice:
-			BIO_printf(out, "%*sUser Notice:\n", indent, "");
-			print_notice(out, qualinfo->d.usernotice, indent + 2);
-			break;
-
-			default:
-			BIO_printf(out, "%*sUnknown Qualifier: ",
-							 indent + 2, "");
-			
-			i2a_ASN1_OBJECT(out, qualinfo->pqualid);
-			BIO_puts(out, "\n");
-			break;
-		}
-	}
-}
-
-static void print_notice(BIO *out, USERNOTICE *notice, int indent)
-{
-	int i;
-	if(notice->noticeref) {
-		NOTICEREF *ref;
-		ref = notice->noticeref;
-		BIO_printf(out, "%*sOrganization: %s\n", indent, "",
-						 ref->organization->data);
-		BIO_printf(out, "%*sNumber%s: ", indent, "",
-			   sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
-		for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
-			ASN1_INTEGER *num;
-			char *tmp;
-			num = sk_ASN1_INTEGER_value(ref->noticenos, i);
-			if(i) BIO_puts(out, ", ");
-			tmp = i2s_ASN1_INTEGER(NULL, num);
-			BIO_puts(out, tmp);
-			OPENSSL_free(tmp);
-		}
-		BIO_puts(out, "\n");
-	}
-	if(notice->exptext)
-		BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
-							 notice->exptext->data);
-}
-
-void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
-	{
-	const X509_POLICY_DATA *dat = node->data;
-
-	BIO_printf(out, "%*sPolicy: ", indent, "");
-			
-	i2a_ASN1_OBJECT(out, dat->valid_policy);
-	BIO_puts(out, "\n");
-	BIO_printf(out, "%*s%s\n", indent + 2, "",
-		node_data_critical(dat) ? "Critical" : "Non Critical");
-	if (dat->qualifier_set)
-		print_qualifiers(out, dat->qualifier_set, indent + 2);
-	else
-		BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
-	}
-
-
-IMPLEMENT_STACK_OF(X509_POLICY_NODE)
-IMPLEMENT_STACK_OF(X509_POLICY_DATA)
-
diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
deleted file mode 100644
index 790a6dd032..0000000000
--- a/crypto/x509v3/v3_crld.c
+++ /dev/null
@@ -1,616 +0,0 @@
-/* v3_crld.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static void *v2i_crld(const X509V3_EXT_METHOD *method,
-		      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-		     int indent);
-
-const X509V3_EXT_METHOD v3_crld =
-	{
-	NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
-	0,0,0,0,
-	0,0,
-	0,
-	v2i_crld,
-	i2r_crldp,0,
-	NULL
-	};
-
-const X509V3_EXT_METHOD v3_freshest_crl =
-	{
-	NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
-	0,0,0,0,
-	0,0,
-	0,
-	v2i_crld,
-	i2r_crldp,0,
-	NULL
-	};
-
-static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
-	{
-	STACK_OF(CONF_VALUE) *gnsect;
-	STACK_OF(GENERAL_NAME) *gens;
-	if (*sect == '@')
-		gnsect = X509V3_get_section(ctx, sect + 1);
-	else
-		gnsect = X509V3_parse_list(sect);
-	if (!gnsect)
-		{
-		X509V3err(X509V3_F_GNAMES_FROM_SECTNAME,
-						X509V3_R_SECTION_NOT_FOUND);
-		return NULL;
-		}
-	gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
-	if (*sect == '@')
-		X509V3_section_free(ctx, gnsect);
-	else
-		sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
-	return gens;
-	}
-
-static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
-							CONF_VALUE *cnf)
-	{
-	STACK_OF(GENERAL_NAME) *fnm = NULL;
-	STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
-	if (!strncmp(cnf->name, "fullname", 9))
-		{
-		fnm = gnames_from_sectname(ctx, cnf->value);
-		if (!fnm)
-			goto err;
-		}
-	else if (!strcmp(cnf->name, "relativename"))
-		{
-		int ret;
-		STACK_OF(CONF_VALUE) *dnsect;
-		X509_NAME *nm;
-		nm = X509_NAME_new();
-		if (!nm)
-			return -1;
-		dnsect = X509V3_get_section(ctx, cnf->value);
-		if (!dnsect)
-			{
-			X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-						X509V3_R_SECTION_NOT_FOUND);
-			return -1;
-			}
-		ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
-		X509V3_section_free(ctx, dnsect);
-		rnm = nm->entries;
-		nm->entries = NULL;
-		X509_NAME_free(nm);
-		if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
-			goto err;
-		/* Since its a name fragment can't have more than one
-		 * RDNSequence
-		 */
-		if (sk_X509_NAME_ENTRY_value(rnm,
-				sk_X509_NAME_ENTRY_num(rnm) - 1)->set)
-			{
-			X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-						X509V3_R_INVALID_MULTIPLE_RDNS);
-			goto err;
-			}
-		}
-	else
-		return 0;
-
-	if (*pdp)
-		{
-		X509V3err(X509V3_F_SET_DIST_POINT_NAME,
-						X509V3_R_DISTPOINT_ALREADY_SET);
-		goto err;
-		}
-
-	*pdp = DIST_POINT_NAME_new();
-	if (!*pdp)
-		goto err;
-	if (fnm)
-		{
-		(*pdp)->type = 0;
-		(*pdp)->name.fullname = fnm;
-		}
-	else
-		{
-		(*pdp)->type = 1;
-		(*pdp)->name.relativename = rnm;
-		}
-
-	return 1;
-		
-	err:
-	if (fnm)
-		sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
-	if (rnm)
-		sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
-	return -1;
-	}
-
-static const BIT_STRING_BITNAME reason_flags[] = {
-{0, "Unused", "unused"},
-{1, "Key Compromise", "keyCompromise"},
-{2, "CA Compromise", "CACompromise"},
-{3, "Affiliation Changed", "affiliationChanged"},
-{4, "Superseded", "superseded"},
-{5, "Cessation Of Operation", "cessationOfOperation"},
-{6, "Certificate Hold", "certificateHold"},
-{7, "Privilege Withdrawn", "privilegeWithdrawn"},
-{8, "AA Compromise", "AACompromise"},
-{-1, NULL, NULL}
-};
-
-static int set_reasons(ASN1_BIT_STRING **preas, char *value)
-	{
-	STACK_OF(CONF_VALUE) *rsk = NULL;
-	const BIT_STRING_BITNAME *pbn;
-	const char *bnam;
-	int i, ret = 0;
-	rsk = X509V3_parse_list(value);
-	if (!rsk)
-		return 0;
-	if (*preas)
-		return 0;
-	for (i = 0; i < sk_CONF_VALUE_num(rsk); i++)
-		{
-		bnam = sk_CONF_VALUE_value(rsk, i)->name;
-		if (!*preas)
-			{
-			*preas = ASN1_BIT_STRING_new();
-			if (!*preas)
-				goto err;
-			}
-		for (pbn = reason_flags; pbn->lname; pbn++)
-			{
-			if (!strcmp(pbn->sname, bnam))
-				{
-				if (!ASN1_BIT_STRING_set_bit(*preas,
-							pbn->bitnum, 1))
-					goto err;
-				break;
-				}
-			}
-		if (!pbn->lname)
-			goto err;
-		}
-	ret = 1;
-
-	err:
-	sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
-	return ret;
-	}
-
-static int print_reasons(BIO *out, const char *rname,
-			ASN1_BIT_STRING *rflags, int indent)
-	{
-	int first = 1;
-	const BIT_STRING_BITNAME *pbn;
-	BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
-	for (pbn = reason_flags; pbn->lname; pbn++)
-		{
-		if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum))
-			{
-			if (first)
-				first = 0;
-			else
-				BIO_puts(out, ", ");
-			BIO_puts(out, pbn->lname);
-			}
-		}
-	if (first)
-		BIO_puts(out, "<EMPTY>\n");
-	else
-		BIO_puts(out, "\n");
-	return 1;
-	}
-
-static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
-						STACK_OF(CONF_VALUE) *nval)
-	{
-	int i;
-	CONF_VALUE *cnf;
-	DIST_POINT *point = NULL;
-	point = DIST_POINT_new();
-	if (!point)
-		goto err;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
-		{
-		int ret;
-		cnf = sk_CONF_VALUE_value(nval, i);
-		ret = set_dist_point_name(&point->distpoint, ctx, cnf);
-		if (ret > 0)
-			continue;
-		if (ret < 0)
-			goto err;
-		if (!strcmp(cnf->name, "reasons"))
-			{
-			if (!set_reasons(&point->reasons, cnf->value))
-				goto err;
-			}
-		else if (!strcmp(cnf->name, "CRLissuer"))
-			{
-			point->CRLissuer =
-				gnames_from_sectname(ctx, cnf->value);
-			if (!point->CRLissuer)
-				goto err;
-			}
-		}
-
-	return point;
-			
-
-	err:
-	if (point)
-		DIST_POINT_free(point);
-	return NULL;
-	}
-
-static void *v2i_crld(const X509V3_EXT_METHOD *method,
-		      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-	{
-	STACK_OF(DIST_POINT) *crld = NULL;
-	GENERAL_NAMES *gens = NULL;
-	GENERAL_NAME *gen = NULL;
-	CONF_VALUE *cnf;
-	int i;
-	if(!(crld = sk_DIST_POINT_new_null())) goto merr;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		DIST_POINT *point;
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if (!cnf->value)
-			{
-			STACK_OF(CONF_VALUE) *dpsect;
-			dpsect = X509V3_get_section(ctx, cnf->name);
-			if (!dpsect)
-				goto err;
-			point = crldp_from_section(ctx, dpsect);
-			X509V3_section_free(ctx, dpsect);
-			if (!point)
-				goto err;
-			if(!sk_DIST_POINT_push(crld, point))
-				{
-				DIST_POINT_free(point);
-				goto merr;
-				}
-			}
-		else
-			{
-			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
-				goto err; 
-			if(!(gens = GENERAL_NAMES_new()))
-				goto merr;
-			if(!sk_GENERAL_NAME_push(gens, gen))
-				goto merr;
-			gen = NULL;
-			if(!(point = DIST_POINT_new()))
-				goto merr;
-			if(!sk_DIST_POINT_push(crld, point))
-				{
-				DIST_POINT_free(point);
-				goto merr;
-				}
-			if(!(point->distpoint = DIST_POINT_NAME_new()))
-				goto merr;
-			point->distpoint->name.fullname = gens;
-			point->distpoint->type = 0;
-			gens = NULL;
-			}
-	}
-	return crld;
-
-	merr:
-	X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
-	err:
-	GENERAL_NAME_free(gen);
-	GENERAL_NAMES_free(gens);
-	sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
-	return NULL;
-}
-
-IMPLEMENT_STACK_OF(DIST_POINT)
-IMPLEMENT_ASN1_SET_OF(DIST_POINT)
-
-static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-								void *exarg)
-	{
-	DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;
-
-	switch(operation)
-		{
-		case ASN1_OP_NEW_POST:
-		dpn->dpname = NULL;
-		break;
-
-		case ASN1_OP_FREE_POST:
-		if (dpn->dpname)
-			X509_NAME_free(dpn->dpname);
-		break;
-		}
-	return 1;
-	}
-
-
-ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
-	ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
-	ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
-} ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type)
-
-
-IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
-
-ASN1_SEQUENCE(DIST_POINT) = {
-	ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
-	ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
-	ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
-} ASN1_SEQUENCE_END(DIST_POINT)
-
-IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
-
-ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
-ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
-
-IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
-
-ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
-	ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0),
-	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1),
-	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2),
-	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3),
-	ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4),
-	ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
-} ASN1_SEQUENCE_END(ISSUING_DIST_POINT)
-
-IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
-
-static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
-		   int indent);
-static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-		     STACK_OF(CONF_VALUE) *nval);
-
-const X509V3_EXT_METHOD v3_idp =
-	{
-	NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
-	ASN1_ITEM_ref(ISSUING_DIST_POINT),
-	0,0,0,0,
-	0,0,
-	0,
-	v2i_idp,
-	i2r_idp,0,
-	NULL
-	};
-
-static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-		     STACK_OF(CONF_VALUE) *nval)
-	{
-	ISSUING_DIST_POINT *idp = NULL;
-	CONF_VALUE *cnf;
-	char *name, *val;
-	int i, ret;
-	idp = ISSUING_DIST_POINT_new();
-	if (!idp)
-		goto merr;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
-		{
-		cnf = sk_CONF_VALUE_value(nval, i);
-		name = cnf->name;
-		val = cnf->value;
-		ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
-		if (ret > 0)
-			continue;
-		if (ret < 0)
-			goto err;
-		if (!strcmp(name, "onlyuser"))
-			{
-			if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
-				goto err;
-			}
-		else if (!strcmp(name, "onlyCA"))
-			{
-			if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
-				goto err;
-			}
-		else if (!strcmp(name, "onlyAA"))
-			{
-			if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
-				goto err;
-			}
-		else if (!strcmp(name, "indirectCRL"))
-			{
-			if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
-				goto err;
-			}
-		else if (!strcmp(name, "onlysomereasons"))
-			{
-			if (!set_reasons(&idp->onlysomereasons, val))
-				goto err;
-			}
-		else
-			{
-                        X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
-                        X509V3_conf_err(cnf);
-                        goto err;
-			}
-		}
-	return idp;
-
-	merr:
-	X509V3err(X509V3_F_V2I_IDP,ERR_R_MALLOC_FAILURE);
-	err:
-	ISSUING_DIST_POINT_free(idp);
-	return NULL;
-	}
-
-static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
-	{
-	int i;
-	for (i = 0; i < sk_GENERAL_NAME_num(gens); i++)
-		{
-		BIO_printf(out, "%*s", indent + 2, "");
-		GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
-		BIO_puts(out, "\n");
-		}
-	return 1;
-	}
-
-static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
-	{
-	if (dpn->type == 0)
-		{
-		BIO_printf(out, "%*sFull Name:\n", indent, "");
-		print_gens(out, dpn->name.fullname, indent);
-		}
-	else
-		{
-		X509_NAME ntmp;
-		ntmp.entries = dpn->name.relativename;
-		BIO_printf(out, "%*sRelative Name:\n%*s",
-						indent, "", indent + 2, "");
-		X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
-		BIO_puts(out, "\n");
-		}
-	return 1;
-	}
-
-static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
-		   int indent)
-	{
-	ISSUING_DIST_POINT *idp = pidp;
-	if (idp->distpoint)
-		print_distpoint(out, idp->distpoint, indent);
-	if (idp->onlyuser > 0)
-		BIO_printf(out, "%*sOnly User Certificates\n", indent, "");
-	if (idp->onlyCA > 0)
-		BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");
-	if (idp->indirectCRL > 0)
-		BIO_printf(out, "%*sIndirect CRL\n", indent, "");
-	if (idp->onlysomereasons)
-		print_reasons(out, "Only Some Reasons", 
-				idp->onlysomereasons, indent);
-	if (idp->onlyattr > 0)
-		BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
-	if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0)
-		&& (idp->indirectCRL <= 0) && !idp->onlysomereasons
-		&& (idp->onlyattr <= 0))
-		BIO_printf(out, "%*s<EMPTY>\n", indent, "");
-		
-	return 1;
-	}
-
-static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
-		     int indent)
-	{
-	STACK_OF(DIST_POINT) *crld = pcrldp;
-	DIST_POINT *point;
-	int i;
-	for(i = 0; i < sk_DIST_POINT_num(crld); i++)
-		{
-		BIO_puts(out, "\n");
-		point = sk_DIST_POINT_value(crld, i);
-		if(point->distpoint)
-			print_distpoint(out, point->distpoint, indent);
-		if(point->reasons) 
-			print_reasons(out, "Reasons", point->reasons,
-								indent);
-		if(point->CRLissuer)
-			{
-			BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
-			print_gens(out, point->CRLissuer, indent);
-			}
-		}
-	return 1;
-	}
-
-int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)
-	{
-	int i;
-	STACK_OF(X509_NAME_ENTRY) *frag;
-	X509_NAME_ENTRY *ne;
-	if (!dpn || (dpn->type != 1))
-		return 1;
-	frag = dpn->name.relativename;
-	dpn->dpname = X509_NAME_dup(iname);
-	if (!dpn->dpname)
-		return 0;
-	for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++)
-		{
-		ne = sk_X509_NAME_ENTRY_value(frag, i);
-		if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1))
-			{
-			X509_NAME_free(dpn->dpname);
-			dpn->dpname = NULL;
-			return 0;
-			}
-		}
-	/* generate cached encoding of name */
-	if (i2d_X509_NAME(dpn->dpname, NULL) < 0)
-		{
-		X509_NAME_free(dpn->dpname);
-		dpn->dpname = NULL;
-		return 0;
-		}
-	return 1;
-	}
diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c
deleted file mode 100644
index c0575e368d..0000000000
--- a/crypto/x509v3/v3_enum.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* v3_enum.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-
-static ENUMERATED_NAMES crl_reasons[] = {
-{CRL_REASON_UNSPECIFIED, 	 "Unspecified", "unspecified"},
-{CRL_REASON_KEY_COMPROMISE,	 "Key Compromise", "keyCompromise"},
-{CRL_REASON_CA_COMPROMISE,	 "CA Compromise", "CACompromise"},
-{CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed", "affiliationChanged"},
-{CRL_REASON_SUPERSEDED, 	 "Superseded", "superseded"},
-{CRL_REASON_CESSATION_OF_OPERATION,
-			"Cessation Of Operation", "cessationOfOperation"},
-{CRL_REASON_CERTIFICATE_HOLD,	 "Certificate Hold", "certificateHold"},
-{CRL_REASON_REMOVE_FROM_CRL,	 "Remove From CRL", "removeFromCRL"},
-{CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn", "privilegeWithdrawn"},
-{CRL_REASON_AA_COMPROMISE,	 "AA Compromise", "AACompromise"},
-{-1, NULL, NULL}
-};
-
-const X509V3_EXT_METHOD v3_crl_reason = { 
-NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
-0,0,0,0,
-(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
-0,
-0,0,0,0,
-crl_reasons};
-
-
-char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
-	     ASN1_ENUMERATED *e)
-{
-	ENUMERATED_NAMES *enam;
-	long strval;
-	strval = ASN1_ENUMERATED_get(e);
-	for(enam = method->usr_data; enam->lname; enam++) {
-		if(strval == enam->bitnum) return BUF_strdup(enam->lname);
-	}
-	return i2s_ASN1_ENUMERATED(method, e);
-}
diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c
deleted file mode 100644
index 1c66532757..0000000000
--- a/crypto/x509v3/v3_extku.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/* v3_extku.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
-				    X509V3_CTX *ctx,
-				    STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
-		void *eku, STACK_OF(CONF_VALUE) *extlist);
-
-const X509V3_EXT_METHOD v3_ext_ku = {
-	NID_ext_key_usage, 0,
-	ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
-	0,0,0,0,
-	0,0,
-	i2v_EXTENDED_KEY_USAGE,
-	v2i_EXTENDED_KEY_USAGE,
-	0,0,
-	NULL
-};
-
-/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
-const X509V3_EXT_METHOD v3_ocsp_accresp = {
-	NID_id_pkix_OCSP_acceptableResponses, 0,
-	ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
-	0,0,0,0,
-	0,0,
-	i2v_EXTENDED_KEY_USAGE,
-	v2i_EXTENDED_KEY_USAGE,
-	0,0,
-	NULL
-};
-
-ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
-ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
-
-IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
-
-static STACK_OF(CONF_VALUE) *
-  i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *a,
-			 STACK_OF(CONF_VALUE) *ext_list)
-{
-	EXTENDED_KEY_USAGE *eku = a;
-	int i;
-	ASN1_OBJECT *obj;
-	char obj_tmp[80];
-	for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
-		obj = sk_ASN1_OBJECT_value(eku, i);
-		i2t_ASN1_OBJECT(obj_tmp, 80, obj);
-		X509V3_add_value(NULL, obj_tmp, &ext_list);
-	}
-	return ext_list;
-}
-
-static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
-				    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-	EXTENDED_KEY_USAGE *extku;
-	char *extval;
-	ASN1_OBJECT *objtmp;
-	CONF_VALUE *val;
-	int i;
-
-	if(!(extku = sk_ASN1_OBJECT_new_null())) {
-		X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		val = sk_CONF_VALUE_value(nval, i);
-		if(val->value) extval = val->value;
-		else extval = val->name;
-		if(!(objtmp = OBJ_txt2obj(extval, 0))) {
-			sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
-			X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-			X509V3_conf_err(val);
-			return NULL;
-		}
-		sk_ASN1_OBJECT_push(extku, objtmp);
-	}
-	return extku;
-}
diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
deleted file mode 100644
index b628357301..0000000000
--- a/crypto/x509v3/v3_genn.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/* v3_genn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE(OTHERNAME) = {
-	ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
-	/* Maybe have a true ANY DEFINED BY later */
-	ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
-} ASN1_SEQUENCE_END(OTHERNAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
-
-ASN1_SEQUENCE(EDIPARTYNAME) = {
-	ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
-	ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
-} ASN1_SEQUENCE_END(EDIPARTYNAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
-
-ASN1_CHOICE(GENERAL_NAME) = {
-	ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
-	ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
-	ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
-	/* Don't decode this */
-	ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
-	/* X509_NAME is a CHOICE type so use EXPLICIT */
-	ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
-	ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
-	ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
-	ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
-	ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
-} ASN1_CHOICE_END(GENERAL_NAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
-
-ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
-ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
-
-IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
-
-GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a)
-	{
-	return (GENERAL_NAME *) ASN1_dup((i2d_of_void *) i2d_GENERAL_NAME,
-					 (d2i_of_void *) d2i_GENERAL_NAME,
-					 (char *) a);
-	}
-
-/* Returns 0 if they are equal, != 0 otherwise. */
-int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
-	{
-	int result = -1;
-
-	if (!a || !b || a->type != b->type) return -1;
-	switch(a->type)
-		{
-	case GEN_X400:
-	case GEN_EDIPARTY:
-		result = ASN1_TYPE_cmp(a->d.other, b->d.other);
-		break;
-
-	case GEN_OTHERNAME:
-		result = OTHERNAME_cmp(a->d.otherName, b->d.otherName);
-		break;
-
-	case GEN_EMAIL:
-	case GEN_DNS:
-	case GEN_URI:
-		result = ASN1_STRING_cmp(a->d.ia5, b->d.ia5);
-		break;
-
-	case GEN_DIRNAME:
-		result = X509_NAME_cmp(a->d.dirn, b->d.dirn);
-		break;
-
-	case GEN_IPADD:
-		result = ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip);
-		break;
-	
-	case GEN_RID:
-		result = OBJ_cmp(a->d.rid, b->d.rid);
-		break;
-		}
-	return result;
-	}
-
-/* Returns 0 if they are equal, != 0 otherwise. */
-int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b)
-	{
-	int result = -1;
-
-	if (!a || !b) return -1;
-	/* Check their type first. */
-	if ((result = OBJ_cmp(a->type_id, b->type_id)) != 0)
-		return result;
-	/* Check the value. */
-	result = ASN1_TYPE_cmp(a->value, b->value);
-	return result;
-	}
-
-void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
-	{
-	switch(type)
-		{
-	case GEN_X400:
-	case GEN_EDIPARTY:
-		a->d.other = value;
-		break;
-
-	case GEN_OTHERNAME:
-		a->d.otherName = value;
-		break;
-
-	case GEN_EMAIL:
-	case GEN_DNS:
-	case GEN_URI:
-		a->d.ia5 = value;
-		break;
-
-	case GEN_DIRNAME:
-		a->d.dirn = value;
-		break;
-
-	case GEN_IPADD:
-		a->d.ip = value;
-		break;
-	
-	case GEN_RID:
-		a->d.rid = value;
-		break;
-		}
-	a->type = type;
-	}
-
-void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype)
-	{
-	if (ptype)
-		*ptype = a->type;
-	switch(a->type)
-		{
-	case GEN_X400:
-	case GEN_EDIPARTY:
-		return a->d.other;
-
-	case GEN_OTHERNAME:
-		return a->d.otherName;
-
-	case GEN_EMAIL:
-	case GEN_DNS:
-	case GEN_URI:
-		return a->d.ia5;
-
-	case GEN_DIRNAME:
-		return a->d.dirn;
-
-	case GEN_IPADD:
-		return a->d.ip;
-	
-	case GEN_RID:
-		return a->d.rid;
-
-	default:
-		return NULL;
-		}
-	}
-
-int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
-				ASN1_OBJECT *oid, ASN1_TYPE *value)
-	{
-	OTHERNAME *oth;
-	oth = OTHERNAME_new();
-	if (!oth)
-		return 0;
-	oth->type_id = oid;
-	oth->value = value;
-	GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth);
-	return 1;
-	}
-
-int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, 
-				ASN1_OBJECT **poid, ASN1_TYPE **pvalue)
-	{
-	if (gen->type != GEN_OTHERNAME)
-		return 0;
-	if (poid)
-		*poid = gen->d.otherName->type_id;
-	if (pvalue)
-		*pvalue = gen->d.otherName->value;
-	return 1;
-	}
-
diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c
deleted file mode 100644
index 4ff12b52b5..0000000000
--- a/crypto/x509v3/v3_ia5.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/* v3_ia5.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_ns_ia5_list[] = { 
-EXT_IA5STRING(NID_netscape_base_url),
-EXT_IA5STRING(NID_netscape_revocation_url),
-EXT_IA5STRING(NID_netscape_ca_revocation_url),
-EXT_IA5STRING(NID_netscape_renewal_url),
-EXT_IA5STRING(NID_netscape_ca_policy_url),
-EXT_IA5STRING(NID_netscape_ssl_server_name),
-EXT_IA5STRING(NID_netscape_comment),
-EXT_END
-};
-
-
-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
-	     ASN1_IA5STRING *ia5)
-{
-	char *tmp;
-	if(!ia5 || !ia5->length) return NULL;
-	if(!(tmp = OPENSSL_malloc(ia5->length + 1))) {
-		X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	memcpy(tmp, ia5->data, ia5->length);
-	tmp[ia5->length] = 0;
-	return tmp;
-}
-
-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, char *str)
-{
-	ASN1_IA5STRING *ia5;
-	if(!str) {
-		X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
-		return NULL;
-	}
-	if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
-	if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
-			    strlen(str))) {
-		M_ASN1_IA5STRING_free(ia5);
-		goto err;
-	}
-#ifdef CHARSET_EBCDIC
-        ebcdic2ascii(ia5->data, ia5->data, ia5->length);
-#endif /*CHARSET_EBCDIC*/
-	return ia5;
-	err:
-	X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
-	return NULL;
-}
-
diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c
deleted file mode 100644
index e1b8699f92..0000000000
--- a/crypto/x509v3/v3_info.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/* v3_info.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-				AUTHORITY_INFO_ACCESS *ainfo,
-						STACK_OF(CONF_VALUE) *ret);
-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-
-const X509V3_EXT_METHOD v3_info =
-{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
-(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
-0,0,
-NULL};
-
-const X509V3_EXT_METHOD v3_sinfo =
-{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
-(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
-0,0,
-NULL};
-
-ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
-	ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
-	ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
-} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
-
-IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
-
-ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
-ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
-
-IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
-
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-				AUTHORITY_INFO_ACCESS *ainfo,
-						STACK_OF(CONF_VALUE) *ret)
-{
-	ACCESS_DESCRIPTION *desc;
-	int i,nlen;
-	char objtmp[80], *ntmp;
-	CONF_VALUE *vtmp;
-	for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
-		desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
-		ret = i2v_GENERAL_NAME(method, desc->location, ret);
-		if(!ret) break;
-		vtmp = sk_CONF_VALUE_value(ret, i);
-		i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
-		nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
-		ntmp = OPENSSL_malloc(nlen);
-		if(!ntmp) {
-			X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
-					ERR_R_MALLOC_FAILURE);
-			return NULL;
-		}
-		BUF_strlcpy(ntmp, objtmp, nlen);
-		BUF_strlcat(ntmp, " - ", nlen);
-		BUF_strlcat(ntmp, vtmp->name, nlen);
-		OPENSSL_free(vtmp->name);
-		vtmp->name = ntmp;
-		
-	}
-	if(!ret) return sk_CONF_VALUE_new_null();
-	return ret;
-}
-
-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-	AUTHORITY_INFO_ACCESS *ainfo = NULL;
-	CONF_VALUE *cnf, ctmp;
-	ACCESS_DESCRIPTION *acc;
-	int i, objlen;
-	char *objtmp, *ptmp;
-	if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
-		X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if(!(acc = ACCESS_DESCRIPTION_new())
-			|| !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
-			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		ptmp = strchr(cnf->name, ';');
-		if(!ptmp) {
-			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_INVALID_SYNTAX);
-			goto err;
-		}
-		objlen = ptmp - cnf->name;
-		ctmp.name = ptmp + 1;
-		ctmp.value = cnf->value;
-		if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
-								 goto err; 
-		if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
-			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		strncpy(objtmp, cnf->name, objlen);
-		objtmp[objlen] = 0;
-		acc->method = OBJ_txt2obj(objtmp, 0);
-		if(!acc->method) {
-			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_BAD_OBJECT);
-			ERR_add_error_data(2, "value=", objtmp);
-			OPENSSL_free(objtmp);
-			goto err;
-		}
-		OPENSSL_free(objtmp);
-
-	}
-	return ainfo;
-	err:
-	sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
-	return NULL;
-}
-
-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
-        {
-	i2a_ASN1_OBJECT(bp, a->method);
-#ifdef UNDEF
-	i2a_GENERAL_NAME(bp, a->location);
-#endif
-	return 2;
-	}
diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c
deleted file mode 100644
index 4bfd14cf46..0000000000
--- a/crypto/x509v3/v3_int.c
+++ /dev/null
@@ -1,89 +0,0 @@
-/* v3_int.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-
-const X509V3_EXT_METHOD v3_crl_num = { 
-	NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-	0,0,0,0,
-	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-	0,
-	0,0,0,0, NULL};
-
-const X509V3_EXT_METHOD v3_delta_crl = { 
-	NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-	0,0,0,0,
-	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-	0,
-	0,0,0,0, NULL};
-
-static void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value)
-	{
-	return s2i_ASN1_INTEGER(meth, value);
-	}
-
-const X509V3_EXT_METHOD v3_inhibit_anyp = { 
-	NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-	0,0,0,0,
-	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-	(X509V3_EXT_S2I)s2i_asn1_int,
-	0,0,0,0, NULL};
-
-
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
deleted file mode 100644
index 0f1e1d4422..0000000000
--- a/crypto/x509v3/v3_lib.c
+++ /dev/null
@@ -1,309 +0,0 @@
-/* v3_lib.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* X509 v3 extension utilities */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-#include "ext_dat.h"
-
-static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
-
-static int ext_cmp(const X509V3_EXT_METHOD * const *a,
-		const X509V3_EXT_METHOD * const *b);
-static void ext_list_free(X509V3_EXT_METHOD *ext);
-
-int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
-{
-	if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
-		X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
-		X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	return 1;
-}
-
-static int ext_cmp(const X509V3_EXT_METHOD * const *a,
-		   const X509V3_EXT_METHOD * const *b)
-{
-	return ((*a)->ext_nid - (*b)->ext_nid);
-}
-
-DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, const X509V3_EXT_METHOD *,
-			   ext);
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
-			     const X509V3_EXT_METHOD *, ext);
-
-const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
-{
-	X509V3_EXT_METHOD tmp;
-	const X509V3_EXT_METHOD *t = &tmp, * const *ret;
-	int idx;
-	if(nid < 0) return NULL;
-	tmp.ext_nid = nid;
-	ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT);
-	if(ret) return *ret;
-	if(!ext_list) return NULL;
-	idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
-	if(idx == -1) return NULL;
-	return sk_X509V3_EXT_METHOD_value(ext_list, idx);
-}
-
-const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
-{
-	int nid;
-	if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
-	return X509V3_EXT_get_nid(nid);
-}
-
-
-int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
-{
-	for(;extlist->ext_nid!=-1;extlist++) 
-			if(!X509V3_EXT_add(extlist)) return 0;
-	return 1;
-}
-
-int X509V3_EXT_add_alias(int nid_to, int nid_from)
-{
-	const X509V3_EXT_METHOD *ext;
-	X509V3_EXT_METHOD *tmpext;
-
-	if(!(ext = X509V3_EXT_get_nid(nid_from))) {
-		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
-		return 0;
-	}
-	if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
-		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	*tmpext = *ext;
-	tmpext->ext_nid = nid_to;
-	tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
-	return X509V3_EXT_add(tmpext);
-}
-
-void X509V3_EXT_cleanup(void)
-{
-	sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
-	ext_list = NULL;
-}
-
-static void ext_list_free(X509V3_EXT_METHOD *ext)
-{
-	if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);
-}
-
-/* Legacy function: we don't need to add standard extensions
- * any more because they are now kept in ext_dat.h.
- */
-
-int X509V3_add_standard_extensions(void)
-{
-	return 1;
-}
-
-/* Return an extension internal structure */
-
-void *X509V3_EXT_d2i(X509_EXTENSION *ext)
-{
-	const X509V3_EXT_METHOD *method;
-	const unsigned char *p;
-
-	if(!(method = X509V3_EXT_get(ext))) return NULL;
-	p = ext->value->data;
-	if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
-	return method->d2i(NULL, &p, ext->value->length);
-}
-
-/* Get critical flag and decoded version of extension from a NID.
- * The "idx" variable returns the last found extension and can
- * be used to retrieve multiple extensions of the same NID.
- * However multiple extensions with the same NID is usually
- * due to a badly encoded certificate so if idx is NULL we
- * choke if multiple extensions exist.
- * The "crit" variable is set to the critical value.
- * The return value is the decoded extension or NULL on
- * error. The actual error can have several different causes,
- * the value of *crit reflects the cause:
- * >= 0, extension found but not decoded (reflects critical value).
- * -1 extension not found.
- * -2 extension occurs more than once.
- */
-
-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
-{
-	int lastpos, i;
-	X509_EXTENSION *ex, *found_ex = NULL;
-	if(!x) {
-		if(idx) *idx = -1;
-		if(crit) *crit = -1;
-		return NULL;
-	}
-	if(idx) lastpos = *idx + 1;
-	else lastpos = 0;
-	if(lastpos < 0) lastpos = 0;
-	for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
-	{
-		ex = sk_X509_EXTENSION_value(x, i);
-		if(OBJ_obj2nid(ex->object) == nid) {
-			if(idx) {
-				*idx = i;
-				found_ex = ex;
-				break;
-			} else if(found_ex) {
-				/* Found more than one */
-				if(crit) *crit = -2;
-				return NULL;
-			}
-			found_ex = ex;
-		}
-	}
-	if(found_ex) {
-		/* Found it */
-		if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
-		return X509V3_EXT_d2i(found_ex);
-	}
-
-	/* Extension not found */
-	if(idx) *idx = -1;
-	if(crit) *crit = -1;
-	return NULL;
-}
-
-/* This function is a general extension append, replace and delete utility.
- * The precise operation is governed by the 'flags' value. The 'crit' and
- * 'value' arguments (if relevant) are the extensions internal structure.
- */
-
-int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
-					int crit, unsigned long flags)
-{
-	int extidx = -1;
-	int errcode;
-	X509_EXTENSION *ext, *extmp;
-	unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
-
-	/* If appending we don't care if it exists, otherwise
-	 * look for existing extension.
-	 */
-	if(ext_op != X509V3_ADD_APPEND)
-		extidx = X509v3_get_ext_by_NID(*x, nid, -1);
-
-	/* See if extension exists */
-	if(extidx >= 0) {
-		/* If keep existing, nothing to do */
-		if(ext_op == X509V3_ADD_KEEP_EXISTING)
-			return 1;
-		/* If default then its an error */
-		if(ext_op == X509V3_ADD_DEFAULT) {
-			errcode = X509V3_R_EXTENSION_EXISTS;
-			goto err;
-		}
-		/* If delete, just delete it */
-		if(ext_op == X509V3_ADD_DELETE) {
-			if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
-			return 1;
-		}
-	} else {
-		/* If replace existing or delete, error since 
-		 * extension must exist
-		 */
-		if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
-		   (ext_op == X509V3_ADD_DELETE)) {
-			errcode = X509V3_R_EXTENSION_NOT_FOUND;
-			goto err;
-		}
-	}
-
-	/* If we get this far then we have to create an extension:
-	 * could have some flags for alternative encoding schemes...
-	 */
-
-	ext = X509V3_EXT_i2d(nid, crit, value);
-
-	if(!ext) {
-		X509V3err(X509V3_F_X509V3_ADD1_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
-		return 0;
-	}
-
-	/* If extension exists replace it.. */
-	if(extidx >= 0) {
-		extmp = sk_X509_EXTENSION_value(*x, extidx);
-		X509_EXTENSION_free(extmp);
-		if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
-		return 1;
-	}
-
-	if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
-	if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
-
-	return 1;
-
-	err:
-	if(!(flags & X509V3_ADD_SILENT))
-		X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
-	return 0;
-}
-
-IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
deleted file mode 100644
index 3b0f1bd1bd..0000000000
--- a/crypto/x509v3/v3_ncons.c
+++ /dev/null
@@ -1,505 +0,0 @@
-/* v3_ncons.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
-				  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, 
-				void *a, BIO *bp, int ind);
-static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
-				   STACK_OF(GENERAL_SUBTREE) *trees,
-				   BIO *bp, int ind, char *name);
-static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
-
-static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
-static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen);
-static int nc_dn(X509_NAME *sub, X509_NAME *nm);
-static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
-static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
-static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);
-
-const X509V3_EXT_METHOD v3_name_constraints = {
-	NID_name_constraints, 0,
-	ASN1_ITEM_ref(NAME_CONSTRAINTS),
-	0,0,0,0,
-	0,0,
-	0, v2i_NAME_CONSTRAINTS,
-	i2r_NAME_CONSTRAINTS,0,
-	NULL
-};
-
-ASN1_SEQUENCE(GENERAL_SUBTREE) = {
-	ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
-	ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
-	ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1)
-} ASN1_SEQUENCE_END(GENERAL_SUBTREE)
-
-ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
-	ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
-							GENERAL_SUBTREE, 0),
-	ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
-							GENERAL_SUBTREE, 1),
-} ASN1_SEQUENCE_END(NAME_CONSTRAINTS)
-	
-
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
-
-static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
-				  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-	{
-	int i;
-	CONF_VALUE tval, *val;
-	STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
-	NAME_CONSTRAINTS *ncons = NULL;
-	GENERAL_SUBTREE *sub = NULL;
-	ncons = NAME_CONSTRAINTS_new();
-	if (!ncons)
-		goto memerr;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
-		{
-		val = sk_CONF_VALUE_value(nval, i);
-		if (!strncmp(val->name, "permitted", 9) && val->name[9])
-			{
-			ptree = &ncons->permittedSubtrees;
-			tval.name = val->name + 10;
-			}
-		else if (!strncmp(val->name, "excluded", 8) && val->name[8])
-			{
-			ptree = &ncons->excludedSubtrees;
-			tval.name = val->name + 9;
-			}
-		else
-			{
-			X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);
-			goto err;
-			}
-		tval.value = val->value;
-		sub = GENERAL_SUBTREE_new();
-		if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
-			goto err;
-		if (!*ptree)
-			*ptree = sk_GENERAL_SUBTREE_new_null();
-		if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
-			goto memerr;
-		sub = NULL;
-		}
-
-	return ncons;
-
-	memerr:
-	X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
-	err:
-	if (ncons)
-		NAME_CONSTRAINTS_free(ncons);
-	if (sub)
-		GENERAL_SUBTREE_free(sub);
-
-	return NULL;
-	}
-			
-
-	
-
-static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
-				BIO *bp, int ind)
-	{
-	NAME_CONSTRAINTS *ncons = a;
-	do_i2r_name_constraints(method, ncons->permittedSubtrees,
-					bp, ind, "Permitted");
-	do_i2r_name_constraints(method, ncons->excludedSubtrees,
-					bp, ind, "Excluded");
-	return 1;
-	}
-
-static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
-				   STACK_OF(GENERAL_SUBTREE) *trees,
-				   BIO *bp, int ind, char *name)
-	{
-	GENERAL_SUBTREE *tree;
-	int i;
-	if (sk_GENERAL_SUBTREE_num(trees) > 0)
-		BIO_printf(bp, "%*s%s:\n", ind, "", name);
-	for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++)
-		{
-		tree = sk_GENERAL_SUBTREE_value(trees, i);
-		BIO_printf(bp, "%*s", ind + 2, "");
-		if (tree->base->type == GEN_IPADD)
-			print_nc_ipadd(bp, tree->base->d.ip);
-		else
-			GENERAL_NAME_print(bp, tree->base);
-		BIO_puts(bp, "\n");
-		}
-	return 1;
-	}
-
-static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
-	{
-	int i, len;
-	unsigned char *p;
-	p = ip->data;
-	len = ip->length;
-	BIO_puts(bp, "IP:");
-	if(len == 8)
-		{
-		BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",
-				p[0], p[1], p[2], p[3],
-				p[4], p[5], p[6], p[7]);
-		}
-	else if(len == 32)
-		{
-		for (i = 0; i < 16; i++)
-			{
-			BIO_printf(bp, "%X", p[0] << 8 | p[1]);
-			p += 2;
-			if (i == 7)
-				BIO_puts(bp, "/");
-			else if (i != 15)
-				BIO_puts(bp, ":");
-			}
-		}
-	else
-		BIO_printf(bp, "IP Address:<invalid>");
-	return 1;
-	}
-
-/* Check a certificate conforms to a specified set of constraints.
- * Return values:
- *  X509_V_OK: All constraints obeyed.
- *  X509_V_ERR_PERMITTED_VIOLATION: Permitted subtree violation.
- *  X509_V_ERR_EXCLUDED_VIOLATION: Excluded subtree violation.
- *  X509_V_ERR_SUBTREE_MINMAX: Min or max values present and matching type.
- *  X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:  Unsupported constraint type.
- *  X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax.
- *  X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name
-
- */
-
-int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
-	{
-	int r, i;
-	X509_NAME *nm;
-
-	nm = X509_get_subject_name(x);
-
-	if (X509_NAME_entry_count(nm) > 0)
-		{
-		GENERAL_NAME gntmp;
-		gntmp.type = GEN_DIRNAME;
-		gntmp.d.directoryName = nm;
-
-		r = nc_match(&gntmp, nc);
-
-		if (r != X509_V_OK)
-			return r;
-
-		gntmp.type = GEN_EMAIL;
-
-
-		/* Process any email address attributes in subject name */
-
-		for (i = -1;;)
-			{
-			X509_NAME_ENTRY *ne;
-			i = X509_NAME_get_index_by_NID(nm,
-						       NID_pkcs9_emailAddress,
-						       i);
-			if (i == -1)
-				break;
-			ne = X509_NAME_get_entry(nm, i);
-			gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne);
-			if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING)
-				return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-
-			r = nc_match(&gntmp, nc);
-
-			if (r != X509_V_OK)
-				return r;
-			}
-		
-		}
-
-	for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++)
-		{
-		GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i);
-		r = nc_match(gen, nc);
-		if (r != X509_V_OK)
-			return r;
-		}
-
-	return X509_V_OK;
-
-	}
-
-static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
-	{
-	GENERAL_SUBTREE *sub;
-	int i, r, match = 0;
-
-	/* Permitted subtrees: if any subtrees exist of matching the type
-	 * at least one subtree must match.
-	 */
-
-	for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++)
-		{
-		sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
-		if (gen->type != sub->base->type)
-			continue;
-		if (sub->minimum || sub->maximum)
-			return X509_V_ERR_SUBTREE_MINMAX;
-		/* If we already have a match don't bother trying any more */
-		if (match == 2)
-			continue;
-		if (match == 0)
-			match = 1;
-		r = nc_match_single(gen, sub->base);
-		if (r == X509_V_OK)
-			match = 2;
-		else if (r != X509_V_ERR_PERMITTED_VIOLATION)
-			return r;
-		}
-
-	if (match == 1)
-		return X509_V_ERR_PERMITTED_VIOLATION;
-
-	/* Excluded subtrees: must not match any of these */
-
-	for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++)
-		{
-		sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
-		if (gen->type != sub->base->type)
-			continue;
-		if (sub->minimum || sub->maximum)
-			return X509_V_ERR_SUBTREE_MINMAX;
-
-		r = nc_match_single(gen, sub->base);
-		if (r == X509_V_OK)
-			return X509_V_ERR_EXCLUDED_VIOLATION;
-		else if (r != X509_V_ERR_PERMITTED_VIOLATION)
-			return r;
-
-		}
-
-	return X509_V_OK;
-
-	}
-
-static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
-	{
-	switch(base->type)
-		{
-		case GEN_DIRNAME:
-		return nc_dn(gen->d.directoryName, base->d.directoryName);
-
-		case GEN_DNS:
-		return nc_dns(gen->d.dNSName, base->d.dNSName);
-
-		case GEN_EMAIL:
-		return nc_email(gen->d.rfc822Name, base->d.rfc822Name);
-
-		case GEN_URI:
-		return nc_uri(gen->d.uniformResourceIdentifier,
-					base->d.uniformResourceIdentifier);
-
-		default:
-		return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
-		}
-
-	}
-
-/* directoryName name constraint matching.
- * The canonical encoding of X509_NAME makes this comparison easy. It is
- * matched if the subtree is a subset of the name.
- */
-
-static int nc_dn(X509_NAME *nm, X509_NAME *base)
-	{
-	/* Ensure canonical encodings are up to date.  */
-	if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
-		return X509_V_ERR_OUT_OF_MEM;
-	if (base->modified && i2d_X509_NAME(base, NULL) < 0)
-		return X509_V_ERR_OUT_OF_MEM;
-	if (base->canon_enclen > nm->canon_enclen)
-		return X509_V_ERR_PERMITTED_VIOLATION;
-	if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
-		return X509_V_ERR_PERMITTED_VIOLATION;
-	return X509_V_OK;
-	}
-
-static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
-	{
-	char *baseptr = (char *)base->data;
-	char *dnsptr = (char *)dns->data;
-	/* Empty matches everything */
-	if (!*baseptr)
-		return X509_V_OK;
-	/* Otherwise can add zero or more components on the left so
-	 * compare RHS and if dns is longer and expect '.' as preceding
-	 * character.
-	 */
-	if (dns->length > base->length)
-		{
-		dnsptr += dns->length - base->length;
-		if (*baseptr != '.' && dnsptr[-1] != '.')
-			return X509_V_ERR_PERMITTED_VIOLATION;
-		}
-
-	if (strcasecmp(baseptr, dnsptr))
-			return X509_V_ERR_PERMITTED_VIOLATION;
-
-	return X509_V_OK;
-
-	}
-
-static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
-	{
-	const char *baseptr = (char *)base->data;
-	const char *emlptr = (char *)eml->data;
-
-	const char *baseat = strchr(baseptr, '@');
-	const char *emlat = strchr(emlptr, '@');
-	if (!emlat)
-		return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-	/* Special case: inital '.' is RHS match */
-	if (!baseat && (*baseptr == '.'))
-		{
-		if (eml->length > base->length)
-			{
-			emlptr += eml->length - base->length;
-			if (!strcasecmp(baseptr, emlptr))
-				return X509_V_OK;
-			}
-		return X509_V_ERR_PERMITTED_VIOLATION;
-		}
-
-	/* If we have anything before '@' match local part */
-
-	if (baseat)
-		{
-		if (baseat != baseptr)
-			{
-			if ((baseat - baseptr) != (emlat - emlptr))
-				return X509_V_ERR_PERMITTED_VIOLATION;
-			/* Case sensitive match of local part */
-			if (strncmp(baseptr, emlptr, emlat - emlptr))
-				return X509_V_ERR_PERMITTED_VIOLATION;
-			}
-		/* Position base after '@' */
-		baseptr = baseat + 1;
-		}
-	emlptr = emlat + 1;
-	/* Just have hostname left to match: case insensitive */
-	if (strcasecmp(baseptr, emlptr))
-		return X509_V_ERR_PERMITTED_VIOLATION;
-
-	return X509_V_OK;
-
-	}
-
-static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
-	{
-	const char *baseptr = (char *)base->data;
-	const char *hostptr = (char *)uri->data;
-	const char *p = strchr(hostptr, ':');
-	int hostlen;
-	/* Check for foo:// and skip past it */
-	if (!p || (p[1] != '/') || (p[2] != '/'))
-		return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-	hostptr = p + 3;
-
-	/* Determine length of hostname part of URI */
-
-	/* Look for a port indicator as end of hostname first */
-
-	p = strchr(hostptr, ':');
-	/* Otherwise look for trailing slash */
-	if (!p)
-		p = strchr(hostptr, '/');
-
-	if (!p)
-		hostlen = strlen(hostptr);
-	else
-		hostlen = p - hostptr;
-
-	if (hostlen == 0)
-		return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-
-	/* Special case: inital '.' is RHS match */
-	if (*baseptr == '.')
-		{
-		if (hostlen > base->length)
-			{
-			p = hostptr + hostlen - base->length;
-			if (!strncasecmp(p, baseptr, base->length))
-				return X509_V_OK;
-			}
-		return X509_V_ERR_PERMITTED_VIOLATION;
-		}
-
-	if ((base->length != (int)hostlen) || strncasecmp(hostptr, baseptr, hostlen))
-		return X509_V_ERR_PERMITTED_VIOLATION;
-
-	return X509_V_OK;
-
-	}
diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c
deleted file mode 100644
index 0c165af314..0000000000
--- a/crypto/x509v3/v3_ocsp.c
+++ /dev/null
@@ -1,289 +0,0 @@
-/* v3_ocsp.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef OPENSSL_NO_OCSP
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/ocsp.h>
-#include <openssl/x509v3.h>
-
-/* OCSP extensions and a couple of CRL entry extensions
- */
-
-static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
-			  BIO *out, int indent);
-static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
-			    BIO *out, int indent);
-static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
-		      int indent);
-
-static void *ocsp_nonce_new(void);
-static int i2d_ocsp_nonce(void *a, unsigned char **pp);
-static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
-static void ocsp_nonce_free(void *a);
-static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
-			  BIO *out, int indent);
-
-static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
-			    void *nocheck, BIO *out, int indent);
-static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-			      const char *str);
-static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
-			       BIO *bp, int ind);
-
-const X509V3_EXT_METHOD v3_ocsp_crlid = {
-	NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
-	0,0,0,0,
-	0,0,
-	0,0,
-	i2r_ocsp_crlid,0,
-	NULL
-};
-
-const X509V3_EXT_METHOD v3_ocsp_acutoff = {
-	NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
-	0,0,0,0,
-	0,0,
-	0,0,
-	i2r_ocsp_acutoff,0,
-	NULL
-};
-
-const X509V3_EXT_METHOD v3_crl_invdate = {
-	NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
-	0,0,0,0,
-	0,0,
-	0,0,
-	i2r_ocsp_acutoff,0,
-	NULL
-};
-
-const X509V3_EXT_METHOD v3_crl_hold = {
-	NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
-	0,0,0,0,
-	0,0,
-	0,0,
-	i2r_object,0,
-	NULL
-};
-
-const X509V3_EXT_METHOD v3_ocsp_nonce = {
-	NID_id_pkix_OCSP_Nonce, 0, NULL,
-	ocsp_nonce_new,
-	ocsp_nonce_free,
-	d2i_ocsp_nonce,
-	i2d_ocsp_nonce,
-	0,0,
-	0,0,
-	i2r_ocsp_nonce,0,
-	NULL
-};
-
-const X509V3_EXT_METHOD v3_ocsp_nocheck = {
-	NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
-	0,0,0,0,
-	0,s2i_ocsp_nocheck,
-	0,0,
-	i2r_ocsp_nocheck,0,
-	NULL
-};
-
-const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
-	NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
-	0,0,0,0,
-	0,0,
-	0,0,
-	i2r_ocsp_serviceloc,0,
-	NULL
-};
-
-static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
-			  int ind)
-{
-	OCSP_CRLID *a = in;
-	if (a->crlUrl)
-	        {
-		if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err;
-		if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
-		if (BIO_write(bp, "\n", 1) <= 0) goto err;
-		}
-	if (a->crlNum)
-	        {
-		if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err;
-		if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err;
-		if (BIO_write(bp, "\n", 1) <= 0) goto err;
-		}
-	if (a->crlTime)
-	        {
-		if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err;
-		if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
-		if (BIO_write(bp, "\n", 1) <= 0) goto err;
-		}
-	return 1;
-	err:
-	return 0;
-}
-
-static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
-			    BIO *bp, int ind)
-{
-	if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
-	if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
-	return 1;
-}
-
-
-static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
-		      int ind)
-{
-	if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
-	if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0;
-	return 1;
-}
-
-/* OCSP nonce. This is needs special treatment because it doesn't have
- * an ASN1 encoding at all: it just contains arbitrary data.
- */
-
-static void *ocsp_nonce_new(void)
-{
-	return ASN1_OCTET_STRING_new();
-}
-
-static int i2d_ocsp_nonce(void *a, unsigned char **pp)
-{
-	ASN1_OCTET_STRING *os = a;
-	if(pp) {
-		memcpy(*pp, os->data, os->length);
-		*pp += os->length;
-	}
-	return os->length;
-}
-
-static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
-{
-	ASN1_OCTET_STRING *os, **pos;
-	pos = a;
-	if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
-	else os = *pos;
-	if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
-
-	*pp += length;
-
-	if(pos) *pos = os;
-	return os;
-
-	err:
-	if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
-	OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
-	return NULL;
-}
-
-static void ocsp_nonce_free(void *a)
-{
-	M_ASN1_OCTET_STRING_free(a);
-}
-
-static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
-			  BIO *out, int indent)
-{
-	if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
-	if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
-	return 1;
-}
-
-/* Nocheck is just a single NULL. Don't print anything and always set it */
-
-static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
-			    BIO *out, int indent)
-{
-	return 1;
-}
-
-static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-			      const char *str)
-{
-	return ASN1_NULL_new();
-}
-
-static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
-			       BIO *bp, int ind)
-        {
-	int i;
-	OCSP_SERVICELOC *a = in;
-	ACCESS_DESCRIPTION *ad;
-
-        if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
-        if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
-	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
-	        {
-				ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
-				if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) 
-					goto err;
-				if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
-				if(BIO_puts(bp, " - ") <= 0) goto err;
-				if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
-		}
-	return 1;
-err:
-	return 0;
-	}
-#endif
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
deleted file mode 100644
index f7b733aee1..0000000000
--- a/crypto/x509v3/v3_pci.c
+++ /dev/null
@@ -1,328 +0,0 @@
-/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
-/* Contributed to the OpenSSL Project 2004
- * by Richard Levitte (richard@levitte.org)
- */
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
-	BIO *out, int indent);
-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
-	X509V3_CTX *ctx, char *str);
-
-const X509V3_EXT_METHOD v3_pci =
-	{ NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
-	  0,0,0,0,
-	  0,0,
-	  NULL, NULL,
-	  (X509V3_EXT_I2R)i2r_pci,
-	  (X509V3_EXT_R2I)r2i_pci,
-	  NULL,
-	};
-
-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
-	BIO *out, int indent)
-	{
-	BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
-	if (pci->pcPathLengthConstraint)
-	  i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
-	else
-	  BIO_printf(out, "infinite");
-	BIO_puts(out, "\n");
-	BIO_printf(out, "%*sPolicy Language: ", indent, "");
-	i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
-	BIO_puts(out, "\n");
-	if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
-	  BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
-		     pci->proxyPolicy->policy->data);
-	return 1;
-	}
-
-static int process_pci_value(CONF_VALUE *val,
-	ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
-	ASN1_OCTET_STRING **policy)
-	{
-	int free_policy = 0;
-
-	if (strcmp(val->name, "language") == 0)
-		{
-		if (*language)
-			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
-			X509V3_conf_err(val);
-			return 0;
-			}
-		if (!(*language = OBJ_txt2obj(val->value, 0)))
-			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-			X509V3_conf_err(val);
-			return 0;
-			}
-		}
-	else if (strcmp(val->name, "pathlen") == 0)
-		{
-		if (*pathlen)
-			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
-			X509V3_conf_err(val);
-			return 0;
-			}
-		if (!X509V3_get_value_int(val, pathlen))
-			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH);
-			X509V3_conf_err(val);
-			return 0;
-			}
-		}
-	else if (strcmp(val->name, "policy") == 0)
-		{
-		unsigned char *tmp_data = NULL;
-		long val_len;
-		if (!*policy)
-			{
-			*policy = ASN1_OCTET_STRING_new();
-			if (!*policy)
-				{
-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
-				X509V3_conf_err(val);
-				return 0;
-				}
-			free_policy = 1;
-			}
-		if (strncmp(val->value, "hex:", 4) == 0)
-			{
-			unsigned char *tmp_data2 =
-				string_to_hex(val->value + 4, &val_len);
-
-			if (!tmp_data2) 
-				{
-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
-				X509V3_conf_err(val);
-				goto err;
-				}
-
-			tmp_data = OPENSSL_realloc((*policy)->data,
-				(*policy)->length + val_len + 1);
-			if (tmp_data)
-				{
-				(*policy)->data = tmp_data;
-				memcpy(&(*policy)->data[(*policy)->length],
-					tmp_data2, val_len);
-				(*policy)->length += val_len;
-				(*policy)->data[(*policy)->length] = '\0';
-				}
-			else
-				{
-				OPENSSL_free(tmp_data2);
-				/* realloc failure implies the original data space is b0rked too! */
-				(*policy)->data = NULL;
-				(*policy)->length = 0;
-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
-				X509V3_conf_err(val);
-				goto err;
-				}
-			OPENSSL_free(tmp_data2);
-			}
-		else if (strncmp(val->value, "file:", 5) == 0)
-			{
-			unsigned char buf[2048];
-			int n;
-			BIO *b = BIO_new_file(val->value + 5, "r");
-			if (!b)
-				{
-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
-				X509V3_conf_err(val);
-				goto err;
-				}
-			while((n = BIO_read(b, buf, sizeof(buf))) > 0
-				|| (n == 0 && BIO_should_retry(b)))
-				{
-				if (!n) continue;
-
-				tmp_data = OPENSSL_realloc((*policy)->data,
-					(*policy)->length + n + 1);
-
-				if (!tmp_data)
-					break;
-
-				(*policy)->data = tmp_data;
-				memcpy(&(*policy)->data[(*policy)->length],
-					buf, n);
-				(*policy)->length += n;
-				(*policy)->data[(*policy)->length] = '\0';
-				}
-			BIO_free_all(b);
-
-			if (n < 0)
-				{
-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
-				X509V3_conf_err(val);
-				goto err;
-				}
-			}
-		else if (strncmp(val->value, "text:", 5) == 0)
-			{
-			val_len = strlen(val->value + 5);
-			tmp_data = OPENSSL_realloc((*policy)->data,
-				(*policy)->length + val_len + 1);
-			if (tmp_data)
-				{
-				(*policy)->data = tmp_data;
-				memcpy(&(*policy)->data[(*policy)->length],
-					val->value + 5, val_len);
-				(*policy)->length += val_len;
-				(*policy)->data[(*policy)->length] = '\0';
-				}
-			else
-				{
-				/* realloc failure implies the original data space is b0rked too! */
-				(*policy)->data = NULL;
-				(*policy)->length = 0;
-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
-				X509V3_conf_err(val);
-				goto err;
-				}
-			}
-		else
-			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
-			X509V3_conf_err(val);
-			goto err;
-			}
-		if (!tmp_data)
-			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
-			X509V3_conf_err(val);
-			goto err;
-			}
-		}
-	return 1;
-err:
-	if (free_policy)
-		{
-		ASN1_OCTET_STRING_free(*policy);
-		*policy = NULL;
-		}
-	return 0;
-	}
-
-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
-	X509V3_CTX *ctx, char *value)
-	{
-	PROXY_CERT_INFO_EXTENSION *pci = NULL;
-	STACK_OF(CONF_VALUE) *vals;
-	ASN1_OBJECT *language = NULL;
-	ASN1_INTEGER *pathlen = NULL;
-	ASN1_OCTET_STRING *policy = NULL;
-	int i, j;
-
-	vals = X509V3_parse_list(value);
-	for (i = 0; i < sk_CONF_VALUE_num(vals); i++)
-		{
-		CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
-		if (!cnf->name || (*cnf->name != '@' && !cnf->value))
-			{
-			X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
-			X509V3_conf_err(cnf);
-			goto err;
-			}
-		if (*cnf->name == '@')
-			{
-			STACK_OF(CONF_VALUE) *sect;
-			int success_p = 1;
-
-			sect = X509V3_get_section(ctx, cnf->name + 1);
-			if (!sect)
-				{
-				X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
-				X509V3_conf_err(cnf);
-				goto err;
-				}
-			for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)
-				{
-				success_p =
-					process_pci_value(sk_CONF_VALUE_value(sect, j),
-						&language, &pathlen, &policy);
-				}
-			X509V3_section_free(ctx, sect);
-			if (!success_p)
-				goto err;
-			}
-		else
-			{
-			if (!process_pci_value(cnf,
-					&language, &pathlen, &policy))
-				{
-				X509V3_conf_err(cnf);
-				goto err;
-				}
-			}
-		}
-
-	/* Language is mandatory */
-	if (!language)
-		{
-		X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
-		goto err;
-		}
-	i = OBJ_obj2nid(language);
-	if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)
-		{
-		X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
-		goto err;
-		}
-
-	pci = PROXY_CERT_INFO_EXTENSION_new();
-	if (!pci)
-		{
-		X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	pci->proxyPolicy->policyLanguage = language; language = NULL;
-	pci->proxyPolicy->policy = policy; policy = NULL;
-	pci->pcPathLengthConstraint = pathlen; pathlen = NULL;
-	goto end;
-err:
-	if (language) { ASN1_OBJECT_free(language); language = NULL; }
-	if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
-	if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
-	if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
-end:
-	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-	return pci;
-	}
diff --git a/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c
deleted file mode 100644
index eb08273949..0000000000
--- a/crypto/x509v3/v3_pcia.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */
-/* Contributed to the OpenSSL Project 2004
- * by Richard Levitte (richard@levitte.org)
- */
-/* Copyright (c) 2004 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE(PROXY_POLICY) =
-	{
-	ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
-	ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(PROXY_POLICY)
-
-IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
-
-ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
-	{
-	ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
-	ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
-} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
-
-IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c
deleted file mode 100644
index 30ca652351..0000000000
--- a/crypto/x509v3/v3_pcons.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/* v3_pcons.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *
-i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons,
-		       STACK_OF(CONF_VALUE) *extlist);
-static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
-				    X509V3_CTX *ctx,
-				    STACK_OF(CONF_VALUE) *values);
-
-const X509V3_EXT_METHOD v3_policy_constraints = {
-NID_policy_constraints, 0,
-ASN1_ITEM_ref(POLICY_CONSTRAINTS),
-0,0,0,0,
-0,0,
-i2v_POLICY_CONSTRAINTS,
-v2i_POLICY_CONSTRAINTS,
-NULL,NULL,
-NULL
-};
-
-ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
-	ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
-	ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
-} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
-
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
-
-
-static STACK_OF(CONF_VALUE) *
-i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
-		       STACK_OF(CONF_VALUE) *extlist)
-{
-	POLICY_CONSTRAINTS *pcons = a;
-	X509V3_add_value_int("Require Explicit Policy",
-			pcons->requireExplicitPolicy, &extlist);
-	X509V3_add_value_int("Inhibit Policy Mapping",
-			pcons->inhibitPolicyMapping, &extlist);
-	return extlist;
-}
-
-static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
-				    X509V3_CTX *ctx,
-				    STACK_OF(CONF_VALUE) *values)
-{
-	POLICY_CONSTRAINTS *pcons=NULL;
-	CONF_VALUE *val;
-	int i;
-	if(!(pcons = POLICY_CONSTRAINTS_new())) {
-		X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
-		val = sk_CONF_VALUE_value(values, i);
-		if(!strcmp(val->name, "requireExplicitPolicy")) {
-			if(!X509V3_get_value_int(val,
-				&pcons->requireExplicitPolicy)) goto err;
-		} else if(!strcmp(val->name, "inhibitPolicyMapping")) {
-			if(!X509V3_get_value_int(val,
-				&pcons->inhibitPolicyMapping)) goto err;
-		} else {
-			X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);
-			X509V3_conf_err(val);
-			goto err;
-		}
-	}
-	if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
-		X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_ILLEGAL_EMPTY_EXTENSION);
-		goto err;
-	}
-
-	return pcons;
-	err:
-	POLICY_CONSTRAINTS_free(pcons);
-	return NULL;
-}
-
diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c
deleted file mode 100644
index 076f3ff48e..0000000000
--- a/crypto/x509v3/v3_pku.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/* v3_pku.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
-/*
-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-*/
-const X509V3_EXT_METHOD v3_pkey_usage_period = {
-NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
-0,0,0,0,
-0,0,0,0,
-(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
-NULL
-};
-
-ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
-	ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
-	ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
-} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
-
-static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
-	     PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
-{
-	BIO_printf(out, "%*s", indent, "");
-	if(usage->notBefore) {
-		BIO_write(out, "Not Before: ", 12);
-		ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
-		if(usage->notAfter) BIO_write(out, ", ", 2);
-	}
-	if(usage->notAfter) {
-		BIO_write(out, "Not After: ", 11);
-		ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
-	}
-	return 1;
-}
-
-/*
-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
-X509V3_EXT_METHOD *method;
-X509V3_CTX *ctx;
-STACK_OF(CONF_VALUE) *values;
-{
-return NULL;
-}
-*/
diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c
deleted file mode 100644
index 865bcd3980..0000000000
--- a/crypto/x509v3/v3_pmaps.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/* v3_pmaps.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *
-i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *pmps,
-		    STACK_OF(CONF_VALUE) *extlist);
-
-const X509V3_EXT_METHOD v3_policy_mappings = {
-	NID_policy_mappings, 0,
-	ASN1_ITEM_ref(POLICY_MAPPINGS),
-	0,0,0,0,
-	0,0,
-	i2v_POLICY_MAPPINGS,
-	v2i_POLICY_MAPPINGS,
-	0,0,
-	NULL
-};
-
-ASN1_SEQUENCE(POLICY_MAPPING) = {
-	ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT),
-	ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT)
-} ASN1_SEQUENCE_END(POLICY_MAPPING)
-
-ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS,
-								POLICY_MAPPING)
-ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
-
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
-
-
-static STACK_OF(CONF_VALUE) *
-i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *a,
-		    STACK_OF(CONF_VALUE) *ext_list)
-{
-	POLICY_MAPPINGS *pmaps = a;
-	POLICY_MAPPING *pmap;
-	int i;
-	char obj_tmp1[80];
-	char obj_tmp2[80];
-	for(i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
-		pmap = sk_POLICY_MAPPING_value(pmaps, i);
-		i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);
-		i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy);
-		X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list);
-	}
-	return ext_list;
-}
-
-static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
-	POLICY_MAPPINGS *pmaps;
-	POLICY_MAPPING *pmap;
-	ASN1_OBJECT *obj1, *obj2;
-	CONF_VALUE *val;
-	int i;
-
-	if(!(pmaps = sk_POLICY_MAPPING_new_null())) {
-		X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		val = sk_CONF_VALUE_value(nval, i);
-		if(!val->value || !val->name) {
-			sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
-			X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-			X509V3_conf_err(val);
-			return NULL;
-		}
-		obj1 = OBJ_txt2obj(val->name, 0);
-		obj2 = OBJ_txt2obj(val->value, 0);
-		if(!obj1 || !obj2) {
-			sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
-			X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-			X509V3_conf_err(val);
-			return NULL;
-		}
-		pmap = POLICY_MAPPING_new();
-		if (!pmap) {
-			sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
-			X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE);
-			return NULL;
-		}
-		pmap->issuerDomainPolicy = obj1;
-		pmap->subjectDomainPolicy = obj2;
-		sk_POLICY_MAPPING_push(pmaps, pmap);
-	}
-	return pmaps;
-}
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
deleted file mode 100644
index 3146218708..0000000000
--- a/crypto/x509v3/v3_prn.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/* v3_prn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* X509 v3 extension utilities */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-/* Extension printing routines */
-
-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
-
-/* Print out a name+value stack */
-
-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
-{
-	int i;
-	CONF_VALUE *nval;
-	if(!val) return;
-	if(!ml || !sk_CONF_VALUE_num(val)) {
-		BIO_printf(out, "%*s", indent, "");
-		if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
-		if(ml) BIO_printf(out, "%*s", indent, "");
-		else if(i > 0) BIO_printf(out, ", ");
-		nval = sk_CONF_VALUE_value(val, i);
-		if(!nval->name) BIO_puts(out, nval->value);
-		else if(!nval->value) BIO_puts(out, nval->name);
-#ifndef CHARSET_EBCDIC
-		else BIO_printf(out, "%s:%s", nval->name, nval->value);
-#else
-		else {
-			int len;
-			char *tmp;
-			len = strlen(nval->value)+1;
-			tmp = OPENSSL_malloc(len);
-			if (tmp)
-			{
-				ascii2ebcdic(tmp, nval->value, len);
-				BIO_printf(out, "%s:%s", nval->name, tmp);
-				OPENSSL_free(tmp);
-			}
-		}
-#endif
-		if(ml) BIO_puts(out, "\n");
-	}
-}
-
-/* Main routine: print out a general extension */
-
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
-{
-	void *ext_str = NULL;
-	char *value = NULL;
-	const unsigned char *p;
-	const X509V3_EXT_METHOD *method;	
-	STACK_OF(CONF_VALUE) *nval = NULL;
-	int ok = 1;
-
-	if(!(method = X509V3_EXT_get(ext)))
-		return unknown_ext_print(out, ext, flag, indent, 0);
-	p = ext->value->data;
-	if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
-	else ext_str = method->d2i(NULL, &p, ext->value->length);
-
-	if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
-
-	if(method->i2s) {
-		if(!(value = method->i2s(method, ext_str))) {
-			ok = 0;
-			goto err;
-		}
-#ifndef CHARSET_EBCDIC
-		BIO_printf(out, "%*s%s", indent, "", value);
-#else
-		{
-			int len;
-			char *tmp;
-			len = strlen(value)+1;
-			tmp = OPENSSL_malloc(len);
-			if (tmp)
-			{
-				ascii2ebcdic(tmp, value, len);
-				BIO_printf(out, "%*s%s", indent, "", tmp);
-				OPENSSL_free(tmp);
-			}
-		}
-#endif
-	} else if(method->i2v) {
-		if(!(nval = method->i2v(method, ext_str, NULL))) {
-			ok = 0;
-			goto err;
-		}
-		X509V3_EXT_val_prn(out, nval, indent,
-				 method->ext_flags & X509V3_EXT_MULTILINE);
-	} else if(method->i2r) {
-		if(!method->i2r(method, ext_str, out, indent)) ok = 0;
-	} else ok = 0;
-
-	err:
-		sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
-		if(value) OPENSSL_free(value);
-		if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
-		else method->ext_free(ext_str);
-		return ok;
-}
-
-int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
-{
-	int i, j;
-
-	if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
-
-	if(title) 
-		{
-		BIO_printf(bp,"%*s%s:\n",indent, "", title);
-		indent += 4;
-		}
-
-	for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
-		{
-		ASN1_OBJECT *obj;
-		X509_EXTENSION *ex;
-		ex=sk_X509_EXTENSION_value(exts, i);
-		if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
-		obj=X509_EXTENSION_get_object(ex);
-		i2a_ASN1_OBJECT(bp,obj);
-		j=X509_EXTENSION_get_critical(ex);
-		if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
-			return 0;
-		if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
-			{
-			BIO_printf(bp, "%*s", indent + 4, "");
-			M_ASN1_OCTET_STRING_print(bp,ex->value);
-			}
-		if (BIO_write(bp,"\n",1) <= 0) return 0;
-		}
-	return 1;
-}
-
-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
-{
-	switch(flag & X509V3_EXT_UNKNOWN_MASK) {
-
-		case X509V3_EXT_DEFAULT:
-		return 0;
-
-		case X509V3_EXT_ERROR_UNKNOWN:
-		if(supported)
-			BIO_printf(out, "%*s<Parse Error>", indent, "");
-		else
-			BIO_printf(out, "%*s<Not Supported>", indent, "");
-		return 1;
-
-		case X509V3_EXT_PARSE_UNKNOWN:
-			return ASN1_parse_dump(out,
-				ext->value->data, ext->value->length, indent, -1);
-		case X509V3_EXT_DUMP_UNKNOWN:
-			return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
-
-		default:
-		return 1;
-	}
-}
-	
-
-#ifndef OPENSSL_NO_FP_API
-int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
-{
-	BIO *bio_tmp;
-	int ret;
-	if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
-	ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
-	BIO_free(bio_tmp);
-	return ret;
-}
-#endif
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
deleted file mode 100644
index f59bfc1844..0000000000
--- a/crypto/x509v3/v3_purp.c
+++ /dev/null
@@ -1,767 +0,0 @@
-/* v3_purp.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-#include <openssl/x509_vfy.h>
-
-static void x509v3_cache_extensions(X509 *x);
-
-static int check_ssl_ca(const X509 *x);
-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int purpose_smime(const X509 *x, int ca);
-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
-
-static int xp_cmp(const X509_PURPOSE * const *a,
-		const X509_PURPOSE * const *b);
-static void xptable_free(X509_PURPOSE *p);
-
-static X509_PURPOSE xstandard[] = {
-	{X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
-	{X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
-	{X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
-	{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
-	{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
-	{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
-	{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
-	{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
-	{X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL},
-};
-
-#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
-
-IMPLEMENT_STACK_OF(X509_PURPOSE)
-
-static STACK_OF(X509_PURPOSE) *xptable = NULL;
-
-static int xp_cmp(const X509_PURPOSE * const *a,
-		const X509_PURPOSE * const *b)
-{
-	return (*a)->purpose - (*b)->purpose;
-}
-
-/* As much as I'd like to make X509_check_purpose use a "const" X509*
- * I really can't because it does recalculate hashes and do other non-const
- * things. */
-int X509_check_purpose(X509 *x, int id, int ca)
-{
-	int idx;
-	const X509_PURPOSE *pt;
-	if(!(x->ex_flags & EXFLAG_SET)) {
-		CRYPTO_w_lock(CRYPTO_LOCK_X509);
-		x509v3_cache_extensions(x);
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-	}
-	if(id == -1) return 1;
-	idx = X509_PURPOSE_get_by_id(id);
-	if(idx == -1) return -1;
-	pt = X509_PURPOSE_get0(idx);
-	return pt->check_purpose(pt, x, ca);
-}
-
-int X509_PURPOSE_set(int *p, int purpose)
-{
-	if(X509_PURPOSE_get_by_id(purpose) == -1) {
-		X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
-		return 0;
-	}
-	*p = purpose;
-	return 1;
-}
-
-int X509_PURPOSE_get_count(void)
-{
-	if(!xptable) return X509_PURPOSE_COUNT;
-	return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
-}
-
-X509_PURPOSE * X509_PURPOSE_get0(int idx)
-{
-	if(idx < 0) return NULL;
-	if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx;
-	return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
-}
-
-int X509_PURPOSE_get_by_sname(char *sname)
-{
-	int i;
-	X509_PURPOSE *xptmp;
-	for(i = 0; i < X509_PURPOSE_get_count(); i++) {
-		xptmp = X509_PURPOSE_get0(i);
-		if(!strcmp(xptmp->sname, sname)) return i;
-	}
-	return -1;
-}
-
-int X509_PURPOSE_get_by_id(int purpose)
-{
-	X509_PURPOSE tmp;
-	int idx;
-	if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
-		return purpose - X509_PURPOSE_MIN;
-	tmp.purpose = purpose;
-	if(!xptable) return -1;
-	idx = sk_X509_PURPOSE_find(xptable, &tmp);
-	if(idx == -1) return -1;
-	return idx + X509_PURPOSE_COUNT;
-}
-
-int X509_PURPOSE_add(int id, int trust, int flags,
-			int (*ck)(const X509_PURPOSE *, const X509 *, int),
-					char *name, char *sname, void *arg)
-{
-	int idx;
-	X509_PURPOSE *ptmp;
-	/* This is set according to what we change: application can't set it */
-	flags &= ~X509_PURPOSE_DYNAMIC;
-	/* This will always be set for application modified trust entries */
-	flags |= X509_PURPOSE_DYNAMIC_NAME;
-	/* Get existing entry if any */
-	idx = X509_PURPOSE_get_by_id(id);
-	/* Need a new entry */
-	if(idx == -1) {
-		if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
-			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		ptmp->flags = X509_PURPOSE_DYNAMIC;
-	} else ptmp = X509_PURPOSE_get0(idx);
-
-	/* OPENSSL_free existing name if dynamic */
-	if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
-		OPENSSL_free(ptmp->name);
-		OPENSSL_free(ptmp->sname);
-	}
-	/* dup supplied name */
-	ptmp->name = BUF_strdup(name);
-	ptmp->sname = BUF_strdup(sname);
-	if(!ptmp->name || !ptmp->sname) {
-		X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	/* Keep the dynamic flag of existing entry */
-	ptmp->flags &= X509_PURPOSE_DYNAMIC;
-	/* Set all other flags */
-	ptmp->flags |= flags;
-
-	ptmp->purpose = id;
-	ptmp->trust = trust;
-	ptmp->check_purpose = ck;
-	ptmp->usr_data = arg;
-
-	/* If its a new entry manage the dynamic table */
-	if(idx == -1) {
-		if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
-			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
-			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-	}
-	return 1;
-}
-
-static void xptable_free(X509_PURPOSE *p)
-	{
-	if(!p) return;
-	if (p->flags & X509_PURPOSE_DYNAMIC) 
-		{
-		if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
-			OPENSSL_free(p->name);
-			OPENSSL_free(p->sname);
-		}
-		OPENSSL_free(p);
-		}
-	}
-
-void X509_PURPOSE_cleanup(void)
-{
-	unsigned int i;
-	sk_X509_PURPOSE_pop_free(xptable, xptable_free);
-	for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
-	xptable = NULL;
-}
-
-int X509_PURPOSE_get_id(X509_PURPOSE *xp)
-{
-	return xp->purpose;
-}
-
-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
-{
-	return xp->name;
-}
-
-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
-{
-	return xp->sname;
-}
-
-int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
-{
-	return xp->trust;
-}
-
-static int nid_cmp(const int *a, const int *b)
-	{
-	return *a - *b;
-	}
-
-DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid);
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid);
-
-int X509_supported_extension(X509_EXTENSION *ex)
-	{
-	/* This table is a list of the NIDs of supported extensions:
-	 * that is those which are used by the verify process. If
-	 * an extension is critical and doesn't appear in this list
-	 * then the verify process will normally reject the certificate.
-	 * The list must be kept in numerical order because it will be
-	 * searched using bsearch.
-	 */
-
-	static const int supported_nids[] = {
-		NID_netscape_cert_type, /* 71 */
-        	NID_key_usage,		/* 83 */
-		NID_subject_alt_name,	/* 85 */
-		NID_basic_constraints,	/* 87 */
-		NID_certificate_policies, /* 89 */
-        	NID_ext_key_usage,	/* 126 */
-#ifndef OPENSSL_NO_RFC3779
-		NID_sbgp_ipAddrBlock,	/* 290 */
-		NID_sbgp_autonomousSysNum, /* 291 */
-#endif
-		NID_policy_constraints,	/* 401 */
-		NID_proxyCertInfo,	/* 663 */
-		NID_name_constraints,	/* 666 */
-		NID_policy_mappings,	/* 747 */
-		NID_inhibit_any_policy	/* 748 */
-	};
-
-	int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
-
-	if (ex_nid == NID_undef) 
-		return 0;
-
-	if (OBJ_bsearch_nid(&ex_nid, supported_nids,
-			sizeof(supported_nids)/sizeof(int)))
-		return 1;
-	return 0;
-	}
-
-static void setup_dp(X509 *x, DIST_POINT *dp)
-	{
-	X509_NAME *iname = NULL;
-	int i;
-	if (dp->reasons)
-		{
-		if (dp->reasons->length > 0)
-			dp->dp_reasons = dp->reasons->data[0];
-		if (dp->reasons->length > 1)
-			dp->dp_reasons |= (dp->reasons->data[1] << 8);
-		dp->dp_reasons &= CRLDP_ALL_REASONS;
-		}
-	else
-		dp->dp_reasons = CRLDP_ALL_REASONS;
-	if (!dp->distpoint || (dp->distpoint->type != 1))
-		return;
-	for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++)
-		{
-		GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
-		if (gen->type == GEN_DIRNAME)
-			{
-			iname = gen->d.directoryName;
-			break;
-			}
-		}
-	if (!iname)
-		iname = X509_get_issuer_name(x);
-
-	DIST_POINT_set_dpname(dp->distpoint, iname);
-
-	}
-
-static void setup_crldp(X509 *x)
-	{
-	int i;
-	x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
-	for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
-		setup_dp(x, sk_DIST_POINT_value(x->crldp, i));
-	}
-
-static void x509v3_cache_extensions(X509 *x)
-{
-	BASIC_CONSTRAINTS *bs;
-	PROXY_CERT_INFO_EXTENSION *pci;
-	ASN1_BIT_STRING *usage;
-	ASN1_BIT_STRING *ns;
-	EXTENDED_KEY_USAGE *extusage;
-	X509_EXTENSION *ex;
-	
-	int i;
-	if(x->ex_flags & EXFLAG_SET) return;
-#ifndef OPENSSL_NO_SHA
-	X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
-#endif
-	/* Does subject name match issuer ? */
-	if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
-			 x->ex_flags |= EXFLAG_SI;
-	/* V1 should mean no extensions ... */
-	if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
-	/* Handle basic constraints */
-	if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
-		if(bs->ca) x->ex_flags |= EXFLAG_CA;
-		if(bs->pathlen) {
-			if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
-						|| !bs->ca) {
-				x->ex_flags |= EXFLAG_INVALID;
-				x->ex_pathlen = 0;
-			} else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
-		} else x->ex_pathlen = -1;
-		BASIC_CONSTRAINTS_free(bs);
-		x->ex_flags |= EXFLAG_BCONS;
-	}
-	/* Handle proxy certificates */
-	if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
-		if (x->ex_flags & EXFLAG_CA
-		    || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
-		    || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
-			x->ex_flags |= EXFLAG_INVALID;
-		}
-		if (pci->pcPathLengthConstraint) {
-			x->ex_pcpathlen =
-				ASN1_INTEGER_get(pci->pcPathLengthConstraint);
-		} else x->ex_pcpathlen = -1;
-		PROXY_CERT_INFO_EXTENSION_free(pci);
-		x->ex_flags |= EXFLAG_PROXY;
-	}
-	/* Handle key usage */
-	if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
-		if(usage->length > 0) {
-			x->ex_kusage = usage->data[0];
-			if(usage->length > 1) 
-				x->ex_kusage |= usage->data[1] << 8;
-		} else x->ex_kusage = 0;
-		x->ex_flags |= EXFLAG_KUSAGE;
-		ASN1_BIT_STRING_free(usage);
-	}
-	x->ex_xkusage = 0;
-	if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
-		x->ex_flags |= EXFLAG_XKUSAGE;
-		for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
-			switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
-				case NID_server_auth:
-				x->ex_xkusage |= XKU_SSL_SERVER;
-				break;
-
-				case NID_client_auth:
-				x->ex_xkusage |= XKU_SSL_CLIENT;
-				break;
-
-				case NID_email_protect:
-				x->ex_xkusage |= XKU_SMIME;
-				break;
-
-				case NID_code_sign:
-				x->ex_xkusage |= XKU_CODE_SIGN;
-				break;
-
-				case NID_ms_sgc:
-				case NID_ns_sgc:
-				x->ex_xkusage |= XKU_SGC;
-				break;
-
-				case NID_OCSP_sign:
-				x->ex_xkusage |= XKU_OCSP_SIGN;
-				break;
-
-				case NID_time_stamp:
-				x->ex_xkusage |= XKU_TIMESTAMP;
-				break;
-
-				case NID_dvcs:
-				x->ex_xkusage |= XKU_DVCS;
-				break;
-			}
-		}
-		sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
-	}
-
-	if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
-		if(ns->length > 0) x->ex_nscert = ns->data[0];
-		else x->ex_nscert = 0;
-		x->ex_flags |= EXFLAG_NSCERT;
-		ASN1_BIT_STRING_free(ns);
-	}
-	x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
-	x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
-	x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
-	x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL);
-	if (!x->nc && (i != -1))
-		x->ex_flags |= EXFLAG_INVALID;
-	setup_crldp(x);
-
-#ifndef OPENSSL_NO_RFC3779
- 	x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
- 	x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
- 					  NULL, NULL);
-#endif
-	for (i = 0; i < X509_get_ext_count(x); i++)
-		{
-		ex = X509_get_ext(x, i);
-		if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
-					== NID_freshest_crl)
-			x->ex_flags |= EXFLAG_FRESHEST;
-		if (!X509_EXTENSION_get_critical(ex))
-			continue;
-		if (!X509_supported_extension(ex))
-			{
-			x->ex_flags |= EXFLAG_CRITICAL;
-			break;
-			}
-		}
-	x->ex_flags |= EXFLAG_SET;
-}
-
-/* CA checks common to all purposes
- * return codes:
- * 0 not a CA
- * 1 is a CA
- * 2 basicConstraints absent so "maybe" a CA
- * 3 basicConstraints absent but self signed V1.
- * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
- */
-
-#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
-#define ku_reject(x, usage) \
-	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-#define xku_reject(x, usage) \
-	(((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
-#define ns_reject(x, usage) \
-	(((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
-
-static int check_ca(const X509 *x)
-{
-	/* keyUsage if present should allow cert signing */
-	if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
-	if(x->ex_flags & EXFLAG_BCONS) {
-		if(x->ex_flags & EXFLAG_CA) return 1;
-		/* If basicConstraints says not a CA then say so */
-		else return 0;
-	} else {
-		/* we support V1 roots for...  uh, I don't really know why. */
-		if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
-		/* If key usage present it must have certSign so tolerate it */
-		else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
-		/* Older certificates could have Netscape-specific CA types */
-		else if (x->ex_flags & EXFLAG_NSCERT
-			 && x->ex_nscert & NS_ANY_CA) return 5;
-		/* can this still be regarded a CA certificate?  I doubt it */
-		return 0;
-	}
-}
-
-int X509_check_ca(X509 *x)
-{
-	if(!(x->ex_flags & EXFLAG_SET)) {
-		CRYPTO_w_lock(CRYPTO_LOCK_X509);
-		x509v3_cache_extensions(x);
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-	}
-
-	return check_ca(x);
-}
-
-/* Check SSL CA: common checks for SSL client and server */
-static int check_ssl_ca(const X509 *x)
-{
-	int ca_ret;
-	ca_ret = check_ca(x);
-	if(!ca_ret) return 0;
-	/* check nsCertType if present */
-	if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret;
-	else return 0;
-}
-
-
-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-	if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
-	if(ca) return check_ssl_ca(x);
-	/* We need to do digital signatures with it */
-	if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
-	/* nsCertType if present should allow SSL client use */	
-	if(ns_reject(x, NS_SSL_CLIENT)) return 0;
-	return 1;
-}
-
-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-	if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
-	if(ca) return check_ssl_ca(x);
-
-	if(ns_reject(x, NS_SSL_SERVER)) return 0;
-	/* Now as for keyUsage: we'll at least need to sign OR encipher */
-	if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
-	
-	return 1;
-
-}
-
-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-	int ret;
-	ret = check_purpose_ssl_server(xp, x, ca);
-	if(!ret || ca) return ret;
-	/* We need to encipher or Netscape complains */
-	if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
-	return ret;
-}
-
-/* common S/MIME checks */
-static int purpose_smime(const X509 *x, int ca)
-{
-	if(xku_reject(x,XKU_SMIME)) return 0;
-	if(ca) {
-		int ca_ret;
-		ca_ret = check_ca(x);
-		if(!ca_ret) return 0;
-		/* check nsCertType if present */
-		if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret;
-		else return 0;
-	}
-	if(x->ex_flags & EXFLAG_NSCERT) {
-		if(x->ex_nscert & NS_SMIME) return 1;
-		/* Workaround for some buggy certificates */
-		if(x->ex_nscert & NS_SSL_CLIENT) return 2;
-		return 0;
-	}
-	return 1;
-}
-
-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-	int ret;
-	ret = purpose_smime(x, ca);
-	if(!ret || ca) return ret;
-	if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
-	return ret;
-}
-
-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-	int ret;
-	ret = purpose_smime(x, ca);
-	if(!ret || ca) return ret;
-	if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
-	return ret;
-}
-
-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-	if(ca) {
-		int ca_ret;
-		if((ca_ret = check_ca(x)) != 2) return ca_ret;
-		else return 0;
-	}
-	if(ku_reject(x, KU_CRL_SIGN)) return 0;
-	return 1;
-}
-
-/* OCSP helper: this is *not* a full OCSP check. It just checks that
- * each CA is valid. Additional checks must be made on the chain.
- */
-
-static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-	/* Must be a valid CA.  Should we really support the "I don't know"
-	   value (2)? */
-	if(ca) return check_ca(x);
-	/* leaf certificate is checked in OCSP_verify() */
-	return 1;
-}
-
-static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
-					int ca)
-{
-	int i_ext;
-
-	/* If ca is true we must return if this is a valid CA certificate. */
-	if (ca) return check_ca(x);
-
-	/* 
-	 * Check the optional key usage field:
-	 * if Key Usage is present, it must be one of digitalSignature 
-	 * and/or nonRepudiation (other values are not consistent and shall
-	 * be rejected).
-	 */
-	if ((x->ex_flags & EXFLAG_KUSAGE)
-	    && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
-		!(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))
-		return 0;
-
-	/* Only time stamp key usage is permitted and it's required. */
-	if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)
-		return 0;
-
-	/* Extended Key Usage MUST be critical */
-	i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1);
-	if (i_ext >= 0)
-		{
-		X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
-		if (!X509_EXTENSION_get_critical(ext))
-			return 0;
-		}
-
-	return 1;
-}
-
-static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
-	return 1;
-}
-
-/* Various checks to see if one certificate issued the second.
- * This can be used to prune a set of possible issuer certificates
- * which have been looked up using some simple method such as by
- * subject name.
- * These are:
- * 1. Check issuer_name(subject) == subject_name(issuer)
- * 2. If akid(subject) exists check it matches issuer
- * 3. If key_usage(issuer) exists check it supports certificate signing
- * returns 0 for OK, positive for reason for mismatch, reasons match
- * codes for X509_verify_cert()
- */
-
-int X509_check_issued(X509 *issuer, X509 *subject)
-{
-	if(X509_NAME_cmp(X509_get_subject_name(issuer),
-			X509_get_issuer_name(subject)))
-				return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
-	x509v3_cache_extensions(issuer);
-	x509v3_cache_extensions(subject);
-
-	if(subject->akid)
-		{
-		int ret = X509_check_akid(issuer, subject->akid);
-		if (ret != X509_V_OK)
-			return ret;
-		}
-
-	if(subject->ex_flags & EXFLAG_PROXY)
-		{
-		if(ku_reject(issuer, KU_DIGITAL_SIGNATURE))
-			return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
-		}
-	else if(ku_reject(issuer, KU_KEY_CERT_SIGN))
-		return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
-	return X509_V_OK;
-}
-
-int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
-	{
-
-	if(!akid)
-		return X509_V_OK;
-
-	/* Check key ids (if present) */
-	if(akid->keyid && issuer->skid &&
-		 ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid) )
-				return X509_V_ERR_AKID_SKID_MISMATCH;
-	/* Check serial number */
-	if(akid->serial &&
-		ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
-				return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
-	/* Check issuer name */
-	if(akid->issuer)
-		{
-		/* Ugh, for some peculiar reason AKID includes
-		 * SEQUENCE OF GeneralName. So look for a DirName.
-		 * There may be more than one but we only take any
-		 * notice of the first.
-		 */
-		GENERAL_NAMES *gens;
-		GENERAL_NAME *gen;
-		X509_NAME *nm = NULL;
-		int i;
-		gens = akid->issuer;
-		for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
-			{
-			gen = sk_GENERAL_NAME_value(gens, i);
-			if(gen->type == GEN_DIRNAME)
-				{
-				nm = gen->d.dirn;
-				break;
-				}
-			}
-		if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
-			return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
-		}
-	return X509_V_OK;
-	}
-
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
deleted file mode 100644
index 0a984fbaa8..0000000000
--- a/crypto/x509v3/v3_skey.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/* v3_skey.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-
-static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_skey_id = { 
-NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
-0,0,0,0,
-(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
-(X509V3_EXT_S2I)s2i_skey_id,
-0,0,0,0,
-NULL};
-
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
-	     ASN1_OCTET_STRING *oct)
-{
-	return hex_to_string(oct->data, oct->length);
-}
-
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, char *str)
-{
-	ASN1_OCTET_STRING *oct;
-	long length;
-
-	if(!(oct = M_ASN1_OCTET_STRING_new())) {
-		X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	if(!(oct->data = string_to_hex(str, &length))) {
-		M_ASN1_OCTET_STRING_free(oct);
-		return NULL;
-	}
-
-	oct->length = length;
-
-	return oct;
-
-}
-
-static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, char *str)
-{
-	ASN1_OCTET_STRING *oct;
-	ASN1_BIT_STRING *pk;
-	unsigned char pkey_dig[EVP_MAX_MD_SIZE];
-	unsigned int diglen;
-
-	if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
-
-	if(!(oct = M_ASN1_OCTET_STRING_new())) {
-		X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	if(ctx && (ctx->flags == CTX_TEST)) return oct;
-
-	if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
-		X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
-		goto err;
-	}
-
-	if(ctx->subject_req) 
-		pk = ctx->subject_req->req_info->pubkey->public_key;
-	else pk = ctx->subject_cert->cert_info->key->public_key;
-
-	if(!pk) {
-		X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
-		goto err;
-	}
-
-	if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL))
-		goto err;
-
-	if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
-		X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	return oct;
-	
-	err:
-	M_ASN1_OCTET_STRING_free(oct);
-	return NULL;
-}
diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
deleted file mode 100644
index 2a6bf11b65..0000000000
--- a/crypto/x509v3/v3_sxnet.c
+++ /dev/null
@@ -1,262 +0,0 @@
-/* v3_sxnet.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-/* Support for Thawte strong extranet extension */
-
-#define SXNET_TEST
-
-static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
-#ifdef SXNET_TEST
-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-						STACK_OF(CONF_VALUE) *nval);
-#endif
-const X509V3_EXT_METHOD v3_sxnet = {
-NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
-0,0,0,0,
-0,0,
-0, 
-#ifdef SXNET_TEST
-(X509V3_EXT_V2I)sxnet_v2i,
-#else
-0,
-#endif
-(X509V3_EXT_I2R)sxnet_i2r,
-0,
-NULL
-};
-
-ASN1_SEQUENCE(SXNETID) = {
-	ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
-	ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(SXNETID)
-
-IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
-
-ASN1_SEQUENCE(SXNET) = {
-	ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
-	ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
-} ASN1_SEQUENCE_END(SXNET)
-
-IMPLEMENT_ASN1_FUNCTIONS(SXNET)
-
-static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
-	     int indent)
-{
-	long v;
-	char *tmp;
-	SXNETID *id;
-	int i;
-	v = ASN1_INTEGER_get(sx->version);
-	BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
-	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
-		id = sk_SXNETID_value(sx->ids, i);
-		tmp = i2s_ASN1_INTEGER(NULL, id->zone);
-		BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
-		OPENSSL_free(tmp);
-		M_ASN1_OCTET_STRING_print(out, id->user);
-	}
-	return 1;
-}
-
-#ifdef SXNET_TEST
-
-/* NBB: this is used for testing only. It should *not* be used for anything
- * else because it will just take static IDs from the configuration file and
- * they should really be separate values for each user.
- */
-
-
-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-	     STACK_OF(CONF_VALUE) *nval)
-{
-	CONF_VALUE *cnf;
-	SXNET *sx = NULL;
-	int i;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
-								 return NULL;
-	}
-	return sx;
-}
-		
-	
-#endif
-
-/* Strong Extranet utility functions */
-
-/* Add an id given the zone as an ASCII number */
-
-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
-	     int userlen)
-{
-	ASN1_INTEGER *izone = NULL;
-	if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
-		X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
-		return 0;
-	}
-	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
-}
-
-/* Add an id given the zone as an unsigned long */
-
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
-	     int userlen)
-{
-	ASN1_INTEGER *izone = NULL;
-	if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
-		X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
-		M_ASN1_INTEGER_free(izone);
-		return 0;
-	}
-	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
-	
-}
-
-/* Add an id given the zone as an ASN1_INTEGER.
- * Note this version uses the passed integer and doesn't make a copy so don't
- * free it up afterwards.
- */
-
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
-	     int userlen)
-{
-	SXNET *sx = NULL;
-	SXNETID *id = NULL;
-	if(!psx || !zone || !user) {
-		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
-		return 0;
-	}
-	if(userlen == -1) userlen = strlen(user);
-	if(userlen > 64) {
-		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
-		return 0;
-	}
-	if(!*psx) {
-		if(!(sx = SXNET_new())) goto err;
-		if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
-		*psx = sx;
-	} else sx = *psx;
-	if(SXNET_get_id_INTEGER(sx, zone)) {
-		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
-		return 0;
-	}
-
-	if(!(id = SXNETID_new())) goto err;
-	if(userlen == -1) userlen = strlen(user);
-		
-	if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
-	if(!sk_SXNETID_push(sx->ids, id)) goto err;
-	id->zone = zone;
-	return 1;
-	
-	err:
-	X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
-	SXNETID_free(id);
-	SXNET_free(sx);
-	*psx = NULL;
-	return 0;
-}
-
-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
-{
-	ASN1_INTEGER *izone = NULL;
-	ASN1_OCTET_STRING *oct;
-	if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
-		X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
-		return NULL;
-	}
-	oct = SXNET_get_id_INTEGER(sx, izone);
-	M_ASN1_INTEGER_free(izone);
-	return oct;
-}
-
-ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
-{
-	ASN1_INTEGER *izone = NULL;
-	ASN1_OCTET_STRING *oct;
-	if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
-		X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
-		M_ASN1_INTEGER_free(izone);
-		return NULL;
-	}
-	oct = SXNET_get_id_INTEGER(sx, izone);
-	M_ASN1_INTEGER_free(izone);
-	return oct;
-}
-
-ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
-{
-	SXNETID *id;
-	int i;
-	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
-		id = sk_SXNETID_value(sx->ids, i);
-		if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
-	}
-	return NULL;
-}
-
-IMPLEMENT_STACK_OF(SXNETID)
-IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
deleted file mode 100644
index 87cfceb4bb..0000000000
--- a/crypto/x509v3/v3_utl.c
+++ /dev/null
@@ -1,874 +0,0 @@
-/* v3_utl.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* X509 v3 extension utilities */
-
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-#include <openssl/bn.h>
-
-static char *strip_spaces(char *name);
-static int sk_strcmp(const char * const *a, const char * const *b);
-static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens);
-static void str_free(OPENSSL_STRING str);
-static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email);
-
-static int ipv4_from_asc(unsigned char *v4, const char *in);
-static int ipv6_from_asc(unsigned char *v6, const char *in);
-static int ipv6_cb(const char *elem, int len, void *usr);
-static int ipv6_hex(unsigned char *out, const char *in, int inlen);
-
-/* Add a CONF_VALUE name value pair to stack */
-
-int X509V3_add_value(const char *name, const char *value,
-						STACK_OF(CONF_VALUE) **extlist)
-{
-	CONF_VALUE *vtmp = NULL;
-	char *tname = NULL, *tvalue = NULL;
-	if(name && !(tname = BUF_strdup(name))) goto err;
-	if(value && !(tvalue = BUF_strdup(value))) goto err;
-	if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
-	if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
-	vtmp->section = NULL;
-	vtmp->name = tname;
-	vtmp->value = tvalue;
-	if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
-	return 1;
-	err:
-	X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
-	if(vtmp) OPENSSL_free(vtmp);
-	if(tname) OPENSSL_free(tname);
-	if(tvalue) OPENSSL_free(tvalue);
-	return 0;
-}
-
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-			   STACK_OF(CONF_VALUE) **extlist)
-    {
-    return X509V3_add_value(name,(const char *)value,extlist);
-    }
-
-/* Free function for STACK_OF(CONF_VALUE) */
-
-void X509V3_conf_free(CONF_VALUE *conf)
-{
-	if(!conf) return;
-	if(conf->name) OPENSSL_free(conf->name);
-	if(conf->value) OPENSSL_free(conf->value);
-	if(conf->section) OPENSSL_free(conf->section);
-	OPENSSL_free(conf);
-}
-
-int X509V3_add_value_bool(const char *name, int asn1_bool,
-						STACK_OF(CONF_VALUE) **extlist)
-{
-	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
-	return X509V3_add_value(name, "FALSE", extlist);
-}
-
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-						STACK_OF(CONF_VALUE) **extlist)
-{
-	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
-	return 1;
-}
-
-
-char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
-{
-	BIGNUM *bntmp = NULL;
-	char *strtmp = NULL;
-	if(!a) return NULL;
-	if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
-	    !(strtmp = BN_bn2dec(bntmp)) )
-		X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
-	BN_free(bntmp);
-	return strtmp;
-}
-
-char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
-{
-	BIGNUM *bntmp = NULL;
-	char *strtmp = NULL;
-	if(!a) return NULL;
-	if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
-	    !(strtmp = BN_bn2dec(bntmp)) )
-		X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-	BN_free(bntmp);
-	return strtmp;
-}
-
-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
-{
-	BIGNUM *bn = NULL;
-	ASN1_INTEGER *aint;
-	int isneg, ishex;
-	int ret;
-	if (!value) {
-		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
-		return 0;
-	}
-	bn = BN_new();
-	if (value[0] == '-') {
-		value++;
-		isneg = 1;
-	} else isneg = 0;
-
-	if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
-		value += 2;
-		ishex = 1;
-	} else ishex = 0;
-
-	if (ishex) ret = BN_hex2bn(&bn, value);
-	else ret = BN_dec2bn(&bn, value);
-
-	if (!ret || value[ret]) {
-		BN_free(bn);
-		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
-		return 0;
-	}
-
-	if (isneg && BN_is_zero(bn)) isneg = 0;
-
-	aint = BN_to_ASN1_INTEGER(bn, NULL);
-	BN_free(bn);
-	if (!aint) {
-		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
-		return 0;
-	}
-	if (isneg) aint->type |= V_ASN1_NEG;
-	return aint;
-}
-
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
-	     STACK_OF(CONF_VALUE) **extlist)
-{
-	char *strtmp;
-	int ret;
-	if(!aint) return 1;
-	if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
-	ret = X509V3_add_value(name, strtmp, extlist);
-	OPENSSL_free(strtmp);
-	return ret;
-}
-
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
-{
-	char *btmp;
-	if(!(btmp = value->value)) goto err;
-	if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
-		 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
-		|| !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
-		*asn1_bool = 0xff;
-		return 1;
-	} else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
-		 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
-		|| !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
-		*asn1_bool = 0;
-		return 1;
-	}
-	err:
-	X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
-	X509V3_conf_err(value);
-	return 0;
-}
-
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
-{
-	ASN1_INTEGER *itmp;
-	if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
-		X509V3_conf_err(value);
-		return 0;
-	}
-	*aint = itmp;
-	return 1;
-}
-
-#define HDR_NAME	1
-#define HDR_VALUE	2
-
-/*#define DEBUG*/
-
-STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
-{
-	char *p, *q, c;
-	char *ntmp, *vtmp;
-	STACK_OF(CONF_VALUE) *values = NULL;
-	char *linebuf;
-	int state;
-	/* We are going to modify the line so copy it first */
-	linebuf = BUF_strdup(line);
-	state = HDR_NAME;
-	ntmp = NULL;
-	/* Go through all characters */
-	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
-
-		switch(state) {
-			case HDR_NAME:
-			if(c == ':') {
-				state = HDR_VALUE;
-				*p = 0;
-				ntmp = strip_spaces(q);
-				if(!ntmp) {
-					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
-					goto err;
-				}
-				q = p + 1;
-			} else if(c == ',') {
-				*p = 0;
-				ntmp = strip_spaces(q);
-				q = p + 1;
-#if 0
-				printf("%s\n", ntmp);
-#endif
-				if(!ntmp) {
-					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
-					goto err;
-				}
-				X509V3_add_value(ntmp, NULL, &values);
-			}
-			break ;
-
-			case HDR_VALUE:
-			if(c == ',') {
-				state = HDR_NAME;
-				*p = 0;
-				vtmp = strip_spaces(q);
-#if 0
-				printf("%s\n", ntmp);
-#endif
-				if(!vtmp) {
-					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
-					goto err;
-				}
-				X509V3_add_value(ntmp, vtmp, &values);
-				ntmp = NULL;
-				q = p + 1;
-			}
-
-		}
-	}
-
-	if(state == HDR_VALUE) {
-		vtmp = strip_spaces(q);
-#if 0
-		printf("%s=%s\n", ntmp, vtmp);
-#endif
-		if(!vtmp) {
-			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
-			goto err;
-		}
-		X509V3_add_value(ntmp, vtmp, &values);
-	} else {
-		ntmp = strip_spaces(q);
-#if 0
-		printf("%s\n", ntmp);
-#endif
-		if(!ntmp) {
-			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
-			goto err;
-		}
-		X509V3_add_value(ntmp, NULL, &values);
-	}
-OPENSSL_free(linebuf);
-return values;
-
-err:
-OPENSSL_free(linebuf);
-sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
-return NULL;
-
-}
-
-/* Delete leading and trailing spaces from a string */
-static char *strip_spaces(char *name)
-{
-	char *p, *q;
-	/* Skip over leading spaces */
-	p = name;
-	while(*p && isspace((unsigned char)*p)) p++;
-	if(!*p) return NULL;
-	q = p + strlen(p) - 1;
-	while((q != p) && isspace((unsigned char)*q)) q--;
-	if(p != q) q[1] = 0;
-	if(!*p) return NULL;
-	return p;
-}
-
-/* hex string utilities */
-
-/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
- * hex representation
- * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
- */
-
-char *hex_to_string(const unsigned char *buffer, long len)
-{
-	char *tmp, *q;
-	const unsigned char *p;
-	int i;
-	static const char hexdig[] = "0123456789ABCDEF";
-	if(!buffer || !len) return NULL;
-	if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
-		X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	q = tmp;
-	for(i = 0, p = buffer; i < len; i++,p++) {
-		*q++ = hexdig[(*p >> 4) & 0xf];
-		*q++ = hexdig[*p & 0xf];
-		*q++ = ':';
-	}
-	q[-1] = 0;
-#ifdef CHARSET_EBCDIC
-	ebcdic2ascii(tmp, tmp, q - tmp - 1);
-#endif
-
-	return tmp;
-}
-
-/* Give a string of hex digits convert to
- * a buffer
- */
-
-unsigned char *string_to_hex(const char *str, long *len)
-{
-	unsigned char *hexbuf, *q;
-	unsigned char ch, cl, *p;
-	if(!str) {
-		X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
-		return NULL;
-	}
-	if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
-	for(p = (unsigned char *)str, q = hexbuf; *p;) {
-		ch = *p++;
-#ifdef CHARSET_EBCDIC
-		ch = os_toebcdic[ch];
-#endif
-		if(ch == ':') continue;
-		cl = *p++;
-#ifdef CHARSET_EBCDIC
-		cl = os_toebcdic[cl];
-#endif
-		if(!cl) {
-			X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
-			OPENSSL_free(hexbuf);
-			return NULL;
-		}
-		if(isupper(ch)) ch = tolower(ch);
-		if(isupper(cl)) cl = tolower(cl);
-
-		if((ch >= '0') && (ch <= '9')) ch -= '0';
-		else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
-		else goto badhex;
-
-		if((cl >= '0') && (cl <= '9')) cl -= '0';
-		else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
-		else goto badhex;
-
-		*q++ = (ch << 4) | cl;
-	}
-
-	if(len) *len = q - hexbuf;
-
-	return hexbuf;
-
-	err:
-	if(hexbuf) OPENSSL_free(hexbuf);
-	X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
-	return NULL;
-
-	badhex:
-	OPENSSL_free(hexbuf);
-	X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
-	return NULL;
-
-}
-
-/* V2I name comparison function: returns zero if 'name' matches
- * cmp or cmp.*
- */
-
-int name_cmp(const char *name, const char *cmp)
-{
-	int len, ret;
-	char c;
-	len = strlen(cmp);
-	if((ret = strncmp(name, cmp, len))) return ret;
-	c = name[len];
-	if(!c || (c=='.')) return 0;
-	return 1;
-}
-
-static int sk_strcmp(const char * const *a, const char * const *b)
-{
-	return strcmp(*a, *b);
-}
-
-STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x)
-{
-	GENERAL_NAMES *gens;
-	STACK_OF(OPENSSL_STRING) *ret;
-
-	gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
-	ret = get_email(X509_get_subject_name(x), gens);
-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-	return ret;
-}
-
-STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x)
-{
-	AUTHORITY_INFO_ACCESS *info;
-	STACK_OF(OPENSSL_STRING) *ret = NULL;
-	int i;
-
-	info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
-	if (!info)
-		return NULL;
-	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++)
-		{
-		ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
-		if (OBJ_obj2nid(ad->method) == NID_ad_OCSP)
-			{
-			if (ad->location->type == GEN_URI)
-				{
-				if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier))
-					break;
-				}
-			}
-		}
-	AUTHORITY_INFO_ACCESS_free(info);
-	return ret;
-}
-
-STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x)
-{
-	GENERAL_NAMES *gens;
-	STACK_OF(X509_EXTENSION) *exts;
-	STACK_OF(OPENSSL_STRING) *ret;
-
-	exts = X509_REQ_get_extensions(x);
-	gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
-	ret = get_email(X509_REQ_get_subject_name(x), gens);
-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-	return ret;
-}
-
-
-static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens)
-{
-	STACK_OF(OPENSSL_STRING) *ret = NULL;
-	X509_NAME_ENTRY *ne;
-	ASN1_IA5STRING *email;
-	GENERAL_NAME *gen;
-	int i;
-	/* Now add any email address(es) to STACK */
-	i = -1;
-	/* First supplied X509_NAME */
-	while((i = X509_NAME_get_index_by_NID(name,
-					 NID_pkcs9_emailAddress, i)) >= 0) {
-		ne = X509_NAME_get_entry(name, i);
-		email = X509_NAME_ENTRY_get_data(ne);
-		if(!append_ia5(&ret, email)) return NULL;
-	}
-	for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
-	{
-		gen = sk_GENERAL_NAME_value(gens, i);
-		if(gen->type != GEN_EMAIL) continue;
-		if(!append_ia5(&ret, gen->d.ia5)) return NULL;
-	}
-	return ret;
-}
-
-static void str_free(OPENSSL_STRING str)
-{
-	OPENSSL_free(str);
-}
-
-static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email)
-{
-	char *emtmp;
-	/* First some sanity checks */
-	if(email->type != V_ASN1_IA5STRING) return 1;
-	if(!email->data || !email->length) return 1;
-	if(!*sk) *sk = sk_OPENSSL_STRING_new(sk_strcmp);
-	if(!*sk) return 0;
-	/* Don't add duplicates */
-	if(sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) return 1;
-	emtmp = BUF_strdup((char *)email->data);
-	if(!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
-		X509_email_free(*sk);
-		*sk = NULL;
-		return 0;
-	}
-	return 1;
-}
-
-void X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
-{
-	sk_OPENSSL_STRING_pop_free(sk, str_free);
-}
-
-/* Convert IP addresses both IPv4 and IPv6 into an 
- * OCTET STRING compatible with RFC3280.
- */
-
-ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
-	{
-	unsigned char ipout[16];
-	ASN1_OCTET_STRING *ret;
-	int iplen;
-
-	/* If string contains a ':' assume IPv6 */
-
-	iplen = a2i_ipadd(ipout, ipasc);
-
-	if (!iplen)
-		return NULL;
-
-	ret = ASN1_OCTET_STRING_new();
-	if (!ret)
-		return NULL;
-	if (!ASN1_OCTET_STRING_set(ret, ipout, iplen))
-		{
-		ASN1_OCTET_STRING_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
-
-ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
-	{
-	ASN1_OCTET_STRING *ret = NULL;
-	unsigned char ipout[32];
-	char *iptmp = NULL, *p;
-	int iplen1, iplen2;
-	p = strchr(ipasc,'/');
-	if (!p)
-		return NULL;
-	iptmp = BUF_strdup(ipasc);
-	if (!iptmp)
-		return NULL;
-	p = iptmp + (p - ipasc);
-	*p++ = 0;
-
-	iplen1 = a2i_ipadd(ipout, iptmp);
-
-	if (!iplen1)
-		goto err;
-
-	iplen2 = a2i_ipadd(ipout + iplen1, p);
-
-	OPENSSL_free(iptmp);
-	iptmp = NULL;
-
-	if (!iplen2 || (iplen1 != iplen2))
-		goto err;
-
-	ret = ASN1_OCTET_STRING_new();
-	if (!ret)
-		goto err;
-	if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
-		goto err;
-
-	return ret;
-
-	err:
-	if (iptmp)
-		OPENSSL_free(iptmp);
-	if (ret)
-		ASN1_OCTET_STRING_free(ret);
-	return NULL;
-	}
-	
-
-int a2i_ipadd(unsigned char *ipout, const char *ipasc)
-	{
-	/* If string contains a ':' assume IPv6 */
-
-	if (strchr(ipasc, ':'))
-		{
-		if (!ipv6_from_asc(ipout, ipasc))
-			return 0;
-		return 16;
-		}
-	else
-		{
-		if (!ipv4_from_asc(ipout, ipasc))
-			return 0;
-		return 4;
-		}
-	}
-
-static int ipv4_from_asc(unsigned char *v4, const char *in)
-	{
-	int a0, a1, a2, a3;
-	if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
-		return 0;
-	if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
-		|| (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
-		return 0;
-	v4[0] = a0;
-	v4[1] = a1;
-	v4[2] = a2;
-	v4[3] = a3;
-	return 1;
-	}
-
-typedef struct {
-		/* Temporary store for IPV6 output */
-		unsigned char tmp[16];
-		/* Total number of bytes in tmp */
-		int total;
-		/* The position of a zero (corresponding to '::') */
-		int zero_pos;
-		/* Number of zeroes */
-		int zero_cnt;
-	} IPV6_STAT;
-
-
-static int ipv6_from_asc(unsigned char *v6, const char *in)
-	{
-	IPV6_STAT v6stat;
-	v6stat.total = 0;
-	v6stat.zero_pos = -1;
-	v6stat.zero_cnt = 0;
-	/* Treat the IPv6 representation as a list of values
-	 * separated by ':'. The presence of a '::' will parse
- 	 * as one, two or three zero length elements.
-	 */
-	if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
-		return 0;
-
-	/* Now for some sanity checks */
-
-	if (v6stat.zero_pos == -1)
-		{
-		/* If no '::' must have exactly 16 bytes */
-		if (v6stat.total != 16)
-			return 0;
-		}
-	else 
-		{
-		/* If '::' must have less than 16 bytes */
-		if (v6stat.total == 16)
-			return 0;
-		/* More than three zeroes is an error */
-		if (v6stat.zero_cnt > 3)
-			return 0;
-		/* Can only have three zeroes if nothing else present */
-		else if (v6stat.zero_cnt == 3)
-			{
-			if (v6stat.total > 0)
-				return 0;
-			}
-		/* Can only have two zeroes if at start or end */
-		else if (v6stat.zero_cnt == 2)
-			{
-			if ((v6stat.zero_pos != 0)
-				&& (v6stat.zero_pos != v6stat.total))
-				return 0;
-			}
-		else 
-		/* Can only have one zero if *not* start or end */
-			{
-			if ((v6stat.zero_pos == 0)
-				|| (v6stat.zero_pos == v6stat.total))
-				return 0;
-			}
-		}
-
-	/* Format result */
-
-	if (v6stat.zero_pos >= 0)
-		{
-		/* Copy initial part */
-		memcpy(v6, v6stat.tmp, v6stat.zero_pos);
-		/* Zero middle */
-		memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
-		/* Copy final part */
-		if (v6stat.total != v6stat.zero_pos)
-			memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
-				v6stat.tmp + v6stat.zero_pos,
-				v6stat.total - v6stat.zero_pos);
-		}
-	else
-		memcpy(v6, v6stat.tmp, 16);
-
-	return 1;
-	}
-
-static int ipv6_cb(const char *elem, int len, void *usr)
-	{
-	IPV6_STAT *s = usr;
-	/* Error if 16 bytes written */
-	if (s->total == 16)
-		return 0;
-	if (len == 0)
-		{
-		/* Zero length element, corresponds to '::' */
-		if (s->zero_pos == -1)
-			s->zero_pos = s->total;
-		/* If we've already got a :: its an error */
-		else if (s->zero_pos != s->total)
-			return 0;
-		s->zero_cnt++;
-		}
-	else 
-		{
-		/* If more than 4 characters could be final a.b.c.d form */
-		if (len > 4)
-			{
-			/* Need at least 4 bytes left */
-			if (s->total > 12)
-				return 0;
-			/* Must be end of string */
-			if (elem[len])
-				return 0;
-			if (!ipv4_from_asc(s->tmp + s->total, elem))
-				return 0;
-			s->total += 4;
-			}
-		else
-			{
-			if (!ipv6_hex(s->tmp + s->total, elem, len))
-				return 0;
-			s->total += 2;
-			}
-		}
-	return 1;
-	}
-
-/* Convert a string of up to 4 hex digits into the corresponding
- * IPv6 form.
- */
-
-static int ipv6_hex(unsigned char *out, const char *in, int inlen)
-	{
-	unsigned char c;
-	unsigned int num = 0;
-	if (inlen > 4)
-		return 0;
-	while(inlen--)
-		{
-		c = *in++;
-		num <<= 4;
-		if ((c >= '0') && (c <= '9'))
-			num |= c - '0';
-		else if ((c >= 'A') && (c <= 'F'))
-			num |= c - 'A' + 10;
-		else if ((c >= 'a') && (c <= 'f'))
-			num |=  c - 'a' + 10;
-		else
-			return 0;
-		}
-	out[0] = num >> 8;
-	out[1] = num & 0xff;
-	return 1;
-	}
-
-
-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
-						unsigned long chtype)
-	{
-	CONF_VALUE *v;
-	int i, mval;
-	char *p, *type;
-	if (!nm)
-		return 0;
-
-	for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
-		{
-		v=sk_CONF_VALUE_value(dn_sk,i);
-		type=v->name;
-		/* Skip past any leading X. X: X, etc to allow for
-		 * multiple instances 
-		 */
-		for(p = type; *p ; p++) 
-#ifndef CHARSET_EBCDIC
-			if ((*p == ':') || (*p == ',') || (*p == '.'))
-#else
-			if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.']))
-#endif
-				{
-				p++;
-				if(*p) type = p;
-				break;
-				}
-#ifndef CHARSET_EBCDIC
-		if (*type == '+')
-#else
-		if (*type == os_toascii['+'])
-#endif
-			{
-			mval = -1;
-			type++;
-			}
-		else
-			mval = 0;
-		if (!X509_NAME_add_entry_by_txt(nm,type, chtype,
-				(unsigned char *) v->value,-1,-1,mval))
-					return 0;
-
-		}
-	return 1;
-	}
diff --git a/crypto/x509v3/v3conf.c b/crypto/x509v3/v3conf.c
deleted file mode 100644
index a9e6ca3542..0000000000
--- a/crypto/x509v3/v3conf.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* v3conf.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-/* Test application to add extensions from a config file */
-
-int main(int argc, char **argv)
-{
-	LHASH *conf;
-	X509 *cert;
-	FILE *inf;
-	char *conf_file;
-	int i;
-	int count;
-	X509_EXTENSION *ext;
-	X509V3_add_standard_extensions();
-	ERR_load_crypto_strings();
-	if(!argv[1]) {
-		fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
-		exit(1);
-	}
-	conf_file = argv[2];
-	if(!conf_file) conf_file = "test.cnf";
-	conf = CONF_load(NULL, "test.cnf", NULL);
-	if(!conf) {
-		fprintf(stderr, "Error opening Config file %s\n", conf_file);
-		ERR_print_errors_fp(stderr);
-		exit(1);
-	}
-
-	inf = fopen(argv[1], "r");
-	if(!inf) {
-		fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
-		exit(1);
-	}
-	cert = PEM_read_X509(inf, NULL, NULL);
-	if(!cert) {
-		fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
-		exit(1);
-	}
-	fclose(inf);
-
-	sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
-	cert->cert_info->extensions = NULL;
-
-	if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
-		fprintf(stderr, "Error adding extensions\n");
-		ERR_print_errors_fp(stderr);
-		exit(1);
-	}
-
-	count = X509_get_ext_count(cert);
-	printf("%d extensions\n", count);
-	for(i = 0; i < count; i++) {
-		ext = X509_get_ext(cert, i);
-		printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
-		if(ext->critical) printf(",critical:\n");
-		else printf(":\n");
-		X509V3_EXT_print_fp(stdout, ext, 0, 0);
-		printf("\n");
-		
-	}
-	return 0;
-}
-
diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c
deleted file mode 100644
index f9f6f1f91f..0000000000
--- a/crypto/x509v3/v3err.c
+++ /dev/null
@@ -1,226 +0,0 @@
-/* crypto/x509v3/v3err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
-
-static ERR_STRING_DATA X509V3_str_functs[]=
-	{
-{ERR_FUNC(X509V3_F_A2I_GENERAL_NAME),	"A2I_GENERAL_NAME"},
-{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),	"ASIDENTIFIERCHOICE_CANONIZE"},
-{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),	"ASIDENTIFIERCHOICE_IS_CANONICAL"},
-{ERR_FUNC(X509V3_F_COPY_EMAIL),	"COPY_EMAIL"},
-{ERR_FUNC(X509V3_F_COPY_ISSUER),	"COPY_ISSUER"},
-{ERR_FUNC(X509V3_F_DO_DIRNAME),	"DO_DIRNAME"},
-{ERR_FUNC(X509V3_F_DO_EXT_CONF),	"DO_EXT_CONF"},
-{ERR_FUNC(X509V3_F_DO_EXT_I2D),	"DO_EXT_I2D"},
-{ERR_FUNC(X509V3_F_DO_EXT_NCONF),	"DO_EXT_NCONF"},
-{ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS),	"DO_I2V_NAME_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME),	"GNAMES_FROM_SECTNAME"},
-{ERR_FUNC(X509V3_F_HEX_TO_STRING),	"hex_to_string"},
-{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED),	"i2s_ASN1_ENUMERATED"},
-{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING),	"I2S_ASN1_IA5STRING"},
-{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER),	"i2s_ASN1_INTEGER"},
-{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS),	"I2V_AUTHORITY_INFO_ACCESS"},
-{ERR_FUNC(X509V3_F_NOTICE_SECTION),	"NOTICE_SECTION"},
-{ERR_FUNC(X509V3_F_NREF_NOS),	"NREF_NOS"},
-{ERR_FUNC(X509V3_F_POLICY_SECTION),	"POLICY_SECTION"},
-{ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE),	"PROCESS_PCI_VALUE"},
-{ERR_FUNC(X509V3_F_R2I_CERTPOL),	"R2I_CERTPOL"},
-{ERR_FUNC(X509V3_F_R2I_PCI),	"R2I_PCI"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING),	"S2I_ASN1_IA5STRING"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER),	"s2i_ASN1_INTEGER"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING),	"s2i_ASN1_OCTET_STRING"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID),	"S2I_ASN1_SKEY_ID"},
-{ERR_FUNC(X509V3_F_S2I_SKEY_ID),	"S2I_SKEY_ID"},
-{ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME),	"SET_DIST_POINT_NAME"},
-{ERR_FUNC(X509V3_F_STRING_TO_HEX),	"string_to_hex"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC),	"SXNET_add_id_asc"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER),	"SXNET_add_id_INTEGER"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG),	"SXNET_add_id_ulong"},
-{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC),	"SXNET_get_id_asc"},
-{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG),	"SXNET_get_id_ulong"},
-{ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS),	"V2I_ASIDENTIFIERS"},
-{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING),	"v2i_ASN1_BIT_STRING"},
-{ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS),	"V2I_AUTHORITY_INFO_ACCESS"},
-{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID),	"V2I_AUTHORITY_KEYID"},
-{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS),	"V2I_BASIC_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_V2I_CRLD),	"V2I_CRLD"},
-{ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE),	"V2I_EXTENDED_KEY_USAGE"},
-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES),	"v2i_GENERAL_NAMES"},
-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX),	"v2i_GENERAL_NAME_ex"},
-{ERR_FUNC(X509V3_F_V2I_IDP),	"V2I_IDP"},
-{ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS),	"V2I_IPADDRBLOCKS"},
-{ERR_FUNC(X509V3_F_V2I_ISSUER_ALT),	"V2I_ISSUER_ALT"},
-{ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS),	"V2I_NAME_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS),	"V2I_POLICY_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS),	"V2I_POLICY_MAPPINGS"},
-{ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT),	"V2I_SUBJECT_ALT"},
-{ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL),	"V3_ADDR_VALIDATE_PATH_INTERNAL"},
-{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION),	"V3_GENERIC_EXTENSION"},
-{ERR_FUNC(X509V3_F_X509V3_ADD1_I2D),	"X509V3_add1_i2d"},
-{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE),	"X509V3_add_value"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_ADD),	"X509V3_EXT_add"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS),	"X509V3_EXT_add_alias"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_CONF),	"X509V3_EXT_conf"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_I2D),	"X509V3_EXT_i2d"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_NCONF),	"X509V3_EXT_nconf"},
-{ERR_FUNC(X509V3_F_X509V3_GET_SECTION),	"X509V3_get_section"},
-{ERR_FUNC(X509V3_F_X509V3_GET_STRING),	"X509V3_get_string"},
-{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL),	"X509V3_get_value_bool"},
-{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST),	"X509V3_parse_list"},
-{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD),	"X509_PURPOSE_add"},
-{ERR_FUNC(X509V3_F_X509_PURPOSE_SET),	"X509_PURPOSE_set"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA X509V3_str_reasons[]=
-	{
-{ERR_REASON(X509V3_R_BAD_IP_ADDRESS)     ,"bad ip address"},
-{ERR_REASON(X509V3_R_BAD_OBJECT)         ,"bad object"},
-{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR)    ,"bn dec2bn error"},
-{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
-{ERR_REASON(X509V3_R_DIRNAME_ERROR)      ,"dirname error"},
-{ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET),"distpoint already set"},
-{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID)  ,"duplicate zone id"},
-{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
-{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
-{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"},
-{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"},
-{ERR_REASON(X509V3_R_EXTENSION_EXISTS)   ,"extension exists"},
-{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"},
-{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},
-{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},
-{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},
-{ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"},
-{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT)  ,"illegal hex digit"},
-{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
-{ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS),"invalid multiple rdns"},
-{ERR_REASON(X509V3_R_INVALID_ASNUMBER)   ,"invalid asnumber"},
-{ERR_REASON(X509V3_R_INVALID_ASRANGE)    ,"invalid asrange"},
-{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
-{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},
-{ERR_REASON(X509V3_R_INVALID_INHERITANCE),"invalid inheritance"},
-{ERR_REASON(X509V3_R_INVALID_IPADDRESS)  ,"invalid ipaddress"},
-{ERR_REASON(X509V3_R_INVALID_NAME)       ,"invalid name"},
-{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
-{ERR_REASON(X509V3_R_INVALID_NULL_NAME)  ,"invalid null name"},
-{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"},
-{ERR_REASON(X509V3_R_INVALID_NUMBER)     ,"invalid number"},
-{ERR_REASON(X509V3_R_INVALID_NUMBERS)    ,"invalid numbers"},
-{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},
-{ERR_REASON(X509V3_R_INVALID_OPTION)     ,"invalid option"},
-{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},
-{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},
-{ERR_REASON(X509V3_R_INVALID_PURPOSE)    ,"invalid purpose"},
-{ERR_REASON(X509V3_R_INVALID_SAFI)       ,"invalid safi"},
-{ERR_REASON(X509V3_R_INVALID_SECTION)    ,"invalid section"},
-{ERR_REASON(X509V3_R_INVALID_SYNTAX)     ,"invalid syntax"},
-{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},
-{ERR_REASON(X509V3_R_MISSING_VALUE)      ,"missing value"},
-{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"},
-{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"},
-{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"},
-{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS)  ,"no issuer details"},
-{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"},
-{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"},
-{ERR_REASON(X509V3_R_NO_PUBLIC_KEY)      ,"no public key"},
-{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},
-{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
-{ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"},
-{ERR_REASON(X509V3_R_OTHERNAME_ERROR)    ,"othername error"},
-{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),"policy language already defined"},
-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),"policy path length already defined"},
-{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
-{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
-{ERR_REASON(X509V3_R_SECTION_NOT_FOUND)  ,"section not found"},
-{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},
-{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},
-{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},
-{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION)  ,"unknown extension"},
-{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
-{ERR_REASON(X509V3_R_UNKNOWN_OPTION)     ,"unknown option"},
-{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
-{ERR_REASON(X509V3_R_UNSUPPORTED_TYPE)   ,"unsupported type"},
-{ERR_REASON(X509V3_R_USER_TOO_LONG)      ,"user too long"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_X509V3_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,X509V3_str_functs);
-		ERR_load_strings(0,X509V3_str_reasons);
-		}
-#endif
-	}
diff --git a/crypto/x509v3/v3prin.c b/crypto/x509v3/v3prin.c
deleted file mode 100644
index d5ff268296..0000000000
--- a/crypto/x509v3/v3prin.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* v3prin.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-
-#include <stdio.h>
-#include <openssl/asn1.h>
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int main(int argc, char **argv)
-{
-	X509 *cert;
-	FILE *inf;
-	int i, count;
-	X509_EXTENSION *ext;
-	X509V3_add_standard_extensions();
-	ERR_load_crypto_strings();
-	if(!argv[1]) {
-		fprintf(stderr, "Usage v3prin cert.pem\n");
-		exit(1);
-	}
-	if(!(inf = fopen(argv[1], "r"))) {
-		fprintf(stderr, "Can't open %s\n", argv[1]);
-		exit(1);
-	}
-	if(!(cert = PEM_read_X509(inf, NULL, NULL))) {
-		fprintf(stderr, "Can't read certificate %s\n", argv[1]);
-		ERR_print_errors_fp(stderr);
-		exit(1);
-	}
-	fclose(inf);
-	count = X509_get_ext_count(cert);
-	printf("%d extensions\n", count);
-	for(i = 0; i < count; i++) {
-		ext = X509_get_ext(cert, i);
-		printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
-		if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr);
-		printf("\n");
-		
-	}
-	return 0;
-}
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
deleted file mode 100644
index b308abe7cd..0000000000
--- a/crypto/x509v3/x509v3.h
+++ /dev/null
@@ -1,1007 +0,0 @@
-/* x509v3.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_X509V3_H
-#define HEADER_X509V3_H
-
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/conf.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Forward reference */
-struct v3_ext_method;
-struct v3_ext_ctx;
-
-/* Useful typedefs */
-
-typedef void * (*X509V3_EXT_NEW)(void);
-typedef void (*X509V3_EXT_FREE)(void *);
-typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
-typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) *
-  (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext,
-		    STACK_OF(CONF_VALUE) *extlist);
-typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method,
-				 struct v3_ext_ctx *ctx,
-				 STACK_OF(CONF_VALUE) *values);
-typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext);
-typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method,
-				 struct v3_ext_ctx *ctx, const char *str);
-typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext,
-			      BIO *out, int indent);
-typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method,
-				 struct v3_ext_ctx *ctx, const char *str);
-
-/* V3 extension structure */
-
-struct v3_ext_method {
-int ext_nid;
-int ext_flags;
-/* If this is set the following four fields are ignored */
-ASN1_ITEM_EXP *it;
-/* Old style ASN1 calls */
-X509V3_EXT_NEW ext_new;
-X509V3_EXT_FREE ext_free;
-X509V3_EXT_D2I d2i;
-X509V3_EXT_I2D i2d;
-
-/* The following pair is used for string extensions */
-X509V3_EXT_I2S i2s;
-X509V3_EXT_S2I s2i;
-
-/* The following pair is used for multi-valued extensions */
-X509V3_EXT_I2V i2v;
-X509V3_EXT_V2I v2i;
-
-/* The following are used for raw extensions */
-X509V3_EXT_I2R i2r;
-X509V3_EXT_R2I r2i;
-
-void *usr_data;	/* Any extension specific data */
-};
-
-typedef struct X509V3_CONF_METHOD_st {
-char * (*get_string)(void *db, char *section, char *value);
-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
-void (*free_string)(void *db, char * string);
-void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
-} X509V3_CONF_METHOD;
-
-/* Context specific info */
-struct v3_ext_ctx {
-#define CTX_TEST 0x1
-int flags;
-X509 *issuer_cert;
-X509 *subject_cert;
-X509_REQ *subject_req;
-X509_CRL *crl;
-X509V3_CONF_METHOD *db_meth;
-void *db;
-/* Maybe more here */
-};
-
-typedef struct v3_ext_method X509V3_EXT_METHOD;
-
-DECLARE_STACK_OF(X509V3_EXT_METHOD)
-
-/* ext_flags values */
-#define X509V3_EXT_DYNAMIC	0x1
-#define X509V3_EXT_CTX_DEP	0x2
-#define X509V3_EXT_MULTILINE	0x4
-
-typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
-
-typedef struct BASIC_CONSTRAINTS_st {
-int ca;
-ASN1_INTEGER *pathlen;
-} BASIC_CONSTRAINTS;
-
-
-typedef struct PKEY_USAGE_PERIOD_st {
-ASN1_GENERALIZEDTIME *notBefore;
-ASN1_GENERALIZEDTIME *notAfter;
-} PKEY_USAGE_PERIOD;
-
-typedef struct otherName_st {
-ASN1_OBJECT *type_id;
-ASN1_TYPE *value;
-} OTHERNAME;
-
-typedef struct EDIPartyName_st {
-	ASN1_STRING *nameAssigner;
-	ASN1_STRING *partyName;
-} EDIPARTYNAME;
-
-typedef struct GENERAL_NAME_st {
-
-#define GEN_OTHERNAME	0
-#define GEN_EMAIL	1
-#define GEN_DNS		2
-#define GEN_X400	3
-#define GEN_DIRNAME	4
-#define GEN_EDIPARTY	5
-#define GEN_URI		6
-#define GEN_IPADD	7
-#define GEN_RID		8
-
-int type;
-union {
-	char *ptr;
-	OTHERNAME *otherName; /* otherName */
-	ASN1_IA5STRING *rfc822Name;
-	ASN1_IA5STRING *dNSName;
-	ASN1_TYPE *x400Address;
-	X509_NAME *directoryName;
-	EDIPARTYNAME *ediPartyName;
-	ASN1_IA5STRING *uniformResourceIdentifier;
-	ASN1_OCTET_STRING *iPAddress;
-	ASN1_OBJECT *registeredID;
-
-	/* Old names */
-	ASN1_OCTET_STRING *ip; /* iPAddress */
-	X509_NAME *dirn;		/* dirn */
-	ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
-	ASN1_OBJECT *rid; /* registeredID */
-	ASN1_TYPE *other; /* x400Address */
-} d;
-} GENERAL_NAME;
-
-typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
-
-typedef struct ACCESS_DESCRIPTION_st {
-	ASN1_OBJECT *method;
-	GENERAL_NAME *location;
-} ACCESS_DESCRIPTION;
-
-typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
-
-typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
-
-DECLARE_STACK_OF(GENERAL_NAME)
-DECLARE_ASN1_SET_OF(GENERAL_NAME)
-
-DECLARE_STACK_OF(ACCESS_DESCRIPTION)
-DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
-
-typedef struct DIST_POINT_NAME_st {
-int type;
-union {
-	GENERAL_NAMES *fullname;
-	STACK_OF(X509_NAME_ENTRY) *relativename;
-} name;
-/* If relativename then this contains the full distribution point name */
-X509_NAME *dpname;
-} DIST_POINT_NAME;
-/* All existing reasons */
-#define CRLDP_ALL_REASONS	0x807f
-
-#define CRL_REASON_NONE				-1
-#define CRL_REASON_UNSPECIFIED			0
-#define CRL_REASON_KEY_COMPROMISE		1
-#define CRL_REASON_CA_COMPROMISE		2
-#define CRL_REASON_AFFILIATION_CHANGED		3
-#define CRL_REASON_SUPERSEDED			4
-#define CRL_REASON_CESSATION_OF_OPERATION	5
-#define CRL_REASON_CERTIFICATE_HOLD		6
-#define CRL_REASON_REMOVE_FROM_CRL		8
-#define CRL_REASON_PRIVILEGE_WITHDRAWN		9
-#define CRL_REASON_AA_COMPROMISE		10
-
-struct DIST_POINT_st {
-DIST_POINT_NAME	*distpoint;
-ASN1_BIT_STRING *reasons;
-GENERAL_NAMES *CRLissuer;
-int dp_reasons;
-};
-
-typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
-
-DECLARE_STACK_OF(DIST_POINT)
-DECLARE_ASN1_SET_OF(DIST_POINT)
-
-struct AUTHORITY_KEYID_st {
-ASN1_OCTET_STRING *keyid;
-GENERAL_NAMES *issuer;
-ASN1_INTEGER *serial;
-};
-
-/* Strong extranet structures */
-
-typedef struct SXNET_ID_st {
-	ASN1_INTEGER *zone;
-	ASN1_OCTET_STRING *user;
-} SXNETID;
-
-DECLARE_STACK_OF(SXNETID)
-DECLARE_ASN1_SET_OF(SXNETID)
-
-typedef struct SXNET_st {
-	ASN1_INTEGER *version;
-	STACK_OF(SXNETID) *ids;
-} SXNET;
-
-typedef struct NOTICEREF_st {
-	ASN1_STRING *organization;
-	STACK_OF(ASN1_INTEGER) *noticenos;
-} NOTICEREF;
-
-typedef struct USERNOTICE_st {
-	NOTICEREF *noticeref;
-	ASN1_STRING *exptext;
-} USERNOTICE;
-
-typedef struct POLICYQUALINFO_st {
-	ASN1_OBJECT *pqualid;
-	union {
-		ASN1_IA5STRING *cpsuri;
-		USERNOTICE *usernotice;
-		ASN1_TYPE *other;
-	} d;
-} POLICYQUALINFO;
-
-DECLARE_STACK_OF(POLICYQUALINFO)
-DECLARE_ASN1_SET_OF(POLICYQUALINFO)
-
-typedef struct POLICYINFO_st {
-	ASN1_OBJECT *policyid;
-	STACK_OF(POLICYQUALINFO) *qualifiers;
-} POLICYINFO;
-
-typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
-
-DECLARE_STACK_OF(POLICYINFO)
-DECLARE_ASN1_SET_OF(POLICYINFO)
-
-typedef struct POLICY_MAPPING_st {
-	ASN1_OBJECT *issuerDomainPolicy;
-	ASN1_OBJECT *subjectDomainPolicy;
-} POLICY_MAPPING;
-
-DECLARE_STACK_OF(POLICY_MAPPING)
-
-typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
-
-typedef struct GENERAL_SUBTREE_st {
-	GENERAL_NAME *base;
-	ASN1_INTEGER *minimum;
-	ASN1_INTEGER *maximum;
-} GENERAL_SUBTREE;
-
-DECLARE_STACK_OF(GENERAL_SUBTREE)
-
-struct NAME_CONSTRAINTS_st {
-	STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
-	STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
-};
-
-typedef struct POLICY_CONSTRAINTS_st {
-	ASN1_INTEGER *requireExplicitPolicy;
-	ASN1_INTEGER *inhibitPolicyMapping;
-} POLICY_CONSTRAINTS;
-
-/* Proxy certificate structures, see RFC 3820 */
-typedef struct PROXY_POLICY_st
-	{
-	ASN1_OBJECT *policyLanguage;
-	ASN1_OCTET_STRING *policy;
-	} PROXY_POLICY;
-
-typedef struct PROXY_CERT_INFO_EXTENSION_st
-	{
-	ASN1_INTEGER *pcPathLengthConstraint;
-	PROXY_POLICY *proxyPolicy;
-	} PROXY_CERT_INFO_EXTENSION;
-
-DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
-DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
-
-struct ISSUING_DIST_POINT_st
-	{
-	DIST_POINT_NAME *distpoint;
-	int onlyuser;
-	int onlyCA;
-	ASN1_BIT_STRING *onlysomereasons;
-	int indirectCRL;
-	int onlyattr;
-	};
-
-/* Values in idp_flags field */
-/* IDP present */
-#define	IDP_PRESENT	0x1
-/* IDP values inconsistent */
-#define IDP_INVALID	0x2
-/* onlyuser true */
-#define	IDP_ONLYUSER	0x4
-/* onlyCA true */
-#define	IDP_ONLYCA	0x8
-/* onlyattr true */
-#define IDP_ONLYATTR	0x10
-/* indirectCRL true */
-#define IDP_INDIRECT	0x20
-/* onlysomereasons present */
-#define IDP_REASONS	0x40
-
-#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
-",name:", val->name, ",value:", val->value);
-
-#define X509V3_set_ctx_test(ctx) \
-			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
-#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
-
-#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
-			0,0,0,0, \
-			0,0, \
-			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
-			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
-			NULL, NULL, \
-			table}
-
-#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
-			0,0,0,0, \
-			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
-			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
-			0,0,0,0, \
-			NULL}
-
-#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
-
-
-/* X509_PURPOSE stuff */
-
-#define EXFLAG_BCONS		0x1
-#define EXFLAG_KUSAGE		0x2
-#define EXFLAG_XKUSAGE		0x4
-#define EXFLAG_NSCERT		0x8
-
-#define EXFLAG_CA		0x10
-/* Really self issued not necessarily self signed */
-#define EXFLAG_SI		0x20
-#define EXFLAG_SS		0x20
-#define EXFLAG_V1		0x40
-#define EXFLAG_INVALID		0x80
-#define EXFLAG_SET		0x100
-#define EXFLAG_CRITICAL		0x200
-#define EXFLAG_PROXY		0x400
-
-#define EXFLAG_INVALID_POLICY	0x800
-#define EXFLAG_FRESHEST		0x1000
-
-#define KU_DIGITAL_SIGNATURE	0x0080
-#define KU_NON_REPUDIATION	0x0040
-#define KU_KEY_ENCIPHERMENT	0x0020
-#define KU_DATA_ENCIPHERMENT	0x0010
-#define KU_KEY_AGREEMENT	0x0008
-#define KU_KEY_CERT_SIGN	0x0004
-#define KU_CRL_SIGN		0x0002
-#define KU_ENCIPHER_ONLY	0x0001
-#define KU_DECIPHER_ONLY	0x8000
-
-#define NS_SSL_CLIENT		0x80
-#define NS_SSL_SERVER		0x40
-#define NS_SMIME		0x20
-#define NS_OBJSIGN		0x10
-#define NS_SSL_CA		0x04
-#define NS_SMIME_CA		0x02
-#define NS_OBJSIGN_CA		0x01
-#define NS_ANY_CA		(NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
-
-#define XKU_SSL_SERVER		0x1	
-#define XKU_SSL_CLIENT		0x2
-#define XKU_SMIME		0x4
-#define XKU_CODE_SIGN		0x8
-#define XKU_SGC			0x10
-#define XKU_OCSP_SIGN		0x20
-#define XKU_TIMESTAMP		0x40
-#define XKU_DVCS		0x80
-
-#define X509_PURPOSE_DYNAMIC	0x1
-#define X509_PURPOSE_DYNAMIC_NAME	0x2
-
-typedef struct x509_purpose_st {
-	int purpose;
-	int trust;		/* Default trust ID */
-	int flags;
-	int (*check_purpose)(const struct x509_purpose_st *,
-				const X509 *, int);
-	char *name;
-	char *sname;
-	void *usr_data;
-} X509_PURPOSE;
-
-#define X509_PURPOSE_SSL_CLIENT		1
-#define X509_PURPOSE_SSL_SERVER		2
-#define X509_PURPOSE_NS_SSL_SERVER	3
-#define X509_PURPOSE_SMIME_SIGN		4
-#define X509_PURPOSE_SMIME_ENCRYPT	5
-#define X509_PURPOSE_CRL_SIGN		6
-#define X509_PURPOSE_ANY		7
-#define X509_PURPOSE_OCSP_HELPER	8
-#define X509_PURPOSE_TIMESTAMP_SIGN	9
-
-#define X509_PURPOSE_MIN		1
-#define X509_PURPOSE_MAX		9
-
-/* Flags for X509V3_EXT_print() */
-
-#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
-/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT		0
-/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
-/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
-/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
-
-/* Flags for X509V3_add1_i2d */
-
-#define X509V3_ADD_OP_MASK		0xfL
-#define X509V3_ADD_DEFAULT		0L
-#define X509V3_ADD_APPEND		1L
-#define X509V3_ADD_REPLACE		2L
-#define X509V3_ADD_REPLACE_EXISTING	3L
-#define X509V3_ADD_KEEP_EXISTING	4L
-#define X509V3_ADD_DELETE		5L
-#define X509V3_ADD_SILENT		0x10
-
-DECLARE_STACK_OF(X509_PURPOSE)
-
-DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
-
-DECLARE_ASN1_FUNCTIONS(SXNET)
-DECLARE_ASN1_FUNCTIONS(SXNETID)
-
-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); 
-
-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
-ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
-ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
-
-DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
-
-DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
-
-DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
-GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
-int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
-
-
-
-ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-				ASN1_BIT_STRING *bits,
-				STACK_OF(CONF_VALUE) *extlist);
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
-int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
-
-DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-		GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
-GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-
-DECLARE_ASN1_FUNCTIONS(OTHERNAME)
-DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
-int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
-void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
-void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
-int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
-				ASN1_OBJECT *oid, ASN1_TYPE *value);
-int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, 
-				ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
-
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-
-DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
-
-DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
-DECLARE_ASN1_FUNCTIONS(POLICYINFO)
-DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
-DECLARE_ASN1_FUNCTIONS(USERNOTICE)
-DECLARE_ASN1_FUNCTIONS(NOTICEREF)
-
-DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
-DECLARE_ASN1_FUNCTIONS(DIST_POINT)
-DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
-DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
-
-int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
-
-int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
-
-DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
-DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
-
-DECLARE_ASN1_ITEM(POLICY_MAPPING)
-DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
-DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
-
-DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
-DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
-
-DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
-DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
-
-DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
-DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
-
-GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
-			       const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-			       int gen_type, char *value, int is_nc);
-
-#ifdef HEADER_CONF_H
-GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-			       CONF_VALUE *cnf);
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-				  const X509V3_EXT_METHOD *method,
-				  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
-void X509V3_conf_free(CONF_VALUE *val);
-
-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-				    int ext_nid, char *value);
-X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-				char *name, char *value);
-int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-			char *section, X509 *cert);
-int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-			    char *section, X509_REQ *req);
-int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-			    char *section, X509_CRL *crl);
-
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-			     STACK_OF(CONF_VALUE) **extlist);
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
-void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
-#endif
-
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
-void X509V3_string_free(X509V3_CTX *ctx, char *str);
-void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
-				 X509_REQ *req, X509_CRL *crl, int flags);
-
-int X509V3_add_value(const char *name, const char *value,
-						STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-						STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_bool(const char *name, int asn1_bool,
-						STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
-						STACK_OF(CONF_VALUE) **extlist);
-char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
-ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
-char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
-int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
-int X509V3_EXT_add_alias(int nid_to, int nid_from);
-void X509V3_EXT_cleanup(void);
-
-const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
-const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
-int X509V3_add_standard_extensions(void);
-STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
-void *X509V3_EXT_d2i(X509_EXTENSION *ext);
-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
-
-
-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
-int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
-
-char *hex_to_string(const unsigned char *buffer, long len);
-unsigned char *string_to_hex(const char *str, long *len);
-int name_cmp(const char *name, const char *cmp);
-
-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
-								 int ml);
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
-int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
-int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
-
-int X509_check_ca(X509 *x);
-int X509_check_purpose(X509 *x, int id, int ca);
-int X509_supported_extension(X509_EXTENSION *ex);
-int X509_PURPOSE_set(int *p, int purpose);
-int X509_check_issued(X509 *issuer, X509 *subject);
-int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
-int X509_PURPOSE_get_count(void);
-X509_PURPOSE * X509_PURPOSE_get0(int idx);
-int X509_PURPOSE_get_by_sname(char *sname);
-int X509_PURPOSE_get_by_id(int id);
-int X509_PURPOSE_add(int id, int trust, int flags,
-			int (*ck)(const X509_PURPOSE *, const X509 *, int),
-				char *name, char *sname, void *arg);
-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
-int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
-void X509_PURPOSE_cleanup(void);
-int X509_PURPOSE_get_id(X509_PURPOSE *);
-
-STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
-STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
-void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
-STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
-
-ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
-ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
-int a2i_ipadd(unsigned char *ipout, const char *ipasc);
-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
-						unsigned long chtype);
-
-void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
-DECLARE_STACK_OF(X509_POLICY_NODE)
-
-#ifndef OPENSSL_NO_RFC3779
-
-typedef struct ASRange_st {
-  ASN1_INTEGER *min, *max;
-} ASRange;
-
-#define	ASIdOrRange_id		0
-#define	ASIdOrRange_range	1
-
-typedef struct ASIdOrRange_st {
-  int type;
-  union {
-    ASN1_INTEGER *id;
-    ASRange      *range;
-  } u;
-} ASIdOrRange;
-
-typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
-DECLARE_STACK_OF(ASIdOrRange)
-
-#define	ASIdentifierChoice_inherit		0
-#define	ASIdentifierChoice_asIdsOrRanges	1
-
-typedef struct ASIdentifierChoice_st {
-  int type;
-  union {
-    ASN1_NULL    *inherit;
-    ASIdOrRanges *asIdsOrRanges;
-  } u;
-} ASIdentifierChoice;
-
-typedef struct ASIdentifiers_st {
-  ASIdentifierChoice *asnum, *rdi;
-} ASIdentifiers;
-
-DECLARE_ASN1_FUNCTIONS(ASRange)
-DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
-DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
-DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
-
-
-typedef struct IPAddressRange_st {
-  ASN1_BIT_STRING	*min, *max;
-} IPAddressRange;
-
-#define	IPAddressOrRange_addressPrefix	0
-#define	IPAddressOrRange_addressRange	1
-
-typedef struct IPAddressOrRange_st {
-  int type;
-  union {
-    ASN1_BIT_STRING	*addressPrefix;
-    IPAddressRange	*addressRange;
-  } u;
-} IPAddressOrRange;
-
-typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
-DECLARE_STACK_OF(IPAddressOrRange)
-
-#define	IPAddressChoice_inherit			0
-#define	IPAddressChoice_addressesOrRanges	1
-
-typedef struct IPAddressChoice_st {
-  int type;
-  union {
-    ASN1_NULL		*inherit;
-    IPAddressOrRanges	*addressesOrRanges;
-  } u;
-} IPAddressChoice;
-
-typedef struct IPAddressFamily_st {
-  ASN1_OCTET_STRING	*addressFamily;
-  IPAddressChoice	*ipAddressChoice;
-} IPAddressFamily;
-
-typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
-DECLARE_STACK_OF(IPAddressFamily)
-
-DECLARE_ASN1_FUNCTIONS(IPAddressRange)
-DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
-DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
-DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
-
-/*
- * API tag for elements of the ASIdentifer SEQUENCE.
- */
-#define	V3_ASID_ASNUM	0
-#define	V3_ASID_RDI	1
-
-/*
- * AFI values, assigned by IANA.  It'd be nice to make the AFI
- * handling code totally generic, but there are too many little things
- * that would need to be defined for other address families for it to
- * be worth the trouble.
- */
-#define	IANA_AFI_IPV4	1
-#define	IANA_AFI_IPV6	2
-
-/*
- * Utilities to construct and extract values from RFC3779 extensions,
- * since some of the encodings (particularly for IP address prefixes
- * and ranges) are a bit tedious to work with directly.
- */
-int v3_asid_add_inherit(ASIdentifiers *asid, int which);
-int v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
-			    ASN1_INTEGER *min, ASN1_INTEGER *max);
-int v3_addr_add_inherit(IPAddrBlocks *addr,
-			const unsigned afi, const unsigned *safi);
-int v3_addr_add_prefix(IPAddrBlocks *addr,
-		       const unsigned afi, const unsigned *safi,
-		       unsigned char *a, const int prefixlen);
-int v3_addr_add_range(IPAddrBlocks *addr,
-		      const unsigned afi, const unsigned *safi,
-		      unsigned char *min, unsigned char *max);
-unsigned v3_addr_get_afi(const IPAddressFamily *f);
-int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
-		      unsigned char *min, unsigned char *max,
-		      const int length);
-
-/*
- * Canonical forms.
- */
-int v3_asid_is_canonical(ASIdentifiers *asid);
-int v3_addr_is_canonical(IPAddrBlocks *addr);
-int v3_asid_canonize(ASIdentifiers *asid);
-int v3_addr_canonize(IPAddrBlocks *addr);
-
-/*
- * Tests for inheritance and containment.
- */
-int v3_asid_inherits(ASIdentifiers *asid);
-int v3_addr_inherits(IPAddrBlocks *addr);
-int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
-
-/*
- * Check whether RFC 3779 extensions nest properly in chains.
- */
-int v3_asid_validate_path(X509_STORE_CTX *);
-int v3_addr_validate_path(X509_STORE_CTX *);
-int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
-				  ASIdentifiers *ext,
-				  int allow_inheritance);
-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
-				  IPAddrBlocks *ext,
-				  int allow_inheritance);
-
-#endif /* OPENSSL_NO_RFC3779 */
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_X509V3_strings(void);
-
-/* Error codes for the X509V3 functions. */
-
-/* Function codes. */
-#define X509V3_F_A2I_GENERAL_NAME			 164
-#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE		 161
-#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL	 162
-#define X509V3_F_COPY_EMAIL				 122
-#define X509V3_F_COPY_ISSUER				 123
-#define X509V3_F_DO_DIRNAME				 144
-#define X509V3_F_DO_EXT_CONF				 124
-#define X509V3_F_DO_EXT_I2D				 135
-#define X509V3_F_DO_EXT_NCONF				 151
-#define X509V3_F_DO_I2V_NAME_CONSTRAINTS		 148
-#define X509V3_F_GNAMES_FROM_SECTNAME			 156
-#define X509V3_F_HEX_TO_STRING				 111
-#define X509V3_F_I2S_ASN1_ENUMERATED			 121
-#define X509V3_F_I2S_ASN1_IA5STRING			 149
-#define X509V3_F_I2S_ASN1_INTEGER			 120
-#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS		 138
-#define X509V3_F_NOTICE_SECTION				 132
-#define X509V3_F_NREF_NOS				 133
-#define X509V3_F_POLICY_SECTION				 131
-#define X509V3_F_PROCESS_PCI_VALUE			 150
-#define X509V3_F_R2I_CERTPOL				 130
-#define X509V3_F_R2I_PCI				 155
-#define X509V3_F_S2I_ASN1_IA5STRING			 100
-#define X509V3_F_S2I_ASN1_INTEGER			 108
-#define X509V3_F_S2I_ASN1_OCTET_STRING			 112
-#define X509V3_F_S2I_ASN1_SKEY_ID			 114
-#define X509V3_F_S2I_SKEY_ID				 115
-#define X509V3_F_SET_DIST_POINT_NAME			 158
-#define X509V3_F_STRING_TO_HEX				 113
-#define X509V3_F_SXNET_ADD_ID_ASC			 125
-#define X509V3_F_SXNET_ADD_ID_INTEGER			 126
-#define X509V3_F_SXNET_ADD_ID_ULONG			 127
-#define X509V3_F_SXNET_GET_ID_ASC			 128
-#define X509V3_F_SXNET_GET_ID_ULONG			 129
-#define X509V3_F_V2I_ASIDENTIFIERS			 163
-#define X509V3_F_V2I_ASN1_BIT_STRING			 101
-#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS		 139
-#define X509V3_F_V2I_AUTHORITY_KEYID			 119
-#define X509V3_F_V2I_BASIC_CONSTRAINTS			 102
-#define X509V3_F_V2I_CRLD				 134
-#define X509V3_F_V2I_EXTENDED_KEY_USAGE			 103
-#define X509V3_F_V2I_GENERAL_NAMES			 118
-#define X509V3_F_V2I_GENERAL_NAME_EX			 117
-#define X509V3_F_V2I_IDP				 157
-#define X509V3_F_V2I_IPADDRBLOCKS			 159
-#define X509V3_F_V2I_ISSUER_ALT				 153
-#define X509V3_F_V2I_NAME_CONSTRAINTS			 147
-#define X509V3_F_V2I_POLICY_CONSTRAINTS			 146
-#define X509V3_F_V2I_POLICY_MAPPINGS			 145
-#define X509V3_F_V2I_SUBJECT_ALT			 154
-#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL		 160
-#define X509V3_F_V3_GENERIC_EXTENSION			 116
-#define X509V3_F_X509V3_ADD1_I2D			 140
-#define X509V3_F_X509V3_ADD_VALUE			 105
-#define X509V3_F_X509V3_EXT_ADD				 104
-#define X509V3_F_X509V3_EXT_ADD_ALIAS			 106
-#define X509V3_F_X509V3_EXT_CONF			 107
-#define X509V3_F_X509V3_EXT_I2D				 136
-#define X509V3_F_X509V3_EXT_NCONF			 152
-#define X509V3_F_X509V3_GET_SECTION			 142
-#define X509V3_F_X509V3_GET_STRING			 143
-#define X509V3_F_X509V3_GET_VALUE_BOOL			 110
-#define X509V3_F_X509V3_PARSE_LIST			 109
-#define X509V3_F_X509_PURPOSE_ADD			 137
-#define X509V3_F_X509_PURPOSE_SET			 141
-
-/* Reason codes. */
-#define X509V3_R_BAD_IP_ADDRESS				 118
-#define X509V3_R_BAD_OBJECT				 119
-#define X509V3_R_BN_DEC2BN_ERROR			 100
-#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR		 101
-#define X509V3_R_DIRNAME_ERROR				 149
-#define X509V3_R_DISTPOINT_ALREADY_SET			 160
-#define X509V3_R_DUPLICATE_ZONE_ID			 133
-#define X509V3_R_ERROR_CONVERTING_ZONE			 131
-#define X509V3_R_ERROR_CREATING_EXTENSION		 144
-#define X509V3_R_ERROR_IN_EXTENSION			 128
-#define X509V3_R_EXPECTED_A_SECTION_NAME		 137
-#define X509V3_R_EXTENSION_EXISTS			 145
-#define X509V3_R_EXTENSION_NAME_ERROR			 115
-#define X509V3_R_EXTENSION_NOT_FOUND			 102
-#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED	 103
-#define X509V3_R_EXTENSION_VALUE_ERROR			 116
-#define X509V3_R_ILLEGAL_EMPTY_EXTENSION		 151
-#define X509V3_R_ILLEGAL_HEX_DIGIT			 113
-#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG		 152
-#define X509V3_R_INVALID_MULTIPLE_RDNS			 161
-#define X509V3_R_INVALID_ASNUMBER			 162
-#define X509V3_R_INVALID_ASRANGE			 163
-#define X509V3_R_INVALID_BOOLEAN_STRING			 104
-#define X509V3_R_INVALID_EXTENSION_STRING		 105
-#define X509V3_R_INVALID_INHERITANCE			 165
-#define X509V3_R_INVALID_IPADDRESS			 166
-#define X509V3_R_INVALID_NAME				 106
-#define X509V3_R_INVALID_NULL_ARGUMENT			 107
-#define X509V3_R_INVALID_NULL_NAME			 108
-#define X509V3_R_INVALID_NULL_VALUE			 109
-#define X509V3_R_INVALID_NUMBER				 140
-#define X509V3_R_INVALID_NUMBERS			 141
-#define X509V3_R_INVALID_OBJECT_IDENTIFIER		 110
-#define X509V3_R_INVALID_OPTION				 138
-#define X509V3_R_INVALID_POLICY_IDENTIFIER		 134
-#define X509V3_R_INVALID_PROXY_POLICY_SETTING		 153
-#define X509V3_R_INVALID_PURPOSE			 146
-#define X509V3_R_INVALID_SAFI				 164
-#define X509V3_R_INVALID_SECTION			 135
-#define X509V3_R_INVALID_SYNTAX				 143
-#define X509V3_R_ISSUER_DECODE_ERROR			 126
-#define X509V3_R_MISSING_VALUE				 124
-#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS		 142
-#define X509V3_R_NO_CONFIG_DATABASE			 136
-#define X509V3_R_NO_ISSUER_CERTIFICATE			 121
-#define X509V3_R_NO_ISSUER_DETAILS			 127
-#define X509V3_R_NO_POLICY_IDENTIFIER			 139
-#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED	 154
-#define X509V3_R_NO_PUBLIC_KEY				 114
-#define X509V3_R_NO_SUBJECT_DETAILS			 125
-#define X509V3_R_ODD_NUMBER_OF_DIGITS			 112
-#define X509V3_R_OPERATION_NOT_DEFINED			 148
-#define X509V3_R_OTHERNAME_ERROR			 147
-#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED	 155
-#define X509V3_R_POLICY_PATH_LENGTH			 156
-#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED	 157
-#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED	 158
-#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
-#define X509V3_R_SECTION_NOT_FOUND			 150
-#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS		 122
-#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID		 123
-#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT		 111
-#define X509V3_R_UNKNOWN_EXTENSION			 129
-#define X509V3_R_UNKNOWN_EXTENSION_NAME			 130
-#define X509V3_R_UNKNOWN_OPTION				 120
-#define X509V3_R_UNSUPPORTED_OPTION			 117
-#define X509V3_R_UNSUPPORTED_TYPE			 167
-#define X509V3_R_USER_TOO_LONG				 132
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/x86_64cpuid.S b/crypto/x86_64cpuid.S
deleted file mode 100644
index 562b03abd1..0000000000
--- a/crypto/x86_64cpuid.S
+++ /dev/null
@@ -1,234 +0,0 @@
-
-.hidden	OPENSSL_cpuid_setup
-.section	.init
-	call	OPENSSL_cpuid_setup
-
-.hidden	OPENSSL_ia32cap_P
-.comm	OPENSSL_ia32cap_P,8,4
-
-.text	
-
-.globl	OPENSSL_atomic_add
-.type	OPENSSL_atomic_add,@function
-.align	16
-OPENSSL_atomic_add:
-	movl	(%rdi),%eax
-.Lspin:	leaq	(%rsi,%rax,1),%r8
-.byte	0xf0		
-	cmpxchgl	%r8d,(%rdi)
-	jne	.Lspin
-	movl	%r8d,%eax
-.byte	0x48,0x98	
-	.byte	0xf3,0xc3
-.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
-
-.globl	OPENSSL_rdtsc
-.type	OPENSSL_rdtsc,@function
-.align	16
-OPENSSL_rdtsc:
-	rdtsc
-	shlq	$32,%rdx
-	orq	%rdx,%rax
-	.byte	0xf3,0xc3
-.size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
-
-.globl	OPENSSL_ia32_cpuid
-.type	OPENSSL_ia32_cpuid,@function
-.align	16
-OPENSSL_ia32_cpuid:
-	movq	%rbx,%r8
-
-	xorl	%eax,%eax
-	cpuid
-	movl	%eax,%r11d
-
-	xorl	%eax,%eax
-	cmpl	$1970169159,%ebx
-	setne	%al
-	movl	%eax,%r9d
-	cmpl	$1231384169,%edx
-	setne	%al
-	orl	%eax,%r9d
-	cmpl	$1818588270,%ecx
-	setne	%al
-	orl	%eax,%r9d
-	jz	.Lintel
-
-	cmpl	$1752462657,%ebx
-	setne	%al
-	movl	%eax,%r10d
-	cmpl	$1769238117,%edx
-	setne	%al
-	orl	%eax,%r10d
-	cmpl	$1145913699,%ecx
-	setne	%al
-	orl	%eax,%r10d
-	jnz	.Lintel
-
-
-	movl	$2147483648,%eax
-	cpuid
-	cmpl	$2147483649,%eax
-	jb	.Lintel
-	movl	%eax,%r10d
-	movl	$2147483649,%eax
-	cpuid
-	orl	%ecx,%r9d
-	andl	$2049,%r9d
-
-	cmpl	$2147483656,%r10d
-	jb	.Lintel
-
-	movl	$2147483656,%eax
-	cpuid
-	movzbq	%cl,%r10
-	incq	%r10
-
-	movl	$1,%eax
-	cpuid
-	btl	$28,%edx
-	jnc	.Lgeneric
-	shrl	$16,%ebx
-	cmpb	%r10b,%bl
-	ja	.Lgeneric
-	andl	$4026531839,%edx
-	jmp	.Lgeneric
-
-.Lintel:
-	cmpl	$4,%r11d
-	movl	$-1,%r10d
-	jb	.Lnocacheinfo
-
-	movl	$4,%eax
-	movl	$0,%ecx
-	cpuid
-	movl	%eax,%r10d
-	shrl	$14,%r10d
-	andl	$4095,%r10d
-
-.Lnocacheinfo:
-	movl	$1,%eax
-	cpuid
-	andl	$3220176895,%edx
-	cmpl	$0,%r9d
-	jne	.Lnotintel
-	orl	$1073741824,%edx
-	andb	$15,%ah
-	cmpb	$15,%ah
-	jne	.Lnotintel
-	orl	$1048576,%edx
-.Lnotintel:
-	btl	$28,%edx
-	jnc	.Lgeneric
-	andl	$4026531839,%edx
-	cmpl	$0,%r10d
-	je	.Lgeneric
-
-	orl	$268435456,%edx
-	shrl	$16,%ebx
-	cmpb	$1,%bl
-	ja	.Lgeneric
-	andl	$4026531839,%edx
-.Lgeneric:
-	andl	$2048,%r9d
-	andl	$4294965247,%ecx
-	orl	%ecx,%r9d
-
-	movl	%edx,%r10d
-	btl	$27,%r9d
-	jnc	.Lclear_avx
-	xorl	%ecx,%ecx
-.byte	0x0f,0x01,0xd0		
-	andl	$6,%eax
-	cmpl	$6,%eax
-	je	.Ldone
-.Lclear_avx:
-	movl	$4026525695,%eax
-	andl	%eax,%r9d
-.Ldone:
-	shlq	$32,%r9
-	movl	%r10d,%eax
-	movq	%r8,%rbx
-	orq	%r9,%rax
-	.byte	0xf3,0xc3
-.size	OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
-
-.globl	OPENSSL_cleanse
-.type	OPENSSL_cleanse,@function
-.align	16
-OPENSSL_cleanse:
-	xorq	%rax,%rax
-	cmpq	$15,%rsi
-	jae	.Lot
-	cmpq	$0,%rsi
-	je	.Lret
-.Little:
-	movb	%al,(%rdi)
-	subq	$1,%rsi
-	leaq	1(%rdi),%rdi
-	jnz	.Little
-.Lret:
-	.byte	0xf3,0xc3
-.align	16
-.Lot:
-	testq	$7,%rdi
-	jz	.Laligned
-	movb	%al,(%rdi)
-	leaq	-1(%rsi),%rsi
-	leaq	1(%rdi),%rdi
-	jmp	.Lot
-.Laligned:
-	movq	%rax,(%rdi)
-	leaq	-8(%rsi),%rsi
-	testq	$-8,%rsi
-	leaq	8(%rdi),%rdi
-	jnz	.Laligned
-	cmpq	$0,%rsi
-	jne	.Little
-	.byte	0xf3,0xc3
-.size	OPENSSL_cleanse,.-OPENSSL_cleanse
-.globl	OPENSSL_wipe_cpu
-.type	OPENSSL_wipe_cpu,@function
-.align	16
-OPENSSL_wipe_cpu:
-	pxor	%xmm0,%xmm0
-	pxor	%xmm1,%xmm1
-	pxor	%xmm2,%xmm2
-	pxor	%xmm3,%xmm3
-	pxor	%xmm4,%xmm4
-	pxor	%xmm5,%xmm5
-	pxor	%xmm6,%xmm6
-	pxor	%xmm7,%xmm7
-	pxor	%xmm8,%xmm8
-	pxor	%xmm9,%xmm9
-	pxor	%xmm10,%xmm10
-	pxor	%xmm11,%xmm11
-	pxor	%xmm12,%xmm12
-	pxor	%xmm13,%xmm13
-	pxor	%xmm14,%xmm14
-	pxor	%xmm15,%xmm15
-	xorq	%rcx,%rcx
-	xorq	%rdx,%rdx
-	xorq	%rsi,%rsi
-	xorq	%rdi,%rdi
-	xorq	%r8,%r8
-	xorq	%r9,%r9
-	xorq	%r10,%r10
-	xorq	%r11,%r11
-	leaq	8(%rsp),%rax
-	.byte	0xf3,0xc3
-.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
-.globl	OPENSSL_ia32_rdrand
-.type	OPENSSL_ia32_rdrand,@function
-.align	16
-OPENSSL_ia32_rdrand:
-	movl	$8,%ecx
-.Loop_rdrand:
-.byte	72,15,199,240
-	jc	.Lbreak_rdrand
-	loop	.Loop_rdrand
-.Lbreak_rdrand:
-	cmpq	$0,%rax
-	cmoveq	%rcx,%rax
-	.byte	0xf3,0xc3
-.size	OPENSSL_ia32_rdrand,.-OPENSSL_ia32_rdrand
diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl
deleted file mode 100644
index 6ebfd017ea..0000000000
--- a/crypto/x86_64cpuid.pl
+++ /dev/null
@@ -1,284 +0,0 @@
-#!/usr/bin/env perl
-
-$flavour = shift;
-$output  = shift;
-if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
-
-$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
-die "can't locate x86_64-xlate.pl";
-
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-
-($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") :	# Win64 order
-				 ("%rdi","%rsi","%rdx","%rcx");	# Unix order
-
-print<<___;
-.extern		OPENSSL_cpuid_setup
-.hidden		OPENSSL_cpuid_setup
-.section	.init
-	call	OPENSSL_cpuid_setup
-
-.hidden	OPENSSL_ia32cap_P
-.comm	OPENSSL_ia32cap_P,8,4
-
-.text
-
-.globl	OPENSSL_atomic_add
-.type	OPENSSL_atomic_add,\@abi-omnipotent
-.align	16
-OPENSSL_atomic_add:
-	movl	($arg1),%eax
-.Lspin:	leaq	($arg2,%rax),%r8
-	.byte	0xf0		# lock
-	cmpxchgl	%r8d,($arg1)
-	jne	.Lspin
-	movl	%r8d,%eax
-	.byte	0x48,0x98	# cltq/cdqe
-	ret
-.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
-
-.globl	OPENSSL_rdtsc
-.type	OPENSSL_rdtsc,\@abi-omnipotent
-.align	16
-OPENSSL_rdtsc:
-	rdtsc
-	shl	\$32,%rdx
-	or	%rdx,%rax
-	ret
-.size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
-
-.globl	OPENSSL_ia32_cpuid
-.type	OPENSSL_ia32_cpuid,\@abi-omnipotent
-.align	16
-OPENSSL_ia32_cpuid:
-	mov	%rbx,%r8		# save %rbx
-
-	xor	%eax,%eax
-	cpuid
-	mov	%eax,%r11d		# max value for standard query level
-
-	xor	%eax,%eax
-	cmp	\$0x756e6547,%ebx	# "Genu"
-	setne	%al
-	mov	%eax,%r9d
-	cmp	\$0x49656e69,%edx	# "ineI"
-	setne	%al
-	or	%eax,%r9d
-	cmp	\$0x6c65746e,%ecx	# "ntel"
-	setne	%al
-	or	%eax,%r9d		# 0 indicates Intel CPU
-	jz	.Lintel
-
-	cmp	\$0x68747541,%ebx	# "Auth"
-	setne	%al
-	mov	%eax,%r10d
-	cmp	\$0x69746E65,%edx	# "enti"
-	setne	%al
-	or	%eax,%r10d
-	cmp	\$0x444D4163,%ecx	# "cAMD"
-	setne	%al
-	or	%eax,%r10d		# 0 indicates AMD CPU
-	jnz	.Lintel
-
-	# AMD specific
-	mov	\$0x80000000,%eax
-	cpuid
-	cmp	\$0x80000001,%eax
-	jb	.Lintel
-	mov	%eax,%r10d
-	mov	\$0x80000001,%eax
-	cpuid
-	or	%ecx,%r9d
-	and	\$0x00000801,%r9d	# isolate AMD XOP bit, 1<<11
-
-	cmp	\$0x80000008,%r10d
-	jb	.Lintel
-
-	mov	\$0x80000008,%eax
-	cpuid
-	movzb	%cl,%r10		# number of cores - 1
-	inc	%r10			# number of cores
-
-	mov	\$1,%eax
-	cpuid
-	bt	\$28,%edx		# test hyper-threading bit
-	jnc	.Lgeneric
-	shr	\$16,%ebx		# number of logical processors
-	cmp	%r10b,%bl
-	ja	.Lgeneric
-	and	\$0xefffffff,%edx	# ~(1<<28)
-	jmp	.Lgeneric
-
-.Lintel:
-	cmp	\$4,%r11d
-	mov	\$-1,%r10d
-	jb	.Lnocacheinfo
-
-	mov	\$4,%eax
-	mov	\$0,%ecx		# query L1D
-	cpuid
-	mov	%eax,%r10d
-	shr	\$14,%r10d
-	and	\$0xfff,%r10d		# number of cores -1 per L1D
-
-.Lnocacheinfo:
-	mov	\$1,%eax
-	cpuid
-	and	\$0xbfefffff,%edx	# force reserved bits to 0
-	cmp	\$0,%r9d
-	jne	.Lnotintel
-	or	\$0x40000000,%edx	# set reserved bit#30 on Intel CPUs
-	and	\$15,%ah
-	cmp	\$15,%ah		# examine Family ID
-	jne	.Lnotintel
-	or	\$0x00100000,%edx	# set reserved bit#20 to engage RC4_CHAR
-.Lnotintel:
-	bt	\$28,%edx		# test hyper-threading bit
-	jnc	.Lgeneric
-	and	\$0xefffffff,%edx	# ~(1<<28)
-	cmp	\$0,%r10d
-	je	.Lgeneric
-
-	or	\$0x10000000,%edx	# 1<<28
-	shr	\$16,%ebx
-	cmp	\$1,%bl			# see if cache is shared
-	ja	.Lgeneric
-	and	\$0xefffffff,%edx	# ~(1<<28)
-.Lgeneric:
-	and	\$0x00000800,%r9d	# isolate AMD XOP flag
-	and	\$0xfffff7ff,%ecx
-	or	%ecx,%r9d		# merge AMD XOP flag
-
-	mov	%edx,%r10d		# %r9d:%r10d is copy of %ecx:%edx
-	bt	\$27,%r9d		# check OSXSAVE bit
-	jnc	.Lclear_avx
-	xor	%ecx,%ecx		# XCR0
-	.byte	0x0f,0x01,0xd0		# xgetbv
-	and	\$6,%eax		# isolate XMM and YMM state support
-	cmp	\$6,%eax
-	je	.Ldone
-.Lclear_avx:
-	mov	\$0xefffe7ff,%eax	# ~(1<<28|1<<12|1<<11)
-	and	%eax,%r9d		# clear AVX, FMA and AMD XOP bits
-.Ldone:
-	shl	\$32,%r9
-	mov	%r10d,%eax
-	mov	%r8,%rbx		# restore %rbx
-	or	%r9,%rax
-	ret
-.size	OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
-
-.globl  OPENSSL_cleanse
-.type   OPENSSL_cleanse,\@abi-omnipotent
-.align  16
-OPENSSL_cleanse:
-	xor	%rax,%rax
-	cmp	\$15,$arg2
-	jae	.Lot
-	cmp	\$0,$arg2
-	je	.Lret
-.Little:
-	mov	%al,($arg1)
-	sub	\$1,$arg2
-	lea	1($arg1),$arg1
-	jnz	.Little
-.Lret:
-	ret
-.align	16
-.Lot:
-	test	\$7,$arg1
-	jz	.Laligned
-	mov	%al,($arg1)
-	lea	-1($arg2),$arg2
-	lea	1($arg1),$arg1
-	jmp	.Lot
-.Laligned:
-	mov	%rax,($arg1)
-	lea	-8($arg2),$arg2
-	test	\$-8,$arg2
-	lea	8($arg1),$arg1
-	jnz	.Laligned
-	cmp	\$0,$arg2
-	jne	.Little
-	ret
-.size	OPENSSL_cleanse,.-OPENSSL_cleanse
-___
-
-print<<___ if (!$win64);
-.globl	OPENSSL_wipe_cpu
-.type	OPENSSL_wipe_cpu,\@abi-omnipotent
-.align	16
-OPENSSL_wipe_cpu:
-	pxor	%xmm0,%xmm0
-	pxor	%xmm1,%xmm1
-	pxor	%xmm2,%xmm2
-	pxor	%xmm3,%xmm3
-	pxor	%xmm4,%xmm4
-	pxor	%xmm5,%xmm5
-	pxor	%xmm6,%xmm6
-	pxor	%xmm7,%xmm7
-	pxor	%xmm8,%xmm8
-	pxor	%xmm9,%xmm9
-	pxor	%xmm10,%xmm10
-	pxor	%xmm11,%xmm11
-	pxor	%xmm12,%xmm12
-	pxor	%xmm13,%xmm13
-	pxor	%xmm14,%xmm14
-	pxor	%xmm15,%xmm15
-	xorq	%rcx,%rcx
-	xorq	%rdx,%rdx
-	xorq	%rsi,%rsi
-	xorq	%rdi,%rdi
-	xorq	%r8,%r8
-	xorq	%r9,%r9
-	xorq	%r10,%r10
-	xorq	%r11,%r11
-	leaq	8(%rsp),%rax
-	ret
-.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
-___
-print<<___ if ($win64);
-.globl	OPENSSL_wipe_cpu
-.type	OPENSSL_wipe_cpu,\@abi-omnipotent
-.align	16
-OPENSSL_wipe_cpu:
-	pxor	%xmm0,%xmm0
-	pxor	%xmm1,%xmm1
-	pxor	%xmm2,%xmm2
-	pxor	%xmm3,%xmm3
-	pxor	%xmm4,%xmm4
-	pxor	%xmm5,%xmm5
-	xorq	%rcx,%rcx
-	xorq	%rdx,%rdx
-	xorq	%r8,%r8
-	xorq	%r9,%r9
-	xorq	%r10,%r10
-	xorq	%r11,%r11
-	leaq	8(%rsp),%rax
-	ret
-.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
-___
-
-print<<___;
-.globl	OPENSSL_ia32_rdrand
-.type	OPENSSL_ia32_rdrand,\@abi-omnipotent
-.align	16
-OPENSSL_ia32_rdrand:
-	mov	\$8,%ecx
-.Loop_rdrand:
-	rdrand	%rax
-	jc	.Lbreak_rdrand
-	loop	.Loop_rdrand
-.Lbreak_rdrand:
-	cmp	\$0,%rax
-	cmove	%rcx,%rax
-	ret
-.size	OPENSSL_ia32_rdrand,.-OPENSSL_ia32_rdrand
-___
-
-close STDOUT;	# flush
diff --git a/crypto/x86cpuid.S b/crypto/x86cpuid.S
deleted file mode 100644
index 10be221c55..0000000000
--- a/crypto/x86cpuid.S
+++ /dev/null
@@ -1,348 +0,0 @@
-.file	"x86cpuid.s"
-.text
-.globl	OPENSSL_ia32_cpuid
-.type	OPENSSL_ia32_cpuid,@function
-.align	16
-OPENSSL_ia32_cpuid:
-.L_OPENSSL_ia32_cpuid_begin:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	xorl	%edx,%edx
-	pushfl
-	popl	%eax
-	movl	%eax,%ecx
-	xorl	$2097152,%eax
-	pushl	%eax
-	popfl
-	pushfl
-	popl	%eax
-	xorl	%eax,%ecx
-	xorl	%eax,%eax
-	btl	$21,%ecx
-	jnc	.L000nocpuid
-	.byte	0x0f,0xa2
-	movl	%eax,%edi
-	xorl	%eax,%eax
-	cmpl	$1970169159,%ebx
-	setne	%al
-	movl	%eax,%ebp
-	cmpl	$1231384169,%edx
-	setne	%al
-	orl	%eax,%ebp
-	cmpl	$1818588270,%ecx
-	setne	%al
-	orl	%eax,%ebp
-	jz	.L001intel
-	cmpl	$1752462657,%ebx
-	setne	%al
-	movl	%eax,%esi
-	cmpl	$1769238117,%edx
-	setne	%al
-	orl	%eax,%esi
-	cmpl	$1145913699,%ecx
-	setne	%al
-	orl	%eax,%esi
-	jnz	.L001intel
-	movl	$2147483648,%eax
-	.byte	0x0f,0xa2
-	cmpl	$2147483649,%eax
-	jb	.L001intel
-	movl	%eax,%esi
-	movl	$2147483649,%eax
-	.byte	0x0f,0xa2
-	orl	%ecx,%ebp
-	andl	$2049,%ebp
-	cmpl	$2147483656,%esi
-	jb	.L001intel
-	movl	$2147483656,%eax
-	.byte	0x0f,0xa2
-	movzbl	%cl,%esi
-	incl	%esi
-	movl	$1,%eax
-	xorl	%ecx,%ecx
-	.byte	0x0f,0xa2
-	btl	$28,%edx
-	jnc	.L002generic
-	shrl	$16,%ebx
-	andl	$255,%ebx
-	cmpl	%esi,%ebx
-	ja	.L002generic
-	andl	$4026531839,%edx
-	jmp	.L002generic
-.L001intel:
-	cmpl	$4,%edi
-	movl	$-1,%edi
-	jb	.L003nocacheinfo
-	movl	$4,%eax
-	movl	$0,%ecx
-	.byte	0x0f,0xa2
-	movl	%eax,%edi
-	shrl	$14,%edi
-	andl	$4095,%edi
-.L003nocacheinfo:
-	movl	$1,%eax
-	xorl	%ecx,%ecx
-	.byte	0x0f,0xa2
-	andl	$3220176895,%edx
-	cmpl	$0,%ebp
-	jne	.L004notintel
-	orl	$1073741824,%edx
-	andb	$15,%ah
-	cmpb	$15,%ah
-	jne	.L004notintel
-	orl	$1048576,%edx
-.L004notintel:
-	btl	$28,%edx
-	jnc	.L002generic
-	andl	$4026531839,%edx
-	cmpl	$0,%edi
-	je	.L002generic
-	orl	$268435456,%edx
-	shrl	$16,%ebx
-	cmpb	$1,%bl
-	ja	.L002generic
-	andl	$4026531839,%edx
-.L002generic:
-	andl	$2048,%ebp
-	andl	$4294965247,%ecx
-	movl	%edx,%esi
-	orl	%ecx,%ebp
-	btl	$27,%ecx
-	jnc	.L005clear_avx
-	xorl	%ecx,%ecx
-.byte	15,1,208
-	andl	$6,%eax
-	cmpl	$6,%eax
-	je	.L006done
-	cmpl	$2,%eax
-	je	.L005clear_avx
-.L007clear_xmm:
-	andl	$4261412861,%ebp
-	andl	$4278190079,%esi
-.L005clear_avx:
-	andl	$4026525695,%ebp
-.L006done:
-	movl	%esi,%eax
-	movl	%ebp,%edx
-.L000nocpuid:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.size	OPENSSL_ia32_cpuid,.-.L_OPENSSL_ia32_cpuid_begin
-.globl	OPENSSL_rdtsc
-.type	OPENSSL_rdtsc,@function
-.align	16
-OPENSSL_rdtsc:
-.L_OPENSSL_rdtsc_begin:
-	xorl	%eax,%eax
-	xorl	%edx,%edx
-	call	.L008PIC_me_up
-.L008PIC_me_up:
-	popl	%ecx
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L008PIC_me_up](%ecx),%ecx
-	movl	OPENSSL_ia32cap_P@GOT(%ecx),%ecx
-	btl	$4,(%ecx)
-	jnc	.L009notsc
-	.byte	0x0f,0x31
-.L009notsc:
-	ret
-.size	OPENSSL_rdtsc,.-.L_OPENSSL_rdtsc_begin
-.globl	OPENSSL_instrument_halt
-.type	OPENSSL_instrument_halt,@function
-.align	16
-OPENSSL_instrument_halt:
-.L_OPENSSL_instrument_halt_begin:
-	call	.L010PIC_me_up
-.L010PIC_me_up:
-	popl	%ecx
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L010PIC_me_up](%ecx),%ecx
-	movl	OPENSSL_ia32cap_P@GOT(%ecx),%ecx
-	btl	$4,(%ecx)
-	jnc	.L011nohalt
-.long	2421723150
-	andl	$3,%eax
-	jnz	.L011nohalt
-	pushfl
-	popl	%eax
-	btl	$9,%eax
-	jnc	.L011nohalt
-	.byte	0x0f,0x31
-	pushl	%edx
-	pushl	%eax
-	hlt
-	.byte	0x0f,0x31
-	subl	(%esp),%eax
-	sbbl	4(%esp),%edx
-	addl	$8,%esp
-	ret
-.L011nohalt:
-	xorl	%eax,%eax
-	xorl	%edx,%edx
-	ret
-.size	OPENSSL_instrument_halt,.-.L_OPENSSL_instrument_halt_begin
-.globl	OPENSSL_far_spin
-.type	OPENSSL_far_spin,@function
-.align	16
-OPENSSL_far_spin:
-.L_OPENSSL_far_spin_begin:
-	pushfl
-	popl	%eax
-	btl	$9,%eax
-	jnc	.L012nospin
-	movl	4(%esp),%eax
-	movl	8(%esp),%ecx
-.long	2430111262
-	xorl	%eax,%eax
-	movl	(%ecx),%edx
-	jmp	.L013spin
-.align	16
-.L013spin:
-	incl	%eax
-	cmpl	(%ecx),%edx
-	je	.L013spin
-.long	529567888
-	ret
-.L012nospin:
-	xorl	%eax,%eax
-	xorl	%edx,%edx
-	ret
-.size	OPENSSL_far_spin,.-.L_OPENSSL_far_spin_begin
-.globl	OPENSSL_wipe_cpu
-.type	OPENSSL_wipe_cpu,@function
-.align	16
-OPENSSL_wipe_cpu:
-.L_OPENSSL_wipe_cpu_begin:
-	xorl	%eax,%eax
-	xorl	%edx,%edx
-	call	.L014PIC_me_up
-.L014PIC_me_up:
-	popl	%ecx
-	leal	_GLOBAL_OFFSET_TABLE_+[.-.L014PIC_me_up](%ecx),%ecx
-	movl	OPENSSL_ia32cap_P@GOT(%ecx),%ecx
-	movl	(%ecx),%ecx
-	btl	$1,(%ecx)
-	jnc	.L015no_x87
-	andl	$83886080,%ecx
-	cmpl	$83886080,%ecx
-	jne	.L016no_sse2
-	pxor	%xmm0,%xmm0
-	pxor	%xmm1,%xmm1
-	pxor	%xmm2,%xmm2
-	pxor	%xmm3,%xmm3
-	pxor	%xmm4,%xmm4
-	pxor	%xmm5,%xmm5
-	pxor	%xmm6,%xmm6
-	pxor	%xmm7,%xmm7
-.L016no_sse2:
-.long	4007259865,4007259865,4007259865,4007259865,2430851995
-.L015no_x87:
-	leal	4(%esp),%eax
-	ret
-.size	OPENSSL_wipe_cpu,.-.L_OPENSSL_wipe_cpu_begin
-.globl	OPENSSL_atomic_add
-.type	OPENSSL_atomic_add,@function
-.align	16
-OPENSSL_atomic_add:
-.L_OPENSSL_atomic_add_begin:
-	movl	4(%esp),%edx
-	movl	8(%esp),%ecx
-	pushl	%ebx
-	nop
-	movl	(%edx),%eax
-.L017spin:
-	leal	(%eax,%ecx,1),%ebx
-	nop
-.long	447811568
-	jne	.L017spin
-	movl	%ebx,%eax
-	popl	%ebx
-	ret
-.size	OPENSSL_atomic_add,.-.L_OPENSSL_atomic_add_begin
-.globl	OPENSSL_indirect_call
-.type	OPENSSL_indirect_call,@function
-.align	16
-OPENSSL_indirect_call:
-.L_OPENSSL_indirect_call_begin:
-	pushl	%ebp
-	movl	%esp,%ebp
-	subl	$28,%esp
-	movl	12(%ebp),%ecx
-	movl	%ecx,(%esp)
-	movl	16(%ebp),%edx
-	movl	%edx,4(%esp)
-	movl	20(%ebp),%eax
-	movl	%eax,8(%esp)
-	movl	24(%ebp),%eax
-	movl	%eax,12(%esp)
-	movl	28(%ebp),%eax
-	movl	%eax,16(%esp)
-	movl	32(%ebp),%eax
-	movl	%eax,20(%esp)
-	movl	36(%ebp),%eax
-	movl	%eax,24(%esp)
-	call	*8(%ebp)
-	movl	%ebp,%esp
-	popl	%ebp
-	ret
-.size	OPENSSL_indirect_call,.-.L_OPENSSL_indirect_call_begin
-.globl	OPENSSL_cleanse
-.type	OPENSSL_cleanse,@function
-.align	16
-OPENSSL_cleanse:
-.L_OPENSSL_cleanse_begin:
-	movl	4(%esp),%edx
-	movl	8(%esp),%ecx
-	xorl	%eax,%eax
-	cmpl	$7,%ecx
-	jae	.L018lot
-	cmpl	$0,%ecx
-	je	.L019ret
-.L020little:
-	movb	%al,(%edx)
-	subl	$1,%ecx
-	leal	1(%edx),%edx
-	jnz	.L020little
-.L019ret:
-	ret
-.align	16
-.L018lot:
-	testl	$3,%edx
-	jz	.L021aligned
-	movb	%al,(%edx)
-	leal	-1(%ecx),%ecx
-	leal	1(%edx),%edx
-	jmp	.L018lot
-.L021aligned:
-	movl	%eax,(%edx)
-	leal	-4(%ecx),%ecx
-	testl	$-4,%ecx
-	leal	4(%edx),%edx
-	jnz	.L021aligned
-	cmpl	$0,%ecx
-	jne	.L020little
-	ret
-.size	OPENSSL_cleanse,.-.L_OPENSSL_cleanse_begin
-.globl	OPENSSL_ia32_rdrand
-.type	OPENSSL_ia32_rdrand,@function
-.align	16
-OPENSSL_ia32_rdrand:
-.L_OPENSSL_ia32_rdrand_begin:
-	movl	$8,%ecx
-.L022loop:
-.byte	15,199,240
-	jc	.L023break
-	loop	.L022loop
-.L023break:
-	cmpl	$0,%eax
-	cmovel	%ecx,%eax
-	ret
-.size	OPENSSL_ia32_rdrand,.-.L_OPENSSL_ia32_rdrand_begin
-.hidden	OPENSSL_cpuid_setup
-.hidden	OPENSSL_ia32cap_P
-.comm	OPENSSL_ia32cap_P,8,4
-.section	.init
-	call	OPENSSL_cpuid_setup
diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
deleted file mode 100644
index 0212a5b63a..0000000000
--- a/crypto/x86cpuid.pl
+++ /dev/null
@@ -1,361 +0,0 @@
-#!/usr/bin/env perl
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC, "${dir}perlasm", "perlasm");
-require "x86asm.pl";
-
-&asm_init($ARGV[0],"x86cpuid");
-
-for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-
-&function_begin("OPENSSL_ia32_cpuid");
-	&xor	("edx","edx");
-	&pushf	();
-	&pop	("eax");
-	&mov	("ecx","eax");
-	&xor	("eax",1<<21);
-	&push	("eax");
-	&popf	();
-	&pushf	();
-	&pop	("eax");
-	&xor	("ecx","eax");
-	&xor	("eax","eax");
-	&bt	("ecx",21);
-	&jnc	(&label("nocpuid"));
-	&cpuid	();
-	&mov	("edi","eax");		# max value for standard query level
-
-	&xor	("eax","eax");
-	&cmp	("ebx",0x756e6547);	# "Genu"
-	&setne	(&LB("eax"));
-	&mov	("ebp","eax");
-	&cmp	("edx",0x49656e69);	# "ineI"
-	&setne	(&LB("eax"));
-	&or	("ebp","eax");
-	&cmp	("ecx",0x6c65746e);	# "ntel"
-	&setne	(&LB("eax"));
-	&or	("ebp","eax");		# 0 indicates Intel CPU
-	&jz	(&label("intel"));
-
-	&cmp	("ebx",0x68747541);	# "Auth"
-	&setne	(&LB("eax"));
-	&mov	("esi","eax");
-	&cmp	("edx",0x69746E65);	# "enti"
-	&setne	(&LB("eax"));
-	&or	("esi","eax");
-	&cmp	("ecx",0x444D4163);	# "cAMD"
-	&setne	(&LB("eax"));
-	&or	("esi","eax");		# 0 indicates AMD CPU
-	&jnz	(&label("intel"));
-
-	# AMD specific
-	&mov	("eax",0x80000000);
-	&cpuid	();
-	&cmp	("eax",0x80000001);
-	&jb	(&label("intel"));
-	&mov	("esi","eax");
-	&mov	("eax",0x80000001);
-	&cpuid	();
-	&or	("ebp","ecx");
-	&and	("ebp",1<<11|1);	# isolate XOP bit
-	&cmp	("esi",0x80000008);
-	&jb	(&label("intel"));
-
-	&mov	("eax",0x80000008);
-	&cpuid	();
-	&movz	("esi",&LB("ecx"));	# number of cores - 1
-	&inc	("esi");		# number of cores
-
-	&mov	("eax",1);
-	&xor	("ecx","ecx");
-	&cpuid	();
-	&bt	("edx",28);
-	&jnc	(&label("generic"));
-	&shr	("ebx",16);
-	&and	("ebx",0xff);
-	&cmp	("ebx","esi");
-	&ja	(&label("generic"));
-	&and	("edx",0xefffffff);	# clear hyper-threading bit
-	&jmp	(&label("generic"));
-	
-&set_label("intel");
-	&cmp	("edi",4);
-	&mov	("edi",-1);
-	&jb	(&label("nocacheinfo"));
-
-	&mov	("eax",4);
-	&mov	("ecx",0);		# query L1D
-	&cpuid	();
-	&mov	("edi","eax");
-	&shr	("edi",14);
-	&and	("edi",0xfff);		# number of cores -1 per L1D
-
-&set_label("nocacheinfo");
-	&mov	("eax",1);
-	&xor	("ecx","ecx");
-	&cpuid	();
-	&and	("edx",0xbfefffff);	# force reserved bits #20, #30 to 0
-	&cmp	("ebp",0);
-	&jne	(&label("notintel"));
-	&or	("edx",1<<30);		# set reserved bit#30 on Intel CPUs
-	&and	(&HB("eax"),15);	# familiy ID
-	&cmp	(&HB("eax"),15);	# P4?
-	&jne	(&label("notintel"));
-	&or	("edx",1<<20);		# set reserved bit#20 to engage RC4_CHAR
-&set_label("notintel");
-	&bt	("edx",28);		# test hyper-threading bit
-	&jnc	(&label("generic"));
-	&and	("edx",0xefffffff);
-	&cmp	("edi",0);
-	&je	(&label("generic"));
-
-	&or	("edx",0x10000000);
-	&shr	("ebx",16);
-	&cmp	(&LB("ebx"),1);
-	&ja	(&label("generic"));
-	&and	("edx",0xefffffff);	# clear hyper-threading bit if not
-
-&set_label("generic");
-	&and	("ebp",1<<11);		# isolate AMD XOP flag
-	&and	("ecx",0xfffff7ff);	# force 11th bit to 0
-	&mov	("esi","edx");
-	&or	("ebp","ecx");		# merge AMD XOP flag
-
-	&bt	("ecx",27);		# check OSXSAVE bit
-	&jnc	(&label("clear_avx"));
-	&xor	("ecx","ecx");
-	&data_byte(0x0f,0x01,0xd0);	# xgetbv
-	&and	("eax",6);
-	&cmp	("eax",6);
-	&je	(&label("done"));
-	&cmp	("eax",2);
-	&je	(&label("clear_avx"));
-&set_label("clear_xmm");
-	&and	("ebp",0xfdfffffd);	# clear AESNI and PCLMULQDQ bits
-	&and	("esi",0xfeffffff);	# clear FXSR
-&set_label("clear_avx");
-	&and	("ebp",0xefffe7ff);	# clear AVX, FMA and AMD XOP bits
-&set_label("done");
-	&mov	("eax","esi");
-	&mov	("edx","ebp");
-&set_label("nocpuid");
-&function_end("OPENSSL_ia32_cpuid");
-
-&external_label("OPENSSL_ia32cap_P");
-
-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-	&xor	("eax","eax");
-	&xor	("edx","edx");
-	&picmeup("ecx","OPENSSL_ia32cap_P");
-	&bt	(&DWP(0,"ecx"),4);
-	&jnc	(&label("notsc"));
-	&rdtsc	();
-&set_label("notsc");
-	&ret	();
-&function_end_B("OPENSSL_rdtsc");
-
-# This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
-# but it's safe to call it on any [supported] 32-bit platform...
-# Just check for [non-]zero return value...
-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-	&picmeup("ecx","OPENSSL_ia32cap_P");
-	&bt	(&DWP(0,"ecx"),4);
-	&jnc	(&label("nohalt"));	# no TSC
-
-	&data_word(0x9058900e);		# push %cs; pop %eax
-	&and	("eax",3);
-	&jnz	(&label("nohalt"));	# not enough privileges
-
-	&pushf	();
-	&pop	("eax");
-	&bt	("eax",9);
-	&jnc	(&label("nohalt"));	# interrupts are disabled
-
-	&rdtsc	();
-	&push	("edx");
-	&push	("eax");
-	&halt	();
-	&rdtsc	();
-
-	&sub	("eax",&DWP(0,"esp"));
-	&sbb	("edx",&DWP(4,"esp"));
-	&add	("esp",8);
-	&ret	();
-
-&set_label("nohalt");
-	&xor	("eax","eax");
-	&xor	("edx","edx");
-	&ret	();
-&function_end_B("OPENSSL_instrument_halt");
-
-# Essentially there is only one use for this function. Under DJGPP:
-#
-#	#include <go32.h>
-#	...
-#	i=OPENSSL_far_spin(_dos_ds,0x46c);
-#	...
-# to obtain the number of spins till closest timer interrupt.
-
-&function_begin_B("OPENSSL_far_spin");
-	&pushf	();
-	&pop	("eax")
-	&bt	("eax",9);
-	&jnc	(&label("nospin"));	# interrupts are disabled
-
-	&mov	("eax",&DWP(4,"esp"));
-	&mov	("ecx",&DWP(8,"esp"));
-	&data_word (0x90d88e1e);	# push %ds, mov %eax,%ds
-	&xor	("eax","eax");
-	&mov	("edx",&DWP(0,"ecx"));
-	&jmp	(&label("spin"));
-
-	&align	(16);
-&set_label("spin");
-	&inc	("eax");
-	&cmp	("edx",&DWP(0,"ecx"));
-	&je	(&label("spin"));
-
-	&data_word (0x1f909090);	# pop	%ds
-	&ret	();
-
-&set_label("nospin");
-	&xor	("eax","eax");
-	&xor	("edx","edx");
-	&ret	();
-&function_end_B("OPENSSL_far_spin");
-
-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-	&xor	("eax","eax");
-	&xor	("edx","edx");
-	&picmeup("ecx","OPENSSL_ia32cap_P");
-	&mov	("ecx",&DWP(0,"ecx"));
-	&bt	(&DWP(0,"ecx"),1);
-	&jnc	(&label("no_x87"));
-	if ($sse2) {
-		&and	("ecx",1<<26|1<<24);	# check SSE2 and FXSR bits
-		&cmp	("ecx",1<<26|1<<24);
-		&jne	(&label("no_sse2"));
-		&pxor	("xmm0","xmm0");
-		&pxor	("xmm1","xmm1");
-		&pxor	("xmm2","xmm2");
-		&pxor	("xmm3","xmm3");
-		&pxor	("xmm4","xmm4");
-		&pxor	("xmm5","xmm5");
-		&pxor	("xmm6","xmm6");
-		&pxor	("xmm7","xmm7");
-	&set_label("no_sse2");
-	}
-	# just a bunch of fldz to zap the fp/mm bank followed by finit...
-	&data_word(0xeed9eed9,0xeed9eed9,0xeed9eed9,0xeed9eed9,0x90e3db9b);
-&set_label("no_x87");
-	&lea	("eax",&DWP(4,"esp"));
-	&ret	();
-&function_end_B("OPENSSL_wipe_cpu");
-
-&function_begin_B("OPENSSL_atomic_add");
-	&mov	("edx",&DWP(4,"esp"));	# fetch the pointer, 1st arg
-	&mov	("ecx",&DWP(8,"esp"));	# fetch the increment, 2nd arg
-	&push	("ebx");
-	&nop	();
-	&mov	("eax",&DWP(0,"edx"));
-&set_label("spin");
-	&lea	("ebx",&DWP(0,"eax","ecx"));
-	&nop	();
-	&data_word(0x1ab10ff0);	# lock;	cmpxchg	%ebx,(%edx)	# %eax is envolved and is always reloaded
-	&jne	(&label("spin"));
-	&mov	("eax","ebx");	# OpenSSL expects the new value
-	&pop	("ebx");
-	&ret	();
-&function_end_B("OPENSSL_atomic_add");
-
-# This function can become handy under Win32 in situations when
-# we don't know which calling convention, __stdcall or __cdecl(*),
-# indirect callee is using. In C it can be deployed as
-#
-#ifdef OPENSSL_CPUID_OBJ
-#	type OPENSSL_indirect_call(void *f,...);
-#	...
-#	OPENSSL_indirect_call(func,[up to $max arguments]);
-#endif
-#
-# (*)	it's designed to work even for __fastcall if number of
-#	arguments is 1 or 2!
-&function_begin_B("OPENSSL_indirect_call");
-	{
-	my ($max,$i)=(7,);	# $max has to be chosen as 4*n-1
-				# in order to preserve eventual
-				# stack alignment
-	&push	("ebp");
-	&mov	("ebp","esp");
-	&sub	("esp",$max*4);
-	&mov	("ecx",&DWP(12,"ebp"));
-	&mov	(&DWP(0,"esp"),"ecx");
-	&mov	("edx",&DWP(16,"ebp"));
-	&mov	(&DWP(4,"esp"),"edx");
-	for($i=2;$i<$max;$i++)
-		{
-		# Some copies will be redundant/bogus...
-		&mov	("eax",&DWP(12+$i*4,"ebp"));
-		&mov	(&DWP(0+$i*4,"esp"),"eax");
-		}
-	&call_ptr	(&DWP(8,"ebp"));# make the call...
-	&mov	("esp","ebp");	# ... and just restore the stack pointer
-				# without paying attention to what we called,
-				# (__cdecl *func) or (__stdcall *one).
-	&pop	("ebp");
-	&ret	();
-	}
-&function_end_B("OPENSSL_indirect_call");
-
-&function_begin_B("OPENSSL_cleanse");
-	&mov	("edx",&wparam(0));
-	&mov	("ecx",&wparam(1));
-	&xor	("eax","eax");
-	&cmp	("ecx",7);
-	&jae	(&label("lot"));
-	&cmp	("ecx",0);
-	&je	(&label("ret"));
-&set_label("little");
-	&mov	(&BP(0,"edx"),"al");
-	&sub	("ecx",1);
-	&lea	("edx",&DWP(1,"edx"));
-	&jnz	(&label("little"));
-&set_label("ret");
-	&ret	();
-
-&set_label("lot",16);
-	&test	("edx",3);
-	&jz	(&label("aligned"));
-	&mov	(&BP(0,"edx"),"al");
-	&lea	("ecx",&DWP(-1,"ecx"));
-	&lea	("edx",&DWP(1,"edx"));
-	&jmp	(&label("lot"));
-&set_label("aligned");
-	&mov	(&DWP(0,"edx"),"eax");
-	&lea	("ecx",&DWP(-4,"ecx"));
-	&test	("ecx",-4);
-	&lea	("edx",&DWP(4,"edx"));
-	&jnz	(&label("aligned"));
-	&cmp	("ecx",0);
-	&jne	(&label("little"));
-	&ret	();
-&function_end_B("OPENSSL_cleanse");
-
-&function_begin_B("OPENSSL_ia32_rdrand");
-	&mov	("ecx",8);
-&set_label("loop");
-	&rdrand	("eax");
-	&jc	(&label("break"));
-	&loop	(&label("loop"));
-&set_label("break");
-	&cmp	("eax",0);
-	&cmove	("eax","ecx");
-	&ret	();
-&function_end_B("OPENSSL_ia32_rdrand");
-
-&initseg("OPENSSL_cpuid_setup");
-
-&hidden("OPENSSL_cpuid_setup");
-&hidden("OPENSSL_ia32cap_P");
-
-&asm_finish();
diff --git a/e_os.h b/e_os.h
deleted file mode 100644
index 4df285b5b5..0000000000
--- a/e_os.h
+++ /dev/null
@@ -1,758 +0,0 @@
-/* e_os.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_E_OS_H
-#define HEADER_E_OS_H
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/e_os2.h>
-/* <openssl/e_os2.h> contains what we can justify to make visible
- * to the outside; this file e_os.h is not part of the exported
- * interface. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Used to checking reference counts, most while doing perl5 stuff :-) */
-#ifdef REF_PRINT
-#undef REF_PRINT
-#define REF_PRINT(a,b)	fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a)
-#endif
-
-#ifndef DEVRANDOM
-/* set this to a comma-separated list of 'random' device files to try out.
- * My default, we will try to read at least one of these files */
-#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
-#endif
-#ifndef DEVRANDOM_EGD
-/* set this to a comma-seperated list of 'egd' sockets to try out. These
- * sockets will be tried in the order listed in case accessing the device files
- * listed in DEVRANDOM did not return enough entropy. */
-#define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
-#endif
-
-#if defined(OPENSSL_SYS_VXWORKS)
-#  define NO_SYS_PARAM_H
-#  define NO_CHMOD
-#  define NO_SYSLOG
-#endif
-  
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
-# if macintosh==1
-#  ifndef MAC_OS_GUSI_SOURCE
-#    define MAC_OS_pre_X
-#    define NO_SYS_TYPES_H
-#  endif
-#  define NO_SYS_PARAM_H
-#  define NO_CHMOD
-#  define NO_SYSLOG
-#  undef  DEVRANDOM
-#  define GETPID_IS_MEANINGLESS
-# endif
-#endif
-
-/********************************************************************
- The Microsoft section
- ********************************************************************/
-/* The following is used because of the small stack in some
- * Microsoft operating systems */
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)
-#  define MS_STATIC	static
-#else
-#  define MS_STATIC
-#endif
-
-#if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
-#  define WIN32
-#endif
-#if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
-#  define WINDOWS
-#endif
-#if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)
-#  define MSDOS
-#endif
-
-#if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
-#  define GETPID_IS_MEANINGLESS
-#endif
-
-#ifdef WIN32
-#define get_last_sys_error()	GetLastError()
-#define clear_sys_error()	SetLastError(0)
-#if !defined(WINNT)
-#define WIN_CONSOLE_BUG
-#endif
-#else
-#define get_last_sys_error()	errno
-#define clear_sys_error()	errno=0
-#endif
-
-#if defined(WINDOWS)
-#define get_last_socket_error()	WSAGetLastError()
-#define clear_socket_error()	WSASetLastError(0)
-#define readsocket(s,b,n)	recv((s),(b),(n),0)
-#define writesocket(s,b,n)	send((s),(b),(n),0)
-#elif defined(__DJGPP__)
-#define WATT32
-#define get_last_socket_error()	errno
-#define clear_socket_error()	errno=0
-#define closesocket(s)		close_s(s)
-#define readsocket(s,b,n)	read_s(s,b,n)
-#define writesocket(s,b,n)	send(s,b,n,0)
-#elif defined(MAC_OS_pre_X)
-#define get_last_socket_error()	errno
-#define clear_socket_error()	errno=0
-#define closesocket(s)		MacSocket_close(s)
-#define readsocket(s,b,n)	MacSocket_recv((s),(b),(n),true)
-#define writesocket(s,b,n)	MacSocket_send((s),(b),(n))
-#elif defined(OPENSSL_SYS_VMS)
-#define get_last_socket_error() errno
-#define clear_socket_error()    errno=0
-#define ioctlsocket(a,b,c)      ioctl(a,b,c)
-#define closesocket(s)          close(s)
-#define readsocket(s,b,n)       recv((s),(b),(n),0)
-#define writesocket(s,b,n)      send((s),(b),(n),0)
-#elif defined(OPENSSL_SYS_VXWORKS)
-#define get_last_socket_error()	errno
-#define clear_socket_error()	errno=0
-#define ioctlsocket(a,b,c)	    ioctl((a),(b),(int)(c))
-#define closesocket(s)		    close(s)
-#define readsocket(s,b,n)	    read((s),(b),(n))
-#define writesocket(s,b,n)	    write((s),(char *)(b),(n))
-#elif defined(OPENSSL_SYS_BEOS_R5)
-#define get_last_socket_error() errno
-#define clear_socket_error()    errno=0
-#define FIONBIO SO_NONBLOCK
-#define ioctlsocket(a,b,c)		  setsockopt((a),SOL_SOCKET,(b),(c),sizeof(*(c)))
-#define readsocket(s,b,n)       recv((s),(b),(n),0)
-#define writesocket(s,b,n)      send((s),(b),(n),0)
-#elif defined(OPENSSL_SYS_NETWARE)
-#if defined(NETWARE_BSDSOCK)
-#define get_last_socket_error() errno
-#define clear_socket_error()    errno=0
-#define closesocket(s)          close(s)
-#define ioctlsocket(a,b,c)      ioctl(a,b,c)
-#if defined(NETWARE_LIBC)
-#define readsocket(s,b,n)       recv((s),(b),(n),0)
-#define writesocket(s,b,n)      send((s),(b),(n),0)
-#else
-#define readsocket(s,b,n)       recv((s),(char*)(b),(n),0)
-#define writesocket(s,b,n)      send((s),(char*)(b),(n),0)
-#endif
-#else
-#define get_last_socket_error()	WSAGetLastError()
-#define clear_socket_error()	WSASetLastError(0)
-#define readsocket(s,b,n)		recv((s),(b),(n),0)
-#define writesocket(s,b,n)		send((s),(b),(n),0)
-#endif
-#else
-#define get_last_socket_error()	errno
-#define clear_socket_error()	errno=0
-#define ioctlsocket(a,b,c)	ioctl(a,b,c)
-#define closesocket(s)		close(s)
-#define readsocket(s,b,n)	read((s),(b),(n))
-#define writesocket(s,b,n)	write((s),(b),(n))
-#endif
-
-#ifdef WIN16 /* never the case */
-#  define MS_CALLBACK	_far _loadds
-#  define MS_FAR	_far
-#else
-#  define MS_CALLBACK
-#  define MS_FAR
-#endif
-
-#ifdef OPENSSL_NO_STDIO
-#  undef OPENSSL_NO_FP_API
-#  define OPENSSL_NO_FP_API
-#endif
-
-#if (defined(WINDOWS) || defined(MSDOS))
-
-#  ifdef __DJGPP__
-#    include <unistd.h>
-#    include <sys/stat.h>
-#    include <sys/socket.h>
-#    include <tcp.h>
-#    include <netdb.h>
-#    define _setmode setmode
-#    define _O_TEXT O_TEXT
-#    define _O_BINARY O_BINARY
-#    undef DEVRANDOM
-#    define DEVRANDOM "/dev/urandom\x24"
-#  endif /* __DJGPP__ */
-
-#  ifndef S_IFDIR
-#    define S_IFDIR	_S_IFDIR
-#  endif
-
-#  ifndef S_IFMT
-#    define S_IFMT	_S_IFMT
-#  endif
-
-#  if !defined(WINNT) && !defined(__DJGPP__)
-#    define NO_SYSLOG
-#  endif
-#  define NO_DIRENT
-
-#  ifdef WINDOWS
-#    if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT)
-       /*
-	* Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
-	* Most notably we ought to check for availability of each specific
-	* routine with GetProcAddress() and/or guard NT-specific calls with
-	* GetVersion() < 0x80000000. One can argue that in latter "or" case
-	* we ought to /DELAYLOAD some .DLLs in order to protect ourselves
-	* against run-time link errors. This doesn't seem to be necessary,
-	* because it turned out that already Windows 95, first non-NT Win32
-	* implementation, is equipped with at least NT 3.51 stubs, dummy
-	* routines with same name, but which do nothing. Meaning that it's
-	* apparently sufficient to guard "vanilla" NT calls with GetVersion
-	* alone, while NT 4.0 and above interfaces ought to be linked with
-	* GetProcAddress at run-time.
-	*/
-#      define _WIN32_WINNT 0x0400
-#    endif
-#    if !defined(OPENSSL_NO_SOCK) && defined(_WIN32_WINNT)
-       /*
-        * Just like defining _WIN32_WINNT including winsock2.h implies
-        * certain "discipline" for maintaining [broad] binary compatibility.
-        * As long as structures are invariant among Winsock versions,
-        * it's sufficient to check for specific Winsock2 API availability
-        * at run-time [DSO_global_lookup is recommended]...
-        */
-#      include <winsock2.h>
-#      include <ws2tcpip.h>
-       /* yes, they have to be #included prior to <windows.h> */
-#    endif
-#    include <windows.h>
-#    include <stdio.h>
-#    include <stddef.h>
-#    include <errno.h>
-#    include <string.h>
-#    ifdef _WIN64
-#      define strlen(s) _strlen31(s)
-/* cut strings to 2GB */
-static __inline unsigned int _strlen31(const char *str)
-	{
-	unsigned int len=0;
-	while (*str && len<0x80000000U) str++, len++;
-	return len&0x7FFFFFFF;
-	}
-#    endif
-#    include <malloc.h>
-#    if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace)
-       /* compensate for bug in VC6 ctype.h */
-#      undef isspace
-#      undef isdigit
-#      undef isalnum
-#      undef isupper
-#      undef isxdigit
-#    endif
-#    if defined(_MSC_VER) && !defined(_DLL) && defined(stdin)
-#      if _MSC_VER>=1300
-#        undef stdin
-#        undef stdout
-#        undef stderr
-         FILE *__iob_func();
-#        define stdin  (&__iob_func()[0])
-#        define stdout (&__iob_func()[1])
-#        define stderr (&__iob_func()[2])
-#      elif defined(I_CAN_LIVE_WITH_LNK4049)
-#        undef stdin
-#        undef stdout
-#        undef stderr
-         /* pre-1300 has __p__iob(), but it's available only in msvcrt.lib,
-          * or in other words with /MD. Declaring implicit import, i.e.
-          * with _imp_ prefix, works correctly with all compiler options,
-	  * but without /MD results in LINK warning LNK4049:
-	  * 'locally defined symbol "__iob" imported'.
-          */
-         extern FILE *_imp___iob;
-#        define stdin  (&_imp___iob[0])
-#        define stdout (&_imp___iob[1])
-#        define stderr (&_imp___iob[2])
-#      endif
-#    endif
-#  endif
-#  include <io.h>
-#  include <fcntl.h>
-
-#  ifdef OPENSSL_SYS_WINCE
-#    define OPENSSL_NO_POSIX_IO
-#  endif
-
-#  if defined (__BORLANDC__)
-#    define _setmode setmode
-#    define _O_TEXT O_TEXT
-#    define _O_BINARY O_BINARY
-#    define _int64 __int64
-#    define _kbhit kbhit
-#  endif
-
-#  define EXIT(n) exit(n)
-#  define LIST_SEPARATOR_CHAR ';'
-#  ifndef X_OK
-#    define X_OK	0
-#  endif
-#  ifndef W_OK
-#    define W_OK	2
-#  endif
-#  ifndef R_OK
-#    define R_OK	4
-#  endif
-#  define OPENSSL_CONF	"openssl.cnf"
-#  define SSLEAY_CONF	OPENSSL_CONF
-#  define NUL_DEV	"nul"
-#  define RFILE		".rnd"
-#  ifdef OPENSSL_SYS_WINCE
-#    define DEFAULT_HOME  ""
-#  else
-#    define DEFAULT_HOME  "C:"
-#  endif
-
-/* Avoid Visual Studio 13 GetVersion deprecated problems */
-#if defined(_MSC_VER) && _MSC_VER>=1800
-#  define check_winnt() (1)
-#  define check_win_minplat(x) (1)
-#else
-#  define check_winnt() (GetVersion() < 0x80000000)
-#  define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x))
-#endif
-
-#else /* The non-microsoft world */
-
-#  ifdef OPENSSL_SYS_VMS
-#    define VMS 1
-  /* some programs don't include stdlib, so exit() and others give implicit 
-     function warnings */
-#    include <stdlib.h>
-#    if defined(__DECC)
-#      include <unistd.h>
-#    else
-#      include <unixlib.h>
-#    endif
-#    define OPENSSL_CONF	"openssl.cnf"
-#    define SSLEAY_CONF		OPENSSL_CONF
-#    define RFILE		".rnd"
-#    define LIST_SEPARATOR_CHAR ','
-#    define NUL_DEV		"NLA0:"
-  /* We don't have any well-defined random devices on VMS, yet... */
-#    undef DEVRANDOM
-  /* We need to do this since VMS has the following coding on status codes:
-
-     Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...
-               The important thing to know is that odd numbers are considered
-	       good, while even ones are considered errors.
-     Bits 3-15: actual status number
-     Bits 16-27: facility number.  0 is considered "unknown"
-     Bits 28-31: control bits.  If bit 28 is set, the shell won't try to
-                 output the message (which, for random codes, just looks ugly)
-
-     So, what we do here is to change 0 to 1 to get the default success status,
-     and everything else is shifted up to fit into the status number field, and
-     the status is tagged as an error, which I believe is what is wanted here.
-     -- Richard Levitte
-  */
-#    define EXIT(n)		do { int __VMS_EXIT = n; \
-                                     if (__VMS_EXIT == 0) \
-				       __VMS_EXIT = 1; \
-				     else \
-				       __VMS_EXIT = (n << 3) | 2; \
-                                     __VMS_EXIT |= 0x10000000; \
-				     exit(__VMS_EXIT); } while(0)
-#    define NO_SYS_PARAM_H
-
-#  elif defined(OPENSSL_SYS_NETWARE)
-#    include <fcntl.h>
-#    include <unistd.h>
-#    define NO_SYS_TYPES_H
-#    undef  DEVRANDOM
-#    ifdef NETWARE_CLIB
-#      define getpid GetThreadID
-       extern int GetThreadID(void);
-/* #      include <conio.h> */
-       extern int kbhit(void);
-#    else
-#      include <screen.h>
-#    endif
-#    define NO_SYSLOG
-#    define _setmode setmode
-#    define _kbhit kbhit
-#    define _O_TEXT O_TEXT
-#    define _O_BINARY O_BINARY
-#    define OPENSSL_CONF   "openssl.cnf"
-#    define SSLEAY_CONF    OPENSSL_CONF
-#    define RFILE    ".rnd"
-#    define LIST_SEPARATOR_CHAR ';'
-#    define EXIT(n)  { if (n) printf("ERROR: %d\n", (int)n); exit(n); }
-
-#  else
-     /* !defined VMS */
-#    ifdef OPENSSL_SYS_MPE
-#      define NO_SYS_PARAM_H
-#    endif
-#    ifdef OPENSSL_UNISTD
-#      include OPENSSL_UNISTD
-#    else
-#      include <unistd.h>
-#    endif
-#    ifndef NO_SYS_TYPES_H
-#      include <sys/types.h>
-#    endif
-#    if defined(NeXT) || defined(OPENSSL_SYS_NEWS4)
-#      define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
-                         * (unless when compiling with -D_POSIX_SOURCE,
-                         * which doesn't work for us) */
-#    endif
-#    ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */
-#      define setvbuf(a, b, c, d) setbuffer((a), (b), (d))
-       typedef unsigned long clock_t;
-#    endif
-#    ifdef OPENSSL_SYS_WIN32_CYGWIN
-#      include <io.h>
-#      include <fcntl.h>
-#    endif
-
-#    define OPENSSL_CONF	"openssl.cnf"
-#    define SSLEAY_CONF		OPENSSL_CONF
-#    define RFILE		".rnd"
-#    define LIST_SEPARATOR_CHAR ':'
-#    define NUL_DEV		"/dev/null"
-#    define EXIT(n)		exit(n)
-#  endif
-
-#  define SSLeay_getpid()	getpid()
-
-#endif
-
-
-/*************/
-
-#ifdef USE_SOCKETS
-#  if defined(WINDOWS) || defined(MSDOS)
-      /* windows world */
-
-#    ifdef OPENSSL_NO_SOCK
-#      define SSLeay_Write(a,b,c)	(-1)
-#      define SSLeay_Read(a,b,c)	(-1)
-#      define SHUTDOWN(fd)		close(fd)
-#      define SHUTDOWN2(fd)		close(fd)
-#    elif !defined(__DJGPP__)
-#      if defined(_WIN32_WCE) && _WIN32_WCE<410
-#        define getservbyname _masked_declaration_getservbyname
-#      endif
-#      if !defined(IPPROTO_IP)
-         /* winsock[2].h was included already? */
-#        include <winsock.h>
-#      endif
-#      ifdef getservbyname
-#        undef getservbyname
-         /* this is used to be wcecompat/include/winsock_extras.h */
-         struct servent* PASCAL getservbyname(const char*,const char*);
-#      endif
-
-#      ifdef _WIN64
-/*
- * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because
- * the value constitutes an index in per-process table of limited size
- * and not a real pointer.
- */
-#        define socket(d,t,p)	((int)socket(d,t,p))
-#        define accept(s,f,l)	((int)accept(s,f,l))
-#      endif
-#      define SSLeay_Write(a,b,c)	send((a),(b),(c),0)
-#      define SSLeay_Read(a,b,c)	recv((a),(b),(c),0)
-#      define SHUTDOWN(fd)		{ shutdown((fd),0); closesocket(fd); }
-#      define SHUTDOWN2(fd)		{ shutdown((fd),2); closesocket(fd); }
-#    else
-#      define SSLeay_Write(a,b,c)	write_s(a,b,c,0)
-#      define SSLeay_Read(a,b,c)	read_s(a,b,c)
-#      define SHUTDOWN(fd)		close_s(fd)
-#      define SHUTDOWN2(fd)		close_s(fd)
-#    endif
-
-#  elif defined(MAC_OS_pre_X)
-
-#    include "MacSocket.h"
-#    define SSLeay_Write(a,b,c)		MacSocket_send((a),(b),(c))
-#    define SSLeay_Read(a,b,c)		MacSocket_recv((a),(b),(c),true)
-#    define SHUTDOWN(fd)		MacSocket_close(fd)
-#    define SHUTDOWN2(fd)		MacSocket_close(fd)
-
-#  elif defined(OPENSSL_SYS_NETWARE)
-         /* NetWare uses the WinSock2 interfaces by default, but can be configured for BSD
-         */
-#      if defined(NETWARE_BSDSOCK)
-#        include <sys/socket.h>
-#        include <netinet/in.h>
-#        include <sys/time.h>
-#        if defined(NETWARE_CLIB)
-#          include <sys/bsdskt.h>
-#        else
-#          include <sys/select.h>
-#        endif
-#        define INVALID_SOCKET (int)(~0)
-#      else
-#        include <novsock2.h>
-#      endif
-#      define SSLeay_Write(a,b,c)   send((a),(b),(c),0)
-#      define SSLeay_Read(a,b,c) recv((a),(b),(c),0)
-#      define SHUTDOWN(fd)    { shutdown((fd),0); closesocket(fd); }
-#      define SHUTDOWN2(fd)      { shutdown((fd),2); closesocket(fd); }
-
-#  else
-
-#    ifndef NO_SYS_PARAM_H
-#      include <sys/param.h>
-#    endif
-#    ifdef OPENSSL_SYS_VXWORKS
-#      include <time.h> 
-#    elif !defined(OPENSSL_SYS_MPE)
-#      include <sys/time.h> /* Needed under linux for FD_XXX */
-#    endif
-
-#    include <netdb.h>
-#    if defined(OPENSSL_SYS_VMS_NODECC)
-#      include <socket.h>
-#      include <in.h>
-#      include <inet.h>
-#    else
-#      include <sys/socket.h>
-#      ifdef FILIO_H
-#        include <sys/filio.h> /* Added for FIONBIO under unixware */
-#      endif
-#      include <netinet/in.h>
-#      if !defined(OPENSSL_SYS_BEOS_R5)
-#      include <arpa/inet.h>
-#    endif
-#    endif
-
-#    if defined(NeXT) || defined(_NEXT_SOURCE)
-#      include <sys/fcntl.h>
-#      include <sys/types.h>
-#    endif
-
-#    ifdef OPENSSL_SYS_AIX
-#      include <sys/select.h>
-#    endif
-
-#    ifdef __QNX__
-#      include <sys/select.h>
-#    endif
-
-#    if defined(sun)
-#      include <sys/filio.h>
-#    else
-#      ifndef VMS
-#        include <sys/ioctl.h>
-#      else
-	 /* ioctl is only in VMS > 7.0 and when socketshr is not used */
-#        if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
-#          include <sys/ioctl.h>
-#        endif
-#      endif
-#    endif
-
-#    ifdef VMS
-#      include <unixio.h>
-#      if defined(TCPIP_TYPE_SOCKETSHR)
-#        include <socketshr.h>
-#      endif
-#    endif
-
-#    define SSLeay_Read(a,b,c)     read((a),(b),(c))
-#    define SSLeay_Write(a,b,c)    write((a),(b),(c))
-#    define SHUTDOWN(fd)    { shutdown((fd),0); closesocket((fd)); }
-#    define SHUTDOWN2(fd)   { shutdown((fd),2); closesocket((fd)); }
-#    ifndef INVALID_SOCKET
-#    define INVALID_SOCKET	(-1)
-#    endif /* INVALID_SOCKET */
-#  endif
-
-/* Some IPv6 implementations are broken, disable them in known bad
- * versions.
- */
-#  if !defined(OPENSSL_USE_IPV6)
-#    if defined(AF_INET6) && !defined(OPENSSL_SYS_BEOS_BONE) && !defined(NETWARE_CLIB)
-#      define OPENSSL_USE_IPV6 1
-#    else
-#      define OPENSSL_USE_IPV6 0
-#    endif
-#  endif
-
-#endif
-
-#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
-  /* include headers first, so our defines don't break it */
-#include <stdlib.h>
-#include <string.h>
-  /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
-# define memmove(s1,s2,n) bcopy((s2),(s1),(n))
-# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
-extern char *sys_errlist[]; extern int sys_nerr;
-# define strerror(errnum) \
-	(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
-  /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */
-#include "crypto/o_str.h"
-# define memcmp OPENSSL_memcmp
-#endif
-
-#ifndef OPENSSL_EXIT
-# if defined(MONOLITH) && !defined(OPENSSL_C)
-#  define OPENSSL_EXIT(n) return(n)
-# else
-#  define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
-# endif
-#endif
-
-/***********************************************/
-
-#define DG_GCC_BUG	/* gcc < 2.6.3 on DGUX */
-
-#ifdef sgi
-#define IRIX_CC_BUG	/* all version of IRIX I've tested (4.* 5.*) */
-#endif
-#ifdef OPENSSL_SYS_SNI
-#define IRIX_CC_BUG	/* CDS++ up to V2.0Bsomething suffered from the same bug.*/
-#endif
-
-#if defined(OPENSSL_SYS_WINDOWS)
-#  define strcasecmp _stricmp
-#  define strncasecmp _strnicmp
-#elif defined(OPENSSL_SYS_VMS)
-/* VMS below version 7.0 doesn't have strcasecmp() */
-#  include "o_str.h"
-#  define strcasecmp OPENSSL_strcasecmp
-#  define strncasecmp OPENSSL_strncasecmp
-#  define OPENSSL_IMPLEMENTS_strncasecmp
-#elif defined(OPENSSL_SYS_OS2) && defined(__EMX__)
-#  define strcasecmp stricmp
-#  define strncasecmp strnicmp
-#elif defined(OPENSSL_SYS_NETWARE)
-#  include <string.h>
-#  if defined(NETWARE_CLIB)
-#    define strcasecmp stricmp
-#    define strncasecmp strnicmp
-#  endif /* NETWARE_CLIB */
-#endif
-
-#if defined(OPENSSL_SYS_OS2) && defined(__EMX__)
-# include <io.h>
-# include <fcntl.h>
-# define NO_SYSLOG
-#endif
-
-/* vxworks */
-#if defined(OPENSSL_SYS_VXWORKS)
-#include <ioLib.h>
-#include <tickLib.h>
-#include <sysLib.h>
-
-#define TTY_STRUCT int
-
-#define sleep(a) taskDelay((a) * sysClkRateGet())
-
-#include <vxWorks.h>
-#include <sockLib.h>
-#include <taskLib.h>
-
-#define getpid taskIdSelf
-
-/* NOTE: these are implemented by helpers in database app!
- * if the database is not linked, we need to implement them
- * elswhere */
-struct hostent *gethostbyname(const char *name);
-struct hostent *gethostbyaddr(const char *addr, int length, int type);
-struct servent *getservbyname(const char *name, const char *proto);
-
-#endif
-/* end vxworks */
-
-/* beos */
-#if defined(OPENSSL_SYS_BEOS_R5)
-#define SO_ERROR 0
-#define NO_SYS_UN
-#define IPPROTO_IP 0
-#include <OS.h>
-#endif
-
-#if !defined(inline) && !defined(__cplusplus)
-# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L
-   /* do nothing, inline works */
-# elif defined(__GNUC__) && __GNUC__>=2
-#  define inline __inline__
-# elif defined(_MSC_VER)
-  /*
-   * Visual Studio: inline is available in C++ only, however
-   * __inline is available for C, see
-   * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
-   */
-#  define inline __inline
-# else
-#  define inline
-# endif
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/e_os2.h b/e_os2.h
deleted file mode 100644
index d22c0368f8..0000000000
--- a/e_os2.h
+++ /dev/null
@@ -1,315 +0,0 @@
-/* e_os2.h */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-
-#ifndef HEADER_E_OS2_H
-#define HEADER_E_OS2_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/******************************************************************************
- * Detect operating systems.  This probably needs completing.
- * The result is that at least one OPENSSL_SYS_os macro should be defined.
- * However, if none is defined, Unix is assumed.
- **/
-
-#define OPENSSL_SYS_UNIX
-
-/* ----------------------- Macintosh, before MacOS X ----------------------- */
-#if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_MACINTOSH_CLASSIC
-#endif
-
-/* ----------------------- NetWare ----------------------------------------- */
-#if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_NETWARE
-#endif
-
-/* ---------------------- Microsoft operating systems ---------------------- */
-
-/* Note that MSDOS actually denotes 32-bit environments running on top of
-   MS-DOS, such as DJGPP one. */
-#if defined(OPENSSL_SYSNAME_MSDOS)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_MSDOS
-#endif
-
-/* For 32 bit environment, there seems to be the CygWin environment and then
-   all the others that try to do the same thing Microsoft does... */
-#if defined(OPENSSL_SYSNAME_UWIN)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WIN32_UWIN
-#else
-# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32)
-#  undef OPENSSL_SYS_UNIX
-#  define OPENSSL_SYS_WIN32_CYGWIN
-# else
-#  if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32)
-#   undef OPENSSL_SYS_UNIX
-#   define OPENSSL_SYS_WIN32
-#  endif
-#  if defined(OPENSSL_SYSNAME_WINNT)
-#   undef OPENSSL_SYS_UNIX
-#   define OPENSSL_SYS_WINNT
-#  endif
-#  if defined(OPENSSL_SYSNAME_WINCE)
-#   undef OPENSSL_SYS_UNIX
-#   define OPENSSL_SYS_WINCE
-#  endif
-# endif
-#endif
-
-/* Anything that tries to look like Microsoft is "Windows" */
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WINDOWS
-# ifndef OPENSSL_SYS_MSDOS
-#  define OPENSSL_SYS_MSDOS
-# endif
-#endif
-
-/* DLL settings.  This part is a bit tough, because it's up to the application
-   implementor how he or she will link the application, so it requires some
-   macro to be used. */
-#ifdef OPENSSL_SYS_WINDOWS
-# ifndef OPENSSL_OPT_WINDLL
-#  if defined(_WINDLL) /* This is used when building OpenSSL to indicate that
-                          DLL linkage should be used */
-#   define OPENSSL_OPT_WINDLL
-#  endif
-# endif
-#endif
-
-/* -------------------------------- OpenVMS -------------------------------- */
-#if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_VMS
-# if defined(__DECC)
-#  define OPENSSL_SYS_VMS_DECC
-# elif defined(__DECCXX)
-#  define OPENSSL_SYS_VMS_DECC
-#  define OPENSSL_SYS_VMS_DECCXX
-# else
-#  define OPENSSL_SYS_VMS_NODECC
-# endif
-#endif
-
-/* --------------------------------- OS/2 ---------------------------------- */
-#if defined(__EMX__) || defined(__OS2__)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_OS2
-#endif
-
-/* --------------------------------- Unix ---------------------------------- */
-#ifdef OPENSSL_SYS_UNIX
-# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX)
-#  define OPENSSL_SYS_LINUX
-# endif
-# ifdef OPENSSL_SYSNAME_MPE
-#  define OPENSSL_SYS_MPE
-# endif
-# ifdef OPENSSL_SYSNAME_SNI
-#  define OPENSSL_SYS_SNI
-# endif
-# ifdef OPENSSL_SYSNAME_ULTRASPARC
-#  define OPENSSL_SYS_ULTRASPARC
-# endif
-# ifdef OPENSSL_SYSNAME_NEWS4
-#  define OPENSSL_SYS_NEWS4
-# endif
-# ifdef OPENSSL_SYSNAME_MACOSX
-#  define OPENSSL_SYS_MACOSX
-# endif
-# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY
-#  define OPENSSL_SYS_MACOSX_RHAPSODY
-#  define OPENSSL_SYS_MACOSX
-# endif
-# ifdef OPENSSL_SYSNAME_SUNOS
-#  define OPENSSL_SYS_SUNOS
-#endif
-# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY)
-#  define OPENSSL_SYS_CRAY
-# endif
-# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX)
-#  define OPENSSL_SYS_AIX
-# endif
-#endif
-
-/* --------------------------------- VOS ----------------------------------- */
-#if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS)
-# define OPENSSL_SYS_VOS
-#ifdef __HPPA__
-# define OPENSSL_SYS_VOS_HPPA
-#endif
-#ifdef __IA32__
-# define OPENSSL_SYS_VOS_IA32
-#endif
-#endif
-
-/* ------------------------------- VxWorks --------------------------------- */
-#ifdef OPENSSL_SYSNAME_VXWORKS
-# define OPENSSL_SYS_VXWORKS
-#endif
-
-/* --------------------------------- BeOS ---------------------------------- */
-#if defined(__BEOS__)
-# define OPENSSL_SYS_BEOS
-# include <sys/socket.h>
-# if defined(BONE_VERSION)
-#  define OPENSSL_SYS_BEOS_BONE
-# else
-#  define OPENSSL_SYS_BEOS_R5
-# endif
-#endif
-
-/**
- * That's it for OS-specific stuff
- *****************************************************************************/
-
-
-/* Specials for I/O an exit */
-#ifdef OPENSSL_SYS_MSDOS
-# define OPENSSL_UNISTD_IO <io.h>
-# define OPENSSL_DECLARE_EXIT extern void exit(int);
-#else
-# define OPENSSL_UNISTD_IO OPENSSL_UNISTD
-# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */
-#endif
-
-/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
-   certain global symbols that, with some compilers under VMS, have to be
-   defined and declared explicitely with globaldef and globalref.
-   Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
-   DLL exports and imports for compilers under Win32.  These are a little
-   more complicated to use.  Basically, for any library that exports some
-   global variables, the following code must be present in the header file
-   that declares them, before OPENSSL_EXTERN is used:
-
-   #ifdef SOME_BUILD_FLAG_MACRO
-   # undef OPENSSL_EXTERN
-   # define OPENSSL_EXTERN OPENSSL_EXPORT
-   #endif
-
-   The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL
-   have some generally sensible values, and for OPENSSL_EXTERN to have the
-   value OPENSSL_IMPORT.
-*/
-
-#if defined(OPENSSL_SYS_VMS_NODECC)
-# define OPENSSL_EXPORT globalref
-# define OPENSSL_IMPORT globalref
-# define OPENSSL_GLOBAL globaldef
-#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
-# define OPENSSL_EXPORT extern __declspec(dllexport)
-# define OPENSSL_IMPORT extern __declspec(dllimport)
-# define OPENSSL_GLOBAL
-#else
-# define OPENSSL_EXPORT extern
-# define OPENSSL_IMPORT extern
-# define OPENSSL_GLOBAL
-#endif
-#define OPENSSL_EXTERN OPENSSL_IMPORT
-
-/* Macros to allow global variables to be reached through function calls when
-   required (if a shared library version requires it, for example.
-   The way it's done allows definitions like this:
-
-	// in foobar.c
-	OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
-	// in foobar.h
-	OPENSSL_DECLARE_GLOBAL(int,foobar);
-	#define foobar OPENSSL_GLOBAL_REF(foobar)
-*/
-#ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value)			\
-	type *_shadow_##name(void)					\
-	{ static type _hide_##name=value; return &_hide_##name; }
-# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
-# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
-#else
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) OPENSSL_GLOBAL type _shadow_##name=value;
-# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
-# define OPENSSL_GLOBAL_REF(name) _shadow_##name
-#endif
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE)
-#  define ossl_ssize_t long
-#endif
-
-#ifdef OPENSSL_SYS_MSDOS
-#  define ossl_ssize_t long
-#endif
-
-#if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
-#  define ssize_t int
-#endif
-
-#if defined(__ultrix) && !defined(ssize_t)
-#  define ossl_ssize_t int 
-#endif
-
-#ifndef ossl_ssize_t
-#  define ossl_ssize_t ssize_t
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/flavor.mk b/flavor.mk
deleted file mode 100644
index f32fe41af4..0000000000
--- a/flavor.mk
+++ /dev/null
@@ -1,4 +0,0 @@
-# This makefile exists to be included by makefiles in other directories so that
-# they can detect whether BoringSSL or OpenSSL is being used.
-
-OPENSSL_FLAVOR=OpenSSL
diff --git a/import_openssl.sh b/import_openssl.sh
deleted file mode 100755
index b20c25e0c8..0000000000
--- a/import_openssl.sh
+++ /dev/null
@@ -1,754 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2009 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# This script imports new versions of OpenSSL (http://openssl.org/source) into the
-# Android source tree.  To run, (1) fetch the appropriate tarball from the OpenSSL repository,
-# (2) check the gpg/pgp signature, and then (3) run:
-#   ./import_openssl.sh import openssl-*.tar.gz
-#
-# IMPORTANT: See README.android for additional details.
-
-# turn on exit on error as well as a warning when it happens
-set -e
-trap  "echo WARNING: Exiting on non-zero subprocess exit code" ERR;
-
-# Make sure we're in the right directory.
-cd $(dirname $0)
-
-# Ensure consistent sorting order / tool output.
-export LANG=C
-export LC_ALL=C
-PERL_EXE="perl -C0"
-
-function die() {
-  declare -r message=$1
-
-  echo $message
-  exit 1
-}
-
-function usage() {
-  declare -r message=$1
-
-  if [ ! "$message" = "" ]; then
-    echo $message
-  fi
-  echo "Usage:"
-  echo "  ./import_openssl.sh import </path/to/openssl-*.tar.gz>"
-  echo "  ./import_openssl.sh regenerate <patch/*.patch>"
-  echo "  ./import_openssl.sh generate <patch/*.patch> </path/to/openssl-*.tar.gz>"
-  exit 1
-}
-
-function main() {
-  if [ ! -d patches ]; then
-    die "OpenSSL patch directory patches/ not found"
-  fi
-
-  if [ ! -f openssl.version ]; then
-    die "openssl.version not found"
-  fi
-
-  source ./openssl.version
-  if [ "$OPENSSL_VERSION" == "" ]; then
-    die "Invalid openssl.version; see README.android for more information"
-  fi
-
-  OPENSSL_DIR=openssl-$OPENSSL_VERSION
-  OPENSSL_DIR_ORIG=$OPENSSL_DIR.orig
-
-  if [ ! -f openssl.config ]; then
-    die "openssl.config not found"
-  fi
-
-  source ./openssl.config
-  if [ "$CONFIGURE_ARGS" == "" -o "$UNNEEDED_SOURCES" == "" -o "$NEEDED_SOURCES" == "" ]; then
-    die "Invalid openssl.config; see README.android for more information"
-  fi
-
-  declare -r command=$1
-  shift || usage "No command specified. Try import, regenerate, or generate."
-  if [ "$command" = "import" ]; then
-    declare -r tar=$1
-    shift || usage "No tar file specified."
-    import $tar
-  elif [ "$command" = "regenerate" ]; then
-    declare -r patch=$1
-    shift || usage "No patch file specified."
-    [ -d $OPENSSL_DIR ] || usage "$OPENSSL_DIR not found, did you mean to use generate?"
-    [ -d $OPENSSL_DIR_ORIG ] || usage "$OPENSSL_DIR_ORIG not found, did you mean to use generate?"
-    regenerate $patch
-  elif [ "$command" = "generate" ]; then
-    declare -r patch=$1
-    shift || usage "No patch file specified."
-    declare -r tar=$1
-    shift || usage "No tar file specified."
-    generate $patch $tar
-  else
-    usage "Unknown command specified $command. Try import, regenerate, or generate."
-  fi
-}
-
-# Compute the name of an assembly source file generated by one of the
-# gen_asm_xxxx() functions below. The logic is the following:
-# - if "$2" is not empty, output it directly
-# - otherwise, change the file extension of $1 from .pl to .S and output
-#   it.
-# Usage: default_asm_file "$1" "$2"
-#     or default_asm_file "$@"
-#
-# $1: generator path (perl script)
-# $2: optional output file name.
-function default_asm_file () {
-  if [ "$2" ]; then
-    echo "$2"
-  else
-    echo "${1%%.pl}.S"
-  fi
-}
-
-# Generate an ARM assembly file.
-# $1: generator (perl script)
-# $2: [optional] output file name
-function gen_asm_arm () {
-  local OUT
-  OUT=$(default_asm_file "$@")
-  $PERL_EXE "$1" void "$OUT" > "$OUT"
-}
-
-# Generate an ARMv8 64-bit assembly file.
-# $1: generator (perl script)
-# $2: [optional] output file name
-function gen_asm_arm64 () {
-  local OUT
-  OUT=$(default_asm_file "$@")
-  $PERL_EXE "$1" linux64 "$OUT" > "$OUT"
-}
-
-function gen_asm_mips () {
-  local OUT
-  OUT=$(default_asm_file "$@")
-  # The perl scripts expect to run the target compiler as $CC to determine
-  # the endianess of the target. Setting CC to true is a hack that forces the scripts
-  # to generate little endian output
-  CC=true $PERL_EXE "$1" o32 > "$OUT"
-}
-
-# TODO: gen_asm_mips64
-
-function gen_asm_x86 () {
-  local OUT
-  OUT=$(default_asm_file "$@")
-  $PERL_EXE "$1" elf -fPIC $(print_values_with_prefix -D $OPENSSL_CRYPTO_DEFINES_x86) > "$OUT"
-}
-
-function gen_asm_x86_64 () {
-  local OUT
-  OUT=$(default_asm_file "$@")
-  $PERL_EXE "$1" elf "$OUT" > "$OUT"
-}
-
-
-# Filter all items in a list that match a given pattern.
-# $1: space-separated list
-# $2: egrep pattern.
-# Out: items in $1 that match $2
-function filter_by_egrep() {
-  declare -r pattern=$1
-  shift
-  echo "$@" | tr ' ' '\n' | grep -e "$pattern" | tr '\n' ' '
-}
-
-# Sort and remove duplicates in a space-separated list
-# $1: space-separated list
-# Out: new space-separated list
-function uniq_sort () {
-  echo "$@" | tr ' ' '\n' | sort -u | tr '\n' ' '
-}
-
-function print_autogenerated_header() {
-  echo "# Auto-generated - DO NOT EDIT!"
-  echo "# To regenerate, edit openssl.config, then run:"
-  echo "#     ./import_openssl.sh import /path/to/openssl-$OPENSSL_VERSION.tar.gz"
-  echo "#"
-}
-
-function run_verbose() {
-  echo Running: $@
-  $@
-}
-
-function scan_opensslconf_for_flags() {
-  for flag in "$@"; do
-    awk "/^#define ${flag}$/ { print \$2 }" crypto/opensslconf.h
-  done
-}
-
-CRYPTO_CONF_FLAGS=(
-OPENSSL_CPUID_OBJ
-DES_LONG
-DES_PTR
-DES_RISC1
-DES_RISC2
-DES_UNROLL
-RC4_INT
-RC4_CHUNK
-RC4_INDEX
-)
-
-function check_asm_flags() {
-  local arch="$1"
-  local target="$2"
-  local unsorted_flags
-  local expected_flags
-  local actual_flags
-  local defines="OPENSSL_CRYPTO_DEFINES_$arch"
-
-  PERL=/usr/bin/perl run_verbose ./Configure $CONFIGURE_ARGS $target
-
-  unsorted_flags="$(awk '/^CFLAG=/ { sub(/^CFLAG= .*-Wall /, ""); gsub(/-D/, ""); print; }' Makefile)"
-  unsorted_flags="$unsorted_flags $(scan_opensslconf_for_flags "${CRYPTO_CONF_FLAGS[@]}")"
-
-  expected_flags="$(echo $unsorted_flags | tr ' ' '\n' | sort | tr '\n' ' ')"
-  actual_flags="$(echo ${!defines} | tr ' ' '\n' | sort | tr '\n' ' ')"
-
-  if [[ $actual_flags != $expected_flags ]]; then
-    echo ${defines} is wrong!
-    echo "    $actual_flags"
-    echo Please update to:
-    echo "    $expected_flags"
-    exit 1
-  fi
-}
-
-# Run Configure and generate headers
-# $1: 32 for 32-bit arch, 64 for 64-bit arch, trusty for Trusty
-# $2: 1 if building for static version
-# Out: returns the cflags and depflags in variable $flags
-function generate_build_config_headers() {
-  chmod +x ./Configure
-  local configure_args_bits=CONFIGURE_ARGS_$1
-  local configure_args_stat=''
-  local outname=$1
-  if [[ $2 == 1 ]] ; then
-      configure_args_stat=CONFIGURE_ARGS_STATIC
-      outname="static-$1"
-  fi
-
-  if [[ $1 == trusty ]] ; then
-    PERL=/usr/bin/perl run_verbose ./Configure $CONFIGURE_ARGS_TRUSTY
-  else
-    PERL=/usr/bin/perl run_verbose ./Configure $CONFIGURE_ARGS ${!configure_args_bits} ${!configure_args_stat}
-  fi
-
-  rm -f apps/CA.pl.bak crypto/opensslconf.h.bak
-  mv -f crypto/opensslconf.h crypto/opensslconf-$outname.h
-  cp -f crypto/opensslconf-$outname.h include/openssl/opensslconf-$outname.h
-
-  local tmpfile=$(mktemp tmp.XXXXXXXXXX)
-  (grep -e -D Makefile | grep -v CONFIGURE_ARGS= | grep -v OPTIONS= | \
-      grep -v -e -DOPENSSL_NO_DEPRECATED) > $tmpfile
-  declare -r cflags=$(filter_by_egrep "^-D" $(grep -e "^CFLAG=" $tmpfile))
-  declare -r depflags=$(filter_by_egrep "^-D" $(grep -e "^DEPFLAG=" $tmpfile))
-  rm -f $tmpfile
-
-  flags="$cflags $depflags"
-}
-
-# Run Configure and generate makefiles
-function generate_build_config_mk() {
-  chmod +x ./Configure
-  for bits in 32 64 trusty; do
-    # Header flags are output in $flags, first static, then dynamic
-    generate_build_config_headers $bits 1
-    local flags_static=$flags
-    generate_build_config_headers $bits
-
-    echo "Generating build-config-$bits.mk"
-    (
-      print_autogenerated_header
-
-      echo "openssl_cflags_$bits := \\"
-      for flag in $flags ; do echo "  $flag \\" ; done
-      echo ""
-
-      echo "openssl_cflags_static_$bits := \\"
-      for flag in $flags_static; do echo "  $flag \\" ; done
-      echo ""
-    ) > ../build-config-$bits.mk
-  done
-}
-
-# Generate crypto/opensslconf.h file including arch-specific files
-function generate_opensslconf_h() {
-  echo "Generating opensslconf.h"
-  (
-  echo "// Auto-generated - DO NOT EDIT!"
-  echo "#ifndef OPENSSL_SYS_TRUSTY"
-  echo "#if defined(__LP64__)"
-  echo "#include \"opensslconf-64.h\""
-  echo "#else"
-  echo "#include \"opensslconf-32.h\""
-  echo "#endif"
-  echo "#else"
-  echo "#include \"opensslconf-trusty.h\""
-  echo "#endif"
-  ) > crypto/opensslconf.h
-  # Generate a compatible version for the static library builds
-  echo "Generating opensslconf-static.h"
-  (
-  echo "// Auto-generated - DO NOT EDIT!"
-  echo "#if defined(__LP64__)"
-  echo "#include \"opensslconf-static-64.h\""
-  echo "#else"
-  echo "#include \"opensslconf-static-32.h\""
-  echo "#endif"
-  ) > crypto/opensslconf-static.h
-  # move it to output include files as well
-  cp -f crypto/opensslconf-static.h include/openssl/opensslconf-static.h
-}
-
-# Return the value of a computed variable name.
-# E.g.:
-#   FOO=foo
-#   BAR=bar
-#   echo $(var_value FOO_$BAR)   -> prints the value of ${FOO_bar}
-# $1: Variable name
-# Out: variable value
-var_value() {
-  # Note: don't use 'echo' here, because it's sensitive to values
-  #       that begin with an underscore (e.g. "-n")
-  eval printf \"%s\\n\" \$$1
-}
-
-# Same as var_value, but returns sorted output without duplicates.
-# $1: Variable name
-# Out: variable value (if space-separated list, sorted with no duplicates)
-var_sorted_value() {
-  uniq_sort $(var_value $1)
-}
-
-# Print the values in a list with a prefix
-# $1: prefix to use
-# $2+: values of list
-print_values_with_prefix() {
-  declare -r prefix=$1
-  shift
-  for src; do
-    echo -n " $prefix$src "
-  done
-}
-
-# Print the definition of a given variable in a GNU Make build file.
-# $1: Variable name (e.g. common_src_files)
-# $2: prefix for each variable contents
-# $3+: Variable value (e.g. list of sources)
-print_vardef_with_prefix_in_mk() {
-  declare -r varname=$1
-  declare -r prefix=$2
-  shift
-  shift
-  if [ -z "$1" ]; then
-    echo "$varname :="
-  else
-    echo "$varname := \\"
-    for src; do
-      echo "  $prefix$src \\"
-    done
-  fi
-  echo ""
-}
-# Print the definition of a given variable in a GNU Make build file.
-# $1: Variable name (e.g. common_src_files)
-# $2+: Variable value (e.g. list of sources)
-print_vardef_in_mk() {
-  declare -r varname=$1
-  shift
-  print_vardef_with_prefix_in_mk $varname "" $@
-}
-
-# Same as print_vardef_in_mk, but print a CFLAGS definition from
-# a list of compiler defines.
-# $1: Variable name (e.g. common_cflags)
-# $2: List of defines (e.g. OPENSSL_NO_CAMELLIA ...)
-print_defines_in_mk() {
-  declare -r varname=$1
-  shift
-  if [ -z "$1" ]; then
-    echo "$varname :="
-  else
-    echo "$varname := \\"
-    for def; do
-    echo "  -D$def \\"
-    done
-  fi
-  echo ""
-}
-
-# Generate a configuration file like Crypto-config.mk
-# This uses variable definitions from openssl.config to build a config
-# file that can compute the list of target- and host-specific sources /
-# compiler flags for a given component.
-#
-# $1: Target file name.  (e.g. Crypto-config.mk)
-# $2: Variable prefix.   (e.g. CRYPTO)
-# $3: "host" or "target"
-function generate_config_mk() {
-  declare -r output="$1"
-  declare -r prefix="$2"
-  declare -r all_archs="arm arm64 x86 x86_64 mips mips64"
-  declare -r variant_archs="mips32r6"
-
-  echo "Generating $(basename $output)"
-  (
-    print_autogenerated_header
-    echo \
-"# This script will append to the following variables:
-#
-#    LOCAL_CFLAGS
-#    LOCAL_C_INCLUDES
-#    LOCAL_SRC_FILES_\$(TARGET_ARCH)
-#    LOCAL_SRC_FILES_\$(TARGET_2ND_ARCH)
-#    LOCAL_CFLAGS_\$(TARGET_ARCH)
-#    LOCAL_CFLAGS_\$(TARGET_2ND_ARCH)
-#    LOCAL_ADDITIONAL_DEPENDENCIES"
-if [ $prefix != "APPS" ] ; then
-    echo "#    LOCAL_EXPORT_C_INCLUDE_DIRS"
-fi
-echo "
-
-LOCAL_ADDITIONAL_DEPENDENCIES += \$(LOCAL_PATH)/$(basename $output)
-"
-
-    common_defines=$(var_sorted_value OPENSSL_${prefix}_DEFINES)
-    print_defines_in_mk common_cflags $common_defines
-
-    common_sources=$(var_sorted_value OPENSSL_${prefix}_SOURCES)
-    print_vardef_in_mk common_src_files $common_sources
-
-    common_includes=$(var_sorted_value OPENSSL_${prefix}_INCLUDES)
-    print_vardef_with_prefix_in_mk common_c_includes external/openssl/ $common_includes
-
-    for arch in $all_archs $variant_archs; do
-      arch_clang_asflags=$(var_sorted_value OPENSSL_${prefix}_CLANG_ASFLAGS_${arch})
-      print_vardef_in_mk ${arch}_clang_asflags $arch_clang_asflags
-
-      arch_defines=$(var_sorted_value OPENSSL_${prefix}_DEFINES_${arch})
-      print_defines_in_mk ${arch}_cflags $arch_defines
-
-      arch_sources=$(var_sorted_value OPENSSL_${prefix}_SOURCES_${arch})
-      print_vardef_in_mk ${arch}_src_files $arch_sources
-
-      arch_exclude_sources=$(var_sorted_value OPENSSL_${prefix}_SOURCES_EXCLUDES_${arch})
-      print_vardef_in_mk ${arch}_exclude_files $arch_exclude_sources
-
-    done
-
-    if [ $prefix == "CRYPTO" ]; then
-      echo "
-# \"Temporary\" hack until this can be fixed in openssl.config
-x86_64_cflags += -DRC4_INT=\"unsigned int\""
-    fi
-
-    if [ $prefix != "APPS" ] ; then
-      echo "
-LOCAL_EXPORT_C_INCLUDE_DIRS := \$(LOCAL_PATH)/include"
-    fi
-
-    echo "
-ifdef ARCH_MIPS_REV6
-mips_cflags := \$(mips32r6_cflags)
-mips_src_files := \$(mips32r6_src_files)
-mips_exclude_files := \$(mips32r6_exclude_files)
-endif"
-
-    if [ $3 == "target" ]; then
-      echo "
-LOCAL_CFLAGS += \$(common_cflags)
-LOCAL_C_INCLUDES += \$(common_c_includes)"
-      for arch in $all_archs; do
-        echo "
-LOCAL_SRC_FILES_${arch} += \$(filter-out \$(${arch}_exclude_files),\$(common_src_files) \$(${arch}_src_files))
-LOCAL_CFLAGS_${arch} += \$(${arch}_cflags)
-LOCAL_CLANG_ASFLAGS_${arch} += \$(${arch}_clang_asflags)"
-      done
-    else
-      echo "
-LOCAL_CFLAGS += \$(common_cflags)
-LOCAL_C_INCLUDES += \$(common_c_includes) \$(local_c_includes)
-
-ifeq (\$(HOST_OS),linux)
-LOCAL_CFLAGS_x86 += \$(x86_cflags)
-LOCAL_SRC_FILES_x86 += \$(filter-out \$(x86_exclude_files), \$(common_src_files) \$(x86_src_files))
-LOCAL_CFLAGS_x86_64 += \$(x86_64_cflags)
-LOCAL_SRC_FILES_x86_64 += \$(filter-out \$(x86_64_exclude_files), \$(common_src_files) \$(x86_64_src_files))
-else
-\$(warning Unknown host OS \$(HOST_OS))
-LOCAL_SRC_FILES += \$(common_src_files)
-endif"
-    fi
-  ) > "$output"
-}
-
-function import() {
-  declare -r OPENSSL_SOURCE=$1
-  untar $OPENSSL_SOURCE readonly
-  applypatches $OPENSSL_DIR
-  convert_iso8859_to_utf8 $OPENSSL_DIR
-
-  cd $OPENSSL_DIR
-
-  # Check the ASM flags for each arch
-  check_asm_flags arm linux-armv4
-  check_asm_flags arm64 linux-aarch64
-  check_asm_flags x86 linux-elf
-  check_asm_flags x86_64 linux-x86_64
-
-  generate_build_config_mk
-  generate_opensslconf_h
-
-  cp -f LICENSE ../NOTICE
-  touch ../MODULE_LICENSE_BSD_LIKE
-
-  # Avoid checking in symlinks
-  for i in `find include/openssl -type l`; do
-    target=`readlink $i`
-    rm -f $i
-    if [ -f include/openssl/$target ]; then
-      cp include/openssl/$target $i
-    fi
-  done
-
-  # Generate arm asm
-  gen_asm_arm crypto/aes/asm/aes-armv4.pl
-  gen_asm_arm crypto/aes/asm/aesv8-armx.pl
-  gen_asm_arm crypto/aes/asm/bsaes-armv7.pl
-  gen_asm_arm crypto/bn/asm/armv4-gf2m.pl
-  gen_asm_arm crypto/bn/asm/armv4-mont.pl
-  gen_asm_arm crypto/modes/asm/ghash-armv4.pl
-  gen_asm_arm crypto/modes/asm/ghashv8-armx.pl
-  gen_asm_arm crypto/sha/asm/sha1-armv4-large.pl
-  gen_asm_arm crypto/sha/asm/sha256-armv4.pl
-  gen_asm_arm crypto/sha/asm/sha512-armv4.pl
-
-  # Generate armv8 asm
-  gen_asm_arm64 crypto/aes/asm/aesv8-armx.pl crypto/aes/asm/aesv8-armx-64.S
-  gen_asm_arm64 crypto/modes/asm/ghashv8-armx.pl crypto/modes/asm/ghashv8-armx-64.S
-  gen_asm_arm64 crypto/sha/asm/sha1-armv8.pl
-  gen_asm_arm64 crypto/sha/asm/sha512-armv8.pl crypto/sha/asm/sha256-armv8.S
-  gen_asm_arm64 crypto/sha/asm/sha512-armv8.pl
-
-  # Generate mips asm
-  gen_asm_mips crypto/aes/asm/aes-mips.pl
-  gen_asm_mips crypto/bn/asm/mips.pl crypto/bn/asm/bn-mips.S
-  gen_asm_mips crypto/bn/asm/mips-mont.pl
-  gen_asm_mips crypto/sha/asm/sha1-mips.pl
-  gen_asm_mips crypto/sha/asm/sha512-mips.pl crypto/sha/asm/sha256-mips.S
-
-  # TODO: Generate mips32r6 asm
-
-  # TODO: Generate mips64 asm
-
-  # Generate x86 asm
-  gen_asm_x86 crypto/x86cpuid.pl
-  gen_asm_x86 crypto/aes/asm/aes-586.pl
-  gen_asm_x86 crypto/aes/asm/vpaes-x86.pl
-  gen_asm_x86 crypto/aes/asm/aesni-x86.pl
-  gen_asm_x86 crypto/bn/asm/bn-586.pl
-  gen_asm_x86 crypto/bn/asm/co-586.pl
-  gen_asm_x86 crypto/bn/asm/x86-mont.pl
-  gen_asm_x86 crypto/bn/asm/x86-gf2m.pl
-  gen_asm_x86 crypto/modes/asm/ghash-x86.pl
-  gen_asm_x86 crypto/sha/asm/sha1-586.pl
-  gen_asm_x86 crypto/sha/asm/sha256-586.pl
-  gen_asm_x86 crypto/sha/asm/sha512-586.pl
-  gen_asm_x86 crypto/md5/asm/md5-586.pl
-  gen_asm_x86 crypto/des/asm/des-586.pl
-  gen_asm_x86 crypto/des/asm/crypt586.pl
-  gen_asm_x86 crypto/bf/asm/bf-586.pl
-
-  # Generate x86_64 asm
-  gen_asm_x86_64 crypto/x86_64cpuid.pl
-  gen_asm_x86_64 crypto/sha/asm/sha1-x86_64.pl
-  gen_asm_x86_64 crypto/sha/asm/sha512-x86_64.pl crypto/sha/asm/sha256-x86_64.S
-  gen_asm_x86_64 crypto/sha/asm/sha512-x86_64.pl
-  gen_asm_x86_64 crypto/modes/asm/ghash-x86_64.pl
-  gen_asm_x86_64 crypto/aes/asm/aesni-x86_64.pl
-  gen_asm_x86_64 crypto/aes/asm/vpaes-x86_64.pl
-  gen_asm_x86_64 crypto/aes/asm/bsaes-x86_64.pl
-  gen_asm_x86_64 crypto/aes/asm/aes-x86_64.pl
-  gen_asm_x86_64 crypto/aes/asm/aesni-sha1-x86_64.pl
-  gen_asm_x86_64 crypto/md5/asm/md5-x86_64.pl
-  gen_asm_x86_64 crypto/bn/asm/modexp512-x86_64.pl
-  gen_asm_x86_64 crypto/bn/asm/x86_64-mont.pl
-  gen_asm_x86_64 crypto/bn/asm/x86_64-gf2m.pl
-  gen_asm_x86_64 crypto/bn/asm/x86_64-mont5.pl
-  gen_asm_x86_64 crypto/rc4/asm/rc4-x86_64.pl
-  gen_asm_x86_64 crypto/rc4/asm/rc4-md5-x86_64.pl
-
-  # Setup android.testssl directory
-  mkdir android.testssl
-  cat test/testssl | \
-    sed 's#../util/shlib_wrap.sh ./ssltest#adb shell /system/bin/ssltest#' | \
-    sed 's#../util/shlib_wrap.sh ../apps/openssl#adb shell /system/bin/openssl#' | \
-    sed 's#adb shell /system/bin/openssl no-dh#[ `adb shell /system/bin/openssl no-dh` = no-dh ]#' | \
-    sed 's#adb shell /system/bin/openssl no-rsa#[ `adb shell /system/bin/openssl no-rsa` = no-dh ]#' | \
-    sed 's#../apps/server2.pem#/sdcard/android.testssl/server2.pem#' | \
-    cat > \
-    android.testssl/testssl
-  chmod +x android.testssl/testssl
-  cat test/Uss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/Uss.cnf
-  cat test/CAss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/CAss.cnf
-  cp apps/server2.pem android.testssl/
-  cp ../patches/testssl.sh android.testssl/
-
-  cd ..
-
-  generate_config_mk Crypto-config-target.mk CRYPTO target
-  generate_config_mk Crypto-config-host.mk CRYPTO host
-  generate_config_mk Crypto-config-trusty.mk CRYPTO_TRUSTY target
-  generate_config_mk Ssl-config-target.mk SSL target
-  generate_config_mk Ssl-config-host.mk SSL host
-  generate_config_mk Apps-config-target.mk APPS target
-  generate_config_mk Apps-config-host.mk APPS host
-
-  # Prune unnecessary sources
-  prune
-
-  NEEDED_SOURCES="$NEEDED_SOURCES android.testssl"
-  for i in $NEEDED_SOURCES; do
-    echo "Updating $i"
-    rm -r $i
-    mv $OPENSSL_DIR/$i .
-  done
-
-  cleantar
-}
-
-function regenerate() {
-  declare -r patch=$1
-
-  generatepatch $patch
-}
-
-function generate() {
-  declare -r patch=$1
-  declare -r OPENSSL_SOURCE=$2
-
-  untar $OPENSSL_SOURCE
-  applypatches $OPENSSL_DIR_ORIG $patch
-  prune
-
-  for i in $NEEDED_SOURCES; do
-    echo "Restoring $i"
-    rm -r $OPENSSL_DIR/$i
-    cp -rf $i $OPENSSL_DIR/$i
-  done
-
-  generatepatch $patch
-  cleantar
-}
-
-# Find all files in a sub-directory that are encoded in ISO-8859
-# $1: Directory.
-# Out: list of files in $1 that are encoded as ISO-8859.
-function find_iso8859_files() {
-  find $1 -type f -print0 | xargs -0 file --mime-encoding | grep -i "iso-8859" | cut -d: -f1
-}
-
-# Convert all ISO-8859 files in a given subdirectory to UTF-8
-# $1: Directory name
-function convert_iso8859_to_utf8() {
-  declare -r iso_files=$(find_iso8859_files "$1")
-  for iso_file in $iso_files; do
-    iconv --from-code iso-8859-1 --to-code utf-8 $iso_file > $iso_file.tmp
-    rm -f $iso_file
-    mv $iso_file.tmp $iso_file
-  done
-}
-
-function untar() {
-  declare -r OPENSSL_SOURCE=$1
-  declare -r readonly=$2
-
-  # Remove old source
-  cleantar
-
-  # Process new source
-  tar -zxf $OPENSSL_SOURCE
-  cp -RfP $OPENSSL_DIR $OPENSSL_DIR_ORIG
-  if [ ! -z $readonly ]; then
-    find $OPENSSL_DIR_ORIG -type f -print0 | xargs -0 chmod a-w
-  fi
-}
-
-function prune() {
-  echo "Removing $UNNEEDED_SOURCES"
-  (cd $OPENSSL_DIR_ORIG && rm -rf $UNNEEDED_SOURCES)
-  (cd $OPENSSL_DIR      && rm -r  $UNNEEDED_SOURCES)
-}
-
-function cleantar() {
-  rm -rf $OPENSSL_DIR_ORIG
-  rm -rf $OPENSSL_DIR
-}
-
-function applypatches () {
-  declare -r dir=$1
-  declare -r skip_patch=$2
-
-  cd $dir
-
-  # Apply appropriate patches
-  patches=(../patches/[0-9][0-9][0-9][0-9]-*.patch)
-  for i in "${patches[@]}"; do
-    if [[ $skip_patch != ${i##*/} ]]; then
-      echo "Applying patch $i"
-      patch -p1 < $i || die "Could not apply $i. Fix source and run: $0 regenerate patches/${i##*/}"
-    else
-      echo "Skiping patch ${i##*/}"
-    fi
-
-  done
-
-  # Cleanup patch output
-  find . \( -type f -o -type l \) -name "*.orig" -print0 | xargs -0 rm -f
-
-  cd ..
-}
-
-function generatepatch() {
-  declare -r patch=$1
-
-  # Cleanup stray files before generating patch
-  find $OPENSSL_DIR -type f -name "*.orig" -print0 | xargs -0 rm -f
-  find $OPENSSL_DIR -type f -name "*~" -print0 | xargs -0 rm -f
-
-  # Find the files the patch touches and only keep those in the output patch
-  declare -r sources=`patch -p1 --dry-run -d $OPENSSL_DIR < $patch  | awk '/^patching file / { print $3 }'`
-
-  rm -f $patch
-  touch $patch
-  for i in $sources; do
-    LC_ALL=C TZ=UTC0 diff -aup $OPENSSL_DIR_ORIG/$i $OPENSSL_DIR/$i >> $patch && die "ERROR: No diff for patch $path in file $i"
-  done
-  echo "Generated patch $patch"
-  echo "NOTE To make sure there are not unwanted changes from conflicting patches, be sure to review the generated patch."
-}
-
-main $@
diff --git a/include/openssl/aes.h b/include/openssl/aes.h
deleted file mode 100644
index 031abf01b5..0000000000
--- a/include/openssl/aes.h
+++ /dev/null
@@ -1,147 +0,0 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_AES_H
-#define HEADER_AES_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_AES
-#error AES is disabled.
-#endif
-
-#include <stddef.h>
-
-#define AES_ENCRYPT	1
-#define AES_DECRYPT	0
-
-/* Because array size can't be a const in C, the following two are macros.
-   Both sizes are in bytes. */
-#define AES_MAXNR 14
-#define AES_BLOCK_SIZE 16
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* This should be a hidden type, but EVP requires that the size be known */
-struct aes_key_st {
-#ifdef AES_LONG
-    unsigned long rd_key[4 *(AES_MAXNR + 1)];
-#else
-    unsigned int rd_key[4 *(AES_MAXNR + 1)];
-#endif
-    int rounds;
-};
-typedef struct aes_key_st AES_KEY;
-
-const char *AES_options(void);
-
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-	AES_KEY *key);
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-	AES_KEY *key);
-
-int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-	AES_KEY *key);
-int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-	AES_KEY *key);
-
-void AES_encrypt(const unsigned char *in, unsigned char *out,
-	const AES_KEY *key);
-void AES_decrypt(const unsigned char *in, unsigned char *out,
-	const AES_KEY *key);
-
-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
-	const AES_KEY *key, const int enc);
-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, const int enc);
-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, int *num, const int enc);
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, int *num, const int enc);
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, int *num, const int enc);
-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char *ivec, int *num);
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-	size_t length, const AES_KEY *key,
-	unsigned char ivec[AES_BLOCK_SIZE],
-	unsigned char ecount_buf[AES_BLOCK_SIZE],
-	unsigned int *num);
-/* NB: the IV is _two_ blocks long */
-void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-		     size_t length, const AES_KEY *key,
-		     unsigned char *ivec, const int enc);
-/* NB: the IV is _four_ blocks long */
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-			size_t length, const AES_KEY *key,
-			const AES_KEY *key2, const unsigned char *ivec,
-			const int enc);
-
-int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
-		unsigned char *out,
-		const unsigned char *in, unsigned int inlen);
-int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
-		unsigned char *out,
-		const unsigned char *in, unsigned int inlen);
-
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif /* !HEADER_AES_H */
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
deleted file mode 100644
index 3c45d5d03f..0000000000
--- a/include/openssl/asn1.h
+++ /dev/null
@@ -1,1406 +0,0 @@
-/* crypto/asn1/asn1.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ASN1_H
-#define HEADER_ASN1_H
-
-#include <time.h>
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/stack.h>
-#include <openssl/safestack.h>
-
-#include <openssl/symhacks.h>
-
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define V_ASN1_UNIVERSAL		0x00
-#define	V_ASN1_APPLICATION		0x40
-#define V_ASN1_CONTEXT_SPECIFIC		0x80
-#define V_ASN1_PRIVATE			0xc0
-
-#define V_ASN1_CONSTRUCTED		0x20
-#define V_ASN1_PRIMITIVE_TAG		0x1f
-#define V_ASN1_PRIMATIVE_TAG		0x1f
-
-#define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */
-#define V_ASN1_OTHER			-3	/* used in ASN1_TYPE */
-#define V_ASN1_ANY			-4	/* used in ASN1 template code */
-
-#define V_ASN1_NEG			0x100	/* negative flag */
-
-#define V_ASN1_UNDEF			-1
-#define V_ASN1_EOC			0
-#define V_ASN1_BOOLEAN			1	/**/
-#define V_ASN1_INTEGER			2
-#define V_ASN1_NEG_INTEGER		(2 | V_ASN1_NEG)
-#define V_ASN1_BIT_STRING		3
-#define V_ASN1_OCTET_STRING		4
-#define V_ASN1_NULL			5
-#define V_ASN1_OBJECT			6
-#define V_ASN1_OBJECT_DESCRIPTOR	7
-#define V_ASN1_EXTERNAL			8
-#define V_ASN1_REAL			9
-#define V_ASN1_ENUMERATED		10
-#define V_ASN1_NEG_ENUMERATED		(10 | V_ASN1_NEG)
-#define V_ASN1_UTF8STRING		12
-#define V_ASN1_SEQUENCE			16
-#define V_ASN1_SET			17
-#define V_ASN1_NUMERICSTRING		18	/**/
-#define V_ASN1_PRINTABLESTRING		19
-#define V_ASN1_T61STRING		20
-#define V_ASN1_TELETEXSTRING		20	/* alias */
-#define V_ASN1_VIDEOTEXSTRING		21	/**/
-#define V_ASN1_IA5STRING		22
-#define V_ASN1_UTCTIME			23
-#define V_ASN1_GENERALIZEDTIME		24	/**/
-#define V_ASN1_GRAPHICSTRING		25	/**/
-#define V_ASN1_ISO64STRING		26	/**/
-#define V_ASN1_VISIBLESTRING		26	/* alias */
-#define V_ASN1_GENERALSTRING		27	/**/
-#define V_ASN1_UNIVERSALSTRING		28	/**/
-#define V_ASN1_BMPSTRING		30
-
-/* For use with d2i_ASN1_type_bytes() */
-#define B_ASN1_NUMERICSTRING	0x0001
-#define B_ASN1_PRINTABLESTRING	0x0002
-#define B_ASN1_T61STRING	0x0004
-#define B_ASN1_TELETEXSTRING	0x0004
-#define B_ASN1_VIDEOTEXSTRING	0x0008
-#define B_ASN1_IA5STRING	0x0010
-#define B_ASN1_GRAPHICSTRING	0x0020
-#define B_ASN1_ISO64STRING	0x0040
-#define B_ASN1_VISIBLESTRING	0x0040
-#define B_ASN1_GENERALSTRING	0x0080
-#define B_ASN1_UNIVERSALSTRING	0x0100
-#define B_ASN1_OCTET_STRING	0x0200
-#define B_ASN1_BIT_STRING	0x0400
-#define B_ASN1_BMPSTRING	0x0800
-#define B_ASN1_UNKNOWN		0x1000
-#define B_ASN1_UTF8STRING	0x2000
-#define B_ASN1_UTCTIME		0x4000
-#define B_ASN1_GENERALIZEDTIME	0x8000
-#define B_ASN1_SEQUENCE		0x10000
-
-/* For use with ASN1_mbstring_copy() */
-#define MBSTRING_FLAG		0x1000
-#define MBSTRING_UTF8		(MBSTRING_FLAG)
-#define MBSTRING_ASC		(MBSTRING_FLAG|1)
-#define MBSTRING_BMP		(MBSTRING_FLAG|2)
-#define MBSTRING_UNIV		(MBSTRING_FLAG|4)
-
-#define SMIME_OLDMIME		0x400
-#define SMIME_CRLFEOL		0x800
-#define SMIME_STREAM		0x1000
-
-struct X509_algor_st;
-DECLARE_STACK_OF(X509_ALGOR)
-
-#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
-#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
-
-/* We MUST make sure that, except for constness, asn1_ctx_st and
-   asn1_const_ctx are exactly the same.  Fortunately, as soon as
-   the old ASN1 parsing macros are gone, we can throw this away
-   as well... */
-typedef struct asn1_ctx_st
-	{
-	unsigned char *p;/* work char pointer */
-	int eos;	/* end of sequence read for indefinite encoding */
-	int error;	/* error code to use when returning an error */
-	int inf;	/* constructed if 0x20, indefinite is 0x21 */
-	int tag;	/* tag from last 'get object' */
-	int xclass;	/* class from last 'get object' */
-	long slen;	/* length of last 'get object' */
-	unsigned char *max; /* largest value of p allowed */
-	unsigned char *q;/* temporary variable */
-	unsigned char **pp;/* variable */
-	int line;	/* used in error processing */
-	} ASN1_CTX;
-
-typedef struct asn1_const_ctx_st
-	{
-	const unsigned char *p;/* work char pointer */
-	int eos;	/* end of sequence read for indefinite encoding */
-	int error;	/* error code to use when returning an error */
-	int inf;	/* constructed if 0x20, indefinite is 0x21 */
-	int tag;	/* tag from last 'get object' */
-	int xclass;	/* class from last 'get object' */
-	long slen;	/* length of last 'get object' */
-	const unsigned char *max; /* largest value of p allowed */
-	const unsigned char *q;/* temporary variable */
-	const unsigned char **pp;/* variable */
-	int line;	/* used in error processing */
-	} ASN1_const_CTX;
-
-/* These are used internally in the ASN1_OBJECT to keep track of
- * whether the names and data need to be free()ed */
-#define ASN1_OBJECT_FLAG_DYNAMIC	 0x01	/* internal use */
-#define ASN1_OBJECT_FLAG_CRITICAL	 0x02	/* critical x509v3 object id */
-#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04	/* internal use */
-#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 	 0x08	/* internal use */
-typedef struct asn1_object_st
-	{
-	const char *sn,*ln;
-	int nid;
-	int length;
-	const unsigned char *data;	/* data remains const after init */
-	int flags;	/* Should we free this one */
-	} ASN1_OBJECT;
-
-#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
-/* This indicates that the ASN1_STRING is not a real value but just a place
- * holder for the location where indefinite length constructed data should
- * be inserted in the memory buffer 
- */
-#define ASN1_STRING_FLAG_NDEF 0x010 
-
-/* This flag is used by the CMS code to indicate that a string is not
- * complete and is a place holder for content when it had all been 
- * accessed. The flag will be reset when content has been written to it.
- */
-
-#define ASN1_STRING_FLAG_CONT 0x020 
-/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
- * type.
- */
-#define ASN1_STRING_FLAG_MSTRING 0x040 
-/* This is the base type that holds just about everything :-) */
-struct asn1_string_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	/* The value of the following field depends on the type being
-	 * held.  It is mostly being used for BIT_STRING so if the
-	 * input data has a non-zero 'unused bits' value, it will be
-	 * handled correctly */
-	long flags;
-	};
-
-/* ASN1_ENCODING structure: this is used to save the received
- * encoding of an ASN1 type. This is useful to get round
- * problems with invalid encodings which can break signatures.
- */
-
-typedef struct ASN1_ENCODING_st
-	{
-	unsigned char *enc;	/* DER encoding */
-	long len;		/* Length of encoding */
-	int modified;		 /* set to 1 if 'enc' is invalid */
-	} ASN1_ENCODING;
-
-/* Used with ASN1 LONG type: if a long is set to this it is omitted */
-#define ASN1_LONG_UNDEF	0x7fffffffL
-
-#define STABLE_FLAGS_MALLOC	0x01
-#define STABLE_NO_MASK		0x02
-#define DIRSTRING_TYPE	\
- (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
-#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
-
-typedef struct asn1_string_table_st {
-	int nid;
-	long minsize;
-	long maxsize;
-	unsigned long mask;
-	unsigned long flags;
-} ASN1_STRING_TABLE;
-
-DECLARE_STACK_OF(ASN1_STRING_TABLE)
-
-/* size limits: this stuff is taken straight from RFC2459 */
-
-#define ub_name				32768
-#define ub_common_name			64
-#define ub_locality_name		128
-#define ub_state_name			128
-#define ub_organization_name		64
-#define ub_organization_unit_name	64
-#define ub_title			64
-#define ub_email_address		128
-
-/* Declarations for template structures: for full definitions
- * see asn1t.h
- */
-typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
-typedef struct ASN1_TLC_st ASN1_TLC;
-/* This is just an opaque pointer */
-typedef struct ASN1_VALUE_st ASN1_VALUE;
-
-/* Declare ASN1 functions: the implement macro in in asn1t.h */
-
-#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
-
-#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
-
-#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
-
-#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
-	DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
-
-#define	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
-	type *d2i_##name(type **a, const unsigned char **in, long len); \
-	int i2d_##name(type *a, unsigned char **out); \
-	DECLARE_ASN1_ITEM(itname)
-
-#define	DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
-	type *d2i_##name(type **a, const unsigned char **in, long len); \
-	int i2d_##name(const type *a, unsigned char **out); \
-	DECLARE_ASN1_ITEM(name)
-
-#define	DECLARE_ASN1_NDEF_FUNCTION(name) \
-	int i2d_##name##_NDEF(name *a, unsigned char **out);
-
-#define DECLARE_ASN1_FUNCTIONS_const(name) \
-	DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
-	DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
-
-#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-	type *name##_new(void); \
-	void name##_free(type *a);
-
-#define DECLARE_ASN1_PRINT_FUNCTION(stname) \
-	DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
-
-#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
-	int fname##_print_ctx(BIO *out, stname *x, int indent, \
-					 const ASN1_PCTX *pctx);
-
-#define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
-#define I2D_OF(type) int (*)(type *,unsigned char **)
-#define I2D_OF_const(type) int (*)(const type *,unsigned char **)
-
-#define CHECKED_D2I_OF(type, d2i) \
-    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
-#define CHECKED_I2D_OF(type, i2d) \
-    ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
-#define CHECKED_NEW_OF(type, xnew) \
-    ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
-#define CHECKED_PTR_OF(type, p) \
-    ((void*) (1 ? p : (type*)0))
-#define CHECKED_PPTR_OF(type, p) \
-    ((void**) (1 ? p : (type**)0))
-
-#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
-#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
-#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
-
-TYPEDEF_D2I2D_OF(void);
-
-/* The following macros and typedefs allow an ASN1_ITEM
- * to be embedded in a structure and referenced. Since
- * the ASN1_ITEM pointers need to be globally accessible
- * (possibly from shared libraries) they may exist in
- * different forms. On platforms that support it the
- * ASN1_ITEM structure itself will be globally exported.
- * Other platforms will export a function that returns
- * an ASN1_ITEM pointer.
- *
- * To handle both cases transparently the macros below
- * should be used instead of hard coding an ASN1_ITEM
- * pointer in a structure.
- *
- * The structure will look like this:
- *
- * typedef struct SOMETHING_st {
- *      ...
- *      ASN1_ITEM_EXP *iptr;
- *      ...
- * } SOMETHING; 
- *
- * It would be initialised as e.g.:
- *
- * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
- *
- * and the actual pointer extracted with:
- *
- * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
- *
- * Finally an ASN1_ITEM pointer can be extracted from an
- * appropriate reference with: ASN1_ITEM_rptr(X509). This
- * would be used when a function takes an ASN1_ITEM * argument.
- *
- */
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM ASN1_ITEM_EXP;
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#define ASN1_ITEM_ptr(iptr) (iptr)
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
-
-#define ASN1_ITEM_rptr(ref) (&(ref##_it))
-
-#define DECLARE_ASN1_ITEM(name) \
-	OPENSSL_EXTERN const ASN1_ITEM name##_it;
-
-#else
-
-/* Platforms that can't easily handle shared global variables are declared
- * as functions returning ASN1_ITEM pointers.
- */
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#define ASN1_ITEM_ptr(iptr) (iptr())
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#define ASN1_ITEM_ref(iptr) (iptr##_it)
-
-#define ASN1_ITEM_rptr(ref) (ref##_it())
-
-#define DECLARE_ASN1_ITEM(name) \
-	const ASN1_ITEM * name##_it(void);
-
-#endif
-
-/* Parameters used by ASN1_STRING_print_ex() */
-
-/* These determine which characters to escape:
- * RFC2253 special characters, control characters and
- * MSB set characters
- */
-
-#define ASN1_STRFLGS_ESC_2253		1
-#define ASN1_STRFLGS_ESC_CTRL		2
-#define ASN1_STRFLGS_ESC_MSB		4
-
-
-/* This flag determines how we do escaping: normally
- * RC2253 backslash only, set this to use backslash and
- * quote.
- */
-
-#define ASN1_STRFLGS_ESC_QUOTE		8
-
-
-/* These three flags are internal use only. */
-
-/* Character is a valid PrintableString character */
-#define CHARTYPE_PRINTABLESTRING	0x10
-/* Character needs escaping if it is the first character */
-#define CHARTYPE_FIRST_ESC_2253		0x20
-/* Character needs escaping if it is the last character */
-#define CHARTYPE_LAST_ESC_2253		0x40
-
-/* NB the internal flags are safely reused below by flags
- * handled at the top level.
- */
-
-/* If this is set we convert all character strings
- * to UTF8 first 
- */
-
-#define ASN1_STRFLGS_UTF8_CONVERT	0x10
-
-/* If this is set we don't attempt to interpret content:
- * just assume all strings are 1 byte per character. This
- * will produce some pretty odd looking output!
- */
-
-#define ASN1_STRFLGS_IGNORE_TYPE	0x20
-
-/* If this is set we include the string type in the output */
-#define ASN1_STRFLGS_SHOW_TYPE		0x40
-
-/* This determines which strings to display and which to
- * 'dump' (hex dump of content octets or DER encoding). We can
- * only dump non character strings or everything. If we
- * don't dump 'unknown' they are interpreted as character
- * strings with 1 octet per character and are subject to
- * the usual escaping options.
- */
-
-#define ASN1_STRFLGS_DUMP_ALL		0x80
-#define ASN1_STRFLGS_DUMP_UNKNOWN	0x100
-
-/* These determine what 'dumping' does, we can dump the
- * content octets or the DER encoding: both use the
- * RFC2253 #XXXXX notation.
- */
-
-#define ASN1_STRFLGS_DUMP_DER		0x200
-
-/* All the string flags consistent with RFC2253,
- * escaping control characters isn't essential in
- * RFC2253 but it is advisable anyway.
- */
-
-#define ASN1_STRFLGS_RFC2253	(ASN1_STRFLGS_ESC_2253 | \
-				ASN1_STRFLGS_ESC_CTRL | \
-				ASN1_STRFLGS_ESC_MSB | \
-				ASN1_STRFLGS_UTF8_CONVERT | \
-				ASN1_STRFLGS_DUMP_UNKNOWN | \
-				ASN1_STRFLGS_DUMP_DER)
-
-DECLARE_STACK_OF(ASN1_INTEGER)
-DECLARE_ASN1_SET_OF(ASN1_INTEGER)
-
-DECLARE_STACK_OF(ASN1_GENERALSTRING)
-
-typedef struct asn1_type_st
-	{
-	int type;
-	union	{
-		char *ptr;
-		ASN1_BOOLEAN		boolean;
-		ASN1_STRING *		asn1_string;
-		ASN1_OBJECT *		object;
-		ASN1_INTEGER *		integer;
-		ASN1_ENUMERATED *	enumerated;
-		ASN1_BIT_STRING *	bit_string;
-		ASN1_OCTET_STRING *	octet_string;
-		ASN1_PRINTABLESTRING *	printablestring;
-		ASN1_T61STRING *	t61string;
-		ASN1_IA5STRING *	ia5string;
-		ASN1_GENERALSTRING *	generalstring;
-		ASN1_BMPSTRING *	bmpstring;
-		ASN1_UNIVERSALSTRING *	universalstring;
-		ASN1_UTCTIME *		utctime;
-		ASN1_GENERALIZEDTIME *	generalizedtime;
-		ASN1_VISIBLESTRING *	visiblestring;
-		ASN1_UTF8STRING *	utf8string;
-		/* set and sequence are left complete and still
-		 * contain the set or sequence bytes */
-		ASN1_STRING *		set;
-		ASN1_STRING *		sequence;
-		ASN1_VALUE *		asn1_value;
-		} value;
-	} ASN1_TYPE;
-
-DECLARE_STACK_OF(ASN1_TYPE)
-DECLARE_ASN1_SET_OF(ASN1_TYPE)
-
-typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
-
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
-
-typedef struct NETSCAPE_X509_st
-	{
-	ASN1_OCTET_STRING *header;
-	X509 *cert;
-	} NETSCAPE_X509;
-
-/* This is used to contain a list of bit names */
-typedef struct BIT_STRING_BITNAME_st {
-	int bitnum;
-	const char *lname;
-	const char *sname;
-} BIT_STRING_BITNAME;
-
-
-#define M_ASN1_STRING_length(x)	((x)->length)
-#define M_ASN1_STRING_length_set(x, n)	((x)->length = (n))
-#define M_ASN1_STRING_type(x)	((x)->type)
-#define M_ASN1_STRING_data(x)	((x)->data)
-
-/* Macros for string operations */
-#define M_ASN1_BIT_STRING_new()	(ASN1_BIT_STRING *)\
-		ASN1_STRING_type_new(V_ASN1_BIT_STRING)
-#define M_ASN1_BIT_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
-		ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
-		(const ASN1_STRING *)a,(const ASN1_STRING *)b)
-#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
-
-#define M_ASN1_INTEGER_new()	(ASN1_INTEGER *)\
-		ASN1_STRING_type_new(V_ASN1_INTEGER)
-#define M_ASN1_INTEGER_free(a)		ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\
-		ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_ASN1_INTEGER_cmp(a,b)	ASN1_STRING_cmp(\
-		(const ASN1_STRING *)a,(const ASN1_STRING *)b)
-
-#define M_ASN1_ENUMERATED_new()	(ASN1_ENUMERATED *)\
-		ASN1_STRING_type_new(V_ASN1_ENUMERATED)
-#define M_ASN1_ENUMERATED_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\
-		ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_cmp(a,b)	ASN1_STRING_cmp(\
-		(const ASN1_STRING *)a,(const ASN1_STRING *)b)
-
-#define M_ASN1_OCTET_STRING_new()	(ASN1_OCTET_STRING *)\
-		ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
-#define M_ASN1_OCTET_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
-		ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
-		(const ASN1_STRING *)a,(const ASN1_STRING *)b)
-#define M_ASN1_OCTET_STRING_set(a,b,c)	ASN1_STRING_set((ASN1_STRING *)a,b,c)
-#define M_ASN1_OCTET_STRING_print(a,b)	ASN1_STRING_print(a,(ASN1_STRING *)b)
-#define M_i2d_ASN1_OCTET_STRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
-		V_ASN1_UNIVERSAL)
-
-#define B_ASN1_TIME \
-			B_ASN1_UTCTIME | \
-			B_ASN1_GENERALIZEDTIME
-
-#define B_ASN1_PRINTABLE \
-			B_ASN1_NUMERICSTRING| \
-			B_ASN1_PRINTABLESTRING| \
-			B_ASN1_T61STRING| \
-			B_ASN1_IA5STRING| \
-			B_ASN1_BIT_STRING| \
-			B_ASN1_UNIVERSALSTRING|\
-			B_ASN1_BMPSTRING|\
-			B_ASN1_UTF8STRING|\
-			B_ASN1_SEQUENCE|\
-			B_ASN1_UNKNOWN
-
-#define B_ASN1_DIRECTORYSTRING \
-			B_ASN1_PRINTABLESTRING| \
-			B_ASN1_TELETEXSTRING|\
-			B_ASN1_BMPSTRING|\
-			B_ASN1_UNIVERSALSTRING|\
-			B_ASN1_UTF8STRING
-
-#define B_ASN1_DISPLAYTEXT \
-			B_ASN1_IA5STRING| \
-			B_ASN1_VISIBLESTRING| \
-			B_ASN1_BMPSTRING|\
-			B_ASN1_UTF8STRING
-
-#define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-		pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_PRINTABLE)
-
-#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-#define M_DIRECTORYSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-						pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_DIRECTORYSTRING(a,pp,l) \
-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_DIRECTORYSTRING)
-
-#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-						pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_DISPLAYTEXT(a,pp,l) \
-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
-			B_ASN1_DISPLAYTEXT)
-
-#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
-		ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-#define M_ASN1_PRINTABLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
-		V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
-		(ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
-
-#define M_ASN1_T61STRING_new()	(ASN1_T61STRING *)\
-		ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_T61STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_T61STRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
-		V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_T61STRING(a,pp,l) \
-		(ASN1_T61STRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
-
-#define M_ASN1_IA5STRING_new()	(ASN1_IA5STRING *)\
-		ASN1_STRING_type_new(V_ASN1_IA5STRING)
-#define M_ASN1_IA5STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_IA5STRING_dup(a)	\
-		(ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a)
-#define M_i2d_ASN1_IA5STRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
-			V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_IA5STRING(a,pp,l) \
-		(ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
-			B_ASN1_IA5STRING)
-
-#define M_ASN1_UTCTIME_new()	(ASN1_UTCTIME *)\
-		ASN1_STRING_type_new(V_ASN1_UTCTIME)
-#define M_ASN1_UTCTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\
-		ASN1_STRING_dup((const ASN1_STRING *)a)
-
-#define M_ASN1_GENERALIZEDTIME_new()	(ASN1_GENERALIZEDTIME *)\
-		ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
-#define M_ASN1_GENERALIZEDTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
-	(const ASN1_STRING *)a)
-
-#define M_ASN1_TIME_new()	(ASN1_TIME *)\
-		ASN1_STRING_type_new(V_ASN1_UTCTIME)
-#define M_ASN1_TIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)\
-	ASN1_STRING_dup((const ASN1_STRING *)a)
-
-#define M_ASN1_GENERALSTRING_new()	(ASN1_GENERALSTRING *)\
-		ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
-#define M_ASN1_GENERALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_GENERALSTRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
-			V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
-		(ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
-
-#define M_ASN1_UNIVERSALSTRING_new()	(ASN1_UNIVERSALSTRING *)\
-		ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
-#define M_ASN1_UNIVERSALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
-			V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
-		(ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
-
-#define M_ASN1_BMPSTRING_new()	(ASN1_BMPSTRING *)\
-		ASN1_STRING_type_new(V_ASN1_BMPSTRING)
-#define M_ASN1_BMPSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_BMPSTRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
-			V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_BMPSTRING(a,pp,l) \
-		(ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
-
-#define M_ASN1_VISIBLESTRING_new()	(ASN1_VISIBLESTRING *)\
-		ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-#define M_ASN1_VISIBLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_VISIBLESTRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
-			V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
-		(ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
-
-#define M_ASN1_UTF8STRING_new()	(ASN1_UTF8STRING *)\
-		ASN1_STRING_type_new(V_ASN1_UTF8STRING)
-#define M_ASN1_UTF8STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_UTF8STRING(a,pp) \
-		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
-			V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
-		(ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
-		((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
-
-  /* for the is_set parameter to i2d_ASN1_SET */
-#define IS_SEQUENCE	0
-#define IS_SET		1
-
-DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
-
-int ASN1_TYPE_get(ASN1_TYPE *a);
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
-int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
-int            ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
-
-ASN1_OBJECT *	ASN1_OBJECT_new(void );
-void		ASN1_OBJECT_free(ASN1_OBJECT *a);
-int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
-ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
-			long length);
-ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
-			long length);
-
-DECLARE_ASN1_ITEM(ASN1_OBJECT)
-
-DECLARE_STACK_OF(ASN1_OBJECT)
-DECLARE_ASN1_SET_OF(ASN1_OBJECT)
-
-ASN1_STRING *	ASN1_STRING_new(void);
-void		ASN1_STRING_free(ASN1_STRING *a);
-int		ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
-ASN1_STRING *	ASN1_STRING_dup(const ASN1_STRING *a);
-ASN1_STRING *	ASN1_STRING_type_new(int type );
-int 		ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
-  /* Since this is used to store all sorts of things, via macros, for now, make
-     its data void * */
-int 		ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
-void		ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
-int ASN1_STRING_length(const ASN1_STRING *x);
-void ASN1_STRING_length_set(ASN1_STRING *x, int n);
-int ASN1_STRING_type(ASN1_STRING *x);
-unsigned char * ASN1_STRING_data(ASN1_STRING *x);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-int		i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp,
-			long length);
-int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
-			int length );
-int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
-int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
-int            ASN1_BIT_STRING_check(ASN1_BIT_STRING *a,
-                                     unsigned char *flags, int flags_len);
-
-#ifndef OPENSSL_NO_BIO
-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
-				BIT_STRING_BITNAME *tbl, int indent);
-#endif
-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
-				BIT_STRING_BITNAME *tbl);
-
-int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
-int 		d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
-int		i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,
-			long length);
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp,
-			long length);
-ASN1_INTEGER *	ASN1_INTEGER_dup(const ASN1_INTEGER *x);
-int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
-
-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
-ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
-ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
-				int offset_day, long offset_sec);
-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
-int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
-#if 0
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
-#endif
-
-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
-	     time_t t, int offset_day, long offset_sec);
-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-ASN1_OCTET_STRING *	ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
-int 	ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b);
-int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
-DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
-
-int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
-int UTF8_putc(unsigned char *str, int len, unsigned long value);
-
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
-
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
-DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
-
-DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
-
-ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
-ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t,
-				int offset_day, long offset_sec);
-int ASN1_TIME_check(ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
-int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
-
-int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp,
-		 i2d_of_void *i2d, int ex_tag, int ex_class,
-		 int is_set);
-STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
-			      const unsigned char **pp,
-			      long length, d2i_of_void *d2i,
-			      void (*free_func)(OPENSSL_BLOCK), int ex_tag,
-			      int ex_class);
-
-#ifndef OPENSSL_NO_BIO
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
-int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
-int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);
-int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
-int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
-#endif
-int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
-
-int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
-	const char *sn, const char *ln);
-
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
-long ASN1_INTEGER_get(const ASN1_INTEGER *a);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
-BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai,BIGNUM *bn);
-
-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
-
-/* General */
-/* given a string, return the correct type, max is the maximum length */
-int ASN1_PRINTABLE_type(const unsigned char *s, int max);
-
-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
-	long length, int Ptag, int Pclass);
-unsigned long ASN1_tag2bit(int tag);
-/* type is one or more of the B_ASN1_ values. */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp,
-		long length,int type);
-
-/* PARSING */
-int asn1_Finish(ASN1_CTX *c);
-int asn1_const_Finish(ASN1_const_CTX *c);
-
-/* SPECIALS */
-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
-	int *pclass, long omax);
-int ASN1_check_infinite_end(unsigned char **p,long len);
-int ASN1_const_check_infinite_end(const unsigned char **p,long len);
-void ASN1_put_object(unsigned char **pp, int constructed, int length,
-	int tag, int xclass);
-int ASN1_put_eoc(unsigned char **pp);
-int ASN1_object_size(int constructed, int length, int tag);
-
-/* Used to implement other functions */
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
-
-#define ASN1_dup_of(type,i2d,d2i,x) \
-    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
-		     CHECKED_D2I_OF(type, d2i), \
-		     CHECKED_PTR_OF(type, x)))
-
-#define ASN1_dup_of_const(type,i2d,d2i,x) \
-    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
-		     CHECKED_D2I_OF(type, d2i), \
-		     CHECKED_PTR_OF(const type, x)))
-
-void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
-
-/* ASN1 alloc/free macros for when a type is only used internally */
-
-#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
-#define M_ASN1_free_of(x, type) \
-		ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
-
-#ifndef OPENSSL_NO_FP_API
-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
-
-#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
-    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
-			CHECKED_D2I_OF(type, d2i), \
-			in, \
-			CHECKED_PPTR_OF(type, x)))
-
-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
-int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x);
-
-#define ASN1_i2d_fp_of(type,i2d,out,x) \
-    (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
-		 out, \
-		 CHECKED_PTR_OF(type, x)))
-
-#define ASN1_i2d_fp_of_const(type,i2d,out,x) \
-    (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
-		 out, \
-		 CHECKED_PTR_OF(const type, x)))
-
-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
-#endif
-
-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
-
-#ifndef OPENSSL_NO_BIO
-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);
-
-#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
-    ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
-			  CHECKED_D2I_OF(type, d2i), \
-			  in, \
-			  CHECKED_PPTR_OF(type, x)))
-
-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
-int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
-
-#define ASN1_i2d_bio_of(type,i2d,out,x) \
-    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
-		  out, \
-		  CHECKED_PTR_OF(type, x)))
-
-#define ASN1_i2d_bio_of_const(type,i2d,out,x) \
-    (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
-		  out, \
-		  CHECKED_PTR_OF(const type, x)))
-
-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
-int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
-int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
-int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
-int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
-int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
-				unsigned char *buf, int off);
-int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);
-int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);
-#endif
-const char *ASN1_tag2str(int tag);
-
-/* Used to load and write netscape format cert */
-
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509)
-
-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
-
-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
-	unsigned char *data, int len);
-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,
-	unsigned char *data, int max_len);
-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
-	unsigned char *data, int len);
-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
-	unsigned char *data, int max_len);
-
-STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len,
-				 d2i_of_void *d2i, void (*free_func)(OPENSSL_BLOCK));
-unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d,
-			     unsigned char **buf, int *len );
-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
-			      ASN1_OCTET_STRING **oct);
-
-#define ASN1_pack_string_of(type,obj,i2d,oct) \
-    (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \
-		      CHECKED_I2D_OF(type, i2d), \
-		      oct))
-
-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
-
-void ASN1_STRING_set_default_mask(unsigned long mask);
-int ASN1_STRING_set_default_mask_asc(const char *p);
-unsigned long ASN1_STRING_get_default_mask(void);
-int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
-					int inform, unsigned long mask);
-int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
-					int inform, unsigned long mask, 
-					long minsize, long maxsize);
-
-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, 
-		const unsigned char *in, int inlen, int inform, int nid);
-ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
-int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
-void ASN1_STRING_TABLE_cleanup(void);
-
-/* ASN1 template functions */
-
-/* Old API compatible functions */
-ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
-void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
-ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it);
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-
-void ASN1_add_oid_module(void);
-
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-
-/* ASN1 Print flags */
-
-/* Indicate missing OPTIONAL fields */
-#define ASN1_PCTX_FLAGS_SHOW_ABSENT		0x001	
-/* Mark start and end of SEQUENCE */
-#define ASN1_PCTX_FLAGS_SHOW_SEQUENCE		0x002
-/* Mark start and end of SEQUENCE/SET OF */
-#define ASN1_PCTX_FLAGS_SHOW_SSOF		0x004
-/* Show the ASN1 type of primitives */
-#define ASN1_PCTX_FLAGS_SHOW_TYPE		0x008
-/* Don't show ASN1 type of ANY */
-#define ASN1_PCTX_FLAGS_NO_ANY_TYPE		0x010
-/* Don't show ASN1 type of MSTRINGs */
-#define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE		0x020
-/* Don't show field names in SEQUENCE */
-#define ASN1_PCTX_FLAGS_NO_FIELD_NAME		0x040
-/* Show structure names of each SEQUENCE field */
-#define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME	0x080
-/* Don't show structure name even at top level */
-#define ASN1_PCTX_FLAGS_NO_STRUCT_NAME		0x100
-
-int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
-				const ASN1_ITEM *it, const ASN1_PCTX *pctx);
-ASN1_PCTX *ASN1_PCTX_new(void);
-void ASN1_PCTX_free(ASN1_PCTX *p);
-unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
-unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p);
-void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
-
-BIO_METHOD *BIO_f_asn1(void);
-
-BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
-
-int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-				const ASN1_ITEM *it);
-int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-				const char *hdr,
-				const ASN1_ITEM *it);
-int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
-				int ctype_nid, int econt_nid,
-				STACK_OF(X509_ALGOR) *mdalgs,
-				const ASN1_ITEM *it);
-ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
-int SMIME_text(BIO *in, BIO *out);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ASN1_strings(void);
-
-/* Error codes for the ASN1 functions. */
-
-/* Function codes. */
-#define ASN1_F_A2D_ASN1_OBJECT				 100
-#define ASN1_F_A2I_ASN1_ENUMERATED			 101
-#define ASN1_F_A2I_ASN1_INTEGER				 102
-#define ASN1_F_A2I_ASN1_STRING				 103
-#define ASN1_F_APPEND_EXP				 176
-#define ASN1_F_ASN1_BIT_STRING_SET_BIT			 183
-#define ASN1_F_ASN1_CB					 177
-#define ASN1_F_ASN1_CHECK_TLEN				 104
-#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 105
-#define ASN1_F_ASN1_COLLECT				 106
-#define ASN1_F_ASN1_D2I_EX_PRIMITIVE			 108
-#define ASN1_F_ASN1_D2I_FP				 109
-#define ASN1_F_ASN1_D2I_READ_BIO			 107
-#define ASN1_F_ASN1_DIGEST				 184
-#define ASN1_F_ASN1_DO_ADB				 110
-#define ASN1_F_ASN1_DUP					 111
-#define ASN1_F_ASN1_ENUMERATED_SET			 112
-#define ASN1_F_ASN1_ENUMERATED_TO_BN			 113
-#define ASN1_F_ASN1_EX_C2I				 204
-#define ASN1_F_ASN1_FIND_END				 190
-#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ			 216
-#define ASN1_F_ASN1_GENERALIZEDTIME_SET			 185
-#define ASN1_F_ASN1_GENERATE_V3				 178
-#define ASN1_F_ASN1_GET_OBJECT				 114
-#define ASN1_F_ASN1_HEADER_NEW				 115
-#define ASN1_F_ASN1_I2D_BIO				 116
-#define ASN1_F_ASN1_I2D_FP				 117
-#define ASN1_F_ASN1_INTEGER_SET				 118
-#define ASN1_F_ASN1_INTEGER_TO_BN			 119
-#define ASN1_F_ASN1_ITEM_D2I_FP				 206
-#define ASN1_F_ASN1_ITEM_DUP				 191
-#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW			 121
-#define ASN1_F_ASN1_ITEM_EX_D2I				 120
-#define ASN1_F_ASN1_ITEM_I2D_BIO			 192
-#define ASN1_F_ASN1_ITEM_I2D_FP				 193
-#define ASN1_F_ASN1_ITEM_PACK				 198
-#define ASN1_F_ASN1_ITEM_SIGN				 195
-#define ASN1_F_ASN1_ITEM_SIGN_CTX			 220
-#define ASN1_F_ASN1_ITEM_UNPACK				 199
-#define ASN1_F_ASN1_ITEM_VERIFY				 197
-#define ASN1_F_ASN1_MBSTRING_NCOPY			 122
-#define ASN1_F_ASN1_OBJECT_NEW				 123
-#define ASN1_F_ASN1_OUTPUT_DATA				 214
-#define ASN1_F_ASN1_PACK_STRING				 124
-#define ASN1_F_ASN1_PCTX_NEW				 205
-#define ASN1_F_ASN1_PKCS5_PBE_SET			 125
-#define ASN1_F_ASN1_SEQ_PACK				 126
-#define ASN1_F_ASN1_SEQ_UNPACK				 127
-#define ASN1_F_ASN1_SIGN				 128
-#define ASN1_F_ASN1_STR2TYPE				 179
-#define ASN1_F_ASN1_STRING_SET				 186
-#define ASN1_F_ASN1_STRING_TABLE_ADD			 129
-#define ASN1_F_ASN1_STRING_TYPE_NEW			 130
-#define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
-#define ASN1_F_ASN1_TEMPLATE_NEW			 133
-#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I			 131
-#define ASN1_F_ASN1_TIME_ADJ				 217
-#define ASN1_F_ASN1_TIME_SET				 175
-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
-#define ASN1_F_ASN1_UNPACK_STRING			 136
-#define ASN1_F_ASN1_UTCTIME_ADJ				 218
-#define ASN1_F_ASN1_UTCTIME_SET				 187
-#define ASN1_F_ASN1_VERIFY				 137
-#define ASN1_F_B64_READ_ASN1				 209
-#define ASN1_F_B64_WRITE_ASN1				 210
-#define ASN1_F_BIO_NEW_NDEF				 208
-#define ASN1_F_BITSTR_CB				 180
-#define ASN1_F_BN_TO_ASN1_ENUMERATED			 138
-#define ASN1_F_BN_TO_ASN1_INTEGER			 139
-#define ASN1_F_C2I_ASN1_BIT_STRING			 189
-#define ASN1_F_C2I_ASN1_INTEGER				 194
-#define ASN1_F_C2I_ASN1_OBJECT				 196
-#define ASN1_F_COLLECT_DATA				 140
-#define ASN1_F_D2I_ASN1_BIT_STRING			 141
-#define ASN1_F_D2I_ASN1_BOOLEAN				 142
-#define ASN1_F_D2I_ASN1_BYTES				 143
-#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 144
-#define ASN1_F_D2I_ASN1_HEADER				 145
-#define ASN1_F_D2I_ASN1_INTEGER				 146
-#define ASN1_F_D2I_ASN1_OBJECT				 147
-#define ASN1_F_D2I_ASN1_SET				 148
-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 149
-#define ASN1_F_D2I_ASN1_UINTEGER			 150
-#define ASN1_F_D2I_ASN1_UTCTIME				 151
-#define ASN1_F_D2I_AUTOPRIVATEKEY			 207
-#define ASN1_F_D2I_NETSCAPE_RSA				 152
-#define ASN1_F_D2I_NETSCAPE_RSA_2			 153
-#define ASN1_F_D2I_PRIVATEKEY				 154
-#define ASN1_F_D2I_PUBLICKEY				 155
-#define ASN1_F_D2I_RSA_NET				 200
-#define ASN1_F_D2I_RSA_NET_2				 201
-#define ASN1_F_D2I_X509					 156
-#define ASN1_F_D2I_X509_CINF				 157
-#define ASN1_F_D2I_X509_PKEY				 159
-#define ASN1_F_I2D_ASN1_BIO_STREAM			 211
-#define ASN1_F_I2D_ASN1_SET				 188
-#define ASN1_F_I2D_ASN1_TIME				 160
-#define ASN1_F_I2D_DSA_PUBKEY				 161
-#define ASN1_F_I2D_EC_PUBKEY				 181
-#define ASN1_F_I2D_PRIVATEKEY				 163
-#define ASN1_F_I2D_PUBLICKEY				 164
-#define ASN1_F_I2D_RSA_NET				 162
-#define ASN1_F_I2D_RSA_PUBKEY				 165
-#define ASN1_F_LONG_C2I					 166
-#define ASN1_F_OID_MODULE_INIT				 174
-#define ASN1_F_PARSE_TAGGING				 182
-#define ASN1_F_PKCS5_PBE2_SET_IV			 167
-#define ASN1_F_PKCS5_PBE_SET				 202
-#define ASN1_F_PKCS5_PBE_SET0_ALGOR			 215
-#define ASN1_F_PKCS5_PBKDF2_SET				 219
-#define ASN1_F_SMIME_READ_ASN1				 212
-#define ASN1_F_SMIME_TEXT				 213
-#define ASN1_F_X509_CINF_NEW				 168
-#define ASN1_F_X509_CRL_ADD0_REVOKED			 169
-#define ASN1_F_X509_INFO_NEW				 170
-#define ASN1_F_X509_NAME_ENCODE				 203
-#define ASN1_F_X509_NAME_EX_D2I				 158
-#define ASN1_F_X509_NAME_EX_NEW				 171
-#define ASN1_F_X509_NEW					 172
-#define ASN1_F_X509_PKEY_NEW				 173
-
-/* Reason codes. */
-#define ASN1_R_ADDING_OBJECT				 171
-#define ASN1_R_ASN1_PARSE_ERROR				 203
-#define ASN1_R_ASN1_SIG_PARSE_ERROR			 204
-#define ASN1_R_AUX_ERROR				 100
-#define ASN1_R_BAD_CLASS				 101
-#define ASN1_R_BAD_OBJECT_HEADER			 102
-#define ASN1_R_BAD_PASSWORD_READ			 103
-#define ASN1_R_BAD_TAG					 104
-#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 214
-#define ASN1_R_BN_LIB					 105
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
-#define ASN1_R_BUFFER_TOO_SMALL				 107
-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 108
-#define ASN1_R_CONTEXT_NOT_INITIALISED			 217
-#define ASN1_R_DATA_IS_WRONG				 109
-#define ASN1_R_DECODE_ERROR				 110
-#define ASN1_R_DECODING_ERROR				 111
-#define ASN1_R_DEPTH_EXCEEDED				 174
-#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED	 198
-#define ASN1_R_ENCODE_ERROR				 112
-#define ASN1_R_ERROR_GETTING_TIME			 173
-#define ASN1_R_ERROR_LOADING_SECTION			 172
-#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113
-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114
-#define ASN1_R_EXPECTING_AN_INTEGER			 115
-#define ASN1_R_EXPECTING_AN_OBJECT			 116
-#define ASN1_R_EXPECTING_A_BOOLEAN			 117
-#define ASN1_R_EXPECTING_A_TIME				 118
-#define ASN1_R_EXPLICIT_LENGTH_MISMATCH			 119
-#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED		 120
-#define ASN1_R_FIELD_MISSING				 121
-#define ASN1_R_FIRST_NUM_TOO_LARGE			 122
-#define ASN1_R_HEADER_TOO_LONG				 123
-#define ASN1_R_ILLEGAL_BITSTRING_FORMAT			 175
-#define ASN1_R_ILLEGAL_BOOLEAN				 176
-#define ASN1_R_ILLEGAL_CHARACTERS			 124
-#define ASN1_R_ILLEGAL_FORMAT				 177
-#define ASN1_R_ILLEGAL_HEX				 178
-#define ASN1_R_ILLEGAL_IMPLICIT_TAG			 179
-#define ASN1_R_ILLEGAL_INTEGER				 180
-#define ASN1_R_ILLEGAL_NESTED_TAGGING			 181
-#define ASN1_R_ILLEGAL_NULL				 125
-#define ASN1_R_ILLEGAL_NULL_VALUE			 182
-#define ASN1_R_ILLEGAL_OBJECT				 183
-#define ASN1_R_ILLEGAL_OPTIONAL_ANY			 126
-#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE		 170
-#define ASN1_R_ILLEGAL_TAGGED_ANY			 127
-#define ASN1_R_ILLEGAL_TIME_VALUE			 184
-#define ASN1_R_INTEGER_NOT_ASCII_FORMAT			 185
-#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
-#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT		 220
-#define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
-#define ASN1_R_INVALID_DIGIT				 130
-#define ASN1_R_INVALID_MIME_TYPE			 205
-#define ASN1_R_INVALID_MODIFIER				 186
-#define ASN1_R_INVALID_NUMBER				 187
-#define ASN1_R_INVALID_OBJECT_ENCODING			 216
-#define ASN1_R_INVALID_SEPARATOR			 131
-#define ASN1_R_INVALID_TIME_FORMAT			 132
-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133
-#define ASN1_R_INVALID_UTF8STRING			 134
-#define ASN1_R_IV_TOO_LARGE				 135
-#define ASN1_R_LENGTH_ERROR				 136
-#define ASN1_R_LIST_ERROR				 188
-#define ASN1_R_MIME_NO_CONTENT_TYPE			 206
-#define ASN1_R_MIME_PARSE_ERROR				 207
-#define ASN1_R_MIME_SIG_PARSE_ERROR			 208
-#define ASN1_R_MISSING_EOC				 137
-#define ASN1_R_MISSING_SECOND_NUMBER			 138
-#define ASN1_R_MISSING_VALUE				 189
-#define ASN1_R_MSTRING_NOT_UNIVERSAL			 139
-#define ASN1_R_MSTRING_WRONG_TAG			 140
-#define ASN1_R_NESTED_ASN1_STRING			 197
-#define ASN1_R_NON_HEX_CHARACTERS			 141
-#define ASN1_R_NOT_ASCII_FORMAT				 190
-#define ASN1_R_NOT_ENOUGH_DATA				 142
-#define ASN1_R_NO_CONTENT_TYPE				 209
-#define ASN1_R_NO_DEFAULT_DIGEST			 201
-#define ASN1_R_NO_MATCHING_CHOICE_TYPE			 143
-#define ASN1_R_NO_MULTIPART_BODY_FAILURE		 210
-#define ASN1_R_NO_MULTIPART_BOUNDARY			 211
-#define ASN1_R_NO_SIG_CONTENT_TYPE			 212
-#define ASN1_R_NULL_IS_WRONG_LENGTH			 144
-#define ASN1_R_OBJECT_NOT_ASCII_FORMAT			 191
-#define ASN1_R_ODD_NUMBER_OF_CHARS			 145
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 146
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 147
-#define ASN1_R_SEQUENCE_LENGTH_MISMATCH			 148
-#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED			 149
-#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG		 192
-#define ASN1_R_SHORT_LINE				 150
-#define ASN1_R_SIG_INVALID_MIME_TYPE			 213
-#define ASN1_R_STREAMING_NOT_SUPPORTED			 202
-#define ASN1_R_STRING_TOO_LONG				 151
-#define ASN1_R_STRING_TOO_SHORT				 152
-#define ASN1_R_TAG_VALUE_TOO_HIGH			 153
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
-#define ASN1_R_TIME_NOT_ASCII_FORMAT			 193
-#define ASN1_R_TOO_LONG					 155
-#define ASN1_R_TYPE_NOT_CONSTRUCTED			 156
-#define ASN1_R_TYPE_NOT_PRIMITIVE			 218
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
-#define ASN1_R_UNEXPECTED_EOC				 159
-#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 215
-#define ASN1_R_UNKNOWN_FORMAT				 160
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 163
-#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM		 199
-#define ASN1_R_UNKNOWN_TAG				 194
-#define ASN1_R_UNKOWN_FORMAT				 195
-#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE		 164
-#define ASN1_R_UNSUPPORTED_CIPHER			 165
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167
-#define ASN1_R_UNSUPPORTED_TYPE				 196
-#define ASN1_R_WRONG_PUBLIC_KEY_TYPE			 200
-#define ASN1_R_WRONG_TAG				 168
-#define ASN1_R_WRONG_TYPE				 169
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/asn1_mac.h b/include/openssl/asn1_mac.h
deleted file mode 100644
index 87bd0e9e1d..0000000000
--- a/include/openssl/asn1_mac.h
+++ /dev/null
@@ -1,578 +0,0 @@
-/* crypto/asn1/asn1_mac.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ASN1_MAC_H
-#define HEADER_ASN1_MAC_H
-
-#include <openssl/asn1.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifndef ASN1_MAC_ERR_LIB
-#define ASN1_MAC_ERR_LIB	ERR_LIB_ASN1
-#endif 
-
-#define ASN1_MAC_H_err(f,r,line) \
-	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
-
-#define M_ASN1_D2I_vars(a,type,func) \
-	ASN1_const_CTX c; \
-	type ret=NULL; \
-	\
-	c.pp=(const unsigned char **)pp; \
-	c.q= *(const unsigned char **)pp; \
-	c.error=ERR_R_NESTED_ASN1_ERROR; \
-	if ((a == NULL) || ((*a) == NULL)) \
-		{ if ((ret=(type)func()) == NULL) \
-			{ c.line=__LINE__; goto err; } } \
-	else	ret=(*a);
-
-#define M_ASN1_D2I_Init() \
-	c.p= *(const unsigned char **)pp; \
-	c.max=(length == 0)?0:(c.p+length);
-
-#define M_ASN1_D2I_Finish_2(a) \
-	if (!asn1_const_Finish(&c)) \
-		{ c.line=__LINE__; goto err; } \
-	*(const unsigned char **)pp=c.p; \
-	if (a != NULL) (*a)=ret; \
-	return(ret);
-
-#define M_ASN1_D2I_Finish(a,func,e) \
-	M_ASN1_D2I_Finish_2(a); \
-err:\
-	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
-	return(NULL)
-
-#define M_ASN1_D2I_start_sequence() \
-	if (!asn1_GetSequence(&c,&length)) \
-		{ c.line=__LINE__; goto err; }
-/* Begin reading ASN1 without a surrounding sequence */
-#define M_ASN1_D2I_begin() \
-	c.slen = length;
-
-/* End reading ASN1 with no check on length */
-#define M_ASN1_D2I_Finish_nolen(a, func, e) \
-	*pp=c.p; \
-	if (a != NULL) (*a)=ret; \
-	return(ret); \
-err:\
-	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*pp,(int)(c.q- *pp)); \
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
-	return(NULL)
-
-#define M_ASN1_D2I_end_sequence() \
-	(((c.inf&1) == 0)?(c.slen <= 0): \
-		(c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get(b, func) \
-	c.q=c.p; \
-	if (func(&(b),&c.p,c.slen) == NULL) \
-		{c.line=__LINE__; goto err; } \
-	c.slen-=(c.p-c.q);
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get_x(type,b,func) \
-	c.q=c.p; \
-	if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
-		{c.line=__LINE__; goto err; } \
-	c.slen-=(c.p-c.q);
-
-/* use this instead () */
-#define M_ASN1_D2I_get_int(b,func) \
-	c.q=c.p; \
-	if (func(&(b),&c.p,c.slen) < 0) \
-		{c.line=__LINE__; goto err; } \
-	c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_opt(b,func,type) \
-	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
-		== (V_ASN1_UNIVERSAL|(type)))) \
-		{ \
-		M_ASN1_D2I_get(b,func); \
-		}
-
-#define M_ASN1_D2I_get_int_opt(b,func,type) \
-	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
-		== (V_ASN1_UNIVERSAL|(type)))) \
-		{ \
-		M_ASN1_D2I_get_int(b,func); \
-		}
-
-#define M_ASN1_D2I_get_imp(b,func, type) \
-	M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
-	c.q=c.p; \
-	if (func(&(b),&c.p,c.slen) == NULL) \
-		{c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
-	c.slen-=(c.p-c.q);\
-	M_ASN1_next_prev=_tmp;
-
-#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
-	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
-		(V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
-		{ \
-		unsigned char _tmp = M_ASN1_next; \
-		M_ASN1_D2I_get_imp(b,func, type);\
-		}
-
-#define M_ASN1_D2I_get_set(r,func,free_func) \
-		M_ASN1_D2I_get_imp_set(r,func,free_func, \
-			V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
-		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
-			V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_set_opt(r,func,free_func) \
-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
-		{ M_ASN1_D2I_get_set(r,func,free_func); }
-
-#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
-		{ M_ASN1_D2I_get_set_type(type,r,func,free_func); }
-
-#define M_ASN1_I2D_len_SET_opt(a,f) \
-	if ((a != NULL) && (sk_num(a) != 0)) \
-		M_ASN1_I2D_len_SET(a,f);
-
-#define M_ASN1_I2D_put_SET_opt(a,f) \
-	if ((a != NULL) && (sk_num(a) != 0)) \
-		M_ASN1_I2D_put_SET(a,f);
-
-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
-	if ((a != NULL) && (sk_num(a) != 0)) \
-		M_ASN1_I2D_put_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
-	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
-
-#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
-	if ((c.slen != 0) && \
-		(M_ASN1_next == \
-		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
-		{ \
-		M_ASN1_D2I_get_imp_set(b,func,free_func,\
-			tag,V_ASN1_CONTEXT_SPECIFIC); \
-		}
-
-#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
-	if ((c.slen != 0) && \
-		(M_ASN1_next == \
-		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
-		{ \
-		M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
-			tag,V_ASN1_CONTEXT_SPECIFIC); \
-		}
-
-#define M_ASN1_D2I_get_seq(r,func,free_func) \
-		M_ASN1_D2I_get_imp_set(r,func,free_func,\
-			V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
-		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
-					    V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
-		{ M_ASN1_D2I_get_seq(r,func,free_func); }
-
-#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
-	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
-		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
-		{ M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
-
-#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
-		M_ASN1_D2I_get_imp_set(r,func,free_func,\
-			x,V_ASN1_CONTEXT_SPECIFIC);
-
-#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
-		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
-			x,V_ASN1_CONTEXT_SPECIFIC);
-
-#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
-	c.q=c.p; \
-	if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
-		(void (*)())free_func,a,b) == NULL) \
-		{ c.line=__LINE__; goto err; } \
-	c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
-	c.q=c.p; \
-	if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
-				   free_func,a,b) == NULL) \
-		{ c.line=__LINE__; goto err; } \
-	c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_set_strings(r,func,a,b) \
-	c.q=c.p; \
-	if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
-		{ c.line=__LINE__; goto err; } \
-	c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
-	if ((c.slen != 0L) && (M_ASN1_next == \
-		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
-		{ \
-		int Tinf,Ttag,Tclass; \
-		long Tlen; \
-		\
-		c.q=c.p; \
-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
-		if (Tinf & 0x80) \
-			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-			c.line=__LINE__; goto err; } \
-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
-					Tlen = c.slen - (c.p - c.q) - 2; \
-		if (func(&(r),&c.p,Tlen) == NULL) \
-			{ c.line=__LINE__; goto err; } \
-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
-			Tlen = c.slen - (c.p - c.q); \
-			if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
-				{ c.error=ERR_R_MISSING_ASN1_EOS; \
-				c.line=__LINE__; goto err; } \
-		}\
-		c.slen-=(c.p-c.q); \
-		}
-
-#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \
-	if ((c.slen != 0) && (M_ASN1_next == \
-		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
-		{ \
-		int Tinf,Ttag,Tclass; \
-		long Tlen; \
-		\
-		c.q=c.p; \
-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
-		if (Tinf & 0x80) \
-			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-			c.line=__LINE__; goto err; } \
-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
-					Tlen = c.slen - (c.p - c.q) - 2; \
-		if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
-			(void (*)())free_func, \
-			b,V_ASN1_UNIVERSAL) == NULL) \
-			{ c.line=__LINE__; goto err; } \
-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
-			Tlen = c.slen - (c.p - c.q); \
-			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
-				{ c.error=ERR_R_MISSING_ASN1_EOS; \
-				c.line=__LINE__; goto err; } \
-		}\
-		c.slen-=(c.p-c.q); \
-		}
-
-#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
-	if ((c.slen != 0) && (M_ASN1_next == \
-		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
-		{ \
-		int Tinf,Ttag,Tclass; \
-		long Tlen; \
-		\
-		c.q=c.p; \
-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
-		if (Tinf & 0x80) \
-			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-			c.line=__LINE__; goto err; } \
-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
-					Tlen = c.slen - (c.p - c.q) - 2; \
-		if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
-			free_func,b,V_ASN1_UNIVERSAL) == NULL) \
-			{ c.line=__LINE__; goto err; } \
-		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
-			Tlen = c.slen - (c.p - c.q); \
-			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
-				{ c.error=ERR_R_MISSING_ASN1_EOS; \
-				c.line=__LINE__; goto err; } \
-		}\
-		c.slen-=(c.p-c.q); \
-		}
-
-/* New macros */
-#define M_ASN1_New_Malloc(ret,type) \
-	if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
-		{ c.line=__LINE__; goto err2; }
-
-#define M_ASN1_New(arg,func) \
-	if (((arg)=func()) == NULL) return(NULL)
-
-#define M_ASN1_New_Error(a) \
-/*	err:	ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
-		return(NULL);*/ \
-	err2:	ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
-		return(NULL)
-
-
-/* BIG UGLY WARNING!  This is so damn ugly I wanna puke.  Unfortunately,
-   some macros that use ASN1_const_CTX still insist on writing in the input
-   stream.  ARGH!  ARGH!  ARGH!  Let's get rid of this macro package.
-   Please?						-- Richard Levitte */
-#define M_ASN1_next		(*((unsigned char *)(c.p)))
-#define M_ASN1_next_prev	(*((unsigned char *)(c.q)))
-
-/*************************************************/
-
-#define M_ASN1_I2D_vars(a)	int r=0,ret=0; \
-				unsigned char *p; \
-				if (a == NULL) return(0)
-
-/* Length Macros */
-#define M_ASN1_I2D_len(a,f)	ret+=f(a,NULL)
-#define M_ASN1_I2D_len_IMP_opt(a,f)	if (a != NULL) M_ASN1_I2D_len(a,f)
-
-#define M_ASN1_I2D_len_SET(a,f) \
-		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-
-#define M_ASN1_I2D_len_SET_type(type,a,f) \
-		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
-					    V_ASN1_UNIVERSAL,IS_SET);
-
-#define M_ASN1_I2D_len_SEQUENCE(a,f) \
-		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
-				  IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
-		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
-					    V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			M_ASN1_I2D_len_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
-
-#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
-		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
-		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
-					    V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-					  IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
-					       V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
-		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-				  IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-					  IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
-						    V_ASN1_CONTEXT_SPECIFIC, \
-						    IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
-		if (a != NULL)\
-			{ \
-			v=f(a,NULL); \
-			ret+=ASN1_object_size(1,v,mtag); \
-			}
-
-#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
-		if ((a != NULL) && (sk_num(a) != 0))\
-			{ \
-			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
-			ret+=ASN1_object_size(1,v,mtag); \
-			}
-
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
-		if ((a != NULL) && (sk_num(a) != 0))\
-			{ \
-			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
-				       IS_SEQUENCE); \
-			ret+=ASN1_object_size(1,v,mtag); \
-			}
-
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0))\
-			{ \
-			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
-						 V_ASN1_UNIVERSAL, \
-						 IS_SEQUENCE); \
-			ret+=ASN1_object_size(1,v,mtag); \
-			}
-
-/* Put Macros */
-#define M_ASN1_I2D_put(a,f)	f(a,&p)
-
-#define M_ASN1_I2D_put_IMP_opt(a,f,t)	\
-		if (a != NULL) \
-			{ \
-			unsigned char *q=p; \
-			f(a,&p); \
-			*q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
-			}
-
-#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
-			V_ASN1_UNIVERSAL,IS_SET)
-#define M_ASN1_I2D_put_SET_type(type,a,f) \
-     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
-#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
-			V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
-     i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
-			V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
-					     V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
-     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
-			    IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			M_ASN1_I2D_put_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-				       IS_SET); }
-
-#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \
-						 V_ASN1_CONTEXT_SPECIFIC, \
-						 IS_SET); }
-
-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
-				       IS_SEQUENCE); }
-
-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \
-						 V_ASN1_CONTEXT_SPECIFIC, \
-						 IS_SEQUENCE); }
-
-#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
-		if (a != NULL) \
-			{ \
-			ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
-			f(a,&p); \
-			}
-
-#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			{ \
-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
-			}
-
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
-		if ((a != NULL) && (sk_num(a) != 0)) \
-			{ \
-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
-			}
-
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
-		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
-			{ \
-			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
-					       IS_SEQUENCE); \
-			}
-
-#define M_ASN1_I2D_seq_total() \
-		r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
-		if (pp == NULL) return(r); \
-		p= *pp; \
-		ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-#define M_ASN1_I2D_INF_seq_start(tag,ctx) \
-		*(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
-		*(p++)=0x80
-
-#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
-
-#define M_ASN1_I2D_finish()	*pp=p; \
-				return(r);
-
-int asn1_GetSequence(ASN1_const_CTX *c, long *length);
-void asn1_add_error(const unsigned char *address,int offset);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
deleted file mode 100644
index d230e4bf70..0000000000
--- a/include/openssl/asn1t.h
+++ /dev/null
@@ -1,960 +0,0 @@
-/* asn1t.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_ASN1T_H
-#define HEADER_ASN1T_H
-
-#include <stddef.h>
-#include <openssl/e_os2.h>
-#include <openssl/asn1.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-/* ASN1 template defines, structures and functions */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
-
-
-/* Macros for start and end of ASN1_ITEM definition */
-
-#define ASN1_ITEM_start(itname) \
-	OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
-
-#define ASN1_ITEM_end(itname) \
-		};
-
-#else
-
-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
-
-
-/* Macros for start and end of ASN1_ITEM definition */
-
-#define ASN1_ITEM_start(itname) \
-	const ASN1_ITEM * itname##_it(void) \
-	{ \
-		static const ASN1_ITEM local_it = { 
-
-#define ASN1_ITEM_end(itname) \
-		}; \
-	return &local_it; \
-	}
-
-#endif
-
-
-/* Macros to aid ASN1 template writing */
-
-#define ASN1_ITEM_TEMPLATE(tname) \
-	static const ASN1_TEMPLATE tname##_item_tt 
-
-#define ASN1_ITEM_TEMPLATE_END(tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_PRIMITIVE,\
-		-1,\
-		&tname##_item_tt,\
-		0,\
-		NULL,\
-		0,\
-		#tname \
-	ASN1_ITEM_end(tname)
-
-
-/* This is a ASN1 type which just embeds a template */
- 
-/* This pair helps declare a SEQUENCE. We can do:
- *
- * 	ASN1_SEQUENCE(stname) = {
- * 		... SEQUENCE components ...
- * 	} ASN1_SEQUENCE_END(stname)
- *
- * 	This will produce an ASN1_ITEM called stname_it
- *	for a structure called stname.
- *
- * 	If you want the same structure but a different
- *	name then use:
- *
- * 	ASN1_SEQUENCE(itname) = {
- * 		... SEQUENCE components ...
- * 	} ASN1_SEQUENCE_END_name(stname, itname)
- *
- *	This will create an item called itname_it using
- *	a structure called stname.
- */
-
-#define ASN1_SEQUENCE(tname) \
-	static const ASN1_TEMPLATE tname##_seq_tt[] 
-
-#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
-
-#define ASN1_SEQUENCE_END_name(stname, tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_SEQUENCE,\
-		V_ASN1_SEQUENCE,\
-		tname##_seq_tt,\
-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-		NULL,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-#define ASN1_NDEF_SEQUENCE(tname) \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
-	ASN1_SEQUENCE_cb(tname, cb)
-
-#define ASN1_SEQUENCE_cb(tname, cb) \
-	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_BROKEN_SEQUENCE(tname) \
-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_SEQUENCE_ref(tname, cb, lck) \
-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_SEQUENCE_enc(tname, enc, cb) \
-	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
-	ASN1_SEQUENCE(tname)
-
-#define ASN1_NDEF_SEQUENCE_END(tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_NDEF_SEQUENCE,\
-		V_ASN1_SEQUENCE,\
-		tname##_seq_tt,\
-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-		NULL,\
-		sizeof(tname),\
-		#tname \
-	ASN1_ITEM_end(tname)
-
-#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
-
-#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-
-#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-
-#define ASN1_SEQUENCE_END_ref(stname, tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_SEQUENCE,\
-		V_ASN1_SEQUENCE,\
-		tname##_seq_tt,\
-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-		&tname##_aux,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_NDEF_SEQUENCE,\
-		V_ASN1_SEQUENCE,\
-		tname##_seq_tt,\
-		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-		&tname##_aux,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-
-/* This pair helps declare a CHOICE type. We can do:
- *
- * 	ASN1_CHOICE(chname) = {
- * 		... CHOICE options ...
- * 	ASN1_CHOICE_END(chname)
- *
- * 	This will produce an ASN1_ITEM called chname_it
- *	for a structure called chname. The structure
- *	definition must look like this:
- *	typedef struct {
- *		int type;
- *		union {
- *			ASN1_SOMETHING *opt1;
- *			ASN1_SOMEOTHER *opt2;
- *		} value;
- *	} chname;
- *	
- *	the name of the selector must be 'type'.
- * 	to use an alternative selector name use the
- *      ASN1_CHOICE_END_selector() version.
- */
-
-#define ASN1_CHOICE(tname) \
-	static const ASN1_TEMPLATE tname##_ch_tt[] 
-
-#define ASN1_CHOICE_cb(tname, cb) \
-	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
-	ASN1_CHOICE(tname)
-
-#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
-
-#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
-
-#define ASN1_CHOICE_END_selector(stname, tname, selname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_CHOICE,\
-		offsetof(stname,selname) ,\
-		tname##_ch_tt,\
-		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
-		NULL,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-#define ASN1_CHOICE_END_cb(stname, tname, selname) \
-	;\
-	ASN1_ITEM_start(tname) \
-		ASN1_ITYPE_CHOICE,\
-		offsetof(stname,selname) ,\
-		tname##_ch_tt,\
-		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
-		&tname##_aux,\
-		sizeof(stname),\
-		#stname \
-	ASN1_ITEM_end(tname)
-
-/* This helps with the template wrapper form of ASN1_ITEM */
-
-#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
-	(flags), (tag), 0,\
-	#name, ASN1_ITEM_ref(type) }
-
-/* These help with SEQUENCE or CHOICE components */
-
-/* used to declare other types */
-
-#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
-	(flags), (tag), offsetof(stname, field),\
-	#field, ASN1_ITEM_ref(type) }
-
-/* used when the structure is combined with the parent */
-
-#define ASN1_EX_COMBINE(flags, tag, type) { \
-	(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
-
-/* implicit and explicit helper macros */
-
-#define ASN1_IMP_EX(stname, field, type, tag, ex) \
-		ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
-
-#define ASN1_EXP_EX(stname, field, type, tag, ex) \
-		ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
-
-/* Any defined by macros: the field used is in the table itself */
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
-#else
-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
-#endif
-/* Plain simple type */
-#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
-
-/* OPTIONAL simple type */
-#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* IMPLICIT tagged simple type */
-#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
-
-/* IMPLICIT tagged OPTIONAL simple type */
-#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
-
-/* Same as above but EXPLICIT */
-
-#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
-#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
-
-/* SEQUENCE OF type */
-#define ASN1_SEQUENCE_OF(stname, field, type) \
-		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
-
-/* OPTIONAL SEQUENCE OF */
-#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
-		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* Same as above but for SET OF */
-
-#define ASN1_SET_OF(stname, field, type) \
-		ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
-
-#define ASN1_SET_OF_OPT(stname, field, type) \
-		ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
-
-#define ASN1_IMP_SET_OF(stname, field, type, tag) \
-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
-
-#define ASN1_EXP_SET_OF(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
-
-#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
-
-#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
-			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
-
-#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
-
-/* EXPLICIT using indefinite length constructed form */
-#define ASN1_NDEF_EXP(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
-
-/* EXPLICIT OPTIONAL using indefinite length constructed form */
-#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
-			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
-
-/* Macros for the ASN1_ADB structure */
-
-#define ASN1_ADB(name) \
-	static const ASN1_ADB_TABLE name##_adbtbl[] 
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
-	;\
-	static const ASN1_ADB name##_adb = {\
-		flags,\
-		offsetof(name, field),\
-		app_table,\
-		name##_adbtbl,\
-		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
-		def,\
-		none\
-	}
-
-#else
-
-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
-	;\
-	static const ASN1_ITEM *name##_adb(void) \
-	{ \
-	static const ASN1_ADB internal_adb = \
-		{\
-		flags,\
-		offsetof(name, field),\
-		app_table,\
-		name##_adbtbl,\
-		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
-		def,\
-		none\
-		}; \
-		return (const ASN1_ITEM *) &internal_adb; \
-	} \
-	void dummy_function(void)
-
-#endif
-
-#define ADB_ENTRY(val, template) {val, template}
-
-#define ASN1_ADB_TEMPLATE(name) \
-	static const ASN1_TEMPLATE name##_tt 
-
-/* This is the ASN1 template structure that defines
- * a wrapper round the actual type. It determines the
- * actual position of the field in the value structure,
- * various flags such as OPTIONAL and the field name.
- */
-
-struct ASN1_TEMPLATE_st {
-unsigned long flags;		/* Various flags */
-long tag;			/* tag, not used if no tagging */
-unsigned long offset;		/* Offset of this field in structure */
-#ifndef NO_ASN1_FIELD_NAMES
-const char *field_name;		/* Field name */
-#endif
-ASN1_ITEM_EXP *item;		/* Relevant ASN1_ITEM or ASN1_ADB */
-};
-
-/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
-
-#define ASN1_TEMPLATE_item(t) (t->item_ptr)
-#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
-
-typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
-typedef struct ASN1_ADB_st ASN1_ADB;
-
-struct ASN1_ADB_st {
-	unsigned long flags;	/* Various flags */
-	unsigned long offset;	/* Offset of selector field */
-	STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
-	const ASN1_ADB_TABLE *tbl;	/* Table of possible types */
-	long tblcount;		/* Number of entries in tbl */
-	const ASN1_TEMPLATE *default_tt;  /* Type to use if no match */
-	const ASN1_TEMPLATE *null_tt;  /* Type to use if selector is NULL */
-};
-
-struct ASN1_ADB_TABLE_st {
-	long value;		/* NID for an object or value for an int */
-	const ASN1_TEMPLATE tt;		/* item for this value */
-};
-
-/* template flags */
-
-/* Field is optional */
-#define ASN1_TFLG_OPTIONAL	(0x1)
-
-/* Field is a SET OF */
-#define ASN1_TFLG_SET_OF	(0x1 << 1)
-
-/* Field is a SEQUENCE OF */
-#define ASN1_TFLG_SEQUENCE_OF	(0x2 << 1)
-
-/* Special case: this refers to a SET OF that
- * will be sorted into DER order when encoded *and*
- * the corresponding STACK will be modified to match
- * the new order.
- */
-#define ASN1_TFLG_SET_ORDER	(0x3 << 1)
-
-/* Mask for SET OF or SEQUENCE OF */
-#define ASN1_TFLG_SK_MASK	(0x3 << 1)
-
-/* These flags mean the tag should be taken from the
- * tag field. If EXPLICIT then the underlying type
- * is used for the inner tag.
- */
-
-/* IMPLICIT tagging */
-#define ASN1_TFLG_IMPTAG	(0x1 << 3)
-
-
-/* EXPLICIT tagging, inner tag from underlying type */
-#define ASN1_TFLG_EXPTAG	(0x2 << 3)
-
-#define ASN1_TFLG_TAG_MASK	(0x3 << 3)
-
-/* context specific IMPLICIT */
-#define ASN1_TFLG_IMPLICIT	ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
-
-/* context specific EXPLICIT */
-#define ASN1_TFLG_EXPLICIT	ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
-
-/* If tagging is in force these determine the
- * type of tag to use. Otherwise the tag is
- * determined by the underlying type. These 
- * values reflect the actual octet format.
- */
-
-/* Universal tag */ 
-#define ASN1_TFLG_UNIVERSAL	(0x0<<6)
-/* Application tag */ 
-#define ASN1_TFLG_APPLICATION	(0x1<<6)
-/* Context specific tag */ 
-#define ASN1_TFLG_CONTEXT	(0x2<<6)
-/* Private tag */ 
-#define ASN1_TFLG_PRIVATE	(0x3<<6)
-
-#define ASN1_TFLG_TAG_CLASS	(0x3<<6)
-
-/* These are for ANY DEFINED BY type. In this case
- * the 'item' field points to an ASN1_ADB structure
- * which contains a table of values to decode the
- * relevant type
- */
-
-#define ASN1_TFLG_ADB_MASK	(0x3<<8)
-
-#define ASN1_TFLG_ADB_OID	(0x1<<8)
-
-#define ASN1_TFLG_ADB_INT	(0x1<<9)
-
-/* This flag means a parent structure is passed
- * instead of the field: this is useful is a
- * SEQUENCE is being combined with a CHOICE for
- * example. Since this means the structure and
- * item name will differ we need to use the
- * ASN1_CHOICE_END_name() macro for example.
- */
-
-#define ASN1_TFLG_COMBINE	(0x1<<10)
-
-/* This flag when present in a SEQUENCE OF, SET OF
- * or EXPLICIT causes indefinite length constructed
- * encoding to be used if required.
- */
-
-#define ASN1_TFLG_NDEF		(0x1<<11)
-
-/* This is the actual ASN1 item itself */
-
-struct ASN1_ITEM_st {
-char itype;			/* The item type, primitive, SEQUENCE, CHOICE or extern */
-long utype;			/* underlying type */
-const ASN1_TEMPLATE *templates;	/* If SEQUENCE or CHOICE this contains the contents */
-long tcount;			/* Number of templates if SEQUENCE or CHOICE */
-const void *funcs;		/* functions that handle this type */
-long size;			/* Structure size (usually)*/
-#ifndef NO_ASN1_FIELD_NAMES
-const char *sname;		/* Structure name */
-#endif
-};
-
-/* These are values for the itype field and
- * determine how the type is interpreted.
- *
- * For PRIMITIVE types the underlying type
- * determines the behaviour if items is NULL.
- *
- * Otherwise templates must contain a single 
- * template and the type is treated in the
- * same way as the type specified in the template.
- *
- * For SEQUENCE types the templates field points
- * to the members, the size field is the
- * structure size.
- *
- * For CHOICE types the templates field points
- * to each possible member (typically a union)
- * and the 'size' field is the offset of the
- * selector.
- *
- * The 'funcs' field is used for application
- * specific functions. 
- *
- * For COMPAT types the funcs field gives a
- * set of functions that handle this type, this
- * supports the old d2i, i2d convention.
- *
- * The EXTERN type uses a new style d2i/i2d.
- * The new style should be used where possible
- * because it avoids things like the d2i IMPLICIT
- * hack.
- *
- * MSTRING is a multiple string type, it is used
- * for a CHOICE of character strings where the
- * actual strings all occupy an ASN1_STRING
- * structure. In this case the 'utype' field
- * has a special meaning, it is used as a mask
- * of acceptable types using the B_ASN1 constants.
- *
- * NDEF_SEQUENCE is the same as SEQUENCE except
- * that it will use indefinite length constructed
- * encoding if requested.
- *
- */
-
-#define ASN1_ITYPE_PRIMITIVE		0x0
-
-#define ASN1_ITYPE_SEQUENCE		0x1
-
-#define ASN1_ITYPE_CHOICE		0x2
-
-#define ASN1_ITYPE_COMPAT		0x3
-
-#define ASN1_ITYPE_EXTERN		0x4
-
-#define ASN1_ITYPE_MSTRING		0x5
-
-#define ASN1_ITYPE_NDEF_SEQUENCE	0x6
-
-/* Cache for ASN1 tag and length, so we
- * don't keep re-reading it for things
- * like CHOICE
- */
-
-struct ASN1_TLC_st{
-	char valid;	/* Values below are valid */
-	int ret;	/* return value */
-	long plen;	/* length */
-	int ptag;	/* class value */
-	int pclass;	/* class value */
-	int hdrlen;	/* header length */
-};
-
-/* Typedefs for ASN1 function pointers */
-
-typedef ASN1_VALUE * ASN1_new_func(void);
-typedef void ASN1_free_func(ASN1_VALUE *a);
-typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);
-typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
-
-typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
-					int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
-typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, 
-						int indent, const char *fname, 
-						const ASN1_PCTX *pctx);
-
-typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx);
-
-typedef struct ASN1_COMPAT_FUNCS_st {
-	ASN1_new_func *asn1_new;
-	ASN1_free_func *asn1_free;
-	ASN1_d2i_func *asn1_d2i;
-	ASN1_i2d_func *asn1_i2d;
-} ASN1_COMPAT_FUNCS;
-
-typedef struct ASN1_EXTERN_FUNCS_st {
-	void *app_data;
-	ASN1_ex_new_func *asn1_ex_new;
-	ASN1_ex_free_func *asn1_ex_free;
-	ASN1_ex_free_func *asn1_ex_clear;
-	ASN1_ex_d2i *asn1_ex_d2i;
-	ASN1_ex_i2d *asn1_ex_i2d;
-	ASN1_ex_print_func *asn1_ex_print;
-} ASN1_EXTERN_FUNCS;
-
-typedef struct ASN1_PRIMITIVE_FUNCS_st {
-	void *app_data;
-	unsigned long flags;
-	ASN1_ex_new_func *prim_new;
-	ASN1_ex_free_func *prim_free;
-	ASN1_ex_free_func *prim_clear;
-	ASN1_primitive_c2i *prim_c2i;
-	ASN1_primitive_i2c *prim_i2c;
-	ASN1_primitive_print *prim_print;
-} ASN1_PRIMITIVE_FUNCS;
-
-/* This is the ASN1_AUX structure: it handles various
- * miscellaneous requirements. For example the use of
- * reference counts and an informational callback.
- *
- * The "informational callback" is called at various
- * points during the ASN1 encoding and decoding. It can
- * be used to provide minor customisation of the structures
- * used. This is most useful where the supplied routines
- * *almost* do the right thing but need some extra help
- * at a few points. If the callback returns zero then
- * it is assumed a fatal error has occurred and the 
- * main operation should be abandoned.
- *
- * If major changes in the default behaviour are required
- * then an external type is more appropriate.
- */
-
-typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
-				void *exarg);
-
-typedef struct ASN1_AUX_st {
-	void *app_data;
-	int flags;
-	int ref_offset;		/* Offset of reference value */
-	int ref_lock;		/* Lock type to use */
-	ASN1_aux_cb *asn1_cb;
-	int enc_offset;		/* Offset of ASN1_ENCODING structure */
-} ASN1_AUX;
-
-/* For print related callbacks exarg points to this structure */
-typedef struct ASN1_PRINT_ARG_st {
-	BIO *out;
-	int indent;
-	const ASN1_PCTX *pctx;
-} ASN1_PRINT_ARG;
-
-/* For streaming related callbacks exarg points to this structure */
-typedef struct ASN1_STREAM_ARG_st {
-	/* BIO to stream through */
-	BIO *out;
-	/* BIO with filters appended */
-	BIO *ndef_bio;
-	/* Streaming I/O boundary */
-	unsigned char **boundary;
-} ASN1_STREAM_ARG;
-
-/* Flags in ASN1_AUX */
-
-/* Use a reference count */
-#define ASN1_AFLG_REFCOUNT	1
-/* Save the encoding of structure (useful for signatures) */
-#define ASN1_AFLG_ENCODING	2
-/* The Sequence length is invalid */
-#define ASN1_AFLG_BROKEN	4
-
-/* operation values for asn1_cb */
-
-#define ASN1_OP_NEW_PRE		0
-#define ASN1_OP_NEW_POST	1
-#define ASN1_OP_FREE_PRE	2
-#define ASN1_OP_FREE_POST	3
-#define ASN1_OP_D2I_PRE		4
-#define ASN1_OP_D2I_POST	5
-#define ASN1_OP_I2D_PRE		6
-#define ASN1_OP_I2D_POST	7
-#define ASN1_OP_PRINT_PRE	8
-#define ASN1_OP_PRINT_POST	9
-#define ASN1_OP_STREAM_PRE	10
-#define ASN1_OP_STREAM_POST	11
-#define ASN1_OP_DETACHED_PRE	12
-#define ASN1_OP_DETACHED_POST	13
-
-/* Macro to implement a primitive type */
-#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
-#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
-				ASN1_ITEM_start(itname) \
-					ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
-				ASN1_ITEM_end(itname)
-
-/* Macro to implement a multi string type */
-#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
-				ASN1_ITEM_start(itname) \
-					ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
-				ASN1_ITEM_end(itname)
-
-/* Macro to implement an ASN1_ITEM in terms of old style funcs */
-
-#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
-
-#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
-	static const ASN1_COMPAT_FUNCS sname##_ff = { \
-		(ASN1_new_func *)sname##_new, \
-		(ASN1_free_func *)sname##_free, \
-		(ASN1_d2i_func *)d2i_##sname, \
-		(ASN1_i2d_func *)i2d_##sname, \
-	}; \
-	ASN1_ITEM_start(sname) \
-		ASN1_ITYPE_COMPAT, \
-		tag, \
-		NULL, \
-		0, \
-		&sname##_ff, \
-		0, \
-		#sname \
-	ASN1_ITEM_end(sname)
-
-#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
-	ASN1_ITEM_start(sname) \
-		ASN1_ITYPE_EXTERN, \
-		tag, \
-		NULL, \
-		0, \
-		&fptrs, \
-		0, \
-		#sname \
-	ASN1_ITEM_end(sname)
-
-/* Macro to implement standard functions in terms of ASN1_ITEM structures */
-
-#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
-			IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
-
-#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
-		IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
-
-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
-		IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
-
-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
-	pre stname *fname##_new(void) \
-	{ \
-		return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
-	} \
-	pre void fname##_free(stname *a) \
-	{ \
-		ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
-	}
-
-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
-	stname *fname##_new(void) \
-	{ \
-		return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
-	} \
-	void fname##_free(stname *a) \
-	{ \
-		ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
-	}
-
-#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
-	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
-	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
-
-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
-	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
-	{ \
-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
-	} \
-	int i2d_##fname(stname *a, unsigned char **out) \
-	{ \
-		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
-	} 
-
-#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
-	int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
-	{ \
-		return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
-	} 
-
-/* This includes evil casts to remove const: they will go away when full
- * ASN1 constification is done.
- */
-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
-	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
-	{ \
-		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
-	} \
-	int i2d_##fname(const stname *a, unsigned char **out) \
-	{ \
-		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
-	} 
-
-#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
-	stname * stname##_dup(stname *x) \
-        { \
-        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
-        }
-
-#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
-	IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
-
-#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
-	int fname##_print_ctx(BIO *out, stname *x, int indent, \
-						const ASN1_PCTX *pctx) \
-	{ \
-		return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
-			ASN1_ITEM_rptr(itname), pctx); \
-	} 
-
-#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
-		IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
-	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
-	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
-
-/* external definitions for primitive types */
-
-DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
-DECLARE_ASN1_ITEM(CBIGNUM)
-DECLARE_ASN1_ITEM(BIGNUM)
-DECLARE_ASN1_ITEM(LONG)
-DECLARE_ASN1_ITEM(ZLONG)
-
-DECLARE_STACK_OF(ASN1_VALUE)
-
-/* Functions used internally by the ASN1 code */
-
-int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt);
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
-				int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
-
-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-
-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
-
-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
-
-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
deleted file mode 100644
index ae144a98cb..0000000000
--- a/include/openssl/bio.h
+++ /dev/null
@@ -1,855 +0,0 @@
-/* crypto/bio/bio.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BIO_H
-#define HEADER_BIO_H
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_FP_API
-# include <stdio.h>
-#endif
-#include <stdarg.h>
-
-#include <openssl/crypto.h>
-
-#ifndef OPENSSL_NO_SCTP
-# ifndef OPENSSL_SYS_VMS
-# include <stdint.h>
-# else
-# include <inttypes.h>
-# endif
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* These are the 'types' of BIOs */
-#define BIO_TYPE_NONE		0
-#define BIO_TYPE_MEM		(1|0x0400)
-#define BIO_TYPE_FILE		(2|0x0400)
-
-#define BIO_TYPE_FD		(4|0x0400|0x0100)
-#define BIO_TYPE_SOCKET		(5|0x0400|0x0100)
-#define BIO_TYPE_NULL		(6|0x0400)
-#define BIO_TYPE_SSL		(7|0x0200)
-#define BIO_TYPE_MD		(8|0x0200)		/* passive filter */
-#define BIO_TYPE_BUFFER		(9|0x0200)		/* filter */
-#define BIO_TYPE_CIPHER		(10|0x0200)		/* filter */
-#define BIO_TYPE_BASE64		(11|0x0200)		/* filter */
-#define BIO_TYPE_CONNECT	(12|0x0400|0x0100)	/* socket - connect */
-#define BIO_TYPE_ACCEPT		(13|0x0400|0x0100)	/* socket for accept */
-#define BIO_TYPE_PROXY_CLIENT	(14|0x0200)		/* client proxy BIO */
-#define BIO_TYPE_PROXY_SERVER	(15|0x0200)		/* server proxy BIO */
-#define BIO_TYPE_NBIO_TEST	(16|0x0200)		/* server proxy BIO */
-#define BIO_TYPE_NULL_FILTER	(17|0x0200)
-#define BIO_TYPE_BER		(18|0x0200)		/* BER -> bin filter */
-#define BIO_TYPE_BIO		(19|0x0400)		/* (half a) BIO pair */
-#define BIO_TYPE_LINEBUFFER	(20|0x0200)		/* filter */
-#define BIO_TYPE_DGRAM		(21|0x0400|0x0100)
-#ifndef OPENSSL_NO_SCTP
-#define BIO_TYPE_DGRAM_SCTP	(24|0x0400|0x0100)
-#endif
-#define BIO_TYPE_ASN1 		(22|0x0200)		/* filter */
-#define BIO_TYPE_COMP 		(23|0x0200)		/* filter */
-
-#define BIO_TYPE_DESCRIPTOR	0x0100	/* socket, fd, connect or accept */
-#define BIO_TYPE_FILTER		0x0200
-#define BIO_TYPE_SOURCE_SINK	0x0400
-
-/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
- * BIO_set_fp(in,stdin,BIO_NOCLOSE); */
-#define BIO_NOCLOSE		0x00
-#define BIO_CLOSE		0x01
-
-/* These are used in the following macros and are passed to
- * BIO_ctrl() */
-#define BIO_CTRL_RESET		1  /* opt - rewind/zero etc */
-#define BIO_CTRL_EOF		2  /* opt - are we at the eof */
-#define BIO_CTRL_INFO		3  /* opt - extra tit-bits */
-#define BIO_CTRL_SET		4  /* man - set the 'IO' type */
-#define BIO_CTRL_GET		5  /* man - get the 'IO' type */
-#define BIO_CTRL_PUSH		6  /* opt - internal, used to signify change */
-#define BIO_CTRL_POP		7  /* opt - internal, used to signify change */
-#define BIO_CTRL_GET_CLOSE	8  /* man - set the 'close' on free */
-#define BIO_CTRL_SET_CLOSE	9  /* man - set the 'close' on free */
-#define BIO_CTRL_PENDING	10  /* opt - is their more data buffered */
-#define BIO_CTRL_FLUSH		11  /* opt - 'flush' buffered output */
-#define BIO_CTRL_DUP		12  /* man - extra stuff for 'duped' BIO */
-#define BIO_CTRL_WPENDING	13  /* opt - number of bytes still to write */
-/* callback is int cb(BIO *bio,state,ret); */
-#define BIO_CTRL_SET_CALLBACK	14  /* opt - set callback function */
-#define BIO_CTRL_GET_CALLBACK	15  /* opt - set callback function */
-
-#define BIO_CTRL_SET_FILENAME	30	/* BIO_s_file special */
-
-/* dgram BIO stuff */
-#define BIO_CTRL_DGRAM_CONNECT       31  /* BIO dgram special */
-#define BIO_CTRL_DGRAM_SET_CONNECTED 32  /* allow for an externally
-					  * connected socket to be
-					  * passed in */ 
-#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */
-#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */
-#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */
-#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */
-
-#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */
-#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */
-					
-/* #ifdef IP_MTU_DISCOVER */
-#define BIO_CTRL_DGRAM_MTU_DISCOVER       39 /* set DF bit on egress packets */
-/* #endif */
-
-#define BIO_CTRL_DGRAM_QUERY_MTU          40 /* as kernel for current MTU */
-#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
-#define BIO_CTRL_DGRAM_GET_MTU            41 /* get cached value for MTU */
-#define BIO_CTRL_DGRAM_SET_MTU            42 /* set cached value for
-					      * MTU. want to use this
-					      * if asking the kernel
-					      * fails */
-
-#define BIO_CTRL_DGRAM_MTU_EXCEEDED       43 /* check whether the MTU
-					      * was exceed in the
-					      * previous write
-					      * operation */
-
-#define BIO_CTRL_DGRAM_GET_PEER           46
-#define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */
-
-#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45 /* Next DTLS handshake timeout to
-                                              * adjust socket timeouts */
-
-#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD   49
-
-#ifndef OPENSSL_NO_SCTP
-/* SCTP stuff */
-#define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE	50
-#define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY		51
-#define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY		52
-#define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD		53
-#define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO		60
-#define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO		61
-#define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO		62
-#define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO		63
-#define BIO_CTRL_DGRAM_SCTP_GET_PRINFO			64
-#define BIO_CTRL_DGRAM_SCTP_SET_PRINFO			65
-#define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN		70
-#endif
-
-/* modifiers */
-#define BIO_FP_READ		0x02
-#define BIO_FP_WRITE		0x04
-#define BIO_FP_APPEND		0x08
-#define BIO_FP_TEXT		0x10
-
-#define BIO_FLAGS_READ		0x01
-#define BIO_FLAGS_WRITE		0x02
-#define BIO_FLAGS_IO_SPECIAL	0x04
-#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
-#define BIO_FLAGS_SHOULD_RETRY	0x08
-#ifndef	BIO_FLAGS_UPLINK
-/* "UPLINK" flag denotes file descriptors provided by application.
-   It defaults to 0, as most platforms don't require UPLINK interface. */
-#define	BIO_FLAGS_UPLINK	0
-#endif
-
-/* Used in BIO_gethostbyname() */
-#define BIO_GHBN_CTRL_HITS		1
-#define BIO_GHBN_CTRL_MISSES		2
-#define BIO_GHBN_CTRL_CACHE_SIZE	3
-#define BIO_GHBN_CTRL_GET_ENTRY		4
-#define BIO_GHBN_CTRL_FLUSH		5
-
-/* Mostly used in the SSL BIO */
-/* Not used anymore
- * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
- * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
- * #define BIO_FLAGS_PROTOCOL_STARTUP	0x40
- */
-
-#define BIO_FLAGS_BASE64_NO_NL	0x100
-
-/* This is used with memory BIOs: it means we shouldn't free up or change the
- * data in any way.
- */
-#define BIO_FLAGS_MEM_RDONLY	0x200
-
-typedef struct bio_st BIO;
-
-void BIO_set_flags(BIO *b, int flags);
-int  BIO_test_flags(const BIO *b, int flags);
-void BIO_clear_flags(BIO *b, int flags);
-
-#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
-#define BIO_set_retry_special(b) \
-		BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
-#define BIO_set_retry_read(b) \
-		BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
-#define BIO_set_retry_write(b) \
-		BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
-
-/* These are normally used internally in BIOs */
-#define BIO_clear_retry_flags(b) \
-		BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
-#define BIO_get_retry_flags(b) \
-		BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
-
-/* These should be used by the application to tell why we should retry */
-#define BIO_should_read(a)		BIO_test_flags(a, BIO_FLAGS_READ)
-#define BIO_should_write(a)		BIO_test_flags(a, BIO_FLAGS_WRITE)
-#define BIO_should_io_special(a)	BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
-#define BIO_retry_type(a)		BIO_test_flags(a, BIO_FLAGS_RWS)
-#define BIO_should_retry(a)		BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
-
-/* The next three are used in conjunction with the
- * BIO_should_io_special() condition.  After this returns true,
- * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
- * stack and return the 'reason' for the special and the offending BIO.
- * Given a BIO, BIO_get_retry_reason(bio) will return the code. */
-/* Returned from the SSL bio when the certificate retrieval code had an error */
-#define BIO_RR_SSL_X509_LOOKUP		0x01
-/* Returned from the connect BIO when a connect would have blocked */
-#define BIO_RR_CONNECT			0x02
-/* Returned from the accept BIO when an accept would have blocked */
-#define BIO_RR_ACCEPT			0x03
-/* Returned from the SSL bio when the channel id retrieval code cannot find the
- * private key. */
-#define BIO_RR_SSL_CHANNEL_ID_LOOKUP	0x04
-
-/* These are passed by the BIO callback */
-#define BIO_CB_FREE	0x01
-#define BIO_CB_READ	0x02
-#define BIO_CB_WRITE	0x03
-#define BIO_CB_PUTS	0x04
-#define BIO_CB_GETS	0x05
-#define BIO_CB_CTRL	0x06
-
-/* The callback is called before and after the underling operation,
- * The BIO_CB_RETURN flag indicates if it is after the call */
-#define BIO_CB_RETURN	0x80
-#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
-#define BIO_cb_pre(a)	(!((a)&BIO_CB_RETURN))
-#define BIO_cb_post(a)	((a)&BIO_CB_RETURN)
-
-long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long);
-void BIO_set_callback(BIO *b, 
-	long (*callback)(struct bio_st *,int,const char *,int, long,long));
-char *BIO_get_callback_arg(const BIO *b);
-void BIO_set_callback_arg(BIO *b, char *arg);
-
-const char * BIO_method_name(const BIO *b);
-int BIO_method_type(const BIO *b);
-
-typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
-
-typedef struct bio_method_st
-	{
-	int type;
-	const char *name;
-	int (*bwrite)(BIO *, const char *, int);
-	int (*bread)(BIO *, char *, int);
-	int (*bputs)(BIO *, const char *);
-	int (*bgets)(BIO *, char *, int);
-	long (*ctrl)(BIO *, int, long, void *);
-	int (*create)(BIO *);
-	int (*destroy)(BIO *);
-        long (*callback_ctrl)(BIO *, int, bio_info_cb *);
-	} BIO_METHOD;
-
-struct bio_st
-	{
-	BIO_METHOD *method;
-	/* bio, mode, argp, argi, argl, ret */
-	long (*callback)(struct bio_st *,int,const char *,int, long,long);
-	char *cb_arg; /* first argument for the callback */
-
-	int init;
-	int shutdown;
-	int flags;	/* extra storage */
-	int retry_reason;
-	int num;
-	void *ptr;
-	struct bio_st *next_bio;	/* used by filter BIOs */
-	struct bio_st *prev_bio;	/* used by filter BIOs */
-	int references;
-	unsigned long num_read;
-	unsigned long num_write;
-
-	CRYPTO_EX_DATA ex_data;
-	};
-
-DECLARE_STACK_OF(BIO)
-
-typedef struct bio_f_buffer_ctx_struct
-	{
-	/* Buffers are setup like this:
-	 *
-	 * <---------------------- size ----------------------->
-	 * +---------------------------------------------------+
-	 * | consumed | remaining          | free space        |
-	 * +---------------------------------------------------+
-	 * <-- off --><------- len ------->
-	 */
-
-	/* BIO *bio; */ /* this is now in the BIO struct */
-	int ibuf_size;	/* how big is the input buffer */
-	int obuf_size;	/* how big is the output buffer */
-
-	char *ibuf;		/* the char array */
-	int ibuf_len;		/* how many bytes are in it */
-	int ibuf_off;		/* write/read offset */
-
-	char *obuf;		/* the char array */
-	int obuf_len;		/* how many bytes are in it */
-	int obuf_off;		/* write/read offset */
-	} BIO_F_BUFFER_CTX;
-
-/* Prefix and suffix callback in ASN1 BIO */
-typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
-
-#ifndef OPENSSL_NO_SCTP
-/* SCTP parameter structs */
-struct bio_dgram_sctp_sndinfo
-	{
-	uint16_t snd_sid;
-	uint16_t snd_flags;
-	uint32_t snd_ppid;
-	uint32_t snd_context;
-	};
-
-struct bio_dgram_sctp_rcvinfo
-	{
-	uint16_t rcv_sid;
-	uint16_t rcv_ssn;
-	uint16_t rcv_flags;
-	uint32_t rcv_ppid;
-	uint32_t rcv_tsn;
-	uint32_t rcv_cumtsn;
-	uint32_t rcv_context;
-	};
-
-struct bio_dgram_sctp_prinfo
-	{
-	uint16_t pr_policy;
-	uint32_t pr_value;
-	};
-#endif
-
-/* connect BIO stuff */
-#define BIO_CONN_S_BEFORE		1
-#define BIO_CONN_S_GET_IP		2
-#define BIO_CONN_S_GET_PORT		3
-#define BIO_CONN_S_CREATE_SOCKET	4
-#define BIO_CONN_S_CONNECT		5
-#define BIO_CONN_S_OK			6
-#define BIO_CONN_S_BLOCKED_CONNECT	7
-#define BIO_CONN_S_NBIO			8
-/*#define BIO_CONN_get_param_hostname	BIO_ctrl */
-
-#define BIO_C_SET_CONNECT			100
-#define BIO_C_DO_STATE_MACHINE			101
-#define BIO_C_SET_NBIO				102
-#define BIO_C_SET_PROXY_PARAM			103
-#define BIO_C_SET_FD				104
-#define BIO_C_GET_FD				105
-#define BIO_C_SET_FILE_PTR			106
-#define BIO_C_GET_FILE_PTR			107
-#define BIO_C_SET_FILENAME			108
-#define BIO_C_SET_SSL				109
-#define BIO_C_GET_SSL				110
-#define BIO_C_SET_MD				111
-#define BIO_C_GET_MD				112
-#define BIO_C_GET_CIPHER_STATUS			113
-#define BIO_C_SET_BUF_MEM			114
-#define BIO_C_GET_BUF_MEM_PTR			115
-#define BIO_C_GET_BUFF_NUM_LINES		116
-#define BIO_C_SET_BUFF_SIZE			117
-#define BIO_C_SET_ACCEPT			118
-#define BIO_C_SSL_MODE				119
-#define BIO_C_GET_MD_CTX			120
-#define BIO_C_GET_PROXY_PARAM			121
-#define BIO_C_SET_BUFF_READ_DATA		122 /* data to read first */
-#define BIO_C_GET_CONNECT			123
-#define BIO_C_GET_ACCEPT			124
-#define BIO_C_SET_SSL_RENEGOTIATE_BYTES		125
-#define BIO_C_GET_SSL_NUM_RENEGOTIATES		126
-#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT	127
-#define BIO_C_FILE_SEEK				128
-#define BIO_C_GET_CIPHER_CTX			129
-#define BIO_C_SET_BUF_MEM_EOF_RETURN		130/*return end of input value*/
-#define BIO_C_SET_BIND_MODE			131
-#define BIO_C_GET_BIND_MODE			132
-#define BIO_C_FILE_TELL				133
-#define BIO_C_GET_SOCKS				134
-#define BIO_C_SET_SOCKS				135
-
-#define BIO_C_SET_WRITE_BUF_SIZE		136/* for BIO_s_bio */
-#define BIO_C_GET_WRITE_BUF_SIZE		137
-#define BIO_C_MAKE_BIO_PAIR			138
-#define BIO_C_DESTROY_BIO_PAIR			139
-#define BIO_C_GET_WRITE_GUARANTEE		140
-#define BIO_C_GET_READ_REQUEST			141
-#define BIO_C_SHUTDOWN_WR			142
-#define BIO_C_NREAD0				143
-#define BIO_C_NREAD				144
-#define BIO_C_NWRITE0				145
-#define BIO_C_NWRITE				146
-#define BIO_C_RESET_READ_REQUEST		147
-#define BIO_C_SET_MD_CTX			148
-
-#define BIO_C_SET_PREFIX			149
-#define BIO_C_GET_PREFIX			150
-#define BIO_C_SET_SUFFIX			151
-#define BIO_C_GET_SUFFIX			152
-
-#define BIO_C_SET_EX_ARG			153
-#define BIO_C_GET_EX_ARG			154
-
-#define BIO_set_app_data(s,arg)		BIO_set_ex_data(s,0,arg)
-#define BIO_get_app_data(s)		BIO_get_ex_data(s,0)
-
-/* BIO_s_connect() and BIO_s_socks4a_connect() */
-#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
-#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
-#define BIO_set_conn_ip(b,ip)	  BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
-#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
-#define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
-#define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
-#define BIO_get_conn_ip(b) 		 BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
-
-
-#define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-
-/* BIO_s_accept_socket() */
-#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
-#define BIO_get_accept_port(b)	BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
-/* #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
-#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL)
-#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
-
-#define BIO_BIND_NORMAL			0
-#define BIO_BIND_REUSEADDR_IF_UNUSED	1
-#define BIO_BIND_REUSEADDR		2
-#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
-#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
-
-#define BIO_do_connect(b)	BIO_do_handshake(b)
-#define BIO_do_accept(b)	BIO_do_handshake(b)
-#define BIO_do_handshake(b)	BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
-
-/* BIO_s_proxy_client() */
-#define BIO_set_url(b,url)	BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
-#define BIO_set_proxies(b,p)	BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
-/* BIO_set_nbio(b,n) */
-#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
-/* BIO *BIO_get_filter_bio(BIO *bio); */
-#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))
-#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
-#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
-
-#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
-#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
-#define BIO_get_url(b,url)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
-#define BIO_get_no_connect_return(b)	BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
-
-#define BIO_set_fd(b,fd,c)	BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
-#define BIO_get_fd(b,c)		BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
-
-#define BIO_set_fp(b,fp,c)	BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
-#define BIO_get_fp(b,fpp)	BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
-
-#define BIO_seek(b,ofs)	(int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
-#define BIO_tell(b)	(int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
-
-/* name is cast to lose const, but might be better to route through a function
-   so we can do it safely */
-#ifdef CONST_STRICT
-/* If you are wondering why this isn't defined, its because CONST_STRICT is
- * purely a compile-time kludge to allow const to be checked.
- */
-int BIO_read_filename(BIO *b,const char *name);
-#else
-#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-		BIO_CLOSE|BIO_FP_READ,(char *)name)
-#endif
-#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-		BIO_CLOSE|BIO_FP_WRITE,name)
-#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-		BIO_CLOSE|BIO_FP_APPEND,name)
-#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-		BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
-
-/* WARNING WARNING, this ups the reference count on the read bio of the
- * SSL structure.  This is because the ssl read BIO is now pointed to by
- * the next_bio field in the bio.  So when you free the BIO, make sure
- * you are doing a BIO_free_all() to catch the underlying BIO. */
-#define BIO_set_ssl(b,ssl,c)	BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
-#define BIO_get_ssl(b,sslp)	BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
-#define BIO_set_ssl_mode(b,client)	BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
-#define BIO_set_ssl_renegotiate_bytes(b,num) \
-	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
-#define BIO_get_num_renegotiates(b) \
-	BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
-#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
-	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
-
-/* defined in evp.h */
-/* #define BIO_set_md(b,md)	BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
-
-#define BIO_get_mem_data(b,pp)	BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
-#define BIO_set_mem_buf(b,bm,c)	BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
-#define BIO_get_mem_ptr(b,pp)	BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
-#define BIO_set_mem_eof_return(b,v) \
-				BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
-
-/* For the BIO_f_buffer() type */
-#define BIO_get_buffer_num_lines(b)	BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
-#define BIO_set_buffer_size(b,size)	BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
-#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
-#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
-#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
-
-/* Don't use the next one unless you know what you are doing :-) */
-#define BIO_dup_state(b,ret)	BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
-
-#define BIO_reset(b)		(int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
-#define BIO_eof(b)		(int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
-#define BIO_set_close(b,c)	(int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
-#define BIO_get_close(b)	(int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
-#define BIO_pending(b)		(int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
-#define BIO_wpending(b)		(int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
-/* ...pending macros have inappropriate return type */
-size_t BIO_ctrl_pending(BIO *b);
-size_t BIO_ctrl_wpending(BIO *b);
-#define BIO_flush(b)		(int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
-#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
-						   cbp)
-#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
-
-/* For the BIO_f_buffer() type */
-#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
-
-/* For BIO_s_bio() */
-#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
-#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
-#define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
-#define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
-#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
-/* macros with inappropriate type -- but ...pending macros use int too: */
-#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
-#define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
-size_t BIO_ctrl_get_write_guarantee(BIO *b);
-size_t BIO_ctrl_get_read_request(BIO *b);
-int BIO_ctrl_reset_read_request(BIO *b);
-
-/* ctrl macros for dgram */
-#define BIO_ctrl_dgram_connect(b,peer)  \
-                     (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer)
-#define BIO_ctrl_set_connected(b, state, peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer)
-#define BIO_dgram_recv_timedout(b) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
-#define BIO_dgram_send_timedout(b) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
-#define BIO_dgram_get_peer(b,peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
-#define BIO_dgram_set_peer(b,peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
-#define BIO_dgram_get_mtu_overhead(b) \
-         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
-
-/* These two aren't currently implemented */
-/* int BIO_get_ex_num(BIO *bio); */
-/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
-int BIO_set_ex_data(BIO *bio,int idx,void *data);
-void *BIO_get_ex_data(BIO *bio,int idx);
-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-unsigned long BIO_number_read(BIO *bio);
-unsigned long BIO_number_written(BIO *bio);
-
-/* For BIO_f_asn1() */
-int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
-					asn1_ps_func *prefix_free);
-int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
-					asn1_ps_func **pprefix_free);
-int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
-					asn1_ps_func *suffix_free);
-int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
-					asn1_ps_func **psuffix_free);
-
-# ifndef OPENSSL_NO_FP_API
-BIO_METHOD *BIO_s_file(void );
-BIO *BIO_new_file(const char *filename, const char *mode);
-BIO *BIO_new_fp(FILE *stream, int close_flag);
-# define BIO_s_file_internal	BIO_s_file
-# endif
-BIO *	BIO_new(BIO_METHOD *type);
-int	BIO_set(BIO *a,BIO_METHOD *type);
-int	BIO_free(BIO *a);
-void	BIO_vfree(BIO *a);
-BIO *	BIO_up_ref(BIO *bio);
-int	BIO_read(BIO *b, void *data, int len);
-int	BIO_gets(BIO *bp,char *buf, int size);
-int	BIO_write(BIO *b, const void *data, int len);
-int	BIO_puts(BIO *bp,const char *buf);
-int	BIO_indent(BIO *b,int indent,int max);
-long	BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
-char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
-long	BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
-BIO *	BIO_push(BIO *b,BIO *append);
-BIO *	BIO_pop(BIO *b);
-void	BIO_free_all(BIO *a);
-BIO *	BIO_find_type(BIO *b,int bio_type);
-BIO *	BIO_next(BIO *b);
-BIO *	BIO_get_retry_BIO(BIO *bio, int *reason);
-int	BIO_get_retry_reason(BIO *bio);
-BIO *	BIO_dup_chain(BIO *in);
-
-int BIO_nread0(BIO *bio, char **buf);
-int BIO_nread(BIO *bio, char **buf, int num);
-int BIO_nwrite0(BIO *bio, char **buf);
-int BIO_nwrite(BIO *bio, char **buf, int num);
-
-long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
-	long argl,long ret);
-
-BIO_METHOD *BIO_s_mem(void);
-BIO *BIO_new_mem_buf(void *buf, int len);
-BIO_METHOD *BIO_s_socket(void);
-BIO_METHOD *BIO_s_connect(void);
-BIO_METHOD *BIO_s_accept(void);
-BIO_METHOD *BIO_s_fd(void);
-#ifndef OPENSSL_SYS_OS2
-BIO_METHOD *BIO_s_log(void);
-#endif
-BIO_METHOD *BIO_s_bio(void);
-BIO_METHOD *BIO_s_null(void);
-BIO_METHOD *BIO_f_null(void);
-BIO_METHOD *BIO_f_buffer(void);
-#ifdef OPENSSL_SYS_VMS
-BIO_METHOD *BIO_f_linebuffer(void);
-#endif
-BIO_METHOD *BIO_f_nbio_test(void);
-#ifndef OPENSSL_NO_DGRAM
-BIO_METHOD *BIO_s_datagram(void);
-#ifndef OPENSSL_NO_SCTP
-BIO_METHOD *BIO_s_datagram_sctp(void);
-#endif
-#endif
-
-/* BIO_METHOD *BIO_f_ber(void); */
-
-int BIO_sock_should_retry(int i);
-int BIO_sock_non_fatal_error(int error);
-int BIO_dgram_non_fatal_error(int error);
-
-int BIO_fd_should_retry(int i);
-int BIO_fd_non_fatal_error(int error);
-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
-		void *u, const char *s, int len);
-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
-		       void *u, const char *s, int len, int indent);
-int BIO_dump(BIO *b,const char *bytes,int len);
-int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
-#ifndef OPENSSL_NO_FP_API
-int BIO_dump_fp(FILE *fp, const char *s, int len);
-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
-#endif
-struct hostent *BIO_gethostbyname(const char *name);
-/* We might want a thread-safe interface too:
- * struct hostent *BIO_gethostbyname_r(const char *name,
- *     struct hostent *result, void *buffer, size_t buflen);
- * or something similar (caller allocates a struct hostent,
- * pointed to by "result", and additional buffer space for the various
- * substructures; if the buffer does not suffice, NULL is returned
- * and an appropriate error code is set).
- */
-int BIO_sock_error(int sock);
-int BIO_socket_ioctl(int fd, long type, void *arg);
-int BIO_socket_nbio(int fd,int mode);
-int BIO_get_port(const char *str, unsigned short *port_ptr);
-int BIO_get_host_ip(const char *str, unsigned char *ip);
-int BIO_get_accept_socket(char *host_port,int mode);
-int BIO_accept(int sock,char **ip_port);
-int BIO_sock_init(void );
-void BIO_sock_cleanup(void);
-int BIO_set_tcp_ndelay(int sock,int turn_on);
-
-BIO *BIO_new_socket(int sock, int close_flag);
-BIO *BIO_new_dgram(int fd, int close_flag);
-#ifndef OPENSSL_NO_SCTP
-BIO *BIO_new_dgram_sctp(int fd, int close_flag);
-int BIO_dgram_is_sctp(BIO *bio);
-int BIO_dgram_sctp_notification_cb(BIO *b,
-                                   void (*handle_notifications)(BIO *bio, void *context, void *buf),
-                                   void *context);
-int BIO_dgram_sctp_wait_for_dry(BIO *b);
-int BIO_dgram_sctp_msg_waiting(BIO *b);
-#endif
-BIO *BIO_new_fd(int fd, int close_flag);
-BIO *BIO_new_connect(char *host_port);
-BIO *BIO_new_accept(char *host_port);
-
-int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
-	BIO **bio2, size_t writebuf2);
-/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
- * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.
- * Size 0 uses default value.
- */
-
-void BIO_copy_next_retry(BIO *b);
-
-/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
-
-#ifdef __GNUC__
-#  define __bio_h__attr__ __attribute__
-#else
-#  define __bio_h__attr__(x)
-#endif
-int BIO_printf(BIO *bio, const char *format, ...)
-	__bio_h__attr__((__format__(__printf__,2,3)));
-int BIO_vprintf(BIO *bio, const char *format, va_list args)
-	__bio_h__attr__((__format__(__printf__,2,0)));
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-	__bio_h__attr__((__format__(__printf__,3,4)));
-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
-	__bio_h__attr__((__format__(__printf__,3,0)));
-#undef __bio_h__attr__
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BIO_strings(void);
-
-/* Error codes for the BIO functions. */
-
-/* Function codes. */
-#define BIO_F_ACPT_STATE				 100
-#define BIO_F_BIO_ACCEPT				 101
-#define BIO_F_BIO_BER_GET_HEADER			 102
-#define BIO_F_BIO_CALLBACK_CTRL				 131
-#define BIO_F_BIO_CTRL					 103
-#define BIO_F_BIO_GETHOSTBYNAME				 120
-#define BIO_F_BIO_GETS					 104
-#define BIO_F_BIO_GET_ACCEPT_SOCKET			 105
-#define BIO_F_BIO_GET_HOST_IP				 106
-#define BIO_F_BIO_GET_PORT				 107
-#define BIO_F_BIO_MAKE_PAIR				 121
-#define BIO_F_BIO_NEW					 108
-#define BIO_F_BIO_NEW_FILE				 109
-#define BIO_F_BIO_NEW_MEM_BUF				 126
-#define BIO_F_BIO_NREAD					 123
-#define BIO_F_BIO_NREAD0				 124
-#define BIO_F_BIO_NWRITE				 125
-#define BIO_F_BIO_NWRITE0				 122
-#define BIO_F_BIO_PUTS					 110
-#define BIO_F_BIO_READ					 111
-#define BIO_F_BIO_SOCK_INIT				 112
-#define BIO_F_BIO_WRITE					 113
-#define BIO_F_BUFFER_CTRL				 114
-#define BIO_F_CONN_CTRL					 127
-#define BIO_F_CONN_STATE				 115
-#define BIO_F_DGRAM_SCTP_READ				 132
-#define BIO_F_FILE_CTRL					 116
-#define BIO_F_FILE_READ					 130
-#define BIO_F_LINEBUFFER_CTRL				 129
-#define BIO_F_MEM_READ					 128
-#define BIO_F_MEM_WRITE					 117
-#define BIO_F_SSL_NEW					 118
-#define BIO_F_WSASTARTUP				 119
-
-/* Reason codes. */
-#define BIO_R_ACCEPT_ERROR				 100
-#define BIO_R_BAD_FOPEN_MODE				 101
-#define BIO_R_BAD_HOSTNAME_LOOKUP			 102
-#define BIO_R_BROKEN_PIPE				 124
-#define BIO_R_CONNECT_ERROR				 103
-#define BIO_R_EOF_ON_MEMORY_BIO				 127
-#define BIO_R_ERROR_SETTING_NBIO			 104
-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET	 105
-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106
-#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107
-#define BIO_R_INVALID_ARGUMENT				 125
-#define BIO_R_INVALID_IP_ADDRESS			 108
-#define BIO_R_IN_USE					 123
-#define BIO_R_KEEPALIVE					 109
-#define BIO_R_NBIO_CONNECT_ERROR			 110
-#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 111
-#define BIO_R_NO_HOSTNAME_SPECIFIED			 112
-#define BIO_R_NO_PORT_DEFINED				 113
-#define BIO_R_NO_PORT_SPECIFIED				 114
-#define BIO_R_NO_SUCH_FILE				 128
-#define BIO_R_NULL_PARAMETER				 115
-#define BIO_R_TAG_MISMATCH				 116
-#define BIO_R_UNABLE_TO_BIND_SOCKET			 117
-#define BIO_R_UNABLE_TO_CREATE_SOCKET			 118
-#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 119
-#define BIO_R_UNINITIALIZED				 120
-#define BIO_R_UNSUPPORTED_METHOD			 121
-#define BIO_R_WRITE_TO_READ_ONLY_BIO			 126
-#define BIO_R_WSASTARTUP				 122
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/blowfish.h b/include/openssl/blowfish.h
deleted file mode 100644
index 4b6c8920a4..0000000000
--- a/include/openssl/blowfish.h
+++ /dev/null
@@ -1,129 +0,0 @@
-/* crypto/bf/blowfish.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BLOWFISH_H
-#define HEADER_BLOWFISH_H
-
-#include <openssl/e_os2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_BF
-#error BF is disabled.
-#endif
-
-#define BF_ENCRYPT	1
-#define BF_DECRYPT	0
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! BF_LONG_LOG2 has to be defined along.                        !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(__LP32__)
-#define BF_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define BF_LONG unsigned long
-#define BF_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- *					<appro@fy.chalmers.se>
- */
-#else
-#define BF_LONG unsigned int
-#endif
-
-#define BF_ROUNDS	16
-#define BF_BLOCK	8
-
-typedef struct bf_key_st
-	{
-	BF_LONG P[BF_ROUNDS+2];
-	BF_LONG S[4*256];
-	} BF_KEY;
-
-#ifdef OPENSSL_FIPS 
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-#endif
-void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-
-void BF_encrypt(BF_LONG *data,const BF_KEY *key);
-void BF_decrypt(BF_LONG *data,const BF_KEY *key);
-
-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-	const BF_KEY *key, int enc);
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	const BF_KEY *schedule, unsigned char *ivec, int enc);
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-	const BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-	const BF_KEY *schedule, unsigned char *ivec, int *num);
-const char *BF_options(void);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/bn.h b/include/openssl/bn.h
deleted file mode 100644
index 0dd8d889f8..0000000000
--- a/include/openssl/bn.h
+++ /dev/null
@@ -1,910 +0,0 @@
-/* crypto/bn/bn.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the Eric Young open source
- * license provided above.
- *
- * The binary polynomial arithmetic software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#ifndef HEADER_BN_H
-#define HEADER_BN_H
-
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h> /* FILE */
-#endif
-#include <openssl/ossl_typ.h>
-#include <openssl/crypto.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* These preprocessor symbols control various aspects of the bignum headers and
- * library code. They're not defined by any "normal" configuration, as they are
- * intended for development and testing purposes. NB: defining all three can be
- * useful for debugging application code as well as openssl itself.
- *
- * BN_DEBUG - turn on various debugging alterations to the bignum code
- * BN_DEBUG_RAND - uses random poisoning of unused words to trip up
- * mismanagement of bignum internals. You must also define BN_DEBUG.
- */
-/* #define BN_DEBUG */
-/* #define BN_DEBUG_RAND */
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-#define BN_MUL_COMBA
-#define BN_SQR_COMBA
-#define BN_RECURSION
-#endif
-
-/* This next option uses the C libraries (2 word)/(1 word) function.
- * If it is not defined, I use my C version (which is slower).
- * The reason for this flag is that when the particular C compiler
- * library routine is used, and the library is linked with a different
- * compiler, the library is missing.  This mostly happens when the
- * library is built with gcc and then linked using normal cc.  This would
- * be a common occurrence because gcc normally produces code that is
- * 2 times faster than system compilers for the big number stuff.
- * For machines with only one compiler (or shared libraries), this should
- * be on.  Again this in only really a problem on machines
- * using "long long's", are 32bit, and are not using my assembler code. */
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
-    defined(OPENSSL_SYS_WIN32) || defined(linux)
-# ifndef BN_DIV2W
-#  define BN_DIV2W
-# endif
-#endif
-
-/* assuming long is 64bit - this is the DEC Alpha
- * unsigned long long is only 64 bits :-(, don't define
- * BN_LLONG for the DEC Alpha */
-#ifdef SIXTY_FOUR_BIT_LONG
-#define BN_ULLONG	unsigned long long
-#define BN_ULONG	unsigned long
-#define BN_LONG		long
-#define BN_BITS		128
-#define BN_BYTES	8
-#define BN_BITS2	64
-#define BN_BITS4	32
-#define BN_MASK		(0xffffffffffffffffffffffffffffffffLL)
-#define BN_MASK2	(0xffffffffffffffffL)
-#define BN_MASK2l	(0xffffffffL)
-#define BN_MASK2h	(0xffffffff00000000L)
-#define BN_MASK2h1	(0xffffffff80000000L)
-#define BN_TBIT		(0x8000000000000000L)
-#define BN_DEC_CONV	(10000000000000000000UL)
-#define BN_DEC_FMT1	"%lu"
-#define BN_DEC_FMT2	"%019lu"
-#define BN_DEC_NUM	19
-#define BN_HEX_FMT1	"%lX"
-#define BN_HEX_FMT2	"%016lX"
-#endif
-
-/* This is where the long long data type is 64 bits, but long is 32.
- * For machines where there are 64bit registers, this is the mode to use.
- * IRIX, on R4000 and above should use this mode, along with the relevant
- * assembler code :-).  Do NOT define BN_LLONG.
- */
-#ifdef SIXTY_FOUR_BIT
-#undef BN_LLONG
-#undef BN_ULLONG
-#define BN_ULONG	unsigned long long
-#define BN_LONG		long long
-#define BN_BITS		128
-#define BN_BYTES	8
-#define BN_BITS2	64
-#define BN_BITS4	32
-#define BN_MASK2	(0xffffffffffffffffLL)
-#define BN_MASK2l	(0xffffffffL)
-#define BN_MASK2h	(0xffffffff00000000LL)
-#define BN_MASK2h1	(0xffffffff80000000LL)
-#define BN_TBIT		(0x8000000000000000LL)
-#define BN_DEC_CONV	(10000000000000000000ULL)
-#define BN_DEC_FMT1	"%llu"
-#define BN_DEC_FMT2	"%019llu"
-#define BN_DEC_NUM	19
-#define BN_HEX_FMT1	"%llX"
-#define BN_HEX_FMT2	"%016llX"
-#endif
-
-#ifdef THIRTY_TWO_BIT
-#ifdef BN_LLONG
-# if defined(_WIN32) && !defined(__GNUC__)
-#  define BN_ULLONG	unsigned __int64
-#  define BN_MASK	(0xffffffffffffffffI64)
-# else
-#  define BN_ULLONG	unsigned long long
-#  define BN_MASK	(0xffffffffffffffffLL)
-# endif
-#endif
-#define BN_ULONG	unsigned int
-#define BN_LONG		int
-#define BN_BITS		64
-#define BN_BYTES	4
-#define BN_BITS2	32
-#define BN_BITS4	16
-#define BN_MASK2	(0xffffffffL)
-#define BN_MASK2l	(0xffff)
-#define BN_MASK2h1	(0xffff8000L)
-#define BN_MASK2h	(0xffff0000L)
-#define BN_TBIT		(0x80000000L)
-#define BN_DEC_CONV	(1000000000L)
-#define BN_DEC_FMT1	"%u"
-#define BN_DEC_FMT2	"%09u"
-#define BN_DEC_NUM	9
-#define BN_HEX_FMT1	"%X"
-#define BN_HEX_FMT2	"%08X"
-#endif
-
-/* 2011-02-22 SMS.
- * In various places, a size_t variable or a type cast to size_t was
- * used to perform integer-only operations on pointers.  This failed on
- * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is
- * still only 32 bits.  What's needed in these cases is an integer type
- * with the same size as a pointer, which size_t is not certain to be. 
- * The only fix here is VMS-specific.
- */
-#if defined(OPENSSL_SYS_VMS)
-# if __INITIAL_POINTER_SIZE == 64
-#  define PTR_SIZE_INT long long
-# else /* __INITIAL_POINTER_SIZE == 64 */
-#  define PTR_SIZE_INT int
-# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
-#else /* defined(OPENSSL_SYS_VMS) */
-# define PTR_SIZE_INT size_t
-#endif /* defined(OPENSSL_SYS_VMS) [else] */
-
-#define BN_DEFAULT_BITS	1280
-
-#define BN_FLG_MALLOCED		0x01
-#define BN_FLG_STATIC_DATA	0x02
-#define BN_FLG_CONSTTIME	0x04 /* avoid leaking exponent information through timing,
-                                      * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
-                                      * BN_div() will call BN_div_no_branch,
-                                      * BN_mod_inverse() will call BN_mod_inverse_no_branch.
-                                      */
-
-#ifndef OPENSSL_NO_DEPRECATED
-#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */
-                                      /* avoid leaking exponent information through timings
-                                      * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
-#endif
-
-#ifndef OPENSSL_NO_DEPRECATED
-#define BN_FLG_FREE		0x8000	/* used for debuging */
-#endif
-#define BN_set_flags(b,n)	((b)->flags|=(n))
-#define BN_get_flags(b,n)	((b)->flags&(n))
-
-/* get a clone of a BIGNUM with changed flags, for *temporary* use only
- * (the two BIGNUMs cannot not be used in parallel!) */
-#define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
-                                  (dest)->top=(b)->top, \
-                                  (dest)->dmax=(b)->dmax, \
-                                  (dest)->neg=(b)->neg, \
-                                  (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
-                                                 |  ((b)->flags & ~BN_FLG_MALLOCED) \
-                                                 |  BN_FLG_STATIC_DATA \
-                                                 |  (n)))
-
-/* Already declared in ossl_typ.h */
-#if 0
-typedef struct bignum_st BIGNUM;
-/* Used for temp variables (declaration hidden in bn_lcl.h) */
-typedef struct bignum_ctx BN_CTX;
-typedef struct bn_blinding_st BN_BLINDING;
-typedef struct bn_mont_ctx_st BN_MONT_CTX;
-typedef struct bn_recp_ctx_st BN_RECP_CTX;
-typedef struct bn_gencb_st BN_GENCB;
-#endif
-
-struct bignum_st
-	{
-	BN_ULONG *d;	/* Pointer to an array of 'BN_BITS2' bit chunks. */
-	int top;	/* Index of last used d +1. */
-	/* The next are internal book keeping for bn_expand. */
-	int dmax;	/* Size of the d array. */
-	int neg;	/* one if the number is negative */
-	int flags;
-	};
-
-/* Used for montgomery multiplication */
-struct bn_mont_ctx_st
-	{
-	int ri;        /* number of bits in R */
-	BIGNUM RR;     /* used to convert to montgomery form */
-	BIGNUM N;      /* The modulus */
-	BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
-	                * (Ni is only stored for bignum algorithm) */
-	BN_ULONG n0[2];/* least significant word(s) of Ni;
-	                  (type changed with 0.9.9, was "BN_ULONG n0;" before) */
-	int flags;
-	};
-
-/* Used for reciprocal division/mod functions
- * It cannot be shared between threads
- */
-struct bn_recp_ctx_st
-	{
-	BIGNUM N;	/* the divisor */
-	BIGNUM Nr;	/* the reciprocal */
-	int num_bits;
-	int shift;
-	int flags;
-	};
-
-/* Used for slow "generation" functions. */
-struct bn_gencb_st
-	{
-	unsigned int ver;	/* To handle binary (in)compatibility */
-	void *arg;		/* callback-specific data */
-	union
-		{
-		/* if(ver==1) - handles old style callbacks */
-		void (*cb_1)(int, int, void *);
-		/* if(ver==2) - new callback style */
-		int (*cb_2)(int, int, BN_GENCB *);
-		} cb;
-	};
-/* Wrapper function to make using BN_GENCB easier,  */
-int BN_GENCB_call(BN_GENCB *cb, int a, int b);
-/* Macro to populate a BN_GENCB structure with an "old"-style callback */
-#define BN_GENCB_set_old(gencb, callback, cb_arg) { \
-		BN_GENCB *tmp_gencb = (gencb); \
-		tmp_gencb->ver = 1; \
-		tmp_gencb->arg = (cb_arg); \
-		tmp_gencb->cb.cb_1 = (callback); }
-/* Macro to populate a BN_GENCB structure with a "new"-style callback */
-#define BN_GENCB_set(gencb, callback, cb_arg) { \
-		BN_GENCB *tmp_gencb = (gencb); \
-		tmp_gencb->ver = 2; \
-		tmp_gencb->arg = (cb_arg); \
-		tmp_gencb->cb.cb_2 = (callback); }
-
-#define BN_prime_checks 0 /* default: select number of iterations
-			     based on the size of the number */
-
-/* number of Miller-Rabin iterations for an error rate  of less than 2^-80
- * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
- * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
- * original paper: Damgaard, Landrock, Pomerance: Average case error estimates
- * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
-#define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \
-                                (b) >=  850 ?  3 : \
-                                (b) >=  650 ?  4 : \
-                                (b) >=  550 ?  5 : \
-                                (b) >=  450 ?  6 : \
-                                (b) >=  400 ?  7 : \
-                                (b) >=  350 ?  8 : \
-                                (b) >=  300 ?  9 : \
-                                (b) >=  250 ? 12 : \
-                                (b) >=  200 ? 15 : \
-                                (b) >=  150 ? 18 : \
-                                /* b >= 100 */ 27)
-
-#define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)
-
-/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
-#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
-				(((w) == 0) && ((a)->top == 0)))
-#define BN_is_zero(a)       ((a)->top == 0)
-#define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)
-#define BN_is_word(a,w)     (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
-#define BN_is_odd(a)	    (((a)->top > 0) && ((a)->d[0] & 1))
-
-#define BN_one(a)	(BN_set_word((a),1))
-#define BN_zero_ex(a) \
-	do { \
-		BIGNUM *_tmp_bn = (a); \
-		_tmp_bn->top = 0; \
-		_tmp_bn->neg = 0; \
-	} while(0)
-#ifdef OPENSSL_NO_DEPRECATED
-#define BN_zero(a)	BN_zero_ex(a)
-#else
-#define BN_zero(a)	(BN_set_word((a),0))
-#endif
-
-const BIGNUM *BN_value_one(void);
-char *	BN_options(void);
-BN_CTX *BN_CTX_new(void);
-#ifndef OPENSSL_NO_DEPRECATED
-void	BN_CTX_init(BN_CTX *c);
-#endif
-void	BN_CTX_free(BN_CTX *c);
-void	BN_CTX_start(BN_CTX *ctx);
-BIGNUM *BN_CTX_get(BN_CTX *ctx);
-void	BN_CTX_end(BN_CTX *ctx);
-int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int	BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int	BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int	BN_num_bits(const BIGNUM *a);
-int	BN_num_bits_word(BN_ULONG);
-BIGNUM *BN_new(void);
-void	BN_init(BIGNUM *);
-void	BN_clear_free(BIGNUM *a);
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
-void	BN_swap(BIGNUM *a, BIGNUM *b);
-BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
-int	BN_bn2bin(const BIGNUM *a, unsigned char *to);
-BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);
-int	BN_bn2mpi(const BIGNUM *a, unsigned char *to);
-int	BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int	BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int	BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int	BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int	BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int	BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
-/** BN_set_negative sets sign of a BIGNUM
- * \param  b  pointer to the BIGNUM object
- * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise 
- */
-void	BN_set_negative(BIGNUM *b, int n);
-/** BN_is_negative returns 1 if the BIGNUM is negative
- * \param  a  pointer to the BIGNUM object
- * \return 1 if a < 0 and 0 otherwise
- */
-#define BN_is_negative(a) ((a)->neg != 0)
-
-int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
-	BN_CTX *ctx);
-#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
-int	BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
-int	BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-int	BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
-int	BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-int	BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
-int	BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *m, BN_CTX *ctx);
-int	BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-int	BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-int	BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
-int	BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);
-int	BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
-
-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
-int	BN_mul_word(BIGNUM *a, BN_ULONG w);
-int	BN_add_word(BIGNUM *a, BN_ULONG w);
-int	BN_sub_word(BIGNUM *a, BN_ULONG w);
-int	BN_set_word(BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_get_word(const BIGNUM *a);
-
-int	BN_cmp(const BIGNUM *a, const BIGNUM *b);
-void	BN_free(BIGNUM *a);
-int	BN_is_bit_set(const BIGNUM *a, int n);
-int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
-int	BN_lshift1(BIGNUM *r, const BIGNUM *a);
-int	BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
-
-int	BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m,BN_CTX *ctx);
-int	BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
-int	BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int	BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
-	const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
-	BN_CTX *ctx,BN_MONT_CTX *m_ctx);
-int	BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m,BN_CTX *ctx);
-
-int	BN_mask_bits(BIGNUM *a,int n);
-#ifndef OPENSSL_NO_FP_API
-int	BN_print_fp(FILE *fp, const BIGNUM *a);
-#endif
-#ifdef HEADER_BIO_H
-int	BN_print(BIO *fp, const BIGNUM *a);
-#else
-int	BN_print(void *fp, const BIGNUM *a);
-#endif
-int	BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
-int	BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
-int	BN_rshift1(BIGNUM *r, const BIGNUM *a);
-void	BN_clear(BIGNUM *a);
-BIGNUM *BN_dup(const BIGNUM *a);
-int	BN_ucmp(const BIGNUM *a, const BIGNUM *b);
-int	BN_set_bit(BIGNUM *a, int n);
-int	BN_clear_bit(BIGNUM *a, int n);
-char *	BN_bn2hex(const BIGNUM *a);
-char *	BN_bn2dec(const BIGNUM *a);
-int 	BN_hex2bn(BIGNUM **a, const char *str);
-int 	BN_dec2bn(BIGNUM **a, const char *str);
-int	BN_asc2bn(BIGNUM **a, const char *str);
-int	BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
-int	BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
-BIGNUM *BN_mod_inverse(BIGNUM *ret,
-	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-BIGNUM *BN_mod_sqrt(BIGNUM *ret,
-	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-
-void	BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
-
-/* Deprecated versions */
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
-	const BIGNUM *add, const BIGNUM *rem,
-	void (*callback)(int,int,void *),void *cb_arg);
-int	BN_is_prime(const BIGNUM *p,int nchecks,
-	void (*callback)(int,int,void *),
-	BN_CTX *ctx,void *cb_arg);
-int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
-	void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
-	int do_trial_division);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* Newer versions */
-int	BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
-		const BIGNUM *rem, BN_GENCB *cb);
-int	BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
-int	BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
-		int do_trial_division, BN_GENCB *cb);
-
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
-
-int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-			const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
-			const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-			BIGNUM *Xp1, BIGNUM *Xp2,
-			const BIGNUM *Xp,
-			const BIGNUM *e, BN_CTX *ctx,
-			BN_GENCB *cb);
-
-BN_MONT_CTX *BN_MONT_CTX_new(void );
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
-	BN_MONT_CTX *mont, BN_CTX *ctx);
-#define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\
-	(r),(a),&((mont)->RR),(mont),(ctx))
-int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
-	BN_MONT_CTX *mont, BN_CTX *ctx);
-void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
-					const BIGNUM *mod, BN_CTX *ctx);
-
-/* BN_BLINDING flags */
-#define	BN_BLINDING_NO_UPDATE	0x00000001
-#define	BN_BLINDING_NO_RECREATE	0x00000002
-
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
-void BN_BLINDING_free(BN_BLINDING *b);
-int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-#ifndef OPENSSL_NO_DEPRECATED
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
-void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
-#endif
-CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
-void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-	const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-	BN_MONT_CTX *m_ctx);
-
-#ifndef OPENSSL_NO_DEPRECATED
-void BN_set_params(int mul,int high,int low,int mont);
-int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
-#endif
-
-void	BN_RECP_CTX_init(BN_RECP_CTX *recp);
-BN_RECP_CTX *BN_RECP_CTX_new(void);
-void	BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int	BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
-int	BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
-	BN_RECP_CTX *recp,BN_CTX *ctx);
-int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	const BIGNUM *m, BN_CTX *ctx);
-int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
-	BN_RECP_CTX *recp, BN_CTX *ctx);
-
-#ifndef OPENSSL_NO_EC2M
-
-/* Functions for arithmetic over binary polynomials represented by BIGNUMs. 
- *
- * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
- * ignored.
- *
- * Note that input arguments are not const so that their bit arrays can
- * be expanded to the appropriate size if needed.
- */
-
-int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/
-#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
-int	BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/
-int	BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */
-int	BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	BN_CTX *ctx); /* r = (a * a) mod p */
-int	BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
-	BN_CTX *ctx); /* r = (1 / b) mod p */
-int	BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */
-int	BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */
-int	BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	BN_CTX *ctx); /* r = sqrt(a) mod p */
-int	BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-	BN_CTX *ctx); /* r^2 + r = a mod p */
-#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/* Some functions allow for representation of the irreducible polynomials
- * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
- *     t^p[0] + t^p[1] + ... + t^p[k]
- * where m = p[0] > p[1] > ... > p[k] = 0.
- */
-int	BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
-	/* r = a mod p */
-int	BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const int p[], BN_CTX *ctx); /* r = (a * b) mod p */
-int	BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
-	BN_CTX *ctx); /* r = (a * a) mod p */
-int	BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
-	BN_CTX *ctx); /* r = (1 / b) mod p */
-int	BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const int p[], BN_CTX *ctx); /* r = (a / b) mod p */
-int	BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-	const int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
-int	BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
-	const int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
-int	BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
-	const int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
-int	BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
-int	BN_GF2m_arr2poly(const int p[], BIGNUM *a);
-
-#endif
-
-/* faster mod functions for the 'NIST primes' 
- * 0 <= a < p^2 */
-int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-
-const BIGNUM *BN_get0_nist_prime_192(void);
-const BIGNUM *BN_get0_nist_prime_224(void);
-const BIGNUM *BN_get0_nist_prime_256(void);
-const BIGNUM *BN_get0_nist_prime_384(void);
-const BIGNUM *BN_get0_nist_prime_521(void);
-
-int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv,
-			  const unsigned char *message, size_t message_len,
-			  BN_CTX *ctx);
-
-/* library internal functions */
-
-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
-	(a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
-#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
-BIGNUM *bn_expand2(BIGNUM *a, int words);
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
-#endif
-
-/* Bignum consistency macros
- * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
- * bignum data after direct manipulations on the data. There is also an
- * "internal" macro, bn_check_top(), for verifying that there are no leading
- * zeroes. Unfortunately, some auditing is required due to the fact that
- * bn_fix_top() has become an overabused duct-tape because bignum data is
- * occasionally passed around in an inconsistent state. So the following
- * changes have been made to sort this out;
- * - bn_fix_top()s implementation has been moved to bn_correct_top()
- * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
- *   bn_check_top() is as before.
- * - if BN_DEBUG *is* defined;
- *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
- *     consistent. (ed: only if BN_DEBUG_RAND is defined)
- *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
- * The idea is to have debug builds flag up inconsistent bignums when they
- * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
- * the use of bn_fix_top() was appropriate (ie. it follows directly after code
- * that manipulates the bignum) it is converted to bn_correct_top(), and if it
- * was not appropriate, we convert it permanently to bn_check_top() and track
- * down the cause of the bug. Eventually, no internal code should be using the
- * bn_fix_top() macro. External applications and libraries should try this with
- * their own code too, both in terms of building against the openssl headers
- * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
- * defined. This not only improves external code, it provides more test
- * coverage for openssl's own code.
- */
-
-#ifdef BN_DEBUG
-
-/* We only need assert() when debugging */
-#include <assert.h>
-
-#ifdef BN_DEBUG_RAND
-/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
-#ifndef RAND_pseudo_bytes
-int RAND_pseudo_bytes(unsigned char *buf,int num);
-#define BN_DEBUG_TRIX
-#endif
-#define bn_pollute(a) \
-	do { \
-		const BIGNUM *_bnum1 = (a); \
-		if(_bnum1->top < _bnum1->dmax) { \
-			unsigned char _tmp_char; \
-			/* We cast away const without the compiler knowing, any \
-			 * *genuinely* constant variables that aren't mutable \
-			 * wouldn't be constructed with top!=dmax. */ \
-			BN_ULONG *_not_const; \
-			memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
-			RAND_pseudo_bytes(&_tmp_char, 1); \
-			memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
-				(_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
-		} \
-	} while(0)
-#ifdef BN_DEBUG_TRIX
-#undef RAND_pseudo_bytes
-#endif
-#else
-#define bn_pollute(a)
-#endif
-#define bn_check_top(a) \
-	do { \
-		const BIGNUM *_bnum2 = (a); \
-		if (_bnum2 != NULL) { \
-			assert((_bnum2->top == 0) || \
-				(_bnum2->d[_bnum2->top - 1] != 0)); \
-			bn_pollute(_bnum2); \
-		} \
-	} while(0)
-
-#define bn_fix_top(a)		bn_check_top(a)
-
-#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
-#define bn_wcheck_size(bn, words) \
-	do { \
-		const BIGNUM *_bnum2 = (bn); \
-		assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \
-		/* avoid unused variable warning with NDEBUG */ \
-		(void)(_bnum2); \
-	} while(0)
-
-#else /* !BN_DEBUG */
-
-#define bn_pollute(a)
-#define bn_check_top(a)
-#define bn_fix_top(a)		bn_correct_top(a)
-#define bn_check_size(bn, bits)
-#define bn_wcheck_size(bn, words)
-
-#endif
-
-#define bn_correct_top(a) \
-        { \
-        BN_ULONG *ftl; \
-	int tmp_top = (a)->top; \
-	if (tmp_top > 0) \
-		{ \
-		for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \
-			if (*(ftl--)) break; \
-		(a)->top = tmp_top; \
-		} \
-	bn_pollute(a); \
-	}
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
-
-/* Primes from RFC 2409 */
-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
-
-/* Primes from RFC 3526 */
-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
-
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BN_strings(void);
-
-/* Error codes for the BN functions. */
-
-/* Function codes. */
-#define BN_F_BNRAND					 127
-#define BN_F_BN_BLINDING_CONVERT_EX			 100
-#define BN_F_BN_BLINDING_CREATE_PARAM			 128
-#define BN_F_BN_BLINDING_INVERT_EX			 101
-#define BN_F_BN_BLINDING_NEW				 102
-#define BN_F_BN_BLINDING_UPDATE				 103
-#define BN_F_BN_BN2DEC					 104
-#define BN_F_BN_BN2HEX					 105
-#define BN_F_BN_CTX_GET					 116
-#define BN_F_BN_CTX_NEW					 106
-#define BN_F_BN_CTX_START				 129
-#define BN_F_BN_DIV					 107
-#define BN_F_BN_DIV_NO_BRANCH				 138
-#define BN_F_BN_DIV_RECP				 130
-#define BN_F_BN_EXP					 123
-#define BN_F_BN_EXPAND2					 108
-#define BN_F_BN_EXPAND_INTERNAL				 120
-#define BN_F_BN_GENERATE_DSA_NONCE			 140
-#define BN_F_BN_GF2M_MOD				 131
-#define BN_F_BN_GF2M_MOD_EXP				 132
-#define BN_F_BN_GF2M_MOD_MUL				 133
-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD			 134
-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR			 135
-#define BN_F_BN_GF2M_MOD_SQR				 136
-#define BN_F_BN_GF2M_MOD_SQRT				 137
-#define BN_F_BN_MOD_EXP2_MONT				 118
-#define BN_F_BN_MOD_EXP_MONT				 109
-#define BN_F_BN_MOD_EXP_MONT_CONSTTIME			 124
-#define BN_F_BN_MOD_EXP_MONT_WORD			 117
-#define BN_F_BN_MOD_EXP_RECP				 125
-#define BN_F_BN_MOD_EXP_SIMPLE				 126
-#define BN_F_BN_MOD_INVERSE				 110
-#define BN_F_BN_MOD_INVERSE_NO_BRANCH			 139
-#define BN_F_BN_MOD_LSHIFT_QUICK			 119
-#define BN_F_BN_MOD_MUL_RECIPROCAL			 111
-#define BN_F_BN_MOD_SQRT				 121
-#define BN_F_BN_MPI2BN					 112
-#define BN_F_BN_NEW					 113
-#define BN_F_BN_RAND					 114
-#define BN_F_BN_RAND_RANGE				 122
-#define BN_F_BN_USUB					 115
-
-/* Reason codes. */
-#define BN_R_ARG2_LT_ARG3				 100
-#define BN_R_BAD_RECIPROCAL				 101
-#define BN_R_BIGNUM_TOO_LONG				 114
-#define BN_R_CALLED_WITH_EVEN_MODULUS			 102
-#define BN_R_DIV_BY_ZERO				 103
-#define BN_R_ENCODING_ERROR				 104
-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
-#define BN_R_INPUT_NOT_REDUCED				 110
-#define BN_R_INVALID_LENGTH				 106
-#define BN_R_INVALID_RANGE				 115
-#define BN_R_NOT_A_SQUARE				 111
-#define BN_R_NOT_INITIALIZED				 107
-#define BN_R_NO_INVERSE					 108
-#define BN_R_NO_SOLUTION				 116
-#define BN_R_PRIVATE_KEY_TOO_LARGE			 117
-#define BN_R_P_IS_NOT_PRIME				 112
-#define BN_R_TOO_MANY_ITERATIONS			 113
-#define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/buffer.h b/include/openssl/buffer.h
deleted file mode 100644
index f8da32b485..0000000000
--- a/include/openssl/buffer.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/* crypto/buffer/buffer.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BUFFER_H
-#define HEADER_BUFFER_H
-
-#include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include <stddef.h>
-
-#if !defined(NO_SYS_TYPES_H)
-#include <sys/types.h>
-#endif
-
-/* Already declared in ossl_typ.h */
-/* typedef struct buf_mem_st BUF_MEM; */
-
-struct buf_mem_st
-	{
-	size_t length;	/* current number of bytes */
-	char *data;
-	size_t max;	/* size of buffer */
-	};
-
-BUF_MEM *BUF_MEM_new(void);
-void	BUF_MEM_free(BUF_MEM *a);
-int	BUF_MEM_grow(BUF_MEM *str, size_t len);
-int	BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
-char *	BUF_strdup(const char *str);
-char *	BUF_strndup(const char *str, size_t siz);
-void *	BUF_memdup(const void *data, size_t siz);
-void	BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
-
-/* safe string functions */
-size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
-size_t BUF_strlcat(char *dst,const char *src,size_t siz);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BUF_strings(void);
-
-/* Error codes for the BUF functions. */
-
-/* Function codes. */
-#define BUF_F_BUF_MEMDUP				 103
-#define BUF_F_BUF_MEM_GROW				 100
-#define BUF_F_BUF_MEM_GROW_CLEAN			 105
-#define BUF_F_BUF_MEM_NEW				 101
-#define BUF_F_BUF_STRDUP				 102
-#define BUF_F_BUF_STRNDUP				 104
-
-/* Reason codes. */
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/cmac.h b/include/openssl/cmac.h
deleted file mode 100644
index 712e92dced..0000000000
--- a/include/openssl/cmac.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/* crypto/cmac/cmac.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#ifndef HEADER_CMAC_H
-#define HEADER_CMAC_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <openssl/evp.h>
-
-/* Opaque */
-typedef struct CMAC_CTX_st CMAC_CTX;
-
-CMAC_CTX *CMAC_CTX_new(void);
-void CMAC_CTX_cleanup(CMAC_CTX *ctx);
-void CMAC_CTX_free(CMAC_CTX *ctx);
-EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
-int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
-
-int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, 
-			const EVP_CIPHER *cipher, ENGINE *impl);
-int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
-int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
-int CMAC_resume(CMAC_CTX *ctx);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/cms.h b/include/openssl/cms.h
deleted file mode 100644
index 36994fa6a2..0000000000
--- a/include/openssl/cms.h
+++ /dev/null
@@ -1,501 +0,0 @@
-/* crypto/cms/cms.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#ifndef HEADER_CMS_H
-#define HEADER_CMS_H
-
-#include <openssl/x509.h>
-
-#ifdef OPENSSL_NO_CMS
-#error CMS is disabled.
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-typedef struct CMS_ContentInfo_st CMS_ContentInfo;
-typedef struct CMS_SignerInfo_st CMS_SignerInfo;
-typedef struct CMS_CertificateChoices CMS_CertificateChoices;
-typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
-typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
-typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
-typedef struct CMS_Receipt_st CMS_Receipt;
-
-DECLARE_STACK_OF(CMS_SignerInfo)
-DECLARE_STACK_OF(GENERAL_NAMES)
-DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
-DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
-DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
-
-#define CMS_SIGNERINFO_ISSUER_SERIAL	0
-#define CMS_SIGNERINFO_KEYIDENTIFIER	1
-
-#define CMS_RECIPINFO_TRANS		0
-#define CMS_RECIPINFO_AGREE		1
-#define CMS_RECIPINFO_KEK		2
-#define CMS_RECIPINFO_PASS		3
-#define CMS_RECIPINFO_OTHER		4
-
-/* S/MIME related flags */
-
-#define CMS_TEXT			0x1
-#define CMS_NOCERTS			0x2
-#define CMS_NO_CONTENT_VERIFY		0x4
-#define CMS_NO_ATTR_VERIFY		0x8
-#define CMS_NOSIGS			\
-			(CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
-#define CMS_NOINTERN			0x10
-#define CMS_NO_SIGNER_CERT_VERIFY	0x20
-#define CMS_NOVERIFY			0x20
-#define CMS_DETACHED			0x40
-#define CMS_BINARY			0x80
-#define CMS_NOATTR			0x100
-#define	CMS_NOSMIMECAP			0x200
-#define CMS_NOOLDMIMETYPE		0x400
-#define CMS_CRLFEOL			0x800
-#define CMS_STREAM			0x1000
-#define CMS_NOCRL			0x2000
-#define CMS_PARTIAL			0x4000
-#define CMS_REUSE_DIGEST		0x8000
-#define CMS_USE_KEYID			0x10000
-#define CMS_DEBUG_DECRYPT		0x20000
-
-const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
-
-BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
-int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
-
-ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
-int CMS_is_detached(CMS_ContentInfo *cms);
-int CMS_set_detached(CMS_ContentInfo *cms, int detached);
-
-#ifdef HEADER_PEM_H
-DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
-#endif
-
-int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
-CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
-int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
-
-BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
-int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
-int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
-CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
-int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
-
-int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
-
-CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-						BIO *data, unsigned int flags);
-
-CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
-					X509 *signcert, EVP_PKEY *pkey,
-					STACK_OF(X509) *certs,
-					unsigned int flags);
-
-int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
-CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
-
-int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags);
-CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
-							unsigned int flags);
-
-int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
-				const unsigned char *key, size_t keylen,
-				BIO *dcont, BIO *out, unsigned int flags);
-
-CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
-					const unsigned char *key, size_t keylen,
-					unsigned int flags);
-
-int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
-				const unsigned char *key, size_t keylen);
-
-int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
-		 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
-
-int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
-			STACK_OF(X509) *certs,
-			X509_STORE *store, unsigned int flags);
-
-STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
-
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
-				const EVP_CIPHER *cipher, unsigned int flags);
-
-int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
-				BIO *dcont, BIO *out,
-				unsigned int flags);
-	
-int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
-int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 
-				unsigned char *key, size_t keylen,
-				unsigned char *id, size_t idlen);
-int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 
-				unsigned char *pass, ossl_ssize_t passlen);
-
-STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
-int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
-CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
-CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
-					X509 *recip, unsigned int flags);
-int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
-int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
-int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
-					EVP_PKEY **pk, X509 **recip,
-					X509_ALGOR **palg);
-int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno);
-
-CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
-					unsigned char *key, size_t keylen,
-					unsigned char *id, size_t idlen,
-					ASN1_GENERALIZEDTIME *date,
-					ASN1_OBJECT *otherTypeId,
-					ASN1_TYPE *otherType);
-
-int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
-					X509_ALGOR **palg,
-					ASN1_OCTET_STRING **pid,
-					ASN1_GENERALIZEDTIME **pdate,
-					ASN1_OBJECT **potherid,
-					ASN1_TYPE **pothertype);
-
-int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 
-				unsigned char *key, size_t keylen);
-
-int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 
-					const unsigned char *id, size_t idlen);
-
-int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 
-					unsigned char *pass,
-					ossl_ssize_t passlen);
-
-CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
-					int iter, int wrap_nid, int pbe_nid,
-					unsigned char *pass,
-					ossl_ssize_t passlen,
-					const EVP_CIPHER *kekciph);
-
-int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
-	
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags);
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
-
-int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
-const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
-
-CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
-int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
-int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
-STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
-
-CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
-int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
-int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
-STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
-
-int CMS_SignedData_init(CMS_ContentInfo *cms);
-CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
-			X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
-			unsigned int flags);
-STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
-
-void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
-int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno);
-int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
-int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
-					unsigned int flags);
-void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
-					X509_ALGOR **pdig, X509_ALGOR **psig);
-int CMS_SignerInfo_sign(CMS_SignerInfo *si);
-int CMS_SignerInfo_verify(CMS_SignerInfo *si);
-int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
-
-int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
-int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
-				int algnid, int keysize);
-int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
-
-int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
-int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos);
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos);
-X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
-X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
-int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
-int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len);
-int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len);
-int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len);
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type);
-
-int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
-int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos);
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos);
-X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
-X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
-int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
-int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len);
-int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len);
-int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len);
-void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type);
-
-#ifdef HEADER_X509V3_H
-
-int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
-				int allorfirst,
-				STACK_OF(GENERAL_NAMES) *receiptList,
-				STACK_OF(GENERAL_NAMES) *receiptsTo);
-int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
-void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
-					ASN1_STRING **pcid,
-					int *pallorfirst,
-					STACK_OF(GENERAL_NAMES) **plist,
-					STACK_OF(GENERAL_NAMES) **prto);
-
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CMS_strings(void);
-
-/* Error codes for the CMS functions. */
-
-/* Function codes. */
-#define CMS_F_CHECK_CONTENT				 99
-#define CMS_F_CMS_ADD0_CERT				 164
-#define CMS_F_CMS_ADD0_RECIPIENT_KEY			 100
-#define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD		 165
-#define CMS_F_CMS_ADD1_RECEIPTREQUEST			 158
-#define CMS_F_CMS_ADD1_RECIPIENT_CERT			 101
-#define CMS_F_CMS_ADD1_SIGNER				 102
-#define CMS_F_CMS_ADD1_SIGNINGTIME			 103
-#define CMS_F_CMS_COMPRESS				 104
-#define CMS_F_CMS_COMPRESSEDDATA_CREATE			 105
-#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO		 106
-#define CMS_F_CMS_COPY_CONTENT				 107
-#define CMS_F_CMS_COPY_MESSAGEDIGEST			 108
-#define CMS_F_CMS_DATA					 109
-#define CMS_F_CMS_DATAFINAL				 110
-#define CMS_F_CMS_DATAINIT				 111
-#define CMS_F_CMS_DECRYPT				 112
-#define CMS_F_CMS_DECRYPT_SET1_KEY			 113
-#define CMS_F_CMS_DECRYPT_SET1_PASSWORD			 166
-#define CMS_F_CMS_DECRYPT_SET1_PKEY			 114
-#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX		 115
-#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO		 116
-#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL			 117
-#define CMS_F_CMS_DIGEST_VERIFY				 118
-#define CMS_F_CMS_ENCODE_RECEIPT			 161
-#define CMS_F_CMS_ENCRYPT				 119
-#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO		 120
-#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT			 121
-#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT			 122
-#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY		 123
-#define CMS_F_CMS_ENVELOPEDDATA_CREATE			 124
-#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO		 125
-#define CMS_F_CMS_ENVELOPED_DATA_INIT			 126
-#define CMS_F_CMS_FINAL					 127
-#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES		 128
-#define CMS_F_CMS_GET0_CONTENT				 129
-#define CMS_F_CMS_GET0_ECONTENT_TYPE			 130
-#define CMS_F_CMS_GET0_ENVELOPED			 131
-#define CMS_F_CMS_GET0_REVOCATION_CHOICES		 132
-#define CMS_F_CMS_GET0_SIGNED				 133
-#define CMS_F_CMS_MSGSIGDIGEST_ADD1			 162
-#define CMS_F_CMS_RECEIPTREQUEST_CREATE0		 159
-#define CMS_F_CMS_RECEIPT_VERIFY			 160
-#define CMS_F_CMS_RECIPIENTINFO_DECRYPT			 134
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT		 135
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT		 136
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID		 137
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP		 138
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP		 139
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT		 140
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT		 141
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS		 142
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID	 143
-#define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT		 167
-#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY		 144
-#define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD		 168
-#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY		 145
-#define CMS_F_CMS_SET1_SIGNERIDENTIFIER			 146
-#define CMS_F_CMS_SET_DETACHED				 147
-#define CMS_F_CMS_SIGN					 148
-#define CMS_F_CMS_SIGNED_DATA_INIT			 149
-#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN		 150
-#define CMS_F_CMS_SIGNERINFO_SIGN			 151
-#define CMS_F_CMS_SIGNERINFO_VERIFY			 152
-#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT		 153
-#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT		 154
-#define CMS_F_CMS_SIGN_RECEIPT				 163
-#define CMS_F_CMS_STREAM				 155
-#define CMS_F_CMS_UNCOMPRESS				 156
-#define CMS_F_CMS_VERIFY				 157
-
-/* Reason codes. */
-#define CMS_R_ADD_SIGNER_ERROR				 99
-#define CMS_R_CERTIFICATE_ALREADY_PRESENT		 175
-#define CMS_R_CERTIFICATE_HAS_NO_KEYID			 160
-#define CMS_R_CERTIFICATE_VERIFY_ERROR			 100
-#define CMS_R_CIPHER_INITIALISATION_ERROR		 101
-#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR	 102
-#define CMS_R_CMS_DATAFINAL_ERROR			 103
-#define CMS_R_CMS_LIB					 104
-#define CMS_R_CONTENTIDENTIFIER_MISMATCH		 170
-#define CMS_R_CONTENT_NOT_FOUND				 105
-#define CMS_R_CONTENT_TYPE_MISMATCH			 171
-#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA		 106
-#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA		 107
-#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA		 108
-#define CMS_R_CONTENT_VERIFY_ERROR			 109
-#define CMS_R_CTRL_ERROR				 110
-#define CMS_R_CTRL_FAILURE				 111
-#define CMS_R_DECRYPT_ERROR				 112
-#define CMS_R_DIGEST_ERROR				 161
-#define CMS_R_ERROR_GETTING_PUBLIC_KEY			 113
-#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE	 114
-#define CMS_R_ERROR_SETTING_KEY				 115
-#define CMS_R_ERROR_SETTING_RECIPIENTINFO		 116
-#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH		 117
-#define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER		 176
-#define CMS_R_INVALID_KEY_LENGTH			 118
-#define CMS_R_MD_BIO_INIT_ERROR				 119
-#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH	 120
-#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH		 121
-#define CMS_R_MSGSIGDIGEST_ERROR			 172
-#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE		 162
-#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH			 163
-#define CMS_R_NEED_ONE_SIGNER				 164
-#define CMS_R_NOT_A_SIGNED_RECEIPT			 165
-#define CMS_R_NOT_ENCRYPTED_DATA			 122
-#define CMS_R_NOT_KEK					 123
-#define CMS_R_NOT_KEY_TRANSPORT				 124
-#define CMS_R_NOT_PWRI					 177
-#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE		 125
-#define CMS_R_NO_CIPHER					 126
-#define CMS_R_NO_CONTENT				 127
-#define CMS_R_NO_CONTENT_TYPE				 173
-#define CMS_R_NO_DEFAULT_DIGEST				 128
-#define CMS_R_NO_DIGEST_SET				 129
-#define CMS_R_NO_KEY					 130
-#define CMS_R_NO_KEY_OR_CERT				 174
-#define CMS_R_NO_MATCHING_DIGEST			 131
-#define CMS_R_NO_MATCHING_RECIPIENT			 132
-#define CMS_R_NO_MATCHING_SIGNATURE			 166
-#define CMS_R_NO_MSGSIGDIGEST				 167
-#define CMS_R_NO_PASSWORD				 178
-#define CMS_R_NO_PRIVATE_KEY				 133
-#define CMS_R_NO_PUBLIC_KEY				 134
-#define CMS_R_NO_RECEIPT_REQUEST			 168
-#define CMS_R_NO_SIGNERS				 135
-#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 136
-#define CMS_R_RECEIPT_DECODE_ERROR			 169
-#define CMS_R_RECIPIENT_ERROR				 137
-#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND		 138
-#define CMS_R_SIGNFINAL_ERROR				 139
-#define CMS_R_SMIME_TEXT_ERROR				 140
-#define CMS_R_STORE_INIT_ERROR				 141
-#define CMS_R_TYPE_NOT_COMPRESSED_DATA			 142
-#define CMS_R_TYPE_NOT_DATA				 143
-#define CMS_R_TYPE_NOT_DIGESTED_DATA			 144
-#define CMS_R_TYPE_NOT_ENCRYPTED_DATA			 145
-#define CMS_R_TYPE_NOT_ENVELOPED_DATA			 146
-#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT		 147
-#define CMS_R_UNKNOWN_CIPHER				 148
-#define CMS_R_UNKNOWN_DIGEST_ALGORIHM			 149
-#define CMS_R_UNKNOWN_ID				 150
-#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 151
-#define CMS_R_UNSUPPORTED_CONTENT_TYPE			 152
-#define CMS_R_UNSUPPORTED_KEK_ALGORITHM			 153
-#define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM	 179
-#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE		 154
-#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE		 155
-#define CMS_R_UNSUPPORTED_TYPE				 156
-#define CMS_R_UNWRAP_ERROR				 157
-#define CMS_R_UNWRAP_FAILURE				 180
-#define CMS_R_VERIFICATION_FAILURE			 158
-#define CMS_R_WRAP_ERROR				 159
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/comp.h b/include/openssl/comp.h
deleted file mode 100644
index 4b405c7d49..0000000000
--- a/include/openssl/comp.h
+++ /dev/null
@@ -1,80 +0,0 @@
-
-#ifndef HEADER_COMP_H
-#define HEADER_COMP_H
-
-#include <openssl/crypto.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct comp_ctx_st COMP_CTX;
-
-typedef struct comp_method_st
-	{
-	int type;		/* NID for compression library */
-	const char *name;	/* A text string to identify the library */
-	int (*init)(COMP_CTX *ctx);
-	void (*finish)(COMP_CTX *ctx);
-	int (*compress)(COMP_CTX *ctx,
-			unsigned char *out, unsigned int olen,
-			unsigned char *in, unsigned int ilen);
-	int (*expand)(COMP_CTX *ctx,
-		      unsigned char *out, unsigned int olen,
-		      unsigned char *in, unsigned int ilen);
-	/* The following two do NOTHING, but are kept for backward compatibility */
-	long (*ctrl)(void);
-	long (*callback_ctrl)(void);
-	} COMP_METHOD;
-
-struct comp_ctx_st
-	{
-	COMP_METHOD *meth;
-	unsigned long compress_in;
-	unsigned long compress_out;
-	unsigned long expand_in;
-	unsigned long expand_out;
-
-	CRYPTO_EX_DATA	ex_data;
-	};
-
-
-COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
-void COMP_CTX_free(COMP_CTX *ctx);
-int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
-	unsigned char *in, int ilen);
-int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
-	unsigned char *in, int ilen);
-COMP_METHOD *COMP_rle(void );
-COMP_METHOD *COMP_zlib(void );
-void COMP_zlib_cleanup(void);
-
-#ifdef HEADER_BIO_H
-#ifdef ZLIB
-BIO_METHOD *BIO_f_zlib(void);
-#endif
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_COMP_strings(void);
-
-/* Error codes for the COMP functions. */
-
-/* Function codes. */
-#define COMP_F_BIO_ZLIB_FLUSH				 99
-#define COMP_F_BIO_ZLIB_NEW				 100
-#define COMP_F_BIO_ZLIB_READ				 101
-#define COMP_F_BIO_ZLIB_WRITE				 102
-
-/* Reason codes. */
-#define COMP_R_ZLIB_DEFLATE_ERROR			 99
-#define COMP_R_ZLIB_INFLATE_ERROR			 100
-#define COMP_R_ZLIB_NOT_SUPPORTED			 101
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/conf.h b/include/openssl/conf.h
deleted file mode 100644
index c2199978a3..0000000000
--- a/include/openssl/conf.h
+++ /dev/null
@@ -1,263 +0,0 @@
-/* crypto/conf/conf.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef  HEADER_CONF_H
-#define HEADER_CONF_H
-
-#include <openssl/bio.h>
-#include <openssl/lhash.h>
-#include <openssl/stack.h>
-#include <openssl/safestack.h>
-#include <openssl/e_os2.h>
-
-#include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct
-	{
-	char *section;
-	char *name;
-	char *value;
-	} CONF_VALUE;
-
-DECLARE_STACK_OF(CONF_VALUE)
-DECLARE_LHASH_OF(CONF_VALUE);
-
-struct conf_st;
-struct conf_method_st;
-typedef struct conf_method_st CONF_METHOD;
-
-struct conf_method_st
-	{
-	const char *name;
-	CONF *(*create)(CONF_METHOD *meth);
-	int (*init)(CONF *conf);
-	int (*destroy)(CONF *conf);
-	int (*destroy_data)(CONF *conf);
-	int (*load_bio)(CONF *conf, BIO *bp, long *eline);
-	int (*dump)(const CONF *conf, BIO *bp);
-	int (*is_number)(const CONF *conf, char c);
-	int (*to_int)(const CONF *conf, char c);
-	int (*load)(CONF *conf, const char *name, long *eline);
-	};
-
-/* Module definitions */
-
-typedef struct conf_imodule_st CONF_IMODULE;
-typedef struct conf_module_st CONF_MODULE;
-
-DECLARE_STACK_OF(CONF_MODULE)
-DECLARE_STACK_OF(CONF_IMODULE)
-
-/* DSO module function typedefs */
-typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf);
-typedef void conf_finish_func(CONF_IMODULE *md);
-
-#define	CONF_MFLAGS_IGNORE_ERRORS	0x1
-#define CONF_MFLAGS_IGNORE_RETURN_CODES	0x2
-#define CONF_MFLAGS_SILENT		0x4
-#define CONF_MFLAGS_NO_DSO		0x8
-#define CONF_MFLAGS_IGNORE_MISSING_FILE	0x10
-#define CONF_MFLAGS_DEFAULT_SECTION	0x20
-
-int CONF_set_default_method(CONF_METHOD *meth);
-void CONF_set_nconf(CONF *conf,LHASH_OF(CONF_VALUE) *hash);
-LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf,const char *file,
-				long *eline);
-#ifndef OPENSSL_NO_FP_API
-LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
-				   long *eline);
-#endif
-LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,long *eline);
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
-				       const char *section);
-char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf,const char *group,
-		      const char *name);
-long CONF_get_number(LHASH_OF(CONF_VALUE) *conf,const char *group,
-		     const char *name);
-void CONF_free(LHASH_OF(CONF_VALUE) *conf);
-int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
-int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
-
-void OPENSSL_config(const char *config_name);
-void OPENSSL_no_config(void);
-
-/* New conf code.  The semantics are different from the functions above.
-   If that wasn't the case, the above functions would have been replaced */
-
-struct conf_st
-	{
-	CONF_METHOD *meth;
-	void *meth_data;
-	LHASH_OF(CONF_VALUE) *data;
-	};
-
-CONF *NCONF_new(CONF_METHOD *meth);
-CONF_METHOD *NCONF_default(void);
-CONF_METHOD *NCONF_WIN32(void);
-#if 0 /* Just to give you an idea of what I have in mind */
-CONF_METHOD *NCONF_XML(void);
-#endif
-void NCONF_free(CONF *conf);
-void NCONF_free_data(CONF *conf);
-
-int NCONF_load(CONF *conf,const char *file,long *eline);
-#ifndef OPENSSL_NO_FP_API
-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline);
-#endif
-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline);
-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section);
-char *NCONF_get_string(const CONF *conf,const char *group,const char *name);
-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
-		       long *result);
-int NCONF_dump_fp(const CONF *conf, FILE *out);
-int NCONF_dump_bio(const CONF *conf, BIO *out);
-
-#if 0 /* The following function has no error checking,
-	 and should therefore be avoided */
-long NCONF_get_number(CONF *conf,char *group,char *name);
-#else
-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
-#endif
-  
-/* Module functions */
-
-int CONF_modules_load(const CONF *cnf, const char *appname,
-		      unsigned long flags);
-int CONF_modules_load_file(const char *filename, const char *appname,
-			   unsigned long flags);
-void CONF_modules_unload(int all);
-void CONF_modules_finish(void);
-void CONF_modules_free(void);
-int CONF_module_add(const char *name, conf_init_func *ifunc,
-		    conf_finish_func *ffunc);
-
-const char *CONF_imodule_get_name(const CONF_IMODULE *md);
-const char *CONF_imodule_get_value(const CONF_IMODULE *md);
-void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
-void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
-CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
-unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
-void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
-void *CONF_module_get_usr_data(CONF_MODULE *pmod);
-void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
-
-char *CONF_get1_default_config_file(void);
-
-int CONF_parse_list(const char *list, int sep, int nospc,
-	int (*list_cb)(const char *elem, int len, void *usr), void *arg);
-
-void OPENSSL_load_builtin_modules(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CONF_strings(void);
-
-/* Error codes for the CONF functions. */
-
-/* Function codes. */
-#define CONF_F_CONF_DUMP_FP				 104
-#define CONF_F_CONF_LOAD				 100
-#define CONF_F_CONF_LOAD_BIO				 102
-#define CONF_F_CONF_LOAD_FP				 103
-#define CONF_F_CONF_MODULES_LOAD			 116
-#define CONF_F_CONF_PARSE_LIST				 119
-#define CONF_F_DEF_LOAD					 120
-#define CONF_F_DEF_LOAD_BIO				 121
-#define CONF_F_MODULE_INIT				 115
-#define CONF_F_MODULE_LOAD_DSO				 117
-#define CONF_F_MODULE_RUN				 118
-#define CONF_F_NCONF_DUMP_BIO				 105
-#define CONF_F_NCONF_DUMP_FP				 106
-#define CONF_F_NCONF_GET_NUMBER				 107
-#define CONF_F_NCONF_GET_NUMBER_E			 112
-#define CONF_F_NCONF_GET_SECTION			 108
-#define CONF_F_NCONF_GET_STRING				 109
-#define CONF_F_NCONF_LOAD				 113
-#define CONF_F_NCONF_LOAD_BIO				 110
-#define CONF_F_NCONF_LOAD_FP				 114
-#define CONF_F_NCONF_NEW				 111
-#define CONF_F_STR_COPY					 101
-
-/* Reason codes. */
-#define CONF_R_ERROR_LOADING_DSO			 110
-#define CONF_R_LIST_CANNOT_BE_NULL			 115
-#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET		 100
-#define CONF_R_MISSING_EQUAL_SIGN			 101
-#define CONF_R_MISSING_FINISH_FUNCTION			 111
-#define CONF_R_MISSING_INIT_FUNCTION			 112
-#define CONF_R_MODULE_INITIALIZATION_ERROR		 109
-#define CONF_R_NO_CLOSE_BRACE				 102
-#define CONF_R_NO_CONF					 105
-#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE		 106
-#define CONF_R_NO_SECTION				 107
-#define CONF_R_NO_SUCH_FILE				 114
-#define CONF_R_NO_VALUE					 108
-#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
-#define CONF_R_UNKNOWN_MODULE_NAME			 113
-#define CONF_R_VARIABLE_HAS_NO_VALUE			 104
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/conf_api.h b/include/openssl/conf_api.h
deleted file mode 100644
index 87a954aff6..0000000000
--- a/include/openssl/conf_api.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/* conf_api.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef  HEADER_CONF_API_H
-#define HEADER_CONF_API_H
-
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Up until OpenSSL 0.9.5a, this was new_section */
-CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
-/* Up until OpenSSL 0.9.5a, this was get_section */
-CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
-/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
-STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
-					       const char *section);
-
-int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
-char *_CONF_get_string(const CONF *conf, const char *section,
-		       const char *name);
-long _CONF_get_number(const CONF *conf, const char *section, const char *name);
-
-int _CONF_new_data(CONF *conf);
-void _CONF_free_data(CONF *conf);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
deleted file mode 100644
index f92fc5182d..0000000000
--- a/include/openssl/crypto.h
+++ /dev/null
@@ -1,611 +0,0 @@
-/* crypto/crypto.h */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_CRYPTO_H
-#define HEADER_CRYPTO_H
-
-#include <stdlib.h>
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h>
-#endif
-
-#include <openssl/stack.h>
-#include <openssl/safestack.h>
-#include <openssl/opensslv.h>
-#include <openssl/ossl_typ.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-/* Resolve problems on some operating systems with symbol names that clash
-   one way or another */
-#include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Backward compatibility to SSLeay */
-/* This is more to be used to check the correct DLL is being used
- * in the MS world. */
-#define SSLEAY_VERSION_NUMBER	OPENSSL_VERSION_NUMBER
-#define SSLEAY_VERSION		0
-/* #define SSLEAY_OPTIONS	1 no longer supported */
-#define SSLEAY_CFLAGS		2
-#define SSLEAY_BUILT_ON		3
-#define SSLEAY_PLATFORM		4
-#define SSLEAY_DIR		5
-
-/* Already declared in ossl_typ.h */
-#if 0
-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
-/* Called when a new object is created */
-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-					int idx, long argl, void *argp);
-/* Called when an object is free()ed */
-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-					int idx, long argl, void *argp);
-/* Called when we need to dup an object */
-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
-					int idx, long argl, void *argp);
-#endif
-
-/* A generic structure to pass assorted data in a expandable way */
-typedef struct openssl_item_st
-	{
-	int code;
-	void *value;		/* Not used for flag attributes */
-	size_t value_size;	/* Max size of value for output, length for input */
-	size_t *value_length;	/* Returned length of value for output */
-	} OPENSSL_ITEM;
-
-
-/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
- * names in cryptlib.c
- */
-
-#define	CRYPTO_LOCK_ERR			1
-#define	CRYPTO_LOCK_EX_DATA		2
-#define	CRYPTO_LOCK_X509		3
-#define	CRYPTO_LOCK_X509_INFO		4
-#define	CRYPTO_LOCK_X509_PKEY		5
-#define CRYPTO_LOCK_X509_CRL		6
-#define CRYPTO_LOCK_X509_REQ		7
-#define CRYPTO_LOCK_DSA			8
-#define CRYPTO_LOCK_RSA			9
-#define CRYPTO_LOCK_EVP_PKEY		10
-#define CRYPTO_LOCK_X509_STORE		11
-#define CRYPTO_LOCK_SSL_CTX		12
-#define CRYPTO_LOCK_SSL_CERT		13
-#define CRYPTO_LOCK_SSL_SESSION		14
-#define CRYPTO_LOCK_SSL_SESS_CERT	15
-#define CRYPTO_LOCK_SSL			16
-#define CRYPTO_LOCK_SSL_METHOD		17
-#define CRYPTO_LOCK_RAND		18
-#define CRYPTO_LOCK_RAND2		19
-#define CRYPTO_LOCK_MALLOC		20
-#define CRYPTO_LOCK_BIO			21
-#define CRYPTO_LOCK_GETHOSTBYNAME	22
-#define CRYPTO_LOCK_GETSERVBYNAME	23
-#define CRYPTO_LOCK_READDIR		24
-#define CRYPTO_LOCK_RSA_BLINDING	25
-#define CRYPTO_LOCK_DH			26
-#define CRYPTO_LOCK_MALLOC2		27
-#define CRYPTO_LOCK_DSO			28
-#define CRYPTO_LOCK_DYNLOCK		29
-#define CRYPTO_LOCK_ENGINE		30
-#define CRYPTO_LOCK_UI			31
-#define CRYPTO_LOCK_ECDSA               32
-#define CRYPTO_LOCK_EC			33
-#define CRYPTO_LOCK_ECDH		34
-#define CRYPTO_LOCK_BN  		35
-#define CRYPTO_LOCK_EC_PRE_COMP		36
-#define CRYPTO_LOCK_STORE		37
-#define CRYPTO_LOCK_COMP		38
-#define CRYPTO_LOCK_FIPS		39
-#define CRYPTO_LOCK_FIPS2		40
-#define CRYPTO_NUM_LOCKS		41
-
-#define CRYPTO_LOCK		1
-#define CRYPTO_UNLOCK		2
-#define CRYPTO_READ		4
-#define CRYPTO_WRITE		8
-
-#ifndef OPENSSL_NO_LOCKING
-#ifndef CRYPTO_w_lock
-#define CRYPTO_w_lock(type)	\
-	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-#define CRYPTO_w_unlock(type)	\
-	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-#define CRYPTO_r_lock(type)	\
-	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-#define CRYPTO_r_unlock(type)	\
-	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-#define CRYPTO_add(addr,amount,type)	\
-	CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-#endif
-#else
-#define CRYPTO_w_lock(a)
-#define CRYPTO_w_unlock(a)
-#define CRYPTO_r_lock(a)
-#define CRYPTO_r_unlock(a)
-#define CRYPTO_add(a,b,c)	((*(a))+=(b))
-#endif
-
-/* Some applications as well as some parts of OpenSSL need to allocate
-   and deallocate locks in a dynamic fashion.  The following typedef
-   makes this possible in a type-safe manner.  */
-/* struct CRYPTO_dynlock_value has to be defined by the application. */
-typedef struct
-	{
-	int references;
-	struct CRYPTO_dynlock_value *data;
-	} CRYPTO_dynlock;
-
-
-/* The following can be used to detect memory leaks in the SSLeay library.
- * It used, it turns on malloc checking */
-
-#define CRYPTO_MEM_CHECK_OFF	0x0	/* an enume */
-#define CRYPTO_MEM_CHECK_ON	0x1	/* a bit */
-#define CRYPTO_MEM_CHECK_ENABLE	0x2	/* a bit */
-#define CRYPTO_MEM_CHECK_DISABLE 0x3	/* an enume */
-
-/* The following are bit values to turn on or off options connected to the
- * malloc checking functionality */
-
-/* Adds time to the memory checking information */
-#define V_CRYPTO_MDEBUG_TIME	0x1 /* a bit */
-/* Adds thread number to the memory checking information */
-#define V_CRYPTO_MDEBUG_THREAD	0x2 /* a bit */
-
-#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD)
-
-
-/* predec of the BIO type */
-typedef struct bio_st BIO_dummy;
-
-struct crypto_ex_data_st
-	{
-	STACK_OF(void) *sk;
-	int dummy; /* gcc is screwing up this data structure :-( */
-	};
-DECLARE_STACK_OF(void)
-
-/* This stuff is basically class callback functions
- * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
-
-typedef struct crypto_ex_data_func_st
-	{
-	long argl;	/* Arbitary long */
-	void *argp;	/* Arbitary void * */
-	CRYPTO_EX_new *new_func;
-	CRYPTO_EX_free *free_func;
-	CRYPTO_EX_dup *dup_func;
-	} CRYPTO_EX_DATA_FUNCS;
-
-DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
-
-/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
- * entry.
- */
-
-#define CRYPTO_EX_INDEX_BIO		0
-#define CRYPTO_EX_INDEX_SSL		1
-#define CRYPTO_EX_INDEX_SSL_CTX		2
-#define CRYPTO_EX_INDEX_SSL_SESSION	3
-#define CRYPTO_EX_INDEX_X509_STORE	4
-#define CRYPTO_EX_INDEX_X509_STORE_CTX	5
-#define CRYPTO_EX_INDEX_RSA		6
-#define CRYPTO_EX_INDEX_DSA		7
-#define CRYPTO_EX_INDEX_DH		8
-#define CRYPTO_EX_INDEX_ENGINE		9
-#define CRYPTO_EX_INDEX_X509		10
-#define CRYPTO_EX_INDEX_UI		11
-#define CRYPTO_EX_INDEX_ECDSA		12
-#define CRYPTO_EX_INDEX_ECDH		13
-#define CRYPTO_EX_INDEX_COMP		14
-#define CRYPTO_EX_INDEX_STORE		15
-
-/* Dynamically assigned indexes start from this value (don't use directly, use
- * via CRYPTO_ex_data_new_class). */
-#define CRYPTO_EX_INDEX_USER		100
-
-
-/* This is the default callbacks, but we can have others as well:
- * this is needed in Win32 where the application malloc and the
- * library malloc may not be the same.
- */
-#define CRYPTO_malloc_init()	CRYPTO_set_mem_functions(\
-	malloc, realloc, free)
-
-#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD
-# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */
-#  define CRYPTO_MDEBUG
-# endif
-#endif
-
-/* Set standard debugging functions (not done by default
- * unless CRYPTO_MDEBUG is defined) */
-#define CRYPTO_malloc_debug_init()	do {\
-	CRYPTO_set_mem_debug_functions(\
-		CRYPTO_dbg_malloc,\
-		CRYPTO_dbg_realloc,\
-		CRYPTO_dbg_free,\
-		CRYPTO_dbg_set_options,\
-		CRYPTO_dbg_get_options);\
-	} while(0)
-
-int CRYPTO_mem_ctrl(int mode);
-int CRYPTO_is_mem_check_on(void);
-
-/* for applications */
-#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
-#define MemCheck_stop()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)
-
-/* for library-internal use */
-#define MemCheck_on()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE)
-#define MemCheck_off()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
-#define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
-#define OPENSSL_malloc(num)	CRYPTO_malloc((int)num,__FILE__,__LINE__)
-#define OPENSSL_strdup(str)	CRYPTO_strdup((str),__FILE__,__LINE__)
-#define OPENSSL_realloc(addr,num) \
-	CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-#define OPENSSL_realloc_clean(addr,old_num,num) \
-	CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-#define OPENSSL_remalloc(addr,num) \
-	CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-#define OPENSSL_freeFunc	CRYPTO_free
-#define OPENSSL_free(addr)	CRYPTO_free(addr)
-
-#define OPENSSL_malloc_locked(num) \
-	CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
-
-const char *SSLeay_version(int type);
-unsigned long SSLeay(void);
-
-int OPENSSL_issetugid(void);
-
-/* An opaque type representing an implementation of "ex_data" support */
-typedef struct st_CRYPTO_EX_DATA_IMPL	CRYPTO_EX_DATA_IMPL;
-/* Return an opaque pointer to the current "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
-/* Sets the "ex_data" implementation to be used (if it's not too late) */
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
-/* Get a new "ex_data" class, and return the corresponding "class_index" */
-int CRYPTO_ex_data_new_class(void);
-/* Within a given class, get/register a new index */
-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-		CRYPTO_EX_free *free_func);
-/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given
- * class (invokes whatever per-class callbacks are applicable) */
-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-		CRYPTO_EX_DATA *from);
-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index
- * (relative to the class type involved) */
-int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx);
-/* This function cleans up all "ex_data" state. It mustn't be called under
- * potential race-conditions. */
-void CRYPTO_cleanup_all_ex_data(void);
-
-int CRYPTO_get_new_lockid(char *name);
-
-int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */
-void CRYPTO_lock(int mode, int type,const char *file,int line);
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
-					      const char *file,int line));
-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
-		int line);
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
-					      const char *file, int line));
-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
-					  const char *file,int line);
-
-/* Don't use this structure directly. */
-typedef struct crypto_threadid_st
-	{
-	void *ptr;
-	unsigned long val;
-	} CRYPTO_THREADID;
-/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
-void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val);
-void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr);
-int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *));
-void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *);
-void CRYPTO_THREADID_current(CRYPTO_THREADID *id);
-int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b);
-void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src);
-unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id);
-#ifndef OPENSSL_NO_DEPRECATED
-void CRYPTO_set_id_callback(unsigned long (*func)(void));
-unsigned long (*CRYPTO_get_id_callback(void))(void);
-unsigned long CRYPTO_thread_id(void);
-#endif
-
-const char *CRYPTO_get_lock_name(int type);
-int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
-		    int line);
-
-int CRYPTO_get_new_dynlockid(void);
-void CRYPTO_destroy_dynlockid(int i);
-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line));
-void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line));
-void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line));
-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line);
-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line);
-void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line);
-
-/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions --
- * call the latter last if you need different functions */
-int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *));
-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *));
-int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int),
-                                void *(*r)(void *,size_t,const char *,int),
-                                void (*f)(void *));
-int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int),
-                                       void (*free_func)(void *));
-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
-				   void (*r)(void *,void *,int,const char *,int,int),
-				   void (*f)(void *,int),
-				   void (*so)(long),
-				   long (*go)(void));
-void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));
-void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
-void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),
-                                 void *(**r)(void *, size_t,const char *,int),
-                                 void (**f)(void *));
-void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int),
-                                        void (**f)(void *));
-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
-				    void (**r)(void *,void *,int,const char *,int,int),
-				    void (**f)(void *,int),
-				    void (**so)(long),
-				    long (**go)(void));
-
-void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *ptr);
-void *CRYPTO_malloc(int num, const char *file, int line);
-char *CRYPTO_strdup(const char *str, const char *file, int line);
-void CRYPTO_free(void *ptr);
-void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
-void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
-			   int line);
-void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
-
-void OPENSSL_cleanse(void *ptr, size_t len);
-
-void CRYPTO_set_mem_debug_options(long bits);
-long CRYPTO_get_mem_debug_options(void);
-
-#define CRYPTO_push_info(info) \
-        CRYPTO_push_info_(info, __FILE__, __LINE__);
-int CRYPTO_push_info_(const char *info, const char *file, int line);
-int CRYPTO_pop_info(void);
-int CRYPTO_remove_all_info(void);
-
-
-/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
- * used as default in CRYPTO_MDEBUG compilations): */
-/* The last argument has the following significance:
- *
- * 0:	called before the actual memory allocation has taken place
- * 1:	called after the actual memory allocation has taken place
- */
-void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
-void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
-void CRYPTO_dbg_free(void *addr,int before_p);
-/* Tell the debugging code about options.  By default, the following values
- * apply:
- *
- * 0:                           Clear all options.
- * V_CRYPTO_MDEBUG_TIME (1):    Set the "Show Time" option.
- * V_CRYPTO_MDEBUG_THREAD (2):  Set the "Show Thread Number" option.
- * V_CRYPTO_MDEBUG_ALL (3):     1 + 2
- */
-void CRYPTO_dbg_set_options(long bits);
-long CRYPTO_dbg_get_options(void);
-
-
-#ifndef OPENSSL_NO_FP_API
-void CRYPTO_mem_leaks_fp(FILE *);
-#endif
-void CRYPTO_mem_leaks(struct bio_st *bio);
-/* unsigned long order, char *file, int line, int num_bytes, char *addr */
-typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
-
-/* die if we have to */
-void OpenSSLDie(const char *file,int line,const char *assertion);
-#define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-
-unsigned long *OPENSSL_ia32cap_loc(void);
-#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
-int OPENSSL_isservice(void);
-
-int FIPS_mode(void);
-int FIPS_mode_set(int r);
-
-void OPENSSL_init(void);
-
-#define fips_md_init(alg) fips_md_init_ctx(alg, alg)
-
-#ifdef OPENSSL_FIPS
-#define fips_md_init_ctx(alg, cx) \
-	int alg##_Init(cx##_CTX *c) \
-	{ \
-	if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-		"Low level API call to digest " #alg " forbidden in FIPS mode!"); \
-	return private_##alg##_Init(c); \
-	} \
-	int private_##alg##_Init(cx##_CTX *c)
-
-#define fips_cipher_abort(alg) \
-	if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
-		"Low level API call to cipher " #alg " forbidden in FIPS mode!")
-
-#else
-#define fips_md_init_ctx(alg, cx) \
-	int alg##_Init(cx##_CTX *c)
-#define fips_cipher_abort(alg) while(0)
-#endif
-
-/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
- * takes an amount of time dependent on |len|, but independent of the contents
- * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
- * defined order as the return value when a != b is undefined, other than to be
- * non-zero. */
-int CRYPTO_memcmp(const void *a, const void *b, size_t len);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CRYPTO_strings(void);
-
-/* Error codes for the CRYPTO functions. */
-
-/* Function codes. */
-#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX		 100
-#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID		 103
-#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID			 101
-#define CRYPTO_F_CRYPTO_SET_EX_DATA			 102
-#define CRYPTO_F_DEF_ADD_INDEX				 104
-#define CRYPTO_F_DEF_GET_CLASS				 105
-#define CRYPTO_F_FIPS_MODE_SET				 109
-#define CRYPTO_F_INT_DUP_EX_DATA			 106
-#define CRYPTO_F_INT_FREE_EX_DATA			 107
-#define CRYPTO_F_INT_NEW_EX_DATA			 108
-
-/* Reason codes. */
-#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED		 101
-#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK		 100
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/des.h b/include/openssl/des.h
deleted file mode 100644
index 1eaedcbd24..0000000000
--- a/include/openssl/des.h
+++ /dev/null
@@ -1,248 +0,0 @@
-/* crypto/des/des.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_NEW_DES_H
-#define HEADER_NEW_DES_H
-
-#include <openssl/e_os2.h>	/* OPENSSL_EXTERN, OPENSSL_NO_DES,
-				   DES_LONG (via openssl/opensslconf.h */
-
-#ifdef OPENSSL_NO_DES
-#error DES is disabled.
-#endif
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef unsigned char DES_cblock[8];
-typedef /* const */ unsigned char const_DES_cblock[8];
-/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock *
- * and const_DES_cblock * are incompatible pointer types. */
-
-typedef struct DES_ks
-    {
-    union
-	{
-	DES_cblock cblock;
-	/* make sure things are correct size on machines with
-	 * 8 byte longs */
-	DES_LONG deslong[2];
-	} ks[16];
-    } DES_key_schedule;
-
-#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT
-# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT
-#  define OPENSSL_ENABLE_OLD_DES_SUPPORT
-# endif
-#endif
-
-#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT
-# include <openssl/des_old.h>
-#endif
-
-#define DES_KEY_SZ 	(sizeof(DES_cblock))
-#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
-
-#define DES_ENCRYPT	1
-#define DES_DECRYPT	0
-
-#define DES_CBC_MODE	0
-#define DES_PCBC_MODE	1
-
-#define DES_ecb2_encrypt(i,o,k1,k2,e) \
-	DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-OPENSSL_DECLARE_GLOBAL(int,DES_check_key);	/* defaults to false */
-#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
-OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode);	/* defaults to DES_PCBC_MODE */
-#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)
-
-const char *DES_options(void);
-void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
-		      DES_key_schedule *ks1,DES_key_schedule *ks2,
-		      DES_key_schedule *ks3, int enc);
-DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,
-		       long length,DES_key_schedule *schedule,
-		       const_DES_cblock *ivec);
-/* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */
-void DES_cbc_encrypt(const unsigned char *input,unsigned char *output,
-		     long length,DES_key_schedule *schedule,DES_cblock *ivec,
-		     int enc);
-void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output,
-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
-		      int enc);
-void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output,
-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
-		      const_DES_cblock *inw,const_DES_cblock *outw,int enc);
-void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
-		     long length,DES_key_schedule *schedule,DES_cblock *ivec,
-		     int enc);
-void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output,
-		     DES_key_schedule *ks,int enc);
-
-/* 	This is the DES encryption function that gets called by just about
-	every other DES routine in the library.  You should not use this
-	function except to implement 'modes' of DES.  I say this because the
-	functions that call this routine do the conversion from 'char *' to
-	long, and this needs to be done to make sure 'non-aligned' memory
-	access do not occur.  The characters are loaded 'little endian'.
-	Data is a pointer to 2 unsigned long's and ks is the
-	DES_key_schedule to use.  enc, is non zero specifies encryption,
-	zero if decryption. */
-void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc);
-
-/* 	This functions is the same as DES_encrypt1() except that the DES
-	initial permutation (IP) and final permutation (FP) have been left
-	out.  As for DES_encrypt1(), you should not use this function.
-	It is used by the routines in the library that implement triple DES.
-	IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same
-	as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */
-void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc);
-
-void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
-		  DES_key_schedule *ks2, DES_key_schedule *ks3);
-void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
-		  DES_key_schedule *ks2, DES_key_schedule *ks3);
-void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, 
-			  long length,
-			  DES_key_schedule *ks1,DES_key_schedule *ks2,
-			  DES_key_schedule *ks3,DES_cblock *ivec,int enc);
-void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
-			   long length,
-			   DES_key_schedule *ks1,DES_key_schedule *ks2,
-			   DES_key_schedule *ks3,
-			   DES_cblock *ivec1,DES_cblock *ivec2,
-			   int enc);
-void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
-			    long length,DES_key_schedule *ks1,
-			    DES_key_schedule *ks2,DES_key_schedule *ks3,
-			    DES_cblock *ivec,int *num,int enc);
-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
-			  int numbits,long length,DES_key_schedule *ks1,
-			  DES_key_schedule *ks2,DES_key_schedule *ks3,
-			  DES_cblock *ivec,int enc);
-void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
-			    long length,DES_key_schedule *ks1,
-			    DES_key_schedule *ks2,DES_key_schedule *ks3,
-			    DES_cblock *ivec,int *num);
-#if 0
-void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,
-		       DES_cblock *out_white);
-#endif
-
-int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,
-		 DES_cblock *iv);
-int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched,
-		  DES_cblock *iv);
-char *DES_fcrypt(const char *buf,const char *salt, char *ret);
-char *DES_crypt(const char *buf,const char *salt);
-void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
-		     long length,DES_key_schedule *schedule,DES_cblock *ivec);
-void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output,
-		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
-		      int enc);
-DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[],
-			long length,int out_count,DES_cblock *seed);
-int DES_random_key(DES_cblock *ret);
-void DES_set_odd_parity(DES_cblock *key);
-int DES_check_key_parity(const_DES_cblock *key);
-int DES_is_weak_key(const_DES_cblock *key);
-/* DES_set_key (= set_key = DES_key_sched = key_sched) calls
- * DES_set_key_checked if global variable DES_check_key is set,
- * DES_set_key_unchecked otherwise. */
-int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
-int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
-int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
-void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-#ifdef OPENSSL_FIPS
-void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-#endif
-void DES_string_to_key(const char *str,DES_cblock *key);
-void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
-void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-		       DES_key_schedule *schedule,DES_cblock *ivec,int *num,
-		       int enc);
-void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
-		       DES_key_schedule *schedule,DES_cblock *ivec,int *num);
-
-int DES_read_password(DES_cblock *key, const char *prompt, int verify);
-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
-	int verify);
-
-#define DES_fixup_key_parity DES_set_odd_parity
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/des_old.h b/include/openssl/des_old.h
deleted file mode 100644
index 2b2c372354..0000000000
--- a/include/openssl/des_old.h
+++ /dev/null
@@ -1,446 +0,0 @@
-/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with openssl 0.9.6 and older as
- * well as libdes.  OpenSSL now provides functions where "des_" has
- * been replaced with "DES_" in the names, to make it possible to
- * make incompatible changes that are needed for C type security and
- * other stuff.
- *
- * This include files has two compatibility modes:
- *
- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
- *     that is compatible with libdes and SSLeay.
- *   - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
- *     API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
- *
- * Note that these modes break earlier snapshots of OpenSSL, where
- * libdes compatibility was the only available mode or (later on) the
- * prefered compatibility mode.  However, after much consideration
- * (and more or less violent discussions with external parties), it
- * was concluded that OpenSSL should be compatible with earlier versions
- * of itself before anything else.  Also, in all honesty, libdes is
- * an old beast that shouldn't really be used any more.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones.  The des_ functions will disappear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
-
-#include <openssl/e_os2.h>	/* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
-
-#ifdef OPENSSL_NO_DES
-#error DES is disabled.
-#endif
-
-#ifndef HEADER_NEW_DES_H
-#error You must include des.h, not des_old.h directly.
-#endif
-
-#ifdef _KERBEROS_DES_H
-#error <openssl/des_old.h> replaces <kerberos/des.h>.
-#endif
-
-#include <openssl/symhacks.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef _
-#undef _
-#endif
-
-typedef unsigned char _ossl_old_des_cblock[8];
-typedef struct _ossl_old_des_ks_struct
-	{
-	union	{
-		_ossl_old_des_cblock _;
-		/* make sure things are correct size on machines with
-		 * 8 byte longs */
-		DES_LONG pad[2];
-		} ks;
-	} _ossl_old_des_key_schedule[16];
-
-#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
-#define des_cblock DES_cblock
-#define const_des_cblock const_DES_cblock
-#define des_key_schedule DES_key_schedule
-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
-	DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
-	DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
-#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
-	DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
-	DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
-	DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
-#define des_options()\
-	DES_options()
-#define des_cbc_cksum(i,o,l,k,iv)\
-	DES_cbc_cksum((i),(o),(l),&(k),(iv))
-#define des_cbc_encrypt(i,o,l,k,iv,e)\
-	DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#define des_ncbc_encrypt(i,o,l,k,iv,e)\
-	DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
-	DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
-	DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
-#define des_ecb_encrypt(i,o,k,e)\
-	DES_ecb_encrypt((i),(o),&(k),(e))
-#define des_encrypt1(d,k,e)\
-	DES_encrypt1((d),&(k),(e))
-#define des_encrypt2(d,k,e)\
-	DES_encrypt2((d),&(k),(e))
-#define des_encrypt3(d,k1,k2,k3)\
-	DES_encrypt3((d),&(k1),&(k2),&(k3))
-#define des_decrypt3(d,k1,k2,k3)\
-	DES_decrypt3((d),&(k1),&(k2),&(k3))
-#define des_xwhite_in2out(k,i,o)\
-	DES_xwhite_in2out((k),(i),(o))
-#define des_enc_read(f,b,l,k,iv)\
-	DES_enc_read((f),(b),(l),&(k),(iv))
-#define des_enc_write(f,b,l,k,iv)\
-	DES_enc_write((f),(b),(l),&(k),(iv))
-#define des_fcrypt(b,s,r)\
-	DES_fcrypt((b),(s),(r))
-#if 0
-#define des_crypt(b,s)\
-	DES_crypt((b),(s))
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
-#define crypt(b,s)\
-	DES_crypt((b),(s))
-#endif
-#endif
-#define des_ofb_encrypt(i,o,n,l,k,iv)\
-	DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
-#define des_pcbc_encrypt(i,o,l,k,iv,e)\
-	DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#define des_quad_cksum(i,o,l,c,s)\
-	DES_quad_cksum((i),(o),(l),(c),(s))
-#define des_random_seed(k)\
-	_ossl_096_des_random_seed((k))
-#define des_random_key(r)\
-	DES_random_key((r))
-#define des_read_password(k,p,v) \
-	DES_read_password((k),(p),(v))
-#define des_read_2passwords(k1,k2,p,v) \
-	DES_read_2passwords((k1),(k2),(p),(v))
-#define des_set_odd_parity(k)\
-	DES_set_odd_parity((k))
-#define des_check_key_parity(k)\
-	DES_check_key_parity((k))
-#define des_is_weak_key(k)\
-	DES_is_weak_key((k))
-#define des_set_key(k,ks)\
-	DES_set_key((k),&(ks))
-#define des_key_sched(k,ks)\
-	DES_key_sched((k),&(ks))
-#define des_set_key_checked(k,ks)\
-	DES_set_key_checked((k),&(ks))
-#define des_set_key_unchecked(k,ks)\
-	DES_set_key_unchecked((k),&(ks))
-#define des_string_to_key(s,k)\
-	DES_string_to_key((s),(k))
-#define des_string_to_2keys(s,k1,k2)\
-	DES_string_to_2keys((s),(k1),(k2))
-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
-	DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
-	DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
-		
-
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define des_check_key DES_check_key
-#define des_rw_mode DES_rw_mode
-#else /* libdes compatibility */
-/* Map all symbol names to _ossl_old_des_* form, so we avoid all
-   clashes with libdes */
-#define des_cblock _ossl_old_des_cblock
-#define des_key_schedule _ossl_old_des_key_schedule
-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
-	_ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
-	_ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
-	_ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
-	_ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
-#define des_options()\
-	_ossl_old_des_options()
-#define des_cbc_cksum(i,o,l,k,iv)\
-	_ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
-#define des_cbc_encrypt(i,o,l,k,iv,e)\
-	_ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
-#define des_ncbc_encrypt(i,o,l,k,iv,e)\
-	_ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
-	_ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
-	_ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
-#define des_ecb_encrypt(i,o,k,e)\
-	_ossl_old_des_ecb_encrypt((i),(o),(k),(e))
-#define des_encrypt(d,k,e)\
-	_ossl_old_des_encrypt((d),(k),(e))
-#define des_encrypt2(d,k,e)\
-	_ossl_old_des_encrypt2((d),(k),(e))
-#define des_encrypt3(d,k1,k2,k3)\
-	_ossl_old_des_encrypt3((d),(k1),(k2),(k3))
-#define des_decrypt3(d,k1,k2,k3)\
-	_ossl_old_des_decrypt3((d),(k1),(k2),(k3))
-#define des_xwhite_in2out(k,i,o)\
-	_ossl_old_des_xwhite_in2out((k),(i),(o))
-#define des_enc_read(f,b,l,k,iv)\
-	_ossl_old_des_enc_read((f),(b),(l),(k),(iv))
-#define des_enc_write(f,b,l,k,iv)\
-	_ossl_old_des_enc_write((f),(b),(l),(k),(iv))
-#define des_fcrypt(b,s,r)\
-	_ossl_old_des_fcrypt((b),(s),(r))
-#define des_crypt(b,s)\
-	_ossl_old_des_crypt((b),(s))
-#if 0
-#define crypt(b,s)\
-	_ossl_old_crypt((b),(s))
-#endif
-#define des_ofb_encrypt(i,o,n,l,k,iv)\
-	_ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
-#define des_pcbc_encrypt(i,o,l,k,iv,e)\
-	_ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
-#define des_quad_cksum(i,o,l,c,s)\
-	_ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
-#define des_random_seed(k)\
-	_ossl_old_des_random_seed((k))
-#define des_random_key(r)\
-	_ossl_old_des_random_key((r))
-#define des_read_password(k,p,v) \
-	_ossl_old_des_read_password((k),(p),(v))
-#define des_read_2passwords(k1,k2,p,v) \
-	_ossl_old_des_read_2passwords((k1),(k2),(p),(v))
-#define des_set_odd_parity(k)\
-	_ossl_old_des_set_odd_parity((k))
-#define des_is_weak_key(k)\
-	_ossl_old_des_is_weak_key((k))
-#define des_set_key(k,ks)\
-	_ossl_old_des_set_key((k),(ks))
-#define des_key_sched(k,ks)\
-	_ossl_old_des_key_sched((k),(ks))
-#define des_string_to_key(s,k)\
-	_ossl_old_des_string_to_key((s),(k))
-#define des_string_to_2keys(s,k1,k2)\
-	_ossl_old_des_string_to_2keys((s),(k1),(k2))
-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
-	_ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
-	_ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
-		
-
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define des_check_key DES_check_key
-#define des_rw_mode DES_rw_mode
-#endif
-
-const char *_ossl_old_des_options(void);
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	_ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2,
-	_ossl_old_des_key_schedule ks3, int enc);
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,
-	_ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc);
-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
-	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	_ossl_old_des_key_schedule ks,int enc);
-void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
-void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
-void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
-	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, 
-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc);
-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
-	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);
-#if 0
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
-	_ossl_old_des_cblock (*out_white));
-#endif
-
-int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
-	_ossl_old_des_cblock *iv);
-int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
-	_ossl_old_des_cblock *iv);
-char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret);
-char *_ossl_old_des_crypt(const char *buf,const char *salt);
-#if !defined(PERL5) && !defined(NeXT)
-char *_ossl_old_crypt(const char *buf,const char *salt);
-#endif
-void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
-	int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	long length,int out_count,_ossl_old_des_cblock *seed);
-void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
-void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
-int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify);
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2,
-	const char *prompt,int verify);
-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
-void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key);
-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2);
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc);
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num);
-
-void _ossl_096_des_random_seed(des_cblock *key);
-
-/* The following definitions provide compatibility with the MIT Kerberos
- * library. The _ossl_old_des_key_schedule structure is not binary compatible. */
-
-#define _KERBEROS_DES_H
-
-#define KRBDES_ENCRYPT DES_ENCRYPT
-#define KRBDES_DECRYPT DES_DECRYPT
-
-#ifdef KERBEROS
-#  define ENCRYPT DES_ENCRYPT
-#  define DECRYPT DES_DECRYPT
-#endif
-
-#ifndef NCOMPAT
-#  define C_Block des_cblock
-#  define Key_schedule des_key_schedule
-#  define KEY_SZ DES_KEY_SZ
-#  define string_to_key des_string_to_key
-#  define read_pw_string des_read_pw_string
-#  define random_key des_random_key
-#  define pcbc_encrypt des_pcbc_encrypt
-#  define set_key des_set_key
-#  define key_sched des_key_sched
-#  define ecb_encrypt des_ecb_encrypt
-#  define cbc_encrypt des_cbc_encrypt
-#  define ncbc_encrypt des_ncbc_encrypt
-#  define xcbc_encrypt des_xcbc_encrypt
-#  define cbc_cksum des_cbc_cksum
-#  define quad_cksum des_quad_cksum
-#  define check_parity des_check_key_parity
-#endif
-
-#define des_fixup_key_parity DES_fixup_key_parity
-
-#ifdef  __cplusplus
-}
-#endif
-
-/* for DES_read_pw_string et al */
-#include <openssl/ui_compat.h>
-
-#endif
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
deleted file mode 100644
index ea59e610ef..0000000000
--- a/include/openssl/dh.h
+++ /dev/null
@@ -1,280 +0,0 @@
-/* crypto/dh/dh.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DH_H
-#define HEADER_DH_H
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_DH
-#error DH is disabled.
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-	
-#ifndef OPENSSL_DH_MAX_MODULUS_BITS
-# define OPENSSL_DH_MAX_MODULUS_BITS	10000
-#endif
-
-#define DH_FLAG_CACHE_MONT_P     0x01
-#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
-                                       * implementation now uses constant time
-                                       * modular exponentiation for secret exponents
-                                       * by default. This flag causes the
-                                       * faster variable sliding window method to
-                                       * be used for all exponents.
-                                       */
-
-/* If this flag is set the DH method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-
-#define DH_FLAG_FIPS_METHOD			0x0400
-
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-#define DH_FLAG_NON_FIPS_ALLOW			0x0400
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct dh_st DH; */
-/* typedef struct dh_method DH_METHOD; */
-
-struct dh_method
-	{
-	const char *name;
-	/* Methods here */
-	int (*generate_key)(DH *dh);
-	int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-	int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
-				const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-				BN_MONT_CTX *m_ctx); /* Can be null */
-
-	int (*init)(DH *dh);
-	int (*finish)(DH *dh);
-	int flags;
-	char *app_data;
-	/* If this is non-NULL, it will be used to generate parameters */
-	int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
-	};
-
-struct dh_st
-	{
-	/* This first argument is used to pick up errors when
-	 * a DH is passed instead of a EVP_PKEY */
-	int pad;
-	int version;
-	BIGNUM *p;
-	BIGNUM *g;
-	long length; /* optional */
-	BIGNUM *pub_key;	/* g^x */
-	BIGNUM *priv_key;	/* x */
-
-	int flags;
-	BN_MONT_CTX *method_mont_p;
-	/* Place holders if we want to do X9.42 DH */
-	BIGNUM *q;
-	BIGNUM *j;
-	unsigned char *seed;
-	int seedlen;
-	BIGNUM *counter;
-
-	int references;
-	CRYPTO_EX_DATA ex_data;
-	const DH_METHOD *meth;
-	ENGINE *engine;
-	};
-
-#define DH_GENERATOR_2		2
-/* #define DH_GENERATOR_3	3 */
-#define DH_GENERATOR_5		5
-
-/* DH_check error codes */
-#define DH_CHECK_P_NOT_PRIME		0x01
-#define DH_CHECK_P_NOT_SAFE_PRIME	0x02
-#define DH_UNABLE_TO_CHECK_GENERATOR	0x04
-#define DH_NOT_SUITABLE_GENERATOR	0x08
-
-/* DH_check_pub_key error codes */
-#define DH_CHECK_PUBKEY_TOO_SMALL	0x01
-#define DH_CHECK_PUBKEY_TOO_LARGE	0x02
-
-/* primes p where (p-1)/2 is prime too are called "safe"; we define
-   this for backward compatibility: */
-#define DH_CHECK_P_NOT_STRONG_PRIME	DH_CHECK_P_NOT_SAFE_PRIME
-
-#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
-		(char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
-#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
-		(unsigned char *)(x))
-#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
-
-DH *DHparams_dup(DH *);
-
-const DH_METHOD *DH_OpenSSL(void);
-
-void DH_set_default_method(const DH_METHOD *meth);
-const DH_METHOD *DH_get_default_method(void);
-int DH_set_method(DH *dh, const DH_METHOD *meth);
-DH *DH_new_method(ENGINE *engine);
-
-DH *	DH_new(void);
-void	DH_free(DH *dh);
-int	DH_up_ref(DH *dh);
-int	DH_size(const DH *dh);
-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int DH_set_ex_data(DH *d, int idx, void *arg);
-void *DH_get_ex_data(DH *d, int idx);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-DH *	DH_generate_parameters(int prime_len,int generator,
-		void (*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int	DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
-
-int	DH_check(const DH *dh,int *codes);
-int	DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
-int	DH_generate_key(DH *dh);
-int	DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-DH *	d2i_DHparams(DH **a,const unsigned char **pp, long length);
-int	i2d_DHparams(const DH *a,unsigned char **pp);
-#ifndef OPENSSL_NO_FP_API
-int	DHparams_print_fp(FILE *fp, const DH *x);
-#endif
-#ifndef OPENSSL_NO_BIO
-int	DHparams_print(BIO *bp, const DH *x);
-#else
-int	DHparams_print(char *bp, const DH *x);
-#endif
-
-#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-			EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
-
-#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
-			EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
-
-#define	EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN	(EVP_PKEY_ALG_CTRL + 1)
-#define	EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR	(EVP_PKEY_ALG_CTRL + 2)
-		
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DH_strings(void);
-
-/* Error codes for the DH functions. */
-
-/* Function codes. */
-#define DH_F_COMPUTE_KEY				 102
-#define DH_F_DHPARAMS_PRINT_FP				 101
-#define DH_F_DH_BUILTIN_GENPARAMS			 106
-#define DH_F_DH_COMPUTE_KEY				 114
-#define DH_F_DH_GENERATE_KEY				 115
-#define DH_F_DH_GENERATE_PARAMETERS_EX			 116
-#define DH_F_DH_NEW_METHOD				 105
-#define DH_F_DH_PARAM_DECODE				 107
-#define DH_F_DH_PRIV_DECODE				 110
-#define DH_F_DH_PRIV_ENCODE				 111
-#define DH_F_DH_PUB_DECODE				 108
-#define DH_F_DH_PUB_ENCODE				 109
-#define DH_F_DO_DH_PRINT				 100
-#define DH_F_GENERATE_KEY				 103
-#define DH_F_GENERATE_PARAMETERS			 104
-#define DH_F_PKEY_DH_DERIVE				 112
-#define DH_F_PKEY_DH_KEYGEN				 113
-
-/* Reason codes. */
-#define DH_R_BAD_GENERATOR				 101
-#define DH_R_BN_DECODE_ERROR				 109
-#define DH_R_BN_ERROR					 106
-#define DH_R_DECODE_ERROR				 104
-#define DH_R_INVALID_PUBKEY				 102
-#define DH_R_KEYS_NOT_SET				 108
-#define DH_R_KEY_SIZE_TOO_SMALL				 110
-#define DH_R_MODULUS_TOO_LARGE				 103
-#define DH_R_NON_FIPS_METHOD				 111
-#define DH_R_NO_PARAMETERS_SET				 107
-#define DH_R_NO_PRIVATE_VALUE				 100
-#define DH_R_PARAMETER_ENCODING_ERROR			 105
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h
deleted file mode 100644
index 7531c65345..0000000000
--- a/include/openssl/dsa.h
+++ /dev/null
@@ -1,333 +0,0 @@
-/* crypto/dsa/dsa.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * The DSS routines are based on patches supplied by
- * Steven Schoch <schoch@sheba.arc.nasa.gov>.  He basically did the
- * work and I have just tweaked them a little to fit into my
- * stylistic vision for SSLeay :-) */
-
-#ifndef HEADER_DSA_H
-#define HEADER_DSA_H
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_DSA
-#error DSA is disabled.
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/crypto.h>
-#include <openssl/ossl_typ.h>
-
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#endif
-
-#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
-# define OPENSSL_DSA_MAX_MODULUS_BITS	10000
-#endif
-
-#define DSA_FLAG_CACHE_MONT_P	0x01
-#define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
-                                              * implementation now uses constant time
-                                              * modular exponentiation for secret exponents
-                                              * by default. This flag causes the
-                                              * faster variable sliding window method to
-                                              * be used for all exponents.
-                                              */
-#define DSA_FLAG_NONCE_FROM_HASH	0x04 /* Causes the DSA nonce to be calculated
-						from SHA512(private_key + H(message) +
-						random). This strengthens DSA against a
-						weak PRNG. */
-
-/* If this flag is set the DSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-
-#define DSA_FLAG_FIPS_METHOD			0x0400
-
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-#define DSA_FLAG_NON_FIPS_ALLOW			0x0400
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct dsa_st DSA; */
-/* typedef struct dsa_method DSA_METHOD; */
-
-typedef struct DSA_SIG_st
-	{
-	BIGNUM *r;
-	BIGNUM *s;
-	} DSA_SIG;
-
-struct dsa_method
-	{
-	const char *name;
-	DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
-	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in,
-			      BIGNUM **kinvp, BIGNUM **rp,
-			      const unsigned char *dgst, int dlen);
-	int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
-			     DSA_SIG *sig, DSA *dsa);
-	int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-			BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
-			BN_MONT_CTX *in_mont);
-	int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-				const BIGNUM *m, BN_CTX *ctx,
-				BN_MONT_CTX *m_ctx); /* Can be null */
-	int (*init)(DSA *dsa);
-	int (*finish)(DSA *dsa);
-	int flags;
-	char *app_data;
-	/* If this is non-NULL, it is used to generate DSA parameters */
-	int (*dsa_paramgen)(DSA *dsa, int bits,
-			const unsigned char *seed, int seed_len,
-			int *counter_ret, unsigned long *h_ret,
-			BN_GENCB *cb);
-	/* If this is non-NULL, it is used to generate DSA keys */
-	int (*dsa_keygen)(DSA *dsa);
-	};
-
-struct dsa_st
-	{
-	/* This first variable is used to pick up errors where
-	 * a DSA is passed instead of of a EVP_PKEY */
-	int pad;
-	long version;
-	int write_params;
-	BIGNUM *p;
-	BIGNUM *q;	/* == 20 */
-	BIGNUM *g;
-
-	BIGNUM *pub_key;  /* y public key */
-	BIGNUM *priv_key; /* x private key */
-
-	BIGNUM *kinv;	/* Signing pre-calc */
-	BIGNUM *r;	/* Signing pre-calc */
-
-	int flags;
-	/* Normally used to cache montgomery values */
-	BN_MONT_CTX *method_mont_p;
-	int references;
-	CRYPTO_EX_DATA ex_data;
-	const DSA_METHOD *meth;
-	/* functional reference if 'meth' is ENGINE-provided */
-	ENGINE *engine;
-	};
-
-#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
-		(char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
-#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
-		(unsigned char *)(x))
-#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
-#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
-
-
-DSA *DSAparams_dup(DSA *x);
-DSA_SIG * DSA_SIG_new(void);
-void	DSA_SIG_free(DSA_SIG *a);
-int	i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
-DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
-
-DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
-int	DSA_do_verify(const unsigned char *dgst,int dgst_len,
-		      DSA_SIG *sig,DSA *dsa);
-
-const DSA_METHOD *DSA_OpenSSL(void);
-
-void	DSA_set_default_method(const DSA_METHOD *);
-const DSA_METHOD *DSA_get_default_method(void);
-int	DSA_set_method(DSA *dsa, const DSA_METHOD *);
-
-DSA *	DSA_new(void);
-DSA *	DSA_new_method(ENGINE *engine);
-void	DSA_free (DSA *r);
-/* "up" the DSA object's reference count */
-int	DSA_up_ref(DSA *r);
-int	DSA_size(const DSA *);
-	/* next 4 return -1 on error */
-int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
-int	DSA_sign(int type,const unsigned char *dgst,int dlen,
-		unsigned char *sig, unsigned int *siglen, DSA *dsa);
-int	DSA_verify(int type,const unsigned char *dgst,int dgst_len,
-		const unsigned char *sigbuf, int siglen, DSA *dsa);
-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int DSA_set_ex_data(DSA *d, int idx, void *arg);
-void *DSA_get_ex_data(DSA *d, int idx);
-
-DSA *	d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
-DSA *	d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
-DSA * 	d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-DSA *	DSA_generate_parameters(int bits,
-		unsigned char *seed,int seed_len,
-		int *counter_ret, unsigned long *h_ret,void
-		(*callback)(int, int, void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int	DSA_generate_parameters_ex(DSA *dsa, int bits,
-		const unsigned char *seed,int seed_len,
-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-
-int	DSA_generate_key(DSA *a);
-int	i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
-int 	i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
-int	i2d_DSAparams(const DSA *a,unsigned char **pp);
-
-#ifndef OPENSSL_NO_BIO
-int	DSAparams_print(BIO *bp, const DSA *x);
-int	DSA_print(BIO *bp, const DSA *x, int off);
-#endif
-#ifndef OPENSSL_NO_FP_API
-int	DSAparams_print_fp(FILE *fp, const DSA *x);
-int	DSA_print_fp(FILE *bp, const DSA *x, int off);
-#endif
-
-#define DSS_prime_checks 50
-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
- * 50 rounds of Rabin-Miller */
-#define DSA_is_prime(n, callback, cb_arg) \
-	BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
-
-#ifndef OPENSSL_NO_DH
-/* Convert DSA structure (key or just parameters) into DH structure
- * (be careful to avoid small subgroup attacks when using this!) */
-DH *DSA_dup_DH(const DSA *r);
-#endif
-
-#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
-				EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
-
-#define	EVP_PKEY_CTRL_DSA_PARAMGEN_BITS		(EVP_PKEY_ALG_CTRL + 1)
-#define	EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS	(EVP_PKEY_ALG_CTRL + 2)
-#define	EVP_PKEY_CTRL_DSA_PARAMGEN_MD		(EVP_PKEY_ALG_CTRL + 3)
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DSA_strings(void);
-
-/* Error codes for the DSA functions. */
-
-/* Function codes. */
-#define DSA_F_D2I_DSA_SIG				 110
-#define DSA_F_DO_DSA_PRINT				 104
-#define DSA_F_DSAPARAMS_PRINT				 100
-#define DSA_F_DSAPARAMS_PRINT_FP			 101
-#define DSA_F_DSA_DO_SIGN				 112
-#define DSA_F_DSA_DO_VERIFY				 113
-#define DSA_F_DSA_GENERATE_KEY				 124
-#define DSA_F_DSA_GENERATE_PARAMETERS_EX		 123
-#define DSA_F_DSA_NEW_METHOD				 103
-#define DSA_F_DSA_PARAM_DECODE				 119
-#define DSA_F_DSA_PRINT_FP				 105
-#define DSA_F_DSA_PRIV_DECODE				 115
-#define DSA_F_DSA_PRIV_ENCODE				 116
-#define DSA_F_DSA_PUB_DECODE				 117
-#define DSA_F_DSA_PUB_ENCODE				 118
-#define DSA_F_DSA_SIGN					 106
-#define DSA_F_DSA_SIGN_SETUP				 107
-#define DSA_F_DSA_SIG_NEW				 109
-#define DSA_F_DSA_SIG_PRINT				 125
-#define DSA_F_DSA_VERIFY				 108
-#define DSA_F_I2D_DSA_SIG				 111
-#define DSA_F_OLD_DSA_PRIV_DECODE			 122
-#define DSA_F_PKEY_DSA_CTRL				 120
-#define DSA_F_PKEY_DSA_KEYGEN				 121
-#define DSA_F_SIG_CB					 114
-
-/* Reason codes. */
-#define DSA_R_BAD_Q_VALUE				 102
-#define DSA_R_BN_DECODE_ERROR				 108
-#define DSA_R_BN_ERROR					 109
-#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
-#define DSA_R_DECODE_ERROR				 104
-#define DSA_R_INVALID_DIGEST_TYPE			 106
-#define DSA_R_MISSING_PARAMETERS			 101
-#define DSA_R_MODULUS_TOO_LARGE				 103
-#define DSA_R_NEED_NEW_SETUP_VALUES			 110
-#define DSA_R_NONCE_CANNOT_BE_PRECOMPUTED		 112
-#define DSA_R_NON_FIPS_DSA_METHOD			 111
-#define DSA_R_NO_PARAMETERS_SET				 107
-#define DSA_R_PARAMETER_ENCODING_ERROR			 105
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/dso.h b/include/openssl/dso.h
deleted file mode 100644
index 839f2e0617..0000000000
--- a/include/openssl/dso.h
+++ /dev/null
@@ -1,409 +0,0 @@
-/* dso.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DSO_H
-#define HEADER_DSO_H
-
-#include <openssl/crypto.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* These values are used as commands to DSO_ctrl() */
-#define DSO_CTRL_GET_FLAGS	1
-#define DSO_CTRL_SET_FLAGS	2
-#define DSO_CTRL_OR_FLAGS	3
-
-/* By default, DSO_load() will translate the provided filename into a form
- * typical for the platform (more specifically the DSO_METHOD) using the
- * dso_name_converter function of the method. Eg. win32 will transform "blah"
- * into "blah.dll", and dlfcn will transform it into "libblah.so". The
- * behaviour can be overriden by setting the name_converter callback in the DSO
- * object (using DSO_set_name_converter()). This callback could even utilise
- * the DSO_METHOD's converter too if it only wants to override behaviour for
- * one or two possible DSO methods. However, the following flag can be set in a
- * DSO to prevent *any* native name-translation at all - eg. if the caller has
- * prompted the user for a path to a driver library so the filename should be
- * interpreted as-is. */
-#define DSO_FLAG_NO_NAME_TRANSLATION		0x01
-/* An extra flag to give if only the extension should be added as
- * translation.  This is obviously only of importance on Unix and
- * other operating systems where the translation also may prefix
- * the name with something, like 'lib', and ignored everywhere else.
- * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used
- * at the same time. */
-#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY	0x02
-
-/* The following flag controls the translation of symbol names to upper
- * case.  This is currently only being implemented for OpenVMS.
- */
-#define DSO_FLAG_UPCASE_SYMBOL			0x10
-
-/* This flag loads the library with public symbols.
- * Meaning: The exported symbols of this library are public
- * to all libraries loaded after this library.
- * At the moment only implemented in unix.
- */
-#define DSO_FLAG_GLOBAL_SYMBOLS			0x20
-
-
-typedef void (*DSO_FUNC_TYPE)(void);
-
-typedef struct dso_st DSO;
-
-/* The function prototype used for method functions (or caller-provided
- * callbacks) that transform filenames. They are passed a DSO structure pointer
- * (or NULL if they are to be used independantly of a DSO object) and a
- * filename to transform. They should either return NULL (if there is an error
- * condition) or a newly allocated string containing the transformed form that
- * the caller will need to free with OPENSSL_free() when done. */
-typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
-/* The function prototype used for method functions (or caller-provided
- * callbacks) that merge two file specifications. They are passed a
- * DSO structure pointer (or NULL if they are to be used independantly of
- * a DSO object) and two file specifications to merge. They should
- * either return NULL (if there is an error condition) or a newly allocated
- * string containing the result of merging that the caller will need
- * to free with OPENSSL_free() when done.
- * Here, merging means that bits and pieces are taken from each of the
- * file specifications and added together in whatever fashion that is
- * sensible for the DSO method in question.  The only rule that really
- * applies is that if the two specification contain pieces of the same
- * type, the copy from the first string takes priority.  One could see
- * it as the first specification is the one given by the user and the
- * second being a bunch of defaults to add on if they're missing in the
- * first. */
-typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
-
-typedef struct dso_meth_st
-	{
-	const char *name;
-	/* Loads a shared library, NB: new DSO_METHODs must ensure that a
-	 * successful load populates the loaded_filename field, and likewise a
-	 * successful unload OPENSSL_frees and NULLs it out. */
-	int (*dso_load)(DSO *dso);
-	/* Unloads a shared library */
-	int (*dso_unload)(DSO *dso);
-	/* Binds a variable */
-	void *(*dso_bind_var)(DSO *dso, const char *symname);
-	/* Binds a function - assumes a return type of DSO_FUNC_TYPE.
-	 * This should be cast to the real function prototype by the
-	 * caller. Platforms that don't have compatible representations
-	 * for different prototypes (this is possible within ANSI C)
-	 * are highly unlikely to have shared libraries at all, let
-	 * alone a DSO_METHOD implemented for them. */
-	DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname);
-
-/* I don't think this would actually be used in any circumstances. */
-#if 0
-	/* Unbinds a variable */
-	int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr);
-	/* Unbinds a function */
-	int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-#endif
-	/* The generic (yuck) "ctrl()" function. NB: Negative return
-	 * values (rather than zero) indicate errors. */
-	long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg);
-	/* The default DSO_METHOD-specific function for converting filenames to
-	 * a canonical native form. */
-	DSO_NAME_CONVERTER_FUNC dso_name_converter;
-	/* The default DSO_METHOD-specific function for converting filenames to
-	 * a canonical native form. */
-	DSO_MERGER_FUNC dso_merger;
-
-	/* [De]Initialisation handlers. */
-	int (*init)(DSO *dso);
-	int (*finish)(DSO *dso);
-
-	/* Return pathname of the module containing location */
-	int (*pathbyaddr)(void *addr,char *path,int sz);
-	/* Perform global symbol lookup, i.e. among *all* modules */
-	void *(*globallookup)(const char *symname);
-	} DSO_METHOD;
-
-/**********************************************************************/
-/* The low-level handle type used to refer to a loaded shared library */
-
-struct dso_st
-	{
-	DSO_METHOD *meth;
-	/* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS
-	 * doesn't use anything but will need to cache the filename
-	 * for use in the dso_bind handler. All in all, let each
-	 * method control its own destiny. "Handles" and such go in
-	 * a STACK. */
-	STACK_OF(void) *meth_data;
-	int references;
-	int flags;
-	/* For use by applications etc ... use this for your bits'n'pieces,
-	 * don't touch meth_data! */
-	CRYPTO_EX_DATA ex_data;
-	/* If this callback function pointer is set to non-NULL, then it will
-	 * be used in DSO_load() in place of meth->dso_name_converter. NB: This
-	 * should normally set using DSO_set_name_converter(). */
-	DSO_NAME_CONVERTER_FUNC name_converter;
-	/* If this callback function pointer is set to non-NULL, then it will
-	 * be used in DSO_load() in place of meth->dso_merger. NB: This
-	 * should normally set using DSO_set_merger(). */
-	DSO_MERGER_FUNC merger;
-	/* This is populated with (a copy of) the platform-independant
-	 * filename used for this DSO. */
-	char *filename;
-	/* This is populated with (a copy of) the translated filename by which
-	 * the DSO was actually loaded. It is NULL iff the DSO is not currently
-	 * loaded. NB: This is here because the filename translation process
-	 * may involve a callback being invoked more than once not only to
-	 * convert to a platform-specific form, but also to try different
-	 * filenames in the process of trying to perform a load. As such, this
-	 * variable can be used to indicate (a) whether this DSO structure
-	 * corresponds to a loaded library or not, and (b) the filename with
-	 * which it was actually loaded. */
-	char *loaded_filename;
-	};
-
-
-DSO *	DSO_new(void);
-DSO *	DSO_new_method(DSO_METHOD *method);
-int	DSO_free(DSO *dso);
-int	DSO_flags(DSO *dso);
-int	DSO_up_ref(DSO *dso);
-long	DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
-
-/* This function sets the DSO's name_converter callback. If it is non-NULL,
- * then it will be used instead of the associated DSO_METHOD's function. If
- * oldcb is non-NULL then it is set to the function pointer value being
- * replaced. Return value is non-zero for success. */
-int	DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
-				DSO_NAME_CONVERTER_FUNC *oldcb);
-/* These functions can be used to get/set the platform-independant filename
- * used for a DSO. NB: set will fail if the DSO is already loaded. */
-const char *DSO_get_filename(DSO *dso);
-int	DSO_set_filename(DSO *dso, const char *filename);
-/* This function will invoke the DSO's name_converter callback to translate a
- * filename, or if the callback isn't set it will instead use the DSO_METHOD's
- * converter. If "filename" is NULL, the "filename" in the DSO itself will be
- * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
- * simply duplicated. NB: This function is usually called from within a
- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that
- * caller-created DSO_METHODs can do the same thing. A non-NULL return value
- * will need to be OPENSSL_free()'d. */
-char	*DSO_convert_filename(DSO *dso, const char *filename);
-/* This function will invoke the DSO's merger callback to merge two file
- * specifications, or if the callback isn't set it will instead use the
- * DSO_METHOD's merger.  A non-NULL return value will need to be
- * OPENSSL_free()'d. */
-char	*DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
-/* If the DSO is currently loaded, this returns the filename that it was loaded
- * under, otherwise it returns NULL. So it is also useful as a test as to
- * whether the DSO is currently loaded. NB: This will not necessarily return
- * the same value as DSO_convert_filename(dso, dso->filename), because the
- * DSO_METHOD's load function may have tried a variety of filenames (with
- * and/or without the aid of the converters) before settling on the one it
- * actually loaded. */
-const char *DSO_get_loaded_filename(DSO *dso);
-
-void	DSO_set_default_method(DSO_METHOD *meth);
-DSO_METHOD *DSO_get_default_method(void);
-DSO_METHOD *DSO_get_method(DSO *dso);
-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
-
-/* The all-singing all-dancing load function, you normally pass NULL
- * for the first and third parameters. Use DSO_up and DSO_free for
- * subsequent reference count handling. Any flags passed in will be set
- * in the constructed DSO after its init() function but before the
- * load operation. If 'dso' is non-NULL, 'flags' is ignored. */
-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
-
-/* This function binds to a variable inside a shared library. */
-void *DSO_bind_var(DSO *dso, const char *symname);
-
-/* This function binds to a function inside a shared library. */
-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
-
-/* This method is the default, but will beg, borrow, or steal whatever
- * method should be the default on any particular platform (including
- * DSO_METH_null() if necessary). */
-DSO_METHOD *DSO_METHOD_openssl(void);
-
-/* This method is defined for all platforms - if a platform has no
- * DSO support then this will be the only method! */
-DSO_METHOD *DSO_METHOD_null(void);
-
-/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions
- * (dlopen, dlclose, dlsym, etc) will be used and incorporated into
- * this method. If not, this method will return NULL. */
-DSO_METHOD *DSO_METHOD_dlfcn(void);
-
-/* If DSO_DL is defined, the standard dl.h-style functions (shl_load, 
- * shl_unload, shl_findsym, etc) will be used and incorporated into
- * this method. If not, this method will return NULL. */
-DSO_METHOD *DSO_METHOD_dl(void);
-
-/* If WIN32 is defined, use DLLs. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_win32(void);
-
-/* If VMS is defined, use shared images. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_vms(void);
-
-/* This function writes null-terminated pathname of DSO module
- * containing 'addr' into 'sz' large caller-provided 'path' and
- * returns the number of characters [including trailing zero]
- * written to it. If 'sz' is 0 or negative, 'path' is ignored and
- * required amount of charachers [including trailing zero] to
- * accomodate pathname is returned. If 'addr' is NULL, then
- * pathname of cryptolib itself is returned. Negative or zero
- * return value denotes error.
- */
-int DSO_pathbyaddr(void *addr,char *path,int sz);
-
-/* This function should be used with caution! It looks up symbols in
- * *all* loaded modules and if module gets unloaded by somebody else
- * attempt to dereference the pointer is doomed to have fatal
- * consequences. Primary usage for this function is to probe *core*
- * system functionality, e.g. check if getnameinfo(3) is available
- * at run-time without bothering about OS-specific details such as
- * libc.so.versioning or where does it actually reside: in libc
- * itself or libsocket. */
-void *DSO_global_lookup(const char *name);
-
-/* If BeOS is defined, use shared images. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_beos(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DSO_strings(void);
-
-/* Error codes for the DSO functions. */
-
-/* Function codes. */
-#define DSO_F_BEOS_BIND_FUNC				 144
-#define DSO_F_BEOS_BIND_VAR				 145
-#define DSO_F_BEOS_LOAD					 146
-#define DSO_F_BEOS_NAME_CONVERTER			 147
-#define DSO_F_BEOS_UNLOAD				 148
-#define DSO_F_DLFCN_BIND_FUNC				 100
-#define DSO_F_DLFCN_BIND_VAR				 101
-#define DSO_F_DLFCN_LOAD				 102
-#define DSO_F_DLFCN_MERGER				 130
-#define DSO_F_DLFCN_NAME_CONVERTER			 123
-#define DSO_F_DLFCN_UNLOAD				 103
-#define DSO_F_DL_BIND_FUNC				 104
-#define DSO_F_DL_BIND_VAR				 105
-#define DSO_F_DL_LOAD					 106
-#define DSO_F_DL_MERGER					 131
-#define DSO_F_DL_NAME_CONVERTER				 124
-#define DSO_F_DL_UNLOAD					 107
-#define DSO_F_DSO_BIND_FUNC				 108
-#define DSO_F_DSO_BIND_VAR				 109
-#define DSO_F_DSO_CONVERT_FILENAME			 126
-#define DSO_F_DSO_CTRL					 110
-#define DSO_F_DSO_FREE					 111
-#define DSO_F_DSO_GET_FILENAME				 127
-#define DSO_F_DSO_GET_LOADED_FILENAME			 128
-#define DSO_F_DSO_GLOBAL_LOOKUP				 139
-#define DSO_F_DSO_LOAD					 112
-#define DSO_F_DSO_MERGE					 132
-#define DSO_F_DSO_NEW_METHOD				 113
-#define DSO_F_DSO_PATHBYADDR				 140
-#define DSO_F_DSO_SET_FILENAME				 129
-#define DSO_F_DSO_SET_NAME_CONVERTER			 122
-#define DSO_F_DSO_UP_REF				 114
-#define DSO_F_GLOBAL_LOOKUP_FUNC			 138
-#define DSO_F_PATHBYADDR				 137
-#define DSO_F_VMS_BIND_SYM				 115
-#define DSO_F_VMS_LOAD					 116
-#define DSO_F_VMS_MERGER				 133
-#define DSO_F_VMS_UNLOAD				 117
-#define DSO_F_WIN32_BIND_FUNC				 118
-#define DSO_F_WIN32_BIND_VAR				 119
-#define DSO_F_WIN32_GLOBALLOOKUP			 142
-#define DSO_F_WIN32_GLOBALLOOKUP_FUNC			 143
-#define DSO_F_WIN32_JOINER				 135
-#define DSO_F_WIN32_LOAD				 120
-#define DSO_F_WIN32_MERGER				 134
-#define DSO_F_WIN32_NAME_CONVERTER			 125
-#define DSO_F_WIN32_PATHBYADDR				 141
-#define DSO_F_WIN32_SPLITTER				 136
-#define DSO_F_WIN32_UNLOAD				 121
-
-/* Reason codes. */
-#define DSO_R_CTRL_FAILED				 100
-#define DSO_R_DSO_ALREADY_LOADED			 110
-#define DSO_R_EMPTY_FILE_STRUCTURE			 113
-#define DSO_R_FAILURE					 114
-#define DSO_R_FILENAME_TOO_BIG				 101
-#define DSO_R_FINISH_FAILED				 102
-#define DSO_R_INCORRECT_FILE_SYNTAX			 115
-#define DSO_R_LOAD_FAILED				 103
-#define DSO_R_NAME_TRANSLATION_FAILED			 109
-#define DSO_R_NO_FILENAME				 111
-#define DSO_R_NO_FILE_SPECIFICATION			 116
-#define DSO_R_NULL_HANDLE				 104
-#define DSO_R_SET_FILENAME_FAILED			 112
-#define DSO_R_STACK_ERROR				 105
-#define DSO_R_SYM_FAILURE				 106
-#define DSO_R_UNLOAD_FAILED				 107
-#define DSO_R_UNSUPPORTED				 108
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h
deleted file mode 100644
index 338575268f..0000000000
--- a/include/openssl/dtls1.h
+++ /dev/null
@@ -1,296 +0,0 @@
-/* ssl/dtls1.h */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DTLS1_H
-#define HEADER_DTLS1_H
-
-#include <openssl/buffer.h>
-#include <openssl/pqueue.h>
-#ifdef OPENSSL_SYS_VMS
-#include <resource.h>
-#include <sys/timeb.h>
-#endif
-#ifdef OPENSSL_SYS_WIN32
-/* Needed for struct timeval */
-#include <winsock.h>
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
-#include <sys/timeval.h>
-#else
-#if defined(OPENSSL_SYS_VXWORKS)
-#include <sys/times.h>
-#else
-#include <sys/time.h>
-#endif
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define DTLS1_VERSION			0xFEFF
-#define DTLS_MAX_VERSION		DTLS1_VERSION
-
-#define DTLS1_BAD_VER			0x0100
-
-#if 0
-/* this alert description is not specified anywhere... */
-#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
-#endif
-
-/* lengths of messages */
-#define DTLS1_COOKIE_LENGTH                     256
-
-#define DTLS1_RT_HEADER_LENGTH                  13
-
-#define DTLS1_HM_HEADER_LENGTH                  12
-
-#define DTLS1_HM_BAD_FRAGMENT                   -2
-#define DTLS1_HM_FRAGMENT_RETRY                 -3
-
-#define DTLS1_CCS_HEADER_LENGTH                  1
-
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-#define DTLS1_AL_HEADER_LENGTH                   7
-#else
-#define DTLS1_AL_HEADER_LENGTH                   2
-#endif
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-#ifndef OPENSSL_NO_SCTP
-#define DTLS1_SCTP_AUTH_LABEL	"EXPORTER_DTLS_OVER_SCTP"
-#endif
-
-/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
-#define DTLS1_MAX_MTU_OVERHEAD                   48
-
-typedef struct dtls1_bitmap_st
-	{
-	unsigned long map;		/* track 32 packets on 32-bit systems
-					   and 64 - on 64-bit systems */
-	unsigned char max_seq_num[8];	/* max record number seen so far,
-					   64-bit value in big-endian
-					   encoding */
-	} DTLS1_BITMAP;
-
-struct dtls1_retransmit_state
-	{
-	EVP_CIPHER_CTX *enc_write_ctx;	/* cryptographic state */
-	EVP_MD_CTX *write_hash;			/* used for mac generation */
-#ifndef OPENSSL_NO_COMP
-	COMP_CTX *compress;				/* compression */
-#else
-	char *compress;	
-#endif
-	SSL_SESSION *session;
-	unsigned short epoch;
-	};
-
-struct hm_header_st
-	{
-	unsigned char type;
-	unsigned long msg_len;
-	unsigned short seq;
-	unsigned long frag_off;
-	unsigned long frag_len;
-	unsigned int is_ccs;
-	struct dtls1_retransmit_state saved_retransmit_state;
-	};
-
-struct ccs_header_st
-	{
-	unsigned char type;
-	unsigned short seq;
-	};
-
-struct dtls1_timeout_st
-	{
-	/* Number of read timeouts so far */
-	unsigned int read_timeouts;
-	
-	/* Number of write timeouts so far */
-	unsigned int write_timeouts;
-	
-	/* Number of alerts received so far */
-	unsigned int num_alerts;
-	};
-
-typedef struct record_pqueue_st
-	{
-	unsigned short epoch;
-	pqueue q;
-	} record_pqueue;
-
-typedef struct hm_fragment_st
-	{
-	struct hm_header_st msg_header;
-	unsigned char *fragment;
-	unsigned char *reassembly;
-	} hm_fragment;
-
-typedef struct dtls1_state_st
-	{
-	unsigned int send_cookie;
-	unsigned char cookie[DTLS1_COOKIE_LENGTH];
-	unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
-	unsigned int cookie_len;
-
-	/* 
-	 * The current data and handshake epoch.  This is initially
-	 * undefined, and starts at zero once the initial handshake is
-	 * completed 
-	 */
-	unsigned short r_epoch;
-	unsigned short w_epoch;
-
-	/* records being received in the current epoch */
-	DTLS1_BITMAP bitmap;
-
-	/* renegotiation starts a new set of sequence numbers */
-	DTLS1_BITMAP next_bitmap;
-
-	/* handshake message numbers */
-	unsigned short handshake_write_seq;
-	unsigned short next_handshake_write_seq;
-
-	unsigned short handshake_read_seq;
-
-	/* save last sequence number for retransmissions */
-	unsigned char last_write_sequence[8];
-
-	/* Received handshake records (processed and unprocessed) */
-	record_pqueue unprocessed_rcds;
-	record_pqueue processed_rcds;
-
-	/* Buffered handshake messages */
-	pqueue buffered_messages;
-
-	/* Buffered (sent) handshake records */
-	pqueue sent_messages;
-
-	/* Buffered application records.
-	 * Only for records between CCS and Finished
-	 * to prevent either protocol violation or
-	 * unnecessary message loss.
-	 */
-	record_pqueue buffered_app_data;
-
-	/* Is set when listening for new connections with dtls1_listen() */
-	unsigned int listen;
-
-	unsigned int link_mtu; /* max on-the-wire DTLS packet size */
-	unsigned int mtu; /* max DTLS packet size */
-
-	struct hm_header_st w_msg_hdr;
-	struct hm_header_st r_msg_hdr;
-
-	struct dtls1_timeout_st timeout;
-
-	/* Indicates when the last handshake msg or heartbeat sent will timeout */
-	struct timeval next_timeout;
-
-	/* Timeout duration */
-	unsigned short timeout_duration;
-
-	/* storage for Alert/Handshake protocol data received but not
-	 * yet processed by ssl3_read_bytes: */
-	unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
-	unsigned int alert_fragment_len;
-	unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
-	unsigned int handshake_fragment_len;
-
-	unsigned int retransmitting;
-	/*
-	 * Set when the handshake is ready to process peer's ChangeCipherSpec message.
-	 * Cleared after the message has been processed.
-	 */
-	unsigned int change_cipher_spec_ok;
-
-#ifndef OPENSSL_NO_SCTP
-	/* used when SSL_ST_XX_FLUSH is entered */
-	int next_state;
-
-	int shutdown_received;
-#endif
-
-	} DTLS1_STATE;
-
-typedef struct dtls1_record_data_st
-	{
-	unsigned char *packet;
-	unsigned int   packet_length;
-	SSL3_BUFFER    rbuf;
-	SSL3_RECORD    rrec;
-#ifndef OPENSSL_NO_SCTP
-	struct bio_dgram_sctp_rcvinfo recordinfo;
-#endif
-	} DTLS1_RECORD_DATA;
-
-#endif
-
-/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
-#define DTLS1_TMO_READ_COUNT                      2
-#define DTLS1_TMO_WRITE_COUNT                     2
-
-#define DTLS1_TMO_ALERT_COUNT                     12
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h
deleted file mode 100644
index d22c0368f8..0000000000
--- a/include/openssl/e_os2.h
+++ /dev/null
@@ -1,315 +0,0 @@
-/* e_os2.h */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-
-#ifndef HEADER_E_OS2_H
-#define HEADER_E_OS2_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/******************************************************************************
- * Detect operating systems.  This probably needs completing.
- * The result is that at least one OPENSSL_SYS_os macro should be defined.
- * However, if none is defined, Unix is assumed.
- **/
-
-#define OPENSSL_SYS_UNIX
-
-/* ----------------------- Macintosh, before MacOS X ----------------------- */
-#if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_MACINTOSH_CLASSIC
-#endif
-
-/* ----------------------- NetWare ----------------------------------------- */
-#if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_NETWARE
-#endif
-
-/* ---------------------- Microsoft operating systems ---------------------- */
-
-/* Note that MSDOS actually denotes 32-bit environments running on top of
-   MS-DOS, such as DJGPP one. */
-#if defined(OPENSSL_SYSNAME_MSDOS)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_MSDOS
-#endif
-
-/* For 32 bit environment, there seems to be the CygWin environment and then
-   all the others that try to do the same thing Microsoft does... */
-#if defined(OPENSSL_SYSNAME_UWIN)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WIN32_UWIN
-#else
-# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32)
-#  undef OPENSSL_SYS_UNIX
-#  define OPENSSL_SYS_WIN32_CYGWIN
-# else
-#  if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32)
-#   undef OPENSSL_SYS_UNIX
-#   define OPENSSL_SYS_WIN32
-#  endif
-#  if defined(OPENSSL_SYSNAME_WINNT)
-#   undef OPENSSL_SYS_UNIX
-#   define OPENSSL_SYS_WINNT
-#  endif
-#  if defined(OPENSSL_SYSNAME_WINCE)
-#   undef OPENSSL_SYS_UNIX
-#   define OPENSSL_SYS_WINCE
-#  endif
-# endif
-#endif
-
-/* Anything that tries to look like Microsoft is "Windows" */
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WINDOWS
-# ifndef OPENSSL_SYS_MSDOS
-#  define OPENSSL_SYS_MSDOS
-# endif
-#endif
-
-/* DLL settings.  This part is a bit tough, because it's up to the application
-   implementor how he or she will link the application, so it requires some
-   macro to be used. */
-#ifdef OPENSSL_SYS_WINDOWS
-# ifndef OPENSSL_OPT_WINDLL
-#  if defined(_WINDLL) /* This is used when building OpenSSL to indicate that
-                          DLL linkage should be used */
-#   define OPENSSL_OPT_WINDLL
-#  endif
-# endif
-#endif
-
-/* -------------------------------- OpenVMS -------------------------------- */
-#if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_VMS
-# if defined(__DECC)
-#  define OPENSSL_SYS_VMS_DECC
-# elif defined(__DECCXX)
-#  define OPENSSL_SYS_VMS_DECC
-#  define OPENSSL_SYS_VMS_DECCXX
-# else
-#  define OPENSSL_SYS_VMS_NODECC
-# endif
-#endif
-
-/* --------------------------------- OS/2 ---------------------------------- */
-#if defined(__EMX__) || defined(__OS2__)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_OS2
-#endif
-
-/* --------------------------------- Unix ---------------------------------- */
-#ifdef OPENSSL_SYS_UNIX
-# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX)
-#  define OPENSSL_SYS_LINUX
-# endif
-# ifdef OPENSSL_SYSNAME_MPE
-#  define OPENSSL_SYS_MPE
-# endif
-# ifdef OPENSSL_SYSNAME_SNI
-#  define OPENSSL_SYS_SNI
-# endif
-# ifdef OPENSSL_SYSNAME_ULTRASPARC
-#  define OPENSSL_SYS_ULTRASPARC
-# endif
-# ifdef OPENSSL_SYSNAME_NEWS4
-#  define OPENSSL_SYS_NEWS4
-# endif
-# ifdef OPENSSL_SYSNAME_MACOSX
-#  define OPENSSL_SYS_MACOSX
-# endif
-# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY
-#  define OPENSSL_SYS_MACOSX_RHAPSODY
-#  define OPENSSL_SYS_MACOSX
-# endif
-# ifdef OPENSSL_SYSNAME_SUNOS
-#  define OPENSSL_SYS_SUNOS
-#endif
-# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY)
-#  define OPENSSL_SYS_CRAY
-# endif
-# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX)
-#  define OPENSSL_SYS_AIX
-# endif
-#endif
-
-/* --------------------------------- VOS ----------------------------------- */
-#if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS)
-# define OPENSSL_SYS_VOS
-#ifdef __HPPA__
-# define OPENSSL_SYS_VOS_HPPA
-#endif
-#ifdef __IA32__
-# define OPENSSL_SYS_VOS_IA32
-#endif
-#endif
-
-/* ------------------------------- VxWorks --------------------------------- */
-#ifdef OPENSSL_SYSNAME_VXWORKS
-# define OPENSSL_SYS_VXWORKS
-#endif
-
-/* --------------------------------- BeOS ---------------------------------- */
-#if defined(__BEOS__)
-# define OPENSSL_SYS_BEOS
-# include <sys/socket.h>
-# if defined(BONE_VERSION)
-#  define OPENSSL_SYS_BEOS_BONE
-# else
-#  define OPENSSL_SYS_BEOS_R5
-# endif
-#endif
-
-/**
- * That's it for OS-specific stuff
- *****************************************************************************/
-
-
-/* Specials for I/O an exit */
-#ifdef OPENSSL_SYS_MSDOS
-# define OPENSSL_UNISTD_IO <io.h>
-# define OPENSSL_DECLARE_EXIT extern void exit(int);
-#else
-# define OPENSSL_UNISTD_IO OPENSSL_UNISTD
-# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */
-#endif
-
-/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
-   certain global symbols that, with some compilers under VMS, have to be
-   defined and declared explicitely with globaldef and globalref.
-   Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
-   DLL exports and imports for compilers under Win32.  These are a little
-   more complicated to use.  Basically, for any library that exports some
-   global variables, the following code must be present in the header file
-   that declares them, before OPENSSL_EXTERN is used:
-
-   #ifdef SOME_BUILD_FLAG_MACRO
-   # undef OPENSSL_EXTERN
-   # define OPENSSL_EXTERN OPENSSL_EXPORT
-   #endif
-
-   The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL
-   have some generally sensible values, and for OPENSSL_EXTERN to have the
-   value OPENSSL_IMPORT.
-*/
-
-#if defined(OPENSSL_SYS_VMS_NODECC)
-# define OPENSSL_EXPORT globalref
-# define OPENSSL_IMPORT globalref
-# define OPENSSL_GLOBAL globaldef
-#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
-# define OPENSSL_EXPORT extern __declspec(dllexport)
-# define OPENSSL_IMPORT extern __declspec(dllimport)
-# define OPENSSL_GLOBAL
-#else
-# define OPENSSL_EXPORT extern
-# define OPENSSL_IMPORT extern
-# define OPENSSL_GLOBAL
-#endif
-#define OPENSSL_EXTERN OPENSSL_IMPORT
-
-/* Macros to allow global variables to be reached through function calls when
-   required (if a shared library version requires it, for example.
-   The way it's done allows definitions like this:
-
-	// in foobar.c
-	OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
-	// in foobar.h
-	OPENSSL_DECLARE_GLOBAL(int,foobar);
-	#define foobar OPENSSL_GLOBAL_REF(foobar)
-*/
-#ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value)			\
-	type *_shadow_##name(void)					\
-	{ static type _hide_##name=value; return &_hide_##name; }
-# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
-# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
-#else
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) OPENSSL_GLOBAL type _shadow_##name=value;
-# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
-# define OPENSSL_GLOBAL_REF(name) _shadow_##name
-#endif
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE)
-#  define ossl_ssize_t long
-#endif
-
-#ifdef OPENSSL_SYS_MSDOS
-#  define ossl_ssize_t long
-#endif
-
-#if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
-#  define ssize_t int
-#endif
-
-#if defined(__ultrix) && !defined(ssize_t)
-#  define ossl_ssize_t int 
-#endif
-
-#ifndef ossl_ssize_t
-#  define ossl_ssize_t ssize_t
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/ebcdic.h b/include/openssl/ebcdic.h
deleted file mode 100644
index 85f3cf7f66..0000000000
--- a/include/openssl/ebcdic.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* crypto/ebcdic.h */
-
-#ifndef HEADER_EBCDIC_H
-#define HEADER_EBCDIC_H
-
-#include <sys/types.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Avoid name clashes with other applications */
-#define os_toascii   _openssl_os_toascii
-#define os_toebcdic  _openssl_os_toebcdic
-#define ebcdic2ascii _openssl_ebcdic2ascii
-#define ascii2ebcdic _openssl_ascii2ebcdic
-
-extern const unsigned char os_toascii[256];
-extern const unsigned char os_toebcdic[256];
-void *ebcdic2ascii(void *dest, const void *srce, size_t count);
-void *ascii2ebcdic(void *dest, const void *srce, size_t count);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/ec.h b/include/openssl/ec.h
deleted file mode 100644
index b6e745b829..0000000000
--- a/include/openssl/ec.h
+++ /dev/null
@@ -1,1178 +0,0 @@
-/* crypto/ec/ec.h */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/**
- * \file crypto/ec/ec.h Include file for the OpenSSL EC functions
- * \author Originally written by Bodo Moeller for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#ifndef HEADER_EC_H
-#define HEADER_EC_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_EC
-#error EC is disabled.
-#endif
-
-#include <openssl/asn1.h>
-#include <openssl/symhacks.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#elif defined(__SUNPRO_C)
-# if __SUNPRO_C >= 0x520
-# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
-# endif
-#endif
-
-  
-#ifndef OPENSSL_ECC_MAX_FIELD_BITS
-# define OPENSSL_ECC_MAX_FIELD_BITS 661
-#endif
-
-/** Enum for the point conversion form as defined in X9.62 (ECDSA)
- *  for the encoding of a elliptic curve point (x,y) */
-typedef enum {
-	/** the point is encoded as z||x, where the octet z specifies 
-	 *  which solution of the quadratic equation y is  */
-	POINT_CONVERSION_COMPRESSED = 2,
-	/** the point is encoded as z||x||y, where z is the octet 0x02  */
-	POINT_CONVERSION_UNCOMPRESSED = 4,
-	/** the point is encoded as z||x||y, where the octet z specifies
-         *  which solution of the quadratic equation y is  */
-	POINT_CONVERSION_HYBRID = 6
-} point_conversion_form_t;
-
-
-typedef struct ec_method_st EC_METHOD;
-
-typedef struct ec_group_st
-	/*
-	 EC_METHOD *meth;
-	 -- field definition
-	 -- curve coefficients
-	 -- optional generator with associated information (order, cofactor)
-	 -- optional extra data (precomputed table for fast computation of multiples of generator)
-	 -- ASN1 stuff
-	*/
-	EC_GROUP;
-
-typedef struct ec_point_st EC_POINT;
-
-
-/********************************************************************/
-/*               EC_METHODs for curves over GF(p)                   */       
-/********************************************************************/
-
-/** Returns the basic GFp ec methods which provides the basis for the
- *  optimized methods. 
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GFp_simple_method(void);
-
-/** Returns GFp methods using montgomery multiplication.
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GFp_mont_method(void);
-
-/** Returns GFp methods using optimized methods for NIST recommended curves
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GFp_nist_method(void);
-
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-/** Returns 64-bit optimized methods for nistp224
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GFp_nistp224_method(void);
-
-/** Returns 64-bit optimized methods for nistp256
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GFp_nistp256_method(void);
-
-/** Returns 64-bit optimized methods for nistp521
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GFp_nistp521_method(void);
-#endif
-
-#ifndef OPENSSL_NO_EC2M
-/********************************************************************/ 
-/*           EC_METHOD for curves over GF(2^m)                      */
-/********************************************************************/
-
-/** Returns the basic GF2m ec method 
- *  \return  EC_METHOD object
- */
-const EC_METHOD *EC_GF2m_simple_method(void);
-
-#endif
-
-
-/********************************************************************/
-/*                   EC_GROUP functions                             */
-/********************************************************************/
-
-/** Creates a new EC_GROUP object
- *  \param   meth  EC_METHOD to use
- *  \return  newly created EC_GROUP object or NULL in case of an error.
- */
-EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
-
-/** Frees a EC_GROUP object
- *  \param  group  EC_GROUP object to be freed.
- */
-void EC_GROUP_free(EC_GROUP *group);
-
-/** Clears and frees a EC_GROUP object
- *  \param  group  EC_GROUP object to be cleared and freed.
- */
-void EC_GROUP_clear_free(EC_GROUP *group);
-
-/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD.
- *  \param  dst  destination EC_GROUP object
- *  \param  src  source EC_GROUP object
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
-
-/** Creates a new EC_GROUP object and copies the copies the content
- *  form src to the newly created EC_KEY object
- *  \param  src  source EC_GROUP object
- *  \return newly created EC_GROUP object or NULL in case of an error.
- */
-EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
-
-/** Returns the EC_METHOD of the EC_GROUP object.
- *  \param  group  EC_GROUP object 
- *  \return EC_METHOD used in this EC_GROUP object.
- */
-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
-
-/** Returns the field type of the EC_METHOD.
- *  \param  meth  EC_METHOD object
- *  \return NID of the underlying field type OID.
- */
-int EC_METHOD_get_field_type(const EC_METHOD *meth);
-
-/** Sets the generator and it's order/cofactor of a EC_GROUP object.
- *  \param  group      EC_GROUP object 
- *  \param  generator  EC_POINT object with the generator.
- *  \param  order      the order of the group generated by the generator.
- *  \param  cofactor   the index of the sub-group generated by the generator
- *                     in the group of all points on the elliptic curve.
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
-
-/** Returns the generator of a EC_GROUP object.
- *  \param  group  EC_GROUP object
- *  \return the currently used generator (possibly NULL).
- */
-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
-
-/** Gets the order of a EC_GROUP
- *  \param  group  EC_GROUP object
- *  \param  order  BIGNUM to which the order is copied
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
-
-/** Gets the cofactor of a EC_GROUP
- *  \param  group     EC_GROUP object
- *  \param  cofactor  BIGNUM to which the cofactor is copied
- *  \param  ctx       BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
-
-/** Sets the name of a EC_GROUP object
- *  \param  group  EC_GROUP object
- *  \param  nid    NID of the curve name OID
- */
-void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
-
-/** Returns the curve name of a EC_GROUP object
- *  \param  group  EC_GROUP object
- *  \return NID of the curve name OID or 0 if not set.
- */
-int EC_GROUP_get_curve_name(const EC_GROUP *group);
-
-void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
-int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
-
-void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
-
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
-size_t EC_GROUP_get_seed_len(const EC_GROUP *);
-size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
-
-/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b
- *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM with the prime number
- *  \param  a      BIGNUM with parameter a of the equation
- *  \param  b      BIGNUM with parameter b of the equation
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-
-/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b
- *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM for the prime number
- *  \param  a      BIGNUM for parameter a of the equation
- *  \param  b      BIGNUM for parameter b of the equation
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-
-#ifndef OPENSSL_NO_EC2M
-/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
- *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM with the polynomial defining the underlying field
- *  \param  a      BIGNUM with parameter a of the equation
- *  \param  b      BIGNUM with parameter b of the equation
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-
-/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
- *  \param  group  EC_GROUP object
- *  \param  p      BIGNUM for the polynomial defining the underlying field
- *  \param  a      BIGNUM for parameter a of the equation
- *  \param  b      BIGNUM for parameter b of the equation
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-#endif
-/** Returns the number of bits needed to represent a field element 
- *  \param  group  EC_GROUP object
- *  \return number of bits needed to represent a field element
- */
-int EC_GROUP_get_degree(const EC_GROUP *group);
-
-/** Checks whether the parameter in the EC_GROUP define a valid ec group
- *  \param  group  EC_GROUP object
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 if group is a valid ec group and 0 otherwise
- */
-int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
-
-/** Checks whether the discriminant of the elliptic curve is zero or not
- *  \param  group  EC_GROUP object
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 if the discriminant is not zero and 0 otherwise
- */
-int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
-
-/** Compares two EC_GROUP objects
- *  \param  a    first EC_GROUP object
- *  \param  b    second EC_GROUP object
- *  \param  ctx  BN_CTX object (optional)
- *  \return 0 if both groups are equal and 1 otherwise
- */
-int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
-
-/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*()
- * after choosing an appropriate EC_METHOD */
-
-/** Creates a new EC_GROUP object with the specified parameters defined
- *  over GFp (defined by the equation y^2 = x^3 + a*x + b)
- *  \param  p    BIGNUM with the prime number
- *  \param  a    BIGNUM with the parameter a of the equation
- *  \param  b    BIGNUM with the parameter b of the equation
- *  \param  ctx  BN_CTX object (optional)
- *  \return newly created EC_GROUP object with the specified parameters
- */
-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-#ifndef OPENSSL_NO_EC2M
-/** Creates a new EC_GROUP object with the specified parameters defined
- *  over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
- *  \param  p    BIGNUM with the polynomial defining the underlying field
- *  \param  a    BIGNUM with the parameter a of the equation
- *  \param  b    BIGNUM with the parameter b of the equation
- *  \param  ctx  BN_CTX object (optional)
- *  \return newly created EC_GROUP object with the specified parameters
- */
-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-#endif
-/** Creates a EC_GROUP object with a curve specified by a NID
- *  \param  nid  NID of the OID of the curve name
- *  \return newly created EC_GROUP object with specified curve or NULL
- *          if an error occurred
- */
-EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
-
-
-/********************************************************************/
-/*               handling of internal curves                        */
-/********************************************************************/
-
-typedef struct { 
-	int nid;
-	const char *comment;
-	} EC_builtin_curve;
-
-/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number 
- * of all available curves or zero if a error occurred. 
- * In case r ist not zero nitems EC_builtin_curve structures 
- * are filled with the data of the first nitems internal groups */
-size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
-
-
-/********************************************************************/
-/*                    EC_POINT functions                            */
-/********************************************************************/
-
-/** Creates a new EC_POINT object for the specified EC_GROUP
- *  \param  group  EC_GROUP the underlying EC_GROUP object
- *  \return newly created EC_POINT object or NULL if an error occurred
- */
-EC_POINT *EC_POINT_new(const EC_GROUP *group);
-
-/** Frees a EC_POINT object
- *  \param  point  EC_POINT object to be freed
- */
-void EC_POINT_free(EC_POINT *point);
-
-/** Clears and frees a EC_POINT object
- *  \param  point  EC_POINT object to be cleared and freed
- */
-void EC_POINT_clear_free(EC_POINT *point);
-
-/** Copies EC_POINT object
- *  \param  dst  destination EC_POINT object
- *  \param  src  source EC_POINT object
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
-
-/** Creates a new EC_POINT object and copies the content of the supplied
- *  EC_POINT
- *  \param  src    source EC_POINT object
- *  \param  group  underlying the EC_GROUP object
- *  \return newly created EC_POINT object or NULL if an error occurred 
- */
-EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
- 
-/** Returns the EC_METHOD used in EC_POINT object 
- *  \param  point  EC_POINT object
- *  \return the EC_METHOD used
- */
-const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
-
-/** Sets a point to infinity (neutral element)
- *  \param  group  underlying EC_GROUP object
- *  \param  point  EC_POINT to set to infinity
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
-
-/** Sets the jacobian projective coordinates of a EC_POINT over GFp
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM with the x-coordinate
- *  \param  y      BIGNUM with the y-coordinate
- *  \param  z      BIGNUM with the z-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
-	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
-
-/** Gets the jacobian projective coordinates of a EC_POINT over GFp
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM for the x-coordinate
- *  \param  y      BIGNUM for the y-coordinate
- *  \param  z      BIGNUM for the z-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
-	const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
-
-/** Sets the affine coordinates of a EC_POINT over GFp
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM with the x-coordinate
- *  \param  y      BIGNUM with the y-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
-
-/** Gets the affine coordinates of a EC_POINT over GFp
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM for the x-coordinate
- *  \param  y      BIGNUM for the y-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
-	const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
-
-/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM with x-coordinate
- *  \param  y_bit  integer with the y-Bit (either 0 or 1)
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
-	const BIGNUM *x, int y_bit, BN_CTX *ctx);
-#ifndef OPENSSL_NO_EC2M
-/** Sets the affine coordinates of a EC_POINT over GF2m
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM with the x-coordinate
- *  \param  y      BIGNUM with the y-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
-
-/** Gets the affine coordinates of a EC_POINT over GF2m
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM for the x-coordinate
- *  \param  y      BIGNUM for the y-coordinate
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
-	const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
-
-/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  x      BIGNUM with x-coordinate
- *  \param  y_bit  integer with the y-Bit (either 0 or 1)
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
-	const BIGNUM *x, int y_bit, BN_CTX *ctx);
-#endif
-/** Encodes a EC_POINT object to a octet string
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  form   point conversion form
- *  \param  buf    memory buffer for the result. If NULL the function returns
- *                 required buffer size.
- *  \param  len    length of the memory buffer
- *  \param  ctx    BN_CTX object (optional)
- *  \return the length of the encoded octet string or 0 if an error occurred
- */
-size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
-	point_conversion_form_t form,
-        unsigned char *buf, size_t len, BN_CTX *ctx);
-
-/** Decodes a EC_POINT from a octet string
- *  \param  group  underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \param  buf    memory buffer with the encoded ec point
- *  \param  len    length of the encoded ec point
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
-        const unsigned char *buf, size_t len, BN_CTX *ctx);
-
-/* other interfaces to point2oct/oct2point: */
-BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
-	point_conversion_form_t form, BIGNUM *, BN_CTX *);
-EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
-	EC_POINT *, BN_CTX *);
-char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
-	point_conversion_form_t form, BN_CTX *);
-EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
-	EC_POINT *, BN_CTX *);
-
-
-/********************************************************************/
-/*         functions for doing EC_POINT arithmetic                  */
-/********************************************************************/
-
-/** Computes the sum of two EC_POINT 
- *  \param  group  underlying EC_GROUP object
- *  \param  r      EC_POINT object for the result (r = a + b)
- *  \param  a      EC_POINT object with the first summand
- *  \param  b      EC_POINT object with the second summand
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
-
-/** Computes the double of a EC_POINT
- *  \param  group  underlying EC_GROUP object
- *  \param  r      EC_POINT object for the result (r = 2 * a)
- *  \param  a      EC_POINT object 
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
-
-/** Computes the inverse of a EC_POINT
- *  \param  group  underlying EC_GROUP object
- *  \param  a      EC_POINT object to be inverted (it's used for the result as well)
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
-
-/** Checks whether the point is the neutral element of the group
- *  \param  group  the underlying EC_GROUP object
- *  \param  p      EC_POINT object
- *  \return 1 if the point is the neutral element and 0 otherwise
- */
-int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
-
-/** Checks whether the point is on the curve 
- *  \param  group  underlying EC_GROUP object
- *  \param  point  EC_POINT object to check
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 if point if on the curve and 0 otherwise
- */
-int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx);
-
-/** Compares two EC_POINTs 
- *  \param  group  underlying EC_GROUP object
- *  \param  a      first EC_POINT object
- *  \param  b      second EC_POINT object
- *  \param  ctx    BN_CTX object (optional)
- *  \return 0 if both points are equal and a value != 0 otherwise
- */
-int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
-
-int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
-int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
-
-/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i]
- *  \param  group  underlying EC_GROUP object
- *  \param  r      EC_POINT object for the result
- *  \param  n      BIGNUM with the multiplier for the group generator (optional)
- *  \param  num    number futher summands
- *  \param  p      array of size num of EC_POINT objects
- *  \param  m      array of size num of BIGNUM objects
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
-
-/** Computes r = generator * n + q * m
- *  \param  group  underlying EC_GROUP object
- *  \param  r      EC_POINT object for the result
- *  \param  n      BIGNUM with the multiplier for the group generator (optional)
- *  \param  q      EC_POINT object with the first factor of the second summand
- *  \param  m      BIGNUM with the second factor of the second summand
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
-
-/** Stores multiples of generator for faster point multiplication
- *  \param  group  EC_GROUP object
- *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
- */
-int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-
-/** Reports whether a precomputation has been done
- *  \param  group  EC_GROUP object
- *  \return 1 if a pre-computation has been done and 0 otherwise
- */
-int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
-
-
-/********************************************************************/
-/*                       ASN1 stuff                                 */
-/********************************************************************/
-
-/* EC_GROUP_get_basis_type() returns the NID of the basis type
- * used to represent the field elements */
-int EC_GROUP_get_basis_type(const EC_GROUP *);
-#ifndef OPENSSL_NO_EC2M
-int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
-int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, 
-	unsigned int *k2, unsigned int *k3);
-#endif
-
-#define OPENSSL_EC_NAMED_CURVE	0x001
-
-typedef struct ecpk_parameters_st ECPKPARAMETERS;
-
-EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
-int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
-
-#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
-#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
-#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
-                (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
-#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
-		(unsigned char *)(x))
-
-#ifndef OPENSSL_NO_BIO
-int     ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
-#endif
-#ifndef OPENSSL_NO_FP_API
-int     ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
-#endif
-
-
-/********************************************************************/
-/*                      EC_KEY functions                            */
-/********************************************************************/
-
-typedef struct ec_key_st EC_KEY;
-
-/* some values for the encoding_flag */
-#define EC_PKEY_NO_PARAMETERS	0x001
-#define EC_PKEY_NO_PUBKEY	0x002
-
-/* some values for the flags field */
-#define EC_FLAG_NON_FIPS_ALLOW	0x1
-#define EC_FLAG_FIPS_CHECKED	0x2
-
-/** Creates a new EC_KEY object.
- *  \return EC_KEY object or NULL if an error occurred.
- */
-EC_KEY *EC_KEY_new(void);
-
-int EC_KEY_get_flags(const EC_KEY *key);
-
-void EC_KEY_set_flags(EC_KEY *key, int flags);
-
-void EC_KEY_clear_flags(EC_KEY *key, int flags);
-
-/** Creates a new EC_KEY object using a named curve as underlying
- *  EC_GROUP object.
- *  \param  nid  NID of the named curve.
- *  \return EC_KEY object or NULL if an error occurred. 
- */
-EC_KEY *EC_KEY_new_by_curve_name(int nid);
-
-/** Frees a EC_KEY object.
- *  \param  key  EC_KEY object to be freed.
- */
-void EC_KEY_free(EC_KEY *key);
-
-/** Copies a EC_KEY object.
- *  \param  dst  destination EC_KEY object
- *  \param  src  src EC_KEY object
- *  \return dst or NULL if an error occurred.
- */
-EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
-
-/** Creates a new EC_KEY object and copies the content from src to it.
- *  \param  src  the source EC_KEY object
- *  \return newly created EC_KEY object or NULL if an error occurred.
- */
-EC_KEY *EC_KEY_dup(const EC_KEY *src);
-
-/** Increases the internal reference count of a EC_KEY object.
- *  \param  key  EC_KEY object
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_KEY_up_ref(EC_KEY *key);
-
-/** Returns the EC_GROUP object of a EC_KEY object
- *  \param  key  EC_KEY object
- *  \return the EC_GROUP object (possibly NULL).
- */
-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
-
-/** Sets the EC_GROUP of a EC_KEY object.
- *  \param  key    EC_KEY object
- *  \param  group  EC_GROUP to use in the EC_KEY object (note: the EC_KEY
- *                 object will use an own copy of the EC_GROUP).
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
-
-/** Returns the private key of a EC_KEY object.
- *  \param  key  EC_KEY object
- *  \return a BIGNUM with the private key (possibly NULL).
- */
-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
-
-/** Sets the private key of a EC_KEY object.
- *  \param  key  EC_KEY object
- *  \param  prv  BIGNUM with the private key (note: the EC_KEY object
- *               will use an own copy of the BIGNUM).
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
-
-/** Returns the public key of a EC_KEY object.
- *  \param  key  the EC_KEY object
- *  \return a EC_POINT object with the public key (possibly NULL)
- */
-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
-
-/** Sets the public key of a EC_KEY object.
- *  \param  key  EC_KEY object
- *  \param  pub  EC_POINT object with the public key (note: the EC_KEY object
- *               will use an own copy of the EC_POINT object).
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
-
-unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
-void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
-void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
-/* functions to set/get method specific data  */
-void *EC_KEY_get_key_method_data(EC_KEY *key, 
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-/** Sets the key method data of an EC_KEY object, if none has yet been set.
- *  \param  key              EC_KEY object
- *  \param  data             opaque data to install.
- *  \param  dup_func         a function that duplicates |data|.
- *  \param  free_func        a function that frees |data|.
- *  \param  clear_free_func  a function that wipes and frees |data|.
- *  \return the previously set data pointer, or NULL if |data| was inserted.
- */
-void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-/* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
-
-/** Sets whether ECDSA operations with the given key will calculate their k
- * value from SHA512(private_key + message + random) in order to protect
- * against a weak PRNG.
- * \param  on  Whether to calculate k from a hash or not
- */
-void EC_KEY_set_nonce_from_hash(EC_KEY *key, int on);
-
-/** Returns the value of nonce_from_hash
- */
-int EC_KEY_get_nonce_from_hash(const EC_KEY *key);
-
-/** Creates a table of pre-computed multiples of the generator to 
- *  accelerate further EC_KEY operations.
- *  \param  key  EC_KEY object
- *  \param  ctx  BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
-
-/** Creates a new ec private (and optional a new public) key.
- *  \param  key  EC_KEY object
- *  \return 1 on success and 0 if an error occurred.
- */
-int EC_KEY_generate_key(EC_KEY *key);
-
-/** Verifies that a private and/or public key is valid.
- *  \param  key  the EC_KEY object
- *  \return 1 on success and 0 otherwise.
- */
-int EC_KEY_check_key(const EC_KEY *key);
-
-/** Sets a public key from affine coordindates performing
- *  neccessary NIST PKV tests.
- *  \param  key  the EC_KEY object
- *  \param  x    public key x coordinate
- *  \param  y    public key y coordinate
- *  \return 1 on success and 0 otherwise.
- */
-int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
-
-
-/********************************************************************/
-/*        de- and encoding functions for SEC1 ECPrivateKey          */
-/********************************************************************/
-
-/** Decodes a private key from a memory buffer.
- *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
- *  \param  in   pointer to memory with the DER encoded private key
- *  \param  len  length of the DER encoded private key
- *  \return the decoded private key or NULL if an error occurred.
- */
-EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
-
-/** Encodes a private key object and stores the result in a buffer.
- *  \param  key  the EC_KEY object to encode
- *  \param  out  the buffer for the result (if NULL the function returns number
- *               of bytes needed).
- *  \return 1 on success and 0 if an error occurred.
- */
-int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
-
-
-/********************************************************************/
-/*        de- and encoding functions for EC parameters              */
-/********************************************************************/
-
-/** Decodes ec parameter from a memory buffer.
- *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
- *  \param  in   pointer to memory with the DER encoded ec parameters
- *  \param  len  length of the DER encoded ec parameters
- *  \return a EC_KEY object with the decoded parameters or NULL if an error
- *          occurred.
- */
-EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
-
-/** Encodes ec parameter and stores the result in a buffer.
- *  \param  key  the EC_KEY object with ec paramters to encode
- *  \param  out  the buffer for the result (if NULL the function returns number
- *               of bytes needed).
- *  \return 1 on success and 0 if an error occurred.
- */
-int i2d_ECParameters(EC_KEY *key, unsigned char **out);
-
-
-/********************************************************************/
-/*         de- and encoding functions for EC public key             */
-/*         (octet string, not DER -- hence 'o2i' and 'i2o')         */
-/********************************************************************/
-
-/** Decodes a ec public key from a octet string.
- *  \param  key  a pointer to a EC_KEY object which should be used
- *  \param  in   memory buffer with the encoded public key
- *  \param  len  length of the encoded public key
- *  \return EC_KEY object with decoded public key or NULL if an error
- *          occurred.
- */
-EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
-
-/** Encodes a ec public key in an octet string.
- *  \param  key  the EC_KEY object with the public key
- *  \param  out  the buffer for the result (if NULL the function returns number
- *               of bytes needed).
- *  \return 1 on success and 0 if an error occurred
- */
-int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);
-
-#ifndef OPENSSL_NO_BIO
-/** Prints out the ec parameters on human readable form.
- *  \param  bp   BIO object to which the information is printed
- *  \param  key  EC_KEY object
- *  \return 1 on success and 0 if an error occurred
- */
-int	ECParameters_print(BIO *bp, const EC_KEY *key);
-
-/** Prints out the contents of a EC_KEY object
- *  \param  bp   BIO object to which the information is printed
- *  \param  key  EC_KEY object
- *  \param  off  line offset 
- *  \return 1 on success and 0 if an error occurred
- */
-int	EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
-
-#endif
-#ifndef OPENSSL_NO_FP_API
-/** Prints out the ec parameters on human readable form.
- *  \param  fp   file descriptor to which the information is printed
- *  \param  key  EC_KEY object
- *  \return 1 on success and 0 if an error occurred
- */
-int	ECParameters_print_fp(FILE *fp, const EC_KEY *key);
-
-/** Prints out the contents of a EC_KEY object
- *  \param  fp   file descriptor to which the information is printed
- *  \param  key  EC_KEY object
- *  \param  off  line offset 
- *  \return 1 on success and 0 if an error occurred
- */
-int	EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
-
-#endif
-
-#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
-
-#ifndef __cplusplus
-#if defined(__SUNPRO_C)
-#  if __SUNPRO_C >= 0x520
-# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
-#  endif
-# endif
-#endif
-
-#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \
-				EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
-
-
-#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID		(EVP_PKEY_ALG_CTRL + 1)
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_EC_strings(void);
-
-/* Error codes for the EC functions. */
-
-/* Function codes. */
-#define EC_F_BN_TO_FELEM				 224
-#define EC_F_COMPUTE_WNAF				 143
-#define EC_F_D2I_ECPARAMETERS				 144
-#define EC_F_D2I_ECPKPARAMETERS				 145
-#define EC_F_D2I_ECPRIVATEKEY				 146
-#define EC_F_DO_EC_KEY_PRINT				 221
-#define EC_F_ECKEY_PARAM2TYPE				 223
-#define EC_F_ECKEY_PARAM_DECODE				 212
-#define EC_F_ECKEY_PRIV_DECODE				 213
-#define EC_F_ECKEY_PRIV_ENCODE				 214
-#define EC_F_ECKEY_PUB_DECODE				 215
-#define EC_F_ECKEY_PUB_ENCODE				 216
-#define EC_F_ECKEY_TYPE2PARAM				 220
-#define EC_F_ECPARAMETERS_PRINT				 147
-#define EC_F_ECPARAMETERS_PRINT_FP			 148
-#define EC_F_ECPKPARAMETERS_PRINT			 149
-#define EC_F_ECPKPARAMETERS_PRINT_FP			 150
-#define EC_F_ECP_NIST_MOD_192				 203
-#define EC_F_ECP_NIST_MOD_224				 204
-#define EC_F_ECP_NIST_MOD_256				 205
-#define EC_F_ECP_NIST_MOD_521				 206
-#define EC_F_EC_ASN1_GROUP2CURVE			 153
-#define EC_F_EC_ASN1_GROUP2FIELDID			 154
-#define EC_F_EC_ASN1_GROUP2PARAMETERS			 155
-#define EC_F_EC_ASN1_GROUP2PKPARAMETERS			 156
-#define EC_F_EC_ASN1_PARAMETERS2GROUP			 157
-#define EC_F_EC_ASN1_PKPARAMETERS2GROUP			 158
-#define EC_F_EC_EX_DATA_SET_DATA			 211
-#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY		 208
-#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT	 159
-#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE		 195
-#define EC_F_EC_GF2M_SIMPLE_OCT2POINT			 160
-#define EC_F_EC_GF2M_SIMPLE_POINT2OCT			 161
-#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
-#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
-#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES	 164
-#define EC_F_EC_GFP_MONT_FIELD_DECODE			 133
-#define EC_F_EC_GFP_MONT_FIELD_ENCODE			 134
-#define EC_F_EC_GFP_MONT_FIELD_MUL			 131
-#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE		 209
-#define EC_F_EC_GFP_MONT_FIELD_SQR			 132
-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE		 189
-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP		 135
-#define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE		 225
-#define EC_F_EC_GFP_NISTP224_POINTS_MUL			 228
-#define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
-#define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE		 230
-#define EC_F_EC_GFP_NISTP256_POINTS_MUL			 231
-#define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232
-#define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE		 233
-#define EC_F_EC_GFP_NISTP521_POINTS_MUL			 234
-#define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235
-#define EC_F_EC_GFP_NIST_FIELD_MUL			 200
-#define EC_F_EC_GFP_NIST_FIELD_SQR			 201
-#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE		 202
-#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT	 165
-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE		 166
-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP		 100
-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR		 101
-#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE			 102
-#define EC_F_EC_GFP_SIMPLE_OCT2POINT			 103
-#define EC_F_EC_GFP_SIMPLE_POINT2OCT			 104
-#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE		 137
-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES	 167
-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES	 168
-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES	 169
-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
-#define EC_F_EC_GROUP_CHECK				 170
-#define EC_F_EC_GROUP_CHECK_DISCRIMINANT		 171
-#define EC_F_EC_GROUP_COPY				 106
-#define EC_F_EC_GROUP_GET0_GENERATOR			 139
-#define EC_F_EC_GROUP_GET_COFACTOR			 140
-#define EC_F_EC_GROUP_GET_CURVE_GF2M			 172
-#define EC_F_EC_GROUP_GET_CURVE_GFP			 130
-#define EC_F_EC_GROUP_GET_DEGREE			 173
-#define EC_F_EC_GROUP_GET_ORDER				 141
-#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS		 193
-#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS		 194
-#define EC_F_EC_GROUP_NEW				 108
-#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME			 174
-#define EC_F_EC_GROUP_NEW_FROM_DATA			 175
-#define EC_F_EC_GROUP_PRECOMPUTE_MULT			 142
-#define EC_F_EC_GROUP_SET_CURVE_GF2M			 176
-#define EC_F_EC_GROUP_SET_CURVE_GFP			 109
-#define EC_F_EC_GROUP_SET_EXTRA_DATA			 110
-#define EC_F_EC_GROUP_SET_GENERATOR			 111
-#define EC_F_EC_KEY_CHECK_KEY				 177
-#define EC_F_EC_KEY_COPY				 178
-#define EC_F_EC_KEY_GENERATE_KEY			 179
-#define EC_F_EC_KEY_NEW					 182
-#define EC_F_EC_KEY_PRINT				 180
-#define EC_F_EC_KEY_PRINT_FP				 181
-#define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES	 229
-#define EC_F_EC_POINTS_MAKE_AFFINE			 136
-#define EC_F_EC_POINT_ADD				 112
-#define EC_F_EC_POINT_CMP				 113
-#define EC_F_EC_POINT_COPY				 114
-#define EC_F_EC_POINT_DBL				 115
-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M	 183
-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP	 116
-#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP	 117
-#define EC_F_EC_POINT_INVERT				 210
-#define EC_F_EC_POINT_IS_AT_INFINITY			 118
-#define EC_F_EC_POINT_IS_ON_CURVE			 119
-#define EC_F_EC_POINT_MAKE_AFFINE			 120
-#define EC_F_EC_POINT_MUL				 184
-#define EC_F_EC_POINT_NEW				 121
-#define EC_F_EC_POINT_OCT2POINT				 122
-#define EC_F_EC_POINT_POINT2OCT				 123
-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M	 185
-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP	 124
-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M	 186
-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP	 125
-#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP	 126
-#define EC_F_EC_POINT_SET_TO_INFINITY			 127
-#define EC_F_EC_PRE_COMP_DUP				 207
-#define EC_F_EC_PRE_COMP_NEW				 196
-#define EC_F_EC_WNAF_MUL				 187
-#define EC_F_EC_WNAF_PRECOMPUTE_MULT			 188
-#define EC_F_I2D_ECPARAMETERS				 190
-#define EC_F_I2D_ECPKPARAMETERS				 191
-#define EC_F_I2D_ECPRIVATEKEY				 192
-#define EC_F_I2O_ECPUBLICKEY				 151
-#define EC_F_NISTP224_PRE_COMP_NEW			 227
-#define EC_F_NISTP256_PRE_COMP_NEW			 236
-#define EC_F_NISTP521_PRE_COMP_NEW			 237
-#define EC_F_O2I_ECPUBLICKEY				 152
-#define EC_F_OLD_EC_PRIV_DECODE				 222
-#define EC_F_PKEY_EC_CTRL				 197
-#define EC_F_PKEY_EC_CTRL_STR				 198
-#define EC_F_PKEY_EC_DERIVE				 217
-#define EC_F_PKEY_EC_KEYGEN				 199
-#define EC_F_PKEY_EC_PARAMGEN				 219
-#define EC_F_PKEY_EC_SIGN				 218
-
-/* Reason codes. */
-#define EC_R_ASN1_ERROR					 115
-#define EC_R_ASN1_UNKNOWN_FIELD				 116
-#define EC_R_BIGNUM_OUT_OF_RANGE			 144
-#define EC_R_BUFFER_TOO_SMALL				 100
-#define EC_R_COORDINATES_OUT_OF_RANGE			 146
-#define EC_R_D2I_ECPKPARAMETERS_FAILURE			 117
-#define EC_R_DECODE_ERROR				 142
-#define EC_R_DISCRIMINANT_IS_ZERO			 118
-#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE		 119
-#define EC_R_FIELD_TOO_LARGE				 143
-#define EC_R_GF2M_NOT_SUPPORTED				 147
-#define EC_R_GROUP2PKPARAMETERS_FAILURE			 120
-#define EC_R_I2D_ECPKPARAMETERS_FAILURE			 121
-#define EC_R_INCOMPATIBLE_OBJECTS			 101
-#define EC_R_INVALID_ARGUMENT				 112
-#define EC_R_INVALID_COMPRESSED_POINT			 110
-#define EC_R_INVALID_COMPRESSION_BIT			 109
-#define EC_R_INVALID_CURVE				 141
-#define EC_R_INVALID_DIGEST_TYPE			 138
-#define EC_R_INVALID_ENCODING				 102
-#define EC_R_INVALID_FIELD				 103
-#define EC_R_INVALID_FORM				 104
-#define EC_R_INVALID_GROUP_ORDER			 122
-#define EC_R_INVALID_PENTANOMIAL_BASIS			 132
-#define EC_R_INVALID_PRIVATE_KEY			 123
-#define EC_R_INVALID_TRINOMIAL_BASIS			 137
-#define EC_R_KEYS_NOT_SET				 140
-#define EC_R_MISSING_PARAMETERS				 124
-#define EC_R_MISSING_PRIVATE_KEY			 125
-#define EC_R_NOT_A_NIST_PRIME				 135
-#define EC_R_NOT_A_SUPPORTED_NIST_PRIME			 136
-#define EC_R_NOT_IMPLEMENTED				 126
-#define EC_R_NOT_INITIALIZED				 111
-#define EC_R_NO_FIELD_MOD				 133
-#define EC_R_NO_PARAMETERS_SET				 139
-#define EC_R_PASSED_NULL_PARAMETER			 134
-#define EC_R_PKPARAMETERS2GROUP_FAILURE			 127
-#define EC_R_POINT_AT_INFINITY				 106
-#define EC_R_POINT_IS_NOT_ON_CURVE			 107
-#define EC_R_SLOT_FULL					 108
-#define EC_R_UNDEFINED_GENERATOR			 113
-#define EC_R_UNDEFINED_ORDER				 128
-#define EC_R_UNKNOWN_GROUP				 129
-#define EC_R_UNKNOWN_ORDER				 114
-#define EC_R_UNSUPPORTED_FIELD				 131
-#define EC_R_WRONG_CURVE_PARAMETERS			 145
-#define EC_R_WRONG_ORDER				 130
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/ecdh.h b/include/openssl/ecdh.h
deleted file mode 100644
index 8887102c0b..0000000000
--- a/include/openssl/ecdh.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/* crypto/ecdh/ecdh.h */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_ECDH_H
-#define HEADER_ECDH_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_ECDH
-#error ECDH is disabled.
-#endif
-
-#include <openssl/ec.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-const ECDH_METHOD *ECDH_OpenSSL(void);
-
-void	  ECDH_set_default_method(const ECDH_METHOD *);
-const ECDH_METHOD *ECDH_get_default_method(void);
-int 	  ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
-
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
-                     void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-
-int 	  ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 
-		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int 	  ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
-void 	  *ECDH_get_ex_data(EC_KEY *d, int idx);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ECDH_strings(void);
-
-/* Error codes for the ECDH functions. */
-
-/* Function codes. */
-#define ECDH_F_ECDH_CHECK				 102
-#define ECDH_F_ECDH_COMPUTE_KEY				 100
-#define ECDH_F_ECDH_DATA_NEW_METHOD			 101
-
-/* Reason codes. */
-#define ECDH_R_KDF_FAILED				 102
-#define ECDH_R_NON_FIPS_METHOD				 103
-#define ECDH_R_NO_PRIVATE_VALUE				 100
-#define ECDH_R_POINT_ARITHMETIC_FAILURE			 101
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/ecdsa.h b/include/openssl/ecdsa.h
deleted file mode 100644
index dc6a36b1e8..0000000000
--- a/include/openssl/ecdsa.h
+++ /dev/null
@@ -1,261 +0,0 @@
-/* crypto/ecdsa/ecdsa.h */
-/**
- * \file   crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
- * \author Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_ECDSA_H
-#define HEADER_ECDSA_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_ECDSA
-#error ECDSA is disabled.
-#endif
-
-#include <openssl/ec.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct ECDSA_SIG_st
-	{
-	BIGNUM *r;
-	BIGNUM *s;
-	} ECDSA_SIG;
-
-/** Allocates and initialize a ECDSA_SIG structure
- *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
-ECDSA_SIG *ECDSA_SIG_new(void);
-
-/** frees a ECDSA_SIG structure
- *  \param  sig  pointer to the ECDSA_SIG structure
- */
-void	  ECDSA_SIG_free(ECDSA_SIG *sig);
-
-/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
- *  (*pp += length of the DER encoded signature)).
- *  \param  sig  pointer to the ECDSA_SIG object
- *  \param  pp   pointer to a unsigned char pointer for the output or NULL
- *  \return the length of the DER encoded ECDSA_SIG object or 0 
- */
-int	  i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
-
-/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
- *  (*pp += len)). 
- *  \param  sig  pointer to ECDSA_SIG pointer (may be NULL)
- *  \param  pp   memory buffer with the DER encoded signature
- *  \param  len  length of the buffer
- *  \return pointer to the decoded ECDSA_SIG structure (or NULL)
- */
-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
-
-/** Computes the ECDSA signature of the given hash value using
- *  the supplied private key and returns the created signature.
- *  \param  dgst      pointer to the hash value
- *  \param  dgst_len  length of the hash value
- *  \param  eckey     EC_KEY object containing a private EC key
- *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey);
-
-/** Computes ECDSA signature of a given hash value using the supplied
- *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- *  \param  dgst     pointer to the hash value to sign
- *  \param  dgstlen  length of the hash value
- *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
- *  \param  rp       BIGNUM with a pre-computed rp value (optioanl), 
- *                   see ECDSA_sign_setup
- *  \param  eckey    EC_KEY object containing a private EC key
- *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, 
-		const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
-
-/** Verifies that the supplied signature is a valid ECDSA
- *  signature of the supplied hash value using the supplied public key.
- *  \param  dgst      pointer to the hash value
- *  \param  dgst_len  length of the hash value
- *  \param  sig       ECDSA_SIG structure
- *  \param  eckey     EC_KEY object containing a public EC key
- *  \return 1 if the signature is valid, 0 if the signature is invalid
- *          and -1 on error
- */
-int	  ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
-		const ECDSA_SIG *sig, EC_KEY* eckey);
-
-const ECDSA_METHOD *ECDSA_OpenSSL(void);
-
-/** Sets the default ECDSA method
- *  \param  meth  new default ECDSA_METHOD
- */
-void	  ECDSA_set_default_method(const ECDSA_METHOD *meth);
-
-/** Returns the default ECDSA method
- *  \return pointer to ECDSA_METHOD structure containing the default method
- */
-const ECDSA_METHOD *ECDSA_get_default_method(void);
-
-/** Sets method to be used for the ECDSA operations
- *  \param  eckey  EC_KEY object
- *  \param  meth   new method
- *  \return 1 on success and 0 otherwise 
- */
-int 	  ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
-
-/** Returns the maximum length of the DER encoded signature
- *  \param  eckey  EC_KEY object
- *  \return numbers of bytes required for the DER encoded signature
- */
-int	  ECDSA_size(const EC_KEY *eckey);
-
-/** Precompute parts of the signing operation
- *  \param  eckey  EC_KEY object containing a private EC key
- *  \param  ctx    BN_CTX object (optional)
- *  \param  kinv   BIGNUM pointer for the inverse of k
- *  \param  rp     BIGNUM pointer for x coordinate of k * generator
- *  \return 1 on success and 0 otherwise
- */
-int 	  ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 
-		BIGNUM **rp);
-
-/** Computes ECDSA signature of a given hash value using the supplied
- *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- *  \param  type     this parameter is ignored
- *  \param  dgst     pointer to the hash value to sign
- *  \param  dgstlen  length of the hash value
- *  \param  sig      memory for the DER encoded created signature
- *  \param  siglen   pointer to the length of the returned signature
- *  \param  eckey    EC_KEY object containing a private EC key
- *  \return 1 on success and 0 otherwise
- */
-int	  ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, 
-		unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
-
-
-/** Computes ECDSA signature of a given hash value using the supplied
- *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- *  \param  type     this parameter is ignored
- *  \param  dgst     pointer to the hash value to sign
- *  \param  dgstlen  length of the hash value
- *  \param  sig      buffer to hold the DER encoded signature
- *  \param  siglen   pointer to the length of the returned signature
- *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
- *  \param  rp       BIGNUM with a pre-computed rp value (optioanl), 
- *                   see ECDSA_sign_setup
- *  \param  eckey    EC_KEY object containing a private EC key
- *  \return 1 on success and 0 otherwise
- */
-int	  ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, 
-		unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
-		const BIGNUM *rp, EC_KEY *eckey);
-
-/** Verifies that the given signature is valid ECDSA signature
- *  of the supplied hash value using the specified public key.
- *  \param  type     this parameter is ignored
- *  \param  dgst     pointer to the hash value 
- *  \param  dgstlen  length of the hash value
- *  \param  sig      pointer to the DER encoded signature
- *  \param  siglen   length of the DER encoded signature
- *  \param  eckey    EC_KEY object containing a public EC key
- *  \return 1 if the signature is valid, 0 if the signature is invalid
- *          and -1 on error
- */
-int 	  ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, 
-		const unsigned char *sig, int siglen, EC_KEY *eckey);
-
-/* the standard ex_data functions */
-int 	  ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 
-		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int 	  ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
-void 	  *ECDSA_get_ex_data(EC_KEY *d, int idx);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ECDSA_strings(void);
-
-/* Error codes for the ECDSA functions. */
-
-/* Function codes. */
-#define ECDSA_F_ECDSA_CHECK				 104
-#define ECDSA_F_ECDSA_DATA_NEW_METHOD			 100
-#define ECDSA_F_ECDSA_DO_SIGN				 101
-#define ECDSA_F_ECDSA_DO_VERIFY				 102
-#define ECDSA_F_ECDSA_SIGN_SETUP			 103
-
-/* Reason codes. */
-#define ECDSA_R_BAD_SIGNATURE				 100
-#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 101
-#define ECDSA_R_ERR_EC_LIB				 102
-#define ECDSA_R_MISSING_PARAMETERS			 103
-#define ECDSA_R_NEED_NEW_SETUP_VALUES			 106
-#define ECDSA_R_NONCE_CANNOT_BE_PRECOMPUTED		 108
-#define ECDSA_R_NON_FIPS_METHOD				 107
-#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED		 104
-#define ECDSA_R_SIGNATURE_MALLOC_FAILED			 105
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/engine.h b/include/openssl/engine.h
deleted file mode 100644
index f8be497724..0000000000
--- a/include/openssl/engine.h
+++ /dev/null
@@ -1,842 +0,0 @@
-/* openssl/engine.h */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_ENGINE_H
-#define HEADER_ENGINE_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_ENGINE
-#error ENGINE is disabled.
-#endif
-
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#include <openssl/rand.h>
-#include <openssl/ui.h>
-#include <openssl/err.h>
-#endif
-
-#include <openssl/ossl_typ.h>
-#include <openssl/symhacks.h>
-
-#include <openssl/x509.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* These flags are used to control combinations of algorithm (methods)
- * by bitwise "OR"ing. */
-#define ENGINE_METHOD_RSA		(unsigned int)0x0001
-#define ENGINE_METHOD_DSA		(unsigned int)0x0002
-#define ENGINE_METHOD_DH		(unsigned int)0x0004
-#define ENGINE_METHOD_RAND		(unsigned int)0x0008
-#define ENGINE_METHOD_ECDH		(unsigned int)0x0010
-#define ENGINE_METHOD_ECDSA		(unsigned int)0x0020
-#define ENGINE_METHOD_CIPHERS		(unsigned int)0x0040
-#define ENGINE_METHOD_DIGESTS		(unsigned int)0x0080
-#define ENGINE_METHOD_STORE		(unsigned int)0x0100
-#define ENGINE_METHOD_PKEY_METHS	(unsigned int)0x0200
-#define ENGINE_METHOD_PKEY_ASN1_METHS	(unsigned int)0x0400
-/* Obvious all-or-nothing cases. */
-#define ENGINE_METHOD_ALL		(unsigned int)0xFFFF
-#define ENGINE_METHOD_NONE		(unsigned int)0x0000
-
-/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
- * internally to control registration of ENGINE implementations, and can be set
- * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
- * initialise registered ENGINEs if they are not already initialised. */
-#define ENGINE_TABLE_FLAG_NOINIT	(unsigned int)0x0001
-
-/* ENGINE flags that can be set by ENGINE_set_flags(). */
-/* #define ENGINE_FLAGS_MALLOCED	0x0001 */ /* Not used */
-
-/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
- * control commands on their own. Without this flag, ENGINE_ctrl() handles these
- * control commands on behalf of the ENGINE using their "cmd_defns" data. */
-#define ENGINE_FLAGS_MANUAL_CMD_CTRL	(int)0x0002
-
-/* This flag is for ENGINEs who return new duplicate structures when found via
- * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
- * commands are called in sequence as part of some stateful process like
- * key-generation setup and execution), it can set this flag - then each attempt
- * to obtain the ENGINE will result in it being copied into a new structure.
- * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
- * the existing ENGINE's structural reference count. */
-#define ENGINE_FLAGS_BY_ID_COPY		(int)0x0004
-
-/* This flag if for an ENGINE that does not want its methods registered as 
- * part of ENGINE_register_all_complete() for example if the methods are
- * not usable as default methods.
- */
-
-#define ENGINE_FLAGS_NO_REGISTER_ALL	(int)0x0008
-
-/* ENGINEs can support their own command types, and these flags are used in
- * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
- * command expects. Currently only numeric and string input is supported. If a
- * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
- * then it is regarded as an "internal" control command - and not for use in
- * config setting situations. As such, they're not available to the
- * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
- * this list of 'command types' should be reflected carefully in
- * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
-
-/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
-#define ENGINE_CMD_FLAG_NUMERIC		(unsigned int)0x0001
-/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
- * ENGINE_ctrl) */
-#define ENGINE_CMD_FLAG_STRING		(unsigned int)0x0002
-/* Indicates that the control command takes *no* input. Ie. the control command
- * is unparameterised. */
-#define ENGINE_CMD_FLAG_NO_INPUT	(unsigned int)0x0004
-/* Indicates that the control command is internal. This control command won't
- * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
- * function. */
-#define ENGINE_CMD_FLAG_INTERNAL	(unsigned int)0x0008
-
-/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
- * relying on these commands should compile conditional support for
- * compatibility (eg. if these symbols are defined) but should also migrate the
- * same functionality to their own ENGINE-specific control functions that can be
- * "discovered" by calling applications. The fact these control commands
- * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
- * fact that application code can find and use them without requiring per-ENGINE
- * hacking. */
-
-/* These flags are used to tell the ctrl function what should be done.
- * All command numbers are shared between all engines, even if some don't
- * make sense to some engines.  In such a case, they do nothing but return
- * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
-#define ENGINE_CTRL_SET_LOGSTREAM		1
-#define ENGINE_CTRL_SET_PASSWORD_CALLBACK	2
-#define ENGINE_CTRL_HUP				3 /* Close and reinitialise any
-						     handles/connections etc. */
-#define ENGINE_CTRL_SET_USER_INTERFACE          4 /* Alternative to callback */
-#define ENGINE_CTRL_SET_CALLBACK_DATA           5 /* User-specific data, used
-						     when calling the password
-						     callback and the user
-						     interface */
-#define ENGINE_CTRL_LOAD_CONFIGURATION		6 /* Load a configuration, given
-						     a string that represents a
-						     file name or so */
-#define ENGINE_CTRL_LOAD_SECTION		7 /* Load data from a given
-						     section in the already loaded
-						     configuration */
-
-/* These control commands allow an application to deal with an arbitrary engine
- * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
- * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
- * including ENGINE-specific command types, return zero for an error.
- *
- * An ENGINE can choose to implement these ctrl functions, and can internally
- * manage things however it chooses - it does so by setting the
- * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
- * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
- * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
- * handler need only implement its own commands - the above "meta" commands will
- * be taken care of. */
-
-/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
- * all the remaining control commands will return failure, so it is worth
- * checking this first if the caller is trying to "discover" the engine's
- * capabilities and doesn't want errors generated unnecessarily. */
-#define ENGINE_CTRL_HAS_CTRL_FUNCTION		10
-/* Returns a positive command number for the first command supported by the
- * engine. Returns zero if no ctrl commands are supported. */
-#define ENGINE_CTRL_GET_FIRST_CMD_TYPE		11
-/* The 'long' argument specifies a command implemented by the engine, and the
- * return value is the next command supported, or zero if there are no more. */
-#define ENGINE_CTRL_GET_NEXT_CMD_TYPE		12
-/* The 'void*' argument is a command name (cast from 'const char *'), and the
- * return value is the command that corresponds to it. */
-#define ENGINE_CTRL_GET_CMD_FROM_NAME		13
-/* The next two allow a command to be converted into its corresponding string
- * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
- * case, the return value is the length of the command name (not counting a
- * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
- * large enough, and it will be populated with the name of the command (WITH a
- * trailing EOL). */
-#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD	14
-#define ENGINE_CTRL_GET_NAME_FROM_CMD		15
-/* The next two are similar but give a "short description" of a command. */
-#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD	16
-#define ENGINE_CTRL_GET_DESC_FROM_CMD		17
-/* With this command, the return value is the OR'd combination of
- * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
- * engine-specific ctrl command expects. */
-#define ENGINE_CTRL_GET_CMD_FLAGS		18
-
-/* ENGINE implementations should start the numbering of their own control
- * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
-#define ENGINE_CMD_BASE				200
-
-/* NB: These 2 nCipher "chil" control commands are deprecated, and their
- * functionality is now available through ENGINE-specific control commands
- * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
- * commands should be migrated to the more general command handling before these
- * are removed. */
-
-/* Flags specific to the nCipher "chil" engine */
-#define ENGINE_CTRL_CHIL_SET_FORKCHECK		100
-	/* Depending on the value of the (long)i argument, this sets or
-	 * unsets the SimpleForkCheck flag in the CHIL API to enable or
-	 * disable checking and workarounds for applications that fork().
-	 */
-#define ENGINE_CTRL_CHIL_NO_LOCKING		101
-	/* This prevents the initialisation function from providing mutex
-	 * callbacks to the nCipher library. */
-
-/* If an ENGINE supports its own specific control commands and wishes the
- * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
- * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
- * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
- * supports the stated commands (ie. the "cmd_num" entries as described by the
- * array). NB: The array must be ordered in increasing order of cmd_num.
- * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
- * to zero and/or cmd_name set to NULL. */
-typedef struct ENGINE_CMD_DEFN_st
-	{
-	unsigned int cmd_num; /* The command number */
-	const char *cmd_name; /* The command name itself */
-	const char *cmd_desc; /* A short description of the command */
-	unsigned int cmd_flags; /* The input the command expects */
-	} ENGINE_CMD_DEFN;
-
-/* Generic function pointer */
-typedef int (*ENGINE_GEN_FUNC_PTR)(void);
-/* Generic function pointer taking no arguments */
-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
-/* Specific control function pointer */
-typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void));
-/* Generic load_key function pointer */
-typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
-	UI_METHOD *ui_method, void *callback_data);
-typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
-	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
-	STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
-/* These callback types are for an ENGINE's handler for cipher and digest logic.
- * These handlers have these prototypes;
- *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
- *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
- * Looking at how to implement these handlers in the case of cipher support, if
- * the framework wants the EVP_CIPHER for 'nid', it will call;
- *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)
- * If the framework wants a list of supported 'nid's, it will call;
- *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
- */
-/* Returns to a pointer to the array of supported cipher 'nid's. If the second
- * parameter is non-NULL it is set to the size of the returned array. */
-typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
-typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
-typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, const int **, int);
-typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, const int **, int);
-/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
- * structures where the pointers have a "structural reference". This means that
- * their reference is to allowed access to the structure but it does not imply
- * that the structure is functional. To simply increment or decrement the
- * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
- * required when iterating using ENGINE_get_next as it will automatically
- * decrement the structural reference count of the "current" ENGINE and
- * increment the structural reference count of the ENGINE it returns (unless it
- * is NULL). */
-
-/* Get the first/last "ENGINE" type available. */
-ENGINE *ENGINE_get_first(void);
-ENGINE *ENGINE_get_last(void);
-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *ENGINE_get_next(ENGINE *e);
-ENGINE *ENGINE_get_prev(ENGINE *e);
-/* Add another "ENGINE" type into the array. */
-int ENGINE_add(ENGINE *e);
-/* Remove an existing "ENGINE" type from the array. */
-int ENGINE_remove(ENGINE *e);
-/* Retrieve an engine from the list by its unique "id" value. */
-ENGINE *ENGINE_by_id(const char *id);
-/* Add all the built-in engines. */
-void ENGINE_load_openssl(void);
-void ENGINE_load_dynamic(void);
-#ifndef OPENSSL_NO_STATIC_ENGINE
-void ENGINE_load_4758cca(void);
-void ENGINE_load_aep(void);
-void ENGINE_load_atalla(void);
-void ENGINE_load_chil(void);
-void ENGINE_load_cswift(void);
-void ENGINE_load_nuron(void);
-void ENGINE_load_sureware(void);
-void ENGINE_load_ubsec(void);
-void ENGINE_load_padlock(void);
-void ENGINE_load_capi(void);
-#ifndef OPENSSL_NO_GMP
-void ENGINE_load_gmp(void);
-#endif
-#ifndef OPENSSL_NO_GOST
-void ENGINE_load_gost(void);
-#endif
-#endif
-void ENGINE_load_cryptodev(void);
-void ENGINE_load_rsax(void);
-void ENGINE_load_rdrand(void);
-void ENGINE_load_builtin_engines(void);
-
-/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
- * "registry" handling. */
-unsigned int ENGINE_get_table_flags(void);
-void ENGINE_set_table_flags(unsigned int flags);
-
-/* Manage registration of ENGINEs per "table". For each type, there are 3
- * functions;
- *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
- *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
- *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
- * Cleanup is automatically registered from each table when required, so
- * ENGINE_cleanup() will reverse any "register" operations. */
-
-int ENGINE_register_RSA(ENGINE *e);
-void ENGINE_unregister_RSA(ENGINE *e);
-void ENGINE_register_all_RSA(void);
-
-int ENGINE_register_DSA(ENGINE *e);
-void ENGINE_unregister_DSA(ENGINE *e);
-void ENGINE_register_all_DSA(void);
-
-int ENGINE_register_ECDH(ENGINE *e);
-void ENGINE_unregister_ECDH(ENGINE *e);
-void ENGINE_register_all_ECDH(void);
-
-int ENGINE_register_ECDSA(ENGINE *e);
-void ENGINE_unregister_ECDSA(ENGINE *e);
-void ENGINE_register_all_ECDSA(void);
-
-int ENGINE_register_DH(ENGINE *e);
-void ENGINE_unregister_DH(ENGINE *e);
-void ENGINE_register_all_DH(void);
-
-int ENGINE_register_RAND(ENGINE *e);
-void ENGINE_unregister_RAND(ENGINE *e);
-void ENGINE_register_all_RAND(void);
-
-int ENGINE_register_STORE(ENGINE *e);
-void ENGINE_unregister_STORE(ENGINE *e);
-void ENGINE_register_all_STORE(void);
-
-int ENGINE_register_ciphers(ENGINE *e);
-void ENGINE_unregister_ciphers(ENGINE *e);
-void ENGINE_register_all_ciphers(void);
-
-int ENGINE_register_digests(ENGINE *e);
-void ENGINE_unregister_digests(ENGINE *e);
-void ENGINE_register_all_digests(void);
-
-int ENGINE_register_pkey_meths(ENGINE *e);
-void ENGINE_unregister_pkey_meths(ENGINE *e);
-void ENGINE_register_all_pkey_meths(void);
-
-int ENGINE_register_pkey_asn1_meths(ENGINE *e);
-void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
-void ENGINE_register_all_pkey_asn1_meths(void);
-
-/* These functions register all support from the above categories. Note, use of
- * these functions can result in static linkage of code your application may not
- * need. If you only need a subset of functionality, consider using more
- * selective initialisation. */
-int ENGINE_register_complete(ENGINE *e);
-int ENGINE_register_all_complete(void);
-
-/* Send parametrised control commands to the engine. The possibilities to send
- * down an integer, a pointer to data or a function pointer are provided. Any of
- * the parameters may or may not be NULL, depending on the command number. In
- * actuality, this function only requires a structural (rather than functional)
- * reference to an engine, but many control commands may require the engine be
- * functional. The caller should be aware of trying commands that require an
- * operational ENGINE, and only use functional references in such situations. */
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-/* This function tests if an ENGINE-specific command is usable as a "setting".
- * Eg. in an application's config file that gets processed through
- * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
- * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
-int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
-
-/* This function works like ENGINE_ctrl() with the exception of taking a
- * command name instead of a command number, and can handle optional commands.
- * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
- * use the cmd_name and cmd_optional. */
-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-        long i, void *p, void (*f)(void), int cmd_optional);
-
-/* This function passes a command-name and argument to an ENGINE. The cmd_name
- * is converted to a command number and the control command is called using
- * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
- * which case no control command is called). The command is checked for input
- * flags, and if necessary the argument will be converted to a numeric value. If
- * cmd_optional is non-zero, then if the ENGINE doesn't support the given
- * cmd_name the return value will be success anyway. This function is intended
- * for applications to use so that users (or config files) can supply
- * engine-specific config data to the ENGINE at run-time to control behaviour of
- * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
- * functions that return data, deal with binary data, or that are otherwise
- * supposed to be used directly through ENGINE_ctrl() in application code. Any
- * "return" data from an ENGINE_ctrl() operation in this function will be lost -
- * the return value is interpreted as failure if the return value is zero,
- * success otherwise, and this function returns a boolean value as a result. In
- * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
- * implementations with parameterisations that work in this scheme, so that
- * compliant ENGINE-based applications can work consistently with the same
- * configuration for the same ENGINE-enabled devices, across applications. */
-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-				int cmd_optional);
-
-/* These functions are useful for manufacturing new ENGINE structures. They
- * don't address reference counting at all - one uses them to populate an ENGINE
- * structure with personalised implementations of things prior to using it
- * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
- * here so that the ENGINE structure doesn't have to be exposed and break binary
- * compatibility! */
-ENGINE *ENGINE_new(void);
-int ENGINE_free(ENGINE *e);
-int ENGINE_up_ref(ENGINE *e);
-int ENGINE_set_id(ENGINE *e, const char *id);
-int ENGINE_set_name(ENGINE *e, const char *name);
-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
-int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);
-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
-int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
-				ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
-int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
-int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
-int ENGINE_set_flags(ENGINE *e, int flags);
-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
-/* These functions allow control over any per-structure ENGINE data. */
-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-		CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
-void *ENGINE_get_ex_data(const ENGINE *e, int idx);
-
-/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
- * automatically ensures the list cleanup function is registered to be called
- * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
- * ENGINE_cleanup() will clean up after them. */
-void ENGINE_cleanup(void);
-
-/* These return values from within the ENGINE structure. These can be useful
- * with functional references as well as structural references - it depends
- * which you obtained. Using the result for functional purposes if you only
- * obtained a structural reference may be problematic! */
-const char *ENGINE_get_id(const ENGINE *e);
-const char *ENGINE_get_name(const ENGINE *e);
-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
-const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
-const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
-const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
-ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
-ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
-const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
-const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
-const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
-					const char *str, int len);
-const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
-					const char *str, int len);
-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
-int ENGINE_get_flags(const ENGINE *e);
-
-/* FUNCTIONAL functions. These functions deal with ENGINE structures
- * that have (or will) be initialised for use. Broadly speaking, the
- * structural functions are useful for iterating the list of available
- * engine types, creating new engine types, and other "list" operations.
- * These functions actually deal with ENGINEs that are to be used. As
- * such these functions can fail (if applicable) when particular
- * engines are unavailable - eg. if a hardware accelerator is not
- * attached or not functioning correctly. Each ENGINE has 2 reference
- * counts; structural and functional. Every time a functional reference
- * is obtained or released, a corresponding structural reference is
- * automatically obtained or released too. */
-
-/* Initialise a engine type for use (or up its reference count if it's
- * already in use). This will fail if the engine is not currently
- * operational and cannot initialise. */
-int ENGINE_init(ENGINE *e);
-/* Free a functional reference to a engine type. This does not require
- * a corresponding call to ENGINE_free as it also releases a structural
- * reference. */
-int ENGINE_finish(ENGINE *e);
-
-/* The following functions handle keys that are stored in some secondary
- * location, handled by the engine.  The storage may be on a card or
- * whatever. */
-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data);
-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data);
-int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
-	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
-	STACK_OF(X509) **pother,
-	UI_METHOD *ui_method, void *callback_data);
-
-/* This returns a pointer for the current ENGINE structure that
- * is (by default) performing any RSA operations. The value returned
- * is an incremented reference, so it should be free'd (ENGINE_finish)
- * before it is discarded. */
-ENGINE *ENGINE_get_default_RSA(void);
-/* Same for the other "methods" */
-ENGINE *ENGINE_get_default_DSA(void);
-ENGINE *ENGINE_get_default_ECDH(void);
-ENGINE *ENGINE_get_default_ECDSA(void);
-ENGINE *ENGINE_get_default_DH(void);
-ENGINE *ENGINE_get_default_RAND(void);
-/* These functions can be used to get a functional reference to perform
- * ciphering or digesting corresponding to "nid". */
-ENGINE *ENGINE_get_cipher_engine(int nid);
-ENGINE *ENGINE_get_digest_engine(int nid);
-ENGINE *ENGINE_get_pkey_meth_engine(int nid);
-ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
-
-/* This sets a new default ENGINE structure for performing RSA
- * operations. If the result is non-zero (success) then the ENGINE
- * structure will have had its reference count up'd so the caller
- * should still free their own reference 'e'. */
-int ENGINE_set_default_RSA(ENGINE *e);
-int ENGINE_set_default_string(ENGINE *e, const char *def_list);
-/* Same for the other "methods" */
-int ENGINE_set_default_DSA(ENGINE *e);
-int ENGINE_set_default_ECDH(ENGINE *e);
-int ENGINE_set_default_ECDSA(ENGINE *e);
-int ENGINE_set_default_DH(ENGINE *e);
-int ENGINE_set_default_RAND(ENGINE *e);
-int ENGINE_set_default_ciphers(ENGINE *e);
-int ENGINE_set_default_digests(ENGINE *e);
-int ENGINE_set_default_pkey_meths(ENGINE *e);
-int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
-
-/* The combination "set" - the flags are bitwise "OR"d from the
- * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
- * function, this function can result in unnecessary static linkage. If your
- * application requires only specific functionality, consider using more
- * selective functions. */
-int ENGINE_set_default(ENGINE *e, unsigned int flags);
-
-void ENGINE_add_conf_module(void);
-
-/* Deprecated functions ... */
-/* int ENGINE_clear_defaults(void); */
-
-/**************************/
-/* DYNAMIC ENGINE SUPPORT */
-/**************************/
-
-/* Binary/behaviour compatibility levels */
-#define OSSL_DYNAMIC_VERSION		(unsigned long)0x00020000
-/* Binary versions older than this are too old for us (whether we're a loader or
- * a loadee) */
-#define OSSL_DYNAMIC_OLDEST		(unsigned long)0x00020000
-
-/* When compiling an ENGINE entirely as an external shared library, loadable by
- * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
- * type provides the calling application's (or library's) error functionality
- * and memory management function pointers to the loaded library. These should
- * be used/set in the loaded library code so that the loading application's
- * 'state' will be used/changed in all operations. The 'static_state' pointer
- * allows the loaded library to know if it shares the same static data as the
- * calling application (or library), and thus whether these callbacks need to be
- * set or not. */
-typedef void *(*dyn_MEM_malloc_cb)(size_t);
-typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
-typedef void (*dyn_MEM_free_cb)(void *);
-typedef struct st_dynamic_MEM_fns {
-	dyn_MEM_malloc_cb			malloc_cb;
-	dyn_MEM_realloc_cb			realloc_cb;
-	dyn_MEM_free_cb				free_cb;
-	} dynamic_MEM_fns;
-/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
- * these types so we (and any other dependant code) can simplify a bit?? */
-typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);
-typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);
-typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
-						const char *,int);
-typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,
-						const char *,int);
-typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
-						const char *,int);
-typedef struct st_dynamic_LOCK_fns {
-	dyn_lock_locking_cb			lock_locking_cb;
-	dyn_lock_add_lock_cb			lock_add_lock_cb;
-	dyn_dynlock_create_cb			dynlock_create_cb;
-	dyn_dynlock_lock_cb			dynlock_lock_cb;
-	dyn_dynlock_destroy_cb			dynlock_destroy_cb;
-	} dynamic_LOCK_fns;
-/* The top-level structure */
-typedef struct st_dynamic_fns {
-	void 					*static_state;
-	const ERR_FNS				*err_fns;
-	const CRYPTO_EX_DATA_IMPL		*ex_data_fns;
-	dynamic_MEM_fns				mem_fns;
-	dynamic_LOCK_fns			lock_fns;
-	} dynamic_fns;
-
-/* The version checking function should be of this prototype. NB: The
- * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
- * If this function returns zero, it indicates a (potential) version
- * incompatibility and the loaded library doesn't believe it can proceed.
- * Otherwise, the returned value is the (latest) version supported by the
- * loading library. The loader may still decide that the loaded code's version
- * is unsatisfactory and could veto the load. The function is expected to
- * be implemented with the symbol name "v_check", and a default implementation
- * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
-typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
-#define IMPLEMENT_DYNAMIC_CHECK_FN() \
-	OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
-	OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
-		if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
-		return 0; }
-
-/* This function is passed the ENGINE structure to initialise with its own
- * function and command settings. It should not adjust the structural or
- * functional reference counts. If this function returns zero, (a) the load will
- * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
- * structure, and (c) the shared library will be unloaded. So implementations
- * should do their own internal cleanup in failure circumstances otherwise they
- * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
- * the loader is looking for. If this is NULL, the shared library can choose to
- * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
- * library must initialise only an ENGINE matching the passed 'id'. The function
- * is expected to be implemented with the symbol name "bind_engine". A standard
- * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
- * the parameter 'fn' is a callback function that populates the ENGINE structure
- * and returns an int value (zero for failure). 'fn' should have prototype;
- *    [static] int fn(ENGINE *e, const char *id); */
-typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
-				const dynamic_fns *fns);
-#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
-	OPENSSL_EXPORT \
-	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
-	OPENSSL_EXPORT \
-	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
-		if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
-		if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
-			fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
-			return 0; \
-		CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
-		CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
-		CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
-		CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
-		CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
-		if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
-			return 0; \
-		if(!ERR_set_implementation(fns->err_fns)) return 0; \
-	skip_cbs: \
-		if(!fn(e,id)) return 0; \
-		return 1; }
-
-/* If the loading application (or library) and the loaded ENGINE library share
- * the same static data (eg. they're both dynamically linked to the same
- * libcrypto.so) we need a way to avoid trying to set system callbacks - this
- * would fail, and for the same reason that it's unnecessary to try. If the
- * loaded ENGINE has (or gets from through the loader) its own copy of the
- * libcrypto static data, we will need to set the callbacks. The easiest way to
- * detect this is to have a function that returns a pointer to some static data
- * and let the loading application and loaded ENGINE compare their respective
- * values. */
-void *ENGINE_get_static_state(void);
-
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-void ENGINE_setup_bsd_cryptodev(void);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ENGINE_strings(void);
-
-/* Error codes for the ENGINE functions. */
-
-/* Function codes. */
-#define ENGINE_F_DYNAMIC_CTRL				 180
-#define ENGINE_F_DYNAMIC_GET_DATA_CTX			 181
-#define ENGINE_F_DYNAMIC_LOAD				 182
-#define ENGINE_F_DYNAMIC_SET_DATA_CTX			 183
-#define ENGINE_F_ENGINE_ADD				 105
-#define ENGINE_F_ENGINE_BY_ID				 106
-#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE		 170
-#define ENGINE_F_ENGINE_CTRL				 142
-#define ENGINE_F_ENGINE_CTRL_CMD			 178
-#define ENGINE_F_ENGINE_CTRL_CMD_STRING			 171
-#define ENGINE_F_ENGINE_FINISH				 107
-#define ENGINE_F_ENGINE_FREE_UTIL			 108
-#define ENGINE_F_ENGINE_GET_CIPHER			 185
-#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE		 177
-#define ENGINE_F_ENGINE_GET_DIGEST			 186
-#define ENGINE_F_ENGINE_GET_NEXT			 115
-#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH		 193
-#define ENGINE_F_ENGINE_GET_PKEY_METH			 192
-#define ENGINE_F_ENGINE_GET_PREV			 116
-#define ENGINE_F_ENGINE_INIT				 119
-#define ENGINE_F_ENGINE_LIST_ADD			 120
-#define ENGINE_F_ENGINE_LIST_REMOVE			 121
-#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY		 150
-#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY			 151
-#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT		 194
-#define ENGINE_F_ENGINE_NEW				 122
-#define ENGINE_F_ENGINE_REMOVE				 123
-#define ENGINE_F_ENGINE_SET_DEFAULT_STRING		 189
-#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE		 126
-#define ENGINE_F_ENGINE_SET_ID				 129
-#define ENGINE_F_ENGINE_SET_NAME			 130
-#define ENGINE_F_ENGINE_TABLE_REGISTER			 184
-#define ENGINE_F_ENGINE_UNLOAD_KEY			 152
-#define ENGINE_F_ENGINE_UNLOCKED_FINISH			 191
-#define ENGINE_F_ENGINE_UP_REF				 190
-#define ENGINE_F_INT_CTRL_HELPER			 172
-#define ENGINE_F_INT_ENGINE_CONFIGURE			 188
-#define ENGINE_F_INT_ENGINE_MODULE_INIT			 187
-#define ENGINE_F_LOG_MESSAGE				 141
-
-/* Reason codes. */
-#define ENGINE_R_ALREADY_LOADED				 100
-#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER		 133
-#define ENGINE_R_CMD_NOT_EXECUTABLE			 134
-#define ENGINE_R_COMMAND_TAKES_INPUT			 135
-#define ENGINE_R_COMMAND_TAKES_NO_INPUT			 136
-#define ENGINE_R_CONFLICTING_ENGINE_ID			 103
-#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED		 119
-#define ENGINE_R_DH_NOT_IMPLEMENTED			 139
-#define ENGINE_R_DSA_NOT_IMPLEMENTED			 140
-#define ENGINE_R_DSO_FAILURE				 104
-#define ENGINE_R_DSO_NOT_FOUND				 132
-#define ENGINE_R_ENGINES_SECTION_ERROR			 148
-#define ENGINE_R_ENGINE_CONFIGURATION_ERROR		 102
-#define ENGINE_R_ENGINE_IS_NOT_IN_LIST			 105
-#define ENGINE_R_ENGINE_SECTION_ERROR			 149
-#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY		 128
-#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY		 129
-#define ENGINE_R_FINISH_FAILED				 106
-#define ENGINE_R_GET_HANDLE_FAILED			 107
-#define ENGINE_R_ID_OR_NAME_MISSING			 108
-#define ENGINE_R_INIT_FAILED				 109
-#define ENGINE_R_INTERNAL_LIST_ERROR			 110
-#define ENGINE_R_INVALID_ARGUMENT			 143
-#define ENGINE_R_INVALID_CMD_NAME			 137
-#define ENGINE_R_INVALID_CMD_NUMBER			 138
-#define ENGINE_R_INVALID_INIT_VALUE			 151
-#define ENGINE_R_INVALID_STRING				 150
-#define ENGINE_R_NOT_INITIALISED			 117
-#define ENGINE_R_NOT_LOADED				 112
-#define ENGINE_R_NO_CONTROL_FUNCTION			 120
-#define ENGINE_R_NO_INDEX				 144
-#define ENGINE_R_NO_LOAD_FUNCTION			 125
-#define ENGINE_R_NO_REFERENCE				 130
-#define ENGINE_R_NO_SUCH_ENGINE				 116
-#define ENGINE_R_NO_UNLOAD_FUNCTION			 126
-#define ENGINE_R_PROVIDE_PARAMETERS			 113
-#define ENGINE_R_RSA_NOT_IMPLEMENTED			 141
-#define ENGINE_R_UNIMPLEMENTED_CIPHER			 146
-#define ENGINE_R_UNIMPLEMENTED_DIGEST			 147
-#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD	 101
-#define ENGINE_R_VERSION_INCOMPATIBILITY		 145
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/err.h b/include/openssl/err.h
deleted file mode 100644
index 974cc9cc6f..0000000000
--- a/include/openssl/err.h
+++ /dev/null
@@ -1,386 +0,0 @@
-/* crypto/err/err.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ERR_H
-#define HEADER_ERR_H
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h>
-#include <stdlib.h>
-#endif
-
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_LHASH
-#include <openssl/lhash.h>
-#endif
-
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-#ifndef OPENSSL_NO_ERR
-#define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,d,e)
-#else
-#define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,NULL,0)
-#endif
-
-#include <errno.h>
-
-#define ERR_TXT_MALLOCED	0x01
-#define ERR_TXT_STRING		0x02
-
-#define ERR_FLAG_MARK		0x01
-
-#define ERR_NUM_ERRORS	16
-typedef struct err_state_st
-	{
-	CRYPTO_THREADID tid;
-	int err_flags[ERR_NUM_ERRORS];
-	unsigned long err_buffer[ERR_NUM_ERRORS];
-	char *err_data[ERR_NUM_ERRORS];
-	int err_data_flags[ERR_NUM_ERRORS];
-	const char *err_file[ERR_NUM_ERRORS];
-	int err_line[ERR_NUM_ERRORS];
-	int top,bottom;
-	} ERR_STATE;
-
-/* library */
-#define ERR_LIB_NONE		1
-#define ERR_LIB_SYS		2
-#define ERR_LIB_BN		3
-#define ERR_LIB_RSA		4
-#define ERR_LIB_DH		5
-#define ERR_LIB_EVP		6
-#define ERR_LIB_BUF		7
-#define ERR_LIB_OBJ		8
-#define ERR_LIB_PEM		9
-#define ERR_LIB_DSA		10
-#define ERR_LIB_X509		11
-/* #define ERR_LIB_METH         12 */
-#define ERR_LIB_ASN1		13
-#define ERR_LIB_CONF		14
-#define ERR_LIB_CRYPTO		15
-#define ERR_LIB_EC		16
-#define ERR_LIB_SSL		20
-/* #define ERR_LIB_SSL23        21 */
-/* #define ERR_LIB_SSL2         22 */
-/* #define ERR_LIB_SSL3         23 */
-/* #define ERR_LIB_RSAREF       30 */
-/* #define ERR_LIB_PROXY        31 */
-#define ERR_LIB_BIO		32
-#define ERR_LIB_PKCS7		33
-#define ERR_LIB_X509V3		34
-#define ERR_LIB_PKCS12		35
-#define ERR_LIB_RAND		36
-#define ERR_LIB_DSO		37
-#define ERR_LIB_ENGINE		38
-#define ERR_LIB_OCSP            39
-#define ERR_LIB_UI              40
-#define ERR_LIB_COMP            41
-#define ERR_LIB_ECDSA		42
-#define ERR_LIB_ECDH		43
-#define ERR_LIB_STORE           44
-#define ERR_LIB_FIPS		45
-#define ERR_LIB_CMS		46
-#define ERR_LIB_TS		47
-#define ERR_LIB_HMAC		48
-#define ERR_LIB_JPAKE		49
-
-#define ERR_LIB_USER		128
-
-#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
-#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
-#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
-#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
-#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
-#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
-#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
-#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
-#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
-#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
-#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
-#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
-#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
-#define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
-#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
-#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
-#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
-#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
-#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
-#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
-#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
-#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
-#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
-#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
-#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
-#define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
-#define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
-#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
-#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
-#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
-#define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
-#define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
-#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
-
-/* Borland C seems too stupid to be able to shift and do longs in
- * the pre-processor :-( */
-#define ERR_PACK(l,f,r)		(((((unsigned long)l)&0xffL)*0x1000000)| \
-				((((unsigned long)f)&0xfffL)*0x1000)| \
-				((((unsigned long)r)&0xfffL)))
-#define ERR_GET_LIB(l)		(int)((((unsigned long)l)>>24L)&0xffL)
-#define ERR_GET_FUNC(l)		(int)((((unsigned long)l)>>12L)&0xfffL)
-#define ERR_GET_REASON(l)	(int)((l)&0xfffL)
-#define ERR_FATAL_ERROR(l)	(int)((l)&ERR_R_FATAL)
-
-
-/* OS functions */
-#define SYS_F_FOPEN		1
-#define SYS_F_CONNECT		2
-#define SYS_F_GETSERVBYNAME	3
-#define SYS_F_SOCKET		4
-#define SYS_F_IOCTLSOCKET	5
-#define SYS_F_BIND		6
-#define SYS_F_LISTEN		7
-#define SYS_F_ACCEPT		8
-#define SYS_F_WSASTARTUP	9 /* Winsock stuff */
-#define SYS_F_OPENDIR		10
-#define SYS_F_FREAD		11
-
-
-/* reasons */
-#define ERR_R_SYS_LIB	ERR_LIB_SYS       /* 2 */
-#define ERR_R_BN_LIB	ERR_LIB_BN        /* 3 */
-#define ERR_R_RSA_LIB	ERR_LIB_RSA       /* 4 */
-#define ERR_R_DH_LIB	ERR_LIB_DH        /* 5 */
-#define ERR_R_EVP_LIB	ERR_LIB_EVP       /* 6 */
-#define ERR_R_BUF_LIB	ERR_LIB_BUF       /* 7 */
-#define ERR_R_OBJ_LIB	ERR_LIB_OBJ       /* 8 */
-#define ERR_R_PEM_LIB	ERR_LIB_PEM       /* 9 */
-#define ERR_R_DSA_LIB	ERR_LIB_DSA      /* 10 */
-#define ERR_R_X509_LIB	ERR_LIB_X509     /* 11 */
-#define ERR_R_ASN1_LIB	ERR_LIB_ASN1     /* 13 */
-#define ERR_R_CONF_LIB	ERR_LIB_CONF     /* 14 */
-#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO  /* 15 */
-#define ERR_R_EC_LIB	ERR_LIB_EC       /* 16 */
-#define ERR_R_SSL_LIB	ERR_LIB_SSL      /* 20 */
-#define ERR_R_BIO_LIB	ERR_LIB_BIO      /* 32 */
-#define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7    /* 33 */
-#define ERR_R_X509V3_LIB ERR_LIB_X509V3  /* 34 */
-#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12  /* 35 */
-#define ERR_R_RAND_LIB	ERR_LIB_RAND     /* 36 */
-#define ERR_R_DSO_LIB	ERR_LIB_DSO      /* 37 */
-#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE  /* 38 */
-#define ERR_R_OCSP_LIB  ERR_LIB_OCSP     /* 39 */
-#define ERR_R_UI_LIB    ERR_LIB_UI       /* 40 */
-#define ERR_R_COMP_LIB	ERR_LIB_COMP     /* 41 */
-#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA	 /* 42 */
-#define ERR_R_ECDH_LIB  ERR_LIB_ECDH	 /* 43 */
-#define ERR_R_STORE_LIB ERR_LIB_STORE    /* 44 */
-#define ERR_R_TS_LIB	ERR_LIB_TS       /* 45 */
-
-#define ERR_R_NESTED_ASN1_ERROR			58
-#define ERR_R_BAD_ASN1_OBJECT_HEADER		59
-#define ERR_R_BAD_GET_ASN1_OBJECT_CALL		60
-#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE	61
-#define ERR_R_ASN1_LENGTH_MISMATCH		62
-#define ERR_R_MISSING_ASN1_EOS			63
-
-/* fatal error */
-#define ERR_R_FATAL				64
-#define	ERR_R_MALLOC_FAILURE			(1|ERR_R_FATAL)
-#define	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	(2|ERR_R_FATAL)
-#define	ERR_R_PASSED_NULL_PARAMETER		(3|ERR_R_FATAL)
-#define	ERR_R_INTERNAL_ERROR			(4|ERR_R_FATAL)
-#define	ERR_R_DISABLED				(5|ERR_R_FATAL)
-
-/* 99 is the maximum possible ERR_R_... code, higher values
- * are reserved for the individual libraries */
-
-
-typedef struct ERR_string_data_st
-	{
-	unsigned long error;
-	const char *string;
-	} ERR_STRING_DATA;
-
-void ERR_put_error(int lib, int func,int reason,const char *file,int line);
-void ERR_set_error_data(char *data,int flags);
-
-unsigned long ERR_get_error(void);
-unsigned long ERR_get_error_line(const char **file,int *line);
-unsigned long ERR_get_error_line_data(const char **file,int *line,
-				      const char **data, int *flags);
-unsigned long ERR_peek_error(void);
-unsigned long ERR_peek_error_line(const char **file,int *line);
-unsigned long ERR_peek_error_line_data(const char **file,int *line,
-				       const char **data,int *flags);
-unsigned long ERR_peek_last_error(void);
-unsigned long ERR_peek_last_error_line(const char **file,int *line);
-unsigned long ERR_peek_last_error_line_data(const char **file,int *line,
-				       const char **data,int *flags);
-void ERR_clear_error(void );
-char *ERR_error_string(unsigned long e,char *buf);
-void ERR_error_string_n(unsigned long e, char *buf, size_t len);
-const char *ERR_lib_error_string(unsigned long e);
-const char *ERR_func_error_string(unsigned long e);
-const char *ERR_reason_error_string(unsigned long e);
-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
-			 void *u);
-#ifndef OPENSSL_NO_FP_API
-void ERR_print_errors_fp(FILE *fp);
-#endif
-#ifndef OPENSSL_NO_BIO
-void ERR_print_errors(BIO *bp);
-#endif
-void ERR_add_error_data(int num, ...);
-void ERR_add_error_vdata(int num, va_list args);
-void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
-void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
-void ERR_load_ERR_strings(void);
-void ERR_load_crypto_strings(void);
-void ERR_free_strings(void);
-
-void ERR_remove_thread_state(const CRYPTO_THREADID *tid);
-#ifndef OPENSSL_NO_DEPRECATED
-void ERR_remove_state(unsigned long pid); /* if zero we look it up */
-#endif
-ERR_STATE *ERR_get_state(void);
-
-#ifndef OPENSSL_NO_LHASH
-LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);
-LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void);
-void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash);
-#endif
-
-int ERR_get_next_error_library(void);
-
-int ERR_set_mark(void);
-int ERR_pop_to_mark(void);
-
-/* Already defined in ossl_typ.h */
-/* typedef struct st_ERR_FNS ERR_FNS; */
-/* An application can use this function and provide the return value to loaded
- * modules that should use the application's ERR state/functionality */
-const ERR_FNS *ERR_get_implementation(void);
-/* A loaded module should call this function prior to any ERR operations using
- * the application's "ERR_FNS". */
-int ERR_set_implementation(const ERR_FNS *fns);
-
-#ifdef	__cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
deleted file mode 100644
index ce7cda35d3..0000000000
--- a/include/openssl/evp.h
+++ /dev/null
@@ -1,1411 +0,0 @@
-/* crypto/evp/evp.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ENVELOPE_H
-#define HEADER_ENVELOPE_H
-
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# include <openssl/opensslconf.h>
-#else
-# define OPENSSL_ALGORITHM_DEFINES
-# include <openssl/opensslconf.h>
-# undef OPENSSL_ALGORITHM_DEFINES
-#endif
-
-#include <openssl/ossl_typ.h>
-
-#include <openssl/symhacks.h>
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-
-/*
-#define EVP_RC2_KEY_SIZE		16
-#define EVP_RC4_KEY_SIZE		16
-#define EVP_BLOWFISH_KEY_SIZE		16
-#define EVP_CAST5_KEY_SIZE		16
-#define EVP_RC5_32_12_16_KEY_SIZE	16
-*/
-#define EVP_MAX_MD_SIZE			64	/* longest known is SHA512 */
-#define EVP_MAX_KEY_LENGTH		64
-#define EVP_MAX_IV_LENGTH		16
-#define EVP_MAX_BLOCK_LENGTH		32
-
-#define PKCS5_SALT_LEN			8
-/* Default PKCS#5 iteration count */
-#define PKCS5_DEFAULT_ITER		2048
-
-#include <openssl/objects.h>
-
-#define EVP_PK_RSA	0x0001
-#define EVP_PK_DSA	0x0002
-#define EVP_PK_DH	0x0004
-#define EVP_PK_EC	0x0008
-#define EVP_PKT_SIGN	0x0010
-#define EVP_PKT_ENC	0x0020
-#define EVP_PKT_EXCH	0x0040
-#define EVP_PKS_RSA	0x0100
-#define EVP_PKS_DSA	0x0200
-#define EVP_PKS_EC	0x0400
-#define EVP_PKT_EXP	0x1000 /* <= 512 bit key */
-
-#define EVP_PKEY_NONE	NID_undef
-#define EVP_PKEY_RSA	NID_rsaEncryption
-#define EVP_PKEY_RSA2	NID_rsa
-#define EVP_PKEY_DSA	NID_dsa
-#define EVP_PKEY_DSA1	NID_dsa_2
-#define EVP_PKEY_DSA2	NID_dsaWithSHA
-#define EVP_PKEY_DSA3	NID_dsaWithSHA1
-#define EVP_PKEY_DSA4	NID_dsaWithSHA1_2
-#define EVP_PKEY_DH	NID_dhKeyAgreement
-#define EVP_PKEY_EC	NID_X9_62_id_ecPublicKey
-#define EVP_PKEY_HMAC	NID_hmac
-#define EVP_PKEY_CMAC	NID_cmac
-
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-/* Type needs to be a bit field
- * Sub-type needs to be for variations on the method, as in, can it do
- * arbitrary encryption.... */
-struct evp_pkey_st
-	{
-	int type;
-	int save_type;
-	int references;
-	const EVP_PKEY_ASN1_METHOD *ameth;
-	ENGINE *engine;
-	union	{
-		char *ptr;
-#ifndef OPENSSL_NO_RSA
-		struct rsa_st *rsa;	/* RSA */
-#endif
-#ifndef OPENSSL_NO_DSA
-		struct dsa_st *dsa;	/* DSA */
-#endif
-#ifndef OPENSSL_NO_DH
-		struct dh_st *dh;	/* DH */
-#endif
-#ifndef OPENSSL_NO_EC
-		struct ec_key_st *ec;	/* ECC */
-#endif
-		} pkey;
-	int save_parameters;
-	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-	} /* EVP_PKEY */;
-
-#define EVP_PKEY_MO_SIGN	0x0001
-#define EVP_PKEY_MO_VERIFY	0x0002
-#define EVP_PKEY_MO_ENCRYPT	0x0004
-#define EVP_PKEY_MO_DECRYPT	0x0008
-
-#ifndef EVP_MD
-struct env_md_st
-	{
-	int type;
-	int pkey_type;
-	int md_size;
-	unsigned long flags;
-	int (*init)(EVP_MD_CTX *ctx);
-	int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
-	int (*final)(EVP_MD_CTX *ctx,unsigned char *md);
-	int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);
-	int (*cleanup)(EVP_MD_CTX *ctx);
-
-	/* FIXME: prototype these some day */
-	int (*sign)(int type, const unsigned char *m, unsigned int m_length,
-		    unsigned char *sigret, unsigned int *siglen, void *key);
-	int (*verify)(int type, const unsigned char *m, unsigned int m_length,
-		      const unsigned char *sigbuf, unsigned int siglen,
-		      void *key);
-	int required_pkey_type[5]; /*EVP_PKEY_xxx */
-	int block_size;
-	int ctx_size; /* how big does the ctx->md_data need to be */
-	/* control function */
-	int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
-	} /* EVP_MD */;
-
-typedef int evp_sign_method(int type,const unsigned char *m,
-			    unsigned int m_length,unsigned char *sigret,
-			    unsigned int *siglen, void *key);
-typedef int evp_verify_method(int type,const unsigned char *m,
-			    unsigned int m_length,const unsigned char *sigbuf,
-			    unsigned int siglen, void *key);
-
-#define EVP_MD_FLAG_ONESHOT	0x0001 /* digest can only handle a single
-					* block */
-
-#define EVP_MD_FLAG_PKEY_DIGEST	0x0002 /* digest is a "clone" digest used
-					* which is a copy of an existing
-					* one for a specific public key type.
-					* EVP_dss1() etc */
-
-/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */
-
-#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE	0x0004
-
-/* DigestAlgorithmIdentifier flags... */
-
-#define EVP_MD_FLAG_DIGALGID_MASK		0x0018
-
-/* NULL or absent parameter accepted. Use NULL */
-
-#define EVP_MD_FLAG_DIGALGID_NULL		0x0000
-
-/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */
-
-#define EVP_MD_FLAG_DIGALGID_ABSENT		0x0008
-
-/* Custom handling via ctrl */
-
-#define EVP_MD_FLAG_DIGALGID_CUSTOM		0x0018
-
-#define EVP_MD_FLAG_FIPS	0x0400 /* Note if suitable for use in FIPS mode */
-
-/* Digest ctrls */
-
-#define	EVP_MD_CTRL_DIGALGID			0x1
-#define	EVP_MD_CTRL_MICALG			0x2
-
-/* Minimum Algorithm specific ctrl value */
-
-#define	EVP_MD_CTRL_ALG_CTRL			0x1000
-
-#define EVP_PKEY_NULL_method	NULL,NULL,{0,0,0,0}
-
-#ifndef OPENSSL_NO_DSA
-#define EVP_PKEY_DSA_method	(evp_sign_method *)DSA_sign, \
-				(evp_verify_method *)DSA_verify, \
-				{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
-					EVP_PKEY_DSA4,0}
-#else
-#define EVP_PKEY_DSA_method	EVP_PKEY_NULL_method
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-#define EVP_PKEY_ECDSA_method   (evp_sign_method *)ECDSA_sign, \
-				(evp_verify_method *)ECDSA_verify, \
-                                 {EVP_PKEY_EC,0,0,0}
-#else   
-#define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method
-#endif
-
-#ifndef OPENSSL_NO_RSA
-#define EVP_PKEY_RSA_method	(evp_sign_method *)RSA_sign, \
-				(evp_verify_method *)RSA_verify, \
-				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
-				(evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \
-				(evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \
-				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-#else
-#define EVP_PKEY_RSA_method	EVP_PKEY_NULL_method
-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
-#endif
-
-#endif /* !EVP_MD */
-
-struct env_md_ctx_st
-	{
-	const EVP_MD *digest;
-	ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
-	unsigned long flags;
-	void *md_data;
-	/* Public key context for sign/verify */
-	EVP_PKEY_CTX *pctx;
-	/* Update function: usually copied from EVP_MD */
-	int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
-	} /* EVP_MD_CTX */;
-
-/* values for EVP_MD_CTX flags */
-
-#define EVP_MD_CTX_FLAG_ONESHOT		0x0001 /* digest update will be called
-						* once only */
-#define EVP_MD_CTX_FLAG_CLEANED		0x0002 /* context has already been
-						* cleaned */
-#define EVP_MD_CTX_FLAG_REUSE		0x0004 /* Don't free up ctx->md_data
-						* in EVP_MD_CTX_cleanup */
-/* FIPS and pad options are ignored in 1.0.0, definitions are here
- * so we don't accidentally reuse the values for other purposes.
- */
-
-#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW	0x0008	/* Allow use of non FIPS digest
-						 * in FIPS mode */
-
-/* The following PAD options are also currently ignored in 1.0.0, digest
- * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*()
- * instead.
- */
-#define EVP_MD_CTX_FLAG_PAD_MASK	0xF0	/* RSA mode to use */
-#define EVP_MD_CTX_FLAG_PAD_PKCS1	0x00	/* PKCS#1 v1.5 mode */
-#define EVP_MD_CTX_FLAG_PAD_X931	0x10	/* X9.31 mode */
-#define EVP_MD_CTX_FLAG_PAD_PSS		0x20	/* PSS mode */
-
-#define EVP_MD_CTX_FLAG_NO_INIT		0x0100 /* Don't initialize md_data */
-
-struct evp_cipher_st
-	{
-	int nid;
-	int block_size;
-	int key_len;		/* Default value for variable length ciphers */
-	int iv_len;
-	unsigned long flags;	/* Various flags */
-	int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		    const unsigned char *iv, int enc);	/* init key */
-	int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			 const unsigned char *in, size_t inl);/* encrypt/decrypt data */
-	int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
-	int ctx_size;		/* how big ctx->cipher_data needs to be */
-	int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
-	int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
-	int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
-	void *app_data;		/* Application data */
-	} /* EVP_CIPHER */;
-
-/* Values for cipher flags */
-
-/* Modes for ciphers */
-
-#define		EVP_CIPH_STREAM_CIPHER		0x0
-#define		EVP_CIPH_ECB_MODE		0x1
-#define		EVP_CIPH_CBC_MODE		0x2
-#define		EVP_CIPH_CFB_MODE		0x3
-#define		EVP_CIPH_OFB_MODE		0x4
-#define		EVP_CIPH_CTR_MODE		0x5
-#define		EVP_CIPH_GCM_MODE		0x6
-#define		EVP_CIPH_CCM_MODE		0x7
-#define		EVP_CIPH_XTS_MODE		0x10001
-#define 	EVP_CIPH_MODE			0xF0007
-/* Set if variable length cipher */
-#define 	EVP_CIPH_VARIABLE_LENGTH	0x8
-/* Set if the iv handling should be done by the cipher itself */
-#define 	EVP_CIPH_CUSTOM_IV		0x10
-/* Set if the cipher's init() function should be called if key is NULL */
-#define 	EVP_CIPH_ALWAYS_CALL_INIT	0x20
-/* Call ctrl() to init cipher parameters */
-#define 	EVP_CIPH_CTRL_INIT		0x40
-/* Don't use standard key length function */
-#define 	EVP_CIPH_CUSTOM_KEY_LENGTH	0x80
-/* Don't use standard block padding */
-#define 	EVP_CIPH_NO_PADDING		0x100
-/* cipher handles random key generation */
-#define 	EVP_CIPH_RAND_KEY		0x200
-/* cipher has its own additional copying logic */
-#define 	EVP_CIPH_CUSTOM_COPY		0x400
-/* Allow use default ASN1 get/set iv */
-#define		EVP_CIPH_FLAG_DEFAULT_ASN1	0x1000
-/* Buffer length in bits not bytes: CFB1 mode only */
-#define		EVP_CIPH_FLAG_LENGTH_BITS	0x2000
-/* Note if suitable for use in FIPS mode */
-#define		EVP_CIPH_FLAG_FIPS		0x4000
-/* Allow non FIPS cipher in FIPS mode */
-#define		EVP_CIPH_FLAG_NON_FIPS_ALLOW	0x8000
-/* Cipher handles any and all padding logic as well
- * as finalisation.
- */
-#define 	EVP_CIPH_FLAG_CUSTOM_CIPHER	0x100000
-#define		EVP_CIPH_FLAG_AEAD_CIPHER	0x200000
-
-/* ctrl() values */
-
-#define		EVP_CTRL_INIT			0x0
-#define 	EVP_CTRL_SET_KEY_LENGTH		0x1
-#define 	EVP_CTRL_GET_RC2_KEY_BITS	0x2
-#define 	EVP_CTRL_SET_RC2_KEY_BITS	0x3
-#define 	EVP_CTRL_GET_RC5_ROUNDS		0x4
-#define 	EVP_CTRL_SET_RC5_ROUNDS		0x5
-#define 	EVP_CTRL_RAND_KEY		0x6
-#define 	EVP_CTRL_PBE_PRF_NID		0x7
-#define 	EVP_CTRL_COPY			0x8
-#define 	EVP_CTRL_GCM_SET_IVLEN		0x9
-#define 	EVP_CTRL_GCM_GET_TAG		0x10
-#define 	EVP_CTRL_GCM_SET_TAG		0x11
-#define		EVP_CTRL_GCM_SET_IV_FIXED	0x12
-#define		EVP_CTRL_GCM_IV_GEN		0x13
-#define		EVP_CTRL_CCM_SET_IVLEN		EVP_CTRL_GCM_SET_IVLEN
-#define		EVP_CTRL_CCM_GET_TAG		EVP_CTRL_GCM_GET_TAG
-#define		EVP_CTRL_CCM_SET_TAG		EVP_CTRL_GCM_SET_TAG
-#define		EVP_CTRL_CCM_SET_L		0x14
-#define		EVP_CTRL_CCM_SET_MSGLEN		0x15
-/* AEAD cipher deduces payload length and returns number of bytes
- * required to store MAC and eventual padding. Subsequent call to
- * EVP_Cipher even appends/verifies MAC.
- */
-#define		EVP_CTRL_AEAD_TLS1_AAD		0x16
-/* Used by composite AEAD ciphers, no-op in GCM, CCM... */
-#define		EVP_CTRL_AEAD_SET_MAC_KEY	0x17
-/* Set the GCM invocation field, decrypt only */
-#define		EVP_CTRL_GCM_SET_IV_INV		0x18
-
-/* GCM TLS constants */
-/* Length of fixed part of IV derived from PRF */
-#define EVP_GCM_TLS_FIXED_IV_LEN			4
-/* Length of explicit part of IV part of TLS records */
-#define EVP_GCM_TLS_EXPLICIT_IV_LEN			8
-/* Length of tag for TLS */
-#define EVP_GCM_TLS_TAG_LEN				16
-
-typedef struct evp_cipher_info_st
-	{
-	const EVP_CIPHER *cipher;
-	unsigned char iv[EVP_MAX_IV_LENGTH];
-	} EVP_CIPHER_INFO;
-
-struct evp_cipher_ctx_st
-	{
-	const EVP_CIPHER *cipher;
-	ENGINE *engine;	/* functional reference if 'cipher' is ENGINE-provided */
-	int encrypt;		/* encrypt or decrypt */
-	int buf_len;		/* number we have left */
-
-	unsigned char  oiv[EVP_MAX_IV_LENGTH];	/* original iv */
-	unsigned char  iv[EVP_MAX_IV_LENGTH];	/* working iv */
-	unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
-	int num;				/* used by cfb/ofb/ctr mode */
-
-	void *app_data;		/* application stuff */
-	int key_len;		/* May change for variable length cipher */
-	unsigned long flags;	/* Various flags */
-	void *cipher_data; /* per EVP data */
-	int final_used;
-	int block_mask;
-	unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
-	} /* EVP_CIPHER_CTX */;
-
-typedef struct evp_Encode_Ctx_st
-	{
-	int num;	/* number saved in a partial encode/decode */
-	int length;	/* The length is either the output line length
-			 * (in input bytes) or the shortest input line
-			 * length that is ok.  Once decoding begins,
-			 * the length is adjusted up each time a longer
-			 * line is decoded */
-	unsigned char enc_data[80];	/* data to encode */
-	int line_num;	/* number read on current line */
-	int expect_nl;
-	} EVP_ENCODE_CTX;
-
-/* Password based encryption function */
-typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-		ASN1_TYPE *param, const EVP_CIPHER *cipher,
-                const EVP_MD *md, int en_de);
-
-#ifndef OPENSSL_NO_RSA
-#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
-					(char *)(rsa))
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
-					(char *)(dsa))
-#endif
-
-#ifndef OPENSSL_NO_DH
-#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
-					(char *)(dh))
-#endif
-
-#ifndef OPENSSL_NO_EC
-#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
-                                        (char *)(eckey))
-#endif
-
-/* Add some extra combinations */
-#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
-#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
-#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
-#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
-
-int EVP_MD_type(const EVP_MD *md);
-#define EVP_MD_nid(e)			EVP_MD_type(e)
-#define EVP_MD_name(e)			OBJ_nid2sn(EVP_MD_nid(e))
-int EVP_MD_pkey_type(const EVP_MD *md);	
-int EVP_MD_size(const EVP_MD *md);
-int EVP_MD_block_size(const EVP_MD *md);
-unsigned long EVP_MD_flags(const EVP_MD *md);
-
-const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
-#define EVP_MD_CTX_size(e)		EVP_MD_size(EVP_MD_CTX_md(e))
-#define EVP_MD_CTX_block_size(e)	EVP_MD_block_size(EVP_MD_CTX_md(e))
-#define EVP_MD_CTX_type(e)		EVP_MD_type(EVP_MD_CTX_md(e))
-
-int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
-#define EVP_CIPHER_name(e)		OBJ_nid2sn(EVP_CIPHER_nid(e))
-int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
-#define EVP_CIPHER_mode(e)		(EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
-
-const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
-void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
-void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
-#define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
-#define EVP_CIPHER_CTX_mode(e)		(EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
-
-#define EVP_ENCODE_LENGTH(l)	(((l+2)/3*4)+(l/48+1)*2+80)
-#define EVP_DECODE_LENGTH(l)	((l+3)/4*3+80)
-
-#define EVP_SignInit_ex(a,b,c)		EVP_DigestInit_ex(a,b,c)
-#define EVP_SignInit(a,b)		EVP_DigestInit(a,b)
-#define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
-#define	EVP_VerifyInit_ex(a,b,c)	EVP_DigestInit_ex(a,b,c)
-#define	EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)
-#define	EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
-#define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)
-#define EVP_SealUpdate(a,b,c,d,e)	EVP_EncryptUpdate(a,b,c,d,e)	
-#define EVP_DigestSignUpdate(a,b,c)	EVP_DigestUpdate(a,b,c)
-#define EVP_DigestVerifyUpdate(a,b,c)	EVP_DigestUpdate(a,b,c)
-
-#ifdef CONST_STRICT
-void BIO_set_md(BIO *,const EVP_MD *md);
-#else
-# define BIO_set_md(b,md)		BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
-#endif
-#define BIO_get_md(b,mdp)		BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
-#define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
-#define BIO_set_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
-#define BIO_get_cipher_status(b)	BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
-#define BIO_get_cipher_ctx(b,c_pp)	BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
-
-int EVP_Cipher(EVP_CIPHER_CTX *c,
-		unsigned char *out,
-		const unsigned char *in,
-		unsigned int inl);
-
-#define EVP_add_cipher_alias(n,alias) \
-	OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
-#define EVP_add_digest_alias(n,alias) \
-	OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))
-#define EVP_delete_cipher_alias(alias) \
-	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);
-#define EVP_delete_digest_alias(alias) \
-	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
-
-void	EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-int	EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
-EVP_MD_CTX *EVP_MD_CTX_create(void);
-void	EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-void	EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
-void	EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
-int 	EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
-int	EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
-int	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
-			 size_t cnt);
-int	EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-int	EVP_Digest(const void *data, size_t count,
-		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
-
-int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-int	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-
-int	EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
-int	EVP_read_pw_string_min(char *buf,int minlen,int maxlen,const char *prompt,int verify);
-void	EVP_set_pw_prompt(const char *prompt);
-char *	EVP_get_pw_prompt(void);
-
-int	EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
-		const unsigned char *salt, const unsigned char *data,
-		int datal, int count, unsigned char *key,unsigned char *iv);
-
-void	EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
-void	EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
-int 	EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags);
-
-int	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
-		const unsigned char *key, const unsigned char *iv);
-int	EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-		const unsigned char *key, const unsigned char *iv);
-int	EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		int *outl, const unsigned char *in, int inl);
-int	EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-int	EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-int	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
-		const unsigned char *key, const unsigned char *iv);
-int	EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-		const unsigned char *key, const unsigned char *iv);
-int	EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		int *outl, const unsigned char *in, int inl);
-int	EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int	EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int	EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
-		       const unsigned char *key,const unsigned char *iv,
-		       int enc);
-int	EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-		       const unsigned char *key,const unsigned char *iv,
-		       int enc);
-int	EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		int *outl, const unsigned char *in, int inl);
-int	EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int	EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
-		EVP_PKEY *pkey);
-
-int	EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
-		unsigned int siglen,EVP_PKEY *pkey);
-
-int	EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-			const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-int	EVP_DigestSignFinal(EVP_MD_CTX *ctx,
-			unsigned char *sigret, size_t *siglen);
-
-int	EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
-			const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
-int	EVP_DigestVerifyFinal(EVP_MD_CTX *ctx,
-			unsigned char *sig, size_t siglen);
-
-int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
-		const unsigned char *ek, int ekl, const unsigned char *iv,
-		EVP_PKEY *priv);
-int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-int	EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-		 unsigned char **ek, int *ekl, unsigned char *iv,
-		EVP_PKEY **pubk, int npubk);
-int	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
-
-void	EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-void	EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
-		const unsigned char *in,int inl);
-void	EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
-int	EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
-
-void	EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
-int	EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
-		const unsigned char *in, int inl);
-int	EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
-		char *out, int *outl);
-int	EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
-
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
-int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
-int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
-
-#ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_md(void);
-BIO_METHOD *BIO_f_base64(void);
-BIO_METHOD *BIO_f_cipher(void);
-BIO_METHOD *BIO_f_reliable(void);
-void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k,
-		const unsigned char *i, int enc);
-#endif
-
-const EVP_MD *EVP_md_null(void);
-#ifndef OPENSSL_NO_MD2
-const EVP_MD *EVP_md2(void);
-#endif
-#ifndef OPENSSL_NO_MD4
-const EVP_MD *EVP_md4(void);
-#endif
-#ifndef OPENSSL_NO_MD5
-const EVP_MD *EVP_md5(void);
-#endif
-#ifndef OPENSSL_NO_SHA
-const EVP_MD *EVP_sha(void);
-const EVP_MD *EVP_sha1(void);
-const EVP_MD *EVP_dss(void);
-const EVP_MD *EVP_dss1(void);
-const EVP_MD *EVP_ecdsa(void);
-#endif
-#ifndef OPENSSL_NO_SHA256
-const EVP_MD *EVP_sha224(void);
-const EVP_MD *EVP_sha256(void);
-#endif
-#ifndef OPENSSL_NO_SHA512
-const EVP_MD *EVP_sha384(void);
-const EVP_MD *EVP_sha512(void);
-#endif
-#ifndef OPENSSL_NO_MDC2
-const EVP_MD *EVP_mdc2(void);
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-const EVP_MD *EVP_ripemd160(void);
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-const EVP_MD *EVP_whirlpool(void);
-#endif
-const EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */
-#ifndef OPENSSL_NO_DES
-const EVP_CIPHER *EVP_des_ecb(void);
-const EVP_CIPHER *EVP_des_ede(void);
-const EVP_CIPHER *EVP_des_ede3(void);
-const EVP_CIPHER *EVP_des_ede_ecb(void);
-const EVP_CIPHER *EVP_des_ede3_ecb(void);
-const EVP_CIPHER *EVP_des_cfb64(void);
-# define EVP_des_cfb EVP_des_cfb64
-const EVP_CIPHER *EVP_des_cfb1(void);
-const EVP_CIPHER *EVP_des_cfb8(void);
-const EVP_CIPHER *EVP_des_ede_cfb64(void);
-# define EVP_des_ede_cfb EVP_des_ede_cfb64
-#if 0
-const EVP_CIPHER *EVP_des_ede_cfb1(void);
-const EVP_CIPHER *EVP_des_ede_cfb8(void);
-#endif
-const EVP_CIPHER *EVP_des_ede3_cfb64(void);
-# define EVP_des_ede3_cfb EVP_des_ede3_cfb64
-const EVP_CIPHER *EVP_des_ede3_cfb1(void);
-const EVP_CIPHER *EVP_des_ede3_cfb8(void);
-const EVP_CIPHER *EVP_des_ofb(void);
-const EVP_CIPHER *EVP_des_ede_ofb(void);
-const EVP_CIPHER *EVP_des_ede3_ofb(void);
-const EVP_CIPHER *EVP_des_cbc(void);
-const EVP_CIPHER *EVP_des_ede_cbc(void);
-const EVP_CIPHER *EVP_des_ede3_cbc(void);
-const EVP_CIPHER *EVP_desx_cbc(void);
-/* This should now be supported through the dev_crypto ENGINE. But also, why are
- * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */
-#if 0
-# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
-const EVP_CIPHER *EVP_dev_crypto_rc4(void);
-const EVP_MD *EVP_dev_crypto_md5(void);
-# endif
-#endif
-#endif
-#ifndef OPENSSL_NO_RC4
-const EVP_CIPHER *EVP_rc4(void);
-const EVP_CIPHER *EVP_rc4_40(void);
-#ifndef OPENSSL_NO_MD5
-const EVP_CIPHER *EVP_rc4_hmac_md5(void);
-#endif
-#endif
-#ifndef OPENSSL_NO_IDEA
-const EVP_CIPHER *EVP_idea_ecb(void);
-const EVP_CIPHER *EVP_idea_cfb64(void);
-# define EVP_idea_cfb EVP_idea_cfb64
-const EVP_CIPHER *EVP_idea_ofb(void);
-const EVP_CIPHER *EVP_idea_cbc(void);
-#endif
-#ifndef OPENSSL_NO_RC2
-const EVP_CIPHER *EVP_rc2_ecb(void);
-const EVP_CIPHER *EVP_rc2_cbc(void);
-const EVP_CIPHER *EVP_rc2_40_cbc(void);
-const EVP_CIPHER *EVP_rc2_64_cbc(void);
-const EVP_CIPHER *EVP_rc2_cfb64(void);
-# define EVP_rc2_cfb EVP_rc2_cfb64
-const EVP_CIPHER *EVP_rc2_ofb(void);
-#endif
-#ifndef OPENSSL_NO_BF
-const EVP_CIPHER *EVP_bf_ecb(void);
-const EVP_CIPHER *EVP_bf_cbc(void);
-const EVP_CIPHER *EVP_bf_cfb64(void);
-# define EVP_bf_cfb EVP_bf_cfb64
-const EVP_CIPHER *EVP_bf_ofb(void);
-#endif
-#ifndef OPENSSL_NO_CAST
-const EVP_CIPHER *EVP_cast5_ecb(void);
-const EVP_CIPHER *EVP_cast5_cbc(void);
-const EVP_CIPHER *EVP_cast5_cfb64(void);
-# define EVP_cast5_cfb EVP_cast5_cfb64
-const EVP_CIPHER *EVP_cast5_ofb(void);
-#endif
-#ifndef OPENSSL_NO_RC5
-const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
-# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
-const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
-#endif
-#ifndef OPENSSL_NO_AES
-const EVP_CIPHER *EVP_aes_128_ecb(void);
-const EVP_CIPHER *EVP_aes_128_cbc(void);
-const EVP_CIPHER *EVP_aes_128_cfb1(void);
-const EVP_CIPHER *EVP_aes_128_cfb8(void);
-const EVP_CIPHER *EVP_aes_128_cfb128(void);
-# define EVP_aes_128_cfb EVP_aes_128_cfb128
-const EVP_CIPHER *EVP_aes_128_ofb(void);
-const EVP_CIPHER *EVP_aes_128_ctr(void);
-const EVP_CIPHER *EVP_aes_128_ccm(void);
-const EVP_CIPHER *EVP_aes_128_gcm(void);
-const EVP_CIPHER *EVP_aes_128_xts(void);
-const EVP_CIPHER *EVP_aes_192_ecb(void);
-const EVP_CIPHER *EVP_aes_192_cbc(void);
-const EVP_CIPHER *EVP_aes_192_cfb1(void);
-const EVP_CIPHER *EVP_aes_192_cfb8(void);
-const EVP_CIPHER *EVP_aes_192_cfb128(void);
-# define EVP_aes_192_cfb EVP_aes_192_cfb128
-const EVP_CIPHER *EVP_aes_192_ofb(void);
-const EVP_CIPHER *EVP_aes_192_ctr(void);
-const EVP_CIPHER *EVP_aes_192_ccm(void);
-const EVP_CIPHER *EVP_aes_192_gcm(void);
-const EVP_CIPHER *EVP_aes_256_ecb(void);
-const EVP_CIPHER *EVP_aes_256_cbc(void);
-const EVP_CIPHER *EVP_aes_256_cfb1(void);
-const EVP_CIPHER *EVP_aes_256_cfb8(void);
-const EVP_CIPHER *EVP_aes_256_cfb128(void);
-# define EVP_aes_256_cfb EVP_aes_256_cfb128
-const EVP_CIPHER *EVP_aes_256_ofb(void);
-const EVP_CIPHER *EVP_aes_256_ctr(void);
-const EVP_CIPHER *EVP_aes_256_ccm(void);
-const EVP_CIPHER *EVP_aes_256_gcm(void);
-const EVP_CIPHER *EVP_aes_256_xts(void);
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
-const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
-#endif
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-const EVP_CIPHER *EVP_camellia_128_ecb(void);
-const EVP_CIPHER *EVP_camellia_128_cbc(void);
-const EVP_CIPHER *EVP_camellia_128_cfb1(void);
-const EVP_CIPHER *EVP_camellia_128_cfb8(void);
-const EVP_CIPHER *EVP_camellia_128_cfb128(void);
-# define EVP_camellia_128_cfb EVP_camellia_128_cfb128
-const EVP_CIPHER *EVP_camellia_128_ofb(void);
-const EVP_CIPHER *EVP_camellia_192_ecb(void);
-const EVP_CIPHER *EVP_camellia_192_cbc(void);
-const EVP_CIPHER *EVP_camellia_192_cfb1(void);
-const EVP_CIPHER *EVP_camellia_192_cfb8(void);
-const EVP_CIPHER *EVP_camellia_192_cfb128(void);
-# define EVP_camellia_192_cfb EVP_camellia_192_cfb128
-const EVP_CIPHER *EVP_camellia_192_ofb(void);
-const EVP_CIPHER *EVP_camellia_256_ecb(void);
-const EVP_CIPHER *EVP_camellia_256_cbc(void);
-const EVP_CIPHER *EVP_camellia_256_cfb1(void);
-const EVP_CIPHER *EVP_camellia_256_cfb8(void);
-const EVP_CIPHER *EVP_camellia_256_cfb128(void);
-# define EVP_camellia_256_cfb EVP_camellia_256_cfb128
-const EVP_CIPHER *EVP_camellia_256_ofb(void);
-#endif
-
-#ifndef OPENSSL_NO_SEED
-const EVP_CIPHER *EVP_seed_ecb(void);
-const EVP_CIPHER *EVP_seed_cbc(void);
-const EVP_CIPHER *EVP_seed_cfb128(void);
-# define EVP_seed_cfb EVP_seed_cfb128
-const EVP_CIPHER *EVP_seed_ofb(void);
-#endif
-
-void OPENSSL_add_all_algorithms_noconf(void);
-void OPENSSL_add_all_algorithms_conf(void);
-
-#ifdef OPENSSL_LOAD_CONF
-#define OpenSSL_add_all_algorithms() \
-		OPENSSL_add_all_algorithms_conf()
-#else
-#define OpenSSL_add_all_algorithms() \
-		OPENSSL_add_all_algorithms_noconf()
-#endif
-
-void OpenSSL_add_all_ciphers(void);
-void OpenSSL_add_all_digests(void);
-#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
-#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
-#define SSLeay_add_all_digests() OpenSSL_add_all_digests()
-
-int EVP_add_cipher(const EVP_CIPHER *cipher);
-int EVP_add_digest(const EVP_MD *digest);
-
-const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
-const EVP_MD *EVP_get_digestbyname(const char *name);
-void EVP_cleanup(void);
-
-void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph,
-		const char *from, const char *to, void *x), void *arg);
-void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph,
-		const char *from, const char *to, void *x), void *arg);
-
-void EVP_MD_do_all(void (*fn)(const EVP_MD *ciph,
-		const char *from, const char *to, void *x), void *arg);
-void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *ciph,
-		const char *from, const char *to, void *x), void *arg);
-
-int		EVP_PKEY_decrypt_old(unsigned char *dec_key,
-			const unsigned char *enc_key,int enc_key_len,
-			EVP_PKEY *private_key);
-int		EVP_PKEY_encrypt_old(unsigned char *enc_key,
-			const unsigned char *key,int key_len,
-			EVP_PKEY *pub_key);
-int		EVP_PKEY_type(int type);
-int		EVP_PKEY_id(const EVP_PKEY *pkey);
-int		EVP_PKEY_base_id(const EVP_PKEY *pkey);
-int		EVP_PKEY_bits(EVP_PKEY *pkey);
-int		EVP_PKEY_size(EVP_PKEY *pkey);
-int 		EVP_PKEY_set_type(EVP_PKEY *pkey,int type);
-int		EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
-int 		EVP_PKEY_assign(EVP_PKEY *pkey,int type,void *key);
-void *		EVP_PKEY_get0(EVP_PKEY *pkey);
-
-#ifndef OPENSSL_NO_RSA
-struct rsa_st;
-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key);
-struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_DSA
-struct dsa_st;
-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key);
-struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_DH
-struct dh_st;
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);
-struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_EC
-struct ec_key_st;
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key);
-struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-#endif
-
-EVP_PKEY *	EVP_PKEY_new(void);
-EVP_PKEY *	EVP_PKEY_dup(EVP_PKEY *pkey);
-void		EVP_PKEY_free(EVP_PKEY *pkey);
-EVP_PKEY *	EVP_PKEY_up_ref(EVP_PKEY *pkey);
-
-EVP_PKEY *	d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,
-			long length);
-int		i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
-
-EVP_PKEY *	d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp,
-			long length);
-EVP_PKEY *	d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
-			long length);
-int		i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
-
-int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
-int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
-int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
-int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
-
-int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
-
-int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
-				int indent, ASN1_PCTX *pctx);
-int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
-				int indent, ASN1_PCTX *pctx);
-int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
-				int indent, ASN1_PCTX *pctx);
-
-int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
-
-int EVP_CIPHER_type(const EVP_CIPHER *ctx);
-
-/* calls methods */
-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-/* These are used by EVP_CIPHER methods */
-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
-
-/* PKCS5 password based encryption */
-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
-			 int en_de);
-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-			   const unsigned char *salt, int saltlen, int iter,
-			   int keylen, unsigned char *out);
-int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
-			   const unsigned char *salt, int saltlen, int iter,
-			   const EVP_MD *digest,
-		      int keylen, unsigned char *out);
-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
-			 int en_de);
-
-void PKCS5_PBE_add(void);
-
-int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
-	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
-
-/* PBE type */
-
-/* Can appear as the outermost AlgorithmIdentifier */
-#define EVP_PBE_TYPE_OUTER	0x0
-/* Is an PRF type OID */
-#define EVP_PBE_TYPE_PRF	0x1
-
-int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid,
-	     EVP_PBE_KEYGEN *keygen);
-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
-		    EVP_PBE_KEYGEN *keygen);
-int EVP_PBE_find(int type, int pbe_nid,
-			int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen);
-void EVP_PBE_cleanup(void);
-
-#define ASN1_PKEY_ALIAS		0x1
-#define ASN1_PKEY_DYNAMIC	0x2
-#define ASN1_PKEY_SIGPARAM_NULL	0x4
-
-#define ASN1_PKEY_CTRL_PKCS7_SIGN	0x1
-#define ASN1_PKEY_CTRL_PKCS7_ENCRYPT	0x2
-#define ASN1_PKEY_CTRL_DEFAULT_MD_NID	0x3
-#define ASN1_PKEY_CTRL_CMS_SIGN		0x5
-#define ASN1_PKEY_CTRL_CMS_ENVELOPE	0x7
-
-int EVP_PKEY_asn1_get_count(void);
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
-					const char *str, int len);
-int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
-int EVP_PKEY_asn1_add_alias(int to, int from);
-int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags,
-				const char **pinfo, const char **ppem_str,
-					const EVP_PKEY_ASN1_METHOD *ameth);
-
-const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(EVP_PKEY *pkey);
-EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
-					const char *pem_str, const char *info);
-void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, 
-			const EVP_PKEY_ASN1_METHOD *src);
-void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
-void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
-		int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub),
-		int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk),
-		int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
-		int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *pctx),
-		int (*pkey_size)(const EVP_PKEY *pk),
-		int (*pkey_bits)(const EVP_PKEY *pk));
-void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
-		int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf),
-		int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk),
-		int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *pctx));
-void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
-		int (*param_decode)(EVP_PKEY *pkey,
-				const unsigned char **pder, int derlen),
-		int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder),
-		int (*param_missing)(const EVP_PKEY *pk),
-		int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from),
-		int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b),
-		int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
-							ASN1_PCTX *pctx));
-
-void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
-		void (*pkey_free)(EVP_PKEY *pkey));
-void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
-		int (*pkey_ctrl)(EVP_PKEY *pkey, int op,
-							long arg1, void *arg2));
-
-
-#define EVP_PKEY_OP_UNDEFINED		0
-#define EVP_PKEY_OP_PARAMGEN		(1<<1)
-#define EVP_PKEY_OP_KEYGEN		(1<<2)
-#define EVP_PKEY_OP_SIGN		(1<<3)
-#define EVP_PKEY_OP_VERIFY		(1<<4)
-#define EVP_PKEY_OP_VERIFYRECOVER	(1<<5)
-#define EVP_PKEY_OP_SIGNCTX		(1<<6)
-#define EVP_PKEY_OP_VERIFYCTX		(1<<7)
-#define EVP_PKEY_OP_ENCRYPT		(1<<8)
-#define EVP_PKEY_OP_DECRYPT		(1<<9)
-#define EVP_PKEY_OP_DERIVE		(1<<10)
-
-#define EVP_PKEY_OP_TYPE_SIG	\
-	(EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
-		| EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
-
-#define EVP_PKEY_OP_TYPE_CRYPT \
-	(EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
-
-#define EVP_PKEY_OP_TYPE_NOGEN \
-	(EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE)
-
-#define EVP_PKEY_OP_TYPE_GEN \
-		(EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
-
-#define	 EVP_PKEY_CTX_set_signature_md(ctx, md)	\
-		EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
-					EVP_PKEY_CTRL_MD, 0, (void *)md)
-
-#define EVP_PKEY_CTRL_MD		1
-#define EVP_PKEY_CTRL_PEER_KEY		2
-
-#define EVP_PKEY_CTRL_PKCS7_ENCRYPT	3
-#define EVP_PKEY_CTRL_PKCS7_DECRYPT	4
-
-#define EVP_PKEY_CTRL_PKCS7_SIGN	5
-
-#define EVP_PKEY_CTRL_SET_MAC_KEY	6
-
-#define EVP_PKEY_CTRL_DIGESTINIT	7
-
-/* Used by GOST key encryption in TLS */
-#define EVP_PKEY_CTRL_SET_IV 		8
-
-#define EVP_PKEY_CTRL_CMS_ENCRYPT	9
-#define EVP_PKEY_CTRL_CMS_DECRYPT	10
-#define EVP_PKEY_CTRL_CMS_SIGN		11
-
-#define EVP_PKEY_CTRL_CIPHER		12
-
-#define EVP_PKEY_ALG_CTRL		0x1000
-
-
-#define EVP_PKEY_FLAG_AUTOARGLEN	2
-/* Method handles all operations: don't assume any digest related
- * defaults.
- */
-#define EVP_PKEY_FLAG_SIGCTX_CUSTOM	4
-
-const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
-EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
-void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
-				const EVP_PKEY_METHOD *meth);
-void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
-void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
-int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
-
-EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
-EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
-EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
-void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
-				int cmd, int p1, void *p2);
-int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
-						const char *value);
-
-int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
-void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
-
-EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
-				const unsigned char *key, int keylen);
-
-void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
-void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
-EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
-
-EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
-
-void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
-void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
-			unsigned char *sig, size_t *siglen,
-			const unsigned char *tbs, size_t tbslen);
-int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
-			const unsigned char *sig, size_t siglen,
-			const unsigned char *tbs, size_t tbslen);
-int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
-			unsigned char *rout, size_t *routlen,
-			const unsigned char *sig, size_t siglen);
-int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
-			unsigned char *out, size_t *outlen,
-			const unsigned char *in, size_t inlen);
-int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
-			unsigned char *out, size_t *outlen,
-			const unsigned char *in, size_t inlen);
-
-int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
-int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
-
-typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
-int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
-int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
-
-void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
-EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
-
-int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
-
-void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
-	int (*init)(EVP_PKEY_CTX *ctx));
-
-void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
-	int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src));
-
-void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
-	void (*cleanup)(EVP_PKEY_CTX *ctx));
-
-void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
-	int (*paramgen_init)(EVP_PKEY_CTX *ctx),
-	int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey));
-
-void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
-	int (*keygen_init)(EVP_PKEY_CTX *ctx),
-	int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey));
-
-void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
-	int (*sign_init)(EVP_PKEY_CTX *ctx),
-	int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-					const unsigned char *tbs, size_t tbslen));
-
-void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
-	int (*verify_init)(EVP_PKEY_CTX *ctx),
-	int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
-					const unsigned char *tbs, size_t tbslen));
-
-void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
-	int (*verify_recover_init)(EVP_PKEY_CTX *ctx),
-	int (*verify_recover)(EVP_PKEY_CTX *ctx,
-					unsigned char *sig, size_t *siglen,
-					const unsigned char *tbs, size_t tbslen));
-
-void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
-	int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
-	int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-					EVP_MD_CTX *mctx));
-
-void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
-	int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx),
-	int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,int siglen,
-					EVP_MD_CTX *mctx));
-
-void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
-	int (*encrypt_init)(EVP_PKEY_CTX *ctx),
-	int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-					const unsigned char *in, size_t inlen));
-
-void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
-	int (*decrypt_init)(EVP_PKEY_CTX *ctx),
-	int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
-					const unsigned char *in, size_t inlen));
-
-void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
-	int (*derive_init)(EVP_PKEY_CTX *ctx),
-	int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen));
-
-void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
-	int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
-	int (*ctrl_str)(EVP_PKEY_CTX *ctx,
-					const char *type, const char *value));
-
-void EVP_add_alg_module(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_EVP_strings(void);
-
-/* Error codes for the EVP functions. */
-
-/* Function codes. */
-#define EVP_F_AESNI_INIT_KEY				 165
-#define EVP_F_AESNI_XTS_CIPHER				 176
-#define EVP_F_AES_INIT_KEY				 133
-#define EVP_F_AES_XTS					 172
-#define EVP_F_AES_XTS_CIPHER				 175
-#define EVP_F_ALG_MODULE_INIT				 177
-#define EVP_F_CAMELLIA_INIT_KEY				 159
-#define EVP_F_CMAC_INIT					 173
-#define EVP_F_D2I_PKEY					 100
-#define EVP_F_DO_SIGVER_INIT				 161
-#define EVP_F_DSAPKEY2PKCS8				 134
-#define EVP_F_DSA_PKEY2PKCS8				 135
-#define EVP_F_ECDSA_PKEY2PKCS8				 129
-#define EVP_F_ECKEY_PKEY2PKCS8				 132
-#define EVP_F_EVP_CIPHERINIT_EX				 123
-#define EVP_F_EVP_CIPHER_CTX_COPY			 163
-#define EVP_F_EVP_CIPHER_CTX_CTRL			 124
-#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH		 122
-#define EVP_F_EVP_DECRYPTFINAL_EX			 101
-#define EVP_F_EVP_DIGESTINIT_EX				 128
-#define EVP_F_EVP_ENCRYPTFINAL_EX			 127
-#define EVP_F_EVP_MD_CTX_COPY_EX			 110
-#define EVP_F_EVP_MD_SIZE				 162
-#define EVP_F_EVP_OPENINIT				 102
-#define EVP_F_EVP_PBE_ALG_ADD				 115
-#define EVP_F_EVP_PBE_ALG_ADD_TYPE			 160
-#define EVP_F_EVP_PBE_CIPHERINIT			 116
-#define EVP_F_EVP_PKCS82PKEY				 111
-#define EVP_F_EVP_PKCS82PKEY_BROKEN			 136
-#define EVP_F_EVP_PKEY2PKCS8_BROKEN			 113
-#define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103
-#define EVP_F_EVP_PKEY_CTX_CTRL				 137
-#define EVP_F_EVP_PKEY_CTX_CTRL_STR			 150
-#define EVP_F_EVP_PKEY_CTX_DUP				 156
-#define EVP_F_EVP_PKEY_DECRYPT				 104
-#define EVP_F_EVP_PKEY_DECRYPT_INIT			 138
-#define EVP_F_EVP_PKEY_DECRYPT_OLD			 151
-#define EVP_F_EVP_PKEY_DERIVE				 153
-#define EVP_F_EVP_PKEY_DERIVE_INIT			 154
-#define EVP_F_EVP_PKEY_DERIVE_SET_PEER			 155
-#define EVP_F_EVP_PKEY_ENCRYPT				 105
-#define EVP_F_EVP_PKEY_ENCRYPT_INIT			 139
-#define EVP_F_EVP_PKEY_ENCRYPT_OLD			 152
-#define EVP_F_EVP_PKEY_GET1_DH				 119
-#define EVP_F_EVP_PKEY_GET1_DSA				 120
-#define EVP_F_EVP_PKEY_GET1_ECDSA			 130
-#define EVP_F_EVP_PKEY_GET1_EC_KEY			 131
-#define EVP_F_EVP_PKEY_GET1_RSA				 121
-#define EVP_F_EVP_PKEY_KEYGEN				 146
-#define EVP_F_EVP_PKEY_KEYGEN_INIT			 147
-#define EVP_F_EVP_PKEY_NEW				 106
-#define EVP_F_EVP_PKEY_PARAMGEN				 148
-#define EVP_F_EVP_PKEY_PARAMGEN_INIT			 149
-#define EVP_F_EVP_PKEY_SIGN				 140
-#define EVP_F_EVP_PKEY_SIGN_INIT			 141
-#define EVP_F_EVP_PKEY_VERIFY				 142
-#define EVP_F_EVP_PKEY_VERIFY_INIT			 143
-#define EVP_F_EVP_PKEY_VERIFY_RECOVER			 144
-#define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT		 145
-#define EVP_F_EVP_RIJNDAEL				 126
-#define EVP_F_EVP_SIGNFINAL				 107
-#define EVP_F_EVP_VERIFYFINAL				 108
-#define EVP_F_FIPS_CIPHERINIT				 166
-#define EVP_F_FIPS_CIPHER_CTX_COPY			 170
-#define EVP_F_FIPS_CIPHER_CTX_CTRL			 167
-#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH		 171
-#define EVP_F_FIPS_DIGESTINIT				 168
-#define EVP_F_FIPS_MD_CTX_COPY				 169
-#define EVP_F_HMAC_INIT_EX				 174
-#define EVP_F_INT_CTX_NEW				 157
-#define EVP_F_PKCS5_PBE_KEYIVGEN			 117
-#define EVP_F_PKCS5_V2_PBE_KEYIVGEN			 118
-#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN			 164
-#define EVP_F_PKCS8_SET_BROKEN				 112
-#define EVP_F_PKEY_SET_TYPE				 158
-#define EVP_F_RC2_MAGIC_TO_METH				 109
-#define EVP_F_RC5_CTRL					 125
-
-/* Reason codes. */
-#define EVP_R_AES_IV_SETUP_FAILED			 162
-#define EVP_R_AES_KEY_SETUP_FAILED			 143
-#define EVP_R_ASN1_LIB					 140
-#define EVP_R_BAD_BLOCK_LENGTH				 136
-#define EVP_R_BAD_DECRYPT				 100
-#define EVP_R_BAD_KEY_LENGTH				 137
-#define EVP_R_BN_DECODE_ERROR				 112
-#define EVP_R_BN_PUBKEY_ERROR				 113
-#define EVP_R_BUFFER_TOO_SMALL				 155
-#define EVP_R_CAMELLIA_KEY_SETUP_FAILED			 157
-#define EVP_R_CIPHER_PARAMETER_ERROR			 122
-#define EVP_R_COMMAND_NOT_SUPPORTED			 147
-#define EVP_R_CTRL_NOT_IMPLEMENTED			 132
-#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED		 133
-#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH		 138
-#define EVP_R_DECODE_ERROR				 114
-#define EVP_R_DIFFERENT_KEY_TYPES			 101
-#define EVP_R_DIFFERENT_PARAMETERS			 153
-#define EVP_R_DISABLED_FOR_FIPS				 163
-#define EVP_R_ENCODE_ERROR				 115
-#define EVP_R_ERROR_LOADING_SECTION			 165
-#define EVP_R_ERROR_SETTING_FIPS_MODE			 166
-#define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119
-#define EVP_R_EXPECTING_AN_RSA_KEY			 127
-#define EVP_R_EXPECTING_A_DH_KEY			 128
-#define EVP_R_EXPECTING_A_DSA_KEY			 129
-#define EVP_R_EXPECTING_A_ECDSA_KEY			 141
-#define EVP_R_EXPECTING_A_EC_KEY			 142
-#define EVP_R_FIPS_MODE_NOT_SUPPORTED			 167
-#define EVP_R_INITIALIZATION_ERROR			 134
-#define EVP_R_INPUT_NOT_INITIALIZED			 111
-#define EVP_R_INVALID_DIGEST				 152
-#define EVP_R_INVALID_FIPS_MODE				 168
-#define EVP_R_INVALID_KEY_LENGTH			 130
-#define EVP_R_INVALID_OPERATION				 148
-#define EVP_R_IV_TOO_LARGE				 102
-#define EVP_R_KEYGEN_FAILURE				 120
-#define EVP_R_MESSAGE_DIGEST_IS_NULL			 159
-#define EVP_R_METHOD_NOT_SUPPORTED			 144
-#define EVP_R_MISSING_PARAMETERS			 103
-#define EVP_R_NO_CIPHER_SET				 131
-#define EVP_R_NO_DEFAULT_DIGEST				 158
-#define EVP_R_NO_DIGEST_SET				 139
-#define EVP_R_NO_DSA_PARAMETERS				 116
-#define EVP_R_NO_KEY_SET				 154
-#define EVP_R_NO_OPERATION_SET				 149
-#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104
-#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105
-#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE	 150
-#define EVP_R_OPERATON_NOT_INITIALIZED			 151
-#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE			 117
-#define EVP_R_PRIVATE_KEY_DECODE_ERROR			 145
-#define EVP_R_PRIVATE_KEY_ENCODE_ERROR			 146
-#define EVP_R_PUBLIC_KEY_NOT_RSA			 106
-#define EVP_R_TOO_LARGE					 164
-#define EVP_R_UNKNOWN_CIPHER				 160
-#define EVP_R_UNKNOWN_DIGEST				 161
-#define EVP_R_UNKNOWN_OPTION				 169
-#define EVP_R_UNKNOWN_PBE_ALGORITHM			 121
-#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS		 135
-#define EVP_R_UNSUPPORTED_ALGORITHM			 156
-#define EVP_R_UNSUPPORTED_CIPHER			 107
-#define EVP_R_UNSUPPORTED_KEYLENGTH			 123
-#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION	 124
-#define EVP_R_UNSUPPORTED_KEY_SIZE			 108
-#define EVP_R_UNSUPPORTED_PRF				 125
-#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM		 118
-#define EVP_R_UNSUPPORTED_SALT_TYPE			 126
-#define EVP_R_WRONG_FINAL_BLOCK_LENGTH			 109
-#define EVP_R_WRONG_PUBLIC_KEY_TYPE			 110
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/hmac.h b/include/openssl/hmac.h
deleted file mode 100644
index 1be0022190..0000000000
--- a/include/openssl/hmac.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/* crypto/hmac/hmac.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifndef HEADER_HMAC_H
-#define HEADER_HMAC_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_HMAC
-#error HMAC is disabled.
-#endif
-
-#include <openssl/evp.h>
-
-#define HMAC_MAX_MD_CBLOCK	128	/* largest known is SHA512 */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct hmac_ctx_st
-	{
-	const EVP_MD *md;
-	EVP_MD_CTX md_ctx;
-	EVP_MD_CTX i_ctx;
-	EVP_MD_CTX o_ctx;
-	unsigned int key_length;
-	unsigned char key[HMAC_MAX_MD_CBLOCK];
-	} HMAC_CTX;
-
-#define HMAC_size(e)	(EVP_MD_size((e)->md))
-
-
-void HMAC_CTX_init(HMAC_CTX *ctx);
-void HMAC_CTX_cleanup(HMAC_CTX *ctx);
-
-#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
-
-int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
-	       const EVP_MD *md); /* deprecated */
-int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
-		  const EVP_MD *md, ENGINE *impl);
-int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
-int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-		    const unsigned char *d, size_t n, unsigned char *md,
-		    unsigned int *md_len);
-int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
-
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/krb5_asn.h b/include/openssl/krb5_asn.h
deleted file mode 100644
index 41725d0dc4..0000000000
--- a/include/openssl/krb5_asn.h
+++ /dev/null
@@ -1,256 +0,0 @@
-/* krb5_asn.h */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
-** using ocsp/{*.h,*asn*.c} as a starting point
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_KRB5_ASN_H
-#define HEADER_KRB5_ASN_H
-
-/*
-#include <krb5.h>
-*/
-#include <openssl/safestack.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-
-/*	ASN.1 from Kerberos RFC 1510
-*/
-
-/*	EncryptedData ::=   SEQUENCE {
-**		etype[0]                      INTEGER, -- EncryptionType
-**		kvno[1]                       INTEGER OPTIONAL,
-**		cipher[2]                     OCTET STRING -- ciphertext
-**	}
-*/
-typedef	struct	krb5_encdata_st
-	{
-	ASN1_INTEGER			*etype;
-	ASN1_INTEGER			*kvno;
-	ASN1_OCTET_STRING		*cipher;
-	}	KRB5_ENCDATA;
-
-DECLARE_STACK_OF(KRB5_ENCDATA)
-
-/*	PrincipalName ::=   SEQUENCE {
-**		name-type[0]                  INTEGER,
-**		name-string[1]                SEQUENCE OF GeneralString
-**	}
-*/
-typedef	struct	krb5_princname_st
-	{
-	ASN1_INTEGER			*nametype;
-	STACK_OF(ASN1_GENERALSTRING)	*namestring;
-	}	KRB5_PRINCNAME;
-
-DECLARE_STACK_OF(KRB5_PRINCNAME)
-
-
-/*	Ticket ::=	[APPLICATION 1] SEQUENCE {
-**		tkt-vno[0]                    INTEGER,
-**		realm[1]                      Realm,
-**		sname[2]                      PrincipalName,
-**		enc-part[3]                   EncryptedData
-**	}
-*/
-typedef	struct	krb5_tktbody_st
-	{
-	ASN1_INTEGER			*tktvno;
-	ASN1_GENERALSTRING		*realm;
-	KRB5_PRINCNAME			*sname;
-	KRB5_ENCDATA			*encdata;
-	}	KRB5_TKTBODY;
-
-typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
-DECLARE_STACK_OF(KRB5_TKTBODY)
-
-
-/*	AP-REQ ::=      [APPLICATION 14] SEQUENCE {
-**		pvno[0]                       INTEGER,
-**		msg-type[1]                   INTEGER,
-**		ap-options[2]                 APOptions,
-**		ticket[3]                     Ticket,
-**		authenticator[4]              EncryptedData
-**	}
-**
-**	APOptions ::=   BIT STRING {
-**		reserved(0), use-session-key(1), mutual-required(2) }
-*/
-typedef	struct	krb5_ap_req_st
-	{
-	ASN1_INTEGER			*pvno;
-	ASN1_INTEGER			*msgtype;
-	ASN1_BIT_STRING			*apoptions;
-	KRB5_TICKET			*ticket;
-	KRB5_ENCDATA			*authenticator;
-	}	KRB5_APREQBODY;
-
-typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
-DECLARE_STACK_OF(KRB5_APREQBODY)
-
-
-/*	Authenticator Stuff	*/
-
-
-/*	Checksum ::=   SEQUENCE {
-**		cksumtype[0]                  INTEGER,
-**		checksum[1]                   OCTET STRING
-**	}
-*/
-typedef	struct	krb5_checksum_st
-	{
-	ASN1_INTEGER			*ctype;
-	ASN1_OCTET_STRING		*checksum;
-	}	KRB5_CHECKSUM;
-
-DECLARE_STACK_OF(KRB5_CHECKSUM)
-
-
-/*	EncryptionKey ::=   SEQUENCE {
-**		keytype[0]                    INTEGER,
-**		keyvalue[1]                   OCTET STRING
-**	}
-*/
-typedef struct  krb5_encryptionkey_st
-	{
-	ASN1_INTEGER			*ktype;
-	ASN1_OCTET_STRING		*keyvalue;
-	}	KRB5_ENCKEY;
-
-DECLARE_STACK_OF(KRB5_ENCKEY)
-
-
-/*	AuthorizationData ::=   SEQUENCE OF SEQUENCE {
-**		ad-type[0]                    INTEGER,
-**              ad-data[1]                    OCTET STRING
-**	}
-*/
-typedef struct	krb5_authorization_st
-	{
-	ASN1_INTEGER			*adtype;
-	ASN1_OCTET_STRING		*addata;
-	}	KRB5_AUTHDATA;
-
-DECLARE_STACK_OF(KRB5_AUTHDATA)
-
-			
-/*	-- Unencrypted authenticator
-**	Authenticator ::=    [APPLICATION 2] SEQUENCE    {
-**		authenticator-vno[0]          INTEGER,
-**		crealm[1]                     Realm,
-**		cname[2]                      PrincipalName,
-**		cksum[3]                      Checksum OPTIONAL,
-**		cusec[4]                      INTEGER,
-**		ctime[5]                      KerberosTime,
-**		subkey[6]                     EncryptionKey OPTIONAL,
-**		seq-number[7]                 INTEGER OPTIONAL,
-**		authorization-data[8]         AuthorizationData OPTIONAL
-**	}
-*/
-typedef struct	krb5_authenticator_st
-	{
-	ASN1_INTEGER			*avno;
-	ASN1_GENERALSTRING		*crealm;
-	KRB5_PRINCNAME			*cname;
-	KRB5_CHECKSUM			*cksum;
-	ASN1_INTEGER			*cusec;
-	ASN1_GENERALIZEDTIME		*ctime;
-	KRB5_ENCKEY			*subkey;
-	ASN1_INTEGER			*seqnum;
-	KRB5_AUTHDATA			*authorization;
-	}	KRB5_AUTHENTBODY;
-
-typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
-DECLARE_STACK_OF(KRB5_AUTHENTBODY)
-
-
-/*  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
-**	type *name##_new(void);
-**	void name##_free(type *a);
-**	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
-**	 DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
-**	  type *d2i_##name(type **a, const unsigned char **in, long len);
-**	  int i2d_##name(type *a, unsigned char **out);
-**	  DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
-*/
-
-DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
-DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
-DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)
-DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)
-
-DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)
-DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/include/openssl/kssl.h b/include/openssl/kssl.h
deleted file mode 100644
index e4df843073..0000000000
--- a/include/openssl/kssl.h
+++ /dev/null
@@ -1,192 +0,0 @@
-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
-**	19990701	VRS 	Started.
-*/
-
-#ifndef	KSSL_H
-#define	KSSL_H
-
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_NO_KRB5
-
-#include <stdio.h>
-#include <ctype.h>
-#include <krb5.h>
-#ifdef OPENSSL_SYS_WIN32
-/* These can sometimes get redefined indirectly by krb5 header files
- * after they get undefed in ossl_typ.h
- */
-#undef X509_NAME
-#undef X509_EXTENSIONS
-#undef OCSP_REQUEST
-#undef OCSP_RESPONSE
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*
-**	Depending on which KRB5 implementation used, some types from
-**	the other may be missing.  Resolve that here and now
-*/
-#ifdef KRB5_HEIMDAL
-typedef unsigned char krb5_octet;
-#define FAR
-#else
-
-#ifndef FAR
-#define FAR
-#endif
-
-#endif
-
-/*	Uncomment this to debug kssl problems or
-**	to trace usage of the Kerberos session key
-**
-**	#define		KSSL_DEBUG
-*/
-
-#ifndef	KRB5SVC
-#define KRB5SVC	"host"
-#endif
-
-#ifndef	KRB5KEYTAB
-#define KRB5KEYTAB	"/etc/krb5.keytab"
-#endif
-
-#ifndef KRB5SENDAUTH
-#define KRB5SENDAUTH	1
-#endif
-
-#ifndef KRB5CHECKAUTH
-#define KRB5CHECKAUTH	1
-#endif
-
-#ifndef KSSL_CLOCKSKEW
-#define	KSSL_CLOCKSKEW	300;
-#endif
-
-#define	KSSL_ERR_MAX	255
-typedef struct kssl_err_st  {
-	int  reason;
-	char text[KSSL_ERR_MAX+1];
-	} KSSL_ERR;
-
-
-/*	Context for passing
-**		(1) Kerberos session key to SSL, and
-**		(2)	Config data between application and SSL lib
-*/
-typedef struct kssl_ctx_st
-        {
-                                /*	used by:    disposition:            */
-	char *service_name;	/*	C,S	    default ok (kssl)       */
-	char *service_host;	/*	C	    input, REQUIRED         */
-	char *client_princ;	/*	S	    output from krb5 ticket */
-	char *keytab_file;	/*      S	    NULL (/etc/krb5.keytab) */
-	char *cred_cache;	/*	C	    NULL (default)          */
-	krb5_enctype enctype;
-	int length;
-	krb5_octet FAR *key;
-	} KSSL_CTX;
-
-#define	KSSL_CLIENT 	1
-#define KSSL_SERVER 	2
-#define	KSSL_SERVICE	3
-#define	KSSL_KEYTAB 	4
-
-#define KSSL_CTX_OK 	0
-#define KSSL_CTX_ERR	1
-#define KSSL_NOMEM	2
-
-/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
-krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
-KSSL_CTX *kssl_ctx_new(void);
-KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
-void kssl_ctx_show(KSSL_CTX *kssl_ctx);
-krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-        krb5_data *realm, krb5_data *entity, int nentities);
-krb5_error_code	kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data **enc_tktp,
-        krb5_data *authenp, KSSL_ERR *kssl_err);
-krb5_error_code	kssl_sget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *indata,
-        krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
-krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
-void	kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
-krb5_error_code  kssl_build_principal_2(krb5_context context,
-			krb5_principal *princ, int rlen, const char *realm,
-			int slen, const char *svc, int hlen, const char *host);
-krb5_error_code  kssl_validate_times(krb5_timestamp atime,
-					krb5_ticket_times *ttimes);
-krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
-			            krb5_timestamp *atimep, KSSL_ERR *kssl_err);
-unsigned char	*kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
-
-void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
-KSSL_CTX * SSL_get0_kssl_ctx(SSL *s);
-char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif	/* OPENSSL_NO_KRB5	*/
-#endif	/* KSSL_H 	*/
diff --git a/include/openssl/lhash.h b/include/openssl/lhash.h
deleted file mode 100644
index e7d8763591..0000000000
--- a/include/openssl/lhash.h
+++ /dev/null
@@ -1,241 +0,0 @@
-/* crypto/lhash/lhash.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Header for dynamic hash table routines
- * Author - Eric Young
- */
-
-#ifndef HEADER_LHASH_H
-#define HEADER_LHASH_H
-
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h>
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct lhash_node_st
-	{
-	void *data;
-	struct lhash_node_st *next;
-#ifndef OPENSSL_NO_HASH_COMP
-	unsigned long hash;
-#endif
-	} LHASH_NODE;
-
-typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
-typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
-typedef void (*LHASH_DOALL_FN_TYPE)(void *);
-typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *);
-
-/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks.
- * This way, callbacks can be provided to LHASH structures without function
- * pointer casting and the macro-defined callbacks provide per-variable casting
- * before deferring to the underlying type-specific callbacks. NB: It is
- * possible to place a "static" in front of both the DECLARE and IMPLEMENT
- * macros if the functions are strictly internal. */
-
-/* First: "hash" functions */
-#define DECLARE_LHASH_HASH_FN(name, o_type) \
-	unsigned long name##_LHASH_HASH(const void *);
-#define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
-	unsigned long name##_LHASH_HASH(const void *arg) { \
-		const o_type *a = arg; \
-		return name##_hash(a); }
-#define LHASH_HASH_FN(name) name##_LHASH_HASH
-
-/* Second: "compare" functions */
-#define DECLARE_LHASH_COMP_FN(name, o_type) \
-	int name##_LHASH_COMP(const void *, const void *);
-#define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
-	int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
-		const o_type *a = arg1;		    \
-		const o_type *b = arg2; \
-		return name##_cmp(a,b); }
-#define LHASH_COMP_FN(name) name##_LHASH_COMP
-
-/* Third: "doall" functions */
-#define DECLARE_LHASH_DOALL_FN(name, o_type) \
-	void name##_LHASH_DOALL(void *);
-#define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \
-	void name##_LHASH_DOALL(void *arg) { \
-		o_type *a = arg; \
-		name##_doall(a); }
-#define LHASH_DOALL_FN(name) name##_LHASH_DOALL
-
-/* Fourth: "doall_arg" functions */
-#define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-	void name##_LHASH_DOALL_ARG(void *, void *);
-#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
-	void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
-		o_type *a = arg1; \
-		a_type *b = arg2; \
-		name##_doall_arg(a, b); }
-#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
-
-typedef struct lhash_st
-	{
-	LHASH_NODE **b;
-	LHASH_COMP_FN_TYPE comp;
-	LHASH_HASH_FN_TYPE hash;
-	unsigned int num_nodes;
-	unsigned int num_alloc_nodes;
-	unsigned int p;
-	unsigned int pmax;
-	unsigned long up_load; /* load times 256 */
-	unsigned long down_load; /* load times 256 */
-	unsigned long num_items;
-
-	unsigned long num_expands;
-	unsigned long num_expand_reallocs;
-	unsigned long num_contracts;
-	unsigned long num_contract_reallocs;
-	unsigned long num_hash_calls;
-	unsigned long num_comp_calls;
-	unsigned long num_insert;
-	unsigned long num_replace;
-	unsigned long num_delete;
-	unsigned long num_no_delete;
-	unsigned long num_retrieve;
-	unsigned long num_retrieve_miss;
-	unsigned long num_hash_comps;
-
-	int error;
-	} _LHASH;	/* Do not use _LHASH directly, use LHASH_OF
-			 * and friends */
-
-#define LH_LOAD_MULT	256
-
-/* Indicates a malloc() error in the last call, this is only bad
- * in lh_insert(). */
-#define lh_error(lh)	((lh)->error)
-
-_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
-void lh_free(_LHASH *lh);
-void *lh_insert(_LHASH *lh, void *data);
-void *lh_delete(_LHASH *lh, const void *data);
-void *lh_retrieve(_LHASH *lh, const void *data);
-void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func);
-void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
-unsigned long lh_strhash(const char *c);
-unsigned long lh_num_items(const _LHASH *lh);
-
-#ifndef OPENSSL_NO_FP_API
-void lh_stats(const _LHASH *lh, FILE *out);
-void lh_node_stats(const _LHASH *lh, FILE *out);
-void lh_node_usage_stats(const _LHASH *lh, FILE *out);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-void lh_stats_bio(const _LHASH *lh, BIO *out);
-void lh_node_stats_bio(const _LHASH *lh, BIO *out);
-void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);
-#endif
-
-/* Type checking... */
-
-#define LHASH_OF(type) struct lhash_st_##type
-
-#define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; }
-
-#define CHECKED_LHASH_OF(type,lh) \
-  ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh))
-
-/* Define wrapper functions. */
-#define LHM_lh_new(type, name) \
-  ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name)))
-#define LHM_lh_error(type, lh) \
-  lh_error(CHECKED_LHASH_OF(type,lh))
-#define LHM_lh_insert(type, lh, inst) \
-  ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \
-		     CHECKED_PTR_OF(type, inst)))
-#define LHM_lh_retrieve(type, lh, inst) \
-  ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \
-		       CHECKED_PTR_OF(type, inst)))
-#define LHM_lh_delete(type, lh, inst) \
-  ((type *)lh_delete(CHECKED_LHASH_OF(type, lh),			\
-		     CHECKED_PTR_OF(type, inst)))
-#define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn)
-#define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \
-  lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg))
-#define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh))
-#define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load)
-#define LHM_lh_node_stats_bio(type, lh, out) \
-  lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out)
-#define LHM_lh_node_usage_stats_bio(type, lh, out) \
-  lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out)
-#define LHM_lh_stats_bio(type, lh, out) \
-  lh_stats_bio(CHECKED_LHASH_OF(type, lh), out)
-#define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh))
-
-DECLARE_LHASH_OF(OPENSSL_STRING);
-DECLARE_LHASH_OF(OPENSSL_CSTRING);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/include/openssl/md4.h b/include/openssl/md4.h
deleted file mode 100644
index a55368a790..0000000000
--- a/include/openssl/md4.h
+++ /dev/null
@@ -1,120 +0,0 @@
-/* crypto/md4/md4.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MD4_H
-#define HEADER_MD4_H
-
-#include <openssl/e_os2.h>
-#include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MD4
-#error MD4 is disabled.
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! MD4_LONG_LOG2 has to be defined along.			   !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(__LP32__)
-#define MD4_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define MD4_LONG unsigned long
-#define MD4_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- *					<appro@fy.chalmers.se>
- */
-#else
-#define MD4_LONG unsigned int
-#endif
-
-#define MD4_CBLOCK	64
-#define MD4_LBLOCK	(MD4_CBLOCK/4)
-#define MD4_DIGEST_LENGTH 16
-
-typedef struct MD4state_st
-	{
-	MD4_LONG A,B,C,D;
-	MD4_LONG Nl,Nh;
-	MD4_LONG data[MD4_LBLOCK];
-	unsigned int num;
-	} MD4_CTX;
-
-#ifdef OPENSSL_FIPS
-int private_MD4_Init(MD4_CTX *c);
-#endif
-int MD4_Init(MD4_CTX *c);
-int MD4_Update(MD4_CTX *c, const void *data, size_t len);
-int MD4_Final(unsigned char *md, MD4_CTX *c);
-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
-void MD4_Transform(MD4_CTX *c, const unsigned char *b);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/md5.h b/include/openssl/md5.h
deleted file mode 100644
index 541cc925fe..0000000000
--- a/include/openssl/md5.h
+++ /dev/null
@@ -1,120 +0,0 @@
-/* crypto/md5/md5.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MD5_H
-#define HEADER_MD5_H
-
-#include <openssl/e_os2.h>
-#include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MD5
-#error MD5 is disabled.
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! MD5_LONG_LOG2 has to be defined along.			   !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(__LP32__)
-#define MD5_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define MD5_LONG unsigned long
-#define MD5_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- *					<appro@fy.chalmers.se>
- */
-#else
-#define MD5_LONG unsigned int
-#endif
-
-#define MD5_CBLOCK	64
-#define MD5_LBLOCK	(MD5_CBLOCK/4)
-#define MD5_DIGEST_LENGTH 16
-
-typedef struct MD5state_st
-	{
-	MD5_LONG A,B,C,D;
-	MD5_LONG Nl,Nh;
-	MD5_LONG data[MD5_LBLOCK];
-	unsigned int num;
-	} MD5_CTX;
-
-#ifdef OPENSSL_FIPS
-int private_MD5_Init(MD5_CTX *c);
-#endif
-int MD5_Init(MD5_CTX *c);
-int MD5_Update(MD5_CTX *c, const void *data, size_t len);
-int MD5_Final(unsigned char *md, MD5_CTX *c);
-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
-void MD5_Transform(MD5_CTX *c, const unsigned char *b);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/modes.h b/include/openssl/modes.h
deleted file mode 100644
index 7773c2542e..0000000000
--- a/include/openssl/modes.h
+++ /dev/null
@@ -1,141 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Rights for redistribution and usage in source and binary
- * forms are granted according to the OpenSSL license.
- */
-
-#include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-typedef void (*block128_f)(const unsigned char in[16],
-			unsigned char out[16],
-			const void *key);
-
-typedef void (*cbc128_f)(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], int enc);
-
-typedef void (*ctr128_f)(const unsigned char *in, unsigned char *out,
-			size_t blocks, const void *key,
-			const unsigned char ivec[16]);
-
-typedef void (*ccm128_f)(const unsigned char *in, unsigned char *out,
-			size_t blocks, const void *key,
-			const unsigned char ivec[16],unsigned char cmac[16]);
-
-void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], block128_f block);
-void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], block128_f block);
-
-void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], unsigned char ecount_buf[16],
-			unsigned int *num, block128_f block);
-
-void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], unsigned char ecount_buf[16],
-			unsigned int *num, ctr128_f ctr);
-
-void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], int *num,
-			block128_f block);
-
-void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], int *num,
-			int enc, block128_f block);
-void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
-			size_t length, const void *key,
-			unsigned char ivec[16], int *num,
-			int enc, block128_f block);
-void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
-			size_t bits, const void *key,
-			unsigned char ivec[16], int *num,
-			int enc, block128_f block);
-
-size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], block128_f block);
-size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], cbc128_f cbc);
-size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], block128_f block);
-size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], cbc128_f cbc);
-
-size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], block128_f block);
-size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], cbc128_f cbc);
-size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], block128_f block);
-size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
-			size_t len, const void *key,
-			unsigned char ivec[16], cbc128_f cbc);
-
-typedef struct gcm128_context GCM128_CONTEXT;
-
-GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
-void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block);
-void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
-			size_t len);
-int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
-			size_t len);
-int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
-			const unsigned char *in, unsigned char *out,
-			size_t len);
-int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
-			const unsigned char *in, unsigned char *out,
-			size_t len);
-int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
-			const unsigned char *in, unsigned char *out,
-			size_t len, ctr128_f stream);
-int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
-			const unsigned char *in, unsigned char *out,
-			size_t len, ctr128_f stream);
-int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
-			size_t len);
-void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
-void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
-
-typedef struct ccm128_context CCM128_CONTEXT;
-
-void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
-	unsigned int M, unsigned int L, void *key,block128_f block);
-int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
-	const unsigned char *nonce, size_t nlen, size_t mlen);
-void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx,
-	const unsigned char *aad, size_t alen);
-int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
-	const unsigned char *inp, unsigned char *out, size_t len);
-int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
-	const unsigned char *inp, unsigned char *out, size_t len);
-int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx,
-	const unsigned char *inp, unsigned char *out, size_t len,
-	ccm128_f stream);
-int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx,
-	const unsigned char *inp, unsigned char *out, size_t len,
-	ccm128_f stream);
-size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
-
-typedef struct xts128_context XTS128_CONTEXT;
-
-int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
-	const unsigned char *inp, unsigned char *out, size_t len, int enc);
-#ifdef  __cplusplus
-}
-#endif
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
deleted file mode 100644
index b5ea7cdab4..0000000000
--- a/include/openssl/obj_mac.h
+++ /dev/null
@@ -1,4032 +0,0 @@
-/* crypto/objects/obj_mac.h */
-
-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
- * following command:
- * perl objects.pl objects.txt obj_mac.num obj_mac.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define SN_undef			"UNDEF"
-#define LN_undef			"undefined"
-#define NID_undef			0
-#define OBJ_undef			0L
-
-#define SN_itu_t		"ITU-T"
-#define LN_itu_t		"itu-t"
-#define NID_itu_t		645
-#define OBJ_itu_t		0L
-
-#define NID_ccitt		404
-#define OBJ_ccitt		OBJ_itu_t
-
-#define SN_iso		"ISO"
-#define LN_iso		"iso"
-#define NID_iso		181
-#define OBJ_iso		1L
-
-#define SN_joint_iso_itu_t		"JOINT-ISO-ITU-T"
-#define LN_joint_iso_itu_t		"joint-iso-itu-t"
-#define NID_joint_iso_itu_t		646
-#define OBJ_joint_iso_itu_t		2L
-
-#define NID_joint_iso_ccitt		393
-#define OBJ_joint_iso_ccitt		OBJ_joint_iso_itu_t
-
-#define SN_member_body		"member-body"
-#define LN_member_body		"ISO Member Body"
-#define NID_member_body		182
-#define OBJ_member_body		OBJ_iso,2L
-
-#define SN_identified_organization		"identified-organization"
-#define NID_identified_organization		676
-#define OBJ_identified_organization		OBJ_iso,3L
-
-#define SN_hmac_md5		"HMAC-MD5"
-#define LN_hmac_md5		"hmac-md5"
-#define NID_hmac_md5		780
-#define OBJ_hmac_md5		OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L
-
-#define SN_hmac_sha1		"HMAC-SHA1"
-#define LN_hmac_sha1		"hmac-sha1"
-#define NID_hmac_sha1		781
-#define OBJ_hmac_sha1		OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L
-
-#define SN_certicom_arc		"certicom-arc"
-#define NID_certicom_arc		677
-#define OBJ_certicom_arc		OBJ_identified_organization,132L
-
-#define SN_international_organizations		"international-organizations"
-#define LN_international_organizations		"International Organizations"
-#define NID_international_organizations		647
-#define OBJ_international_organizations		OBJ_joint_iso_itu_t,23L
-
-#define SN_wap		"wap"
-#define NID_wap		678
-#define OBJ_wap		OBJ_international_organizations,43L
-
-#define SN_wap_wsg		"wap-wsg"
-#define NID_wap_wsg		679
-#define OBJ_wap_wsg		OBJ_wap,1L
-
-#define SN_selected_attribute_types		"selected-attribute-types"
-#define LN_selected_attribute_types		"Selected Attribute Types"
-#define NID_selected_attribute_types		394
-#define OBJ_selected_attribute_types		OBJ_joint_iso_itu_t,5L,1L,5L
-
-#define SN_clearance		"clearance"
-#define NID_clearance		395
-#define OBJ_clearance		OBJ_selected_attribute_types,55L
-
-#define SN_ISO_US		"ISO-US"
-#define LN_ISO_US		"ISO US Member Body"
-#define NID_ISO_US		183
-#define OBJ_ISO_US		OBJ_member_body,840L
-
-#define SN_X9_57		"X9-57"
-#define LN_X9_57		"X9.57"
-#define NID_X9_57		184
-#define OBJ_X9_57		OBJ_ISO_US,10040L
-
-#define SN_X9cm		"X9cm"
-#define LN_X9cm		"X9.57 CM ?"
-#define NID_X9cm		185
-#define OBJ_X9cm		OBJ_X9_57,4L
-
-#define SN_dsa		"DSA"
-#define LN_dsa		"dsaEncryption"
-#define NID_dsa		116
-#define OBJ_dsa		OBJ_X9cm,1L
-
-#define SN_dsaWithSHA1		"DSA-SHA1"
-#define LN_dsaWithSHA1		"dsaWithSHA1"
-#define NID_dsaWithSHA1		113
-#define OBJ_dsaWithSHA1		OBJ_X9cm,3L
-
-#define SN_ansi_X9_62		"ansi-X9-62"
-#define LN_ansi_X9_62		"ANSI X9.62"
-#define NID_ansi_X9_62		405
-#define OBJ_ansi_X9_62		OBJ_ISO_US,10045L
-
-#define OBJ_X9_62_id_fieldType		OBJ_ansi_X9_62,1L
-
-#define SN_X9_62_prime_field		"prime-field"
-#define NID_X9_62_prime_field		406
-#define OBJ_X9_62_prime_field		OBJ_X9_62_id_fieldType,1L
-
-#define SN_X9_62_characteristic_two_field		"characteristic-two-field"
-#define NID_X9_62_characteristic_two_field		407
-#define OBJ_X9_62_characteristic_two_field		OBJ_X9_62_id_fieldType,2L
-
-#define SN_X9_62_id_characteristic_two_basis		"id-characteristic-two-basis"
-#define NID_X9_62_id_characteristic_two_basis		680
-#define OBJ_X9_62_id_characteristic_two_basis		OBJ_X9_62_characteristic_two_field,3L
-
-#define SN_X9_62_onBasis		"onBasis"
-#define NID_X9_62_onBasis		681
-#define OBJ_X9_62_onBasis		OBJ_X9_62_id_characteristic_two_basis,1L
-
-#define SN_X9_62_tpBasis		"tpBasis"
-#define NID_X9_62_tpBasis		682
-#define OBJ_X9_62_tpBasis		OBJ_X9_62_id_characteristic_two_basis,2L
-
-#define SN_X9_62_ppBasis		"ppBasis"
-#define NID_X9_62_ppBasis		683
-#define OBJ_X9_62_ppBasis		OBJ_X9_62_id_characteristic_two_basis,3L
-
-#define OBJ_X9_62_id_publicKeyType		OBJ_ansi_X9_62,2L
-
-#define SN_X9_62_id_ecPublicKey		"id-ecPublicKey"
-#define NID_X9_62_id_ecPublicKey		408
-#define OBJ_X9_62_id_ecPublicKey		OBJ_X9_62_id_publicKeyType,1L
-
-#define OBJ_X9_62_ellipticCurve		OBJ_ansi_X9_62,3L
-
-#define OBJ_X9_62_c_TwoCurve		OBJ_X9_62_ellipticCurve,0L
-
-#define SN_X9_62_c2pnb163v1		"c2pnb163v1"
-#define NID_X9_62_c2pnb163v1		684
-#define OBJ_X9_62_c2pnb163v1		OBJ_X9_62_c_TwoCurve,1L
-
-#define SN_X9_62_c2pnb163v2		"c2pnb163v2"
-#define NID_X9_62_c2pnb163v2		685
-#define OBJ_X9_62_c2pnb163v2		OBJ_X9_62_c_TwoCurve,2L
-
-#define SN_X9_62_c2pnb163v3		"c2pnb163v3"
-#define NID_X9_62_c2pnb163v3		686
-#define OBJ_X9_62_c2pnb163v3		OBJ_X9_62_c_TwoCurve,3L
-
-#define SN_X9_62_c2pnb176v1		"c2pnb176v1"
-#define NID_X9_62_c2pnb176v1		687
-#define OBJ_X9_62_c2pnb176v1		OBJ_X9_62_c_TwoCurve,4L
-
-#define SN_X9_62_c2tnb191v1		"c2tnb191v1"
-#define NID_X9_62_c2tnb191v1		688
-#define OBJ_X9_62_c2tnb191v1		OBJ_X9_62_c_TwoCurve,5L
-
-#define SN_X9_62_c2tnb191v2		"c2tnb191v2"
-#define NID_X9_62_c2tnb191v2		689
-#define OBJ_X9_62_c2tnb191v2		OBJ_X9_62_c_TwoCurve,6L
-
-#define SN_X9_62_c2tnb191v3		"c2tnb191v3"
-#define NID_X9_62_c2tnb191v3		690
-#define OBJ_X9_62_c2tnb191v3		OBJ_X9_62_c_TwoCurve,7L
-
-#define SN_X9_62_c2onb191v4		"c2onb191v4"
-#define NID_X9_62_c2onb191v4		691
-#define OBJ_X9_62_c2onb191v4		OBJ_X9_62_c_TwoCurve,8L
-
-#define SN_X9_62_c2onb191v5		"c2onb191v5"
-#define NID_X9_62_c2onb191v5		692
-#define OBJ_X9_62_c2onb191v5		OBJ_X9_62_c_TwoCurve,9L
-
-#define SN_X9_62_c2pnb208w1		"c2pnb208w1"
-#define NID_X9_62_c2pnb208w1		693
-#define OBJ_X9_62_c2pnb208w1		OBJ_X9_62_c_TwoCurve,10L
-
-#define SN_X9_62_c2tnb239v1		"c2tnb239v1"
-#define NID_X9_62_c2tnb239v1		694
-#define OBJ_X9_62_c2tnb239v1		OBJ_X9_62_c_TwoCurve,11L
-
-#define SN_X9_62_c2tnb239v2		"c2tnb239v2"
-#define NID_X9_62_c2tnb239v2		695
-#define OBJ_X9_62_c2tnb239v2		OBJ_X9_62_c_TwoCurve,12L
-
-#define SN_X9_62_c2tnb239v3		"c2tnb239v3"
-#define NID_X9_62_c2tnb239v3		696
-#define OBJ_X9_62_c2tnb239v3		OBJ_X9_62_c_TwoCurve,13L
-
-#define SN_X9_62_c2onb239v4		"c2onb239v4"
-#define NID_X9_62_c2onb239v4		697
-#define OBJ_X9_62_c2onb239v4		OBJ_X9_62_c_TwoCurve,14L
-
-#define SN_X9_62_c2onb239v5		"c2onb239v5"
-#define NID_X9_62_c2onb239v5		698
-#define OBJ_X9_62_c2onb239v5		OBJ_X9_62_c_TwoCurve,15L
-
-#define SN_X9_62_c2pnb272w1		"c2pnb272w1"
-#define NID_X9_62_c2pnb272w1		699
-#define OBJ_X9_62_c2pnb272w1		OBJ_X9_62_c_TwoCurve,16L
-
-#define SN_X9_62_c2pnb304w1		"c2pnb304w1"
-#define NID_X9_62_c2pnb304w1		700
-#define OBJ_X9_62_c2pnb304w1		OBJ_X9_62_c_TwoCurve,17L
-
-#define SN_X9_62_c2tnb359v1		"c2tnb359v1"
-#define NID_X9_62_c2tnb359v1		701
-#define OBJ_X9_62_c2tnb359v1		OBJ_X9_62_c_TwoCurve,18L
-
-#define SN_X9_62_c2pnb368w1		"c2pnb368w1"
-#define NID_X9_62_c2pnb368w1		702
-#define OBJ_X9_62_c2pnb368w1		OBJ_X9_62_c_TwoCurve,19L
-
-#define SN_X9_62_c2tnb431r1		"c2tnb431r1"
-#define NID_X9_62_c2tnb431r1		703
-#define OBJ_X9_62_c2tnb431r1		OBJ_X9_62_c_TwoCurve,20L
-
-#define OBJ_X9_62_primeCurve		OBJ_X9_62_ellipticCurve,1L
-
-#define SN_X9_62_prime192v1		"prime192v1"
-#define NID_X9_62_prime192v1		409
-#define OBJ_X9_62_prime192v1		OBJ_X9_62_primeCurve,1L
-
-#define SN_X9_62_prime192v2		"prime192v2"
-#define NID_X9_62_prime192v2		410
-#define OBJ_X9_62_prime192v2		OBJ_X9_62_primeCurve,2L
-
-#define SN_X9_62_prime192v3		"prime192v3"
-#define NID_X9_62_prime192v3		411
-#define OBJ_X9_62_prime192v3		OBJ_X9_62_primeCurve,3L
-
-#define SN_X9_62_prime239v1		"prime239v1"
-#define NID_X9_62_prime239v1		412
-#define OBJ_X9_62_prime239v1		OBJ_X9_62_primeCurve,4L
-
-#define SN_X9_62_prime239v2		"prime239v2"
-#define NID_X9_62_prime239v2		413
-#define OBJ_X9_62_prime239v2		OBJ_X9_62_primeCurve,5L
-
-#define SN_X9_62_prime239v3		"prime239v3"
-#define NID_X9_62_prime239v3		414
-#define OBJ_X9_62_prime239v3		OBJ_X9_62_primeCurve,6L
-
-#define SN_X9_62_prime256v1		"prime256v1"
-#define NID_X9_62_prime256v1		415
-#define OBJ_X9_62_prime256v1		OBJ_X9_62_primeCurve,7L
-
-#define OBJ_X9_62_id_ecSigType		OBJ_ansi_X9_62,4L
-
-#define SN_ecdsa_with_SHA1		"ecdsa-with-SHA1"
-#define NID_ecdsa_with_SHA1		416
-#define OBJ_ecdsa_with_SHA1		OBJ_X9_62_id_ecSigType,1L
-
-#define SN_ecdsa_with_Recommended		"ecdsa-with-Recommended"
-#define NID_ecdsa_with_Recommended		791
-#define OBJ_ecdsa_with_Recommended		OBJ_X9_62_id_ecSigType,2L
-
-#define SN_ecdsa_with_Specified		"ecdsa-with-Specified"
-#define NID_ecdsa_with_Specified		792
-#define OBJ_ecdsa_with_Specified		OBJ_X9_62_id_ecSigType,3L
-
-#define SN_ecdsa_with_SHA224		"ecdsa-with-SHA224"
-#define NID_ecdsa_with_SHA224		793
-#define OBJ_ecdsa_with_SHA224		OBJ_ecdsa_with_Specified,1L
-
-#define SN_ecdsa_with_SHA256		"ecdsa-with-SHA256"
-#define NID_ecdsa_with_SHA256		794
-#define OBJ_ecdsa_with_SHA256		OBJ_ecdsa_with_Specified,2L
-
-#define SN_ecdsa_with_SHA384		"ecdsa-with-SHA384"
-#define NID_ecdsa_with_SHA384		795
-#define OBJ_ecdsa_with_SHA384		OBJ_ecdsa_with_Specified,3L
-
-#define SN_ecdsa_with_SHA512		"ecdsa-with-SHA512"
-#define NID_ecdsa_with_SHA512		796
-#define OBJ_ecdsa_with_SHA512		OBJ_ecdsa_with_Specified,4L
-
-#define OBJ_secg_ellipticCurve		OBJ_certicom_arc,0L
-
-#define SN_secp112r1		"secp112r1"
-#define NID_secp112r1		704
-#define OBJ_secp112r1		OBJ_secg_ellipticCurve,6L
-
-#define SN_secp112r2		"secp112r2"
-#define NID_secp112r2		705
-#define OBJ_secp112r2		OBJ_secg_ellipticCurve,7L
-
-#define SN_secp128r1		"secp128r1"
-#define NID_secp128r1		706
-#define OBJ_secp128r1		OBJ_secg_ellipticCurve,28L
-
-#define SN_secp128r2		"secp128r2"
-#define NID_secp128r2		707
-#define OBJ_secp128r2		OBJ_secg_ellipticCurve,29L
-
-#define SN_secp160k1		"secp160k1"
-#define NID_secp160k1		708
-#define OBJ_secp160k1		OBJ_secg_ellipticCurve,9L
-
-#define SN_secp160r1		"secp160r1"
-#define NID_secp160r1		709
-#define OBJ_secp160r1		OBJ_secg_ellipticCurve,8L
-
-#define SN_secp160r2		"secp160r2"
-#define NID_secp160r2		710
-#define OBJ_secp160r2		OBJ_secg_ellipticCurve,30L
-
-#define SN_secp192k1		"secp192k1"
-#define NID_secp192k1		711
-#define OBJ_secp192k1		OBJ_secg_ellipticCurve,31L
-
-#define SN_secp224k1		"secp224k1"
-#define NID_secp224k1		712
-#define OBJ_secp224k1		OBJ_secg_ellipticCurve,32L
-
-#define SN_secp224r1		"secp224r1"
-#define NID_secp224r1		713
-#define OBJ_secp224r1		OBJ_secg_ellipticCurve,33L
-
-#define SN_secp256k1		"secp256k1"
-#define NID_secp256k1		714
-#define OBJ_secp256k1		OBJ_secg_ellipticCurve,10L
-
-#define SN_secp384r1		"secp384r1"
-#define NID_secp384r1		715
-#define OBJ_secp384r1		OBJ_secg_ellipticCurve,34L
-
-#define SN_secp521r1		"secp521r1"
-#define NID_secp521r1		716
-#define OBJ_secp521r1		OBJ_secg_ellipticCurve,35L
-
-#define SN_sect113r1		"sect113r1"
-#define NID_sect113r1		717
-#define OBJ_sect113r1		OBJ_secg_ellipticCurve,4L
-
-#define SN_sect113r2		"sect113r2"
-#define NID_sect113r2		718
-#define OBJ_sect113r2		OBJ_secg_ellipticCurve,5L
-
-#define SN_sect131r1		"sect131r1"
-#define NID_sect131r1		719
-#define OBJ_sect131r1		OBJ_secg_ellipticCurve,22L
-
-#define SN_sect131r2		"sect131r2"
-#define NID_sect131r2		720
-#define OBJ_sect131r2		OBJ_secg_ellipticCurve,23L
-
-#define SN_sect163k1		"sect163k1"
-#define NID_sect163k1		721
-#define OBJ_sect163k1		OBJ_secg_ellipticCurve,1L
-
-#define SN_sect163r1		"sect163r1"
-#define NID_sect163r1		722
-#define OBJ_sect163r1		OBJ_secg_ellipticCurve,2L
-
-#define SN_sect163r2		"sect163r2"
-#define NID_sect163r2		723
-#define OBJ_sect163r2		OBJ_secg_ellipticCurve,15L
-
-#define SN_sect193r1		"sect193r1"
-#define NID_sect193r1		724
-#define OBJ_sect193r1		OBJ_secg_ellipticCurve,24L
-
-#define SN_sect193r2		"sect193r2"
-#define NID_sect193r2		725
-#define OBJ_sect193r2		OBJ_secg_ellipticCurve,25L
-
-#define SN_sect233k1		"sect233k1"
-#define NID_sect233k1		726
-#define OBJ_sect233k1		OBJ_secg_ellipticCurve,26L
-
-#define SN_sect233r1		"sect233r1"
-#define NID_sect233r1		727
-#define OBJ_sect233r1		OBJ_secg_ellipticCurve,27L
-
-#define SN_sect239k1		"sect239k1"
-#define NID_sect239k1		728
-#define OBJ_sect239k1		OBJ_secg_ellipticCurve,3L
-
-#define SN_sect283k1		"sect283k1"
-#define NID_sect283k1		729
-#define OBJ_sect283k1		OBJ_secg_ellipticCurve,16L
-
-#define SN_sect283r1		"sect283r1"
-#define NID_sect283r1		730
-#define OBJ_sect283r1		OBJ_secg_ellipticCurve,17L
-
-#define SN_sect409k1		"sect409k1"
-#define NID_sect409k1		731
-#define OBJ_sect409k1		OBJ_secg_ellipticCurve,36L
-
-#define SN_sect409r1		"sect409r1"
-#define NID_sect409r1		732
-#define OBJ_sect409r1		OBJ_secg_ellipticCurve,37L
-
-#define SN_sect571k1		"sect571k1"
-#define NID_sect571k1		733
-#define OBJ_sect571k1		OBJ_secg_ellipticCurve,38L
-
-#define SN_sect571r1		"sect571r1"
-#define NID_sect571r1		734
-#define OBJ_sect571r1		OBJ_secg_ellipticCurve,39L
-
-#define OBJ_wap_wsg_idm_ecid		OBJ_wap_wsg,4L
-
-#define SN_wap_wsg_idm_ecid_wtls1		"wap-wsg-idm-ecid-wtls1"
-#define NID_wap_wsg_idm_ecid_wtls1		735
-#define OBJ_wap_wsg_idm_ecid_wtls1		OBJ_wap_wsg_idm_ecid,1L
-
-#define SN_wap_wsg_idm_ecid_wtls3		"wap-wsg-idm-ecid-wtls3"
-#define NID_wap_wsg_idm_ecid_wtls3		736
-#define OBJ_wap_wsg_idm_ecid_wtls3		OBJ_wap_wsg_idm_ecid,3L
-
-#define SN_wap_wsg_idm_ecid_wtls4		"wap-wsg-idm-ecid-wtls4"
-#define NID_wap_wsg_idm_ecid_wtls4		737
-#define OBJ_wap_wsg_idm_ecid_wtls4		OBJ_wap_wsg_idm_ecid,4L
-
-#define SN_wap_wsg_idm_ecid_wtls5		"wap-wsg-idm-ecid-wtls5"
-#define NID_wap_wsg_idm_ecid_wtls5		738
-#define OBJ_wap_wsg_idm_ecid_wtls5		OBJ_wap_wsg_idm_ecid,5L
-
-#define SN_wap_wsg_idm_ecid_wtls6		"wap-wsg-idm-ecid-wtls6"
-#define NID_wap_wsg_idm_ecid_wtls6		739
-#define OBJ_wap_wsg_idm_ecid_wtls6		OBJ_wap_wsg_idm_ecid,6L
-
-#define SN_wap_wsg_idm_ecid_wtls7		"wap-wsg-idm-ecid-wtls7"
-#define NID_wap_wsg_idm_ecid_wtls7		740
-#define OBJ_wap_wsg_idm_ecid_wtls7		OBJ_wap_wsg_idm_ecid,7L
-
-#define SN_wap_wsg_idm_ecid_wtls8		"wap-wsg-idm-ecid-wtls8"
-#define NID_wap_wsg_idm_ecid_wtls8		741
-#define OBJ_wap_wsg_idm_ecid_wtls8		OBJ_wap_wsg_idm_ecid,8L
-
-#define SN_wap_wsg_idm_ecid_wtls9		"wap-wsg-idm-ecid-wtls9"
-#define NID_wap_wsg_idm_ecid_wtls9		742
-#define OBJ_wap_wsg_idm_ecid_wtls9		OBJ_wap_wsg_idm_ecid,9L
-
-#define SN_wap_wsg_idm_ecid_wtls10		"wap-wsg-idm-ecid-wtls10"
-#define NID_wap_wsg_idm_ecid_wtls10		743
-#define OBJ_wap_wsg_idm_ecid_wtls10		OBJ_wap_wsg_idm_ecid,10L
-
-#define SN_wap_wsg_idm_ecid_wtls11		"wap-wsg-idm-ecid-wtls11"
-#define NID_wap_wsg_idm_ecid_wtls11		744
-#define OBJ_wap_wsg_idm_ecid_wtls11		OBJ_wap_wsg_idm_ecid,11L
-
-#define SN_wap_wsg_idm_ecid_wtls12		"wap-wsg-idm-ecid-wtls12"
-#define NID_wap_wsg_idm_ecid_wtls12		745
-#define OBJ_wap_wsg_idm_ecid_wtls12		OBJ_wap_wsg_idm_ecid,12L
-
-#define SN_cast5_cbc		"CAST5-CBC"
-#define LN_cast5_cbc		"cast5-cbc"
-#define NID_cast5_cbc		108
-#define OBJ_cast5_cbc		OBJ_ISO_US,113533L,7L,66L,10L
-
-#define SN_cast5_ecb		"CAST5-ECB"
-#define LN_cast5_ecb		"cast5-ecb"
-#define NID_cast5_ecb		109
-
-#define SN_cast5_cfb64		"CAST5-CFB"
-#define LN_cast5_cfb64		"cast5-cfb"
-#define NID_cast5_cfb64		110
-
-#define SN_cast5_ofb64		"CAST5-OFB"
-#define LN_cast5_ofb64		"cast5-ofb"
-#define NID_cast5_ofb64		111
-
-#define LN_pbeWithMD5AndCast5_CBC		"pbeWithMD5AndCast5CBC"
-#define NID_pbeWithMD5AndCast5_CBC		112
-#define OBJ_pbeWithMD5AndCast5_CBC		OBJ_ISO_US,113533L,7L,66L,12L
-
-#define SN_id_PasswordBasedMAC		"id-PasswordBasedMAC"
-#define LN_id_PasswordBasedMAC		"password based MAC"
-#define NID_id_PasswordBasedMAC		782
-#define OBJ_id_PasswordBasedMAC		OBJ_ISO_US,113533L,7L,66L,13L
-
-#define SN_id_DHBasedMac		"id-DHBasedMac"
-#define LN_id_DHBasedMac		"Diffie-Hellman based MAC"
-#define NID_id_DHBasedMac		783
-#define OBJ_id_DHBasedMac		OBJ_ISO_US,113533L,7L,66L,30L
-
-#define SN_rsadsi		"rsadsi"
-#define LN_rsadsi		"RSA Data Security, Inc."
-#define NID_rsadsi		1
-#define OBJ_rsadsi		OBJ_ISO_US,113549L
-
-#define SN_pkcs		"pkcs"
-#define LN_pkcs		"RSA Data Security, Inc. PKCS"
-#define NID_pkcs		2
-#define OBJ_pkcs		OBJ_rsadsi,1L
-
-#define SN_pkcs1		"pkcs1"
-#define NID_pkcs1		186
-#define OBJ_pkcs1		OBJ_pkcs,1L
-
-#define LN_rsaEncryption		"rsaEncryption"
-#define NID_rsaEncryption		6
-#define OBJ_rsaEncryption		OBJ_pkcs1,1L
-
-#define SN_md2WithRSAEncryption		"RSA-MD2"
-#define LN_md2WithRSAEncryption		"md2WithRSAEncryption"
-#define NID_md2WithRSAEncryption		7
-#define OBJ_md2WithRSAEncryption		OBJ_pkcs1,2L
-
-#define SN_md4WithRSAEncryption		"RSA-MD4"
-#define LN_md4WithRSAEncryption		"md4WithRSAEncryption"
-#define NID_md4WithRSAEncryption		396
-#define OBJ_md4WithRSAEncryption		OBJ_pkcs1,3L
-
-#define SN_md5WithRSAEncryption		"RSA-MD5"
-#define LN_md5WithRSAEncryption		"md5WithRSAEncryption"
-#define NID_md5WithRSAEncryption		8
-#define OBJ_md5WithRSAEncryption		OBJ_pkcs1,4L
-
-#define SN_sha1WithRSAEncryption		"RSA-SHA1"
-#define LN_sha1WithRSAEncryption		"sha1WithRSAEncryption"
-#define NID_sha1WithRSAEncryption		65
-#define OBJ_sha1WithRSAEncryption		OBJ_pkcs1,5L
-
-#define SN_rsaesOaep		"RSAES-OAEP"
-#define LN_rsaesOaep		"rsaesOaep"
-#define NID_rsaesOaep		919
-#define OBJ_rsaesOaep		OBJ_pkcs1,7L
-
-#define SN_mgf1		"MGF1"
-#define LN_mgf1		"mgf1"
-#define NID_mgf1		911
-#define OBJ_mgf1		OBJ_pkcs1,8L
-
-#define SN_rsassaPss		"RSASSA-PSS"
-#define LN_rsassaPss		"rsassaPss"
-#define NID_rsassaPss		912
-#define OBJ_rsassaPss		OBJ_pkcs1,10L
-
-#define SN_sha256WithRSAEncryption		"RSA-SHA256"
-#define LN_sha256WithRSAEncryption		"sha256WithRSAEncryption"
-#define NID_sha256WithRSAEncryption		668
-#define OBJ_sha256WithRSAEncryption		OBJ_pkcs1,11L
-
-#define SN_sha384WithRSAEncryption		"RSA-SHA384"
-#define LN_sha384WithRSAEncryption		"sha384WithRSAEncryption"
-#define NID_sha384WithRSAEncryption		669
-#define OBJ_sha384WithRSAEncryption		OBJ_pkcs1,12L
-
-#define SN_sha512WithRSAEncryption		"RSA-SHA512"
-#define LN_sha512WithRSAEncryption		"sha512WithRSAEncryption"
-#define NID_sha512WithRSAEncryption		670
-#define OBJ_sha512WithRSAEncryption		OBJ_pkcs1,13L
-
-#define SN_sha224WithRSAEncryption		"RSA-SHA224"
-#define LN_sha224WithRSAEncryption		"sha224WithRSAEncryption"
-#define NID_sha224WithRSAEncryption		671
-#define OBJ_sha224WithRSAEncryption		OBJ_pkcs1,14L
-
-#define SN_pkcs3		"pkcs3"
-#define NID_pkcs3		27
-#define OBJ_pkcs3		OBJ_pkcs,3L
-
-#define LN_dhKeyAgreement		"dhKeyAgreement"
-#define NID_dhKeyAgreement		28
-#define OBJ_dhKeyAgreement		OBJ_pkcs3,1L
-
-#define SN_pkcs5		"pkcs5"
-#define NID_pkcs5		187
-#define OBJ_pkcs5		OBJ_pkcs,5L
-
-#define SN_pbeWithMD2AndDES_CBC		"PBE-MD2-DES"
-#define LN_pbeWithMD2AndDES_CBC		"pbeWithMD2AndDES-CBC"
-#define NID_pbeWithMD2AndDES_CBC		9
-#define OBJ_pbeWithMD2AndDES_CBC		OBJ_pkcs5,1L
-
-#define SN_pbeWithMD5AndDES_CBC		"PBE-MD5-DES"
-#define LN_pbeWithMD5AndDES_CBC		"pbeWithMD5AndDES-CBC"
-#define NID_pbeWithMD5AndDES_CBC		10
-#define OBJ_pbeWithMD5AndDES_CBC		OBJ_pkcs5,3L
-
-#define SN_pbeWithMD2AndRC2_CBC		"PBE-MD2-RC2-64"
-#define LN_pbeWithMD2AndRC2_CBC		"pbeWithMD2AndRC2-CBC"
-#define NID_pbeWithMD2AndRC2_CBC		168
-#define OBJ_pbeWithMD2AndRC2_CBC		OBJ_pkcs5,4L
-
-#define SN_pbeWithMD5AndRC2_CBC		"PBE-MD5-RC2-64"
-#define LN_pbeWithMD5AndRC2_CBC		"pbeWithMD5AndRC2-CBC"
-#define NID_pbeWithMD5AndRC2_CBC		169
-#define OBJ_pbeWithMD5AndRC2_CBC		OBJ_pkcs5,6L
-
-#define SN_pbeWithSHA1AndDES_CBC		"PBE-SHA1-DES"
-#define LN_pbeWithSHA1AndDES_CBC		"pbeWithSHA1AndDES-CBC"
-#define NID_pbeWithSHA1AndDES_CBC		170
-#define OBJ_pbeWithSHA1AndDES_CBC		OBJ_pkcs5,10L
-
-#define SN_pbeWithSHA1AndRC2_CBC		"PBE-SHA1-RC2-64"
-#define LN_pbeWithSHA1AndRC2_CBC		"pbeWithSHA1AndRC2-CBC"
-#define NID_pbeWithSHA1AndRC2_CBC		68
-#define OBJ_pbeWithSHA1AndRC2_CBC		OBJ_pkcs5,11L
-
-#define LN_id_pbkdf2		"PBKDF2"
-#define NID_id_pbkdf2		69
-#define OBJ_id_pbkdf2		OBJ_pkcs5,12L
-
-#define LN_pbes2		"PBES2"
-#define NID_pbes2		161
-#define OBJ_pbes2		OBJ_pkcs5,13L
-
-#define LN_pbmac1		"PBMAC1"
-#define NID_pbmac1		162
-#define OBJ_pbmac1		OBJ_pkcs5,14L
-
-#define SN_pkcs7		"pkcs7"
-#define NID_pkcs7		20
-#define OBJ_pkcs7		OBJ_pkcs,7L
-
-#define LN_pkcs7_data		"pkcs7-data"
-#define NID_pkcs7_data		21
-#define OBJ_pkcs7_data		OBJ_pkcs7,1L
-
-#define LN_pkcs7_signed		"pkcs7-signedData"
-#define NID_pkcs7_signed		22
-#define OBJ_pkcs7_signed		OBJ_pkcs7,2L
-
-#define LN_pkcs7_enveloped		"pkcs7-envelopedData"
-#define NID_pkcs7_enveloped		23
-#define OBJ_pkcs7_enveloped		OBJ_pkcs7,3L
-
-#define LN_pkcs7_signedAndEnveloped		"pkcs7-signedAndEnvelopedData"
-#define NID_pkcs7_signedAndEnveloped		24
-#define OBJ_pkcs7_signedAndEnveloped		OBJ_pkcs7,4L
-
-#define LN_pkcs7_digest		"pkcs7-digestData"
-#define NID_pkcs7_digest		25
-#define OBJ_pkcs7_digest		OBJ_pkcs7,5L
-
-#define LN_pkcs7_encrypted		"pkcs7-encryptedData"
-#define NID_pkcs7_encrypted		26
-#define OBJ_pkcs7_encrypted		OBJ_pkcs7,6L
-
-#define SN_pkcs9		"pkcs9"
-#define NID_pkcs9		47
-#define OBJ_pkcs9		OBJ_pkcs,9L
-
-#define LN_pkcs9_emailAddress		"emailAddress"
-#define NID_pkcs9_emailAddress		48
-#define OBJ_pkcs9_emailAddress		OBJ_pkcs9,1L
-
-#define LN_pkcs9_unstructuredName		"unstructuredName"
-#define NID_pkcs9_unstructuredName		49
-#define OBJ_pkcs9_unstructuredName		OBJ_pkcs9,2L
-
-#define LN_pkcs9_contentType		"contentType"
-#define NID_pkcs9_contentType		50
-#define OBJ_pkcs9_contentType		OBJ_pkcs9,3L
-
-#define LN_pkcs9_messageDigest		"messageDigest"
-#define NID_pkcs9_messageDigest		51
-#define OBJ_pkcs9_messageDigest		OBJ_pkcs9,4L
-
-#define LN_pkcs9_signingTime		"signingTime"
-#define NID_pkcs9_signingTime		52
-#define OBJ_pkcs9_signingTime		OBJ_pkcs9,5L
-
-#define LN_pkcs9_countersignature		"countersignature"
-#define NID_pkcs9_countersignature		53
-#define OBJ_pkcs9_countersignature		OBJ_pkcs9,6L
-
-#define LN_pkcs9_challengePassword		"challengePassword"
-#define NID_pkcs9_challengePassword		54
-#define OBJ_pkcs9_challengePassword		OBJ_pkcs9,7L
-
-#define LN_pkcs9_unstructuredAddress		"unstructuredAddress"
-#define NID_pkcs9_unstructuredAddress		55
-#define OBJ_pkcs9_unstructuredAddress		OBJ_pkcs9,8L
-
-#define LN_pkcs9_extCertAttributes		"extendedCertificateAttributes"
-#define NID_pkcs9_extCertAttributes		56
-#define OBJ_pkcs9_extCertAttributes		OBJ_pkcs9,9L
-
-#define SN_ext_req		"extReq"
-#define LN_ext_req		"Extension Request"
-#define NID_ext_req		172
-#define OBJ_ext_req		OBJ_pkcs9,14L
-
-#define SN_SMIMECapabilities		"SMIME-CAPS"
-#define LN_SMIMECapabilities		"S/MIME Capabilities"
-#define NID_SMIMECapabilities		167
-#define OBJ_SMIMECapabilities		OBJ_pkcs9,15L
-
-#define SN_SMIME		"SMIME"
-#define LN_SMIME		"S/MIME"
-#define NID_SMIME		188
-#define OBJ_SMIME		OBJ_pkcs9,16L
-
-#define SN_id_smime_mod		"id-smime-mod"
-#define NID_id_smime_mod		189
-#define OBJ_id_smime_mod		OBJ_SMIME,0L
-
-#define SN_id_smime_ct		"id-smime-ct"
-#define NID_id_smime_ct		190
-#define OBJ_id_smime_ct		OBJ_SMIME,1L
-
-#define SN_id_smime_aa		"id-smime-aa"
-#define NID_id_smime_aa		191
-#define OBJ_id_smime_aa		OBJ_SMIME,2L
-
-#define SN_id_smime_alg		"id-smime-alg"
-#define NID_id_smime_alg		192
-#define OBJ_id_smime_alg		OBJ_SMIME,3L
-
-#define SN_id_smime_cd		"id-smime-cd"
-#define NID_id_smime_cd		193
-#define OBJ_id_smime_cd		OBJ_SMIME,4L
-
-#define SN_id_smime_spq		"id-smime-spq"
-#define NID_id_smime_spq		194
-#define OBJ_id_smime_spq		OBJ_SMIME,5L
-
-#define SN_id_smime_cti		"id-smime-cti"
-#define NID_id_smime_cti		195
-#define OBJ_id_smime_cti		OBJ_SMIME,6L
-
-#define SN_id_smime_mod_cms		"id-smime-mod-cms"
-#define NID_id_smime_mod_cms		196
-#define OBJ_id_smime_mod_cms		OBJ_id_smime_mod,1L
-
-#define SN_id_smime_mod_ess		"id-smime-mod-ess"
-#define NID_id_smime_mod_ess		197
-#define OBJ_id_smime_mod_ess		OBJ_id_smime_mod,2L
-
-#define SN_id_smime_mod_oid		"id-smime-mod-oid"
-#define NID_id_smime_mod_oid		198
-#define OBJ_id_smime_mod_oid		OBJ_id_smime_mod,3L
-
-#define SN_id_smime_mod_msg_v3		"id-smime-mod-msg-v3"
-#define NID_id_smime_mod_msg_v3		199
-#define OBJ_id_smime_mod_msg_v3		OBJ_id_smime_mod,4L
-
-#define SN_id_smime_mod_ets_eSignature_88		"id-smime-mod-ets-eSignature-88"
-#define NID_id_smime_mod_ets_eSignature_88		200
-#define OBJ_id_smime_mod_ets_eSignature_88		OBJ_id_smime_mod,5L
-
-#define SN_id_smime_mod_ets_eSignature_97		"id-smime-mod-ets-eSignature-97"
-#define NID_id_smime_mod_ets_eSignature_97		201
-#define OBJ_id_smime_mod_ets_eSignature_97		OBJ_id_smime_mod,6L
-
-#define SN_id_smime_mod_ets_eSigPolicy_88		"id-smime-mod-ets-eSigPolicy-88"
-#define NID_id_smime_mod_ets_eSigPolicy_88		202
-#define OBJ_id_smime_mod_ets_eSigPolicy_88		OBJ_id_smime_mod,7L
-
-#define SN_id_smime_mod_ets_eSigPolicy_97		"id-smime-mod-ets-eSigPolicy-97"
-#define NID_id_smime_mod_ets_eSigPolicy_97		203
-#define OBJ_id_smime_mod_ets_eSigPolicy_97		OBJ_id_smime_mod,8L
-
-#define SN_id_smime_ct_receipt		"id-smime-ct-receipt"
-#define NID_id_smime_ct_receipt		204
-#define OBJ_id_smime_ct_receipt		OBJ_id_smime_ct,1L
-
-#define SN_id_smime_ct_authData		"id-smime-ct-authData"
-#define NID_id_smime_ct_authData		205
-#define OBJ_id_smime_ct_authData		OBJ_id_smime_ct,2L
-
-#define SN_id_smime_ct_publishCert		"id-smime-ct-publishCert"
-#define NID_id_smime_ct_publishCert		206
-#define OBJ_id_smime_ct_publishCert		OBJ_id_smime_ct,3L
-
-#define SN_id_smime_ct_TSTInfo		"id-smime-ct-TSTInfo"
-#define NID_id_smime_ct_TSTInfo		207
-#define OBJ_id_smime_ct_TSTInfo		OBJ_id_smime_ct,4L
-
-#define SN_id_smime_ct_TDTInfo		"id-smime-ct-TDTInfo"
-#define NID_id_smime_ct_TDTInfo		208
-#define OBJ_id_smime_ct_TDTInfo		OBJ_id_smime_ct,5L
-
-#define SN_id_smime_ct_contentInfo		"id-smime-ct-contentInfo"
-#define NID_id_smime_ct_contentInfo		209
-#define OBJ_id_smime_ct_contentInfo		OBJ_id_smime_ct,6L
-
-#define SN_id_smime_ct_DVCSRequestData		"id-smime-ct-DVCSRequestData"
-#define NID_id_smime_ct_DVCSRequestData		210
-#define OBJ_id_smime_ct_DVCSRequestData		OBJ_id_smime_ct,7L
-
-#define SN_id_smime_ct_DVCSResponseData		"id-smime-ct-DVCSResponseData"
-#define NID_id_smime_ct_DVCSResponseData		211
-#define OBJ_id_smime_ct_DVCSResponseData		OBJ_id_smime_ct,8L
-
-#define SN_id_smime_ct_compressedData		"id-smime-ct-compressedData"
-#define NID_id_smime_ct_compressedData		786
-#define OBJ_id_smime_ct_compressedData		OBJ_id_smime_ct,9L
-
-#define SN_id_ct_asciiTextWithCRLF		"id-ct-asciiTextWithCRLF"
-#define NID_id_ct_asciiTextWithCRLF		787
-#define OBJ_id_ct_asciiTextWithCRLF		OBJ_id_smime_ct,27L
-
-#define SN_id_smime_aa_receiptRequest		"id-smime-aa-receiptRequest"
-#define NID_id_smime_aa_receiptRequest		212
-#define OBJ_id_smime_aa_receiptRequest		OBJ_id_smime_aa,1L
-
-#define SN_id_smime_aa_securityLabel		"id-smime-aa-securityLabel"
-#define NID_id_smime_aa_securityLabel		213
-#define OBJ_id_smime_aa_securityLabel		OBJ_id_smime_aa,2L
-
-#define SN_id_smime_aa_mlExpandHistory		"id-smime-aa-mlExpandHistory"
-#define NID_id_smime_aa_mlExpandHistory		214
-#define OBJ_id_smime_aa_mlExpandHistory		OBJ_id_smime_aa,3L
-
-#define SN_id_smime_aa_contentHint		"id-smime-aa-contentHint"
-#define NID_id_smime_aa_contentHint		215
-#define OBJ_id_smime_aa_contentHint		OBJ_id_smime_aa,4L
-
-#define SN_id_smime_aa_msgSigDigest		"id-smime-aa-msgSigDigest"
-#define NID_id_smime_aa_msgSigDigest		216
-#define OBJ_id_smime_aa_msgSigDigest		OBJ_id_smime_aa,5L
-
-#define SN_id_smime_aa_encapContentType		"id-smime-aa-encapContentType"
-#define NID_id_smime_aa_encapContentType		217
-#define OBJ_id_smime_aa_encapContentType		OBJ_id_smime_aa,6L
-
-#define SN_id_smime_aa_contentIdentifier		"id-smime-aa-contentIdentifier"
-#define NID_id_smime_aa_contentIdentifier		218
-#define OBJ_id_smime_aa_contentIdentifier		OBJ_id_smime_aa,7L
-
-#define SN_id_smime_aa_macValue		"id-smime-aa-macValue"
-#define NID_id_smime_aa_macValue		219
-#define OBJ_id_smime_aa_macValue		OBJ_id_smime_aa,8L
-
-#define SN_id_smime_aa_equivalentLabels		"id-smime-aa-equivalentLabels"
-#define NID_id_smime_aa_equivalentLabels		220
-#define OBJ_id_smime_aa_equivalentLabels		OBJ_id_smime_aa,9L
-
-#define SN_id_smime_aa_contentReference		"id-smime-aa-contentReference"
-#define NID_id_smime_aa_contentReference		221
-#define OBJ_id_smime_aa_contentReference		OBJ_id_smime_aa,10L
-
-#define SN_id_smime_aa_encrypKeyPref		"id-smime-aa-encrypKeyPref"
-#define NID_id_smime_aa_encrypKeyPref		222
-#define OBJ_id_smime_aa_encrypKeyPref		OBJ_id_smime_aa,11L
-
-#define SN_id_smime_aa_signingCertificate		"id-smime-aa-signingCertificate"
-#define NID_id_smime_aa_signingCertificate		223
-#define OBJ_id_smime_aa_signingCertificate		OBJ_id_smime_aa,12L
-
-#define SN_id_smime_aa_smimeEncryptCerts		"id-smime-aa-smimeEncryptCerts"
-#define NID_id_smime_aa_smimeEncryptCerts		224
-#define OBJ_id_smime_aa_smimeEncryptCerts		OBJ_id_smime_aa,13L
-
-#define SN_id_smime_aa_timeStampToken		"id-smime-aa-timeStampToken"
-#define NID_id_smime_aa_timeStampToken		225
-#define OBJ_id_smime_aa_timeStampToken		OBJ_id_smime_aa,14L
-
-#define SN_id_smime_aa_ets_sigPolicyId		"id-smime-aa-ets-sigPolicyId"
-#define NID_id_smime_aa_ets_sigPolicyId		226
-#define OBJ_id_smime_aa_ets_sigPolicyId		OBJ_id_smime_aa,15L
-
-#define SN_id_smime_aa_ets_commitmentType		"id-smime-aa-ets-commitmentType"
-#define NID_id_smime_aa_ets_commitmentType		227
-#define OBJ_id_smime_aa_ets_commitmentType		OBJ_id_smime_aa,16L
-
-#define SN_id_smime_aa_ets_signerLocation		"id-smime-aa-ets-signerLocation"
-#define NID_id_smime_aa_ets_signerLocation		228
-#define OBJ_id_smime_aa_ets_signerLocation		OBJ_id_smime_aa,17L
-
-#define SN_id_smime_aa_ets_signerAttr		"id-smime-aa-ets-signerAttr"
-#define NID_id_smime_aa_ets_signerAttr		229
-#define OBJ_id_smime_aa_ets_signerAttr		OBJ_id_smime_aa,18L
-
-#define SN_id_smime_aa_ets_otherSigCert		"id-smime-aa-ets-otherSigCert"
-#define NID_id_smime_aa_ets_otherSigCert		230
-#define OBJ_id_smime_aa_ets_otherSigCert		OBJ_id_smime_aa,19L
-
-#define SN_id_smime_aa_ets_contentTimestamp		"id-smime-aa-ets-contentTimestamp"
-#define NID_id_smime_aa_ets_contentTimestamp		231
-#define OBJ_id_smime_aa_ets_contentTimestamp		OBJ_id_smime_aa,20L
-
-#define SN_id_smime_aa_ets_CertificateRefs		"id-smime-aa-ets-CertificateRefs"
-#define NID_id_smime_aa_ets_CertificateRefs		232
-#define OBJ_id_smime_aa_ets_CertificateRefs		OBJ_id_smime_aa,21L
-
-#define SN_id_smime_aa_ets_RevocationRefs		"id-smime-aa-ets-RevocationRefs"
-#define NID_id_smime_aa_ets_RevocationRefs		233
-#define OBJ_id_smime_aa_ets_RevocationRefs		OBJ_id_smime_aa,22L
-
-#define SN_id_smime_aa_ets_certValues		"id-smime-aa-ets-certValues"
-#define NID_id_smime_aa_ets_certValues		234
-#define OBJ_id_smime_aa_ets_certValues		OBJ_id_smime_aa,23L
-
-#define SN_id_smime_aa_ets_revocationValues		"id-smime-aa-ets-revocationValues"
-#define NID_id_smime_aa_ets_revocationValues		235
-#define OBJ_id_smime_aa_ets_revocationValues		OBJ_id_smime_aa,24L
-
-#define SN_id_smime_aa_ets_escTimeStamp		"id-smime-aa-ets-escTimeStamp"
-#define NID_id_smime_aa_ets_escTimeStamp		236
-#define OBJ_id_smime_aa_ets_escTimeStamp		OBJ_id_smime_aa,25L
-
-#define SN_id_smime_aa_ets_certCRLTimestamp		"id-smime-aa-ets-certCRLTimestamp"
-#define NID_id_smime_aa_ets_certCRLTimestamp		237
-#define OBJ_id_smime_aa_ets_certCRLTimestamp		OBJ_id_smime_aa,26L
-
-#define SN_id_smime_aa_ets_archiveTimeStamp		"id-smime-aa-ets-archiveTimeStamp"
-#define NID_id_smime_aa_ets_archiveTimeStamp		238
-#define OBJ_id_smime_aa_ets_archiveTimeStamp		OBJ_id_smime_aa,27L
-
-#define SN_id_smime_aa_signatureType		"id-smime-aa-signatureType"
-#define NID_id_smime_aa_signatureType		239
-#define OBJ_id_smime_aa_signatureType		OBJ_id_smime_aa,28L
-
-#define SN_id_smime_aa_dvcs_dvc		"id-smime-aa-dvcs-dvc"
-#define NID_id_smime_aa_dvcs_dvc		240
-#define OBJ_id_smime_aa_dvcs_dvc		OBJ_id_smime_aa,29L
-
-#define SN_id_smime_alg_ESDHwith3DES		"id-smime-alg-ESDHwith3DES"
-#define NID_id_smime_alg_ESDHwith3DES		241
-#define OBJ_id_smime_alg_ESDHwith3DES		OBJ_id_smime_alg,1L
-
-#define SN_id_smime_alg_ESDHwithRC2		"id-smime-alg-ESDHwithRC2"
-#define NID_id_smime_alg_ESDHwithRC2		242
-#define OBJ_id_smime_alg_ESDHwithRC2		OBJ_id_smime_alg,2L
-
-#define SN_id_smime_alg_3DESwrap		"id-smime-alg-3DESwrap"
-#define NID_id_smime_alg_3DESwrap		243
-#define OBJ_id_smime_alg_3DESwrap		OBJ_id_smime_alg,3L
-
-#define SN_id_smime_alg_RC2wrap		"id-smime-alg-RC2wrap"
-#define NID_id_smime_alg_RC2wrap		244
-#define OBJ_id_smime_alg_RC2wrap		OBJ_id_smime_alg,4L
-
-#define SN_id_smime_alg_ESDH		"id-smime-alg-ESDH"
-#define NID_id_smime_alg_ESDH		245
-#define OBJ_id_smime_alg_ESDH		OBJ_id_smime_alg,5L
-
-#define SN_id_smime_alg_CMS3DESwrap		"id-smime-alg-CMS3DESwrap"
-#define NID_id_smime_alg_CMS3DESwrap		246
-#define OBJ_id_smime_alg_CMS3DESwrap		OBJ_id_smime_alg,6L
-
-#define SN_id_smime_alg_CMSRC2wrap		"id-smime-alg-CMSRC2wrap"
-#define NID_id_smime_alg_CMSRC2wrap		247
-#define OBJ_id_smime_alg_CMSRC2wrap		OBJ_id_smime_alg,7L
-
-#define SN_id_alg_PWRI_KEK		"id-alg-PWRI-KEK"
-#define NID_id_alg_PWRI_KEK		893
-#define OBJ_id_alg_PWRI_KEK		OBJ_id_smime_alg,9L
-
-#define SN_id_smime_cd_ldap		"id-smime-cd-ldap"
-#define NID_id_smime_cd_ldap		248
-#define OBJ_id_smime_cd_ldap		OBJ_id_smime_cd,1L
-
-#define SN_id_smime_spq_ets_sqt_uri		"id-smime-spq-ets-sqt-uri"
-#define NID_id_smime_spq_ets_sqt_uri		249
-#define OBJ_id_smime_spq_ets_sqt_uri		OBJ_id_smime_spq,1L
-
-#define SN_id_smime_spq_ets_sqt_unotice		"id-smime-spq-ets-sqt-unotice"
-#define NID_id_smime_spq_ets_sqt_unotice		250
-#define OBJ_id_smime_spq_ets_sqt_unotice		OBJ_id_smime_spq,2L
-
-#define SN_id_smime_cti_ets_proofOfOrigin		"id-smime-cti-ets-proofOfOrigin"
-#define NID_id_smime_cti_ets_proofOfOrigin		251
-#define OBJ_id_smime_cti_ets_proofOfOrigin		OBJ_id_smime_cti,1L
-
-#define SN_id_smime_cti_ets_proofOfReceipt		"id-smime-cti-ets-proofOfReceipt"
-#define NID_id_smime_cti_ets_proofOfReceipt		252
-#define OBJ_id_smime_cti_ets_proofOfReceipt		OBJ_id_smime_cti,2L
-
-#define SN_id_smime_cti_ets_proofOfDelivery		"id-smime-cti-ets-proofOfDelivery"
-#define NID_id_smime_cti_ets_proofOfDelivery		253
-#define OBJ_id_smime_cti_ets_proofOfDelivery		OBJ_id_smime_cti,3L
-
-#define SN_id_smime_cti_ets_proofOfSender		"id-smime-cti-ets-proofOfSender"
-#define NID_id_smime_cti_ets_proofOfSender		254
-#define OBJ_id_smime_cti_ets_proofOfSender		OBJ_id_smime_cti,4L
-
-#define SN_id_smime_cti_ets_proofOfApproval		"id-smime-cti-ets-proofOfApproval"
-#define NID_id_smime_cti_ets_proofOfApproval		255
-#define OBJ_id_smime_cti_ets_proofOfApproval		OBJ_id_smime_cti,5L
-
-#define SN_id_smime_cti_ets_proofOfCreation		"id-smime-cti-ets-proofOfCreation"
-#define NID_id_smime_cti_ets_proofOfCreation		256
-#define OBJ_id_smime_cti_ets_proofOfCreation		OBJ_id_smime_cti,6L
-
-#define LN_friendlyName		"friendlyName"
-#define NID_friendlyName		156
-#define OBJ_friendlyName		OBJ_pkcs9,20L
-
-#define LN_localKeyID		"localKeyID"
-#define NID_localKeyID		157
-#define OBJ_localKeyID		OBJ_pkcs9,21L
-
-#define SN_ms_csp_name		"CSPName"
-#define LN_ms_csp_name		"Microsoft CSP Name"
-#define NID_ms_csp_name		417
-#define OBJ_ms_csp_name		1L,3L,6L,1L,4L,1L,311L,17L,1L
-
-#define SN_LocalKeySet		"LocalKeySet"
-#define LN_LocalKeySet		"Microsoft Local Key set"
-#define NID_LocalKeySet		856
-#define OBJ_LocalKeySet		1L,3L,6L,1L,4L,1L,311L,17L,2L
-
-#define OBJ_certTypes		OBJ_pkcs9,22L
-
-#define LN_x509Certificate		"x509Certificate"
-#define NID_x509Certificate		158
-#define OBJ_x509Certificate		OBJ_certTypes,1L
-
-#define LN_sdsiCertificate		"sdsiCertificate"
-#define NID_sdsiCertificate		159
-#define OBJ_sdsiCertificate		OBJ_certTypes,2L
-
-#define OBJ_crlTypes		OBJ_pkcs9,23L
-
-#define LN_x509Crl		"x509Crl"
-#define NID_x509Crl		160
-#define OBJ_x509Crl		OBJ_crlTypes,1L
-
-#define OBJ_pkcs12		OBJ_pkcs,12L
-
-#define OBJ_pkcs12_pbeids		OBJ_pkcs12,1L
-
-#define SN_pbe_WithSHA1And128BitRC4		"PBE-SHA1-RC4-128"
-#define LN_pbe_WithSHA1And128BitRC4		"pbeWithSHA1And128BitRC4"
-#define NID_pbe_WithSHA1And128BitRC4		144
-#define OBJ_pbe_WithSHA1And128BitRC4		OBJ_pkcs12_pbeids,1L
-
-#define SN_pbe_WithSHA1And40BitRC4		"PBE-SHA1-RC4-40"
-#define LN_pbe_WithSHA1And40BitRC4		"pbeWithSHA1And40BitRC4"
-#define NID_pbe_WithSHA1And40BitRC4		145
-#define OBJ_pbe_WithSHA1And40BitRC4		OBJ_pkcs12_pbeids,2L
-
-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC		"PBE-SHA1-3DES"
-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC		"pbeWithSHA1And3-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC		146
-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC		OBJ_pkcs12_pbeids,3L
-
-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC		"PBE-SHA1-2DES"
-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC		"pbeWithSHA1And2-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC		147
-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC		OBJ_pkcs12_pbeids,4L
-
-#define SN_pbe_WithSHA1And128BitRC2_CBC		"PBE-SHA1-RC2-128"
-#define LN_pbe_WithSHA1And128BitRC2_CBC		"pbeWithSHA1And128BitRC2-CBC"
-#define NID_pbe_WithSHA1And128BitRC2_CBC		148
-#define OBJ_pbe_WithSHA1And128BitRC2_CBC		OBJ_pkcs12_pbeids,5L
-
-#define SN_pbe_WithSHA1And40BitRC2_CBC		"PBE-SHA1-RC2-40"
-#define LN_pbe_WithSHA1And40BitRC2_CBC		"pbeWithSHA1And40BitRC2-CBC"
-#define NID_pbe_WithSHA1And40BitRC2_CBC		149
-#define OBJ_pbe_WithSHA1And40BitRC2_CBC		OBJ_pkcs12_pbeids,6L
-
-#define OBJ_pkcs12_Version1		OBJ_pkcs12,10L
-
-#define OBJ_pkcs12_BagIds		OBJ_pkcs12_Version1,1L
-
-#define LN_keyBag		"keyBag"
-#define NID_keyBag		150
-#define OBJ_keyBag		OBJ_pkcs12_BagIds,1L
-
-#define LN_pkcs8ShroudedKeyBag		"pkcs8ShroudedKeyBag"
-#define NID_pkcs8ShroudedKeyBag		151
-#define OBJ_pkcs8ShroudedKeyBag		OBJ_pkcs12_BagIds,2L
-
-#define LN_certBag		"certBag"
-#define NID_certBag		152
-#define OBJ_certBag		OBJ_pkcs12_BagIds,3L
-
-#define LN_crlBag		"crlBag"
-#define NID_crlBag		153
-#define OBJ_crlBag		OBJ_pkcs12_BagIds,4L
-
-#define LN_secretBag		"secretBag"
-#define NID_secretBag		154
-#define OBJ_secretBag		OBJ_pkcs12_BagIds,5L
-
-#define LN_safeContentsBag		"safeContentsBag"
-#define NID_safeContentsBag		155
-#define OBJ_safeContentsBag		OBJ_pkcs12_BagIds,6L
-
-#define SN_md2		"MD2"
-#define LN_md2		"md2"
-#define NID_md2		3
-#define OBJ_md2		OBJ_rsadsi,2L,2L
-
-#define SN_md4		"MD4"
-#define LN_md4		"md4"
-#define NID_md4		257
-#define OBJ_md4		OBJ_rsadsi,2L,4L
-
-#define SN_md5		"MD5"
-#define LN_md5		"md5"
-#define NID_md5		4
-#define OBJ_md5		OBJ_rsadsi,2L,5L
-
-#define SN_md5_sha1		"MD5-SHA1"
-#define LN_md5_sha1		"md5-sha1"
-#define NID_md5_sha1		114
-
-#define LN_hmacWithMD5		"hmacWithMD5"
-#define NID_hmacWithMD5		797
-#define OBJ_hmacWithMD5		OBJ_rsadsi,2L,6L
-
-#define LN_hmacWithSHA1		"hmacWithSHA1"
-#define NID_hmacWithSHA1		163
-#define OBJ_hmacWithSHA1		OBJ_rsadsi,2L,7L
-
-#define LN_hmacWithSHA224		"hmacWithSHA224"
-#define NID_hmacWithSHA224		798
-#define OBJ_hmacWithSHA224		OBJ_rsadsi,2L,8L
-
-#define LN_hmacWithSHA256		"hmacWithSHA256"
-#define NID_hmacWithSHA256		799
-#define OBJ_hmacWithSHA256		OBJ_rsadsi,2L,9L
-
-#define LN_hmacWithSHA384		"hmacWithSHA384"
-#define NID_hmacWithSHA384		800
-#define OBJ_hmacWithSHA384		OBJ_rsadsi,2L,10L
-
-#define LN_hmacWithSHA512		"hmacWithSHA512"
-#define NID_hmacWithSHA512		801
-#define OBJ_hmacWithSHA512		OBJ_rsadsi,2L,11L
-
-#define SN_rc2_cbc		"RC2-CBC"
-#define LN_rc2_cbc		"rc2-cbc"
-#define NID_rc2_cbc		37
-#define OBJ_rc2_cbc		OBJ_rsadsi,3L,2L
-
-#define SN_rc2_ecb		"RC2-ECB"
-#define LN_rc2_ecb		"rc2-ecb"
-#define NID_rc2_ecb		38
-
-#define SN_rc2_cfb64		"RC2-CFB"
-#define LN_rc2_cfb64		"rc2-cfb"
-#define NID_rc2_cfb64		39
-
-#define SN_rc2_ofb64		"RC2-OFB"
-#define LN_rc2_ofb64		"rc2-ofb"
-#define NID_rc2_ofb64		40
-
-#define SN_rc2_40_cbc		"RC2-40-CBC"
-#define LN_rc2_40_cbc		"rc2-40-cbc"
-#define NID_rc2_40_cbc		98
-
-#define SN_rc2_64_cbc		"RC2-64-CBC"
-#define LN_rc2_64_cbc		"rc2-64-cbc"
-#define NID_rc2_64_cbc		166
-
-#define SN_rc4		"RC4"
-#define LN_rc4		"rc4"
-#define NID_rc4		5
-#define OBJ_rc4		OBJ_rsadsi,3L,4L
-
-#define SN_rc4_40		"RC4-40"
-#define LN_rc4_40		"rc4-40"
-#define NID_rc4_40		97
-
-#define SN_des_ede3_cbc		"DES-EDE3-CBC"
-#define LN_des_ede3_cbc		"des-ede3-cbc"
-#define NID_des_ede3_cbc		44
-#define OBJ_des_ede3_cbc		OBJ_rsadsi,3L,7L
-
-#define SN_rc5_cbc		"RC5-CBC"
-#define LN_rc5_cbc		"rc5-cbc"
-#define NID_rc5_cbc		120
-#define OBJ_rc5_cbc		OBJ_rsadsi,3L,8L
-
-#define SN_rc5_ecb		"RC5-ECB"
-#define LN_rc5_ecb		"rc5-ecb"
-#define NID_rc5_ecb		121
-
-#define SN_rc5_cfb64		"RC5-CFB"
-#define LN_rc5_cfb64		"rc5-cfb"
-#define NID_rc5_cfb64		122
-
-#define SN_rc5_ofb64		"RC5-OFB"
-#define LN_rc5_ofb64		"rc5-ofb"
-#define NID_rc5_ofb64		123
-
-#define SN_ms_ext_req		"msExtReq"
-#define LN_ms_ext_req		"Microsoft Extension Request"
-#define NID_ms_ext_req		171
-#define OBJ_ms_ext_req		1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
-
-#define SN_ms_code_ind		"msCodeInd"
-#define LN_ms_code_ind		"Microsoft Individual Code Signing"
-#define NID_ms_code_ind		134
-#define OBJ_ms_code_ind		1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
-
-#define SN_ms_code_com		"msCodeCom"
-#define LN_ms_code_com		"Microsoft Commercial Code Signing"
-#define NID_ms_code_com		135
-#define OBJ_ms_code_com		1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
-
-#define SN_ms_ctl_sign		"msCTLSign"
-#define LN_ms_ctl_sign		"Microsoft Trust List Signing"
-#define NID_ms_ctl_sign		136
-#define OBJ_ms_ctl_sign		1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
-
-#define SN_ms_sgc		"msSGC"
-#define LN_ms_sgc		"Microsoft Server Gated Crypto"
-#define NID_ms_sgc		137
-#define OBJ_ms_sgc		1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
-
-#define SN_ms_efs		"msEFS"
-#define LN_ms_efs		"Microsoft Encrypted File System"
-#define NID_ms_efs		138
-#define OBJ_ms_efs		1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
-
-#define SN_ms_smartcard_login		"msSmartcardLogin"
-#define LN_ms_smartcard_login		"Microsoft Smartcardlogin"
-#define NID_ms_smartcard_login		648
-#define OBJ_ms_smartcard_login		1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
-
-#define SN_ms_upn		"msUPN"
-#define LN_ms_upn		"Microsoft Universal Principal Name"
-#define NID_ms_upn		649
-#define OBJ_ms_upn		1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
-
-#define SN_idea_cbc		"IDEA-CBC"
-#define LN_idea_cbc		"idea-cbc"
-#define NID_idea_cbc		34
-#define OBJ_idea_cbc		1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
-
-#define SN_idea_ecb		"IDEA-ECB"
-#define LN_idea_ecb		"idea-ecb"
-#define NID_idea_ecb		36
-
-#define SN_idea_cfb64		"IDEA-CFB"
-#define LN_idea_cfb64		"idea-cfb"
-#define NID_idea_cfb64		35
-
-#define SN_idea_ofb64		"IDEA-OFB"
-#define LN_idea_ofb64		"idea-ofb"
-#define NID_idea_ofb64		46
-
-#define SN_bf_cbc		"BF-CBC"
-#define LN_bf_cbc		"bf-cbc"
-#define NID_bf_cbc		91
-#define OBJ_bf_cbc		1L,3L,6L,1L,4L,1L,3029L,1L,2L
-
-#define SN_bf_ecb		"BF-ECB"
-#define LN_bf_ecb		"bf-ecb"
-#define NID_bf_ecb		92
-
-#define SN_bf_cfb64		"BF-CFB"
-#define LN_bf_cfb64		"bf-cfb"
-#define NID_bf_cfb64		93
-
-#define SN_bf_ofb64		"BF-OFB"
-#define LN_bf_ofb64		"bf-ofb"
-#define NID_bf_ofb64		94
-
-#define SN_id_pkix		"PKIX"
-#define NID_id_pkix		127
-#define OBJ_id_pkix		1L,3L,6L,1L,5L,5L,7L
-
-#define SN_id_pkix_mod		"id-pkix-mod"
-#define NID_id_pkix_mod		258
-#define OBJ_id_pkix_mod		OBJ_id_pkix,0L
-
-#define SN_id_pe		"id-pe"
-#define NID_id_pe		175
-#define OBJ_id_pe		OBJ_id_pkix,1L
-
-#define SN_id_qt		"id-qt"
-#define NID_id_qt		259
-#define OBJ_id_qt		OBJ_id_pkix,2L
-
-#define SN_id_kp		"id-kp"
-#define NID_id_kp		128
-#define OBJ_id_kp		OBJ_id_pkix,3L
-
-#define SN_id_it		"id-it"
-#define NID_id_it		260
-#define OBJ_id_it		OBJ_id_pkix,4L
-
-#define SN_id_pkip		"id-pkip"
-#define NID_id_pkip		261
-#define OBJ_id_pkip		OBJ_id_pkix,5L
-
-#define SN_id_alg		"id-alg"
-#define NID_id_alg		262
-#define OBJ_id_alg		OBJ_id_pkix,6L
-
-#define SN_id_cmc		"id-cmc"
-#define NID_id_cmc		263
-#define OBJ_id_cmc		OBJ_id_pkix,7L
-
-#define SN_id_on		"id-on"
-#define NID_id_on		264
-#define OBJ_id_on		OBJ_id_pkix,8L
-
-#define SN_id_pda		"id-pda"
-#define NID_id_pda		265
-#define OBJ_id_pda		OBJ_id_pkix,9L
-
-#define SN_id_aca		"id-aca"
-#define NID_id_aca		266
-#define OBJ_id_aca		OBJ_id_pkix,10L
-
-#define SN_id_qcs		"id-qcs"
-#define NID_id_qcs		267
-#define OBJ_id_qcs		OBJ_id_pkix,11L
-
-#define SN_id_cct		"id-cct"
-#define NID_id_cct		268
-#define OBJ_id_cct		OBJ_id_pkix,12L
-
-#define SN_id_ppl		"id-ppl"
-#define NID_id_ppl		662
-#define OBJ_id_ppl		OBJ_id_pkix,21L
-
-#define SN_id_ad		"id-ad"
-#define NID_id_ad		176
-#define OBJ_id_ad		OBJ_id_pkix,48L
-
-#define SN_id_pkix1_explicit_88		"id-pkix1-explicit-88"
-#define NID_id_pkix1_explicit_88		269
-#define OBJ_id_pkix1_explicit_88		OBJ_id_pkix_mod,1L
-
-#define SN_id_pkix1_implicit_88		"id-pkix1-implicit-88"
-#define NID_id_pkix1_implicit_88		270
-#define OBJ_id_pkix1_implicit_88		OBJ_id_pkix_mod,2L
-
-#define SN_id_pkix1_explicit_93		"id-pkix1-explicit-93"
-#define NID_id_pkix1_explicit_93		271
-#define OBJ_id_pkix1_explicit_93		OBJ_id_pkix_mod,3L
-
-#define SN_id_pkix1_implicit_93		"id-pkix1-implicit-93"
-#define NID_id_pkix1_implicit_93		272
-#define OBJ_id_pkix1_implicit_93		OBJ_id_pkix_mod,4L
-
-#define SN_id_mod_crmf		"id-mod-crmf"
-#define NID_id_mod_crmf		273
-#define OBJ_id_mod_crmf		OBJ_id_pkix_mod,5L
-
-#define SN_id_mod_cmc		"id-mod-cmc"
-#define NID_id_mod_cmc		274
-#define OBJ_id_mod_cmc		OBJ_id_pkix_mod,6L
-
-#define SN_id_mod_kea_profile_88		"id-mod-kea-profile-88"
-#define NID_id_mod_kea_profile_88		275
-#define OBJ_id_mod_kea_profile_88		OBJ_id_pkix_mod,7L
-
-#define SN_id_mod_kea_profile_93		"id-mod-kea-profile-93"
-#define NID_id_mod_kea_profile_93		276
-#define OBJ_id_mod_kea_profile_93		OBJ_id_pkix_mod,8L
-
-#define SN_id_mod_cmp		"id-mod-cmp"
-#define NID_id_mod_cmp		277
-#define OBJ_id_mod_cmp		OBJ_id_pkix_mod,9L
-
-#define SN_id_mod_qualified_cert_88		"id-mod-qualified-cert-88"
-#define NID_id_mod_qualified_cert_88		278
-#define OBJ_id_mod_qualified_cert_88		OBJ_id_pkix_mod,10L
-
-#define SN_id_mod_qualified_cert_93		"id-mod-qualified-cert-93"
-#define NID_id_mod_qualified_cert_93		279
-#define OBJ_id_mod_qualified_cert_93		OBJ_id_pkix_mod,11L
-
-#define SN_id_mod_attribute_cert		"id-mod-attribute-cert"
-#define NID_id_mod_attribute_cert		280
-#define OBJ_id_mod_attribute_cert		OBJ_id_pkix_mod,12L
-
-#define SN_id_mod_timestamp_protocol		"id-mod-timestamp-protocol"
-#define NID_id_mod_timestamp_protocol		281
-#define OBJ_id_mod_timestamp_protocol		OBJ_id_pkix_mod,13L
-
-#define SN_id_mod_ocsp		"id-mod-ocsp"
-#define NID_id_mod_ocsp		282
-#define OBJ_id_mod_ocsp		OBJ_id_pkix_mod,14L
-
-#define SN_id_mod_dvcs		"id-mod-dvcs"
-#define NID_id_mod_dvcs		283
-#define OBJ_id_mod_dvcs		OBJ_id_pkix_mod,15L
-
-#define SN_id_mod_cmp2000		"id-mod-cmp2000"
-#define NID_id_mod_cmp2000		284
-#define OBJ_id_mod_cmp2000		OBJ_id_pkix_mod,16L
-
-#define SN_info_access		"authorityInfoAccess"
-#define LN_info_access		"Authority Information Access"
-#define NID_info_access		177
-#define OBJ_info_access		OBJ_id_pe,1L
-
-#define SN_biometricInfo		"biometricInfo"
-#define LN_biometricInfo		"Biometric Info"
-#define NID_biometricInfo		285
-#define OBJ_biometricInfo		OBJ_id_pe,2L
-
-#define SN_qcStatements		"qcStatements"
-#define NID_qcStatements		286
-#define OBJ_qcStatements		OBJ_id_pe,3L
-
-#define SN_ac_auditEntity		"ac-auditEntity"
-#define NID_ac_auditEntity		287
-#define OBJ_ac_auditEntity		OBJ_id_pe,4L
-
-#define SN_ac_targeting		"ac-targeting"
-#define NID_ac_targeting		288
-#define OBJ_ac_targeting		OBJ_id_pe,5L
-
-#define SN_aaControls		"aaControls"
-#define NID_aaControls		289
-#define OBJ_aaControls		OBJ_id_pe,6L
-
-#define SN_sbgp_ipAddrBlock		"sbgp-ipAddrBlock"
-#define NID_sbgp_ipAddrBlock		290
-#define OBJ_sbgp_ipAddrBlock		OBJ_id_pe,7L
-
-#define SN_sbgp_autonomousSysNum		"sbgp-autonomousSysNum"
-#define NID_sbgp_autonomousSysNum		291
-#define OBJ_sbgp_autonomousSysNum		OBJ_id_pe,8L
-
-#define SN_sbgp_routerIdentifier		"sbgp-routerIdentifier"
-#define NID_sbgp_routerIdentifier		292
-#define OBJ_sbgp_routerIdentifier		OBJ_id_pe,9L
-
-#define SN_ac_proxying		"ac-proxying"
-#define NID_ac_proxying		397
-#define OBJ_ac_proxying		OBJ_id_pe,10L
-
-#define SN_sinfo_access		"subjectInfoAccess"
-#define LN_sinfo_access		"Subject Information Access"
-#define NID_sinfo_access		398
-#define OBJ_sinfo_access		OBJ_id_pe,11L
-
-#define SN_proxyCertInfo		"proxyCertInfo"
-#define LN_proxyCertInfo		"Proxy Certificate Information"
-#define NID_proxyCertInfo		663
-#define OBJ_proxyCertInfo		OBJ_id_pe,14L
-
-#define SN_id_qt_cps		"id-qt-cps"
-#define LN_id_qt_cps		"Policy Qualifier CPS"
-#define NID_id_qt_cps		164
-#define OBJ_id_qt_cps		OBJ_id_qt,1L
-
-#define SN_id_qt_unotice		"id-qt-unotice"
-#define LN_id_qt_unotice		"Policy Qualifier User Notice"
-#define NID_id_qt_unotice		165
-#define OBJ_id_qt_unotice		OBJ_id_qt,2L
-
-#define SN_textNotice		"textNotice"
-#define NID_textNotice		293
-#define OBJ_textNotice		OBJ_id_qt,3L
-
-#define SN_server_auth		"serverAuth"
-#define LN_server_auth		"TLS Web Server Authentication"
-#define NID_server_auth		129
-#define OBJ_server_auth		OBJ_id_kp,1L
-
-#define SN_client_auth		"clientAuth"
-#define LN_client_auth		"TLS Web Client Authentication"
-#define NID_client_auth		130
-#define OBJ_client_auth		OBJ_id_kp,2L
-
-#define SN_code_sign		"codeSigning"
-#define LN_code_sign		"Code Signing"
-#define NID_code_sign		131
-#define OBJ_code_sign		OBJ_id_kp,3L
-
-#define SN_email_protect		"emailProtection"
-#define LN_email_protect		"E-mail Protection"
-#define NID_email_protect		132
-#define OBJ_email_protect		OBJ_id_kp,4L
-
-#define SN_ipsecEndSystem		"ipsecEndSystem"
-#define LN_ipsecEndSystem		"IPSec End System"
-#define NID_ipsecEndSystem		294
-#define OBJ_ipsecEndSystem		OBJ_id_kp,5L
-
-#define SN_ipsecTunnel		"ipsecTunnel"
-#define LN_ipsecTunnel		"IPSec Tunnel"
-#define NID_ipsecTunnel		295
-#define OBJ_ipsecTunnel		OBJ_id_kp,6L
-
-#define SN_ipsecUser		"ipsecUser"
-#define LN_ipsecUser		"IPSec User"
-#define NID_ipsecUser		296
-#define OBJ_ipsecUser		OBJ_id_kp,7L
-
-#define SN_time_stamp		"timeStamping"
-#define LN_time_stamp		"Time Stamping"
-#define NID_time_stamp		133
-#define OBJ_time_stamp		OBJ_id_kp,8L
-
-#define SN_OCSP_sign		"OCSPSigning"
-#define LN_OCSP_sign		"OCSP Signing"
-#define NID_OCSP_sign		180
-#define OBJ_OCSP_sign		OBJ_id_kp,9L
-
-#define SN_dvcs		"DVCS"
-#define LN_dvcs		"dvcs"
-#define NID_dvcs		297
-#define OBJ_dvcs		OBJ_id_kp,10L
-
-#define SN_id_it_caProtEncCert		"id-it-caProtEncCert"
-#define NID_id_it_caProtEncCert		298
-#define OBJ_id_it_caProtEncCert		OBJ_id_it,1L
-
-#define SN_id_it_signKeyPairTypes		"id-it-signKeyPairTypes"
-#define NID_id_it_signKeyPairTypes		299
-#define OBJ_id_it_signKeyPairTypes		OBJ_id_it,2L
-
-#define SN_id_it_encKeyPairTypes		"id-it-encKeyPairTypes"
-#define NID_id_it_encKeyPairTypes		300
-#define OBJ_id_it_encKeyPairTypes		OBJ_id_it,3L
-
-#define SN_id_it_preferredSymmAlg		"id-it-preferredSymmAlg"
-#define NID_id_it_preferredSymmAlg		301
-#define OBJ_id_it_preferredSymmAlg		OBJ_id_it,4L
-
-#define SN_id_it_caKeyUpdateInfo		"id-it-caKeyUpdateInfo"
-#define NID_id_it_caKeyUpdateInfo		302
-#define OBJ_id_it_caKeyUpdateInfo		OBJ_id_it,5L
-
-#define SN_id_it_currentCRL		"id-it-currentCRL"
-#define NID_id_it_currentCRL		303
-#define OBJ_id_it_currentCRL		OBJ_id_it,6L
-
-#define SN_id_it_unsupportedOIDs		"id-it-unsupportedOIDs"
-#define NID_id_it_unsupportedOIDs		304
-#define OBJ_id_it_unsupportedOIDs		OBJ_id_it,7L
-
-#define SN_id_it_subscriptionRequest		"id-it-subscriptionRequest"
-#define NID_id_it_subscriptionRequest		305
-#define OBJ_id_it_subscriptionRequest		OBJ_id_it,8L
-
-#define SN_id_it_subscriptionResponse		"id-it-subscriptionResponse"
-#define NID_id_it_subscriptionResponse		306
-#define OBJ_id_it_subscriptionResponse		OBJ_id_it,9L
-
-#define SN_id_it_keyPairParamReq		"id-it-keyPairParamReq"
-#define NID_id_it_keyPairParamReq		307
-#define OBJ_id_it_keyPairParamReq		OBJ_id_it,10L
-
-#define SN_id_it_keyPairParamRep		"id-it-keyPairParamRep"
-#define NID_id_it_keyPairParamRep		308
-#define OBJ_id_it_keyPairParamRep		OBJ_id_it,11L
-
-#define SN_id_it_revPassphrase		"id-it-revPassphrase"
-#define NID_id_it_revPassphrase		309
-#define OBJ_id_it_revPassphrase		OBJ_id_it,12L
-
-#define SN_id_it_implicitConfirm		"id-it-implicitConfirm"
-#define NID_id_it_implicitConfirm		310
-#define OBJ_id_it_implicitConfirm		OBJ_id_it,13L
-
-#define SN_id_it_confirmWaitTime		"id-it-confirmWaitTime"
-#define NID_id_it_confirmWaitTime		311
-#define OBJ_id_it_confirmWaitTime		OBJ_id_it,14L
-
-#define SN_id_it_origPKIMessage		"id-it-origPKIMessage"
-#define NID_id_it_origPKIMessage		312
-#define OBJ_id_it_origPKIMessage		OBJ_id_it,15L
-
-#define SN_id_it_suppLangTags		"id-it-suppLangTags"
-#define NID_id_it_suppLangTags		784
-#define OBJ_id_it_suppLangTags		OBJ_id_it,16L
-
-#define SN_id_regCtrl		"id-regCtrl"
-#define NID_id_regCtrl		313
-#define OBJ_id_regCtrl		OBJ_id_pkip,1L
-
-#define SN_id_regInfo		"id-regInfo"
-#define NID_id_regInfo		314
-#define OBJ_id_regInfo		OBJ_id_pkip,2L
-
-#define SN_id_regCtrl_regToken		"id-regCtrl-regToken"
-#define NID_id_regCtrl_regToken		315
-#define OBJ_id_regCtrl_regToken		OBJ_id_regCtrl,1L
-
-#define SN_id_regCtrl_authenticator		"id-regCtrl-authenticator"
-#define NID_id_regCtrl_authenticator		316
-#define OBJ_id_regCtrl_authenticator		OBJ_id_regCtrl,2L
-
-#define SN_id_regCtrl_pkiPublicationInfo		"id-regCtrl-pkiPublicationInfo"
-#define NID_id_regCtrl_pkiPublicationInfo		317
-#define OBJ_id_regCtrl_pkiPublicationInfo		OBJ_id_regCtrl,3L
-
-#define SN_id_regCtrl_pkiArchiveOptions		"id-regCtrl-pkiArchiveOptions"
-#define NID_id_regCtrl_pkiArchiveOptions		318
-#define OBJ_id_regCtrl_pkiArchiveOptions		OBJ_id_regCtrl,4L
-
-#define SN_id_regCtrl_oldCertID		"id-regCtrl-oldCertID"
-#define NID_id_regCtrl_oldCertID		319
-#define OBJ_id_regCtrl_oldCertID		OBJ_id_regCtrl,5L
-
-#define SN_id_regCtrl_protocolEncrKey		"id-regCtrl-protocolEncrKey"
-#define NID_id_regCtrl_protocolEncrKey		320
-#define OBJ_id_regCtrl_protocolEncrKey		OBJ_id_regCtrl,6L
-
-#define SN_id_regInfo_utf8Pairs		"id-regInfo-utf8Pairs"
-#define NID_id_regInfo_utf8Pairs		321
-#define OBJ_id_regInfo_utf8Pairs		OBJ_id_regInfo,1L
-
-#define SN_id_regInfo_certReq		"id-regInfo-certReq"
-#define NID_id_regInfo_certReq		322
-#define OBJ_id_regInfo_certReq		OBJ_id_regInfo,2L
-
-#define SN_id_alg_des40		"id-alg-des40"
-#define NID_id_alg_des40		323
-#define OBJ_id_alg_des40		OBJ_id_alg,1L
-
-#define SN_id_alg_noSignature		"id-alg-noSignature"
-#define NID_id_alg_noSignature		324
-#define OBJ_id_alg_noSignature		OBJ_id_alg,2L
-
-#define SN_id_alg_dh_sig_hmac_sha1		"id-alg-dh-sig-hmac-sha1"
-#define NID_id_alg_dh_sig_hmac_sha1		325
-#define OBJ_id_alg_dh_sig_hmac_sha1		OBJ_id_alg,3L
-
-#define SN_id_alg_dh_pop		"id-alg-dh-pop"
-#define NID_id_alg_dh_pop		326
-#define OBJ_id_alg_dh_pop		OBJ_id_alg,4L
-
-#define SN_id_cmc_statusInfo		"id-cmc-statusInfo"
-#define NID_id_cmc_statusInfo		327
-#define OBJ_id_cmc_statusInfo		OBJ_id_cmc,1L
-
-#define SN_id_cmc_identification		"id-cmc-identification"
-#define NID_id_cmc_identification		328
-#define OBJ_id_cmc_identification		OBJ_id_cmc,2L
-
-#define SN_id_cmc_identityProof		"id-cmc-identityProof"
-#define NID_id_cmc_identityProof		329
-#define OBJ_id_cmc_identityProof		OBJ_id_cmc,3L
-
-#define SN_id_cmc_dataReturn		"id-cmc-dataReturn"
-#define NID_id_cmc_dataReturn		330
-#define OBJ_id_cmc_dataReturn		OBJ_id_cmc,4L
-
-#define SN_id_cmc_transactionId		"id-cmc-transactionId"
-#define NID_id_cmc_transactionId		331
-#define OBJ_id_cmc_transactionId		OBJ_id_cmc,5L
-
-#define SN_id_cmc_senderNonce		"id-cmc-senderNonce"
-#define NID_id_cmc_senderNonce		332
-#define OBJ_id_cmc_senderNonce		OBJ_id_cmc,6L
-
-#define SN_id_cmc_recipientNonce		"id-cmc-recipientNonce"
-#define NID_id_cmc_recipientNonce		333
-#define OBJ_id_cmc_recipientNonce		OBJ_id_cmc,7L
-
-#define SN_id_cmc_addExtensions		"id-cmc-addExtensions"
-#define NID_id_cmc_addExtensions		334
-#define OBJ_id_cmc_addExtensions		OBJ_id_cmc,8L
-
-#define SN_id_cmc_encryptedPOP		"id-cmc-encryptedPOP"
-#define NID_id_cmc_encryptedPOP		335
-#define OBJ_id_cmc_encryptedPOP		OBJ_id_cmc,9L
-
-#define SN_id_cmc_decryptedPOP		"id-cmc-decryptedPOP"
-#define NID_id_cmc_decryptedPOP		336
-#define OBJ_id_cmc_decryptedPOP		OBJ_id_cmc,10L
-
-#define SN_id_cmc_lraPOPWitness		"id-cmc-lraPOPWitness"
-#define NID_id_cmc_lraPOPWitness		337
-#define OBJ_id_cmc_lraPOPWitness		OBJ_id_cmc,11L
-
-#define SN_id_cmc_getCert		"id-cmc-getCert"
-#define NID_id_cmc_getCert		338
-#define OBJ_id_cmc_getCert		OBJ_id_cmc,15L
-
-#define SN_id_cmc_getCRL		"id-cmc-getCRL"
-#define NID_id_cmc_getCRL		339
-#define OBJ_id_cmc_getCRL		OBJ_id_cmc,16L
-
-#define SN_id_cmc_revokeRequest		"id-cmc-revokeRequest"
-#define NID_id_cmc_revokeRequest		340
-#define OBJ_id_cmc_revokeRequest		OBJ_id_cmc,17L
-
-#define SN_id_cmc_regInfo		"id-cmc-regInfo"
-#define NID_id_cmc_regInfo		341
-#define OBJ_id_cmc_regInfo		OBJ_id_cmc,18L
-
-#define SN_id_cmc_responseInfo		"id-cmc-responseInfo"
-#define NID_id_cmc_responseInfo		342
-#define OBJ_id_cmc_responseInfo		OBJ_id_cmc,19L
-
-#define SN_id_cmc_queryPending		"id-cmc-queryPending"
-#define NID_id_cmc_queryPending		343
-#define OBJ_id_cmc_queryPending		OBJ_id_cmc,21L
-
-#define SN_id_cmc_popLinkRandom		"id-cmc-popLinkRandom"
-#define NID_id_cmc_popLinkRandom		344
-#define OBJ_id_cmc_popLinkRandom		OBJ_id_cmc,22L
-
-#define SN_id_cmc_popLinkWitness		"id-cmc-popLinkWitness"
-#define NID_id_cmc_popLinkWitness		345
-#define OBJ_id_cmc_popLinkWitness		OBJ_id_cmc,23L
-
-#define SN_id_cmc_confirmCertAcceptance		"id-cmc-confirmCertAcceptance"
-#define NID_id_cmc_confirmCertAcceptance		346
-#define OBJ_id_cmc_confirmCertAcceptance		OBJ_id_cmc,24L
-
-#define SN_id_on_personalData		"id-on-personalData"
-#define NID_id_on_personalData		347
-#define OBJ_id_on_personalData		OBJ_id_on,1L
-
-#define SN_id_on_permanentIdentifier		"id-on-permanentIdentifier"
-#define LN_id_on_permanentIdentifier		"Permanent Identifier"
-#define NID_id_on_permanentIdentifier		858
-#define OBJ_id_on_permanentIdentifier		OBJ_id_on,3L
-
-#define SN_id_pda_dateOfBirth		"id-pda-dateOfBirth"
-#define NID_id_pda_dateOfBirth		348
-#define OBJ_id_pda_dateOfBirth		OBJ_id_pda,1L
-
-#define SN_id_pda_placeOfBirth		"id-pda-placeOfBirth"
-#define NID_id_pda_placeOfBirth		349
-#define OBJ_id_pda_placeOfBirth		OBJ_id_pda,2L
-
-#define SN_id_pda_gender		"id-pda-gender"
-#define NID_id_pda_gender		351
-#define OBJ_id_pda_gender		OBJ_id_pda,3L
-
-#define SN_id_pda_countryOfCitizenship		"id-pda-countryOfCitizenship"
-#define NID_id_pda_countryOfCitizenship		352
-#define OBJ_id_pda_countryOfCitizenship		OBJ_id_pda,4L
-
-#define SN_id_pda_countryOfResidence		"id-pda-countryOfResidence"
-#define NID_id_pda_countryOfResidence		353
-#define OBJ_id_pda_countryOfResidence		OBJ_id_pda,5L
-
-#define SN_id_aca_authenticationInfo		"id-aca-authenticationInfo"
-#define NID_id_aca_authenticationInfo		354
-#define OBJ_id_aca_authenticationInfo		OBJ_id_aca,1L
-
-#define SN_id_aca_accessIdentity		"id-aca-accessIdentity"
-#define NID_id_aca_accessIdentity		355
-#define OBJ_id_aca_accessIdentity		OBJ_id_aca,2L
-
-#define SN_id_aca_chargingIdentity		"id-aca-chargingIdentity"
-#define NID_id_aca_chargingIdentity		356
-#define OBJ_id_aca_chargingIdentity		OBJ_id_aca,3L
-
-#define SN_id_aca_group		"id-aca-group"
-#define NID_id_aca_group		357
-#define OBJ_id_aca_group		OBJ_id_aca,4L
-
-#define SN_id_aca_role		"id-aca-role"
-#define NID_id_aca_role		358
-#define OBJ_id_aca_role		OBJ_id_aca,5L
-
-#define SN_id_aca_encAttrs		"id-aca-encAttrs"
-#define NID_id_aca_encAttrs		399
-#define OBJ_id_aca_encAttrs		OBJ_id_aca,6L
-
-#define SN_id_qcs_pkixQCSyntax_v1		"id-qcs-pkixQCSyntax-v1"
-#define NID_id_qcs_pkixQCSyntax_v1		359
-#define OBJ_id_qcs_pkixQCSyntax_v1		OBJ_id_qcs,1L
-
-#define SN_id_cct_crs		"id-cct-crs"
-#define NID_id_cct_crs		360
-#define OBJ_id_cct_crs		OBJ_id_cct,1L
-
-#define SN_id_cct_PKIData		"id-cct-PKIData"
-#define NID_id_cct_PKIData		361
-#define OBJ_id_cct_PKIData		OBJ_id_cct,2L
-
-#define SN_id_cct_PKIResponse		"id-cct-PKIResponse"
-#define NID_id_cct_PKIResponse		362
-#define OBJ_id_cct_PKIResponse		OBJ_id_cct,3L
-
-#define SN_id_ppl_anyLanguage		"id-ppl-anyLanguage"
-#define LN_id_ppl_anyLanguage		"Any language"
-#define NID_id_ppl_anyLanguage		664
-#define OBJ_id_ppl_anyLanguage		OBJ_id_ppl,0L
-
-#define SN_id_ppl_inheritAll		"id-ppl-inheritAll"
-#define LN_id_ppl_inheritAll		"Inherit all"
-#define NID_id_ppl_inheritAll		665
-#define OBJ_id_ppl_inheritAll		OBJ_id_ppl,1L
-
-#define SN_Independent		"id-ppl-independent"
-#define LN_Independent		"Independent"
-#define NID_Independent		667
-#define OBJ_Independent		OBJ_id_ppl,2L
-
-#define SN_ad_OCSP		"OCSP"
-#define LN_ad_OCSP		"OCSP"
-#define NID_ad_OCSP		178
-#define OBJ_ad_OCSP		OBJ_id_ad,1L
-
-#define SN_ad_ca_issuers		"caIssuers"
-#define LN_ad_ca_issuers		"CA Issuers"
-#define NID_ad_ca_issuers		179
-#define OBJ_ad_ca_issuers		OBJ_id_ad,2L
-
-#define SN_ad_timeStamping		"ad_timestamping"
-#define LN_ad_timeStamping		"AD Time Stamping"
-#define NID_ad_timeStamping		363
-#define OBJ_ad_timeStamping		OBJ_id_ad,3L
-
-#define SN_ad_dvcs		"AD_DVCS"
-#define LN_ad_dvcs		"ad dvcs"
-#define NID_ad_dvcs		364
-#define OBJ_ad_dvcs		OBJ_id_ad,4L
-
-#define SN_caRepository		"caRepository"
-#define LN_caRepository		"CA Repository"
-#define NID_caRepository		785
-#define OBJ_caRepository		OBJ_id_ad,5L
-
-#define OBJ_id_pkix_OCSP		OBJ_ad_OCSP
-
-#define SN_id_pkix_OCSP_basic		"basicOCSPResponse"
-#define LN_id_pkix_OCSP_basic		"Basic OCSP Response"
-#define NID_id_pkix_OCSP_basic		365
-#define OBJ_id_pkix_OCSP_basic		OBJ_id_pkix_OCSP,1L
-
-#define SN_id_pkix_OCSP_Nonce		"Nonce"
-#define LN_id_pkix_OCSP_Nonce		"OCSP Nonce"
-#define NID_id_pkix_OCSP_Nonce		366
-#define OBJ_id_pkix_OCSP_Nonce		OBJ_id_pkix_OCSP,2L
-
-#define SN_id_pkix_OCSP_CrlID		"CrlID"
-#define LN_id_pkix_OCSP_CrlID		"OCSP CRL ID"
-#define NID_id_pkix_OCSP_CrlID		367
-#define OBJ_id_pkix_OCSP_CrlID		OBJ_id_pkix_OCSP,3L
-
-#define SN_id_pkix_OCSP_acceptableResponses		"acceptableResponses"
-#define LN_id_pkix_OCSP_acceptableResponses		"Acceptable OCSP Responses"
-#define NID_id_pkix_OCSP_acceptableResponses		368
-#define OBJ_id_pkix_OCSP_acceptableResponses		OBJ_id_pkix_OCSP,4L
-
-#define SN_id_pkix_OCSP_noCheck		"noCheck"
-#define LN_id_pkix_OCSP_noCheck		"OCSP No Check"
-#define NID_id_pkix_OCSP_noCheck		369
-#define OBJ_id_pkix_OCSP_noCheck		OBJ_id_pkix_OCSP,5L
-
-#define SN_id_pkix_OCSP_archiveCutoff		"archiveCutoff"
-#define LN_id_pkix_OCSP_archiveCutoff		"OCSP Archive Cutoff"
-#define NID_id_pkix_OCSP_archiveCutoff		370
-#define OBJ_id_pkix_OCSP_archiveCutoff		OBJ_id_pkix_OCSP,6L
-
-#define SN_id_pkix_OCSP_serviceLocator		"serviceLocator"
-#define LN_id_pkix_OCSP_serviceLocator		"OCSP Service Locator"
-#define NID_id_pkix_OCSP_serviceLocator		371
-#define OBJ_id_pkix_OCSP_serviceLocator		OBJ_id_pkix_OCSP,7L
-
-#define SN_id_pkix_OCSP_extendedStatus		"extendedStatus"
-#define LN_id_pkix_OCSP_extendedStatus		"Extended OCSP Status"
-#define NID_id_pkix_OCSP_extendedStatus		372
-#define OBJ_id_pkix_OCSP_extendedStatus		OBJ_id_pkix_OCSP,8L
-
-#define SN_id_pkix_OCSP_valid		"valid"
-#define NID_id_pkix_OCSP_valid		373
-#define OBJ_id_pkix_OCSP_valid		OBJ_id_pkix_OCSP,9L
-
-#define SN_id_pkix_OCSP_path		"path"
-#define NID_id_pkix_OCSP_path		374
-#define OBJ_id_pkix_OCSP_path		OBJ_id_pkix_OCSP,10L
-
-#define SN_id_pkix_OCSP_trustRoot		"trustRoot"
-#define LN_id_pkix_OCSP_trustRoot		"Trust Root"
-#define NID_id_pkix_OCSP_trustRoot		375
-#define OBJ_id_pkix_OCSP_trustRoot		OBJ_id_pkix_OCSP,11L
-
-#define SN_algorithm		"algorithm"
-#define LN_algorithm		"algorithm"
-#define NID_algorithm		376
-#define OBJ_algorithm		1L,3L,14L,3L,2L
-
-#define SN_md5WithRSA		"RSA-NP-MD5"
-#define LN_md5WithRSA		"md5WithRSA"
-#define NID_md5WithRSA		104
-#define OBJ_md5WithRSA		OBJ_algorithm,3L
-
-#define SN_des_ecb		"DES-ECB"
-#define LN_des_ecb		"des-ecb"
-#define NID_des_ecb		29
-#define OBJ_des_ecb		OBJ_algorithm,6L
-
-#define SN_des_cbc		"DES-CBC"
-#define LN_des_cbc		"des-cbc"
-#define NID_des_cbc		31
-#define OBJ_des_cbc		OBJ_algorithm,7L
-
-#define SN_des_ofb64		"DES-OFB"
-#define LN_des_ofb64		"des-ofb"
-#define NID_des_ofb64		45
-#define OBJ_des_ofb64		OBJ_algorithm,8L
-
-#define SN_des_cfb64		"DES-CFB"
-#define LN_des_cfb64		"des-cfb"
-#define NID_des_cfb64		30
-#define OBJ_des_cfb64		OBJ_algorithm,9L
-
-#define SN_rsaSignature		"rsaSignature"
-#define NID_rsaSignature		377
-#define OBJ_rsaSignature		OBJ_algorithm,11L
-
-#define SN_dsa_2		"DSA-old"
-#define LN_dsa_2		"dsaEncryption-old"
-#define NID_dsa_2		67
-#define OBJ_dsa_2		OBJ_algorithm,12L
-
-#define SN_dsaWithSHA		"DSA-SHA"
-#define LN_dsaWithSHA		"dsaWithSHA"
-#define NID_dsaWithSHA		66
-#define OBJ_dsaWithSHA		OBJ_algorithm,13L
-
-#define SN_shaWithRSAEncryption		"RSA-SHA"
-#define LN_shaWithRSAEncryption		"shaWithRSAEncryption"
-#define NID_shaWithRSAEncryption		42
-#define OBJ_shaWithRSAEncryption		OBJ_algorithm,15L
-
-#define SN_des_ede_ecb		"DES-EDE"
-#define LN_des_ede_ecb		"des-ede"
-#define NID_des_ede_ecb		32
-#define OBJ_des_ede_ecb		OBJ_algorithm,17L
-
-#define SN_des_ede3_ecb		"DES-EDE3"
-#define LN_des_ede3_ecb		"des-ede3"
-#define NID_des_ede3_ecb		33
-
-#define SN_des_ede_cbc		"DES-EDE-CBC"
-#define LN_des_ede_cbc		"des-ede-cbc"
-#define NID_des_ede_cbc		43
-
-#define SN_des_ede_cfb64		"DES-EDE-CFB"
-#define LN_des_ede_cfb64		"des-ede-cfb"
-#define NID_des_ede_cfb64		60
-
-#define SN_des_ede3_cfb64		"DES-EDE3-CFB"
-#define LN_des_ede3_cfb64		"des-ede3-cfb"
-#define NID_des_ede3_cfb64		61
-
-#define SN_des_ede_ofb64		"DES-EDE-OFB"
-#define LN_des_ede_ofb64		"des-ede-ofb"
-#define NID_des_ede_ofb64		62
-
-#define SN_des_ede3_ofb64		"DES-EDE3-OFB"
-#define LN_des_ede3_ofb64		"des-ede3-ofb"
-#define NID_des_ede3_ofb64		63
-
-#define SN_desx_cbc		"DESX-CBC"
-#define LN_desx_cbc		"desx-cbc"
-#define NID_desx_cbc		80
-
-#define SN_sha		"SHA"
-#define LN_sha		"sha"
-#define NID_sha		41
-#define OBJ_sha		OBJ_algorithm,18L
-
-#define SN_sha1		"SHA1"
-#define LN_sha1		"sha1"
-#define NID_sha1		64
-#define OBJ_sha1		OBJ_algorithm,26L
-
-#define SN_dsaWithSHA1_2		"DSA-SHA1-old"
-#define LN_dsaWithSHA1_2		"dsaWithSHA1-old"
-#define NID_dsaWithSHA1_2		70
-#define OBJ_dsaWithSHA1_2		OBJ_algorithm,27L
-
-#define SN_sha1WithRSA		"RSA-SHA1-2"
-#define LN_sha1WithRSA		"sha1WithRSA"
-#define NID_sha1WithRSA		115
-#define OBJ_sha1WithRSA		OBJ_algorithm,29L
-
-#define SN_ripemd160		"RIPEMD160"
-#define LN_ripemd160		"ripemd160"
-#define NID_ripemd160		117
-#define OBJ_ripemd160		1L,3L,36L,3L,2L,1L
-
-#define SN_ripemd160WithRSA		"RSA-RIPEMD160"
-#define LN_ripemd160WithRSA		"ripemd160WithRSA"
-#define NID_ripemd160WithRSA		119
-#define OBJ_ripemd160WithRSA		1L,3L,36L,3L,3L,1L,2L
-
-#define SN_sxnet		"SXNetID"
-#define LN_sxnet		"Strong Extranet ID"
-#define NID_sxnet		143
-#define OBJ_sxnet		1L,3L,101L,1L,4L,1L
-
-#define SN_X500		"X500"
-#define LN_X500		"directory services (X.500)"
-#define NID_X500		11
-#define OBJ_X500		2L,5L
-
-#define SN_X509		"X509"
-#define NID_X509		12
-#define OBJ_X509		OBJ_X500,4L
-
-#define SN_commonName		"CN"
-#define LN_commonName		"commonName"
-#define NID_commonName		13
-#define OBJ_commonName		OBJ_X509,3L
-
-#define SN_surname		"SN"
-#define LN_surname		"surname"
-#define NID_surname		100
-#define OBJ_surname		OBJ_X509,4L
-
-#define LN_serialNumber		"serialNumber"
-#define NID_serialNumber		105
-#define OBJ_serialNumber		OBJ_X509,5L
-
-#define SN_countryName		"C"
-#define LN_countryName		"countryName"
-#define NID_countryName		14
-#define OBJ_countryName		OBJ_X509,6L
-
-#define SN_localityName		"L"
-#define LN_localityName		"localityName"
-#define NID_localityName		15
-#define OBJ_localityName		OBJ_X509,7L
-
-#define SN_stateOrProvinceName		"ST"
-#define LN_stateOrProvinceName		"stateOrProvinceName"
-#define NID_stateOrProvinceName		16
-#define OBJ_stateOrProvinceName		OBJ_X509,8L
-
-#define SN_streetAddress		"street"
-#define LN_streetAddress		"streetAddress"
-#define NID_streetAddress		660
-#define OBJ_streetAddress		OBJ_X509,9L
-
-#define SN_organizationName		"O"
-#define LN_organizationName		"organizationName"
-#define NID_organizationName		17
-#define OBJ_organizationName		OBJ_X509,10L
-
-#define SN_organizationalUnitName		"OU"
-#define LN_organizationalUnitName		"organizationalUnitName"
-#define NID_organizationalUnitName		18
-#define OBJ_organizationalUnitName		OBJ_X509,11L
-
-#define SN_title		"title"
-#define LN_title		"title"
-#define NID_title		106
-#define OBJ_title		OBJ_X509,12L
-
-#define LN_description		"description"
-#define NID_description		107
-#define OBJ_description		OBJ_X509,13L
-
-#define LN_searchGuide		"searchGuide"
-#define NID_searchGuide		859
-#define OBJ_searchGuide		OBJ_X509,14L
-
-#define LN_businessCategory		"businessCategory"
-#define NID_businessCategory		860
-#define OBJ_businessCategory		OBJ_X509,15L
-
-#define LN_postalAddress		"postalAddress"
-#define NID_postalAddress		861
-#define OBJ_postalAddress		OBJ_X509,16L
-
-#define LN_postalCode		"postalCode"
-#define NID_postalCode		661
-#define OBJ_postalCode		OBJ_X509,17L
-
-#define LN_postOfficeBox		"postOfficeBox"
-#define NID_postOfficeBox		862
-#define OBJ_postOfficeBox		OBJ_X509,18L
-
-#define LN_physicalDeliveryOfficeName		"physicalDeliveryOfficeName"
-#define NID_physicalDeliveryOfficeName		863
-#define OBJ_physicalDeliveryOfficeName		OBJ_X509,19L
-
-#define LN_telephoneNumber		"telephoneNumber"
-#define NID_telephoneNumber		864
-#define OBJ_telephoneNumber		OBJ_X509,20L
-
-#define LN_telexNumber		"telexNumber"
-#define NID_telexNumber		865
-#define OBJ_telexNumber		OBJ_X509,21L
-
-#define LN_teletexTerminalIdentifier		"teletexTerminalIdentifier"
-#define NID_teletexTerminalIdentifier		866
-#define OBJ_teletexTerminalIdentifier		OBJ_X509,22L
-
-#define LN_facsimileTelephoneNumber		"facsimileTelephoneNumber"
-#define NID_facsimileTelephoneNumber		867
-#define OBJ_facsimileTelephoneNumber		OBJ_X509,23L
-
-#define LN_x121Address		"x121Address"
-#define NID_x121Address		868
-#define OBJ_x121Address		OBJ_X509,24L
-
-#define LN_internationaliSDNNumber		"internationaliSDNNumber"
-#define NID_internationaliSDNNumber		869
-#define OBJ_internationaliSDNNumber		OBJ_X509,25L
-
-#define LN_registeredAddress		"registeredAddress"
-#define NID_registeredAddress		870
-#define OBJ_registeredAddress		OBJ_X509,26L
-
-#define LN_destinationIndicator		"destinationIndicator"
-#define NID_destinationIndicator		871
-#define OBJ_destinationIndicator		OBJ_X509,27L
-
-#define LN_preferredDeliveryMethod		"preferredDeliveryMethod"
-#define NID_preferredDeliveryMethod		872
-#define OBJ_preferredDeliveryMethod		OBJ_X509,28L
-
-#define LN_presentationAddress		"presentationAddress"
-#define NID_presentationAddress		873
-#define OBJ_presentationAddress		OBJ_X509,29L
-
-#define LN_supportedApplicationContext		"supportedApplicationContext"
-#define NID_supportedApplicationContext		874
-#define OBJ_supportedApplicationContext		OBJ_X509,30L
-
-#define SN_member		"member"
-#define NID_member		875
-#define OBJ_member		OBJ_X509,31L
-
-#define SN_owner		"owner"
-#define NID_owner		876
-#define OBJ_owner		OBJ_X509,32L
-
-#define LN_roleOccupant		"roleOccupant"
-#define NID_roleOccupant		877
-#define OBJ_roleOccupant		OBJ_X509,33L
-
-#define SN_seeAlso		"seeAlso"
-#define NID_seeAlso		878
-#define OBJ_seeAlso		OBJ_X509,34L
-
-#define LN_userPassword		"userPassword"
-#define NID_userPassword		879
-#define OBJ_userPassword		OBJ_X509,35L
-
-#define LN_userCertificate		"userCertificate"
-#define NID_userCertificate		880
-#define OBJ_userCertificate		OBJ_X509,36L
-
-#define LN_cACertificate		"cACertificate"
-#define NID_cACertificate		881
-#define OBJ_cACertificate		OBJ_X509,37L
-
-#define LN_authorityRevocationList		"authorityRevocationList"
-#define NID_authorityRevocationList		882
-#define OBJ_authorityRevocationList		OBJ_X509,38L
-
-#define LN_certificateRevocationList		"certificateRevocationList"
-#define NID_certificateRevocationList		883
-#define OBJ_certificateRevocationList		OBJ_X509,39L
-
-#define LN_crossCertificatePair		"crossCertificatePair"
-#define NID_crossCertificatePair		884
-#define OBJ_crossCertificatePair		OBJ_X509,40L
-
-#define SN_name		"name"
-#define LN_name		"name"
-#define NID_name		173
-#define OBJ_name		OBJ_X509,41L
-
-#define SN_givenName		"GN"
-#define LN_givenName		"givenName"
-#define NID_givenName		99
-#define OBJ_givenName		OBJ_X509,42L
-
-#define SN_initials		"initials"
-#define LN_initials		"initials"
-#define NID_initials		101
-#define OBJ_initials		OBJ_X509,43L
-
-#define LN_generationQualifier		"generationQualifier"
-#define NID_generationQualifier		509
-#define OBJ_generationQualifier		OBJ_X509,44L
-
-#define LN_x500UniqueIdentifier		"x500UniqueIdentifier"
-#define NID_x500UniqueIdentifier		503
-#define OBJ_x500UniqueIdentifier		OBJ_X509,45L
-
-#define SN_dnQualifier		"dnQualifier"
-#define LN_dnQualifier		"dnQualifier"
-#define NID_dnQualifier		174
-#define OBJ_dnQualifier		OBJ_X509,46L
-
-#define LN_enhancedSearchGuide		"enhancedSearchGuide"
-#define NID_enhancedSearchGuide		885
-#define OBJ_enhancedSearchGuide		OBJ_X509,47L
-
-#define LN_protocolInformation		"protocolInformation"
-#define NID_protocolInformation		886
-#define OBJ_protocolInformation		OBJ_X509,48L
-
-#define LN_distinguishedName		"distinguishedName"
-#define NID_distinguishedName		887
-#define OBJ_distinguishedName		OBJ_X509,49L
-
-#define LN_uniqueMember		"uniqueMember"
-#define NID_uniqueMember		888
-#define OBJ_uniqueMember		OBJ_X509,50L
-
-#define LN_houseIdentifier		"houseIdentifier"
-#define NID_houseIdentifier		889
-#define OBJ_houseIdentifier		OBJ_X509,51L
-
-#define LN_supportedAlgorithms		"supportedAlgorithms"
-#define NID_supportedAlgorithms		890
-#define OBJ_supportedAlgorithms		OBJ_X509,52L
-
-#define LN_deltaRevocationList		"deltaRevocationList"
-#define NID_deltaRevocationList		891
-#define OBJ_deltaRevocationList		OBJ_X509,53L
-
-#define SN_dmdName		"dmdName"
-#define NID_dmdName		892
-#define OBJ_dmdName		OBJ_X509,54L
-
-#define LN_pseudonym		"pseudonym"
-#define NID_pseudonym		510
-#define OBJ_pseudonym		OBJ_X509,65L
-
-#define SN_role		"role"
-#define LN_role		"role"
-#define NID_role		400
-#define OBJ_role		OBJ_X509,72L
-
-#define SN_X500algorithms		"X500algorithms"
-#define LN_X500algorithms		"directory services - algorithms"
-#define NID_X500algorithms		378
-#define OBJ_X500algorithms		OBJ_X500,8L
-
-#define SN_rsa		"RSA"
-#define LN_rsa		"rsa"
-#define NID_rsa		19
-#define OBJ_rsa		OBJ_X500algorithms,1L,1L
-
-#define SN_mdc2WithRSA		"RSA-MDC2"
-#define LN_mdc2WithRSA		"mdc2WithRSA"
-#define NID_mdc2WithRSA		96
-#define OBJ_mdc2WithRSA		OBJ_X500algorithms,3L,100L
-
-#define SN_mdc2		"MDC2"
-#define LN_mdc2		"mdc2"
-#define NID_mdc2		95
-#define OBJ_mdc2		OBJ_X500algorithms,3L,101L
-
-#define SN_id_ce		"id-ce"
-#define NID_id_ce		81
-#define OBJ_id_ce		OBJ_X500,29L
-
-#define SN_subject_directory_attributes		"subjectDirectoryAttributes"
-#define LN_subject_directory_attributes		"X509v3 Subject Directory Attributes"
-#define NID_subject_directory_attributes		769
-#define OBJ_subject_directory_attributes		OBJ_id_ce,9L
-
-#define SN_subject_key_identifier		"subjectKeyIdentifier"
-#define LN_subject_key_identifier		"X509v3 Subject Key Identifier"
-#define NID_subject_key_identifier		82
-#define OBJ_subject_key_identifier		OBJ_id_ce,14L
-
-#define SN_key_usage		"keyUsage"
-#define LN_key_usage		"X509v3 Key Usage"
-#define NID_key_usage		83
-#define OBJ_key_usage		OBJ_id_ce,15L
-
-#define SN_private_key_usage_period		"privateKeyUsagePeriod"
-#define LN_private_key_usage_period		"X509v3 Private Key Usage Period"
-#define NID_private_key_usage_period		84
-#define OBJ_private_key_usage_period		OBJ_id_ce,16L
-
-#define SN_subject_alt_name		"subjectAltName"
-#define LN_subject_alt_name		"X509v3 Subject Alternative Name"
-#define NID_subject_alt_name		85
-#define OBJ_subject_alt_name		OBJ_id_ce,17L
-
-#define SN_issuer_alt_name		"issuerAltName"
-#define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"
-#define NID_issuer_alt_name		86
-#define OBJ_issuer_alt_name		OBJ_id_ce,18L
-
-#define SN_basic_constraints		"basicConstraints"
-#define LN_basic_constraints		"X509v3 Basic Constraints"
-#define NID_basic_constraints		87
-#define OBJ_basic_constraints		OBJ_id_ce,19L
-
-#define SN_crl_number		"crlNumber"
-#define LN_crl_number		"X509v3 CRL Number"
-#define NID_crl_number		88
-#define OBJ_crl_number		OBJ_id_ce,20L
-
-#define SN_crl_reason		"CRLReason"
-#define LN_crl_reason		"X509v3 CRL Reason Code"
-#define NID_crl_reason		141
-#define OBJ_crl_reason		OBJ_id_ce,21L
-
-#define SN_invalidity_date		"invalidityDate"
-#define LN_invalidity_date		"Invalidity Date"
-#define NID_invalidity_date		142
-#define OBJ_invalidity_date		OBJ_id_ce,24L
-
-#define SN_delta_crl		"deltaCRL"
-#define LN_delta_crl		"X509v3 Delta CRL Indicator"
-#define NID_delta_crl		140
-#define OBJ_delta_crl		OBJ_id_ce,27L
-
-#define SN_issuing_distribution_point		"issuingDistributionPoint"
-#define LN_issuing_distribution_point		"X509v3 Issuing Distrubution Point"
-#define NID_issuing_distribution_point		770
-#define OBJ_issuing_distribution_point		OBJ_id_ce,28L
-
-#define SN_certificate_issuer		"certificateIssuer"
-#define LN_certificate_issuer		"X509v3 Certificate Issuer"
-#define NID_certificate_issuer		771
-#define OBJ_certificate_issuer		OBJ_id_ce,29L
-
-#define SN_name_constraints		"nameConstraints"
-#define LN_name_constraints		"X509v3 Name Constraints"
-#define NID_name_constraints		666
-#define OBJ_name_constraints		OBJ_id_ce,30L
-
-#define SN_crl_distribution_points		"crlDistributionPoints"
-#define LN_crl_distribution_points		"X509v3 CRL Distribution Points"
-#define NID_crl_distribution_points		103
-#define OBJ_crl_distribution_points		OBJ_id_ce,31L
-
-#define SN_certificate_policies		"certificatePolicies"
-#define LN_certificate_policies		"X509v3 Certificate Policies"
-#define NID_certificate_policies		89
-#define OBJ_certificate_policies		OBJ_id_ce,32L
-
-#define SN_any_policy		"anyPolicy"
-#define LN_any_policy		"X509v3 Any Policy"
-#define NID_any_policy		746
-#define OBJ_any_policy		OBJ_certificate_policies,0L
-
-#define SN_policy_mappings		"policyMappings"
-#define LN_policy_mappings		"X509v3 Policy Mappings"
-#define NID_policy_mappings		747
-#define OBJ_policy_mappings		OBJ_id_ce,33L
-
-#define SN_authority_key_identifier		"authorityKeyIdentifier"
-#define LN_authority_key_identifier		"X509v3 Authority Key Identifier"
-#define NID_authority_key_identifier		90
-#define OBJ_authority_key_identifier		OBJ_id_ce,35L
-
-#define SN_policy_constraints		"policyConstraints"
-#define LN_policy_constraints		"X509v3 Policy Constraints"
-#define NID_policy_constraints		401
-#define OBJ_policy_constraints		OBJ_id_ce,36L
-
-#define SN_ext_key_usage		"extendedKeyUsage"
-#define LN_ext_key_usage		"X509v3 Extended Key Usage"
-#define NID_ext_key_usage		126
-#define OBJ_ext_key_usage		OBJ_id_ce,37L
-
-#define SN_freshest_crl		"freshestCRL"
-#define LN_freshest_crl		"X509v3 Freshest CRL"
-#define NID_freshest_crl		857
-#define OBJ_freshest_crl		OBJ_id_ce,46L
-
-#define SN_inhibit_any_policy		"inhibitAnyPolicy"
-#define LN_inhibit_any_policy		"X509v3 Inhibit Any Policy"
-#define NID_inhibit_any_policy		748
-#define OBJ_inhibit_any_policy		OBJ_id_ce,54L
-
-#define SN_target_information		"targetInformation"
-#define LN_target_information		"X509v3 AC Targeting"
-#define NID_target_information		402
-#define OBJ_target_information		OBJ_id_ce,55L
-
-#define SN_no_rev_avail		"noRevAvail"
-#define LN_no_rev_avail		"X509v3 No Revocation Available"
-#define NID_no_rev_avail		403
-#define OBJ_no_rev_avail		OBJ_id_ce,56L
-
-#define SN_anyExtendedKeyUsage		"anyExtendedKeyUsage"
-#define LN_anyExtendedKeyUsage		"Any Extended Key Usage"
-#define NID_anyExtendedKeyUsage		910
-#define OBJ_anyExtendedKeyUsage		OBJ_ext_key_usage,0L
-
-#define SN_netscape		"Netscape"
-#define LN_netscape		"Netscape Communications Corp."
-#define NID_netscape		57
-#define OBJ_netscape		2L,16L,840L,1L,113730L
-
-#define SN_netscape_cert_extension		"nsCertExt"
-#define LN_netscape_cert_extension		"Netscape Certificate Extension"
-#define NID_netscape_cert_extension		58
-#define OBJ_netscape_cert_extension		OBJ_netscape,1L
-
-#define SN_netscape_data_type		"nsDataType"
-#define LN_netscape_data_type		"Netscape Data Type"
-#define NID_netscape_data_type		59
-#define OBJ_netscape_data_type		OBJ_netscape,2L
-
-#define SN_netscape_cert_type		"nsCertType"
-#define LN_netscape_cert_type		"Netscape Cert Type"
-#define NID_netscape_cert_type		71
-#define OBJ_netscape_cert_type		OBJ_netscape_cert_extension,1L
-
-#define SN_netscape_base_url		"nsBaseUrl"
-#define LN_netscape_base_url		"Netscape Base Url"
-#define NID_netscape_base_url		72
-#define OBJ_netscape_base_url		OBJ_netscape_cert_extension,2L
-
-#define SN_netscape_revocation_url		"nsRevocationUrl"
-#define LN_netscape_revocation_url		"Netscape Revocation Url"
-#define NID_netscape_revocation_url		73
-#define OBJ_netscape_revocation_url		OBJ_netscape_cert_extension,3L
-
-#define SN_netscape_ca_revocation_url		"nsCaRevocationUrl"
-#define LN_netscape_ca_revocation_url		"Netscape CA Revocation Url"
-#define NID_netscape_ca_revocation_url		74
-#define OBJ_netscape_ca_revocation_url		OBJ_netscape_cert_extension,4L
-
-#define SN_netscape_renewal_url		"nsRenewalUrl"
-#define LN_netscape_renewal_url		"Netscape Renewal Url"
-#define NID_netscape_renewal_url		75
-#define OBJ_netscape_renewal_url		OBJ_netscape_cert_extension,7L
-
-#define SN_netscape_ca_policy_url		"nsCaPolicyUrl"
-#define LN_netscape_ca_policy_url		"Netscape CA Policy Url"
-#define NID_netscape_ca_policy_url		76
-#define OBJ_netscape_ca_policy_url		OBJ_netscape_cert_extension,8L
-
-#define SN_netscape_ssl_server_name		"nsSslServerName"
-#define LN_netscape_ssl_server_name		"Netscape SSL Server Name"
-#define NID_netscape_ssl_server_name		77
-#define OBJ_netscape_ssl_server_name		OBJ_netscape_cert_extension,12L
-
-#define SN_netscape_comment		"nsComment"
-#define LN_netscape_comment		"Netscape Comment"
-#define NID_netscape_comment		78
-#define OBJ_netscape_comment		OBJ_netscape_cert_extension,13L
-
-#define SN_netscape_cert_sequence		"nsCertSequence"
-#define LN_netscape_cert_sequence		"Netscape Certificate Sequence"
-#define NID_netscape_cert_sequence		79
-#define OBJ_netscape_cert_sequence		OBJ_netscape_data_type,5L
-
-#define SN_ns_sgc		"nsSGC"
-#define LN_ns_sgc		"Netscape Server Gated Crypto"
-#define NID_ns_sgc		139
-#define OBJ_ns_sgc		OBJ_netscape,4L,1L
-
-#define SN_org		"ORG"
-#define LN_org		"org"
-#define NID_org		379
-#define OBJ_org		OBJ_iso,3L
-
-#define SN_dod		"DOD"
-#define LN_dod		"dod"
-#define NID_dod		380
-#define OBJ_dod		OBJ_org,6L
-
-#define SN_iana		"IANA"
-#define LN_iana		"iana"
-#define NID_iana		381
-#define OBJ_iana		OBJ_dod,1L
-
-#define OBJ_internet		OBJ_iana
-
-#define SN_Directory		"directory"
-#define LN_Directory		"Directory"
-#define NID_Directory		382
-#define OBJ_Directory		OBJ_internet,1L
-
-#define SN_Management		"mgmt"
-#define LN_Management		"Management"
-#define NID_Management		383
-#define OBJ_Management		OBJ_internet,2L
-
-#define SN_Experimental		"experimental"
-#define LN_Experimental		"Experimental"
-#define NID_Experimental		384
-#define OBJ_Experimental		OBJ_internet,3L
-
-#define SN_Private		"private"
-#define LN_Private		"Private"
-#define NID_Private		385
-#define OBJ_Private		OBJ_internet,4L
-
-#define SN_Security		"security"
-#define LN_Security		"Security"
-#define NID_Security		386
-#define OBJ_Security		OBJ_internet,5L
-
-#define SN_SNMPv2		"snmpv2"
-#define LN_SNMPv2		"SNMPv2"
-#define NID_SNMPv2		387
-#define OBJ_SNMPv2		OBJ_internet,6L
-
-#define LN_Mail		"Mail"
-#define NID_Mail		388
-#define OBJ_Mail		OBJ_internet,7L
-
-#define SN_Enterprises		"enterprises"
-#define LN_Enterprises		"Enterprises"
-#define NID_Enterprises		389
-#define OBJ_Enterprises		OBJ_Private,1L
-
-#define SN_dcObject		"dcobject"
-#define LN_dcObject		"dcObject"
-#define NID_dcObject		390
-#define OBJ_dcObject		OBJ_Enterprises,1466L,344L
-
-#define SN_mime_mhs		"mime-mhs"
-#define LN_mime_mhs		"MIME MHS"
-#define NID_mime_mhs		504
-#define OBJ_mime_mhs		OBJ_Mail,1L
-
-#define SN_mime_mhs_headings		"mime-mhs-headings"
-#define LN_mime_mhs_headings		"mime-mhs-headings"
-#define NID_mime_mhs_headings		505
-#define OBJ_mime_mhs_headings		OBJ_mime_mhs,1L
-
-#define SN_mime_mhs_bodies		"mime-mhs-bodies"
-#define LN_mime_mhs_bodies		"mime-mhs-bodies"
-#define NID_mime_mhs_bodies		506
-#define OBJ_mime_mhs_bodies		OBJ_mime_mhs,2L
-
-#define SN_id_hex_partial_message		"id-hex-partial-message"
-#define LN_id_hex_partial_message		"id-hex-partial-message"
-#define NID_id_hex_partial_message		507
-#define OBJ_id_hex_partial_message		OBJ_mime_mhs_headings,1L
-
-#define SN_id_hex_multipart_message		"id-hex-multipart-message"
-#define LN_id_hex_multipart_message		"id-hex-multipart-message"
-#define NID_id_hex_multipart_message		508
-#define OBJ_id_hex_multipart_message		OBJ_mime_mhs_headings,2L
-
-#define SN_rle_compression		"RLE"
-#define LN_rle_compression		"run length compression"
-#define NID_rle_compression		124
-#define OBJ_rle_compression		1L,1L,1L,1L,666L,1L
-
-#define SN_zlib_compression		"ZLIB"
-#define LN_zlib_compression		"zlib compression"
-#define NID_zlib_compression		125
-#define OBJ_zlib_compression		OBJ_id_smime_alg,8L
-
-#define OBJ_csor		2L,16L,840L,1L,101L,3L
-
-#define OBJ_nistAlgorithms		OBJ_csor,4L
-
-#define OBJ_aes		OBJ_nistAlgorithms,1L
-
-#define SN_aes_128_ecb		"AES-128-ECB"
-#define LN_aes_128_ecb		"aes-128-ecb"
-#define NID_aes_128_ecb		418
-#define OBJ_aes_128_ecb		OBJ_aes,1L
-
-#define SN_aes_128_cbc		"AES-128-CBC"
-#define LN_aes_128_cbc		"aes-128-cbc"
-#define NID_aes_128_cbc		419
-#define OBJ_aes_128_cbc		OBJ_aes,2L
-
-#define SN_aes_128_ofb128		"AES-128-OFB"
-#define LN_aes_128_ofb128		"aes-128-ofb"
-#define NID_aes_128_ofb128		420
-#define OBJ_aes_128_ofb128		OBJ_aes,3L
-
-#define SN_aes_128_cfb128		"AES-128-CFB"
-#define LN_aes_128_cfb128		"aes-128-cfb"
-#define NID_aes_128_cfb128		421
-#define OBJ_aes_128_cfb128		OBJ_aes,4L
-
-#define SN_id_aes128_wrap		"id-aes128-wrap"
-#define NID_id_aes128_wrap		788
-#define OBJ_id_aes128_wrap		OBJ_aes,5L
-
-#define SN_aes_128_gcm		"id-aes128-GCM"
-#define LN_aes_128_gcm		"aes-128-gcm"
-#define NID_aes_128_gcm		895
-#define OBJ_aes_128_gcm		OBJ_aes,6L
-
-#define SN_aes_128_ccm		"id-aes128-CCM"
-#define LN_aes_128_ccm		"aes-128-ccm"
-#define NID_aes_128_ccm		896
-#define OBJ_aes_128_ccm		OBJ_aes,7L
-
-#define SN_id_aes128_wrap_pad		"id-aes128-wrap-pad"
-#define NID_id_aes128_wrap_pad		897
-#define OBJ_id_aes128_wrap_pad		OBJ_aes,8L
-
-#define SN_aes_192_ecb		"AES-192-ECB"
-#define LN_aes_192_ecb		"aes-192-ecb"
-#define NID_aes_192_ecb		422
-#define OBJ_aes_192_ecb		OBJ_aes,21L
-
-#define SN_aes_192_cbc		"AES-192-CBC"
-#define LN_aes_192_cbc		"aes-192-cbc"
-#define NID_aes_192_cbc		423
-#define OBJ_aes_192_cbc		OBJ_aes,22L
-
-#define SN_aes_192_ofb128		"AES-192-OFB"
-#define LN_aes_192_ofb128		"aes-192-ofb"
-#define NID_aes_192_ofb128		424
-#define OBJ_aes_192_ofb128		OBJ_aes,23L
-
-#define SN_aes_192_cfb128		"AES-192-CFB"
-#define LN_aes_192_cfb128		"aes-192-cfb"
-#define NID_aes_192_cfb128		425
-#define OBJ_aes_192_cfb128		OBJ_aes,24L
-
-#define SN_id_aes192_wrap		"id-aes192-wrap"
-#define NID_id_aes192_wrap		789
-#define OBJ_id_aes192_wrap		OBJ_aes,25L
-
-#define SN_aes_192_gcm		"id-aes192-GCM"
-#define LN_aes_192_gcm		"aes-192-gcm"
-#define NID_aes_192_gcm		898
-#define OBJ_aes_192_gcm		OBJ_aes,26L
-
-#define SN_aes_192_ccm		"id-aes192-CCM"
-#define LN_aes_192_ccm		"aes-192-ccm"
-#define NID_aes_192_ccm		899
-#define OBJ_aes_192_ccm		OBJ_aes,27L
-
-#define SN_id_aes192_wrap_pad		"id-aes192-wrap-pad"
-#define NID_id_aes192_wrap_pad		900
-#define OBJ_id_aes192_wrap_pad		OBJ_aes,28L
-
-#define SN_aes_256_ecb		"AES-256-ECB"
-#define LN_aes_256_ecb		"aes-256-ecb"
-#define NID_aes_256_ecb		426
-#define OBJ_aes_256_ecb		OBJ_aes,41L
-
-#define SN_aes_256_cbc		"AES-256-CBC"
-#define LN_aes_256_cbc		"aes-256-cbc"
-#define NID_aes_256_cbc		427
-#define OBJ_aes_256_cbc		OBJ_aes,42L
-
-#define SN_aes_256_ofb128		"AES-256-OFB"
-#define LN_aes_256_ofb128		"aes-256-ofb"
-#define NID_aes_256_ofb128		428
-#define OBJ_aes_256_ofb128		OBJ_aes,43L
-
-#define SN_aes_256_cfb128		"AES-256-CFB"
-#define LN_aes_256_cfb128		"aes-256-cfb"
-#define NID_aes_256_cfb128		429
-#define OBJ_aes_256_cfb128		OBJ_aes,44L
-
-#define SN_id_aes256_wrap		"id-aes256-wrap"
-#define NID_id_aes256_wrap		790
-#define OBJ_id_aes256_wrap		OBJ_aes,45L
-
-#define SN_aes_256_gcm		"id-aes256-GCM"
-#define LN_aes_256_gcm		"aes-256-gcm"
-#define NID_aes_256_gcm		901
-#define OBJ_aes_256_gcm		OBJ_aes,46L
-
-#define SN_aes_256_ccm		"id-aes256-CCM"
-#define LN_aes_256_ccm		"aes-256-ccm"
-#define NID_aes_256_ccm		902
-#define OBJ_aes_256_ccm		OBJ_aes,47L
-
-#define SN_id_aes256_wrap_pad		"id-aes256-wrap-pad"
-#define NID_id_aes256_wrap_pad		903
-#define OBJ_id_aes256_wrap_pad		OBJ_aes,48L
-
-#define SN_aes_128_cfb1		"AES-128-CFB1"
-#define LN_aes_128_cfb1		"aes-128-cfb1"
-#define NID_aes_128_cfb1		650
-
-#define SN_aes_192_cfb1		"AES-192-CFB1"
-#define LN_aes_192_cfb1		"aes-192-cfb1"
-#define NID_aes_192_cfb1		651
-
-#define SN_aes_256_cfb1		"AES-256-CFB1"
-#define LN_aes_256_cfb1		"aes-256-cfb1"
-#define NID_aes_256_cfb1		652
-
-#define SN_aes_128_cfb8		"AES-128-CFB8"
-#define LN_aes_128_cfb8		"aes-128-cfb8"
-#define NID_aes_128_cfb8		653
-
-#define SN_aes_192_cfb8		"AES-192-CFB8"
-#define LN_aes_192_cfb8		"aes-192-cfb8"
-#define NID_aes_192_cfb8		654
-
-#define SN_aes_256_cfb8		"AES-256-CFB8"
-#define LN_aes_256_cfb8		"aes-256-cfb8"
-#define NID_aes_256_cfb8		655
-
-#define SN_aes_128_ctr		"AES-128-CTR"
-#define LN_aes_128_ctr		"aes-128-ctr"
-#define NID_aes_128_ctr		904
-
-#define SN_aes_192_ctr		"AES-192-CTR"
-#define LN_aes_192_ctr		"aes-192-ctr"
-#define NID_aes_192_ctr		905
-
-#define SN_aes_256_ctr		"AES-256-CTR"
-#define LN_aes_256_ctr		"aes-256-ctr"
-#define NID_aes_256_ctr		906
-
-#define SN_aes_128_xts		"AES-128-XTS"
-#define LN_aes_128_xts		"aes-128-xts"
-#define NID_aes_128_xts		913
-
-#define SN_aes_256_xts		"AES-256-XTS"
-#define LN_aes_256_xts		"aes-256-xts"
-#define NID_aes_256_xts		914
-
-#define SN_des_cfb1		"DES-CFB1"
-#define LN_des_cfb1		"des-cfb1"
-#define NID_des_cfb1		656
-
-#define SN_des_cfb8		"DES-CFB8"
-#define LN_des_cfb8		"des-cfb8"
-#define NID_des_cfb8		657
-
-#define SN_des_ede3_cfb1		"DES-EDE3-CFB1"
-#define LN_des_ede3_cfb1		"des-ede3-cfb1"
-#define NID_des_ede3_cfb1		658
-
-#define SN_des_ede3_cfb8		"DES-EDE3-CFB8"
-#define LN_des_ede3_cfb8		"des-ede3-cfb8"
-#define NID_des_ede3_cfb8		659
-
-#define OBJ_nist_hashalgs		OBJ_nistAlgorithms,2L
-
-#define SN_sha256		"SHA256"
-#define LN_sha256		"sha256"
-#define NID_sha256		672
-#define OBJ_sha256		OBJ_nist_hashalgs,1L
-
-#define SN_sha384		"SHA384"
-#define LN_sha384		"sha384"
-#define NID_sha384		673
-#define OBJ_sha384		OBJ_nist_hashalgs,2L
-
-#define SN_sha512		"SHA512"
-#define LN_sha512		"sha512"
-#define NID_sha512		674
-#define OBJ_sha512		OBJ_nist_hashalgs,3L
-
-#define SN_sha224		"SHA224"
-#define LN_sha224		"sha224"
-#define NID_sha224		675
-#define OBJ_sha224		OBJ_nist_hashalgs,4L
-
-#define OBJ_dsa_with_sha2		OBJ_nistAlgorithms,3L
-
-#define SN_dsa_with_SHA224		"dsa_with_SHA224"
-#define NID_dsa_with_SHA224		802
-#define OBJ_dsa_with_SHA224		OBJ_dsa_with_sha2,1L
-
-#define SN_dsa_with_SHA256		"dsa_with_SHA256"
-#define NID_dsa_with_SHA256		803
-#define OBJ_dsa_with_SHA256		OBJ_dsa_with_sha2,2L
-
-#define SN_hold_instruction_code		"holdInstructionCode"
-#define LN_hold_instruction_code		"Hold Instruction Code"
-#define NID_hold_instruction_code		430
-#define OBJ_hold_instruction_code		OBJ_id_ce,23L
-
-#define OBJ_holdInstruction		OBJ_X9_57,2L
-
-#define SN_hold_instruction_none		"holdInstructionNone"
-#define LN_hold_instruction_none		"Hold Instruction None"
-#define NID_hold_instruction_none		431
-#define OBJ_hold_instruction_none		OBJ_holdInstruction,1L
-
-#define SN_hold_instruction_call_issuer		"holdInstructionCallIssuer"
-#define LN_hold_instruction_call_issuer		"Hold Instruction Call Issuer"
-#define NID_hold_instruction_call_issuer		432
-#define OBJ_hold_instruction_call_issuer		OBJ_holdInstruction,2L
-
-#define SN_hold_instruction_reject		"holdInstructionReject"
-#define LN_hold_instruction_reject		"Hold Instruction Reject"
-#define NID_hold_instruction_reject		433
-#define OBJ_hold_instruction_reject		OBJ_holdInstruction,3L
-
-#define SN_data		"data"
-#define NID_data		434
-#define OBJ_data		OBJ_itu_t,9L
-
-#define SN_pss		"pss"
-#define NID_pss		435
-#define OBJ_pss		OBJ_data,2342L
-
-#define SN_ucl		"ucl"
-#define NID_ucl		436
-#define OBJ_ucl		OBJ_pss,19200300L
-
-#define SN_pilot		"pilot"
-#define NID_pilot		437
-#define OBJ_pilot		OBJ_ucl,100L
-
-#define LN_pilotAttributeType		"pilotAttributeType"
-#define NID_pilotAttributeType		438
-#define OBJ_pilotAttributeType		OBJ_pilot,1L
-
-#define LN_pilotAttributeSyntax		"pilotAttributeSyntax"
-#define NID_pilotAttributeSyntax		439
-#define OBJ_pilotAttributeSyntax		OBJ_pilot,3L
-
-#define LN_pilotObjectClass		"pilotObjectClass"
-#define NID_pilotObjectClass		440
-#define OBJ_pilotObjectClass		OBJ_pilot,4L
-
-#define LN_pilotGroups		"pilotGroups"
-#define NID_pilotGroups		441
-#define OBJ_pilotGroups		OBJ_pilot,10L
-
-#define LN_iA5StringSyntax		"iA5StringSyntax"
-#define NID_iA5StringSyntax		442
-#define OBJ_iA5StringSyntax		OBJ_pilotAttributeSyntax,4L
-
-#define LN_caseIgnoreIA5StringSyntax		"caseIgnoreIA5StringSyntax"
-#define NID_caseIgnoreIA5StringSyntax		443
-#define OBJ_caseIgnoreIA5StringSyntax		OBJ_pilotAttributeSyntax,5L
-
-#define LN_pilotObject		"pilotObject"
-#define NID_pilotObject		444
-#define OBJ_pilotObject		OBJ_pilotObjectClass,3L
-
-#define LN_pilotPerson		"pilotPerson"
-#define NID_pilotPerson		445
-#define OBJ_pilotPerson		OBJ_pilotObjectClass,4L
-
-#define SN_account		"account"
-#define NID_account		446
-#define OBJ_account		OBJ_pilotObjectClass,5L
-
-#define SN_document		"document"
-#define NID_document		447
-#define OBJ_document		OBJ_pilotObjectClass,6L
-
-#define SN_room		"room"
-#define NID_room		448
-#define OBJ_room		OBJ_pilotObjectClass,7L
-
-#define LN_documentSeries		"documentSeries"
-#define NID_documentSeries		449
-#define OBJ_documentSeries		OBJ_pilotObjectClass,9L
-
-#define SN_Domain		"domain"
-#define LN_Domain		"Domain"
-#define NID_Domain		392
-#define OBJ_Domain		OBJ_pilotObjectClass,13L
-
-#define LN_rFC822localPart		"rFC822localPart"
-#define NID_rFC822localPart		450
-#define OBJ_rFC822localPart		OBJ_pilotObjectClass,14L
-
-#define LN_dNSDomain		"dNSDomain"
-#define NID_dNSDomain		451
-#define OBJ_dNSDomain		OBJ_pilotObjectClass,15L
-
-#define LN_domainRelatedObject		"domainRelatedObject"
-#define NID_domainRelatedObject		452
-#define OBJ_domainRelatedObject		OBJ_pilotObjectClass,17L
-
-#define LN_friendlyCountry		"friendlyCountry"
-#define NID_friendlyCountry		453
-#define OBJ_friendlyCountry		OBJ_pilotObjectClass,18L
-
-#define LN_simpleSecurityObject		"simpleSecurityObject"
-#define NID_simpleSecurityObject		454
-#define OBJ_simpleSecurityObject		OBJ_pilotObjectClass,19L
-
-#define LN_pilotOrganization		"pilotOrganization"
-#define NID_pilotOrganization		455
-#define OBJ_pilotOrganization		OBJ_pilotObjectClass,20L
-
-#define LN_pilotDSA		"pilotDSA"
-#define NID_pilotDSA		456
-#define OBJ_pilotDSA		OBJ_pilotObjectClass,21L
-
-#define LN_qualityLabelledData		"qualityLabelledData"
-#define NID_qualityLabelledData		457
-#define OBJ_qualityLabelledData		OBJ_pilotObjectClass,22L
-
-#define SN_userId		"UID"
-#define LN_userId		"userId"
-#define NID_userId		458
-#define OBJ_userId		OBJ_pilotAttributeType,1L
-
-#define LN_textEncodedORAddress		"textEncodedORAddress"
-#define NID_textEncodedORAddress		459
-#define OBJ_textEncodedORAddress		OBJ_pilotAttributeType,2L
-
-#define SN_rfc822Mailbox		"mail"
-#define LN_rfc822Mailbox		"rfc822Mailbox"
-#define NID_rfc822Mailbox		460
-#define OBJ_rfc822Mailbox		OBJ_pilotAttributeType,3L
-
-#define SN_info		"info"
-#define NID_info		461
-#define OBJ_info		OBJ_pilotAttributeType,4L
-
-#define LN_favouriteDrink		"favouriteDrink"
-#define NID_favouriteDrink		462
-#define OBJ_favouriteDrink		OBJ_pilotAttributeType,5L
-
-#define LN_roomNumber		"roomNumber"
-#define NID_roomNumber		463
-#define OBJ_roomNumber		OBJ_pilotAttributeType,6L
-
-#define SN_photo		"photo"
-#define NID_photo		464
-#define OBJ_photo		OBJ_pilotAttributeType,7L
-
-#define LN_userClass		"userClass"
-#define NID_userClass		465
-#define OBJ_userClass		OBJ_pilotAttributeType,8L
-
-#define SN_host		"host"
-#define NID_host		466
-#define OBJ_host		OBJ_pilotAttributeType,9L
-
-#define SN_manager		"manager"
-#define NID_manager		467
-#define OBJ_manager		OBJ_pilotAttributeType,10L
-
-#define LN_documentIdentifier		"documentIdentifier"
-#define NID_documentIdentifier		468
-#define OBJ_documentIdentifier		OBJ_pilotAttributeType,11L
-
-#define LN_documentTitle		"documentTitle"
-#define NID_documentTitle		469
-#define OBJ_documentTitle		OBJ_pilotAttributeType,12L
-
-#define LN_documentVersion		"documentVersion"
-#define NID_documentVersion		470
-#define OBJ_documentVersion		OBJ_pilotAttributeType,13L
-
-#define LN_documentAuthor		"documentAuthor"
-#define NID_documentAuthor		471
-#define OBJ_documentAuthor		OBJ_pilotAttributeType,14L
-
-#define LN_documentLocation		"documentLocation"
-#define NID_documentLocation		472
-#define OBJ_documentLocation		OBJ_pilotAttributeType,15L
-
-#define LN_homeTelephoneNumber		"homeTelephoneNumber"
-#define NID_homeTelephoneNumber		473
-#define OBJ_homeTelephoneNumber		OBJ_pilotAttributeType,20L
-
-#define SN_secretary		"secretary"
-#define NID_secretary		474
-#define OBJ_secretary		OBJ_pilotAttributeType,21L
-
-#define LN_otherMailbox		"otherMailbox"
-#define NID_otherMailbox		475
-#define OBJ_otherMailbox		OBJ_pilotAttributeType,22L
-
-#define LN_lastModifiedTime		"lastModifiedTime"
-#define NID_lastModifiedTime		476
-#define OBJ_lastModifiedTime		OBJ_pilotAttributeType,23L
-
-#define LN_lastModifiedBy		"lastModifiedBy"
-#define NID_lastModifiedBy		477
-#define OBJ_lastModifiedBy		OBJ_pilotAttributeType,24L
-
-#define SN_domainComponent		"DC"
-#define LN_domainComponent		"domainComponent"
-#define NID_domainComponent		391
-#define OBJ_domainComponent		OBJ_pilotAttributeType,25L
-
-#define LN_aRecord		"aRecord"
-#define NID_aRecord		478
-#define OBJ_aRecord		OBJ_pilotAttributeType,26L
-
-#define LN_pilotAttributeType27		"pilotAttributeType27"
-#define NID_pilotAttributeType27		479
-#define OBJ_pilotAttributeType27		OBJ_pilotAttributeType,27L
-
-#define LN_mXRecord		"mXRecord"
-#define NID_mXRecord		480
-#define OBJ_mXRecord		OBJ_pilotAttributeType,28L
-
-#define LN_nSRecord		"nSRecord"
-#define NID_nSRecord		481
-#define OBJ_nSRecord		OBJ_pilotAttributeType,29L
-
-#define LN_sOARecord		"sOARecord"
-#define NID_sOARecord		482
-#define OBJ_sOARecord		OBJ_pilotAttributeType,30L
-
-#define LN_cNAMERecord		"cNAMERecord"
-#define NID_cNAMERecord		483
-#define OBJ_cNAMERecord		OBJ_pilotAttributeType,31L
-
-#define LN_associatedDomain		"associatedDomain"
-#define NID_associatedDomain		484
-#define OBJ_associatedDomain		OBJ_pilotAttributeType,37L
-
-#define LN_associatedName		"associatedName"
-#define NID_associatedName		485
-#define OBJ_associatedName		OBJ_pilotAttributeType,38L
-
-#define LN_homePostalAddress		"homePostalAddress"
-#define NID_homePostalAddress		486
-#define OBJ_homePostalAddress		OBJ_pilotAttributeType,39L
-
-#define LN_personalTitle		"personalTitle"
-#define NID_personalTitle		487
-#define OBJ_personalTitle		OBJ_pilotAttributeType,40L
-
-#define LN_mobileTelephoneNumber		"mobileTelephoneNumber"
-#define NID_mobileTelephoneNumber		488
-#define OBJ_mobileTelephoneNumber		OBJ_pilotAttributeType,41L
-
-#define LN_pagerTelephoneNumber		"pagerTelephoneNumber"
-#define NID_pagerTelephoneNumber		489
-#define OBJ_pagerTelephoneNumber		OBJ_pilotAttributeType,42L
-
-#define LN_friendlyCountryName		"friendlyCountryName"
-#define NID_friendlyCountryName		490
-#define OBJ_friendlyCountryName		OBJ_pilotAttributeType,43L
-
-#define LN_organizationalStatus		"organizationalStatus"
-#define NID_organizationalStatus		491
-#define OBJ_organizationalStatus		OBJ_pilotAttributeType,45L
-
-#define LN_janetMailbox		"janetMailbox"
-#define NID_janetMailbox		492
-#define OBJ_janetMailbox		OBJ_pilotAttributeType,46L
-
-#define LN_mailPreferenceOption		"mailPreferenceOption"
-#define NID_mailPreferenceOption		493
-#define OBJ_mailPreferenceOption		OBJ_pilotAttributeType,47L
-
-#define LN_buildingName		"buildingName"
-#define NID_buildingName		494
-#define OBJ_buildingName		OBJ_pilotAttributeType,48L
-
-#define LN_dSAQuality		"dSAQuality"
-#define NID_dSAQuality		495
-#define OBJ_dSAQuality		OBJ_pilotAttributeType,49L
-
-#define LN_singleLevelQuality		"singleLevelQuality"
-#define NID_singleLevelQuality		496
-#define OBJ_singleLevelQuality		OBJ_pilotAttributeType,50L
-
-#define LN_subtreeMinimumQuality		"subtreeMinimumQuality"
-#define NID_subtreeMinimumQuality		497
-#define OBJ_subtreeMinimumQuality		OBJ_pilotAttributeType,51L
-
-#define LN_subtreeMaximumQuality		"subtreeMaximumQuality"
-#define NID_subtreeMaximumQuality		498
-#define OBJ_subtreeMaximumQuality		OBJ_pilotAttributeType,52L
-
-#define LN_personalSignature		"personalSignature"
-#define NID_personalSignature		499
-#define OBJ_personalSignature		OBJ_pilotAttributeType,53L
-
-#define LN_dITRedirect		"dITRedirect"
-#define NID_dITRedirect		500
-#define OBJ_dITRedirect		OBJ_pilotAttributeType,54L
-
-#define SN_audio		"audio"
-#define NID_audio		501
-#define OBJ_audio		OBJ_pilotAttributeType,55L
-
-#define LN_documentPublisher		"documentPublisher"
-#define NID_documentPublisher		502
-#define OBJ_documentPublisher		OBJ_pilotAttributeType,56L
-
-#define SN_id_set		"id-set"
-#define LN_id_set		"Secure Electronic Transactions"
-#define NID_id_set		512
-#define OBJ_id_set		OBJ_international_organizations,42L
-
-#define SN_set_ctype		"set-ctype"
-#define LN_set_ctype		"content types"
-#define NID_set_ctype		513
-#define OBJ_set_ctype		OBJ_id_set,0L
-
-#define SN_set_msgExt		"set-msgExt"
-#define LN_set_msgExt		"message extensions"
-#define NID_set_msgExt		514
-#define OBJ_set_msgExt		OBJ_id_set,1L
-
-#define SN_set_attr		"set-attr"
-#define NID_set_attr		515
-#define OBJ_set_attr		OBJ_id_set,3L
-
-#define SN_set_policy		"set-policy"
-#define NID_set_policy		516
-#define OBJ_set_policy		OBJ_id_set,5L
-
-#define SN_set_certExt		"set-certExt"
-#define LN_set_certExt		"certificate extensions"
-#define NID_set_certExt		517
-#define OBJ_set_certExt		OBJ_id_set,7L
-
-#define SN_set_brand		"set-brand"
-#define NID_set_brand		518
-#define OBJ_set_brand		OBJ_id_set,8L
-
-#define SN_setct_PANData		"setct-PANData"
-#define NID_setct_PANData		519
-#define OBJ_setct_PANData		OBJ_set_ctype,0L
-
-#define SN_setct_PANToken		"setct-PANToken"
-#define NID_setct_PANToken		520
-#define OBJ_setct_PANToken		OBJ_set_ctype,1L
-
-#define SN_setct_PANOnly		"setct-PANOnly"
-#define NID_setct_PANOnly		521
-#define OBJ_setct_PANOnly		OBJ_set_ctype,2L
-
-#define SN_setct_OIData		"setct-OIData"
-#define NID_setct_OIData		522
-#define OBJ_setct_OIData		OBJ_set_ctype,3L
-
-#define SN_setct_PI		"setct-PI"
-#define NID_setct_PI		523
-#define OBJ_setct_PI		OBJ_set_ctype,4L
-
-#define SN_setct_PIData		"setct-PIData"
-#define NID_setct_PIData		524
-#define OBJ_setct_PIData		OBJ_set_ctype,5L
-
-#define SN_setct_PIDataUnsigned		"setct-PIDataUnsigned"
-#define NID_setct_PIDataUnsigned		525
-#define OBJ_setct_PIDataUnsigned		OBJ_set_ctype,6L
-
-#define SN_setct_HODInput		"setct-HODInput"
-#define NID_setct_HODInput		526
-#define OBJ_setct_HODInput		OBJ_set_ctype,7L
-
-#define SN_setct_AuthResBaggage		"setct-AuthResBaggage"
-#define NID_setct_AuthResBaggage		527
-#define OBJ_setct_AuthResBaggage		OBJ_set_ctype,8L
-
-#define SN_setct_AuthRevReqBaggage		"setct-AuthRevReqBaggage"
-#define NID_setct_AuthRevReqBaggage		528
-#define OBJ_setct_AuthRevReqBaggage		OBJ_set_ctype,9L
-
-#define SN_setct_AuthRevResBaggage		"setct-AuthRevResBaggage"
-#define NID_setct_AuthRevResBaggage		529
-#define OBJ_setct_AuthRevResBaggage		OBJ_set_ctype,10L
-
-#define SN_setct_CapTokenSeq		"setct-CapTokenSeq"
-#define NID_setct_CapTokenSeq		530
-#define OBJ_setct_CapTokenSeq		OBJ_set_ctype,11L
-
-#define SN_setct_PInitResData		"setct-PInitResData"
-#define NID_setct_PInitResData		531
-#define OBJ_setct_PInitResData		OBJ_set_ctype,12L
-
-#define SN_setct_PI_TBS		"setct-PI-TBS"
-#define NID_setct_PI_TBS		532
-#define OBJ_setct_PI_TBS		OBJ_set_ctype,13L
-
-#define SN_setct_PResData		"setct-PResData"
-#define NID_setct_PResData		533
-#define OBJ_setct_PResData		OBJ_set_ctype,14L
-
-#define SN_setct_AuthReqTBS		"setct-AuthReqTBS"
-#define NID_setct_AuthReqTBS		534
-#define OBJ_setct_AuthReqTBS		OBJ_set_ctype,16L
-
-#define SN_setct_AuthResTBS		"setct-AuthResTBS"
-#define NID_setct_AuthResTBS		535
-#define OBJ_setct_AuthResTBS		OBJ_set_ctype,17L
-
-#define SN_setct_AuthResTBSX		"setct-AuthResTBSX"
-#define NID_setct_AuthResTBSX		536
-#define OBJ_setct_AuthResTBSX		OBJ_set_ctype,18L
-
-#define SN_setct_AuthTokenTBS		"setct-AuthTokenTBS"
-#define NID_setct_AuthTokenTBS		537
-#define OBJ_setct_AuthTokenTBS		OBJ_set_ctype,19L
-
-#define SN_setct_CapTokenData		"setct-CapTokenData"
-#define NID_setct_CapTokenData		538
-#define OBJ_setct_CapTokenData		OBJ_set_ctype,20L
-
-#define SN_setct_CapTokenTBS		"setct-CapTokenTBS"
-#define NID_setct_CapTokenTBS		539
-#define OBJ_setct_CapTokenTBS		OBJ_set_ctype,21L
-
-#define SN_setct_AcqCardCodeMsg		"setct-AcqCardCodeMsg"
-#define NID_setct_AcqCardCodeMsg		540
-#define OBJ_setct_AcqCardCodeMsg		OBJ_set_ctype,22L
-
-#define SN_setct_AuthRevReqTBS		"setct-AuthRevReqTBS"
-#define NID_setct_AuthRevReqTBS		541
-#define OBJ_setct_AuthRevReqTBS		OBJ_set_ctype,23L
-
-#define SN_setct_AuthRevResData		"setct-AuthRevResData"
-#define NID_setct_AuthRevResData		542
-#define OBJ_setct_AuthRevResData		OBJ_set_ctype,24L
-
-#define SN_setct_AuthRevResTBS		"setct-AuthRevResTBS"
-#define NID_setct_AuthRevResTBS		543
-#define OBJ_setct_AuthRevResTBS		OBJ_set_ctype,25L
-
-#define SN_setct_CapReqTBS		"setct-CapReqTBS"
-#define NID_setct_CapReqTBS		544
-#define OBJ_setct_CapReqTBS		OBJ_set_ctype,26L
-
-#define SN_setct_CapReqTBSX		"setct-CapReqTBSX"
-#define NID_setct_CapReqTBSX		545
-#define OBJ_setct_CapReqTBSX		OBJ_set_ctype,27L
-
-#define SN_setct_CapResData		"setct-CapResData"
-#define NID_setct_CapResData		546
-#define OBJ_setct_CapResData		OBJ_set_ctype,28L
-
-#define SN_setct_CapRevReqTBS		"setct-CapRevReqTBS"
-#define NID_setct_CapRevReqTBS		547
-#define OBJ_setct_CapRevReqTBS		OBJ_set_ctype,29L
-
-#define SN_setct_CapRevReqTBSX		"setct-CapRevReqTBSX"
-#define NID_setct_CapRevReqTBSX		548
-#define OBJ_setct_CapRevReqTBSX		OBJ_set_ctype,30L
-
-#define SN_setct_CapRevResData		"setct-CapRevResData"
-#define NID_setct_CapRevResData		549
-#define OBJ_setct_CapRevResData		OBJ_set_ctype,31L
-
-#define SN_setct_CredReqTBS		"setct-CredReqTBS"
-#define NID_setct_CredReqTBS		550
-#define OBJ_setct_CredReqTBS		OBJ_set_ctype,32L
-
-#define SN_setct_CredReqTBSX		"setct-CredReqTBSX"
-#define NID_setct_CredReqTBSX		551
-#define OBJ_setct_CredReqTBSX		OBJ_set_ctype,33L
-
-#define SN_setct_CredResData		"setct-CredResData"
-#define NID_setct_CredResData		552
-#define OBJ_setct_CredResData		OBJ_set_ctype,34L
-
-#define SN_setct_CredRevReqTBS		"setct-CredRevReqTBS"
-#define NID_setct_CredRevReqTBS		553
-#define OBJ_setct_CredRevReqTBS		OBJ_set_ctype,35L
-
-#define SN_setct_CredRevReqTBSX		"setct-CredRevReqTBSX"
-#define NID_setct_CredRevReqTBSX		554
-#define OBJ_setct_CredRevReqTBSX		OBJ_set_ctype,36L
-
-#define SN_setct_CredRevResData		"setct-CredRevResData"
-#define NID_setct_CredRevResData		555
-#define OBJ_setct_CredRevResData		OBJ_set_ctype,37L
-
-#define SN_setct_PCertReqData		"setct-PCertReqData"
-#define NID_setct_PCertReqData		556
-#define OBJ_setct_PCertReqData		OBJ_set_ctype,38L
-
-#define SN_setct_PCertResTBS		"setct-PCertResTBS"
-#define NID_setct_PCertResTBS		557
-#define OBJ_setct_PCertResTBS		OBJ_set_ctype,39L
-
-#define SN_setct_BatchAdminReqData		"setct-BatchAdminReqData"
-#define NID_setct_BatchAdminReqData		558
-#define OBJ_setct_BatchAdminReqData		OBJ_set_ctype,40L
-
-#define SN_setct_BatchAdminResData		"setct-BatchAdminResData"
-#define NID_setct_BatchAdminResData		559
-#define OBJ_setct_BatchAdminResData		OBJ_set_ctype,41L
-
-#define SN_setct_CardCInitResTBS		"setct-CardCInitResTBS"
-#define NID_setct_CardCInitResTBS		560
-#define OBJ_setct_CardCInitResTBS		OBJ_set_ctype,42L
-
-#define SN_setct_MeAqCInitResTBS		"setct-MeAqCInitResTBS"
-#define NID_setct_MeAqCInitResTBS		561
-#define OBJ_setct_MeAqCInitResTBS		OBJ_set_ctype,43L
-
-#define SN_setct_RegFormResTBS		"setct-RegFormResTBS"
-#define NID_setct_RegFormResTBS		562
-#define OBJ_setct_RegFormResTBS		OBJ_set_ctype,44L
-
-#define SN_setct_CertReqData		"setct-CertReqData"
-#define NID_setct_CertReqData		563
-#define OBJ_setct_CertReqData		OBJ_set_ctype,45L
-
-#define SN_setct_CertReqTBS		"setct-CertReqTBS"
-#define NID_setct_CertReqTBS		564
-#define OBJ_setct_CertReqTBS		OBJ_set_ctype,46L
-
-#define SN_setct_CertResData		"setct-CertResData"
-#define NID_setct_CertResData		565
-#define OBJ_setct_CertResData		OBJ_set_ctype,47L
-
-#define SN_setct_CertInqReqTBS		"setct-CertInqReqTBS"
-#define NID_setct_CertInqReqTBS		566
-#define OBJ_setct_CertInqReqTBS		OBJ_set_ctype,48L
-
-#define SN_setct_ErrorTBS		"setct-ErrorTBS"
-#define NID_setct_ErrorTBS		567
-#define OBJ_setct_ErrorTBS		OBJ_set_ctype,49L
-
-#define SN_setct_PIDualSignedTBE		"setct-PIDualSignedTBE"
-#define NID_setct_PIDualSignedTBE		568
-#define OBJ_setct_PIDualSignedTBE		OBJ_set_ctype,50L
-
-#define SN_setct_PIUnsignedTBE		"setct-PIUnsignedTBE"
-#define NID_setct_PIUnsignedTBE		569
-#define OBJ_setct_PIUnsignedTBE		OBJ_set_ctype,51L
-
-#define SN_setct_AuthReqTBE		"setct-AuthReqTBE"
-#define NID_setct_AuthReqTBE		570
-#define OBJ_setct_AuthReqTBE		OBJ_set_ctype,52L
-
-#define SN_setct_AuthResTBE		"setct-AuthResTBE"
-#define NID_setct_AuthResTBE		571
-#define OBJ_setct_AuthResTBE		OBJ_set_ctype,53L
-
-#define SN_setct_AuthResTBEX		"setct-AuthResTBEX"
-#define NID_setct_AuthResTBEX		572
-#define OBJ_setct_AuthResTBEX		OBJ_set_ctype,54L
-
-#define SN_setct_AuthTokenTBE		"setct-AuthTokenTBE"
-#define NID_setct_AuthTokenTBE		573
-#define OBJ_setct_AuthTokenTBE		OBJ_set_ctype,55L
-
-#define SN_setct_CapTokenTBE		"setct-CapTokenTBE"
-#define NID_setct_CapTokenTBE		574
-#define OBJ_setct_CapTokenTBE		OBJ_set_ctype,56L
-
-#define SN_setct_CapTokenTBEX		"setct-CapTokenTBEX"
-#define NID_setct_CapTokenTBEX		575
-#define OBJ_setct_CapTokenTBEX		OBJ_set_ctype,57L
-
-#define SN_setct_AcqCardCodeMsgTBE		"setct-AcqCardCodeMsgTBE"
-#define NID_setct_AcqCardCodeMsgTBE		576
-#define OBJ_setct_AcqCardCodeMsgTBE		OBJ_set_ctype,58L
-
-#define SN_setct_AuthRevReqTBE		"setct-AuthRevReqTBE"
-#define NID_setct_AuthRevReqTBE		577
-#define OBJ_setct_AuthRevReqTBE		OBJ_set_ctype,59L
-
-#define SN_setct_AuthRevResTBE		"setct-AuthRevResTBE"
-#define NID_setct_AuthRevResTBE		578
-#define OBJ_setct_AuthRevResTBE		OBJ_set_ctype,60L
-
-#define SN_setct_AuthRevResTBEB		"setct-AuthRevResTBEB"
-#define NID_setct_AuthRevResTBEB		579
-#define OBJ_setct_AuthRevResTBEB		OBJ_set_ctype,61L
-
-#define SN_setct_CapReqTBE		"setct-CapReqTBE"
-#define NID_setct_CapReqTBE		580
-#define OBJ_setct_CapReqTBE		OBJ_set_ctype,62L
-
-#define SN_setct_CapReqTBEX		"setct-CapReqTBEX"
-#define NID_setct_CapReqTBEX		581
-#define OBJ_setct_CapReqTBEX		OBJ_set_ctype,63L
-
-#define SN_setct_CapResTBE		"setct-CapResTBE"
-#define NID_setct_CapResTBE		582
-#define OBJ_setct_CapResTBE		OBJ_set_ctype,64L
-
-#define SN_setct_CapRevReqTBE		"setct-CapRevReqTBE"
-#define NID_setct_CapRevReqTBE		583
-#define OBJ_setct_CapRevReqTBE		OBJ_set_ctype,65L
-
-#define SN_setct_CapRevReqTBEX		"setct-CapRevReqTBEX"
-#define NID_setct_CapRevReqTBEX		584
-#define OBJ_setct_CapRevReqTBEX		OBJ_set_ctype,66L
-
-#define SN_setct_CapRevResTBE		"setct-CapRevResTBE"
-#define NID_setct_CapRevResTBE		585
-#define OBJ_setct_CapRevResTBE		OBJ_set_ctype,67L
-
-#define SN_setct_CredReqTBE		"setct-CredReqTBE"
-#define NID_setct_CredReqTBE		586
-#define OBJ_setct_CredReqTBE		OBJ_set_ctype,68L
-
-#define SN_setct_CredReqTBEX		"setct-CredReqTBEX"
-#define NID_setct_CredReqTBEX		587
-#define OBJ_setct_CredReqTBEX		OBJ_set_ctype,69L
-
-#define SN_setct_CredResTBE		"setct-CredResTBE"
-#define NID_setct_CredResTBE		588
-#define OBJ_setct_CredResTBE		OBJ_set_ctype,70L
-
-#define SN_setct_CredRevReqTBE		"setct-CredRevReqTBE"
-#define NID_setct_CredRevReqTBE		589
-#define OBJ_setct_CredRevReqTBE		OBJ_set_ctype,71L
-
-#define SN_setct_CredRevReqTBEX		"setct-CredRevReqTBEX"
-#define NID_setct_CredRevReqTBEX		590
-#define OBJ_setct_CredRevReqTBEX		OBJ_set_ctype,72L
-
-#define SN_setct_CredRevResTBE		"setct-CredRevResTBE"
-#define NID_setct_CredRevResTBE		591
-#define OBJ_setct_CredRevResTBE		OBJ_set_ctype,73L
-
-#define SN_setct_BatchAdminReqTBE		"setct-BatchAdminReqTBE"
-#define NID_setct_BatchAdminReqTBE		592
-#define OBJ_setct_BatchAdminReqTBE		OBJ_set_ctype,74L
-
-#define SN_setct_BatchAdminResTBE		"setct-BatchAdminResTBE"
-#define NID_setct_BatchAdminResTBE		593
-#define OBJ_setct_BatchAdminResTBE		OBJ_set_ctype,75L
-
-#define SN_setct_RegFormReqTBE		"setct-RegFormReqTBE"
-#define NID_setct_RegFormReqTBE		594
-#define OBJ_setct_RegFormReqTBE		OBJ_set_ctype,76L
-
-#define SN_setct_CertReqTBE		"setct-CertReqTBE"
-#define NID_setct_CertReqTBE		595
-#define OBJ_setct_CertReqTBE		OBJ_set_ctype,77L
-
-#define SN_setct_CertReqTBEX		"setct-CertReqTBEX"
-#define NID_setct_CertReqTBEX		596
-#define OBJ_setct_CertReqTBEX		OBJ_set_ctype,78L
-
-#define SN_setct_CertResTBE		"setct-CertResTBE"
-#define NID_setct_CertResTBE		597
-#define OBJ_setct_CertResTBE		OBJ_set_ctype,79L
-
-#define SN_setct_CRLNotificationTBS		"setct-CRLNotificationTBS"
-#define NID_setct_CRLNotificationTBS		598
-#define OBJ_setct_CRLNotificationTBS		OBJ_set_ctype,80L
-
-#define SN_setct_CRLNotificationResTBS		"setct-CRLNotificationResTBS"
-#define NID_setct_CRLNotificationResTBS		599
-#define OBJ_setct_CRLNotificationResTBS		OBJ_set_ctype,81L
-
-#define SN_setct_BCIDistributionTBS		"setct-BCIDistributionTBS"
-#define NID_setct_BCIDistributionTBS		600
-#define OBJ_setct_BCIDistributionTBS		OBJ_set_ctype,82L
-
-#define SN_setext_genCrypt		"setext-genCrypt"
-#define LN_setext_genCrypt		"generic cryptogram"
-#define NID_setext_genCrypt		601
-#define OBJ_setext_genCrypt		OBJ_set_msgExt,1L
-
-#define SN_setext_miAuth		"setext-miAuth"
-#define LN_setext_miAuth		"merchant initiated auth"
-#define NID_setext_miAuth		602
-#define OBJ_setext_miAuth		OBJ_set_msgExt,3L
-
-#define SN_setext_pinSecure		"setext-pinSecure"
-#define NID_setext_pinSecure		603
-#define OBJ_setext_pinSecure		OBJ_set_msgExt,4L
-
-#define SN_setext_pinAny		"setext-pinAny"
-#define NID_setext_pinAny		604
-#define OBJ_setext_pinAny		OBJ_set_msgExt,5L
-
-#define SN_setext_track2		"setext-track2"
-#define NID_setext_track2		605
-#define OBJ_setext_track2		OBJ_set_msgExt,7L
-
-#define SN_setext_cv		"setext-cv"
-#define LN_setext_cv		"additional verification"
-#define NID_setext_cv		606
-#define OBJ_setext_cv		OBJ_set_msgExt,8L
-
-#define SN_set_policy_root		"set-policy-root"
-#define NID_set_policy_root		607
-#define OBJ_set_policy_root		OBJ_set_policy,0L
-
-#define SN_setCext_hashedRoot		"setCext-hashedRoot"
-#define NID_setCext_hashedRoot		608
-#define OBJ_setCext_hashedRoot		OBJ_set_certExt,0L
-
-#define SN_setCext_certType		"setCext-certType"
-#define NID_setCext_certType		609
-#define OBJ_setCext_certType		OBJ_set_certExt,1L
-
-#define SN_setCext_merchData		"setCext-merchData"
-#define NID_setCext_merchData		610
-#define OBJ_setCext_merchData		OBJ_set_certExt,2L
-
-#define SN_setCext_cCertRequired		"setCext-cCertRequired"
-#define NID_setCext_cCertRequired		611
-#define OBJ_setCext_cCertRequired		OBJ_set_certExt,3L
-
-#define SN_setCext_tunneling		"setCext-tunneling"
-#define NID_setCext_tunneling		612
-#define OBJ_setCext_tunneling		OBJ_set_certExt,4L
-
-#define SN_setCext_setExt		"setCext-setExt"
-#define NID_setCext_setExt		613
-#define OBJ_setCext_setExt		OBJ_set_certExt,5L
-
-#define SN_setCext_setQualf		"setCext-setQualf"
-#define NID_setCext_setQualf		614
-#define OBJ_setCext_setQualf		OBJ_set_certExt,6L
-
-#define SN_setCext_PGWYcapabilities		"setCext-PGWYcapabilities"
-#define NID_setCext_PGWYcapabilities		615
-#define OBJ_setCext_PGWYcapabilities		OBJ_set_certExt,7L
-
-#define SN_setCext_TokenIdentifier		"setCext-TokenIdentifier"
-#define NID_setCext_TokenIdentifier		616
-#define OBJ_setCext_TokenIdentifier		OBJ_set_certExt,8L
-
-#define SN_setCext_Track2Data		"setCext-Track2Data"
-#define NID_setCext_Track2Data		617
-#define OBJ_setCext_Track2Data		OBJ_set_certExt,9L
-
-#define SN_setCext_TokenType		"setCext-TokenType"
-#define NID_setCext_TokenType		618
-#define OBJ_setCext_TokenType		OBJ_set_certExt,10L
-
-#define SN_setCext_IssuerCapabilities		"setCext-IssuerCapabilities"
-#define NID_setCext_IssuerCapabilities		619
-#define OBJ_setCext_IssuerCapabilities		OBJ_set_certExt,11L
-
-#define SN_setAttr_Cert		"setAttr-Cert"
-#define NID_setAttr_Cert		620
-#define OBJ_setAttr_Cert		OBJ_set_attr,0L
-
-#define SN_setAttr_PGWYcap		"setAttr-PGWYcap"
-#define LN_setAttr_PGWYcap		"payment gateway capabilities"
-#define NID_setAttr_PGWYcap		621
-#define OBJ_setAttr_PGWYcap		OBJ_set_attr,1L
-
-#define SN_setAttr_TokenType		"setAttr-TokenType"
-#define NID_setAttr_TokenType		622
-#define OBJ_setAttr_TokenType		OBJ_set_attr,2L
-
-#define SN_setAttr_IssCap		"setAttr-IssCap"
-#define LN_setAttr_IssCap		"issuer capabilities"
-#define NID_setAttr_IssCap		623
-#define OBJ_setAttr_IssCap		OBJ_set_attr,3L
-
-#define SN_set_rootKeyThumb		"set-rootKeyThumb"
-#define NID_set_rootKeyThumb		624
-#define OBJ_set_rootKeyThumb		OBJ_setAttr_Cert,0L
-
-#define SN_set_addPolicy		"set-addPolicy"
-#define NID_set_addPolicy		625
-#define OBJ_set_addPolicy		OBJ_setAttr_Cert,1L
-
-#define SN_setAttr_Token_EMV		"setAttr-Token-EMV"
-#define NID_setAttr_Token_EMV		626
-#define OBJ_setAttr_Token_EMV		OBJ_setAttr_TokenType,1L
-
-#define SN_setAttr_Token_B0Prime		"setAttr-Token-B0Prime"
-#define NID_setAttr_Token_B0Prime		627
-#define OBJ_setAttr_Token_B0Prime		OBJ_setAttr_TokenType,2L
-
-#define SN_setAttr_IssCap_CVM		"setAttr-IssCap-CVM"
-#define NID_setAttr_IssCap_CVM		628
-#define OBJ_setAttr_IssCap_CVM		OBJ_setAttr_IssCap,3L
-
-#define SN_setAttr_IssCap_T2		"setAttr-IssCap-T2"
-#define NID_setAttr_IssCap_T2		629
-#define OBJ_setAttr_IssCap_T2		OBJ_setAttr_IssCap,4L
-
-#define SN_setAttr_IssCap_Sig		"setAttr-IssCap-Sig"
-#define NID_setAttr_IssCap_Sig		630
-#define OBJ_setAttr_IssCap_Sig		OBJ_setAttr_IssCap,5L
-
-#define SN_setAttr_GenCryptgrm		"setAttr-GenCryptgrm"
-#define LN_setAttr_GenCryptgrm		"generate cryptogram"
-#define NID_setAttr_GenCryptgrm		631
-#define OBJ_setAttr_GenCryptgrm		OBJ_setAttr_IssCap_CVM,1L
-
-#define SN_setAttr_T2Enc		"setAttr-T2Enc"
-#define LN_setAttr_T2Enc		"encrypted track 2"
-#define NID_setAttr_T2Enc		632
-#define OBJ_setAttr_T2Enc		OBJ_setAttr_IssCap_T2,1L
-
-#define SN_setAttr_T2cleartxt		"setAttr-T2cleartxt"
-#define LN_setAttr_T2cleartxt		"cleartext track 2"
-#define NID_setAttr_T2cleartxt		633
-#define OBJ_setAttr_T2cleartxt		OBJ_setAttr_IssCap_T2,2L
-
-#define SN_setAttr_TokICCsig		"setAttr-TokICCsig"
-#define LN_setAttr_TokICCsig		"ICC or token signature"
-#define NID_setAttr_TokICCsig		634
-#define OBJ_setAttr_TokICCsig		OBJ_setAttr_IssCap_Sig,1L
-
-#define SN_setAttr_SecDevSig		"setAttr-SecDevSig"
-#define LN_setAttr_SecDevSig		"secure device signature"
-#define NID_setAttr_SecDevSig		635
-#define OBJ_setAttr_SecDevSig		OBJ_setAttr_IssCap_Sig,2L
-
-#define SN_set_brand_IATA_ATA		"set-brand-IATA-ATA"
-#define NID_set_brand_IATA_ATA		636
-#define OBJ_set_brand_IATA_ATA		OBJ_set_brand,1L
-
-#define SN_set_brand_Diners		"set-brand-Diners"
-#define NID_set_brand_Diners		637
-#define OBJ_set_brand_Diners		OBJ_set_brand,30L
-
-#define SN_set_brand_AmericanExpress		"set-brand-AmericanExpress"
-#define NID_set_brand_AmericanExpress		638
-#define OBJ_set_brand_AmericanExpress		OBJ_set_brand,34L
-
-#define SN_set_brand_JCB		"set-brand-JCB"
-#define NID_set_brand_JCB		639
-#define OBJ_set_brand_JCB		OBJ_set_brand,35L
-
-#define SN_set_brand_Visa		"set-brand-Visa"
-#define NID_set_brand_Visa		640
-#define OBJ_set_brand_Visa		OBJ_set_brand,4L
-
-#define SN_set_brand_MasterCard		"set-brand-MasterCard"
-#define NID_set_brand_MasterCard		641
-#define OBJ_set_brand_MasterCard		OBJ_set_brand,5L
-
-#define SN_set_brand_Novus		"set-brand-Novus"
-#define NID_set_brand_Novus		642
-#define OBJ_set_brand_Novus		OBJ_set_brand,6011L
-
-#define SN_des_cdmf		"DES-CDMF"
-#define LN_des_cdmf		"des-cdmf"
-#define NID_des_cdmf		643
-#define OBJ_des_cdmf		OBJ_rsadsi,3L,10L
-
-#define SN_rsaOAEPEncryptionSET		"rsaOAEPEncryptionSET"
-#define NID_rsaOAEPEncryptionSET		644
-#define OBJ_rsaOAEPEncryptionSET		OBJ_rsadsi,1L,1L,6L
-
-#define SN_ipsec3		"Oakley-EC2N-3"
-#define LN_ipsec3		"ipsec3"
-#define NID_ipsec3		749
-
-#define SN_ipsec4		"Oakley-EC2N-4"
-#define LN_ipsec4		"ipsec4"
-#define NID_ipsec4		750
-
-#define SN_whirlpool		"whirlpool"
-#define NID_whirlpool		804
-#define OBJ_whirlpool		OBJ_iso,0L,10118L,3L,0L,55L
-
-#define SN_cryptopro		"cryptopro"
-#define NID_cryptopro		805
-#define OBJ_cryptopro		OBJ_member_body,643L,2L,2L
-
-#define SN_cryptocom		"cryptocom"
-#define NID_cryptocom		806
-#define OBJ_cryptocom		OBJ_member_body,643L,2L,9L
-
-#define SN_id_GostR3411_94_with_GostR3410_2001		"id-GostR3411-94-with-GostR3410-2001"
-#define LN_id_GostR3411_94_with_GostR3410_2001		"GOST R 34.11-94 with GOST R 34.10-2001"
-#define NID_id_GostR3411_94_with_GostR3410_2001		807
-#define OBJ_id_GostR3411_94_with_GostR3410_2001		OBJ_cryptopro,3L
-
-#define SN_id_GostR3411_94_with_GostR3410_94		"id-GostR3411-94-with-GostR3410-94"
-#define LN_id_GostR3411_94_with_GostR3410_94		"GOST R 34.11-94 with GOST R 34.10-94"
-#define NID_id_GostR3411_94_with_GostR3410_94		808
-#define OBJ_id_GostR3411_94_with_GostR3410_94		OBJ_cryptopro,4L
-
-#define SN_id_GostR3411_94		"md_gost94"
-#define LN_id_GostR3411_94		"GOST R 34.11-94"
-#define NID_id_GostR3411_94		809
-#define OBJ_id_GostR3411_94		OBJ_cryptopro,9L
-
-#define SN_id_HMACGostR3411_94		"id-HMACGostR3411-94"
-#define LN_id_HMACGostR3411_94		"HMAC GOST 34.11-94"
-#define NID_id_HMACGostR3411_94		810
-#define OBJ_id_HMACGostR3411_94		OBJ_cryptopro,10L
-
-#define SN_id_GostR3410_2001		"gost2001"
-#define LN_id_GostR3410_2001		"GOST R 34.10-2001"
-#define NID_id_GostR3410_2001		811
-#define OBJ_id_GostR3410_2001		OBJ_cryptopro,19L
-
-#define SN_id_GostR3410_94		"gost94"
-#define LN_id_GostR3410_94		"GOST R 34.10-94"
-#define NID_id_GostR3410_94		812
-#define OBJ_id_GostR3410_94		OBJ_cryptopro,20L
-
-#define SN_id_Gost28147_89		"gost89"
-#define LN_id_Gost28147_89		"GOST 28147-89"
-#define NID_id_Gost28147_89		813
-#define OBJ_id_Gost28147_89		OBJ_cryptopro,21L
-
-#define SN_gost89_cnt		"gost89-cnt"
-#define NID_gost89_cnt		814
-
-#define SN_id_Gost28147_89_MAC		"gost-mac"
-#define LN_id_Gost28147_89_MAC		"GOST 28147-89 MAC"
-#define NID_id_Gost28147_89_MAC		815
-#define OBJ_id_Gost28147_89_MAC		OBJ_cryptopro,22L
-
-#define SN_id_GostR3411_94_prf		"prf-gostr3411-94"
-#define LN_id_GostR3411_94_prf		"GOST R 34.11-94 PRF"
-#define NID_id_GostR3411_94_prf		816
-#define OBJ_id_GostR3411_94_prf		OBJ_cryptopro,23L
-
-#define SN_id_GostR3410_2001DH		"id-GostR3410-2001DH"
-#define LN_id_GostR3410_2001DH		"GOST R 34.10-2001 DH"
-#define NID_id_GostR3410_2001DH		817
-#define OBJ_id_GostR3410_2001DH		OBJ_cryptopro,98L
-
-#define SN_id_GostR3410_94DH		"id-GostR3410-94DH"
-#define LN_id_GostR3410_94DH		"GOST R 34.10-94 DH"
-#define NID_id_GostR3410_94DH		818
-#define OBJ_id_GostR3410_94DH		OBJ_cryptopro,99L
-
-#define SN_id_Gost28147_89_CryptoPro_KeyMeshing		"id-Gost28147-89-CryptoPro-KeyMeshing"
-#define NID_id_Gost28147_89_CryptoPro_KeyMeshing		819
-#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing		OBJ_cryptopro,14L,1L
-
-#define SN_id_Gost28147_89_None_KeyMeshing		"id-Gost28147-89-None-KeyMeshing"
-#define NID_id_Gost28147_89_None_KeyMeshing		820
-#define OBJ_id_Gost28147_89_None_KeyMeshing		OBJ_cryptopro,14L,0L
-
-#define SN_id_GostR3411_94_TestParamSet		"id-GostR3411-94-TestParamSet"
-#define NID_id_GostR3411_94_TestParamSet		821
-#define OBJ_id_GostR3411_94_TestParamSet		OBJ_cryptopro,30L,0L
-
-#define SN_id_GostR3411_94_CryptoProParamSet		"id-GostR3411-94-CryptoProParamSet"
-#define NID_id_GostR3411_94_CryptoProParamSet		822
-#define OBJ_id_GostR3411_94_CryptoProParamSet		OBJ_cryptopro,30L,1L
-
-#define SN_id_Gost28147_89_TestParamSet		"id-Gost28147-89-TestParamSet"
-#define NID_id_Gost28147_89_TestParamSet		823
-#define OBJ_id_Gost28147_89_TestParamSet		OBJ_cryptopro,31L,0L
-
-#define SN_id_Gost28147_89_CryptoPro_A_ParamSet		"id-Gost28147-89-CryptoPro-A-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_A_ParamSet		824
-#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet		OBJ_cryptopro,31L,1L
-
-#define SN_id_Gost28147_89_CryptoPro_B_ParamSet		"id-Gost28147-89-CryptoPro-B-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_B_ParamSet		825
-#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet		OBJ_cryptopro,31L,2L
-
-#define SN_id_Gost28147_89_CryptoPro_C_ParamSet		"id-Gost28147-89-CryptoPro-C-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_C_ParamSet		826
-#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet		OBJ_cryptopro,31L,3L
-
-#define SN_id_Gost28147_89_CryptoPro_D_ParamSet		"id-Gost28147-89-CryptoPro-D-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_D_ParamSet		827
-#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet		OBJ_cryptopro,31L,4L
-
-#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet		"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet		828
-#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet		OBJ_cryptopro,31L,5L
-
-#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet		"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet		829
-#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet		OBJ_cryptopro,31L,6L
-
-#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet		"id-Gost28147-89-CryptoPro-RIC-1-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet		830
-#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet		OBJ_cryptopro,31L,7L
-
-#define SN_id_GostR3410_94_TestParamSet		"id-GostR3410-94-TestParamSet"
-#define NID_id_GostR3410_94_TestParamSet		831
-#define OBJ_id_GostR3410_94_TestParamSet		OBJ_cryptopro,32L,0L
-
-#define SN_id_GostR3410_94_CryptoPro_A_ParamSet		"id-GostR3410-94-CryptoPro-A-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_A_ParamSet		832
-#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet		OBJ_cryptopro,32L,2L
-
-#define SN_id_GostR3410_94_CryptoPro_B_ParamSet		"id-GostR3410-94-CryptoPro-B-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_B_ParamSet		833
-#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet		OBJ_cryptopro,32L,3L
-
-#define SN_id_GostR3410_94_CryptoPro_C_ParamSet		"id-GostR3410-94-CryptoPro-C-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_C_ParamSet		834
-#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet		OBJ_cryptopro,32L,4L
-
-#define SN_id_GostR3410_94_CryptoPro_D_ParamSet		"id-GostR3410-94-CryptoPro-D-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_D_ParamSet		835
-#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet		OBJ_cryptopro,32L,5L
-
-#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet		"id-GostR3410-94-CryptoPro-XchA-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet		836
-#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet		OBJ_cryptopro,33L,1L
-
-#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet		"id-GostR3410-94-CryptoPro-XchB-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet		837
-#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet		OBJ_cryptopro,33L,2L
-
-#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet		"id-GostR3410-94-CryptoPro-XchC-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet		838
-#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet		OBJ_cryptopro,33L,3L
-
-#define SN_id_GostR3410_2001_TestParamSet		"id-GostR3410-2001-TestParamSet"
-#define NID_id_GostR3410_2001_TestParamSet		839
-#define OBJ_id_GostR3410_2001_TestParamSet		OBJ_cryptopro,35L,0L
-
-#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet		"id-GostR3410-2001-CryptoPro-A-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet		840
-#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet		OBJ_cryptopro,35L,1L
-
-#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet		"id-GostR3410-2001-CryptoPro-B-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet		841
-#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet		OBJ_cryptopro,35L,2L
-
-#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet		"id-GostR3410-2001-CryptoPro-C-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet		842
-#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet		OBJ_cryptopro,35L,3L
-
-#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet		"id-GostR3410-2001-CryptoPro-XchA-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet		843
-#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet		OBJ_cryptopro,36L,0L
-
-#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet		"id-GostR3410-2001-CryptoPro-XchB-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet		844
-#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet		OBJ_cryptopro,36L,1L
-
-#define SN_id_GostR3410_94_a		"id-GostR3410-94-a"
-#define NID_id_GostR3410_94_a		845
-#define OBJ_id_GostR3410_94_a		OBJ_id_GostR3410_94,1L
-
-#define SN_id_GostR3410_94_aBis		"id-GostR3410-94-aBis"
-#define NID_id_GostR3410_94_aBis		846
-#define OBJ_id_GostR3410_94_aBis		OBJ_id_GostR3410_94,2L
-
-#define SN_id_GostR3410_94_b		"id-GostR3410-94-b"
-#define NID_id_GostR3410_94_b		847
-#define OBJ_id_GostR3410_94_b		OBJ_id_GostR3410_94,3L
-
-#define SN_id_GostR3410_94_bBis		"id-GostR3410-94-bBis"
-#define NID_id_GostR3410_94_bBis		848
-#define OBJ_id_GostR3410_94_bBis		OBJ_id_GostR3410_94,4L
-
-#define SN_id_Gost28147_89_cc		"id-Gost28147-89-cc"
-#define LN_id_Gost28147_89_cc		"GOST 28147-89 Cryptocom ParamSet"
-#define NID_id_Gost28147_89_cc		849
-#define OBJ_id_Gost28147_89_cc		OBJ_cryptocom,1L,6L,1L
-
-#define SN_id_GostR3410_94_cc		"gost94cc"
-#define LN_id_GostR3410_94_cc		"GOST 34.10-94 Cryptocom"
-#define NID_id_GostR3410_94_cc		850
-#define OBJ_id_GostR3410_94_cc		OBJ_cryptocom,1L,5L,3L
-
-#define SN_id_GostR3410_2001_cc		"gost2001cc"
-#define LN_id_GostR3410_2001_cc		"GOST 34.10-2001 Cryptocom"
-#define NID_id_GostR3410_2001_cc		851
-#define OBJ_id_GostR3410_2001_cc		OBJ_cryptocom,1L,5L,4L
-
-#define SN_id_GostR3411_94_with_GostR3410_94_cc		"id-GostR3411-94-with-GostR3410-94-cc"
-#define LN_id_GostR3411_94_with_GostR3410_94_cc		"GOST R 34.11-94 with GOST R 34.10-94 Cryptocom"
-#define NID_id_GostR3411_94_with_GostR3410_94_cc		852
-#define OBJ_id_GostR3411_94_with_GostR3410_94_cc		OBJ_cryptocom,1L,3L,3L
-
-#define SN_id_GostR3411_94_with_GostR3410_2001_cc		"id-GostR3411-94-with-GostR3410-2001-cc"
-#define LN_id_GostR3411_94_with_GostR3410_2001_cc		"GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom"
-#define NID_id_GostR3411_94_with_GostR3410_2001_cc		853
-#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc		OBJ_cryptocom,1L,3L,4L
-
-#define SN_id_GostR3410_2001_ParamSet_cc		"id-GostR3410-2001-ParamSet-cc"
-#define LN_id_GostR3410_2001_ParamSet_cc		"GOST R 3410-2001 Parameter Set Cryptocom"
-#define NID_id_GostR3410_2001_ParamSet_cc		854
-#define OBJ_id_GostR3410_2001_ParamSet_cc		OBJ_cryptocom,1L,8L,1L
-
-#define SN_camellia_128_cbc		"CAMELLIA-128-CBC"
-#define LN_camellia_128_cbc		"camellia-128-cbc"
-#define NID_camellia_128_cbc		751
-#define OBJ_camellia_128_cbc		1L,2L,392L,200011L,61L,1L,1L,1L,2L
-
-#define SN_camellia_192_cbc		"CAMELLIA-192-CBC"
-#define LN_camellia_192_cbc		"camellia-192-cbc"
-#define NID_camellia_192_cbc		752
-#define OBJ_camellia_192_cbc		1L,2L,392L,200011L,61L,1L,1L,1L,3L
-
-#define SN_camellia_256_cbc		"CAMELLIA-256-CBC"
-#define LN_camellia_256_cbc		"camellia-256-cbc"
-#define NID_camellia_256_cbc		753
-#define OBJ_camellia_256_cbc		1L,2L,392L,200011L,61L,1L,1L,1L,4L
-
-#define SN_id_camellia128_wrap		"id-camellia128-wrap"
-#define NID_id_camellia128_wrap		907
-#define OBJ_id_camellia128_wrap		1L,2L,392L,200011L,61L,1L,1L,3L,2L
-
-#define SN_id_camellia192_wrap		"id-camellia192-wrap"
-#define NID_id_camellia192_wrap		908
-#define OBJ_id_camellia192_wrap		1L,2L,392L,200011L,61L,1L,1L,3L,3L
-
-#define SN_id_camellia256_wrap		"id-camellia256-wrap"
-#define NID_id_camellia256_wrap		909
-#define OBJ_id_camellia256_wrap		1L,2L,392L,200011L,61L,1L,1L,3L,4L
-
-#define OBJ_ntt_ds		0L,3L,4401L,5L
-
-#define OBJ_camellia		OBJ_ntt_ds,3L,1L,9L
-
-#define SN_camellia_128_ecb		"CAMELLIA-128-ECB"
-#define LN_camellia_128_ecb		"camellia-128-ecb"
-#define NID_camellia_128_ecb		754
-#define OBJ_camellia_128_ecb		OBJ_camellia,1L
-
-#define SN_camellia_128_ofb128		"CAMELLIA-128-OFB"
-#define LN_camellia_128_ofb128		"camellia-128-ofb"
-#define NID_camellia_128_ofb128		766
-#define OBJ_camellia_128_ofb128		OBJ_camellia,3L
-
-#define SN_camellia_128_cfb128		"CAMELLIA-128-CFB"
-#define LN_camellia_128_cfb128		"camellia-128-cfb"
-#define NID_camellia_128_cfb128		757
-#define OBJ_camellia_128_cfb128		OBJ_camellia,4L
-
-#define SN_camellia_192_ecb		"CAMELLIA-192-ECB"
-#define LN_camellia_192_ecb		"camellia-192-ecb"
-#define NID_camellia_192_ecb		755
-#define OBJ_camellia_192_ecb		OBJ_camellia,21L
-
-#define SN_camellia_192_ofb128		"CAMELLIA-192-OFB"
-#define LN_camellia_192_ofb128		"camellia-192-ofb"
-#define NID_camellia_192_ofb128		767
-#define OBJ_camellia_192_ofb128		OBJ_camellia,23L
-
-#define SN_camellia_192_cfb128		"CAMELLIA-192-CFB"
-#define LN_camellia_192_cfb128		"camellia-192-cfb"
-#define NID_camellia_192_cfb128		758
-#define OBJ_camellia_192_cfb128		OBJ_camellia,24L
-
-#define SN_camellia_256_ecb		"CAMELLIA-256-ECB"
-#define LN_camellia_256_ecb		"camellia-256-ecb"
-#define NID_camellia_256_ecb		756
-#define OBJ_camellia_256_ecb		OBJ_camellia,41L
-
-#define SN_camellia_256_ofb128		"CAMELLIA-256-OFB"
-#define LN_camellia_256_ofb128		"camellia-256-ofb"
-#define NID_camellia_256_ofb128		768
-#define OBJ_camellia_256_ofb128		OBJ_camellia,43L
-
-#define SN_camellia_256_cfb128		"CAMELLIA-256-CFB"
-#define LN_camellia_256_cfb128		"camellia-256-cfb"
-#define NID_camellia_256_cfb128		759
-#define OBJ_camellia_256_cfb128		OBJ_camellia,44L
-
-#define SN_camellia_128_cfb1		"CAMELLIA-128-CFB1"
-#define LN_camellia_128_cfb1		"camellia-128-cfb1"
-#define NID_camellia_128_cfb1		760
-
-#define SN_camellia_192_cfb1		"CAMELLIA-192-CFB1"
-#define LN_camellia_192_cfb1		"camellia-192-cfb1"
-#define NID_camellia_192_cfb1		761
-
-#define SN_camellia_256_cfb1		"CAMELLIA-256-CFB1"
-#define LN_camellia_256_cfb1		"camellia-256-cfb1"
-#define NID_camellia_256_cfb1		762
-
-#define SN_camellia_128_cfb8		"CAMELLIA-128-CFB8"
-#define LN_camellia_128_cfb8		"camellia-128-cfb8"
-#define NID_camellia_128_cfb8		763
-
-#define SN_camellia_192_cfb8		"CAMELLIA-192-CFB8"
-#define LN_camellia_192_cfb8		"camellia-192-cfb8"
-#define NID_camellia_192_cfb8		764
-
-#define SN_camellia_256_cfb8		"CAMELLIA-256-CFB8"
-#define LN_camellia_256_cfb8		"camellia-256-cfb8"
-#define NID_camellia_256_cfb8		765
-
-#define SN_kisa		"KISA"
-#define LN_kisa		"kisa"
-#define NID_kisa		773
-#define OBJ_kisa		OBJ_member_body,410L,200004L
-
-#define SN_seed_ecb		"SEED-ECB"
-#define LN_seed_ecb		"seed-ecb"
-#define NID_seed_ecb		776
-#define OBJ_seed_ecb		OBJ_kisa,1L,3L
-
-#define SN_seed_cbc		"SEED-CBC"
-#define LN_seed_cbc		"seed-cbc"
-#define NID_seed_cbc		777
-#define OBJ_seed_cbc		OBJ_kisa,1L,4L
-
-#define SN_seed_cfb128		"SEED-CFB"
-#define LN_seed_cfb128		"seed-cfb"
-#define NID_seed_cfb128		779
-#define OBJ_seed_cfb128		OBJ_kisa,1L,5L
-
-#define SN_seed_ofb128		"SEED-OFB"
-#define LN_seed_ofb128		"seed-ofb"
-#define NID_seed_ofb128		778
-#define OBJ_seed_ofb128		OBJ_kisa,1L,6L
-
-#define SN_hmac		"HMAC"
-#define LN_hmac		"hmac"
-#define NID_hmac		855
-
-#define SN_cmac		"CMAC"
-#define LN_cmac		"cmac"
-#define NID_cmac		894
-
-#define SN_rc4_hmac_md5		"RC4-HMAC-MD5"
-#define LN_rc4_hmac_md5		"rc4-hmac-md5"
-#define NID_rc4_hmac_md5		915
-
-#define SN_aes_128_cbc_hmac_sha1		"AES-128-CBC-HMAC-SHA1"
-#define LN_aes_128_cbc_hmac_sha1		"aes-128-cbc-hmac-sha1"
-#define NID_aes_128_cbc_hmac_sha1		916
-
-#define SN_aes_192_cbc_hmac_sha1		"AES-192-CBC-HMAC-SHA1"
-#define LN_aes_192_cbc_hmac_sha1		"aes-192-cbc-hmac-sha1"
-#define NID_aes_192_cbc_hmac_sha1		917
-
-#define SN_aes_256_cbc_hmac_sha1		"AES-256-CBC-HMAC-SHA1"
-#define LN_aes_256_cbc_hmac_sha1		"aes-256-cbc-hmac-sha1"
-#define NID_aes_256_cbc_hmac_sha1		918
-
diff --git a/include/openssl/objects.h b/include/openssl/objects.h
deleted file mode 100644
index bd0ee52feb..0000000000
--- a/include/openssl/objects.h
+++ /dev/null
@@ -1,1138 +0,0 @@
-/* crypto/objects/objects.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_OBJECTS_H
-#define HEADER_OBJECTS_H
-
-#define USE_OBJ_MAC
-
-#ifdef USE_OBJ_MAC
-#include <openssl/obj_mac.h>
-#else
-#define SN_undef			"UNDEF"
-#define LN_undef			"undefined"
-#define NID_undef			0
-#define OBJ_undef			0L
-
-#define SN_Algorithm			"Algorithm"
-#define LN_algorithm			"algorithm"
-#define NID_algorithm			38
-#define OBJ_algorithm			1L,3L,14L,3L,2L
-
-#define LN_rsadsi			"rsadsi"
-#define NID_rsadsi			1
-#define OBJ_rsadsi			1L,2L,840L,113549L
-
-#define LN_pkcs				"pkcs"
-#define NID_pkcs			2
-#define OBJ_pkcs			OBJ_rsadsi,1L
-
-#define SN_md2				"MD2"
-#define LN_md2				"md2"
-#define NID_md2				3
-#define OBJ_md2				OBJ_rsadsi,2L,2L
-
-#define SN_md5				"MD5"
-#define LN_md5				"md5"
-#define NID_md5				4
-#define OBJ_md5				OBJ_rsadsi,2L,5L
-
-#define SN_rc4				"RC4"
-#define LN_rc4				"rc4"
-#define NID_rc4				5
-#define OBJ_rc4				OBJ_rsadsi,3L,4L
-
-#define LN_rsaEncryption		"rsaEncryption"
-#define NID_rsaEncryption		6
-#define OBJ_rsaEncryption		OBJ_pkcs,1L,1L
-
-#define SN_md2WithRSAEncryption		"RSA-MD2"
-#define LN_md2WithRSAEncryption		"md2WithRSAEncryption"
-#define NID_md2WithRSAEncryption	7
-#define OBJ_md2WithRSAEncryption	OBJ_pkcs,1L,2L
-
-#define SN_md5WithRSAEncryption		"RSA-MD5"
-#define LN_md5WithRSAEncryption		"md5WithRSAEncryption"
-#define NID_md5WithRSAEncryption	8
-#define OBJ_md5WithRSAEncryption	OBJ_pkcs,1L,4L
-
-#define SN_pbeWithMD2AndDES_CBC		"PBE-MD2-DES"
-#define LN_pbeWithMD2AndDES_CBC		"pbeWithMD2AndDES-CBC"
-#define NID_pbeWithMD2AndDES_CBC	9
-#define OBJ_pbeWithMD2AndDES_CBC	OBJ_pkcs,5L,1L
-
-#define SN_pbeWithMD5AndDES_CBC		"PBE-MD5-DES"
-#define LN_pbeWithMD5AndDES_CBC		"pbeWithMD5AndDES-CBC"
-#define NID_pbeWithMD5AndDES_CBC	10
-#define OBJ_pbeWithMD5AndDES_CBC	OBJ_pkcs,5L,3L
-
-#define LN_X500				"X500"
-#define NID_X500			11
-#define OBJ_X500			2L,5L
-
-#define LN_X509				"X509"
-#define NID_X509			12
-#define OBJ_X509			OBJ_X500,4L
-
-#define SN_commonName			"CN"
-#define LN_commonName			"commonName"
-#define NID_commonName			13
-#define OBJ_commonName			OBJ_X509,3L
-
-#define SN_countryName			"C"
-#define LN_countryName			"countryName"
-#define NID_countryName			14
-#define OBJ_countryName			OBJ_X509,6L
-
-#define SN_localityName			"L"
-#define LN_localityName			"localityName"
-#define NID_localityName		15
-#define OBJ_localityName		OBJ_X509,7L
-
-/* Postal Address? PA */
-
-/* should be "ST" (rfc1327) but MS uses 'S' */
-#define SN_stateOrProvinceName		"ST"
-#define LN_stateOrProvinceName		"stateOrProvinceName"
-#define NID_stateOrProvinceName		16
-#define OBJ_stateOrProvinceName		OBJ_X509,8L
-
-#define SN_organizationName		"O"
-#define LN_organizationName		"organizationName"
-#define NID_organizationName		17
-#define OBJ_organizationName		OBJ_X509,10L
-
-#define SN_organizationalUnitName	"OU"
-#define LN_organizationalUnitName	"organizationalUnitName"
-#define NID_organizationalUnitName	18
-#define OBJ_organizationalUnitName	OBJ_X509,11L
-
-#define SN_rsa				"RSA"
-#define LN_rsa				"rsa"
-#define NID_rsa				19
-#define OBJ_rsa				OBJ_X500,8L,1L,1L
-
-#define LN_pkcs7			"pkcs7"
-#define NID_pkcs7			20
-#define OBJ_pkcs7			OBJ_pkcs,7L
-
-#define LN_pkcs7_data			"pkcs7-data"
-#define NID_pkcs7_data			21
-#define OBJ_pkcs7_data			OBJ_pkcs7,1L
-
-#define LN_pkcs7_signed			"pkcs7-signedData"
-#define NID_pkcs7_signed		22
-#define OBJ_pkcs7_signed		OBJ_pkcs7,2L
-
-#define LN_pkcs7_enveloped		"pkcs7-envelopedData"
-#define NID_pkcs7_enveloped		23
-#define OBJ_pkcs7_enveloped		OBJ_pkcs7,3L
-
-#define LN_pkcs7_signedAndEnveloped	"pkcs7-signedAndEnvelopedData"
-#define NID_pkcs7_signedAndEnveloped	24
-#define OBJ_pkcs7_signedAndEnveloped	OBJ_pkcs7,4L
-
-#define LN_pkcs7_digest			"pkcs7-digestData"
-#define NID_pkcs7_digest		25
-#define OBJ_pkcs7_digest		OBJ_pkcs7,5L
-
-#define LN_pkcs7_encrypted		"pkcs7-encryptedData"
-#define NID_pkcs7_encrypted		26
-#define OBJ_pkcs7_encrypted		OBJ_pkcs7,6L
-
-#define LN_pkcs3			"pkcs3"
-#define NID_pkcs3			27
-#define OBJ_pkcs3			OBJ_pkcs,3L
-
-#define LN_dhKeyAgreement		"dhKeyAgreement"
-#define NID_dhKeyAgreement		28
-#define OBJ_dhKeyAgreement		OBJ_pkcs3,1L
-
-#define SN_des_ecb			"DES-ECB"
-#define LN_des_ecb			"des-ecb"
-#define NID_des_ecb			29
-#define OBJ_des_ecb			OBJ_algorithm,6L
-
-#define SN_des_cfb64			"DES-CFB"
-#define LN_des_cfb64			"des-cfb"
-#define NID_des_cfb64			30
-/* IV + num */
-#define OBJ_des_cfb64			OBJ_algorithm,9L
-
-#define SN_des_cbc			"DES-CBC"
-#define LN_des_cbc			"des-cbc"
-#define NID_des_cbc			31
-/* IV */
-#define OBJ_des_cbc			OBJ_algorithm,7L
-
-#define SN_des_ede			"DES-EDE"
-#define LN_des_ede			"des-ede"
-#define NID_des_ede			32
-/* ?? */
-#define OBJ_des_ede			OBJ_algorithm,17L
-
-#define SN_des_ede3			"DES-EDE3"
-#define LN_des_ede3			"des-ede3"
-#define NID_des_ede3			33
-
-#define SN_idea_cbc			"IDEA-CBC"
-#define LN_idea_cbc			"idea-cbc"
-#define NID_idea_cbc			34
-#define OBJ_idea_cbc			1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
-
-#define SN_idea_cfb64			"IDEA-CFB"
-#define LN_idea_cfb64			"idea-cfb"
-#define NID_idea_cfb64			35
-
-#define SN_idea_ecb			"IDEA-ECB"
-#define LN_idea_ecb			"idea-ecb"
-#define NID_idea_ecb			36
-
-#define SN_rc2_cbc			"RC2-CBC"
-#define LN_rc2_cbc			"rc2-cbc"
-#define NID_rc2_cbc			37
-#define OBJ_rc2_cbc			OBJ_rsadsi,3L,2L
-
-#define SN_rc2_ecb			"RC2-ECB"
-#define LN_rc2_ecb			"rc2-ecb"
-#define NID_rc2_ecb			38
-
-#define SN_rc2_cfb64			"RC2-CFB"
-#define LN_rc2_cfb64			"rc2-cfb"
-#define NID_rc2_cfb64			39
-
-#define SN_rc2_ofb64			"RC2-OFB"
-#define LN_rc2_ofb64			"rc2-ofb"
-#define NID_rc2_ofb64			40
-
-#define SN_sha				"SHA"
-#define LN_sha				"sha"
-#define NID_sha				41
-#define OBJ_sha				OBJ_algorithm,18L
-
-#define SN_shaWithRSAEncryption		"RSA-SHA"
-#define LN_shaWithRSAEncryption		"shaWithRSAEncryption"
-#define NID_shaWithRSAEncryption	42
-#define OBJ_shaWithRSAEncryption	OBJ_algorithm,15L
-
-#define SN_des_ede_cbc			"DES-EDE-CBC"
-#define LN_des_ede_cbc			"des-ede-cbc"
-#define NID_des_ede_cbc			43
-
-#define SN_des_ede3_cbc			"DES-EDE3-CBC"
-#define LN_des_ede3_cbc			"des-ede3-cbc"
-#define NID_des_ede3_cbc		44
-#define OBJ_des_ede3_cbc		OBJ_rsadsi,3L,7L
-
-#define SN_des_ofb64			"DES-OFB"
-#define LN_des_ofb64			"des-ofb"
-#define NID_des_ofb64			45
-#define OBJ_des_ofb64			OBJ_algorithm,8L
-
-#define SN_idea_ofb64			"IDEA-OFB"
-#define LN_idea_ofb64			"idea-ofb"
-#define NID_idea_ofb64			46
-
-#define LN_pkcs9			"pkcs9"
-#define NID_pkcs9			47
-#define OBJ_pkcs9			OBJ_pkcs,9L
-
-#define SN_pkcs9_emailAddress		"Email"
-#define LN_pkcs9_emailAddress		"emailAddress"
-#define NID_pkcs9_emailAddress		48
-#define OBJ_pkcs9_emailAddress		OBJ_pkcs9,1L
-
-#define LN_pkcs9_unstructuredName	"unstructuredName"
-#define NID_pkcs9_unstructuredName	49
-#define OBJ_pkcs9_unstructuredName	OBJ_pkcs9,2L
-
-#define LN_pkcs9_contentType		"contentType"
-#define NID_pkcs9_contentType		50
-#define OBJ_pkcs9_contentType		OBJ_pkcs9,3L
-
-#define LN_pkcs9_messageDigest		"messageDigest"
-#define NID_pkcs9_messageDigest		51
-#define OBJ_pkcs9_messageDigest		OBJ_pkcs9,4L
-
-#define LN_pkcs9_signingTime		"signingTime"
-#define NID_pkcs9_signingTime		52
-#define OBJ_pkcs9_signingTime		OBJ_pkcs9,5L
-
-#define LN_pkcs9_countersignature	"countersignature"
-#define NID_pkcs9_countersignature	53
-#define OBJ_pkcs9_countersignature	OBJ_pkcs9,6L
-
-#define LN_pkcs9_challengePassword	"challengePassword"
-#define NID_pkcs9_challengePassword	54
-#define OBJ_pkcs9_challengePassword	OBJ_pkcs9,7L
-
-#define LN_pkcs9_unstructuredAddress	"unstructuredAddress"
-#define NID_pkcs9_unstructuredAddress	55
-#define OBJ_pkcs9_unstructuredAddress	OBJ_pkcs9,8L
-
-#define LN_pkcs9_extCertAttributes	"extendedCertificateAttributes"
-#define NID_pkcs9_extCertAttributes	56
-#define OBJ_pkcs9_extCertAttributes	OBJ_pkcs9,9L
-
-#define SN_netscape			"Netscape"
-#define LN_netscape			"Netscape Communications Corp."
-#define NID_netscape			57
-#define OBJ_netscape			2L,16L,840L,1L,113730L
-
-#define SN_netscape_cert_extension	"nsCertExt"
-#define LN_netscape_cert_extension	"Netscape Certificate Extension"
-#define NID_netscape_cert_extension	58
-#define OBJ_netscape_cert_extension	OBJ_netscape,1L
-
-#define SN_netscape_data_type		"nsDataType"
-#define LN_netscape_data_type		"Netscape Data Type"
-#define NID_netscape_data_type		59
-#define OBJ_netscape_data_type		OBJ_netscape,2L
-
-#define SN_des_ede_cfb64		"DES-EDE-CFB"
-#define LN_des_ede_cfb64		"des-ede-cfb"
-#define NID_des_ede_cfb64		60
-
-#define SN_des_ede3_cfb64		"DES-EDE3-CFB"
-#define LN_des_ede3_cfb64		"des-ede3-cfb"
-#define NID_des_ede3_cfb64		61
-
-#define SN_des_ede_ofb64		"DES-EDE-OFB"
-#define LN_des_ede_ofb64		"des-ede-ofb"
-#define NID_des_ede_ofb64		62
-
-#define SN_des_ede3_ofb64		"DES-EDE3-OFB"
-#define LN_des_ede3_ofb64		"des-ede3-ofb"
-#define NID_des_ede3_ofb64		63
-
-/* I'm not sure about the object ID */
-#define SN_sha1				"SHA1"
-#define LN_sha1				"sha1"
-#define NID_sha1			64
-#define OBJ_sha1			OBJ_algorithm,26L
-/* 28 Jun 1996 - eay */
-/* #define OBJ_sha1			1L,3L,14L,2L,26L,05L <- wrong */
-
-#define SN_sha1WithRSAEncryption	"RSA-SHA1"
-#define LN_sha1WithRSAEncryption	"sha1WithRSAEncryption"
-#define NID_sha1WithRSAEncryption	65
-#define OBJ_sha1WithRSAEncryption	OBJ_pkcs,1L,5L
-
-#define SN_dsaWithSHA			"DSA-SHA"
-#define LN_dsaWithSHA			"dsaWithSHA"
-#define NID_dsaWithSHA			66
-#define OBJ_dsaWithSHA			OBJ_algorithm,13L
-
-#define SN_dsa_2			"DSA-old"
-#define LN_dsa_2			"dsaEncryption-old"
-#define NID_dsa_2			67
-#define OBJ_dsa_2			OBJ_algorithm,12L
-
-/* proposed by microsoft to RSA */
-#define SN_pbeWithSHA1AndRC2_CBC	"PBE-SHA1-RC2-64"
-#define LN_pbeWithSHA1AndRC2_CBC	"pbeWithSHA1AndRC2-CBC"
-#define NID_pbeWithSHA1AndRC2_CBC	68
-#define OBJ_pbeWithSHA1AndRC2_CBC	OBJ_pkcs,5L,11L 
-
-/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now
- * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something
- * completely different.
- */
-#define LN_id_pbkdf2			"PBKDF2"
-#define NID_id_pbkdf2			69
-#define OBJ_id_pbkdf2			OBJ_pkcs,5L,12L 
-
-#define SN_dsaWithSHA1_2		"DSA-SHA1-old"
-#define LN_dsaWithSHA1_2		"dsaWithSHA1-old"
-#define NID_dsaWithSHA1_2		70
-/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */
-#define OBJ_dsaWithSHA1_2		OBJ_algorithm,27L
-
-#define SN_netscape_cert_type		"nsCertType"
-#define LN_netscape_cert_type		"Netscape Cert Type"
-#define NID_netscape_cert_type		71
-#define OBJ_netscape_cert_type		OBJ_netscape_cert_extension,1L
-
-#define SN_netscape_base_url		"nsBaseUrl"
-#define LN_netscape_base_url		"Netscape Base Url"
-#define NID_netscape_base_url		72
-#define OBJ_netscape_base_url		OBJ_netscape_cert_extension,2L
-
-#define SN_netscape_revocation_url	"nsRevocationUrl"
-#define LN_netscape_revocation_url	"Netscape Revocation Url"
-#define NID_netscape_revocation_url	73
-#define OBJ_netscape_revocation_url	OBJ_netscape_cert_extension,3L
-
-#define SN_netscape_ca_revocation_url	"nsCaRevocationUrl"
-#define LN_netscape_ca_revocation_url	"Netscape CA Revocation Url"
-#define NID_netscape_ca_revocation_url	74
-#define OBJ_netscape_ca_revocation_url	OBJ_netscape_cert_extension,4L
-
-#define SN_netscape_renewal_url		"nsRenewalUrl"
-#define LN_netscape_renewal_url		"Netscape Renewal Url"
-#define NID_netscape_renewal_url	75
-#define OBJ_netscape_renewal_url	OBJ_netscape_cert_extension,7L
-
-#define SN_netscape_ca_policy_url	"nsCaPolicyUrl"
-#define LN_netscape_ca_policy_url	"Netscape CA Policy Url"
-#define NID_netscape_ca_policy_url	76
-#define OBJ_netscape_ca_policy_url	OBJ_netscape_cert_extension,8L
-
-#define SN_netscape_ssl_server_name	"nsSslServerName"
-#define LN_netscape_ssl_server_name	"Netscape SSL Server Name"
-#define NID_netscape_ssl_server_name	77
-#define OBJ_netscape_ssl_server_name	OBJ_netscape_cert_extension,12L
-
-#define SN_netscape_comment		"nsComment"
-#define LN_netscape_comment		"Netscape Comment"
-#define NID_netscape_comment		78
-#define OBJ_netscape_comment		OBJ_netscape_cert_extension,13L
-
-#define SN_netscape_cert_sequence	"nsCertSequence"
-#define LN_netscape_cert_sequence	"Netscape Certificate Sequence"
-#define NID_netscape_cert_sequence	79
-#define OBJ_netscape_cert_sequence	OBJ_netscape_data_type,5L
-
-#define SN_desx_cbc			"DESX-CBC"
-#define LN_desx_cbc			"desx-cbc"
-#define NID_desx_cbc			80
-
-#define SN_id_ce			"id-ce"
-#define NID_id_ce			81
-#define OBJ_id_ce			2L,5L,29L
-
-#define SN_subject_key_identifier	"subjectKeyIdentifier"
-#define LN_subject_key_identifier	"X509v3 Subject Key Identifier"
-#define NID_subject_key_identifier	82
-#define OBJ_subject_key_identifier	OBJ_id_ce,14L
-
-#define SN_key_usage			"keyUsage"
-#define LN_key_usage			"X509v3 Key Usage"
-#define NID_key_usage			83
-#define OBJ_key_usage			OBJ_id_ce,15L
-
-#define SN_private_key_usage_period	"privateKeyUsagePeriod"
-#define LN_private_key_usage_period	"X509v3 Private Key Usage Period"
-#define NID_private_key_usage_period	84
-#define OBJ_private_key_usage_period	OBJ_id_ce,16L
-
-#define SN_subject_alt_name		"subjectAltName"
-#define LN_subject_alt_name		"X509v3 Subject Alternative Name"
-#define NID_subject_alt_name		85
-#define OBJ_subject_alt_name		OBJ_id_ce,17L
-
-#define SN_issuer_alt_name		"issuerAltName"
-#define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"
-#define NID_issuer_alt_name		86
-#define OBJ_issuer_alt_name		OBJ_id_ce,18L
-
-#define SN_basic_constraints		"basicConstraints"
-#define LN_basic_constraints		"X509v3 Basic Constraints"
-#define NID_basic_constraints		87
-#define OBJ_basic_constraints		OBJ_id_ce,19L
-
-#define SN_crl_number			"crlNumber"
-#define LN_crl_number			"X509v3 CRL Number"
-#define NID_crl_number			88
-#define OBJ_crl_number			OBJ_id_ce,20L
-
-#define SN_certificate_policies		"certificatePolicies"
-#define LN_certificate_policies		"X509v3 Certificate Policies"
-#define NID_certificate_policies	89
-#define OBJ_certificate_policies	OBJ_id_ce,32L
-
-#define SN_authority_key_identifier	"authorityKeyIdentifier"
-#define LN_authority_key_identifier	"X509v3 Authority Key Identifier"
-#define NID_authority_key_identifier	90
-#define OBJ_authority_key_identifier	OBJ_id_ce,35L
-
-#define SN_bf_cbc			"BF-CBC"
-#define LN_bf_cbc			"bf-cbc"
-#define NID_bf_cbc			91
-#define OBJ_bf_cbc			1L,3L,6L,1L,4L,1L,3029L,1L,2L
-
-#define SN_bf_ecb			"BF-ECB"
-#define LN_bf_ecb			"bf-ecb"
-#define NID_bf_ecb			92
-
-#define SN_bf_cfb64			"BF-CFB"
-#define LN_bf_cfb64			"bf-cfb"
-#define NID_bf_cfb64			93
-
-#define SN_bf_ofb64			"BF-OFB"
-#define LN_bf_ofb64			"bf-ofb"
-#define NID_bf_ofb64			94
-
-#define SN_mdc2				"MDC2"
-#define LN_mdc2				"mdc2"
-#define NID_mdc2			95
-#define OBJ_mdc2			2L,5L,8L,3L,101L
-/* An alternative?			1L,3L,14L,3L,2L,19L */
-
-#define SN_mdc2WithRSA			"RSA-MDC2"
-#define LN_mdc2WithRSA			"mdc2withRSA"
-#define NID_mdc2WithRSA			96
-#define OBJ_mdc2WithRSA			2L,5L,8L,3L,100L
-
-#define SN_rc4_40			"RC4-40"
-#define LN_rc4_40			"rc4-40"
-#define NID_rc4_40			97
-
-#define SN_rc2_40_cbc			"RC2-40-CBC"
-#define LN_rc2_40_cbc			"rc2-40-cbc"
-#define NID_rc2_40_cbc			98
-
-#define SN_givenName			"G"
-#define LN_givenName			"givenName"
-#define NID_givenName			99
-#define OBJ_givenName			OBJ_X509,42L
-
-#define SN_surname			"S"
-#define LN_surname			"surname"
-#define NID_surname			100
-#define OBJ_surname			OBJ_X509,4L
-
-#define SN_initials			"I"
-#define LN_initials			"initials"
-#define NID_initials			101
-#define OBJ_initials			OBJ_X509,43L
-
-#define SN_uniqueIdentifier		"UID"
-#define LN_uniqueIdentifier		"uniqueIdentifier"
-#define NID_uniqueIdentifier		102
-#define OBJ_uniqueIdentifier		OBJ_X509,45L
-
-#define SN_crl_distribution_points	"crlDistributionPoints"
-#define LN_crl_distribution_points	"X509v3 CRL Distribution Points"
-#define NID_crl_distribution_points	103
-#define OBJ_crl_distribution_points	OBJ_id_ce,31L
-
-#define SN_md5WithRSA			"RSA-NP-MD5"
-#define LN_md5WithRSA			"md5WithRSA"
-#define NID_md5WithRSA			104
-#define OBJ_md5WithRSA			OBJ_algorithm,3L
-
-#define SN_serialNumber			"SN"
-#define LN_serialNumber			"serialNumber"
-#define NID_serialNumber		105
-#define OBJ_serialNumber		OBJ_X509,5L
-
-#define SN_title			"T"
-#define LN_title			"title"
-#define NID_title			106
-#define OBJ_title			OBJ_X509,12L
-
-#define SN_description			"D"
-#define LN_description			"description"
-#define NID_description			107
-#define OBJ_description			OBJ_X509,13L
-
-/* CAST5 is CAST-128, I'm just sticking with the documentation */
-#define SN_cast5_cbc			"CAST5-CBC"
-#define LN_cast5_cbc			"cast5-cbc"
-#define NID_cast5_cbc			108
-#define OBJ_cast5_cbc			1L,2L,840L,113533L,7L,66L,10L
-
-#define SN_cast5_ecb			"CAST5-ECB"
-#define LN_cast5_ecb			"cast5-ecb"
-#define NID_cast5_ecb			109
-
-#define SN_cast5_cfb64			"CAST5-CFB"
-#define LN_cast5_cfb64			"cast5-cfb"
-#define NID_cast5_cfb64			110
-
-#define SN_cast5_ofb64			"CAST5-OFB"
-#define LN_cast5_ofb64			"cast5-ofb"
-#define NID_cast5_ofb64			111
-
-#define LN_pbeWithMD5AndCast5_CBC	"pbeWithMD5AndCast5CBC"
-#define NID_pbeWithMD5AndCast5_CBC	112
-#define OBJ_pbeWithMD5AndCast5_CBC	1L,2L,840L,113533L,7L,66L,12L
-
-/* This is one sun will soon be using :-(
- * id-dsa-with-sha1 ID  ::= {
- *   iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }
- */
-#define SN_dsaWithSHA1			"DSA-SHA1"
-#define LN_dsaWithSHA1			"dsaWithSHA1"
-#define NID_dsaWithSHA1			113
-#define OBJ_dsaWithSHA1			1L,2L,840L,10040L,4L,3L
-
-#define NID_md5_sha1			114
-#define SN_md5_sha1			"MD5-SHA1"
-#define LN_md5_sha1			"md5-sha1"
-
-#define SN_sha1WithRSA			"RSA-SHA1-2"
-#define LN_sha1WithRSA			"sha1WithRSA"
-#define NID_sha1WithRSA			115
-#define OBJ_sha1WithRSA			OBJ_algorithm,29L
-
-#define SN_dsa				"DSA"
-#define LN_dsa				"dsaEncryption"
-#define NID_dsa				116
-#define OBJ_dsa				1L,2L,840L,10040L,4L,1L
-
-#define SN_ripemd160			"RIPEMD160"
-#define LN_ripemd160			"ripemd160"
-#define NID_ripemd160			117
-#define OBJ_ripemd160			1L,3L,36L,3L,2L,1L
-
-/* The name should actually be rsaSignatureWithripemd160, but I'm going
- * to continue using the convention I'm using with the other ciphers */
-#define SN_ripemd160WithRSA		"RSA-RIPEMD160"
-#define LN_ripemd160WithRSA		"ripemd160WithRSA"
-#define NID_ripemd160WithRSA		119
-#define OBJ_ripemd160WithRSA		1L,3L,36L,3L,3L,1L,2L
-
-/* Taken from rfc2040
- *  RC5_CBC_Parameters ::= SEQUENCE {
- *	version           INTEGER (v1_0(16)),
- *	rounds            INTEGER (8..127),
- *	blockSizeInBits   INTEGER (64, 128),
- *	iv                OCTET STRING OPTIONAL
- *	}
- */
-#define SN_rc5_cbc			"RC5-CBC"
-#define LN_rc5_cbc			"rc5-cbc"
-#define NID_rc5_cbc			120
-#define OBJ_rc5_cbc			OBJ_rsadsi,3L,8L
-
-#define SN_rc5_ecb			"RC5-ECB"
-#define LN_rc5_ecb			"rc5-ecb"
-#define NID_rc5_ecb			121
-
-#define SN_rc5_cfb64			"RC5-CFB"
-#define LN_rc5_cfb64			"rc5-cfb"
-#define NID_rc5_cfb64			122
-
-#define SN_rc5_ofb64			"RC5-OFB"
-#define LN_rc5_ofb64			"rc5-ofb"
-#define NID_rc5_ofb64			123
-
-#define SN_rle_compression		"RLE"
-#define LN_rle_compression		"run length compression"
-#define NID_rle_compression		124
-#define OBJ_rle_compression		1L,1L,1L,1L,666L,1L
-
-#define SN_zlib_compression		"ZLIB"
-#define LN_zlib_compression		"zlib compression"
-#define NID_zlib_compression		125
-#define OBJ_zlib_compression		1L,1L,1L,1L,666L,2L
-
-#define SN_ext_key_usage		"extendedKeyUsage"
-#define LN_ext_key_usage		"X509v3 Extended Key Usage"
-#define NID_ext_key_usage		126
-#define OBJ_ext_key_usage		OBJ_id_ce,37
-
-#define SN_id_pkix			"PKIX"
-#define NID_id_pkix			127
-#define OBJ_id_pkix			1L,3L,6L,1L,5L,5L,7L
-
-#define SN_id_kp			"id-kp"
-#define NID_id_kp			128
-#define OBJ_id_kp			OBJ_id_pkix,3L
-
-/* PKIX extended key usage OIDs */
-
-#define SN_server_auth			"serverAuth"
-#define LN_server_auth			"TLS Web Server Authentication"
-#define NID_server_auth			129
-#define OBJ_server_auth			OBJ_id_kp,1L
-
-#define SN_client_auth			"clientAuth"
-#define LN_client_auth			"TLS Web Client Authentication"
-#define NID_client_auth			130
-#define OBJ_client_auth			OBJ_id_kp,2L
-
-#define SN_code_sign			"codeSigning"
-#define LN_code_sign			"Code Signing"
-#define NID_code_sign			131
-#define OBJ_code_sign			OBJ_id_kp,3L
-
-#define SN_email_protect		"emailProtection"
-#define LN_email_protect		"E-mail Protection"
-#define NID_email_protect		132
-#define OBJ_email_protect		OBJ_id_kp,4L
-
-#define SN_time_stamp			"timeStamping"
-#define LN_time_stamp			"Time Stamping"
-#define NID_time_stamp			133
-#define OBJ_time_stamp			OBJ_id_kp,8L
-
-/* Additional extended key usage OIDs: Microsoft */
-
-#define SN_ms_code_ind			"msCodeInd"
-#define LN_ms_code_ind			"Microsoft Individual Code Signing"
-#define NID_ms_code_ind			134
-#define OBJ_ms_code_ind			1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
-
-#define SN_ms_code_com			"msCodeCom"
-#define LN_ms_code_com			"Microsoft Commercial Code Signing"
-#define NID_ms_code_com			135
-#define OBJ_ms_code_com			1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
-
-#define SN_ms_ctl_sign			"msCTLSign"
-#define LN_ms_ctl_sign			"Microsoft Trust List Signing"
-#define NID_ms_ctl_sign			136
-#define OBJ_ms_ctl_sign			1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
-
-#define SN_ms_sgc			"msSGC"
-#define LN_ms_sgc			"Microsoft Server Gated Crypto"
-#define NID_ms_sgc			137
-#define OBJ_ms_sgc			1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
-
-#define SN_ms_efs			"msEFS"
-#define LN_ms_efs			"Microsoft Encrypted File System"
-#define NID_ms_efs			138
-#define OBJ_ms_efs			1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
-
-/* Additional usage: Netscape */
-
-#define SN_ns_sgc			"nsSGC"
-#define LN_ns_sgc			"Netscape Server Gated Crypto"
-#define NID_ns_sgc			139
-#define OBJ_ns_sgc			OBJ_netscape,4L,1L
-
-#define SN_delta_crl			"deltaCRL"
-#define LN_delta_crl			"X509v3 Delta CRL Indicator"
-#define NID_delta_crl			140
-#define OBJ_delta_crl			OBJ_id_ce,27L
-
-#define SN_crl_reason			"CRLReason"
-#define LN_crl_reason			"CRL Reason Code"
-#define NID_crl_reason			141
-#define OBJ_crl_reason			OBJ_id_ce,21L
-
-#define SN_invalidity_date		"invalidityDate"
-#define LN_invalidity_date		"Invalidity Date"
-#define NID_invalidity_date		142
-#define OBJ_invalidity_date		OBJ_id_ce,24L
-
-#define SN_sxnet			"SXNetID"
-#define LN_sxnet			"Strong Extranet ID"
-#define NID_sxnet			143
-#define OBJ_sxnet			1L,3L,101L,1L,4L,1L
-
-/* PKCS12 and related OBJECT IDENTIFIERS */
-
-#define OBJ_pkcs12			OBJ_pkcs,12L
-#define OBJ_pkcs12_pbeids		OBJ_pkcs12, 1
-
-#define SN_pbe_WithSHA1And128BitRC4	"PBE-SHA1-RC4-128"
-#define LN_pbe_WithSHA1And128BitRC4	"pbeWithSHA1And128BitRC4"
-#define NID_pbe_WithSHA1And128BitRC4	144
-#define OBJ_pbe_WithSHA1And128BitRC4	OBJ_pkcs12_pbeids, 1L
-
-#define SN_pbe_WithSHA1And40BitRC4	"PBE-SHA1-RC4-40"
-#define LN_pbe_WithSHA1And40BitRC4	"pbeWithSHA1And40BitRC4"
-#define NID_pbe_WithSHA1And40BitRC4	145
-#define OBJ_pbe_WithSHA1And40BitRC4	OBJ_pkcs12_pbeids, 2L
-
-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC	"PBE-SHA1-3DES"
-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC	"pbeWithSHA1And3-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC	146
-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 3L
-
-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC	"PBE-SHA1-2DES"
-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC	"pbeWithSHA1And2-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC	147
-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 4L
-
-#define SN_pbe_WithSHA1And128BitRC2_CBC		"PBE-SHA1-RC2-128"
-#define LN_pbe_WithSHA1And128BitRC2_CBC		"pbeWithSHA1And128BitRC2-CBC"
-#define NID_pbe_WithSHA1And128BitRC2_CBC	148
-#define OBJ_pbe_WithSHA1And128BitRC2_CBC	OBJ_pkcs12_pbeids, 5L
-
-#define SN_pbe_WithSHA1And40BitRC2_CBC	"PBE-SHA1-RC2-40"
-#define LN_pbe_WithSHA1And40BitRC2_CBC	"pbeWithSHA1And40BitRC2-CBC"
-#define NID_pbe_WithSHA1And40BitRC2_CBC	149
-#define OBJ_pbe_WithSHA1And40BitRC2_CBC	OBJ_pkcs12_pbeids, 6L
-
-#define OBJ_pkcs12_Version1	OBJ_pkcs12, 10L
-
-#define OBJ_pkcs12_BagIds	OBJ_pkcs12_Version1, 1L
-
-#define LN_keyBag		"keyBag"
-#define NID_keyBag		150
-#define OBJ_keyBag		OBJ_pkcs12_BagIds, 1L
-
-#define LN_pkcs8ShroudedKeyBag	"pkcs8ShroudedKeyBag"
-#define NID_pkcs8ShroudedKeyBag	151
-#define OBJ_pkcs8ShroudedKeyBag	OBJ_pkcs12_BagIds, 2L
-
-#define LN_certBag		"certBag"
-#define NID_certBag		152
-#define OBJ_certBag		OBJ_pkcs12_BagIds, 3L
-
-#define LN_crlBag		"crlBag"
-#define NID_crlBag		153
-#define OBJ_crlBag		OBJ_pkcs12_BagIds, 4L
-
-#define LN_secretBag		"secretBag"
-#define NID_secretBag		154
-#define OBJ_secretBag		OBJ_pkcs12_BagIds, 5L
-
-#define LN_safeContentsBag	"safeContentsBag"
-#define NID_safeContentsBag	155
-#define OBJ_safeContentsBag	OBJ_pkcs12_BagIds, 6L
-
-#define LN_friendlyName		"friendlyName"
-#define	NID_friendlyName	156
-#define OBJ_friendlyName	OBJ_pkcs9, 20L
-
-#define LN_localKeyID		"localKeyID"
-#define	NID_localKeyID		157
-#define OBJ_localKeyID		OBJ_pkcs9, 21L
-
-#define OBJ_certTypes		OBJ_pkcs9, 22L
-
-#define LN_x509Certificate	"x509Certificate"
-#define	NID_x509Certificate	158
-#define OBJ_x509Certificate	OBJ_certTypes, 1L
-
-#define LN_sdsiCertificate	"sdsiCertificate"
-#define	NID_sdsiCertificate	159
-#define OBJ_sdsiCertificate	OBJ_certTypes, 2L
-
-#define OBJ_crlTypes		OBJ_pkcs9, 23L
-
-#define LN_x509Crl		"x509Crl"
-#define	NID_x509Crl		160
-#define OBJ_x509Crl		OBJ_crlTypes, 1L
-
-/* PKCS#5 v2 OIDs */
-
-#define LN_pbes2		"PBES2"
-#define NID_pbes2		161
-#define OBJ_pbes2		OBJ_pkcs,5L,13L
-
-#define LN_pbmac1		"PBMAC1"
-#define NID_pbmac1		162
-#define OBJ_pbmac1		OBJ_pkcs,5L,14L
-
-#define LN_hmacWithSHA1		"hmacWithSHA1"
-#define NID_hmacWithSHA1	163
-#define OBJ_hmacWithSHA1	OBJ_rsadsi,2L,7L
-
-/* Policy Qualifier Ids */
-
-#define LN_id_qt_cps		"Policy Qualifier CPS"
-#define SN_id_qt_cps		"id-qt-cps"
-#define NID_id_qt_cps		164
-#define OBJ_id_qt_cps		OBJ_id_pkix,2L,1L
-
-#define LN_id_qt_unotice	"Policy Qualifier User Notice"
-#define SN_id_qt_unotice	"id-qt-unotice"
-#define NID_id_qt_unotice	165
-#define OBJ_id_qt_unotice	OBJ_id_pkix,2L,2L
-
-#define SN_rc2_64_cbc			"RC2-64-CBC"
-#define LN_rc2_64_cbc			"rc2-64-cbc"
-#define NID_rc2_64_cbc			166
-
-#define SN_SMIMECapabilities		"SMIME-CAPS"
-#define LN_SMIMECapabilities		"S/MIME Capabilities"
-#define NID_SMIMECapabilities		167
-#define OBJ_SMIMECapabilities		OBJ_pkcs9,15L
-
-#define SN_pbeWithMD2AndRC2_CBC		"PBE-MD2-RC2-64"
-#define LN_pbeWithMD2AndRC2_CBC		"pbeWithMD2AndRC2-CBC"
-#define NID_pbeWithMD2AndRC2_CBC	168
-#define OBJ_pbeWithMD2AndRC2_CBC	OBJ_pkcs,5L,4L
-
-#define SN_pbeWithMD5AndRC2_CBC		"PBE-MD5-RC2-64"
-#define LN_pbeWithMD5AndRC2_CBC		"pbeWithMD5AndRC2-CBC"
-#define NID_pbeWithMD5AndRC2_CBC	169
-#define OBJ_pbeWithMD5AndRC2_CBC	OBJ_pkcs,5L,6L
-
-#define SN_pbeWithSHA1AndDES_CBC	"PBE-SHA1-DES"
-#define LN_pbeWithSHA1AndDES_CBC	"pbeWithSHA1AndDES-CBC"
-#define NID_pbeWithSHA1AndDES_CBC	170
-#define OBJ_pbeWithSHA1AndDES_CBC	OBJ_pkcs,5L,10L
-
-/* Extension request OIDs */
-
-#define LN_ms_ext_req			"Microsoft Extension Request"
-#define SN_ms_ext_req			"msExtReq"
-#define NID_ms_ext_req			171
-#define OBJ_ms_ext_req			1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
-
-#define LN_ext_req			"Extension Request"
-#define SN_ext_req			"extReq"
-#define NID_ext_req			172
-#define OBJ_ext_req			OBJ_pkcs9,14L
-
-#define SN_name				"name"
-#define LN_name				"name"
-#define NID_name			173
-#define OBJ_name			OBJ_X509,41L
-
-#define SN_dnQualifier			"dnQualifier"
-#define LN_dnQualifier			"dnQualifier"
-#define NID_dnQualifier			174
-#define OBJ_dnQualifier			OBJ_X509,46L
-
-#define SN_id_pe			"id-pe"
-#define NID_id_pe			175
-#define OBJ_id_pe			OBJ_id_pkix,1L
-
-#define SN_id_ad			"id-ad"
-#define NID_id_ad			176
-#define OBJ_id_ad			OBJ_id_pkix,48L
-
-#define SN_info_access			"authorityInfoAccess"
-#define LN_info_access			"Authority Information Access"
-#define NID_info_access			177
-#define OBJ_info_access			OBJ_id_pe,1L
-
-#define SN_ad_OCSP			"OCSP"
-#define LN_ad_OCSP			"OCSP"
-#define NID_ad_OCSP			178
-#define OBJ_ad_OCSP			OBJ_id_ad,1L
-
-#define SN_ad_ca_issuers		"caIssuers"
-#define LN_ad_ca_issuers		"CA Issuers"
-#define NID_ad_ca_issuers		179
-#define OBJ_ad_ca_issuers		OBJ_id_ad,2L
-
-#define SN_OCSP_sign			"OCSPSigning"
-#define LN_OCSP_sign			"OCSP Signing"
-#define NID_OCSP_sign			180
-#define OBJ_OCSP_sign			OBJ_id_kp,9L
-#endif /* USE_OBJ_MAC */
-
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-
-#define	OBJ_NAME_TYPE_UNDEF		0x00
-#define	OBJ_NAME_TYPE_MD_METH		0x01
-#define	OBJ_NAME_TYPE_CIPHER_METH	0x02
-#define	OBJ_NAME_TYPE_PKEY_METH		0x03
-#define	OBJ_NAME_TYPE_COMP_METH		0x04
-#define	OBJ_NAME_TYPE_NUM		0x05
-
-#define	OBJ_NAME_ALIAS			0x8000
-
-#define OBJ_BSEARCH_VALUE_ON_NOMATCH		0x01
-#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH	0x02
-
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct obj_name_st
-	{
-	int type;
-	int alias;
-	const char *name;
-	const char *data;
-	} OBJ_NAME;
-
-#define		OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
-
-
-int OBJ_NAME_init(void);
-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
-		       int (*cmp_func)(const char *, const char *),
-		       void (*free_func)(const char *, int, const char *));
-const char *OBJ_NAME_get(const char *name,int type);
-int OBJ_NAME_add(const char *name,int type,const char *data);
-int OBJ_NAME_remove(const char *name,int type);
-void OBJ_NAME_cleanup(int type); /* -1 for everything */
-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),
-		     void *arg);
-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
-			    void *arg);
-
-ASN1_OBJECT *	OBJ_dup(const ASN1_OBJECT *o);
-ASN1_OBJECT *	OBJ_nid2obj(int n);
-const char *	OBJ_nid2ln(int n);
-const char *	OBJ_nid2sn(int n);
-int		OBJ_obj2nid(const ASN1_OBJECT *o);
-ASN1_OBJECT *	OBJ_txt2obj(const char *s, int no_name);
-int	OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
-int		OBJ_txt2nid(const char *s);
-int		OBJ_ln2nid(const char *s);
-int		OBJ_sn2nid(const char *s);
-int		OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
-const void *	OBJ_bsearch_(const void *key,const void *base,int num,int size,
-			     int (*cmp)(const void *, const void *));
-const void *	OBJ_bsearch_ex_(const void *key,const void *base,int num,
-				int size,
-				int (*cmp)(const void *, const void *),
-				int flags);
-
-#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)	\
-  static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
-  static int nm##_cmp(type1 const *, type2 const *); \
-  scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
-
-#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)	\
-  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
-#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)	\
-  type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
-
-/*
- * Unsolved problem: if a type is actually a pointer type, like
- * nid_triple is, then its impossible to get a const where you need
- * it. Consider:
- *
- * typedef int nid_triple[3];
- * const void *a_;
- * const nid_triple const *a = a_;
- *
- * The assignement discards a const because what you really want is:
- *
- * const int const * const *a = a_;
- *
- * But if you do that, you lose the fact that a is an array of 3 ints,
- * which breaks comparison functions.
- *
- * Thus we end up having to cast, sadly, or unpack the
- * declarations. Or, as I finally did in this case, delcare nid_triple
- * to be a struct, which it should have been in the first place.
- *
- * Ben, August 2008.
- *
- * Also, strictly speaking not all types need be const, but handling
- * the non-constness means a lot of complication, and in practice
- * comparison routines do always not touch their arguments.
- */
-
-#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm)	\
-  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)	\
-      { \
-      type1 const *a = a_; \
-      type2 const *b = b_; \
-      return nm##_cmp(a,b); \
-      } \
-  static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
-      { \
-      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
-					nm##_cmp_BSEARCH_CMP_FN); \
-      } \
-      extern void dummy_prototype(void)
-
-#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)	\
-  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)	\
-      { \
-      type1 const *a = a_; \
-      type2 const *b = b_; \
-      return nm##_cmp(a,b); \
-      } \
-  type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
-      { \
-      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
-					nm##_cmp_BSEARCH_CMP_FN); \
-      } \
-      extern void dummy_prototype(void)
-
-#define OBJ_bsearch(type1,key,type2,base,num,cmp)			       \
-  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
-			 num,sizeof(type2),				\
-			 ((void)CHECKED_PTR_OF(type1,cmp##_type_1),	\
-			  (void)CHECKED_PTR_OF(type2,cmp##_type_2),	\
-			  cmp##_BSEARCH_CMP_FN)))
-
-#define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags)			\
-  ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
-			 num,sizeof(type2),				\
-			 ((void)CHECKED_PTR_OF(type1,cmp##_type_1),	\
-			  (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
-			  cmp##_BSEARCH_CMP_FN)),flags)
-
-int		OBJ_new_nid(int num);
-int		OBJ_add_object(const ASN1_OBJECT *obj);
-int		OBJ_create(const char *oid,const char *sn,const char *ln);
-void		OBJ_cleanup(void );
-int		OBJ_create_objects(BIO *in);
-
-int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
-int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
-int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
-void OBJ_sigid_free(void);
-
-extern int obj_cleanup_defer;
-void check_defer(int nid);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_OBJ_strings(void);
-
-/* Error codes for the OBJ functions. */
-
-/* Function codes. */
-#define OBJ_F_OBJ_ADD_OBJECT				 105
-#define OBJ_F_OBJ_CREATE				 100
-#define OBJ_F_OBJ_DUP					 101
-#define OBJ_F_OBJ_NAME_NEW_INDEX			 106
-#define OBJ_F_OBJ_NID2LN				 102
-#define OBJ_F_OBJ_NID2OBJ				 103
-#define OBJ_F_OBJ_NID2SN				 104
-
-/* Reason codes. */
-#define OBJ_R_MALLOC_FAILURE				 100
-#define OBJ_R_UNKNOWN_NID				 101
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
deleted file mode 100644
index f14e9f7e11..0000000000
--- a/include/openssl/ocsp.h
+++ /dev/null
@@ -1,630 +0,0 @@
-/* ocsp.h */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
-
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_OCSP_H
-#define HEADER_OCSP_H
-
-#include <openssl/ossl_typ.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/safestack.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Various flags and values */
-
-#define OCSP_DEFAULT_NONCE_LENGTH	16
-
-#define OCSP_NOCERTS			0x1
-#define OCSP_NOINTERN			0x2
-#define OCSP_NOSIGS			0x4
-#define OCSP_NOCHAIN			0x8
-#define OCSP_NOVERIFY			0x10
-#define OCSP_NOEXPLICIT			0x20
-#define OCSP_NOCASIGN			0x40
-#define OCSP_NODELEGATED		0x80
-#define OCSP_NOCHECKS			0x100
-#define OCSP_TRUSTOTHER			0x200
-#define OCSP_RESPID_KEY			0x400
-#define OCSP_NOTIME			0x800
-
-#ifdef OPENSSL_SYS_WIN32
-  /* Under Win32 these are defined in wincrypt.h */
-#undef OCSP_REQUEST
-#undef X509_NAME
-#undef OCSP_RESPONSE
-#endif
-
-/*   CertID ::= SEQUENCE {
- *       hashAlgorithm            AlgorithmIdentifier,
- *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
- *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
- *       serialNumber       CertificateSerialNumber }
- */
-typedef struct ocsp_cert_id_st
-	{
-	X509_ALGOR *hashAlgorithm;
-	ASN1_OCTET_STRING *issuerNameHash;
-	ASN1_OCTET_STRING *issuerKeyHash;
-	ASN1_INTEGER *serialNumber;
-	} OCSP_CERTID;
-
-DECLARE_STACK_OF(OCSP_CERTID)
-
-/*   Request ::=     SEQUENCE {
- *       reqCert                    CertID,
- *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_one_request_st
-	{
-	OCSP_CERTID *reqCert;
-	STACK_OF(X509_EXTENSION) *singleRequestExtensions;
-	} OCSP_ONEREQ;
-
-DECLARE_STACK_OF(OCSP_ONEREQ)
-DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
-
-
-/*   TBSRequest      ::=     SEQUENCE {
- *       version             [0] EXPLICIT Version DEFAULT v1,
- *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
- *       requestList             SEQUENCE OF Request,
- *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_req_info_st
-	{
-	ASN1_INTEGER *version;
-	GENERAL_NAME *requestorName;
-	STACK_OF(OCSP_ONEREQ) *requestList;
-	STACK_OF(X509_EXTENSION) *requestExtensions;
-	} OCSP_REQINFO;
-
-/*   Signature       ::=     SEQUENCE {
- *       signatureAlgorithm   AlgorithmIdentifier,
- *       signature            BIT STRING,
- *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-typedef struct ocsp_signature_st
-	{
-	X509_ALGOR *signatureAlgorithm;
-	ASN1_BIT_STRING *signature;
-	STACK_OF(X509) *certs;
-	} OCSP_SIGNATURE;
-
-/*   OCSPRequest     ::=     SEQUENCE {
- *       tbsRequest                  TBSRequest,
- *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
- */
-typedef struct ocsp_request_st
-	{
-	OCSP_REQINFO *tbsRequest;
-	OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
-	} OCSP_REQUEST;
-
-/*   OCSPResponseStatus ::= ENUMERATED {
- *       successful            (0),      --Response has valid confirmations
- *       malformedRequest      (1),      --Illegal confirmation request
- *       internalError         (2),      --Internal error in issuer
- *       tryLater              (3),      --Try again later
- *                                       --(4) is not used
- *       sigRequired           (5),      --Must sign the request
- *       unauthorized          (6)       --Request unauthorized
- *   }
- */
-#define OCSP_RESPONSE_STATUS_SUCCESSFUL          0
-#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
-#define OCSP_RESPONSE_STATUS_INTERNALERROR        2
-#define OCSP_RESPONSE_STATUS_TRYLATER             3
-#define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
-#define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
-
-/*   ResponseBytes ::=       SEQUENCE {
- *       responseType   OBJECT IDENTIFIER,
- *       response       OCTET STRING }
- */
-typedef struct ocsp_resp_bytes_st
-	{
-	ASN1_OBJECT *responseType;
-	ASN1_OCTET_STRING *response;
-	} OCSP_RESPBYTES;
-
-/*   OCSPResponse ::= SEQUENCE {
- *      responseStatus         OCSPResponseStatus,
- *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
- */
-struct ocsp_response_st
-	{
-	ASN1_ENUMERATED *responseStatus;
-	OCSP_RESPBYTES  *responseBytes;
-	};
-
-/*   ResponderID ::= CHOICE {
- *      byName   [1] Name,
- *      byKey    [2] KeyHash }
- */
-#define V_OCSP_RESPID_NAME 0
-#define V_OCSP_RESPID_KEY  1
-struct ocsp_responder_id_st
-	{
-	int type;
-	union   {
-		X509_NAME* byName;
-        	ASN1_OCTET_STRING *byKey;
-		} value;
-	};
-
-DECLARE_STACK_OF(OCSP_RESPID)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
-
-/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
- *                            --(excluding the tag and length fields)
- */
-
-/*   RevokedInfo ::= SEQUENCE {
- *       revocationTime              GeneralizedTime,
- *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
- */
-typedef struct ocsp_revoked_info_st
-	{
-	ASN1_GENERALIZEDTIME *revocationTime;
-	ASN1_ENUMERATED *revocationReason;
-	} OCSP_REVOKEDINFO;
-
-/*   CertStatus ::= CHOICE {
- *       good                [0]     IMPLICIT NULL,
- *       revoked             [1]     IMPLICIT RevokedInfo,
- *       unknown             [2]     IMPLICIT UnknownInfo }
- */
-#define V_OCSP_CERTSTATUS_GOOD    0
-#define V_OCSP_CERTSTATUS_REVOKED 1
-#define V_OCSP_CERTSTATUS_UNKNOWN 2
-typedef struct ocsp_cert_status_st
-	{
-	int type;
-	union	{
-		ASN1_NULL *good;
-		OCSP_REVOKEDINFO *revoked;
-		ASN1_NULL *unknown;
-		} value;
-	} OCSP_CERTSTATUS;
-
-/*   SingleResponse ::= SEQUENCE {
- *      certID                       CertID,
- *      certStatus                   CertStatus,
- *      thisUpdate                   GeneralizedTime,
- *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
- *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_single_response_st
-	{
-	OCSP_CERTID *certId;
-	OCSP_CERTSTATUS *certStatus;
-	ASN1_GENERALIZEDTIME *thisUpdate;
-	ASN1_GENERALIZEDTIME *nextUpdate;
-	STACK_OF(X509_EXTENSION) *singleExtensions;
-	} OCSP_SINGLERESP;
-
-DECLARE_STACK_OF(OCSP_SINGLERESP)
-DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
-
-/*   ResponseData ::= SEQUENCE {
- *      version              [0] EXPLICIT Version DEFAULT v1,
- *      responderID              ResponderID,
- *      producedAt               GeneralizedTime,
- *      responses                SEQUENCE OF SingleResponse,
- *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_response_data_st
-	{
-	ASN1_INTEGER *version;
-	OCSP_RESPID  *responderId;
-	ASN1_GENERALIZEDTIME *producedAt;
-	STACK_OF(OCSP_SINGLERESP) *responses;
-	STACK_OF(X509_EXTENSION) *responseExtensions;
-	} OCSP_RESPDATA;
-
-/*   BasicOCSPResponse       ::= SEQUENCE {
- *      tbsResponseData      ResponseData,
- *      signatureAlgorithm   AlgorithmIdentifier,
- *      signature            BIT STRING,
- *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-  /* Note 1:
-     The value for "signature" is specified in the OCSP rfc2560 as follows:
-     "The value for the signature SHALL be computed on the hash of the DER
-     encoding ResponseData."  This means that you must hash the DER-encoded
-     tbsResponseData, and then run it through a crypto-signing function, which
-     will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems
-     a bit odd, but that's the spec.  Also note that the data structures do not
-     leave anywhere to independently specify the algorithm used for the initial
-     hash. So, we look at the signature-specification algorithm, and try to do
-     something intelligent.	-- Kathy Weinhold, CertCo */
-  /* Note 2:
-     It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
-     for interpretation.  I've done tests against another responder, and found
-     that it doesn't do the double hashing that the RFC seems to say one
-     should.  Therefore, all relevant functions take a flag saying which
-     variant should be used.	-- Richard Levitte, OpenSSL team and CeloCom */
-typedef struct ocsp_basic_response_st
-	{
-	OCSP_RESPDATA *tbsResponseData;
-	X509_ALGOR *signatureAlgorithm;
-	ASN1_BIT_STRING *signature;
-	STACK_OF(X509) *certs;
-	} OCSP_BASICRESP;
-
-/*
- *   CRLReason ::= ENUMERATED {
- *        unspecified             (0),
- *        keyCompromise           (1),
- *        cACompromise            (2),
- *        affiliationChanged      (3),
- *        superseded              (4),
- *        cessationOfOperation    (5),
- *        certificateHold         (6),
- *        removeFromCRL           (8) }
- */
-#define OCSP_REVOKED_STATUS_NOSTATUS               -1
-#define OCSP_REVOKED_STATUS_UNSPECIFIED             0
-#define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
-#define OCSP_REVOKED_STATUS_CACOMPROMISE            2
-#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
-#define OCSP_REVOKED_STATUS_SUPERSEDED              4
-#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
-#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
-#define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
-
-/* CrlID ::= SEQUENCE {
- *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
- *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
- *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
- */
-typedef struct ocsp_crl_id_st
-        {
-	ASN1_IA5STRING *crlUrl;
-	ASN1_INTEGER *crlNum;
-	ASN1_GENERALIZEDTIME *crlTime;
-        } OCSP_CRLID;
-
-/* ServiceLocator ::= SEQUENCE {
- *      issuer    Name,
- *      locator   AuthorityInfoAccessSyntax OPTIONAL }
- */
-typedef struct ocsp_service_locator_st
-        {
-	X509_NAME* issuer;
-	STACK_OF(ACCESS_DESCRIPTION) *locator;
-        } OCSP_SERVICELOC;
- 
-#define PEM_STRING_OCSP_REQUEST	"OCSP REQUEST"
-#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
-
-#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
-
-#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
-
-#define	PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
-     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
-
-#define	PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
-     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
-
-#define PEM_write_bio_OCSP_REQUEST(bp,o) \
-    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
-			bp,(char *)o, NULL,NULL,0,NULL,NULL)
-
-#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
-    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
-			bp,(char *)o, NULL,NULL,0,NULL,NULL)
-
-#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
-
-#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
-
-#define OCSP_REQUEST_sign(o,pkey,md) \
-	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
-		o->optionalSignature->signatureAlgorithm,NULL,\
-	        o->optionalSignature->signature,o->tbsRequest,pkey,md)
-
-#define OCSP_BASICRESP_sign(o,pkey,md,d) \
-	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
-		o->signature,o->tbsResponseData,pkey,md)
-
-#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
-        a->optionalSignature->signatureAlgorithm,\
-	a->optionalSignature->signature,a->tbsRequest,r)
-
-#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
-	a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
-
-#define ASN1_BIT_STRING_digest(data,type,md,len) \
-	ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
-
-#define OCSP_CERTSTATUS_dup(cs)\
-                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
-		(char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
-
-OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
-
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
-								int maxline);
-int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
-void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
-int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
-int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
-		const char *name, const char *value);
-
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
-
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
-			      X509_NAME *issuerName, 
-			      ASN1_BIT_STRING* issuerKey, 
-			      ASN1_INTEGER *serialNumber);
-
-OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
-
-int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
-int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
-int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
-int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
-
-int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
-int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
-
-int OCSP_request_sign(OCSP_REQUEST   *req,
-		      X509           *signer,
-		      EVP_PKEY       *key,
-		      const EVP_MD   *dgst,
-		      STACK_OF(X509) *certs,
-		      unsigned long flags);
-
-int OCSP_response_status(OCSP_RESPONSE *resp);
-OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
-
-int OCSP_resp_count(OCSP_BASICRESP *bs);
-OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
-int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
-int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
-				ASN1_GENERALIZEDTIME **revtime,
-				ASN1_GENERALIZEDTIME **thisupd,
-				ASN1_GENERALIZEDTIME **nextupd);
-int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
-				int *reason,
-				ASN1_GENERALIZEDTIME **revtime,
-				ASN1_GENERALIZEDTIME **thisupd,
-				ASN1_GENERALIZEDTIME **nextupd);
-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
-			ASN1_GENERALIZEDTIME *nextupd,
-			long sec, long maxsec);
-
-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);
-
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);
-
-int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
-int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
-
-int OCSP_request_onereq_count(OCSP_REQUEST *req);
-OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
-OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
-			ASN1_OCTET_STRING **pikeyHash,
-			ASN1_INTEGER **pserial, OCSP_CERTID *cid);
-int OCSP_request_is_signed(OCSP_REQUEST *req);
-OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
-OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
-						OCSP_CERTID *cid,
-						int status, int reason,
-						ASN1_TIME *revtime,
-					ASN1_TIME *thisupd, ASN1_TIME *nextupd);
-int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
-int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
-			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
-			STACK_OF(X509) *certs, unsigned long flags);
-
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
-
-X509_EXTENSION *OCSP_accept_responses_new(char **oids);
-
-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
-
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
-
-int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
-int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
-X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);
-int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
-							unsigned long flags);
-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
-int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
-X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
-int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
-							unsigned long flags);
-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
-int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
-X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);
-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
-							unsigned long flags);
-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
-int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
-X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);
-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
-							unsigned long flags);
-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
-
-DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
-DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
-DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
-DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
-DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
-DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
-DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
-DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
-DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
-DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
-DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
-
-const char *OCSP_response_status_str(long s);
-const char *OCSP_cert_status_str(long s);
-const char *OCSP_crl_reason_str(long s);
-
-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
-
-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-				X509_STORE *st, unsigned long flags);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_OCSP_strings(void);
-
-/* Error codes for the OCSP functions. */
-
-/* Function codes. */
-#define OCSP_F_ASN1_STRING_ENCODE			 100
-#define OCSP_F_D2I_OCSP_NONCE				 102
-#define OCSP_F_OCSP_BASIC_ADD1_STATUS			 103
-#define OCSP_F_OCSP_BASIC_SIGN				 104
-#define OCSP_F_OCSP_BASIC_VERIFY			 105
-#define OCSP_F_OCSP_CERT_ID_NEW				 101
-#define OCSP_F_OCSP_CHECK_DELEGATED			 106
-#define OCSP_F_OCSP_CHECK_IDS				 107
-#define OCSP_F_OCSP_CHECK_ISSUER			 108
-#define OCSP_F_OCSP_CHECK_VALIDITY			 115
-#define OCSP_F_OCSP_MATCH_ISSUERID			 109
-#define OCSP_F_OCSP_PARSE_URL				 114
-#define OCSP_F_OCSP_REQUEST_SIGN			 110
-#define OCSP_F_OCSP_REQUEST_VERIFY			 116
-#define OCSP_F_OCSP_RESPONSE_GET1_BASIC			 111
-#define OCSP_F_OCSP_SENDREQ_BIO				 112
-#define OCSP_F_OCSP_SENDREQ_NBIO			 117
-#define OCSP_F_PARSE_HTTP_LINE1				 118
-#define OCSP_F_REQUEST_VERIFY				 113
-
-/* Reason codes. */
-#define OCSP_R_BAD_DATA					 100
-#define OCSP_R_CERTIFICATE_VERIFY_ERROR			 101
-#define OCSP_R_DIGEST_ERR				 102
-#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD		 122
-#define OCSP_R_ERROR_IN_THISUPDATE_FIELD		 123
-#define OCSP_R_ERROR_PARSING_URL			 121
-#define OCSP_R_MISSING_OCSPSIGNING_USAGE		 103
-#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE		 124
-#define OCSP_R_NOT_BASIC_RESPONSE			 104
-#define OCSP_R_NO_CERTIFICATES_IN_CHAIN			 105
-#define OCSP_R_NO_CONTENT				 106
-#define OCSP_R_NO_PUBLIC_KEY				 107
-#define OCSP_R_NO_RESPONSE_DATA				 108
-#define OCSP_R_NO_REVOKED_TIME				 109
-#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 110
-#define OCSP_R_REQUEST_NOT_SIGNED			 128
-#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA	 111
-#define OCSP_R_ROOT_CA_NOT_TRUSTED			 112
-#define OCSP_R_SERVER_READ_ERROR			 113
-#define OCSP_R_SERVER_RESPONSE_ERROR			 114
-#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR		 115
-#define OCSP_R_SERVER_WRITE_ERROR			 116
-#define OCSP_R_SIGNATURE_FAILURE			 117
-#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND		 118
-#define OCSP_R_STATUS_EXPIRED				 125
-#define OCSP_R_STATUS_NOT_YET_VALID			 126
-#define OCSP_R_STATUS_TOO_OLD				 127
-#define OCSP_R_UNKNOWN_MESSAGE_DIGEST			 119
-#define OCSP_R_UNKNOWN_NID				 120
-#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE		 129
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/opensslconf-32.h b/include/openssl/opensslconf-32.h
deleted file mode 100644
index b5b3dd2b6e..0000000000
--- a/include/openssl/opensslconf-32.h
+++ /dev/null
@@ -1,334 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# define OPENSSL_NO_RDRAND
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_RSAX
-# define OPENSSL_NO_RSAX
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_DTLS1) && !defined(NO_DTLS1)
-#  define NO_DTLS1
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_GOST
-# endif
-# if defined(OPENSSL_NO_HEARTBEATS) && !defined(NO_HEARTBEATS)
-#  define NO_HEARTBEATS
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RDRAND) && !defined(NO_RDRAND)
-#  define NO_RDRAND
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_RSAX) && !defined(NO_RSAX)
-#  define NO_RSAX
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_STATIC_ENGINE) && !defined(NO_STATIC_ENGINE)
-#  define NO_STATIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-#  define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned char
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/include/openssl/opensslconf-64.h b/include/openssl/opensslconf-64.h
deleted file mode 100644
index 30e7ad8641..0000000000
--- a/include/openssl/opensslconf-64.h
+++ /dev/null
@@ -1,334 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# define OPENSSL_NO_RDRAND
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_RSAX
-# define OPENSSL_NO_RSAX
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_DTLS1) && !defined(NO_DTLS1)
-#  define NO_DTLS1
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_GOST
-# endif
-# if defined(OPENSSL_NO_HEARTBEATS) && !defined(NO_HEARTBEATS)
-#  define NO_HEARTBEATS
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RDRAND) && !defined(NO_RDRAND)
-#  define NO_RDRAND
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_RSAX) && !defined(NO_RSAX)
-#  define NO_RSAX
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_STATIC_ENGINE) && !defined(NO_STATIC_ENGINE)
-#  define NO_STATIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-#  define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned char
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#define SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#undef THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/include/openssl/opensslconf-static-32.h b/include/openssl/opensslconf-static-32.h
deleted file mode 100644
index b5b3dd2b6e..0000000000
--- a/include/openssl/opensslconf-static-32.h
+++ /dev/null
@@ -1,334 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# define OPENSSL_NO_RDRAND
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_RSAX
-# define OPENSSL_NO_RSAX
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_DTLS1) && !defined(NO_DTLS1)
-#  define NO_DTLS1
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_GOST
-# endif
-# if defined(OPENSSL_NO_HEARTBEATS) && !defined(NO_HEARTBEATS)
-#  define NO_HEARTBEATS
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RDRAND) && !defined(NO_RDRAND)
-#  define NO_RDRAND
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_RSAX) && !defined(NO_RSAX)
-#  define NO_RSAX
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_STATIC_ENGINE) && !defined(NO_STATIC_ENGINE)
-#  define NO_STATIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-#  define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned char
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/include/openssl/opensslconf-static-64.h b/include/openssl/opensslconf-static-64.h
deleted file mode 100644
index 30e7ad8641..0000000000
--- a/include/openssl/opensslconf-static-64.h
+++ /dev/null
@@ -1,334 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# define OPENSSL_NO_RDRAND
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_RSAX
-# define OPENSSL_NO_RSAX
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_DTLS1) && !defined(NO_DTLS1)
-#  define NO_DTLS1
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_GOST
-# endif
-# if defined(OPENSSL_NO_HEARTBEATS) && !defined(NO_HEARTBEATS)
-#  define NO_HEARTBEATS
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RDRAND) && !defined(NO_RDRAND)
-#  define NO_RDRAND
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_RSAX) && !defined(NO_RSAX)
-#  define NO_RSAX
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_STATIC_ENGINE) && !defined(NO_STATIC_ENGINE)
-#  define NO_STATIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-#  define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned char
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#define SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#undef THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/include/openssl/opensslconf-static-trusty.h b/include/openssl/opensslconf-static-trusty.h
deleted file mode 100644
index bff5910c30..0000000000
--- a/include/openssl/opensslconf-static-trusty.h
+++ /dev/null
@@ -1,460 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_COMP
-# define OPENSSL_NO_COMP
-#endif
-#ifndef OPENSSL_NO_CONF
-# define OPENSSL_NO_CONF
-#endif
-#ifndef OPENSSL_NO_DES
-# define OPENSSL_NO_DES
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_LOCKING
-# define OPENSSL_NO_LOCKING
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MD4
-# define OPENSSL_NO_MD4
-#endif
-#ifndef OPENSSL_NO_MD5
-# define OPENSSL_NO_MD5
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_OCSP
-# define OPENSSL_NO_OCSP
-#endif
-#ifndef OPENSSL_NO_PEM
-# define OPENSSL_NO_PEM
-#endif
-#ifndef OPENSSL_NO_PKCS12
-# define OPENSSL_NO_PKCS12
-#endif
-#ifndef OPENSSL_NO_PQUEUE
-# define OPENSSL_NO_PQUEUE
-#endif
-#ifndef OPENSSL_NO_RC2
-# define OPENSSL_NO_RC2
-#endif
-#ifndef OPENSSL_NO_RC4
-# define OPENSSL_NO_RC4
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# define OPENSSL_NO_RDRAND
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_RSAX
-# define OPENSSL_NO_RSAX
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_SRP
-# define OPENSSL_NO_SRP
-#endif
-#ifndef OPENSSL_NO_SSL2
-# define OPENSSL_NO_SSL2
-#endif
-#ifndef OPENSSL_NO_SSL3
-# define OPENSSL_NO_SSL3
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_TLS1
-# define OPENSSL_NO_TLS1
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-# define OPENSSL_NO_TLSEXT
-#endif
-#ifndef OPENSSL_NO_TS
-# define OPENSSL_NO_TS
-#endif
-#ifndef OPENSSL_NO_TXT_DB
-# define OPENSSL_NO_TXT_DB
-#endif
-#ifndef OPENSSL_NO_UI
-# define OPENSSL_NO_UI
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_NO_ERR
-# define OPENSSL_NO_ERR
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
-#  define NO_CMS
-# endif
-# if defined(OPENSSL_NO_COMP) && !defined(NO_COMP)
-#  define NO_COMP
-# endif
-# if defined(OPENSSL_NO_CONF) && !defined(NO_CONF)
-#  define NO_CONF
-# endif
-# if defined(OPENSSL_NO_DES) && !defined(NO_DES)
-#  define NO_DES
-# endif
-# if defined(OPENSSL_NO_DTLS1) && !defined(NO_DTLS1)
-#  define NO_DTLS1
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_GOST
-# endif
-# if defined(OPENSSL_NO_HEARTBEATS) && !defined(NO_HEARTBEATS)
-#  define NO_HEARTBEATS
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_LOCKING) && !defined(NO_LOCKING)
-#  define NO_LOCKING
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MD4) && !defined(NO_MD4)
-#  define NO_MD4
-# endif
-# if defined(OPENSSL_NO_MD5) && !defined(NO_MD5)
-#  define NO_MD5
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_OCSP) && !defined(NO_OCSP)
-#  define NO_OCSP
-# endif
-# if defined(OPENSSL_NO_PEM) && !defined(NO_PEM)
-#  define NO_PEM
-# endif
-# if defined(OPENSSL_NO_PKCS12) && !defined(NO_PKCS12)
-#  define NO_PKCS12
-# endif
-# if defined(OPENSSL_NO_PQUEUE) && !defined(NO_PQUEUE)
-#  define NO_PQUEUE
-# endif
-# if defined(OPENSSL_NO_RC2) && !defined(NO_RC2)
-#  define NO_RC2
-# endif
-# if defined(OPENSSL_NO_RC4) && !defined(NO_RC4)
-#  define NO_RC4
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RDRAND) && !defined(NO_RDRAND)
-#  define NO_RDRAND
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_RSAX) && !defined(NO_RSAX)
-#  define NO_RSAX
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
-#  define NO_SRP
-# endif
-# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
-#  define NO_SSL2
-# endif
-# if defined(OPENSSL_NO_SSL3) && !defined(NO_SSL3)
-#  define NO_SSL3
-# endif
-# if defined(OPENSSL_NO_STATIC_ENGINE) && !defined(NO_STATIC_ENGINE)
-#  define NO_STATIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_TLS1) && !defined(NO_TLS1)
-#  define NO_TLS1
-# endif
-# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT)
-#  define NO_TLSEXT
-# endif
-# if defined(OPENSSL_NO_TS) && !defined(NO_TS)
-#  define NO_TS
-# endif
-# if defined(OPENSSL_NO_TXT_DB) && !defined(NO_TXT_DB)
-#  define NO_TXT_DB
-# endif
-# if defined(OPENSSL_NO_UI) && !defined(NO_UI)
-#  define NO_UI
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-#  define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <trusty_std.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/include/openssl/opensslconf-static.h b/include/openssl/opensslconf-static.h
deleted file mode 100644
index f63a6e0a1b..0000000000
--- a/include/openssl/opensslconf-static.h
+++ /dev/null
@@ -1,6 +0,0 @@
-// Auto-generated - DO NOT EDIT!
-#if defined(__LP64__)
-#include "opensslconf-static-64.h"
-#else
-#include "opensslconf-static-32.h"
-#endif
diff --git a/include/openssl/opensslconf-trusty.h b/include/openssl/opensslconf-trusty.h
deleted file mode 100644
index bff5910c30..0000000000
--- a/include/openssl/opensslconf-trusty.h
+++ /dev/null
@@ -1,460 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_COMP
-# define OPENSSL_NO_COMP
-#endif
-#ifndef OPENSSL_NO_CONF
-# define OPENSSL_NO_CONF
-#endif
-#ifndef OPENSSL_NO_DES
-# define OPENSSL_NO_DES
-#endif
-#ifndef OPENSSL_NO_DTLS1
-# define OPENSSL_NO_DTLS1
-#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
-#endif
-#ifndef OPENSSL_NO_HEARTBEATS
-# define OPENSSL_NO_HEARTBEATS
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_LOCKING
-# define OPENSSL_NO_LOCKING
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_MD4
-# define OPENSSL_NO_MD4
-#endif
-#ifndef OPENSSL_NO_MD5
-# define OPENSSL_NO_MD5
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_OCSP
-# define OPENSSL_NO_OCSP
-#endif
-#ifndef OPENSSL_NO_PEM
-# define OPENSSL_NO_PEM
-#endif
-#ifndef OPENSSL_NO_PKCS12
-# define OPENSSL_NO_PKCS12
-#endif
-#ifndef OPENSSL_NO_PQUEUE
-# define OPENSSL_NO_PQUEUE
-#endif
-#ifndef OPENSSL_NO_RC2
-# define OPENSSL_NO_RC2
-#endif
-#ifndef OPENSSL_NO_RC4
-# define OPENSSL_NO_RC4
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RDRAND
-# define OPENSSL_NO_RDRAND
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_RIPEMD
-#endif
-#ifndef OPENSSL_NO_RSAX
-# define OPENSSL_NO_RSAX
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_SRP
-# define OPENSSL_NO_SRP
-#endif
-#ifndef OPENSSL_NO_SSL2
-# define OPENSSL_NO_SSL2
-#endif
-#ifndef OPENSSL_NO_SSL3
-# define OPENSSL_NO_SSL3
-#endif
-#ifndef OPENSSL_NO_STATIC_ENGINE
-# define OPENSSL_NO_STATIC_ENGINE
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_TLS1
-# define OPENSSL_NO_TLS1
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-# define OPENSSL_NO_TLSEXT
-#endif
-#ifndef OPENSSL_NO_TS
-# define OPENSSL_NO_TS
-#endif
-#ifndef OPENSSL_NO_TXT_DB
-# define OPENSSL_NO_TXT_DB
-#endif
-#ifndef OPENSSL_NO_UI
-# define OPENSSL_NO_UI
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_WHIRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_NO_ERR
-# define OPENSSL_NO_ERR
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
-#  define NO_CMS
-# endif
-# if defined(OPENSSL_NO_COMP) && !defined(NO_COMP)
-#  define NO_COMP
-# endif
-# if defined(OPENSSL_NO_CONF) && !defined(NO_CONF)
-#  define NO_CONF
-# endif
-# if defined(OPENSSL_NO_DES) && !defined(NO_DES)
-#  define NO_DES
-# endif
-# if defined(OPENSSL_NO_DTLS1) && !defined(NO_DTLS1)
-#  define NO_DTLS1
-# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_GOST
-# endif
-# if defined(OPENSSL_NO_HEARTBEATS) && !defined(NO_HEARTBEATS)
-#  define NO_HEARTBEATS
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_LOCKING) && !defined(NO_LOCKING)
-#  define NO_LOCKING
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_MD4) && !defined(NO_MD4)
-#  define NO_MD4
-# endif
-# if defined(OPENSSL_NO_MD5) && !defined(NO_MD5)
-#  define NO_MD5
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_OCSP) && !defined(NO_OCSP)
-#  define NO_OCSP
-# endif
-# if defined(OPENSSL_NO_PEM) && !defined(NO_PEM)
-#  define NO_PEM
-# endif
-# if defined(OPENSSL_NO_PKCS12) && !defined(NO_PKCS12)
-#  define NO_PKCS12
-# endif
-# if defined(OPENSSL_NO_PQUEUE) && !defined(NO_PQUEUE)
-#  define NO_PQUEUE
-# endif
-# if defined(OPENSSL_NO_RC2) && !defined(NO_RC2)
-#  define NO_RC2
-# endif
-# if defined(OPENSSL_NO_RC4) && !defined(NO_RC4)
-#  define NO_RC4
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RDRAND) && !defined(NO_RDRAND)
-#  define NO_RDRAND
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_RIPEMD
-# endif
-# if defined(OPENSSL_NO_RSAX) && !defined(NO_RSAX)
-#  define NO_RSAX
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
-#  define NO_SRP
-# endif
-# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
-#  define NO_SSL2
-# endif
-# if defined(OPENSSL_NO_SSL3) && !defined(NO_SSL3)
-#  define NO_SSL3
-# endif
-# if defined(OPENSSL_NO_STATIC_ENGINE) && !defined(NO_STATIC_ENGINE)
-#  define NO_STATIC_ENGINE
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_TLS1) && !defined(NO_TLS1)
-#  define NO_TLS1
-# endif
-# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT)
-#  define NO_TLSEXT
-# endif
-# if defined(OPENSSL_NO_TS) && !defined(NO_TS)
-#  define NO_TS
-# endif
-# if defined(OPENSSL_NO_TXT_DB) && !defined(NO_TXT_DB)
-#  define NO_TXT_DB
-# endif
-# if defined(OPENSSL_NO_UI) && !defined(NO_UI)
-#  define NO_UI
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-#  define NO_WHIRLPOOL
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <trusty_std.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
diff --git a/include/openssl/opensslconf.h b/include/openssl/opensslconf.h
deleted file mode 100644
index 94212a083a..0000000000
--- a/include/openssl/opensslconf.h
+++ /dev/null
@@ -1,10 +0,0 @@
-// Auto-generated - DO NOT EDIT!
-#ifndef OPENSSL_SYS_TRUSTY
-#if defined(__LP64__)
-#include "opensslconf-64.h"
-#else
-#include "opensslconf-32.h"
-#endif
-#else
-#include "opensslconf-trusty.h"
-#endif
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
deleted file mode 100644
index 4a1df08f6c..0000000000
--- a/include/openssl/opensslv.h
+++ /dev/null
@@ -1,96 +0,0 @@
-#ifndef HEADER_OPENSSLV_H
-#define HEADER_OPENSSLV_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Numeric release version identifier:
- * MNNFFPPS: major minor fix patch status
- * The status nibble has one of the values 0 for development, 1 to e for betas
- * 1 to 14, and f for release.  The patch level is exactly that.
- * For example:
- * 0.9.3-dev	  0x00903000
- * 0.9.3-beta1	  0x00903001
- * 0.9.3-beta2-dev 0x00903002
- * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
- * 0.9.3	  0x0090300f
- * 0.9.3a	  0x0090301f
- * 0.9.4 	  0x0090400f
- * 1.2.3z	  0x102031af
- *
- * For continuity reasons (because 0.9.5 is already out, and is coded
- * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
- * part is slightly different, by setting the highest bit.  This means
- * that 0.9.5a looks like this: 0x0090581f.  At 0.9.6, we can start
- * with 0x0090600S...
- *
- * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
- * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
- *  major minor fix final patch/beta)
- */
-#define OPENSSL_VERSION_NUMBER	0x100010cfL
-#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1l-fips 15 Jan 2015"
-#else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.1l 15 Jan 2015"
-#endif
-#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
-
-
-/* The macros below are to be used for shared library (.so, .dll, ...)
- * versioning.  That kind of versioning works a bit differently between
- * operating systems.  The most usual scheme is to set a major and a minor
- * number, and have the runtime loader check that the major number is equal
- * to what it was at application link time, while the minor number has to
- * be greater or equal to what it was at application link time.  With this
- * scheme, the version number is usually part of the file name, like this:
- *
- *	libcrypto.so.0.9
- *
- * Some unixen also make a softlink with the major verson number only:
- *
- *	libcrypto.so.0
- *
- * On Tru64 and IRIX 6.x it works a little bit differently.  There, the
- * shared library version is stored in the file, and is actually a series
- * of versions, separated by colons.  The rightmost version present in the
- * library when linking an application is stored in the application to be
- * matched at run time.  When the application is run, a check is done to
- * see if the library version stored in the application matches any of the
- * versions in the version string of the library itself.
- * This version string can be constructed in any way, depending on what
- * kind of matching is desired.  However, to implement the same scheme as
- * the one used in the other unixen, all compatible versions, from lowest
- * to highest, should be part of the string.  Consecutive builds would
- * give the following versions strings:
- *
- *	3.0
- *	3.0:3.1
- *	3.0:3.1:3.2
- *	4.0
- *	4.0:4.1
- *
- * Notice how version 4 is completely incompatible with version, and
- * therefore give the breach you can see.
- *
- * There may be other schemes as well that I haven't yet discovered.
- *
- * So, here's the way it works here: first of all, the library version
- * number doesn't need at all to match the overall OpenSSL version.
- * However, it's nice and more understandable if it actually does.
- * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
- * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
- * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
- * we need to keep a history of version numbers, which is done in the
- * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
- * should only keep the versions that are binary compatible with the current.
- */
-#define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "1.0.0"
-
-
-#ifdef  __cplusplus
-}
-#endif
-#endif /* HEADER_OPENSSLV_H */
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
deleted file mode 100644
index 12cdd43be9..0000000000
--- a/include/openssl/ossl_typ.h
+++ /dev/null
@@ -1,209 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_OPENSSL_TYPES_H
-#define HEADER_OPENSSL_TYPES_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include <openssl/e_os2.h>
-
-#ifdef NO_ASN1_TYPEDEFS
-#define ASN1_INTEGER		ASN1_STRING
-#define ASN1_ENUMERATED		ASN1_STRING
-#define ASN1_BIT_STRING		ASN1_STRING
-#define ASN1_OCTET_STRING	ASN1_STRING
-#define ASN1_PRINTABLESTRING	ASN1_STRING
-#define ASN1_T61STRING		ASN1_STRING
-#define ASN1_IA5STRING		ASN1_STRING
-#define ASN1_UTCTIME		ASN1_STRING
-#define ASN1_GENERALIZEDTIME	ASN1_STRING
-#define ASN1_TIME		ASN1_STRING
-#define ASN1_GENERALSTRING	ASN1_STRING
-#define ASN1_UNIVERSALSTRING	ASN1_STRING
-#define ASN1_BMPSTRING		ASN1_STRING
-#define ASN1_VISIBLESTRING	ASN1_STRING
-#define ASN1_UTF8STRING		ASN1_STRING
-#define ASN1_BOOLEAN		int
-#define ASN1_NULL		int
-#else
-typedef struct asn1_string_st ASN1_INTEGER;
-typedef struct asn1_string_st ASN1_ENUMERATED;
-typedef struct asn1_string_st ASN1_BIT_STRING;
-typedef struct asn1_string_st ASN1_OCTET_STRING;
-typedef struct asn1_string_st ASN1_PRINTABLESTRING;
-typedef struct asn1_string_st ASN1_T61STRING;
-typedef struct asn1_string_st ASN1_IA5STRING;
-typedef struct asn1_string_st ASN1_GENERALSTRING;
-typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
-typedef struct asn1_string_st ASN1_BMPSTRING;
-typedef struct asn1_string_st ASN1_UTCTIME;
-typedef struct asn1_string_st ASN1_TIME;
-typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
-typedef struct asn1_string_st ASN1_VISIBLESTRING;
-typedef struct asn1_string_st ASN1_UTF8STRING;
-typedef struct asn1_string_st ASN1_STRING;
-typedef int ASN1_BOOLEAN;
-typedef int ASN1_NULL;
-#endif
-
-typedef struct ASN1_ITEM_st ASN1_ITEM;
-typedef struct asn1_pctx_st ASN1_PCTX;
-
-#ifdef OPENSSL_SYS_WIN32
-#undef X509_NAME
-#undef X509_EXTENSIONS
-#undef X509_CERT_PAIR
-#undef PKCS7_ISSUER_AND_SERIAL
-#undef OCSP_REQUEST
-#undef OCSP_RESPONSE
-#endif
-
-#ifdef BIGNUM
-#undef BIGNUM
-#endif
-typedef struct bignum_st BIGNUM;
-typedef struct bignum_ctx BN_CTX;
-typedef struct bn_blinding_st BN_BLINDING;
-typedef struct bn_mont_ctx_st BN_MONT_CTX;
-typedef struct bn_recp_ctx_st BN_RECP_CTX;
-typedef struct bn_gencb_st BN_GENCB;
-
-typedef struct buf_mem_st BUF_MEM;
-
-typedef struct evp_cipher_st EVP_CIPHER;
-typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
-typedef struct env_md_st EVP_MD;
-typedef struct env_md_ctx_st EVP_MD_CTX;
-typedef struct evp_pkey_st EVP_PKEY;
-
-typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
-
-typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
-typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
-
-typedef struct dh_st DH;
-typedef struct dh_method DH_METHOD;
-
-typedef struct dsa_st DSA;
-typedef struct dsa_method DSA_METHOD;
-
-typedef struct rsa_st RSA;
-typedef struct rsa_meth_st RSA_METHOD;
-
-typedef struct rand_meth_st RAND_METHOD;
-
-typedef struct ecdh_method ECDH_METHOD;
-typedef struct ecdsa_method ECDSA_METHOD;
-
-typedef struct x509_st X509;
-typedef struct X509_algor_st X509_ALGOR;
-typedef struct X509_crl_st X509_CRL;
-typedef struct x509_crl_method_st X509_CRL_METHOD;
-typedef struct x509_revoked_st X509_REVOKED;
-typedef struct X509_name_st X509_NAME;
-typedef struct X509_pubkey_st X509_PUBKEY;
-typedef struct x509_store_st X509_STORE;
-typedef struct x509_store_ctx_st X509_STORE_CTX;
-
-typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
-
-typedef struct v3_ext_ctx X509V3_CTX;
-typedef struct conf_st CONF;
-
-typedef struct store_st STORE;
-typedef struct store_method_st STORE_METHOD;
-
-typedef struct ui_st UI;
-typedef struct ui_method_st UI_METHOD;
-
-typedef struct st_ERR_FNS ERR_FNS;
-
-typedef struct engine_st ENGINE;
-typedef struct ssl_st SSL;
-typedef struct ssl_ctx_st SSL_CTX;
-
-typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
-typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
-typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
-typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
-
-typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
-typedef struct DIST_POINT_st DIST_POINT;
-typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
-typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
-
-  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
-#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
-#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
-
-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
-/* Callback types for crypto.h */
-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-					int idx, long argl, void *argp);
-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-					int idx, long argl, void *argp);
-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
-					int idx, long argl, void *argp);
-
-typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
-typedef struct ocsp_response_st OCSP_RESPONSE;
-typedef struct ocsp_responder_id_st OCSP_RESPID;
-
-#ifdef  __cplusplus
-}
-#endif
-#endif /* def HEADER_OPENSSL_TYPES_H */
diff --git a/include/openssl/pem.h b/include/openssl/pem.h
deleted file mode 100644
index 8a6ababe3a..0000000000
--- a/include/openssl/pem.h
+++ /dev/null
@@ -1,641 +0,0 @@
-/* crypto/pem/pem.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_PEM_H
-#define HEADER_PEM_H
-
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_STACK
-#include <openssl/stack.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem2.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define PEM_BUFSIZE		1024
-
-#define PEM_OBJ_UNDEF		0
-#define PEM_OBJ_X509		1
-#define PEM_OBJ_X509_REQ	2
-#define PEM_OBJ_CRL		3
-#define PEM_OBJ_SSL_SESSION	4
-#define PEM_OBJ_PRIV_KEY	10
-#define PEM_OBJ_PRIV_RSA	11
-#define PEM_OBJ_PRIV_DSA	12
-#define PEM_OBJ_PRIV_DH		13
-#define PEM_OBJ_PUB_RSA		14
-#define PEM_OBJ_PUB_DSA		15
-#define PEM_OBJ_PUB_DH		16
-#define PEM_OBJ_DHPARAMS	17
-#define PEM_OBJ_DSAPARAMS	18
-#define PEM_OBJ_PRIV_RSA_PUBLIC	19
-#define PEM_OBJ_PRIV_ECDSA	20
-#define PEM_OBJ_PUB_ECDSA	21
-#define PEM_OBJ_ECPARAMETERS	22
-
-#define PEM_ERROR		30
-#define PEM_DEK_DES_CBC         40
-#define PEM_DEK_IDEA_CBC        45
-#define PEM_DEK_DES_EDE         50
-#define PEM_DEK_DES_ECB         60
-#define PEM_DEK_RSA             70
-#define PEM_DEK_RSA_MD2         80
-#define PEM_DEK_RSA_MD5         90
-
-#define PEM_MD_MD2		NID_md2
-#define PEM_MD_MD5		NID_md5
-#define PEM_MD_SHA		NID_sha
-#define PEM_MD_MD2_RSA		NID_md2WithRSAEncryption
-#define PEM_MD_MD5_RSA		NID_md5WithRSAEncryption
-#define PEM_MD_SHA_RSA		NID_sha1WithRSAEncryption
-
-#define PEM_STRING_X509_OLD	"X509 CERTIFICATE"
-#define PEM_STRING_X509		"CERTIFICATE"
-#define PEM_STRING_X509_PAIR	"CERTIFICATE PAIR"
-#define PEM_STRING_X509_TRUSTED	"TRUSTED CERTIFICATE"
-#define PEM_STRING_X509_REQ_OLD	"NEW CERTIFICATE REQUEST"
-#define PEM_STRING_X509_REQ	"CERTIFICATE REQUEST"
-#define PEM_STRING_X509_CRL	"X509 CRL"
-#define PEM_STRING_EVP_PKEY	"ANY PRIVATE KEY"
-#define PEM_STRING_PUBLIC	"PUBLIC KEY"
-#define PEM_STRING_RSA		"RSA PRIVATE KEY"
-#define PEM_STRING_RSA_PUBLIC	"RSA PUBLIC KEY"
-#define PEM_STRING_DSA		"DSA PRIVATE KEY"
-#define PEM_STRING_DSA_PUBLIC	"DSA PUBLIC KEY"
-#define PEM_STRING_PKCS7	"PKCS7"
-#define PEM_STRING_PKCS7_SIGNED	"PKCS #7 SIGNED DATA"
-#define PEM_STRING_PKCS8	"ENCRYPTED PRIVATE KEY"
-#define PEM_STRING_PKCS8INF	"PRIVATE KEY"
-#define PEM_STRING_DHPARAMS	"DH PARAMETERS"
-#define PEM_STRING_SSL_SESSION	"SSL SESSION PARAMETERS"
-#define PEM_STRING_DSAPARAMS	"DSA PARAMETERS"
-#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
-#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
-#define PEM_STRING_ECPRIVATEKEY	"EC PRIVATE KEY"
-#define PEM_STRING_PARAMETERS	"PARAMETERS"
-#define PEM_STRING_CMS		"CMS"
-
-  /* Note that this structure is initialised by PEM_SealInit and cleaned up
-     by PEM_SealFinal (at least for now) */
-typedef struct PEM_Encode_Seal_st
-	{
-	EVP_ENCODE_CTX encode;
-	EVP_MD_CTX md;
-	EVP_CIPHER_CTX cipher;
-	} PEM_ENCODE_SEAL_CTX;
-
-/* enc_type is one off */
-#define PEM_TYPE_ENCRYPTED      10
-#define PEM_TYPE_MIC_ONLY       20
-#define PEM_TYPE_MIC_CLEAR      30
-#define PEM_TYPE_CLEAR		40
-
-typedef struct pem_recip_st
-	{
-	char *name;
-	X509_NAME *dn;
-
-	int cipher;
-	int key_enc;
-	/*	char iv[8]; unused and wrong size */
-	} PEM_USER;
-
-typedef struct pem_ctx_st
-	{
-	int type;		/* what type of object */
-
-	struct	{
-		int version;	
-		int mode;		
-		} proc_type;
-
-	char *domain;
-
-	struct	{
-		int cipher;
-	/* unused, and wrong size
-	   unsigned char iv[8]; */
-		} DEK_info;
-		
-	PEM_USER *originator;
-
-	int num_recipient;
-	PEM_USER **recipient;
-
-	/* XXX(ben): don#t think this is used! 
-		STACK *x509_chain;	/ * certificate chain */
-	EVP_MD *md;		/* signature type */
-
-	int md_enc;		/* is the md encrypted or not? */
-	int md_len;		/* length of md_data */
-	char *md_data;		/* message digest, could be pkey encrypted */
-
-	EVP_CIPHER *dec;	/* date encryption cipher */
-	int key_len;		/* key length */
-	unsigned char *key;	/* key */
-	/* unused, and wrong size
-	   unsigned char iv[8]; */
-
-	
-	int  data_enc;		/* is the data encrypted */
-	int data_len;
-	unsigned char *data;
-	} PEM_CTX;
-
-/* These macros make the PEM_read/PEM_write functions easier to maintain and
- * write. Now they are all implemented with either:
- * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
- */
-
-#ifdef OPENSSL_NO_FP_API
-
-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
-
-#else
-
-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
-type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
-{ \
-return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
-} 
-
-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x) \
-{ \
-return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
-}
-
-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, const type *x) \
-{ \
-return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
-}
-
-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, \
-		  void *u) \
-	{ \
-	return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
-	}
-
-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, \
-		  void *u) \
-	{ \
-	return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
-	}
-
-#endif
-
-#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
-type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
-{ \
-return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
-}
-
-#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x) \
-{ \
-return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
-}
-
-#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, const type *x) \
-{ \
-return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
-}
-
-#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
-	{ \
-	return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
-	}
-
-#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
-	{ \
-	return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
-	}
-
-#define IMPLEMENT_PEM_write(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_fp(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_read(name, type, str, asn1) \
-	IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
-	IMPLEMENT_PEM_read_fp(name, type, str, asn1) 
-
-#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
-	IMPLEMENT_PEM_read(name, type, str, asn1) \
-	IMPLEMENT_PEM_write(name, type, str, asn1)
-
-#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
-	IMPLEMENT_PEM_read(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_const(name, type, str, asn1)
-
-#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
-	IMPLEMENT_PEM_read(name, type, str, asn1) \
-	IMPLEMENT_PEM_write_cb(name, type, str, asn1)
-
-/* These are the same except they are for the declarations */
-
-#if defined(OPENSSL_NO_FP_API)
-
-#define DECLARE_PEM_read_fp(name, type) /**/
-#define DECLARE_PEM_write_fp(name, type) /**/
-#define DECLARE_PEM_write_cb_fp(name, type) /**/
-
-#else
-
-#define DECLARE_PEM_read_fp(name, type) \
-	type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
-
-#define DECLARE_PEM_write_fp(name, type) \
-	int PEM_write_##name(FILE *fp, type *x);
-
-#define DECLARE_PEM_write_fp_const(name, type) \
-	int PEM_write_##name(FILE *fp, const type *x);
-
-#define DECLARE_PEM_write_cb_fp(name, type) \
-	int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
-
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#define DECLARE_PEM_read_bio(name, type) \
-	type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
-
-#define DECLARE_PEM_write_bio(name, type) \
-	int PEM_write_bio_##name(BIO *bp, type *x);
-
-#define DECLARE_PEM_write_bio_const(name, type) \
-	int PEM_write_bio_##name(BIO *bp, const type *x);
-
-#define DECLARE_PEM_write_cb_bio(name, type) \
-	int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
-
-#else
-
-#define DECLARE_PEM_read_bio(name, type) /**/
-#define DECLARE_PEM_write_bio(name, type) /**/
-#define DECLARE_PEM_write_bio_const(name, type) /**/
-#define DECLARE_PEM_write_cb_bio(name, type) /**/
-
-#endif
-
-#define DECLARE_PEM_write(name, type) \
-	DECLARE_PEM_write_bio(name, type) \
-	DECLARE_PEM_write_fp(name, type) 
-
-#define DECLARE_PEM_write_const(name, type) \
-	DECLARE_PEM_write_bio_const(name, type) \
-	DECLARE_PEM_write_fp_const(name, type)
-
-#define DECLARE_PEM_write_cb(name, type) \
-	DECLARE_PEM_write_cb_bio(name, type) \
-	DECLARE_PEM_write_cb_fp(name, type) 
-
-#define DECLARE_PEM_read(name, type) \
-	DECLARE_PEM_read_bio(name, type) \
-	DECLARE_PEM_read_fp(name, type)
-
-#define DECLARE_PEM_rw(name, type) \
-	DECLARE_PEM_read(name, type) \
-	DECLARE_PEM_write(name, type)
-
-#define DECLARE_PEM_rw_const(name, type) \
-	DECLARE_PEM_read(name, type) \
-	DECLARE_PEM_write_const(name, type)
-
-#define DECLARE_PEM_rw_cb(name, type) \
-	DECLARE_PEM_read(name, type) \
-	DECLARE_PEM_write_cb(name, type)
-
-#if 1
-/* "userdata": new with OpenSSL 0.9.4 */
-typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
-#else
-/* OpenSSL 0.9.3, 0.9.3a */
-typedef int pem_password_cb(char *buf, int size, int rwflag);
-#endif
-
-int	PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
-int	PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
-	pem_password_cb *callback,void *u);
-
-#ifndef OPENSSL_NO_BIO
-int	PEM_read_bio(BIO *bp, char **name, char **header,
-		unsigned char **data,long *len);
-int	PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
-		long len);
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
-	     pem_password_cb *cb, void *u);
-void *	PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
-			  void **x, pem_password_cb *cb, void *u);
-int	PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp, void *x,
-			   const EVP_CIPHER *enc,unsigned char *kstr,int klen,
-			   pem_password_cb *cb, void *u);
-
-STACK_OF(X509_INFO) *	PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
-int	PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
-		unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
-#endif
-
-int	PEM_read(FILE *fp, char **name, char **header,
-		unsigned char **data,long *len);
-int	PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
-void *  PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
-		      pem_password_cb *cb, void *u);
-int	PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp,
-		       void *x,const EVP_CIPHER *enc,unsigned char *kstr,
-		       int klen,pem_password_cb *callback, void *u);
-STACK_OF(X509_INFO) *	PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
-	pem_password_cb *cb, void *u);
-
-int	PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
-		EVP_MD *md_type, unsigned char **ek, int *ekl,
-		unsigned char *iv, EVP_PKEY **pubk, int npubk);
-void	PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
-		unsigned char *in, int inl);
-int	PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,
-		unsigned char *out, int *outl, EVP_PKEY *priv);
-
-void    PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
-void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
-int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
-		unsigned int *siglen, EVP_PKEY *pkey);
-
-int	PEM_def_callback(char *buf, int num, int w, void *key);
-void	PEM_proc_type(char *buf, int type);
-void	PEM_dek_info(char *buf, const char *type, int len, char *str);
-
-
-#include <openssl/symhacks.h>
-
-DECLARE_PEM_rw(X509, X509)
-
-DECLARE_PEM_rw(X509_AUX, X509)
-
-DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
-
-DECLARE_PEM_rw(X509_REQ, X509_REQ)
-DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
-
-DECLARE_PEM_rw(X509_CRL, X509_CRL)
-
-DECLARE_PEM_rw(PKCS7, PKCS7)
-
-DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
-
-DECLARE_PEM_rw(PKCS8, X509_SIG)
-
-DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
-
-#ifndef OPENSSL_NO_RSA
-
-DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
-
-DECLARE_PEM_rw_const(RSAPublicKey, RSA)
-DECLARE_PEM_rw(RSA_PUBKEY, RSA)
-
-#endif
-
-#ifndef OPENSSL_NO_DSA
-
-DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
-
-DECLARE_PEM_rw(DSA_PUBKEY, DSA)
-
-DECLARE_PEM_rw_const(DSAparams, DSA)
-
-#endif
-
-#ifndef OPENSSL_NO_EC
-DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
-DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
-DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
-#endif
-
-#ifndef OPENSSL_NO_DH
-
-DECLARE_PEM_rw_const(DHparams, DH)
-
-#endif
-
-DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
-
-DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
-
-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u);
-int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
-                                  char *, int, pem_password_cb *, void *);
-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u);
-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u);
-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-
-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u);
-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u);
-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u);
-
-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-
-int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
-			      char *kstr,int klen, pem_password_cb *cd, void *u);
-
-EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
-int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
-
-
-EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
-EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
-EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
-EVP_PKEY *b2i_PublicKey_bio(BIO *in);
-int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
-int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
-#ifndef OPENSSL_NO_RC4
-EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
-int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
-		pem_password_cb *cb, void *u);
-#endif
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PEM_strings(void);
-
-/* Error codes for the PEM functions. */
-
-/* Function codes. */
-#define PEM_F_B2I_DSS					 127
-#define PEM_F_B2I_PVK_BIO				 128
-#define PEM_F_B2I_RSA					 129
-#define PEM_F_CHECK_BITLEN_DSA				 130
-#define PEM_F_CHECK_BITLEN_RSA				 131
-#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO			 120
-#define PEM_F_D2I_PKCS8PRIVATEKEY_FP			 121
-#define PEM_F_DO_B2I					 132
-#define PEM_F_DO_B2I_BIO				 133
-#define PEM_F_DO_BLOB_HEADER				 134
-#define PEM_F_DO_PK8PKEY				 126
-#define PEM_F_DO_PK8PKEY_FP				 125
-#define PEM_F_DO_PVK_BODY				 135
-#define PEM_F_DO_PVK_HEADER				 136
-#define PEM_F_I2B_PVK					 137
-#define PEM_F_I2B_PVK_BIO				 138
-#define PEM_F_LOAD_IV					 101
-#define PEM_F_PEM_ASN1_READ				 102
-#define PEM_F_PEM_ASN1_READ_BIO				 103
-#define PEM_F_PEM_ASN1_WRITE				 104
-#define PEM_F_PEM_ASN1_WRITE_BIO			 105
-#define PEM_F_PEM_DEF_CALLBACK				 100
-#define PEM_F_PEM_DO_HEADER				 106
-#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY		 118
-#define PEM_F_PEM_GET_EVP_CIPHER_INFO			 107
-#define PEM_F_PEM_PK8PKEY				 119
-#define PEM_F_PEM_READ					 108
-#define PEM_F_PEM_READ_BIO				 109
-#define PEM_F_PEM_READ_BIO_PARAMETERS			 140
-#define PEM_F_PEM_READ_BIO_PRIVATEKEY			 123
-#define PEM_F_PEM_READ_PRIVATEKEY			 124
-#define PEM_F_PEM_SEALFINAL				 110
-#define PEM_F_PEM_SEALINIT				 111
-#define PEM_F_PEM_SIGNFINAL				 112
-#define PEM_F_PEM_WRITE					 113
-#define PEM_F_PEM_WRITE_BIO				 114
-#define PEM_F_PEM_WRITE_PRIVATEKEY			 139
-#define PEM_F_PEM_X509_INFO_READ			 115
-#define PEM_F_PEM_X509_INFO_READ_BIO			 116
-#define PEM_F_PEM_X509_INFO_WRITE_BIO			 117
-
-/* Reason codes. */
-#define PEM_R_BAD_BASE64_DECODE				 100
-#define PEM_R_BAD_DECRYPT				 101
-#define PEM_R_BAD_END_LINE				 102
-#define PEM_R_BAD_IV_CHARS				 103
-#define PEM_R_BAD_MAGIC_NUMBER				 116
-#define PEM_R_BAD_PASSWORD_READ				 104
-#define PEM_R_BAD_VERSION_NUMBER			 117
-#define PEM_R_BIO_WRITE_FAILURE				 118
-#define PEM_R_CIPHER_IS_NULL				 127
-#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY		 115
-#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB		 119
-#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB			 120
-#define PEM_R_INCONSISTENT_HEADER			 121
-#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR		 122
-#define PEM_R_KEYBLOB_TOO_SHORT				 123
-#define PEM_R_NOT_DEK_INFO				 105
-#define PEM_R_NOT_ENCRYPTED				 106
-#define PEM_R_NOT_PROC_TYPE				 107
-#define PEM_R_NO_START_LINE				 108
-#define PEM_R_PROBLEMS_GETTING_PASSWORD			 109
-#define PEM_R_PUBLIC_KEY_NO_RSA				 110
-#define PEM_R_PVK_DATA_TOO_SHORT			 124
-#define PEM_R_PVK_TOO_SHORT				 125
-#define PEM_R_READ_KEY					 111
-#define PEM_R_SHORT_HEADER				 112
-#define PEM_R_UNSUPPORTED_CIPHER			 113
-#define PEM_R_UNSUPPORTED_ENCRYPTION			 114
-#define PEM_R_UNSUPPORTED_KEY_COMPONENTS		 126
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/pem2.h b/include/openssl/pem2.h
deleted file mode 100644
index f31790d69c..0000000000
--- a/include/openssl/pem2.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * This header only exists to break a circular dependency between pem and err
- * Ben 30 Jan 1999.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef HEADER_PEM_H
-void ERR_load_PEM_strings(void);
-#endif
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h
deleted file mode 100644
index b17eb9f42b..0000000000
--- a/include/openssl/pkcs12.h
+++ /dev/null
@@ -1,331 +0,0 @@
-/* pkcs12.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_PKCS12_H
-#define HEADER_PKCS12_H
-
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define PKCS12_KEY_ID	1
-#define PKCS12_IV_ID	2
-#define PKCS12_MAC_ID	3
-
-/* Default iteration count */
-#ifndef PKCS12_DEFAULT_ITER
-#define PKCS12_DEFAULT_ITER	PKCS5_DEFAULT_ITER
-#endif
-
-#define PKCS12_MAC_KEY_LENGTH 20
-
-#define PKCS12_SALT_LEN	8
-
-/* Uncomment out next line for unicode password and names, otherwise ASCII */
-
-/*#define PBE_UNICODE*/
-
-#ifdef PBE_UNICODE
-#define PKCS12_key_gen PKCS12_key_gen_uni
-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
-#else
-#define PKCS12_key_gen PKCS12_key_gen_asc
-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
-#endif
-
-/* MS key usage constants */
-
-#define KEY_EX	0x10
-#define KEY_SIG 0x80
-
-typedef struct {
-X509_SIG *dinfo;
-ASN1_OCTET_STRING *salt;
-ASN1_INTEGER *iter;	/* defaults to 1 */
-} PKCS12_MAC_DATA;
-
-typedef struct {
-ASN1_INTEGER *version;
-PKCS12_MAC_DATA *mac;
-PKCS7 *authsafes;
-} PKCS12;
-
-typedef struct {
-ASN1_OBJECT *type;
-union {
-	struct pkcs12_bag_st *bag; /* secret, crl and certbag */
-	struct pkcs8_priv_key_info_st	*keybag; /* keybag */
-	X509_SIG *shkeybag; /* shrouded key bag */
-	STACK_OF(PKCS12_SAFEBAG) *safes;
-	ASN1_TYPE *other;
-}value;
-STACK_OF(X509_ATTRIBUTE) *attrib;
-} PKCS12_SAFEBAG;
-
-DECLARE_STACK_OF(PKCS12_SAFEBAG)
-DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
-DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
-
-typedef struct pkcs12_bag_st {
-ASN1_OBJECT *type;
-union {
-	ASN1_OCTET_STRING *x509cert;
-	ASN1_OCTET_STRING *x509crl;
-	ASN1_OCTET_STRING *octet;
-	ASN1_IA5STRING *sdsicert;
-	ASN1_TYPE *other; /* Secret or other bag */
-}value;
-} PKCS12_BAGS;
-
-#define PKCS12_ERROR	0
-#define PKCS12_OK	1
-
-/* Compatibility macros */
-
-#define M_PKCS12_x5092certbag PKCS12_x5092certbag
-#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
-
-#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
-#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl 
-
-#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
-#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
-#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
-#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
-
-#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
-#define M_PKCS8_decrypt PKCS8_decrypt
-
-#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
-#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
-#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
-
-#define PKCS12_get_attr(bag, attr_nid) \
-			 PKCS12_get_attr_gen(bag->attrib, attr_nid)
-
-#define PKCS8_get_attr(p8, attr_nid) \
-		PKCS12_get_attr_gen(p8->attributes, attr_nid)
-
-#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
-
-
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
-
-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
-	     int nid2);
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
-								int passlen);
-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 
-			const char *pass, int passlen,
-			unsigned char *salt, int saltlen, int iter,
-			PKCS8_PRIV_KEY_INFO *p8);
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
-				     int passlen, unsigned char *salt,
-				     int saltlen, int iter,
-				     PKCS8_PRIV_KEY_INFO *p8);
-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
-			     unsigned char *salt, int saltlen, int iter,
-			     STACK_OF(PKCS12_SAFEBAG) *bags);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);
-
-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
-
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
-				int namelen);
-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
-				int namelen);
-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
-				int namelen);
-int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
-char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
-unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
-				int passlen, unsigned char *in, int inlen,
-				unsigned char **data, int *datalen, int en_de);
-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
-	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
-				       const char *pass, int passlen,
-				       void *obj, int zbuf);
-PKCS12 *PKCS12_init(int mode);
-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
-		       int saltlen, int id, int iter, int n,
-		       unsigned char *out, const EVP_MD *md_type);
-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
-			 int en_de);
-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
-			 unsigned char *mac, unsigned int *maclen);
-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
-		   unsigned char *salt, int saltlen, int iter,
-		   const EVP_MD *md_type);
-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
-					 int saltlen, const EVP_MD *md_type);
-unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
-char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
-
-DECLARE_ASN1_FUNCTIONS(PKCS12)
-DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
-DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
-DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
-
-DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
-DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
-
-void PKCS12_PBE_add(void);
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
-		 STACK_OF(X509) **ca);
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-			 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
-						 int mac_iter, int keytype);
-
-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
-						int key_usage, int iter,
-						int key_nid, char *pass);
-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
-					int safe_nid, int iter, char *pass);
-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
-
-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PKCS12_strings(void);
-
-/* Error codes for the PKCS12 functions. */
-
-/* Function codes. */
-#define PKCS12_F_PARSE_BAG				 129
-#define PKCS12_F_PARSE_BAGS				 103
-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME		 100
-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC		 127
-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI		 102
-#define PKCS12_F_PKCS12_ADD_LOCALKEYID			 104
-#define PKCS12_F_PKCS12_CREATE				 105
-#define PKCS12_F_PKCS12_GEN_MAC				 107
-#define PKCS12_F_PKCS12_INIT				 109
-#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I		 106
-#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT		 108
-#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG		 117
-#define PKCS12_F_PKCS12_KEY_GEN_ASC			 110
-#define PKCS12_F_PKCS12_KEY_GEN_UNI			 111
-#define PKCS12_F_PKCS12_MAKE_KEYBAG			 112
-#define PKCS12_F_PKCS12_MAKE_SHKEYBAG			 113
-#define PKCS12_F_PKCS12_NEWPASS				 128
-#define PKCS12_F_PKCS12_PACK_P7DATA			 114
-#define PKCS12_F_PKCS12_PACK_P7ENCDATA			 115
-#define PKCS12_F_PKCS12_PARSE				 118
-#define PKCS12_F_PKCS12_PBE_CRYPT			 119
-#define PKCS12_F_PKCS12_PBE_KEYIVGEN			 120
-#define PKCS12_F_PKCS12_SETUP_MAC			 122
-#define PKCS12_F_PKCS12_SET_MAC				 123
-#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES		 130
-#define PKCS12_F_PKCS12_UNPACK_P7DATA			 131
-#define PKCS12_F_PKCS12_VERIFY_MAC			 126
-#define PKCS12_F_PKCS8_ADD_KEYUSAGE			 124
-#define PKCS12_F_PKCS8_ENCRYPT				 125
-
-/* Reason codes. */
-#define PKCS12_R_CANT_PACK_STRUCTURE			 100
-#define PKCS12_R_CONTENT_TYPE_NOT_DATA			 121
-#define PKCS12_R_DECODE_ERROR				 101
-#define PKCS12_R_ENCODE_ERROR				 102
-#define PKCS12_R_ENCRYPT_ERROR				 103
-#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE	 120
-#define PKCS12_R_INVALID_NULL_ARGUMENT			 104
-#define PKCS12_R_INVALID_NULL_PKCS12_POINTER		 105
-#define PKCS12_R_IV_GEN_ERROR				 106
-#define PKCS12_R_KEY_GEN_ERROR				 107
-#define PKCS12_R_MAC_ABSENT				 108
-#define PKCS12_R_MAC_GENERATION_ERROR			 109
-#define PKCS12_R_MAC_SETUP_ERROR			 110
-#define PKCS12_R_MAC_STRING_SET_ERROR			 111
-#define PKCS12_R_MAC_VERIFY_ERROR			 112
-#define PKCS12_R_MAC_VERIFY_FAILURE			 113
-#define PKCS12_R_PARSE_ERROR				 114
-#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR		 115
-#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR		 116
-#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR			 117
-#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM		 118
-#define PKCS12_R_UNSUPPORTED_PKCS12_MODE		 119
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h
deleted file mode 100644
index 5d54c4ac27..0000000000
--- a/include/openssl/pkcs7.h
+++ /dev/null
@@ -1,496 +0,0 @@
-/* crypto/pkcs7/pkcs7.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_PKCS7_H
-#define HEADER_PKCS7_H
-
-#include <openssl/asn1.h>
-#include <openssl/bio.h>
-#include <openssl/e_os2.h>
-
-#include <openssl/symhacks.h>
-#include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
-/* Under Win32 thes are defined in wincrypt.h */
-#undef PKCS7_ISSUER_AND_SERIAL
-#undef PKCS7_SIGNER_INFO
-#endif
-
-/*
-Encryption_ID		DES-CBC
-Digest_ID		MD5
-Digest_Encryption_ID	rsaEncryption
-Key_Encryption_ID	rsaEncryption
-*/
-
-typedef struct pkcs7_issuer_and_serial_st
-	{
-	X509_NAME *issuer;
-	ASN1_INTEGER *serial;
-	} PKCS7_ISSUER_AND_SERIAL;
-
-typedef struct pkcs7_signer_info_st
-	{
-	ASN1_INTEGER 			*version;	/* version 1 */
-	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;
-	X509_ALGOR			*digest_alg;
-	STACK_OF(X509_ATTRIBUTE)	*auth_attr;	/* [ 0 ] */
-	X509_ALGOR			*digest_enc_alg;
-	ASN1_OCTET_STRING		*enc_digest;
-	STACK_OF(X509_ATTRIBUTE)	*unauth_attr;	/* [ 1 ] */
-
-	/* The private key to sign with */
-	EVP_PKEY			*pkey;
-	} PKCS7_SIGNER_INFO;
-
-DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
-DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
-
-typedef struct pkcs7_recip_info_st
-	{
-	ASN1_INTEGER			*version;	/* version 0 */
-	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;
-	X509_ALGOR			*key_enc_algor;
-	ASN1_OCTET_STRING		*enc_key;
-	X509				*cert; /* get the pub-key from this */
-	} PKCS7_RECIP_INFO;
-
-DECLARE_STACK_OF(PKCS7_RECIP_INFO)
-DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
-
-typedef struct pkcs7_signed_st
-	{
-	ASN1_INTEGER			*version;	/* version 1 */
-	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */
-	STACK_OF(X509)			*cert;		/* [ 0 ] */
-	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */
-	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;
-
-	struct pkcs7_st			*contents;
-	} PKCS7_SIGNED;
-/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.
- * How about merging the two */
-
-typedef struct pkcs7_enc_content_st
-	{
-	ASN1_OBJECT			*content_type;
-	X509_ALGOR			*algorithm;
-	ASN1_OCTET_STRING		*enc_data;	/* [ 0 ] */
-	const EVP_CIPHER		*cipher;
-	} PKCS7_ENC_CONTENT;
-
-typedef struct pkcs7_enveloped_st
-	{
-	ASN1_INTEGER			*version;	/* version 0 */
-	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;
-	PKCS7_ENC_CONTENT		*enc_data;
-	} PKCS7_ENVELOPE;
-
-typedef struct pkcs7_signedandenveloped_st
-	{
-	ASN1_INTEGER			*version;	/* version 1 */
-	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */
-	STACK_OF(X509)			*cert;		/* [ 0 ] */
-	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */
-	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;
-
-	PKCS7_ENC_CONTENT		*enc_data;
-	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;
-	} PKCS7_SIGN_ENVELOPE;
-
-typedef struct pkcs7_digest_st
-	{
-	ASN1_INTEGER			*version;	/* version 0 */
-	X509_ALGOR			*md;		/* md used */
-	struct pkcs7_st 		*contents;
-	ASN1_OCTET_STRING		*digest;
-	} PKCS7_DIGEST;
-
-typedef struct pkcs7_encrypted_st
-	{
-	ASN1_INTEGER			*version;	/* version 0 */
-	PKCS7_ENC_CONTENT		*enc_data;
-	} PKCS7_ENCRYPT;
-
-typedef struct pkcs7_st
-	{
-	/* The following is non NULL if it contains ASN1 encoding of
-	 * this structure */
-	unsigned char *asn1;
-	long length;
-
-#define PKCS7_S_HEADER	0
-#define PKCS7_S_BODY	1
-#define PKCS7_S_TAIL	2
-	int state; /* used during processing */
-
-	int detached;
-
-	ASN1_OBJECT *type;
-	/* content as defined by the type */
-	/* all encryption/message digests are applied to the 'contents',
-	 * leaving out the 'type' field. */
-	union	{
-		char *ptr;
-
-		/* NID_pkcs7_data */
-		ASN1_OCTET_STRING *data;
-
-		/* NID_pkcs7_signed */
-		PKCS7_SIGNED *sign;
-
-		/* NID_pkcs7_enveloped */
-		PKCS7_ENVELOPE *enveloped;
-
-		/* NID_pkcs7_signedAndEnveloped */
-		PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
-
-		/* NID_pkcs7_digest */
-		PKCS7_DIGEST *digest;
-
-		/* NID_pkcs7_encrypted */
-		PKCS7_ENCRYPT *encrypted;
-
-		/* Anything else */
-		ASN1_TYPE *other;
-		} d;
-	} PKCS7;
-
-DECLARE_STACK_OF(PKCS7)
-DECLARE_ASN1_SET_OF(PKCS7)
-DECLARE_PKCS12_STACK_OF(PKCS7)
-
-#define PKCS7_OP_SET_DETACHED_SIGNATURE	1
-#define PKCS7_OP_GET_DETACHED_SIGNATURE	2
-
-#define PKCS7_get_signed_attributes(si)	((si)->auth_attr)
-#define PKCS7_get_attributes(si)	((si)->unauth_attr)
-
-#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
-#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
-#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
-#define PKCS7_type_is_signedAndEnveloped(a) \
-		(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
-#define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
-#define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
-
-#define PKCS7_set_detached(p,v) \
-		PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
-#define PKCS7_get_detached(p) \
-		PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
-
-#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
-
-/* S/MIME related flags */
-
-#define PKCS7_TEXT		0x1
-#define PKCS7_NOCERTS		0x2
-#define PKCS7_NOSIGS		0x4
-#define PKCS7_NOCHAIN		0x8
-#define PKCS7_NOINTERN		0x10
-#define PKCS7_NOVERIFY		0x20
-#define PKCS7_DETACHED		0x40
-#define PKCS7_BINARY		0x80
-#define PKCS7_NOATTR		0x100
-#define	PKCS7_NOSMIMECAP	0x200
-#define PKCS7_NOOLDMIMETYPE	0x400
-#define PKCS7_CRLFEOL		0x800
-#define PKCS7_STREAM		0x1000
-#define PKCS7_NOCRL		0x2000
-#define PKCS7_PARTIAL		0x4000
-#define PKCS7_REUSE_DIGEST	0x8000
-
-/* Flags: for compatibility with older code */
-
-#define SMIME_TEXT	PKCS7_TEXT
-#define SMIME_NOCERTS	PKCS7_NOCERTS
-#define SMIME_NOSIGS	PKCS7_NOSIGS
-#define SMIME_NOCHAIN	PKCS7_NOCHAIN
-#define SMIME_NOINTERN	PKCS7_NOINTERN
-#define SMIME_NOVERIFY	PKCS7_NOVERIFY
-#define SMIME_DETACHED	PKCS7_DETACHED
-#define SMIME_BINARY	PKCS7_BINARY
-#define SMIME_NOATTR	PKCS7_NOATTR
-
-DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
-
-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,
-	unsigned char *md,unsigned int *len);
-#ifndef OPENSSL_NO_FP_API
-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
-int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
-#endif
-PKCS7 *PKCS7_dup(PKCS7 *p7);
-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
-int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
-int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
-int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
-
-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
-DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)
-DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
-DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
-DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
-DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
-DECLARE_ASN1_FUNCTIONS(PKCS7)
-
-DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
-DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
-
-DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
-DECLARE_ASN1_PRINT_FUNCTION(PKCS7)
-
-long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
-
-int PKCS7_set_type(PKCS7 *p7, int type);
-int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
-int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-	const EVP_MD *dgst);
-int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
-int PKCS7_content_new(PKCS7 *p7, int nid);
-int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
-	BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); 
-int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-								X509 *x509);
-
-BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
-int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
-
-
-PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
-	EVP_PKEY *pkey, const EVP_MD *dgst);
-X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
-int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
-STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
-
-PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
-void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
-					X509_ALGOR **pdig, X509_ALGOR **psig);
-void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc);
-int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
-int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
-int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
-int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7);
-
-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
-	void *data);
-int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-	void *value);
-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
-				STACK_OF(X509_ATTRIBUTE) *sk);
-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
-
-
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-							BIO *data, int flags);
-
-PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7,
-			X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md,
-			int flags);
-
-int PKCS7_final(PKCS7 *p7, BIO *data, int flags);
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
-					BIO *indata, BIO *out, int flags);
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
-								int flags);
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
-
-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
-			      STACK_OF(X509_ALGOR) *cap);
-STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
-int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
-
-int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid);
-int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t);
-int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
-				const unsigned char *md, int mdlen);
-
-int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
-PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
-
-BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PKCS7_strings(void);
-
-/* Error codes for the PKCS7 functions. */
-
-/* Function codes. */
-#define PKCS7_F_B64_READ_PKCS7				 120
-#define PKCS7_F_B64_WRITE_PKCS7				 121
-#define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB			 136
-#define PKCS7_F_I2D_PKCS7_BIO_STREAM			 140
-#define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME		 135
-#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP		 118
-#define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100
-#define PKCS7_F_PKCS7_ADD_CRL				 101
-#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102
-#define PKCS7_F_PKCS7_ADD_SIGNATURE			 131
-#define PKCS7_F_PKCS7_ADD_SIGNER			 103
-#define PKCS7_F_PKCS7_BIO_ADD_DIGEST			 125
-#define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST		 138
-#define PKCS7_F_PKCS7_CTRL				 104
-#define PKCS7_F_PKCS7_DATADECODE			 112
-#define PKCS7_F_PKCS7_DATAFINAL				 128
-#define PKCS7_F_PKCS7_DATAINIT				 105
-#define PKCS7_F_PKCS7_DATASIGN				 106
-#define PKCS7_F_PKCS7_DATAVERIFY			 107
-#define PKCS7_F_PKCS7_DECRYPT				 114
-#define PKCS7_F_PKCS7_DECRYPT_RINFO			 133
-#define PKCS7_F_PKCS7_ENCODE_RINFO			 132
-#define PKCS7_F_PKCS7_ENCRYPT				 115
-#define PKCS7_F_PKCS7_FINAL				 134
-#define PKCS7_F_PKCS7_FIND_DIGEST			 127
-#define PKCS7_F_PKCS7_GET0_SIGNERS			 124
-#define PKCS7_F_PKCS7_RECIP_INFO_SET			 130
-#define PKCS7_F_PKCS7_SET_CIPHER			 108
-#define PKCS7_F_PKCS7_SET_CONTENT			 109
-#define PKCS7_F_PKCS7_SET_DIGEST			 126
-#define PKCS7_F_PKCS7_SET_TYPE				 110
-#define PKCS7_F_PKCS7_SIGN				 116
-#define PKCS7_F_PKCS7_SIGNATUREVERIFY			 113
-#define PKCS7_F_PKCS7_SIGNER_INFO_SET			 129
-#define PKCS7_F_PKCS7_SIGNER_INFO_SIGN			 139
-#define PKCS7_F_PKCS7_SIGN_ADD_SIGNER			 137
-#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP			 119
-#define PKCS7_F_PKCS7_VERIFY				 117
-#define PKCS7_F_SMIME_READ_PKCS7			 122
-#define PKCS7_F_SMIME_TEXT				 123
-
-/* Reason codes. */
-#define PKCS7_R_CERTIFICATE_VERIFY_ERROR		 117
-#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 144
-#define PKCS7_R_CIPHER_NOT_INITIALIZED			 116
-#define PKCS7_R_CONTENT_AND_DATA_PRESENT		 118
-#define PKCS7_R_CTRL_ERROR				 152
-#define PKCS7_R_DECODE_ERROR				 130
-#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH		 100
-#define PKCS7_R_DECRYPT_ERROR				 119
-#define PKCS7_R_DIGEST_FAILURE				 101
-#define PKCS7_R_ENCRYPTION_CTRL_FAILURE			 149
-#define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
-#define PKCS7_R_ERROR_ADDING_RECIPIENT			 120
-#define PKCS7_R_ERROR_SETTING_CIPHER			 121
-#define PKCS7_R_INVALID_MIME_TYPE			 131
-#define PKCS7_R_INVALID_NULL_POINTER			 143
-#define PKCS7_R_INVALID_SIGNED_DATA_TYPE		 155
-#define PKCS7_R_MIME_NO_CONTENT_TYPE			 132
-#define PKCS7_R_MIME_PARSE_ERROR			 133
-#define PKCS7_R_MIME_SIG_PARSE_ERROR			 134
-#define PKCS7_R_MISSING_CERIPEND_INFO			 103
-#define PKCS7_R_NO_CONTENT				 122
-#define PKCS7_R_NO_CONTENT_TYPE				 135
-#define PKCS7_R_NO_DEFAULT_DIGEST			 151
-#define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND		 154
-#define PKCS7_R_NO_MULTIPART_BODY_FAILURE		 136
-#define PKCS7_R_NO_MULTIPART_BOUNDARY			 137
-#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE	 115
-#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY		 146
-#define PKCS7_R_NO_SIGNATURES_ON_DATA			 123
-#define PKCS7_R_NO_SIGNERS				 142
-#define PKCS7_R_NO_SIG_CONTENT_TYPE			 138
-#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE	 104
-#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR		 124
-#define PKCS7_R_PKCS7_ADD_SIGNER_ERROR			 153
-#define PKCS7_R_PKCS7_DATAFINAL				 126
-#define PKCS7_R_PKCS7_DATAFINAL_ERROR			 125
-#define PKCS7_R_PKCS7_DATASIGN				 145
-#define PKCS7_R_PKCS7_PARSE_ERROR			 139
-#define PKCS7_R_PKCS7_SIG_PARSE_ERROR			 140
-#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 127
-#define PKCS7_R_SIGNATURE_FAILURE			 105
-#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND		 128
-#define PKCS7_R_SIGNING_CTRL_FAILURE			 147
-#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE	 148
-#define PKCS7_R_SIG_INVALID_MIME_TYPE			 141
-#define PKCS7_R_SMIME_TEXT_ERROR			 129
-#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE		 106
-#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 107
-#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 108
-#define PKCS7_R_UNKNOWN_DIGEST_TYPE			 109
-#define PKCS7_R_UNKNOWN_OPERATION			 110
-#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 111
-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 112
-#define PKCS7_R_WRONG_CONTENT_TYPE			 113
-#define PKCS7_R_WRONG_PKCS7_TYPE			 114
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/pqueue.h b/include/openssl/pqueue.h
deleted file mode 100644
index 26b5348089..0000000000
--- a/include/openssl/pqueue.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/* crypto/pqueue/pqueue.h */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_PQUEUE_H
-#define HEADER_PQUEUE_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-typedef struct _pqueue *pqueue;
-
-typedef struct _pitem
-	{
-	unsigned char priority[8]; /* 64-bit value in big-endian encoding */
-	void *data;
-	struct _pitem *next;
-	} pitem;
-
-typedef struct _pitem *piterator;
-
-pitem *pitem_new(unsigned char *prio64be, void *data);
-void   pitem_free(pitem *item);
-
-pqueue pqueue_new(void);
-void   pqueue_free(pqueue pq);
-
-pitem *pqueue_insert(pqueue pq, pitem *item);
-pitem *pqueue_peek(pqueue pq);
-pitem *pqueue_pop(pqueue pq);
-pitem *pqueue_find(pqueue pq, unsigned char *prio64be);
-pitem *pqueue_iterator(pqueue pq);
-pitem *pqueue_next(piterator *iter);
-
-void   pqueue_print(pqueue pq);
-int    pqueue_size(pqueue pq);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif /* ! HEADER_PQUEUE_H */
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
deleted file mode 100644
index bb5520e80a..0000000000
--- a/include/openssl/rand.h
+++ /dev/null
@@ -1,150 +0,0 @@
-/* crypto/rand/rand.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RAND_H
-#define HEADER_RAND_H
-
-#include <stdlib.h>
-#include <openssl/ossl_typ.h>
-#include <openssl/e_os2.h>
-
-#if defined(OPENSSL_SYS_WINDOWS)
-#include <windows.h>
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T size_t
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct rand_meth_st RAND_METHOD; */
-
-struct rand_meth_st
-	{
-	void (*seed)(const void *buf, int num);
-	int (*bytes)(unsigned char *buf, int num);
-	void (*cleanup)(void);
-	void (*add)(const void *buf, int num, double entropy);
-	int (*pseudorand)(unsigned char *buf, int num);
-	int (*status)(void);
-	};
-
-#ifdef BN_DEBUG
-extern int rand_predictable;
-#endif
-
-int RAND_set_rand_method(const RAND_METHOD *meth);
-const RAND_METHOD *RAND_get_rand_method(void);
-#ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine);
-#endif
-RAND_METHOD *RAND_SSLeay(void);
-void RAND_cleanup(void );
-int  RAND_bytes(unsigned char *buf,int num);
-int  RAND_pseudo_bytes(unsigned char *buf,int num);
-void RAND_seed(const void *buf,int num);
-void RAND_add(const void *buf,int num,double entropy);
-int  RAND_load_file(const char *file,long max_bytes);
-int  RAND_write_file(const char *file);
-const char *RAND_file_name(char *file,size_t num);
-int RAND_status(void);
-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
-int RAND_egd(const char *path);
-int RAND_egd_bytes(const char *path,int bytes);
-int RAND_poll(void);
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-
-void RAND_screen(void);
-int RAND_event(UINT, WPARAM, LPARAM);
-
-#endif
-
-#ifdef OPENSSL_FIPS
-void RAND_set_fips_drbg_type(int type, int flags);
-int RAND_init_fips(void);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_RAND_strings(void);
-
-/* Error codes for the RAND functions. */
-
-/* Function codes. */
-#define RAND_F_RAND_GET_RAND_METHOD			 101
-#define RAND_F_RAND_INIT_FIPS				 102
-#define RAND_F_SSLEAY_RAND_BYTES			 100
-
-/* Reason codes. */
-#define RAND_R_DUAL_EC_DRBG_DISABLED			 104
-#define RAND_R_ERROR_INITIALISING_DRBG			 102
-#define RAND_R_ERROR_INSTANTIATING_DRBG			 103
-#define RAND_R_NO_FIPS_RANDOM_METHOD_SET		 101
-#define RAND_R_PRNG_NOT_SEEDED				 100
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/rc2.h b/include/openssl/rc2.h
deleted file mode 100644
index e542ec94ff..0000000000
--- a/include/openssl/rc2.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/* crypto/rc2/rc2.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RC2_H
-#define HEADER_RC2_H
-
-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC2, RC2_INT */
-#ifdef OPENSSL_NO_RC2
-#error RC2 is disabled.
-#endif
-
-#define RC2_ENCRYPT	1
-#define RC2_DECRYPT	0
-
-#define RC2_BLOCK	8
-#define RC2_KEY_LENGTH	16
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct rc2_key_st
-	{
-	RC2_INT data[64];
-	} RC2_KEY;
-
-#ifdef OPENSSL_FIPS 
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-#endif
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
-		     int enc);
-void RC2_encrypt(unsigned long *data,RC2_KEY *key);
-void RC2_decrypt(unsigned long *data,RC2_KEY *key);
-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	RC2_KEY *ks, unsigned char *iv, int enc);
-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-		       long length, RC2_KEY *schedule, unsigned char *ivec,
-		       int *num, int enc);
-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-		       long length, RC2_KEY *schedule, unsigned char *ivec,
-		       int *num);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/rc4.h b/include/openssl/rc4.h
deleted file mode 100644
index 88ceb46bc5..0000000000
--- a/include/openssl/rc4.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/* crypto/rc4/rc4.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RC4_H
-#define HEADER_RC4_H
-
-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC4, RC4_INT */
-#ifdef OPENSSL_NO_RC4
-#error RC4 is disabled.
-#endif
-
-#include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct rc4_key_st
-	{
-	RC4_INT x,y;
-	RC4_INT data[256];
-	} RC4_KEY;
-
- 
-const char *RC4_options(void);
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
-		unsigned char *outdata);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/ripemd.h b/include/openssl/ripemd.h
deleted file mode 100644
index 189bd8c90e..0000000000
--- a/include/openssl/ripemd.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/* crypto/ripemd/ripemd.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RIPEMD_H
-#define HEADER_RIPEMD_H
-
-#include <openssl/e_os2.h>
-#include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_RIPEMD
-#error RIPEMD is disabled.
-#endif
-
-#if defined(__LP32__)
-#define RIPEMD160_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define RIPEMD160_LONG unsigned long
-#define RIPEMD160_LONG_LOG2 3
-#else
-#define RIPEMD160_LONG unsigned int
-#endif
-
-#define RIPEMD160_CBLOCK	64
-#define RIPEMD160_LBLOCK	(RIPEMD160_CBLOCK/4)
-#define RIPEMD160_DIGEST_LENGTH	20
-
-typedef struct RIPEMD160state_st
-	{
-	RIPEMD160_LONG A,B,C,D,E;
-	RIPEMD160_LONG Nl,Nh;
-	RIPEMD160_LONG data[RIPEMD160_LBLOCK];
-	unsigned int   num;
-	} RIPEMD160_CTX;
-
-#ifdef OPENSSL_FIPS
-int private_RIPEMD160_Init(RIPEMD160_CTX *c);
-#endif
-int RIPEMD160_Init(RIPEMD160_CTX *c);
-int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
-int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
-unsigned char *RIPEMD160(const unsigned char *d, size_t n,
-	unsigned char *md);
-void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
deleted file mode 100644
index 11853fee5f..0000000000
--- a/include/openssl/rsa.h
+++ /dev/null
@@ -1,583 +0,0 @@
-/* crypto/rsa/rsa.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RSA_H
-#define HEADER_RSA_H
-
-#include <openssl/asn1.h>
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/crypto.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef OPENSSL_NO_RSA
-#error RSA is disabled.
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Declared already in ossl_typ.h */
-/* typedef struct rsa_st RSA; */
-/* typedef struct rsa_meth_st RSA_METHOD; */
-
-struct rsa_meth_st
-	{
-	const char *name;
-	int (*rsa_pub_enc)(int flen,const unsigned char *from,
-			   unsigned char *to,
-			   RSA *rsa,int padding);
-	int (*rsa_pub_dec)(int flen,const unsigned char *from,
-			   unsigned char *to,
-			   RSA *rsa,int padding);
-	int (*rsa_priv_enc)(int flen,const unsigned char *from,
-			    unsigned char *to,
-			    RSA *rsa,int padding);
-	int (*rsa_priv_dec)(int flen,const unsigned char *from,
-			    unsigned char *to,
-			    RSA *rsa,int padding);
-	int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */
-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-			  const BIGNUM *m, BN_CTX *ctx,
-			  BN_MONT_CTX *m_ctx); /* Can be null */
-	int (*init)(RSA *rsa);		/* called at new */
-	int (*finish)(RSA *rsa);	/* called at free */
-	int flags;			/* RSA_METHOD_FLAG_* things */
-	char *app_data;			/* may be needed! */
-/* New sign and verify functions: some libraries don't allow arbitrary data
- * to be signed/verified: this allows them to be used. Note: for this to work
- * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
- * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
- * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
- * option is set in 'flags'.
- */
-	int (*rsa_sign)(int type,
-		const unsigned char *m, unsigned int m_length,
-		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-	int (*rsa_verify)(int dtype,
-		const unsigned char *m, unsigned int m_length,
-		const unsigned char *sigbuf, unsigned int siglen,
-								const RSA *rsa);
-/* If this callback is NULL, the builtin software RSA key-gen will be used. This
- * is for behavioural compatibility whilst the code gets rewired, but one day
- * it would be nice to assume there are no such things as "builtin software"
- * implementations. */
-	int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-	};
-
-struct rsa_st
-	{
-	/* The first parameter is used to pickup errors where
-	 * this is passed instead of aEVP_PKEY, it is set to 0 */
-	int pad;
-	long version;
-	const RSA_METHOD *meth;
-	/* functional reference if 'meth' is ENGINE-provided */
-	ENGINE *engine;
-	BIGNUM *n;
-	BIGNUM *e;
-	BIGNUM *d;
-	BIGNUM *p;
-	BIGNUM *q;
-	BIGNUM *dmp1;
-	BIGNUM *dmq1;
-	BIGNUM *iqmp;
-	/* be careful using this if the RSA structure is shared */
-	CRYPTO_EX_DATA ex_data;
-	int references;
-	int flags;
-
-	/* Used to cache montgomery values */
-	BN_MONT_CTX *_method_mod_n;
-	BN_MONT_CTX *_method_mod_p;
-	BN_MONT_CTX *_method_mod_q;
-
-	/* all BIGNUM values are actually in the following data, if it is not
-	 * NULL */
-	char *bignum_data;
-	BN_BLINDING *blinding;
-	BN_BLINDING *mt_blinding;
-	};
-
-#ifndef OPENSSL_RSA_MAX_MODULUS_BITS
-# define OPENSSL_RSA_MAX_MODULUS_BITS	16384
-#endif
-
-#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
-# define OPENSSL_RSA_SMALL_MODULUS_BITS	3072
-#endif
-#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
-# define OPENSSL_RSA_MAX_PUBEXP_BITS	64 /* exponent limit enforced for "large" modulus only */
-#endif
-
-#define RSA_3	0x3L
-#define RSA_F4	0x10001L
-
-#define RSA_METHOD_FLAG_NO_CHECK	0x0001 /* don't check pub/private match */
-
-#define RSA_FLAG_CACHE_PUBLIC		0x0002
-#define RSA_FLAG_CACHE_PRIVATE		0x0004
-#define RSA_FLAG_BLINDING		0x0008
-#define RSA_FLAG_THREAD_SAFE		0x0010
-/* This flag means the private key operations will be handled by rsa_mod_exp
- * and that they do not depend on the private key components being present:
- * for example a key stored in external hardware. Without this flag bn_mod_exp
- * gets called when private key components are absent.
- */
-#define RSA_FLAG_EXT_PKEY		0x0020
-
-/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
- */
-#define RSA_FLAG_SIGN_VER		0x0040
-
-#define RSA_FLAG_NO_BLINDING		0x0080 /* new with 0.9.6j and 0.9.7b; the built-in
-                                                * RSA implementation now uses blinding by
-                                                * default (ignoring RSA_FLAG_BLINDING),
-                                                * but other engines might not need it
-                                                */
-#define RSA_FLAG_NO_CONSTTIME		0x0100 /* new with 0.9.8f; the built-in RSA
-						* implementation now uses constant time
-						* operations by default in private key operations,
-						* e.g., constant time modular exponentiation, 
-                                                * modular inverse without leaking branches, 
-                                                * division without leaking branches. This 
-                                                * flag disables these constant time 
-                                                * operations and results in faster RSA 
-                                                * private key operations.
-                                                */ 
-#ifndef OPENSSL_NO_DEPRECATED
-#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/
-                                                /* new with 0.9.7h; the built-in RSA
-                                                * implementation now uses constant time
-                                                * modular exponentiation for secret exponents
-                                                * by default. This flag causes the
-                                                * faster variable sliding window method to
-                                                * be used for all exponents.
-                                                */
-#endif
-
-
-#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
-				pad, NULL)
-
-#define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \
-				EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
-
-#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
-				(EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
-				EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
-				len, NULL)
-
-#define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
-				(EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
-				EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \
-				0, plen)
-
-#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
-				EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
-
-#define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
-	EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
-				EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
-
-#define	 EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md)	\
-		EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG,  \
-				EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md)
-
-#define	 EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd)	\
-		EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG,  \
-				EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd)
-
-#define EVP_PKEY_CTRL_RSA_PADDING	(EVP_PKEY_ALG_CTRL + 1)
-#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN	(EVP_PKEY_ALG_CTRL + 2)
-
-#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS	(EVP_PKEY_ALG_CTRL + 3)
-#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP	(EVP_PKEY_ALG_CTRL + 4)
-#define EVP_PKEY_CTRL_RSA_MGF1_MD	(EVP_PKEY_ALG_CTRL + 5)
-
-#define EVP_PKEY_CTRL_GET_RSA_PADDING		(EVP_PKEY_ALG_CTRL + 6)
-#define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN	(EVP_PKEY_ALG_CTRL + 7)
-#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD		(EVP_PKEY_ALG_CTRL + 8)
-
-#define RSA_PKCS1_PADDING	1
-#define RSA_SSLV23_PADDING	2
-#define RSA_NO_PADDING		3
-#define RSA_PKCS1_OAEP_PADDING	4
-#define RSA_X931_PADDING	5
-/* EVP_PKEY_ only */
-#define RSA_PKCS1_PSS_PADDING	6
-
-#define RSA_PKCS1_PADDING_SIZE	11
-
-#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
-#define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
-
-RSA *	RSA_new(void);
-RSA *	RSA_new_method(ENGINE *engine);
-int	RSA_size(const RSA *rsa);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-RSA *	RSA_generate_key(int bits, unsigned long e,void
-		(*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int	RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-
-int	RSA_check_key(const RSA *);
-	/* next 4 return -1 on error */
-int	RSA_public_encrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-int	RSA_private_encrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-int	RSA_public_decrypt(int flen, const unsigned char *from, 
-		unsigned char *to, RSA *rsa,int padding);
-int	RSA_private_decrypt(int flen, const unsigned char *from, 
-		unsigned char *to, RSA *rsa,int padding);
-void	RSA_free (RSA *r);
-/* "up" the RSA object's reference count */
-int	RSA_up_ref(RSA *r);
-
-int	RSA_flags(const RSA *r);
-
-void RSA_set_default_method(const RSA_METHOD *meth);
-const RSA_METHOD *RSA_get_default_method(void);
-const RSA_METHOD *RSA_get_method(const RSA *rsa);
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
-
-/* This function needs the memory locking malloc callbacks to be installed */
-int RSA_memory_lock(RSA *r);
-
-/* these are the actual SSLeay RSA functions */
-const RSA_METHOD *RSA_PKCS1_SSLeay(void);
-
-const RSA_METHOD *RSA_null_method(void);
-
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
-
-typedef struct rsa_pss_params_st
-	{
-	X509_ALGOR *hashAlgorithm;
-	X509_ALGOR *maskGenAlgorithm;
-	ASN1_INTEGER *saltLength;
-	ASN1_INTEGER *trailerField;
-	} RSA_PSS_PARAMS;
-
-DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
-
-#ifndef OPENSSL_NO_FP_API
-int	RSA_print_fp(FILE *fp, const RSA *r,int offset);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-int	RSA_print(BIO *bp, const RSA *r,int offset);
-#endif
-
-#ifndef OPENSSL_NO_RC4
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
-		int (*cb)(char *buf, int len, const char *prompt, int verify),
-		int sgckey);
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-		 int (*cb)(char *buf, int len, const char *prompt, int verify),
-		 int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-		     int (*cb)(char *buf, int len, const char *prompt,
-			       int verify));
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-		      int (*cb)(char *buf, int len, const char *prompt,
-				int verify));
-#endif
-
-/* The following 2 functions sign and verify a X509_SIG ASN1 object
- * inside PKCS#1 padded RSA encryption */
-int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
-	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
-	const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
-/* The following 2 function sign and verify a ASN1_OCTET_STRING
- * object inside PKCS#1 padded RSA encryption */
-int RSA_sign_ASN1_OCTET_STRING(int type,
-	const unsigned char *m, unsigned int m_length,
-	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify_ASN1_OCTET_STRING(int type,
-	const unsigned char *m, unsigned int m_length,
-	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
-void RSA_blinding_off(RSA *rsa);
-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
-
-int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
-	const unsigned char *f,int fl);
-int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,int rsa_len);
-int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
-	const unsigned char *f,int fl);
-int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,int rsa_len);
-int PKCS1_MGF1(unsigned char *mask, long len,
-	const unsigned char *seed, long seedlen, const EVP_MD *dgst);
-int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,
-	const unsigned char *p,int pl);
-int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,int rsa_len,
-	const unsigned char *p,int pl);
-int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
-	const unsigned char *f,int fl);
-int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,int rsa_len);
-int RSA_padding_add_none(unsigned char *to,int tlen,
-	const unsigned char *f,int fl);
-int RSA_padding_check_none(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,int rsa_len);
-int RSA_padding_add_X931(unsigned char *to,int tlen,
-	const unsigned char *f,int fl);
-int RSA_padding_check_X931(unsigned char *to,int tlen,
-	const unsigned char *f,int fl,int rsa_len);
-int RSA_X931_hash_id(int nid);
-
-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
-			const EVP_MD *Hash, const unsigned char *EM, int sLen);
-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
-			const unsigned char *mHash,
-			const EVP_MD *Hash, int sLen);
-
-int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
-			const EVP_MD *Hash, const EVP_MD *mgf1Hash, 
-			const unsigned char *EM, int sLen);
-
-int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
-			const unsigned char *mHash,
-			const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen);
-
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int RSA_set_ex_data(RSA *r,int idx,void *arg);
-void *RSA_get_ex_data(const RSA *r, int idx);
-
-RSA *RSAPublicKey_dup(RSA *rsa);
-RSA *RSAPrivateKey_dup(RSA *rsa);
-
-/* If this flag is set the RSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its responsibility
- * to ensure the result is compliant.
- */
-
-#define RSA_FLAG_FIPS_METHOD			0x0400
-
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-#define RSA_FLAG_NON_FIPS_ALLOW			0x0400
-/* Application has decided PRNG is good enough to generate a key: don't
- * check.
- */
-#define RSA_FLAG_CHECKED			0x0800
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_RSA_strings(void);
-
-/* Error codes for the RSA functions. */
-
-/* Function codes. */
-#define RSA_F_CHECK_PADDING_MD				 140
-#define RSA_F_DO_RSA_PRINT				 146
-#define RSA_F_INT_RSA_VERIFY				 145
-#define RSA_F_MEMORY_LOCK				 100
-#define RSA_F_OLD_RSA_PRIV_DECODE			 147
-#define RSA_F_PKEY_RSA_CTRL				 143
-#define RSA_F_PKEY_RSA_CTRL_STR				 144
-#define RSA_F_PKEY_RSA_SIGN				 142
-#define RSA_F_PKEY_RSA_VERIFY				 154
-#define RSA_F_PKEY_RSA_VERIFYRECOVER			 141
-#define RSA_F_RSA_BUILTIN_KEYGEN			 129
-#define RSA_F_RSA_CHECK_KEY				 123
-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT			 101
-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT			 102
-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT			 103
-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 104
-#define RSA_F_RSA_GENERATE_KEY				 105
-#define RSA_F_RSA_GENERATE_KEY_EX			 155
-#define RSA_F_RSA_ITEM_VERIFY				 156
-#define RSA_F_RSA_MEMORY_LOCK				 130
-#define RSA_F_RSA_NEW_METHOD				 106
-#define RSA_F_RSA_NULL					 124
-#define RSA_F_RSA_NULL_MOD_EXP				 131
-#define RSA_F_RSA_NULL_PRIVATE_DECRYPT			 132
-#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT			 133
-#define RSA_F_RSA_NULL_PUBLIC_DECRYPT			 134
-#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT			 135
-#define RSA_F_RSA_PADDING_ADD_NONE			 107
-#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP		 121
-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS			 125
-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1		 148
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 109
-#define RSA_F_RSA_PADDING_ADD_SSLV23			 110
-#define RSA_F_RSA_PADDING_ADD_X931			 127
-#define RSA_F_RSA_PADDING_CHECK_NONE			 111
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP		 122
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 112
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 113
-#define RSA_F_RSA_PADDING_CHECK_SSLV23			 114
-#define RSA_F_RSA_PADDING_CHECK_X931			 128
-#define RSA_F_RSA_PRINT					 115
-#define RSA_F_RSA_PRINT_FP				 116
-#define RSA_F_RSA_PRIVATE_DECRYPT			 150
-#define RSA_F_RSA_PRIVATE_ENCRYPT			 151
-#define RSA_F_RSA_PRIV_DECODE				 137
-#define RSA_F_RSA_PRIV_ENCODE				 138
-#define RSA_F_RSA_PUBLIC_DECRYPT			 152
-#define RSA_F_RSA_PUBLIC_ENCRYPT			 153
-#define RSA_F_RSA_PUB_DECODE				 139
-#define RSA_F_RSA_SETUP_BLINDING			 136
-#define RSA_F_RSA_SIGN					 117
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 118
-#define RSA_F_RSA_VERIFY				 119
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 120
-#define RSA_F_RSA_VERIFY_PKCS1_PSS			 126
-#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1			 149
-
-/* Reason codes. */
-#define RSA_R_ALGORITHM_MISMATCH			 100
-#define RSA_R_BAD_E_VALUE				 101
-#define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102
-#define RSA_R_BAD_PAD_BYTE_COUNT			 103
-#define RSA_R_BAD_SIGNATURE				 104
-#define RSA_R_BLOCK_TYPE_IS_NOT_01			 106
-#define RSA_R_BLOCK_TYPE_IS_NOT_02			 107
-#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
-#define RSA_R_DATA_TOO_LARGE				 109
-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
-#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS		 132
-#define RSA_R_DATA_TOO_SMALL				 111
-#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE		 122
-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
-#define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124
-#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125
-#define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123
-#define RSA_R_FIRST_OCTET_INVALID			 133
-#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE	 144
-#define RSA_R_INVALID_DIGEST_LENGTH			 143
-#define RSA_R_INVALID_HEADER				 137
-#define RSA_R_INVALID_KEYBITS				 145
-#define RSA_R_INVALID_MESSAGE_LENGTH			 131
-#define RSA_R_INVALID_MGF1_MD				 156
-#define RSA_R_INVALID_PADDING				 138
-#define RSA_R_INVALID_PADDING_MODE			 141
-#define RSA_R_INVALID_PSS_PARAMETERS			 149
-#define RSA_R_INVALID_PSS_SALTLEN			 146
-#define RSA_R_INVALID_SALT_LENGTH			 150
-#define RSA_R_INVALID_TRAILER				 139
-#define RSA_R_INVALID_X931_DIGEST			 142
-#define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
-#define RSA_R_KEY_SIZE_TOO_SMALL			 120
-#define RSA_R_LAST_OCTET_INVALID			 134
-#define RSA_R_MODULUS_TOO_LARGE				 105
-#define RSA_R_NON_FIPS_RSA_METHOD			 157
-#define RSA_R_NO_PUBLIC_EXPONENT			 140
-#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
-#define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
-#define RSA_R_OAEP_DECODING_ERROR			 121
-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE	 158
-#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE	 148
-#define RSA_R_PADDING_CHECK_FAILED			 114
-#define RSA_R_PKCS_DECODING_ERROR			 159
-#define RSA_R_P_NOT_PRIME				 128
-#define RSA_R_Q_NOT_PRIME				 129
-#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED		 130
-#define RSA_R_SLEN_CHECK_FAILED				 136
-#define RSA_R_SLEN_RECOVERY_FAILED			 135
-#define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
-#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
-#define RSA_R_UNKNOWN_MASK_DIGEST			 151
-#define RSA_R_UNKNOWN_PADDING_TYPE			 118
-#define RSA_R_UNKNOWN_PSS_DIGEST			 152
-#define RSA_R_UNSUPPORTED_MASK_ALGORITHM		 153
-#define RSA_R_UNSUPPORTED_MASK_PARAMETER		 154
-#define RSA_R_UNSUPPORTED_SIGNATURE_TYPE		 155
-#define RSA_R_VALUE_MISSING				 147
-#define RSA_R_WRONG_SIGNATURE_LENGTH			 119
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h
deleted file mode 100644
index bc194cb268..0000000000
--- a/include/openssl/safestack.h
+++ /dev/null
@@ -1,2671 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SAFESTACK_H
-#define HEADER_SAFESTACK_H
-
-#include <openssl/stack.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef CHECKED_PTR_OF
-#define CHECKED_PTR_OF(type, p) \
-    ((void*) (1 ? p : (type*)0))
-#endif
-
-/* In C++ we get problems because an explicit cast is needed from (void *)
- * we use CHECKED_STACK_OF to ensure the correct type is passed in the macros
- * below. 
- */
-
-#define CHECKED_STACK_OF(type, p) \
-    ((_STACK*) (1 ? p : (STACK_OF(type)*)0))
-
-#define CHECKED_SK_FREE_FUNC(type, p) \
-    ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))
-
-#define CHECKED_SK_FREE_FUNC2(type, p) \
-    ((void (*)(void *)) ((1 ? p : (void (*)(type))0)))
-
-#define CHECKED_SK_CMP_FUNC(type, p) \
-    ((int (*)(const void *, const void *)) \
-	((1 ? p : (int (*)(const type * const *, const type * const *))0)))
-
-#define STACK_OF(type) struct stack_st_##type
-#define PREDECLARE_STACK_OF(type) STACK_OF(type);
-
-#define DECLARE_STACK_OF(type) \
-STACK_OF(type) \
-    { \
-    _STACK stack; \
-    };
-#define DECLARE_SPECIAL_STACK_OF(type, type2) \
-STACK_OF(type) \
-    { \
-    _STACK stack; \
-    };
-
-#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/
-
-
-/* Strings are special: normally an lhash entry will point to a single
- * (somewhat) mutable object. In the case of strings:
- *
- * a) Instead of a single char, there is an array of chars, NUL-terminated.
- * b) The string may have be immutable.
- *
- * So, they need their own declarations. Especially important for
- * type-checking tools, such as Deputy.
- *
-o * In practice, however, it appears to be hard to have a const
- * string. For now, I'm settling for dealing with the fact it is a
- * string at all.
- */
-typedef char *OPENSSL_STRING;
-
-typedef const char *OPENSSL_CSTRING;
-
-/* Confusingly, LHASH_OF(STRING) deals with char ** throughout, but
- * STACK_OF(STRING) is really more like STACK_OF(char), only, as
- * mentioned above, instead of a single char each entry is a
- * NUL-terminated array of chars. So, we have to implement STRING
- * specially for STACK_OF. This is dealt with in the autogenerated
- * macros below.
- */
-
-DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
-
-/* Similarly, we sometimes use a block of characters, NOT
- * nul-terminated. These should also be distinguished from "normal"
- * stacks. */
-
-typedef void *OPENSSL_BLOCK;
-DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
-
-/* SKM_sk_... stack macros are internal to safestack.h:
- * never use them directly, use sk_<type>_... instead */
-#define SKM_sk_new(type, cmp) \
-	((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp)))
-#define SKM_sk_new_null(type) \
-	((STACK_OF(type) *)sk_new_null())
-#define SKM_sk_free(type, st) \
-	sk_free(CHECKED_STACK_OF(type, st))
-#define SKM_sk_num(type, st) \
-	sk_num(CHECKED_STACK_OF(type, st))
-#define SKM_sk_value(type, st,i) \
-	((type *)sk_value(CHECKED_STACK_OF(type, st), i))
-#define SKM_sk_set(type, st,i,val) \
-	sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val))
-#define SKM_sk_zero(type, st) \
-	sk_zero(CHECKED_STACK_OF(type, st))
-#define SKM_sk_push(type, st, val) \
-	sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_unshift(type, st, val) \
-	sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_find(type, st, val) \
-	sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_find_ex(type, st, val) \
-	sk_find_ex(CHECKED_STACK_OF(type, st), \
-		   CHECKED_PTR_OF(type, val))
-#define SKM_sk_delete(type, st, i) \
-	(type *)sk_delete(CHECKED_STACK_OF(type, st), i)
-#define SKM_sk_delete_ptr(type, st, ptr) \
-	(type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr))
-#define SKM_sk_insert(type, st,val, i) \
-	sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i)
-#define SKM_sk_set_cmp_func(type, st, cmp) \
-	((int (*)(const type * const *,const type * const *)) \
-	sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp)))
-#define SKM_sk_dup(type, st) \
-	(STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st))
-#define SKM_sk_pop_free(type, st, free_func) \
-	sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func))
-#define SKM_sk_shift(type, st) \
-	(type *)sk_shift(CHECKED_STACK_OF(type, st))
-#define SKM_sk_pop(type, st) \
-	(type *)sk_pop(CHECKED_STACK_OF(type, st))
-#define SKM_sk_sort(type, st) \
-	sk_sort(CHECKED_STACK_OF(type, st))
-#define SKM_sk_is_sorted(type, st) \
-	sk_is_sorted(CHECKED_STACK_OF(type, st))
-
-#define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-  (STACK_OF(type) *)d2i_ASN1_SET( \
-				(STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \
-				pp, length, \
-				CHECKED_D2I_OF(type, d2i_func), \
-				CHECKED_SK_FREE_FUNC(type, free_func), \
-				ex_tag, ex_class)
-
-#define	SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
-  i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \
-				CHECKED_I2D_OF(type, i2d_func), \
-				ex_tag, ex_class, is_set)
-
-#define	SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
-	ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \
-			CHECKED_I2D_OF(type, i2d_func), buf, len)
-
-#define	SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
-	(STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func))
-
-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
-	(STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \
-				CHECKED_D2I_OF(type, d2i_func), \
-				CHECKED_SK_FREE_FUNC(type, free_func), \
-				pass, passlen, oct, seq)
-
-/* This block of defines is updated by util/mkstack.pl, please do not touch! */
-#define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp))
-#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
-#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))
-#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val))
-#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i))
-#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr))
-#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i))
-#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp))
-#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st)
-#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func))
-#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))
-
-#define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp))
-#define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange)
-#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st))
-#define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st))
-#define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i))
-#define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val))
-#define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st))
-#define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i))
-#define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr))
-#define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i))
-#define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp))
-#define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st)
-#define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func))
-#define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st))
-#define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st))
-#define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st))
-#define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st))
-
-#define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp))
-#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
-#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i))
-#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val))
-#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))
-#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))
-#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))
-#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))
-#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)
-#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))
-#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st))
-
-#define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp))
-#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
-#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i))
-#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val))
-#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i))
-#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr))
-#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i))
-#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp))
-#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st)
-#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func))
-#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st))
-
-#define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp))
-#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)
-#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i))
-#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val))
-#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i))
-#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr))
-#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i))
-#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp))
-#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st)
-#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func))
-#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st))
-
-#define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp))
-#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)
-#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i))
-#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val))
-#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i))
-#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr))
-#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i))
-#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp))
-#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st)
-#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func))
-#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st))
-
-#define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp))
-#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)
-#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i))
-#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val))
-#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i))
-#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr))
-#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i))
-#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp))
-#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st)
-#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func))
-#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st))
-
-#define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp))
-#define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING)
-#define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st))
-#define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st))
-#define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i))
-#define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val))
-#define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st))
-#define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val))
-#define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val))
-#define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val))
-#define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val))
-#define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i))
-#define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr))
-#define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i))
-#define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp))
-#define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st)
-#define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func))
-#define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st))
-#define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st))
-#define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st))
-#define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st))
-
-#define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp))
-#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)
-#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i))
-#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val))
-#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i))
-#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr))
-#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i))
-#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp))
-#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st)
-#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func))
-#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st))
-
-#define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp))
-#define sk_BIO_new_null() SKM_sk_new_null(BIO)
-#define sk_BIO_free(st) SKM_sk_free(BIO, (st))
-#define sk_BIO_num(st) SKM_sk_num(BIO, (st))
-#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i))
-#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val))
-#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st))
-#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val))
-#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val))
-#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val))
-#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val))
-#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i))
-#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr))
-#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i))
-#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp))
-#define sk_BIO_dup(st) SKM_sk_dup(BIO, st)
-#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func))
-#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))
-#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
-#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
-#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))
-
-#define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp))
-#define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY)
-#define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st))
-#define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st))
-#define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i))
-#define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val))
-#define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st))
-#define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val))
-#define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val))
-#define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val))
-#define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val))
-#define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i))
-#define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr))
-#define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i))
-#define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp))
-#define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st)
-#define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func))
-#define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st))
-#define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st))
-#define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st))
-#define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st))
-
-#define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp))
-#define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH)
-#define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st))
-#define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st))
-#define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i))
-#define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val))
-#define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st))
-#define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val))
-#define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val))
-#define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val))
-#define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val))
-#define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i))
-#define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr))
-#define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i))
-#define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp))
-#define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st)
-#define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func))
-#define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st))
-#define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st))
-#define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st))
-#define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st))
-
-#define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp))
-#define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices)
-#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i))
-#define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val))
-#define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i))
-#define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr))
-#define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i))
-#define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp))
-#define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st)
-#define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func))
-#define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st))
-
-#define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp))
-#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo)
-#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i))
-#define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val))
-#define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i))
-#define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr))
-#define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i))
-#define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp))
-#define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st)
-#define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func))
-#define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st))
-
-#define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp))
-#define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice)
-#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i))
-#define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val))
-#define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i))
-#define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr))
-#define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i))
-#define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp))
-#define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st)
-#define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func))
-#define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st))
-
-#define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp))
-#define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo)
-#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i))
-#define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val))
-#define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i))
-#define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr))
-#define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i))
-#define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp))
-#define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st)
-#define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func))
-#define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st))
-
-#define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp))
-#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
-#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i))
-#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val))
-#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))
-#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))
-#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))
-#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))
-#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)
-#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))
-#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st))
-
-#define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp))
-#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
-#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
-#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))
-#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i))
-#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val))
-#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st))
-#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))
-#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))
-#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))
-#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))
-#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)
-#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))
-#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))
-#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))
-#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
-#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st))
-
-#define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp))
-#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
-#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
-#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))
-#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i))
-#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val))
-#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st))
-#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i))
-#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr))
-#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i))
-#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp))
-#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st)
-#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func))
-#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))
-#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))
-#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
-#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))
-
-#define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp))
-#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
-#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))
-#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))
-#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)
-#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))
-#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))
-
-#define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp))
-#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
-#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i))
-#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val))
-#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))
-#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))
-#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))
-#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))
-#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)
-#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))
-#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))
-
-#define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp))
-#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
-#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
-#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))
-#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i))
-#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val))
-#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st))
-#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i))
-#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr))
-#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i))
-#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp))
-#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st)
-#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func))
-#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))
-#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))
-#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
-#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st))
-
-#define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp))
-#define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)
-#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))
-#define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))
-#define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i))
-#define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val))
-#define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st))
-#define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val))
-#define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val))
-#define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val))
-#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val))
-#define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i))
-#define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr))
-#define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i))
-#define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp))
-#define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st)
-#define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func))
-#define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))
-#define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))
-#define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
-#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st))
-
-#define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp))
-#define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)
-#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i))
-#define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val))
-#define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i))
-#define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr))
-#define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i))
-#define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp))
-#define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st)
-#define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func))
-#define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))
-
-#define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp))
-#define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID)
-#define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st))
-#define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st))
-#define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i))
-#define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val))
-#define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st))
-#define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val))
-#define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val))
-#define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val))
-#define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val))
-#define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i))
-#define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr))
-#define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i))
-#define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp))
-#define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st)
-#define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func))
-#define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st))
-#define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st))
-#define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st))
-#define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st))
-
-#define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp))
-#define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD)
-#define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st))
-#define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st))
-#define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i))
-#define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val))
-#define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st))
-#define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val))
-#define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val))
-#define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val))
-#define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val))
-#define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i))
-#define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr))
-#define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i))
-#define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp))
-#define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st)
-#define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func))
-#define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st))
-#define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st))
-#define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st))
-#define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st))
-
-#define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp))
-#define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL)
-#define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st))
-#define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st))
-#define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i))
-#define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val))
-#define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st))
-#define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val))
-#define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val))
-#define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val))
-#define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val))
-#define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i))
-#define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr))
-#define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i))
-#define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp))
-#define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st)
-#define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func))
-#define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st))
-#define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st))
-#define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st))
-#define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st))
-
-#define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp))
-#define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD)
-#define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st))
-#define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st))
-#define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i))
-#define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val))
-#define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st))
-#define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val))
-#define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val))
-#define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val))
-#define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val))
-#define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i))
-#define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr))
-#define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i))
-#define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp))
-#define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st)
-#define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func))
-#define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st))
-#define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st))
-#define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st))
-#define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st))
-
-#define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp))
-#define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD)
-#define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st))
-#define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st))
-#define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i))
-#define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val))
-#define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st))
-#define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val))
-#define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val))
-#define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val))
-#define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val))
-#define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i))
-#define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr))
-#define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i))
-#define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp))
-#define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st)
-#define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func))
-#define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st))
-#define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st))
-#define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st))
-#define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st))
-
-#define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp))
-#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
-#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i))
-#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val))
-#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i))
-#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr))
-#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i))
-#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp))
-#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st)
-#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
-#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))
-
-#define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp))
-#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES)
-#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i))
-#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val))
-#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i))
-#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr))
-#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i))
-#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp))
-#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st)
-#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func))
-#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st))
-
-#define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp))
-#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)
-#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i))
-#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val))
-#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i))
-#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr))
-#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i))
-#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp))
-#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st)
-#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func))
-#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st))
-
-#define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp))
-#define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily)
-#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st))
-#define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st))
-#define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i))
-#define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val))
-#define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st))
-#define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i))
-#define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr))
-#define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i))
-#define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp))
-#define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st)
-#define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func))
-#define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st))
-#define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st))
-#define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st))
-#define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st))
-
-#define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp))
-#define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange)
-#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i))
-#define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val))
-#define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i))
-#define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr))
-#define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i))
-#define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp))
-#define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st)
-#define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func))
-#define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st))
-
-#define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp))
-#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
-#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i))
-#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val))
-#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))
-#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))
-#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))
-#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))
-#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)
-#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))
-#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))
-
-#define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp))
-#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
-#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i))
-#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val))
-#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))
-#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))
-#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))
-#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))
-#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)
-#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))
-#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))
-
-#define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp))
-#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
-#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i))
-#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val))
-#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))
-#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))
-#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))
-#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))
-#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)
-#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))
-#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))
-
-#define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp))
-#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
-#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i))
-#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val))
-#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))
-#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))
-#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))
-#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))
-#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)
-#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))
-#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))
-
-#define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp))
-#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
-#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i))
-#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val))
-#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))
-#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))
-#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))
-#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))
-#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)
-#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))
-#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))
-
-#define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp))
-#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
-#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i))
-#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val))
-#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))
-#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))
-#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))
-#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))
-#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)
-#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))
-#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))
-
-#define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp))
-#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
-#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i))
-#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val))
-#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))
-#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))
-#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))
-#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))
-#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)
-#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))
-#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))
-
-#define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp))
-#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
-#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i))
-#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val))
-#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))
-#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))
-#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))
-#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))
-#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)
-#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))
-#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))
-
-#define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp))
-#define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA)
-#define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st))
-#define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st))
-#define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i))
-#define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val))
-#define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st))
-#define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val))
-#define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val))
-#define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val))
-#define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val))
-#define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i))
-#define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr))
-#define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i))
-#define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp))
-#define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st)
-#define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func))
-#define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st))
-#define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st))
-#define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st))
-#define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st))
-
-#define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp))
-#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
-#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
-#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
-#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
-#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
-#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
-#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
-#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
-#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
-#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
-#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
-#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
-#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
-#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
-#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
-#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
-
-#define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp))
-#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
-#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
-#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
-#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
-#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
-#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
-#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
-#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
-#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
-#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
-#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
-#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
-#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
-#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
-#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
-#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
-
-#define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp))
-#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)
-#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i))
-#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val))
-#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i))
-#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr))
-#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i))
-#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp))
-#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st)
-#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func))
-#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st))
-
-#define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp))
-#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
-#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i))
-#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val))
-#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))
-#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))
-#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))
-#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))
-#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)
-#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))
-#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st))
-
-#define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp))
-#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
-#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
-#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
-#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
-#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
-#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
-#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
-#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
-#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
-#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))
-
-#define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp))
-#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID)
-#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i))
-#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val))
-#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i))
-#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr))
-#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i))
-#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp))
-#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st)
-#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func))
-#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st))
-
-#define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp))
-#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
-#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
-#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
-#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
-#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
-#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
-#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
-#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
-#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
-#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st))
-
-#define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp))
-#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
-#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i))
-#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val))
-#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i))
-#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr))
-#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i))
-#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp))
-#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st)
-#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func))
-#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st))
-
-#define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp))
-#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)
-#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))
-#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))
-#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i))
-#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val))
-#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st))
-#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val))
-#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val))
-#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val))
-#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val))
-#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i))
-#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr))
-#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i))
-#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp))
-#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st)
-#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func))
-#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))
-#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))
-#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
-#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st))
-
-#define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp))
-#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)
-#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i))
-#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val))
-#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i))
-#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr))
-#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i))
-#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp))
-#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st)
-#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func))
-#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st))
-
-#define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp))
-#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)
-#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i))
-#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val))
-#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i))
-#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr))
-#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i))
-#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp))
-#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st)
-#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func))
-#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st))
-
-#define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp))
-#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)
-#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))
-#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))
-#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i))
-#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val))
-#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st))
-#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i))
-#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr))
-#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i))
-#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp))
-#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st)
-#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func))
-#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))
-#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))
-#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
-#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st))
-
-#define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp))
-#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)
-#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i))
-#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val))
-#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i))
-#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr))
-#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i))
-#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp))
-#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st)
-#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func))
-#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))
-
-#define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp))
-#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING)
-#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i))
-#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val))
-#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i))
-#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr))
-#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i))
-#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp))
-#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st)
-#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func))
-#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))
-
-#define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp))
-#define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN)
-#define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st))
-#define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st))
-#define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i))
-#define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val))
-#define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st))
-#define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val))
-#define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val))
-#define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val))
-#define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val))
-#define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i))
-#define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr))
-#define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i))
-#define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp))
-#define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st)
-#define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func))
-#define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st))
-#define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st))
-#define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st))
-#define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st))
-
-#define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp))
-#define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache)
-#define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i))
-#define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val))
-#define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val))
-#define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val))
-#define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val))
-#define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val))
-#define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i))
-#define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr))
-#define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i))
-#define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp))
-#define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st)
-#define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func))
-#define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st))
-#define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st))
-
-#define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp))
-#define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd)
-#define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i))
-#define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val))
-#define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val))
-#define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val))
-#define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val))
-#define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val))
-#define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i))
-#define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr))
-#define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i))
-#define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp))
-#define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st)
-#define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func))
-#define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st))
-#define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st))
-
-#define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp))
-#define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE)
-#define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st))
-#define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st))
-#define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i))
-#define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val))
-#define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st))
-#define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val))
-#define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val))
-#define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val))
-#define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val))
-#define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i))
-#define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr))
-#define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i))
-#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp))
-#define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st)
-#define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func))
-#define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st))
-#define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st))
-#define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st))
-#define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st))
-
-#define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp))
-#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
-#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i))
-#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val))
-#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i))
-#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr))
-#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i))
-#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp))
-#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st)
-#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func))
-#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st))
-
-#define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp))
-#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)
-#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))
-#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))
-#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i))
-#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val))
-#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st))
-#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i))
-#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr))
-#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i))
-#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp))
-#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st)
-#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func))
-#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))
-#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))
-#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
-#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))
-
-#define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp))
-#define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY)
-#define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st))
-#define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st))
-#define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i))
-#define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val))
-#define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st))
-#define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val))
-#define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val))
-#define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val))
-#define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val))
-#define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i))
-#define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr))
-#define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i))
-#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp))
-#define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st)
-#define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func))
-#define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st))
-#define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st))
-#define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st))
-#define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st))
-
-#define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp))
-#define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO)
-#define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st))
-#define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st))
-#define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i))
-#define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val))
-#define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st))
-#define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val))
-#define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val))
-#define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val))
-#define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val))
-#define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i))
-#define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr))
-#define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i))
-#define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp))
-#define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st)
-#define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func))
-#define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st))
-#define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st))
-#define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st))
-#define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st))
-
-#define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp))
-#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT)
-#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i))
-#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val))
-#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i))
-#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr))
-#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i))
-#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp))
-#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st)
-#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func))
-#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st))
-
-#define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp))
-#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
-#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
-#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))
-#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i))
-#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val))
-#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st))
-#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))
-#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))
-#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))
-#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val))
-#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))
-#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))
-#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))
-#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))
-#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)
-#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))
-#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))
-#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
-#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
-#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))
-
-#define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp))
-#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
-#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
-#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))
-#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i))
-#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val))
-#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st))
-#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val))
-#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val))
-#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val))
-#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val))
-#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i))
-#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr))
-#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i))
-#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp))
-#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st)
-#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func))
-#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))
-#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))
-#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
-#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st))
-
-#define sk_X509_new(cmp) SKM_sk_new(X509, (cmp))
-#define sk_X509_new_null() SKM_sk_new_null(X509)
-#define sk_X509_free(st) SKM_sk_free(X509, (st))
-#define sk_X509_num(st) SKM_sk_num(X509, (st))
-#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i))
-#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val))
-#define sk_X509_zero(st) SKM_sk_zero(X509, (st))
-#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val))
-#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val))
-#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val))
-#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val))
-#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i))
-#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr))
-#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i))
-#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp))
-#define sk_X509_dup(st) SKM_sk_dup(X509, st)
-#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func))
-#define sk_X509_shift(st) SKM_sk_shift(X509, (st))
-#define sk_X509_pop(st) SKM_sk_pop(X509, (st))
-#define sk_X509_sort(st) SKM_sk_sort(X509, (st))
-#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st))
-
-#define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp))
-#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)
-#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i))
-#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val))
-#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i))
-#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr))
-#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i))
-#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp))
-#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st)
-#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func))
-#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st))
-
-#define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp))
-#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)
-#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))
-#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))
-#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i))
-#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val))
-#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st))
-#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i))
-#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr))
-#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i))
-#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp))
-#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st)
-#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func))
-#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))
-#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))
-#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
-#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st))
-
-#define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp))
-#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)
-#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i))
-#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val))
-#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i))
-#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr))
-#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i))
-#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp))
-#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st)
-#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func))
-#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st))
-
-#define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp))
-#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)
-#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))
-#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))
-#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i))
-#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val))
-#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st))
-#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val))
-#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val))
-#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val))
-#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val))
-#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i))
-#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr))
-#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i))
-#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp))
-#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st)
-#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func))
-#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))
-#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))
-#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
-#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st))
-
-#define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp))
-#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)
-#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i))
-#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val))
-#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i))
-#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr))
-#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i))
-#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp))
-#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st)
-#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func))
-#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st))
-
-#define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp))
-#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)
-#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))
-#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))
-#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i))
-#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val))
-#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st))
-#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val))
-#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val))
-#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val))
-#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val))
-#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i))
-#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr))
-#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i))
-#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp))
-#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st)
-#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func))
-#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))
-#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))
-#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
-#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st))
-
-#define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp))
-#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)
-#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i))
-#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val))
-#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i))
-#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr))
-#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i))
-#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp))
-#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st)
-#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func))
-#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st))
-
-#define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp))
-#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
-#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
-#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))
-#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i))
-#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val))
-#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st))
-#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))
-#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val))
-#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val))
-#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val))
-#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i))
-#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr))
-#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i))
-#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp))
-#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st)
-#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func))
-#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))
-#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))
-#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
-#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st))
-
-#define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp))
-#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)
-#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i))
-#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val))
-#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i))
-#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr))
-#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i))
-#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp))
-#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st)
-#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func))
-#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st))
-
-#define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp))
-#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)
-#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))
-#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))
-#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i))
-#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val))
-#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st))
-#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i))
-#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr))
-#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i))
-#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp))
-#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st)
-#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func))
-#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))
-#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))
-#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
-#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))
-
-#define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp))
-#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA)
-#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i))
-#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val))
-#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i))
-#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr))
-#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i))
-#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp))
-#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st)
-#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func))
-#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st))
-
-#define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp))
-#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE)
-#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i))
-#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val))
-#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i))
-#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr))
-#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i))
-#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp))
-#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st)
-#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func))
-#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
-
-#define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp))
-#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
-#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i))
-#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val))
-#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i))
-#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr))
-#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i))
-#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp))
-#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st)
-#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func))
-#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st))
-
-#define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp))
-#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)
-#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))
-#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))
-#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i))
-#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val))
-#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st))
-#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i))
-#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr))
-#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i))
-#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp))
-#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st)
-#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func))
-#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))
-#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))
-#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
-#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st))
-
-#define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp))
-#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)
-#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))
-#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))
-#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i))
-#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val))
-#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st))
-#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i))
-#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr))
-#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i))
-#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp))
-#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st)
-#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func))
-#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))
-#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))
-#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
-#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))
-
-#define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp))
-#define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM)
-#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i))
-#define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val))
-#define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i))
-#define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr))
-#define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i))
-#define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp))
-#define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st)
-#define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func))
-#define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st))
-
-#define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp))
-#define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple)
-#define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st))
-#define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st))
-#define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i))
-#define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val))
-#define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st))
-#define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val))
-#define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val))
-#define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val))
-#define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val))
-#define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i))
-#define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr))
-#define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i))
-#define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp))
-#define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st)
-#define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func))
-#define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st))
-#define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st))
-#define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st))
-#define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st))
-
-#define sk_void_new(cmp) SKM_sk_new(void, (cmp))
-#define sk_void_new_null() SKM_sk_new_null(void)
-#define sk_void_free(st) SKM_sk_free(void, (st))
-#define sk_void_num(st) SKM_sk_num(void, (st))
-#define sk_void_value(st, i) SKM_sk_value(void, (st), (i))
-#define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val))
-#define sk_void_zero(st) SKM_sk_zero(void, (st))
-#define sk_void_push(st, val) SKM_sk_push(void, (st), (val))
-#define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val))
-#define sk_void_find(st, val) SKM_sk_find(void, (st), (val))
-#define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val))
-#define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i))
-#define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr))
-#define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i))
-#define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp))
-#define sk_void_dup(st) SKM_sk_dup(void, st)
-#define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func))
-#define sk_void_shift(st) SKM_sk_shift(void, (st))
-#define sk_void_pop(st) SKM_sk_pop(void, (st))
-#define sk_void_sort(st) SKM_sk_sort(void, (st))
-#define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st))
-
-#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
-#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null())
-#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i))
-#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
-#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i)
-#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i))
-#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr))
-#define sk_OPENSSL_STRING_set_cmp_func(st, cmp)  \
-	((int (*)(const char * const *,const char * const *)) \
-	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp)))
-#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st))
-#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
-
-
-#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
-#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i))
-#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
-#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i)
-#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
-#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr))
-#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
-	((int (*)(const void * const *,const void * const *)) \
-	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st))
-#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
-
-
-#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
-#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
-#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i))
-#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
-#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
-#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i))
-#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
-#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp)  \
-	((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \
-	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
-#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st))
-#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
-
-
-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
-#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \
-	SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \
-	SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \
-	SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))
-
-#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \
-	SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-
-#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
-	SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-
-#define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj)
-#define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst)
-#define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst)
-#define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst)
-#define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn)
-#define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg)
-#define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh)
-#define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh)
-#define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh)
-#define lh_ADDED_OBJ_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(ADDED_OBJ,lh,out)
-#define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out)
-#define lh_ADDED_OBJ_stats_bio(lh,out) \
-  LHM_lh_stats_bio(ADDED_OBJ,lh,out)
-#define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh)
-
-#define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info)
-#define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst)
-#define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst)
-#define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst)
-#define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn)
-#define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg)
-#define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh)
-#define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh)
-#define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh)
-#define lh_APP_INFO_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(APP_INFO,lh,out)
-#define lh_APP_INFO_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(APP_INFO,lh,out)
-#define lh_APP_INFO_stats_bio(lh,out) \
-  LHM_lh_stats_bio(APP_INFO,lh,out)
-#define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh)
-
-#define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value)
-#define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst)
-#define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst)
-#define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst)
-#define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn)
-#define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg)
-#define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh)
-#define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh)
-#define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh)
-#define lh_CONF_VALUE_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(CONF_VALUE,lh,out)
-#define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out)
-#define lh_CONF_VALUE_stats_bio(lh,out) \
-  LHM_lh_stats_bio(CONF_VALUE,lh,out)
-#define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh)
-
-#define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile)
-#define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst)
-#define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst)
-#define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst)
-#define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn)
-#define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg)
-#define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh)
-#define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh)
-#define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh)
-#define lh_ENGINE_PILE_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(ENGINE_PILE,lh,out)
-#define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out)
-#define lh_ENGINE_PILE_stats_bio(lh,out) \
-  LHM_lh_stats_bio(ENGINE_PILE,lh,out)
-#define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh)
-
-#define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state)
-#define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst)
-#define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst)
-#define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst)
-#define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn)
-#define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg)
-#define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh)
-#define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh)
-#define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh)
-#define lh_ERR_STATE_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(ERR_STATE,lh,out)
-#define lh_ERR_STATE_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out)
-#define lh_ERR_STATE_stats_bio(lh,out) \
-  LHM_lh_stats_bio(ERR_STATE,lh,out)
-#define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh)
-
-#define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data)
-#define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst)
-#define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst)
-#define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst)
-#define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn)
-#define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg)
-#define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh)
-#define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh)
-#define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh)
-#define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out)
-#define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out)
-#define lh_ERR_STRING_DATA_stats_bio(lh,out) \
-  LHM_lh_stats_bio(ERR_STRING_DATA,lh,out)
-#define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh)
-
-#define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item)
-#define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst)
-#define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst)
-#define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst)
-#define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn)
-#define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg)
-#define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh)
-#define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh)
-#define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh)
-#define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out)
-#define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out)
-#define lh_EX_CLASS_ITEM_stats_bio(lh,out) \
-  LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out)
-#define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh)
-
-#define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function)
-#define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst)
-#define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst)
-#define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst)
-#define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn)
-#define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg)
-#define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh)
-#define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh)
-#define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh)
-#define lh_FUNCTION_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(FUNCTION,lh,out)
-#define lh_FUNCTION_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(FUNCTION,lh,out)
-#define lh_FUNCTION_stats_bio(lh,out) \
-  LHM_lh_stats_bio(FUNCTION,lh,out)
-#define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh)
-
-#define lh_MEM_new() LHM_lh_new(MEM,mem)
-#define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst)
-#define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst)
-#define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst)
-#define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn)
-#define lh_MEM_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg)
-#define lh_MEM_error(lh) LHM_lh_error(MEM,lh)
-#define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh)
-#define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh)
-#define lh_MEM_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(MEM,lh,out)
-#define lh_MEM_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(MEM,lh,out)
-#define lh_MEM_stats_bio(lh,out) \
-  LHM_lh_stats_bio(MEM,lh,out)
-#define lh_MEM_free(lh) LHM_lh_free(MEM,lh)
-
-#define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name)
-#define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst)
-#define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst)
-#define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst)
-#define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn)
-#define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg)
-#define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh)
-#define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh)
-#define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh)
-#define lh_OBJ_NAME_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(OBJ_NAME,lh,out)
-#define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out)
-#define lh_OBJ_NAME_stats_bio(lh,out) \
-  LHM_lh_stats_bio(OBJ_NAME,lh,out)
-#define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh)
-
-#define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring)
-#define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst)
-#define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst)
-#define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst)
-#define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn)
-#define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg)
-#define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh)
-#define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh)
-#define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh)
-#define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out)
-#define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out)
-#define lh_OPENSSL_CSTRING_stats_bio(lh,out) \
-  LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out)
-#define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh)
-
-#define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string)
-#define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst)
-#define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst)
-#define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst)
-#define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn)
-#define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg)
-#define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh)
-#define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh)
-#define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh)
-#define lh_OPENSSL_STRING_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out)
-#define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out)
-#define lh_OPENSSL_STRING_stats_bio(lh,out) \
-  LHM_lh_stats_bio(OPENSSL_STRING,lh,out)
-#define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh)
-
-#define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session)
-#define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst)
-#define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst)
-#define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst)
-#define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn)
-#define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \
-  LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg)
-#define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh)
-#define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh)
-#define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh)
-#define lh_SSL_SESSION_node_stats_bio(lh,out) \
-  LHM_lh_node_stats_bio(SSL_SESSION,lh,out)
-#define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \
-  LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out)
-#define lh_SSL_SESSION_stats_bio(lh,out) \
-  LHM_lh_stats_bio(SSL_SESSION,lh,out)
-#define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh)
-/* End of util/mkstack.pl block, you may now edit :-) */
-
-
-#ifdef  __cplusplus
-}
-#endif
-#endif /* !defined HEADER_SAFESTACK_H */
diff --git a/include/openssl/sha.h b/include/openssl/sha.h
deleted file mode 100644
index 8a6bf4bbbb..0000000000
--- a/include/openssl/sha.h
+++ /dev/null
@@ -1,214 +0,0 @@
-/* crypto/sha/sha.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SHA_H
-#define HEADER_SHA_H
-
-#include <openssl/e_os2.h>
-#include <stddef.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
-#error SHA is disabled.
-#endif
-
-#if defined(OPENSSL_FIPS)
-#define FIPS_SHA_SIZE_T size_t
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! SHA_LONG_LOG2 has to be defined along.                        !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(__LP32__)
-#define SHA_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define SHA_LONG unsigned long
-#define SHA_LONG_LOG2 3
-#else
-#define SHA_LONG unsigned int
-#endif
-
-#define SHA_LBLOCK	16
-#define SHA_CBLOCK	(SHA_LBLOCK*4)	/* SHA treats input data as a
-					 * contiguous array of 32 bit
-					 * wide big-endian values. */
-#define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
-#define SHA_DIGEST_LENGTH 20
-
-typedef struct SHAstate_st
-	{
-	SHA_LONG h0,h1,h2,h3,h4;
-	SHA_LONG Nl,Nh;
-	SHA_LONG data[SHA_LBLOCK];
-	unsigned int num;
-	} SHA_CTX;
-
-#ifndef OPENSSL_NO_SHA0
-#ifdef OPENSSL_FIPS
-int private_SHA_Init(SHA_CTX *c);
-#endif
-int SHA_Init(SHA_CTX *c);
-int SHA_Update(SHA_CTX *c, const void *data, size_t len);
-int SHA_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
-void SHA_Transform(SHA_CTX *c, const unsigned char *data);
-#endif
-#ifndef OPENSSL_NO_SHA1
-#ifdef OPENSSL_FIPS
-int private_SHA1_Init(SHA_CTX *c);
-#endif
-int SHA1_Init(SHA_CTX *c);
-int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
-int SHA1_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
-void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
-#endif
-
-#define SHA256_CBLOCK	(SHA_LBLOCK*4)	/* SHA-256 treats input data as a
-					 * contiguous array of 32 bit
-					 * wide big-endian values. */
-#define SHA224_DIGEST_LENGTH	28
-#define SHA256_DIGEST_LENGTH	32
-
-typedef struct SHA256state_st
-	{
-	SHA_LONG h[8];
-	SHA_LONG Nl,Nh;
-	SHA_LONG data[SHA_LBLOCK];
-	unsigned int num,md_len;
-	} SHA256_CTX;
-
-#ifndef OPENSSL_NO_SHA256
-#ifdef OPENSSL_FIPS
-int private_SHA224_Init(SHA256_CTX *c);
-int private_SHA256_Init(SHA256_CTX *c);
-#endif
-int SHA224_Init(SHA256_CTX *c);
-int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
-int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);
-int SHA256_Init(SHA256_CTX *c);
-int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
-int SHA256_Final(unsigned char *md, SHA256_CTX *c);
-unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);
-void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
-#endif
-
-#define SHA384_DIGEST_LENGTH	48
-#define SHA512_DIGEST_LENGTH	64
-
-#ifndef OPENSSL_NO_SHA512
-/*
- * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
- * being exactly 64-bit wide. See Implementation Notes in sha512.c
- * for further details.
- */
-#define SHA512_CBLOCK	(SHA_LBLOCK*8)	/* SHA-512 treats input data as a
-					 * contiguous array of 64 bit
-					 * wide big-endian values. */
-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-#define SHA_LONG64 unsigned __int64
-#define U64(C)     C##UI64
-#elif defined(__arch64__)
-#define SHA_LONG64 unsigned long
-#define U64(C)     C##UL
-#else
-#define SHA_LONG64 unsigned long long
-#define U64(C)     C##ULL
-#endif
-
-typedef struct SHA512state_st
-	{
-	SHA_LONG64 h[8];
-	SHA_LONG64 Nl,Nh;
-	union {
-		SHA_LONG64	d[SHA_LBLOCK];
-		unsigned char	p[SHA512_CBLOCK];
-	} u;
-	unsigned int num,md_len;
-	} SHA512_CTX;
-#endif
-
-#ifndef OPENSSL_NO_SHA512
-#ifdef OPENSSL_FIPS
-int private_SHA384_Init(SHA512_CTX *c);
-int private_SHA512_Init(SHA512_CTX *c);
-#endif
-int SHA384_Init(SHA512_CTX *c);
-int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
-int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);
-int SHA512_Init(SHA512_CTX *c);
-int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
-int SHA512_Final(unsigned char *md, SHA512_CTX *c);
-unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);
-void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/srp.h b/include/openssl/srp.h
deleted file mode 100644
index 7ec7825cad..0000000000
--- a/include/openssl/srp.h
+++ /dev/null
@@ -1,172 +0,0 @@
-/* crypto/srp/srp.h */
-/* Written by Christophe Renou (christophe.renou@edelweb.fr) with 
- * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) 
- * for the EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef __SRP_H__
-#define __SRP_H__
-
-#ifndef OPENSSL_NO_SRP
-
-#include <stdio.h>
-#include <string.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include <openssl/safestack.h>
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-
-typedef struct SRP_gN_cache_st
-	{
-	char *b64_bn;
-	BIGNUM *bn;
-	} SRP_gN_cache;
-
-
-DECLARE_STACK_OF(SRP_gN_cache)
-
-typedef struct SRP_user_pwd_st
-	{
-	char *id;
-	BIGNUM *s;
-	BIGNUM *v;
-	const BIGNUM *g;
-	const BIGNUM *N;
-	char *info;
-	} SRP_user_pwd;
-
-DECLARE_STACK_OF(SRP_user_pwd)
-
-typedef struct SRP_VBASE_st
-	{
-	STACK_OF(SRP_user_pwd) *users_pwd;
-	STACK_OF(SRP_gN_cache) *gN_cache;
-/* to simulate a user */
-	char *seed_key;
-	BIGNUM *default_g;
-	BIGNUM *default_N;
-	} SRP_VBASE;
-
-
-/*Structure interne pour retenir les couples N et g*/
-typedef struct SRP_gN_st
-	{
-	char *id;
-	BIGNUM *g;
-	BIGNUM *N;
-	} SRP_gN;
-
-DECLARE_STACK_OF(SRP_gN)
-
-SRP_VBASE *SRP_VBASE_new(char *seed_key);
-int SRP_VBASE_free(SRP_VBASE *vb);
-int SRP_VBASE_init(SRP_VBASE *vb, char * verifier_file);
-SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
-char *SRP_create_verifier(const char *user, const char *pass, char **salt,
-			  char **verifier, const char *N, const char *g);
-int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, BIGNUM *N, BIGNUM *g);
-
-
-#define SRP_NO_ERROR 0
-#define SRP_ERR_VBASE_INCOMPLETE_FILE 1
-#define SRP_ERR_VBASE_BN_LIB 2
-#define SRP_ERR_OPEN_FILE 3
-#define SRP_ERR_MEMORY 4
-
-#define DB_srptype	0
-#define DB_srpverifier	1
-#define DB_srpsalt 	2
-#define DB_srpid	3              
-#define DB_srpgN	4       
-#define DB_srpinfo	5 
-#undef  DB_NUMBER      
-#define DB_NUMBER       6
-
-#define DB_SRP_INDEX	'I'
-#define DB_SRP_VALID	'V'
-#define DB_SRP_REVOKED	'R'
-#define DB_SRP_MODIF	'v'
-
-
-/* see srp.c */
-char * SRP_check_known_gN_param(BIGNUM* g, BIGNUM* N); 
-SRP_gN *SRP_get_default_gN(const char * id) ;
-
-/* server side .... */
-BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, BIGNUM *N);
-BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v);
-int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N);
-BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) ;
-
-
-
-/* client side .... */
-BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass);
-BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g);
-BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM *a, BIGNUM *u);
-int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N);
-
-#define SRP_MINIMAL_N 1024
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
-#endif
diff --git a/include/openssl/srtp.h b/include/openssl/srtp.h
deleted file mode 100644
index 096b624d0d..0000000000
--- a/include/openssl/srtp.h
+++ /dev/null
@@ -1,151 +0,0 @@
-/* ssl/srtp.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/*
-  DTLS code by Eric Rescorla <ekr@rtfm.com>
-
-  Copyright (C) 2006, Network Resonance, Inc.
-  Copyright (C) 2011, RTFM, Inc.
-*/
-
-#ifndef HEADER_D1_SRTP_H
-#define HEADER_D1_SRTP_H
-
-#include <openssl/ssl.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-     
-#define SRTP_AES128_CM_SHA1_80 0x0001
-#define SRTP_AES128_CM_SHA1_32 0x0002
-#define SRTP_AES128_F8_SHA1_80 0x0003
-#define SRTP_AES128_F8_SHA1_32 0x0004
-#define SRTP_NULL_SHA1_80      0x0005
-#define SRTP_NULL_SHA1_32      0x0006
-
-#ifndef OPENSSL_NO_SRTP
-
-int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
-int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
-SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
-
-STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
-SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
-
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
deleted file mode 100644
index 90862dd676..0000000000
--- a/include/openssl/ssl.h
+++ /dev/null
@@ -1,2766 +0,0 @@
-/* ssl/ssl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifndef HEADER_SSL_H 
-#define HEADER_SSL_H 
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_DEPRECATED
-#ifndef OPENSSL_NO_X509
-#include <openssl/x509.h>
-#endif
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#endif
-#include <openssl/pem.h>
-#include <openssl/hmac.h>
-
-#include <openssl/kssl.h>
-#include <openssl/safestack.h>
-#include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
- * Version 1 - added the optional peer certificate
- */
-#define SSL_SESSION_ASN1_VERSION 0x0001
-
-/* text strings for the ciphers */
-#define SSL_TXT_NULL_WITH_MD5		SSL2_TXT_NULL_WITH_MD5			
-#define SSL_TXT_RC4_128_WITH_MD5	SSL2_TXT_RC4_128_WITH_MD5		
-#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5	
-#define SSL_TXT_RC2_128_CBC_WITH_MD5	SSL2_TXT_RC2_128_CBC_WITH_MD5		
-#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5	
-#define SSL_TXT_IDEA_128_CBC_WITH_MD5	SSL2_TXT_IDEA_128_CBC_WITH_MD5		
-#define SSL_TXT_DES_64_CBC_WITH_MD5	SSL2_TXT_DES_64_CBC_WITH_MD5		
-#define SSL_TXT_DES_64_CBC_WITH_SHA	SSL2_TXT_DES_64_CBC_WITH_SHA		
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5	
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	
-
-/*    VRS Additional Kerberos5 entries
- */
-#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-#define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
-#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
-#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5       
-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5       
-#define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
-#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 
-
-#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA 
-#define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA 
-#define SSL_TXT_KRB5_RC4_40_SHA	      SSL3_TXT_KRB5_RC4_40_SHA
-#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5 
-#define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5 
-#define SSL_TXT_KRB5_RC4_40_MD5	      SSL3_TXT_KRB5_RC4_40_MD5
-
-#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
-#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
-#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
-#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
-#define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
-
-#define SSL_MAX_SSL_SESSION_ID_LENGTH		32
-#define SSL_MAX_SID_CTX_LENGTH			32
-
-#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES	(512/8)
-#define SSL_MAX_KEY_ARG_LENGTH			8
-#define SSL_MAX_MASTER_KEY_LENGTH		48
-
-
-/* These are used to specify which ciphers to use and not to use */
-
-#define SSL_TXT_EXP40		"EXPORT40"
-#define SSL_TXT_EXP56		"EXPORT56"
-#define SSL_TXT_LOW		"LOW"
-#define SSL_TXT_MEDIUM		"MEDIUM"
-#define SSL_TXT_HIGH		"HIGH"
-#define SSL_TXT_FIPS		"FIPS"
-
-#define SSL_TXT_kFZA		"kFZA" /* unused! */
-#define	SSL_TXT_aFZA		"aFZA" /* unused! */
-#define SSL_TXT_eFZA		"eFZA" /* unused! */
-#define SSL_TXT_FZA		"FZA"  /* unused! */
-
-#define	SSL_TXT_aNULL		"aNULL"
-#define	SSL_TXT_eNULL		"eNULL"
-#define	SSL_TXT_NULL		"NULL"
-
-#define SSL_TXT_kRSA		"kRSA"
-#define SSL_TXT_kDHr		"kDHr" /* no such ciphersuites supported! */
-#define SSL_TXT_kDHd		"kDHd" /* no such ciphersuites supported! */
-#define SSL_TXT_kDH 		"kDH"  /* no such ciphersuites supported! */
-#define SSL_TXT_kEDH		"kEDH"
-#define SSL_TXT_kKRB5     	"kKRB5"
-#define SSL_TXT_kECDHr		"kECDHr"
-#define SSL_TXT_kECDHe		"kECDHe"
-#define SSL_TXT_kECDH		"kECDH"
-#define SSL_TXT_kEECDH		"kEECDH"
-#define SSL_TXT_kPSK            "kPSK"
-#define SSL_TXT_kGOST		"kGOST"
-#define SSL_TXT_kSRP		"kSRP"
-
-#define	SSL_TXT_aRSA		"aRSA"
-#define	SSL_TXT_aDSS		"aDSS"
-#define	SSL_TXT_aDH		"aDH" /* no such ciphersuites supported! */
-#define	SSL_TXT_aECDH		"aECDH"
-#define SSL_TXT_aKRB5     	"aKRB5"
-#define SSL_TXT_aECDSA		"aECDSA"
-#define SSL_TXT_aPSK            "aPSK"
-#define SSL_TXT_aGOST94	"aGOST94"
-#define SSL_TXT_aGOST01 "aGOST01"
-#define SSL_TXT_aGOST  "aGOST"
-#define SSL_TXT_aSRP            "aSRP"
-
-#define	SSL_TXT_DSS		"DSS"
-#define SSL_TXT_DH		"DH"
-#define SSL_TXT_EDH		"EDH" /* same as "kEDH:-ADH" */
-#define SSL_TXT_ADH		"ADH"
-#define SSL_TXT_RSA		"RSA"
-#define SSL_TXT_ECDH		"ECDH"
-#define SSL_TXT_EECDH		"EECDH" /* same as "kEECDH:-AECDH" */
-#define SSL_TXT_AECDH		"AECDH"
-#define SSL_TXT_ECDSA		"ECDSA"
-#define SSL_TXT_KRB5      	"KRB5"
-#define SSL_TXT_PSK             "PSK"
-#define SSL_TXT_SRP		"SRP"
-
-#define SSL_TXT_DES		"DES"
-#define SSL_TXT_3DES		"3DES"
-#define SSL_TXT_RC4		"RC4"
-#define SSL_TXT_RC2		"RC2"
-#define SSL_TXT_IDEA		"IDEA"
-#define SSL_TXT_SEED		"SEED"
-#define SSL_TXT_AES128		"AES128"
-#define SSL_TXT_AES256		"AES256"
-#define SSL_TXT_AES		"AES"
-#define SSL_TXT_AES_GCM		"AESGCM"
-#define SSL_TXT_CAMELLIA128	"CAMELLIA128"
-#define SSL_TXT_CAMELLIA256	"CAMELLIA256"
-#define SSL_TXT_CAMELLIA	"CAMELLIA"
-
-#define SSL_TXT_MD5		"MD5"
-#define SSL_TXT_SHA1		"SHA1"
-#define SSL_TXT_SHA		"SHA" /* same as "SHA1" */
-#define SSL_TXT_GOST94		"GOST94" 
-#define SSL_TXT_GOST89MAC		"GOST89MAC" 
-#define SSL_TXT_SHA256		"SHA256"
-#define SSL_TXT_SHA384		"SHA384"
-
-#define SSL_TXT_SSLV2		"SSLv2"
-#define SSL_TXT_SSLV3		"SSLv3"
-#define SSL_TXT_TLSV1		"TLSv1"
-#define SSL_TXT_TLSV1_1		"TLSv1.1"
-#define SSL_TXT_TLSV1_2		"TLSv1.2"
-
-#define SSL_TXT_EXP		"EXP"
-#define SSL_TXT_EXPORT		"EXPORT"
-
-#define SSL_TXT_ALL		"ALL"
-
-/*
- * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
- * ciphers normally not being used.
- * Example: "RC4" will activate all ciphers using RC4 including ciphers
- * without authentication, which would normally disabled by DEFAULT (due
- * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
- * will make sure that it is also disabled in the specific selection.
- * COMPLEMENTOF* identifiers are portable between version, as adjustments
- * to the default cipher setup will also be included here.
- *
- * COMPLEMENTOFDEFAULT does not experience the same special treatment that
- * DEFAULT gets, as only selection is being done and no sorting as needed
- * for DEFAULT.
- */
-#define SSL_TXT_CMPALL		"COMPLEMENTOFALL"
-#define SSL_TXT_CMPDEF		"COMPLEMENTOFDEFAULT"
-
-/* The following cipher list is used by default.
- * It also is substituted when an application-defined cipher list string
- * starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2"
-/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
- * starts with a reasonable order, and all we have to do for DEFAULT is
- * throwing out anonymous and unencrypted ciphersuites!
- * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
- * some of them.)
- */
-
-/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
-#define SSL_SENT_SHUTDOWN	1
-#define SSL_RECEIVED_SHUTDOWN	2
-
-#ifdef __cplusplus
-}
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
-#define OPENSSL_NO_SSL2
-#endif
-
-#define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
-#define SSL_FILETYPE_PEM	X509_FILETYPE_PEM
-
-/* This is needed to stop compilers complaining about the
- * 'struct ssl_st *' function parameters used to prototype callbacks
- * in SSL_CTX. */
-typedef struct ssl_st *ssl_crock_st;
-typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
-typedef struct ssl_method_st SSL_METHOD;
-typedef struct ssl_cipher_st SSL_CIPHER;
-typedef struct ssl_session_st SSL_SESSION;
-
-DECLARE_STACK_OF(SSL_CIPHER)
-
-/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
-typedef struct srtp_protection_profile_st
-       {
-       const char *name;
-       unsigned long id;
-       } SRTP_PROTECTION_PROFILE;
-
-DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
-
-typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
-typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
-
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-/* used to hold info on the particular ciphers used */
-struct ssl_cipher_st
-	{
-	int valid;
-	const char *name;		/* text name */
-	unsigned long id;		/* id, 4 bytes, first is version */
-
-	/* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */
-	unsigned long algorithm_mkey;	/* key exchange algorithm */
-	unsigned long algorithm_auth;	/* server authentication */
-	unsigned long algorithm_enc;	/* symmetric encryption */
-	unsigned long algorithm_mac;	/* symmetric authentication */
-	unsigned long algorithm_ssl;	/* (major) protocol version */
-
-	unsigned long algo_strength;	/* strength and export flags */
-	unsigned long algorithm2;	/* Extra flags */
-	int strength_bits;		/* Number of bits really used */
-	int alg_bits;			/* Number of bits for algorithm */
-	};
-
-
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-struct ssl_method_st
-	{
-	int version;
-	int (*ssl_new)(SSL *s);
-	void (*ssl_clear)(SSL *s);
-	void (*ssl_free)(SSL *s);
-	int (*ssl_accept)(SSL *s);
-	int (*ssl_connect)(SSL *s);
-	int (*ssl_read)(SSL *s,void *buf,int len);
-	int (*ssl_peek)(SSL *s,void *buf,int len);
-	int (*ssl_write)(SSL *s,const void *buf,int len);
-	int (*ssl_shutdown)(SSL *s);
-	int (*ssl_renegotiate)(SSL *s);
-	int (*ssl_renegotiate_check)(SSL *s);
-	long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
-		max, int *ok);
-	int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
-		int peek);
-	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
-	int (*ssl_dispatch_alert)(SSL *s);
-	long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
-	long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
-	const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
-	int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
-	int (*ssl_pending)(const SSL *s);
-	int (*num_ciphers)(void);
-	const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
-	const struct ssl_method_st *(*get_ssl_method)(int version);
-	long (*get_timeout)(void);
-	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
-	int (*ssl_version)(void);
-	long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
-	long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
-	};
-
-/* Lets make this into an ASN.1 type structure as follows
- * SSL_SESSION_ID ::= SEQUENCE {
- *	version 		INTEGER,	-- structure version number
- *	SSLversion 		INTEGER,	-- SSL version number
- *	Cipher 			OCTET STRING,	-- the 3 byte cipher ID
- *	Session_ID 		OCTET STRING,	-- the Session ID
- *	Master_key 		OCTET STRING,	-- the master key
- *	KRB5_principal		OCTET STRING	-- optional Kerberos principal
- *	Key_Arg [ 0 ] IMPLICIT	OCTET STRING,	-- the optional Key argument
- *	Time [ 1 ] EXPLICIT	INTEGER,	-- optional Start Time
- *	Timeout [ 2 ] EXPLICIT	INTEGER,	-- optional Timeout ins seconds
- *	Peer [ 3 ] EXPLICIT	X509,		-- optional Peer Certificate
- *	Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
- *	Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
- *	HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension 
- *	PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
- *	PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
- *	Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
- *	Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
- *	Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
- *	SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
- *	}
- * Look in ssl/ssl_asn1.c for more details
- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
- */
-struct ssl_session_st
-	{
-	int ssl_version;	/* what ssl version session info is
-				 * being kept in here? */
-
-	/* only really used in SSLv2 */
-	unsigned int key_arg_length;
-	unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
-	int master_key_length;
-	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
-	/* session_id - valid? */
-	unsigned int session_id_length;
-	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
-	/* this is used to determine whether the session is being reused in
-	 * the appropriate context. It is up to the application to set this,
-	 * via SSL_new */
-	unsigned int sid_ctx_length;
-	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
-#ifndef OPENSSL_NO_KRB5
-        unsigned int krb5_client_princ_len;
-        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
-#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_PSK
-	char *psk_identity_hint;
-	char *psk_identity;
-#endif
-	/* Used to indicate that session resumption is not allowed.
-	 * Applications can also set this bit for a new session via
-	 * not_resumable_session_cb to disable session caching and tickets. */
-	int not_resumable;
-
-	/* The cert is the certificate used to establish this connection */
-	struct sess_cert_st /* SESS_CERT */ *sess_cert;
-
-	/* This is the cert for the other end.
-	 * On clients, it will be the same as sess_cert->peer_key->x509
-	 * (the latter is not enough as sess_cert is not retained
-	 * in the external representation of sessions, see ssl_asn1.c). */
-	X509 *peer;
-	/* when app_verify_callback accepts a session where the peer's certificate
-	 * is not ok, we must remember the error for session reuse: */
-	long verify_result; /* only for servers */
-
-	int references;
-	long timeout;
-	long time;
-
-	unsigned int compress_meth;	/* Need to lookup the method */
-
-	const SSL_CIPHER *cipher;
-	unsigned long cipher_id;	/* when ASN.1 loaded, this
-					 * needs to be used to load
-					 * the 'cipher' structure */
-
-	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
-
-	CRYPTO_EX_DATA ex_data; /* application specific data */
-
-	/* These are used to make removal of session-ids more
-	 * efficient and to implement a maximum cache size. */
-	struct ssl_session_st *prev,*next;
-#ifndef OPENSSL_NO_TLSEXT
-	char *tlsext_hostname;
-#ifndef OPENSSL_NO_EC
-	size_t tlsext_ecpointformatlist_length;
-	unsigned char *tlsext_ecpointformatlist; /* peer's list */
-	size_t tlsext_ellipticcurvelist_length;
-	unsigned char *tlsext_ellipticcurvelist; /* peer's list */
-#endif /* OPENSSL_NO_EC */
-	/* RFC4507 info */
-	unsigned char *tlsext_tick;	/* Session ticket */
-	size_t tlsext_ticklen;		/* Session ticket length */
-	long tlsext_tick_lifetime_hint;	/* Session lifetime hint in seconds */
-#endif
-#ifndef OPENSSL_NO_SRP
-	char *srp_username;
-#endif
-
-	/* original_handshake_hash contains the handshake hash (either
-	 * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full
-	 * handshake that created a session. This is used by Channel IDs during
-	 * resumption. */
-	unsigned char original_handshake_hash[EVP_MAX_MD_SIZE];
-	unsigned int original_handshake_hash_len;
-	};
-
-#endif
-
-#define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
-#define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
-/* Allow initial connection to servers that don't support RI */
-#define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
-#define SSL_OP_TLSEXT_PADDING				0x00000010L
-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
-#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG			0x00000040L
-#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
-#define SSL_OP_TLS_D5_BUG				0x00000100L
-#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
-
-/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x0
-/* Refers to ancient SSLREF and SSLv2, retained for compatibility */
-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x0
-
-/* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is vestigial. Previously it disabled the
- * insertion of empty records in CBC mode, but the empty records were commonly
- * misinterpreted as EOF by other TLS stacks and so this was disabled by
- * SSL_OP_ALL.
- *
- * This has been replaced by 1/n-1 record splitting, which is enabled by
- * SSL_MODE_CBC_RECORD_SPLITTING in SSL_set_mode. This involves sending a
- * one-byte record rather than an empty record and has much better
- * compatibility. */
-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
-
-/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
- *             This used to be 0x000FFFFFL before 0.9.7. */
-#define SSL_OP_ALL					0x80000BFFL
-
-/* DTLS options */
-#define SSL_OP_NO_QUERY_MTU                 0x00001000L
-/* Turn on Cookie Exchange (on relevant for servers) */
-#define SSL_OP_COOKIE_EXCHANGE              0x00002000L
-/* Don't use RFC4507 ticket extension */
-#define SSL_OP_NO_TICKET	            0x00004000L
-/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
-#define SSL_OP_CISCO_ANYCONNECT		    0x00008000L
-
-/* As server, disallow session resumption on renegotiation */
-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
-/* Don't use compression even if supported */
-#define SSL_OP_NO_COMPRESSION				0x00020000L
-/* Permit unsafe legacy renegotiation */
-#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	0x00040000L
-/* If set, always create a new key when using tmp_ecdh parameters */
-#define SSL_OP_SINGLE_ECDH_USE				0x00080000L
-/* If set, always create a new key when using tmp_dh parameters */
-#define SSL_OP_SINGLE_DH_USE				0x00100000L
-/* Does nothing: retained for compatibiity */
-#define SSL_OP_EPHEMERAL_RSA				0x0
-/* Set on servers to choose the cipher according to the server's
- * preferences */
-#define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L
-/* If set, a server will allow a client to issue a SSLv3.0 version number
- * as latest version supported in the premaster secret, even when TLSv1.0
- * (version 3.1) was announced in the client hello. Normally this is
- * forbidden to prevent version rollback attacks. */
-#define SSL_OP_TLS_ROLLBACK_BUG				0x00800000L
-
-#define SSL_OP_NO_SSLv2					0x01000000L
-#define SSL_OP_NO_SSLv3					0x02000000L
-#define SSL_OP_NO_TLSv1					0x04000000L
-#define SSL_OP_NO_TLSv1_2				0x08000000L
-#define SSL_OP_NO_TLSv1_1				0x10000000L
-
-/* These next two were never actually used for anything since SSLeay
- * zap so we have some more flags.
- */
-/* The next flag deliberately changes the ciphertest, this is a check
- * for the PKCS#1 attack */
-#define SSL_OP_PKCS1_CHECK_1				0x0
-#define SSL_OP_PKCS1_CHECK_2				0x0
-
-#define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L
-/* Make server add server-hello extension from early version of
- * cryptopro draft, when GOST ciphersuite is negotiated. 
- * Required for interoperability with CryptoPro CSP 3.x 
- */
-#define SSL_OP_CRYPTOPRO_TLSEXT_BUG			0x80000000L
-
-/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
- * when just a single record has been written): */
-#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
-/* Make it possible to retry SSL_write() with changed buffer location
- * (buffer contents must stay the same!); this is not the default to avoid
- * the misconception that non-blocking SSL_write() behaves like
- * non-blocking write(): */
-#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
-/* Never bother the application with retries if the transport
- * is blocking: */
-#define SSL_MODE_AUTO_RETRY 0x00000004L
-/* Don't attempt to automatically build certificate chain */
-#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
-/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
- * TLS only.)  "Released" buffers are put onto a free-list in the context
- * or just freed (depending on the context's setting for freelist_max_len). */
-#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
-
-/* Send the current time in the Random fields of the ClientHello and
- * ServerHello records for compatibility with hypothetical implementations
- * that require it.
- */
-#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
-#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
-/* Send TLS_FALLBACK_SCSV in the ClientHello.
- * To be set only by applications that reconnect with a downgraded protocol
- * version; see draft-ietf-tls-downgrade-scsv-00 for details.
- *
- * DO NOT ENABLE THIS if your application attempts a normal handshake.
- * Only use this in explicit fallback retries, following the guidance
- * in draft-ietf-tls-downgrade-scsv-00.
- */
-#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
-
-/* When set, clients may send application data before receipt of CCS
- * and Finished.  This mode enables full-handshakes to 'complete' in
- * one RTT. */
-#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000200L
-
-/* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two:
- * the first record will contain a single byte and the second will contain the
- * rest of the bytes. This effectively randomises the IV and prevents BEAST
- * attacks. */
-#define SSL_MODE_CBC_RECORD_SPLITTING 0x00000100L
-
-/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
- * they cannot be used to clear bits. */
-
-#define SSL_CTX_set_options(ctx,op) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
-#define SSL_CTX_clear_options(ctx,op) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
-#define SSL_CTX_get_options(ctx) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
-#define SSL_set_options(ssl,op) \
-	SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
-#define SSL_clear_options(ssl,op) \
-	SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
-#define SSL_get_options(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
-
-#define SSL_CTX_set_mode(ctx,op) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
-#define SSL_CTX_clear_mode(ctx,op) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
-#define SSL_CTX_get_mode(ctx) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
-#define SSL_clear_mode(ssl,op) \
-	SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
-#define SSL_set_mode(ssl,op) \
-	SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
-#define SSL_get_mode(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
-#define SSL_set_mtu(ssl, mtu) \
-        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
-#define DTLS_set_link_mtu(ssl, mtu) \
-        SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
-#define DTLS_get_link_min_mtu(ssl) \
-        SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
-
-#define SSL_get_secure_renegotiation_support(ssl) \
-	SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
-
-#ifndef OPENSSL_NO_HEARTBEATS
-#define SSL_heartbeat(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
-#endif
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-
-#ifndef OPENSSL_NO_SRP
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct srp_ctx_st
-	{
-	/* param for all the callbacks */
-	void *SRP_cb_arg;
-	/* set client Hello login callback */
-	int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);
-	/* set SRP N/g param callback for verification */
-	int (*SRP_verify_param_callback)(SSL *, void *);
-	/* set SRP client passwd callback */
-	char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
-
-	char *login;
-	BIGNUM *N,*g,*s,*B,*A;
-	BIGNUM *a,*b,*v;
-	char *info;
-	int strength;
-
-	unsigned long srp_Mask;
-	} SRP_CTX;
-
-#endif
-
-/* see tls_srp.c */
-int SSL_SRP_CTX_init(SSL *s);
-int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
-int SSL_SRP_CTX_free(SSL *ctx);
-int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
-int SSL_srp_server_param_with_username(SSL *s, int *ad);
-int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);
-int SRP_Calc_A_param(SSL *s);
-int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
-
-#endif
-
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
-#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
-#else
-#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
-#endif
-
-#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT	(1024*20)
-
-/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
- * them. It is used to override the generation of SSL/TLS session IDs in a
- * server. Return value should be zero on an error, non-zero to proceed. Also,
- * callbacks should themselves check if the id they generate is unique otherwise
- * the SSL handshake will fail with an error - callbacks can do this using the
- * 'ssl' value they're passed by;
- *      SSL_has_matching_session_id(ssl, id, *id_len)
- * The length value passed in is set at the maximum size the session ID can be.
- * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
- * can alter this length to be less if desired, but under SSLv2 session IDs are
- * supposed to be fixed at 16 bytes so the id will be padded after the callback
- * returns in this case. It is also an error for the callback to set the size to
- * zero. */
-typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
-				unsigned int *id_len);
-
-typedef struct ssl_comp_st SSL_COMP;
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-struct ssl_comp_st
-	{
-	int id;
-	const char *name;
-#ifndef OPENSSL_NO_COMP
-	COMP_METHOD *method;
-#else
-	char *method;
-#endif
-	};
-
-DECLARE_STACK_OF(SSL_COMP)
-DECLARE_LHASH_OF(SSL_SESSION);
-
-struct ssl_ctx_st
-	{
-	const SSL_METHOD *method;
-
-	STACK_OF(SSL_CIPHER) *cipher_list;
-	/* same as above but sorted for lookup */
-	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-
-	struct x509_store_st /* X509_STORE */ *cert_store;
-	LHASH_OF(SSL_SESSION) *sessions;
-	/* Most session-ids that will be cached, default is
-	 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
-	unsigned long session_cache_size;
-	struct ssl_session_st *session_cache_head;
-	struct ssl_session_st *session_cache_tail;
-
-	/* This can have one of 2 values, ored together,
-	 * SSL_SESS_CACHE_CLIENT,
-	 * SSL_SESS_CACHE_SERVER,
-	 * Default is SSL_SESSION_CACHE_SERVER, which means only
-	 * SSL_accept which cache SSL_SESSIONS. */
-	int session_cache_mode;
-
-	/* If timeout is not 0, it is the default timeout value set
-	 * when SSL_new() is called.  This has been put in to make
-	 * life easier to set things up */
-	long session_timeout;
-
-	/* If this callback is not null, it will be called each
-	 * time a session id is added to the cache.  If this function
-	 * returns 1, it means that the callback will do a
-	 * SSL_SESSION_free() when it has finished using it.  Otherwise,
-	 * on 0, it means the callback has finished with it.
-	 * If remove_session_cb is not null, it will be called when
-	 * a session-id is removed from the cache.  After the call,
-	 * OpenSSL will SSL_SESSION_free() it. */
-	int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
-	void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
-	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
-		unsigned char *data,int len,int *copy);
-
-	struct
-		{
-		int sess_connect;	/* SSL new conn - started */
-		int sess_connect_renegotiate;/* SSL reneg - requested */
-		int sess_connect_good;	/* SSL new conne/reneg - finished */
-		int sess_accept;	/* SSL new accept - started */
-		int sess_accept_renegotiate;/* SSL reneg - requested */
-		int sess_accept_good;	/* SSL accept/reneg - finished */
-		int sess_miss;		/* session lookup misses  */
-		int sess_timeout;	/* reuse attempt on timeouted session */
-		int sess_cache_full;	/* session removed due to full cache */
-		int sess_hit;		/* session reuse actually done */
-		int sess_cb_hit;	/* session-id that was not
-					 * in the cache was
-					 * passed back via the callback.  This
-					 * indicates that the application is
-					 * supplying session-id's from other
-					 * processes - spooky :-) */
-		} stats;
-
-	int references;
-
-	/* if defined, these override the X509_verify_cert() calls */
-	int (*app_verify_callback)(X509_STORE_CTX *, void *);
-	void *app_verify_arg;
-	/* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
-	 * ('app_verify_callback' was called with just one argument) */
-
-	/* Default password callback. */
-	pem_password_cb *default_passwd_callback;
-
-	/* Default password callback user data. */
-	void *default_passwd_callback_userdata;
-
-	/* get client cert callback */
-	int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-
-	/* get channel id callback */
-	void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
-
-    /* cookie generate callback */
-    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 
-        unsigned int *cookie_len);
-
-    /* verify cookie callback */
-    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 
-        unsigned int cookie_len);
-
-	CRYPTO_EX_DATA ex_data;
-
-	const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
-	const EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
-	const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
-
-	STACK_OF(X509) *extra_certs;
-	STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
-
-
-	/* Default values used when no per-SSL value is defined follow */
-
-	void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
-
-	/* what we put in client cert requests */
-	STACK_OF(X509_NAME) *client_CA;
-
-
-	/* Default values to use in SSL structures follow (these are copied by SSL_new) */
-
-	unsigned long options;
-	unsigned long mode;
-	long max_cert_list;
-
-	struct cert_st /* CERT */ *cert;
-	int read_ahead;
-
-	/* callback that allows applications to peek at protocol messages */
-	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
-	void *msg_callback_arg;
-
-	int verify_mode;
-	unsigned int sid_ctx_length;
-	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
-
-	/* Default generate session ID callback. */
-	GEN_SESSION_CB generate_session_id;
-
-	X509_VERIFY_PARAM *param;
-
-#if 0
-	int purpose;		/* Purpose setting */
-	int trust;		/* Trust setting */
-#endif
-
-	int quiet_shutdown;
-
-	/* Maximum amount of data to send in one fragment.
-	 * actual record size can be more than this due to
-	 * padding and MAC overheads.
-	 */
-	unsigned int max_send_fragment;
-
-#ifndef OPENSSL_NO_ENGINE
-	/* Engine to pass requests for client certs to
-	 */
-	ENGINE *client_cert_engine;
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-	/* TLS extensions servername callback */
-	int (*tlsext_servername_callback)(SSL*, int *, void *);
-	void *tlsext_servername_arg;
-	/* RFC 4507 session ticket keys */
-	unsigned char tlsext_tick_key_name[16];
-	unsigned char tlsext_tick_hmac_key[16];
-	unsigned char tlsext_tick_aes_key[16];
-	/* Callback to support customisation of ticket key setting */
-	int (*tlsext_ticket_key_cb)(SSL *ssl,
-					unsigned char *name, unsigned char *iv,
-					EVP_CIPHER_CTX *ectx,
- 					HMAC_CTX *hctx, int enc);
-
-	/* certificate status request info */
-	/* Callback for status request */
-	int (*tlsext_status_cb)(SSL *ssl, void *arg);
-	void *tlsext_status_arg;
-
-	/* draft-rescorla-tls-opaque-prf-input-00.txt information */
-	int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
-	void *tlsext_opaque_prf_input_callback_arg;
-#endif
-
-#ifndef OPENSSL_NO_PSK
-	char *psk_identity_hint;
-	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
-		unsigned int max_identity_len, unsigned char *psk,
-		unsigned int max_psk_len);
-	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-		unsigned char *psk, unsigned int max_psk_len);
-#endif
-
-#ifndef OPENSSL_NO_BUF_FREELISTS
-#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
-	unsigned int freelist_max_len;
-	struct ssl3_buf_freelist_st *wbuf_freelist;
-	struct ssl3_buf_freelist_st *rbuf_freelist;
-#endif
-#ifndef OPENSSL_NO_SRP
-	SRP_CTX srp_ctx; /* ctx for SRP authentication */
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-	/* Next protocol negotiation information */
-	/* (for experimental NPN extension). */
-
-	/* For a server, this contains a callback function by which the set of
-	 * advertised protocols can be provided. */
-	int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
-			                 unsigned int *len, void *arg);
-	void *next_protos_advertised_cb_arg;
-	/* For a client, this contains a callback function that selects the
-	 * next protocol from the list provided by the server. */
-	int (*next_proto_select_cb)(SSL *s, unsigned char **out,
-				    unsigned char *outlen,
-				    const unsigned char *in,
-				    unsigned int inlen,
-				    void *arg);
-	void *next_proto_select_cb_arg;
-# endif
-
-	/* ALPN information
-	 * (we are in the process of transitioning from NPN to ALPN.) */
-
-	/* For a server, this contains a callback function that allows the
-	 * server to select the protocol for the connection.
-	 *   out: on successful return, this must point to the raw protocol
-	 *        name (without the length prefix).
-	 *   outlen: on successful return, this contains the length of |*out|.
-	 *   in: points to the client's list of supported protocols in
-	 *       wire-format.
-	 *   inlen: the length of |in|. */
-	int (*alpn_select_cb)(SSL *s,
-			      const unsigned char **out,
-			      unsigned char *outlen,
-			      const unsigned char* in,
-			      unsigned int inlen,
-			      void *arg);
-	void *alpn_select_cb_arg;
-
-	/* For a client, this contains the list of supported protocols in wire
-	 * format. */
-	unsigned char* alpn_client_proto_list;
-	unsigned alpn_client_proto_list_len;
-
-        /* SRTP profiles we are willing to do from RFC 5764 */
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
-
-	/* If true, a client will advertise the Channel ID extension and a
-	 * server will echo it. */
-	char tlsext_channel_id_enabled;
-	/* tlsext_channel_id_enabled_new is a hack to support both old and new
-	 * ChannelID signatures. It indicates that a client should advertise the
-	 * new ChannelID extension number. */
-	char tlsext_channel_id_enabled_new;
-	/* The client's Channel ID private key. */
-	EVP_PKEY *tlsext_channel_id_private;
-#endif
-	};
-
-#endif
-
-#define SSL_SESS_CACHE_OFF			0x0000
-#define SSL_SESS_CACHE_CLIENT			0x0001
-#define SSL_SESS_CACHE_SERVER			0x0002
-#define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
-#define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
-/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
-#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
-#define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200
-#define SSL_SESS_CACHE_NO_INTERNAL \
-	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
-
-LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
-#define SSL_CTX_sess_number(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
-#define SSL_CTX_sess_connect(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
-#define SSL_CTX_sess_connect_good(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
-#define SSL_CTX_sess_connect_renegotiate(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
-#define SSL_CTX_sess_accept_renegotiate(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept_good(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
-#define SSL_CTX_sess_hits(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
-#define SSL_CTX_sess_cb_hits(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
-#define SSL_CTX_sess_misses(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
-#define SSL_CTX_sess_timeouts(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
-#define SSL_CTX_sess_cache_full(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client
- * IDs from clients. Returns 1 on success. */
-#define SSL_CTX_enable_tls_channel_id(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
-void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey));
-void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
-#ifndef OPENSSL_NO_ENGINE
-int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
-#endif
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
-#ifndef OPENSSL_NO_NEXTPROTONEG
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
-					   int (*cb) (SSL *ssl,
-						      const unsigned char **out,
-						      unsigned int *outlen,
-						      void *arg),
-					   void *arg);
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
-				      int (*cb) (SSL *ssl,
-						 unsigned char **out,
-						 unsigned char *outlen,
-						 const unsigned char *in,
-						 unsigned int inlen,
-						 void *arg),
-				      void *arg);
-
-int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-			  const unsigned char *in, unsigned int inlen,
-			  const unsigned char *client, unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s,
-				    const unsigned char **data, unsigned *len);
-
-#define OPENSSL_NPN_UNSUPPORTED	0
-#define OPENSSL_NPN_NEGOTIATED	1
-#define OPENSSL_NPN_NO_OVERLAP	2
-#endif
-
-int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
-			    unsigned protos_len);
-int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
-			unsigned protos_len);
-void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
-				int (*cb) (SSL *ssl,
-					   const unsigned char **out,
-					   unsigned char *outlen,
-					   const unsigned char *in,
-					   unsigned int inlen,
-					   void *arg),
-				void *arg);
-void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
-			    unsigned *len);
-
-#ifndef OPENSSL_NO_PSK
-/* the maximum length of the buffer given to callbacks containing the
- * resulting identity/psk */
-#define PSK_MAX_IDENTITY_LEN 128
-#define PSK_MAX_PSK_LEN 256
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 
-	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
-		char *identity, unsigned int max_identity_len, unsigned char *psk,
-		unsigned int max_psk_len));
-void SSL_set_psk_client_callback(SSL *ssl, 
-	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
-		char *identity, unsigned int max_identity_len, unsigned char *psk,
-		unsigned int max_psk_len));
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 
-	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-		unsigned char *psk, unsigned int max_psk_len));
-void SSL_set_psk_server_callback(SSL *ssl,
-	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-		unsigned char *psk, unsigned int max_psk_len));
-int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
-int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
-const char *SSL_get_psk_identity_hint(const SSL *s);
-const char *SSL_get_psk_identity(const SSL *s);
-#endif
-
-#define SSL_NOTHING	1
-#define SSL_WRITING	2
-#define SSL_READING	3
-#define SSL_X509_LOOKUP	4
-#define SSL_CHANNEL_ID_LOOKUP	5
-
-/* These will only be used when doing non-blocking IO */
-#define SSL_want_nothing(s)	(SSL_want(s) == SSL_NOTHING)
-#define SSL_want_read(s)	(SSL_want(s) == SSL_READING)
-#define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)
-#define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)
-#define SSL_want_channel_id_lookup(s)	(SSL_want(s) == SSL_CHANNEL_ID_LOOKUP)
-
-#define SSL_MAC_FLAG_READ_MAC_STREAM 1
-#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-struct ssl_st
-	{
-	/* protocol version
-	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
-	 */
-	int version;
-	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
-
-	const SSL_METHOD *method; /* SSLv3 */
-
-	/* There are 2 BIO's even though they are normally both the
-	 * same.  This is so data can be read and written to different
-	 * handlers */
-
-#ifndef OPENSSL_NO_BIO
-	BIO *rbio; /* used by SSL_read */
-	BIO *wbio; /* used by SSL_write */
-	BIO *bbio; /* used during session-id reuse to concatenate
-		    * messages */
-#else
-	char *rbio; /* used by SSL_read */
-	char *wbio; /* used by SSL_write */
-	char *bbio;
-#endif
-	/* This holds a variable that indicates what we were doing
-	 * when a 0 or -1 is returned.  This is needed for
-	 * non-blocking IO so we know what request needs re-doing when
-	 * in SSL_accept or SSL_connect */
-	int rwstate;
-
-	/* true when we are actually in SSL_accept() or SSL_connect() */
-	int in_handshake;
-	int (*handshake_func)(SSL *);
-
-	/* Imagine that here's a boolean member "init" that is
-	 * switched as soon as SSL_set_{accept/connect}_state
-	 * is called for the first time, so that "state" and
-	 * "handshake_func" are properly initialized.  But as
-	 * handshake_func is == 0 until then, we use this
-	 * test instead of an "init" member.
-	 */
-
-	int server;	/* are we the server side? - mostly used by SSL_clear*/
-
-	int new_session;/* Generate a new session or reuse an old one.
-	                 * NB: For servers, the 'new' session may actually be a previously
-	                 * cached session or even the previous session unless
-	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-	int quiet_shutdown;/* don't send shutdown packets */
-	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
-			 * for received */
-	int state;	/* where we are */
-	int rstate;	/* where we are when reading */
-
-	BUF_MEM *init_buf;	/* buffer used during init */
-	void *init_msg;   	/* pointer to handshake message body, set by ssl3_get_message() */
-	int init_num;		/* amount read/written */
-	int init_off;		/* amount read/written */
-
-	/* used internally to point at a raw packet */
-	unsigned char *packet;
-	unsigned int packet_length;
-
-	struct ssl2_state_st *s2; /* SSLv2 variables */
-	struct ssl3_state_st *s3; /* SSLv3 variables */
-	struct dtls1_state_st *d1; /* DTLSv1 variables */
-
-	int read_ahead;		/* Read as many input bytes as possible
-	               	 	 * (for non-blocking reads) */
-
-	/* callback that allows applications to peek at protocol messages */
-	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
-	void *msg_callback_arg;
-
-	int hit;		/* reusing a previous session */
-
-	X509_VERIFY_PARAM *param;
-
-#if 0
-	int purpose;		/* Purpose setting */
-	int trust;		/* Trust setting */
-#endif
-
-	/* crypto */
-	STACK_OF(SSL_CIPHER) *cipher_list;
-	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-
-	/* These are the ones being used, the ones in SSL_SESSION are
-	 * the ones to be 'copied' into these ones */
-	int mac_flags; 
-	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */
-	EVP_MD_CTX *read_hash;		/* used for mac generation */
-#ifndef OPENSSL_NO_COMP
-	COMP_CTX *expand;			/* uncompress */
-#else
-	char *expand;
-#endif
-
-	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */
-	EVP_MD_CTX *write_hash;		/* used for mac generation */
-#ifndef OPENSSL_NO_COMP
-	COMP_CTX *compress;			/* compression */
-#else
-	char *compress;	
-#endif
-
-	/* session info */
-
-	/* client cert? */
-	/* This is used to hold the server certificate used */
-	struct cert_st /* CERT */ *cert;
-
-	/* the session_id_context is used to ensure sessions are only reused
-	 * in the appropriate context */
-	unsigned int sid_ctx_length;
-	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
-	/* This can also be in the session once a session is established */
-	SSL_SESSION *session;
-
-        /* This can be disabled to prevent the use of uncached sessions */
-	int session_creation_enabled;
-
-	/* Default generate session ID callback. */
-	GEN_SESSION_CB generate_session_id;
-
-	/* Used in SSL2 and SSL3 */
-	int verify_mode;	/* 0 don't care about verify failure.
-				 * 1 fail if verify fails */
-	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
-
-	void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
-
-	int error;		/* error bytes to be written */
-	int error_code;		/* actual code */
-
-#ifndef OPENSSL_NO_KRB5
-	KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
-#endif	/* OPENSSL_NO_KRB5 */
-
-#ifndef OPENSSL_NO_PSK
-	/* PSK identity hint is stored here only to enable setting a hint on an SSL object before an
-	 * SSL_SESSION is associated with it. Once an SSL_SESSION is associated with this SSL object,
-	 * the psk_identity_hint from the session takes precedence over this one. */
-	char *psk_identity_hint;
-	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
-		unsigned int max_identity_len, unsigned char *psk,
-		unsigned int max_psk_len);
-	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-		unsigned char *psk, unsigned int max_psk_len);
-#endif
-
-	SSL_CTX *ctx;
-	/* set this flag to 1 and a sleep(1) is put into all SSL_read()
-	 * and SSL_write() calls, good for nbio debuging :-) */
-	int debug;	
-
-	/* extra application data */
-	long verify_result;
-	CRYPTO_EX_DATA ex_data;
-
-	/* for server side, keep the list of CA_dn we can use */
-	STACK_OF(X509_NAME) *client_CA;
-
-	int references;
-	unsigned long options; /* protocol behaviour */
-	unsigned long mode; /* API behaviour */
-	long max_cert_list;
-	int first_packet;
-	int client_version;	/* what was passed, used for
-				 * SSLv3/TLS rollback check */
-	unsigned int max_send_fragment;
-#ifndef OPENSSL_NO_TLSEXT
-	/* TLS extension debug callback */
-	void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
-					unsigned char *data, int len,
-					void *arg);
-	void *tlsext_debug_arg;
-	char *tlsext_hostname;
-	int servername_done;   /* no further mod of servername 
-	                          0 : call the servername extension callback.
-	                          1 : prepare 2, allow last ack just after in server callback.
-	                          2 : don't call servername callback, no ack in server hello
-	                       */
-	/* certificate status request info */
-	/* Status type or -1 if no status type */
-	int tlsext_status_type;
-	/* Expect OCSP CertificateStatus message */
-	int tlsext_status_expected;
-	/* OCSP status request only */
-	STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
-	X509_EXTENSIONS *tlsext_ocsp_exts;
-	/* OCSP response received or to be sent */
-	unsigned char *tlsext_ocsp_resp;
-	int tlsext_ocsp_resplen;
-
-	/* RFC4507 session ticket expected to be received or sent */
-	int tlsext_ticket_expected;
-#ifndef OPENSSL_NO_EC
-	size_t tlsext_ecpointformatlist_length;
-	unsigned char *tlsext_ecpointformatlist; /* our list */
-	size_t tlsext_ellipticcurvelist_length;
-	unsigned char *tlsext_ellipticcurvelist; /* our list */
-#endif /* OPENSSL_NO_EC */
-
-	/* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
-	void *tlsext_opaque_prf_input;
-	size_t tlsext_opaque_prf_input_len;
-
-	/* TLS Session Ticket extension override */
-	TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
-
-	/* TLS Session Ticket extension callback */
-	tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
-	void *tls_session_ticket_ext_cb_arg;
-
-	/* TLS pre-shared secret session resumption */
-	tls_session_secret_cb_fn tls_session_secret_cb;
-	void *tls_session_secret_cb_arg;
-
-	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-	/* Next protocol negotiation. For the client, this is the protocol that
-	 * we sent in NextProtocol and is set when handling ServerHello
-	 * extensions.
-	 *
-	 * For a server, this is the client's selected_protocol from
-	 * NextProtocol and is set when handling the NextProtocol message,
-	 * before the Finished message. */
-	unsigned char *next_proto_negotiated;
-	unsigned char next_proto_negotiated_len;
-#endif
-
-#define session_ctx initial_ctx
-
-	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  /* What we'll do */
-	SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */
-
-	unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
-	                                   0: disabled
-	                                   1: enabled
-	                                   2: enabled, but not allowed to send Requests
-	                                 */
-	unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
-	unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
-
-	/* Copied from the SSL_CTX. For a server, means that we'll accept
-	 * Channel IDs from clients. For a client, means that we'll advertise
-	 * support. */
-	char tlsext_channel_id_enabled;
-	/* The client's Channel ID private key. */
-	EVP_PKEY *tlsext_channel_id_private;
-
-	/* For a client, this contains the list of supported protocols in wire
-	 * format. */
-	unsigned char* alpn_client_proto_list;
-	unsigned alpn_client_proto_list_len;
-#else
-#define session_ctx ctx
-#endif /* OPENSSL_NO_TLSEXT */
-
-	int renegotiate;/* 1 if we are renegotiating.
-	                 * 2 if we are a server and are inside a handshake
-	                 * (i.e. not just sending a HelloRequest) */
-
-#ifndef OPENSSL_NO_SRP
-	SRP_CTX srp_ctx; /* ctx for SRP authentication */
-#endif
-	};
-
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#include <openssl/ssl2.h>
-#include <openssl/ssl3.h>
-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
-#include <openssl/dtls1.h> /* Datagram TLS */
-#include <openssl/ssl23.h>
-#include <openssl/srtp.h>  /* Support for the use_srtp extension */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* compatibility */
-#define SSL_set_app_data(s,arg)		(SSL_set_ex_data(s,0,(char *)arg))
-#define SSL_get_app_data(s)		(SSL_get_ex_data(s,0))
-#define SSL_SESSION_set_app_data(s,a)	(SSL_SESSION_set_ex_data(s,0,(char *)a))
-#define SSL_SESSION_get_app_data(s)	(SSL_SESSION_get_ex_data(s,0))
-#define SSL_CTX_get_app_data(ctx)	(SSL_CTX_get_ex_data(ctx,0))
-#define SSL_CTX_set_app_data(ctx,arg)	(SSL_CTX_set_ex_data(ctx,0,(char *)arg))
-
-/* The following are the possible values for ssl->state are are
- * used to indicate where we are up to in the SSL connection establishment.
- * The macros that follow are about the only things you should need to use
- * and even then, only when using non-blocking IO.
- * It can also be useful to work out where you were when the connection
- * failed */
-
-#define SSL_ST_CONNECT			0x1000
-#define SSL_ST_ACCEPT			0x2000
-#define SSL_ST_MASK			0x0FFF
-#define SSL_ST_INIT			(SSL_ST_CONNECT|SSL_ST_ACCEPT)
-#define SSL_ST_BEFORE			0x4000
-#define SSL_ST_OK			0x03
-#define SSL_ST_RENEGOTIATE		(0x04|SSL_ST_INIT)
-
-#define SSL_CB_LOOP			0x01
-#define SSL_CB_EXIT			0x02
-#define SSL_CB_READ			0x04
-#define SSL_CB_WRITE			0x08
-#define SSL_CB_ALERT			0x4000 /* used in callback */
-#define SSL_CB_READ_ALERT		(SSL_CB_ALERT|SSL_CB_READ)
-#define SSL_CB_WRITE_ALERT		(SSL_CB_ALERT|SSL_CB_WRITE)
-#define SSL_CB_ACCEPT_LOOP		(SSL_ST_ACCEPT|SSL_CB_LOOP)
-#define SSL_CB_ACCEPT_EXIT		(SSL_ST_ACCEPT|SSL_CB_EXIT)
-#define SSL_CB_CONNECT_LOOP		(SSL_ST_CONNECT|SSL_CB_LOOP)
-#define SSL_CB_CONNECT_EXIT		(SSL_ST_CONNECT|SSL_CB_EXIT)
-#define SSL_CB_HANDSHAKE_START		0x10
-#define SSL_CB_HANDSHAKE_DONE		0x20
-
-/* Is the SSL_connection established? */
-#define SSL_get_state(a)		SSL_state(a)
-#define SSL_is_init_finished(a)		(SSL_state(a) == SSL_ST_OK)
-#define SSL_in_init(a)			((SSL_state(a)&SSL_ST_INIT) && \
-					!SSL_cutthrough_complete(a))
-#define SSL_in_before(a)		(SSL_state(a)&SSL_ST_BEFORE)
-#define SSL_in_connect_init(a)		(SSL_state(a)&SSL_ST_CONNECT)
-#define SSL_in_accept_init(a)		(SSL_state(a)&SSL_ST_ACCEPT)
-int SSL_cutthrough_complete(const SSL *s);
-
-/* The following 2 states are kept in ssl->rstate when reads fail,
- * you should not need these */
-#define SSL_ST_READ_HEADER			0xF0
-#define SSL_ST_READ_BODY			0xF1
-#define SSL_ST_READ_DONE			0xF2
-
-/* Obtain latest Finished message
- *   -- that we sent (SSL_get_finished)
- *   -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
-
-/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
- * are 'ored' with SSL_VERIFY_PEER if they are desired */
-#define SSL_VERIFY_NONE			0x00
-#define SSL_VERIFY_PEER			0x01
-#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT	0x02
-#define SSL_VERIFY_CLIENT_ONCE		0x04
-
-#define OpenSSL_add_ssl_algorithms()	SSL_library_init()
-#define SSLeay_add_ssl_algorithms()	SSL_library_init()
-
-/* this is for backward compatibility */
-#if 0 /* NEW_SSLEAY */
-#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
-#define SSL_set_pref_cipher(c,n)	SSL_set_cipher_list(c,n)
-#define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
-#define SSL_remove_session(a,b)		SSL_CTX_remove_session((a),(b))
-#define SSL_flush_sessions(a,b)		SSL_CTX_flush_sessions((a),(b))
-#endif
-/* More backward compatibility */
-#define SSL_get_cipher(s) \
-		SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_cipher_bits(s,np) \
-		SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
-#define SSL_get_cipher_version(s) \
-		SSL_CIPHER_get_version(SSL_get_current_cipher(s))
-#define SSL_get_cipher_name(s) \
-		SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_time(a)		SSL_SESSION_get_time(a)
-#define SSL_set_time(a,b)	SSL_SESSION_set_time((a),(b))
-#define SSL_get_timeout(a)	SSL_SESSION_get_timeout(a)
-#define SSL_set_timeout(a,b)	SSL_SESSION_set_timeout((a),(b))
-
-#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
-#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
-
-DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
-
-#define SSL_AD_REASON_OFFSET		1000 /* offset to get SSL_R_... value from SSL_AD_... */
-
-/* These alert types are for SSLv3 and TLSv1 */
-#define SSL_AD_CLOSE_NOTIFY		SSL3_AD_CLOSE_NOTIFY
-#define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
-#define SSL_AD_BAD_RECORD_MAC		SSL3_AD_BAD_RECORD_MAC     /* fatal */
-#define SSL_AD_DECRYPTION_FAILED	TLS1_AD_DECRYPTION_FAILED
-#define SSL_AD_RECORD_OVERFLOW		TLS1_AD_RECORD_OVERFLOW
-#define SSL_AD_DECOMPRESSION_FAILURE	SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
-#define SSL_AD_HANDSHAKE_FAILURE	SSL3_AD_HANDSHAKE_FAILURE/* fatal */
-#define SSL_AD_NO_CERTIFICATE		SSL3_AD_NO_CERTIFICATE /* Not for TLS */
-#define SSL_AD_BAD_CERTIFICATE		SSL3_AD_BAD_CERTIFICATE
-#define SSL_AD_UNSUPPORTED_CERTIFICATE	SSL3_AD_UNSUPPORTED_CERTIFICATE
-#define SSL_AD_CERTIFICATE_REVOKED	SSL3_AD_CERTIFICATE_REVOKED
-#define SSL_AD_CERTIFICATE_EXPIRED	SSL3_AD_CERTIFICATE_EXPIRED
-#define SSL_AD_CERTIFICATE_UNKNOWN	SSL3_AD_CERTIFICATE_UNKNOWN
-#define SSL_AD_ILLEGAL_PARAMETER	SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
-#define SSL_AD_UNKNOWN_CA		TLS1_AD_UNKNOWN_CA	/* fatal */
-#define SSL_AD_ACCESS_DENIED		TLS1_AD_ACCESS_DENIED	/* fatal */
-#define SSL_AD_DECODE_ERROR		TLS1_AD_DECODE_ERROR	/* fatal */
-#define SSL_AD_DECRYPT_ERROR		TLS1_AD_DECRYPT_ERROR
-#define SSL_AD_EXPORT_RESTRICTION	TLS1_AD_EXPORT_RESTRICTION/* fatal */
-#define SSL_AD_PROTOCOL_VERSION		TLS1_AD_PROTOCOL_VERSION /* fatal */
-#define SSL_AD_INSUFFICIENT_SECURITY	TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
-#define SSL_AD_INTERNAL_ERROR		TLS1_AD_INTERNAL_ERROR	/* fatal */
-#define SSL_AD_USER_CANCELLED		TLS1_AD_USER_CANCELLED
-#define SSL_AD_NO_RENEGOTIATION		TLS1_AD_NO_RENEGOTIATION
-#define SSL_AD_UNSUPPORTED_EXTENSION	TLS1_AD_UNSUPPORTED_EXTENSION
-#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
-#define SSL_AD_UNRECOGNIZED_NAME	TLS1_AD_UNRECOGNIZED_NAME
-#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
-#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
-#define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
-#define SSL_AD_INAPPROPRIATE_FALLBACK	TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
-
-#define SSL_ERROR_NONE			0
-#define SSL_ERROR_SSL			1
-#define SSL_ERROR_WANT_READ		2
-#define SSL_ERROR_WANT_WRITE		3
-#define SSL_ERROR_WANT_X509_LOOKUP	4
-#define SSL_ERROR_SYSCALL		5 /* look at error stack/return value/errno */
-#define SSL_ERROR_ZERO_RETURN		6
-#define SSL_ERROR_WANT_CONNECT		7
-#define SSL_ERROR_WANT_ACCEPT		8
-#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP	9
-
-#define SSL_CTRL_NEED_TMP_RSA			1
-#define SSL_CTRL_SET_TMP_RSA			2
-#define SSL_CTRL_SET_TMP_DH			3
-#define SSL_CTRL_SET_TMP_ECDH			4
-#define SSL_CTRL_SET_TMP_RSA_CB			5
-#define SSL_CTRL_SET_TMP_DH_CB			6
-#define SSL_CTRL_SET_TMP_ECDH_CB		7
-
-#define SSL_CTRL_GET_SESSION_REUSED		8
-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST	9
-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS		10
-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS	11
-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS	12
-#define SSL_CTRL_GET_FLAGS			13
-#define SSL_CTRL_EXTRA_CHAIN_CERT		14
-
-#define SSL_CTRL_SET_MSG_CALLBACK               15
-#define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
-
-/* only applies to datagram connections */
-#define SSL_CTRL_SET_MTU                17
-/* Stats */
-#define SSL_CTRL_SESS_NUMBER			20
-#define SSL_CTRL_SESS_CONNECT			21
-#define SSL_CTRL_SESS_CONNECT_GOOD		22
-#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE	23
-#define SSL_CTRL_SESS_ACCEPT			24
-#define SSL_CTRL_SESS_ACCEPT_GOOD		25
-#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE	26
-#define SSL_CTRL_SESS_HIT			27
-#define SSL_CTRL_SESS_CB_HIT			28
-#define SSL_CTRL_SESS_MISSES			29
-#define SSL_CTRL_SESS_TIMEOUTS			30
-#define SSL_CTRL_SESS_CACHE_FULL		31
-#define SSL_CTRL_OPTIONS			32
-#define SSL_CTRL_MODE				33
-
-#define SSL_CTRL_GET_READ_AHEAD			40
-#define SSL_CTRL_SET_READ_AHEAD			41
-#define SSL_CTRL_SET_SESS_CACHE_SIZE		42
-#define SSL_CTRL_GET_SESS_CACHE_SIZE		43
-#define SSL_CTRL_SET_SESS_CACHE_MODE		44
-#define SSL_CTRL_GET_SESS_CACHE_MODE		45
-
-#define SSL_CTRL_GET_MAX_CERT_LIST		50
-#define SSL_CTRL_SET_MAX_CERT_LIST		51
-
-#define SSL_CTRL_SET_MAX_SEND_FRAGMENT		52
-
-/* see tls1.h for macros based on these */
-#ifndef OPENSSL_NO_TLSEXT
-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB	53
-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG	54
-#define SSL_CTRL_SET_TLSEXT_HOSTNAME		55
-#define SSL_CTRL_SET_TLSEXT_DEBUG_CB		56
-#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG		57
-#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS		58
-#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS		59
-#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT	60
-#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB	61
-#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB	63
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG	64
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE	65
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS	66
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS	67
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS	68
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS	69
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP	70
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP	71
-
-#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB	72
-
-#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB	75
-#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB		76
-#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB		77
-
-#define SSL_CTRL_SET_SRP_ARG		78
-#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME		79
-#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH		80
-#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD		81
-#ifndef OPENSSL_NO_HEARTBEATS
-#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT				85
-#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING		86
-#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS	87
-#endif
-#define SSL_CTRL_CHANNEL_ID			88
-#define SSL_CTRL_GET_CHANNEL_ID			89
-#define SSL_CTRL_SET_CHANNEL_ID			90
-#endif
-
-#define DTLS_CTRL_GET_TIMEOUT		73
-#define DTLS_CTRL_HANDLE_TIMEOUT	74
-#define DTLS_CTRL_LISTEN			75
-
-#define SSL_CTRL_GET_RI_SUPPORT			76
-#define SSL_CTRL_CLEAR_OPTIONS			77
-#define SSL_CTRL_CLEAR_MODE			78
-
-#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS		82
-#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS	83
-
-#define SSL_CTRL_CHECK_PROTO_VERSION		119
-#define DTLS_CTRL_SET_LINK_MTU			120
-#define DTLS_CTRL_GET_LINK_MIN_MTU		121
-
-#define DTLSv1_get_timeout(ssl, arg) \
-	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
-#define DTLSv1_handle_timeout(ssl) \
-	SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
-#define DTLSv1_listen(ssl, peer) \
-	SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
-
-#define SSL_session_reused(ssl) \
-	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
-#define SSL_num_renegotiations(ssl) \
-	SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_clear_num_renegotiations(ssl) \
-	SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_total_renegotiations(ssl) \
-	SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
-
-#define SSL_CTX_need_tmp_RSA(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_CTX_set_tmp_dh(ctx,dh) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-
-#define SSL_need_tmp_RSA(ssl) \
-	SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_set_tmp_rsa(ssl,rsa) \
-	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_set_tmp_dh(ssl,dh) \
-	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-#define SSL_set_tmp_ecdh(ssl,ecdh) \
-	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-
-/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS client
- * IDs from clients, or configure a client to send TLS client IDs to server.
- * Returns 1 on success. */
-#define SSL_enable_tls_channel_id(s) \
-	SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL)
-/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
- * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
- * success. */
-#define SSL_set1_tls_channel_id(s, private_key) \
-	SSL_ctrl(s,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)
-#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)
-/* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL*
- * and copies up to the first |channel_id_len| bytes into |channel_id|. The
- * Channel ID consists of the client's P-256 public key as an (x,y) pair where
- * each is a 32-byte, big-endian field element. Returns 0 if the client didn't
- * offer a Channel ID and the length of the complete Channel ID otherwise. */
-#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \
-	SSL_ctrl(ctx,SSL_CTRL_GET_CHANNEL_ID,channel_id_len,(void*)channel_id)
-
-#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
-#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
-#define SSL_CTX_clear_extra_chain_certs(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
-
-#ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to,BIO *from);
-void BIO_ssl_shutdown(BIO *ssl_bio);
-
-#endif
-
-int	SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
-SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
-void	SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
-long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
-int SSL_want(const SSL *s);
-int	SSL_clear(SSL *s);
-
-void	SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
-
-const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int	SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
-char *	SSL_CIPHER_get_version(const SSL_CIPHER *c);
-const char *	SSL_CIPHER_get_name(const SSL_CIPHER *c);
-unsigned long 	SSL_CIPHER_get_id(const SSL_CIPHER *c);
-const char *	SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher);
-
-int	SSL_get_fd(const SSL *s);
-int	SSL_get_rfd(const SSL *s);
-int	SSL_get_wfd(const SSL *s);
-const char  * SSL_get_cipher_list(const SSL *s,int n);
-char *	SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
-int	SSL_get_read_ahead(const SSL * s);
-int	SSL_pending(const SSL *s);
-const char *	SSL_authentication_method(const SSL *c);
-#ifndef OPENSSL_NO_SOCK
-int	SSL_set_fd(SSL *s, int fd);
-int	SSL_set_rfd(SSL *s, int fd);
-int	SSL_set_wfd(SSL *s, int fd);
-#endif
-#ifndef OPENSSL_NO_BIO
-void	SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
-BIO *	SSL_get_rbio(const SSL *s);
-BIO *	SSL_get_wbio(const SSL *s);
-#endif
-int	SSL_set_cipher_list(SSL *s, const char *str);
-int	SSL_set_cipher_lists(SSL *s, STACK_OF(SSL_CIPHER) *sk);
-void	SSL_set_read_ahead(SSL *s, int yes);
-int	SSL_get_verify_mode(const SSL *s);
-int	SSL_get_verify_depth(const SSL *s);
-int	(*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
-void	SSL_set_verify(SSL *s, int mode,
-		       int (*callback)(int ok,X509_STORE_CTX *ctx));
-void	SSL_set_verify_depth(SSL *s, int depth);
-#ifndef OPENSSL_NO_RSA
-int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-#endif
-int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
-int	SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
-int	SSL_use_certificate(SSL *ssl, X509 *x);
-int	SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
-int	SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain);
-STACK_OF(X509) * SSL_get_certificate_chain(SSL *ssl, X509 *x);
-
-#ifndef OPENSSL_NO_STDIO
-int	SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-int	SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
-int	SSL_use_certificate_file(SSL *ssl, const char *file, int type);
-int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-					    const char *file);
-#ifndef OPENSSL_SYS_VMS
-#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
-int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-					   const char *dir);
-#endif
-#endif
-
-#endif
-
-void	SSL_load_error_strings(void );
-const char *SSL_state_string(const SSL *s);
-const char *SSL_rstate_string(const SSL *s);
-const char *SSL_state_string_long(const SSL *s);
-const char *SSL_rstate_string_long(const SSL *s);
-long	SSL_SESSION_get_time(const SSL_SESSION *s);
-long	SSL_SESSION_set_time(SSL_SESSION *s, long t);
-long	SSL_SESSION_get_timeout(const SSL_SESSION *s);
-long	SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void	SSL_copy_session_id(SSL *to,const SSL *from);
-X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
-int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
-			       unsigned int sid_ctx_len);
-
-SSL_SESSION *SSL_SESSION_new(void);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
-					unsigned int *len);
-const char *	SSL_SESSION_get_version(const SSL_SESSION *s);
-unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
-#ifndef OPENSSL_NO_FP_API
-int	SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
-#endif
-#ifndef OPENSSL_NO_BIO
-int	SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
-#endif
-void	SSL_SESSION_free(SSL_SESSION *ses);
-int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
-int	SSL_set_session(SSL *to, SSL_SESSION *session);
-void	SSL_set_session_creation_enabled(SSL *, int);
-int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
-int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-int	SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
-int	SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-					unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
-			     long length);
-
-#ifdef HEADER_X509_H
-X509 *	SSL_get_peer_certificate(const SSL *s);
-#endif
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
-			int (*callback)(int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-#endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
-	const unsigned char *d, long len);
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
-
-int SSL_CTX_check_private_key(const SSL_CTX *ctx);
-int SSL_check_private_key(const SSL *ctx);
-
-int	SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
-				       unsigned int sid_ctx_len);
-
-SSL *	SSL_new(SSL_CTX *ctx);
-int	SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
-				   unsigned int sid_ctx_len);
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
-int SSL_set_purpose(SSL *s, int purpose);
-int SSL_CTX_set_trust(SSL_CTX *s, int trust);
-int SSL_set_trust(SSL *s, int trust);
-
-int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
-int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
-
-#ifndef OPENSSL_NO_SRP
-int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
-int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
-int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
-int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
-					char *(*cb)(SSL *,void *));
-int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
-					  int (*cb)(SSL *,void *));
-int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
-				      int (*cb)(SSL *,int *,void *));
-int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
-
-int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
-			     BIGNUM *sa, BIGNUM *v, char *info);
-int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
-				const char *grp);
-
-BIGNUM *SSL_get_srp_g(SSL *s);
-BIGNUM *SSL_get_srp_N(SSL *s);
-
-char *SSL_get_srp_username(SSL *s);
-char *SSL_get_srp_userinfo(SSL *s);
-#endif
-
-void	SSL_free(SSL *ssl);
-int 	SSL_accept(SSL *ssl);
-int 	SSL_connect(SSL *ssl);
-int 	SSL_read(SSL *ssl,void *buf,int num);
-int 	SSL_peek(SSL *ssl,void *buf,int num);
-int 	SSL_write(SSL *ssl,const void *buf,int num);
-long	SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
-long	SSL_callback_ctrl(SSL *, int, void (*)(void));
-long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
-long	SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
-
-int	SSL_get_error(const SSL *s,int ret_code);
-const char *SSL_get_version(const SSL *s);
-
-/* This sets the 'default' SSL version that SSL_new() will create */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
-
-#ifndef OPENSSL_NO_SSL2
-const SSL_METHOD *SSLv2_method(void);		/* SSLv2 */
-const SSL_METHOD *SSLv2_server_method(void);	/* SSLv2 */
-const SSL_METHOD *SSLv2_client_method(void);	/* SSLv2 */
-#endif
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-const SSL_METHOD *SSLv3_method(void);		/* SSLv3 */
-const SSL_METHOD *SSLv3_server_method(void);	/* SSLv3 */
-const SSL_METHOD *SSLv3_client_method(void);	/* SSLv3 */
-#endif
-
-const SSL_METHOD *SSLv23_method(void);	/* Negotiate highest available SSL/TLS version */
-const SSL_METHOD *SSLv23_server_method(void);	/* Negotiate highest available SSL/TLS version */
-const SSL_METHOD *SSLv23_client_method(void);	/* Negotiate highest available SSL/TLS version */
-
-const SSL_METHOD *TLSv1_method(void);		/* TLSv1.0 */
-const SSL_METHOD *TLSv1_server_method(void);	/* TLSv1.0 */
-const SSL_METHOD *TLSv1_client_method(void);	/* TLSv1.0 */
-
-const SSL_METHOD *TLSv1_1_method(void);		/* TLSv1.1 */
-const SSL_METHOD *TLSv1_1_server_method(void);	/* TLSv1.1 */
-const SSL_METHOD *TLSv1_1_client_method(void);	/* TLSv1.1 */
-
-const SSL_METHOD *TLSv1_2_method(void);		/* TLSv1.2 */
-const SSL_METHOD *TLSv1_2_server_method(void);	/* TLSv1.2 */
-const SSL_METHOD *TLSv1_2_client_method(void);	/* TLSv1.2 */
-
-
-const SSL_METHOD *DTLSv1_method(void);		/* DTLSv1.0 */
-const SSL_METHOD *DTLSv1_server_method(void);	/* DTLSv1.0 */
-const SSL_METHOD *DTLSv1_client_method(void);	/* DTLSv1.0 */
-
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
-
-int SSL_do_handshake(SSL *s);
-int SSL_renegotiate(SSL *s);
-int SSL_renegotiate_abbreviated(SSL *s);
-int SSL_renegotiate_pending(SSL *s);
-int SSL_shutdown(SSL *s);
-
-const SSL_METHOD *SSL_get_ssl_method(SSL *s);
-int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
-const char *SSL_alert_type_string_long(int value);
-const char *SSL_alert_type_string(int value);
-const char *SSL_alert_desc_string_long(int value);
-const char *SSL_alert_desc_string(int value);
-
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl,X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
-
-void SSL_set_connect_state(SSL *s);
-void SSL_set_accept_state(SSL *s);
-
-long SSL_get_default_timeout(const SSL *s);
-
-int SSL_library_init(void );
-
-char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
-
-SSL *SSL_dup(SSL *ssl);
-
-X509 *SSL_get_certificate(const SSL *ssl);
-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
-void SSL_set_quiet_shutdown(SSL *ssl,int mode);
-int SSL_get_quiet_shutdown(const SSL *ssl);
-void SSL_set_shutdown(SSL *ssl,int mode);
-int SSL_get_shutdown(const SSL *ssl);
-int SSL_version(const SSL *ssl);
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-	const char *CApath);
-#define SSL_get0_session SSL_get_session /* just peek at pointer */
-SSL_SESSION *SSL_get_session(const SSL *ssl);
-SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
-void SSL_set_info_callback(SSL *ssl,
-			   void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
-int SSL_state(const SSL *ssl);
-void SSL_set_state(SSL *ssl, int state);
-
-void SSL_set_verify_result(SSL *ssl,long v);
-long SSL_get_verify_result(const SSL *ssl);
-
-int SSL_set_ex_data(SSL *ssl,int idx,void *data);
-void *SSL_get_ex_data(const SSL *ssl,int idx);
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void );
-
-#define SSL_CTX_sess_set_cache_size(ctx,t) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
-#define SSL_CTX_sess_get_cache_size(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
-#define SSL_CTX_set_session_cache_mode(ctx,m) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
-#define SSL_CTX_get_session_cache_mode(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
-
-#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
-#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
-#define SSL_CTX_get_read_ahead(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
-#define SSL_CTX_set_read_ahead(ctx,m) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
-#define SSL_CTX_get_max_cert_list(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-#define SSL_CTX_set_max_cert_list(ctx,m) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-#define SSL_get_max_cert_list(ssl) \
-	SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-#define SSL_set_max_cert_list(ssl,m) \
-	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-
-#define SSL_CTX_set_max_send_fragment(ctx,m) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-#define SSL_set_max_send_fragment(ssl,m) \
-	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-
-     /* NB: the keylength is only applicable when is_export is true */
-#ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
-				  RSA *(*cb)(SSL *ssl,int is_export,
-					     int keylength));
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,
-				  RSA *(*cb)(SSL *ssl,int is_export,
-					     int keylength));
-#endif
-#ifndef OPENSSL_NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-				 DH *(*dh)(SSL *ssl,int is_export,
-					   int keylength));
-void SSL_set_tmp_dh_callback(SSL *ssl,
-				 DH *(*dh)(SSL *ssl,int is_export,
-					   int keylength));
-#endif
-#ifndef OPENSSL_NO_ECDH
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
-				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-					   int keylength));
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
-				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-					   int keylength));
-#endif
-
-#ifndef OPENSSL_NO_COMP
-const COMP_METHOD *SSL_get_current_compression(SSL *s);
-const COMP_METHOD *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const COMP_METHOD *comp);
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
-#else
-const void *SSL_get_current_compression(SSL *s);
-const void *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const void *comp);
-void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,void *cm);
-#endif
-
-/* TLS extensions functions */
-int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
-
-int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
-				  void *arg);
-
-/* Pre-shared secret session resumption functions */
-int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
-
-void SSL_set_debug(SSL *s, int debug);
-int SSL_cache_hit(SSL *s);
-
-#ifndef OPENSSL_NO_UNIT_TEST
-const struct openssl_ssl_test_functions *SSL_test_functions(void);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_SSL_strings(void);
-
-/* Error codes for the SSL functions. */
-
-/* Function codes. */
-#define SSL_F_CLIENT_CERTIFICATE			 100
-#define SSL_F_CLIENT_FINISHED				 167
-#define SSL_F_CLIENT_HELLO				 101
-#define SSL_F_CLIENT_MASTER_KEY				 102
-#define SSL_F_D2I_SSL_SESSION				 103
-#define SSL_F_DO_DTLS1_WRITE				 245
-#define SSL_F_DO_SSL3_WRITE				 104
-#define SSL_F_DTLS1_ACCEPT				 246
-#define SSL_F_DTLS1_ADD_CERT_TO_BUF			 295
-#define SSL_F_DTLS1_BUFFER_RECORD			 247
-#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM			 316
-#define SSL_F_DTLS1_CLIENT_HELLO			 248
-#define SSL_F_DTLS1_CONNECT				 249
-#define SSL_F_DTLS1_ENC					 250
-#define SSL_F_DTLS1_GET_HELLO_VERIFY			 251
-#define SSL_F_DTLS1_GET_MESSAGE				 252
-#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT		 253
-#define SSL_F_DTLS1_GET_RECORD				 254
-#define SSL_F_DTLS1_HANDLE_TIMEOUT			 297
-#define SSL_F_DTLS1_HEARTBEAT				 305
-#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN			 255
-#define SSL_F_DTLS1_PREPROCESS_FRAGMENT			 288
-#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE		 256
-#define SSL_F_DTLS1_PROCESS_RECORD			 257
-#define SSL_F_DTLS1_READ_BYTES				 258
-#define SSL_F_DTLS1_READ_FAILED				 259
-#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST		 260
-#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE		 261
-#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE		 262
-#define SSL_F_DTLS1_SEND_CLIENT_VERIFY			 263
-#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST		 264
-#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE		 265
-#define SSL_F_DTLS1_SEND_SERVER_HELLO			 266
-#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE		 267
-#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES		 268
-#define SSL_F_GET_CLIENT_FINISHED			 105
-#define SSL_F_GET_CLIENT_HELLO				 106
-#define SSL_F_GET_CLIENT_MASTER_KEY			 107
-#define SSL_F_GET_SERVER_FINISHED			 108
-#define SSL_F_GET_SERVER_HELLO				 109
-#define SSL_F_GET_SERVER_VERIFY				 110
-#define SSL_F_I2D_SSL_SESSION				 111
-#define SSL_F_READ_N					 112
-#define SSL_F_REQUEST_CERTIFICATE			 113
-#define SSL_F_SERVER_FINISH				 239
-#define SSL_F_SERVER_HELLO				 114
-#define SSL_F_SERVER_VERIFY				 240
-#define SSL_F_SSL23_ACCEPT				 115
-#define SSL_F_SSL23_CLIENT_HELLO			 116
-#define SSL_F_SSL23_CONNECT				 117
-#define SSL_F_SSL23_GET_CLIENT_HELLO			 118
-#define SSL_F_SSL23_GET_SERVER_HELLO			 119
-#define SSL_F_SSL23_PEEK				 237
-#define SSL_F_SSL23_READ				 120
-#define SSL_F_SSL23_WRITE				 121
-#define SSL_F_SSL2_ACCEPT				 122
-#define SSL_F_SSL2_CONNECT				 123
-#define SSL_F_SSL2_ENC_INIT				 124
-#define SSL_F_SSL2_GENERATE_KEY_MATERIAL		 241
-#define SSL_F_SSL2_PEEK					 234
-#define SSL_F_SSL2_READ					 125
-#define SSL_F_SSL2_READ_INTERNAL			 236
-#define SSL_F_SSL2_SET_CERTIFICATE			 126
-#define SSL_F_SSL2_WRITE				 127
-#define SSL_F_SSL3_ACCEPT				 128
-#define SSL_F_SSL3_ADD_CERT_TO_BUF			 296
-#define SSL_F_SSL3_CALLBACK_CTRL			 233
-#define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129
-#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130
-#define SSL_F_SSL3_CHECK_CLIENT_HELLO			 304
-#define SSL_F_SSL3_CLIENT_HELLO				 131
-#define SSL_F_SSL3_CONNECT				 132
-#define SSL_F_SSL3_CTRL					 213
-#define SSL_F_SSL3_CTX_CTRL				 133
-#define SSL_F_SSL3_DIGEST_CACHED_RECORDS		 293
-#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC		 292
-#define SSL_F_SSL3_ENC					 134
-#define SSL_F_SSL3_GENERATE_KEY_BLOCK			 238
-#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135
-#define SSL_F_SSL3_GET_CERT_STATUS			 289
-#define SSL_F_SSL3_GET_CERT_VERIFY			 136
-#define SSL_F_SSL3_GET_CHANNEL_ID			 317
-#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE		 137
-#define SSL_F_SSL3_GET_CLIENT_HELLO			 138
-#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE		 139
-#define SSL_F_SSL3_GET_FINISHED				 140
-#define SSL_F_SSL3_GET_KEY_EXCHANGE			 141
-#define SSL_F_SSL3_GET_MESSAGE				 142
-#define SSL_F_SSL3_GET_NEW_SESSION_TICKET		 283
-#define SSL_F_SSL3_GET_NEXT_PROTO			 306
-#define SSL_F_SSL3_GET_RECORD				 143
-#define SSL_F_SSL3_GET_SERVER_CERTIFICATE		 144
-#define SSL_F_SSL3_GET_SERVER_DONE			 145
-#define SSL_F_SSL3_GET_SERVER_HELLO			 146
-#define SSL_F_SSL3_HANDSHAKE_MAC			 285
-#define SSL_F_SSL3_NEW_SESSION_TICKET			 287
-#define SSL_F_SSL3_OUTPUT_CERT_CHAIN			 147
-#define SSL_F_SSL3_PEEK					 235
-#define SSL_F_SSL3_READ_BYTES				 148
-#define SSL_F_SSL3_READ_N				 149
-#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150
-#define SSL_F_SSL3_SEND_CHANNEL_ID			 318
-#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE		 151
-#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152
-#define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153
-#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE		 154
-#define SSL_F_SSL3_SEND_SERVER_HELLO			 242
-#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE		 155
-#define SSL_F_SSL3_SETUP_KEY_BLOCK			 157
-#define SSL_F_SSL3_SETUP_READ_BUFFER			 156
-#define SSL_F_SSL3_SETUP_WRITE_BUFFER			 291
-#define SSL_F_SSL3_WRITE_BYTES				 158
-#define SSL_F_SSL3_WRITE_PENDING			 159
-#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT	 298
-#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT		 277
-#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT		 307
-#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK	 215
-#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK	 216
-#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT	 299
-#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT		 278
-#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT		 308
-#define SSL_F_SSL_BAD_METHOD				 160
-#define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161
-#define SSL_F_SSL_CERT_DUP				 221
-#define SSL_F_SSL_CERT_INST				 222
-#define SSL_F_SSL_CERT_INSTANTIATE			 214
-#define SSL_F_SSL_CERT_NEW				 162
-#define SSL_F_SSL_CHECK_PRIVATE_KEY			 163
-#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT		 280
-#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG		 279
-#define SSL_F_SSL_CIPHER_PROCESS_RULESTR		 230
-#define SSL_F_SSL_CIPHER_STRENGTH_SORT			 231
-#define SSL_F_SSL_CLEAR					 164
-#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD		 165
-#define SSL_F_SSL_CREATE_CIPHER_LIST			 166
-#define SSL_F_SSL_CTRL					 232
-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 168
-#define SSL_F_SSL_CTX_MAKE_PROFILES			 309
-#define SSL_F_SSL_CTX_NEW				 169
-#define SSL_F_SSL_CTX_SET_CIPHER_LIST			 269
-#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE		 290
-#define SSL_F_SSL_CTX_SET_PURPOSE			 226
-#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT		 219
-#define SSL_F_SSL_CTX_SET_SSL_VERSION			 170
-#define SSL_F_SSL_CTX_SET_TRUST				 229
-#define SSL_F_SSL_CTX_USE_CERTIFICATE			 171
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 172
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE	 220
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 173
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 174
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 175
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 176
-#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT		 272
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 177
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 178
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 179
-#define SSL_F_SSL_DO_HANDSHAKE				 180
-#define SSL_F_SSL_GET_NEW_SESSION			 181
-#define SSL_F_SSL_GET_PREV_SESSION			 217
-#define SSL_F_SSL_GET_SERVER_SEND_CERT			 182
-#define SSL_F_SSL_GET_SERVER_SEND_PKEY			 317
-#define SSL_F_SSL_GET_SIGN_PKEY				 183
-#define SSL_F_SSL_INIT_WBIO_BUFFER			 184
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185
-#define SSL_F_SSL_NEW					 186
-#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT	 300
-#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT		 302
-#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT	 310
-#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT	 301
-#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT		 303
-#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT	 311
-#define SSL_F_SSL_PEEK					 270
-#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT		 281
-#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT		 282
-#define SSL_F_SSL_READ					 223
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188
-#define SSL_F_SSL_SESSION_NEW				 189
-#define SSL_F_SSL_SESSION_PRINT_FP			 190
-#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT		 312
-#define SSL_F_SSL_SESS_CERT_NEW				 225
-#define SSL_F_SSL_SET_CERT				 191
-#define SSL_F_SSL_SET_CIPHER_LIST			 271
-#define SSL_F_SSL_SET_FD				 192
-#define SSL_F_SSL_SET_PKEY				 193
-#define SSL_F_SSL_SET_PURPOSE				 227
-#define SSL_F_SSL_SET_RFD				 194
-#define SSL_F_SSL_SET_SESSION				 195
-#define SSL_F_SSL_SET_SESSION_ID_CONTEXT		 218
-#define SSL_F_SSL_SET_SESSION_TICKET_EXT		 294
-#define SSL_F_SSL_SET_TRUST				 228
-#define SSL_F_SSL_SET_WFD				 196
-#define SSL_F_SSL_SHUTDOWN				 224
-#define SSL_F_SSL_SRP_CTX_INIT				 313
-#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION		 243
-#define SSL_F_SSL_UNDEFINED_FUNCTION			 197
-#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION		 244
-#define SSL_F_SSL_USE_CERTIFICATE			 198
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 199
-#define SSL_F_SSL_USE_CERTIFICATE_CHAIN			 2000
-#define SSL_F_SSL_USE_CERTIFICATE_FILE			 200
-#define SSL_F_SSL_USE_PRIVATEKEY			 201
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 202
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 203
-#define SSL_F_SSL_USE_PSK_IDENTITY_HINT			 273
-#define SSL_F_SSL_USE_RSAPRIVATEKEY			 204
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 205
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 206
-#define SSL_F_SSL_VERIFY_CERT_CHAIN			 207
-#define SSL_F_SSL_WRITE					 208
-#define SSL_F_TLS1_CERT_VERIFY_MAC			 286
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 209
-#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT		 274
-#define SSL_F_TLS1_ENC					 210
-#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL		 314
-#define SSL_F_TLS1_HEARTBEAT				 315
-#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT		 275
-#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT		 276
-#define SSL_F_TLS1_PRF					 284
-#define SSL_F_TLS1_SETUP_KEY_BLOCK			 211
-#define SSL_F_WRITE_PENDING				 212
-
-/* Reason codes. */
-#define SSL_R_APP_DATA_IN_HANDSHAKE			 100
-#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
-#define SSL_R_BAD_ALERT_RECORD				 101
-#define SSL_R_BAD_AUTHENTICATION_TYPE			 102
-#define SSL_R_BAD_CHANGE_CIPHER_SPEC			 103
-#define SSL_R_BAD_CHECKSUM				 104
-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK		 106
-#define SSL_R_BAD_DECOMPRESSION				 107
-#define SSL_R_BAD_DH_G_LENGTH				 108
-#define SSL_R_BAD_DH_PUB_KEY_LENGTH			 109
-#define SSL_R_BAD_DH_P_LENGTH				 110
-#define SSL_R_BAD_DIGEST_LENGTH				 111
-#define SSL_R_BAD_DSA_SIGNATURE				 112
-#define SSL_R_BAD_ECC_CERT				 304
-#define SSL_R_BAD_ECDSA_SIGNATURE			 305
-#define SSL_R_BAD_ECPOINT				 306
-#define SSL_R_BAD_HANDSHAKE_LENGTH			 332
-#define SSL_R_BAD_HELLO_REQUEST				 105
-#define SSL_R_BAD_LENGTH				 271
-#define SSL_R_BAD_MAC_DECODE				 113
-#define SSL_R_BAD_MAC_LENGTH				 333
-#define SSL_R_BAD_MESSAGE_TYPE				 114
-#define SSL_R_BAD_PACKET_LENGTH				 115
-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116
-#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH		 316
-#define SSL_R_BAD_RESPONSE_ARGUMENT			 117
-#define SSL_R_BAD_RSA_DECRYPT				 118
-#define SSL_R_BAD_RSA_ENCRYPT				 119
-#define SSL_R_BAD_RSA_E_LENGTH				 120
-#define SSL_R_BAD_RSA_MODULUS_LENGTH			 121
-#define SSL_R_BAD_RSA_SIGNATURE				 122
-#define SSL_R_BAD_SIGNATURE				 123
-#define SSL_R_BAD_SRP_A_LENGTH				 347
-#define SSL_R_BAD_SRP_B_LENGTH				 348
-#define SSL_R_BAD_SRP_G_LENGTH				 349
-#define SSL_R_BAD_SRP_N_LENGTH				 350
-#define SSL_R_BAD_SRP_PARAMETERS			 371
-#define SSL_R_BAD_SRP_S_LENGTH				 351
-#define SSL_R_BAD_SRTP_MKI_VALUE			 352
-#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST		 353
-#define SSL_R_BAD_SSL_FILETYPE				 124
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 125
-#define SSL_R_BAD_STATE					 126
-#define SSL_R_BAD_WRITE_RETRY				 127
-#define SSL_R_BIO_NOT_SET				 128
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 129
-#define SSL_R_BN_LIB					 130
-#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY		 376
-#define SSL_R_CA_DN_LENGTH_MISMATCH			 131
-#define SSL_R_CA_DN_TOO_LONG				 132
-#define SSL_R_CCS_RECEIVED_EARLY			 133
-#define SSL_R_CERTIFICATE_VERIFY_FAILED			 134
-#define SSL_R_CERT_LENGTH_MISMATCH			 135
-#define SSL_R_CHALLENGE_IS_DIFFERENT			 136
-#define SSL_R_CHANNEL_ID_NOT_P256			 375
-#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID		 371
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 137
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 138
-#define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
-#define SSL_R_CLIENTHELLO_TLSEXT			 226
-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140
-#define SSL_R_COMPRESSION_DISABLED			 343
-#define SSL_R_COMPRESSION_FAILURE			 141
-#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE	 307
-#define SSL_R_COMPRESSION_LIBRARY_ERROR			 142
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 143
-#define SSL_R_CONNECTION_TYPE_NOT_SET			 144
-#define SSL_R_COOKIE_MISMATCH				 308
-#define SSL_R_D2I_ECDSA_SIG				 379
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145
-#define SSL_R_DATA_LENGTH_TOO_LONG			 146
-#define SSL_R_DECRYPTION_FAILED				 147
-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 281
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
-#define SSL_R_DIGEST_CHECK_FAILED			 149
-#define SSL_R_DTLS_MESSAGE_TOO_BIG			 334
-#define SSL_R_DUPLICATE_COMPRESSION_ID			 309
-#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT		 317
-#define SSL_R_ECC_CERT_NOT_FOR_SIGNING			 318
-#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE	 322
-#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE	 323
-#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 310
-#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST	 354
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 282
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151
-#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED		 377
-#define SSL_R_EVP_DIGESTSIGNINIT_FAILED			 378
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152
-#define SSL_R_EXTRA_DATA_IN_MESSAGE			 153
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154
-#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS		 372
-#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS		 355
-#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION		 356
-#define SSL_R_HTTPS_PROXY_REQUEST			 155
-#define SSL_R_HTTP_REQUEST				 156
-#define SSL_R_ILLEGAL_PADDING				 283
-#define SSL_R_INAPPROPRIATE_FALLBACK			 373
-#define SSL_R_INCONSISTENT_COMPRESSION			 340
-#define SSL_R_INVALID_CHALLENGE_LENGTH			 158
-#define SSL_R_INVALID_COMMAND				 280
-#define SSL_R_INVALID_COMPRESSION_ALGORITHM		 341
-#define SSL_R_INVALID_MESSAGE				 374
-#define SSL_R_INVALID_PURPOSE				 278
-#define SSL_R_INVALID_SRP_USERNAME			 357
-#define SSL_R_INVALID_STATUS_RESPONSE			 328
-#define SSL_R_INVALID_TICKET_KEYS_LENGTH		 325
-#define SSL_R_INVALID_TRUST				 279
-#define SSL_R_KEY_ARG_TOO_LONG				 284
-#define SSL_R_KRB5					 285
-#define SSL_R_KRB5_C_CC_PRINC				 286
-#define SSL_R_KRB5_C_GET_CRED				 287
-#define SSL_R_KRB5_C_INIT				 288
-#define SSL_R_KRB5_C_MK_REQ				 289
-#define SSL_R_KRB5_S_BAD_TICKET				 290
-#define SSL_R_KRB5_S_INIT				 291
-#define SSL_R_KRB5_S_RD_REQ				 292
-#define SSL_R_KRB5_S_TKT_EXPIRED			 293
-#define SSL_R_KRB5_S_TKT_NYV				 294
-#define SSL_R_KRB5_S_TKT_SKEW				 295
-#define SSL_R_LENGTH_MISMATCH				 159
-#define SSL_R_LENGTH_TOO_SHORT				 160
-#define SSL_R_LIBRARY_BUG				 274
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161
-#define SSL_R_MESSAGE_TOO_LONG				 296
-#define SSL_R_MISSING_DH_DSA_CERT			 162
-#define SSL_R_MISSING_DH_KEY				 163
-#define SSL_R_MISSING_DH_RSA_CERT			 164
-#define SSL_R_MISSING_DSA_SIGNING_CERT			 165
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 166
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 167
-#define SSL_R_MISSING_RSA_CERTIFICATE			 168
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 169
-#define SSL_R_MISSING_RSA_SIGNING_CERT			 170
-#define SSL_R_MISSING_SRP_PARAM				 358
-#define SSL_R_MISSING_TMP_DH_KEY			 171
-#define SSL_R_MISSING_TMP_ECDH_KEY			 311
-#define SSL_R_MISSING_TMP_RSA_KEY			 172
-#define SSL_R_MISSING_TMP_RSA_PKEY			 173
-#define SSL_R_MISSING_VERIFY_MESSAGE			 174
-#define SSL_R_MULTIPLE_SGC_RESTARTS			 346
-#define SSL_R_NON_SSLV2_INITIAL_PACKET			 175
-#define SSL_R_NO_CERTIFICATES_RETURNED			 176
-#define SSL_R_NO_CERTIFICATE_ASSIGNED			 177
-#define SSL_R_NO_CERTIFICATE_RETURNED			 178
-#define SSL_R_NO_CERTIFICATE_SET			 179
-#define SSL_R_NO_CERTIFICATE_SPECIFIED			 180
-#define SSL_R_NO_CIPHERS_AVAILABLE			 181
-#define SSL_R_NO_CIPHERS_PASSED				 182
-#define SSL_R_NO_CIPHERS_SPECIFIED			 183
-#define SSL_R_NO_CIPHER_LIST				 184
-#define SSL_R_NO_CIPHER_MATCH				 185
-#define SSL_R_NO_CLIENT_CERT_METHOD			 331
-#define SSL_R_NO_CLIENT_CERT_RECEIVED			 186
-#define SSL_R_NO_COMPRESSION_SPECIFIED			 187
-#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER		 330
-#define SSL_R_NO_METHOD_SPECIFIED			 188
-#define SSL_R_NO_P256_SUPPORT				 380
-#define SSL_R_NO_PRIVATEKEY				 189
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190
-#define SSL_R_NO_PROTOCOLS_AVAILABLE			 191
-#define SSL_R_NO_PUBLICKEY				 192
-#define SSL_R_NO_RENEGOTIATION				 339
-#define SSL_R_NO_REQUIRED_DIGEST			 324
-#define SSL_R_NO_SHARED_CIPHER				 193
-#define SSL_R_NO_SRTP_PROFILES				 359
-#define SSL_R_NO_VERIFY_CALLBACK			 194
-#define SSL_R_NULL_SSL_CTX				 195
-#define SSL_R_NULL_SSL_METHOD_PASSED			 196
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197
-#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
-#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE		 297
-#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG			 327
-#define SSL_R_PACKET_LENGTH_TOO_LONG			 198
-#define SSL_R_PARSE_TLSEXT				 227
-#define SSL_R_PATH_TOO_LONG				 270
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 199
-#define SSL_R_PEER_ERROR				 200
-#define SSL_R_PEER_ERROR_CERTIFICATE			 201
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 202
-#define SSL_R_PEER_ERROR_NO_CIPHER			 203
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 204
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 205
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 206
-#define SSL_R_PROTOCOL_IS_SHUTDOWN			 207
-#define SSL_R_PSK_IDENTITY_NOT_FOUND			 223
-#define SSL_R_PSK_NO_CLIENT_CB				 224
-#define SSL_R_PSK_NO_SERVER_CB				 225
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 208
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 209
-#define SSL_R_PUBLIC_KEY_NOT_RSA			 210
-#define SSL_R_READ_BIO_NOT_SET				 211
-#define SSL_R_READ_TIMEOUT_EXPIRED			 312
-#define SSL_R_READ_WRONG_PACKET_TYPE			 212
-#define SSL_R_RECORD_LENGTH_MISMATCH			 213
-#define SSL_R_RECORD_TOO_LARGE				 214
-#define SSL_R_RECORD_TOO_SMALL				 298
-#define SSL_R_RENEGOTIATE_EXT_TOO_LONG			 335
-#define SSL_R_RENEGOTIATION_ENCODING_ERR		 336
-#define SSL_R_RENEGOTIATION_MISMATCH			 337
-#define SSL_R_REQUIRED_CIPHER_MISSING			 215
-#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING	 342
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 218
-#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING		 345
-#define SSL_R_SERVERHELLO_TLSEXT			 275
-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277
-#define SSL_R_SESSION_MAY_NOT_BE_CREATED		 2000
-#define SSL_R_SHORT_READ				 219
-#define SSL_R_SIGNATURE_ALGORITHMS_ERROR		 360
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
-#define SSL_R_SRP_A_CALC				 361
-#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES		 362
-#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG	 363
-#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE		 364
-#define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
-#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG		 299
-#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT		 321
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME		 319
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE		 320
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 300
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		 1044
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		 1046
-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE		 1030
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 228
-#define SSL_R_SSL_HANDSHAKE_FAILURE			 229
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 230
-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED		 301
-#define SSL_R_SSL_SESSION_ID_CONFLICT			 302
-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG		 273
-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH		 303
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 231
-#define SSL_R_TLSV1_ALERT_ACCESS_DENIED			 1049
-#define SSL_R_TLSV1_ALERT_DECODE_ERROR			 1050
-#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021
-#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051
-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		 1060
-#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK	 1086
-#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071
-#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080
-#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100
-#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		 1070
-#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		 1022
-#define SSL_R_TLSV1_ALERT_UNKNOWN_CA			 1048
-#define SSL_R_TLSV1_ALERT_USER_CANCELLED		 1090
-#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE		 1114
-#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE	 1113
-#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE		 1111
-#define SSL_R_TLSV1_UNRECOGNIZED_NAME			 1112
-#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION		 1110
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 232
-#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT		 365
-#define SSL_R_TLS_HEARTBEAT_PENDING			 366
-#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL		 367
-#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST		 157
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 234
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 235
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 236
-#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS		 313
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 237
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 238
-#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS		 314
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 239
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 240
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 241
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 242
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 243
-#define SSL_R_UNEXPECTED_MESSAGE			 244
-#define SSL_R_UNEXPECTED_RECORD				 245
-#define SSL_R_UNINITIALIZED				 276
-#define SSL_R_UNKNOWN_ALERT_TYPE			 246
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 247
-#define SSL_R_UNKNOWN_CIPHER_RETURNED			 248
-#define SSL_R_UNKNOWN_CIPHER_TYPE			 249
-#define SSL_R_UNKNOWN_DIGEST				 368
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 250
-#define SSL_R_UNKNOWN_PKEY_TYPE				 251
-#define SSL_R_UNKNOWN_PROTOCOL				 252
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 253
-#define SSL_R_UNKNOWN_SSL_VERSION			 254
-#define SSL_R_UNKNOWN_STATE				 255
-#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED	 338
-#define SSL_R_UNSUPPORTED_CIPHER			 256
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 257
-#define SSL_R_UNSUPPORTED_DIGEST_TYPE			 326
-#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE		 315
-#define SSL_R_UNSUPPORTED_PROTOCOL			 258
-#define SSL_R_UNSUPPORTED_SSL_VERSION			 259
-#define SSL_R_UNSUPPORTED_STATUS_TYPE			 329
-#define SSL_R_USE_SRTP_NOT_NEGOTIATED			 369
-#define SSL_R_WRITE_BIO_NOT_SET				 260
-#define SSL_R_WRONG_CIPHER_RETURNED			 261
-#define SSL_R_WRONG_MESSAGE_TYPE			 262
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 263
-#define SSL_R_WRONG_SIGNATURE_LENGTH			 264
-#define SSL_R_WRONG_SIGNATURE_SIZE			 265
-#define SSL_R_WRONG_SIGNATURE_TYPE			 370
-#define SSL_R_WRONG_SSL_VERSION				 266
-#define SSL_R_WRONG_VERSION_NUMBER			 267
-#define SSL_R_X509_LIB					 268
-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 269
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/ssl2.h b/include/openssl/ssl2.h
deleted file mode 100644
index eb25dcb0bf..0000000000
--- a/include/openssl/ssl2.h
+++ /dev/null
@@ -1,272 +0,0 @@
-/* ssl/ssl2.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL2_H 
-#define HEADER_SSL2_H 
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Protocol Version Codes */
-#define SSL2_VERSION		0x0002
-#define SSL2_VERSION_MAJOR	0x00
-#define SSL2_VERSION_MINOR	0x02
-/* #define SSL2_CLIENT_VERSION	0x0002 */
-/* #define SSL2_SERVER_VERSION	0x0002 */
-
-/* Protocol Message Codes */
-#define SSL2_MT_ERROR			0
-#define SSL2_MT_CLIENT_HELLO		1
-#define SSL2_MT_CLIENT_MASTER_KEY	2
-#define SSL2_MT_CLIENT_FINISHED		3
-#define SSL2_MT_SERVER_HELLO		4
-#define SSL2_MT_SERVER_VERIFY		5
-#define SSL2_MT_SERVER_FINISHED		6
-#define SSL2_MT_REQUEST_CERTIFICATE	7
-#define SSL2_MT_CLIENT_CERTIFICATE	8
-
-/* Error Message Codes */
-#define SSL2_PE_UNDEFINED_ERROR		0x0000
-#define SSL2_PE_NO_CIPHER		0x0001
-#define SSL2_PE_NO_CERTIFICATE		0x0002
-#define SSL2_PE_BAD_CERTIFICATE		0x0004
-#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
-
-/* Cipher Kind Values */
-#define SSL2_CK_NULL_WITH_MD5			0x02000000 /* v3 */
-#define SSL2_CK_RC4_128_WITH_MD5		0x02010080
-#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5	0x02020080
-#define SSL2_CK_RC2_128_CBC_WITH_MD5		0x02030080
-#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x02040080
-#define SSL2_CK_IDEA_128_CBC_WITH_MD5		0x02050080
-#define SSL2_CK_DES_64_CBC_WITH_MD5		0x02060040
-#define SSL2_CK_DES_64_CBC_WITH_SHA		0x02060140 /* v3 */
-#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5	0x020700c0
-#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA	0x020701c0 /* v3 */
-#define SSL2_CK_RC4_64_WITH_MD5			0x02080080 /* MS hack */
- 
-#define SSL2_CK_DES_64_CFB64_WITH_MD5_1		0x02ff0800 /* SSLeay */
-#define SSL2_CK_NULL				0x02ff0810 /* SSLeay */
-
-#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1	"DES-CFB-M1"
-#define SSL2_TXT_NULL_WITH_MD5			"NULL-MD5"
-#define SSL2_TXT_RC4_128_WITH_MD5		"RC4-MD5"
-#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5	"EXP-RC4-MD5"
-#define SSL2_TXT_RC2_128_CBC_WITH_MD5		"RC2-CBC-MD5"
-#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5	"EXP-RC2-CBC-MD5"
-#define SSL2_TXT_IDEA_128_CBC_WITH_MD5		"IDEA-CBC-MD5"
-#define SSL2_TXT_DES_64_CBC_WITH_MD5		"DES-CBC-MD5"
-#define SSL2_TXT_DES_64_CBC_WITH_SHA		"DES-CBC-SHA"
-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5	"DES-CBC3-MD5"
-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	"DES-CBC3-SHA"
-#define SSL2_TXT_RC4_64_WITH_MD5		"RC4-64-MD5"
-
-#define SSL2_TXT_NULL				"NULL"
-
-/* Flags for the SSL_CIPHER.algorithm2 field */
-#define SSL2_CF_5_BYTE_ENC			0x01
-#define SSL2_CF_8_BYTE_ENC			0x02
-
-/* Certificate Type Codes */
-#define SSL2_CT_X509_CERTIFICATE		0x01
-
-/* Authentication Type Code */
-#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION		0x01
-
-#define SSL2_MAX_SSL_SESSION_ID_LENGTH		32
-
-/* Upper/Lower Bounds */
-#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS	256
-#ifdef OPENSSL_SYS_MPE
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	29998u
-#else
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	32767u  /* 2^15-1 */
-#endif
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /* 2^14-1 */
-
-#define SSL2_CHALLENGE_LENGTH	16
-/*#define SSL2_CHALLENGE_LENGTH	32 */
-#define SSL2_MIN_CHALLENGE_LENGTH	16
-#define SSL2_MAX_CHALLENGE_LENGTH	32
-#define SSL2_CONNECTION_ID_LENGTH	16
-#define SSL2_MAX_CONNECTION_ID_LENGTH	16
-#define SSL2_SSL_SESSION_ID_LENGTH	16
-#define SSL2_MAX_CERT_CHALLENGE_LENGTH	32
-#define SSL2_MIN_CERT_CHALLENGE_LENGTH	16
-#define SSL2_MAX_KEY_MATERIAL_LENGTH	24
-
-#ifndef HEADER_SSL_LOCL_H
-#define  CERT		char
-#endif
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl2_state_st
-	{
-	int three_byte_header;
-	int clear_text;		/* clear text */
-	int escape;		/* not used in SSLv2 */
-	int ssl2_rollback;	/* used if SSLv23 rolled back to SSLv2 */
-
-	/* non-blocking io info, used to make sure the same
-	 * args were passwd */
-	unsigned int wnum;	/* number of bytes sent so far */
-	int wpend_tot;
-	const unsigned char *wpend_buf;
-
-	int wpend_off;	/* offset to data to write */
-	int wpend_len; 	/* number of bytes passwd to write */
-	int wpend_ret; 	/* number of bytes to return to caller */
-
-	/* buffer raw data */
-	int rbuf_left;
-	int rbuf_offs;
-	unsigned char *rbuf;
-	unsigned char *wbuf;
-
-	unsigned char *write_ptr;/* used to point to the start due to
-				  * 2/3 byte header. */
-
-	unsigned int padding;
-	unsigned int rlength; /* passed to ssl2_enc */
-	int ract_data_length; /* Set when things are encrypted. */
-	unsigned int wlength; /* passed to ssl2_enc */
-	int wact_data_length; /* Set when things are decrypted. */
-	unsigned char *ract_data;
-	unsigned char *wact_data;
-	unsigned char *mac_data;
-
-	unsigned char *read_key;
-	unsigned char *write_key;
-
-		/* Stuff specifically to do with this SSL session */
-	unsigned int challenge_length;
-	unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
-	unsigned int conn_id_length;
-	unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
-	unsigned int key_material_length;
-	unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
-
-	unsigned long read_sequence;
-	unsigned long write_sequence;
-
-	struct	{
-		unsigned int conn_id_length;
-		unsigned int cert_type;	
-		unsigned int cert_length;
-		unsigned int csl; 
-		unsigned int clear;
-		unsigned int enc; 
-		unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
-		unsigned int cipher_spec_length;
-		unsigned int session_id_length;
-		unsigned int clen;
-		unsigned int rlen;
-		} tmp;
-	} SSL2_STATE;
-
-#endif
-
-/* SSLv2 */
-/* client */
-#define SSL2_ST_SEND_CLIENT_HELLO_A		(0x10|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_HELLO_B		(0x11|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_HELLO_A		(0x20|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_HELLO_B		(0x21|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A	(0x30|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B	(0x31|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_FINISHED_A		(0x40|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_FINISHED_B		(0x41|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A	(0x50|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B	(0x51|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C	(0x52|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D	(0x53|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_VERIFY_A		(0x60|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_VERIFY_B		(0x61|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_FINISHED_A		(0x70|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_FINISHED_B		(0x71|SSL_ST_CONNECT)
-#define SSL2_ST_CLIENT_START_ENCRYPTION		(0x80|SSL_ST_CONNECT)
-#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE	(0x90|SSL_ST_CONNECT)
-/* server */
-#define SSL2_ST_GET_CLIENT_HELLO_A		(0x10|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_HELLO_B		(0x11|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_HELLO_C		(0x12|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_HELLO_A		(0x20|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_HELLO_B		(0x21|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_MASTER_KEY_A		(0x30|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_MASTER_KEY_B		(0x31|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_A		(0x40|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_B		(0x41|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_C		(0x42|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_FINISHED_A		(0x50|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_FINISHED_B		(0x51|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_FINISHED_A		(0x60|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_FINISHED_B		(0x61|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A	(0x70|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B	(0x71|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C	(0x72|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D	(0x73|SSL_ST_ACCEPT)
-#define SSL2_ST_SERVER_START_ENCRYPTION		(0x80|SSL_ST_ACCEPT)
-#define SSL2_ST_X509_GET_SERVER_CERTIFICATE	(0x90|SSL_ST_ACCEPT)
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/include/openssl/ssl23.h b/include/openssl/ssl23.h
deleted file mode 100644
index d3228983c7..0000000000
--- a/include/openssl/ssl23.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/* ssl/ssl23.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL23_H 
-#define HEADER_SSL23_H 
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*client */
-/* write to server */
-#define SSL23_ST_CW_CLNT_HELLO_A	(0x210|SSL_ST_CONNECT)
-#define SSL23_ST_CW_CLNT_HELLO_B	(0x211|SSL_ST_CONNECT)
-/* read from server */
-#define SSL23_ST_CR_SRVR_HELLO_A	(0x220|SSL_ST_CONNECT)
-#define SSL23_ST_CR_SRVR_HELLO_B	(0x221|SSL_ST_CONNECT)
-
-/* server */
-/* read from client */
-#define SSL23_ST_SR_CLNT_HELLO_A	(0x210|SSL_ST_ACCEPT)
-#define SSL23_ST_SR_CLNT_HELLO_B	(0x211|SSL_ST_ACCEPT)
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h
deleted file mode 100644
index 6dc0817920..0000000000
--- a/include/openssl/ssl3.h
+++ /dev/null
@@ -1,748 +0,0 @@
-/* ssl/ssl3.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_SSL3_H 
-#define HEADER_SSL3_H 
-
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Signalling cipher suite value from RFC 5746
- * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */
-#define SSL3_CK_SCSV				0x030000FF
-
-/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
- * (TLS_FALLBACK_SCSV) */
-#define SSL3_CK_FALLBACK_SCSV			0x03005600
-
-#define SSL3_CK_RSA_NULL_MD5			0x03000001
-#define SSL3_CK_RSA_NULL_SHA			0x03000002
-#define SSL3_CK_RSA_RC4_40_MD5 			0x03000003
-#define SSL3_CK_RSA_RC4_128_MD5			0x03000004
-#define SSL3_CK_RSA_RC4_128_SHA			0x03000005
-#define SSL3_CK_RSA_RC2_40_MD5			0x03000006
-#define SSL3_CK_RSA_IDEA_128_SHA		0x03000007
-#define SSL3_CK_RSA_DES_40_CBC_SHA		0x03000008
-#define SSL3_CK_RSA_DES_64_CBC_SHA		0x03000009
-#define SSL3_CK_RSA_DES_192_CBC3_SHA		0x0300000A
-
-#define SSL3_CK_DH_DSS_DES_40_CBC_SHA		0x0300000B
-#define SSL3_CK_DH_DSS_DES_64_CBC_SHA		0x0300000C
-#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 	0x0300000D
-#define SSL3_CK_DH_RSA_DES_40_CBC_SHA		0x0300000E
-#define SSL3_CK_DH_RSA_DES_64_CBC_SHA		0x0300000F
-#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 	0x03000010
-
-#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA		0x03000011
-#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA		0x03000012
-#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA	0x03000013
-#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA		0x03000014
-#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA		0x03000015
-#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA	0x03000016
-
-#define SSL3_CK_ADH_RC4_40_MD5			0x03000017
-#define SSL3_CK_ADH_RC4_128_MD5			0x03000018
-#define SSL3_CK_ADH_DES_40_CBC_SHA		0x03000019
-#define SSL3_CK_ADH_DES_64_CBC_SHA		0x0300001A
-#define SSL3_CK_ADH_DES_192_CBC_SHA		0x0300001B
-
-#if 0
-	#define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C
-	#define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D
-	#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
-		 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
-		 of the ietf-tls list */
-	#define SSL3_CK_FZA_DMS_RC4_SHA			0x0300001E
-	#endif
-#endif
-
-/*    VRS Additional Kerberos5 entries
- */
-#define SSL3_CK_KRB5_DES_64_CBC_SHA		0x0300001E
-#define SSL3_CK_KRB5_DES_192_CBC3_SHA		0x0300001F
-#define SSL3_CK_KRB5_RC4_128_SHA		0x03000020
-#define SSL3_CK_KRB5_IDEA_128_CBC_SHA	       	0x03000021
-#define SSL3_CK_KRB5_DES_64_CBC_MD5       	0x03000022
-#define SSL3_CK_KRB5_DES_192_CBC3_MD5       	0x03000023
-#define SSL3_CK_KRB5_RC4_128_MD5	       	0x03000024
-#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 		0x03000025
-
-#define SSL3_CK_KRB5_DES_40_CBC_SHA 		0x03000026
-#define SSL3_CK_KRB5_RC2_40_CBC_SHA 		0x03000027
-#define SSL3_CK_KRB5_RC4_40_SHA	 		0x03000028
-#define SSL3_CK_KRB5_DES_40_CBC_MD5 		0x03000029
-#define SSL3_CK_KRB5_RC2_40_CBC_MD5 		0x0300002A
-#define SSL3_CK_KRB5_RC4_40_MD5	 		0x0300002B
-
-#define SSL3_TXT_RSA_NULL_MD5			"NULL-MD5"
-#define SSL3_TXT_RSA_NULL_SHA			"NULL-SHA"
-#define SSL3_TXT_RSA_RC4_40_MD5 		"EXP-RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_MD5		"RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_SHA		"RC4-SHA"
-#define SSL3_TXT_RSA_RC2_40_MD5			"EXP-RC2-CBC-MD5"
-#define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-SHA"
-#define SSL3_TXT_RSA_DES_40_CBC_SHA		"EXP-DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_64_CBC_SHA		"DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_192_CBC3_SHA		"DES-CBC3-SHA"
-
-#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA		"EXP-DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA		"DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA 	"DH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA		"EXP-DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA		"DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA 	"DH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA		"EXP-EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA		"EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA	"EDH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA		"EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA	"EDH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_ADH_RC4_40_MD5			"EXP-ADH-RC4-MD5"
-#define SSL3_TXT_ADH_RC4_128_MD5		"ADH-RC4-MD5"
-#define SSL3_TXT_ADH_DES_40_CBC_SHA		"EXP-ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_64_CBC_SHA		"ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_192_CBC_SHA		"ADH-DES-CBC3-SHA"
-
-#if 0
-	#define SSL3_TXT_FZA_DMS_NULL_SHA		"FZA-NULL-SHA"
-	#define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"
-	#define SSL3_TXT_FZA_DMS_RC4_SHA		"FZA-RC4-SHA"
-#endif
-
-#define SSL3_TXT_KRB5_DES_64_CBC_SHA		"KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA		"KRB5-DES-CBC3-SHA"
-#define SSL3_TXT_KRB5_RC4_128_SHA		"KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA	       	"KRB5-IDEA-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_64_CBC_MD5       	"KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5       	"KRB5-DES-CBC3-MD5"
-#define SSL3_TXT_KRB5_RC4_128_MD5		"KRB5-RC4-MD5"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 		"KRB5-IDEA-CBC-MD5"
-
-#define SSL3_TXT_KRB5_DES_40_CBC_SHA 		"EXP-KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_RC2_40_CBC_SHA 		"EXP-KRB5-RC2-CBC-SHA"
-#define SSL3_TXT_KRB5_RC4_40_SHA	 	"EXP-KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_DES_40_CBC_MD5 		"EXP-KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 		"EXP-KRB5-RC2-CBC-MD5"
-#define SSL3_TXT_KRB5_RC4_40_MD5	 	"EXP-KRB5-RC4-MD5"
-
-#define SSL3_SSL_SESSION_ID_LENGTH		32
-#define SSL3_MAX_SSL_SESSION_ID_LENGTH		32
-
-#define SSL3_MASTER_SECRET_SIZE			48
-#define SSL3_RANDOM_SIZE			32
-#define SSL3_SESSION_ID_SIZE			32
-#define SSL3_RT_HEADER_LENGTH			5
-
-#ifndef SSL3_ALIGN_PAYLOAD
- /* Some will argue that this increases memory footprint, but it's
-  * not actually true. Point is that malloc has to return at least
-  * 64-bit aligned pointers, meaning that allocating 5 bytes wastes
-  * 3 bytes in either case. Suggested pre-gaping simply moves these
-  * wasted bytes from the end of allocated region to its front,
-  * but makes data payload aligned, which improves performance:-) */
-# define SSL3_ALIGN_PAYLOAD			8
-#else
-# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
-#  error "insane SSL3_ALIGN_PAYLOAD"
-#  undef SSL3_ALIGN_PAYLOAD
-# endif
-#endif
-
-/* This is the maximum MAC (digest) size used by the SSL library.
- * Currently maximum of 20 is used by SHA1, but we reserve for
- * future extension for 512-bit hashes.
- */
-
-#define SSL3_RT_MAX_MD_SIZE			64
-
-/* Maximum block size used in all ciphersuites. Currently 16 for AES.
- */
-
-#define	SSL_RT_MAX_CIPHER_BLOCK_SIZE		16
-
-#define SSL3_RT_MAX_EXTRA			(16384)
-
-/* Maximum plaintext length: defined by SSL/TLS standards */
-#define SSL3_RT_MAX_PLAIN_LENGTH		16384
-/* Maximum compression overhead: defined by SSL/TLS standards */
-#define SSL3_RT_MAX_COMPRESSED_OVERHEAD		1024
-
-/* The standards give a maximum encryption overhead of 1024 bytes.
- * In practice the value is lower than this. The overhead is the maximum
- * number of padding bytes (256) plus the mac size.
- */
-#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD	(256 + SSL3_RT_MAX_MD_SIZE)
-
-/* OpenSSL currently only uses a padding length of at most one block so
- * the send overhead is smaller.
- */
-
-#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
-			(SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
-
-/* If compression isn't used don't include the compression overhead */
-
-#ifdef OPENSSL_NO_COMP
-#define SSL3_RT_MAX_COMPRESSED_LENGTH		SSL3_RT_MAX_PLAIN_LENGTH
-#else
-#define SSL3_RT_MAX_COMPRESSED_LENGTH	\
-		(SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
-#endif
-#define SSL3_RT_MAX_ENCRYPTED_LENGTH	\
-		(SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
-#define SSL3_RT_MAX_PACKET_SIZE		\
-		(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
-
-#define SSL3_MD_CLIENT_FINISHED_CONST	"\x43\x4C\x4E\x54"
-#define SSL3_MD_SERVER_FINISHED_CONST	"\x53\x52\x56\x52"
-
-#define SSL3_VERSION			0x0300
-#define SSL3_VERSION_MAJOR		0x03
-#define SSL3_VERSION_MINOR		0x00
-
-#define SSL3_RT_CHANGE_CIPHER_SPEC	20
-#define SSL3_RT_ALERT			21
-#define SSL3_RT_HANDSHAKE		22
-#define SSL3_RT_APPLICATION_DATA	23
-#define TLS1_RT_HEARTBEAT		24
-
-#define SSL3_AL_WARNING			1
-#define SSL3_AL_FATAL			2
-
-#define SSL3_AD_CLOSE_NOTIFY		 0
-#define SSL3_AD_UNEXPECTED_MESSAGE	10	/* fatal */
-#define SSL3_AD_BAD_RECORD_MAC		20	/* fatal */
-#define SSL3_AD_DECOMPRESSION_FAILURE	30	/* fatal */
-#define SSL3_AD_HANDSHAKE_FAILURE	40	/* fatal */
-#define SSL3_AD_NO_CERTIFICATE		41
-#define SSL3_AD_BAD_CERTIFICATE		42
-#define SSL3_AD_UNSUPPORTED_CERTIFICATE	43
-#define SSL3_AD_CERTIFICATE_REVOKED	44
-#define SSL3_AD_CERTIFICATE_EXPIRED	45
-#define SSL3_AD_CERTIFICATE_UNKNOWN	46
-#define SSL3_AD_ILLEGAL_PARAMETER	47	/* fatal */
-
-#define TLS1_HB_REQUEST		1
-#define TLS1_HB_RESPONSE	2
-	
-#ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl3_record_st
-	{
-/*r */	int type;               /* type of record */
-/*rw*/	unsigned int length;    /* How many bytes available */
-/*r */	unsigned int off;       /* read/write offset into 'buf' */
-/*rw*/	unsigned char *data;    /* pointer to the record data */
-/*rw*/	unsigned char *input;   /* where the decode bytes are */
-/*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
-/*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
-/*r */  unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
-	} SSL3_RECORD;
-
-typedef struct ssl3_buffer_st
-	{
-	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
-	                         * see ssl3_setup_buffers() */
-	size_t len;             /* buffer size */
-	int offset;             /* where to 'copy from' */
-	int left;               /* how many bytes left */
-	} SSL3_BUFFER;
-
-#endif
-
-#define SSL3_CT_RSA_SIGN			1
-#define SSL3_CT_DSS_SIGN			2
-#define SSL3_CT_RSA_FIXED_DH			3
-#define SSL3_CT_DSS_FIXED_DH			4
-#define SSL3_CT_RSA_EPHEMERAL_DH		5
-#define SSL3_CT_DSS_EPHEMERAL_DH		6
-#define SSL3_CT_FORTEZZA_DMS			20
-/* SSL3_CT_NUMBER is used to size arrays and it must be large
- * enough to contain all of the cert types defined either for
- * SSLv3 and TLSv1.
- */
-#define SSL3_CT_NUMBER			9
-
-
-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
-#define SSL3_FLAGS_POP_BUFFER			0x0004
-#define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
-#define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
-#define TLS1_FLAGS_KEEP_HANDSHAKE		0x0020
-/*
- * Set when the handshake is ready to process peer's ChangeCipherSpec message.
- * Cleared after the message has been processed.
- */
-#define SSL3_FLAGS_CCS_OK			0x0080
-
-/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
- * restart a handshake because of MS SGC and so prevents us
- * from restarting the handshake in a loop. It's reset on a
- * renegotiation, so effectively limits the client to one restart
- * per negotiation. This limits the possibility of a DDoS
- * attack where the client handshakes in a loop using SGC to
- * restart. Servers which permit renegotiation can still be
- * effected, but we can't prevent that.
- */
-#define SSL3_FLAGS_SGC_RESTART_DONE		0x0040
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl3_state_st
-	{
-	long flags;
-	int delay_buf_pop_ret;
-
-	unsigned char read_sequence[8];
-	int read_mac_secret_size;
-	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
-	unsigned char write_sequence[8];
-	int write_mac_secret_size;
-	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
-
-	unsigned char server_random[SSL3_RANDOM_SIZE];
-	unsigned char client_random[SSL3_RANDOM_SIZE];
-
-	/* flags for countermeasure against known-IV weakness */
-	int need_record_splitting;
-	int record_split_done;
-
-	/* The value of 'extra' when the buffers were initialized */
-	int init_extra;
-
-	SSL3_BUFFER rbuf;	/* read IO goes into here */
-	SSL3_BUFFER wbuf;	/* write IO goes into here */
-
-	SSL3_RECORD rrec;	/* each decoded record goes in here */
-	SSL3_RECORD wrec;	/* goes out from here */
-
-	/* storage for Alert/Handshake protocol data received but not
-	 * yet processed by ssl3_read_bytes: */
-	unsigned char alert_fragment[2];
-	unsigned int alert_fragment_len;
-	unsigned char handshake_fragment[4];
-	unsigned int handshake_fragment_len;
-
-	/* partial write - check the numbers match */
-	unsigned int wnum;	/* number of bytes sent so far */
-	int wpend_tot;		/* number bytes written */
-	int wpend_type;
-	int wpend_ret;		/* number of bytes submitted */
-	const unsigned char *wpend_buf;
-
-	/* used during startup, digest all incoming/outgoing packets */
-	BIO *handshake_buffer;
-	/* When set of handshake digests is determined, buffer is hashed
-	 * and freed and MD_CTX-es for all required digests are stored in
-	 * this array */
-	EVP_MD_CTX **handshake_dgst;
-	/*
-	 * Set whenever an expected ChangeCipherSpec message is processed.
-	 * Unset when the peer's Finished message is received.
-	 * Unexpected ChangeCipherSpec messages trigger a fatal alert.
-	 */
-	int change_cipher_spec;
-
-	int warn_alert;
-	int fatal_alert;
-	/* we allow one fatal and one warning alert to be outstanding,
-	 * send close alert via the warning alert */
-	int alert_dispatch;
-	unsigned char send_alert[2];
-
-	/* This flag is set when we should renegotiate ASAP, basically when
-	 * there is no more data in the read or write buffers */
-	int renegotiate;
-	int total_renegotiations;
-	int num_renegotiations;
-
-	int in_read_app_data;
-
-	/* Opaque PRF input as used for the current handshake.
-	 * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
-	 * (otherwise, they are merely present to improve binary compatibility) */
-	void *client_opaque_prf_input;
-	size_t client_opaque_prf_input_len;
-	void *server_opaque_prf_input;
-	size_t server_opaque_prf_input_len;
-
-	struct	{
-		/* actually only needs to be 16+20 */
-		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
-
-		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
-		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
-		int finish_md_len;
-		unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
-		int peer_finish_md_len;
-
-		unsigned long message_size;
-		int message_type;
-
-		/* used to hold the new cipher we are going to use */
-		const SSL_CIPHER *new_cipher;
-#ifndef OPENSSL_NO_DH
-		DH *dh;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-		EC_KEY *ecdh; /* holds short lived ECDH key */
-#endif
-
-		/* used when SSL_ST_FLUSH_DATA is entered */
-		int next_state;			
-
-		int reuse_message;
-
-		/* used for certificate requests */
-		int cert_req;
-		int ctype_num;
-		char ctype[SSL3_CT_NUMBER];
-		STACK_OF(X509_NAME) *ca_names;
-
-		int use_rsa_tmp;
-
-		int key_block_length;
-		unsigned char *key_block;
-
-		const EVP_CIPHER *new_sym_enc;
-		const EVP_MD *new_hash;
-		int new_mac_pkey_type;
-		int new_mac_secret_size;
-#ifndef OPENSSL_NO_COMP
-		const SSL_COMP *new_compression;
-#else
-		char *new_compression;
-#endif
-		int cert_request;
-		} tmp;
-
-        /* Connection binding to prevent renegotiation attacks */
-        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_client_finished_len;
-        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_server_finished_len;
-        int send_connection_binding; /* TODOEKR */
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-	/* Set if we saw the Next Protocol Negotiation extension from our peer. */
-	int next_proto_neg_seen;
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-#ifndef OPENSSL_NO_EC
-	/* This is set to true if we believe that this is a version of Safari
-	 * running on OS X 10.6 or newer. We wish to know this because Safari
-	 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
-	char is_probably_safari;
-#endif /* !OPENSSL_NO_EC */
-#endif /* !OPENSSL_NO_TLSEXT */
-
-	/* In a client, this means that the server supported Channel ID and that
-	 * a Channel ID was sent. In a server it means that we echoed support
-	 * for Channel IDs and that tlsext_channel_id will be valid after the
-	 * handshake. */
-	char tlsext_channel_id_valid;
-	/* tlsext_channel_id_new means that the updated Channel ID extension
-	 * was negotiated. This is a temporary hack in the code to support both
-	 * forms of Channel ID extension while we transition to the new format,
-	 * which fixed a security issue. */
-	char tlsext_channel_id_new;
-	/* For a server:
-	 *     If |tlsext_channel_id_valid| is true, then this contains the
-	 *     verified Channel ID from the client: a P256 point, (x,y), where
-	 *     each are big-endian values. */
-	unsigned char tlsext_channel_id[64];
-
-	/* ALPN information
-	 * (we are in the process of transitioning from NPN to ALPN.) */
-
-	/* In a server these point to the selected ALPN protocol after the
-	 * ClientHello has been processed. In a client these contain the
-	 * protocol that the server selected once the ServerHello has been
-	 * processed. */
-	unsigned char *alpn_selected;
-	unsigned alpn_selected_len;
-
-	/* These point to the digest function to use for signatures made with
-	 * each type of public key. A NULL value indicates that the default
-	 * digest should be used, which is SHA1 as of TLS 1.2.
-	 *
-	 * (These should be in the tmp member, but we have to put them here to
-	 * ensure binary compatibility with earlier OpenSSL 1.0.* releases.) */
-	const EVP_MD *digest_rsa;
-	const EVP_MD *digest_dsa;
-	const EVP_MD *digest_ecdsa;
-	} SSL3_STATE;
-
-#endif
-
-/* SSLv3 */
-/*client */
-/* extra state */
-#define SSL3_ST_CW_FLUSH		(0x100|SSL_ST_CONNECT)
-#define SSL3_ST_CUTTHROUGH_COMPLETE	(0x101|SSL_ST_CONNECT)
-#ifndef OPENSSL_NO_SCTP
-#define DTLS1_SCTP_ST_CW_WRITE_SOCK			(0x310|SSL_ST_CONNECT)
-#define DTLS1_SCTP_ST_CR_READ_SOCK			(0x320|SSL_ST_CONNECT)
-#endif	
-/* write to server */
-#define SSL3_ST_CW_CLNT_HELLO_A		(0x110|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CLNT_HELLO_B		(0x111|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_SRVR_HELLO_A		(0x120|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_HELLO_B		(0x121|SSL_ST_CONNECT)
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_A		(0x130|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_B		(0x131|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_A		(0x140|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_B		(0x141|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_A		(0x150|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_B		(0x151|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_A		(0x160|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_B		(0x161|SSL_ST_CONNECT)
-/* write to server */
-#define SSL3_ST_CW_CERT_A		(0x170|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_B		(0x171|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_C		(0x172|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_D		(0x173|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_A		(0x180|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_B		(0x181|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_A		(0x190|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_B		(0x191|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_A		(0x1A0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_B		(0x1A1|SSL_ST_CONNECT)
-#ifndef OPENSSL_NO_NEXTPROTONEG
-#define SSL3_ST_CW_NEXT_PROTO_A		(0x200|SSL_ST_CONNECT)
-#define SSL3_ST_CW_NEXT_PROTO_B		(0x201|SSL_ST_CONNECT)
-#endif
-#define SSL3_ST_CW_CHANNEL_ID_A		(0x210|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANNEL_ID_B		(0x211|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_A		(0x1B0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_B		(0x1B1|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_CHANGE_A		(0x1C0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CHANGE_B		(0x1C1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_A		(0x1D0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_B		(0x1D1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SESSION_TICKET_A	(0x1E0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SESSION_TICKET_B	(0x1E1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_STATUS_A	(0x1F0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_STATUS_B	(0x1F1|SSL_ST_CONNECT)
-
-/* server */
-/* extra state */
-#define SSL3_ST_SW_FLUSH		(0x100|SSL_ST_ACCEPT)
-#ifndef OPENSSL_NO_SCTP
-#define DTLS1_SCTP_ST_SW_WRITE_SOCK			(0x310|SSL_ST_ACCEPT)
-#define DTLS1_SCTP_ST_SR_READ_SOCK			(0x320|SSL_ST_ACCEPT)
-#endif	
-/* read from client */
-/* Do not change the number values, they do matter */
-#define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)
-/* write to client */
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_A		(0x120|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_B		(0x121|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_C		(0x122|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_A		(0x130|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_B		(0x131|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_A		(0x140|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_B		(0x141|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_A		(0x150|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_B		(0x151|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_A		(0x160|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_B		(0x161|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_A		(0x170|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_B		(0x171|SSL_ST_ACCEPT)
-/* read from client */
-#define SSL3_ST_SR_CERT_A		(0x180|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_B		(0x181|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_A		(0x190|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_B		(0x191|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_A		(0x1A0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_B		(0x1A1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_A		(0x1B0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_B		(0x1B1|SSL_ST_ACCEPT)
-#ifndef OPENSSL_NO_NEXTPROTONEG
-#define SSL3_ST_SR_NEXT_PROTO_A		(0x210|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_NEXT_PROTO_B		(0x211|SSL_ST_ACCEPT)
-#endif
-#define SSL3_ST_SR_POST_CLIENT_CERT	(0x1BF|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANNEL_ID_A		(0x220|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANNEL_ID_B		(0x221|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_B		(0x1C1|SSL_ST_ACCEPT)
-/* write to client */
-#define SSL3_ST_SW_CHANGE_A		(0x1D0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CHANGE_B		(0x1D1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_A		(0x1E0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_B		(0x1E1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SESSION_TICKET_A	(0x1F0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SESSION_TICKET_B	(0x1F1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_STATUS_A	(0x200|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_STATUS_B	(0x201|SSL_ST_ACCEPT)
-
-#define SSL3_MT_HELLO_REQUEST			0
-#define SSL3_MT_CLIENT_HELLO			1
-#define SSL3_MT_SERVER_HELLO			2
-#define	SSL3_MT_NEWSESSION_TICKET		4
-#define SSL3_MT_CERTIFICATE			11
-#define SSL3_MT_SERVER_KEY_EXCHANGE		12
-#define SSL3_MT_CERTIFICATE_REQUEST		13
-#define SSL3_MT_SERVER_DONE			14
-#define SSL3_MT_CERTIFICATE_VERIFY		15
-#define SSL3_MT_CLIENT_KEY_EXCHANGE		16
-#define SSL3_MT_FINISHED			20
-#define SSL3_MT_CERTIFICATE_STATUS		22
-#ifndef OPENSSL_NO_NEXTPROTONEG
-#define SSL3_MT_NEXT_PROTO			67
-#endif
-#define SSL3_MT_ENCRYPTED_EXTENSIONS		203
-#define DTLS1_MT_HELLO_VERIFY_REQUEST    3
-
-
-#define SSL3_MT_CCS				1
-
-/* These are used when changing over to a new cipher */
-#define SSL3_CC_READ		0x01
-#define SSL3_CC_WRITE		0x02
-#define SSL3_CC_CLIENT		0x10
-#define SSL3_CC_SERVER		0x20
-#define SSL3_CHANGE_CIPHER_CLIENT_WRITE	(SSL3_CC_CLIENT|SSL3_CC_WRITE)	
-#define SSL3_CHANGE_CIPHER_SERVER_READ	(SSL3_CC_SERVER|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_CLIENT_READ	(SSL3_CC_CLIENT|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_SERVER_WRITE	(SSL3_CC_SERVER|SSL3_CC_WRITE)
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/stack.h b/include/openssl/stack.h
deleted file mode 100644
index ce35e554eb..0000000000
--- a/include/openssl/stack.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/* crypto/stack/stack.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_STACK_H
-#define HEADER_STACK_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef struct stack_st
-	{
-	int num;
-	char **data;
-	int sorted;
-
-	int num_alloc;
-	int (*comp)(const void *, const void *);
-	} _STACK;  /* Use STACK_OF(...) instead */
-
-#define M_sk_num(sk)		((sk) ? (sk)->num:-1)
-#define M_sk_value(sk,n)	((sk) ? (sk)->data[n] : NULL)
-
-int sk_num(const _STACK *);
-void *sk_value(const _STACK *, int);
-
-void *sk_set(_STACK *, int, void *);
-
-_STACK *sk_new(int (*cmp)(const void *, const void *));
-_STACK *sk_new_null(void);
-void sk_free(_STACK *);
-void sk_pop_free(_STACK *st, void (*func)(void *));
-int sk_insert(_STACK *sk, void *data, int where);
-void *sk_delete(_STACK *st, int loc);
-void *sk_delete_ptr(_STACK *st, void *p);
-int sk_find(_STACK *st, void *data);
-int sk_find_ex(_STACK *st, void *data);
-int sk_push(_STACK *st, void *data);
-int sk_unshift(_STACK *st, void *data);
-void *sk_shift(_STACK *st);
-void *sk_pop(_STACK *st);
-void sk_zero(_STACK *st);
-int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))
-	(const void *, const void *);
-_STACK *sk_dup(_STACK *st);
-void sk_sort(_STACK *st);
-int sk_is_sorted(const _STACK *st);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/symhacks.h b/include/openssl/symhacks.h
deleted file mode 100644
index bd2f000d59..0000000000
--- a/include/openssl/symhacks.h
+++ /dev/null
@@ -1,481 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SYMHACKS_H
-#define HEADER_SYMHACKS_H
-
-#include <openssl/e_os2.h>
-
-/* Hacks to solve the problem with linkers incapable of handling very long
-   symbol names.  In the case of VMS, the limit is 31 characters on VMS for
-   VAX. */
-/* Note that this affects util/libeay.num and util/ssleay.num...  you may
-   change those manually, but that's not recommended, as those files are
-   controlled centrally and updated on Unix, and the central definition
-   may disagree with yours, which in turn may come with shareable library
-   incompatibilities. */
-#ifdef OPENSSL_SYS_VMS
-
-/* Hack a long name in crypto/ex_data.c */
-#undef CRYPTO_get_ex_data_implementation
-#define CRYPTO_get_ex_data_implementation	CRYPTO_get_ex_data_impl
-#undef CRYPTO_set_ex_data_implementation
-#define CRYPTO_set_ex_data_implementation	CRYPTO_set_ex_data_impl
-
-/* Hack a long name in crypto/asn1/a_mbstr.c */
-#undef ASN1_STRING_set_default_mask_asc
-#define ASN1_STRING_set_default_mask_asc	ASN1_STRING_set_def_mask_asc
-
-#if 0 /* No longer needed, since safestack macro magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
-#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO	i2d_ASN1_SET_OF_PKCS7_SIGINF
-#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO
-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO	d2i_ASN1_SET_OF_PKCS7_SIGINF
-#endif
-
-#if 0 /* No longer needed, since safestack macro magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
-#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO	i2d_ASN1_SET_OF_PKCS7_RECINF
-#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO
-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO	d2i_ASN1_SET_OF_PKCS7_RECINF
-#endif
-
-#if 0 /* No longer needed, since safestack macro magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
-#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION	i2d_ASN1_SET_OF_ACC_DESC
-#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION
-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION	d2i_ASN1_SET_OF_ACC_DESC
-#endif
-
-/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
-#undef PEM_read_NETSCAPE_CERT_SEQUENCE
-#define PEM_read_NETSCAPE_CERT_SEQUENCE		PEM_read_NS_CERT_SEQ
-#undef PEM_write_NETSCAPE_CERT_SEQUENCE
-#define PEM_write_NETSCAPE_CERT_SEQUENCE	PEM_write_NS_CERT_SEQ
-#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE
-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE	PEM_read_bio_NS_CERT_SEQ
-#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE
-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_bio_NS_CERT_SEQ
-#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE
-#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_cb_bio_NS_CERT_SEQ
-
-/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */
-#undef PEM_read_PKCS8_PRIV_KEY_INFO
-#define PEM_read_PKCS8_PRIV_KEY_INFO		PEM_read_P8_PRIV_KEY_INFO
-#undef PEM_write_PKCS8_PRIV_KEY_INFO
-#define PEM_write_PKCS8_PRIV_KEY_INFO		PEM_write_P8_PRIV_KEY_INFO
-#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO
-#define PEM_read_bio_PKCS8_PRIV_KEY_INFO	PEM_read_bio_P8_PRIV_KEY_INFO
-#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO
-#define PEM_write_bio_PKCS8_PRIV_KEY_INFO	PEM_write_bio_P8_PRIV_KEY_INFO
-#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO
-#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO	PEM_wrt_cb_bio_P8_PRIV_KEY_INFO
-
-/* Hack other PEM names */
-#undef PEM_write_bio_PKCS8PrivateKey_nid
-#define PEM_write_bio_PKCS8PrivateKey_nid	PEM_write_bio_PKCS8PrivKey_nid
-
-/* Hack some long X509 names */
-#undef X509_REVOKED_get_ext_by_critical
-#define X509_REVOKED_get_ext_by_critical	X509_REVOKED_get_ext_by_critic
-#undef X509_policy_tree_get0_user_policies
-#define X509_policy_tree_get0_user_policies	X509_pcy_tree_get0_usr_policies
-#undef X509_policy_node_get0_qualifiers
-#define X509_policy_node_get0_qualifiers	X509_pcy_node_get0_qualifiers
-#undef X509_STORE_CTX_get_explicit_policy
-#define X509_STORE_CTX_get_explicit_policy	X509_STORE_CTX_get_expl_policy
-#undef X509_STORE_CTX_get0_current_issuer
-#define X509_STORE_CTX_get0_current_issuer	X509_STORE_CTX_get0_cur_issuer
-
-/* Hack some long CRYPTO names */
-#undef CRYPTO_set_dynlock_destroy_callback
-#define CRYPTO_set_dynlock_destroy_callback     CRYPTO_set_dynlock_destroy_cb
-#undef CRYPTO_set_dynlock_create_callback
-#define CRYPTO_set_dynlock_create_callback      CRYPTO_set_dynlock_create_cb
-#undef CRYPTO_set_dynlock_lock_callback
-#define CRYPTO_set_dynlock_lock_callback	CRYPTO_set_dynlock_lock_cb
-#undef CRYPTO_get_dynlock_lock_callback
-#define CRYPTO_get_dynlock_lock_callback	CRYPTO_get_dynlock_lock_cb
-#undef CRYPTO_get_dynlock_destroy_callback
-#define CRYPTO_get_dynlock_destroy_callback     CRYPTO_get_dynlock_destroy_cb
-#undef CRYPTO_get_dynlock_create_callback
-#define CRYPTO_get_dynlock_create_callback      CRYPTO_get_dynlock_create_cb
-#undef CRYPTO_set_locked_mem_ex_functions
-#define CRYPTO_set_locked_mem_ex_functions      CRYPTO_set_locked_mem_ex_funcs
-#undef CRYPTO_get_locked_mem_ex_functions
-#define CRYPTO_get_locked_mem_ex_functions      CRYPTO_get_locked_mem_ex_funcs
-
-/* Hack some long SSL names */
-#undef SSL_CTX_set_default_verify_paths
-#define SSL_CTX_set_default_verify_paths	SSL_CTX_set_def_verify_paths
-#undef SSL_get_ex_data_X509_STORE_CTX_idx
-#define SSL_get_ex_data_X509_STORE_CTX_idx      SSL_get_ex_d_X509_STORE_CTX_idx
-#undef SSL_add_file_cert_subjects_to_stack
-#define SSL_add_file_cert_subjects_to_stack     SSL_add_file_cert_subjs_to_stk
-#undef SSL_add_dir_cert_subjects_to_stack
-#define SSL_add_dir_cert_subjects_to_stack      SSL_add_dir_cert_subjs_to_stk
-#undef SSL_CTX_use_certificate_chain_file
-#define SSL_CTX_use_certificate_chain_file      SSL_CTX_use_cert_chain_file
-#undef SSL_CTX_set_cert_verify_callback
-#define SSL_CTX_set_cert_verify_callback	SSL_CTX_set_cert_verify_cb
-#undef SSL_CTX_set_default_passwd_cb_userdata
-#define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
-#undef SSL_COMP_get_compression_methods
-#define SSL_COMP_get_compression_methods	SSL_COMP_get_compress_methods
-#undef ssl_add_clienthello_renegotiate_ext
-#define ssl_add_clienthello_renegotiate_ext	ssl_add_clienthello_reneg_ext
-#undef ssl_add_serverhello_renegotiate_ext
-#define ssl_add_serverhello_renegotiate_ext	ssl_add_serverhello_reneg_ext
-#undef ssl_parse_clienthello_renegotiate_ext
-#define ssl_parse_clienthello_renegotiate_ext	ssl_parse_clienthello_reneg_ext
-#undef ssl_parse_serverhello_renegotiate_ext
-#define ssl_parse_serverhello_renegotiate_ext	ssl_parse_serverhello_reneg_ext
-#undef SSL_srp_server_param_with_username
-#define SSL_srp_server_param_with_username	SSL_srp_server_param_with_un
-#undef SSL_CTX_set_srp_client_pwd_callback
-#define SSL_CTX_set_srp_client_pwd_callback	SSL_CTX_set_srp_client_pwd_cb
-#undef SSL_CTX_set_srp_verify_param_callback
-#define SSL_CTX_set_srp_verify_param_callback	SSL_CTX_set_srp_vfy_param_cb
-#undef SSL_CTX_set_srp_username_callback
-#define SSL_CTX_set_srp_username_callback	SSL_CTX_set_srp_un_cb
-#undef ssl_add_clienthello_use_srtp_ext
-#define ssl_add_clienthello_use_srtp_ext	ssl_add_clihello_use_srtp_ext
-#undef ssl_add_serverhello_use_srtp_ext
-#define ssl_add_serverhello_use_srtp_ext	ssl_add_serhello_use_srtp_ext
-#undef ssl_parse_clienthello_use_srtp_ext
-#define ssl_parse_clienthello_use_srtp_ext	ssl_parse_clihello_use_srtp_ext
-#undef ssl_parse_serverhello_use_srtp_ext
-#define ssl_parse_serverhello_use_srtp_ext	ssl_parse_serhello_use_srtp_ext
-#undef SSL_CTX_set_next_protos_advertised_cb
-#define SSL_CTX_set_next_protos_advertised_cb	SSL_CTX_set_next_protos_adv_cb
-#undef SSL_CTX_set_next_proto_select_cb
-#define SSL_CTX_set_next_proto_select_cb	SSL_CTX_set_next_proto_sel_cb
-#undef ssl3_cbc_record_digest_supported
-#define ssl3_cbc_record_digest_supported        ssl3_cbc_record_digest_support
-#undef ssl_check_clienthello_tlsext_late
-#define ssl_check_clienthello_tlsext_late       ssl_check_clihello_tlsext_late
-#undef ssl_check_clienthello_tlsext_early
-#define ssl_check_clienthello_tlsext_early      ssl_check_clihello_tlsext_early
-
-/* Hack some long ENGINE names */
-#undef ENGINE_get_default_BN_mod_exp_crt
-#define ENGINE_get_default_BN_mod_exp_crt	ENGINE_get_def_BN_mod_exp_crt
-#undef ENGINE_set_default_BN_mod_exp_crt
-#define ENGINE_set_default_BN_mod_exp_crt	ENGINE_set_def_BN_mod_exp_crt
-#undef ENGINE_set_load_privkey_function
-#define ENGINE_set_load_privkey_function	ENGINE_set_load_privkey_fn
-#undef ENGINE_get_load_privkey_function
-#define ENGINE_get_load_privkey_function	ENGINE_get_load_privkey_fn
-#undef ENGINE_unregister_pkey_asn1_meths
-#define ENGINE_unregister_pkey_asn1_meths	ENGINE_unreg_pkey_asn1_meths
-#undef ENGINE_register_all_pkey_asn1_meths
-#define ENGINE_register_all_pkey_asn1_meths	ENGINE_reg_all_pkey_asn1_meths
-#undef ENGINE_set_default_pkey_asn1_meths
-#define ENGINE_set_default_pkey_asn1_meths	ENGINE_set_def_pkey_asn1_meths
-#undef ENGINE_get_pkey_asn1_meth_engine
-#define ENGINE_get_pkey_asn1_meth_engine	ENGINE_get_pkey_asn1_meth_eng
-#undef ENGINE_set_load_ssl_client_cert_function
-#define ENGINE_set_load_ssl_client_cert_function \
-						ENGINE_set_ld_ssl_clnt_cert_fn
-#undef ENGINE_get_ssl_client_cert_function
-#define ENGINE_get_ssl_client_cert_function	ENGINE_get_ssl_client_cert_fn
-
-/* Hack some long OCSP names */
-#undef OCSP_REQUEST_get_ext_by_critical
-#define OCSP_REQUEST_get_ext_by_critical	OCSP_REQUEST_get_ext_by_crit
-#undef OCSP_BASICRESP_get_ext_by_critical
-#define OCSP_BASICRESP_get_ext_by_critical      OCSP_BASICRESP_get_ext_by_crit
-#undef OCSP_SINGLERESP_get_ext_by_critical
-#define OCSP_SINGLERESP_get_ext_by_critical     OCSP_SINGLERESP_get_ext_by_crit
-
-/* Hack some long DES names */
-#undef _ossl_old_des_ede3_cfb64_encrypt
-#define _ossl_old_des_ede3_cfb64_encrypt	_ossl_odes_ede3_cfb64_encrypt
-#undef _ossl_old_des_ede3_ofb64_encrypt
-#define _ossl_old_des_ede3_ofb64_encrypt	_ossl_odes_ede3_ofb64_encrypt
-
-/* Hack some long EVP names */
-#undef OPENSSL_add_all_algorithms_noconf
-#define OPENSSL_add_all_algorithms_noconf	OPENSSL_add_all_algo_noconf
-#undef OPENSSL_add_all_algorithms_conf
-#define OPENSSL_add_all_algorithms_conf		OPENSSL_add_all_algo_conf
-#undef EVP_PKEY_meth_set_verify_recover
-#define EVP_PKEY_meth_set_verify_recover	EVP_PKEY_meth_set_vrfy_recover
-
-/* Hack some long EC names */
-#undef EC_GROUP_set_point_conversion_form
-#define EC_GROUP_set_point_conversion_form	EC_GROUP_set_point_conv_form
-#undef EC_GROUP_get_point_conversion_form
-#define EC_GROUP_get_point_conversion_form	EC_GROUP_get_point_conv_form
-#undef EC_GROUP_clear_free_all_extra_data
-#define EC_GROUP_clear_free_all_extra_data	EC_GROUP_clr_free_all_xtra_data
-#undef EC_KEY_set_public_key_affine_coordinates
-#define EC_KEY_set_public_key_affine_coordinates \
-						EC_KEY_set_pub_key_aff_coords
-#undef EC_POINT_set_Jprojective_coordinates_GFp
-#define EC_POINT_set_Jprojective_coordinates_GFp \
-                                                EC_POINT_set_Jproj_coords_GFp
-#undef EC_POINT_get_Jprojective_coordinates_GFp
-#define EC_POINT_get_Jprojective_coordinates_GFp \
-                                                EC_POINT_get_Jproj_coords_GFp
-#undef EC_POINT_set_affine_coordinates_GFp
-#define EC_POINT_set_affine_coordinates_GFp     EC_POINT_set_affine_coords_GFp
-#undef EC_POINT_get_affine_coordinates_GFp
-#define EC_POINT_get_affine_coordinates_GFp     EC_POINT_get_affine_coords_GFp
-#undef EC_POINT_set_compressed_coordinates_GFp
-#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp
-#undef EC_POINT_set_affine_coordinates_GF2m
-#define EC_POINT_set_affine_coordinates_GF2m    EC_POINT_set_affine_coords_GF2m
-#undef EC_POINT_get_affine_coordinates_GF2m
-#define EC_POINT_get_affine_coordinates_GF2m    EC_POINT_get_affine_coords_GF2m
-#undef EC_POINT_set_compressed_coordinates_GF2m
-#define EC_POINT_set_compressed_coordinates_GF2m \
-                                                EC_POINT_set_compr_coords_GF2m
-#undef ec_GF2m_simple_group_clear_finish
-#define ec_GF2m_simple_group_clear_finish	ec_GF2m_simple_grp_clr_finish
-#undef ec_GF2m_simple_group_check_discriminant
-#define ec_GF2m_simple_group_check_discriminant	ec_GF2m_simple_grp_chk_discrim
-#undef ec_GF2m_simple_point_clear_finish
-#define ec_GF2m_simple_point_clear_finish	ec_GF2m_simple_pt_clr_finish
-#undef ec_GF2m_simple_point_set_to_infinity
-#define ec_GF2m_simple_point_set_to_infinity	ec_GF2m_simple_pt_set_to_inf
-#undef ec_GF2m_simple_points_make_affine
-#define ec_GF2m_simple_points_make_affine	ec_GF2m_simple_pts_make_affine
-#undef ec_GF2m_simple_point_set_affine_coordinates
-#define ec_GF2m_simple_point_set_affine_coordinates \
-                                                ec_GF2m_smp_pt_set_af_coords
-#undef ec_GF2m_simple_point_get_affine_coordinates
-#define ec_GF2m_simple_point_get_affine_coordinates \
-                                                ec_GF2m_smp_pt_get_af_coords
-#undef ec_GF2m_simple_set_compressed_coordinates
-#define ec_GF2m_simple_set_compressed_coordinates \
-                                                ec_GF2m_smp_set_compr_coords
-#undef ec_GFp_simple_group_set_curve_GFp
-#define ec_GFp_simple_group_set_curve_GFp       ec_GFp_simple_grp_set_curve_GFp
-#undef ec_GFp_simple_group_get_curve_GFp
-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
-#undef ec_GFp_simple_group_clear_finish
-#define ec_GFp_simple_group_clear_finish	ec_GFp_simple_grp_clear_finish
-#undef ec_GFp_simple_group_set_generator
-#define ec_GFp_simple_group_set_generator       ec_GFp_simple_grp_set_generator
-#undef ec_GFp_simple_group_get0_generator
-#define ec_GFp_simple_group_get0_generator      ec_GFp_simple_grp_gt0_generator
-#undef ec_GFp_simple_group_get_cofactor
-#define ec_GFp_simple_group_get_cofactor	ec_GFp_simple_grp_get_cofactor
-#undef ec_GFp_simple_point_clear_finish
-#define ec_GFp_simple_point_clear_finish	ec_GFp_simple_pt_clear_finish
-#undef ec_GFp_simple_point_set_to_infinity
-#define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
-#undef ec_GFp_simple_points_make_affine
-#define ec_GFp_simple_points_make_affine	ec_GFp_simple_pts_make_affine
-#undef ec_GFp_simple_set_Jprojective_coordinates_GFp
-#define ec_GFp_simple_set_Jprojective_coordinates_GFp \
-                                                ec_GFp_smp_set_Jproj_coords_GFp
-#undef ec_GFp_simple_get_Jprojective_coordinates_GFp
-#define ec_GFp_simple_get_Jprojective_coordinates_GFp \
-                                                ec_GFp_smp_get_Jproj_coords_GFp
-#undef ec_GFp_simple_point_set_affine_coordinates_GFp
-#define ec_GFp_simple_point_set_affine_coordinates_GFp \
-                                                ec_GFp_smp_pt_set_af_coords_GFp
-#undef ec_GFp_simple_point_get_affine_coordinates_GFp
-#define ec_GFp_simple_point_get_affine_coordinates_GFp \
-                                                ec_GFp_smp_pt_get_af_coords_GFp
-#undef ec_GFp_simple_set_compressed_coordinates_GFp
-#define ec_GFp_simple_set_compressed_coordinates_GFp \
-                                                ec_GFp_smp_set_compr_coords_GFp
-#undef ec_GFp_simple_point_set_affine_coordinates
-#define ec_GFp_simple_point_set_affine_coordinates \
-                                                ec_GFp_smp_pt_set_af_coords
-#undef ec_GFp_simple_point_get_affine_coordinates
-#define ec_GFp_simple_point_get_affine_coordinates \
-                                                ec_GFp_smp_pt_get_af_coords
-#undef ec_GFp_simple_set_compressed_coordinates
-#define ec_GFp_simple_set_compressed_coordinates \
-                                                ec_GFp_smp_set_compr_coords
-#undef ec_GFp_simple_group_check_discriminant
-#define ec_GFp_simple_group_check_discriminant	ec_GFp_simple_grp_chk_discrim
-
-/* Hack som long STORE names */
-#undef STORE_method_set_initialise_function
-#define STORE_method_set_initialise_function	STORE_meth_set_initialise_fn
-#undef STORE_method_set_cleanup_function
-#define STORE_method_set_cleanup_function	STORE_meth_set_cleanup_fn
-#undef STORE_method_set_generate_function
-#define STORE_method_set_generate_function	STORE_meth_set_generate_fn
-#undef STORE_method_set_modify_function
-#define STORE_method_set_modify_function	STORE_meth_set_modify_fn
-#undef STORE_method_set_revoke_function
-#define STORE_method_set_revoke_function	STORE_meth_set_revoke_fn
-#undef STORE_method_set_delete_function
-#define STORE_method_set_delete_function	STORE_meth_set_delete_fn
-#undef STORE_method_set_list_start_function
-#define STORE_method_set_list_start_function	STORE_meth_set_list_start_fn
-#undef STORE_method_set_list_next_function
-#define STORE_method_set_list_next_function	STORE_meth_set_list_next_fn
-#undef STORE_method_set_list_end_function
-#define STORE_method_set_list_end_function	STORE_meth_set_list_end_fn
-#undef STORE_method_set_update_store_function
-#define STORE_method_set_update_store_function	STORE_meth_set_update_store_fn
-#undef STORE_method_set_lock_store_function
-#define STORE_method_set_lock_store_function	STORE_meth_set_lock_store_fn
-#undef STORE_method_set_unlock_store_function
-#define STORE_method_set_unlock_store_function	STORE_meth_set_unlock_store_fn
-#undef STORE_method_get_initialise_function
-#define STORE_method_get_initialise_function	STORE_meth_get_initialise_fn
-#undef STORE_method_get_cleanup_function
-#define STORE_method_get_cleanup_function	STORE_meth_get_cleanup_fn
-#undef STORE_method_get_generate_function
-#define STORE_method_get_generate_function	STORE_meth_get_generate_fn
-#undef STORE_method_get_modify_function
-#define STORE_method_get_modify_function	STORE_meth_get_modify_fn
-#undef STORE_method_get_revoke_function
-#define STORE_method_get_revoke_function	STORE_meth_get_revoke_fn
-#undef STORE_method_get_delete_function
-#define STORE_method_get_delete_function	STORE_meth_get_delete_fn
-#undef STORE_method_get_list_start_function
-#define STORE_method_get_list_start_function	STORE_meth_get_list_start_fn
-#undef STORE_method_get_list_next_function
-#define STORE_method_get_list_next_function	STORE_meth_get_list_next_fn
-#undef STORE_method_get_list_end_function
-#define STORE_method_get_list_end_function	STORE_meth_get_list_end_fn
-#undef STORE_method_get_update_store_function
-#define STORE_method_get_update_store_function	STORE_meth_get_update_store_fn
-#undef STORE_method_get_lock_store_function
-#define STORE_method_get_lock_store_function	STORE_meth_get_lock_store_fn
-#undef STORE_method_get_unlock_store_function
-#define STORE_method_get_unlock_store_function	STORE_meth_get_unlock_store_fn
-
-/* Hack some long TS names */
-#undef TS_RESP_CTX_set_status_info_cond
-#define TS_RESP_CTX_set_status_info_cond	TS_RESP_CTX_set_stat_info_cond
-#undef TS_RESP_CTX_set_clock_precision_digits
-#define TS_RESP_CTX_set_clock_precision_digits	TS_RESP_CTX_set_clk_prec_digits
-#undef TS_CONF_set_clock_precision_digits
-#define TS_CONF_set_clock_precision_digits	TS_CONF_set_clk_prec_digits
-
-/* Hack some long CMS names */
-#undef CMS_RecipientInfo_ktri_get0_algs
-#define CMS_RecipientInfo_ktri_get0_algs	CMS_RecipInfo_ktri_get0_algs
-#undef CMS_RecipientInfo_ktri_get0_signer_id
-#define CMS_RecipientInfo_ktri_get0_signer_id	CMS_RecipInfo_ktri_get0_sigr_id
-#undef CMS_OtherRevocationInfoFormat_it
-#define CMS_OtherRevocationInfoFormat_it	CMS_OtherRevocInfoFormat_it
-#undef CMS_KeyAgreeRecipientIdentifier_it
-#define CMS_KeyAgreeRecipientIdentifier_it	CMS_KeyAgreeRecipIdentifier_it
-#undef CMS_OriginatorIdentifierOrKey_it
-#define CMS_OriginatorIdentifierOrKey_it	CMS_OriginatorIdOrKey_it
-#undef cms_SignerIdentifier_get0_signer_id
-#define cms_SignerIdentifier_get0_signer_id	cms_SignerId_get0_signer_id
-
-/* Hack some long DTLS1 names */
-#undef dtls1_retransmit_buffered_messages
-#define dtls1_retransmit_buffered_messages	dtls1_retransmit_buffered_msgs
-
-/* Hack some long SRP names */
-#undef SRP_generate_server_master_secret
-#define SRP_generate_server_master_secret	SRP_gen_server_master_secret
-#undef SRP_generate_client_master_secret
-#define SRP_generate_client_master_secret	SRP_gen_client_master_secret
-
-/* Hack some long UI names */
-#undef UI_method_get_prompt_constructor
-#define UI_method_get_prompt_constructor	UI_method_get_prompt_constructr
-#undef UI_method_set_prompt_constructor
-#define UI_method_set_prompt_constructor	UI_method_set_prompt_constructr
-
-#endif /* defined OPENSSL_SYS_VMS */
-
-
-/* Case insensitive linking causes problems.... */
-#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
-#undef ERR_load_CRYPTO_strings
-#define ERR_load_CRYPTO_strings			ERR_load_CRYPTOlib_strings
-#undef OCSP_crlID_new
-#define OCSP_crlID_new				OCSP_crlID2_new
-
-#undef d2i_ECPARAMETERS
-#define d2i_ECPARAMETERS			d2i_UC_ECPARAMETERS
-#undef i2d_ECPARAMETERS
-#define i2d_ECPARAMETERS			i2d_UC_ECPARAMETERS
-#undef d2i_ECPKPARAMETERS
-#define d2i_ECPKPARAMETERS			d2i_UC_ECPKPARAMETERS
-#undef i2d_ECPKPARAMETERS
-#define i2d_ECPKPARAMETERS			i2d_UC_ECPKPARAMETERS
-
-/* These functions do not seem to exist!  However, I'm paranoid...
-   Original command in x509v3.h:
-   These functions are being redefined in another directory,
-   and clash when the linker is case-insensitive, so let's
-   hide them a little, by giving them an extra 'o' at the
-   beginning of the name... */
-#undef X509v3_cleanup_extensions
-#define X509v3_cleanup_extensions		oX509v3_cleanup_extensions
-#undef X509v3_add_extension
-#define X509v3_add_extension			oX509v3_add_extension
-#undef X509v3_add_netscape_extensions
-#define X509v3_add_netscape_extensions		oX509v3_add_netscape_extensions
-#undef X509v3_add_standard_extensions
-#define X509v3_add_standard_extensions		oX509v3_add_standard_extensions
-
-/* This one clashes with CMS_data_create */
-#undef cms_Data_create
-#define cms_Data_create				priv_cms_Data_create
-
-#endif
-
-
-#endif /* ! defined HEADER_VMS_IDHACKS_H */
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
deleted file mode 100644
index dc36f79f06..0000000000
--- a/include/openssl/tls1.h
+++ /dev/null
@@ -1,761 +0,0 @@
-/* ssl/tls1.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifndef HEADER_TLS1_H 
-#define HEADER_TLS1_H 
-
-#include <openssl/buffer.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
-
-#define TLS1_VERSION			0x0301
-#define TLS1_1_VERSION			0x0302
-#define TLS1_2_VERSION			0x0303
-#define TLS_MAX_VERSION			TLS1_2_VERSION
-
-#define TLS1_VERSION_MAJOR		0x03
-#define TLS1_VERSION_MINOR		0x01
-
-#define TLS1_1_VERSION_MAJOR		0x03
-#define TLS1_1_VERSION_MINOR		0x02
-
-#define TLS1_2_VERSION_MAJOR		0x03
-#define TLS1_2_VERSION_MINOR		0x03
-
-#define TLS1_get_version(s) \
-		((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
-
-#define TLS1_get_client_version(s) \
-		((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
-
-#define TLS1_AD_DECRYPTION_FAILED	21
-#define TLS1_AD_RECORD_OVERFLOW		22
-#define TLS1_AD_UNKNOWN_CA		48	/* fatal */
-#define TLS1_AD_ACCESS_DENIED		49	/* fatal */
-#define TLS1_AD_DECODE_ERROR		50	/* fatal */
-#define TLS1_AD_DECRYPT_ERROR		51
-#define TLS1_AD_EXPORT_RESTRICTION	60	/* fatal */
-#define TLS1_AD_PROTOCOL_VERSION	70	/* fatal */
-#define TLS1_AD_INSUFFICIENT_SECURITY	71	/* fatal */
-#define TLS1_AD_INTERNAL_ERROR		80	/* fatal */
-#define TLS1_AD_INAPPROPRIATE_FALLBACK	86	/* fatal */
-#define TLS1_AD_USER_CANCELLED		90
-#define TLS1_AD_NO_RENEGOTIATION	100
-/* codes 110-114 are from RFC3546 */
-#define TLS1_AD_UNSUPPORTED_EXTENSION	110
-#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
-#define TLS1_AD_UNRECOGNIZED_NAME 	112
-#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
-#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
-#define TLS1_AD_UNKNOWN_PSK_IDENTITY	115	/* fatal */
-
-/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
-#define TLSEXT_TYPE_server_name			0
-#define TLSEXT_TYPE_max_fragment_length		1
-#define TLSEXT_TYPE_client_certificate_url	2
-#define TLSEXT_TYPE_trusted_ca_keys		3
-#define TLSEXT_TYPE_truncated_hmac		4
-#define TLSEXT_TYPE_status_request		5
-/* ExtensionType values from RFC4681 */
-#define TLSEXT_TYPE_user_mapping		6
-
-/* ExtensionType values from RFC5878 */
-#define TLSEXT_TYPE_client_authz		7
-#define TLSEXT_TYPE_server_authz		8
-
-/* ExtensionType values from RFC6091 */
-#define TLSEXT_TYPE_cert_type		9
-
-/* ExtensionType values from RFC4492 */
-#define TLSEXT_TYPE_elliptic_curves		10
-#define TLSEXT_TYPE_ec_point_formats		11
-
-/* ExtensionType value from RFC5054 */
-#define TLSEXT_TYPE_srp				12
-
-/* ExtensionType values from RFC5246 */
-#define TLSEXT_TYPE_signature_algorithms	13
-
-/* ExtensionType value from RFC5764 */
-#define TLSEXT_TYPE_use_srtp	14
-
-/* ExtensionType value from RFC5620 */
-#define TLSEXT_TYPE_heartbeat	15
-
-/* ExtensionType value for TLS padding extension.
- * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
- * http://tools.ietf.org/html/draft-agl-tls-padding-03
- */
-#define TLSEXT_TYPE_padding	21
-
-/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
-#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
-
-/* ExtensionType value from RFC4507 */
-#define TLSEXT_TYPE_session_ticket		35
-
-/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
-#if 0 /* will have to be provided externally for now ,
-       * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
-       * using whatever extension number you'd like to try */
-# define TLSEXT_TYPE_opaque_prf_input		?? */
-#endif
-
-/* Temporary extension type */
-#define TLSEXT_TYPE_renegotiate                 0xff01
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-/* This is not an IANA defined extension number */
-#define TLSEXT_TYPE_next_proto_neg		13172
-#endif
-
-/* This is not an IANA defined extension number */
-#define TLSEXT_TYPE_channel_id			30031
-#define TLSEXT_TYPE_channel_id_new		30032
-
-/* NameType value from RFC 3546 */
-#define TLSEXT_NAMETYPE_host_name 0
-/* status request value from RFC 3546 */
-#define TLSEXT_STATUSTYPE_ocsp 1
-
-/* ECPointFormat values from draft-ietf-tls-ecc-12 */
-#define TLSEXT_ECPOINTFORMAT_first			0
-#define TLSEXT_ECPOINTFORMAT_uncompressed		0
-#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime	1
-#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2	2
-#define TLSEXT_ECPOINTFORMAT_last			2
-
-/* Signature and hash algorithms from RFC 5246 */
-
-#define TLSEXT_signature_anonymous			0
-#define TLSEXT_signature_rsa				1
-#define TLSEXT_signature_dsa				2
-#define TLSEXT_signature_ecdsa				3
-
-#define TLSEXT_hash_none				0
-#define TLSEXT_hash_md5					1
-#define TLSEXT_hash_sha1				2
-#define TLSEXT_hash_sha224				3
-#define TLSEXT_hash_sha256				4
-#define TLSEXT_hash_sha384				5
-#define TLSEXT_hash_sha512				6
-
-#ifndef OPENSSL_NO_TLSEXT
-
-#define TLSEXT_MAXLEN_host_name 255
-
-const char *SSL_get_servername(const SSL *s, const int type);
-int SSL_get_servername_type(const SSL *s);
-/* SSL_export_keying_material exports a value derived from the master secret,
- * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
- * optional context. (Since a zero length context is allowed, the |use_context|
- * flag controls whether a context is included.)
- *
- * It returns 1 on success and zero otherwise.
- */
-int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-	const char *label, size_t llen, const unsigned char *p, size_t plen,
-	int use_context);
-
-#define SSL_set_tlsext_host_name(s,name) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
-
-#define SSL_set_tlsext_debug_callback(ssl, cb) \
-SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
-
-#define SSL_set_tlsext_debug_arg(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
-
-#define SSL_set_tlsext_status_type(ssl, type) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
-
-#define SSL_get_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
-
-#define SSL_set_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
-
-#define SSL_get_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
-
-#define SSL_set_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
-
-#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
-
-#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
-
-#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
-
-#define SSL_TLSEXT_ERR_OK 0
-#define SSL_TLSEXT_ERR_ALERT_WARNING 1
-#define SSL_TLSEXT_ERR_ALERT_FATAL 2
-#define SSL_TLSEXT_ERR_NOACK 3
-
-#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
-
-#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
-#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
-
-#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
-
-#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
-SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
-
-#define SSL_set_tlsext_opaque_prf_input(s, src, len) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
-#define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
-#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
-
-#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
-
-#ifndef OPENSSL_NO_HEARTBEATS
-#define SSL_TLSEXT_HB_ENABLED				0x01
-#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS	0x02
-#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS	0x04
-
-#define SSL_get_tlsext_heartbeat_pending(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
-#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
-        SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
-#endif
-#endif
-
-/* PSK ciphersuites from 4279 */
-#define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
-#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
-#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C
-#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D
-
-/* Additional TLS ciphersuites from expired Internet Draft
- * draft-ietf-tls-56-bit-ciphersuites-01.txt
- * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
- * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
- * shouldn't.  Note that the first two are actually not in the IDs. */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5		0x03000060 /* not in ID */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	0x03000061 /* not in ID */
-#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA		0x03000062
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x03000063
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA		0x03000064
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x03000065
-#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA		0x03000066
-
-/* AES ciphersuites from RFC3268 */
-
-#define TLS1_CK_RSA_WITH_AES_128_SHA			0x0300002F
-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA			0x03000030
-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA			0x03000031
-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA		0x03000032
-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA		0x03000033
-#define TLS1_CK_ADH_WITH_AES_128_SHA			0x03000034
-
-#define TLS1_CK_RSA_WITH_AES_256_SHA			0x03000035
-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA			0x03000036
-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA			0x03000037
-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA		0x03000038
-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA		0x03000039
-#define TLS1_CK_ADH_WITH_AES_256_SHA			0x0300003A
-
-/* TLS v1.2 ciphersuites */
-#define TLS1_CK_RSA_WITH_NULL_SHA256			0x0300003B
-#define TLS1_CK_RSA_WITH_AES_128_SHA256			0x0300003C
-#define TLS1_CK_RSA_WITH_AES_256_SHA256			0x0300003D
-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256		0x0300003E
-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256		0x0300003F
-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256		0x03000040
-
-/* Camellia ciphersuites from RFC4132 */
-#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA		0x03000041
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA	0x03000042
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA	0x03000043
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x03000044
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x03000045
-#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA		0x03000046
-
-/* TLS v1.2 ciphersuites */
-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256		0x03000067
-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256		0x03000068
-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256		0x03000069
-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256		0x0300006A
-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256		0x0300006B
-#define TLS1_CK_ADH_WITH_AES_128_SHA256			0x0300006C
-#define TLS1_CK_ADH_WITH_AES_256_SHA256			0x0300006D
-
-/* Camellia ciphersuites from RFC4132 */
-#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA		0x03000084
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA	0x03000085
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA	0x03000086
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x03000087
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x03000088
-#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA		0x03000089
-
-/* SEED ciphersuites from RFC4162 */
-#define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096
-#define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097
-#define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
-#define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
-#define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
-#define TLS1_CK_ADH_WITH_SEED_SHA                	0x0300009B
-
-/* TLS v1.2 GCM ciphersuites from RFC5288 */
-#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256		0x0300009C
-#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384		0x0300009D
-#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256		0x0300009E
-#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384		0x0300009F
-#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256		0x030000A0
-#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384		0x030000A1
-#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256		0x030000A2
-#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384		0x030000A3
-#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256		0x030000A4
-#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384		0x030000A5
-#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256		0x030000A6
-#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384		0x030000A7
-
-/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
-#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
-#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
-#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005
-
-#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006
-#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007
-#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A
-
-#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B
-#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C
-#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F
-
-#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010
-#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011
-#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014
-
-#define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015
-#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016
-#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017
-#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
-#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
-
-/* SRP ciphersuites from RFC 5054 */
-#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA		0x0300C01A
-#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA	0x0300C01B
-#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA	0x0300C01C
-#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA		0x0300C01D
-#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA	0x0300C01E
-#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA	0x0300C01F
-#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA		0x0300C020
-#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA	0x0300C021
-#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA	0x0300C022
-
-/* ECDH HMAC based ciphersuites from RFC5289 */
-
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
-
-/* ECDH GCM based ciphersuites from RFC5289 */
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256	0x0300C02B
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384	0x0300C02C
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
-
-/* ECDHE PSK ciphersuites from RFC5489
- * SHA-2 cipher suites are omitted because they cannot be used safely with
- * SSLv3. */
-#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA          0x0300C035
-#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA          0x0300C036
-
-/* XXX
- * Inconsistency alert:
- * The OpenSSL names of ciphers with ephemeral DH here include the string
- * "DHE", while elsewhere it has always been "EDH".
- * (The alias for the list of all such ciphers also is "EDH".)
- * The specifications speak of "EDH"; maybe we should allow both forms
- * for everything. */
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5		"EXP1024-RC4-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	"EXP1024-RC2-CBC-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DES-CBC-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DHE-DSS-DES-CBC-SHA"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA		"EXP1024-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	"EXP1024-DHE-DSS-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA		"DHE-DSS-RC4-SHA"
-
-/* AES ciphersuites from RFC3268 */
-#define TLS1_TXT_RSA_WITH_AES_128_SHA			"AES128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA		"DH-DSS-AES128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA		"DH-RSA-AES128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA		"DHE-DSS-AES128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA		"DHE-RSA-AES128-SHA"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA			"ADH-AES128-SHA"
-
-#define TLS1_TXT_RSA_WITH_AES_256_SHA			"AES256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA		"DH-DSS-AES256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA		"DH-RSA-AES256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA		"DHE-DSS-AES256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA		"DHE-RSA-AES256-SHA"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA			"ADH-AES256-SHA"
-
-/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
-#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
-
-#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"
-
-#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
-
-#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"
-
-#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
-
-/* PSK ciphersuites from RFC 4279 */
-#define TLS1_TXT_PSK_WITH_RC4_128_SHA			"PSK-RC4-SHA"
-#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA		"PSK-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA		"PSK-AES128-CBC-SHA"
-#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA		"PSK-AES256-CBC-SHA"
-
-/* SRP ciphersuite from RFC 5054 */
-#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA		"SRP-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA	"SRP-RSA-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA	"SRP-DSS-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA		"SRP-AES-128-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA	"SRP-RSA-AES-128-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA	"SRP-DSS-AES-128-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA		"SRP-AES-256-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA	"SRP-RSA-AES-256-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA	"SRP-DSS-AES-256-CBC-SHA"
-
-/* Camellia ciphersuites from RFC4132 */
-#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA		"CAMELLIA128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA	"DH-DSS-CAMELLIA128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA	"DH-RSA-CAMELLIA128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	"DHE-DSS-CAMELLIA128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	"DHE-RSA-CAMELLIA128-SHA"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA		"ADH-CAMELLIA128-SHA"
-
-#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA		"CAMELLIA256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA	"DH-DSS-CAMELLIA256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA	"DH-RSA-CAMELLIA256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	"DHE-DSS-CAMELLIA256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	"DHE-RSA-CAMELLIA256-SHA"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA		"ADH-CAMELLIA256-SHA"
-
-/* SEED ciphersuites from RFC4162 */
-#define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"
-#define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"
-#define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
-#define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
-
-/* TLS v1.2 ciphersuites */
-#define TLS1_TXT_RSA_WITH_NULL_SHA256			"NULL-SHA256"
-#define TLS1_TXT_RSA_WITH_AES_128_SHA256		"AES128-SHA256"
-#define TLS1_TXT_RSA_WITH_AES_256_SHA256		"AES256-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256		"DH-DSS-AES128-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256		"DH-RSA-AES128-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256		"DHE-DSS-AES128-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256		"DHE-RSA-AES128-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256		"DH-DSS-AES256-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256		"DH-RSA-AES256-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256		"DHE-DSS-AES256-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256		"DHE-RSA-AES256-SHA256"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA256		"ADH-AES128-SHA256"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA256		"ADH-AES256-SHA256"
-
-/* TLS v1.2 GCM ciphersuites from RFC5288 */
-#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256		"AES128-GCM-SHA256"
-#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384		"AES256-GCM-SHA384"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256	"DHE-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384	"DHE-RSA-AES256-GCM-SHA384"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256		"DH-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384		"DH-RSA-AES256-GCM-SHA384"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256	"DHE-DSS-AES128-GCM-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384	"DHE-DSS-AES256-GCM-SHA384"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256		"DH-DSS-AES128-GCM-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384		"DH-DSS-AES256-GCM-SHA384"
-#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256		"ADH-AES128-GCM-SHA256"
-#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384		"ADH-AES256-GCM-SHA384"
-
-/* ECDH HMAC based ciphersuites from RFC5289 */
-
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
-
-/* ECDH GCM based ciphersuites from RFC5289 */
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
-
-/* ECDHE PSK ciphersuites from RFC5489 */
-#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA         "ECDHE-PSK-AES128-CBC-SHA"
-#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA         "ECDHE-PSK-AES256-CBC-SHA"
-
-#define TLS_CT_RSA_SIGN			1
-#define TLS_CT_DSS_SIGN			2
-#define TLS_CT_RSA_FIXED_DH		3
-#define TLS_CT_DSS_FIXED_DH		4
-#define TLS_CT_ECDSA_SIGN		64
-#define TLS_CT_RSA_FIXED_ECDH		65
-#define TLS_CT_ECDSA_FIXED_ECDH 	66
-#define TLS_CT_GOST94_SIGN		21
-#define TLS_CT_GOST01_SIGN		22
-/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
- * comment there) */
-#define TLS_CT_NUMBER			9
-
-#define TLS1_FINISH_MAC_LENGTH		12
-
-#define TLS_MD_MAX_CONST_SIZE			20
-#define TLS_MD_CLIENT_FINISH_CONST		"client finished"
-#define TLS_MD_CLIENT_FINISH_CONST_SIZE		15
-#define TLS_MD_SERVER_FINISH_CONST		"server finished"
-#define TLS_MD_SERVER_FINISH_CONST_SIZE		15
-#define TLS_MD_SERVER_WRITE_KEY_CONST		"server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE	16
-#define TLS_MD_KEY_EXPANSION_CONST		"key expansion"
-#define TLS_MD_KEY_EXPANSION_CONST_SIZE		13
-#define TLS_MD_CLIENT_WRITE_KEY_CONST		"client write key"
-#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE	16
-#define TLS_MD_SERVER_WRITE_KEY_CONST		"server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE	16
-#define TLS_MD_IV_BLOCK_CONST			"IV block"
-#define TLS_MD_IV_BLOCK_CONST_SIZE		8
-#define TLS_MD_MASTER_SECRET_CONST		"master secret"
-#define TLS_MD_MASTER_SECRET_CONST_SIZE		13
-
-#ifdef CHARSET_EBCDIC
-#undef TLS_MD_CLIENT_FINISH_CONST
-#define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*client finished*/
-#undef TLS_MD_SERVER_FINISH_CONST
-#define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*server finished*/
-#undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
-#undef TLS_MD_KEY_EXPANSION_CONST
-#define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"  /*key expansion*/
-#undef TLS_MD_CLIENT_WRITE_KEY_CONST
-#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*client write key*/
-#undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
-#undef TLS_MD_IV_BLOCK_CONST
-#define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"  /*IV block*/
-#undef TLS_MD_MASTER_SECRET_CONST
-#define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/
-#endif
-
-/* TLS Session Ticket extension struct */
-struct tls_session_ticket_ext_st
-	{
-	unsigned short length;
-	void *data;
-	};
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/ts.h b/include/openssl/ts.h
deleted file mode 100644
index c2448e3c3b..0000000000
--- a/include/openssl/ts.h
+++ /dev/null
@@ -1,858 +0,0 @@
-/* crypto/ts/ts.h */
-/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
- * project 2002, 2003, 2004.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_TS_H
-#define HEADER_TS_H
-
-#include <openssl/opensslconf.h>
-#include <openssl/symhacks.h>
-#ifndef OPENSSL_NO_BUFFER
-#include <openssl/buffer.h>
-#endif
-#ifndef OPENSSL_NO_EVP
-#include <openssl/evp.h>
-#endif
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/stack.h>
-#include <openssl/asn1.h>
-#include <openssl/safestack.h>
-
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef WIN32
-/* Under Win32 this is defined in wincrypt.h */
-#undef X509_NAME
-#endif
-
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-/*
-MessageImprint ::= SEQUENCE  {
-     hashAlgorithm                AlgorithmIdentifier,
-     hashedMessage                OCTET STRING  }
-*/
-
-typedef struct TS_msg_imprint_st
-	{
-	X509_ALGOR *hash_algo;
-	ASN1_OCTET_STRING *hashed_msg;
-	} TS_MSG_IMPRINT;
-
-/*
-TimeStampReq ::= SEQUENCE  {
-   version                  INTEGER  { v1(1) },
-   messageImprint           MessageImprint,
-     --a hash algorithm OID and the hash value of the data to be
-     --time-stamped
-   reqPolicy                TSAPolicyId                OPTIONAL,
-   nonce                    INTEGER                    OPTIONAL,
-   certReq                  BOOLEAN                    DEFAULT FALSE,
-   extensions               [0] IMPLICIT Extensions    OPTIONAL  }
-*/
-
-typedef struct TS_req_st
-	{
-	ASN1_INTEGER *version;
-	TS_MSG_IMPRINT *msg_imprint;
-	ASN1_OBJECT *policy_id;		/* OPTIONAL */
-	ASN1_INTEGER *nonce;		/* OPTIONAL */
-	ASN1_BOOLEAN cert_req;		/* DEFAULT FALSE */
-	STACK_OF(X509_EXTENSION) *extensions;	/* [0] OPTIONAL */
-	} TS_REQ;
-
-/*
-Accuracy ::= SEQUENCE {
-                seconds        INTEGER           OPTIONAL,
-                millis     [0] INTEGER  (1..999) OPTIONAL,
-                micros     [1] INTEGER  (1..999) OPTIONAL  }
-*/
-
-typedef struct TS_accuracy_st
-	{
-	ASN1_INTEGER *seconds;
-	ASN1_INTEGER *millis;
-	ASN1_INTEGER *micros;
-	} TS_ACCURACY;
-
-/*
-TSTInfo ::= SEQUENCE  {
-    version                      INTEGER  { v1(1) },
-    policy                       TSAPolicyId,
-    messageImprint               MessageImprint,
-      -- MUST have the same value as the similar field in
-      -- TimeStampReq
-    serialNumber                 INTEGER,
-     -- Time-Stamping users MUST be ready to accommodate integers
-     -- up to 160 bits.
-    genTime                      GeneralizedTime,
-    accuracy                     Accuracy                 OPTIONAL,
-    ordering                     BOOLEAN             DEFAULT FALSE,
-    nonce                        INTEGER                  OPTIONAL,
-      -- MUST be present if the similar field was present
-      -- in TimeStampReq.  In that case it MUST have the same value.
-    tsa                          [0] GeneralName          OPTIONAL,
-    extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
-*/
-
-typedef struct TS_tst_info_st
-	{
-	ASN1_INTEGER *version;
-	ASN1_OBJECT *policy_id;
-	TS_MSG_IMPRINT *msg_imprint;
-	ASN1_INTEGER *serial;
-	ASN1_GENERALIZEDTIME *time;
-	TS_ACCURACY *accuracy;
-	ASN1_BOOLEAN ordering;
-	ASN1_INTEGER *nonce;
-	GENERAL_NAME *tsa;
-	STACK_OF(X509_EXTENSION) *extensions;
-	} TS_TST_INFO;	
-
-/*
-PKIStatusInfo ::= SEQUENCE {
-    status        PKIStatus,
-    statusString  PKIFreeText     OPTIONAL,
-    failInfo      PKIFailureInfo  OPTIONAL  }
-
-From RFC 1510 - section 3.1.1:
-PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
-	-- text encoded as UTF-8 String (note:  each UTF8String SHOULD
-	-- include an RFC 1766 language tag to indicate the language
-	-- of the contained text)
-*/
-
-/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */
-
-#define	TS_STATUS_GRANTED			0
-#define	TS_STATUS_GRANTED_WITH_MODS		1
-#define	TS_STATUS_REJECTION			2
-#define	TS_STATUS_WAITING			3
-#define	TS_STATUS_REVOCATION_WARNING		4
-#define	TS_STATUS_REVOCATION_NOTIFICATION	5
-
-/* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c */
-
-#define	TS_INFO_BAD_ALG			0
-#define	TS_INFO_BAD_REQUEST		2
-#define	TS_INFO_BAD_DATA_FORMAT		5
-#define	TS_INFO_TIME_NOT_AVAILABLE	14
-#define	TS_INFO_UNACCEPTED_POLICY	15
-#define	TS_INFO_UNACCEPTED_EXTENSION	16
-#define	TS_INFO_ADD_INFO_NOT_AVAILABLE	17
-#define	TS_INFO_SYSTEM_FAILURE		25
-
-typedef struct TS_status_info_st
-	{
-	ASN1_INTEGER *status;
-	STACK_OF(ASN1_UTF8STRING) *text;
-	ASN1_BIT_STRING *failure_info;
-	} TS_STATUS_INFO;
-
-DECLARE_STACK_OF(ASN1_UTF8STRING)
-DECLARE_ASN1_SET_OF(ASN1_UTF8STRING)
-
-/*
-TimeStampResp ::= SEQUENCE  {
-     status                  PKIStatusInfo,
-     timeStampToken          TimeStampToken     OPTIONAL }
-*/
-
-typedef struct TS_resp_st
-	{
-	TS_STATUS_INFO *status_info;
-	PKCS7 *token;
-	TS_TST_INFO *tst_info;
-	} TS_RESP;
-
-/* The structure below would belong to the ESS component. */
-
-/*
-IssuerSerial ::= SEQUENCE {
-	issuer                   GeneralNames,
-	serialNumber             CertificateSerialNumber
-	}
-*/
-
-typedef struct ESS_issuer_serial
-	{
-	STACK_OF(GENERAL_NAME)	*issuer;
-	ASN1_INTEGER		*serial;
-	} ESS_ISSUER_SERIAL;
-
-/*
-ESSCertID ::=  SEQUENCE {
-        certHash                 Hash,
-        issuerSerial             IssuerSerial OPTIONAL
-}
-*/
-
-typedef struct ESS_cert_id
-	{
-	ASN1_OCTET_STRING *hash;	/* Always SHA-1 digest. */
-	ESS_ISSUER_SERIAL *issuer_serial;
-	} ESS_CERT_ID;
-
-DECLARE_STACK_OF(ESS_CERT_ID)
-DECLARE_ASN1_SET_OF(ESS_CERT_ID)
-
-/*
-SigningCertificate ::=  SEQUENCE {
-       certs        SEQUENCE OF ESSCertID,
-       policies     SEQUENCE OF PolicyInformation OPTIONAL
-}
-*/
-
-typedef struct ESS_signing_cert
-	{
-	STACK_OF(ESS_CERT_ID) *cert_ids;
-	STACK_OF(POLICYINFO) *policy_info;
-	} ESS_SIGNING_CERT;
-
-
-TS_REQ	*TS_REQ_new(void);
-void	TS_REQ_free(TS_REQ *a);
-int	i2d_TS_REQ(const TS_REQ *a, unsigned char **pp);
-TS_REQ	*d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
-
-TS_REQ	*TS_REQ_dup(TS_REQ *a);
-
-TS_REQ	*d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
-int	i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
-TS_REQ	*d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
-int	i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
-
-TS_MSG_IMPRINT	*TS_MSG_IMPRINT_new(void);
-void		TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a);
-int		i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp);
-TS_MSG_IMPRINT	*d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
-				    const unsigned char **pp, long length);
-
-TS_MSG_IMPRINT	*TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
-
-TS_MSG_IMPRINT	*d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
-int		i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
-TS_MSG_IMPRINT	*d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
-int		i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
-
-TS_RESP	*TS_RESP_new(void);
-void	TS_RESP_free(TS_RESP *a);
-int	i2d_TS_RESP(const TS_RESP *a, unsigned char **pp);
-TS_RESP	*d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
-TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
-TS_RESP	*TS_RESP_dup(TS_RESP *a);
-
-TS_RESP	*d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
-int	i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
-TS_RESP	*d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
-int	i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
-
-TS_STATUS_INFO	*TS_STATUS_INFO_new(void);
-void		TS_STATUS_INFO_free(TS_STATUS_INFO *a);
-int		i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp);
-TS_STATUS_INFO	*d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, 
-				    const unsigned char **pp, long length);
-TS_STATUS_INFO	*TS_STATUS_INFO_dup(TS_STATUS_INFO *a);
-
-TS_TST_INFO	*TS_TST_INFO_new(void);
-void		TS_TST_INFO_free(TS_TST_INFO *a);
-int		i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp);
-TS_TST_INFO	*d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
-				    long length);
-TS_TST_INFO	*TS_TST_INFO_dup(TS_TST_INFO *a);
-
-TS_TST_INFO	*d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
-int		i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
-TS_TST_INFO	*d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
-int		i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
-
-TS_ACCURACY	*TS_ACCURACY_new(void);
-void		TS_ACCURACY_free(TS_ACCURACY *a);
-int		i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp);
-TS_ACCURACY	*d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp,
-				    long length);
-TS_ACCURACY	*TS_ACCURACY_dup(TS_ACCURACY *a);
-
-ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void);
-void		  ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a);
-int		  i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a,
-					unsigned char **pp);
-ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a,
-					 const unsigned char **pp, long length);
-ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a);
-
-ESS_CERT_ID	*ESS_CERT_ID_new(void);
-void		ESS_CERT_ID_free(ESS_CERT_ID *a);
-int		i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp);
-ESS_CERT_ID	*d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp,
-				 long length);
-ESS_CERT_ID	*ESS_CERT_ID_dup(ESS_CERT_ID *a);
-
-ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void);
-void		 ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a);
-int		 i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, 
-				      unsigned char **pp);
-ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a,
-				       const unsigned char **pp, long length);
-ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
-
-void ERR_load_TS_strings(void);
-
-int TS_REQ_set_version(TS_REQ *a, long version);
-long TS_REQ_get_version(const TS_REQ *a);
-
-int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint);
-TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a);
-
-int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg);
-X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a);
-
-int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len);
-ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a);
-
-int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy);
-ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a);
-
-int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce);
-const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a);
-
-int TS_REQ_set_cert_req(TS_REQ *a, int cert_req);
-int TS_REQ_get_cert_req(const TS_REQ *a);
-
-STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a);
-void TS_REQ_ext_free(TS_REQ *a);
-int TS_REQ_get_ext_count(TS_REQ *a);
-int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
-int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos);
-int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
-X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
-X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
-int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc);
-void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx);
-
-/* Function declarations for TS_REQ defined in ts/ts_req_print.c */
-
-int TS_REQ_print_bio(BIO *bio, TS_REQ *a);
-
-/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */
-
-int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info);
-TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a);
-
-/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
-void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info);
-PKCS7 *TS_RESP_get_token(TS_RESP *a);
-TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a);
-
-int TS_TST_INFO_set_version(TS_TST_INFO *a, long version);
-long TS_TST_INFO_get_version(const TS_TST_INFO *a);
-
-int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id);
-ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a);
-
-int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint);
-TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a);
-
-int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial);
-const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a);
-
-int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime);
-const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a);
-
-int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy);
-TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a);
-
-int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds);
-const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a);
-
-int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis);
-const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a);
-
-int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros);
-const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a);
-
-int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering);
-int TS_TST_INFO_get_ordering(const TS_TST_INFO *a);
-
-int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce);
-const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a);
-
-int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa);
-GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a);
-
-STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a);
-void TS_TST_INFO_ext_free(TS_TST_INFO *a);
-int TS_TST_INFO_get_ext_count(TS_TST_INFO *a);
-int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos);
-int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos);
-int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
-X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
-X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc);
-int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc);
-void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx);
-
-/* Declarations related to response generation, defined in ts/ts_resp_sign.c. */
-
-/* Optional flags for response generation. */
-
-/* Don't include the TSA name in response. */
-#define	TS_TSA_NAME		0x01
-
-/* Set ordering to true in response. */
-#define	TS_ORDERING		0x02
-
-/*
- * Include the signer certificate and the other specified certificates in
- * the ESS signing certificate attribute beside the PKCS7 signed data.
- * Only the signer certificates is included by default.
- */
-#define	TS_ESS_CERT_ID_CHAIN	0x04
-
-/* Forward declaration. */
-struct TS_resp_ctx;
-
-/* This must return a unique number less than 160 bits long. */
-typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *);
-
-/* This must return the seconds and microseconds since Jan 1, 1970 in
-   the sec and usec variables allocated by the caller. 
-   Return non-zero for success and zero for failure. */
-typedef	int (*TS_time_cb)(struct TS_resp_ctx *, void *, long *sec, long *usec);
-
-/* This must process the given extension.
- * It can modify the TS_TST_INFO object of the context.
- * Return values: !0 (processed), 0 (error, it must set the 
- * status info/failure info of the response).
- */
-typedef	int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *);
-
-typedef struct TS_resp_ctx
-	{
-	X509		*signer_cert;
-	EVP_PKEY	*signer_key;
-	STACK_OF(X509)	*certs;	/* Certs to include in signed data. */
-	STACK_OF(ASN1_OBJECT)	*policies;	/* Acceptable policies. */
-	ASN1_OBJECT	*default_policy; /* It may appear in policies, too. */
-	STACK_OF(EVP_MD)	*mds;	/* Acceptable message digests. */
-	ASN1_INTEGER	*seconds;	/* accuracy, 0 means not specified. */
-	ASN1_INTEGER	*millis;	/* accuracy, 0 means not specified. */
-	ASN1_INTEGER	*micros;	/* accuracy, 0 means not specified. */
-	unsigned	clock_precision_digits; /* fraction of seconds in
-						   time stamp token. */
-	unsigned	flags;		/* Optional info, see values above. */
-
-	/* Callback functions. */
-	TS_serial_cb serial_cb;
-	void *serial_cb_data;	/* User data for serial_cb. */
-	
-	TS_time_cb time_cb;
-	void *time_cb_data;	/* User data for time_cb. */
-	
-	TS_extension_cb extension_cb;
-	void *extension_cb_data;	/* User data for extension_cb. */
-
-	/* These members are used only while creating the response. */
-	TS_REQ		*request;
-	TS_RESP		*response;
-	TS_TST_INFO	*tst_info;
-	} TS_RESP_CTX;
-
-DECLARE_STACK_OF(EVP_MD)
-DECLARE_ASN1_SET_OF(EVP_MD)
-
-/* Creates a response context that can be used for generating responses. */
-TS_RESP_CTX *TS_RESP_CTX_new(void);
-void TS_RESP_CTX_free(TS_RESP_CTX *ctx);
-
-/* This parameter must be set. */
-int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);
-
-/* This parameter must be set. */
-int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key);
-
-/* This parameter must be set. */
-int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy);
-
-/* No additional certs are included in the response by default. */
-int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
-
-/* Adds a new acceptable policy, only the default policy 
-   is accepted by default. */
-int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy);
-
-/* Adds a new acceptable message digest. Note that no message digests 
-   are accepted by default. The md argument is shared with the caller. */
-int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md);
-
-/* Accuracy is not included by default. */
-int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
-			     int secs, int millis, int micros);
-
-/* Clock precision digits, i.e. the number of decimal digits: 
-   '0' means sec, '3' msec, '6' usec, and so on. Default is 0. */ 
-int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
-					   unsigned clock_precision_digits);
-/* At most we accept usec precision. */	
-#define TS_MAX_CLOCK_PRECISION_DIGITS	6
-
-/* No flags are set by default. */
-void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
-
-/* Default callback always returns a constant. */
-void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data);
-
-/* Default callback uses the gettimeofday() and gmtime() system calls. */
-void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data);
-
-/* Default callback rejects all extensions. The extension callback is called 
- * when the TS_TST_INFO object is already set up and not signed yet. */
-/* FIXME: extension handling is not tested yet. */
-void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, 
-				  TS_extension_cb cb, void *data);
-
-/* The following methods can be used in the callbacks. */
-int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, 
-				int status, const char *text);
-
-/* Sets the status info only if it is still TS_STATUS_GRANTED. */
-int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, 
-				     int status, const char *text);
-
-int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure);
-
-/* The get methods below can be used in the extension callback. */
-TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx);
-
-TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx);
-
-/* 
- * Creates the signed TS_TST_INFO and puts it in TS_RESP.
- * In case of errors it sets the status info properly.
- * Returns NULL only in case of memory allocation/fatal error.
- */
-TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio);
-
-/*
- * Declarations related to response verification,
- * they are defined in ts/ts_resp_verify.c.
- */
-
-int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
-			     X509_STORE *store, X509 **signer_out);
-
-/* Context structure for the generic verify method. */
-
-/* Verify the signer's certificate and the signature of the response. */
-#define	TS_VFY_SIGNATURE	(1u << 0)
-/* Verify the version number of the response. */
-#define	TS_VFY_VERSION		(1u << 1)
-/* Verify if the policy supplied by the user matches the policy of the TSA. */
-#define	TS_VFY_POLICY		(1u << 2)
-/* Verify the message imprint provided by the user. This flag should not be
-   specified with TS_VFY_DATA. */
-#define	TS_VFY_IMPRINT		(1u << 3)
-/* Verify the message imprint computed by the verify method from the user
-   provided data and the MD algorithm of the response. This flag should not be
-   specified with TS_VFY_IMPRINT. */
-#define	TS_VFY_DATA		(1u << 4)
-/* Verify the nonce value. */
-#define	TS_VFY_NONCE		(1u << 5)
-/* Verify if the TSA name field matches the signer certificate. */
-#define	TS_VFY_SIGNER		(1u << 6)
-/* Verify if the TSA name field equals to the user provided name. */
-#define	TS_VFY_TSA_NAME		(1u << 7)
-
-/* You can use the following convenience constants. */
-#define	TS_VFY_ALL_IMPRINT	(TS_VFY_SIGNATURE	\
-				 | TS_VFY_VERSION	\
-				 | TS_VFY_POLICY	\
-				 | TS_VFY_IMPRINT	\
-				 | TS_VFY_NONCE		\
-				 | TS_VFY_SIGNER	\
-				 | TS_VFY_TSA_NAME)
-#define	TS_VFY_ALL_DATA		(TS_VFY_SIGNATURE	\
-				 | TS_VFY_VERSION	\
-				 | TS_VFY_POLICY	\
-				 | TS_VFY_DATA		\
-				 | TS_VFY_NONCE		\
-				 | TS_VFY_SIGNER	\
-				 | TS_VFY_TSA_NAME)
-
-typedef struct TS_verify_ctx
-	{
-	/* Set this to the union of TS_VFY_... flags you want to carry out. */
-	unsigned	flags;
-
-	/* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
-	X509_STORE	*store;
-	STACK_OF(X509)	*certs;
-
-	/* Must be set only with TS_VFY_POLICY. */
-	ASN1_OBJECT	*policy;
-
-	/* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, 
-	   the algorithm from the response is used. */
-	X509_ALGOR	*md_alg;
-	unsigned char	*imprint;
-	unsigned	imprint_len;
-
-	/* Must be set only with TS_VFY_DATA. */
-	BIO		*data;
-
-	/* Must be set only with TS_VFY_TSA_NAME. */
-	ASN1_INTEGER	*nonce;
-
-	/* Must be set only with TS_VFY_TSA_NAME. */
-	GENERAL_NAME	*tsa_name;
-	} TS_VERIFY_CTX;
-
-int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response);
-int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token);
-
-/*
- * Declarations related to response verification context,
- * they are defined in ts/ts_verify_ctx.c.
- */
-
-/* Set all fields to zero. */
-TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
-void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
-void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
-void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
-
-/* 
- * If ctx is NULL, it allocates and returns a new object, otherwise
- * it returns ctx. It initialises all the members as follows:
- * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE)
- * certs = NULL
- * store = NULL
- * policy = policy from the request or NULL if absent (in this case
- *	TS_VFY_POLICY is cleared from flags as well)
- * md_alg = MD algorithm from request
- * imprint, imprint_len = imprint from request
- * data = NULL
- * nonce, nonce_len = nonce from the request or NULL if absent (in this case
- * 	TS_VFY_NONCE is cleared from flags as well)
- * tsa_name = NULL
- * Important: after calling this method TS_VFY_SIGNATURE should be added!
- */
-TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx);
-
-/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */
-
-int TS_RESP_print_bio(BIO *bio, TS_RESP *a);
-int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a);
-int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a);
-
-/* Common utility functions defined in ts/ts_lib.c */
-
-int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num);
-int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj);
-int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions);
-int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg);
-int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
-
-/* Function declarations for handling configuration options,
-   defined in ts/ts_conf.c */
-
-X509 *TS_CONF_load_cert(const char *file);
-STACK_OF(X509) *TS_CONF_load_certs(const char *file);
-EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
-const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
-int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
-		       TS_RESP_CTX *ctx);
-int TS_CONF_set_crypto_device(CONF *conf, const char *section,
-			      const char *device);
-int TS_CONF_set_default_engine(const char *name);
-int TS_CONF_set_signer_cert(CONF *conf, const char *section,
-			    const char *cert, TS_RESP_CTX *ctx);
-int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
-		      TS_RESP_CTX *ctx);
-int TS_CONF_set_signer_key(CONF *conf, const char *section,
-			   const char *key, const char *pass, TS_RESP_CTX *ctx);
-int TS_CONF_set_def_policy(CONF *conf, const char *section,
-			   const char *policy, TS_RESP_CTX *ctx);
-int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
-int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx);
-int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx);
-int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
-				       TS_RESP_CTX *ctx);
-int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx);
-int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx);
-int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
-				  TS_RESP_CTX *ctx);
-
-/* -------------------------------------------------- */
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_TS_strings(void);
-
-/* Error codes for the TS functions. */
-
-/* Function codes. */
-#define TS_F_D2I_TS_RESP				 147
-#define TS_F_DEF_SERIAL_CB				 110
-#define TS_F_DEF_TIME_CB				 111
-#define TS_F_ESS_ADD_SIGNING_CERT			 112
-#define TS_F_ESS_CERT_ID_NEW_INIT			 113
-#define TS_F_ESS_SIGNING_CERT_NEW_INIT			 114
-#define TS_F_INT_TS_RESP_VERIFY_TOKEN			 149
-#define TS_F_PKCS7_TO_TS_TST_INFO			 148
-#define TS_F_TS_ACCURACY_SET_MICROS			 115
-#define TS_F_TS_ACCURACY_SET_MILLIS			 116
-#define TS_F_TS_ACCURACY_SET_SECONDS			 117
-#define TS_F_TS_CHECK_IMPRINTS				 100
-#define TS_F_TS_CHECK_NONCES				 101
-#define TS_F_TS_CHECK_POLICY				 102
-#define TS_F_TS_CHECK_SIGNING_CERTS			 103
-#define TS_F_TS_CHECK_STATUS_INFO			 104
-#define TS_F_TS_COMPUTE_IMPRINT				 145
-#define TS_F_TS_CONF_SET_DEFAULT_ENGINE			 146
-#define TS_F_TS_GET_STATUS_TEXT				 105
-#define TS_F_TS_MSG_IMPRINT_SET_ALGO			 118
-#define TS_F_TS_REQ_SET_MSG_IMPRINT			 119
-#define TS_F_TS_REQ_SET_NONCE				 120
-#define TS_F_TS_REQ_SET_POLICY_ID			 121
-#define TS_F_TS_RESP_CREATE_RESPONSE			 122
-#define TS_F_TS_RESP_CREATE_TST_INFO			 123
-#define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO		 124
-#define TS_F_TS_RESP_CTX_ADD_MD				 125
-#define TS_F_TS_RESP_CTX_ADD_POLICY			 126
-#define TS_F_TS_RESP_CTX_NEW				 127
-#define TS_F_TS_RESP_CTX_SET_ACCURACY			 128
-#define TS_F_TS_RESP_CTX_SET_CERTS			 129
-#define TS_F_TS_RESP_CTX_SET_DEF_POLICY			 130
-#define TS_F_TS_RESP_CTX_SET_SIGNER_CERT		 131
-#define TS_F_TS_RESP_CTX_SET_STATUS_INFO		 132
-#define TS_F_TS_RESP_GET_POLICY				 133
-#define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION		 134
-#define TS_F_TS_RESP_SET_STATUS_INFO			 135
-#define TS_F_TS_RESP_SET_TST_INFO			 150
-#define TS_F_TS_RESP_SIGN				 136
-#define TS_F_TS_RESP_VERIFY_SIGNATURE			 106
-#define TS_F_TS_RESP_VERIFY_TOKEN			 107
-#define TS_F_TS_TST_INFO_SET_ACCURACY			 137
-#define TS_F_TS_TST_INFO_SET_MSG_IMPRINT		 138
-#define TS_F_TS_TST_INFO_SET_NONCE			 139
-#define TS_F_TS_TST_INFO_SET_POLICY_ID			 140
-#define TS_F_TS_TST_INFO_SET_SERIAL			 141
-#define TS_F_TS_TST_INFO_SET_TIME			 142
-#define TS_F_TS_TST_INFO_SET_TSA			 143
-#define TS_F_TS_VERIFY					 108
-#define TS_F_TS_VERIFY_CERT				 109
-#define TS_F_TS_VERIFY_CTX_NEW				 144
-
-/* Reason codes. */
-#define TS_R_BAD_PKCS7_TYPE				 132
-#define TS_R_BAD_TYPE					 133
-#define TS_R_CERTIFICATE_VERIFY_ERROR			 100
-#define TS_R_COULD_NOT_SET_ENGINE			 127
-#define TS_R_COULD_NOT_SET_TIME				 115
-#define TS_R_D2I_TS_RESP_INT_FAILED			 128
-#define TS_R_DETACHED_CONTENT				 134
-#define TS_R_ESS_ADD_SIGNING_CERT_ERROR			 116
-#define TS_R_ESS_SIGNING_CERTIFICATE_ERROR		 101
-#define TS_R_INVALID_NULL_POINTER			 102
-#define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE		 117
-#define TS_R_MESSAGE_IMPRINT_MISMATCH			 103
-#define TS_R_NONCE_MISMATCH				 104
-#define TS_R_NONCE_NOT_RETURNED				 105
-#define TS_R_NO_CONTENT					 106
-#define TS_R_NO_TIME_STAMP_TOKEN			 107
-#define TS_R_PKCS7_ADD_SIGNATURE_ERROR			 118
-#define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR		 119
-#define TS_R_PKCS7_TO_TS_TST_INFO_FAILED		 129
-#define TS_R_POLICY_MISMATCH				 108
-#define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 120
-#define TS_R_RESPONSE_SETUP_ERROR			 121
-#define TS_R_SIGNATURE_FAILURE				 109
-#define TS_R_THERE_MUST_BE_ONE_SIGNER			 110
-#define TS_R_TIME_SYSCALL_ERROR				 122
-#define TS_R_TOKEN_NOT_PRESENT				 130
-#define TS_R_TOKEN_PRESENT				 131
-#define TS_R_TSA_NAME_MISMATCH				 111
-#define TS_R_TSA_UNTRUSTED				 112
-#define TS_R_TST_INFO_SETUP_ERROR			 123
-#define TS_R_TS_DATASIGN				 124
-#define TS_R_UNACCEPTABLE_POLICY			 125
-#define TS_R_UNSUPPORTED_MD_ALGORITHM			 126
-#define TS_R_UNSUPPORTED_VERSION			 113
-#define TS_R_WRONG_CONTENT_TYPE				 114
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/txt_db.h b/include/openssl/txt_db.h
deleted file mode 100644
index 6abe435bc8..0000000000
--- a/include/openssl/txt_db.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/* crypto/txt_db/txt_db.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_TXT_DB_H
-#define HEADER_TXT_DB_H
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/stack.h>
-#include <openssl/lhash.h>
-
-#define DB_ERROR_OK			0
-#define DB_ERROR_MALLOC			1
-#define DB_ERROR_INDEX_CLASH    	2
-#define DB_ERROR_INDEX_OUT_OF_RANGE	3
-#define DB_ERROR_NO_INDEX		4
-#define DB_ERROR_INSERT_INDEX_CLASH    	5
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-typedef OPENSSL_STRING *OPENSSL_PSTRING;
-DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
-
-typedef struct txt_db_st
-	{
-	int num_fields;
-	STACK_OF(OPENSSL_PSTRING) *data;
-	LHASH_OF(OPENSSL_STRING) **index;
-	int (**qual)(OPENSSL_STRING *);
-	long error;
-	long arg1;
-	long arg2;
-	OPENSSL_STRING *arg_row;
-	} TXT_DB;
-
-#ifndef OPENSSL_NO_BIO
-TXT_DB *TXT_DB_read(BIO *in, int num);
-long TXT_DB_write(BIO *out, TXT_DB *db);
-#else
-TXT_DB *TXT_DB_read(char *in, int num);
-long TXT_DB_write(char *out, TXT_DB *db);
-#endif
-int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(OPENSSL_STRING *),
-			LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
-void TXT_DB_free(TXT_DB *db);
-OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value);
-int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/include/openssl/ui.h b/include/openssl/ui.h
deleted file mode 100644
index bd78aa413f..0000000000
--- a/include/openssl/ui.h
+++ /dev/null
@@ -1,383 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_H
-#define HEADER_UI_H
-
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/crypto.h>
-#endif
-#include <openssl/safestack.h>
-#include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Declared already in ossl_typ.h */
-/* typedef struct ui_st UI; */
-/* typedef struct ui_method_st UI_METHOD; */
-
-
-/* All the following functions return -1 or NULL on error and in some cases
-   (UI_process()) -2 if interrupted or in some other way cancelled.
-   When everything is fine, they return 0, a positive value or a non-NULL
-   pointer, all depending on their purpose. */
-
-/* Creators and destructor.   */
-UI *UI_new(void);
-UI *UI_new_method(const UI_METHOD *method);
-void UI_free(UI *ui);
-
-/* The following functions are used to add strings to be printed and prompt
-   strings to prompt for data.  The names are UI_{add,dup}_<function>_string
-   and UI_{add,dup}_input_boolean.
-
-   UI_{add,dup}_<function>_string have the following meanings:
-	add	add a text or prompt string.  The pointers given to these
-		functions are used verbatim, no copying is done.
-	dup	make a copy of the text or prompt string, then add the copy
-		to the collection of strings in the user interface.
-	<function>
-		The function is a name for the functionality that the given
-		string shall be used for.  It can be one of:
-			input	use the string as data prompt.
-			verify	use the string as verification prompt.  This
-				is used to verify a previous input.
-			info	use the string for informational output.
-			error	use the string for error output.
-   Honestly, there's currently no difference between info and error for the
-   moment.
-
-   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
-   and are typically used when one wants to prompt for a yes/no response.
-
-
-   All of the functions in this group take a UI and a prompt string.
-   The string input and verify addition functions also take a flag argument,
-   a buffer for the result to end up with, a minimum input size and a maximum
-   input size (the result buffer MUST be large enough to be able to contain
-   the maximum number of characters).  Additionally, the verify addition
-   functions takes another buffer to compare the result against.
-   The boolean input functions take an action description string (which should
-   be safe to ignore if the expected user action is obvious, for example with
-   a dialog box with an OK button and a Cancel button), a string of acceptable
-   characters to mean OK and to mean Cancel.  The two last strings are checked
-   to make sure they don't have common characters.  Additionally, the same
-   flag argument as for the string input is taken, as well as a result buffer.
-   The result buffer is required to be at least one byte long.  Depending on
-   the answer, the first character from the OK or the Cancel character strings
-   will be stored in the first byte of the result buffer.  No NUL will be
-   added, so the result is *not* a string.
-
-   On success, the all return an index of the added information.  That index
-   is usefull when retrieving results with UI_get0_result(). */
-int UI_add_input_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize);
-int UI_dup_input_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize);
-int UI_add_verify_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize, const char *test_buf);
-int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize, const char *test_buf);
-int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-	const char *ok_chars, const char *cancel_chars,
-	int flags, char *result_buf);
-int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-	const char *ok_chars, const char *cancel_chars,
-	int flags, char *result_buf);
-int UI_add_info_string(UI *ui, const char *text);
-int UI_dup_info_string(UI *ui, const char *text);
-int UI_add_error_string(UI *ui, const char *text);
-int UI_dup_error_string(UI *ui, const char *text);
-
-/* These are the possible flags.  They can be or'ed together. */
-/* Use to have echoing of input */
-#define UI_INPUT_FLAG_ECHO		0x01
-/* Use a default password.  Where that password is found is completely
-   up to the application, it might for example be in the user data set
-   with UI_add_user_data().  It is not recommended to have more than
-   one input in each UI being marked with this flag, or the application
-   might get confused. */
-#define UI_INPUT_FLAG_DEFAULT_PWD	0x02
-
-/* The user of these routines may want to define flags of their own.  The core
-   UI won't look at those, but will pass them on to the method routines.  They
-   must use higher bits so they don't get confused with the UI bits above.
-   UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
-   example of use is this:
-
-	#define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE)
-
-*/
-#define UI_INPUT_FLAG_USER_BASE	16
-
-
-/* The following function helps construct a prompt.  object_desc is a
-   textual short description of the object, for example "pass phrase",
-   and object_name is the name of the object (might be a card name or
-   a file name.
-   The returned string shall always be allocated on the heap with
-   OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
-
-   If the ui_method doesn't contain a pointer to a user-defined prompt
-   constructor, a default string is built, looking like this:
-
-	"Enter {object_desc} for {object_name}:"
-
-   So, if object_desc has the value "pass phrase" and object_name has
-   the value "foo.key", the resulting string is:
-
-	"Enter pass phrase for foo.key:"
-*/
-char *UI_construct_prompt(UI *ui_method,
-	const char *object_desc, const char *object_name);
-
-
-/* The following function is used to store a pointer to user-specific data.
-   Any previous such pointer will be returned and replaced.
-
-   For callback purposes, this function makes a lot more sense than using
-   ex_data, since the latter requires that different parts of OpenSSL or
-   applications share the same ex_data index.
-
-   Note that the UI_OpenSSL() method completely ignores the user data.
-   Other methods may not, however.  */
-void *UI_add_user_data(UI *ui, void *user_data);
-/* We need a user data retrieving function as well.  */
-void *UI_get0_user_data(UI *ui);
-
-/* Return the result associated with a prompt given with the index i. */
-const char *UI_get0_result(UI *ui, int i);
-
-/* When all strings have been added, process the whole thing. */
-int UI_process(UI *ui);
-
-/* Give a user interface parametrised control commands.  This can be used to
-   send down an integer, a data pointer or a function pointer, as well as
-   be used to get information from a UI. */
-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void));
-
-/* The commands */
-/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
-   OpenSSL error stack before printing any info or added error messages and
-   before any prompting. */
-#define UI_CTRL_PRINT_ERRORS		1
-/* Check if a UI_process() is possible to do again with the same instance of
-   a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
-   if not. */
-#define UI_CTRL_IS_REDOABLE		2
-
-
-/* Some methods may use extra data */
-#define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
-#define UI_get_app_data(s)             UI_get_ex_data(s,0)
-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int UI_set_ex_data(UI *r,int idx,void *arg);
-void *UI_get_ex_data(UI *r, int idx);
-
-/* Use specific methods instead of the built-in one */
-void UI_set_default_method(const UI_METHOD *meth);
-const UI_METHOD *UI_get_default_method(void);
-const UI_METHOD *UI_get_method(UI *ui);
-const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
-
-/* The method with all the built-in thingies */
-UI_METHOD *UI_OpenSSL(void);
-
-
-/* ---------- For method writers ---------- */
-/* A method contains a number of functions that implement the low level
-   of the User Interface.  The functions are:
-
-	an opener	This function starts a session, maybe by opening
-			a channel to a tty, or by opening a window.
-	a writer	This function is called to write a given string,
-			maybe to the tty, maybe as a field label in a
-			window.
-	a flusher	This function is called to flush everything that
-			has been output so far.  It can be used to actually
-			display a dialog box after it has been built.
-	a reader	This function is called to read a given prompt,
-			maybe from the tty, maybe from a field in a
-			window.  Note that it's called wth all string
-			structures, not only the prompt ones, so it must
-			check such things itself.
-	a closer	This function closes the session, maybe by closing
-			the channel to the tty, or closing the window.
-
-   All these functions are expected to return:
-
-	0	on error.
-	1	on success.
-	-1	on out-of-band events, for example if some prompting has
-		been canceled (by pressing Ctrl-C, for example).  This is
-		only checked when returned by the flusher or the reader.
-
-   The way this is used, the opener is first called, then the writer for all
-   strings, then the flusher, then the reader for all strings and finally the
-   closer.  Note that if you want to prompt from a terminal or other command
-   line interface, the best is to have the reader also write the prompts
-   instead of having the writer do it.  If you want to prompt from a dialog
-   box, the writer can be used to build up the contents of the box, and the
-   flusher to actually display the box and run the event loop until all data
-   has been given, after which the reader only grabs the given data and puts
-   them back into the UI strings.
-
-   All method functions take a UI as argument.  Additionally, the writer and
-   the reader take a UI_STRING.
-*/
-
-/* The UI_STRING type is the data structure that contains all the needed info
-   about a string or a prompt, including test data for a verification prompt.
-*/
-typedef struct ui_string_st UI_STRING;
-DECLARE_STACK_OF(UI_STRING)
-
-/* The different types of strings that are currently supported.
-   This is only needed by method authors. */
-enum UI_string_types
-	{
-	UIT_NONE=0,
-	UIT_PROMPT,		/* Prompt for a string */
-	UIT_VERIFY,		/* Prompt for a string and verify */
-	UIT_BOOLEAN,		/* Prompt for a yes/no response */
-	UIT_INFO,		/* Send info to the user */
-	UIT_ERROR		/* Send an error message to the user */
-	};
-
-/* Create and manipulate methods */
-UI_METHOD *UI_create_method(char *name);
-void UI_destroy_method(UI_METHOD *ui_method);
-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui));
-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis));
-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui));
-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));
-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui));
-int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor)(UI* ui, const char* object_desc, const char* object_name));
-int (*UI_method_get_opener(UI_METHOD *method))(UI*);
-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);
-int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);
-int (*UI_method_get_closer(UI_METHOD *method))(UI*);
-char * (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*);
-
-/* The following functions are helpers for method writers to access relevant
-   data from a UI_STRING. */
-
-/* Return type of the UI_STRING */
-enum UI_string_types UI_get_string_type(UI_STRING *uis);
-/* Return input flags of the UI_STRING */
-int UI_get_input_flags(UI_STRING *uis);
-/* Return the actual string to output (the prompt, info or error) */
-const char *UI_get0_output_string(UI_STRING *uis);
-/* Return the optional action string to output (the boolean promtp instruction) */
-const char *UI_get0_action_string(UI_STRING *uis);
-/* Return the result of a prompt */
-const char *UI_get0_result_string(UI_STRING *uis);
-/* Return the string to test the result against.  Only useful with verifies. */
-const char *UI_get0_test_string(UI_STRING *uis);
-/* Return the required minimum size of the result */
-int UI_get_result_minsize(UI_STRING *uis);
-/* Return the required maximum size of the result */
-int UI_get_result_maxsize(UI_STRING *uis);
-/* Set the result of a UI_STRING. */
-int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
-
-
-/* A couple of popular utility functions */
-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify);
-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_UI_strings(void);
-
-/* Error codes for the UI functions. */
-
-/* Function codes. */
-#define UI_F_GENERAL_ALLOCATE_BOOLEAN			 108
-#define UI_F_GENERAL_ALLOCATE_PROMPT			 109
-#define UI_F_GENERAL_ALLOCATE_STRING			 100
-#define UI_F_UI_CTRL					 111
-#define UI_F_UI_DUP_ERROR_STRING			 101
-#define UI_F_UI_DUP_INFO_STRING				 102
-#define UI_F_UI_DUP_INPUT_BOOLEAN			 110
-#define UI_F_UI_DUP_INPUT_STRING			 103
-#define UI_F_UI_DUP_VERIFY_STRING			 106
-#define UI_F_UI_GET0_RESULT				 107
-#define UI_F_UI_NEW_METHOD				 104
-#define UI_F_UI_SET_RESULT				 105
-
-/* Reason codes. */
-#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS		 104
-#define UI_R_INDEX_TOO_LARGE				 102
-#define UI_R_INDEX_TOO_SMALL				 103
-#define UI_R_NO_RESULT_BUFFER				 105
-#define UI_R_RESULT_TOO_LARGE				 100
-#define UI_R_RESULT_TOO_SMALL				 101
-#define UI_R_UNKNOWN_CONTROL_COMMAND			 106
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/ui_compat.h b/include/openssl/ui_compat.h
deleted file mode 100644
index b35c9bb7fd..0000000000
--- a/include/openssl/ui_compat.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_COMPAT_H
-#define HEADER_UI_COMPAT_H
-
-#include <openssl/opensslconf.h>
-#include <openssl/ui.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* The following functions were previously part of the DES section,
-   and are provided here for backward compatibility reasons. */
-
-#define des_read_pw_string(b,l,p,v) \
-	_ossl_old_des_read_pw_string((b),(l),(p),(v))
-#define des_read_pw(b,bf,s,p,v) \
-	_ossl_old_des_read_pw((b),(bf),(s),(p),(v))
-
-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify);
-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
deleted file mode 100644
index ed767f84dd..0000000000
--- a/include/openssl/x509.h
+++ /dev/null
@@ -1,1298 +0,0 @@
-/* crypto/x509/x509.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_X509_H
-#define HEADER_X509_H
-
-#include <openssl/e_os2.h>
-#include <openssl/symhacks.h>
-#ifndef OPENSSL_NO_BUFFER
-#include <openssl/buffer.h>
-#endif
-#ifndef OPENSSL_NO_EVP
-#include <openssl/evp.h>
-#endif
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/stack.h>
-#include <openssl/asn1.h>
-#include <openssl/safestack.h>
-
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-
-#ifndef OPENSSL_NO_DEPRECATED
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#endif
-
-#ifndef OPENSSL_NO_SHA
-#include <openssl/sha.h>
-#endif
-#include <openssl/ossl_typ.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#undef X509_NAME
-#undef X509_CERT_PAIR
-#undef X509_EXTENSIONS
-#endif
-
-#define X509_FILETYPE_PEM	1
-#define X509_FILETYPE_ASN1	2
-#define X509_FILETYPE_DEFAULT	3
-
-#define X509v3_KU_DIGITAL_SIGNATURE	0x0080
-#define X509v3_KU_NON_REPUDIATION	0x0040
-#define X509v3_KU_KEY_ENCIPHERMENT	0x0020
-#define X509v3_KU_DATA_ENCIPHERMENT	0x0010
-#define X509v3_KU_KEY_AGREEMENT		0x0008
-#define X509v3_KU_KEY_CERT_SIGN		0x0004
-#define X509v3_KU_CRL_SIGN		0x0002
-#define X509v3_KU_ENCIPHER_ONLY		0x0001
-#define X509v3_KU_DECIPHER_ONLY		0x8000
-#define X509v3_KU_UNDEF			0xffff
-
-typedef struct X509_objects_st
-	{
-	int nid;
-	int (*a2i)(void);
-	int (*i2a)(void);
-	} X509_OBJECTS;
-
-struct X509_algor_st
-	{
-	ASN1_OBJECT *algorithm;
-	ASN1_TYPE *parameter;
-	} /* X509_ALGOR */;
-
-DECLARE_ASN1_SET_OF(X509_ALGOR)
-
-typedef STACK_OF(X509_ALGOR) X509_ALGORS;
-
-typedef struct X509_val_st
-	{
-	ASN1_TIME *notBefore;
-	ASN1_TIME *notAfter;
-	} X509_VAL;
-
-struct X509_pubkey_st
-	{
-	X509_ALGOR *algor;
-	ASN1_BIT_STRING *public_key;
-	EVP_PKEY *pkey;
-	};
-
-typedef struct X509_sig_st
-	{
-	X509_ALGOR *algor;
-	ASN1_OCTET_STRING *digest;
-	} X509_SIG;
-
-typedef struct X509_name_entry_st
-	{
-	ASN1_OBJECT *object;
-	ASN1_STRING *value;
-	int set;
-	int size; 	/* temp variable */
-	} X509_NAME_ENTRY;
-
-DECLARE_STACK_OF(X509_NAME_ENTRY)
-DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
-
-/* we always keep X509_NAMEs in 2 forms. */
-struct X509_name_st
-	{
-	STACK_OF(X509_NAME_ENTRY) *entries;
-	int modified;	/* true if 'bytes' needs to be built */
-#ifndef OPENSSL_NO_BUFFER
-	BUF_MEM *bytes;
-#else
-	char *bytes;
-#endif
-/*	unsigned long hash; Keep the hash around for lookups */
-	unsigned char *canon_enc;
-	int canon_enclen;
-	} /* X509_NAME */;
-
-DECLARE_STACK_OF(X509_NAME)
-
-#define X509_EX_V_NETSCAPE_HACK		0x8000
-#define X509_EX_V_INIT			0x0001
-typedef struct X509_extension_st
-	{
-	ASN1_OBJECT *object;
-	ASN1_BOOLEAN critical;
-	ASN1_OCTET_STRING *value;
-	} X509_EXTENSION;
-
-typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
-
-DECLARE_STACK_OF(X509_EXTENSION)
-DECLARE_ASN1_SET_OF(X509_EXTENSION)
-
-/* a sequence of these are used */
-typedef struct x509_attributes_st
-	{
-	ASN1_OBJECT *object;
-	int single; /* 0 for a set, 1 for a single item (which is wrong) */
-	union	{
-		char		*ptr;
-/* 0 */		STACK_OF(ASN1_TYPE) *set;
-/* 1 */		ASN1_TYPE	*single;
-		} value;
-	} X509_ATTRIBUTE;
-
-DECLARE_STACK_OF(X509_ATTRIBUTE)
-DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
-
-
-typedef struct X509_req_info_st
-	{
-	ASN1_ENCODING enc;
-	ASN1_INTEGER *version;
-	X509_NAME *subject;
-	X509_PUBKEY *pubkey;
-	/*  d=2 hl=2 l=  0 cons: cont: 00 */
-	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
-	} X509_REQ_INFO;
-
-typedef struct X509_req_st
-	{
-	X509_REQ_INFO *req_info;
-	X509_ALGOR *sig_alg;
-	ASN1_BIT_STRING *signature;
-	int references;
-	} X509_REQ;
-
-typedef struct x509_cinf_st
-	{
-	ASN1_INTEGER *version;		/* [ 0 ] default of v1 */
-	ASN1_INTEGER *serialNumber;
-	X509_ALGOR *signature;
-	X509_NAME *issuer;
-	X509_VAL *validity;
-	X509_NAME *subject;
-	X509_PUBKEY *key;
-	ASN1_BIT_STRING *issuerUID;		/* [ 1 ] optional in v2 */
-	ASN1_BIT_STRING *subjectUID;		/* [ 2 ] optional in v2 */
-	STACK_OF(X509_EXTENSION) *extensions;	/* [ 3 ] optional in v3 */
-	ASN1_ENCODING enc;
-	} X509_CINF;
-
-/* This stuff is certificate "auxiliary info"
- * it contains details which are useful in certificate
- * stores and databases. When used this is tagged onto
- * the end of the certificate itself
- */
-
-typedef struct x509_cert_aux_st
-	{
-	STACK_OF(ASN1_OBJECT) *trust;		/* trusted uses */
-	STACK_OF(ASN1_OBJECT) *reject;		/* rejected uses */
-	ASN1_UTF8STRING *alias;			/* "friendly name" */
-	ASN1_OCTET_STRING *keyid;		/* key id of private key */
-	STACK_OF(X509_ALGOR) *other;		/* other unspecified info */
-	} X509_CERT_AUX;
-
-struct x509_st
-	{
-	X509_CINF *cert_info;
-	X509_ALGOR *sig_alg;
-	ASN1_BIT_STRING *signature;
-	int valid;
-	int references;
-	char *name;
-	CRYPTO_EX_DATA ex_data;
-	/* These contain copies of various extension values */
-	long ex_pathlen;
-	long ex_pcpathlen;
-	unsigned long ex_flags;
-	unsigned long ex_kusage;
-	unsigned long ex_xkusage;
-	unsigned long ex_nscert;
-	ASN1_OCTET_STRING *skid;
-	AUTHORITY_KEYID *akid;
-	X509_POLICY_CACHE *policy_cache;
-	STACK_OF(DIST_POINT) *crldp;
-	STACK_OF(GENERAL_NAME) *altname;
-	NAME_CONSTRAINTS *nc;
-#ifndef OPENSSL_NO_RFC3779
-	STACK_OF(IPAddressFamily) *rfc3779_addr;
-	struct ASIdentifiers_st *rfc3779_asid;
-#endif
-#ifndef OPENSSL_NO_SHA
-	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-#endif
-	X509_CERT_AUX *aux;
-	} /* X509 */;
-
-DECLARE_STACK_OF(X509)
-DECLARE_ASN1_SET_OF(X509)
-
-/* This is used for a table of trust checking functions */
-
-typedef struct x509_trust_st {
-	int trust;
-	int flags;
-	int (*check_trust)(struct x509_trust_st *, X509 *, int);
-	char *name;
-	int arg1;
-	void *arg2;
-} X509_TRUST;
-
-DECLARE_STACK_OF(X509_TRUST)
-
-typedef struct x509_cert_pair_st {
-	X509 *forward;
-	X509 *reverse;
-} X509_CERT_PAIR;
-
-/* standard trust ids */
-
-#define X509_TRUST_DEFAULT	-1	/* Only valid in purpose settings */
-
-#define X509_TRUST_COMPAT	1
-#define X509_TRUST_SSL_CLIENT	2
-#define X509_TRUST_SSL_SERVER	3
-#define X509_TRUST_EMAIL	4
-#define X509_TRUST_OBJECT_SIGN	5
-#define X509_TRUST_OCSP_SIGN	6
-#define X509_TRUST_OCSP_REQUEST	7
-#define X509_TRUST_TSA		8
-
-/* Keep these up to date! */
-#define X509_TRUST_MIN		1
-#define X509_TRUST_MAX		8
-
-
-/* trust_flags values */
-#define	X509_TRUST_DYNAMIC 	1
-#define	X509_TRUST_DYNAMIC_NAME	2
-
-/* check_trust return codes */
-
-#define X509_TRUST_TRUSTED	1
-#define X509_TRUST_REJECTED	2
-#define X509_TRUST_UNTRUSTED	3
-
-/* Flags for X509_print_ex() */
-
-#define	X509_FLAG_COMPAT		0
-#define	X509_FLAG_NO_HEADER		1L
-#define	X509_FLAG_NO_VERSION		(1L << 1)
-#define	X509_FLAG_NO_SERIAL		(1L << 2)
-#define	X509_FLAG_NO_SIGNAME		(1L << 3)
-#define	X509_FLAG_NO_ISSUER		(1L << 4)
-#define	X509_FLAG_NO_VALIDITY		(1L << 5)
-#define	X509_FLAG_NO_SUBJECT		(1L << 6)
-#define	X509_FLAG_NO_PUBKEY		(1L << 7)
-#define	X509_FLAG_NO_EXTENSIONS		(1L << 8)
-#define	X509_FLAG_NO_SIGDUMP		(1L << 9)
-#define	X509_FLAG_NO_AUX		(1L << 10)
-#define	X509_FLAG_NO_ATTRIBUTES		(1L << 11)
-
-/* Flags specific to X509_NAME_print_ex() */	
-
-/* The field separator information */
-
-#define XN_FLAG_SEP_MASK	(0xf << 16)
-
-#define XN_FLAG_COMPAT		0		/* Traditional SSLeay: use old X509_NAME_print */
-#define XN_FLAG_SEP_COMMA_PLUS	(1 << 16)	/* RFC2253 ,+ */
-#define XN_FLAG_SEP_CPLUS_SPC	(2 << 16)	/* ,+ spaced: more readable */
-#define XN_FLAG_SEP_SPLUS_SPC	(3 << 16)	/* ;+ spaced */
-#define XN_FLAG_SEP_MULTILINE	(4 << 16)	/* One line per field */
-
-#define XN_FLAG_DN_REV		(1 << 20)	/* Reverse DN order */
-
-/* How the field name is shown */
-
-#define XN_FLAG_FN_MASK		(0x3 << 21)
-
-#define XN_FLAG_FN_SN		0		/* Object short name */
-#define XN_FLAG_FN_LN		(1 << 21)	/* Object long name */
-#define XN_FLAG_FN_OID		(2 << 21)	/* Always use OIDs */
-#define XN_FLAG_FN_NONE		(3 << 21)	/* No field names */
-
-#define XN_FLAG_SPC_EQ		(1 << 23)	/* Put spaces round '=' */
-
-/* This determines if we dump fields we don't recognise:
- * RFC2253 requires this.
- */
-
-#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
-
-#define XN_FLAG_FN_ALIGN	(1 << 25)	/* Align field names to 20 characters */
-
-/* Complete set of RFC2253 flags */
-
-#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
-			XN_FLAG_SEP_COMMA_PLUS | \
-			XN_FLAG_DN_REV | \
-			XN_FLAG_FN_SN | \
-			XN_FLAG_DUMP_UNKNOWN_FIELDS)
-
-/* readable oneline form */
-
-#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
-			ASN1_STRFLGS_ESC_QUOTE | \
-			XN_FLAG_SEP_CPLUS_SPC | \
-			XN_FLAG_SPC_EQ | \
-			XN_FLAG_FN_SN)
-
-/* readable multiline form */
-
-#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
-			ASN1_STRFLGS_ESC_MSB | \
-			XN_FLAG_SEP_MULTILINE | \
-			XN_FLAG_SPC_EQ | \
-			XN_FLAG_FN_LN | \
-			XN_FLAG_FN_ALIGN)
-
-struct x509_revoked_st
-	{
-	ASN1_INTEGER *serialNumber;
-	ASN1_TIME *revocationDate;
-	STACK_OF(X509_EXTENSION) /* optional */ *extensions;
-	/* Set up if indirect CRL */
-	STACK_OF(GENERAL_NAME) *issuer;
-	/* Revocation reason */
-	int reason;
-	int sequence; /* load sequence */
-	};
-
-DECLARE_STACK_OF(X509_REVOKED)
-DECLARE_ASN1_SET_OF(X509_REVOKED)
-
-typedef struct X509_crl_info_st
-	{
-	ASN1_INTEGER *version;
-	X509_ALGOR *sig_alg;
-	X509_NAME *issuer;
-	ASN1_TIME *lastUpdate;
-	ASN1_TIME *nextUpdate;
-	STACK_OF(X509_REVOKED) *revoked;
-	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
-	ASN1_ENCODING enc;
-	} X509_CRL_INFO;
-
-struct X509_crl_st
-	{
-	/* actual signature */
-	X509_CRL_INFO *crl;
-	X509_ALGOR *sig_alg;
-	ASN1_BIT_STRING *signature;
-	int references;
-	int flags;
-	/* Copies of various extensions */
-	AUTHORITY_KEYID *akid;
-	ISSUING_DIST_POINT *idp;
-	/* Convenient breakdown of IDP */
-	int idp_flags;
-	int idp_reasons;
-	/* CRL and base CRL numbers for delta processing */
-	ASN1_INTEGER *crl_number;
-	ASN1_INTEGER *base_crl_number;
-#ifndef OPENSSL_NO_SHA
-	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-#endif
-	STACK_OF(GENERAL_NAMES) *issuers;
-	const X509_CRL_METHOD *meth;
-	void *meth_data;
-	} /* X509_CRL */;
-
-DECLARE_STACK_OF(X509_CRL)
-DECLARE_ASN1_SET_OF(X509_CRL)
-
-typedef struct private_key_st
-	{
-	int version;
-	/* The PKCS#8 data types */
-	X509_ALGOR *enc_algor;
-	ASN1_OCTET_STRING *enc_pkey;	/* encrypted pub key */
-
-	/* When decrypted, the following will not be NULL */
-	EVP_PKEY *dec_pkey;
-
-	/* used to encrypt and decrypt */
-	int key_length;
-	char *key_data;
-	int key_free;	/* true if we should auto free key_data */
-
-	/* expanded version of 'enc_algor' */
-	EVP_CIPHER_INFO cipher;
-
-	int references;
-	} X509_PKEY;
-
-#ifndef OPENSSL_NO_EVP
-typedef struct X509_info_st
-	{
-	X509 *x509;
-	X509_CRL *crl;
-	X509_PKEY *x_pkey;
-
-	EVP_CIPHER_INFO enc_cipher;
-	int enc_len;
-	char *enc_data;
-
-	int references;
-	} X509_INFO;
-
-DECLARE_STACK_OF(X509_INFO)
-#endif
-
-/* The next 2 structures and their 8 routines were sent to me by
- * Pat Richard <patr@x509.com> and are used to manipulate
- * Netscapes spki structures - useful if you are writing a CA web page
- */
-typedef struct Netscape_spkac_st
-	{
-	X509_PUBKEY *pubkey;
-	ASN1_IA5STRING *challenge;	/* challenge sent in atlas >= PR2 */
-	} NETSCAPE_SPKAC;
-
-typedef struct Netscape_spki_st
-	{
-	NETSCAPE_SPKAC *spkac;	/* signed public key and challenge */
-	X509_ALGOR *sig_algor;
-	ASN1_BIT_STRING *signature;
-	} NETSCAPE_SPKI;
-
-/* Netscape certificate sequence structure */
-typedef struct Netscape_certificate_sequence
-	{
-	ASN1_OBJECT *type;
-	STACK_OF(X509) *certs;
-	} NETSCAPE_CERT_SEQUENCE;
-
-/* Unused (and iv length is wrong)
-typedef struct CBCParameter_st
-	{
-	unsigned char iv[8];
-	} CBC_PARAM;
-*/
-
-/* Password based encryption structure */
-
-typedef struct PBEPARAM_st {
-ASN1_OCTET_STRING *salt;
-ASN1_INTEGER *iter;
-} PBEPARAM;
-
-/* Password based encryption V2 structures */
-
-typedef struct PBE2PARAM_st {
-X509_ALGOR *keyfunc;
-X509_ALGOR *encryption;
-} PBE2PARAM;
-
-typedef struct PBKDF2PARAM_st {
-ASN1_TYPE *salt;	/* Usually OCTET STRING but could be anything */
-ASN1_INTEGER *iter;
-ASN1_INTEGER *keylength;
-X509_ALGOR *prf;
-} PBKDF2PARAM;
-
-
-/* PKCS#8 private key info structure */
-
-struct pkcs8_priv_key_info_st
-        {
-        int broken;     /* Flag for various broken formats */
-#define PKCS8_OK		0
-#define PKCS8_NO_OCTET		1
-#define PKCS8_EMBEDDED_PARAM	2
-#define PKCS8_NS_DB		3
-#define PKCS8_NEG_PRIVKEY	4
-        ASN1_INTEGER *version;
-        X509_ALGOR *pkeyalg;
-        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
-        STACK_OF(X509_ATTRIBUTE) *attributes;
-        };
-
-#ifdef  __cplusplus
-}
-#endif
-
-#include <openssl/x509_vfy.h>
-#include <openssl/pkcs7.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define X509_EXT_PACK_UNKNOWN	1
-#define X509_EXT_PACK_STRING	2
-
-#define		X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
-/* #define	X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
-#define		X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
-#define		X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
-#define		X509_extract_key(x)	X509_get_pubkey(x) /*****/
-#define		X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
-#define		X509_REQ_get_subject_name(x) ((x)->req_info->subject)
-#define		X509_REQ_extract_key(a)	X509_REQ_get_pubkey(a)
-#define		X509_name_cmp(a,b)	X509_NAME_cmp((a),(b))
-#define		X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
-
-#define		X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
-#define 	X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-#define 	X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-#define		X509_CRL_get_issuer(x) ((x)->crl->issuer)
-#define		X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
-
-void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
-X509_CRL_METHOD *X509_CRL_METHOD_new(
-	int (*crl_init)(X509_CRL *crl),
-	int (*crl_free)(X509_CRL *crl),
-	int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
-				ASN1_INTEGER *ser, X509_NAME *issuer),
-	int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk));
-void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
-
-void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
-void *X509_CRL_get_meth_data(X509_CRL *crl);
-
-/* This one is only used so that a binary form can output, as in
- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
-#define 	X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
-
-
-const char *X509_verify_cert_error_string(long n);
-
-#ifndef OPENSSL_NO_EVP
-int X509_verify(X509 *a, EVP_PKEY *r);
-
-int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
-
-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
-EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
-int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
-
-int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
-
-int X509_signature_dump(BIO *bp,const ASN1_STRING *sig, int indent);
-int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
-
-int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
-
-int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-int X509_digest(const X509 *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
-		unsigned char *md, unsigned int *len);
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-X509 *d2i_X509_fp(FILE *fp, X509 **x509);
-int i2d_X509_fp(FILE *fp,X509 *x509);
-X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
-int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
-int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
-#ifndef OPENSSL_NO_RSA
-RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
-int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
-RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
-int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
-RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
-int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
-#endif
-#ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
-int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
-#endif
-#ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
-int   i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
-int   i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
-#endif
-X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
-int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
-						PKCS8_PRIV_KEY_INFO **p8inf);
-int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
-int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
-int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
-int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-X509 *d2i_X509_bio(BIO *bp,X509 **x509);
-int i2d_X509_bio(BIO *bp,X509 *x509);
-X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
-int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
-int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
-#ifndef OPENSSL_NO_RSA
-RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
-int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
-RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
-int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
-RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
-int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
-#endif
-#ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
-int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
-#endif
-#ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
-int   i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
-int   i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
-#endif
-X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
-int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
-						PKCS8_PRIV_KEY_INFO **p8inf);
-int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
-int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
-int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
-int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
-#endif
-
-X509 *X509_dup(X509 *x509);
-X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
-X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
-X509_CRL *X509_CRL_dup(X509_CRL *crl);
-X509_REQ *X509_REQ_dup(X509_REQ *req);
-X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-						X509_ALGOR *algor);
-void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
-int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
-
-X509_NAME *X509_NAME_dup(X509_NAME *xn);
-X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
-
-int		X509_cmp_time(const ASN1_TIME *s, time_t *t);
-int		X509_cmp_current_time(const ASN1_TIME *s);
-ASN1_TIME *	X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
-ASN1_TIME *	X509_time_adj_ex(ASN1_TIME *s,
-				int offset_day, long offset_sec, time_t *t);
-ASN1_TIME *	X509_gmtime_adj(ASN1_TIME *s, long adj);
-
-const char *	X509_get_default_cert_area(void );
-const char *	X509_get_default_cert_dir(void );
-const char *	X509_get_default_cert_file(void );
-const char *	X509_get_default_cert_dir_env(void );
-const char *	X509_get_default_cert_file_env(void );
-const char *	X509_get_default_private_dir(void );
-
-X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
-X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
-
-DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
-DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
-DECLARE_ASN1_FUNCTIONS(X509_VAL)
-
-DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
-
-int		X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
-EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);
-int		X509_get_pubkey_parameters(EVP_PKEY *pkey,
-					   STACK_OF(X509) *chain);
-int		i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
-EVP_PKEY *	d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp,
-			long length);
-#ifndef OPENSSL_NO_RSA
-int		i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
-RSA *		d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp,
-			long length);
-#endif
-#ifndef OPENSSL_NO_DSA
-int		i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
-DSA *		d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp,
-			long length);
-#endif
-#ifndef OPENSSL_NO_EC
-int		i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
-EC_KEY 		*d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,
-			long length);
-#endif
-
-DECLARE_ASN1_FUNCTIONS(X509_SIG)
-DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
-DECLARE_ASN1_FUNCTIONS(X509_REQ)
-
-DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
-
-DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
-DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
-
-DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
-
-DECLARE_ASN1_FUNCTIONS(X509_NAME)
-
-int		X509_NAME_set(X509_NAME **xn, X509_NAME *name);
-
-DECLARE_ASN1_FUNCTIONS(X509_CINF)
-
-DECLARE_ASN1_FUNCTIONS(X509)
-DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
-
-DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)
-
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int X509_set_ex_data(X509 *r, int idx, void *arg);
-void *X509_get_ex_data(X509 *r, int idx);
-int		i2d_X509_AUX(X509 *a,unsigned char **pp);
-X509 *		d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
-
-int X509_alias_set1(X509 *x, unsigned char *name, int len);
-int X509_keyid_set1(X509 *x, unsigned char *id, int len);
-unsigned char * X509_alias_get0(X509 *x, int *len);
-unsigned char * X509_keyid_get0(X509 *x, int *len);
-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
-int X509_TRUST_set(int *t, int trust);
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
-void X509_trust_clear(X509 *x);
-void X509_reject_clear(X509 *x);
-
-DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
-DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
-DECLARE_ASN1_FUNCTIONS(X509_CRL)
-
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-int X509_CRL_get0_by_serial(X509_CRL *crl,
-		X509_REVOKED **ret, ASN1_INTEGER *serial);
-int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
-
-X509_PKEY *	X509_PKEY_new(void );
-void		X509_PKEY_free(X509_PKEY *a);
-int		i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
-X509_PKEY *	d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length);
-
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
-
-#ifndef OPENSSL_NO_EVP
-X509_INFO *	X509_INFO_new(void);
-void		X509_INFO_free(X509_INFO *a);
-char *		X509_NAME_oneline(X509_NAME *a,char *buf,int size);
-
-int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
-		ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
-
-int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data,
-		unsigned char *md,unsigned int *len);
-
-int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
-	      X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
-	      char *data,EVP_PKEY *pkey, const EVP_MD *type);
-
-int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
-	unsigned char *md,unsigned int *len);
-
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
-	ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
-
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
-	ASN1_BIT_STRING *signature,
-	void *data, EVP_PKEY *pkey, const EVP_MD *type);
-int ASN1_item_sign_ctx(const ASN1_ITEM *it,
-		X509_ALGOR *algor1, X509_ALGOR *algor2,
-	     	ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx);
-#endif
-
-int 		X509_set_version(X509 *x,long version);
-int 		X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
-ASN1_INTEGER *	X509_get_serialNumber(X509 *x);
-int 		X509_set_issuer_name(X509 *x, X509_NAME *name);
-X509_NAME *	X509_get_issuer_name(X509 *a);
-int 		X509_set_subject_name(X509 *x, X509_NAME *name);
-X509_NAME *	X509_get_subject_name(X509 *a);
-int 		X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
-int 		X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
-int 		X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
-EVP_PKEY *	X509_get_pubkey(X509 *x);
-ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
-int		X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
-
-int		X509_REQ_set_version(X509_REQ *x,long version);
-int		X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
-int		X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
-EVP_PKEY *	X509_REQ_get_pubkey(X509_REQ *req);
-int		X509_REQ_extension_nid(int nid);
-int *		X509_REQ_get_extension_nids(void);
-void		X509_REQ_set_extension_nids(int *nids);
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
-int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
-				int nid);
-int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
-int X509_REQ_get_attr_count(const X509_REQ *req);
-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
-			  int lastpos);
-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
-			  int lastpos);
-X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
-X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
-int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len);
-int X509_REQ_add1_attr_by_NID(X509_REQ *req,
-			int nid, int type,
-			const unsigned char *bytes, int len);
-int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len);
-
-int X509_CRL_set_version(X509_CRL *x, long version);
-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
-int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
-int X509_CRL_sort(X509_CRL *crl);
-
-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
-int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
-
-int		X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
-
-int		X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
-
-int		X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
-unsigned long	X509_issuer_and_serial_hash(X509 *a);
-
-int		X509_issuer_name_cmp(const X509 *a, const X509 *b);
-unsigned long	X509_issuer_name_hash(X509 *a);
-
-int		X509_subject_name_cmp(const X509 *a, const X509 *b);
-unsigned long	X509_subject_name_hash(X509 *x);
-
-#ifndef OPENSSL_NO_MD5
-unsigned long	X509_issuer_name_hash_old(X509 *a);
-unsigned long	X509_subject_name_hash_old(X509 *x);
-#endif
-
-int		X509_cmp(const X509 *a, const X509 *b);
-int		X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
-unsigned long	X509_NAME_hash(X509_NAME *x);
-unsigned long	X509_NAME_hash_old(X509_NAME *x);
-
-int		X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
-int		X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
-#ifndef OPENSSL_NO_FP_API
-int		X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
-int		X509_print_fp(FILE *bp,X509 *x);
-int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);
-int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
-int		X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
-int		X509_print(BIO *bp,X509 *x);
-int		X509_ocspid_print(BIO *bp,X509 *x);
-int		X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
-int		X509_CRL_print(BIO *bp,X509_CRL *x);
-int		X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
-int		X509_REQ_print(BIO *bp,X509_REQ *req);
-#endif
-
-int 		X509_NAME_entry_count(X509_NAME *name);
-int 		X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
-			char *buf,int len);
-int		X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
-			char *buf,int len);
-
-/* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
- * lastpos, search after that position on. */
-int 		X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-int 		X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
-			int lastpos);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-int 		X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
-			int loc, int set);
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
-			unsigned char *bytes, int len, int loc, int set);
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
-			unsigned char *bytes, int len, int loc, int set);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
-		const char *field, int type, const unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
-			int type,unsigned char *bytes, int len);
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
-			const unsigned char *bytes, int len, int loc, int set);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-			ASN1_OBJECT *obj, int type,const unsigned char *bytes,
-			int len);
-int 		X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
-			ASN1_OBJECT *obj);
-int 		X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
-			const unsigned char *bytes, int len);
-ASN1_OBJECT *	X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-ASN1_STRING *	X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-
-int		X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
-int		X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
-				      int nid, int lastpos);
-int		X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
-				      ASN1_OBJECT *obj,int lastpos);
-int		X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
-					   int crit, int lastpos);
-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
-X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
-STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
-					 X509_EXTENSION *ex, int loc);
-
-int		X509_get_ext_count(X509 *x);
-int		X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
-int		X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
-int		X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
-X509_EXTENSION *X509_get_ext(X509 *x, int loc);
-X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
-int		X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
-void	*	X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
-int		X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
-							unsigned long flags);
-
-int		X509_CRL_get_ext_count(X509_CRL *x);
-int		X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
-int		X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
-int		X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
-X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
-int		X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
-void	*	X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
-int		X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
-							unsigned long flags);
-
-int		X509_REVOKED_get_ext_count(X509_REVOKED *x);
-int		X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
-int		X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
-int		X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
-int		X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
-void	*	X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
-int		X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
-							unsigned long flags);
-
-X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
-			int nid, int crit, ASN1_OCTET_STRING *data);
-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
-			ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
-int		X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
-int		X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
-int		X509_EXTENSION_set_data(X509_EXTENSION *ex,
-			ASN1_OCTET_STRING *data);
-ASN1_OBJECT *	X509_EXTENSION_get_object(X509_EXTENSION *ex);
-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
-int		X509_EXTENSION_get_critical(X509_EXTENSION *ex);
-
-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
-			  int lastpos);
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
-			  int lastpos);
-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
-					 X509_ATTRIBUTE *attr);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
-			int nid, int type,
-			const unsigned char *bytes, int len);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len);
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
-				ASN1_OBJECT *obj, int lastpos, int type);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-	     int atrtype, const void *data, int len);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-	     const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-		const char *atrname, int type, const unsigned char *bytes, int len);
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
-					int atrtype, void *data);
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
-
-int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
-			  int lastpos);
-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
-			  int lastpos);
-X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
-X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
-int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
-int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len);
-int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
-			int nid, int type,
-			const unsigned char *bytes, int len);
-int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len);
-
-int		X509_verify_cert(X509_STORE_CTX *ctx);
-
-/* lookup a cert from a X509 STACK */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
-				     ASN1_INTEGER *serial);
-X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
-
-DECLARE_ASN1_FUNCTIONS(PBEPARAM)
-DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
-DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
-
-int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
-				const unsigned char *salt, int saltlen);
-
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
-				const unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-					 unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
-				 unsigned char *salt, int saltlen,
-				 unsigned char *aiv, int prf_nid);
-
-X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
-				int prf_nid, int keylen);
-
-/* PKCS#8 utilities */
-
-DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
-
-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
-
-int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
-			int version, int ptype, void *pval,
-				unsigned char *penc, int penclen);
-int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
-		const unsigned char **pk, int *ppklen,
-		X509_ALGOR **pa,
-		PKCS8_PRIV_KEY_INFO *p8);
-
-int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
-					int ptype, void *pval,
-					unsigned char *penc, int penclen);
-int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
-		const unsigned char **pk, int *ppklen,
-		X509_ALGOR **pa,
-		X509_PUBKEY *pub);
-
-int X509_check_trust(X509 *x, int id, int flags);
-int X509_TRUST_get_count(void);
-X509_TRUST * X509_TRUST_get0(int idx);
-int X509_TRUST_get_by_id(int id);
-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
-					char *name, int arg1, void *arg2);
-void X509_TRUST_cleanup(void);
-int X509_TRUST_get_flags(X509_TRUST *xp);
-char *X509_TRUST_get0_name(X509_TRUST *xp);
-int X509_TRUST_get_trust(X509_TRUST *xp);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_X509_strings(void);
-
-/* Error codes for the X509 functions. */
-
-/* Function codes. */
-#define X509_F_ADD_CERT_DIR				 100
-#define X509_F_BY_FILE_CTRL				 101
-#define X509_F_CHECK_POLICY				 145
-#define X509_F_DIR_CTRL					 102
-#define X509_F_GET_CERT_BY_SUBJECT			 103
-#define X509_F_NETSCAPE_SPKI_B64_DECODE			 129
-#define X509_F_NETSCAPE_SPKI_B64_ENCODE			 130
-#define X509_F_X509AT_ADD1_ATTR				 135
-#define X509_F_X509V3_ADD_EXT				 104
-#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID		 136
-#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ		 137
-#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT		 140
-#define X509_F_X509_ATTRIBUTE_GET0_DATA			 139
-#define X509_F_X509_ATTRIBUTE_SET1_DATA			 138
-#define X509_F_X509_CHECK_PRIVATE_KEY			 128
-#define X509_F_X509_CRL_PRINT_FP			 147
-#define X509_F_X509_EXTENSION_CREATE_BY_NID		 108
-#define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109
-#define X509_F_X509_GET_PUBKEY_PARAMETERS		 110
-#define X509_F_X509_LOAD_CERT_CRL_FILE			 132
-#define X509_F_X509_LOAD_CERT_FILE			 111
-#define X509_F_X509_LOAD_CRL_FILE			 112
-#define X509_F_X509_NAME_ADD_ENTRY			 113
-#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID		 114
-#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT		 131
-#define X509_F_X509_NAME_ENTRY_SET_OBJECT		 115
-#define X509_F_X509_NAME_ONELINE			 116
-#define X509_F_X509_NAME_PRINT				 117
-#define X509_F_X509_PRINT_EX_FP				 118
-#define X509_F_X509_PUBKEY_GET				 119
-#define X509_F_X509_PUBKEY_SET				 120
-#define X509_F_X509_REQ_CHECK_PRIVATE_KEY		 144
-#define X509_F_X509_REQ_PRINT_EX			 121
-#define X509_F_X509_REQ_PRINT_FP			 122
-#define X509_F_X509_REQ_TO_X509				 123
-#define X509_F_X509_STORE_ADD_CERT			 124
-#define X509_F_X509_STORE_ADD_CRL			 125
-#define X509_F_X509_STORE_CTX_GET1_ISSUER		 146
-#define X509_F_X509_STORE_CTX_INIT			 143
-#define X509_F_X509_STORE_CTX_NEW			 142
-#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT		 134
-#define X509_F_X509_TO_X509_REQ				 126
-#define X509_F_X509_TRUST_ADD				 133
-#define X509_F_X509_TRUST_SET				 141
-#define X509_F_X509_VERIFY_CERT				 127
-
-/* Reason codes. */
-#define X509_R_BAD_X509_FILETYPE			 100
-#define X509_R_BASE64_DECODE_ERROR			 118
-#define X509_R_CANT_CHECK_DH_KEY			 114
-#define X509_R_CERT_ALREADY_IN_HASH_TABLE		 101
-#define X509_R_ERR_ASN1_LIB				 102
-#define X509_R_INVALID_DIRECTORY			 113
-#define X509_R_INVALID_FIELD_NAME			 119
-#define X509_R_INVALID_TRUST				 123
-#define X509_R_KEY_TYPE_MISMATCH			 115
-#define X509_R_KEY_VALUES_MISMATCH			 116
-#define X509_R_LOADING_CERT_DIR				 103
-#define X509_R_LOADING_DEFAULTS				 104
-#define X509_R_METHOD_NOT_SUPPORTED			 124
-#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY		 105
-#define X509_R_PUBLIC_KEY_DECODE_ERROR			 125
-#define X509_R_PUBLIC_KEY_ENCODE_ERROR			 126
-#define X509_R_SHOULD_RETRY				 106
-#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN	 107
-#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY		 108
-#define X509_R_UNKNOWN_KEY_TYPE				 117
-#define X509_R_UNKNOWN_NID				 109
-#define X509_R_UNKNOWN_PURPOSE_ID			 121
-#define X509_R_UNKNOWN_TRUST_ID				 120
-#define X509_R_UNSUPPORTED_ALGORITHM			 111
-#define X509_R_WRONG_LOOKUP_TYPE			 112
-#define X509_R_WRONG_TYPE				 122
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
deleted file mode 100644
index fe09b30aaa..0000000000
--- a/include/openssl/x509_vfy.h
+++ /dev/null
@@ -1,567 +0,0 @@
-/* crypto/x509/x509_vfy.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_X509_H
-#include <openssl/x509.h>
-/* openssl/x509.h ends up #include-ing this file at about the only
- * appropriate moment. */
-#endif
-
-#ifndef HEADER_X509_VFY_H
-#define HEADER_X509_VFY_H
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_LHASH
-#include <openssl/lhash.h>
-#endif
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#if 0
-/* Outer object */
-typedef struct x509_hash_dir_st
-	{
-	int num_dirs;
-	char **dirs;
-	int *dirs_type;
-	int num_dirs_alloced;
-	} X509_HASH_DIR_CTX;
-#endif
-
-typedef struct x509_file_st
-	{
-	int num_paths;	/* number of paths to files or directories */
-	int num_alloced;
-	char **paths;	/* the list of paths or directories */
-	int *path_type;
-	} X509_CERT_FILE_CTX;
-
-/*******************************/
-/*
-SSL_CTX -> X509_STORE    
-		-> X509_LOOKUP
-			->X509_LOOKUP_METHOD
-		-> X509_LOOKUP
-			->X509_LOOKUP_METHOD
- 
-SSL	-> X509_STORE_CTX
-		->X509_STORE    
-
-The X509_STORE holds the tables etc for verification stuff.
-A X509_STORE_CTX is used while validating a single certificate.
-The X509_STORE has X509_LOOKUPs for looking up certs.
-The X509_STORE then calls a function to actually verify the
-certificate chain.
-*/
-
-#define X509_LU_RETRY		-1
-#define X509_LU_FAIL		0
-#define X509_LU_X509		1
-#define X509_LU_CRL		2
-#define X509_LU_PKEY		3
-
-typedef struct x509_object_st
-	{
-	/* one of the above types */
-	int type;
-	union	{
-		char *ptr;
-		X509 *x509;
-		X509_CRL *crl;
-		EVP_PKEY *pkey;
-		} data;
-	} X509_OBJECT;
-
-typedef struct x509_lookup_st X509_LOOKUP;
-
-DECLARE_STACK_OF(X509_LOOKUP)
-DECLARE_STACK_OF(X509_OBJECT)
-
-/* This is a static that defines the function interface */
-typedef struct x509_lookup_method_st
-	{
-	const char *name;
-	int (*new_item)(X509_LOOKUP *ctx);
-	void (*free)(X509_LOOKUP *ctx);
-	int (*init)(X509_LOOKUP *ctx);
-	int (*shutdown)(X509_LOOKUP *ctx);
-	int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
-			char **ret);
-	int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
-			      X509_OBJECT *ret);
-	int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
-				    ASN1_INTEGER *serial,X509_OBJECT *ret);
-	int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
-				  unsigned char *bytes,int len,
-				  X509_OBJECT *ret);
-	int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
-			    X509_OBJECT *ret);
-	} X509_LOOKUP_METHOD;
-
-/* This structure hold all parameters associated with a verify operation
- * by including an X509_VERIFY_PARAM structure in related structures the
- * parameters used can be customized
- */
-
-typedef struct X509_VERIFY_PARAM_st
-	{
-	char *name;
-	time_t check_time;	/* Time to use */
-	unsigned long inh_flags; /* Inheritance flags */
-	unsigned long flags;	/* Various verify flags */
-	int purpose;		/* purpose to check untrusted certificates */
-	int trust;		/* trust setting to check */
-	int depth;		/* Verify depth */
-	STACK_OF(ASN1_OBJECT) *policies;	/* Permissible policies */
-	} X509_VERIFY_PARAM;
-
-DECLARE_STACK_OF(X509_VERIFY_PARAM)
-
-/* This is used to hold everything.  It is used for all certificate
- * validation.  Once we have a certificate chain, the 'verify'
- * function is then called to actually check the cert chain. */
-struct x509_store_st
-	{
-	/* The following is a cache of trusted certs */
-	int cache; 	/* if true, stash any hits */
-	STACK_OF(X509_OBJECT) *objs;	/* Cache of all objects */
-
-	/* These are external lookup methods */
-	STACK_OF(X509_LOOKUP) *get_cert_methods;
-
-	X509_VERIFY_PARAM *param;
-
-	/* Callbacks for various operations */
-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);	/* error callback */
-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-	STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	int (*cleanup)(X509_STORE_CTX *ctx);
-
-	CRYPTO_EX_DATA ex_data;
-	int references;
-	} /* X509_STORE */;
-
-int X509_STORE_set_depth(X509_STORE *store, int depth);
-
-#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-#define X509_STORE_set_verify_func(ctx,func)	((ctx)->verify=(func))
-
-/* This is the functions plus an instance of the local variables. */
-struct x509_lookup_st
-	{
-	int init;			/* have we been started */
-	int skip;			/* don't use us. */
-	X509_LOOKUP_METHOD *method;	/* the functions */
-	char *method_data;		/* method data */
-
-	X509_STORE *store_ctx;	/* who owns us */
-	} /* X509_LOOKUP */;
-
-/* This is a used when verifying cert chains.  Since the
- * gathering of the cert chain can take some time (and have to be
- * 'retried', this needs to be kept and passed around. */
-struct x509_store_ctx_st      /* X509_STORE_CTX */
-	{
-	X509_STORE *ctx;
-	int current_method;	/* used when looking up certs */
-
-	/* The following are set by the caller */
-	X509 *cert;		/* The cert to check */
-	STACK_OF(X509) *untrusted;	/* chain of X509s - untrusted - passed in */
-	STACK_OF(X509_CRL) *crls;	/* set of CRLs passed in */
-
-	X509_VERIFY_PARAM *param;
-	void *other_ctx;	/* Other info for use with get_issuer() */
-
-	/* Callbacks for various operations */
-	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
-	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);		/* error callback */
-	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
-	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
-	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
-	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
-	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-	int (*check_policy)(X509_STORE_CTX *ctx);
-	STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
-	int (*cleanup)(X509_STORE_CTX *ctx);
-
-	/* The following is built up */
-	int valid;		/* if 0, rebuild chain */
-	int last_untrusted;	/* index of last untrusted cert */
-	STACK_OF(X509) *chain; 		/* chain of X509s - built up and trusted */
-	X509_POLICY_TREE *tree;	/* Valid policy tree */
-
-	int explicit_policy;	/* Require explicit policy value */
-
-	/* When something goes wrong, this is why */
-	int error_depth;
-	int error;
-	X509 *current_cert;
-	X509 *current_issuer;	/* cert currently being tested as valid issuer */
-	X509_CRL *current_crl;	/* current CRL */
-
-	int current_crl_score;  /* score of current CRL */
-	unsigned int current_reasons;  /* Reason mask */
-
-	X509_STORE_CTX *parent; /* For CRL path validation: parent context */
-
-	CRYPTO_EX_DATA ex_data;
-	} /* X509_STORE_CTX */;
-
-void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
-
-#define X509_STORE_CTX_set_app_data(ctx,data) \
-	X509_STORE_CTX_set_ex_data(ctx,0,data)
-#define X509_STORE_CTX_get_app_data(ctx) \
-	X509_STORE_CTX_get_ex_data(ctx,0)
-
-#define X509_L_FILE_LOAD	1
-#define X509_L_ADD_DIR		2
-
-#define X509_LOOKUP_load_file(x,name,type) \
-		X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
-
-#define X509_LOOKUP_add_dir(x,name,type) \
-		X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
-
-#define		X509_V_OK					0
-/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
-
-#define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT		2
-#define		X509_V_ERR_UNABLE_TO_GET_CRL			3
-#define		X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE	4
-#define		X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE	5
-#define		X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY	6
-#define		X509_V_ERR_CERT_SIGNATURE_FAILURE		7
-#define		X509_V_ERR_CRL_SIGNATURE_FAILURE		8
-#define		X509_V_ERR_CERT_NOT_YET_VALID			9
-#define		X509_V_ERR_CERT_HAS_EXPIRED			10
-#define		X509_V_ERR_CRL_NOT_YET_VALID			11
-#define		X509_V_ERR_CRL_HAS_EXPIRED			12
-#define		X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD	13
-#define		X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD	14
-#define		X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD	15
-#define		X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD	16
-#define		X509_V_ERR_OUT_OF_MEM				17
-#define		X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT		18
-#define		X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN		19
-#define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY	20
-#define		X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE	21
-#define		X509_V_ERR_CERT_CHAIN_TOO_LONG			22
-#define		X509_V_ERR_CERT_REVOKED				23
-#define		X509_V_ERR_INVALID_CA				24
-#define		X509_V_ERR_PATH_LENGTH_EXCEEDED			25
-#define		X509_V_ERR_INVALID_PURPOSE			26
-#define		X509_V_ERR_CERT_UNTRUSTED			27
-#define		X509_V_ERR_CERT_REJECTED			28
-/* These are 'informational' when looking for issuer cert */
-#define		X509_V_ERR_SUBJECT_ISSUER_MISMATCH		29
-#define		X509_V_ERR_AKID_SKID_MISMATCH			30
-#define		X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH		31
-#define		X509_V_ERR_KEYUSAGE_NO_CERTSIGN			32
-
-#define		X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER		33
-#define		X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION		34
-#define		X509_V_ERR_KEYUSAGE_NO_CRL_SIGN			35
-#define		X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION	36
-#define		X509_V_ERR_INVALID_NON_CA			37
-#define		X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED		38
-#define		X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE	39
-#define		X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED	40
-
-#define		X509_V_ERR_INVALID_EXTENSION			41
-#define		X509_V_ERR_INVALID_POLICY_EXTENSION		42
-#define		X509_V_ERR_NO_EXPLICIT_POLICY			43
-#define		X509_V_ERR_DIFFERENT_CRL_SCOPE			44
-#define		X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE	45
-
-#define		X509_V_ERR_UNNESTED_RESOURCE			46
-
-#define		X509_V_ERR_PERMITTED_VIOLATION			47
-#define		X509_V_ERR_EXCLUDED_VIOLATION			48
-#define		X509_V_ERR_SUBTREE_MINMAX			49
-#define		X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE		51
-#define		X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX	52
-#define		X509_V_ERR_UNSUPPORTED_NAME_SYNTAX		53
-#define		X509_V_ERR_CRL_PATH_VALIDATION_ERROR		54
-
-/* The application is not happy */
-#define		X509_V_ERR_APPLICATION_VERIFICATION		50
-
-/* Certificate verify flags */
-
-/* Send issuer+subject checks to verify_cb */
-#define	X509_V_FLAG_CB_ISSUER_CHECK		0x1
-/* Use check time instead of current time */
-#define	X509_V_FLAG_USE_CHECK_TIME		0x2
-/* Lookup CRLs */
-#define	X509_V_FLAG_CRL_CHECK			0x4
-/* Lookup CRLs for whole chain */
-#define	X509_V_FLAG_CRL_CHECK_ALL		0x8
-/* Ignore unhandled critical extensions */
-#define	X509_V_FLAG_IGNORE_CRITICAL		0x10
-/* Disable workarounds for broken certificates */
-#define	X509_V_FLAG_X509_STRICT			0x20
-/* Enable proxy certificate validation */
-#define	X509_V_FLAG_ALLOW_PROXY_CERTS		0x40
-/* Enable policy checking */
-#define X509_V_FLAG_POLICY_CHECK		0x80
-/* Policy variable require-explicit-policy */
-#define X509_V_FLAG_EXPLICIT_POLICY		0x100
-/* Policy variable inhibit-any-policy */
-#define	X509_V_FLAG_INHIBIT_ANY			0x200
-/* Policy variable inhibit-policy-mapping */
-#define X509_V_FLAG_INHIBIT_MAP			0x400
-/* Notify callback that policy is OK */
-#define X509_V_FLAG_NOTIFY_POLICY		0x800
-/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
-#define X509_V_FLAG_EXTENDED_CRL_SUPPORT	0x1000
-/* Delta CRL support */
-#define X509_V_FLAG_USE_DELTAS			0x2000
-/* Check selfsigned CA signature */
-#define X509_V_FLAG_CHECK_SS_SIGNATURE		0x4000
-
-
-#define X509_VP_FLAG_DEFAULT			0x1
-#define X509_VP_FLAG_OVERWRITE			0x2
-#define X509_VP_FLAG_RESET_FLAGS		0x4
-#define X509_VP_FLAG_LOCKED			0x8
-#define X509_VP_FLAG_ONCE			0x10
-
-/* Internal use: mask of policy related options */
-#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
-				| X509_V_FLAG_EXPLICIT_POLICY \
-				| X509_V_FLAG_INHIBIT_ANY \
-				| X509_V_FLAG_INHIBIT_MAP)
-
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
-	     X509_NAME *name);
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
-void X509_OBJECT_up_ref_count(X509_OBJECT *a);
-void X509_OBJECT_free_contents(X509_OBJECT *a);
-X509_STORE *X509_STORE_new(void );
-void X509_STORE_free(X509_STORE *v);
-
-STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
-STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
-
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
-				  int (*verify_cb)(int, X509_STORE_CTX *));
-
-X509_STORE_CTX *X509_STORE_CTX_new(void);
-
-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
-
-void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
-int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
-			 X509 *x509, STACK_OF(X509) *chain);
-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
-
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
-
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
-X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
-
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
-
-int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
-	X509_OBJECT *ret);
-
-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
-	long argl, char **ret);
-
-#ifndef OPENSSL_NO_STDIO
-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
-#endif
-
-
-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
-void X509_LOOKUP_free(X509_LOOKUP *ctx);
-int X509_LOOKUP_init(X509_LOOKUP *ctx);
-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
-	X509_OBJECT *ret);
-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
-	ASN1_INTEGER *serial, X509_OBJECT *ret);
-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
-	unsigned char *bytes, int len, X509_OBJECT *ret);
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
-	int len, X509_OBJECT *ret);
-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
-
-#ifndef OPENSSL_NO_STDIO
-int	X509_STORE_load_locations (X509_STORE *ctx,
-		const char *file, const char *dir);
-int	X509_STORE_set_default_paths(X509_STORE *ctx);
-#endif
-
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int	X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
-void *	X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
-int	X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
-void	X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
-int	X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
-X509 *	X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
-X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
-X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
-X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
-void	X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
-void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
-void	X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk);
-int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
-int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
-				int purpose, int trust);
-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
-								time_t t);
-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-				  int (*verify_cb)(int, X509_STORE_CTX *));
-  
-X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
-int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
-
-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
-int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
-
-/* X509_VERIFY_PARAM functions */
-
-X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
-void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
-int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
-						const X509_VERIFY_PARAM *from);
-int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, 
-						const X509_VERIFY_PARAM *from);
-int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
-int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
-int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
-							unsigned long flags);
-unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
-int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
-int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
-void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
-void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
-int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
-						ASN1_OBJECT *policy);
-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 
-					STACK_OF(ASN1_OBJECT) *policies);
-int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
-
-int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
-const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
-void X509_VERIFY_PARAM_table_cleanup(void);
-
-int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
-			STACK_OF(X509) *certs,
-			STACK_OF(ASN1_OBJECT) *policy_oids,
-			unsigned int flags);
-
-void X509_policy_tree_free(X509_POLICY_TREE *tree);
-
-int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
-X509_POLICY_LEVEL *
-	X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);
-
-STACK_OF(X509_POLICY_NODE) *
-	X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);
-
-STACK_OF(X509_POLICY_NODE) *
-	X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);
-
-int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
-
-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i);
-
-const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
-
-STACK_OF(POLICYQUALINFO) *
-	X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);
-const X509_POLICY_NODE *
-	X509_policy_node_get0_parent(const X509_POLICY_NODE *node);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
deleted file mode 100644
index b308abe7cd..0000000000
--- a/include/openssl/x509v3.h
+++ /dev/null
@@ -1,1007 +0,0 @@
-/* x509v3.h */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef HEADER_X509V3_H
-#define HEADER_X509V3_H
-
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/conf.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Forward reference */
-struct v3_ext_method;
-struct v3_ext_ctx;
-
-/* Useful typedefs */
-
-typedef void * (*X509V3_EXT_NEW)(void);
-typedef void (*X509V3_EXT_FREE)(void *);
-typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
-typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) *
-  (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext,
-		    STACK_OF(CONF_VALUE) *extlist);
-typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method,
-				 struct v3_ext_ctx *ctx,
-				 STACK_OF(CONF_VALUE) *values);
-typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext);
-typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method,
-				 struct v3_ext_ctx *ctx, const char *str);
-typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext,
-			      BIO *out, int indent);
-typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method,
-				 struct v3_ext_ctx *ctx, const char *str);
-
-/* V3 extension structure */
-
-struct v3_ext_method {
-int ext_nid;
-int ext_flags;
-/* If this is set the following four fields are ignored */
-ASN1_ITEM_EXP *it;
-/* Old style ASN1 calls */
-X509V3_EXT_NEW ext_new;
-X509V3_EXT_FREE ext_free;
-X509V3_EXT_D2I d2i;
-X509V3_EXT_I2D i2d;
-
-/* The following pair is used for string extensions */
-X509V3_EXT_I2S i2s;
-X509V3_EXT_S2I s2i;
-
-/* The following pair is used for multi-valued extensions */
-X509V3_EXT_I2V i2v;
-X509V3_EXT_V2I v2i;
-
-/* The following are used for raw extensions */
-X509V3_EXT_I2R i2r;
-X509V3_EXT_R2I r2i;
-
-void *usr_data;	/* Any extension specific data */
-};
-
-typedef struct X509V3_CONF_METHOD_st {
-char * (*get_string)(void *db, char *section, char *value);
-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
-void (*free_string)(void *db, char * string);
-void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
-} X509V3_CONF_METHOD;
-
-/* Context specific info */
-struct v3_ext_ctx {
-#define CTX_TEST 0x1
-int flags;
-X509 *issuer_cert;
-X509 *subject_cert;
-X509_REQ *subject_req;
-X509_CRL *crl;
-X509V3_CONF_METHOD *db_meth;
-void *db;
-/* Maybe more here */
-};
-
-typedef struct v3_ext_method X509V3_EXT_METHOD;
-
-DECLARE_STACK_OF(X509V3_EXT_METHOD)
-
-/* ext_flags values */
-#define X509V3_EXT_DYNAMIC	0x1
-#define X509V3_EXT_CTX_DEP	0x2
-#define X509V3_EXT_MULTILINE	0x4
-
-typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
-
-typedef struct BASIC_CONSTRAINTS_st {
-int ca;
-ASN1_INTEGER *pathlen;
-} BASIC_CONSTRAINTS;
-
-
-typedef struct PKEY_USAGE_PERIOD_st {
-ASN1_GENERALIZEDTIME *notBefore;
-ASN1_GENERALIZEDTIME *notAfter;
-} PKEY_USAGE_PERIOD;
-
-typedef struct otherName_st {
-ASN1_OBJECT *type_id;
-ASN1_TYPE *value;
-} OTHERNAME;
-
-typedef struct EDIPartyName_st {
-	ASN1_STRING *nameAssigner;
-	ASN1_STRING *partyName;
-} EDIPARTYNAME;
-
-typedef struct GENERAL_NAME_st {
-
-#define GEN_OTHERNAME	0
-#define GEN_EMAIL	1
-#define GEN_DNS		2
-#define GEN_X400	3
-#define GEN_DIRNAME	4
-#define GEN_EDIPARTY	5
-#define GEN_URI		6
-#define GEN_IPADD	7
-#define GEN_RID		8
-
-int type;
-union {
-	char *ptr;
-	OTHERNAME *otherName; /* otherName */
-	ASN1_IA5STRING *rfc822Name;
-	ASN1_IA5STRING *dNSName;
-	ASN1_TYPE *x400Address;
-	X509_NAME *directoryName;
-	EDIPARTYNAME *ediPartyName;
-	ASN1_IA5STRING *uniformResourceIdentifier;
-	ASN1_OCTET_STRING *iPAddress;
-	ASN1_OBJECT *registeredID;
-
-	/* Old names */
-	ASN1_OCTET_STRING *ip; /* iPAddress */
-	X509_NAME *dirn;		/* dirn */
-	ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
-	ASN1_OBJECT *rid; /* registeredID */
-	ASN1_TYPE *other; /* x400Address */
-} d;
-} GENERAL_NAME;
-
-typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
-
-typedef struct ACCESS_DESCRIPTION_st {
-	ASN1_OBJECT *method;
-	GENERAL_NAME *location;
-} ACCESS_DESCRIPTION;
-
-typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
-
-typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
-
-DECLARE_STACK_OF(GENERAL_NAME)
-DECLARE_ASN1_SET_OF(GENERAL_NAME)
-
-DECLARE_STACK_OF(ACCESS_DESCRIPTION)
-DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
-
-typedef struct DIST_POINT_NAME_st {
-int type;
-union {
-	GENERAL_NAMES *fullname;
-	STACK_OF(X509_NAME_ENTRY) *relativename;
-} name;
-/* If relativename then this contains the full distribution point name */
-X509_NAME *dpname;
-} DIST_POINT_NAME;
-/* All existing reasons */
-#define CRLDP_ALL_REASONS	0x807f
-
-#define CRL_REASON_NONE				-1
-#define CRL_REASON_UNSPECIFIED			0
-#define CRL_REASON_KEY_COMPROMISE		1
-#define CRL_REASON_CA_COMPROMISE		2
-#define CRL_REASON_AFFILIATION_CHANGED		3
-#define CRL_REASON_SUPERSEDED			4
-#define CRL_REASON_CESSATION_OF_OPERATION	5
-#define CRL_REASON_CERTIFICATE_HOLD		6
-#define CRL_REASON_REMOVE_FROM_CRL		8
-#define CRL_REASON_PRIVILEGE_WITHDRAWN		9
-#define CRL_REASON_AA_COMPROMISE		10
-
-struct DIST_POINT_st {
-DIST_POINT_NAME	*distpoint;
-ASN1_BIT_STRING *reasons;
-GENERAL_NAMES *CRLissuer;
-int dp_reasons;
-};
-
-typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
-
-DECLARE_STACK_OF(DIST_POINT)
-DECLARE_ASN1_SET_OF(DIST_POINT)
-
-struct AUTHORITY_KEYID_st {
-ASN1_OCTET_STRING *keyid;
-GENERAL_NAMES *issuer;
-ASN1_INTEGER *serial;
-};
-
-/* Strong extranet structures */
-
-typedef struct SXNET_ID_st {
-	ASN1_INTEGER *zone;
-	ASN1_OCTET_STRING *user;
-} SXNETID;
-
-DECLARE_STACK_OF(SXNETID)
-DECLARE_ASN1_SET_OF(SXNETID)
-
-typedef struct SXNET_st {
-	ASN1_INTEGER *version;
-	STACK_OF(SXNETID) *ids;
-} SXNET;
-
-typedef struct NOTICEREF_st {
-	ASN1_STRING *organization;
-	STACK_OF(ASN1_INTEGER) *noticenos;
-} NOTICEREF;
-
-typedef struct USERNOTICE_st {
-	NOTICEREF *noticeref;
-	ASN1_STRING *exptext;
-} USERNOTICE;
-
-typedef struct POLICYQUALINFO_st {
-	ASN1_OBJECT *pqualid;
-	union {
-		ASN1_IA5STRING *cpsuri;
-		USERNOTICE *usernotice;
-		ASN1_TYPE *other;
-	} d;
-} POLICYQUALINFO;
-
-DECLARE_STACK_OF(POLICYQUALINFO)
-DECLARE_ASN1_SET_OF(POLICYQUALINFO)
-
-typedef struct POLICYINFO_st {
-	ASN1_OBJECT *policyid;
-	STACK_OF(POLICYQUALINFO) *qualifiers;
-} POLICYINFO;
-
-typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
-
-DECLARE_STACK_OF(POLICYINFO)
-DECLARE_ASN1_SET_OF(POLICYINFO)
-
-typedef struct POLICY_MAPPING_st {
-	ASN1_OBJECT *issuerDomainPolicy;
-	ASN1_OBJECT *subjectDomainPolicy;
-} POLICY_MAPPING;
-
-DECLARE_STACK_OF(POLICY_MAPPING)
-
-typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
-
-typedef struct GENERAL_SUBTREE_st {
-	GENERAL_NAME *base;
-	ASN1_INTEGER *minimum;
-	ASN1_INTEGER *maximum;
-} GENERAL_SUBTREE;
-
-DECLARE_STACK_OF(GENERAL_SUBTREE)
-
-struct NAME_CONSTRAINTS_st {
-	STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
-	STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
-};
-
-typedef struct POLICY_CONSTRAINTS_st {
-	ASN1_INTEGER *requireExplicitPolicy;
-	ASN1_INTEGER *inhibitPolicyMapping;
-} POLICY_CONSTRAINTS;
-
-/* Proxy certificate structures, see RFC 3820 */
-typedef struct PROXY_POLICY_st
-	{
-	ASN1_OBJECT *policyLanguage;
-	ASN1_OCTET_STRING *policy;
-	} PROXY_POLICY;
-
-typedef struct PROXY_CERT_INFO_EXTENSION_st
-	{
-	ASN1_INTEGER *pcPathLengthConstraint;
-	PROXY_POLICY *proxyPolicy;
-	} PROXY_CERT_INFO_EXTENSION;
-
-DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
-DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
-
-struct ISSUING_DIST_POINT_st
-	{
-	DIST_POINT_NAME *distpoint;
-	int onlyuser;
-	int onlyCA;
-	ASN1_BIT_STRING *onlysomereasons;
-	int indirectCRL;
-	int onlyattr;
-	};
-
-/* Values in idp_flags field */
-/* IDP present */
-#define	IDP_PRESENT	0x1
-/* IDP values inconsistent */
-#define IDP_INVALID	0x2
-/* onlyuser true */
-#define	IDP_ONLYUSER	0x4
-/* onlyCA true */
-#define	IDP_ONLYCA	0x8
-/* onlyattr true */
-#define IDP_ONLYATTR	0x10
-/* indirectCRL true */
-#define IDP_INDIRECT	0x20
-/* onlysomereasons present */
-#define IDP_REASONS	0x40
-
-#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
-",name:", val->name, ",value:", val->value);
-
-#define X509V3_set_ctx_test(ctx) \
-			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
-#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
-
-#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
-			0,0,0,0, \
-			0,0, \
-			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
-			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
-			NULL, NULL, \
-			table}
-
-#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
-			0,0,0,0, \
-			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
-			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
-			0,0,0,0, \
-			NULL}
-
-#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
-
-
-/* X509_PURPOSE stuff */
-
-#define EXFLAG_BCONS		0x1
-#define EXFLAG_KUSAGE		0x2
-#define EXFLAG_XKUSAGE		0x4
-#define EXFLAG_NSCERT		0x8
-
-#define EXFLAG_CA		0x10
-/* Really self issued not necessarily self signed */
-#define EXFLAG_SI		0x20
-#define EXFLAG_SS		0x20
-#define EXFLAG_V1		0x40
-#define EXFLAG_INVALID		0x80
-#define EXFLAG_SET		0x100
-#define EXFLAG_CRITICAL		0x200
-#define EXFLAG_PROXY		0x400
-
-#define EXFLAG_INVALID_POLICY	0x800
-#define EXFLAG_FRESHEST		0x1000
-
-#define KU_DIGITAL_SIGNATURE	0x0080
-#define KU_NON_REPUDIATION	0x0040
-#define KU_KEY_ENCIPHERMENT	0x0020
-#define KU_DATA_ENCIPHERMENT	0x0010
-#define KU_KEY_AGREEMENT	0x0008
-#define KU_KEY_CERT_SIGN	0x0004
-#define KU_CRL_SIGN		0x0002
-#define KU_ENCIPHER_ONLY	0x0001
-#define KU_DECIPHER_ONLY	0x8000
-
-#define NS_SSL_CLIENT		0x80
-#define NS_SSL_SERVER		0x40
-#define NS_SMIME		0x20
-#define NS_OBJSIGN		0x10
-#define NS_SSL_CA		0x04
-#define NS_SMIME_CA		0x02
-#define NS_OBJSIGN_CA		0x01
-#define NS_ANY_CA		(NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
-
-#define XKU_SSL_SERVER		0x1	
-#define XKU_SSL_CLIENT		0x2
-#define XKU_SMIME		0x4
-#define XKU_CODE_SIGN		0x8
-#define XKU_SGC			0x10
-#define XKU_OCSP_SIGN		0x20
-#define XKU_TIMESTAMP		0x40
-#define XKU_DVCS		0x80
-
-#define X509_PURPOSE_DYNAMIC	0x1
-#define X509_PURPOSE_DYNAMIC_NAME	0x2
-
-typedef struct x509_purpose_st {
-	int purpose;
-	int trust;		/* Default trust ID */
-	int flags;
-	int (*check_purpose)(const struct x509_purpose_st *,
-				const X509 *, int);
-	char *name;
-	char *sname;
-	void *usr_data;
-} X509_PURPOSE;
-
-#define X509_PURPOSE_SSL_CLIENT		1
-#define X509_PURPOSE_SSL_SERVER		2
-#define X509_PURPOSE_NS_SSL_SERVER	3
-#define X509_PURPOSE_SMIME_SIGN		4
-#define X509_PURPOSE_SMIME_ENCRYPT	5
-#define X509_PURPOSE_CRL_SIGN		6
-#define X509_PURPOSE_ANY		7
-#define X509_PURPOSE_OCSP_HELPER	8
-#define X509_PURPOSE_TIMESTAMP_SIGN	9
-
-#define X509_PURPOSE_MIN		1
-#define X509_PURPOSE_MAX		9
-
-/* Flags for X509V3_EXT_print() */
-
-#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
-/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT		0
-/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
-/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
-/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
-
-/* Flags for X509V3_add1_i2d */
-
-#define X509V3_ADD_OP_MASK		0xfL
-#define X509V3_ADD_DEFAULT		0L
-#define X509V3_ADD_APPEND		1L
-#define X509V3_ADD_REPLACE		2L
-#define X509V3_ADD_REPLACE_EXISTING	3L
-#define X509V3_ADD_KEEP_EXISTING	4L
-#define X509V3_ADD_DELETE		5L
-#define X509V3_ADD_SILENT		0x10
-
-DECLARE_STACK_OF(X509_PURPOSE)
-
-DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
-
-DECLARE_ASN1_FUNCTIONS(SXNET)
-DECLARE_ASN1_FUNCTIONS(SXNETID)
-
-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); 
-
-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
-ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
-ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
-
-DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
-
-DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
-
-DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
-GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
-int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
-
-
-
-ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-				ASN1_BIT_STRING *bits,
-				STACK_OF(CONF_VALUE) *extlist);
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
-int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
-
-DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-		GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
-GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-
-DECLARE_ASN1_FUNCTIONS(OTHERNAME)
-DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
-int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
-void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
-void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
-int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
-				ASN1_OBJECT *oid, ASN1_TYPE *value);
-int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, 
-				ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
-
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-
-DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
-
-DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
-DECLARE_ASN1_FUNCTIONS(POLICYINFO)
-DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
-DECLARE_ASN1_FUNCTIONS(USERNOTICE)
-DECLARE_ASN1_FUNCTIONS(NOTICEREF)
-
-DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
-DECLARE_ASN1_FUNCTIONS(DIST_POINT)
-DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
-DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
-
-int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
-
-int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
-
-DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
-DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
-
-DECLARE_ASN1_ITEM(POLICY_MAPPING)
-DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
-DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
-
-DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
-DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
-
-DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
-DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
-
-DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
-DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
-
-GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
-			       const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-			       int gen_type, char *value, int is_nc);
-
-#ifdef HEADER_CONF_H
-GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-			       CONF_VALUE *cnf);
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-				  const X509V3_EXT_METHOD *method,
-				  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
-void X509V3_conf_free(CONF_VALUE *val);
-
-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-				    int ext_nid, char *value);
-X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-				char *name, char *value);
-int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-			char *section, X509 *cert);
-int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-			    char *section, X509_REQ *req);
-int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
-			    char *section, X509_CRL *crl);
-
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-			     STACK_OF(CONF_VALUE) **extlist);
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
-void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
-#endif
-
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
-void X509V3_string_free(X509V3_CTX *ctx, char *str);
-void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
-				 X509_REQ *req, X509_CRL *crl, int flags);
-
-int X509V3_add_value(const char *name, const char *value,
-						STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-						STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_bool(const char *name, int asn1_bool,
-						STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
-						STACK_OF(CONF_VALUE) **extlist);
-char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
-ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
-char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
-int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
-int X509V3_EXT_add_alias(int nid_to, int nid_from);
-void X509V3_EXT_cleanup(void);
-
-const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
-const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
-int X509V3_add_standard_extensions(void);
-STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
-void *X509V3_EXT_d2i(X509_EXTENSION *ext);
-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
-
-
-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
-int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
-
-char *hex_to_string(const unsigned char *buffer, long len);
-unsigned char *string_to_hex(const char *str, long *len);
-int name_cmp(const char *name, const char *cmp);
-
-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
-								 int ml);
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
-int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
-int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
-
-int X509_check_ca(X509 *x);
-int X509_check_purpose(X509 *x, int id, int ca);
-int X509_supported_extension(X509_EXTENSION *ex);
-int X509_PURPOSE_set(int *p, int purpose);
-int X509_check_issued(X509 *issuer, X509 *subject);
-int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
-int X509_PURPOSE_get_count(void);
-X509_PURPOSE * X509_PURPOSE_get0(int idx);
-int X509_PURPOSE_get_by_sname(char *sname);
-int X509_PURPOSE_get_by_id(int id);
-int X509_PURPOSE_add(int id, int trust, int flags,
-			int (*ck)(const X509_PURPOSE *, const X509 *, int),
-				char *name, char *sname, void *arg);
-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
-int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
-void X509_PURPOSE_cleanup(void);
-int X509_PURPOSE_get_id(X509_PURPOSE *);
-
-STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
-STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
-void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
-STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
-
-ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
-ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
-int a2i_ipadd(unsigned char *ipout, const char *ipasc);
-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
-						unsigned long chtype);
-
-void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
-DECLARE_STACK_OF(X509_POLICY_NODE)
-
-#ifndef OPENSSL_NO_RFC3779
-
-typedef struct ASRange_st {
-  ASN1_INTEGER *min, *max;
-} ASRange;
-
-#define	ASIdOrRange_id		0
-#define	ASIdOrRange_range	1
-
-typedef struct ASIdOrRange_st {
-  int type;
-  union {
-    ASN1_INTEGER *id;
-    ASRange      *range;
-  } u;
-} ASIdOrRange;
-
-typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
-DECLARE_STACK_OF(ASIdOrRange)
-
-#define	ASIdentifierChoice_inherit		0
-#define	ASIdentifierChoice_asIdsOrRanges	1
-
-typedef struct ASIdentifierChoice_st {
-  int type;
-  union {
-    ASN1_NULL    *inherit;
-    ASIdOrRanges *asIdsOrRanges;
-  } u;
-} ASIdentifierChoice;
-
-typedef struct ASIdentifiers_st {
-  ASIdentifierChoice *asnum, *rdi;
-} ASIdentifiers;
-
-DECLARE_ASN1_FUNCTIONS(ASRange)
-DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
-DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
-DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
-
-
-typedef struct IPAddressRange_st {
-  ASN1_BIT_STRING	*min, *max;
-} IPAddressRange;
-
-#define	IPAddressOrRange_addressPrefix	0
-#define	IPAddressOrRange_addressRange	1
-
-typedef struct IPAddressOrRange_st {
-  int type;
-  union {
-    ASN1_BIT_STRING	*addressPrefix;
-    IPAddressRange	*addressRange;
-  } u;
-} IPAddressOrRange;
-
-typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
-DECLARE_STACK_OF(IPAddressOrRange)
-
-#define	IPAddressChoice_inherit			0
-#define	IPAddressChoice_addressesOrRanges	1
-
-typedef struct IPAddressChoice_st {
-  int type;
-  union {
-    ASN1_NULL		*inherit;
-    IPAddressOrRanges	*addressesOrRanges;
-  } u;
-} IPAddressChoice;
-
-typedef struct IPAddressFamily_st {
-  ASN1_OCTET_STRING	*addressFamily;
-  IPAddressChoice	*ipAddressChoice;
-} IPAddressFamily;
-
-typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
-DECLARE_STACK_OF(IPAddressFamily)
-
-DECLARE_ASN1_FUNCTIONS(IPAddressRange)
-DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
-DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
-DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
-
-/*
- * API tag for elements of the ASIdentifer SEQUENCE.
- */
-#define	V3_ASID_ASNUM	0
-#define	V3_ASID_RDI	1
-
-/*
- * AFI values, assigned by IANA.  It'd be nice to make the AFI
- * handling code totally generic, but there are too many little things
- * that would need to be defined for other address families for it to
- * be worth the trouble.
- */
-#define	IANA_AFI_IPV4	1
-#define	IANA_AFI_IPV6	2
-
-/*
- * Utilities to construct and extract values from RFC3779 extensions,
- * since some of the encodings (particularly for IP address prefixes
- * and ranges) are a bit tedious to work with directly.
- */
-int v3_asid_add_inherit(ASIdentifiers *asid, int which);
-int v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
-			    ASN1_INTEGER *min, ASN1_INTEGER *max);
-int v3_addr_add_inherit(IPAddrBlocks *addr,
-			const unsigned afi, const unsigned *safi);
-int v3_addr_add_prefix(IPAddrBlocks *addr,
-		       const unsigned afi, const unsigned *safi,
-		       unsigned char *a, const int prefixlen);
-int v3_addr_add_range(IPAddrBlocks *addr,
-		      const unsigned afi, const unsigned *safi,
-		      unsigned char *min, unsigned char *max);
-unsigned v3_addr_get_afi(const IPAddressFamily *f);
-int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
-		      unsigned char *min, unsigned char *max,
-		      const int length);
-
-/*
- * Canonical forms.
- */
-int v3_asid_is_canonical(ASIdentifiers *asid);
-int v3_addr_is_canonical(IPAddrBlocks *addr);
-int v3_asid_canonize(ASIdentifiers *asid);
-int v3_addr_canonize(IPAddrBlocks *addr);
-
-/*
- * Tests for inheritance and containment.
- */
-int v3_asid_inherits(ASIdentifiers *asid);
-int v3_addr_inherits(IPAddrBlocks *addr);
-int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
-
-/*
- * Check whether RFC 3779 extensions nest properly in chains.
- */
-int v3_asid_validate_path(X509_STORE_CTX *);
-int v3_addr_validate_path(X509_STORE_CTX *);
-int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
-				  ASIdentifiers *ext,
-				  int allow_inheritance);
-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
-				  IPAddrBlocks *ext,
-				  int allow_inheritance);
-
-#endif /* OPENSSL_NO_RFC3779 */
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_X509V3_strings(void);
-
-/* Error codes for the X509V3 functions. */
-
-/* Function codes. */
-#define X509V3_F_A2I_GENERAL_NAME			 164
-#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE		 161
-#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL	 162
-#define X509V3_F_COPY_EMAIL				 122
-#define X509V3_F_COPY_ISSUER				 123
-#define X509V3_F_DO_DIRNAME				 144
-#define X509V3_F_DO_EXT_CONF				 124
-#define X509V3_F_DO_EXT_I2D				 135
-#define X509V3_F_DO_EXT_NCONF				 151
-#define X509V3_F_DO_I2V_NAME_CONSTRAINTS		 148
-#define X509V3_F_GNAMES_FROM_SECTNAME			 156
-#define X509V3_F_HEX_TO_STRING				 111
-#define X509V3_F_I2S_ASN1_ENUMERATED			 121
-#define X509V3_F_I2S_ASN1_IA5STRING			 149
-#define X509V3_F_I2S_ASN1_INTEGER			 120
-#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS		 138
-#define X509V3_F_NOTICE_SECTION				 132
-#define X509V3_F_NREF_NOS				 133
-#define X509V3_F_POLICY_SECTION				 131
-#define X509V3_F_PROCESS_PCI_VALUE			 150
-#define X509V3_F_R2I_CERTPOL				 130
-#define X509V3_F_R2I_PCI				 155
-#define X509V3_F_S2I_ASN1_IA5STRING			 100
-#define X509V3_F_S2I_ASN1_INTEGER			 108
-#define X509V3_F_S2I_ASN1_OCTET_STRING			 112
-#define X509V3_F_S2I_ASN1_SKEY_ID			 114
-#define X509V3_F_S2I_SKEY_ID				 115
-#define X509V3_F_SET_DIST_POINT_NAME			 158
-#define X509V3_F_STRING_TO_HEX				 113
-#define X509V3_F_SXNET_ADD_ID_ASC			 125
-#define X509V3_F_SXNET_ADD_ID_INTEGER			 126
-#define X509V3_F_SXNET_ADD_ID_ULONG			 127
-#define X509V3_F_SXNET_GET_ID_ASC			 128
-#define X509V3_F_SXNET_GET_ID_ULONG			 129
-#define X509V3_F_V2I_ASIDENTIFIERS			 163
-#define X509V3_F_V2I_ASN1_BIT_STRING			 101
-#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS		 139
-#define X509V3_F_V2I_AUTHORITY_KEYID			 119
-#define X509V3_F_V2I_BASIC_CONSTRAINTS			 102
-#define X509V3_F_V2I_CRLD				 134
-#define X509V3_F_V2I_EXTENDED_KEY_USAGE			 103
-#define X509V3_F_V2I_GENERAL_NAMES			 118
-#define X509V3_F_V2I_GENERAL_NAME_EX			 117
-#define X509V3_F_V2I_IDP				 157
-#define X509V3_F_V2I_IPADDRBLOCKS			 159
-#define X509V3_F_V2I_ISSUER_ALT				 153
-#define X509V3_F_V2I_NAME_CONSTRAINTS			 147
-#define X509V3_F_V2I_POLICY_CONSTRAINTS			 146
-#define X509V3_F_V2I_POLICY_MAPPINGS			 145
-#define X509V3_F_V2I_SUBJECT_ALT			 154
-#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL		 160
-#define X509V3_F_V3_GENERIC_EXTENSION			 116
-#define X509V3_F_X509V3_ADD1_I2D			 140
-#define X509V3_F_X509V3_ADD_VALUE			 105
-#define X509V3_F_X509V3_EXT_ADD				 104
-#define X509V3_F_X509V3_EXT_ADD_ALIAS			 106
-#define X509V3_F_X509V3_EXT_CONF			 107
-#define X509V3_F_X509V3_EXT_I2D				 136
-#define X509V3_F_X509V3_EXT_NCONF			 152
-#define X509V3_F_X509V3_GET_SECTION			 142
-#define X509V3_F_X509V3_GET_STRING			 143
-#define X509V3_F_X509V3_GET_VALUE_BOOL			 110
-#define X509V3_F_X509V3_PARSE_LIST			 109
-#define X509V3_F_X509_PURPOSE_ADD			 137
-#define X509V3_F_X509_PURPOSE_SET			 141
-
-/* Reason codes. */
-#define X509V3_R_BAD_IP_ADDRESS				 118
-#define X509V3_R_BAD_OBJECT				 119
-#define X509V3_R_BN_DEC2BN_ERROR			 100
-#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR		 101
-#define X509V3_R_DIRNAME_ERROR				 149
-#define X509V3_R_DISTPOINT_ALREADY_SET			 160
-#define X509V3_R_DUPLICATE_ZONE_ID			 133
-#define X509V3_R_ERROR_CONVERTING_ZONE			 131
-#define X509V3_R_ERROR_CREATING_EXTENSION		 144
-#define X509V3_R_ERROR_IN_EXTENSION			 128
-#define X509V3_R_EXPECTED_A_SECTION_NAME		 137
-#define X509V3_R_EXTENSION_EXISTS			 145
-#define X509V3_R_EXTENSION_NAME_ERROR			 115
-#define X509V3_R_EXTENSION_NOT_FOUND			 102
-#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED	 103
-#define X509V3_R_EXTENSION_VALUE_ERROR			 116
-#define X509V3_R_ILLEGAL_EMPTY_EXTENSION		 151
-#define X509V3_R_ILLEGAL_HEX_DIGIT			 113
-#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG		 152
-#define X509V3_R_INVALID_MULTIPLE_RDNS			 161
-#define X509V3_R_INVALID_ASNUMBER			 162
-#define X509V3_R_INVALID_ASRANGE			 163
-#define X509V3_R_INVALID_BOOLEAN_STRING			 104
-#define X509V3_R_INVALID_EXTENSION_STRING		 105
-#define X509V3_R_INVALID_INHERITANCE			 165
-#define X509V3_R_INVALID_IPADDRESS			 166
-#define X509V3_R_INVALID_NAME				 106
-#define X509V3_R_INVALID_NULL_ARGUMENT			 107
-#define X509V3_R_INVALID_NULL_NAME			 108
-#define X509V3_R_INVALID_NULL_VALUE			 109
-#define X509V3_R_INVALID_NUMBER				 140
-#define X509V3_R_INVALID_NUMBERS			 141
-#define X509V3_R_INVALID_OBJECT_IDENTIFIER		 110
-#define X509V3_R_INVALID_OPTION				 138
-#define X509V3_R_INVALID_POLICY_IDENTIFIER		 134
-#define X509V3_R_INVALID_PROXY_POLICY_SETTING		 153
-#define X509V3_R_INVALID_PURPOSE			 146
-#define X509V3_R_INVALID_SAFI				 164
-#define X509V3_R_INVALID_SECTION			 135
-#define X509V3_R_INVALID_SYNTAX				 143
-#define X509V3_R_ISSUER_DECODE_ERROR			 126
-#define X509V3_R_MISSING_VALUE				 124
-#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS		 142
-#define X509V3_R_NO_CONFIG_DATABASE			 136
-#define X509V3_R_NO_ISSUER_CERTIFICATE			 121
-#define X509V3_R_NO_ISSUER_DETAILS			 127
-#define X509V3_R_NO_POLICY_IDENTIFIER			 139
-#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED	 154
-#define X509V3_R_NO_PUBLIC_KEY				 114
-#define X509V3_R_NO_SUBJECT_DETAILS			 125
-#define X509V3_R_ODD_NUMBER_OF_DIGITS			 112
-#define X509V3_R_OPERATION_NOT_DEFINED			 148
-#define X509V3_R_OTHERNAME_ERROR			 147
-#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED	 155
-#define X509V3_R_POLICY_PATH_LENGTH			 156
-#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED	 157
-#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED	 158
-#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
-#define X509V3_R_SECTION_NOT_FOUND			 150
-#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS		 122
-#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID		 123
-#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT		 111
-#define X509V3_R_UNKNOWN_EXTENSION			 129
-#define X509V3_R_UNKNOWN_EXTENSION_NAME			 130
-#define X509V3_R_UNKNOWN_OPTION				 120
-#define X509V3_R_UNSUPPORTED_OPTION			 117
-#define X509V3_R_UNSUPPORTED_TYPE			 167
-#define X509V3_R_USER_TOO_LONG				 132
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/openssl.config b/openssl.config
deleted file mode 100644
index c8b3dbde01..0000000000
--- a/openssl.config
+++ /dev/null
@@ -1,1085 +0,0 @@
-CONFIGURE_ARGS="\
--DL_ENDIAN \
-no-camellia \
-no-capieng \
-no-cast \
-no-dtls1 \
-no-gost \
-no-gmp \
-no-heartbeats \
-no-idea \
-no-jpake \
-no-md2 \
-no-mdc2 \
-no-rc5 \
-no-rdrand \
-no-ripemd \
-no-rfc3779 \
-no-rsax \
-no-sctp \
-no-seed \
-no-sha0 \
-no-static_engine \
-no-whirlpool \
-no-zlib \
-"
-
-# configure arguments specific for 32-bit arch
-CONFIGURE_ARGS_32="\
-linux-generic32 \
-"
-
-# configure arguments specific for 64-bit arch
-CONFIGURE_ARGS_64="\
-linux-generic64 \
-"
-
-# configure arguments specific for static build
-CONFIGURE_ARGS_STATIC="\
-no-dso \
-"
-
-# unneeded directories
-UNNEEDED_SOURCES="\
-MacOS \
-Netware \
-VMS \
-apps/demoCA \
-apps/demoSRP \
-apps/set \
-bugs \
-certs \
-crypto/camellia \
-crypto/cast \
-crypto/idea \
-crypto/md2 \
-crypto/rc5 \
-crypto/ripemd \
-crypto/seed \
-crypto/whrlpool \
-demos \
-doc \
-engines \
-ms \
-os2 \
-perl \
-shlib \
-test \
-times \
-tools \
-util \
-"
-
-# unneeded files
-UNNEEDED_SOURCES+="\
-CHANGES \
-CHANGES.SSLeay \
-Configure \
-FAQ \
-INSTALL \
-INSTALL.DJGPP \
-INSTALL.MacOS \
-INSTALL.NW \
-INSTALL.OS2 \
-INSTALL.VMS \
-INSTALL.W32 \
-INSTALL.W64 \
-INSTALL.WCE \
-LICENSE \
-Makefile \
-Makefile.org \
-Makefile.shared \
-NEWS \
-PROBLEMS \
-README \
-README.ASN1 \
-README.ENGINE \
-apps/CA.com \
-apps/Makefile \
-apps/install-apps.com \
-apps/makeapps.com \
-apps/openssl-vms.cnf \
-apps/ts.c \
-apps/tsget \
-apps/vms_decc_init.c \
-config \
-crypto/LPdir_vms.c \
-crypto/Makefile \
-crypto/aes/Makefile \
-crypto/asn1/Makefile \
-crypto/bf/INSTALL \
-crypto/bf/Makefile \
-crypto/bf/README \
-crypto/bf/VERSION \
-crypto/bf/asm/readme \
-crypto/bf/bf_cbc.c \
-crypto/bf/bf_opts.c \
-crypto/bf/bfs.cpp \
-crypto/bf/bfspeed.c \
-crypto/bf/bftest.c \
-crypto/bio/Makefile \
-crypto/bio/bss_rtcp.c \
-crypto/bn/Makefile \
-crypto/bn/asm/vms.mar \
-crypto/bn/bn_x931p.c \
-crypto/bn/vms-helper.c \
-crypto/buffer/Makefile \
-crypto/cmac/Makefile \
-crypto/cms/Makefile \
-crypto/comp/Makefile \
-crypto/conf/Makefile \
-crypto/constant_time_test.c \
-crypto/crypto-lib.com \
-crypto/des/Makefile \
-crypto/des/des-lib.com \
-crypto/dh/Makefile \
-crypto/dh/dh_prn.c \
-crypto/dsa/Makefile \
-crypto/dso/Makefile \
-crypto/dso/dso_beos.c \
-crypto/dso/dso_vms.c \
-crypto/dso/dso_win32.c \
-crypto/ec/Makefile \
-crypto/ec/ecp_nistp224.c \
-crypto/ec/ecp_nistp256.c \
-crypto/ec/ecp_nistp521.c \
-crypto/ec/ecp_nistputil.c \
-crypto/ecdh/Makefile \
-crypto/ecdsa/Makefile \
-crypto/engine/Makefile \
-crypto/engine/eng_rdrand.c \
-crypto/engine/eng_rsax.c \
-crypto/err/Makefile \
-crypto/evp/Makefile \
-crypto/evp/evp_fips.c \
-crypto/evp/m_md2.c \
-crypto/evp/m_sha.c \
-crypto/fips_err.h \
-crypto/fips_ers.c \
-crypto/hmac/Makefile \
-crypto/install-crypto.com \
-crypto/jpake/Makefile \
-crypto/krb5/Makefile \
-crypto/lhash/Makefile \
-crypto/md4/Makefile \
-crypto/md5/Makefile \
-crypto/mdc2/Makefile \
-crypto/modes/Makefile \
-crypto/modes/cts128.c \
-crypto/modes/modes.h \
-crypto/o_fips.c \
-crypto/objects/Makefile \
-crypto/ocsp/Makefile \
-crypto/pem/Makefile \
-crypto/pkcs12/Makefile \
-crypto/pkcs7/Makefile \
-crypto/pkcs7/bio_pk7.c \
-crypto/ppccap.c \
-crypto/pqueue/Makefile \
-crypto/rand/Makefile \
-crypto/rand/rand_vms.c \
-crypto/rc2/Makefile \
-crypto/rc4/Makefile \
-crypto/rsa/Makefile \
-crypto/sha/Makefile \
-crypto/sha/sha_one.c \
-crypto/srp/Makefile \
-crypto/srp/srptest.c \
-crypto/stack/Makefile \
-crypto/store/Makefile \
-crypto/threads/pthreads-vms.com \
-crypto/threads/win32.bat \
-crypto/ts/Makefile \
-crypto/ts/ts.h \
-crypto/ts/ts_asn1.c \
-crypto/ts/ts_conf.c \
-crypto/ts/ts_lib.c \
-crypto/ts/ts_req_print.c \
-crypto/ts/ts_req_utils.c \
-crypto/ts/ts_rsp_print.c \
-crypto/ts/ts_rsp_sign.c \
-crypto/ts/ts_rsp_utils.c \
-crypto/ts/ts_rsp_verify.c \
-crypto/ts/ts_verify_ctx.c \
-crypto/txt_db/Makefile \
-crypto/ui/Makefile \
-crypto/vms_rms.h
-crypto/x509/Makefile \
-crypto/x509v3/Makefile \
-include/openssl/camellia.h \
-include/openssl/cast.h \
-include/openssl/idea.h \
-include/openssl/mdc2.h \
-include/openssl/seed.h \
-include/openssl/whrlpool.h \
-install.com \
-makevms.com \
-openssl.doxy \
-openssl.spec \
-ssl/Makefile \
-ssl/heartbeat_test.c \
-ssl/install-ssl.com \
-ssl/ssl-lib.com \
-ssl/ssl_task.c \
-ssl/ssl_utst.c \
-"
-
-NEEDED_SOURCES="\
-apps \
-crypto \
-e_os.h \
-e_os2.h \
-ssl \
-include \
-"
-
-# Arch-specific compiler defines for crypto/ library.
-#
-OPENSSL_CRYPTO_DEFINES="\
-NO_WINDOWS_BRAINDEATH \
-"
-
-OPENSSL_CRYPTO_CLANG_ASFLAGS_arm="\
--no-integrated-as \
-"
-
-OPENSSL_CRYPTO_DEFINES_arm="\
-AES_ASM \
-BSAES_ASM \
-DES_UNROLL \
-GHASH_ASM \
-OPENSSL_BN_ASM_GF2m \
-OPENSSL_BN_ASM_MONT \
-OPENSSL_CPUID_OBJ \
-SHA1_ASM \
-SHA256_ASM \
-SHA512_ASM \
-"
-
-OPENSSL_CRYPTO_CLANG_ASFLAGS_arm64="\
--no-integrated-as \
-"
-
-OPENSSL_CRYPTO_DEFINES_arm64="\
-DES_UNROLL \
-OPENSSL_CPUID_OBJ \
-SHA1_ASM \
-SHA256_ASM \
-SHA512_ASM \
-"
-
-OPENSSL_CRYPTO_DEFINES_mips="\
-OPENSSL_BN_ASM_MONT \
-AES_ASM \
-SHA1_ASM \
-SHA256_ASM \
-"
-
-# TODO: generate *-mips32r6.S files
-OPENSSL_CRYPTO_DEFINES_mips32r6="\
-OPENSSL_NO_ASM \
-"
-
-# TODO: generate *-mips64.S files
-OPENSSL_CRYPTO_DEFINES_mips64="\
-OPENSSL_NO_ASM \
-"
-
-OPENSSL_CRYPTO_DEFINES_x86="\
-AES_ASM \
-DES_PTR \
-DES_RISC1 \
-DES_UNROLL \
-GHASH_ASM \
-MD5_ASM \
-OPENSSL_BN_ASM_GF2m \
-OPENSSL_BN_ASM_MONT \
-OPENSSL_BN_ASM_PART_WORDS \
-OPENSSL_CPUID_OBJ \
-OPENSSL_IA32_SSE2 \
-RC4_INDEX \
-RMD160_ASM \
-SHA1_ASM \
-SHA256_ASM \
-SHA512_ASM \
-VPAES_ASM \
-"
-
-OPENSSL_CRYPTO_DEFINES_x86_64="\
-AES_ASM \
-BSAES_ASM \
-DES_UNROLL \
-GHASH_ASM \
-MD5_ASM \
-OPENSSL_BN_ASM_GF2m \
-OPENSSL_BN_ASM_MONT \
-OPENSSL_BN_ASM_MONT5 \
-OPENSSL_CPUID_OBJ \
-OPENSSL_IA32_SSE2 \
-SHA1_ASM \
-SHA256_ASM \
-SHA512_ASM \
-VPAES_ASM \
-"
-
-OPENSSL_CRYPTO_INCLUDES="\
-. \
-include \
-crypto \
-crypto/asn1 \
-crypto/evp \
-crypto/modes \
-include \
-include/openssl \
-"
-
-OPENSSL_CRYPTO_SOURCES="\
-crypto/cryptlib.c \
-crypto/mem.c \
-crypto/mem_clr.c \
-crypto/mem_dbg.c \
-crypto/cversion.c \
-crypto/ex_data.c \
-crypto/cpt_err.c \
-crypto/ebcdic.c \
-crypto/uid.c \
-crypto/o_time.c \
-crypto/o_str.c \
-crypto/o_dir.c \
-crypto/aes/aes_cbc.c \
-crypto/aes/aes_cfb.c \
-crypto/aes/aes_core.c \
-crypto/aes/aes_ctr.c \
-crypto/aes/aes_ecb.c \
-crypto/aes/aes_misc.c \
-crypto/aes/aes_ofb.c \
-crypto/aes/aes_wrap.c \
-crypto/asn1/a_bitstr.c \
-crypto/asn1/a_bool.c \
-crypto/asn1/a_bytes.c \
-crypto/asn1/a_d2i_fp.c \
-crypto/asn1/a_digest.c \
-crypto/asn1/a_dup.c \
-crypto/asn1/a_enum.c \
-crypto/asn1/a_gentm.c \
-crypto/asn1/a_i2d_fp.c \
-crypto/asn1/a_int.c \
-crypto/asn1/a_mbstr.c \
-crypto/asn1/a_object.c \
-crypto/asn1/a_octet.c \
-crypto/asn1/a_print.c \
-crypto/asn1/a_set.c \
-crypto/asn1/a_sign.c \
-crypto/asn1/a_strex.c \
-crypto/asn1/a_strnid.c \
-crypto/asn1/a_time.c \
-crypto/asn1/a_type.c \
-crypto/asn1/a_utctm.c \
-crypto/asn1/a_utf8.c \
-crypto/asn1/a_verify.c \
-crypto/asn1/ameth_lib.c \
-crypto/asn1/asn1_err.c \
-crypto/asn1/asn1_gen.c \
-crypto/asn1/asn1_lib.c \
-crypto/asn1/asn1_par.c \
-crypto/asn1/asn_mime.c \
-crypto/asn1/asn_moid.c \
-crypto/asn1/asn_pack.c \
-crypto/asn1/bio_asn1.c \
-crypto/asn1/bio_ndef.c \
-crypto/asn1/d2i_pr.c \
-crypto/asn1/d2i_pu.c \
-crypto/asn1/evp_asn1.c \
-crypto/asn1/f_enum.c \
-crypto/asn1/f_int.c \
-crypto/asn1/f_string.c \
-crypto/asn1/i2d_pr.c \
-crypto/asn1/i2d_pu.c \
-crypto/asn1/n_pkey.c \
-crypto/asn1/nsseq.c \
-crypto/asn1/p5_pbe.c \
-crypto/asn1/p5_pbev2.c \
-crypto/asn1/p8_pkey.c \
-crypto/asn1/t_bitst.c \
-crypto/asn1/t_crl.c \
-crypto/asn1/t_pkey.c \
-crypto/asn1/t_req.c \
-crypto/asn1/t_spki.c \
-crypto/asn1/t_x509.c \
-crypto/asn1/t_x509a.c \
-crypto/asn1/tasn_dec.c \
-crypto/asn1/tasn_enc.c \
-crypto/asn1/tasn_fre.c \
-crypto/asn1/tasn_new.c \
-crypto/asn1/tasn_prn.c \
-crypto/asn1/tasn_typ.c \
-crypto/asn1/tasn_utl.c \
-crypto/asn1/x_algor.c \
-crypto/asn1/x_attrib.c \
-crypto/asn1/x_bignum.c \
-crypto/asn1/x_crl.c \
-crypto/asn1/x_exten.c \
-crypto/asn1/x_info.c \
-crypto/asn1/x_long.c \
-crypto/asn1/x_name.c \
-crypto/asn1/x_nx509.c \
-crypto/asn1/x_pkey.c \
-crypto/asn1/x_pubkey.c \
-crypto/asn1/x_req.c \
-crypto/asn1/x_sig.c \
-crypto/asn1/x_spki.c \
-crypto/asn1/x_val.c \
-crypto/asn1/x_x509.c \
-crypto/asn1/x_x509a.c \
-crypto/bf/bf_cfb64.c \
-crypto/bf/bf_ecb.c \
-crypto/bf/bf_enc.c \
-crypto/bf/bf_ofb64.c \
-crypto/bf/bf_skey.c \
-crypto/bio/b_dump.c \
-crypto/bio/b_print.c \
-crypto/bio/b_sock.c \
-crypto/bio/bf_buff.c \
-crypto/bio/bf_nbio.c \
-crypto/bio/bf_null.c \
-crypto/bio/bio_cb.c \
-crypto/bio/bio_err.c \
-crypto/bio/bio_lib.c \
-crypto/bio/bss_acpt.c \
-crypto/bio/bss_bio.c \
-crypto/bio/bss_conn.c \
-crypto/bio/bss_dgram.c \
-crypto/bio/bss_fd.c \
-crypto/bio/bss_file.c \
-crypto/bio/bss_log.c \
-crypto/bio/bss_mem.c \
-crypto/bio/bss_null.c \
-crypto/bio/bss_sock.c \
-crypto/bn/bn_add.c \
-crypto/bn/bn_asm.c \
-crypto/bn/bn_blind.c \
-crypto/bn/bn_const.c \
-crypto/bn/bn_ctx.c \
-crypto/bn/bn_div.c \
-crypto/bn/bn_err.c \
-crypto/bn/bn_exp.c \
-crypto/bn/bn_exp2.c \
-crypto/bn/bn_gcd.c \
-crypto/bn/bn_gf2m.c \
-crypto/bn/bn_kron.c \
-crypto/bn/bn_lib.c \
-crypto/bn/bn_mod.c \
-crypto/bn/bn_mont.c \
-crypto/bn/bn_mpi.c \
-crypto/bn/bn_mul.c \
-crypto/bn/bn_nist.c \
-crypto/bn/bn_prime.c \
-crypto/bn/bn_print.c \
-crypto/bn/bn_rand.c \
-crypto/bn/bn_recp.c \
-crypto/bn/bn_shift.c \
-crypto/bn/bn_sqr.c \
-crypto/bn/bn_sqrt.c \
-crypto/bn/bn_word.c \
-crypto/buffer/buf_err.c \
-crypto/buffer/buf_str.c \
-crypto/buffer/buffer.c \
-crypto/cmac/cm_ameth.c \
-crypto/cmac/cm_pmeth.c \
-crypto/cmac/cmac.c \
-crypto/cms/cms_asn1.c \
-crypto/cms/cms_att.c \
-crypto/cms/cms_cd.c \
-crypto/cms/cms_dd.c \
-crypto/cms/cms_enc.c \
-crypto/cms/cms_env.c \
-crypto/cms/cms_err.c \
-crypto/cms/cms_ess.c \
-crypto/cms/cms_io.c \
-crypto/cms/cms_lib.c \
-crypto/cms/cms_pwri.c \
-crypto/cms/cms_sd.c \
-crypto/cms/cms_smime.c \
-crypto/comp/c_rle.c \
-crypto/comp/c_zlib.c \
-crypto/comp/comp_err.c \
-crypto/comp/comp_lib.c \
-crypto/conf/conf_api.c \
-crypto/conf/conf_def.c \
-crypto/conf/conf_err.c \
-crypto/conf/conf_lib.c \
-crypto/conf/conf_mall.c \
-crypto/conf/conf_mod.c \
-crypto/conf/conf_sap.c \
-crypto/constant_time_locl.h \
-crypto/des/cbc_cksm.c \
-crypto/des/cbc_enc.c \
-crypto/des/cfb64ede.c \
-crypto/des/cfb64enc.c \
-crypto/des/cfb_enc.c \
-crypto/des/des_enc.c \
-crypto/des/des_old.c \
-crypto/des/des_old2.c \
-crypto/des/ecb3_enc.c \
-crypto/des/ecb_enc.c \
-crypto/des/ede_cbcm_enc.c \
-crypto/des/enc_read.c \
-crypto/des/enc_writ.c \
-crypto/des/fcrypt.c \
-crypto/des/fcrypt_b.c \
-crypto/des/ofb64ede.c \
-crypto/des/ofb64enc.c \
-crypto/des/ofb_enc.c \
-crypto/des/pcbc_enc.c \
-crypto/des/qud_cksm.c \
-crypto/des/rand_key.c \
-crypto/des/read2pwd.c \
-crypto/des/rpc_enc.c \
-crypto/des/set_key.c \
-crypto/des/str2key.c \
-crypto/des/xcbc_enc.c \
-crypto/dh/dh_ameth.c \
-crypto/dh/dh_asn1.c \
-crypto/dh/dh_check.c \
-crypto/dh/dh_depr.c \
-crypto/dh/dh_err.c \
-crypto/dh/dh_gen.c \
-crypto/dh/dh_key.c \
-crypto/dh/dh_lib.c \
-crypto/dh/dh_pmeth.c \
-crypto/dsa/dsa_ameth.c \
-crypto/dsa/dsa_asn1.c \
-crypto/dsa/dsa_depr.c \
-crypto/dsa/dsa_err.c \
-crypto/dsa/dsa_gen.c \
-crypto/dsa/dsa_key.c \
-crypto/dsa/dsa_lib.c \
-crypto/dsa/dsa_ossl.c \
-crypto/dsa/dsa_pmeth.c \
-crypto/dsa/dsa_prn.c \
-crypto/dsa/dsa_sign.c \
-crypto/dsa/dsa_vrf.c \
-crypto/dso/dso_dl.c \
-crypto/dso/dso_dlfcn.c \
-crypto/dso/dso_err.c \
-crypto/dso/dso_lib.c \
-crypto/dso/dso_null.c \
-crypto/dso/dso_openssl.c \
-crypto/ec/ec2_mult.c \
-crypto/ec/ec2_oct.c \
-crypto/ec/ec2_smpl.c \
-crypto/ec/ec_ameth.c \
-crypto/ec/ec_asn1.c \
-crypto/ec/ec_check.c \
-crypto/ec/ec_curve.c \
-crypto/ec/ec_cvt.c \
-crypto/ec/ec_err.c \
-crypto/ec/ec_key.c \
-crypto/ec/ec_lib.c \
-crypto/ec/ec_mult.c \
-crypto/ec/ec_oct.c \
-crypto/ec/ec_pmeth.c \
-crypto/ec/ec_print.c \
-crypto/ec/eck_prn.c \
-crypto/ec/ecp_mont.c \
-crypto/ec/ecp_nist.c \
-crypto/ec/ecp_oct.c \
-crypto/ec/ecp_smpl.c \
-crypto/ecdh/ech_err.c \
-crypto/ecdh/ech_key.c \
-crypto/ecdh/ech_lib.c \
-crypto/ecdh/ech_ossl.c \
-crypto/ecdsa/ecs_asn1.c \
-crypto/ecdsa/ecs_err.c \
-crypto/ecdsa/ecs_lib.c \
-crypto/ecdsa/ecs_ossl.c \
-crypto/ecdsa/ecs_sign.c \
-crypto/ecdsa/ecs_vrf.c \
-crypto/engine/eng_all.c \
-crypto/engine/eng_cnf.c \
-crypto/engine/eng_ctrl.c \
-crypto/engine/eng_dyn.c \
-crypto/engine/eng_err.c \
-crypto/engine/eng_fat.c \
-crypto/engine/eng_init.c \
-crypto/engine/eng_lib.c \
-crypto/engine/eng_list.c \
-crypto/engine/eng_pkey.c \
-crypto/engine/eng_table.c \
-crypto/engine/tb_asnmth.c \
-crypto/engine/tb_cipher.c \
-crypto/engine/tb_dh.c \
-crypto/engine/tb_digest.c \
-crypto/engine/tb_dsa.c \
-crypto/engine/tb_ecdh.c \
-crypto/engine/tb_ecdsa.c \
-crypto/engine/tb_pkmeth.c \
-crypto/engine/tb_rand.c \
-crypto/engine/tb_rsa.c \
-crypto/engine/tb_store.c \
-crypto/err/err.c \
-crypto/err/err_all.c \
-crypto/err/err_prn.c \
-crypto/evp/bio_b64.c \
-crypto/evp/bio_enc.c \
-crypto/evp/bio_md.c \
-crypto/evp/bio_ok.c \
-crypto/evp/c_all.c \
-crypto/evp/c_allc.c \
-crypto/evp/c_alld.c \
-crypto/evp/digest.c \
-crypto/evp/e_aes.c \
-crypto/evp/e_aes_cbc_hmac_sha1.c \
-crypto/evp/e_bf.c \
-crypto/evp/e_des.c \
-crypto/evp/e_des3.c \
-crypto/evp/e_null.c \
-crypto/evp/e_old.c \
-crypto/evp/e_rc2.c \
-crypto/evp/e_rc4.c \
-crypto/evp/e_rc4_hmac_md5.c \
-crypto/evp/e_rc5.c \
-crypto/evp/e_xcbc_d.c \
-crypto/evp/encode.c \
-crypto/evp/evp_acnf.c \
-crypto/evp/evp_cnf.c \
-crypto/evp/evp_enc.c \
-crypto/evp/evp_err.c \
-crypto/evp/evp_key.c \
-crypto/evp/evp_lib.c \
-crypto/evp/evp_pbe.c \
-crypto/evp/evp_pkey.c \
-crypto/evp/m_dss.c \
-crypto/evp/m_dss1.c \
-crypto/evp/m_ecdsa.c \
-crypto/evp/m_md4.c \
-crypto/evp/m_md5.c \
-crypto/evp/m_mdc2.c \
-crypto/evp/m_null.c \
-crypto/evp/m_sha1.c \
-crypto/evp/m_sigver.c \
-crypto/evp/m_wp.c \
-crypto/evp/names.c \
-crypto/evp/p5_crpt.c \
-crypto/evp/p5_crpt2.c \
-crypto/evp/p_dec.c \
-crypto/evp/p_enc.c \
-crypto/evp/p_lib.c \
-crypto/evp/p_open.c \
-crypto/evp/p_seal.c \
-crypto/evp/p_sign.c \
-crypto/evp/p_verify.c \
-crypto/evp/pmeth_fn.c \
-crypto/evp/pmeth_gn.c \
-crypto/evp/pmeth_lib.c \
-crypto/hmac/hm_ameth.c \
-crypto/hmac/hm_pmeth.c \
-crypto/hmac/hmac.c \
-crypto/krb5/krb5_asn.c \
-crypto/lhash/lh_stats.c \
-crypto/lhash/lhash.c \
-crypto/md4/md4_dgst.c \
-crypto/md4/md4_one.c \
-crypto/md5/md5_dgst.c \
-crypto/md5/md5_one.c \
-crypto/modes/cbc128.c \
-crypto/modes/ccm128.c \
-crypto/modes/cfb128.c \
-crypto/modes/ctr128.c \
-crypto/modes/gcm128.c \
-crypto/modes/ofb128.c \
-crypto/modes/xts128.c \
-crypto/o_init.c \
-crypto/objects/o_names.c \
-crypto/objects/obj_dat.c \
-crypto/objects/obj_err.c \
-crypto/objects/obj_lib.c \
-crypto/objects/obj_xref.c \
-crypto/ocsp/ocsp_asn.c \
-crypto/ocsp/ocsp_cl.c \
-crypto/ocsp/ocsp_err.c \
-crypto/ocsp/ocsp_ext.c \
-crypto/ocsp/ocsp_ht.c \
-crypto/ocsp/ocsp_lib.c \
-crypto/ocsp/ocsp_prn.c \
-crypto/ocsp/ocsp_srv.c \
-crypto/ocsp/ocsp_vfy.c \
-crypto/pem/pem_all.c \
-crypto/pem/pem_err.c \
-crypto/pem/pem_info.c \
-crypto/pem/pem_lib.c \
-crypto/pem/pem_oth.c \
-crypto/pem/pem_pk8.c \
-crypto/pem/pem_pkey.c \
-crypto/pem/pem_seal.c \
-crypto/pem/pem_sign.c \
-crypto/pem/pem_x509.c \
-crypto/pem/pem_xaux.c \
-crypto/pem/pvkfmt.c \
-crypto/pkcs12/p12_add.c \
-crypto/pkcs12/p12_asn.c \
-crypto/pkcs12/p12_attr.c \
-crypto/pkcs12/p12_crpt.c \
-crypto/pkcs12/p12_crt.c \
-crypto/pkcs12/p12_decr.c \
-crypto/pkcs12/p12_init.c \
-crypto/pkcs12/p12_key.c \
-crypto/pkcs12/p12_kiss.c \
-crypto/pkcs12/p12_mutl.c \
-crypto/pkcs12/p12_npas.c \
-crypto/pkcs12/p12_p8d.c \
-crypto/pkcs12/p12_p8e.c \
-crypto/pkcs12/p12_utl.c \
-crypto/pkcs12/pk12err.c \
-crypto/pkcs7/pk7_asn1.c \
-crypto/pkcs7/pk7_attr.c \
-crypto/pkcs7/pk7_doit.c \
-crypto/pkcs7/pk7_lib.c \
-crypto/pkcs7/pk7_mime.c \
-crypto/pkcs7/pk7_smime.c \
-crypto/pkcs7/pkcs7err.c \
-crypto/pqueue/pqueue.c \
-crypto/rand/md_rand.c \
-crypto/rand/rand_egd.c \
-crypto/rand/rand_err.c \
-crypto/rand/rand_lib.c \
-crypto/rand/rand_unix.c \
-crypto/rand/rand_win.c \
-crypto/rand/randfile.c \
-crypto/rc2/rc2_cbc.c \
-crypto/rc2/rc2_ecb.c \
-crypto/rc2/rc2_skey.c \
-crypto/rc2/rc2cfb64.c \
-crypto/rc2/rc2ofb64.c \
-crypto/rc4/rc4_enc.c \
-crypto/rc4/rc4_skey.c \
-crypto/rc4/rc4_utl.c \
-crypto/rsa/rsa_ameth.c \
-crypto/rsa/rsa_asn1.c \
-crypto/rsa/rsa_chk.c \
-crypto/rsa/rsa_crpt.c \
-crypto/rsa/rsa_eay.c \
-crypto/rsa/rsa_err.c \
-crypto/rsa/rsa_gen.c \
-crypto/rsa/rsa_lib.c \
-crypto/rsa/rsa_none.c \
-crypto/rsa/rsa_null.c \
-crypto/rsa/rsa_oaep.c \
-crypto/rsa/rsa_pk1.c \
-crypto/rsa/rsa_pmeth.c \
-crypto/rsa/rsa_prn.c \
-crypto/rsa/rsa_pss.c \
-crypto/rsa/rsa_saos.c \
-crypto/rsa/rsa_sign.c \
-crypto/rsa/rsa_ssl.c \
-crypto/rsa/rsa_x931.c \
-crypto/sha/sha1_one.c \
-crypto/sha/sha1dgst.c \
-crypto/sha/sha256.c \
-crypto/sha/sha512.c \
-crypto/sha/sha_dgst.c \
-crypto/srp/srp_lib.c \
-crypto/srp/srp_vfy.c \
-crypto/stack/stack.c \
-crypto/ts/ts_err.c \
-crypto/txt_db/txt_db.c \
-crypto/ui/ui_compat.c \
-crypto/ui/ui_err.c \
-crypto/ui/ui_lib.c \
-crypto/ui/ui_openssl.c \
-crypto/ui/ui_util.c \
-crypto/x509/by_dir.c \
-crypto/x509/by_file.c \
-crypto/x509/x509_att.c \
-crypto/x509/x509_cmp.c \
-crypto/x509/x509_d2.c \
-crypto/x509/x509_def.c \
-crypto/x509/x509_err.c \
-crypto/x509/x509_ext.c \
-crypto/x509/x509_lu.c \
-crypto/x509/x509_obj.c \
-crypto/x509/x509_r2x.c \
-crypto/x509/x509_req.c \
-crypto/x509/x509_set.c \
-crypto/x509/x509_trs.c \
-crypto/x509/x509_txt.c \
-crypto/x509/x509_v3.c \
-crypto/x509/x509_vfy.c \
-crypto/x509/x509_vpm.c \
-crypto/x509/x509cset.c \
-crypto/x509/x509name.c \
-crypto/x509/x509rset.c \
-crypto/x509/x509spki.c \
-crypto/x509/x509type.c \
-crypto/x509/x_all.c \
-crypto/x509v3/pcy_cache.c \
-crypto/x509v3/pcy_data.c \
-crypto/x509v3/pcy_lib.c \
-crypto/x509v3/pcy_map.c \
-crypto/x509v3/pcy_node.c \
-crypto/x509v3/pcy_tree.c \
-crypto/x509v3/v3_akey.c \
-crypto/x509v3/v3_akeya.c \
-crypto/x509v3/v3_alt.c \
-crypto/x509v3/v3_bcons.c \
-crypto/x509v3/v3_bitst.c \
-crypto/x509v3/v3_conf.c \
-crypto/x509v3/v3_cpols.c \
-crypto/x509v3/v3_crld.c \
-crypto/x509v3/v3_enum.c \
-crypto/x509v3/v3_extku.c \
-crypto/x509v3/v3_genn.c \
-crypto/x509v3/v3_ia5.c \
-crypto/x509v3/v3_info.c \
-crypto/x509v3/v3_int.c \
-crypto/x509v3/v3_lib.c \
-crypto/x509v3/v3_ncons.c \
-crypto/x509v3/v3_ocsp.c \
-crypto/x509v3/v3_pci.c \
-crypto/x509v3/v3_pcia.c \
-crypto/x509v3/v3_pcons.c \
-crypto/x509v3/v3_pku.c \
-crypto/x509v3/v3_pmaps.c \
-crypto/x509v3/v3_prn.c \
-crypto/x509v3/v3_purp.c \
-crypto/x509v3/v3_skey.c \
-crypto/x509v3/v3_sxnet.c \
-crypto/x509v3/v3_utl.c \
-crypto/x509v3/v3err.c \
-"
-
-OPENSSL_CRYPTO_SOURCES_arm="\
-crypto/aes/asm/aes-armv4.S \
-crypto/aes/asm/aesv8-armx.S \
-crypto/aes/asm/bsaes-armv7.S \
-crypto/armcap.c \
-crypto/armv4cpuid.S \
-crypto/bn/asm/armv4-gf2m.S \
-crypto/bn/asm/armv4-mont.S \
-crypto/modes/asm/ghash-armv4.S \
-crypto/modes/asm/ghashv8-armx.S \
-crypto/sha/asm/sha1-armv4-large.S \
-crypto/sha/asm/sha256-armv4.S \
-crypto/sha/asm/sha512-armv4.S \
-"
-
-OPENSSL_CRYPTO_SOURCES_EXCLUDES_arm="\
-crypto/aes/aes_core.c \
-crypto/mem_clr.c \
-"
-
-OPENSSL_CRYPTO_SOURCES_arm64="\
-crypto/armcap.c \
-crypto/arm64cpuid.S \
-crypto/aes/asm/aesv8-armx-64.S \
-crypto/modes/asm/ghashv8-armx-64.S \
-crypto/sha/asm/sha1-armv8.S \
-crypto/sha/asm/sha256-armv8.S \
-crypto/sha/asm/sha512-armv8.S \
-"
-
-OPENSSL_CRYPTO_SOURCES_EXCLUDES_arm64="\
-"
-
-OPENSSL_CRYPTO_SOURCES_mips="\
-crypto/aes/asm/aes-mips.S \
-crypto/bn/asm/bn-mips.S \
-crypto/bn/asm/mips-mont.S \
-crypto/sha/asm/sha1-mips.S \
-crypto/sha/asm/sha256-mips.S \
-"
-
-OPENSSL_CRYPTO_SOURCES_EXCLUDES_mips="\
-crypto/aes/aes_core.c \
-crypto/bn/bn_asm.c \
-"
-
-# TODO: generate *-mips32r6.S files
-OPENSSL_CRYPTO_SOURCES_mips32r6="\
-"
-
-OPENSSL_CRYPTO_SOURCES_EXCLUDES_mips32r6="\
-"
-
-# TODO: generate *-mips64.S files
-OPENSSL_CRYPTO_SOURCES_mips64="\
-"
-
-OPENSSL_CRYPTO_SOURCES_EXCLUDES_mips64="\
-"
-
-OPENSSL_CRYPTO_SOURCES_x86="\
-crypto/aes/asm/aes-586.S \
-crypto/aes/asm/aesni-x86.S \
-crypto/aes/asm/vpaes-x86.S \
-crypto/bf/asm/bf-586.S \
-crypto/bn/asm/bn-586.S \
-crypto/bn/asm/co-586.S \
-crypto/bn/asm/x86-gf2m.S \
-crypto/bn/asm/x86-mont.S \
-crypto/des/asm/crypt586.S \
-crypto/des/asm/des-586.S \
-crypto/md5/asm/md5-586.S \
-crypto/modes/asm/ghash-x86.S \
-crypto/sha/asm/sha1-586.S \
-crypto/sha/asm/sha256-586.S \
-crypto/sha/asm/sha512-586.S \
-crypto/x86cpuid.S \
-"
-
-OPENSSL_CRYPTO_SOURCES_EXCLUDES_x86="\
-crypto/aes/aes_core.c \
-crypto/aes/aes_cbc.c \
-crypto/bf/bf_enc.c \
-crypto/bn/bn_asm.c \
-crypto/des/des_enc.c \
-crypto/des/fcrypt_b.c \
-crypto/mem_clr.c \
-"
-
-OPENSSL_CRYPTO_SOURCES_x86_64="\
-crypto/aes/asm/aes-x86_64.S \
-crypto/aes/asm/aesni-x86_64.S \
-crypto/aes/asm/aesni-sha1-x86_64.S \
-crypto/aes/asm/bsaes-x86_64.S \
-crypto/aes/asm/vpaes-x86_64.S \
-crypto/bn/asm/modexp512-x86_64.S \
-crypto/bn/asm/x86_64-gcc.c \
-crypto/bn/asm/x86_64-gf2m.S \
-crypto/bn/asm/x86_64-mont.S \
-crypto/bn/asm/x86_64-mont5.S \
-crypto/md5/asm/md5-x86_64.S \
-crypto/modes/asm/ghash-x86_64.S \
-crypto/rc4/asm/rc4-md5-x86_64.S \
-crypto/rc4/asm/rc4-x86_64.S \
-crypto/sha/asm/sha1-x86_64.S \
-crypto/sha/asm/sha256-x86_64.S \
-crypto/sha/asm/sha512-x86_64.S \
-crypto/x86_64cpuid.S \
-"
-
-OPENSSL_CRYPTO_SOURCES_EXCLUDES_x86_64="\
-crypto/aes/aes_cbc.c \
-crypto/aes/aes_core.c \
-crypto/bn/bn_asm.c \
-crypto/mem_clr.c \
-crypto/rc4/rc4_enc.c \
-crypto/rc4/rc4_skey.c \
-"
-
-OPENSSL_SSL_INCLUDES="\
-. \
-include \
-crypto \
-"
-
-OPENSSL_SSL_SOURCES="\
-ssl/bio_ssl.c \
-ssl/d1_both.c \
-ssl/d1_enc.c \
-ssl/d1_lib.c \
-ssl/d1_pkt.c \
-ssl/d1_srtp.c \
-ssl/kssl.c \
-ssl/s23_clnt.c \
-ssl/s23_lib.c \
-ssl/s23_meth.c \
-ssl/s23_pkt.c \
-ssl/s23_srvr.c \
-ssl/s2_clnt.c \
-ssl/s2_enc.c \
-ssl/s2_lib.c \
-ssl/s2_meth.c \
-ssl/s2_pkt.c \
-ssl/s2_srvr.c \
-ssl/s3_both.c \
-ssl/s3_cbc.c \
-ssl/s3_clnt.c \
-ssl/s3_enc.c \
-ssl/s3_lib.c \
-ssl/s3_meth.c \
-ssl/s3_pkt.c \
-ssl/s3_srvr.c \
-ssl/ssl_algs.c \
-ssl/ssl_asn1.c \
-ssl/ssl_cert.c \
-ssl/ssl_ciph.c \
-ssl/ssl_err.c \
-ssl/ssl_err2.c \
-ssl/ssl_lib.c \
-ssl/ssl_rsa.c \
-ssl/ssl_sess.c \
-ssl/ssl_stat.c \
-ssl/ssl_txt.c \
-ssl/t1_clnt.c \
-ssl/t1_enc.c \
-ssl/t1_lib.c \
-ssl/t1_meth.c \
-ssl/t1_reneg.c \
-ssl/t1_srvr.c \
-ssl/tls_srp.c \
-"
-
-OPENSSL_APPS_DEFINES="\
-MONOLITH \
-"
-
-OPENSSL_APPS_INCLUDES="\
-. \
-include \
-"
-
-OPENSSL_APPS_SOURCES="\
-apps/app_rand.c \
-apps/apps.c \
-apps/asn1pars.c \
-apps/ca.c \
-apps/ciphers.c \
-apps/cms.c \
-apps/crl.c \
-apps/crl2p7.c \
-apps/dgst.c \
-apps/dh.c \
-apps/dhparam.c \
-apps/dsa.c \
-apps/dsaparam.c \
-apps/ecparam.c \
-apps/ec.c \
-apps/enc.c \
-apps/engine.c \
-apps/errstr.c \
-apps/gendh.c \
-apps/gendsa.c \
-apps/genpkey.c \
-apps/genrsa.c \
-apps/nseq.c \
-apps/ocsp.c \
-apps/openssl.c \
-apps/passwd.c \
-apps/pkcs12.c \
-apps/pkcs7.c \
-apps/pkcs8.c \
-apps/pkey.c \
-apps/pkeyparam.c \
-apps/pkeyutl.c \
-apps/prime.c \
-apps/rand.c \
-apps/req.c \
-apps/rsa.c \
-apps/rsautl.c \
-apps/s_cb.c \
-apps/s_client.c \
-apps/s_server.c \
-apps/s_socket.c \
-apps/s_time.c \
-apps/sess_id.c \
-apps/smime.c \
-apps/speed.c \
-apps/spkac.c \
-apps/srp.c \
-apps/verify.c \
-apps/version.c \
-apps/x509.c \
-"
-
-source ./openssl.trusty.config
diff --git a/openssl.trusty.config b/openssl.trusty.config
deleted file mode 100644
index 9710ad06a3..0000000000
--- a/openssl.trusty.config
+++ /dev/null
@@ -1,278 +0,0 @@
-CONFIGURE_ARGS_TRUSTY="\
--DL_ENDIAN \
-linux-generic32:::<trusty_std.h> \
-no-camellia \
-no-capieng \
-no-cast \
-no-cms \
-no-comp \
-no-conf \
-no-des \
-no-dso \
-no-dtls1 \
-no-err \
-no-gost \
-no-gmp \
-no-heartbeats \
-no-idea \
-no-jpake \
-no-krb5 \
-no-locking \
-no-md2 \
-no-md4 \
-no-md5 \
-no-mdc2 \
-no-ocsp \
-no-pem \
-no-pkcs12 \
-no-pqueue \
-no-rc2 \
-no-rc4 \
-no-rc5 \
-no-rc5 \
-no-rdrand \
-no-rfc3779 \
-no-ripemd \
-no-rsax \
-no-sctp \
-no-seed \
-no-sha0 \
-no-srp \
-no-ssl \
-no-static_engine \
-no-store \
-no-threads \
-no-ts \
-no-txt_db \
-no-ui \
-no-whirlpool \
-"
-
-# Trusty-specific compiler defines for crypto/ library.
-#
-OPENSSL_CRYPTO_TRUSTY_DEFINES="\
-GETPID_IS_MEANINGLESS \
-NO_WINDOWS_BRAINDEATH \
-"
-
-OPENSSL_CRYPTO_TRUSTY_DEFINES_arm="\
-OPENSSL_BN_ASM_GF2m \
-OPENSSL_BN_ASM_MONT \
-GHASH_ASM \
-AES_ASM \
-SHA1_ASM \
-SHA256_ASM \
-SHA512_ASM \
-"
-
-OPENSSL_CRYPTO_TRUSTY_DEFINES_mips=""
-
-OPENSSL_CRYPTO_TRUSTY_DEFINES_x86=""
-
-OPENSSL_CRYPTO_TRUSTY_DEFINES_x86_64=""
-
-OPENSSL_CRYPTO_TRUSTY_INCLUDES="\
-. \
-include \
-crypto \
-crypto/asn1 \
-crypto/evp \
-crypto/modes \
-include \
-include/openssl \
-"
-
-OPENSSL_CRYPTO_TRUSTY_SOURCES="\
-crypto/aes/aes_cbc.c \
-crypto/aes/aes_misc.c \
-crypto/asn1/a_bitstr.c \
-crypto/asn1/a_d2i_fp.c \
-crypto/asn1/a_int.c \
-crypto/asn1/ameth_lib.c \
-crypto/asn1/a_object.c \
-crypto/asn1/a_octet.c \
-crypto/asn1/asn1_lib.c \
-crypto/asn1/asn_pack.c \
-crypto/asn1/a_type.c \
-crypto/asn1/d2i_pr.c \
-crypto/asn1/f_int.c \
-crypto/asn1/i2d_pr.c \
-crypto/asn1/p8_pkey.c \
-crypto/asn1/tasn_dec.c \
-crypto/asn1/tasn_enc.c \
-crypto/asn1/tasn_fre.c \
-crypto/asn1/tasn_new.c \
-crypto/asn1/tasn_typ.c \
-crypto/asn1/tasn_utl.c \
-crypto/asn1/t_pkey.c \
-crypto/asn1/t_x509.c \
-crypto/asn1/x_algor.c \
-crypto/asn1/x_attrib.c \
-crypto/asn1/x_bignum.c \
-crypto/asn1/x_long.c \
-crypto/asn1/x_pubkey.c \
-crypto/asn1/x_sig.c \
-crypto/bio/bio_lib.c \
-crypto/bio/b_print.c \
-crypto/bio/bss_mem.c \
-crypto/bn/bn_add.c \
-crypto/bn/bn_asm.c \
-crypto/bn/bn_blind.c \
-crypto/bn/bn_ctx.c \
-crypto/bn/bn_div.c \
-crypto/bn/bn_exp2.c \
-crypto/bn/bn_exp.c \
-crypto/bn/bn_gcd.c \
-crypto/bn/bn_gf2m.c \
-crypto/bn/bn_kron.c \
-crypto/bn/bn_lib.c \
-crypto/bn/bn_mod.c \
-crypto/bn/bn_mont.c \
-crypto/bn/bn_mul.c \
-crypto/bn/bn_nist.c \
-crypto/bn/bn_prime.c \
-crypto/bn/bn_print.c \
-crypto/bn/bn_rand.c \
-crypto/bn/bn_recp.c \
-crypto/bn/bn_shift.c \
-crypto/bn/bn_sqr.c \
-crypto/bn/bn_sqrt.c \
-crypto/bn/bn_word.c \
-crypto/buffer/buffer.c \
-crypto/buffer/buf_str.c \
-crypto/cmac/cmac.c \
-crypto/cmac/cm_ameth.c \
-crypto/cmac/cm_pmeth.c \
-Crypto-config.mk \
-crypto/cryptlib.c \
-crypto/dh/dh_ameth.c \
-crypto/dh/dh_asn1.c \
-crypto/dh/dh_check.c \
-crypto/dh/dh_gen.c \
-crypto/dh/dh_key.c \
-crypto/dh/dh_lib.c \
-crypto/dh/dh_pmeth.c \
-crypto/dsa/dsa_ameth.c \
-crypto/dsa/dsa_asn1.c \
-crypto/dsa/dsa_gen.c \
-crypto/dsa/dsa_key.c \
-crypto/dsa/dsa_lib.c \
-crypto/dsa/dsa_ossl.c \
-crypto/dsa/dsa_pmeth.c \
-crypto/dsa/dsa_sign.c \
-crypto/dsa/dsa_vrf.c \
-crypto/ecdh/ech_key.c \
-crypto/ecdh/ech_lib.c \
-crypto/ecdh/ech_ossl.c \
-crypto/ecdsa/ecs_asn1.c \
-crypto/ecdsa/ecs_lib.c \
-crypto/ecdsa/ecs_ossl.c \
-crypto/ecdsa/ecs_sign.c \
-crypto/ecdsa/ecs_vrf.c \
-crypto/ec/ec2_mult.c \
-crypto/ec/ec2_oct.c \
-crypto/ec/ec2_smpl.c \
-crypto/ec/ec_ameth.c \
-crypto/ec/ec_asn1.c \
-crypto/ec/ec_curve.c \
-crypto/ec/ec_cvt.c \
-crypto/ec/ec_key.c \
-crypto/ec/eck_prn.c \
-crypto/ec/ec_lib.c \
-crypto/ec/ec_mult.c \
-crypto/ec/ec_oct.c \
-crypto/ec/ec_pmeth.c \
-crypto/ec/ecp_mont.c \
-crypto/ec/ecp_nist.c \
-crypto/ec/ecp_oct.c \
-crypto/ec/ec_print.c \
-crypto/ec/ecp_smpl.c \
-crypto/engine/eng_init.c \
-crypto/engine/eng_lib.c \
-crypto/engine/eng_table.c \
-crypto/engine/tb_asnmth.c \
-crypto/engine/tb_cipher.c \
-crypto/engine/tb_dh.c \
-crypto/engine/tb_digest.c \
-crypto/engine/tb_dsa.c \
-crypto/engine/tb_ecdh.c \
-crypto/engine/tb_ecdsa.c \
-crypto/engine/tb_pkmeth.c \
-crypto/engine/tb_rand.c \
-crypto/engine/tb_rsa.c \
-crypto/err/err.c \
-crypto/evp/digest.c \
-crypto/evp/e_aes.c \
-crypto/evp/evp_enc.c \
-crypto/evp/evp_lib.c \
-crypto/evp/evp_pkey.c \
-crypto/evp/m_sha1.c \
-crypto/evp/m_sigver.c \
-crypto/evp/names.c \
-crypto/evp/p_lib.c \
-crypto/evp/pmeth_fn.c \
-crypto/evp/pmeth_gn.c \
-crypto/evp/pmeth_lib.c \
-crypto/ex_data.c \
-crypto/hmac/hmac.c \
-crypto/hmac/hm_ameth.c \
-crypto/hmac/hm_pmeth.c \
-crypto/lhash/lhash.c \
-crypto/mem.c \
-crypto/mem_clr.c \
-crypto/mem_dbg.c \
-crypto/modes/cbc128.c \
-crypto/modes/ctr128.c \
-crypto/objects/obj_dat.c \
-crypto/objects/obj_xref.c \
-crypto/objects/o_names.c \
-crypto/pkcs7/pk7_lib.c \
-crypto/rand/md_rand.c \
-crypto/rand/rand_lib.c \
-crypto/rsa/rsa_ameth.c \
-crypto/rsa/rsa_asn1.c \
-crypto/rsa/rsa_chk.c \
-crypto/rsa/rsa_crpt.c \
-crypto/rsa/rsa_eay.c \
-crypto/rsa/rsa_gen.c \
-crypto/rsa/rsa_lib.c \
-crypto/rsa/rsa_none.c \
-crypto/rsa/rsa_oaep.c \
-crypto/rsa/rsa_pk1.c \
-crypto/rsa/rsa_pmeth.c \
-crypto/rsa/rsa_pss.c \
-crypto/rsa/rsa_saos.c \
-crypto/rsa/rsa_sign.c \
-crypto/rsa/rsa_ssl.c \
-crypto/rsa/rsa_x931.c \
-crypto/sha/sha1_one.c \
-crypto/sha/sha1dgst.c \
-crypto/sha/sha256.c \
-crypto/sha/sha512.c \
-crypto/stack/stack.c \
-crypto/x509v3/v3_utl.c \
-crypto/x509/x_all.c \
-"
-
-OPENSSL_CRYPTO_TRUSTY_SOURCES_arm="\
-crypto/aes/asm/aes-armv4.S \
-crypto/sha/asm/sha1-armv4-large.S \
-crypto/sha/asm/sha256-armv4.S \
-crypto/sha/asm/sha512-armv4.S \
-crypto/bn/asm/armv4-gf2m.S \
-crypto/bn/asm/armv4-mont.S \
-"
-
-OPENSSL_CRYPTO_TRUSTY_SOURCES_EXCLUDES_arm=""
-
-OPENSSL_CRYPTO_TRUSTY_SOURCES_mips=""
-
-OPENSSL_CRYPTO_TRUSTY_SOURCES_EXCLUDES_mips=""
-
-OPENSSL_CRYPTO_TRUSTY_SOURCES_x86=""
-
-OPENSSL_CRYPTO_TRUSTY_SOURCES_EXCLUDES_x86=""
-
-OPENSSL_CRYPTO_TRUSTY_SOURCES_x86_64=""
-
-OPENSSL_CRYPTO_TRUSTY_SOURCES_EXCLUDES_x86_64=""
diff --git a/openssl.version b/openssl.version
deleted file mode 100644
index 40e6fc0431..0000000000
--- a/openssl.version
+++ /dev/null
@@ -1 +0,0 @@
-OPENSSL_VERSION=1.0.1l
diff --git a/patches/0001-progs.patch b/patches/0001-progs.patch
deleted file mode 100644
index f0879ae709..0000000000
--- a/patches/0001-progs.patch
+++ /dev/null
@@ -1,54 +0,0 @@
---- openssl-1.0.0.orig/apps/openssl.c	2009-10-04 09:43:21.000000000 -0700
-+++ openssl-1.0.0/apps/openssl.c	2010-05-18 14:05:14.000000000 -0700
-@@ -275,8 +275,10 @@ int main(int Argc, char *Argv[])
- 		if (ERR_GET_REASON(ERR_peek_last_error())
- 		    == CONF_R_NO_SUCH_FILE)
- 			{
-+#if 0 /* ANDROID */
- 			BIO_printf(bio_err,
- 				   "WARNING: can't open config file: %s\n",p);
-+#endif
- 			ERR_clear_error();
- 			NCONF_free(config);
- 			config = NULL;
---- openssl-1.0.0.orig/apps/progs.h	2009-06-30 08:08:38.000000000 -0700
-+++ openssl-1.0.0/apps/progs.h	2010-05-18 14:05:38.000000000 -0700
-@@ -146,7 +152,9 @@ FUNCTION functions[] = {
- 	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
- #endif
- 	{FUNC_TYPE_GENERAL,"prime",prime_main},
-+#if 0 /* ANDROID */
- 	{FUNC_TYPE_GENERAL,"ts",ts_main},
-+#endif
- #ifndef OPENSSL_NO_SRP
- 	{FUNC_TYPE_GENERAL,"srp",srp_main},
- #endif
---- openssl-1.0.0.orig/apps/speed.c	2010-03-03 11:56:17.000000000 -0800
-+++ openssl-1.0.0/apps/speed.c	2010-05-18 14:05:57.000000000 -0700
-@@ -1718,6 +1718,7 @@ int MAIN(int argc, char **argv)
- 			}
- 		}
- 
-+#if 0 /* ANDROID */
- 	if (doit[D_IGE_128_AES])
- 		{
- 		for (j=0; j<SIZE_NUM; j++)
-@@ -1763,6 +1764,7 @@ int MAIN(int argc, char **argv)
- 
- 
- #endif
-+#endif
- #ifndef OPENSSL_NO_CAMELLIA
- 	if (doit[D_CBC_128_CML])
- 		{
---- openssl-1.0.0.orig/crypto/ui/ui_openssl.c	2009-10-04 09:43:21.000000000 -0700
-+++ openssl-1.0.0/crypto/ui/ui_openssl.c	2010-05-18 13:36:26.000000000 -0700
-@@ -184,7 +184,7 @@
- # undef  SGTTY
- #endif
- 
--#if defined(linux) && !defined(TERMIO)
-+#if defined(linux) && !defined(TERMIO) && !defined(__ANDROID__)
- # undef  TERMIOS
- # define TERMIO
- # undef  SGTTY
diff --git a/patches/0002-handshake_cutthrough.patch b/patches/0002-handshake_cutthrough.patch
deleted file mode 100644
index f4d6a8cd90..0000000000
--- a/patches/0002-handshake_cutthrough.patch
+++ /dev/null
@@ -1,354 +0,0 @@
-From 4c654523c703645f8b517389b6da537c5a9e5168 Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Thu, 24 Jan 2013 16:22:07 -0500
-Subject: [PATCH] handshake_cutthrough
-
-Enables SSL3+ clients to send application data immediately following the
-Finished message even when negotiating full-handshakes.  With this
-patch, clients can negotiate SSL connections in 1-RTT even when
-performing full-handshakes.
----
- apps/s_client.c | 13 +++++++++++++
- ssl/s3_clnt.c   | 54 ++++++++++++++++++++++++++++++++++++++++++++++++------
- ssl/s3_lib.c    | 15 ++++++++++++++-
- ssl/ssl.h       | 10 +++++++++-
- ssl/ssl3.h      |  1 +
- ssl/ssl_lib.c   | 42 ++++++++++++++++++++++++++++++++++++++++++
- ssl/ssl_locl.h  |  2 ++
- ssl/ssltest.c   | 12 ++++++++++++
- test/testssl    |  3 +++
- 9 files changed, 144 insertions(+), 8 deletions(-)
-
-diff --git a/apps/s_client.c b/apps/s_client.c
-index 3ba6605..791e277 100644
---- a/apps/s_client.c
-+++ b/apps/s_client.c
-@@ -361,6 +361,7 @@ static void sc_usage(void)
- 	BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
- # endif
- #endif
-+	BIO_printf(bio_err," -cutthrough       - enable 1-RTT full-handshake for strong ciphers\n");
- 	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
- #ifndef OPENSSL_NO_SRTP
- 	BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
-@@ -577,6 +578,7 @@ int MAIN(int argc, char **argv)
- 	EVP_PKEY *key = NULL;
- 	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
- 	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
-+	int cutthrough=0;
- 	int crlf=0;
- 	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
- 	SSL_CTX *ctx=NULL;
-@@ -883,6 +885,8 @@ int MAIN(int argc, char **argv)
- 			}
- # endif
- #endif
-+		else if (strcmp(*argv,"-cutthrough") == 0)
-+			cutthrough=1;
- 		else if (strcmp(*argv,"-serverpref") == 0)
- 			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
- 		else if (strcmp(*argv,"-legacy_renegotiation") == 0)
-@@ -1158,6 +1162,15 @@ bad:
- 		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
- #endif
- 
-+	/* Enable handshake cutthrough for client connections using
-+	 * strong ciphers. */
-+	if (cutthrough)
-+		{
-+		int ssl_mode = SSL_CTX_get_mode(ctx);
-+		ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH;
-+		SSL_CTX_set_mode(ctx, ssl_mode);
-+		}
-+
- 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
- 	if (cipher != NULL)
- 		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
-diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
-index a6b3c01..3d3fd64 100644
---- a/ssl/s3_clnt.c
-+++ b/ssl/s3_clnt.c
-@@ -215,6 +215,12 @@ int ssl3_connect(SSL *s)
- 		}
- #endif
- 
-+	if (SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
-+		{
-+		/* Send app data along with CCS/Finished */
-+		s->s3->flags |= SSL3_FLAGS_DELAY_CLIENT_FINISHED;
-+		}
-+
- 	for (;;)
- 		{
- 		state=s->state;
-@@ -526,14 +532,32 @@ int ssl3_connect(SSL *s)
- 				}
- 			else
- 				{
--#ifndef OPENSSL_NO_TLSEXT
--				/* Allow NewSessionTicket if ticket expected */
--				if (s->tlsext_ticket_expected)
--					s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
-+				if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
-+				    && ssl3_can_cutthrough(s)
-+				    && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */
-+				   )
-+					{
-+					if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
-+						{
-+						s->state=SSL3_ST_CUTTHROUGH_COMPLETE;
-+						s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
-+						s->s3->delay_buf_pop_ret=0;
-+						}
-+					else
-+						{
-+						s->s3->tmp.next_state=SSL3_ST_CUTTHROUGH_COMPLETE;
-+						}
-+					}
- 				else
-+					{
-+#ifndef OPENSSL_NO_TLSEXT
-+					/* Allow NewSessionTicket if ticket expected */
-+					if (s->tlsext_ticket_expected)
-+						s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
-+					else
- #endif
--				
--				s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
-+						s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
-+					}
- 				}
- 			s->init_num=0;
- 			break;
-@@ -581,6 +605,24 @@ int ssl3_connect(SSL *s)
- 			s->state=s->s3->tmp.next_state;
- 			break;
- 
-+		case SSL3_ST_CUTTHROUGH_COMPLETE:
-+#ifndef OPENSSL_NO_TLSEXT
-+			/* Allow NewSessionTicket if ticket expected */
-+			if (s->tlsext_ticket_expected)
-+				s->state=SSL3_ST_CR_SESSION_TICKET_A;
-+			else
-+#endif
-+				s->state=SSL3_ST_CR_FINISHED_A;
-+
-+			/* SSL_write() will take care of flushing buffered data if
-+			 * DELAY_CLIENT_FINISHED is set.
-+			 */
-+			if (!(s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED))
-+				ssl_free_wbio_buffer(s);
-+			ret = 1;
-+			goto end;
-+			/* break; */
-+
- 		case SSL_ST_OK:
- 			/* clean a few things up */
- 			ssl3_cleanup_key_block(s);
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index c4ef273..1865c70 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -4211,9 +4211,22 @@ int ssl3_write(SSL *s, const void *buf, int len)
- 
- static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
- 	{
--	int ret;
-+	int n,ret;
- 	
- 	clear_sys_error();
-+	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
-+		{
-+		/* Deal with an application that calls SSL_read() when handshake data
-+		 * is yet to be written.
-+		 */
-+		if (BIO_wpending(s->wbio) > 0)
-+			{
-+			s->rwstate=SSL_WRITING;
-+			n=BIO_flush(s->wbio);
-+			if (n <= 0) return(n);
-+			s->rwstate=SSL_NOTHING;
-+			}
-+		}
- 	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
- 	s->s3->in_read_app_data=1;
- 	ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index 1f255c3..3e31fb5 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -644,6 +644,7 @@ struct ssl_session_st
-  * TLS only.)  "Released" buffers are put onto a free-list in the context
-  * or just freed (depending on the context's setting for freelist_max_len). */
- #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
-+
- /* Send the current time in the Random fields of the ClientHello and
-  * ServerHello records for compatibility with hypothetical implementations
-  * that require it.
-@@ -651,6 +652,11 @@ struct ssl_session_st
- #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
- #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
- 
-+/* When set, clients may send application data before receipt of CCS
-+ * and Finished.  This mode enables full-handshakes to 'complete' in
-+ * one RTT. */
-+#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000200L
-+
- /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
-  * they cannot be used to clear bits. */
- 
-@@ -1424,10 +1430,12 @@ extern "C" {
- /* Is the SSL_connection established? */
- #define SSL_get_state(a)		SSL_state(a)
- #define SSL_is_init_finished(a)		(SSL_state(a) == SSL_ST_OK)
--#define SSL_in_init(a)			(SSL_state(a)&SSL_ST_INIT)
-+#define SSL_in_init(a)			((SSL_state(a)&SSL_ST_INIT) && \
-+					!SSL_cutthrough_complete(a))
- #define SSL_in_before(a)		(SSL_state(a)&SSL_ST_BEFORE)
- #define SSL_in_connect_init(a)		(SSL_state(a)&SSL_ST_CONNECT)
- #define SSL_in_accept_init(a)		(SSL_state(a)&SSL_ST_ACCEPT)
-+int SSL_cutthrough_complete(const SSL *s);
- 
- /* The following 2 states are kept in ssl->rstate when reads fail,
-  * you should not need these */
-diff --git a/ssl/ssl3.h b/ssl/ssl3.h
-index cb8b249..9a61b71 100644
---- a/ssl/ssl3.h
-+++ b/ssl/ssl3.h
-@@ -556,6 +556,7 @@ typedef struct ssl3_state_st
- /*client */
- /* extra state */
- #define SSL3_ST_CW_FLUSH		(0x100|SSL_ST_CONNECT)
-+#define SSL3_ST_CUTTHROUGH_COMPLETE	(0x101|SSL_ST_CONNECT)
- #ifndef OPENSSL_NO_SCTP
- #define DTLS1_SCTP_ST_CW_WRITE_SOCK			(0x310|SSL_ST_CONNECT)
- #define DTLS1_SCTP_ST_CR_READ_SOCK			(0x320|SSL_ST_CONNECT)
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 6dbc3c1..7892928 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -3225,6 +3225,48 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
- 	SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
- 	}
- 
-+int SSL_cutthrough_complete(const SSL *s)
-+	{
-+	return (!s->server &&                 /* cutthrough only applies to clients */
-+		!s->hit &&                        /* full-handshake */
-+		s->version >= SSL3_VERSION &&
-+		s->s3->in_read_app_data == 0 &&   /* cutthrough only applies to write() */
-+		(SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) &&  /* cutthrough enabled */
-+		ssl3_can_cutthrough(s) &&                                   /* cutthrough allowed */
-+		s->s3->previous_server_finished_len == 0 &&                 /* not a renegotiation handshake */
-+		(s->state == SSL3_ST_CR_SESSION_TICKET_A ||                 /* ready to write app-data*/
-+			s->state == SSL3_ST_CR_FINISHED_A));
-+	}
-+
-+int ssl3_can_cutthrough(const SSL *s)
-+	{
-+	const SSL_CIPHER *c;
-+
-+	/* require a strong enough cipher */
-+	if (SSL_get_cipher_bits(s, NULL) < 128)
-+		return 0;
-+
-+	/* require ALPN or NPN extension */
-+	if (!s->s3->alpn_selected
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+		&& !s->s3->next_proto_neg_seen
-+#endif
-+	)
-+		{
-+		return 0;
-+		}
-+
-+	/* require a forward-secret cipher */
-+	c = SSL_get_current_cipher(s);
-+	if (!c || (c->algorithm_mkey != SSL_kEDH &&
-+			c->algorithm_mkey != SSL_kEECDH))
-+		{
-+		return 0;
-+		}
-+
-+	return 1;
-+	}
-+
- /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
-  * vairable, freeing  EVP_MD_CTX previously stored in that variable, if
-  * any. If EVP_MD pointer is passed, initializes ctx with this md
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index e485907..3b1d644 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -1126,6 +1126,8 @@ int tls12_get_sigid(const EVP_PKEY *pk);
- const EVP_MD *tls12_get_hash(unsigned char hash_alg);
- 
- #endif
-+
-+int ssl3_can_cutthrough(const SSL *s);
- EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
- void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
- int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-diff --git a/ssl/ssltest.c b/ssl/ssltest.c
-index 4f80be8..28fa223 100644
---- a/ssl/ssltest.c
-+++ b/ssl/ssltest.c
-@@ -369,8 +369,9 @@ static void sv_usage(void)
- 	               "                 (default is sect163r2).\n");
- #endif
- 	fprintf(stderr," -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
- 		       "                    When this option is requested, the cipherlist\n"
- 		       "                    tests are run instead of handshake tests.\n");
-+	fprintf(stderr," -cutthrough      - enable 1-RTT full-handshake for strong ciphers\n");
- 	}
- 
- static void print_details(SSL *c_ssl, const char *prefix)
-@@ -549,6 +550,7 @@ int main(int argc, char *argv[])
- #ifdef OPENSSL_FIPS
- 	int fips_mode=0;
- #endif
-+	int cutthrough = 0;
- 
- 	verbose = 0;
- 	debug = 0;
-@@ -765,6 +767,10 @@ int main(int argc, char *argv[])
- 			{
- 			test_cipherlist = 1;
- 			}
-+		else if (strcmp(*argv, "-cutthrough") == 0)
-+			{
-+			cutthrough = 1;
-+			}
- 		else
- 			{
- 			fprintf(stderr,"unknown option %s\n",*argv);
-@@ -906,6 +912,12 @@ bad:
- 		SSL_CTX_set_cipher_list(c_ctx,cipher);
- 		SSL_CTX_set_cipher_list(s_ctx,cipher);
- 		}
-+	if (cutthrough)
-+		{
-+		int ssl_mode = SSL_CTX_get_mode(c_ctx);
-+		ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH;
-+		SSL_CTX_set_mode(c_ctx, ssl_mode);
-+		}
- 
- #ifndef OPENSSL_NO_DH
- 	if (!no_dhe)
-diff --git a/test/testssl b/test/testssl
-index 4e8542b..b5f90ba 100644
---- a/test/testssl
-+++ b/test/testssl
-@@ -70,6 +70,9 @@ $ssltest -client_auth $CA $extra || exit 1
- echo test sslv2/sslv3 with both client and server authentication
- $ssltest -server_auth -client_auth $CA $extra || exit 1
- 
-+echo test sslv2/sslv3 with both client and server authentication and handshake cutthrough
-+$ssltest -server_auth -client_auth -cutthrough $CA $extra || exit 1
-+
- echo test sslv2 via BIO pair
- $ssltest -bio_pair -ssl2 $extra || exit 1
- 
--- 
-1.9.1.423.g4596e3a
-
diff --git a/patches/0003-jsse.patch b/patches/0003-jsse.patch
deleted file mode 100644
index a24c92266a..0000000000
--- a/patches/0003-jsse.patch
+++ /dev/null
@@ -1,430 +0,0 @@
---- openssl-1.0.0b.orig/ssl/ssl.h	2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl.h	2010-11-30 00:03:47.000000000 +0000
-@@ -1133,6 +1133,9 @@ struct ssl_st
- 	/* This can also be in the session once a session is established */
- 	SSL_SESSION *session;
- 
-+        /* This can be disabled to prevent the use of uncached sessions */
-+	int session_creation_enabled;
-+
- 	/* Default generate session ID callback. */
- 	GEN_SESSION_CB generate_session_id;
- 
-@@ -1545,6 +1548,7 @@
- char *	SSL_CIPHER_get_version(const SSL_CIPHER *c);
- const char *	SSL_CIPHER_get_name(const SSL_CIPHER *c);
- unsigned long 	SSL_CIPHER_get_id(const SSL_CIPHER *c);
-+const char *	SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher);
- 
- int	SSL_get_fd(const SSL *s);
- int	SSL_get_rfd(const SSL *s);
-@@ -1554,6 +1558,7 @@ const char  * SSL_get_cipher_list(const 
- char *	SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
- int	SSL_get_read_ahead(const SSL * s);
- int	SSL_pending(const SSL *s);
-+const char *	SSL_authentication_method(const SSL *c);
- #ifndef OPENSSL_NO_SOCK
- int	SSL_set_fd(SSL *s, int fd);
- int	SSL_set_rfd(SSL *s, int fd);
-@@ -1565,6 +1570,7 @@ BIO *	SSL_get_rbio(const SSL *s);
- BIO *	SSL_get_wbio(const SSL *s);
- #endif
- int	SSL_set_cipher_list(SSL *s, const char *str);
-+int	SSL_set_cipher_lists(SSL *s, STACK_OF(SSL_CIPHER) *sk);
- void	SSL_set_read_ahead(SSL *s, int yes);
- int	SSL_get_verify_mode(const SSL *s);
- int	SSL_get_verify_depth(const SSL *s);
-@@ -1580,6 +1586,8 @@ int	SSL_use_PrivateKey(SSL *ssl, EVP_PKE
- int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
- int	SSL_use_certificate(SSL *ssl, X509 *x);
- int	SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
-+int	SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain);
-+STACK_OF(X509) * SSL_get_certificate_chain(SSL *ssl, X509 *x);
- 
- #ifndef OPENSSL_NO_STDIO
- int	SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-@@ -1615,6 +1623,7 @@ void	SSL_copy_session_id(SSL *to,const S
- SSL_SESSION *SSL_SESSION_new(void);
- const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
- 					unsigned int *len);
-+const char *	SSL_SESSION_get_version(const SSL_SESSION *s);
- unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
- #ifndef OPENSSL_NO_FP_API
- int	SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
-@@ -1624,6 +1633,7 @@ int	SSL_SESSION_print(BIO *fp,const SSL_
- void	SSL_SESSION_free(SSL_SESSION *ses);
- int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
- int	SSL_set_session(SSL *to, SSL_SESSION *session);
-+void	SSL_set_session_creation_enabled(SSL *, int);
- int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
- int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
- int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-@@ -2066,6 +2076,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION		 244
- #define SSL_F_SSL_USE_CERTIFICATE			 198
- #define SSL_F_SSL_USE_CERTIFICATE_ASN1			 199
-+#define SSL_F_SSL_USE_CERTIFICATE_CHAIN			 2000
- #define SSL_F_SSL_USE_CERTIFICATE_FILE			 200
- #define SSL_F_SSL_USE_PRIVATEKEY			 201
- #define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 202
-@@ -2272,6 +2283,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING		 345
- #define SSL_R_SERVERHELLO_TLSEXT			 275
- #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277
-+#define SSL_R_SESSION_MAY_NOT_BE_CREATED		 2000
- #define SSL_R_SHORT_READ				 219
- #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
- #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
---- openssl-1.0.0b.orig/ssl/d1_clnt.c	2010-01-26 19:46:29.000000000 +0000
-+++ openssl-1.0.0b/ssl/d1_clnt.c	2010-11-30 00:03:47.000000000 +0000
-@@ -613,6 +613,12 @@ int dtls1_client_hello(SSL *s)
- #endif
- 			(s->session->not_resumable))
- 			{
-+		        if (!s->session_creation_enabled)
-+				{
-+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-+				SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-+				goto err;
-+				}
- 			if (!ssl_get_new_session(s,0))
- 				goto err;
- 			}
---- openssl-1.0.0b.orig/ssl/s23_clnt.c	2010-02-16 14:20:40.000000000 +0000
-+++ openssl-1.0.0b/ssl/s23_clnt.c	2010-11-30 00:03:47.000000000 +0000
-@@ -687,6 +687,13 @@ static int ssl23_get_server_hello(SSL *s
- 
- 	/* Since, if we are sending a ssl23 client hello, we are not
- 	 * reusing a session-id */
-+        if (!s->session_creation_enabled)
-+		{
-+		if (!(s->client_version == SSL2_VERSION))
-+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-+		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-+		goto err;
-+		}
- 	if (!ssl_get_new_session(s,0))
- 		goto err;
- 
---- openssl-1.0.0b.orig/ssl/s3_both.c	2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/s3_both.c	2010-11-30 00:03:47.000000000 +0000
-@@ -347,8 +347,11 @@ unsigned long ssl3_output_cert_chain(SSL
- 	unsigned long l=7;
- 	BUF_MEM *buf;
- 	int no_chain;
-+	STACK_OF(X509) *cert_chain;
- 
--	if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
-+	cert_chain = SSL_get_certificate_chain(s, x);
-+
-+	if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs || cert_chain)
- 		no_chain = 1;
- 	else
- 		no_chain = 0;
-@@ -400,6 +403,10 @@ unsigned long ssl3_output_cert_chain(SSL
- 			return(0);
- 		}
- 
-+	for (i=0; i<sk_X509_num(cert_chain); i++)
-+		if (ssl3_add_cert_to_buf(buf, &l, sk_X509_value(cert_chain,i)))
-+			return(0);
-+
- 	l-=7;
- 	p=(unsigned char *)&(buf->data[4]);
- 	l2n3(l,p);
---- openssl-1.0.0b.orig/ssl/s3_clnt.c	2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/s3_clnt.c	2010-11-30 00:03:47.000000000 +0000
-@@ -686,6 +686,12 @@ int ssl3_client_hello(SSL *s)
- #endif
- 			(sess->not_resumable))
- 			{
-+		        if (!s->session_creation_enabled)
-+				{
-+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-+				SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-+				goto err;
-+				}
- 			if (!ssl_get_new_session(s,0))
- 				goto err;
- 			}
-@@ -894,6 +900,12 @@ int ssl3_get_server_hello(SSL *s)
- 		s->hit=0;
- 		if (s->session->session_id_length > 0)
- 			{
-+		        if (!s->session_creation_enabled)
-+				{
-+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-+				SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-+				goto err;
-+				}
- 			if (!ssl_get_new_session(s,0))
- 				{
- 				al=SSL_AD_INTERNAL_ERROR;
---- openssl-1.0.0b.orig/ssl/s3_srvr.c	2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/s3_srvr.c	2010-11-30 00:03:47.000000000 +0000
-@@ -902,6 +902,12 @@ int ssl3_get_client_hello(SSL *s)
- 	 */
- 	if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
- 		{
-+	        if (!s->session_creation_enabled)
-+			{
-+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-+			goto err;
-+		}
- 		if (!ssl_get_new_session(s,1))
- 			goto err;
- 		}
-@@ -916,6 +922,12 @@ int ssl3_get_client_hello(SSL *s)
- 			goto err;
- 		else /* i == 0 */
- 			{
-+		        if (!s->session_creation_enabled)
-+				{
-+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-+				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-+				goto err;
-+				}
- 			if (!ssl_get_new_session(s,1))
- 				goto err;
- 			}
---- openssl-1.0.0b.orig/ssl/ssl_ciph.c	2010-06-15 17:25:14.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl_ciph.c	2010-11-30 00:03:47.000000000 +0000
-@@ -1652,6 +1652,52 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER
- 	return(ret);
- 	}
- 
-+/* return string version of key exchange algorithm */
-+const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher)
-+	{
-+	switch (cipher->algorithm_mkey)
-+		{
-+	case SSL_kRSA:
-+		return SSL_TXT_RSA;
-+	case SSL_kDHr:
-+		return SSL_TXT_DH "_" SSL_TXT_RSA;
-+	case SSL_kDHd:
-+		return SSL_TXT_DH "_" SSL_TXT_DSS;
-+	case SSL_kEDH:
-+		switch (cipher->algorithm_auth)
-+			{
-+		case SSL_aDSS:
-+			return "DHE_" SSL_TXT_DSS;
-+		case SSL_aRSA:
-+			return "DHE_" SSL_TXT_RSA;
-+		case SSL_aNULL:
-+			return SSL_TXT_DH "_anon";
-+		default:
-+			return "UNKNOWN";
-+                        }
-+	case SSL_kKRB5:
-+		return SSL_TXT_KRB5;
-+	case SSL_kECDHr:
-+		return SSL_TXT_ECDH "_" SSL_TXT_RSA;
-+	case SSL_kECDHe:
-+		return SSL_TXT_ECDH "_" SSL_TXT_ECDSA;
-+	case SSL_kEECDH:
-+		switch (cipher->algorithm_auth)
-+			{
-+		case SSL_aECDSA:
-+			return "ECDHE_" SSL_TXT_ECDSA;
-+		case SSL_aRSA:
-+			return "ECDHE_" SSL_TXT_RSA;
-+		case SSL_aNULL:
-+			return SSL_TXT_ECDH "_anon";
-+		default:
-+			return "UNKNOWN";
-+                        }
-+        default:
-+		return "UNKNOWN";
-+		}
-+	}
-+
- SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
- 	{
- 	SSL_COMP *ctmp;
---- openssl-1.0.0b.orig/ssl/ssl_err.c	2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl_err.c	2010-11-30 00:03:47.000000000 +0000
-@@ -465,6 +465,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
- {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT)    ,"serverhello tlsext"},
- {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
-+{ERR_REASON(SSL_R_SESSION_MAY_NOT_BE_CREATED),"session may not be created"},
- {ERR_REASON(SSL_R_SHORT_READ)            ,"short read"},
- {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
- {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
---- openssl-1.0.0b.orig/ssl/ssl_lib.c	2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl_lib.c	2010-11-30 00:03:47.000000000 +0000
-@@ -326,6 +326,7 @@ SSL *SSL_new(SSL_CTX *ctx)
- 	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
- 	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
- 	s->verify_callback=ctx->default_verify_callback;
-+	s->session_creation_enabled=1;
- 	s->generate_session_id=ctx->generate_session_id;
- 
- 	s->param = X509_VERIFY_PARAM_new();
-@@ -1311,6 +1312,32 @@ int SSL_set_cipher_list(SSL *s,const cha
- 	return 1;
- 	}
- 
-+/** specify the ciphers to be used by the SSL */
-+int SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk)
-+	{
-+	STACK_OF(SSL_CIPHER) *tmp_cipher_list;
-+
-+	if (sk == NULL)
-+		return 0;
-+
-+        /* Based on end of ssl_create_cipher_list */
-+	tmp_cipher_list = sk_SSL_CIPHER_dup(sk);
-+	if (tmp_cipher_list == NULL)
-+		{
-+		return 0;
-+		}
-+	if (s->cipher_list != NULL)
-+		sk_SSL_CIPHER_free(s->cipher_list);
-+	s->cipher_list = sk;
-+	if (s->cipher_list_by_id != NULL)
-+		sk_SSL_CIPHER_free(s->cipher_list_by_id);
-+	s->cipher_list_by_id = tmp_cipher_list;
-+	(void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_cmp);
-+
-+	sk_SSL_CIPHER_sort(s->cipher_list_by_id);
-+	return 1;
-+	}
-+
- /* works well for SSLv2, not so good for SSLv3 */
- char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
- 	{
-@@ -2551,22 +2578,45 @@ SSL_METHOD *ssl_bad_method(int ver)
- 	return(NULL);
- 	}
- 
--const char *SSL_get_version(const SSL *s)
-+static const char *ssl_get_version(int version)
- 	{
--	if (s->version == TLS1_2_VERSION)
-+	if (version == TLS1_2_VERSION)
- 		return("TLSv1.2");
--	else if (s->version == TLS1_1_VERSION)
-+	else if (version == TLS1_1_VERSION)
- 		return("TLSv1.1");
--	else if (s->version == TLS1_VERSION)
-+	else if (version == TLS1_VERSION)
- 		return("TLSv1");
--	else if (s->version == SSL3_VERSION)
-+	else if (version == SSL3_VERSION)
- 		return("SSLv3");
--	else if (s->version == SSL2_VERSION)
-+	else if (version == SSL2_VERSION)
- 		return("SSLv2");
- 	else
- 		return("unknown");
- 	}
- 
-+const char *SSL_get_version(const SSL *s)
-+	{
-+		return ssl_get_version(s->version);
-+	}
-+
-+const char *SSL_SESSION_get_version(const SSL_SESSION *s)
-+	{
-+		return ssl_get_version(s->ssl_version);
-+	}
-+
-+const char* SSL_authentication_method(const SSL* ssl)
-+	{
-+	if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL)
-+		return SSL_TXT_RSA "_" SSL_TXT_EXPORT;
-+	switch (ssl->version)
-+		{
-+	case SSL2_VERSION:
-+		return SSL_TXT_RSA;
-+	default:
-+		return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
-+		}
-+	}
-+
- SSL *SSL_dup(SSL *s)
- 	{
- 	STACK_OF(X509_NAME) *sk;
---- openssl-1.0.0b.orig/ssl/ssl_locl.h	2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl_locl.h	2010-11-30 00:03:47.000000000 +0000
-@@ -456,6 +456,7 @@
- typedef struct cert_pkey_st
- 	{
- 	X509 *x509;
-+	STACK_OF(X509) *cert_chain;
- 	EVP_PKEY *privatekey;
- 	} CERT_PKEY;
- 
---- openssl-1.0.0b.orig/ssl/ssl_rsa.c	2009-09-12 23:09:26.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl_rsa.c	2010-11-30 00:03:47.000000000 +0000
-@@ -697,6 +697,44 @@ int SSL_CTX_use_PrivateKey_ASN1(int type
- 	}
- 
- 
-+int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain)
-+	{
-+	if (ssl == NULL)
-+		{
-+		SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,ERR_R_PASSED_NULL_PARAMETER);
-+		return(0);
-+		}
-+	if (ssl->cert == NULL)
-+		{
-+		SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED);
-+		return(0);
-+		}
-+	if (ssl->cert->key == NULL)
-+		{
-+		SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED);
-+		return(0);
-+		}
-+	if (ssl->cert->key->cert_chain != NULL)
-+		sk_X509_pop_free(ssl->cert->key->cert_chain, X509_free);
-+	ssl->cert->key->cert_chain = cert_chain;
-+	return(1);
-+	}
-+
-+STACK_OF(X509) *SSL_get_certificate_chain(SSL *ssl, X509 *x)
-+	{
-+	int i;
-+	if (x == NULL)
-+		return NULL;
-+	if (ssl == NULL)
-+		return NULL;
-+	if (ssl->cert == NULL)
-+		return NULL;
-+	for (i = 0; i < SSL_PKEY_NUM; i++)
-+		if (ssl->cert->pkeys[i].x509 == x)
-+			return ssl->cert->pkeys[i].cert_chain;
-+	return NULL;
-+	}
-+
- #ifndef OPENSSL_NO_STDIO
- /* Read a file that contains our certificate in "PEM" format,
-  * possibly followed by a sequence of CA certificates that should be
---- openssl-1.0.0b.orig/ssl/ssl_sess.c	2010-02-01 16:49:42.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl_sess.c	2010-11-30 00:03:47.000000000 +0000
-@@ -261,6 +261,11 @@ static int def_generate_session_id(const
- 	return 0;
- }
- 
-+void SSL_set_session_creation_enabled (SSL *s, int creation_enabled)
-+	{
-+	s->session_creation_enabled = creation_enabled;
-+	}
-+
- int ssl_get_new_session(SSL *s, int session)
- 	{
- 	/* This gets used by clients and servers. */
-@@ -269,6 +274,8 @@ int ssl_get_new_session(SSL *s, int sess
- 	SSL_SESSION *ss=NULL;
- 	GEN_SESSION_CB cb = def_generate_session_id;
- 
-+	/* caller should check this if they can do better error handling */
-+        if (!s->session_creation_enabled) return(0);
- 	if ((ss=SSL_SESSION_new()) == NULL) return(0);
- 
- 	/* If the context has a default timeout, use it */
diff --git a/patches/0004-channelid.patch b/patches/0004-channelid.patch
deleted file mode 100644
index 2e7a2fd1d9..0000000000
--- a/patches/0004-channelid.patch
+++ /dev/null
@@ -1,1461 +0,0 @@
-diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h
-index 05699ab..d05fa22 100644
---- a/crypto/bio/bio.h
-+++ b/crypto/bio/bio.h
-@@ -266,6 +266,9 @@ void BIO_clear_flags(BIO *b, int flags);
- #define BIO_RR_CONNECT			0x02
- /* Returned from the accept BIO when an accept would have blocked */
- #define BIO_RR_ACCEPT			0x03
-+/* Returned from the SSL bio when the channel id retrieval code cannot find the
-+ * private key. */
-+#define BIO_RR_SSL_CHANNEL_ID_LOOKUP	0x04
- 
- /* These are passed by the BIO callback */
- #define BIO_CB_FREE	0x01
-diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
-index ea4bed9..5f18d4b 100644
---- a/crypto/evp/evp.h
-+++ b/crypto/evp/evp.h
-@@ -921,6 +921,7 @@ struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
- #endif
- 
- EVP_PKEY *	EVP_PKEY_new(void);
-+EVP_PKEY *	EVP_PKEY_dup(EVP_PKEY *pkey);
- void		EVP_PKEY_free(EVP_PKEY *pkey);
- 
- EVP_PKEY *	d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,
-diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
-index a0e14a3..65a4440 100644
---- a/crypto/evp/p_lib.c
-+++ b/crypto/evp/p_lib.c
-@@ -200,6 +200,12 @@ EVP_PKEY *EVP_PKEY_new(void)
- 	return(ret);
- 	}
- 
-+EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey)
-+	{
-+	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-+	return pkey;
-+	}
-+
- /* Setup a public key ASN1 method and ENGINE from a NID or a string.
-  * If pkey is NULL just return 1 or 0 if the algorithm exists.
-  */
-diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
-index e9552ca..06a13de 100644
---- a/ssl/bio_ssl.c
-+++ b/ssl/bio_ssl.c
-@@ -206,6 +206,10 @@ static int ssl_read(BIO *b, char *out, int outl)
- 		BIO_set_retry_special(b);
- 		retry_reason=BIO_RR_SSL_X509_LOOKUP;
- 		break;
-+	case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
-+		BIO_set_retry_special(b);
-+		retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP;
-+		break;
- 	case SSL_ERROR_WANT_ACCEPT:
- 		BIO_set_retry_special(b);
- 		retry_reason=BIO_RR_ACCEPT;
-@@ -280,6 +284,10 @@ static int ssl_write(BIO *b, const char *out, int outl)
- 		BIO_set_retry_special(b);
- 		retry_reason=BIO_RR_SSL_X509_LOOKUP;
- 		break;
-+	case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
-+		BIO_set_retry_special(b);
-+		retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP;
-+		break;
- 	case SSL_ERROR_WANT_CONNECT:
- 		BIO_set_retry_special(b);
- 		retry_reason=BIO_RR_CONNECT;
-diff --git a/ssl/s3_both.c b/ssl/s3_both.c
-index 53b9390..c0dac70 100644
---- a/ssl/s3_both.c
-+++ b/ssl/s3_both.c
-@@ -554,7 +554,8 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
- #endif
- 
- 	/* Feed this message into MAC computation. */
--	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
-+	if (*((unsigned char*) s->init_buf->data) != SSL3_MT_ENCRYPTED_EXTENSIONS)
-+		ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
- 	if (s->msg_callback)
- 		s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
- 	*ok=1;
-diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
-index 3d3fd64..7e0c4d5 100644
---- a/ssl/s3_clnt.c
-+++ b/ssl/s3_clnt.c
-@@ -465,13 +465,14 @@ int ssl3_connect(SSL *s)
- 				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
- 			if (ret <= 0) goto end;
- 
--#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
- 			s->state=SSL3_ST_CW_FINISHED_A;
--#else
-+#if !defined(OPENSSL_NO_TLSEXT)
-+			if (s->s3->tlsext_channel_id_valid)
-+				s->state=SSL3_ST_CW_CHANNEL_ID_A;
-+# if !defined(OPENSSL_NO_NEXTPROTONEG)
- 			if (s->s3->next_proto_neg_seen)
- 				s->state=SSL3_ST_CW_NEXT_PROTO_A;
--			else
--				s->state=SSL3_ST_CW_FINISHED_A;
-+# endif
- #endif
- 			s->init_num=0;
- 
-@@ -505,6 +506,18 @@ int ssl3_connect(SSL *s)
- 		case SSL3_ST_CW_NEXT_PROTO_B:
- 			ret=ssl3_send_next_proto(s);
- 			if (ret <= 0) goto end;
-+			if (s->s3->tlsext_channel_id_valid)
-+				s->state=SSL3_ST_CW_CHANNEL_ID_A;
-+			else
-+				s->state=SSL3_ST_CW_FINISHED_A;
-+			break;
-+#endif
-+
-+#if !defined(OPENSSL_NO_TLSEXT)
-+		case SSL3_ST_CW_CHANNEL_ID_A:
-+		case SSL3_ST_CW_CHANNEL_ID_B:
-+			ret=ssl3_send_channel_id(s);
-+			if (ret <= 0) goto end;
- 			s->state=SSL3_ST_CW_FINISHED_A;
- 			break;
- #endif
-@@ -532,6 +545,18 @@ int ssl3_connect(SSL *s)
- 				}
- 			else
- 				{
-+				/* This is a non-resumption handshake. If it
-+				 * involves ChannelID, then record the
-+				 * handshake hashes at this point in the
-+				 * session so that any resumption of this
-+				 * session with ChannelID can sign those
-+				 * hashes. */
-+				if (s->s3->tlsext_channel_id_new)
-+					{
-+					ret = tls1_record_handshake_hashes_for_channel_id(s);
-+					if (ret <= 0)
-+						goto end;
-+					}
- 				if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
- 				    && ssl3_can_cutthrough(s)
- 				    && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */
-@@ -3338,7 +3363,8 @@ err:
- 	return(0);
- 	}
- 
--#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+#if !defined(OPENSSL_NO_TLSEXT)
-+# if !defined(OPENSSL_NO_NEXTPROTONEG)
- int ssl3_send_next_proto(SSL *s)
- 	{
- 	unsigned int len, padding_len;
-@@ -3362,7 +3388,135 @@ int ssl3_send_next_proto(SSL *s)
- 
- 	return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-         }
--#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
-+# endif  /* !OPENSSL_NO_NEXTPROTONEG */
-+
-+int ssl3_send_channel_id(SSL *s)
-+	{
-+	unsigned char *d;
-+	int ret = -1, public_key_len;
-+	EVP_MD_CTX md_ctx;
-+	size_t sig_len;
-+	ECDSA_SIG *sig = NULL;
-+	unsigned char *public_key = NULL, *derp, *der_sig = NULL;
-+
-+	if (s->state != SSL3_ST_CW_CHANNEL_ID_A)
-+		return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-+
-+	if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb)
-+		{
-+		EVP_PKEY *key = NULL;
-+		s->ctx->channel_id_cb(s, &key);
-+		if (key != NULL)
-+			{
-+			s->tlsext_channel_id_private = key;
-+			}
-+		}
-+	if (!s->tlsext_channel_id_private)
-+		{
-+		s->rwstate=SSL_CHANNEL_ID_LOOKUP;
-+		return (-1);
-+		}
-+	s->rwstate=SSL_NOTHING;
-+
-+	d = (unsigned char *)s->init_buf->data;
-+	*(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS;
-+	l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d);
-+	if (s->s3->tlsext_channel_id_new)
-+		s2n(TLSEXT_TYPE_channel_id_new, d);
-+	else
-+		s2n(TLSEXT_TYPE_channel_id, d);
-+	s2n(TLSEXT_CHANNEL_ID_SIZE, d);
-+
-+	EVP_MD_CTX_init(&md_ctx);
-+
-+	public_key_len = i2d_PublicKey(s->tlsext_channel_id_private, NULL);
-+	if (public_key_len <= 0)
-+		{
-+		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY);
-+		goto err;
-+		}
-+	/* i2d_PublicKey will produce an ANSI X9.62 public key which, for a
-+	 * P-256 key, is 0x04 (meaning uncompressed) followed by the x and y
-+	 * field elements as 32-byte, big-endian numbers. */
-+	if (public_key_len != 65)
-+		{
-+		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CHANNEL_ID_NOT_P256);
-+		goto err;
-+		}
-+	public_key = OPENSSL_malloc(public_key_len);
-+	if (!public_key)
-+		{
-+		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE);
-+		goto err;
-+		}
-+
-+	derp = public_key;
-+	i2d_PublicKey(s->tlsext_channel_id_private, &derp);
-+
-+	if (EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL,
-+			       s->tlsext_channel_id_private) != 1)
-+		{
-+		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNINIT_FAILED);
-+		goto err;
-+		}
-+
-+	if (!tls1_channel_id_hash(&md_ctx, s))
-+		goto err;
-+
-+	if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len))
-+		{
-+		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAILED);
-+		goto err;
-+		}
-+
-+	der_sig = OPENSSL_malloc(sig_len);
-+	if (!der_sig)
-+		{
-+		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE);
-+		goto err;
-+		}
-+
-+	if (!EVP_DigestSignFinal(&md_ctx, der_sig, &sig_len))
-+		{
-+		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAILED);
-+		goto err;
-+		}
-+
-+	derp = der_sig;
-+	sig = d2i_ECDSA_SIG(NULL, (const unsigned char**) &derp, sig_len);
-+	if (sig == NULL)
-+		{
-+		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_D2I_ECDSA_SIG);
-+		goto err;
-+		}
-+
-+	/* The first byte of public_key will be 0x4, denoting an uncompressed key. */
-+	memcpy(d, public_key + 1, 64);
-+	d += 64;
-+	memset(d, 0, 2 * 32);
-+	BN_bn2bin(sig->r, d + 32 - BN_num_bytes(sig->r));
-+	d += 32;
-+	BN_bn2bin(sig->s, d + 32 - BN_num_bytes(sig->s));
-+	d += 32;
-+
-+	s->state = SSL3_ST_CW_CHANNEL_ID_B;
-+	s->init_num = 4 + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE;
-+	s->init_off = 0;
-+
-+	ret = ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-+
-+err:
-+	EVP_MD_CTX_cleanup(&md_ctx);
-+	if (public_key)
-+		OPENSSL_free(public_key);
-+	if (der_sig)
-+		OPENSSL_free(der_sig);
-+	if (sig)
-+		ECDSA_SIG_free(sig);
-+
-+	return ret;
-+	}
-+#endif  /* !OPENSSL_NO_TLSEXT */
- 
- int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
- 	{
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index 1865c70..f801923 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -2951,6 +2951,11 @@ int ssl3_new(SSL *s)
- #ifndef OPENSSL_NO_SRP
- 	SSL_SRP_CTX_init(s);
- #endif
-+#if !defined(OPENSSL_NO_TLSEXT)
-+	s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled;
-+	if (s->ctx->tlsext_channel_id_private)
-+		s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_channel_id_private);
-+#endif
- 	s->method->ssl_clear(s);
- 	return(1);
- err:
-@@ -3079,6 +3084,10 @@ void ssl3_clear(SSL *s)
- 		s->next_proto_negotiated_len = 0;
- 		}
- #endif
-+
-+#if !defined(OPENSSL_NO_TLSEXT)
-+	s->s3->tlsext_channel_id_valid = 0;
-+#endif
- 	}
- 
- #ifndef OPENSSL_NO_SRP
-@@ -3353,6 +3362,33 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
- 		ret = 1;
- 		break;
- #endif
-+	case SSL_CTRL_CHANNEL_ID:
-+		s->tlsext_channel_id_enabled = 1;
-+		ret = 1;
-+		break;
-+
-+	case SSL_CTRL_SET_CHANNEL_ID:
-+		if (s->server)
-+			break;
-+		s->tlsext_channel_id_enabled = 1;
-+		if (EVP_PKEY_bits(parg) != 256)
-+			{
-+			SSLerr(SSL_F_SSL3_CTRL,SSL_R_CHANNEL_ID_NOT_P256);
-+			break;
-+			}
-+		if (s->tlsext_channel_id_private)
-+			EVP_PKEY_free(s->tlsext_channel_id_private);
-+		s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
-+		ret = 1;
-+		break;
-+
-+	case SSL_CTRL_GET_CHANNEL_ID:
-+		if (!s->server)
-+			break;
-+		if (!s->s3->tlsext_channel_id_valid)
-+			break;
-+		memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);
-+		return 64;
- 
- #endif /* !OPENSSL_NO_TLSEXT */
- 	default:
-@@ -3574,6 +3610,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
- 			}
- 		return 1;
- 		}
-+	case SSL_CTRL_CHANNEL_ID:
-+		/* must be called on a server */
-+		if (ctx->method->ssl_accept == ssl_undefined_function)
-+			return 0;
-+		ctx->tlsext_channel_id_enabled=1;
-+		return 1;
- 
- #ifdef TLSEXT_TYPE_opaque_prf_input
- 	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
-@@ -3642,6 +3684,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
- 			}
- 		break;
- 
-+	case SSL_CTRL_SET_CHANNEL_ID:
-+		ctx->tlsext_channel_id_enabled = 1;
-+		if (EVP_PKEY_bits(parg) != 256)
-+			{
-+			SSLerr(SSL_F_SSL3_CTX_CTRL,SSL_R_CHANNEL_ID_NOT_P256);
-+			break;
-+			}
-+		if (ctx->tlsext_channel_id_private)
-+			EVP_PKEY_free(ctx->tlsext_channel_id_private);
-+		ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
-+		break;
-+
- 	default:
- 		return(0);
- 		}
-diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
-index 323b260..6824ef6 100644
---- a/ssl/s3_srvr.c
-+++ b/ssl/s3_srvr.c
-@@ -157,8 +157,11 @@
- #include <openssl/buffer.h>
- #include <openssl/rand.h>
- #include <openssl/objects.h>
-+#include <openssl/ec.h>
-+#include <openssl/ecdsa.h>
- #include <openssl/evp.h>
- #include <openssl/hmac.h>
-+#include <openssl/sha.h>
- #include <openssl/x509.h>
- #ifndef OPENSSL_NO_DH
- #include <openssl/dh.h>
-@@ -615,15 +618,8 @@ int ssl3_accept(SSL *s)
- 				 * the client uses its key from the certificate
- 				 * for key exchange.
- 				 */
--#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
--				s->state=SSL3_ST_SR_FINISHED_A;
--#else
--				if (s->s3->next_proto_neg_seen)
--					s->state=SSL3_ST_SR_NEXT_PROTO_A;
--				else
--					s->state=SSL3_ST_SR_FINISHED_A;
--#endif
- 				s->init_num = 0;
-+				s->state=SSL3_ST_SR_POST_CLIENT_CERT;
- 				}
- 			else if (TLS1_get_version(s) >= TLS1_2_VERSION)
- 				{
-@@ -683,16 +679,28 @@ int ssl3_accept(SSL *s)
- 			ret=ssl3_get_cert_verify(s);
- 			if (ret <= 0) goto end;
- 
--#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
--			s->state=SSL3_ST_SR_FINISHED_A;
--#else
--			if (s->s3->next_proto_neg_seen)
-+			s->state=SSL3_ST_SR_POST_CLIENT_CERT;
-+			s->init_num=0;
-+			break;
-+
-+		case SSL3_ST_SR_POST_CLIENT_CERT: {
-+			char next_proto_neg = 0;
-+			char channel_id = 0;
-+#if !defined(OPENSSL_NO_TLSEXT)
-+# if !defined(OPENSSL_NO_NEXTPROTONEG)
-+			next_proto_neg = s->s3->next_proto_neg_seen;
-+# endif
-+			channel_id = s->s3->tlsext_channel_id_valid;
-+#endif
-+
-+			if (next_proto_neg)
- 				s->state=SSL3_ST_SR_NEXT_PROTO_A;
-+			else if (channel_id)
-+				s->state=SSL3_ST_SR_CHANNEL_ID_A;
- 			else
- 				s->state=SSL3_ST_SR_FINISHED_A;
--#endif
--			s->init_num=0;
- 			break;
-+		}
- 
- #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
- 		case SSL3_ST_SR_NEXT_PROTO_A:
-@@ -700,6 +708,19 @@ int ssl3_accept(SSL *s)
- 			ret=ssl3_get_next_proto(s);
- 			if (ret <= 0) goto end;
- 			s->init_num = 0;
-+			if (s->s3->tlsext_channel_id_valid)
-+				s->state=SSL3_ST_SR_CHANNEL_ID_A;
-+			else
-+				s->state=SSL3_ST_SR_FINISHED_A;
-+			break;
-+#endif
-+
-+#if !defined(OPENSSL_NO_TLSEXT)
-+		case SSL3_ST_SR_CHANNEL_ID_A:
-+		case SSL3_ST_SR_CHANNEL_ID_B:
-+			ret=ssl3_get_channel_id(s);
-+			if (ret <= 0) goto end;
-+			s->init_num = 0;
- 			s->state=SSL3_ST_SR_FINISHED_A;
- 			break;
- #endif
-@@ -717,6 +738,15 @@ int ssl3_accept(SSL *s)
- #endif
- 			else
- 				s->state=SSL3_ST_SW_CHANGE_A;
-+			/* If this is a full handshake with ChannelID then
-+			 * record the hashshake hashes in |s->session| in case
-+			 * we need them to verify a ChannelID signature on a
-+			 * resumption of this session in the future. */
-+			if (!s->hit && s->s3->tlsext_channel_id_new)
-+				{
-+				ret = tls1_record_handshake_hashes_for_channel_id(s);
-+				if (ret <= 0) goto end;
-+				}
- 			s->init_num=0;
- 			break;
- 
-@@ -771,18 +801,7 @@ int ssl3_accept(SSL *s)
- 			if (ret <= 0) goto end;
- 			s->state=SSL3_ST_SW_FLUSH;
- 			if (s->hit)
--				{
--#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
--				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
--#else
--				if (s->s3->next_proto_neg_seen)
--					{
--					s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
--					}
--				else
--					s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
--#endif
--				}
-+				s->s3->tmp.next_state=SSL3_ST_SR_POST_CLIENT_CERT;
- 			else
- 				s->s3->tmp.next_state=SSL_ST_OK;
- 			s->init_num=0;
-@@ -1466,6 +1487,22 @@ int ssl3_send_server_hello(SSL *s)
- 
- 	if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
- 		{
-+		/* We only accept ChannelIDs on connections with ECDHE in order
-+		 * to avoid a known attack while we fix ChannelID itself. */
-+		if (s->s3 &&
-+		    s->s3->tlsext_channel_id_valid &&
-+		    (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kEECDH) == 0)
-+			s->s3->tlsext_channel_id_valid = 0;
-+
-+		/* If this is a resumption and the original handshake didn't
-+		 * support ChannelID then we didn't record the original
-+		 * handshake hashes in the session and so cannot resume with
-+		 * ChannelIDs. */
-+		if (s->hit &&
-+		    s->s3->tlsext_channel_id_new &&
-+		    s->session->original_handshake_hash_len == 0)
-+			s->s3->tlsext_channel_id_valid = 0;
-+
- 		buf=(unsigned char *)s->init_buf->data;
- #ifdef OPENSSL_NO_TLSEXT
- 		p=s->s3->server_random;
-@@ -3632,4 +3669,145 @@ int ssl3_get_next_proto(SSL *s)
- 	return 1;
- 	}
- # endif
-+
-+/* ssl3_get_channel_id reads and verifies a ClientID handshake message. */
-+int ssl3_get_channel_id(SSL *s)
-+	{
-+	int ret = -1, ok;
-+	long n;
-+	const unsigned char *p;
-+	unsigned short extension_type, extension_len;
-+	EC_GROUP* p256 = NULL;
-+	EC_KEY* key = NULL;
-+	EC_POINT* point = NULL;
-+	ECDSA_SIG sig;
-+	BIGNUM x, y;
-+	unsigned short expected_extension_type;
-+
-+	if (s->state == SSL3_ST_SR_CHANNEL_ID_A && s->init_num == 0)
-+		{
-+		/* The first time that we're called we take the current
-+		 * handshake hash and store it. */
-+		EVP_MD_CTX md_ctx;
-+		unsigned int len;
-+
-+		EVP_MD_CTX_init(&md_ctx);
-+		EVP_DigestInit_ex(&md_ctx, EVP_sha256(), NULL);
-+		if (!tls1_channel_id_hash(&md_ctx, s))
-+			return -1;
-+		len = sizeof(s->s3->tlsext_channel_id);
-+		EVP_DigestFinal(&md_ctx, s->s3->tlsext_channel_id, &len);
-+		EVP_MD_CTX_cleanup(&md_ctx);
-+		}
-+
-+	n = s->method->ssl_get_message(s,
-+		SSL3_ST_SR_CHANNEL_ID_A,
-+		SSL3_ST_SR_CHANNEL_ID_B,
-+		SSL3_MT_ENCRYPTED_EXTENSIONS,
-+		2 + 2 + TLSEXT_CHANNEL_ID_SIZE,
-+		&ok);
-+
-+	if (!ok)
-+		return((int)n);
-+
-+	ssl3_finish_mac(s, (unsigned char*)s->init_buf->data, s->init_num + 4);
-+
-+	/* s->state doesn't reflect whether ChangeCipherSpec has been received
-+	 * in this handshake, but s->s3->change_cipher_spec does (will be reset
-+	 * by ssl3_get_finished). */
-+	if (!s->s3->change_cipher_spec)
-+		{
-+		SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS);
-+		return -1;
-+		}
-+
-+	if (n != 2 + 2 + TLSEXT_CHANNEL_ID_SIZE)
-+		{
-+		SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE);
-+		return -1;
-+		}
-+
-+	p = (unsigned char *)s->init_msg;
-+
-+	/* The payload looks like:
-+	 *   uint16 extension_type
-+	 *   uint16 extension_len;
-+	 *   uint8 x[32];
-+	 *   uint8 y[32];
-+	 *   uint8 r[32];
-+	 *   uint8 s[32];
-+	 */
-+	n2s(p, extension_type);
-+	n2s(p, extension_len);
-+
-+	expected_extension_type = TLSEXT_TYPE_channel_id;
-+	if (s->s3->tlsext_channel_id_new)
-+		expected_extension_type = TLSEXT_TYPE_channel_id_new;
-+
-+	if (extension_type != expected_extension_type ||
-+	    extension_len != TLSEXT_CHANNEL_ID_SIZE)
-+		{
-+		SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE);
-+		return -1;
-+		}
-+
-+	p256 = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
-+	if (!p256)
-+		{
-+		SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_NO_P256_SUPPORT);
-+		return -1;
-+		}
-+
-+	BN_init(&x);
-+	BN_init(&y);
-+	sig.r = BN_new();
-+	sig.s = BN_new();
-+
-+	if (BN_bin2bn(p +  0, 32, &x) == NULL ||
-+	    BN_bin2bn(p + 32, 32, &y) == NULL ||
-+	    BN_bin2bn(p + 64, 32, sig.r) == NULL ||
-+	    BN_bin2bn(p + 96, 32, sig.s) == NULL)
-+		goto err;
-+
-+	point = EC_POINT_new(p256);
-+	if (!point ||
-+	    !EC_POINT_set_affine_coordinates_GFp(p256, point, &x, &y, NULL))
-+		goto err;
-+
-+	key = EC_KEY_new();
-+	if (!key ||
-+	    !EC_KEY_set_group(key, p256) ||
-+	    !EC_KEY_set_public_key(key, point))
-+		goto err;
-+
-+	/* We stored the handshake hash in |tlsext_channel_id| the first time
-+	 * that we were called. */
-+	switch (ECDSA_do_verify(s->s3->tlsext_channel_id, SHA256_DIGEST_LENGTH, &sig, key)) {
-+	case 1:
-+		break;
-+	case 0:
-+		SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
-+		s->s3->tlsext_channel_id_valid = 0;
-+		goto err;
-+	default:
-+		s->s3->tlsext_channel_id_valid = 0;
-+		goto err;
-+	}
-+
-+	memcpy(s->s3->tlsext_channel_id, p, 64);
-+	ret = 1;
-+
-+err:
-+	BN_free(&x);
-+	BN_free(&y);
-+	BN_free(sig.r);
-+	BN_free(sig.s);
-+	if (key)
-+		EC_KEY_free(key);
-+	if (point)
-+		EC_POINT_free(point);
-+	if (p256)
-+		EC_GROUP_free(p256);
-+	return ret;
-+	}
- #endif
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index 944aea6..e50b8f0 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -547,6 +547,13 @@ struct ssl_session_st
- #ifndef OPENSSL_NO_SRP
- 	char *srp_username;
- #endif
-+
-+	/* original_handshake_hash contains the handshake hash (either
-+	 * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full
-+	 * handshake that created a session. This is used by Channel IDs during
-+	 * resumption. */
-+	unsigned char original_handshake_hash[EVP_MAX_MD_SIZE];
-+	unsigned int original_handshake_hash_len;
- 	};
- 
- #endif
-@@ -862,6 +869,9 @@ struct ssl_ctx_st
- 	/* get client cert callback */
- 	int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
- 
-+	/* get channel id callback */
-+	void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
-+
-     /* cookie generate callback */
-     int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 
-         unsigned int *cookie_len);
-@@ -999,6 +1009,16 @@ struct ssl_ctx_st
- # endif
-         /* SRTP profiles we are willing to do from RFC 5764 */
-         STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
-+
-+	/* If true, a client will advertise the Channel ID extension and a
-+	 * server will echo it. */
-+	char tlsext_channel_id_enabled;
-+	/* tlsext_channel_id_enabled_new is a hack to support both old and new
-+	 * ChannelID signatures. It indicates that a client should advertise the
-+	 * new ChannelID extension number. */
-+	char tlsext_channel_id_enabled_new;
-+	/* The client's Channel ID private key. */
-+	EVP_PKEY *tlsext_channel_id_private;
- #endif
- 	};
- 
-@@ -1040,6 +1060,10 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
- 	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
- #define SSL_CTX_sess_cache_full(ctx) \
- 	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-+/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client
-+ * IDs from clients. Returns 1 on success. */
-+#define SSL_CTX_enable_tls_channel_id(ctx) \
-+	SSL_CTX_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
- 
- void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
- int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
-@@ -1056,6 +1080,8 @@ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,
- void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
- void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
- int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-+void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey));
-+void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
- #ifndef OPENSSL_NO_ENGINE
- int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
- #endif
-@@ -1117,5 +1143,6 @@ const char *SSL_get_psk_identity(const SSL *s);
- #define SSL_WRITING	2
- #define SSL_READING	3
- #define SSL_X509_LOOKUP	4
-+#define SSL_CHANNEL_ID_LOOKUP	5
- 
- /* These will only be used when doing non-blocking IO */
-@@ -1124,5 +1151,6 @@ const char *SSL_get_psk_identity(const SSL *s);
- #define SSL_want_read(s)	(SSL_want(s) == SSL_READING)
- #define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)
- #define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)
-+#define SSL_want_channel_id_lookup(s)	(SSL_want(s) == SSL_CHANNEL_ID_LOOKUP)
- 
- #define SSL_MAC_FLAG_READ_MAC_STREAM 1
-@@ -1373,6 +1401,13 @@ struct ssl_st
- 	                                 */
- 	unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
- 	unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
-+
-+	/* Copied from the SSL_CTX. For a server, means that we'll accept
-+	 * Channel IDs from clients. For a client, means that we'll advertise
-+	 * support. */
-+	char tlsext_channel_id_enabled;
-+	/* The client's Channel ID private key. */
-+	EVP_PKEY *tlsext_channel_id_private;
- #else
- #define session_ctx ctx
- #endif /* OPENSSL_NO_TLSEXT */
-@@ -1543,5 +1578,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
- #define SSL_ERROR_ZERO_RETURN		6
- #define SSL_ERROR_WANT_CONNECT		7
- #define SSL_ERROR_WANT_ACCEPT		8
-+#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP	9
- 
- #define SSL_CTRL_NEED_TMP_RSA			1
-@@ -1631,6 +1667,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
- #define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING		86
- #define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS	87
- #endif
-+#define SSL_CTRL_CHANNEL_ID			88
-+#define SSL_CTRL_GET_CHANNEL_ID			89
-+#define SSL_CTRL_SET_CHANNEL_ID			90
- #endif
- 
- #define DTLS_CTRL_GET_TIMEOUT		73
-@@ -1678,6 +1717,26 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
- #define SSL_set_tmp_ecdh(ssl,ecdh) \
- 	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
- 
-+/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS client
-+ * IDs from clients, or configure a client to send TLS client IDs to server.
-+ * Returns 1 on success. */
-+#define SSL_enable_tls_channel_id(s) \
-+	SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL)
-+/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
-+ * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
-+ * success. */
-+#define SSL_set1_tls_channel_id(s, private_key) \
-+	SSL_ctrl(s,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)
-+#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \
-+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)
-+/* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL*
-+ * and copies up to the first |channel_id_len| bytes into |channel_id|. The
-+ * Channel ID consists of the client's P-256 public key as an (x,y) pair where
-+ * each is a 32-byte, big-endian field element. Returns 0 if the client didn't
-+ * offer a Channel ID and the length of the complete Channel ID otherwise. */
-+#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \
-+	SSL_ctrl(ctx,SSL_CTRL_GET_CHANNEL_ID,channel_id_len,(void*)channel_id)
-+
- #define SSL_CTX_add_extra_chain_cert(ctx,x509) \
- 	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
- #define SSL_CTX_get_extra_chain_certs(ctx,px509) \
-@@ -2176,6 +2235,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135
- #define SSL_F_SSL3_GET_CERT_STATUS			 289
- #define SSL_F_SSL3_GET_CERT_VERIFY			 136
-+#define SSL_F_SSL3_GET_CHANNEL_ID			 317
- #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE		 137
- #define SSL_F_SSL3_GET_CLIENT_HELLO			 138
- #define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE		 139
-@@ -2195,6 +2255,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_F_SSL3_READ_BYTES				 148
- #define SSL_F_SSL3_READ_N				 149
- #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150
-+#define SSL_F_SSL3_SEND_CHANNEL_ID			 318
- #define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE		 151
- #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152
- #define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153
-@@ -2361,12 +2422,15 @@ void ERR_load_SSL_strings(void);
- #define SSL_R_BIO_NOT_SET				 128
- #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 129
- #define SSL_R_BN_LIB					 130
-+#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY		 376
- #define SSL_R_CA_DN_LENGTH_MISMATCH			 131
- #define SSL_R_CA_DN_TOO_LONG				 132
- #define SSL_R_CCS_RECEIVED_EARLY			 133
- #define SSL_R_CERTIFICATE_VERIFY_FAILED			 134
- #define SSL_R_CERT_LENGTH_MISMATCH			 135
- #define SSL_R_CHALLENGE_IS_DIFFERENT			 136
-+#define SSL_R_CHANNEL_ID_NOT_P256			 375
-+#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID		 371
- #define SSL_R_CIPHER_CODE_WRONG_LENGTH			 137
- #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 138
- #define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
-@@ -2379,6 +2443,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_R_CONNECTION_ID_IS_DIFFERENT		 143
- #define SSL_R_CONNECTION_TYPE_NOT_SET			 144
- #define SSL_R_COOKIE_MISMATCH				 308
-+#define SSL_R_D2I_ECDSA_SIG				 379
- #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145
- #define SSL_R_DATA_LENGTH_TOO_LONG			 146
- #define SSL_R_DECRYPTION_FAILED				 147
-@@ -2396,9 +2461,12 @@ void ERR_load_SSL_strings(void);
- #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
- #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 282
- #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151
-+#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED		 377
-+#define SSL_R_EVP_DIGESTSIGNINIT_FAILED			 378
- #define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152
- #define SSL_R_EXTRA_DATA_IN_MESSAGE			 153
- #define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154
-+#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS		 372
- #define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS		 355
- #define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION		 356
- #define SSL_R_HTTPS_PROXY_REQUEST			 155
-@@ -2408,6 +2476,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_R_INVALID_CHALLENGE_LENGTH			 158
- #define SSL_R_INVALID_COMMAND				 280
- #define SSL_R_INVALID_COMPRESSION_ALGORITHM		 341
-+#define SSL_R_INVALID_MESSAGE				 374
- #define SSL_R_INVALID_PURPOSE				 278
- #define SSL_R_INVALID_SRP_USERNAME			 357
- #define SSL_R_INVALID_STATUS_RESPONSE			 328
-@@ -2462,6 +2531,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_R_NO_COMPRESSION_SPECIFIED			 187
- #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER		 330
- #define SSL_R_NO_METHOD_SPECIFIED			 188
-+#define SSL_R_NO_P256_SUPPORT				 380
- #define SSL_R_NO_PRIVATEKEY				 189
- #define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190
- #define SSL_R_NO_PROTOCOLS_AVAILABLE			 191
-diff --git a/ssl/ssl3.h b/ssl/ssl3.h
-index cf81de0..8502628 100644
---- a/ssl/ssl3.h
-+++ b/ssl/ssl3.h
-@@ -548,6 +548,22 @@ typedef struct ssl3_state_st
- 	char is_probably_safari;
- #endif /* !OPENSSL_NO_EC */
- #endif /* !OPENSSL_NO_TLSEXT */
-+
-+	/* In a client, this means that the server supported Channel ID and that
-+	 * a Channel ID was sent. In a server it means that we echoed support
-+	 * for Channel IDs and that tlsext_channel_id will be valid after the
-+	 * handshake. */
-+	char tlsext_channel_id_valid;
-+	/* tlsext_channel_id_new means that the updated Channel ID extension
-+	 * was negotiated. This is a temporary hack in the code to support both
-+	 * forms of Channel ID extension while we transition to the new format,
-+	 * which fixed a security issue. */
-+	char tlsext_channel_id_new;
-+	/* For a server:
-+	 *     If |tlsext_channel_id_valid| is true, then this contains the
-+	 *     verified Channel ID from the client: a P256 point, (x,y), where
-+	 *     each are big-endian values. */
-+	unsigned char tlsext_channel_id[64];
- 	} SSL3_STATE;
- 
- #endif
-@@ -592,6 +608,8 @@ typedef struct ssl3_state_st
- #define SSL3_ST_CW_NEXT_PROTO_A		(0x200|SSL_ST_CONNECT)
- #define SSL3_ST_CW_NEXT_PROTO_B		(0x201|SSL_ST_CONNECT)
- #endif
-+#define SSL3_ST_CW_CHANNEL_ID_A		(0x210|SSL_ST_CONNECT)
-+#define SSL3_ST_CW_CHANNEL_ID_B		(0x211|SSL_ST_CONNECT)
- #define SSL3_ST_CW_FINISHED_A		(0x1B0|SSL_ST_CONNECT)
- #define SSL3_ST_CW_FINISHED_B		(0x1B1|SSL_ST_CONNECT)
- /* read from server */
-@@ -646,6 +664,9 @@ typedef struct ssl3_state_st
- #define SSL3_ST_SR_NEXT_PROTO_A		(0x210|SSL_ST_ACCEPT)
- #define SSL3_ST_SR_NEXT_PROTO_B		(0x211|SSL_ST_ACCEPT)
- #endif
-+#define SSL3_ST_SR_POST_CLIENT_CERT	(0x1BF|SSL_ST_ACCEPT)
-+#define SSL3_ST_SR_CHANNEL_ID_A		(0x220|SSL_ST_ACCEPT)
-+#define SSL3_ST_SR_CHANNEL_ID_B		(0x221|SSL_ST_ACCEPT)
- #define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)
- #define SSL3_ST_SR_FINISHED_B		(0x1C1|SSL_ST_ACCEPT)
- /* write to client */
-@@ -673,6 +694,7 @@ typedef struct ssl3_state_st
- #ifndef OPENSSL_NO_NEXTPROTONEG
- #define SSL3_MT_NEXT_PROTO			67
- #endif
-+#define SSL3_MT_ENCRYPTED_EXTENSIONS		203
- #define DTLS1_MT_HELLO_VERIFY_REQUEST    3
- 
- 
-diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
-index 8bda011..e579e7c 100644
---- a/ssl/ssl_asn1.c
-+++ b/ssl/ssl_asn1.c
-@@ -118,11 +118,12 @@ typedef struct ssl_session_asn1_st
- 	ASN1_OCTET_STRING srp_username;
- #endif /* OPENSSL_NO_SRP */
-+	ASN1_OCTET_STRING original_handshake_hash;
- 	} SSL_SESSION_ASN1;
- 
- int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
- 	{
- #define LSIZE2 (sizeof(long)*2)
--	int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0;
-+	int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0,v14=0;
- 	unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
- 	unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
- #ifndef OPENSSL_NO_TLSEXT
-@@ -280,4 +281,11 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
- 		}
-+
-+	if (in->original_handshake_hash_len > 0)
-+		{
-+		a.original_handshake_hash.length = in->original_handshake_hash_len;
-+		a.original_handshake_hash.type = V_ASN1_OCTET_STRING;
-+		a.original_handshake_hash.data = in->original_handshake_hash;
-+		}
- #endif /* OPENSSL_NO_PSK */
- #ifndef OPENSSL_NO_SRP
- 	if (in->srp_username)
-@@ -335,4 +343,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
- #endif /* OPENSSL_NO_SRP */
-+	if (in->original_handshake_hash_len > 0)
-+		M_ASN1_I2D_len_EXP_opt(&(a.original_handshake_hash),i2d_ASN1_OCTET_STRING,14,v14);
- 
- 	M_ASN1_I2D_seq_total();
- 
-@@ -385,4 +395,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
- #endif /* OPENSSL_NO_SRP */
-+	if (in->original_handshake_hash_len > 0)
-+		M_ASN1_I2D_put_EXP_opt(&(a.original_handshake_hash),i2d_ASN1_OCTET_STRING,14,v14);
- 	M_ASN1_I2D_finish();
- 	}
- 
-@@ -661,5 +673,16 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
- 		os.data = NULL;
- 		}
- 
-+	os.length=0;
-+	os.data=NULL;
-+	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,14);
-+	if (os.data && os.length < (int)sizeof(ret->original_handshake_hash))
-+		{
-+		memcpy(ret->original_handshake_hash, os.data, os.length);
-+		ret->original_handshake_hash_len = os.length;
-+		OPENSSL_free(os.data);
-+		os.data = NULL;
-+		}
-+
- 	M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
- 	}
-diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
-index 370fb57..b3eee4d 100644
---- a/ssl/ssl_err.c
-+++ b/ssl/ssl_err.c
-@@ -151,6 +151,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
- {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),	"SSL3_GET_CERTIFICATE_REQUEST"},
- {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS),	"SSL3_GET_CERT_STATUS"},
- {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY),	"SSL3_GET_CERT_VERIFY"},
-+{ERR_FUNC(SSL_F_SSL3_GET_CHANNEL_ID),	"SSL3_GET_CHANNEL_ID"},
- {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE),	"SSL3_GET_CLIENT_CERTIFICATE"},
- {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO),	"SSL3_GET_CLIENT_HELLO"},
- {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE),	"SSL3_GET_CLIENT_KEY_EXCHANGE"},
-@@ -170,6 +171,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
- {ERR_FUNC(SSL_F_SSL3_READ_BYTES),	"SSL3_READ_BYTES"},
- {ERR_FUNC(SSL_F_SSL3_READ_N),	"SSL3_READ_N"},
- {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST),	"SSL3_SEND_CERTIFICATE_REQUEST"},
-+{ERR_FUNC(SSL_F_SSL3_SEND_CHANNEL_ID),	"SSL3_SEND_CHANNEL_ID"},
- {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE),	"SSL3_SEND_CLIENT_CERTIFICATE"},
- {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE),	"SSL3_SEND_CLIENT_KEY_EXCHANGE"},
- {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY),	"SSL3_SEND_CLIENT_VERIFY"},
-@@ -339,12 +341,15 @@ static ERR_STRING_DATA SSL_str_reasons[]=
- {ERR_REASON(SSL_R_BIO_NOT_SET)           ,"bio not set"},
- {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
- {ERR_REASON(SSL_R_BN_LIB)                ,"bn lib"},
-+{ERR_REASON(SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY),"cannot serialize public key"},
- {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
- {ERR_REASON(SSL_R_CA_DN_TOO_LONG)        ,"ca dn too long"},
- {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY)    ,"ccs received early"},
- {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
- {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH)  ,"cert length mismatch"},
- {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
-+{ERR_REASON(SSL_R_CHANNEL_ID_NOT_P256)   ,"channel id not p256"},
-+{ERR_REASON(SSL_R_CHANNEL_ID_SIGNATURE_INVALID),"Channel ID signature invalid"},
- {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
- {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
- {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
-@@ -357,6 +362,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
- {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
- {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
- {ERR_REASON(SSL_R_COOKIE_MISMATCH)       ,"cookie mismatch"},
-+{ERR_REASON(SSL_R_D2I_ECDSA_SIG)         ,"d2i ecdsa sig"},
- {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
- {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG)  ,"data length too long"},
- {ERR_REASON(SSL_R_DECRYPTION_FAILED)     ,"decryption failed"},
-@@ -374,9 +380,12 @@ static ERR_STRING_DATA SSL_str_reasons[]=
- {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
- {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
- {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
-+{ERR_REASON(SSL_R_EVP_DIGESTSIGNFINAL_FAILED),"evp digestsignfinal failed"},
-+{ERR_REASON(SSL_R_EVP_DIGESTSIGNINIT_FAILED),"evp digestsigninit failed"},
- {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
- {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
- {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
-+{ERR_REASON(SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS),"got Channel ID before a ccs"},
- {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"},
- {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"},
- {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST)   ,"https proxy request"},
-@@ -386,6 +395,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
- {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
- {ERR_REASON(SSL_R_INVALID_COMMAND)       ,"invalid command"},
- {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"},
-+{ERR_REASON(SSL_R_INVALID_MESSAGE)       ,"invalid message"},
- {ERR_REASON(SSL_R_INVALID_PURPOSE)       ,"invalid purpose"},
- {ERR_REASON(SSL_R_INVALID_SRP_USERNAME)  ,"invalid srp username"},
- {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
-@@ -440,6 +450,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
- {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
- {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
- {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   ,"no method specified"},
-+{ERR_REASON(SSL_R_NO_P256_SUPPORT)       ,"no p256 support"},
- {ERR_REASON(SSL_R_NO_PRIVATEKEY)         ,"no privatekey"},
- {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
- {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 123f925..6938267 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -562,6 +562,8 @@ void SSL_free(SSL *s)
- 		sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
- 	if (s->tlsext_ocsp_resp)
- 		OPENSSL_free(s->tlsext_ocsp_resp);
-+	if (s->tlsext_channel_id_private)
-+		EVP_PKEY_free(s->tlsext_channel_id_private);
- #endif
- 
- 	if (s->client_CA != NULL)
-@@ -1952,6 +1954,11 @@ void SSL_CTX_free(SSL_CTX *a)
- 		ssl_buf_freelist_free(a->rbuf_freelist);
- #endif
- 
-+#ifndef OPENSSL_NO_TLSEXT
-+	if (a->tlsext_channel_id_private)
-+		EVP_PKEY_free(a->tlsext_channel_id_private);
-+#endif
-+
- 	OPENSSL_free(a);
- 	}
- 
-@@ -2504,6 +2511,10 @@ int SSL_get_error(const SSL *s,int i)
- 		{
- 		return(SSL_ERROR_WANT_X509_LOOKUP);
- 		}
-+	if ((i < 0) && SSL_want_channel_id_lookup(s))
-+		{
-+		return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP);
-+		}
- 
- 	if (i == 0)
- 		{
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index fcc6d80..3ce3d60 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -378,6 +378,7 @@
-  * (currently this also goes into algorithm2) */
- #define TLS1_STREAM_MAC 0x04
- 
-+#define TLSEXT_CHANNEL_ID_SIZE 128
- 
- 
- /*
-@@ -1008,6 +1009,7 @@ int ssl3_check_cert_and_algorithm(SSL *s);
- int ssl3_check_finished(SSL *s);
- # ifndef OPENSSL_NO_NEXTPROTONEG
- int ssl3_send_next_proto(SSL *s);
-+int ssl3_send_channel_id(SSL *s);
- # endif
- #endif
- 
-@@ -1030,6 +1032,7 @@ int ssl3_get_cert_verify(SSL *s);
- #ifndef OPENSSL_NO_NEXTPROTONEG
- int ssl3_get_next_proto(SSL *s);
- #endif
-+int ssl3_get_channel_id(SSL *s);
- 
- int dtls1_send_hello_request(SSL *s);
- int dtls1_send_server_hello(SSL *s);
-@@ -1072,6 +1075,7 @@ void ssl_free_wbio_buffer(SSL *s);
- int tls1_change_cipher_state(SSL *s, int which);
- int tls1_setup_key_block(SSL *s);
- int tls1_enc(SSL *s, int snd);
-+int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len);
- int tls1_final_finish_mac(SSL *s,
- 	const char *str, int slen, unsigned char *p);
- int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
-@@ -1127,6 +1131,8 @@ int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
- int tls12_get_sigid(const EVP_PKEY *pk);
- const EVP_MD *tls12_get_hash(unsigned char hash_alg);
- 
-+int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s);
-+int tls1_record_handshake_hashes_for_channel_id(SSL *s);
- #endif
- 
- int ssl3_can_cutthrough(const SSL *s);
-diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
-index 2a378c3..dd3b4a6 100644
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -1151,6 +1151,17 @@ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PK
- 	return ctx->client_cert_cb;
- 	}
- 
-+void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx,
-+	void (*cb)(SSL *ssl, EVP_PKEY **pkey))
-+	{
-+	ctx->channel_id_cb=cb;
-+	}
-+
-+void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey)
-+	{
-+	return ctx->channel_id_cb;
-+	}
-+
- #ifndef OPENSSL_NO_ENGINE
- int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
- 	{
-diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index 0c4cdde..f396674 100644
---- a/ssl/t1_enc.c
-+++ b/ssl/t1_enc.c
-@@ -895,54 +895,79 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
- 	return((int)ret);
- 	}
- 
-+/* tls1_handshake_digest calculates the current handshake hash and writes it to
-+ * |out|, which has space for |out_len| bytes. It returns the number of bytes
-+ * written or -1 in the event of an error. This function works on a copy of the
-+ * underlying digests so can be called multiple times and prior to the final
-+ * update etc. */
-+int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len)
-+	{
-+	const EVP_MD *md;
-+	EVP_MD_CTX ctx;
-+	int i, err = 0, len = 0;
-+	long mask;
-+
-+	EVP_MD_CTX_init(&ctx);
-+
-+	for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++)
-+		{
-+		int hash_size;
-+		unsigned int digest_len;
-+		EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i];
-+
-+		if ((mask & ssl_get_algorithm2(s)) == 0)
-+			continue;
-+
-+		hash_size = EVP_MD_size(md);
-+		if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len)
-+			{
-+			err = 1;
-+			break;
-+			}
-+
-+		if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
-+		    !EVP_DigestFinal_ex(&ctx, out, &digest_len) ||
-+		    digest_len != (unsigned int)hash_size) /* internal error */
-+			{
-+			err = 1;
-+			break;
-+			}
-+		out += digest_len;
-+		out_len -= digest_len;
-+		len += digest_len;
-+		}
-+
-+	EVP_MD_CTX_cleanup(&ctx);
-+
-+	if (err != 0)
-+		return -1;
-+	return len;
-+	}
-+
- int tls1_final_finish_mac(SSL *s,
- 	     const char *str, int slen, unsigned char *out)
- 	{
--	unsigned int i;
--	EVP_MD_CTX ctx;
- 	unsigned char buf[2*EVP_MAX_MD_SIZE];
--	unsigned char *q,buf2[12];
--	int idx;
--	long mask;
-+	unsigned char buf2[12];
- 	int err=0;
--	const EVP_MD *md; 
-+	int digests_len;
- 
--	q=buf;
--
--	if (s->s3->handshake_buffer) 
-+	if (s->s3->handshake_buffer)
- 		if (!ssl3_digest_cached_records(s))
- 			return 0;
- 
--	EVP_MD_CTX_init(&ctx);
--
--	for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
-+	digests_len = tls1_handshake_digest(s, buf, sizeof(buf));
-+	if (digests_len < 0)
- 		{
--		if (mask & ssl_get_algorithm2(s))
--			{
--			int hashsize = EVP_MD_size(md);
--			EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
--			if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
--				{
--				/* internal error: 'buf' is too small for this cipersuite! */
--				err = 1;
--				}
--			else
--				{
--				if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
--					!EVP_DigestFinal_ex(&ctx,q,&i) ||
--					(i != (unsigned int)hashsize))
--					err = 1;
--				q+=hashsize;
--				}
--			}
-+		err = 1;
-+		digests_len = 0;
- 		}
--		
-+
- 	if (!tls1_PRF(ssl_get_algorithm2(s),
--			str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
-+			str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0,
- 			s->session->master_key,s->session->master_key_length,
- 			out,buf2,sizeof buf2))
- 		err = 1;
--	EVP_MD_CTX_cleanup(&ctx);
- 
- 	if (err)
- 		return 0;
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index bddffd9..1a56a97 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -641,6 +641,19 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
- 		}
- #endif
- 
-+	if (s->tlsext_channel_id_enabled)
-+		{
-+		/* The client advertises an emtpy extension to indicate its
-+		 * support for Channel ID. */
-+		if (limit - ret - 4 < 0)
-+			return NULL;
-+		if (s->ctx->tlsext_channel_id_enabled_new)
-+			s2n(TLSEXT_TYPE_channel_id_new,ret);
-+		else
-+			s2n(TLSEXT_TYPE_channel_id,ret);
-+		s2n(0,ret);
-+		}
-+
- #ifndef OPENSSL_NO_SRTP
-         if(SSL_get_srtp_profiles(s))
-                 {
-@@ -881,6 +894,19 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
- 		}
- #endif
- 
-+	/* If the client advertised support for Channel ID, and we have it
-+	 * enabled, then we want to echo it back. */
-+	if (s->s3->tlsext_channel_id_valid)
-+		{
-+		if (limit - ret - 4 < 0)
-+			return NULL;
-+		if (s->s3->tlsext_channel_id_new)
-+			s2n(TLSEXT_TYPE_channel_id_new,ret);
-+		else
-+			s2n(TLSEXT_TYPE_channel_id,ret);
-+		s2n(0,ret);
-+		}
-+
- 	if ((extdatalen = ret-orig-2)== 0) 
- 		return p;
- 
-@@ -1442,6 +1468,16 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
- 			}
- #endif
- 
-+		else if (type == TLSEXT_TYPE_channel_id && s->tlsext_channel_id_enabled)
-+			s->s3->tlsext_channel_id_valid = 1;
-+
-+		else if (type == TLSEXT_TYPE_channel_id_new &&
-+			 s->tlsext_channel_id_enabled)
-+			{
-+			s->s3->tlsext_channel_id_valid = 1;
-+			s->s3->tlsext_channel_id_new = 1;
-+			}
-+
- 		/* session ticket processed earlier */
- #ifndef OPENSSL_NO_SRTP
- 		else if (type == TLSEXT_TYPE_use_srtp)
-@@ -1672,6 +1708,15 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
- 			s->s3->next_proto_neg_seen = 1;
- 			}
- #endif
-+		else if (type == TLSEXT_TYPE_channel_id)
-+			s->s3->tlsext_channel_id_valid = 1;
-+
-+		else if (type == TLSEXT_TYPE_channel_id_new)
-+			{
-+			s->s3->tlsext_channel_id_valid = 1;
-+			s->s3->tlsext_channel_id_new = 1;
-+			}
-+
- 		else if (type == TLSEXT_TYPE_renegotiate)
- 			{
- 			if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
-@@ -2727,3 +2772,74 @@ tls1_heartbeat(SSL *s)
- 	return ret;
- 	}
- #endif
-+
-+#if !defined(OPENSSL_NO_TLSEXT)
-+/* tls1_channel_id_hash calculates the signed data for a Channel ID on the given
-+ * SSL connection and writes it to |md|.
-+ */
-+int
-+tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s)
-+	{
-+	EVP_MD_CTX ctx;
-+	unsigned char temp_digest[EVP_MAX_MD_SIZE];
-+	unsigned temp_digest_len;
-+	int i;
-+	static const char kClientIDMagic[] = "TLS Channel ID signature";
-+
-+	if (s->s3->handshake_buffer)
-+		if (!ssl3_digest_cached_records(s))
-+			return 0;
-+
-+	EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic));
-+
-+	if (s->hit && s->s3->tlsext_channel_id_new)
-+		{
-+		static const char kResumptionMagic[] = "Resumption";
-+		EVP_DigestUpdate(md, kResumptionMagic,
-+				 sizeof(kResumptionMagic));
-+		if (s->session->original_handshake_hash_len == 0)
-+			return 0;
-+		EVP_DigestUpdate(md, s->session->original_handshake_hash,
-+				 s->session->original_handshake_hash_len);
-+		}
-+
-+	EVP_MD_CTX_init(&ctx);
-+	for (i = 0; i < SSL_MAX_DIGEST; i++)
-+		{
-+		if (s->s3->handshake_dgst[i] == NULL)
-+			continue;
-+		EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]);
-+		EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len);
-+		EVP_DigestUpdate(md, temp_digest, temp_digest_len);
-+		}
-+	EVP_MD_CTX_cleanup(&ctx);
-+
-+	return 1;
-+	}
-+#endif
-+
-+/* tls1_record_handshake_hashes_for_channel_id records the current handshake
-+ * hashes in |s->session| so that Channel ID resumptions can sign that data. */
-+int tls1_record_handshake_hashes_for_channel_id(SSL *s)
-+	{
-+	int digest_len;
-+	/* This function should never be called for a resumed session because
-+	 * the handshake hashes that we wish to record are for the original,
-+	 * full handshake. */
-+	if (s->hit)
-+		return -1;
-+	/* It only makes sense to call this function if Channel IDs have been
-+	 * negotiated. */
-+	if (!s->s3->tlsext_channel_id_new)
-+		return -1;
-+
-+	digest_len = tls1_handshake_digest(
-+		s, s->session->original_handshake_hash,
-+		sizeof(s->session->original_handshake_hash));
-+	if (digest_len < 0)
-+		return -1;
-+
-+	s->session->original_handshake_hash_len = digest_len;
-+
-+	return 1;
-+	}
-diff --git a/ssl/tls1.h b/ssl/tls1.h
-index c992091..12f2f21 100644
---- a/ssl/tls1.h
-+++ b/ssl/tls1.h
-@@ -254,6 +254,10 @@ extern "C" {
- #define TLSEXT_TYPE_next_proto_neg		13172
- #endif
- 
-+/* This is not an IANA defined extension number */
-+#define TLSEXT_TYPE_channel_id			30031
-+#define TLSEXT_TYPE_channel_id_new		30032
-+
- /* NameType value from RFC 3546 */
- #define TLSEXT_NAMETYPE_host_name 0
- /* status request value from RFC 3546 */
--- 
-1.9.1.423.g4596e3a
-
diff --git a/patches/0005-eng_dyn_dirs.patch b/patches/0005-eng_dyn_dirs.patch
deleted file mode 100644
index ad137e580f..0000000000
--- a/patches/0005-eng_dyn_dirs.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From b53cd994adaff887ec126de259e37d769ad585cb Mon Sep 17 00:00:00 2001
-From: Kenny Root <kroot@google.com>
-Date: Fri, 8 Feb 2013 11:22:25 -0800
-Subject: [PATCH] Fix failures when eng_dyn scans multiple directories
-
-If DIR_ADD is called with multiple directories, and the target file
-does not exist in the first directory scanned, the DSO object will still
-be considered "loaded" for the next call of DSO_load(...) and cause
-subsequent calls to DSO_load(...) fail with the reason code of "already
-loaded" even though the load failed.
-
-Additionally, with multiple directories used in eng_dyn, another problem
-manifests because the errors pushed onto the error stack will linger even
-if another library is loaded successfully on subsequent calls to
-DSO_load(...) in the directory scanning loop.
-
-Change-Id: I4ddd24f7b39bd88663e1783f30914870a907acfa
----
- crypto/dso/dso_lib.c    | 8 ++++++++
- crypto/engine/eng_dyn.c | 5 ++++-
- 2 files changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
-index 8a15b79..7801529 100644
---- a/crypto/dso/dso_lib.c
-+++ b/crypto/dso/dso_lib.c
-@@ -237,11 +237,19 @@ DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
- 	if(ret->meth->dso_load == NULL)
- 		{
- 		DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED);
-+		/* Make sure we unset the filename on failure, because we use
-+		 * this to determine when the DSO has been loaded above. */
-+		OPENSSL_free(ret->filename);
-+		ret->filename = NULL;
- 		goto err;
- 		}
- 	if(!ret->meth->dso_load(ret))
- 		{
- 		DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED);
-+		/* Make sure we unset the filename on failure, because we use
-+		 * this to determine when the DSO has been loaded above. */
-+		OPENSSL_free(ret->filename);
-+		ret->filename = NULL;
- 		goto err;
- 		}
- 	/* Load succeeded */
-diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
-index 807da7a..8fb8634 100644
---- a/crypto/engine/eng_dyn.c
-+++ b/crypto/engine/eng_dyn.c
-@@ -408,7 +408,7 @@ static int int_load(dynamic_data_ctx *ctx)
- 	int num, loop;
- 	/* Unless told not to, try a direct load */
- 	if((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
--				ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)
-+				ctx->DYNAMIC_LIBNAME, NULL, 0) != NULL))
- 		return 1;
- 	/* If we're not allowed to use 'dirs' or we have none, fail */
- 	if(!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
-@@ -423,6 +423,9 @@ static int int_load(dynamic_data_ctx *ctx)
- 			{
- 			/* Found what we're looking for */
- 			OPENSSL_free(merge);
-+			/* Previous failed loop iterations, if any, will have resulted in
-+			 * errors. Clear them out before returning success. */
-+			ERR_clear_error();
- 			return 1;
- 			}
- 		OPENSSL_free(merge);
--- 
-1.7.12.3-x20-1
-
diff --git a/patches/0006-fix_clang_build.patch b/patches/0006-fix_clang_build.patch
deleted file mode 100644
index 8f9b8261b5..0000000000
--- a/patches/0006-fix_clang_build.patch
+++ /dev/null
@@ -1,46 +0,0 @@
---- openssl-1.0.1e.orig/crypto/bio/b_sock.c	2013-03-05 19:12:46.758376542 +0000
-+++ openssl-1.0.1e/crypto/bio/b_sock.c	2013-03-05 19:12:46.948378599 +0000
-@@ -629,7 +629,8 @@ int BIO_get_accept_socket(char *host, in
- 		struct sockaddr_in6 sa_in6;
- #endif
- 	} server,client;
--	int s=INVALID_SOCKET,cs,addrlen;
-+	int s=INVALID_SOCKET,cs;
-+	socklen_t addrlen;
- 	unsigned char ip[4];
- 	unsigned short port;
- 	char *str=NULL,*e;
-@@ -704,10 +705,10 @@ int BIO_get_accept_socket(char *host, in
- 
- 	if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;
- 
--	addrlen = res->ai_addrlen<=sizeof(server) ?
-+	addrlen = res->ai_addrlen <= (socklen_t)sizeof(server) ?
- 			res->ai_addrlen :
--			sizeof(server);
--	memcpy(&server, res->ai_addr, addrlen);
-+			(socklen_t)sizeof(server);
-+	memcpy(&server, res->ai_addr, (size_t)addrlen);
- 
- 	(*p_freeaddrinfo.f)(res);
- 	goto again;
-@@ -719,7 +720,7 @@ int BIO_get_accept_socket(char *host, in
- 	memset((char *)&server,0,sizeof(server));
- 	server.sa_in.sin_family=AF_INET;
- 	server.sa_in.sin_port=htons(port);
--	addrlen = sizeof(server.sa_in);
-+	addrlen = (socklen_t)sizeof(server.sa_in);
- 
- 	if (h == NULL || strcmp(h,"*") == 0)
- 		server.sa_in.sin_addr.s_addr=INADDR_ANY;
---- openssl-1.0.1e.orig/crypto/x509v3/v3_utl.c	2013-03-05 19:12:46.768376649 +0000
-+++ openssl-1.0.1e/crypto/x509v3/v3_utl.c	2013-03-05 19:12:46.948378599 +0000
-@@ -365,7 +365,7 @@ char *hex_to_string(const unsigned char
- 	char *tmp, *q;
- 	const unsigned char *p;
- 	int i;
--	const static char hexdig[] = "0123456789ABCDEF";
-+	static const char hexdig[] = "0123456789ABCDEF";
- 	if(!buffer || !len) return NULL;
- 	if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
- 		X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
diff --git a/patches/0007-tls12_digests.patch b/patches/0007-tls12_digests.patch
deleted file mode 100644
index 74332d7ea4..0000000000
--- a/patches/0007-tls12_digests.patch
+++ /dev/null
@@ -1,440 +0,0 @@
-From 3a8c7b1a08b2766a7f8a388eee14442281b4e295 Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Thu, 24 Jan 2013 16:27:14 -0500
-Subject: [PATCH 19/36] tls12_digests
-
-Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA
-keys.
----
- ssl/s3_clnt.c  |  26 +++++++++++++--
- ssl/ssl3.h     |  11 +++++-
- ssl/ssl_cert.c |  20 -----------
- ssl/ssl_lib.c  |  35 +++++++++++--------
- ssl/ssl_locl.h |   4 +--
- ssl/t1_lib.c   | 104 ++++++++++++++++++++-------------------------------------
- 6 files changed, 94 insertions(+), 106 deletions(-)
-
-diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
-index c9196b3..1f3b376 100644
---- a/ssl/s3_clnt.c
-+++ b/ssl/s3_clnt.c
-@@ -1990,12 +1990,13 @@ int ssl3_get_certificate_request(SSL *s)
- 			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_DATA_LENGTH_TOO_LONG);
- 			goto err;
- 			}
--		if ((llen & 1) || !tls1_process_sigalgs(s, p, llen))
-+		if (llen & 1)
- 			{
- 			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- 			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_SIGNATURE_ALGORITHMS_ERROR);
- 			goto err;
- 			}
-+		tls1_process_sigalgs(s, p, llen);
- 		p += llen;
- 		}
- 
-@@ -3017,7 +3018,28 @@ int ssl3_send_client_verify(SSL *s)
- 			{
- 			long hdatalen = 0;
- 			void *hdata;
--			const EVP_MD *md = s->cert->key->digest;
-+			const EVP_MD *md;
-+			switch (ssl_cert_type(NULL, pkey))
-+				{
-+			case SSL_PKEY_RSA_ENC:
-+				md = s->s3->digest_rsa;
-+				break;
-+			case SSL_PKEY_DSA_SIGN:
-+				md = s->s3->digest_dsa;
-+				break;
-+			case SSL_PKEY_ECC:
-+				md = s->s3->digest_ecdsa;
-+				break;
-+			default:
-+				md = NULL;
-+				}
-+			if (!md)
-+				/* Unlike with the SignatureAlgorithm extension (sent by clients),
-+				 * there are no default algorithms for the CertificateRequest message
-+				 * (sent by servers). However, now that we've sent a certificate
-+				 * for which we don't really know what hash to use for signing, the
-+				 * best we can do is try a default algorithm. */
-+				md = EVP_sha1();
- 			hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,
- 								&hdata);
- 			if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md))
-diff --git a/ssl/ssl3.h b/ssl/ssl3.h
-index 29098e4..3229995 100644
---- a/ssl/ssl3.h
-+++ b/ssl/ssl3.h
-@@ -550,6 +550,16 @@ typedef struct ssl3_state_st
- 	 *     verified Channel ID from the client: a P256 point, (x,y), where
- 	 *     each are big-endian values. */
- 	unsigned char tlsext_channel_id[64];
-+
-+	/* These point to the digest function to use for signatures made with
-+	 * each type of public key. A NULL value indicates that the default
-+	 * digest should be used, which is SHA1 as of TLS 1.2.
-+	 *
-+	 * (These should be in the tmp member, but we have to put them here to
-+	 * ensure binary compatibility with earlier OpenSSL 1.0.* releases.) */
-+	const EVP_MD *digest_rsa;
-+	const EVP_MD *digest_dsa;
-+	const EVP_MD *digest_ecdsa;
- 	} SSL3_STATE;
- 
- #endif
-@@ -700,4 +710,3 @@ typedef struct ssl3_state_st
- }
- #endif
- #endif
--
-diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
-index 5123a89..bc4150b 100644
---- a/ssl/ssl_cert.c
-+++ b/ssl/ssl_cert.c
-@@ -160,21 +160,6 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void)
- 	return ssl_x509_store_ctx_idx;
- 	}
- 
--static void ssl_cert_set_default_md(CERT *cert)
--	{
--	/* Set digest values to defaults */
--#ifndef OPENSSL_NO_DSA
--	cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
--#endif
--#ifndef OPENSSL_NO_RSA
--	cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
--	cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
--#endif
--#ifndef OPENSSL_NO_ECDSA
--	cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
--#endif
--	}
--
- CERT *ssl_cert_new(void)
- 	{
- 	CERT *ret;
-@@ -189,7 +174,6 @@ CERT *ssl_cert_new(void)
- 
- 	ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
- 	ret->references=1;
--	ssl_cert_set_default_md(ret);
- 	return(ret);
- 	}
- 
-@@ -322,10 +306,6 @@ CERT *ssl_cert_dup(CERT *cert)
- 	 * chain is held inside SSL_CTX */
- 
- 	ret->references=1;
--	/* Set digests to defaults. NB: we don't copy existing values as they
--	 * will be set during handshake.
--	 */
--	ssl_cert_set_default_md(ret);
- 
- 	return(ret);
- 	
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 5f8b0b0..e360550 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -2345,32 +2345,41 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
- 	{
- 	unsigned long alg_a;
- 	CERT *c;
--	int idx = -1;
- 
- 	alg_a = cipher->algorithm_auth;
- 	c=s->cert;
- 
-+	/* SHA1 is the default for all signature algorithms up to TLS 1.2,
-+	 * except RSA which is handled specially in s3_srvr.c */
-+	if (pmd)
-+		*pmd = EVP_sha1();
-+
- 	if ((alg_a & SSL_aDSS) &&
--		(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
--		idx = SSL_PKEY_DSA_SIGN;
-+	    (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
-+		{
-+		if (pmd && s->s3 && s->s3->digest_dsa)
-+			*pmd = s->s3->digest_dsa;
-+		return c->pkeys[SSL_PKEY_DSA_SIGN].privatekey;
-+		}
- 	else if (alg_a & SSL_aRSA)
- 		{
-+		if (pmd && s->s3 && s->s3->digest_rsa)
-+			*pmd = s->s3->digest_rsa;
- 		if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
--			idx = SSL_PKEY_RSA_SIGN;
--		else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
--			idx = SSL_PKEY_RSA_ENC;
-+			return c->pkeys[SSL_PKEY_RSA_SIGN].privatekey;
-+		if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
-+			return c->pkeys[SSL_PKEY_RSA_ENC].privatekey;
- 		}
- 	else if ((alg_a & SSL_aECDSA) &&
- 	         (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
--		idx = SSL_PKEY_ECC;
--	if (idx == -1)
- 		{
--		SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
--		return(NULL);
-+		if (pmd && s->s3 && s->s3->digest_ecdsa)
-+			*pmd = s->s3->digest_ecdsa;
-+		return c->pkeys[SSL_PKEY_ECC].privatekey;
- 		}
--	if (pmd)
--		*pmd = c->pkeys[idx].digest;
--	return c->pkeys[idx].privatekey;
-+
-+	SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
-+	return(NULL);
- 	}
- 
- void ssl_update_cache(SSL *s,int mode)
-@@ -3138,26 +3160,15 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
-
- SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
-	{
--	CERT *ocert = ssl->cert;
-	if (ssl->ctx == ctx)
-		return ssl->ctx;
- #ifndef OPENSSL_NO_TLSEXT
-	if (ctx == NULL)
-		ctx = ssl->initial_ctx;
- #endif
-+	if (ssl->cert != NULL)
-+		ssl_cert_free(ssl->cert);
-	ssl->cert = ssl_cert_dup(ctx->cert);
--	if (ocert != NULL)
--		{
--		int i;
--		/* Copy negotiated digests from original */
--		for (i = 0; i < SSL_PKEY_NUM; i++)
--			{
--			CERT_PKEY *cpk = ocert->pkeys + i;
--			CERT_PKEY *rpk = ssl->cert->pkeys + i;
--			rpk->digest = cpk->digest;
--			}
--		ssl_cert_free(ocert);
--		}
- 
- 	/*
- 	 * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index 6d38f0f..3e89fcb 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -485,8 +485,6 @@ typedef struct cert_pkey_st
- 	{
- 	X509 *x509;
- 	EVP_PKEY *privatekey;
--	/* Digest to use when signing */
--	const EVP_MD *digest;
- 	} CERT_PKEY;
- 
- typedef struct cert_st
-@@ -1142,7 +1140,7 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
- int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
- 					  int *al);
- long ssl_get_algorithm2(SSL *s);
--int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
-+void tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
- int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
- 
- int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 26805e4..6af51a9 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -897,6 +897,13 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
- 
- 	s->servername_done = 0;
- 	s->tlsext_status_type = -1;
-+
-+	/* Reset TLS 1.2 digest functions to defaults because they don't carry
-+	 * over to a renegotiation. */
-+	s->s3->digest_rsa = NULL;
-+	s->s3->digest_dsa = NULL;
-+	s->s3->digest_ecdsa = NULL;
-+
- #ifndef OPENSSL_NO_NEXTPROTONEG
- 	s->s3->next_proto_neg_seen = 0;
- #endif
-@@ -1198,11 +1205,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
- 				*al = SSL_AD_DECODE_ERROR;
- 				return 0;
- 				}
--			if (!tls1_process_sigalgs(s, data, dsize))
--				{
--				*al = SSL_AD_DECODE_ERROR;
--				return 0;
--				}
-+			tls1_process_sigalgs(s, data, dsize);
- 			}
- 		else if (type == TLSEXT_TYPE_status_request &&
- 		         s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
-@@ -2354,18 +2357,6 @@ static int tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
- 		}
- 	return -1;
- 	}
--#if 0
--static int tls12_find_nid(int id, tls12_lookup *table, size_t tlen)
--	{
--	size_t i;
--	for (i = 0; i < tlen; i++)
--		{
--		if (table[i].id == id)
--			return table[i].nid;
--		}
--	return -1;
--	}
--#endif
- 
- int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
- 	{
-@@ -2384,6 +2375,8 @@ int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
- 	return 1;
- 	}
- 
-+/* tls12_get_sigid returns the TLS 1.2 SignatureAlgorithm value corresponding
-+ * to the given public key, or -1 if not known. */
- int tls12_get_sigid(const EVP_PKEY *pk)
- 	{
- 	return tls12_find_id(pk->type, tls12_sig,
-@@ -2403,47 +2396,49 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg)
- 		return EVP_md5();
- #endif
- #ifndef OPENSSL_NO_SHA
--		case TLSEXT_hash_sha1:
-+	case TLSEXT_hash_sha1:
- 		return EVP_sha1();
- #endif
- #ifndef OPENSSL_NO_SHA256
--		case TLSEXT_hash_sha224:
-+	case TLSEXT_hash_sha224:
- 		return EVP_sha224();
- 
--		case TLSEXT_hash_sha256:
-+	case TLSEXT_hash_sha256:
- 		return EVP_sha256();
- #endif
- #ifndef OPENSSL_NO_SHA512
--		case TLSEXT_hash_sha384:
-+	case TLSEXT_hash_sha384:
- 		return EVP_sha384();
- 
--		case TLSEXT_hash_sha512:
-+	case TLSEXT_hash_sha512:
- 		return EVP_sha512();
- #endif
--		default:
-+	default:
- 		return NULL;
- 
- 		}
- 	}
- 
--/* Set preferred digest for each key type */
--
--int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
-+/* tls1_process_sigalgs processes a signature_algorithms extension and sets the
-+ * digest functions accordingly for each key type.
-+ *
-+ * See RFC 5246, section 7.4.1.4.1.
-+ *
-+ * data: points to the content of the extension, not including type and length
-+ *     headers.
-+ * dsize: the number of bytes of |data|. Must be even.
-+ */
-+void tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
- 	{
--	int i, idx;
--	const EVP_MD *md;
--	CERT *c = s->cert;
-+	int i;
-+	const EVP_MD *md, **digest_ptr;
- 	/* Extension ignored for TLS versions below 1.2 */
- 	if (TLS1_get_version(s) < TLS1_2_VERSION)
--		return 1;
--	/* Should never happen */
--	if (!c)
--		return 0;
-+		return;
- 
--	c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL;
--	c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
--	c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
--	c->pkeys[SSL_PKEY_ECC].digest = NULL;
-+	s->s3->digest_rsa = NULL;
-+	s->s3->digest_dsa = NULL;
-+	s->s3->digest_ecdsa = NULL;
- 
- 	for (i = 0; i < dsize; i += 2)
- 		{
-@@ -2453,56 +2448,31 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
- 			{
- #ifndef OPENSSL_NO_RSA
- 			case TLSEXT_signature_rsa:
--			idx = SSL_PKEY_RSA_SIGN;
-+			digest_ptr = &s->s3->digest_rsa;
- 			break;
- #endif
- #ifndef OPENSSL_NO_DSA
- 			case TLSEXT_signature_dsa:
--			idx = SSL_PKEY_DSA_SIGN;
-+			digest_ptr = &s->s3->digest_dsa;
- 			break;
- #endif
- #ifndef OPENSSL_NO_ECDSA
- 			case TLSEXT_signature_ecdsa:
--			idx = SSL_PKEY_ECC;
-+			digest_ptr = &s->s3->digest_ecdsa;
- 			break;
- #endif
- 			default:
- 			continue;
- 			}
- 
--		if (c->pkeys[idx].digest == NULL)
-+		if (*digest_ptr == NULL)
- 			{
- 			md = tls12_get_hash(hash_alg);
- 			if (md)
--				{
--				c->pkeys[idx].digest = md;
--				if (idx == SSL_PKEY_RSA_SIGN)
--					c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
--				}
-+				*digest_ptr = md;
- 			}
- 
- 		}
--
--
--	/* Set any remaining keys to default values. NOTE: if alg is not
--	 * supported it stays as NULL.
--	 */
--#ifndef OPENSSL_NO_DSA
--	if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
--		c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
--#endif
--#ifndef OPENSSL_NO_RSA
--	if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
--		{
--		c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
--		c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
--		}
--#endif
--#ifndef OPENSSL_NO_ECDSA
--	if (!c->pkeys[SSL_PKEY_ECC].digest)
--		c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
--#endif
--	return 1;
- 	}
- 
- #endif
--- 
-1.8.2.1
-
diff --git a/patches/0008-alpn.patch b/patches/0008-alpn.patch
deleted file mode 100644
index 6fccbd31fa..0000000000
--- a/patches/0008-alpn.patch
+++ /dev/null
@@ -1,592 +0,0 @@
-From 5ebeb8b5d90f9f47418b6b8d898ace8f1b4d4104 Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Mon, 15 Apr 2013 18:07:47 -0400
-
-This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
-blessed version of NPN and we'll be supporting both ALPN and NPN for
-some time yet.
-
-[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
----
- apps/s_client.c |  40 +++++++++++++-
- ssl/s3_lib.c    |  13 +++++
- ssl/ssl.h       |  45 +++++++++++++++
- ssl/ssl3.h      |  10 ++++
- ssl/ssl_lib.c   |  87 +++++++++++++++++++++++++++++
- ssl/t1_lib.c    | 167 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
- ssl/tls1.h      |   3 +
- 7 files changed, 362 insertions(+), 3 deletions(-)
-
-diff --git a/apps/s_client.c b/apps/s_client.c
-index 791e277..cb1efcd 100644
---- a/apps/s_client.c
-+++ b/apps/s_client.c
-@@ -359,6 +359,7 @@ static void sc_usage(void)
- 	BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
- # ifndef OPENSSL_NO_NEXTPROTONEG
- 	BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
-+	BIO_printf(bio_err," -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
- # endif
- #endif
- 	BIO_printf(bio_err," -cutthrough       - enable 1-RTT full-handshake for strong ciphers\n");
-@@ -611,6 +612,7 @@ int MAIN(int argc, char **argv)
-         {NULL,0};
- # ifndef OPENSSL_NO_NEXTPROTONEG
- 	const char *next_proto_neg_in = NULL;
-+	const char *alpn_in = NULL;
- # endif
- #endif
- 	char *sess_in = NULL;
-@@ -883,6 +885,11 @@ int MAIN(int argc, char **argv)
- 			if (--argc < 1) goto bad;
- 			next_proto_neg_in = *(++argv);
- 			}
-+		else if (strcmp(*argv,"-alpn") == 0)
-+			{
-+			if (--argc < 1) goto bad;
-+			alpn_in = *(++argv);
-+			}
- # endif
- #endif
- 		else if (strcmp(*argv,"-cutthrough") == 0)
-@@ -1157,9 +1164,23 @@ bad:
- 	 */
- 	if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
- 
--#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+#if !defined(OPENSSL_NO_TLSEXT)
-+# if !defined(OPENSSL_NO_NEXTPROTONEG)
- 	if (next_proto.data)
- 		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
-+# endif
-+	if (alpn_in)
-+		{
-+		unsigned short alpn_len;
-+		unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
-+
-+		if (alpn == NULL)
-+			{
-+			BIO_printf(bio_err, "Error parsing -alpn argument\n");
-+			goto end;
-+			}
-+		SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
-+		}
- #endif
- 
- 	/* Enable handshake cutthrough for client connections using
-@@ -2077,7 +2098,8 @@ static void print_stuff(BIO *bio, SSL *s, int full)
- 	}
- #endif
- 
--#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+#if !defined(OPENSSL_NO_TLSEXT)
-+# if !defined(OPENSSL_NO_NEXTPROTONEG)
- 	if (next_proto.status != -1) {
- 		const unsigned char *proto;
- 		unsigned int proto_len;
-@@ -2086,6 +2108,20 @@ static void print_stuff(BIO *bio, SSL *s, int full)
- 		BIO_write(bio, proto, proto_len);
- 		BIO_write(bio, "\n", 1);
- 	}
-+	{
-+		const unsigned char *proto;
-+		unsigned int proto_len;
-+		SSL_get0_alpn_selected(s, &proto, &proto_len);
-+		if (proto_len > 0)
-+			{
-+			BIO_printf(bio, "ALPN protocol: ");
-+			BIO_write(bio, proto, proto_len);
-+			BIO_write(bio, "\n", 1);
-+			}
-+		else
-+			BIO_printf(bio, "No ALPN negotiated\n");
-+	}
-+# endif
- #endif
- 
- #ifndef OPENSSL_NO_SRTP
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index 5e46393..2cd1654 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -2996,6 +2996,11 @@ void ssl3_free(SSL *s)
- 		BIO_free(s->s3->handshake_buffer);
- 	}
- 	if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
-+#ifndef OPENSSL_NO_TLSEXT
-+	if (s->s3->alpn_selected)
-+		OPENSSL_free(s->s3->alpn_selected);
-+#endif
-+
- #ifndef OPENSSL_NO_SRP
- 	SSL_SRP_CTX_free(s);
- #endif
-@@ -3055,6 +3060,14 @@ void ssl3_clear(SSL *s)
- 	if (s->s3->handshake_dgst) {
- 		ssl3_free_digest_list(s);
- 	}	
-+
-+#if !defined(OPENSSL_NO_TLSEXT)
-+	if (s->s3->alpn_selected)
-+		{
-+		free(s->s3->alpn_selected);
-+		s->s3->alpn_selected = NULL;
-+		}
-+#endif
- 	memset(s->s3,0,sizeof *s->s3);
- 	s->s3->rbuf.buf = rp;
- 	s->s3->wbuf.buf = wp;
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index e8c73fa..612c7aa 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -1019,6 +1019,31 @@ struct ssl_ctx_st
- 				    void *arg);
- 	void *next_proto_select_cb_arg;
- # endif
-+
-+	/* ALPN information
-+	 * (we are in the process of transitioning from NPN to ALPN.) */
-+
-+	/* For a server, this contains a callback function that allows the
-+	 * server to select the protocol for the connection.
-+	 *   out: on successful return, this must point to the raw protocol
-+	 *        name (without the length prefix).
-+	 *   outlen: on successful return, this contains the length of |*out|.
-+	 *   in: points to the client's list of supported protocols in
-+	 *       wire-format.
-+	 *   inlen: the length of |in|. */
-+	int (*alpn_select_cb)(SSL *s,
-+			      const unsigned char **out,
-+			      unsigned char *outlen,
-+			      const unsigned char* in,
-+			      unsigned int inlen,
-+			      void *arg);
-+	void *alpn_select_cb_arg;
-+
-+	/* For a client, this contains the list of supported protocols in wire
-+	 * format. */
-+	unsigned char* alpn_client_proto_list;
-+	unsigned alpn_client_proto_list_len;
-+
-         /* SRTP profiles we are willing to do from RFC 5764 */
-         STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
- 
-@@ -1120,6 +1145,21 @@ void SSL_get0_next_proto_negotiated(const SSL *s,
- #define OPENSSL_NPN_NO_OVERLAP	2
- #endif
- 
-+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
-+			    unsigned protos_len);
-+int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
-+			unsigned protos_len);
-+void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
-+				int (*cb) (SSL *ssl,
-+					   const unsigned char **out,
-+					   unsigned char *outlen,
-+					   const unsigned char *in,
-+					   unsigned int inlen,
-+					   void *arg),
-+				void *arg);
-+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
-+			    unsigned *len);
-+
- #ifndef OPENSSL_NO_PSK
- /* the maximum length of the buffer given to callbacks containing the
-  * resulting identity/psk */
-@@ -1422,6 +1462,11 @@ struct ssl_st
- 	char tlsext_channel_id_enabled;
- 	/* The client's Channel ID private key. */
- 	EVP_PKEY *tlsext_channel_id_private;
-+
-+	/* For a client, this contains the list of supported protocols in wire
-+	 * format. */
-+	unsigned char* alpn_client_proto_list;
-+	unsigned alpn_client_proto_list_len;
- #else
- #define session_ctx ctx
- #endif /* OPENSSL_NO_TLSEXT */
-diff --git a/ssl/ssl3.h b/ssl/ssl3.h
-index 3229995..28c46d5 100644
---- a/ssl/ssl3.h
-+++ b/ssl/ssl3.h
-@@ -551,6 +551,16 @@ typedef struct ssl3_state_st
- 	 *     each are big-endian values. */
- 	unsigned char tlsext_channel_id[64];
- 
-+	/* ALPN information
-+	 * (we are in the process of transitioning from NPN to ALPN.) */
-+
-+	/* In a server these point to the selected ALPN protocol after the
-+	 * ClientHello has been processed. In a client these contain the
-+	 * protocol that the server selected once the ServerHello has been
-+	 * processed. */
-+	unsigned char *alpn_selected;
-+	unsigned alpn_selected_len;
-+
- 	/* These point to the digest function to use for signatures made with
- 	 * each type of public key. A NULL value indicates that the default
- 	 * digest should be used, which is SHA1 as of TLS 1.2.
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index e360550..b472423 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -359,6 +359,17 @@ SSL *SSL_new(SSL_CTX *ctx)
- # ifndef OPENSSL_NO_NEXTPROTONEG
- 	s->next_proto_negotiated = NULL;
- # endif
-+
-+	if (s->ctx->alpn_client_proto_list)
-+		{
-+		s->alpn_client_proto_list =
-+			OPENSSL_malloc(s->ctx->alpn_client_proto_list_len);
-+		if (s->alpn_client_proto_list == NULL)
-+			goto err;
-+		memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list,
-+		       s->ctx->alpn_client_proto_list_len);
-+		s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
-+		}
- #endif
- 
- 	s->verify_result=X509_V_OK;
-@@ -564,6 +575,8 @@ void SSL_free(SSL *s)
- 		OPENSSL_free(s->tlsext_ocsp_resp);
- 	if (s->tlsext_channel_id_private)
- 		EVP_PKEY_free(s->tlsext_channel_id_private);
-+	if (s->alpn_client_proto_list)
-+		OPENSSL_free(s->alpn_client_proto_list);
- #endif
- 
- 	if (s->client_CA != NULL)
-@@ -1615,6 +1628,78 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned
- 	ctx->next_proto_select_cb_arg = arg;
- 	}
- # endif
-+
-+/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
-+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
-+ * length-prefixed strings).
-+ *
-+ * Returns 0 on success. */
-+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
-+			    unsigned protos_len)
-+	{
-+	if (ctx->alpn_client_proto_list)
-+		OPENSSL_free(ctx->alpn_client_proto_list);
-+
-+	ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len);
-+	if (!ctx->alpn_client_proto_list)
-+		return 1;
-+	memcpy(ctx->alpn_client_proto_list, protos, protos_len);
-+	ctx->alpn_client_proto_list_len = protos_len;
-+
-+	return 0;
-+	}
-+
-+/* SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
-+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
-+ * length-prefixed strings).
-+ *
-+ * Returns 0 on success. */
-+int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
-+			unsigned protos_len)
-+	{
-+	if (ssl->alpn_client_proto_list)
-+		OPENSSL_free(ssl->alpn_client_proto_list);
-+
-+	ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len);
-+	if (!ssl->alpn_client_proto_list)
-+		return 1;
-+	memcpy(ssl->alpn_client_proto_list, protos, protos_len);
-+	ssl->alpn_client_proto_list_len = protos_len;
-+
-+	return 0;
-+	}
-+
-+/* SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called
-+ * during ClientHello processing in order to select an ALPN protocol from the
-+ * client's list of offered protocols. */
-+void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
-+				int (*cb) (SSL *ssl,
-+					   const unsigned char **out,
-+					   unsigned char *outlen,
-+					   const unsigned char *in,
-+					   unsigned int inlen,
-+					   void *arg),
-+				void *arg)
-+	{
-+	ctx->alpn_select_cb = cb;
-+	ctx->alpn_select_cb_arg = arg;
-+	}
-+
-+/* SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
-+ * On return it sets |*data| to point to |*len| bytes of protocol name (not
-+ * including the leading length-prefix byte). If the server didn't respond with
-+ * a negotiated protocol then |*len| will be zero. */
-+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
-+			    unsigned *len)
-+	{
-+	*data = NULL;
-+	if (ssl->s3)
-+		*data = ssl->s3->alpn_selected;
-+	if (*data == NULL)
-+		*len = 0;
-+	else
-+		*len = ssl->s3->alpn_selected_len;
-+	}
- #endif
- 
- int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-@@ -1955,6 +2040,8 @@ void SSL_CTX_free(SSL_CTX *a)
- #ifndef OPENSSL_NO_TLSEXT
- 	if (a->tlsext_channel_id_private)
- 		EVP_PKEY_free(a->tlsext_channel_id_private);
-+	if (a->alpn_client_proto_list != NULL)
-+		OPENSSL_free(a->alpn_client_proto_list);
- #endif
- 
- 	OPENSSL_free(a);
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 1f93a6f..b2e049a 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -659,6 +659,18 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
- 		s2n(0,ret);
- 		}
- 
-+	if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len)
-+		{
-+		if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len)
-+			return NULL;
-+		s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret);
-+		s2n(2 + s->alpn_client_proto_list_len,ret);
-+		s2n(s->alpn_client_proto_list_len,ret);
-+		memcpy(ret, s->alpn_client_proto_list,
-+		       s->alpn_client_proto_list_len);
-+		ret += s->alpn_client_proto_list_len;
-+		}
-+
- #ifndef OPENSSL_NO_SRTP
-         if(SSL_get_srtp_profiles(s))
-                 {
-@@ -879,6 +891,21 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
- 		s2n(0,ret);
- 		}
- 
-+	if (s->s3->alpn_selected)
-+		{
-+		const unsigned char *selected = s->s3->alpn_selected;
-+		unsigned len = s->s3->alpn_selected_len;
-+
-+		if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
-+			return NULL;
-+		s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret);
-+		s2n(3 + len,ret);
-+		s2n(1 + len,ret);
-+		*ret++ = len;
-+		memcpy(ret, selected, len);
-+		ret += len;
-+		}
-+
- 	if ((extdatalen = ret-orig-2)== 0) 
- 		return p;
- 
-@@ -966,6 +993,76 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsign
- 	s->is_probably_safari = 1;
- }
- 
-+/* tls1_alpn_handle_client_hello is called to process the ALPN extension in a
-+ * ClientHello.
-+ *   data: the contents of the extension, not including the type and length.
-+ *   data_len: the number of bytes in |data|
-+ *   al: a pointer to the alert value to send in the event of a non-zero
-+ *       return.
-+ *
-+ *   returns: 0 on success. */
-+static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
-+					 unsigned data_len, int *al)
-+	{
-+	unsigned i;
-+	unsigned proto_len;
-+	const unsigned char *selected;
-+	unsigned char selected_len;
-+	int r;
-+
-+	if (s->ctx->alpn_select_cb == NULL)
-+		return 0;
-+
-+	if (data_len < 2)
-+		goto parse_error;
-+
-+	/* data should contain a uint16 length followed by a series of 8-bit,
-+	 * length-prefixed strings. */
-+	i = ((unsigned) data[0]) << 8 |
-+	    ((unsigned) data[1]);
-+	data_len -= 2;
-+	data += 2;
-+	if (data_len != i)
-+		goto parse_error;
-+
-+	if (data_len < 2)
-+		goto parse_error;
-+
-+	for (i = 0; i < data_len;)
-+		{
-+		proto_len = data[i];
-+		i++;
-+
-+		if (proto_len == 0)
-+			goto parse_error;
-+
-+		if (i + proto_len < i || i + proto_len > data_len)
-+			goto parse_error;
-+
-+		i += proto_len;
-+		}
-+
-+	r = s->ctx->alpn_select_cb(s, &selected, &selected_len, data, data_len,
-+				   s->ctx->alpn_select_cb_arg);
-+	if (r == SSL_TLSEXT_ERR_OK) {
-+		if (s->s3->alpn_selected)
-+			OPENSSL_free(s->s3->alpn_selected);
-+		s->s3->alpn_selected = OPENSSL_malloc(selected_len);
-+		if (!s->s3->alpn_selected)
-+			{
-+			*al = SSL_AD_INTERNAL_ERROR;
-+			return -1;
-+			}
-+		memcpy(s->s3->alpn_selected, selected, selected_len);
-+		s->s3->alpn_selected_len = selected_len;
-+	}
-+	return 0;
-+
-+parse_error:
-+	*al = SSL_AD_DECODE_ERROR;
-+	return -1;
-+	}
-+
- int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
- 	{
- 	unsigned short type;
-@@ -988,6 +1085,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
- 	s->s3->next_proto_neg_seen = 0;
- #endif
- 
-+	if (s->s3->alpn_selected)
-+		{
-+		OPENSSL_free(s->s3->alpn_selected);
-+		s->s3->alpn_selected = NULL;
-+		}
-+
- #ifndef OPENSSL_NO_HEARTBEATS
- 	s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
- 	                       SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
-@@ -1420,7 +1523,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
- #endif
- #ifndef OPENSSL_NO_NEXTPROTONEG
- 		else if (type == TLSEXT_TYPE_next_proto_neg &&
--			 s->s3->tmp.finish_md_len == 0)
-+			 s->s3->tmp.finish_md_len == 0 &&
-+			 s->s3->alpn_selected == NULL)
- 			{
- 			/* We shouldn't accept this extension on a
- 			 * renegotiation.
-@@ -1444,6 +1548,16 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
- 		else if (type == TLSEXT_TYPE_channel_id && s->tlsext_channel_id_enabled)
- 			s->s3->tlsext_channel_id_valid = 1;
- 
-+		else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
-+			 s->ctx->alpn_select_cb &&
-+			 s->s3->tmp.finish_md_len == 0)
-+			{
-+			if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
-+				return 0;
-+			/* ALPN takes precedence over NPN. */
-+			s->s3->next_proto_neg_seen = 0;
-+			}
-+
- 		/* session ticket processed earlier */
- #ifndef OPENSSL_NO_SRTP
- 		else if (type == TLSEXT_TYPE_use_srtp)
-@@ -1508,6 +1622,12 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
- 	s->s3->next_proto_neg_seen = 0;
- #endif
- 
-+	if (s->s3->alpn_selected)
-+		{
-+		OPENSSL_free(s->s3->alpn_selected);
-+		s->s3->alpn_selected = NULL;
-+		}
-+
- #ifndef OPENSSL_NO_HEARTBEATS
- 	s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
- 	                       SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
-@@ -1677,6 +1797,51 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
- 		else if (type == TLSEXT_TYPE_channel_id)
- 			s->s3->tlsext_channel_id_valid = 1;
- 
-+		else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation)
-+			{
-+			unsigned len;
-+
-+			/* We must have requested it. */
-+			if (s->alpn_client_proto_list == NULL)
-+				{
-+				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
-+				return 0;
-+				}
-+			if (size < 4)
-+				{
-+				*al = TLS1_AD_DECODE_ERROR;
-+				return 0;
-+				}
-+			/* The extension data consists of:
-+			 *   uint16 list_length
-+			 *   uint8 proto_length;
-+			 *   uint8 proto[proto_length]; */
-+			len = data[0];
-+			len <<= 8;
-+			len |= data[1];
-+			if (len != (unsigned) size - 2)
-+				{
-+				*al = TLS1_AD_DECODE_ERROR;
-+				return 0;
-+				}
-+			len = data[2];
-+			if (len != (unsigned) size - 3)
-+				{
-+				*al = TLS1_AD_DECODE_ERROR;
-+				return 0;
-+				}
-+			if (s->s3->alpn_selected)
-+				OPENSSL_free(s->s3->alpn_selected);
-+			s->s3->alpn_selected = OPENSSL_malloc(len);
-+			if (!s->s3->alpn_selected)
-+				{
-+				*al = TLS1_AD_INTERNAL_ERROR;
-+				return 0;
-+				}
-+			memcpy(s->s3->alpn_selected, data + 3, len);
-+			s->s3->alpn_selected_len = len;
-+			}
-+
- 		else if (type == TLSEXT_TYPE_renegotiate)
- 			{
- 			if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
-diff --git a/ssl/tls1.h b/ssl/tls1.h
-index 8fc1ff4..c6670f4 100644
---- a/ssl/tls1.h
-+++ b/ssl/tls1.h
-@@ -230,6 +230,9 @@ extern "C" {
- /* ExtensionType value from RFC5620 */
- #define TLSEXT_TYPE_heartbeat	15
- 
-+/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
-+#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
-+
- /* ExtensionType value from RFC4507 */
- #define TLSEXT_TYPE_session_ticket		35
- 
--- 
-1.8.2.1
-
diff --git a/patches/0009-cbc_record_splitting.patch b/patches/0009-cbc_record_splitting.patch
deleted file mode 100644
index 5430402820..0000000000
--- a/patches/0009-cbc_record_splitting.patch
+++ /dev/null
@@ -1,541 +0,0 @@
-From e6102d2ac84a55e4a50d9edfc36ec894c6174fb7 Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Thu, 31 Oct 2013 13:22:54 -0400
-
-This patch removes support for empty records (which is almost
-universally disabled via SSL_OP_ALL) and adds optional support for 1/n-1
-record splitting.
-
-The latter is not enabled by default, since it's not typically used on
-servers, but it should be enabled in web browsers since there are known
-attacks in that case (see BEAST).
-
-(Of course, this is a poor workaround for using TLS 1.2 and an AEAD
-cipher suite).
----
- apps/s_client.c |  16 +++++---
- ssl/d1_pkt.c    |  50 ++++---------------------
- ssl/s3_enc.c    |  17 ++++-----
- ssl/s3_pkt.c    | 113 +++++++++++++++++++++++++++++++-------------------------
- ssl/ssl.h       |  20 +++++++---
- ssl/ssl3.h      |   4 +-
- ssl/ssl_locl.h  |   2 -
- ssl/t1_enc.c    |  10 ++---
- 8 files changed, 110 insertions(+), 122 deletions(-)
-
-diff --git a/apps/s_client.c b/apps/s_client.c
-index cb1efcd..0c70580 100644
---- a/apps/s_client.c
-+++ b/apps/s_client.c
-@@ -363,6 +363,7 @@ static void sc_usage(void)
- # endif
- #endif
- 	BIO_printf(bio_err," -cutthrough       - enable 1-RTT full-handshake for strong ciphers\n");
-+	BIO_printf(bio_err," -no_record_splitting  - disable 1/n-1 record splitting in CBC mode\n");
- 	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
- #ifndef OPENSSL_NO_SRTP
- 	BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
-@@ -579,7 +580,7 @@ int MAIN(int argc, char **argv)
- 	EVP_PKEY *key = NULL;
- 	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
- 	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
--	int cutthrough=0;
-+	int cutthrough=0, no_record_splitting=0;
- 	int crlf=0;
- 	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
- 	SSL_CTX *ctx=NULL;
-@@ -594,6 +595,7 @@ int MAIN(int argc, char **argv)
- 	char *inrand=NULL;
- 	int mbuf_len=0;
- 	struct timeval timeout, *timeoutp;
-+	int ssl_mode;
- #ifndef OPENSSL_NO_ENGINE
- 	char *engine_id=NULL;
- 	char *ssl_client_engine_id=NULL;
-@@ -894,6 +896,8 @@ int MAIN(int argc, char **argv)
- #endif
- 		else if (strcmp(*argv,"-cutthrough") == 0)
- 			cutthrough=1;
-+		else if (strcmp(*argv,"-no_record_splitting") == 0)
-+			no_record_splitting=1;
- 		else if (strcmp(*argv,"-serverpref") == 0)
- 			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
- 		else if (strcmp(*argv,"-legacy_renegotiation") == 0)
-@@ -1183,14 +1187,16 @@ bad:
- 		}
- #endif
- 
--	/* Enable handshake cutthrough for client connections using
--	 * strong ciphers. */
-+	ssl_mode = SSL_CTX_get_mode(ctx);
-+	if (!no_record_splitting)
-+		ssl_mode |= SSL_MODE_CBC_RECORD_SPLITTING;
- 	if (cutthrough)
- 		{
--		int ssl_mode = SSL_CTX_get_mode(ctx);
-+		/* Enable handshake cutthrough for client connections using
-+		 * strong ciphers. */
- 		ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH;
--		SSL_CTX_set_mode(ctx, ssl_mode);
- 		}
-+	SSL_CTX_set_mode(ctx, ssl_mode);
- 
- 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
- 	if (cipher != NULL)
-diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
-index 438c091..363fc8c 100644
---- a/ssl/d1_pkt.c
-+++ b/ssl/d1_pkt.c
-@@ -179,6 +179,8 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
- static int dtls1_buffer_record(SSL *s, record_pqueue *q,
- 	unsigned char *priority);
- static int dtls1_process_record(SSL *s);
-+static int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-+			  unsigned int len);
- 
- /* copy buffered record into SSL structure */
- static int
-@@ -1464,11 +1466,12 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
- 
- 	OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
- 	s->rwstate=SSL_NOTHING;
--	i=do_dtls1_write(s, type, buf, len, 0);
-+	i=do_dtls1_write(s, type, buf, len);
- 	return i;
- 	}
- 
--int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
-+static int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-+			  unsigned int len)
- 	{
- 	unsigned char *p,*pseq;
- 	int i,mac_size,clear=0;
-@@ -1495,7 +1498,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
- 		/* if it went, fall through and send more stuff */
- 		}
- 
--	if (len == 0 && !create_empty_fragment)
-+	if (len == 0)
- 		return 0;
- 
- 	wr= &(s->s3->wrec);
-@@ -1516,37 +1519,6 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
- 			goto err;
- 		}
- 
--	/* DTLS implements explicit IV, so no need for empty fragments */
--#if 0
--	/* 'create_empty_fragment' is true only when this function calls itself */
--	if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
--	    && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
--		{
--		/* countermeasure against known-IV weakness in CBC ciphersuites
--		 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 
--		 */
--
--		if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
--			{
--			/* recursive function call with 'create_empty_fragment' set;
--			 * this prepares and buffers the data for an empty fragment
--			 * (these 'prefix_len' bytes are sent out later
--			 * together with the actual payload) */
--			prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
--			if (prefix_len <= 0)
--				goto err;
--
--			if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
--				{
--				/* insufficient space */
--				SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
--				goto err;
--				}
--			}
--		
--		s->s3->empty_fragment_done = 1;
--		}
--#endif
- 	p = wb->buf + prefix_len;
- 
- 	/* write the header */
-@@ -1652,14 +1624,6 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
- 
- 	ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
- 
--	if (create_empty_fragment)
--		{
--		/* we are in a recursive call;
--		 * just return the length, don't write out anything here
--		 */
--		return wr->length;
--		}
--
- 	/* now let's set up wb */
- 	wb->left = prefix_len + wr->length;
- 	wb->offset = 0;
-@@ -1756,7 +1720,7 @@ int dtls1_dispatch_alert(SSL *s)
- 		}
- #endif
- 
--	i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
-+	i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
- 	if (i <= 0)
- 		{
- 		s->s3->alert_dispatch=1;
-diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
-index 191b86b..6358e1b 100644
---- a/ssl/s3_enc.c
-+++ b/ssl/s3_enc.c
-@@ -434,27 +434,26 @@ int ssl3_setup_key_block(SSL *s)
- 
- 	ret = ssl3_generate_key_block(s,p,num);
- 
--	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
-+	/* enable vulnerability countermeasure for CBC ciphers with
-+	 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */
-+	if ((s->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0)
- 		{
--		/* enable vulnerability countermeasure for CBC ciphers with
--		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
--		 */
--		s->s3->need_empty_fragments = 1;
-+		s->s3->need_record_splitting = 1;
- 
- 		if (s->session->cipher != NULL)
- 			{
- 			if (s->session->cipher->algorithm_enc == SSL_eNULL)
--				s->s3->need_empty_fragments = 0;
--			
-+				s->s3->need_record_splitting = 0;
-+
- #ifndef OPENSSL_NO_RC4
- 			if (s->session->cipher->algorithm_enc == SSL_RC4)
--				s->s3->need_empty_fragments = 0;
-+				s->s3->need_record_splitting = 0;
- #endif
- 			}
- 		}
- 
- 	return ret;
--		
-+
- err:
- 	SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
- 	return(0);
-diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
-index 706ef1f..957d7c6 100644
---- a/ssl/s3_pkt.c
-+++ b/ssl/s3_pkt.c
-@@ -119,7 +119,7 @@
- #include <openssl/rand.h>
- 
- static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
--			 unsigned int len, int create_empty_fragment);
-+			 unsigned int len, char fragment, char is_fragment);
- static int ssl3_get_record(SSL *s);
- 
- int ssl3_read_n(SSL *s, int n, int max, int extend)
-@@ -636,15 +636,36 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
- 	n=(len-tot);
- 	for (;;)
- 		{
--		if (n > s->max_send_fragment)
--			nw=s->max_send_fragment;
-+		/* max contains the maximum number of bytes that we can put
-+		 * into a record. */
-+		unsigned max = s->max_send_fragment;
-+		/* fragment is true if do_ssl3_write should send the first byte
-+		 * in its own record in order to randomise a CBC IV. */
-+		int fragment = 0;
-+
-+		if (n > 1 &&
-+		    s->s3->need_record_splitting &&
-+		    type == SSL3_RT_APPLICATION_DATA &&
-+		    !s->s3->record_split_done)
-+			{
-+			fragment = 1;
-+			/* record_split_done records that the splitting has
-+			 * been done in case we hit an SSL_WANT_WRITE condition.
-+			 * In that case, we don't need to do the split again. */
-+			s->s3->record_split_done = 1;
-+			}
-+
-+		if (n > max)
-+			nw=max;
- 		else
- 			nw=n;
- 
--		i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
-+		i=do_ssl3_write(s, type, &(buf[tot]), nw, fragment, 0);
- 		if (i <= 0)
- 			{
- 			s->s3->wnum=tot;
-+			/* Try to write the fragment next time. */
-+			s->s3->record_split_done = 0;
- 			return i;
- 			}
- 
-@@ -652,10 +673,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
- 			(type == SSL3_RT_APPLICATION_DATA &&
- 			 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
- 			{
--			/* next chunk of data should get another prepended empty fragment
--			 * in ciphersuites with known-IV weakness: */
--			s->s3->empty_fragment_done = 0;
--			
-+			/* next chunk of data should get another prepended,
-+			 * one-byte fragment in ciphersuites with known-IV
-+			 * weakness. */
-+			s->s3->record_split_done = 0;
- 			return tot+i;
- 			}
- 
-@@ -664,11 +685,16 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
- 		}
- 	}
- 
-+/* do_ssl3_write writes an SSL record of the given type. If |fragment| is 1
-+ * then it splits the record into a one byte record and a record with the rest
-+ * of the data in order to randomise a CBC IV. If |is_fragment| is true then
-+ * this call resulted from do_ssl3_write calling itself in order to create that
-+ * one byte fragment. */
- static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
--			 unsigned int len, int create_empty_fragment)
-+			 unsigned int len, char fragment, char is_fragment)
- 	{
- 	unsigned char *p,*plen;
--	int i,mac_size,clear=0;
-+	int i,mac_size;
- 	int prefix_len=0;
- 	int eivlen;
- 	long align=0;
-@@ -691,11 +717,11 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
- 		/* if it went, fall through and send more stuff */
- 		}
- 
-- 	if (wb->buf == NULL)
-+	if (wb->buf == NULL)
- 		if (!ssl3_setup_write_buffer(s))
- 			return -1;
- 
--	if (len == 0 && !create_empty_fragment)
-+	if (len == 0)
- 		return 0;
- 
- 	wr= &(s->s3->wrec);
-@@ -705,11 +731,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
- 		(s->enc_write_ctx == NULL) ||
- 		(EVP_MD_CTX_md(s->write_hash) == NULL))
- 		{
--#if 1
--		clear=s->enc_write_ctx?0:1;	/* must be AEAD cipher */
--#else
--		clear=1;
--#endif
- 		mac_size=0;
- 		}
- 	else
-@@ -719,42 +740,33 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
- 			goto err;
- 		}
- 
--	/* 'create_empty_fragment' is true only when this function calls itself */
--	if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
-+	if (fragment)
- 		{
- 		/* countermeasure against known-IV weakness in CBC ciphersuites
- 		 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
-+		prefix_len = do_ssl3_write(s, type, buf, 1 /* length */,
-+					   0 /* fragment */,
-+					   1 /* is_fragment */);
-+		if (prefix_len <= 0)
-+			goto err;
- 
--		if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
-+		if (prefix_len > (SSL3_RT_HEADER_LENGTH +
-+				  SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD))
- 			{
--			/* recursive function call with 'create_empty_fragment' set;
--			 * this prepares and buffers the data for an empty fragment
--			 * (these 'prefix_len' bytes are sent out later
--			 * together with the actual payload) */
--			prefix_len = do_ssl3_write(s, type, buf, 0, 1);
--			if (prefix_len <= 0)
--				goto err;
--
--			if (prefix_len >
--		(SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD))
--				{
--				/* insufficient space */
--				SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
--				goto err;
--				}
-+			/* insufficient space */
-+			SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
-+			goto err;
- 			}
--		
--		s->s3->empty_fragment_done = 1;
- 		}
- 
--	if (create_empty_fragment)
-+	if (is_fragment)
- 		{
- #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
--		/* extra fragment would be couple of cipher blocks,
--		 * which would be multiple of SSL3_ALIGN_PAYLOAD, so
--		 * if we want to align the real payload, then we can
--		 * just pretent we simply have two headers. */
--		align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH;
-+		/* The extra fragment would be couple of cipher blocks, and
-+		 * that will be a multiple of SSL3_ALIGN_PAYLOAD. So, if we
-+		 * want to align the real payload, we can just pretend that we
-+		 * have two headers and a byte. */
-+		align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH + 1;
- 		align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
- #endif
- 		p = wb->buf + align;
-@@ -791,7 +803,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
- 		*(p++)=s->version&0xff;
- 
- 	/* field where we are to write out packet length */
--	plen=p; 
-+	plen=p;
- 	p+=2;
- 	/* Explicit IV length, block ciphers and TLS version 1.1 or later */
- 	if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
-@@ -819,8 +831,8 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
- 
- 	/* lets setup the record stuff. */
- 	wr->data=p + eivlen;
--	wr->length=(int)len;
--	wr->input=(unsigned char *)buf;
-+	wr->length=(int)(len - (fragment != 0));
-+	wr->input=(unsigned char *)buf + (fragment != 0);
- 
- 	/* we now 'read' from wr->input, wr->length bytes into
- 	 * wr->data */
-@@ -873,11 +885,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
- 	wr->type=type; /* not needed but helps for debugging */
- 	wr->length+=SSL3_RT_HEADER_LENGTH;
- 
--	if (create_empty_fragment)
-+	if (is_fragment)
- 		{
--		/* we are in a recursive call;
--		 * just return the length, don't write out anything here
--		 */
-+		/* we are in a recursive call; just return the length, don't
-+		 * write out anything. */
- 		return wr->length;
- 		}
- 
-@@ -1548,7 +1559,7 @@ int ssl3_dispatch_alert(SSL *s)
- 	void (*cb)(const SSL *ssl,int type,int val)=NULL;
- 
- 	s->s3->alert_dispatch=0;
--	i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
-+	i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0, 0);
- 	if (i <= 0)
- 		{
- 		s->s3->alert_dispatch=1;
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index ef85428..ce65664 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -578,11 +578,15 @@ struct ssl_session_st
- /* Refers to ancient SSLREF and SSLv2, retained for compatibility */
- #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x0
- 
--/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
-- * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
-- * the workaround is not needed.  Unfortunately some broken SSL/TLS
-- * implementations cannot handle it at all, which is why we include
-- * it in SSL_OP_ALL. */
-+/* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is vestigial. Previously it disabled the
-+ * insertion of empty records in CBC mode, but the empty records were commonly
-+ * misinterpreted as EOF by other TLS stacks and so this was disabled by
-+ * SSL_OP_ALL.
-+ *
-+ * This has been replaced by 1/n-1 record splitting, which is enabled by
-+ * SSL_MODE_CBC_RECORD_SPLITTING in SSL_set_mode. This involves sending a
-+ * one-byte record rather than an empty record and has much better
-+ * compatibility. */
- #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
- 
- /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
-@@ -675,6 +679,12 @@ struct ssl_session_st
-  * one RTT. */
- #define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000080L
- 
-+/* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two:
-+ * the first record will contain a single byte and the second will contain the
-+ * rest of the bytes. This effectively randomises the IV and prevents BEAST
-+ * attacks. */
-+#define SSL_MODE_CBC_RECORD_SPLITTING 0x00000100L
-+
- /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
-  * they cannot be used to clear bits. */
- 
-diff --git a/ssl/ssl3.h b/ssl/ssl3.h
-index 16c389d..8e3e449 100644
---- a/ssl/ssl3.h
-+++ b/ssl/ssl3.h
-@@ -419,8 +419,8 @@ typedef struct ssl3_state_st
- 	unsigned char client_random[SSL3_RANDOM_SIZE];
- 
- 	/* flags for countermeasure against known-IV weakness */
--	int need_empty_fragments;
--	int empty_fragment_done;
-+	int need_record_splitting;
-+	int record_split_done;
- 
- 	/* The value of 'extra' when the buffers were initialized */
- 	int init_extra;
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index 10baaee..6d4bc14 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -1093,8 +1093,6 @@ int dtls1_shutdown(SSL *s);
- 
- long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
- int dtls1_get_record(SSL *s);
--int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
--	unsigned int len, int create_empty_fragement);
- int dtls1_dispatch_alert(SSL *s);
- int dtls1_enc(SSL *s, int snd);
- 
-diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index 9963a80..4ca1549 100644
---- a/ssl/t1_enc.c
-+++ b/ssl/t1_enc.c
-@@ -774,22 +774,22 @@ printf("\nkey block\n");
- { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
- #endif
- 
--	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
--		&& s->method->version <= TLS1_VERSION)
-+	if (s->method->version <= TLS1_VERSION &&
-+	    (s->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0)
- 		{
- 		/* enable vulnerability countermeasure for CBC ciphers with
- 		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
- 		 */
--		s->s3->need_empty_fragments = 1;
-+		s->s3->need_record_splitting = 1;
- 
- 		if (s->session->cipher != NULL)
- 			{
- 			if (s->session->cipher->algorithm_enc == SSL_eNULL)
--				s->s3->need_empty_fragments = 0;
-+				s->s3->need_record_splitting = 0;
- 			
- #ifndef OPENSSL_NO_RC4
- 			if (s->session->cipher->algorithm_enc == SSL_RC4)
--				s->s3->need_empty_fragments = 0;
-+				s->s3->need_record_splitting = 0;
- #endif
- 			}
- 		}
--- 
-2.0.0.526.g5318336
-
diff --git a/patches/0010-dsa_nonce.patch b/patches/0010-dsa_nonce.patch
deleted file mode 100644
index 368881c537..0000000000
--- a/patches/0010-dsa_nonce.patch
+++ /dev/null
@@ -1,502 +0,0 @@
-From 9be2984bfbff9a83e7b38f47ac87c677e9a9a0b8 Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Thu, 24 Jan 2013 16:27:28 -0500
-Subject: dsa_nonce
-
-Adds the option to calculate (EC)DSA nonces by hashing the message and
-private key along with entropy.
----
- crypto/bn/bn.h          |  6 +++++
- crypto/bn/bn_err.c      |  2 ++
- crypto/bn/bn_rand.c     | 70 +++++++++++++++++++++++++++++++++++++++++++++++++
- crypto/dsa/dsa.h        | 10 +++++--
- crypto/dsa/dsa_err.c    |  1 +
- crypto/dsa/dsa_ossl.c   | 28 ++++++++++++++++----
- crypto/dsa/dsa_sign.c   |  9 ++++++-
- crypto/ec/ec.h          | 11 ++++++++
- crypto/ec/ec_key.c      | 12 +++++++++
- crypto/ec/ec_lcl.h      |  1 +
- crypto/ecdsa/ecdsa.h    |  1 +
- crypto/ecdsa/ecs_err.c  |  1 +
- crypto/ecdsa/ecs_locl.h |  5 ++--
- crypto/ecdsa/ecs_ossl.c | 38 ++++++++++++++++++++-------
- crypto/ecdsa/ecs_sign.c | 10 ++++++-
- 15 files changed, 185 insertions(+), 20 deletions(-)
-
-diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
-index f34248e..9281ce5 100644
---- a/crypto/bn/bn.h
-+++ b/crypto/bn/bn.h
-@@ -692,6 +692,10 @@ const BIGNUM *BN_get0_nist_prime_256(void);
- const BIGNUM *BN_get0_nist_prime_384(void);
- const BIGNUM *BN_get0_nist_prime_521(void);
- 
-+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM *priv,
-+			  const unsigned char *message, size_t message_len,
-+			  BN_CTX *ctx);
-+
- /* library internal functions */
- 
- #define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
-@@ -842,6 +846,7 @@ void ERR_load_BN_strings(void);
- #define BN_F_BN_EXP					 123
- #define BN_F_BN_EXPAND2					 108
- #define BN_F_BN_EXPAND_INTERNAL				 120
-+#define BN_F_BN_GENERATE_DSA_NONCE			 140
- #define BN_F_BN_GF2M_MOD				 131
- #define BN_F_BN_GF2M_MOD_EXP				 132
- #define BN_F_BN_GF2M_MOD_MUL				 133
-@@ -881,6 +886,7 @@ void ERR_load_BN_strings(void);
- #define BN_R_NOT_INITIALIZED				 107
- #define BN_R_NO_INVERSE					 108
- #define BN_R_NO_SOLUTION				 116
-+#define BN_R_PRIVATE_KEY_TOO_LARGE			 117
- #define BN_R_P_IS_NOT_PRIME				 112
- #define BN_R_TOO_MANY_ITERATIONS			 113
- #define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109
-diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
-index cfe2eb9..f722b52 100644
---- a/crypto/bn/bn_err.c
-+++ b/crypto/bn/bn_err.c
-@@ -87,6 +87,7 @@ static ERR_STRING_DATA BN_str_functs[]=
- {ERR_FUNC(BN_F_BN_EXP),	"BN_exp"},
- {ERR_FUNC(BN_F_BN_EXPAND2),	"bn_expand2"},
- {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL),	"BN_EXPAND_INTERNAL"},
-+{ERR_FUNC(BN_F_BN_GENERATE_DSA_NONCE),	"BN_generate_dsa_nonce"},
- {ERR_FUNC(BN_F_BN_GF2M_MOD),	"BN_GF2m_mod"},
- {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP),	"BN_GF2m_mod_exp"},
- {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL),	"BN_GF2m_mod_mul"},
-@@ -129,6 +130,7 @@ static ERR_STRING_DATA BN_str_reasons[]=
- {ERR_REASON(BN_R_NOT_INITIALIZED)        ,"not initialized"},
- {ERR_REASON(BN_R_NO_INVERSE)             ,"no inverse"},
- {ERR_REASON(BN_R_NO_SOLUTION)            ,"no solution"},
-+{ERR_REASON(BN_R_PRIVATE_KEY_TOO_LARGE)  ,"private key too large"},
- {ERR_REASON(BN_R_P_IS_NOT_PRIME)         ,"p is not prime"},
- {ERR_REASON(BN_R_TOO_MANY_ITERATIONS)    ,"too many iterations"},
- {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
-diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
-index b376c28..55676f0 100644
---- a/crypto/bn/bn_rand.c
-+++ b/crypto/bn/bn_rand.c
-@@ -114,6 +114,7 @@
- #include "cryptlib.h"
- #include "bn_lcl.h"
- #include <openssl/rand.h>
-+#include <openssl/sha.h>
- 
- static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
- 	{
-@@ -303,3 +304,72 @@ int	BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
- 	{
- 	return bn_rand_range(1, r, range);
- 	}
-+
-+#ifndef OPENSSL_NO_SHA512
-+/* BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
-+ * BN_rand_range, it also includes the contents of |priv| and |message| in the
-+ * generation so that an RNG failure isn't fatal as long as |priv| remains
-+ * secret. This is intended for use in DSA and ECDSA where an RNG weakness
-+ * leads directly to private key exposure unless this function is used. */
-+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, const BIGNUM* priv,
-+			  const unsigned char *message, size_t message_len,
-+			  BN_CTX *ctx)
-+	{
-+	SHA512_CTX sha;
-+	/* We use 512 bits of random data per iteration to
-+	 * ensure that we have at least |range| bits of randomness. */
-+	unsigned char random_bytes[64];
-+	unsigned char digest[SHA512_DIGEST_LENGTH];
-+	unsigned done, todo;
-+	/* We generate |range|+8 bytes of random output. */
-+	const unsigned num_k_bytes = BN_num_bytes(range) + 8;
-+	unsigned char private_bytes[96];
-+	unsigned char *k_bytes;
-+	int ret = 0;
-+
-+	k_bytes = OPENSSL_malloc(num_k_bytes);
-+	if (!k_bytes)
-+		goto err;
-+
-+	/* We copy |priv| into a local buffer to avoid exposing its length. */
-+	todo = sizeof(priv->d[0])*priv->top;
-+	if (todo > sizeof(private_bytes))
-+		{
-+		/* No reasonable DSA or ECDSA key should have a private key
-+		 * this large and we don't handle this case in order to avoid
-+		 * leaking the length of the private key. */
-+		BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
-+		goto err;
-+		}
-+	memcpy(private_bytes, priv->d, todo);
-+	memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
-+
-+	for (done = 0; done < num_k_bytes;) {
-+		if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1)
-+			goto err;
-+		SHA512_Init(&sha);
-+		SHA512_Update(&sha, &done, sizeof(done));
-+		SHA512_Update(&sha, private_bytes, sizeof(private_bytes));
-+		SHA512_Update(&sha, message, message_len);
-+		SHA512_Update(&sha, random_bytes, sizeof(random_bytes));
-+		SHA512_Final(digest, &sha);
-+
-+		todo = num_k_bytes - done;
-+		if (todo > SHA512_DIGEST_LENGTH)
-+			todo = SHA512_DIGEST_LENGTH;
-+		memcpy(k_bytes + done, digest, todo);
-+		done += todo;
-+	}
-+
-+	if (!BN_bin2bn(k_bytes, num_k_bytes, out))
-+		goto err;
-+	if (BN_mod(out, out, range, ctx) != 1)
-+		goto err;
-+	ret = 1;
-+
-+err:
-+	if (k_bytes)
-+		OPENSSL_free(k_bytes);
-+	return ret;
-+	}
-+#endif  /* OPENSSL_NO_SHA512 */
-diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
-index b448d2a..71ef572 100644
---- a/crypto/dsa/dsa.h
-+++ b/crypto/dsa/dsa.h
-@@ -96,6 +96,10 @@
-                                               * faster variable sliding window method to
-                                               * be used for all exponents.
-                                               */
-+#define DSA_FLAG_NONCE_FROM_HASH	0x04 /* Causes the DSA nonce to be calculated
-+						from SHA512(private_key + H(message) +
-+						random). This strengthens DSA against a
-+						weak PRNG. */
- 
- 
- /* If this flag is set the DSA method is FIPS compliant and can be used
-@@ -131,8 +135,9 @@ struct dsa_method
- 	{
- 	const char *name;
- 	DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
--	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
--								BIGNUM **rp);
-+	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in,
-+			      BIGNUM **kinvp, BIGNUM **rp,
-+			      const unsigned char *dgst, int dlen);
- 	int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
- 			     DSA_SIG *sig, DSA *dsa);
- 	int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
-@@ -325,6 +330,7 @@ void ERR_load_DSA_strings(void);
- #define DSA_R_MISSING_PARAMETERS			 101
- #define DSA_R_MODULUS_TOO_LARGE				 103
- #define DSA_R_NEED_NEW_SETUP_VALUES			 110
-+#define DSA_R_NONCE_CANNOT_BE_PRECOMPUTED		 112
- #define DSA_R_NON_FIPS_DSA_METHOD			 111
- #define DSA_R_NO_PARAMETERS_SET				 107
- #define DSA_R_PARAMETER_ENCODING_ERROR			 105
-diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
-index 00545b7..e6171cc 100644
---- a/crypto/dsa/dsa_err.c
-+++ b/crypto/dsa/dsa_err.c
-@@ -109,6 +109,7 @@ static ERR_STRING_DATA DSA_str_reasons[]=
- {ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
- {ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
- {ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
-+{ERR_REASON(DSA_R_NONCE_CANNOT_BE_PRECOMPUTED),"nonce cannot be precomputed"},
- {ERR_REASON(DSA_R_NON_FIPS_DSA_METHOD)   ,"non fips dsa method"},
- {ERR_REASON(DSA_R_NO_PARAMETERS_SET)     ,"no parameters set"},
- {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
-diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
-index a865a8c..15f8da2 100644
---- a/crypto/dsa/dsa_ossl.c
-+++ b/crypto/dsa/dsa_ossl.c
-@@ -67,7 +67,9 @@
- #include <openssl/asn1.h>
- 
- static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
--static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
-+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
-+			  BIGNUM **kinvp, BIGNUM **rp,
-+			  const unsigned char *dgst, int dlen);
- static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
- 			 DSA *dsa);
- static int dsa_init(DSA *dsa);
-@@ -167,7 +169,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- redo:
- 	if ((dsa->kinv == NULL) || (dsa->r == NULL))
- 		{
--		if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
-+		if (!dsa->meth->dsa_sign_setup(dsa,ctx,&kinv,&r,dgst,dlen))
-+			goto err;
- 		}
- 	else
- 		{
-@@ -226,7 +229,9 @@ err:
- 	return(ret);
- 	}
- 
--static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
-+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
-+			  BIGNUM **kinvp, BIGNUM **rp,
-+			  const unsigned char *dgst, int dlen)
- 	{
- 	BN_CTX *ctx;
- 	BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
-@@ -252,8 +257,21 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
- 
- 	/* Get random k */
- 	do
--		if (!BN_rand_range(&k, dsa->q)) goto err;
--	while (BN_is_zero(&k));
-+		{
-+#ifndef OPENSSL_NO_SHA512
-+		if (dsa->flags & DSA_FLAG_NONCE_FROM_HASH)
-+			{
-+			/* If DSA_FLAG_NONCE_FROM_HASH is set then we calculate k from
-+			 * SHA512(private_key + H(message) + random). This protects the
-+			 * private key from a weak PRNG. */
-+			if (!BN_generate_dsa_nonce(&k, dsa->q, dsa->priv_key, dgst,
-+						   dlen, ctx))
-+				goto err;
-+			}
-+		else
-+#endif
-+			if (!BN_rand_range(&k, dsa->q)) goto err;
-+		} while (BN_is_zero(&k));
- 	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
- 		{
- 		BN_set_flags(&k, BN_FLG_CONSTTIME);
-diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
-index c3cc364..8ace300 100644
---- a/crypto/dsa/dsa_sign.c
-+++ b/crypto/dsa/dsa_sign.c
-@@ -86,7 +86,14 @@ int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
- 		return 0;
- 		}
- #endif
--	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
-+	if (dsa->flags & DSA_FLAG_NONCE_FROM_HASH)
-+		{
-+		/* You cannot precompute the DSA nonce if it is required to
-+		 * depend on the message. */
-+		DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NONCE_CANNOT_BE_PRECOMPUTED);
-+		return 0;
-+		}
-+	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp, NULL, 0);
- 	}
- 
- DSA_SIG *DSA_SIG_new(void)
-diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
-index dfe8710..d008a0d 100644
---- a/crypto/ec/ec.h
-+++ b/crypto/ec/ec.h
-@@ -819,6 +819,17 @@ void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
- /* wrapper functions for the underlying EC_GROUP object */
- void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
- 
-+/** Sets whether ECDSA operations with the given key will calculate their k
-+ * value from SHA512(private_key + message + random) in order to protect
-+ * against a weak PRNG.
-+ * \param  on  Whether to calculate k from a hash or not
-+ */
-+void EC_KEY_set_nonce_from_hash(EC_KEY *key, int on);
-+
-+/** Returns the value of nonce_from_hash
-+ */
-+int EC_KEY_get_nonce_from_hash(const EC_KEY *key);
-+
- /** Creates a table of pre-computed multiples of the generator to 
-  *  accelerate further EC_KEY operations.
-  *  \param  key  EC_KEY object
-diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
-index 7fa2475..73dd7b9 100644
---- a/crypto/ec/ec_key.c
-+++ b/crypto/ec/ec_key.c
-@@ -85,6 +85,7 @@ EC_KEY *EC_KEY_new(void)
- 	ret->pub_key = NULL;
- 	ret->priv_key= NULL;
- 	ret->enc_flag= 0; 
-+	ret->nonce_from_hash_flag = 0;
- 	ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
- 	ret->references= 1;
- 	ret->method_data = NULL;
-@@ -198,6 +199,7 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
- 
- 	/* copy the rest */
- 	dest->enc_flag  = src->enc_flag;
-+	dest->nonce_from_hash_flag = src->nonce_from_hash_flag;
- 	dest->conv_form = src->conv_form;
- 	dest->version   = src->version;
- 	dest->flags = src->flags;
-@@ -505,6 +507,16 @@ void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)
- 	key->enc_flag = flags;
- 	}
- 
-+int EC_KEY_get_nonce_from_hash(const EC_KEY *key)
-+	{
-+	return key->nonce_from_hash_flag;
-+	}
-+
-+void EC_KEY_set_nonce_from_hash(EC_KEY *key, int on)
-+	{
-+	key->nonce_from_hash_flag = on != 0;
-+	}
-+
- point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key)
- 	{
- 	return key->conv_form;
-diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h
-index da7967d..6f714c7 100644
---- a/crypto/ec/ec_lcl.h
-+++ b/crypto/ec/ec_lcl.h
-@@ -246,6 +246,7 @@ struct ec_key_st {
- 	BIGNUM	 *priv_key;
- 
- 	unsigned int enc_flag;
-+	char nonce_from_hash_flag;
- 	point_conversion_form_t conv_form;
- 
- 	int 	references;
-diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h
-index 7fb5254..dc6a36b 100644
---- a/crypto/ecdsa/ecdsa.h
-+++ b/crypto/ecdsa/ecdsa.h
-@@ -250,6 +250,7 @@ void ERR_load_ECDSA_strings(void);
- #define ECDSA_R_ERR_EC_LIB				 102
- #define ECDSA_R_MISSING_PARAMETERS			 103
- #define ECDSA_R_NEED_NEW_SETUP_VALUES			 106
-+#define ECDSA_R_NONCE_CANNOT_BE_PRECOMPUTED		 108
- #define ECDSA_R_NON_FIPS_METHOD				 107
- #define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED		 104
- #define ECDSA_R_SIGNATURE_MALLOC_FAILED			 105
-diff --git a/crypto/ecdsa/ecs_err.c b/crypto/ecdsa/ecs_err.c
-index 81542e6..7406c6d 100644
---- a/crypto/ecdsa/ecs_err.c
-+++ b/crypto/ecdsa/ecs_err.c
-@@ -85,6 +85,7 @@ static ERR_STRING_DATA ECDSA_str_reasons[]=
- {ERR_REASON(ECDSA_R_ERR_EC_LIB)          ,"err ec lib"},
- {ERR_REASON(ECDSA_R_MISSING_PARAMETERS)  ,"missing parameters"},
- {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES),"need new setup values"},
-+{ERR_REASON(ECDSA_R_NONCE_CANNOT_BE_PRECOMPUTED),"nonce cannot be precomputed"},
- {ERR_REASON(ECDSA_R_NON_FIPS_METHOD)     ,"non fips method"},
- {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"},
- {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"},
-diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
-index cb3be13..46f7ad9 100644
---- a/crypto/ecdsa/ecs_locl.h
-+++ b/crypto/ecdsa/ecs_locl.h
-@@ -70,8 +70,9 @@ struct ecdsa_method
- 	const char *name;
- 	ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, 
- 			const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
--	int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 
--			BIGNUM **r);
-+	int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx,
-+				BIGNUM **kinv, BIGNUM **r,
-+				const unsigned char *dgst, int dlen);
- 	int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, 
- 			const ECDSA_SIG *sig, EC_KEY *eckey);
- #if 0
-diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
-index 7725935..325aca8 100644
---- a/crypto/ecdsa/ecs_ossl.c
-+++ b/crypto/ecdsa/ecs_ossl.c
-@@ -60,11 +60,13 @@
- #include <openssl/err.h>
- #include <openssl/obj_mac.h>
- #include <openssl/bn.h>
-+#include <openssl/rand.h>
- 
- static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, 
- 		const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
--static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 
--		BIGNUM **rp);
-+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
-+			    BIGNUM **kinvp, BIGNUM **rp,
-+			    const unsigned char *dgst, int dlen);
- static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, 
- 		const ECDSA_SIG *sig, EC_KEY *eckey);
- 
-@@ -86,8 +88,9 @@ const ECDSA_METHOD *ECDSA_OpenSSL(void)
- 	return &openssl_ecdsa_meth;
- }
- 
--static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
--		BIGNUM **rp)
-+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
-+			    BIGNUM **kinvp, BIGNUM **rp,
-+			    const unsigned char *dgst, int dlen)
- {
- 	BN_CTX   *ctx = NULL;
- 	BIGNUM	 *k = NULL, *r = NULL, *order = NULL, *X = NULL;
-@@ -136,11 +139,28 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
- 	{
- 		/* get random k */	
- 		do
--			if (!BN_rand_range(k, order))
-+#ifndef OPENSSL_NO_SHA512
-+			if (EC_KEY_get_nonce_from_hash(eckey))
- 			{
--				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
--				 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);	
--				goto err;
-+				if (!BN_generate_dsa_nonce(
-+					k, order,
-+					EC_KEY_get0_private_key(eckey),
-+					dgst, dlen, ctx))
-+					{
-+					ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
-+						 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
-+					goto err;
-+					}
-+			}
-+			else
-+#endif
-+			{
-+				if (!BN_rand_range(k, order))
-+				{
-+					ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
-+					 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
-+					goto err;
-+				}
- 			}
- 		while (BN_is_zero(k));
- 
-@@ -282,7 +302,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
- 	{
- 		if (in_kinv == NULL || in_r == NULL)
- 		{
--			if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r))
-+			if (!ecdsa->meth->ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len))
- 			{
- 				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB);
- 				goto err;
-diff --git a/crypto/ecdsa/ecs_sign.c b/crypto/ecdsa/ecs_sign.c
-index 353d5af..ea79a24 100644
---- a/crypto/ecdsa/ecs_sign.c
-+++ b/crypto/ecdsa/ecs_sign.c
-@@ -58,6 +58,7 @@
- #include <openssl/engine.h>
- #endif
- #include <openssl/rand.h>
-+#include <openssl/err.h>
- 
- ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
- {
-@@ -102,5 +103,12 @@ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
- 	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
- 	if (ecdsa == NULL)
- 		return 0;
--	return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); 
-+	if (EC_KEY_get_nonce_from_hash(eckey))
-+		{
-+		/* You cannot precompute the ECDSA nonce if it is required to
-+		 * depend on the message. */
-+		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ECDSA_R_NONCE_CANNOT_BE_PRECOMPUTED);
-+		return 0;
-+		}
-+	return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
- }
--- 
-1.8.5.1
-
diff --git a/patches/0011-ecdhe_psk.patch b/patches/0011-ecdhe_psk.patch
deleted file mode 100644
index a3ab573107..0000000000
--- a/patches/0011-ecdhe_psk.patch
+++ /dev/null
@@ -1,1435 +0,0 @@
-From 1d43b892d27915843e5714d96de269672b5b35db Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Thu, 14 Nov 2013 16:12:01 -0500
-Subject: Implement ECDHE-PSK-WITH-AES.
-
-Add support for TLS-ECDHE-PSK cipher suites:
-* TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256, and
-* TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384.
----
- ssl/s3_clnt.c | 360 ++++++++++++++++++++++----------------
- ssl/s3_enc.c  |   2 +-
- ssl/s3_lib.c  |  38 +++++-
- ssl/s3_srvr.c | 541 ++++++++++++++++++++++++++++++++--------------------------
- ssl/ssl_lib.c |   2 +-
- ssl/tls1.h    |   8 +
- 6 files changed, 555 insertions(+), 396 deletions(-)
-
-diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
-index 8f3740f..3672cce 100644
---- a/ssl/s3_clnt.c
-+++ b/ssl/s3_clnt.c
-@@ -333,9 +333,10 @@ int ssl3_connect(SSL *s)
- 				}
- #endif
- 			/* Check if it is anon DH/ECDH, SRP auth */
--			/* or PSK */
-+			/* or non-RSA PSK */
- 			if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) &&
--			    !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
-+			    !((s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK) &&
-+			      !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA)))
- 				{
- 				ret=ssl3_get_server_certificate(s);
- 				if (ret <= 0) goto end;
-@@ -1368,7 +1369,7 @@ int ssl3_get_key_exchange(SSL *s)
- 		   omitted if no identity hint is sent. Set
- 		   session->sess_cert anyway to avoid problems
- 		   later.*/
--		if (alg_k & SSL_kPSK)
-+		if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)
- 			{
- 			s->session->sess_cert=ssl_sess_cert_new();
- 			if (s->ctx->psk_identity_hint)
-@@ -1416,61 +1417,65 @@ int ssl3_get_key_exchange(SSL *s)
- 	EVP_MD_CTX_init(&md_ctx);
- 
- #ifndef OPENSSL_NO_PSK
--	if (alg_k & SSL_kPSK)
-+	if (alg_a & SSL_aPSK)
- 		{
- 		char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
- 
-		param_len = 2;
-		if (param_len > n)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
- 		n2s(p,i);
-
--		/* Store PSK identity hint for later use, hint is used
--		 * in ssl3_send_client_key_exchange.  Assume that the
--		 * maximum length of a PSK identity hint can be as
--		 * long as the maximum length of a PSK identity. */
--		if (i > PSK_MAX_IDENTITY_LEN)
--			{
--			al=SSL_AD_HANDSHAKE_FAILURE;
--			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
--				SSL_R_DATA_LENGTH_TOO_LONG);
--			goto f_err;
--			}
--		if (i > n - param_len)
-+		s->ctx->psk_identity_hint = NULL;
-+		if (i != 0)
- 			{
--			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
--				SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
--			goto f_err;
-+			/* Store PSK identity hint for later use, hint is used
-+			 * in ssl3_send_client_key_exchange.  Assume that the
-+			 * maximum length of a PSK identity hint can be as
-+			 * long as the maximum length of a PSK identity. */
-+			if (i > PSK_MAX_IDENTITY_LEN)
-+				{
-+				al=SSL_AD_HANDSHAKE_FAILURE;
-+				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-+					SSL_R_DATA_LENGTH_TOO_LONG);
-+				goto f_err;
-+				}
-+			if (i > n - param_len)
-+				{
-+				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-+					SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
-+				goto f_err;
-+				}
-+			param_len += i;
-+
-+			/* If received PSK identity hint contains NULL
-+			 * characters, the hint is truncated from the first
-+			 * NULL. p may not be ending with NULL, so create a
-+			 * NULL-terminated string. */
-+			memcpy(tmp_id_hint, p, i);
-+			memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
-+			if (s->ctx->psk_identity_hint != NULL)
-+				OPENSSL_free(s->ctx->psk_identity_hint);
-+			s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
-+			if (s->ctx->psk_identity_hint == NULL)
-+				{
-+				al=SSL_AD_HANDSHAKE_FAILURE;
-+				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-+				goto f_err;
-+				}
- 			}
--		param_len += i;
--
--		/* If received PSK identity hint contains NULL
--		 * characters, the hint is truncated from the first
--		 * NULL. p may not be ending with NULL, so create a
--		 * NULL-terminated string. */
--		memcpy(tmp_id_hint, p, i);
--		memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
--		if (s->ctx->psk_identity_hint != NULL)
--			OPENSSL_free(s->ctx->psk_identity_hint);
--		s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
--		if (s->ctx->psk_identity_hint == NULL)
--			{
--			al=SSL_AD_HANDSHAKE_FAILURE;
--			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
--			goto f_err;
--			}	   
--
- 		p+=i;
- 		n-=param_len;
- 		}
--	else
- #endif /* !OPENSSL_NO_PSK */
-+
-+	if (0) {}
- #ifndef OPENSSL_NO_SRP
--	if (alg_k & SSL_kSRP)
-+	else if (alg_k & SSL_kSRP)
- 		{
- 		n2s(p,i);
- 		param_len=i+2;
-@@ -1538,10 +1543,9 @@ int ssl3_get_key_exchange(SSL *s)
- 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
- #endif
- 		}
--	else
- #endif /* !OPENSSL_NO_SRP */
- #ifndef OPENSSL_NO_RSA
--	if (alg_k & SSL_kRSA)
-+	else if (alg_k & SSL_kRSA)
- 		{
- 		if ((rsa=RSA_new()) == NULL)
- 			{
-@@ -1590,9 +1594,6 @@ int ssl3_get_key_exchange(SSL *s)
- 		s->session->sess_cert->peer_rsa_tmp=rsa;
- 		rsa=NULL;
- 		}
--#else /* OPENSSL_NO_RSA */
--	if (0)
--		;
- #endif
- #ifndef OPENSSL_NO_DH
- 	else if (alg_k & SSL_kEDH)
-@@ -1773,14 +1774,14 @@ int ssl3_get_key_exchange(SSL *s)
- 		EC_POINT_free(srvr_ecpoint);
- 		srvr_ecpoint = NULL;
- 		}
--	else if (alg_k)
-+#endif /* !OPENSSL_NO_ECDH */
-+
-+	else if (!(alg_k & SSL_kPSK))
- 		{
- 		al=SSL_AD_UNEXPECTED_MESSAGE;
- 		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
- 		goto f_err;
- 		}
--#endif /* !OPENSSL_NO_ECDH */
--
- 
- 	/* p points to the next byte, there are 'n' bytes left */
- 
-@@ -1885,8 +1886,9 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
- 		}
- 	else
- 		{
--		/* aNULL, aSRP or kPSK do not need public keys */
--		if (!(alg_a & (SSL_aNULL|SSL_aSRP)) && !(alg_k & SSL_kPSK))
-+		if (!(alg_a & (SSL_aNULL|SSL_aSRP)) &&
-+			/* Among PSK ciphers only RSA_PSK needs a public key */
-+			!((alg_a & SSL_aPSK) && !(alg_k & SSL_kRSA)))
- 			{
- 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- 			goto err;
-@@ -2286,8 +2288,9 @@ int ssl3_get_server_done(SSL *s)
- int ssl3_send_client_key_exchange(SSL *s)
- 	{
- 	unsigned char *p,*d;
--	int n;
-+	int n = 0;
- 	unsigned long alg_k;
-+	unsigned long alg_a;
- #ifndef OPENSSL_NO_RSA
- 	unsigned char *q;
- 	EVP_PKEY *pkey=NULL;
-@@ -2302,7 +2305,11 @@ int ssl3_send_client_key_exchange(SSL *s)
- 	unsigned char *encodedPoint = NULL;
- 	int encoded_pt_len = 0;
- 	BN_CTX * bn_ctx = NULL;
--#endif
-+#ifndef OPENSSL_NO_PSK
-+	unsigned int psk_len = 0;
-+	unsigned char psk[PSK_MAX_PSK_LEN];
-+#endif /* OPENSSL_NO_PSK */
-+#endif /* OPENSSL_NO_ECDH */
- 
- 	if (s->state == SSL3_ST_CW_KEY_EXCH_A)
- 		{
-@@ -2310,7 +2317,106 @@ int ssl3_send_client_key_exchange(SSL *s)
- 		p= &(d[4]);
- 
- 		alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
-+		alg_a=s->s3->tmp.new_cipher->algorithm_auth;
-+
-+#ifndef OPENSSL_NO_PSK
-+		if (alg_a & SSL_aPSK)
-+			{
-+			/* The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes
-+			 * to return a \0-terminated identity. The last byte
-+			 * is for us for simulating strnlen. */
-+			char identity[PSK_MAX_IDENTITY_LEN + 2];
-+			size_t identity_len;
-+			unsigned char *t = NULL;
-+			unsigned char pre_ms[PSK_MAX_PSK_LEN*2+4];
-+			unsigned int pre_ms_len = 0;
-+			int psk_err = 1;
-+
-+			n = 0;
-+			if (s->psk_client_callback == NULL)
-+				{
-+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-+					SSL_R_PSK_NO_CLIENT_CB);
-+				goto err;
-+				}
- 
-+			psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
-+				identity, sizeof(identity) - 1, psk, sizeof(psk));
-+			if (psk_len > PSK_MAX_PSK_LEN)
-+				{
-+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-+					ERR_R_INTERNAL_ERROR);
-+				goto psk_err;
-+				}
-+			else if (psk_len == 0)
-+				{
-+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-+					SSL_R_PSK_IDENTITY_NOT_FOUND);
-+				goto psk_err;
-+				}
-+			identity[PSK_MAX_IDENTITY_LEN + 1] = '\0';
-+			identity_len = strlen(identity);
-+			if (identity_len > PSK_MAX_IDENTITY_LEN)
-+				{
-+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-+					ERR_R_INTERNAL_ERROR);
-+				goto psk_err;
-+				}
-+			if (!(alg_k & SSL_kEECDH))
-+				{
-+				/* Create the shared secret now if we're not using ECDHE-PSK.*/
-+				pre_ms_len = 2+psk_len+2+psk_len;
-+				t = pre_ms;
-+				s2n(psk_len, t);
-+				memset(t, 0, psk_len);
-+				t+=psk_len;
-+				s2n(psk_len, t);
-+				memcpy(t, psk, psk_len);
-+
-+				s->session->master_key_length =
-+					s->method->ssl3_enc->generate_master_secret(s,
-+						s->session->master_key,
-+						pre_ms, pre_ms_len);
-+				s2n(identity_len, p);
-+				memcpy(p, identity, identity_len);
-+				n = 2 + identity_len;
-+				}
-+
-+			if (s->session->psk_identity_hint != NULL)
-+				OPENSSL_free(s->session->psk_identity_hint);
-+			s->session->psk_identity_hint = NULL;
-+			if (s->ctx->psk_identity_hint)
-+				{
-+				s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
-+				if (s->ctx->psk_identity_hint != NULL &&
-+					s->session->psk_identity_hint == NULL)
-+					{
-+					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-+						ERR_R_MALLOC_FAILURE);
-+					goto psk_err;
-+					}
-+				}
-+
-+			if (s->session->psk_identity != NULL)
-+				OPENSSL_free(s->session->psk_identity);
-+			s->session->psk_identity = BUF_strdup(identity);
-+			if (s->session->psk_identity == NULL)
-+				{
-+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-+					ERR_R_MALLOC_FAILURE);
-+				goto psk_err;
-+				}
-+			psk_err = 0;
-+		psk_err:
-+			OPENSSL_cleanse(identity, sizeof(identity));
-+			OPENSSL_cleanse(pre_ms, sizeof(pre_ms));
-+			if (psk_err != 0)
-+				{
-+				ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-+				goto err;
-+				}
-+			}
-+#endif
- 		/* Fool emacs indentation */
- 		if (0) {}
- #ifndef OPENSSL_NO_RSA
-@@ -2571,14 +2667,19 @@ int ssl3_send_client_key_exchange(SSL *s)
- 			/* perhaps clean things up a bit EAY EAY EAY EAY*/
- 			}
- #endif
--
--#ifndef OPENSSL_NO_ECDH 
-+#ifndef OPENSSL_NO_ECDH
- 		else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
- 			{
- 			const EC_GROUP *srvr_group = NULL;
- 			EC_KEY *tkey;
- 			int ecdh_clnt_cert = 0;
- 			int field_size = 0;
-+#ifndef OPENSSL_NO_PSK
-+			unsigned char *pre_ms;
-+			unsigned char *t;
-+			unsigned int pre_ms_len;
-+			unsigned int i;
-+#endif
- 
- 			if (s->session->sess_cert == NULL) 
- 				{
-@@ -2706,15 +2807,41 @@ int ssl3_send_client_key_exchange(SSL *s)
- 				goto err;
- 				}
- 
--			/* generate master key from the result */
--			s->session->master_key_length = s->method->ssl3_enc \
--			    -> generate_master_secret(s, 
--				s->session->master_key,
--				p, n);
--
-+#ifndef OPENSSL_NO_PSK
-+			/* ECDHE PSK ciphersuites from RFC 5489 */
-+			if ((alg_a & SSL_aPSK) && psk_len != 0)
-+				{
-+				pre_ms_len = 2+n+2+psk_len;
-+				pre_ms = OPENSSL_malloc(pre_ms_len);
-+				if (pre_ms == NULL)
-+					{
-+					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-+			    		ERR_R_MALLOC_FAILURE);
-+					goto err;
-+					}
-+				memset(pre_ms, 0, pre_ms_len);
-+				t = pre_ms;
-+				s2n(n, t);
-+				memcpy(t, p, n);
-+				t += n;
-+				s2n(psk_len, t);
-+				memcpy(t, psk, psk_len);
-+				s->session->master_key_length = s->method->ssl3_enc \
-+					-> generate_master_secret(s,
-+						s->session->master_key, pre_ms, pre_ms_len);
-+				OPENSSL_cleanse(pre_ms, pre_ms_len);
-+				OPENSSL_free(pre_ms);
-+				}
-+#endif /* OPENSSL_NO_PSK */
-+			if (!(alg_a & SSL_aPSK))
-+				{
-+				/* generate master key from the result */
-+				s->session->master_key_length = s->method->ssl3_enc \
-+					-> generate_master_secret(s,
-+						s->session->master_key, p, n);
-+				}
- 			memset(p, 0, n); /* clean up */
--
--			if (ecdh_clnt_cert) 
-+			if (ecdh_clnt_cert)
- 				{
- 				/* Send empty client key exch message */
- 				n = 0;
-@@ -2742,29 +2869,42 @@ int ssl3_send_client_key_exchange(SSL *s)
- 					}
- 
- 				/* Encode the public key */
--				n = EC_POINT_point2oct(srvr_group, 
--				    EC_KEY_get0_public_key(clnt_ecdh), 
--				    POINT_CONVERSION_UNCOMPRESSED, 
-+				encoded_pt_len = EC_POINT_point2oct(srvr_group,
-+				    EC_KEY_get0_public_key(clnt_ecdh),
-+				    POINT_CONVERSION_UNCOMPRESSED,
- 				    encodedPoint, encoded_pt_len, bn_ctx);
-+				
-+				n = 0;
-+#ifndef OPENSSL_NO_PSK
-+				if ((alg_a & SSL_aPSK) && psk_len != 0)
-+					{
-+					i = strlen(s->session->psk_identity);
-+					s2n(i, p);
-+					memcpy(p, s->session->psk_identity, i);
-+					p += i;
-+					n = i + 2;
-+					}
-+#endif
- 
--				*p = n; /* length of encoded point */
-+				*p = encoded_pt_len; /* length of encoded point */
- 				/* Encoded point will be copied here */
--				p += 1; 
-+				p += 1;
-+				n += 1;
- 				/* copy the point */
--				memcpy((unsigned char *)p, encodedPoint, n);
-+				memcpy((unsigned char *)p, encodedPoint, encoded_pt_len);
- 				/* increment n to account for length field */
--				n += 1; 
-+				n += encoded_pt_len;
- 				}
- 
- 			/* Free allocated memory */
- 			BN_CTX_free(bn_ctx);
- 			if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
--			if (clnt_ecdh != NULL) 
-+			if (clnt_ecdh != NULL)
- 				 EC_KEY_free(clnt_ecdh);
- 			EVP_PKEY_free(srvr_pub_pkey);
- 			}
- #endif /* !OPENSSL_NO_ECDH */
--		else if (alg_k & SSL_kGOST) 
-+		else if (alg_k & SSL_kGOST)
- 			{
- 			/* GOST key exchange message creation */
- 			EVP_PKEY_CTX *pkey_ctx;
-@@ -2887,100 +3027,7 @@ int ssl3_send_client_key_exchange(SSL *s)
- 				}
- 			}
- #endif
--#ifndef OPENSSL_NO_PSK
--		else if (alg_k & SSL_kPSK)
--			{
--			/* The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes
--			 * to return a \0-terminated identity. The last byte
--			 * is for us for simulating strnlen. */
--			char identity[PSK_MAX_IDENTITY_LEN + 2];
--			size_t identity_len;
--			unsigned char *t = NULL;
--			unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
--			unsigned int pre_ms_len = 0, psk_len = 0;
--			int psk_err = 1;
--
--			n = 0;
--			if (s->psk_client_callback == NULL)
--				{
--				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
--					SSL_R_PSK_NO_CLIENT_CB);
--				goto err;
--				}
--
--			memset(identity, 0, sizeof(identity));
--			psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
--				identity, sizeof(identity) - 1,
--				psk_or_pre_ms, sizeof(psk_or_pre_ms));
--			if (psk_len > PSK_MAX_PSK_LEN)
--				{
--				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
--					ERR_R_INTERNAL_ERROR);
--				goto psk_err;
--				}
--			else if (psk_len == 0)
--				{
--				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
--					SSL_R_PSK_IDENTITY_NOT_FOUND);
--				goto psk_err;
--				}
--			identity[PSK_MAX_IDENTITY_LEN + 1] = '\0';
--			identity_len = strlen(identity);
--			if (identity_len > PSK_MAX_IDENTITY_LEN)
--				{
--				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
--					ERR_R_INTERNAL_ERROR);
--				goto psk_err;
--				}
--			/* create PSK pre_master_secret */
--			pre_ms_len = 2+psk_len+2+psk_len;
--			t = psk_or_pre_ms;
--			memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
--			s2n(psk_len, t);
--			memset(t, 0, psk_len);
--			t+=psk_len;
--			s2n(psk_len, t);
--
--			if (s->session->psk_identity_hint != NULL)
--				OPENSSL_free(s->session->psk_identity_hint);
--			s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
--			if (s->ctx->psk_identity_hint != NULL &&
--				s->session->psk_identity_hint == NULL)
--				{
--				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
--					ERR_R_MALLOC_FAILURE);
--				goto psk_err;
--				}
--
--			if (s->session->psk_identity != NULL)
--				OPENSSL_free(s->session->psk_identity);
--			s->session->psk_identity = BUF_strdup(identity);
--			if (s->session->psk_identity == NULL)
--				{
--				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
--					ERR_R_MALLOC_FAILURE);
--				goto psk_err;
--				}
--
--			s->session->master_key_length =
--				s->method->ssl3_enc->generate_master_secret(s,
--					s->session->master_key,
--					psk_or_pre_ms, pre_ms_len);
--			s2n(identity_len, p);
--			memcpy(p, identity, identity_len);
--			n = 2 + identity_len;
--			psk_err = 0;
--		psk_err:
--			OPENSSL_cleanse(identity, sizeof(identity));
--			OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
--			if (psk_err != 0)
--				{
--				ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
--				goto err;
--				}
--			}
--#endif
--		else
-+		else if (!(alg_k & SSL_kPSK) || ((alg_k & SSL_kPSK) && !(alg_a & SSL_aPSK)))
- 			{
- 			ssl3_send_alert(s, SSL3_AL_FATAL,
- 			    SSL_AD_HANDSHAKE_FAILURE);
-diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
-index 6358e1b..0dac7e7 100644
---- a/ssl/s3_enc.c
-+++ b/ssl/s3_enc.c
-@@ -734,7 +734,7 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
- 		}
- 
- 	t=EVP_MD_CTX_size(hash);
--	if (t < 0)
-+	if (t < 0 || t > 20)
- 		return -1;
- 	md_size=t;
- 	npad=(48/md_size)*md_size;
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index 1d87ac5..77244d3 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -2827,6 +2827,42 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- 	256,
- 	},
- 
-+#ifndef OPENSSL_NO_PSK
-+    /* ECDH PSK ciphersuites from RFC 5489 */
-+
-+	/* Cipher C037 */
-+	{
-+	1,
-+	TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
-+	TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
-+	SSL_kEECDH,
-+	SSL_aPSK,
-+	SSL_AES128,
-+	SSL_SHA256,
-+	SSL_TLSV1,
-+	SSL_NOT_EXP|SSL_HIGH,
-+	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA256,
-+	128,
-+	128,
-+	},
-+
-+	/* Cipher C038 */
-+	{
-+	1,
-+	TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
-+	TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
-+	SSL_kEECDH,
-+	SSL_aPSK,
-+	SSL_AES256,
-+	SSL_SHA384,
-+	SSL_TLSV1,
-+	SSL_NOT_EXP|SSL_HIGH,
-+	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA384,
-+	256,
-+	256,
-+	},
-+#endif /* OPENSSL_NO_PSK */
-+
- #endif /* OPENSSL_NO_ECDH */
- 
- 
-@@ -3979,7 +3999,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
- #endif /* OPENSSL_NO_KRB5 */
- #ifndef OPENSSL_NO_PSK
- 		/* with PSK there must be server callback set */
--		if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
-+		if ((alg_a & SSL_aPSK) && s->psk_server_callback == NULL)
- 			continue;
- #endif /* OPENSSL_NO_PSK */
- 
-diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
-index 9335eda..fe70124 100644
---- a/ssl/s3_srvr.c
-+++ b/ssl/s3_srvr.c
-@@ -217,6 +217,7 @@ int ssl3_accept(SSL *s)
- 	{
- 	BUF_MEM *buf;
- 	unsigned long alg_k,Time=(unsigned long)time(NULL);
-+	unsigned long alg_a;
- 	void (*cb)(const SSL *ssl,int type,int val)=NULL;
- 	int ret= -1;
- 	int new_state,state,skip=0;
-@@ -418,8 +419,10 @@ int ssl3_accept(SSL *s)
- 		case SSL3_ST_SW_CERT_A:
- 		case SSL3_ST_SW_CERT_B:
- 			/* Check if it is anon DH or anon ECDH, */
--			/* normal PSK or KRB5 or SRP */
-+			/* non-RSA PSK or KRB5 or SRP */
- 			if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aKRB5|SSL_aSRP))
--				&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
-+				/* Among PSK ciphersuites only RSA_PSK uses server certificate */
-+				&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK &&
-+					 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA)))
- 				{
- 				ret=ssl3_send_server_certificate(s);
-@@ -449,6 +452,7 @@ int ssl3_accept(SSL *s)
- 		case SSL3_ST_SW_KEY_EXCH_A:
- 		case SSL3_ST_SW_KEY_EXCH_B:
- 			alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-+			alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- 
- 			/* clear this, it may get reset by
- 			 * send_server_key_exchange */
-@@ -478,10 +482,12 @@ int ssl3_accept(SSL *s)
- 			 * public key for key exchange.
- 			 */
- 			if (0
--			/* PSK: send ServerKeyExchange if PSK identity
--			 * hint if provided */
-+			/* PSK: send ServerKeyExchange if either:
-+			 *   - PSK identity hint is provided, or
-+			 *   - the key exchange is kEECDH.
-+			 */
- #ifndef OPENSSL_NO_PSK
--			    || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
-+			    || ((alg_a & SSL_aPSK) && ((alg_k & SSL_kEECDH) || s->ctx->psk_identity_hint))
- #endif
- #ifndef OPENSSL_NO_SRP
- 			    /* SRP: send ServerKeyExchange */
-@@ -1658,7 +1664,8 @@ int ssl3_send_server_key_exchange(SSL *s)
- 	const EVP_MD *md = NULL;
- 	unsigned char *p,*d;
- 	int al,i;
--	unsigned long type;
-+	unsigned long alg_k;
-+	unsigned long alg_a;
- 	int n;
- 	CERT *cert;
- 	BIGNUM *r[4];
-@@ -1669,15 +1676,25 @@ int ssl3_send_server_key_exchange(SSL *s)
- 	EVP_MD_CTX_init(&md_ctx);
- 	if (s->state == SSL3_ST_SW_KEY_EXCH_A)
- 		{
--		type=s->s3->tmp.new_cipher->algorithm_mkey;
-+		alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
-+		alg_a=s->s3->tmp.new_cipher->algorithm_auth;
- 		cert=s->cert;
- 
- 		buf=s->init_buf;
- 
- 		r[0]=r[1]=r[2]=r[3]=NULL;
- 		n=0;
-+#ifndef OPENSSL_NO_PSK
-+		if (alg_a & SSL_aPSK)
-+			{
-+			/* size for PSK identity hint */
-+			n+=2;
-+			if (s->ctx->psk_identity_hint)
-+				n+=strlen(s->ctx->psk_identity_hint);
-+			}
-+#endif /* !OPENSSL_NO_PSK */
- #ifndef OPENSSL_NO_RSA
--		if (type & SSL_kRSA)
-+		if (alg_k & SSL_kRSA)
- 			{
- 			rsa=cert->rsa_tmp;
- 			if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
-@@ -1704,10 +1721,9 @@ int ssl3_send_server_key_exchange(SSL *s)
- 			r[1]=rsa->e;
- 			s->s3->tmp.use_rsa_tmp=1;
- 			}
--		else
- #endif
- #ifndef OPENSSL_NO_DH
--			if (type & SSL_kEDH)
-+		else if (alg_k & SSL_kEDH)
- 			{
- 			dhp=cert->dh_tmp;
- 			if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
-@@ -1760,10 +1776,9 @@ int ssl3_send_server_key_exchange(SSL *s)
- 			r[1]=dh->g;
- 			r[2]=dh->pub_key;
- 			}
--		else 
- #endif
- #ifndef OPENSSL_NO_ECDH
--			if (type & SSL_kEECDH)
-+		else if (alg_k & SSL_kEECDH)
- 			{
- 			const EC_GROUP *group;
- 
-@@ -1876,7 +1891,7 @@ int ssl3_send_server_key_exchange(SSL *s)
- 			 * to encode the entire ServerECDHParams
- 			 * structure. 
- 			 */
--			n = 4 + encodedlen;
-+			n += 4 + encodedlen;
- 
- 			/* We'll generate the serverKeyExchange message
- 			 * explicitly so we can set these to NULLs
-@@ -1886,18 +1901,9 @@ int ssl3_send_server_key_exchange(SSL *s)
- 			r[2]=NULL;
- 			r[3]=NULL;
- 			}
--		else 
- #endif /* !OPENSSL_NO_ECDH */
--#ifndef OPENSSL_NO_PSK
--			if (type & SSL_kPSK)
--				{
--				/* reserve size for record length and PSK identity hint*/
--				n+=2+strlen(s->ctx->psk_identity_hint);
--				}
--			else
--#endif /* !OPENSSL_NO_PSK */
- #ifndef OPENSSL_NO_SRP
--		if (type & SSL_kSRP)
-+		else if (alg_k & SSL_kSRP)
- 			{
- 			if ((s->srp_ctx.N == NULL) ||
- 				(s->srp_ctx.g == NULL) ||
-@@ -1912,8 +1918,8 @@ int ssl3_send_server_key_exchange(SSL *s)
- 			r[2]=s->srp_ctx.s;
- 			r[3]=s->srp_ctx.B;
- 			}
--		else 
- #endif
-+		else if (!(alg_k & SSL_kPSK))
- 			{
- 			al=SSL_AD_HANDSHAKE_FAILURE;
- 			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-@@ -1923,15 +1929,16 @@ int ssl3_send_server_key_exchange(SSL *s)
- 			{
- 			nr[i]=BN_num_bytes(r[i]);
- #ifndef OPENSSL_NO_SRP
--			if ((i == 2) && (type & SSL_kSRP))
-+			if ((i == 2) && (alg_k & SSL_kSRP))
- 				n+=1+nr[i];
- 			else
- #endif
- 			n+=2+nr[i];
- 			}
- 
--		if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP))
--			&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
-+		if (!(alg_a & (SSL_aNULL|SSL_aSRP))
-+			/* Among PSK ciphersuites only RSA uses a certificate */
-+			&& !((alg_a & SSL_aPSK) && !(alg_k & SSL_kRSA)))
- 			{
- 			if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md))
- 				== NULL)
-@@ -1958,7 +1965,7 @@ int ssl3_send_server_key_exchange(SSL *s)
- 		for (i=0; i < 4 && r[i] != NULL; i++)
- 			{
- #ifndef OPENSSL_NO_SRP
--			if ((i == 2) && (type & SSL_kSRP))
-+			if ((i == 2) && (alg_k & SSL_kSRP))
- 				{
- 				*p = nr[i];
- 				p++;
-@@ -1970,8 +1977,32 @@ int ssl3_send_server_key_exchange(SSL *s)
- 			p+=nr[i];
- 			}
- 
-+/* Note: ECDHE PSK ciphersuites use SSL_kEECDH and SSL_aPSK.
-+ * When one of them is used, the server key exchange record needs to have both
-+ * the psk_identity_hint and the ServerECDHParams. */
-+#ifndef OPENSSL_NO_PSK
-+		if (alg_a & SSL_aPSK)
-+			{
-+			if (s->ctx->psk_identity_hint)
-+				{
-+				/* copy PSK identity hint */
-+				s2n(strlen(s->ctx->psk_identity_hint), p);
-+				strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
-+				p+=strlen(s->ctx->psk_identity_hint);
-+				}
-+			else
-+				{
-+				/* No identity hint is provided. */
-+				*p = 0;
-+				p += 1;
-+				*p = 0;
-+				p += 1;
-+				}
-+			}
-+#endif /* OPENSSL_NO_PSK */
-+
- #ifndef OPENSSL_NO_ECDH
--		if (type & SSL_kEECDH) 
-+		if (alg_k & SSL_kEECDH)
- 			{
- 			/* XXX: For now, we only support named (not generic) curves.
- 			 * In this situation, the serverKeyExchange message has:
-@@ -1994,17 +2025,7 @@ int ssl3_send_server_key_exchange(SSL *s)
- 			encodedPoint = NULL;
- 			p += encodedlen;
- 			}
--#endif
--
--#ifndef OPENSSL_NO_PSK
--		if (type & SSL_kPSK)
--			{
--			/* copy PSK identity hint */
--			s2n(strlen(s->ctx->psk_identity_hint), p); 
--			strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
--			p+=strlen(s->ctx->psk_identity_hint);
--			}
--#endif
-+#endif /* OPENSSL_NO_ECDH */
- 
- 		/* not anonymous */
- 		if (pkey != NULL)
-@@ -2041,7 +2062,7 @@ int ssl3_send_server_key_exchange(SSL *s)
- 				n+=u+2;
- 				}
- 			else
--#endif
-+#endif /* OPENSSL_NO_RSA */
- 			if (md)
- 				{
- 				/* For TLS1.2 and later send signature
-@@ -2215,6 +2236,7 @@ int ssl3_get_client_key_exchange(SSL *s)
- 	int i,al,ok;
- 	long n;
- 	unsigned long alg_k;
-+	unsigned long alg_a;
- 	unsigned char *p;
- #ifndef OPENSSL_NO_RSA
- 	RSA *rsa=NULL;
-@@ -2232,7 +2254,11 @@ int ssl3_get_client_key_exchange(SSL *s)
- 	EC_KEY *srvr_ecdh = NULL;
- 	EVP_PKEY *clnt_pub_pkey = NULL;
- 	EC_POINT *clnt_ecpoint = NULL;
--	BN_CTX *bn_ctx = NULL; 
-+	BN_CTX *bn_ctx = NULL;
-+#ifndef OPENSSL_NO_PSK
-+	unsigned int psk_len = 0;
-+	unsigned char psk[PSK_MAX_PSK_LEN];
-+#endif /* OPENSSL_NO_PSK */
- #endif
- 
- 	n=s->method->ssl_get_message(s,
-@@ -2246,7 +2272,106 @@ int ssl3_get_client_key_exchange(SSL *s)
- 	p=(unsigned char *)s->init_msg;
- 
- 	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
-+	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
-+
-+#ifndef OPENSSL_NO_PSK
-+	if (alg_a & SSL_aPSK)
-+		{
-+		unsigned char *t = NULL;
-+		unsigned char pre_ms[PSK_MAX_PSK_LEN*2+4];
-+		unsigned int pre_ms_len = 0;
-+		int psk_err = 1;
-+		char tmp_id[PSK_MAX_IDENTITY_LEN+1];
-+
-+		al=SSL_AD_HANDSHAKE_FAILURE;
-+
-+		n2s(p, i);
-+		if (n != i+2 && !(alg_k & SSL_kEECDH))
-+			{
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-+				SSL_R_LENGTH_MISMATCH);
-+			goto psk_err;
-+			}
-+		if (i > PSK_MAX_IDENTITY_LEN)
-+			{
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-+				SSL_R_DATA_LENGTH_TOO_LONG);
-+			goto psk_err;
-+			}
-+		if (s->psk_server_callback == NULL)
-+			{
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-+			       SSL_R_PSK_NO_SERVER_CB);
-+			goto psk_err;
-+			}
-+
-+		/* Create guaranteed NUL-terminated identity
-+		 * string for the callback */
-+		memcpy(tmp_id, p, i);
-+		memset(tmp_id+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
-+		psk_len = s->psk_server_callback(s, tmp_id, psk, sizeof(psk));
- 
-+		if (psk_len > PSK_MAX_PSK_LEN)
-+			{
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-+				ERR_R_INTERNAL_ERROR);
-+			goto psk_err;
-+			}
-+		else if (psk_len == 0)
-+			{
-+			/* PSK related to the given identity not found */
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-+			       SSL_R_PSK_IDENTITY_NOT_FOUND);
-+			al=SSL_AD_UNKNOWN_PSK_IDENTITY;
-+			goto psk_err;
-+			}
-+		if (!(alg_k & SSL_kEECDH))
-+			{
-+			/* Create the shared secret now if we're not using ECDHE-PSK.*/
-+			pre_ms_len=2+psk_len+2+psk_len;
-+			t = pre_ms;
-+			s2n(psk_len, t);
-+			memset(t, 0, psk_len);
-+			t+=psk_len;
-+			s2n(psk_len, t);
-+			memcpy(t, psk, psk_len);
-+
-+			s->session->master_key_length=
-+				s->method->ssl3_enc->generate_master_secret(s,
-+					s->session->master_key, pre_ms, pre_ms_len);
-+			}
-+		if (s->session->psk_identity != NULL)
-+			OPENSSL_free(s->session->psk_identity);
-+		s->session->psk_identity = BUF_strdup(tmp_id);
-+		OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN+1);
-+		if (s->session->psk_identity == NULL)
-+			{
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-+				ERR_R_MALLOC_FAILURE);
-+			goto psk_err;
-+			}
-+
-+		if (s->session->psk_identity_hint != NULL)
-+			OPENSSL_free(s->session->psk_identity_hint);
-+		s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
-+		if (s->ctx->psk_identity_hint != NULL &&
-+			s->session->psk_identity_hint == NULL)
-+			{
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-+				ERR_R_MALLOC_FAILURE);
-+			goto psk_err;
-+			}
-+
-+		p += i;
-+		n -= (i + 2);
-+		psk_err = 0;
-+	psk_err:
-+		OPENSSL_cleanse(pre_ms, sizeof(pre_ms));
-+		if (psk_err != 0)
-+			goto f_err;
-+		}
-+#endif /* OPENSSL_NO_PSK */
-+	if (0) {}
- #ifndef OPENSSL_NO_RSA
- 	if (alg_k & SSL_kRSA)
- 		{
-@@ -2410,10 +2535,9 @@ int ssl3_get_client_key_exchange(SSL *s)
- 				p,sizeof(rand_premaster_secret));
- 		OPENSSL_cleanse(p,sizeof(rand_premaster_secret));
- 		}
--	else
- #endif
- #ifndef OPENSSL_NO_DH
--		if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-+	else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- 		{
- 		n2s(p,i);
- 		if (n != i+2)
-@@ -2474,10 +2598,9 @@ int ssl3_get_client_key_exchange(SSL *s)
- 				s->session->master_key,p,i);
- 		OPENSSL_cleanse(p,i);
- 		}
--	else
- #endif
- #ifndef OPENSSL_NO_KRB5
--	if (alg_k & SSL_kKRB5)
-+	else if (alg_k & SSL_kKRB5)
- 		{
- 		krb5_error_code		krb5rc;
- 		krb5_data		enc_ticket;
-@@ -2666,17 +2789,20 @@ int ssl3_get_client_key_exchange(SSL *s)
- 		**  if (s->kssl_ctx)  s->kssl_ctx = NULL;
- 		*/
- 		}
--	else
- #endif	/* OPENSSL_NO_KRB5 */
--
- #ifndef OPENSSL_NO_ECDH
--		if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
-+	else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
- 		{
- 		int ret = 1;
- 		int field_size = 0;
- 		const EC_KEY   *tkey;
- 		const EC_GROUP *group;
- 		const BIGNUM *priv_key;
-+#ifndef OPENSSL_NO_PSK
-+		unsigned char *pre_ms;
-+		unsigned int pre_ms_len;
-+		unsigned char *t;
-+#endif /* OPENSSL_NO_PSK */
- 
- 		/* initialize structures for server's ECDH key pair */
- 		if ((srvr_ecdh = EC_KEY_new()) == NULL) 
-@@ -2772,7 +2898,7 @@ int ssl3_get_client_key_exchange(SSL *s)
- 				}
- 
- 			/* Get encoded point length */
--			i = *p; 
-+			i = *p;
- 			p += 1;
- 			if (n != 1 + i)
- 				{
-@@ -2814,221 +2940,145 @@ int ssl3_get_client_key_exchange(SSL *s)
- 		EC_KEY_free(srvr_ecdh);
- 		BN_CTX_free(bn_ctx);
- 		EC_KEY_free(s->s3->tmp.ecdh);
--		s->s3->tmp.ecdh = NULL; 
-+		s->s3->tmp.ecdh = NULL;
- 
--		/* Compute the master secret */
--		s->session->master_key_length = s->method->ssl3_enc-> \
--		    generate_master_secret(s, s->session->master_key, p, i);
--		
--		OPENSSL_cleanse(p, i);
--		return (ret);
--		}
--	else
--#endif
- #ifndef OPENSSL_NO_PSK
--		if (alg_k & SSL_kPSK)
-+		/* ECDHE PSK ciphersuites from RFC 5489 */
-+	    if ((alg_a & SSL_aPSK) && psk_len != 0)
- 			{
--			unsigned char *t = NULL;
--			unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
--			unsigned int pre_ms_len = 0, psk_len = 0;
--			int psk_err = 1;
--			char tmp_id[PSK_MAX_IDENTITY_LEN+1];
--
--			al=SSL_AD_HANDSHAKE_FAILURE;
--
--			n2s(p,i);
--			if (n != i+2)
--				{
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
--					SSL_R_LENGTH_MISMATCH);
--				goto psk_err;
--				}
--			if (i > PSK_MAX_IDENTITY_LEN)
--				{
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
--					SSL_R_DATA_LENGTH_TOO_LONG);
--				goto psk_err;
--				}
--			if (s->psk_server_callback == NULL)
--				{
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
--				       SSL_R_PSK_NO_SERVER_CB);
--				goto psk_err;
--				}
--
--			/* Create guaranteed NULL-terminated identity
--			 * string for the callback */
--			memcpy(tmp_id, p, i);
--			memset(tmp_id+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
--			psk_len = s->psk_server_callback(s, tmp_id,
--				psk_or_pre_ms, sizeof(psk_or_pre_ms));
--			OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN+1);
--
--			if (psk_len > PSK_MAX_PSK_LEN)
--				{
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
--					ERR_R_INTERNAL_ERROR);
--				goto psk_err;
--				}
--			else if (psk_len == 0)
--				{
--				/* PSK related to the given identity not found */
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
--				       SSL_R_PSK_IDENTITY_NOT_FOUND);
--				al=SSL_AD_UNKNOWN_PSK_IDENTITY;
--				goto psk_err;
--				}
--
--			/* create PSK pre_master_secret */
--			pre_ms_len=2+psk_len+2+psk_len;
--			t = psk_or_pre_ms;
--			memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
--			s2n(psk_len, t);
--			memset(t, 0, psk_len);
--			t+=psk_len;
--			s2n(psk_len, t);
--
--			if (s->session->psk_identity != NULL)
--				OPENSSL_free(s->session->psk_identity);
--			s->session->psk_identity = BUF_strdup((char *)p);
--			if (s->session->psk_identity == NULL)
--				{
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
--					ERR_R_MALLOC_FAILURE);
--				goto psk_err;
--				}
--
--			if (s->session->psk_identity_hint != NULL)
--				OPENSSL_free(s->session->psk_identity_hint);
--			s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
--			if (s->ctx->psk_identity_hint != NULL &&
--				s->session->psk_identity_hint == NULL)
-+			pre_ms_len = 2+i+2+psk_len;
-+			pre_ms = OPENSSL_malloc(pre_ms_len);
-+			if (pre_ms == NULL)
- 				{
- 				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- 					ERR_R_MALLOC_FAILURE);
--				goto psk_err;
-+				goto err;
- 				}
--
--			s->session->master_key_length=
--				s->method->ssl3_enc->generate_master_secret(s,
--					s->session->master_key, psk_or_pre_ms, pre_ms_len);
--			psk_err = 0;
--		psk_err:
--			OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
--			if (psk_err != 0)
--				goto f_err;
-+			memset(pre_ms, 0, pre_ms_len);
-+			t = pre_ms;
-+			s2n(i, t);
-+			memcpy(t, p, i);
-+			t += i;
-+			s2n(psk_len, t);
-+			memcpy(t, psk, psk_len);
-+			s->session->master_key_length = s->method->ssl3_enc \
-+				-> generate_master_secret(s,
-+					s->session->master_key, pre_ms, pre_ms_len);
-+			OPENSSL_cleanse(pre_ms, pre_ms_len);
-+			OPENSSL_free(pre_ms);
- 			}
--		else
--#endif
--#ifndef OPENSSL_NO_SRP
--		if (alg_k & SSL_kSRP)
-+#endif /* OPENSSL_NO_PSK */
-+		if (!(alg_a & SSL_aPSK))
- 			{
--			int param_len;
--
--			n2s(p,i);
--			param_len=i+2;
--			if (param_len > n)
--				{
--				al=SSL_AD_DECODE_ERROR;
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_A_LENGTH);
--				goto f_err;
--				}
--			if (!(s->srp_ctx.A=BN_bin2bn(p,i,NULL)))
--				{
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_BN_LIB);
--				goto err;
--				}
--			if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0
--				|| BN_is_zero(s->srp_ctx.A))
--				{
--				al=SSL_AD_ILLEGAL_PARAMETER;
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS);
--				goto f_err;
--				}
--			if (s->session->srp_username != NULL)
--				OPENSSL_free(s->session->srp_username);
--			s->session->srp_username = BUF_strdup(s->srp_ctx.login);
--			if (s->session->srp_username == NULL)
--				{
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
--					ERR_R_MALLOC_FAILURE);
--				goto err;
--				}
-+			/* Compute the master secret */
-+			s->session->master_key_length = s->method->ssl3_enc \
-+				-> generate_master_secret(s,
-+					s->session->master_key, p, i);
-+			}
- 
--			if ((s->session->master_key_length = SRP_generate_server_master_secret(s,s->session->master_key))<0)
--				{
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
--				goto err;
--				}
-+		OPENSSL_cleanse(p, i);
-+		}
-+#endif
-+#ifndef OPENSSL_NO_SRP
-+	else if (alg_k & SSL_kSRP)
-+		{
-+		int param_len;
- 
--			p+=i;
-+		n2s(p,i);
-+		param_len=i+2;
-+		if (param_len > n)
-+			{
-+			al=SSL_AD_DECODE_ERROR;
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_A_LENGTH);
-+			goto f_err;
-+			}
-+		if (!(s->srp_ctx.A=BN_bin2bn(p,i,NULL)))
-+			{
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_BN_LIB);
-+			goto err;
-+			}
-+		if (s->session->srp_username != NULL)
-+			OPENSSL_free(s->session->srp_username);
-+		s->session->srp_username = BUF_strdup(s->srp_ctx.login);
-+		if (s->session->srp_username == NULL)
-+			{
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-+				ERR_R_MALLOC_FAILURE);
-+			goto err;
- 			}
--		else
--#endif	/* OPENSSL_NO_SRP */
--		if (alg_k & SSL_kGOST) 
--			{
--			int ret = 0;
--			EVP_PKEY_CTX *pkey_ctx;
--			EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
--			unsigned char premaster_secret[32], *start;
--			size_t outlen=32, inlen;
--			unsigned long alg_a;
--			int Ttag, Tclass;
--			long Tlen;
--
--			/* Get our certificate private key*/
--			alg_a = s->s3->tmp.new_cipher->algorithm_auth;
--			if (alg_a & SSL_aGOST94)
--				pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
--			else if (alg_a & SSL_aGOST01)
--				pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
- 
--			pkey_ctx = EVP_PKEY_CTX_new(pk,NULL);
--			EVP_PKEY_decrypt_init(pkey_ctx);
--			/* If client certificate is present and is of the same type, maybe
--			 * use it for key exchange.  Don't mind errors from
--			 * EVP_PKEY_derive_set_peer, because it is completely valid to use
--			 * a client certificate for authorization only. */
--			client_pub_pkey = X509_get_pubkey(s->session->peer);
--			if (client_pub_pkey)
--				{
--				if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
--					ERR_clear_error();
--				}
--			/* Decrypt session key */
--			if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, &Tclass, n) != V_ASN1_CONSTRUCTED || 
--				Ttag != V_ASN1_SEQUENCE ||
--			 	Tclass != V_ASN1_UNIVERSAL) 
--				{
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
--				goto gerr;
--				}
--			start = p;
--			inlen = Tlen;
--			if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0) 
-+		if ((s->session->master_key_length = SRP_generate_server_master_secret(s,s->session->master_key))<0)
-+			{
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-+			goto err;
-+			}
- 
--				{
--				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
--				goto gerr;
--				}
--			/* Generate master secret */
--			s->session->master_key_length=
--				s->method->ssl3_enc->generate_master_secret(s,
--					s->session->master_key,premaster_secret,32);
--			/* Check if pubkey from client certificate was used */
--			if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
--				ret = 2;
--			else
--				ret = 1;
--		gerr:
--			EVP_PKEY_free(client_pub_pkey);
--			EVP_PKEY_CTX_free(pkey_ctx);
--			if (ret)
--				return ret;
--			else
--				goto err;
-+		p+=i;
-+		}
-+#endif	/* OPENSSL_NO_SRP */
-+	else if (alg_k & SSL_kGOST) 
-+		{
-+		int ret = 0;
-+		EVP_PKEY_CTX *pkey_ctx;
-+		EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
-+		unsigned char premaster_secret[32], *start;
-+		size_t outlen=32, inlen;
-+		unsigned long alg_a;
-+		int Ttag, Tclass;
-+		long Tlen;
-+
-+		/* Get our certificate private key*/
-+		alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-+		if (alg_a & SSL_aGOST94)
-+			pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
-+		else if (alg_a & SSL_aGOST01)
-+			pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
-+
-+		pkey_ctx = EVP_PKEY_CTX_new(pk,NULL);
-+		EVP_PKEY_decrypt_init(pkey_ctx);
-+		/* If client certificate is present and is of the same type, maybe
-+		 * use it for key exchange.  Don't mind errors from
-+		 * EVP_PKEY_derive_set_peer, because it is completely valid to use
-+		 * a client certificate for authorization only. */
-+		client_pub_pkey = X509_get_pubkey(s->session->peer);
-+		if (client_pub_pkey)
-+			{
-+			if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
-+				ERR_clear_error();
-+			}
-+		/* Decrypt session key */
-+		if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, &Tclass, n) != V_ASN1_CONSTRUCTED ||
-+			Ttag != V_ASN1_SEQUENCE ||
-+			Tclass != V_ASN1_UNIVERSAL)
-+			{
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
-+			goto gerr;
-+			}
-+		start = p;
-+		inlen = Tlen;
-+		if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0) 
-+			{
-+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
-+			goto gerr;
- 			}
-+		/* Generate master secret */
-+		s->session->master_key_length=
-+			s->method->ssl3_enc->generate_master_secret(s,
-+				s->session->master_key,premaster_secret,32);
-+		/* Check if pubkey from client certificate was used */
-+		if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
-+			ret = 2;
-+		else
-+			ret = 1;
-+	gerr:
-+		EVP_PKEY_free(client_pub_pkey);
-+		EVP_PKEY_CTX_free(pkey_ctx);
-+		if (ret)
-+			return ret;
- 		else
-+			goto err;
-+		}
-+	else if (!(alg_k & SSL_kPSK))
- 		{
- 		al=SSL_AD_HANDSHAKE_FAILURE;
- 		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 0fda4ca..6c57d2a 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -1424,7 +1424,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
- #endif /* OPENSSL_NO_KRB5 */
- #ifndef OPENSSL_NO_PSK
- 		/* with PSK there must be client callback set */
--		if (((c->algorithm_mkey & SSL_kPSK) || (c->algorithm_auth & SSL_aPSK)) &&
-+		if ((c->algorithm_auth & SSL_aPSK) &&
- 		    s->psk_client_callback == NULL)
- 			continue;
- #endif /* OPENSSL_NO_PSK */
-diff --git a/ssl/tls1.h b/ssl/tls1.h
-index 9e035fb..3e6b7c7 100644
---- a/ssl/tls1.h
-+++ b/ssl/tls1.h
-@@ -536,6 +536,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
- #define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305		0x0300CC14
- #define TLS1_CK_DHE_RSA_CHACHA20_POLY1305		0x0300CC15
- 
-+/* ECDHE PSK ciphersuites from RFC 5489 */
-+#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0x0300C037
-+#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0x0300C038
-+
- /* XXX
-  * Inconsistency alert:
-  * The OpenSSL names of ciphers with ephemeral DH here include the string
-@@ -691,6 +698,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
- #define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305	"ECDHE-ECDSA-CHACHA20-POLY1305"
- #define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305		"DHE-RSA-CHACHA20-POLY1305"
- 
-+/* ECDHE PSK ciphersuites from RFC 5489 */
-+#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256  "ECDHE-PSK-WITH-AES-128-CBC-SHA256"
-+#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384  "ECDHE-PSK-WITH-AES-256-CBC-SHA384"
-+
- #define TLS_CT_RSA_SIGN			1
- #define TLS_CT_DSS_SIGN			2
- #define TLS_CT_RSA_FIXED_DH		3
-2.0.0.526.g5318336
-
diff --git a/patches/0012-wincrypt.patch b/patches/0012-wincrypt.patch
deleted file mode 100644
index fe28901d55..0000000000
--- a/patches/0012-wincrypt.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From e7d931119b81d514d8f0645b5453ec16c441b3db Mon Sep 17 00:00:00 2001
-From: Andrew Hsieh <andrewhsieh@google.com>
-Date: Wed, 7 May 2014 20:01:28 +0800
-Subject: [PATCH] Undef OCSP_REQUEST, X509_NAME and OCSP_RESPONSE
-
-prebuilts/gcc/linux-x86/host/x86_64-w64-mingw32-4.8/mingw/include/wincrypt.h
-define all as constants, but ocsp.h use them as type/function names
-
-Change-Id: I580b55a36575c1b19df6e7f3adaf90e7c345e46f
----
- crypto/ocsp/ocsp.h     | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h
-index 31e4574..f14e9f7 100644
---- a/crypto/ocsp/ocsp.h
-+++ b/crypto/ocsp/ocsp.h
-@@ -90,6 +90,13 @@ extern "C" {
- #define OCSP_RESPID_KEY			0x400
- #define OCSP_NOTIME			0x800
- 
-+#ifdef OPENSSL_SYS_WIN32
-+  /* Under Win32 these are defined in wincrypt.h */
-+#undef OCSP_REQUEST
-+#undef X509_NAME
-+#undef OCSP_RESPONSE
-+#endif
-+
- /*   CertID ::= SEQUENCE {
-  *       hashAlgorithm            AlgorithmIdentifier,
-  *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
--- 
-1.9.1.423.g4596e3a
-
diff --git a/patches/0013-tls_psk_hint.patch b/patches/0013-tls_psk_hint.patch
deleted file mode 100644
index 60fbf73dc1..0000000000
--- a/patches/0013-tls_psk_hint.patch
+++ /dev/null
@@ -1,418 +0,0 @@
-From 9c14752f8872401de413fb46a96146b0d6bf926e Mon Sep 17 00:00:00 2001
-From: Alex Klyubin <klyubin@google.com>
-Date: Tue, 8 Apr 2014 16:02:24 -0700
-Subject: tls_psk_hint
-
-Fix TLS-PSK identity hint implementation issues.
-
-PSK identity hint can be stored in SSL_CTX and in SSL/SSL_SESSION,
-similar to other TLS parameters, with the value in SSL/SSL_SESSION
-taking precedence over the one in SSL_CTX. The value in SSL_CTX is
-shared (used as the default) between all SSL instances associated
-with that SSL_CTX, whereas the value in SSL/SSL_SESSION is confined
-to that particular TLS/SSL connection/session.
-
-The existing implementation of TLS-PSK does not correctly distinguish
-between PSK identity hint in SSL_CTX and in SSL/SSL_SESSION. This
-change fixes these issues:
-1. SSL_use_psk_identity_hint does nothing and returns "success" when
-   the SSL object does not have an associated SSL_SESSION.
-2. On the client, the hint in SSL_CTX (which is shared between
-   multiple SSL instances) is overwritten with the hint received from
-   server or reset to NULL if no hint was received.
-3. On the client, psk_client_callback is invoked with the hint from
-   SSL_CTX rather than from current SSL/SSL_SESSION (i.e., the one
-   received from the server). Issue #2 above masks this issue.
-4. On the server, the hint in SSL/SSL_SESSION is ignored and the hint
-   from SSL_CTX is sent to the client.
-5. On the server, the hint in SSL/SSL_SESSION is reset to the one in
-   SSL_CTX after the ClientKeyExchange message step.
-
-This change fixes the issues by:
-* Adding storage for the hint in the SSL object. The idea being that
-  the hint in the associated SSL_SESSION takes precedence.
-* Reading the hint during the handshake only from the associated
-  SSL_SESSION object.
-* Initializing the hint in SSL object with the one from the SSL_CTX
-  object.
-* Initializing the hint in SSL_SESSION object with the one from the
-  SSL object.
-* Making SSL_use_psk_identity_hint and SSL_get_psk_identity_hint
-  set/get the hint to/from SSL_SESSION associated with the provided
-  SSL object, or, if no SSL_SESSION is available, set/get the hint
-  to/from the provided SSL object.
-* Removing code which resets the hint during handshake.
----
- ssl/d1_clnt.c  | 13 +------------
- ssl/d1_srvr.c  | 10 +++++-----
- ssl/s3_clnt.c  | 37 +++++++++++++------------------------
- ssl/s3_srvr.c  | 44 ++++++++++++++++----------------------------
- ssl/ssl.h      |  4 ++++
- ssl/ssl_lib.c  | 56 +++++++++++++++++++++++++++++++++++++++++++++-----------
- ssl/ssl_sess.c | 12 ++++++++++++
- 7 files changed, 96 insertions(+), 80 deletions(-)
-
-diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
-index f857946..b017139 100644
---- a/ssl/d1_clnt.c
-+++ b/ssl/d1_clnt.c
-@@ -1434,7 +1434,7 @@ int dtls1_send_client_key_exchange(SSL *s)
- 				goto err;
- 				}
- 
--			psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
-+			psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
- 				identity, PSK_MAX_IDENTITY_LEN,
- 				psk_or_pre_ms, sizeof(psk_or_pre_ms));
- 			if (psk_len > PSK_MAX_PSK_LEN)
-@@ -1459,17 +1459,6 @@ int dtls1_send_client_key_exchange(SSL *s)
- 			t+=psk_len;
- 			s2n(psk_len, t);
- 
--			if (s->session->psk_identity_hint != NULL)
--				OPENSSL_free(s->session->psk_identity_hint);
--			s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
--			if (s->ctx->psk_identity_hint != NULL &&
--				s->session->psk_identity_hint == NULL)
--				{
--				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
--					ERR_R_MALLOC_FAILURE);
--				goto psk_err;
--				}
--
- 			if (s->session->psk_identity != NULL)
- 				OPENSSL_free(s->session->psk_identity);
- 			s->session->psk_identity = BUF_strdup(identity);
-diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
-index 1384ab0..c181db6 100644
---- a/ssl/d1_srvr.c
-+++ b/ssl/d1_srvr.c
-@@ -471,7 +471,7 @@ int dtls1_accept(SSL *s)
- 			/* PSK: send ServerKeyExchange if PSK identity
- 			 * hint if provided */
- #ifndef OPENSSL_NO_PSK
--			    || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
-+			    || ((alg_k & SSL_kPSK) && s->session->psk_identity_hint)
- #endif
- 			    || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- 			    || (alg_k & SSL_kEECDH)
-@@ -1288,7 +1288,7 @@ int dtls1_send_server_key_exchange(SSL *s)
- 			if (type & SSL_kPSK)
- 				{
- 				/* reserve size for record length and PSK identity hint*/
--				n+=2+strlen(s->ctx->psk_identity_hint);
-+				n+=2+strlen(s->session->psk_identity_hint);
- 				}
- 			else
- #endif /* !OPENSSL_NO_PSK */
-@@ -1365,9 +1365,9 @@ int dtls1_send_server_key_exchange(SSL *s)
- 		if (type & SSL_kPSK)
- 			{
- 			/* copy PSK identity hint */
--			s2n(strlen(s->ctx->psk_identity_hint), p); 
--			strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
--			p+=strlen(s->ctx->psk_identity_hint);
-+			s2n(strlen(s->session->psk_identity_hint), p);
-+			strncpy((char *)p, s->session->psk_identity_hint, strlen(s->session->psk_identity_hint));
-+			p+=strlen(s->session->psk_identity_hint);
- 			}
- #endif
- 
-diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
-index 12c3fe8..17367a2 100644
---- a/ssl/s3_clnt.c
-+++ b/ssl/s3_clnt.c
-@@ -1374,9 +1374,11 @@ int ssl3_get_key_exchange(SSL *s)
- 		if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)
- 			{
- 			s->session->sess_cert=ssl_sess_cert_new();
--			if (s->ctx->psk_identity_hint)
--				OPENSSL_free(s->ctx->psk_identity_hint);
--			s->ctx->psk_identity_hint = NULL;
-+			if (s->session->psk_identity_hint)
-+				{
-+				OPENSSL_free(s->session->psk_identity_hint);
-+				s->session->psk_identity_hint = NULL;
-+				}
- 			}
- #endif
- 		s->s3->tmp.reuse_message=1;
-@@ -1426,7 +1428,11 @@ int ssl3_get_key_exchange(SSL *s)
-			}
-		n2s(p,i);
-
--		s->ctx->psk_identity_hint = NULL;
-+		if (s->session->psk_identity_hint)
-+			{
-+			OPENSSL_free(s->session->psk_identity_hint);
-+			s->session->psk_identity_hint = NULL;
-+			}
- 		if (i != 0)
- 			{
- 			/* Store PSK identity hint for later use, hint is used
-@@ -1452,10 +1458,8 @@ int ssl3_get_key_exchange(SSL *s)
- 			 * NULL-terminated string. */
- 			memcpy(tmp_id_hint, p, i);
- 			memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
--			if (s->ctx->psk_identity_hint != NULL)
--				OPENSSL_free(s->ctx->psk_identity_hint);
--			s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint);
--			if (s->ctx->psk_identity_hint == NULL)
-+			s->session->psk_identity_hint = BUF_strdup(tmp_id_hint);
-+			if (s->session->psk_identity_hint == NULL)
- 				{
- 				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
- 				goto f_err;
-@@ -2338,7 +2342,8 @@ int ssl3_send_client_key_exchange(SSL *s)
- 				goto err;
- 				}
- 
-+			memset(identity, 0, sizeof(identity));
--			psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
-+			psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
-				identity, sizeof(identity) - 1, psk, sizeof(psk));
- 			if (psk_len > PSK_MAX_PSK_LEN)
- 				{
-@@ -2374,21 +2378,6 @@ int ssl3_send_client_key_exchange(SSL *s)
- 				n += 2;
- 				}
- 
--			if (s->session->psk_identity_hint != NULL)
--				OPENSSL_free(s->session->psk_identity_hint);
--			s->session->psk_identity_hint = NULL;
--			if (s->ctx->psk_identity_hint)
--				{
--				s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
--				if (s->ctx->psk_identity_hint != NULL &&
--					s->session->psk_identity_hint == NULL)
--					{
--					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
--						ERR_R_MALLOC_FAILURE);
--					goto psk_err;
--					}
--				}
--
- 			if (s->session->psk_identity != NULL)
- 				OPENSSL_free(s->session->psk_identity);
- 			s->session->psk_identity = BUF_strdup(identity);
-diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
-index d6f1a35..c360337 100644
---- a/ssl/s3_srvr.c
-+++ b/ssl/s3_srvr.c
-@@ -492,7 +492,7 @@ int ssl3_accept(SSL *s)
- 			 *   - the key exchange is kEECDH.
- 			 */
- #ifndef OPENSSL_NO_PSK
--			    || ((alg_a & SSL_aPSK) && ((alg_k & SSL_kEECDH) || s->ctx->psk_identity_hint))
-+			    || ((alg_a & SSL_aPSK) && ((alg_k & SSL_kEECDH) || s->session->psk_identity_hint))
- #endif
- #ifndef OPENSSL_NO_SRP
- 			    /* SRP: send ServerKeyExchange */
-@@ -1702,6 +1702,10 @@ int ssl3_send_server_key_exchange(SSL *s)
- 	int curve_id = 0;
- 	BN_CTX *bn_ctx = NULL; 
- #endif
-+#ifndef OPENSSL_NO_PSK
-+	const char* psk_identity_hint;
-+	size_t psk_identity_hint_len;
-+#endif
- 	EVP_PKEY *pkey;
- 	const EVP_MD *md = NULL;
- 	unsigned char *p,*d;
-@@ -1730,9 +1734,12 @@ int ssl3_send_server_key_exchange(SSL *s)
- 		if (alg_a & SSL_aPSK)
- 			{
- 			/* size for PSK identity hint */
--			n+=2;
--			if (s->ctx->psk_identity_hint)
--				n+=strlen(s->ctx->psk_identity_hint);
-+			psk_identity_hint = s->session->psk_identity_hint;
-+			if (psk_identity_hint)
-+				psk_identity_hint_len = strlen(psk_identity_hint);
-+			else
-+				psk_identity_hint_len = 0;
-+			n+=2+psk_identity_hint_len;
- 			}
- #endif /* !OPENSSL_NO_PSK */
- #ifndef OPENSSL_NO_RSA
-@@ -2025,20 +2032,12 @@ int ssl3_send_server_key_exchange(SSL *s)
- #ifndef OPENSSL_NO_PSK
- 		if (alg_a & SSL_aPSK)
- 			{
--			if (s->ctx->psk_identity_hint)
--				{
--				/* copy PSK identity hint */
--				s2n(strlen(s->ctx->psk_identity_hint), p);
--				strncpy((char *)p, s->ctx->psk_identity_hint, strlen(s->ctx->psk_identity_hint));
--				p+=strlen(s->ctx->psk_identity_hint);
--				}
--			else
-+			/* copy PSK identity hint (if provided) */
-+			s2n(psk_identity_hint_len, p);
-+			if (psk_identity_hint_len > 0)
- 				{
--				/* No identity hint is provided. */
--				*p = 0;
--				p += 1;
--				*p = 0;
--				p += 1;
-+				memcpy(p, psk_identity_hint, psk_identity_hint_len);
-+				p+=psk_identity_hint_len;
- 				}
- 			}
- #endif /* OPENSSL_NO_PSK */
-@@ -2393,17 +2392,6 @@ int ssl3_get_client_key_exchange(SSL *s)
- 			goto psk_err;
- 			}
- 
--		if (s->session->psk_identity_hint != NULL)
--			OPENSSL_free(s->session->psk_identity_hint);
--		s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
--		if (s->ctx->psk_identity_hint != NULL &&
--			s->session->psk_identity_hint == NULL)
--			{
--			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
--				ERR_R_MALLOC_FAILURE);
--			goto psk_err;
--			}
--
- 		p += i;
- 		n -= (i + 2);
- 		psk_err = 0;
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index a7e1455..f044cd1 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -1441,6 +1441,10 @@ struct ssl_st
- #endif	/* OPENSSL_NO_KRB5 */
- 
- #ifndef OPENSSL_NO_PSK
-+	/* PSK identity hint is stored here only to enable setting a hint on an SSL object before an
-+	 * SSL_SESSION is associated with it. Once an SSL_SESSION is associated with this SSL object,
-+	 * the psk_identity_hint from the session takes precedence over this one. */
-+	char *psk_identity_hint;
- 	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
- 		unsigned int max_identity_len, unsigned char *psk,
- 		unsigned int max_psk_len);
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 3e49cab..cf24292 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -388,6 +388,13 @@ SSL *SSL_new(SSL_CTX *ctx)
- 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
- 
- #ifndef OPENSSL_NO_PSK
-+	s->psk_identity_hint = NULL;
-+	if (ctx->psk_identity_hint)
-+		{
-+		s->psk_identity_hint = BUF_strdup(ctx->psk_identity_hint);
-+		if (s->psk_identity_hint == NULL)
-+			goto err;
-+		}
- 	s->psk_client_callback=ctx->psk_client_callback;
- 	s->psk_server_callback=ctx->psk_server_callback;
- #endif
-@@ -648,6 +655,11 @@ void SSL_free(SSL *s)
- 		OPENSSL_free(s->alpn_client_proto_list);
- #endif
- 
-+#ifndef OPENSSL_NO_PSK
-+	if (s->psk_identity_hint)
-+		OPENSSL_free(s->psk_identity_hint);
-+#endif
-+
- 	if (s->client_CA != NULL)
- 		sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
- 
-@@ -3361,32 +3373,54 @@ int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
- 	if (s == NULL)
- 		return 0;
- 
--	if (s->session == NULL)
--		return 1; /* session not created yet, ignored */
--
- 	if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
- 		{
- 		SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
- 		return 0;
- 		}
--	if (s->session->psk_identity_hint != NULL)
-+
-+	/* Clear hint in SSL and associated SSL_SESSION (if any). */
-+	if (s->psk_identity_hint != NULL)
-+		{
-+		OPENSSL_free(s->psk_identity_hint);
-+		s->psk_identity_hint = NULL;
-+		}
-+	if (s->session != NULL && s->session->psk_identity_hint != NULL)
-+		{
- 		OPENSSL_free(s->session->psk_identity_hint);
-+		s->session->psk_identity_hint = NULL;
-+		}
-+
- 	if (identity_hint != NULL)
- 		{
--		s->session->psk_identity_hint = BUF_strdup(identity_hint);
--		if (s->session->psk_identity_hint == NULL)
--			return 0;
-+		/* The hint is stored in SSL and SSL_SESSION with the one in
-+		 * SSL_SESSION taking precedence. Thus, if SSL_SESSION is avaiable,
-+		 * we store the hint there, otherwise we store it in SSL. */
-+		if (s->session != NULL)
-+			{
-+			s->session->psk_identity_hint = BUF_strdup(identity_hint);
-+			if (s->session->psk_identity_hint == NULL)
-+				return 0;
-+			}
-+		else
-+			{
-+			s->psk_identity_hint = BUF_strdup(identity_hint);
-+			if (s->psk_identity_hint == NULL)
-+				return 0;
-+			}
- 		}
--	else
--		s->session->psk_identity_hint = NULL;
- 	return 1;
- 	}
- 
- const char *SSL_get_psk_identity_hint(const SSL *s)
- 	{
--	if (s == NULL || s->session == NULL)
-+	if (s == NULL)
- 		return NULL;
--	return(s->session->psk_identity_hint);
-+	/* The hint is stored in SSL and SSL_SESSION with the one in SSL_SESSION
-+	 * taking precedence. */
-+	if (s->session != NULL)
-+		return(s->session->psk_identity_hint);
-+	return(s->psk_identity_hint);
- 	}
- 
- const char *SSL_get_psk_identity(const SSL *s)
-diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
-index 44268e7..cdd198c 100644
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -437,6 +437,18 @@ int ssl_get_new_session(SSL *s, int session)
- 			}
- #endif
- #endif
-+#ifndef OPENSSL_NO_PSK
-+		if (s->psk_identity_hint)
-+			{
-+			ss->psk_identity_hint = BUF_strdup(s->psk_identity_hint);
-+			if (ss->psk_identity_hint == NULL)
-+				{
-+				SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
-+				SSL_SESSION_free(ss);
-+				return 0;
-+				}
-+			}
-+#endif
- 		}
- 	else
- 		{
--- 
-2.0.0.526.g5318336
-
diff --git a/patches/0014-arm_asm.patch b/patches/0014-arm_asm.patch
deleted file mode 100644
index d97df627d8..0000000000
--- a/patches/0014-arm_asm.patch
+++ /dev/null
@@ -1,7834 +0,0 @@
-diff --git a/Configure b/Configure
-index de78469..26743bb 100755
---- a/Configure
-+++ b/Configure
-@@ -136,7 +136,8 @@ my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-a
- my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
- my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
- my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
--my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void";
-+my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void";
-+my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o:::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:";
- my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
- my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
- my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::::";
-@@ -350,6 +351,7 @@ my %table=(
- # It's believed that majority of ARM toolchains predefine appropriate -march.
- # If you compiler does not, do complement config command line with one!
- "linux-armv4",	"gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-aarch64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- #### IA-32 targets...
- "linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-@@ -1503,7 +1505,7 @@ if ($rmd160_obj =~ /\.o$/)
- 	}
- if ($aes_obj =~ /\.o$/)
- 	{
--	$cflags.=" -DAES_ASM";
-+	$cflags.=" -DAES_ASM" if ($aes_obj =~ m/\baes\-/);;
- 	# aes-ctr.o is not a real file, only indication that assembler
- 	# module implements AES_ctr32_encrypt...
- 	$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
-@@ -1525,7 +1527,7 @@ else	{
- 	$wp_obj="wp_block.o";
- 	}
- $cmll_obj=$cmll_enc	unless ($cmll_obj =~ /.o$/);
--if ($modes_obj =~ /ghash/)
-+if ($modes_obj =~ /ghash\-/)
- 	{
- 	$cflags.=" -DGHASH_ASM";
- 	}
-diff --git a/config b/config
-index 41fa2a6..dff7df7 100755
---- a/config
-+++ b/config
-@@ -644,6 +644,7 @@ case "$GUESSOS" in
-   armv[1-3]*-*-linux2) OUT="linux-generic32" ;;
-   armv[7-9]*-*-linux2) OUT="linux-armv4"; options="$options -march=armv7-a" ;;
-   arm*-*-linux2) OUT="linux-armv4" ;;
-+  aarch64-*-linux2) OUT="linux-aarch64" ;;
-   sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
-   sh*-*-linux2)  OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
-   m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
-diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile
-index 45ede0a..9181a1a 100644
---- a/crypto/aes/Makefile
-+++ b/crypto/aes/Makefile
-@@ -78,9 +78,15 @@ aes-parisc.s:	asm/aes-parisc.pl
- aes-mips.S:	asm/aes-mips.pl
- 	$(PERL) asm/aes-mips.pl $(PERLASM_SCHEME) $@
- 
-+aesv8-armx.S:	asm/aesv8-armx.pl
-+	$(PERL) asm/aesv8-armx.pl $(PERLASM_SCHEME) $@
-+aesv8-armx.o:	aesv8-armx.S
-+
- # GNU make "catch all"
- aes-%.S:	asm/aes-%.pl;	$(PERL) $< $(PERLASM_SCHEME) > $@
- aes-armv4.o:	aes-armv4.S
-+bsaes-%.S:	asm/bsaes-%.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
-+bsaes-armv7.o:	bsaes-armv7.S
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl
-index 86b86c4..4f89170 100644
---- a/crypto/aes/asm/aes-armv4.pl
-+++ b/crypto/aes/asm/aes-armv4.pl
-@@ -1,7 +1,7 @@
- #!/usr/bin/env perl
- 
- # ====================================================================
--# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
- # project. The module is, however, dual licensed under OpenSSL and
- # CRYPTOGAMS licenses depending on where you obtain it. For further
- # details see http://www.openssl.org/~appro/cryptogams/.
-@@ -51,9 +51,23 @@ $key="r11";
- $rounds="r12";
- 
- $code=<<___;
--#include "arm_arch.h"
-+#ifndef __KERNEL__
-+# include "arm_arch.h"
-+#else
-+# define __ARM_ARCH__ __LINUX_ARM_ARCH__
-+#endif
-+
- .text
-+#if __ARM_ARCH__<7
-+.code	32
-+#else
-+.syntax	unified
-+# ifdef __thumb2__
-+.thumb
-+# else
- .code	32
-+# endif
-+#endif
- 
- .type	AES_Te,%object
- .align	5
-@@ -167,7 +181,11 @@ AES_Te:
- .type   AES_encrypt,%function
- .align	5
- AES_encrypt:
-+#if __ARM_ARCH__<7
- 	sub	r3,pc,#8		@ AES_encrypt
-+#else
-+	adr	r3,AES_encrypt
-+#endif
- 	stmdb   sp!,{r1,r4-r12,lr}
- 	mov	$rounds,r0		@ inp
- 	mov	$key,r2
-@@ -409,11 +427,21 @@ _armv4_AES_encrypt:
- .align	5
- private_AES_set_encrypt_key:
- _armv4_AES_set_encrypt_key:
-+#if __ARM_ARCH__<7
- 	sub	r3,pc,#8		@ AES_set_encrypt_key
-+#else
-+	adr	r3,private_AES_set_encrypt_key
-+#endif
- 	teq	r0,#0
-+#if __ARM_ARCH__>=7
-+	itt	eq			@ Thumb2 thing, sanity check in ARM
-+#endif
- 	moveq	r0,#-1
- 	beq	.Labrt
- 	teq	r2,#0
-+#if __ARM_ARCH__>=7
-+	itt	eq			@ Thumb2 thing, sanity check in ARM
-+#endif
- 	moveq	r0,#-1
- 	beq	.Labrt
- 
-@@ -422,6 +450,9 @@ _armv4_AES_set_encrypt_key:
- 	teq	r1,#192
- 	beq	.Lok
- 	teq	r1,#256
-+#if __ARM_ARCH__>=7
-+	itt	ne			@ Thumb2 thing, sanity check in ARM
-+#endif
- 	movne	r0,#-1
- 	bne	.Labrt
- 
-@@ -576,6 +607,9 @@ _armv4_AES_set_encrypt_key:
- 	str	$s2,[$key,#-16]
- 	subs	$rounds,$rounds,#1
- 	str	$s3,[$key,#-12]
-+#if __ARM_ARCH__>=7
-+	itt	eq				@ Thumb2 thing, sanity check in ARM
-+#endif
- 	subeq	r2,$key,#216
- 	beq	.Ldone
- 
-@@ -645,6 +679,9 @@ _armv4_AES_set_encrypt_key:
- 	str	$s2,[$key,#-24]
- 	subs	$rounds,$rounds,#1
- 	str	$s3,[$key,#-20]
-+#if __ARM_ARCH__>=7
-+	itt	eq				@ Thumb2 thing, sanity check in ARM
-+#endif
- 	subeq	r2,$key,#256
- 	beq	.Ldone
- 
-@@ -674,11 +711,17 @@ _armv4_AES_set_encrypt_key:
- 	str	$i3,[$key,#-4]
- 	b	.L256_loop
- 
-+.align	2
- .Ldone:	mov	r0,#0
- 	ldmia   sp!,{r4-r12,lr}
--.Labrt:	tst	lr,#1
-+.Labrt:
-+#if __ARM_ARCH__>=5
-+	ret				@ bx lr
-+#else
-+	tst	lr,#1
- 	moveq	pc,lr			@ be binary compatible with V4, yet
- 	bx	lr			@ interoperable with Thumb ISA:-)
-+#endif
- .size	private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
- 
- .global private_AES_set_decrypt_key
-@@ -688,34 +731,57 @@ private_AES_set_decrypt_key:
- 	str	lr,[sp,#-4]!            @ push lr
- 	bl	_armv4_AES_set_encrypt_key
- 	teq	r0,#0
--	ldrne	lr,[sp],#4              @ pop lr
-+	ldr	lr,[sp],#4              @ pop lr
- 	bne	.Labrt
- 
--	stmdb   sp!,{r4-r12}
-+	mov	r0,r2			@ AES_set_encrypt_key preserves r2,
-+	mov	r1,r2			@ which is AES_KEY *key
-+	b	_armv4_AES_set_enc2dec_key
-+.size	private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
- 
--	ldr	$rounds,[r2,#240]	@ AES_set_encrypt_key preserves r2,
--	mov	$key,r2			@ which is AES_KEY *key
--	mov	$i1,r2
--	add	$i2,r2,$rounds,lsl#4
-+@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
-+.global	AES_set_enc2dec_key
-+.type	AES_set_enc2dec_key,%function
-+.align	5
-+AES_set_enc2dec_key:
-+_armv4_AES_set_enc2dec_key:
-+	stmdb   sp!,{r4-r12,lr}
-+
-+	ldr	$rounds,[r0,#240]
-+	mov	$i1,r0			@ input
-+	add	$i2,r0,$rounds,lsl#4
-+	mov	$key,r1			@ ouput
-+	add	$tbl,r1,$rounds,lsl#4
-+	str	$rounds,[r1,#240]
-+
-+.Linv:	ldr	$s0,[$i1],#16
-+	ldr	$s1,[$i1,#-12]
-+	ldr	$s2,[$i1,#-8]
-+	ldr	$s3,[$i1,#-4]
-+	ldr	$t1,[$i2],#-16
-+	ldr	$t2,[$i2,#16+4]
-+	ldr	$t3,[$i2,#16+8]
-+	ldr	$i3,[$i2,#16+12]
-+	str	$s0,[$tbl],#-16
-+	str	$s1,[$tbl,#16+4]
-+	str	$s2,[$tbl,#16+8]
-+	str	$s3,[$tbl,#16+12]
-+	str	$t1,[$key],#16
-+	str	$t2,[$key,#-12]
-+	str	$t3,[$key,#-8]
-+	str	$i3,[$key,#-4]
-+	teq	$i1,$i2
-+	bne	.Linv
- 
--.Linv:	ldr	$s0,[$i1]
-+	ldr	$s0,[$i1]
- 	ldr	$s1,[$i1,#4]
- 	ldr	$s2,[$i1,#8]
- 	ldr	$s3,[$i1,#12]
--	ldr	$t1,[$i2]
--	ldr	$t2,[$i2,#4]
--	ldr	$t3,[$i2,#8]
--	ldr	$i3,[$i2,#12]
--	str	$s0,[$i2],#-16
--	str	$s1,[$i2,#16+4]
--	str	$s2,[$i2,#16+8]
--	str	$s3,[$i2,#16+12]
--	str	$t1,[$i1],#16
--	str	$t2,[$i1,#-12]
--	str	$t3,[$i1,#-8]
--	str	$i3,[$i1,#-4]
--	teq	$i1,$i2
--	bne	.Linv
-+	str	$s0,[$key]
-+	str	$s1,[$key,#4]
-+	str	$s2,[$key,#8]
-+	str	$s3,[$key,#12]
-+	sub	$key,$key,$rounds,lsl#3
- ___
- $mask80=$i1;
- $mask1b=$i2;
-@@ -773,7 +839,7 @@ $code.=<<___;
- 	moveq	pc,lr			@ be binary compatible with V4, yet
- 	bx	lr			@ interoperable with Thumb ISA:-)
- #endif
--.size	private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
-+.size	AES_set_enc2dec_key,.-AES_set_enc2dec_key
- 
- .type	AES_Td,%object
- .align	5
-@@ -883,7 +949,11 @@ AES_Td:
- .type   AES_decrypt,%function
- .align	5
- AES_decrypt:
-+#if __ARM_ARCH__<7
- 	sub	r3,pc,#8		@ AES_decrypt
-+#else
-+	adr	r3,AES_decrypt
-+#endif
- 	stmdb   sp!,{r1,r4-r12,lr}
- 	mov	$rounds,r0		@ inp
- 	mov	$key,r2
-@@ -1080,8 +1150,9 @@ _armv4_AES_decrypt:
- 	ldrb	$t3,[$tbl,$i3]		@ Td4[s0>>0]
- 	and	$i3,lr,$s1,lsr#8
- 
-+	add	$s1,$tbl,$s1,lsr#24
- 	ldrb	$i1,[$tbl,$i1]		@ Td4[s1>>0]
--	ldrb	$s1,[$tbl,$s1,lsr#24]	@ Td4[s1>>24]
-+	ldrb	$s1,[$s1]		@ Td4[s1>>24]
- 	ldrb	$i2,[$tbl,$i2]		@ Td4[s1>>16]
- 	eor	$s0,$i1,$s0,lsl#24
- 	ldrb	$i3,[$tbl,$i3]		@ Td4[s1>>8]
-@@ -1094,7 +1165,8 @@ _armv4_AES_decrypt:
- 	ldrb	$i2,[$tbl,$i2]		@ Td4[s2>>0]
- 	and	$i3,lr,$s2,lsr#16
- 
--	ldrb	$s2,[$tbl,$s2,lsr#24]	@ Td4[s2>>24]
-+	add	$s2,$tbl,$s2,lsr#24
-+	ldrb	$s2,[$s2]		@ Td4[s2>>24]
- 	eor	$s0,$s0,$i1,lsl#8
- 	ldrb	$i3,[$tbl,$i3]		@ Td4[s2>>16]
- 	eor	$s1,$i2,$s1,lsl#16
-@@ -1106,8 +1178,9 @@ _armv4_AES_decrypt:
- 	ldrb	$i2,[$tbl,$i2]		@ Td4[s3>>8]
- 	and	$i3,lr,$s3		@ i2
- 
-+	add	$s3,$tbl,$s3,lsr#24
- 	ldrb	$i3,[$tbl,$i3]		@ Td4[s3>>0]
--	ldrb	$s3,[$tbl,$s3,lsr#24]	@ Td4[s3>>24]
-+	ldrb	$s3,[$s3]		@ Td4[s3>>24]
- 	eor	$s0,$s0,$i1,lsl#16
- 	ldr	$i1,[$key,#0]
- 	eor	$s1,$s1,$i2,lsl#8
-@@ -1130,5 +1203,15 @@ _armv4_AES_decrypt:
- ___
- 
- $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
-+$code =~ s/\bret\b/bx\tlr/gm;
-+
-+open SELF,$0;
-+while(<SELF>) {
-+	next if (/^#!/);
-+	last if (!s/^#/@/ and !/^$/);
-+	print;
-+}
-+close SELF;
-+
- print $code;
- close STDOUT;	# enforce flush
-diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
-new file mode 100755
-index 0000000..415dc04
---- /dev/null
-+++ b/crypto/aes/asm/aesv8-armx.pl
-@@ -0,0 +1,980 @@
-+#!/usr/bin/env perl
-+#
-+# ====================================================================
-+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-+# project. The module is, however, dual licensed under OpenSSL and
-+# CRYPTOGAMS licenses depending on where you obtain it. For further
-+# details see http://www.openssl.org/~appro/cryptogams/.
-+# ====================================================================
-+#
-+# This module implements support for ARMv8 AES instructions. The
-+# module is endian-agnostic in sense that it supports both big- and
-+# little-endian cases. As does it support both 32- and 64-bit modes
-+# of operation. Latter is achieved by limiting amount of utilized
-+# registers to 16, which implies additional instructions. This has
-+# no effect on mighty Apple A7, as results are literally equal to
-+# the theoretical estimates based on instruction latencies and issue
-+# rate. It remains to be seen how does it affect other platforms...
-+#
-+# Performance in cycles per byte processed with 128-bit key:
-+#
-+#		CBC enc		CBC dec		CTR
-+# Apple A7	2.39		1.20		1.20
-+# Cortex-A5x	n/a		n/a		n/a
-+
-+$flavour = shift;
-+open STDOUT,">".shift;
-+
-+$prefix="aes_v8";
-+
-+$code=<<___;
-+#include "arm_arch.h"
-+
-+#if __ARM_ARCH__>=7
-+.text
-+___
-+$code.=".arch	armv8-a+crypto\n"	if ($flavour =~ /64/);
-+$code.=".fpu	neon\n.code	32\n"	if ($flavour !~ /64/);
-+
-+# Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax,
-+# NEON is mostly 32-bit mnemonics, integer - mostly 64. Goal is to
-+# maintain both 32- and 64-bit codes within single module and
-+# transliterate common code to either flavour with regex vodoo.
-+#
-+{{{
-+my ($inp,$bits,$out,$ptr,$rounds)=("x0","w1","x2","x3","w12");
-+my ($zero,$rcon,$mask,$in0,$in1,$tmp,$key)=
-+	$flavour=~/64/? map("q$_",(0..6)) : map("q$_",(0..3,8..10));
-+
-+
-+$code.=<<___;
-+.align	5
-+rcon:
-+.long	0x01,0x01,0x01,0x01
-+.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d	// rotate-n-splat
-+.long	0x1b,0x1b,0x1b,0x1b
-+
-+.globl	${prefix}_set_encrypt_key
-+.type	${prefix}_set_encrypt_key,%function
-+.align	5
-+${prefix}_set_encrypt_key:
-+.Lenc_key:
-+___
-+$code.=<<___	if ($flavour =~ /64/);
-+	stp	x29,x30,[sp,#-16]!
-+	add	x29,sp,#0
-+___
-+$code.=<<___;
-+	adr	$ptr,rcon
-+	cmp	$bits,#192
-+
-+	veor	$zero,$zero,$zero
-+	vld1.8	{$in0},[$inp],#16
-+	mov	$bits,#8		// reuse $bits
-+	vld1.32	{$rcon,$mask},[$ptr],#32
-+
-+	b.lt	.Loop128
-+	b.eq	.L192
-+	b	.L256
-+
-+.align	4
-+.Loop128:
-+	vtbl.8	$key,{$in0},$mask
-+	vext.8	$tmp,$zero,$in0,#12
-+	vst1.32	{$in0},[$out],#16
-+	aese	$key,$zero
-+	subs	$bits,$bits,#1
-+
-+	veor	$in0,$in0,$tmp
-+	vext.8	$tmp,$zero,$tmp,#12
-+	veor	$in0,$in0,$tmp
-+	vext.8	$tmp,$zero,$tmp,#12
-+	 veor	$key,$key,$rcon
-+	veor	$in0,$in0,$tmp
-+	vshl.u8	$rcon,$rcon,#1
-+	veor	$in0,$in0,$key
-+	b.ne	.Loop128
-+
-+	vld1.32	{$rcon},[$ptr]
-+
-+	vtbl.8	$key,{$in0},$mask
-+	vext.8	$tmp,$zero,$in0,#12
-+	vst1.32	{$in0},[$out],#16
-+	aese	$key,$zero
-+
-+	veor	$in0,$in0,$tmp
-+	vext.8	$tmp,$zero,$tmp,#12
-+	veor	$in0,$in0,$tmp
-+	vext.8	$tmp,$zero,$tmp,#12
-+	 veor	$key,$key,$rcon
-+	veor	$in0,$in0,$tmp
-+	vshl.u8	$rcon,$rcon,#1
-+	veor	$in0,$in0,$key
-+
-+	vtbl.8	$key,{$in0},$mask
-+	vext.8	$tmp,$zero,$in0,#12
-+	vst1.32	{$in0},[$out],#16
-+	aese	$key,$zero
-+
-+	veor	$in0,$in0,$tmp
-+	vext.8	$tmp,$zero,$tmp,#12
-+	veor	$in0,$in0,$tmp
-+	vext.8	$tmp,$zero,$tmp,#12
-+	 veor	$key,$key,$rcon
-+	veor	$in0,$in0,$tmp
-+	veor	$in0,$in0,$key
-+	vst1.32	{$in0},[$out]
-+	add	$out,$out,#0x50
-+
-+	mov	$rounds,#10
-+	b	.Ldone
-+
-+.align	4
-+.L192:
-+	vld1.8	{$in1},[$inp],#8
-+	vmov.i8	$key,#8			// borrow $key
-+	vst1.32	{$in0},[$out],#16
-+	vsub.i8	$mask,$mask,$key	// adjust the mask
-+
-+.Loop192:
-+	vtbl.8	$key,{$in1},$mask
-+	vext.8	$tmp,$zero,$in0,#12
-+	vst1.32	{$in1},[$out],#8
-+	aese	$key,$zero
-+	subs	$bits,$bits,#1
-+
-+	veor	$in0,$in0,$tmp
-+	vext.8	$tmp,$zero,$tmp,#12
-+	veor	$in0,$in0,$tmp
-+	vext.8	$tmp,$zero,$tmp,#12
-+	veor	$in0,$in0,$tmp
-+
-+	vdup.32	$tmp,${in0}[3]
-+	veor	$tmp,$tmp,$in1
-+	 veor	$key,$key,$rcon
-+	vext.8	$in1,$zero,$in1,#12
-+	vshl.u8	$rcon,$rcon,#1
-+	veor	$in1,$in1,$tmp
-+	veor	$in0,$in0,$key
-+	veor	$in1,$in1,$key
-+	vst1.32	{$in0},[$out],#16
-+	b.ne	.Loop192
-+
-+	mov	$rounds,#12
-+	add	$out,$out,#0x20
-+	b	.Ldone
-+
-+.align	4
-+.L256:
-+	vld1.8	{$in1},[$inp]
-+	mov	$bits,#7
-+	mov	$rounds,#14
-+	vst1.32	{$in0},[$out],#16
-+
-+.Loop256:
-+	vtbl.8	$key,{$in1},$mask
-+	vext.8	$tmp,$zero,$in0,#12
-+	vst1.32	{$in1},[$out],#16
-+	aese	$key,$zero
-+	subs	$bits,$bits,#1
-+
-+	veor	$in0,$in0,$tmp
-+	vext.8	$tmp,$zero,$tmp,#12
-+	veor	$in0,$in0,$tmp
-+	vext.8	$tmp,$zero,$tmp,#12
-+	 veor	$key,$key,$rcon
-+	veor	$in0,$in0,$tmp
-+	vshl.u8	$rcon,$rcon,#1
-+	veor	$in0,$in0,$key
-+	vst1.32	{$in0},[$out],#16
-+	b.eq	.Ldone
-+
-+	vdup.32	$key,${in0}[3]		// just splat
-+	vext.8	$tmp,$zero,$in1,#12
-+	aese	$key,$zero
-+
-+	veor	$in1,$in1,$tmp
-+	vext.8	$tmp,$zero,$tmp,#12
-+	veor	$in1,$in1,$tmp
-+	vext.8	$tmp,$zero,$tmp,#12
-+	veor	$in1,$in1,$tmp
-+
-+	veor	$in1,$in1,$key
-+	b	.Loop256
-+
-+.Ldone:
-+	str	$rounds,[$out]
-+
-+	eor	x0,x0,x0		// return value
-+	`"ldr	x29,[sp],#16"		if ($flavour =~ /64/)`
-+	ret
-+.size	${prefix}_set_encrypt_key,.-${prefix}_set_encrypt_key
-+
-+.globl	${prefix}_set_decrypt_key
-+.type	${prefix}_set_decrypt_key,%function
-+.align	5
-+${prefix}_set_decrypt_key:
-+___
-+$code.=<<___	if ($flavour =~ /64/);
-+	stp	x29,x30,[sp,#-16]!
-+	add	x29,sp,#0
-+___
-+$code.=<<___	if ($flavour !~ /64/);
-+	stmdb	sp!,{r4,lr}
-+___
-+$code.=<<___;
-+	bl	.Lenc_key
-+
-+	sub	$out,$out,#240		// restore original $out
-+	mov	x4,#-16
-+	add	$inp,$out,x12,lsl#4	// end of key schedule
-+
-+	vld1.32	{v0.16b},[$out]
-+	vld1.32	{v1.16b},[$inp]
-+	vst1.32	{v0.16b},[$inp],x4
-+	vst1.32	{v1.16b},[$out],#16
-+
-+.Loop_imc:
-+	vld1.32	{v0.16b},[$out]
-+	vld1.32	{v1.16b},[$inp]
-+	aesimc	v0.16b,v0.16b
-+	aesimc	v1.16b,v1.16b
-+	vst1.32	{v0.16b},[$inp],x4
-+	vst1.32	{v1.16b},[$out],#16
-+	cmp	$inp,$out
-+	b.hi	.Loop_imc
-+
-+	vld1.32	{v0.16b},[$out]
-+	aesimc	v0.16b,v0.16b
-+	vst1.32	{v0.16b},[$inp]
-+
-+	eor	x0,x0,x0		// return value
-+___
-+$code.=<<___	if ($flavour !~ /64/);
-+	ldmia	sp!,{r4,pc}
-+___
-+$code.=<<___	if ($flavour =~ /64/);
-+	ldp	x29,x30,[sp],#16
-+	ret
-+___
-+$code.=<<___;
-+.size	${prefix}_set_decrypt_key,.-${prefix}_set_decrypt_key
-+___
-+}}}
-+{{{
-+sub gen_block () {
-+my $dir = shift;
-+my ($e,$mc) = $dir eq "en" ? ("e","mc") : ("d","imc");
-+my ($inp,$out,$key)=map("x$_",(0..2));
-+my $rounds="w3";
-+my ($rndkey0,$rndkey1,$inout)=map("q$_",(0..3));
-+
-+$code.=<<___;
-+.globl	${prefix}_${dir}crypt
-+.type	${prefix}_${dir}crypt,%function
-+.align	5
-+${prefix}_${dir}crypt:
-+	ldr	$rounds,[$key,#240]
-+	vld1.32	{$rndkey0},[$key],#16
-+	vld1.8	{$inout},[$inp]
-+	sub	$rounds,$rounds,#2
-+	vld1.32	{$rndkey1},[$key],#16
-+
-+.Loop_${dir}c:
-+	aes$e	$inout,$rndkey0
-+	vld1.32	{$rndkey0},[$key],#16
-+	aes$mc	$inout,$inout
-+	subs	$rounds,$rounds,#2
-+	aes$e	$inout,$rndkey1
-+	vld1.32	{$rndkey1},[$key],#16
-+	aes$mc	$inout,$inout
-+	b.gt	.Loop_${dir}c
-+
-+	aes$e	$inout,$rndkey0
-+	vld1.32	{$rndkey0},[$key]
-+	aes$mc	$inout,$inout
-+	aes$e	$inout,$rndkey1
-+	veor	$inout,$inout,$rndkey0
-+
-+	vst1.8	{$inout},[$out]
-+	ret
-+.size	${prefix}_${dir}crypt,.-${prefix}_${dir}crypt
-+___
-+}
-+&gen_block("en");
-+&gen_block("de");
-+}}}
-+{{{
-+my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4)); my $enc="w5";
-+my ($rounds,$cnt,$key_,$step,$step1)=($enc,"w6","x7","x8","x12");
-+my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7));
-+
-+my ($dat,$tmp,$rndzero_n_last)=($dat0,$tmp0,$tmp1);
-+
-+### q8-q15	preloaded key schedule
-+
-+$code.=<<___;
-+.globl	${prefix}_cbc_encrypt
-+.type	${prefix}_cbc_encrypt,%function
-+.align	5
-+${prefix}_cbc_encrypt:
-+___
-+$code.=<<___	if ($flavour =~ /64/);
-+	stp	x29,x30,[sp,#-16]!
-+	add	x29,sp,#0
-+___
-+$code.=<<___	if ($flavour !~ /64/);
-+	mov	ip,sp
-+	stmdb	sp!,{r4-r8,lr}
-+	vstmdb	sp!,{d8-d15}            @ ABI specification says so
-+	ldmia	ip,{r4-r5}		@ load remaining args
-+___
-+$code.=<<___;
-+	subs	$len,$len,#16
-+	mov	$step,#16
-+	b.lo	.Lcbc_abort
-+	cclr	$step,eq
-+
-+	cmp	$enc,#0			// en- or decrypting?
-+	ldr	$rounds,[$key,#240]
-+	and	$len,$len,#-16
-+	vld1.8	{$ivec},[$ivp]
-+	vld1.8	{$dat},[$inp],$step
-+
-+	vld1.32	{q8-q9},[$key]		// load key schedule...
-+	sub	$rounds,$rounds,#6
-+	add	$key_,$key,x5,lsl#4	// pointer to last 7 round keys
-+	sub	$rounds,$rounds,#2
-+	vld1.32	{q10-q11},[$key_],#32
-+	vld1.32	{q12-q13},[$key_],#32
-+	vld1.32	{q14-q15},[$key_],#32
-+	vld1.32	{$rndlast},[$key_]
-+
-+	add	$key_,$key,#32
-+	mov	$cnt,$rounds
-+	b.eq	.Lcbc_dec
-+
-+	cmp	$rounds,#2
-+	veor	$dat,$dat,$ivec
-+	veor	$rndzero_n_last,q8,$rndlast
-+	b.eq	.Lcbc_enc128
-+
-+.Loop_cbc_enc:
-+	aese	$dat,q8
-+	vld1.32	{q8},[$key_],#16
-+	aesmc	$dat,$dat
-+	subs	$cnt,$cnt,#2
-+	aese	$dat,q9
-+	vld1.32	{q9},[$key_],#16
-+	aesmc	$dat,$dat
-+	b.gt	.Loop_cbc_enc
-+
-+	aese	$dat,q8
-+	aesmc	$dat,$dat
-+	 subs	$len,$len,#16
-+	aese	$dat,q9
-+	aesmc	$dat,$dat
-+	 cclr	$step,eq
-+	aese	$dat,q10
-+	aesmc	$dat,$dat
-+	 add	$key_,$key,#16
-+	aese	$dat,q11
-+	aesmc	$dat,$dat
-+	 vld1.8	{q8},[$inp],$step
-+	aese	$dat,q12
-+	aesmc	$dat,$dat
-+	 veor	q8,q8,$rndzero_n_last
-+	aese	$dat,q13
-+	aesmc	$dat,$dat
-+	 vld1.32 {q9},[$key_],#16	// re-pre-load rndkey[1]
-+	aese	$dat,q14
-+	aesmc	$dat,$dat
-+	aese	$dat,q15
-+
-+	 mov	$cnt,$rounds
-+	veor	$ivec,$dat,$rndlast
-+	vst1.8	{$ivec},[$out],#16
-+	b.hs	.Loop_cbc_enc
-+
-+	b	.Lcbc_done
-+
-+.align	5
-+.Lcbc_enc128:
-+	vld1.32	{$in0-$in1},[$key_]
-+	aese	$dat,q8
-+	aesmc	$dat,$dat
-+	b	.Lenter_cbc_enc128
-+.Loop_cbc_enc128:
-+	aese	$dat,q8
-+	aesmc	$dat,$dat
-+	 vst1.8	{$ivec},[$out],#16
-+.Lenter_cbc_enc128:
-+	aese	$dat,q9
-+	aesmc	$dat,$dat
-+	 subs	$len,$len,#16
-+	aese	$dat,$in0
-+	aesmc	$dat,$dat
-+	 cclr	$step,eq
-+	aese	$dat,$in1
-+	aesmc	$dat,$dat
-+	aese	$dat,q10
-+	aesmc	$dat,$dat
-+	aese	$dat,q11
-+	aesmc	$dat,$dat
-+	 vld1.8	{q8},[$inp],$step
-+	aese	$dat,q12
-+	aesmc	$dat,$dat
-+	aese	$dat,q13
-+	aesmc	$dat,$dat
-+	aese	$dat,q14
-+	aesmc	$dat,$dat
-+	 veor	q8,q8,$rndzero_n_last
-+	aese	$dat,q15
-+	veor	$ivec,$dat,$rndlast
-+	b.hs	.Loop_cbc_enc128
-+
-+	vst1.8	{$ivec},[$out],#16
-+	b	.Lcbc_done
-+
-+.align	5
-+.Lcbc_dec128:
-+	vld1.32	{$tmp0-$tmp1},[$key_]
-+	veor	$ivec,$ivec,$rndlast
-+	veor	$in0,$dat0,$rndlast
-+	mov	$step1,$step
-+
-+.Loop2x_cbc_dec128:
-+	aesd	$dat0,q8
-+	aesd	$dat1,q8
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	 subs	$len,$len,#32
-+	aesd	$dat0,q9
-+	aesd	$dat1,q9
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	 cclr	$step,lo
-+	aesd	$dat0,$tmp0
-+	aesd	$dat1,$tmp0
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	 cclr	$step1,ls
-+	aesd	$dat0,$tmp1
-+	aesd	$dat1,$tmp1
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	aesd	$dat0,q10
-+	aesd	$dat1,q10
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	aesd	$dat0,q11
-+	aesd	$dat1,q11
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	aesd	$dat0,q12
-+	aesd	$dat1,q12
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	aesd	$dat0,q13
-+	aesd	$dat1,q13
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	aesd	$dat0,q14
-+	aesd	$dat1,q14
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	aesd	$dat0,q15
-+	aesd	$dat1,q15
-+
-+	veor	$ivec,$ivec,$dat0
-+	vld1.8	{$dat0},[$inp],$step
-+	veor	$in0,$in0,$dat1
-+	vld1.8	{$dat1},[$inp],$step1
-+	vst1.8	{$ivec},[$out],#16
-+	veor	$ivec,$in1,$rndlast
-+	vst1.8	{$in0},[$out],#16
-+	veor	$in0,$dat0,$rndlast
-+	vorr	$in1,$dat1,$dat1
-+	b.hs	.Loop2x_cbc_dec128
-+
-+	adds	$len,$len,#32
-+	veor	$ivec,$ivec,$rndlast
-+	b.eq	.Lcbc_done
-+	veor	$in0,$in0,$rndlast
-+	b	.Lcbc_dec_tail
-+
-+.align	5
-+.Lcbc_dec:
-+	subs	$len,$len,#16
-+	vorr	$in0,$dat,$dat
-+	b.lo	.Lcbc_dec_tail
-+
-+	cclr	$step,eq
-+	cmp	$rounds,#2
-+	vld1.8	{$dat1},[$inp],$step
-+	vorr	$in1,$dat1,$dat1
-+	b.eq	.Lcbc_dec128
-+
-+.Loop2x_cbc_dec:
-+	aesd	$dat0,q8
-+	aesd	$dat1,q8
-+	vld1.32	{q8},[$key_],#16
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	subs	$cnt,$cnt,#2
-+	aesd	$dat0,q9
-+	aesd	$dat1,q9
-+	vld1.32	{q9},[$key_],#16
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	b.gt	.Loop2x_cbc_dec
-+
-+	aesd	$dat0,q8
-+	aesd	$dat1,q8
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	 veor	$tmp0,$ivec,$rndlast
-+	 veor	$tmp1,$in0,$rndlast
-+	aesd	$dat0,q9
-+	aesd	$dat1,q9
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	 vorr	$ivec,$in1,$in1
-+	 subs	$len,$len,#32
-+	aesd	$dat0,q10
-+	aesd	$dat1,q10
-+	aesimc	$dat0,$dat0
-+	 cclr	$step,lo
-+	aesimc	$dat1,$dat1
-+	 mov	$key_,$key
-+	aesd	$dat0,q11
-+	aesd	$dat1,q11
-+	aesimc	$dat0,$dat0
-+	 vld1.8	{$in0},[$inp],$step
-+	aesimc	$dat1,$dat1
-+	 cclr	$step,ls
-+	aesd	$dat0,q12
-+	aesd	$dat1,q12
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	 vld1.8	{$in1},[$inp],$step
-+	aesd	$dat0,q13
-+	aesd	$dat1,q13
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	 vld1.32 {q8},[$key_],#16	// re-pre-load rndkey[0]
-+	aesd	$dat0,q14
-+	aesd	$dat1,q14
-+	aesimc	$dat0,$dat0
-+	aesimc	$dat1,$dat1
-+	 vld1.32 {q9},[$key_],#16	// re-pre-load rndkey[1]
-+	aesd	$dat0,q15
-+	aesd	$dat1,q15
-+
-+	 mov	$cnt,$rounds
-+	veor	$tmp0,$tmp0,$dat0
-+	veor	$tmp1,$tmp1,$dat1
-+	 vorr	$dat0,$in0,$in0
-+	vst1.8	{$tmp0},[$out],#16
-+	 vorr	$dat1,$in1,$in1
-+	vst1.8	{$tmp1},[$out],#16
-+	b.hs	.Loop2x_cbc_dec
-+
-+	adds	$len,$len,#32
-+	b.eq	.Lcbc_done
-+
-+.Lcbc_dec_tail:
-+	aesd	$dat,q8
-+	vld1.32	{q8},[$key_],#16
-+	aesimc	$dat,$dat
-+	subs	$cnt,$cnt,#2
-+	aesd	$dat,q9
-+	vld1.32	{q9},[$key_],#16
-+	aesimc	$dat,$dat
-+	b.gt	.Lcbc_dec_tail
-+
-+	aesd	$dat,q8
-+	aesimc	$dat,$dat
-+	aesd	$dat,q9
-+	aesimc	$dat,$dat
-+	 veor	$tmp,$ivec,$rndlast
-+	aesd	$dat,q10
-+	aesimc	$dat,$dat
-+	 vorr	$ivec,$in0,$in0
-+	aesd	$dat,q11
-+	aesimc	$dat,$dat
-+	aesd	$dat,q12
-+	aesimc	$dat,$dat
-+	aesd	$dat,q13
-+	aesimc	$dat,$dat
-+	aesd	$dat,q14
-+	aesimc	$dat,$dat
-+	aesd	$dat,q15
-+
-+	veor	$tmp,$tmp,$dat
-+	vst1.8	{$tmp},[$out],#16
-+
-+.Lcbc_done:
-+	vst1.8	{$ivec},[$ivp]
-+.Lcbc_abort:
-+___
-+$code.=<<___	if ($flavour !~ /64/);
-+	vldmia	sp!,{d8-d15}
-+	ldmia	sp!,{r4-r8,pc}
-+___
-+$code.=<<___	if ($flavour =~ /64/);
-+	ldr	x29,[sp],#16
-+	ret
-+___
-+$code.=<<___;
-+.size	${prefix}_cbc_encrypt,.-${prefix}_cbc_encrypt
-+___
-+}}}
-+{{{
-+my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4));
-+my ($rounds,$cnt,$key_,$ctr,$tctr,$tctr1)=("w5","w6","x7","w8","w9","w10");
-+my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7));
-+
-+my ($dat,$tmp)=($dat0,$tmp0);
-+
-+### q8-q15	preloaded key schedule
-+
-+$code.=<<___;
-+.globl	${prefix}_ctr32_encrypt_blocks
-+.type	${prefix}_ctr32_encrypt_blocks,%function
-+.align	5
-+${prefix}_ctr32_encrypt_blocks:
-+___
-+$code.=<<___	if ($flavour =~ /64/);
-+	stp		x29,x30,[sp,#-16]!
-+	add		x29,sp,#0
-+___
-+$code.=<<___	if ($flavour !~ /64/);
-+	mov		ip,sp
-+	stmdb		sp!,{r4-r10,lr}
-+	vstmdb		sp!,{d8-d15}            @ ABI specification says so
-+	ldr		r4, [ip]		@ load remaining arg
-+___
-+$code.=<<___;
-+	ldr		$rounds,[$key,#240]
-+
-+	ldr		$ctr, [$ivp, #12]
-+	vld1.32		{$dat0},[$ivp]
-+
-+	vld1.32		{q8-q9},[$key]		// load key schedule...
-+	sub		$rounds,$rounds,#6
-+	add		$key_,$key,x5,lsl#4	// pointer to last 7 round keys
-+	sub		$rounds,$rounds,#2
-+	vld1.32		{q10-q11},[$key_],#32
-+	vld1.32		{q12-q13},[$key_],#32
-+	vld1.32		{q14-q15},[$key_],#32
-+	vld1.32		{$rndlast},[$key_]
-+
-+	add		$key_,$key,#32
-+	mov		$cnt,$rounds
-+
-+	subs		$len,$len,#2
-+	b.lo		.Lctr32_tail
-+
-+#ifndef __ARMEB__
-+	rev		$ctr, $ctr
-+#endif
-+	vorr		$dat1,$dat0,$dat0
-+	add		$ctr, $ctr, #1
-+	vorr		$ivec,$dat0,$dat0
-+	rev		$tctr1, $ctr
-+	cmp		$rounds,#2
-+	vmov.32		${dat1}[3],$tctr1
-+	b.eq		.Lctr32_128
-+
-+.Loop2x_ctr32:
-+	aese		$dat0,q8
-+	aese		$dat1,q8
-+	vld1.32		{q8},[$key_],#16
-+	aesmc		$dat0,$dat0
-+	aesmc		$dat1,$dat1
-+	subs		$cnt,$cnt,#2
-+	aese		$dat0,q9
-+	aese		$dat1,q9
-+	vld1.32		{q9},[$key_],#16
-+	aesmc		$dat0,$dat0
-+	aesmc		$dat1,$dat1
-+	b.gt		.Loop2x_ctr32
-+
-+	aese		$dat0,q8
-+	aese		$dat1,q8
-+	aesmc		$tmp0,$dat0
-+	 vorr		$dat0,$ivec,$ivec
-+	aesmc		$tmp1,$dat1
-+	 vorr		$dat1,$ivec,$ivec
-+	aese		$tmp0,q9
-+	aese		$tmp1,q9
-+	 vld1.8		{$in0},[$inp],#16
-+	aesmc		$tmp0,$tmp0
-+	 vld1.8		{$in1},[$inp],#16
-+	aesmc		$tmp1,$tmp1
-+	 add		$ctr,$ctr,#1
-+	aese		$tmp0,q10
-+	aese		$tmp1,q10
-+	 rev		$tctr,$ctr
-+	aesmc		$tmp0,$tmp0
-+	aesmc		$tmp1,$tmp1
-+	 add		$ctr,$ctr,#1
-+	aese		$tmp0,q11
-+	aese		$tmp1,q11
-+	 veor		$in0,$in0,$rndlast
-+	 rev		$tctr1,$ctr
-+	aesmc		$tmp0,$tmp0
-+	aesmc		$tmp1,$tmp1
-+	 veor		$in1,$in1,$rndlast
-+	 mov		$key_,$key
-+	aese		$tmp0,q12
-+	aese		$tmp1,q12
-+	 subs		$len,$len,#2
-+	aesmc		$tmp0,$tmp0
-+	aesmc		$tmp1,$tmp1
-+	 vld1.32	 {q8-q9},[$key_],#32	// re-pre-load rndkey[0-1]
-+	aese		$tmp0,q13
-+	aese		$tmp1,q13
-+	aesmc		$tmp0,$tmp0
-+	aesmc		$tmp1,$tmp1
-+	aese		$tmp0,q14
-+	aese		$tmp1,q14
-+	 vmov.32	${dat0}[3], $tctr
-+	aesmc		$tmp0,$tmp0
-+	 vmov.32	${dat1}[3], $tctr1
-+	aesmc		$tmp1,$tmp1
-+	aese		$tmp0,q15
-+	aese		$tmp1,q15
-+
-+	 mov		$cnt,$rounds
-+	veor		$in0,$in0,$tmp0
-+	veor		$in1,$in1,$tmp1
-+	vst1.8		{$in0},[$out],#16
-+	vst1.8		{$in1},[$out],#16
-+	b.hs		.Loop2x_ctr32
-+
-+	adds		$len,$len,#2
-+	b.eq		.Lctr32_done
-+	b		.Lctr32_tail
-+
-+.Lctr32_128:
-+	vld1.32		{$tmp0-$tmp1},[$key_]
-+
-+.Loop2x_ctr32_128:
-+	aese		$dat0,q8
-+	aese		$dat1,q8
-+	aesmc		$dat0,$dat0
-+	 vld1.8		{$in0},[$inp],#16
-+	aesmc		$dat1,$dat1
-+	 vld1.8		{$in1},[$inp],#16
-+	aese		$dat0,q9
-+	aese		$dat1,q9
-+	 add		$ctr,$ctr,#1
-+	aesmc		$dat0,$dat0
-+	aesmc		$dat1,$dat1
-+	 rev		$tctr,$ctr
-+	aese		$dat0,$tmp0
-+	aese		$dat1,$tmp0
-+	 add		$ctr,$ctr,#1
-+	aesmc		$dat0,$dat0
-+	aesmc		$dat1,$dat1
-+	 rev		$tctr1,$ctr
-+	aese		$dat0,$tmp1
-+	aese		$dat1,$tmp1
-+	 subs		$len,$len,#2
-+	aesmc		$dat0,$dat0
-+	aesmc		$dat1,$dat1
-+	aese		$dat0,q10
-+	aese		$dat1,q10
-+	aesmc		$dat0,$dat0
-+	aesmc		$dat1,$dat1
-+	aese		$dat0,q11
-+	aese		$dat1,q11
-+	aesmc		$dat0,$dat0
-+	aesmc		$dat1,$dat1
-+	aese		$dat0,q12
-+	aese		$dat1,q12
-+	aesmc		$dat0,$dat0
-+	aesmc		$dat1,$dat1
-+	aese		$dat0,q13
-+	aese		$dat1,q13
-+	aesmc		$dat0,$dat0
-+	aesmc		$dat1,$dat1
-+	aese		$dat0,q14
-+	aese		$dat1,q14
-+	aesmc		$dat0,$dat0
-+	aesmc		$dat1,$dat1
-+	 veor		$in0,$in0,$rndlast
-+	aese		$dat0,q15
-+	 veor		$in1,$in1,$rndlast
-+	aese		$dat1,q15
-+
-+	veor		$in0,$in0,$dat0
-+	vorr		$dat0,$ivec,$ivec
-+	veor		$in1,$in1,$dat1
-+	vorr		$dat1,$ivec,$ivec
-+	vst1.8		{$in0},[$out],#16
-+	vmov.32		${dat0}[3], $tctr
-+	vst1.8		{$in1},[$out],#16
-+	vmov.32		${dat1}[3], $tctr1
-+	b.hs		.Loop2x_ctr32_128
-+
-+	adds		$len,$len,#2
-+	b.eq		.Lctr32_done
-+
-+.Lctr32_tail:
-+	aese		$dat,q8
-+	vld1.32		{q8},[$key_],#16
-+	aesmc		$dat,$dat
-+	subs		$cnt,$cnt,#2
-+	aese		$dat,q9
-+	vld1.32		{q9},[$key_],#16
-+	aesmc		$dat,$dat
-+	b.gt		.Lctr32_tail
-+
-+	aese		$dat,q8
-+	aesmc		$dat,$dat
-+	aese		$dat,q9
-+	aesmc		$dat,$dat
-+	 vld1.8		{$in0},[$inp]
-+	aese		$dat,q10
-+	aesmc		$dat,$dat
-+	aese		$dat,q11
-+	aesmc		$dat,$dat
-+	aese		$dat,q12
-+	aesmc		$dat,$dat
-+	aese		$dat,q13
-+	aesmc		$dat,$dat
-+	aese		$dat,q14
-+	aesmc		$dat,$dat
-+	 veor		$in0,$in0,$rndlast
-+	aese		$dat,q15
-+
-+	veor		$in0,$in0,$dat
-+	vst1.8		{$in0},[$out]
-+
-+.Lctr32_done:
-+___
-+$code.=<<___	if ($flavour !~ /64/);
-+	vldmia		sp!,{d8-d15}
-+	ldmia		sp!,{r4-r10,pc}
-+___
-+$code.=<<___	if ($flavour =~ /64/);
-+	ldr		x29,[sp],#16
-+	ret
-+___
-+$code.=<<___;
-+.size	${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks
-+___
-+}}}
-+$code.=<<___;
-+#endif
-+___
-+########################################
-+if ($flavour =~ /64/) {			######## 64-bit code
-+    my %opcode = (
-+	"aesd"	=>	0x4e285800,	"aese"	=>	0x4e284800,
-+	"aesimc"=>	0x4e287800,	"aesmc"	=>	0x4e286800	);
-+
-+    local *unaes = sub {
-+	my ($mnemonic,$arg)=@_;
-+
-+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o	&&
-+	sprintf ".inst\t0x%08x\t//%s %s",
-+			$opcode{$mnemonic}|$1|($2<<5),
-+			$mnemonic,$arg;
-+    };
-+
-+    foreach(split("\n",$code)) {
-+        s/\`([^\`]*)\`/eval($1)/geo;
-+
-+	s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo;	# old->new registers
-+        s/@\s/\/\//o;			# old->new style commentary
-+
-+	#s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo	or
-+	s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel	$1$2,$1zr,$1$2,$3/o	or
-+        s/vmov\.i8/movi/o	or	# fix up legacy mnemonics
-+        s/vext\.8/ext/o		or
-+        s/vrev32\.8/rev32/o	or
-+        s/vtst\.8/cmtst/o	or
-+        s/vshr/ushr/o		or
-+        s/^(\s+)v/$1/o		or	# strip off v prefix
-+	s/\bbx\s+lr\b/ret/o;
-+
-+	# fix up remainig legacy suffixes
-+	s/\.[ui]?8//o;
-+	m/\],#8/o and s/\.16b/\.8b/go;
-+        s/\.[ui]?32//o and s/\.16b/\.4s/go;
-+        s/\.[ui]?64//o and s/\.16b/\.2d/go;
-+	s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
-+
-+        print $_,"\n";
-+    }
-+} else {				######## 32-bit code
-+    my %opcode = (
-+	"aesd"	=>	0xf3b00340,	"aese"	=>	0xf3b00300,
-+	"aesimc"=>	0xf3b003c0,	"aesmc"	=>	0xf3b00380	);
-+
-+    local *unaes = sub {
-+	my ($mnemonic,$arg)=@_;
-+
-+	if ($arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o) {
-+	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
-+					 |(($2&7)<<1) |(($2&8)<<2);
-+	    # since ARMv7 instructions are always encoded little-endian.
-+	    # correct solution is to use .inst directive, but older
-+	    # assemblers don't implement it:-(
-+	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
-+			$word&0xff,($word>>8)&0xff,
-+			($word>>16)&0xff,($word>>24)&0xff,
-+			$mnemonic,$arg;
-+	}
-+    };
-+
-+    sub unvtbl {
-+	my $arg=shift;
-+
-+	$arg =~ m/q([0-9]+),\s*\{q([0-9]+)\},\s*q([0-9]+)/o &&
-+	sprintf	"vtbl.8	d%d,{q%d},d%d\n\t".
-+		"vtbl.8	d%d,{q%d},d%d", 2*$1,$2,2*$3, 2*$1+1,$2,2*$3+1;	
-+    }
-+
-+    sub unvdup32 {
-+	my $arg=shift;
-+
-+	$arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o &&
-+	sprintf	"vdup.32	q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1;	
-+    }
-+
-+    sub unvmov32 {
-+	my $arg=shift;
-+
-+	$arg =~ m/q([0-9]+)\[([0-3])\],(.*)/o &&
-+	sprintf	"vmov.32	d%d[%d],%s",2*$1+($2>>1),$2&1,$3;	
-+    }
-+
-+    foreach(split("\n",$code)) {
-+        s/\`([^\`]*)\`/eval($1)/geo;
-+
-+	s/\b[wx]([0-9]+)\b/r$1/go;		# new->old registers
-+	s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go;	# new->old registers
-+        s/\/\/\s?/@ /o;				# new->old style commentary
-+
-+	# fix up remainig new-style suffixes
-+	s/\{q([0-9]+)\},\s*\[(.+)\],#8/sprintf "{d%d},[$2]!",2*$1/eo	or
-+	s/\],#[0-9]+/]!/o;
-+
-+	s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo	or
-+	s/cclr\s+([^,]+),\s*([a-z]+)/mov$2	$1,#0/o	or
-+	s/vtbl\.8\s+(.*)/unvtbl($1)/geo			or
-+	s/vdup\.32\s+(.*)/unvdup32($1)/geo		or
-+	s/vmov\.32\s+(.*)/unvmov32($1)/geo		or
-+	s/^(\s+)b\./$1b/o				or
-+	s/^(\s+)ret/$1bx\tlr/o;
-+
-+        print $_,"\n";
-+    }
-+}
-+
-+close STDOUT;
-diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl
-new file mode 100644
-index 0000000..f3d96d9
---- /dev/null
-+++ b/crypto/aes/asm/bsaes-armv7.pl
-@@ -0,0 +1,2467 @@
-+#!/usr/bin/env perl
-+
-+# ====================================================================
-+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-+# project. The module is, however, dual licensed under OpenSSL and
-+# CRYPTOGAMS licenses depending on where you obtain it. For further
-+# details see http://www.openssl.org/~appro/cryptogams/.
-+#
-+# Specific modes and adaptation for Linux kernel by Ard Biesheuvel
-+# <ard.biesheuvel@linaro.org>. Permission to use under GPL terms is
-+# granted.
-+# ====================================================================
-+
-+# Bit-sliced AES for ARM NEON
-+#
-+# February 2012.
-+#
-+# This implementation is direct adaptation of bsaes-x86_64 module for
-+# ARM NEON. Except that this module is endian-neutral [in sense that
-+# it can be compiled for either endianness] by courtesy of vld1.8's
-+# neutrality. Initial version doesn't implement interface to OpenSSL,
-+# only low-level primitives and unsupported entry points, just enough
-+# to collect performance results, which for Cortex-A8 core are:
-+#
-+# encrypt	19.5 cycles per byte processed with 128-bit key
-+# decrypt	22.1 cycles per byte processed with 128-bit key
-+# key conv.	440  cycles per 128-bit key/0.18 of 8x block
-+#
-+# Snapdragon S4 encrypts byte in 17.6 cycles and decrypts in 19.7,
-+# which is [much] worse than anticipated (for further details see
-+# http://www.openssl.org/~appro/Snapdragon-S4.html).
-+#
-+# Cortex-A15 manages in 14.2/16.1 cycles [when integer-only code
-+# manages in 20.0 cycles].
-+#
-+# When comparing to x86_64 results keep in mind that NEON unit is
-+# [mostly] single-issue and thus can't [fully] benefit from
-+# instruction-level parallelism. And when comparing to aes-armv4
-+# results keep in mind key schedule conversion overhead (see
-+# bsaes-x86_64.pl for further details)...
-+#
-+#						<appro@openssl.org>
-+
-+# April-August 2013
-+#
-+# Add CBC, CTR and XTS subroutines, adapt for kernel use.
-+#
-+#					<ard.biesheuvel@linaro.org>
-+
-+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
-+open STDOUT,">$output";
-+
-+my ($inp,$out,$len,$key)=("r0","r1","r2","r3");
-+my @XMM=map("q$_",(0..15));
-+
-+{
-+my ($key,$rounds,$const)=("r4","r5","r6");
-+
-+sub Dlo()   { shift=~m|q([1]?[0-9])|?"d".($1*2):"";     }
-+sub Dhi()   { shift=~m|q([1]?[0-9])|?"d".($1*2+1):"";   }
-+
-+sub Sbox {
-+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-+# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb
-+my @b=@_[0..7];
-+my @t=@_[8..11];
-+my @s=@_[12..15];
-+	&InBasisChange	(@b);
-+	&Inv_GF256	(@b[6,5,0,3,7,1,4,2],@t,@s);
-+	&OutBasisChange	(@b[7,1,4,2,6,5,0,3]);
-+}
-+
-+sub InBasisChange {
-+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-+# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb 
-+my @b=@_[0..7];
-+$code.=<<___;
-+	veor	@b[2], @b[2], @b[1]
-+	veor	@b[5], @b[5], @b[6]
-+	veor	@b[3], @b[3], @b[0]
-+	veor	@b[6], @b[6], @b[2]
-+	veor	@b[5], @b[5], @b[0]
-+
-+	veor	@b[6], @b[6], @b[3]
-+	veor	@b[3], @b[3], @b[7]
-+	veor	@b[7], @b[7], @b[5]
-+	veor	@b[3], @b[3], @b[4]
-+	veor	@b[4], @b[4], @b[5]
-+
-+	veor	@b[2], @b[2], @b[7]
-+	veor	@b[3], @b[3], @b[1]
-+	veor	@b[1], @b[1], @b[5]
-+___
-+}
-+
-+sub OutBasisChange {
-+# input in  lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-+# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb
-+my @b=@_[0..7];
-+$code.=<<___;
-+	veor	@b[0], @b[0], @b[6]
-+	veor	@b[1], @b[1], @b[4]
-+	veor	@b[4], @b[4], @b[6]
-+	veor	@b[2], @b[2], @b[0]
-+	veor	@b[6], @b[6], @b[1]
-+
-+	veor	@b[1], @b[1], @b[5]
-+	veor	@b[5], @b[5], @b[3]
-+	veor	@b[3], @b[3], @b[7]
-+	veor	@b[7], @b[7], @b[5]
-+	veor	@b[2], @b[2], @b[5]
-+
-+	veor	@b[4], @b[4], @b[7]
-+___
-+}
-+
-+sub InvSbox {
-+# input in lsb 	> [b0, b1, b2, b3, b4, b5, b6, b7] < msb
-+# output in lsb	> [b0, b1, b6, b4, b2, b7, b3, b5] < msb
-+my @b=@_[0..7];
-+my @t=@_[8..11];
-+my @s=@_[12..15];
-+	&InvInBasisChange	(@b);
-+	&Inv_GF256		(@b[5,1,2,6,3,7,0,4],@t,@s);
-+	&InvOutBasisChange	(@b[3,7,0,4,5,1,2,6]);
-+}
-+
-+sub InvInBasisChange {		# OutBasisChange in reverse (with twist)
-+my @b=@_[5,1,2,6,3,7,0,4];
-+$code.=<<___
-+	 veor	@b[1], @b[1], @b[7]
-+	veor	@b[4], @b[4], @b[7]
-+
-+	veor	@b[7], @b[7], @b[5]
-+	 veor	@b[1], @b[1], @b[3]
-+	veor	@b[2], @b[2], @b[5]
-+	veor	@b[3], @b[3], @b[7]
-+
-+	veor	@b[6], @b[6], @b[1]
-+	veor	@b[2], @b[2], @b[0]
-+	 veor	@b[5], @b[5], @b[3]
-+	veor	@b[4], @b[4], @b[6]
-+	veor	@b[0], @b[0], @b[6]
-+	veor	@b[1], @b[1], @b[4]
-+___
-+}
-+
-+sub InvOutBasisChange {		# InBasisChange in reverse
-+my @b=@_[2,5,7,3,6,1,0,4];
-+$code.=<<___;
-+	veor	@b[1], @b[1], @b[5]
-+	veor	@b[2], @b[2], @b[7]
-+
-+	veor	@b[3], @b[3], @b[1]
-+	veor	@b[4], @b[4], @b[5]
-+	veor	@b[7], @b[7], @b[5]
-+	veor	@b[3], @b[3], @b[4]
-+	 veor 	@b[5], @b[5], @b[0]
-+	veor	@b[3], @b[3], @b[7]
-+	 veor	@b[6], @b[6], @b[2]
-+	 veor	@b[2], @b[2], @b[1]
-+	veor	@b[6], @b[6], @b[3]
-+
-+	veor	@b[3], @b[3], @b[0]
-+	veor	@b[5], @b[5], @b[6]
-+___
-+}
-+
-+sub Mul_GF4 {
-+#;*************************************************************
-+#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) *
-+#;*************************************************************
-+my ($x0,$x1,$y0,$y1,$t0,$t1)=@_;
-+$code.=<<___;
-+	veor 	$t0, $y0, $y1
-+	vand	$t0, $t0, $x0
-+	veor	$x0, $x0, $x1
-+	vand	$t1, $x1, $y0
-+	vand	$x0, $x0, $y1
-+	veor	$x1, $t1, $t0
-+	veor	$x0, $x0, $t1
-+___
-+}
-+
-+sub Mul_GF4_N {				# not used, see next subroutine
-+# multiply and scale by N
-+my ($x0,$x1,$y0,$y1,$t0)=@_;
-+$code.=<<___;
-+	veor	$t0, $y0, $y1
-+	vand	$t0, $t0, $x0
-+	veor	$x0, $x0, $x1
-+	vand	$x1, $x1, $y0
-+	vand	$x0, $x0, $y1
-+	veor	$x1, $x1, $x0
-+	veor	$x0, $x0, $t0
-+___
-+}
-+
-+sub Mul_GF4_N_GF4 {
-+# interleaved Mul_GF4_N and Mul_GF4
-+my ($x0,$x1,$y0,$y1,$t0,
-+    $x2,$x3,$y2,$y3,$t1)=@_;
-+$code.=<<___;
-+	veor	$t0, $y0, $y1
-+	 veor 	$t1, $y2, $y3
-+	vand	$t0, $t0, $x0
-+	 vand	$t1, $t1, $x2
-+	veor	$x0, $x0, $x1
-+	 veor	$x2, $x2, $x3
-+	vand	$x1, $x1, $y0
-+	 vand	$x3, $x3, $y2
-+	vand	$x0, $x0, $y1
-+	 vand	$x2, $x2, $y3
-+	veor	$x1, $x1, $x0
-+	 veor	$x2, $x2, $x3
-+	veor	$x0, $x0, $t0
-+	 veor	$x3, $x3, $t1
-+___
-+}
-+sub Mul_GF16_2 {
-+my @x=@_[0..7];
-+my @y=@_[8..11];
-+my @t=@_[12..15];
-+$code.=<<___;
-+	veor	@t[0], @x[0], @x[2]
-+	veor	@t[1], @x[1], @x[3]
-+___
-+	&Mul_GF4  	(@x[0], @x[1], @y[0], @y[1], @t[2..3]);
-+$code.=<<___;
-+	veor	@y[0], @y[0], @y[2]
-+	veor	@y[1], @y[1], @y[3]
-+___
-+	Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
-+			 @x[2], @x[3], @y[2], @y[3], @t[2]);
-+$code.=<<___;
-+	veor	@x[0], @x[0], @t[0]
-+	veor	@x[2], @x[2], @t[0]
-+	veor	@x[1], @x[1], @t[1]
-+	veor	@x[3], @x[3], @t[1]
-+
-+	veor	@t[0], @x[4], @x[6]
-+	veor	@t[1], @x[5], @x[7]
-+___
-+	&Mul_GF4_N_GF4	(@t[0], @t[1], @y[0], @y[1], @t[3],
-+			 @x[6], @x[7], @y[2], @y[3], @t[2]);
-+$code.=<<___;
-+	veor	@y[0], @y[0], @y[2]
-+	veor	@y[1], @y[1], @y[3]
-+___
-+	&Mul_GF4  	(@x[4], @x[5], @y[0], @y[1], @t[2..3]);
-+$code.=<<___;
-+	veor	@x[4], @x[4], @t[0]
-+	veor	@x[6], @x[6], @t[0]
-+	veor	@x[5], @x[5], @t[1]
-+	veor	@x[7], @x[7], @t[1]
-+___
-+}
-+sub Inv_GF256 {
-+#;********************************************************************
-+#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144)       *
-+#;********************************************************************
-+my @x=@_[0..7];
-+my @t=@_[8..11];
-+my @s=@_[12..15];
-+# direct optimizations from hardware
-+$code.=<<___;
-+	veor	@t[3], @x[4], @x[6]
-+	veor	@t[2], @x[5], @x[7]
-+	veor	@t[1], @x[1], @x[3]
-+	veor	@s[1], @x[7], @x[6]
-+	 vmov	@t[0], @t[2]
-+	veor	@s[0], @x[0], @x[2]
-+
-+	vorr	@t[2], @t[2], @t[1]
-+	veor	@s[3], @t[3], @t[0]
-+	vand	@s[2], @t[3], @s[0]
-+	vorr	@t[3], @t[3], @s[0]
-+	veor	@s[0], @s[0], @t[1]
-+	vand	@t[0], @t[0], @t[1]
-+	veor	@t[1], @x[3], @x[2]
-+	vand	@s[3], @s[3], @s[0]
-+	vand	@s[1], @s[1], @t[1]
-+	veor	@t[1], @x[4], @x[5]
-+	veor	@s[0], @x[1], @x[0]
-+	veor	@t[3], @t[3], @s[1]
-+	veor	@t[2], @t[2], @s[1]
-+	vand	@s[1], @t[1], @s[0]
-+	vorr	@t[1], @t[1], @s[0]
-+	veor	@t[3], @t[3], @s[3]
-+	veor	@t[0], @t[0], @s[1]
-+	veor	@t[2], @t[2], @s[2]
-+	veor	@t[1], @t[1], @s[3]
-+	veor	@t[0], @t[0], @s[2]
-+	vand	@s[0], @x[7], @x[3]
-+	veor	@t[1], @t[1], @s[2]
-+	vand	@s[1], @x[6], @x[2]
-+	vand	@s[2], @x[5], @x[1]
-+	vorr	@s[3], @x[4], @x[0]
-+	veor	@t[3], @t[3], @s[0]
-+	veor	@t[1], @t[1], @s[2]
-+	veor	@t[0], @t[0], @s[3]
-+	veor	@t[2], @t[2], @s[1]
-+
-+	@ Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3
-+
-+	@ new smaller inversion
-+
-+	vand	@s[2], @t[3], @t[1]
-+	vmov	@s[0], @t[0]
-+
-+	veor	@s[1], @t[2], @s[2]
-+	veor	@s[3], @t[0], @s[2]
-+	veor	@s[2], @t[0], @s[2]	@ @s[2]=@s[3]
-+
-+	vbsl	@s[1], @t[1], @t[0]
-+	vbsl	@s[3], @t[3], @t[2]
-+	veor	@t[3], @t[3], @t[2]
-+
-+	vbsl	@s[0], @s[1], @s[2]
-+	vbsl	@t[0], @s[2], @s[1]
-+
-+	vand	@s[2], @s[0], @s[3]
-+	veor	@t[1], @t[1], @t[0]
-+
-+	veor	@s[2], @s[2], @t[3]
-+___
-+# output in s3, s2, s1, t1
-+
-+# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3
-+
-+# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3
-+	&Mul_GF16_2(@x,@s[3,2,1],@t[1],@s[0],@t[0,2,3]);
-+
-+### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb
-+}
-+
-+# AES linear components
-+
-+sub ShiftRows {
-+my @x=@_[0..7];
-+my @t=@_[8..11];
-+my $mask=pop;
-+$code.=<<___;
-+	vldmia	$key!, {@t[0]-@t[3]}
-+	veor	@t[0], @t[0], @x[0]
-+	veor	@t[1], @t[1], @x[1]
-+	vtbl.8	`&Dlo(@x[0])`, {@t[0]}, `&Dlo($mask)`
-+	vtbl.8	`&Dhi(@x[0])`, {@t[0]}, `&Dhi($mask)`
-+	vldmia	$key!, {@t[0]}
-+	veor	@t[2], @t[2], @x[2]
-+	vtbl.8	`&Dlo(@x[1])`, {@t[1]}, `&Dlo($mask)`
-+	vtbl.8	`&Dhi(@x[1])`, {@t[1]}, `&Dhi($mask)`
-+	vldmia	$key!, {@t[1]}
-+	veor	@t[3], @t[3], @x[3]
-+	vtbl.8	`&Dlo(@x[2])`, {@t[2]}, `&Dlo($mask)`
-+	vtbl.8	`&Dhi(@x[2])`, {@t[2]}, `&Dhi($mask)`
-+	vldmia	$key!, {@t[2]}
-+	vtbl.8	`&Dlo(@x[3])`, {@t[3]}, `&Dlo($mask)`
-+	vtbl.8	`&Dhi(@x[3])`, {@t[3]}, `&Dhi($mask)`
-+	vldmia	$key!, {@t[3]}
-+	veor	@t[0], @t[0], @x[4]
-+	veor	@t[1], @t[1], @x[5]
-+	vtbl.8	`&Dlo(@x[4])`, {@t[0]}, `&Dlo($mask)`
-+	vtbl.8	`&Dhi(@x[4])`, {@t[0]}, `&Dhi($mask)`
-+	veor	@t[2], @t[2], @x[6]
-+	vtbl.8	`&Dlo(@x[5])`, {@t[1]}, `&Dlo($mask)`
-+	vtbl.8	`&Dhi(@x[5])`, {@t[1]}, `&Dhi($mask)`
-+	veor	@t[3], @t[3], @x[7]
-+	vtbl.8	`&Dlo(@x[6])`, {@t[2]}, `&Dlo($mask)`
-+	vtbl.8	`&Dhi(@x[6])`, {@t[2]}, `&Dhi($mask)`
-+	vtbl.8	`&Dlo(@x[7])`, {@t[3]}, `&Dlo($mask)`
-+	vtbl.8	`&Dhi(@x[7])`, {@t[3]}, `&Dhi($mask)`
-+___
-+}
-+
-+sub MixColumns {
-+# modified to emit output in order suitable for feeding back to aesenc[last]
-+my @x=@_[0..7];
-+my @t=@_[8..15];
-+my $inv=@_[16];	# optional
-+$code.=<<___;
-+	vext.8	@t[0], @x[0], @x[0], #12	@ x0 <<< 32
-+	vext.8	@t[1], @x[1], @x[1], #12
-+	 veor	@x[0], @x[0], @t[0]		@ x0 ^ (x0 <<< 32)
-+	vext.8	@t[2], @x[2], @x[2], #12
-+	 veor	@x[1], @x[1], @t[1]
-+	vext.8	@t[3], @x[3], @x[3], #12
-+	 veor	@x[2], @x[2], @t[2]
-+	vext.8	@t[4], @x[4], @x[4], #12
-+	 veor	@x[3], @x[3], @t[3]
-+	vext.8	@t[5], @x[5], @x[5], #12
-+	 veor	@x[4], @x[4], @t[4]
-+	vext.8	@t[6], @x[6], @x[6], #12
-+	 veor	@x[5], @x[5], @t[5]
-+	vext.8	@t[7], @x[7], @x[7], #12
-+	 veor	@x[6], @x[6], @t[6]
-+
-+	veor	@t[1], @t[1], @x[0]
-+	 veor	@x[7], @x[7], @t[7]
-+	 vext.8	@x[0], @x[0], @x[0], #8		@ (x0 ^ (x0 <<< 32)) <<< 64)
-+	veor	@t[2], @t[2], @x[1]
-+	veor	@t[0], @t[0], @x[7]
-+	veor	@t[1], @t[1], @x[7]
-+	 vext.8	@x[1], @x[1], @x[1], #8
-+	veor	@t[5], @t[5], @x[4]
-+	 veor	@x[0], @x[0], @t[0]
-+	veor	@t[6], @t[6], @x[5]
-+	 veor	@x[1], @x[1], @t[1]
-+	 vext.8	@t[0], @x[4], @x[4], #8
-+	veor	@t[4], @t[4], @x[3]
-+	 vext.8	@t[1], @x[5], @x[5], #8
-+	veor	@t[7], @t[7], @x[6]
-+	 vext.8	@x[4], @x[3], @x[3], #8
-+	veor	@t[3], @t[3], @x[2]
-+	 vext.8	@x[5], @x[7], @x[7], #8
-+	veor	@t[4], @t[4], @x[7]
-+	 vext.8	@x[3], @x[6], @x[6], #8
-+	veor	@t[3], @t[3], @x[7]
-+	 vext.8	@x[6], @x[2], @x[2], #8
-+	veor	@x[7], @t[1], @t[5]
-+___
-+$code.=<<___ if (!$inv);
-+	veor	@x[2], @t[0], @t[4]
-+	veor	@x[4], @x[4], @t[3]
-+	veor	@x[5], @x[5], @t[7]
-+	veor	@x[3], @x[3], @t[6]
-+	 @ vmov	@x[2], @t[0]
-+	veor	@x[6], @x[6], @t[2]
-+	 @ vmov	@x[7], @t[1]
-+___
-+$code.=<<___ if ($inv);
-+	veor	@t[3], @t[3], @x[4]
-+	veor	@x[5], @x[5], @t[7]
-+	veor	@x[2], @x[3], @t[6]
-+	veor	@x[3], @t[0], @t[4]
-+	veor	@x[4], @x[6], @t[2]
-+	vmov	@x[6], @t[3]
-+	 @ vmov	@x[7], @t[1]
-+___
-+}
-+
-+sub InvMixColumns_orig {
-+my @x=@_[0..7];
-+my @t=@_[8..15];
-+
-+$code.=<<___;
-+	@ multiplication by 0x0e
-+	vext.8	@t[7], @x[7], @x[7], #12
-+	vmov	@t[2], @x[2]
-+	veor	@x[2], @x[2], @x[5]		@ 2 5
-+	veor	@x[7], @x[7], @x[5]		@ 7 5
-+	vext.8	@t[0], @x[0], @x[0], #12
-+	vmov	@t[5], @x[5]
-+	veor	@x[5], @x[5], @x[0]		@ 5 0		[1]
-+	veor	@x[0], @x[0], @x[1]		@ 0 1
-+	vext.8	@t[1], @x[1], @x[1], #12
-+	veor	@x[1], @x[1], @x[2]		@ 1 25
-+	veor	@x[0], @x[0], @x[6]		@ 01 6		[2]
-+	vext.8	@t[3], @x[3], @x[3], #12
-+	veor	@x[1], @x[1], @x[3]		@ 125 3		[4]
-+	veor	@x[2], @x[2], @x[0]		@ 25 016	[3]
-+	veor	@x[3], @x[3], @x[7]		@ 3 75
-+	veor	@x[7], @x[7], @x[6]		@ 75 6		[0]
-+	vext.8	@t[6], @x[6], @x[6], #12
-+	vmov	@t[4], @x[4]
-+	veor	@x[6], @x[6], @x[4]		@ 6 4
-+	veor	@x[4], @x[4], @x[3]		@ 4 375		[6]
-+	veor	@x[3], @x[3], @x[7]		@ 375 756=36
-+	veor	@x[6], @x[6], @t[5]		@ 64 5		[7]
-+	veor	@x[3], @x[3], @t[2]		@ 36 2
-+	vext.8	@t[5], @t[5], @t[5], #12
-+	veor	@x[3], @x[3], @t[4]		@ 362 4		[5]
-+___
-+					my @y = @x[7,5,0,2,1,3,4,6];
-+$code.=<<___;
-+	@ multiplication by 0x0b
-+	veor	@y[1], @y[1], @y[0]
-+	veor	@y[0], @y[0], @t[0]
-+	vext.8	@t[2], @t[2], @t[2], #12
-+	veor	@y[1], @y[1], @t[1]
-+	veor	@y[0], @y[0], @t[5]
-+	vext.8	@t[4], @t[4], @t[4], #12
-+	veor	@y[1], @y[1], @t[6]
-+	veor	@y[0], @y[0], @t[7]
-+	veor	@t[7], @t[7], @t[6]		@ clobber t[7]
-+
-+	veor	@y[3], @y[3], @t[0]
-+	 veor	@y[1], @y[1], @y[0]
-+	vext.8	@t[0], @t[0], @t[0], #12
-+	veor	@y[2], @y[2], @t[1]
-+	veor	@y[4], @y[4], @t[1]
-+	vext.8	@t[1], @t[1], @t[1], #12
-+	veor	@y[2], @y[2], @t[2]
-+	veor	@y[3], @y[3], @t[2]
-+	veor	@y[5], @y[5], @t[2]
-+	veor	@y[2], @y[2], @t[7]
-+	vext.8	@t[2], @t[2], @t[2], #12
-+	veor	@y[3], @y[3], @t[3]
-+	veor	@y[6], @y[6], @t[3]
-+	veor	@y[4], @y[4], @t[3]
-+	veor	@y[7], @y[7], @t[4]
-+	vext.8	@t[3], @t[3], @t[3], #12
-+	veor	@y[5], @y[5], @t[4]
-+	veor	@y[7], @y[7], @t[7]
-+	veor	@t[7], @t[7], @t[5]		@ clobber t[7] even more
-+	veor	@y[3], @y[3], @t[5]
-+	veor	@y[4], @y[4], @t[4]
-+
-+	veor	@y[5], @y[5], @t[7]
-+	vext.8	@t[4], @t[4], @t[4], #12
-+	veor	@y[6], @y[6], @t[7]
-+	veor	@y[4], @y[4], @t[7]
-+
-+	veor	@t[7], @t[7], @t[5]
-+	vext.8	@t[5], @t[5], @t[5], #12
-+
-+	@ multiplication by 0x0d
-+	veor	@y[4], @y[4], @y[7]
-+	 veor	@t[7], @t[7], @t[6]		@ restore t[7]
-+	veor	@y[7], @y[7], @t[4]
-+	vext.8	@t[6], @t[6], @t[6], #12
-+	veor	@y[2], @y[2], @t[0]
-+	veor	@y[7], @y[7], @t[5]
-+	vext.8	@t[7], @t[7], @t[7], #12
-+	veor	@y[2], @y[2], @t[2]
-+
-+	veor	@y[3], @y[3], @y[1]
-+	veor	@y[1], @y[1], @t[1]
-+	veor	@y[0], @y[0], @t[0]
-+	veor	@y[3], @y[3], @t[0]
-+	veor	@y[1], @y[1], @t[5]
-+	veor	@y[0], @y[0], @t[5]
-+	vext.8	@t[0], @t[0], @t[0], #12
-+	veor	@y[1], @y[1], @t[7]
-+	veor	@y[0], @y[0], @t[6]
-+	veor	@y[3], @y[3], @y[1]
-+	veor	@y[4], @y[4], @t[1]
-+	vext.8	@t[1], @t[1], @t[1], #12
-+
-+	veor	@y[7], @y[7], @t[7]
-+	veor	@y[4], @y[4], @t[2]
-+	veor	@y[5], @y[5], @t[2]
-+	veor	@y[2], @y[2], @t[6]
-+	veor	@t[6], @t[6], @t[3]		@ clobber t[6]
-+	vext.8	@t[2], @t[2], @t[2], #12
-+	veor	@y[4], @y[4], @y[7]
-+	veor	@y[3], @y[3], @t[6]
-+
-+	veor	@y[6], @y[6], @t[6]
-+	veor	@y[5], @y[5], @t[5]
-+	vext.8	@t[5], @t[5], @t[5], #12
-+	veor	@y[6], @y[6], @t[4]
-+	vext.8	@t[4], @t[4], @t[4], #12
-+	veor	@y[5], @y[5], @t[6]
-+	veor	@y[6], @y[6], @t[7]
-+	vext.8	@t[7], @t[7], @t[7], #12
-+	veor	@t[6], @t[6], @t[3]		@ restore t[6]
-+	vext.8	@t[3], @t[3], @t[3], #12
-+
-+	@ multiplication by 0x09
-+	veor	@y[4], @y[4], @y[1]
-+	veor	@t[1], @t[1], @y[1]		@ t[1]=y[1]
-+	veor	@t[0], @t[0], @t[5]		@ clobber t[0]
-+	vext.8	@t[6], @t[6], @t[6], #12
-+	veor	@t[1], @t[1], @t[5]
-+	veor	@y[3], @y[3], @t[0]
-+	veor	@t[0], @t[0], @y[0]		@ t[0]=y[0]
-+	veor	@t[1], @t[1], @t[6]
-+	veor	@t[6], @t[6], @t[7]		@ clobber t[6]
-+	veor	@y[4], @y[4], @t[1]
-+	veor	@y[7], @y[7], @t[4]
-+	veor	@y[6], @y[6], @t[3]
-+	veor	@y[5], @y[5], @t[2]
-+	veor	@t[4], @t[4], @y[4]		@ t[4]=y[4]
-+	veor	@t[3], @t[3], @y[3]		@ t[3]=y[3]
-+	veor	@t[5], @t[5], @y[5]		@ t[5]=y[5]
-+	veor	@t[2], @t[2], @y[2]		@ t[2]=y[2]
-+	veor	@t[3], @t[3], @t[7]
-+	veor	@XMM[5], @t[5], @t[6]
-+	veor	@XMM[6], @t[6], @y[6]		@ t[6]=y[6]
-+	veor	@XMM[2], @t[2], @t[6]
-+	veor	@XMM[7], @t[7], @y[7]		@ t[7]=y[7]
-+
-+	vmov	@XMM[0], @t[0]
-+	vmov	@XMM[1], @t[1]
-+	@ vmov	@XMM[2], @t[2]
-+	vmov	@XMM[3], @t[3]
-+	vmov	@XMM[4], @t[4]
-+	@ vmov	@XMM[5], @t[5]
-+	@ vmov	@XMM[6], @t[6]
-+	@ vmov	@XMM[7], @t[7]
-+___
-+}
-+
-+sub InvMixColumns {
-+my @x=@_[0..7];
-+my @t=@_[8..15];
-+
-+# Thanks to Jussi Kivilinna for providing pointer to
-+#
-+# | 0e 0b 0d 09 |   | 02 03 01 01 |   | 05 00 04 00 |
-+# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 |
-+# | 0d 09 0e 0b |   | 01 01 02 03 |   | 04 00 05 00 |
-+# | 0b 0d 09 0e |   | 03 01 01 02 |   | 00 04 00 05 |
-+
-+$code.=<<___;
-+	@ multiplication by 0x05-0x00-0x04-0x00
-+	vext.8	@t[0], @x[0], @x[0], #8
-+	vext.8	@t[6], @x[6], @x[6], #8
-+	vext.8	@t[7], @x[7], @x[7], #8
-+	veor	@t[0], @t[0], @x[0]
-+	vext.8	@t[1], @x[1], @x[1], #8
-+	veor	@t[6], @t[6], @x[6]
-+	vext.8	@t[2], @x[2], @x[2], #8
-+	veor	@t[7], @t[7], @x[7]
-+	vext.8	@t[3], @x[3], @x[3], #8
-+	veor	@t[1], @t[1], @x[1]
-+	vext.8	@t[4], @x[4], @x[4], #8
-+	veor	@t[2], @t[2], @x[2]
-+	vext.8	@t[5], @x[5], @x[5], #8
-+	veor	@t[3], @t[3], @x[3]
-+	veor	@t[4], @t[4], @x[4]
-+	veor	@t[5], @t[5], @x[5]
-+
-+	 veor	@x[0], @x[0], @t[6]
-+	 veor	@x[1], @x[1], @t[6]
-+	 veor	@x[2], @x[2], @t[0]
-+	 veor	@x[4], @x[4], @t[2]
-+	 veor	@x[3], @x[3], @t[1]
-+	 veor	@x[1], @x[1], @t[7]
-+	 veor	@x[2], @x[2], @t[7]
-+	 veor	@x[4], @x[4], @t[6]
-+	 veor	@x[5], @x[5], @t[3]
-+	 veor	@x[3], @x[3], @t[6]
-+	 veor	@x[6], @x[6], @t[4]
-+	 veor	@x[4], @x[4], @t[7]
-+	 veor	@x[5], @x[5], @t[7]
-+	 veor	@x[7], @x[7], @t[5]
-+___
-+	&MixColumns	(@x,@t,1);	# flipped 2<->3 and 4<->6
-+}
-+
-+sub swapmove {
-+my ($a,$b,$n,$mask,$t)=@_;
-+$code.=<<___;
-+	vshr.u64	$t, $b, #$n
-+	veor		$t, $t, $a
-+	vand		$t, $t, $mask
-+	veor		$a, $a, $t
-+	vshl.u64	$t, $t, #$n
-+	veor		$b, $b, $t
-+___
-+}
-+sub swapmove2x {
-+my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_;
-+$code.=<<___;
-+	vshr.u64	$t0, $b0, #$n
-+	 vshr.u64	$t1, $b1, #$n
-+	veor		$t0, $t0, $a0
-+	 veor		$t1, $t1, $a1
-+	vand		$t0, $t0, $mask
-+	 vand		$t1, $t1, $mask
-+	veor		$a0, $a0, $t0
-+	vshl.u64	$t0, $t0, #$n
-+	 veor		$a1, $a1, $t1
-+	 vshl.u64	$t1, $t1, #$n
-+	veor		$b0, $b0, $t0
-+	 veor		$b1, $b1, $t1
-+___
-+}
-+
-+sub bitslice {
-+my @x=reverse(@_[0..7]);
-+my ($t0,$t1,$t2,$t3)=@_[8..11];
-+$code.=<<___;
-+	vmov.i8	$t0,#0x55			@ compose .LBS0
-+	vmov.i8	$t1,#0x33			@ compose .LBS1
-+___
-+	&swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3);
-+	&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
-+$code.=<<___;
-+	vmov.i8	$t0,#0x0f			@ compose .LBS2
-+___
-+	&swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3);
-+	&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
-+
-+	&swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3);
-+	&swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3);
-+}
-+
-+$code.=<<___;
-+#ifndef __KERNEL__
-+# include "arm_arch.h"
-+
-+# define VFP_ABI_PUSH	vstmdb	sp!,{d8-d15}
-+# define VFP_ABI_POP	vldmia	sp!,{d8-d15}
-+# define VFP_ABI_FRAME	0x40
-+#else
-+# define VFP_ABI_PUSH
-+# define VFP_ABI_POP
-+# define VFP_ABI_FRAME	0
-+# define BSAES_ASM_EXTENDED_KEY
-+# define XTS_CHAIN_TWEAK
-+# define __ARM_ARCH__ __LINUX_ARM_ARCH__
-+#endif
-+
-+#ifdef __thumb__
-+# define adrl adr
-+#endif
-+
-+#if __ARM_ARCH__>=7
-+.text
-+.syntax	unified 	@ ARMv7-capable assembler is expected to handle this
-+#ifdef __thumb2__
-+.thumb
-+#else
-+.code   32
-+#endif
-+
-+.fpu	neon
-+
-+.type	_bsaes_decrypt8,%function
-+.align	4
-+_bsaes_decrypt8:
-+	adr	$const,_bsaes_decrypt8
-+	vldmia	$key!, {@XMM[9]}		@ round 0 key
-+	add	$const,$const,#.LM0ISR-_bsaes_decrypt8
-+
-+	vldmia	$const!, {@XMM[8]}		@ .LM0ISR
-+	veor	@XMM[10], @XMM[0], @XMM[9]	@ xor with round0 key
-+	veor	@XMM[11], @XMM[1], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[0])`, {@XMM[10]}, `&Dhi(@XMM[8])`
-+	veor	@XMM[12], @XMM[2], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[1])`, {@XMM[11]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[1])`, {@XMM[11]}, `&Dhi(@XMM[8])`
-+	veor	@XMM[13], @XMM[3], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[2])`, {@XMM[12]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[2])`, {@XMM[12]}, `&Dhi(@XMM[8])`
-+	veor	@XMM[14], @XMM[4], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[3])`, {@XMM[13]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[3])`, {@XMM[13]}, `&Dhi(@XMM[8])`
-+	veor	@XMM[15], @XMM[5], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[4])`, {@XMM[14]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[4])`, {@XMM[14]}, `&Dhi(@XMM[8])`
-+	veor	@XMM[10], @XMM[6], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[5])`, {@XMM[15]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[5])`, {@XMM[15]}, `&Dhi(@XMM[8])`
-+	veor	@XMM[11], @XMM[7], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[6])`, {@XMM[10]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[6])`, {@XMM[10]}, `&Dhi(@XMM[8])`
-+	 vtbl.8	`&Dlo(@XMM[7])`, {@XMM[11]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[7])`, {@XMM[11]}, `&Dhi(@XMM[8])`
-+___
-+	&bitslice	(@XMM[0..7, 8..11]);
-+$code.=<<___;
-+	sub	$rounds,$rounds,#1
-+	b	.Ldec_sbox
-+.align	4
-+.Ldec_loop:
-+___
-+	&ShiftRows	(@XMM[0..7, 8..12]);
-+$code.=".Ldec_sbox:\n";
-+	&InvSbox	(@XMM[0..7, 8..15]);
-+$code.=<<___;
-+	subs	$rounds,$rounds,#1
-+	bcc	.Ldec_done
-+___
-+	&InvMixColumns	(@XMM[0,1,6,4,2,7,3,5, 8..15]);
-+$code.=<<___;
-+	vldmia	$const, {@XMM[12]}		@ .LISR
-+	ite	eq				@ Thumb2 thing, sanity check in ARM
-+	addeq	$const,$const,#0x10
-+	bne	.Ldec_loop
-+	vldmia	$const, {@XMM[12]}		@ .LISRM0
-+	b	.Ldec_loop
-+.align	4
-+.Ldec_done:
-+___
-+	&bitslice	(@XMM[0,1,6,4,2,7,3,5, 8..11]);
-+$code.=<<___;
-+	vldmia	$key, {@XMM[8]}			@ last round key
-+	veor	@XMM[6], @XMM[6], @XMM[8]
-+	veor	@XMM[4], @XMM[4], @XMM[8]
-+	veor	@XMM[2], @XMM[2], @XMM[8]
-+	veor	@XMM[7], @XMM[7], @XMM[8]
-+	veor	@XMM[3], @XMM[3], @XMM[8]
-+	veor	@XMM[5], @XMM[5], @XMM[8]
-+	veor	@XMM[0], @XMM[0], @XMM[8]
-+	veor	@XMM[1], @XMM[1], @XMM[8]
-+	bx	lr
-+.size	_bsaes_decrypt8,.-_bsaes_decrypt8
-+
-+.type	_bsaes_const,%object
-+.align	6
-+_bsaes_const:
-+.LM0ISR:	@ InvShiftRows constants
-+	.quad	0x0a0e0206070b0f03, 0x0004080c0d010509
-+.LISR:
-+	.quad	0x0504070602010003, 0x0f0e0d0c080b0a09
-+.LISRM0:
-+	.quad	0x01040b0e0205080f, 0x0306090c00070a0d
-+.LM0SR:		@ ShiftRows constants
-+	.quad	0x0a0e02060f03070b, 0x0004080c05090d01
-+.LSR:
-+	.quad	0x0504070600030201, 0x0f0e0d0c0a09080b
-+.LSRM0:
-+	.quad	0x0304090e00050a0f, 0x01060b0c0207080d
-+.LM0:
-+	.quad	0x02060a0e03070b0f, 0x0004080c0105090d
-+.LREVM0SR:
-+	.quad	0x090d01050c000408, 0x03070b0f060a0e02
-+.asciz	"Bit-sliced AES for NEON, CRYPTOGAMS by <appro\@openssl.org>"
-+.align	6
-+.size	_bsaes_const,.-_bsaes_const
-+
-+.type	_bsaes_encrypt8,%function
-+.align	4
-+_bsaes_encrypt8:
-+	adr	$const,_bsaes_encrypt8
-+	vldmia	$key!, {@XMM[9]}		@ round 0 key
-+	sub	$const,$const,#_bsaes_encrypt8-.LM0SR
-+
-+	vldmia	$const!, {@XMM[8]}		@ .LM0SR
-+_bsaes_encrypt8_alt:
-+	veor	@XMM[10], @XMM[0], @XMM[9]	@ xor with round0 key
-+	veor	@XMM[11], @XMM[1], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[0])`, {@XMM[10]}, `&Dhi(@XMM[8])`
-+	veor	@XMM[12], @XMM[2], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[1])`, {@XMM[11]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[1])`, {@XMM[11]}, `&Dhi(@XMM[8])`
-+	veor	@XMM[13], @XMM[3], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[2])`, {@XMM[12]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[2])`, {@XMM[12]}, `&Dhi(@XMM[8])`
-+	veor	@XMM[14], @XMM[4], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[3])`, {@XMM[13]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[3])`, {@XMM[13]}, `&Dhi(@XMM[8])`
-+	veor	@XMM[15], @XMM[5], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[4])`, {@XMM[14]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[4])`, {@XMM[14]}, `&Dhi(@XMM[8])`
-+	veor	@XMM[10], @XMM[6], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[5])`, {@XMM[15]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[5])`, {@XMM[15]}, `&Dhi(@XMM[8])`
-+	veor	@XMM[11], @XMM[7], @XMM[9]
-+	 vtbl.8	`&Dlo(@XMM[6])`, {@XMM[10]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[6])`, {@XMM[10]}, `&Dhi(@XMM[8])`
-+	 vtbl.8	`&Dlo(@XMM[7])`, {@XMM[11]}, `&Dlo(@XMM[8])`
-+	 vtbl.8	`&Dhi(@XMM[7])`, {@XMM[11]}, `&Dhi(@XMM[8])`
-+_bsaes_encrypt8_bitslice:
-+___
-+	&bitslice	(@XMM[0..7, 8..11]);
-+$code.=<<___;
-+	sub	$rounds,$rounds,#1
-+	b	.Lenc_sbox
-+.align	4
-+.Lenc_loop:
-+___
-+	&ShiftRows	(@XMM[0..7, 8..12]);
-+$code.=".Lenc_sbox:\n";
-+	&Sbox		(@XMM[0..7, 8..15]);
-+$code.=<<___;
-+	subs	$rounds,$rounds,#1
-+	bcc	.Lenc_done
-+___
-+	&MixColumns	(@XMM[0,1,4,6,3,7,2,5, 8..15]);
-+$code.=<<___;
-+	vldmia	$const, {@XMM[12]}		@ .LSR
-+	ite	eq				@ Thumb2 thing, samity check in ARM
-+	addeq	$const,$const,#0x10
-+	bne	.Lenc_loop
-+	vldmia	$const, {@XMM[12]}		@ .LSRM0
-+	b	.Lenc_loop
-+.align	4
-+.Lenc_done:
-+___
-+	# output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb
-+	&bitslice	(@XMM[0,1,4,6,3,7,2,5, 8..11]);
-+$code.=<<___;
-+	vldmia	$key, {@XMM[8]}			@ last round key
-+	veor	@XMM[4], @XMM[4], @XMM[8]
-+	veor	@XMM[6], @XMM[6], @XMM[8]
-+	veor	@XMM[3], @XMM[3], @XMM[8]
-+	veor	@XMM[7], @XMM[7], @XMM[8]
-+	veor	@XMM[2], @XMM[2], @XMM[8]
-+	veor	@XMM[5], @XMM[5], @XMM[8]
-+	veor	@XMM[0], @XMM[0], @XMM[8]
-+	veor	@XMM[1], @XMM[1], @XMM[8]
-+	bx	lr
-+.size	_bsaes_encrypt8,.-_bsaes_encrypt8
-+___
-+}
-+{
-+my ($out,$inp,$rounds,$const)=("r12","r4","r5","r6");
-+
-+sub bitslice_key {
-+my @x=reverse(@_[0..7]);
-+my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12];
-+
-+	&swapmove	(@x[0,1],1,$bs0,$t2,$t3);
-+$code.=<<___;
-+	@ &swapmove(@x[2,3],1,$t0,$t2,$t3);
-+	vmov	@x[2], @x[0]
-+	vmov	@x[3], @x[1]
-+___
-+	#&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3);
-+
-+	&swapmove2x	(@x[0,2,1,3],2,$bs1,$t2,$t3);
-+$code.=<<___;
-+	@ &swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3);
-+	vmov	@x[4], @x[0]
-+	vmov	@x[6], @x[2]
-+	vmov	@x[5], @x[1]
-+	vmov	@x[7], @x[3]
-+___
-+	&swapmove2x	(@x[0,4,1,5],4,$bs2,$t2,$t3);
-+	&swapmove2x	(@x[2,6,3,7],4,$bs2,$t2,$t3);
-+}
-+
-+$code.=<<___;
-+.type	_bsaes_key_convert,%function
-+.align	4
-+_bsaes_key_convert:
-+	adr	$const,_bsaes_key_convert
-+	vld1.8	{@XMM[7]},  [$inp]!		@ load round 0 key
-+	sub	$const,$const,#_bsaes_key_convert-.LM0
-+	vld1.8	{@XMM[15]}, [$inp]!		@ load round 1 key
-+
-+	vmov.i8	@XMM[8],  #0x01			@ bit masks
-+	vmov.i8	@XMM[9],  #0x02
-+	vmov.i8	@XMM[10], #0x04
-+	vmov.i8	@XMM[11], #0x08
-+	vmov.i8	@XMM[12], #0x10
-+	vmov.i8	@XMM[13], #0x20
-+	vldmia	$const, {@XMM[14]}		@ .LM0
-+
-+#ifdef __ARMEL__
-+	vrev32.8	@XMM[7],  @XMM[7]
-+	vrev32.8	@XMM[15], @XMM[15]
-+#endif
-+	sub	$rounds,$rounds,#1
-+	vstmia	$out!, {@XMM[7]}		@ save round 0 key
-+	b	.Lkey_loop
-+
-+.align	4
-+.Lkey_loop:
-+	vtbl.8	`&Dlo(@XMM[7])`,{@XMM[15]},`&Dlo(@XMM[14])`
-+	vtbl.8	`&Dhi(@XMM[7])`,{@XMM[15]},`&Dhi(@XMM[14])`
-+	vmov.i8	@XMM[6],  #0x40
-+	vmov.i8	@XMM[15], #0x80
-+
-+	vtst.8	@XMM[0], @XMM[7], @XMM[8]
-+	vtst.8	@XMM[1], @XMM[7], @XMM[9]
-+	vtst.8	@XMM[2], @XMM[7], @XMM[10]
-+	vtst.8	@XMM[3], @XMM[7], @XMM[11]
-+	vtst.8	@XMM[4], @XMM[7], @XMM[12]
-+	vtst.8	@XMM[5], @XMM[7], @XMM[13]
-+	vtst.8	@XMM[6], @XMM[7], @XMM[6]
-+	vtst.8	@XMM[7], @XMM[7], @XMM[15]
-+	vld1.8	{@XMM[15]}, [$inp]!		@ load next round key
-+	vmvn	@XMM[0], @XMM[0]		@ "pnot"
-+	vmvn	@XMM[1], @XMM[1]
-+	vmvn	@XMM[5], @XMM[5]
-+	vmvn	@XMM[6], @XMM[6]
-+#ifdef __ARMEL__
-+	vrev32.8	@XMM[15], @XMM[15]
-+#endif
-+	subs	$rounds,$rounds,#1
-+	vstmia	$out!,{@XMM[0]-@XMM[7]}		@ write bit-sliced round key
-+	bne	.Lkey_loop
-+
-+	vmov.i8	@XMM[7],#0x63			@ compose .L63
-+	@ don't save last round key
-+	bx	lr
-+.size	_bsaes_key_convert,.-_bsaes_key_convert
-+___
-+}
-+
-+if (0) {		# following four functions are unsupported interface
-+			# used for benchmarking...
-+$code.=<<___;
-+.globl	bsaes_enc_key_convert
-+.type	bsaes_enc_key_convert,%function
-+.align	4
-+bsaes_enc_key_convert:
-+	stmdb	sp!,{r4-r6,lr}
-+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-+
-+	ldr	r5,[$inp,#240]			@ pass rounds
-+	mov	r4,$inp				@ pass key
-+	mov	r12,$out			@ pass key schedule
-+	bl	_bsaes_key_convert
-+	veor	@XMM[7],@XMM[7],@XMM[15]	@ fix up last round key
-+	vstmia	r12, {@XMM[7]}			@ save last round key
-+
-+	vldmia	sp!,{d8-d15}
-+	ldmia	sp!,{r4-r6,pc}
-+.size	bsaes_enc_key_convert,.-bsaes_enc_key_convert
-+
-+.globl	bsaes_encrypt_128
-+.type	bsaes_encrypt_128,%function
-+.align	4
-+bsaes_encrypt_128:
-+	stmdb	sp!,{r4-r6,lr}
-+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-+.Lenc128_loop:
-+	vld1.8	{@XMM[0]-@XMM[1]}, [$inp]!	@ load input
-+	vld1.8	{@XMM[2]-@XMM[3]}, [$inp]!
-+	mov	r4,$key				@ pass the key
-+	vld1.8	{@XMM[4]-@XMM[5]}, [$inp]!
-+	mov	r5,#10				@ pass rounds
-+	vld1.8	{@XMM[6]-@XMM[7]}, [$inp]!
-+
-+	bl	_bsaes_encrypt8
-+
-+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-+	vst1.8	{@XMM[4]}, [$out]!
-+	vst1.8	{@XMM[6]}, [$out]!
-+	vst1.8	{@XMM[3]}, [$out]!
-+	vst1.8	{@XMM[7]}, [$out]!
-+	vst1.8	{@XMM[2]}, [$out]!
-+	subs	$len,$len,#0x80
-+	vst1.8	{@XMM[5]}, [$out]!
-+	bhi	.Lenc128_loop
-+
-+	vldmia	sp!,{d8-d15}
-+	ldmia	sp!,{r4-r6,pc}
-+.size	bsaes_encrypt_128,.-bsaes_encrypt_128
-+
-+.globl	bsaes_dec_key_convert
-+.type	bsaes_dec_key_convert,%function
-+.align	4
-+bsaes_dec_key_convert:
-+	stmdb	sp!,{r4-r6,lr}
-+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-+
-+	ldr	r5,[$inp,#240]			@ pass rounds
-+	mov	r4,$inp				@ pass key
-+	mov	r12,$out			@ pass key schedule
-+	bl	_bsaes_key_convert
-+	vldmia	$out, {@XMM[6]}
-+	vstmia	r12,  {@XMM[15]}		@ save last round key
-+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
-+	vstmia	$out, {@XMM[7]}
-+
-+	vldmia	sp!,{d8-d15}
-+	ldmia	sp!,{r4-r6,pc}
-+.size	bsaes_dec_key_convert,.-bsaes_dec_key_convert
-+
-+.globl	bsaes_decrypt_128
-+.type	bsaes_decrypt_128,%function
-+.align	4
-+bsaes_decrypt_128:
-+	stmdb	sp!,{r4-r6,lr}
-+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-+.Ldec128_loop:
-+	vld1.8	{@XMM[0]-@XMM[1]}, [$inp]!	@ load input
-+	vld1.8	{@XMM[2]-@XMM[3]}, [$inp]!
-+	mov	r4,$key				@ pass the key
-+	vld1.8	{@XMM[4]-@XMM[5]}, [$inp]!
-+	mov	r5,#10				@ pass rounds
-+	vld1.8	{@XMM[6]-@XMM[7]}, [$inp]!
-+
-+	bl	_bsaes_decrypt8
-+
-+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-+	vst1.8	{@XMM[6]}, [$out]!
-+	vst1.8	{@XMM[4]}, [$out]!
-+	vst1.8	{@XMM[2]}, [$out]!
-+	vst1.8	{@XMM[7]}, [$out]!
-+	vst1.8	{@XMM[3]}, [$out]!
-+	subs	$len,$len,#0x80
-+	vst1.8	{@XMM[5]}, [$out]!
-+	bhi	.Ldec128_loop
-+
-+	vldmia	sp!,{d8-d15}
-+	ldmia	sp!,{r4-r6,pc}
-+.size	bsaes_decrypt_128,.-bsaes_decrypt_128
-+___
-+}
-+{
-+my ($inp,$out,$len,$key, $ivp,$fp,$rounds)=map("r$_",(0..3,8..10));
-+my ($keysched)=("sp");
-+
-+$code.=<<___;
-+.extern AES_cbc_encrypt
-+.extern AES_decrypt
-+
-+.global	bsaes_cbc_encrypt
-+.type	bsaes_cbc_encrypt,%function
-+.align	5
-+bsaes_cbc_encrypt:
-+#ifndef	__KERNEL__
-+	cmp	$len, #128
-+#ifndef	__thumb__
-+	blo	AES_cbc_encrypt
-+#else
-+	bhs	1f
-+	b	AES_cbc_encrypt
-+1:
-+#endif
-+#endif
-+
-+	@ it is up to the caller to make sure we are called with enc == 0
-+
-+	mov	ip, sp
-+	stmdb	sp!, {r4-r10, lr}
-+	VFP_ABI_PUSH
-+	ldr	$ivp, [ip]			@ IV is 1st arg on the stack
-+	mov	$len, $len, lsr#4		@ len in 16 byte blocks
-+	sub	sp, #0x10			@ scratch space to carry over the IV
-+	mov	$fp, sp				@ save sp
-+
-+	ldr	$rounds, [$key, #240]		@ get # of rounds
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	@ allocate the key schedule on the stack
-+	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
-+	add	r12, #`128-32`			@ sifze of bit-slices key schedule
-+
-+	@ populate the key schedule
-+	mov	r4, $key			@ pass key
-+	mov	r5, $rounds			@ pass # of rounds
-+	mov	sp, r12				@ sp is $keysched
-+	bl	_bsaes_key_convert
-+	vldmia	$keysched, {@XMM[6]}
-+	vstmia	r12,  {@XMM[15]}		@ save last round key
-+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
-+	vstmia	$keysched, {@XMM[7]}
-+#else
-+	ldr	r12, [$key, #244]
-+	eors	r12, #1
-+	beq	0f
-+
-+	@ populate the key schedule
-+	str	r12, [$key, #244]
-+	mov	r4, $key			@ pass key
-+	mov	r5, $rounds			@ pass # of rounds
-+	add	r12, $key, #248			@ pass key schedule
-+	bl	_bsaes_key_convert
-+	add	r4, $key, #248
-+	vldmia	r4, {@XMM[6]}
-+	vstmia	r12, {@XMM[15]}			@ save last round key
-+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
-+	vstmia	r4, {@XMM[7]}
-+
-+.align	2
-+0:
-+#endif
-+
-+	vld1.8	{@XMM[15]}, [$ivp]		@ load IV
-+	b	.Lcbc_dec_loop
-+
-+.align	4
-+.Lcbc_dec_loop:
-+	subs	$len, $len, #0x8
-+	bmi	.Lcbc_dec_loop_finish
-+
-+	vld1.8	{@XMM[0]-@XMM[1]}, [$inp]!	@ load input
-+	vld1.8	{@XMM[2]-@XMM[3]}, [$inp]!
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	mov	r4, $keysched			@ pass the key
-+#else
-+	add	r4, $key, #248
-+#endif
-+	vld1.8	{@XMM[4]-@XMM[5]}, [$inp]!
-+	mov	r5, $rounds
-+	vld1.8	{@XMM[6]-@XMM[7]}, [$inp]
-+	sub	$inp, $inp, #0x60
-+	vstmia	$fp, {@XMM[15]}			@ put aside IV
-+
-+	bl	_bsaes_decrypt8
-+
-+	vldmia	$fp, {@XMM[14]}			@ reload IV
-+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
-+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-+	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
-+	veor	@XMM[1], @XMM[1], @XMM[8]
-+	veor	@XMM[6], @XMM[6], @XMM[9]
-+	vld1.8	{@XMM[12]-@XMM[13]}, [$inp]!
-+	veor	@XMM[4], @XMM[4], @XMM[10]
-+	veor	@XMM[2], @XMM[2], @XMM[11]
-+	vld1.8	{@XMM[14]-@XMM[15]}, [$inp]!
-+	veor	@XMM[7], @XMM[7], @XMM[12]
-+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-+	veor	@XMM[3], @XMM[3], @XMM[13]
-+	vst1.8	{@XMM[6]}, [$out]!
-+	veor	@XMM[5], @XMM[5], @XMM[14]
-+	vst1.8	{@XMM[4]}, [$out]!
-+	vst1.8	{@XMM[2]}, [$out]!
-+	vst1.8	{@XMM[7]}, [$out]!
-+	vst1.8	{@XMM[3]}, [$out]!
-+	vst1.8	{@XMM[5]}, [$out]!
-+
-+	b	.Lcbc_dec_loop
-+
-+.Lcbc_dec_loop_finish:
-+	adds	$len, $len, #8
-+	beq	.Lcbc_dec_done
-+
-+	vld1.8	{@XMM[0]}, [$inp]!		@ load input
-+	cmp	$len, #2
-+	blo	.Lcbc_dec_one
-+	vld1.8	{@XMM[1]}, [$inp]!
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	mov	r4, $keysched			@ pass the key
-+#else
-+	add	r4, $key, #248
-+#endif
-+	mov	r5, $rounds
-+	vstmia	$fp, {@XMM[15]}			@ put aside IV
-+	beq	.Lcbc_dec_two
-+	vld1.8	{@XMM[2]}, [$inp]!
-+	cmp	$len, #4
-+	blo	.Lcbc_dec_three
-+	vld1.8	{@XMM[3]}, [$inp]!
-+	beq	.Lcbc_dec_four
-+	vld1.8	{@XMM[4]}, [$inp]!
-+	cmp	$len, #6
-+	blo	.Lcbc_dec_five
-+	vld1.8	{@XMM[5]}, [$inp]!
-+	beq	.Lcbc_dec_six
-+	vld1.8	{@XMM[6]}, [$inp]!
-+	sub	$inp, $inp, #0x70
-+
-+	bl	_bsaes_decrypt8
-+
-+	vldmia	$fp, {@XMM[14]}			@ reload IV
-+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
-+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-+	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
-+	veor	@XMM[1], @XMM[1], @XMM[8]
-+	veor	@XMM[6], @XMM[6], @XMM[9]
-+	vld1.8	{@XMM[12]-@XMM[13]}, [$inp]!
-+	veor	@XMM[4], @XMM[4], @XMM[10]
-+	veor	@XMM[2], @XMM[2], @XMM[11]
-+	vld1.8	{@XMM[15]}, [$inp]!
-+	veor	@XMM[7], @XMM[7], @XMM[12]
-+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-+	veor	@XMM[3], @XMM[3], @XMM[13]
-+	vst1.8	{@XMM[6]}, [$out]!
-+	vst1.8	{@XMM[4]}, [$out]!
-+	vst1.8	{@XMM[2]}, [$out]!
-+	vst1.8	{@XMM[7]}, [$out]!
-+	vst1.8	{@XMM[3]}, [$out]!
-+	b	.Lcbc_dec_done
-+.align	4
-+.Lcbc_dec_six:
-+	sub	$inp, $inp, #0x60
-+	bl	_bsaes_decrypt8
-+	vldmia	$fp,{@XMM[14]}			@ reload IV
-+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
-+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-+	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
-+	veor	@XMM[1], @XMM[1], @XMM[8]
-+	veor	@XMM[6], @XMM[6], @XMM[9]
-+	vld1.8	{@XMM[12]}, [$inp]!
-+	veor	@XMM[4], @XMM[4], @XMM[10]
-+	veor	@XMM[2], @XMM[2], @XMM[11]
-+	vld1.8	{@XMM[15]}, [$inp]!
-+	veor	@XMM[7], @XMM[7], @XMM[12]
-+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-+	vst1.8	{@XMM[6]}, [$out]!
-+	vst1.8	{@XMM[4]}, [$out]!
-+	vst1.8	{@XMM[2]}, [$out]!
-+	vst1.8	{@XMM[7]}, [$out]!
-+	b	.Lcbc_dec_done
-+.align	4
-+.Lcbc_dec_five:
-+	sub	$inp, $inp, #0x50
-+	bl	_bsaes_decrypt8
-+	vldmia	$fp, {@XMM[14]}			@ reload IV
-+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
-+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-+	vld1.8	{@XMM[10]-@XMM[11]}, [$inp]!
-+	veor	@XMM[1], @XMM[1], @XMM[8]
-+	veor	@XMM[6], @XMM[6], @XMM[9]
-+	vld1.8	{@XMM[15]}, [$inp]!
-+	veor	@XMM[4], @XMM[4], @XMM[10]
-+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-+	veor	@XMM[2], @XMM[2], @XMM[11]
-+	vst1.8	{@XMM[6]}, [$out]!
-+	vst1.8	{@XMM[4]}, [$out]!
-+	vst1.8	{@XMM[2]}, [$out]!
-+	b	.Lcbc_dec_done
-+.align	4
-+.Lcbc_dec_four:
-+	sub	$inp, $inp, #0x40
-+	bl	_bsaes_decrypt8
-+	vldmia	$fp, {@XMM[14]}			@ reload IV
-+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
-+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-+	vld1.8	{@XMM[10]}, [$inp]!
-+	veor	@XMM[1], @XMM[1], @XMM[8]
-+	veor	@XMM[6], @XMM[6], @XMM[9]
-+	vld1.8	{@XMM[15]}, [$inp]!
-+	veor	@XMM[4], @XMM[4], @XMM[10]
-+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-+	vst1.8	{@XMM[6]}, [$out]!
-+	vst1.8	{@XMM[4]}, [$out]!
-+	b	.Lcbc_dec_done
-+.align	4
-+.Lcbc_dec_three:
-+	sub	$inp, $inp, #0x30
-+	bl	_bsaes_decrypt8
-+	vldmia	$fp, {@XMM[14]}			@ reload IV
-+	vld1.8	{@XMM[8]-@XMM[9]}, [$inp]!	@ reload input
-+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-+	vld1.8	{@XMM[15]}, [$inp]!
-+	veor	@XMM[1], @XMM[1], @XMM[8]
-+	veor	@XMM[6], @XMM[6], @XMM[9]
-+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-+	vst1.8	{@XMM[6]}, [$out]!
-+	b	.Lcbc_dec_done
-+.align	4
-+.Lcbc_dec_two:
-+	sub	$inp, $inp, #0x20
-+	bl	_bsaes_decrypt8
-+	vldmia	$fp, {@XMM[14]}			@ reload IV
-+	vld1.8	{@XMM[8]}, [$inp]!		@ reload input
-+	veor	@XMM[0], @XMM[0], @XMM[14]	@ ^= IV
-+	vld1.8	{@XMM[15]}, [$inp]!		@ reload input
-+	veor	@XMM[1], @XMM[1], @XMM[8]
-+	vst1.8	{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-+	b	.Lcbc_dec_done
-+.align	4
-+.Lcbc_dec_one:
-+	sub	$inp, $inp, #0x10
-+	mov	$rounds, $out			@ save original out pointer
-+	mov	$out, $fp			@ use the iv scratch space as out buffer
-+	mov	r2, $key
-+	vmov	@XMM[4],@XMM[15]		@ just in case ensure that IV
-+	vmov	@XMM[5],@XMM[0]			@ and input are preserved
-+	bl	AES_decrypt
-+	vld1.8	{@XMM[0]}, [$fp,:64]		@ load result
-+	veor	@XMM[0], @XMM[0], @XMM[4]	@ ^= IV
-+	vmov	@XMM[15], @XMM[5]		@ @XMM[5] holds input
-+	vst1.8	{@XMM[0]}, [$rounds]		@ write output
-+
-+.Lcbc_dec_done:
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	vmov.i32	q0, #0
-+	vmov.i32	q1, #0
-+.Lcbc_dec_bzero:				@ wipe key schedule [if any]
-+	vstmia		$keysched!, {q0-q1}
-+	cmp		$keysched, $fp
-+	bne		.Lcbc_dec_bzero
-+#endif
-+
-+	mov	sp, $fp
-+	add	sp, #0x10			@ add sp,$fp,#0x10 is no good for thumb
-+	vst1.8	{@XMM[15]}, [$ivp]		@ return IV
-+	VFP_ABI_POP
-+	ldmia	sp!, {r4-r10, pc}
-+.size	bsaes_cbc_encrypt,.-bsaes_cbc_encrypt
-+___
-+}
-+{
-+my ($inp,$out,$len,$key, $ctr,$fp,$rounds)=(map("r$_",(0..3,8..10)));
-+my $const = "r6";	# shared with _bsaes_encrypt8_alt
-+my $keysched = "sp";
-+
-+$code.=<<___;
-+.extern	AES_encrypt
-+.global	bsaes_ctr32_encrypt_blocks
-+.type	bsaes_ctr32_encrypt_blocks,%function
-+.align	5
-+bsaes_ctr32_encrypt_blocks:
-+	cmp	$len, #8			@ use plain AES for
-+	blo	.Lctr_enc_short			@ small sizes
-+
-+	mov	ip, sp
-+	stmdb	sp!, {r4-r10, lr}
-+	VFP_ABI_PUSH
-+	ldr	$ctr, [ip]			@ ctr is 1st arg on the stack
-+	sub	sp, sp, #0x10			@ scratch space to carry over the ctr
-+	mov	$fp, sp				@ save sp
-+
-+	ldr	$rounds, [$key, #240]		@ get # of rounds
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	@ allocate the key schedule on the stack
-+	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
-+	add	r12, #`128-32`			@ size of bit-sliced key schedule
-+
-+	@ populate the key schedule
-+	mov	r4, $key			@ pass key
-+	mov	r5, $rounds			@ pass # of rounds
-+	mov	sp, r12				@ sp is $keysched
-+	bl	_bsaes_key_convert
-+	veor	@XMM[7],@XMM[7],@XMM[15]	@ fix up last round key
-+	vstmia	r12, {@XMM[7]}			@ save last round key
-+
-+	vld1.8	{@XMM[0]}, [$ctr]		@ load counter
-+	add	$ctr, $const, #.LREVM0SR-.LM0	@ borrow $ctr
-+	vldmia	$keysched, {@XMM[4]}		@ load round0 key
-+#else
-+	ldr	r12, [$key, #244]
-+	eors	r12, #1
-+	beq	0f
-+
-+	@ populate the key schedule
-+	str	r12, [$key, #244]
-+	mov	r4, $key			@ pass key
-+	mov	r5, $rounds			@ pass # of rounds
-+	add	r12, $key, #248			@ pass key schedule
-+	bl	_bsaes_key_convert
-+	veor	@XMM[7],@XMM[7],@XMM[15]	@ fix up last round key
-+	vstmia	r12, {@XMM[7]}			@ save last round key
-+
-+.align	2
-+0:	add	r12, $key, #248
-+	vld1.8	{@XMM[0]}, [$ctr]		@ load counter
-+	adrl	$ctr, .LREVM0SR			@ borrow $ctr
-+	vldmia	r12, {@XMM[4]}			@ load round0 key
-+	sub	sp, #0x10			@ place for adjusted round0 key
-+#endif
-+
-+	vmov.i32	@XMM[8],#1		@ compose 1<<96
-+	veor		@XMM[9],@XMM[9],@XMM[9]
-+	vrev32.8	@XMM[0],@XMM[0]
-+	vext.8		@XMM[8],@XMM[9],@XMM[8],#4
-+	vrev32.8	@XMM[4],@XMM[4]
-+	vadd.u32	@XMM[9],@XMM[8],@XMM[8]	@ compose 2<<96
-+	vstmia	$keysched, {@XMM[4]}		@ save adjusted round0 key
-+	b	.Lctr_enc_loop
-+
-+.align	4
-+.Lctr_enc_loop:
-+	vadd.u32	@XMM[10], @XMM[8], @XMM[9]	@ compose 3<<96
-+	vadd.u32	@XMM[1], @XMM[0], @XMM[8]	@ +1
-+	vadd.u32	@XMM[2], @XMM[0], @XMM[9]	@ +2
-+	vadd.u32	@XMM[3], @XMM[0], @XMM[10]	@ +3
-+	vadd.u32	@XMM[4], @XMM[1], @XMM[10]
-+	vadd.u32	@XMM[5], @XMM[2], @XMM[10]
-+	vadd.u32	@XMM[6], @XMM[3], @XMM[10]
-+	vadd.u32	@XMM[7], @XMM[4], @XMM[10]
-+	vadd.u32	@XMM[10], @XMM[5], @XMM[10]	@ next counter
-+
-+	@ Borrow prologue from _bsaes_encrypt8 to use the opportunity
-+	@ to flip byte order in 32-bit counter
-+
-+	vldmia		$keysched, {@XMM[9]}		@ load round0 key
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, $keysched, #0x10		@ pass next round key
-+#else
-+	add		r4, $key, #`248+16`
-+#endif
-+	vldmia		$ctr, {@XMM[8]}			@ .LREVM0SR
-+	mov		r5, $rounds			@ pass rounds
-+	vstmia		$fp, {@XMM[10]}			@ save next counter
-+	sub		$const, $ctr, #.LREVM0SR-.LSR	@ pass constants
-+
-+	bl		_bsaes_encrypt8_alt
-+
-+	subs		$len, $len, #8
-+	blo		.Lctr_enc_loop_done
-+
-+	vld1.8		{@XMM[8]-@XMM[9]}, [$inp]!	@ load input
-+	vld1.8		{@XMM[10]-@XMM[11]}, [$inp]!
-+	veor		@XMM[0], @XMM[8]
-+	veor		@XMM[1], @XMM[9]
-+	vld1.8		{@XMM[12]-@XMM[13]}, [$inp]!
-+	veor		@XMM[4], @XMM[10]
-+	veor		@XMM[6], @XMM[11]
-+	vld1.8		{@XMM[14]-@XMM[15]}, [$inp]!
-+	veor		@XMM[3], @XMM[12]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!	@ write output
-+	veor		@XMM[7], @XMM[13]
-+	veor		@XMM[2], @XMM[14]
-+	vst1.8		{@XMM[4]}, [$out]!
-+	veor		@XMM[5], @XMM[15]
-+	vst1.8		{@XMM[6]}, [$out]!
-+	vmov.i32	@XMM[8], #1			@ compose 1<<96
-+	vst1.8		{@XMM[3]}, [$out]!
-+	veor		@XMM[9], @XMM[9], @XMM[9]
-+	vst1.8		{@XMM[7]}, [$out]!
-+	vext.8		@XMM[8], @XMM[9], @XMM[8], #4
-+	vst1.8		{@XMM[2]}, [$out]!
-+	vadd.u32	@XMM[9],@XMM[8],@XMM[8]		@ compose 2<<96
-+	vst1.8		{@XMM[5]}, [$out]!
-+	vldmia		$fp, {@XMM[0]}			@ load counter
-+
-+	bne		.Lctr_enc_loop
-+	b		.Lctr_enc_done
-+
-+.align	4
-+.Lctr_enc_loop_done:
-+	add		$len, $len, #8
-+	vld1.8		{@XMM[8]}, [$inp]!	@ load input
-+	veor		@XMM[0], @XMM[8]
-+	vst1.8		{@XMM[0]}, [$out]!	@ write output
-+	cmp		$len, #2
-+	blo		.Lctr_enc_done
-+	vld1.8		{@XMM[9]}, [$inp]!
-+	veor		@XMM[1], @XMM[9]
-+	vst1.8		{@XMM[1]}, [$out]!
-+	beq		.Lctr_enc_done
-+	vld1.8		{@XMM[10]}, [$inp]!
-+	veor		@XMM[4], @XMM[10]
-+	vst1.8		{@XMM[4]}, [$out]!
-+	cmp		$len, #4
-+	blo		.Lctr_enc_done
-+	vld1.8		{@XMM[11]}, [$inp]!
-+	veor		@XMM[6], @XMM[11]
-+	vst1.8		{@XMM[6]}, [$out]!
-+	beq		.Lctr_enc_done
-+	vld1.8		{@XMM[12]}, [$inp]!
-+	veor		@XMM[3], @XMM[12]
-+	vst1.8		{@XMM[3]}, [$out]!
-+	cmp		$len, #6
-+	blo		.Lctr_enc_done
-+	vld1.8		{@XMM[13]}, [$inp]!
-+	veor		@XMM[7], @XMM[13]
-+	vst1.8		{@XMM[7]}, [$out]!
-+	beq		.Lctr_enc_done
-+	vld1.8		{@XMM[14]}, [$inp]
-+	veor		@XMM[2], @XMM[14]
-+	vst1.8		{@XMM[2]}, [$out]!
-+
-+.Lctr_enc_done:
-+	vmov.i32	q0, #0
-+	vmov.i32	q1, #0
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+.Lctr_enc_bzero:			@ wipe key schedule [if any]
-+	vstmia		$keysched!, {q0-q1}
-+	cmp		$keysched, $fp
-+	bne		.Lctr_enc_bzero
-+#else
-+	vstmia		$keysched, {q0-q1}
-+#endif
-+
-+	mov	sp, $fp
-+	add	sp, #0x10		@ add sp,$fp,#0x10 is no good for thumb
-+	VFP_ABI_POP
-+	ldmia	sp!, {r4-r10, pc}	@ return
-+
-+.align	4
-+.Lctr_enc_short:
-+	ldr	ip, [sp]		@ ctr pointer is passed on stack
-+	stmdb	sp!, {r4-r8, lr}
-+
-+	mov	r4, $inp		@ copy arguments
-+	mov	r5, $out
-+	mov	r6, $len
-+	mov	r7, $key
-+	ldr	r8, [ip, #12]		@ load counter LSW
-+	vld1.8	{@XMM[1]}, [ip]		@ load whole counter value
-+#ifdef __ARMEL__
-+	rev	r8, r8
-+#endif
-+	sub	sp, sp, #0x10
-+	vst1.8	{@XMM[1]}, [sp,:64]	@ copy counter value
-+	sub	sp, sp, #0x10
-+
-+.Lctr_enc_short_loop:
-+	add	r0, sp, #0x10		@ input counter value
-+	mov	r1, sp			@ output on the stack
-+	mov	r2, r7			@ key
-+
-+	bl	AES_encrypt
-+
-+	vld1.8	{@XMM[0]}, [r4]!	@ load input
-+	vld1.8	{@XMM[1]}, [sp,:64]	@ load encrypted counter
-+	add	r8, r8, #1
-+#ifdef __ARMEL__
-+	rev	r0, r8
-+	str	r0, [sp, #0x1c]		@ next counter value
-+#else
-+	str	r8, [sp, #0x1c]		@ next counter value
-+#endif
-+	veor	@XMM[0],@XMM[0],@XMM[1]
-+	vst1.8	{@XMM[0]}, [r5]!	@ store output
-+	subs	r6, r6, #1
-+	bne	.Lctr_enc_short_loop
-+
-+	vmov.i32	q0, #0
-+	vmov.i32	q1, #0
-+	vstmia		sp!, {q0-q1}
-+
-+	ldmia	sp!, {r4-r8, pc}
-+.size	bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks
-+___
-+}
-+{
-+######################################################################
-+# void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len,
-+#	const AES_KEY *key1, const AES_KEY *key2,
-+#	const unsigned char iv[16]);
-+#
-+my ($inp,$out,$len,$key,$rounds,$magic,$fp)=(map("r$_",(7..10,1..3)));
-+my $const="r6";		# returned by _bsaes_key_convert
-+my $twmask=@XMM[5];
-+my @T=@XMM[6..7];
-+
-+$code.=<<___;
-+.globl	bsaes_xts_encrypt
-+.type	bsaes_xts_encrypt,%function
-+.align	4
-+bsaes_xts_encrypt:
-+	mov	ip, sp
-+	stmdb	sp!, {r4-r10, lr}		@ 0x20
-+	VFP_ABI_PUSH
-+	mov	r6, sp				@ future $fp
-+
-+	mov	$inp, r0
-+	mov	$out, r1
-+	mov	$len, r2
-+	mov	$key, r3
-+
-+	sub	r0, sp, #0x10			@ 0x10
-+	bic	r0, #0xf			@ align at 16 bytes
-+	mov	sp, r0
-+
-+#ifdef	XTS_CHAIN_TWEAK
-+	ldr	r0, [ip]			@ pointer to input tweak
-+#else
-+	@ generate initial tweak
-+	ldr	r0, [ip, #4]			@ iv[]
-+	mov	r1, sp
-+	ldr	r2, [ip, #0]			@ key2
-+	bl	AES_encrypt
-+	mov	r0,sp				@ pointer to initial tweak
-+#endif
-+
-+	ldr	$rounds, [$key, #240]		@ get # of rounds
-+	mov	$fp, r6
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	@ allocate the key schedule on the stack
-+	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
-+	@ add	r12, #`128-32`			@ size of bit-sliced key schedule
-+	sub	r12, #`32+16`			@ place for tweak[9]
-+
-+	@ populate the key schedule
-+	mov	r4, $key			@ pass key
-+	mov	r5, $rounds			@ pass # of rounds
-+	mov	sp, r12
-+	add	r12, #0x90			@ pass key schedule
-+	bl	_bsaes_key_convert
-+	veor	@XMM[7], @XMM[7], @XMM[15]	@ fix up last round key
-+	vstmia	r12, {@XMM[7]}			@ save last round key
-+#else
-+	ldr	r12, [$key, #244]
-+	eors	r12, #1
-+	beq	0f
-+
-+	str	r12, [$key, #244]
-+	mov	r4, $key			@ pass key
-+	mov	r5, $rounds			@ pass # of rounds
-+	add	r12, $key, #248			@ pass key schedule
-+	bl	_bsaes_key_convert
-+	veor	@XMM[7], @XMM[7], @XMM[15]	@ fix up last round key
-+	vstmia	r12, {@XMM[7]}
-+
-+.align	2
-+0:	sub	sp, #0x90			@ place for tweak[9]
-+#endif
-+
-+	vld1.8	{@XMM[8]}, [r0]			@ initial tweak
-+	adr	$magic, .Lxts_magic
-+
-+	subs	$len, #0x80
-+	blo	.Lxts_enc_short
-+	b	.Lxts_enc_loop
-+
-+.align	4
-+.Lxts_enc_loop:
-+	vldmia		$magic, {$twmask}	@ load XTS magic
-+	vshr.s64	@T[0], @XMM[8], #63
-+	mov		r0, sp
-+	vand		@T[0], @T[0], $twmask
-+___
-+for($i=9;$i<16;$i++) {
-+$code.=<<___;
-+	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
-+	vst1.64		{@XMM[$i-1]}, [r0,:128]!
-+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
-+	vshr.s64	@T[1], @XMM[$i], #63
-+	veor		@XMM[$i], @XMM[$i], @T[0]
-+	vand		@T[1], @T[1], $twmask
-+___
-+	@T=reverse(@T);
-+
-+$code.=<<___ if ($i>=10);
-+	vld1.8		{@XMM[$i-10]}, [$inp]!
-+___
-+$code.=<<___ if ($i>=11);
-+	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
-+___
-+}
-+$code.=<<___;
-+	vadd.u64	@XMM[8], @XMM[15], @XMM[15]
-+	vst1.64		{@XMM[15]}, [r0,:128]!
-+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
-+	veor		@XMM[8], @XMM[8], @T[0]
-+	vst1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+
-+	vld1.8		{@XMM[6]-@XMM[7]}, [$inp]!
-+	veor		@XMM[5], @XMM[5], @XMM[13]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[6], @XMM[6], @XMM[14]
-+	mov		r5, $rounds			@ pass rounds
-+	veor		@XMM[7], @XMM[7], @XMM[15]
-+	mov		r0, sp
-+
-+	bl		_bsaes_encrypt8
-+
-+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	veor		@XMM[8], @XMM[4], @XMM[10]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+	veor		@XMM[9], @XMM[6], @XMM[11]
-+	vld1.64		{@XMM[14]-@XMM[15]}, [r0,:128]!
-+	veor		@XMM[10], @XMM[3], @XMM[12]
-+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-+	veor		@XMM[11], @XMM[7], @XMM[13]
-+	veor		@XMM[12], @XMM[2], @XMM[14]
-+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
-+	veor		@XMM[13], @XMM[5], @XMM[15]
-+	vst1.8		{@XMM[12]-@XMM[13]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+
-+	subs		$len, #0x80
-+	bpl		.Lxts_enc_loop
-+
-+.Lxts_enc_short:
-+	adds		$len, #0x70
-+	bmi		.Lxts_enc_done
-+
-+	vldmia		$magic, {$twmask}	@ load XTS magic
-+	vshr.s64	@T[0], @XMM[8], #63
-+	mov		r0, sp
-+	vand		@T[0], @T[0], $twmask
-+___
-+for($i=9;$i<16;$i++) {
-+$code.=<<___;
-+	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
-+	vst1.64		{@XMM[$i-1]}, [r0,:128]!
-+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
-+	vshr.s64	@T[1], @XMM[$i], #63
-+	veor		@XMM[$i], @XMM[$i], @T[0]
-+	vand		@T[1], @T[1], $twmask
-+___
-+	@T=reverse(@T);
-+
-+$code.=<<___ if ($i>=10);
-+	vld1.8		{@XMM[$i-10]}, [$inp]!
-+	subs		$len, #0x10
-+	bmi		.Lxts_enc_`$i-9`
-+___
-+$code.=<<___ if ($i>=11);
-+	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
-+___
-+}
-+$code.=<<___;
-+	sub		$len, #0x10
-+	vst1.64		{@XMM[15]}, [r0,:128]		@ next round tweak
-+
-+	vld1.8		{@XMM[6]}, [$inp]!
-+	veor		@XMM[5], @XMM[5], @XMM[13]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[6], @XMM[6], @XMM[14]
-+	mov		r5, $rounds			@ pass rounds
-+	mov		r0, sp
-+
-+	bl		_bsaes_encrypt8
-+
-+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	veor		@XMM[8], @XMM[4], @XMM[10]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+	veor		@XMM[9], @XMM[6], @XMM[11]
-+	vld1.64		{@XMM[14]}, [r0,:128]!
-+	veor		@XMM[10], @XMM[3], @XMM[12]
-+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-+	veor		@XMM[11], @XMM[7], @XMM[13]
-+	veor		@XMM[12], @XMM[2], @XMM[14]
-+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
-+	vst1.8		{@XMM[12]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+	b		.Lxts_enc_done
-+.align	4
-+.Lxts_enc_6:
-+	vst1.64		{@XMM[14]}, [r0,:128]		@ next round tweak
-+
-+	veor		@XMM[4], @XMM[4], @XMM[12]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[5], @XMM[5], @XMM[13]
-+	mov		r5, $rounds			@ pass rounds
-+	mov		r0, sp
-+
-+	bl		_bsaes_encrypt8
-+
-+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	veor		@XMM[8], @XMM[4], @XMM[10]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+	veor		@XMM[9], @XMM[6], @XMM[11]
-+	veor		@XMM[10], @XMM[3], @XMM[12]
-+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-+	veor		@XMM[11], @XMM[7], @XMM[13]
-+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+	b		.Lxts_enc_done
-+
-+@ put this in range for both ARM and Thumb mode adr instructions
-+.align	5
-+.Lxts_magic:
-+	.quad	1, 0x87
-+
-+.align	5
-+.Lxts_enc_5:
-+	vst1.64		{@XMM[13]}, [r0,:128]		@ next round tweak
-+
-+	veor		@XMM[3], @XMM[3], @XMM[11]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[4], @XMM[4], @XMM[12]
-+	mov		r5, $rounds			@ pass rounds
-+	mov		r0, sp
-+
-+	bl		_bsaes_encrypt8
-+
-+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	vld1.64		{@XMM[12]}, [r0,:128]!
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	veor		@XMM[8], @XMM[4], @XMM[10]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+	veor		@XMM[9], @XMM[6], @XMM[11]
-+	veor		@XMM[10], @XMM[3], @XMM[12]
-+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-+	vst1.8		{@XMM[10]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+	b		.Lxts_enc_done
-+.align	4
-+.Lxts_enc_4:
-+	vst1.64		{@XMM[12]}, [r0,:128]		@ next round tweak
-+
-+	veor		@XMM[2], @XMM[2], @XMM[10]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[3], @XMM[3], @XMM[11]
-+	mov		r5, $rounds			@ pass rounds
-+	mov		r0, sp
-+
-+	bl		_bsaes_encrypt8
-+
-+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	veor		@XMM[8], @XMM[4], @XMM[10]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+	veor		@XMM[9], @XMM[6], @XMM[11]
-+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+	b		.Lxts_enc_done
-+.align	4
-+.Lxts_enc_3:
-+	vst1.64		{@XMM[11]}, [r0,:128]		@ next round tweak
-+
-+	veor		@XMM[1], @XMM[1], @XMM[9]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[2], @XMM[2], @XMM[10]
-+	mov		r5, $rounds			@ pass rounds
-+	mov		r0, sp
-+
-+	bl		_bsaes_encrypt8
-+
-+	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
-+	vld1.64		{@XMM[10]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	veor		@XMM[8], @XMM[4], @XMM[10]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+	vst1.8		{@XMM[8]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+	b		.Lxts_enc_done
-+.align	4
-+.Lxts_enc_2:
-+	vst1.64		{@XMM[10]}, [r0,:128]		@ next round tweak
-+
-+	veor		@XMM[0], @XMM[0], @XMM[8]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[1], @XMM[1], @XMM[9]
-+	mov		r5, $rounds			@ pass rounds
-+	mov		r0, sp
-+
-+	bl		_bsaes_encrypt8
-+
-+	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+	b		.Lxts_enc_done
-+.align	4
-+.Lxts_enc_1:
-+	mov		r0, sp
-+	veor		@XMM[0], @XMM[8]
-+	mov		r1, sp
-+	vst1.8		{@XMM[0]}, [sp,:128]
-+	mov		r2, $key
-+	mov		r4, $fp				@ preserve fp
-+
-+	bl		AES_encrypt
-+
-+	vld1.8		{@XMM[0]}, [sp,:128]
-+	veor		@XMM[0], @XMM[0], @XMM[8]
-+	vst1.8		{@XMM[0]}, [$out]!
-+	mov		$fp, r4
-+
-+	vmov		@XMM[8], @XMM[9]		@ next round tweak
-+
-+.Lxts_enc_done:
-+#ifndef	XTS_CHAIN_TWEAK
-+	adds		$len, #0x10
-+	beq		.Lxts_enc_ret
-+	sub		r6, $out, #0x10
-+
-+.Lxts_enc_steal:
-+	ldrb		r0, [$inp], #1
-+	ldrb		r1, [$out, #-0x10]
-+	strb		r0, [$out, #-0x10]
-+	strb		r1, [$out], #1
-+
-+	subs		$len, #1
-+	bhi		.Lxts_enc_steal
-+
-+	vld1.8		{@XMM[0]}, [r6]
-+	mov		r0, sp
-+	veor		@XMM[0], @XMM[0], @XMM[8]
-+	mov		r1, sp
-+	vst1.8		{@XMM[0]}, [sp,:128]
-+	mov		r2, $key
-+	mov		r4, $fp			@ preserve fp
-+
-+	bl		AES_encrypt
-+
-+	vld1.8		{@XMM[0]}, [sp,:128]
-+	veor		@XMM[0], @XMM[0], @XMM[8]
-+	vst1.8		{@XMM[0]}, [r6]
-+	mov		$fp, r4
-+#endif
-+
-+.Lxts_enc_ret:
-+	bic		r0, $fp, #0xf
-+	vmov.i32	q0, #0
-+	vmov.i32	q1, #0
-+#ifdef	XTS_CHAIN_TWEAK
-+	ldr		r1, [$fp, #0x20+VFP_ABI_FRAME]	@ chain tweak
-+#endif
-+.Lxts_enc_bzero:				@ wipe key schedule [if any]
-+	vstmia		sp!, {q0-q1}
-+	cmp		sp, r0
-+	bne		.Lxts_enc_bzero
-+
-+	mov		sp, $fp
-+#ifdef	XTS_CHAIN_TWEAK
-+	vst1.8		{@XMM[8]}, [r1]
-+#endif
-+	VFP_ABI_POP
-+	ldmia		sp!, {r4-r10, pc}	@ return
-+
-+.size	bsaes_xts_encrypt,.-bsaes_xts_encrypt
-+
-+.globl	bsaes_xts_decrypt
-+.type	bsaes_xts_decrypt,%function
-+.align	4
-+bsaes_xts_decrypt:
-+	mov	ip, sp
-+	stmdb	sp!, {r4-r10, lr}		@ 0x20
-+	VFP_ABI_PUSH
-+	mov	r6, sp				@ future $fp
-+
-+	mov	$inp, r0
-+	mov	$out, r1
-+	mov	$len, r2
-+	mov	$key, r3
-+
-+	sub	r0, sp, #0x10			@ 0x10
-+	bic	r0, #0xf			@ align at 16 bytes
-+	mov	sp, r0
-+
-+#ifdef	XTS_CHAIN_TWEAK
-+	ldr	r0, [ip]			@ pointer to input tweak
-+#else
-+	@ generate initial tweak
-+	ldr	r0, [ip, #4]			@ iv[]
-+	mov	r1, sp
-+	ldr	r2, [ip, #0]			@ key2
-+	bl	AES_encrypt
-+	mov	r0, sp				@ pointer to initial tweak
-+#endif
-+
-+	ldr	$rounds, [$key, #240]		@ get # of rounds
-+	mov	$fp, r6
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	@ allocate the key schedule on the stack
-+	sub	r12, sp, $rounds, lsl#7		@ 128 bytes per inner round key
-+	@ add	r12, #`128-32`			@ size of bit-sliced key schedule
-+	sub	r12, #`32+16`			@ place for tweak[9]
-+
-+	@ populate the key schedule
-+	mov	r4, $key			@ pass key
-+	mov	r5, $rounds			@ pass # of rounds
-+	mov	sp, r12
-+	add	r12, #0x90			@ pass key schedule
-+	bl	_bsaes_key_convert
-+	add	r4, sp, #0x90
-+	vldmia	r4, {@XMM[6]}
-+	vstmia	r12,  {@XMM[15]}		@ save last round key
-+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
-+	vstmia	r4, {@XMM[7]}
-+#else
-+	ldr	r12, [$key, #244]
-+	eors	r12, #1
-+	beq	0f
-+
-+	str	r12, [$key, #244]
-+	mov	r4, $key			@ pass key
-+	mov	r5, $rounds			@ pass # of rounds
-+	add	r12, $key, #248			@ pass key schedule
-+	bl	_bsaes_key_convert
-+	add	r4, $key, #248
-+	vldmia	r4, {@XMM[6]}
-+	vstmia	r12,  {@XMM[15]}		@ save last round key
-+	veor	@XMM[7], @XMM[7], @XMM[6]	@ fix up round 0 key
-+	vstmia	r4, {@XMM[7]}
-+
-+.align	2
-+0:	sub	sp, #0x90			@ place for tweak[9]
-+#endif
-+	vld1.8	{@XMM[8]}, [r0]			@ initial tweak
-+	adr	$magic, .Lxts_magic
-+
-+	tst	$len, #0xf			@ if not multiple of 16
-+	it	ne				@ Thumb2 thing, sanity check in ARM
-+	subne	$len, #0x10			@ subtract another 16 bytes
-+	subs	$len, #0x80
-+
-+	blo	.Lxts_dec_short
-+	b	.Lxts_dec_loop
-+
-+.align	4
-+.Lxts_dec_loop:
-+	vldmia		$magic, {$twmask}	@ load XTS magic
-+	vshr.s64	@T[0], @XMM[8], #63
-+	mov		r0, sp
-+	vand		@T[0], @T[0], $twmask
-+___
-+for($i=9;$i<16;$i++) {
-+$code.=<<___;
-+	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
-+	vst1.64		{@XMM[$i-1]}, [r0,:128]!
-+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
-+	vshr.s64	@T[1], @XMM[$i], #63
-+	veor		@XMM[$i], @XMM[$i], @T[0]
-+	vand		@T[1], @T[1], $twmask
-+___
-+	@T=reverse(@T);
-+
-+$code.=<<___ if ($i>=10);
-+	vld1.8		{@XMM[$i-10]}, [$inp]!
-+___
-+$code.=<<___ if ($i>=11);
-+	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
-+___
-+}
-+$code.=<<___;
-+	vadd.u64	@XMM[8], @XMM[15], @XMM[15]
-+	vst1.64		{@XMM[15]}, [r0,:128]!
-+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
-+	veor		@XMM[8], @XMM[8], @T[0]
-+	vst1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+
-+	vld1.8		{@XMM[6]-@XMM[7]}, [$inp]!
-+	veor		@XMM[5], @XMM[5], @XMM[13]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[6], @XMM[6], @XMM[14]
-+	mov		r5, $rounds			@ pass rounds
-+	veor		@XMM[7], @XMM[7], @XMM[15]
-+	mov		r0, sp
-+
-+	bl		_bsaes_decrypt8
-+
-+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	veor		@XMM[8], @XMM[6], @XMM[10]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+	veor		@XMM[9], @XMM[4], @XMM[11]
-+	vld1.64		{@XMM[14]-@XMM[15]}, [r0,:128]!
-+	veor		@XMM[10], @XMM[2], @XMM[12]
-+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-+	veor		@XMM[11], @XMM[7], @XMM[13]
-+	veor		@XMM[12], @XMM[3], @XMM[14]
-+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
-+	veor		@XMM[13], @XMM[5], @XMM[15]
-+	vst1.8		{@XMM[12]-@XMM[13]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+
-+	subs		$len, #0x80
-+	bpl		.Lxts_dec_loop
-+
-+.Lxts_dec_short:
-+	adds		$len, #0x70
-+	bmi		.Lxts_dec_done
-+
-+	vldmia		$magic, {$twmask}	@ load XTS magic
-+	vshr.s64	@T[0], @XMM[8], #63
-+	mov		r0, sp
-+	vand		@T[0], @T[0], $twmask
-+___
-+for($i=9;$i<16;$i++) {
-+$code.=<<___;
-+	vadd.u64	@XMM[$i], @XMM[$i-1], @XMM[$i-1]
-+	vst1.64		{@XMM[$i-1]}, [r0,:128]!
-+	vswp		`&Dhi("@T[0]")`,`&Dlo("@T[0]")`
-+	vshr.s64	@T[1], @XMM[$i], #63
-+	veor		@XMM[$i], @XMM[$i], @T[0]
-+	vand		@T[1], @T[1], $twmask
-+___
-+	@T=reverse(@T);
-+
-+$code.=<<___ if ($i>=10);
-+	vld1.8		{@XMM[$i-10]}, [$inp]!
-+	subs		$len, #0x10
-+	bmi		.Lxts_dec_`$i-9`
-+___
-+$code.=<<___ if ($i>=11);
-+	veor		@XMM[$i-11], @XMM[$i-11], @XMM[$i-3]
-+___
-+}
-+$code.=<<___;
-+	sub		$len, #0x10
-+	vst1.64		{@XMM[15]}, [r0,:128]		@ next round tweak
-+
-+	vld1.8		{@XMM[6]}, [$inp]!
-+	veor		@XMM[5], @XMM[5], @XMM[13]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[6], @XMM[6], @XMM[14]
-+	mov		r5, $rounds			@ pass rounds
-+	mov		r0, sp
-+
-+	bl		_bsaes_decrypt8
-+
-+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	veor		@XMM[8], @XMM[6], @XMM[10]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+	veor		@XMM[9], @XMM[4], @XMM[11]
-+	vld1.64		{@XMM[14]}, [r0,:128]!
-+	veor		@XMM[10], @XMM[2], @XMM[12]
-+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-+	veor		@XMM[11], @XMM[7], @XMM[13]
-+	veor		@XMM[12], @XMM[3], @XMM[14]
-+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
-+	vst1.8		{@XMM[12]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+	b		.Lxts_dec_done
-+.align	4
-+.Lxts_dec_6:
-+	vst1.64		{@XMM[14]}, [r0,:128]		@ next round tweak
-+
-+	veor		@XMM[4], @XMM[4], @XMM[12]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[5], @XMM[5], @XMM[13]
-+	mov		r5, $rounds			@ pass rounds
-+	mov		r0, sp
-+
-+	bl		_bsaes_decrypt8
-+
-+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	vld1.64		{@XMM[12]-@XMM[13]}, [r0,:128]!
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	veor		@XMM[8], @XMM[6], @XMM[10]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+	veor		@XMM[9], @XMM[4], @XMM[11]
-+	veor		@XMM[10], @XMM[2], @XMM[12]
-+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-+	veor		@XMM[11], @XMM[7], @XMM[13]
-+	vst1.8		{@XMM[10]-@XMM[11]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+	b		.Lxts_dec_done
-+.align	4
-+.Lxts_dec_5:
-+	vst1.64		{@XMM[13]}, [r0,:128]		@ next round tweak
-+
-+	veor		@XMM[3], @XMM[3], @XMM[11]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[4], @XMM[4], @XMM[12]
-+	mov		r5, $rounds			@ pass rounds
-+	mov		r0, sp
-+
-+	bl		_bsaes_decrypt8
-+
-+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	vld1.64		{@XMM[12]}, [r0,:128]!
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	veor		@XMM[8], @XMM[6], @XMM[10]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+	veor		@XMM[9], @XMM[4], @XMM[11]
-+	veor		@XMM[10], @XMM[2], @XMM[12]
-+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-+	vst1.8		{@XMM[10]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+	b		.Lxts_dec_done
-+.align	4
-+.Lxts_dec_4:
-+	vst1.64		{@XMM[12]}, [r0,:128]		@ next round tweak
-+
-+	veor		@XMM[2], @XMM[2], @XMM[10]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[3], @XMM[3], @XMM[11]
-+	mov		r5, $rounds			@ pass rounds
-+	mov		r0, sp
-+
-+	bl		_bsaes_decrypt8
-+
-+	vld1.64		{@XMM[ 8]-@XMM[ 9]}, [r0,:128]!
-+	vld1.64		{@XMM[10]-@XMM[11]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	veor		@XMM[8], @XMM[6], @XMM[10]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+	veor		@XMM[9], @XMM[4], @XMM[11]
-+	vst1.8		{@XMM[8]-@XMM[9]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+	b		.Lxts_dec_done
-+.align	4
-+.Lxts_dec_3:
-+	vst1.64		{@XMM[11]}, [r0,:128]		@ next round tweak
-+
-+	veor		@XMM[1], @XMM[1], @XMM[9]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[2], @XMM[2], @XMM[10]
-+	mov		r5, $rounds			@ pass rounds
-+	mov		r0, sp
-+
-+	bl		_bsaes_decrypt8
-+
-+	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
-+	vld1.64		{@XMM[10]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	veor		@XMM[8], @XMM[6], @XMM[10]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+	vst1.8		{@XMM[8]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+	b		.Lxts_dec_done
-+.align	4
-+.Lxts_dec_2:
-+	vst1.64		{@XMM[10]}, [r0,:128]		@ next round tweak
-+
-+	veor		@XMM[0], @XMM[0], @XMM[8]
-+#ifndef	BSAES_ASM_EXTENDED_KEY
-+	add		r4, sp, #0x90			@ pass key schedule
-+#else
-+	add		r4, $key, #248			@ pass key schedule
-+#endif
-+	veor		@XMM[1], @XMM[1], @XMM[9]
-+	mov		r5, $rounds			@ pass rounds
-+	mov		r0, sp
-+
-+	bl		_bsaes_decrypt8
-+
-+	vld1.64		{@XMM[8]-@XMM[9]}, [r0,:128]!
-+	veor		@XMM[0], @XMM[0], @XMM[ 8]
-+	veor		@XMM[1], @XMM[1], @XMM[ 9]
-+	vst1.8		{@XMM[0]-@XMM[1]}, [$out]!
-+
-+	vld1.64		{@XMM[8]}, [r0,:128]		@ next round tweak
-+	b		.Lxts_dec_done
-+.align	4
-+.Lxts_dec_1:
-+	mov		r0, sp
-+	veor		@XMM[0], @XMM[8]
-+	mov		r1, sp
-+	vst1.8		{@XMM[0]}, [sp,:128]
-+	mov		r2, $key
-+	mov		r4, $fp				@ preserve fp
-+	mov		r5, $magic			@ preserve magic
-+
-+	bl		AES_decrypt
-+
-+	vld1.8		{@XMM[0]}, [sp,:128]
-+	veor		@XMM[0], @XMM[0], @XMM[8]
-+	vst1.8		{@XMM[0]}, [$out]!
-+	mov		$fp, r4
-+	mov		$magic, r5
-+
-+	vmov		@XMM[8], @XMM[9]		@ next round tweak
-+
-+.Lxts_dec_done:
-+#ifndef	XTS_CHAIN_TWEAK
-+	adds		$len, #0x10
-+	beq		.Lxts_dec_ret
-+
-+	@ calculate one round of extra tweak for the stolen ciphertext
-+	vldmia		$magic, {$twmask}
-+	vshr.s64	@XMM[6], @XMM[8], #63
-+	vand		@XMM[6], @XMM[6], $twmask
-+	vadd.u64	@XMM[9], @XMM[8], @XMM[8]
-+	vswp		`&Dhi("@XMM[6]")`,`&Dlo("@XMM[6]")`
-+	veor		@XMM[9], @XMM[9], @XMM[6]
-+
-+	@ perform the final decryption with the last tweak value
-+	vld1.8		{@XMM[0]}, [$inp]!
-+	mov		r0, sp
-+	veor		@XMM[0], @XMM[0], @XMM[9]
-+	mov		r1, sp
-+	vst1.8		{@XMM[0]}, [sp,:128]
-+	mov		r2, $key
-+	mov		r4, $fp			@ preserve fp
-+
-+	bl		AES_decrypt
-+
-+	vld1.8		{@XMM[0]}, [sp,:128]
-+	veor		@XMM[0], @XMM[0], @XMM[9]
-+	vst1.8		{@XMM[0]}, [$out]
-+
-+	mov		r6, $out
-+.Lxts_dec_steal:
-+	ldrb		r1, [$out]
-+	ldrb		r0, [$inp], #1
-+	strb		r1, [$out, #0x10]
-+	strb		r0, [$out], #1
-+
-+	subs		$len, #1
-+	bhi		.Lxts_dec_steal
-+
-+	vld1.8		{@XMM[0]}, [r6]
-+	mov		r0, sp
-+	veor		@XMM[0], @XMM[8]
-+	mov		r1, sp
-+	vst1.8		{@XMM[0]}, [sp,:128]
-+	mov		r2, $key
-+
-+	bl		AES_decrypt
-+
-+	vld1.8		{@XMM[0]}, [sp,:128]
-+	veor		@XMM[0], @XMM[0], @XMM[8]
-+	vst1.8		{@XMM[0]}, [r6]
-+	mov		$fp, r4
-+#endif
-+
-+.Lxts_dec_ret:
-+	bic		r0, $fp, #0xf
-+	vmov.i32	q0, #0
-+	vmov.i32	q1, #0
-+#ifdef	XTS_CHAIN_TWEAK
-+	ldr		r1, [$fp, #0x20+VFP_ABI_FRAME]	@ chain tweak
-+#endif
-+.Lxts_dec_bzero:				@ wipe key schedule [if any]
-+	vstmia		sp!, {q0-q1}
-+	cmp		sp, r0
-+	bne		.Lxts_dec_bzero
-+
-+	mov		sp, $fp
-+#ifdef	XTS_CHAIN_TWEAK
-+	vst1.8		{@XMM[8]}, [r1]
-+#endif
-+	VFP_ABI_POP
-+	ldmia		sp!, {r4-r10, pc}	@ return
-+
-+.size	bsaes_xts_decrypt,.-bsaes_xts_decrypt
-+___
-+}
-+$code.=<<___;
-+#endif
-+___
-+
-+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
-+
-+open SELF,$0;
-+while(<SELF>) {
-+	next if (/^#!/);
-+        last if (!s/^#/@/ and !/^$/);
-+        print;
-+}
-+close SELF;
-+
-+print $code;
-+
-+close STDOUT;
-diff --git a/crypto/arm64cpuid.S b/crypto/arm64cpuid.S
-new file mode 100644
-index 0000000..4778ac1
---- /dev/null
-+++ b/crypto/arm64cpuid.S
-@@ -0,0 +1,46 @@
-+#include "arm_arch.h"
-+
-+.text
-+.arch	armv8-a+crypto
-+
-+.align	5
-+.global	_armv7_neon_probe
-+.type	_armv7_neon_probe,%function
-+_armv7_neon_probe:
-+	orr	v15.16b, v15.16b, v15.16b
-+	ret
-+.size	_armv7_neon_probe,.-_armv7_neon_probe
-+
-+.global	_armv7_tick
-+.type	_armv7_tick,%function
-+_armv7_tick:
-+	mrs	x0, CNTVCT_EL0
-+	ret
-+.size	_armv7_tick,.-_armv7_tick
-+
-+.global	_armv8_aes_probe
-+.type	_armv8_aes_probe,%function
-+_armv8_aes_probe:
-+	aese	v0.16b, v0.16b
-+	ret
-+.size	_armv8_aes_probe,.-_armv8_aes_probe
-+
-+.global	_armv8_sha1_probe
-+.type	_armv8_sha1_probe,%function
-+_armv8_sha1_probe:
-+	sha1h	s0, s0
-+	ret
-+.size	_armv8_sha1_probe,.-_armv8_sha1_probe
-+
-+.global	_armv8_sha256_probe
-+.type	_armv8_sha256_probe,%function
-+_armv8_sha256_probe:
-+	sha256su0	v0.4s, v0.4s
-+	ret
-+.size	_armv8_sha256_probe,.-_armv8_sha256_probe
-+.global	_armv8_pmull_probe
-+.type	_armv8_pmull_probe,%function
-+_armv8_pmull_probe:
-+	pmull	v0.1q, v0.1d, v0.1d
-+	ret
-+.size	_armv8_pmull_probe,.-_armv8_pmull_probe
-diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
-index 5a83107..6fa8724 100644
---- a/crypto/arm_arch.h
-+++ b/crypto/arm_arch.h
-@@ -10,13 +10,24 @@
- #   define __ARMEL__
- #  endif
- # elif defined(__GNUC__)
-+#  if	defined(__aarch64__)
-+#   define __ARM_ARCH__ 8
-+#   if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-+#    define __ARMEB__
-+#   else
-+#    define __ARMEL__
-+#   endif
-   /*
-    * Why doesn't gcc define __ARM_ARCH__? Instead it defines
-    * bunch of below macros. See all_architectires[] table in
-    * gcc/config/arm/arm.c. On a side note it defines
-    * __ARMEL__/__ARMEB__ for little-/big-endian.
-    */
--#  if	defined(__ARM_ARCH_7__)	|| defined(__ARM_ARCH_7A__)	|| \
-+#  elif defined(__ARM_ARCH)
-+#   define __ARM_ARCH__ __ARM_ARCH
-+#  elif	defined(__ARM_ARCH_8A__)
-+#   define __ARM_ARCH__ 8
-+#  elif	defined(__ARM_ARCH_7__)	|| defined(__ARM_ARCH_7A__)	|| \
- 	defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__)	|| \
- 	defined(__ARM_ARCH_7EM__)
- #   define __ARM_ARCH__ 7
-@@ -43,9 +54,13 @@
- 
- #if !__ASSEMBLER__
- extern unsigned int OPENSSL_armcap_P;
-+#endif
-                                      
- #define ARMV7_NEON      (1<<0)
- #define ARMV7_TICK      (1<<1)
--#endif
-+#define ARMV8_AES       (1<<2)
-+#define ARMV8_SHA1      (1<<3)
-+#define ARMV8_SHA256    (1<<4)
-+#define ARMV8_PMULL     (1<<5)
- 
- #endif
-diff --git a/crypto/armcap.c b/crypto/armcap.c
-index 9abaf39..7e46d07 100644
---- a/crypto/armcap.c
-+++ b/crypto/armcap.c
-@@ -19,9 +19,13 @@ static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
-  * ARM compilers support inline assembler...
-  */
- void _armv7_neon_probe(void);
--unsigned int _armv7_tick(void);
-+void _armv8_aes_probe(void);
-+void _armv8_sha1_probe(void);
-+void _armv8_sha256_probe(void);
-+void _armv8_pmull_probe(void);
-+unsigned long _armv7_tick(void);
- 
--unsigned int OPENSSL_rdtsc(void)
-+unsigned long OPENSSL_rdtsc(void)
- 	{
- 	if (OPENSSL_armcap_P & ARMV7_TICK)
- 		return _armv7_tick();
-@@ -29,9 +33,41 @@ unsigned int OPENSSL_rdtsc(void)
- 		return 0;
- 	}
- 
-+/*
-+ * Use a weak reference to getauxval() so we can use it if it is available but
-+ * don't break the build if it is not.
-+ */
- #if defined(__GNUC__) && __GNUC__>=2
- void OPENSSL_cpuid_setup(void) __attribute__((constructor));
-+extern unsigned long getauxval(unsigned long type) __attribute__((weak));
-+#else
-+static unsigned long (*getauxval)(unsigned long) = NULL;
- #endif
-+
-+/*
-+ * ARM puts the the feature bits for Crypto Extensions in AT_HWCAP2, whereas
-+ * AArch64 used AT_HWCAP.
-+ */
-+#if defined(__arm__) || defined (__arm)
-+# define HWCAP			16	/* AT_HWCAP */
-+# define HWCAP_NEON		(1 << 12)
-+
-+# define HWCAP_CE		26	/* AT_HWCAP2 */
-+# define HWCAP_CE_AES		(1 << 0)
-+# define HWCAP_CE_PMULL		(1 << 1)
-+# define HWCAP_CE_SHA1		(1 << 2)
-+# define HWCAP_CE_SHA256	(1 << 3)
-+#elif defined(__aarch64__)
-+# define HWCAP			16	/* AT_HWCAP */
-+# define HWCAP_NEON		(1 << 1)
-+
-+# define HWCAP_CE		HWCAP
-+# define HWCAP_CE_AES		(1 << 3)
-+# define HWCAP_CE_PMULL		(1 << 4)
-+# define HWCAP_CE_SHA1		(1 << 5)
-+# define HWCAP_CE_SHA256	(1 << 6)
-+#endif
-+
- void OPENSSL_cpuid_setup(void)
- 	{
- 	char *e;
-@@ -44,7 +80,7 @@ void OPENSSL_cpuid_setup(void)
-  
- 	if ((e=getenv("OPENSSL_armcap")))
- 		{
--		OPENSSL_armcap_P=strtoul(e,NULL,0);
-+		OPENSSL_armcap_P=(unsigned int)strtoul(e,NULL,0);
- 		return;
- 		}
- 
-@@ -64,10 +100,51 @@ void OPENSSL_cpuid_setup(void)
- 	sigprocmask(SIG_SETMASK,&ill_act.sa_mask,&oset);
- 	sigaction(SIGILL,&ill_act,&ill_oact);
- 
--	if (sigsetjmp(ill_jmp,1) == 0)
-+	if (getauxval != NULL)
-+		{
-+		if (getauxval(HWCAP) & HWCAP_NEON)
-+			{
-+			unsigned long hwcap = getauxval(HWCAP_CE);
-+
-+			OPENSSL_armcap_P |= ARMV7_NEON;
-+
-+			if (hwcap & HWCAP_CE_AES)
-+				OPENSSL_armcap_P |= ARMV8_AES;
-+
-+			if (hwcap & HWCAP_CE_PMULL)
-+				OPENSSL_armcap_P |= ARMV8_PMULL;
-+
-+			if (hwcap & HWCAP_CE_SHA1)
-+				OPENSSL_armcap_P |= ARMV8_SHA1;
-+
-+			if (hwcap & HWCAP_CE_SHA256)
-+				OPENSSL_armcap_P |= ARMV8_SHA256;
-+			}
-+		}
-+	else if (sigsetjmp(ill_jmp,1) == 0)
- 		{
- 		_armv7_neon_probe();
- 		OPENSSL_armcap_P |= ARMV7_NEON;
-+		if (sigsetjmp(ill_jmp,1) == 0)
-+			{
-+			_armv8_pmull_probe();
-+			OPENSSL_armcap_P |= ARMV8_PMULL|ARMV8_AES;
-+			}
-+		else if (sigsetjmp(ill_jmp,1) == 0)
-+			{
-+			_armv8_aes_probe();
-+			OPENSSL_armcap_P |= ARMV8_AES;
-+			}
-+		if (sigsetjmp(ill_jmp,1) == 0)
-+			{
-+			_armv8_sha1_probe();
-+			OPENSSL_armcap_P |= ARMV8_SHA1;
-+			}
-+		if (sigsetjmp(ill_jmp,1) == 0)
-+			{
-+			_armv8_sha256_probe();
-+			OPENSSL_armcap_P |= ARMV8_SHA256;
-+			}
- 		}
- 	if (sigsetjmp(ill_jmp,1) == 0)
- 		{
-diff --git a/crypto/armv4cpuid.S b/crypto/armv4cpuid.S
-index 2d618de..add11d4 100644
---- a/crypto/armv4cpuid.S
-+++ b/crypto/armv4cpuid.S
-@@ -7,17 +7,49 @@
- .global	_armv7_neon_probe
- .type	_armv7_neon_probe,%function
- _armv7_neon_probe:
--	.word	0xf26ee1fe	@ vorr	q15,q15,q15
--	.word	0xe12fff1e	@ bx	lr
-+	.byte	0xf0,0x01,0x60,0xf2	@ vorr	q8,q8,q8
-+	.byte	0x1e,0xff,0x2f,0xe1	@ bx	lr
- .size	_armv7_neon_probe,.-_armv7_neon_probe
- 
- .global	_armv7_tick
- .type	_armv7_tick,%function
- _armv7_tick:
--	mrc	p15,0,r0,c9,c13,0
--	.word	0xe12fff1e	@ bx	lr
-+	mrrc	p15,1,r0,r1,c14		@ CNTVCT
-+#if __ARM_ARCH__>=5
-+	bx	lr
-+#else
-+	.word	0xe12fff1e		@ bx	lr
-+#endif
- .size	_armv7_tick,.-_armv7_tick
- 
-+.global	_armv8_aes_probe
-+.type	_armv8_aes_probe,%function
-+_armv8_aes_probe:
-+	.byte	0x00,0x03,0xb0,0xf3	@ aese.8	q0,q0
-+	.byte	0x1e,0xff,0x2f,0xe1	@ bx	lr
-+.size	_armv8_aes_probe,.-_armv8_aes_probe
-+
-+.global	_armv8_sha1_probe
-+.type	_armv8_sha1_probe,%function
-+_armv8_sha1_probe:
-+	.byte	0x40,0x0c,0x00,0xf2	@ sha1c.32	q0,q0,q0
-+	.byte	0x1e,0xff,0x2f,0xe1	@ bx	lr
-+.size	_armv8_sha1_probe,.-_armv8_sha1_probe
-+
-+.global	_armv8_sha256_probe
-+.type	_armv8_sha256_probe,%function
-+_armv8_sha256_probe:
-+	.byte	0x40,0x0c,0x00,0xf3	@ sha256h.32	q0,q0,q0
-+	.byte	0x1e,0xff,0x2f,0xe1	@ bx lr
-+.size	_armv8_sha256_probe,.-_armv8_sha256_probe
-+.global	_armv8_pmull_probe
-+.type	_armv8_pmull_probe,%function
-+_armv8_pmull_probe:
-+	.byte	0x00,0x0e,0xa0,0xf2	@ vmull.p64	q0,d0,d0
-+	.byte	0x1e,0xff,0x2f,0xe1	@ bx	lr
-+.size	_armv8_pmull_probe,.-_armv8_pmull_probe
-+
-+.align	5
- .global	OPENSSL_atomic_add
- .type	OPENSSL_atomic_add,%function
- OPENSSL_atomic_add:
-@@ -28,7 +60,7 @@ OPENSSL_atomic_add:
- 	cmp	r2,#0
- 	bne	.Ladd
- 	mov	r0,r3
--	.word	0xe12fff1e	@ bx	lr
-+	bx	lr
- #else
- 	stmdb	sp!,{r4-r6,lr}
- 	ldr	r2,.Lspinlock
-@@ -81,9 +113,13 @@ OPENSSL_cleanse:
- 	adds	r1,r1,#4
- 	bne	.Little
- .Lcleanse_done:
-+#if __ARM_ARCH__>=5
-+	bx	lr
-+#else
- 	tst	lr,#1
- 	moveq	pc,lr
- 	.word	0xe12fff1e	@ bx	lr
-+#endif
- .size	OPENSSL_cleanse,.-OPENSSL_cleanse
- 
- .global	OPENSSL_wipe_cpu
-@@ -97,41 +133,53 @@ OPENSSL_wipe_cpu:
- 	eor	ip,ip,ip
- 	tst	r0,#1
- 	beq	.Lwipe_done
--	.word	0xf3000150	@ veor    q0, q0, q0
--	.word	0xf3022152	@ veor    q1, q1, q1
--	.word	0xf3044154	@ veor    q2, q2, q2
--	.word	0xf3066156	@ veor    q3, q3, q3
--	.word	0xf34001f0	@ veor    q8, q8, q8
--	.word	0xf34221f2	@ veor    q9, q9, q9
--	.word	0xf34441f4	@ veor    q10, q10, q10
--	.word	0xf34661f6	@ veor    q11, q11, q11
--	.word	0xf34881f8	@ veor    q12, q12, q12
--	.word	0xf34aa1fa	@ veor    q13, q13, q13
--	.word	0xf34cc1fc	@ veor    q14, q14, q14
--	.word	0xf34ee1fe	@ veor    q15, q15, q15
-+	.byte	0x50,0x01,0x00,0xf3	@ veor	q0, q0, q0
-+	.byte	0x52,0x21,0x02,0xf3	@ veor	q1, q1, q1
-+	.byte	0x54,0x41,0x04,0xf3	@ veor	q2, q2, q2
-+	.byte	0x56,0x61,0x06,0xf3	@ veor	q3, q3, q3
-+	.byte	0xf0,0x01,0x40,0xf3	@ veor	q8, q8, q8
-+	.byte	0xf2,0x21,0x42,0xf3	@ veor	q9, q9, q9
-+	.byte	0xf4,0x41,0x44,0xf3	@ veor	q10, q10, q10
-+	.byte	0xf6,0x61,0x46,0xf3	@ veor	q11, q11, q11
-+	.byte	0xf8,0x81,0x48,0xf3	@ veor	q12, q12, q12
-+	.byte	0xfa,0xa1,0x4a,0xf3	@ veor	q13, q13, q13
-+	.byte	0xfc,0xc1,0x4c,0xf3	@ veor	q14, q14, q14
-+	.byte	0xfe,0xe1,0x4e,0xf3	@ veor	q14, q14, q14
- .Lwipe_done:
- 	mov	r0,sp
-+#if __ARM_ARCH__>=5
-+	bx	lr
-+#else
- 	tst	lr,#1
- 	moveq	pc,lr
- 	.word	0xe12fff1e	@ bx	lr
-+#endif
- .size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
- 
- .global	OPENSSL_instrument_bus
- .type	OPENSSL_instrument_bus,%function
- OPENSSL_instrument_bus:
- 	eor	r0,r0,r0
-+#if __ARM_ARCH__>=5
-+	bx	lr
-+#else
- 	tst	lr,#1
- 	moveq	pc,lr
- 	.word	0xe12fff1e	@ bx	lr
-+#endif
- .size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
- 
- .global	OPENSSL_instrument_bus2
- .type	OPENSSL_instrument_bus2,%function
- OPENSSL_instrument_bus2:
- 	eor	r0,r0,r0
-+#if __ARM_ARCH__>=5
-+	bx	lr
-+#else
- 	tst	lr,#1
- 	moveq	pc,lr
- 	.word	0xe12fff1e	@ bx	lr
-+#endif
- .size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
- 
- .align	5
-diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile
-index 6dd136b..effc409 100644
---- a/crypto/bn/Makefile
-+++ b/crypto/bn/Makefile
-@@ -130,9 +130,10 @@ alpha-mont.s:	asm/alpha-mont.pl
- 	$(CC) -E $$preproc > $@ && rm $$preproc)
- 
- # GNU make "catch all"
--%-mont.s:	asm/%-mont.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
-+%-mont.S:	asm/%-mont.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
- %-gf2m.S:	asm/%-gf2m.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
- 
-+armv4-mont.o:	armv4-mont.S
- armv4-gf2m.o:	armv4-gf2m.S
- 
- files:
-diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl
-index c52e0b7..b781afb 100644
---- a/crypto/bn/asm/armv4-gf2m.pl
-+++ b/crypto/bn/asm/armv4-gf2m.pl
-@@ -20,14 +20,21 @@
- # length, more for longer keys. Even though NEON 1x1 multiplication
- # runs in even less cycles, ~30, improvement is measurable only on
- # longer keys. One has to optimize code elsewhere to get NEON glow...
-+#
-+# April 2014
-+#
-+# Double bn_GF2m_mul_2x2 performance by using algorithm from paper
-+# referred below, which improves ECDH and ECDSA verify benchmarks
-+# by 18-40%.
-+#
-+# C�mara, D.; Gouv�a, C. P. L.; L�pez, J. & Dahab, R.: Fast Software
-+# Polynomial Multiplication on ARM Processors using the NEON Engine.
-+# 
-+# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
- 
- while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
- open STDOUT,">$output";
- 
--sub Dlo()   { shift=~m|q([1]?[0-9])|?"d".($1*2):"";     }
--sub Dhi()   { shift=~m|q([1]?[0-9])|?"d".($1*2+1):"";   }
--sub Q()     { shift=~m|d([1-3]?[02468])|?"q".($1/2):""; }
--
- $code=<<___;
- #include "arm_arch.h"
- 
-@@ -36,31 +43,6 @@ $code=<<___;
- 
- #if __ARM_ARCH__>=7
- .fpu	neon
--
--.type	mul_1x1_neon,%function
--.align	5
--mul_1x1_neon:
--	vshl.u64	`&Dlo("q1")`,d16,#8	@ q1-q3 are slided $a
--	vmull.p8	`&Q("d0")`,d16,d17	@ a�bb
--	vshl.u64	`&Dlo("q2")`,d16,#16
--	vmull.p8	q1,`&Dlo("q1")`,d17	@ a<<8�bb
--	vshl.u64	`&Dlo("q3")`,d16,#24
--	vmull.p8	q2,`&Dlo("q2")`,d17	@ a<<16�bb
--	vshr.u64	`&Dlo("q1")`,#8
--	vmull.p8	q3,`&Dlo("q3")`,d17	@ a<<24�bb
--	vshl.u64	`&Dhi("q1")`,#24
--	veor		d0,`&Dlo("q1")`
--	vshr.u64	`&Dlo("q2")`,#16
--	veor		d0,`&Dhi("q1")`
--	vshl.u64	`&Dhi("q2")`,#16
--	veor		d0,`&Dlo("q2")`
--	vshr.u64	`&Dlo("q3")`,#24
--	veor		d0,`&Dhi("q2")`
--	vshl.u64	`&Dhi("q3")`,#8
--	veor		d0,`&Dlo("q3")`
--	veor		d0,`&Dhi("q3")`
--	bx	lr
--.size	mul_1x1_neon,.-mul_1x1_neon
- #endif
- ___
- ################
-@@ -159,8 +141,9 @@ ___
- # void	bn_GF2m_mul_2x2(BN_ULONG *r,
- #	BN_ULONG a1,BN_ULONG a0,
- #	BN_ULONG b1,BN_ULONG b0);	# r[3..0]=a1a0�b1b0
--
--($A1,$B1,$A0,$B0,$A1B1,$A0B0)=map("d$_",(18..23));
-+{
-+my ($r,$t0,$t1,$t2,$t3)=map("q$_",(0..3,8..12));
-+my ($a,$b,$k48,$k32,$k16)=map("d$_",(26..31));
- 
- $code.=<<___;
- .global	bn_GF2m_mul_2x2
-@@ -173,44 +156,58 @@ bn_GF2m_mul_2x2:
- 	tst	r12,#1
- 	beq	.Lialu
- 
--	veor	$A1,$A1
--	vmov.32	$B1,r3,r3		@ two copies of b1
--	vmov.32	${A1}[0],r1		@ a1
--
--	veor	$A0,$A0
--	vld1.32	${B0}[],[sp,:32]	@ two copies of b0
--	vmov.32	${A0}[0],r2		@ a0
--	mov	r12,lr
--
--	vmov	d16,$A1
--	vmov	d17,$B1
--	bl	mul_1x1_neon		@ a1�b1
--	vmov	$A1B1,d0
--
--	vmov	d16,$A0
--	vmov	d17,$B0
--	bl	mul_1x1_neon		@ a0�b0
--	vmov	$A0B0,d0
--
--	veor	d16,$A0,$A1
--	veor	d17,$B0,$B1
--	veor	$A0,$A0B0,$A1B1
--	bl	mul_1x1_neon		@ (a0+a1)�(b0+b1)
--
--	veor	d0,$A0			@ (a0+a1)�(b0+b1)-a0�b0-a1�b1
--	vshl.u64 d1,d0,#32
--	vshr.u64 d0,d0,#32
--	veor	$A0B0,d1
--	veor	$A1B1,d0
--	vst1.32	{${A0B0}[0]},[r0,:32]!
--	vst1.32	{${A0B0}[1]},[r0,:32]!
--	vst1.32	{${A1B1}[0]},[r0,:32]!
--	vst1.32	{${A1B1}[1]},[r0,:32]
--	bx	r12
-+	ldr		r12, [sp]		@ 5th argument
-+	vmov.32		$a, r2, r1
-+	vmov.32		$b, r12, r3
-+	vmov.i64	$k48, #0x0000ffffffffffff
-+	vmov.i64	$k32, #0x00000000ffffffff
-+	vmov.i64	$k16, #0x000000000000ffff
-+
-+	vext.8		$t0#lo, $a, $a, #1	@ A1
-+	vmull.p8	$t0, $t0#lo, $b		@ F = A1*B
-+	vext.8		$r#lo, $b, $b, #1	@ B1
-+	vmull.p8	$r, $a, $r#lo		@ E = A*B1
-+	vext.8		$t1#lo, $a, $a, #2	@ A2
-+	vmull.p8	$t1, $t1#lo, $b		@ H = A2*B
-+	vext.8		$t3#lo, $b, $b, #2	@ B2
-+	vmull.p8	$t3, $a, $t3#lo		@ G = A*B2
-+	vext.8		$t2#lo, $a, $a, #3	@ A3
-+	veor		$t0, $t0, $r		@ L = E + F
-+	vmull.p8	$t2, $t2#lo, $b		@ J = A3*B
-+	vext.8		$r#lo, $b, $b, #3	@ B3
-+	veor		$t1, $t1, $t3		@ M = G + H
-+	vmull.p8	$r, $a, $r#lo		@ I = A*B3
-+	veor		$t0#lo, $t0#lo, $t0#hi	@ t0 = (L) (P0 + P1) << 8
-+	vand		$t0#hi, $t0#hi, $k48
-+	vext.8		$t3#lo, $b, $b, #4	@ B4
-+	veor		$t1#lo, $t1#lo, $t1#hi	@ t1 = (M) (P2 + P3) << 16
-+	vand		$t1#hi, $t1#hi, $k32
-+	vmull.p8	$t3, $a, $t3#lo		@ K = A*B4
-+	veor		$t2, $t2, $r		@ N = I + J
-+	veor		$t0#lo, $t0#lo, $t0#hi
-+	veor		$t1#lo, $t1#lo, $t1#hi
-+	veor		$t2#lo, $t2#lo, $t2#hi	@ t2 = (N) (P4 + P5) << 24
-+	vand		$t2#hi, $t2#hi, $k16
-+	vext.8		$t0, $t0, $t0, #15
-+	veor		$t3#lo, $t3#lo, $t3#hi	@ t3 = (K) (P6 + P7) << 32
-+	vmov.i64	$t3#hi, #0
-+	vext.8		$t1, $t1, $t1, #14
-+	veor		$t2#lo, $t2#lo, $t2#hi
-+	vmull.p8	$r, $a, $b		@ D = A*B
-+	vext.8		$t3, $t3, $t3, #12
-+	vext.8		$t2, $t2, $t2, #13
-+	veor		$t0, $t0, $t1
-+	veor		$t2, $t2, $t3
-+	veor		$r, $r, $t0
-+	veor		$r, $r, $t2
-+
-+	vst1.32		{$r}, [r0]
-+	ret		@ bx lr
- .align	4
- .Lialu:
- #endif
- ___
-+}
- $ret="r10";	# reassigned 1st argument
- $code.=<<___;
- 	stmdb	sp!,{r4-r10,lr}
-@@ -272,7 +269,13 @@ $code.=<<___;
- .comm	OPENSSL_armcap_P,4,4
- ___
- 
--$code =~ s/\`([^\`]*)\`/eval $1/gem;
--$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
--print $code;
-+foreach (split("\n",$code)) {
-+	s/\`([^\`]*)\`/eval $1/geo;
-+
-+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
-+	s/\bret\b/bx	lr/go		or
-+	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;    # make it possible to compile with -march=armv4
-+
-+	print $_,"\n";
-+}
- close STDOUT;   # enforce flush
-diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl
-index f78a8b5..72bad8e 100644
---- a/crypto/bn/asm/armv4-mont.pl
-+++ b/crypto/bn/asm/armv4-mont.pl
-@@ -1,7 +1,7 @@
- #!/usr/bin/env perl
- 
- # ====================================================================
--# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
- # project. The module is, however, dual licensed under OpenSSL and
- # CRYPTOGAMS licenses depending on where you obtain it. For further
- # details see http://www.openssl.org/~appro/cryptogams/.
-@@ -23,6 +23,21 @@
- # than 1/2KB. Windows CE port would be trivial, as it's exclusively
- # about decorations, ABI and instruction syntax are identical.
- 
-+# November 2013
-+#
-+# Add NEON code path, which handles lengths divisible by 8. RSA/DSA
-+# performance improvement on Cortex-A8 is ~45-100% depending on key
-+# length, more for longer keys. On Cortex-A15 the span is ~10-105%.
-+# On Snapdragon S4 improvement was measured to vary from ~70% to
-+# incredible ~380%, yes, 4.8x faster, for RSA4096 sign. But this is
-+# rather because original integer-only code seems to perform
-+# suboptimally on S4. Situation on Cortex-A9 is unfortunately
-+# different. It's being looked into, but the trouble is that
-+# performance for vectors longer than 256 bits is actually couple
-+# of percent worse than for integer-only code. The code is chosen
-+# for execution on all NEON-capable processors, because gain on
-+# others outweighs the marginal loss on Cortex-A9.
-+
- while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
- open STDOUT,">$output";
- 
-@@ -52,16 +67,40 @@ $_n0="$num,#14*4";
- $_num="$num,#15*4";	$_bpend=$_num;
- 
- $code=<<___;
-+#include "arm_arch.h"
-+
- .text
-+.code	32
-+
-+#if __ARM_ARCH__>=7
-+.align	5
-+.LOPENSSL_armcap:
-+.word	OPENSSL_armcap_P-bn_mul_mont
-+#endif
- 
- .global	bn_mul_mont
- .type	bn_mul_mont,%function
- 
--.align	2
-+.align	5
- bn_mul_mont:
-+	ldr	ip,[sp,#4]		@ load num
- 	stmdb	sp!,{r0,r2}		@ sp points at argument block
--	ldr	$num,[sp,#3*4]		@ load num
--	cmp	$num,#2
-+#if __ARM_ARCH__>=7
-+	tst	ip,#7
-+	bne	.Lialu
-+	adr	r0,bn_mul_mont
-+	ldr	r2,.LOPENSSL_armcap
-+	ldr	r0,[r0,r2]
-+	tst	r0,#1			@ NEON available?
-+	ldmia	sp, {r0,r2}
-+	beq	.Lialu
-+	add	sp,sp,#8
-+	b	bn_mul8x_mont_neon
-+.align	4
-+.Lialu:
-+#endif
-+	cmp	ip,#2
-+	mov	$num,ip			@ load num
- 	movlt	r0,#0
- 	addlt	sp,sp,#2*4
- 	blt	.Labrt
-@@ -191,14 +230,446 @@ bn_mul_mont:
- 	ldmia	sp!,{r4-r12,lr}		@ restore registers
- 	add	sp,sp,#2*4		@ skip over {r0,r2}
- 	mov	r0,#1
--.Labrt:	tst	lr,#1
-+.Labrt:
-+#if __ARM_ARCH__>=5
-+	ret				@ bx lr
-+#else
-+	tst	lr,#1
- 	moveq	pc,lr			@ be binary compatible with V4, yet
- 	bx	lr			@ interoperable with Thumb ISA:-)
-+#endif
- .size	bn_mul_mont,.-bn_mul_mont
--.asciz	"Montgomery multiplication for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
-+___
-+{
-+sub Dlo()   { shift=~m|q([1]?[0-9])|?"d".($1*2):"";     }
-+sub Dhi()   { shift=~m|q([1]?[0-9])|?"d".($1*2+1):"";   }
-+
-+my ($A0,$A1,$A2,$A3)=map("d$_",(0..3));
-+my ($N0,$N1,$N2,$N3)=map("d$_",(4..7));
-+my ($Z,$Temp)=("q4","q5");
-+my ($A0xB,$A1xB,$A2xB,$A3xB,$A4xB,$A5xB,$A6xB,$A7xB)=map("q$_",(6..13));
-+my ($Bi,$Ni,$M0)=map("d$_",(28..31));
-+my $zero=&Dlo($Z);
-+my $temp=&Dlo($Temp);
-+
-+my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("r$_",(0..5));
-+my ($tinptr,$toutptr,$inner,$outer)=map("r$_",(6..9));
-+
-+$code.=<<___;
-+#if __ARM_ARCH__>=7
-+.fpu	neon
-+
-+.type	bn_mul8x_mont_neon,%function
-+.align	5
-+bn_mul8x_mont_neon:
-+	mov	ip,sp
-+	stmdb	sp!,{r4-r11}
-+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-+	ldmia	ip,{r4-r5}		@ load rest of parameter block
-+
-+	sub		$toutptr,sp,#16
-+	vld1.32		{${Bi}[0]}, [$bptr,:32]!
-+	sub		$toutptr,$toutptr,$num,lsl#4
-+	vld1.32		{$A0-$A3},  [$aptr]!		@ can't specify :32 :-(
-+	and		$toutptr,$toutptr,#-64
-+	vld1.32		{${M0}[0]}, [$n0,:32]
-+	mov		sp,$toutptr			@ alloca
-+	veor		$zero,$zero,$zero
-+	subs		$inner,$num,#8
-+	vzip.16		$Bi,$zero
-+
-+	vmull.u32	$A0xB,$Bi,${A0}[0]
-+	vmull.u32	$A1xB,$Bi,${A0}[1]
-+	vmull.u32	$A2xB,$Bi,${A1}[0]
-+	vshl.i64	$temp,`&Dhi("$A0xB")`,#16
-+	vmull.u32	$A3xB,$Bi,${A1}[1]
-+
-+	vadd.u64	$temp,$temp,`&Dlo("$A0xB")`
-+	veor		$zero,$zero,$zero
-+	vmul.u32	$Ni,$temp,$M0
-+
-+	vmull.u32	$A4xB,$Bi,${A2}[0]
-+	 vld1.32	{$N0-$N3}, [$nptr]!
-+	vmull.u32	$A5xB,$Bi,${A2}[1]
-+	vmull.u32	$A6xB,$Bi,${A3}[0]
-+	vzip.16		$Ni,$zero
-+	vmull.u32	$A7xB,$Bi,${A3}[1]
-+
-+	bne	.LNEON_1st
-+
-+	@ special case for num=8, everything is in register bank...
-+
-+	vmlal.u32	$A0xB,$Ni,${N0}[0]
-+	sub		$outer,$num,#1
-+	vmlal.u32	$A1xB,$Ni,${N0}[1]
-+	vmlal.u32	$A2xB,$Ni,${N1}[0]
-+	vmlal.u32	$A3xB,$Ni,${N1}[1]
-+
-+	vmlal.u32	$A4xB,$Ni,${N2}[0]
-+	vmov		$Temp,$A0xB
-+	vmlal.u32	$A5xB,$Ni,${N2}[1]
-+	vmov		$A0xB,$A1xB
-+	vmlal.u32	$A6xB,$Ni,${N3}[0]
-+	vmov		$A1xB,$A2xB
-+	vmlal.u32	$A7xB,$Ni,${N3}[1]
-+	vmov		$A2xB,$A3xB
-+	vmov		$A3xB,$A4xB
-+	vshr.u64	$temp,$temp,#16
-+	vmov		$A4xB,$A5xB
-+	vmov		$A5xB,$A6xB
-+	vadd.u64	$temp,$temp,`&Dhi("$Temp")`
-+	vmov		$A6xB,$A7xB
-+	veor		$A7xB,$A7xB
-+	vshr.u64	$temp,$temp,#16
-+
-+	b	.LNEON_outer8
-+
-+.align	4
-+.LNEON_outer8:
-+	vld1.32		{${Bi}[0]}, [$bptr,:32]!
-+	veor		$zero,$zero,$zero
-+	vzip.16		$Bi,$zero
-+	vadd.u64	`&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp
-+
-+	vmlal.u32	$A0xB,$Bi,${A0}[0]
-+	vmlal.u32	$A1xB,$Bi,${A0}[1]
-+	vmlal.u32	$A2xB,$Bi,${A1}[0]
-+	vshl.i64	$temp,`&Dhi("$A0xB")`,#16
-+	vmlal.u32	$A3xB,$Bi,${A1}[1]
-+
-+	vadd.u64	$temp,$temp,`&Dlo("$A0xB")`
-+	veor		$zero,$zero,$zero
-+	subs		$outer,$outer,#1
-+	vmul.u32	$Ni,$temp,$M0
-+
-+	vmlal.u32	$A4xB,$Bi,${A2}[0]
-+	vmlal.u32	$A5xB,$Bi,${A2}[1]
-+	vmlal.u32	$A6xB,$Bi,${A3}[0]
-+	vzip.16		$Ni,$zero
-+	vmlal.u32	$A7xB,$Bi,${A3}[1]
-+
-+	vmlal.u32	$A0xB,$Ni,${N0}[0]
-+	vmlal.u32	$A1xB,$Ni,${N0}[1]
-+	vmlal.u32	$A2xB,$Ni,${N1}[0]
-+	vmlal.u32	$A3xB,$Ni,${N1}[1]
-+
-+	vmlal.u32	$A4xB,$Ni,${N2}[0]
-+	vmov		$Temp,$A0xB
-+	vmlal.u32	$A5xB,$Ni,${N2}[1]
-+	vmov		$A0xB,$A1xB
-+	vmlal.u32	$A6xB,$Ni,${N3}[0]
-+	vmov		$A1xB,$A2xB
-+	vmlal.u32	$A7xB,$Ni,${N3}[1]
-+	vmov		$A2xB,$A3xB
-+	vmov		$A3xB,$A4xB
-+	vshr.u64	$temp,$temp,#16
-+	vmov		$A4xB,$A5xB
-+	vmov		$A5xB,$A6xB
-+	vadd.u64	$temp,$temp,`&Dhi("$Temp")`
-+	vmov		$A6xB,$A7xB
-+	veor		$A7xB,$A7xB
-+	vshr.u64	$temp,$temp,#16
-+
-+	bne	.LNEON_outer8
-+
-+	vadd.u64	`&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp
-+	mov		$toutptr,sp
-+	vshr.u64	$temp,`&Dlo("$A0xB")`,#16
-+	mov		$inner,$num
-+	vadd.u64	`&Dhi("$A0xB")`,`&Dhi("$A0xB")`,$temp
-+	add		$tinptr,sp,#16
-+	vshr.u64	$temp,`&Dhi("$A0xB")`,#16
-+	vzip.16		`&Dlo("$A0xB")`,`&Dhi("$A0xB")`
-+
-+	b	.LNEON_tail2
-+
-+.align	4
-+.LNEON_1st:
-+	vmlal.u32	$A0xB,$Ni,${N0}[0]
-+	 vld1.32	{$A0-$A3}, [$aptr]!
-+	vmlal.u32	$A1xB,$Ni,${N0}[1]
-+	subs		$inner,$inner,#8
-+	vmlal.u32	$A2xB,$Ni,${N1}[0]
-+	vmlal.u32	$A3xB,$Ni,${N1}[1]
-+
-+	vmlal.u32	$A4xB,$Ni,${N2}[0]
-+	 vld1.32	{$N0-$N1}, [$nptr]!
-+	vmlal.u32	$A5xB,$Ni,${N2}[1]
-+	 vst1.64	{$A0xB-$A1xB}, [$toutptr,:256]!
-+	vmlal.u32	$A6xB,$Ni,${N3}[0]
-+	vmlal.u32	$A7xB,$Ni,${N3}[1]
-+	 vst1.64	{$A2xB-$A3xB}, [$toutptr,:256]!
-+
-+	vmull.u32	$A0xB,$Bi,${A0}[0]
-+	 vld1.32	{$N2-$N3}, [$nptr]!
-+	vmull.u32	$A1xB,$Bi,${A0}[1]
-+	 vst1.64	{$A4xB-$A5xB}, [$toutptr,:256]!
-+	vmull.u32	$A2xB,$Bi,${A1}[0]
-+	vmull.u32	$A3xB,$Bi,${A1}[1]
-+	 vst1.64	{$A6xB-$A7xB}, [$toutptr,:256]!
-+
-+	vmull.u32	$A4xB,$Bi,${A2}[0]
-+	vmull.u32	$A5xB,$Bi,${A2}[1]
-+	vmull.u32	$A6xB,$Bi,${A3}[0]
-+	vmull.u32	$A7xB,$Bi,${A3}[1]
-+
-+	bne	.LNEON_1st
-+
-+	vmlal.u32	$A0xB,$Ni,${N0}[0]
-+	add		$tinptr,sp,#16
-+	vmlal.u32	$A1xB,$Ni,${N0}[1]
-+	sub		$aptr,$aptr,$num,lsl#2		@ rewind $aptr
-+	vmlal.u32	$A2xB,$Ni,${N1}[0]
-+	 vld1.64	{$Temp}, [sp,:128]
-+	vmlal.u32	$A3xB,$Ni,${N1}[1]
-+	sub		$outer,$num,#1
-+
-+	vmlal.u32	$A4xB,$Ni,${N2}[0]
-+	vst1.64		{$A0xB-$A1xB}, [$toutptr,:256]!
-+	vmlal.u32	$A5xB,$Ni,${N2}[1]
-+	vshr.u64	$temp,$temp,#16
-+	 vld1.64	{$A0xB},       [$tinptr, :128]!
-+	vmlal.u32	$A6xB,$Ni,${N3}[0]
-+	vst1.64		{$A2xB-$A3xB}, [$toutptr,:256]!
-+	vmlal.u32	$A7xB,$Ni,${N3}[1]
-+
-+	vst1.64		{$A4xB-$A5xB}, [$toutptr,:256]!
-+	vadd.u64	$temp,$temp,`&Dhi("$Temp")`
-+	veor		$Z,$Z,$Z
-+	vst1.64		{$A6xB-$A7xB}, [$toutptr,:256]!
-+	 vld1.64	{$A1xB-$A2xB}, [$tinptr, :256]!
-+	vst1.64		{$Z},          [$toutptr,:128]
-+	vshr.u64	$temp,$temp,#16
-+
-+	b		.LNEON_outer
-+
-+.align	4
-+.LNEON_outer:
-+	vld1.32		{${Bi}[0]}, [$bptr,:32]!
-+	sub		$nptr,$nptr,$num,lsl#2		@ rewind $nptr
-+	vld1.32		{$A0-$A3},  [$aptr]!
-+	veor		$zero,$zero,$zero
-+	mov		$toutptr,sp
-+	vzip.16		$Bi,$zero
-+	sub		$inner,$num,#8
-+	vadd.u64	`&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp
-+
-+	vmlal.u32	$A0xB,$Bi,${A0}[0]
-+	 vld1.64	{$A3xB-$A4xB},[$tinptr,:256]!
-+	vmlal.u32	$A1xB,$Bi,${A0}[1]
-+	vmlal.u32	$A2xB,$Bi,${A1}[0]
-+	 vld1.64	{$A5xB-$A6xB},[$tinptr,:256]!
-+	vmlal.u32	$A3xB,$Bi,${A1}[1]
-+
-+	vshl.i64	$temp,`&Dhi("$A0xB")`,#16
-+	veor		$zero,$zero,$zero
-+	vadd.u64	$temp,$temp,`&Dlo("$A0xB")`
-+	 vld1.64	{$A7xB},[$tinptr,:128]!
-+	vmul.u32	$Ni,$temp,$M0
-+
-+	vmlal.u32	$A4xB,$Bi,${A2}[0]
-+	 vld1.32	{$N0-$N3}, [$nptr]!
-+	vmlal.u32	$A5xB,$Bi,${A2}[1]
-+	vmlal.u32	$A6xB,$Bi,${A3}[0]
-+	vzip.16		$Ni,$zero
-+	vmlal.u32	$A7xB,$Bi,${A3}[1]
-+
-+.LNEON_inner:
-+	vmlal.u32	$A0xB,$Ni,${N0}[0]
-+	 vld1.32	{$A0-$A3}, [$aptr]!
-+	vmlal.u32	$A1xB,$Ni,${N0}[1]
-+	 subs		$inner,$inner,#8
-+	vmlal.u32	$A2xB,$Ni,${N1}[0]
-+	vmlal.u32	$A3xB,$Ni,${N1}[1]
-+	vst1.64		{$A0xB-$A1xB}, [$toutptr,:256]!
-+
-+	vmlal.u32	$A4xB,$Ni,${N2}[0]
-+	 vld1.64	{$A0xB},       [$tinptr, :128]!
-+	vmlal.u32	$A5xB,$Ni,${N2}[1]
-+	vst1.64		{$A2xB-$A3xB}, [$toutptr,:256]!
-+	vmlal.u32	$A6xB,$Ni,${N3}[0]
-+	 vld1.64	{$A1xB-$A2xB}, [$tinptr, :256]!
-+	vmlal.u32	$A7xB,$Ni,${N3}[1]
-+	vst1.64		{$A4xB-$A5xB}, [$toutptr,:256]!
-+
-+	vmlal.u32	$A0xB,$Bi,${A0}[0]
-+	 vld1.64	{$A3xB-$A4xB}, [$tinptr, :256]!
-+	vmlal.u32	$A1xB,$Bi,${A0}[1]
-+	vst1.64		{$A6xB-$A7xB}, [$toutptr,:256]!
-+	vmlal.u32	$A2xB,$Bi,${A1}[0]
-+	 vld1.64	{$A5xB-$A6xB}, [$tinptr, :256]!
-+	vmlal.u32	$A3xB,$Bi,${A1}[1]
-+	 vld1.32	{$N0-$N3}, [$nptr]!
-+
-+	vmlal.u32	$A4xB,$Bi,${A2}[0]
-+	 vld1.64	{$A7xB},       [$tinptr, :128]!
-+	vmlal.u32	$A5xB,$Bi,${A2}[1]
-+	vmlal.u32	$A6xB,$Bi,${A3}[0]
-+	vmlal.u32	$A7xB,$Bi,${A3}[1]
-+
-+	bne	.LNEON_inner
-+
-+	vmlal.u32	$A0xB,$Ni,${N0}[0]
-+	add		$tinptr,sp,#16
-+	vmlal.u32	$A1xB,$Ni,${N0}[1]
-+	sub		$aptr,$aptr,$num,lsl#2		@ rewind $aptr
-+	vmlal.u32	$A2xB,$Ni,${N1}[0]
-+	 vld1.64	{$Temp}, [sp,:128]
-+	vmlal.u32	$A3xB,$Ni,${N1}[1]
-+	subs		$outer,$outer,#1
-+
-+	vmlal.u32	$A4xB,$Ni,${N2}[0]
-+	vst1.64		{$A0xB-$A1xB}, [$toutptr,:256]!
-+	vmlal.u32	$A5xB,$Ni,${N2}[1]
-+	 vld1.64	{$A0xB},       [$tinptr, :128]!
-+	vshr.u64	$temp,$temp,#16
-+	vst1.64		{$A2xB-$A3xB}, [$toutptr,:256]!
-+	vmlal.u32	$A6xB,$Ni,${N3}[0]
-+	 vld1.64	{$A1xB-$A2xB}, [$tinptr, :256]!
-+	vmlal.u32	$A7xB,$Ni,${N3}[1]
-+
-+	vst1.64		{$A4xB-$A5xB}, [$toutptr,:256]!
-+	vadd.u64	$temp,$temp,`&Dhi("$Temp")`
-+	vst1.64		{$A6xB-$A7xB}, [$toutptr,:256]!
-+	vshr.u64	$temp,$temp,#16
-+
-+	bne	.LNEON_outer
-+
-+	mov		$toutptr,sp
-+	mov		$inner,$num
-+
-+.LNEON_tail:
-+	vadd.u64	`&Dlo("$A0xB")`,`&Dlo("$A0xB")`,$temp
-+	vld1.64		{$A3xB-$A4xB}, [$tinptr, :256]!
-+	vshr.u64	$temp,`&Dlo("$A0xB")`,#16
-+	vadd.u64	`&Dhi("$A0xB")`,`&Dhi("$A0xB")`,$temp
-+	vld1.64		{$A5xB-$A6xB}, [$tinptr, :256]!
-+	vshr.u64	$temp,`&Dhi("$A0xB")`,#16
-+	vld1.64		{$A7xB},       [$tinptr, :128]!
-+	vzip.16		`&Dlo("$A0xB")`,`&Dhi("$A0xB")`
-+
-+.LNEON_tail2:
-+	vadd.u64	`&Dlo("$A1xB")`,`&Dlo("$A1xB")`,$temp
-+	vst1.32		{`&Dlo("$A0xB")`[0]}, [$toutptr, :32]!
-+	vshr.u64	$temp,`&Dlo("$A1xB")`,#16
-+	vadd.u64	`&Dhi("$A1xB")`,`&Dhi("$A1xB")`,$temp
-+	vshr.u64	$temp,`&Dhi("$A1xB")`,#16
-+	vzip.16		`&Dlo("$A1xB")`,`&Dhi("$A1xB")`
-+
-+	vadd.u64	`&Dlo("$A2xB")`,`&Dlo("$A2xB")`,$temp
-+	vst1.32		{`&Dlo("$A1xB")`[0]}, [$toutptr, :32]!
-+	vshr.u64	$temp,`&Dlo("$A2xB")`,#16
-+	vadd.u64	`&Dhi("$A2xB")`,`&Dhi("$A2xB")`,$temp
-+	vshr.u64	$temp,`&Dhi("$A2xB")`,#16
-+	vzip.16		`&Dlo("$A2xB")`,`&Dhi("$A2xB")`
-+
-+	vadd.u64	`&Dlo("$A3xB")`,`&Dlo("$A3xB")`,$temp
-+	vst1.32		{`&Dlo("$A2xB")`[0]}, [$toutptr, :32]!
-+	vshr.u64	$temp,`&Dlo("$A3xB")`,#16
-+	vadd.u64	`&Dhi("$A3xB")`,`&Dhi("$A3xB")`,$temp
-+	vshr.u64	$temp,`&Dhi("$A3xB")`,#16
-+	vzip.16		`&Dlo("$A3xB")`,`&Dhi("$A3xB")`
-+
-+	vadd.u64	`&Dlo("$A4xB")`,`&Dlo("$A4xB")`,$temp
-+	vst1.32		{`&Dlo("$A3xB")`[0]}, [$toutptr, :32]!
-+	vshr.u64	$temp,`&Dlo("$A4xB")`,#16
-+	vadd.u64	`&Dhi("$A4xB")`,`&Dhi("$A4xB")`,$temp
-+	vshr.u64	$temp,`&Dhi("$A4xB")`,#16
-+	vzip.16		`&Dlo("$A4xB")`,`&Dhi("$A4xB")`
-+
-+	vadd.u64	`&Dlo("$A5xB")`,`&Dlo("$A5xB")`,$temp
-+	vst1.32		{`&Dlo("$A4xB")`[0]}, [$toutptr, :32]!
-+	vshr.u64	$temp,`&Dlo("$A5xB")`,#16
-+	vadd.u64	`&Dhi("$A5xB")`,`&Dhi("$A5xB")`,$temp
-+	vshr.u64	$temp,`&Dhi("$A5xB")`,#16
-+	vzip.16		`&Dlo("$A5xB")`,`&Dhi("$A5xB")`
-+
-+	vadd.u64	`&Dlo("$A6xB")`,`&Dlo("$A6xB")`,$temp
-+	vst1.32		{`&Dlo("$A5xB")`[0]}, [$toutptr, :32]!
-+	vshr.u64	$temp,`&Dlo("$A6xB")`,#16
-+	vadd.u64	`&Dhi("$A6xB")`,`&Dhi("$A6xB")`,$temp
-+	vld1.64		{$A0xB}, [$tinptr, :128]!
-+	vshr.u64	$temp,`&Dhi("$A6xB")`,#16
-+	vzip.16		`&Dlo("$A6xB")`,`&Dhi("$A6xB")`
-+
-+	vadd.u64	`&Dlo("$A7xB")`,`&Dlo("$A7xB")`,$temp
-+	vst1.32		{`&Dlo("$A6xB")`[0]}, [$toutptr, :32]!
-+	vshr.u64	$temp,`&Dlo("$A7xB")`,#16
-+	vadd.u64	`&Dhi("$A7xB")`,`&Dhi("$A7xB")`,$temp
-+	vld1.64		{$A1xB-$A2xB},	[$tinptr, :256]!
-+	vshr.u64	$temp,`&Dhi("$A7xB")`,#16
-+	vzip.16		`&Dlo("$A7xB")`,`&Dhi("$A7xB")`
-+	subs		$inner,$inner,#8
-+	vst1.32		{`&Dlo("$A7xB")`[0]}, [$toutptr, :32]!
-+
-+	bne	.LNEON_tail
-+
-+	vst1.32	{${temp}[0]}, [$toutptr, :32]		@ top-most bit
-+	sub	$nptr,$nptr,$num,lsl#2			@ rewind $nptr
-+	subs	$aptr,sp,#0				@ clear carry flag
-+	add	$bptr,sp,$num,lsl#2
-+
-+.LNEON_sub:
-+	ldmia	$aptr!, {r4-r7}
-+	ldmia	$nptr!, {r8-r11}
-+	sbcs	r8, r4,r8
-+	sbcs	r9, r5,r9
-+	sbcs	r10,r6,r10
-+	sbcs	r11,r7,r11
-+	teq	$aptr,$bptr				@ preserves carry
-+	stmia	$rptr!, {r8-r11}
-+	bne	.LNEON_sub
-+
-+	ldr	r10, [$aptr]				@ load top-most bit
-+	veor	q0,q0,q0
-+	sub	r11,$bptr,sp				@ this is num*4
-+	veor	q1,q1,q1
-+	mov	$aptr,sp
-+	sub	$rptr,$rptr,r11				@ rewind $rptr
-+	mov	$nptr,$bptr				@ second 3/4th of frame
-+	sbcs	r10,r10,#0				@ result is carry flag
-+
-+.LNEON_copy_n_zap:
-+	ldmia	$aptr!, {r4-r7}
-+	ldmia	$rptr,  {r8-r11}
-+	movcc	r8, r4
-+	vst1.64	{q0-q1}, [$nptr,:256]!			@ wipe
-+	movcc	r9, r5
-+	movcc	r10,r6
-+	vst1.64	{q0-q1}, [$nptr,:256]!			@ wipe
-+	movcc	r11,r7
-+	ldmia	$aptr, {r4-r7}
-+	stmia	$rptr!, {r8-r11}
-+	sub	$aptr,$aptr,#16
-+	ldmia	$rptr, {r8-r11}
-+	movcc	r8, r4
-+	vst1.64	{q0-q1}, [$aptr,:256]!			@ wipe
-+	movcc	r9, r5
-+	movcc	r10,r6
-+	vst1.64	{q0-q1}, [$nptr,:256]!			@ wipe
-+	movcc	r11,r7
-+	teq	$aptr,$bptr				@ preserves carry
-+	stmia	$rptr!, {r8-r11}
-+	bne	.LNEON_copy_n_zap
-+
-+	sub	sp,ip,#96
-+        vldmia  sp!,{d8-d15}
-+        ldmia   sp!,{r4-r11}
-+	ret						@ bx lr
-+.size	bn_mul8x_mont_neon,.-bn_mul8x_mont_neon
-+#endif
-+___
-+}
-+$code.=<<___;
-+.asciz	"Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
- .align	2
-+#if __ARM_ARCH__>=7
-+.comm	OPENSSL_armcap_P,4,4
-+#endif
- ___
- 
-+$code =~ s/\`([^\`]*)\`/eval $1/gem;
- $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
-+$code =~ s/\bret\b/bx	lr/gm;
- print $code;
- close STDOUT;
-diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
-index c7869b6..ad0f7a4 100644
---- a/crypto/evp/e_aes.c
-+++ b/crypto/evp/e_aes.c
-@@ -62,7 +62,7 @@
- 
- typedef struct
- 	{
--	AES_KEY ks;
-+	union { double align; AES_KEY ks; } ks;
- 	block128_f block;
- 	union {
- 		cbc128_f cbc;
-@@ -72,7 +72,7 @@ typedef struct
- 
- typedef struct
- 	{
--	AES_KEY ks;		/* AES key schedule to use */
-+	union { double align; AES_KEY ks; } ks;	/* AES key schedule to use */
- 	int key_set;		/* Set if key initialised */
- 	int iv_set;		/* Set if an iv is set */
- 	GCM128_CONTEXT gcm;
-@@ -86,7 +86,7 @@ typedef struct
- 
- typedef struct
- 	{
--	AES_KEY ks1, ks2;	/* AES key schedules to use */
-+	union { double align; AES_KEY ks; } ks1, ks2;	/* AES key schedules to use */
- 	XTS128_CONTEXT xts;
- 	void     (*stream)(const unsigned char *in,
- 			unsigned char *out, size_t length,
-@@ -96,7 +96,7 @@ typedef struct
- 
- typedef struct
- 	{
--	AES_KEY ks;		/* AES key schedule to use */
-+	union { double align; AES_KEY ks; } ks;	/* AES key schedule to use */
- 	int key_set;		/* Set if key initialised */
- 	int iv_set;		/* Set if an iv is set */
- 	int tag_set;		/* Set if tag is valid */
-@@ -160,7 +160,7 @@ void AES_xts_decrypt(const char *inp,char *out,size_t len,
- 	defined(_M_AMD64)	|| defined(_M_X64)	|| \
- 	defined(__INTEL__)				)
- 
--extern unsigned int OPENSSL_ia32cap_P[2];
-+extern unsigned int OPENSSL_ia32cap_P[];
- 
- #ifdef VPAES_ASM
- #define VPAES_CAPABLE	(OPENSSL_ia32cap_P[1]&(1<<(41-32)))
-@@ -310,7 +310,7 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 		return 1;
- 	if (key)
- 		{
--		aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
-+		aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
- 		CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
- 				(block128_f)aesni_encrypt);
- 		gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
-@@ -355,19 +355,19 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 		/* key_len is two AES keys */
- 		if (enc)
- 			{
--			aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+			aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- 			xctx->xts.block1 = (block128_f)aesni_encrypt;
- 			xctx->stream = aesni_xts_encrypt;
- 			}
- 		else
- 			{
--			aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+			aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- 			xctx->xts.block1 = (block128_f)aesni_decrypt;
- 			xctx->stream = aesni_xts_decrypt;
- 			}
- 
- 		aesni_set_encrypt_key(key + ctx->key_len/2,
--						ctx->key_len * 4, &xctx->ks2);
-+						ctx->key_len * 4, &xctx->ks2.ks);
- 		xctx->xts.block2 = (block128_f)aesni_encrypt;
- 
- 		xctx->xts.key1 = &xctx->ks1;
-@@ -394,7 +394,7 @@ static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 		return 1;
- 	if (key)
- 		{
--		aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
-+		aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
- 		CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
- 					&cctx->ks, (block128_f)aesni_encrypt);
- 		cctx->str = enc?(ccm128_f)aesni_ccm64_encrypt_blocks :
-@@ -484,6 +484,38 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
- { return &aes_##keylen##_##mode; }
- #endif
- 
-+#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
-+#include "arm_arch.h"
-+#if __ARM_ARCH__>=7
-+# if defined(BSAES_ASM)
-+#  define BSAES_CAPABLE	(OPENSSL_armcap_P & ARMV7_NEON)
-+# endif
-+# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
-+# define HWAES_set_encrypt_key aes_v8_set_encrypt_key
-+# define HWAES_set_decrypt_key aes_v8_set_decrypt_key
-+# define HWAES_encrypt aes_v8_encrypt
-+# define HWAES_decrypt aes_v8_decrypt
-+# define HWAES_cbc_encrypt aes_v8_cbc_encrypt
-+# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
-+#endif
-+#endif
-+
-+#if defined(HWAES_CAPABLE)
-+int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
-+	AES_KEY *key);
-+int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
-+	AES_KEY *key);
-+void HWAES_encrypt(const unsigned char *in, unsigned char *out,
-+	const AES_KEY *key);
-+void HWAES_decrypt(const unsigned char *in, unsigned char *out,
-+	const AES_KEY *key);
-+void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-+	size_t length, const AES_KEY *key,
-+	unsigned char *ivec, const int enc);
-+void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
-+	size_t len, const AES_KEY *key, const unsigned char ivec[16]);
-+#endif
-+
- #define BLOCK_CIPHER_generic_pack(nid,keylen,flags)		\
- 	BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)	\
- 	BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)	\
-@@ -502,10 +534,23 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 	mode = ctx->cipher->flags & EVP_CIPH_MODE;
- 	if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
- 	    && !enc)
-+#ifdef HWAES_CAPABLE
-+	    if (HWAES_CAPABLE)
-+		{
-+		ret = HWAES_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks);
-+		dat->block      = (block128_f)HWAES_decrypt;
-+		dat->stream.cbc = NULL;
-+#ifdef HWAES_cbc_encrypt
-+		if (mode==EVP_CIPH_CBC_MODE)
-+		    dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
-+#endif
-+		}
-+	    else
-+#endif
- #ifdef BSAES_CAPABLE
- 	    if (BSAES_CAPABLE && mode==EVP_CIPH_CBC_MODE)
- 		{
--		ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
-+		ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks);
- 		dat->block	= (block128_f)AES_decrypt;
- 		dat->stream.cbc	= (cbc128_f)bsaes_cbc_encrypt;
- 		}
-@@ -514,7 +559,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- #ifdef VPAES_CAPABLE
- 	    if (VPAES_CAPABLE)
- 		{
--		ret = vpaes_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
-+		ret = vpaes_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks);
- 		dat->block	= (block128_f)vpaes_decrypt;
- 		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
- 					(cbc128_f)vpaes_cbc_encrypt :
-@@ -523,17 +568,37 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 	    else
- #endif
- 		{
--		ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
-+		ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks.ks);
- 		dat->block	= (block128_f)AES_decrypt;
- 		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
- 					(cbc128_f)AES_cbc_encrypt :
- 					NULL;
- 		}
- 	else
-+#ifdef HWAES_CAPABLE
-+	    if (HWAES_CAPABLE)
-+		{
-+		ret = HWAES_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks);
-+		dat->block      = (block128_f)HWAES_encrypt;
-+		dat->stream.cbc = NULL;
-+#ifdef HWAES_cbc_encrypt
-+		if (mode==EVP_CIPH_CBC_MODE)
-+		    dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
-+		else
-+#endif
-+#ifdef HWAES_ctr32_encrypt_blocks
-+		if (mode==EVP_CIPH_CTR_MODE)
-+		    dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks;
-+		else
-+#endif
-+		(void)0;	/* terminate potentially open 'else' */
-+		}
-+	    else
-+#endif
- #ifdef BSAES_CAPABLE
- 	    if (BSAES_CAPABLE && mode==EVP_CIPH_CTR_MODE)
- 		{
--		ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks);
-+		ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks);
- 		dat->block	= (block128_f)AES_encrypt;
- 		dat->stream.ctr	= (ctr128_f)bsaes_ctr32_encrypt_blocks;
- 		}
-@@ -542,7 +607,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- #ifdef VPAES_CAPABLE
- 	    if (VPAES_CAPABLE)
- 		{
--		ret = vpaes_set_encrypt_key(key,ctx->key_len*8,&dat->ks);
-+		ret = vpaes_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks);
- 		dat->block	= (block128_f)vpaes_encrypt;
- 		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
- 					(cbc128_f)vpaes_cbc_encrypt :
-@@ -551,7 +616,7 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 	    else
- #endif
- 		{
--		ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks);
-+		ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks.ks);
- 		dat->block	= (block128_f)AES_encrypt;
- 		dat->stream.cbc	= mode==EVP_CIPH_CBC_MODE ?
- 					(cbc128_f)AES_cbc_encrypt :
-@@ -822,10 +887,25 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 		return 1;
- 	if (key)
- 		{ do {
-+#ifdef HWAES_CAPABLE
-+		if (HWAES_CAPABLE)
-+			{
-+			HWAES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks.ks);
-+			CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks,
-+					(block128_f)HWAES_encrypt);
-+#ifdef HWAES_ctr32_encrypt_blocks
-+			gctx->ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks;
-+#else
-+			gctx->ctr = NULL;
-+#endif
-+			break;
-+			}
-+		else
-+#endif
- #ifdef BSAES_CAPABLE
- 		if (BSAES_CAPABLE)
- 			{
--			AES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks);
-+			AES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks.ks);
- 			CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks,
- 					(block128_f)AES_encrypt);
- 			gctx->ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
-@@ -836,7 +916,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- #ifdef VPAES_CAPABLE
- 		if (VPAES_CAPABLE)
- 			{
--			vpaes_set_encrypt_key(key,ctx->key_len*8,&gctx->ks);
-+			vpaes_set_encrypt_key(key,ctx->key_len*8,&gctx->ks.ks);
- 			CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks,
- 					(block128_f)vpaes_encrypt);
- 			gctx->ctr = NULL;
-@@ -846,7 +926,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- #endif
- 		(void)0;	/* terminate potentially open 'else' */
- 
--		AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
-+		AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
- 		CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
- #ifdef AES_CTR_ASM
- 		gctx->ctr = (ctr128_f)AES_ctr32_encrypt;
-@@ -1067,6 +1147,29 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 		xctx->stream = NULL;
- #endif
- 		/* key_len is two AES keys */
-+#ifdef HWAES_CAPABLE
-+		if (HWAES_CAPABLE)
-+			{
-+			if (enc)
-+			    {
-+			    HWAES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
-+			    xctx->xts.block1 = (block128_f)HWAES_encrypt;
-+			    }
-+			else
-+			    {
-+			    HWAES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
-+			    xctx->xts.block1 = (block128_f)HWAES_decrypt;
-+			    }
-+
-+			HWAES_set_encrypt_key(key + ctx->key_len/2,
-+						    ctx->key_len * 4, &xctx->ks2.ks);
-+			xctx->xts.block2 = (block128_f)HWAES_encrypt;
-+
-+			xctx->xts.key1 = &xctx->ks1;
-+			break;
-+			}
-+		else
-+#endif
- #ifdef BSAES_CAPABLE
- 		if (BSAES_CAPABLE)
- 			xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt;
-@@ -1077,17 +1180,17 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 		    {
- 		    if (enc)
- 			{
--			vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+			vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- 			xctx->xts.block1 = (block128_f)vpaes_encrypt;
- 			}
- 		    else
- 			{
--			vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+			vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- 			xctx->xts.block1 = (block128_f)vpaes_decrypt;
- 			}
- 
- 		    vpaes_set_encrypt_key(key + ctx->key_len/2,
--						ctx->key_len * 4, &xctx->ks2);
-+						ctx->key_len * 4, &xctx->ks2.ks);
- 		    xctx->xts.block2 = (block128_f)vpaes_encrypt;
- 
- 		    xctx->xts.key1 = &xctx->ks1;
-@@ -1099,17 +1202,17 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 
- 		if (enc)
- 			{
--			AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+			AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- 			xctx->xts.block1 = (block128_f)AES_encrypt;
- 			}
- 		else
- 			{
--			AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
-+			AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
- 			xctx->xts.block1 = (block128_f)AES_decrypt;
- 			}
- 
- 		AES_set_encrypt_key(key + ctx->key_len/2,
--						ctx->key_len * 4, &xctx->ks2);
-+						ctx->key_len * 4, &xctx->ks2.ks);
- 		xctx->xts.block2 = (block128_f)AES_encrypt;
- 
- 		xctx->xts.key1 = &xctx->ks1;
-@@ -1217,10 +1320,23 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 		return 1;
- 	if (key) do
- 		{
-+#ifdef HWAES_CAPABLE
-+		if (HWAES_CAPABLE)
-+			{
-+			HWAES_set_encrypt_key(key,ctx->key_len*8,&cctx->ks.ks);
-+
-+			CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
-+					&cctx->ks, (block128_f)HWAES_encrypt);
-+			cctx->str = NULL;
-+			cctx->key_set = 1;
-+			break;
-+			}
-+		else
-+#endif
- #ifdef VPAES_CAPABLE
- 		if (VPAES_CAPABLE)
- 			{
--			vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
-+			vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks.ks);
- 			CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
- 					&cctx->ks, (block128_f)vpaes_encrypt);
- 			cctx->str = NULL;
-@@ -1228,7 +1344,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- 			break;
- 			}
- #endif
--		AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
-+		AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks);
- 		CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
- 					&cctx->ks, (block128_f)AES_encrypt);
- 		cctx->str = NULL;
-diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile
-index 3d8bafd..9bcfa0e 100644
---- a/crypto/modes/Makefile
-+++ b/crypto/modes/Makefile
-@@ -56,14 +56,16 @@ ghash-alpha.s:	asm/ghash-alpha.pl
- 	(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
- 	$(PERL) asm/ghash-alpha.pl > $$preproc && \
- 	$(CC) -E $$preproc > $@ && rm $$preproc)
--
- ghash-parisc.s:	asm/ghash-parisc.pl
- 	$(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@
-+ghashv8-armx.S:	asm/ghashv8-armx.pl
-+	$(PERL) asm/ghashv8-armx.pl $(PERLASM_SCHEME) $@
- 
- # GNU make "catch all"
- ghash-%.S:	asm/ghash-%.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
- 
- ghash-armv4.o:	ghash-armv4.S
-+ghashv8-armx.o:	ghashv8-armx.S
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
-index d91586e..0023bf9 100644
---- a/crypto/modes/asm/ghash-armv4.pl
-+++ b/crypto/modes/asm/ghash-armv4.pl
-@@ -35,6 +35,20 @@
- # Add NEON implementation featuring polynomial multiplication, i.e. no
- # lookup tables involved. On Cortex A8 it was measured to process one
- # byte in 15 cycles or 55% faster than integer-only code.
-+#
-+# April 2014
-+#
-+# Switch to multiplication algorithm suggested in paper referred
-+# below and combine it with reduction algorithm from x86 module.
-+# Performance improvement over previous version varies from 65% on
-+# Snapdragon S4 to 110% on Cortex A9. In absolute terms Cortex A8
-+# processes one byte in 8.45 cycles, A9 - in 10.2, Snapdragon S4 -
-+# in 9.33.
-+#
-+# C�mara, D.; Gouv�a, C. P. L.; L�pez, J. & Dahab, R.: Fast Software
-+# Polynomial Multiplication on ARM Processors using the NEON Engine.
-+# 
-+# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
- 
- # ====================================================================
- # Note about "528B" variant. In ARM case it makes lesser sense to
-@@ -303,117 +317,160 @@ $code.=<<___;
- .size	gcm_gmult_4bit,.-gcm_gmult_4bit
- ___
- {
--my $cnt=$Htbl;	# $Htbl is used once in the very beginning
--
--my ($Hhi, $Hlo, $Zo, $T, $xi, $mod) = map("d$_",(0..7));
--my ($Qhi, $Qlo, $Z,  $R, $zero, $Qpost, $IN) = map("q$_",(8..15));
--
--# Z:Zo keeps 128-bit result shifted by 1 to the right, with bottom bit
--# in Zo. Or should I say "top bit", because GHASH is specified in
--# reverse bit order? Otherwise straightforward 128-bt H by one input
--# byte multiplication and modulo-reduction, times 16.
-+my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3));
-+my ($t0,$t1,$t2,$t3)=map("q$_",(8..12));
-+my ($Hlo,$Hhi,$Hhl,$k48,$k32,$k16)=map("d$_",(26..31));
- 
--sub Dlo()   { shift=~m|q([1]?[0-9])|?"d".($1*2):"";     }
--sub Dhi()   { shift=~m|q([1]?[0-9])|?"d".($1*2+1):"";   }
--sub Q()     { shift=~m|d([1-3]?[02468])|?"q".($1/2):""; }
-+sub clmul64x64 {
-+my ($r,$a,$b)=@_;
-+$code.=<<___;
-+	vext.8		$t0#lo, $a, $a, #1	@ A1
-+	vmull.p8	$t0, $t0#lo, $b		@ F = A1*B
-+	vext.8		$r#lo, $b, $b, #1	@ B1
-+	vmull.p8	$r, $a, $r#lo		@ E = A*B1
-+	vext.8		$t1#lo, $a, $a, #2	@ A2
-+	vmull.p8	$t1, $t1#lo, $b		@ H = A2*B
-+	vext.8		$t3#lo, $b, $b, #2	@ B2
-+	vmull.p8	$t3, $a, $t3#lo		@ G = A*B2
-+	vext.8		$t2#lo, $a, $a, #3	@ A3
-+	veor		$t0, $t0, $r		@ L = E + F
-+	vmull.p8	$t2, $t2#lo, $b		@ J = A3*B
-+	vext.8		$r#lo, $b, $b, #3	@ B3
-+	veor		$t1, $t1, $t3		@ M = G + H
-+	vmull.p8	$r, $a, $r#lo		@ I = A*B3
-+	veor		$t0#lo, $t0#lo, $t0#hi	@ t0 = (L) (P0 + P1) << 8
-+	vand		$t0#hi, $t0#hi, $k48
-+	vext.8		$t3#lo, $b, $b, #4	@ B4
-+	veor		$t1#lo, $t1#lo, $t1#hi	@ t1 = (M) (P2 + P3) << 16
-+	vand		$t1#hi, $t1#hi, $k32
-+	vmull.p8	$t3, $a, $t3#lo		@ K = A*B4
-+	veor		$t2, $t2, $r		@ N = I + J
-+	veor		$t0#lo, $t0#lo, $t0#hi
-+	veor		$t1#lo, $t1#lo, $t1#hi
-+	veor		$t2#lo, $t2#lo, $t2#hi	@ t2 = (N) (P4 + P5) << 24
-+	vand		$t2#hi, $t2#hi, $k16
-+	vext.8		$t0, $t0, $t0, #15
-+	veor		$t3#lo, $t3#lo, $t3#hi	@ t3 = (K) (P6 + P7) << 32
-+	vmov.i64	$t3#hi, #0
-+	vext.8		$t1, $t1, $t1, #14
-+	veor		$t2#lo, $t2#lo, $t2#hi
-+	vmull.p8	$r, $a, $b		@ D = A*B
-+	vext.8		$t3, $t3, $t3, #12
-+	vext.8		$t2, $t2, $t2, #13
-+	veor		$t0, $t0, $t1
-+	veor		$t2, $t2, $t3
-+	veor		$r, $r, $t0
-+	veor		$r, $r, $t2
-+___
-+}
- 
- $code.=<<___;
- #if __ARM_ARCH__>=7
- .fpu	neon
- 
-+.global	gcm_init_neon
-+.type	gcm_init_neon,%function
-+.align	4
-+gcm_init_neon:
-+	vld1.64		$IN#hi,[r1,:64]!	@ load H
-+	vmov.i8		$t0,#0xe1
-+	vld1.64		$IN#lo,[r1,:64]
-+	vshl.i64	$t0#hi,#57
-+	vshr.u64	$t0#lo,#63		@ t0=0xc2....01
-+	vdup.8		$t1,$IN#hi[7]
-+	vshr.u64	$Hlo,$IN#lo,#63
-+	vshr.s8		$t1,#7			@ broadcast carry bit
-+	vshl.i64	$IN,$IN,#1
-+	vand		$t0,$t0,$t1
-+	vorr		$IN#hi,$Hlo		@ H<<<=1
-+	veor		$IN,$IN,$t0		@ twisted H
-+	vstmia		r0,{$IN}
-+
-+	ret					@ bx lr
-+.size	gcm_init_neon,.-gcm_init_neon
-+
- .global	gcm_gmult_neon
- .type	gcm_gmult_neon,%function
- .align	4
- gcm_gmult_neon:
--	sub		$Htbl,#16		@ point at H in GCM128_CTX
--	vld1.64		`&Dhi("$IN")`,[$Xi,:64]!@ load Xi
--	vmov.i32	$mod,#0xe1		@ our irreducible polynomial
--	vld1.64		`&Dlo("$IN")`,[$Xi,:64]!
--	vshr.u64	$mod,#32
--	vldmia		$Htbl,{$Hhi-$Hlo}	@ load H
--	veor		$zero,$zero
-+	vld1.64		$IN#hi,[$Xi,:64]!	@ load Xi
-+	vld1.64		$IN#lo,[$Xi,:64]!
-+	vmov.i64	$k48,#0x0000ffffffffffff
-+	vldmia		$Htbl,{$Hlo-$Hhi}	@ load twisted H
-+	vmov.i64	$k32,#0x00000000ffffffff
- #ifdef __ARMEL__
- 	vrev64.8	$IN,$IN
- #endif
--	veor		$Qpost,$Qpost
--	veor		$R,$R
--	mov		$cnt,#16
--	veor		$Z,$Z
-+	vmov.i64	$k16,#0x000000000000ffff
-+	veor		$Hhl,$Hlo,$Hhi		@ Karatsuba pre-processing
- 	mov		$len,#16
--	veor		$Zo,$Zo
--	vdup.8		$xi,`&Dlo("$IN")`[0]	@ broadcast lowest byte
--	b		.Linner_neon
-+	b		.Lgmult_neon
- .size	gcm_gmult_neon,.-gcm_gmult_neon
- 
- .global	gcm_ghash_neon
- .type	gcm_ghash_neon,%function
- .align	4
- gcm_ghash_neon:
--	vld1.64		`&Dhi("$Z")`,[$Xi,:64]!	@ load Xi
--	vmov.i32	$mod,#0xe1		@ our irreducible polynomial
--	vld1.64		`&Dlo("$Z")`,[$Xi,:64]!
--	vshr.u64	$mod,#32
--	vldmia		$Xi,{$Hhi-$Hlo}		@ load H
--	veor		$zero,$zero
--	nop
-+	vld1.64		$Xl#hi,[$Xi,:64]!	@ load Xi
-+	vld1.64		$Xl#lo,[$Xi,:64]!
-+	vmov.i64	$k48,#0x0000ffffffffffff
-+	vldmia		$Htbl,{$Hlo-$Hhi}	@ load twisted H
-+	vmov.i64	$k32,#0x00000000ffffffff
- #ifdef __ARMEL__
--	vrev64.8	$Z,$Z
-+	vrev64.8	$Xl,$Xl
- #endif
--.Louter_neon:
--	vld1.64		`&Dhi($IN)`,[$inp]!	@ load inp
--	veor		$Qpost,$Qpost
--	vld1.64		`&Dlo($IN)`,[$inp]!
--	veor		$R,$R
--	mov		$cnt,#16
-+	vmov.i64	$k16,#0x000000000000ffff
-+	veor		$Hhl,$Hlo,$Hhi		@ Karatsuba pre-processing
-+
-+.Loop_neon:
-+	vld1.64		$IN#hi,[$inp]!		@ load inp
-+	vld1.64		$IN#lo,[$inp]!
- #ifdef __ARMEL__
- 	vrev64.8	$IN,$IN
- #endif
--	veor		$Zo,$Zo
--	veor		$IN,$Z			@ inp^=Xi
--	veor		$Z,$Z
--	vdup.8		$xi,`&Dlo("$IN")`[0]	@ broadcast lowest byte
--.Linner_neon:
--	subs		$cnt,$cnt,#1
--	vmull.p8	$Qlo,$Hlo,$xi		@ H.lo�Xi[i]
--	vmull.p8	$Qhi,$Hhi,$xi		@ H.hi�Xi[i]
--	vext.8		$IN,$zero,#1		@ IN>>=8
--
--	veor		$Z,$Qpost		@ modulo-scheduled part
--	vshl.i64	`&Dlo("$R")`,#48
--	vdup.8		$xi,`&Dlo("$IN")`[0]	@ broadcast lowest byte
--	veor		$T,`&Dlo("$Qlo")`,`&Dlo("$Z")`
--
--	veor		`&Dhi("$Z")`,`&Dlo("$R")`
--	vuzp.8		$Qlo,$Qhi
--	vsli.8		$Zo,$T,#1		@ compose the "carry" byte
--	vext.8		$Z,$zero,#1		@ Z>>=8
--
--	vmull.p8	$R,$Zo,$mod		@ "carry"�0xe1
--	vshr.u8		$Zo,$T,#7		@ save Z's bottom bit
--	vext.8		$Qpost,$Qlo,$zero,#1	@ Qlo>>=8
--	veor		$Z,$Qhi
--	bne		.Linner_neon
--
--	veor		$Z,$Qpost		@ modulo-scheduled artefact
--	vshl.i64	`&Dlo("$R")`,#48
--	veor		`&Dhi("$Z")`,`&Dlo("$R")`
--
--	@ finalization, normalize Z:Zo
--	vand		$Zo,$mod		@ suffices to mask the bit
--	vshr.u64	`&Dhi(&Q("$Zo"))`,`&Dlo("$Z")`,#63
--	vshl.i64	$Z,#1
-+	veor		$IN,$Xl			@ inp^=Xi
-+.Lgmult_neon:
-+___
-+	&clmul64x64	($Xl,$Hlo,"$IN#lo");	# H.lo�Xi.lo
-+$code.=<<___;
-+	veor		$IN#lo,$IN#lo,$IN#hi	@ Karatsuba pre-processing
-+___
-+	&clmul64x64	($Xm,$Hhl,"$IN#lo");	# (H.lo+H.hi)�(Xi.lo+Xi.hi)
-+	&clmul64x64	($Xh,$Hhi,"$IN#hi");	# H.hi�Xi.hi
-+$code.=<<___;
-+	veor		$Xm,$Xm,$Xl		@ Karatsuba post-processing
-+	veor		$Xm,$Xm,$Xh
-+	veor		$Xl#hi,$Xl#hi,$Xm#lo
-+	veor		$Xh#lo,$Xh#lo,$Xm#hi	@ Xh|Xl - 256-bit result
-+
-+	@ equivalent of reduction_avx from ghash-x86_64.pl
-+	vshl.i64	$t1,$Xl,#57		@ 1st phase
-+	vshl.i64	$t2,$Xl,#62
-+	veor		$t2,$t2,$t1		@
-+	vshl.i64	$t1,$Xl,#63
-+	veor		$t2, $t2, $t1		@
-+ 	veor		$Xl#hi,$Xl#hi,$t2#lo	@
-+	veor		$Xh#lo,$Xh#lo,$t2#hi
-+
-+	vshr.u64	$t2,$Xl,#1		@ 2nd phase
-+	veor		$Xh,$Xh,$Xl
-+	veor		$Xl,$Xl,$t2		@
-+	vshr.u64	$t2,$t2,#6
-+	vshr.u64	$Xl,$Xl,#1		@
-+	veor		$Xl,$Xl,$Xh		@
-+	veor		$Xl,$Xl,$t2		@
-+
- 	subs		$len,#16
--	vorr		$Z,`&Q("$Zo")`		@ Z=Z:Zo<<1
--	bne		.Louter_neon
-+	bne		.Loop_neon
- 
- #ifdef __ARMEL__
--	vrev64.8	$Z,$Z
-+	vrev64.8	$Xl,$Xl
- #endif
- 	sub		$Xi,#16	
--	vst1.64		`&Dhi("$Z")`,[$Xi,:64]!	@ write out Xi
--	vst1.64		`&Dlo("$Z")`,[$Xi,:64]
-+	vst1.64		$Xl#hi,[$Xi,:64]!	@ write out Xi
-+	vst1.64		$Xl#lo,[$Xi,:64]
- 
--	bx	lr
-+	ret					@ bx lr
- .size	gcm_ghash_neon,.-gcm_ghash_neon
- #endif
- ___
-@@ -423,7 +480,13 @@ $code.=<<___;
- .align  2
- ___
- 
--$code =~ s/\`([^\`]*)\`/eval $1/gem;
--$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
--print $code;
-+foreach (split("\n",$code)) {
-+	s/\`([^\`]*)\`/eval $1/geo;
-+
-+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
-+	s/\bret\b/bx	lr/go		or
-+	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;    # make it possible to compile with -march=armv4
-+
-+	print $_,"\n";
-+}
- close STDOUT; # enforce flush
-diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl
-new file mode 100644
-index 0000000..b24f3d7
---- /dev/null
-+++ b/crypto/modes/asm/ghashv8-armx.pl
-@@ -0,0 +1,240 @@
-+#!/usr/bin/env perl
-+#
-+# ====================================================================
-+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-+# project. The module is, however, dual licensed under OpenSSL and
-+# CRYPTOGAMS licenses depending on where you obtain it. For further
-+# details see http://www.openssl.org/~appro/cryptogams/.
-+# ====================================================================
-+#
-+# GHASH for ARMv8 Crypto Extension, 64-bit polynomial multiplication.
-+#
-+# June 2014
-+#
-+# Initial version was developed in tight cooperation with Ard
-+# Biesheuvel <ard.biesheuvel@linaro.org> from bits-n-pieces from
-+# other assembly modules. Just like aesv8-armx.pl this module
-+# supports both AArch32 and AArch64 execution modes.
-+#
-+# Current performance in cycles per processed byte:
-+#
-+#		PMULL[2]	32-bit NEON(*)
-+# Apple A7	1.76		5.62
-+# Cortex-A5x	n/a		n/a
-+#
-+# (*)	presented for reference/comparison purposes;
-+
-+$flavour = shift;
-+open STDOUT,">".shift;
-+
-+$Xi="x0";	# argument block
-+$Htbl="x1";
-+$inp="x2";
-+$len="x3";
-+
-+$inc="x12";
-+
-+{
-+my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3));
-+my ($t0,$t1,$t2,$t3,$H,$Hhl)=map("q$_",(8..14));
-+
-+$code=<<___;
-+#include "arm_arch.h"
-+
-+.text
-+___
-+$code.=".arch	armv8-a+crypto\n"	if ($flavour =~ /64/);
-+$code.=".fpu	neon\n.code	32\n"	if ($flavour !~ /64/);
-+
-+$code.=<<___;
-+.global	gcm_init_v8
-+.type	gcm_init_v8,%function
-+.align	4
-+gcm_init_v8:
-+	vld1.64		{$t1},[x1]		@ load H
-+	vmov.i8		$t0,#0xe1
-+	vext.8		$IN,$t1,$t1,#8
-+	vshl.i64	$t0,$t0,#57
-+	vshr.u64	$t2,$t0,#63
-+	vext.8		$t0,$t2,$t0,#8		@ t0=0xc2....01
-+	vdup.32		$t1,${t1}[1]
-+	vshr.u64	$t3,$IN,#63
-+	vshr.s32	$t1,$t1,#31		@ broadcast carry bit
-+	vand		$t3,$t3,$t0
-+	vshl.i64	$IN,$IN,#1
-+	vext.8		$t3,$t3,$t3,#8
-+	vand		$t0,$t0,$t1
-+	vorr		$IN,$IN,$t3		@ H<<<=1
-+	veor		$IN,$IN,$t0		@ twisted H
-+	vst1.64		{$IN},[x0]
-+
-+	ret
-+.size	gcm_init_v8,.-gcm_init_v8
-+
-+.global	gcm_gmult_v8
-+.type	gcm_gmult_v8,%function
-+.align	4
-+gcm_gmult_v8:
-+	vld1.64		{$t1},[$Xi]		@ load Xi
-+	vmov.i8		$t3,#0xe1
-+	vld1.64		{$H},[$Htbl]		@ load twisted H
-+	vshl.u64	$t3,$t3,#57
-+#ifndef __ARMEB__
-+	vrev64.8	$t1,$t1
-+#endif
-+	vext.8		$Hhl,$H,$H,#8
-+	mov		$len,#0
-+	vext.8		$IN,$t1,$t1,#8
-+	mov		$inc,#0
-+	veor		$Hhl,$Hhl,$H		@ Karatsuba pre-processing
-+	mov		$inp,$Xi
-+	b		.Lgmult_v8
-+.size	gcm_gmult_v8,.-gcm_gmult_v8
-+
-+.global	gcm_ghash_v8
-+.type	gcm_ghash_v8,%function
-+.align	4
-+gcm_ghash_v8:
-+	vld1.64		{$Xl},[$Xi]		@ load [rotated] Xi
-+	subs		$len,$len,#16
-+	vmov.i8		$t3,#0xe1
-+	mov		$inc,#16
-+	vld1.64		{$H},[$Htbl]		@ load twisted H
-+	cclr		$inc,eq
-+	vext.8		$Xl,$Xl,$Xl,#8
-+	vshl.u64	$t3,$t3,#57
-+	vld1.64		{$t1},[$inp],$inc	@ load [rotated] inp
-+	vext.8		$Hhl,$H,$H,#8
-+#ifndef __ARMEB__
-+	vrev64.8	$Xl,$Xl
-+	vrev64.8	$t1,$t1
-+#endif
-+	veor		$Hhl,$Hhl,$H		@ Karatsuba pre-processing
-+	vext.8		$IN,$t1,$t1,#8
-+	b		.Loop_v8
-+
-+.align	4
-+.Loop_v8:
-+	vext.8		$t2,$Xl,$Xl,#8
-+	veor		$IN,$IN,$Xl		@ inp^=Xi
-+	veor		$t1,$t1,$t2		@ $t1 is rotated inp^Xi
-+
-+.Lgmult_v8:
-+	vpmull.p64	$Xl,$H,$IN		@ H.lo�Xi.lo
-+	veor		$t1,$t1,$IN		@ Karatsuba pre-processing
-+	vpmull2.p64	$Xh,$H,$IN		@ H.hi�Xi.hi
-+	subs		$len,$len,#16
-+	vpmull.p64	$Xm,$Hhl,$t1		@ (H.lo+H.hi)�(Xi.lo+Xi.hi)
-+	cclr		$inc,eq
-+
-+	vext.8		$t1,$Xl,$Xh,#8		@ Karatsuba post-processing
-+	veor		$t2,$Xl,$Xh
-+	veor		$Xm,$Xm,$t1
-+	 vld1.64	{$t1},[$inp],$inc	@ load [rotated] inp
-+	veor		$Xm,$Xm,$t2
-+	vpmull.p64	$t2,$Xl,$t3		@ 1st phase
-+
-+	vmov		$Xh#lo,$Xm#hi		@ Xh|Xm - 256-bit result
-+	vmov		$Xm#hi,$Xl#lo		@ Xm is rotated Xl
-+#ifndef __ARMEB__
-+	 vrev64.8	$t1,$t1
-+#endif
-+	veor		$Xl,$Xm,$t2
-+	 vext.8		$IN,$t1,$t1,#8
-+
-+	vext.8		$t2,$Xl,$Xl,#8		@ 2nd phase
-+	vpmull.p64	$Xl,$Xl,$t3
-+	veor		$t2,$t2,$Xh
-+	veor		$Xl,$Xl,$t2
-+	b.hs		.Loop_v8
-+
-+#ifndef __ARMEB__
-+	vrev64.8	$Xl,$Xl
-+#endif
-+	vext.8		$Xl,$Xl,$Xl,#8
-+	vst1.64		{$Xl},[$Xi]		@ write out Xi
-+
-+	ret
-+.size	gcm_ghash_v8,.-gcm_ghash_v8
-+___
-+}
-+$code.=<<___;
-+.asciz  "GHASH for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
-+.align  2
-+___
-+
-+if ($flavour =~ /64/) {			######## 64-bit code
-+    sub unvmov {
-+	my $arg=shift;
-+
-+	$arg =~ m/q([0-9]+)#(lo|hi),\s*q([0-9]+)#(lo|hi)/o &&
-+	sprintf	"ins	v%d.d[%d],v%d.d[%d]",$1,($2 eq "lo")?0:1,$3,($4 eq "lo")?0:1;
-+    }
-+    foreach(split("\n",$code)) {
-+	s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel	$1$2,$1zr,$1$2,$3/o	or
-+	s/vmov\.i8/movi/o		or	# fix up legacy mnemonics
-+	s/vmov\s+(.*)/unvmov($1)/geo	or
-+	s/vext\.8/ext/o			or
-+	s/vshr\.s/sshr\.s/o		or
-+	s/vshr/ushr/o			or
-+	s/^(\s+)v/$1/o			or	# strip off v prefix
-+	s/\bbx\s+lr\b/ret/o;
-+
-+	s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo;	# old->new registers
-+	s/@\s/\/\//o;				# old->new style commentary
-+
-+	# fix up remainig legacy suffixes
-+	s/\.[ui]?8(\s)/$1/o;
-+	s/\.[uis]?32//o and s/\.16b/\.4s/go;
-+	m/\.p64/o and s/\.16b/\.1q/o;		# 1st pmull argument
-+	m/l\.p64/o and s/\.16b/\.1d/go;		# 2nd and 3rd pmull arguments
-+	s/\.[uisp]?64//o and s/\.16b/\.2d/go;
-+	s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
-+
-+	print $_,"\n";
-+    }
-+} else {				######## 32-bit code
-+    sub unvdup32 {
-+	my $arg=shift;
-+
-+	$arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o &&
-+	sprintf	"vdup.32	q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1;
-+    }
-+    sub unvpmullp64 {
-+	my ($mnemonic,$arg)=@_;
-+
-+	if ($arg =~ m/q([0-9]+),\s*q([0-9]+),\s*q([0-9]+)/o) {
-+	    my $word = 0xf2a00e00|(($1&7)<<13)|(($1&8)<<19)
-+				 |(($2&7)<<17)|(($2&8)<<4)
-+				 |(($3&7)<<1) |(($3&8)<<2);
-+	    $word |= 0x00010001	 if ($mnemonic =~ "2");
-+	    # since ARMv7 instructions are always encoded little-endian.
-+	    # correct solution is to use .inst directive, but older
-+	    # assemblers don't implement it:-(
-+	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
-+			$word&0xff,($word>>8)&0xff,
-+			($word>>16)&0xff,($word>>24)&0xff,
-+			$mnemonic,$arg;
-+	}
-+    }
-+
-+    foreach(split("\n",$code)) {
-+	s/\b[wx]([0-9]+)\b/r$1/go;		# new->old registers
-+	s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go;	# new->old registers
-+        s/\/\/\s?/@ /o;				# new->old style commentary
-+
-+	# fix up remainig new-style suffixes
-+	s/\],#[0-9]+/]!/o;
-+
-+	s/cclr\s+([^,]+),\s*([a-z]+)/mov$2	$1,#0/o			or
-+	s/vdup\.32\s+(.*)/unvdup32($1)/geo				or
-+	s/v?(pmull2?)\.p64\s+(.*)/unvpmullp64($1,$2)/geo		or
-+	s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo	or
-+	s/^(\s+)b\./$1b/o						or
-+	s/^(\s+)ret/$1bx\tlr/o;
-+
-+        print $_,"\n";
-+    }
-+}
-+
-+close STDOUT; # enforce flush
-diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
-index e1dc2b0..79ebb66 100644
---- a/crypto/modes/gcm128.c
-+++ b/crypto/modes/gcm128.c
-@@ -642,7 +642,7 @@ static void gcm_gmult_1bit(u64 Xi[2],const u64 H[2])
- 
- #endif
- 
--#if	TABLE_BITS==4 && defined(GHASH_ASM)
-+#if	TABLE_BITS==4 && (defined(GHASH_ASM) || defined(OPENSSL_CPUID_OBJ))
- # if	!defined(I386_ONLY) && \
- 	(defined(__i386)	|| defined(__i386__)	|| \
- 	 defined(__x86_64)	|| defined(__x86_64__)	|| \
-@@ -663,13 +663,21 @@ void gcm_ghash_4bit_mmx(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len
- void gcm_gmult_4bit_x86(u64 Xi[2],const u128 Htable[16]);
- void gcm_ghash_4bit_x86(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
- #  endif
--# elif defined(__arm__) || defined(__arm)
-+# elif defined(__arm__) || defined(__arm) || defined(__aarch64__)
- #  include "arm_arch.h"
- #  if __ARM_ARCH__>=7
- #   define GHASH_ASM_ARM
- #   define GCM_FUNCREF_4BIT
-+#   define PMULL_CAPABLE	(OPENSSL_armcap_P & ARMV8_PMULL)
-+#   if defined(__arm__) || defined(__arm)
-+#    define NEON_CAPABLE	(OPENSSL_armcap_P & ARMV7_NEON)
-+#   endif
-+void gcm_init_neon(u128 Htable[16],const u64 Xi[2]);
- void gcm_gmult_neon(u64 Xi[2],const u128 Htable[16]);
- void gcm_ghash_neon(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
-+void gcm_init_v8(u128 Htable[16],const u64 Xi[2]);
-+void gcm_gmult_v8(u64 Xi[2],const u128 Htable[16]);
-+void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
- #  endif
- # endif
- #endif
-@@ -739,10 +747,21 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block)
- 	ctx->ghash = gcm_ghash_4bit;
- #  endif
- # elif	defined(GHASH_ASM_ARM)
--	if (OPENSSL_armcap_P & ARMV7_NEON) {
-+#  ifdef PMULL_CAPABLE
-+	if (PMULL_CAPABLE) {
-+		gcm_init_v8(ctx->Htable,ctx->H.u);
-+		ctx->gmult = gcm_gmult_v8;
-+		ctx->ghash = gcm_ghash_v8;
-+	} else
-+#  endif
-+#  ifdef NEON_CAPABLE
-+	if (NEON_CAPABLE) {
-+		gcm_init_neon(ctx->Htable,ctx->H.u);
- 		ctx->gmult = gcm_gmult_neon;
- 		ctx->ghash = gcm_ghash_neon;
--	} else {
-+	} else
-+#  endif
-+	{
- 		gcm_init_4bit(ctx->Htable,ctx->H.u);
- 		ctx->gmult = gcm_gmult_4bit;
- 		ctx->ghash = gcm_ghash_4bit;
-diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile
-index 2eb2b7a..6ef027d 100644
---- a/crypto/sha/Makefile
-+++ b/crypto/sha/Makefile
-@@ -92,6 +92,9 @@ sha512-%.S:	asm/sha512-%.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
- sha1-armv4-large.o:	sha1-armv4-large.S
- sha256-armv4.o:		sha256-armv4.S
- sha512-armv4.o:		sha512-armv4.S
-+sha1-armv8.o:		sha1-armv8.S
-+sha256-armv8.o:		sha256-armv8.S
-+sha512-armv8.o:		sha512-armv8.S
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl
-index 33da3e0..50bd07b 100644
---- a/crypto/sha/asm/sha1-armv4-large.pl
-+++ b/crypto/sha/asm/sha1-armv4-large.pl
-@@ -1,7 +1,7 @@
- #!/usr/bin/env perl
- 
- # ====================================================================
--# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
- # project. The module is, however, dual licensed under OpenSSL and
- # CRYPTOGAMS licenses depending on where you obtain it. For further
- # details see http://www.openssl.org/~appro/cryptogams/.
-@@ -52,6 +52,20 @@
- # Profiler-assisted and platform-specific optimization resulted in 10%
- # improvement on Cortex A8 core and 12.2 cycles per byte.
- 
-+# September 2013.
-+#
-+# Add NEON implementation (see sha1-586.pl for background info). On
-+# Cortex A8 it was measured to process one byte in 6.7 cycles or >80%
-+# faster than integer-only code. Because [fully unrolled] NEON code
-+# is ~2.5x larger and there are some redundant instructions executed
-+# when processing last block, improvement is not as big for smallest
-+# blocks, only ~30%. Snapdragon S4 is a tad faster, 6.4 cycles per
-+# byte, which is also >80% faster than integer-only code.
-+
-+# May 2014.
-+#
-+# Add ARMv8 code path performing at 2.35 cpb on Apple A7.
-+
- while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
- open STDOUT,">$output";
- 
-@@ -153,12 +167,22 @@ $code=<<___;
- #include "arm_arch.h"
- 
- .text
-+.code	32
- 
- .global	sha1_block_data_order
- .type	sha1_block_data_order,%function
- 
--.align	2
-+.align	5
- sha1_block_data_order:
-+#if __ARM_ARCH__>=7
-+	sub	r3,pc,#8		@ sha1_block_data_order
-+	ldr	r12,.LOPENSSL_armcap
-+	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
-+	tst	r12,#ARMV8_SHA1
-+	bne	.LARMv8
-+	tst	r12,#ARMV7_NEON
-+	bne	.LNEON
-+#endif
- 	stmdb	sp!,{r4-r12,lr}
- 	add	$len,$inp,$len,lsl#6	@ $len to point at the end of $inp
- 	ldmia	$ctx,{$a,$b,$c,$d,$e}
-@@ -233,16 +257,422 @@ $code.=<<___;
- 	moveq	pc,lr			@ be binary compatible with V4, yet
- 	bx	lr			@ interoperable with Thumb ISA:-)
- #endif
--.align	2
-+.size	sha1_block_data_order,.-sha1_block_data_order
-+
-+.align	5
- .LK_00_19:	.word	0x5a827999
- .LK_20_39:	.word	0x6ed9eba1
- .LK_40_59:	.word	0x8f1bbcdc
- .LK_60_79:	.word	0xca62c1d6
--.size	sha1_block_data_order,.-sha1_block_data_order
--.asciz	"SHA1 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
--.align	2
-+.LOPENSSL_armcap:
-+.word	OPENSSL_armcap_P-sha1_block_data_order
-+.asciz	"SHA1 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
-+.align	5
-+___
-+#####################################################################
-+# NEON stuff
-+#
-+{{{
-+my @V=($a,$b,$c,$d,$e);
-+my ($K_XX_XX,$Ki,$t0,$t1,$Xfer,$saved_sp)=map("r$_",(8..12,14));
-+my $Xi=4;
-+my @X=map("q$_",(8..11,0..3));
-+my @Tx=("q12","q13");
-+my ($K,$zero)=("q14","q15");
-+my $j=0;
-+
-+sub AUTOLOAD()          # thunk [simplified] x86-style perlasm
-+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
-+  my $arg = pop;
-+    $arg = "#$arg" if ($arg*1 eq $arg);
-+    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
-+}
-+
-+sub body_00_19 () {
-+	(
-+	'($a,$b,$c,$d,$e)=@V;'.		# '$code.="@ $j\n";'.
-+	'&bic	($t0,$d,$b)',
-+	'&add	($e,$e,$Ki)',		# e+=X[i]+K
-+	'&and	($t1,$c,$b)',
-+	'&ldr	($Ki,sprintf "[sp,#%d]",4*(($j+1)&15))',
-+	'&add	($e,$e,$a,"ror#27")',	# e+=ROR(A,27)
-+	'&eor	($t1,$t1,$t0)',		# F_00_19
-+	'&mov	($b,$b,"ror#2")',	# b=ROR(b,2)
-+	'&add	($e,$e,$t1);'.		# e+=F_00_19
-+	'$j++;	unshift(@V,pop(@V));'
-+	)
-+}
-+sub body_20_39 () {
-+	(
-+	'($a,$b,$c,$d,$e)=@V;'.		# '$code.="@ $j\n";'.
-+	'&eor	($t0,$b,$d)',
-+	'&add	($e,$e,$Ki)',		# e+=X[i]+K
-+	'&ldr	($Ki,sprintf "[sp,#%d]",4*(($j+1)&15)) if ($j<79)',
-+	'&eor	($t1,$t0,$c)',		# F_20_39
-+	'&add	($e,$e,$a,"ror#27")',	# e+=ROR(A,27)
-+	'&mov	($b,$b,"ror#2")',	# b=ROR(b,2)
-+	'&add	($e,$e,$t1);'.		# e+=F_20_39
-+	'$j++;	unshift(@V,pop(@V));'
-+	)
-+}
-+sub body_40_59 () {
-+	(
-+	'($a,$b,$c,$d,$e)=@V;'.		# '$code.="@ $j\n";'.
-+	'&add	($e,$e,$Ki)',		# e+=X[i]+K
-+	'&and	($t0,$c,$d)',
-+	'&ldr	($Ki,sprintf "[sp,#%d]",4*(($j+1)&15))',
-+	'&add	($e,$e,$a,"ror#27")',	# e+=ROR(A,27)
-+	'&eor	($t1,$c,$d)',
-+	'&add	($e,$e,$t0)',
-+	'&and	($t1,$t1,$b)',
-+	'&mov	($b,$b,"ror#2")',	# b=ROR(b,2)
-+	'&add	($e,$e,$t1);'.		# e+=F_40_59
-+	'$j++;	unshift(@V,pop(@V));'
-+	)
-+}
-+
-+sub Xupdate_16_31 ()
-+{ use integer;
-+  my $body = shift;
-+  my @insns = (&$body,&$body,&$body,&$body);
-+  my ($a,$b,$c,$d,$e);
-+
-+	&vext_8		(@X[0],@X[-4&7],@X[-3&7],8);	# compose "X[-14]" in "X[0]"
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vadd_i32	(@Tx[1],@X[-1&7],$K);
-+	 eval(shift(@insns));
-+	  &vld1_32	("{$K\[]}","[$K_XX_XX,:32]!")	if ($Xi%5==0);
-+	 eval(shift(@insns));
-+	&vext_8		(@Tx[0],@X[-1&7],$zero,4);	# "X[-3]", 3 words
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&veor		(@X[0],@X[0],@X[-4&7]);		# "X[0]"^="X[-16]"
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&veor		(@Tx[0],@Tx[0],@X[-2&7]);	# "X[-3]"^"X[-8]"
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&veor		(@Tx[0],@Tx[0],@X[0]);		# "X[0]"^="X[-3]"^"X[-8]
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vst1_32	("{@Tx[1]}","[$Xfer,:128]!");	# X[]+K xfer
-+	  &sub		($Xfer,$Xfer,64)		if ($Xi%4==0);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vext_8		(@Tx[1],$zero,@Tx[0],4);	# "X[0]"<<96, extract one dword
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vadd_i32	(@X[0],@Tx[0],@Tx[0]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vsri_32	(@X[0],@Tx[0],31);		# "X[0]"<<<=1
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vshr_u32	(@Tx[0],@Tx[1],30);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vshl_u32	(@Tx[1],@Tx[1],2);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&veor		(@X[0],@X[0],@Tx[0]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&veor		(@X[0],@X[0],@Tx[1]);		# "X[0]"^=("X[0]">>96)<<<2
-+
-+	foreach (@insns) { eval; }	# remaining instructions [if any]
-+
-+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-+}
-+
-+sub Xupdate_32_79 ()
-+{ use integer;
-+  my $body = shift;
-+  my @insns = (&$body,&$body,&$body,&$body);
-+  my ($a,$b,$c,$d,$e);
-+
-+	&vext_8		(@Tx[0],@X[-2&7],@X[-1&7],8);	# compose "X[-6]"
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&veor		(@X[0],@X[0],@X[-4&7]);		# "X[0]"="X[-32]"^"X[-16]"
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&veor		(@X[0],@X[0],@X[-7&7]);		# "X[0]"^="X[-28]"
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vadd_i32	(@Tx[1],@X[-1&7],$K);
-+	 eval(shift(@insns));
-+	  &vld1_32	("{$K\[]}","[$K_XX_XX,:32]!")	if ($Xi%5==0);
-+	 eval(shift(@insns));
-+	&veor		(@Tx[0],@Tx[0],@X[0]);		# "X[-6]"^="X[0]"
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vshr_u32	(@X[0],@Tx[0],30);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vst1_32	("{@Tx[1]}","[$Xfer,:128]!");	# X[]+K xfer
-+	  &sub		($Xfer,$Xfer,64)		if ($Xi%4==0);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vsli_32	(@X[0],@Tx[0],2);		# "X[0]"="X[-6]"<<<2
-+
-+	foreach (@insns) { eval; }	# remaining instructions [if any]
-+
-+  $Xi++;	push(@X,shift(@X));	# "rotate" X[]
-+}
-+
-+sub Xuplast_80 ()
-+{ use integer;
-+  my $body = shift;
-+  my @insns = (&$body,&$body,&$body,&$body);
-+  my ($a,$b,$c,$d,$e);
-+
-+	&vadd_i32	(@Tx[1],@X[-1&7],$K);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vst1_32	("{@Tx[1]}","[$Xfer,:128]!");
-+	&sub		($Xfer,$Xfer,64);
-+
-+	&teq		($inp,$len);
-+	&sub		($K_XX_XX,$K_XX_XX,16);	# rewind $K_XX_XX
-+	&subeq		($inp,$inp,64);		# reload last block to avoid SEGV
-+	&vld1_8		("{@X[-4&7]-@X[-3&7]}","[$inp]!");
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vld1_8		("{@X[-2&7]-@X[-1&7]}","[$inp]!");
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vld1_32	("{$K\[]}","[$K_XX_XX,:32]!");	# load K_00_19
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vrev32_8	(@X[-4&7],@X[-4&7]);
-+
-+	foreach (@insns) { eval; }		# remaining instructions
-+
-+   $Xi=0;
-+}
-+
-+sub Xloop()
-+{ use integer;
-+  my $body = shift;
-+  my @insns = (&$body,&$body,&$body,&$body);
-+  my ($a,$b,$c,$d,$e);
-+
-+	&vrev32_8	(@X[($Xi-3)&7],@X[($Xi-3)&7]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vadd_i32	(@X[$Xi&7],@X[($Xi-4)&7],$K);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vst1_32	("{@X[$Xi&7]}","[$Xfer,:128]!");# X[]+K xfer to IALU
-+
-+	foreach (@insns) { eval; }
-+
-+  $Xi++;
-+}
-+
-+$code.=<<___;
-+#if __ARM_ARCH__>=7
-+.fpu	neon
-+
-+.type	sha1_block_data_order_neon,%function
-+.align	4
-+sha1_block_data_order_neon:
-+.LNEON:
-+	stmdb	sp!,{r4-r12,lr}
-+	add	$len,$inp,$len,lsl#6	@ $len to point at the end of $inp
-+	@ dmb				@ errata #451034 on early Cortex A8
-+	@ vstmdb	sp!,{d8-d15}	@ ABI specification says so
-+	mov	$saved_sp,sp
-+	sub	sp,sp,#64		@ alloca
-+	adr	$K_XX_XX,.LK_00_19
-+	bic	sp,sp,#15		@ align for 128-bit stores
-+
-+	ldmia	$ctx,{$a,$b,$c,$d,$e}	@ load context
-+	mov	$Xfer,sp
-+
-+	vld1.8		{@X[-4&7]-@X[-3&7]},[$inp]!	@ handles unaligned
-+	veor		$zero,$zero,$zero
-+	vld1.8		{@X[-2&7]-@X[-1&7]},[$inp]!
-+	vld1.32		{${K}\[]},[$K_XX_XX,:32]!	@ load K_00_19
-+	vrev32.8	@X[-4&7],@X[-4&7]		@ yes, even on
-+	vrev32.8	@X[-3&7],@X[-3&7]		@ big-endian...
-+	vrev32.8	@X[-2&7],@X[-2&7]
-+	vadd.i32	@X[0],@X[-4&7],$K
-+	vrev32.8	@X[-1&7],@X[-1&7]
-+	vadd.i32	@X[1],@X[-3&7],$K
-+	vst1.32		{@X[0]},[$Xfer,:128]!
-+	vadd.i32	@X[2],@X[-2&7],$K
-+	vst1.32		{@X[1]},[$Xfer,:128]!
-+	vst1.32		{@X[2]},[$Xfer,:128]!
-+	ldr		$Ki,[sp]			@ big RAW stall
-+
-+.Loop_neon:
-+___
-+	&Xupdate_16_31(\&body_00_19);
-+	&Xupdate_16_31(\&body_00_19);
-+	&Xupdate_16_31(\&body_00_19);
-+	&Xupdate_16_31(\&body_00_19);
-+	&Xupdate_32_79(\&body_00_19);
-+	&Xupdate_32_79(\&body_20_39);
-+	&Xupdate_32_79(\&body_20_39);
-+	&Xupdate_32_79(\&body_20_39);
-+	&Xupdate_32_79(\&body_20_39);
-+	&Xupdate_32_79(\&body_20_39);
-+	&Xupdate_32_79(\&body_40_59);
-+	&Xupdate_32_79(\&body_40_59);
-+	&Xupdate_32_79(\&body_40_59);
-+	&Xupdate_32_79(\&body_40_59);
-+	&Xupdate_32_79(\&body_40_59);
-+	&Xupdate_32_79(\&body_20_39);
-+	&Xuplast_80(\&body_20_39);
-+	&Xloop(\&body_20_39);
-+	&Xloop(\&body_20_39);
-+	&Xloop(\&body_20_39);
-+$code.=<<___;
-+	ldmia	$ctx,{$Ki,$t0,$t1,$Xfer}	@ accumulate context
-+	add	$a,$a,$Ki
-+	ldr	$Ki,[$ctx,#16]
-+	add	$b,$b,$t0
-+	add	$c,$c,$t1
-+	add	$d,$d,$Xfer
-+	moveq	sp,$saved_sp
-+	add	$e,$e,$Ki
-+	ldrne	$Ki,[sp]
-+	stmia	$ctx,{$a,$b,$c,$d,$e}
-+	addne	$Xfer,sp,#3*16
-+	bne	.Loop_neon
-+
-+	@ vldmia	sp!,{d8-d15}
-+	ldmia	sp!,{r4-r12,pc}
-+.size	sha1_block_data_order_neon,.-sha1_block_data_order_neon
-+#endif
-+___
-+}}}
-+#####################################################################
-+# ARMv8 stuff
-+#
-+{{{
-+my ($ABCD,$E,$E0,$E1)=map("q$_",(0..3));
-+my @MSG=map("q$_",(4..7));
-+my @Kxx=map("q$_",(8..11));
-+my ($W0,$W1,$ABCD_SAVE)=map("q$_",(12..14));
-+
-+$code.=<<___;
-+#if __ARM_ARCH__>=7
-+.type	sha1_block_data_order_armv8,%function
-+.align	5
-+sha1_block_data_order_armv8:
-+.LARMv8:
-+	vstmdb	sp!,{d8-d15}		@ ABI specification says so
-+
-+	veor	$E,$E,$E
-+	adr	r3,.LK_00_19
-+	vld1.32	{$ABCD},[$ctx]!
-+	vld1.32	{$E\[0]},[$ctx]
-+	sub	$ctx,$ctx,#16
-+	vld1.32	{@Kxx[0]\[]},[r3,:32]!
-+	vld1.32	{@Kxx[1]\[]},[r3,:32]!
-+	vld1.32	{@Kxx[2]\[]},[r3,:32]!
-+	vld1.32	{@Kxx[3]\[]},[r3,:32]
-+
-+.Loop_v8:
-+	vld1.8		{@MSG[0]-@MSG[1]},[$inp]!
-+	vld1.8		{@MSG[2]-@MSG[3]},[$inp]!
-+	vrev32.8	@MSG[0],@MSG[0]
-+	vrev32.8	@MSG[1],@MSG[1]
-+
-+	vadd.i32	$W0,@Kxx[0],@MSG[0]
-+	vrev32.8	@MSG[2],@MSG[2]
-+	vmov		$ABCD_SAVE,$ABCD	@ offload
-+	subs		$len,$len,#1
-+
-+	vadd.i32	$W1,@Kxx[0],@MSG[1]
-+	vrev32.8	@MSG[3],@MSG[3]
-+	sha1h		$E1,$ABCD		@ 0
-+	sha1c		$ABCD,$E,$W0
-+	vadd.i32	$W0,@Kxx[$j],@MSG[2]
-+	sha1su0		@MSG[0],@MSG[1],@MSG[2]
-+___
-+for ($j=0,$i=1;$i<20-3;$i++) {
-+my $f=("c","p","m","p")[$i/5];
-+$code.=<<___;
-+	sha1h		$E0,$ABCD		@ $i
-+	sha1$f		$ABCD,$E1,$W1
-+	vadd.i32	$W1,@Kxx[$j],@MSG[3]
-+	sha1su1		@MSG[0],@MSG[3]
-+___
-+$code.=<<___ if ($i<20-4);
-+	sha1su0		@MSG[1],@MSG[2],@MSG[3]
- ___
-+	($E0,$E1)=($E1,$E0);	($W0,$W1)=($W1,$W0);
-+	push(@MSG,shift(@MSG));	$j++ if ((($i+3)%5)==0);
-+}
-+$code.=<<___;
-+	sha1h		$E0,$ABCD		@ $i
-+	sha1p		$ABCD,$E1,$W1
-+	vadd.i32	$W1,@Kxx[$j],@MSG[3]
-+
-+	sha1h		$E1,$ABCD		@ 18
-+	sha1p		$ABCD,$E0,$W0
-+
-+	sha1h		$E0,$ABCD		@ 19
-+	sha1p		$ABCD,$E1,$W1
-+
-+	vadd.i32	$E,$E,$E0
-+	vadd.i32	$ABCD,$ABCD,$ABCD_SAVE
-+	bne		.Loop_v8
-+
-+	vst1.32		{$ABCD},[$ctx]!
-+	vst1.32		{$E\[0]},[$ctx]
-+
-+	vldmia	sp!,{d8-d15}
-+	ret					@ bx lr
-+.size	sha1_block_data_order_armv8,.-sha1_block_data_order_armv8
-+#endif
-+___
-+}}}
-+$code.=<<___;
-+.comm	OPENSSL_armcap_P,4,4
-+___
-+
-+{   my  %opcode = (
-+	"sha1c"		=> 0xf2000c40,	"sha1p"		=> 0xf2100c40,
-+	"sha1m"		=> 0xf2200c40,	"sha1su0"	=> 0xf2300c40,
-+	"sha1h"		=> 0xf3b902c0,	"sha1su1"	=> 0xf3ba0380	);
-+
-+    sub unsha1 {
-+	my ($mnemonic,$arg)=@_;
-+
-+	if ($arg =~ m/q([0-9]+)(?:,\s*q([0-9]+))?,\s*q([0-9]+)/o) {
-+	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
-+					 |(($2&7)<<17)|(($2&8)<<4)
-+					 |(($3&7)<<1) |(($3&8)<<2);
-+	    # since ARMv7 instructions are always encoded little-endian.
-+	    # correct solution is to use .inst directive, but older
-+	    # assemblers don't implement it:-(
-+	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
-+			$word&0xff,($word>>8)&0xff,
-+			($word>>16)&0xff,($word>>24)&0xff,
-+			$mnemonic,$arg;
-+	}
-+    }
-+}
-+
-+foreach (split($/,$code)) {
-+	s/{q([0-9]+)\[\]}/sprintf "{d%d[],d%d[]}",2*$1,2*$1+1/eo	or
-+	s/{q([0-9]+)\[0\]}/sprintf "{d%d[0]}",2*$1/eo;
-+
-+	s/\b(sha1\w+)\s+(q.*)/unsha1($1,$2)/geo;
-+
-+	s/\bret\b/bx	lr/o		or
-+	s/\bbx\s+lr\b/.word\t0xe12fff1e/o;	# make it possible to compile with -march=armv4
-+
-+	print $_,$/;
-+}
- 
--$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
--print $code;
- close STDOUT; # enforce flush
-diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl
-new file mode 100644
-index 0000000..c1f552b
---- /dev/null
-+++ b/crypto/sha/asm/sha1-armv8.pl
-@@ -0,0 +1,333 @@
-+#!/usr/bin/env perl
-+#
-+# ====================================================================
-+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-+# project. The module is, however, dual licensed under OpenSSL and
-+# CRYPTOGAMS licenses depending on where you obtain it. For further
-+# details see http://www.openssl.org/~appro/cryptogams/.
-+# ====================================================================
-+#
-+# SHA1 for ARMv8.
-+#
-+# Performance in cycles per processed byte and improvement coefficient
-+# over code generated with "default" compiler:
-+#
-+#		hardware-assisted	software(*)
-+# Apple A7	2.31			4.13 (+14%)
-+# Cortex-A5x	n/a			n/a
-+#
-+# (*)	Software results are presented mostly for reference purposes.
-+
-+$flavour = shift;
-+open STDOUT,">".shift;
-+
-+($ctx,$inp,$num)=("x0","x1","x2");
-+@Xw=map("w$_",(3..17,19));
-+@Xx=map("x$_",(3..17,19));
-+@V=($A,$B,$C,$D,$E)=map("w$_",(20..24));
-+($t0,$t1,$t2,$K)=map("w$_",(25..28));
-+
-+
-+sub BODY_00_19 {
-+my ($i,$a,$b,$c,$d,$e)=@_;
-+my $j=($i+2)&15;
-+
-+$code.=<<___ if ($i<15 && !($i&1));
-+	lsr	@Xx[$i+1],@Xx[$i],#32
-+___
-+$code.=<<___ if ($i<14 && !($i&1));
-+	ldr	@Xx[$i+2],[$inp,#`($i+2)*4-64`]
-+___
-+$code.=<<___ if ($i<14 && ($i&1));
-+#ifdef	__ARMEB__
-+	ror	@Xx[$i+1],@Xx[$i+1],#32
-+#else
-+	rev32	@Xx[$i+1],@Xx[$i+1]
-+#endif
-+___
-+$code.=<<___ if ($i<14);
-+	bic	$t0,$d,$b
-+	and	$t1,$c,$b
-+	ror	$t2,$a,#27
-+	add	$d,$d,$K		// future e+=K
-+	orr	$t0,$t0,$t1
-+	add	$e,$e,$t2		// e+=rot(a,5)
-+	ror	$b,$b,#2
-+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
-+	add	$e,$e,$t0		// e+=F(b,c,d)
-+___
-+$code.=<<___ if ($i==19);
-+	movz	$K,#0xeba1
-+	movk	$K,#0x6ed9,lsl#16
-+___
-+$code.=<<___ if ($i>=14);
-+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+2)&15]
-+	bic	$t0,$d,$b
-+	and	$t1,$c,$b
-+	ror	$t2,$a,#27
-+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+8)&15]
-+	add	$d,$d,$K		// future e+=K
-+	orr	$t0,$t0,$t1
-+	add	$e,$e,$t2		// e+=rot(a,5)
-+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+13)&15]
-+	ror	$b,$b,#2
-+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
-+	add	$e,$e,$t0		// e+=F(b,c,d)
-+	 ror	@Xw[$j],@Xw[$j],#31
-+___
-+}
-+
-+sub BODY_40_59 {
-+my ($i,$a,$b,$c,$d,$e)=@_;
-+my $j=($i+2)&15;
-+
-+$code.=<<___ if ($i==59);
-+	movz	$K,#0xc1d6
-+	movk	$K,#0xca62,lsl#16
-+___
-+$code.=<<___;
-+	orr	$t0,$b,$c
-+	and	$t1,$b,$c
-+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+2)&15]
-+	ror	$t2,$a,#27
-+	and	$t0,$t0,$d
-+	add	$d,$d,$K		// future e+=K
-+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+8)&15]
-+	add	$e,$e,$t2		// e+=rot(a,5)
-+	orr	$t0,$t0,$t1
-+	ror	$b,$b,#2
-+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+13)&15]
-+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
-+	add	$e,$e,$t0		// e+=F(b,c,d)
-+	 ror	@Xw[$j],@Xw[$j],#31
-+___
-+}
-+
-+sub BODY_20_39 {
-+my ($i,$a,$b,$c,$d,$e)=@_;
-+my $j=($i+2)&15;
-+
-+$code.=<<___ if ($i==39);
-+	movz	$K,#0xbcdc
-+	movk	$K,#0x8f1b,lsl#16
-+___
-+$code.=<<___ if ($i<78);
-+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+2)&15]
-+	eor	$t0,$d,$b
-+	ror	$t2,$a,#27
-+	add	$d,$d,$K		// future e+=K
-+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+8)&15]
-+	eor	$t0,$t0,$c
-+	add	$e,$e,$t2		// e+=rot(a,5)
-+	ror	$b,$b,#2
-+	 eor	@Xw[$j],@Xw[$j],@Xw[($j+13)&15]
-+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
-+	add	$e,$e,$t0		// e+=F(b,c,d)
-+	 ror	@Xw[$j],@Xw[$j],#31
-+___
-+$code.=<<___ if ($i==78);
-+	ldp	@Xw[1],@Xw[2],[$ctx]
-+	eor	$t0,$d,$b
-+	ror	$t2,$a,#27
-+	add	$d,$d,$K		// future e+=K
-+	eor	$t0,$t0,$c
-+	add	$e,$e,$t2		// e+=rot(a,5)
-+	ror	$b,$b,#2
-+	add	$d,$d,@Xw[($i+1)&15]	// future e+=X[i]
-+	add	$e,$e,$t0		// e+=F(b,c,d)
-+___
-+$code.=<<___ if ($i==79);
-+	ldp	@Xw[3],@Xw[4],[$ctx,#8]
-+	eor	$t0,$d,$b
-+	ror	$t2,$a,#27
-+	eor	$t0,$t0,$c
-+	add	$e,$e,$t2		// e+=rot(a,5)
-+	ror	$b,$b,#2
-+	ldr	@Xw[5],[$ctx,#16]
-+	add	$e,$e,$t0		// e+=F(b,c,d)
-+___
-+}
-+
-+$code.=<<___;
-+#include "arm_arch.h"
-+
-+.text
-+
-+.globl	sha1_block_data_order
-+.type	sha1_block_data_order,%function
-+.align	6
-+sha1_block_data_order:
-+	ldr	x16,.LOPENSSL_armcap_P
-+	adr	x17,.LOPENSSL_armcap_P
-+	add	x16,x16,x17
-+	ldr	w16,[x16]
-+	tst	w16,#ARMV8_SHA1
-+	b.ne	.Lv8_entry
-+
-+	stp	x29,x30,[sp,#-96]!
-+	add	x29,sp,#0
-+	stp	x19,x20,[sp,#16]
-+	stp	x21,x22,[sp,#32]
-+	stp	x23,x24,[sp,#48]
-+	stp	x25,x26,[sp,#64]
-+	stp	x27,x28,[sp,#80]
-+
-+	ldp	$A,$B,[$ctx]
-+	ldp	$C,$D,[$ctx,#8]
-+	ldr	$E,[$ctx,#16]
-+
-+.Loop:
-+	ldr	@Xx[0],[$inp],#64
-+	movz	$K,#0x7999
-+	sub	$num,$num,#1
-+	movk	$K,#0x5a82,lsl#16
-+#ifdef	__ARMEB__
-+	ror	$Xx[0],@Xx[0],#32
-+#else
-+	rev32	@Xx[0],@Xx[0]
-+#endif
-+	add	$E,$E,$K		// warm it up
-+	add	$E,$E,@Xw[0]
-+___
-+for($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
-+for(;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-+for(;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
-+for(;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-+$code.=<<___;
-+	add	$B,$B,@Xw[2]
-+	add	$C,$C,@Xw[3]
-+	add	$A,$A,@Xw[1]
-+	add	$D,$D,@Xw[4]
-+	add	$E,$E,@Xw[5]
-+	stp	$A,$B,[$ctx]
-+	stp	$C,$D,[$ctx,#8]
-+	str	$E,[$ctx,#16]
-+	cbnz	$num,.Loop
-+
-+	ldp	x19,x20,[sp,#16]
-+	ldp	x21,x22,[sp,#32]
-+	ldp	x23,x24,[sp,#48]
-+	ldp	x25,x26,[sp,#64]
-+	ldp	x27,x28,[sp,#80]
-+	ldr	x29,[sp],#96
-+	ret
-+.size	sha1_block_data_order,.-sha1_block_data_order
-+___
-+{{{
-+my ($ABCD,$E,$E0,$E1)=map("v$_.16b",(0..3));
-+my @MSG=map("v$_.16b",(4..7));
-+my @Kxx=map("v$_.4s",(16..19));
-+my ($W0,$W1)=("v20.4s","v21.4s");
-+my $ABCD_SAVE="v22.16b";
-+
-+$code.=<<___;
-+.type	sha1_block_armv8,%function
-+.align	6
-+sha1_block_armv8:
-+.Lv8_entry:
-+	stp	x29,x30,[sp,#-16]!
-+	add	x29,sp,#0
-+
-+	adr	x4,.Lconst
-+	eor	$E,$E,$E
-+	ld1.32	{$ABCD},[$ctx],#16
-+	ld1.32	{$E}[0],[$ctx]
-+	sub	$ctx,$ctx,#16
-+	ld1.32	{@Kxx[0]-@Kxx[3]},[x4]
-+
-+.Loop_hw:
-+	ld1	{@MSG[0]-@MSG[3]},[$inp],#64
-+	sub	$num,$num,#1
-+	rev32	@MSG[0],@MSG[0]
-+	rev32	@MSG[1],@MSG[1]
-+
-+	add.i32	$W0,@Kxx[0],@MSG[0]
-+	rev32	@MSG[2],@MSG[2]
-+	orr	$ABCD_SAVE,$ABCD,$ABCD	// offload
-+
-+	add.i32	$W1,@Kxx[0],@MSG[1]
-+	rev32	@MSG[3],@MSG[3]
-+	sha1h	$E1,$ABCD
-+	sha1c	$ABCD,$E,$W0		// 0
-+	add.i32	$W0,@Kxx[$j],@MSG[2]
-+	sha1su0	@MSG[0],@MSG[1],@MSG[2]
-+___
-+for ($j=0,$i=1;$i<20-3;$i++) {
-+my $f=("c","p","m","p")[$i/5];
-+$code.=<<___;
-+	sha1h	$E0,$ABCD		// $i
-+	sha1$f	$ABCD,$E1,$W1
-+	add.i32	$W1,@Kxx[$j],@MSG[3]
-+	sha1su1	@MSG[0],@MSG[3]
-+___
-+$code.=<<___ if ($i<20-4);
-+	sha1su0	@MSG[1],@MSG[2],@MSG[3]
-+___
-+	($E0,$E1)=($E1,$E0);		($W0,$W1)=($W1,$W0);
-+	push(@MSG,shift(@MSG));		$j++ if ((($i+3)%5)==0);
-+}
-+$code.=<<___;
-+	sha1h	$E0,$ABCD		// $i
-+	sha1p	$ABCD,$E1,$W1
-+	add.i32	$W1,@Kxx[$j],@MSG[3]
-+
-+	sha1h	$E1,$ABCD		// 18
-+	sha1p	$ABCD,$E0,$W0
-+
-+	sha1h	$E0,$ABCD		// 19
-+	sha1p	$ABCD,$E1,$W1
-+
-+	add.i32	$E,$E,$E0
-+	add.i32	$ABCD,$ABCD,$ABCD_SAVE
-+
-+	cbnz	$num,.Loop_hw
-+
-+	st1.32	{$ABCD},[$ctx],#16
-+	st1.32	{$E}[0],[$ctx]
-+
-+	ldr	x29,[sp],#16
-+	ret
-+.size	sha1_block_armv8,.-sha1_block_armv8
-+.align	6
-+.Lconst:
-+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	//K_00_19
-+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	//K_20_39
-+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	//K_40_59
-+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	//K_60_79
-+.LOPENSSL_armcap_P:
-+.quad	OPENSSL_armcap_P-.
-+.asciz	"SHA1 block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
-+.align	2
-+.comm	OPENSSL_armcap_P,4,4
-+___
-+}}}
-+
-+{   my	%opcode = (
-+	"sha1c"		=> 0x5e000000,	"sha1p"		=> 0x5e001000,
-+	"sha1m"		=> 0x5e002000,	"sha1su0"	=> 0x5e003000,
-+	"sha1h"		=> 0x5e280800,	"sha1su1"	=> 0x5e281800	);
-+
-+    sub unsha1 {
-+	my ($mnemonic,$arg)=@_;
-+
-+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o
-+	&&
-+	sprintf ".inst\t0x%08x\t//%s %s",
-+			$opcode{$mnemonic}|$1|($2<<5)|($3<<16),
-+			$mnemonic,$arg;
-+    }
-+}
-+
-+foreach(split("\n",$code)) {
-+
-+	s/\`([^\`]*)\`/eval($1)/geo;
-+
-+	s/\b(sha1\w+)\s+([qv].*)/unsha1($1,$2)/geo;
-+
-+	s/\.\w?32\b//o		and s/\.16b/\.4s/go;
-+	m/(ld|st)1[^\[]+\[0\]/o	and s/\.4s/\.s/go;
-+
-+	print $_,"\n";
-+}
-+
-+close STDOUT;
-diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl
-index 9c84e8d..505ca8f 100644
---- a/crypto/sha/asm/sha256-armv4.pl
-+++ b/crypto/sha/asm/sha256-armv4.pl
-@@ -1,7 +1,7 @@
- #!/usr/bin/env perl
- 
- # ====================================================================
--# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
- # project. The module is, however, dual licensed under OpenSSL and
- # CRYPTOGAMS licenses depending on where you obtain it. For further
- # details see http://www.openssl.org/~appro/cryptogams/.
-@@ -21,15 +21,27 @@
- # February 2011.
- #
- # Profiler-assisted and platform-specific optimization resulted in 16%
--# improvement on Cortex A8 core and ~17 cycles per processed byte.
-+# improvement on Cortex A8 core and ~15.4 cycles per processed byte.
-+
-+# September 2013.
-+#
-+# Add NEON implementation. On Cortex A8 it was measured to process one
-+# byte in 12.5 cycles or 23% faster than integer-only code. Snapdragon
-+# S4 does it in 12.5 cycles too, but it's 50% faster than integer-only
-+# code (meaning that latter performs sub-optimally, nothing was done
-+# about it).
-+
-+# May 2014.
-+#
-+# Add ARMv8 code path performing at 2.0 cpb on Apple A7.
- 
- while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
- open STDOUT,">$output";
- 
- $ctx="r0";	$t0="r0";
--$inp="r1";	$t3="r1";
-+$inp="r1";	$t4="r1";
- $len="r2";	$t1="r2";
--$T1="r3";
-+$T1="r3";	$t3="r3";
- $A="r4";
- $B="r5";
- $C="r6";
-@@ -52,71 +64,88 @@ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
- 
- $code.=<<___ if ($i<16);
- #if __ARM_ARCH__>=7
--	ldr	$T1,[$inp],#4
-+	@ ldr	$t1,[$inp],#4			@ $i
-+# if $i==15
-+	str	$inp,[sp,#17*4]			@ make room for $t4
-+# endif
-+	eor	$t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]`
-+	add	$a,$a,$t2			@ h+=Maj(a,b,c) from the past
-+	eor	$t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]`	@ Sigma1(e)
-+	rev	$t1,$t1
- #else
--	ldrb	$T1,[$inp,#3]			@ $i
-+	@ ldrb	$t1,[$inp,#3]			@ $i
-+	add	$a,$a,$t2			@ h+=Maj(a,b,c) from the past
- 	ldrb	$t2,[$inp,#2]
--	ldrb	$t1,[$inp,#1]
--	ldrb	$t0,[$inp],#4
--	orr	$T1,$T1,$t2,lsl#8
--	orr	$T1,$T1,$t1,lsl#16
--	orr	$T1,$T1,$t0,lsl#24
-+	ldrb	$t0,[$inp,#1]
-+	orr	$t1,$t1,$t2,lsl#8
-+	ldrb	$t2,[$inp],#4
-+	orr	$t1,$t1,$t0,lsl#16
-+# if $i==15
-+	str	$inp,[sp,#17*4]			@ make room for $t4
-+# endif
-+	eor	$t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]`
-+	orr	$t1,$t1,$t2,lsl#24
-+	eor	$t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]`	@ Sigma1(e)
- #endif
- ___
- $code.=<<___;
--	mov	$t0,$e,ror#$Sigma1[0]
- 	ldr	$t2,[$Ktbl],#4			@ *K256++
--	eor	$t0,$t0,$e,ror#$Sigma1[1]
-+	add	$h,$h,$t1			@ h+=X[i]
-+	str	$t1,[sp,#`$i%16`*4]
- 	eor	$t1,$f,$g
--#if $i>=16
--	add	$T1,$T1,$t3			@ from BODY_16_xx
--#elif __ARM_ARCH__>=7 && defined(__ARMEL__)
--	rev	$T1,$T1
--#endif
--#if $i==15
--	str	$inp,[sp,#17*4]			@ leave room for $t3
--#endif
--	eor	$t0,$t0,$e,ror#$Sigma1[2]	@ Sigma1(e)
-+	add	$h,$h,$t0,ror#$Sigma1[0]	@ h+=Sigma1(e)
- 	and	$t1,$t1,$e
--	str	$T1,[sp,#`$i%16`*4]
--	add	$T1,$T1,$t0
-+	add	$h,$h,$t2			@ h+=K256[i]
- 	eor	$t1,$t1,$g			@ Ch(e,f,g)
--	add	$T1,$T1,$h
--	mov	$h,$a,ror#$Sigma0[0]
--	add	$T1,$T1,$t1
--	eor	$h,$h,$a,ror#$Sigma0[1]
--	add	$T1,$T1,$t2
--	eor	$h,$h,$a,ror#$Sigma0[2]		@ Sigma0(a)
--#if $i>=15
--	ldr	$t3,[sp,#`($i+2)%16`*4]		@ from BODY_16_xx
-+	eor	$t0,$a,$a,ror#`$Sigma0[1]-$Sigma0[0]`
-+	add	$h,$h,$t1			@ h+=Ch(e,f,g)
-+#if $i==31
-+	and	$t2,$t2,#0xff
-+	cmp	$t2,#0xf2			@ done?
- #endif
--	orr	$t0,$a,$b
--	and	$t1,$a,$b
--	and	$t0,$t0,$c
--	add	$h,$h,$T1
--	orr	$t0,$t0,$t1			@ Maj(a,b,c)
--	add	$d,$d,$T1
--	add	$h,$h,$t0
-+#if $i<15
-+# if __ARM_ARCH__>=7
-+	ldr	$t1,[$inp],#4			@ prefetch
-+# else
-+	ldrb	$t1,[$inp,#3]
-+# endif
-+	eor	$t2,$a,$b			@ a^b, b^c in next round
-+#else
-+	ldr	$t1,[sp,#`($i+2)%16`*4]		@ from future BODY_16_xx
-+	eor	$t2,$a,$b			@ a^b, b^c in next round
-+	ldr	$t4,[sp,#`($i+15)%16`*4]	@ from future BODY_16_xx
-+#endif
-+	eor	$t0,$t0,$a,ror#`$Sigma0[2]-$Sigma0[0]`	@ Sigma0(a)
-+	and	$t3,$t3,$t2			@ (b^c)&=(a^b)
-+	add	$d,$d,$h			@ d+=h
-+	eor	$t3,$t3,$b			@ Maj(a,b,c)
-+	add	$h,$h,$t0,ror#$Sigma0[0]	@ h+=Sigma0(a)
-+	@ add	$h,$h,$t3			@ h+=Maj(a,b,c)
- ___
-+	($t2,$t3)=($t3,$t2);
- }
- 
- sub BODY_16_XX {
- my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
- 
- $code.=<<___;
--	@ ldr	$t3,[sp,#`($i+1)%16`*4]		@ $i
--	ldr	$t2,[sp,#`($i+14)%16`*4]
--	mov	$t0,$t3,ror#$sigma0[0]
--	ldr	$T1,[sp,#`($i+0)%16`*4]
--	eor	$t0,$t0,$t3,ror#$sigma0[1]
--	ldr	$t1,[sp,#`($i+9)%16`*4]
--	eor	$t0,$t0,$t3,lsr#$sigma0[2]	@ sigma0(X[i+1])
--	mov	$t3,$t2,ror#$sigma1[0]
--	add	$T1,$T1,$t0
--	eor	$t3,$t3,$t2,ror#$sigma1[1]
--	add	$T1,$T1,$t1
--	eor	$t3,$t3,$t2,lsr#$sigma1[2]	@ sigma1(X[i+14])
--	@ add	$T1,$T1,$t3
-+	@ ldr	$t1,[sp,#`($i+1)%16`*4]		@ $i
-+	@ ldr	$t4,[sp,#`($i+14)%16`*4]
-+	mov	$t0,$t1,ror#$sigma0[0]
-+	add	$a,$a,$t2			@ h+=Maj(a,b,c) from the past
-+	mov	$t2,$t4,ror#$sigma1[0]
-+	eor	$t0,$t0,$t1,ror#$sigma0[1]
-+	eor	$t2,$t2,$t4,ror#$sigma1[1]
-+	eor	$t0,$t0,$t1,lsr#$sigma0[2]	@ sigma0(X[i+1])
-+	ldr	$t1,[sp,#`($i+0)%16`*4]
-+	eor	$t2,$t2,$t4,lsr#$sigma1[2]	@ sigma1(X[i+14])
-+	ldr	$t4,[sp,#`($i+9)%16`*4]
-+
-+	add	$t2,$t2,$t0
-+	eor	$t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]`	@ from BODY_00_15
-+	add	$t1,$t1,$t2
-+	eor	$t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]`	@ Sigma1(e)
-+	add	$t1,$t1,$t4			@ X[i]
- ___
- 	&BODY_00_15(@_);
- }
-@@ -147,46 +176,64 @@ K256:
- .word	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
- .word	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
- .size	K256,.-K256
-+.word	0				@ terminator
-+.LOPENSSL_armcap:
-+.word	OPENSSL_armcap_P-sha256_block_data_order
-+.align	5
- 
- .global	sha256_block_data_order
- .type	sha256_block_data_order,%function
- sha256_block_data_order:
- 	sub	r3,pc,#8		@ sha256_block_data_order
- 	add	$len,$inp,$len,lsl#6	@ len to point at the end of inp
-+#if __ARM_ARCH__>=7
-+	ldr	r12,.LOPENSSL_armcap
-+	ldr	r12,[r3,r12]		@ OPENSSL_armcap_P
-+	tst	r12,#ARMV8_SHA256
-+	bne	.LARMv8
-+	tst	r12,#ARMV7_NEON
-+	bne	.LNEON
-+#endif
- 	stmdb	sp!,{$ctx,$inp,$len,r4-r11,lr}
- 	ldmia	$ctx,{$A,$B,$C,$D,$E,$F,$G,$H}
--	sub	$Ktbl,r3,#256		@ K256
-+	sub	$Ktbl,r3,#256+32	@ K256
- 	sub	sp,sp,#16*4		@ alloca(X[16])
- .Loop:
-+# if __ARM_ARCH__>=7
-+	ldr	$t1,[$inp],#4
-+# else
-+	ldrb	$t1,[$inp,#3]
-+# endif
-+	eor	$t3,$B,$C		@ magic
-+	eor	$t2,$t2,$t2
- ___
- for($i=0;$i<16;$i++)	{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
- $code.=".Lrounds_16_xx:\n";
- for (;$i<32;$i++)	{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); }
- $code.=<<___;
--	and	$t2,$t2,#0xff
--	cmp	$t2,#0xf2
-+	ldreq	$t3,[sp,#16*4]		@ pull ctx
- 	bne	.Lrounds_16_xx
- 
--	ldr	$T1,[sp,#16*4]		@ pull ctx
--	ldr	$t0,[$T1,#0]
--	ldr	$t1,[$T1,#4]
--	ldr	$t2,[$T1,#8]
-+	add	$A,$A,$t2		@ h+=Maj(a,b,c) from the past
-+	ldr	$t0,[$t3,#0]
-+	ldr	$t1,[$t3,#4]
-+	ldr	$t2,[$t3,#8]
- 	add	$A,$A,$t0
--	ldr	$t0,[$T1,#12]
-+	ldr	$t0,[$t3,#12]
- 	add	$B,$B,$t1
--	ldr	$t1,[$T1,#16]
-+	ldr	$t1,[$t3,#16]
- 	add	$C,$C,$t2
--	ldr	$t2,[$T1,#20]
-+	ldr	$t2,[$t3,#20]
- 	add	$D,$D,$t0
--	ldr	$t0,[$T1,#24]
-+	ldr	$t0,[$t3,#24]
- 	add	$E,$E,$t1
--	ldr	$t1,[$T1,#28]
-+	ldr	$t1,[$t3,#28]
- 	add	$F,$F,$t2
- 	ldr	$inp,[sp,#17*4]		@ pull inp
- 	ldr	$t2,[sp,#18*4]		@ pull inp+len
- 	add	$G,$G,$t0
- 	add	$H,$H,$t1
--	stmia	$T1,{$A,$B,$C,$D,$E,$F,$G,$H}
-+	stmia	$t3,{$A,$B,$C,$D,$E,$F,$G,$H}
- 	cmp	$inp,$t2
- 	sub	$Ktbl,$Ktbl,#256	@ rewind Ktbl
- 	bne	.Loop
-@@ -200,12 +247,410 @@ $code.=<<___;
- 	moveq	pc,lr			@ be binary compatible with V4, yet
- 	bx	lr			@ interoperable with Thumb ISA:-)
- #endif
--.size   sha256_block_data_order,.-sha256_block_data_order
--.asciz  "SHA256 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
-+.size	sha256_block_data_order,.-sha256_block_data_order
-+___
-+######################################################################
-+# NEON stuff
-+#
-+{{{
-+my @X=map("q$_",(0..3));
-+my ($T0,$T1,$T2,$T3,$T4,$T5)=("q8","q9","q10","q11","d24","d25");
-+my $Xfer=$t4;
-+my $j=0;
-+
-+sub Dlo()   { shift=~m|q([1]?[0-9])|?"d".($1*2):"";     }
-+sub Dhi()   { shift=~m|q([1]?[0-9])|?"d".($1*2+1):"";   }
-+
-+sub AUTOLOAD()          # thunk [simplified] x86-style perlasm
-+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./;
-+  my $arg = pop;
-+    $arg = "#$arg" if ($arg*1 eq $arg);
-+    $code .= "\t$opcode\t".join(',',@_,$arg)."\n";
-+}
-+
-+sub Xupdate()
-+{ use integer;
-+  my $body = shift;
-+  my @insns = (&$body,&$body,&$body,&$body);
-+  my ($a,$b,$c,$d,$e,$f,$g,$h);
-+
-+	&vext_8		($T0,@X[0],@X[1],4);	# X[1..4]
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vext_8		($T1,@X[2],@X[3],4);	# X[9..12]
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vshr_u32	($T2,$T0,$sigma0[0]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vadd_i32	(@X[0],@X[0],$T1);	# X[0..3] += X[9..12]
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vshr_u32	($T1,$T0,$sigma0[2]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vsli_32	($T2,$T0,32-$sigma0[0]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vshr_u32	($T3,$T0,$sigma0[1]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&veor		($T1,$T1,$T2);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vsli_32	($T3,$T0,32-$sigma0[1]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vshr_u32	($T4,&Dhi(@X[3]),$sigma1[0]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&veor		($T1,$T1,$T3);		# sigma0(X[1..4])
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vsli_32	($T4,&Dhi(@X[3]),32-$sigma1[0]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vshr_u32	($T5,&Dhi(@X[3]),$sigma1[2]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vadd_i32	(@X[0],@X[0],$T1);	# X[0..3] += sigma0(X[1..4])
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &veor		($T5,$T5,$T4);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vshr_u32	($T4,&Dhi(@X[3]),$sigma1[1]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vsli_32	($T4,&Dhi(@X[3]),32-$sigma1[1]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &veor		($T5,$T5,$T4);		# sigma1(X[14..15])
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vadd_i32	(&Dlo(@X[0]),&Dlo(@X[0]),$T5);# X[0..1] += sigma1(X[14..15])
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vshr_u32	($T4,&Dlo(@X[0]),$sigma1[0]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vsli_32	($T4,&Dlo(@X[0]),32-$sigma1[0]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vshr_u32	($T5,&Dlo(@X[0]),$sigma1[2]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &veor		($T5,$T5,$T4);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vshr_u32	($T4,&Dlo(@X[0]),$sigma1[1]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vld1_32	("{$T0}","[$Ktbl,:128]!");
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &vsli_32	($T4,&Dlo(@X[0]),32-$sigma1[1]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	  &veor		($T5,$T5,$T4);		# sigma1(X[16..17])
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vadd_i32	(&Dhi(@X[0]),&Dhi(@X[0]),$T5);# X[2..3] += sigma1(X[16..17])
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vadd_i32	($T0,$T0,@X[0]);
-+	 while($#insns>=2) { eval(shift(@insns)); }
-+	&vst1_32	("{$T0}","[$Xfer,:128]!");
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+
-+	push(@X,shift(@X));		# "rotate" X[]
-+}
-+
-+sub Xpreload()
-+{ use integer;
-+  my $body = shift;
-+  my @insns = (&$body,&$body,&$body,&$body);
-+  my ($a,$b,$c,$d,$e,$f,$g,$h);
-+
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vld1_32	("{$T0}","[$Ktbl,:128]!");
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vrev32_8	(@X[0],@X[0]);
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	 eval(shift(@insns));
-+	&vadd_i32	($T0,$T0,@X[0]);
-+	 foreach (@insns) { eval; }	# remaining instructions
-+	&vst1_32	("{$T0}","[$Xfer,:128]!");
-+
-+	push(@X,shift(@X));		# "rotate" X[]
-+}
-+
-+sub body_00_15 () {
-+	(
-+	'($a,$b,$c,$d,$e,$f,$g,$h)=@V;'.
-+	'&add	($h,$h,$t1)',			# h+=X[i]+K[i]
-+	'&eor	($t1,$f,$g)',
-+	'&eor	($t0,$e,$e,"ror#".($Sigma1[1]-$Sigma1[0]))',
-+	'&add	($a,$a,$t2)',			# h+=Maj(a,b,c) from the past
-+	'&and	($t1,$t1,$e)',
-+	'&eor	($t2,$t0,$e,"ror#".($Sigma1[2]-$Sigma1[0]))',	# Sigma1(e)
-+	'&eor	($t0,$a,$a,"ror#".($Sigma0[1]-$Sigma0[0]))',
-+	'&eor	($t1,$t1,$g)',			# Ch(e,f,g)
-+	'&add	($h,$h,$t2,"ror#$Sigma1[0]")',	# h+=Sigma1(e)
-+	'&eor	($t2,$a,$b)',			# a^b, b^c in next round
-+	'&eor	($t0,$t0,$a,"ror#".($Sigma0[2]-$Sigma0[0]))',	# Sigma0(a)
-+	'&add	($h,$h,$t1)',			# h+=Ch(e,f,g)
-+	'&ldr	($t1,sprintf "[sp,#%d]",4*(($j+1)&15))	if (($j&15)!=15);'.
-+	'&ldr	($t1,"[$Ktbl]")				if ($j==15);'.
-+	'&ldr	($t1,"[sp,#64]")			if ($j==31)',
-+	'&and	($t3,$t3,$t2)',			# (b^c)&=(a^b)
-+	'&add	($d,$d,$h)',			# d+=h
-+	'&add	($h,$h,$t0,"ror#$Sigma0[0]");'.	# h+=Sigma0(a)
-+	'&eor	($t3,$t3,$b)',			# Maj(a,b,c)
-+	'$j++;	unshift(@V,pop(@V)); ($t2,$t3)=($t3,$t2);'
-+	)
-+}
-+
-+$code.=<<___;
-+#if __ARM_ARCH__>=7
-+.fpu	neon
-+
-+.type	sha256_block_data_order_neon,%function
-+.align	4
-+sha256_block_data_order_neon:
-+.LNEON:
-+	stmdb	sp!,{r4-r12,lr}
-+
-+	mov	$t2,sp
-+	sub	sp,sp,#16*4+16		@ alloca
-+	sub	$Ktbl,r3,#256+32	@ K256
-+	bic	sp,sp,#15		@ align for 128-bit stores
-+
-+	vld1.8		{@X[0]},[$inp]!
-+	vld1.8		{@X[1]},[$inp]!
-+	vld1.8		{@X[2]},[$inp]!
-+	vld1.8		{@X[3]},[$inp]!
-+	vld1.32		{$T0},[$Ktbl,:128]!
-+	vld1.32		{$T1},[$Ktbl,:128]!
-+	vld1.32		{$T2},[$Ktbl,:128]!
-+	vld1.32		{$T3},[$Ktbl,:128]!
-+	vrev32.8	@X[0],@X[0]		@ yes, even on
-+	str		$ctx,[sp,#64]
-+	vrev32.8	@X[1],@X[1]		@ big-endian
-+	str		$inp,[sp,#68]
-+	mov		$Xfer,sp
-+	vrev32.8	@X[2],@X[2]
-+	str		$len,[sp,#72]
-+	vrev32.8	@X[3],@X[3]
-+	str		$t2,[sp,#76]		@ save original sp
-+	vadd.i32	$T0,$T0,@X[0]
-+	vadd.i32	$T1,$T1,@X[1]
-+	vst1.32		{$T0},[$Xfer,:128]!
-+	vadd.i32	$T2,$T2,@X[2]
-+	vst1.32		{$T1},[$Xfer,:128]!
-+	vadd.i32	$T3,$T3,@X[3]
-+	vst1.32		{$T2},[$Xfer,:128]!
-+	vst1.32		{$T3},[$Xfer,:128]!
-+
-+	ldmia		$ctx,{$A-$H}
-+	sub		$Xfer,$Xfer,#64
-+	ldr		$t1,[sp,#0]
-+	eor		$t2,$t2,$t2
-+	eor		$t3,$B,$C
-+	b		.L_00_48
-+
-+.align	4
-+.L_00_48:
-+___
-+	&Xupdate(\&body_00_15);
-+	&Xupdate(\&body_00_15);
-+	&Xupdate(\&body_00_15);
-+	&Xupdate(\&body_00_15);
-+$code.=<<___;
-+	teq	$t1,#0				@ check for K256 terminator
-+	ldr	$t1,[sp,#0]
-+	sub	$Xfer,$Xfer,#64
-+	bne	.L_00_48
-+
-+	ldr		$inp,[sp,#68]
-+	ldr		$t0,[sp,#72]
-+	sub		$Ktbl,$Ktbl,#256	@ rewind $Ktbl
-+	teq		$inp,$t0
-+	subeq		$inp,$inp,#64		@ avoid SEGV
-+	vld1.8		{@X[0]},[$inp]!		@ load next input block
-+	vld1.8		{@X[1]},[$inp]!
-+	vld1.8		{@X[2]},[$inp]!
-+	vld1.8		{@X[3]},[$inp]!
-+	strne		$inp,[sp,#68]
-+	mov		$Xfer,sp
-+___
-+	&Xpreload(\&body_00_15);
-+	&Xpreload(\&body_00_15);
-+	&Xpreload(\&body_00_15);
-+	&Xpreload(\&body_00_15);
-+$code.=<<___;
-+	ldr	$t0,[$t1,#0]
-+	add	$A,$A,$t2			@ h+=Maj(a,b,c) from the past
-+	ldr	$t2,[$t1,#4]
-+	ldr	$t3,[$t1,#8]
-+	ldr	$t4,[$t1,#12]
-+	add	$A,$A,$t0			@ accumulate
-+	ldr	$t0,[$t1,#16]
-+	add	$B,$B,$t2
-+	ldr	$t2,[$t1,#20]
-+	add	$C,$C,$t3
-+	ldr	$t3,[$t1,#24]
-+	add	$D,$D,$t4
-+	ldr	$t4,[$t1,#28]
-+	add	$E,$E,$t0
-+	str	$A,[$t1],#4
-+	add	$F,$F,$t2
-+	str	$B,[$t1],#4
-+	add	$G,$G,$t3
-+	str	$C,[$t1],#4
-+	add	$H,$H,$t4
-+	str	$D,[$t1],#4
-+	stmia	$t1,{$E-$H}
-+
-+	movne	$Xfer,sp
-+	ldrne	$t1,[sp,#0]
-+	eorne	$t2,$t2,$t2
-+	ldreq	sp,[sp,#76]			@ restore original sp
-+	eorne	$t3,$B,$C
-+	bne	.L_00_48
-+
-+	ldmia	sp!,{r4-r12,pc}
-+.size	sha256_block_data_order_neon,.-sha256_block_data_order_neon
-+#endif
-+___
-+}}}
-+######################################################################
-+# ARMv8 stuff
-+#
-+{{{
-+my ($ABCD,$EFGH,$abcd)=map("q$_",(0..2));
-+my @MSG=map("q$_",(8..11));
-+my ($W0,$W1,$ABCD_SAVE,$EFGH_SAVE)=map("q$_",(12..15));
-+my $Ktbl="r3";
-+
-+$code.=<<___;
-+#if __ARM_ARCH__>=7
-+.type	sha256_block_data_order_armv8,%function
-+.align	5
-+sha256_block_data_order_armv8:
-+.LARMv8:
-+	vld1.32	{$ABCD,$EFGH},[$ctx]
-+	sub	$Ktbl,r3,#sha256_block_data_order-K256
-+
-+.Loop_v8:
-+	vld1.8		{@MSG[0]-@MSG[1]},[$inp]!
-+	vld1.8		{@MSG[2]-@MSG[3]},[$inp]!
-+	vld1.32		{$W0},[$Ktbl]!
-+	vrev32.8	@MSG[0],@MSG[0]
-+	vrev32.8	@MSG[1],@MSG[1]
-+	vrev32.8	@MSG[2],@MSG[2]
-+	vrev32.8	@MSG[3],@MSG[3]
-+	vmov		$ABCD_SAVE,$ABCD	@ offload
-+	vmov		$EFGH_SAVE,$EFGH
-+	teq		$inp,$len
-+___
-+for($i=0;$i<12;$i++) {
-+$code.=<<___;
-+	vld1.32		{$W1},[$Ktbl]!
-+	vadd.i32	$W0,$W0,@MSG[0]
-+	sha256su0	@MSG[0],@MSG[1]
-+	vmov		$abcd,$ABCD
-+	sha256h		$ABCD,$EFGH,$W0
-+	sha256h2	$EFGH,$abcd,$W0
-+	sha256su1	@MSG[0],@MSG[2],@MSG[3]
-+___
-+	($W0,$W1)=($W1,$W0);	push(@MSG,shift(@MSG));
-+}
-+$code.=<<___;
-+	vld1.32		{$W1},[$Ktbl]!
-+	vadd.i32	$W0,$W0,@MSG[0]
-+	vmov		$abcd,$ABCD
-+	sha256h		$ABCD,$EFGH,$W0
-+	sha256h2	$EFGH,$abcd,$W0
-+
-+	vld1.32		{$W0},[$Ktbl]!
-+	vadd.i32	$W1,$W1,@MSG[1]
-+	vmov		$abcd,$ABCD
-+	sha256h		$ABCD,$EFGH,$W1
-+	sha256h2	$EFGH,$abcd,$W1
-+
-+	vld1.32		{$W1},[$Ktbl]
-+	vadd.i32	$W0,$W0,@MSG[2]
-+	sub		$Ktbl,$Ktbl,#256-16	@ rewind
-+	vmov		$abcd,$ABCD
-+	sha256h		$ABCD,$EFGH,$W0
-+	sha256h2	$EFGH,$abcd,$W0
-+
-+	vadd.i32	$W1,$W1,@MSG[3]
-+	vmov		$abcd,$ABCD
-+	sha256h		$ABCD,$EFGH,$W1
-+	sha256h2	$EFGH,$abcd,$W1
-+
-+	vadd.i32	$ABCD,$ABCD,$ABCD_SAVE
-+	vadd.i32	$EFGH,$EFGH,$EFGH_SAVE
-+	bne		.Loop_v8
-+
-+	vst1.32		{$ABCD,$EFGH},[$ctx]
-+
-+	ret		@ bx lr
-+.size	sha256_block_data_order_armv8,.-sha256_block_data_order_armv8
-+#endif
-+___
-+}}}
-+$code.=<<___;
-+.asciz  "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
- .align	2
-+.comm   OPENSSL_armcap_P,4,4
- ___
- 
--$code =~ s/\`([^\`]*)\`/eval $1/gem;
--$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
--print $code;
-+{   my  %opcode = (
-+	"sha256h"	=> 0xf3000c40,	"sha256h2"	=> 0xf3100c40,
-+	"sha256su0"	=> 0xf3ba03c0,	"sha256su1"	=> 0xf3200c40	);
-+
-+    sub unsha256 {
-+	my ($mnemonic,$arg)=@_;
-+
-+	if ($arg =~ m/q([0-9]+)(?:,\s*q([0-9]+))?,\s*q([0-9]+)/o) {
-+	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
-+					 |(($2&7)<<17)|(($2&8)<<4)
-+					 |(($3&7)<<1) |(($3&8)<<2);
-+	    # since ARMv7 instructions are always encoded little-endian.
-+	    # correct solution is to use .inst directive, but older
-+	    # assemblers don't implement it:-(
-+	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
-+			$word&0xff,($word>>8)&0xff,
-+			($word>>16)&0xff,($word>>24)&0xff,
-+			$mnemonic,$arg;
-+	}
-+    }
-+}
-+
-+foreach (split($/,$code)) {
-+
-+	s/\`([^\`]*)\`/eval $1/geo;
-+
-+	s/\b(sha256\w+)\s+(q.*)/unsha256($1,$2)/geo;
-+
-+	s/\bret\b/bx	lr/go		or
-+	s/\bbx\s+lr\b/.word\t0xe12fff1e/go;	# make it possible to compile with -march=armv4
-+
-+	print $_,"\n";
-+}
-+
- close STDOUT; # enforce flush
-diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl
-index 7faf37b..71aa935 100644
---- a/crypto/sha/asm/sha512-armv4.pl
-+++ b/crypto/sha/asm/sha512-armv4.pl
-@@ -565,7 +565,7 @@ $code.=<<___;
- 	bne		.Loop_neon
- 
- 	vldmia	sp!,{d8-d15}		@ epilogue
--	bx	lr
-+	ret				@ bx lr
- #endif
- ___
- }
-@@ -578,5 +578,6 @@ ___
- 
- $code =~ s/\`([^\`]*)\`/eval $1/gem;
- $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
-+$code =~ s/\bret\b/bx	lr/gm;
- print $code;
- close STDOUT; # enforce flush
-diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl
-new file mode 100644
-index 0000000..6935ed6
---- /dev/null
-+++ b/crypto/sha/asm/sha512-armv8.pl
-@@ -0,0 +1,414 @@
-+#!/usr/bin/env perl
-+#
-+# ====================================================================
-+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-+# project. The module is, however, dual licensed under OpenSSL and
-+# CRYPTOGAMS licenses depending on where you obtain it. For further
-+# details see http://www.openssl.org/~appro/cryptogams/.
-+# ====================================================================
-+#
-+# SHA256/512 for ARMv8.
-+#
-+# Performance in cycles per processed byte and improvement coefficient
-+# over code generated with "default" compiler:
-+#
-+#		SHA256-hw	SHA256(*)	SHA512
-+# Apple A7	1.97		10.5 (+33%)	6.73 (-1%(**))
-+# Cortex-A5x	n/a		n/a		n/a
-+# 
-+# (*)	Software SHA256 results are of lesser relevance, presented
-+#	mostly for informational purposes.
-+# (**)	The result is a trade-off: it's possible to improve it by
-+#	10%, but at the cost of 20% loss on Cortex-A5x.
-+
-+$flavour=shift;
-+$output=shift;
-+open STDOUT,">$output";
-+
-+if ($output =~ /512/) {
-+	$BITS=512;
-+	$SZ=8;
-+	@Sigma0=(28,34,39);
-+	@Sigma1=(14,18,41);
-+	@sigma0=(1,  8, 7);
-+	@sigma1=(19,61, 6);
-+	$rounds=80;
-+	$reg_t="x";
-+} else {
-+	$BITS=256;
-+	$SZ=4;
-+	@Sigma0=( 2,13,22);
-+	@Sigma1=( 6,11,25);
-+	@sigma0=( 7,18, 3);
-+	@sigma1=(17,19,10);
-+	$rounds=64;
-+	$reg_t="w";
-+}
-+
-+$func="sha${BITS}_block_data_order";
-+
-+($ctx,$inp,$num,$Ktbl)=map("x$_",(0..2,30));
-+
-+@X=map("$reg_t$_",(3..15,0..2));
-+@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("$reg_t$_",(20..27));
-+($t0,$t1,$t2,$t3)=map("$reg_t$_",(16,17,19,28));
-+
-+sub BODY_00_xx {
-+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
-+my $j=($i+1)&15;
-+my ($T0,$T1,$T2)=(@X[($i-8)&15],@X[($i-9)&15],@X[($i-10)&15]);
-+   $T0=@X[$i+3] if ($i<11);
-+
-+$code.=<<___	if ($i<16);
-+#ifndef	__ARMEB__
-+	rev	@X[$i],@X[$i]			// $i
-+#endif
-+___
-+$code.=<<___	if ($i<13 && ($i&1));
-+	ldp	@X[$i+1],@X[$i+2],[$inp],#2*$SZ
-+___
-+$code.=<<___	if ($i==13);
-+	ldp	@X[14],@X[15],[$inp]
-+___
-+$code.=<<___	if ($i>=14);
-+	ldr	@X[($i-11)&15],[sp,#`$SZ*(($i-11)%4)`]
-+___
-+$code.=<<___	if ($i>0 && $i<16);
-+	add	$a,$a,$t1			// h+=Sigma0(a)
-+___
-+$code.=<<___	if ($i>=11);
-+	str	@X[($i-8)&15],[sp,#`$SZ*(($i-8)%4)`]
-+___
-+# While ARMv8 specifies merged rotate-n-logical operation such as
-+# 'eor x,y,z,ror#n', it was found to negatively affect performance
-+# on Apple A7. The reason seems to be that it requires even 'y' to
-+# be available earlier. This means that such merged instruction is
-+# not necessarily best choice on critical path... On the other hand
-+# Cortex-A5x handles merged instructions much better than disjoint
-+# rotate and logical... See (**) footnote above.
-+$code.=<<___	if ($i<15);
-+	ror	$t0,$e,#$Sigma1[0]
-+	add	$h,$h,$t2			// h+=K[i]
-+	eor	$T0,$e,$e,ror#`$Sigma1[2]-$Sigma1[1]`
-+	and	$t1,$f,$e
-+	bic	$t2,$g,$e
-+	add	$h,$h,@X[$i&15]			// h+=X[i]
-+	orr	$t1,$t1,$t2			// Ch(e,f,g)
-+	eor	$t2,$a,$b			// a^b, b^c in next round
-+	eor	$t0,$t0,$T0,ror#$Sigma1[1]	// Sigma1(e)
-+	ror	$T0,$a,#$Sigma0[0]
-+	add	$h,$h,$t1			// h+=Ch(e,f,g)
-+	eor	$t1,$a,$a,ror#`$Sigma0[2]-$Sigma0[1]`
-+	add	$h,$h,$t0			// h+=Sigma1(e)
-+	and	$t3,$t3,$t2			// (b^c)&=(a^b)
-+	add	$d,$d,$h			// d+=h
-+	eor	$t3,$t3,$b			// Maj(a,b,c)
-+	eor	$t1,$T0,$t1,ror#$Sigma0[1]	// Sigma0(a)
-+	add	$h,$h,$t3			// h+=Maj(a,b,c)
-+	ldr	$t3,[$Ktbl],#$SZ		// *K++, $t2 in next round
-+	//add	$h,$h,$t1			// h+=Sigma0(a)
-+___
-+$code.=<<___	if ($i>=15);
-+	ror	$t0,$e,#$Sigma1[0]
-+	add	$h,$h,$t2			// h+=K[i]
-+	ror	$T1,@X[($j+1)&15],#$sigma0[0]
-+	and	$t1,$f,$e
-+	ror	$T2,@X[($j+14)&15],#$sigma1[0]
-+	bic	$t2,$g,$e
-+	ror	$T0,$a,#$Sigma0[0]
-+	add	$h,$h,@X[$i&15]			// h+=X[i]
-+	eor	$t0,$t0,$e,ror#$Sigma1[1]
-+	eor	$T1,$T1,@X[($j+1)&15],ror#$sigma0[1]
-+	orr	$t1,$t1,$t2			// Ch(e,f,g)
-+	eor	$t2,$a,$b			// a^b, b^c in next round
-+	eor	$t0,$t0,$e,ror#$Sigma1[2]	// Sigma1(e)
-+	eor	$T0,$T0,$a,ror#$Sigma0[1]
-+	add	$h,$h,$t1			// h+=Ch(e,f,g)
-+	and	$t3,$t3,$t2			// (b^c)&=(a^b)
-+	eor	$T2,$T2,@X[($j+14)&15],ror#$sigma1[1]
-+	eor	$T1,$T1,@X[($j+1)&15],lsr#$sigma0[2]	// sigma0(X[i+1])
-+	add	$h,$h,$t0			// h+=Sigma1(e)
-+	eor	$t3,$t3,$b			// Maj(a,b,c)
-+	eor	$t1,$T0,$a,ror#$Sigma0[2]	// Sigma0(a)
-+	eor	$T2,$T2,@X[($j+14)&15],lsr#$sigma1[2]	// sigma1(X[i+14])
-+	add	@X[$j],@X[$j],@X[($j+9)&15]
-+	add	$d,$d,$h			// d+=h
-+	add	$h,$h,$t3			// h+=Maj(a,b,c)
-+	ldr	$t3,[$Ktbl],#$SZ		// *K++, $t2 in next round
-+	add	@X[$j],@X[$j],$T1
-+	add	$h,$h,$t1			// h+=Sigma0(a)
-+	add	@X[$j],@X[$j],$T2
-+___
-+	($t2,$t3)=($t3,$t2);
-+}
-+
-+$code.=<<___;
-+#include "arm_arch.h"
-+
-+.text
-+
-+.globl	$func
-+.type	$func,%function
-+.align	6
-+$func:
-+___
-+$code.=<<___	if ($SZ==4);
-+	ldr	x16,.LOPENSSL_armcap_P
-+	adr	x17,.LOPENSSL_armcap_P
-+	add	x16,x16,x17
-+	ldr	w16,[x16]
-+	tst	w16,#ARMV8_SHA256
-+	b.ne	.Lv8_entry
-+___
-+$code.=<<___;
-+	stp	x29,x30,[sp,#-128]!
-+	add	x29,sp,#0
-+
-+	stp	x19,x20,[sp,#16]
-+	stp	x21,x22,[sp,#32]
-+	stp	x23,x24,[sp,#48]
-+	stp	x25,x26,[sp,#64]
-+	stp	x27,x28,[sp,#80]
-+	sub	sp,sp,#4*$SZ
-+
-+	ldp	$A,$B,[$ctx]				// load context
-+	ldp	$C,$D,[$ctx,#2*$SZ]
-+	ldp	$E,$F,[$ctx,#4*$SZ]
-+	add	$num,$inp,$num,lsl#`log(16*$SZ)/log(2)`	// end of input
-+	ldp	$G,$H,[$ctx,#6*$SZ]
-+	adr	$Ktbl,K$BITS
-+	stp	$ctx,$num,[x29,#96]
-+
-+.Loop:
-+	ldp	@X[0],@X[1],[$inp],#2*$SZ
-+	ldr	$t2,[$Ktbl],#$SZ			// *K++
-+	eor	$t3,$B,$C				// magic seed
-+	str	$inp,[x29,#112]
-+___
-+for ($i=0;$i<16;$i++)	{ &BODY_00_xx($i,@V); unshift(@V,pop(@V)); }
-+$code.=".Loop_16_xx:\n";
-+for (;$i<32;$i++)	{ &BODY_00_xx($i,@V); unshift(@V,pop(@V)); }
-+$code.=<<___;
-+	cbnz	$t2,.Loop_16_xx
-+
-+	ldp	$ctx,$num,[x29,#96]
-+	ldr	$inp,[x29,#112]
-+	sub	$Ktbl,$Ktbl,#`$SZ*($rounds+1)`		// rewind
-+
-+	ldp	@X[0],@X[1],[$ctx]
-+	ldp	@X[2],@X[3],[$ctx,#2*$SZ]
-+	add	$inp,$inp,#14*$SZ			// advance input pointer
-+	ldp	@X[4],@X[5],[$ctx,#4*$SZ]
-+	add	$A,$A,@X[0]
-+	ldp	@X[6],@X[7],[$ctx,#6*$SZ]
-+	add	$B,$B,@X[1]
-+	add	$C,$C,@X[2]
-+	add	$D,$D,@X[3]
-+	stp	$A,$B,[$ctx]
-+	add	$E,$E,@X[4]
-+	add	$F,$F,@X[5]
-+	stp	$C,$D,[$ctx,#2*$SZ]
-+	add	$G,$G,@X[6]
-+	add	$H,$H,@X[7]
-+	cmp	$inp,$num
-+	stp	$E,$F,[$ctx,#4*$SZ]
-+	stp	$G,$H,[$ctx,#6*$SZ]
-+	b.ne	.Loop
-+
-+	ldp	x19,x20,[x29,#16]
-+	add	sp,sp,#4*$SZ
-+	ldp	x21,x22,[x29,#32]
-+	ldp	x23,x24,[x29,#48]
-+	ldp	x25,x26,[x29,#64]
-+	ldp	x27,x28,[x29,#80]
-+	ldp	x29,x30,[sp],#128
-+	ret
-+.size	$func,.-$func
-+
-+.align	6
-+.type	K$BITS,%object
-+K$BITS:
-+___
-+$code.=<<___ if ($SZ==8);
-+	.quad	0x428a2f98d728ae22,0x7137449123ef65cd
-+	.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
-+	.quad	0x3956c25bf348b538,0x59f111f1b605d019
-+	.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
-+	.quad	0xd807aa98a3030242,0x12835b0145706fbe
-+	.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
-+	.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
-+	.quad	0x9bdc06a725c71235,0xc19bf174cf692694
-+	.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-+	.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
-+	.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
-+	.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
-+	.quad	0x983e5152ee66dfab,0xa831c66d2db43210
-+	.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
-+	.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
-+	.quad	0x06ca6351e003826f,0x142929670a0e6e70
-+	.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
-+	.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
-+	.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
-+	.quad	0x81c2c92e47edaee6,0x92722c851482353b
-+	.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
-+	.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
-+	.quad	0xd192e819d6ef5218,0xd69906245565a910
-+	.quad	0xf40e35855771202a,0x106aa07032bbd1b8
-+	.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
-+	.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
-+	.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
-+	.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
-+	.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
-+	.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
-+	.quad	0x90befffa23631e28,0xa4506cebde82bde9
-+	.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
-+	.quad	0xca273eceea26619c,0xd186b8c721c0c207
-+	.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-+	.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
-+	.quad	0x113f9804bef90dae,0x1b710b35131c471b
-+	.quad	0x28db77f523047d84,0x32caab7b40c72493
-+	.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
-+	.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
-+	.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
-+	.quad	0	// terminator
-+___
-+$code.=<<___ if ($SZ==4);
-+	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
-+	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
-+	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
-+	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-+	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
-+	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
-+	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-+	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
-+	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
-+	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
-+	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
-+	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
-+	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
-+	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
-+	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
-+	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-+	.long	0	//terminator
-+___
-+$code.=<<___;
-+.size	K$BITS,.-K$BITS
-+.align	3
-+.LOPENSSL_armcap_P:
-+	.quad	OPENSSL_armcap_P-.
-+.asciz	"SHA$BITS block transform for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
-+.align	2
-+___
-+
-+if ($SZ==4) {
-+my $Ktbl="x3";
-+
-+my ($ABCD,$EFGH,$abcd)=map("v$_.16b",(0..2));
-+my @MSG=map("v$_.16b",(4..7));
-+my ($W0,$W1)=("v16.4s","v17.4s");
-+my ($ABCD_SAVE,$EFGH_SAVE)=("v18.16b","v19.16b");
-+
-+$code.=<<___;
-+.type	sha256_block_armv8,%function
-+.align	6
-+sha256_block_armv8:
-+.Lv8_entry:
-+	stp		x29,x30,[sp,#-16]!
-+	add		x29,sp,#0
-+
-+	ld1.32		{$ABCD,$EFGH},[$ctx]
-+	adr		$Ktbl,K256
-+
-+.Loop_hw:
-+	ld1		{@MSG[0]-@MSG[3]},[$inp],#64
-+	sub		$num,$num,#1
-+	ld1.32		{$W0},[$Ktbl],#16
-+	rev32		@MSG[0],@MSG[0]
-+	rev32		@MSG[1],@MSG[1]
-+	rev32		@MSG[2],@MSG[2]
-+	rev32		@MSG[3],@MSG[3]
-+	orr		$ABCD_SAVE,$ABCD,$ABCD		// offload
-+	orr		$EFGH_SAVE,$EFGH,$EFGH
-+___
-+for($i=0;$i<12;$i++) {
-+$code.=<<___;
-+	ld1.32		{$W1},[$Ktbl],#16
-+	add.i32		$W0,$W0,@MSG[0]
-+	sha256su0	@MSG[0],@MSG[1]
-+	orr		$abcd,$ABCD,$ABCD
-+	sha256h		$ABCD,$EFGH,$W0
-+	sha256h2	$EFGH,$abcd,$W0
-+	sha256su1	@MSG[0],@MSG[2],@MSG[3]
-+___
-+	($W0,$W1)=($W1,$W0);	push(@MSG,shift(@MSG));
-+}
-+$code.=<<___;
-+	ld1.32		{$W1},[$Ktbl],#16
-+	add.i32		$W0,$W0,@MSG[0]
-+	orr		$abcd,$ABCD,$ABCD
-+	sha256h		$ABCD,$EFGH,$W0
-+	sha256h2	$EFGH,$abcd,$W0
-+
-+	ld1.32		{$W0},[$Ktbl],#16
-+	add.i32		$W1,$W1,@MSG[1]
-+	orr		$abcd,$ABCD,$ABCD
-+	sha256h		$ABCD,$EFGH,$W1
-+	sha256h2	$EFGH,$abcd,$W1
-+
-+	ld1.32		{$W1},[$Ktbl]
-+	add.i32		$W0,$W0,@MSG[2]
-+	sub		$Ktbl,$Ktbl,#$rounds*$SZ-16	// rewind
-+	orr		$abcd,$ABCD,$ABCD
-+	sha256h		$ABCD,$EFGH,$W0
-+	sha256h2	$EFGH,$abcd,$W0
-+
-+	add.i32		$W1,$W1,@MSG[3]
-+	orr		$abcd,$ABCD,$ABCD
-+	sha256h		$ABCD,$EFGH,$W1
-+	sha256h2	$EFGH,$abcd,$W1
-+
-+	add.i32		$ABCD,$ABCD,$ABCD_SAVE
-+	add.i32		$EFGH,$EFGH,$EFGH_SAVE
-+
-+	cbnz		$num,.Loop_hw
-+
-+	st1.32		{$ABCD,$EFGH},[$ctx]
-+
-+	ldr		x29,[sp],#16
-+	ret
-+.size	sha256_block_armv8,.-sha256_block_armv8
-+___
-+}
-+
-+$code.=<<___;
-+.comm	OPENSSL_armcap_P,4,4
-+___
-+
-+{   my  %opcode = (
-+	"sha256h"	=> 0x5e004000,	"sha256h2"	=> 0x5e005000,
-+	"sha256su0"	=> 0x5e282800,	"sha256su1"	=> 0x5e006000	);
-+
-+    sub unsha256 {
-+	my ($mnemonic,$arg)=@_;
-+
-+	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o
-+	&&
-+	sprintf ".inst\t0x%08x\t//%s %s",
-+			$opcode{$mnemonic}|$1|($2<<5)|($3<<16),
-+			$mnemonic,$arg;
-+    }
-+}
-+
-+foreach(split("\n",$code)) {
-+
-+	s/\`([^\`]*)\`/eval($1)/geo;
-+
-+	s/\b(sha256\w+)\s+([qv].*)/unsha256($1,$2)/geo;
-+
-+	s/\.\w?32\b//o		and s/\.16b/\.4s/go;
-+	m/(ld|st)1[^\[]+\[0\]/o	and s/\.4s/\.s/go;
-+
-+	print $_,"\n";
-+}
-+
-+close STDOUT;
diff --git a/patches/0016-ecdhe_psk_part2.patch b/patches/0016-ecdhe_psk_part2.patch
deleted file mode 100644
index e87e00a79c..0000000000
--- a/patches/0016-ecdhe_psk_part2.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From cf389e16d8dc49e97c0b13ea3a1c373c6f6f94bd Mon Sep 17 00:00:00 2001
-From: Adam Langley <agl@chromium.org>
-Date: Wed, 4 Jun 2014 10:59:32 -0700
-Subject: ECDHE-PSK_AES-CBC-SHA_cipher_suites
-
-Add ECDHE-PSK AES-CBC-SHA cipher suites from RFC 5489.
-Remove ECDHE-PSK AES-CBC-SHA2 cipher suites from RFC 5489 because
-they cannot be used with SSLv3 and there's no way to express that in
-OpenSSL's configuration.
----
- ssl/s3_lib.c | 25 ++++++++++++-------------
- ssl/tls1.h   | 14 ++++++++------
- 2 files changed, 20 insertions(+), 19 deletions(-)
-
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index f84da7f..e016fc8 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -2828,35 +2828,34 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
- 
- #ifndef OPENSSL_NO_PSK
-     /* ECDH PSK ciphersuites from RFC 5489 */
--
--	/* Cipher C037 */
-+	/* Cipher C035 */
- 	{
- 	1,
--	TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
--	TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
-+	TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
-+	TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
- 	SSL_kEECDH,
- 	SSL_aPSK,
- 	SSL_AES128,
--	SSL_SHA256,
-+	SSL_SHA1,
- 	SSL_TLSV1,
--	SSL_NOT_EXP|SSL_HIGH,
--	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA256,
-+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-+	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 	128,
- 	128,
- 	},
- 
--	/* Cipher C038 */
-+	/* Cipher C036 */
- 	{
- 	1,
--	TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
--	TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
-+	TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
-+	TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
- 	SSL_kEECDH,
- 	SSL_aPSK,
- 	SSL_AES256,
--	SSL_SHA384,
-+	SSL_SHA1,
- 	SSL_TLSV1,
--	SSL_NOT_EXP|SSL_HIGH,
--	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA384,
-+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-+	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
- 	256,
- 	256,
- 	},
-diff --git a/ssl/tls1.h b/ssl/tls1.h
-index ec8948d..51d073d 100644
---- a/ssl/tls1.h
-+++ b/ssl/tls1.h
-@@ -531,9 +531,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
- #define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
- #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
- 
--/* ECDHE PSK ciphersuites from RFC 5489 */
--#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0x0300C037
--#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0x0300C038
-+/* ECDHE PSK ciphersuites from RFC5489
-+ * SHA-2 cipher suites are omitted because they cannot be used safely with
-+ * SSLv3. */
-+#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA          0x0300C035
-+#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA          0x0300C036
- 
- /* XXX
-  * Inconsistency alert:
-@@ -686,9 +688,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
- #define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
- #define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
- 
--/* ECDHE PSK ciphersuites from RFC 5489 */
--#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256  "ECDHE-PSK-WITH-AES-128-CBC-SHA256"
--#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384  "ECDHE-PSK-WITH-AES-256-CBC-SHA384"
-+/* ECDHE PSK ciphersuites from RFC5489 */
-+#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA         "ECDHE-PSK-AES128-CBC-SHA"
-+#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA         "ECDHE-PSK-AES256-CBC-SHA"
- 
- #define TLS_CT_RSA_SIGN			1
- #define TLS_CT_DSS_SIGN			2
--- 
-2.0.0.526.g5318336
diff --git a/patches/0017-x86_textrel.patch b/patches/0017-x86_textrel.patch
deleted file mode 100644
index 32931a8cc6..0000000000
--- a/patches/0017-x86_textrel.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 6206682a35760eb6ddb25172df2ae9f03d12e594 Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro@openssl.org>
-Date: Wed, 29 Aug 2012 14:19:59 +0000
-Subject: [PATCH] x86cpuid.pl: hide symbols [backport from x86_64].
-
----
- crypto/perlasm/x86asm.pl | 2 ++
- crypto/perlasm/x86gas.pl | 2 ++
- crypto/x86cpuid.pl       | 3 +++
- 3 files changed, 7 insertions(+)
-
-diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl
-index eb543db..3f190ae 100644
---- a/crypto/perlasm/x86asm.pl
-+++ b/crypto/perlasm/x86asm.pl
-@@ -257,4 +257,6 @@ sub ::asm_init
-     &file($filename);
- }
- 
-+sub ::hidden {}
-+
- 1;
-diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl
-index 5972d06..e02ee84 100644
---- a/crypto/perlasm/x86gas.pl
-+++ b/crypto/perlasm/x86gas.pl
-@@ -251,4 +251,6 @@ sub ::initseg
- sub ::dataseg
- {   push(@out,".data\n");   }
- 
-+*::hidden = sub { push(@out,".hidden\t$nmdecor$_[0]\n"); } if ($::elf);
-+
- 1;
-diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
-index 808049a..597b7a5 100644
---- a/crypto/x86cpuid.pl
-+++ b/crypto/x86cpuid.pl
-@@ -455,4 +455,7 @@
- 
- &initseg("OPENSSL_cpuid_setup");
- 
-+&hidden("OPENSSL_cpuid_setup");
-+&hidden("OPENSSL_ia32cap_P");
-+
- &asm_finish();
--- 
-1.9.3
-
diff --git a/patches/0018-bionic-armcap.patch b/patches/0018-bionic-armcap.patch
deleted file mode 100644
index cc371d247c..0000000000
--- a/patches/0018-bionic-armcap.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From ad36797d76d658cee72057a50473eb98152a3fbe Mon Sep 17 00:00:00 2001
-From: Kenny Root <kroot@google.com>
-Date: Fri, 30 Jan 2015 09:16:43 -0800
-Subject: [PATCH] Work-around for bionic sigsetjmp bug
-
-In versions of bionic libc up to and including Android L, the sigsetjmp
-didn't properly restore the signal mask when returning from a nonlocal
-goto. Add a small wrapper to make sure we call sigprocmask each time we
-call sigsetjmp which ensures the SIGILL is masked.
-
-The symptoms of this problem include receiving a SIGILL with a stack
-trace or simply receiving the text "Illegal instruction" when running an
-application from the command line.
-
-Bug: 15732256
-Change-Id: Ic792583da5ccf601afc10828b1a666d24b903a19
----
- crypto/armcap.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/crypto/armcap.c b/crypto/armcap.c
-index 7e46d07..59b7494 100644
---- a/crypto/armcap.c
-+++ b/crypto/armcap.c
-@@ -68,6 +68,14 @@ static unsigned long (*getauxval)(unsigned long) = NULL;
- # define HWCAP_CE_SHA256	(1 << 6)
- #endif
- 
-+#ifdef ANDROID
-+// Works around a bug where Android versions up to and including L don't
-+// properly restore the signal mask when asked.
-+#define sigsetjmp(env,savesigs) \
-+	(sigprocmask(SIG_SETMASK,&ill_act.sa_mask,NULL), \
-+	 sigsetjmp(env,savesigs))
-+#endif
-+
- void OPENSSL_cpuid_setup(void)
- 	{
- 	char *e;
--- 
-2.2.0.rc0.207.ga3a616c
-
diff --git a/patches/0019-up_ref.patch b/patches/0019-up_ref.patch
deleted file mode 100644
index efc4c40667..0000000000
--- a/patches/0019-up_ref.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From: Adam Langley <agl@google.com>
-Date: Tue, 5 May 2015 10:35:22 -0700
-Subject: [PATCH] Add |BIO_up_ref| and |EVP_PKEY_up_ref|.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This avoids callers having to worry about |CRYPTO_add| and what the
-correct lock to use it with is.
-
-The function |EVP_PKEY_dup| already does exactly what the new
-|EVP_PKEY_up_ref| does. But that means that it's a “dup” that doesn't
-duplicate! BoringSSL has deprecated this and added |EVP_PKEY_up_ref| to
-be clearer and this change allows internal OpenSSL users to do the same.
----
- crypto/bio/bio.h     | 1 +
- crypto/bio/bio_lib.c | 6 ++++++
- crypto/evp/evp.h     | 1 +
- crypto/evp/p_lib.c   | 8 ++++++--
- 4 files changed, 14 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h
-index c947abb..d1b4aa0 100644
---- a/crypto/bio/bio.h
-+++ b/crypto/bio/bio.h
-@@ -642,6 +645,7 @@
- int	BIO_set(BIO *a,BIO_METHOD *type);
- int	BIO_free(BIO *a);
- void	BIO_vfree(BIO *a);
-+BIO *	BIO_up_ref(BIO *bio);
- int	BIO_read(BIO *b, void *data, int len);
- int	BIO_gets(BIO *bp,char *buf, int size);
- int	BIO_write(BIO *b, const void *data, int len);
-diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
-index 5267010..a021f38 100644
---- a/crypto/bio/bio_lib.c
-+++ b/crypto/bio/bio_lib.c
-@@ -140,6 +140,12 @@ void BIO_vfree(BIO *a)
-     BIO_free(a);
- }
- 
-+BIO *BIO_up_ref(BIO *bio)
-+{
-+    CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
-+    return bio;
-+}
-+
- void BIO_clear_flags(BIO *b, int flags)
- {
-     b->flags &= ~flags;
-diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
-index 48f865a..5f253da 100644
---- a/crypto/evp/evp.h
-+++ b/crypto/evp/evp.h
-@@ -921,8 +921,9 @@
- #endif
- 
- EVP_PKEY *	EVP_PKEY_new(void);
- EVP_PKEY *	EVP_PKEY_dup(EVP_PKEY *pkey);
- void		EVP_PKEY_free(EVP_PKEY *pkey);
-+EVP_PKEY *	EVP_PKEY_up_ref(EVP_PKEY *pkey);
- 
- EVP_PKEY *	d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,
- 			long length);
-diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
-index 8ab8f62..628697b 100644
---- a/crypto/evp/p_lib.c
-+++ b/crypto/evp/p_lib.c
-@@ -200,12 +200,11 @@
- 	return(ret);
- 	}
- 
- EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey)
- 	{
--	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
--	return pkey;
-+	return EVP_PKEY_up_ref(pkey);
- 	}
- 
- /* Setup a public key ASN1 method and ENGINE from a NID or a string.
-  * If pkey is NULL just return 1 or 0 if the algorithm exists.
-  */
-@@ -408,6 +413,12 @@
- 	OPENSSL_free(x);
- 	}
- 
-+EVP_PKEY *EVP_PKEY_up_ref(EVP_PKEY *pkey)
-+	{
-+	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-+	return pkey;
-+	}
-+
- static void EVP_PKEY_free_it(EVP_PKEY *x)
- 	{
- 	if (x->ameth && x->ameth->pkey_free)
--- 
diff --git a/patches/README b/patches/README
deleted file mode 100644
index 53444701cd..0000000000
--- a/patches/README
+++ /dev/null
@@ -1,82 +0,0 @@
-progs.patch:
-
-Fixup sources under the apps/ directory that are not built under the android environment.
-
-
-handshake_cutthrough.patch
-
-Enables SSL3+ clients to send application data immediately following the
-Finished message even when negotiating full-handshakes.  With this patch,
-clients can negotiate SSL connections in 1-RTT even when performing
-full-handshakes.
-
-jsse.patch
-
-Support for JSSE implementation based on OpenSSL.
-
-channelid.patch
-
-Implements TLS Channel ID support as both a client and a server.
-See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00.
-
-eng_dyn_dirs.patch
-
-Fixes the case of having multiple DIR_ADD commands sent to eng_dyn
-
-fix_clang_build.patch
-
-Fixes the Clang based build.
-
-tls12_digests.patch
-
-Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA
-keys.
-
-alpn.patch
-
-This change adds support for ALPN in OpenSSL. ALPN is the IETF
-blessed version of NPN and we'll be supporting both ALPN and NPN for
-some time yet.
-
-cbc_record_splitting.patch
-
-BEAST attack client-side mitigation. Removes 0/n record splitting, adds 1/n-1
-record splitting. Record splitting is disabled by default.
-
-dsa_nonce.patch
-
-Adds an option to mix in hash of message and private key into (EC)DSA nonces to
-make (EC)DSA more resilient to weaknesses in RNGs used for nonces. The feature
-is disabled by default.
-
-ecdhe_psk.patch
-
-Adds support for ECDHE Pre-Shared Key (PSK) TLS cipher suites.
-
-ecdhe_psk_part2.patch
-
-Removes ECHDE-PSK cipher suites with SHA-2 because they cannot be used with
-SSLv3 (and there's no way to express that in OpenSSL's configuration). Adds
-SHA-1 based ECDHE-PSK AES-CBC cipher suites instead.
-
-arm_asm.patch
-
-Adds newer ARM assembly pack with BSAES for ARMv7 and acceleration for ARMv8
-Based on branch available at:
-https://git.linaro.org/people/ard.biesheuvel/openssl.git/shortlog/refs/heads/openssl-1.0.1f-with-arm-patches
-c7b582ef23eb6f4386664e841e6e406d984c38d3^..cb8b1ab03e5c179a719afe83f03fecb1c2c78730
-
-tls_psk_hint.patch
-
-Fixes issues with TLS-PSK identity hint implementation where
-per-connection/session and per-context hints were being mixed up.
-
-psk_client_callback_128_byte_id_bug.patch
-
-Fixes the issue where it was impossible to return a 128 byte long PSK identity
-(the maximum supported length) from psk_client_callback.
-
-tls_fallback_scsv.patch
-
-Adds the signalling cipher suite value (SCSV) from
-https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
diff --git a/patches/testssl.sh b/patches/testssl.sh
deleted file mode 100755
index cd5609285f..0000000000
--- a/patches/testssl.sh
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2010 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Android testssl.sh driver script for openssl's testssl
-#
-# based on openssl's test/testss script and test/Makefile's test_ssl target
-#
-
-set -e
-trap "echo Exiting on unexpected error." ERR
-
-device=/sdcard/android.testssl
-
-digest='-sha1'
-reqcmd="adb shell /system/bin/openssl req"
-x509cmd="adb shell /system/bin/openssl x509 $digest"
-
-CAkey="$device/keyCA.ss"
-CAcert="$device/certCA.ss"
-CAreq="$device/reqCA.ss"
-CAconf="$device/CAss.cnf"
-
-Uconf="$device/Uss.cnf"
-Ureq="$device/reqU.ss"
-Ukey="$device/keyU.ss"
-Ucert="$device/certU.ss"
-
-echo
-echo "setting up"
-adb remount
-adb shell rm -r $device
-adb shell mkdir $device
-
-echo
-echo "pushing test files to device"
-adb push . $device
-
-echo
-echo "make a certificate request using 'req'"
-adb shell "echo \"string to make the random number generator think it has entropy\" >> $device/.rnd"
-req_new='-new'
-$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new
-
-echo
-echo "convert the certificate request into a self signed certificate using 'x509'"
-$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca
-
-echo
-echo "make a user certificate request using 'req'"
-$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new
-
-echo
-echo "sign user certificate request with the just created CA via 'x509'"
-$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee
-
-echo
-echo "running testssl"
-./testssl $Ukey $Ucert $CAcert
-
-echo
-echo "cleaning up"
-adb shell rm -r $device
diff --git a/rules.mk b/rules.mk
deleted file mode 100644
index 1c3ae64faa..0000000000
--- a/rules.mk
+++ /dev/null
@@ -1,42 +0,0 @@
-LOCAL_DIR := $(GET_LOCAL_DIR)
-
-MODULE := $(LOCAL_DIR)
-
-TARGET_ARCH := $(ARCH)
-TARGET_2ND_ARCH := $(ARCH)
-
-# Reset local variables
-LOCAL_CFLAGS :=
-LOCAL_C_INCLUDES :=
-LOCAL_SRC_FILES_$(TARGET_ARCH) :=
-LOCAL_SRC_FILES_$(TARGET_2ND_ARCH) :=
-LOCAL_CFLAGS_$(TARGET_ARCH) :=
-LOCAL_CFLAGS_$(TARGET_2ND_ARCH) :=
-LOCAL_ADDITIONAL_DEPENDENCIES :=
-
-# get openssl_cflags
-MODULE_SRCDEPS += $(LOCAL_DIR)/build-config-trusty.mk
-include $(LOCAL_DIR)/build-config-trusty.mk
-
-# get target_c_flags, target_c_includes, target_src_files
-MODULE_SRCDEPS += $(LOCAL_DIR)/Crypto-config-trusty.mk
-include $(LOCAL_DIR)/Crypto-config-trusty.mk
-
-MODULE_SRCS += $(addprefix $(LOCAL_DIR)/,$(LOCAL_SRC_FILES_$(ARCH)))
-
-MODULE_CFLAGS += $(LOCAL_CFLAGS)
-MODULE_CFLAGS += -Wno-error=implicit-function-declaration
-MODULE_CFLAGS += -Wno-empty-body
-MODULE_CFLAGS += -Wno-missing-field-initializers
-
-# Global for other modules which include openssl headers
-GLOBAL_DEFINES += OPENSSL_SYS_TRUSTY
-
-LOCAL_C_INCLUDES := $(patsubst external/openssl/%,%,$(LOCAL_C_INCLUDES))
-GLOBAL_INCLUDES += $(addprefix $(LOCAL_DIR)/,$(LOCAL_C_INCLUDES))
-
-MODULE_DEPS := \
-	lib/openssl-stubs \
-	lib/libc-trusty
-
-include make/module.mk
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
deleted file mode 100644
index 06a13de492..0000000000
--- a/ssl/bio_ssl.c
+++ /dev/null
@@ -1,613 +0,0 @@
-/* ssl/bio_ssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-static int ssl_write(BIO *h, const char *buf, int num);
-static int ssl_read(BIO *h, char *buf, int size);
-static int ssl_puts(BIO *h, const char *str);
-static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int ssl_new(BIO *h);
-static int ssl_free(BIO *data);
-static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-typedef struct bio_ssl_st
-	{
-	SSL *ssl; /* The ssl handle :-) */
-	/* re-negotiate every time the total number of bytes is this size */
-	int num_renegotiates;
-	unsigned long renegotiate_count;
-	unsigned long byte_count;
-	unsigned long renegotiate_timeout;
-	unsigned long last_time;
-	} BIO_SSL;
-
-static BIO_METHOD methods_sslp=
-	{
-	BIO_TYPE_SSL,"ssl",
-	ssl_write,
-	ssl_read,
-	ssl_puts,
-	NULL, /* ssl_gets, */
-	ssl_ctrl,
-	ssl_new,
-	ssl_free,
-	ssl_callback_ctrl,
-	};
-
-BIO_METHOD *BIO_f_ssl(void)
-	{
-	return(&methods_sslp);
-	}
-
-static int ssl_new(BIO *bi)
-	{
-	BIO_SSL *bs;
-
-	bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
-	if (bs == NULL)
-		{
-		BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	memset(bs,0,sizeof(BIO_SSL));
-	bi->init=0;
-	bi->ptr=(char *)bs;
-	bi->flags=0;
-	return(1);
-	}
-
-static int ssl_free(BIO *a)
-	{
-	BIO_SSL *bs;
-
-	if (a == NULL) return(0);
-	bs=(BIO_SSL *)a->ptr;
-	if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
-	if (a->shutdown)
-		{
-		if (a->init && (bs->ssl != NULL))
-			SSL_free(bs->ssl);
-		a->init=0;
-		a->flags=0;
-		}
-	if (a->ptr != NULL)
-		OPENSSL_free(a->ptr);
-	return(1);
-	}
-	
-static int ssl_read(BIO *b, char *out, int outl)
-	{
-	int ret=1;
-	BIO_SSL *sb;
-	SSL *ssl;
-	int retry_reason=0;
-	int r=0;
-
-	if (out == NULL) return(0);
-	sb=(BIO_SSL *)b->ptr;
-	ssl=sb->ssl;
-
-	BIO_clear_retry_flags(b);
-
-#if 0
-	if (!SSL_is_init_finished(ssl))
-		{
-/*		ret=SSL_do_handshake(ssl); */
-		if (ret > 0)
-			{
-
-			outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
-			ret= -1;
-			goto end;
-			}
-		}
-#endif
-/*	if (ret > 0) */
-	ret=SSL_read(ssl,out,outl);
-
-	switch (SSL_get_error(ssl,ret))
-		{
-	case SSL_ERROR_NONE:
-		if (ret <= 0) break;
-		if (sb->renegotiate_count > 0)
-			{
-			sb->byte_count+=ret;
-			if (sb->byte_count > sb->renegotiate_count)
-				{
-				sb->byte_count=0;
-				sb->num_renegotiates++;
-				SSL_renegotiate(ssl);
-				r=1;
-				}
-			}
-		if ((sb->renegotiate_timeout > 0) && (!r))
-			{
-			unsigned long tm;
-
-			tm=(unsigned long)time(NULL);
-			if (tm > sb->last_time+sb->renegotiate_timeout)
-				{
-				sb->last_time=tm;
-				sb->num_renegotiates++;
-				SSL_renegotiate(ssl);
-				}
-			}
-
-		break;
-	case SSL_ERROR_WANT_READ:
-		BIO_set_retry_read(b);
-		break;
-	case SSL_ERROR_WANT_WRITE:
-		BIO_set_retry_write(b);
-		break;
-	case SSL_ERROR_WANT_X509_LOOKUP:
-		BIO_set_retry_special(b);
-		retry_reason=BIO_RR_SSL_X509_LOOKUP;
-		break;
-	case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
-		BIO_set_retry_special(b);
-		retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP;
-		break;
-	case SSL_ERROR_WANT_ACCEPT:
-		BIO_set_retry_special(b);
-		retry_reason=BIO_RR_ACCEPT;
-		break;
-	case SSL_ERROR_WANT_CONNECT:
-		BIO_set_retry_special(b);
-		retry_reason=BIO_RR_CONNECT;
-		break;
-	case SSL_ERROR_SYSCALL:
-	case SSL_ERROR_SSL:
-	case SSL_ERROR_ZERO_RETURN:
-	default:
-		break;
-		}
-
-	b->retry_reason=retry_reason;
-	return(ret);
-	}
-
-static int ssl_write(BIO *b, const char *out, int outl)
-	{
-	int ret,r=0;
-	int retry_reason=0;
-	SSL *ssl;
-	BIO_SSL *bs;
-
-	if (out == NULL) return(0);
-	bs=(BIO_SSL *)b->ptr;
-	ssl=bs->ssl;
-
-	BIO_clear_retry_flags(b);
-
-/*	ret=SSL_do_handshake(ssl);
-	if (ret > 0) */
-	ret=SSL_write(ssl,out,outl);
-
-	switch (SSL_get_error(ssl,ret))
-		{
-	case SSL_ERROR_NONE:
-		if (ret <= 0) break;
-		if (bs->renegotiate_count > 0)
-			{
-			bs->byte_count+=ret;
-			if (bs->byte_count > bs->renegotiate_count)
-				{
-				bs->byte_count=0;
-				bs->num_renegotiates++;
-				SSL_renegotiate(ssl);
-				r=1;
-				}
-			}
-		if ((bs->renegotiate_timeout > 0) && (!r))
-			{
-			unsigned long tm;
-
-			tm=(unsigned long)time(NULL);
-			if (tm > bs->last_time+bs->renegotiate_timeout)
-				{
-				bs->last_time=tm;
-				bs->num_renegotiates++;
-				SSL_renegotiate(ssl);
-				}
-			}
-		break;
-	case SSL_ERROR_WANT_WRITE:
-		BIO_set_retry_write(b);
-		break;
-	case SSL_ERROR_WANT_READ:
-		BIO_set_retry_read(b);
-		break;
-	case SSL_ERROR_WANT_X509_LOOKUP:
-		BIO_set_retry_special(b);
-		retry_reason=BIO_RR_SSL_X509_LOOKUP;
-		break;
-	case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
-		BIO_set_retry_special(b);
-		retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP;
-		break;
-	case SSL_ERROR_WANT_CONNECT:
-		BIO_set_retry_special(b);
-		retry_reason=BIO_RR_CONNECT;
-	case SSL_ERROR_SYSCALL:
-	case SSL_ERROR_SSL:
-	default:
-		break;
-		}
-
-	b->retry_reason=retry_reason;
-	return(ret);
-	}
-
-static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	SSL **sslp,*ssl;
-	BIO_SSL *bs;
-	BIO *dbio,*bio;
-	long ret=1;
-
-	bs=(BIO_SSL *)b->ptr;
-	ssl=bs->ssl;
-	if ((ssl == NULL)  && (cmd != BIO_C_SET_SSL))
-		return(0);
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		SSL_shutdown(ssl);
-
-		if (ssl->handshake_func == ssl->method->ssl_connect)
-			SSL_set_connect_state(ssl);
-		else if (ssl->handshake_func == ssl->method->ssl_accept)
-			SSL_set_accept_state(ssl);
-
-		SSL_clear(ssl);
-
-		if (b->next_bio != NULL)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		else if (ssl->rbio != NULL)
-			ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
-		else
-			ret=1;
-		break;
-	case BIO_CTRL_INFO:
-		ret=0;
-		break;
-	case BIO_C_SSL_MODE:
-		if (num) /* client mode */
-			SSL_set_connect_state(ssl);
-		else
-			SSL_set_accept_state(ssl);
-		break;
-	case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
-		ret=bs->renegotiate_timeout;
-		if (num < 60) num=5;
-		bs->renegotiate_timeout=(unsigned long)num;
-		bs->last_time=(unsigned long)time(NULL);
-		break;
-	case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
-		ret=bs->renegotiate_count;
-		if ((long)num >=512)
-			bs->renegotiate_count=(unsigned long)num;
-		break;
-	case BIO_C_GET_SSL_NUM_RENEGOTIATES:
-		ret=bs->num_renegotiates;
-		break;
-	case BIO_C_SET_SSL:
-		if (ssl != NULL)
-			{
-			ssl_free(b);
-			if (!ssl_new(b))
-				return 0;
-			}
-		b->shutdown=(int)num;
-		ssl=(SSL *)ptr;
-		((BIO_SSL *)b->ptr)->ssl=ssl;
-		bio=SSL_get_rbio(ssl);
-		if (bio != NULL)
-			{
-			if (b->next_bio != NULL)
-				BIO_push(bio,b->next_bio);
-			b->next_bio=bio;
-			CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
-			}
-		b->init=1;
-		break;
-	case BIO_C_GET_SSL:
-		if (ptr != NULL)
-			{
-			sslp=(SSL **)ptr;
-			*sslp=ssl;
-			}
-		else
-			ret=0;
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_WPENDING:
-		ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_PENDING:
-		ret=SSL_pending(ssl);
-		if (ret == 0)
-			ret=BIO_pending(ssl->rbio);
-		break;
-	case BIO_CTRL_FLUSH:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-	case BIO_CTRL_PUSH:
-		if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
-			{
-			SSL_set_bio(ssl,b->next_bio,b->next_bio);
-			CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
-			}
-		break;
-	case BIO_CTRL_POP:
-		/* Only detach if we are the BIO explicitly being popped */
-		if (b == ptr)
-			{
-			/* Shouldn't happen in practice because the
-			 * rbio and wbio are the same when pushed.
-			 */
-			if (ssl->rbio != ssl->wbio)
-				BIO_free_all(ssl->wbio);
-			if (b->next_bio != NULL)
-				CRYPTO_add(&b->next_bio->references,-1,CRYPTO_LOCK_BIO);
-			ssl->wbio=NULL;
-			ssl->rbio=NULL;
-			}
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-
-		b->retry_reason=0;
-		ret=(int)SSL_do_handshake(ssl);
-
-		switch (SSL_get_error(ssl,(int)ret))
-			{
-		case SSL_ERROR_WANT_READ:
-			BIO_set_flags(b,
-				BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
-			break;
-		case SSL_ERROR_WANT_WRITE:
-			BIO_set_flags(b,
-				BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
-			break;
-		case SSL_ERROR_WANT_CONNECT:
-			BIO_set_flags(b,
-				BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
-			b->retry_reason=b->next_bio->retry_reason;
-			break;
-		default:
-			break;
-			}
-		break;
-	case BIO_CTRL_DUP:
-		dbio=(BIO *)ptr;
-		if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
-			SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
-		((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
-		((BIO_SSL *)dbio->ptr)->renegotiate_count=
-			((BIO_SSL *)b->ptr)->renegotiate_count;
-		((BIO_SSL *)dbio->ptr)->byte_count=
-			((BIO_SSL *)b->ptr)->byte_count;
-		((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
-			((BIO_SSL *)b->ptr)->renegotiate_timeout;
-		((BIO_SSL *)dbio->ptr)->last_time=
-			((BIO_SSL *)b->ptr)->last_time;
-		ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
-		break;
-	case BIO_C_GET_FD:
-		ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_SET_CALLBACK:
-		{
-#if 0 /* FIXME: Should this be used?  -- Richard Levitte */
-		SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		ret = -1;
-#else
-		ret=0;
-#endif
-		}
-		break;
-	case BIO_CTRL_GET_CALLBACK:
-		{
-		void (**fptr)(const SSL *xssl,int type,int val);
-
-		fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
-		*fptr=SSL_get_info_callback(ssl);
-		}
-		break;
-	default:
-		ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-	}
-
-static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	SSL *ssl;
-	BIO_SSL *bs;
-	long ret=1;
-
-	bs=(BIO_SSL *)b->ptr;
-	ssl=bs->ssl;
-	switch (cmd)
-		{
-	case BIO_CTRL_SET_CALLBACK:
-		{
-		/* FIXME: setting this via a completely different prototype
-		   seems like a crap idea */
-		SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
-		}
-		break;
-	default:
-		ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
-
-static int ssl_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=BIO_write(bp,str,n);
-	return(ret);
-	}
-
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
-	{
-#ifndef OPENSSL_NO_SOCK
-	BIO *ret=NULL,*buf=NULL,*ssl=NULL;
-
-	if ((buf=BIO_new(BIO_f_buffer())) == NULL)
-		return(NULL);
-	if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
-		goto err;
-	if ((ret=BIO_push(buf,ssl)) == NULL)
-		goto err;
-	return(ret);
-err:
-	if (buf != NULL) BIO_free(buf);
-	if (ssl != NULL) BIO_free(ssl);
-#endif
-	return(NULL);
-	}
-
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
-	{
-#ifndef OPENSSL_NO_SOCK
-	BIO *ret=NULL,*con=NULL,*ssl=NULL;
-
-	if ((con=BIO_new(BIO_s_connect())) == NULL)
-		return(NULL);
-	if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
-		goto err;
-	if ((ret=BIO_push(ssl,con)) == NULL)
-		goto err;
-	return(ret);
-err:
-	if (con != NULL) BIO_free(con);
-#endif
-	return(NULL);
-	}
-
-BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
-	{
-	BIO *ret;
-	SSL *ssl;
-
-	if ((ret=BIO_new(BIO_f_ssl())) == NULL)
-		return(NULL);
-	if ((ssl=SSL_new(ctx)) == NULL)
-		{
-		BIO_free(ret);
-		return(NULL);
-		}
-	if (client)
-		SSL_set_connect_state(ssl);
-	else
-		SSL_set_accept_state(ssl);
-		
-	BIO_set_ssl(ret,ssl,BIO_CLOSE);
-	return(ret);
-	}
-
-int BIO_ssl_copy_session_id(BIO *t, BIO *f)
-	{
-	t=BIO_find_type(t,BIO_TYPE_SSL);
-	f=BIO_find_type(f,BIO_TYPE_SSL);
-	if ((t == NULL) || (f == NULL))
-		return(0);
-	if (	(((BIO_SSL *)t->ptr)->ssl == NULL) || 
-		(((BIO_SSL *)f->ptr)->ssl == NULL))
-		return(0);
-	SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
-	return(1);
-	}
-
-void BIO_ssl_shutdown(BIO *b)
-	{
-	SSL *s;
-
-	while (b != NULL)
-		{
-		if (b->method->type == BIO_TYPE_SSL)
-			{
-			s=((BIO_SSL *)b->ptr)->ssl;
-			SSL_shutdown(s);
-			break;
-			}
-		b=b->next_bio;
-		}
-	}
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
deleted file mode 100644
index 1b9d64bf60..0000000000
--- a/ssl/d1_both.c
+++ /dev/null
@@ -1,1662 +0,0 @@
-/* ssl/d1_both.c */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <limits.h>
-#include <string.h>
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
-
-#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
-			if ((end) - (start) <= 8) { \
-				long ii; \
-				for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
-			} else { \
-				long ii; \
-				bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
-				for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
-				bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
-			} }
-
-#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
-			long ii; \
-			OPENSSL_assert((msg_len) > 0); \
-			is_complete = 1; \
-			if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
-			if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
-				if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
-
-#if 0
-#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
-			long ii; \
-			printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
-			printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
-			printf("\n"); }
-#endif
-
-static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
-static unsigned char bitmask_end_values[]   = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
-
-/* XDTLS:  figure out the right values */
-static const unsigned int g_probable_mtu[] = {1500, 512, 256};
-
-static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, 
-	unsigned long frag_len);
-static unsigned char *dtls1_write_message_header(SSL *s,
-	unsigned char *p);
-static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
-	unsigned long len, unsigned short seq_num, unsigned long frag_off, 
-	unsigned long frag_len);
-static long dtls1_get_message_fragment(SSL *s, int st1, int stn, 
-	long max, int *ok);
-
-static hm_fragment *
-dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
-	{
-	hm_fragment *frag = NULL;
-	unsigned char *buf = NULL;
-	unsigned char *bitmask = NULL;
-
-	frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
-	if ( frag == NULL)
-		return NULL;
-
-	if (frag_len)
-		{
-		buf = (unsigned char *)OPENSSL_malloc(frag_len);
-		if ( buf == NULL)
-			{
-			OPENSSL_free(frag);
-			return NULL;
-			}
-		}
-
-	/* zero length fragment gets zero frag->fragment */
-	frag->fragment = buf;
-
-	/* Initialize reassembly bitmask if necessary */
-	if (reassembly)
-		{
-		bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
-		if (bitmask == NULL)
-			{
-			if (buf != NULL) OPENSSL_free(buf);
-			OPENSSL_free(frag);
-			return NULL;
-			}
-		memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
-		}
-
-	frag->reassembly = bitmask;
-
-	return frag;
-	}
-
-void dtls1_hm_fragment_free(hm_fragment *frag)
-	{
-
-	if (frag->msg_header.is_ccs)
-		{
-		EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
-		EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
-		}
-	if (frag->fragment) OPENSSL_free(frag->fragment);
-	if (frag->reassembly) OPENSSL_free(frag->reassembly);
-	OPENSSL_free(frag);
-	}
-
-static int dtls1_query_mtu(SSL *s)
-{
-	if(s->d1->link_mtu)
-		{
-		s->d1->mtu = s->d1->link_mtu-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
-		s->d1->link_mtu = 0;
-		}
-
-	/* AHA!  Figure out the MTU, and stick to the right size */
-	if (s->d1->mtu < dtls1_min_mtu(s))
-		{
-		if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
-			{
-			s->d1->mtu =
-				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-
-			/* I've seen the kernel return bogus numbers when it doesn't know
-			 * (initial write), so just make sure we have a reasonable number */
-			if (s->d1->mtu < dtls1_min_mtu(s))
-				{
-				/* Set to min mtu */
-				s->d1->mtu = dtls1_min_mtu(s);
-				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
-					s->d1->mtu, NULL);
-				}
-			}
-		else
-			return 0;
-		}
-	return 1;
-}
-
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
-int dtls1_do_write(SSL *s, int type)
-	{
-	int ret;
-	unsigned int curr_mtu;
-	int retry = 1;
-	unsigned int len, frag_off, mac_size, blocksize, used_len;
-
-	if(!dtls1_query_mtu(s))
-		return -1;
-
-	OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu(s));  /* should have something reasonable now */
-
-	if ( s->init_off == 0  && type == SSL3_RT_HANDSHAKE)
-		OPENSSL_assert(s->init_num == 
-			(int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
-
-	if (s->write_hash)
-		mac_size = EVP_MD_CTX_size(s->write_hash);
-	else
-		mac_size = 0;
-
-	if (s->enc_write_ctx && 
-		(EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
-		blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
-	else
-		blocksize = 0;
-
-	frag_off = 0;
-	/* s->init_num shouldn't ever be < 0...but just in case */
-	while(s->init_num > 0)
-		{
-		used_len = BIO_wpending(SSL_get_wbio(s)) +  DTLS1_RT_HEADER_LENGTH
-			+ mac_size + blocksize;
-		if(s->d1->mtu > used_len)
-			curr_mtu = s->d1->mtu - used_len;
-		else
-			curr_mtu = 0;
-
-		if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
-			{
-			/* grr.. we could get an error if MTU picked was wrong */
-			ret = BIO_flush(SSL_get_wbio(s));
-			if ( ret <= 0)
-				return ret;
-			used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize;
-			if(s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH)
-				{
-				curr_mtu = s->d1->mtu - used_len;
-				}
-			else
-				{
-				/* Shouldn't happen */
-				return -1;
-				}
-			}
-
-		/* We just checked that s->init_num > 0 so this cast should be safe */
-		if (((unsigned int)s->init_num) > curr_mtu)
-			len = curr_mtu;
-		else
-			len = s->init_num;
-
-		/* Shouldn't ever happen */
-		if(len > INT_MAX)
-			len = INT_MAX;
-
-		/* XDTLS: this function is too long.  split out the CCS part */
-		if ( type == SSL3_RT_HANDSHAKE)
-			{
-			if ( s->init_off != 0)
-				{
-				OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
-				s->init_off -= DTLS1_HM_HEADER_LENGTH;
-				s->init_num += DTLS1_HM_HEADER_LENGTH;
-
-				/* We just checked that s->init_num > 0 so this cast should be safe */
-				if (((unsigned int)s->init_num) > curr_mtu)
-					len = curr_mtu;
-				else
-					len = s->init_num;
-				}
-
-			/* Shouldn't ever happen */
-			if(len > INT_MAX)
-				len = INT_MAX;
-
-			if ( len < DTLS1_HM_HEADER_LENGTH )
-				{
-				/*
-				 * len is so small that we really can't do anything sensible
-				 * so fail
-				 */
-				return -1;
-				}
-			dtls1_fix_message_header(s, frag_off, 
-				len - DTLS1_HM_HEADER_LENGTH);
-
-			dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
-			}
-
-		ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
-			len);
-		if (ret < 0)
-			{
-			/* might need to update MTU here, but we don't know
-			 * which previous packet caused the failure -- so can't
-			 * really retransmit anything.  continue as if everything
-			 * is fine and wait for an alert to handle the
-			 * retransmit 
-			 */
-			if ( retry && BIO_ctrl(SSL_get_wbio(s),
-				BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
-				{
-				if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
-					{
-					if(!dtls1_query_mtu(s))
-						return -1;
-					/* Have one more go */
-					retry = 0;
-					}
-				else
-					return -1;
-				}
-			else
-				{
-				return(-1);
-				}
-			}
-		else
-			{
-
-			/* bad if this assert fails, only part of the handshake
-			 * message got sent.  but why would this happen? */
-			OPENSSL_assert(len == (unsigned int)ret);
-
-			if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
-				{
-				/* should not be done for 'Hello Request's, but in that case
-				 * we'll ignore the result anyway */
-				unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
-				const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-				int xlen;
-
-				if (frag_off == 0 && s->version != DTLS1_BAD_VER)
-					{
-					/* reconstruct message header is if it
-					 * is being sent in single fragment */
-					*p++ = msg_hdr->type;
-					l2n3(msg_hdr->msg_len,p);
-					s2n (msg_hdr->seq,p);
-					l2n3(0,p);
-					l2n3(msg_hdr->msg_len,p);
-					p  -= DTLS1_HM_HEADER_LENGTH;
-					xlen = ret;
-					}
-				else
-					{
-					p  += DTLS1_HM_HEADER_LENGTH;
-					xlen = ret - DTLS1_HM_HEADER_LENGTH;
-					}
-
-				ssl3_finish_mac(s, p, xlen);
-				}
-
-			if (ret == s->init_num)
-				{
-				if (s->msg_callback)
-					s->msg_callback(1, s->version, type, s->init_buf->data, 
-						(size_t)(s->init_off + s->init_num), s, 
-						s->msg_callback_arg);
-
-				s->init_off = 0;  /* done writing this message */
-				s->init_num = 0;
-
-				return(1);
-				}
-			s->init_off+=ret;
-			s->init_num-=ret;
-			frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
-			}
-		}
-	return(0);
-	}
-
-
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
- * maximum acceptable body length 'max'.
- * Read an entire handshake message.  Handshake messages arrive in
- * fragments.
- */
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
-	{
-	int i, al;
-	struct hm_header_st *msg_hdr;
-	unsigned char *p;
-	unsigned long msg_len;
-
-	/* s3->tmp is used to store messages that are unexpected, caused
-	 * by the absence of an optional handshake message */
-	if (s->s3->tmp.reuse_message)
-		{
-		s->s3->tmp.reuse_message=0;
-		if ((mt >= 0) && (s->s3->tmp.message_type != mt))
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
-			goto f_err;
-			}
-		*ok=1;
-		s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-		s->init_num = (int)s->s3->tmp.message_size;
-		return s->init_num;
-		}
-
-	msg_hdr = &s->d1->r_msg_hdr;
-	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-
-again:
-	i = dtls1_get_message_fragment(s, st1, stn, max, ok);
-	if ( i == DTLS1_HM_BAD_FRAGMENT ||
-		i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */
-		goto again;
-	else if ( i <= 0 && !*ok)
-		return i;
-
-	p = (unsigned char *)s->init_buf->data;
-	msg_len = msg_hdr->msg_len;
-
-	/* reconstruct message header */
-	*(p++) = msg_hdr->type;
-	l2n3(msg_len,p);
-	s2n (msg_hdr->seq,p);
-	l2n3(0,p);
-	l2n3(msg_len,p);
-	if (s->version != DTLS1_BAD_VER) {
-		p       -= DTLS1_HM_HEADER_LENGTH;
-		msg_len += DTLS1_HM_HEADER_LENGTH;
-	}
-
-	ssl3_finish_mac(s, p, msg_len);
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
-			p, msg_len,
-			s, s->msg_callback_arg);
-
-	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-
-	/* Don't change sequence numbers while listening */
-	if (!s->d1->listen)
-		s->d1->handshake_read_seq++;
-
-	s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-	return s->init_num;
-
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-	*ok = 0;
-	return -1;
-	}
-
-
-static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max)
-	{
-	size_t frag_off,frag_len,msg_len;
-
-	msg_len  = msg_hdr->msg_len;
-	frag_off = msg_hdr->frag_off;
-	frag_len = msg_hdr->frag_len;
-
-	/* sanity checking */
-	if ( (frag_off+frag_len) > msg_len)
-		{
-		SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
-		return SSL_AD_ILLEGAL_PARAMETER;
-		}
-
-	if ( (frag_off+frag_len) > (unsigned long)max)
-		{
-		SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
-		return SSL_AD_ILLEGAL_PARAMETER;
-		}
-
-	if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
-		{
-		/* msg_len is limited to 2^24, but is effectively checked
-		 * against max above */
-		if (!BUF_MEM_grow_clean(s->init_buf,msg_len+DTLS1_HM_HEADER_LENGTH))
-			{
-			SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
-			return SSL_AD_INTERNAL_ERROR;
-			}
-
-		s->s3->tmp.message_size  = msg_len;
-		s->d1->r_msg_hdr.msg_len = msg_len;
-		s->s3->tmp.message_type  = msg_hdr->type;
-		s->d1->r_msg_hdr.type    = msg_hdr->type;
-		s->d1->r_msg_hdr.seq     = msg_hdr->seq;
-		}
-	else if (msg_len != s->d1->r_msg_hdr.msg_len)
-		{
-		/* They must be playing with us! BTW, failure to enforce
-		 * upper limit would open possibility for buffer overrun. */
-		SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
-		return SSL_AD_ILLEGAL_PARAMETER;
-		}
-
-	return 0; /* no error */
-	}
-
-
-static int
-dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
-	{
-	/* (0) check whether the desired fragment is available
-	 * if so:
-	 * (1) copy over the fragment to s->init_buf->data[]
-	 * (2) update s->init_num
-	 */
-	pitem *item;
-	hm_fragment *frag;
-	int al;
-
-	*ok = 0;
-	item = pqueue_peek(s->d1->buffered_messages);
-	if ( item == NULL)
-		return 0;
-
-	frag = (hm_fragment *)item->data;
-	
-	/* Don't return if reassembly still in progress */
-	if (frag->reassembly != NULL)
-		return 0;
-
-	if ( s->d1->handshake_read_seq == frag->msg_header.seq)
-		{
-		unsigned long frag_len = frag->msg_header.frag_len;
-		pqueue_pop(s->d1->buffered_messages);
-
-		al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
-
-		if (al==0) /* no alert */
-			{
-			unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
-			memcpy(&p[frag->msg_header.frag_off],
-				frag->fragment,frag->msg_header.frag_len);
-			}
-
-		dtls1_hm_fragment_free(frag);
-		pitem_free(item);
-
-		if (al==0)
-			{
-			*ok = 1;
-			return frag_len;
-			}
-
-		ssl3_send_alert(s,SSL3_AL_FATAL,al);
-		s->init_num = 0;
-		*ok = 0;
-		return -1;
-		}
-	else
-		return 0;
-	}
-
-/* dtls1_max_handshake_message_len returns the maximum number of bytes
- * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may
- * be greater if the maximum certificate list size requires it. */
-static unsigned long dtls1_max_handshake_message_len(const SSL *s)
-	{
-	unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
-	if (max_len < (unsigned long)s->max_cert_list)
-		return s->max_cert_list;
-	return max_len;
-	}
-
-static int
-dtls1_reassemble_fragment(SSL *s, const struct hm_header_st* msg_hdr, int *ok)
-	{
-	hm_fragment *frag = NULL;
-	pitem *item = NULL;
-	int i = -1, is_complete;
-	unsigned char seq64be[8];
-	unsigned long frag_len = msg_hdr->frag_len;
-
-	if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len ||
-	    msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
-		goto err;
-
-	if (frag_len == 0)
-		return DTLS1_HM_FRAGMENT_RETRY;
-
-	/* Try to find item in queue */
-	memset(seq64be,0,sizeof(seq64be));
-	seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
-	seq64be[7] = (unsigned char) msg_hdr->seq;
-	item = pqueue_find(s->d1->buffered_messages, seq64be);
-
-	if (item == NULL)
-		{
-		frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
-		if ( frag == NULL)
-			goto err;
-		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
-		frag->msg_header.frag_len = frag->msg_header.msg_len;
-		frag->msg_header.frag_off = 0;
-		}
-	else
-		{
-		frag = (hm_fragment*) item->data;
-		if (frag->msg_header.msg_len != msg_hdr->msg_len)
-			{
-			item = NULL;
-			frag = NULL;
-			goto err;
-			}
-		}
-
-
-	/* If message is already reassembled, this must be a
-	 * retransmit and can be dropped. In this case item != NULL and so frag
-	 * does not need to be freed.
-	 */
-	if (frag->reassembly == NULL)
-		{
-		unsigned char devnull [256];
-
-		while (frag_len)
-			{
-			i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
-				devnull,
-				frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
-			if (i<=0) goto err;
-			frag_len -= i;
-			}
-		return DTLS1_HM_FRAGMENT_RETRY;
-		}
-
-	/* read the body of the fragment (header has already been read */
-	i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
-		frag->fragment + msg_hdr->frag_off,frag_len,0);
-	if ((unsigned long)i!=frag_len)
-		i=-1;
-	if (i<=0)
-		goto err;
-
-	RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
-	                    (long)(msg_hdr->frag_off + frag_len));
-
-	RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
-	                           is_complete);
-
-	if (is_complete)
-		{
-		OPENSSL_free(frag->reassembly);
-		frag->reassembly = NULL;
-		}
-
-	if (item == NULL)
-		{
-		item = pitem_new(seq64be, frag);
-		if (item == NULL)
-			{
-			i = -1;
-			goto err;
-			}
-
-		item = pqueue_insert(s->d1->buffered_messages, item);
-		/* pqueue_insert fails iff a duplicate item is inserted.
-		 * However, |item| cannot be a duplicate. If it were,
-		 * |pqueue_find|, above, would have returned it and control
-		 * would never have reached this branch. */
-		OPENSSL_assert(item != NULL);
-		}
-
-	return DTLS1_HM_FRAGMENT_RETRY;
-
-err:
-	if (frag != NULL && item == NULL) dtls1_hm_fragment_free(frag);
-	*ok = 0;
-	return i;
-	}
-
-
-static int
-dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st* msg_hdr, int *ok)
-{
-	int i=-1;
-	hm_fragment *frag = NULL;
-	pitem *item = NULL;
-	unsigned char seq64be[8];
-	unsigned long frag_len = msg_hdr->frag_len;
-
-	if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
-		goto err;
-
-	/* Try to find item in queue, to prevent duplicate entries */
-	memset(seq64be,0,sizeof(seq64be));
-	seq64be[6] = (unsigned char) (msg_hdr->seq>>8);
-	seq64be[7] = (unsigned char) msg_hdr->seq;
-	item = pqueue_find(s->d1->buffered_messages, seq64be);
-
-	/* If we already have an entry and this one is a fragment,
-	 * don't discard it and rather try to reassemble it.
-	 */
-	if (item != NULL && frag_len != msg_hdr->msg_len)
-		item = NULL;
-
-	/* Discard the message if sequence number was already there, is
-	 * too far in the future, already in the queue or if we received
-	 * a FINISHED before the SERVER_HELLO, which then must be a stale
-	 * retransmit.
-	 */
-	if (msg_hdr->seq <= s->d1->handshake_read_seq ||
-		msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
-		(s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
-		{
-		unsigned char devnull [256];
-
-		while (frag_len)
-			{
-			i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
-				devnull,
-				frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
-			if (i<=0) goto err;
-			frag_len -= i;
-			}
-		}
-	else
-		{
-		if (frag_len != msg_hdr->msg_len)
-			return dtls1_reassemble_fragment(s, msg_hdr, ok);
-
-		if (frag_len > dtls1_max_handshake_message_len(s))
-			goto err;
-
-		frag = dtls1_hm_fragment_new(frag_len, 0);
-		if ( frag == NULL)
-			goto err;
-
-		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
-
-		if (frag_len)
-			{
-			/* read the body of the fragment (header has already been read */
-			i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
-				frag->fragment,frag_len,0);
-			if ((unsigned long)i!=frag_len)
-				i = -1;
-			if (i<=0)
-				goto err;
-			}
-
-		item = pitem_new(seq64be, frag);
-		if ( item == NULL)
-			goto err;
-
-		item = pqueue_insert(s->d1->buffered_messages, item);
-		/* pqueue_insert fails iff a duplicate item is inserted.
-		 * However, |item| cannot be a duplicate. If it were,
-		 * |pqueue_find|, above, would have returned it. Then, either
-		 * |frag_len| != |msg_hdr->msg_len| in which case |item| is set
-		 * to NULL and it will have been processed with
-		 * |dtls1_reassemble_fragment|, above, or the record will have
-		 * been discarded. */
-		OPENSSL_assert(item != NULL);
-		}
-
-	return DTLS1_HM_FRAGMENT_RETRY;
-
-err:
-	if (frag != NULL && item == NULL) dtls1_hm_fragment_free(frag);
-	*ok = 0;
-	return i;
-	}
-
-
-static long
-dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
-	{
-	unsigned char wire[DTLS1_HM_HEADER_LENGTH];
-	unsigned long len, frag_off, frag_len;
-	int i,al;
-	struct hm_header_st msg_hdr;
-
-	redo:
-	/* see if we have the required fragment already */
-	if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
-		{
-		if (*ok)	s->init_num = frag_len;
-		return frag_len;
-		}
-
-	/* read handshake message header */
-	i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,
-		DTLS1_HM_HEADER_LENGTH, 0);
-	if (i <= 0) 	/* nbio, or an error */
-		{
-		s->rwstate=SSL_READING;
-		*ok = 0;
-		return i;
-		}
-	/* Handshake fails if message header is incomplete */
-	if (i != DTLS1_HM_HEADER_LENGTH)
-		{
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
-		goto f_err;
-		}
-
-	/* parse the message fragment header */
-	dtls1_get_message_header(wire, &msg_hdr);
-
-	/* 
-	 * if this is a future (or stale) message it gets buffered
-	 * (or dropped)--no further processing at this time
-	 * While listening, we accept seq 1 (ClientHello with cookie)
-	 * although we're still expecting seq 0 (ClientHello)
-	 */
-	if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
-		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
-
-	len = msg_hdr.msg_len;
-	frag_off = msg_hdr.frag_off;
-	frag_len = msg_hdr.frag_len;
-
-	if (frag_len && frag_len < len)
-		return dtls1_reassemble_fragment(s, &msg_hdr, ok);
-
-	if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
-		wire[0] == SSL3_MT_HELLO_REQUEST)
-		{
-		/* The server may always send 'Hello Request' messages --
-		 * we are doing a handshake anyway now, so ignore them
-		 * if their format is correct. Does not count for
-		 * 'Finished' MAC. */
-		if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0)
-			{
-			if (s->msg_callback)
-				s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 
-					wire, DTLS1_HM_HEADER_LENGTH, s, 
-					s->msg_callback_arg);
-			
-			s->init_num = 0;
-			goto redo;
-			}
-		else /* Incorrectly formated Hello request */
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
-			goto f_err;
-			}
-		}
-
-	if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max)))
-		goto f_err;
-
-	/* XDTLS:  ressurect this when restart is in place */
-	s->state=stn;
-
-	if ( frag_len > 0)
-		{
-		unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
-
-		i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
-			&p[frag_off],frag_len,0);
-		/* XDTLS:  fix this--message fragments cannot span multiple packets */
-		if (i <= 0)
-			{
-			s->rwstate=SSL_READING;
-			*ok = 0;
-			return i;
-			}
-		}
-	else
-		i = 0;
-
-	/* XDTLS:  an incorrectly formatted fragment should cause the 
-	 * handshake to fail */
-	if (i != (int)frag_len)
-		{
-		al=SSL3_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
-		goto f_err;
-		}
-
-	*ok = 1;
-
-	/* Note that s->init_num is *not* used as current offset in
-	 * s->init_buf->data, but as a counter summing up fragments'
-	 * lengths: as soon as they sum up to handshake packet
-	 * length, we assume we have got all the fragments. */
-	s->init_num = frag_len;
-	return frag_len;
-
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-	s->init_num = 0;
-
-	*ok=0;
-	return(-1);
-	}
-
-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
-	{
-	unsigned char *p,*d;
-	int i;
-	unsigned long l;
-
-	if (s->state == a)
-		{
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[DTLS1_HM_HEADER_LENGTH]);
-
-		i=s->method->ssl3_enc->final_finish_mac(s,
-			sender,slen,s->s3->tmp.finish_md);
-		s->s3->tmp.finish_md_len = i;
-		memcpy(p, s->s3->tmp.finish_md, i);
-		p+=i;
-		l=i;
-
-	/* Copy the finished so we can use it for
-	 * renegotiation checks
-	 */
-	if(s->type == SSL_ST_CONNECT)
-		{
-		OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-		memcpy(s->s3->previous_client_finished, 
-		       s->s3->tmp.finish_md, i);
-		s->s3->previous_client_finished_len=i;
-		}
-	else
-		{
-		OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-		memcpy(s->s3->previous_server_finished, 
-		       s->s3->tmp.finish_md, i);
-		s->s3->previous_server_finished_len=i;
-		}
-
-#ifdef OPENSSL_SYS_WIN16
-		/* MSVC 1.5 does not clear the top bytes of the word unless
-		 * I do this.
-		 */
-		l&=0xffff;
-#endif
-
-		d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
-		s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH;
-		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-
-		s->state=b;
-		}
-
-	/* SSL3_ST_SEND_xxxxxx_HELLO_B */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-/* for these 2 messages, we need to
- * ssl->enc_read_ctx			re-init
- * ssl->s3->read_sequence		zero
- * ssl->s3->read_mac_secret		re-init
- * ssl->session->read_sym_enc		assign
- * ssl->session->read_compression	assign
- * ssl->session->read_hash		assign
- */
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
-	{ 
-	unsigned char *p;
-
-	if (s->state == a)
-		{
-		p=(unsigned char *)s->init_buf->data;
-		*p++=SSL3_MT_CCS;
-		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
-		s->init_num=DTLS1_CCS_HEADER_LENGTH;
-
-		if (s->version == DTLS1_BAD_VER) {
-			s->d1->next_handshake_write_seq++;
-			s2n(s->d1->handshake_write_seq,p);
-			s->init_num+=2;
-		}
-
-		s->init_off=0;
-
-		dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, 
-			s->d1->handshake_write_seq, 0, 0);
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 1);
-
-		s->state=b;
-		}
-
-	/* SSL3_ST_CW_CHANGE_B */
-	return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
-	}
-
-static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
-	{
-	int n;
-	unsigned char *p;
-
-	n=i2d_X509(x,NULL);
-	if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
-		{
-		SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
-		return 0;
-		}
-	p=(unsigned char *)&(buf->data[*l]);
-	l2n3(n,p);
-	i2d_X509(x,&p);
-	*l+=n+3;
-
-	return 1;
-	}
-unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
-	{
-	unsigned char *p;
-	int i;
-	unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
-	BUF_MEM *buf;
-
-	/* TLSv1 sends a chain with nothing in it, instead of an alert */
-	buf=s->init_buf;
-	if (!BUF_MEM_grow_clean(buf,10))
-		{
-		SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
-		return(0);
-		}
-	if (x != NULL)
-		{
-		X509_STORE_CTX xs_ctx;
-
-		if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
-  			{
-  			SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
-  			return(0);
-  			}
-  
-		X509_verify_cert(&xs_ctx);
-		/* Don't leave errors in the queue */
-		ERR_clear_error();
-		for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
-  			{
-			x = sk_X509_value(xs_ctx.chain, i);
-
-			if (!dtls1_add_cert_to_buf(buf, &l, x))
-  				{
-				X509_STORE_CTX_cleanup(&xs_ctx);
-				return 0;
-  				}
-  			}
-  		X509_STORE_CTX_cleanup(&xs_ctx);
-  		}
-  	/* Thawte special :-) */
-	for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
-		{
-		x=sk_X509_value(s->ctx->extra_certs,i);
-		if (!dtls1_add_cert_to_buf(buf, &l, x))
-			return 0;
-		}
-
-	l-= (3 + DTLS1_HM_HEADER_LENGTH);
-
-	p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
-	l2n3(l,p);
-	l+=3;
-	p=(unsigned char *)&(buf->data[0]);
-	p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
-
-	l+=DTLS1_HM_HEADER_LENGTH;
-	return(l);
-	}
-
-int dtls1_read_failed(SSL *s, int code)
-	{
-	if ( code > 0)
-		{
-		fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
-		return 1;
-		}
-
-	if (!dtls1_is_timer_expired(s))
-		{
-		/* not a timeout, none of our business, 
-		   let higher layers handle this.  in fact it's probably an error */
-		return code;
-		}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-	if (!SSL_in_init(s) && !s->tlsext_hb_pending)  /* done, no need to send a retransmit */
-#else
-	if (!SSL_in_init(s))  /* done, no need to send a retransmit */
-#endif
-		{
-		BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
-		return code;
-		}
-
-#if 0 /* for now, each alert contains only one record number */
-	item = pqueue_peek(state->rcvd_records);
-	if ( item )
-		{
-		/* send an alert immediately for all the missing records */
-		}
-	else
-#endif
-
-#if 0  /* no more alert sending, just retransmit the last set of messages */
-	if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
-		ssl3_send_alert(s,SSL3_AL_WARNING,
-			DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
-
-	return dtls1_handle_timeout(s);
-	}
-
-int
-dtls1_get_queue_priority(unsigned short seq, int is_ccs)
-	{
-	/* The index of the retransmission queue actually is the message sequence number,
-	 * since the queue only contains messages of a single handshake. However, the
-	 * ChangeCipherSpec has no message sequence number and so using only the sequence
-	 * will result in the CCS and Finished having the same index. To prevent this,
-	 * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
-	 * This does not only differ CSS and Finished, it also maintains the order of the
-	 * index (important for priority queues) and fits in the unsigned short variable.
-	 */	
-	return seq * 2 - is_ccs;
-	}
-
-int
-dtls1_retransmit_buffered_messages(SSL *s)
-	{
-	pqueue sent = s->d1->sent_messages;
-	piterator iter;
-	pitem *item;
-	hm_fragment *frag;
-	int found = 0;
-
-	iter = pqueue_iterator(sent);
-
-	for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter))
-		{
-		frag = (hm_fragment *)item->data;
-			if ( dtls1_retransmit_message(s,
-				(unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs),
-				0, &found) <= 0 && found)
-			{
-			fprintf(stderr, "dtls1_retransmit_message() failed\n");
-			return -1;
-			}
-		}
-
-	return 1;
-	}
-
-int
-dtls1_buffer_message(SSL *s, int is_ccs)
-	{
-	pitem *item;
-	hm_fragment *frag;
-	unsigned char seq64be[8];
-
-	/* this function is called immediately after a message has 
-	 * been serialized */
-	OPENSSL_assert(s->init_off == 0);
-
-	frag = dtls1_hm_fragment_new(s->init_num, 0);
-	if (!frag)
-		return 0;
-
-	memcpy(frag->fragment, s->init_buf->data, s->init_num);
-
-	if ( is_ccs)
-		{
-		OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
-			       ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s->init_num);
-		}
-	else
-		{
-		OPENSSL_assert(s->d1->w_msg_hdr.msg_len + 
-			DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
-		}
-
-	frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
-	frag->msg_header.seq = s->d1->w_msg_hdr.seq;
-	frag->msg_header.type = s->d1->w_msg_hdr.type;
-	frag->msg_header.frag_off = 0;
-	frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
-	frag->msg_header.is_ccs = is_ccs;
-
-	/* save current state*/
-	frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
-	frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
-	frag->msg_header.saved_retransmit_state.compress = s->compress;
-	frag->msg_header.saved_retransmit_state.session = s->session;
-	frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
-	
-	memset(seq64be,0,sizeof(seq64be));
-	seq64be[6] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
-														  frag->msg_header.is_ccs)>>8);
-	seq64be[7] = (unsigned char)(dtls1_get_queue_priority(frag->msg_header.seq,
-														  frag->msg_header.is_ccs));
-
-	item = pitem_new(seq64be, frag);
-	if ( item == NULL)
-		{
-		dtls1_hm_fragment_free(frag);
-		return 0;
-		}
-
-#if 0
-	fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
-	fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
-	fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
-#endif
-
-	pqueue_insert(s->d1->sent_messages, item);
-	return 1;
-	}
-
-int
-dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
-	int *found)
-	{
-	int ret;
-	/* XDTLS: for now assuming that read/writes are blocking */
-	pitem *item;
-	hm_fragment *frag ;
-	unsigned long header_length;
-	unsigned char seq64be[8];
-	struct dtls1_retransmit_state saved_state;
-	unsigned char save_write_sequence[8];
-
-	/*
-	  OPENSSL_assert(s->init_num == 0);
-	  OPENSSL_assert(s->init_off == 0);
-	 */
-
-	/* XDTLS:  the requested message ought to be found, otherwise error */
-	memset(seq64be,0,sizeof(seq64be));
-	seq64be[6] = (unsigned char)(seq>>8);
-	seq64be[7] = (unsigned char)seq;
-
-	item = pqueue_find(s->d1->sent_messages, seq64be);
-	if ( item == NULL)
-		{
-		fprintf(stderr, "retransmit:  message %d non-existant\n", seq);
-		*found = 0;
-		return 0;
-		}
-
-	*found = 1;
-	frag = (hm_fragment *)item->data;
-
-	if ( frag->msg_header.is_ccs)
-		header_length = DTLS1_CCS_HEADER_LENGTH;
-	else
-		header_length = DTLS1_HM_HEADER_LENGTH;
-
-	memcpy(s->init_buf->data, frag->fragment, 
-		frag->msg_header.msg_len + header_length);
-		s->init_num = frag->msg_header.msg_len + header_length;
-
-	dtls1_set_message_header_int(s, frag->msg_header.type, 
-		frag->msg_header.msg_len, frag->msg_header.seq, 0, 
-		frag->msg_header.frag_len);
-
-	/* save current state */
-	saved_state.enc_write_ctx = s->enc_write_ctx;
-	saved_state.write_hash = s->write_hash;
-	saved_state.compress = s->compress;
-	saved_state.session = s->session;
-	saved_state.epoch = s->d1->w_epoch;
-	saved_state.epoch = s->d1->w_epoch;
-	
-	s->d1->retransmitting = 1;
-	
-	/* restore state in which the message was originally sent */
-	s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
-	s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
-	s->compress = frag->msg_header.saved_retransmit_state.compress;
-	s->session = frag->msg_header.saved_retransmit_state.session;
-	s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
-	
-	if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
-	{
-		memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
-		memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
-	}
-	
-	ret = dtls1_do_write(s, frag->msg_header.is_ccs ? 
-						 SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
-	
-	/* restore current state */
-	s->enc_write_ctx = saved_state.enc_write_ctx;
-	s->write_hash = saved_state.write_hash;
-	s->compress = saved_state.compress;
-	s->session = saved_state.session;
-	s->d1->w_epoch = saved_state.epoch;
-	
-	if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
-	{
-		memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
-		memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
-	}
-
-	s->d1->retransmitting = 0;
-
-	(void)BIO_flush(SSL_get_wbio(s));
-	return ret;
-	}
-
-/* call this function when the buffered messages are no longer needed */
-void
-dtls1_clear_record_buffer(SSL *s)
-	{
-	pitem *item;
-
-	for(item = pqueue_pop(s->d1->sent_messages);
-		item != NULL; item = pqueue_pop(s->d1->sent_messages))
-		{
-		dtls1_hm_fragment_free((hm_fragment *)item->data);
-		pitem_free(item);
-		}
-	}
-
-
-unsigned char *
-dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
-			unsigned long len, unsigned long frag_off, unsigned long frag_len)
-	{
-	/* Don't change sequence numbers while listening */
-	if (frag_off == 0 && !s->d1->listen)
-		{
-		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
-		s->d1->next_handshake_write_seq++;
-		}
-
-	dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
-		frag_off, frag_len);
-
-	return p += DTLS1_HM_HEADER_LENGTH;
-	}
-
-
-/* don't actually do the writing, wait till the MTU has been retrieved */
-static void
-dtls1_set_message_header_int(SSL *s, unsigned char mt,
-			    unsigned long len, unsigned short seq_num, unsigned long frag_off,
-			    unsigned long frag_len)
-	{
-	struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
-	msg_hdr->type = mt;
-	msg_hdr->msg_len = len;
-	msg_hdr->seq = seq_num;
-	msg_hdr->frag_off = frag_off;
-	msg_hdr->frag_len = frag_len;
-	}
-
-static void
-dtls1_fix_message_header(SSL *s, unsigned long frag_off,
-			unsigned long frag_len)
-	{
-	struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
-	msg_hdr->frag_off = frag_off;
-	msg_hdr->frag_len = frag_len;
-	}
-
-static unsigned char *
-dtls1_write_message_header(SSL *s, unsigned char *p)
-	{
-	struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
-	*p++ = msg_hdr->type;
-	l2n3(msg_hdr->msg_len, p);
-
-	s2n(msg_hdr->seq, p);
-	l2n3(msg_hdr->frag_off, p);
-	l2n3(msg_hdr->frag_len, p);
-
-	return p;
-	}
-
-unsigned int
-dtls1_link_min_mtu(void)
-	{
-	return (g_probable_mtu[(sizeof(g_probable_mtu) / 
-		sizeof(g_probable_mtu[0])) - 1]);
-	}
-
-unsigned int
-dtls1_min_mtu(SSL *s)
-	{
-	return dtls1_link_min_mtu()-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
-	}
-
-
-void
-dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
-	{
-	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-	msg_hdr->type = *(data++);
-	n2l3(data, msg_hdr->msg_len);
-
-	n2s(data, msg_hdr->seq);
-	n2l3(data, msg_hdr->frag_off);
-	n2l3(data, msg_hdr->frag_len);
-	}
-
-void
-dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
-	{
-	memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
-
-	ccs_hdr->type = *(data++);
-	}
-
-int dtls1_shutdown(SSL *s)
-	{
-	int ret;
-#ifndef OPENSSL_NO_SCTP
-	if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-	    !(s->shutdown & SSL_SENT_SHUTDOWN))
-		{
-		ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
-		if (ret < 0) return -1;
-
-		if (ret == 0)
-			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
-		}
-#endif
-	ret = ssl3_shutdown(s);
-#ifndef OPENSSL_NO_SCTP
-	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
-#endif
-	return ret;
-	}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-int
-dtls1_process_heartbeat(SSL *s)
-	{
-	unsigned char *p = &s->s3->rrec.data[0], *pl;
-	unsigned short hbtype;
-	unsigned int payload;
-	unsigned int padding = 16; /* Use minimum padding */
-
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
-			&s->s3->rrec.data[0], s->s3->rrec.length,
-			s, s->msg_callback_arg);
-
-	/* Read type and payload length first */
-	if (1 + 2 + 16 > s->s3->rrec.length)
-		return 0; /* silently discard */
-	if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH)
-		return 0; /* silently discard per RFC 6520 sec. 4 */
-
-	hbtype = *p++;
-	n2s(p, payload);
-	if (1 + 2 + payload + 16 > s->s3->rrec.length)
-		return 0; /* silently discard per RFC 6520 sec. 4 */
-	pl = p;
-
-	if (hbtype == TLS1_HB_REQUEST)
-		{
-		unsigned char *buffer, *bp;
-		unsigned int write_length = 1 /* heartbeat type */ +
-					    2 /* heartbeat length */ +
-					    payload + padding;
-		int r;
-
-		if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
-			return 0;
-
-		/* Allocate memory for the response, size is 1 byte
-		 * message type, plus 2 bytes payload length, plus
-		 * payload, plus padding
-		 */
-		buffer = OPENSSL_malloc(write_length);
-		bp = buffer;
-
-		/* Enter response type, length and copy payload */
-		*bp++ = TLS1_HB_RESPONSE;
-		s2n(payload, bp);
-		memcpy(bp, pl, payload);
-		bp += payload;
-		/* Random padding */
-		RAND_pseudo_bytes(bp, padding);
-
-		r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length);
-
-		if (r >= 0 && s->msg_callback)
-			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-				buffer, write_length,
-				s, s->msg_callback_arg);
-
-		OPENSSL_free(buffer);
-
-		if (r < 0)
-			return r;
-		}
-	else if (hbtype == TLS1_HB_RESPONSE)
-		{
-		unsigned int seq;
-
-		/* We only send sequence numbers (2 bytes unsigned int),
-		 * and 16 random bytes, so we just try to read the
-		 * sequence number */
-		n2s(pl, seq);
-
-		if (payload == 18 && seq == s->tlsext_hb_seq)
-			{
-			dtls1_stop_timer(s);
-			s->tlsext_hb_seq++;
-			s->tlsext_hb_pending = 0;
-			}
-		}
-
-	return 0;
-	}
-
-int
-dtls1_heartbeat(SSL *s)
-	{
-	unsigned char *buf, *p;
-	int ret;
-	unsigned int payload = 18; /* Sequence number + random bytes */
-	unsigned int padding = 16; /* Use minimum padding */
-
-	/* Only send if peer supports and accepts HB requests... */
-	if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
-	    s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS)
-		{
-		SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
-		return -1;
-		}
-
-	/* ...and there is none in flight yet... */
-	if (s->tlsext_hb_pending)
-		{
-		SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PENDING);
-		return -1;
-		}
-
-	/* ...and no handshake in progress. */
-	if (SSL_in_init(s) || s->in_handshake)
-		{
-		SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_UNEXPECTED_MESSAGE);
-		return -1;
-		}
-
-	/* Check if padding is too long, payload and padding
-	 * must not exceed 2^14 - 3 = 16381 bytes in total.
-	 */
-	OPENSSL_assert(payload + padding <= 16381);
-
-	/* Create HeartBeat message, we just use a sequence number
-	 * as payload to distuingish different messages and add
-	 * some random stuff.
-	 *  - Message Type, 1 byte
-	 *  - Payload Length, 2 bytes (unsigned int)
-	 *  - Payload, the sequence number (2 bytes uint)
-	 *  - Payload, random bytes (16 bytes uint)
-	 *  - Padding
-	 */
-	buf = OPENSSL_malloc(1 + 2 + payload + padding);
-	p = buf;
-	/* Message Type */
-	*p++ = TLS1_HB_REQUEST;
-	/* Payload length (18 bytes here) */
-	s2n(payload, p);
-	/* Sequence number */
-	s2n(s->tlsext_hb_seq, p);
-	/* 16 random bytes */
-	RAND_pseudo_bytes(p, 16);
-	p += 16;
-	/* Random padding */
-	RAND_pseudo_bytes(p, padding);
-
-	ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
-	if (ret >= 0)
-		{
-		if (s->msg_callback)
-			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-				buf, 3 + payload + padding,
-				s, s->msg_callback_arg);
-
-		dtls1_start_timer(s);
-		s->tlsext_hb_pending = 1;
-		}
-
-	OPENSSL_free(buf);
-
-	return ret;
-	}
-#endif
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
deleted file mode 100644
index e5ae2bd8a0..0000000000
--- a/ssl/d1_clnt.c
+++ /dev/null
@@ -1,1731 +0,0 @@
-/* ssl/d1_clnt.c */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_KRB5
-#include "kssl_lcl.h"
-#endif
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-static const SSL_METHOD *dtls1_get_client_method(int ver);
-static int dtls1_get_hello_verify(SSL *s);
-
-static const SSL_METHOD *dtls1_get_client_method(int ver)
-	{
-	if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
-		return(DTLSv1_client_method());
-	else
-		return(NULL);
-	}
-
-IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
-			ssl_undefined_function,
-			dtls1_connect,
-			dtls1_get_client_method)
-
-int dtls1_connect(SSL *s)
-	{
-	BUF_MEM *buf=NULL;
-	unsigned long Time=(unsigned long)time(NULL);
-	void (*cb)(const SSL *ssl,int type,int val)=NULL;
-	int ret= -1;
-	int new_state,state,skip=0;
-#ifndef OPENSSL_NO_SCTP
-	unsigned char sctpauthkey[64];
-	char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
-#endif
-
-	RAND_add(&Time,sizeof(Time),0);
-	ERR_clear_error();
-	clear_sys_error();
-
-	if (s->info_callback != NULL)
-		cb=s->info_callback;
-	else if (s->ctx->info_callback != NULL)
-		cb=s->ctx->info_callback;
-	
-	s->in_handshake++;
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
-
-#ifndef OPENSSL_NO_SCTP
-	/* Notify SCTP BIO socket to enter handshake
-	 * mode and prevent stream identifier other
-	 * than 0. Will be ignored if no SCTP is used.
-	 */
-	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
-#endif
-
-#ifndef OPENSSL_NO_HEARTBEATS
-	/* If we're awaiting a HeartbeatResponse, pretend we
-	 * already got and don't await it anymore, because
-	 * Heartbeats don't make sense during handshakes anyway.
-	 */
-	if (s->tlsext_hb_pending)
-		{
-		dtls1_stop_timer(s);
-		s->tlsext_hb_pending = 0;
-		s->tlsext_hb_seq++;
-		}
-#endif
-
-	for (;;)
-		{
-		state=s->state;
-
-		switch(s->state)
-			{
-		case SSL_ST_RENEGOTIATE:
-			s->renegotiate=1;
-			s->state=SSL_ST_CONNECT;
-			s->ctx->stats.sess_connect_renegotiate++;
-			/* break */
-		case SSL_ST_BEFORE:
-		case SSL_ST_CONNECT:
-		case SSL_ST_BEFORE|SSL_ST_CONNECT:
-		case SSL_ST_OK|SSL_ST_CONNECT:
-
-			s->server=0;
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
-			    (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
-				{
-				SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
-				ret = -1;
-				goto end;
-				}
-				
-			/* s->version=SSL3_VERSION; */
-			s->type=SSL_ST_CONNECT;
-
-			if (s->init_buf == NULL)
-				{
-				if ((buf=BUF_MEM_new()) == NULL)
-					{
-					ret= -1;
-					goto end;
-					}
-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
-					{
-					ret= -1;
-					goto end;
-					}
-				s->init_buf=buf;
-				buf=NULL;
-				}
-
-			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
-			/* setup buffing BIO */
-			if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
-
-			/* don't push the buffering BIO quite yet */
-
-			s->state=SSL3_ST_CW_CLNT_HELLO_A;
-			s->ctx->stats.sess_connect++;
-			s->init_num=0;
-			/* mark client_random uninitialized */
-			memset(s->s3->client_random,0,sizeof(s->s3->client_random));
-			s->d1->send_cookie = 0;
-			s->hit = 0;
-			s->d1->change_cipher_spec_ok = 0;
-			/* Should have been reset by ssl3_get_finished, too. */
-			s->s3->change_cipher_spec = 0;
-			break;
-
-#ifndef OPENSSL_NO_SCTP
-		case DTLS1_SCTP_ST_CR_READ_SOCK:
-
-			if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
-			{
-				s->s3->in_read_app_data=2;
-				s->rwstate=SSL_READING;
-				BIO_clear_retry_flags(SSL_get_rbio(s));
-				BIO_set_retry_read(SSL_get_rbio(s));
-				ret = -1;
-				goto end;
-			}
-
-			s->state=s->s3->tmp.next_state;
-			break;
-
-		case DTLS1_SCTP_ST_CW_WRITE_SOCK:
-			/* read app data until dry event */
-
-			ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
-			if (ret < 0) goto end;
-
-			if (ret == 0)
-			{
-				s->s3->in_read_app_data=2;
-				s->rwstate=SSL_READING;
-				BIO_clear_retry_flags(SSL_get_rbio(s));
-				BIO_set_retry_read(SSL_get_rbio(s));
-				ret = -1;
-				goto end;
-			}
-
-			s->state=s->d1->next_state;
-			break;
-#endif
-
-		case SSL3_ST_CW_CLNT_HELLO_A:
-		case SSL3_ST_CW_CLNT_HELLO_B:
-
-			s->shutdown=0;
-
-			/* every DTLS ClientHello resets Finished MAC */
-			ssl3_init_finished_mac(s);
-
-			dtls1_start_timer(s);
-			ret=dtls1_client_hello(s);
-			if (ret <= 0) goto end;
-
-			if ( s->d1->send_cookie)
-				{
-				s->state=SSL3_ST_CW_FLUSH;
-				s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A;
-				}
-			else
-				s->state=SSL3_ST_CR_SRVR_HELLO_A;
-
-			s->init_num=0;
-
-#ifndef OPENSSL_NO_SCTP
-			/* Disable buffering for SCTP */
-			if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
-				{
-#endif
-				/* turn on buffering for the next lot of output */
-				if (s->bbio != s->wbio)
-					s->wbio=BIO_push(s->bbio,s->wbio);
-#ifndef OPENSSL_NO_SCTP
-				}
-#endif
-
-			break;
-
-		case SSL3_ST_CR_SRVR_HELLO_A:
-		case SSL3_ST_CR_SRVR_HELLO_B:
-			ret=ssl3_get_server_hello(s);
-			if (ret <= 0) goto end;
-			else
-				{
-				if (s->hit)
-					{
-#ifndef OPENSSL_NO_SCTP
-					/* Add new shared key for SCTP-Auth,
-					 * will be ignored if no SCTP used.
-					 */
-					snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
-					         DTLS1_SCTP_AUTH_LABEL);
-
-					SSL_export_keying_material(s, sctpauthkey,
-					                           sizeof(sctpauthkey), labelbuffer,
-					                           sizeof(labelbuffer), NULL, 0, 0);
-
-					BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-							 sizeof(sctpauthkey), sctpauthkey);
-#endif
-
-					s->state=SSL3_ST_CR_FINISHED_A;
-					}
-				else
-					s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
-				}
-			s->init_num=0;
-			break;
-
-		case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
-		case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
-
-			ret = dtls1_get_hello_verify(s);
-			if ( ret <= 0)
-				goto end;
-			dtls1_stop_timer(s);
-			if ( s->d1->send_cookie) /* start again, with a cookie */
-				s->state=SSL3_ST_CW_CLNT_HELLO_A;
-			else
-				s->state = SSL3_ST_CR_CERT_A;
-			s->init_num = 0;
-			break;
-
-		case SSL3_ST_CR_CERT_A:
-		case SSL3_ST_CR_CERT_B:
-			/* Check if it is anon DH or PSK */
-			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
-			    !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
-				{
-				ret=ssl3_get_server_certificate(s);
-				if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
-				if (s->tlsext_status_expected)
-					s->state=SSL3_ST_CR_CERT_STATUS_A;
-				else
-					s->state=SSL3_ST_CR_KEY_EXCH_A;
-				}
-			else
-				{
-				skip = 1;
-				s->state=SSL3_ST_CR_KEY_EXCH_A;
-				}
-#else
-				}
-			else
-				skip=1;
-
-			s->state=SSL3_ST_CR_KEY_EXCH_A;
-#endif
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CR_KEY_EXCH_A:
-		case SSL3_ST_CR_KEY_EXCH_B:
-			ret=ssl3_get_key_exchange(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CR_CERT_REQ_A;
-			s->init_num=0;
-
-			/* at this point we check that we have the
-			 * required stuff from the server */
-			if (!ssl3_check_cert_and_algorithm(s))
-				{
-				ret= -1;
-				goto end;
-				}
-			break;
-
-		case SSL3_ST_CR_CERT_REQ_A:
-		case SSL3_ST_CR_CERT_REQ_B:
-			ret=ssl3_get_certificate_request(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CR_SRVR_DONE_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CR_SRVR_DONE_A:
-		case SSL3_ST_CR_SRVR_DONE_B:
-			ret=ssl3_get_server_done(s);
-			if (ret <= 0) goto end;
-			dtls1_stop_timer(s);
-			if (s->s3->tmp.cert_req)
-				s->s3->tmp.next_state=SSL3_ST_CW_CERT_A;
-			else
-				s->s3->tmp.next_state=SSL3_ST_CW_KEY_EXCH_A;
-			s->init_num=0;
-
-#ifndef OPENSSL_NO_SCTP			
-			if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-			    state == SSL_ST_RENEGOTIATE)
-				s->state=DTLS1_SCTP_ST_CR_READ_SOCK;
-			else
-#endif			
-			s->state=s->s3->tmp.next_state;
-			break;
-
-		case SSL3_ST_CW_CERT_A:
-		case SSL3_ST_CW_CERT_B:
-		case SSL3_ST_CW_CERT_C:
-		case SSL3_ST_CW_CERT_D:
-			dtls1_start_timer(s);
-			ret=dtls1_send_client_certificate(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CW_KEY_EXCH_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CW_KEY_EXCH_A:
-		case SSL3_ST_CW_KEY_EXCH_B:
-			dtls1_start_timer(s);
-			ret=dtls1_send_client_key_exchange(s);
-			if (ret <= 0) goto end;
-
-#ifndef OPENSSL_NO_SCTP
-			/* Add new shared key for SCTP-Auth,
-			 * will be ignored if no SCTP used.
-			 */
-			snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
-			         DTLS1_SCTP_AUTH_LABEL);
-
-			SSL_export_keying_material(s, sctpauthkey,
-			                           sizeof(sctpauthkey), labelbuffer,
-			                           sizeof(labelbuffer), NULL, 0, 0);
-
-			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-					 sizeof(sctpauthkey), sctpauthkey);
-#endif
-
-			/* EAY EAY EAY need to check for DH fix cert
-			 * sent back */
-			/* For TLS, cert_req is set to 2, so a cert chain
-			 * of nothing is sent, but no verify packet is sent */
-			if (s->s3->tmp.cert_req == 1)
-				{
-				s->state=SSL3_ST_CW_CERT_VRFY_A;
-				}
-			else
-				{
-#ifndef OPENSSL_NO_SCTP
-				if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
-					{
-					s->d1->next_state=SSL3_ST_CW_CHANGE_A;
-					s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
-					}
-				else
-#endif
-					s->state=SSL3_ST_CW_CHANGE_A;
-				}
-
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CW_CERT_VRFY_A:
-		case SSL3_ST_CW_CERT_VRFY_B:
-			dtls1_start_timer(s);
-			ret=dtls1_send_client_verify(s);
-			if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_SCTP
-			if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
-			{
-				s->d1->next_state=SSL3_ST_CW_CHANGE_A;
-				s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
-			}
-			else
-#endif
-				s->state=SSL3_ST_CW_CHANGE_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CW_CHANGE_A:
-		case SSL3_ST_CW_CHANGE_B:
-			if (!s->hit)
-				dtls1_start_timer(s);
-			ret=dtls1_send_change_cipher_spec(s,
-				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
-			if (ret <= 0) goto end;
-
-			s->state=SSL3_ST_CW_FINISHED_A;
-			s->init_num=0;
-
-			s->session->cipher=s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
-			s->session->compress_meth=0;
-#else
-			if (s->s3->tmp.new_compression == NULL)
-				s->session->compress_meth=0;
-			else
-				s->session->compress_meth=
-					s->s3->tmp.new_compression->id;
-#endif
-			if (!s->method->ssl3_enc->setup_key_block(s))
-				{
-				ret= -1;
-				goto end;
-				}
-
-			if (!s->method->ssl3_enc->change_cipher_state(s,
-				SSL3_CHANGE_CIPHER_CLIENT_WRITE))
-				{
-				ret= -1;
-				goto end;
-				}
-			
-#ifndef OPENSSL_NO_SCTP
-				if (s->hit)
-					{
-					/* Change to new shared key of SCTP-Auth,
-					 * will be ignored if no SCTP used.
-					 */
-					BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-					}
-#endif
-
-			dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
-			break;
-
-		case SSL3_ST_CW_FINISHED_A:
-		case SSL3_ST_CW_FINISHED_B:
-			if (!s->hit)
-				dtls1_start_timer(s);
-			ret=dtls1_send_finished(s,
-				SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
-				s->method->ssl3_enc->client_finished_label,
-				s->method->ssl3_enc->client_finished_label_len);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CW_FLUSH;
-
-			/* clear flags */
-			s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
-			if (s->hit)
-				{
-				s->s3->tmp.next_state=SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
-				if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
-					{
-						s->d1->next_state = s->s3->tmp.next_state;
-						s->s3->tmp.next_state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
-					}
-#endif
-				if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
-					{
-					s->state=SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
-					if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
-						{
-							s->d1->next_state = SSL_ST_OK;
-							s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
-						}
-#endif
-					s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
-					s->s3->delay_buf_pop_ret=0;
-					}
-				}
-			else
-				{
-#ifndef OPENSSL_NO_SCTP
-				/* Change to new shared key of SCTP-Auth,
-				 * will be ignored if no SCTP used.
-				 */
-				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-				/* Allow NewSessionTicket if ticket expected */
-				if (s->tlsext_ticket_expected)
-					s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
-				else
-#endif
-				
-				s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
-				}
-			s->init_num=0;
-			break;
-
-#ifndef OPENSSL_NO_TLSEXT
-		case SSL3_ST_CR_SESSION_TICKET_A:
-		case SSL3_ST_CR_SESSION_TICKET_B:
-			ret=ssl3_get_new_session_ticket(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CR_FINISHED_A;
-			s->init_num=0;
-		break;
-
-		case SSL3_ST_CR_CERT_STATUS_A:
-		case SSL3_ST_CR_CERT_STATUS_B:
-			ret=ssl3_get_cert_status(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CR_KEY_EXCH_A;
-			s->init_num=0;
-		break;
-#endif
-
-		case SSL3_ST_CR_FINISHED_A:
-		case SSL3_ST_CR_FINISHED_B:
-			s->d1->change_cipher_spec_ok = 1;
-			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
-				SSL3_ST_CR_FINISHED_B);
-			if (ret <= 0) goto end;
-			dtls1_stop_timer(s);
-
-			if (s->hit)
-				s->state=SSL3_ST_CW_CHANGE_A;
-			else
-				s->state=SSL_ST_OK;
-
-#ifndef OPENSSL_NO_SCTP
-			if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-				state == SSL_ST_RENEGOTIATE)
-				{
-				s->d1->next_state=s->state;
-				s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
-				}
-#endif
-
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CW_FLUSH:
-			s->rwstate=SSL_WRITING;
-			if (BIO_flush(s->wbio) <= 0)
-				{
-				/* If the write error was fatal, stop trying */
-				if (!BIO_should_retry(s->wbio))
-					{
-					s->rwstate=SSL_NOTHING;
-					s->state=s->s3->tmp.next_state;
-					}
-				
-				ret= -1;
-				goto end;
-				}
-			s->rwstate=SSL_NOTHING;
-			s->state=s->s3->tmp.next_state;
-			break;
-
-		case SSL_ST_OK:
-			/* clean a few things up */
-			ssl3_cleanup_key_block(s);
-
-#if 0
-			if (s->init_buf != NULL)
-				{
-				BUF_MEM_free(s->init_buf);
-				s->init_buf=NULL;
-				}
-#endif
-
-			/* If we are not 'joining' the last two packets,
-			 * remove the buffering now */
-			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
-				ssl_free_wbio_buffer(s);
-			/* else do it later in ssl3_write */
-
-			s->init_num=0;
-			s->renegotiate=0;
-			s->new_session=0;
-
-			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
-			if (s->hit) s->ctx->stats.sess_hit++;
-
-			ret=1;
-			/* s->server=0; */
-			s->handshake_func=dtls1_connect;
-			s->ctx->stats.sess_connect_good++;
-
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
-			/* done with handshaking */
-			s->d1->handshake_read_seq  = 0;
-			s->d1->next_handshake_write_seq = 0;
-			goto end;
-			/* break; */
-			
-		default:
-			SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);
-			ret= -1;
-			goto end;
-			/* break; */
-			}
-
-		/* did we do anything */
-		if (!s->s3->tmp.reuse_message && !skip)
-			{
-			if (s->debug)
-				{
-				if ((ret=BIO_flush(s->wbio)) <= 0)
-					goto end;
-				}
-
-			if ((cb != NULL) && (s->state != state))
-				{
-				new_state=s->state;
-				s->state=state;
-				cb(s,SSL_CB_CONNECT_LOOP,1);
-				s->state=new_state;
-				}
-			}
-		skip=0;
-		}
-end:
-	s->in_handshake--;
-	
-#ifndef OPENSSL_NO_SCTP
-	/* Notify SCTP BIO socket to leave handshake
-	 * mode and allow stream identifier other
-	 * than 0. Will be ignored if no SCTP is used.
-	 */
-	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
-#endif
-
-	if (buf != NULL)
-		BUF_MEM_free(buf);
-	if (cb != NULL)
-		cb(s,SSL_CB_CONNECT_EXIT,ret);
-	return(ret);
-	}
-
-int dtls1_client_hello(SSL *s)
-	{
-	unsigned char *buf;
-	unsigned char *p,*d;
-	unsigned int i,j;
-	unsigned long l;
-	SSL_COMP *comp;
-
-	buf=(unsigned char *)s->init_buf->data;
-	if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
-		{
-		SSL_SESSION *sess = s->session;
-		if ((s->session == NULL) ||
-			(s->session->ssl_version != s->version) ||
-#ifdef OPENSSL_NO_TLSEXT
-			!sess->session_id_length ||
-#else
-			(!sess->session_id_length && !sess->tlsext_tick) ||
-#endif
-			(s->session->not_resumable))
-			{
-		        if (!s->session_creation_enabled)
-				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-				SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-				goto err;
-				}
-			if (!ssl_get_new_session(s,0))
-				goto err;
-			}
-		/* else use the pre-loaded session */
-
-		p=s->s3->client_random;
-
-		/* if client_random is initialized, reuse it, we are
-		 * required to use same upon reply to HelloVerify */
-		for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++)
-			;
-		if (i==sizeof(s->s3->client_random))
-			ssl_fill_hello_random(s, 0, p,
-					      sizeof(s->s3->client_random));
-
-		/* Do the message type and length last */
-		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
-
-		*(p++)=s->version>>8;
-		*(p++)=s->version&0xff;
-		s->client_version=s->version;
-
-		/* Random stuff */
-		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
-		p+=SSL3_RANDOM_SIZE;
-
-		/* Session ID */
-		if (s->new_session)
-			i=0;
-		else
-			i=s->session->session_id_length;
-		*(p++)=i;
-		if (i != 0)
-			{
-			if (i > sizeof s->session->session_id)
-				{
-				SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			memcpy(p,s->session->session_id,i);
-			p+=i;
-			}
-		
-		/* cookie stuff */
-		if ( s->d1->cookie_len > sizeof(s->d1->cookie))
-			{
-			SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		*(p++) = s->d1->cookie_len;
-		memcpy(p, s->d1->cookie, s->d1->cookie_len);
-		p += s->d1->cookie_len;
-
-		/* Ciphers supported */
-		i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
-		if (i == 0)
-			{
-			SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
-			goto err;
-			}
-		s2n(i,p);
-		p+=i;
-
-		/* COMPRESSION */
-		if (s->ctx->comp_methods == NULL)
-			j=0;
-		else
-			j=sk_SSL_COMP_num(s->ctx->comp_methods);
-		*(p++)=1+j;
-		for (i=0; i<j; i++)
-			{
-			comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
-			*(p++)=comp->id;
-			}
-		*(p++)=0; /* Add the NULL method */
-
-#ifndef OPENSSL_NO_TLSEXT
-		/* TLS extensions*/
-		if (ssl_prepare_clienthello_tlsext(s) <= 0)
-			{
-			SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
-			goto err;
-			}
-		if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
-			{
-			SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-#endif
-
-		l=(p-d);
-		d=buf;
-
-		d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
-
-		s->state=SSL3_ST_CW_CLNT_HELLO_B;
-		/* number of bytes to write */
-		s->init_num=p-buf;
-		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-		}
-
-	/* SSL3_ST_CW_CLNT_HELLO_B */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-	return(-1);
-	}
-
-static int dtls1_get_hello_verify(SSL *s)
-	{
-	int n, al, ok = 0;
-	unsigned char *data;
-	unsigned int cookie_len;
-
-	n=s->method->ssl_get_message(s,
-		DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
-		DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
-		-1,
-		s->max_cert_list,
-		&ok);
-
-	if (!ok) return((int)n);
-
-	if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST)
-		{
-		s->d1->send_cookie = 0;
-		s->s3->tmp.reuse_message=1;
-		return(1);
-		}
-
-	data = (unsigned char *)s->init_msg;
-
-	if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff)))
-		{
-		SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION);
-		s->version=(s->version&0xff00)|data[1];
-		al = SSL_AD_PROTOCOL_VERSION;
-		goto f_err;
-		}
-	data+=2;
-
-	cookie_len = *(data++);
-	if ( cookie_len > sizeof(s->d1->cookie))
-		{
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		goto f_err;
-		}
-
-	memcpy(s->d1->cookie, data, cookie_len);
-	s->d1->cookie_len = cookie_len;
-
-	s->d1->send_cookie = 1;
-	return 1;
-
-f_err:
-	ssl3_send_alert(s, SSL3_AL_FATAL, al);
-	return -1;
-	}
-
-int dtls1_send_client_key_exchange(SSL *s)
-	{
-	unsigned char *p,*d;
-	int n;
-	unsigned long alg_k;
-#ifndef OPENSSL_NO_RSA
-	unsigned char *q;
-	EVP_PKEY *pkey=NULL;
-#endif
-#ifndef OPENSSL_NO_KRB5
-        KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_ECDH
-	EC_KEY *clnt_ecdh = NULL;
-	const EC_POINT *srvr_ecpoint = NULL;
-	EVP_PKEY *srvr_pub_pkey = NULL;
-	unsigned char *encodedPoint = NULL;
-	int encoded_pt_len = 0;
-	BN_CTX * bn_ctx = NULL;
-#endif
-
-	if (s->state == SSL3_ST_CW_KEY_EXCH_A)
-		{
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[DTLS1_HM_HEADER_LENGTH]);
-		
-		alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
-
-                /* Fool emacs indentation */
-                if (0) {}
-#ifndef OPENSSL_NO_RSA
-		else if (alg_k & SSL_kRSA)
-			{
-			RSA *rsa;
-			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
-			if (s->session->sess_cert == NULL)
-				{
-				/* We should always have a server certificate with SSL_kRSA. */
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-
-			if (s->session->sess_cert->peer_rsa_tmp != NULL)
-				rsa=s->session->sess_cert->peer_rsa_tmp;
-			else
-				{
-				pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-				if ((pkey == NULL) ||
-					(pkey->type != EVP_PKEY_RSA) ||
-					(pkey->pkey.rsa == NULL))
-					{
-					SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-					goto err;
-					}
-				rsa=pkey->pkey.rsa;
-				EVP_PKEY_free(pkey);
-				}
-				
-			tmp_buf[0]=s->client_version>>8;
-			tmp_buf[1]=s->client_version&0xff;
-			if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
-					goto err;
-
-			s->session->master_key_length=sizeof tmp_buf;
-
-			q=p;
-			/* Fix buf for TLS and [incidentally] DTLS */
-			if (s->version > SSL3_VERSION)
-				p+=2;
-			n=RSA_public_encrypt(sizeof tmp_buf,
-				tmp_buf,p,rsa,RSA_PKCS1_PADDING);
-#ifdef PKCS1_CHECK
-			if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
-			if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
-#endif
-			if (n <= 0)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
-				goto err;
-				}
-
-			/* Fix buf for TLS and [incidentally] DTLS */
-			if (s->version > SSL3_VERSION)
-				{
-				s2n(n,q);
-				n+=2;
-				}
-
-			s->session->master_key_length=
-				s->method->ssl3_enc->generate_master_secret(s,
-					s->session->master_key,
-					tmp_buf,sizeof tmp_buf);
-			OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
-			}
-#endif
-#ifndef OPENSSL_NO_KRB5
-		else if (alg_k & SSL_kKRB5)
-                        {
-                        krb5_error_code	krb5rc;
-                        KSSL_CTX	*kssl_ctx = s->kssl_ctx;
-                        /*  krb5_data	krb5_ap_req;  */
-                        krb5_data	*enc_ticket;
-                        krb5_data	authenticator, *authp = NULL;
-			EVP_CIPHER_CTX	ciph_ctx;
-			const EVP_CIPHER *enc = NULL;
-			unsigned char	iv[EVP_MAX_IV_LENGTH];
-			unsigned char	tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-			unsigned char	epms[SSL_MAX_MASTER_KEY_LENGTH 
-						+ EVP_MAX_IV_LENGTH];
-			int 		padl, outl = sizeof(epms);
-
-			EVP_CIPHER_CTX_init(&ciph_ctx);
-
-#ifdef KSSL_DEBUG
-                        printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
-                                alg_k, SSL_kKRB5);
-#endif	/* KSSL_DEBUG */
-
-			authp = NULL;
-#ifdef KRB5SENDAUTH
-			if (KRB5SENDAUTH)  authp = &authenticator;
-#endif	/* KRB5SENDAUTH */
-
-                        krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
-				&kssl_err);
-			enc = kssl_map_enc(kssl_ctx->enctype);
-                        if (enc == NULL)
-                            goto err;
-#ifdef KSSL_DEBUG
-                        {
-                        printf("kssl_cget_tkt rtn %d\n", krb5rc);
-                        if (krb5rc && kssl_err.text)
-			  printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
-                        }
-#endif	/* KSSL_DEBUG */
-
-                        if (krb5rc)
-                                {
-                                ssl3_send_alert(s,SSL3_AL_FATAL,
-						SSL_AD_HANDSHAKE_FAILURE);
-                                SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-						kssl_err.reason);
-                                goto err;
-                                }
-
-			/*  20010406 VRS - Earlier versions used KRB5 AP_REQ
-			**  in place of RFC 2712 KerberosWrapper, as in:
-			**
-                        **  Send ticket (copy to *p, set n = length)
-                        **  n = krb5_ap_req.length;
-                        **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
-                        **  if (krb5_ap_req.data)  
-                        **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
-                        **
-			**  Now using real RFC 2712 KerberosWrapper
-			**  (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
-			**  Note: 2712 "opaque" types are here replaced
-			**  with a 2-byte length followed by the value.
-			**  Example:
-			**  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
-			**  Where "xx xx" = length bytes.  Shown here with
-			**  optional authenticator omitted.
-			*/
-
-			/*  KerberosWrapper.Ticket		*/
-			s2n(enc_ticket->length,p);
-			memcpy(p, enc_ticket->data, enc_ticket->length);
-			p+= enc_ticket->length;
-			n = enc_ticket->length + 2;
-
-			/*  KerberosWrapper.Authenticator	*/
-			if (authp  &&  authp->length)  
-				{
-				s2n(authp->length,p);
-				memcpy(p, authp->data, authp->length);
-				p+= authp->length;
-				n+= authp->length + 2;
-				
-				free(authp->data);
-				authp->data = NULL;
-				authp->length = 0;
-				}
-			else
-				{
-				s2n(0,p);/*  null authenticator length	*/
-				n+=2;
-				}
- 
-			if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
-			    goto err;
-
-			/*  20010420 VRS.  Tried it this way; failed.
-			**	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
-			**	EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
-			**				kssl_ctx->length);
-			**	EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
-			*/
-
-			memset(iv, 0, sizeof iv);  /* per RFC 1510 */
-			EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
-				kssl_ctx->key,iv);
-			EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
-				sizeof tmp_buf);
-			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
-			outl += padl;
-			if (outl > (int)sizeof epms)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-			/*  KerberosWrapper.EncryptedPreMasterSecret	*/
-			s2n(outl,p);
-			memcpy(p, epms, outl);
-			p+=outl;
-			n+=outl + 2;
-
-                        s->session->master_key_length=
-                                s->method->ssl3_enc->generate_master_secret(s,
-					s->session->master_key,
-					tmp_buf, sizeof tmp_buf);
-
-			OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
-			OPENSSL_cleanse(epms, outl);
-                        }
-#endif
-#ifndef OPENSSL_NO_DH
-		else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-			{
-			DH *dh_srvr,*dh_clnt;
-
-			if (s->session->sess_cert == NULL)
-				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
-				goto err;
-				}
-
-			if (s->session->sess_cert->peer_dh_tmp != NULL)
-				dh_srvr=s->session->sess_cert->peer_dh_tmp;
-			else
-				{
-				/* we get them from the cert */
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
-				goto err;
-				}
-			
-			/* generate a new random key */
-			if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
-				goto err;
-				}
-			if (!DH_generate_key(dh_clnt))
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
-				goto err;
-				}
-
-			/* use the 'p' output buffer for the DH key, but
-			 * make sure to clear it out afterwards */
-
-			n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
-
-			if (n <= 0)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
-				goto err;
-				}
-
-			/* generate master key from the result */
-			s->session->master_key_length=
-				s->method->ssl3_enc->generate_master_secret(s,
-					s->session->master_key,p,n);
-			/* clean up */
-			memset(p,0,n);
-
-			/* send off the data */
-			n=BN_num_bytes(dh_clnt->pub_key);
-			s2n(n,p);
-			BN_bn2bin(dh_clnt->pub_key,p);
-			n+=2;
-
-			DH_free(dh_clnt);
-
-			/* perhaps clean things up a bit EAY EAY EAY EAY*/
-			}
-#endif
-#ifndef OPENSSL_NO_ECDH 
-		else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
-			{
-			const EC_GROUP *srvr_group = NULL;
-			EC_KEY *tkey;
-			int ecdh_clnt_cert = 0;
-			int field_size = 0;
-
-			if (s->session->sess_cert == NULL)
-				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
-				goto err;
-				}
-
-			/* Did we send out the client's
-			 * ECDH share for use in premaster
-			 * computation as part of client certificate?
-			 * If so, set ecdh_clnt_cert to 1.
-			 */
-			if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) 
-				{
-				/* XXX: For now, we do not support client
-				 * authentication using ECDH certificates.
-				 * To add such support, one needs to add
-				 * code that checks for appropriate 
-				 * conditions and sets ecdh_clnt_cert to 1.
-				 * For example, the cert have an ECC
-				 * key on the same curve as the server's
-				 * and the key should be authorized for
-				 * key agreement.
-				 *
-				 * One also needs to add code in ssl3_connect
-				 * to skip sending the certificate verify
-				 * message.
-				 *
-				 * if ((s->cert->key->privatekey != NULL) &&
-				 *     (s->cert->key->privatekey->type ==
-				 *      EVP_PKEY_EC) && ...)
-				 * ecdh_clnt_cert = 1;
-				 */
-				}
-
-			if (s->session->sess_cert->peer_ecdh_tmp != NULL)
-				{
-				tkey = s->session->sess_cert->peer_ecdh_tmp;
-				}
-			else
-				{
-				/* Get the Server Public Key from Cert */
-				srvr_pub_pkey = X509_get_pubkey(s->session-> \
-				    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
-				if ((srvr_pub_pkey == NULL) ||
-				    (srvr_pub_pkey->type != EVP_PKEY_EC) ||
-				    (srvr_pub_pkey->pkey.ec == NULL))
-					{
-					SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-					    ERR_R_INTERNAL_ERROR);
-					goto err;
-					}
-
-				tkey = srvr_pub_pkey->pkey.ec;
-				}
-
-			srvr_group   = EC_KEY_get0_group(tkey);
-			srvr_ecpoint = EC_KEY_get0_public_key(tkey);
-
-			if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-				    ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-
-			if ((clnt_ecdh=EC_KEY_new()) == NULL) 
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-
-			if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
-				goto err;
-				}
-			if (ecdh_clnt_cert) 
-				{ 
-				/* Reuse key info from our certificate
-				 * We only need our private key to perform
-				 * the ECDH computation.
-				 */
-				const BIGNUM *priv_key;
-				tkey = s->cert->key->privatekey->pkey.ec;
-				priv_key = EC_KEY_get0_private_key(tkey);
-				if (priv_key == NULL)
-					{
-					SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
-					{
-					SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
-					goto err;
-					}
-				}
-			else 
-				{
-				/* Generate a new ECDH key pair */
-				if (!(EC_KEY_generate_key(clnt_ecdh)))
-					{
-					SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-					goto err;
-					}
-				}
-
-			/* use the 'p' output buffer for the ECDH key, but
-			 * make sure to clear it out afterwards
-			 */
-
-			field_size = EC_GROUP_get_degree(srvr_group);
-			if (field_size <= 0)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 
-				       ERR_R_ECDH_LIB);
-				goto err;
-				}
-			n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
-			if (n <= 0)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, 
-				       ERR_R_ECDH_LIB);
-				goto err;
-				}
-
-			/* generate master key from the result */
-			s->session->master_key_length = s->method->ssl3_enc \
-			    -> generate_master_secret(s, 
-				s->session->master_key,
-				p, n);
-
-			memset(p, 0, n); /* clean up */
-
-			if (ecdh_clnt_cert) 
-				{
-				/* Send empty client key exch message */
-				n = 0;
-				}
-			else 
-				{
-				/* First check the size of encoding and
-				 * allocate memory accordingly.
-				 */
-				encoded_pt_len = 
-				    EC_POINT_point2oct(srvr_group, 
-					EC_KEY_get0_public_key(clnt_ecdh), 
-					POINT_CONVERSION_UNCOMPRESSED, 
-					NULL, 0, NULL);
-
-				encodedPoint = (unsigned char *) 
-				    OPENSSL_malloc(encoded_pt_len * 
-					sizeof(unsigned char)); 
-				bn_ctx = BN_CTX_new();
-				if ((encodedPoint == NULL) || 
-				    (bn_ctx == NULL)) 
-					{
-					SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-
-				/* Encode the public key */
-				n = EC_POINT_point2oct(srvr_group, 
-				    EC_KEY_get0_public_key(clnt_ecdh), 
-				    POINT_CONVERSION_UNCOMPRESSED, 
-				    encodedPoint, encoded_pt_len, bn_ctx);
-
-				*p = n; /* length of encoded point */
-				/* Encoded point will be copied here */
-				p += 1; 
-				/* copy the point */
-				memcpy((unsigned char *)p, encodedPoint, n);
-				/* increment n to account for length field */
-				n += 1; 
-				}
-
-			/* Free allocated memory */
-			BN_CTX_free(bn_ctx);
-			if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
-			if (clnt_ecdh != NULL) 
-				 EC_KEY_free(clnt_ecdh);
-			EVP_PKEY_free(srvr_pub_pkey);
-			}
-#endif /* !OPENSSL_NO_ECDH */
-
-#ifndef OPENSSL_NO_PSK
-		else if (alg_k & SSL_kPSK)
-			{
-			char identity[PSK_MAX_IDENTITY_LEN];
-			unsigned char *t = NULL;
-			unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4];
-			unsigned int pre_ms_len = 0, psk_len = 0;
-			int psk_err = 1;
-
-			n = 0;
-			if (s->psk_client_callback == NULL)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-					SSL_R_PSK_NO_CLIENT_CB);
-				goto err;
-				}
-
-			psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
-				identity, PSK_MAX_IDENTITY_LEN,
-				psk_or_pre_ms, sizeof(psk_or_pre_ms));
-			if (psk_len > PSK_MAX_PSK_LEN)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-					ERR_R_INTERNAL_ERROR);
-				goto psk_err;
-				}
-			else if (psk_len == 0)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-					SSL_R_PSK_IDENTITY_NOT_FOUND);
-				goto psk_err;
-				}
-
-			/* create PSK pre_master_secret */
-			pre_ms_len = 2+psk_len+2+psk_len;
-			t = psk_or_pre_ms;
-			memmove(psk_or_pre_ms+psk_len+4, psk_or_pre_ms, psk_len);
-			s2n(psk_len, t);
-			memset(t, 0, psk_len);
-			t+=psk_len;
-			s2n(psk_len, t);
-
-			if (s->session->psk_identity != NULL)
-				OPENSSL_free(s->session->psk_identity);
-			s->session->psk_identity = BUF_strdup(identity);
-			if (s->session->psk_identity == NULL)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
-					ERR_R_MALLOC_FAILURE);
-				goto psk_err;
-				}
-
-			s->session->master_key_length =
-				s->method->ssl3_enc->generate_master_secret(s,
-					s->session->master_key,
-					psk_or_pre_ms, pre_ms_len); 
-			n = strlen(identity);
-			s2n(n, p);
-			memcpy(p, identity, n);
-			n+=2;
-			psk_err = 0;
-		psk_err:
-			OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN);
-			OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
-			if (psk_err != 0)
-				{
-				ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-				goto err;
-				}
-			}
-#endif
-		else
-			{
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-			SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		
-		d = dtls1_set_message_header(s, d,
-		SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
-		/*
-		 *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
-		 l2n3(n,d);
-		 l2n(s->d1->handshake_write_seq,d);
-		 s->d1->handshake_write_seq++;
-		*/
-		
-		s->state=SSL3_ST_CW_KEY_EXCH_B;
-		/* number of bytes to write */
-		s->init_num=n+DTLS1_HM_HEADER_LENGTH;
-		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-		}
-	
-	/* SSL3_ST_CW_KEY_EXCH_B */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-#ifndef OPENSSL_NO_ECDH
-	BN_CTX_free(bn_ctx);
-	if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
-	if (clnt_ecdh != NULL) 
-		EC_KEY_free(clnt_ecdh);
-	EVP_PKEY_free(srvr_pub_pkey);
-#endif
-	return(-1);
-	}
-
-int dtls1_send_client_verify(SSL *s)
-	{
-	unsigned char *p,*d;
-	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
-	EVP_PKEY *pkey;
-#ifndef OPENSSL_NO_RSA
-	unsigned u=0;
-#endif
-	unsigned long n;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-	int j;
-#endif
-
-	if (s->state == SSL3_ST_CW_CERT_VRFY_A)
-		{
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[DTLS1_HM_HEADER_LENGTH]);
-		pkey=s->cert->key->privatekey;
-
-		s->method->ssl3_enc->cert_verify_mac(s,
-		NID_sha1,
-			&(data[MD5_DIGEST_LENGTH]));
-
-#ifndef OPENSSL_NO_RSA
-		if (pkey->type == EVP_PKEY_RSA)
-			{
-			s->method->ssl3_enc->cert_verify_mac(s,
-				NID_md5,
-				&(data[0]));
-			if (RSA_sign(NID_md5_sha1, data,
-					 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
-					&(p[2]), &u, pkey->pkey.rsa) <= 0 )
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
-				goto err;
-				}
-			s2n(u,p);
-			n=u+2;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_DSA
-			if (pkey->type == EVP_PKEY_DSA)
-			{
-			if (!DSA_sign(pkey->save_type,
-				&(data[MD5_DIGEST_LENGTH]),
-				SHA_DIGEST_LENGTH,&(p[2]),
-				(unsigned int *)&j,pkey->pkey.dsa))
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
-				goto err;
-				}
-			s2n(j,p);
-			n=j+2;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-			if (pkey->type == EVP_PKEY_EC)
-			{
-			if (!ECDSA_sign(pkey->save_type,
-				&(data[MD5_DIGEST_LENGTH]),
-				SHA_DIGEST_LENGTH,&(p[2]),
-				(unsigned int *)&j,pkey->pkey.ec))
-				{
-				SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,
-				    ERR_R_ECDSA_LIB);
-				goto err;
-				}
-			s2n(j,p);
-			n=j+2;
-			}
-		else
-#endif
-			{
-			SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-
-		d = dtls1_set_message_header(s, d,
-			SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ;
-
-		s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH;
-		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-
-		s->state = SSL3_ST_CW_CERT_VRFY_B;
-		}
-
-	/* s->state = SSL3_ST_CW_CERT_VRFY_B */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-	return(-1);
-	}
-
-int dtls1_send_client_certificate(SSL *s)
-	{
-	X509 *x509=NULL;
-	EVP_PKEY *pkey=NULL;
-	int i;
-	unsigned long l;
-
-	if (s->state ==	SSL3_ST_CW_CERT_A)
-		{
-		if ((s->cert == NULL) ||
-			(s->cert->key->x509 == NULL) ||
-			(s->cert->key->privatekey == NULL))
-			s->state=SSL3_ST_CW_CERT_B;
-		else
-			s->state=SSL3_ST_CW_CERT_C;
-		}
-
-	/* We need to get a client cert */
-	if (s->state == SSL3_ST_CW_CERT_B)
-		{
-		/* If we get an error, we need to
-		 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
-		 * We then get retied later */
-		i=0;
-		i = ssl_do_client_cert_cb(s, &x509, &pkey);
-		if (i < 0)
-			{
-			s->rwstate=SSL_X509_LOOKUP;
-			return(-1);
-			}
-		s->rwstate=SSL_NOTHING;
-		if ((i == 1) && (pkey != NULL) && (x509 != NULL))
-			{
-			s->state=SSL3_ST_CW_CERT_B;
-			if (	!SSL_use_certificate(s,x509) ||
-				!SSL_use_PrivateKey(s,pkey))
-				i=0;
-			}
-		else if (i == 1)
-			{
-			i=0;
-			SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
-			}
-
-		if (x509 != NULL) X509_free(x509);
-		if (pkey != NULL) EVP_PKEY_free(pkey);
-		if (i == 0)
-			{
-			if (s->version == SSL3_VERSION)
-				{
-				s->s3->tmp.cert_req=0;
-				ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
-				return(1);
-				}
-			else
-				{
-				s->s3->tmp.cert_req=2;
-				}
-			}
-
-		/* Ok, we have a cert */
-		s->state=SSL3_ST_CW_CERT_C;
-		}
-
-	if (s->state == SSL3_ST_CW_CERT_C)
-		{
-		s->state=SSL3_ST_CW_CERT_D;
-		l=dtls1_output_cert_chain(s,
-			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
-		if (!l)
-			{
-			SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
-			return 0;
-			}
-		s->init_num=(int)l;
-		s->init_off=0;
-
-		/* set header called by dtls1_output_cert_chain() */
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-		}
-	/* SSL3_ST_CW_CERT_D */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-	}
diff --git a/ssl/d1_enc.c b/ssl/d1_enc.c
deleted file mode 100644
index 3da2b4c8c2..0000000000
--- a/ssl/d1_enc.c
+++ /dev/null
@@ -1,261 +0,0 @@
-/* ssl/d1_enc.c */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
-#ifdef KSSL_DEBUG
-#include <openssl/des.h>
-#endif
-
-/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
- *
- * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
- *       short etc).
- *   1: if the record's padding is valid / the encryption was successful.
- *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- *       an internal error occured. */
-int dtls1_enc(SSL *s, int send)
-	{
-	SSL3_RECORD *rec;
-	EVP_CIPHER_CTX *ds;
-	unsigned long l;
-	int bs,i,j,k,mac_size=0;
-	const EVP_CIPHER *enc;
-
-	if (send)
-		{
-		if (EVP_MD_CTX_md(s->write_hash))
-			{
-			mac_size=EVP_MD_CTX_size(s->write_hash);
-			if (mac_size < 0)
-				return -1;
-			}
-		ds=s->enc_write_ctx;
-		rec= &(s->s3->wrec);
-		if (s->enc_write_ctx == NULL)
-			enc=NULL;
-		else
-			{
-			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-			if ( rec->data != rec->input)
-				/* we can't write into the input stream */
-				fprintf(stderr, "%s:%d: rec->data != rec->input\n",
-					__FILE__, __LINE__);
-			else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
-				{
-				if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
-					return -1;
-				}
-			}
-		}
-	else
-		{
-		if (EVP_MD_CTX_md(s->read_hash))
-			{
-			mac_size=EVP_MD_CTX_size(s->read_hash);
-			OPENSSL_assert(mac_size >= 0);
-			}
-		ds=s->enc_read_ctx;
-		rec= &(s->s3->rrec);
-		if (s->enc_read_ctx == NULL)
-			enc=NULL;
-		else
-			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-		}
-
-#ifdef KSSL_DEBUG
-	printf("dtls1_enc(%d)\n", send);
-#endif    /* KSSL_DEBUG */
-
-	if ((s->session == NULL) || (ds == NULL) ||
-		(enc == NULL))
-		{
-		memmove(rec->data,rec->input,rec->length);
-		rec->input=rec->data;
-		}
-	else
-		{
-		l=rec->length;
-		bs=EVP_CIPHER_block_size(ds->cipher);
-
-		if ((bs != 1) && send)
-			{
-			i=bs-((int)l%bs);
-
-			/* Add weird padding of upto 256 bytes */
-
-			/* we need to add 'i' padding bytes of value j */
-			j=i-1;
-			if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
-				{
-				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
-					j++;
-				}
-			for (k=(int)l; k<(int)(l+i); k++)
-				rec->input[k]=j;
-			l+=i;
-			rec->length+=i;
-			}
-
-#ifdef KSSL_DEBUG
-		{
-                unsigned long ui;
-		printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
-                        ds,rec->data,rec->input,l);
-		printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
-                        ds->buf_len, ds->cipher->key_len,
-                        DES_KEY_SZ, DES_SCHEDULE_SZ,
-                        ds->cipher->iv_len);
-		printf("\t\tIV: ");
-		for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
-		printf("\n");
-		printf("\trec->input=");
-		for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
-		printf("\n");
-		}
-#endif	/* KSSL_DEBUG */
-
-		if (!send)
-			{
-			if (l == 0 || l%bs != 0)
-				return 0;
-			}
-		
-		if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
-			return -1;
-
-#ifdef KSSL_DEBUG
-		{
-                unsigned long i;
-                printf("\trec->data=");
-		for (i=0; i<l; i++)
-                        printf(" %02x", rec->data[i]);  printf("\n");
-                }
-#endif	/* KSSL_DEBUG */
-
-		if ((bs != 1) && !send)
-			return tls1_cbc_remove_padding(s, rec, bs, mac_size);
-		}
-	return(1);
-	}
-
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
deleted file mode 100644
index 14337b31a4..0000000000
--- a/ssl/d1_lib.c
+++ /dev/null
@@ -1,520 +0,0 @@
-/* ssl/d1_lib.c */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#define USE_SOCKETS
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
-#include <sys/timeb.h>
-#endif
-
-static void get_current_time(struct timeval *t);
-const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
-int dtls1_listen(SSL *s, struct sockaddr *client);
-
-SSL3_ENC_METHOD DTLSv1_enc_data={
-    dtls1_enc,
-	tls1_mac,
-	tls1_setup_key_block,
-	tls1_generate_master_secret,
-	tls1_change_cipher_state,
-	tls1_final_finish_mac,
-	TLS1_FINISH_MAC_LENGTH,
-	tls1_cert_verify_mac,
-	TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
-	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
-	tls1_alert_code,
-	tls1_export_keying_material,
-	};
-
-long dtls1_default_timeout(void)
-	{
-	/* 2 hours, the 24 hours mentioned in the DTLSv1 spec
-	 * is way too long for http, the cache would over fill */
-	return(60*60*2);
-	}
-
-int dtls1_new(SSL *s)
-	{
-	DTLS1_STATE *d1;
-
-	if (!ssl3_new(s)) return(0);
-	if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
-	memset(d1,0, sizeof *d1);
-
-	/* d1->handshake_epoch=0; */
-
-	d1->unprocessed_rcds.q=pqueue_new();
-	d1->processed_rcds.q=pqueue_new();
-	d1->buffered_messages = pqueue_new();
-	d1->sent_messages=pqueue_new();
-	d1->buffered_app_data.q=pqueue_new();
-
-	if ( s->server)
-		{
-		d1->cookie_len = sizeof(s->d1->cookie);
-		}
-
-	d1->link_mtu = 0;
-	d1->mtu = 0;
-
-	if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q 
-        || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
-		{
-        if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
-        if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
-        if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
-		if ( d1->sent_messages) pqueue_free(d1->sent_messages);
-		if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q);
-		OPENSSL_free(d1);
-		return (0);
-		}
-
-	s->d1=d1;
-	s->method->ssl_clear(s);
-	return(1);
-	}
-
-static void dtls1_clear_queues(SSL *s)
-	{
-    pitem *item = NULL;
-    hm_fragment *frag = NULL;
-	DTLS1_RECORD_DATA *rdata;
-
-    while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
-        {
-		rdata = (DTLS1_RECORD_DATA *) item->data;
-		if (rdata->rbuf.buf)
-			{
-			OPENSSL_free(rdata->rbuf.buf);
-			}
-        OPENSSL_free(item->data);
-        pitem_free(item);
-        }
-
-    while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
-        {
-		rdata = (DTLS1_RECORD_DATA *) item->data;
-		if (rdata->rbuf.buf)
-			{
-			OPENSSL_free(rdata->rbuf.buf);
-			}
-        OPENSSL_free(item->data);
-        pitem_free(item);
-        }
-
-    while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
-        {
-        frag = (hm_fragment *)item->data;
-        dtls1_hm_fragment_free(frag);
-        pitem_free(item);
-        }
-
-    while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
-        {
-        frag = (hm_fragment *)item->data;
-        dtls1_hm_fragment_free(frag);
-        pitem_free(item);
-        }
-
-	while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
-		{
-		rdata = (DTLS1_RECORD_DATA *) item->data;
-		if (rdata->rbuf.buf)
-			{
-			OPENSSL_free(rdata->rbuf.buf);
-			}
-		OPENSSL_free(item->data);
-		pitem_free(item);
-		}
-	}
-
-void dtls1_free(SSL *s)
-	{
-	ssl3_free(s);
-
-	dtls1_clear_queues(s);
-
-    pqueue_free(s->d1->unprocessed_rcds.q);
-    pqueue_free(s->d1->processed_rcds.q);
-    pqueue_free(s->d1->buffered_messages);
-	pqueue_free(s->d1->sent_messages);
-	pqueue_free(s->d1->buffered_app_data.q);
-
-	OPENSSL_free(s->d1);
-	s->d1 = NULL;
-	}
-
-void dtls1_clear(SSL *s)
-	{
-    pqueue unprocessed_rcds;
-    pqueue processed_rcds;
-    pqueue buffered_messages;
-	pqueue sent_messages;
-	pqueue buffered_app_data;
-	unsigned int mtu;
-	unsigned int link_mtu;
-
-	if (s->d1)
-		{
-		unprocessed_rcds = s->d1->unprocessed_rcds.q;
-		processed_rcds = s->d1->processed_rcds.q;
-		buffered_messages = s->d1->buffered_messages;
-		sent_messages = s->d1->sent_messages;
-		buffered_app_data = s->d1->buffered_app_data.q;
-		mtu = s->d1->mtu;
-		link_mtu = s->d1->link_mtu;
-
-		dtls1_clear_queues(s);
-
-		memset(s->d1, 0, sizeof(*(s->d1)));
-
-		if (s->server)
-			{
-			s->d1->cookie_len = sizeof(s->d1->cookie);
-			}
-
-		if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)
-			{
-			s->d1->mtu = mtu;
-			s->d1->link_mtu = link_mtu;
-			}
-
-		s->d1->unprocessed_rcds.q = unprocessed_rcds;
-		s->d1->processed_rcds.q = processed_rcds;
-		s->d1->buffered_messages = buffered_messages;
-		s->d1->sent_messages = sent_messages;
-		s->d1->buffered_app_data.q = buffered_app_data;
-		}
-
-	ssl3_clear(s);
-	if (s->options & SSL_OP_CISCO_ANYCONNECT)
-		s->version=DTLS1_BAD_VER;
-	else
-		s->version=DTLS1_VERSION;
-	}
-
-long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
-	{
-	int ret=0;
-
-	switch (cmd)
-		{
-	case DTLS_CTRL_GET_TIMEOUT:
-		if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL)
-			{
-			ret = 1;
-			}
-		break;
-	case DTLS_CTRL_HANDLE_TIMEOUT:
-		ret = dtls1_handle_timeout(s);
-		break;
-	case DTLS_CTRL_LISTEN:
-		ret = dtls1_listen(s, parg);
-		break;
-	case SSL_CTRL_CHECK_PROTO_VERSION:
-		/* For library-internal use; checks that the current protocol
-		 * is the highest enabled version (according to s->ctx->method,
-		 * as version negotiation may have changed s->method). */
-#if DTLS_MAX_VERSION != DTLS1_VERSION
-#  error Code needs update for DTLS_method() support beyond DTLS1_VERSION.
-#endif
-		/* Just one protocol version is supported so far;
-		 * fail closed if the version is not as expected. */
-		return s->version == DTLS_MAX_VERSION;
-	case DTLS_CTRL_SET_LINK_MTU:
-		if (larg < (long)dtls1_link_min_mtu())
-			return 0;
-		s->d1->link_mtu = larg;
-		return 1;
-	case DTLS_CTRL_GET_LINK_MIN_MTU:
-		return (long)dtls1_link_min_mtu();
-	case SSL_CTRL_SET_MTU:
-		/*
-		 *  We may not have a BIO set yet so can't call dtls1_min_mtu()
-		 *  We'll have to make do with dtls1_link_min_mtu() and max overhead
-		 */
-		if (larg < (long)dtls1_link_min_mtu() - DTLS1_MAX_MTU_OVERHEAD)
-			return 0;
-		s->d1->mtu = larg;
-		return larg;
-	default:
-		ret = ssl3_ctrl(s, cmd, larg, parg);
-		break;
-		}
-	return(ret);
-	}
-
-/*
- * As it's impossible to use stream ciphers in "datagram" mode, this
- * simple filter is designed to disengage them in DTLS. Unfortunately
- * there is no universal way to identify stream SSL_CIPHER, so we have
- * to explicitly list their SSL_* codes. Currently RC4 is the only one
- * available, but if new ones emerge, they will have to be added...
- */
-const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
-	{
-	const SSL_CIPHER *ciph = ssl3_get_cipher(u);
-
-	if (ciph != NULL)
-		{
-		if (ciph->algorithm_enc == SSL_RC4)
-			return NULL;
-		}
-
-	return ciph;
-	}
-
-void dtls1_start_timer(SSL *s)
-	{
-#ifndef OPENSSL_NO_SCTP
-	/* Disable timer for SCTP */
-	if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
-		{
-		memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
-		return;
-		}
-#endif
-
-	/* If timer is not set, initialize duration with 1 second */
-	if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
-		{
-		s->d1->timeout_duration = 1;
-		}
-	
-	/* Set timeout to current time */
-	get_current_time(&(s->d1->next_timeout));
-
-	/* Add duration to current time */
-	s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
-	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
-	}
-
-struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
-	{
-	struct timeval timenow;
-
-	/* If no timeout is set, just return NULL */
-	if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
-		{
-		return NULL;
-		}
-
-	/* Get current time */
-	get_current_time(&timenow);
-
-	/* If timer already expired, set remaining time to 0 */
-	if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
-		(s->d1->next_timeout.tv_sec == timenow.tv_sec &&
-		 s->d1->next_timeout.tv_usec <= timenow.tv_usec))
-		{
-		memset(timeleft, 0, sizeof(struct timeval));
-		return timeleft;
-		}
-
-	/* Calculate time left until timer expires */
-	memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
-	timeleft->tv_sec -= timenow.tv_sec;
-	timeleft->tv_usec -= timenow.tv_usec;
-	if (timeleft->tv_usec < 0)
-		{
-		timeleft->tv_sec--;
-		timeleft->tv_usec += 1000000;
-		}
-
-	/* If remaining time is less than 15 ms, set it to 0
-	 * to prevent issues because of small devergences with
-	 * socket timeouts.
-	 */
-	if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
-		{
-		memset(timeleft, 0, sizeof(struct timeval));
-		}
-	
-
-	return timeleft;
-	}
-
-int dtls1_is_timer_expired(SSL *s)
-	{
-	struct timeval timeleft;
-
-	/* Get time left until timeout, return false if no timer running */
-	if (dtls1_get_timeout(s, &timeleft) == NULL)
-		{
-		return 0;
-		}
-
-	/* Return false if timer is not expired yet */
-	if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
-		{
-		return 0;
-		}
-
-	/* Timer expired, so return true */	
-	return 1;
-	}
-
-void dtls1_double_timeout(SSL *s)
-	{
-	s->d1->timeout_duration *= 2;
-	if (s->d1->timeout_duration > 60)
-		s->d1->timeout_duration = 60;
-	dtls1_start_timer(s);
-	}
-
-void dtls1_stop_timer(SSL *s)
-	{
-	/* Reset everything */
-	memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
-	memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
-	s->d1->timeout_duration = 1;
-	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
-	/* Clear retransmission buffer */
-	dtls1_clear_record_buffer(s);
-	}
-
-int dtls1_check_timeout_num(SSL *s)
-	{
-	unsigned int mtu;
-
-	s->d1->timeout.num_alerts++;
-
-	/* Reduce MTU after 2 unsuccessful retransmissions */
-	if (s->d1->timeout.num_alerts > 2
-			&& !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
-		{
-		mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
-		if(mtu < s->d1->mtu)
-			s->d1->mtu = mtu;
-		}
-
-	if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
-		{
-		/* fail the connection, enough alerts have been sent */
-		SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED);
-		return -1;
-		}
-
-	return 0;
-	}
-
-int dtls1_handle_timeout(SSL *s)
-	{
-	/* if no timer is expired, don't do anything */
-	if (!dtls1_is_timer_expired(s))
-		{
-		return 0;
-		}
-
-	dtls1_double_timeout(s);
-
-	if (dtls1_check_timeout_num(s) < 0)
-		return -1;
-
-	s->d1->timeout.read_timeouts++;
-	if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
-		{
-		s->d1->timeout.read_timeouts = 1;
-		}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-	if (s->tlsext_hb_pending)
-		{
-		s->tlsext_hb_pending = 0;
-		return dtls1_heartbeat(s);
-		}
-#endif
-
-	dtls1_start_timer(s);
-	return dtls1_retransmit_buffered_messages(s);
-	}
-
-static void get_current_time(struct timeval *t)
-{
-#ifdef OPENSSL_SYS_WIN32
-	struct _timeb tb;
-	_ftime(&tb);
-	t->tv_sec = (long)tb.time;
-	t->tv_usec = (long)tb.millitm * 1000;
-#elif defined(OPENSSL_SYS_VMS)
-	struct timeb tb;
-	ftime(&tb);
-	t->tv_sec = (long)tb.time;
-	t->tv_usec = (long)tb.millitm * 1000;
-#else
-	gettimeofday(t, NULL);
-#endif
-}
-
-int dtls1_listen(SSL *s, struct sockaddr *client)
-	{
-	int ret;
-
-	SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
-	s->d1->listen = 1;
-
-	ret = SSL_accept(s);
-	if (ret <= 0) return ret;
-	
-	(void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
-	return 1;
-	}
diff --git a/ssl/d1_meth.c b/ssl/d1_meth.c
deleted file mode 100644
index 5c4004bfe3..0000000000
--- a/ssl/d1_meth.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* ssl/d1_meth.h */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static const SSL_METHOD *dtls1_get_method(int ver);
-static const SSL_METHOD *dtls1_get_method(int ver)
-	{
-	if (ver == DTLS1_VERSION)
-		return(DTLSv1_method());
-	else
-		return(NULL);
-	}
-
-IMPLEMENT_dtls1_meth_func(DTLSv1_method,
-			dtls1_accept,
-			dtls1_connect,
-			dtls1_get_method)
-
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
deleted file mode 100644
index 4e5b68e501..0000000000
--- a/ssl/d1_pkt.c
+++ /dev/null
@@ -1,1876 +0,0 @@
-/* ssl/d1_pkt.c */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include <openssl/pqueue.h>
-#include <openssl/rand.h>
-
-/* mod 128 saturating subtract of two 64-bit values in big-endian order */
-static int satsub64be(const unsigned char *v1,const unsigned char *v2)
-{	int ret,sat,brw,i;
-
-	if (sizeof(long) == 8) do
-	{	const union { long one; char little; } is_endian = {1};
-		long l;
-
-		if (is_endian.little)			break;
-		/* not reached on little-endians */
-		/* following test is redundant, because input is
-		 * always aligned, but I take no chances... */
-		if (((size_t)v1|(size_t)v2)&0x7)	break;
-
-		l  = *((long *)v1);
-		l -= *((long *)v2);
-		if (l>128)		return 128;
-		else if (l<-128)	return -128;
-		else			return (int)l;
-	} while (0);
-
-	ret = (int)v1[7]-(int)v2[7];
-	sat = 0;
-	brw = ret>>8;	/* brw is either 0 or -1 */
-	if (ret & 0x80)
-	{	for (i=6;i>=0;i--)
-		{	brw += (int)v1[i]-(int)v2[i];
-			sat |= ~brw;
-			brw >>= 8;
-		}
-	}
-	else
-	{	for (i=6;i>=0;i--)
-		{	brw += (int)v1[i]-(int)v2[i];
-			sat |= brw;
-			brw >>= 8;
-		}
-	}
-	brw <<= 8;	/* brw is either 0 or -256 */
-
-	if (sat&0xff)	return brw | 0x80;
-	else		return brw + (ret&0xFF);
-}
-
-static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, 
-	int len, int peek);
-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
-static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, 
-    unsigned int *is_next_epoch);
-#if 0
-static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
-	unsigned short *priority, unsigned long *offset);
-#endif
-static int dtls1_buffer_record(SSL *s, record_pqueue *q,
-	unsigned char *priority);
-static int dtls1_process_record(SSL *s);
-static int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-			  unsigned int len);
-
-/* copy buffered record into SSL structure */
-static int
-dtls1_copy_record(SSL *s, pitem *item)
-    {
-    DTLS1_RECORD_DATA *rdata;
-
-    rdata = (DTLS1_RECORD_DATA *)item->data;
-    
-    if (s->s3->rbuf.buf != NULL)
-        OPENSSL_free(s->s3->rbuf.buf);
-    
-    s->packet = rdata->packet;
-    s->packet_length = rdata->packet_length;
-    memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
-    memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
-	
-	/* Set proper sequence number for mac calculation */
-	memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
-    
-    return(1);
-    }
-
-
-static int
-dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
-	{
-	DTLS1_RECORD_DATA *rdata;
-	pitem *item;
-
-	/* Limit the size of the queue to prevent DOS attacks */
-	if (pqueue_size(queue->q) >= 100)
-		return 0;
-
-	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
-	item = pitem_new(priority, rdata);
-	if (rdata == NULL || item == NULL)
-		{
-		if (rdata != NULL) OPENSSL_free(rdata);
-		if (item != NULL) pitem_free(item);
-		
-		SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
-		return(0);
-		}
-	
-	rdata->packet = s->packet;
-	rdata->packet_length = s->packet_length;
-	memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
-	memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
-
-	item->data = rdata;
-
-#ifndef OPENSSL_NO_SCTP
-	/* Store bio_dgram_sctp_rcvinfo struct */
-	if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-	    (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
-		BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
-	}
-#endif
-
-	s->packet = NULL;
-	s->packet_length = 0;
-	memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
-	memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
-	
-	if (!ssl3_setup_buffers(s))
-		{
-		SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
-		if (rdata->rbuf.buf != NULL)
-			OPENSSL_free(rdata->rbuf.buf);
-		OPENSSL_free(rdata);
-		pitem_free(item);
-		return(-1);
-		}
-
-	/* insert should not fail, since duplicates are dropped */
-	if (pqueue_insert(queue->q, item) == NULL)
-		{
-		SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
-		if (rdata->rbuf.buf != NULL)
-			OPENSSL_free(rdata->rbuf.buf);
-		OPENSSL_free(rdata);
-		pitem_free(item);
-		return(-1);
-		}
-
-	return(1);
-	}
-
-
-static int
-dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
-    {
-    pitem *item;
-
-    item = pqueue_pop(queue->q);
-    if (item)
-        {
-        dtls1_copy_record(s, item);
-
-        OPENSSL_free(item->data);
-		pitem_free(item);
-
-        return(1);
-        }
-
-    return(0);
-    }
-
-
-/* retrieve a buffered record that belongs to the new epoch, i.e., not processed 
- * yet */
-#define dtls1_get_unprocessed_record(s) \
-                   dtls1_retrieve_buffered_record((s), \
-                   &((s)->d1->unprocessed_rcds))
-
-/* retrieve a buffered record that belongs to the current epoch, ie, processed */
-#define dtls1_get_processed_record(s) \
-                   dtls1_retrieve_buffered_record((s), \
-                   &((s)->d1->processed_rcds))
-
-static int
-dtls1_process_buffered_records(SSL *s)
-    {
-    pitem *item;
-    
-    item = pqueue_peek(s->d1->unprocessed_rcds.q);
-    if (item)
-        {
-        /* Check if epoch is current. */
-        if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
-            return(1);  /* Nothing to do. */
-        
-        /* Process all the records. */
-        while (pqueue_peek(s->d1->unprocessed_rcds.q))
-            {
-            dtls1_get_unprocessed_record(s);
-            if ( ! dtls1_process_record(s))
-                return(0);
-            if(dtls1_buffer_record(s, &(s->d1->processed_rcds),
-                s->s3->rrec.seq_num)<0)
-                return -1;
-            }
-        }
-
-    /* sync epoch numbers once all the unprocessed records 
-     * have been processed */
-    s->d1->processed_rcds.epoch = s->d1->r_epoch;
-    s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
-
-    return(1);
-    }
-
-
-#if 0
-
-static int
-dtls1_get_buffered_record(SSL *s)
-	{
-	pitem *item;
-	PQ_64BIT priority = 
-		(((PQ_64BIT)s->d1->handshake_read_seq) << 32) | 
-		((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
-	
-	if ( ! SSL_in_init(s))  /* if we're not (re)negotiating, 
-							   nothing buffered */
-		return 0;
-
-
-	item = pqueue_peek(s->d1->rcvd_records);
-	if (item && item->priority == priority)
-		{
-		/* Check if we've received the record of interest.  It must be
-		 * a handshake record, since data records as passed up without
-		 * buffering */
-		DTLS1_RECORD_DATA *rdata;
-		item = pqueue_pop(s->d1->rcvd_records);
-		rdata = (DTLS1_RECORD_DATA *)item->data;
-		
-		if (s->s3->rbuf.buf != NULL)
-			OPENSSL_free(s->s3->rbuf.buf);
-		
-		s->packet = rdata->packet;
-		s->packet_length = rdata->packet_length;
-		memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
-		memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
-		
-		OPENSSL_free(item->data);
-		pitem_free(item);
-		
-		/* s->d1->next_expected_seq_num++; */
-		return(1);
-		}
-	
-	return 0;
-	}
-
-#endif
-
-static int
-dtls1_process_record(SSL *s)
-{
-	int i,al;
-	int enc_err;
-	SSL_SESSION *sess;
-	SSL3_RECORD *rr;
-	unsigned int mac_size, orig_len;
-	unsigned char md[EVP_MAX_MD_SIZE];
-
-	rr= &(s->s3->rrec);
-	sess = s->session;
-
-	/* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
-	 * and we have that many bytes in s->packet
-	 */
-	rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
-
-	/* ok, we can now read from 's->packet' data into 'rr'
-	 * rr->input points at rr->length bytes, which
-	 * need to be copied into rr->data by either
-	 * the decryption or by the decompression
-	 * When the data is 'copied' into the rr->data buffer,
-	 * rr->input will be pointed at the new buffer */ 
-
-	/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
-	 * rr->length bytes of encrypted compressed stuff. */
-
-	/* check is not needed I believe */
-	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
-		{
-		al=SSL_AD_RECORD_OVERFLOW;
-		SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
-		goto f_err;
-		}
-
-	/* decrypt in place in 'rr->input' */
-	rr->data=rr->input;
-
-	enc_err = s->method->ssl3_enc->enc(s,0);
-	/* enc_err is:
-	 *    0: (in non-constant time) if the record is publically invalid.
-	 *    1: if the padding is valid
-	 *    -1: if the padding is invalid */
-	if (enc_err == 0)
-		{
-		/* For DTLS we simply ignore bad packets. */
-		rr->length = 0;
-		s->packet_length = 0;
-		goto err;
-		}
-
-#ifdef TLS_DEBUG
-printf("dec %d\n",rr->length);
-{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
-	/* r->length is now the compressed data plus mac */
-	if ((sess != NULL) &&
-	    (s->enc_read_ctx != NULL) &&
-	    (EVP_MD_CTX_md(s->read_hash) != NULL))
-		{
-		/* s->read_hash != NULL => mac_size != -1 */
-		unsigned char *mac = NULL;
-		unsigned char mac_tmp[EVP_MAX_MD_SIZE];
-		mac_size=EVP_MD_CTX_size(s->read_hash);
-		OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
-
-		/* kludge: *_cbc_remove_padding passes padding length in rr->type */
-		orig_len = rr->length+((unsigned int)rr->type>>8);
-
-		/* orig_len is the length of the record before any padding was
-		 * removed. This is public information, as is the MAC in use,
-		 * therefore we can safely process the record in a different
-		 * amount of time if it's too short to possibly contain a MAC.
-		 */
-		if (orig_len < mac_size ||
-		    /* CBC records must have a padding length byte too. */
-		    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-		     orig_len < mac_size+1))
-			{
-			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-
-		if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
-			{
-			/* We update the length so that the TLS header bytes
-			 * can be constructed correctly but we need to extract
-			 * the MAC in constant time from within the record,
-			 * without leaking the contents of the padding bytes.
-			 * */
-			mac = mac_tmp;
-			ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
-			rr->length -= mac_size;
-			}
-		else
-			{
-			/* In this case there's no padding, so |orig_len|
-			 * equals |rec->length| and we checked that there's
-			 * enough bytes for |mac_size| above. */
-			rr->length -= mac_size;
-			mac = &rr->data[rr->length];
-			}
-
-		i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
-		if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
-			enc_err = -1;
-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
-			enc_err = -1;
-		}
-
-	if (enc_err < 0)
-		{
-		/* decryption failed, silently discard message */
-		rr->length = 0;
-		s->packet_length = 0;
-		goto err;
-		}
-
-	/* r->length is now just compressed */
-	if (s->expand != NULL)
-		{
-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
-			{
-			al=SSL_AD_RECORD_OVERFLOW;
-			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
-			goto f_err;
-			}
-		if (!ssl3_do_uncompress(s))
-			{
-			al=SSL_AD_DECOMPRESSION_FAILURE;
-			SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
-			goto f_err;
-			}
-		}
-
-	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
-		{
-		al=SSL_AD_RECORD_OVERFLOW;
-		SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
-		goto f_err;
-		}
-
-	rr->off=0;
-	/* So at this point the following is true
-	 * ssl->s3->rrec.type 	is the type of record
-	 * ssl->s3->rrec.length	== number of bytes in record
-	 * ssl->s3->rrec.off	== offset to first valid byte
-	 * ssl->s3->rrec.data	== where to take bytes from, increment
-	 *			   after use :-).
-	 */
-
-	/* we have pulled in a full packet so zero things */
-	s->packet_length=0;
-	return(1);
-
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-	return(0);
-}
-
-
-/* Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type    - is the type of record
- * ssl->s3->rrec.data, 	 - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by dtls1_read_bytes */
-int dtls1_get_record(SSL *s)
-	{
-	int ssl_major,ssl_minor;
-	int i,n;
-	SSL3_RECORD *rr;
-	unsigned char *p = NULL;
-	unsigned short version;
-	DTLS1_BITMAP *bitmap;
-	unsigned int is_next_epoch;
-
-	rr= &(s->s3->rrec);
-
-	/* The epoch may have changed.  If so, process all the
-	 * pending records.  This is a non-blocking operation. */
-	if(dtls1_process_buffered_records(s)<0)
-		return -1;
-
-	/* if we're renegotiating, then there may be buffered records */
-	if (dtls1_get_processed_record(s))
-		return 1;
-
-	/* get something from the wire */
-again:
-	/* check if we have the header */
-	if (	(s->rstate != SSL_ST_READ_BODY) ||
-		(s->packet_length < DTLS1_RT_HEADER_LENGTH)) 
-		{
-		n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
-		/* read timeout is handled by dtls1_read_bytes */
-		if (n <= 0) return(n); /* error or non-blocking */
-
-		/* this packet contained a partial record, dump it */
-		if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
-			{
-			s->packet_length = 0;
-			goto again;
-			}
-
-		s->rstate=SSL_ST_READ_BODY;
-
-		p=s->packet;
-
-		/* Pull apart the header into the DTLS1_RECORD */
-		rr->type= *(p++);
-		ssl_major= *(p++);
-		ssl_minor= *(p++);
-		version=(ssl_major<<8)|ssl_minor;
-
-		/* sequence number is 64 bits, with top 2 bytes = epoch */ 
-		n2s(p,rr->epoch);
-
-		memcpy(&(s->s3->read_sequence[2]), p, 6);
-		p+=6;
-
-		n2s(p,rr->length);
-
-		/* Lets check version */
-		if (!s->first_packet)
-			{
-			if (version != s->version)
-				{
-				/* unexpected version, silently discard */
-				rr->length = 0;
-				s->packet_length = 0;
-				goto again;
-				}
-			}
-
-		if ((version & 0xff00) != (s->version & 0xff00))
-			{
-			/* wrong version, silently discard record */
-			rr->length = 0;
-			s->packet_length = 0;
-			goto again;
-			}
-
-		if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
-			{
-			/* record too long, silently discard it */
-			rr->length = 0;
-			s->packet_length = 0;
-			goto again;
-			}
-
-		/* now s->rstate == SSL_ST_READ_BODY */
-		}
-
-	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-
-	if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH)
-		{
-		/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
-		i=rr->length;
-		n=ssl3_read_n(s,i,i,1);
-		/* this packet contained a partial record, dump it */
-		if ( n != i)
-			{
-			rr->length = 0;
-			s->packet_length = 0;
-			goto again;
-			}
-
-		/* now n == rr->length,
-		 * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
-		}
-	s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
-
-	/* match epochs.  NULL means the packet is dropped on the floor */
-	bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
-	if ( bitmap == NULL)
-		{
-		rr->length = 0;
-		s->packet_length = 0;  /* dump this record */
-		goto again;   /* get another record */
-		}
-
-#ifndef OPENSSL_NO_SCTP
-	/* Only do replay check if no SCTP bio */
-	if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
-  		{
-#endif
-		/* Check whether this is a repeat, or aged record.
-		 * Don't check if we're listening and this message is
-		 * a ClientHello. They can look as if they're replayed,
-		 * since they arrive from different connections and
-		 * would be dropped unnecessarily.
-		 */
-		if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
-		    s->packet_length > DTLS1_RT_HEADER_LENGTH &&
-		    s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&
-		    !dtls1_record_replay_check(s, bitmap))
-			{
-			rr->length = 0;
-			s->packet_length=0; /* dump this record */
-			goto again;     /* get another record */
-			}
-#ifndef OPENSSL_NO_SCTP
-  		}
-#endif
-
-	/* just read a 0 length packet */
-	if (rr->length == 0) goto again;
-
-	/* If this record is from the next epoch (either HM or ALERT),
-	 * and a handshake is currently in progress, buffer it since it
-	 * cannot be processed at this time. However, do not buffer
-	 * anything while listening.
-	 */
-	if (is_next_epoch)
-		{
-		if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
-			{
-			if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0)
-				return -1;
-			dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */
-			}
-		rr->length = 0;
-		s->packet_length = 0;
-		goto again;
-		}
-
-	if (!dtls1_process_record(s))
-		{
-		rr->length = 0;
-		s->packet_length = 0;  /* dump this record */
-		goto again;   /* get another record */
-		}
-	dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */
-
-	return(1);
-
-	}
-
-/* Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- *   -  0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- *     Change cipher spec protocol
- *             just 1 byte needed, no need for keeping anything stored
- *     Alert protocol
- *             2 bytes needed (AlertLevel, AlertDescription)
- *     Handshake protocol
- *             4 bytes needed (HandshakeType, uint24 length) -- we just have
- *             to detect unexpected Client Hello and Hello Request messages
- *             here, anything else is handled by higher layers
- *     Application data protocol
- *             none of our business
- */
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
-	{
-	int al,i,j,ret;
-	unsigned int n;
-	SSL3_RECORD *rr;
-	void (*cb)(const SSL *ssl,int type2,int val)=NULL;
-
-	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
-		if (!ssl3_setup_buffers(s))
-			return(-1);
-
-    /* XXX: check what the second '&& type' is about */
-	if ((type && (type != SSL3_RT_APPLICATION_DATA) && 
-		(type != SSL3_RT_HANDSHAKE) && type) ||
-	    (peek && (type != SSL3_RT_APPLICATION_DATA)))
-		{
-		SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
-		return -1;
-		}
-
-	/* check whether there's a handshake message (client hello?) waiting */
-	if ( (ret = have_handshake_fragment(s, type, buf, len, peek)))
-		return ret;
-
-	/* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
-
-#ifndef OPENSSL_NO_SCTP
-	/* Continue handshake if it had to be interrupted to read
-	 * app data with SCTP.
-	 */
-	if ((!s->in_handshake && SSL_in_init(s)) ||
-	    (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-	     (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK) &&
-	     s->s3->in_read_app_data != 2))
-#else
-	if (!s->in_handshake && SSL_in_init(s))
-#endif
-		{
-		/* type == SSL3_RT_APPLICATION_DATA */
-		i=s->handshake_func(s);
-		if (i < 0) return(i);
-		if (i == 0)
-			{
-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-			return(-1);
-			}
-		}
-
-start:
-	s->rwstate=SSL_NOTHING;
-
-	/* s->s3->rrec.type	    - is the type of record
-	 * s->s3->rrec.data,    - data
-	 * s->s3->rrec.off,     - offset into 'data' for next read
-	 * s->s3->rrec.length,  - number of bytes. */
-	rr = &(s->s3->rrec);
-
-	/* We are not handshaking and have no data yet,
-	 * so process data buffered during the last handshake
-	 * in advance, if any.
-	 */
-	if (s->state == SSL_ST_OK && rr->length == 0)
-		{
-		pitem *item;
-		item = pqueue_pop(s->d1->buffered_app_data.q);
-		if (item)
-			{
-#ifndef OPENSSL_NO_SCTP
-			/* Restore bio_dgram_sctp_rcvinfo struct */
-			if (BIO_dgram_is_sctp(SSL_get_rbio(s)))
-				{
-				DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data;
-				BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
-				}
-#endif
-
-			dtls1_copy_record(s, item);
-
-			OPENSSL_free(item->data);
-			pitem_free(item);
-			}
-		}
-
-	/* Check for timeout */
-	if (dtls1_handle_timeout(s) > 0)
-		goto start;
-
-	/* get new packet if necessary */
-	if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
-		{
-		ret=dtls1_get_record(s);
-		if (ret <= 0) 
-			{
-			ret = dtls1_read_failed(s, ret);
-			/* anything other than a timeout is an error */
-			if (ret <= 0)  
-				return(ret);
-			else
-				goto start;
-			}
-		}
-
-	if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
-		{
-		rr->length = 0;
-		goto start;
-		}
-
-	/* we now have a packet which can be read and processed */
-
-	if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
-	                               * reset by ssl3_get_finished */
-		&& (rr->type != SSL3_RT_HANDSHAKE))
-		{
-		/* We now have application data between CCS and Finished.
-		 * Most likely the packets were reordered on their way, so
-		 * buffer the application data for later processing rather
-		 * than dropping the connection.
-		 */
-		if(dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num)<0)
-			{
-			SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
-			return -1;
-			}
-		rr->length = 0;
-		goto start;
-		}
-
-	/* If the other end has shut down, throw anything we read away
-	 * (even in 'peek' mode) */
-	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
-		{
-		rr->length=0;
-		s->rwstate=SSL_NOTHING;
-		return(0);
-		}
-
-
-	if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
-		{
-		/* make sure that we are not getting application data when we
-		 * are doing a handshake for the first time */
-		if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
-			(s->enc_read_ctx == NULL))
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
-			goto f_err;
-			}
-
-		if (len <= 0) return(len);
-
-		if ((unsigned int)len > rr->length)
-			n = rr->length;
-		else
-			n = (unsigned int)len;
-
-		memcpy(buf,&(rr->data[rr->off]),n);
-		if (!peek)
-			{
-			rr->length-=n;
-			rr->off+=n;
-			if (rr->length == 0)
-				{
-				s->rstate=SSL_ST_READ_HEADER;
-				rr->off=0;
-				}
-			}
-
-#ifndef OPENSSL_NO_SCTP
-			/* We were about to renegotiate but had to read
-			 * belated application data first, so retry.
-			 */
-			if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-			    rr->type == SSL3_RT_APPLICATION_DATA &&
-			    (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK))
-				{
-				s->rwstate=SSL_READING;
-				BIO_clear_retry_flags(SSL_get_rbio(s));
-				BIO_set_retry_read(SSL_get_rbio(s));
-				}
-
-			/* We might had to delay a close_notify alert because
-			 * of reordered app data. If there was an alert and there
-			 * is no message to read anymore, finally set shutdown.
-			 */
-			if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-			    s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
-				{
-				s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-				return(0);
-				}
-#endif			
-		return(n);
-		}
-
-
-	/* If we get here, then type != rr->type; if we have a handshake
-	 * message, then it was unexpected (Hello Request or Client Hello). */
-
-	/* In case of record types for which we have 'fragment' storage,
-	 * fill that so that we can process the data at a fixed place.
-	 */
-		{
-		unsigned int k, dest_maxlen = 0;
-		unsigned char *dest = NULL;
-		unsigned int *dest_len = NULL;
-
-		if (rr->type == SSL3_RT_HANDSHAKE)
-			{
-			dest_maxlen = sizeof s->d1->handshake_fragment;
-			dest = s->d1->handshake_fragment;
-			dest_len = &s->d1->handshake_fragment_len;
-			}
-		else if (rr->type == SSL3_RT_ALERT)
-			{
-			dest_maxlen = sizeof(s->d1->alert_fragment);
-			dest = s->d1->alert_fragment;
-			dest_len = &s->d1->alert_fragment_len;
-			}
-#ifndef OPENSSL_NO_HEARTBEATS
-		else if (rr->type == TLS1_RT_HEARTBEAT)
-			{
-			dtls1_process_heartbeat(s);
-
-			/* Exit and notify application to read again */
-			rr->length = 0;
-			s->rwstate=SSL_READING;
-			BIO_clear_retry_flags(SSL_get_rbio(s));
-			BIO_set_retry_read(SSL_get_rbio(s));
-			return(-1);
-			}
-#endif
-		/* else it's a CCS message, or application data or wrong */
-		else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
-			{
-			/* Application data while renegotiating
-			 * is allowed. Try again reading.
-			 */
-			if (rr->type == SSL3_RT_APPLICATION_DATA)
-				{
-				BIO *bio;
-				s->s3->in_read_app_data=2;
-				bio=SSL_get_rbio(s);
-				s->rwstate=SSL_READING;
-				BIO_clear_retry_flags(bio);
-				BIO_set_retry_read(bio);
-				return(-1);
-				}
-
-			/* Not certain if this is the right error handling */
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
-			goto f_err;
-			}
-
-		if (dest_maxlen > 0)
-			{
-            /* XDTLS:  In a pathalogical case, the Client Hello
-             *  may be fragmented--don't always expect dest_maxlen bytes */
-			if ( rr->length < dest_maxlen)
-				{
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-				/*
-				 * for normal alerts rr->length is 2, while
-				 * dest_maxlen is 7 if we were to handle this
-				 * non-existing alert...
-				 */
-				FIX ME
-#endif
-				s->rstate=SSL_ST_READ_HEADER;
-				rr->length = 0;
-				goto start;
-				}
-
-			/* now move 'n' bytes: */
-			for ( k = 0; k < dest_maxlen; k++)
-				{
-				dest[k] = rr->data[rr->off++];
-				rr->length--;
-				}
-			*dest_len = dest_maxlen;
-			}
-		}
-
-	/* s->d1->handshake_fragment_len == 12  iff  rr->type == SSL3_RT_HANDSHAKE;
-	 * s->d1->alert_fragment_len == 7      iff  rr->type == SSL3_RT_ALERT.
-	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
-
-	/* If we are a client, check for an incoming 'Hello Request': */
-	if ((!s->server) &&
-		(s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
-		(s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
-		(s->session != NULL) && (s->session->cipher != NULL))
-		{
-		s->d1->handshake_fragment_len = 0;
-
-		if ((s->d1->handshake_fragment[1] != 0) ||
-			(s->d1->handshake_fragment[2] != 0) ||
-			(s->d1->handshake_fragment[3] != 0))
-			{
-			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
-			goto err;
-			}
-
-		/* no need to check sequence number on HELLO REQUEST messages */
-
-		if (s->msg_callback)
-			s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, 
-				s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
-
-		if (SSL_is_init_finished(s) &&
-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
-			!s->s3->renegotiate)
-			{
-			s->d1->handshake_read_seq++;
-			s->new_session = 1;
-			ssl3_renegotiate(s);
-			if (ssl3_renegotiate_check(s))
-				{
-				i=s->handshake_func(s);
-				if (i < 0) return(i);
-				if (i == 0)
-					{
-					SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-					return(-1);
-					}
-
-				if (!(s->mode & SSL_MODE_AUTO_RETRY))
-					{
-					if (s->s3->rbuf.left == 0) /* no read-ahead left? */
-						{
-						BIO *bio;
-						/* In the case where we try to read application data,
-						 * but we trigger an SSL handshake, we return -1 with
-						 * the retry option set.  Otherwise renegotiation may
-						 * cause nasty problems in the blocking world */
-						s->rwstate=SSL_READING;
-						bio=SSL_get_rbio(s);
-						BIO_clear_retry_flags(bio);
-						BIO_set_retry_read(bio);
-						return(-1);
-						}
-					}
-				}
-			}
-		/* we either finished a handshake or ignored the request,
-		 * now try again to obtain the (application) data we were asked for */
-		goto start;
-		}
-
-	if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH)
-		{
-		int alert_level = s->d1->alert_fragment[0];
-		int alert_descr = s->d1->alert_fragment[1];
-
-		s->d1->alert_fragment_len = 0;
-
-		if (s->msg_callback)
-			s->msg_callback(0, s->version, SSL3_RT_ALERT, 
-				s->d1->alert_fragment, 2, s, s->msg_callback_arg);
-
-		if (s->info_callback != NULL)
-			cb=s->info_callback;
-		else if (s->ctx->info_callback != NULL)
-			cb=s->ctx->info_callback;
-
-		if (cb != NULL)
-			{
-			j = (alert_level << 8) | alert_descr;
-			cb(s, SSL_CB_READ_ALERT, j);
-			}
-
-		if (alert_level == 1) /* warning */
-			{
-			s->s3->warn_alert = alert_descr;
-			if (alert_descr == SSL_AD_CLOSE_NOTIFY)
-				{
-#ifndef OPENSSL_NO_SCTP
-				/* With SCTP and streams the socket may deliver app data
-				 * after a close_notify alert. We have to check this
-				 * first so that nothing gets discarded.
-				 */
-				if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
-					BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
-					{
-					s->d1->shutdown_received = 1;
-					s->rwstate=SSL_READING;
-					BIO_clear_retry_flags(SSL_get_rbio(s));
-					BIO_set_retry_read(SSL_get_rbio(s));
-					return -1;
-					}
-#endif
-				s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-				return(0);
-				}
-#if 0
-            /* XXX: this is a possible improvement in the future */
-			/* now check if it's a missing record */
-			if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
-				{
-				unsigned short seq;
-				unsigned int frag_off;
-				unsigned char *p = &(s->d1->alert_fragment[2]);
-
-				n2s(p, seq);
-				n2l3(p, frag_off);
-
-				dtls1_retransmit_message(s,
-										 dtls1_get_queue_priority(frag->msg_header.seq, 0),
-										 frag_off, &found);
-				if ( ! found  && SSL_in_init(s))
-					{
-					/* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
-					/* requested a message not yet sent, 
-					   send an alert ourselves */
-					ssl3_send_alert(s,SSL3_AL_WARNING,
-						DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-					}
-				}
-#endif
-			}
-		else if (alert_level == 2) /* fatal */
-			{
-			char tmp[16];
-
-			s->rwstate=SSL_NOTHING;
-			s->s3->fatal_alert = alert_descr;
-			SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
-			BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
-			ERR_add_error_data(2,"SSL alert number ",tmp);
-			s->shutdown|=SSL_RECEIVED_SHUTDOWN;
-			SSL_CTX_remove_session(s->ctx,s->session);
-			return(0);
-			}
-		else
-			{
-			al=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
-			goto f_err;
-			}
-
-		goto start;
-		}
-
-	if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
-		{
-		s->rwstate=SSL_NOTHING;
-		rr->length=0;
-		return(0);
-		}
-
-	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
-		{
-		struct ccs_header_st ccs_hdr;
-		unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
-
-		dtls1_get_ccs_header(rr->data, &ccs_hdr);
-
-		if (s->version == DTLS1_BAD_VER)
-			ccs_hdr_len = 3;
-
-		/* 'Change Cipher Spec' is just a single byte, so we know
-		 * exactly what the record payload has to look like */
-		/* XDTLS: check that epoch is consistent */
-		if (	(rr->length != ccs_hdr_len) || 
-			(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
-			{
-			i=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
-			goto err;
-			}
-
-		rr->length=0;
-
-		if (s->msg_callback)
-			s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, 
-				rr->data, 1, s, s->msg_callback_arg);
-
-		/* We can't process a CCS now, because previous handshake
-		 * messages are still missing, so just drop it.
-		 */
-		if (!s->d1->change_cipher_spec_ok)
-			{
-			goto start;
-			}
-
-		s->d1->change_cipher_spec_ok = 0;
-
-		s->s3->change_cipher_spec=1;
-		if (!ssl3_do_change_cipher_spec(s))
-			goto err;
-
-		/* do this whenever CCS is processed */
-		dtls1_reset_seq_numbers(s, SSL3_CC_READ);
-
-		if (s->version == DTLS1_BAD_VER)
-			s->d1->handshake_read_seq++;
-
-#ifndef OPENSSL_NO_SCTP
-		/* Remember that a CCS has been received,
-		 * so that an old key of SCTP-Auth can be
-		 * deleted when a CCS is sent. Will be ignored
-		 * if no SCTP is used
-		 */
-		BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
-#endif
-
-		goto start;
-		}
-
-	/* Unexpected handshake message (Client Hello, or protocol violation) */
-	if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && 
-		!s->in_handshake)
-		{
-		struct hm_header_st msg_hdr;
-		
-		/* this may just be a stale retransmit */
-		dtls1_get_message_header(rr->data, &msg_hdr);
-		if( rr->epoch != s->d1->r_epoch)
-			{
-			rr->length = 0;
-			goto start;
-			}
-
-		/* If we are server, we may have a repeated FINISHED of the
-		 * client here, then retransmit our CCS and FINISHED.
-		 */
-		if (msg_hdr.type == SSL3_MT_FINISHED)
-			{
-			if (dtls1_check_timeout_num(s) < 0)
-				return -1;
-
-			dtls1_retransmit_buffered_messages(s);
-			rr->length = 0;
-			goto start;
-			}
-
-		if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
-			{
-#if 0 /* worked only because C operator preferences are not as expected (and
-       * because this is not really needed for clients except for detecting
-       * protocol violations): */
-			s->state=SSL_ST_BEFORE|(s->server)
-				?SSL_ST_ACCEPT
-				:SSL_ST_CONNECT;
-#else
-			s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
-			s->renegotiate=1;
-			s->new_session=1;
-			}
-		i=s->handshake_func(s);
-		if (i < 0) return(i);
-		if (i == 0)
-			{
-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-			return(-1);
-			}
-
-		if (!(s->mode & SSL_MODE_AUTO_RETRY))
-			{
-			if (s->s3->rbuf.left == 0) /* no read-ahead left? */
-				{
-				BIO *bio;
-				/* In the case where we try to read application data,
-				 * but we trigger an SSL handshake, we return -1 with
-				 * the retry option set.  Otherwise renegotiation may
-				 * cause nasty problems in the blocking world */
-				s->rwstate=SSL_READING;
-				bio=SSL_get_rbio(s);
-				BIO_clear_retry_flags(bio);
-				BIO_set_retry_read(bio);
-				return(-1);
-				}
-			}
-		goto start;
-		}
-
-	switch (rr->type)
-		{
-	default:
-#ifndef OPENSSL_NO_TLS
-		/* TLS just ignores unknown message types */
-		if (s->version == TLS1_VERSION)
-			{
-			rr->length = 0;
-			goto start;
-			}
-#endif
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
-		goto f_err;
-	case SSL3_RT_CHANGE_CIPHER_SPEC:
-	case SSL3_RT_ALERT:
-	case SSL3_RT_HANDSHAKE:
-		/* we already handled all of these, with the possible exception
-		 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
-		 * should not happen when type != rr->type */
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR);
-		goto f_err;
-	case SSL3_RT_APPLICATION_DATA:
-		/* At this point, we were expecting handshake data,
-		 * but have application data.  If the library was
-		 * running inside ssl3_read() (i.e. in_read_app_data
-		 * is set) and it makes sense to read application data
-		 * at this point (session renegotiation not yet started),
-		 * we will indulge it.
-		 */
-		if (s->s3->in_read_app_data &&
-			(s->s3->total_renegotiations != 0) &&
-			((
-				(s->state & SSL_ST_CONNECT) &&
-				(s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
-				(s->state <= SSL3_ST_CR_SRVR_HELLO_A)
-				) || (
-					(s->state & SSL_ST_ACCEPT) &&
-					(s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
-					(s->state >= SSL3_ST_SR_CLNT_HELLO_A)
-					)
-				))
-			{
-			s->s3->in_read_app_data=2;
-			return(-1);
-			}
-		else
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
-			goto f_err;
-			}
-		}
-	/* not reached */
-
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-	return(-1);
-	}
-
-int
-dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
-	{
-	int i;
-
-#ifndef OPENSSL_NO_SCTP
-		/* Check if we have to continue an interrupted handshake
-		 * for reading belated app data with SCTP.
-		 */
-		if ((SSL_in_init(s) && !s->in_handshake) ||
-		    (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-		     (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
-#else
-		if (SSL_in_init(s) && !s->in_handshake)
-#endif
-		{
-		i=s->handshake_func(s);
-		if (i < 0) return(i);
-		if (i == 0)
-			{
-			SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-			return -1;
-			}
-		}
-
-	if (len > SSL3_RT_MAX_PLAIN_LENGTH)
-		{
-			SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_DTLS_MESSAGE_TOO_BIG);
-			return -1;
-		}
-
-	i = dtls1_write_bytes(s, type, buf_, len);
-	return i;
-	}
-
-
-	/* this only happens when a client hello is received and a handshake 
-	 * is started. */
-static int
-have_handshake_fragment(SSL *s, int type, unsigned char *buf, 
-	int len, int peek)
-	{
-	
-	if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
-		/* (partially) satisfy request from storage */
-		{
-		unsigned char *src = s->d1->handshake_fragment;
-		unsigned char *dst = buf;
-		unsigned int k,n;
-		
-		/* peek == 0 */
-		n = 0;
-		while ((len > 0) && (s->d1->handshake_fragment_len > 0))
-			{
-			*dst++ = *src++;
-			len--; s->d1->handshake_fragment_len--;
-			n++;
-			}
-		/* move any remaining fragment bytes: */
-		for (k = 0; k < s->d1->handshake_fragment_len; k++)
-			s->d1->handshake_fragment[k] = *src++;
-		return n;
-		}
-	
-	return 0;
-	}
-
-
-
-
-/* Call this to write data in records of type 'type'
- * It will return <= 0 if not all data has been sent or non-blocking IO.
- */
-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
-	{
-	int i;
-
-	OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
-	s->rwstate=SSL_NOTHING;
-	i=do_dtls1_write(s, type, buf, len);
-	return i;
-	}
-
-static int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-			  unsigned int len)
-	{
-	unsigned char *p,*pseq;
-	int i,mac_size,clear=0;
-	int prefix_len = 0;
-	SSL3_RECORD *wr;
-	SSL3_BUFFER *wb;
-	SSL_SESSION *sess;
-	int bs;
-
-	/* first check if there is a SSL3_BUFFER still being written
-	 * out.  This will happen with non blocking IO */
-	if (s->s3->wbuf.left != 0)
-		{
-		OPENSSL_assert(0); /* XDTLS:  want to see if we ever get here */
-		return(ssl3_write_pending(s,type,buf,len));
-		}
-
-	/* If we have an alert to send, lets send it */
-	if (s->s3->alert_dispatch)
-		{
-		i=s->method->ssl_dispatch_alert(s);
-		if (i <= 0)
-			return(i);
-		/* if it went, fall through and send more stuff */
-		}
-
-	if (len == 0)
-		return 0;
-
-	wr= &(s->s3->wrec);
-	wb= &(s->s3->wbuf);
-	sess=s->session;
-
-	if (	(sess == NULL) ||
-		(s->enc_write_ctx == NULL) ||
-		(EVP_MD_CTX_md(s->write_hash) == NULL))
-		clear=1;
-
-	if (clear)
-		mac_size=0;
-	else
-		{
-		mac_size=EVP_MD_CTX_size(s->write_hash);
-		if (mac_size < 0)
-			goto err;
-		}
-
-	p = wb->buf + prefix_len;
-
-	/* write the header */
-
-	*(p++)=type&0xff;
-	wr->type=type;
-
-	*(p++)=(s->version>>8);
-	*(p++)=s->version&0xff;
-
-	/* field where we are to write out packet epoch, seq num and len */
-	pseq=p; 
-	p+=10;
-
-	/* lets setup the record stuff. */
-
-	/* Make space for the explicit IV in case of CBC.
-	 * (this is a bit of a boundary violation, but what the heck).
-	 */
-	if ( s->enc_write_ctx && 
-		(EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
-		bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
-	else
-		bs = 0;
-
-	wr->data=p + bs;  /* make room for IV in case of CBC */
-	wr->length=(int)len;
-	wr->input=(unsigned char *)buf;
-
-	/* we now 'read' from wr->input, wr->length bytes into
-	 * wr->data */
-
-	/* first we compress */
-	if (s->compress != NULL)
-		{
-		if (!ssl3_do_compress(s))
-			{
-			SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
-			goto err;
-			}
-		}
-	else
-		{
-		memcpy(wr->data,wr->input,wr->length);
-		wr->input=wr->data;
-		}
-
-	/* we should still have the output to wr->data and the input
-	 * from wr->input.  Length should be wr->length.
-	 * wr->data still points in the wb->buf */
-
-	if (mac_size != 0)
-		{
-		if(s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1) < 0)
-			goto err;
-		wr->length+=mac_size;
-		}
-
-	/* this is true regardless of mac size */
-	wr->input=p;
-	wr->data=p;
-
-
-	/* ssl3_enc can only have an error on read */
-	if (bs)	/* bs != 0 in case of CBC */
-		{
-		RAND_pseudo_bytes(p,bs);
-		/* master IV and last CBC residue stand for
-		 * the rest of randomness */
-		wr->length += bs;
-		}
-
-	if(s->method->ssl3_enc->enc(s,1) < 1) goto err;
-
-	/* record length after mac and block padding */
-/*	if (type == SSL3_RT_APPLICATION_DATA ||
-	(type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
-	
-	/* there's only one epoch between handshake and app data */
-	
-	s2n(s->d1->w_epoch, pseq);
-
-	/* XDTLS: ?? */
-/*	else
-	s2n(s->d1->handshake_epoch, pseq); */
-
-	memcpy(pseq, &(s->s3->write_sequence[2]), 6);
-	pseq+=6;
-	s2n(wr->length,pseq);
-
-	/* we should now have
-	 * wr->data pointing to the encrypted data, which is
-	 * wr->length long */
-	wr->type=type; /* not needed but helps for debugging */
-	wr->length+=DTLS1_RT_HEADER_LENGTH;
-
-#if 0  /* this is now done at the message layer */
-	/* buffer the record, making it easy to handle retransmits */
-	if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
-		dtls1_buffer_record(s, wr->data, wr->length, 
-			*((PQ_64BIT *)&(s->s3->write_sequence[0])));
-#endif
-
-	ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
-
-	/* now let's set up wb */
-	wb->left = prefix_len + wr->length;
-	wb->offset = 0;
-
-	/* memorize arguments so that ssl3_write_pending can detect bad write retries later */
-	s->s3->wpend_tot=len;
-	s->s3->wpend_buf=buf;
-	s->s3->wpend_type=type;
-	s->s3->wpend_ret=len;
-
-	/* we now just need to write the buffer */
-	return ssl3_write_pending(s,type,buf,len);
-err:
-	return -1;
-	}
-
-
-
-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
-	{
-	int cmp;
-	unsigned int shift;
-	const unsigned char *seq = s->s3->read_sequence;
-
-	cmp = satsub64be(seq,bitmap->max_seq_num);
-	if (cmp > 0)
-		{
-		memcpy (s->s3->rrec.seq_num,seq,8);
-		return 1; /* this record in new */
-		}
-	shift = -cmp;
-	if (shift >= sizeof(bitmap->map)*8)
-		return 0; /* stale, outside the window */
-	else if (bitmap->map & (1UL<<shift))
-		return 0; /* record previously received */
-
-	memcpy (s->s3->rrec.seq_num,seq,8);
-	return 1;
-	}
-
-
-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
-	{
-	int cmp;
-	unsigned int shift;
-	const unsigned char *seq = s->s3->read_sequence;
-
-	cmp = satsub64be(seq,bitmap->max_seq_num);
-	if (cmp > 0)
-		{
-		shift = cmp;
-		if (shift < sizeof(bitmap->map)*8)
-			bitmap->map <<= shift, bitmap->map |= 1UL;
-		else
-			bitmap->map = 1UL;
-		memcpy(bitmap->max_seq_num,seq,8);
-		}
-	else	{
-		shift = -cmp;
-		if (shift < sizeof(bitmap->map)*8)
-			bitmap->map |= 1UL<<shift;
-		}
-	}
-
-
-int dtls1_dispatch_alert(SSL *s)
-	{
-	int i,j;
-	void (*cb)(const SSL *ssl,int type,int val)=NULL;
-	unsigned char buf[DTLS1_AL_HEADER_LENGTH];
-	unsigned char *ptr = &buf[0];
-
-	s->s3->alert_dispatch=0;
-
-	memset(buf, 0x00, sizeof(buf));
-	*ptr++ = s->s3->send_alert[0];
-	*ptr++ = s->s3->send_alert[1];
-
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-	if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
-		{	
-		s2n(s->d1->handshake_read_seq, ptr);
-#if 0
-		if ( s->d1->r_msg_hdr.frag_off == 0)  /* waiting for a new msg */
-
-		else
-			s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
-#endif
-
-#if 0
-		fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq);
-#endif
-		l2n3(s->d1->r_msg_hdr.frag_off, ptr);
-		}
-#endif
-
-	i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf));
-	if (i <= 0)
-		{
-		s->s3->alert_dispatch=1;
-		/* fprintf( stderr, "not done with alert\n" ); */
-		}
-	else
-		{
-		if (s->s3->send_alert[0] == SSL3_AL_FATAL
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-		    || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-#endif
-		    )
-			(void)BIO_flush(s->wbio);
-
-		if (s->msg_callback)
-			s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 
-				2, s, s->msg_callback_arg);
-
-		if (s->info_callback != NULL)
-			cb=s->info_callback;
-		else if (s->ctx->info_callback != NULL)
-			cb=s->ctx->info_callback;
-
-		if (cb != NULL)
-			{
-			j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
-			cb(s,SSL_CB_WRITE_ALERT,j);
-			}
-		}
-	return(i);
-	}
-
-
-static DTLS1_BITMAP *
-dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
-    {
-    
-    *is_next_epoch = 0;
-
-    /* In current epoch, accept HM, CCS, DATA, & ALERT */
-    if (rr->epoch == s->d1->r_epoch)
-        return &s->d1->bitmap;
-
-    /* Only HM and ALERT messages can be from the next epoch */
-    else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
-        (rr->type == SSL3_RT_HANDSHAKE ||
-            rr->type == SSL3_RT_ALERT))
-        {
-        *is_next_epoch = 1;
-        return &s->d1->next_bitmap;
-        }
-
-    return NULL;
-    }
-
-#if 0
-static int
-dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority,
-	unsigned long *offset)
-	{
-
-	/* alerts are passed up immediately */
-	if ( rr->type == SSL3_RT_APPLICATION_DATA ||
-		rr->type == SSL3_RT_ALERT)
-		return 0;
-
-	/* Only need to buffer if a handshake is underway.
-	 * (this implies that Hello Request and Client Hello are passed up
-	 * immediately) */
-	if ( SSL_in_init(s))
-		{
-		unsigned char *data = rr->data;
-		/* need to extract the HM/CCS sequence number here */
-		if ( rr->type == SSL3_RT_HANDSHAKE ||
-			rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
-			{
-			unsigned short seq_num;
-			struct hm_header_st msg_hdr;
-			struct ccs_header_st ccs_hdr;
-
-			if ( rr->type == SSL3_RT_HANDSHAKE)
-				{
-				dtls1_get_message_header(data, &msg_hdr);
-				seq_num = msg_hdr.seq;
-				*offset = msg_hdr.frag_off;
-				}
-			else
-				{
-				dtls1_get_ccs_header(data, &ccs_hdr);
-				seq_num = ccs_hdr.seq;
-				*offset = 0;
-				}
-				
-			/* this is either a record we're waiting for, or a
-			 * retransmit of something we happened to previously 
-			 * receive (higher layers will drop the repeat silently */
-			if ( seq_num < s->d1->handshake_read_seq)
-				return 0;
-			if (rr->type == SSL3_RT_HANDSHAKE && 
-				seq_num == s->d1->handshake_read_seq &&
-				msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
-				return 0;
-			else if ( seq_num == s->d1->handshake_read_seq &&
-				(rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
-					msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
-				return 0;
-			else
-				{
-				*priority = seq_num;
-				return 1;
-				}
-			}
-		else /* unknown record type */
-			return 0;
-		}
-
-	return 0;
-	}
-#endif
-
-void
-dtls1_reset_seq_numbers(SSL *s, int rw)
-	{
-	unsigned char *seq;
-	unsigned int seq_bytes = sizeof(s->s3->read_sequence);
-
-	if ( rw & SSL3_CC_READ)
-		{
-		seq = s->s3->read_sequence;
-		s->d1->r_epoch++;
-		memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
-		memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
-		}
-	else
-		{
-		seq = s->s3->write_sequence;
-		memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
-		s->d1->w_epoch++;
-		}
-
-	memset(seq, 0x00, seq_bytes);
-	}
diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
deleted file mode 100644
index 535539ba3b..0000000000
--- a/ssl/d1_srtp.c
+++ /dev/null
@@ -1,463 +0,0 @@
-/* ssl/t1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/*
-  DTLS code by Eric Rescorla <ekr@rtfm.com>
-
-  Copyright (C) 2006, Network Resonance, Inc.
-  Copyright (C) 2011, RTFM, Inc.
-*/
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-#ifndef OPENSSL_NO_SRTP
-
-#include "srtp.h"
-
-
-static SRTP_PROTECTION_PROFILE srtp_known_profiles[]=
-    {
-    {
-    "SRTP_AES128_CM_SHA1_80",
-    SRTP_AES128_CM_SHA1_80,
-    },
-    {
-    "SRTP_AES128_CM_SHA1_32",
-    SRTP_AES128_CM_SHA1_32,
-    },
-#if 0
-    {
-    "SRTP_NULL_SHA1_80",
-    SRTP_NULL_SHA1_80,
-    },
-    {
-    "SRTP_NULL_SHA1_32",
-    SRTP_NULL_SHA1_32,
-    },
-#endif
-    {0}
-    };
-
-static int find_profile_by_name(char *profile_name,
-				SRTP_PROTECTION_PROFILE **pptr,unsigned len)
-	{
-	SRTP_PROTECTION_PROFILE *p;
-
-	p=srtp_known_profiles;
-	while(p->name)
-		{
-		if((len == strlen(p->name)) && !strncmp(p->name,profile_name,
-							len))
-			{
-			*pptr=p;
-			return 0;
-			}
-
-		p++;
-		}
-
-	return 1;
-	}
-
-static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out)
-	{
-	STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
-
-	char *col;
-	char *ptr=(char *)profiles_string;
-    
-	SRTP_PROTECTION_PROFILE *p;
-
-	if(!(profiles=sk_SRTP_PROTECTION_PROFILE_new_null()))
-		{
-		SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
-		return 1;
-		}
-    
-	do
-		{
-		col=strchr(ptr,':');
-
-		if(!find_profile_by_name(ptr,&p,
-					 col ? col-ptr : (int)strlen(ptr)))
-			{
-			if (sk_SRTP_PROTECTION_PROFILE_find(profiles,p) >= 0)
-				{
-				SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-				sk_SRTP_PROTECTION_PROFILE_free(profiles);
-				return 1;
-				}
-
-			sk_SRTP_PROTECTION_PROFILE_push(profiles,p);
-			}
-		else
-			{
-			SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
-			sk_SRTP_PROTECTION_PROFILE_free(profiles);
-			return 1;
-			}
-
-		if(col) ptr=col+1;
-		} while (col);
-
-	*out=profiles;
-    
-	return 0;
-	}
-    
-int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx,const char *profiles)
-	{
-	return ssl_ctx_make_profiles(profiles,&ctx->srtp_profiles);
-	}
-
-int SSL_set_tlsext_use_srtp(SSL *s,const char *profiles)
-	{
-	return ssl_ctx_make_profiles(profiles,&s->srtp_profiles);
-	}
-
-
-STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
-	{
-	if(s != NULL)
-		{
-		if(s->srtp_profiles != NULL)
-			{
-			return s->srtp_profiles;
-			}
-		else if((s->ctx != NULL) &&
-			(s->ctx->srtp_profiles != NULL))
-			{
-			return s->ctx->srtp_profiles;
-			}
-		}
-
-	return NULL;
-	}
-
-SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
-	{
-	return s->srtp_profile;
-	}
-
-/* Note: this function returns 0 length if there are no 
-   profiles specified */
-int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
-	{
-	int ct=0;
-	int i;
-	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0;
-	SRTP_PROTECTION_PROFILE *prof;
-    
-	clnt=SSL_get_srtp_profiles(s);    
-	ct=sk_SRTP_PROTECTION_PROFILE_num(clnt); /* -1 if clnt == 0 */
-
-	if(p)
-		{
-		if(ct==0)
-			{
-			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
-			return 1;
-			}
-
-		if((2 + ct*2 + 1) > maxlen)
-			{
-			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
-			return 1;
-			}
-
-                /* Add the length */
-                s2n(ct * 2, p);
-		for(i=0;i<ct;i++)
-			{
-			prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
-			s2n(prof->id,p);
-			}
-
-                /* Add an empty use_mki value */
-                *p++ = 0;
-		}
-
-	*len=2 + ct*2 + 1;
-    
-	return 0;
-	}
-
-
-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al)
-	{
-	SRTP_PROTECTION_PROFILE *sprof;
-	STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
-        int ct;
-        int mki_len;
-	int i, srtp_pref;
-	unsigned int id;
-
-         /* Length value + the MKI length */
-        if(len < 3)
-		{            
-		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-		*al=SSL_AD_DECODE_ERROR;
-		return 1;
-                }
-
-        /* Pull off the length of the cipher suite list */
-        n2s(d, ct);
-        len -= 2;
-        
-        /* Check that it is even */
-	if(ct%2)
-		{
-		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-		*al=SSL_AD_DECODE_ERROR;
-		return 1;
-		}
-        
-        /* Check that lengths are consistent */
-	if(len < (ct + 1)) 
-		{
-		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-		*al=SSL_AD_DECODE_ERROR;
-		return 1;
-		}
-
-	srvr=SSL_get_srtp_profiles(s);
-	s->srtp_profile = NULL;
-	/* Search all profiles for a match initially */
-	srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
-        
-	while(ct)
-		{
-		n2s(d,id);
-		ct-=2;
-                len-=2;
-
-		/*
-		 * Only look for match in profiles of higher preference than
-		 * current match.
-		 * If no profiles have been have been configured then this
-		 * does nothing.
-		 */
-		for (i = 0; i < srtp_pref; i++)
-			{
-			sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
-			if (sprof->id == id)
-				{
-				s->srtp_profile = sprof;
-				srtp_pref = i;
-				break;
-				}
-			}
-		}
-
-        /* Now extract the MKI value as a sanity check, but discard it for now */
-        mki_len = *d;
-        d++; len--;
-
-        if (mki_len != len)
-		{
-		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE);
-		*al=SSL_AD_DECODE_ERROR;
-		return 1;
-		}
-
-	return 0;
-	}
-
-int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen)
-	{
-	if(p)
-		{
-		if(maxlen < 5)
-			{
-			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG);
-			return 1;
-			}
-
-		if(s->srtp_profile==0)
-			{
-			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT,SSL_R_USE_SRTP_NOT_NEGOTIATED);
-			return 1;
-			}
-                s2n(2, p);
-		s2n(s->srtp_profile->id,p);
-                *p++ = 0;
-		}
-	*len=5;
-    
-	return 0;
-	}
-    
-
-int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al)
-	{
-	unsigned id;
-	int i;
-        int ct;
-
-	STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
-	SRTP_PROTECTION_PROFILE *prof;
-
-	if(len!=5)
-		{
-		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-		*al=SSL_AD_DECODE_ERROR;
-		return 1;
-		}
-
-        n2s(d, ct);
-	if(ct!=2)
-		{
-		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-		*al=SSL_AD_DECODE_ERROR;
-		return 1;
-		}
-
-	n2s(d,id);
-        if (*d)  /* Must be no MKI, since we never offer one */
-		{
-		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_MKI_VALUE);
-		*al=SSL_AD_ILLEGAL_PARAMETER;
-		return 1;
-		}
-
-	clnt=SSL_get_srtp_profiles(s);
-
-	/* Throw an error if the server gave us an unsolicited extension */
-	if (clnt == NULL)
-		{
-		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_NO_SRTP_PROFILES);
-		*al=SSL_AD_DECODE_ERROR;
-		return 1;
-		}
-    
-	/* Check to see if the server gave us something we support
-	   (and presumably offered)
-	*/
-	for(i=0;i<sk_SRTP_PROTECTION_PROFILE_num(clnt);i++)
-		{
-		prof=sk_SRTP_PROTECTION_PROFILE_value(clnt,i);
-	    
-		if(prof->id == id)
-			{
-			s->srtp_profile=prof;
-			*al=0;
-			return 0;
-			}
-		}
-
-	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-	*al=SSL_AD_DECODE_ERROR;
-	return 1;
-	}
-
-
-#endif
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
deleted file mode 100644
index a775135078..0000000000
--- a/ssl/d1_srvr.c
+++ /dev/null
@@ -1,1746 +0,0 @@
-/* ssl/d1_srvr.c */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/md5.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-static const SSL_METHOD *dtls1_get_server_method(int ver);
-static int dtls1_send_hello_verify_request(SSL *s);
-
-static const SSL_METHOD *dtls1_get_server_method(int ver)
-	{
-	if (ver == DTLS1_VERSION)
-		return(DTLSv1_server_method());
-	else
-		return(NULL);
-	}
-
-IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
-			dtls1_accept,
-			ssl_undefined_function,
-			dtls1_get_server_method)
-
-int dtls1_accept(SSL *s)
-	{
-	BUF_MEM *buf;
-	unsigned long Time=(unsigned long)time(NULL);
-	void (*cb)(const SSL *ssl,int type,int val)=NULL;
-	unsigned long alg_k;
-	int ret= -1;
-	int new_state,state,skip=0;
-	int listen;
-#ifndef OPENSSL_NO_SCTP
-	unsigned char sctpauthkey[64];
-	char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
-#endif
-
-	RAND_add(&Time,sizeof(Time),0);
-	ERR_clear_error();
-	clear_sys_error();
-
-	if (s->info_callback != NULL)
-		cb=s->info_callback;
-	else if (s->ctx->info_callback != NULL)
-		cb=s->ctx->info_callback;
-	
-	listen = s->d1->listen;
-
-	/* init things to blank */
-	s->in_handshake++;
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
-	s->d1->listen = listen;
-#ifndef OPENSSL_NO_SCTP
-	/* Notify SCTP BIO socket to enter handshake
-	 * mode and prevent stream identifier other
-	 * than 0. Will be ignored if no SCTP is used.
-	 */
-	BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
-#endif
-
-	if (s->cert == NULL)
-		{
-		SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
-		return(-1);
-		}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-	/* If we're awaiting a HeartbeatResponse, pretend we
-	 * already got and don't await it anymore, because
-	 * Heartbeats don't make sense during handshakes anyway.
-	 */
-	if (s->tlsext_hb_pending)
-		{
-		dtls1_stop_timer(s);
-		s->tlsext_hb_pending = 0;
-		s->tlsext_hb_seq++;
-		}
-#endif
-
-	for (;;)
-		{
-		state=s->state;
-
-		switch (s->state)
-			{
-		case SSL_ST_RENEGOTIATE:
-			s->renegotiate=1;
-			/* s->state=SSL_ST_ACCEPT; */
-
-		case SSL_ST_BEFORE:
-		case SSL_ST_ACCEPT:
-		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
-		case SSL_ST_OK|SSL_ST_ACCEPT:
-
-			s->server=1;
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-			if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
-				{
-				SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
-				return -1;
-				}
-			s->type=SSL_ST_ACCEPT;
-
-			if (s->init_buf == NULL)
-				{
-				if ((buf=BUF_MEM_new()) == NULL)
-					{
-					ret= -1;
-					goto end;
-					}
-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
-					{
-					BUF_MEM_free(buf);
-					ret= -1;
-					goto end;
-					}
-				s->init_buf=buf;
-				}
-
-			if (!ssl3_setup_buffers(s))
-				{
-				ret= -1;
-				goto end;
-				}
-
-			s->init_num=0;
-			s->d1->change_cipher_spec_ok = 0;
-			/* Should have been reset by ssl3_get_finished, too. */
-			s->s3->change_cipher_spec = 0;
-
-			if (s->state != SSL_ST_RENEGOTIATE)
-				{
-				/* Ok, we now need to push on a buffering BIO so that
-				 * the output is sent in a way that TCP likes :-)
-				 * ...but not with SCTP :-)
-				 */
-#ifndef OPENSSL_NO_SCTP
-				if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
-#endif
-					if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
-
-				ssl3_init_finished_mac(s);
-				s->state=SSL3_ST_SR_CLNT_HELLO_A;
-				s->ctx->stats.sess_accept++;
-				}
-			else
-				{
-				/* s->state == SSL_ST_RENEGOTIATE,
-				 * we will just send a HelloRequest */
-				s->ctx->stats.sess_accept_renegotiate++;
-				s->state=SSL3_ST_SW_HELLO_REQ_A;
-				}
-
-			break;
-
-		case SSL3_ST_SW_HELLO_REQ_A:
-		case SSL3_ST_SW_HELLO_REQ_B:
-
-			s->shutdown=0;
-			dtls1_clear_record_buffer(s);
-			dtls1_start_timer(s);
-			ret=dtls1_send_hello_request(s);
-			if (ret <= 0) goto end;
-			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
-			s->state=SSL3_ST_SW_FLUSH;
-			s->init_num=0;
-
-			ssl3_init_finished_mac(s);
-			break;
-
-		case SSL3_ST_SW_HELLO_REQ_C:
-			s->state=SSL_ST_OK;
-			break;
-
-		case SSL3_ST_SR_CLNT_HELLO_A:
-		case SSL3_ST_SR_CLNT_HELLO_B:
-		case SSL3_ST_SR_CLNT_HELLO_C:
-
-			s->shutdown=0;
-			ret=ssl3_get_client_hello(s);
-			if (ret <= 0) goto end;
-			dtls1_stop_timer(s);
-
-			if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
-				s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
-			else
-				s->state = SSL3_ST_SW_SRVR_HELLO_A;
-
-			s->init_num=0;
-
-			/* Reflect ClientHello sequence to remain stateless while listening */
-			if (listen)
-				{
-				memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
-				}
-
-			/* If we're just listening, stop here */
-			if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
-				{
-				ret = 2;
-				s->d1->listen = 0;
-				/* Set expected sequence numbers
-				 * to continue the handshake.
-				 */
-				s->d1->handshake_read_seq = 2;
-				s->d1->handshake_write_seq = 1;
-				s->d1->next_handshake_write_seq = 1;
-				goto end;
-				}
-			
-			break;
-			
-		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
-		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-
-			ret = dtls1_send_hello_verify_request(s);
-			if ( ret <= 0) goto end;
-			s->state=SSL3_ST_SW_FLUSH;
-			s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
-
-			/* HelloVerifyRequest resets Finished MAC */
-			if (s->version != DTLS1_BAD_VER)
-				ssl3_init_finished_mac(s);
-			break;
-			
-#ifndef OPENSSL_NO_SCTP
-		case DTLS1_SCTP_ST_SR_READ_SOCK:
-			
-			if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))		
-				{
-				s->s3->in_read_app_data=2;
-				s->rwstate=SSL_READING;
-				BIO_clear_retry_flags(SSL_get_rbio(s));
-				BIO_set_retry_read(SSL_get_rbio(s));
-				ret = -1;
-				goto end;
-				}
-			
-			s->state=SSL3_ST_SR_FINISHED_A;
-			break;
-			
-		case DTLS1_SCTP_ST_SW_WRITE_SOCK:
-			ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
-			if (ret < 0) goto end;
-			
-			if (ret == 0)
-				{
-				if (s->d1->next_state != SSL_ST_OK)
-					{
-					s->s3->in_read_app_data=2;
-					s->rwstate=SSL_READING;
-					BIO_clear_retry_flags(SSL_get_rbio(s));
-					BIO_set_retry_read(SSL_get_rbio(s));
-					ret = -1;
-					goto end;
-					}
-				}
-
-			s->state=s->d1->next_state;
-			break;
-#endif
-
-		case SSL3_ST_SW_SRVR_HELLO_A:
-		case SSL3_ST_SW_SRVR_HELLO_B:
-			s->renegotiate = 2;
-			dtls1_start_timer(s);
-			ret=dtls1_send_server_hello(s);
-			if (ret <= 0) goto end;
-
-			if (s->hit)
-				{
-#ifndef OPENSSL_NO_SCTP
-				/* Add new shared key for SCTP-Auth,
-				 * will be ignored if no SCTP used.
-				 */
-				snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
-				         DTLS1_SCTP_AUTH_LABEL);
-
-				SSL_export_keying_material(s, sctpauthkey,
-				                           sizeof(sctpauthkey), labelbuffer,
-				                           sizeof(labelbuffer), NULL, 0, 0);
-				
-				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-                         sizeof(sctpauthkey), sctpauthkey);
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-				if (s->tlsext_ticket_expected)
-					s->state=SSL3_ST_SW_SESSION_TICKET_A;
-				else
-					s->state=SSL3_ST_SW_CHANGE_A;
-#else
-				s->state=SSL3_ST_SW_CHANGE_A;
-#endif
-				}
-			else
-				s->state=SSL3_ST_SW_CERT_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_SW_CERT_A:
-		case SSL3_ST_SW_CERT_B:
-			/* Check if it is anon DH or normal PSK */
-			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
-				&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
-				{
-				dtls1_start_timer(s);
-				ret=dtls1_send_server_certificate(s);
-				if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
-				if (s->tlsext_status_expected)
-					s->state=SSL3_ST_SW_CERT_STATUS_A;
-				else
-					s->state=SSL3_ST_SW_KEY_EXCH_A;
-				}
-			else
-				{
-				skip = 1;
-				s->state=SSL3_ST_SW_KEY_EXCH_A;
-				}
-#else
-				}
-			else
-				skip=1;
-
-			s->state=SSL3_ST_SW_KEY_EXCH_A;
-#endif
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_SW_KEY_EXCH_A:
-		case SSL3_ST_SW_KEY_EXCH_B:
-			alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-			/*
-			 * clear this, it may get reset by
-			 * send_server_key_exchange
-			 */
-			s->s3->tmp.use_rsa_tmp=0;
-
-			/* only send if a DH key exchange or
-			 * RSA but we have a sign only certificate */
-			if (0
-			/* PSK: send ServerKeyExchange if PSK identity
-			 * hint if provided */
-#ifndef OPENSSL_NO_PSK
-			    || ((alg_k & SSL_kPSK) && s->session->psk_identity_hint)
-#endif
-			    || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-			    || (alg_k & SSL_kEECDH)
-			    || ((alg_k & SSL_kRSA)
-				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
-				    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
-					&& EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
-					)
-				    )
-				)
-			    )
-				{
-				dtls1_start_timer(s);
-				ret=dtls1_send_server_key_exchange(s);
-				if (ret <= 0) goto end;
-				}
-			else
-				skip=1;
-
-			s->state=SSL3_ST_SW_CERT_REQ_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_SW_CERT_REQ_A:
-		case SSL3_ST_SW_CERT_REQ_B:
-			if (/* don't request cert unless asked for it: */
-				!(s->verify_mode & SSL_VERIFY_PEER) ||
-				/* if SSL_VERIFY_CLIENT_ONCE is set,
-				 * don't request cert during re-negotiation: */
-				((s->session->peer != NULL) &&
-				 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-				/* never request cert in anonymous ciphersuites
-				 * (see section "Certificate request" in SSL 3 drafts
-				 * and in RFC 2246): */
-				((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
-				 /* ... except when the application insists on verification
-				  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
-				 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
-				 /* never request cert in Kerberos ciphersuites */
-				(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
-				/* With normal PSK Certificates and
-				 * Certificate Requests are omitted */
-				|| (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
-				{
-				/* no cert request */
-				skip=1;
-				s->s3->tmp.cert_request=0;
-				s->state=SSL3_ST_SW_SRVR_DONE_A;
-#ifndef OPENSSL_NO_SCTP
-				if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
-					{
-					s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
-					s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-					}
-#endif
-				}
-			else
-				{
-				s->s3->tmp.cert_request=1;
-				dtls1_start_timer(s);
-				ret=dtls1_send_certificate_request(s);
-				if (ret <= 0) goto end;
-#ifndef NETSCAPE_HANG_BUG
-				s->state=SSL3_ST_SW_SRVR_DONE_A;
-#ifndef OPENSSL_NO_SCTP
-				if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
-					{
-					s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
-					s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
-					}
-#endif
-#else
-				s->state=SSL3_ST_SW_FLUSH;
-				s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
-#ifndef OPENSSL_NO_SCTP
-				if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
-					{
-					s->d1->next_state = s->s3->tmp.next_state;
-					s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
-					}
-#endif
-#endif
-				s->init_num=0;
-				}
-			break;
-
-		case SSL3_ST_SW_SRVR_DONE_A:
-		case SSL3_ST_SW_SRVR_DONE_B:
-			dtls1_start_timer(s);
-			ret=dtls1_send_server_done(s);
-			if (ret <= 0) goto end;
-			s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
-			s->state=SSL3_ST_SW_FLUSH;
-			s->init_num=0;
-			break;
-		
-		case SSL3_ST_SW_FLUSH:
-			s->rwstate=SSL_WRITING;
-			if (BIO_flush(s->wbio) <= 0)
-				{
-				/* If the write error was fatal, stop trying */
-				if (!BIO_should_retry(s->wbio))
-					{
-					s->rwstate=SSL_NOTHING;
-					s->state=s->s3->tmp.next_state;
-					}
-				
-				ret= -1;
-				goto end;
-				}
-			s->rwstate=SSL_NOTHING;
-			s->state=s->s3->tmp.next_state;
-			break;
-
-		case SSL3_ST_SR_CERT_A:
-		case SSL3_ST_SR_CERT_B:
-			/* Check for second client hello (MS SGC) */
-			ret = ssl3_check_client_hello(s);
-			if (ret <= 0)
-				goto end;
-			if (ret == 2)
-				{
-				dtls1_stop_timer(s);
-				s->state = SSL3_ST_SR_CLNT_HELLO_C;
-				}
-			else {
-				if (s->s3->tmp.cert_request)
-					{
-					ret=ssl3_get_client_certificate(s);
-					if (ret <= 0) goto end;
-					}
-				s->init_num=0;
-				s->state=SSL3_ST_SR_KEY_EXCH_A;
-			}
-			break;
-
-		case SSL3_ST_SR_KEY_EXCH_A:
-		case SSL3_ST_SR_KEY_EXCH_B:
-			ret=ssl3_get_client_key_exchange(s);
-			if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_SCTP
-			/* Add new shared key for SCTP-Auth,
-			 * will be ignored if no SCTP used.
-			 */
-			snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
-			         DTLS1_SCTP_AUTH_LABEL);
-
-			SSL_export_keying_material(s, sctpauthkey,
-			                           sizeof(sctpauthkey), labelbuffer,
-			                           sizeof(labelbuffer), NULL, 0, 0);
-
-			BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
-			         sizeof(sctpauthkey), sctpauthkey);
-#endif
-
-			s->state=SSL3_ST_SR_CERT_VRFY_A;
-			s->init_num=0;
-
-			if (ret == 2)
-				{
-				/* For the ECDH ciphersuites when
-				 * the client sends its ECDH pub key in
-				 * a certificate, the CertificateVerify
-				 * message is not sent.
-				 */
-				s->state=SSL3_ST_SR_FINISHED_A;
-				s->init_num = 0;
-				}
-			else
-				{
-				s->state=SSL3_ST_SR_CERT_VRFY_A;
-				s->init_num=0;
-
-				/* We need to get hashes here so if there is
-				 * a client cert, it can be verified */ 
-				s->method->ssl3_enc->cert_verify_mac(s,
-					NID_md5,
-					&(s->s3->tmp.cert_verify_md[0]));
-				s->method->ssl3_enc->cert_verify_mac(s,
-					NID_sha1,
-					&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
-				}
-			break;
-
-		case SSL3_ST_SR_CERT_VRFY_A:
-		case SSL3_ST_SR_CERT_VRFY_B:
-			/*
-			 * This *should* be the first time we enable CCS, but be
-			 * extra careful about surrounding code changes. We need
-			 * to set this here because we don't know if we're
-			 * expecting a CertificateVerify or not.
-			 */
-			if (!s->s3->change_cipher_spec)
-				s->d1->change_cipher_spec_ok = 1;
-			/* we should decide if we expected this one */
-			ret=ssl3_get_cert_verify(s);
-			if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_SCTP
-			if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
-			    state == SSL_ST_RENEGOTIATE)
-				s->state=DTLS1_SCTP_ST_SR_READ_SOCK;
-			else
-#endif			
-				s->state=SSL3_ST_SR_FINISHED_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_SR_FINISHED_A:
-		case SSL3_ST_SR_FINISHED_B:
-			/*
-			 * Enable CCS for resumed handshakes.
-			 * In a full handshake, we end up here through
-			 * SSL3_ST_SR_CERT_VRFY_B, so change_cipher_spec_ok was
-			 * already set. Receiving a CCS clears the flag, so make
-			 * sure not to re-enable it to ban duplicates.
-			 * s->s3->change_cipher_spec is set when a CCS is
-			 * processed in d1_pkt.c, and remains set until
-			 * the client's Finished message is read.
-			 */
-			if (!s->s3->change_cipher_spec)
-				s->d1->change_cipher_spec_ok = 1;
-			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
-				SSL3_ST_SR_FINISHED_B);
-			if (ret <= 0) goto end;
-			dtls1_stop_timer(s);
-			if (s->hit)
-				s->state=SSL_ST_OK;
-#ifndef OPENSSL_NO_TLSEXT
-			else if (s->tlsext_ticket_expected)
-				s->state=SSL3_ST_SW_SESSION_TICKET_A;
-#endif
-			else
-				s->state=SSL3_ST_SW_CHANGE_A;
-			s->init_num=0;
-			break;
-
-#ifndef OPENSSL_NO_TLSEXT
-		case SSL3_ST_SW_SESSION_TICKET_A:
-		case SSL3_ST_SW_SESSION_TICKET_B:
-			ret=dtls1_send_newsession_ticket(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_SW_CHANGE_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_SW_CERT_STATUS_A:
-		case SSL3_ST_SW_CERT_STATUS_B:
-			ret=ssl3_send_cert_status(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_SW_KEY_EXCH_A;
-			s->init_num=0;
-			break;
-
-#endif
-
-		case SSL3_ST_SW_CHANGE_A:
-		case SSL3_ST_SW_CHANGE_B:
-
-			s->session->cipher=s->s3->tmp.new_cipher;
-			if (!s->method->ssl3_enc->setup_key_block(s))
-				{ ret= -1; goto end; }
-
-			ret=dtls1_send_change_cipher_spec(s,
-				SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
-
-			if (ret <= 0) goto end;
-
-#ifndef OPENSSL_NO_SCTP
-			if (!s->hit)
-				{
-				/* Change to new shared key of SCTP-Auth,
-				 * will be ignored if no SCTP used.
-				 */
-				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-				}
-#endif
-
-			s->state=SSL3_ST_SW_FINISHED_A;
-			s->init_num=0;
-
-			if (!s->method->ssl3_enc->change_cipher_state(s,
-				SSL3_CHANGE_CIPHER_SERVER_WRITE))
-				{
-				ret= -1;
-				goto end;
-				}
-
-			dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
-			break;
-
-		case SSL3_ST_SW_FINISHED_A:
-		case SSL3_ST_SW_FINISHED_B:
-			ret=dtls1_send_finished(s,
-				SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
-				s->method->ssl3_enc->server_finished_label,
-				s->method->ssl3_enc->server_finished_label_len);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_SW_FLUSH;
-			if (s->hit)
-				{
-				s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
-
-#ifndef OPENSSL_NO_SCTP
-				/* Change to new shared key of SCTP-Auth,
-				 * will be ignored if no SCTP used.
-				 */
-				BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-#endif
-				}
-			else
-				{
-				s->s3->tmp.next_state=SSL_ST_OK;
-#ifndef OPENSSL_NO_SCTP
-				if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
-					{
-					s->d1->next_state = s->s3->tmp.next_state;
-					s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
-					}
-#endif
-				}
-			s->init_num=0;
-			break;
-
-		case SSL_ST_OK:
-			/* clean a few things up */
-			ssl3_cleanup_key_block(s);
-
-#if 0
-			BUF_MEM_free(s->init_buf);
-			s->init_buf=NULL;
-#endif
-
-			/* remove buffering on output */
-			ssl_free_wbio_buffer(s);
-
-			s->init_num=0;
-
-			if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
-				{
-				s->renegotiate=0;
-				s->new_session=0;
-				
-				ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-				
-				s->ctx->stats.sess_accept_good++;
-				/* s->server=1; */
-				s->handshake_func=dtls1_accept;
-
-				if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-				}
-			
-			ret = 1;
-
-			/* done handshaking, next message is client hello */
-			s->d1->handshake_read_seq = 0;
-			/* next message is server hello */
-			s->d1->handshake_write_seq = 0;
-			s->d1->next_handshake_write_seq = 0;
-			goto end;
-			/* break; */
-
-		default:
-			SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
-			ret= -1;
-			goto end;
-			/* break; */
-			}
-		
-		if (!s->s3->tmp.reuse_message && !skip)
-			{
-			if (s->debug)
-				{
-				if ((ret=BIO_flush(s->wbio)) <= 0)
-					goto end;
-				}
-
-
-			if ((cb != NULL) && (s->state != state))
-				{
-				new_state=s->state;
-				s->state=state;
-				cb(s,SSL_CB_ACCEPT_LOOP,1);
-				s->state=new_state;
-				}
-			}
-		skip=0;
-		}
-end:
-	/* BIO_flush(s->wbio); */
-
-	s->in_handshake--;
-#ifndef OPENSSL_NO_SCTP
-		/* Notify SCTP BIO socket to leave handshake
-		 * mode and prevent stream identifier other
-		 * than 0. Will be ignored if no SCTP is used.
-		 */
-		BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
-#endif
-
-	if (cb != NULL)
-		cb(s,SSL_CB_ACCEPT_EXIT,ret);
-	return(ret);
-	}
-
-int dtls1_send_hello_request(SSL *s)
-	{
-	unsigned char *p;
-
-	if (s->state == SSL3_ST_SW_HELLO_REQ_A)
-		{
-		p=(unsigned char *)s->init_buf->data;
-		p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
-
-		s->state=SSL3_ST_SW_HELLO_REQ_B;
-		/* number of bytes to write */
-		s->init_num=DTLS1_HM_HEADER_LENGTH;
-		s->init_off=0;
-
-		/* no need to buffer this message, since there are no retransmit 
-		 * requests for it */
-		}
-
-	/* SSL3_ST_SW_HELLO_REQ_B */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-int dtls1_send_hello_verify_request(SSL *s)
-	{
-	unsigned int msg_len;
-	unsigned char *msg, *buf, *p;
-
-	if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A)
-		{
-		buf = (unsigned char *)s->init_buf->data;
-
-		msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
-		*(p++) = s->version >> 8;
-		*(p++) = s->version & 0xFF;
-
-		if (s->ctx->app_gen_cookie_cb == NULL ||
-		     s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
-			 &(s->d1->cookie_len)) == 0)
-			{
-			SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
-			return 0;
-			}
-
-		*(p++) = (unsigned char) s->d1->cookie_len;
-		memcpy(p, s->d1->cookie, s->d1->cookie_len);
-		p += s->d1->cookie_len;
-		msg_len = p - msg;
-
-		dtls1_set_message_header(s, buf,
-			DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
-
-		s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
-		/* number of bytes to write */
-		s->init_num=p-buf;
-		s->init_off=0;
-		}
-
-	/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-int dtls1_send_server_hello(SSL *s)
-	{
-	unsigned char *buf;
-	unsigned char *p,*d;
-	int i;
-	unsigned int sl;
-	unsigned long l;
-
-	if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
-		{
-		buf=(unsigned char *)s->init_buf->data;
-		p=s->s3->server_random;
-		ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
-		/* Do the message type and length last */
-		d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
-
-		*(p++)=s->version>>8;
-		*(p++)=s->version&0xff;
-
-		/* Random stuff */
-		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
-		p+=SSL3_RANDOM_SIZE;
-
-		/* now in theory we have 3 options to sending back the
-		 * session id.  If it is a re-use, we send back the
-		 * old session-id, if it is a new session, we send
-		 * back the new session-id or we send back a 0 length
-		 * session-id if we want it to be single use.
-		 * Currently I will not implement the '0' length session-id
-		 * 12-Jan-98 - I'll now support the '0' length stuff.
-		 */
-		if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
-			s->session->session_id_length=0;
-
-		sl=s->session->session_id_length;
-		if (sl > sizeof s->session->session_id)
-			{
-			SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-			return -1;
-			}
-		*(p++)=sl;
-		memcpy(p,s->session->session_id,sl);
-		p+=sl;
-
-		/* put the cipher */
-		if (s->s3->tmp.new_cipher == NULL)
-			return -1;
-		i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
-		p+=i;
-
-		/* put the compression method */
-#ifdef OPENSSL_NO_COMP
-		*(p++)=0;
-#else
-		if (s->s3->tmp.new_compression == NULL)
-			*(p++)=0;
-		else
-			*(p++)=s->s3->tmp.new_compression->id;
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-		if (ssl_prepare_serverhello_tlsext(s) <= 0)
-			{
-			SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
-			return -1;
-			}
-		if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
-			{
-			SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
-			return -1;
-			}
-#endif
-
-		/* do the header */
-		l=(p-d);
-		d=buf;
-
-		d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
-
-		s->state=SSL3_ST_SW_SRVR_HELLO_B;
-		/* number of bytes to write */
-		s->init_num=p-buf;
-		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-		}
-
-	/* SSL3_ST_SW_SRVR_HELLO_B */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-int dtls1_send_server_done(SSL *s)
-	{
-	unsigned char *p;
-
-	if (s->state == SSL3_ST_SW_SRVR_DONE_A)
-		{
-		p=(unsigned char *)s->init_buf->data;
-
-		/* do the header */
-		p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
-
-		s->state=SSL3_ST_SW_SRVR_DONE_B;
-		/* number of bytes to write */
-		s->init_num=DTLS1_HM_HEADER_LENGTH;
-		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-		}
-
-	/* SSL3_ST_SW_SRVR_DONE_B */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-int dtls1_send_server_key_exchange(SSL *s)
-	{
-#ifndef OPENSSL_NO_RSA
-	unsigned char *q;
-	int j,num;
-	RSA *rsa;
-	unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
-	unsigned int u;
-#endif
-#ifndef OPENSSL_NO_DH
-	DH *dh=NULL,*dhp;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	EC_KEY *ecdh=NULL, *ecdhp;
-	unsigned char *encodedPoint = NULL;
-	int encodedlen = 0;
-	int curve_id = 0;
-	BN_CTX *bn_ctx = NULL; 
-#endif
-	EVP_PKEY *pkey;
-	unsigned char *p,*d;
-	int al,i;
-	unsigned long type;
-	int n;
-	CERT *cert;
-	BIGNUM *r[4];
-	int nr[4],kn;
-	BUF_MEM *buf;
-	EVP_MD_CTX md_ctx;
-
-	EVP_MD_CTX_init(&md_ctx);
-	if (s->state == SSL3_ST_SW_KEY_EXCH_A)
-		{
-		type=s->s3->tmp.new_cipher->algorithm_mkey;
-		cert=s->cert;
-
-		buf=s->init_buf;
-
-		r[0]=r[1]=r[2]=r[3]=NULL;
-		n=0;
-#ifndef OPENSSL_NO_RSA
-		if (type & SSL_kRSA)
-			{
-			rsa=cert->rsa_tmp;
-			if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
-				{
-				rsa=s->cert->rsa_tmp_cb(s,
-				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
-				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
-				if(rsa == NULL)
-				{
-					al=SSL_AD_HANDSHAKE_FAILURE;
-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
-					goto f_err;
-				}
-				RSA_up_ref(rsa);
-				cert->rsa_tmp=rsa;
-				}
-			if (rsa == NULL)
-				{
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
-				goto f_err;
-				}
-			r[0]=rsa->n;
-			r[1]=rsa->e;
-			s->s3->tmp.use_rsa_tmp=1;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_DH
-			if (type & SSL_kEDH)
-			{
-			dhp=cert->dh_tmp;
-			if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
-				dhp=s->cert->dh_tmp_cb(s,
-				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
-				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
-			if (dhp == NULL)
-				{
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
-				goto f_err;
-				}
-
-			if (s->s3->tmp.dh != NULL)
-				{
-				DH_free(dh);
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-
-			if ((dh=DHparams_dup(dhp)) == NULL)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
-				goto err;
-				}
-
-			s->s3->tmp.dh=dh;
-			if ((dhp->pub_key == NULL ||
-			     dhp->priv_key == NULL ||
-			     (s->options & SSL_OP_SINGLE_DH_USE)))
-				{
-				if(!DH_generate_key(dh))
-				    {
-				    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
-					   ERR_R_DH_LIB);
-				    goto err;
-				    }
-				}
-			else
-				{
-				dh->pub_key=BN_dup(dhp->pub_key);
-				dh->priv_key=BN_dup(dhp->priv_key);
-				if ((dh->pub_key == NULL) ||
-					(dh->priv_key == NULL))
-					{
-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
-					goto err;
-					}
-				}
-			r[0]=dh->p;
-			r[1]=dh->g;
-			r[2]=dh->pub_key;
-			}
-		else 
-#endif
-#ifndef OPENSSL_NO_ECDH
-			if (type & SSL_kEECDH)
-			{
-			const EC_GROUP *group;
-
-			ecdhp=cert->ecdh_tmp;
-			if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
-				{
-				ecdhp=s->cert->ecdh_tmp_cb(s,
-				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
-				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
-				}
-			if (ecdhp == NULL)
-				{
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
-				goto f_err;
-				}
-
-			if (s->s3->tmp.ecdh != NULL)
-				{
-				EC_KEY_free(s->s3->tmp.ecdh); 
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-
-			/* Duplicate the ECDH structure. */
-			if (ecdhp == NULL)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
-				goto err;
-				}
-			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
-				goto err;
-				}
-
-			s->s3->tmp.ecdh=ecdh;
-			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
-			    (EC_KEY_get0_private_key(ecdh) == NULL) ||
-			    (s->options & SSL_OP_SINGLE_ECDH_USE))
-				{
-				if(!EC_KEY_generate_key(ecdh))
-				    {
-				    SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
-				    goto err;
-				    }
-				}
-
-			if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
-			    (EC_KEY_get0_public_key(ecdh)  == NULL) ||
-			    (EC_KEY_get0_private_key(ecdh) == NULL))
-				{
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
-				goto err;
-				}
-
-			if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-			    (EC_GROUP_get_degree(group) > 163)) 
-				{
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
-				goto err;
-				}
-
-			/* XXX: For now, we only support ephemeral ECDH
-			 * keys over named (not generic) curves. For 
-			 * supported named curves, curve_id is non-zero.
-			 */
-			if ((curve_id = 
-			    tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
-			    == 0)
-				{
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
-				goto err;
-				}
-
-			/* Encode the public key.
-			 * First check the size of encoding and
-			 * allocate memory accordingly.
-			 */
-			encodedlen = EC_POINT_point2oct(group, 
-			    EC_KEY_get0_public_key(ecdh),
-			    POINT_CONVERSION_UNCOMPRESSED, 
-			    NULL, 0, NULL);
-
-			encodedPoint = (unsigned char *) 
-			    OPENSSL_malloc(encodedlen*sizeof(unsigned char)); 
-			bn_ctx = BN_CTX_new();
-			if ((encodedPoint == NULL) || (bn_ctx == NULL))
-				{
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-
-
-			encodedlen = EC_POINT_point2oct(group, 
-			    EC_KEY_get0_public_key(ecdh), 
-			    POINT_CONVERSION_UNCOMPRESSED, 
-			    encodedPoint, encodedlen, bn_ctx);
-
-			if (encodedlen == 0) 
-				{
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
-				goto err;
-				}
-
-			BN_CTX_free(bn_ctx);  bn_ctx=NULL;
-
-			/* XXX: For now, we only support named (not 
-			 * generic) curves in ECDH ephemeral key exchanges.
-			 * In this situation, we need four additional bytes
-			 * to encode the entire ServerECDHParams
-			 * structure. 
-			 */
-			n = 4 + encodedlen;
-
-			/* We'll generate the serverKeyExchange message
-			 * explicitly so we can set these to NULLs
-			 */
-			r[0]=NULL;
-			r[1]=NULL;
-			r[2]=NULL;
-			r[3]=NULL;
-			}
-		else 
-#endif /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_PSK
-			if (type & SSL_kPSK)
-				{
-				/* reserve size for record length and PSK identity hint*/
-				n+=2+strlen(s->session->psk_identity_hint);
-				}
-			else
-#endif /* !OPENSSL_NO_PSK */
-			{
-			al=SSL_AD_HANDSHAKE_FAILURE;
-			SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-			goto f_err;
-			}
-		for (i=0; r[i] != NULL; i++)
-			{
-			nr[i]=BN_num_bytes(r[i]);
-			n+=2+nr[i];
-			}
-
-		if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
-			&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
-			{
-			if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher, NULL))
-				== NULL)
-				{
-				al=SSL_AD_DECODE_ERROR;
-				goto f_err;
-				}
-			kn=EVP_PKEY_size(pkey);
-			}
-		else
-			{
-			pkey=NULL;
-			kn=0;
-			}
-
-		if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn))
-			{
-			SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
-			goto err;
-			}
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[DTLS1_HM_HEADER_LENGTH]);
-
-		for (i=0; r[i] != NULL; i++)
-			{
-			s2n(nr[i],p);
-			BN_bn2bin(r[i],p);
-			p+=nr[i];
-			}
-
-#ifndef OPENSSL_NO_ECDH
-		if (type & SSL_kEECDH) 
-			{
-			/* XXX: For now, we only support named (not generic) curves.
-			 * In this situation, the serverKeyExchange message has:
-			 * [1 byte CurveType], [2 byte CurveName]
-			 * [1 byte length of encoded point], followed by
-			 * the actual encoded point itself
-			 */
-			*p = NAMED_CURVE_TYPE;
-			p += 1;
-			*p = 0;
-			p += 1;
-			*p = curve_id;
-			p += 1;
-			*p = encodedlen;
-			p += 1;
-			memcpy((unsigned char*)p, 
-			    (unsigned char *)encodedPoint, 
-			    encodedlen);
-			OPENSSL_free(encodedPoint);
-			encodedPoint = NULL;
-			p += encodedlen;
-			}
-#endif
-
-#ifndef OPENSSL_NO_PSK
-		if (type & SSL_kPSK)
-			{
-			/* copy PSK identity hint */
-			s2n(strlen(s->session->psk_identity_hint), p);
-			strncpy((char *)p, s->session->psk_identity_hint, strlen(s->session->psk_identity_hint));
-			p+=strlen(s->session->psk_identity_hint);
-			}
-#endif
-
-		/* not anonymous */
-		if (pkey != NULL)
-			{
-			/* n is the length of the params, they start at
-			 * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
-			 * at the end. */
-#ifndef OPENSSL_NO_RSA
-			if (pkey->type == EVP_PKEY_RSA)
-				{
-				q=md_buf;
-				j=0;
-				for (num=2; num > 0; num--)
-					{
-					EVP_DigestInit_ex(&md_ctx,(num == 2)
-						?s->ctx->md5:s->ctx->sha1, NULL);
-					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-					EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
-					EVP_DigestFinal_ex(&md_ctx,q,
-						(unsigned int *)&i);
-					q+=i;
-					j+=i;
-					}
-				if (RSA_sign(NID_md5_sha1, md_buf, j,
-					&(p[2]), &u, pkey->pkey.rsa) <= 0)
-					{
-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
-					goto err;
-					}
-				s2n(u,p);
-				n+=u+2;
-				}
-			else
-#endif
-#if !defined(OPENSSL_NO_DSA)
-				if (pkey->type == EVP_PKEY_DSA)
-				{
-				/* lets do DSS */
-				EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
-				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-				EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
-				if (!EVP_SignFinal(&md_ctx,&(p[2]),
-					(unsigned int *)&i,pkey))
-					{
-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
-					goto err;
-					}
-				s2n(i,p);
-				n+=i+2;
-				}
-			else
-#endif
-#if !defined(OPENSSL_NO_ECDSA)
-				if (pkey->type == EVP_PKEY_EC)
-				{
-				/* let's do ECDSA */
-				EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
-				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-				EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
-				if (!EVP_SignFinal(&md_ctx,&(p[2]),
-					(unsigned int *)&i,pkey))
-					{
-					SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
-					goto err;
-					}
-				s2n(i,p);
-				n+=i+2;
-				}
-			else
-#endif
-				{
-				/* Is this error check actually needed? */
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
-				goto f_err;
-				}
-			}
-
-		d = dtls1_set_message_header(s, d,
-			SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
-
-		/* we should now have things packed up, so lets send
-		 * it off */
-		s->init_num=n+DTLS1_HM_HEADER_LENGTH;
-		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-		}
-
-	s->state = SSL3_ST_SW_KEY_EXCH_B;
-	EVP_MD_CTX_cleanup(&md_ctx);
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-#ifndef OPENSSL_NO_ECDH
-	if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
-	BN_CTX_free(bn_ctx);
-#endif
-	EVP_MD_CTX_cleanup(&md_ctx);
-	return(-1);
-	}
-
-int dtls1_send_certificate_request(SSL *s)
-	{
-	unsigned char *p,*d;
-	int i,j,nl,off,n;
-	STACK_OF(X509_NAME) *sk=NULL;
-	X509_NAME *name;
-	BUF_MEM *buf;
-	unsigned int msg_len;
-
-	if (s->state == SSL3_ST_SW_CERT_REQ_A)
-		{
-		buf=s->init_buf;
-
-		d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
-
-		/* get the list of acceptable cert types */
-		p++;
-		n=ssl3_get_req_cert_type(s,p);
-		d[0]=n;
-		p+=n;
-		n++;
-
-		off=n;
-		p+=2;
-		n+=2;
-
-		sk=SSL_get_client_CA_list(s);
-		nl=0;
-		if (sk != NULL)
-			{
-			for (i=0; i<sk_X509_NAME_num(sk); i++)
-				{
-				name=sk_X509_NAME_value(sk,i);
-				j=i2d_X509_NAME(name,NULL);
-				if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
-					{
-					SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
-					goto err;
-					}
-				p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]);
-				if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
-					{
-					s2n(j,p);
-					i2d_X509_NAME(name,&p);
-					n+=2+j;
-					nl+=2+j;
-					}
-				else
-					{
-					d=p;
-					i2d_X509_NAME(name,&p);
-					j-=2; s2n(j,d); j+=2;
-					n+=j;
-					nl+=j;
-					}
-				}
-			}
-		/* else no CA names */
-		p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]);
-		s2n(nl,p);
-
-		d=(unsigned char *)buf->data;
-		*(d++)=SSL3_MT_CERTIFICATE_REQUEST;
-		l2n3(n,d);
-		s2n(s->d1->handshake_write_seq,d);
-		s->d1->handshake_write_seq++;
-
-		/* we should now have things packed up, so lets send
-		 * it off */
-
-		s->init_num=n+DTLS1_HM_HEADER_LENGTH;
-		s->init_off=0;
-#ifdef NETSCAPE_HANG_BUG
-/* XXX: what to do about this? */
-		p=(unsigned char *)s->init_buf->data + s->init_num;
-
-		/* do the header */
-		*(p++)=SSL3_MT_SERVER_DONE;
-		*(p++)=0;
-		*(p++)=0;
-		*(p++)=0;
-		s->init_num += 4;
-#endif
-
-		/* XDTLS:  set message header ? */
-		msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
-		dtls1_set_message_header(s, (void *)s->init_buf->data,
-			SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-
-		s->state = SSL3_ST_SW_CERT_REQ_B;
-		}
-
-	/* SSL3_ST_SW_CERT_REQ_B */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-	return(-1);
-	}
-
-int dtls1_send_server_certificate(SSL *s)
-	{
-	unsigned long l;
-	X509 *x;
-
-	if (s->state == SSL3_ST_SW_CERT_A)
-		{
-		x=ssl_get_server_send_cert(s);
-		if (x == NULL)
-			{
-			/* VRS: allow null cert if auth == KRB5 */
-			if ((s->s3->tmp.new_cipher->algorithm_mkey != SSL_kKRB5) ||
-			    (s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5))
-				{
-				SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
-				return(0);
-				}
-			}
-
-		l=dtls1_output_cert_chain(s,x);
-		if (!l)
-			{
-			SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
-			return(0);
-			}
-		s->state=SSL3_ST_SW_CERT_B;
-		s->init_num=(int)l;
-		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-		}
-
-	/* SSL3_ST_SW_CERT_B */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-#ifndef OPENSSL_NO_TLSEXT
-int dtls1_send_newsession_ticket(SSL *s)
-	{
-	if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
-		{
-		unsigned char *p, *senc, *macstart;
-		int len, slen;
-		unsigned int hlen, msg_len;
-		EVP_CIPHER_CTX ctx;
-		HMAC_CTX hctx;
-		SSL_CTX *tctx = s->initial_ctx;
-		unsigned char iv[EVP_MAX_IV_LENGTH];
-		unsigned char key_name[16];
-
-		/* get session encoding length */
-		slen = i2d_SSL_SESSION(s->session, NULL);
-		/* Some length values are 16 bits, so forget it if session is
- 		 * too long
- 		 */
-		if (slen > 0xFF00)
-			return -1;
-		/* Grow buffer if need be: the length calculation is as
- 		 * follows 12 (DTLS handshake message header) +
- 		 * 4 (ticket lifetime hint) + 2 (ticket length) +
- 		 * 16 (key name) + max_iv_len (iv length) +
- 		 * session_length + max_enc_block_size (max encrypted session
- 		 * length) + max_md_size (HMAC).
- 		 */
-		if (!BUF_MEM_grow(s->init_buf,
-			DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
-			EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
-			return -1;
-		senc = OPENSSL_malloc(slen);
-		if (!senc)
-			return -1;
-		p = senc;
-		i2d_SSL_SESSION(s->session, &p);
-
-		p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
-		EVP_CIPHER_CTX_init(&ctx);
-		HMAC_CTX_init(&hctx);
-		/* Initialize HMAC and cipher contexts. If callback present
-		 * it does all the work otherwise use generated values
-		 * from parent ctx.
-		 */
-		if (tctx->tlsext_ticket_key_cb)
-			{
-			if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
-							 &hctx, 1) < 0)
-				{
-				OPENSSL_free(senc);
-				return -1;
-				}
-			}
-		else
-			{
-			RAND_pseudo_bytes(iv, 16);
-			EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-					tctx->tlsext_tick_aes_key, iv);
-			HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
-					tlsext_tick_md(), NULL);
-			memcpy(key_name, tctx->tlsext_tick_key_name, 16);
-			}
-		l2n(s->session->tlsext_tick_lifetime_hint, p);
-		/* Skip ticket length for now */
-		p += 2;
-		/* Output key name */
-		macstart = p;
-		memcpy(p, key_name, 16);
-		p += 16;
-		/* output IV */
-		memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
-		p += EVP_CIPHER_CTX_iv_length(&ctx);
-		/* Encrypt session data */
-		EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
-		p += len;
-		EVP_EncryptFinal(&ctx, p, &len);
-		p += len;
-		EVP_CIPHER_CTX_cleanup(&ctx);
-
-		HMAC_Update(&hctx, macstart, p - macstart);
-		HMAC_Final(&hctx, p, &hlen);
-		HMAC_CTX_cleanup(&hctx);
-
-		p += hlen;
-		/* Now write out lengths: p points to end of data written */
-		/* Total length */
-		len = p - (unsigned char *)(s->init_buf->data);
-		/* Ticket length */
-		p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
-		s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
-
-		/* number of bytes to write */
-		s->init_num= len;
-		s->state=SSL3_ST_SW_SESSION_TICKET_B;
-		s->init_off=0;
-		OPENSSL_free(senc);
-
-		/* XDTLS:  set message header ? */
-		msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
-		dtls1_set_message_header(s, (void *)s->init_buf->data,
-			SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
-		}
-
-	/* SSL3_ST_SW_SESSION_TICKET_B */
-	return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-#endif
diff --git a/ssl/dtls1.h b/ssl/dtls1.h
deleted file mode 100644
index 338575268f..0000000000
--- a/ssl/dtls1.h
+++ /dev/null
@@ -1,296 +0,0 @@
-/* ssl/dtls1.h */
-/* 
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DTLS1_H
-#define HEADER_DTLS1_H
-
-#include <openssl/buffer.h>
-#include <openssl/pqueue.h>
-#ifdef OPENSSL_SYS_VMS
-#include <resource.h>
-#include <sys/timeb.h>
-#endif
-#ifdef OPENSSL_SYS_WIN32
-/* Needed for struct timeval */
-#include <winsock.h>
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
-#include <sys/timeval.h>
-#else
-#if defined(OPENSSL_SYS_VXWORKS)
-#include <sys/times.h>
-#else
-#include <sys/time.h>
-#endif
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define DTLS1_VERSION			0xFEFF
-#define DTLS_MAX_VERSION		DTLS1_VERSION
-
-#define DTLS1_BAD_VER			0x0100
-
-#if 0
-/* this alert description is not specified anywhere... */
-#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE    110
-#endif
-
-/* lengths of messages */
-#define DTLS1_COOKIE_LENGTH                     256
-
-#define DTLS1_RT_HEADER_LENGTH                  13
-
-#define DTLS1_HM_HEADER_LENGTH                  12
-
-#define DTLS1_HM_BAD_FRAGMENT                   -2
-#define DTLS1_HM_FRAGMENT_RETRY                 -3
-
-#define DTLS1_CCS_HEADER_LENGTH                  1
-
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-#define DTLS1_AL_HEADER_LENGTH                   7
-#else
-#define DTLS1_AL_HEADER_LENGTH                   2
-#endif
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-#ifndef OPENSSL_NO_SCTP
-#define DTLS1_SCTP_AUTH_LABEL	"EXPORTER_DTLS_OVER_SCTP"
-#endif
-
-/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
-#define DTLS1_MAX_MTU_OVERHEAD                   48
-
-typedef struct dtls1_bitmap_st
-	{
-	unsigned long map;		/* track 32 packets on 32-bit systems
-					   and 64 - on 64-bit systems */
-	unsigned char max_seq_num[8];	/* max record number seen so far,
-					   64-bit value in big-endian
-					   encoding */
-	} DTLS1_BITMAP;
-
-struct dtls1_retransmit_state
-	{
-	EVP_CIPHER_CTX *enc_write_ctx;	/* cryptographic state */
-	EVP_MD_CTX *write_hash;			/* used for mac generation */
-#ifndef OPENSSL_NO_COMP
-	COMP_CTX *compress;				/* compression */
-#else
-	char *compress;	
-#endif
-	SSL_SESSION *session;
-	unsigned short epoch;
-	};
-
-struct hm_header_st
-	{
-	unsigned char type;
-	unsigned long msg_len;
-	unsigned short seq;
-	unsigned long frag_off;
-	unsigned long frag_len;
-	unsigned int is_ccs;
-	struct dtls1_retransmit_state saved_retransmit_state;
-	};
-
-struct ccs_header_st
-	{
-	unsigned char type;
-	unsigned short seq;
-	};
-
-struct dtls1_timeout_st
-	{
-	/* Number of read timeouts so far */
-	unsigned int read_timeouts;
-	
-	/* Number of write timeouts so far */
-	unsigned int write_timeouts;
-	
-	/* Number of alerts received so far */
-	unsigned int num_alerts;
-	};
-
-typedef struct record_pqueue_st
-	{
-	unsigned short epoch;
-	pqueue q;
-	} record_pqueue;
-
-typedef struct hm_fragment_st
-	{
-	struct hm_header_st msg_header;
-	unsigned char *fragment;
-	unsigned char *reassembly;
-	} hm_fragment;
-
-typedef struct dtls1_state_st
-	{
-	unsigned int send_cookie;
-	unsigned char cookie[DTLS1_COOKIE_LENGTH];
-	unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
-	unsigned int cookie_len;
-
-	/* 
-	 * The current data and handshake epoch.  This is initially
-	 * undefined, and starts at zero once the initial handshake is
-	 * completed 
-	 */
-	unsigned short r_epoch;
-	unsigned short w_epoch;
-
-	/* records being received in the current epoch */
-	DTLS1_BITMAP bitmap;
-
-	/* renegotiation starts a new set of sequence numbers */
-	DTLS1_BITMAP next_bitmap;
-
-	/* handshake message numbers */
-	unsigned short handshake_write_seq;
-	unsigned short next_handshake_write_seq;
-
-	unsigned short handshake_read_seq;
-
-	/* save last sequence number for retransmissions */
-	unsigned char last_write_sequence[8];
-
-	/* Received handshake records (processed and unprocessed) */
-	record_pqueue unprocessed_rcds;
-	record_pqueue processed_rcds;
-
-	/* Buffered handshake messages */
-	pqueue buffered_messages;
-
-	/* Buffered (sent) handshake records */
-	pqueue sent_messages;
-
-	/* Buffered application records.
-	 * Only for records between CCS and Finished
-	 * to prevent either protocol violation or
-	 * unnecessary message loss.
-	 */
-	record_pqueue buffered_app_data;
-
-	/* Is set when listening for new connections with dtls1_listen() */
-	unsigned int listen;
-
-	unsigned int link_mtu; /* max on-the-wire DTLS packet size */
-	unsigned int mtu; /* max DTLS packet size */
-
-	struct hm_header_st w_msg_hdr;
-	struct hm_header_st r_msg_hdr;
-
-	struct dtls1_timeout_st timeout;
-
-	/* Indicates when the last handshake msg or heartbeat sent will timeout */
-	struct timeval next_timeout;
-
-	/* Timeout duration */
-	unsigned short timeout_duration;
-
-	/* storage for Alert/Handshake protocol data received but not
-	 * yet processed by ssl3_read_bytes: */
-	unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
-	unsigned int alert_fragment_len;
-	unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
-	unsigned int handshake_fragment_len;
-
-	unsigned int retransmitting;
-	/*
-	 * Set when the handshake is ready to process peer's ChangeCipherSpec message.
-	 * Cleared after the message has been processed.
-	 */
-	unsigned int change_cipher_spec_ok;
-
-#ifndef OPENSSL_NO_SCTP
-	/* used when SSL_ST_XX_FLUSH is entered */
-	int next_state;
-
-	int shutdown_received;
-#endif
-
-	} DTLS1_STATE;
-
-typedef struct dtls1_record_data_st
-	{
-	unsigned char *packet;
-	unsigned int   packet_length;
-	SSL3_BUFFER    rbuf;
-	SSL3_RECORD    rrec;
-#ifndef OPENSSL_NO_SCTP
-	struct bio_dgram_sctp_rcvinfo recordinfo;
-#endif
-	} DTLS1_RECORD_DATA;
-
-#endif
-
-/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
-#define DTLS1_TMO_READ_COUNT                      2
-#define DTLS1_TMO_WRITE_COUNT                     2
-
-#define DTLS1_TMO_ALERT_COUNT                     12
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/ssl/kssl.c b/ssl/kssl.c
deleted file mode 100644
index 950a0c56f1..0000000000
--- a/ssl/kssl.c
+++ /dev/null
@@ -1,2221 +0,0 @@
-/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-/*  ssl/kssl.c  --  Routines to support (& debug) Kerberos5 auth for openssl
-**
-**  19990701	VRS 	Started.
-**  200011??	Jeffrey Altman, Richard Levitte
-**          		Generalized for Heimdal, Newer MIT, & Win32.
-**          		Integrated into main OpenSSL 0.9.7 snapshots.
-**  20010413	Simon Wilkinson, VRS
-**          		Real RFC2712 KerberosWrapper replaces AP_REQ.
-*/
-
-#include <openssl/opensslconf.h>
-
-#include <string.h>
-
-#define KRB5_PRIVATE	1
-
-#include <openssl/ssl.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/krb5_asn.h>
-#include "kssl_lcl.h"
-
-#ifndef OPENSSL_NO_KRB5
-
-#ifndef ENOMEM
-#define ENOMEM KRB5KRB_ERR_GENERIC
-#endif
-
-/* 
- * When OpenSSL is built on Windows, we do not want to require that
- * the Kerberos DLLs be available in order for the OpenSSL DLLs to
- * work.  Therefore, all Kerberos routines are loaded at run time
- * and we do not link to a .LIB file.
- */
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-/* 
- * The purpose of the following pre-processor statements is to provide
- * compatibility with different releases of MIT Kerberos for Windows.
- * All versions up to 1.2 used macros.  But macros do not allow for
- * a binary compatible interface for DLLs.  Therefore, all macros are
- * being replaced by function calls.  The following code will allow
- * an OpenSSL DLL built on Windows to work whether or not the macro
- * or function form of the routines are utilized.
- */
-#ifdef  krb5_cc_get_principal
-#define NO_DEF_KRB5_CCACHE
-#undef  krb5_cc_get_principal
-#endif
-#define krb5_cc_get_principal    kssl_krb5_cc_get_principal
-
-#define krb5_free_data_contents  kssl_krb5_free_data_contents   
-#define krb5_free_context        kssl_krb5_free_context         
-#define krb5_auth_con_free       kssl_krb5_auth_con_free        
-#define krb5_free_principal      kssl_krb5_free_principal       
-#define krb5_mk_req_extended     kssl_krb5_mk_req_extended      
-#define krb5_get_credentials     kssl_krb5_get_credentials      
-#define krb5_cc_default          kssl_krb5_cc_default           
-#define krb5_sname_to_principal  kssl_krb5_sname_to_principal   
-#define krb5_init_context        kssl_krb5_init_context         
-#define krb5_free_ticket         kssl_krb5_free_ticket          
-#define krb5_rd_req              kssl_krb5_rd_req               
-#define krb5_kt_default          kssl_krb5_kt_default           
-#define krb5_kt_resolve          kssl_krb5_kt_resolve           
-/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */
-#ifndef krb5_kt_close
-#define krb5_kt_close            kssl_krb5_kt_close
-#endif /* krb5_kt_close */
-#ifndef krb5_kt_get_entry
-#define krb5_kt_get_entry        kssl_krb5_kt_get_entry
-#endif /* krb5_kt_get_entry */
-#define krb5_auth_con_init       kssl_krb5_auth_con_init        
-
-#define krb5_principal_compare   kssl_krb5_principal_compare
-#define krb5_decrypt_tkt_part    kssl_krb5_decrypt_tkt_part
-#define krb5_timeofday           kssl_krb5_timeofday
-#define krb5_rc_default          kssl_krb5_rc_default
-
-#ifdef krb5_rc_initialize
-#undef krb5_rc_initialize
-#endif
-#define krb5_rc_initialize   kssl_krb5_rc_initialize
-
-#ifdef krb5_rc_get_lifespan
-#undef krb5_rc_get_lifespan
-#endif
-#define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan
-
-#ifdef krb5_rc_destroy
-#undef krb5_rc_destroy
-#endif
-#define krb5_rc_destroy      kssl_krb5_rc_destroy
-
-#define valid_cksumtype      kssl_valid_cksumtype
-#define krb5_checksum_size   kssl_krb5_checksum_size
-#define krb5_kt_free_entry   kssl_krb5_kt_free_entry
-#define krb5_auth_con_setrcache  kssl_krb5_auth_con_setrcache
-#define krb5_auth_con_getrcache  kssl_krb5_auth_con_getrcache
-#define krb5_get_server_rcache   kssl_krb5_get_server_rcache
-
-/* Prototypes for built in stubs */
-void kssl_krb5_free_data_contents(krb5_context, krb5_data *);
-void kssl_krb5_free_principal(krb5_context, krb5_principal );
-krb5_error_code kssl_krb5_kt_resolve(krb5_context,
-                                     krb5_const char *,
-                                     krb5_keytab *);
-krb5_error_code kssl_krb5_kt_default(krb5_context,
-                                     krb5_keytab *);
-krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *);
-krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *, 
-                                 krb5_const krb5_data *,
-                                 krb5_const_principal, krb5_keytab, 
-                                 krb5_flags *,krb5_ticket **);
-
-krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal,
-                                         krb5_const_principal);
-krb5_error_code kssl_krb5_mk_req_extended(krb5_context,
-                                          krb5_auth_context  *,
-                                          krb5_const krb5_flags,
-                                          krb5_data  *,
-                                          krb5_creds  *,
-                                          krb5_data  * );
-krb5_error_code kssl_krb5_init_context(krb5_context *);
-void kssl_krb5_free_context(krb5_context);
-krb5_error_code kssl_krb5_cc_default(krb5_context,krb5_ccache  *);
-krb5_error_code kssl_krb5_sname_to_principal(krb5_context,
-                                             krb5_const char  *,
-                                             krb5_const char  *,
-                                             krb5_int32,
-                                             krb5_principal  *);
-krb5_error_code kssl_krb5_get_credentials(krb5_context,
-                                          krb5_const krb5_flags,
-                                          krb5_ccache,
-                                          krb5_creds  *,
-                                          krb5_creds  *  *);
-krb5_error_code kssl_krb5_auth_con_init(krb5_context,
-                                        krb5_auth_context  *);
-krb5_error_code kssl_krb5_cc_get_principal(krb5_context context, 
-                                           krb5_ccache cache,
-                                           krb5_principal *principal);
-krb5_error_code kssl_krb5_auth_con_free(krb5_context,krb5_auth_context);
-size_t kssl_krb5_checksum_size(krb5_context context,krb5_cksumtype ctype);
-krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype);
-krb5_error_code krb5_kt_free_entry(krb5_context,krb5_keytab_entry FAR * );
-krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context, 
-                                             krb5_auth_context, 
-                                             krb5_rcache);
-krb5_error_code kssl_krb5_get_server_rcache(krb5_context, 
-                                            krb5_const krb5_data *,
-                                            krb5_rcache *);
-krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context, 
-                                             krb5_auth_context,
-                                             krb5_rcache *);
-
-/* Function pointers (almost all Kerberos functions are _stdcall) */
-static void (_stdcall *p_krb5_free_data_contents)(krb5_context, krb5_data *)
-	=NULL;
-static void (_stdcall *p_krb5_free_principal)(krb5_context, krb5_principal )
-	=NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_resolve)
-			(krb5_context, krb5_const char *, krb5_keytab *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_kt_default)(krb5_context,
-                                                     krb5_keytab *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_free_ticket)(krb5_context, 
-                                                      krb5_ticket *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rd_req)(krb5_context, 
-                                                 krb5_auth_context *, 
-                                                 krb5_const krb5_data *,
-                                                 krb5_const_principal, 
-                                                 krb5_keytab, krb5_flags *,
-                                                 krb5_ticket **)=NULL;
-static krb5_error_code (_stdcall *p_krb5_mk_req_extended)
-			(krb5_context, krb5_auth_context *,
-			 krb5_const krb5_flags, krb5_data *, krb5_creds *,
-			 krb5_data * )=NULL;
-static krb5_error_code (_stdcall *p_krb5_init_context)(krb5_context *)=NULL;
-static void (_stdcall *p_krb5_free_context)(krb5_context)=NULL;
-static krb5_error_code (_stdcall *p_krb5_cc_default)(krb5_context,
-                                                     krb5_ccache  *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_sname_to_principal)
-			(krb5_context, krb5_const char *, krb5_const char *,
-			 krb5_int32, krb5_principal *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_get_credentials)
-			(krb5_context, krb5_const krb5_flags, krb5_ccache,
-			 krb5_creds *, krb5_creds **)=NULL;
-static krb5_error_code (_stdcall *p_krb5_auth_con_init)
-			(krb5_context, krb5_auth_context *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_cc_get_principal)
-			(krb5_context context, krb5_ccache cache,
-			 krb5_principal *principal)=NULL;
-static krb5_error_code (_stdcall *p_krb5_auth_con_free)
-			(krb5_context, krb5_auth_context)=NULL;
-static krb5_error_code (_stdcall *p_krb5_decrypt_tkt_part)
-                        (krb5_context, krb5_const krb5_keyblock *,
-                                           krb5_ticket *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_timeofday)
-                        (krb5_context context, krb5_int32 *timeret)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rc_default)
-                        (krb5_context context, krb5_rcache *rc)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rc_initialize)
-                        (krb5_context context, krb5_rcache rc,
-                                     krb5_deltat lifespan)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rc_get_lifespan)
-                        (krb5_context context, krb5_rcache rc,
-                                       krb5_deltat *lifespan)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rc_destroy)
-                        (krb5_context context, krb5_rcache rc)=NULL;
-static krb5_boolean (_stdcall *p_krb5_principal_compare)
-                     (krb5_context, krb5_const_principal, krb5_const_principal)=NULL;
-static size_t (_stdcall *p_krb5_checksum_size)(krb5_context context,krb5_cksumtype ctype)=NULL;
-static krb5_boolean (_stdcall *p_valid_cksumtype)(krb5_cksumtype ctype)=NULL;
-static krb5_error_code (_stdcall *p_krb5_kt_free_entry)
-                        (krb5_context,krb5_keytab_entry * )=NULL;
-static krb5_error_code (_stdcall * p_krb5_auth_con_setrcache)(krb5_context, 
-                                                               krb5_auth_context, 
-                                                               krb5_rcache)=NULL;
-static krb5_error_code (_stdcall * p_krb5_get_server_rcache)(krb5_context, 
-                                                              krb5_const krb5_data *, 
-                                                              krb5_rcache *)=NULL;
-static krb5_error_code (* p_krb5_auth_con_getrcache)(krb5_context, 
-                                                      krb5_auth_context,
-                                                      krb5_rcache *)=NULL;
-static krb5_error_code (_stdcall * p_krb5_kt_close)(krb5_context context, 
-                                                    krb5_keytab keytab)=NULL;
-static krb5_error_code (_stdcall * p_krb5_kt_get_entry)(krb5_context context, 
-                                                        krb5_keytab keytab,
-                       krb5_const_principal principal, krb5_kvno vno,
-                       krb5_enctype enctype, krb5_keytab_entry *entry)=NULL;
-static int krb5_loaded = 0;     /* only attempt to initialize func ptrs once */
-
-/* Function to Load the Kerberos 5 DLL and initialize function pointers */
-void
-load_krb5_dll(void)
-	{
-	HANDLE hKRB5_32;
-    
-	krb5_loaded++;
-	hKRB5_32 = LoadLibrary(TEXT("KRB5_32"));
-	if (!hKRB5_32)
-		return;
-
-	(FARPROC) p_krb5_free_data_contents =
-		GetProcAddress( hKRB5_32, "krb5_free_data_contents" );
-	(FARPROC) p_krb5_free_context =
-		GetProcAddress( hKRB5_32, "krb5_free_context" );
-	(FARPROC) p_krb5_auth_con_free =
-		GetProcAddress( hKRB5_32, "krb5_auth_con_free" );
-	(FARPROC) p_krb5_free_principal =
-		GetProcAddress( hKRB5_32, "krb5_free_principal" );
-	(FARPROC) p_krb5_mk_req_extended =
-		GetProcAddress( hKRB5_32, "krb5_mk_req_extended" );
-	(FARPROC) p_krb5_get_credentials =
-		GetProcAddress( hKRB5_32, "krb5_get_credentials" );
-	(FARPROC) p_krb5_cc_get_principal =
-		GetProcAddress( hKRB5_32, "krb5_cc_get_principal" );
-	(FARPROC) p_krb5_cc_default =
-		GetProcAddress( hKRB5_32, "krb5_cc_default" );
-	(FARPROC) p_krb5_sname_to_principal =
-		GetProcAddress( hKRB5_32, "krb5_sname_to_principal" );
-	(FARPROC) p_krb5_init_context =
-		GetProcAddress( hKRB5_32, "krb5_init_context" );
-	(FARPROC) p_krb5_free_ticket =
-		GetProcAddress( hKRB5_32, "krb5_free_ticket" );
-	(FARPROC) p_krb5_rd_req =
-		GetProcAddress( hKRB5_32, "krb5_rd_req" );
-	(FARPROC) p_krb5_principal_compare =
-		GetProcAddress( hKRB5_32, "krb5_principal_compare" );
-	(FARPROC) p_krb5_decrypt_tkt_part =
-		GetProcAddress( hKRB5_32, "krb5_decrypt_tkt_part" );
-	(FARPROC) p_krb5_timeofday =
-		GetProcAddress( hKRB5_32, "krb5_timeofday" );
-	(FARPROC) p_krb5_rc_default =
-		GetProcAddress( hKRB5_32, "krb5_rc_default" );
-	(FARPROC) p_krb5_rc_initialize =
-		GetProcAddress( hKRB5_32, "krb5_rc_initialize" );
-	(FARPROC) p_krb5_rc_get_lifespan =
-		GetProcAddress( hKRB5_32, "krb5_rc_get_lifespan" );
-	(FARPROC) p_krb5_rc_destroy =
-		GetProcAddress( hKRB5_32, "krb5_rc_destroy" );
-	(FARPROC) p_krb5_kt_default =
-		GetProcAddress( hKRB5_32, "krb5_kt_default" );
-	(FARPROC) p_krb5_kt_resolve =
-		GetProcAddress( hKRB5_32, "krb5_kt_resolve" );
-	(FARPROC) p_krb5_auth_con_init =
-		GetProcAddress( hKRB5_32, "krb5_auth_con_init" );
-        (FARPROC) p_valid_cksumtype =
-                GetProcAddress( hKRB5_32, "valid_cksumtype" );
-        (FARPROC) p_krb5_checksum_size =
-                GetProcAddress( hKRB5_32, "krb5_checksum_size" );
-        (FARPROC) p_krb5_kt_free_entry =
-                GetProcAddress( hKRB5_32, "krb5_kt_free_entry" );
-        (FARPROC) p_krb5_auth_con_setrcache =
-                GetProcAddress( hKRB5_32, "krb5_auth_con_setrcache" );
-        (FARPROC) p_krb5_get_server_rcache =
-                GetProcAddress( hKRB5_32, "krb5_get_server_rcache" );
-        (FARPROC) p_krb5_auth_con_getrcache =
-                GetProcAddress( hKRB5_32, "krb5_auth_con_getrcache" );
-        (FARPROC) p_krb5_kt_close =
-                GetProcAddress( hKRB5_32, "krb5_kt_close" );
-        (FARPROC) p_krb5_kt_get_entry =
-                GetProcAddress( hKRB5_32, "krb5_kt_get_entry" );
-	}
-
-/* Stubs for each function to be dynamicly loaded */
-void
-kssl_krb5_free_data_contents(krb5_context CO, krb5_data  * data)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_free_data_contents )
-		p_krb5_free_data_contents(CO,data);
-	}
-
-krb5_error_code
-kssl_krb5_mk_req_extended (krb5_context CO,
-                          krb5_auth_context  * pACO,
-                          krb5_const krb5_flags F,
-                          krb5_data  * pD1,
-                          krb5_creds  * pC,
-                          krb5_data  * pD2)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_mk_req_extended )
-		return(p_krb5_mk_req_extended(CO,pACO,F,pD1,pC,pD2));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-krb5_error_code
-kssl_krb5_auth_con_init(krb5_context CO,
-                       krb5_auth_context  * pACO)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_auth_con_init )
-		return(p_krb5_auth_con_init(CO,pACO));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-krb5_error_code
-kssl_krb5_auth_con_free (krb5_context CO,
-                        krb5_auth_context ACO)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_auth_con_free )
-		return(p_krb5_auth_con_free(CO,ACO));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-krb5_error_code
-kssl_krb5_get_credentials(krb5_context CO,
-                         krb5_const krb5_flags F,
-                         krb5_ccache CC,
-                         krb5_creds  * pCR,
-                         krb5_creds  ** ppCR)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_get_credentials )
-		return(p_krb5_get_credentials(CO,F,CC,pCR,ppCR));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-krb5_error_code
-kssl_krb5_sname_to_principal(krb5_context CO,
-                            krb5_const char  * pC1,
-                            krb5_const char  * pC2,
-                            krb5_int32 I,
-                            krb5_principal  * pPR)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_sname_to_principal )
-		return(p_krb5_sname_to_principal(CO,pC1,pC2,I,pPR));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_error_code
-kssl_krb5_cc_default(krb5_context CO,
-                    krb5_ccache  * pCC)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_cc_default )
-		return(p_krb5_cc_default(CO,pCC));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_error_code
-kssl_krb5_init_context(krb5_context * pCO)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_init_context )
-		return(p_krb5_init_context(pCO));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-void
-kssl_krb5_free_context(krb5_context CO)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_free_context )
-		p_krb5_free_context(CO);
-	}
-
-void
-kssl_krb5_free_principal(krb5_context c, krb5_principal p)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_free_principal )
-		p_krb5_free_principal(c,p);
-	}
-
-krb5_error_code
-kssl_krb5_kt_resolve(krb5_context con,
-                    krb5_const char * sz,
-                    krb5_keytab * kt)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_kt_resolve )
-		return(p_krb5_kt_resolve(con,sz,kt));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_error_code
-kssl_krb5_kt_default(krb5_context con,
-                    krb5_keytab * kt)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_kt_default )
-		return(p_krb5_kt_default(con,kt));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_error_code
-kssl_krb5_free_ticket(krb5_context con,
-                     krb5_ticket * kt)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_free_ticket )
-		return(p_krb5_free_ticket(con,kt));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_error_code
-kssl_krb5_rd_req(krb5_context con, krb5_auth_context * pacon,
-                krb5_const krb5_data * data,
-                krb5_const_principal princ, krb5_keytab keytab,
-                krb5_flags * flags, krb5_ticket ** pptkt)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_rd_req )
-		return(p_krb5_rd_req(con,pacon,data,princ,keytab,flags,pptkt));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_boolean
-krb5_principal_compare(krb5_context con, krb5_const_principal princ1,
-                krb5_const_principal princ2)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_principal_compare )
-		return(p_krb5_principal_compare(con,princ1,princ2));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_error_code
-krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys,
-                krb5_ticket *ticket)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_decrypt_tkt_part )
-		return(p_krb5_decrypt_tkt_part(con,keys,ticket));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_error_code
-krb5_timeofday(krb5_context con, krb5_int32 *timeret)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_timeofday )
-		return(p_krb5_timeofday(con,timeret));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_error_code
-krb5_rc_default(krb5_context con, krb5_rcache *rc)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_rc_default )
-		return(p_krb5_rc_default(con,rc));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_error_code
-krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_rc_initialize )
-		return(p_krb5_rc_initialize(con, rc, lifespan));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_error_code
-krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_rc_get_lifespan )
-		return(p_krb5_rc_get_lifespan(con, rc, lifespanp));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_error_code
-krb5_rc_destroy(krb5_context con, krb5_rcache rc)
-	{
-	if (!krb5_loaded)
-		load_krb5_dll();
-
-	if ( p_krb5_rc_destroy )
-		return(p_krb5_rc_destroy(con, rc));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-size_t 
-krb5_checksum_size(krb5_context context,krb5_cksumtype ctype)
-        {
-        if (!krb5_loaded)
-                load_krb5_dll();
-
-        if ( p_krb5_checksum_size )
-                return(p_krb5_checksum_size(context, ctype));
-        else
-                return KRB5KRB_ERR_GENERIC;
-        }
-
-krb5_boolean 
-valid_cksumtype(krb5_cksumtype ctype)
-        {
-        if (!krb5_loaded)
-                load_krb5_dll();
-
-        if ( p_valid_cksumtype )
-                return(p_valid_cksumtype(ctype));
-        else
-                return KRB5KRB_ERR_GENERIC;
-        }
-
-krb5_error_code 
-krb5_kt_free_entry(krb5_context con,krb5_keytab_entry * entry)
-        {
-        if (!krb5_loaded)
-                load_krb5_dll();
-
-        if ( p_krb5_kt_free_entry )
-                return(p_krb5_kt_free_entry(con,entry));
-        else
-                return KRB5KRB_ERR_GENERIC;
-        }
-                 
-/* Structure definitions  */
-#ifndef NO_DEF_KRB5_CCACHE
-#ifndef krb5_x
-#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
-#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
-#endif 
-
-typedef	krb5_pointer	krb5_cc_cursor;	/* cursor for sequential lookup */
-
-typedef struct _krb5_ccache
-	{
-	krb5_magic magic;
-	struct _krb5_cc_ops FAR *ops;
-	krb5_pointer data;
-	} *krb5_ccache;
-
-typedef struct _krb5_cc_ops
-	{
-	krb5_magic magic;
-	char  *prefix;
-	char  * (KRB5_CALLCONV *get_name)
-		(krb5_context, krb5_ccache);
-	krb5_error_code (KRB5_CALLCONV *resolve)
-		(krb5_context, krb5_ccache  *, const char  *);
-	krb5_error_code (KRB5_CALLCONV *gen_new)
-		(krb5_context, krb5_ccache  *);
-	krb5_error_code (KRB5_CALLCONV *init)
-		(krb5_context, krb5_ccache, krb5_principal);
-	krb5_error_code (KRB5_CALLCONV *destroy)
-		(krb5_context, krb5_ccache);
-	krb5_error_code (KRB5_CALLCONV *close)
-		(krb5_context, krb5_ccache);
-	krb5_error_code (KRB5_CALLCONV *store)
-		(krb5_context, krb5_ccache, krb5_creds  *);
-	krb5_error_code (KRB5_CALLCONV *retrieve)
-		(krb5_context, krb5_ccache,
-		krb5_flags, krb5_creds  *, krb5_creds  *);
-	krb5_error_code (KRB5_CALLCONV *get_princ)
-		(krb5_context, krb5_ccache, krb5_principal  *);
-	krb5_error_code (KRB5_CALLCONV *get_first)
-		(krb5_context, krb5_ccache, krb5_cc_cursor  *);
-	krb5_error_code (KRB5_CALLCONV *get_next)
-		(krb5_context, krb5_ccache,
-		krb5_cc_cursor  *, krb5_creds  *);
-	krb5_error_code (KRB5_CALLCONV *end_get)
-		(krb5_context, krb5_ccache, krb5_cc_cursor  *);
-	krb5_error_code (KRB5_CALLCONV *remove_cred)
-		(krb5_context, krb5_ccache,
-		krb5_flags, krb5_creds  *);
-	krb5_error_code (KRB5_CALLCONV *set_flags)
-		(krb5_context, krb5_ccache, krb5_flags);
-	} krb5_cc_ops;
-#endif /* NO_DEF_KRB5_CCACHE */
-
-krb5_error_code 
-kssl_krb5_cc_get_principal
-    (krb5_context context, krb5_ccache cache,
-      krb5_principal *principal)
-	{
-	if ( p_krb5_cc_get_principal )
-		return(p_krb5_cc_get_principal(context,cache,principal));
-	else
-		return(krb5_x
-			((cache)->ops->get_princ,(context, cache, principal)));
-	}
-
-krb5_error_code
-kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon,
-                             krb5_rcache rcache)
-        {
-        if ( p_krb5_auth_con_setrcache )
-                 return(p_krb5_auth_con_setrcache(con,acon,rcache));
-        else
-                 return KRB5KRB_ERR_GENERIC;
-        }
-
-krb5_error_code
-kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data * data,
-                            krb5_rcache * rcache) 
-        {
-	if ( p_krb5_get_server_rcache )
-		return(p_krb5_get_server_rcache(con,data,rcache));
-	else
-		return KRB5KRB_ERR_GENERIC;
-        }
-
-krb5_error_code
-kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon,
-                             krb5_rcache * prcache)
-        {
-	if ( p_krb5_auth_con_getrcache )
-		return(p_krb5_auth_con_getrcache(con,acon, prcache));
-	else
-		return KRB5KRB_ERR_GENERIC;
-	}
- 
-krb5_error_code
-kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab)
-	{
-	if ( p_krb5_kt_close )
-		return(p_krb5_kt_close(context,keytab));
-	else 
-		return KRB5KRB_ERR_GENERIC;
-	}
-
-krb5_error_code
-kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
-                       krb5_const_principal principal, krb5_kvno vno,
-                       krb5_enctype enctype, krb5_keytab_entry *entry)
-	{
-	if ( p_krb5_kt_get_entry )
-		return(p_krb5_kt_get_entry(context,keytab,principal,vno,enctype,entry));
-	else
-		return KRB5KRB_ERR_GENERIC;
-        }
-#endif  /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */
-
-
-/* memory allocation functions for non-temporary storage
- * (e.g. stuff that gets saved into the kssl context) */
-static void* kssl_calloc(size_t nmemb, size_t size)
-{
-	void* p;
-	
-	p=OPENSSL_malloc(nmemb*size);
-	if (p){
-		memset(p, 0, nmemb*size);
-	}
-	return p;
-}
-
-#define kssl_malloc(size) OPENSSL_malloc((size))
-#define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size)
-#define kssl_free(ptr) OPENSSL_free((ptr))
-
-
-char
-*kstring(char *string)
-        {
-        static char	*null = "[NULL]";
-
-	return ((string == NULL)? null: string);
-        }
-
-/*	Given KRB5 enctype (basically DES or 3DES),
-**	return closest match openssl EVP_ encryption algorithm.
-**	Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes.
-**	Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK.
-*/
-const EVP_CIPHER *
-kssl_map_enc(krb5_enctype enctype)
-        {
-	switch (enctype)
-		{
-	case ENCTYPE_DES_HMAC_SHA1:		/*    EVP_des_cbc();       */
-	case ENCTYPE_DES_CBC_CRC:
-	case ENCTYPE_DES_CBC_MD4:
-	case ENCTYPE_DES_CBC_MD5:
-	case ENCTYPE_DES_CBC_RAW:
-				return EVP_des_cbc();
-				break;
-	case ENCTYPE_DES3_CBC_SHA1:		/*    EVP_des_ede3_cbc();  */
-	case ENCTYPE_DES3_CBC_SHA:
-	case ENCTYPE_DES3_CBC_RAW:
-				return EVP_des_ede3_cbc();
-				break;
-	default:                return NULL;
-				break;
-		}
-	}
-
-
-/*	Return true:1 if p "looks like" the start of the real authenticator
-**	described in kssl_skip_confound() below.  The ASN.1 pattern is
-**	"62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
-**	xx and yy are possibly multi-byte length fields.
-*/
-static int 	kssl_test_confound(unsigned char *p)
-	{
-	int 	len = 2;
-	int 	xx = 0, yy = 0;
-
-	if (*p++ != 0x62)  return 0;
-	if (*p > 0x82)  return 0;
-	switch(*p)  {
-		case 0x82:  p++;          xx = (*p++ << 8);  xx += *p++;  break;
-		case 0x81:  p++;          xx =  *p++;  break;
-		case 0x80:  return 0;
-		default:    xx = *p++;  break;
-		}
-	if (*p++ != 0x30)  return 0;
-	if (*p > 0x82)  return 0;
-	switch(*p)  {
-		case 0x82:  p++; len+=2;  yy = (*p++ << 8);  yy += *p++;  break;
-		case 0x81:  p++; len++;   yy =  *p++;  break;
-		case 0x80:  return 0;
-		default:    yy = *p++;  break;
-		}
-
-	return (xx - len == yy)? 1: 0;
-	}
-
-/*	Allocate, fill, and return cksumlens array of checksum lengths.
-**	This array holds just the unique elements from the krb5_cksumarray[].
-**	array[n] == 0 signals end of data.
-**
-**      The krb5_cksumarray[] was an internal variable that has since been
-**      replaced by a more general method for storing the data.  It should
-**      not be used.  Instead we use real API calls and make a guess for 
-**      what the highest assigned CKSUMTYPE_ constant is.  As of 1.2.2
-**      it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3).  So we will use 0x0010.
-*/
-static size_t  *populate_cksumlens(void)
-	{
-	int 		i, j, n;
-	static size_t 	*cklens = NULL;
-
-#ifdef KRB5_MIT_OLD11
-	n = krb5_max_cksum;
-#else
-	n = 0x0010;
-#endif	/* KRB5_MIT_OLD11 */
- 
-#ifdef KRB5CHECKAUTH
-	if (!cklens && !(cklens = (size_t *) calloc(sizeof(int),n+1)))  return NULL;
-
-	for (i=0; i < n; i++)  {
-		if (!valid_cksumtype(i))  continue;	/*  array has holes  */
-		for (j=0; j < n; j++)  {
-			if (cklens[j] == 0)  {
-				cklens[j] = krb5_checksum_size(NULL,i);
-				break;		/*  krb5 elem was new: add   */
-				}
-			if (cklens[j] == krb5_checksum_size(NULL,i))  {
-				break;		/*  ignore duplicate elements */
-				}
-			}
-		}
-#endif	/* KRB5CHECKAUTH */
-
-	return cklens;
-	}
-
-/*	Return pointer to start of real authenticator within authenticator, or
-**	return NULL on error.
-**	Decrypted authenticator looks like this:
-**		[0 or 8 byte confounder] [4-24 byte checksum] [real authent'r]
-**	This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the
-**	krb5_auth_con_getcksumtype() function advertised in its krb5.h.
-*/
-unsigned char	*kssl_skip_confound(krb5_enctype etype, unsigned char *a)
-	{
-	int 		i, conlen;
-	size_t		cklen;
-	static size_t 	*cksumlens = NULL;
-	unsigned char	*test_auth;
-
-	conlen = (etype)? 8: 0;
-
-	if (!cksumlens  &&  !(cksumlens = populate_cksumlens()))  return NULL;
-	for (i=0; (cklen = cksumlens[i]) != 0; i++)
-		{
-		test_auth = a + conlen + cklen;
-		if (kssl_test_confound(test_auth))  return test_auth;
-		}
-
-	return NULL;
-	}
-
-
-/*	Set kssl_err error info when reason text is a simple string
-**		kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; }
-*/
-void
-kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text)
-        {
-	if (kssl_err == NULL)  return;
-
-	kssl_err->reason = reason;
-	BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, "%s", text);
-	return;
-        }
-
-
-/*	Display contents of krb5_data struct, for debugging
-*/
-void
-print_krb5_data(char *label, krb5_data *kdata)
-        {
-	int i;
-
-	fprintf(stderr,"%s[%d] ", label, kdata->length);
-	for (i=0; i < (int)kdata->length; i++)
-                {
-		if (0 &&  isprint((int) kdata->data[i]))
-                        fprintf(stderr,	"%c ",  kdata->data[i]);
-		else
-                        fprintf(stderr,	"%02x ", (unsigned char) kdata->data[i]);
-		}
-	fprintf(stderr,"\n");
-        }
-
-
-/*	Display contents of krb5_authdata struct, for debugging
-*/
-void
-print_krb5_authdata(char *label, krb5_authdata **adata)
-        {
-	if (adata == NULL)
-                {
-		fprintf(stderr,"%s, authdata==0\n", label);
-		return;
-		}
-	fprintf(stderr,"%s [%p]\n", label, (void *)adata);
-#if 0
-	{
-        int 	i;
-	fprintf(stderr,"%s[at%d:%d] ", label, adata->ad_type, adata->length);
-	for (i=0; i < adata->length; i++)
-                {
-                fprintf(stderr,(isprint(adata->contents[i]))? "%c ": "%02x",
-                        adata->contents[i]);
-		}
-	fprintf(stderr,"\n");
-	}
-#endif
-	}
-
-
-/*	Display contents of krb5_keyblock struct, for debugging
-*/
-void
-print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
-        {
-	int i;
-
-	if (keyblk == NULL)
-                {
-		fprintf(stderr,"%s, keyblk==0\n", label);
-		return;
-		}
-#ifdef KRB5_HEIMDAL
-	fprintf(stderr,"%s\n\t[et%d:%d]: ", label, keyblk->keytype,
-					   keyblk->keyvalue->length);
-	for (i=0; i < (int)keyblk->keyvalue->length; i++)
-                {
-		fprintf(stderr,"%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
-		}
-	fprintf(stderr,"\n");
-#else
-	fprintf(stderr,"%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
-	for (i=0; i < (int)keyblk->length; i++)
-                {
-		fprintf(stderr,"%02x",keyblk->contents[i]);
-		}
-	fprintf(stderr,"\n");
-#endif
-        }
-
-
-/*	Display contents of krb5_principal_data struct, for debugging
-**	(krb5_principal is typedef'd == krb5_principal_data *)
-*/
-static void
-print_krb5_princ(char *label, krb5_principal_data *princ)
-        {
-	int i, ui, uj;
-
-	fprintf(stderr,"%s principal Realm: ", label);
-	if (princ == NULL)  return;
-	for (ui=0; ui < (int)princ->realm.length; ui++)  putchar(princ->realm.data[ui]);
-	fprintf(stderr," (nametype %d) has %d strings:\n", princ->type,princ->length);
-	for (i=0; i < (int)princ->length; i++)
-                {
-		fprintf(stderr,"\t%d [%d]: ", i, princ->data[i].length);
-		for (uj=0; uj < (int)princ->data[i].length; uj++)  {
-			putchar(princ->data[i].data[uj]);
-			}
-		fprintf(stderr,"\n");
-		}
-	return;
-        }
-
-
-/*	Given krb5 service (typically "kssl") and hostname in kssl_ctx,
-**	Return encrypted Kerberos ticket for service @ hostname.
-**	If authenp is non-NULL, also return encrypted authenticator,
-**	whose data should be freed by caller.
-**	(Originally was: Create Kerberos AP_REQ message for SSL Client.)
-**
-**	19990628	VRS 	Started; Returns Kerberos AP_REQ message.
-**	20010409	VRS 	Modified for RFC2712; Returns enc tkt.
-**	20010606	VRS 	May also return optional authenticator.
-*/
-krb5_error_code
-kssl_cget_tkt(	/* UPDATE */	KSSL_CTX *kssl_ctx,
-                /* OUT    */	krb5_data **enc_ticketp,
-                /* UPDATE */	krb5_data *authenp,
-                /* OUT    */	KSSL_ERR *kssl_err)
-	{
-	krb5_error_code		krb5rc = KRB5KRB_ERR_GENERIC;
-	krb5_context		krb5context = NULL;
-	krb5_auth_context	krb5auth_context = NULL;
-	krb5_ccache 		krb5ccdef = NULL;
-	krb5_creds		krb5creds, *krb5credsp = NULL;
-	krb5_data		krb5_app_req;
-
-	kssl_err_set(kssl_err, 0, "");
-	memset((char *)&krb5creds, 0, sizeof(krb5creds));
-
-	if (!kssl_ctx)
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "No kssl_ctx defined.\n");
-		goto err;
-		}
-	else if (!kssl_ctx->service_host)
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "kssl_ctx service_host undefined.\n");
-		goto err;
-		}
-
-	if ((krb5rc = krb5_init_context(&krb5context)) != 0)
-                {
-		BIO_snprintf(kssl_err->text,KSSL_ERR_MAX,
-                        "krb5_init_context() fails: %d\n", krb5rc);
-		kssl_err->reason = SSL_R_KRB5_C_INIT;
-		goto err;
-		}
-
-	if ((krb5rc = krb5_sname_to_principal(krb5context,
-                kssl_ctx->service_host,
-                (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
-                KRB5_NT_SRV_HST, &krb5creds.server)) != 0)
-                {
-		BIO_snprintf(kssl_err->text,KSSL_ERR_MAX,
-                        "krb5_sname_to_principal() fails for %s/%s\n",
-                        kssl_ctx->service_host,
-                        (kssl_ctx->service_name)? kssl_ctx->service_name:
-						  KRB5SVC);
-		kssl_err->reason = SSL_R_KRB5_C_INIT;
-		goto err;
-		}
-
-	if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
-                        "krb5_cc_default fails.\n");
-		goto err;
-		}
-
-	if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
-                &krb5creds.client)) != 0)
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
-                        "krb5_cc_get_principal() fails.\n");
-		goto err;
-		}
-
-	if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
-                &krb5creds, &krb5credsp)) != 0)
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED,
-                        "krb5_get_credentials() fails.\n");
-		goto err;
-		}
-
-	*enc_ticketp = &krb5credsp->ticket;
-#ifdef KRB5_HEIMDAL
-	kssl_ctx->enctype = krb5credsp->session.keytype;
-#else
-	kssl_ctx->enctype = krb5credsp->keyblock.enctype;
-#endif
-
-	krb5rc = KRB5KRB_ERR_GENERIC;
-	/*	caller should free data of krb5_app_req  */
-	/*  20010406 VRS deleted for real KerberosWrapper
-	**  20010605 VRS reinstated to offer Authenticator to KerberosWrapper
-	*/
-	krb5_app_req.length = 0;
-	if (authenp)
-                {
-		krb5_data	krb5in_data;
-		const unsigned char	*p;
-		long		arlen;
-		KRB5_APREQBODY	*ap_req;
-
-		authenp->length = 0;
-		krb5in_data.data = NULL;
-		krb5in_data.length = 0;
-		if ((krb5rc = krb5_mk_req_extended(krb5context,
-			&krb5auth_context, 0, &krb5in_data, krb5credsp,
-			&krb5_app_req)) != 0)
-			{
-			kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ,
-				"krb5_mk_req_extended() fails.\n");
-			goto err;
-			}
-
-		arlen = krb5_app_req.length;
-		p = (unsigned char *)krb5_app_req.data;
-		ap_req = (KRB5_APREQBODY *) d2i_KRB5_APREQ(NULL, &p, arlen);
-		if (ap_req)
-			{
-			authenp->length = i2d_KRB5_ENCDATA(
-					ap_req->authenticator, NULL);
-			if (authenp->length  && 
-				(authenp->data = malloc(authenp->length)))
-				{
-				unsigned char	*adp = (unsigned char *)authenp->data;
-				authenp->length = i2d_KRB5_ENCDATA(
-						ap_req->authenticator, &adp);
-				}
-			}
-
-		if (ap_req)  KRB5_APREQ_free((KRB5_APREQ *) ap_req);
-		if (krb5_app_req.length)  
-                        kssl_krb5_free_data_contents(krb5context,&krb5_app_req);
-		}
-#ifdef KRB5_HEIMDAL
-	if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session))
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
-                        "kssl_ctx_setkey() fails.\n");
-		}
-#else
-	if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock))
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
-                        "kssl_ctx_setkey() fails.\n");
-		}
-#endif
-	else	krb5rc = 0;
-
- err:
-#ifdef KSSL_DEBUG
-	kssl_ctx_show(kssl_ctx);
-#endif	/* KSSL_DEBUG */
-
-	if (krb5creds.client)	krb5_free_principal(krb5context,
-							krb5creds.client);
-	if (krb5creds.server)	krb5_free_principal(krb5context,
-							krb5creds.server);
-	if (krb5auth_context)	krb5_auth_con_free(krb5context,
-							krb5auth_context);
-	if (krb5context)	krb5_free_context(krb5context);
-	return (krb5rc);
-	}
-
-
-/*  Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
-**  Return Kerberos error code and kssl_err struct on error.
-**  Allocates krb5_ticket and krb5_principal; caller should free these.
-**
-**	20010410	VRS	Implemented krb5_decode_ticket() as
-**				old_krb5_decode_ticket(). Missing from MIT1.0.6.
-**	20010615	VRS 	Re-cast as openssl/asn1 d2i_*() functions.
-**				Re-used some of the old krb5_decode_ticket()
-**				code here.  This tkt should alloc/free just
-**				like the real thing.
-*/
-static krb5_error_code
-kssl_TKT2tkt(	/* IN     */	krb5_context	krb5context,
-		/* IN     */	KRB5_TKTBODY	*asn1ticket,
-		/* OUT    */	krb5_ticket	**krb5ticket,
-		/* OUT    */	KSSL_ERR *kssl_err  )
-        {
-        krb5_error_code			krb5rc = KRB5KRB_ERR_GENERIC;
-	krb5_ticket 			*new5ticket = NULL;
-	ASN1_GENERALSTRING		*gstr_svc, *gstr_host;
-
-	*krb5ticket = NULL;
-
-	if (asn1ticket == NULL  ||  asn1ticket->realm == NULL  ||
-		asn1ticket->sname == NULL  || 
-		sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2)
-		{
-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-			"Null field in asn1ticket.\n");
-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-		return KRB5KRB_ERR_GENERIC;
-		}
-
-	if ((new5ticket = (krb5_ticket *) calloc(1, sizeof(krb5_ticket)))==NULL)
-		{
-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-			"Unable to allocate new krb5_ticket.\n");
-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-		return ENOMEM;		/*  or  KRB5KRB_ERR_GENERIC;	*/
-		}
-
-	gstr_svc  = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
-	gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);
-
-	if ((krb5rc = kssl_build_principal_2(krb5context,
-			&new5ticket->server,
-			asn1ticket->realm->length, (char *)asn1ticket->realm->data,
-			gstr_svc->length,  (char *)gstr_svc->data,
-			gstr_host->length, (char *)gstr_host->data)) != 0)
-		{
-		free(new5ticket);
-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-			"Error building ticket server principal.\n");
-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-		return krb5rc;		/*  or  KRB5KRB_ERR_GENERIC;	*/
-		}
-
-	krb5_princ_type(krb5context, new5ticket->server) =
-			asn1ticket->sname->nametype->data[0];
-	new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
-	new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];
-	new5ticket->enc_part.ciphertext.length =
-			asn1ticket->encdata->cipher->length;
-	if ((new5ticket->enc_part.ciphertext.data =
-		calloc(1, asn1ticket->encdata->cipher->length)) == NULL)
-		{
-		free(new5ticket);
-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-			"Error allocating cipher in krb5ticket.\n");
-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-		return KRB5KRB_ERR_GENERIC;
-		}
-	else
-		{
-		memcpy(new5ticket->enc_part.ciphertext.data,
-			asn1ticket->encdata->cipher->data,
-			asn1ticket->encdata->cipher->length);
-		}
-
-	*krb5ticket = new5ticket;
-	return 0;
-	}
-
-
-/*	Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
-**		and krb5 AP_REQ message & message length,
-**	Return Kerberos session key and client principle
-**		to SSL Server in KSSL_CTX *kssl_ctx.
-**
-**	19990702	VRS 	Started.
-*/
-krb5_error_code
-kssl_sget_tkt(	/* UPDATE */	KSSL_CTX		*kssl_ctx,
-		/* IN     */	krb5_data		*indata,
-		/* OUT    */	krb5_ticket_times	*ttimes,
-		/* OUT    */	KSSL_ERR		*kssl_err  )
-        {
-        krb5_error_code			krb5rc = KRB5KRB_ERR_GENERIC;
-        static krb5_context		krb5context = NULL;
-	static krb5_auth_context	krb5auth_context = NULL;
-	krb5_ticket 			*krb5ticket = NULL;
-	KRB5_TKTBODY 			*asn1ticket = NULL;
-	const unsigned char		*p;
-	krb5_keytab 			krb5keytab = NULL;
-	krb5_keytab_entry		kt_entry;
-	krb5_principal			krb5server;
-        krb5_rcache                     rcache = NULL;
-
-	kssl_err_set(kssl_err, 0, "");
-
-	if (!kssl_ctx)
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-			"No kssl_ctx defined.\n");
-		goto err;
-		}
-
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
-#endif	/* KSSL_DEBUG */
-
-	if (!krb5context  &&  (krb5rc = krb5_init_context(&krb5context)))
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "krb5_init_context() fails.\n");
-		goto err;
-		}
-	if (krb5auth_context  &&
-		(krb5rc = krb5_auth_con_free(krb5context, krb5auth_context)))
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "krb5_auth_con_free() fails.\n");
-		goto err;
-		}
-	else  krb5auth_context = NULL;
-	if (!krb5auth_context  &&
-		(krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context)))
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "krb5_auth_con_init() fails.\n");
-		goto err;
-		}
-
- 
-	if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context,
-		&rcache)))
-		{
- 		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-			"krb5_auth_con_getrcache() fails.\n");
- 		goto err;
-		}
- 
-	if ((krb5rc = krb5_sname_to_principal(krb5context, NULL,
-                (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
-                KRB5_NT_SRV_HST, &krb5server)) != 0)
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "krb5_sname_to_principal() fails.\n");
-		goto err;
-		}
-
-	if (rcache == NULL) 
-                {
-                if ((krb5rc = krb5_get_server_rcache(krb5context,
-			krb5_princ_component(krb5context, krb5server, 0),
-			&rcache)))
-                        {
-		        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                                "krb5_get_server_rcache() fails.\n");
-                  	goto err;
-                        }
-                }
-
-        if ((krb5rc = krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache)))
-                {
-                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-			"krb5_auth_con_setrcache() fails.\n");
-                goto err;
-                }
-
-
-	/*	kssl_ctx->keytab_file == NULL ==> use Kerberos default
-	*/
-	if (kssl_ctx->keytab_file)
-		{
-		krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
-                        &krb5keytab);
-		if (krb5rc)
-			{
-			kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-				"krb5_kt_resolve() fails.\n");
-			goto err;
-			}
-		}
-	else
-		{
-                krb5rc = krb5_kt_default(krb5context,&krb5keytab);
-                if (krb5rc)
-			{
-			kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 
-				"krb5_kt_default() fails.\n");
-			goto err;
-			}
-		}
-
-	/*	Actual Kerberos5 krb5_recvauth() has initial conversation here
-	**	o	check KRB5_SENDAUTH_BADAUTHVERS
-	**		unless KRB5_RECVAUTH_SKIP_VERSION
-	**	o	check KRB5_SENDAUTH_BADAPPLVERS
-	**	o	send "0" msg if all OK
-	*/
-
-	/*  20010411 was using AP_REQ instead of true KerberosWrapper
-	**
-	**  if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context,
-	**			&krb5in_data, krb5server, krb5keytab,
-	**			&ap_option, &krb5ticket)) != 0)  { Error }
-	*/
-
-	p = (unsigned char *)indata->data;
-	if ((asn1ticket = (KRB5_TKTBODY *) d2i_KRB5_TICKET(NULL, &p,
-						(long) indata->length)) == NULL)
-		{
-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-			"d2i_KRB5_TICKET() ASN.1 decode failure.\n");
-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-		goto err;
-		}
-	
-	/* Was:  krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0) */
-	if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket,
-					kssl_err)) != 0)
-		{
-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-			"Error converting ASN.1 ticket to krb5_ticket.\n");
-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-		goto err;
-		}
-
-	if (! krb5_principal_compare(krb5context, krb5server,
-						  krb5ticket->server))  {
-		krb5rc = KRB5_PRINC_NOMATCH;
-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-			"server principal != ticket principal\n");
-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-		goto err;
-		}
-	if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
-			krb5ticket->server, krb5ticket->enc_part.kvno,
-			krb5ticket->enc_part.enctype, &kt_entry)) != 0)  {
-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-			"krb5_kt_get_entry() fails with %x.\n", krb5rc);
-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-		goto err;
-		}
-	if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key,
-			krb5ticket)) != 0)  {
-		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
-			"krb5_decrypt_tkt_part() failed.\n");
-		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
-		goto err;
-		}
-	else  {
-		krb5_kt_free_entry(krb5context, &kt_entry);
-#ifdef KSSL_DEBUG
-		{
-		int i; krb5_address **paddr = krb5ticket->enc_part2->caddrs;
-		fprintf(stderr,"Decrypted ticket fields:\n");
-		fprintf(stderr,"\tflags: %X, transit-type: %X",
-			krb5ticket->enc_part2->flags,
-			krb5ticket->enc_part2->transited.tr_type);
-		print_krb5_data("\ttransit-data: ",
-			&(krb5ticket->enc_part2->transited.tr_contents));
-		fprintf(stderr,"\tcaddrs: %p, authdata: %p\n",
-			krb5ticket->enc_part2->caddrs,
-			krb5ticket->enc_part2->authorization_data);
-		if (paddr)
-			{
-			fprintf(stderr,"\tcaddrs:\n");
-			for (i=0; paddr[i] != NULL; i++)
-				{
-				krb5_data d;
-				d.length=paddr[i]->length;
-				d.data=paddr[i]->contents;
-				print_krb5_data("\t\tIP: ", &d);
-				}
-			}
-		fprintf(stderr,"\tstart/auth/end times: %d / %d / %d\n",
-			krb5ticket->enc_part2->times.starttime,
-			krb5ticket->enc_part2->times.authtime,
-			krb5ticket->enc_part2->times.endtime);
-		}
-#endif	/* KSSL_DEBUG */
-		}
-
-	krb5rc = KRB5_NO_TKT_SUPPLIED;
-	if (!krb5ticket  ||	!krb5ticket->enc_part2  ||
-                !krb5ticket->enc_part2->client  ||
-                !krb5ticket->enc_part2->client->data  ||
-                !krb5ticket->enc_part2->session)
-                {
-                kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
-                        "bad ticket from krb5_rd_req.\n");
-		}
-	else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
-		 &krb5ticket->enc_part2->client->realm,
-		 krb5ticket->enc_part2->client->data,
-		 krb5ticket->enc_part2->client->length))
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
-                        "kssl_ctx_setprinc() fails.\n");
-		}
-	else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session))
-                {
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
-                        "kssl_ctx_setkey() fails.\n");
-		}
-	else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID)
-                {
-		krb5rc = KRB5KRB_AP_ERR_TKT_INVALID;
-                kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
-                        "invalid ticket from krb5_rd_req.\n");
-		}
-	else	krb5rc = 0;
-
-	kssl_ctx->enctype	= krb5ticket->enc_part.enctype;
-	ttimes->authtime	= krb5ticket->enc_part2->times.authtime;
-	ttimes->starttime	= krb5ticket->enc_part2->times.starttime;
-	ttimes->endtime 	= krb5ticket->enc_part2->times.endtime;
-	ttimes->renew_till	= krb5ticket->enc_part2->times.renew_till;
-
- err:
-#ifdef KSSL_DEBUG
-	kssl_ctx_show(kssl_ctx);
-#endif	/* KSSL_DEBUG */
-
-	if (asn1ticket) 	KRB5_TICKET_free((KRB5_TICKET *) asn1ticket);
-        if (krb5keytab)         krb5_kt_close(krb5context, krb5keytab);
-	if (krb5ticket) 	krb5_free_ticket(krb5context, krb5ticket);
-	if (krb5server) 	krb5_free_principal(krb5context, krb5server);
-	return (krb5rc);
-        }
-
-
-/*	Allocate & return a new kssl_ctx struct.
-*/
-KSSL_CTX	*
-kssl_ctx_new(void)
-        {
-	return ((KSSL_CTX *) kssl_calloc(1, sizeof(KSSL_CTX)));
-        }
-
-
-/*	Frees a kssl_ctx struct and any allocated memory it holds.
-**	Returns NULL.
-*/
-KSSL_CTX	*
-kssl_ctx_free(KSSL_CTX *kssl_ctx)
-        {
-	if (kssl_ctx == NULL)  return kssl_ctx;
-
-	if (kssl_ctx->key)  		OPENSSL_cleanse(kssl_ctx->key,
-							      kssl_ctx->length);
-	if (kssl_ctx->key)  		kssl_free(kssl_ctx->key);
-	if (kssl_ctx->client_princ) 	kssl_free(kssl_ctx->client_princ);
-	if (kssl_ctx->service_host) 	kssl_free(kssl_ctx->service_host);
-	if (kssl_ctx->service_name) 	kssl_free(kssl_ctx->service_name);
-	if (kssl_ctx->keytab_file) 	kssl_free(kssl_ctx->keytab_file);
-
-	kssl_free(kssl_ctx);
-	return (KSSL_CTX *) NULL;
-        }
-
-
-/*	Given an array of (krb5_data *) entity (and optional realm),
-**	set the plain (char *) client_princ or service_host member
-**	of the kssl_ctx struct.
-*/
-krb5_error_code
-kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-        krb5_data *realm, krb5_data *entity, int nentities)
-        {
-	char	**princ;
-	int 	length;
-	int i;
-
-	if (kssl_ctx == NULL  ||  entity == NULL)  return KSSL_CTX_ERR;
-
-	switch (which)
-                {
-        case KSSL_CLIENT:	princ = &kssl_ctx->client_princ;	break;
-        case KSSL_SERVER:	princ = &kssl_ctx->service_host;	break;
-        default:		return KSSL_CTX_ERR;			break;
-		}
-	if (*princ)  kssl_free(*princ);
-
-	/* Add up all the entity->lengths */
-	length = 0;
-	for (i=0; i < nentities; i++)
-		{
-		length += entity[i].length;
-		}
-	/* Add in space for the '/' character(s) (if any) */
-	length += nentities-1;
-	/* Space for the ('@'+realm+NULL | NULL) */
-	length += ((realm)? realm->length + 2: 1);
-
-	if ((*princ = kssl_calloc(1, length)) == NULL)
-		return KSSL_CTX_ERR;
-	else
-		{
-		for (i = 0; i < nentities; i++)
-			{
-			strncat(*princ, entity[i].data, entity[i].length);
-			if (i < nentities-1)
-				{
-				strcat (*princ, "/");
-				}
-			}
-		if (realm)
-                        {
-			strcat (*princ, "@");
-			(void) strncat(*princ, realm->data, realm->length);
-			}
-		}
-
-	return KSSL_CTX_OK;
-        }
-
-
-/*	Set one of the plain (char *) string members of the kssl_ctx struct.
-**	Default values should be:
-**		which == KSSL_SERVICE	=>	"khost" (KRB5SVC)
-**		which == KSSL_KEYTAB	=>	"/etc/krb5.keytab" (KRB5KEYTAB)
-*/
-krb5_error_code
-kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
-        {
-	char	**string;
-
-	if (!kssl_ctx)  return KSSL_CTX_ERR;
-
-	switch (which)
-                {
-        case KSSL_SERVICE:	string = &kssl_ctx->service_name;	break;
-        case KSSL_SERVER:	string = &kssl_ctx->service_host;	break;
-        case KSSL_CLIENT:	string = &kssl_ctx->client_princ;	break;
-        case KSSL_KEYTAB:	string = &kssl_ctx->keytab_file;	break;
-        default:		return KSSL_CTX_ERR;			break;
-		}
-	if (*string)  kssl_free(*string);
-
-	if (!text)
-                {
-		*string = '\0';
-		return KSSL_CTX_OK;
-		}
-
-	if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL)
-		return KSSL_CTX_ERR;
-	else
-		strcpy(*string, text);
-
-	return KSSL_CTX_OK;
-        }
-
-
-/*	Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx
-**	struct.  Clear kssl_ctx->key if Kerberos session key is NULL.
-*/
-krb5_error_code
-kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
-        {
-	int 		length;
-	krb5_enctype	enctype;
-	krb5_octet FAR	*contents = NULL;
-
-	if (!kssl_ctx)  return KSSL_CTX_ERR;
-
-	if (kssl_ctx->key)
-                {
-		OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
-		kssl_free(kssl_ctx->key);
-		}
-
-	if (session)
-                {
-
-#ifdef KRB5_HEIMDAL
-		length = session->keyvalue->length;
-		enctype = session->keytype;
-		contents = session->keyvalue->contents;
-#else
-		length = session->length;
-		enctype = session->enctype;
-		contents = session->contents;
-#endif
-		kssl_ctx->enctype = enctype;
-		kssl_ctx->length  = length;
-		}
-	else
-                {
-		kssl_ctx->enctype = ENCTYPE_UNKNOWN;
-		kssl_ctx->length  = 0;
-		return KSSL_CTX_OK;
-		}
-
-	if ((kssl_ctx->key =
-                (krb5_octet FAR *) kssl_calloc(1, kssl_ctx->length)) == NULL)
-                {
-		kssl_ctx->length  = 0;
-		return KSSL_CTX_ERR;
-		}
-	else
-		memcpy(kssl_ctx->key, contents, length);
-
-	return KSSL_CTX_OK;
-        }
-
-
-/*	Display contents of kssl_ctx struct
-*/
-void
-kssl_ctx_show(KSSL_CTX *kssl_ctx)
-        {
-	int 	i;
-
-	printf("kssl_ctx: ");
-	if (kssl_ctx == NULL)
-                {
-		printf("NULL\n");
-		return;
-		}
-	else
-		printf("%p\n", (void *)kssl_ctx);
-
-	printf("\tservice:\t%s\n",
-                (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL");
-	printf("\tclient:\t%s\n",
-                (kssl_ctx->client_princ)? kssl_ctx->client_princ: "NULL");
-	printf("\tserver:\t%s\n",
-                (kssl_ctx->service_host)? kssl_ctx->service_host: "NULL");
-	printf("\tkeytab:\t%s\n",
-                (kssl_ctx->keytab_file)? kssl_ctx->keytab_file: "NULL");
-	printf("\tkey [%d:%d]:\t",
-                kssl_ctx->enctype, kssl_ctx->length);
-
-	for (i=0; i < kssl_ctx->length  &&  kssl_ctx->key; i++)
-                {
-		printf("%02x", kssl_ctx->key[i]);
-		}
-	printf("\n");
-	return;
-        }
-
-    int 
-    kssl_keytab_is_available(KSSL_CTX *kssl_ctx)
-{
-    krb5_context		krb5context = NULL;
-    krb5_keytab 		krb5keytab = NULL;
-    krb5_keytab_entry           entry;
-    krb5_principal              princ = NULL;
-    krb5_error_code  		krb5rc = KRB5KRB_ERR_GENERIC;
-    int rc = 0;
-
-    if ((krb5rc = krb5_init_context(&krb5context)))
-        return(0);
-
-    /*	kssl_ctx->keytab_file == NULL ==> use Kerberos default
-    */
-    if (kssl_ctx->keytab_file)
-    {
-        krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
-                                  &krb5keytab);
-        if (krb5rc)
-            goto exit;
-    }
-    else
-    {
-        krb5rc = krb5_kt_default(krb5context,&krb5keytab);
-        if (krb5rc)
-            goto exit;
-    }
-
-    /* the host key we are looking for */
-    krb5rc = krb5_sname_to_principal(krb5context, NULL, 
-                                     kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,
-                                     KRB5_NT_SRV_HST, &princ);
-
-    if (krb5rc)
-	goto exit;
-
-    krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, 
-                                princ,
-                                0 /* IGNORE_VNO */,
-                                0 /* IGNORE_ENCTYPE */,
-                                &entry);
-    if ( krb5rc == KRB5_KT_NOTFOUND ) {
-        rc = 1;
-        goto exit;
-    } else if ( krb5rc )
-        goto exit;
-    
-    krb5_kt_free_entry(krb5context, &entry);
-    rc = 1;
-
-  exit:
-    if (krb5keytab)     krb5_kt_close(krb5context, krb5keytab);
-    if (princ)          krb5_free_principal(krb5context, princ);
-    if (krb5context)	krb5_free_context(krb5context);
-    return(rc);
-}
-
-int 
-kssl_tgt_is_available(KSSL_CTX *kssl_ctx)
-        {
-        krb5_error_code		krb5rc = KRB5KRB_ERR_GENERIC;
-        krb5_context		krb5context = NULL;
-        krb5_ccache 		krb5ccdef = NULL;
-        krb5_creds		krb5creds, *krb5credsp = NULL;
-        int                     rc = 0;
-
-        memset((char *)&krb5creds, 0, sizeof(krb5creds));
-
-        if (!kssl_ctx)
-            return(0);
-
-        if (!kssl_ctx->service_host)
-            return(0);
-
-        if ((krb5rc = krb5_init_context(&krb5context)) != 0)
-            goto err;
-
-        if ((krb5rc = krb5_sname_to_principal(krb5context,
-                                              kssl_ctx->service_host,
-                                              (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
-                                              KRB5_NT_SRV_HST, &krb5creds.server)) != 0)
-            goto err;
-
-        if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
-            goto err;
-
-        if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
-                                             &krb5creds.client)) != 0)
-            goto err;
-
-        if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
-                                            &krb5creds, &krb5credsp)) != 0)
-            goto err;
-
-        rc = 1;
-
-      err:
-#ifdef KSSL_DEBUG
-	kssl_ctx_show(kssl_ctx);
-#endif	/* KSSL_DEBUG */
-
-	if (krb5creds.client)	krb5_free_principal(krb5context, krb5creds.client);
-	if (krb5creds.server)	krb5_free_principal(krb5context, krb5creds.server);
-	if (krb5context)	krb5_free_context(krb5context);
-        return(rc);
-	}
-
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32)
-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
-	{
-#ifdef KRB5_HEIMDAL
-	data->length = 0;
-        if (data->data)
-            free(data->data);
-#elif defined(KRB5_MIT_OLD11)
-	if (data->data)  {
-		krb5_xfree(data->data);
-		data->data = 0;
-		}
-#else
-	krb5_free_data_contents(NULL, data);
-#endif
-	}
-#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
-
-
-/*  Given pointers to KerberosTime and struct tm structs, convert the
-**  KerberosTime string to struct tm.  Note that KerberosTime is a
-**  ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional
-**  seconds as defined in RFC 1510.
-**  Return pointer to the (partially) filled in struct tm on success,
-**  return NULL on failure.
-*/
-static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
-	{
-	char 		c, *p;
-
-	if (!k_tm)  return NULL;
-	if (gtime == NULL  ||  gtime->length < 14)  return NULL;
-	if (gtime->data == NULL)  return NULL;
-
-	p = (char *)&gtime->data[14];
-
-	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_sec  = atoi(p);      *(p+2) = c;
-	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_min  = atoi(p);      *(p+2) = c;
-	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_hour = atoi(p);      *(p+2) = c;
-	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_mday = atoi(p);      *(p+2) = c;
-	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_mon  = atoi(p)-1;    *(p+2) = c;
-	c = *p;	 *p = '\0';  p -= 4;  k_tm->tm_year = atoi(p)-1900; *(p+4) = c;
-
-	return k_tm;
-	}
-
-
-/*  Helper function for kssl_validate_times().
-**  We need context->clockskew, but krb5_context is an opaque struct.
-**  So we try to sneek the clockskew out through the replay cache.
-**	If that fails just return a likely default (300 seconds).
-*/
-static krb5_deltat get_rc_clockskew(krb5_context context)
-	{
-	krb5_rcache 	rc;
-	krb5_deltat 	clockskew;
-
-	if (krb5_rc_default(context, &rc))  return KSSL_CLOCKSKEW;
-	if (krb5_rc_initialize(context, rc, 0))  return KSSL_CLOCKSKEW;
-	if (krb5_rc_get_lifespan(context, rc, &clockskew))  {
-		clockskew = KSSL_CLOCKSKEW;
-		}
-	(void) krb5_rc_destroy(context, rc);
-	return clockskew;
-	}
-
-
-/*  kssl_validate_times() combines (and more importantly exposes)
-**  the MIT KRB5 internal function krb5_validate_times() and the
-**  in_clock_skew() macro.  The authenticator client time is checked
-**  to be within clockskew secs of the current time and the current
-**  time is checked to be within the ticket start and expire times.
-**  Either check may be omitted by supplying a NULL value.
-**  Returns 0 for valid times, SSL_R_KRB5* error codes otherwise.
-**  See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c
-**  20010420 VRS
-*/
-krb5_error_code  kssl_validate_times(	krb5_timestamp atime,
-					krb5_ticket_times *ttimes)
-	{
-	krb5_deltat 	skew;
-	krb5_timestamp	start, now;
-	krb5_error_code	rc;
-	krb5_context	context;
-
-	if ((rc = krb5_init_context(&context)))	 return SSL_R_KRB5_S_BAD_TICKET;
-	skew = get_rc_clockskew(context); 
-	if ((rc = krb5_timeofday(context,&now))) return SSL_R_KRB5_S_BAD_TICKET;
-	krb5_free_context(context);
-
-	if (atime  &&  labs(atime - now) >= skew)  return SSL_R_KRB5_S_TKT_SKEW;
-
-	if (! ttimes)  return 0;
-
-	start = (ttimes->starttime != 0)? ttimes->starttime: ttimes->authtime;
-	if (start - now > skew)  return SSL_R_KRB5_S_TKT_NYV;
-	if ((now - ttimes->endtime) > skew)  return SSL_R_KRB5_S_TKT_EXPIRED;
-
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"kssl_validate_times: %d |<-  | %d - %d | < %d  ->| %d\n",
-		start, atime, now, skew, ttimes->endtime);
-#endif	/* KSSL_DEBUG */
-
-	return 0;
-	}
-
-
-/*  Decode and decrypt given DER-encoded authenticator, then pass
-**  authenticator ctime back in *atimep (or 0 if time unavailable).
-**  Returns krb5_error_code and kssl_err on error.  A NULL 
-**  authenticator (authentp->length == 0) is not considered an error.
-**  Note that kssl_check_authent() makes use of the KRB5 session key;
-**  you must call kssl_sget_tkt() to get the key before calling this routine.
-*/
-krb5_error_code  kssl_check_authent(
-			/* IN     */	KSSL_CTX	*kssl_ctx,
-                        /* IN     */   	krb5_data	*authentp,
-			/* OUT    */	krb5_timestamp	*atimep,
-			/* OUT    */    KSSL_ERR	*kssl_err  )
-	{
-        krb5_error_code		krb5rc = 0;
-	KRB5_ENCDATA		*dec_authent = NULL;
-	KRB5_AUTHENTBODY	*auth = NULL;
-	krb5_enctype		enctype;
-	EVP_CIPHER_CTX		ciph_ctx;
-	const EVP_CIPHER	*enc = NULL;
-	unsigned char		iv[EVP_MAX_IV_LENGTH];
-	const unsigned char	*p;
-	unsigned char		*unenc_authent;
-	int 			outl, unencbufsize;
-	struct tm		tm_time, *tm_l, *tm_g;
-	time_t			now, tl, tg, tr, tz_offset;
-
-	EVP_CIPHER_CTX_init(&ciph_ctx);
-	*atimep = 0;
-	kssl_err_set(kssl_err, 0, "");
-
-#ifndef KRB5CHECKAUTH
-	authentp = NULL;
-#else
-#if	KRB5CHECKAUTH == 0
-	authentp = NULL;
-#endif
-#endif	/* KRB5CHECKAUTH */
-
-	if (authentp == NULL  ||  authentp->length == 0)  return 0;
-
-#ifdef KSSL_DEBUG
-        {
-        unsigned int ui;
-	fprintf(stderr,"kssl_check_authent: authenticator[%d]:\n",authentp->length);
-	p = authentp->data; 
-	for (ui=0; ui < authentp->length; ui++)  fprintf(stderr,"%02x ",p[ui]);
-	fprintf(stderr,"\n");
-        }
-#endif	/* KSSL_DEBUG */
-
-	unencbufsize = 2 * authentp->length;
-	if ((unenc_authent = calloc(1, unencbufsize)) == NULL)
-		{
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-			"Unable to allocate authenticator buffer.\n");
-		krb5rc = KRB5KRB_ERR_GENERIC;
-		goto err;
-		}
-
-	p = (unsigned char *)authentp->data;
-	if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p,
-					(long) authentp->length)) == NULL) 
-		{
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "Error decoding authenticator.\n");
-		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		goto err;
-		}
-
-	enctype = dec_authent->etype->data[0];	/* should = kssl_ctx->enctype */
-#if !defined(KRB5_MIT_OLD11)
-            switch ( enctype ) {
-            case ENCTYPE_DES3_CBC_SHA1:		/*    EVP_des_ede3_cbc();  */
-            case ENCTYPE_DES3_CBC_SHA:
-            case ENCTYPE_DES3_CBC_RAW:
-                krb5rc = 0;                     /* Skip, can't handle derived keys */
-                goto err;
-            }
-#endif
-	enc = kssl_map_enc(enctype);
-	memset(iv, 0, sizeof iv);       /* per RFC 1510 */
-
-	if (enc == NULL)
-		{
-		/*  Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1.
-		**  This enctype indicates the authenticator was encrypted
-		**  using key-usage derived keys which openssl cannot decrypt.
-		*/
-		goto err;
-		}
-
-        if (!EVP_CipherInit(&ciph_ctx,enc,kssl_ctx->key,iv,0))
-                {
-                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "EVP_CipherInit error decrypting authenticator.\n");
-                krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-                goto err;
-                }
-        outl = dec_authent->cipher->length;
-        if (!EVP_Cipher(&ciph_ctx,unenc_authent,dec_authent->cipher->data,outl))
-                {
-                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "EVP_Cipher error decrypting authenticator.\n");
-                krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-                goto err;
-                }
-        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-#ifdef KSSL_DEBUG
-	{
-	int padl;
-	fprintf(stderr,"kssl_check_authent: decrypted authenticator[%d] =\n", outl);
-	for (padl=0; padl < outl; padl++) fprintf(stderr,"%02x ",unenc_authent[padl]);
-	fprintf(stderr,"\n");
-	}
-#endif	/* KSSL_DEBUG */
-
-	if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL)
-		{
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "confounded by authenticator.\n");
-		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		goto err;
-		}
-	outl -= p - unenc_authent;
-
-	if ((auth = (KRB5_AUTHENTBODY *) d2i_KRB5_AUTHENT(NULL, &p,
-							  (long) outl))==NULL)
-		{
-		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
-                        "Error decoding authenticator body.\n");
-		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-		goto err;
-		}
-
-	memset(&tm_time,0,sizeof(struct tm));
-	if (k_gmtime(auth->ctime, &tm_time)  &&
-		((tr = mktime(&tm_time)) != (time_t)(-1)))
- 		{
- 		now  = time(&now);
- 		tm_l = localtime(&now); 	tl = mktime(tm_l);
- 		tm_g = gmtime(&now);		tg = mktime(tm_g);
- 		tz_offset = tg - tl;
-
-		*atimep = (krb5_timestamp)(tr - tz_offset);
- 		}
-
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"kssl_check_authent: returns %d for client time ", *atimep);
-	if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
-		fprintf(stderr,"%.*s\n", auth->ctime->length, auth->ctime->data);
-	else	fprintf(stderr,"NULL\n");
-#endif	/* KSSL_DEBUG */
-
- err:
-	if (auth)		KRB5_AUTHENT_free((KRB5_AUTHENT *) auth);
-	if (dec_authent)	KRB5_ENCDATA_free(dec_authent);
-	if (unenc_authent)	free(unenc_authent);
-	EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-	return krb5rc;
-	}
-
-
-/*  Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host),
-**  because I dont't know how to stub varargs.
-**  Returns krb5_error_code == ENOMEM on alloc error, otherwise
-**  passes back newly constructed principal, which should be freed by caller.
-*/
-krb5_error_code  kssl_build_principal_2(
-			/* UPDATE */	krb5_context	context,
-			/* OUT    */	krb5_principal	*princ,
-			/* IN     */	int rlen,  const char *realm,
-			/* IN	  */	int slen,  const char *svc,
-			/* IN	  */	int hlen,  const char *host)
-	{
-	krb5_data		*p_data = NULL;
-	krb5_principal		new_p = NULL;
-        char			*new_r = NULL;
-
-	if ((p_data = (krb5_data *) calloc(2, sizeof(krb5_data))) == NULL  ||
-	    (new_p = (krb5_principal) calloc(1, sizeof(krb5_principal_data)))
-			== NULL)  goto err;
-	new_p->length = 2;
-	new_p->data = p_data;
-
-	if ((new_r = calloc(1, rlen + 1)) == NULL)  goto err;
-	memcpy(new_r, realm, rlen);
-	krb5_princ_set_realm_length(context, new_p, rlen);
-	krb5_princ_set_realm_data(context, new_p, new_r);
-
-	if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL)  goto err;
-	memcpy(new_p->data[0].data, svc, slen);
-	new_p->data[0].length = slen;
-
-	if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL)  goto err;
-	memcpy(new_p->data[1].data, host, hlen);
-	new_p->data[1].length = hlen;
-	
-	krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN;
-	*princ = new_p;
-	return 0;
-
- err:
-	if (new_p  &&  new_p[0].data)	free(new_p[0].data);
-	if (new_p  &&  new_p[1].data)	free(new_p[1].data);
-	if (new_p)	free(new_p);
-	if (new_r)	free(new_r);
-	return ENOMEM;
-	}
-
-void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx)
-	{
-	s->kssl_ctx = kctx;
-	} 
-
-KSSL_CTX * SSL_get0_kssl_ctx(SSL *s)
-	{
-	return s->kssl_ctx;
-	}
-
-char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx)
-	{
-	if (kctx)
-		return kctx->client_princ;
-	return NULL;
-	}
-
-#else /* !OPENSSL_NO_KRB5 */
-
-#if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
-static void *dummy=&dummy;
-#endif
-
-#endif	/* !OPENSSL_NO_KRB5	*/
-
diff --git a/ssl/kssl.h b/ssl/kssl.h
deleted file mode 100644
index e4df843073..0000000000
--- a/ssl/kssl.h
+++ /dev/null
@@ -1,192 +0,0 @@
-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
-**	19990701	VRS 	Started.
-*/
-
-#ifndef	KSSL_H
-#define	KSSL_H
-
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_NO_KRB5
-
-#include <stdio.h>
-#include <ctype.h>
-#include <krb5.h>
-#ifdef OPENSSL_SYS_WIN32
-/* These can sometimes get redefined indirectly by krb5 header files
- * after they get undefed in ossl_typ.h
- */
-#undef X509_NAME
-#undef X509_EXTENSIONS
-#undef OCSP_REQUEST
-#undef OCSP_RESPONSE
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*
-**	Depending on which KRB5 implementation used, some types from
-**	the other may be missing.  Resolve that here and now
-*/
-#ifdef KRB5_HEIMDAL
-typedef unsigned char krb5_octet;
-#define FAR
-#else
-
-#ifndef FAR
-#define FAR
-#endif
-
-#endif
-
-/*	Uncomment this to debug kssl problems or
-**	to trace usage of the Kerberos session key
-**
-**	#define		KSSL_DEBUG
-*/
-
-#ifndef	KRB5SVC
-#define KRB5SVC	"host"
-#endif
-
-#ifndef	KRB5KEYTAB
-#define KRB5KEYTAB	"/etc/krb5.keytab"
-#endif
-
-#ifndef KRB5SENDAUTH
-#define KRB5SENDAUTH	1
-#endif
-
-#ifndef KRB5CHECKAUTH
-#define KRB5CHECKAUTH	1
-#endif
-
-#ifndef KSSL_CLOCKSKEW
-#define	KSSL_CLOCKSKEW	300;
-#endif
-
-#define	KSSL_ERR_MAX	255
-typedef struct kssl_err_st  {
-	int  reason;
-	char text[KSSL_ERR_MAX+1];
-	} KSSL_ERR;
-
-
-/*	Context for passing
-**		(1) Kerberos session key to SSL, and
-**		(2)	Config data between application and SSL lib
-*/
-typedef struct kssl_ctx_st
-        {
-                                /*	used by:    disposition:            */
-	char *service_name;	/*	C,S	    default ok (kssl)       */
-	char *service_host;	/*	C	    input, REQUIRED         */
-	char *client_princ;	/*	S	    output from krb5 ticket */
-	char *keytab_file;	/*      S	    NULL (/etc/krb5.keytab) */
-	char *cred_cache;	/*	C	    NULL (default)          */
-	krb5_enctype enctype;
-	int length;
-	krb5_octet FAR *key;
-	} KSSL_CTX;
-
-#define	KSSL_CLIENT 	1
-#define KSSL_SERVER 	2
-#define	KSSL_SERVICE	3
-#define	KSSL_KEYTAB 	4
-
-#define KSSL_CTX_OK 	0
-#define KSSL_CTX_ERR	1
-#define KSSL_NOMEM	2
-
-/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
-krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
-KSSL_CTX *kssl_ctx_new(void);
-KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
-void kssl_ctx_show(KSSL_CTX *kssl_ctx);
-krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-        krb5_data *realm, krb5_data *entity, int nentities);
-krb5_error_code	kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data **enc_tktp,
-        krb5_data *authenp, KSSL_ERR *kssl_err);
-krb5_error_code	kssl_sget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *indata,
-        krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
-krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
-void	kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
-krb5_error_code  kssl_build_principal_2(krb5_context context,
-			krb5_principal *princ, int rlen, const char *realm,
-			int slen, const char *svc, int hlen, const char *host);
-krb5_error_code  kssl_validate_times(krb5_timestamp atime,
-					krb5_ticket_times *ttimes);
-krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
-			            krb5_timestamp *atimep, KSSL_ERR *kssl_err);
-unsigned char	*kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
-
-void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
-KSSL_CTX * SSL_get0_kssl_ctx(SSL *s);
-char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif	/* OPENSSL_NO_KRB5	*/
-#endif	/* KSSL_H 	*/
diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h
deleted file mode 100644
index c039c91b4e..0000000000
--- a/ssl/kssl_lcl.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef	KSSL_LCL_H
-#define	KSSL_LCL_H
-
-#include <openssl/kssl.h>
-
-#ifndef OPENSSL_NO_KRB5
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Private (internal to OpenSSL) */
-void print_krb5_data(char *label, krb5_data *kdata);
-void print_krb5_authdata(char *label, krb5_authdata **adata);
-void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
-
-char *kstring(char *string);
-char *knumber(int len, krb5_octet *contents);
-
-const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
-
-int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
-int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
-
-#ifdef  __cplusplus
-}
-#endif
-#endif	/* OPENSSL_NO_KRB5	*/
-#endif	/* KSSL_LCL_H 	*/
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
deleted file mode 100644
index f02c275c7a..0000000000
--- a/ssl/s23_clnt.c
+++ /dev/null
@@ -1,815 +0,0 @@
-/* ssl/s23_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static const SSL_METHOD *ssl23_get_client_method(int ver);
-static int ssl23_client_hello(SSL *s);
-static int ssl23_get_server_hello(SSL *s);
-static const SSL_METHOD *ssl23_get_client_method(int ver)
-	{
-#ifndef OPENSSL_NO_SSL2
-	if (ver == SSL2_VERSION)
-		return(SSLv2_client_method());
-#endif
-#ifndef OPENSSL_NO_SSL3
-	if (ver == SSL3_VERSION)
-		return(SSLv3_client_method());
-#endif
-	if (ver == TLS1_VERSION)
-		return(TLSv1_client_method());
-	else if (ver == TLS1_1_VERSION)
-		return(TLSv1_1_client_method());
-	else if (ver == TLS1_2_VERSION)
-		return(TLSv1_2_client_method());
-	else
-		return(NULL);
-	}
-
-IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
-			ssl_undefined_function,
-			ssl23_connect,
-			ssl23_get_client_method)
-
-int ssl23_connect(SSL *s)
-	{
-	BUF_MEM *buf=NULL;
-	unsigned long Time=(unsigned long)time(NULL);
-	void (*cb)(const SSL *ssl,int type,int val)=NULL;
-	int ret= -1;
-	int new_state,state;
-
-	RAND_add(&Time,sizeof(Time),0);
-	ERR_clear_error();
-	clear_sys_error();
-
-	if (s->info_callback != NULL)
-		cb=s->info_callback;
-	else if (s->ctx->info_callback != NULL)
-		cb=s->ctx->info_callback;
-	
-	s->in_handshake++;
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
-
-	for (;;)
-		{
-		state=s->state;
-
-		switch(s->state)
-			{
-		case SSL_ST_BEFORE:
-		case SSL_ST_CONNECT:
-		case SSL_ST_BEFORE|SSL_ST_CONNECT:
-		case SSL_ST_OK|SSL_ST_CONNECT:
-
-			if (s->session != NULL)
-				{
-				SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
-				ret= -1;
-				goto end;
-				}
-			s->server=0;
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-			/* s->version=TLS1_VERSION; */
-			s->type=SSL_ST_CONNECT;
-
-			if (s->init_buf == NULL)
-				{
-				if ((buf=BUF_MEM_new()) == NULL)
-					{
-					ret= -1;
-					goto end;
-					}
-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
-					{
-					ret= -1;
-					goto end;
-					}
-				s->init_buf=buf;
-				buf=NULL;
-				}
-
-			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
-			ssl3_init_finished_mac(s);
-
-			s->state=SSL23_ST_CW_CLNT_HELLO_A;
-			s->ctx->stats.sess_connect++;
-			s->init_num=0;
-			break;
-
-		case SSL23_ST_CW_CLNT_HELLO_A:
-		case SSL23_ST_CW_CLNT_HELLO_B:
-
-			s->shutdown=0;
-			ret=ssl23_client_hello(s);
-			if (ret <= 0) goto end;
-			s->state=SSL23_ST_CR_SRVR_HELLO_A;
-			s->init_num=0;
-
-			break;
-
-		case SSL23_ST_CR_SRVR_HELLO_A:
-		case SSL23_ST_CR_SRVR_HELLO_B:
-			ret=ssl23_get_server_hello(s);
-			if (ret >= 0) cb=NULL;
-			goto end;
-			/* break; */
-
-		default:
-			SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
-			ret= -1;
-			goto end;
-			/* break; */
-			}
-
-		if (s->debug) { (void)BIO_flush(s->wbio); }
-
-		if ((cb != NULL) && (s->state != state))
-			{
-			new_state=s->state;
-			s->state=state;
-			cb(s,SSL_CB_CONNECT_LOOP,1);
-			s->state=new_state;
-			}
-		}
-end:
-	s->in_handshake--;
-	if (buf != NULL)
-		BUF_MEM_free(buf);
-	if (cb != NULL)
-		cb(s,SSL_CB_CONNECT_EXIT,ret);
-	return(ret);
-	}
-
-static int ssl23_no_ssl2_ciphers(SSL *s)
-	{
-	SSL_CIPHER *cipher;
-	STACK_OF(SSL_CIPHER) *ciphers;
-	int i;
-	ciphers = SSL_get_ciphers(s);
-	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)
-		{
-		cipher = sk_SSL_CIPHER_value(ciphers, i);
-		if (cipher->algorithm_ssl == SSL_SSLV2)
-			return 0;
-		}
-	return 1;
-	}
-
-/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
- * on failure, 1 on success. */
-int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
-	{
-	int send_time = 0;
-
-	if (len < 4)
-		return 0;
-	if (server)
-		send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
-	else
-		send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
-	if (send_time)
-		{
-		unsigned long Time = (unsigned long)time(NULL);
-		unsigned char *p = result;
-		l2n(Time, p);
-		return RAND_pseudo_bytes(p, len-4);
-		}
-	else
-		return RAND_pseudo_bytes(result, len);
-	}
-
-static int ssl23_client_hello(SSL *s)
-	{
-	unsigned char *buf;
-	unsigned char *p,*d;
-	int i,ch_len;
-	unsigned long l;
-	int ssl2_compat;
-	int version = 0, version_major, version_minor;
-#ifndef OPENSSL_NO_COMP
-	int j;
-	SSL_COMP *comp;
-#endif
-	int ret;
-	unsigned long mask, options = s->options;
-
-	ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1;
-
-	if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
-		ssl2_compat = 0;
-
-	/*
-	 * SSL_OP_NO_X disables all protocols above X *if* there are
-	 * some protocols below X enabled. This is required in order
-	 * to maintain "version capability" vector contiguous. So
-	 * that if application wants to disable TLS1.0 in favour of
-	 * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
-	 * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
-	 */
-	mask =	SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1
-#if !defined(OPENSSL_NO_SSL3)
-		|SSL_OP_NO_SSLv3
-#endif
-#if !defined(OPENSSL_NO_SSL2)
-		|(ssl2_compat?SSL_OP_NO_SSLv2:0)
-#endif
-		;
-#if !defined(OPENSSL_NO_TLS1_2_CLIENT)
-	version = TLS1_2_VERSION;
-
-	if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask)
-		version = TLS1_1_VERSION;
-#else
-	version = TLS1_1_VERSION;
-#endif
-	mask &= ~SSL_OP_NO_TLSv1_1;
-	if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask)
-		version = TLS1_VERSION;
-	mask &= ~SSL_OP_NO_TLSv1;
-#if !defined(OPENSSL_NO_SSL3)
-	if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask)
-		version = SSL3_VERSION;
-	mask &= ~SSL_OP_NO_SSLv3;
-#endif
-#if !defined(OPENSSL_NO_SSL2)
-	if ((options & SSL_OP_NO_SSLv3) && (options & mask) != mask)
-		version = SSL2_VERSION;
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-	if (version != SSL2_VERSION)
-		{
-		/* have to disable SSL 2.0 compatibility if we need TLS extensions */
-
-		if (s->tlsext_hostname != NULL)
-			ssl2_compat = 0;
-		if (s->tlsext_status_type != -1)
-			ssl2_compat = 0;
-#ifdef TLSEXT_TYPE_opaque_prf_input
-		if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL)
-			ssl2_compat = 0;
-#endif
-		}
-#endif
-
-	buf=(unsigned char *)s->init_buf->data;
-	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
-		{
-#if 0
-		/* don't reuse session-id's */
-		if (!ssl_get_new_session(s,0))
-			{
-			return(-1);
-			}
-#endif
-
-		p=s->s3->client_random;
-		if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
-			return -1;
-
-		if (version == TLS1_2_VERSION)
-			{
-			version_major = TLS1_2_VERSION_MAJOR;
-			version_minor = TLS1_2_VERSION_MINOR;
-			}
-		else if (version == TLS1_1_VERSION)
-			{
-			version_major = TLS1_1_VERSION_MAJOR;
-			version_minor = TLS1_1_VERSION_MINOR;
-			}
-		else if (version == TLS1_VERSION)
-			{
-			version_major = TLS1_VERSION_MAJOR;
-			version_minor = TLS1_VERSION_MINOR;
-			}
-#ifdef OPENSSL_FIPS
-		else if(FIPS_mode())
-			{
-			SSLerr(SSL_F_SSL23_CLIENT_HELLO,
-					SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-			return -1;
-			}
-#endif
-		else if (version == SSL3_VERSION)
-			{
-			version_major = SSL3_VERSION_MAJOR;
-			version_minor = SSL3_VERSION_MINOR;
-			}
-		else if (version == SSL2_VERSION)
-			{
-			version_major = SSL2_VERSION_MAJOR;
-			version_minor = SSL2_VERSION_MINOR;
-			}
-		else
-			{
-			SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
-			return(-1);
-			}
-
-		s->client_version = version;
-
-		if (ssl2_compat)
-			{
-			/* create SSL 2.0 compatible Client Hello */
-
-			/* two byte record header will be written last */
-			d = &(buf[2]);
-			p = d + 9; /* leave space for message type, version, individual length fields */
-
-			*(d++) = SSL2_MT_CLIENT_HELLO;
-			*(d++) = version_major;
-			*(d++) = version_minor;
-			
-			/* Ciphers supported */
-			i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
-			if (i == 0)
-				{
-				/* no ciphers */
-				SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
-				return -1;
-				}
-			s2n(i,d);
-			p+=i;
-			
-			/* put in the session-id length (zero since there is no reuse) */
-#if 0
-			s->session->session_id_length=0;
-#endif
-			s2n(0,d);
-
-			if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
-				ch_len=SSL2_CHALLENGE_LENGTH;
-			else
-				ch_len=SSL2_MAX_CHALLENGE_LENGTH;
-
-			/* write out sslv2 challenge */
-			/* Note that ch_len must be <= SSL3_RANDOM_SIZE (32),
-			   because it is one of SSL2_MAX_CHALLENGE_LENGTH (32)
-			   or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the
-			   check in for futurproofing */
-			if (SSL3_RANDOM_SIZE < ch_len)
-				i=SSL3_RANDOM_SIZE;
-			else
-				i=ch_len;
-			s2n(i,d);
-			memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
-			if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
-				return -1;
-
-			memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
-			p+=i;
-
-			i= p- &(buf[2]);
-			buf[0]=((i>>8)&0xff)|0x80;
-			buf[1]=(i&0xff);
-
-			/* number of bytes to write */
-			s->init_num=i+2;
-			s->init_off=0;
-
-			ssl3_finish_mac(s,&(buf[2]),i);
-			}
-		else
-			{
-			/* create Client Hello in SSL 3.0/TLS 1.0 format */
-
-			/* do the record header (5 bytes) and handshake message header (4 bytes) last */
-			d = p = &(buf[9]);
-			
-			*(p++) = version_major;
-			*(p++) = version_minor;
-
-			/* Random stuff */
-			memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
-			p += SSL3_RANDOM_SIZE;
-
-			/* Session ID (zero since there is no reuse) */
-			*(p++) = 0;
-
-			/* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
-			i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
-			if (i == 0)
-				{
-				SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
-				return -1;
-				}
-#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
-			/* Some servers hang if client hello > 256 bytes
-			 * as hack workaround chop number of supported ciphers
-			 * to keep it well below this if we use TLS v1.2
-			 */
-			if (TLS1_get_version(s) >= TLS1_2_VERSION
-				&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
-				i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
-#endif
-			s2n(i,p);
-			p+=i;
-
-			/* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
-			*(p++)=1;
-#else
-			if ((s->options & SSL_OP_NO_COMPRESSION)
-						|| !s->ctx->comp_methods)
-				j=0;
-			else
-				j=sk_SSL_COMP_num(s->ctx->comp_methods);
-			*(p++)=1+j;
-			for (i=0; i<j; i++)
-				{
-				comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
-				*(p++)=comp->id;
-				}
-#endif
-			*(p++)=0; /* Add the NULL method */
-
-#ifndef OPENSSL_NO_TLSEXT
-			/* TLS extensions*/
-			if (ssl_prepare_clienthello_tlsext(s) <= 0)
-				{
-				SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
-				return -1;
-				}
-			if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
-				{
-				SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
-				return -1;
-				}
-#endif
-			
-			l = p-d;
-
-			/* fill in 4-byte handshake header */
-			d=&(buf[5]);
-			*(d++)=SSL3_MT_CLIENT_HELLO;
-			l2n3(l,d);
-
-			l += 4;
-
-			if (l > SSL3_RT_MAX_PLAIN_LENGTH)
-				{
-				SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
-				return -1;
-				}
-			
-			/* fill in 5-byte record header */
-			d=buf;
-			*(d++) = SSL3_RT_HANDSHAKE;
-			*(d++) = version_major;
-			/* Some servers hang if we use long client hellos
-			 * and a record number > TLS 1.0.
-			 */
-			if (TLS1_get_client_version(s) > TLS1_VERSION)
-				*(d++) = 1;
-			else
-				*(d++) = version_minor;
-			s2n((int)l,d);
-
-			/* number of bytes to write */
-			s->init_num=p-buf;
-			s->init_off=0;
-
-			ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
-			}
-
-		s->state=SSL23_ST_CW_CLNT_HELLO_B;
-		s->init_off=0;
-		}
-
-	/* SSL3_ST_CW_CLNT_HELLO_B */
-	ret = ssl23_write_bytes(s);
-
-	if ((ret >= 2) && s->msg_callback)
-		{
-		/* Client Hello has been sent; tell msg_callback */
-
-		if (ssl2_compat)
-			s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
-		else
-			s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
-		}
-
-	return ret;
-	}
-
-static int ssl23_get_server_hello(SSL *s)
-	{
-	char buf[8];
-	unsigned char *p;
-	int i;
-	int n;
-
-	n=ssl23_read_bytes(s,7);
-
-	if (n != 7) return(n);
-	p=s->packet;
-
-	memcpy(buf,p,n);
-
-	if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
-		(p[5] == 0x00) && (p[6] == 0x02))
-		{
-#ifdef OPENSSL_NO_SSL2
-		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
-		goto err;
-#else
-		/* we are talking sslv2 */
-		/* we need to clean up the SSLv3 setup and put in the
-		 * sslv2 stuff. */
-		int ch_len;
-
-		if (s->options & SSL_OP_NO_SSLv2)
-			{
-			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
-			goto err;
-			}
-		if (s->s2 == NULL)
-			{
-			if (!ssl2_new(s))
-				goto err;
-			}
-		else
-			ssl2_clear(s);
-
-		if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
-			ch_len=SSL2_CHALLENGE_LENGTH;
-		else
-			ch_len=SSL2_MAX_CHALLENGE_LENGTH;
-
-		/* write out sslv2 challenge */
-		/* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), because
-		   it is one of SSL2_MAX_CHALLENGE_LENGTH (32) or
-		   SSL2_MAX_CHALLENGE_LENGTH (16), but leave the check in for
-		   futurproofing */
-		i=(SSL3_RANDOM_SIZE < ch_len)
-			?SSL3_RANDOM_SIZE:ch_len;
-		s->s2->challenge_length=i;
-		memcpy(s->s2->challenge,
-			&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
-
-		if (s->s3 != NULL) ssl3_free(s);
-
-		if (!BUF_MEM_grow_clean(s->init_buf,
-			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
-			{
-			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
-			goto err;
-			}
-
-		s->state=SSL2_ST_GET_SERVER_HELLO_A;
-		if (!(s->client_version == SSL2_VERSION))
-			/* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
-			s->s2->ssl2_rollback=1;
-
-		/* setup the 7 bytes we have read so we get them from
-		 * the sslv2 buffer */
-		s->rstate=SSL_ST_READ_HEADER;
-		s->packet_length=n;
-		s->packet= &(s->s2->rbuf[0]);
-		memcpy(s->packet,buf,n);
-		s->s2->rbuf_left=n;
-		s->s2->rbuf_offs=0;
-
-		/* we have already written one */
-		s->s2->write_sequence=1;
-
-		s->method=SSLv2_client_method();
-		s->handshake_func=s->method->ssl_connect;
-#endif
-		}
-	else if (p[1] == SSL3_VERSION_MAJOR &&
-	         p[2] <= TLS1_2_VERSION_MINOR &&
-	         ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
-	          (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
-		{
-		/* we have sslv3 or tls1 (server hello or alert) */
-
-#ifndef OPENSSL_NO_SSL3
-		if ((p[2] == SSL3_VERSION_MINOR) &&
-			!(s->options & SSL_OP_NO_SSLv3))
-			{
-#ifdef OPENSSL_FIPS
-			if(FIPS_mode())
-				{
-				SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
-					SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-				goto err;
-				}
-#endif
-			s->version=SSL3_VERSION;
-			s->method=SSLv3_client_method();
-			}
-		else
-#endif
-		if ((p[2] == TLS1_VERSION_MINOR) &&
-			!(s->options & SSL_OP_NO_TLSv1))
-			{
-			s->version=TLS1_VERSION;
-			s->method=TLSv1_client_method();
-			}
-		else if ((p[2] == TLS1_1_VERSION_MINOR) &&
-			!(s->options & SSL_OP_NO_TLSv1_1))
-			{
-			s->version=TLS1_1_VERSION;
-			s->method=TLSv1_1_client_method();
-			}
-		else if ((p[2] == TLS1_2_VERSION_MINOR) &&
-			!(s->options & SSL_OP_NO_TLSv1_2))
-			{
-			s->version=TLS1_2_VERSION;
-			s->method=TLSv1_2_client_method();
-			}
-		else
-			{
-			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
-			goto err;
-			}
-
-		/* ensure that TLS_MAX_VERSION is up-to-date */
-		OPENSSL_assert(s->version <= TLS_MAX_VERSION);
-
-		if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
-			{
-			/* fatal alert */
-
-			void (*cb)(const SSL *ssl,int type,int val)=NULL;
-			int j;
-
-			if (s->info_callback != NULL)
-				cb=s->info_callback;
-			else if (s->ctx->info_callback != NULL)
-				cb=s->ctx->info_callback;
- 
-			i=p[5];
-			if (cb != NULL)
-				{
-				j=(i<<8)|p[6];
-				cb(s,SSL_CB_READ_ALERT,j);
-				}
-			
-			if (s->msg_callback)
-				s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);
-
-			s->rwstate=SSL_NOTHING;
-			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
-			goto err;
-			}
-
-		if (!ssl_init_wbio_buffer(s,1)) goto err;
-
-		/* we are in this state */
-		s->state=SSL3_ST_CR_SRVR_HELLO_A;
-
-		/* put the 7 bytes we have read into the input buffer
-		 * for SSLv3 */
-		s->rstate=SSL_ST_READ_HEADER;
-		s->packet_length=n;
-		if (s->s3->rbuf.buf == NULL)
-			if (!ssl3_setup_read_buffer(s))
-				goto err;
-		s->packet= &(s->s3->rbuf.buf[0]);
-		memcpy(s->packet,buf,n);
-		s->s3->rbuf.left=n;
-		s->s3->rbuf.offset=0;
-
-		s->handshake_func=s->method->ssl_connect;
-		}
-	else
-		{
-		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
-		goto err;
-		}
-	s->init_num=0;
-
-	/* Since, if we are sending a ssl23 client hello, we are not
-	 * reusing a session-id */
-        if (!s->session_creation_enabled)
-		{
-		if (!(s->client_version == SSL2_VERSION))
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-		goto err;
-		}
-	if (!ssl_get_new_session(s,0))
-		goto err;
-
-	return(SSL_connect(s));
-err:
-	return(-1);
-	}
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c
deleted file mode 100644
index f3c29d1dde..0000000000
--- a/ssl/s23_lib.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/* ssl/s23_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-long ssl23_default_timeout(void)
-	{
-	return(300);
-	}
-
-int ssl23_num_ciphers(void)
-	{
-	return(ssl3_num_ciphers()
-#ifndef OPENSSL_NO_SSL2
-	       + ssl2_num_ciphers()
-#endif
-	    );
-	}
-
-const SSL_CIPHER *ssl23_get_cipher(unsigned int u)
-	{
-	unsigned int uu=ssl3_num_ciphers();
-
-	if (u < uu)
-		return(ssl3_get_cipher(u));
-	else
-#ifndef OPENSSL_NO_SSL2
-		return(ssl2_get_cipher(u-uu));
-#else
-		return(NULL);
-#endif
-	}
-
-/* This function needs to check if the ciphers required are actually
- * available */
-const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
-	{
-	const SSL_CIPHER *cp;
-
-	cp=ssl3_get_cipher_by_char(p);
-#ifndef OPENSSL_NO_SSL2
-	if (cp == NULL)
-		cp=ssl2_get_cipher_by_char(p);
-#endif
-	return(cp);
-	}
-
-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
-	{
-	long l;
-
-	/* We can write SSLv2 and SSLv3 ciphers */
-	/* but no ECC ciphers */
-	if (c->algorithm_mkey == SSL_kECDHr ||
-		c->algorithm_mkey == SSL_kECDHe ||
-		c->algorithm_mkey == SSL_kEECDH ||
-		c->algorithm_auth == SSL_aECDH ||
-		c->algorithm_auth == SSL_aECDSA)
-		return 0;
-	if (p != NULL)
-		{
-		l=c->id;
-		p[0]=((unsigned char)(l>>16L))&0xFF;
-		p[1]=((unsigned char)(l>> 8L))&0xFF;
-		p[2]=((unsigned char)(l     ))&0xFF;
-		}
-	return(3);
-	}
-
-int ssl23_read(SSL *s, void *buf, int len)
-	{
-	int n;
-
-	clear_sys_error();
-	if (SSL_in_init(s) && (!s->in_handshake))
-		{
-		n=s->handshake_func(s);
-		if (n < 0) return(n);
-		if (n == 0)
-			{
-			SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
-			return(-1);
-			}
-		return(SSL_read(s,buf,len));
-		}
-	else
-		{
-		ssl_undefined_function(s);
-		return(-1);
-		}
-	}
-
-int ssl23_peek(SSL *s, void *buf, int len)
-	{
-	int n;
-
-	clear_sys_error();
-	if (SSL_in_init(s) && (!s->in_handshake))
-		{
-		n=s->handshake_func(s);
-		if (n < 0) return(n);
-		if (n == 0)
-			{
-			SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
-			return(-1);
-			}
-		return(SSL_peek(s,buf,len));
-		}
-	else
-		{
-		ssl_undefined_function(s);
-		return(-1);
-		}
-	}
-
-int ssl23_write(SSL *s, const void *buf, int len)
-	{
-	int n;
-
-	clear_sys_error();
-	if (SSL_in_init(s) && (!s->in_handshake))
-		{
-		n=s->handshake_func(s);
-		if (n < 0) return(n);
-		if (n == 0)
-			{
-			SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
-			return(-1);
-			}
-		return(SSL_write(s,buf,len));
-		}
-	else
-		{
-		ssl_undefined_function(s);
-		return(-1);
-		}
-	}
diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c
deleted file mode 100644
index 40eae0f0be..0000000000
--- a/ssl/s23_meth.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/* ssl/s23_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static const SSL_METHOD *ssl23_get_method(int ver);
-static const SSL_METHOD *ssl23_get_method(int ver)
-	{
-#ifndef OPENSSL_NO_SSL2
-	if (ver == SSL2_VERSION)
-		return(SSLv2_method());
-	else
-#endif
-#ifndef OPENSSL_NO_SSL3
-	if (ver == SSL3_VERSION)
-		return(SSLv3_method());
-	else
-#endif
-#ifndef OPENSSL_NO_TLS1
-	if (ver == TLS1_VERSION)
-		return(TLSv1_method());
-	else if (ver == TLS1_1_VERSION)
-		return(TLSv1_1_method());
-	else if (ver == TLS1_2_VERSION)
-		return(TLSv1_2_method());
-	else
-#endif
-		return(NULL);
-	}
-
-IMPLEMENT_ssl23_meth_func(SSLv23_method,
-			ssl23_accept,
-			ssl23_connect,
-			ssl23_get_method)
-
diff --git a/ssl/s23_pkt.c b/ssl/s23_pkt.c
deleted file mode 100644
index 4ca6a1b258..0000000000
--- a/ssl/s23_pkt.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/* ssl/s23_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-
-int ssl23_write_bytes(SSL *s)
-	{
-	int i,num,tot;
-	char *buf;
-
-	buf=s->init_buf->data;
-	tot=s->init_off;
-	num=s->init_num;
-	for (;;)
-		{
-		s->rwstate=SSL_WRITING;
-		i=BIO_write(s->wbio,&(buf[tot]),num);
-		if (i <= 0)
-			{
-			s->init_off=tot;
-			s->init_num=num;
-			return(i);
-			}
-		s->rwstate=SSL_NOTHING;
-		if (i == num) return(tot+i);
-
-		num-=i;
-		tot+=i;
-		}
-	}
-
-/* return regularly only when we have read (at least) 'n' bytes */
-int ssl23_read_bytes(SSL *s, int n)
-	{
-	unsigned char *p;
-	int j;
-
-	if (s->packet_length < (unsigned int)n)
-		{
-		p=s->packet;
-
-		for (;;)
-			{
-			s->rwstate=SSL_READING;
-			j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),
-				n-s->packet_length);
-			if (j <= 0)
-				return(j);
-			s->rwstate=SSL_NOTHING;
-			s->packet_length+=j;
-			if (s->packet_length >= (unsigned int)n)
-				return(s->packet_length);
-			}
-		}
-	return(n);
-	}
-
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
deleted file mode 100644
index 3178815ec9..0000000000
--- a/ssl/s23_srvr.c
+++ /dev/null
@@ -1,660 +0,0 @@
-/* ssl/s23_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-static const SSL_METHOD *ssl23_get_server_method(int ver);
-int ssl23_get_client_hello(SSL *s);
-static const SSL_METHOD *ssl23_get_server_method(int ver)
-	{
-#ifndef OPENSSL_NO_SSL2
-	if (ver == SSL2_VERSION)
-		return(SSLv2_server_method());
-#endif
-#ifndef OPENSSL_NO_SSL3
-	if (ver == SSL3_VERSION)
-		return(SSLv3_server_method());
-#endif
-	if (ver == TLS1_VERSION)
-		return(TLSv1_server_method());
-	else if (ver == TLS1_1_VERSION)
-		return(TLSv1_1_server_method());
-	else if (ver == TLS1_2_VERSION)
-		return(TLSv1_2_server_method());
-	else
-		return(NULL);
-	}
-
-IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
-			ssl23_accept,
-			ssl_undefined_function,
-			ssl23_get_server_method)
-
-int ssl23_accept(SSL *s)
-	{
-	BUF_MEM *buf;
-	unsigned long Time=(unsigned long)time(NULL);
-	void (*cb)(const SSL *ssl,int type,int val)=NULL;
-	int ret= -1;
-	int new_state,state;
-
-	RAND_add(&Time,sizeof(Time),0);
-	ERR_clear_error();
-	clear_sys_error();
-
-	if (s->info_callback != NULL)
-		cb=s->info_callback;
-	else if (s->ctx->info_callback != NULL)
-		cb=s->ctx->info_callback;
-	
-	s->in_handshake++;
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
-
-	for (;;)
-		{
-		state=s->state;
-
-		switch(s->state)
-			{
-		case SSL_ST_BEFORE:
-		case SSL_ST_ACCEPT:
-		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
-		case SSL_ST_OK|SSL_ST_ACCEPT:
-
-			s->server=1;
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-			/* s->version=SSL3_VERSION; */
-			s->type=SSL_ST_ACCEPT;
-
-			if (s->init_buf == NULL)
-				{
-				if ((buf=BUF_MEM_new()) == NULL)
-					{
-					ret= -1;
-					goto end;
-					}
-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
-					{
-					BUF_MEM_free(buf);
-					ret= -1;
-					goto end;
-					}
-				s->init_buf=buf;
-				}
-
-			ssl3_init_finished_mac(s);
-
-			s->state=SSL23_ST_SR_CLNT_HELLO_A;
-			s->ctx->stats.sess_accept++;
-			s->init_num=0;
-			break;
-
-		case SSL23_ST_SR_CLNT_HELLO_A:
-		case SSL23_ST_SR_CLNT_HELLO_B:
-
-			s->shutdown=0;
-			ret=ssl23_get_client_hello(s);
-			if (ret >= 0) cb=NULL;
-			goto end;
-			/* break; */
-
-		default:
-			SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
-			ret= -1;
-			goto end;
-			/* break; */
-			}
-
-		if ((cb != NULL) && (s->state != state))
-			{
-			new_state=s->state;
-			s->state=state;
-			cb(s,SSL_CB_ACCEPT_LOOP,1);
-			s->state=new_state;
-			}
-		}
-end:
-	s->in_handshake--;
-	if (cb != NULL)
-		cb(s,SSL_CB_ACCEPT_EXIT,ret);
-	return(ret);
-	}
-
-
-int ssl23_get_client_hello(SSL *s)
-	{
-	char buf_space[11]; /* Request this many bytes in initial read.
-	                     * We can detect SSL 3.0/TLS 1.0 Client Hellos
-	                     * ('type == 3') correctly only when the following
-	                     * is in a single record, which is not guaranteed by
-	                     * the protocol specification:
-	                     * Byte  Content
-	                     *  0     type            \
-	                     *  1/2   version          > record header
-	                     *  3/4   length          /
-	                     *  5     msg_type        \
-	                     *  6-8   length           > Client Hello message
-	                     *  9/10  client_version  /
-	                     */
-	char *buf= &(buf_space[0]);
-	unsigned char *p,*d,*d_len,*dd;
-	unsigned int i;
-	unsigned int csl,sil,cl;
-	int n=0,j;
-	int type=0;
-	int v[2];
-
-	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
-		{
-		/* read the initial header */
-		v[0]=v[1]=0;
-
-		if (!ssl3_setup_buffers(s)) goto err;
-
-		n=ssl23_read_bytes(s, sizeof buf_space);
-		if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
-
-		p=s->packet;
-
-		memcpy(buf,p,n);
-
-		if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
-			{
-			/*
-			 * SSLv2 header
-			 */
-			if ((p[3] == 0x00) && (p[4] == 0x02))
-				{
-				v[0]=p[3]; v[1]=p[4];
-				/* SSLv2 */
-				if (!(s->options & SSL_OP_NO_SSLv2))
-					type=1;
-				}
-			else if (p[3] == SSL3_VERSION_MAJOR)
-				{
-				v[0]=p[3]; v[1]=p[4];
-				/* SSLv3/TLSv1 */
-				if (p[4] >= TLS1_VERSION_MINOR)
-					{
-					if (p[4] >= TLS1_2_VERSION_MINOR &&
-					   !(s->options & SSL_OP_NO_TLSv1_2))
-						{
-						s->version=TLS1_2_VERSION;
-						s->state=SSL23_ST_SR_CLNT_HELLO_B;
-						}
-					else if (p[4] >= TLS1_1_VERSION_MINOR &&
-					   !(s->options & SSL_OP_NO_TLSv1_1))
-						{
-						s->version=TLS1_1_VERSION;
-						/* type=2; */ /* done later to survive restarts */
-						s->state=SSL23_ST_SR_CLNT_HELLO_B;
-						}
-					else if (!(s->options & SSL_OP_NO_TLSv1))
-						{
-						s->version=TLS1_VERSION;
-						/* type=2; */ /* done later to survive restarts */
-						s->state=SSL23_ST_SR_CLNT_HELLO_B;
-						}
-					else if (!(s->options & SSL_OP_NO_SSLv3))
-						{
-						s->version=SSL3_VERSION;
-						/* type=2; */
-						s->state=SSL23_ST_SR_CLNT_HELLO_B;
-						}
-					else if (!(s->options & SSL_OP_NO_SSLv2))
-						{
-						type=1;
-						}
-					}
-				else if (!(s->options & SSL_OP_NO_SSLv3))
-					{
-					s->version=SSL3_VERSION;
-					/* type=2; */
-					s->state=SSL23_ST_SR_CLNT_HELLO_B;
-					}
-				else if (!(s->options & SSL_OP_NO_SSLv2))
-					type=1;
-
-				}
-			}
-		else if ((p[0] == SSL3_RT_HANDSHAKE) &&
-			 (p[1] == SSL3_VERSION_MAJOR) &&
-			 (p[5] == SSL3_MT_CLIENT_HELLO) &&
-			 ((p[3] == 0 && p[4] < 5 /* silly record length? */)
-				|| (p[9] >= p[1])))
-			{
-			/*
-			 * SSLv3 or tls1 header
-			 */
-			
-			v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
-			/* We must look at client_version inside the Client Hello message
-			 * to get the correct minor version.
-			 * However if we have only a pathologically small fragment of the
-			 * Client Hello message, this would be difficult, and we'd have
-			 * to read more records to find out.
-			 * No known SSL 3.0 client fragments ClientHello like this,
-			 * so we simply reject such connections to avoid
-			 * protocol version downgrade attacks. */
-			if (p[3] == 0 && p[4] < 6)
-				{
-				SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
-				goto err;
-				}
-			/* if major version number > 3 set minor to a value
-			 * which will use the highest version 3 we support.
-			 * If TLS 2.0 ever appears we will need to revise
-			 * this....
-			 */
-			if (p[9] > SSL3_VERSION_MAJOR)
-				v[1]=0xff;
-			else
-				v[1]=p[10]; /* minor version according to client_version */
-			if (v[1] >= TLS1_VERSION_MINOR)
-				{
-				if (v[1] >= TLS1_2_VERSION_MINOR &&
-					!(s->options & SSL_OP_NO_TLSv1_2))
-					{
-					s->version=TLS1_2_VERSION;
-					type=3;
-					}
-				else if (v[1] >= TLS1_1_VERSION_MINOR &&
-					!(s->options & SSL_OP_NO_TLSv1_1))
-					{
-					s->version=TLS1_1_VERSION;
-					type=3;
-					}
-				else if (!(s->options & SSL_OP_NO_TLSv1))
-					{
-					s->version=TLS1_VERSION;
-					type=3;
-					}
-				else if (!(s->options & SSL_OP_NO_SSLv3))
-					{
-					s->version=SSL3_VERSION;
-					type=3;
-					}
-				}
-			else
-				{
-				/* client requests SSL 3.0 */
-				if (!(s->options & SSL_OP_NO_SSLv3))
-					{
-					s->version=SSL3_VERSION;
-					type=3;
-					}
-				else if (!(s->options & SSL_OP_NO_TLSv1))
-					{
-					/* we won't be able to use TLS of course,
-					 * but this will send an appropriate alert */
-					s->version=TLS1_VERSION;
-					type=3;
-					}
-				}
-			}
-		else if ((strncmp("GET ", (char *)p,4) == 0) ||
-			 (strncmp("POST ",(char *)p,5) == 0) ||
-			 (strncmp("HEAD ",(char *)p,5) == 0) ||
-			 (strncmp("PUT ", (char *)p,4) == 0))
-			{
-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
-			goto err;
-			}
-		else if (strncmp("CONNECT",(char *)p,7) == 0)
-			{
-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
-			goto err;
-			}
-		}
-
-	/* ensure that TLS_MAX_VERSION is up-to-date */
-	OPENSSL_assert(s->version <= TLS_MAX_VERSION);
-
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && (s->version < TLS1_VERSION))
-		{
-		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
-					SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-		goto err;
-		}
-#endif
-
-	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
-		{
-		/* we have SSLv3/TLSv1 in an SSLv2 header
-		 * (other cases skip this state) */
-
-		type=2;
-		p=s->packet;
-		v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
-		v[1] = p[4];
-
-		/* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
-		 * header is sent directly on the wire, not wrapped as a TLS
-		 * record. It's format is:
-		 * Byte  Content
-		 * 0-1   msg_length
-		 * 2     msg_type
-		 * 3-4   version
-		 * 5-6   cipher_spec_length
-		 * 7-8   session_id_length
-		 * 9-10  challenge_length
-		 * ...   ...
-		 */
-		n=((p[0]&0x7f)<<8)|p[1];
-		if (n > (1024*4))
-			{
-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
-			goto err;
-			}
-		if (n < 9)
-			{
-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
-			goto err;
-			}
-
-		j=ssl23_read_bytes(s,n+2);
-		/* We previously read 11 bytes, so if j > 0, we must have
-		 * j == n+2 == s->packet_length. We have at least 11 valid
-		 * packet bytes. */
-		if (j <= 0) return(j);
-
-		ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
-		if (s->msg_callback)
-			s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
-
-		p=s->packet;
-		p+=5;
-		n2s(p,csl);
-		n2s(p,sil);
-		n2s(p,cl);
-		d=(unsigned char *)s->init_buf->data;
-		if ((csl+sil+cl+11) != s->packet_length) /* We can't have TLS extensions in SSL 2.0 format
-		                                          * Client Hello, can we? Error condition should be
-		                                          * '>' otherweise */
-			{
-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
-			goto err;
-			}
-
-		/* record header: msg_type ... */
-		*(d++) = SSL3_MT_CLIENT_HELLO;
-		/* ... and length (actual value will be written later) */
-		d_len = d;
-		d += 3;
-
-		/* client_version */
-		*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
-		*(d++) = v[1];
-
-		/* lets populate the random area */
-		/* get the challenge_length */
-		i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
-		memset(d,0,SSL3_RANDOM_SIZE);
-		memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
-		d+=SSL3_RANDOM_SIZE;
-
-		/* no session-id reuse */
-		*(d++)=0;
-
-		/* ciphers */
-		j=0;
-		dd=d;
-		d+=2;
-		for (i=0; i<csl; i+=3)
-			{
-			if (p[i] != 0) continue;
-			*(d++)=p[i+1];
-			*(d++)=p[i+2];
-			j+=2;
-			}
-		s2n(j,dd);
-
-		/* COMPRESSION */
-		*(d++)=1;
-		*(d++)=0;
-		
-#if 0
-                /* copy any remaining data with may be extensions */
-	        p = p+csl+sil+cl;
-		while (p <  s->packet+s->packet_length)
-			{
-			*(d++)=*(p++);
-			}
-#endif
-
-		i = (d-(unsigned char *)s->init_buf->data) - 4;
-		l2n3((long)i, d_len);
-
-		/* get the data reused from the init_buf */
-		s->s3->tmp.reuse_message=1;
-		s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
-		s->s3->tmp.message_size=i;
-		}
-
-	/* imaginary new state (for program structure): */
-	/* s->state = SSL23_SR_CLNT_HELLO_C */
-
-	if (type == 1)
-		{
-#ifdef OPENSSL_NO_SSL2
-		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
-		goto err;
-#else
-		/* we are talking sslv2 */
-		/* we need to clean up the SSLv3/TLSv1 setup and put in the
-		 * sslv2 stuff. */
-
-		if (s->s2 == NULL)
-			{
-			if (!ssl2_new(s))
-				goto err;
-			}
-		else
-			ssl2_clear(s);
-
-		if (s->s3 != NULL) ssl3_free(s);
-
-		if (!BUF_MEM_grow_clean(s->init_buf,
-			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
-			{
-			goto err;
-			}
-
-		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-		if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
-			s->s2->ssl2_rollback=0;
-		else
-			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
-			 * (SSL 3.0 draft/RFC 2246, App. E.2) */
-			s->s2->ssl2_rollback=1;
-
-		/* setup the n bytes we have read so we get them from
-		 * the sslv2 buffer */
-		s->rstate=SSL_ST_READ_HEADER;
-		s->packet_length=n;
-		s->packet= &(s->s2->rbuf[0]);
-		memcpy(s->packet,buf,n);
-		s->s2->rbuf_left=n;
-		s->s2->rbuf_offs=0;
-
-		s->method=SSLv2_server_method();
-		s->handshake_func=s->method->ssl_accept;
-#endif
-		}
-
-	if ((type == 2) || (type == 3))
-		{
-		/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
-		const SSL_METHOD *new_method;
-		new_method = ssl23_get_server_method(s->version);
-		if (new_method == NULL)
-			{
-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
-			goto err;
-			}
-		s->method = new_method;
-
-		if (!ssl_init_wbio_buffer(s,1)) goto err;
-
-		/* we are in this state */
-		s->state=SSL3_ST_SR_CLNT_HELLO_A;
-
-		if (type == 3)
-			{
-			/* put the 'n' bytes we have read into the input buffer
-			 * for SSLv3 */
-			s->rstate=SSL_ST_READ_HEADER;
-			s->packet_length=n;
-			if (s->s3->rbuf.buf == NULL)
-				if (!ssl3_setup_read_buffer(s))
-					goto err;
-
-			s->packet= &(s->s3->rbuf.buf[0]);
-			memcpy(s->packet,buf,n);
-			s->s3->rbuf.left=n;
-			s->s3->rbuf.offset=0;
-			}
-		else
-			{
-			s->packet_length=0;
-			s->s3->rbuf.left=0;
-			s->s3->rbuf.offset=0;
-			}
-#if 0 /* ssl3_get_client_hello does this */
-		s->client_version=(v[0]<<8)|v[1];
-#endif
-		s->handshake_func=s->method->ssl_accept;
-		}
-	
-	if ((type < 1) || (type > 3))
-		{
-		/* bad, very bad */
-		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
-		goto err;
-		}
-	s->init_num=0;
-
-	if (buf != buf_space) OPENSSL_free(buf);
-	return(SSL_accept(s));
-err:
-	if (buf != buf_space) OPENSSL_free(buf);
-	return(-1);
-	}
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
deleted file mode 100644
index 03b6cf9673..0000000000
--- a/ssl/s2_clnt.c
+++ /dev/null
@@ -1,1127 +0,0 @@
-/* ssl/s2_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <openssl/rand.h>
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static const SSL_METHOD *ssl2_get_client_method(int ver);
-static int get_server_finished(SSL *s);
-static int get_server_verify(SSL *s);
-static int get_server_hello(SSL *s);
-static int client_hello(SSL *s); 
-static int client_master_key(SSL *s);
-static int client_finished(SSL *s);
-static int client_certificate(SSL *s);
-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
-	unsigned char *to,int padding);
-#define BREAK	break
-
-static const SSL_METHOD *ssl2_get_client_method(int ver)
-	{
-	if (ver == SSL2_VERSION)
-		return(SSLv2_client_method());
-	else
-		return(NULL);
-	}
-
-IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
-			ssl_undefined_function,
-			ssl2_connect,
-			ssl2_get_client_method)
-
-int ssl2_connect(SSL *s)
-	{
-	unsigned long l=(unsigned long)time(NULL);
-	BUF_MEM *buf=NULL;
-	int ret= -1;
-	void (*cb)(const SSL *ssl,int type,int val)=NULL;
-	int new_state,state;
-
-	RAND_add(&l,sizeof(l),0);
-	ERR_clear_error();
-	clear_sys_error();
-
-	if (s->info_callback != NULL)
-		cb=s->info_callback;
-	else if (s->ctx->info_callback != NULL)
-		cb=s->ctx->info_callback;
-
-	/* init things to blank */
-	s->in_handshake++;
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
-	for (;;)
-		{
-		state=s->state;
-
-		switch (s->state)
-			{
-		case SSL_ST_BEFORE:
-		case SSL_ST_CONNECT:
-		case SSL_ST_BEFORE|SSL_ST_CONNECT:
-		case SSL_ST_OK|SSL_ST_CONNECT:
-
-			s->server=0;
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-			s->version=SSL2_VERSION;
-			s->type=SSL_ST_CONNECT;
-
-			buf=s->init_buf;
-			if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
-				{
-				ret= -1;
-				goto end;
-				}
-			if (!BUF_MEM_grow(buf,
-				SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
-				{
-				if (buf == s->init_buf)
-					buf=NULL;
-				ret= -1;
-				goto end;
-				}
-			s->init_buf=buf;
-			buf=NULL;
-			s->init_num=0;
-			s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
-			s->ctx->stats.sess_connect++;
-			s->handshake_func=ssl2_connect;
-			BREAK;
-
-		case SSL2_ST_SEND_CLIENT_HELLO_A:
-		case SSL2_ST_SEND_CLIENT_HELLO_B:
-			s->shutdown=0;
-			ret=client_hello(s);
-			if (ret <= 0) goto end;
-			s->init_num=0;
-			s->state=SSL2_ST_GET_SERVER_HELLO_A;
-			BREAK;
-		
-		case SSL2_ST_GET_SERVER_HELLO_A:
-		case SSL2_ST_GET_SERVER_HELLO_B:
-			ret=get_server_hello(s);
-			if (ret <= 0) goto end;
-			s->init_num=0;
-			if (!s->hit) /* new session */
-				{
-				s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A;
-				BREAK; 
-				}
-			else
-				{
-				s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
-				break;
-				}
-	
-		case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
-		case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
-			ret=client_master_key(s);
-			if (ret <= 0) goto end;
-			s->init_num=0;
-			s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
-			break;
-
-		case SSL2_ST_CLIENT_START_ENCRYPTION:
-			/* Ok, we now have all the stuff needed to
-			 * start encrypting, so lets fire it up :-) */
-			if (!ssl2_enc_init(s,1))
-				{
-				ret= -1;
-				goto end;
-				}
-			s->s2->clear_text=0;
-			s->state=SSL2_ST_SEND_CLIENT_FINISHED_A;
-			break;
-
-		case SSL2_ST_SEND_CLIENT_FINISHED_A:
-		case SSL2_ST_SEND_CLIENT_FINISHED_B:
-			ret=client_finished(s);
-			if (ret <= 0) goto end;
-			s->init_num=0;
-			s->state=SSL2_ST_GET_SERVER_VERIFY_A;
-			break;
-
-		case SSL2_ST_GET_SERVER_VERIFY_A:
-		case SSL2_ST_GET_SERVER_VERIFY_B:
-			ret=get_server_verify(s);
-			if (ret <= 0) goto end;
-			s->init_num=0;
-			s->state=SSL2_ST_GET_SERVER_FINISHED_A;
-			break;
-
-		case SSL2_ST_GET_SERVER_FINISHED_A:
-		case SSL2_ST_GET_SERVER_FINISHED_B:
-			ret=get_server_finished(s);
-			if (ret <= 0) goto end;
-			break;
-
-		case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
-		case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
-		case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
-		case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
-		case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
-			ret=client_certificate(s);
-			if (ret <= 0) goto end;
-			s->init_num=0;
-			s->state=SSL2_ST_GET_SERVER_FINISHED_A;
-			break;
-
-		case SSL_ST_OK:
-			if (s->init_buf != NULL)
-				{
-				BUF_MEM_free(s->init_buf);
-				s->init_buf=NULL;
-				}
-			s->init_num=0;
-		/*	ERR_clear_error();*/
-
-			/* If we want to cache session-ids in the client
-			 * and we successfully add the session-id to the
-			 * cache, and there is a callback, then pass it out.
-			 * 26/11/96 - eay - only add if not a re-used session.
-			 */
-
-			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
-			if (s->hit) s->ctx->stats.sess_hit++;
-
-			ret=1;
-			/* s->server=0; */
-			s->ctx->stats.sess_connect_good++;
-
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
-			goto end;
-			/* break; */
-		default:
-			SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
-			return(-1);
-			/* break; */
-			}
-
-		if ((cb != NULL) && (s->state != state))
-			{
-			new_state=s->state;
-			s->state=state;
-			cb(s,SSL_CB_CONNECT_LOOP,1);
-			s->state=new_state;
-			}
-		}
-end:
-	s->in_handshake--;
-	if (buf != NULL)
-		BUF_MEM_free(buf);
-	if (cb != NULL) 
-		cb(s,SSL_CB_CONNECT_EXIT,ret);
-	return(ret);
-	}
-
-static int get_server_hello(SSL *s)
-	{
-	unsigned char *buf;
-	unsigned char *p;
-	int i,j;
-	unsigned long len;
-	STACK_OF(SSL_CIPHER) *sk=NULL,*cl, *prio, *allow;
-
-	buf=(unsigned char *)s->init_buf->data;
-	p=buf;
-	if (s->state == SSL2_ST_GET_SERVER_HELLO_A)
-		{
-		i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
-		if (i < (11-s->init_num)) 
-			return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
-		s->init_num = 11;
-
-		if (*(p++) != SSL2_MT_SERVER_HELLO)
-			{
-			if (p[-1] != SSL2_MT_ERROR)
-				{
-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-				SSLerr(SSL_F_GET_SERVER_HELLO,
-					SSL_R_READ_WRONG_PACKET_TYPE);
-				}
-			else
-				SSLerr(SSL_F_GET_SERVER_HELLO,
-					SSL_R_PEER_ERROR);
-			return(-1);
-			}
-#if 0
-		s->hit=(*(p++))?1:0;
-		/* Some [PPC?] compilers fail to increment p in above
-		   statement, e.g. one provided with Rhapsody 5.5, but
-		   most recent example XL C 11.1 for AIX, even without
-		   optimization flag... */
-#else
-		s->hit=(*p)?1:0; p++;
-#endif
-		s->s2->tmp.cert_type= *(p++);
-		n2s(p,i);
-		if (i < s->version) s->version=i;
-		n2s(p,i); s->s2->tmp.cert_length=i;
-		n2s(p,i); s->s2->tmp.csl=i;
-		n2s(p,i); s->s2->tmp.conn_id_length=i;
-		s->state=SSL2_ST_GET_SERVER_HELLO_B;
-		}
-
-	/* SSL2_ST_GET_SERVER_HELLO_B */
-	len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length;
-	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
-		{
-		SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG);
-		return -1;
-		}
-	j = (int)len - s->init_num;
-	i = ssl2_read(s,(char *)&(buf[s->init_num]),j);
-	if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, 0, buf, (size_t)len, s, s->msg_callback_arg); /* SERVER-HELLO */
-
-	/* things are looking good */
-
-	p = buf + 11;
-	if (s->hit)
-		{
-		if (s->s2->tmp.cert_length != 0) 
-			{
-			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);
-			return(-1);
-			}
-		if (s->s2->tmp.cert_type != 0)
-			{
-			if (!(s->options &
-				SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))
-				{
-				SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
-				return(-1);
-				}
-			}
-		if (s->s2->tmp.csl != 0)
-			{
-			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);
-			return(-1);
-			}
-		}
-	else
-		{
-#ifdef undef
-		/* very bad */
-		memset(s->session->session_id,0,
-			SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
-		s->session->session_id_length=0;
-		*/
-#endif
-
-		/* we need to do this in case we were trying to reuse a 
-		 * client session but others are already reusing it.
-		 * If this was a new 'blank' session ID, the session-id
-		 * length will still be 0 */
-		if (s->session->session_id_length > 0)
-			{
-			if (!ssl_get_new_session(s,0))
-				{
-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-				return(-1);
-				}
-			}
-
-		if (ssl2_set_certificate(s,s->s2->tmp.cert_type,
-			s->s2->tmp.cert_length,p) <= 0)
-			{
-			ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
-			return(-1);
-			}
-		p+=s->s2->tmp.cert_length;
-
-		if (s->s2->tmp.csl == 0)
-			{
-			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
-			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST);
-			return(-1);
-			}
-
-		/* We have just received a list of ciphers back from the
-		 * server.  We need to get the ones that match, then select
-		 * the one we want the most :-). */
-
-		/* load the ciphers */
-		sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl,
-					    &s->session->ciphers);
-		p+=s->s2->tmp.csl;
-		if (sk == NULL)
-			{
-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-			SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
-			return(-1);
-			}
-
-		(void)sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
-
-		/* get the array of ciphers we will accept */
-		cl=SSL_get_ciphers(s);
-		(void)sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp);
-
-		/*
-		 * If server preference flag set, choose the first
-		 * (highest priority) cipher the server sends, otherwise
-		 * client preference has priority.
-		 */
-		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
-		    {
-		    prio = sk;
-		    allow = cl;
-		    }
-		else
-		    {
-		    prio = cl;
-		    allow = sk;
-		    }
-		/* In theory we could have ciphers sent back that we
-		 * don't want to use but that does not matter since we
-		 * will check against the list we originally sent and
-		 * for performance reasons we should not bother to match
-		 * the two lists up just to check. */
-		for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
-			{
-			if (sk_SSL_CIPHER_find(allow,
-					     sk_SSL_CIPHER_value(prio,i)) >= 0)
-				break;
-			}
-
-		if (i >= sk_SSL_CIPHER_num(prio))
-			{
-			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
-			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);
-			return(-1);
-			}
-		s->session->cipher=sk_SSL_CIPHER_value(prio,i);
-
-
-		if (s->session->peer != NULL) /* can't happen*/
-			{
-			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-			SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-			return(-1);
-			}
-
-		s->session->peer = s->session->sess_cert->peer_key->x509;
-		/* peer_key->x509 has been set by ssl2_set_certificate. */
-		CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
-		}
-
-	if (s->session->sess_cert == NULL 
-      || s->session->peer != s->session->sess_cert->peer_key->x509)
-		/* can't happen */
-		{
-		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-		return(-1);
-		}
-		
-	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
-	if (s->s2->conn_id_length > sizeof s->s2->conn_id)
-		{
-		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
-		return -1;
-		}
-	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
-	return(1);
-	}
-
-static int client_hello(SSL *s)
-	{
-	unsigned char *buf;
-	unsigned char *p,*d;
-/*	CIPHER **cipher;*/
-	int i,n,j;
-
-	buf=(unsigned char *)s->init_buf->data;
-	if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A)
-		{
-		if ((s->session == NULL) ||
-			(s->session->ssl_version != s->version))
-			{
-			if (!ssl_get_new_session(s,0))
-				{
-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-				return(-1);
-				}
-			}
-		/* else use the pre-loaded session */
-
-		p=buf;					/* header */
-		d=p+9;					/* data section */
-		*(p++)=SSL2_MT_CLIENT_HELLO;		/* type */
-		s2n(SSL2_VERSION,p);			/* version */
-		n=j=0;
-
-		n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0);
-		d+=n;
-
-		if (n == 0)
-			{
-			SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
-			return(-1);
-			}
-
-		s2n(n,p);			/* cipher spec num bytes */
-
-		if ((s->session->session_id_length > 0) &&
-			(s->session->session_id_length <=
-			SSL2_MAX_SSL_SESSION_ID_LENGTH))
-			{
-			i=s->session->session_id_length;
-			s2n(i,p);		/* session id length */
-			memcpy(d,s->session->session_id,(unsigned int)i);
-			d+=i;
-			}
-		else
-			{
-			s2n(0,p);
-			}
-
-		s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
-		s2n(SSL2_CHALLENGE_LENGTH,p);		/* challenge length */
-		/*challenge id data*/
-		if (RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0)
-			return -1;
-		memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
-		d+=SSL2_CHALLENGE_LENGTH;
-
-		s->state=SSL2_ST_SEND_CLIENT_HELLO_B;
-		s->init_num=d-buf;
-		s->init_off=0;
-		}
-	/* SSL2_ST_SEND_CLIENT_HELLO_B */
-	return(ssl2_do_write(s));
-	}
-
-static int client_master_key(SSL *s)
-	{
-	unsigned char *buf;
-	unsigned char *p,*d;
-	int clear,enc,karg,i;
-	SSL_SESSION *sess;
-	const EVP_CIPHER *c;
-	const EVP_MD *md;
-
-	buf=(unsigned char *)s->init_buf->data;
-	if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
-		{
-
-		if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
-			{
-			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
-			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
-			return(-1);
-			}
-		sess=s->session;
-		p=buf;
-		d=p+10;
-		*(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */
-
-		i=ssl_put_cipher_by_char(s,sess->cipher,p);
-		p+=i;
-
-		/* make key_arg data */
-		i=EVP_CIPHER_iv_length(c);
-		sess->key_arg_length=i;
-		if (i > SSL_MAX_KEY_ARG_LENGTH)
-			{
-			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-			SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-			return -1;
-			}
-		if (i > 0)
-			if (RAND_pseudo_bytes(sess->key_arg,i) <= 0)
-				return -1;
-
-		/* make a master key */
-		i=EVP_CIPHER_key_length(c);
-		sess->master_key_length=i;
-		if (i > 0)
-			{
-			if (i > (int)sizeof(sess->master_key))
-				{
-				ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-				SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-				return -1;
-				}
-			if (RAND_bytes(sess->master_key,i) <= 0)
-				{
-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-				return(-1);
-				}
-			}
-
-		if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
-			enc=8;
-		else if (SSL_C_IS_EXPORT(sess->cipher))
-			enc=5;
-		else
-			enc=i;
-
-		if ((int)i < enc)
-			{
-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR);
-			return(-1);
-			}
-		clear=i-enc;
-		s2n(clear,p);
-		memcpy(d,sess->master_key,(unsigned int)clear);
-		d+=clear;
-
-		enc=ssl_rsa_public_encrypt(sess->sess_cert,enc,
-			&(sess->master_key[clear]),d,
-			(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
-		if (enc <= 0)
-			{
-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
-			return(-1);
-			}
-#ifdef PKCS1_CHECK
-		if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++;
-		if (s->options & SSL_OP_PKCS1_CHECK_2)
-			sess->master_key[clear]++;
-#endif
-		s2n(enc,p);
-		d+=enc;
-		karg=sess->key_arg_length;	
-		s2n(karg,p); /* key arg size */
-		if (karg > (int)sizeof(sess->key_arg))
-			{
-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-			SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-			return -1;
-			}
-		memcpy(d,sess->key_arg,(unsigned int)karg);
-		d+=karg;
-
-		s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B;
-		s->init_num=d-buf;
-		s->init_off=0;
-		}
-
-	/* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */
-	return(ssl2_do_write(s));
-	}
-
-static int client_finished(SSL *s)
-	{
-	unsigned char *p;
-
-	if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A)
-		{
-		p=(unsigned char *)s->init_buf->data;
-		*(p++)=SSL2_MT_CLIENT_FINISHED;
-		if (s->s2->conn_id_length > sizeof s->s2->conn_id)
-			{
-			SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
-			return -1;
-			}
-		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
-
-		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
-		s->init_num=s->s2->conn_id_length+1;
-		s->init_off=0;
-		}
-	return(ssl2_do_write(s));
-	}
-
-/* read the data and then respond */
-static int client_certificate(SSL *s)
-	{
-	unsigned char *buf;
-	unsigned char *p,*d;
-	int i;
-	unsigned int n;
-	int cert_ch_len;
-	unsigned char *cert_ch;
-
-	buf=(unsigned char *)s->init_buf->data;
-
-	/* We have a cert associated with the SSL, so attach it to
-	 * the session if it does not have one */
-
-	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
-		{
-		i=ssl2_read(s,(char *)&(buf[s->init_num]),
-			SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
-		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
-			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
-		s->init_num += i;
-		if (s->msg_callback)
-			s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* REQUEST-CERTIFICATE */
-
-		/* type=buf[0]; */
-		/* type eq x509 */
-		if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
-			{
-			ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
-			SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
-			return(-1);
-			}
-
-		if ((s->cert == NULL) ||
-			(s->cert->key->x509 == NULL) ||
-			(s->cert->key->privatekey == NULL))
-			{
-			s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE;
-			}
-		else
-			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
-		}
-
-	cert_ch = buf + 2;
-	cert_ch_len = s->init_num - 2;
-
-	if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
-		{
-		X509 *x509=NULL;
-		EVP_PKEY *pkey=NULL;
-
-		/* If we get an error we need to
-		 * ssl->rwstate=SSL_X509_LOOKUP;
-		 * return(error);
-		 * We should then be retried when things are ok and we
-		 * can get a cert or not */
-
-		i=0;
-		if (s->ctx->client_cert_cb != NULL)
-			{
-			i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
-			}
-
-		if (i < 0)
-			{
-			s->rwstate=SSL_X509_LOOKUP;
-			return(-1);
-			}
-		s->rwstate=SSL_NOTHING;
-
-		if ((i == 1) && (pkey != NULL) && (x509 != NULL))
-			{
-			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
-			if (	!SSL_use_certificate(s,x509) || 
-				!SSL_use_PrivateKey(s,pkey))
-				{
-				i=0;
-				}
-			X509_free(x509);
-			EVP_PKEY_free(pkey);
-			}
-		else if (i == 1)
-			{
-			if (x509 != NULL) X509_free(x509);
-			if (pkey != NULL) EVP_PKEY_free(pkey);
-			SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
-			i=0;
-			}
-
-		if (i == 0)
-			{
-			/* We have no client certificate to respond with
-			 * so send the correct error message back */
-			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B;
-			p=buf;
-			*(p++)=SSL2_MT_ERROR;
-			s2n(SSL2_PE_NO_CERTIFICATE,p);
-			s->init_off=0;
-			s->init_num=3;
-			/* Write is done at the end */
-			}
-		}
-
-	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B)
-		{
-		return(ssl2_do_write(s));
-		}
-
-	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C)
-		{
-		EVP_MD_CTX ctx;
-
-		/* ok, now we calculate the checksum
-		 * do it first so we can reuse buf :-) */
-		p=buf;
-		EVP_MD_CTX_init(&ctx);
-		EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL);
-		EVP_SignUpdate(&ctx,s->s2->key_material,
-			       s->s2->key_material_length);
-		EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
-		i=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
-		/* Don't update the signature if it fails - FIXME: probably should handle this better */
-		if(i > 0)
-			EVP_SignUpdate(&ctx,buf,(unsigned int)i);
-
-		p=buf;
-		d=p+6;
-		*(p++)=SSL2_MT_CLIENT_CERTIFICATE;
-		*(p++)=SSL2_CT_X509_CERTIFICATE;
-		n=i2d_X509(s->cert->key->x509,&d);
-		s2n(n,p);
-
-		if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey))
-			{
-			/* this is not good.  If things have failed it
-			 * means there so something wrong with the key.
-			 * We will continue with a 0 length signature
-			 */
-			}
-		EVP_MD_CTX_cleanup(&ctx);
-		s2n(n,p);
-		d+=n;
-
-		s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D;
-		s->init_num=d-buf;
-		s->init_off=0;
-		}
-	/* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */
-	return(ssl2_do_write(s));
-	}
-
-static int get_server_verify(SSL *s)
-	{
-	unsigned char *p;
-	int i, n, len;
-
-	p=(unsigned char *)s->init_buf->data;
-	if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
-		{
-		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
-		if (i < (1-s->init_num)) 
-			return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
-		s->init_num += i;
-
-		s->state= SSL2_ST_GET_SERVER_VERIFY_B;
-		if (*p != SSL2_MT_SERVER_VERIFY)
-			{
-			if (p[0] != SSL2_MT_ERROR)
-				{
-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-				SSLerr(SSL_F_GET_SERVER_VERIFY,
-					SSL_R_READ_WRONG_PACKET_TYPE);
-				}
-			else
-				{
-				SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_PEER_ERROR);
-				/* try to read the error message */
-				i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
-				return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
-				}
-			return(-1);
-			}
-		}
-	
-	p=(unsigned char *)s->init_buf->data;
-	len = 1 + s->s2->challenge_length;
-	n =  len - s->init_num;
-	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
-	if (i < n)
-		return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
-	p += 1;
-
-	if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
-		{
-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
-		return(-1);
-		}
-	return(1);
-	}
-
-static int get_server_finished(SSL *s)
-	{
-	unsigned char *buf;
-	unsigned char *p;
-	int i, n, len;
-
-	buf=(unsigned char *)s->init_buf->data;
-	p=buf;
-	if (s->state == SSL2_ST_GET_SERVER_FINISHED_A)
-		{
-		i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
-		if (i < (1-s->init_num))
-			return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
-		s->init_num += i;
-
-		if (*p == SSL2_MT_REQUEST_CERTIFICATE)
-			{
-			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
-			return(1);
-			}
-		else if (*p != SSL2_MT_SERVER_FINISHED)
-			{
-			if (p[0] != SSL2_MT_ERROR)
-				{
-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
-				}
-			else
-				{
-				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
-				/* try to read the error message */
-				i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
-				return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
-				}
-			return(-1);
-			}
-		s->state=SSL2_ST_GET_SERVER_FINISHED_B;
-		}
-
-	len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
-	n = len - s->init_num;
-	i = ssl2_read(s,(char *)&(buf[s->init_num]), n);
-	if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */
-		return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
-	s->init_num += i;
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* SERVER-FINISHED */
-
-	if (!s->hit) /* new session */
-		{
-		/* new session-id */
-		/* Make sure we were not trying to re-use an old SSL_SESSION
-		 * or bad things can happen */
-		/* ZZZZZZZZZZZZZ */
-		s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
-		memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH);
-		}
-	else
-		{
-		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
-			{
-			if ((s->session->session_id_length > sizeof s->session->session_id)
-			    || (0 != memcmp(buf + 1, s->session->session_id,
-			                    (unsigned int)s->session->session_id_length)))
-				{
-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
-				return(-1);
-				}
-			}
-		}
-	s->state = SSL_ST_OK;
-	return(1);
-	}
-
-/* loads in the certificate from the server */
-int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
-	{
-	STACK_OF(X509) *sk=NULL;
-	EVP_PKEY *pkey=NULL;
-	SESS_CERT *sc=NULL;
-	int i;
-	X509 *x509=NULL;
-	int ret=0;
-	
-	x509=d2i_X509(NULL,&data,(long)len);
-	if (x509 == NULL)
-		{
-		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB);
-		goto err;
-		}
-
-	if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509))
-		{
-		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	i=ssl_verify_cert_chain(s,sk);
-		
-	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
-		{
-		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
-		goto err;
-		}
-	ERR_clear_error(); /* but we keep s->verify_result */
-	s->session->verify_result = s->verify_result;
-
-	/* server's cert for this session */
-	sc=ssl_sess_cert_new();
-	if (sc == NULL)
-		{
-		ret= -1;
-		goto err;
-		}
-	if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
-	s->session->sess_cert=sc;
-
-	sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509;
-	sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
-
-	pkey=X509_get_pubkey(x509);
-	x509=NULL;
-	if (pkey == NULL)
-		{
-		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
-		goto err;
-		}
-	if (pkey->type != EVP_PKEY_RSA)
-		{
-		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA);
-		goto err;
-		}
-
-	if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE))
-		goto err;
-	ret=1;
-err:
-	sk_X509_free(sk);
-	X509_free(x509);
-	EVP_PKEY_free(pkey);
-	return(ret);
-	}
-
-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
-	     unsigned char *to, int padding)
-	{
-	EVP_PKEY *pkey=NULL;
-	int i= -1;
-
-	if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
-		((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL))
-		{
-		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY);
-		return(-1);
-		}
-	if (pkey->type != EVP_PKEY_RSA)
-		{
-		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
-		goto end;
-		}
-
-	/* we have the public key */
-	i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding);
-	if (i < 0)
-		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
-end:
-	EVP_PKEY_free(pkey);
-	return(i);
-	}
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
deleted file mode 100644
index a35968f63a..0000000000
--- a/ssl/s2_enc.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/* ssl/s2_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-
-int ssl2_enc_init(SSL *s, int client)
-	{
-	/* Max number of bytes needed */
-	EVP_CIPHER_CTX *rs,*ws;
-	const EVP_CIPHER *c;
-	const EVP_MD *md;
-	int num;
-
-	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
-		{
-		ssl2_return_error(s,SSL2_PE_NO_CIPHER);
-		SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
-		return(0);
-		}
-	ssl_replace_hash(&s->read_hash,md);
-	ssl_replace_hash(&s->write_hash,md);
-
-	if ((s->enc_read_ctx == NULL) &&
-		((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-		OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
-		goto err;
-
-	/* make sure it's intialized in case the malloc for enc_write_ctx fails
-	 * and we exit with an error */
-	rs= s->enc_read_ctx;
-	EVP_CIPHER_CTX_init(rs);
-
-	if ((s->enc_write_ctx == NULL) &&
-		((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-		OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
-		goto err;
-
-	ws= s->enc_write_ctx;
-	EVP_CIPHER_CTX_init(ws);
-
-	num=c->key_len;
-	s->s2->key_material_length=num*2;
-	OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
-
-	if (ssl2_generate_key_material(s) <= 0)
-		return 0;
-
-	OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg));
-	EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
-		s->session->key_arg);
-	EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
-		s->session->key_arg);
-	s->s2->read_key=  &(s->s2->key_material[(client)?0:num]);
-	s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
-	return(1);
-err:
-	SSLerr(SSL_F_SSL2_ENC_INIT,ERR_R_MALLOC_FAILURE);
-	return(0);
-	}
-
-/* read/writes from s->s2->mac_data using length for encrypt and 
- * decrypt.  It sets s->s2->padding and s->[rw]length
- * if we are encrypting
- * Returns 0 on error and 1 on success */
-int ssl2_enc(SSL *s, int send)
-	{
-	EVP_CIPHER_CTX *ds;
-	unsigned long l;
-	int bs;
-
-	if (send)
-		{
-		ds=s->enc_write_ctx;
-		l=s->s2->wlength;
-		}
-	else
-		{
-		ds=s->enc_read_ctx;
-		l=s->s2->rlength;
-		}
-
-	/* check for NULL cipher */
-	if (ds == NULL) return 1;
-
-
-	bs=ds->cipher->block_size;
-	/* This should be using (bs-1) and bs instead of 7 and 8, but
-	 * what the hell. */
-	if (bs == 8)
-		l=(l+7)/8*8;
-
-	if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1)
-		return 0;
-
-	return 1;
-	}
-
-void ssl2_mac(SSL *s, unsigned char *md, int send)
-	{
-	EVP_MD_CTX c;
-	unsigned char sequence[4],*p,*sec,*act;
-	unsigned long seq;
-	unsigned int len;
-
-	if (send)
-		{
-		seq=s->s2->write_sequence;
-		sec=s->s2->write_key;
-		len=s->s2->wact_data_length;
-		act=s->s2->wact_data;
-		}
-	else
-		{
-		seq=s->s2->read_sequence;
-		sec=s->s2->read_key;
-		len=s->s2->ract_data_length;
-		act=s->s2->ract_data;
-		}
-
-	p= &(sequence[0]);
-	l2n(seq,p);
-
-	/* There has to be a MAC algorithm. */
-	EVP_MD_CTX_init(&c);
-	EVP_MD_CTX_copy(&c, s->read_hash);
-	EVP_DigestUpdate(&c,sec,
-		EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
-	EVP_DigestUpdate(&c,act,len); 
-	/* the above line also does the pad data */
-	EVP_DigestUpdate(&c,sequence,4); 
-	EVP_DigestFinal_ex(&c,md,NULL);
-	EVP_MD_CTX_cleanup(&c);
-	}
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
deleted file mode 100644
index c63be3052b..0000000000
--- a/ssl/s2_lib.c
+++ /dev/null
@@ -1,558 +0,0 @@
-/* ssl/s2_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-
-const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
-
-#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
-
-/* list of available SSLv2 ciphers (sorted by id) */
-OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[]={
-#if 0
-/* NULL_WITH_MD5 v3 */
-	{
-	1,
-	SSL2_TXT_NULL_WITH_MD5,
-	SSL2_CK_NULL_WITH_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_eNULL,
-	SSL_MD5,
-	SSL_SSLV2,
-	SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
-	0,
-	0,
-	0,
-	},
-#endif
-
-/* RC4_128_WITH_MD5 */
-	{
-	1,
-	SSL2_TXT_RC4_128_WITH_MD5,
-	SSL2_CK_RC4_128_WITH_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_RC4,
-	SSL_MD5,
-	SSL_SSLV2,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	0,
-	128,
-	128,
-	},
-
-/* RC4_128_EXPORT40_WITH_MD5 */
-	{
-	1,
-	SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
-	SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_RC4,
-	SSL_MD5,
-	SSL_SSLV2,
-	SSL_EXPORT|SSL_EXP40,
-	SSL2_CF_5_BYTE_ENC,
-	40,
-	128,
-	},
-
-/* RC2_128_CBC_WITH_MD5 */
-	{
-	1,
-	SSL2_TXT_RC2_128_CBC_WITH_MD5,
-	SSL2_CK_RC2_128_CBC_WITH_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_RC2,
-	SSL_MD5,
-	SSL_SSLV2,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	0,
-	128,
-	128,
-	},
-
-/* RC2_128_CBC_EXPORT40_WITH_MD5 */
-	{
-	1,
-	SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
-	SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_RC2,
-	SSL_MD5,
-	SSL_SSLV2,
-	SSL_EXPORT|SSL_EXP40,
-	SSL2_CF_5_BYTE_ENC,
-	40,
-	128,
-	},
-
-#ifndef OPENSSL_NO_IDEA
-/* IDEA_128_CBC_WITH_MD5 */
-	{
-	1,
-	SSL2_TXT_IDEA_128_CBC_WITH_MD5,
-	SSL2_CK_IDEA_128_CBC_WITH_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_IDEA,
-	SSL_MD5,
-	SSL_SSLV2,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	0,
-	128,
-	128,
-	},
-#endif
-
-/* DES_64_CBC_WITH_MD5 */
-	{
-	1,
-	SSL2_TXT_DES_64_CBC_WITH_MD5,
-	SSL2_CK_DES_64_CBC_WITH_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_DES,
-	SSL_MD5,
-	SSL_SSLV2,
-	SSL_NOT_EXP|SSL_LOW,
-	0,
-	56,
-	56,
-	},
-
-/* DES_192_EDE3_CBC_WITH_MD5 */
-	{
-	1,
-	SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
-	SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_3DES,
-	SSL_MD5,
-	SSL_SSLV2,
-	SSL_NOT_EXP|SSL_HIGH,
-	0,
-	112,
-	168,
-	},
-
-#if 0
-/* RC4_64_WITH_MD5 */
-	{
-	1,
-	SSL2_TXT_RC4_64_WITH_MD5,
-	SSL2_CK_RC4_64_WITH_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_RC4,
-	SSL_MD5,
-	SSL_SSLV2,
-	SSL_NOT_EXP|SSL_LOW,
-	SSL2_CF_8_BYTE_ENC,
-	64,
-	64,
-	},
-#endif
-
-#if 0
-/* NULL SSLeay (testing) */
-	{	
-	0,
-	SSL2_TXT_NULL,
-	SSL2_CK_NULL,
-	0,
-	0,
-	0,
-	0,
-	SSL_SSLV2,
-	SSL_STRONG_NONE,
-	0,
-	0,
-	0,
-	},
-#endif
-
-/* end of list :-) */
-	};
-
-long ssl2_default_timeout(void)
-	{
-	return(300);
-	}
-
-int ssl2_num_ciphers(void)
-	{
-	return(SSL2_NUM_CIPHERS);
-	}
-
-const SSL_CIPHER *ssl2_get_cipher(unsigned int u)
-	{
-	if (u < SSL2_NUM_CIPHERS)
-		return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
-	else
-		return(NULL);
-	}
-
-int ssl2_pending(const SSL *s)
-	{
-	return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
-	}
-
-int ssl2_new(SSL *s)
-	{
-	SSL2_STATE *s2;
-
-	if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
-	memset(s2,0,sizeof *s2);
-
-#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
-#  error "assertion failed"
-#endif
-
-	if ((s2->rbuf=OPENSSL_malloc(
-		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
-	/* wbuf needs one byte more because when using two-byte headers,
-	 * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
-	if ((s2->wbuf=OPENSSL_malloc(
-		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
-	s->s2=s2;
-
-	ssl2_clear(s);
-	return(1);
-err:
-	if (s2 != NULL)
-		{
-		if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
-		if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
-		OPENSSL_free(s2);
-		}
-	return(0);
-	}
-
-void ssl2_free(SSL *s)
-	{
-	SSL2_STATE *s2;
-
-	if(s == NULL)
-	    return;
-
-	s2=s->s2;
-	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
-	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
-	OPENSSL_cleanse(s2,sizeof *s2);
-	OPENSSL_free(s2);
-	s->s2=NULL;
-	}
-
-void ssl2_clear(SSL *s)
-	{
-	SSL2_STATE *s2;
-	unsigned char *rbuf,*wbuf;
-
-	s2=s->s2;
-
-	rbuf=s2->rbuf;
-	wbuf=s2->wbuf;
-
-	memset(s2,0,sizeof *s2);
-
-	s2->rbuf=rbuf;
-	s2->wbuf=wbuf;
-	s2->clear_text=1;
-	s->packet=s2->rbuf;
-	s->version=SSL2_VERSION;
-	s->packet_length=0;
-	}
-
-long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
-	{
-	int ret=0;
-
-	switch(cmd)
-		{
-	case SSL_CTRL_GET_SESSION_REUSED:
-		ret=s->hit;
-		break;
-	case SSL_CTRL_CHECK_PROTO_VERSION:
-		return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg);
-	default:
-		break;
-		}
-	return(ret);
-	}
-
-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
-	{
-	return(0);
-	}
-
-long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
-	{
-	return(0);
-	}
-
-long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
-	{
-	return(0);
-	}
-
-/* This function needs to check if the ciphers required are actually
- * available */
-const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
-	{
-	SSL_CIPHER c;
-	const SSL_CIPHER *cp;
-	unsigned long id;
-
-	id=0x02000000L|((unsigned long)p[0]<<16L)|
-		((unsigned long)p[1]<<8L)|(unsigned long)p[2];
-	c.id=id;
-	cp = OBJ_bsearch_ssl_cipher_id(&c, ssl2_ciphers, SSL2_NUM_CIPHERS);
-	if ((cp == NULL) || (cp->valid == 0))
-		return NULL;
-	else
-		return cp;
-	}
-
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
-	{
-	long l;
-
-	if (p != NULL)
-		{
-		l=c->id;
-		if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) return(0);
-		p[0]=((unsigned char)(l>>16L))&0xFF;
-		p[1]=((unsigned char)(l>> 8L))&0xFF;
-		p[2]=((unsigned char)(l     ))&0xFF;
-		}
-	return(3);
-	}
-
-int ssl2_generate_key_material(SSL *s)
-	{
-	unsigned int i;
-	EVP_MD_CTX ctx;
-	unsigned char *km;
-	unsigned char c='0';
-	const EVP_MD *md5;
-	int md_size;
-
-	md5 = EVP_md5();
-
-#ifdef CHARSET_EBCDIC
-	c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
-				see SSLv2 docu */
-#endif
-	EVP_MD_CTX_init(&ctx);
-	km=s->s2->key_material;
-
- 	if (s->session->master_key_length < 0 ||
-			s->session->master_key_length > (int)sizeof(s->session->master_key))
- 		{
- 		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
- 		return 0;
- 		}
-	md_size = EVP_MD_size(md5);
-	if (md_size < 0)
-	    return 0;
-	for (i=0; i<s->s2->key_material_length; i += md_size)
-		{
-		if (((km - s->s2->key_material) + md_size) >
-				(int)sizeof(s->s2->key_material))
-			{
-			/* EVP_DigestFinal_ex() below would write beyond buffer */
-			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
-			return 0;
-			}
-
-		EVP_DigestInit_ex(&ctx, md5, NULL);
-
-		OPENSSL_assert(s->session->master_key_length >= 0
-		    && s->session->master_key_length
-		    < (int)sizeof(s->session->master_key));
-		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
-		EVP_DigestUpdate(&ctx,&c,1);
-		c++;
-		EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
-		EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
-		EVP_DigestFinal_ex(&ctx,km,NULL);
-		km += md_size;
-		}
-
-	EVP_MD_CTX_cleanup(&ctx);
-	return 1;
-	}
-
-void ssl2_return_error(SSL *s, int err)
-	{
-	if (!s->error)
-		{
-		s->error=3;
-		s->error_code=err;
-
-		ssl2_write_error(s);
-		}
-	}
-
-
-void ssl2_write_error(SSL *s)
-	{
-	unsigned char buf[3];
-	int i,error;
-
-	buf[0]=SSL2_MT_ERROR;
-	buf[1]=(s->error_code>>8)&0xff;
-	buf[2]=(s->error_code)&0xff;
-
-/*	state=s->rwstate;*/
-
-	error=s->error; /* number of bytes left to write */
-	s->error=0;
-	OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
-	i=ssl2_write(s,&(buf[3-error]),error);
-
-/*	if (i == error) s->rwstate=state; */
-
-	if (i < 0)
-		s->error=error;
-	else
-		{
-		s->error=error-i;
-
-		if (s->error == 0)
-			if (s->msg_callback)
-				s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
-		}
-	}
-
-int ssl2_shutdown(SSL *s)
-	{
-	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-	return(1);
-	}
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c
deleted file mode 100644
index f0e8ca593d..0000000000
--- a/ssl/s2_meth.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/* ssl/s2_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <openssl/objects.h>
-
-static const SSL_METHOD *ssl2_get_method(int ver);
-static const SSL_METHOD *ssl2_get_method(int ver)
-	{
-	if (ver == SSL2_VERSION)
-		return(SSLv2_method());
-	else
-		return(NULL);
-	}
-
-IMPLEMENT_ssl2_meth_func(SSLv2_method,
-			 ssl2_accept,
-			 ssl2_connect,
-			 ssl2_get_method)
-
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c
deleted file mode 100644
index acd61dc546..0000000000
--- a/ssl/s2_pkt.c
+++ /dev/null
@@ -1,748 +0,0 @@
-/* ssl/s2_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-
-static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
-static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
-static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
-static int ssl_mt_error(int n);
-
-
-/* SSL 2.0 imlementation for SSL_read/SSL_peek -
- * This routine will return 0 to len bytes, decrypted etc if required.
- */
-static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
-	{
-	int n;
-	unsigned char mac[MAX_MAC_SIZE];
-	unsigned char *p;
-	int i;
-	int mac_size;
-
- ssl2_read_again:
-	if (SSL_in_init(s) && !s->in_handshake)
-		{
-		n=s->handshake_func(s);
-		if (n < 0) return(n);
-		if (n == 0)
-			{
-			SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
-			return(-1);
-			}
-		}
-
-	clear_sys_error();
-	s->rwstate=SSL_NOTHING;
-	if (len <= 0) return(len);
-
-	if (s->s2->ract_data_length != 0) /* read from buffer */
-		{
-		if (len > s->s2->ract_data_length)
-			n=s->s2->ract_data_length;
-		else
-			n=len;
-
-		memcpy(buf,s->s2->ract_data,(unsigned int)n);
-		if (!peek)
-			{
-			s->s2->ract_data_length-=n;
-			s->s2->ract_data+=n;
-			if (s->s2->ract_data_length == 0)
-				s->rstate=SSL_ST_READ_HEADER;
-			}
-
-		return(n);
-		}
-
-	/* s->s2->ract_data_length == 0
-	 * 
-	 * Fill the buffer, then goto ssl2_read_again.
-	 */
-
-	if (s->rstate == SSL_ST_READ_HEADER)
-		{
-		if (s->first_packet)
-			{
-			n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
-			if (n <= 0) return(n); /* error or non-blocking */
-			s->first_packet=0;
-			p=s->packet;
-			if (!((p[0] & 0x80) && (
-				(p[2] == SSL2_MT_CLIENT_HELLO) ||
-				(p[2] == SSL2_MT_SERVER_HELLO))))
-				{
-				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
-				return(-1);
-				}
-			}
-		else
-			{
-			n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
-			if (n <= 0) return(n); /* error or non-blocking */
-			}
-		/* part read stuff */
-
-		s->rstate=SSL_ST_READ_BODY;
-		p=s->packet;
-		/* Do header */
-		/*s->s2->padding=0;*/
-		s->s2->escape=0;
-		s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]);
-		if ((p[0] & TWO_BYTE_BIT))		/* Two byte header? */
-			{
-			s->s2->three_byte_header=0;
-			s->s2->rlength&=TWO_BYTE_MASK;	
-			}
-		else
-			{
-			s->s2->three_byte_header=1;
-			s->s2->rlength&=THREE_BYTE_MASK;
-
-			/* security >s2->escape */
-			s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0;
-			}
-		}
-
-	if (s->rstate == SSL_ST_READ_BODY)
-		{
-		n=s->s2->rlength+2+s->s2->three_byte_header;
-		if (n > (int)s->packet_length)
-			{
-			n-=s->packet_length;
-			i=read_n(s,(unsigned int)n,(unsigned int)n,1);
-			if (i <= 0) return(i); /* ERROR */
-			}
-
-		p= &(s->packet[2]);
-		s->rstate=SSL_ST_READ_HEADER;
-		if (s->s2->three_byte_header)
-			s->s2->padding= *(p++);
-		else	s->s2->padding=0;
-
-		/* Data portion */
-		if (s->s2->clear_text)
-			{
-			mac_size = 0;
-			s->s2->mac_data=p;
-			s->s2->ract_data=p;
-			if (s->s2->padding)
-				{
-				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
-				return(-1);
-				}
-			}
-		else
-			{
-			mac_size=EVP_MD_CTX_size(s->read_hash);
-			if (mac_size < 0)
-				return -1;
-			OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
-			s->s2->mac_data=p;
-			s->s2->ract_data= &p[mac_size];
-			if (s->s2->padding + mac_size > s->s2->rlength)
-				{
-				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
-				return(-1);
-				}
-			}
-
-		s->s2->ract_data_length=s->s2->rlength;
-		/* added a check for length > max_size in case
-		 * encryption was not turned on yet due to an error */
-		if ((!s->s2->clear_text) &&
-			(s->s2->rlength >= (unsigned int)mac_size))
-			{
-			if(!ssl2_enc(s,0))
-				{
-				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_DECRYPTION_FAILED);
-				return(-1);
-				}
-			s->s2->ract_data_length-=mac_size;
-			ssl2_mac(s,mac,0);
-			s->s2->ract_data_length-=s->s2->padding;
-			if (	(CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) ||
-				(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
-				{
-				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
-				return(-1);
-				}
-			}
-		INC32(s->s2->read_sequence); /* expect next number */
-		/* s->s2->ract_data is now available for processing */
-
-		/* Possibly the packet that we just read had 0 actual data bytes.
-		 * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
-		 * In this case, returning 0 would be interpreted by the caller
-		 * as indicating EOF, so it's not a good idea.  Instead, we just
-		 * continue reading; thus ssl2_read_internal may have to process
-		 * multiple packets before it can return.
-		 *
-		 * [Note that using select() for blocking sockets *never* guarantees
-		 * that the next SSL_read will not block -- the available
-		 * data may contain incomplete packets, and except for SSL 2,
-		 * renegotiation can confuse things even more.] */
-
-		goto ssl2_read_again; /* This should really be
-		                       * "return ssl2_read(s,buf,len)",
-		                       * but that would allow for
-		                       * denial-of-service attacks if a
-		                       * C compiler is used that does not
-		                       * recognize end-recursion. */
-		}
-	else
-		{
-		SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
-			return(-1);
-		}
-	}
-
-int ssl2_read(SSL *s, void *buf, int len)
-	{
-	return ssl2_read_internal(s, buf, len, 0);
-	}
-
-int ssl2_peek(SSL *s, void *buf, int len)
-	{
-	return ssl2_read_internal(s, buf, len, 1);
-	}
-
-static int read_n(SSL *s, unsigned int n, unsigned int max,
-	     unsigned int extend)
-	{
-	int i,off,newb;
-
-	/* if there is stuff still in the buffer from a previous read,
-	 * and there is more than we want, take some. */
-	if (s->s2->rbuf_left >= (int)n)
-		{
-		if (extend)
-			s->packet_length+=n;
-		else
-			{
-			s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]);
-			s->packet_length=n;
-			}
-		s->s2->rbuf_left-=n;
-		s->s2->rbuf_offs+=n;
-		return(n);
-		}
-
-	if (!s->read_ahead) max=n;
-	if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2))
-		max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2;
-	
-
-	/* Else we want more than we have.
-	 * First, if there is some left or we want to extend */
-	off=0;
-	if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend))
-		{
-		newb=s->s2->rbuf_left;
-		if (extend)
-			{
-			off=s->packet_length;
-			if (s->packet != s->s2->rbuf)
-				memcpy(s->s2->rbuf,s->packet,
-					(unsigned int)newb+off);
-			}
-		else if (s->s2->rbuf_offs != 0)
-			{
-			memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]),
-				(unsigned int)newb);
-			s->s2->rbuf_offs=0;
-			}
-		s->s2->rbuf_left=0;
-		}
-	else
-		newb=0;
-
-	/* off is the offset to start writing too.
-	 * r->s2->rbuf_offs is the 'unread data', now 0. 
-	 * newb is the number of new bytes so far
-	 */
-	s->packet=s->s2->rbuf;
-	while (newb < (int)n)
-		{
-		clear_sys_error();
-		if (s->rbio != NULL)
-			{
-			s->rwstate=SSL_READING;
-			i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]),
-				max-newb);
-			}
-		else
-			{
-			SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET);
-			i= -1;
-			}
-#ifdef PKT_DEBUG
-		if (s->debug & 0x01) sleep(1);
-#endif
-		if (i <= 0)
-			{
-			s->s2->rbuf_left+=newb;
-			return(i);
-			}
-		newb+=i;
-		}
-
-	/* record unread data */
-	if (newb > (int)n)
-		{
-		s->s2->rbuf_offs=n+off;
-		s->s2->rbuf_left=newb-n;
-		}
-	else
-		{
-		s->s2->rbuf_offs=0;
-		s->s2->rbuf_left=0;
-		}
-	if (extend)
-		s->packet_length+=n;
-	else
-		s->packet_length=n;
-	s->rwstate=SSL_NOTHING;
-	return(n);
-	}
-
-int ssl2_write(SSL *s, const void *_buf, int len)
-	{
-	const unsigned char *buf=_buf;
-	unsigned int n,tot;
-	int i;
-
-	if (SSL_in_init(s) && !s->in_handshake)
-		{
-		i=s->handshake_func(s);
-		if (i < 0) return(i);
-		if (i == 0)
-			{
-			SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
-			return(-1);
-			}
-		}
-
-	if (s->error)
-		{
-		ssl2_write_error(s);
-		if (s->error)
-			return(-1);
-		}
-
-	clear_sys_error();
-	s->rwstate=SSL_NOTHING;
-	if (len <= 0) return(len);
-
-	tot=s->s2->wnum;
-	s->s2->wnum=0;
-
-	n=(len-tot);
-	for (;;)
-		{
-		i=n_do_ssl_write(s,&(buf[tot]),n);
-		if (i <= 0)
-			{
-			s->s2->wnum=tot;
-			return(i);
-			}
-		if ((i == (int)n) ||
-			(s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))
-			{
-			return(tot+i);
-			}
-		
-		n-=i;
-		tot+=i;
-		}
-	}
-
-static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
-	{
-	int i;
-
-	/* s->s2->wpend_len != 0 MUST be true. */
-
-	/* check that they have given us the same buffer to
-	 * write */
-	if ((s->s2->wpend_tot > (int)len) ||
-		((s->s2->wpend_buf != buf) &&
-		 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)))
-		{
-		SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
-		return(-1);
-		}
-
-	for (;;)
-		{
-		clear_sys_error();
-		if (s->wbio != NULL)
-			{
-			s->rwstate=SSL_WRITING;
-			i=BIO_write(s->wbio,
-				(char *)&(s->s2->write_ptr[s->s2->wpend_off]),
-				(unsigned int)s->s2->wpend_len);
-			}
-		else
-			{
-			SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET);
-			i= -1;
-			}
-#ifdef PKT_DEBUG
-		if (s->debug & 0x01) sleep(1);
-#endif
-		if (i == s->s2->wpend_len)
-			{
-			s->s2->wpend_len=0;
-			s->rwstate=SSL_NOTHING;
-			return(s->s2->wpend_ret);
-			}
-		else if (i <= 0)
-			return(i);
-		s->s2->wpend_off+=i;
-		s->s2->wpend_len-=i;
-		}
-	}
-
-static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
-	{
-	unsigned int j,k,olen,p,bs;
-	int mac_size;
-	register unsigned char *pp;
-
-	olen=len;
-
-	/* first check if there is data from an encryption waiting to
-	 * be sent - it must be sent because the other end is waiting.
-	 * This will happen with non-blocking IO.  We print it and then
-	 * return.
-	 */
-	if (s->s2->wpend_len != 0) return(write_pending(s,buf,len));
-
-	/* set mac_size to mac size */
-	if (s->s2->clear_text)
-		mac_size=0;
-	else
-		{
-		mac_size=EVP_MD_CTX_size(s->write_hash);
-		if (mac_size < 0)
-			return -1;
-		}
-
-	/* lets set the pad p */
-	if (s->s2->clear_text)
-		{
-		if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
-			len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
-		p=0;
-		s->s2->three_byte_header=0;
-		/* len=len; */
-		}
-	else
-		{
-		bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
-		j=len+mac_size;
-		/* Two-byte headers allow for a larger record length than
-		 * three-byte headers, but we can't use them if we need
-		 * padding or if we have to set the escape bit. */
-		if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
-			(!s->s2->escape))
-			{
-			if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
-				j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
-			/* set k to the max number of bytes with 2
-			 * byte header */
-			k=j-(j%bs);
-			/* how many data bytes? */
-			len=k-mac_size; 
-			s->s2->three_byte_header=0;
-			p=0;
-			}
-		else if ((bs <= 1) && (!s->s2->escape))
-			{
-			/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
-			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
-			s->s2->three_byte_header=0;
-			p=0;
-			}
-		else /* we may have to use a 3 byte header */
-			{
-			/* If s->s2->escape is not set, then
-			 * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
-			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
-			p=(j%bs);
-			p=(p == 0)?0:(bs-p);
-			if (s->s2->escape)
-				{
-				s->s2->three_byte_header=1;
-				if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
-					j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
-				}
-			else
-				s->s2->three_byte_header=(p == 0)?0:1;
-			}
-		}
-
-	/* Now
-	 *      j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
-	 * holds, and if s->s2->three_byte_header is set, then even
-	 *      j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
-	 */
-
-	/* mac_size is the number of MAC bytes
-	 * len is the number of data bytes we are going to send
-	 * p is the number of padding bytes
-	 * (if it is a two-byte header, then p == 0) */
-
-	s->s2->wlength=len;
-	s->s2->padding=p;
-	s->s2->mac_data= &(s->s2->wbuf[3]);
-	s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
-	/* we copy the data into s->s2->wbuf */
-	memcpy(s->s2->wact_data,buf,len);
-	if (p)
-		memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */
-
-	if (!s->s2->clear_text)
-		{
-		s->s2->wact_data_length=len+p;
-		ssl2_mac(s,s->s2->mac_data,1);
-		s->s2->wlength+=p+mac_size;
-		if(ssl2_enc(s,1) < 1)
-			return -1;
-		}
-
-	/* package up the header */
-	s->s2->wpend_len=s->s2->wlength;
-	if (s->s2->three_byte_header) /* 3 byte header */
-		{
-		pp=s->s2->mac_data;
-		pp-=3;
-		pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8);
-		if (s->s2->escape) pp[0]|=SEC_ESC_BIT;
-		pp[1]=s->s2->wlength&0xff;
-		pp[2]=s->s2->padding;
-		s->s2->wpend_len+=3;
-		}
-	else
-		{
-		pp=s->s2->mac_data;
-		pp-=2;
-		pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT;
-		pp[1]=s->s2->wlength&0xff;
-		s->s2->wpend_len+=2;
-		}
-	s->s2->write_ptr=pp;
-	
-	INC32(s->s2->write_sequence); /* expect next number */
-
-	/* lets try to actually write the data */
-	s->s2->wpend_tot=olen;
-	s->s2->wpend_buf=buf;
-
-	s->s2->wpend_ret=len;
-
-	s->s2->wpend_off=0;
-	return(write_pending(s,buf,olen));
-	}
-
-int ssl2_part_read(SSL *s, unsigned long f, int i)
-	{
-	unsigned char *p;
-	int j;
-
-	if (i < 0)
-		{
-		/* ssl2_return_error(s); */
-		/* for non-blocking io,
-		 * this is not necessarily fatal */
-		return(i);
-		}
-	else
-		{
-		s->init_num+=i;
-
-		/* Check for error.  While there are recoverable errors,
-		 * this function is not called when those must be expected;
-		 * any error detected here is fatal. */
-		if (s->init_num >= 3)
-			{
-			p=(unsigned char *)s->init_buf->data;
-			if (p[0] == SSL2_MT_ERROR)
-				{
-				j=(p[1]<<8)|p[2];
-				SSLerr((int)f,ssl_mt_error(j));
-				s->init_num -= 3;
-				if (s->init_num > 0)
-					memmove(p, p+3, s->init_num);
-				}
-			}
-
-		/* If it's not an error message, we have some error anyway --
-		 * the message was shorter than expected.  This too is treated
-		 * as fatal (at least if SSL_get_error is asked for its opinion). */
-		return(0);
-		}
-	}
-
-int ssl2_do_write(SSL *s)
-	{
-	int ret;
-
-	ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
-	if (ret == s->init_num)
-		{
-		if (s->msg_callback)
-			s->msg_callback(1, s->version, 0, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
-		return(1);
-		}
-	if (ret < 0)
-		return(-1);
-	s->init_off+=ret;
-	s->init_num-=ret;
-	return(0);
-	}
-
-static int ssl_mt_error(int n)
-	{
-	int ret;
-
-	switch (n)
-		{
-	case SSL2_PE_NO_CIPHER:
-		ret=SSL_R_PEER_ERROR_NO_CIPHER;
-		break;
-	case SSL2_PE_NO_CERTIFICATE:
-		ret=SSL_R_PEER_ERROR_NO_CERTIFICATE;
-		break;
-	case SSL2_PE_BAD_CERTIFICATE:
-		ret=SSL_R_PEER_ERROR_CERTIFICATE;
-		break;
-	case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE:
-		ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;
-		break;
-	default:
-		ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;
-		break;
-		}
-	return(ret);
-	}
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
deleted file mode 100644
index 59ced3f305..0000000000
--- a/ssl/s2_srvr.c
+++ /dev/null
@@ -1,1156 +0,0 @@
-/* ssl/s2_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static const SSL_METHOD *ssl2_get_server_method(int ver);
-static int get_client_master_key(SSL *s);
-static int get_client_hello(SSL *s);
-static int server_hello(SSL *s); 
-static int get_client_finished(SSL *s);
-static int server_verify(SSL *s);
-static int server_finish(SSL *s);
-static int request_certificate(SSL *s);
-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
-	unsigned char *to,int padding);
-#define BREAK	break
-
-static const SSL_METHOD *ssl2_get_server_method(int ver)
-	{
-	if (ver == SSL2_VERSION)
-		return(SSLv2_server_method());
-	else
-		return(NULL);
-	}
-
-IMPLEMENT_ssl2_meth_func(SSLv2_server_method,
-			ssl2_accept,
-			ssl_undefined_function,
-			ssl2_get_server_method)
-
-int ssl2_accept(SSL *s)
-	{
-	unsigned long l=(unsigned long)time(NULL);
-	BUF_MEM *buf=NULL;
-	int ret= -1;
-	long num1;
-	void (*cb)(const SSL *ssl,int type,int val)=NULL;
-	int new_state,state;
-
-	RAND_add(&l,sizeof(l),0);
-	ERR_clear_error();
-	clear_sys_error();
-
-	if (s->info_callback != NULL)
-		cb=s->info_callback;
-	else if (s->ctx->info_callback != NULL)
-		cb=s->ctx->info_callback;
-
-	/* init things to blank */
-	s->in_handshake++;
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
-	if (s->cert == NULL)
-		{
-		SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
-		return(-1);
-		}
-
-	clear_sys_error();
-	for (;;)
-		{
-		state=s->state;
-
-		switch (s->state)
-			{
-		case SSL_ST_BEFORE:
-		case SSL_ST_ACCEPT:
-		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
-		case SSL_ST_OK|SSL_ST_ACCEPT:
-
-			s->server=1;
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-			s->version=SSL2_VERSION;
-			s->type=SSL_ST_ACCEPT;
-
-			if(s->init_buf == NULL)
-				{
-				if ((buf=BUF_MEM_new()) == NULL)
-					{
-					ret= -1;
-					goto end;
-					}
-				if (!BUF_MEM_grow(buf,(int) SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
-					{
-					BUF_MEM_free(buf);
-					ret= -1;
-					goto end;
-					}
-				s->init_buf=buf;
-				}
-			s->init_num=0;
-			s->ctx->stats.sess_accept++;
-			s->handshake_func=ssl2_accept;
-			s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-			BREAK;
-
-		case SSL2_ST_GET_CLIENT_HELLO_A:
-		case SSL2_ST_GET_CLIENT_HELLO_B:
-		case SSL2_ST_GET_CLIENT_HELLO_C:
-			s->shutdown=0;
-			ret=get_client_hello(s);
-			if (ret <= 0) goto end;
-			s->init_num=0;
-			s->state=SSL2_ST_SEND_SERVER_HELLO_A;
-			BREAK;
-
-		case SSL2_ST_SEND_SERVER_HELLO_A:
-		case SSL2_ST_SEND_SERVER_HELLO_B:
-			ret=server_hello(s);
-			if (ret <= 0) goto end;
-			s->init_num=0;
-			if (!s->hit)
-				{
-				s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A;
-				BREAK;
-				}
-			else
-				{
-				s->state=SSL2_ST_SERVER_START_ENCRYPTION;
-				BREAK;
-				}
-		case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
-		case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
-			ret=get_client_master_key(s);
-			if (ret <= 0) goto end;
-			s->init_num=0;
-			s->state=SSL2_ST_SERVER_START_ENCRYPTION;
-			BREAK;
-
-		case SSL2_ST_SERVER_START_ENCRYPTION:
-			/* Ok we how have sent all the stuff needed to
-			 * start encrypting, the next packet back will
-			 * be encrypted. */
-			if (!ssl2_enc_init(s,0))
-				{ ret= -1; goto end; }
-			s->s2->clear_text=0;
-			s->state=SSL2_ST_SEND_SERVER_VERIFY_A;
-			BREAK;
-
-		case SSL2_ST_SEND_SERVER_VERIFY_A:
-		case SSL2_ST_SEND_SERVER_VERIFY_B:
-			ret=server_verify(s);
-			if (ret <= 0) goto end;
-			s->init_num=0;
-			if (s->hit)
-				{
-				/* If we are in here, we have been
-				 * buffering the output, so we need to
-				 * flush it and remove buffering from
-				 * future traffic */
-				s->state=SSL2_ST_SEND_SERVER_VERIFY_C;
-				BREAK;
-				}
-			else
-				{
-				s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
-				break;
-				}
-
- 		case SSL2_ST_SEND_SERVER_VERIFY_C:
- 			/* get the number of bytes to write */
- 			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
- 			if (num1 > 0)
- 				{
-				s->rwstate=SSL_WRITING;
- 				num1=BIO_flush(s->wbio);
- 				if (num1 <= 0) { ret= -1; goto end; }
-				s->rwstate=SSL_NOTHING;
-				}
-
- 			/* flushed and now remove buffering */
- 			s->wbio=BIO_pop(s->wbio);
-
- 			s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
-  			BREAK;
-
-		case SSL2_ST_GET_CLIENT_FINISHED_A:
-		case SSL2_ST_GET_CLIENT_FINISHED_B:
-			ret=get_client_finished(s);
-			if (ret <= 0)
-				goto end;
-			s->init_num=0;
-			s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A;
-			BREAK;
-
-		case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
-		case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
-		case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
-		case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
-			/* don't do a 'request certificate' if we
-			 * don't want to, or we already have one, and
-			 * we only want to do it once. */
-			if (!(s->verify_mode & SSL_VERIFY_PEER) ||
-				((s->session->peer != NULL) &&
-				(s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
-				{
-				s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
-				break;
-				}
-			else
-				{
-				ret=request_certificate(s);
-				if (ret <= 0) goto end;
-				s->init_num=0;
-				s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
-				}
-			BREAK;
-
-		case SSL2_ST_SEND_SERVER_FINISHED_A:
-		case SSL2_ST_SEND_SERVER_FINISHED_B:
-			ret=server_finish(s);
-			if (ret <= 0) goto end;
-			s->init_num=0;
-			s->state=SSL_ST_OK;
-			break;
-
-		case SSL_ST_OK:
-			BUF_MEM_free(s->init_buf);
-			ssl_free_wbio_buffer(s);
-			s->init_buf=NULL;
-			s->init_num=0;
-		/*	ERR_clear_error();*/
-
-			ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
-			s->ctx->stats.sess_accept_good++;
-			/* s->server=1; */
-			ret=1;
-
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
-			goto end;
-			/* BREAK; */
-
-		default:
-			SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE);
-			ret= -1;
-			goto end;
-			/* BREAK; */
-			}
-		
-		if ((cb != NULL) && (s->state != state))
-			{
-			new_state=s->state;
-			s->state=state;
-			cb(s,SSL_CB_ACCEPT_LOOP,1);
-			s->state=new_state;
-			}
-		}
-end:
-	s->in_handshake--;
-	if (cb != NULL)
-		cb(s,SSL_CB_ACCEPT_EXIT,ret);
-	return(ret);
-	}
-
-static int get_client_master_key(SSL *s)
-	{
-	int is_export,i,n,keya,ek;
-	unsigned long len;
-	unsigned char *p;
-	const SSL_CIPHER *cp;
-	const EVP_CIPHER *c;
-	const EVP_MD *md;
-
-	p=(unsigned char *)s->init_buf->data;
-	if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A)
-		{
-		i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num);
-
-		if (i < (10-s->init_num))
-			return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
-		s->init_num = 10;
-
-		if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)
-			{
-			if (p[-1] != SSL2_MT_ERROR)
-				{
-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
-				}
-			else
-				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
-			return(-1);
-			}
-
-		cp=ssl2_get_cipher_by_char(p);
-		if (cp == NULL)
-			{
-			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
-			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
-			return(-1);
-			}
-		s->session->cipher= cp;
-
-		p+=3;
-		n2s(p,i); s->s2->tmp.clear=i;
-		n2s(p,i); s->s2->tmp.enc=i;
-		n2s(p,i);
-		if(i > SSL_MAX_KEY_ARG_LENGTH)
-			{
-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
-			return -1;
-			}
-		s->session->key_arg_length=i;
-		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
-		}
-
-	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
-	p=(unsigned char *)s->init_buf->data;
-	if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
-		{
-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-		return -1;
-		}
-	keya=s->session->key_arg_length;
-	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
-	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
-		{
-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
-		return -1;
-		}
-	n = (int)len - s->init_num;
-	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
-	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY */
-	p += 10;
-
-	memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
-		(unsigned int)keya);
-
-	if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
-		{
-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
-		return(-1);
-		}
-	i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
-		&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
-		(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
-
-	is_export=SSL_C_IS_EXPORT(s->session->cipher);
-	
-	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
-		{
-		ssl2_return_error(s,SSL2_PE_NO_CIPHER);
-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
-		return(0);
-		}
-
-	if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
-		{
-		is_export=1;
-		ek=8;
-		}
-	else
-		ek=5;
-
-	/* bad decrypt */
-#if 1
-	/* If a bad decrypt, continue with protocol but with a
-	 * random master secret (Bleichenbacher attack) */
-	if ((i < 0) ||
-		((!is_export && (i != EVP_CIPHER_key_length(c)))
-		|| (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
-			(unsigned int)EVP_CIPHER_key_length(c))))))
-		{
-		ERR_clear_error();
-		if (is_export)
-			i=ek;
-		else
-			i=EVP_CIPHER_key_length(c);
-		if (RAND_pseudo_bytes(p,i) <= 0)
-			return 0;
-		}
-#else
-	if (i < 0)
-		{
-		error=1;
-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT);
-		}
-	/* incorrect number of key bytes for non export cipher */
-	else if ((!is_export && (i != EVP_CIPHER_key_length(c)))
-		|| (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
-			EVP_CIPHER_key_length(c)))))
-		{
-		error=1;
-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS);
-		}
-	if (error)
-		{
-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		return(-1);
-		}
-#endif
-
-	if (is_export) i+=s->s2->tmp.clear;
-
-	if (i > SSL_MAX_MASTER_KEY_LENGTH)
-		{
-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
-		return -1;
-		}
-	s->session->master_key_length=i;
-	memcpy(s->session->master_key,p,(unsigned int)i);
-	return(1);
-	}
-
-static int get_client_hello(SSL *s)
-	{
-	int i,n;
-	unsigned long len;
-	unsigned char *p;
-	STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
-	STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
-	STACK_OF(SSL_CIPHER) *prio, *allow;
-	int z;
-
-	/* This is a bit of a hack to check for the correct packet
-	 * type the first time round. */
-	if (s->state == SSL2_ST_GET_CLIENT_HELLO_A)
-		{
-		s->first_packet=1;
-		s->state=SSL2_ST_GET_CLIENT_HELLO_B;
-		}
-
-	p=(unsigned char *)s->init_buf->data;
-	if (s->state == SSL2_ST_GET_CLIENT_HELLO_B)
-		{
-		i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);
-		if (i < (9-s->init_num)) 
-			return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
-		s->init_num = 9;
-	
-		if (*(p++) != SSL2_MT_CLIENT_HELLO)
-			{
-			if (p[-1] != SSL2_MT_ERROR)
-				{
-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-				SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_READ_WRONG_PACKET_TYPE);
-				}
-			else
-				SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_PEER_ERROR);
-			return(-1);
-			}
-		n2s(p,i);
-		if (i < s->version) s->version=i;
-		n2s(p,i); s->s2->tmp.cipher_spec_length=i;
-		n2s(p,i); s->s2->tmp.session_id_length=i;
-		n2s(p,i); s->s2->challenge_length=i;
-		if (	(i < SSL2_MIN_CHALLENGE_LENGTH) ||
-			(i > SSL2_MAX_CHALLENGE_LENGTH))
-			{
-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-			SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
-			return(-1);
-			}
-		s->state=SSL2_ST_GET_CLIENT_HELLO_C;
-		}
-
-	/* SSL2_ST_GET_CLIENT_HELLO_C */
-	p=(unsigned char *)s->init_buf->data;
-	len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
-	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
-		{
-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
-		return -1;
-		}
-	n = (int)len - s->init_num;
-	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
-	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO */
-	p += 9;
-
-	/* get session-id before cipher stuff so we can get out session
-	 * structure if it is cached */
-	/* session-id */
-	if ((s->s2->tmp.session_id_length != 0) && 
-		(s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH))
-		{
-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_BAD_SSL_SESSION_ID_LENGTH);
-		return(-1);
-		}
-
-	if (s->s2->tmp.session_id_length == 0)
-		{
-		if (!ssl_get_new_session(s,1))
-			{
-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-			return(-1);
-			}
-		}
-	else
-		{
-		i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]),
-			s->s2->tmp.session_id_length, NULL);
-		if (i == 1)
-			{ /* previous session */
-			s->hit=1;
-			}
-		else if (i == -1)
-			{
-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-			return(-1);
-			}
-		else
-			{
-			if (s->cert == NULL)
-				{
-				ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
-				SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_NO_CERTIFICATE_SET);
-				return(-1);
-				}
-
-			if (!ssl_get_new_session(s,1))
-				{
-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-				return(-1);
-				}
-			}
-		}
-
-	if (!s->hit)
-		{
-		cs=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.cipher_spec_length,
-			&s->session->ciphers);
-		if (cs == NULL) goto mem_err;
-
-		cl=SSL_get_ciphers(s);
-
-		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
-		    {
-		    prio=sk_SSL_CIPHER_dup(cl);
-		    if (prio == NULL) goto mem_err;
-		    allow = cs;
-		    }
-		else
-		    {
-		    prio = cs;
-		    allow = cl;
-		    }
-		for (z=0; z<sk_SSL_CIPHER_num(prio); z++)
-			{
-			if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0)
-				{
-				(void)sk_SSL_CIPHER_delete(prio,z);
-				z--;
-				}
-			}
-		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
-		    {
-		    sk_SSL_CIPHER_free(s->session->ciphers);
-		    s->session->ciphers = prio;
-		    }
-		/* s->session->ciphers should now have a list of
-		 * ciphers that are on both the client and server.
-		 * This list is ordered by the order the client sent
-		 * the ciphers or in the order of the server's preference
-		 * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
-		 */
-		}
-	p+=s->s2->tmp.cipher_spec_length;
-	/* done cipher selection */
-
-	/* session id extracted already */
-	p+=s->s2->tmp.session_id_length;
-
-	/* challenge */
-	if (s->s2->challenge_length > sizeof s->s2->challenge)
-		{
-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-		return -1;
-		}
-	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
-	return(1);
-mem_err:
-	SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
-	return(0);
-	}
-
-static int server_hello(SSL *s)
-	{
-	unsigned char *p,*d;
-	int n,hit;
-
-	p=(unsigned char *)s->init_buf->data;
-	if (s->state == SSL2_ST_SEND_SERVER_HELLO_A)
-		{
-		d=p+11;
-		*(p++)=SSL2_MT_SERVER_HELLO;		/* type */
-		hit=s->hit;
-		*(p++)=(unsigned char)hit;
-#if 1
-		if (!hit)
-			{
-			if (s->session->sess_cert != NULL)
-				/* This can't really happen because get_client_hello
-				 * has called ssl_get_new_session, which does not set
-				 * sess_cert. */
-				ssl_sess_cert_free(s->session->sess_cert);
-			s->session->sess_cert = ssl_sess_cert_new();
-			if (s->session->sess_cert == NULL)
-				{
-				SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
-				return(-1);
-				}
-			}
-		/* If 'hit' is set, then s->sess_cert may be non-NULL or NULL,
-		 * depending on whether it survived in the internal cache
-		 * or was retrieved from an external cache.
-		 * If it is NULL, we cannot put any useful data in it anyway,
-		 * so we don't touch it.
-		 */
-
-#else /* That's what used to be done when cert_st and sess_cert_st were
-	   * the same. */
-		if (!hit)
-			{			/* else add cert to session */
-			CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
-			if (s->session->sess_cert != NULL)
-				ssl_cert_free(s->session->sess_cert);
-			s->session->sess_cert=s->cert;		
-			}
-		else	/* We have a session id-cache hit, if the
-			 * session-id has no certificate listed against
-			 * the 'cert' structure, grab the 'old' one
-			 * listed against the SSL connection */
-			{
-			if (s->session->sess_cert == NULL)
-				{
-				CRYPTO_add(&s->cert->references,1,
-					CRYPTO_LOCK_SSL_CERT);
-				s->session->sess_cert=s->cert;
-				}
-			}
-#endif
-
-		if (s->cert == NULL)
-			{
-			ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
-			SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED);
-			return(-1);
-			}
-
-		if (hit)
-			{
-			*(p++)=0;		/* no certificate type */
-			s2n(s->version,p);	/* version */
-			s2n(0,p);		/* cert len */
-			s2n(0,p);		/* ciphers len */
-			}
-		else
-			{
-			/* EAY EAY */
-			/* put certificate type */
-			*(p++)=SSL2_CT_X509_CERTIFICATE;
-			s2n(s->version,p);	/* version */
-			n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
-			s2n(n,p);		/* certificate length */
-			i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d);
-			n=0;
-			
-			/* lets send out the ciphers we like in the
-			 * prefered order */
-			n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0);
-			d+=n;
-			s2n(n,p);		/* add cipher length */
-			}
-
-		/* make and send conn_id */
-		s2n(SSL2_CONNECTION_ID_LENGTH,p);	/* add conn_id length */
-		s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
-		if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0)
-			return -1;
-		memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
-		d+=SSL2_CONNECTION_ID_LENGTH;
-
-		s->state=SSL2_ST_SEND_SERVER_HELLO_B;
-		s->init_num=d-(unsigned char *)s->init_buf->data;
-		s->init_off=0;
-		}
-	/* SSL2_ST_SEND_SERVER_HELLO_B */
- 	/* If we are using TCP/IP, the performance is bad if we do 2
- 	 * writes without a read between them.  This occurs when
- 	 * Session-id reuse is used, so I will put in a buffering module
- 	 */
- 	if (s->hit)
- 		{
-		if (!ssl_init_wbio_buffer(s,1)) return(-1);
- 		}
- 
-	return(ssl2_do_write(s));
-	}
-
-static int get_client_finished(SSL *s)
-	{
-	unsigned char *p;
-	int i, n;
-	unsigned long len;
-
-	p=(unsigned char *)s->init_buf->data;
-	if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
-		{
-		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
-		if (i < 1-s->init_num)
-			return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
-		s->init_num += i;
-
-		if (*p != SSL2_MT_CLIENT_FINISHED)
-			{
-			if (*p != SSL2_MT_ERROR)
-				{
-				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
-				}
-			else
-				{
-				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
-				/* try to read the error message */
-				i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
-				return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
-				}
-			return(-1);
-			}
-		s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
-		}
-
-	/* SSL2_ST_GET_CLIENT_FINISHED_B */
-	if (s->s2->conn_id_length > sizeof s->s2->conn_id)
-		{
-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
-		return -1;
-		}
-	len = 1 + (unsigned long)s->s2->conn_id_length;
-	n = (int)len - s->init_num;
-	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
-	if (i < n)
-		{
-		return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
-		}
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
-	p += 1;
-	if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0)
-		{
-		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-		SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
-		return(-1);
-		}
-	return(1);
-	}
-
-static int server_verify(SSL *s)
-	{
-	unsigned char *p;
-
-	if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A)
-		{
-		p=(unsigned char *)s->init_buf->data;
-		*(p++)=SSL2_MT_SERVER_VERIFY;
-		if (s->s2->challenge_length > sizeof s->s2->challenge)
-			{
-			SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
-			return -1;
-			}
-		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
-		/* p+=s->s2->challenge_length; */
-
-		s->state=SSL2_ST_SEND_SERVER_VERIFY_B;
-		s->init_num=s->s2->challenge_length+1;
-		s->init_off=0;
-		}
-	return(ssl2_do_write(s));
-	}
-
-static int server_finish(SSL *s)
-	{
-	unsigned char *p;
-
-	if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A)
-		{
-		p=(unsigned char *)s->init_buf->data;
-		*(p++)=SSL2_MT_SERVER_FINISHED;
-
-		if (s->session->session_id_length > sizeof s->session->session_id)
-			{
-			SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
-			return -1;
-			}
-		memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
-		/* p+=s->session->session_id_length; */
-
-		s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
-		s->init_num=s->session->session_id_length+1;
-		s->init_off=0;
-		}
-
-	/* SSL2_ST_SEND_SERVER_FINISHED_B */
-	return(ssl2_do_write(s));
-	}
-
-/* send the request and check the response */
-static int request_certificate(SSL *s)
-	{
-	const unsigned char *cp;
-	unsigned char *p,*p2,*buf2;
-	unsigned char *ccd;
-	int i,j,ctype,ret= -1;
-	unsigned long len;
-	X509 *x509=NULL;
-	STACK_OF(X509) *sk=NULL;
-
-	ccd=s->s2->tmp.ccl;
-	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A)
-		{
-		p=(unsigned char *)s->init_buf->data;
-		*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
-		*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
-		if (RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
-			return -1;
-		memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
-
-		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
-		s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2;
-		s->init_off=0;
-		}
-
-	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B)
-		{
-		i=ssl2_do_write(s);
-		if (i <= 0)
-			{
-			ret=i;
-			goto end;
-			}
-
-		s->init_num=0;
-		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_C;
-		}
-
-	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
-		{
-		p=(unsigned char *)s->init_buf->data;
-		i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */
-		if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3
-		                        * (probably NO-CERTIFICATE-ERROR) */
-			{
-			ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
-			goto end;
-			}
-		s->init_num += i;
-
-		if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR))
-			{
-			n2s(p,i);
-			if (i != SSL2_PE_NO_CERTIFICATE)
-				{
-				/* not the error message we expected -- let ssl2_part_read handle it */
-				s->init_num -= 3;
-				ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3);
-				goto end;
-				}
-
-			if (s->msg_callback)
-				s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR */
-
-			/* this is the one place where we can recover from an SSL 2.0 error */
-
-			if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
-				{
-				ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
-				SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-				goto end;
-				}
-			ret=1;
-			goto end;
-			}
-		if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6))
-			{
-			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);
-			goto end;
-			}
-		if (s->init_num != 6)
-			{
-			SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);
-			goto end;
-			}
-		
-		/* ok we have a response */
-		/* certificate type, there is only one right now. */
-		ctype= *(p++);
-		if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
-			{
-			ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
-			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_RESPONSE_ARGUMENT);
-			goto end;
-			}
-		n2s(p,i); s->s2->tmp.clen=i;
-		n2s(p,i); s->s2->tmp.rlen=i;
-		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
-		}
-
-	/* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
-	p=(unsigned char *)s->init_buf->data;
-	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
-	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
-		{
-		SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
-		goto end;
-		}
-	j = (int)len - s->init_num;
-	i = ssl2_read(s,(char *)&(p[s->init_num]),j);
-	if (i < j) 
-		{
-		ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
-		goto end;
-		}
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */
-	p += 6;
-
-	cp = p;
-	x509=(X509 *)d2i_X509(NULL,&cp,(long)s->s2->tmp.clen);
-	if (x509 == NULL)
-		{
-		SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB);
-		goto msg_end;
-		}
-
-	if (((sk=sk_X509_new_null()) == NULL) || (!sk_X509_push(sk,x509)))
-		{
-		SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-		goto msg_end;
-		}
-
-	i=ssl_verify_cert_chain(s,sk);
-
-	if (i > 0)	/* we like the packet, now check the chksum */
-		{
-		EVP_MD_CTX ctx;
-		EVP_PKEY *pkey=NULL;
-
-		EVP_MD_CTX_init(&ctx);
-		if (!EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL)
-		    || !EVP_VerifyUpdate(&ctx,s->s2->key_material,
-					 s->s2->key_material_length)
-		    || !EVP_VerifyUpdate(&ctx,ccd,
-					 SSL2_MIN_CERT_CHALLENGE_LENGTH))
-			goto msg_end;
-
-		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
-		buf2=OPENSSL_malloc((unsigned int)i);
-		if (buf2 == NULL)
-			{
-			SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-			goto msg_end;
-			}
-		p2=buf2;
-		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
-		if (!EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i))
-			{
-			OPENSSL_free(buf2);
-			goto msg_end;
-			}
-		OPENSSL_free(buf2);
-
-		pkey=X509_get_pubkey(x509);
-		if (pkey == NULL) goto end;
-		i=EVP_VerifyFinal(&ctx,cp,s->s2->tmp.rlen,pkey);
-		EVP_PKEY_free(pkey);
-		EVP_MD_CTX_cleanup(&ctx);
-
-		if (i > 0)
-			{
-			if (s->session->peer != NULL)
-				X509_free(s->session->peer);
-			s->session->peer=x509;
-			CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-			s->session->verify_result = s->verify_result;
-			ret=1;
-			goto end;
-			}
-		else
-			{
-			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_CHECKSUM);
-			goto msg_end;
-			}
-		}
-	else
-		{
-msg_end:
-		ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
-		}
-end:
-	sk_X509_free(sk);
-	X509_free(x509);
-	return(ret);
-	}
-
-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
-	     unsigned char *to, int padding)
-	{
-	RSA *rsa;
-	int i;
-
-	if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL))
-		{
-		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY);
-		return(-1);
-		}
-	if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA)
-		{
-		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
-		return(-1);
-		}
-	rsa=c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;
-
-	/* we have the public key */
-	i=RSA_private_decrypt(len,from,to,rsa,padding);
-	if (i < 0)
-		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
-	return(i);
-	}
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
deleted file mode 100644
index 8d5e0b73c5..0000000000
--- a/ssl/s3_both.c
+++ /dev/null
@@ -1,862 +0,0 @@
-/* ssl/s3_both.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <limits.h>
-#include <string.h>
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
-int ssl3_do_write(SSL *s, int type)
-	{
-	int ret;
-
-	ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
-	                     s->init_num);
-	if (ret < 0) return(-1);
-	if (type == SSL3_RT_HANDSHAKE)
-		/* should not be done for 'Hello Request's, but in that case
-		 * we'll ignore the result anyway */
-		ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
-	
-	if (ret == s->init_num)
-		{
-		if (s->msg_callback)
-			s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
-		return(1);
-		}
-	s->init_off+=ret;
-	s->init_num-=ret;
-	return(0);
-	}
-
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
-	{
-	unsigned char *p,*d;
-	int i;
-	unsigned long l;
-
-	if (s->state == a)
-		{
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[4]);
-
-		i=s->method->ssl3_enc->final_finish_mac(s,
-			sender,slen,s->s3->tmp.finish_md);
-		if (i == 0)
-			return 0;
-		s->s3->tmp.finish_md_len = i;
-		memcpy(p, s->s3->tmp.finish_md, i);
-		p+=i;
-		l=i;
-
-                /* Copy the finished so we can use it for
-                   renegotiation checks */
-                if(s->type == SSL_ST_CONNECT)
-                        {
-                         OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-                         memcpy(s->s3->previous_client_finished, 
-                             s->s3->tmp.finish_md, i);
-                         s->s3->previous_client_finished_len=i;
-                        }
-                else
-                        {
-                        OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-                        memcpy(s->s3->previous_server_finished, 
-                            s->s3->tmp.finish_md, i);
-                        s->s3->previous_server_finished_len=i;
-                        }
-
-#ifdef OPENSSL_SYS_WIN16
-		/* MSVC 1.5 does not clear the top bytes of the word unless
-		 * I do this.
-		 */
-		l&=0xffff;
-#endif
-
-		*(d++)=SSL3_MT_FINISHED;
-		l2n3(l,d);
-		s->init_num=(int)l+4;
-		s->init_off=0;
-
-		s->state=b;
-		}
-
-	/* SSL3_ST_SEND_xxxxxx_HELLO_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
-static void ssl3_take_mac(SSL *s)
-	{
-	const char *sender;
-	int slen;
-	/* If no new cipher setup return immediately: other functions will
-	 * set the appropriate error.
-	 */
-	if (s->s3->tmp.new_cipher == NULL)
-		return;
-	if (s->state & SSL_ST_CONNECT)
-		{
-		sender=s->method->ssl3_enc->server_finished_label;
-		slen=s->method->ssl3_enc->server_finished_label_len;
-		}
-	else
-		{
-		sender=s->method->ssl3_enc->client_finished_label;
-		slen=s->method->ssl3_enc->client_finished_label_len;
-		}
-
-	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
-		sender,slen,s->s3->tmp.peer_finish_md);
-	}
-#endif
-
-int ssl3_get_finished(SSL *s, int a, int b)
-	{
-	int al,i,ok;
-	long n;
-	unsigned char *p;
-
-#ifdef OPENSSL_NO_NEXTPROTONEG
-	/* the mac has already been generated when we received the
-	 * change cipher spec message and is in s->s3->tmp.peer_finish_md.
-	 */ 
-#endif
-
-	n=s->method->ssl_get_message(s,
-		a,
-		b,
-		SSL3_MT_FINISHED,
-		64, /* should actually be 36+4 :-) */
-		&ok);
-
-	if (!ok) return((int)n);
-
-	/* If this occurs, we have missed a message */
-	if (!s->s3->change_cipher_spec)
-		{
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
-		goto f_err;
-		}
-	s->s3->change_cipher_spec=0;
-
-	p = (unsigned char *)s->init_msg;
-	i = s->s3->tmp.peer_finish_md_len;
-
-	if (i != n)
-		{
-		al=SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
-		goto f_err;
-		}
-
-	if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
-		{
-		al=SSL_AD_DECRYPT_ERROR;
-		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
-		goto f_err;
-		}
-
-        /* Copy the finished so we can use it for
-           renegotiation checks */
-        if(s->type == SSL_ST_ACCEPT)
-                {
-                OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-                memcpy(s->s3->previous_client_finished, 
-                    s->s3->tmp.peer_finish_md, i);
-                s->s3->previous_client_finished_len=i;
-                }
-        else
-                {
-                OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
-                memcpy(s->s3->previous_server_finished, 
-                    s->s3->tmp.peer_finish_md, i);
-                s->s3->previous_server_finished_len=i;
-                }
-
-	return(1);
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-	return(0);
-	}
-
-/* for these 2 messages, we need to
- * ssl->enc_read_ctx			re-init
- * ssl->s3->read_sequence		zero
- * ssl->s3->read_mac_secret		re-init
- * ssl->session->read_sym_enc		assign
- * ssl->session->read_compression	assign
- * ssl->session->read_hash		assign
- */
-int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
-	{ 
-	unsigned char *p;
-
-	if (s->state == a)
-		{
-		p=(unsigned char *)s->init_buf->data;
-		*p=SSL3_MT_CCS;
-		s->init_num=1;
-		s->init_off=0;
-
-		s->state=b;
-		}
-
-	/* SSL3_ST_CW_CHANGE_B */
-	return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
-	}
-
-static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
-	{
-	int n;
-	unsigned char *p;
-
-	n=i2d_X509(x,NULL);
-	if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
-		{
-		SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
-		return(-1);
-		}
-	p=(unsigned char *)&(buf->data[*l]);
-	l2n3(n,p);
-	i2d_X509(x,&p);
-	*l+=n+3;
-
-	return(0);
-	}
-
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
-	{
-	unsigned char *p;
-	int i;
-	unsigned long l=7;
-	BUF_MEM *buf;
-	int no_chain;
-	STACK_OF(X509) *cert_chain;
-
-	cert_chain = SSL_get_certificate_chain(s, x);
-
-	if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs || cert_chain)
-		no_chain = 1;
-	else
-		no_chain = 0;
-
-	/* TLSv1 sends a chain with nothing in it, instead of an alert */
-	buf=s->init_buf;
-	if (!BUF_MEM_grow_clean(buf,10))
-		{
-		SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
-		return(0);
-		}
-	if (x != NULL)
-		{
-		if (no_chain)
-			{
-			if (ssl3_add_cert_to_buf(buf, &l, x))
-				return(0);
-			}
-		else
-			{
-			X509_STORE_CTX xs_ctx;
-
-			if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
-				{
-				SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
-				return(0);
-				}
-			X509_verify_cert(&xs_ctx);
-			/* Don't leave errors in the queue */
-			ERR_clear_error();
-			for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
-				{
-				x = sk_X509_value(xs_ctx.chain, i);
-
-				if (ssl3_add_cert_to_buf(buf, &l, x))
-					{
-					X509_STORE_CTX_cleanup(&xs_ctx);
-					return 0;
-					}
-				}
-			X509_STORE_CTX_cleanup(&xs_ctx);
-			}
-		}
-	/* Thawte special :-) */
-	for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
-		{
-		x=sk_X509_value(s->ctx->extra_certs,i);
-		if (ssl3_add_cert_to_buf(buf, &l, x))
-			return(0);
-		}
-
-	for (i=0; i<sk_X509_num(cert_chain); i++)
-		if (ssl3_add_cert_to_buf(buf, &l, sk_X509_value(cert_chain,i)))
-			return(0);
-
-	l-=7;
-	p=(unsigned char *)&(buf->data[4]);
-	l2n3(l,p);
-	l+=3;
-	p=(unsigned char *)&(buf->data[0]);
-	*(p++)=SSL3_MT_CERTIFICATE;
-	l2n3(l,p);
-	l+=4;
-	return(l);
-	}
-
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
- * maximum acceptable body length 'max'.
- * The first four bytes (msg_type and length) are read in state 'st1',
- * the body is read in state 'stn'.
- */
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
-	{
-	unsigned char *p;
-	unsigned long l;
-	long n;
-	int i,al;
-
-	if (s->s3->tmp.reuse_message)
-		{
-		s->s3->tmp.reuse_message=0;
-		if ((mt >= 0) && (s->s3->tmp.message_type != mt))
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
-			goto f_err;
-			}
-		*ok=1;
-		s->state = stn;
-		s->init_msg = s->init_buf->data + 4;
-		s->init_num = (int)s->s3->tmp.message_size;
-		return s->init_num;
-		}
-
-	p=(unsigned char *)s->init_buf->data;
-
-	if (s->state == st1) /* s->init_num < 4 */
-		{
-		int skip_message;
-
-		do
-			{
-			while (s->init_num < 4)
-				{
-				i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
-					&p[s->init_num],4 - s->init_num, 0);
-				if (i <= 0)
-					{
-					s->rwstate=SSL_READING;
-					*ok = 0;
-					return i;
-					}
-				s->init_num+=i;
-				}
-			
-			skip_message = 0;
-			if (!s->server)
-				if (p[0] == SSL3_MT_HELLO_REQUEST)
-					/* The server may always send 'Hello Request' messages --
-					 * we are doing a handshake anyway now, so ignore them
-					 * if their format is correct. Does not count for
-					 * 'Finished' MAC. */
-					if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
-						{
-						s->init_num = 0;
-						skip_message = 1;
-
-						if (s->msg_callback)
-							s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
-						}
-			}
-		while (skip_message);
-
-		/* s->init_num == 4 */
-
-		if ((mt >= 0) && (*p != mt))
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
-			goto f_err;
-			}
-		if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
-					(st1 == SSL3_ST_SR_CERT_A) &&
-					(stn == SSL3_ST_SR_CERT_B))
-			{
-			/* At this point we have got an MS SGC second client
-			 * hello (maybe we should always allow the client to
-			 * start a new handshake?). We need to restart the mac.
-			 * Don't increment {num,total}_renegotiations because
-			 * we have not completed the handshake. */
-			ssl3_init_finished_mac(s);
-			}
-
-		s->s3->tmp.message_type= *(p++);
-
-		n2l3(p,l);
-		if (l > (unsigned long)max)
-			{
-			al=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
-			goto f_err;
-			}
-		if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
-			{
-			al=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
-			goto f_err;
-			}
-		if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
-			{
-			SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
-			goto err;
-			}
-		s->s3->tmp.message_size=l;
-		s->state=stn;
-
-		s->init_msg = s->init_buf->data + 4;
-		s->init_num = 0;
-		}
-
-	/* next state (stn) */
-	p = s->init_msg;
-	n = s->s3->tmp.message_size - s->init_num;
-	while (n > 0)
-		{
-		i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
-		if (i <= 0)
-			{
-			s->rwstate=SSL_READING;
-			*ok = 0;
-			return i;
-			}
-		s->init_num += i;
-		n -= i;
-		}
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-	/* If receiving Finished, record MAC of prior handshake messages for
-	 * Finished verification. */
-	if (*s->init_buf->data == SSL3_MT_FINISHED)
-		ssl3_take_mac(s);
-#endif
-
-	/* Feed this message into MAC computation. */
-	if (*((unsigned char*) s->init_buf->data) != SSL3_MT_ENCRYPTED_EXTENSIONS)
-		ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
-	*ok=1;
-	return s->init_num;
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-	*ok=0;
-	return(-1);
-	}
-
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
-	{
-	EVP_PKEY *pk;
-	int ret= -1,i;
-
-	if (pkey == NULL)
-		pk=X509_get_pubkey(x);
-	else
-		pk=pkey;
-	if (pk == NULL) goto err;
-
-	i=pk->type;
-	if (i == EVP_PKEY_RSA)
-		{
-		ret=SSL_PKEY_RSA_ENC;
-		}
-	else if (i == EVP_PKEY_DSA)
-		{
-		ret=SSL_PKEY_DSA_SIGN;
-		}
-#ifndef OPENSSL_NO_EC
-	else if (i == EVP_PKEY_EC)
-		{
-		ret = SSL_PKEY_ECC;
-		}	
-#endif
-	else if (i == NID_id_GostR3410_94 || i == NID_id_GostR3410_94_cc) 
-		{
-		ret = SSL_PKEY_GOST94;
-		}
-	else if (i == NID_id_GostR3410_2001 || i == NID_id_GostR3410_2001_cc) 
-		{
-		ret = SSL_PKEY_GOST01;
-		}
-err:
-	if(!pkey) EVP_PKEY_free(pk);
-	return(ret);
-	}
-
-int ssl_verify_alarm_type(long type)
-	{
-	int al;
-
-	switch(type)
-		{
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-	case X509_V_ERR_UNABLE_TO_GET_CRL:
-	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
-		al=SSL_AD_UNKNOWN_CA;
-		break;
-	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-	case X509_V_ERR_CERT_NOT_YET_VALID:
-	case X509_V_ERR_CRL_NOT_YET_VALID:
-	case X509_V_ERR_CERT_UNTRUSTED:
-	case X509_V_ERR_CERT_REJECTED:
-		al=SSL_AD_BAD_CERTIFICATE;
-		break;
-	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-	case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-		al=SSL_AD_DECRYPT_ERROR;
-		break;
-	case X509_V_ERR_CERT_HAS_EXPIRED:
-	case X509_V_ERR_CRL_HAS_EXPIRED:
-		al=SSL_AD_CERTIFICATE_EXPIRED;
-		break;
-	case X509_V_ERR_CERT_REVOKED:
-		al=SSL_AD_CERTIFICATE_REVOKED;
-		break;
-	case X509_V_ERR_OUT_OF_MEM:
-		al=SSL_AD_INTERNAL_ERROR;
-		break;
-	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-	case X509_V_ERR_INVALID_CA:
-		al=SSL_AD_UNKNOWN_CA;
-		break;
-	case X509_V_ERR_APPLICATION_VERIFICATION:
-		al=SSL_AD_HANDSHAKE_FAILURE;
-		break;
-	case X509_V_ERR_INVALID_PURPOSE:
-		al=SSL_AD_UNSUPPORTED_CERTIFICATE;
-		break;
-	default:
-		al=SSL_AD_CERTIFICATE_UNKNOWN;
-		break;
-		}
-	return(al);
-	}
-
-#ifndef OPENSSL_NO_BUF_FREELISTS
-/* On some platforms, malloc() performance is bad enough that you can't just
- * free() and malloc() buffers all the time, so we need to use freelists from
- * unused buffers.  Currently, each freelist holds memory chunks of only a
- * given size (list->chunklen); other sized chunks are freed and malloced.
- * This doesn't help much if you're using many different SSL option settings
- * with a given context.  (The options affecting buffer size are
- * max_send_fragment, read buffer vs write buffer,
- * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
- * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.)  Using a separate freelist for every
- * possible size is not an option, since max_send_fragment can take on many
- * different values.
- *
- * If you are on a platform with a slow malloc(), and you're using SSL
- * connections with many different settings for these options, and you need to
- * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
- *    - Link against a faster malloc implementation.
- *    - Use a separate SSL_CTX for each option set.
- *    - Improve this code.
- */
-static void *
-freelist_extract(SSL_CTX *ctx, int for_read, int sz)
-	{
-	SSL3_BUF_FREELIST *list;
-	SSL3_BUF_FREELIST_ENTRY *ent = NULL;
-	void *result = NULL;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-	list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
-	if (list != NULL && sz == (int)list->chunklen)
-		ent = list->head;
-	if (ent != NULL)
-		{
-		list->head = ent->next;
-		result = ent;
-		if (--list->len == 0)
-			list->chunklen = 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-	if (!result)
-		result = OPENSSL_malloc(sz);
-	return result;
-}
-
-static void
-freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
-	{
-	SSL3_BUF_FREELIST *list;
-	SSL3_BUF_FREELIST_ENTRY *ent;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-	list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
-	if (list != NULL &&
-	    (sz == list->chunklen || list->chunklen == 0) &&
-	    list->len < ctx->freelist_max_len &&
-	    sz >= sizeof(*ent))
-		{
-		list->chunklen = sz;
-		ent = mem;
-		ent->next = list->head;
-		list->head = ent;
-		++list->len;
-		mem = NULL;
-		}
-
-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-	if (mem)
-		OPENSSL_free(mem);
-	}
-#else
-#define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
-#define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
-#endif
-
-int ssl3_setup_read_buffer(SSL *s)
-	{
-	unsigned char *p;
-	size_t len,align=0,headerlen;
-	
-	if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
-		headerlen = DTLS1_RT_HEADER_LENGTH;
-	else
-		headerlen = SSL3_RT_HEADER_LENGTH;
-
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-	align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
-#endif
-
-	if (s->s3->rbuf.buf == NULL)
-		{
-		len = SSL3_RT_MAX_PLAIN_LENGTH
-			+ SSL3_RT_MAX_ENCRYPTED_OVERHEAD
-			+ headerlen + align;
-		if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-			{
-			s->s3->init_extra = 1;
-			len += SSL3_RT_MAX_EXTRA;
-			}
-#ifndef OPENSSL_NO_COMP
-		if (!(s->options & SSL_OP_NO_COMPRESSION))
-			len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
-#endif
-		if ((p=freelist_extract(s->ctx, 1, len)) == NULL)
-			goto err;
-		s->s3->rbuf.buf = p;
-		s->s3->rbuf.len = len;
-		}
-
-	s->packet= &(s->s3->rbuf.buf[0]);
-	return 1;
-
-err:
-	SSLerr(SSL_F_SSL3_SETUP_READ_BUFFER,ERR_R_MALLOC_FAILURE);
-	return 0;
-	}
-
-int ssl3_setup_write_buffer(SSL *s)
-	{
-	unsigned char *p;
-	size_t len,align=0,headerlen;
-
-	if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
-		headerlen = DTLS1_RT_HEADER_LENGTH + 1;
-	else
-		headerlen = SSL3_RT_HEADER_LENGTH;
-
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-	align = (-SSL3_RT_HEADER_LENGTH)&(SSL3_ALIGN_PAYLOAD-1);
-#endif
-
-	if (s->s3->wbuf.buf == NULL)
-		{
-		len = s->max_send_fragment
-			+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
-			+ headerlen + align;
-#ifndef OPENSSL_NO_COMP
-		if (!(s->options & SSL_OP_NO_COMPRESSION))
-			len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
-#endif
-		if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
-			len += headerlen + align
-				+ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
-
-		if ((p=freelist_extract(s->ctx, 0, len)) == NULL)
-			goto err;
-		s->s3->wbuf.buf = p;
-		s->s3->wbuf.len = len;
-		}
-
-	return 1;
-
-err:
-	SSLerr(SSL_F_SSL3_SETUP_WRITE_BUFFER,ERR_R_MALLOC_FAILURE);
-	return 0;
-	}
-
-
-int ssl3_setup_buffers(SSL *s)
-	{
-	if (!ssl3_setup_read_buffer(s))
-		return 0;
-	if (!ssl3_setup_write_buffer(s))
-		return 0;
-	return 1;
-	}
-
-int ssl3_release_write_buffer(SSL *s)
-	{
-	if (s->s3->wbuf.buf != NULL)
-		{
-		freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
-		s->s3->wbuf.buf = NULL;
-		}
-	return 1;
-	}
-
-int ssl3_release_read_buffer(SSL *s)
-	{
-	if (s->s3->rbuf.buf != NULL)
-		{
-		freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
-		s->s3->rbuf.buf = NULL;
-		}
-	return 1;
-	}
-
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
deleted file mode 100644
index 11f13adbf7..0000000000
--- a/ssl/s3_cbc.c
+++ /dev/null
@@ -1,755 +0,0 @@
-/* ssl/s3_cbc.c */
-/* ====================================================================
- * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "../crypto/constant_time_locl.h"
-#include "ssl_locl.h"
-
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-
-/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length
- * field. (SHA-384/512 have 128-bit length.) */
-#define MAX_HASH_BIT_COUNT_BYTES 16
-
-/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
- * Currently SHA-384/512 has a 128-byte block size and that's the largest
- * supported by TLS.) */
-#define MAX_HASH_BLOCK_SIZE 128
-
-/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
- * record in |rec| by updating |rec->length| in constant time.
- *
- * block_size: the block size of the cipher used to encrypt the record.
- * returns:
- *   0: (in non-constant time) if the record is publicly invalid.
- *   1: if the padding was valid
- *  -1: otherwise. */
-int ssl3_cbc_remove_padding(const SSL* s,
-			    SSL3_RECORD *rec,
-			    unsigned block_size,
-			    unsigned mac_size)
-	{
-	unsigned padding_length, good;
-	const unsigned overhead = 1 /* padding length byte */ + mac_size;
-
-	/* These lengths are all public so we can test them in non-constant
-	 * time. */
-	if (overhead > rec->length)
-		return 0;
-
-	padding_length = rec->data[rec->length-1];
-	good = constant_time_ge(rec->length, padding_length+overhead);
-	/* SSLv3 requires that the padding is minimal. */
-	good &= constant_time_ge(block_size, padding_length+1);
-	padding_length = good & (padding_length+1);
-	rec->length -= padding_length;
-	rec->type |= padding_length<<8;	/* kludge: pass padding length */
-	return constant_time_select_int(good, 1, -1);
-	}
-
-/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
- * record in |rec| in constant time and returns 1 if the padding is valid and
- * -1 otherwise. It also removes any explicit IV from the start of the record
- * without leaking any timing about whether there was enough space after the
- * padding was removed.
- *
- * block_size: the block size of the cipher used to encrypt the record.
- * returns:
- *   0: (in non-constant time) if the record is publicly invalid.
- *   1: if the padding was valid
- *  -1: otherwise. */
-int tls1_cbc_remove_padding(const SSL* s,
-			    SSL3_RECORD *rec,
-			    unsigned block_size,
-			    unsigned mac_size)
-	{
-	unsigned padding_length, good, to_check, i;
-	const unsigned overhead = 1 /* padding length byte */ + mac_size;
-	/* Check if version requires explicit IV */
-	if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
-		{
-		/* These lengths are all public so we can test them in
-		 * non-constant time.
-		 */
-		if (overhead + block_size > rec->length)
-			return 0;
-		/* We can now safely skip explicit IV */
-		rec->data += block_size;
-		rec->input += block_size;
-		rec->length -= block_size;
-		}
-	else if (overhead > rec->length)
-		return 0;
-
-	padding_length = rec->data[rec->length-1];
-
-	/* NB: if compression is in operation the first packet may not be of
-	 * even length so the padding bug check cannot be performed. This bug
-	 * workaround has been around since SSLeay so hopefully it is either
-	 * fixed now or no buggy implementation supports compression [steve]
-	 */
-	if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand)
-		{
-		/* First packet is even in size, so check */
-		if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) &&
-		    !(padding_length & 1))
-			{
-			s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
-			}
-		if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
-		    padding_length > 0)
-			{
-			padding_length--;
-			}
-		}
-
-	if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
-		{
-		/* padding is already verified */
-		rec->length -= padding_length + 1;
-		return 1;
-		}
-
-	good = constant_time_ge(rec->length, overhead+padding_length);
-	/* The padding consists of a length byte at the end of the record and
-	 * then that many bytes of padding, all with the same value as the
-	 * length byte. Thus, with the length byte included, there are i+1
-	 * bytes of padding.
-	 *
-	 * We can't check just |padding_length+1| bytes because that leaks
-	 * decrypted information. Therefore we always have to check the maximum
-	 * amount of padding possible. (Again, the length of the record is
-	 * public information so we can use it.) */
-	to_check = 255; /* maximum amount of padding. */
-	if (to_check > rec->length-1)
-		to_check = rec->length-1;
-
-	for (i = 0; i < to_check; i++)
-		{
-		unsigned char mask = constant_time_ge_8(padding_length, i);
-		unsigned char b = rec->data[rec->length-1-i];
-		/* The final |padding_length+1| bytes should all have the value
-		 * |padding_length|. Therefore the XOR should be zero. */
-		good &= ~(mask&(padding_length ^ b));
-		}
-
-	/* If any of the final |padding_length+1| bytes had the wrong value,
-	 * one or more of the lower eight bits of |good| will be cleared.
-	 */
-	good = constant_time_eq(0xff, good & 0xff);
-	padding_length = good & (padding_length+1);
-	rec->length -= padding_length;
-	rec->type |= padding_length<<8;	/* kludge: pass padding length */
-
-	return constant_time_select_int(good, 1, -1);
-	}
-
-/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
- * constant time (independent of the concrete value of rec->length, which may
- * vary within a 256-byte window).
- *
- * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
- * this function.
- *
- * On entry:
- *   rec->orig_len >= md_size
- *   md_size <= EVP_MAX_MD_SIZE
- *
- * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
- * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
- * a single or pair of cache-lines, then the variable memory accesses don't
- * actually affect the timing. CPUs with smaller cache-lines [if any] are
- * not multi-core and are not considered vulnerable to cache-timing attacks.
- */
-#define CBC_MAC_ROTATE_IN_PLACE
-
-void ssl3_cbc_copy_mac(unsigned char* out,
-		       const SSL3_RECORD *rec,
-		       unsigned md_size,unsigned orig_len)
-	{
-#if defined(CBC_MAC_ROTATE_IN_PLACE)
-	unsigned char rotated_mac_buf[64+EVP_MAX_MD_SIZE];
-	unsigned char *rotated_mac;
-#else
-	unsigned char rotated_mac[EVP_MAX_MD_SIZE];
-#endif
-
-	/* mac_end is the index of |rec->data| just after the end of the MAC. */
-	unsigned mac_end = rec->length;
-	unsigned mac_start = mac_end - md_size;
-	/* scan_start contains the number of bytes that we can ignore because
-	 * the MAC's position can only vary by 255 bytes. */
-	unsigned scan_start = 0;
-	unsigned i, j;
-	unsigned div_spoiler;
-	unsigned rotate_offset;
-
-	OPENSSL_assert(orig_len >= md_size);
-	OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
-
-#if defined(CBC_MAC_ROTATE_IN_PLACE)
-	rotated_mac = rotated_mac_buf + ((0-(size_t)rotated_mac_buf)&63);
-#endif
-
-	/* This information is public so it's safe to branch based on it. */
-	if (orig_len > md_size + 255 + 1)
-		scan_start = orig_len - (md_size + 255 + 1);
-	/* div_spoiler contains a multiple of md_size that is used to cause the
-	 * modulo operation to be constant time. Without this, the time varies
-	 * based on the amount of padding when running on Intel chips at least.
-	 *
-	 * The aim of right-shifting md_size is so that the compiler doesn't
-	 * figure out that it can remove div_spoiler as that would require it
-	 * to prove that md_size is always even, which I hope is beyond it. */
-	div_spoiler = md_size >> 1;
-	div_spoiler <<= (sizeof(div_spoiler)-1)*8;
-	rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
-
-	memset(rotated_mac, 0, md_size);
-	for (i = scan_start, j = 0; i < orig_len; i++)
-		{
-		unsigned char mac_started = constant_time_ge_8(i, mac_start);
-		unsigned char mac_ended = constant_time_ge_8(i, mac_end);
-		unsigned char b = rec->data[i];
-		rotated_mac[j++] |= b & mac_started & ~mac_ended;
-		j &= constant_time_lt(j,md_size);
-		}
-
-	/* Now rotate the MAC */
-#if defined(CBC_MAC_ROTATE_IN_PLACE)
-	j = 0;
-	for (i = 0; i < md_size; i++)
-		{
-		/* in case cache-line is 32 bytes, touch second line */
-		((volatile unsigned char *)rotated_mac)[rotate_offset^32];
-		out[j++] = rotated_mac[rotate_offset++];
-		rotate_offset &= constant_time_lt(rotate_offset,md_size);
-		}
-#else
-	memset(out, 0, md_size);
-	rotate_offset = md_size - rotate_offset;
-	rotate_offset &= constant_time_lt(rotate_offset,md_size);
-	for (i = 0; i < md_size; i++)
-		{
-		for (j = 0; j < md_size; j++)
-			out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
-		rotate_offset++;
-		rotate_offset &= constant_time_lt(rotate_offset,md_size);
-		}
-#endif
-	}
-
-/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
- * little-endian order. The value of p is advanced by four. */
-#define u32toLE(n, p) \
-	(*((p)++)=(unsigned char)(n), \
-	 *((p)++)=(unsigned char)(n>>8), \
-	 *((p)++)=(unsigned char)(n>>16), \
-	 *((p)++)=(unsigned char)(n>>24))
-
-/* These functions serialize the state of a hash and thus perform the standard
- * "final" operation without adding the padding and length that such a function
- * typically does. */
-static void tls1_md5_final_raw(void* ctx, unsigned char *md_out)
-	{
-	MD5_CTX *md5 = ctx;
-	u32toLE(md5->A, md_out);
-	u32toLE(md5->B, md_out);
-	u32toLE(md5->C, md_out);
-	u32toLE(md5->D, md_out);
-	}
-
-static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
-	{
-	SHA_CTX *sha1 = ctx;
-	l2n(sha1->h0, md_out);
-	l2n(sha1->h1, md_out);
-	l2n(sha1->h2, md_out);
-	l2n(sha1->h3, md_out);
-	l2n(sha1->h4, md_out);
-	}
-#define LARGEST_DIGEST_CTX SHA_CTX
-
-#ifndef OPENSSL_NO_SHA256
-static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
-	{
-	SHA256_CTX *sha256 = ctx;
-	unsigned i;
-
-	for (i = 0; i < 8; i++)
-		{
-		l2n(sha256->h[i], md_out);
-		}
-	}
-#undef  LARGEST_DIGEST_CTX
-#define LARGEST_DIGEST_CTX SHA256_CTX
-#endif
-
-#ifndef OPENSSL_NO_SHA512
-static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
-	{
-	SHA512_CTX *sha512 = ctx;
-	unsigned i;
-
-	for (i = 0; i < 8; i++)
-		{
-		l2n8(sha512->h[i], md_out);
-		}
-	}
-#undef  LARGEST_DIGEST_CTX
-#define LARGEST_DIGEST_CTX SHA512_CTX
-#endif
-
-/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
- * which ssl3_cbc_digest_record supports. */
-char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
-	{
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode())
-		return 0;
-#endif
-	switch (EVP_MD_CTX_type(ctx))
-		{
-		case NID_md5:
-		case NID_sha1:
-#ifndef OPENSSL_NO_SHA256
-		case NID_sha224:
-		case NID_sha256:
-#endif
-#ifndef OPENSSL_NO_SHA512
-		case NID_sha384:
-		case NID_sha512:
-#endif
-			return 1;
-		default:
-			return 0;
-		}
-	}
-
-/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
- * record.
- *
- *   ctx: the EVP_MD_CTX from which we take the hash function.
- *     ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
- *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
- *   md_out_size: if non-NULL, the number of output bytes is written here.
- *   header: the 13-byte, TLS record header.
- *   data: the record data itself, less any preceeding explicit IV.
- *   data_plus_mac_size: the secret, reported length of the data and MAC
- *     once the padding has been removed.
- *   data_plus_mac_plus_padding_size: the public length of the whole
- *     record, including padding.
- *   is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
- *
- * On entry: by virtue of having been through one of the remove_padding
- * functions, above, we know that data_plus_mac_size is large enough to contain
- * a padding byte and MAC. (If the padding was invalid, it might contain the
- * padding too. ) */
-void ssl3_cbc_digest_record(
-	const EVP_MD_CTX *ctx,
-	unsigned char* md_out,
-	size_t* md_out_size,
-	const unsigned char header[13],
-	const unsigned char *data,
-	size_t data_plus_mac_size,
-	size_t data_plus_mac_plus_padding_size,
-	const unsigned char *mac_secret,
-	unsigned mac_secret_length,
-	char is_sslv3)
-	{
-	union {	double align;
-		unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state;
-	void (*md_final_raw)(void *ctx, unsigned char *md_out);
-	void (*md_transform)(void *ctx, const unsigned char *block);
-	unsigned md_size, md_block_size = 64;
-	unsigned sslv3_pad_length = 40, header_length, variance_blocks,
-		 len, max_mac_bytes, num_blocks,
-		 num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
-	unsigned int bits;	/* at most 18 bits */
-	unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
-	/* hmac_pad is the masked HMAC key. */
-	unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
-	unsigned char first_block[MAX_HASH_BLOCK_SIZE];
-	unsigned char mac_out[EVP_MAX_MD_SIZE];
-	unsigned i, j, md_out_size_u;
-	EVP_MD_CTX md_ctx;
-	/* mdLengthSize is the number of bytes in the length field that terminates
-	* the hash. */
-	unsigned md_length_size = 8;
-	char length_is_big_endian = 1;
-
-	/* This is a, hopefully redundant, check that allows us to forget about
-	 * many possible overflows later in this function. */
-	OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
-
-	switch (EVP_MD_CTX_type(ctx))
-		{
-		case NID_md5:
-			MD5_Init((MD5_CTX*)md_state.c);
-			md_final_raw = tls1_md5_final_raw;
-			md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
-			md_size = 16;
-			sslv3_pad_length = 48;
-			length_is_big_endian = 0;
-			break;
-		case NID_sha1:
-			SHA1_Init((SHA_CTX*)md_state.c);
-			md_final_raw = tls1_sha1_final_raw;
-			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
-			md_size = 20;
-			break;
-#ifndef OPENSSL_NO_SHA256
-		case NID_sha224:
-			SHA224_Init((SHA256_CTX*)md_state.c);
-			md_final_raw = tls1_sha256_final_raw;
-			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
-			md_size = 224/8;
-			break;
-		case NID_sha256:
-			SHA256_Init((SHA256_CTX*)md_state.c);
-			md_final_raw = tls1_sha256_final_raw;
-			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
-			md_size = 32;
-			break;
-#endif
-#ifndef OPENSSL_NO_SHA512
-		case NID_sha384:
-			SHA384_Init((SHA512_CTX*)md_state.c);
-			md_final_raw = tls1_sha512_final_raw;
-			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
-			md_size = 384/8;
-			md_block_size = 128;
-			md_length_size = 16;
-			break;
-		case NID_sha512:
-			SHA512_Init((SHA512_CTX*)md_state.c);
-			md_final_raw = tls1_sha512_final_raw;
-			md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
-			md_size = 64;
-			md_block_size = 128;
-			md_length_size = 16;
-			break;
-#endif
-		default:
-			/* ssl3_cbc_record_digest_supported should have been
-			 * called first to check that the hash function is
-			 * supported. */
-			OPENSSL_assert(0);
-			if (md_out_size)
-				*md_out_size = -1;
-			return;
-		}
-
-	OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
-	OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
-	OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
-
-	header_length = 13;
-	if (is_sslv3)
-		{
-		header_length =
-			mac_secret_length +
-			sslv3_pad_length +
-			8 /* sequence number */ +
-			1 /* record type */ +
-			2 /* record length */;
-		}
-
-	/* variance_blocks is the number of blocks of the hash that we have to
-	 * calculate in constant time because they could be altered by the
-	 * padding value.
-	 *
-	 * In SSLv3, the padding must be minimal so the end of the plaintext
-	 * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that
-	 * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash
-	 * termination (0x80 + 64-bit length) don't fit in the final block, we
-	 * say that the final two blocks can vary based on the padding.
-	 *
-	 * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
-	 * required to be minimal. Therefore we say that the final six blocks
-	 * can vary based on the padding.
-	 *
-	 * Later in the function, if the message is short and there obviously
-	 * cannot be this many blocks then variance_blocks can be reduced. */
-	variance_blocks = is_sslv3 ? 2 : 6;
-	/* From now on we're dealing with the MAC, which conceptually has 13
-	 * bytes of `header' before the start of the data (TLS) or 71/75 bytes
-	 * (SSLv3) */
-	len = data_plus_mac_plus_padding_size + header_length;
-	/* max_mac_bytes contains the maximum bytes of bytes in the MAC, including
-	* |header|, assuming that there's no padding. */
-	max_mac_bytes = len - md_size - 1;
-	/* num_blocks is the maximum number of hash blocks. */
-	num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
-	/* In order to calculate the MAC in constant time we have to handle
-	 * the final blocks specially because the padding value could cause the
-	 * end to appear somewhere in the final |variance_blocks| blocks and we
-	 * can't leak where. However, |num_starting_blocks| worth of data can
-	 * be hashed right away because no padding value can affect whether
-	 * they are plaintext. */
-	num_starting_blocks = 0;
-	/* k is the starting byte offset into the conceptual header||data where
-	 * we start processing. */
-	k = 0;
-	/* mac_end_offset is the index just past the end of the data to be
-	 * MACed. */
-	mac_end_offset = data_plus_mac_size + header_length - md_size;
-	/* c is the index of the 0x80 byte in the final hash block that
-	 * contains application data. */
-	c = mac_end_offset % md_block_size;
-	/* index_a is the hash block number that contains the 0x80 terminating
-	 * value. */
-	index_a = mac_end_offset / md_block_size;
-	/* index_b is the hash block number that contains the 64-bit hash
-	 * length, in bits. */
-	index_b = (mac_end_offset + md_length_size) / md_block_size;
-	/* bits is the hash-length in bits. It includes the additional hash
-	 * block for the masked HMAC key, or whole of |header| in the case of
-	 * SSLv3. */
-
-	/* For SSLv3, if we're going to have any starting blocks then we need
-	 * at least two because the header is larger than a single block. */
-	if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0))
-		{
-		num_starting_blocks = num_blocks - variance_blocks;
-		k = md_block_size*num_starting_blocks;
-		}
-
-	bits = 8*mac_end_offset;
-	if (!is_sslv3)
-		{
-		/* Compute the initial HMAC block. For SSLv3, the padding and
-		 * secret bytes are included in |header| because they take more
-		 * than a single block. */
-		bits += 8*md_block_size;
-		memset(hmac_pad, 0, md_block_size);
-		OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
-		memcpy(hmac_pad, mac_secret, mac_secret_length);
-		for (i = 0; i < md_block_size; i++)
-			hmac_pad[i] ^= 0x36;
-
-		md_transform(md_state.c, hmac_pad);
-		}
-
-	if (length_is_big_endian)
-		{
-		memset(length_bytes,0,md_length_size-4);
-		length_bytes[md_length_size-4] = (unsigned char)(bits>>24);
-		length_bytes[md_length_size-3] = (unsigned char)(bits>>16);
-		length_bytes[md_length_size-2] = (unsigned char)(bits>>8);
-		length_bytes[md_length_size-1] = (unsigned char)bits;
-		}
-	else
-		{
-		memset(length_bytes,0,md_length_size);
-		length_bytes[md_length_size-5] = (unsigned char)(bits>>24);
-		length_bytes[md_length_size-6] = (unsigned char)(bits>>16);
-		length_bytes[md_length_size-7] = (unsigned char)(bits>>8);
-		length_bytes[md_length_size-8] = (unsigned char)bits;
-		}
-
-	if (k > 0)
-		{
-		if (is_sslv3)
-			{
-			/* The SSLv3 header is larger than a single block.
-			 * overhang is the number of bytes beyond a single
-			 * block that the header consumes: either 7 bytes
-			 * (SHA1) or 11 bytes (MD5). */
-			unsigned overhang = header_length-md_block_size;
-			md_transform(md_state.c, header);
-			memcpy(first_block, header + md_block_size, overhang);
-			memcpy(first_block + overhang, data, md_block_size-overhang);
-			md_transform(md_state.c, first_block);
-			for (i = 1; i < k/md_block_size - 1; i++)
-				md_transform(md_state.c, data + md_block_size*i - overhang);
-			}
-		else
-			{
-			/* k is a multiple of md_block_size. */
-			memcpy(first_block, header, 13);
-			memcpy(first_block+13, data, md_block_size-13);
-			md_transform(md_state.c, first_block);
-			for (i = 1; i < k/md_block_size; i++)
-				md_transform(md_state.c, data + md_block_size*i - 13);
-			}
-		}
-
-	memset(mac_out, 0, sizeof(mac_out));
-
-	/* We now process the final hash blocks. For each block, we construct
-	 * it in constant time. If the |i==index_a| then we'll include the 0x80
-	 * bytes and zero pad etc. For each block we selectively copy it, in
-	 * constant time, to |mac_out|. */
-	for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++)
-		{
-		unsigned char block[MAX_HASH_BLOCK_SIZE];
-		unsigned char is_block_a = constant_time_eq_8(i, index_a);
-		unsigned char is_block_b = constant_time_eq_8(i, index_b);
-		for (j = 0; j < md_block_size; j++)
-			{
-			unsigned char b = 0, is_past_c, is_past_cp1;
-			if (k < header_length)
-				b = header[k];
-			else if (k < data_plus_mac_plus_padding_size + header_length)
-				b = data[k-header_length];
-			k++;
-
-			is_past_c = is_block_a & constant_time_ge_8(j, c);
-			is_past_cp1 = is_block_a & constant_time_ge_8(j, c+1);
-			/* If this is the block containing the end of the
-			 * application data, and we are at the offset for the
-			 * 0x80 value, then overwrite b with 0x80. */
-                        b =  constant_time_select_8(is_past_c, 0x80, b);
-			/* If this the the block containing the end of the
-			 * application data and we're past the 0x80 value then
-			 * just write zero. */
-			b = b&~is_past_cp1;
-			/* If this is index_b (the final block), but not
-			 * index_a (the end of the data), then the 64-bit
-			 * length didn't fit into index_a and we're having to
-			 * add an extra block of zeros. */
-			b &= ~is_block_b | is_block_a;
-
-			/* The final bytes of one of the blocks contains the
-			 * length. */
-			if (j >= md_block_size - md_length_size)
-				{
-				/* If this is index_b, write a length byte. */
-				b = constant_time_select_8(
-					is_block_b, length_bytes[j-(md_block_size-md_length_size)], b);
-				}
-			block[j] = b;
-			}
-
-		md_transform(md_state.c, block);
-		md_final_raw(md_state.c, block);
-		/* If this is index_b, copy the hash value to |mac_out|. */
-		for (j = 0; j < md_size; j++)
-			mac_out[j] |= block[j]&is_block_b;
-		}
-
-	EVP_MD_CTX_init(&md_ctx);
-	EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */);
-	if (is_sslv3)
-		{
-		/* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
-		memset(hmac_pad, 0x5c, sslv3_pad_length);
-
-		EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
-		EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
-		EVP_DigestUpdate(&md_ctx, mac_out, md_size);
-		}
-	else
-		{
-		/* Complete the HMAC in the standard manner. */
-		for (i = 0; i < md_block_size; i++)
-			hmac_pad[i] ^= 0x6a;
-
-		EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
-		EVP_DigestUpdate(&md_ctx, mac_out, md_size);
-		}
-	EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
-	if (md_out_size)
-		*md_out_size = md_out_size_u;
-	EVP_MD_CTX_cleanup(&md_ctx);
-	}
-
-#ifdef OPENSSL_FIPS
-
-/* Due to the need to use EVP in FIPS mode we can't reimplement digests but
- * we can ensure the number of blocks processed is equal for all cases
- * by digesting additional data.
- */
-
-void tls_fips_digest_extra(
-	const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
-	const unsigned char *data, size_t data_len, size_t orig_len)
-	{
-	size_t block_size, digest_pad, blocks_data, blocks_orig;
-	if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
-		return;
-	block_size = EVP_MD_CTX_block_size(mac_ctx);
-	/* We are in FIPS mode if we get this far so we know we have only SHA*
-	 * digests and TLS to deal with.
-	 * Minimum digest padding length is 17 for SHA384/SHA512 and 9
-	 * otherwise.
-	 * Additional header is 13 bytes. To get the number of digest blocks
-	 * processed round up the amount of data plus padding to the nearest
-	 * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
-	 * So we have:
-	 * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
-	 * equivalently:
-	 * blocks = (payload_len + digest_pad + 12)/block_size + 1
-	 * HMAC adds a constant overhead.
-	 * We're ultimately only interested in differences so this becomes
-	 * blocks = (payload_len + 29)/128
-	 * for SHA384/SHA512 and
-	 * blocks = (payload_len + 21)/64
-	 * otherwise.
-	 */
-	digest_pad = block_size == 64 ? 21 : 29;
-	blocks_orig = (orig_len + digest_pad)/block_size;
-	blocks_data = (data_len + digest_pad)/block_size;
-	/* MAC enough blocks to make up the difference between the original
-	 * and actual lengths plus one extra block to ensure this is never a
-	 * no op. The "data" pointer should always have enough space to
-	 * perform this operation as it is large enough for a maximum
-	 * length TLS buffer. 
-	 */
-	EVP_DigestSignUpdate(mac_ctx, data,
-				(blocks_orig - blocks_data + 1) * block_size);
-	}
-#endif
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
deleted file mode 100644
index f06c71603a..0000000000
--- a/ssl/s3_clnt.c
+++ /dev/null
@@ -1,3773 +0,0 @@
-/* ssl/s3_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-static const SSL_METHOD *ssl3_get_client_method(int ver)
-	{
-	if (ver == SSL3_VERSION)
-		return(SSLv3_client_method());
-	else
-		return(NULL);
-	}
-
-IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
-			ssl_undefined_function,
-			ssl3_connect,
-			ssl3_get_client_method)
-#endif
-
-int ssl3_connect(SSL *s)
-	{
-	BUF_MEM *buf=NULL;
-	unsigned long Time=(unsigned long)time(NULL);
-	void (*cb)(const SSL *ssl,int type,int val)=NULL;
-	int ret= -1;
-	int new_state,state,skip=0;
-
-	RAND_add(&Time,sizeof(Time),0);
-	ERR_clear_error();
-	clear_sys_error();
-
-	if (s->info_callback != NULL)
-		cb=s->info_callback;
-	else if (s->ctx->info_callback != NULL)
-		cb=s->ctx->info_callback;
-	
-	s->in_handshake++;
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
-
-#ifndef OPENSSL_NO_HEARTBEATS
-	/* If we're awaiting a HeartbeatResponse, pretend we
-	 * already got and don't await it anymore, because
-	 * Heartbeats don't make sense during handshakes anyway.
-	 */
-	if (s->tlsext_hb_pending)
-		{
-		s->tlsext_hb_pending = 0;
-		s->tlsext_hb_seq++;
-		}
-#endif
-
-	if (SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
-		{
-		/* Send app data along with CCS/Finished */
-		s->s3->flags |= SSL3_FLAGS_DELAY_CLIENT_FINISHED;
-		}
-
-	for (;;)
-		{
-		state=s->state;
-
-		switch(s->state)
-			{
-		case SSL_ST_RENEGOTIATE:
-			s->renegotiate=1;
-			s->state=SSL_ST_CONNECT;
-			s->ctx->stats.sess_connect_renegotiate++;
-			/* break */
-		case SSL_ST_BEFORE:
-		case SSL_ST_CONNECT:
-		case SSL_ST_BEFORE|SSL_ST_CONNECT:
-		case SSL_ST_OK|SSL_ST_CONNECT:
-
-			s->server=0;
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-			if ((s->version & 0xff00 ) != 0x0300)
-				{
-				SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
-				ret = -1;
-				goto end;
-				}
-				
-			/* s->version=SSL3_VERSION; */
-			s->type=SSL_ST_CONNECT;
-
-			if (s->init_buf == NULL)
-				{
-				if ((buf=BUF_MEM_new()) == NULL)
-					{
-					ret= -1;
-					goto end;
-					}
-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
-					{
-					ret= -1;
-					goto end;
-					}
-				s->init_buf=buf;
-				buf=NULL;
-				}
-
-			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
-			/* setup buffing BIO */
-			if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
-
-			/* don't push the buffering BIO quite yet */
-
-			ssl3_init_finished_mac(s);
-
-			s->state=SSL3_ST_CW_CLNT_HELLO_A;
-			s->ctx->stats.sess_connect++;
-			s->init_num=0;
-			s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-			/* Should have been reset by ssl3_get_finished, too. */
-			s->s3->change_cipher_spec = 0;
-			break;
-
-		case SSL3_ST_CW_CLNT_HELLO_A:
-		case SSL3_ST_CW_CLNT_HELLO_B:
-
-			s->shutdown=0;
-			ret=ssl3_client_hello(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CR_SRVR_HELLO_A;
-			s->init_num=0;
-
-			/* turn on buffering for the next lot of output */
-			if (s->bbio != s->wbio)
-				s->wbio=BIO_push(s->bbio,s->wbio);
-
-			break;
-
-		case SSL3_ST_CR_SRVR_HELLO_A:
-		case SSL3_ST_CR_SRVR_HELLO_B:
-			ret=ssl3_get_server_hello(s);
-			if (ret <= 0) goto end;
-
-			if (s->hit)
-				{
-				s->state=SSL3_ST_CR_FINISHED_A;
-#ifndef OPENSSL_NO_TLSEXT
-				if (s->tlsext_ticket_expected)
-					{
-					/* receive renewed session ticket */
-					s->state=SSL3_ST_CR_SESSION_TICKET_A;
-					}
-#endif
-				}
-			else
-				s->state=SSL3_ST_CR_CERT_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CR_CERT_A:
-		case SSL3_ST_CR_CERT_B:
-			/* Check if it is anon DH/ECDH, SRP auth */
-			/* or non-RSA PSK */
-			if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) &&
-			    !((s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK) &&
-			      !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA)))
-				{
-				ret=ssl3_get_server_certificate(s);
-				if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
-				if (s->tlsext_status_expected)
-					s->state=SSL3_ST_CR_CERT_STATUS_A;
-				else
-					s->state=SSL3_ST_CR_KEY_EXCH_A;
-				}
-			else
-				{
-				skip = 1;
-				s->state=SSL3_ST_CR_KEY_EXCH_A;
-				}
-#else
-				}
-			else
-				skip=1;
-
-			s->state=SSL3_ST_CR_KEY_EXCH_A;
-#endif
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CR_KEY_EXCH_A:
-		case SSL3_ST_CR_KEY_EXCH_B:
-			ret=ssl3_get_key_exchange(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CR_CERT_REQ_A;
-			s->init_num=0;
-
-			/* at this point we check that we have the
-			 * required stuff from the server */
-			if (!ssl3_check_cert_and_algorithm(s))
-				{
-				ret= -1;
-				goto end;
-				}
-			break;
-
-		case SSL3_ST_CR_CERT_REQ_A:
-		case SSL3_ST_CR_CERT_REQ_B:
-			ret=ssl3_get_certificate_request(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CR_SRVR_DONE_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CR_SRVR_DONE_A:
-		case SSL3_ST_CR_SRVR_DONE_B:
-			ret=ssl3_get_server_done(s);
-			if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_SRP
-			if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP)
-				{
-				if ((ret = SRP_Calc_A_param(s))<=0)
-					{
-					SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SRP_A_CALC);
-					ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
-					goto end;
-					}
-				}
-#endif
-			if (s->s3->tmp.cert_req)
-				s->state=SSL3_ST_CW_CERT_A;
-			else
-				s->state=SSL3_ST_CW_KEY_EXCH_A;
-			s->init_num=0;
-
-			break;
-
-		case SSL3_ST_CW_CERT_A:
-		case SSL3_ST_CW_CERT_B:
-		case SSL3_ST_CW_CERT_C:
-		case SSL3_ST_CW_CERT_D:
-			ret=ssl3_send_client_certificate(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CW_KEY_EXCH_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CW_KEY_EXCH_A:
-		case SSL3_ST_CW_KEY_EXCH_B:
-			ret=ssl3_send_client_key_exchange(s);
-			if (ret <= 0) goto end;
-			/* EAY EAY EAY need to check for DH fix cert
-			 * sent back */
-			/* For TLS, cert_req is set to 2, so a cert chain
-			 * of nothing is sent, but no verify packet is sent */
-			/* XXX: For now, we do not support client 
-			 * authentication in ECDH cipher suites with
-			 * ECDH (rather than ECDSA) certificates.
-			 * We need to skip the certificate verify 
-			 * message when client's ECDH public key is sent 
-			 * inside the client certificate.
-			 */
-			if (s->s3->tmp.cert_req == 1)
-				{
-				s->state=SSL3_ST_CW_CERT_VRFY_A;
-				}
-			else
-				{
-				s->state=SSL3_ST_CW_CHANGE_A;
-				}
-			if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
-				{
-				s->state=SSL3_ST_CW_CHANGE_A;
-				}
-
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CW_CERT_VRFY_A:
-		case SSL3_ST_CW_CERT_VRFY_B:
-			ret=ssl3_send_client_verify(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CW_CHANGE_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CW_CHANGE_A:
-		case SSL3_ST_CW_CHANGE_B:
-			ret=ssl3_send_change_cipher_spec(s,
-				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
-			if (ret <= 0) goto end;
-
-			s->state=SSL3_ST_CW_FINISHED_A;
-#if !defined(OPENSSL_NO_TLSEXT)
-			if (s->s3->tlsext_channel_id_valid)
-				s->state=SSL3_ST_CW_CHANNEL_ID_A;
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
-			if (s->s3->next_proto_neg_seen)
-				s->state=SSL3_ST_CW_NEXT_PROTO_A;
-# endif
-#endif
-			s->init_num=0;
-
-			s->session->cipher=s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
-			s->session->compress_meth=0;
-#else
-			if (s->s3->tmp.new_compression == NULL)
-				s->session->compress_meth=0;
-			else
-				s->session->compress_meth=
-					s->s3->tmp.new_compression->id;
-#endif
-			if (!s->method->ssl3_enc->setup_key_block(s))
-				{
-				ret= -1;
-				goto end;
-				}
-
-			if (!s->method->ssl3_enc->change_cipher_state(s,
-				SSL3_CHANGE_CIPHER_CLIENT_WRITE))
-				{
-				ret= -1;
-				goto end;
-				}
-
-			break;
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-		case SSL3_ST_CW_NEXT_PROTO_A:
-		case SSL3_ST_CW_NEXT_PROTO_B:
-			ret=ssl3_send_next_proto(s);
-			if (ret <= 0) goto end;
-			if (s->s3->tlsext_channel_id_valid)
-				s->state=SSL3_ST_CW_CHANNEL_ID_A;
-			else
-				s->state=SSL3_ST_CW_FINISHED_A;
-			break;
-#endif
-
-#if !defined(OPENSSL_NO_TLSEXT)
-		case SSL3_ST_CW_CHANNEL_ID_A:
-		case SSL3_ST_CW_CHANNEL_ID_B:
-			ret=ssl3_send_channel_id(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CW_FINISHED_A;
-			break;
-#endif
-
-		case SSL3_ST_CW_FINISHED_A:
-		case SSL3_ST_CW_FINISHED_B:
-			ret=ssl3_send_finished(s,
-				SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
-				s->method->ssl3_enc->client_finished_label,
-				s->method->ssl3_enc->client_finished_label_len);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CW_FLUSH;
-
-			/* clear flags */
-			s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
-			if (s->hit)
-				{
-				s->s3->tmp.next_state=SSL_ST_OK;
-				if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
-					{
-					s->state=SSL_ST_OK;
-					s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
-					s->s3->delay_buf_pop_ret=0;
-					}
-				}
-			else
-				{
-				/* This is a non-resumption handshake. If it
-				 * involves ChannelID, then record the
-				 * handshake hashes at this point in the
-				 * session so that any resumption of this
-				 * session with ChannelID can sign those
-				 * hashes. */
-				if (s->s3->tlsext_channel_id_new)
-					{
-					ret = tls1_record_handshake_hashes_for_channel_id(s);
-					if (ret <= 0)
-						goto end;
-					}
-				if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
-				    && ssl3_can_cutthrough(s)
-				    && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */
-				   )
-					{
-					if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
-						{
-						s->state=SSL3_ST_CUTTHROUGH_COMPLETE;
-						s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
-						s->s3->delay_buf_pop_ret=0;
-						}
-					else
-						{
-						s->s3->tmp.next_state=SSL3_ST_CUTTHROUGH_COMPLETE;
-						}
-					}
-				else
-					{
-#ifndef OPENSSL_NO_TLSEXT
-					/* Allow NewSessionTicket if ticket expected */
-					if (s->tlsext_ticket_expected)
-						s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
-					else
-#endif
-						s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
-					}
-				}
-			s->init_num=0;
-			break;
-
-#ifndef OPENSSL_NO_TLSEXT
-		case SSL3_ST_CR_SESSION_TICKET_A:
-		case SSL3_ST_CR_SESSION_TICKET_B:
-			ret=ssl3_get_new_session_ticket(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CR_FINISHED_A;
-			s->init_num=0;
-		break;
-
-		case SSL3_ST_CR_CERT_STATUS_A:
-		case SSL3_ST_CR_CERT_STATUS_B:
-			ret=ssl3_get_cert_status(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_CR_KEY_EXCH_A;
-			s->init_num=0;
-		break;
-#endif
-
-		case SSL3_ST_CR_FINISHED_A:
-		case SSL3_ST_CR_FINISHED_B:
-			s->s3->flags |= SSL3_FLAGS_CCS_OK;
-			ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
-				SSL3_ST_CR_FINISHED_B);
-			if (ret <= 0) goto end;
-
-			if (s->hit)
-				s->state=SSL3_ST_CW_CHANGE_A;
-			else
-				s->state=SSL_ST_OK;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_CW_FLUSH:
-			s->rwstate=SSL_WRITING;
-			if (BIO_flush(s->wbio) <= 0)
-				{
-				ret= -1;
-				goto end;
-				}
-			s->rwstate=SSL_NOTHING;
-			s->state=s->s3->tmp.next_state;
-			break;
-
-		case SSL3_ST_CUTTHROUGH_COMPLETE:
-#ifndef OPENSSL_NO_TLSEXT
-			/* Allow NewSessionTicket if ticket expected */
-			if (s->tlsext_ticket_expected)
-				s->state=SSL3_ST_CR_SESSION_TICKET_A;
-			else
-#endif
-				s->state=SSL3_ST_CR_FINISHED_A;
-
-			/* SSL_write() will take care of flushing buffered data if
-			 * DELAY_CLIENT_FINISHED is set.
-			 */
-			if (!(s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED))
-				ssl_free_wbio_buffer(s);
-			ret = 1;
-			goto end;
-			/* break; */
-
-		case SSL_ST_OK:
-			/* clean a few things up */
-			ssl3_cleanup_key_block(s);
-
-			if (s->init_buf != NULL)
-				{
-				BUF_MEM_free(s->init_buf);
-				s->init_buf=NULL;
-				}
-
-			/* If we are not 'joining' the last two packets,
-			 * remove the buffering now */
-			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
-				ssl_free_wbio_buffer(s);
-			/* else do it later in ssl3_write */
-
-			s->init_num=0;
-			s->renegotiate=0;
-			s->new_session=0;
-
-			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
-			if (s->hit) s->ctx->stats.sess_hit++;
-
-			ret=1;
-			/* s->server=0; */
-			s->handshake_func=ssl3_connect;
-			s->ctx->stats.sess_connect_good++;
-
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
-			goto end;
-			/* break; */
-			
-		default:
-			SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
-			ret= -1;
-			goto end;
-			/* break; */
-			}
-
-		/* did we do anything */
-		if (!s->s3->tmp.reuse_message && !skip)
-			{
-			if (s->debug)
-				{
-				if ((ret=BIO_flush(s->wbio)) <= 0)
-					goto end;
-				}
-
-			if ((cb != NULL) && (s->state != state))
-				{
-				new_state=s->state;
-				s->state=state;
-				cb(s,SSL_CB_CONNECT_LOOP,1);
-				s->state=new_state;
-				}
-			}
-		skip=0;
-		}
-end:
-	s->in_handshake--;
-	if (buf != NULL)
-		BUF_MEM_free(buf);
-	if (cb != NULL)
-		cb(s,SSL_CB_CONNECT_EXIT,ret);
-	return(ret);
-	}
-
-
-int ssl3_client_hello(SSL *s)
-	{
-	unsigned char *buf;
-	unsigned char *p,*d;
-	int i;
-	unsigned long l;
-#ifndef OPENSSL_NO_COMP
-	int j;
-	SSL_COMP *comp;
-#endif
-
-	buf=(unsigned char *)s->init_buf->data;
-	if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
-		{
-		SSL_SESSION *sess = s->session;
-		if ((sess == NULL) ||
-			(sess->ssl_version != s->version) ||
-			!sess->session_id_length ||
-			(sess->not_resumable))
-			{
-		        if (!s->session_creation_enabled)
-				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-				SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-				goto err;
-				}
-			if (!ssl_get_new_session(s,0))
-				goto err;
-			}
-		/* else use the pre-loaded session */
-
-		p=s->s3->client_random;
-
-		if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
-			goto err;
-
-		/* Do the message type and length last */
-		d=p= &(buf[4]);
-
-		/* version indicates the negotiated version: for example from
-		 * an SSLv2/v3 compatible client hello). The client_version
-		 * field is the maximum version we permit and it is also
-		 * used in RSA encrypted premaster secrets. Some servers can
-		 * choke if we initially report a higher version then
-		 * renegotiate to a lower one in the premaster secret. This
-		 * didn't happen with TLS 1.0 as most servers supported it
-		 * but it can with TLS 1.1 or later if the server only supports
-		 * 1.0.
-		 *
-		 * Possible scenario with previous logic:
-		 * 	1. Client hello indicates TLS 1.2
-		 * 	2. Server hello says TLS 1.0
-		 *	3. RSA encrypted premaster secret uses 1.2.
-		 * 	4. Handhaked proceeds using TLS 1.0.
-		 *	5. Server sends hello request to renegotiate.
-		 *	6. Client hello indicates TLS v1.0 as we now
-		 *	   know that is maximum server supports.
-		 *	7. Server chokes on RSA encrypted premaster secret
-		 *	   containing version 1.0.
-		 *
-		 * For interoperability it should be OK to always use the
-		 * maximum version we support in client hello and then rely
-		 * on the checking of version to ensure the servers isn't
-		 * being inconsistent: for example initially negotiating with
-		 * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
-		 * client_version in client hello and not resetting it to
-		 * the negotiated version.
-		 */
-#if 0
-		*(p++)=s->version>>8;
-		*(p++)=s->version&0xff;
-		s->client_version=s->version;
-#else
-		*(p++)=s->client_version>>8;
-		*(p++)=s->client_version&0xff;
-#endif
-
-		/* Random stuff */
-		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
-		p+=SSL3_RANDOM_SIZE;
-
-		/* Session ID */
-		if (s->new_session)
-			i=0;
-		else
-			i=s->session->session_id_length;
-		*(p++)=i;
-		if (i != 0)
-			{
-			if (i > (int)sizeof(s->session->session_id))
-				{
-				SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			memcpy(p,s->session->session_id,i);
-			p+=i;
-			}
-		
-		/* Ciphers supported */
-		i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
-		if (i == 0)
-			{
-			SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
-			goto err;
-			}
-#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
-			/* Some servers hang if client hello > 256 bytes
-			 * as hack workaround chop number of supported ciphers
-			 * to keep it well below this if we use TLS v1.2
-			 */
-			if (TLS1_get_version(s) >= TLS1_2_VERSION
-				&& i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
-				i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
-#endif
-		s2n(i,p);
-		p+=i;
-
-		/* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
-		*(p++)=1;
-#else
-
-		if ((s->options & SSL_OP_NO_COMPRESSION)
-					|| !s->ctx->comp_methods)
-			j=0;
-		else
-			j=sk_SSL_COMP_num(s->ctx->comp_methods);
-		*(p++)=1+j;
-		for (i=0; i<j; i++)
-			{
-			comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
-			*(p++)=comp->id;
-			}
-#endif
-		*(p++)=0; /* Add the NULL method */
-
-#ifndef OPENSSL_NO_TLSEXT
-		/* TLS extensions*/
-		if (ssl_prepare_clienthello_tlsext(s) <= 0)
-			{
-			SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
-			goto err;
-			}
-		if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
-			{
-			SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-#endif
-		
-		l=(p-d);
-		d=buf;
-		*(d++)=SSL3_MT_CLIENT_HELLO;
-		l2n3(l,d);
-
-		s->state=SSL3_ST_CW_CLNT_HELLO_B;
-		/* number of bytes to write */
-		s->init_num=p-buf;
-		s->init_off=0;
-		}
-
-	/* SSL3_ST_CW_CLNT_HELLO_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-	return(-1);
-	}
-
-int ssl3_get_server_hello(SSL *s)
-	{
-	STACK_OF(SSL_CIPHER) *sk;
-	const SSL_CIPHER *c;
-	unsigned char *p,*d;
-	int i,al,ok;
-	unsigned int j;
-	long n;
-#ifndef OPENSSL_NO_COMP
-	SSL_COMP *comp;
-#endif
-
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_CR_SRVR_HELLO_A,
-		SSL3_ST_CR_SRVR_HELLO_B,
-		-1,
-		20000, /* ?? */
-		&ok);
-
-	if (!ok) return((int)n);
-
-	if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
-		{
-		if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
-			{
-			if ( s->d1->send_cookie == 0)
-				{
-				s->s3->tmp.reuse_message = 1;
-				return 1;
-				}
-			else /* already sent a cookie */
-				{
-				al=SSL_AD_UNEXPECTED_MESSAGE;
-				SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
-				goto f_err;
-				}
-			}
-		}
-	
-	if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
-		{
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
-		goto f_err;
-		}
-
-	d=p=(unsigned char *)s->init_msg;
-
-	if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
-		{
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
-		s->version=(s->version&0xff00)|p[1];
-		al=SSL_AD_PROTOCOL_VERSION;
-		goto f_err;
-		}
-	p+=2;
-
-	/* load the server hello data */
-	/* load the server random */
-	memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
-	p+=SSL3_RANDOM_SIZE;
-
-	s->hit = 0;
-
-	/* get the session-id */
-	j= *(p++);
-
-	if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
-		{
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
-		goto f_err;
-		}
-
-#ifndef OPENSSL_NO_TLSEXT
-	/* check if we want to resume the session based on external pre-shared secret */
-	if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
-		{
-		SSL_CIPHER *pref_cipher=NULL;
-		s->session->master_key_length=sizeof(s->session->master_key);
-		if (s->tls_session_secret_cb(s, s->session->master_key,
-					     &s->session->master_key_length,
-					     NULL, &pref_cipher,
-					     s->tls_session_secret_cb_arg))
-			{
-			s->session->cipher = pref_cipher ?
-				pref_cipher : ssl_get_cipher_by_char(s, p+j);
-			s->hit = 1;
-			}
-		}
-#endif /* OPENSSL_NO_TLSEXT */
-
-	if (!s->hit && j != 0 && j == s->session->session_id_length
-	    && memcmp(p,s->session->session_id,j) == 0)
-	    {
-	    if(s->sid_ctx_length != s->session->sid_ctx_length
-	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
-		{
-		/* actually a client application bug */
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-		goto f_err;
-		}
-	    s->hit=1;
-	    }
-	/* a miss or crap from the other end */
-	if (!s->hit)
-		{
-		/* If we were trying for session-id reuse, make a new
-		 * SSL_SESSION so we don't stuff up other people */
-		if (s->session->session_id_length > 0)
-			{
-		        if (!s->session_creation_enabled)
-				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-				SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-				goto err;
-				}
-			if (!ssl_get_new_session(s,0))
-				{
-				al=SSL_AD_INTERNAL_ERROR;
-				goto f_err;
-				}
-			}
-		s->session->session_id_length=j;
-		memcpy(s->session->session_id,p,j); /* j could be 0 */
-		}
-	p+=j;
-	c=ssl_get_cipher_by_char(s,p);
-	if (c == NULL)
-		{
-		/* unknown cipher */
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
-		goto f_err;
-		}
-	/* TLS v1.2 only ciphersuites require v1.2 or later */
-	if ((c->algorithm_ssl & SSL_TLSV1_2) && 
-		(TLS1_get_version(s) < TLS1_2_VERSION))
-		{
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
-		goto f_err;
-		}
-#ifndef OPENSSL_NO_SRP
-	if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
-		    !(s->srp_ctx.srp_Mask & SSL_kSRP))
-		{
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
-		goto f_err;
-		}
-#endif /* OPENSSL_NO_SRP */
-	p+=ssl_put_cipher_by_char(s,NULL,NULL);
-
-	sk=ssl_get_ciphers_by_id(s);
-	i=sk_SSL_CIPHER_find(sk,c);
-	if (i < 0)
-		{
-		/* we did not say we would use this cipher */
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
-		goto f_err;
-		}
-
-	/* Depending on the session caching (internal/external), the cipher
-	   and/or cipher_id values may not be set. Make sure that
-	   cipher_id is set and use it for comparison. */
-	if (s->session->cipher)
-		s->session->cipher_id = s->session->cipher->id;
-	if (s->hit && (s->session->cipher_id != c->id))
-		{
-/* Workaround is now obsolete */
-#if 0
-		if (!(s->options &
-			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
-#endif
-			{
-			al=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
-			goto f_err;
-			}
-		}
-	s->s3->tmp.new_cipher=c;
-	/* Don't digest cached records if TLS v1.2: we may need them for
-	 * client authentication.
-	 */
-	if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s))
-		{
-		al = SSL_AD_INTERNAL_ERROR;
-		goto f_err;
-		}
-	/* lets get the compression algorithm */
-	/* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
-	if (*(p++) != 0)
-		{
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-		goto f_err;
-		}
-	/* If compression is disabled we'd better not try to resume a session
-	 * using compression.
-	 */
-	if (s->session->compress_meth != 0)
-		{
-		al=SSL_AD_INTERNAL_ERROR;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
-		goto f_err;
-		}
-#else
-	j= *(p++);
-	if (s->hit && j != s->session->compress_meth)
-		{
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
-		goto f_err;
-		}
-	if (j == 0)
-		comp=NULL;
-	else if (s->options & SSL_OP_NO_COMPRESSION)
-		{
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_COMPRESSION_DISABLED);
-		goto f_err;
-		}
-	else
-		comp=ssl3_comp_find(s->ctx->comp_methods,j);
-	
-	if ((j != 0) && (comp == NULL))
-		{
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-		goto f_err;
-		}
-	else
-		{
-		s->s3->tmp.new_compression=comp;
-		}
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-	/* TLS extensions*/
-	if (s->version >= SSL3_VERSION)
-		{
-		if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
-			{
-			/* 'al' set by ssl_parse_serverhello_tlsext */
-			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT);
-			goto f_err; 
-			}
-		if (ssl_check_serverhello_tlsext(s) <= 0)
-			{
-			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
-				goto err;
-			}
-		}
-#endif
-
-	if (p != (d+n))
-		{
-		/* wrong packet length */
-		al=SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
-		goto f_err;
-		}
-
-	return(1);
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-	return(-1);
-	}
-
-int ssl3_get_server_certificate(SSL *s)
-	{
-	int al,i,ok,ret= -1;
-	unsigned long n,nc,llen,l;
-	X509 *x=NULL;
-	const unsigned char *q,*p;
-	unsigned char *d;
-	STACK_OF(X509) *sk=NULL;
-	SESS_CERT *sc;
-	EVP_PKEY *pkey=NULL;
-	int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
-
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_CR_CERT_A,
-		SSL3_ST_CR_CERT_B,
-		-1,
-		s->max_cert_list,
-		&ok);
-
-	if (!ok) return((int)n);
-
-	if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
-		((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && 
-		(s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
-		{
-		s->s3->tmp.reuse_message=1;
-		return(1);
-		}
-
-	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
-		{
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
-		goto f_err;
-		}
-	p=d=(unsigned char *)s->init_msg;
-
-	if ((sk=sk_X509_new_null()) == NULL)
-		{
-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	n2l3(p,llen);
-	if (llen+3 != n)
-		{
-		al=SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
-		goto f_err;
-		}
-	for (nc=0; nc<llen; )
-		{
-		n2l3(p,l);
-		if ((l+nc+3) > llen)
-			{
-			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
-			goto f_err;
-			}
-
-		q=p;
-		x=d2i_X509(NULL,&q,l);
-		if (x == NULL)
-			{
-			al=SSL_AD_BAD_CERTIFICATE;
-			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
-			goto f_err;
-			}
-		if (q != (p+l))
-			{
-			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
-			goto f_err;
-			}
-		if (!sk_X509_push(sk,x))
-			{
-			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		x=NULL;
-		nc+=l+3;
-		p=q;
-		}
-
-	i=ssl_verify_cert_chain(s,sk);
-	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
-#ifndef OPENSSL_NO_KRB5
-	    && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
-		 (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
-#endif /* OPENSSL_NO_KRB5 */
-		)
-		{
-		al=ssl_verify_alarm_type(s->verify_result);
-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
-		goto f_err; 
-		}
-	ERR_clear_error(); /* but we keep s->verify_result */
-
-	sc=ssl_sess_cert_new();
-	if (sc == NULL) goto err;
-
-	if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
-	s->session->sess_cert=sc;
-
-	sc->cert_chain=sk;
-	/* Inconsistency alert: cert_chain does include the peer's
-	 * certificate, which we don't include in s3_srvr.c */
-	x=sk_X509_value(sk,0);
-	sk=NULL;
- 	/* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
-
-	pkey=X509_get_pubkey(x);
-
-	/* VRS: allow null cert if auth == KRB5 */
-	need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) &&
-	            (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
-	            ? 0 : 1;
-
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"pkey,x = %p, %p\n", pkey,x);
-	fprintf(stderr,"ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
-	fprintf(stderr,"cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
-		s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
-#endif    /* KSSL_DEBUG */
-
-	if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
-		{
-		x=NULL;
-		al=SSL3_AL_FATAL;
-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-			SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
-		goto f_err;
-		}
-
-	i=ssl_cert_type(x,pkey);
-	if (need_cert && i < 0)
-		{
-		x=NULL;
-		al=SSL3_AL_FATAL;
-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
-			SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-		goto f_err;
-		}
-
-	if (need_cert)
-		{
-		sc->peer_cert_type=i;
-		CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-		/* Why would the following ever happen?
-		 * We just created sc a couple of lines ago. */
-		if (sc->peer_pkeys[i].x509 != NULL)
-			X509_free(sc->peer_pkeys[i].x509);
-		sc->peer_pkeys[i].x509=x;
-		sc->peer_key= &(sc->peer_pkeys[i]);
-
-		if (s->session->peer != NULL)
-			X509_free(s->session->peer);
-		CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-		s->session->peer=x;
-		}
-	else
-		{
-		sc->peer_cert_type=i;
-		sc->peer_key= NULL;
-
-		if (s->session->peer != NULL)
-			X509_free(s->session->peer);
-		s->session->peer=NULL;
-		}
-	s->session->verify_result = s->verify_result;
-
-	x=NULL;
-	ret=1;
-
-	if (0)
-		{
-f_err:
-		ssl3_send_alert(s,SSL3_AL_FATAL,al);
-		}
-err:
-	EVP_PKEY_free(pkey);
-	X509_free(x);
-	sk_X509_pop_free(sk,X509_free);
-	return(ret);
-	}
-
-int ssl3_get_key_exchange(SSL *s)
-	{
-#ifndef OPENSSL_NO_RSA
-	unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
-#endif
-	EVP_MD_CTX md_ctx;
-	unsigned char *param,*p;
-	int al,j,ok;
-	long i,param_len,n,alg_k,alg_a;
-	EVP_PKEY *pkey=NULL;
-	const EVP_MD *md = NULL;
-#ifndef OPENSSL_NO_RSA
-	RSA *rsa=NULL;
-#endif
-#ifndef OPENSSL_NO_DH
-	DH *dh=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	EC_KEY *ecdh = NULL;
-	BN_CTX *bn_ctx = NULL;
-	EC_POINT *srvr_ecpoint = NULL;
-	int curve_nid = 0;
-	int encoded_pt_len = 0;
-#endif
-
-	EVP_MD_CTX_init(&md_ctx);
-
-	/* use same message size as in ssl3_get_certificate_request()
-	 * as ServerKeyExchange message may be skipped */
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_CR_KEY_EXCH_A,
-		SSL3_ST_CR_KEY_EXCH_B,
-		-1,
-		s->max_cert_list,
-		&ok);
-	if (!ok) return((int)n);
-
-	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
-
-	if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
-		{
-		/*
-		 * Can't skip server key exchange if this is an ephemeral
-		 * ciphersuite.
-		 */
-		if (alg_k & (SSL_kEDH|SSL_kEECDH))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
-			al = SSL_AD_UNEXPECTED_MESSAGE;
-			goto f_err;
-			}
-#ifndef OPENSSL_NO_PSK
-		/* In plain PSK ciphersuite, ServerKeyExchange can be
-		   omitted if no identity hint is sent. Set
-		   session->sess_cert anyway to avoid problems
-		   later.*/
-		if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)
-			{
-			s->session->sess_cert=ssl_sess_cert_new();
-			if (s->session->psk_identity_hint)
-				{
-				OPENSSL_free(s->session->psk_identity_hint);
-				s->session->psk_identity_hint = NULL;
-				}
-			}
-#endif
-		s->s3->tmp.reuse_message=1;
-		return(1);
-		}
-
-	param=p=(unsigned char *)s->init_msg;
-	if (s->session->sess_cert != NULL)
-		{
-#ifndef OPENSSL_NO_RSA
-		if (s->session->sess_cert->peer_rsa_tmp != NULL)
-			{
-			RSA_free(s->session->sess_cert->peer_rsa_tmp);
-			s->session->sess_cert->peer_rsa_tmp=NULL;
-			}
-#endif
-#ifndef OPENSSL_NO_DH
-		if (s->session->sess_cert->peer_dh_tmp)
-			{
-			DH_free(s->session->sess_cert->peer_dh_tmp);
-			s->session->sess_cert->peer_dh_tmp=NULL;
-			}
-#endif
-#ifndef OPENSSL_NO_ECDH
-		if (s->session->sess_cert->peer_ecdh_tmp)
-			{
-			EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
-			s->session->sess_cert->peer_ecdh_tmp=NULL;
-			}
-#endif
-		}
-	else
-		{
-		s->session->sess_cert=ssl_sess_cert_new();
-		}
-
-	/* Total length of the parameters including the length prefix */
-	param_len=0;
-
-	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
-
-	al=SSL_AD_DECODE_ERROR;
-
-#ifndef OPENSSL_NO_PSK
-	if (alg_a & SSL_aPSK)
-		{
-		char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1];
-
-		param_len = 2;
-		if (param_len > n)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-		n2s(p,i);
-
-		if (s->session->psk_identity_hint)
-			{
-			OPENSSL_free(s->session->psk_identity_hint);
-			s->session->psk_identity_hint = NULL;
-			}
-		if (i != 0)
-			{
-			/* Store PSK identity hint for later use, hint is used
-			 * in ssl3_send_client_key_exchange.  Assume that the
-			 * maximum length of a PSK identity hint can be as
-			 * long as the maximum length of a PSK identity. */
-			if (i > PSK_MAX_IDENTITY_LEN)
-				{
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-					SSL_R_DATA_LENGTH_TOO_LONG);
-				goto f_err;
-				}
-			if (i > n - param_len)
-				{
-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-					SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH);
-				goto f_err;
-				}
-			param_len += i;
-
-			/* If received PSK identity hint contains NULL
-			 * characters, the hint is truncated from the first
-			 * NULL. p may not be ending with NULL, so create a
-			 * NULL-terminated string. */
-			memcpy(tmp_id_hint, p, i);
-			memset(tmp_id_hint+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
-			s->session->psk_identity_hint = BUF_strdup(tmp_id_hint);
-			if (s->session->psk_identity_hint == NULL)
-				{
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
-				goto f_err;
-				}
-			}
-		p+=i;
-		n-=param_len;
-		}
-#endif /* !OPENSSL_NO_PSK */
-
-	if (0) {}
-#ifndef OPENSSL_NO_SRP
-	else if (alg_k & SSL_kSRP)
-		{
-		param_len = 2;
-		if (param_len > n)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-		n2s(p,i);
-
-		if (i > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_N_LENGTH);
-			goto f_err;
-			}
-		param_len += i;
-
-		if (!(s->srp_ctx.N=BN_bin2bn(p,i,NULL)))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-			goto err;
-			}
-		p+=i;
-
-
-		if (2 > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-		param_len += 2;
-
-		n2s(p,i);
-
-		if (i > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_G_LENGTH);
-			goto f_err;
-			}
-		param_len += i;
-
-		if (!(s->srp_ctx.g=BN_bin2bn(p,i,NULL)))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-			goto err;
-			}
-		p+=i;
-
-
-		if (1 > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-		param_len += 1;
-
-		i = (unsigned int)(p[0]);
-		p++;
-
-		if (i > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_S_LENGTH);
-			goto f_err;
-			}
-		param_len += i;
-
-		if (!(s->srp_ctx.s=BN_bin2bn(p,i,NULL)))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-			goto err;
-			}
-		p+=i;
-
-		if (2 > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-		param_len += 2;
-
-		n2s(p,i);
-
-		if (i > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_B_LENGTH);
-			goto f_err;
-			}
-		param_len += i;
-
-		if (!(s->srp_ctx.B=BN_bin2bn(p,i,NULL)))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-			goto err;
-			}
-		p+=i;
-		n-=param_len;
-
-		if (!srp_verify_server_param(s, &al))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_PARAMETERS);
-			goto f_err;
-			}
-
-/* We must check if there is a certificate */
-#ifndef OPENSSL_NO_RSA
-		if (alg_a & SSL_aRSA)
-			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
-		if (0)
-			;
-#endif
-#ifndef OPENSSL_NO_DSA
-		else if (alg_a & SSL_aDSS)
-			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
-		}
-#endif /* !OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_RSA
-	else if (alg_k & SSL_kRSA)
-		{
-		/* Temporary RSA keys only allowed in export ciphersuites */
-		if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher))
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
-			goto f_err;
-			}
-		if ((rsa=RSA_new()) == NULL)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		param_len = 2;
-		if (param_len > n)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-		n2s(p,i);
-
-		if (i > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
-			goto f_err;
-			}
-		param_len += i;
-
-		if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-			goto err;
-			}
-		p+=i;
-
-		if (2 > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-		param_len += 2;
-
-		n2s(p,i);
-
-		if (i > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
-			goto f_err;
-			}
-		param_len += i;
-
-		if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-			goto err;
-			}
-		p+=i;
-		n-=param_len;
-
-		/* this should be because we are using an export cipher */
-		if (alg_a & SSL_aRSA)
-			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-		else
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		s->session->sess_cert->peer_rsa_tmp=rsa;
-		rsa=NULL;
-		}
-#endif
-#ifndef OPENSSL_NO_DH
-	else if (alg_k & SSL_kEDH)
-		{
-		if ((dh=DH_new()) == NULL)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
-			goto err;
-			}
-
-		param_len = 2;
-		if (param_len > n)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-		n2s(p,i);
-
-		if (i > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
-			goto f_err;
-			}
-		param_len += i;
-
-		if (!(dh->p=BN_bin2bn(p,i,NULL)))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-			goto err;
-			}
-		p+=i;
-
-		if (2 > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-		param_len += 2;
-
-		n2s(p,i);
-
-		if (i > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
-			goto f_err;
-			}
-		param_len += i;
-
-		if (!(dh->g=BN_bin2bn(p,i,NULL)))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-			goto err;
-			}
-		p+=i;
-
-		if (2 > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-		param_len += 2;
-
-		n2s(p,i);
-
-		if (i > n - param_len)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
-			goto f_err;
-			}
-		param_len += i;
-
-		if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
-			goto err;
-			}
-		p+=i;
-		n-=param_len;
-
-#ifndef OPENSSL_NO_RSA
-		if (alg_a & SSL_aRSA)
-			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
-		if (0)
-			;
-#endif
-#ifndef OPENSSL_NO_DSA
-		else if (alg_a & SSL_aDSS)
-			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
-		/* else anonymous DH, so no certificate or pkey. */
-
-		s->session->sess_cert->peer_dh_tmp=dh;
-		dh=NULL;
-		}
-	else if ((alg_k & SSL_kDHr) || (alg_k & SSL_kDHd))
-		{
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
-		goto f_err;
-		}
-#endif /* !OPENSSL_NO_DH */
-
-#ifndef OPENSSL_NO_ECDH
-	else if (alg_k & SSL_kEECDH)
-		{
-		EC_GROUP *ngroup;
-		const EC_GROUP *group;
-
-		if ((ecdh=EC_KEY_new()) == NULL)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		/* Extract elliptic curve parameters and the
-		 * server's ephemeral ECDH public key.
-		 * Keep accumulating lengths of various components in
-		 * param_len and make sure it never exceeds n.
-		 */
-
-		/* XXX: For now we only support named (not generic) curves
-		 * and the ECParameters in this case is just three bytes. We
-		 * also need one byte for the length of the encoded point
-		 */
-		param_len=4;
-		if (param_len > n)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-
-		if ((*p != NAMED_CURVE_TYPE) || 
-		    ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0))
-			{
-			al=SSL_AD_INTERNAL_ERROR;
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
-			goto f_err;
-			}
-
-		ngroup = EC_GROUP_new_by_curve_name(curve_nid);
-		if (ngroup == NULL)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
-			goto err;
-			}
-		if (EC_KEY_set_group(ecdh, ngroup) == 0)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
-			goto err;
-			}
-		EC_GROUP_free(ngroup);
-
-		group = EC_KEY_get0_group(ecdh);
-
-		if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-		    (EC_GROUP_get_degree(group) > 163))
-			{
-			al=SSL_AD_EXPORT_RESTRICTION;
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
-			goto f_err;
-			}
-
-		p+=3;
-
-		/* Next, get the encoded ECPoint */
-		if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
-		    ((bn_ctx = BN_CTX_new()) == NULL))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		encoded_pt_len = *p;  /* length of encoded point */
-		p+=1;
-
-		if ((encoded_pt_len > n - param_len) ||
-		    (EC_POINT_oct2point(group, srvr_ecpoint, 
-			p, encoded_pt_len, bn_ctx) == 0))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
-			goto f_err;
-			}
-		param_len += encoded_pt_len;
-
-		n-=param_len;
-		p+=encoded_pt_len;
-
-		/* The ECC/TLS specification does not mention
-		 * the use of DSA to sign ECParameters in the server
-		 * key exchange message. We do support RSA and ECDSA.
-		 */
-		if (0) ;
-#ifndef OPENSSL_NO_RSA
-		else if (alg_a & SSL_aRSA)
-			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#endif
-#ifndef OPENSSL_NO_ECDSA
-		else if (alg_a & SSL_aECDSA)
-			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
-#endif
-		/* else anonymous ECDH, so no certificate or pkey. */
-		EC_KEY_set_public_key(ecdh, srvr_ecpoint);
-		s->session->sess_cert->peer_ecdh_tmp=ecdh;
-		ecdh=NULL;
-		BN_CTX_free(bn_ctx);
-		bn_ctx = NULL;
-		EC_POINT_free(srvr_ecpoint);
-		srvr_ecpoint = NULL;
-		}
-#endif /* !OPENSSL_NO_ECDH */
-
-	else if (!(alg_k & SSL_kPSK))
-		{
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
-		goto f_err;
-		}
-
-	/* p points to the next byte, there are 'n' bytes left */
-
-	/* if it was signed, check the signature */
-	if (pkey != NULL)
-		{
-		if (TLS1_get_version(s) >= TLS1_2_VERSION)
-			{
-			int sigalg;
-			if (2 > n)
-				{
-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-					SSL_R_LENGTH_TOO_SHORT);
-				goto f_err;
-				}
-
-			sigalg = tls12_get_sigid(pkey);
-			/* Should never happen */
-			if (sigalg == -1)
-				{
-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			/* Check key type is consistent with signature */
-			if (sigalg != (int)p[1])
-				{
-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_TYPE);
-				al=SSL_AD_DECODE_ERROR;
-				goto f_err;
-				}
-			md = tls12_get_hash(p[0]);
-			if (md == NULL)
-				{
-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNKNOWN_DIGEST);
-				goto f_err;
-				}
-#ifdef SSL_DEBUG
-fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
-#endif
-			p += 2;
-			n -= 2;
-			}
-		else
-			md = EVP_sha1();
-
-		if (2 > n)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
-				SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-		n2s(p,i);
-		n-=2;
-		j=EVP_PKEY_size(pkey);
-
-		/* Check signature length. If n is 0 then signature is empty */
-		if ((i != n) || (n > j) || (n <= 0))
-			{
-			/* wrong packet length */
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
-			goto f_err;
-			}
-
-#ifndef OPENSSL_NO_RSA
-		if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION)
-			{
-			int num;
-			unsigned int size;
-
-			j=0;
-			q=md_buf;
-			for (num=2; num > 0; num--)
-				{
-				EVP_MD_CTX_set_flags(&md_ctx,
-					EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-				EVP_DigestInit_ex(&md_ctx,(num == 2)
-					?s->ctx->md5:s->ctx->sha1, NULL);
-				EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-				EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-				EVP_DigestUpdate(&md_ctx,param,param_len);
-				EVP_DigestFinal_ex(&md_ctx,q,&size);
-				q+=size;
-				j+=size;
-				}
-			i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
-								pkey->pkey.rsa);
-			if (i < 0)
-				{
-				al=SSL_AD_DECRYPT_ERROR;
-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
-				goto f_err;
-				}
-			if (i == 0)
-				{
-				/* bad signature */
-				al=SSL_AD_DECRYPT_ERROR;
-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
-				goto f_err;
-				}
-			}
-		else
-#endif
-			{
-			EVP_VerifyInit_ex(&md_ctx, md, NULL);
-			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-			EVP_VerifyUpdate(&md_ctx,param,param_len);
-			if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
-				{
-				/* bad signature */
-				al=SSL_AD_DECRYPT_ERROR;
-				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
-				goto f_err;
-				}
-			}
-		}
-	else
-		{
-		if (!(alg_a & (SSL_aNULL|SSL_aSRP)) &&
-			/* Among PSK ciphers only RSA_PSK needs a public key */
-			!((alg_a & SSL_aPSK) && !(alg_k & SSL_kRSA)))
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		/* still data left over */
-		if (n != 0)
-			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
-			goto f_err;
-			}
-		}
-	EVP_PKEY_free(pkey);
-	EVP_MD_CTX_cleanup(&md_ctx);
-	return(1);
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-	EVP_PKEY_free(pkey);
-#ifndef OPENSSL_NO_RSA
-	if (rsa != NULL)
-		RSA_free(rsa);
-#endif
-#ifndef OPENSSL_NO_DH
-	if (dh != NULL)
-		DH_free(dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
-	BN_CTX_free(bn_ctx);
-	EC_POINT_free(srvr_ecpoint);
-	if (ecdh != NULL)
-		EC_KEY_free(ecdh);
-#endif
-	EVP_MD_CTX_cleanup(&md_ctx);
-	return(-1);
-	}
-
-int ssl3_get_certificate_request(SSL *s)
-	{
-	int ok,ret=0;
-	unsigned long n,nc,l;
-	unsigned int llen, ctype_num,i;
-	X509_NAME *xn=NULL;
-	const unsigned char *p,*q;
-	unsigned char *d;
-	STACK_OF(X509_NAME) *ca_sk=NULL;
-
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_CR_CERT_REQ_A,
-		SSL3_ST_CR_CERT_REQ_B,
-		-1,
-		s->max_cert_list,
-		&ok);
-
-	if (!ok) return((int)n);
-
-	s->s3->tmp.cert_req=0;
-
-	if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
-		{
-		s->s3->tmp.reuse_message=1;
-		/* If we get here we don't need any cached handshake records
-		 * as we wont be doing client auth.
-		 */
-		if (s->s3->handshake_buffer)
-			{
-			if (!ssl3_digest_cached_records(s))
-				goto err;
-			}
-		return(1);
-		}
-
-	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
-		{
-		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
-		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
-		goto err;
-		}
-
-	/* TLS does not like anon-DH with client cert */
-	if (s->version > SSL3_VERSION)
-		{
-		if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
-			{
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
-			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
-			goto err;
-			}
-		}
-
-	p=d=(unsigned char *)s->init_msg;
-
-	if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
-		{
-		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	/* get the certificate types */
-	ctype_num= *(p++);
-	if (ctype_num > SSL3_CT_NUMBER)
-		ctype_num=SSL3_CT_NUMBER;
-	for (i=0; i<ctype_num; i++)
-		s->s3->tmp.ctype[i]= p[i];
-	p+=ctype_num;
-	if (TLS1_get_version(s) >= TLS1_2_VERSION)
-		{
-		n2s(p, llen);
-		/* Check we have enough room for signature algorithms and
-		 * following length value.
-		 */
-		if ((unsigned long)(p - d + llen + 2) > n)
-			{
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_DATA_LENGTH_TOO_LONG);
-			goto err;
-			}
-		if (llen & 1)
-			{
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_SIGNATURE_ALGORITHMS_ERROR);
-			goto err;
-			}
-		tls1_process_sigalgs(s, p, llen);
-		p += llen;
-		}
-
-	/* get the CA RDNs */
-	n2s(p,llen);
-#if 0
-{
-FILE *out;
-out=fopen("/tmp/vsign.der","w");
-fwrite(p,1,llen,out);
-fclose(out);
-}
-#endif
-
-	if ((unsigned long)(p - d + llen) != n)
-		{
-		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
-		goto err;
-		}
-
-	for (nc=0; nc<llen; )
-		{
-		n2s(p,l);
-		if ((l+nc+2) > llen)
-			{
-			if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
-				goto cont; /* netscape bugs */
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
-			goto err;
-			}
-
-		q=p;
-
-		if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
-			{
-			/* If netscape tolerance is on, ignore errors */
-			if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
-				goto cont;
-			else
-				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-				SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
-				goto err;
-				}
-			}
-
-		if (q != (p+l))
-			{
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
-			goto err;
-			}
-		if (!sk_X509_NAME_push(ca_sk,xn))
-			{
-			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		p+=l;
-		nc+=l+2;
-		}
-
-	if (0)
-		{
-cont:
-		ERR_clear_error();
-		}
-
-	/* we should setup a certificate to return.... */
-	s->s3->tmp.cert_req=1;
-	s->s3->tmp.ctype_num=ctype_num;
-	if (s->s3->tmp.ca_names != NULL)
-		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-	s->s3->tmp.ca_names=ca_sk;
-	ca_sk=NULL;
-
-	ret=1;
-err:
-	if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
-	return(ret);
-	}
-
-static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
-	{
-	return(X509_NAME_cmp(*a,*b));
-	}
-#ifndef OPENSSL_NO_TLSEXT
-int ssl3_get_new_session_ticket(SSL *s)
-	{
-	int ok,al,ret=0, ticklen;
-	long n;
-	const unsigned char *p;
-	unsigned char *d;
-
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_CR_SESSION_TICKET_A,
-		SSL3_ST_CR_SESSION_TICKET_B,
-		SSL3_MT_NEWSESSION_TICKET,
-		16384,
-		&ok);
-
-	if (!ok)
-		return((int)n);
-
-	if (n < 6)
-		{
-		/* need at least ticket_lifetime_hint + ticket length */
-		al = SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
-		goto f_err;
-		}
-
-	p=d=(unsigned char *)s->init_msg;
-	n2l(p, s->session->tlsext_tick_lifetime_hint);
-	n2s(p, ticklen);
-	/* ticket_lifetime_hint + ticket_length + ticket */
-	if (ticklen + 6 != n)
-		{
-		al = SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
-		goto f_err;
-		}
-	if (s->session->tlsext_tick)
-		{
-		OPENSSL_free(s->session->tlsext_tick);
-		s->session->tlsext_ticklen = 0;
-		}
-	s->session->tlsext_tick = OPENSSL_malloc(ticklen);
-	if (!s->session->tlsext_tick)
-		{
-		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	memcpy(s->session->tlsext_tick, p, ticklen);
-	s->session->tlsext_ticklen = ticklen;
-	/* There are two ways to detect a resumed ticket session.
-	 * One is to set an appropriate session ID and then the server
-	 * must return a match in ServerHello. This allows the normal
-	 * client session ID matching to work and we know much 
-	 * earlier that the ticket has been accepted.
-	 * 
-	 * The other way is to set zero length session ID when the
-	 * ticket is presented and rely on the handshake to determine
-	 * session resumption.
-	 *
-	 * We choose the former approach because this fits in with
-	 * assumptions elsewhere in OpenSSL. The session ID is set
-	 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
-	 * ticket.
-	 */ 
-	EVP_Digest(p, ticklen,
-			s->session->session_id, &s->session->session_id_length,
-#ifndef OPENSSL_NO_SHA256
-							EVP_sha256(), NULL);
-#else
-							EVP_sha1(), NULL);
-#endif
-	ret=1;
-	return(ret);
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-	return(-1);
-	}
-
-int ssl3_get_cert_status(SSL *s)
-	{
-	int ok, al;
-	unsigned long resplen,n;
-	const unsigned char *p;
-
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_CR_CERT_STATUS_A,
-		SSL3_ST_CR_CERT_STATUS_B,
-		SSL3_MT_CERTIFICATE_STATUS,
-		16384,
-		&ok);
-
-	if (!ok) return((int)n);
-	if (n < 4)
-		{
-		/* need at least status type + length */
-		al = SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
-		goto f_err;
-		}
-	p = (unsigned char *)s->init_msg;
-	if (*p++ != TLSEXT_STATUSTYPE_ocsp)
-		{
-		al = SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE);
-		goto f_err;
-		}
-	n2l3(p, resplen);
-	if (resplen + 4 != n)
-		{
-		al = SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
-		goto f_err;
-		}
-	if (s->tlsext_ocsp_resp)
-		OPENSSL_free(s->tlsext_ocsp_resp);
-	s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
-	if (!s->tlsext_ocsp_resp)
-		{
-		al = SSL_AD_INTERNAL_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
-		goto f_err;
-		}
-	s->tlsext_ocsp_resplen = resplen;
-	if (s->ctx->tlsext_status_cb)
-		{
-		int ret;
-		ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-		if (ret == 0)
-			{
-			al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
-			SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE);
-			goto f_err;
-			}
-		if (ret < 0)
-			{
-			al = SSL_AD_INTERNAL_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
-			goto f_err;
-			}
-		}
-	return 1;
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-	return(-1);
-	}
-#endif
-
-int ssl3_get_server_done(SSL *s)
-	{
-	int ok,ret=0;
-	long n;
-
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_CR_SRVR_DONE_A,
-		SSL3_ST_CR_SRVR_DONE_B,
-		SSL3_MT_SERVER_DONE,
-		30, /* should be very small, like 0 :-) */
-		&ok);
-
-	if (!ok) return((int)n);
-	if (n > 0)
-		{
-		/* should contain no data */
-		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-		SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
-		return -1;
-		}
-	ret=1;
-	return(ret);
-	}
-
-
-int ssl3_send_client_key_exchange(SSL *s)
-	{
-	unsigned char *p,*d;
-	int n = 0;
-	unsigned long alg_k;
-	unsigned long alg_a;
-#ifndef OPENSSL_NO_RSA
-	unsigned char *q;
-	EVP_PKEY *pkey=NULL;
-#endif
-#ifndef OPENSSL_NO_KRB5
-	KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_ECDH
-	EC_KEY *clnt_ecdh = NULL;
-	const EC_POINT *srvr_ecpoint = NULL;
-	EVP_PKEY *srvr_pub_pkey = NULL;
-	unsigned char *encodedPoint = NULL;
-	int encoded_pt_len = 0;
-	BN_CTX * bn_ctx = NULL;
-#ifndef OPENSSL_NO_PSK
-	unsigned int psk_len = 0;
-	unsigned char psk[PSK_MAX_PSK_LEN];
-#endif /* OPENSSL_NO_PSK */
-#endif /* OPENSSL_NO_ECDH */
-
-	if (s->state == SSL3_ST_CW_KEY_EXCH_A)
-		{
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[4]);
-
-		alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
-		alg_a=s->s3->tmp.new_cipher->algorithm_auth;
-
-#ifndef OPENSSL_NO_PSK
-		if (alg_a & SSL_aPSK)
-			{
-			/* The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes
-			 * to return a \0-terminated identity. The last byte
-			 * is for us for simulating strnlen. */
-			char identity[PSK_MAX_IDENTITY_LEN + 2];
-			size_t identity_len;
-			unsigned char *t = NULL;
-			unsigned char pre_ms[PSK_MAX_PSK_LEN*2+4];
-			unsigned int pre_ms_len = 0;
-			int psk_err = 1;
-
-			n = 0;
-			if (s->psk_client_callback == NULL)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-					SSL_R_PSK_NO_CLIENT_CB);
-				goto err;
-				}
-
-			memset(identity, 0, sizeof(identity));
-			psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
-				identity, sizeof(identity) - 1, psk, sizeof(psk));
-			if (psk_len > PSK_MAX_PSK_LEN)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-					ERR_R_INTERNAL_ERROR);
-				goto psk_err;
-				}
-			else if (psk_len == 0)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-					SSL_R_PSK_IDENTITY_NOT_FOUND);
-				goto psk_err;
-				}
-			identity[PSK_MAX_IDENTITY_LEN + 1] = '\0';
-			identity_len = strlen(identity);
-			if (identity_len > PSK_MAX_IDENTITY_LEN)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-					ERR_R_INTERNAL_ERROR);
-				goto psk_err;
-				}
-			if (!(alg_k & SSL_kEECDH))
-				{
-				/* Create the shared secret now if we're not using ECDHE-PSK.*/
-				pre_ms_len = 2+psk_len+2+psk_len;
-				t = pre_ms;
-				s2n(psk_len, t);
-				memset(t, 0, psk_len);
-				t+=psk_len;
-				s2n(psk_len, t);
-				memcpy(t, psk, psk_len);
-
-				s->session->master_key_length =
-					s->method->ssl3_enc->generate_master_secret(s,
-						s->session->master_key,
-						pre_ms, pre_ms_len);
-				s2n(identity_len, p);
-				memcpy(p, identity, identity_len);
-				n = 2 + identity_len;
-				}
-
-			if (s->session->psk_identity != NULL)
-				OPENSSL_free(s->session->psk_identity);
-			s->session->psk_identity = BUF_strdup(identity);
-			if (s->session->psk_identity == NULL)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-					ERR_R_MALLOC_FAILURE);
-				goto psk_err;
-				}
-			psk_err = 0;
-		psk_err:
-			OPENSSL_cleanse(identity, sizeof(identity));
-			OPENSSL_cleanse(pre_ms, sizeof(pre_ms));
-			if (psk_err != 0)
-				{
-				ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-				goto err;
-				}
-			}
-#endif
-		/* Fool emacs indentation */
-		if (0) {}
-#ifndef OPENSSL_NO_RSA
-		else if (alg_k & SSL_kRSA)
-			{
-			RSA *rsa;
-			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
-			if (s->session->sess_cert == NULL)
-				{
-				/* We should always have a server certificate with SSL_kRSA. */
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-
-			if (s->session->sess_cert->peer_rsa_tmp != NULL)
-				rsa=s->session->sess_cert->peer_rsa_tmp;
-			else
-				{
-				pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-				if ((pkey == NULL) ||
-					(pkey->type != EVP_PKEY_RSA) ||
-					(pkey->pkey.rsa == NULL))
-					{
-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-					goto err;
-					}
-				rsa=pkey->pkey.rsa;
-				EVP_PKEY_free(pkey);
-				}
-				
-			tmp_buf[0]=s->client_version>>8;
-			tmp_buf[1]=s->client_version&0xff;
-			if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
-					goto err;
-
-			s->session->master_key_length=sizeof tmp_buf;
-
-			q=p;
-			/* Fix buf for TLS and beyond */
-			if (s->version > SSL3_VERSION)
-				p+=2;
-			n=RSA_public_encrypt(sizeof tmp_buf,
-				tmp_buf,p,rsa,RSA_PKCS1_PADDING);
-#ifdef PKCS1_CHECK
-			if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
-			if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
-#endif
-			if (n <= 0)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
-				goto err;
-				}
-
-			/* Fix buf for TLS and beyond */
-			if (s->version > SSL3_VERSION)
-				{
-				s2n(n,q);
-				n+=2;
-				}
-
-			s->session->master_key_length=
-				s->method->ssl3_enc->generate_master_secret(s,
-					s->session->master_key,
-					tmp_buf,sizeof tmp_buf);
-			OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
-			}
-#endif
-#ifndef OPENSSL_NO_KRB5
-		else if (alg_k & SSL_kKRB5)
-			{
-			krb5_error_code	krb5rc;
-			KSSL_CTX	*kssl_ctx = s->kssl_ctx;
-			/*  krb5_data	krb5_ap_req;  */
-			krb5_data	*enc_ticket;
-			krb5_data	authenticator, *authp = NULL;
-			EVP_CIPHER_CTX	ciph_ctx;
-			const EVP_CIPHER *enc = NULL;
-			unsigned char	iv[EVP_MAX_IV_LENGTH];
-			unsigned char	tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-			unsigned char	epms[SSL_MAX_MASTER_KEY_LENGTH 
-						+ EVP_MAX_IV_LENGTH];
-			int 		padl, outl = sizeof(epms);
-
-			EVP_CIPHER_CTX_init(&ciph_ctx);
-
-#ifdef KSSL_DEBUG
-			fprintf(stderr,"ssl3_send_client_key_exchange(%lx & %lx)\n",
-				alg_k, SSL_kKRB5);
-#endif	/* KSSL_DEBUG */
-
-			authp = NULL;
-#ifdef KRB5SENDAUTH
-			if (KRB5SENDAUTH)  authp = &authenticator;
-#endif	/* KRB5SENDAUTH */
-
-			krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
-				&kssl_err);
-			enc = kssl_map_enc(kssl_ctx->enctype);
-			if (enc == NULL)
-			    goto err;
-#ifdef KSSL_DEBUG
-			{
-			fprintf(stderr,"kssl_cget_tkt rtn %d\n", krb5rc);
-			if (krb5rc && kssl_err.text)
-			  fprintf(stderr,"kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
-			}
-#endif	/* KSSL_DEBUG */
-
-			if (krb5rc)
-				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,
-						SSL_AD_HANDSHAKE_FAILURE);
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-						kssl_err.reason);
-				goto err;
-				}
-
-			/*  20010406 VRS - Earlier versions used KRB5 AP_REQ
-			**  in place of RFC 2712 KerberosWrapper, as in:
-			**
-			**  Send ticket (copy to *p, set n = length)
-			**  n = krb5_ap_req.length;
-			**  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
-			**  if (krb5_ap_req.data)  
-			**    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
-			**
-			**  Now using real RFC 2712 KerberosWrapper
-			**  (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
-			**  Note: 2712 "opaque" types are here replaced
-			**  with a 2-byte length followed by the value.
-			**  Example:
-			**  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
-			**  Where "xx xx" = length bytes.  Shown here with
-			**  optional authenticator omitted.
-			*/
-
-			/*  KerberosWrapper.Ticket		*/
-			s2n(enc_ticket->length,p);
-			memcpy(p, enc_ticket->data, enc_ticket->length);
-			p+= enc_ticket->length;
-			n = enc_ticket->length + 2;
-
-			/*  KerberosWrapper.Authenticator	*/
-			if (authp  &&  authp->length)  
-				{
-				s2n(authp->length,p);
-				memcpy(p, authp->data, authp->length);
-				p+= authp->length;
-				n+= authp->length + 2;
-				
-				free(authp->data);
-				authp->data = NULL;
-				authp->length = 0;
-				}
-			else
-				{
-				s2n(0,p);/*  null authenticator length	*/
-				n+=2;
-				}
- 
-			    tmp_buf[0]=s->client_version>>8;
-			    tmp_buf[1]=s->client_version&0xff;
-			    if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
-				goto err;
-
-			/*  20010420 VRS.  Tried it this way; failed.
-			**	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
-			**	EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
-			**				kssl_ctx->length);
-			**	EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
-			*/
-
-			memset(iv, 0, sizeof iv);  /* per RFC 1510 */
-			EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
-				kssl_ctx->key,iv);
-			EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
-				sizeof tmp_buf);
-			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
-			outl += padl;
-			if (outl > (int)sizeof epms)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-			/*  KerberosWrapper.EncryptedPreMasterSecret	*/
-			s2n(outl,p);
-			memcpy(p, epms, outl);
-			p+=outl;
-			n+=outl + 2;
-
-			s->session->master_key_length=
-				s->method->ssl3_enc->generate_master_secret(s,
-					s->session->master_key,
-					tmp_buf, sizeof tmp_buf);
-
-			OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
-			OPENSSL_cleanse(epms, outl);
-			}
-#endif
-#ifndef OPENSSL_NO_DH
-		else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-			{
-			DH *dh_srvr,*dh_clnt;
-
-			if (s->session->sess_cert == NULL) 
-				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
-				goto err;
-				}
-
-			if (s->session->sess_cert->peer_dh_tmp != NULL)
-				dh_srvr=s->session->sess_cert->peer_dh_tmp;
-			else
-				{
-				/* we get them from the cert */
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
-				goto err;
-				}
-			
-			/* generate a new random key */
-			if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
-				goto err;
-				}
-			if (!DH_generate_key(dh_clnt))
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
-				DH_free(dh_clnt);
-				goto err;
-				}
-
-			/* use the 'p' output buffer for the DH key, but
-			 * make sure to clear it out afterwards */
-
-			n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
-
-			if (n <= 0)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
-				DH_free(dh_clnt);
-				goto err;
-				}
-
-			/* generate master key from the result */
-			s->session->master_key_length=
-				s->method->ssl3_enc->generate_master_secret(s,
-					s->session->master_key,p,n);
-			/* clean up */
-			memset(p,0,n);
-
-			/* send off the data */
-			n=BN_num_bytes(dh_clnt->pub_key);
-			s2n(n,p);
-			BN_bn2bin(dh_clnt->pub_key,p);
-			n+=2;
-
-			DH_free(dh_clnt);
-
-			/* perhaps clean things up a bit EAY EAY EAY EAY*/
-			}
-#endif
-#ifndef OPENSSL_NO_ECDH
-		else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
-			{
-			const EC_GROUP *srvr_group = NULL;
-			EC_KEY *tkey;
-			int ecdh_clnt_cert = 0;
-			int field_size = 0;
-#ifndef OPENSSL_NO_PSK
-			unsigned char *pre_ms;
-			unsigned char *t;
-			unsigned int pre_ms_len;
-			unsigned int i;
-#endif
-
-			if (s->session->sess_cert == NULL) 
-				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
-				goto err;
-				}
-
-			/* Did we send out the client's
-			 * ECDH share for use in premaster
-			 * computation as part of client certificate?
-			 * If so, set ecdh_clnt_cert to 1.
-			 */
-			if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->cert != NULL)) 
-				{
-				/* XXX: For now, we do not support client
-				 * authentication using ECDH certificates.
-				 * To add such support, one needs to add
-				 * code that checks for appropriate 
-				 * conditions and sets ecdh_clnt_cert to 1.
-				 * For example, the cert have an ECC
-				 * key on the same curve as the server's
-				 * and the key should be authorized for
-				 * key agreement.
-				 *
-				 * One also needs to add code in ssl3_connect
-				 * to skip sending the certificate verify
-				 * message.
-				 *
-				 * if ((s->cert->key->privatekey != NULL) &&
-				 *     (s->cert->key->privatekey->type ==
-				 *      EVP_PKEY_EC) && ...)
-				 * ecdh_clnt_cert = 1;
-				 */
-				}
-
-			if (s->session->sess_cert->peer_ecdh_tmp != NULL)
-				{
-				tkey = s->session->sess_cert->peer_ecdh_tmp;
-				}
-			else
-				{
-				/* Get the Server Public Key from Cert */
-				srvr_pub_pkey = X509_get_pubkey(s->session-> \
-				    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
-				if ((srvr_pub_pkey == NULL) ||
-				    (srvr_pub_pkey->type != EVP_PKEY_EC) ||
-				    (srvr_pub_pkey->pkey.ec == NULL))
-					{
-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-					    ERR_R_INTERNAL_ERROR);
-					goto err;
-					}
-
-				tkey = srvr_pub_pkey->pkey.ec;
-				}
-
-			srvr_group   = EC_KEY_get0_group(tkey);
-			srvr_ecpoint = EC_KEY_get0_public_key(tkey);
-
-			if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-				    ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-
-			if ((clnt_ecdh=EC_KEY_new()) == NULL) 
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-
-			if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
-				goto err;
-				}
-			if (ecdh_clnt_cert) 
-				{ 
-				/* Reuse key info from our certificate
-				 * We only need our private key to perform
-				 * the ECDH computation.
-				 */
-				const BIGNUM *priv_key;
-				tkey = s->cert->key->privatekey->pkey.ec;
-				priv_key = EC_KEY_get0_private_key(tkey);
-				if (priv_key == NULL)
-					{
-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
-					{
-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
-					goto err;
-					}
-				}
-			else 
-				{
-				/* Generate a new ECDH key pair */
-				if (!(EC_KEY_generate_key(clnt_ecdh)))
-					{
-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
-					goto err;
-					}
-				}
-
-			/* use the 'p' output buffer for the ECDH key, but
-			 * make sure to clear it out afterwards
-			 */
-
-			field_size = EC_GROUP_get_degree(srvr_group);
-			if (field_size <= 0)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 
-				       ERR_R_ECDH_LIB);
-				goto err;
-				}
-			n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
-			if (n <= 0)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 
-				       ERR_R_ECDH_LIB);
-				goto err;
-				}
-
-#ifndef OPENSSL_NO_PSK
-			/* ECDHE PSK ciphersuites from RFC 5489 */
-			if ((alg_a & SSL_aPSK) && psk_len != 0)
-				{
-				pre_ms_len = 2+n+2+psk_len;
-				pre_ms = OPENSSL_malloc(pre_ms_len);
-				if (pre_ms == NULL)
-					{
-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-			    		ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				memset(pre_ms, 0, pre_ms_len);
-				t = pre_ms;
-				s2n(n, t);
-				memcpy(t, p, n);
-				t += n;
-				s2n(psk_len, t);
-				memcpy(t, psk, psk_len);
-				s->session->master_key_length = s->method->ssl3_enc \
-					-> generate_master_secret(s,
-						s->session->master_key, pre_ms, pre_ms_len);
-				OPENSSL_cleanse(pre_ms, pre_ms_len);
-				OPENSSL_free(pre_ms);
-				}
-#endif /* OPENSSL_NO_PSK */
-			if (!(alg_a & SSL_aPSK))
-				{
-				/* generate master key from the result */
-				s->session->master_key_length = s->method->ssl3_enc \
-					-> generate_master_secret(s,
-						s->session->master_key, p, n);
-				}
-			memset(p, 0, n); /* clean up */
-			if (ecdh_clnt_cert)
-				{
-				/* Send empty client key exch message */
-				n = 0;
-				}
-			else 
-				{
-				/* First check the size of encoding and
-				 * allocate memory accordingly.
-				 */
-				encoded_pt_len = 
-				    EC_POINT_point2oct(srvr_group, 
-					EC_KEY_get0_public_key(clnt_ecdh), 
-					POINT_CONVERSION_UNCOMPRESSED, 
-					NULL, 0, NULL);
-
-				encodedPoint = (unsigned char *) 
-				    OPENSSL_malloc(encoded_pt_len * 
-					sizeof(unsigned char)); 
-				bn_ctx = BN_CTX_new();
-				if ((encodedPoint == NULL) || 
-				    (bn_ctx == NULL)) 
-					{
-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-
-				/* Encode the public key */
-				encoded_pt_len = EC_POINT_point2oct(srvr_group,
-				    EC_KEY_get0_public_key(clnt_ecdh),
-				    POINT_CONVERSION_UNCOMPRESSED,
-				    encodedPoint, encoded_pt_len, bn_ctx);
-				
-				n = 0;
-#ifndef OPENSSL_NO_PSK
-				if ((alg_a & SSL_aPSK) && psk_len != 0)
-					{
-					i = strlen(s->session->psk_identity);
-					s2n(i, p);
-					memcpy(p, s->session->psk_identity, i);
-					p += i;
-					n = i + 2;
-					}
-#endif
-
-				*p = encoded_pt_len; /* length of encoded point */
-				/* Encoded point will be copied here */
-				p += 1;
-				n += 1;
-				/* copy the point */
-				memcpy((unsigned char *)p, encodedPoint, encoded_pt_len);
-				/* increment n to account for length field */
-				n += encoded_pt_len;
-				}
-
-			/* Free allocated memory */
-			BN_CTX_free(bn_ctx);
-			if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
-			if (clnt_ecdh != NULL)
-				 EC_KEY_free(clnt_ecdh);
-			EVP_PKEY_free(srvr_pub_pkey);
-			}
-#endif /* !OPENSSL_NO_ECDH */
-		else if (alg_k & SSL_kGOST)
-			{
-			/* GOST key exchange message creation */
-			EVP_PKEY_CTX *pkey_ctx;
-			X509 *peer_cert; 
-			size_t msglen;
-			unsigned int md_len;
-			int keytype;
-			unsigned char premaster_secret[32],shared_ukm[32], tmp[256];
-			EVP_MD_CTX *ukm_hash;
-			EVP_PKEY *pub_key;
-
-			/* Get server sertificate PKEY and create ctx from it */
-			peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST01)].x509;
-			if (!peer_cert) 
-				peer_cert=s->session->sess_cert->peer_pkeys[(keytype=SSL_PKEY_GOST94)].x509;
-			if (!peer_cert)		{
-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
-					goto err;
-				}	
-				
-			pkey_ctx=EVP_PKEY_CTX_new(pub_key=X509_get_pubkey(peer_cert),NULL);
-			/* If we have send a certificate, and certificate key
-
-			 * parameters match those of server certificate, use
-			 * certificate key for key exchange
-			 */
-
-			 /* Otherwise, generate ephemeral key pair */
-					
-			EVP_PKEY_encrypt_init(pkey_ctx);
-			  /* Generate session key */	
-		    RAND_bytes(premaster_secret,32);
-			/* If we have client certificate, use its secret as peer key */
-			if (s->s3->tmp.cert_req && s->cert->key->privatekey) {
-				if (EVP_PKEY_derive_set_peer(pkey_ctx,s->cert->key->privatekey) <=0) {
-					/* If there was an error - just ignore it. Ephemeral key
-					* would be used
-					*/
-					ERR_clear_error();
-				}
-			}			
-			/* Compute shared IV and store it in algorithm-specific
-			 * context data */
-			ukm_hash = EVP_MD_CTX_create();
-			EVP_DigestInit(ukm_hash,EVP_get_digestbynid(NID_id_GostR3411_94));
-			EVP_DigestUpdate(ukm_hash,s->s3->client_random,SSL3_RANDOM_SIZE);
-			EVP_DigestUpdate(ukm_hash,s->s3->server_random,SSL3_RANDOM_SIZE);
-			EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len);
-			EVP_MD_CTX_destroy(ukm_hash);
-			if (EVP_PKEY_CTX_ctrl(pkey_ctx,-1,EVP_PKEY_OP_ENCRYPT,EVP_PKEY_CTRL_SET_IV,
-				8,shared_ukm)<0) {
-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-						SSL_R_LIBRARY_BUG);
-					goto err;
-				}	
-			/* Make GOST keytransport blob message */
-			/*Encapsulate it into sequence */
-			*(p++)=V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
-			msglen=255;
-			if (EVP_PKEY_encrypt(pkey_ctx,tmp,&msglen,premaster_secret,32)<0) {
-			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-					SSL_R_LIBRARY_BUG);
-				goto err;
-			}
-			if (msglen >= 0x80)
-				{
-				*(p++)=0x81;
-				*(p++)= msglen & 0xff;
-				n=msglen+3;
-				}
-			else
-				{
-				*(p++)= msglen & 0xff;
-				n=msglen+2;
-				}
-			memcpy(p, tmp, msglen);
-			/* Check if pubkey from client certificate was used */
-			if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
-				{
-				/* Set flag "skip certificate verify" */
-				s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
-				}
-			EVP_PKEY_CTX_free(pkey_ctx);
-			s->session->master_key_length=
-				s->method->ssl3_enc->generate_master_secret(s,
-					s->session->master_key,premaster_secret,32);
-			EVP_PKEY_free(pub_key);
-
-			}
-#ifndef OPENSSL_NO_SRP
-		else if (alg_k & SSL_kSRP)
-			{
-			if (s->srp_ctx.A != NULL)
-				{
-				/* send off the data */
-				n=BN_num_bytes(s->srp_ctx.A);
-				s2n(n,p);
-				BN_bn2bin(s->srp_ctx.A,p);
-				n+=2;
-				}
-			else
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			if (s->session->srp_username != NULL)
-				OPENSSL_free(s->session->srp_username);
-			s->session->srp_username = BUF_strdup(s->srp_ctx.login);
-			if (s->session->srp_username == NULL)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-					ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-
-			if ((s->session->master_key_length = SRP_generate_client_master_secret(s,s->session->master_key))<0)
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			}
-#endif
-		else if (!(alg_k & SSL_kPSK) || ((alg_k & SSL_kPSK) && !(alg_a & SSL_aPSK)))
-			{
-			ssl3_send_alert(s, SSL3_AL_FATAL,
-			    SSL_AD_HANDSHAKE_FAILURE);
-			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
-			    ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		
-		*(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
-		l2n3(n,d);
-
-		s->state=SSL3_ST_CW_KEY_EXCH_B;
-		/* number of bytes to write */
-		s->init_num=n+4;
-		s->init_off=0;
-		}
-
-	/* SSL3_ST_CW_KEY_EXCH_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-#ifndef OPENSSL_NO_ECDH
-	BN_CTX_free(bn_ctx);
-	if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
-	if (clnt_ecdh != NULL) 
-		EC_KEY_free(clnt_ecdh);
-	EVP_PKEY_free(srvr_pub_pkey);
-#endif
-	return(-1);
-	}
-
-int ssl3_send_client_verify(SSL *s)
-	{
-	unsigned char *p,*d;
-	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
-	EVP_PKEY *pkey;
-	EVP_PKEY_CTX *pctx=NULL;
-	EVP_MD_CTX mctx;
-	unsigned u=0;
-	unsigned long n;
-	int j;
-
-	EVP_MD_CTX_init(&mctx);
-
-	if (s->state == SSL3_ST_CW_CERT_VRFY_A)
-		{
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[4]);
-		pkey=s->cert->key->privatekey;
-/* Create context from key and test if sha1 is allowed as digest */
-		pctx = EVP_PKEY_CTX_new(pkey,NULL);
-		EVP_PKEY_sign_init(pctx);
-		if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0)
-			{
-			if (TLS1_get_version(s) < TLS1_2_VERSION)
-				s->method->ssl3_enc->cert_verify_mac(s,
-						NID_sha1,
-						&(data[MD5_DIGEST_LENGTH]));
-			}
-		else
-			{
-			ERR_clear_error();
-			}
-		/* For TLS v1.2 send signature algorithm and signature
-		 * using agreed digest and cached handshake records.
-		 */
-		if (TLS1_get_version(s) >= TLS1_2_VERSION)
-			{
-			long hdatalen = 0;
-			void *hdata;
-			const EVP_MD *md;
-			switch (ssl_cert_type(NULL, pkey))
-				{
-			case SSL_PKEY_RSA_ENC:
-				md = s->s3->digest_rsa;
-				break;
-			case SSL_PKEY_DSA_SIGN:
-				md = s->s3->digest_dsa;
-				break;
-			case SSL_PKEY_ECC:
-				md = s->s3->digest_ecdsa;
-				break;
-			default:
-				md = NULL;
-				}
-			if (!md)
-				/* Unlike with the SignatureAlgorithm extension (sent by clients),
-				 * there are no default algorithms for the CertificateRequest message
-				 * (sent by servers). However, now that we've sent a certificate
-				 * for which we don't really know what hash to use for signing, the
-				 * best we can do is try a default algorithm. */
-				md = EVP_sha1();
-			hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,
-								&hdata);
-			if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md))
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
-						ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			p += 2;
-#ifdef SSL_DEBUG
-			fprintf(stderr, "Using TLS 1.2 with client alg %s\n",
-							EVP_MD_name(md));
-#endif
-			if (!EVP_SignInit_ex(&mctx, md, NULL)
-				|| !EVP_SignUpdate(&mctx, hdata, hdatalen)
-				|| !EVP_SignFinal(&mctx, p + 2, &u, pkey))
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
-						ERR_R_EVP_LIB);
-				goto err;
-				}
-			s2n(u,p);
-			n = u + 4;
-			if (!ssl3_digest_cached_records(s))
-				goto err;
-			}
-		else
-#ifndef OPENSSL_NO_RSA
-		if (pkey->type == EVP_PKEY_RSA)
-			{
-			s->method->ssl3_enc->cert_verify_mac(s,
-				NID_md5,
-			 	&(data[0]));
-			if (RSA_sign(NID_md5_sha1, data,
-					 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
-					&(p[2]), &u, pkey->pkey.rsa) <= 0 )
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
-				goto err;
-				}
-			s2n(u,p);
-			n=u+2;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_DSA
-			if (pkey->type == EVP_PKEY_DSA)
-			{
-			if (!DSA_sign(pkey->save_type,
-				&(data[MD5_DIGEST_LENGTH]),
-				SHA_DIGEST_LENGTH,&(p[2]),
-				(unsigned int *)&j,pkey->pkey.dsa))
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
-				goto err;
-				}
-			s2n(j,p);
-			n=j+2;
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-			if (pkey->type == EVP_PKEY_EC)
-			{
-			if (!ECDSA_sign(pkey->save_type,
-				&(data[MD5_DIGEST_LENGTH]),
-				SHA_DIGEST_LENGTH,&(p[2]),
-				(unsigned int *)&j,pkey->pkey.ec))
-				{
-				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
-				    ERR_R_ECDSA_LIB);
-				goto err;
-				}
-			s2n(j,p);
-			n=j+2;
-			}
-		else
-#endif
-		if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) 
-		{
-		unsigned char signbuf[64];
-		int i;
-		size_t sigsize=64;
-		s->method->ssl3_enc->cert_verify_mac(s,
-			NID_id_GostR3411_94,
-			data);
-		if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) {
-			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
-			ERR_R_INTERNAL_ERROR);
-			goto err;
-		}
-		for (i=63,j=0; i>=0; j++, i--) {
-			p[2+j]=signbuf[i];
-		}	
-		s2n(j,p);
-		n=j+2;
-		}
-		else
-		{
-			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
-			goto err;
-		}
-		*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
-		l2n3(n,d);
-
-		s->state=SSL3_ST_CW_CERT_VRFY_B;
-		s->init_num=(int)n+4;
-		s->init_off=0;
-		}
-	EVP_MD_CTX_cleanup(&mctx);
-	EVP_PKEY_CTX_free(pctx);
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-	EVP_MD_CTX_cleanup(&mctx);
-	EVP_PKEY_CTX_free(pctx);
-	return(-1);
-	}
-
-int ssl3_send_client_certificate(SSL *s)
-	{
-	X509 *x509=NULL;
-	EVP_PKEY *pkey=NULL;
-	int i;
-	unsigned long l;
-
-	if (s->state ==	SSL3_ST_CW_CERT_A)
-		{
-		if ((s->cert == NULL) ||
-			(s->cert->key->x509 == NULL) ||
-			(s->cert->key->privatekey == NULL))
-			s->state=SSL3_ST_CW_CERT_B;
-		else
-			s->state=SSL3_ST_CW_CERT_C;
-		}
-
-	/* We need to get a client cert */
-	if (s->state == SSL3_ST_CW_CERT_B)
-		{
-		/* If we get an error, we need to
-		 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
-		 * We then get retied later */
-		i=0;
-		i = ssl_do_client_cert_cb(s, &x509, &pkey);
-		if (i < 0)
-			{
-			s->rwstate=SSL_X509_LOOKUP;
-			return(-1);
-			}
-		s->rwstate=SSL_NOTHING;
-		if ((i == 1) && (pkey != NULL) && (x509 != NULL))
-			{
-			s->state=SSL3_ST_CW_CERT_B;
-			if (	!SSL_use_certificate(s,x509) ||
-				!SSL_use_PrivateKey(s,pkey))
-				i=0;
-			}
-		else if (i == 1)
-			{
-			i=0;
-			SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
-			}
-
-		if (x509 != NULL) X509_free(x509);
-		if (pkey != NULL) EVP_PKEY_free(pkey);
-		if (i == 0)
-			{
-			if (s->version == SSL3_VERSION)
-				{
-				s->s3->tmp.cert_req=0;
-				ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
-				return(1);
-				}
-			else
-				{
-				s->s3->tmp.cert_req=2;
-				}
-			}
-
-		/* Ok, we have a cert */
-		s->state=SSL3_ST_CW_CERT_C;
-		}
-
-	if (s->state == SSL3_ST_CW_CERT_C)
-		{
-		s->state=SSL3_ST_CW_CERT_D;
-		l=ssl3_output_cert_chain(s,
-			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
-		if (!l)
-			{
-			SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
-			return 0;
-			}
-		s->init_num=(int)l;
-		s->init_off=0;
-		}
-	/* SSL3_ST_CW_CERT_D */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-#define has_bits(i,m)	(((i)&(m)) == (m))
-
-int ssl3_check_cert_and_algorithm(SSL *s)
-	{
-	int i,idx;
-	long alg_k,alg_a;
-	EVP_PKEY *pkey=NULL;
-	SESS_CERT *sc;
-#ifndef OPENSSL_NO_RSA
-	RSA *rsa;
-#endif
-#ifndef OPENSSL_NO_DH
-	DH *dh;
-#endif
-
-	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
-	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
-
-	/* we don't have a certificate */
-	if ((alg_a & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) || (alg_k & SSL_kPSK))
-		return(1);
-
-	sc=s->session->sess_cert;
-	if (sc == NULL)
-		{
-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-
-#ifndef OPENSSL_NO_RSA
-	rsa=s->session->sess_cert->peer_rsa_tmp;
-#endif
-#ifndef OPENSSL_NO_DH
-	dh=s->session->sess_cert->peer_dh_tmp;
-#endif
-
-	/* This is the passed certificate */
-
-	idx=sc->peer_cert_type;
-#ifndef OPENSSL_NO_ECDH
-	if (idx == SSL_PKEY_ECC)
-		{
-		if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
-		    						s) == 0) 
-			{ /* check failed */
-			SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
-			goto f_err;
-			}
-		else 
-			{
-			return 1;
-			}
-		}
-#endif
-	pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
-	i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
-	EVP_PKEY_free(pkey);
-
-	
-	/* Check that we have a certificate if we require one */
-	if ((alg_a & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
-		{
-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
-		goto f_err;
-		}
-#ifndef OPENSSL_NO_DSA
-	else if ((alg_a & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
-		{
-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
-		goto f_err;
-		}
-#endif
-#ifndef OPENSSL_NO_RSA
-	if ((alg_k & SSL_kRSA) &&
-		!(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
-		{
-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
-		goto f_err;
-		}
-#endif
-#ifndef OPENSSL_NO_DH
-	if ((alg_k & SSL_kEDH) &&
-		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
-		{
-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
-		goto f_err;
-		}
-	else if ((alg_k & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
-		{
-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
-		goto f_err;
-		}
-#ifndef OPENSSL_NO_DSA
-	else if ((alg_k & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
-		{
-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
-		goto f_err;
-		}
-#endif
-#endif
-
-	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
-		{
-#ifndef OPENSSL_NO_RSA
-		if (alg_k & SSL_kRSA)
-			{
-			if (rsa == NULL
-			    || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
-				{
-				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
-				goto f_err;
-				}
-			}
-		else
-#endif
-#ifndef OPENSSL_NO_DH
-			if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-			    {
-			    if (dh == NULL
-				|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
-				{
-				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
-				goto f_err;
-				}
-			}
-		else
-#endif
-			{
-			SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-			goto f_err;
-			}
-		}
-	return(1);
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-err:
-	return(0);
-	}
-
-#if !defined(OPENSSL_NO_TLSEXT)
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
-int ssl3_send_next_proto(SSL *s)
-	{
-	unsigned int len, padding_len;
-	unsigned char *d;
-
-	if (s->state == SSL3_ST_CW_NEXT_PROTO_A)
-		{
-		len = s->next_proto_negotiated_len;
-		padding_len = 32 - ((len + 2) % 32);
-		d = (unsigned char *)s->init_buf->data;
-		d[4] = len;
-		memcpy(d + 5, s->next_proto_negotiated, len);
-		d[5 + len] = padding_len;
-		memset(d + 6 + len, 0, padding_len);
-		*(d++)=SSL3_MT_NEXT_PROTO;
-		l2n3(2 + len + padding_len, d);
-		s->state = SSL3_ST_CW_NEXT_PROTO_B;
-		s->init_num = 4 + 2 + len + padding_len;
-		s->init_off = 0;
-		}
-
-	return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-        }
-# endif  /* !OPENSSL_NO_NEXTPROTONEG */
-
-int ssl3_send_channel_id(SSL *s)
-	{
-	unsigned char *d;
-	int ret = -1, public_key_len;
-	EVP_MD_CTX md_ctx;
-	size_t sig_len;
-	ECDSA_SIG *sig = NULL;
-	unsigned char *public_key = NULL, *derp, *der_sig = NULL;
-
-	if (s->state != SSL3_ST_CW_CHANNEL_ID_A)
-		return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-
-	if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb)
-		{
-		EVP_PKEY *key = NULL;
-		s->ctx->channel_id_cb(s, &key);
-		if (key != NULL)
-			{
-			s->tlsext_channel_id_private = key;
-			}
-		}
-	if (!s->tlsext_channel_id_private)
-		{
-		s->rwstate=SSL_CHANNEL_ID_LOOKUP;
-		return (-1);
-		}
-	s->rwstate=SSL_NOTHING;
-
-	d = (unsigned char *)s->init_buf->data;
-	*(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS;
-	l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d);
-	if (s->s3->tlsext_channel_id_new)
-		s2n(TLSEXT_TYPE_channel_id_new, d);
-	else
-		s2n(TLSEXT_TYPE_channel_id, d);
-	s2n(TLSEXT_CHANNEL_ID_SIZE, d);
-
-	EVP_MD_CTX_init(&md_ctx);
-
-	public_key_len = i2d_PublicKey(s->tlsext_channel_id_private, NULL);
-	if (public_key_len <= 0)
-		{
-		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY);
-		goto err;
-		}
-	/* i2d_PublicKey will produce an ANSI X9.62 public key which, for a
-	 * P-256 key, is 0x04 (meaning uncompressed) followed by the x and y
-	 * field elements as 32-byte, big-endian numbers. */
-	if (public_key_len != 65)
-		{
-		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CHANNEL_ID_NOT_P256);
-		goto err;
-		}
-	public_key = OPENSSL_malloc(public_key_len);
-	if (!public_key)
-		{
-		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	derp = public_key;
-	i2d_PublicKey(s->tlsext_channel_id_private, &derp);
-
-	if (EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL,
-			       s->tlsext_channel_id_private) != 1)
-		{
-		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNINIT_FAILED);
-		goto err;
-		}
-
-	if (!tls1_channel_id_hash(&md_ctx, s))
-		goto err;
-
-	if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len))
-		{
-		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAILED);
-		goto err;
-		}
-
-	der_sig = OPENSSL_malloc(sig_len);
-	if (!der_sig)
-		{
-		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (!EVP_DigestSignFinal(&md_ctx, der_sig, &sig_len))
-		{
-		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAILED);
-		goto err;
-		}
-
-	derp = der_sig;
-	sig = d2i_ECDSA_SIG(NULL, (const unsigned char**) &derp, sig_len);
-	if (sig == NULL)
-		{
-		SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_D2I_ECDSA_SIG);
-		goto err;
-		}
-
-	/* The first byte of public_key will be 0x4, denoting an uncompressed key. */
-	memcpy(d, public_key + 1, 64);
-	d += 64;
-	memset(d, 0, 2 * 32);
-	BN_bn2bin(sig->r, d + 32 - BN_num_bytes(sig->r));
-	d += 32;
-	BN_bn2bin(sig->s, d + 32 - BN_num_bytes(sig->s));
-	d += 32;
-
-	s->state = SSL3_ST_CW_CHANNEL_ID_B;
-	s->init_num = 4 + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE;
-	s->init_off = 0;
-
-	ret = ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-
-err:
-	EVP_MD_CTX_cleanup(&md_ctx);
-	if (public_key)
-		OPENSSL_free(public_key);
-	if (der_sig)
-		OPENSSL_free(der_sig);
-	if (sig)
-		ECDSA_SIG_free(sig);
-
-	return ret;
-	}
-#endif  /* !OPENSSL_NO_TLSEXT */
-
-int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
-	{
-	int i = 0;
-#ifndef OPENSSL_NO_ENGINE
-	if (s->ctx->client_cert_engine)
-		{
-		i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
-						SSL_get_client_CA_list(s),
-						px509, ppkey, NULL, NULL, NULL);
-		if (i != 0)
-			return i;
-		}
-#endif
-	if (s->ctx->client_cert_cb)
-		i = s->ctx->client_cert_cb(s,px509,ppkey);
-	return i;
-	}
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
deleted file mode 100644
index f99b61cec7..0000000000
--- a/ssl/s3_enc.c
+++ /dev/null
@@ -1,906 +0,0 @@
-/* ssl/s3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-
-static unsigned char ssl3_pad_1[48]={
-	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
-	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
-	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
-	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
-	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
-	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 };
-
-static unsigned char ssl3_pad_2[48]={
-	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
-	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
-	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
-	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
-	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
-	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
-static int ssl3_handshake_mac(SSL *s, int md_nid,
-	const char *sender, int len, unsigned char *p);
-static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
-	{
-	EVP_MD_CTX m5;
-	EVP_MD_CTX s1;
-	unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
-	unsigned char c='A';
-	unsigned int i,j,k;
-
-#ifdef CHARSET_EBCDIC
-	c = os_toascii[c]; /*'A' in ASCII */
-#endif
-	k=0;
-	EVP_MD_CTX_init(&m5);
-	EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-	EVP_MD_CTX_init(&s1);
-	for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
-		{
-		k++;
-		if (k > sizeof buf)
-			{
-			/* bug: 'buf' is too small for this ciphersuite */
-			SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
-			return 0;
-			}
-		
-		for (j=0; j<k; j++)
-			buf[j]=c;
-		c++;
-		EVP_DigestInit_ex(&s1,EVP_sha1(), NULL);
-		EVP_DigestUpdate(&s1,buf,k);
-		EVP_DigestUpdate(&s1,s->session->master_key,
-			s->session->master_key_length);
-		EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
-		EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
-		EVP_DigestFinal_ex(&s1,smd,NULL);
-
-		EVP_DigestInit_ex(&m5,EVP_md5(), NULL);
-		EVP_DigestUpdate(&m5,s->session->master_key,
-			s->session->master_key_length);
-		EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);
-		if ((int)(i+MD5_DIGEST_LENGTH) > num)
-			{
-			EVP_DigestFinal_ex(&m5,smd,NULL);
-			memcpy(km,smd,(num-i));
-			}
-		else
-			EVP_DigestFinal_ex(&m5,km,NULL);
-
-		km+=MD5_DIGEST_LENGTH;
-		}
-	OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
-	EVP_MD_CTX_cleanup(&m5);
-	EVP_MD_CTX_cleanup(&s1);
-	return 1;
-	}
-
-int ssl3_change_cipher_state(SSL *s, int which)
-	{
-	unsigned char *p,*mac_secret;
-	unsigned char exp_key[EVP_MAX_KEY_LENGTH];
-	unsigned char exp_iv[EVP_MAX_IV_LENGTH];
-	unsigned char *ms,*key,*iv,*er1,*er2;
-	EVP_CIPHER_CTX *dd;
-	const EVP_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
-	COMP_METHOD *comp;
-#endif
-	const EVP_MD *m;
-	EVP_MD_CTX md;
-	int is_exp,n,i,j,k,cl;
-	int reuse_dd = 0;
-
-	is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
-	c=s->s3->tmp.new_sym_enc;
-	m=s->s3->tmp.new_hash;
-	/* m == NULL will lead to a crash later */
-	OPENSSL_assert(m);
-#ifndef OPENSSL_NO_COMP
-	if (s->s3->tmp.new_compression == NULL)
-		comp=NULL;
-	else
-		comp=s->s3->tmp.new_compression->method;
-#endif
-
-	if (which & SSL3_CC_READ)
-		{
-		if (s->enc_read_ctx != NULL)
-			reuse_dd = 1;
-		else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
-			goto err;
-		else
-			/* make sure it's intialized in case we exit later with an error */
-			EVP_CIPHER_CTX_init(s->enc_read_ctx);
-		dd= s->enc_read_ctx;
-
-		ssl_replace_hash(&s->read_hash,m);
-#ifndef OPENSSL_NO_COMP
-		/* COMPRESS */
-		if (s->expand != NULL)
-			{
-			COMP_CTX_free(s->expand);
-			s->expand=NULL;
-			}
-		if (comp != NULL)
-			{
-			s->expand=COMP_CTX_new(comp);
-			if (s->expand == NULL)
-				{
-				SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
-				goto err2;
-				}
-			if (s->s3->rrec.comp == NULL)
-				s->s3->rrec.comp=(unsigned char *)
-					OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH);
-			if (s->s3->rrec.comp == NULL)
-				goto err;
-			}
-#endif
-		memset(&(s->s3->read_sequence[0]),0,8);
-		mac_secret= &(s->s3->read_mac_secret[0]);
-		}
-	else
-		{
-		if (s->enc_write_ctx != NULL)
-			reuse_dd = 1;
-		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
-			goto err;
-		else
-			/* make sure it's intialized in case we exit later with an error */
-			EVP_CIPHER_CTX_init(s->enc_write_ctx);
-		dd= s->enc_write_ctx;
-		ssl_replace_hash(&s->write_hash,m);
-#ifndef OPENSSL_NO_COMP
-		/* COMPRESS */
-		if (s->compress != NULL)
-			{
-			COMP_CTX_free(s->compress);
-			s->compress=NULL;
-			}
-		if (comp != NULL)
-			{
-			s->compress=COMP_CTX_new(comp);
-			if (s->compress == NULL)
-				{
-				SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
-				goto err2;
-				}
-			}
-#endif
-		memset(&(s->s3->write_sequence[0]),0,8);
-		mac_secret= &(s->s3->write_mac_secret[0]);
-		}
-
-	if (reuse_dd)
-		EVP_CIPHER_CTX_cleanup(dd);
-
-	p=s->s3->tmp.key_block;
-	i=EVP_MD_size(m);
-	if (i < 0)
-		goto err2;
-	cl=EVP_CIPHER_key_length(c);
-	j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
-		 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
-	/* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
-	k=EVP_CIPHER_iv_length(c);
-	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
-		(which == SSL3_CHANGE_CIPHER_SERVER_READ))
-		{
-		ms=  &(p[ 0]); n=i+i;
-		key= &(p[ n]); n+=j+j;
-		iv=  &(p[ n]); n+=k+k;
-		er1= &(s->s3->client_random[0]);
-		er2= &(s->s3->server_random[0]);
-		}
-	else
-		{
-		n=i;
-		ms=  &(p[ n]); n+=i+j;
-		key= &(p[ n]); n+=j+k;
-		iv=  &(p[ n]); n+=k;
-		er1= &(s->s3->server_random[0]);
-		er2= &(s->s3->client_random[0]);
-		}
-
-	if (n > s->s3->tmp.key_block_length)
-		{
-		SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
-		goto err2;
-		}
-
-	EVP_MD_CTX_init(&md);
-	memcpy(mac_secret,ms,i);
-	if (is_exp)
-		{
-		/* In here I set both the read and write key/iv to the
-		 * same value since only the correct one will be used :-).
-		 */
-		EVP_DigestInit_ex(&md,EVP_md5(), NULL);
-		EVP_DigestUpdate(&md,key,j);
-		EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
-		EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
-		EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL);
-		key= &(exp_key[0]);
-
-		if (k > 0)
-			{
-			EVP_DigestInit_ex(&md,EVP_md5(), NULL);
-			EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
-			EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
-			EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL);
-			iv= &(exp_iv[0]);
-			}
-		}
-
-	s->session->key_arg_length=0;
-
-	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
-
-	OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
-	OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
-	EVP_MD_CTX_cleanup(&md);
-	return(1);
-err:
-	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
-err2:
-	return(0);
-	}
-
-int ssl3_setup_key_block(SSL *s)
-	{
-	unsigned char *p;
-	const EVP_CIPHER *c;
-	const EVP_MD *hash;
-	int num;
-	int ret = 0;
-	SSL_COMP *comp;
-
-	if (s->s3->tmp.key_block_length != 0)
-		return(1);
-
-	if (!ssl_cipher_get_evp(s->session,&c,&hash,NULL,NULL,&comp))
-		{
-		SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
-		return(0);
-		}
-
-	s->s3->tmp.new_sym_enc=c;
-	s->s3->tmp.new_hash=hash;
-#ifdef OPENSSL_NO_COMP
-	s->s3->tmp.new_compression=NULL;
-#else
-	s->s3->tmp.new_compression=comp;
-#endif
-
-	num=EVP_MD_size(hash);
-	if (num < 0)
-		return 0;
-
-	num=EVP_CIPHER_key_length(c)+num+EVP_CIPHER_iv_length(c);
-	num*=2;
-
-	ssl3_cleanup_key_block(s);
-
-	if ((p=OPENSSL_malloc(num)) == NULL)
-		goto err;
-
-	s->s3->tmp.key_block_length=num;
-	s->s3->tmp.key_block=p;
-
-	ret = ssl3_generate_key_block(s,p,num);
-
-	/* enable vulnerability countermeasure for CBC ciphers with
-	 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */
-	if ((s->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0)
-		{
-		s->s3->need_record_splitting = 1;
-
-		if (s->session->cipher != NULL)
-			{
-			if (s->session->cipher->algorithm_enc == SSL_eNULL)
-				s->s3->need_record_splitting = 0;
-
-#ifndef OPENSSL_NO_RC4
-			if (s->session->cipher->algorithm_enc == SSL_RC4)
-				s->s3->need_record_splitting = 0;
-#endif
-			}
-		}
-
-	return ret;
-
-err:
-	SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
-	return(0);
-	}
-
-void ssl3_cleanup_key_block(SSL *s)
-	{
-	if (s->s3->tmp.key_block != NULL)
-		{
-		OPENSSL_cleanse(s->s3->tmp.key_block,
-			s->s3->tmp.key_block_length);
-		OPENSSL_free(s->s3->tmp.key_block);
-		s->s3->tmp.key_block=NULL;
-		}
-	s->s3->tmp.key_block_length=0;
-	}
-
-/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
- *
- * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
- *       short etc).
- *   1: if the record's padding is valid / the encryption was successful.
- *   -1: if the record's padding is invalid or, if sending, an internal error
- *       occured.
- */
-int ssl3_enc(SSL *s, int send)
-	{
-	SSL3_RECORD *rec;
-	EVP_CIPHER_CTX *ds;
-	unsigned long l;
-	int bs,i,mac_size=0;
-	const EVP_CIPHER *enc;
-
-	if (send)
-		{
-		ds=s->enc_write_ctx;
-		rec= &(s->s3->wrec);
-		if (s->enc_write_ctx == NULL)
-			enc=NULL;
-		else
-			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-		}
-	else
-		{
-		ds=s->enc_read_ctx;
-		rec= &(s->s3->rrec);
-		if (s->enc_read_ctx == NULL)
-			enc=NULL;
-		else
-			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-		}
-
-	if ((s->session == NULL) || (ds == NULL) ||
-		(enc == NULL))
-		{
-		memmove(rec->data,rec->input,rec->length);
-		rec->input=rec->data;
-		}
-	else
-		{
-		l=rec->length;
-		bs=EVP_CIPHER_block_size(ds->cipher);
-
-		/* COMPRESS */
-
-		if ((bs != 1) && send)
-			{
-			i=bs-((int)l%bs);
-
-			/* we need to add 'i-1' padding bytes */
-			l+=i;
-			/* the last of these zero bytes will be overwritten
-			 * with the padding length. */
-			memset(&rec->input[rec->length], 0, i);
-			rec->length+=i;
-			rec->input[l-1]=(i-1);
-			}
-		
-		if (!send)
-			{
-			if (l == 0 || l%bs != 0)
-				return 0;
-			/* otherwise, rec->length >= bs */
-			}
-		
-		if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
-			return -1;
-
-		if (EVP_MD_CTX_md(s->read_hash) != NULL)
-			mac_size = EVP_MD_CTX_size(s->read_hash);
-		if ((bs != 1) && !send)
-			return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
-		}
-	return(1);
-	}
-
-void ssl3_init_finished_mac(SSL *s)
-	{
-	if (s->s3->handshake_buffer) BIO_free(s->s3->handshake_buffer);
-	if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
-    s->s3->handshake_buffer=BIO_new(BIO_s_mem());	
-	(void)BIO_set_close(s->s3->handshake_buffer,BIO_CLOSE);
-	}
-
-void ssl3_free_digest_list(SSL *s) 
-	{
-	int i;
-	if (!s->s3->handshake_dgst) return;
-	for (i=0;i<SSL_MAX_DIGEST;i++) 
-		{
-		if (s->s3->handshake_dgst[i])
-			EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
-		}
-	OPENSSL_free(s->s3->handshake_dgst);
-	s->s3->handshake_dgst=NULL;
-	}	
-
-
-
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
-	{
-	if (s->s3->handshake_buffer && !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) 
-		{
-		BIO_write (s->s3->handshake_buffer,(void *)buf,len);
-		} 
-	else 
-		{
-		int i;
-		for (i=0;i< SSL_MAX_DIGEST;i++) 
-			{
-			if (s->s3->handshake_dgst[i]!= NULL)
-			EVP_DigestUpdate(s->s3->handshake_dgst[i],buf,len);
-			}
-		}	
-	}
-
-int ssl3_digest_cached_records(SSL *s)
-	{
-	int i;
-	long mask;
-	const EVP_MD *md;
-	long hdatalen;
-	void *hdata;
-
-	/* Allocate handshake_dgst array */
-	ssl3_free_digest_list(s);
-	s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
-	memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
-	hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,&hdata);
-	if (hdatalen <= 0)
-		{
-		SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
-		return 0;
-		}
-
-	/* Loop through bitso of algorithm2 field and create MD_CTX-es */
-	for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) 
-		{
-		if ((mask & ssl_get_algorithm2(s)) && md) 
-			{
-			s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
-#ifdef OPENSSL_FIPS
-			if (EVP_MD_nid(md) == NID_md5)
-				{
-				EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
-						EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-				}
-#endif
-			EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
-			EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
-			} 
-		else 
-			{	
-			s->s3->handshake_dgst[i]=NULL;
-			}
-		}
-	if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE))
-		{
-		/* Free handshake_buffer BIO */
-		BIO_free(s->s3->handshake_buffer);
-		s->s3->handshake_buffer = NULL;
-		}
-
-	return 1;
-	}
-
-int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p)
-	{
-	return(ssl3_handshake_mac(s,md_nid,NULL,0,p));
-	}
-int ssl3_final_finish_mac(SSL *s, 
-	     const char *sender, int len, unsigned char *p)
-	{
-	int ret, sha1len;
-	ret=ssl3_handshake_mac(s,NID_md5,sender,len,p);
-	if(ret == 0)
-		return 0;
-
-	p+=ret;
-
-	sha1len=ssl3_handshake_mac(s,NID_sha1,sender,len,p);
-	if(sha1len == 0)
-		return 0;
-
-	ret+=sha1len;
-	return(ret);
-	}
-static int ssl3_handshake_mac(SSL *s, int md_nid,
-	     const char *sender, int len, unsigned char *p)
-	{
-	unsigned int ret;
-	int npad,n;
-	unsigned int i;
-	unsigned char md_buf[EVP_MAX_MD_SIZE];
-	EVP_MD_CTX ctx,*d=NULL;
-
-	if (s->s3->handshake_buffer) 
-		if (!ssl3_digest_cached_records(s))
-			return 0;
-
-	/* Search for digest of specified type in the handshake_dgst
-	 * array*/
-	for (i=0;i<SSL_MAX_DIGEST;i++) 
-		{
-		  if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) 
-		  	{
-		  	d=s->s3->handshake_dgst[i];
-			break;
-			}
-		}
-	if (!d) {
-		SSLerr(SSL_F_SSL3_HANDSHAKE_MAC,SSL_R_NO_REQUIRED_DIGEST);
-		return 0;
-	}	
-	EVP_MD_CTX_init(&ctx);
-	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-	EVP_MD_CTX_copy_ex(&ctx,d);
-	n=EVP_MD_CTX_size(&ctx);
-	if (n < 0)
-		return 0;
-
-	npad=(48/n)*n;
-	if (sender != NULL)
-		EVP_DigestUpdate(&ctx,sender,len);
-	EVP_DigestUpdate(&ctx,s->session->master_key,
-		s->session->master_key_length);
-	EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
-	EVP_DigestFinal_ex(&ctx,md_buf,&i);
-
-	EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL);
-	EVP_DigestUpdate(&ctx,s->session->master_key,
-		s->session->master_key_length);
-	EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
-	EVP_DigestUpdate(&ctx,md_buf,i);
-	EVP_DigestFinal_ex(&ctx,p,&ret);
-
-	EVP_MD_CTX_cleanup(&ctx);
-
-	return((int)ret);
-	}
-
-int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
-	{
-	SSL3_RECORD *rec;
-	unsigned char *mac_sec,*seq;
-	EVP_MD_CTX md_ctx;
-	const EVP_MD_CTX *hash;
-	unsigned char *p,rec_char;
-	size_t md_size, orig_len;
-	int npad;
-	int t;
-
-	if (send)
-		{
-		rec= &(ssl->s3->wrec);
-		mac_sec= &(ssl->s3->write_mac_secret[0]);
-		seq= &(ssl->s3->write_sequence[0]);
-		hash=ssl->write_hash;
-		}
-	else
-		{
-		rec= &(ssl->s3->rrec);
-		mac_sec= &(ssl->s3->read_mac_secret[0]);
-		seq= &(ssl->s3->read_sequence[0]);
-		hash=ssl->read_hash;
-		}
-
-	t=EVP_MD_CTX_size(hash);
-	if (t < 0 || t > 20)
-		return -1;
-	md_size=t;
-	npad=(48/md_size)*md_size;
-
-	/* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
-	orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
-	rec->type &= 0xff;
-
-	if (!send &&
-	    EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-	    ssl3_cbc_record_digest_supported(hash))
-		{
-		/* This is a CBC-encrypted record. We must avoid leaking any
-		 * timing-side channel information about how many blocks of
-		 * data we are hashing because that gives an attacker a
-		 * timing-oracle. */
-
-		/* npad is, at most, 48 bytes and that's with MD5:
-		 *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
-		 *
-		 * With SHA-1 (the largest hash speced for SSLv3) the hash size
-		 * goes up 4, but npad goes down by 8, resulting in a smaller
-		 * total size. */
-		unsigned char header[75];
-		unsigned j = 0;
-		memcpy(header+j, mac_sec, md_size);
-		j += md_size;
-		memcpy(header+j, ssl3_pad_1, npad);
-		j += npad;
-		memcpy(header+j, seq, 8);
-		j += 8;
-		header[j++] = rec->type;
-		header[j++] = rec->length >> 8;
-		header[j++] = rec->length & 0xff;
-
-		ssl3_cbc_digest_record(
-			hash,
-			md, &md_size,
-			header, rec->input,
-			rec->length + md_size, orig_len,
-			mac_sec, md_size,
-			1 /* is SSLv3 */);
-		}
-	else
-		{
-		unsigned int md_size_u;
-		/* Chop the digest off the end :-) */
-		EVP_MD_CTX_init(&md_ctx);
-
-		EVP_MD_CTX_copy_ex( &md_ctx,hash);
-		EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
-		EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
-		EVP_DigestUpdate(&md_ctx,seq,8);
-		rec_char=rec->type;
-		EVP_DigestUpdate(&md_ctx,&rec_char,1);
-		p=md;
-		s2n(rec->length,p);
-		EVP_DigestUpdate(&md_ctx,md,2);
-		EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
-		EVP_DigestFinal_ex( &md_ctx,md,NULL);
-
-		EVP_MD_CTX_copy_ex( &md_ctx,hash);
-		EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
-		EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
-		EVP_DigestUpdate(&md_ctx,md,md_size);
-		EVP_DigestFinal_ex( &md_ctx,md,&md_size_u);
-		md_size = md_size_u;
-
-		EVP_MD_CTX_cleanup(&md_ctx);
-	}
-
-	ssl3_record_sequence_update(seq);
-	return(md_size);
-	}
-
-void ssl3_record_sequence_update(unsigned char *seq)
-	{
-	int i;
-
-	for (i=7; i>=0; i--)
-		{
-		++seq[i];
-		if (seq[i] != 0) break; 
-		}
-	}
-
-int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
-	     int len)
-	{
-	static const unsigned char *salt[3]={
-#ifndef CHARSET_EBCDIC
-		(const unsigned char *)"A",
-		(const unsigned char *)"BB",
-		(const unsigned char *)"CCC",
-#else
-		(const unsigned char *)"\x41",
-		(const unsigned char *)"\x42\x42",
-		(const unsigned char *)"\x43\x43\x43",
-#endif
-		};
-	unsigned char buf[EVP_MAX_MD_SIZE];
-	EVP_MD_CTX ctx;
-	int i,ret=0;
-	unsigned int n;
-
-	EVP_MD_CTX_init(&ctx);
-	for (i=0; i<3; i++)
-		{
-		EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL);
-		EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i]));
-		EVP_DigestUpdate(&ctx,p,len);
-		EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),
-			SSL3_RANDOM_SIZE);
-		EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]),
-			SSL3_RANDOM_SIZE);
-		EVP_DigestFinal_ex(&ctx,buf,&n);
-
-		EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL);
-		EVP_DigestUpdate(&ctx,p,len);
-		EVP_DigestUpdate(&ctx,buf,n);
-		EVP_DigestFinal_ex(&ctx,out,&n);
-		out+=n;
-		ret+=n;
-		}
-	EVP_MD_CTX_cleanup(&ctx);
-	return(ret);
-	}
-
-int ssl3_alert_code(int code)
-	{
-	switch (code)
-		{
-	case SSL_AD_CLOSE_NOTIFY:	return(SSL3_AD_CLOSE_NOTIFY);
-	case SSL_AD_UNEXPECTED_MESSAGE:	return(SSL3_AD_UNEXPECTED_MESSAGE);
-	case SSL_AD_BAD_RECORD_MAC:	return(SSL3_AD_BAD_RECORD_MAC);
-	case SSL_AD_DECRYPTION_FAILED:	return(SSL3_AD_BAD_RECORD_MAC);
-	case SSL_AD_RECORD_OVERFLOW:	return(SSL3_AD_BAD_RECORD_MAC);
-	case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
-	case SSL_AD_HANDSHAKE_FAILURE:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_NO_CERTIFICATE:	return(SSL3_AD_NO_CERTIFICATE);
-	case SSL_AD_BAD_CERTIFICATE:	return(SSL3_AD_BAD_CERTIFICATE);
-	case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
-	case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
-	case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
-	case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
-	case SSL_AD_ILLEGAL_PARAMETER:	return(SSL3_AD_ILLEGAL_PARAMETER);
-	case SSL_AD_UNKNOWN_CA:		return(SSL3_AD_BAD_CERTIFICATE);
-	case SSL_AD_ACCESS_DENIED:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_DECODE_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_DECRYPT_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_EXPORT_RESTRICTION:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_PROTOCOL_VERSION:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_INTERNAL_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_USER_CANCELLED:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_NO_RENEGOTIATION:	return(-1); /* Don't send it :-) */
-	case SSL_AD_UNSUPPORTED_EXTENSION: return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_UNRECOGNIZED_NAME:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
-	case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
-	default:			return(-1);
-		}
-	}
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
deleted file mode 100644
index e752ebddac..0000000000
--- a/ssl/s3_lib.c
+++ /dev/null
@@ -1,4443 +0,0 @@
-/* ssl/s3_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#ifndef OPENSSL_NO_TLSEXT
-#ifndef OPENSSL_NO_EC
-#include "../crypto/ec/ec_lcl.h"
-#endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_NO_TLSEXT */
-#include <openssl/md5.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
-
-#define SSL3_NUM_CIPHERS	(sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
-
-/* list of available SSLv3 ciphers (sorted by id) */
-OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
-
-/* The RSA ciphers */
-/* Cipher 01 */
-	{
-	1,
-	SSL3_TXT_RSA_NULL_MD5,
-	SSL3_CK_RSA_NULL_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_eNULL,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_STRONG_NONE,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	0,
-	0,
-	},
-
-/* Cipher 02 */
-	{
-	1,
-	SSL3_TXT_RSA_NULL_SHA,
-	SSL3_CK_RSA_NULL_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_eNULL,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	0,
-	0,
-	},
-
-/* Cipher 03 */
-	{
-	1,
-	SSL3_TXT_RSA_RC4_40_MD5,
-	SSL3_CK_RSA_RC4_40_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_RC4,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	128,
-	},
-
-/* Cipher 04 */
-	{
-	1,
-	SSL3_TXT_RSA_RC4_128_MD5,
-	SSL3_CK_RSA_RC4_128_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_RC4,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-/* Cipher 05 */
-	{
-	1,
-	SSL3_TXT_RSA_RC4_128_SHA,
-	SSL3_CK_RSA_RC4_128_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-/* Cipher 06 */
-	{
-	1,
-	SSL3_TXT_RSA_RC2_40_MD5,
-	SSL3_CK_RSA_RC2_40_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_RC2,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	128,
-	},
-
-/* Cipher 07 */
-#ifndef OPENSSL_NO_IDEA
-	{
-	1,
-	SSL3_TXT_RSA_IDEA_128_SHA,
-	SSL3_CK_RSA_IDEA_128_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_IDEA,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-#endif
-
-/* Cipher 08 */
-	{
-	1,
-	SSL3_TXT_RSA_DES_40_CBC_SHA,
-	SSL3_CK_RSA_DES_40_CBC_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	56,
-	},
-
-/* Cipher 09 */
-	{
-	1,
-	SSL3_TXT_RSA_DES_64_CBC_SHA,
-	SSL3_CK_RSA_DES_64_CBC_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_LOW,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	56,
-	},
-
-/* Cipher 0A */
-	{
-	1,
-	SSL3_TXT_RSA_DES_192_CBC3_SHA,
-	SSL3_CK_RSA_DES_192_CBC3_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-/* The DH ciphers */
-/* Cipher 0B */
-	{
-	0,
-	SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
-	SSL3_CK_DH_DSS_DES_40_CBC_SHA,
-	SSL_kDHd,
-	SSL_aDH,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	56,
-	},
-
-/* Cipher 0C */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
-	SSL3_CK_DH_DSS_DES_64_CBC_SHA,
-	SSL_kDHd,
-	SSL_aDH,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_LOW,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	56,
-	},
-
-/* Cipher 0D */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
-	SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
-	SSL_kDHd,
-	SSL_aDH,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-/* Cipher 0E */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
-	SSL3_CK_DH_RSA_DES_40_CBC_SHA,
-	SSL_kDHr,
-	SSL_aDH,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	56,
-	},
-
-/* Cipher 0F */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
-	SSL3_CK_DH_RSA_DES_64_CBC_SHA,
-	SSL_kDHr,
-	SSL_aDH,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_LOW,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	56,
-	},
-
-/* Cipher 10 */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
-	SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
-	SSL_kDHr,
-	SSL_aDH,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-/* The Ephemeral DH ciphers */
-/* Cipher 11 */
-	{
-	1,
-	SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
-	SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	56,
-	},
-
-/* Cipher 12 */
-	{
-	1,
-	SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
-	SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_LOW,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	56,
-	},
-
-/* Cipher 13 */
-	{
-	1,
-	SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
-	SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-/* Cipher 14 */
-	{
-	1,
-	SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
-	SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
-	SSL_kEDH,
-	SSL_aRSA,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	56,
-	},
-
-/* Cipher 15 */
-	{
-	1,
-	SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
-	SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
-	SSL_kEDH,
-	SSL_aRSA,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_LOW,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	56,
-	},
-
-/* Cipher 16 */
-	{
-	1,
-	SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
-	SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
-	SSL_kEDH,
-	SSL_aRSA,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-/* Cipher 17 */
-	{
-	1,
-	SSL3_TXT_ADH_RC4_40_MD5,
-	SSL3_CK_ADH_RC4_40_MD5,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_RC4,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	128,
-	},
-
-/* Cipher 18 */
-	{
-	1,
-	SSL3_TXT_ADH_RC4_128_MD5,
-	SSL3_CK_ADH_RC4_128_MD5,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_RC4,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-/* Cipher 19 */
-	{
-	1,
-	SSL3_TXT_ADH_DES_40_CBC_SHA,
-	SSL3_CK_ADH_DES_40_CBC_SHA,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	128,
-	},
-
-/* Cipher 1A */
-	{
-	1,
-	SSL3_TXT_ADH_DES_64_CBC_SHA,
-	SSL3_CK_ADH_DES_64_CBC_SHA,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_LOW,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	56,
-	},
-
-/* Cipher 1B */
-	{
-	1,
-	SSL3_TXT_ADH_DES_192_CBC_SHA,
-	SSL3_CK_ADH_DES_192_CBC_SHA,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-/* Fortezza ciphersuite from SSL 3.0 spec */
-#if 0
-/* Cipher 1C */
-	{
-	0,
-	SSL3_TXT_FZA_DMS_NULL_SHA,
-	SSL3_CK_FZA_DMS_NULL_SHA,
-	SSL_kFZA,
-	SSL_aFZA,
-	SSL_eNULL,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_STRONG_NONE,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	0,
-	0,
-	},
-
-/* Cipher 1D */
-	{
-	0,
-	SSL3_TXT_FZA_DMS_FZA_SHA,
-	SSL3_CK_FZA_DMS_FZA_SHA,
-	SSL_kFZA,
-	SSL_aFZA,
-	SSL_eFZA,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_STRONG_NONE,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	0,
-	0,
-	},
-
-/* Cipher 1E */
-	{
-	0,
-	SSL3_TXT_FZA_DMS_RC4_SHA,
-	SSL3_CK_FZA_DMS_RC4_SHA,
-	SSL_kFZA,
-	SSL_aFZA,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-#endif
-
-#ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers*/
-/* Cipher 1E */
-	{
-	1,
-	SSL3_TXT_KRB5_DES_64_CBC_SHA,
-	SSL3_CK_KRB5_DES_64_CBC_SHA,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_LOW,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	56,
-	},
-
-/* Cipher 1F */
-	{
-	1,
-	SSL3_TXT_KRB5_DES_192_CBC3_SHA,
-	SSL3_CK_KRB5_DES_192_CBC3_SHA,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-/* Cipher 20 */
-	{
-	1,
-	SSL3_TXT_KRB5_RC4_128_SHA,
-	SSL3_CK_KRB5_RC4_128_SHA,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-/* Cipher 21 */
-	{
-	1,
-	SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
-	SSL3_CK_KRB5_IDEA_128_CBC_SHA,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_IDEA,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-/* Cipher 22 */
-	{
-	1,
-	SSL3_TXT_KRB5_DES_64_CBC_MD5,
-	SSL3_CK_KRB5_DES_64_CBC_MD5,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_DES,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_LOW,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	56,
-	},
-
-/* Cipher 23 */
-	{
-	1,
-	SSL3_TXT_KRB5_DES_192_CBC3_MD5,
-	SSL3_CK_KRB5_DES_192_CBC3_MD5,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_3DES,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-/* Cipher 24 */
-	{
-	1,
-	SSL3_TXT_KRB5_RC4_128_MD5,
-	SSL3_CK_KRB5_RC4_128_MD5,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_RC4,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-/* Cipher 25 */
-	{
-	1,
-	SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
-	SSL3_CK_KRB5_IDEA_128_CBC_MD5,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_IDEA,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-/* Cipher 26 */
-	{
-	1,
-	SSL3_TXT_KRB5_DES_40_CBC_SHA,
-	SSL3_CK_KRB5_DES_40_CBC_SHA,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	56,
-	},
-
-/* Cipher 27 */
-	{
-	1,
-	SSL3_TXT_KRB5_RC2_40_CBC_SHA,
-	SSL3_CK_KRB5_RC2_40_CBC_SHA,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_RC2,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	128,
-	},
-
-/* Cipher 28 */
-	{
-	1,
-	SSL3_TXT_KRB5_RC4_40_SHA,
-	SSL3_CK_KRB5_RC4_40_SHA,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	128,
-	},
-
-/* Cipher 29 */
-	{
-	1,
-	SSL3_TXT_KRB5_DES_40_CBC_MD5,
-	SSL3_CK_KRB5_DES_40_CBC_MD5,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_DES,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	56,
-	},
-
-/* Cipher 2A */
-	{
-	1,
-	SSL3_TXT_KRB5_RC2_40_CBC_MD5,
-	SSL3_CK_KRB5_RC2_40_CBC_MD5,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_RC2,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	128,
-	},
-
-/* Cipher 2B */
-	{
-	1,
-	SSL3_TXT_KRB5_RC4_40_MD5,
-	SSL3_CK_KRB5_RC4_40_MD5,
-	SSL_kKRB5,
-	SSL_aKRB5,
-	SSL_RC4,
-	SSL_MD5,
-	SSL_SSLV3,
-	SSL_EXPORT|SSL_EXP40,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	40,
-	128,
-	},
-#endif	/* OPENSSL_NO_KRB5 */
-
-/* New AES ciphersuites */
-/* Cipher 2F */
-	{
-	1,
-	TLS1_TXT_RSA_WITH_AES_128_SHA,
-	TLS1_CK_RSA_WITH_AES_128_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-/* Cipher 30 */
-	{
-	0,
-	TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
-	TLS1_CK_DH_DSS_WITH_AES_128_SHA,
-	SSL_kDHd,
-	SSL_aDH,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-/* Cipher 31 */
-	{
-	0,
-	TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
-	TLS1_CK_DH_RSA_WITH_AES_128_SHA,
-	SSL_kDHr,
-	SSL_aDH,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-/* Cipher 32 */
-	{
-	1,
-	TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
-	TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-/* Cipher 33 */
-	{
-	1,
-	TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
-	TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-	SSL_kEDH,
-	SSL_aRSA,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-/* Cipher 34 */
-	{
-	1,
-	TLS1_TXT_ADH_WITH_AES_128_SHA,
-	TLS1_CK_ADH_WITH_AES_128_SHA,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-/* Cipher 35 */
-	{
-	1,
-	TLS1_TXT_RSA_WITH_AES_256_SHA,
-	TLS1_CK_RSA_WITH_AES_256_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-/* Cipher 36 */
-	{
-	0,
-	TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
-	TLS1_CK_DH_DSS_WITH_AES_256_SHA,
-	SSL_kDHd,
-	SSL_aDH,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-/* Cipher 37 */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
-	TLS1_CK_DH_RSA_WITH_AES_256_SHA,
-	SSL_kDHr,
-	SSL_aDH,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-/* Cipher 38 */
-	{
-	1,
-	TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
-	TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-/* Cipher 39 */
-	{
-	1,
-	TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
-	TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-	SSL_kEDH,
-	SSL_aRSA,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher 3A */
-	{
-	1,
-	TLS1_TXT_ADH_WITH_AES_256_SHA,
-	TLS1_CK_ADH_WITH_AES_256_SHA,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* TLS v1.2 ciphersuites */
-	/* Cipher 3B */
-	{
-	1,
-	TLS1_TXT_RSA_WITH_NULL_SHA256,
-	TLS1_CK_RSA_WITH_NULL_SHA256,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_eNULL,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	0,
-	0,
-	},
-
-	/* Cipher 3C */
-	{
-	1,
-	TLS1_TXT_RSA_WITH_AES_128_SHA256,
-	TLS1_CK_RSA_WITH_AES_128_SHA256,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_AES128,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 3D */
-	{
-	1,
-	TLS1_TXT_RSA_WITH_AES_256_SHA256,
-	TLS1_CK_RSA_WITH_AES_256_SHA256,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_AES256,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher 3E */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
-	TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
-	SSL_kDHd,
-	SSL_aDH,
-	SSL_AES128,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 3F */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
-	TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
-	SSL_kDHr,
-	SSL_aDH,
-	SSL_AES128,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 40 */
-	{
-	1,
-	TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
-	TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_AES128,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-#ifndef OPENSSL_NO_CAMELLIA
-	/* Camellia ciphersuites from RFC4132 (128-bit portion) */
-
-	/* Cipher 41 */
-	{
-	1,
-	TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
-	TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_CAMELLIA128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 42 */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
-	TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
-	SSL_kDHd,
-	SSL_aDH,
-	SSL_CAMELLIA128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 43 */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
-	TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
-	SSL_kDHr,
-	SSL_aDH,
-	SSL_CAMELLIA128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 44 */
-	{
-	1,
-	TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-	TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_CAMELLIA128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 45 */
-	{
-	1,
-	TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-	TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-	SSL_kEDH,
-	SSL_aRSA,
-	SSL_CAMELLIA128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 46 */
-	{
-	1,
-	TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
-	TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_CAMELLIA128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-#endif /* OPENSSL_NO_CAMELLIA */
-
-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
-	/* New TLS Export CipherSuites from expired ID */
-#if 0
-	/* Cipher 60 */
-	{
-	1,
-	TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
-	TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_RC4,
-	SSL_MD5,
-	SSL_TLSV1,
-	SSL_EXPORT|SSL_EXP56,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	128,
-	},
-
-	/* Cipher 61 */
-	{
-	1,
-	TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-	TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_RC2,
-	SSL_MD5,
-	SSL_TLSV1,
-	SSL_EXPORT|SSL_EXP56,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	128,
-	},
-#endif
-
-	/* Cipher 62 */
-	{
-	1,
-	TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-	TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_EXPORT|SSL_EXP56,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	56,
-	},
-
-	/* Cipher 63 */
-	{
-	1,
-	TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-	TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_DES,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_EXPORT|SSL_EXP56,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	56,
-	},
-
-	/* Cipher 64 */
-	{
-	1,
-	TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
-	TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_EXPORT|SSL_EXP56,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	128,
-	},
-
-	/* Cipher 65 */
-	{
-	1,
-	TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-	TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_EXPORT|SSL_EXP56,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	56,
-	128,
-	},
-
-	/* Cipher 66 */
-	{
-	1,
-	TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
-	TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-#endif
-
-	/* TLS v1.2 ciphersuites */
-	/* Cipher 67 */
-	{
-	1,
-	TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
-	TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
-	SSL_kEDH,
-	SSL_aRSA,
-	SSL_AES128,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 68 */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
-	TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
-	SSL_kDHd,
-	SSL_aDH,
-	SSL_AES256,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher 69 */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
-	TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
-	SSL_kDHr,
-	SSL_aDH,
-	SSL_AES256,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher 6A */
-	{
-	1,
-	TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
-	TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_AES256,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher 6B */
-	{
-	1,
-	TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
-	TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
-	SSL_kEDH,
-	SSL_aRSA,
-	SSL_AES256,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher 6C */
-	{
-	1,
-	TLS1_TXT_ADH_WITH_AES_128_SHA256,
-	TLS1_CK_ADH_WITH_AES_128_SHA256,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_AES128,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 6D */
-	{
-	1,
-	TLS1_TXT_ADH_WITH_AES_256_SHA256,
-	TLS1_CK_ADH_WITH_AES_256_SHA256,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_AES256,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* GOST Ciphersuites */
-
-	{
-	1,
-	"GOST94-GOST89-GOST89",
-	0x3000080,
-	SSL_kGOST,
-	SSL_aGOST94,
-	SSL_eGOST2814789CNT,
-	SSL_GOST89MAC,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
-	256,
-	256
-	},
-	{
-	1,
-	"GOST2001-GOST89-GOST89",
-	0x3000081,
-	SSL_kGOST,
-	SSL_aGOST01,
-	SSL_eGOST2814789CNT,
-	SSL_GOST89MAC,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94|TLS1_STREAM_MAC,
-	256,
-	256
-	},
-	{
-	1,
-	"GOST94-NULL-GOST94",
-	0x3000082,
-	SSL_kGOST,
-	SSL_aGOST94,
-	SSL_eNULL,
-	SSL_GOST94,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_STRONG_NONE,
-	SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
-	0,
-	0
-	},
-	{
-	1,
-	"GOST2001-NULL-GOST94",
-	0x3000083,
-	SSL_kGOST,
-	SSL_aGOST01,
-	SSL_eNULL,
-	SSL_GOST94,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_STRONG_NONE,
-	SSL_HANDSHAKE_MAC_GOST94|TLS1_PRF_GOST94,
-	0,
-	0
-	},
-
-#ifndef OPENSSL_NO_CAMELLIA
-	/* Camellia ciphersuites from RFC4132 (256-bit portion) */
-
-	/* Cipher 84 */
-	{
-	1,
-	TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
-	TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_CAMELLIA256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-	/* Cipher 85 */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
-	TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
-	SSL_kDHd,
-	SSL_aDH,
-	SSL_CAMELLIA256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher 86 */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
-	TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
-	SSL_kDHr,
-	SSL_aDH,
-	SSL_CAMELLIA256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher 87 */
-	{
-	1,
-	TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-	TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_CAMELLIA256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher 88 */
-	{
-	1,
-	TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-	TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-	SSL_kEDH,
-	SSL_aRSA,
-	SSL_CAMELLIA256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher 89 */
-	{
-	1,
-	TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
-	TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_CAMELLIA256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-#endif /* OPENSSL_NO_CAMELLIA */
-
-#ifndef OPENSSL_NO_PSK
-	/* Cipher 8A */
-	{
-	1,
-	TLS1_TXT_PSK_WITH_RC4_128_SHA,
-	TLS1_CK_PSK_WITH_RC4_128_SHA,
-	SSL_kPSK,
-	SSL_aPSK,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 8B */
-	{
-	1,
-	TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
-	TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
-	SSL_kPSK,
-	SSL_aPSK,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-	/* Cipher 8C */
-	{
-	1,
-	TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
-	TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
-	SSL_kPSK,
-	SSL_aPSK,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 8D */
-	{
-	1,
-	TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
-	TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
-	SSL_kPSK,
-	SSL_aPSK,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-#endif  /* OPENSSL_NO_PSK */
-
-#ifndef OPENSSL_NO_SEED
-	/* SEED ciphersuites from RFC4162 */
-
-	/* Cipher 96 */
-	{
-	1,
-	TLS1_TXT_RSA_WITH_SEED_SHA,
-	TLS1_CK_RSA_WITH_SEED_SHA,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_SEED,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 97 */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	TLS1_TXT_DH_DSS_WITH_SEED_SHA,
-	TLS1_CK_DH_DSS_WITH_SEED_SHA,
-	SSL_kDHd,
-	SSL_aDH,
-	SSL_SEED,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 98 */
-	{
-	0, /* not implemented (non-ephemeral DH) */
-	TLS1_TXT_DH_RSA_WITH_SEED_SHA,
-	TLS1_CK_DH_RSA_WITH_SEED_SHA,
-	SSL_kDHr,
-	SSL_aDH,
-	SSL_SEED,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 99 */
-	{
-	1,
-	TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
-	TLS1_CK_DHE_DSS_WITH_SEED_SHA,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_SEED,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 9A */
-	{
-	1,
-	TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
-	TLS1_CK_DHE_RSA_WITH_SEED_SHA,
-	SSL_kEDH,
-	SSL_aRSA,
-	SSL_SEED,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher 9B */
-	{
-	1,
-	TLS1_TXT_ADH_WITH_SEED_SHA,
-	TLS1_CK_ADH_WITH_SEED_SHA,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_SEED,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-#endif /* OPENSSL_NO_SEED */
-
-	/* GCM ciphersuites from RFC5288 */
-
-	/* Cipher 9C */
-	{
-	1,
-	TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
-	TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_AES128GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher 9D */
-	{
-	1,
-	TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
-	TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_AES256GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-	/* Cipher 9E */
-	{
-	1,
-	TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
-	TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
-	SSL_kEDH,
-	SSL_aRSA,
-	SSL_AES128GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher 9F */
-	{
-	1,
-	TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
-	TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
-	SSL_kEDH,
-	SSL_aRSA,
-	SSL_AES256GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-	/* Cipher A0 */
-	{
-	0,
-	TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
-	TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
-	SSL_kDHr,
-	SSL_aDH,
-	SSL_AES128GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher A1 */
-	{
-	0,
-	TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
-	TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
-	SSL_kDHr,
-	SSL_aDH,
-	SSL_AES256GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-	/* Cipher A2 */
-	{
-	1,
-	TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
-	TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_AES128GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher A3 */
-	{
-	1,
-	TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
-	TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
-	SSL_kEDH,
-	SSL_aDSS,
-	SSL_AES256GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-	/* Cipher A4 */
-	{
-	0,
-	TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
-	TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
-	SSL_kDHd,
-	SSL_aDH,
-	SSL_AES128GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher A5 */
-	{
-	0,
-	TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
-	TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
-	SSL_kDHd,
-	SSL_aDH,
-	SSL_AES256GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-	/* Cipher A6 */
-	{
-	1,
-	TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
-	TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_AES128GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher A7 */
-	{
-	1,
-	TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
-	TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
-	SSL_kEDH,
-	SSL_aNULL,
-	SSL_AES256GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-#ifndef OPENSSL_NO_ECDH
-	/* Cipher C001 */
-	{
-	1,
-	TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
-	TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
-	SSL_kECDHe,
-	SSL_aECDH,
-	SSL_eNULL,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	0,
-	0,
-	},
-
-	/* Cipher C002 */
-	{
-	1,
-	TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
-	TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
-	SSL_kECDHe,
-	SSL_aECDH,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C003 */
-	{
-	1,
-	TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-	TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-	SSL_kECDHe,
-	SSL_aECDH,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-	/* Cipher C004 */
-	{
-	1,
-	TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-	TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-	SSL_kECDHe,
-	SSL_aECDH,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C005 */
-	{
-	1,
-	TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-	TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-	SSL_kECDHe,
-	SSL_aECDH,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher C006 */
-	{
-	1,
-	TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
-	TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
-	SSL_kEECDH,
-	SSL_aECDSA,
-	SSL_eNULL,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	0,
-	0,
-	},
-
-	/* Cipher C007 */
-	{
-	1,
-	TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
-	TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
-	SSL_kEECDH,
-	SSL_aECDSA,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C008 */
-	{
-	1,
-	TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-	TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-	SSL_kEECDH,
-	SSL_aECDSA,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-	/* Cipher C009 */
-	{
-	1,
-	TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-	TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-	SSL_kEECDH,
-	SSL_aECDSA,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C00A */
-	{
-	1,
-	TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-	TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-	SSL_kEECDH,
-	SSL_aECDSA,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher C00B */
-	{
-	1,
-	TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
-	TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
-	SSL_kECDHr,
-	SSL_aECDH,
-	SSL_eNULL,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	0,
-	0,
-	},
-
-	/* Cipher C00C */
-	{
-	1,
-	TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
-	TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
-	SSL_kECDHr,
-	SSL_aECDH,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C00D */
-	{
-	1,
-	TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-	TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-	SSL_kECDHr,
-	SSL_aECDH,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-	/* Cipher C00E */
-	{
-	1,
-	TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
-	TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
-	SSL_kECDHr,
-	SSL_aECDH,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C00F */
-	{
-	1,
-	TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
-	TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
-	SSL_kECDHr,
-	SSL_aECDH,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher C010 */
-	{
-	1,
-	TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
-	TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
-	SSL_kEECDH,
-	SSL_aRSA,
-	SSL_eNULL,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	0,
-	0,
-	},
-
-	/* Cipher C011 */
-	{
-	1,
-	TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
-	TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
-	SSL_kEECDH,
-	SSL_aRSA,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C012 */
-	{
-	1,
-	TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-	TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-	SSL_kEECDH,
-	SSL_aRSA,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-	/* Cipher C013 */
-	{
-	1,
-	TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-	TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-	SSL_kEECDH,
-	SSL_aRSA,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C014 */
-	{
-	1,
-	TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-	TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-	SSL_kEECDH,
-	SSL_aRSA,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher C015 */
-	{
-	1,
-	TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
-	TLS1_CK_ECDH_anon_WITH_NULL_SHA,
-	SSL_kEECDH,
-	SSL_aNULL,
-	SSL_eNULL,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	0,
-	0,
-	},
-
-	/* Cipher C016 */
-	{
-	1,
-	TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
-	TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
-	SSL_kEECDH,
-	SSL_aNULL,
-	SSL_RC4,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_MEDIUM,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C017 */
-	{
-	1,
-	TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
-	TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
-	SSL_kEECDH,
-	SSL_aNULL,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-	/* Cipher C018 */
-	{
-	1,
-	TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
-	TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
-	SSL_kEECDH,
-	SSL_aNULL,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C019 */
-	{
-	1,
-	TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
-	TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
-	SSL_kEECDH,
-	SSL_aNULL,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-#endif	/* OPENSSL_NO_ECDH */
-
-#ifndef OPENSSL_NO_SRP
-	/* Cipher C01A */
-	{
-	1,
-	TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
-	TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
-	SSL_kSRP,
-	SSL_aSRP,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-	/* Cipher C01B */
-	{
-	1,
-	TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
-	TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
-	SSL_kSRP,
-	SSL_aRSA,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-	/* Cipher C01C */
-	{
-	1,
-	TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
-	TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
-	SSL_kSRP,
-	SSL_aDSS,
-	SSL_3DES,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	112,
-	168,
-	},
-
-	/* Cipher C01D */
-	{
-	1,
-	TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
-	TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
-	SSL_kSRP,
-	SSL_aSRP,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C01E */
-	{
-	1,
-	TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
-	TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
-	SSL_kSRP,
-	SSL_aRSA,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C01F */
-	{
-	1,
-	TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
-	TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
-	SSL_kSRP,
-	SSL_aDSS,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C020 */
-	{
-	1,
-	TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
-	TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
-	SSL_kSRP,
-	SSL_aSRP,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher C021 */
-	{
-	1,
-	TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
-	TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
-	SSL_kSRP,
-	SSL_aRSA,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-
-	/* Cipher C022 */
-	{
-	1,
-	TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
-	TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
-	SSL_kSRP,
-	SSL_aDSS,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-#endif  /* OPENSSL_NO_SRP */
-#ifndef OPENSSL_NO_ECDH
-
-	/* HMAC based TLS v1.2 ciphersuites from RFC5289 */
-
-	/* Cipher C023 */
-	{
-	1,
-	TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
-	TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
-	SSL_kEECDH,
-	SSL_aECDSA,
-	SSL_AES128,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher C024 */
-	{
-	1,
-	TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
-	TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
-	SSL_kEECDH,
-	SSL_aECDSA,
-	SSL_AES256,
-	SSL_SHA384,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-	/* Cipher C025 */
-	{
-	1,
-	TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
-	TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
-	SSL_kECDHe,
-	SSL_aECDH,
-	SSL_AES128,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher C026 */
-	{
-	1,
-	TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
-	TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
-	SSL_kECDHe,
-	SSL_aECDH,
-	SSL_AES256,
-	SSL_SHA384,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-	/* Cipher C027 */
-	{
-	1,
-	TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
-	TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
-	SSL_kEECDH,
-	SSL_aRSA,
-	SSL_AES128,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher C028 */
-	{
-	1,
-	TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
-	TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
-	SSL_kEECDH,
-	SSL_aRSA,
-	SSL_AES256,
-	SSL_SHA384,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-	/* Cipher C029 */
-	{
-	1,
-	TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
-	TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
-	SSL_kECDHr,
-	SSL_aECDH,
-	SSL_AES128,
-	SSL_SHA256,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher C02A */
-	{
-	1,
-	TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
-	TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
-	SSL_kECDHr,
-	SSL_aECDH,
-	SSL_AES256,
-	SSL_SHA384,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-	/* GCM based TLS v1.2 ciphersuites from RFC5289 */
-
-	/* Cipher C02B */
-	{
-	1,
-	TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	SSL_kEECDH,
-	SSL_aECDSA,
-	SSL_AES128GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher C02C */
-	{
-	1,
-	TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	SSL_kEECDH,
-	SSL_aECDSA,
-	SSL_AES256GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-	/* Cipher C02D */
-	{
-	1,
-	TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-	TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-	SSL_kECDHe,
-	SSL_aECDH,
-	SSL_AES128GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher C02E */
-	{
-	1,
-	TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-	TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-	SSL_kECDHe,
-	SSL_aECDH,
-	SSL_AES256GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-	/* Cipher C02F */
-	{
-	1,
-	TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	SSL_kEECDH,
-	SSL_aRSA,
-	SSL_AES128GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher C030 */
-	{
-	1,
-	TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	SSL_kEECDH,
-	SSL_aRSA,
-	SSL_AES256GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-	/* Cipher C031 */
-	{
-	1,
-	TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-	TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-	SSL_kECDHr,
-	SSL_aECDH,
-	SSL_AES128GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
-	128,
-	128,
-	},
-
-	/* Cipher C032 */
-	{
-	1,
-	TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-	TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-	SSL_kECDHr,
-	SSL_aECDH,
-	SSL_AES256GCM,
-	SSL_AEAD,
-	SSL_TLSV1_2,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
-	256,
-	256,
-	},
-
-#ifndef OPENSSL_NO_PSK
-    /* ECDH PSK ciphersuites from RFC 5489 */
-	/* Cipher C035 */
-	{
-	1,
-	TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
-	TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
-	SSL_kEECDH,
-	SSL_aPSK,
-	SSL_AES128,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	128,
-	128,
-	},
-
-	/* Cipher C036 */
-	{
-	1,
-	TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
-	TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
-	SSL_kEECDH,
-	SSL_aPSK,
-	SSL_AES256,
-	SSL_SHA1,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-#endif /* OPENSSL_NO_PSK */
-
-#endif /* OPENSSL_NO_ECDH */
-
-
-#ifdef TEMP_GOST_TLS
-/* Cipher FF00 */
-	{
-	1,
-	"GOST-MD5",
-	0x0300ff00,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_eGOST2814789CNT,
-	SSL_MD5,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256,
-	},
-	{
-	1,
-	"GOST-GOST94",
-	0x0300ff01,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_eGOST2814789CNT,
-	SSL_GOST94,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256
-	},
-	{
-	1,
-	"GOST-GOST89MAC",
-	0x0300ff02,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_eGOST2814789CNT,
-	SSL_GOST89MAC,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-	256,
-	256
-	},
-	{
-	1,
-	"GOST-GOST89STREAM",
-	0x0300ff03,
-	SSL_kRSA,
-	SSL_aRSA,
-	SSL_eGOST2814789CNT,
-	SSL_GOST89MAC,
-	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF|TLS1_STREAM_MAC,
-	256,
-	256
-	},
-#endif
-
-/* end of list */
-	};
-
-SSL3_ENC_METHOD SSLv3_enc_data={
-	ssl3_enc,
-	n_ssl3_mac,
-	ssl3_setup_key_block,
-	ssl3_generate_master_secret,
-	ssl3_change_cipher_state,
-	ssl3_final_finish_mac,
-	MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
-	ssl3_cert_verify_mac,
-	SSL3_MD_CLIENT_FINISHED_CONST,4,
-	SSL3_MD_SERVER_FINISHED_CONST,4,
-	ssl3_alert_code,
-	(int (*)(SSL *, unsigned char *, size_t, const char *,
-		 size_t, const unsigned char *, size_t,
-		 int use_context))ssl_undefined_function,
-	};
-
-long ssl3_default_timeout(void)
-	{
-	/* 2 hours, the 24 hours mentioned in the SSLv3 spec
-	 * is way too long for http, the cache would over fill */
-	return(60*60*2);
-	}
-
-int ssl3_num_ciphers(void)
-	{
-	return(SSL3_NUM_CIPHERS);
-	}
-
-const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
-	{
-	if (u < SSL3_NUM_CIPHERS)
-		return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
-	else
-		return(NULL);
-	}
-
-int ssl3_pending(const SSL *s)
-	{
-	if (s->rstate == SSL_ST_READ_BODY)
-		return 0;
-	
-	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
-	}
-
-int ssl3_new(SSL *s)
-	{
-	SSL3_STATE *s3;
-
-	if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
-	memset(s3,0,sizeof *s3);
-	memset(s3->rrec.seq_num,0,sizeof(s3->rrec.seq_num));
-	memset(s3->wrec.seq_num,0,sizeof(s3->wrec.seq_num));
-
-	s->s3=s3;
-
-#ifndef OPENSSL_NO_SRP
-	SSL_SRP_CTX_init(s);
-#endif
-#if !defined(OPENSSL_NO_TLSEXT)
-	s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled;
-	if (s->ctx->tlsext_channel_id_private)
-		s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_channel_id_private);
-#endif
-	s->method->ssl_clear(s);
-	return(1);
-err:
-	return(0);
-	}
-
-void ssl3_free(SSL *s)
-	{
-	if(s == NULL)
-	    return;
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	if (s->s3->client_opaque_prf_input != NULL)
-		OPENSSL_free(s->s3->client_opaque_prf_input);
-	if (s->s3->server_opaque_prf_input != NULL)
-		OPENSSL_free(s->s3->server_opaque_prf_input);
-#endif
-
-	ssl3_cleanup_key_block(s);
-	if (s->s3->rbuf.buf != NULL)
-		ssl3_release_read_buffer(s);
-	if (s->s3->wbuf.buf != NULL)
-		ssl3_release_write_buffer(s);
-	if (s->s3->rrec.comp != NULL)
-		OPENSSL_free(s->s3->rrec.comp);
-#ifndef OPENSSL_NO_DH
-	if (s->s3->tmp.dh != NULL)
-		DH_free(s->s3->tmp.dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
-	if (s->s3->tmp.ecdh != NULL)
-		EC_KEY_free(s->s3->tmp.ecdh);
-#endif
-
-	if (s->s3->tmp.ca_names != NULL)
-		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-	if (s->s3->handshake_buffer) {
-		BIO_free(s->s3->handshake_buffer);
-	}
-	if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
-#ifndef OPENSSL_NO_TLSEXT
-	if (s->s3->alpn_selected)
-		OPENSSL_free(s->s3->alpn_selected);
-#endif
-
-#ifndef OPENSSL_NO_SRP
-	SSL_SRP_CTX_free(s);
-#endif
-	OPENSSL_cleanse(s->s3,sizeof *s->s3);
-	OPENSSL_free(s->s3);
-	s->s3=NULL;
-	}
-
-void ssl3_clear(SSL *s)
-	{
-	unsigned char *rp,*wp;
-	size_t rlen, wlen;
-	int init_extra;
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	if (s->s3->client_opaque_prf_input != NULL)
-		OPENSSL_free(s->s3->client_opaque_prf_input);
-	s->s3->client_opaque_prf_input = NULL;
-	if (s->s3->server_opaque_prf_input != NULL)
-		OPENSSL_free(s->s3->server_opaque_prf_input);
-	s->s3->server_opaque_prf_input = NULL;
-#endif
-
-	ssl3_cleanup_key_block(s);
-	if (s->s3->tmp.ca_names != NULL)
-		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-
-	if (s->s3->rrec.comp != NULL)
-		{
-		OPENSSL_free(s->s3->rrec.comp);
-		s->s3->rrec.comp=NULL;
-		}
-#ifndef OPENSSL_NO_DH
-	if (s->s3->tmp.dh != NULL)
-		{
-		DH_free(s->s3->tmp.dh);
-		s->s3->tmp.dh = NULL;
-		}
-#endif
-#ifndef OPENSSL_NO_ECDH
-	if (s->s3->tmp.ecdh != NULL)
-		{
-		EC_KEY_free(s->s3->tmp.ecdh);
-		s->s3->tmp.ecdh = NULL;
-		}
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-#ifndef OPENSSL_NO_EC
-	s->s3->is_probably_safari = 0;
-#endif /* !OPENSSL_NO_EC */
-#endif /* !OPENSSL_NO_TLSEXT */
-
-	rp = s->s3->rbuf.buf;
-	wp = s->s3->wbuf.buf;
-	rlen = s->s3->rbuf.len;
- 	wlen = s->s3->wbuf.len;
-	init_extra = s->s3->init_extra;
-	if (s->s3->handshake_buffer) {
-		BIO_free(s->s3->handshake_buffer);
-		s->s3->handshake_buffer = NULL;
-	}
-	if (s->s3->handshake_dgst) {
-		ssl3_free_digest_list(s);
-	}	
-
-#if !defined(OPENSSL_NO_TLSEXT)
-	if (s->s3->alpn_selected)
-		{
-		free(s->s3->alpn_selected);
-		s->s3->alpn_selected = NULL;
-		}
-#endif
-	memset(s->s3,0,sizeof *s->s3);
-	s->s3->rbuf.buf = rp;
-	s->s3->wbuf.buf = wp;
-	s->s3->rbuf.len = rlen;
- 	s->s3->wbuf.len = wlen;
-	s->s3->init_extra = init_extra;
-
-	ssl_free_wbio_buffer(s);
-
-	s->packet_length=0;
-	s->s3->renegotiate=0;
-	s->s3->total_renegotiations=0;
-	s->s3->num_renegotiations=0;
-	s->s3->in_read_app_data=0;
-	s->version=SSL3_VERSION;
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-	if (s->next_proto_negotiated)
-		{
-		OPENSSL_free(s->next_proto_negotiated);
-		s->next_proto_negotiated = NULL;
-		s->next_proto_negotiated_len = 0;
-		}
-#endif
-
-#if !defined(OPENSSL_NO_TLSEXT)
-	s->s3->tlsext_channel_id_valid = 0;
-#endif
-	}
-
-#ifndef OPENSSL_NO_SRP
-static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
-	{
-	return BUF_strdup(s->srp_ctx.info) ;
-	}
-#endif
-
-long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
-	{
-	int ret=0;
-
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
-	if (
-#ifndef OPENSSL_NO_RSA
-	    cmd == SSL_CTRL_SET_TMP_RSA ||
-	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
-	    cmd == SSL_CTRL_SET_TMP_DH ||
-	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
-		0)
-		{
-		if (!ssl_cert_inst(&s->cert))
-		    	{
-			SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		}
-#endif
-
-	switch (cmd)
-		{
-	case SSL_CTRL_GET_SESSION_REUSED:
-		ret=s->hit;
-		break;
-	case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
-		break;
-	case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
-		ret=s->s3->num_renegotiations;
-		break;
-	case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
-		ret=s->s3->num_renegotiations;
-		s->s3->num_renegotiations=0;
-		break;
-	case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
-		ret=s->s3->total_renegotiations;
-		break;
-	case SSL_CTRL_GET_FLAGS:
-		ret=(int)(s->s3->flags);
-		break;
-#ifndef OPENSSL_NO_RSA
-	case SSL_CTRL_NEED_TMP_RSA:
-		if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
-		    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
-		     (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
-			ret = 1;
-		break;
-	case SSL_CTRL_SET_TMP_RSA:
-		{
-			RSA *rsa = (RSA *)parg;
-			if (rsa == NULL)
-				{
-				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-				return(ret);
-				}
-			if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
-				{
-				SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
-				return(ret);
-				}
-			if (s->cert->rsa_tmp != NULL)
-				RSA_free(s->cert->rsa_tmp);
-			s->cert->rsa_tmp = rsa;
-			ret = 1;
-		}
-		break;
-	case SSL_CTRL_SET_TMP_RSA_CB:
-		{
-		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return(ret);
-		}
-		break;
-#endif
-#ifndef OPENSSL_NO_DH
-	case SSL_CTRL_SET_TMP_DH:
-		{
-			DH *dh = (DH *)parg;
-			if (dh == NULL)
-				{
-				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-				return(ret);
-				}
-			if ((dh = DHparams_dup(dh)) == NULL)
-				{
-				SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
-				return(ret);
-				}
-			if (!(s->options & SSL_OP_SINGLE_DH_USE))
-				{
-				if (!DH_generate_key(dh))
-					{
-					DH_free(dh);
-					SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
-					return(ret);
-					}
-				}
-			if (s->cert->dh_tmp != NULL)
-				DH_free(s->cert->dh_tmp);
-			s->cert->dh_tmp = dh;
-			ret = 1;
-		}
-		break;
-	case SSL_CTRL_SET_TMP_DH_CB:
-		{
-		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return(ret);
-		}
-		break;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	case SSL_CTRL_SET_TMP_ECDH:
-		{
-		EC_KEY *ecdh = NULL;
- 			
-		if (parg == NULL)
-			{
-			SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
-			return(ret);
-			}
-		if (!EC_KEY_up_ref((EC_KEY *)parg))
-			{
-			SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
-			return(ret);
-			}
-		ecdh = (EC_KEY *)parg;
-		if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
-			{
-			if (!EC_KEY_generate_key(ecdh))
-				{
-				EC_KEY_free(ecdh);
-				SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
-				return(ret);
-				}
-			}
-		if (s->cert->ecdh_tmp != NULL)
-			EC_KEY_free(s->cert->ecdh_tmp);
-		s->cert->ecdh_tmp = ecdh;
-		ret = 1;
-		}
-		break;
-	case SSL_CTRL_SET_TMP_ECDH_CB:
-		{
-		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return(ret);
-		}
-		break;
-#endif /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_TLSEXT
-	case SSL_CTRL_SET_TLSEXT_HOSTNAME:
- 		if (larg == TLSEXT_NAMETYPE_host_name)
-			{
-			if (s->tlsext_hostname != NULL) 
-				OPENSSL_free(s->tlsext_hostname);
-			s->tlsext_hostname = NULL;
-
-			ret = 1;
-			if (parg == NULL) 
-				break;
-			if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
-				{
-				SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
-				return 0;
-				}
-			if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
-				{
-				SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
-				return 0;
-				}
-			}
-		else
-			{
-			SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
-			return 0;
-			}
- 		break;
-	case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
-		s->tlsext_debug_arg=parg;
-		ret = 1;
-		break;
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
-		if (larg > 12288) /* actual internal limit is 2^16 for the complete hello message
-		                   * (including the cert chain and everything) */
-			{
-			SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
-			break;
-			}
-		if (s->tlsext_opaque_prf_input != NULL)
-			OPENSSL_free(s->tlsext_opaque_prf_input);
-		if ((size_t)larg == 0)
-			s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
-		else
-			s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
-		if (s->tlsext_opaque_prf_input != NULL)
-			{
-			s->tlsext_opaque_prf_input_len = (size_t)larg;
-			ret = 1;
-			}
-		else
-			s->tlsext_opaque_prf_input_len = 0;
-		break;
-#endif
-
-	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
-		s->tlsext_status_type=larg;
-		ret = 1;
-		break;
-
-	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
-		*(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
-		ret = 1;
-		break;
-
-	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
-		s->tlsext_ocsp_exts = parg;
-		ret = 1;
-		break;
-
-	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
-		*(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
-		ret = 1;
-		break;
-
-	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
-		s->tlsext_ocsp_ids = parg;
-		ret = 1;
-		break;
-
-	case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
-		*(unsigned char **)parg = s->tlsext_ocsp_resp;
-		return s->tlsext_ocsp_resplen;
-		
-	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
-		if (s->tlsext_ocsp_resp)
-			OPENSSL_free(s->tlsext_ocsp_resp);
-		s->tlsext_ocsp_resp = parg;
-		s->tlsext_ocsp_resplen = larg;
-		ret = 1;
-		break;
-
-#ifndef OPENSSL_NO_HEARTBEATS
-	case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
-		if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
-			ret = dtls1_heartbeat(s);
-		else
-			ret = tls1_heartbeat(s);
-		break;
-
-	case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
-		ret = s->tlsext_hb_pending;
-		break;
-
-	case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
-		if (larg)
-			s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
-		else
-			s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
-		ret = 1;
-		break;
-#endif
-	case SSL_CTRL_CHANNEL_ID:
-		s->tlsext_channel_id_enabled = 1;
-		ret = 1;
-		break;
-
-	case SSL_CTRL_SET_CHANNEL_ID:
-		if (s->server)
-			break;
-		s->tlsext_channel_id_enabled = 1;
-		if (EVP_PKEY_bits(parg) != 256)
-			{
-			SSLerr(SSL_F_SSL3_CTRL,SSL_R_CHANNEL_ID_NOT_P256);
-			break;
-			}
-		if (s->tlsext_channel_id_private)
-			EVP_PKEY_free(s->tlsext_channel_id_private);
-		s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
-		ret = 1;
-		break;
-
-	case SSL_CTRL_GET_CHANNEL_ID:
-		if (!s->server)
-			break;
-		if (!s->s3->tlsext_channel_id_valid)
-			break;
-		memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);
-		return 64;
-
-#endif /* !OPENSSL_NO_TLSEXT */
-
-	case SSL_CTRL_CHECK_PROTO_VERSION:
-		/* For library-internal use; checks that the current protocol
-		 * is the highest enabled version (according to s->ctx->method,
-		 * as version negotiation may have changed s->method). */
-		if (s->version == s->ctx->method->version)
-			return 1;
-		/* Apparently we're using a version-flexible SSL_METHOD
-		 * (not at its highest protocol version). */
-		if (s->ctx->method->version == SSLv23_method()->version)
-			{
-#if TLS_MAX_VERSION != TLS1_2_VERSION
-#  error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION.
-#endif
-			if (!(s->options & SSL_OP_NO_TLSv1_2))
-				return s->version == TLS1_2_VERSION;
-			if (!(s->options & SSL_OP_NO_TLSv1_1))
-				return s->version == TLS1_1_VERSION;
-			if (!(s->options & SSL_OP_NO_TLSv1))
-				return s->version == TLS1_VERSION;
-			if (!(s->options & SSL_OP_NO_SSLv3))
-				return s->version == SSL3_VERSION;
-			if (!(s->options & SSL_OP_NO_SSLv2))
-				return s->version == SSL2_VERSION;
-			}
-		return 0; /* Unexpected state; fail closed. */
-
-	default:
-		break;
-		}
-	return(ret);
-	}
-
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
-	{
-	int ret=0;
-
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
-	if (
-#ifndef OPENSSL_NO_RSA
-	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
-	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
-		0)
-		{
-		if (!ssl_cert_inst(&s->cert))
-			{
-			SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		}
-#endif
-
-	switch (cmd)
-		{
-#ifndef OPENSSL_NO_RSA
-	case SSL_CTRL_SET_TMP_RSA_CB:
-		{
-		s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
-		}
-		break;
-#endif
-#ifndef OPENSSL_NO_DH
-	case SSL_CTRL_SET_TMP_DH_CB:
-		{
-		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
-		}
-		break;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	case SSL_CTRL_SET_TMP_ECDH_CB:
-		{
-		s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
-		}
-		break;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-	case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
-		s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
-					unsigned char *, int, void *))fp;
-		break;
-#endif
-	default:
-		break;
-		}
-	return(ret);
-	}
-
-long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
-	{
-	CERT *cert;
-
-	cert=ctx->cert;
-
-	switch (cmd)
-		{
-#ifndef OPENSSL_NO_RSA
-	case SSL_CTRL_NEED_TMP_RSA:
-		if (	(cert->rsa_tmp == NULL) &&
-			((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
-			 (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
-			)
-			return(1);
-		else
-			return(0);
-		/* break; */
-	case SSL_CTRL_SET_TMP_RSA:
-		{
-		RSA *rsa;
-		int i;
-
-		rsa=(RSA *)parg;
-		i=1;
-		if (rsa == NULL)
-			i=0;
-		else
-			{
-			if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
-				i=0;
-			}
-		if (!i)
-			{
-			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
-			return(0);
-			}
-		else
-			{
-			if (cert->rsa_tmp != NULL)
-				RSA_free(cert->rsa_tmp);
-			cert->rsa_tmp=rsa;
-			return(1);
-			}
-		}
-		/* break; */
-	case SSL_CTRL_SET_TMP_RSA_CB:
-		{
-		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return(0);
-		}
-		break;
-#endif
-#ifndef OPENSSL_NO_DH
-	case SSL_CTRL_SET_TMP_DH:
-		{
-		DH *new=NULL,*dh;
-
-		dh=(DH *)parg;
-		if ((new=DHparams_dup(dh)) == NULL)
-			{
-			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
-			return 0;
-			}
-		if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
-			{
-			if (!DH_generate_key(new))
-				{
-				SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
-				DH_free(new);
-				return 0;
-				}
-			}
-		if (cert->dh_tmp != NULL)
-			DH_free(cert->dh_tmp);
-		cert->dh_tmp=new;
-		return 1;
-		}
-		/*break; */
-	case SSL_CTRL_SET_TMP_DH_CB:
-		{
-		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return(0);
-		}
-		break;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	case SSL_CTRL_SET_TMP_ECDH:
-		{
-		EC_KEY *ecdh = NULL;
- 			
-		if (parg == NULL)
-			{
-			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
-			return 0;
-			}
-		ecdh = EC_KEY_dup((EC_KEY *)parg);
-		if (ecdh == NULL)
-			{
-			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
-			return 0;
-			}
-		if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
-			{
-			if (!EC_KEY_generate_key(ecdh))
-				{
-				EC_KEY_free(ecdh);
-				SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
-				return 0;
-				}
-			}
-
-		if (cert->ecdh_tmp != NULL)
-			{
-			EC_KEY_free(cert->ecdh_tmp);
-			}
-		cert->ecdh_tmp = ecdh;
-		return 1;
-		}
-		/* break; */
-	case SSL_CTRL_SET_TMP_ECDH_CB:
-		{
-		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return(0);
-		}
-		break;
-#endif /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_TLSEXT
-	case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
-		ctx->tlsext_servername_arg=parg;
-		break;
-	case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
-	case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
-		{
-		unsigned char *keys = parg;
-		if (!keys)
-			return 48;
-		if (larg != 48)
-			{
-			SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
-			return 0;
-			}
-		if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
-			{
-			memcpy(ctx->tlsext_tick_key_name, keys, 16);
-			memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
-			memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
-			}
-		else
-			{
-			memcpy(keys, ctx->tlsext_tick_key_name, 16);
-			memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
-			memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
-			}
-		return 1;
-		}
-	case SSL_CTRL_CHANNEL_ID:
-		/* must be called on a server */
-		if (ctx->method->ssl_accept == ssl_undefined_function)
-			return 0;
-		ctx->tlsext_channel_id_enabled=1;
-		return 1;
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
-		ctx->tlsext_opaque_prf_input_callback_arg = parg;
-		return 1;
-#endif
-
-	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
-		ctx->tlsext_status_arg=parg;
-		return 1;
-		break;
-
-#ifndef OPENSSL_NO_SRP
-	case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
-		ctx->srp_ctx.srp_Mask|=SSL_kSRP;
-		if (ctx->srp_ctx.login != NULL)
-			OPENSSL_free(ctx->srp_ctx.login);
-		ctx->srp_ctx.login = NULL;
-		if (parg == NULL)
-			break;
-		if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1)
-			{
-			SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
-			return 0;
-			} 
-		if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL)
-			{
-			SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
-			return 0;
-			}
-		break;
-	case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
-		ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb;
-		ctx->srp_ctx.info=parg;
-		break;
-	case SSL_CTRL_SET_SRP_ARG:
-		ctx->srp_ctx.srp_Mask|=SSL_kSRP;
-		ctx->srp_ctx.SRP_cb_arg=parg;
-		break;
-
-	case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
-		ctx->srp_ctx.strength=larg;
-		break;
-#endif
-#endif /* !OPENSSL_NO_TLSEXT */
-
-	/* A Thawte special :-) */
-	case SSL_CTRL_EXTRA_CHAIN_CERT:
-		if (ctx->extra_certs == NULL)
-			{
-			if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
-				return(0);
-			}
-		sk_X509_push(ctx->extra_certs,(X509 *)parg);
-		break;
-
-	case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
-		*(STACK_OF(X509) **)parg =  ctx->extra_certs;
-		break;
-
-	case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
-		if (ctx->extra_certs)
-			{
-			sk_X509_pop_free(ctx->extra_certs, X509_free);
-			ctx->extra_certs = NULL;
-			}
-		break;
-
-	case SSL_CTRL_SET_CHANNEL_ID:
-		ctx->tlsext_channel_id_enabled = 1;
-		if (EVP_PKEY_bits(parg) != 256)
-			{
-			SSLerr(SSL_F_SSL3_CTX_CTRL,SSL_R_CHANNEL_ID_NOT_P256);
-			break;
-			}
-		if (ctx->tlsext_channel_id_private)
-			EVP_PKEY_free(ctx->tlsext_channel_id_private);
-		ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
-		break;
-
-	default:
-		return(0);
-		}
-	return(1);
-	}
-
-long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
-	{
-	CERT *cert;
-
-	cert=ctx->cert;
-
-	switch (cmd)
-		{
-#ifndef OPENSSL_NO_RSA
-	case SSL_CTRL_SET_TMP_RSA_CB:
-		{
-		cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
-		}
-		break;
-#endif
-#ifndef OPENSSL_NO_DH
-	case SSL_CTRL_SET_TMP_DH_CB:
-		{
-		cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
-		}
-		break;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	case SSL_CTRL_SET_TMP_ECDH_CB:
-		{
-		cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
-		}
-		break;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-	case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
-		ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
-		break;
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
-		ctx->tlsext_opaque_prf_input_callback = (int (*)(SSL *,void *, size_t, void *))fp;
-		break;
-#endif
-
-	case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
-		ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
-		break;
-
-	case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
-		ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char  *,
-						unsigned char *,
-						EVP_CIPHER_CTX *,
-						HMAC_CTX *, int))fp;
-		break;
-
-#ifndef OPENSSL_NO_SRP
-	case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
-		ctx->srp_ctx.srp_Mask|=SSL_kSRP;
-		ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp;
-		break;
-	case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
-		ctx->srp_ctx.srp_Mask|=SSL_kSRP;
-		ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp;
-		break;
-	case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
-		ctx->srp_ctx.srp_Mask|=SSL_kSRP;
-		ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
-		break;
-#endif
-#endif
-
-	default:
-		return(0);
-		}
-	return(1);
-	}
-
-/* This function needs to check if the ciphers required are actually
- * available */
-const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
-	{
-	SSL_CIPHER c;
-	const SSL_CIPHER *cp;
-	unsigned long id;
-
-	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
-	c.id=id;
-	cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
-#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
-if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
-#endif
-	if (cp == NULL || cp->valid == 0)
-		return NULL;
-	else
-		return cp;
-	}
-
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
-	{
-	long l;
-
-	if (p != NULL)
-		{
-		l=c->id;
-		if ((l & 0xff000000) != 0x03000000) return(0);
-		p[0]=((unsigned char)(l>> 8L))&0xFF;
-		p[1]=((unsigned char)(l     ))&0xFF;
-		}
-	return(2);
-	}
-
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
-	     STACK_OF(SSL_CIPHER) *srvr)
-	{
-	SSL_CIPHER *c,*ret=NULL;
-	STACK_OF(SSL_CIPHER) *prio, *allow;
-	int i,ii,ok;
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_EC)
-	unsigned int j;
-	int ec_ok, ec_nid;
-	unsigned char ec_search1 = 0, ec_search2 = 0;
-#endif
-	CERT *cert;
-	unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
-
-	/* Let's see which ciphers we can support */
-	cert=s->cert;
-
-#if 0
-	/* Do not set the compare functions, because this may lead to a
-	 * reordering by "id". We want to keep the original ordering.
-	 * We may pay a price in performance during sk_SSL_CIPHER_find(),
-	 * but would have to pay with the price of sk_SSL_CIPHER_dup().
-	 */
-	sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
-	sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
-#endif
-
-#ifdef CIPHER_DEBUG
-	fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
-	for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
-		{
-		c=sk_SSL_CIPHER_value(srvr,i);
-		fprintf(stderr, "%p:%s\n",(void *)c,c->name);
-		}
-	fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
-	for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
-	    {
-	    c=sk_SSL_CIPHER_value(clnt,i);
-	    fprintf(stderr, "%p:%s\n",(void *)c,c->name);
-	    }
-#endif
-
-	if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
-		{
-		prio = srvr;
-		allow = clnt;
-		}
-	else
-		{
-		prio = clnt;
-		allow = srvr;
-		}
-
-	for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
-		{
-		c=sk_SSL_CIPHER_value(prio,i);
-
-		/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
-		if ((c->algorithm_ssl & SSL_TLSV1_2) && 
-			(TLS1_get_version(s) < TLS1_2_VERSION))
-			continue;
-
-		ssl_set_cert_masks(cert,c);
-		mask_k = cert->mask_k;
-		mask_a = cert->mask_a;
-		emask_k = cert->export_mask_k;
-		emask_a = cert->export_mask_a;
-#ifndef OPENSSL_NO_SRP
-		if (s->srp_ctx.srp_Mask & SSL_kSRP)
-			{
-			mask_k |= SSL_kSRP;
-			emask_k |= SSL_kSRP;
-			mask_a |= SSL_aSRP;
-			emask_a |= SSL_aSRP;
-			}
-#endif
-
-#ifdef KSSL_DEBUG
-/*		fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
-#endif    /* KSSL_DEBUG */
-
-		alg_k=c->algorithm_mkey;
-		alg_a=c->algorithm_auth;
-
-#ifndef OPENSSL_NO_KRB5
-		if (alg_k & SSL_kKRB5)
-			{
-			if ( !kssl_keytab_is_available(s->kssl_ctx) )
-			    continue;
-			}
-#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_PSK
-		/* with PSK there must be server callback set */
-		if ((alg_a & SSL_aPSK) && s->psk_server_callback == NULL)
-			continue;
-#endif /* OPENSSL_NO_PSK */
-
-		if (SSL_C_IS_EXPORT(c))
-			{
-			ok = (alg_k & emask_k) && (alg_a & emask_a);
-#ifdef CIPHER_DEBUG
-			fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
-			       (void *)c,c->name);
-#endif
-			}
-		else
-			{
-			ok = (alg_k & mask_k) && (alg_a & mask_a);
-#ifdef CIPHER_DEBUG
-			fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
-			       c->name);
-#endif
-			}
-
-#ifndef OPENSSL_NO_TLSEXT
-#ifndef OPENSSL_NO_EC
-		if (
-			/* if we are considering an ECC cipher suite that uses our certificate */
-			(alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
-			/* and we have an ECC certificate */
-			&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
-			/* and the client specified a Supported Point Formats extension */
-			&& ((s->session->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL))
-			/* and our certificate's point is compressed */
-			&& (
-				(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info != NULL)
-				&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key != NULL)
-				&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key != NULL)
-				&& (s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data != NULL)
-				&& (
-					(*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED)
-					|| (*(s->cert->pkeys[SSL_PKEY_ECC].x509->cert_info->key->public_key->data) == POINT_CONVERSION_COMPRESSED + 1)
-					)
-				)
-		)
-			{
-			ec_ok = 0;
-			/* if our certificate's curve is over a field type that the client does not support
-			 * then do not allow this cipher suite to be negotiated */
-			if (
-				(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
-				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
-				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
-				&& (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
-			)
-				{
-				for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
-					{
-					if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime)
-						{
-						ec_ok = 1;
-						break;
-						}
-					}
-				}
-			else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
-				{
-				for (j = 0; j < s->session->tlsext_ecpointformatlist_length; j++)
-					{
-					if (s->session->tlsext_ecpointformatlist[j] == TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2)
-						{
-						ec_ok = 1;
-						break;
-						}
-					}
-				}
-			ok = ok && ec_ok;
-			}
-		if (
-			/* if we are considering an ECC cipher suite that uses our certificate */
-			(alg_a & SSL_aECDSA || alg_a & SSL_aECDH)
-			/* and we have an ECC certificate */
-			&& (s->cert->pkeys[SSL_PKEY_ECC].x509 != NULL)
-			/* and the client specified an EllipticCurves extension */
-			&& ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
-		)
-			{
-			ec_ok = 0;
-			if (
-				(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec != NULL)
-				&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group != NULL)
-			)
-				{
-				ec_nid = EC_GROUP_get_curve_name(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group);
-				if ((ec_nid == 0)
-					&& (s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth != NULL)
-				)
-					{
-					if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_prime_field)
-						{
-						ec_search1 = 0xFF;
-						ec_search2 = 0x01;
-						}
-					else if (EC_METHOD_get_field_type(s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec->group->meth) == NID_X9_62_characteristic_two_field)
-						{
-						ec_search1 = 0xFF;
-						ec_search2 = 0x02;
-						}
-					}
-				else
-					{
-					ec_search1 = 0x00;
-					ec_search2 = tls1_ec_nid2curve_id(ec_nid);
-					}
-				if ((ec_search1 != 0) || (ec_search2 != 0))
-					{
-					for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
-						{
-						if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
-							{
-							ec_ok = 1;
-							break;
-							}
-						}
-					}
-				}
-			ok = ok && ec_ok;
-			}
-#ifndef OPENSSL_NO_ECDH
-		if (
-			/* if we are considering an ECC cipher suite that uses an ephemeral EC key */
-			(alg_k & SSL_kEECDH)
-			/* and we have an ephemeral EC key */
-			&& (s->cert->ecdh_tmp != NULL)
-			/* and the client specified an EllipticCurves extension */
-			&& ((s->session->tlsext_ellipticcurvelist_length > 0) && (s->session->tlsext_ellipticcurvelist != NULL))
-		)
-			{
-			ec_ok = 0;
-			if (s->cert->ecdh_tmp->group != NULL)
-				{
-				ec_nid = EC_GROUP_get_curve_name(s->cert->ecdh_tmp->group);
-				if ((ec_nid == 0)
-					&& (s->cert->ecdh_tmp->group->meth != NULL)
-				)
-					{
-					if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_prime_field)
-						{
-						ec_search1 = 0xFF;
-						ec_search2 = 0x01;
-						}
-					else if (EC_METHOD_get_field_type(s->cert->ecdh_tmp->group->meth) == NID_X9_62_characteristic_two_field)
-						{
-						ec_search1 = 0xFF;
-						ec_search2 = 0x02;
-						}
-					}
-				else
-					{
-					ec_search1 = 0x00;
-					ec_search2 = tls1_ec_nid2curve_id(ec_nid);
-					}
-				if ((ec_search1 != 0) || (ec_search2 != 0))
-					{
-					for (j = 0; j < s->session->tlsext_ellipticcurvelist_length / 2; j++)
-						{
-						if ((s->session->tlsext_ellipticcurvelist[2*j] == ec_search1) && (s->session->tlsext_ellipticcurvelist[2*j+1] == ec_search2))
-							{
-							ec_ok = 1;
-							break;
-							}
-						}
-					}
-				}
-			ok = ok && ec_ok;
-			}
-#endif /* OPENSSL_NO_ECDH */
-#endif /* OPENSSL_NO_EC */
-#endif /* OPENSSL_NO_TLSEXT */
-
-		if (!ok) continue;
-		ii=sk_SSL_CIPHER_find(allow,c);
-		if (ii >= 0)
-			{
-#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
-			if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
-				{
-				if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
-				continue;
-				}
-#endif
-			ret=sk_SSL_CIPHER_value(allow,ii);
-			break;
-			}
-		}
-	return(ret);
-	}
-
-int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
-	{
-	int ret=0;
-	unsigned long alg_k;
-
-	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-
-#ifndef OPENSSL_NO_GOST
-	if (s->version >= TLS1_VERSION)
-		{
-		if (alg_k & SSL_kGOST)
-			{
-			p[ret++]=TLS_CT_GOST94_SIGN;
-			p[ret++]=TLS_CT_GOST01_SIGN;
-			return(ret);
-			}
-		}
-#endif
-
-#ifndef OPENSSL_NO_DH
-	if (alg_k & (SSL_kDHr|SSL_kEDH))
-		{
-#  ifndef OPENSSL_NO_RSA
-		p[ret++]=SSL3_CT_RSA_FIXED_DH;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-		p[ret++]=SSL3_CT_DSS_FIXED_DH;
-#  endif
-		}
-	if ((s->version == SSL3_VERSION) &&
-		(alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
-		{
-#  ifndef OPENSSL_NO_RSA
-		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
-#  endif
-#  ifndef OPENSSL_NO_DSA
-		p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
-#  endif
-		}
-#endif /* !OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_RSA
-	p[ret++]=SSL3_CT_RSA_SIGN;
-#endif
-#ifndef OPENSSL_NO_DSA
-	p[ret++]=SSL3_CT_DSS_SIGN;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) && (s->version >= TLS1_VERSION))
-		{
-		p[ret++]=TLS_CT_RSA_FIXED_ECDH;
-		p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
-		}
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-	/* ECDSA certs can be used with RSA cipher suites as well 
-	 * so we don't need to check for SSL_kECDH or SSL_kEECDH
-	 */
-	if (s->version >= TLS1_VERSION)
-		{
-		p[ret++]=TLS_CT_ECDSA_SIGN;
-		}
-#endif	
-	return(ret);
-	}
-
-int ssl3_shutdown(SSL *s)
-	{
-	int ret;
-
-	/* Don't do anything much if we have not done the handshake or
-	 * we don't want to send messages :-) */
-	if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
-		{
-		s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-		return(1);
-		}
-
-	if (!(s->shutdown & SSL_SENT_SHUTDOWN))
-		{
-		s->shutdown|=SSL_SENT_SHUTDOWN;
-#if 1
-		ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
-#endif
-		/* our shutdown alert has been sent now, and if it still needs
-	 	 * to be written, s->s3->alert_dispatch will be true */
-	 	if (s->s3->alert_dispatch)
-	 		return(-1);	/* return WANT_WRITE */
-		}
-	else if (s->s3->alert_dispatch)
-		{
-		/* resend it if not sent */
-#if 1
-		ret=s->method->ssl_dispatch_alert(s);
-		if(ret == -1)
-			{
-			/* we only get to return -1 here the 2nd/Nth
-			 * invocation, we must  have already signalled
-			 * return 0 upon a previous invoation,
-			 * return WANT_WRITE */
-			return(ret);
-			}
-#endif
-		}
-	else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
-		{
-		/* If we are waiting for a close from our peer, we are closed */
-		s->method->ssl_read_bytes(s,0,NULL,0,0);
-		if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
-			{
-			return(-1);	/* return WANT_READ */
-			}
-		}
-
-	if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
-		!s->s3->alert_dispatch)
-		return(1);
-	else
-		return(0);
-	}
-
-int ssl3_write(SSL *s, const void *buf, int len)
-	{
-	int ret,n;
-
-#if 0
-	if (s->shutdown & SSL_SEND_SHUTDOWN)
-		{
-		s->rwstate=SSL_NOTHING;
-		return(0);
-		}
-#endif
-	clear_sys_error();
-	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
-
-	/* This is an experimental flag that sends the
-	 * last handshake message in the same packet as the first
-	 * use data - used to see if it helps the TCP protocol during
-	 * session-id reuse */
-	/* The second test is because the buffer may have been removed */
-	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
-		{
-		/* First time through, we write into the buffer */
-		if (s->s3->delay_buf_pop_ret == 0)
-			{
-			ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
-					     buf,len);
-			if (ret <= 0) return(ret);
-
-			s->s3->delay_buf_pop_ret=ret;
-			}
-
-		s->rwstate=SSL_WRITING;
-		n=BIO_flush(s->wbio);
-		if (n <= 0) return(n);
-		s->rwstate=SSL_NOTHING;
-
-		/* We have flushed the buffer, so remove it */
-		ssl_free_wbio_buffer(s);
-		s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
-
-		ret=s->s3->delay_buf_pop_ret;
-		s->s3->delay_buf_pop_ret=0;
-		}
-	else
-		{
-		ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
-			buf,len);
-		if (ret <= 0) return(ret);
-		}
-
-	return(ret);
-	}
-
-static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
-	{
-	int n,ret;
-	
-	clear_sys_error();
-	if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
-		{
-		/* Deal with an application that calls SSL_read() when handshake data
-		 * is yet to be written.
-		 */
-		if (BIO_wpending(s->wbio) > 0)
-			{
-			s->rwstate=SSL_WRITING;
-			n=BIO_flush(s->wbio);
-			if (n <= 0) return(n);
-			s->rwstate=SSL_NOTHING;
-			}
-		}
-	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
-	s->s3->in_read_app_data=1;
-	ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
-	if ((ret == -1) && (s->s3->in_read_app_data == 2))
-		{
-		/* ssl3_read_bytes decided to call s->handshake_func, which
-		 * called ssl3_read_bytes to read handshake data.
-		 * However, ssl3_read_bytes actually found application data
-		 * and thinks that application data makes sense here; so disable
-		 * handshake processing and try to read application data again. */
-		s->in_handshake++;
-		ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
-		s->in_handshake--;
-		}
-	else
-		s->s3->in_read_app_data=0;
-
-	return(ret);
-	}
-
-int ssl3_read(SSL *s, void *buf, int len)
-	{
-	return ssl3_read_internal(s, buf, len, 0);
-	}
-
-int ssl3_peek(SSL *s, void *buf, int len)
-	{
-	return ssl3_read_internal(s, buf, len, 1);
-	}
-
-int ssl3_renegotiate(SSL *s)
-	{
-	if (s->handshake_func == NULL)
-		return(1);
-
-	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-		return(0);
-
-	s->s3->renegotiate=1;
-	return(1);
-	}
-
-int ssl3_renegotiate_check(SSL *s)
-	{
-	int ret=0;
-
-	if (s->s3->renegotiate)
-		{
-		if (	(s->s3->rbuf.left == 0) &&
-			(s->s3->wbuf.left == 0) &&
-			!SSL_in_init(s))
-			{
-/*
-if we are the server, and we have sent a 'RENEGOTIATE' message, we
-need to go to SSL_ST_ACCEPT.
-*/
-			/* SSL_ST_ACCEPT */
-			s->state=SSL_ST_RENEGOTIATE;
-			s->s3->renegotiate=0;
-			s->s3->num_renegotiations++;
-			s->s3->total_renegotiations++;
-			ret=1;
-			}
-		}
-	return(ret);
-	}
-/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
- * to new SHA256 PRF and handshake macs
- */
-long ssl_get_algorithm2(SSL *s)
-	{
-	long alg2 = s->s3->tmp.new_cipher->algorithm2;
-	if (s->method->version == TLS1_2_VERSION &&
-	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
-		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
-	return alg2;
-	}
diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c
deleted file mode 100644
index 4dec7033d6..0000000000
--- a/ssl/s3_meth.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/* ssl/s3_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-static const SSL_METHOD *ssl3_get_method(int ver)
-	{
-	if (ver == SSL3_VERSION)
-		return(SSLv3_method());
-	else 
-		return(NULL);
-	}
-
-IMPLEMENT_ssl3_meth_func(SSLv3_method,
-			 ssl3_accept,
-			 ssl3_connect,
-			 ssl3_get_method)
-#endif
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
deleted file mode 100644
index c2ae93bce0..0000000000
--- a/ssl/s3_pkt.c
+++ /dev/null
@@ -1,1586 +0,0 @@
-/* ssl/s3_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
-			 unsigned int len, char fragment, char is_fragment);
-static int ssl3_get_record(SSL *s);
-
-int ssl3_read_n(SSL *s, int n, int max, int extend)
-	{
-	/* If extend == 0, obtain new n-byte packet; if extend == 1, increase
-	 * packet by another n bytes.
-	 * The packet will be in the sub-array of s->s3->rbuf.buf specified
-	 * by s->packet and s->packet_length.
-	 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
-	 * [plus s->packet_length bytes if extend == 1].)
-	 */
-	int i,len,left;
-	long align=0;
-	unsigned char *pkt;
-	SSL3_BUFFER *rb;
-
-	if (n <= 0) return n;
-
-	rb    = &(s->s3->rbuf);
-	if (rb->buf == NULL)
-		if (!ssl3_setup_read_buffer(s))
-			return -1;
-
-	left  = rb->left;
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-	align = (long)rb->buf + SSL3_RT_HEADER_LENGTH;
-	align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
-#endif
-
-	if (!extend)
-		{
-		/* start with empty packet ... */
-		if (left == 0)
-			rb->offset = align;
-		else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH)
-			{
-			/* check if next packet length is large
-			 * enough to justify payload alignment... */
-			pkt = rb->buf + rb->offset;
-			if (pkt[0] == SSL3_RT_APPLICATION_DATA
-			    && (pkt[3]<<8|pkt[4]) >= 128)
-				{
-				/* Note that even if packet is corrupted
-				 * and its length field is insane, we can
-				 * only be led to wrong decision about
-				 * whether memmove will occur or not.
-				 * Header values has no effect on memmove
-				 * arguments and therefore no buffer
-				 * overrun can be triggered. */
-				memmove (rb->buf+align,pkt,left);
-				rb->offset = align;
-				}
-			}
-		s->packet = rb->buf + rb->offset;
-		s->packet_length = 0;
-		/* ... now we can act as if 'extend' was set */
-		}
-
-	/* For DTLS/UDP reads should not span multiple packets
-	 * because the read operation returns the whole packet
-	 * at once (as long as it fits into the buffer). */
-	if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
-		{
-		if (left == 0 && extend)
-			return 0;
-		if (left > 0 && n > left)
-			n = left;
-		}
-
-	/* if there is enough in the buffer from a previous read, take some */
-	if (left >= n)
-		{
-		s->packet_length+=n;
-		rb->left=left-n;
-		rb->offset+=n;
-		return(n);
-		}
-
-	/* else we need to read more data */
-
-	len = s->packet_length;
-	pkt = rb->buf+align;
-	/* Move any available bytes to front of buffer:
-	 * 'len' bytes already pointed to by 'packet',
-	 * 'left' extra ones at the end */
-	if (s->packet != pkt) /* len > 0 */
-		{
-		memmove(pkt, s->packet, len+left);
-		s->packet = pkt;
-		rb->offset = len + align;
-		}
-
-	if (n > (int)(rb->len - rb->offset)) /* does not happen */
-		{
-		SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
-		return -1;
-		}
-
-	if (!s->read_ahead)
-		/* ignore max parameter */
-		max = n;
-	else
-		{
-		if (max < n)
-			max = n;
-		if (max > (int)(rb->len - rb->offset))
-			max = rb->len - rb->offset;
-		}
-
-	while (left < n)
-		{
-		/* Now we have len+left bytes at the front of s->s3->rbuf.buf
-		 * and need to read in more until we have len+n (up to
-		 * len+max if possible) */
-
-		clear_sys_error();
-		if (s->rbio != NULL)
-			{
-			s->rwstate=SSL_READING;
-			i=BIO_read(s->rbio,pkt+len+left, max-left);
-			}
-		else
-			{
-			SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
-			i = -1;
-			}
-
-		if (i <= 0)
-			{
-			rb->left = left;
-			if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
-			    SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
-				if (len+left == 0)
-					ssl3_release_read_buffer(s);
-			return(i);
-			}
-		left+=i;
-		/* reads should *never* span multiple packets for DTLS because
-		 * the underlying transport protocol is message oriented as opposed
-		 * to byte oriented as in the TLS case. */
-		if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
-			{
-			if (n > left)
-				n = left; /* makes the while condition false */
-			}
-		}
-
-	/* done reading, now the book-keeping */
-	rb->offset += n;
-	rb->left = left - n;
-	s->packet_length += n;
-	s->rwstate=SSL_NOTHING;
-	return(n);
-	}
-
-/* MAX_EMPTY_RECORDS defines the number of consecutive, empty records that will
- * be processed per call to ssl3_get_record. Without this limit an attacker
- * could send empty records at a faster rate than we can process and cause
- * ssl3_get_record to loop forever. */
-#define MAX_EMPTY_RECORDS 32
-
-/* Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type    - is the type of record
- * ssl->s3->rrec.data, 	 - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by ssl3_read_bytes */
-static int ssl3_get_record(SSL *s)
-	{
-	int ssl_major,ssl_minor,al;
-	int enc_err,n,i,ret= -1;
-	SSL3_RECORD *rr;
-	SSL_SESSION *sess;
-	unsigned char *p;
-	unsigned char md[EVP_MAX_MD_SIZE];
-	short version;
-	unsigned mac_size, orig_len;
-	size_t extra;
-	unsigned empty_record_count = 0;
-
-	rr= &(s->s3->rrec);
-	sess=s->session;
-
-	if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-		extra=SSL3_RT_MAX_EXTRA;
-	else
-		extra=0;
-	if (extra && !s->s3->init_extra)
-		{
-		/* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
-		 * set after ssl3_setup_buffers() was done */
-		SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
-		return -1;
-		}
-
-again:
-	/* check if we have the header */
-	if (	(s->rstate != SSL_ST_READ_BODY) ||
-		(s->packet_length < SSL3_RT_HEADER_LENGTH)) 
-		{
-		n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
-		if (n <= 0) return(n); /* error or non-blocking */
-		s->rstate=SSL_ST_READ_BODY;
-
-		p=s->packet;
-
-		/* Pull apart the header into the SSL3_RECORD */
-		rr->type= *(p++);
-		ssl_major= *(p++);
-		ssl_minor= *(p++);
-		version=(ssl_major<<8)|ssl_minor;
-		n2s(p,rr->length);
-#if 0
-fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
-#endif
-
-		/* Lets check version */
-		if (!s->first_packet)
-			{
-			if (version != s->version)
-				{
-				SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-                                if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
-                                	/* Send back error using their minor version number :-) */
-					s->version = (unsigned short)version;
-				al=SSL_AD_PROTOCOL_VERSION;
-				goto f_err;
-				}
-			}
-
-		if ((version>>8) != SSL3_VERSION_MAJOR)
-			{
-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-			goto err;
-			}
-
-		if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
-			{
-			al=SSL_AD_RECORD_OVERFLOW;
-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
-			goto f_err;
-			}
-
-		/* now s->rstate == SSL_ST_READ_BODY */
-		}
-
-	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-
-	if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
-		{
-		/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
-		i=rr->length;
-		n=ssl3_read_n(s,i,i,1);
-		if (n <= 0) return(n); /* error or non-blocking io */
-		/* now n == rr->length,
-		 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
-		}
-
-	s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
-
-	/* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
-	 * and we have that many bytes in s->packet
-	 */
-	rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
-
-	/* ok, we can now read from 's->packet' data into 'rr'
-	 * rr->input points at rr->length bytes, which
-	 * need to be copied into rr->data by either
-	 * the decryption or by the decompression
-	 * When the data is 'copied' into the rr->data buffer,
-	 * rr->input will be pointed at the new buffer */ 
-
-	/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
-	 * rr->length bytes of encrypted compressed stuff. */
-
-	/* check is not needed I believe */
-	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
-		{
-		al=SSL_AD_RECORD_OVERFLOW;
-		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
-		goto f_err;
-		}
-
-	/* decrypt in place in 'rr->input' */
-	rr->data=rr->input;
-
-	enc_err = s->method->ssl3_enc->enc(s,0);
-	/* enc_err is:
-	 *    0: (in non-constant time) if the record is publically invalid.
-	 *    1: if the padding is valid
-	 *    -1: if the padding is invalid */
-	if (enc_err == 0)
-		{
-		al=SSL_AD_DECRYPTION_FAILED;
-		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-		goto f_err;
-		}
-
-#ifdef TLS_DEBUG
-printf("dec %d\n",rr->length);
-{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
-	/* r->length is now the compressed data plus mac */
-	if ((sess != NULL) &&
-	    (s->enc_read_ctx != NULL) &&
-	    (EVP_MD_CTX_md(s->read_hash) != NULL))
-		{
-		/* s->read_hash != NULL => mac_size != -1 */
-		unsigned char *mac = NULL;
-		unsigned char mac_tmp[EVP_MAX_MD_SIZE];
-		mac_size=EVP_MD_CTX_size(s->read_hash);
-		OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
-
-		/* kludge: *_cbc_remove_padding passes padding length in rr->type */
-		orig_len = rr->length+((unsigned int)rr->type>>8);
-
-		/* orig_len is the length of the record before any padding was
-		 * removed. This is public information, as is the MAC in use,
-		 * therefore we can safely process the record in a different
-		 * amount of time if it's too short to possibly contain a MAC.
-		 */
-		if (orig_len < mac_size ||
-		    /* CBC records must have a padding length byte too. */
-		    (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-		     orig_len < mac_size+1))
-			{
-			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
-			goto f_err;
-			}
-
-		if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
-			{
-			/* We update the length so that the TLS header bytes
-			 * can be constructed correctly but we need to extract
-			 * the MAC in constant time from within the record,
-			 * without leaking the contents of the padding bytes.
-			 * */
-			mac = mac_tmp;
-			ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
-			rr->length -= mac_size;
-			}
-		else
-			{
-			/* In this case there's no padding, so |orig_len|
-			 * equals |rec->length| and we checked that there's
-			 * enough bytes for |mac_size| above. */
-			rr->length -= mac_size;
-			mac = &rr->data[rr->length];
-			}
-
-		i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
-		if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
-			enc_err = -1;
-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
-			enc_err = -1;
-		}
-
-	if (enc_err < 0)
-		{
-		/* A separate 'decryption_failed' alert was introduced with TLS 1.0,
-		 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
-		 * failure is directly visible from the ciphertext anyway,
-		 * we should not reveal which kind of error occured -- this
-		 * might become visible to an attacker (e.g. via a logfile) */
-		al=SSL_AD_BAD_RECORD_MAC;
-		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
-		goto f_err;
-		}
-
-	/* r->length is now just compressed */
-	if (s->expand != NULL)
-		{
-		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
-			{
-			al=SSL_AD_RECORD_OVERFLOW;
-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
-			goto f_err;
-			}
-		if (!ssl3_do_uncompress(s))
-			{
-			al=SSL_AD_DECOMPRESSION_FAILURE;
-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
-			goto f_err;
-			}
-		}
-
-	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
-		{
-		al=SSL_AD_RECORD_OVERFLOW;
-		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
-		goto f_err;
-		}
-
-	rr->off=0;
-	/* So at this point the following is true
-	 * ssl->s3->rrec.type 	is the type of record
-	 * ssl->s3->rrec.length	== number of bytes in record
-	 * ssl->s3->rrec.off	== offset to first valid byte
-	 * ssl->s3->rrec.data	== where to take bytes from, increment
-	 *			   after use :-).
-	 */
-
-	/* we have pulled in a full packet so zero things */
-	s->packet_length=0;
-
-	/* just read a 0 length packet */
-	if (rr->length == 0)
-		{
-		empty_record_count++;
-		if (empty_record_count > MAX_EMPTY_RECORDS)
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_RECORD_TOO_SMALL);
-			goto f_err;
-			}
-		goto again;
-		}
-
-#if 0
-fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length);
-#endif
-
-	return(1);
-
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-	return(ret);
-	}
-
-int ssl3_do_uncompress(SSL *ssl)
-	{
-#ifndef OPENSSL_NO_COMP
-	int i;
-	SSL3_RECORD *rr;
-
-	rr= &(ssl->s3->rrec);
-	i=COMP_expand_block(ssl->expand,rr->comp,
-		SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
-	if (i < 0)
-		return(0);
-	else
-		rr->length=i;
-	rr->data=rr->comp;
-#endif
-	return(1);
-	}
-
-int ssl3_do_compress(SSL *ssl)
-	{
-#ifndef OPENSSL_NO_COMP
-	int i;
-	SSL3_RECORD *wr;
-
-	wr= &(ssl->s3->wrec);
-	i=COMP_compress_block(ssl->compress,wr->data,
-		SSL3_RT_MAX_COMPRESSED_LENGTH,
-		wr->input,(int)wr->length);
-	if (i < 0)
-		return(0);
-	else
-		wr->length=i;
-
-	wr->input=wr->data;
-#endif
-	return(1);
-	}
-
-/* Call this to write data in records of type 'type'
- * It will return <= 0 if not all data has been sent or non-blocking IO.
- */
-int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
-	{
-	const unsigned char *buf=buf_;
-	unsigned int n,nw;
-	int i,tot;
-
-	s->rwstate=SSL_NOTHING;
-	OPENSSL_assert(s->s3->wnum <= INT_MAX);
-	tot=s->s3->wnum;
-	s->s3->wnum=0;
-
-	if (SSL_in_init(s) && !s->in_handshake)
-		{
-		i=s->handshake_func(s);
-		if (i < 0) return(i);
-		if (i == 0)
-			{
-			SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-			return -1;
-			}
-		}
-
-	/* ensure that if we end up with a smaller value of data to write 
-	 * out than the the original len from a write which didn't complete 
-	 * for non-blocking I/O and also somehow ended up avoiding 
-	 * the check for this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as
-	 * it must never be possible to end up with (len-tot) as a large
-	 * number that will then promptly send beyond the end of the users
-	 * buffer ... so we trap and report the error in a way the user
-	 * will notice
-	 */
-	if (len < tot)
-		{
-		SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH);
-		return(-1);
-		}
-
-
-	n=(len-tot);
-	for (;;)
-		{
-		/* max contains the maximum number of bytes that we can put
-		 * into a record. */
-		unsigned max = s->max_send_fragment;
-		/* fragment is true if do_ssl3_write should send the first byte
-		 * in its own record in order to randomise a CBC IV. */
-		int fragment = 0;
-
-		if (n > 1 &&
-		    s->s3->need_record_splitting &&
-		    type == SSL3_RT_APPLICATION_DATA &&
-		    !s->s3->record_split_done)
-			{
-			fragment = 1;
-			/* record_split_done records that the splitting has
-			 * been done in case we hit an SSL_WANT_WRITE condition.
-			 * In that case, we don't need to do the split again. */
-			s->s3->record_split_done = 1;
-			}
-
-		if (n > max)
-			nw=max;
-		else
-			nw=n;
-
-		i=do_ssl3_write(s, type, &(buf[tot]), nw, fragment, 0);
-		if (i <= 0)
-			{
-			s->s3->wnum=tot;
-			/* Try to write the fragment next time. */
-			s->s3->record_split_done = 0;
-			return i;
-			}
-
-		if ((i == (int)n) ||
-			(type == SSL3_RT_APPLICATION_DATA &&
-			 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
-			{
-			/* next chunk of data should get another prepended,
-			 * one-byte fragment in ciphersuites with known-IV
-			 * weakness. */
-			s->s3->record_split_done = 0;
-			return tot+i;
-			}
-
-		n-=i;
-		tot+=i;
-		}
-	}
-
-/* do_ssl3_write writes an SSL record of the given type. If |fragment| is 1
- * then it splits the record into a one byte record and a record with the rest
- * of the data in order to randomise a CBC IV. If |is_fragment| is true then
- * this call resulted from do_ssl3_write calling itself in order to create that
- * one byte fragment. */
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
-			 unsigned int len, char fragment, char is_fragment)
-	{
-	unsigned char *p,*plen;
-	int i,mac_size;
-	int prefix_len=0;
-	int eivlen;
-	long align=0;
-	SSL3_RECORD *wr;
-	SSL3_BUFFER *wb=&(s->s3->wbuf);
-	SSL_SESSION *sess;
-
-
-	/* first check if there is a SSL3_BUFFER still being written
-	 * out.  This will happen with non blocking IO */
-	if (wb->left != 0)
-		return(ssl3_write_pending(s,type,buf,len));
-
-	/* If we have an alert to send, lets send it */
-	if (s->s3->alert_dispatch)
-		{
-		i=s->method->ssl_dispatch_alert(s);
-		if (i <= 0)
-			return(i);
-		/* if it went, fall through and send more stuff */
-		}
-
-	if (wb->buf == NULL)
-		if (!ssl3_setup_write_buffer(s))
-			return -1;
-
-	if (len == 0)
-		return 0;
-
-	wr= &(s->s3->wrec);
-	sess=s->session;
-
-	if (	(sess == NULL) ||
-		(s->enc_write_ctx == NULL) ||
-		(EVP_MD_CTX_md(s->write_hash) == NULL))
-		{
-		mac_size=0;
-		}
-	else
-		{
-		mac_size=EVP_MD_CTX_size(s->write_hash);
-		if (mac_size < 0)
-			goto err;
-		}
-
-	if (fragment)
-		{
-		/* countermeasure against known-IV weakness in CBC ciphersuites
-		 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
-		prefix_len = do_ssl3_write(s, type, buf, 1 /* length */,
-					   0 /* fragment */,
-					   1 /* is_fragment */);
-		if (prefix_len <= 0)
-			goto err;
-
-		if (prefix_len > (SSL3_RT_HEADER_LENGTH +
-				  SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD))
-			{
-			/* insufficient space */
-			SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		}
-
-	if (is_fragment)
-		{
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-		/* The extra fragment would be couple of cipher blocks, and
-		 * that will be a multiple of SSL3_ALIGN_PAYLOAD. So, if we
-		 * want to align the real payload, we can just pretend that we
-		 * have two headers and a byte. */
-		align = (long)wb->buf + 2*SSL3_RT_HEADER_LENGTH + 1;
-		align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
-#endif
-		p = wb->buf + align;
-		wb->offset  = align;
-		}
-	else if (prefix_len)
-		{
-		p = wb->buf + wb->offset + prefix_len;
-		}
-	else
-		{
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-		align = (long)wb->buf + SSL3_RT_HEADER_LENGTH;
-		align = (-align)&(SSL3_ALIGN_PAYLOAD-1);
-#endif
-		p = wb->buf + align;
-		wb->offset  = align;
-		}
-
-	/* write the header */
-
-	*(p++)=type&0xff;
-	wr->type=type;
-
-	*(p++)=(s->version>>8);
-	/* Some servers hang if iniatial client hello is larger than 256
-	 * bytes and record version number > TLS 1.0
-	 */
-	if (s->state == SSL3_ST_CW_CLNT_HELLO_B
-				&& !s->renegotiate
-				&& TLS1_get_version(s) > TLS1_VERSION)
-		*(p++) = 0x1;
-	else
-		*(p++)=s->version&0xff;
-
-	/* field where we are to write out packet length */
-	plen=p;
-	p+=2;
-	/* Explicit IV length, block ciphers and TLS version 1.1 or later */
-	if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
-		{
-		int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
-		if (mode == EVP_CIPH_CBC_MODE)
-			{
-			eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
-			if (eivlen <= 1)
-				eivlen = 0;
-			}
-		/* Need explicit part of IV for GCM mode */
-		else if (mode == EVP_CIPH_GCM_MODE)
-			eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
-		else
-			eivlen = 0;
-		}
-	else 
-		eivlen = 0;
-
-	/* lets setup the record stuff. */
-	wr->data=p + eivlen;
-	wr->length=(int)(len - (fragment != 0));
-	wr->input=(unsigned char *)buf + (fragment != 0);
-
-	/* we now 'read' from wr->input, wr->length bytes into
-	 * wr->data */
-
-	/* first we compress */
-	if (s->compress != NULL)
-		{
-		if (!ssl3_do_compress(s))
-			{
-			SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
-			goto err;
-			}
-		}
-	else
-		{
-		memcpy(wr->data,wr->input,wr->length);
-		wr->input=wr->data;
-		}
-
-	/* we should still have the output to wr->data and the input
-	 * from wr->input.  Length should be wr->length.
-	 * wr->data still points in the wb->buf */
-
-	if (mac_size != 0)
-		{
-		if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0)
-			goto err;
-		wr->length+=mac_size;
-		}
-
-	wr->input=p;
-	wr->data=p;
-
-	if (eivlen)
-		{
-	/*	if (RAND_pseudo_bytes(p, eivlen) <= 0)
-			goto err; */
-		wr->length += eivlen;
-		}
-
-	if(s->method->ssl3_enc->enc(s,1)<1) goto err;
-
-	/* record length after mac and block padding */
-	s2n(wr->length,plen);
-
-	/* we should now have
-	 * wr->data pointing to the encrypted data, which is
-	 * wr->length long */
-	wr->type=type; /* not needed but helps for debugging */
-	wr->length+=SSL3_RT_HEADER_LENGTH;
-
-	if (is_fragment)
-		{
-		/* we are in a recursive call; just return the length, don't
-		 * write out anything. */
-		return wr->length;
-		}
-
-	/* now let's set up wb */
-	wb->left = prefix_len + wr->length;
-
-	/* memorize arguments so that ssl3_write_pending can detect bad write retries later */
-	s->s3->wpend_tot=len;
-	s->s3->wpend_buf=buf;
-	s->s3->wpend_type=type;
-	s->s3->wpend_ret=len;
-
-	/* we now just need to write the buffer */
-	return ssl3_write_pending(s,type,buf,len);
-err:
-	return -1;
-	}
-
-/* if s->s3->wbuf.left != 0, we need to call this */
-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-	unsigned int len)
-	{
-	int i;
-	SSL3_BUFFER *wb=&(s->s3->wbuf);
-
-/* XXXX */
-	if ((s->s3->wpend_tot > (int)len)
-		|| ((s->s3->wpend_buf != buf) &&
-			!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
-		|| (s->s3->wpend_type != type))
-		{
-		SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
-		return(-1);
-		}
-
-	for (;;)
-		{
-		clear_sys_error();
-		if (s->wbio != NULL)
-			{
-			s->rwstate=SSL_WRITING;
-			i=BIO_write(s->wbio,
-				(char *)&(wb->buf[wb->offset]),
-				(unsigned int)wb->left);
-			}
-		else
-			{
-			SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
-			i= -1;
-			}
-		if (i == wb->left)
-			{
-			wb->left=0;
-			wb->offset+=i;
-			if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
-			    SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
-				ssl3_release_write_buffer(s);
-			s->rwstate=SSL_NOTHING;
-			return(s->s3->wpend_ret);
-			}
-		else if (i <= 0) {
-			if (s->version == DTLS1_VERSION ||
-			    s->version == DTLS1_BAD_VER) {
-				/* For DTLS, just drop it. That's kind of the whole
-				   point in using a datagram service */
-				wb->left = 0;
-			}
-			return(i);
-		}
-		wb->offset+=i;
-		wb->left-=i;
-		}
-	}
-
-/* Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- *   -  0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- *     Change cipher spec protocol
- *             just 1 byte needed, no need for keeping anything stored
- *     Alert protocol
- *             2 bytes needed (AlertLevel, AlertDescription)
- *     Handshake protocol
- *             4 bytes needed (HandshakeType, uint24 length) -- we just have
- *             to detect unexpected Client Hello and Hello Request messages
- *             here, anything else is handled by higher layers
- *     Application data protocol
- *             none of our business
- */
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
-	{
-	int al,i,j,ret;
-	unsigned int n;
-	SSL3_RECORD *rr;
-	void (*cb)(const SSL *ssl,int type2,int val)=NULL;
-
-	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
-		if (!ssl3_setup_read_buffer(s))
-			return(-1);
-
-	if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) ||
-	    (peek && (type != SSL3_RT_APPLICATION_DATA)))
-		{
-		SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
-		return -1;
-		}
-
-	if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
-		/* (partially) satisfy request from storage */
-		{
-		unsigned char *src = s->s3->handshake_fragment;
-		unsigned char *dst = buf;
-		unsigned int k;
-
-		/* peek == 0 */
-		n = 0;
-		while ((len > 0) && (s->s3->handshake_fragment_len > 0))
-			{
-			*dst++ = *src++;
-			len--; s->s3->handshake_fragment_len--;
-			n++;
-			}
-		/* move any remaining fragment bytes: */
-		for (k = 0; k < s->s3->handshake_fragment_len; k++)
-			s->s3->handshake_fragment[k] = *src++;
-		return n;
-	}
-
-	/* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
-
-	if (!s->in_handshake && SSL_in_init(s))
-		{
-		/* type == SSL3_RT_APPLICATION_DATA */
-		i=s->handshake_func(s);
-		if (i < 0) return(i);
-		if (i == 0)
-			{
-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-			return(-1);
-			}
-		}
-start:
-	s->rwstate=SSL_NOTHING;
-
-	/* s->s3->rrec.type	    - is the type of record
-	 * s->s3->rrec.data,    - data
-	 * s->s3->rrec.off,     - offset into 'data' for next read
-	 * s->s3->rrec.length,  - number of bytes. */
-	rr = &(s->s3->rrec);
-
-	/* get new packet if necessary */
-	if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
-		{
-		ret=ssl3_get_record(s);
-		if (ret <= 0) return(ret);
-		}
-
-	/* we now have a packet which can be read and processed */
-
-	if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
-	                               * reset by ssl3_get_finished */
-		&& (rr->type != SSL3_RT_HANDSHAKE))
-		{
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
-		goto f_err;
-		}
-
-	/* If the other end has shut down, throw anything we read away
-	 * (even in 'peek' mode) */
-	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
-		{
-		rr->length=0;
-		s->rwstate=SSL_NOTHING;
-		return(0);
-		}
-
-
-	if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
-		{
-		/* make sure that we are not getting application data when we
-		 * are doing a handshake for the first time */
-		if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
-			(s->enc_read_ctx == NULL))
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
-			goto f_err;
-			}
-
-		if (len <= 0) return(len);
-
-		if ((unsigned int)len > rr->length)
-			n = rr->length;
-		else
-			n = (unsigned int)len;
-
-		memcpy(buf,&(rr->data[rr->off]),n);
-		if (!peek)
-			{
-			rr->length-=n;
-			rr->off+=n;
-			if (rr->length == 0)
-				{
-				s->rstate=SSL_ST_READ_HEADER;
-				rr->off=0;
-				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
-					ssl3_release_read_buffer(s);
-				}
-			}
-		return(n);
-		}
-
-
-	/* If we get here, then type != rr->type; if we have a handshake
-	 * message, then it was unexpected (Hello Request or Client Hello). */
-
-	/* In case of record types for which we have 'fragment' storage,
-	 * fill that so that we can process the data at a fixed place.
-	 */
-		{
-		unsigned int dest_maxlen = 0;
-		unsigned char *dest = NULL;
-		unsigned int *dest_len = NULL;
-
-		if (rr->type == SSL3_RT_HANDSHAKE)
-			{
-			dest_maxlen = sizeof s->s3->handshake_fragment;
-			dest = s->s3->handshake_fragment;
-			dest_len = &s->s3->handshake_fragment_len;
-			}
-		else if (rr->type == SSL3_RT_ALERT)
-			{
-			dest_maxlen = sizeof s->s3->alert_fragment;
-			dest = s->s3->alert_fragment;
-			dest_len = &s->s3->alert_fragment_len;
-			}
-#ifndef OPENSSL_NO_HEARTBEATS
-		else if (rr->type == TLS1_RT_HEARTBEAT)
-			{
-			tls1_process_heartbeat(s);
-
-			/* Exit and notify application to read again */
-			rr->length = 0;
-			s->rwstate=SSL_READING;
-			BIO_clear_retry_flags(SSL_get_rbio(s));
-			BIO_set_retry_read(SSL_get_rbio(s));
-			return(-1);
-			}
-#endif
-
-		if (dest_maxlen > 0)
-			{
-			n = dest_maxlen - *dest_len; /* available space in 'dest' */
-			if (rr->length < n)
-				n = rr->length; /* available bytes */
-
-			/* now move 'n' bytes: */
-			while (n-- > 0)
-				{
-				dest[(*dest_len)++] = rr->data[rr->off++];
-				rr->length--;
-				}
-
-			if (*dest_len < dest_maxlen)
-				goto start; /* fragment was too small */
-			}
-		}
-
-	/* s->s3->handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;
-	 * s->s3->alert_fragment_len == 2      iff  rr->type == SSL3_RT_ALERT.
-	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
-
-	/* If we are a client, check for an incoming 'Hello Request': */
-	if ((!s->server) &&
-		(s->s3->handshake_fragment_len >= 4) &&
-		(s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
-		(s->session != NULL) && (s->session->cipher != NULL))
-		{
-		s->s3->handshake_fragment_len = 0;
-
-		if ((s->s3->handshake_fragment[1] != 0) ||
-			(s->s3->handshake_fragment[2] != 0) ||
-			(s->s3->handshake_fragment[3] != 0))
-			{
-			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
-			goto f_err;
-			}
-
-		if (s->msg_callback)
-			s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
-
-		if (SSL_is_init_finished(s) &&
-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
-			!s->s3->renegotiate)
-			{
-			ssl3_renegotiate(s);
-			if (ssl3_renegotiate_check(s))
-				{
-				i=s->handshake_func(s);
-				if (i < 0) return(i);
-				if (i == 0)
-					{
-					SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-					return(-1);
-					}
-
-				if (!(s->mode & SSL_MODE_AUTO_RETRY))
-					{
-					if (s->s3->rbuf.left == 0) /* no read-ahead left? */
-						{
-						BIO *bio;
-						/* In the case where we try to read application data,
-						 * but we trigger an SSL handshake, we return -1 with
-						 * the retry option set.  Otherwise renegotiation may
-						 * cause nasty problems in the blocking world */
-						s->rwstate=SSL_READING;
-						bio=SSL_get_rbio(s);
-						BIO_clear_retry_flags(bio);
-						BIO_set_retry_read(bio);
-						return(-1);
-						}
-					}
-				}
-			}
-		/* we either finished a handshake or ignored the request,
-		 * now try again to obtain the (application) data we were asked for */
-		goto start;
-		}
-	/* If we are a server and get a client hello when renegotiation isn't
-	 * allowed send back a no renegotiation alert and carry on.
-	 * WARNING: experimental code, needs reviewing (steve)
-	 */
-	if (s->server &&
-		SSL_is_init_finished(s) &&
-    		!s->s3->send_connection_binding &&
-		(s->version > SSL3_VERSION) &&
-		(s->s3->handshake_fragment_len >= 4) &&
-		(s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
-		(s->session != NULL) && (s->session->cipher != NULL) &&
-		!(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-		
-		{
-		/*s->s3->handshake_fragment_len = 0;*/
-		rr->length = 0;
-		ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
-		goto start;
-		}
-	if (s->s3->alert_fragment_len >= 2)
-		{
-		int alert_level = s->s3->alert_fragment[0];
-		int alert_descr = s->s3->alert_fragment[1];
-
-		s->s3->alert_fragment_len = 0;
-
-		if (s->msg_callback)
-			s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
-
-		if (s->info_callback != NULL)
-			cb=s->info_callback;
-		else if (s->ctx->info_callback != NULL)
-			cb=s->ctx->info_callback;
-
-		if (cb != NULL)
-			{
-			j = (alert_level << 8) | alert_descr;
-			cb(s, SSL_CB_READ_ALERT, j);
-			}
-
-		if (alert_level == 1) /* warning */
-			{
-			s->s3->warn_alert = alert_descr;
-			if (alert_descr == SSL_AD_CLOSE_NOTIFY)
-				{
-				s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-				return(0);
-				}
-			/* This is a warning but we receive it if we requested
-			 * renegotiation and the peer denied it. Terminate with
-			 * a fatal alert because if application tried to
-			 * renegotiatie it presumably had a good reason and
-			 * expects it to succeed.
-			 *
-			 * In future we might have a renegotiation where we
-			 * don't care if the peer refused it where we carry on.
-			 */
-			else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
-				{
-				al = SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
-				goto f_err;
-				}
-#ifdef SSL_AD_MISSING_SRP_USERNAME
-			else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
-				return(0);
-#endif
-			}
-		else if (alert_level == 2) /* fatal */
-			{
-			char tmp[16];
-
-			s->rwstate=SSL_NOTHING;
-			s->s3->fatal_alert = alert_descr;
-			SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
-			BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
-			ERR_add_error_data(2,"SSL alert number ",tmp);
-			s->shutdown|=SSL_RECEIVED_SHUTDOWN;
-			SSL_CTX_remove_session(s->ctx,s->session);
-			return(0);
-			}
-		else
-			{
-			al=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
-			goto f_err;
-			}
-
-		goto start;
-		}
-
-	if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
-		{
-		s->rwstate=SSL_NOTHING;
-		rr->length=0;
-		return(0);
-		}
-
-	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
-		{
-		/* 'Change Cipher Spec' is just a single byte, so we know
-		 * exactly what the record payload has to look like */
-		if (	(rr->length != 1) || (rr->off != 0) ||
-			(rr->data[0] != SSL3_MT_CCS))
-			{
-			al=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
-			goto f_err;
-			}
-
-		/* Check we have a cipher to change to */
-		if (s->s3->tmp.new_cipher == NULL)
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
-			goto f_err;
-			}
-
-		if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
-			goto f_err;
-			}
-
-		s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-
-		rr->length=0;
-
-		if (s->msg_callback)
-			s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
-
-		s->s3->change_cipher_spec=1;
-		if (!ssl3_do_change_cipher_spec(s))
-			goto err;
-		else
-			goto start;
-		}
-
-	/* Unexpected handshake message (Client Hello, or protocol violation) */
-	if ((s->s3->handshake_fragment_len >= 4) &&	!s->in_handshake)
-		{
-		if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
-			{
-#if 0 /* worked only because C operator preferences are not as expected (and
-       * because this is not really needed for clients except for detecting
-       * protocol violations): */
-			s->state=SSL_ST_BEFORE|(s->server)
-				?SSL_ST_ACCEPT
-				:SSL_ST_CONNECT;
-#else
-			s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
-			s->renegotiate=1;
-			s->new_session=1;
-			}
-		i=s->handshake_func(s);
-		if (i < 0) return(i);
-		if (i == 0)
-			{
-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-			return(-1);
-			}
-
-		if (!(s->mode & SSL_MODE_AUTO_RETRY))
-			{
-			if (s->s3->rbuf.left == 0) /* no read-ahead left? */
-				{
-				BIO *bio;
-				/* In the case where we try to read application data,
-				 * but we trigger an SSL handshake, we return -1 with
-				 * the retry option set.  Otherwise renegotiation may
-				 * cause nasty problems in the blocking world */
-				s->rwstate=SSL_READING;
-				bio=SSL_get_rbio(s);
-				BIO_clear_retry_flags(bio);
-				BIO_set_retry_read(bio);
-				return(-1);
-				}
-			}
-		goto start;
-		}
-
-	switch (rr->type)
-		{
-	default:
-#ifndef OPENSSL_NO_TLS
-		/* TLS up to v1.1 just ignores unknown message types:
-		 * TLS v1.2 give an unexpected message alert.
-		 */
-		if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION)
-			{
-			rr->length = 0;
-			goto start;
-			}
-#endif
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
-		goto f_err;
-	case SSL3_RT_CHANGE_CIPHER_SPEC:
-	case SSL3_RT_ALERT:
-	case SSL3_RT_HANDSHAKE:
-		/* we already handled all of these, with the possible exception
-		 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
-		 * should not happen when type != rr->type */
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
-		goto f_err;
-	case SSL3_RT_APPLICATION_DATA:
-		/* At this point, we were expecting handshake data,
-		 * but have application data.  If the library was
-		 * running inside ssl3_read() (i.e. in_read_app_data
-		 * is set) and it makes sense to read application data
-		 * at this point (session renegotiation not yet started),
-		 * we will indulge it.
-		 */
-		if (s->s3->in_read_app_data &&
-			(s->s3->total_renegotiations != 0) &&
-			((
-				(s->state & SSL_ST_CONNECT) &&
-				(s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
-				(s->state <= SSL3_ST_CR_SRVR_HELLO_A)
-				) || (
-					(s->state & SSL_ST_ACCEPT) &&
-					(s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
-					(s->state >= SSL3_ST_SR_CLNT_HELLO_A)
-					)
-				))
-			{
-			s->s3->in_read_app_data=2;
-			return(-1);
-			}
-		else
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
-			goto f_err;
-			}
-		}
-	/* not reached */
-
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-	return(-1);
-	}
-
-int ssl3_do_change_cipher_spec(SSL *s)
-	{
-	int i;
-	const char *sender;
-	int slen;
-
-	if (s->state & SSL_ST_ACCEPT)
-		i=SSL3_CHANGE_CIPHER_SERVER_READ;
-	else
-		i=SSL3_CHANGE_CIPHER_CLIENT_READ;
-
-	if (s->s3->tmp.key_block == NULL)
-		{
-		if (s->session == NULL || s->session->master_key_length == 0)
-			{
-			/* might happen if dtls1_read_bytes() calls this */
-			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
-			return (0);
-			}
-
-		s->session->cipher=s->s3->tmp.new_cipher;
-		if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
-		}
-
-	if (!s->method->ssl3_enc->change_cipher_state(s,i))
-		return(0);
-
-	/* we have to record the message digest at
-	 * this point so we can get it before we read
-	 * the finished message */
-	if (s->state & SSL_ST_CONNECT)
-		{
-		sender=s->method->ssl3_enc->server_finished_label;
-		slen=s->method->ssl3_enc->server_finished_label_len;
-		}
-	else
-		{
-		sender=s->method->ssl3_enc->client_finished_label;
-		slen=s->method->ssl3_enc->client_finished_label_len;
-		}
-
-	i = s->method->ssl3_enc->final_finish_mac(s,
-		sender,slen,s->s3->tmp.peer_finish_md);
-	if (i == 0)
-		{
-		SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
-		return 0;
-		}
-	s->s3->tmp.peer_finish_md_len = i;
-
-	return(1);
-	}
-
-int ssl3_send_alert(SSL *s, int level, int desc)
-	{
-	/* Map tls/ssl alert value to correct one */
-	desc=s->method->ssl3_enc->alert_value(desc);
-	if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
-		desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
-	if (desc < 0) return -1;
-	/* If a fatal one, remove from cache */
-	if ((level == 2) && (s->session != NULL))
-		SSL_CTX_remove_session(s->ctx,s->session);
-
-	s->s3->alert_dispatch=1;
-	s->s3->send_alert[0]=level;
-	s->s3->send_alert[1]=desc;
-	if (s->s3->wbuf.left == 0) /* data still being written out? */
-		return s->method->ssl_dispatch_alert(s);
-	/* else data is still being written out, we will get written
-	 * some time in the future */
-	return -1;
-	}
-
-int ssl3_dispatch_alert(SSL *s)
-	{
-	int i,j;
-	void (*cb)(const SSL *ssl,int type,int val)=NULL;
-
-	s->s3->alert_dispatch=0;
-	i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0, 0);
-	if (i <= 0)
-		{
-		s->s3->alert_dispatch=1;
-		}
-	else
-		{
-		/* Alert sent to BIO.  If it is important, flush it now.
-		 * If the message does not get sent due to non-blocking IO,
-		 * we will not worry too much. */
-		if (s->s3->send_alert[0] == SSL3_AL_FATAL)
-			(void)BIO_flush(s->wbio);
-
-		if (s->msg_callback)
-			s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
-
-		if (s->info_callback != NULL)
-			cb=s->info_callback;
-		else if (s->ctx->info_callback != NULL)
-			cb=s->ctx->info_callback;
-
-		if (cb != NULL)
-			{
-			j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
-			cb(s,SSL_CB_WRITE_ALERT,j);
-			}
-		}
-	return(i);
-	}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
deleted file mode 100644
index ac3d213d3e..0000000000
--- a/ssl/s3_srvr.c
+++ /dev/null
@@ -1,3901 +0,0 @@
-/* ssl/s3_srvr.c -*- mode:C; c-file-style: "eay" -*- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#define REUSE_CIPHER_BUG
-#define NETSCAPE_HANG_BUG
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include "../crypto/constant_time_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/ec.h>
-#include <openssl/ecdsa.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/sha.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_KRB5
-#include <openssl/krb5_asn.h>
-#endif
-#include <openssl/md5.h>
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-static const SSL_METHOD *ssl3_get_server_method(int ver);
-
-static const SSL_METHOD *ssl3_get_server_method(int ver)
-	{
-	if (ver == SSL3_VERSION)
-		return(SSLv3_server_method());
-	else
-		return(NULL);
-	}
-
-IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
-			ssl3_accept,
-			ssl_undefined_function,
-			ssl3_get_server_method)
-#endif
-
-#ifndef OPENSSL_NO_SRP
-static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
-	{
-	int ret = SSL_ERROR_NONE;
-
-	*al = SSL_AD_UNRECOGNIZED_NAME;
-
-	if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
-	    (s->srp_ctx.TLS_ext_srp_username_callback != NULL))
-		{
-		if(s->srp_ctx.login == NULL)
-			{
-			/* RFC 5054 says SHOULD reject, 
-			   we do so if There is no srp login name */
-			ret = SSL3_AL_FATAL;
-			*al = SSL_AD_UNKNOWN_PSK_IDENTITY;
-			}
-		else
-			{
-			ret = SSL_srp_server_param_with_username(s,al);
-			}
-		}
-	return ret;
-	}
-#endif
-
-int ssl3_accept(SSL *s)
-	{
-	BUF_MEM *buf;
-	unsigned long alg_k,Time=(unsigned long)time(NULL);
-	unsigned long alg_a;
-	void (*cb)(const SSL *ssl,int type,int val)=NULL;
-	int ret= -1;
-	int new_state,state,skip=0;
-
-	RAND_add(&Time,sizeof(Time),0);
-	ERR_clear_error();
-	clear_sys_error();
-
-	if (s->info_callback != NULL)
-		cb=s->info_callback;
-	else if (s->ctx->info_callback != NULL)
-		cb=s->ctx->info_callback;
-
-	/* init things to blank */
-	s->in_handshake++;
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
-	if (s->cert == NULL)
-		{
-		SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
-		return(-1);
-		}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-	/* If we're awaiting a HeartbeatResponse, pretend we
-	 * already got and don't await it anymore, because
-	 * Heartbeats don't make sense during handshakes anyway.
-	 */
-	if (s->tlsext_hb_pending)
-		{
-		s->tlsext_hb_pending = 0;
-		s->tlsext_hb_seq++;
-		}
-#endif
-
-	for (;;)
-		{
-		state=s->state;
-
-		switch (s->state)
-			{
-		case SSL_ST_RENEGOTIATE:
-			s->renegotiate=1;
-			/* s->state=SSL_ST_ACCEPT; */
-
-		case SSL_ST_BEFORE:
-		case SSL_ST_ACCEPT:
-		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
-		case SSL_ST_OK|SSL_ST_ACCEPT:
-
-			s->server=1;
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-			if ((s->version>>8) != 3)
-				{
-				SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
-				return -1;
-				}
-			s->type=SSL_ST_ACCEPT;
-
-			if (s->init_buf == NULL)
-				{
-				if ((buf=BUF_MEM_new()) == NULL)
-					{
-					ret= -1;
-					goto end;
-					}
-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
-					{
-					BUF_MEM_free(buf);
-					ret= -1;
-					goto end;
-					}
-				s->init_buf=buf;
-				}
-
-			if (!ssl3_setup_buffers(s))
-				{
-				ret= -1;
-				goto end;
-				}
-
-			s->init_num=0;
-			s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
-			s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-			/* Should have been reset by ssl3_get_finished, too. */
-			s->s3->change_cipher_spec = 0;
-
-			if (s->state != SSL_ST_RENEGOTIATE)
-				{
-				/* Ok, we now need to push on a buffering BIO so that
-				 * the output is sent in a way that TCP likes :-)
-				 */
-				if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
-				
-				ssl3_init_finished_mac(s);
-				s->state=SSL3_ST_SR_CLNT_HELLO_A;
-				s->ctx->stats.sess_accept++;
-				}
-			else if (!s->s3->send_connection_binding &&
-				!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-				{
-				/* Server attempting to renegotiate with
-				 * client that doesn't support secure
-				 * renegotiation.
-				 */
-				SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-				ret = -1;
-				goto end;
-				}
-			else
-				{
-				/* s->state == SSL_ST_RENEGOTIATE,
-				 * we will just send a HelloRequest */
-				s->ctx->stats.sess_accept_renegotiate++;
-				s->state=SSL3_ST_SW_HELLO_REQ_A;
-				}
-			break;
-
-		case SSL3_ST_SW_HELLO_REQ_A:
-		case SSL3_ST_SW_HELLO_REQ_B:
-
-			s->shutdown=0;
-			ret=ssl3_send_hello_request(s);
-			if (ret <= 0) goto end;
-			s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
-			s->state=SSL3_ST_SW_FLUSH;
-			s->init_num=0;
-
-			ssl3_init_finished_mac(s);
-			break;
-
-		case SSL3_ST_SW_HELLO_REQ_C:
-			s->state=SSL_ST_OK;
-			break;
-
-		case SSL3_ST_SR_CLNT_HELLO_A:
-		case SSL3_ST_SR_CLNT_HELLO_B:
-		case SSL3_ST_SR_CLNT_HELLO_C:
-
-			s->shutdown=0;
-			if (s->rwstate != SSL_X509_LOOKUP)
-			{
-				ret=ssl3_get_client_hello(s);
-				if (ret <= 0) goto end;
-			}
-#ifndef OPENSSL_NO_SRP
-			{
-			int al;
-			if ((ret = ssl_check_srp_ext_ClientHello(s,&al))  < 0)
-					{
-					/* callback indicates firther work to be done */
-					s->rwstate=SSL_X509_LOOKUP;
-					goto end;
-					}
-			if (ret != SSL_ERROR_NONE)
-				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,al);	
-				/* This is not really an error but the only means to
-                                   for a client to detect whether srp is supported. */
- 				   if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY) 	
-					SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT);			
-				ret = SSL_TLSEXT_ERR_ALERT_FATAL;			
-				ret= -1;
-				goto end;	
-				}
-			}
-#endif		
-			
-			s->renegotiate = 2;
-			s->state=SSL3_ST_SW_SRVR_HELLO_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_SW_SRVR_HELLO_A:
-		case SSL3_ST_SW_SRVR_HELLO_B:
-			ret=ssl3_send_server_hello(s);
-			if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
-			if (s->hit)
-				{
-				if (s->tlsext_ticket_expected)
-					s->state=SSL3_ST_SW_SESSION_TICKET_A;
-				else
-					s->state=SSL3_ST_SW_CHANGE_A;
-				}
-#else
-			if (s->hit)
-					s->state=SSL3_ST_SW_CHANGE_A;
-#endif
-			else
-				s->state=SSL3_ST_SW_CERT_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_SW_CERT_A:
-		case SSL3_ST_SW_CERT_B:
-			/* Check if it is anon DH or anon ECDH, */
-			/* non-RSA PSK or KRB5 or SRP */
-			if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aKRB5|SSL_aSRP))
-				/* Among PSK ciphersuites only RSA_PSK uses server certificate */
-				&& !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK &&
-					 !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA)))
-				{
-				ret=ssl3_send_server_certificate(s);
-				if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
-				if (s->tlsext_status_expected)
-					s->state=SSL3_ST_SW_CERT_STATUS_A;
-				else
-					s->state=SSL3_ST_SW_KEY_EXCH_A;
-				}
-			else
-				{
-				skip = 1;
-				s->state=SSL3_ST_SW_KEY_EXCH_A;
-				}
-#else
-				}
-			else
-				skip=1;
-
-			s->state=SSL3_ST_SW_KEY_EXCH_A;
-#endif
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_SW_KEY_EXCH_A:
-		case SSL3_ST_SW_KEY_EXCH_B:
-			alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-			alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-
-			/*
-			 * clear this, it may get reset by
-			 * send_server_key_exchange
-			 */
-			s->s3->tmp.use_rsa_tmp=0;
-
-
-			/* only send if a DH key exchange, fortezza or
-			 * RSA but we have a sign only certificate
-			 *
-			 * PSK: may send PSK identity hints
-			 *
-			 * For ECC ciphersuites, we send a serverKeyExchange
-			 * message only if the cipher suite is either
-			 * ECDH-anon or ECDHE. In other cases, the
-			 * server certificate contains the server's
-			 * public key for key exchange.
-			 */
-			if (0
-			/* PSK: send ServerKeyExchange if either:
-			 *   - PSK identity hint is provided, or
-			 *   - the key exchange is kEECDH.
-			 */
-#ifndef OPENSSL_NO_PSK
-			    || ((alg_a & SSL_aPSK) && ((alg_k & SSL_kEECDH) || s->session->psk_identity_hint))
-#endif
-#ifndef OPENSSL_NO_SRP
-			    /* SRP: send ServerKeyExchange */
-			    || (alg_k & SSL_kSRP)
-#endif
-			    || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
-			    || (alg_k & SSL_kEECDH)
-			    || ((alg_k & SSL_kRSA)
-				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
-				    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
-					&& EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
-					)
-				    )
-				)
-			    )
-				{
-				ret=ssl3_send_server_key_exchange(s);
-				if (ret <= 0) goto end;
-				}
-			else
-				skip=1;
-
-			s->state=SSL3_ST_SW_CERT_REQ_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_SW_CERT_REQ_A:
-		case SSL3_ST_SW_CERT_REQ_B:
-			if (/* don't request cert unless asked for it: */
-				!(s->verify_mode & SSL_VERIFY_PEER) ||
-				/* if SSL_VERIFY_CLIENT_ONCE is set,
-				 * don't request cert during re-negotiation: */
-				((s->session->peer != NULL) &&
-				 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-				/* never request cert in anonymous ciphersuites
-				 * (see section "Certificate request" in SSL 3 drafts
-				 * and in RFC 2246): */
-				((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
-				 /* ... except when the application insists on verification
-				  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
-				 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
-				 /* never request cert in Kerberos ciphersuites */
-				(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) ||
-				/* don't request certificate for SRP auth */
-				(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
-				/* With normal PSK Certificates and
-				 * Certificate Requests are omitted */
-				|| (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
-				{
-				/* no cert request */
-				skip=1;
-				s->s3->tmp.cert_request=0;
-				s->state=SSL3_ST_SW_SRVR_DONE_A;
-				if (s->s3->handshake_buffer)
-					if (!ssl3_digest_cached_records(s))
-						return -1;
-				}
-			else
-				{
-				s->s3->tmp.cert_request=1;
-				ret=ssl3_send_certificate_request(s);
-				if (ret <= 0) goto end;
-#ifndef NETSCAPE_HANG_BUG
-				s->state=SSL3_ST_SW_SRVR_DONE_A;
-#else
-				s->state=SSL3_ST_SW_FLUSH;
-				s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
-#endif
-				s->init_num=0;
-				}
-			break;
-
-		case SSL3_ST_SW_SRVR_DONE_A:
-		case SSL3_ST_SW_SRVR_DONE_B:
-			ret=ssl3_send_server_done(s);
-			if (ret <= 0) goto end;
-			s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
-			s->state=SSL3_ST_SW_FLUSH;
-			s->init_num=0;
-			break;
-		
-		case SSL3_ST_SW_FLUSH:
-
-			/* This code originally checked to see if
-			 * any data was pending using BIO_CTRL_INFO
-			 * and then flushed. This caused problems
-			 * as documented in PR#1939. The proposed
-			 * fix doesn't completely resolve this issue
-			 * as buggy implementations of BIO_CTRL_PENDING
-			 * still exist. So instead we just flush
-			 * unconditionally.
-			 */
-
-			s->rwstate=SSL_WRITING;
-			if (BIO_flush(s->wbio) <= 0)
-				{
-				ret= -1;
-				goto end;
-				}
-			s->rwstate=SSL_NOTHING;
-
-			s->state=s->s3->tmp.next_state;
-			break;
-
-		case SSL3_ST_SR_CERT_A:
-		case SSL3_ST_SR_CERT_B:
-			/* Check for second client hello (MS SGC) */
-			ret = ssl3_check_client_hello(s);
-			if (ret <= 0)
-				goto end;
-			if (ret == 2)
-				s->state = SSL3_ST_SR_CLNT_HELLO_C;
-			else {
-				if (s->s3->tmp.cert_request)
-					{
-					ret=ssl3_get_client_certificate(s);
-					if (ret <= 0) goto end;
-					}
-				s->init_num=0;
-				s->state=SSL3_ST_SR_KEY_EXCH_A;
-			}
-			break;
-
-		case SSL3_ST_SR_KEY_EXCH_A:
-		case SSL3_ST_SR_KEY_EXCH_B:
-			ret=ssl3_get_client_key_exchange(s);
-			if (ret <= 0)
-				goto end;
-			if (ret == 2)
-				{
-				/* For the ECDH ciphersuites when
-				 * the client sends its ECDH pub key in
-				 * a certificate, the CertificateVerify
-				 * message is not sent.
-				 * Also for GOST ciphersuites when
-				 * the client uses its key from the certificate
-				 * for key exchange.
-				 */
-				s->init_num = 0;
-				s->state=SSL3_ST_SR_POST_CLIENT_CERT;
-				}
-			else if (TLS1_get_version(s) >= TLS1_2_VERSION)
-				{
-				s->state=SSL3_ST_SR_CERT_VRFY_A;
-				s->init_num=0;
-				if (!s->session->peer)
-					break;
-				/* For TLS v1.2 freeze the handshake buffer
-				 * at this point and digest cached records.
-				 */
-				if (!s->s3->handshake_buffer)
-					{
-					SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR);
-					return -1;
-					}
-				s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
-				if (!ssl3_digest_cached_records(s))
-					return -1;
-				}
-			else
-				{
-				int offset=0;
-				int dgst_num;
-
-				s->state=SSL3_ST_SR_CERT_VRFY_A;
-				s->init_num=0;
-
-				/* We need to get hashes here so if there is
-				 * a client cert, it can be verified
-				 * FIXME - digest processing for CertificateVerify
-				 * should be generalized. But it is next step
-				 */
-				if (s->s3->handshake_buffer)
-					if (!ssl3_digest_cached_records(s))
-						return -1;
-				for (dgst_num=0; dgst_num<SSL_MAX_DIGEST;dgst_num++)	
-					if (s->s3->handshake_dgst[dgst_num]) 
-						{
-						int dgst_size;
-
-						s->method->ssl3_enc->cert_verify_mac(s,EVP_MD_CTX_type(s->s3->handshake_dgst[dgst_num]),&(s->s3->tmp.cert_verify_md[offset]));
-						dgst_size=EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]);
-						if (dgst_size < 0)
-							{
-							ret = -1;
-							goto end;
-							}
-						offset+=dgst_size;
-						}		
-				}
-			break;
-
-		case SSL3_ST_SR_CERT_VRFY_A:
-		case SSL3_ST_SR_CERT_VRFY_B:
-			/*
-			 * This *should* be the first time we enable CCS, but be
-			 * extra careful about surrounding code changes. We need
-			 * to set this here because we don't know if we're
-			 * expecting a CertificateVerify or not.
-			 */
-			if (!s->s3->change_cipher_spec)
-				s->s3->flags |= SSL3_FLAGS_CCS_OK;
-			/* we should decide if we expected this one */
-			ret=ssl3_get_cert_verify(s);
-			if (ret <= 0) goto end;
-
-			s->state=SSL3_ST_SR_POST_CLIENT_CERT;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_SR_POST_CLIENT_CERT: {
-			char next_proto_neg = 0;
-			char channel_id = 0;
-#if !defined(OPENSSL_NO_TLSEXT)
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
-			next_proto_neg = s->s3->next_proto_neg_seen;
-# endif
-			channel_id = s->s3->tlsext_channel_id_valid;
-#endif
-
-			if (next_proto_neg)
-				s->state=SSL3_ST_SR_NEXT_PROTO_A;
-			else if (channel_id)
-				s->state=SSL3_ST_SR_CHANNEL_ID_A;
-			else
-				s->state=SSL3_ST_SR_FINISHED_A;
-			break;
-		}
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-		case SSL3_ST_SR_NEXT_PROTO_A:
-		case SSL3_ST_SR_NEXT_PROTO_B:
-			/*
-			 * Enable CCS for resumed handshakes with NPN.
-			 * In a full handshake with NPN, we end up here through
-			 * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was
-			 * already set. Receiving a CCS clears the flag, so make
-			 * sure not to re-enable it to ban duplicates.
-			 * s->s3->change_cipher_spec is set when a CCS is
-			 * processed in s3_pkt.c, and remains set until
-			 * the client's Finished message is read.
-			 */
-			if (!s->s3->change_cipher_spec)
-				s->s3->flags |= SSL3_FLAGS_CCS_OK;
-
-			ret=ssl3_get_next_proto(s);
-			if (ret <= 0) goto end;
-			s->init_num = 0;
-			if (s->s3->tlsext_channel_id_valid)
-				s->state=SSL3_ST_SR_CHANNEL_ID_A;
-			else
-				s->state=SSL3_ST_SR_FINISHED_A;
-			break;
-#endif
-
-#if !defined(OPENSSL_NO_TLSEXT)
-		case SSL3_ST_SR_CHANNEL_ID_A:
-		case SSL3_ST_SR_CHANNEL_ID_B:
-			ret=ssl3_get_channel_id(s);
-			if (ret <= 0) goto end;
-			s->init_num = 0;
-			s->state=SSL3_ST_SR_FINISHED_A;
-			break;
-#endif
-
-		case SSL3_ST_SR_FINISHED_A:
-		case SSL3_ST_SR_FINISHED_B:
-			/*
-			 * Enable CCS for resumed handshakes without NPN.
-			 * In a full handshake, we end up here through
-			 * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was
-			 * already set. Receiving a CCS clears the flag, so make
-			 * sure not to re-enable it to ban duplicates.
-			 * s->s3->change_cipher_spec is set when a CCS is
-			 * processed in s3_pkt.c, and remains set until
-			 * the client's Finished message is read.
-			 */
-			if (!s->s3->change_cipher_spec)
-				s->s3->flags |= SSL3_FLAGS_CCS_OK;
-			ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
-				SSL3_ST_SR_FINISHED_B);
-			if (ret <= 0) goto end;
-			if (s->hit)
-				s->state=SSL_ST_OK;
-#ifndef OPENSSL_NO_TLSEXT
-			else if (s->tlsext_ticket_expected)
-				s->state=SSL3_ST_SW_SESSION_TICKET_A;
-#endif
-			else
-				s->state=SSL3_ST_SW_CHANGE_A;
-			/* If this is a full handshake with ChannelID then
-			 * record the hashshake hashes in |s->session| in case
-			 * we need them to verify a ChannelID signature on a
-			 * resumption of this session in the future. */
-			if (!s->hit && s->s3->tlsext_channel_id_new)
-				{
-				ret = tls1_record_handshake_hashes_for_channel_id(s);
-				if (ret <= 0) goto end;
-				}
-			s->init_num=0;
-			break;
-
-#ifndef OPENSSL_NO_TLSEXT
-		case SSL3_ST_SW_SESSION_TICKET_A:
-		case SSL3_ST_SW_SESSION_TICKET_B:
-			ret=ssl3_send_newsession_ticket(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_SW_CHANGE_A;
-			s->init_num=0;
-			break;
-
-		case SSL3_ST_SW_CERT_STATUS_A:
-		case SSL3_ST_SW_CERT_STATUS_B:
-			ret=ssl3_send_cert_status(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_SW_KEY_EXCH_A;
-			s->init_num=0;
-			break;
-
-#endif
-
-		case SSL3_ST_SW_CHANGE_A:
-		case SSL3_ST_SW_CHANGE_B:
-
-			s->session->cipher=s->s3->tmp.new_cipher;
-			if (!s->method->ssl3_enc->setup_key_block(s))
-				{ ret= -1; goto end; }
-
-			ret=ssl3_send_change_cipher_spec(s,
-				SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
-
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_SW_FINISHED_A;
-			s->init_num=0;
-
-			if (!s->method->ssl3_enc->change_cipher_state(s,
-				SSL3_CHANGE_CIPHER_SERVER_WRITE))
-				{
-				ret= -1;
-				goto end;
-				}
-
-			break;
-
-		case SSL3_ST_SW_FINISHED_A:
-		case SSL3_ST_SW_FINISHED_B:
-			ret=ssl3_send_finished(s,
-				SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
-				s->method->ssl3_enc->server_finished_label,
-				s->method->ssl3_enc->server_finished_label_len);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_SW_FLUSH;
-			if (s->hit)
-				s->s3->tmp.next_state=SSL3_ST_SR_POST_CLIENT_CERT;
-			else
-				s->s3->tmp.next_state=SSL_ST_OK;
-			s->init_num=0;
-			break;
-
-		case SSL_ST_OK:
-			/* clean a few things up */
-			ssl3_cleanup_key_block(s);
-
-			BUF_MEM_free(s->init_buf);
-			s->init_buf=NULL;
-
-			/* remove buffering on output */
-			ssl_free_wbio_buffer(s);
-
-			s->init_num=0;
-
-			if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
-				{
-				s->renegotiate=0;
-				s->new_session=0;
-				
-				ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-				
-				s->ctx->stats.sess_accept_good++;
-				/* s->server=1; */
-				s->handshake_func=ssl3_accept;
-
-				if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-				}
-			
-			ret = 1;
-			goto end;
-			/* break; */
-
-		default:
-			SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
-			ret= -1;
-			goto end;
-			/* break; */
-			}
-		
-		if (!s->s3->tmp.reuse_message && !skip)
-			{
-			if (s->debug)
-				{
-				if ((ret=BIO_flush(s->wbio)) <= 0)
-					goto end;
-				}
-
-
-			if ((cb != NULL) && (s->state != state))
-				{
-				new_state=s->state;
-				s->state=state;
-				cb(s,SSL_CB_ACCEPT_LOOP,1);
-				s->state=new_state;
-				}
-			}
-		skip=0;
-		}
-end:
-	/* BIO_flush(s->wbio); */
-
-	s->in_handshake--;
-	if (cb != NULL)
-		cb(s,SSL_CB_ACCEPT_EXIT,ret);
-	return(ret);
-	}
-
-int ssl3_send_hello_request(SSL *s)
-	{
-	unsigned char *p;
-
-	if (s->state == SSL3_ST_SW_HELLO_REQ_A)
-		{
-		p=(unsigned char *)s->init_buf->data;
-		*(p++)=SSL3_MT_HELLO_REQUEST;
-		*(p++)=0;
-		*(p++)=0;
-		*(p++)=0;
-
-		s->state=SSL3_ST_SW_HELLO_REQ_B;
-		/* number of bytes to write */
-		s->init_num=4;
-		s->init_off=0;
-		}
-
-	/* SSL3_ST_SW_HELLO_REQ_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-int ssl3_check_client_hello(SSL *s)
-	{
-	int ok;
-	long n;
-
-	/* this function is called when we really expect a Certificate message,
-	 * so permit appropriate message length */
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_SR_CERT_A,
-		SSL3_ST_SR_CERT_B,
-		-1,
-		s->max_cert_list,
-		&ok);
-	if (!ok) return((int)n);
-	s->s3->tmp.reuse_message = 1;
-	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
-		{
-		/* We only allow the client to restart the handshake once per
-		 * negotiation. */
-		if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
-			{
-			SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
-			return -1;
-			}
-		/* Throw away what we have done so far in the current handshake,
-		 * which will now be aborted. (A full SSL_clear would be too much.) */
-#ifndef OPENSSL_NO_DH
-		if (s->s3->tmp.dh != NULL)
-			{
-			DH_free(s->s3->tmp.dh);
-			s->s3->tmp.dh = NULL;
-			}
-#endif
-#ifndef OPENSSL_NO_ECDH
-		if (s->s3->tmp.ecdh != NULL)
-			{
-			EC_KEY_free(s->s3->tmp.ecdh);
-			s->s3->tmp.ecdh = NULL;
-			}
-#endif
-		s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
-		return 2;
-		}
-	return 1;
-}
-
-int ssl3_get_client_hello(SSL *s)
-	{
-	int i,j,ok,al,ret= -1;
-	unsigned int cookie_len;
-	long n;
-	unsigned long id;
-	unsigned char *p,*d,*q;
-	SSL_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
-	SSL_COMP *comp=NULL;
-#endif
-	STACK_OF(SSL_CIPHER) *ciphers=NULL;
-
-	/* We do this so that we will respond with our native type.
-	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
-	 * This down switching should be handled by a different method.
-	 * If we are SSLv3, we will respond with SSLv3, even if prompted with
-	 * TLSv1.
-	 */
-	if (s->state == SSL3_ST_SR_CLNT_HELLO_A
-		)
-		{
-		s->state=SSL3_ST_SR_CLNT_HELLO_B;
-		}
-	s->first_packet=1;
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_SR_CLNT_HELLO_B,
-		SSL3_ST_SR_CLNT_HELLO_C,
-		SSL3_MT_CLIENT_HELLO,
-		SSL3_RT_MAX_PLAIN_LENGTH,
-		&ok);
-
-	if (!ok) return((int)n);
-	s->first_packet=0;
-	d=p=(unsigned char *)s->init_msg;
-
-	/* use version from inside client hello, not from record header
-	 * (may differ: see RFC 2246, Appendix E, second paragraph) */
-	s->client_version=(((int)p[0])<<8)|(int)p[1];
-	p+=2;
-
-	if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
-	    (s->version != DTLS1_VERSION && s->client_version < s->version))
-		{
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
-		if ((s->client_version>>8) == SSL3_VERSION_MAJOR && 
-			!s->enc_write_ctx && !s->write_hash)
-			{
-			/* similar to ssl3_get_record, send alert using remote version number */
-			s->version = s->client_version;
-			}
-		al = SSL_AD_PROTOCOL_VERSION;
-		goto f_err;
-		}
-
-	/* If we require cookies and this ClientHello doesn't
-	 * contain one, just return since we do not want to
-	 * allocate any memory yet. So check cookie length...
-	 */
-	if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
-		{
-		unsigned int session_length, cookie_length;
-		
-		session_length = *(p + SSL3_RANDOM_SIZE);
-		cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
-
-		if (cookie_length == 0)
-			return 1;
-		}
-
-	/* load the client random */
-	memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
-	p+=SSL3_RANDOM_SIZE;
-
-	/* get the session-id */
-	j= *(p++);
-
-	s->hit=0;
-	/* Versions before 0.9.7 always allow clients to resume sessions in renegotiation.
-	 * 0.9.7 and later allow this by default, but optionally ignore resumption requests
-	 * with flag SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather
-	 * than a change to default behavior so that applications relying on this for security
-	 * won't even compile against older library versions).
-	 *
-	 * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to request
-	 * renegotiation but not a new session (s->new_session remains unset): for servers,
-	 * this essentially just means that the SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
-	 * setting will be ignored.
-	 */
-	if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
-		{
-	        if (!s->session_creation_enabled)
-			{
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-			goto err;
-		}
-		if (!ssl_get_new_session(s,1))
-			goto err;
-		}
-	else
-		{
-		i=ssl_get_prev_session(s, p, j, d + n);
-		/*
-		 * Only resume if the session's version matches the negotiated
-		 * version.
-		 * RFC 5246 does not provide much useful advice on resumption
-		 * with a different protocol version. It doesn't forbid it but
-		 * the sanity of such behaviour would be questionable.
-		 * In practice, clients do not accept a version mismatch and
-		 * will abort the handshake with an error.
-		 */
-		if (i == 1 && s->version == s->session->ssl_version)
-			{ /* previous session */
-			s->hit=1;
-			}
-		else if (i == -1)
-			goto err;
-		else /* i == 0 */
-			{
-		        if (!s->session_creation_enabled)
-				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-				goto err;
-				}
-			if (!ssl_get_new_session(s,1))
-				goto err;
-			}
-		}
-
-	p+=j;
-
-	if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
-		{
-		/* cookie stuff */
-		cookie_len = *(p++);
-
-		/* 
-		 * The ClientHello may contain a cookie even if the
-		 * HelloVerify message has not been sent--make sure that it
-		 * does not cause an overflow.
-		 */
-		if ( cookie_len > sizeof(s->d1->rcvd_cookie))
-			{
-			/* too much data */
-			al = SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
-			goto f_err;
-			}
-
-		/* verify the cookie if appropriate option is set. */
-		if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
-			cookie_len > 0)
-			{
-			memcpy(s->d1->rcvd_cookie, p, cookie_len);
-
-			if ( s->ctx->app_verify_cookie_cb != NULL)
-				{
-				if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
-					cookie_len) == 0)
-					{
-					al=SSL_AD_HANDSHAKE_FAILURE;
-					SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 
-						SSL_R_COOKIE_MISMATCH);
-					goto f_err;
-					}
-				/* else cookie verification succeeded */
-				}
-			else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie, 
-						  s->d1->cookie_len) != 0) /* default verification */
-				{
-					al=SSL_AD_HANDSHAKE_FAILURE;
-					SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, 
-						SSL_R_COOKIE_MISMATCH);
-					goto f_err;
-				}
-
-			ret = 2;
-			}
-
-		p += cookie_len;
-		}
-
-	n2s(p,i);
-	if ((i == 0) && (j != 0))
-		{
-		/* we need a cipher if we are not resuming a session */
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
-		goto f_err;
-		}
-	if ((p+i) >= (d+n))
-		{
-		/* not enough data */
-		al=SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
-		goto f_err;
-		}
-	if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
-		== NULL))
-		{
-		goto err;
-		}
-	p+=i;
-
-	/* If it is a hit, check that the cipher is in the list */
-	if ((s->hit) && (i > 0))
-		{
-		j=0;
-		id=s->session->cipher->id;
-
-#ifdef CIPHER_DEBUG
-		fprintf(stderr,"client sent %d ciphers\n",sk_SSL_CIPHER_num(ciphers));
-#endif
-		for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
-			{
-			c=sk_SSL_CIPHER_value(ciphers,i);
-#ifdef CIPHER_DEBUG
-			fprintf(stderr,"client [%2d of %2d]:%s\n",
-				i,sk_SSL_CIPHER_num(ciphers),
-				SSL_CIPHER_get_name(c));
-#endif
-			if (c->id == id)
-				{
-				j=1;
-				break;
-				}
-			}
-/* Disabled because it can be used in a ciphersuite downgrade
- * attack: CVE-2010-4180.
- */
-#if 0
-		if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
-			{
-			/* Special case as client bug workaround: the previously used cipher may
-			 * not be in the current list, the client instead might be trying to
-			 * continue using a cipher that before wasn't chosen due to server
-			 * preferences.  We'll have to reject the connection if the cipher is not
-			 * enabled, though. */
-			c = sk_SSL_CIPHER_value(ciphers, 0);
-			if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0)
-				{
-				s->session->cipher = c;
-				j = 1;
-				}
-			}
-#endif
-		if (j == 0)
-			{
-			/* we need to have the cipher in the cipher
-			 * list if we are asked to reuse it */
-			al=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
-			goto f_err;
-			}
-		}
-
-	/* compression */
-	i= *(p++);
-	if ((p+i) > (d+n))
-		{
-		/* not enough data */
-		al=SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
-		goto f_err;
-		}
-	q=p;
-	for (j=0; j<i; j++)
-		{
-		if (p[j] == 0) break;
-		}
-
-	p+=i;
-	if (j >= i)
-		{
-		/* no compress */
-		al=SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
-		goto f_err;
-		}
-
-#ifndef OPENSSL_NO_TLSEXT
-	/* TLS extensions*/
-	if (s->version >= SSL3_VERSION)
-		{
-		if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
-			{
-			/* 'al' set by ssl_parse_clienthello_tlsext */
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
-			goto f_err;
-			}
-		}
-		if (ssl_check_clienthello_tlsext_early(s) <= 0) {
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
-			goto err;
-		}
-
-	/* Check if we want to use external pre-shared secret for this
-	 * handshake for not reused session only. We need to generate
-	 * server_random before calling tls_session_secret_cb in order to allow
-	 * SessionTicket processing to use it in key derivation. */
-	{
-		unsigned char *pos;
-		pos=s->s3->server_random;
-		if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0)
-			{
-			al=SSL_AD_INTERNAL_ERROR;
-			goto f_err;
-			}
-	}
-
-	if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
-		{
-		SSL_CIPHER *pref_cipher=NULL;
-
-		s->session->master_key_length=sizeof(s->session->master_key);
-		if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
-			ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
-			{
-			s->hit=1;
-			s->session->ciphers=ciphers;
-			s->session->verify_result=X509_V_OK;
-
-			ciphers=NULL;
-
-			/* check if some cipher was preferred by call back */
-			pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
-			if (pref_cipher == NULL)
-				{
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
-				goto f_err;
-				}
-
-			s->session->cipher=pref_cipher;
-
-			if (s->cipher_list)
-				sk_SSL_CIPHER_free(s->cipher_list);
-
-			if (s->cipher_list_by_id)
-				sk_SSL_CIPHER_free(s->cipher_list_by_id);
-
-			s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
-			s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
-			}
-		}
-#endif
-
-	/* Worst case, we will use the NULL compression, but if we have other
-	 * options, we will now look for them.  We have i-1 compression
-	 * algorithms from the client, starting at q. */
-	s->s3->tmp.new_compression=NULL;
-#ifndef OPENSSL_NO_COMP
-	/* This only happens if we have a cache hit */
-	if (s->session->compress_meth != 0)
-		{
-		int m, comp_id = s->session->compress_meth;
-		/* Perform sanity checks on resumed compression algorithm */
-		/* Can't disable compression */
-		if (s->options & SSL_OP_NO_COMPRESSION)
-			{
-			al=SSL_AD_INTERNAL_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
-			goto f_err;
-			}
-		/* Look for resumed compression method */
-		for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++)
-			{
-			comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
-			if (comp_id == comp->id)
-				{
-				s->s3->tmp.new_compression=comp;
-				break;
-				}
-			}
-		if (s->s3->tmp.new_compression == NULL)
-			{
-			al=SSL_AD_INTERNAL_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INVALID_COMPRESSION_ALGORITHM);
-			goto f_err;
-			}
-		/* Look for resumed method in compression list */
-		for (m = 0; m < i; m++)
-			{
-			if (q[m] == comp_id)
-				break;
-			}
-		if (m >= i)
-			{
-			al=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING);
-			goto f_err;
-			}
-		}
-	else if (s->hit)
-		comp = NULL;
-	else if (!(s->options & SSL_OP_NO_COMPRESSION) && s->ctx->comp_methods)
-		{ /* See if we have a match */
-		int m,nn,o,v,done=0;
-
-		nn=sk_SSL_COMP_num(s->ctx->comp_methods);
-		for (m=0; m<nn; m++)
-			{
-			comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
-			v=comp->id;
-			for (o=0; o<i; o++)
-				{
-				if (v == q[o])
-					{
-					done=1;
-					break;
-					}
-				}
-			if (done) break;
-			}
-		if (done)
-			s->s3->tmp.new_compression=comp;
-		else
-			comp=NULL;
-		}
-#else
-	/* If compression is disabled we'd better not try to resume a session
-	 * using compression.
-	 */
-	if (s->session->compress_meth != 0)
-		{
-		al=SSL_AD_INTERNAL_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_INCONSISTENT_COMPRESSION);
-		goto f_err;
-		}
-#endif
-
-	/* Given s->session->ciphers and SSL_get_ciphers, we must
-	 * pick a cipher */
-
-	if (!s->hit)
-		{
-#ifdef OPENSSL_NO_COMP
-		s->session->compress_meth=0;
-#else
-		s->session->compress_meth=(comp == NULL)?0:comp->id;
-#endif
-		if (s->session->ciphers != NULL)
-			sk_SSL_CIPHER_free(s->session->ciphers);
-		s->session->ciphers=ciphers;
-		if (ciphers == NULL)
-			{
-			al=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
-			goto f_err;
-			}
-		ciphers=NULL;
-		c=ssl3_choose_cipher(s,s->session->ciphers,
-				     SSL_get_ciphers(s));
-
-		if (c == NULL)
-			{
-			al=SSL_AD_HANDSHAKE_FAILURE;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
-			goto f_err;
-			}
-		s->s3->tmp.new_cipher=c;
-		}
-	else
-		{
-		/* Session-id reuse */
-#ifdef REUSE_CIPHER_BUG
-		STACK_OF(SSL_CIPHER) *sk;
-		SSL_CIPHER *nc=NULL;
-		SSL_CIPHER *ec=NULL;
-
-		if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
-			{
-			sk=s->session->ciphers;
-			for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
-				{
-				c=sk_SSL_CIPHER_value(sk,i);
-				if (c->algorithm_enc & SSL_eNULL)
-					nc=c;
-				if (SSL_C_IS_EXPORT(c))
-					ec=c;
-				}
-			if (nc != NULL)
-				s->s3->tmp.new_cipher=nc;
-			else if (ec != NULL)
-				s->s3->tmp.new_cipher=ec;
-			else
-				s->s3->tmp.new_cipher=s->session->cipher;
-			}
-		else
-#endif
-		s->s3->tmp.new_cipher=s->session->cipher;
-		}
-
-	if (TLS1_get_version(s) < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER))
-		{
-		if (!ssl3_digest_cached_records(s))
-			{
-			al = SSL_AD_INTERNAL_ERROR;
-			goto f_err;
-			}
-		}
-	
-	/* we now have the following setup. 
-	 * client_random
-	 * cipher_list 		- our prefered list of ciphers
-	 * ciphers 		- the clients prefered list of ciphers
-	 * compression		- basically ignored right now
-	 * ssl version is set	- sslv3
-	 * s->session		- The ssl session has been setup.
-	 * s->hit		- session reuse flag
-	 * s->tmp.new_cipher	- the new cipher to use.
-	 */
-
-	/* Handles TLS extensions that we couldn't check earlier */
-	if (s->version >= SSL3_VERSION)
-		{
-		if (ssl_check_clienthello_tlsext_late(s) <= 0)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
-			goto err;
-			}
-		}
-
-	if (ret < 0) ret=1;
-	if (0)
-		{
-f_err:
-		ssl3_send_alert(s,SSL3_AL_FATAL,al);
-		}
-err:
-	if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
-	return(ret);
-	}
-
-int ssl3_send_server_hello(SSL *s)
-	{
-	unsigned char *buf;
-	unsigned char *p,*d;
-	int i,sl;
-	unsigned long l;
-
-	if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
-		{
-		/* We only accept ChannelIDs on connections with ECDHE in order
-		 * to avoid a known attack while we fix ChannelID itself. */
-		if (s->s3 &&
-		    s->s3->tlsext_channel_id_valid &&
-		    (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kEECDH) == 0)
-			s->s3->tlsext_channel_id_valid = 0;
-
-		/* If this is a resumption and the original handshake didn't
-		 * support ChannelID then we didn't record the original
-		 * handshake hashes in the session and so cannot resume with
-		 * ChannelIDs. */
-		if (s->hit &&
-		    s->s3->tlsext_channel_id_new &&
-		    s->session->original_handshake_hash_len == 0)
-			s->s3->tlsext_channel_id_valid = 0;
-
-		buf=(unsigned char *)s->init_buf->data;
-#ifdef OPENSSL_NO_TLSEXT
-		p=s->s3->server_random;
-		if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0)
-			return -1;
-#endif
-		/* Do the message type and length last */
-		d=p= &(buf[4]);
-
-		*(p++)=s->version>>8;
-		*(p++)=s->version&0xff;
-
-		/* Random stuff */
-		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
-		p+=SSL3_RANDOM_SIZE;
-
-		/* There are several cases for the session ID to send
-		 * back in the server hello:
-		 * - For session reuse from the session cache,
-		 *   we send back the old session ID.
-		 * - If stateless session reuse (using a session ticket)
-		 *   is successful, we send back the client's "session ID"
-		 *   (which doesn't actually identify the session).
-		 * - If it is a new session, we send back the new
-		 *   session ID.
-		 * - However, if we want the new session to be single-use,
-		 *   we send back a 0-length session ID.
-		 * s->hit is non-zero in either case of session reuse,
-		 * so the following won't overwrite an ID that we're supposed
-		 * to send back.
-		 */
-		if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
-			&& !s->hit)
-			s->session->session_id_length=0;
-
-		sl=s->session->session_id_length;
-		if (sl > (int)sizeof(s->session->session_id))
-			{
-			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
-			return -1;
-			}
-		*(p++)=sl;
-		memcpy(p,s->session->session_id,sl);
-		p+=sl;
-
-		/* put the cipher */
-		i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
-		p+=i;
-
-		/* put the compression method */
-#ifdef OPENSSL_NO_COMP
-			*(p++)=0;
-#else
-		if (s->s3->tmp.new_compression == NULL)
-			*(p++)=0;
-		else
-			*(p++)=s->s3->tmp.new_compression->id;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-		if (ssl_prepare_serverhello_tlsext(s) <= 0)
-			{
-			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
-			return -1;
-			}
-		if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
-			{
-			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
-			return -1;
-			}
-#endif
-		/* do the header */
-		l=(p-d);
-		d=buf;
-		*(d++)=SSL3_MT_SERVER_HELLO;
-		l2n3(l,d);
-
-		s->state=SSL3_ST_SW_SRVR_HELLO_B;
-		/* number of bytes to write */
-		s->init_num=p-buf;
-		s->init_off=0;
-		}
-
-	/* SSL3_ST_SW_SRVR_HELLO_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-int ssl3_send_server_done(SSL *s)
-	{
-	unsigned char *p;
-
-	if (s->state == SSL3_ST_SW_SRVR_DONE_A)
-		{
-		p=(unsigned char *)s->init_buf->data;
-
-		/* do the header */
-		*(p++)=SSL3_MT_SERVER_DONE;
-		*(p++)=0;
-		*(p++)=0;
-		*(p++)=0;
-
-		s->state=SSL3_ST_SW_SRVR_DONE_B;
-		/* number of bytes to write */
-		s->init_num=4;
-		s->init_off=0;
-		}
-
-	/* SSL3_ST_SW_SRVR_DONE_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-int ssl3_send_server_key_exchange(SSL *s)
-	{
-#ifndef OPENSSL_NO_RSA
-	unsigned char *q;
-	int j,num;
-	RSA *rsa;
-	unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
-	unsigned int u;
-#endif
-#ifndef OPENSSL_NO_DH
-	DH *dh=NULL,*dhp;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	EC_KEY *ecdh=NULL, *ecdhp;
-	unsigned char *encodedPoint = NULL;
-	int encodedlen = 0;
-	int curve_id = 0;
-	BN_CTX *bn_ctx = NULL; 
-#endif
-#ifndef OPENSSL_NO_PSK
-	const char* psk_identity_hint;
-	size_t psk_identity_hint_len;
-#endif
-	EVP_PKEY *pkey;
-	const EVP_MD *md = NULL;
-	unsigned char *p,*d;
-	int al,i;
-	unsigned long alg_k;
-	unsigned long alg_a;
-	int n;
-	CERT *cert;
-	BIGNUM *r[4];
-	int nr[4],kn;
-	BUF_MEM *buf;
-	EVP_MD_CTX md_ctx;
-
-	EVP_MD_CTX_init(&md_ctx);
-	if (s->state == SSL3_ST_SW_KEY_EXCH_A)
-		{
-		alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
-		alg_a=s->s3->tmp.new_cipher->algorithm_auth;
-		cert=s->cert;
-
-		buf=s->init_buf;
-
-		r[0]=r[1]=r[2]=r[3]=NULL;
-		n=0;
-#ifndef OPENSSL_NO_PSK
-		if (alg_a & SSL_aPSK)
-			{
-			/* size for PSK identity hint */
-			psk_identity_hint = s->session->psk_identity_hint;
-			if (psk_identity_hint)
-				psk_identity_hint_len = strlen(psk_identity_hint);
-			else
-				psk_identity_hint_len = 0;
-			n+=2+psk_identity_hint_len;
-			}
-#endif /* !OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_RSA
-		if (alg_k & SSL_kRSA)
-			{
-			rsa=cert->rsa_tmp;
-			if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
-				{
-				rsa=s->cert->rsa_tmp_cb(s,
-				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
-				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
-				if(rsa == NULL)
-				{
-					al=SSL_AD_HANDSHAKE_FAILURE;
-					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
-					goto f_err;
-				}
-				RSA_up_ref(rsa);
-				cert->rsa_tmp=rsa;
-				}
-			if (rsa == NULL)
-				{
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
-				goto f_err;
-				}
-			r[0]=rsa->n;
-			r[1]=rsa->e;
-			s->s3->tmp.use_rsa_tmp=1;
-			}
-#endif
-#ifndef OPENSSL_NO_DH
-		else if (alg_k & SSL_kEDH)
-			{
-			dhp=cert->dh_tmp;
-			if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
-				dhp=s->cert->dh_tmp_cb(s,
-				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
-				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
-			if (dhp == NULL)
-				{
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
-				goto f_err;
-				}
-
-			if (s->s3->tmp.dh != NULL)
-				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-
-			if ((dh=DHparams_dup(dhp)) == NULL)
-				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
-				goto err;
-				}
-
-			s->s3->tmp.dh=dh;
-			if ((dhp->pub_key == NULL ||
-			     dhp->priv_key == NULL ||
-			     (s->options & SSL_OP_SINGLE_DH_USE)))
-				{
-				if(!DH_generate_key(dh))
-				    {
-				    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
-					   ERR_R_DH_LIB);
-				    goto err;
-				    }
-				}
-			else
-				{
-				dh->pub_key=BN_dup(dhp->pub_key);
-				dh->priv_key=BN_dup(dhp->priv_key);
-				if ((dh->pub_key == NULL) ||
-					(dh->priv_key == NULL))
-					{
-					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
-					goto err;
-					}
-				}
-			r[0]=dh->p;
-			r[1]=dh->g;
-			r[2]=dh->pub_key;
-			}
-#endif
-#ifndef OPENSSL_NO_ECDH
-		else if (alg_k & SSL_kEECDH)
-			{
-			const EC_GROUP *group;
-
-			ecdhp=cert->ecdh_tmp;
-			if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
-				{
-				ecdhp=s->cert->ecdh_tmp_cb(s,
-				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
-				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
-				}
-			if (ecdhp == NULL)
-				{
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
-				goto f_err;
-				}
-
-			if (s->s3->tmp.ecdh != NULL)
-				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-
-			/* Duplicate the ECDH structure. */
-			if (ecdhp == NULL)
-				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
-				goto err;
-				}
-			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
-				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
-				goto err;
-				}
-
-			s->s3->tmp.ecdh=ecdh;
-			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
-			    (EC_KEY_get0_private_key(ecdh) == NULL) ||
-			    (s->options & SSL_OP_SINGLE_ECDH_USE))
-				{
-				if(!EC_KEY_generate_key(ecdh))
-				    {
-				    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
-				    goto err;
-				    }
-				}
-
-			if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
-			    (EC_KEY_get0_public_key(ecdh)  == NULL) ||
-			    (EC_KEY_get0_private_key(ecdh) == NULL))
-				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
-				goto err;
-				}
-
-			if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
-			    (EC_GROUP_get_degree(group) > 163)) 
-				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
-				goto err;
-				}
-
-			/* XXX: For now, we only support ephemeral ECDH
-			 * keys over named (not generic) curves. For 
-			 * supported named curves, curve_id is non-zero.
-			 */
-			if ((curve_id = 
-			    tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))
-			    == 0)
-				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
-				goto err;
-				}
-
-			/* Encode the public key.
-			 * First check the size of encoding and
-			 * allocate memory accordingly.
-			 */
-			encodedlen = EC_POINT_point2oct(group, 
-			    EC_KEY_get0_public_key(ecdh),
-			    POINT_CONVERSION_UNCOMPRESSED, 
-			    NULL, 0, NULL);
-
-			encodedPoint = (unsigned char *) 
-			    OPENSSL_malloc(encodedlen*sizeof(unsigned char)); 
-			bn_ctx = BN_CTX_new();
-			if ((encodedPoint == NULL) || (bn_ctx == NULL))
-				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-
-
-			encodedlen = EC_POINT_point2oct(group, 
-			    EC_KEY_get0_public_key(ecdh), 
-			    POINT_CONVERSION_UNCOMPRESSED, 
-			    encodedPoint, encodedlen, bn_ctx);
-
-			if (encodedlen == 0) 
-				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
-				goto err;
-				}
-
-			BN_CTX_free(bn_ctx);  bn_ctx=NULL;
-
-			/* XXX: For now, we only support named (not 
-			 * generic) curves in ECDH ephemeral key exchanges.
-			 * In this situation, we need four additional bytes
-			 * to encode the entire ServerECDHParams
-			 * structure. 
-			 */
-			n += 4 + encodedlen;
-
-			/* We'll generate the serverKeyExchange message
-			 * explicitly so we can set these to NULLs
-			 */
-			r[0]=NULL;
-			r[1]=NULL;
-			r[2]=NULL;
-			r[3]=NULL;
-			}
-#endif /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_SRP
-		else if (alg_k & SSL_kSRP)
-			{
-			if ((s->srp_ctx.N == NULL) ||
-				(s->srp_ctx.g == NULL) ||
-				(s->srp_ctx.s == NULL) ||
-				(s->srp_ctx.B == NULL))
-				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_SRP_PARAM);
-				goto err;
-				}
-			r[0]=s->srp_ctx.N;
-			r[1]=s->srp_ctx.g;
-			r[2]=s->srp_ctx.s;
-			r[3]=s->srp_ctx.B;
-			}
-#endif
-		else if (!(alg_k & SSL_kPSK))
-			{
-			al=SSL_AD_HANDSHAKE_FAILURE;
-			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-			goto f_err;
-			}
-		for (i=0; i < 4 && r[i] != NULL; i++)
-			{
-			nr[i]=BN_num_bytes(r[i]);
-#ifndef OPENSSL_NO_SRP
-			if ((i == 2) && (alg_k & SSL_kSRP))
-				n+=1+nr[i];
-			else
-#endif
-			n+=2+nr[i];
-			}
-
-		if (!(alg_a & (SSL_aNULL|SSL_aSRP))
-			/* Among PSK ciphersuites only RSA uses a certificate */
-			&& !((alg_a & SSL_aPSK) && !(alg_k & SSL_kRSA)))
-			{
-			if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md))
-				== NULL)
-				{
-				al=SSL_AD_DECODE_ERROR;
-				goto f_err;
-				}
-			kn=EVP_PKEY_size(pkey);
-			}
-		else
-			{
-			pkey=NULL;
-			kn=0;
-			}
-
-		if (!BUF_MEM_grow_clean(buf,n+4+kn))
-			{
-			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
-			goto err;
-			}
-		d=(unsigned char *)s->init_buf->data;
-		p= &(d[4]);
-
-		for (i=0; i < 4 && r[i] != NULL; i++)
-			{
-#ifndef OPENSSL_NO_SRP
-			if ((i == 2) && (alg_k & SSL_kSRP))
-				{
-				*p = nr[i];
-				p++;
-				}
-			else
-#endif
-			s2n(nr[i],p);
-			BN_bn2bin(r[i],p);
-			p+=nr[i];
-			}
-
-/* Note: ECDHE PSK ciphersuites use SSL_kEECDH and SSL_aPSK.
- * When one of them is used, the server key exchange record needs to have both
- * the psk_identity_hint and the ServerECDHParams. */
-#ifndef OPENSSL_NO_PSK
-		if (alg_a & SSL_aPSK)
-			{
-			/* copy PSK identity hint (if provided) */
-			s2n(psk_identity_hint_len, p);
-			if (psk_identity_hint_len > 0)
-				{
-				memcpy(p, psk_identity_hint, psk_identity_hint_len);
-				p+=psk_identity_hint_len;
-				}
-			}
-#endif /* OPENSSL_NO_PSK */
-
-#ifndef OPENSSL_NO_ECDH
-		if (alg_k & SSL_kEECDH)
-			{
-			/* XXX: For now, we only support named (not generic) curves.
-			 * In this situation, the serverKeyExchange message has:
-			 * [1 byte CurveType], [2 byte CurveName]
-			 * [1 byte length of encoded point], followed by
-			 * the actual encoded point itself
-			 */
-			*p = NAMED_CURVE_TYPE;
-			p += 1;
-			*p = 0;
-			p += 1;
-			*p = curve_id;
-			p += 1;
-			*p = encodedlen;
-			p += 1;
-			memcpy((unsigned char*)p, 
-			    (unsigned char *)encodedPoint, 
-			    encodedlen);
-			OPENSSL_free(encodedPoint);
-			encodedPoint = NULL;
-			p += encodedlen;
-			}
-#endif /* OPENSSL_NO_ECDH */
-
-		/* not anonymous */
-		if (pkey != NULL)
-			{
-			/* n is the length of the params, they start at &(d[4])
-			 * and p points to the space at the end. */
-#ifndef OPENSSL_NO_RSA
-			if (pkey->type == EVP_PKEY_RSA
-					&& TLS1_get_version(s) < TLS1_2_VERSION)
-				{
-				q=md_buf;
-				j=0;
-				for (num=2; num > 0; num--)
-					{
-					EVP_MD_CTX_set_flags(&md_ctx,
-						EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-					EVP_DigestInit_ex(&md_ctx,(num == 2)
-						?s->ctx->md5:s->ctx->sha1, NULL);
-					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-					EVP_DigestUpdate(&md_ctx,&(d[4]),n);
-					EVP_DigestFinal_ex(&md_ctx,q,
-						(unsigned int *)&i);
-					q+=i;
-					j+=i;
-					}
-				if (RSA_sign(NID_md5_sha1, md_buf, j,
-					&(p[2]), &u, pkey->pkey.rsa) <= 0)
-					{
-					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
-					goto err;
-					}
-				s2n(u,p);
-				n+=u+2;
-				}
-			else
-#endif /* OPENSSL_NO_RSA */
-			if (md)
-				{
-				/* For TLS1.2 and later send signature
-				 * algorithm */
-				if (TLS1_get_version(s) >= TLS1_2_VERSION)
-					{
-					if (!tls12_get_sigandhash(p, pkey, md))
-						{
-						/* Should never happen */
-						al=SSL_AD_INTERNAL_ERROR;
-						SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-						goto f_err;
-						}
-					p+=2;
-					}
-#ifdef SSL_DEBUG
-				fprintf(stderr, "Using hash %s\n",
-							EVP_MD_name(md));
-#endif
-				EVP_SignInit_ex(&md_ctx, md, NULL);
-				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-				EVP_SignUpdate(&md_ctx,&(d[4]),n);
-				if (!EVP_SignFinal(&md_ctx,&(p[2]),
-					(unsigned int *)&i,pkey))
-					{
-					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_EVP);
-					goto err;
-					}
-				s2n(i,p);
-				n+=i+2;
-				if (TLS1_get_version(s) >= TLS1_2_VERSION)
-					n+= 2;
-				}
-			else
-				{
-				/* Is this error check actually needed? */
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
-				goto f_err;
-				}
-			}
-
-		*(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
-		l2n3(n,d);
-
-		/* we should now have things packed up, so lets send
-		 * it off */
-		s->init_num=n+4;
-		s->init_off=0;
-		}
-
-	s->state = SSL3_ST_SW_KEY_EXCH_B;
-	EVP_MD_CTX_cleanup(&md_ctx);
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-#ifndef OPENSSL_NO_ECDH
-	if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
-	BN_CTX_free(bn_ctx);
-#endif
-	EVP_MD_CTX_cleanup(&md_ctx);
-	return(-1);
-	}
-
-int ssl3_send_certificate_request(SSL *s)
-	{
-	unsigned char *p,*d;
-	int i,j,nl,off,n;
-	STACK_OF(X509_NAME) *sk=NULL;
-	X509_NAME *name;
-	BUF_MEM *buf;
-
-	if (s->state == SSL3_ST_SW_CERT_REQ_A)
-		{
-		buf=s->init_buf;
-
-		d=p=(unsigned char *)&(buf->data[4]);
-
-		/* get the list of acceptable cert types */
-		p++;
-		n=ssl3_get_req_cert_type(s,p);
-		d[0]=n;
-		p+=n;
-		n++;
-
-		if (TLS1_get_version(s) >= TLS1_2_VERSION)
-			{
-			nl = tls12_get_req_sig_algs(s, p + 2);
-			s2n(nl, p);
-			p += nl + 2;
-			n += nl + 2;
-			}
-
-		off=n;
-		p+=2;
-		n+=2;
-
-		sk=SSL_get_client_CA_list(s);
-		nl=0;
-		if (sk != NULL)
-			{
-			for (i=0; i<sk_X509_NAME_num(sk); i++)
-				{
-				name=sk_X509_NAME_value(sk,i);
-				j=i2d_X509_NAME(name,NULL);
-				if (!BUF_MEM_grow_clean(buf,4+n+j+2))
-					{
-					SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
-					goto err;
-					}
-				p=(unsigned char *)&(buf->data[4+n]);
-				if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
-					{
-					s2n(j,p);
-					i2d_X509_NAME(name,&p);
-					n+=2+j;
-					nl+=2+j;
-					}
-				else
-					{
-					d=p;
-					i2d_X509_NAME(name,&p);
-					j-=2; s2n(j,d); j+=2;
-					n+=j;
-					nl+=j;
-					}
-				}
-			}
-		/* else no CA names */
-		p=(unsigned char *)&(buf->data[4+off]);
-		s2n(nl,p);
-
-		d=(unsigned char *)buf->data;
-		*(d++)=SSL3_MT_CERTIFICATE_REQUEST;
-		l2n3(n,d);
-
-		/* we should now have things packed up, so lets send
-		 * it off */
-
-		s->init_num=n+4;
-		s->init_off=0;
-#ifdef NETSCAPE_HANG_BUG
-		if (!BUF_MEM_grow_clean(buf, s->init_num + 4))
-			{
-			SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
-			goto err;
-			}
-		p=(unsigned char *)s->init_buf->data + s->init_num;
-
-		/* do the header */
-		*(p++)=SSL3_MT_SERVER_DONE;
-		*(p++)=0;
-		*(p++)=0;
-		*(p++)=0;
-		s->init_num += 4;
-#endif
-
-		s->state = SSL3_ST_SW_CERT_REQ_B;
-		}
-
-	/* SSL3_ST_SW_CERT_REQ_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-	return(-1);
-	}
-
-int ssl3_get_client_key_exchange(SSL *s)
-	{
-	int i,al,ok;
-	long n;
-	unsigned long alg_k;
-	unsigned long alg_a;
-	unsigned char *p;
-#ifndef OPENSSL_NO_RSA
-	RSA *rsa=NULL;
-	EVP_PKEY *pkey=NULL;
-#endif
-#ifndef OPENSSL_NO_DH
-	BIGNUM *pub=NULL;
-	DH *dh_srvr;
-#endif
-#ifndef OPENSSL_NO_KRB5
-	KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
-
-#ifndef OPENSSL_NO_ECDH
-	EC_KEY *srvr_ecdh = NULL;
-	EVP_PKEY *clnt_pub_pkey = NULL;
-	EC_POINT *clnt_ecpoint = NULL;
-	BN_CTX *bn_ctx = NULL;
-#ifndef OPENSSL_NO_PSK
-	unsigned int psk_len = 0;
-	unsigned char psk[PSK_MAX_PSK_LEN];
-#endif /* OPENSSL_NO_PSK */
-#endif
-
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_SR_KEY_EXCH_A,
-		SSL3_ST_SR_KEY_EXCH_B,
-		SSL3_MT_CLIENT_KEY_EXCHANGE,
-		2048, /* ??? */
-		&ok);
-
-	if (!ok) return((int)n);
-	p=(unsigned char *)s->init_msg;
-
-	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
-	alg_a=s->s3->tmp.new_cipher->algorithm_auth;
-
-#ifndef OPENSSL_NO_PSK
-	if (alg_a & SSL_aPSK)
-		{
-		unsigned char *t = NULL;
-		unsigned char pre_ms[PSK_MAX_PSK_LEN*2+4];
-		unsigned int pre_ms_len = 0;
-		int psk_err = 1;
-		char tmp_id[PSK_MAX_IDENTITY_LEN+1];
-
-		al=SSL_AD_HANDSHAKE_FAILURE;
-
-		n2s(p, i);
-		if (n != i+2 && !(alg_k & SSL_kEECDH))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				SSL_R_LENGTH_MISMATCH);
-			goto psk_err;
-			}
-		if (i > PSK_MAX_IDENTITY_LEN)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				SSL_R_DATA_LENGTH_TOO_LONG);
-			goto psk_err;
-			}
-		if (s->psk_server_callback == NULL)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-			       SSL_R_PSK_NO_SERVER_CB);
-			goto psk_err;
-			}
-
-		/* Create guaranteed NUL-terminated identity
-		 * string for the callback */
-		memcpy(tmp_id, p, i);
-		memset(tmp_id+i, 0, PSK_MAX_IDENTITY_LEN+1-i);
-		psk_len = s->psk_server_callback(s, tmp_id, psk, sizeof(psk));
-
-		if (psk_len > PSK_MAX_PSK_LEN)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				ERR_R_INTERNAL_ERROR);
-			goto psk_err;
-			}
-		else if (psk_len == 0)
-			{
-			/* PSK related to the given identity not found */
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-			       SSL_R_PSK_IDENTITY_NOT_FOUND);
-			al=SSL_AD_UNKNOWN_PSK_IDENTITY;
-			goto psk_err;
-			}
-		if (!(alg_k & SSL_kEECDH))
-			{
-			/* Create the shared secret now if we're not using ECDHE-PSK.*/
-			pre_ms_len=2+psk_len+2+psk_len;
-			t = pre_ms;
-			s2n(psk_len, t);
-			memset(t, 0, psk_len);
-			t+=psk_len;
-			s2n(psk_len, t);
-			memcpy(t, psk, psk_len);
-
-			s->session->master_key_length=
-				s->method->ssl3_enc->generate_master_secret(s,
-					s->session->master_key, pre_ms, pre_ms_len);
-			}
-		if (s->session->psk_identity != NULL)
-			OPENSSL_free(s->session->psk_identity);
-		s->session->psk_identity = BUF_strdup(tmp_id);
-		OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN+1);
-		if (s->session->psk_identity == NULL)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				ERR_R_MALLOC_FAILURE);
-			goto psk_err;
-			}
-
-		p += i;
-		n -= (i + 2);
-		psk_err = 0;
-	psk_err:
-		OPENSSL_cleanse(pre_ms, sizeof(pre_ms));
-		if (psk_err != 0)
-			goto f_err;
-		}
-#endif /* OPENSSL_NO_PSK */
-	if (0) {}
-#ifndef OPENSSL_NO_RSA
-	if (alg_k & SSL_kRSA)
-		{
-		unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
-		int decrypt_len;
-		unsigned char decrypt_good, version_good;
-		size_t j;
-
-		/* FIX THIS UP EAY EAY EAY EAY */
-		if (s->s3->tmp.use_rsa_tmp)
-			{
-			if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
-				rsa=s->cert->rsa_tmp;
-			/* Don't do a callback because rsa_tmp should
-			 * be sent already */
-			if (rsa == NULL)
-				{
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
-				goto f_err;
-
-				}
-			}
-		else
-			{
-			pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
-			if (	(pkey == NULL) ||
-				(pkey->type != EVP_PKEY_RSA) ||
-				(pkey->pkey.rsa == NULL))
-				{
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
-				goto f_err;
-				}
-			rsa=pkey->pkey.rsa;
-			}
-
-		/* TLS and [incidentally] DTLS{0xFEFF} */
-		if (s->version > SSL3_VERSION && s->version != DTLS1_BAD_VER)
-			{
-			n2s(p,i);
-			if (n != i+2)
-				{
-				if (!(s->options & SSL_OP_TLS_D5_BUG))
-					{
-					al = SSL_AD_DECODE_ERROR;
-					SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
-					goto f_err;
-					}
-				else
-					p-=2;
-				}
-			else
-				n=i;
-			}
-
-		/*
-		 * Reject overly short RSA ciphertext because we want to be sure
-		 * that the buffer size makes it safe to iterate over the entire
-		 * size of a premaster secret (SSL_MAX_MASTER_KEY_LENGTH). The
-		 * actual expected size is larger due to RSA padding, but the
-		 * bound is sufficient to be safe.
-		 */
-		if (n < SSL_MAX_MASTER_KEY_LENGTH)
-			{
-			al = SSL_AD_DECRYPT_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
-			goto f_err;
-			}
-
-		/* We must not leak whether a decryption failure occurs because
-		 * of Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see
-		 * RFC 2246, section 7.4.7.1). The code follows that advice of
-		 * the TLS RFC and generates a random premaster secret for the
-		 * case that the decrypt fails. See
-		 * https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */
-
-		/* should be RAND_bytes, but we cannot work around a failure. */
-		if (RAND_pseudo_bytes(rand_premaster_secret,
-				      sizeof(rand_premaster_secret)) <= 0)
-			goto err;
-		decrypt_len = RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
-		ERR_clear_error();
-
-		/* decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH.
-		 * decrypt_good will be 0xff if so and zero otherwise. */
-		decrypt_good = constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH);
-
-		/* If the version in the decrypted pre-master secret is correct
-		 * then version_good will be 0xff, otherwise it'll be zero.
-		 * The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
-		 * (http://eprint.iacr.org/2003/052/) exploits the version
-		 * number check as a "bad version oracle". Thus version checks
-		 * are done in constant time and are treated like any other
-		 * decryption error. */
-		version_good = constant_time_eq_8(p[0], (unsigned)(s->client_version>>8));
-		version_good &= constant_time_eq_8(p[1], (unsigned)(s->client_version&0xff));
-
-		/* The premaster secret must contain the same version number as
-		 * the ClientHello to detect version rollback attacks
-		 * (strangely, the protocol does not offer such protection for
-		 * DH ciphersuites). However, buggy clients exist that send the
-		 * negotiated protocol version instead if the server does not
-		 * support the requested protocol version. If
-		 * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
-		if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
-			{
-			unsigned char workaround_good;
-			workaround_good = constant_time_eq_8(p[0], (unsigned)(s->version>>8));
-			workaround_good &= constant_time_eq_8(p[1], (unsigned)(s->version&0xff));
-			version_good |= workaround_good;
-			}
-
-		/* Both decryption and version must be good for decrypt_good
-		 * to remain non-zero (0xff). */
-		decrypt_good &= version_good;
-
-		/*
-		 * Now copy rand_premaster_secret over from p using
-		 * decrypt_good_mask. If decryption failed, then p does not
-		 * contain valid plaintext, however, a check above guarantees
-		 * it is still sufficiently large to read from.
-		 */
-		for (j = 0; j < sizeof(rand_premaster_secret); j++)
-			{
-			p[j] = constant_time_select_8(decrypt_good, p[j],
-						      rand_premaster_secret[j]);
-			}
-
-		s->session->master_key_length=
-			s->method->ssl3_enc->generate_master_secret(s,
-				s->session->master_key,
-				p,sizeof(rand_premaster_secret));
-		OPENSSL_cleanse(p,sizeof(rand_premaster_secret));
-		}
-#endif
-#ifndef OPENSSL_NO_DH
-	else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-		{
-		n2s(p,i);
-		if (n != i+2)
-			{
-			if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
-				{
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-				goto err;
-				}
-			else
-				{
-				p-=2;
-				i=(int)n;
-				}
-			}
-
-		if (n == 0L) /* the parameters are in the cert */
-			{
-			al=SSL_AD_HANDSHAKE_FAILURE;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
-			goto f_err;
-			}
-		else
-			{
-			if (s->s3->tmp.dh == NULL)
-				{
-				al=SSL_AD_HANDSHAKE_FAILURE;
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
-				goto f_err;
-				}
-			else
-				dh_srvr=s->s3->tmp.dh;
-			}
-
-		pub=BN_bin2bn(p,i,NULL);
-		if (pub == NULL)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
-			goto err;
-			}
-
-		i=DH_compute_key(p,pub,dh_srvr);
-
-		if (i <= 0)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
-			BN_clear_free(pub);
-			goto err;
-			}
-
-		DH_free(s->s3->tmp.dh);
-		s->s3->tmp.dh=NULL;
-
-		BN_clear_free(pub);
-		pub=NULL;
-		s->session->master_key_length=
-			s->method->ssl3_enc->generate_master_secret(s,
-				s->session->master_key,p,i);
-		OPENSSL_cleanse(p,i);
-		}
-#endif
-#ifndef OPENSSL_NO_KRB5
-	else if (alg_k & SSL_kKRB5)
-		{
-		krb5_error_code		krb5rc;
-		krb5_data		enc_ticket;
-		krb5_data		authenticator;
-		krb5_data		enc_pms;
-		KSSL_CTX		*kssl_ctx = s->kssl_ctx;
-		EVP_CIPHER_CTX		ciph_ctx;
-		const EVP_CIPHER	*enc = NULL;
-		unsigned char		iv[EVP_MAX_IV_LENGTH];
-		unsigned char		pms[SSL_MAX_MASTER_KEY_LENGTH
-					       + EVP_MAX_BLOCK_LENGTH];
-		int		     padl, outl;
-		krb5_timestamp		authtime = 0;
-		krb5_ticket_times	ttimes;
-
-		EVP_CIPHER_CTX_init(&ciph_ctx);
-
-		if (!kssl_ctx)  kssl_ctx = kssl_ctx_new();
-
-		n2s(p,i);
-		enc_ticket.length = i;
-
-		if (n < (long)(enc_ticket.length + 6))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				SSL_R_DATA_LENGTH_TOO_LONG);
-			goto err;
-			}
-
-		enc_ticket.data = (char *)p;
-		p+=enc_ticket.length;
-
-		n2s(p,i);
-		authenticator.length = i;
-
-		if (n < (long)(enc_ticket.length + authenticator.length + 6))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				SSL_R_DATA_LENGTH_TOO_LONG);
-			goto err;
-			}
-
-		authenticator.data = (char *)p;
-		p+=authenticator.length;
-
-		n2s(p,i);
-		enc_pms.length = i;
-		enc_pms.data = (char *)p;
-		p+=enc_pms.length;
-
-		/* Note that the length is checked again below,
-		** after decryption
-		*/
-		if(enc_pms.length > sizeof pms)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-			       SSL_R_DATA_LENGTH_TOO_LONG);
-			goto err;
-			}
-
-		if (n != (long)(enc_ticket.length + authenticator.length +
-						enc_pms.length + 6))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				SSL_R_DATA_LENGTH_TOO_LONG);
-			goto err;
-			}
-
-		if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
-					&kssl_err)) != 0)
-			{
-#ifdef KSSL_DEBUG
-			fprintf(stderr,"kssl_sget_tkt rtn %d [%d]\n",
-				krb5rc, kssl_err.reason);
-			if (kssl_err.text)
-				fprintf(stderr,"kssl_err text= %s\n", kssl_err.text);
-#endif	/* KSSL_DEBUG */
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				kssl_err.reason);
-			goto err;
-			}
-
-		/*  Note: no authenticator is not considered an error,
-		**  but will return authtime == 0.
-		*/
-		if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
-					&authtime, &kssl_err)) != 0)
-			{
-#ifdef KSSL_DEBUG
-			fprintf(stderr,"kssl_check_authent rtn %d [%d]\n",
-				krb5rc, kssl_err.reason);
-			if (kssl_err.text)
-				fprintf(stderr,"kssl_err text= %s\n", kssl_err.text);
-#endif	/* KSSL_DEBUG */
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				kssl_err.reason);
-			goto err;
-			}
-
-		if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
-			goto err;
-			}
-
-#ifdef KSSL_DEBUG
-		kssl_ctx_show(kssl_ctx);
-#endif	/* KSSL_DEBUG */
-
-		enc = kssl_map_enc(kssl_ctx->enctype);
-		if (enc == NULL)
-		    goto err;
-
-		memset(iv, 0, sizeof iv);	/* per RFC 1510 */
-
-		if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				SSL_R_DECRYPTION_FAILED);
-			goto err;
-			}
-		if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
-					(unsigned char *)enc_pms.data, enc_pms.length))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				SSL_R_DECRYPTION_FAILED);
-			goto err;
-			}
-		if (outl > SSL_MAX_MASTER_KEY_LENGTH)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				SSL_R_DATA_LENGTH_TOO_LONG);
-			goto err;
-			}
-		if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				SSL_R_DECRYPTION_FAILED);
-			goto err;
-			}
-		outl += padl;
-		if (outl > SSL_MAX_MASTER_KEY_LENGTH)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				SSL_R_DATA_LENGTH_TOO_LONG);
-			goto err;
-			}
-		if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))
-		    {
-		    /* The premaster secret must contain the same version number as the
-		     * ClientHello to detect version rollback attacks (strangely, the
-		     * protocol does not offer such protection for DH ciphersuites).
-		     * However, buggy clients exist that send random bytes instead of
-		     * the protocol version.
-		     * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. 
-		     * (Perhaps we should have a separate BUG value for the Kerberos cipher)
-		     */
-		    if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-			       SSL_AD_DECODE_ERROR);
-			goto err;
-			}
-		    }
-
-		EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-		s->session->master_key_length=
-			s->method->ssl3_enc->generate_master_secret(s,
-				s->session->master_key, pms, outl);
-
-		if (kssl_ctx->client_princ)
-			{
-			size_t len = strlen(kssl_ctx->client_princ);
-			if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) 
-				{
-				s->session->krb5_client_princ_len = len;
-				memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
-				}
-			}
-
-
-		/*  Was doing kssl_ctx_free() here,
-		**  but it caused problems for apache.
-		**  kssl_ctx = kssl_ctx_free(kssl_ctx);
-		**  if (s->kssl_ctx)  s->kssl_ctx = NULL;
-		*/
-		}
-#endif	/* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_ECDH
-	else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
-		{
-		int ret = 1;
-		int field_size = 0;
-		const EC_KEY   *tkey;
-		const EC_GROUP *group;
-		const BIGNUM *priv_key;
-#ifndef OPENSSL_NO_PSK
-		unsigned char *pre_ms;
-		unsigned int pre_ms_len;
-		unsigned char *t;
-#endif /* OPENSSL_NO_PSK */
-
-		/* initialize structures for server's ECDH key pair */
-		if ((srvr_ecdh = EC_KEY_new()) == NULL) 
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-			    ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		/* Let's get server private key and group information */
-		if (alg_k & (SSL_kECDHr|SSL_kECDHe))
-			{ 
-			/* use the certificate */
-			tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
-			}
-		else
-			{
-			/* use the ephermeral values we saved when
-			 * generating the ServerKeyExchange msg.
-			 */
-			tkey = s->s3->tmp.ecdh;
-			}
-
-		group    = EC_KEY_get0_group(tkey);
-		priv_key = EC_KEY_get0_private_key(tkey);
-
-		if (!EC_KEY_set_group(srvr_ecdh, group) ||
-		    !EC_KEY_set_private_key(srvr_ecdh, priv_key))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-			       ERR_R_EC_LIB);
-			goto err;
-			}
-
-		/* Let's get client's public key */
-		if ((clnt_ecpoint = EC_POINT_new(group)) == NULL)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-			    ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		if (n == 0L) 
-			{
-			/* Client Publickey was in Client Certificate */
-
-			 if (alg_k & SSL_kEECDH)
-				 {
-				 al=SSL_AD_HANDSHAKE_FAILURE;
-				 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
-				 goto f_err;
-				 }
-			if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
-			    == NULL) || 
-			    (clnt_pub_pkey->type != EVP_PKEY_EC))
-				{
-				/* XXX: For now, we do not support client
-				 * authentication using ECDH certificates
-				 * so this branch (n == 0L) of the code is
-				 * never executed. When that support is
-				 * added, we ought to ensure the key 
-				 * received in the certificate is 
-				 * authorized for key agreement.
-				 * ECDH_compute_key implicitly checks that
-				 * the two ECDH shares are for the same
-				 * group.
-				 */
-			   	al=SSL_AD_HANDSHAKE_FAILURE;
-			   	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				    SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
-			   	goto f_err;
-			   	}
-
-			if (EC_POINT_copy(clnt_ecpoint,
-			    EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
-				{
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-					ERR_R_EC_LIB);
-				goto err;
-				}
-			ret = 2; /* Skip certificate verify processing */
-			}
-		else
-			{
-			/* Get client's public key from encoded point
-			 * in the ClientKeyExchange message.
-			 */
-			if ((bn_ctx = BN_CTX_new()) == NULL)
-				{
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				    ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-
-			/* Get encoded point length */
-			i = *p;
-			p += 1;
-			if (n != 1 + i)
-				{
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				    ERR_R_EC_LIB);
-				goto err;
-				}
-			if (EC_POINT_oct2point(group, 
-			    clnt_ecpoint, p, i, bn_ctx) == 0)
-				{
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				    ERR_R_EC_LIB);
-				goto err;
-				}
-			/* p is pointing to somewhere in the buffer
-			 * currently, so set it to the start 
-			 */ 
-			p=(unsigned char *)s->init_buf->data;
-			}
-
-		/* Compute the shared pre-master secret */
-		field_size = EC_GROUP_get_degree(group);
-		if (field_size <= 0)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, 
-			       ERR_R_ECDH_LIB);
-			goto err;
-			}
-		i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
-		if (i <= 0)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-			    ERR_R_ECDH_LIB);
-			goto err;
-			}
-
-		EVP_PKEY_free(clnt_pub_pkey);
-		EC_POINT_free(clnt_ecpoint);
-		EC_KEY_free(srvr_ecdh);
-		BN_CTX_free(bn_ctx);
-		EC_KEY_free(s->s3->tmp.ecdh);
-		s->s3->tmp.ecdh = NULL;
-
-#ifndef OPENSSL_NO_PSK
-		/* ECDHE PSK ciphersuites from RFC 5489 */
-	    if ((alg_a & SSL_aPSK) && psk_len != 0)
-			{
-			pre_ms_len = 2+i+2+psk_len;
-			pre_ms = OPENSSL_malloc(pre_ms_len);
-			if (pre_ms == NULL)
-				{
-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-					ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			memset(pre_ms, 0, pre_ms_len);
-			t = pre_ms;
-			s2n(i, t);
-			memcpy(t, p, i);
-			t += i;
-			s2n(psk_len, t);
-			memcpy(t, psk, psk_len);
-			s->session->master_key_length = s->method->ssl3_enc \
-				-> generate_master_secret(s,
-					s->session->master_key, pre_ms, pre_ms_len);
-			OPENSSL_cleanse(pre_ms, pre_ms_len);
-			OPENSSL_free(pre_ms);
-			}
-#endif /* OPENSSL_NO_PSK */
-		if (!(alg_a & SSL_aPSK))
-			{
-			/* Compute the master secret */
-			s->session->master_key_length = s->method->ssl3_enc \
-				-> generate_master_secret(s,
-					s->session->master_key, p, i);
-			}
-
-		OPENSSL_cleanse(p, i);
-		}
-#endif
-#ifndef OPENSSL_NO_SRP
-	else if (alg_k & SSL_kSRP)
-		{
-		int param_len;
-
-		n2s(p,i);
-		param_len=i+2;
-		if (param_len > n)
-			{
-			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_A_LENGTH);
-			goto f_err;
-			}
-		if (!(s->srp_ctx.A=BN_bin2bn(p,i,NULL)))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_BN_LIB);
-			goto err;
-			}
-		if (s->session->srp_username != NULL)
-			OPENSSL_free(s->session->srp_username);
-		s->session->srp_username = BUF_strdup(s->srp_ctx.login);
-		if (s->session->srp_username == NULL)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		if ((s->session->master_key_length = SRP_generate_server_master_secret(s,s->session->master_key))<0)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-
-		p+=i;
-		}
-#endif	/* OPENSSL_NO_SRP */
-	else if (alg_k & SSL_kGOST) 
-		{
-		int ret = 0;
-		EVP_PKEY_CTX *pkey_ctx;
-		EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
-		unsigned char premaster_secret[32], *start;
-		size_t outlen=32, inlen;
-		unsigned long alg_a;
-		int Ttag, Tclass;
-		long Tlen;
-
-		/* Get our certificate private key*/
-		alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-		if (alg_a & SSL_aGOST94)
-			pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
-		else if (alg_a & SSL_aGOST01)
-			pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
-
-		pkey_ctx = EVP_PKEY_CTX_new(pk,NULL);
-		EVP_PKEY_decrypt_init(pkey_ctx);
-		/* If client certificate is present and is of the same type, maybe
-		 * use it for key exchange.  Don't mind errors from
-		 * EVP_PKEY_derive_set_peer, because it is completely valid to use
-		 * a client certificate for authorization only. */
-		client_pub_pkey = X509_get_pubkey(s->session->peer);
-		if (client_pub_pkey)
-			{
-			if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
-				ERR_clear_error();
-			}
-		/* Decrypt session key */
-		if (ASN1_get_object((const unsigned char **)&p, &Tlen, &Ttag, &Tclass, n) != V_ASN1_CONSTRUCTED ||
-			Ttag != V_ASN1_SEQUENCE ||
-			Tclass != V_ASN1_UNIVERSAL)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
-			goto gerr;
-			}
-		start = p;
-		inlen = Tlen;
-		if (EVP_PKEY_decrypt(pkey_ctx,premaster_secret,&outlen,start,inlen) <=0) 
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DECRYPTION_FAILED);
-			goto gerr;
-			}
-		/* Generate master secret */
-		s->session->master_key_length=
-			s->method->ssl3_enc->generate_master_secret(s,
-				s->session->master_key,premaster_secret,32);
-		/* Check if pubkey from client certificate was used */
-		if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0)
-			ret = 2;
-		else
-			ret = 1;
-	gerr:
-		EVP_PKEY_free(client_pub_pkey);
-		EVP_PKEY_CTX_free(pkey_ctx);
-		if (ret)
-			return ret;
-		else
-			goto err;
-		}
-	else if (!(alg_k & SSL_kPSK))
-		{
-		al=SSL_AD_HANDSHAKE_FAILURE;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-				SSL_R_UNKNOWN_CIPHER_TYPE);
-		goto f_err;
-		}
-
-	return(1);
-f_err:
-	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
-err:
-#endif
-#ifndef OPENSSL_NO_ECDH
-	EVP_PKEY_free(clnt_pub_pkey);
-	EC_POINT_free(clnt_ecpoint);
-	if (srvr_ecdh != NULL) 
-		EC_KEY_free(srvr_ecdh);
-	BN_CTX_free(bn_ctx);
-#endif
-	return(-1);
-	}
-
-int ssl3_get_cert_verify(SSL *s)
-	{
-	EVP_PKEY *pkey=NULL;
-	unsigned char *p;
-	int al,ok,ret=0;
-	long n;
-	int type=0,i,j;
-	X509 *peer;
-	const EVP_MD *md = NULL;
-	EVP_MD_CTX mctx;
-	EVP_MD_CTX_init(&mctx);
-
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_SR_CERT_VRFY_A,
-		SSL3_ST_SR_CERT_VRFY_B,
-		-1,
-		SSL3_RT_MAX_PLAIN_LENGTH,
-		&ok);
-
-	if (!ok) return((int)n);
-
-	if (s->session->peer != NULL)
-		{
-		peer=s->session->peer;
-		pkey=X509_get_pubkey(peer);
-		type=X509_certificate_type(peer,pkey);
-		}
-	else
-		{
-		peer=NULL;
-		pkey=NULL;
-		}
-
-	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
-		{
-		s->s3->tmp.reuse_message=1;
-		if (peer != NULL)
-			{
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
-			goto f_err;
-			}
-		ret=1;
-		goto end;
-		}
-
-	if (peer == NULL)
-		{
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		goto f_err;
-		}
-
-	if (!(type & EVP_PKT_SIGN))
-		{
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
-		al=SSL_AD_ILLEGAL_PARAMETER;
-		goto f_err;
-		}
-
-	if (s->s3->change_cipher_spec)
-		{
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		goto f_err;
-		}
-
-	/* we now have a signature that we need to verify */
-	p=(unsigned char *)s->init_msg;
-	/* Check for broken implementations of GOST ciphersuites */
-	/* If key is GOST and n is exactly 64, it is bare
-	 * signature without length field */
-	if (n==64 && (pkey->type==NID_id_GostR3410_94 ||
-		pkey->type == NID_id_GostR3410_2001) )
-		{
-		i=64;
-		} 
-	else 
-		{	
-		if (TLS1_get_version(s) >= TLS1_2_VERSION)
-			{
-			int sigalg = tls12_get_sigid(pkey);
-			/* Should never happen */
-			if (sigalg == -1)
-				{
-				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
-				al=SSL_AD_INTERNAL_ERROR;
-				goto f_err;
-				}
-			/* Check key type is consistent with signature */
-			if (sigalg != (int)p[1])
-				{
-				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_TYPE);
-				al=SSL_AD_DECODE_ERROR;
-				goto f_err;
-				}
-			md = tls12_get_hash(p[0]);
-			if (md == NULL)
-				{
-				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_UNKNOWN_DIGEST);
-				al=SSL_AD_DECODE_ERROR;
-				goto f_err;
-				}
-#ifdef SSL_DEBUG
-fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
-#endif
-			p += 2;
-			n -= 2;
-			}
-		n2s(p,i);
-		n-=2;
-		if (i > n)
-			{
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
-			al=SSL_AD_DECODE_ERROR;
-			goto f_err;
-			}
-    	}
-	j=EVP_PKEY_size(pkey);
-	if ((i > j) || (n > j) || (n <= 0))
-		{
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
-		al=SSL_AD_DECODE_ERROR;
-		goto f_err;
-		}
-
-	if (TLS1_get_version(s) >= TLS1_2_VERSION)
-		{
-		long hdatalen = 0;
-		void *hdata;
-		hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
-		if (hdatalen <= 0)
-			{
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
-			al=SSL_AD_INTERNAL_ERROR;
-			goto f_err;
-			}
-#ifdef SSL_DEBUG
-		fprintf(stderr, "Using TLS 1.2 with client verify alg %s\n",
-							EVP_MD_name(md));
-#endif
-		if (!EVP_VerifyInit_ex(&mctx, md, NULL)
-			|| !EVP_VerifyUpdate(&mctx, hdata, hdatalen))
-			{
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB);
-			al=SSL_AD_INTERNAL_ERROR;
-			goto f_err;
-			}
-
-		if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0)
-			{
-			al=SSL_AD_DECRYPT_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_SIGNATURE);
-			goto f_err;
-			}
-		}
-	else
-#ifndef OPENSSL_NO_RSA 
-	if (pkey->type == EVP_PKEY_RSA)
-		{
-		i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
-			MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, 
-							pkey->pkey.rsa);
-		if (i < 0)
-			{
-			al=SSL_AD_DECRYPT_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
-			goto f_err;
-			}
-		if (i == 0)
-			{
-			al=SSL_AD_DECRYPT_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
-			goto f_err;
-			}
-		}
-	else
-#endif
-#ifndef OPENSSL_NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-		{
-		j=DSA_verify(pkey->save_type,
-			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
-			SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
-		if (j <= 0)
-			{
-			/* bad signature */
-			al=SSL_AD_DECRYPT_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
-			goto f_err;
-			}
-		}
-	else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_EC)
-		{
-		j=ECDSA_verify(pkey->save_type,
-			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
-			SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec);
-		if (j <= 0)
-			{
-			/* bad signature */
-			al=SSL_AD_DECRYPT_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
-			    SSL_R_BAD_ECDSA_SIGNATURE);
-			goto f_err;
-			}
-		}
-	else
-#endif
-	if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001)
-		{   unsigned char signature[64];
-			int idx;
-			EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey,NULL);
-			EVP_PKEY_verify_init(pctx);
-			if (i!=64) {
-				fprintf(stderr,"GOST signature length is %d",i);
-			}	
-			for (idx=0;idx<64;idx++) {
-				signature[63-idx]=p[idx];
-			}	
-			j=EVP_PKEY_verify(pctx,signature,64,s->s3->tmp.cert_verify_md,32);
-			EVP_PKEY_CTX_free(pctx);
-			if (j<=0) 
-				{
-				al=SSL_AD_DECRYPT_ERROR;
-				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
-					SSL_R_BAD_ECDSA_SIGNATURE);
-				goto f_err;
-				}	
-		}
-	else	
-		{
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
-		al=SSL_AD_UNSUPPORTED_CERTIFICATE;
-		goto f_err;
-		}
-
-
-	ret=1;
-	if (0)
-		{
-f_err:
-		ssl3_send_alert(s,SSL3_AL_FATAL,al);
-		}
-end:
-	if (s->s3->handshake_buffer)
-		{
-		BIO_free(s->s3->handshake_buffer);
-		s->s3->handshake_buffer = NULL;
-		s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
-		}
-	EVP_MD_CTX_cleanup(&mctx);
-	EVP_PKEY_free(pkey);
-	return(ret);
-	}
-
-int ssl3_get_client_certificate(SSL *s)
-	{
-	int i,ok,al,ret= -1;
-	X509 *x=NULL;
-	unsigned long l,nc,llen,n;
-	const unsigned char *p,*q;
-	unsigned char *d;
-	STACK_OF(X509) *sk=NULL;
-
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_SR_CERT_A,
-		SSL3_ST_SR_CERT_B,
-		-1,
-		s->max_cert_list,
-		&ok);
-
-	if (!ok) return((int)n);
-
-	if	(s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
-		{
-		if (	(s->verify_mode & SSL_VERIFY_PEER) &&
-			(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-			al=SSL_AD_HANDSHAKE_FAILURE;
-			goto f_err;
-			}
-		/* If tls asked for a client cert, the client must return a 0 list */
-		if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			goto f_err;
-			}
-		s->s3->tmp.reuse_message=1;
-		return(1);
-		}
-
-	if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
-		{
-		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
-		goto f_err;
-		}
-	p=d=(unsigned char *)s->init_msg;
-
-	if ((sk=sk_X509_new_null()) == NULL)
-		{
-		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	n2l3(p,llen);
-	if (llen+3 != n)
-		{
-		al=SSL_AD_DECODE_ERROR;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
-		goto f_err;
-		}
-	for (nc=0; nc<llen; )
-		{
-		n2l3(p,l);
-		if ((l+nc+3) > llen)
-			{
-			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
-			goto f_err;
-			}
-
-		q=p;
-		x=d2i_X509(NULL,&p,l);
-		if (x == NULL)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
-			goto err;
-			}
-		if (p != (q+l))
-			{
-			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
-			goto f_err;
-			}
-		if (!sk_X509_push(sk,x))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		x=NULL;
-		nc+=l+3;
-		}
-
-	if (sk_X509_num(sk) <= 0)
-		{
-		/* TLS does not mind 0 certs returned */
-		if (s->version == SSL3_VERSION)
-			{
-			al=SSL_AD_HANDSHAKE_FAILURE;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
-			goto f_err;
-			}
-		/* Fail for TLS only if we required a certificate */
-		else if ((s->verify_mode & SSL_VERIFY_PEER) &&
-			 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-			al=SSL_AD_HANDSHAKE_FAILURE;
-			goto f_err;
-			}
-		/* No client certificate so digest cached records */
-		if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s))
-			{
-			al=SSL_AD_INTERNAL_ERROR;
-			goto f_err;
-			}
-		}
-	else
-		{
-		i=ssl_verify_cert_chain(s,sk);
-		if (i <= 0)
-			{
-			al=ssl_verify_alarm_type(s->verify_result);
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
-			goto f_err;
-			}
-		}
-
-	if (s->session->peer != NULL) /* This should not be needed */
-		X509_free(s->session->peer);
-	s->session->peer=sk_X509_shift(sk);
-	s->session->verify_result = s->verify_result;
-
-	/* With the current implementation, sess_cert will always be NULL
-	 * when we arrive here. */
-	if (s->session->sess_cert == NULL)
-		{
-		s->session->sess_cert = ssl_sess_cert_new();
-		if (s->session->sess_cert == NULL)
-			{
-			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	if (s->session->sess_cert->cert_chain != NULL)
-		sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
-	s->session->sess_cert->cert_chain=sk;
-	/* Inconsistency alert: cert_chain does *not* include the
-	 * peer's own certificate, while we do include it in s3_clnt.c */
-
-	sk=NULL;
-
-	ret=1;
-	if (0)
-		{
-f_err:
-		ssl3_send_alert(s,SSL3_AL_FATAL,al);
-		}
-err:
-	if (x != NULL) X509_free(x);
-	if (sk != NULL) sk_X509_pop_free(sk,X509_free);
-	return(ret);
-	}
-
-int ssl3_send_server_certificate(SSL *s)
-	{
-	unsigned long l;
-	X509 *x;
-
-	if (s->state == SSL3_ST_SW_CERT_A)
-		{
-		x=ssl_get_server_send_cert(s);
-		if (x == NULL)
-			{
-			/* VRS: allow null cert if auth == KRB5 */
-			if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) ||
-			    (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5))
-				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
-				return(0);
-				}
-			}
-
-		l=ssl3_output_cert_chain(s,x);
-		if (!l)
-			{
-			SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
-			return(0);
-			}
-		s->state=SSL3_ST_SW_CERT_B;
-		s->init_num=(int)l;
-		s->init_off=0;
-		}
-
-	/* SSL3_ST_SW_CERT_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-#ifndef OPENSSL_NO_TLSEXT
-/* send a new session ticket (not necessarily for a new session) */
-int ssl3_send_newsession_ticket(SSL *s)
-	{
-	if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
-		{
-		unsigned char *p, *senc, *macstart;
-		const unsigned char *const_p;
-		int len, slen_full, slen;
-		SSL_SESSION *sess;
-		unsigned int hlen;
-		EVP_CIPHER_CTX ctx;
-		HMAC_CTX hctx;
-		SSL_CTX *tctx = s->initial_ctx;
-		unsigned char iv[EVP_MAX_IV_LENGTH];
-		unsigned char key_name[16];
-
-		/* get session encoding length */
-		slen_full = i2d_SSL_SESSION(s->session, NULL);
-		/* Some length values are 16 bits, so forget it if session is
- 		 * too long
- 		 */
-		if (slen_full > 0xFF00)
-			return -1;
-		senc = OPENSSL_malloc(slen_full);
-		if (!senc)
-			return -1;
-		p = senc;
-		i2d_SSL_SESSION(s->session, &p);
-
-		/* create a fresh copy (not shared with other threads) to clean up */
-		const_p = senc;
-		sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
-		if (sess == NULL)
-			{
-			OPENSSL_free(senc);
-			return -1;
-			}
-		sess->session_id_length = 0; /* ID is irrelevant for the ticket */
-
-		slen = i2d_SSL_SESSION(sess, NULL);
-		if (slen > slen_full) /* shouldn't ever happen */
-			{
-			OPENSSL_free(senc);
-			return -1;
-			}
-		p = senc;
-		i2d_SSL_SESSION(sess, &p);
-		SSL_SESSION_free(sess);
-
-		/* Grow buffer if need be: the length calculation is as
- 		 * follows 1 (size of message name) + 3 (message length
- 		 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
- 		 * 16 (key name) + max_iv_len (iv length) +
- 		 * session_length + max_enc_block_size (max encrypted session
- 		 * length) + max_md_size (HMAC).
- 		 */
-		if (!BUF_MEM_grow(s->init_buf,
-			26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
-			EVP_MAX_MD_SIZE + slen))
-			return -1;
-
-		p=(unsigned char *)s->init_buf->data;
-		/* do the header */
-		*(p++)=SSL3_MT_NEWSESSION_TICKET;
-		/* Skip message length for now */
-		p += 3;
-		EVP_CIPHER_CTX_init(&ctx);
-		HMAC_CTX_init(&hctx);
-		/* Initialize HMAC and cipher contexts. If callback present
-		 * it does all the work otherwise use generated values
-		 * from parent ctx.
-		 */
-		if (tctx->tlsext_ticket_key_cb)
-			{
-			if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
-							 &hctx, 1) < 0)
-				{
-				OPENSSL_free(senc);
-				return -1;
-				}
-			}
-		else
-			{
-			RAND_pseudo_bytes(iv, 16);
-			EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-					tctx->tlsext_tick_aes_key, iv);
-			HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
-					tlsext_tick_md(), NULL);
-			memcpy(key_name, tctx->tlsext_tick_key_name, 16);
-			}
-
-		/* Ticket lifetime hint (advisory only):
-		 * We leave this unspecified for resumed session (for simplicity),
-		 * and guess that tickets for new sessions will live as long
-		 * as their sessions. */
-		l2n(s->hit ? 0 : s->session->timeout, p);
-
-		/* Skip ticket length for now */
-		p += 2;
-		/* Output key name */
-		macstart = p;
-		memcpy(p, key_name, 16);
-		p += 16;
-		/* output IV */
-		memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
-		p += EVP_CIPHER_CTX_iv_length(&ctx);
-		/* Encrypt session data */
-		EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
-		p += len;
-		EVP_EncryptFinal(&ctx, p, &len);
-		p += len;
-		EVP_CIPHER_CTX_cleanup(&ctx);
-
-		HMAC_Update(&hctx, macstart, p - macstart);
-		HMAC_Final(&hctx, p, &hlen);
-		HMAC_CTX_cleanup(&hctx);
-
-		p += hlen;
-		/* Now write out lengths: p points to end of data written */
-		/* Total length */
-		len = p - (unsigned char *)s->init_buf->data;
-		p=(unsigned char *)s->init_buf->data + 1;
-		l2n3(len - 4, p); /* Message length */
-		p += 4;
-		s2n(len - 10, p);  /* Ticket length */
-
-		/* number of bytes to write */
-		s->init_num= len;
-		s->state=SSL3_ST_SW_SESSION_TICKET_B;
-		s->init_off=0;
-		OPENSSL_free(senc);
-		}
-
-	/* SSL3_ST_SW_SESSION_TICKET_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-int ssl3_send_cert_status(SSL *s)
-	{
-	if (s->state == SSL3_ST_SW_CERT_STATUS_A)
-		{
-		unsigned char *p;
-		/* Grow buffer if need be: the length calculation is as
- 		 * follows 1 (message type) + 3 (message length) +
- 		 * 1 (ocsp response type) + 3 (ocsp response length)
- 		 * + (ocsp response)
- 		 */
-		if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
-			return -1;
-
-		p=(unsigned char *)s->init_buf->data;
-
-		/* do the header */
-		*(p++)=SSL3_MT_CERTIFICATE_STATUS;
-		/* message length */
-		l2n3(s->tlsext_ocsp_resplen + 4, p);
-		/* status type */
-		*(p++)= s->tlsext_status_type;
-		/* length of OCSP response */
-		l2n3(s->tlsext_ocsp_resplen, p);
-		/* actual response */
-		memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
-		/* number of bytes to write */
-		s->init_num = 8 + s->tlsext_ocsp_resplen;
-		s->state=SSL3_ST_SW_CERT_STATUS_B;
-		s->init_off = 0;
-		}
-
-	/* SSL3_ST_SW_CERT_STATUS_B */
-	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-	}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It
- * sets the next_proto member in s if found */
-int ssl3_get_next_proto(SSL *s)
-	{
-	int ok;
-	int proto_len, padding_len;
-	long n;
-	const unsigned char *p;
-
-	/* Clients cannot send a NextProtocol message if we didn't see the
-	 * extension in their ClientHello */
-	if (!s->s3->next_proto_neg_seen)
-		{
-		SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
-		return -1;
-		}
-
-	n=s->method->ssl_get_message(s,
-		SSL3_ST_SR_NEXT_PROTO_A,
-		SSL3_ST_SR_NEXT_PROTO_B,
-		SSL3_MT_NEXT_PROTO,
-		514,  /* See the payload format below */
-		&ok);
-
-	if (!ok)
-		return((int)n);
-
-	/* s->state doesn't reflect whether ChangeCipherSpec has been received
-	 * in this handshake, but s->s3->change_cipher_spec does (will be reset
-	 * by ssl3_get_finished). */
-	if (!s->s3->change_cipher_spec)
-		{
-		SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
-		return -1;
-		}
-
-	if (n < 2)
-		return 0;  /* The body must be > 1 bytes long */
-
-	p=(unsigned char *)s->init_msg;
-
-	/* The payload looks like:
-	 *   uint8 proto_len;
-	 *   uint8 proto[proto_len];
-	 *   uint8 padding_len;
-	 *   uint8 padding[padding_len];
-	 */
-	proto_len = p[0];
-	if (proto_len + 2 > s->init_num)
-		return 0;
-	padding_len = p[proto_len + 1];
-	if (proto_len + padding_len + 2 != s->init_num)
-		return 0;
-
-	s->next_proto_negotiated = OPENSSL_malloc(proto_len);
-	if (!s->next_proto_negotiated)
-		{
-		SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	memcpy(s->next_proto_negotiated, p + 1, proto_len);
-	s->next_proto_negotiated_len = proto_len;
-
-	return 1;
-	}
-# endif
-
-/* ssl3_get_channel_id reads and verifies a ClientID handshake message. */
-int ssl3_get_channel_id(SSL *s)
-	{
-	int ret = -1, ok;
-	long n;
-	const unsigned char *p;
-	unsigned short extension_type, extension_len;
-	EC_GROUP* p256 = NULL;
-	EC_KEY* key = NULL;
-	EC_POINT* point = NULL;
-	ECDSA_SIG sig;
-	BIGNUM x, y;
-	unsigned short expected_extension_type;
-
-	if (s->state == SSL3_ST_SR_CHANNEL_ID_A && s->init_num == 0)
-		{
-		/* The first time that we're called we take the current
-		 * handshake hash and store it. */
-		EVP_MD_CTX md_ctx;
-		unsigned int len;
-
-		EVP_MD_CTX_init(&md_ctx);
-		EVP_DigestInit_ex(&md_ctx, EVP_sha256(), NULL);
-		if (!tls1_channel_id_hash(&md_ctx, s))
-			return -1;
-		len = sizeof(s->s3->tlsext_channel_id);
-		EVP_DigestFinal(&md_ctx, s->s3->tlsext_channel_id, &len);
-		EVP_MD_CTX_cleanup(&md_ctx);
-		}
-
-	n = s->method->ssl_get_message(s,
-		SSL3_ST_SR_CHANNEL_ID_A,
-		SSL3_ST_SR_CHANNEL_ID_B,
-		SSL3_MT_ENCRYPTED_EXTENSIONS,
-		2 + 2 + TLSEXT_CHANNEL_ID_SIZE,
-		&ok);
-
-	if (!ok)
-		return((int)n);
-
-	ssl3_finish_mac(s, (unsigned char*)s->init_buf->data, s->init_num + 4);
-
-	/* s->state doesn't reflect whether ChangeCipherSpec has been received
-	 * in this handshake, but s->s3->change_cipher_spec does (will be reset
-	 * by ssl3_get_finished). */
-	if (!s->s3->change_cipher_spec)
-		{
-		SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS);
-		return -1;
-		}
-
-	if (n != 2 + 2 + TLSEXT_CHANNEL_ID_SIZE)
-		{
-		SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE);
-		return -1;
-		}
-
-	p = (unsigned char *)s->init_msg;
-
-	/* The payload looks like:
-	 *   uint16 extension_type
-	 *   uint16 extension_len;
-	 *   uint8 x[32];
-	 *   uint8 y[32];
-	 *   uint8 r[32];
-	 *   uint8 s[32];
-	 */
-	n2s(p, extension_type);
-	n2s(p, extension_len);
-
-	expected_extension_type = TLSEXT_TYPE_channel_id;
-	if (s->s3->tlsext_channel_id_new)
-		expected_extension_type = TLSEXT_TYPE_channel_id_new;
-
-	if (extension_type != expected_extension_type ||
-	    extension_len != TLSEXT_CHANNEL_ID_SIZE)
-		{
-		SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE);
-		return -1;
-		}
-
-	p256 = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
-	if (!p256)
-		{
-		SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_NO_P256_SUPPORT);
-		return -1;
-		}
-
-	BN_init(&x);
-	BN_init(&y);
-	sig.r = BN_new();
-	sig.s = BN_new();
-
-	if (BN_bin2bn(p +  0, 32, &x) == NULL ||
-	    BN_bin2bn(p + 32, 32, &y) == NULL ||
-	    BN_bin2bn(p + 64, 32, sig.r) == NULL ||
-	    BN_bin2bn(p + 96, 32, sig.s) == NULL)
-		goto err;
-
-	point = EC_POINT_new(p256);
-	if (!point ||
-	    !EC_POINT_set_affine_coordinates_GFp(p256, point, &x, &y, NULL))
-		goto err;
-
-	key = EC_KEY_new();
-	if (!key ||
-	    !EC_KEY_set_group(key, p256) ||
-	    !EC_KEY_set_public_key(key, point))
-		goto err;
-
-	/* We stored the handshake hash in |tlsext_channel_id| the first time
-	 * that we were called. */
-	switch (ECDSA_do_verify(s->s3->tlsext_channel_id, SHA256_DIGEST_LENGTH, &sig, key)) {
-	case 1:
-		break;
-	case 0:
-		SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
-		s->s3->tlsext_channel_id_valid = 0;
-		goto err;
-	default:
-		s->s3->tlsext_channel_id_valid = 0;
-		goto err;
-	}
-
-	memcpy(s->s3->tlsext_channel_id, p, 64);
-	ret = 1;
-
-err:
-	BN_free(&x);
-	BN_free(&y);
-	BN_free(sig.r);
-	BN_free(sig.s);
-	if (key)
-		EC_KEY_free(key);
-	if (point)
-		EC_POINT_free(point);
-	if (p256)
-		EC_GROUP_free(p256);
-	return ret;
-	}
-#endif
diff --git a/ssl/srtp.h b/ssl/srtp.h
deleted file mode 100644
index 096b624d0d..0000000000
--- a/ssl/srtp.h
+++ /dev/null
@@ -1,151 +0,0 @@
-/* ssl/srtp.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/*
-  DTLS code by Eric Rescorla <ekr@rtfm.com>
-
-  Copyright (C) 2006, Network Resonance, Inc.
-  Copyright (C) 2011, RTFM, Inc.
-*/
-
-#ifndef HEADER_D1_SRTP_H
-#define HEADER_D1_SRTP_H
-
-#include <openssl/ssl.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-     
-#define SRTP_AES128_CM_SHA1_80 0x0001
-#define SRTP_AES128_CM_SHA1_32 0x0002
-#define SRTP_AES128_F8_SHA1_80 0x0003
-#define SRTP_AES128_F8_SHA1_32 0x0004
-#define SRTP_NULL_SHA1_80      0x0005
-#define SRTP_NULL_SHA1_32      0x0006
-
-#ifndef OPENSSL_NO_SRTP
-
-int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
-int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
-SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
-
-STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
-SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
-
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/ssl/ssl.h b/ssl/ssl.h
deleted file mode 100644
index 90862dd676..0000000000
--- a/ssl/ssl.h
+++ /dev/null
@@ -1,2766 +0,0 @@
-/* ssl/ssl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifndef HEADER_SSL_H 
-#define HEADER_SSL_H 
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_DEPRECATED
-#ifndef OPENSSL_NO_X509
-#include <openssl/x509.h>
-#endif
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#endif
-#include <openssl/pem.h>
-#include <openssl/hmac.h>
-
-#include <openssl/kssl.h>
-#include <openssl/safestack.h>
-#include <openssl/symhacks.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
- * Version 1 - added the optional peer certificate
- */
-#define SSL_SESSION_ASN1_VERSION 0x0001
-
-/* text strings for the ciphers */
-#define SSL_TXT_NULL_WITH_MD5		SSL2_TXT_NULL_WITH_MD5			
-#define SSL_TXT_RC4_128_WITH_MD5	SSL2_TXT_RC4_128_WITH_MD5		
-#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5	
-#define SSL_TXT_RC2_128_CBC_WITH_MD5	SSL2_TXT_RC2_128_CBC_WITH_MD5		
-#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5	
-#define SSL_TXT_IDEA_128_CBC_WITH_MD5	SSL2_TXT_IDEA_128_CBC_WITH_MD5		
-#define SSL_TXT_DES_64_CBC_WITH_MD5	SSL2_TXT_DES_64_CBC_WITH_MD5		
-#define SSL_TXT_DES_64_CBC_WITH_SHA	SSL2_TXT_DES_64_CBC_WITH_SHA		
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5	
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	
-
-/*    VRS Additional Kerberos5 entries
- */
-#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-#define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
-#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
-#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5       
-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5       
-#define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
-#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 
-
-#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA 
-#define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA 
-#define SSL_TXT_KRB5_RC4_40_SHA	      SSL3_TXT_KRB5_RC4_40_SHA
-#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5 
-#define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5 
-#define SSL_TXT_KRB5_RC4_40_MD5	      SSL3_TXT_KRB5_RC4_40_MD5
-
-#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
-#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
-#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
-#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
-#define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
-
-#define SSL_MAX_SSL_SESSION_ID_LENGTH		32
-#define SSL_MAX_SID_CTX_LENGTH			32
-
-#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES	(512/8)
-#define SSL_MAX_KEY_ARG_LENGTH			8
-#define SSL_MAX_MASTER_KEY_LENGTH		48
-
-
-/* These are used to specify which ciphers to use and not to use */
-
-#define SSL_TXT_EXP40		"EXPORT40"
-#define SSL_TXT_EXP56		"EXPORT56"
-#define SSL_TXT_LOW		"LOW"
-#define SSL_TXT_MEDIUM		"MEDIUM"
-#define SSL_TXT_HIGH		"HIGH"
-#define SSL_TXT_FIPS		"FIPS"
-
-#define SSL_TXT_kFZA		"kFZA" /* unused! */
-#define	SSL_TXT_aFZA		"aFZA" /* unused! */
-#define SSL_TXT_eFZA		"eFZA" /* unused! */
-#define SSL_TXT_FZA		"FZA"  /* unused! */
-
-#define	SSL_TXT_aNULL		"aNULL"
-#define	SSL_TXT_eNULL		"eNULL"
-#define	SSL_TXT_NULL		"NULL"
-
-#define SSL_TXT_kRSA		"kRSA"
-#define SSL_TXT_kDHr		"kDHr" /* no such ciphersuites supported! */
-#define SSL_TXT_kDHd		"kDHd" /* no such ciphersuites supported! */
-#define SSL_TXT_kDH 		"kDH"  /* no such ciphersuites supported! */
-#define SSL_TXT_kEDH		"kEDH"
-#define SSL_TXT_kKRB5     	"kKRB5"
-#define SSL_TXT_kECDHr		"kECDHr"
-#define SSL_TXT_kECDHe		"kECDHe"
-#define SSL_TXT_kECDH		"kECDH"
-#define SSL_TXT_kEECDH		"kEECDH"
-#define SSL_TXT_kPSK            "kPSK"
-#define SSL_TXT_kGOST		"kGOST"
-#define SSL_TXT_kSRP		"kSRP"
-
-#define	SSL_TXT_aRSA		"aRSA"
-#define	SSL_TXT_aDSS		"aDSS"
-#define	SSL_TXT_aDH		"aDH" /* no such ciphersuites supported! */
-#define	SSL_TXT_aECDH		"aECDH"
-#define SSL_TXT_aKRB5     	"aKRB5"
-#define SSL_TXT_aECDSA		"aECDSA"
-#define SSL_TXT_aPSK            "aPSK"
-#define SSL_TXT_aGOST94	"aGOST94"
-#define SSL_TXT_aGOST01 "aGOST01"
-#define SSL_TXT_aGOST  "aGOST"
-#define SSL_TXT_aSRP            "aSRP"
-
-#define	SSL_TXT_DSS		"DSS"
-#define SSL_TXT_DH		"DH"
-#define SSL_TXT_EDH		"EDH" /* same as "kEDH:-ADH" */
-#define SSL_TXT_ADH		"ADH"
-#define SSL_TXT_RSA		"RSA"
-#define SSL_TXT_ECDH		"ECDH"
-#define SSL_TXT_EECDH		"EECDH" /* same as "kEECDH:-AECDH" */
-#define SSL_TXT_AECDH		"AECDH"
-#define SSL_TXT_ECDSA		"ECDSA"
-#define SSL_TXT_KRB5      	"KRB5"
-#define SSL_TXT_PSK             "PSK"
-#define SSL_TXT_SRP		"SRP"
-
-#define SSL_TXT_DES		"DES"
-#define SSL_TXT_3DES		"3DES"
-#define SSL_TXT_RC4		"RC4"
-#define SSL_TXT_RC2		"RC2"
-#define SSL_TXT_IDEA		"IDEA"
-#define SSL_TXT_SEED		"SEED"
-#define SSL_TXT_AES128		"AES128"
-#define SSL_TXT_AES256		"AES256"
-#define SSL_TXT_AES		"AES"
-#define SSL_TXT_AES_GCM		"AESGCM"
-#define SSL_TXT_CAMELLIA128	"CAMELLIA128"
-#define SSL_TXT_CAMELLIA256	"CAMELLIA256"
-#define SSL_TXT_CAMELLIA	"CAMELLIA"
-
-#define SSL_TXT_MD5		"MD5"
-#define SSL_TXT_SHA1		"SHA1"
-#define SSL_TXT_SHA		"SHA" /* same as "SHA1" */
-#define SSL_TXT_GOST94		"GOST94" 
-#define SSL_TXT_GOST89MAC		"GOST89MAC" 
-#define SSL_TXT_SHA256		"SHA256"
-#define SSL_TXT_SHA384		"SHA384"
-
-#define SSL_TXT_SSLV2		"SSLv2"
-#define SSL_TXT_SSLV3		"SSLv3"
-#define SSL_TXT_TLSV1		"TLSv1"
-#define SSL_TXT_TLSV1_1		"TLSv1.1"
-#define SSL_TXT_TLSV1_2		"TLSv1.2"
-
-#define SSL_TXT_EXP		"EXP"
-#define SSL_TXT_EXPORT		"EXPORT"
-
-#define SSL_TXT_ALL		"ALL"
-
-/*
- * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
- * ciphers normally not being used.
- * Example: "RC4" will activate all ciphers using RC4 including ciphers
- * without authentication, which would normally disabled by DEFAULT (due
- * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
- * will make sure that it is also disabled in the specific selection.
- * COMPLEMENTOF* identifiers are portable between version, as adjustments
- * to the default cipher setup will also be included here.
- *
- * COMPLEMENTOFDEFAULT does not experience the same special treatment that
- * DEFAULT gets, as only selection is being done and no sorting as needed
- * for DEFAULT.
- */
-#define SSL_TXT_CMPALL		"COMPLEMENTOFALL"
-#define SSL_TXT_CMPDEF		"COMPLEMENTOFDEFAULT"
-
-/* The following cipher list is used by default.
- * It also is substituted when an application-defined cipher list string
- * starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2"
-/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
- * starts with a reasonable order, and all we have to do for DEFAULT is
- * throwing out anonymous and unencrypted ciphersuites!
- * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
- * some of them.)
- */
-
-/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
-#define SSL_SENT_SHUTDOWN	1
-#define SSL_RECEIVED_SHUTDOWN	2
-
-#ifdef __cplusplus
-}
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
-#define OPENSSL_NO_SSL2
-#endif
-
-#define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
-#define SSL_FILETYPE_PEM	X509_FILETYPE_PEM
-
-/* This is needed to stop compilers complaining about the
- * 'struct ssl_st *' function parameters used to prototype callbacks
- * in SSL_CTX. */
-typedef struct ssl_st *ssl_crock_st;
-typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
-typedef struct ssl_method_st SSL_METHOD;
-typedef struct ssl_cipher_st SSL_CIPHER;
-typedef struct ssl_session_st SSL_SESSION;
-
-DECLARE_STACK_OF(SSL_CIPHER)
-
-/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
-typedef struct srtp_protection_profile_st
-       {
-       const char *name;
-       unsigned long id;
-       } SRTP_PROTECTION_PROFILE;
-
-DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
-
-typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
-typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
-
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-/* used to hold info on the particular ciphers used */
-struct ssl_cipher_st
-	{
-	int valid;
-	const char *name;		/* text name */
-	unsigned long id;		/* id, 4 bytes, first is version */
-
-	/* changed in 0.9.9: these four used to be portions of a single value 'algorithms' */
-	unsigned long algorithm_mkey;	/* key exchange algorithm */
-	unsigned long algorithm_auth;	/* server authentication */
-	unsigned long algorithm_enc;	/* symmetric encryption */
-	unsigned long algorithm_mac;	/* symmetric authentication */
-	unsigned long algorithm_ssl;	/* (major) protocol version */
-
-	unsigned long algo_strength;	/* strength and export flags */
-	unsigned long algorithm2;	/* Extra flags */
-	int strength_bits;		/* Number of bits really used */
-	int alg_bits;			/* Number of bits for algorithm */
-	};
-
-
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-struct ssl_method_st
-	{
-	int version;
-	int (*ssl_new)(SSL *s);
-	void (*ssl_clear)(SSL *s);
-	void (*ssl_free)(SSL *s);
-	int (*ssl_accept)(SSL *s);
-	int (*ssl_connect)(SSL *s);
-	int (*ssl_read)(SSL *s,void *buf,int len);
-	int (*ssl_peek)(SSL *s,void *buf,int len);
-	int (*ssl_write)(SSL *s,const void *buf,int len);
-	int (*ssl_shutdown)(SSL *s);
-	int (*ssl_renegotiate)(SSL *s);
-	int (*ssl_renegotiate_check)(SSL *s);
-	long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
-		max, int *ok);
-	int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
-		int peek);
-	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
-	int (*ssl_dispatch_alert)(SSL *s);
-	long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
-	long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
-	const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
-	int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
-	int (*ssl_pending)(const SSL *s);
-	int (*num_ciphers)(void);
-	const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
-	const struct ssl_method_st *(*get_ssl_method)(int version);
-	long (*get_timeout)(void);
-	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
-	int (*ssl_version)(void);
-	long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
-	long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
-	};
-
-/* Lets make this into an ASN.1 type structure as follows
- * SSL_SESSION_ID ::= SEQUENCE {
- *	version 		INTEGER,	-- structure version number
- *	SSLversion 		INTEGER,	-- SSL version number
- *	Cipher 			OCTET STRING,	-- the 3 byte cipher ID
- *	Session_ID 		OCTET STRING,	-- the Session ID
- *	Master_key 		OCTET STRING,	-- the master key
- *	KRB5_principal		OCTET STRING	-- optional Kerberos principal
- *	Key_Arg [ 0 ] IMPLICIT	OCTET STRING,	-- the optional Key argument
- *	Time [ 1 ] EXPLICIT	INTEGER,	-- optional Start Time
- *	Timeout [ 2 ] EXPLICIT	INTEGER,	-- optional Timeout ins seconds
- *	Peer [ 3 ] EXPLICIT	X509,		-- optional Peer Certificate
- *	Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
- *	Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
- *	HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension 
- *	PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
- *	PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
- *	Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
- *	Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
- *	Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
- *	SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
- *	}
- * Look in ssl/ssl_asn1.c for more details
- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
- */
-struct ssl_session_st
-	{
-	int ssl_version;	/* what ssl version session info is
-				 * being kept in here? */
-
-	/* only really used in SSLv2 */
-	unsigned int key_arg_length;
-	unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
-	int master_key_length;
-	unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
-	/* session_id - valid? */
-	unsigned int session_id_length;
-	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
-	/* this is used to determine whether the session is being reused in
-	 * the appropriate context. It is up to the application to set this,
-	 * via SSL_new */
-	unsigned int sid_ctx_length;
-	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
-#ifndef OPENSSL_NO_KRB5
-        unsigned int krb5_client_princ_len;
-        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
-#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_PSK
-	char *psk_identity_hint;
-	char *psk_identity;
-#endif
-	/* Used to indicate that session resumption is not allowed.
-	 * Applications can also set this bit for a new session via
-	 * not_resumable_session_cb to disable session caching and tickets. */
-	int not_resumable;
-
-	/* The cert is the certificate used to establish this connection */
-	struct sess_cert_st /* SESS_CERT */ *sess_cert;
-
-	/* This is the cert for the other end.
-	 * On clients, it will be the same as sess_cert->peer_key->x509
-	 * (the latter is not enough as sess_cert is not retained
-	 * in the external representation of sessions, see ssl_asn1.c). */
-	X509 *peer;
-	/* when app_verify_callback accepts a session where the peer's certificate
-	 * is not ok, we must remember the error for session reuse: */
-	long verify_result; /* only for servers */
-
-	int references;
-	long timeout;
-	long time;
-
-	unsigned int compress_meth;	/* Need to lookup the method */
-
-	const SSL_CIPHER *cipher;
-	unsigned long cipher_id;	/* when ASN.1 loaded, this
-					 * needs to be used to load
-					 * the 'cipher' structure */
-
-	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
-
-	CRYPTO_EX_DATA ex_data; /* application specific data */
-
-	/* These are used to make removal of session-ids more
-	 * efficient and to implement a maximum cache size. */
-	struct ssl_session_st *prev,*next;
-#ifndef OPENSSL_NO_TLSEXT
-	char *tlsext_hostname;
-#ifndef OPENSSL_NO_EC
-	size_t tlsext_ecpointformatlist_length;
-	unsigned char *tlsext_ecpointformatlist; /* peer's list */
-	size_t tlsext_ellipticcurvelist_length;
-	unsigned char *tlsext_ellipticcurvelist; /* peer's list */
-#endif /* OPENSSL_NO_EC */
-	/* RFC4507 info */
-	unsigned char *tlsext_tick;	/* Session ticket */
-	size_t tlsext_ticklen;		/* Session ticket length */
-	long tlsext_tick_lifetime_hint;	/* Session lifetime hint in seconds */
-#endif
-#ifndef OPENSSL_NO_SRP
-	char *srp_username;
-#endif
-
-	/* original_handshake_hash contains the handshake hash (either
-	 * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full
-	 * handshake that created a session. This is used by Channel IDs during
-	 * resumption. */
-	unsigned char original_handshake_hash[EVP_MAX_MD_SIZE];
-	unsigned int original_handshake_hash_len;
-	};
-
-#endif
-
-#define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
-#define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
-/* Allow initial connection to servers that don't support RI */
-#define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
-#define SSL_OP_TLSEXT_PADDING				0x00000010L
-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
-#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG			0x00000040L
-#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
-#define SSL_OP_TLS_D5_BUG				0x00000100L
-#define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
-
-/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x0
-/* Refers to ancient SSLREF and SSLv2, retained for compatibility */
-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x0
-
-/* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is vestigial. Previously it disabled the
- * insertion of empty records in CBC mode, but the empty records were commonly
- * misinterpreted as EOF by other TLS stacks and so this was disabled by
- * SSL_OP_ALL.
- *
- * This has been replaced by 1/n-1 record splitting, which is enabled by
- * SSL_MODE_CBC_RECORD_SPLITTING in SSL_set_mode. This involves sending a
- * one-byte record rather than an empty record and has much better
- * compatibility. */
-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
-
-/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
- *             This used to be 0x000FFFFFL before 0.9.7. */
-#define SSL_OP_ALL					0x80000BFFL
-
-/* DTLS options */
-#define SSL_OP_NO_QUERY_MTU                 0x00001000L
-/* Turn on Cookie Exchange (on relevant for servers) */
-#define SSL_OP_COOKIE_EXCHANGE              0x00002000L
-/* Don't use RFC4507 ticket extension */
-#define SSL_OP_NO_TICKET	            0x00004000L
-/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
-#define SSL_OP_CISCO_ANYCONNECT		    0x00008000L
-
-/* As server, disallow session resumption on renegotiation */
-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
-/* Don't use compression even if supported */
-#define SSL_OP_NO_COMPRESSION				0x00020000L
-/* Permit unsafe legacy renegotiation */
-#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	0x00040000L
-/* If set, always create a new key when using tmp_ecdh parameters */
-#define SSL_OP_SINGLE_ECDH_USE				0x00080000L
-/* If set, always create a new key when using tmp_dh parameters */
-#define SSL_OP_SINGLE_DH_USE				0x00100000L
-/* Does nothing: retained for compatibiity */
-#define SSL_OP_EPHEMERAL_RSA				0x0
-/* Set on servers to choose the cipher according to the server's
- * preferences */
-#define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L
-/* If set, a server will allow a client to issue a SSLv3.0 version number
- * as latest version supported in the premaster secret, even when TLSv1.0
- * (version 3.1) was announced in the client hello. Normally this is
- * forbidden to prevent version rollback attacks. */
-#define SSL_OP_TLS_ROLLBACK_BUG				0x00800000L
-
-#define SSL_OP_NO_SSLv2					0x01000000L
-#define SSL_OP_NO_SSLv3					0x02000000L
-#define SSL_OP_NO_TLSv1					0x04000000L
-#define SSL_OP_NO_TLSv1_2				0x08000000L
-#define SSL_OP_NO_TLSv1_1				0x10000000L
-
-/* These next two were never actually used for anything since SSLeay
- * zap so we have some more flags.
- */
-/* The next flag deliberately changes the ciphertest, this is a check
- * for the PKCS#1 attack */
-#define SSL_OP_PKCS1_CHECK_1				0x0
-#define SSL_OP_PKCS1_CHECK_2				0x0
-
-#define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L
-/* Make server add server-hello extension from early version of
- * cryptopro draft, when GOST ciphersuite is negotiated. 
- * Required for interoperability with CryptoPro CSP 3.x 
- */
-#define SSL_OP_CRYPTOPRO_TLSEXT_BUG			0x80000000L
-
-/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
- * when just a single record has been written): */
-#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
-/* Make it possible to retry SSL_write() with changed buffer location
- * (buffer contents must stay the same!); this is not the default to avoid
- * the misconception that non-blocking SSL_write() behaves like
- * non-blocking write(): */
-#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
-/* Never bother the application with retries if the transport
- * is blocking: */
-#define SSL_MODE_AUTO_RETRY 0x00000004L
-/* Don't attempt to automatically build certificate chain */
-#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
-/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
- * TLS only.)  "Released" buffers are put onto a free-list in the context
- * or just freed (depending on the context's setting for freelist_max_len). */
-#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
-
-/* Send the current time in the Random fields of the ClientHello and
- * ServerHello records for compatibility with hypothetical implementations
- * that require it.
- */
-#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
-#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
-/* Send TLS_FALLBACK_SCSV in the ClientHello.
- * To be set only by applications that reconnect with a downgraded protocol
- * version; see draft-ietf-tls-downgrade-scsv-00 for details.
- *
- * DO NOT ENABLE THIS if your application attempts a normal handshake.
- * Only use this in explicit fallback retries, following the guidance
- * in draft-ietf-tls-downgrade-scsv-00.
- */
-#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
-
-/* When set, clients may send application data before receipt of CCS
- * and Finished.  This mode enables full-handshakes to 'complete' in
- * one RTT. */
-#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000200L
-
-/* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two:
- * the first record will contain a single byte and the second will contain the
- * rest of the bytes. This effectively randomises the IV and prevents BEAST
- * attacks. */
-#define SSL_MODE_CBC_RECORD_SPLITTING 0x00000100L
-
-/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
- * they cannot be used to clear bits. */
-
-#define SSL_CTX_set_options(ctx,op) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
-#define SSL_CTX_clear_options(ctx,op) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
-#define SSL_CTX_get_options(ctx) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
-#define SSL_set_options(ssl,op) \
-	SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
-#define SSL_clear_options(ssl,op) \
-	SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
-#define SSL_get_options(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
-
-#define SSL_CTX_set_mode(ctx,op) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
-#define SSL_CTX_clear_mode(ctx,op) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
-#define SSL_CTX_get_mode(ctx) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
-#define SSL_clear_mode(ssl,op) \
-	SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
-#define SSL_set_mode(ssl,op) \
-	SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
-#define SSL_get_mode(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
-#define SSL_set_mtu(ssl, mtu) \
-        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
-#define DTLS_set_link_mtu(ssl, mtu) \
-        SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
-#define DTLS_get_link_min_mtu(ssl) \
-        SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
-
-#define SSL_get_secure_renegotiation_support(ssl) \
-	SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
-
-#ifndef OPENSSL_NO_HEARTBEATS
-#define SSL_heartbeat(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
-#endif
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-
-#ifndef OPENSSL_NO_SRP
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct srp_ctx_st
-	{
-	/* param for all the callbacks */
-	void *SRP_cb_arg;
-	/* set client Hello login callback */
-	int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);
-	/* set SRP N/g param callback for verification */
-	int (*SRP_verify_param_callback)(SSL *, void *);
-	/* set SRP client passwd callback */
-	char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
-
-	char *login;
-	BIGNUM *N,*g,*s,*B,*A;
-	BIGNUM *a,*b,*v;
-	char *info;
-	int strength;
-
-	unsigned long srp_Mask;
-	} SRP_CTX;
-
-#endif
-
-/* see tls_srp.c */
-int SSL_SRP_CTX_init(SSL *s);
-int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
-int SSL_SRP_CTX_free(SSL *ctx);
-int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
-int SSL_srp_server_param_with_username(SSL *s, int *ad);
-int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);
-int SRP_Calc_A_param(SSL *s);
-int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
-
-#endif
-
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
-#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
-#else
-#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
-#endif
-
-#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT	(1024*20)
-
-/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
- * them. It is used to override the generation of SSL/TLS session IDs in a
- * server. Return value should be zero on an error, non-zero to proceed. Also,
- * callbacks should themselves check if the id they generate is unique otherwise
- * the SSL handshake will fail with an error - callbacks can do this using the
- * 'ssl' value they're passed by;
- *      SSL_has_matching_session_id(ssl, id, *id_len)
- * The length value passed in is set at the maximum size the session ID can be.
- * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
- * can alter this length to be less if desired, but under SSLv2 session IDs are
- * supposed to be fixed at 16 bytes so the id will be padded after the callback
- * returns in this case. It is also an error for the callback to set the size to
- * zero. */
-typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
-				unsigned int *id_len);
-
-typedef struct ssl_comp_st SSL_COMP;
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-struct ssl_comp_st
-	{
-	int id;
-	const char *name;
-#ifndef OPENSSL_NO_COMP
-	COMP_METHOD *method;
-#else
-	char *method;
-#endif
-	};
-
-DECLARE_STACK_OF(SSL_COMP)
-DECLARE_LHASH_OF(SSL_SESSION);
-
-struct ssl_ctx_st
-	{
-	const SSL_METHOD *method;
-
-	STACK_OF(SSL_CIPHER) *cipher_list;
-	/* same as above but sorted for lookup */
-	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-
-	struct x509_store_st /* X509_STORE */ *cert_store;
-	LHASH_OF(SSL_SESSION) *sessions;
-	/* Most session-ids that will be cached, default is
-	 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
-	unsigned long session_cache_size;
-	struct ssl_session_st *session_cache_head;
-	struct ssl_session_st *session_cache_tail;
-
-	/* This can have one of 2 values, ored together,
-	 * SSL_SESS_CACHE_CLIENT,
-	 * SSL_SESS_CACHE_SERVER,
-	 * Default is SSL_SESSION_CACHE_SERVER, which means only
-	 * SSL_accept which cache SSL_SESSIONS. */
-	int session_cache_mode;
-
-	/* If timeout is not 0, it is the default timeout value set
-	 * when SSL_new() is called.  This has been put in to make
-	 * life easier to set things up */
-	long session_timeout;
-
-	/* If this callback is not null, it will be called each
-	 * time a session id is added to the cache.  If this function
-	 * returns 1, it means that the callback will do a
-	 * SSL_SESSION_free() when it has finished using it.  Otherwise,
-	 * on 0, it means the callback has finished with it.
-	 * If remove_session_cb is not null, it will be called when
-	 * a session-id is removed from the cache.  After the call,
-	 * OpenSSL will SSL_SESSION_free() it. */
-	int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
-	void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
-	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
-		unsigned char *data,int len,int *copy);
-
-	struct
-		{
-		int sess_connect;	/* SSL new conn - started */
-		int sess_connect_renegotiate;/* SSL reneg - requested */
-		int sess_connect_good;	/* SSL new conne/reneg - finished */
-		int sess_accept;	/* SSL new accept - started */
-		int sess_accept_renegotiate;/* SSL reneg - requested */
-		int sess_accept_good;	/* SSL accept/reneg - finished */
-		int sess_miss;		/* session lookup misses  */
-		int sess_timeout;	/* reuse attempt on timeouted session */
-		int sess_cache_full;	/* session removed due to full cache */
-		int sess_hit;		/* session reuse actually done */
-		int sess_cb_hit;	/* session-id that was not
-					 * in the cache was
-					 * passed back via the callback.  This
-					 * indicates that the application is
-					 * supplying session-id's from other
-					 * processes - spooky :-) */
-		} stats;
-
-	int references;
-
-	/* if defined, these override the X509_verify_cert() calls */
-	int (*app_verify_callback)(X509_STORE_CTX *, void *);
-	void *app_verify_arg;
-	/* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
-	 * ('app_verify_callback' was called with just one argument) */
-
-	/* Default password callback. */
-	pem_password_cb *default_passwd_callback;
-
-	/* Default password callback user data. */
-	void *default_passwd_callback_userdata;
-
-	/* get client cert callback */
-	int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-
-	/* get channel id callback */
-	void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
-
-    /* cookie generate callback */
-    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 
-        unsigned int *cookie_len);
-
-    /* verify cookie callback */
-    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 
-        unsigned int cookie_len);
-
-	CRYPTO_EX_DATA ex_data;
-
-	const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
-	const EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
-	const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
-
-	STACK_OF(X509) *extra_certs;
-	STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
-
-
-	/* Default values used when no per-SSL value is defined follow */
-
-	void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
-
-	/* what we put in client cert requests */
-	STACK_OF(X509_NAME) *client_CA;
-
-
-	/* Default values to use in SSL structures follow (these are copied by SSL_new) */
-
-	unsigned long options;
-	unsigned long mode;
-	long max_cert_list;
-
-	struct cert_st /* CERT */ *cert;
-	int read_ahead;
-
-	/* callback that allows applications to peek at protocol messages */
-	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
-	void *msg_callback_arg;
-
-	int verify_mode;
-	unsigned int sid_ctx_length;
-	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
-
-	/* Default generate session ID callback. */
-	GEN_SESSION_CB generate_session_id;
-
-	X509_VERIFY_PARAM *param;
-
-#if 0
-	int purpose;		/* Purpose setting */
-	int trust;		/* Trust setting */
-#endif
-
-	int quiet_shutdown;
-
-	/* Maximum amount of data to send in one fragment.
-	 * actual record size can be more than this due to
-	 * padding and MAC overheads.
-	 */
-	unsigned int max_send_fragment;
-
-#ifndef OPENSSL_NO_ENGINE
-	/* Engine to pass requests for client certs to
-	 */
-	ENGINE *client_cert_engine;
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-	/* TLS extensions servername callback */
-	int (*tlsext_servername_callback)(SSL*, int *, void *);
-	void *tlsext_servername_arg;
-	/* RFC 4507 session ticket keys */
-	unsigned char tlsext_tick_key_name[16];
-	unsigned char tlsext_tick_hmac_key[16];
-	unsigned char tlsext_tick_aes_key[16];
-	/* Callback to support customisation of ticket key setting */
-	int (*tlsext_ticket_key_cb)(SSL *ssl,
-					unsigned char *name, unsigned char *iv,
-					EVP_CIPHER_CTX *ectx,
- 					HMAC_CTX *hctx, int enc);
-
-	/* certificate status request info */
-	/* Callback for status request */
-	int (*tlsext_status_cb)(SSL *ssl, void *arg);
-	void *tlsext_status_arg;
-
-	/* draft-rescorla-tls-opaque-prf-input-00.txt information */
-	int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
-	void *tlsext_opaque_prf_input_callback_arg;
-#endif
-
-#ifndef OPENSSL_NO_PSK
-	char *psk_identity_hint;
-	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
-		unsigned int max_identity_len, unsigned char *psk,
-		unsigned int max_psk_len);
-	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-		unsigned char *psk, unsigned int max_psk_len);
-#endif
-
-#ifndef OPENSSL_NO_BUF_FREELISTS
-#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
-	unsigned int freelist_max_len;
-	struct ssl3_buf_freelist_st *wbuf_freelist;
-	struct ssl3_buf_freelist_st *rbuf_freelist;
-#endif
-#ifndef OPENSSL_NO_SRP
-	SRP_CTX srp_ctx; /* ctx for SRP authentication */
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-	/* Next protocol negotiation information */
-	/* (for experimental NPN extension). */
-
-	/* For a server, this contains a callback function by which the set of
-	 * advertised protocols can be provided. */
-	int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
-			                 unsigned int *len, void *arg);
-	void *next_protos_advertised_cb_arg;
-	/* For a client, this contains a callback function that selects the
-	 * next protocol from the list provided by the server. */
-	int (*next_proto_select_cb)(SSL *s, unsigned char **out,
-				    unsigned char *outlen,
-				    const unsigned char *in,
-				    unsigned int inlen,
-				    void *arg);
-	void *next_proto_select_cb_arg;
-# endif
-
-	/* ALPN information
-	 * (we are in the process of transitioning from NPN to ALPN.) */
-
-	/* For a server, this contains a callback function that allows the
-	 * server to select the protocol for the connection.
-	 *   out: on successful return, this must point to the raw protocol
-	 *        name (without the length prefix).
-	 *   outlen: on successful return, this contains the length of |*out|.
-	 *   in: points to the client's list of supported protocols in
-	 *       wire-format.
-	 *   inlen: the length of |in|. */
-	int (*alpn_select_cb)(SSL *s,
-			      const unsigned char **out,
-			      unsigned char *outlen,
-			      const unsigned char* in,
-			      unsigned int inlen,
-			      void *arg);
-	void *alpn_select_cb_arg;
-
-	/* For a client, this contains the list of supported protocols in wire
-	 * format. */
-	unsigned char* alpn_client_proto_list;
-	unsigned alpn_client_proto_list_len;
-
-        /* SRTP profiles we are willing to do from RFC 5764 */
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
-
-	/* If true, a client will advertise the Channel ID extension and a
-	 * server will echo it. */
-	char tlsext_channel_id_enabled;
-	/* tlsext_channel_id_enabled_new is a hack to support both old and new
-	 * ChannelID signatures. It indicates that a client should advertise the
-	 * new ChannelID extension number. */
-	char tlsext_channel_id_enabled_new;
-	/* The client's Channel ID private key. */
-	EVP_PKEY *tlsext_channel_id_private;
-#endif
-	};
-
-#endif
-
-#define SSL_SESS_CACHE_OFF			0x0000
-#define SSL_SESS_CACHE_CLIENT			0x0001
-#define SSL_SESS_CACHE_SERVER			0x0002
-#define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
-#define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
-/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
-#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
-#define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200
-#define SSL_SESS_CACHE_NO_INTERNAL \
-	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
-
-LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
-#define SSL_CTX_sess_number(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
-#define SSL_CTX_sess_connect(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
-#define SSL_CTX_sess_connect_good(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
-#define SSL_CTX_sess_connect_renegotiate(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
-#define SSL_CTX_sess_accept_renegotiate(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept_good(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
-#define SSL_CTX_sess_hits(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
-#define SSL_CTX_sess_cb_hits(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
-#define SSL_CTX_sess_misses(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
-#define SSL_CTX_sess_timeouts(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
-#define SSL_CTX_sess_cache_full(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client
- * IDs from clients. Returns 1 on success. */
-#define SSL_CTX_enable_tls_channel_id(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
-void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey));
-void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
-#ifndef OPENSSL_NO_ENGINE
-int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
-#endif
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
-#ifndef OPENSSL_NO_NEXTPROTONEG
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
-					   int (*cb) (SSL *ssl,
-						      const unsigned char **out,
-						      unsigned int *outlen,
-						      void *arg),
-					   void *arg);
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
-				      int (*cb) (SSL *ssl,
-						 unsigned char **out,
-						 unsigned char *outlen,
-						 const unsigned char *in,
-						 unsigned int inlen,
-						 void *arg),
-				      void *arg);
-
-int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-			  const unsigned char *in, unsigned int inlen,
-			  const unsigned char *client, unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s,
-				    const unsigned char **data, unsigned *len);
-
-#define OPENSSL_NPN_UNSUPPORTED	0
-#define OPENSSL_NPN_NEGOTIATED	1
-#define OPENSSL_NPN_NO_OVERLAP	2
-#endif
-
-int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
-			    unsigned protos_len);
-int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
-			unsigned protos_len);
-void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
-				int (*cb) (SSL *ssl,
-					   const unsigned char **out,
-					   unsigned char *outlen,
-					   const unsigned char *in,
-					   unsigned int inlen,
-					   void *arg),
-				void *arg);
-void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
-			    unsigned *len);
-
-#ifndef OPENSSL_NO_PSK
-/* the maximum length of the buffer given to callbacks containing the
- * resulting identity/psk */
-#define PSK_MAX_IDENTITY_LEN 128
-#define PSK_MAX_PSK_LEN 256
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 
-	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
-		char *identity, unsigned int max_identity_len, unsigned char *psk,
-		unsigned int max_psk_len));
-void SSL_set_psk_client_callback(SSL *ssl, 
-	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
-		char *identity, unsigned int max_identity_len, unsigned char *psk,
-		unsigned int max_psk_len));
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 
-	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-		unsigned char *psk, unsigned int max_psk_len));
-void SSL_set_psk_server_callback(SSL *ssl,
-	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-		unsigned char *psk, unsigned int max_psk_len));
-int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
-int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
-const char *SSL_get_psk_identity_hint(const SSL *s);
-const char *SSL_get_psk_identity(const SSL *s);
-#endif
-
-#define SSL_NOTHING	1
-#define SSL_WRITING	2
-#define SSL_READING	3
-#define SSL_X509_LOOKUP	4
-#define SSL_CHANNEL_ID_LOOKUP	5
-
-/* These will only be used when doing non-blocking IO */
-#define SSL_want_nothing(s)	(SSL_want(s) == SSL_NOTHING)
-#define SSL_want_read(s)	(SSL_want(s) == SSL_READING)
-#define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)
-#define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)
-#define SSL_want_channel_id_lookup(s)	(SSL_want(s) == SSL_CHANNEL_ID_LOOKUP)
-
-#define SSL_MAC_FLAG_READ_MAC_STREAM 1
-#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-struct ssl_st
-	{
-	/* protocol version
-	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
-	 */
-	int version;
-	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
-
-	const SSL_METHOD *method; /* SSLv3 */
-
-	/* There are 2 BIO's even though they are normally both the
-	 * same.  This is so data can be read and written to different
-	 * handlers */
-
-#ifndef OPENSSL_NO_BIO
-	BIO *rbio; /* used by SSL_read */
-	BIO *wbio; /* used by SSL_write */
-	BIO *bbio; /* used during session-id reuse to concatenate
-		    * messages */
-#else
-	char *rbio; /* used by SSL_read */
-	char *wbio; /* used by SSL_write */
-	char *bbio;
-#endif
-	/* This holds a variable that indicates what we were doing
-	 * when a 0 or -1 is returned.  This is needed for
-	 * non-blocking IO so we know what request needs re-doing when
-	 * in SSL_accept or SSL_connect */
-	int rwstate;
-
-	/* true when we are actually in SSL_accept() or SSL_connect() */
-	int in_handshake;
-	int (*handshake_func)(SSL *);
-
-	/* Imagine that here's a boolean member "init" that is
-	 * switched as soon as SSL_set_{accept/connect}_state
-	 * is called for the first time, so that "state" and
-	 * "handshake_func" are properly initialized.  But as
-	 * handshake_func is == 0 until then, we use this
-	 * test instead of an "init" member.
-	 */
-
-	int server;	/* are we the server side? - mostly used by SSL_clear*/
-
-	int new_session;/* Generate a new session or reuse an old one.
-	                 * NB: For servers, the 'new' session may actually be a previously
-	                 * cached session or even the previous session unless
-	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-	int quiet_shutdown;/* don't send shutdown packets */
-	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
-			 * for received */
-	int state;	/* where we are */
-	int rstate;	/* where we are when reading */
-
-	BUF_MEM *init_buf;	/* buffer used during init */
-	void *init_msg;   	/* pointer to handshake message body, set by ssl3_get_message() */
-	int init_num;		/* amount read/written */
-	int init_off;		/* amount read/written */
-
-	/* used internally to point at a raw packet */
-	unsigned char *packet;
-	unsigned int packet_length;
-
-	struct ssl2_state_st *s2; /* SSLv2 variables */
-	struct ssl3_state_st *s3; /* SSLv3 variables */
-	struct dtls1_state_st *d1; /* DTLSv1 variables */
-
-	int read_ahead;		/* Read as many input bytes as possible
-	               	 	 * (for non-blocking reads) */
-
-	/* callback that allows applications to peek at protocol messages */
-	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
-	void *msg_callback_arg;
-
-	int hit;		/* reusing a previous session */
-
-	X509_VERIFY_PARAM *param;
-
-#if 0
-	int purpose;		/* Purpose setting */
-	int trust;		/* Trust setting */
-#endif
-
-	/* crypto */
-	STACK_OF(SSL_CIPHER) *cipher_list;
-	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-
-	/* These are the ones being used, the ones in SSL_SESSION are
-	 * the ones to be 'copied' into these ones */
-	int mac_flags; 
-	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */
-	EVP_MD_CTX *read_hash;		/* used for mac generation */
-#ifndef OPENSSL_NO_COMP
-	COMP_CTX *expand;			/* uncompress */
-#else
-	char *expand;
-#endif
-
-	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */
-	EVP_MD_CTX *write_hash;		/* used for mac generation */
-#ifndef OPENSSL_NO_COMP
-	COMP_CTX *compress;			/* compression */
-#else
-	char *compress;	
-#endif
-
-	/* session info */
-
-	/* client cert? */
-	/* This is used to hold the server certificate used */
-	struct cert_st /* CERT */ *cert;
-
-	/* the session_id_context is used to ensure sessions are only reused
-	 * in the appropriate context */
-	unsigned int sid_ctx_length;
-	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
-	/* This can also be in the session once a session is established */
-	SSL_SESSION *session;
-
-        /* This can be disabled to prevent the use of uncached sessions */
-	int session_creation_enabled;
-
-	/* Default generate session ID callback. */
-	GEN_SESSION_CB generate_session_id;
-
-	/* Used in SSL2 and SSL3 */
-	int verify_mode;	/* 0 don't care about verify failure.
-				 * 1 fail if verify fails */
-	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
-
-	void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
-
-	int error;		/* error bytes to be written */
-	int error_code;		/* actual code */
-
-#ifndef OPENSSL_NO_KRB5
-	KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
-#endif	/* OPENSSL_NO_KRB5 */
-
-#ifndef OPENSSL_NO_PSK
-	/* PSK identity hint is stored here only to enable setting a hint on an SSL object before an
-	 * SSL_SESSION is associated with it. Once an SSL_SESSION is associated with this SSL object,
-	 * the psk_identity_hint from the session takes precedence over this one. */
-	char *psk_identity_hint;
-	unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
-		unsigned int max_identity_len, unsigned char *psk,
-		unsigned int max_psk_len);
-	unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-		unsigned char *psk, unsigned int max_psk_len);
-#endif
-
-	SSL_CTX *ctx;
-	/* set this flag to 1 and a sleep(1) is put into all SSL_read()
-	 * and SSL_write() calls, good for nbio debuging :-) */
-	int debug;	
-
-	/* extra application data */
-	long verify_result;
-	CRYPTO_EX_DATA ex_data;
-
-	/* for server side, keep the list of CA_dn we can use */
-	STACK_OF(X509_NAME) *client_CA;
-
-	int references;
-	unsigned long options; /* protocol behaviour */
-	unsigned long mode; /* API behaviour */
-	long max_cert_list;
-	int first_packet;
-	int client_version;	/* what was passed, used for
-				 * SSLv3/TLS rollback check */
-	unsigned int max_send_fragment;
-#ifndef OPENSSL_NO_TLSEXT
-	/* TLS extension debug callback */
-	void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
-					unsigned char *data, int len,
-					void *arg);
-	void *tlsext_debug_arg;
-	char *tlsext_hostname;
-	int servername_done;   /* no further mod of servername 
-	                          0 : call the servername extension callback.
-	                          1 : prepare 2, allow last ack just after in server callback.
-	                          2 : don't call servername callback, no ack in server hello
-	                       */
-	/* certificate status request info */
-	/* Status type or -1 if no status type */
-	int tlsext_status_type;
-	/* Expect OCSP CertificateStatus message */
-	int tlsext_status_expected;
-	/* OCSP status request only */
-	STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
-	X509_EXTENSIONS *tlsext_ocsp_exts;
-	/* OCSP response received or to be sent */
-	unsigned char *tlsext_ocsp_resp;
-	int tlsext_ocsp_resplen;
-
-	/* RFC4507 session ticket expected to be received or sent */
-	int tlsext_ticket_expected;
-#ifndef OPENSSL_NO_EC
-	size_t tlsext_ecpointformatlist_length;
-	unsigned char *tlsext_ecpointformatlist; /* our list */
-	size_t tlsext_ellipticcurvelist_length;
-	unsigned char *tlsext_ellipticcurvelist; /* our list */
-#endif /* OPENSSL_NO_EC */
-
-	/* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */
-	void *tlsext_opaque_prf_input;
-	size_t tlsext_opaque_prf_input_len;
-
-	/* TLS Session Ticket extension override */
-	TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
-
-	/* TLS Session Ticket extension callback */
-	tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
-	void *tls_session_ticket_ext_cb_arg;
-
-	/* TLS pre-shared secret session resumption */
-	tls_session_secret_cb_fn tls_session_secret_cb;
-	void *tls_session_secret_cb_arg;
-
-	SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-	/* Next protocol negotiation. For the client, this is the protocol that
-	 * we sent in NextProtocol and is set when handling ServerHello
-	 * extensions.
-	 *
-	 * For a server, this is the client's selected_protocol from
-	 * NextProtocol and is set when handling the NextProtocol message,
-	 * before the Finished message. */
-	unsigned char *next_proto_negotiated;
-	unsigned char next_proto_negotiated_len;
-#endif
-
-#define session_ctx initial_ctx
-
-	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  /* What we'll do */
-	SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */
-
-	unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
-	                                   0: disabled
-	                                   1: enabled
-	                                   2: enabled, but not allowed to send Requests
-	                                 */
-	unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
-	unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
-
-	/* Copied from the SSL_CTX. For a server, means that we'll accept
-	 * Channel IDs from clients. For a client, means that we'll advertise
-	 * support. */
-	char tlsext_channel_id_enabled;
-	/* The client's Channel ID private key. */
-	EVP_PKEY *tlsext_channel_id_private;
-
-	/* For a client, this contains the list of supported protocols in wire
-	 * format. */
-	unsigned char* alpn_client_proto_list;
-	unsigned alpn_client_proto_list_len;
-#else
-#define session_ctx ctx
-#endif /* OPENSSL_NO_TLSEXT */
-
-	int renegotiate;/* 1 if we are renegotiating.
-	                 * 2 if we are a server and are inside a handshake
-	                 * (i.e. not just sending a HelloRequest) */
-
-#ifndef OPENSSL_NO_SRP
-	SRP_CTX srp_ctx; /* ctx for SRP authentication */
-#endif
-	};
-
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#include <openssl/ssl2.h>
-#include <openssl/ssl3.h>
-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
-#include <openssl/dtls1.h> /* Datagram TLS */
-#include <openssl/ssl23.h>
-#include <openssl/srtp.h>  /* Support for the use_srtp extension */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* compatibility */
-#define SSL_set_app_data(s,arg)		(SSL_set_ex_data(s,0,(char *)arg))
-#define SSL_get_app_data(s)		(SSL_get_ex_data(s,0))
-#define SSL_SESSION_set_app_data(s,a)	(SSL_SESSION_set_ex_data(s,0,(char *)a))
-#define SSL_SESSION_get_app_data(s)	(SSL_SESSION_get_ex_data(s,0))
-#define SSL_CTX_get_app_data(ctx)	(SSL_CTX_get_ex_data(ctx,0))
-#define SSL_CTX_set_app_data(ctx,arg)	(SSL_CTX_set_ex_data(ctx,0,(char *)arg))
-
-/* The following are the possible values for ssl->state are are
- * used to indicate where we are up to in the SSL connection establishment.
- * The macros that follow are about the only things you should need to use
- * and even then, only when using non-blocking IO.
- * It can also be useful to work out where you were when the connection
- * failed */
-
-#define SSL_ST_CONNECT			0x1000
-#define SSL_ST_ACCEPT			0x2000
-#define SSL_ST_MASK			0x0FFF
-#define SSL_ST_INIT			(SSL_ST_CONNECT|SSL_ST_ACCEPT)
-#define SSL_ST_BEFORE			0x4000
-#define SSL_ST_OK			0x03
-#define SSL_ST_RENEGOTIATE		(0x04|SSL_ST_INIT)
-
-#define SSL_CB_LOOP			0x01
-#define SSL_CB_EXIT			0x02
-#define SSL_CB_READ			0x04
-#define SSL_CB_WRITE			0x08
-#define SSL_CB_ALERT			0x4000 /* used in callback */
-#define SSL_CB_READ_ALERT		(SSL_CB_ALERT|SSL_CB_READ)
-#define SSL_CB_WRITE_ALERT		(SSL_CB_ALERT|SSL_CB_WRITE)
-#define SSL_CB_ACCEPT_LOOP		(SSL_ST_ACCEPT|SSL_CB_LOOP)
-#define SSL_CB_ACCEPT_EXIT		(SSL_ST_ACCEPT|SSL_CB_EXIT)
-#define SSL_CB_CONNECT_LOOP		(SSL_ST_CONNECT|SSL_CB_LOOP)
-#define SSL_CB_CONNECT_EXIT		(SSL_ST_CONNECT|SSL_CB_EXIT)
-#define SSL_CB_HANDSHAKE_START		0x10
-#define SSL_CB_HANDSHAKE_DONE		0x20
-
-/* Is the SSL_connection established? */
-#define SSL_get_state(a)		SSL_state(a)
-#define SSL_is_init_finished(a)		(SSL_state(a) == SSL_ST_OK)
-#define SSL_in_init(a)			((SSL_state(a)&SSL_ST_INIT) && \
-					!SSL_cutthrough_complete(a))
-#define SSL_in_before(a)		(SSL_state(a)&SSL_ST_BEFORE)
-#define SSL_in_connect_init(a)		(SSL_state(a)&SSL_ST_CONNECT)
-#define SSL_in_accept_init(a)		(SSL_state(a)&SSL_ST_ACCEPT)
-int SSL_cutthrough_complete(const SSL *s);
-
-/* The following 2 states are kept in ssl->rstate when reads fail,
- * you should not need these */
-#define SSL_ST_READ_HEADER			0xF0
-#define SSL_ST_READ_BODY			0xF1
-#define SSL_ST_READ_DONE			0xF2
-
-/* Obtain latest Finished message
- *   -- that we sent (SSL_get_finished)
- *   -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
-
-/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
- * are 'ored' with SSL_VERIFY_PEER if they are desired */
-#define SSL_VERIFY_NONE			0x00
-#define SSL_VERIFY_PEER			0x01
-#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT	0x02
-#define SSL_VERIFY_CLIENT_ONCE		0x04
-
-#define OpenSSL_add_ssl_algorithms()	SSL_library_init()
-#define SSLeay_add_ssl_algorithms()	SSL_library_init()
-
-/* this is for backward compatibility */
-#if 0 /* NEW_SSLEAY */
-#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
-#define SSL_set_pref_cipher(c,n)	SSL_set_cipher_list(c,n)
-#define SSL_add_session(a,b)            SSL_CTX_add_session((a),(b))
-#define SSL_remove_session(a,b)		SSL_CTX_remove_session((a),(b))
-#define SSL_flush_sessions(a,b)		SSL_CTX_flush_sessions((a),(b))
-#endif
-/* More backward compatibility */
-#define SSL_get_cipher(s) \
-		SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_cipher_bits(s,np) \
-		SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
-#define SSL_get_cipher_version(s) \
-		SSL_CIPHER_get_version(SSL_get_current_cipher(s))
-#define SSL_get_cipher_name(s) \
-		SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_time(a)		SSL_SESSION_get_time(a)
-#define SSL_set_time(a,b)	SSL_SESSION_set_time((a),(b))
-#define SSL_get_timeout(a)	SSL_SESSION_get_timeout(a)
-#define SSL_set_timeout(a,b)	SSL_SESSION_set_timeout((a),(b))
-
-#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
-#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
-
-DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
-
-#define SSL_AD_REASON_OFFSET		1000 /* offset to get SSL_R_... value from SSL_AD_... */
-
-/* These alert types are for SSLv3 and TLSv1 */
-#define SSL_AD_CLOSE_NOTIFY		SSL3_AD_CLOSE_NOTIFY
-#define SSL_AD_UNEXPECTED_MESSAGE	SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
-#define SSL_AD_BAD_RECORD_MAC		SSL3_AD_BAD_RECORD_MAC     /* fatal */
-#define SSL_AD_DECRYPTION_FAILED	TLS1_AD_DECRYPTION_FAILED
-#define SSL_AD_RECORD_OVERFLOW		TLS1_AD_RECORD_OVERFLOW
-#define SSL_AD_DECOMPRESSION_FAILURE	SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
-#define SSL_AD_HANDSHAKE_FAILURE	SSL3_AD_HANDSHAKE_FAILURE/* fatal */
-#define SSL_AD_NO_CERTIFICATE		SSL3_AD_NO_CERTIFICATE /* Not for TLS */
-#define SSL_AD_BAD_CERTIFICATE		SSL3_AD_BAD_CERTIFICATE
-#define SSL_AD_UNSUPPORTED_CERTIFICATE	SSL3_AD_UNSUPPORTED_CERTIFICATE
-#define SSL_AD_CERTIFICATE_REVOKED	SSL3_AD_CERTIFICATE_REVOKED
-#define SSL_AD_CERTIFICATE_EXPIRED	SSL3_AD_CERTIFICATE_EXPIRED
-#define SSL_AD_CERTIFICATE_UNKNOWN	SSL3_AD_CERTIFICATE_UNKNOWN
-#define SSL_AD_ILLEGAL_PARAMETER	SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
-#define SSL_AD_UNKNOWN_CA		TLS1_AD_UNKNOWN_CA	/* fatal */
-#define SSL_AD_ACCESS_DENIED		TLS1_AD_ACCESS_DENIED	/* fatal */
-#define SSL_AD_DECODE_ERROR		TLS1_AD_DECODE_ERROR	/* fatal */
-#define SSL_AD_DECRYPT_ERROR		TLS1_AD_DECRYPT_ERROR
-#define SSL_AD_EXPORT_RESTRICTION	TLS1_AD_EXPORT_RESTRICTION/* fatal */
-#define SSL_AD_PROTOCOL_VERSION		TLS1_AD_PROTOCOL_VERSION /* fatal */
-#define SSL_AD_INSUFFICIENT_SECURITY	TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
-#define SSL_AD_INTERNAL_ERROR		TLS1_AD_INTERNAL_ERROR	/* fatal */
-#define SSL_AD_USER_CANCELLED		TLS1_AD_USER_CANCELLED
-#define SSL_AD_NO_RENEGOTIATION		TLS1_AD_NO_RENEGOTIATION
-#define SSL_AD_UNSUPPORTED_EXTENSION	TLS1_AD_UNSUPPORTED_EXTENSION
-#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
-#define SSL_AD_UNRECOGNIZED_NAME	TLS1_AD_UNRECOGNIZED_NAME
-#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
-#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
-#define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
-#define SSL_AD_INAPPROPRIATE_FALLBACK	TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
-
-#define SSL_ERROR_NONE			0
-#define SSL_ERROR_SSL			1
-#define SSL_ERROR_WANT_READ		2
-#define SSL_ERROR_WANT_WRITE		3
-#define SSL_ERROR_WANT_X509_LOOKUP	4
-#define SSL_ERROR_SYSCALL		5 /* look at error stack/return value/errno */
-#define SSL_ERROR_ZERO_RETURN		6
-#define SSL_ERROR_WANT_CONNECT		7
-#define SSL_ERROR_WANT_ACCEPT		8
-#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP	9
-
-#define SSL_CTRL_NEED_TMP_RSA			1
-#define SSL_CTRL_SET_TMP_RSA			2
-#define SSL_CTRL_SET_TMP_DH			3
-#define SSL_CTRL_SET_TMP_ECDH			4
-#define SSL_CTRL_SET_TMP_RSA_CB			5
-#define SSL_CTRL_SET_TMP_DH_CB			6
-#define SSL_CTRL_SET_TMP_ECDH_CB		7
-
-#define SSL_CTRL_GET_SESSION_REUSED		8
-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST	9
-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS		10
-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS	11
-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS	12
-#define SSL_CTRL_GET_FLAGS			13
-#define SSL_CTRL_EXTRA_CHAIN_CERT		14
-
-#define SSL_CTRL_SET_MSG_CALLBACK               15
-#define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
-
-/* only applies to datagram connections */
-#define SSL_CTRL_SET_MTU                17
-/* Stats */
-#define SSL_CTRL_SESS_NUMBER			20
-#define SSL_CTRL_SESS_CONNECT			21
-#define SSL_CTRL_SESS_CONNECT_GOOD		22
-#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE	23
-#define SSL_CTRL_SESS_ACCEPT			24
-#define SSL_CTRL_SESS_ACCEPT_GOOD		25
-#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE	26
-#define SSL_CTRL_SESS_HIT			27
-#define SSL_CTRL_SESS_CB_HIT			28
-#define SSL_CTRL_SESS_MISSES			29
-#define SSL_CTRL_SESS_TIMEOUTS			30
-#define SSL_CTRL_SESS_CACHE_FULL		31
-#define SSL_CTRL_OPTIONS			32
-#define SSL_CTRL_MODE				33
-
-#define SSL_CTRL_GET_READ_AHEAD			40
-#define SSL_CTRL_SET_READ_AHEAD			41
-#define SSL_CTRL_SET_SESS_CACHE_SIZE		42
-#define SSL_CTRL_GET_SESS_CACHE_SIZE		43
-#define SSL_CTRL_SET_SESS_CACHE_MODE		44
-#define SSL_CTRL_GET_SESS_CACHE_MODE		45
-
-#define SSL_CTRL_GET_MAX_CERT_LIST		50
-#define SSL_CTRL_SET_MAX_CERT_LIST		51
-
-#define SSL_CTRL_SET_MAX_SEND_FRAGMENT		52
-
-/* see tls1.h for macros based on these */
-#ifndef OPENSSL_NO_TLSEXT
-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB	53
-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG	54
-#define SSL_CTRL_SET_TLSEXT_HOSTNAME		55
-#define SSL_CTRL_SET_TLSEXT_DEBUG_CB		56
-#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG		57
-#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS		58
-#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS		59
-#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT	60
-#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB	61
-#define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB	63
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG	64
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE	65
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS	66
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS	67
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS	68
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS	69
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP	70
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP	71
-
-#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB	72
-
-#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB	75
-#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB		76
-#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB		77
-
-#define SSL_CTRL_SET_SRP_ARG		78
-#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME		79
-#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH		80
-#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD		81
-#ifndef OPENSSL_NO_HEARTBEATS
-#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT				85
-#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING		86
-#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS	87
-#endif
-#define SSL_CTRL_CHANNEL_ID			88
-#define SSL_CTRL_GET_CHANNEL_ID			89
-#define SSL_CTRL_SET_CHANNEL_ID			90
-#endif
-
-#define DTLS_CTRL_GET_TIMEOUT		73
-#define DTLS_CTRL_HANDLE_TIMEOUT	74
-#define DTLS_CTRL_LISTEN			75
-
-#define SSL_CTRL_GET_RI_SUPPORT			76
-#define SSL_CTRL_CLEAR_OPTIONS			77
-#define SSL_CTRL_CLEAR_MODE			78
-
-#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS		82
-#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS	83
-
-#define SSL_CTRL_CHECK_PROTO_VERSION		119
-#define DTLS_CTRL_SET_LINK_MTU			120
-#define DTLS_CTRL_GET_LINK_MIN_MTU		121
-
-#define DTLSv1_get_timeout(ssl, arg) \
-	SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
-#define DTLSv1_handle_timeout(ssl) \
-	SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
-#define DTLSv1_listen(ssl, peer) \
-	SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
-
-#define SSL_session_reused(ssl) \
-	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
-#define SSL_num_renegotiations(ssl) \
-	SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_clear_num_renegotiations(ssl) \
-	SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_total_renegotiations(ssl) \
-	SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
-
-#define SSL_CTX_need_tmp_RSA(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_CTX_set_tmp_dh(ctx,dh) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-
-#define SSL_need_tmp_RSA(ssl) \
-	SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_set_tmp_rsa(ssl,rsa) \
-	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_set_tmp_dh(ssl,dh) \
-	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-#define SSL_set_tmp_ecdh(ssl,ecdh) \
-	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-
-/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS client
- * IDs from clients, or configure a client to send TLS client IDs to server.
- * Returns 1 on success. */
-#define SSL_enable_tls_channel_id(s) \
-	SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL)
-/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
- * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
- * success. */
-#define SSL_set1_tls_channel_id(s, private_key) \
-	SSL_ctrl(s,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)
-#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)
-/* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL*
- * and copies up to the first |channel_id_len| bytes into |channel_id|. The
- * Channel ID consists of the client's P-256 public key as an (x,y) pair where
- * each is a 32-byte, big-endian field element. Returns 0 if the client didn't
- * offer a Channel ID and the length of the complete Channel ID otherwise. */
-#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \
-	SSL_ctrl(ctx,SSL_CTRL_GET_CHANNEL_ID,channel_id_len,(void*)channel_id)
-
-#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
-#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
-#define SSL_CTX_clear_extra_chain_certs(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
-
-#ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to,BIO *from);
-void BIO_ssl_shutdown(BIO *ssl_bio);
-
-#endif
-
-int	SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
-SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
-void	SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
-long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
-int SSL_want(const SSL *s);
-int	SSL_clear(SSL *s);
-
-void	SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
-
-const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int	SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
-char *	SSL_CIPHER_get_version(const SSL_CIPHER *c);
-const char *	SSL_CIPHER_get_name(const SSL_CIPHER *c);
-unsigned long 	SSL_CIPHER_get_id(const SSL_CIPHER *c);
-const char *	SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher);
-
-int	SSL_get_fd(const SSL *s);
-int	SSL_get_rfd(const SSL *s);
-int	SSL_get_wfd(const SSL *s);
-const char  * SSL_get_cipher_list(const SSL *s,int n);
-char *	SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
-int	SSL_get_read_ahead(const SSL * s);
-int	SSL_pending(const SSL *s);
-const char *	SSL_authentication_method(const SSL *c);
-#ifndef OPENSSL_NO_SOCK
-int	SSL_set_fd(SSL *s, int fd);
-int	SSL_set_rfd(SSL *s, int fd);
-int	SSL_set_wfd(SSL *s, int fd);
-#endif
-#ifndef OPENSSL_NO_BIO
-void	SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
-BIO *	SSL_get_rbio(const SSL *s);
-BIO *	SSL_get_wbio(const SSL *s);
-#endif
-int	SSL_set_cipher_list(SSL *s, const char *str);
-int	SSL_set_cipher_lists(SSL *s, STACK_OF(SSL_CIPHER) *sk);
-void	SSL_set_read_ahead(SSL *s, int yes);
-int	SSL_get_verify_mode(const SSL *s);
-int	SSL_get_verify_depth(const SSL *s);
-int	(*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
-void	SSL_set_verify(SSL *s, int mode,
-		       int (*callback)(int ok,X509_STORE_CTX *ctx));
-void	SSL_set_verify_depth(SSL *s, int depth);
-#ifndef OPENSSL_NO_RSA
-int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-#endif
-int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
-int	SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
-int	SSL_use_certificate(SSL *ssl, X509 *x);
-int	SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
-int	SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain);
-STACK_OF(X509) * SSL_get_certificate_chain(SSL *ssl, X509 *x);
-
-#ifndef OPENSSL_NO_STDIO
-int	SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-int	SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
-int	SSL_use_certificate_file(SSL *ssl, const char *file, int type);
-int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-					    const char *file);
-#ifndef OPENSSL_SYS_VMS
-#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
-int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-					   const char *dir);
-#endif
-#endif
-
-#endif
-
-void	SSL_load_error_strings(void );
-const char *SSL_state_string(const SSL *s);
-const char *SSL_rstate_string(const SSL *s);
-const char *SSL_state_string_long(const SSL *s);
-const char *SSL_rstate_string_long(const SSL *s);
-long	SSL_SESSION_get_time(const SSL_SESSION *s);
-long	SSL_SESSION_set_time(SSL_SESSION *s, long t);
-long	SSL_SESSION_get_timeout(const SSL_SESSION *s);
-long	SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void	SSL_copy_session_id(SSL *to,const SSL *from);
-X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
-int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
-			       unsigned int sid_ctx_len);
-
-SSL_SESSION *SSL_SESSION_new(void);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
-					unsigned int *len);
-const char *	SSL_SESSION_get_version(const SSL_SESSION *s);
-unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
-#ifndef OPENSSL_NO_FP_API
-int	SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
-#endif
-#ifndef OPENSSL_NO_BIO
-int	SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
-#endif
-void	SSL_SESSION_free(SSL_SESSION *ses);
-int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
-int	SSL_set_session(SSL *to, SSL_SESSION *session);
-void	SSL_set_session_creation_enabled(SSL *, int);
-int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
-int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-int	SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
-int	SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-					unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
-			     long length);
-
-#ifdef HEADER_X509_H
-X509 *	SSL_get_peer_certificate(const SSL *s);
-#endif
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
-			int (*callback)(int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-#endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
-	const unsigned char *d, long len);
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
-
-int SSL_CTX_check_private_key(const SSL_CTX *ctx);
-int SSL_check_private_key(const SSL *ctx);
-
-int	SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
-				       unsigned int sid_ctx_len);
-
-SSL *	SSL_new(SSL_CTX *ctx);
-int	SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
-				   unsigned int sid_ctx_len);
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
-int SSL_set_purpose(SSL *s, int purpose);
-int SSL_CTX_set_trust(SSL_CTX *s, int trust);
-int SSL_set_trust(SSL *s, int trust);
-
-int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
-int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
-
-#ifndef OPENSSL_NO_SRP
-int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
-int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
-int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
-int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
-					char *(*cb)(SSL *,void *));
-int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
-					  int (*cb)(SSL *,void *));
-int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
-				      int (*cb)(SSL *,int *,void *));
-int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
-
-int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
-			     BIGNUM *sa, BIGNUM *v, char *info);
-int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
-				const char *grp);
-
-BIGNUM *SSL_get_srp_g(SSL *s);
-BIGNUM *SSL_get_srp_N(SSL *s);
-
-char *SSL_get_srp_username(SSL *s);
-char *SSL_get_srp_userinfo(SSL *s);
-#endif
-
-void	SSL_free(SSL *ssl);
-int 	SSL_accept(SSL *ssl);
-int 	SSL_connect(SSL *ssl);
-int 	SSL_read(SSL *ssl,void *buf,int num);
-int 	SSL_peek(SSL *ssl,void *buf,int num);
-int 	SSL_write(SSL *ssl,const void *buf,int num);
-long	SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
-long	SSL_callback_ctrl(SSL *, int, void (*)(void));
-long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
-long	SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
-
-int	SSL_get_error(const SSL *s,int ret_code);
-const char *SSL_get_version(const SSL *s);
-
-/* This sets the 'default' SSL version that SSL_new() will create */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
-
-#ifndef OPENSSL_NO_SSL2
-const SSL_METHOD *SSLv2_method(void);		/* SSLv2 */
-const SSL_METHOD *SSLv2_server_method(void);	/* SSLv2 */
-const SSL_METHOD *SSLv2_client_method(void);	/* SSLv2 */
-#endif
-
-#ifndef OPENSSL_NO_SSL3_METHOD
-const SSL_METHOD *SSLv3_method(void);		/* SSLv3 */
-const SSL_METHOD *SSLv3_server_method(void);	/* SSLv3 */
-const SSL_METHOD *SSLv3_client_method(void);	/* SSLv3 */
-#endif
-
-const SSL_METHOD *SSLv23_method(void);	/* Negotiate highest available SSL/TLS version */
-const SSL_METHOD *SSLv23_server_method(void);	/* Negotiate highest available SSL/TLS version */
-const SSL_METHOD *SSLv23_client_method(void);	/* Negotiate highest available SSL/TLS version */
-
-const SSL_METHOD *TLSv1_method(void);		/* TLSv1.0 */
-const SSL_METHOD *TLSv1_server_method(void);	/* TLSv1.0 */
-const SSL_METHOD *TLSv1_client_method(void);	/* TLSv1.0 */
-
-const SSL_METHOD *TLSv1_1_method(void);		/* TLSv1.1 */
-const SSL_METHOD *TLSv1_1_server_method(void);	/* TLSv1.1 */
-const SSL_METHOD *TLSv1_1_client_method(void);	/* TLSv1.1 */
-
-const SSL_METHOD *TLSv1_2_method(void);		/* TLSv1.2 */
-const SSL_METHOD *TLSv1_2_server_method(void);	/* TLSv1.2 */
-const SSL_METHOD *TLSv1_2_client_method(void);	/* TLSv1.2 */
-
-
-const SSL_METHOD *DTLSv1_method(void);		/* DTLSv1.0 */
-const SSL_METHOD *DTLSv1_server_method(void);	/* DTLSv1.0 */
-const SSL_METHOD *DTLSv1_client_method(void);	/* DTLSv1.0 */
-
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
-
-int SSL_do_handshake(SSL *s);
-int SSL_renegotiate(SSL *s);
-int SSL_renegotiate_abbreviated(SSL *s);
-int SSL_renegotiate_pending(SSL *s);
-int SSL_shutdown(SSL *s);
-
-const SSL_METHOD *SSL_get_ssl_method(SSL *s);
-int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
-const char *SSL_alert_type_string_long(int value);
-const char *SSL_alert_type_string(int value);
-const char *SSL_alert_desc_string_long(int value);
-const char *SSL_alert_desc_string(int value);
-
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl,X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
-
-void SSL_set_connect_state(SSL *s);
-void SSL_set_accept_state(SSL *s);
-
-long SSL_get_default_timeout(const SSL *s);
-
-int SSL_library_init(void );
-
-char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
-
-SSL *SSL_dup(SSL *ssl);
-
-X509 *SSL_get_certificate(const SSL *ssl);
-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
-void SSL_set_quiet_shutdown(SSL *ssl,int mode);
-int SSL_get_quiet_shutdown(const SSL *ssl);
-void SSL_set_shutdown(SSL *ssl,int mode);
-int SSL_get_shutdown(const SSL *ssl);
-int SSL_version(const SSL *ssl);
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-	const char *CApath);
-#define SSL_get0_session SSL_get_session /* just peek at pointer */
-SSL_SESSION *SSL_get_session(const SSL *ssl);
-SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
-void SSL_set_info_callback(SSL *ssl,
-			   void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
-int SSL_state(const SSL *ssl);
-void SSL_set_state(SSL *ssl, int state);
-
-void SSL_set_verify_result(SSL *ssl,long v);
-long SSL_get_verify_result(const SSL *ssl);
-
-int SSL_set_ex_data(SSL *ssl,int idx,void *data);
-void *SSL_get_ex_data(const SSL *ssl,int idx);
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void );
-
-#define SSL_CTX_sess_set_cache_size(ctx,t) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
-#define SSL_CTX_sess_get_cache_size(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
-#define SSL_CTX_set_session_cache_mode(ctx,m) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
-#define SSL_CTX_get_session_cache_mode(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
-
-#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
-#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
-#define SSL_CTX_get_read_ahead(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
-#define SSL_CTX_set_read_ahead(ctx,m) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
-#define SSL_CTX_get_max_cert_list(ctx) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-#define SSL_CTX_set_max_cert_list(ctx,m) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-#define SSL_get_max_cert_list(ssl) \
-	SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-#define SSL_set_max_cert_list(ssl,m) \
-	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-
-#define SSL_CTX_set_max_send_fragment(ctx,m) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-#define SSL_set_max_send_fragment(ssl,m) \
-	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-
-     /* NB: the keylength is only applicable when is_export is true */
-#ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
-				  RSA *(*cb)(SSL *ssl,int is_export,
-					     int keylength));
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,
-				  RSA *(*cb)(SSL *ssl,int is_export,
-					     int keylength));
-#endif
-#ifndef OPENSSL_NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-				 DH *(*dh)(SSL *ssl,int is_export,
-					   int keylength));
-void SSL_set_tmp_dh_callback(SSL *ssl,
-				 DH *(*dh)(SSL *ssl,int is_export,
-					   int keylength));
-#endif
-#ifndef OPENSSL_NO_ECDH
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
-				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-					   int keylength));
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
-				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-					   int keylength));
-#endif
-
-#ifndef OPENSSL_NO_COMP
-const COMP_METHOD *SSL_get_current_compression(SSL *s);
-const COMP_METHOD *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const COMP_METHOD *comp);
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
-#else
-const void *SSL_get_current_compression(SSL *s);
-const void *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const void *comp);
-void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,void *cm);
-#endif
-
-/* TLS extensions functions */
-int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
-
-int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
-				  void *arg);
-
-/* Pre-shared secret session resumption functions */
-int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
-
-void SSL_set_debug(SSL *s, int debug);
-int SSL_cache_hit(SSL *s);
-
-#ifndef OPENSSL_NO_UNIT_TEST
-const struct openssl_ssl_test_functions *SSL_test_functions(void);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_SSL_strings(void);
-
-/* Error codes for the SSL functions. */
-
-/* Function codes. */
-#define SSL_F_CLIENT_CERTIFICATE			 100
-#define SSL_F_CLIENT_FINISHED				 167
-#define SSL_F_CLIENT_HELLO				 101
-#define SSL_F_CLIENT_MASTER_KEY				 102
-#define SSL_F_D2I_SSL_SESSION				 103
-#define SSL_F_DO_DTLS1_WRITE				 245
-#define SSL_F_DO_SSL3_WRITE				 104
-#define SSL_F_DTLS1_ACCEPT				 246
-#define SSL_F_DTLS1_ADD_CERT_TO_BUF			 295
-#define SSL_F_DTLS1_BUFFER_RECORD			 247
-#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM			 316
-#define SSL_F_DTLS1_CLIENT_HELLO			 248
-#define SSL_F_DTLS1_CONNECT				 249
-#define SSL_F_DTLS1_ENC					 250
-#define SSL_F_DTLS1_GET_HELLO_VERIFY			 251
-#define SSL_F_DTLS1_GET_MESSAGE				 252
-#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT		 253
-#define SSL_F_DTLS1_GET_RECORD				 254
-#define SSL_F_DTLS1_HANDLE_TIMEOUT			 297
-#define SSL_F_DTLS1_HEARTBEAT				 305
-#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN			 255
-#define SSL_F_DTLS1_PREPROCESS_FRAGMENT			 288
-#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE		 256
-#define SSL_F_DTLS1_PROCESS_RECORD			 257
-#define SSL_F_DTLS1_READ_BYTES				 258
-#define SSL_F_DTLS1_READ_FAILED				 259
-#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST		 260
-#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE		 261
-#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE		 262
-#define SSL_F_DTLS1_SEND_CLIENT_VERIFY			 263
-#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST		 264
-#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE		 265
-#define SSL_F_DTLS1_SEND_SERVER_HELLO			 266
-#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE		 267
-#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES		 268
-#define SSL_F_GET_CLIENT_FINISHED			 105
-#define SSL_F_GET_CLIENT_HELLO				 106
-#define SSL_F_GET_CLIENT_MASTER_KEY			 107
-#define SSL_F_GET_SERVER_FINISHED			 108
-#define SSL_F_GET_SERVER_HELLO				 109
-#define SSL_F_GET_SERVER_VERIFY				 110
-#define SSL_F_I2D_SSL_SESSION				 111
-#define SSL_F_READ_N					 112
-#define SSL_F_REQUEST_CERTIFICATE			 113
-#define SSL_F_SERVER_FINISH				 239
-#define SSL_F_SERVER_HELLO				 114
-#define SSL_F_SERVER_VERIFY				 240
-#define SSL_F_SSL23_ACCEPT				 115
-#define SSL_F_SSL23_CLIENT_HELLO			 116
-#define SSL_F_SSL23_CONNECT				 117
-#define SSL_F_SSL23_GET_CLIENT_HELLO			 118
-#define SSL_F_SSL23_GET_SERVER_HELLO			 119
-#define SSL_F_SSL23_PEEK				 237
-#define SSL_F_SSL23_READ				 120
-#define SSL_F_SSL23_WRITE				 121
-#define SSL_F_SSL2_ACCEPT				 122
-#define SSL_F_SSL2_CONNECT				 123
-#define SSL_F_SSL2_ENC_INIT				 124
-#define SSL_F_SSL2_GENERATE_KEY_MATERIAL		 241
-#define SSL_F_SSL2_PEEK					 234
-#define SSL_F_SSL2_READ					 125
-#define SSL_F_SSL2_READ_INTERNAL			 236
-#define SSL_F_SSL2_SET_CERTIFICATE			 126
-#define SSL_F_SSL2_WRITE				 127
-#define SSL_F_SSL3_ACCEPT				 128
-#define SSL_F_SSL3_ADD_CERT_TO_BUF			 296
-#define SSL_F_SSL3_CALLBACK_CTRL			 233
-#define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129
-#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130
-#define SSL_F_SSL3_CHECK_CLIENT_HELLO			 304
-#define SSL_F_SSL3_CLIENT_HELLO				 131
-#define SSL_F_SSL3_CONNECT				 132
-#define SSL_F_SSL3_CTRL					 213
-#define SSL_F_SSL3_CTX_CTRL				 133
-#define SSL_F_SSL3_DIGEST_CACHED_RECORDS		 293
-#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC		 292
-#define SSL_F_SSL3_ENC					 134
-#define SSL_F_SSL3_GENERATE_KEY_BLOCK			 238
-#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135
-#define SSL_F_SSL3_GET_CERT_STATUS			 289
-#define SSL_F_SSL3_GET_CERT_VERIFY			 136
-#define SSL_F_SSL3_GET_CHANNEL_ID			 317
-#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE		 137
-#define SSL_F_SSL3_GET_CLIENT_HELLO			 138
-#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE		 139
-#define SSL_F_SSL3_GET_FINISHED				 140
-#define SSL_F_SSL3_GET_KEY_EXCHANGE			 141
-#define SSL_F_SSL3_GET_MESSAGE				 142
-#define SSL_F_SSL3_GET_NEW_SESSION_TICKET		 283
-#define SSL_F_SSL3_GET_NEXT_PROTO			 306
-#define SSL_F_SSL3_GET_RECORD				 143
-#define SSL_F_SSL3_GET_SERVER_CERTIFICATE		 144
-#define SSL_F_SSL3_GET_SERVER_DONE			 145
-#define SSL_F_SSL3_GET_SERVER_HELLO			 146
-#define SSL_F_SSL3_HANDSHAKE_MAC			 285
-#define SSL_F_SSL3_NEW_SESSION_TICKET			 287
-#define SSL_F_SSL3_OUTPUT_CERT_CHAIN			 147
-#define SSL_F_SSL3_PEEK					 235
-#define SSL_F_SSL3_READ_BYTES				 148
-#define SSL_F_SSL3_READ_N				 149
-#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150
-#define SSL_F_SSL3_SEND_CHANNEL_ID			 318
-#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE		 151
-#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152
-#define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153
-#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE		 154
-#define SSL_F_SSL3_SEND_SERVER_HELLO			 242
-#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE		 155
-#define SSL_F_SSL3_SETUP_KEY_BLOCK			 157
-#define SSL_F_SSL3_SETUP_READ_BUFFER			 156
-#define SSL_F_SSL3_SETUP_WRITE_BUFFER			 291
-#define SSL_F_SSL3_WRITE_BYTES				 158
-#define SSL_F_SSL3_WRITE_PENDING			 159
-#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT	 298
-#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT		 277
-#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT		 307
-#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK	 215
-#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK	 216
-#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT	 299
-#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT		 278
-#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT		 308
-#define SSL_F_SSL_BAD_METHOD				 160
-#define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161
-#define SSL_F_SSL_CERT_DUP				 221
-#define SSL_F_SSL_CERT_INST				 222
-#define SSL_F_SSL_CERT_INSTANTIATE			 214
-#define SSL_F_SSL_CERT_NEW				 162
-#define SSL_F_SSL_CHECK_PRIVATE_KEY			 163
-#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT		 280
-#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG		 279
-#define SSL_F_SSL_CIPHER_PROCESS_RULESTR		 230
-#define SSL_F_SSL_CIPHER_STRENGTH_SORT			 231
-#define SSL_F_SSL_CLEAR					 164
-#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD		 165
-#define SSL_F_SSL_CREATE_CIPHER_LIST			 166
-#define SSL_F_SSL_CTRL					 232
-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 168
-#define SSL_F_SSL_CTX_MAKE_PROFILES			 309
-#define SSL_F_SSL_CTX_NEW				 169
-#define SSL_F_SSL_CTX_SET_CIPHER_LIST			 269
-#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE		 290
-#define SSL_F_SSL_CTX_SET_PURPOSE			 226
-#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT		 219
-#define SSL_F_SSL_CTX_SET_SSL_VERSION			 170
-#define SSL_F_SSL_CTX_SET_TRUST				 229
-#define SSL_F_SSL_CTX_USE_CERTIFICATE			 171
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 172
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE	 220
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 173
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 174
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 175
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 176
-#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT		 272
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 177
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 178
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 179
-#define SSL_F_SSL_DO_HANDSHAKE				 180
-#define SSL_F_SSL_GET_NEW_SESSION			 181
-#define SSL_F_SSL_GET_PREV_SESSION			 217
-#define SSL_F_SSL_GET_SERVER_SEND_CERT			 182
-#define SSL_F_SSL_GET_SERVER_SEND_PKEY			 317
-#define SSL_F_SSL_GET_SIGN_PKEY				 183
-#define SSL_F_SSL_INIT_WBIO_BUFFER			 184
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185
-#define SSL_F_SSL_NEW					 186
-#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT	 300
-#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT		 302
-#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT	 310
-#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT	 301
-#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT		 303
-#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT	 311
-#define SSL_F_SSL_PEEK					 270
-#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT		 281
-#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT		 282
-#define SSL_F_SSL_READ					 223
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188
-#define SSL_F_SSL_SESSION_NEW				 189
-#define SSL_F_SSL_SESSION_PRINT_FP			 190
-#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT		 312
-#define SSL_F_SSL_SESS_CERT_NEW				 225
-#define SSL_F_SSL_SET_CERT				 191
-#define SSL_F_SSL_SET_CIPHER_LIST			 271
-#define SSL_F_SSL_SET_FD				 192
-#define SSL_F_SSL_SET_PKEY				 193
-#define SSL_F_SSL_SET_PURPOSE				 227
-#define SSL_F_SSL_SET_RFD				 194
-#define SSL_F_SSL_SET_SESSION				 195
-#define SSL_F_SSL_SET_SESSION_ID_CONTEXT		 218
-#define SSL_F_SSL_SET_SESSION_TICKET_EXT		 294
-#define SSL_F_SSL_SET_TRUST				 228
-#define SSL_F_SSL_SET_WFD				 196
-#define SSL_F_SSL_SHUTDOWN				 224
-#define SSL_F_SSL_SRP_CTX_INIT				 313
-#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION		 243
-#define SSL_F_SSL_UNDEFINED_FUNCTION			 197
-#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION		 244
-#define SSL_F_SSL_USE_CERTIFICATE			 198
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 199
-#define SSL_F_SSL_USE_CERTIFICATE_CHAIN			 2000
-#define SSL_F_SSL_USE_CERTIFICATE_FILE			 200
-#define SSL_F_SSL_USE_PRIVATEKEY			 201
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 202
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 203
-#define SSL_F_SSL_USE_PSK_IDENTITY_HINT			 273
-#define SSL_F_SSL_USE_RSAPRIVATEKEY			 204
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 205
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 206
-#define SSL_F_SSL_VERIFY_CERT_CHAIN			 207
-#define SSL_F_SSL_WRITE					 208
-#define SSL_F_TLS1_CERT_VERIFY_MAC			 286
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 209
-#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT		 274
-#define SSL_F_TLS1_ENC					 210
-#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL		 314
-#define SSL_F_TLS1_HEARTBEAT				 315
-#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT		 275
-#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT		 276
-#define SSL_F_TLS1_PRF					 284
-#define SSL_F_TLS1_SETUP_KEY_BLOCK			 211
-#define SSL_F_WRITE_PENDING				 212
-
-/* Reason codes. */
-#define SSL_R_APP_DATA_IN_HANDSHAKE			 100
-#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
-#define SSL_R_BAD_ALERT_RECORD				 101
-#define SSL_R_BAD_AUTHENTICATION_TYPE			 102
-#define SSL_R_BAD_CHANGE_CIPHER_SPEC			 103
-#define SSL_R_BAD_CHECKSUM				 104
-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK		 106
-#define SSL_R_BAD_DECOMPRESSION				 107
-#define SSL_R_BAD_DH_G_LENGTH				 108
-#define SSL_R_BAD_DH_PUB_KEY_LENGTH			 109
-#define SSL_R_BAD_DH_P_LENGTH				 110
-#define SSL_R_BAD_DIGEST_LENGTH				 111
-#define SSL_R_BAD_DSA_SIGNATURE				 112
-#define SSL_R_BAD_ECC_CERT				 304
-#define SSL_R_BAD_ECDSA_SIGNATURE			 305
-#define SSL_R_BAD_ECPOINT				 306
-#define SSL_R_BAD_HANDSHAKE_LENGTH			 332
-#define SSL_R_BAD_HELLO_REQUEST				 105
-#define SSL_R_BAD_LENGTH				 271
-#define SSL_R_BAD_MAC_DECODE				 113
-#define SSL_R_BAD_MAC_LENGTH				 333
-#define SSL_R_BAD_MESSAGE_TYPE				 114
-#define SSL_R_BAD_PACKET_LENGTH				 115
-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116
-#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH		 316
-#define SSL_R_BAD_RESPONSE_ARGUMENT			 117
-#define SSL_R_BAD_RSA_DECRYPT				 118
-#define SSL_R_BAD_RSA_ENCRYPT				 119
-#define SSL_R_BAD_RSA_E_LENGTH				 120
-#define SSL_R_BAD_RSA_MODULUS_LENGTH			 121
-#define SSL_R_BAD_RSA_SIGNATURE				 122
-#define SSL_R_BAD_SIGNATURE				 123
-#define SSL_R_BAD_SRP_A_LENGTH				 347
-#define SSL_R_BAD_SRP_B_LENGTH				 348
-#define SSL_R_BAD_SRP_G_LENGTH				 349
-#define SSL_R_BAD_SRP_N_LENGTH				 350
-#define SSL_R_BAD_SRP_PARAMETERS			 371
-#define SSL_R_BAD_SRP_S_LENGTH				 351
-#define SSL_R_BAD_SRTP_MKI_VALUE			 352
-#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST		 353
-#define SSL_R_BAD_SSL_FILETYPE				 124
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 125
-#define SSL_R_BAD_STATE					 126
-#define SSL_R_BAD_WRITE_RETRY				 127
-#define SSL_R_BIO_NOT_SET				 128
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 129
-#define SSL_R_BN_LIB					 130
-#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY		 376
-#define SSL_R_CA_DN_LENGTH_MISMATCH			 131
-#define SSL_R_CA_DN_TOO_LONG				 132
-#define SSL_R_CCS_RECEIVED_EARLY			 133
-#define SSL_R_CERTIFICATE_VERIFY_FAILED			 134
-#define SSL_R_CERT_LENGTH_MISMATCH			 135
-#define SSL_R_CHALLENGE_IS_DIFFERENT			 136
-#define SSL_R_CHANNEL_ID_NOT_P256			 375
-#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID		 371
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 137
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 138
-#define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
-#define SSL_R_CLIENTHELLO_TLSEXT			 226
-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140
-#define SSL_R_COMPRESSION_DISABLED			 343
-#define SSL_R_COMPRESSION_FAILURE			 141
-#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE	 307
-#define SSL_R_COMPRESSION_LIBRARY_ERROR			 142
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 143
-#define SSL_R_CONNECTION_TYPE_NOT_SET			 144
-#define SSL_R_COOKIE_MISMATCH				 308
-#define SSL_R_D2I_ECDSA_SIG				 379
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145
-#define SSL_R_DATA_LENGTH_TOO_LONG			 146
-#define SSL_R_DECRYPTION_FAILED				 147
-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 281
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
-#define SSL_R_DIGEST_CHECK_FAILED			 149
-#define SSL_R_DTLS_MESSAGE_TOO_BIG			 334
-#define SSL_R_DUPLICATE_COMPRESSION_ID			 309
-#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT		 317
-#define SSL_R_ECC_CERT_NOT_FOR_SIGNING			 318
-#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE	 322
-#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE	 323
-#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 310
-#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST	 354
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 282
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151
-#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED		 377
-#define SSL_R_EVP_DIGESTSIGNINIT_FAILED			 378
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152
-#define SSL_R_EXTRA_DATA_IN_MESSAGE			 153
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154
-#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS		 372
-#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS		 355
-#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION		 356
-#define SSL_R_HTTPS_PROXY_REQUEST			 155
-#define SSL_R_HTTP_REQUEST				 156
-#define SSL_R_ILLEGAL_PADDING				 283
-#define SSL_R_INAPPROPRIATE_FALLBACK			 373
-#define SSL_R_INCONSISTENT_COMPRESSION			 340
-#define SSL_R_INVALID_CHALLENGE_LENGTH			 158
-#define SSL_R_INVALID_COMMAND				 280
-#define SSL_R_INVALID_COMPRESSION_ALGORITHM		 341
-#define SSL_R_INVALID_MESSAGE				 374
-#define SSL_R_INVALID_PURPOSE				 278
-#define SSL_R_INVALID_SRP_USERNAME			 357
-#define SSL_R_INVALID_STATUS_RESPONSE			 328
-#define SSL_R_INVALID_TICKET_KEYS_LENGTH		 325
-#define SSL_R_INVALID_TRUST				 279
-#define SSL_R_KEY_ARG_TOO_LONG				 284
-#define SSL_R_KRB5					 285
-#define SSL_R_KRB5_C_CC_PRINC				 286
-#define SSL_R_KRB5_C_GET_CRED				 287
-#define SSL_R_KRB5_C_INIT				 288
-#define SSL_R_KRB5_C_MK_REQ				 289
-#define SSL_R_KRB5_S_BAD_TICKET				 290
-#define SSL_R_KRB5_S_INIT				 291
-#define SSL_R_KRB5_S_RD_REQ				 292
-#define SSL_R_KRB5_S_TKT_EXPIRED			 293
-#define SSL_R_KRB5_S_TKT_NYV				 294
-#define SSL_R_KRB5_S_TKT_SKEW				 295
-#define SSL_R_LENGTH_MISMATCH				 159
-#define SSL_R_LENGTH_TOO_SHORT				 160
-#define SSL_R_LIBRARY_BUG				 274
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161
-#define SSL_R_MESSAGE_TOO_LONG				 296
-#define SSL_R_MISSING_DH_DSA_CERT			 162
-#define SSL_R_MISSING_DH_KEY				 163
-#define SSL_R_MISSING_DH_RSA_CERT			 164
-#define SSL_R_MISSING_DSA_SIGNING_CERT			 165
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 166
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 167
-#define SSL_R_MISSING_RSA_CERTIFICATE			 168
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 169
-#define SSL_R_MISSING_RSA_SIGNING_CERT			 170
-#define SSL_R_MISSING_SRP_PARAM				 358
-#define SSL_R_MISSING_TMP_DH_KEY			 171
-#define SSL_R_MISSING_TMP_ECDH_KEY			 311
-#define SSL_R_MISSING_TMP_RSA_KEY			 172
-#define SSL_R_MISSING_TMP_RSA_PKEY			 173
-#define SSL_R_MISSING_VERIFY_MESSAGE			 174
-#define SSL_R_MULTIPLE_SGC_RESTARTS			 346
-#define SSL_R_NON_SSLV2_INITIAL_PACKET			 175
-#define SSL_R_NO_CERTIFICATES_RETURNED			 176
-#define SSL_R_NO_CERTIFICATE_ASSIGNED			 177
-#define SSL_R_NO_CERTIFICATE_RETURNED			 178
-#define SSL_R_NO_CERTIFICATE_SET			 179
-#define SSL_R_NO_CERTIFICATE_SPECIFIED			 180
-#define SSL_R_NO_CIPHERS_AVAILABLE			 181
-#define SSL_R_NO_CIPHERS_PASSED				 182
-#define SSL_R_NO_CIPHERS_SPECIFIED			 183
-#define SSL_R_NO_CIPHER_LIST				 184
-#define SSL_R_NO_CIPHER_MATCH				 185
-#define SSL_R_NO_CLIENT_CERT_METHOD			 331
-#define SSL_R_NO_CLIENT_CERT_RECEIVED			 186
-#define SSL_R_NO_COMPRESSION_SPECIFIED			 187
-#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER		 330
-#define SSL_R_NO_METHOD_SPECIFIED			 188
-#define SSL_R_NO_P256_SUPPORT				 380
-#define SSL_R_NO_PRIVATEKEY				 189
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190
-#define SSL_R_NO_PROTOCOLS_AVAILABLE			 191
-#define SSL_R_NO_PUBLICKEY				 192
-#define SSL_R_NO_RENEGOTIATION				 339
-#define SSL_R_NO_REQUIRED_DIGEST			 324
-#define SSL_R_NO_SHARED_CIPHER				 193
-#define SSL_R_NO_SRTP_PROFILES				 359
-#define SSL_R_NO_VERIFY_CALLBACK			 194
-#define SSL_R_NULL_SSL_CTX				 195
-#define SSL_R_NULL_SSL_METHOD_PASSED			 196
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197
-#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
-#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE		 297
-#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG			 327
-#define SSL_R_PACKET_LENGTH_TOO_LONG			 198
-#define SSL_R_PARSE_TLSEXT				 227
-#define SSL_R_PATH_TOO_LONG				 270
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 199
-#define SSL_R_PEER_ERROR				 200
-#define SSL_R_PEER_ERROR_CERTIFICATE			 201
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 202
-#define SSL_R_PEER_ERROR_NO_CIPHER			 203
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 204
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 205
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 206
-#define SSL_R_PROTOCOL_IS_SHUTDOWN			 207
-#define SSL_R_PSK_IDENTITY_NOT_FOUND			 223
-#define SSL_R_PSK_NO_CLIENT_CB				 224
-#define SSL_R_PSK_NO_SERVER_CB				 225
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 208
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 209
-#define SSL_R_PUBLIC_KEY_NOT_RSA			 210
-#define SSL_R_READ_BIO_NOT_SET				 211
-#define SSL_R_READ_TIMEOUT_EXPIRED			 312
-#define SSL_R_READ_WRONG_PACKET_TYPE			 212
-#define SSL_R_RECORD_LENGTH_MISMATCH			 213
-#define SSL_R_RECORD_TOO_LARGE				 214
-#define SSL_R_RECORD_TOO_SMALL				 298
-#define SSL_R_RENEGOTIATE_EXT_TOO_LONG			 335
-#define SSL_R_RENEGOTIATION_ENCODING_ERR		 336
-#define SSL_R_RENEGOTIATION_MISMATCH			 337
-#define SSL_R_REQUIRED_CIPHER_MISSING			 215
-#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING	 342
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 218
-#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING		 345
-#define SSL_R_SERVERHELLO_TLSEXT			 275
-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277
-#define SSL_R_SESSION_MAY_NOT_BE_CREATED		 2000
-#define SSL_R_SHORT_READ				 219
-#define SSL_R_SIGNATURE_ALGORITHMS_ERROR		 360
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
-#define SSL_R_SRP_A_CALC				 361
-#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES		 362
-#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG	 363
-#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE		 364
-#define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
-#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG		 299
-#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT		 321
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME		 319
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE		 320
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 300
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		 1044
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		 1046
-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE		 1030
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 228
-#define SSL_R_SSL_HANDSHAKE_FAILURE			 229
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 230
-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED		 301
-#define SSL_R_SSL_SESSION_ID_CONFLICT			 302
-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG		 273
-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH		 303
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 231
-#define SSL_R_TLSV1_ALERT_ACCESS_DENIED			 1049
-#define SSL_R_TLSV1_ALERT_DECODE_ERROR			 1050
-#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021
-#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051
-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		 1060
-#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK	 1086
-#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071
-#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080
-#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100
-#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		 1070
-#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		 1022
-#define SSL_R_TLSV1_ALERT_UNKNOWN_CA			 1048
-#define SSL_R_TLSV1_ALERT_USER_CANCELLED		 1090
-#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE		 1114
-#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE	 1113
-#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE		 1111
-#define SSL_R_TLSV1_UNRECOGNIZED_NAME			 1112
-#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION		 1110
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 232
-#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT		 365
-#define SSL_R_TLS_HEARTBEAT_PENDING			 366
-#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL		 367
-#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST		 157
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 234
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 235
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 236
-#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS		 313
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 237
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 238
-#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS		 314
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 239
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 240
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 241
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 242
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 243
-#define SSL_R_UNEXPECTED_MESSAGE			 244
-#define SSL_R_UNEXPECTED_RECORD				 245
-#define SSL_R_UNINITIALIZED				 276
-#define SSL_R_UNKNOWN_ALERT_TYPE			 246
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 247
-#define SSL_R_UNKNOWN_CIPHER_RETURNED			 248
-#define SSL_R_UNKNOWN_CIPHER_TYPE			 249
-#define SSL_R_UNKNOWN_DIGEST				 368
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 250
-#define SSL_R_UNKNOWN_PKEY_TYPE				 251
-#define SSL_R_UNKNOWN_PROTOCOL				 252
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 253
-#define SSL_R_UNKNOWN_SSL_VERSION			 254
-#define SSL_R_UNKNOWN_STATE				 255
-#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED	 338
-#define SSL_R_UNSUPPORTED_CIPHER			 256
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 257
-#define SSL_R_UNSUPPORTED_DIGEST_TYPE			 326
-#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE		 315
-#define SSL_R_UNSUPPORTED_PROTOCOL			 258
-#define SSL_R_UNSUPPORTED_SSL_VERSION			 259
-#define SSL_R_UNSUPPORTED_STATUS_TYPE			 329
-#define SSL_R_USE_SRTP_NOT_NEGOTIATED			 369
-#define SSL_R_WRITE_BIO_NOT_SET				 260
-#define SSL_R_WRONG_CIPHER_RETURNED			 261
-#define SSL_R_WRONG_MESSAGE_TYPE			 262
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 263
-#define SSL_R_WRONG_SIGNATURE_LENGTH			 264
-#define SSL_R_WRONG_SIGNATURE_SIZE			 265
-#define SSL_R_WRONG_SIGNATURE_TYPE			 370
-#define SSL_R_WRONG_SSL_VERSION				 266
-#define SSL_R_WRONG_VERSION_NUMBER			 267
-#define SSL_R_X509_LIB					 268
-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 269
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/ssl/ssl2.h b/ssl/ssl2.h
deleted file mode 100644
index eb25dcb0bf..0000000000
--- a/ssl/ssl2.h
+++ /dev/null
@@ -1,272 +0,0 @@
-/* ssl/ssl2.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL2_H 
-#define HEADER_SSL2_H 
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Protocol Version Codes */
-#define SSL2_VERSION		0x0002
-#define SSL2_VERSION_MAJOR	0x00
-#define SSL2_VERSION_MINOR	0x02
-/* #define SSL2_CLIENT_VERSION	0x0002 */
-/* #define SSL2_SERVER_VERSION	0x0002 */
-
-/* Protocol Message Codes */
-#define SSL2_MT_ERROR			0
-#define SSL2_MT_CLIENT_HELLO		1
-#define SSL2_MT_CLIENT_MASTER_KEY	2
-#define SSL2_MT_CLIENT_FINISHED		3
-#define SSL2_MT_SERVER_HELLO		4
-#define SSL2_MT_SERVER_VERIFY		5
-#define SSL2_MT_SERVER_FINISHED		6
-#define SSL2_MT_REQUEST_CERTIFICATE	7
-#define SSL2_MT_CLIENT_CERTIFICATE	8
-
-/* Error Message Codes */
-#define SSL2_PE_UNDEFINED_ERROR		0x0000
-#define SSL2_PE_NO_CIPHER		0x0001
-#define SSL2_PE_NO_CERTIFICATE		0x0002
-#define SSL2_PE_BAD_CERTIFICATE		0x0004
-#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
-
-/* Cipher Kind Values */
-#define SSL2_CK_NULL_WITH_MD5			0x02000000 /* v3 */
-#define SSL2_CK_RC4_128_WITH_MD5		0x02010080
-#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5	0x02020080
-#define SSL2_CK_RC2_128_CBC_WITH_MD5		0x02030080
-#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x02040080
-#define SSL2_CK_IDEA_128_CBC_WITH_MD5		0x02050080
-#define SSL2_CK_DES_64_CBC_WITH_MD5		0x02060040
-#define SSL2_CK_DES_64_CBC_WITH_SHA		0x02060140 /* v3 */
-#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5	0x020700c0
-#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA	0x020701c0 /* v3 */
-#define SSL2_CK_RC4_64_WITH_MD5			0x02080080 /* MS hack */
- 
-#define SSL2_CK_DES_64_CFB64_WITH_MD5_1		0x02ff0800 /* SSLeay */
-#define SSL2_CK_NULL				0x02ff0810 /* SSLeay */
-
-#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1	"DES-CFB-M1"
-#define SSL2_TXT_NULL_WITH_MD5			"NULL-MD5"
-#define SSL2_TXT_RC4_128_WITH_MD5		"RC4-MD5"
-#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5	"EXP-RC4-MD5"
-#define SSL2_TXT_RC2_128_CBC_WITH_MD5		"RC2-CBC-MD5"
-#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5	"EXP-RC2-CBC-MD5"
-#define SSL2_TXT_IDEA_128_CBC_WITH_MD5		"IDEA-CBC-MD5"
-#define SSL2_TXT_DES_64_CBC_WITH_MD5		"DES-CBC-MD5"
-#define SSL2_TXT_DES_64_CBC_WITH_SHA		"DES-CBC-SHA"
-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5	"DES-CBC3-MD5"
-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	"DES-CBC3-SHA"
-#define SSL2_TXT_RC4_64_WITH_MD5		"RC4-64-MD5"
-
-#define SSL2_TXT_NULL				"NULL"
-
-/* Flags for the SSL_CIPHER.algorithm2 field */
-#define SSL2_CF_5_BYTE_ENC			0x01
-#define SSL2_CF_8_BYTE_ENC			0x02
-
-/* Certificate Type Codes */
-#define SSL2_CT_X509_CERTIFICATE		0x01
-
-/* Authentication Type Code */
-#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION		0x01
-
-#define SSL2_MAX_SSL_SESSION_ID_LENGTH		32
-
-/* Upper/Lower Bounds */
-#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS	256
-#ifdef OPENSSL_SYS_MPE
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	29998u
-#else
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	32767u  /* 2^15-1 */
-#endif
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /* 2^14-1 */
-
-#define SSL2_CHALLENGE_LENGTH	16
-/*#define SSL2_CHALLENGE_LENGTH	32 */
-#define SSL2_MIN_CHALLENGE_LENGTH	16
-#define SSL2_MAX_CHALLENGE_LENGTH	32
-#define SSL2_CONNECTION_ID_LENGTH	16
-#define SSL2_MAX_CONNECTION_ID_LENGTH	16
-#define SSL2_SSL_SESSION_ID_LENGTH	16
-#define SSL2_MAX_CERT_CHALLENGE_LENGTH	32
-#define SSL2_MIN_CERT_CHALLENGE_LENGTH	16
-#define SSL2_MAX_KEY_MATERIAL_LENGTH	24
-
-#ifndef HEADER_SSL_LOCL_H
-#define  CERT		char
-#endif
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl2_state_st
-	{
-	int three_byte_header;
-	int clear_text;		/* clear text */
-	int escape;		/* not used in SSLv2 */
-	int ssl2_rollback;	/* used if SSLv23 rolled back to SSLv2 */
-
-	/* non-blocking io info, used to make sure the same
-	 * args were passwd */
-	unsigned int wnum;	/* number of bytes sent so far */
-	int wpend_tot;
-	const unsigned char *wpend_buf;
-
-	int wpend_off;	/* offset to data to write */
-	int wpend_len; 	/* number of bytes passwd to write */
-	int wpend_ret; 	/* number of bytes to return to caller */
-
-	/* buffer raw data */
-	int rbuf_left;
-	int rbuf_offs;
-	unsigned char *rbuf;
-	unsigned char *wbuf;
-
-	unsigned char *write_ptr;/* used to point to the start due to
-				  * 2/3 byte header. */
-
-	unsigned int padding;
-	unsigned int rlength; /* passed to ssl2_enc */
-	int ract_data_length; /* Set when things are encrypted. */
-	unsigned int wlength; /* passed to ssl2_enc */
-	int wact_data_length; /* Set when things are decrypted. */
-	unsigned char *ract_data;
-	unsigned char *wact_data;
-	unsigned char *mac_data;
-
-	unsigned char *read_key;
-	unsigned char *write_key;
-
-		/* Stuff specifically to do with this SSL session */
-	unsigned int challenge_length;
-	unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
-	unsigned int conn_id_length;
-	unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
-	unsigned int key_material_length;
-	unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
-
-	unsigned long read_sequence;
-	unsigned long write_sequence;
-
-	struct	{
-		unsigned int conn_id_length;
-		unsigned int cert_type;	
-		unsigned int cert_length;
-		unsigned int csl; 
-		unsigned int clear;
-		unsigned int enc; 
-		unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
-		unsigned int cipher_spec_length;
-		unsigned int session_id_length;
-		unsigned int clen;
-		unsigned int rlen;
-		} tmp;
-	} SSL2_STATE;
-
-#endif
-
-/* SSLv2 */
-/* client */
-#define SSL2_ST_SEND_CLIENT_HELLO_A		(0x10|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_HELLO_B		(0x11|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_HELLO_A		(0x20|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_HELLO_B		(0x21|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A	(0x30|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B	(0x31|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_FINISHED_A		(0x40|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_FINISHED_B		(0x41|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A	(0x50|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B	(0x51|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C	(0x52|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D	(0x53|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_VERIFY_A		(0x60|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_VERIFY_B		(0x61|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_FINISHED_A		(0x70|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_FINISHED_B		(0x71|SSL_ST_CONNECT)
-#define SSL2_ST_CLIENT_START_ENCRYPTION		(0x80|SSL_ST_CONNECT)
-#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE	(0x90|SSL_ST_CONNECT)
-/* server */
-#define SSL2_ST_GET_CLIENT_HELLO_A		(0x10|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_HELLO_B		(0x11|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_HELLO_C		(0x12|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_HELLO_A		(0x20|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_HELLO_B		(0x21|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_MASTER_KEY_A		(0x30|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_MASTER_KEY_B		(0x31|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_A		(0x40|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_B		(0x41|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_C		(0x42|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_FINISHED_A		(0x50|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_FINISHED_B		(0x51|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_FINISHED_A		(0x60|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_FINISHED_B		(0x61|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A	(0x70|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B	(0x71|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C	(0x72|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D	(0x73|SSL_ST_ACCEPT)
-#define SSL2_ST_SERVER_START_ENCRYPTION		(0x80|SSL_ST_ACCEPT)
-#define SSL2_ST_X509_GET_SERVER_CERTIFICATE	(0x90|SSL_ST_ACCEPT)
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/ssl/ssl23.h b/ssl/ssl23.h
deleted file mode 100644
index d3228983c7..0000000000
--- a/ssl/ssl23.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/* ssl/ssl23.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL23_H 
-#define HEADER_SSL23_H 
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/*client */
-/* write to server */
-#define SSL23_ST_CW_CLNT_HELLO_A	(0x210|SSL_ST_CONNECT)
-#define SSL23_ST_CW_CLNT_HELLO_B	(0x211|SSL_ST_CONNECT)
-/* read from server */
-#define SSL23_ST_CR_SRVR_HELLO_A	(0x220|SSL_ST_CONNECT)
-#define SSL23_ST_CR_SRVR_HELLO_B	(0x221|SSL_ST_CONNECT)
-
-/* server */
-/* read from client */
-#define SSL23_ST_SR_CLNT_HELLO_A	(0x210|SSL_ST_ACCEPT)
-#define SSL23_ST_SR_CLNT_HELLO_B	(0x211|SSL_ST_ACCEPT)
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
deleted file mode 100644
index 6dc0817920..0000000000
--- a/ssl/ssl3.h
+++ /dev/null
@@ -1,748 +0,0 @@
-/* ssl/ssl3.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_SSL3_H 
-#define HEADER_SSL3_H 
-
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* Signalling cipher suite value from RFC 5746
- * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */
-#define SSL3_CK_SCSV				0x030000FF
-
-/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
- * (TLS_FALLBACK_SCSV) */
-#define SSL3_CK_FALLBACK_SCSV			0x03005600
-
-#define SSL3_CK_RSA_NULL_MD5			0x03000001
-#define SSL3_CK_RSA_NULL_SHA			0x03000002
-#define SSL3_CK_RSA_RC4_40_MD5 			0x03000003
-#define SSL3_CK_RSA_RC4_128_MD5			0x03000004
-#define SSL3_CK_RSA_RC4_128_SHA			0x03000005
-#define SSL3_CK_RSA_RC2_40_MD5			0x03000006
-#define SSL3_CK_RSA_IDEA_128_SHA		0x03000007
-#define SSL3_CK_RSA_DES_40_CBC_SHA		0x03000008
-#define SSL3_CK_RSA_DES_64_CBC_SHA		0x03000009
-#define SSL3_CK_RSA_DES_192_CBC3_SHA		0x0300000A
-
-#define SSL3_CK_DH_DSS_DES_40_CBC_SHA		0x0300000B
-#define SSL3_CK_DH_DSS_DES_64_CBC_SHA		0x0300000C
-#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 	0x0300000D
-#define SSL3_CK_DH_RSA_DES_40_CBC_SHA		0x0300000E
-#define SSL3_CK_DH_RSA_DES_64_CBC_SHA		0x0300000F
-#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 	0x03000010
-
-#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA		0x03000011
-#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA		0x03000012
-#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA	0x03000013
-#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA		0x03000014
-#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA		0x03000015
-#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA	0x03000016
-
-#define SSL3_CK_ADH_RC4_40_MD5			0x03000017
-#define SSL3_CK_ADH_RC4_128_MD5			0x03000018
-#define SSL3_CK_ADH_DES_40_CBC_SHA		0x03000019
-#define SSL3_CK_ADH_DES_64_CBC_SHA		0x0300001A
-#define SSL3_CK_ADH_DES_192_CBC_SHA		0x0300001B
-
-#if 0
-	#define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C
-	#define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D
-	#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
-		 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
-		 of the ietf-tls list */
-	#define SSL3_CK_FZA_DMS_RC4_SHA			0x0300001E
-	#endif
-#endif
-
-/*    VRS Additional Kerberos5 entries
- */
-#define SSL3_CK_KRB5_DES_64_CBC_SHA		0x0300001E
-#define SSL3_CK_KRB5_DES_192_CBC3_SHA		0x0300001F
-#define SSL3_CK_KRB5_RC4_128_SHA		0x03000020
-#define SSL3_CK_KRB5_IDEA_128_CBC_SHA	       	0x03000021
-#define SSL3_CK_KRB5_DES_64_CBC_MD5       	0x03000022
-#define SSL3_CK_KRB5_DES_192_CBC3_MD5       	0x03000023
-#define SSL3_CK_KRB5_RC4_128_MD5	       	0x03000024
-#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 		0x03000025
-
-#define SSL3_CK_KRB5_DES_40_CBC_SHA 		0x03000026
-#define SSL3_CK_KRB5_RC2_40_CBC_SHA 		0x03000027
-#define SSL3_CK_KRB5_RC4_40_SHA	 		0x03000028
-#define SSL3_CK_KRB5_DES_40_CBC_MD5 		0x03000029
-#define SSL3_CK_KRB5_RC2_40_CBC_MD5 		0x0300002A
-#define SSL3_CK_KRB5_RC4_40_MD5	 		0x0300002B
-
-#define SSL3_TXT_RSA_NULL_MD5			"NULL-MD5"
-#define SSL3_TXT_RSA_NULL_SHA			"NULL-SHA"
-#define SSL3_TXT_RSA_RC4_40_MD5 		"EXP-RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_MD5		"RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_SHA		"RC4-SHA"
-#define SSL3_TXT_RSA_RC2_40_MD5			"EXP-RC2-CBC-MD5"
-#define SSL3_TXT_RSA_IDEA_128_SHA		"IDEA-CBC-SHA"
-#define SSL3_TXT_RSA_DES_40_CBC_SHA		"EXP-DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_64_CBC_SHA		"DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_192_CBC3_SHA		"DES-CBC3-SHA"
-
-#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA		"EXP-DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA		"DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA 	"DH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA		"EXP-DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA		"DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA 	"DH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA		"EXP-EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA		"EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA	"EDH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA		"EXP-EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA		"EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA	"EDH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_ADH_RC4_40_MD5			"EXP-ADH-RC4-MD5"
-#define SSL3_TXT_ADH_RC4_128_MD5		"ADH-RC4-MD5"
-#define SSL3_TXT_ADH_DES_40_CBC_SHA		"EXP-ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_64_CBC_SHA		"ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_192_CBC_SHA		"ADH-DES-CBC3-SHA"
-
-#if 0
-	#define SSL3_TXT_FZA_DMS_NULL_SHA		"FZA-NULL-SHA"
-	#define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"
-	#define SSL3_TXT_FZA_DMS_RC4_SHA		"FZA-RC4-SHA"
-#endif
-
-#define SSL3_TXT_KRB5_DES_64_CBC_SHA		"KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA		"KRB5-DES-CBC3-SHA"
-#define SSL3_TXT_KRB5_RC4_128_SHA		"KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA	       	"KRB5-IDEA-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_64_CBC_MD5       	"KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5       	"KRB5-DES-CBC3-MD5"
-#define SSL3_TXT_KRB5_RC4_128_MD5		"KRB5-RC4-MD5"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 		"KRB5-IDEA-CBC-MD5"
-
-#define SSL3_TXT_KRB5_DES_40_CBC_SHA 		"EXP-KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_RC2_40_CBC_SHA 		"EXP-KRB5-RC2-CBC-SHA"
-#define SSL3_TXT_KRB5_RC4_40_SHA	 	"EXP-KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_DES_40_CBC_MD5 		"EXP-KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 		"EXP-KRB5-RC2-CBC-MD5"
-#define SSL3_TXT_KRB5_RC4_40_MD5	 	"EXP-KRB5-RC4-MD5"
-
-#define SSL3_SSL_SESSION_ID_LENGTH		32
-#define SSL3_MAX_SSL_SESSION_ID_LENGTH		32
-
-#define SSL3_MASTER_SECRET_SIZE			48
-#define SSL3_RANDOM_SIZE			32
-#define SSL3_SESSION_ID_SIZE			32
-#define SSL3_RT_HEADER_LENGTH			5
-
-#ifndef SSL3_ALIGN_PAYLOAD
- /* Some will argue that this increases memory footprint, but it's
-  * not actually true. Point is that malloc has to return at least
-  * 64-bit aligned pointers, meaning that allocating 5 bytes wastes
-  * 3 bytes in either case. Suggested pre-gaping simply moves these
-  * wasted bytes from the end of allocated region to its front,
-  * but makes data payload aligned, which improves performance:-) */
-# define SSL3_ALIGN_PAYLOAD			8
-#else
-# if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
-#  error "insane SSL3_ALIGN_PAYLOAD"
-#  undef SSL3_ALIGN_PAYLOAD
-# endif
-#endif
-
-/* This is the maximum MAC (digest) size used by the SSL library.
- * Currently maximum of 20 is used by SHA1, but we reserve for
- * future extension for 512-bit hashes.
- */
-
-#define SSL3_RT_MAX_MD_SIZE			64
-
-/* Maximum block size used in all ciphersuites. Currently 16 for AES.
- */
-
-#define	SSL_RT_MAX_CIPHER_BLOCK_SIZE		16
-
-#define SSL3_RT_MAX_EXTRA			(16384)
-
-/* Maximum plaintext length: defined by SSL/TLS standards */
-#define SSL3_RT_MAX_PLAIN_LENGTH		16384
-/* Maximum compression overhead: defined by SSL/TLS standards */
-#define SSL3_RT_MAX_COMPRESSED_OVERHEAD		1024
-
-/* The standards give a maximum encryption overhead of 1024 bytes.
- * In practice the value is lower than this. The overhead is the maximum
- * number of padding bytes (256) plus the mac size.
- */
-#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD	(256 + SSL3_RT_MAX_MD_SIZE)
-
-/* OpenSSL currently only uses a padding length of at most one block so
- * the send overhead is smaller.
- */
-
-#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
-			(SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
-
-/* If compression isn't used don't include the compression overhead */
-
-#ifdef OPENSSL_NO_COMP
-#define SSL3_RT_MAX_COMPRESSED_LENGTH		SSL3_RT_MAX_PLAIN_LENGTH
-#else
-#define SSL3_RT_MAX_COMPRESSED_LENGTH	\
-		(SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
-#endif
-#define SSL3_RT_MAX_ENCRYPTED_LENGTH	\
-		(SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
-#define SSL3_RT_MAX_PACKET_SIZE		\
-		(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
-
-#define SSL3_MD_CLIENT_FINISHED_CONST	"\x43\x4C\x4E\x54"
-#define SSL3_MD_SERVER_FINISHED_CONST	"\x53\x52\x56\x52"
-
-#define SSL3_VERSION			0x0300
-#define SSL3_VERSION_MAJOR		0x03
-#define SSL3_VERSION_MINOR		0x00
-
-#define SSL3_RT_CHANGE_CIPHER_SPEC	20
-#define SSL3_RT_ALERT			21
-#define SSL3_RT_HANDSHAKE		22
-#define SSL3_RT_APPLICATION_DATA	23
-#define TLS1_RT_HEARTBEAT		24
-
-#define SSL3_AL_WARNING			1
-#define SSL3_AL_FATAL			2
-
-#define SSL3_AD_CLOSE_NOTIFY		 0
-#define SSL3_AD_UNEXPECTED_MESSAGE	10	/* fatal */
-#define SSL3_AD_BAD_RECORD_MAC		20	/* fatal */
-#define SSL3_AD_DECOMPRESSION_FAILURE	30	/* fatal */
-#define SSL3_AD_HANDSHAKE_FAILURE	40	/* fatal */
-#define SSL3_AD_NO_CERTIFICATE		41
-#define SSL3_AD_BAD_CERTIFICATE		42
-#define SSL3_AD_UNSUPPORTED_CERTIFICATE	43
-#define SSL3_AD_CERTIFICATE_REVOKED	44
-#define SSL3_AD_CERTIFICATE_EXPIRED	45
-#define SSL3_AD_CERTIFICATE_UNKNOWN	46
-#define SSL3_AD_ILLEGAL_PARAMETER	47	/* fatal */
-
-#define TLS1_HB_REQUEST		1
-#define TLS1_HB_RESPONSE	2
-	
-#ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl3_record_st
-	{
-/*r */	int type;               /* type of record */
-/*rw*/	unsigned int length;    /* How many bytes available */
-/*r */	unsigned int off;       /* read/write offset into 'buf' */
-/*rw*/	unsigned char *data;    /* pointer to the record data */
-/*rw*/	unsigned char *input;   /* where the decode bytes are */
-/*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
-/*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
-/*r */  unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
-	} SSL3_RECORD;
-
-typedef struct ssl3_buffer_st
-	{
-	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
-	                         * see ssl3_setup_buffers() */
-	size_t len;             /* buffer size */
-	int offset;             /* where to 'copy from' */
-	int left;               /* how many bytes left */
-	} SSL3_BUFFER;
-
-#endif
-
-#define SSL3_CT_RSA_SIGN			1
-#define SSL3_CT_DSS_SIGN			2
-#define SSL3_CT_RSA_FIXED_DH			3
-#define SSL3_CT_DSS_FIXED_DH			4
-#define SSL3_CT_RSA_EPHEMERAL_DH		5
-#define SSL3_CT_DSS_EPHEMERAL_DH		6
-#define SSL3_CT_FORTEZZA_DMS			20
-/* SSL3_CT_NUMBER is used to size arrays and it must be large
- * enough to contain all of the cert types defined either for
- * SSLv3 and TLSv1.
- */
-#define SSL3_CT_NUMBER			9
-
-
-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
-#define SSL3_FLAGS_POP_BUFFER			0x0004
-#define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
-#define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
-#define TLS1_FLAGS_KEEP_HANDSHAKE		0x0020
-/*
- * Set when the handshake is ready to process peer's ChangeCipherSpec message.
- * Cleared after the message has been processed.
- */
-#define SSL3_FLAGS_CCS_OK			0x0080
-
-/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
- * restart a handshake because of MS SGC and so prevents us
- * from restarting the handshake in a loop. It's reset on a
- * renegotiation, so effectively limits the client to one restart
- * per negotiation. This limits the possibility of a DDoS
- * attack where the client handshakes in a loop using SGC to
- * restart. Servers which permit renegotiation can still be
- * effected, but we can't prevent that.
- */
-#define SSL3_FLAGS_SGC_RESTART_DONE		0x0040
-
-#ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl3_state_st
-	{
-	long flags;
-	int delay_buf_pop_ret;
-
-	unsigned char read_sequence[8];
-	int read_mac_secret_size;
-	unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
-	unsigned char write_sequence[8];
-	int write_mac_secret_size;
-	unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
-
-	unsigned char server_random[SSL3_RANDOM_SIZE];
-	unsigned char client_random[SSL3_RANDOM_SIZE];
-
-	/* flags for countermeasure against known-IV weakness */
-	int need_record_splitting;
-	int record_split_done;
-
-	/* The value of 'extra' when the buffers were initialized */
-	int init_extra;
-
-	SSL3_BUFFER rbuf;	/* read IO goes into here */
-	SSL3_BUFFER wbuf;	/* write IO goes into here */
-
-	SSL3_RECORD rrec;	/* each decoded record goes in here */
-	SSL3_RECORD wrec;	/* goes out from here */
-
-	/* storage for Alert/Handshake protocol data received but not
-	 * yet processed by ssl3_read_bytes: */
-	unsigned char alert_fragment[2];
-	unsigned int alert_fragment_len;
-	unsigned char handshake_fragment[4];
-	unsigned int handshake_fragment_len;
-
-	/* partial write - check the numbers match */
-	unsigned int wnum;	/* number of bytes sent so far */
-	int wpend_tot;		/* number bytes written */
-	int wpend_type;
-	int wpend_ret;		/* number of bytes submitted */
-	const unsigned char *wpend_buf;
-
-	/* used during startup, digest all incoming/outgoing packets */
-	BIO *handshake_buffer;
-	/* When set of handshake digests is determined, buffer is hashed
-	 * and freed and MD_CTX-es for all required digests are stored in
-	 * this array */
-	EVP_MD_CTX **handshake_dgst;
-	/*
-	 * Set whenever an expected ChangeCipherSpec message is processed.
-	 * Unset when the peer's Finished message is received.
-	 * Unexpected ChangeCipherSpec messages trigger a fatal alert.
-	 */
-	int change_cipher_spec;
-
-	int warn_alert;
-	int fatal_alert;
-	/* we allow one fatal and one warning alert to be outstanding,
-	 * send close alert via the warning alert */
-	int alert_dispatch;
-	unsigned char send_alert[2];
-
-	/* This flag is set when we should renegotiate ASAP, basically when
-	 * there is no more data in the read or write buffers */
-	int renegotiate;
-	int total_renegotiations;
-	int num_renegotiations;
-
-	int in_read_app_data;
-
-	/* Opaque PRF input as used for the current handshake.
-	 * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
-	 * (otherwise, they are merely present to improve binary compatibility) */
-	void *client_opaque_prf_input;
-	size_t client_opaque_prf_input_len;
-	void *server_opaque_prf_input;
-	size_t server_opaque_prf_input_len;
-
-	struct	{
-		/* actually only needs to be 16+20 */
-		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
-
-		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
-		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
-		int finish_md_len;
-		unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
-		int peer_finish_md_len;
-
-		unsigned long message_size;
-		int message_type;
-
-		/* used to hold the new cipher we are going to use */
-		const SSL_CIPHER *new_cipher;
-#ifndef OPENSSL_NO_DH
-		DH *dh;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-		EC_KEY *ecdh; /* holds short lived ECDH key */
-#endif
-
-		/* used when SSL_ST_FLUSH_DATA is entered */
-		int next_state;			
-
-		int reuse_message;
-
-		/* used for certificate requests */
-		int cert_req;
-		int ctype_num;
-		char ctype[SSL3_CT_NUMBER];
-		STACK_OF(X509_NAME) *ca_names;
-
-		int use_rsa_tmp;
-
-		int key_block_length;
-		unsigned char *key_block;
-
-		const EVP_CIPHER *new_sym_enc;
-		const EVP_MD *new_hash;
-		int new_mac_pkey_type;
-		int new_mac_secret_size;
-#ifndef OPENSSL_NO_COMP
-		const SSL_COMP *new_compression;
-#else
-		char *new_compression;
-#endif
-		int cert_request;
-		} tmp;
-
-        /* Connection binding to prevent renegotiation attacks */
-        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_client_finished_len;
-        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_server_finished_len;
-        int send_connection_binding; /* TODOEKR */
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-	/* Set if we saw the Next Protocol Negotiation extension from our peer. */
-	int next_proto_neg_seen;
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-#ifndef OPENSSL_NO_EC
-	/* This is set to true if we believe that this is a version of Safari
-	 * running on OS X 10.6 or newer. We wish to know this because Safari
-	 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
-	char is_probably_safari;
-#endif /* !OPENSSL_NO_EC */
-#endif /* !OPENSSL_NO_TLSEXT */
-
-	/* In a client, this means that the server supported Channel ID and that
-	 * a Channel ID was sent. In a server it means that we echoed support
-	 * for Channel IDs and that tlsext_channel_id will be valid after the
-	 * handshake. */
-	char tlsext_channel_id_valid;
-	/* tlsext_channel_id_new means that the updated Channel ID extension
-	 * was negotiated. This is a temporary hack in the code to support both
-	 * forms of Channel ID extension while we transition to the new format,
-	 * which fixed a security issue. */
-	char tlsext_channel_id_new;
-	/* For a server:
-	 *     If |tlsext_channel_id_valid| is true, then this contains the
-	 *     verified Channel ID from the client: a P256 point, (x,y), where
-	 *     each are big-endian values. */
-	unsigned char tlsext_channel_id[64];
-
-	/* ALPN information
-	 * (we are in the process of transitioning from NPN to ALPN.) */
-
-	/* In a server these point to the selected ALPN protocol after the
-	 * ClientHello has been processed. In a client these contain the
-	 * protocol that the server selected once the ServerHello has been
-	 * processed. */
-	unsigned char *alpn_selected;
-	unsigned alpn_selected_len;
-
-	/* These point to the digest function to use for signatures made with
-	 * each type of public key. A NULL value indicates that the default
-	 * digest should be used, which is SHA1 as of TLS 1.2.
-	 *
-	 * (These should be in the tmp member, but we have to put them here to
-	 * ensure binary compatibility with earlier OpenSSL 1.0.* releases.) */
-	const EVP_MD *digest_rsa;
-	const EVP_MD *digest_dsa;
-	const EVP_MD *digest_ecdsa;
-	} SSL3_STATE;
-
-#endif
-
-/* SSLv3 */
-/*client */
-/* extra state */
-#define SSL3_ST_CW_FLUSH		(0x100|SSL_ST_CONNECT)
-#define SSL3_ST_CUTTHROUGH_COMPLETE	(0x101|SSL_ST_CONNECT)
-#ifndef OPENSSL_NO_SCTP
-#define DTLS1_SCTP_ST_CW_WRITE_SOCK			(0x310|SSL_ST_CONNECT)
-#define DTLS1_SCTP_ST_CR_READ_SOCK			(0x320|SSL_ST_CONNECT)
-#endif	
-/* write to server */
-#define SSL3_ST_CW_CLNT_HELLO_A		(0x110|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CLNT_HELLO_B		(0x111|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_SRVR_HELLO_A		(0x120|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_HELLO_B		(0x121|SSL_ST_CONNECT)
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_A		(0x130|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_B		(0x131|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_A		(0x140|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_B		(0x141|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_A		(0x150|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_B		(0x151|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_A		(0x160|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_B		(0x161|SSL_ST_CONNECT)
-/* write to server */
-#define SSL3_ST_CW_CERT_A		(0x170|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_B		(0x171|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_C		(0x172|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_D		(0x173|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_A		(0x180|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_B		(0x181|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_A		(0x190|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_B		(0x191|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_A		(0x1A0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_B		(0x1A1|SSL_ST_CONNECT)
-#ifndef OPENSSL_NO_NEXTPROTONEG
-#define SSL3_ST_CW_NEXT_PROTO_A		(0x200|SSL_ST_CONNECT)
-#define SSL3_ST_CW_NEXT_PROTO_B		(0x201|SSL_ST_CONNECT)
-#endif
-#define SSL3_ST_CW_CHANNEL_ID_A		(0x210|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANNEL_ID_B		(0x211|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_A		(0x1B0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_B		(0x1B1|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_CHANGE_A		(0x1C0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CHANGE_B		(0x1C1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_A		(0x1D0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_B		(0x1D1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SESSION_TICKET_A	(0x1E0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SESSION_TICKET_B	(0x1E1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_STATUS_A	(0x1F0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_STATUS_B	(0x1F1|SSL_ST_CONNECT)
-
-/* server */
-/* extra state */
-#define SSL3_ST_SW_FLUSH		(0x100|SSL_ST_ACCEPT)
-#ifndef OPENSSL_NO_SCTP
-#define DTLS1_SCTP_ST_SW_WRITE_SOCK			(0x310|SSL_ST_ACCEPT)
-#define DTLS1_SCTP_ST_SR_READ_SOCK			(0x320|SSL_ST_ACCEPT)
-#endif	
-/* read from client */
-/* Do not change the number values, they do matter */
-#define SSL3_ST_SR_CLNT_HELLO_A		(0x110|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_B		(0x111|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_C		(0x112|SSL_ST_ACCEPT)
-/* write to client */
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_A		(0x120|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_B		(0x121|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_C		(0x122|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_A		(0x130|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_B		(0x131|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_A		(0x140|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_B		(0x141|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_A		(0x150|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_B		(0x151|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_A		(0x160|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_B		(0x161|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_A		(0x170|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_B		(0x171|SSL_ST_ACCEPT)
-/* read from client */
-#define SSL3_ST_SR_CERT_A		(0x180|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_B		(0x181|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_A		(0x190|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_B		(0x191|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_A		(0x1A0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_B		(0x1A1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_A		(0x1B0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_B		(0x1B1|SSL_ST_ACCEPT)
-#ifndef OPENSSL_NO_NEXTPROTONEG
-#define SSL3_ST_SR_NEXT_PROTO_A		(0x210|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_NEXT_PROTO_B		(0x211|SSL_ST_ACCEPT)
-#endif
-#define SSL3_ST_SR_POST_CLIENT_CERT	(0x1BF|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANNEL_ID_A		(0x220|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANNEL_ID_B		(0x221|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_A		(0x1C0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_B		(0x1C1|SSL_ST_ACCEPT)
-/* write to client */
-#define SSL3_ST_SW_CHANGE_A		(0x1D0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CHANGE_B		(0x1D1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_A		(0x1E0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_B		(0x1E1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SESSION_TICKET_A	(0x1F0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SESSION_TICKET_B	(0x1F1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_STATUS_A	(0x200|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_STATUS_B	(0x201|SSL_ST_ACCEPT)
-
-#define SSL3_MT_HELLO_REQUEST			0
-#define SSL3_MT_CLIENT_HELLO			1
-#define SSL3_MT_SERVER_HELLO			2
-#define	SSL3_MT_NEWSESSION_TICKET		4
-#define SSL3_MT_CERTIFICATE			11
-#define SSL3_MT_SERVER_KEY_EXCHANGE		12
-#define SSL3_MT_CERTIFICATE_REQUEST		13
-#define SSL3_MT_SERVER_DONE			14
-#define SSL3_MT_CERTIFICATE_VERIFY		15
-#define SSL3_MT_CLIENT_KEY_EXCHANGE		16
-#define SSL3_MT_FINISHED			20
-#define SSL3_MT_CERTIFICATE_STATUS		22
-#ifndef OPENSSL_NO_NEXTPROTONEG
-#define SSL3_MT_NEXT_PROTO			67
-#endif
-#define SSL3_MT_ENCRYPTED_EXTENSIONS		203
-#define DTLS1_MT_HELLO_VERIFY_REQUEST    3
-
-
-#define SSL3_MT_CCS				1
-
-/* These are used when changing over to a new cipher */
-#define SSL3_CC_READ		0x01
-#define SSL3_CC_WRITE		0x02
-#define SSL3_CC_CLIENT		0x10
-#define SSL3_CC_SERVER		0x20
-#define SSL3_CHANGE_CIPHER_CLIENT_WRITE	(SSL3_CC_CLIENT|SSL3_CC_WRITE)	
-#define SSL3_CHANGE_CIPHER_SERVER_READ	(SSL3_CC_SERVER|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_CLIENT_READ	(SSL3_CC_CLIENT|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_SERVER_WRITE	(SSL3_CC_SERVER|SSL3_CC_WRITE)
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
deleted file mode 100644
index 9c34d19725..0000000000
--- a/ssl/ssl_algs.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/* ssl/ssl_algs.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/lhash.h>
-#include "ssl_locl.h"
-
-int SSL_library_init(void)
-	{
-
-#ifndef OPENSSL_NO_DES
-	EVP_add_cipher(EVP_des_cbc());
-	EVP_add_cipher(EVP_des_ede3_cbc());
-#endif
-#ifndef OPENSSL_NO_IDEA
-	EVP_add_cipher(EVP_idea_cbc());
-#endif
-#ifndef OPENSSL_NO_RC4
-	EVP_add_cipher(EVP_rc4());
-#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
-	EVP_add_cipher(EVP_rc4_hmac_md5());
-#endif
-#endif  
-#ifndef OPENSSL_NO_RC2
-	EVP_add_cipher(EVP_rc2_cbc());
-	/* Not actually used for SSL/TLS but this makes PKCS#12 work
-	 * if an application only calls SSL_library_init().
-	 */
-	EVP_add_cipher(EVP_rc2_40_cbc());
-#endif
-#ifndef OPENSSL_NO_AES
-	EVP_add_cipher(EVP_aes_128_cbc());
-	EVP_add_cipher(EVP_aes_192_cbc());
-	EVP_add_cipher(EVP_aes_256_cbc());
-	EVP_add_cipher(EVP_aes_128_gcm());
-	EVP_add_cipher(EVP_aes_256_gcm());
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-	EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
-	EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
-#endif
-
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-	EVP_add_cipher(EVP_camellia_128_cbc());
-	EVP_add_cipher(EVP_camellia_256_cbc());
-#endif
-
-#ifndef OPENSSL_NO_SEED
-	EVP_add_cipher(EVP_seed_cbc());
-#endif
-  
-#ifndef OPENSSL_NO_MD5
-	EVP_add_digest(EVP_md5());
-	EVP_add_digest_alias(SN_md5,"ssl2-md5");
-	EVP_add_digest_alias(SN_md5,"ssl3-md5");
-#endif
-#ifndef OPENSSL_NO_SHA
-	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
-	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
-	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
-#endif
-#ifndef OPENSSL_NO_SHA256
-	EVP_add_digest(EVP_sha224());
-	EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
-	EVP_add_digest(EVP_sha384());
-	EVP_add_digest(EVP_sha512());
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
-	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
-	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
-	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
-	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	EVP_add_digest(EVP_ecdsa());
-#endif
-	/* If you want support for phased out ciphers, add the following */
-#if 0
-	EVP_add_digest(EVP_sha());
-	EVP_add_digest(EVP_dss());
-#endif
-#ifndef OPENSSL_NO_COMP
-	/* This will initialise the built-in compression algorithms.
-	   The value returned is a STACK_OF(SSL_COMP), but that can
-	   be discarded safely */
-	(void)SSL_COMP_get_compression_methods();
-#endif
-	/* initialize cipher/digest methods table */
-	ssl_load_ciphers();
-	return(1);
-	}
-
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
deleted file mode 100644
index f83e18f874..0000000000
--- a/ssl/ssl_asn1.c
+++ /dev/null
@@ -1,669 +0,0 @@
-/* ssl/ssl_asn1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "ssl_locl.h"
-#include <openssl/asn1_mac.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-typedef struct ssl_session_asn1_st
-	{
-	ASN1_INTEGER version;
-	ASN1_INTEGER ssl_version;
-	ASN1_OCTET_STRING cipher;
-	ASN1_OCTET_STRING comp_id;
-	ASN1_OCTET_STRING master_key;
-	ASN1_OCTET_STRING session_id;
-	ASN1_OCTET_STRING session_id_context;
-	ASN1_OCTET_STRING key_arg;
-#ifndef OPENSSL_NO_KRB5
-        ASN1_OCTET_STRING krb5_princ;
-#endif /* OPENSSL_NO_KRB5 */
-	ASN1_INTEGER time;
-	ASN1_INTEGER timeout;
-	ASN1_INTEGER verify_result;
-#ifndef OPENSSL_NO_TLSEXT
-	ASN1_OCTET_STRING tlsext_hostname;
-	ASN1_INTEGER tlsext_tick_lifetime;
-	ASN1_OCTET_STRING tlsext_tick;
-#endif /* OPENSSL_NO_TLSEXT */
-#ifndef OPENSSL_NO_PSK
-	ASN1_OCTET_STRING psk_identity_hint;
-	ASN1_OCTET_STRING psk_identity;
-#endif /* OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-	ASN1_OCTET_STRING srp_username;
-#endif /* OPENSSL_NO_SRP */
-	ASN1_OCTET_STRING original_handshake_hash;
-	} SSL_SESSION_ASN1;
-
-int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
-	{
-#define LSIZE2 (sizeof(long)*2)
-	int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0,v14=0;
-	unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
-	unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
-#ifndef OPENSSL_NO_TLSEXT
-	int v6=0,v9=0,v10=0;
-	unsigned char ibuf6[LSIZE2];
-#endif
-#ifndef OPENSSL_NO_COMP
-	unsigned char cbuf;
-	int v11=0;
-#endif
-#ifndef OPENSSL_NO_SRP
-	int v12=0;
-#endif
-	long l;
-	SSL_SESSION_ASN1 a;
-	M_ASN1_I2D_vars(in);
-
-	if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
-		return(0);
-
-	/* Note that I cheat in the following 2 assignments.  I know
-	 * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
-	 * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
-	 * This is a bit evil but makes things simple, no dynamic allocation
-	 * to clean up :-) */
-	a.version.length=LSIZE2;
-	a.version.type=V_ASN1_INTEGER;
-	a.version.data=ibuf1;
-	ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
-
-	a.ssl_version.length=LSIZE2;
-	a.ssl_version.type=V_ASN1_INTEGER;
-	a.ssl_version.data=ibuf2;
-	ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
-
-	a.cipher.type=V_ASN1_OCTET_STRING;
-	a.cipher.data=buf;
-
-	if (in->cipher == NULL)
-		l=in->cipher_id;
-	else
-		l=in->cipher->id;
-	if (in->ssl_version == SSL2_VERSION)
-		{
-		a.cipher.length=3;
-		buf[0]=((unsigned char)(l>>16L))&0xff;
-		buf[1]=((unsigned char)(l>> 8L))&0xff;
-		buf[2]=((unsigned char)(l     ))&0xff;
-		}
-	else
-		{
-		a.cipher.length=2;
-		buf[0]=((unsigned char)(l>>8L))&0xff;
-		buf[1]=((unsigned char)(l    ))&0xff;
-		}
-
-#ifndef OPENSSL_NO_COMP
-	if (in->compress_meth)
-		{
-		cbuf = (unsigned char)in->compress_meth;
-		a.comp_id.length = 1;
-		a.comp_id.type = V_ASN1_OCTET_STRING;
-		a.comp_id.data = &cbuf;
-		}
-#endif
-
-	a.master_key.length=in->master_key_length;
-	a.master_key.type=V_ASN1_OCTET_STRING;
-	a.master_key.data=in->master_key;
-
-	a.session_id.length=in->session_id_length;
-	a.session_id.type=V_ASN1_OCTET_STRING;
-	a.session_id.data=in->session_id;
-
-	a.session_id_context.length=in->sid_ctx_length;
-	a.session_id_context.type=V_ASN1_OCTET_STRING;
-	a.session_id_context.data=in->sid_ctx;
-
-	a.key_arg.length=in->key_arg_length;
-	a.key_arg.type=V_ASN1_OCTET_STRING;
-	a.key_arg.data=in->key_arg;
-
-#ifndef OPENSSL_NO_KRB5
-	if (in->krb5_client_princ_len)
-		{
-		a.krb5_princ.length=in->krb5_client_princ_len;
-		a.krb5_princ.type=V_ASN1_OCTET_STRING;
-		a.krb5_princ.data=in->krb5_client_princ;
-		}
-#endif /* OPENSSL_NO_KRB5 */
-
-	if (in->time != 0L)
-		{
-		a.time.length=LSIZE2;
-		a.time.type=V_ASN1_INTEGER;
-		a.time.data=ibuf3;
-		ASN1_INTEGER_set(&(a.time),in->time);
-		}
-
-	if (in->timeout != 0L)
-		{
-		a.timeout.length=LSIZE2;
-		a.timeout.type=V_ASN1_INTEGER;
-		a.timeout.data=ibuf4;
-		ASN1_INTEGER_set(&(a.timeout),in->timeout);
-		}
-
-	if (in->verify_result != X509_V_OK)
-		{
-		a.verify_result.length=LSIZE2;
-		a.verify_result.type=V_ASN1_INTEGER;
-		a.verify_result.data=ibuf5;
-		ASN1_INTEGER_set(&a.verify_result,in->verify_result);
-		}
-
-#ifndef OPENSSL_NO_TLSEXT
-	if (in->tlsext_hostname)
-                {
-                a.tlsext_hostname.length=strlen(in->tlsext_hostname);
-                a.tlsext_hostname.type=V_ASN1_OCTET_STRING;
-                a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname;
-                }
-	if (in->tlsext_tick)
-                {
-                a.tlsext_tick.length= in->tlsext_ticklen;
-                a.tlsext_tick.type=V_ASN1_OCTET_STRING;
-                a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
-                }
-	if (in->tlsext_tick_lifetime_hint > 0)
-		{
-		a.tlsext_tick_lifetime.length=LSIZE2;
-		a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;
-		a.tlsext_tick_lifetime.data=ibuf6;
-		ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
-		}
-#endif /* OPENSSL_NO_TLSEXT */
-#ifndef OPENSSL_NO_PSK
-	if (in->psk_identity_hint)
-		{
-		a.psk_identity_hint.length=strlen(in->psk_identity_hint);
-		a.psk_identity_hint.type=V_ASN1_OCTET_STRING;
-		a.psk_identity_hint.data=(unsigned char *)(in->psk_identity_hint);
-		}
-	if (in->psk_identity)
-		{
-		a.psk_identity.length=strlen(in->psk_identity);
-		a.psk_identity.type=V_ASN1_OCTET_STRING;
-		a.psk_identity.data=(unsigned char *)(in->psk_identity);
-		}
-
-	if (in->original_handshake_hash_len > 0)
-		{
-		a.original_handshake_hash.length = in->original_handshake_hash_len;
-		a.original_handshake_hash.type = V_ASN1_OCTET_STRING;
-		a.original_handshake_hash.data = in->original_handshake_hash;
-		}
-#endif /* OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-	if (in->srp_username)
-		{
-		a.srp_username.length=strlen(in->srp_username);
-		a.srp_username.type=V_ASN1_OCTET_STRING;
-		a.srp_username.data=(unsigned char *)(in->srp_username);
-		}
-#endif /* OPENSSL_NO_SRP */
-
-	M_ASN1_I2D_len(&(a.version),		i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(&(a.ssl_version),	i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(&(a.cipher),		i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len(&(a.session_id),		i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len(&(a.master_key),		i2d_ASN1_OCTET_STRING);
-#ifndef OPENSSL_NO_KRB5
-	if (in->krb5_client_princ_len)
-        	M_ASN1_I2D_len(&(a.krb5_princ),	i2d_ASN1_OCTET_STRING);
-#endif /* OPENSSL_NO_KRB5 */
-	if (in->key_arg_length > 0)
-		M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
-	if (in->time != 0L)
-		M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
-	if (in->timeout != 0L)
-		M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
-	if (in->peer != NULL)
-		M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
-	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
-	if (in->verify_result != X509_V_OK)
-		M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
-
-#ifndef OPENSSL_NO_TLSEXT
-	if (in->tlsext_tick_lifetime_hint > 0)
-      	 	M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
-	if (in->tlsext_tick)
-        	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
-	if (in->tlsext_hostname)
-        	M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
-#ifndef OPENSSL_NO_COMP
-	if (in->compress_meth)
-        	M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
-#endif
-#endif /* OPENSSL_NO_TLSEXT */
-#ifndef OPENSSL_NO_PSK
-	if (in->psk_identity_hint)
-        	M_ASN1_I2D_len_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
-	if (in->psk_identity)
-        	M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
-#endif /* OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-	if (in->srp_username)
-        	M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12);
-#endif /* OPENSSL_NO_SRP */
-	if (in->original_handshake_hash_len > 0)
-		M_ASN1_I2D_len_EXP_opt(&(a.original_handshake_hash),i2d_ASN1_OCTET_STRING,14,v14);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(&(a.version),		i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(&(a.ssl_version),	i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(&(a.cipher),		i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put(&(a.session_id),		i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put(&(a.master_key),		i2d_ASN1_OCTET_STRING);
-#ifndef OPENSSL_NO_KRB5
-	if (in->krb5_client_princ_len)
-        	M_ASN1_I2D_put(&(a.krb5_princ),	i2d_ASN1_OCTET_STRING);
-#endif /* OPENSSL_NO_KRB5 */
-	if (in->key_arg_length > 0)
-		M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
-	if (in->time != 0L)
-		M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
-	if (in->timeout != 0L)
-		M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
-	if (in->peer != NULL)
-		M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
-	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
-			       v4);
-	if (in->verify_result != X509_V_OK)
-		M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
-#ifndef OPENSSL_NO_TLSEXT
-	if (in->tlsext_hostname)
-        	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
-#endif /* OPENSSL_NO_TLSEXT */
-#ifndef OPENSSL_NO_PSK
-	if (in->psk_identity_hint)
-		M_ASN1_I2D_put_EXP_opt(&(a.psk_identity_hint), i2d_ASN1_OCTET_STRING,7,v7);
-	if (in->psk_identity)
-		M_ASN1_I2D_put_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
-#endif /* OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_TLSEXT
-	if (in->tlsext_tick_lifetime_hint > 0)
-      	 	M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
-	if (in->tlsext_tick)
-        	M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
-#endif /* OPENSSL_NO_TLSEXT */
-#ifndef OPENSSL_NO_COMP
-	if (in->compress_meth)
-        	M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
-#endif
-#ifndef OPENSSL_NO_SRP
-	if (in->srp_username)
-		M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12);
-#endif /* OPENSSL_NO_SRP */
-	if (in->original_handshake_hash_len > 0)
-		M_ASN1_I2D_put_EXP_opt(&(a.original_handshake_hash),i2d_ASN1_OCTET_STRING,14,v14);
-	M_ASN1_I2D_finish();
-	}
-
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
-			     long length)
-	{
-	int ssl_version=0,i;
-	long id;
-	ASN1_INTEGER ai,*aip;
-	ASN1_OCTET_STRING os,*osp;
-	M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
-
-	aip= &ai;
-	osp= &os;
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-
-	ai.data=NULL; ai.length=0;
-	M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
-	if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
-
-	/* we don't care about the version right now :-) */
-	M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
-	ssl_version=(int)ASN1_INTEGER_get(aip);
-	ret->ssl_version=ssl_version;
-	if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
-
-	os.data=NULL; os.length=0;
-	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
-	if (ssl_version == SSL2_VERSION)
-		{
-		if (os.length != 3)
-			{
-			c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
-			c.line=__LINE__;
-			goto err;
-			}
-		id=0x02000000L|
-			((unsigned long)os.data[0]<<16L)|
-			((unsigned long)os.data[1]<< 8L)|
-			 (unsigned long)os.data[2];
-		}
-	else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
-		{
-		if (os.length != 2)
-			{
-			c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
-			c.line=__LINE__;
-			goto err;
-			}
-		id=0x03000000L|
-			((unsigned long)os.data[0]<<8L)|
-			 (unsigned long)os.data[1];
-		}
-	else
-		{
-		c.error=SSL_R_UNKNOWN_SSL_VERSION;
-		c.line=__LINE__;
-		goto err;
-		}
-	
-	ret->cipher=NULL;
-	ret->cipher_id=id;
-
-	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
-	if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
-		i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
-	else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
-		i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
-
-	if (os.length > i)
-		os.length = i;
-	if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
-		os.length = sizeof(ret->session_id);
-
-	ret->session_id_length=os.length;
-	OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
-	memcpy(ret->session_id,os.data,os.length);
-
-	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
-	if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
-		ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
-	else
-		ret->master_key_length=os.length;
-	memcpy(ret->master_key,os.data,ret->master_key_length);
-
-	os.length=0;
-
-#ifndef OPENSSL_NO_KRB5
-	os.length=0;
-	M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
-	if (os.data)
-		{
-        	if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
-            		ret->krb5_client_princ_len=0;
-		else
-			ret->krb5_client_princ_len=os.length;
-		memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
-		OPENSSL_free(os.data);
-		os.data = NULL;
-		os.length = 0;
-		}
-	else
-		ret->krb5_client_princ_len=0;
-#endif /* OPENSSL_NO_KRB5 */
-
-	M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
-	if (os.length > SSL_MAX_KEY_ARG_LENGTH)
-		ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
-	else
-		ret->key_arg_length=os.length;
-	memcpy(ret->key_arg,os.data,ret->key_arg_length);
-	if (os.data != NULL) OPENSSL_free(os.data);
-
-	ai.length=0;
-	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
-	if (ai.data != NULL)
-		{
-		ret->time=ASN1_INTEGER_get(aip);
-		OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
-		}
-	else
-		ret->time=(unsigned long)time(NULL);
-
-	ai.length=0;
-	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
-	if (ai.data != NULL)
-		{
-		ret->timeout=ASN1_INTEGER_get(aip);
-		OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
-		}
-	else
-		ret->timeout=3;
-
-	if (ret->peer != NULL)
-		{
-		X509_free(ret->peer);
-		ret->peer=NULL;
-		}
-	M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
-
-	os.length=0;
-	os.data=NULL;
-	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
-
-	if(os.data != NULL)
-	    {
-	    if (os.length > SSL_MAX_SID_CTX_LENGTH)
-		{
-		c.error=SSL_R_BAD_LENGTH;
-		c.line=__LINE__;
-		goto err;
-		}
-	    else
-		{
-		ret->sid_ctx_length=os.length;
-		memcpy(ret->sid_ctx,os.data,os.length);
-		}
-	    OPENSSL_free(os.data); os.data=NULL; os.length=0;
-	    }
-	else
-	    ret->sid_ctx_length=0;
-
-	ai.length=0;
-	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
-	if (ai.data != NULL)
-		{
-		ret->verify_result=ASN1_INTEGER_get(aip);
-		OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
-		}
-	else
-		ret->verify_result=X509_V_OK;
-
-#ifndef OPENSSL_NO_TLSEXT
-	os.length=0;
-	os.data=NULL;
-	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6);
-	if (os.data)
-		{
-		ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
-		OPENSSL_free(os.data);
-		os.data = NULL;
-		os.length = 0;
-		}
-	else
-		ret->tlsext_hostname=NULL;
-#endif /* OPENSSL_NO_TLSEXT */
-
-#ifndef OPENSSL_NO_PSK
-	os.length=0;
-	os.data=NULL;
-	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,7);
-	if (os.data)
-		{
-		ret->psk_identity_hint = BUF_strndup((char *)os.data, os.length);
-		OPENSSL_free(os.data);
-		os.data = NULL;
-		os.length = 0;
-		}
-	else
-		ret->psk_identity_hint=NULL;
-
-	os.length=0;
-	os.data=NULL;
-	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8);
-	if (os.data)
-		{
-		ret->psk_identity = BUF_strndup((char *)os.data, os.length);
-		OPENSSL_free(os.data);
-		os.data = NULL;
-		os.length = 0;
-		}
-	else
-		ret->psk_identity=NULL;
-#endif /* OPENSSL_NO_PSK */
-
-#ifndef OPENSSL_NO_TLSEXT
-	ai.length=0;
-	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
-	if (ai.data != NULL)
-		{
-		ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
-		OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
-		}
-	else if (ret->tlsext_ticklen && ret->session_id_length)
-		ret->tlsext_tick_lifetime_hint = -1;
-	else
-		ret->tlsext_tick_lifetime_hint=0;
-	os.length=0;
-	os.data=NULL;
-	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
-	if (os.data)
-		{
-		ret->tlsext_tick = os.data;
-		ret->tlsext_ticklen = os.length;
-		os.data = NULL;
-		os.length = 0;
-		}
-	else
-		ret->tlsext_tick=NULL;
-#endif /* OPENSSL_NO_TLSEXT */
-#ifndef OPENSSL_NO_COMP
-	os.length=0;
-	os.data=NULL;
-	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11);
-	if (os.data)
-		{
-		ret->compress_meth = os.data[0];
-		OPENSSL_free(os.data);
-		os.data = NULL;
-		}
-#endif
-
-#ifndef OPENSSL_NO_SRP
-	os.length=0;
-	os.data=NULL;
-	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,12);
-	if (os.data)
-		{
-		ret->srp_username = BUF_strndup((char *)os.data, os.length);
-		OPENSSL_free(os.data);
-		os.data = NULL;
-		os.length = 0;
-		}
-	else
-		ret->srp_username=NULL;
-#endif /* OPENSSL_NO_SRP */
-
-	os.length=0;
-	os.data=NULL;
-	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,14);
-	if (os.data && os.length < (int)sizeof(ret->original_handshake_hash))
-		{
-		memcpy(ret->original_handshake_hash, os.data, os.length);
-		ret->original_handshake_hash_len = os.length;
-		OPENSSL_free(os.data);
-		os.data = NULL;
-		}
-
-	M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
-	}
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
deleted file mode 100644
index 62580201b6..0000000000
--- a/ssl/ssl_cert.c
+++ /dev/null
@@ -1,804 +0,0 @@
-/*! \file ssl/ssl_cert.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <stdio.h>
-
-#include "e_os.h"
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include "o_dir.h"
-#include <openssl/objects.h>
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-#include "ssl_locl.h"
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void)
-	{
-	static volatile int ssl_x509_store_ctx_idx= -1;
-	int got_write_lock = 0;
-
-	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-
-	if (ssl_x509_store_ctx_idx < 0)
-		{
-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-		CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-		got_write_lock = 1;
-		
-		if (ssl_x509_store_ctx_idx < 0)
-			{
-			ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
-				0,"SSL for verify callback",NULL,NULL,NULL);
-			}
-		}
-
-	if (got_write_lock)
-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-	else
-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-	
-	return ssl_x509_store_ctx_idx;
-	}
-
-CERT *ssl_cert_new(void)
-	{
-	CERT *ret;
-
-	ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
-	if (ret == NULL)
-		{
-		SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	memset(ret,0,sizeof(CERT));
-
-	ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
-	ret->references=1;
-	return(ret);
-	}
-
-CERT *ssl_cert_dup(CERT *cert)
-	{
-	CERT *ret;
-	int i;
-
-	ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
-	if (ret == NULL)
-		{
-		SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-
-	memset(ret, 0, sizeof(CERT));
-
-	ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
-	/* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
-	 * if you find that more readable */
-
-	ret->valid = cert->valid;
-	ret->mask_k = cert->mask_k;
-	ret->mask_a = cert->mask_a;
-	ret->export_mask_k = cert->export_mask_k;
-	ret->export_mask_a = cert->export_mask_a;
-
-#ifndef OPENSSL_NO_RSA
-	if (cert->rsa_tmp != NULL)
-		{
-		RSA_up_ref(cert->rsa_tmp);
-		ret->rsa_tmp = cert->rsa_tmp;
-		}
-	ret->rsa_tmp_cb = cert->rsa_tmp_cb;
-#endif
-
-#ifndef OPENSSL_NO_DH
-	if (cert->dh_tmp != NULL)
-		{
-		ret->dh_tmp = DHparams_dup(cert->dh_tmp);
-		if (ret->dh_tmp == NULL)
-			{
-			SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
-			goto err;
-			}
-		if (cert->dh_tmp->priv_key)
-			{
-			BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
-			if (!b)
-				{
-				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
-				goto err;
-				}
-			ret->dh_tmp->priv_key = b;
-			}
-		if (cert->dh_tmp->pub_key)
-			{
-			BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
-			if (!b)
-				{
-				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
-				goto err;
-				}
-			ret->dh_tmp->pub_key = b;
-			}
-		}
-	ret->dh_tmp_cb = cert->dh_tmp_cb;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-	if (cert->ecdh_tmp)
-		{
-		ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
-		if (ret->ecdh_tmp == NULL)
-			{
-			SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-	ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
-#endif
-
-	for (i = 0; i < SSL_PKEY_NUM; i++)
-		{
-		if (cert->pkeys[i].x509 != NULL)
-			{
-			ret->pkeys[i].x509 = cert->pkeys[i].x509;
-			CRYPTO_add(&ret->pkeys[i].x509->references, 1,
-				CRYPTO_LOCK_X509);
-			}
-		
-		if (cert->pkeys[i].privatekey != NULL)
-			{
-			ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
-			CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
-				CRYPTO_LOCK_EVP_PKEY);
-			}
-		}
-	
-	/* ret->extra_certs *should* exist, but currently the own certificate
-	 * chain is held inside SSL_CTX */
-
-	ret->references=1;
-
-	return(ret);
-	
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
-err:
-#endif
-#ifndef OPENSSL_NO_RSA
-	if (ret->rsa_tmp != NULL)
-		RSA_free(ret->rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
-	if (ret->dh_tmp != NULL)
-		DH_free(ret->dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
-	if (ret->ecdh_tmp != NULL)
-		EC_KEY_free(ret->ecdh_tmp);
-#endif
-
-	for (i = 0; i < SSL_PKEY_NUM; i++)
-		{
-		if (ret->pkeys[i].x509 != NULL)
-			X509_free(ret->pkeys[i].x509);
-		if (ret->pkeys[i].privatekey != NULL)
-			EVP_PKEY_free(ret->pkeys[i].privatekey);
-		}
-
-	return NULL;
-	}
-
-
-void ssl_cert_free(CERT *c)
-	{
-	int i;
-
-	if(c == NULL)
-	    return;
-
-	i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
-#ifdef REF_PRINT
-	REF_PRINT("CERT",c);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"ssl_cert_free, bad reference count\n");
-		abort(); /* ok */
-		}
-#endif
-
-#ifndef OPENSSL_NO_RSA
-	if (c->rsa_tmp) RSA_free(c->rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
-	if (c->dh_tmp) DH_free(c->dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
-	if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
-#endif
-
-	for (i=0; i<SSL_PKEY_NUM; i++)
-		{
-		if (c->pkeys[i].x509 != NULL)
-			X509_free(c->pkeys[i].x509);
-		if (c->pkeys[i].privatekey != NULL)
-			EVP_PKEY_free(c->pkeys[i].privatekey);
-#if 0
-		if (c->pkeys[i].publickey != NULL)
-			EVP_PKEY_free(c->pkeys[i].publickey);
-#endif
-		}
-	OPENSSL_free(c);
-	}
-
-int ssl_cert_inst(CERT **o)
-	{
-	/* Create a CERT if there isn't already one
-	 * (which cannot really happen, as it is initially created in
-	 * SSL_CTX_new; but the earlier code usually allows for that one
-	 * being non-existant, so we follow that behaviour, as it might
-	 * turn out that there actually is a reason for it -- but I'm
-	 * not sure that *all* of the existing code could cope with
-	 * s->cert being NULL, otherwise we could do without the
-	 * initialization in SSL_CTX_new).
-	 */
-	
-	if (o == NULL) 
-		{
-		SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if (*o == NULL)
-		{
-		if ((*o = ssl_cert_new()) == NULL)
-			{
-			SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		}
-	return(1);
-	}
-
-
-SESS_CERT *ssl_sess_cert_new(void)
-	{
-	SESS_CERT *ret;
-
-	ret = OPENSSL_malloc(sizeof *ret);
-	if (ret == NULL)
-		{
-		SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	memset(ret, 0 ,sizeof *ret);
-	ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
-	ret->references = 1;
-
-	return ret;
-	}
-
-void ssl_sess_cert_free(SESS_CERT *sc)
-	{
-	int i;
-
-	if (sc == NULL)
-		return;
-
-	i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
-#ifdef REF_PRINT
-	REF_PRINT("SESS_CERT", sc);
-#endif
-	if (i > 0)
-		return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
-		abort(); /* ok */
-		}
-#endif
-
-	/* i == 0 */
-	if (sc->cert_chain != NULL)
-		sk_X509_pop_free(sc->cert_chain, X509_free);
-	for (i = 0; i < SSL_PKEY_NUM; i++)
-		{
-		if (sc->peer_pkeys[i].x509 != NULL)
-			X509_free(sc->peer_pkeys[i].x509);
-#if 0 /* We don't have the peer's private key.  These lines are just
-	   * here as a reminder that we're still using a not-quite-appropriate
-	   * data structure. */
-		if (sc->peer_pkeys[i].privatekey != NULL)
-			EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
-#endif
-		}
-
-#ifndef OPENSSL_NO_RSA
-	if (sc->peer_rsa_tmp != NULL)
-		RSA_free(sc->peer_rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
-	if (sc->peer_dh_tmp != NULL)
-		DH_free(sc->peer_dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
-	if (sc->peer_ecdh_tmp != NULL)
-		EC_KEY_free(sc->peer_ecdh_tmp);
-#endif
-
-	OPENSSL_free(sc);
-	}
-
-int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
-	{
-	sc->peer_cert_type = type;
-	return(1);
-	}
-
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
-	{
-	X509 *x;
-	int i;
-	X509_STORE_CTX ctx;
-
-	if ((sk == NULL) || (sk_X509_num(sk) == 0))
-		return(0);
-
-	x=sk_X509_value(sk,0);
-	if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
-		{
-		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
-		return(0);
-		}
-#if 0
-	if (SSL_get_verify_depth(s) >= 0)
-		X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
-#endif
-	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
-
-	/* We need to inherit the verify parameters. These can be determined by
-	 * the context: if its a server it will verify SSL client certificates
-	 * or vice versa.
-	 */
-
-	X509_STORE_CTX_set_default(&ctx,
-				s->server ? "ssl_client" : "ssl_server");
-	/* Anything non-default in "param" should overwrite anything in the
-	 * ctx.
-	 */
-	X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
-
-	if (s->verify_callback)
-		X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
-
-	if (s->ctx->app_verify_callback != NULL)
-#if 1 /* new with OpenSSL 0.9.7 */
-		i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); 
-#else
-		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
-#endif
-	else
-		{
-#ifndef OPENSSL_NO_X509_VERIFY
-		i=X509_verify_cert(&ctx);
-#else
-		i=0;
-		ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
-		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
-#endif
-		}
-
-	s->verify_result=ctx.error;
-	X509_STORE_CTX_cleanup(&ctx);
-
-	return(i);
-	}
-
-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
-	{
-	if (*ca_list != NULL)
-		sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
-
-	*ca_list=name_list;
-	}
-
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
-	{
-	int i;
-	STACK_OF(X509_NAME) *ret;
-	X509_NAME *name;
-
-	ret=sk_X509_NAME_new_null();
-	for (i=0; i<sk_X509_NAME_num(sk); i++)
-		{
-		name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
-		if ((name == NULL) || !sk_X509_NAME_push(ret,name))
-			{
-			sk_X509_NAME_pop_free(ret,X509_NAME_free);
-			return(NULL);
-			}
-		}
-	return(ret);
-	}
-
-void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
-	{
-	set_client_CA_list(&(s->client_CA),name_list);
-	}
-
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
-	{
-	set_client_CA_list(&(ctx->client_CA),name_list);
-	}
-
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
-	{
-	return(ctx->client_CA);
-	}
-
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
-	{
-	if (s->type == SSL_ST_CONNECT)
-		{ /* we are in the client */
-		if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
-			(s->s3 != NULL))
-			return(s->s3->tmp.ca_names);
-		else
-			return(NULL);
-		}
-	else
-		{
-		if (s->client_CA != NULL)
-			return(s->client_CA);
-		else
-			return(s->ctx->client_CA);
-		}
-	}
-
-static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
-	{
-	X509_NAME *name;
-
-	if (x == NULL) return(0);
-	if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
-		return(0);
-		
-	if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
-		return(0);
-
-	if (!sk_X509_NAME_push(*sk,name))
-		{
-		X509_NAME_free(name);
-		return(0);
-		}
-	return(1);
-	}
-
-int SSL_add_client_CA(SSL *ssl,X509 *x)
-	{
-	return(add_client_CA(&(ssl->client_CA),x));
-	}
-
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
-	{
-	return(add_client_CA(&(ctx->client_CA),x));
-	}
-
-static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
-	{
-	return(X509_NAME_cmp(*a,*b));
-	}
-
-#ifndef OPENSSL_NO_STDIO
-/*!
- * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
- * it doesn't really have anything to do with clients (except that a common use
- * for a stack of CAs is to send it to the client). Actually, it doesn't have
- * much to do with CAs, either, since it will load any old cert.
- * \param file the file containing one or more certs.
- * \return a ::STACK containing the certs.
- */
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
-	{
-	BIO *in;
-	X509 *x=NULL;
-	X509_NAME *xn=NULL;
-	STACK_OF(X509_NAME) *ret = NULL,*sk;
-
-	sk=sk_X509_NAME_new(xname_cmp);
-
-	in=BIO_new(BIO_s_file_internal());
-
-	if ((sk == NULL) || (in == NULL))
-		{
-		SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	
-	if (!BIO_read_filename(in,file))
-		goto err;
-
-	for (;;)
-		{
-		if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
-			break;
-		if (ret == NULL)
-			{
-			ret = sk_X509_NAME_new_null();
-			if (ret == NULL)
-				{
-				SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			}
-		if ((xn=X509_get_subject_name(x)) == NULL) goto err;
-		/* check for duplicates */
-		xn=X509_NAME_dup(xn);
-		if (xn == NULL) goto err;
-		if (sk_X509_NAME_find(sk,xn) >= 0)
-			X509_NAME_free(xn);
-		else
-			{
-			sk_X509_NAME_push(sk,xn);
-			sk_X509_NAME_push(ret,xn);
-			}
-		}
-
-	if (0)
-		{
-err:
-		if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
-		ret=NULL;
-		}
-	if (sk != NULL) sk_X509_NAME_free(sk);
-	if (in != NULL) BIO_free(in);
-	if (x != NULL) X509_free(x);
-	if (ret != NULL)
-		ERR_clear_error();
-	return(ret);
-	}
-#endif
-
-/*!
- * Add a file of certs to a stack.
- * \param stack the stack to add to.
- * \param file the file to add from. All certs in this file that are not
- * already in the stack will be added.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
-					const char *file)
-	{
-	BIO *in;
-	X509 *x=NULL;
-	X509_NAME *xn=NULL;
-	int ret=1;
-	int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
-	
-	oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
-	
-	in=BIO_new(BIO_s_file_internal());
-	
-	if (in == NULL)
-		{
-		SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	
-	if (!BIO_read_filename(in,file))
-		goto err;
-	
-	for (;;)
-		{
-		if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
-			break;
-		if ((xn=X509_get_subject_name(x)) == NULL) goto err;
-		xn=X509_NAME_dup(xn);
-		if (xn == NULL) goto err;
-		if (sk_X509_NAME_find(stack,xn) >= 0)
-			X509_NAME_free(xn);
-		else
-			sk_X509_NAME_push(stack,xn);
-		}
-
-	ERR_clear_error();
-
-	if (0)
-		{
-err:
-		ret=0;
-		}
-	if(in != NULL)
-		BIO_free(in);
-	if(x != NULL)
-		X509_free(x);
-	
-	(void)sk_X509_NAME_set_cmp_func(stack,oldcmp);
-
-	return ret;
-	}
-
-/*!
- * Add a directory of certs to a stack.
- * \param stack the stack to append to.
- * \param dir the directory to append from. All files in this directory will be
- * examined as potential certs. Any that are acceptable to
- * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
- * included.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
-				       const char *dir)
-	{
-	OPENSSL_DIR_CTX *d = NULL;
-	const char *filename;
-	int ret = 0;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-
-	/* Note that a side effect is that the CAs will be sorted by name */
-
-	while((filename = OPENSSL_DIR_read(&d, dir)))
-		{
-		char buf[1024];
-		int r;
-
-		if(strlen(dir)+strlen(filename)+2 > sizeof buf)
-			{
-			SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
-			goto err;
-			}
-
-#ifdef OPENSSL_SYS_VMS
-		r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename);
-#else
-		r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename);
-#endif
-		if (r <= 0 || r >= (int)sizeof(buf))
-			goto err;
-		if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
-			goto err;
-		}
-
-	if (errno)
-		{
-		SYSerr(SYS_F_OPENDIR, get_last_sys_error());
-		ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
-		SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
-		goto err;
-		}
-
-	ret = 1;
-
-err:
-	if (d) OPENSSL_DIR_end(&d);
-	CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
-	return ret;
-	}
-
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
deleted file mode 100644
index 6ea8444d1b..0000000000
--- a/ssl/ssl_ciph.c
+++ /dev/null
@@ -1,1925 +0,0 @@
-/* ssl/ssl_ciph.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include "ssl_locl.h"
-
-#define SSL_ENC_DES_IDX		0
-#define SSL_ENC_3DES_IDX	1
-#define SSL_ENC_RC4_IDX		2
-#define SSL_ENC_RC2_IDX		3
-#define SSL_ENC_IDEA_IDX	4
-#define SSL_ENC_NULL_IDX	5
-#define SSL_ENC_AES128_IDX	6
-#define SSL_ENC_AES256_IDX	7
-#define SSL_ENC_CAMELLIA128_IDX	8
-#define SSL_ENC_CAMELLIA256_IDX	9
-#define SSL_ENC_GOST89_IDX	10
-#define SSL_ENC_SEED_IDX    	11
-#define SSL_ENC_AES128GCM_IDX	12
-#define SSL_ENC_AES256GCM_IDX	13
-#define SSL_ENC_NUM_IDX		14
-
-
-static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
-	NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
-	};
-
-#define SSL_COMP_NULL_IDX	0
-#define SSL_COMP_ZLIB_IDX	1
-#define SSL_COMP_NUM_IDX	2
-
-static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
-
-#define SSL_MD_MD5_IDX	0
-#define SSL_MD_SHA1_IDX	1
-#define SSL_MD_GOST94_IDX 2
-#define SSL_MD_GOST89MAC_IDX 3
-#define SSL_MD_SHA256_IDX 4
-#define SSL_MD_SHA384_IDX 5
-/*Constant SSL_MAX_DIGEST equal to size of digests array should be 
- * defined in the
- * ssl_locl.h */
-#define SSL_MD_NUM_IDX	SSL_MAX_DIGEST 
-static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
-	NULL,NULL,NULL,NULL,NULL,NULL
-	};
-/* PKEY_TYPE for GOST89MAC is known in advance, but, because
- * implementation is engine-provided, we'll fill it only if
- * corresponding EVP_PKEY_METHOD is found 
- */
-static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
-	EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
-	EVP_PKEY_HMAC,EVP_PKEY_HMAC
-	};
-
-static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
-	0,0,0,0,0,0
-	};
-
-static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
-	SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
-	SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
-	SSL_HANDSHAKE_MAC_SHA384
-	};
-
-#define CIPHER_ADD	1
-#define CIPHER_KILL	2
-#define CIPHER_DEL	3
-#define CIPHER_ORD	4
-#define CIPHER_SPECIAL	5
-
-typedef struct cipher_order_st
-	{
-	const SSL_CIPHER *cipher;
-	int active;
-	int dead;
-	struct cipher_order_st *next,*prev;
-	} CIPHER_ORDER;
-
-static const SSL_CIPHER cipher_aliases[]={
-	/* "ALL" doesn't include eNULL (must be specifically enabled) */
-	{0,SSL_TXT_ALL,0,     0,0,~SSL_eNULL,0,0,0,0,0,0},
-	/* "COMPLEMENTOFALL" */
-	{0,SSL_TXT_CMPALL,0,  0,0,SSL_eNULL,0,0,0,0,0,0},
-
-	/* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
-	{0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
-
-	/* key exchange aliases
-	 * (some of those using only a single bit here combine
-	 * multiple key exchange algs according to the RFCs,
-	 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
-	{0,SSL_TXT_kRSA,0,    SSL_kRSA,  0,0,0,0,0,0,0,0},
-
-	{0,SSL_TXT_kDHr,0,    SSL_kDHr,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-	{0,SSL_TXT_kDHd,0,    SSL_kDHd,  0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-	{0,SSL_TXT_kDH,0,     SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-	{0,SSL_TXT_kEDH,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
-
-	{0,SSL_TXT_kKRB5,0,   SSL_kKRB5, 0,0,0,0,0,0,0,0},
-
-	{0,SSL_TXT_kECDHr,0,  SSL_kECDHr,0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_kECDHe,0,  SSL_kECDHe,0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_kECDH,0,   SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_kEECDH,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
-
-        {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_kSRP,0,    SSL_kSRP,  0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
-
-	/* server authentication aliases */
-	{0,SSL_TXT_aRSA,0,    0,SSL_aRSA,  0,0,0,0,0,0,0},
-	{0,SSL_TXT_aDSS,0,    0,SSL_aDSS,  0,0,0,0,0,0,0},
-	{0,SSL_TXT_DSS,0,     0,SSL_aDSS,   0,0,0,0,0,0,0},
-	{0,SSL_TXT_aKRB5,0,   0,SSL_aKRB5, 0,0,0,0,0,0,0},
-	{0,SSL_TXT_aNULL,0,   0,SSL_aNULL, 0,0,0,0,0,0,0},
-	{0,SSL_TXT_aDH,0,     0,SSL_aDH,   0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
-	{0,SSL_TXT_aECDH,0,   0,SSL_aECDH, 0,0,0,0,0,0,0},
-	{0,SSL_TXT_aECDSA,0,  0,SSL_aECDSA,0,0,0,0,0,0,0},
-	{0,SSL_TXT_ECDSA,0,   0,SSL_aECDSA, 0,0,0,0,0,0,0},
-        {0,SSL_TXT_aPSK,0,    0,SSL_aPSK,  0,0,0,0,0,0,0},
-	{0,SSL_TXT_aGOST94,0,0,SSL_aGOST94,0,0,0,0,0,0,0},
-	{0,SSL_TXT_aGOST01,0,0,SSL_aGOST01,0,0,0,0,0,0,0},
-	{0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
-	{0,SSL_TXT_aSRP,0,    0,SSL_aSRP,  0,0,0,0,0,0,0},
-
-	/* aliases combining key exchange and server authentication */
-	{0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
-	{0,SSL_TXT_EECDH,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
-	{0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
-	{0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
-	{0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
-	{0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
-	{0,SSL_TXT_AECDH,0,   SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
-        {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
-	{0,SSL_TXT_SRP,0,     SSL_kSRP,0,0,0,0,0,0,0,0},
-
-
-	/* symmetric encryption aliases */
-	{0,SSL_TXT_DES,0,     0,0,SSL_DES,   0,0,0,0,0,0},
-	{0,SSL_TXT_3DES,0,    0,0,SSL_3DES,  0,0,0,0,0,0},
-	{0,SSL_TXT_RC4,0,     0,0,SSL_RC4,   0,0,0,0,0,0},
-	{0,SSL_TXT_RC2,0,     0,0,SSL_RC2,   0,0,0,0,0,0},
-	{0,SSL_TXT_IDEA,0,    0,0,SSL_IDEA,  0,0,0,0,0,0},
-	{0,SSL_TXT_SEED,0,    0,0,SSL_SEED,  0,0,0,0,0,0},
-	{0,SSL_TXT_eNULL,0,   0,0,SSL_eNULL, 0,0,0,0,0,0},
-	{0,SSL_TXT_AES128,0,  0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0},
-	{0,SSL_TXT_AES256,0,  0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0},
-	{0,SSL_TXT_AES,0,     0,0,SSL_AES,0,0,0,0,0,0},
-	{0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0},
-	{0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
-	{0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
-	{0,SSL_TXT_CAMELLIA   ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
-
-	/* MAC aliases */	
-	{0,SSL_TXT_MD5,0,     0,0,0,SSL_MD5,   0,0,0,0,0},
-	{0,SSL_TXT_SHA1,0,    0,0,0,SSL_SHA1,  0,0,0,0,0},
-	{0,SSL_TXT_SHA,0,     0,0,0,SSL_SHA1,  0,0,0,0,0},
-	{0,SSL_TXT_GOST94,0,     0,0,0,SSL_GOST94,  0,0,0,0,0},
-	{0,SSL_TXT_GOST89MAC,0,     0,0,0,SSL_GOST89MAC,  0,0,0,0,0},
-	{0,SSL_TXT_SHA256,0,    0,0,0,SSL_SHA256,  0,0,0,0,0},
-	{0,SSL_TXT_SHA384,0,    0,0,0,SSL_SHA384,  0,0,0,0,0},
-
-	/* protocol version aliases */
-	{0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
-	{0,SSL_TXT_SSLV3,0,   0,0,0,0,SSL_SSLV3, 0,0,0,0},
-	{0,SSL_TXT_TLSV1,0,   0,0,0,0,SSL_TLSV1, 0,0,0,0},
-	{0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0},
-
-	/* export flag */
-	{0,SSL_TXT_EXP,0,     0,0,0,0,0,SSL_EXPORT,0,0,0},
-	{0,SSL_TXT_EXPORT,0,  0,0,0,0,0,SSL_EXPORT,0,0,0},
-
-	/* strength classes */
-	{0,SSL_TXT_EXP40,0,   0,0,0,0,0,SSL_EXP40, 0,0,0},
-	{0,SSL_TXT_EXP56,0,   0,0,0,0,0,SSL_EXP56, 0,0,0},
-	{0,SSL_TXT_LOW,0,     0,0,0,0,0,SSL_LOW,   0,0,0},
-	{0,SSL_TXT_MEDIUM,0,  0,0,0,0,0,SSL_MEDIUM,0,0,0},
-	{0,SSL_TXT_HIGH,0,    0,0,0,0,0,SSL_HIGH,  0,0,0},
-	/* FIPS 140-2 approved ciphersuite */
-	{0,SSL_TXT_FIPS,0,    0,0,~SSL_eNULL,0,0,SSL_FIPS,  0,0,0},
-	};
-/* Search for public key algorithm with given name and 
- * return its pkey_id if it is available. Otherwise return 0
- */
-#ifdef OPENSSL_NO_ENGINE
-
-static int get_optional_pkey_id(const char *pkey_name)
-	{
-	const EVP_PKEY_ASN1_METHOD *ameth;
-	int pkey_id=0;
-	ameth = EVP_PKEY_asn1_find_str(NULL,pkey_name,-1);
-	if (ameth) 
-		{
-		EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
-		}		
-	return pkey_id;
-	}
-
-#else
-
-static int get_optional_pkey_id(const char *pkey_name)
-	{
-	const EVP_PKEY_ASN1_METHOD *ameth;
-	ENGINE *tmpeng = NULL;
-	int pkey_id=0;
-	ameth = EVP_PKEY_asn1_find_str(&tmpeng,pkey_name,-1);
-	if (ameth)
-		{
-		EVP_PKEY_asn1_get0_info(&pkey_id, NULL,NULL,NULL,NULL,ameth);
-		}
-	if (tmpeng) ENGINE_finish(tmpeng);
-	return pkey_id;
-	}
-
-#endif
-
-void ssl_load_ciphers(void)
-	{
-	ssl_cipher_methods[SSL_ENC_DES_IDX]= 
-		EVP_get_cipherbyname(SN_des_cbc);
-	ssl_cipher_methods[SSL_ENC_3DES_IDX]=
-		EVP_get_cipherbyname(SN_des_ede3_cbc);
-	ssl_cipher_methods[SSL_ENC_RC4_IDX]=
-		EVP_get_cipherbyname(SN_rc4);
-	ssl_cipher_methods[SSL_ENC_RC2_IDX]= 
-		EVP_get_cipherbyname(SN_rc2_cbc);
-#ifndef OPENSSL_NO_IDEA
-	ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
-		EVP_get_cipherbyname(SN_idea_cbc);
-#else
-	ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
-#endif
-	ssl_cipher_methods[SSL_ENC_AES128_IDX]=
-	  EVP_get_cipherbyname(SN_aes_128_cbc);
-	ssl_cipher_methods[SSL_ENC_AES256_IDX]=
-	  EVP_get_cipherbyname(SN_aes_256_cbc);
-	ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
-	  EVP_get_cipherbyname(SN_camellia_128_cbc);
-	ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
-	  EVP_get_cipherbyname(SN_camellia_256_cbc);
-	ssl_cipher_methods[SSL_ENC_GOST89_IDX]=
-	  EVP_get_cipherbyname(SN_gost89_cnt);
-	ssl_cipher_methods[SSL_ENC_SEED_IDX]=
-	  EVP_get_cipherbyname(SN_seed_cbc);
-
-	ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]=
-	  EVP_get_cipherbyname(SN_aes_128_gcm);
-	ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]=
-	  EVP_get_cipherbyname(SN_aes_256_gcm);
-
-	ssl_digest_methods[SSL_MD_MD5_IDX]=
-		EVP_get_digestbyname(SN_md5);
-	ssl_mac_secret_size[SSL_MD_MD5_IDX]=
-		EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
-	OPENSSL_assert(ssl_mac_secret_size[SSL_MD_MD5_IDX] >= 0);
-	ssl_digest_methods[SSL_MD_SHA1_IDX]=
-		EVP_get_digestbyname(SN_sha1);
-	ssl_mac_secret_size[SSL_MD_SHA1_IDX]=
-		EVP_MD_size(ssl_digest_methods[SSL_MD_SHA1_IDX]);
-	OPENSSL_assert(ssl_mac_secret_size[SSL_MD_SHA1_IDX] >= 0);
-	ssl_digest_methods[SSL_MD_GOST94_IDX]=
-		EVP_get_digestbyname(SN_id_GostR3411_94);
-	if (ssl_digest_methods[SSL_MD_GOST94_IDX])
-		{	
-		ssl_mac_secret_size[SSL_MD_GOST94_IDX]=
-			EVP_MD_size(ssl_digest_methods[SSL_MD_GOST94_IDX]);
-		OPENSSL_assert(ssl_mac_secret_size[SSL_MD_GOST94_IDX] >= 0);
-		}
-	ssl_digest_methods[SSL_MD_GOST89MAC_IDX]=
-		EVP_get_digestbyname(SN_id_Gost28147_89_MAC);
-		ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
-		if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]) {
-			ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
-		}		
-
-	ssl_digest_methods[SSL_MD_SHA256_IDX]=
-		EVP_get_digestbyname(SN_sha256);
-	ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
-		EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
-	ssl_digest_methods[SSL_MD_SHA384_IDX]=
-		EVP_get_digestbyname(SN_sha384);
-	ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
-		EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
-	}
-#ifndef OPENSSL_NO_COMP
-
-static int sk_comp_cmp(const SSL_COMP * const *a,
-			const SSL_COMP * const *b)
-	{
-	return((*a)->id-(*b)->id);
-	}
-
-static void load_builtin_compressions(void)
-	{
-	int got_write_lock = 0;
-
-	CRYPTO_r_lock(CRYPTO_LOCK_SSL);
-	if (ssl_comp_methods == NULL)
-		{
-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
-		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-		got_write_lock = 1;
-		
-		if (ssl_comp_methods == NULL)
-			{
-			SSL_COMP *comp = NULL;
-
-			MemCheck_off();
-			ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
-			if (ssl_comp_methods != NULL)
-				{
-				comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
-				if (comp != NULL)
-					{
-					comp->method=COMP_zlib();
-					if (comp->method
-						&& comp->method->type == NID_undef)
-						OPENSSL_free(comp);
-					else
-						{
-						comp->id=SSL_COMP_ZLIB_IDX;
-						comp->name=comp->method->name;
-						sk_SSL_COMP_push(ssl_comp_methods,comp);
-						}
-					}
-					sk_SSL_COMP_sort(ssl_comp_methods);
-				}
-			MemCheck_on();
-			}
-		}
-	
-	if (got_write_lock)
-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-	else
-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
-	}
-#endif
-
-int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-	     const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,SSL_COMP **comp)
-	{
-	int i;
-	const SSL_CIPHER *c;
-
-	c=s->cipher;
-	if (c == NULL) return(0);
-	if (comp != NULL)
-		{
-		SSL_COMP ctmp;
-#ifndef OPENSSL_NO_COMP
-		load_builtin_compressions();
-#endif
-
-		*comp=NULL;
-		ctmp.id=s->compress_meth;
-		if (ssl_comp_methods != NULL)
-			{
-			i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
-			if (i >= 0)
-				*comp=sk_SSL_COMP_value(ssl_comp_methods,i);
-			else
-				*comp=NULL;
-			}
-		}
-
-	if ((enc == NULL) || (md == NULL)) return(0);
-
-	switch (c->algorithm_enc)
-		{
-	case SSL_DES:
-		i=SSL_ENC_DES_IDX;
-		break;
-	case SSL_3DES:
-		i=SSL_ENC_3DES_IDX;
-		break;
-	case SSL_RC4:
-		i=SSL_ENC_RC4_IDX;
-		break;
-	case SSL_RC2:
-		i=SSL_ENC_RC2_IDX;
-		break;
-	case SSL_IDEA:
-		i=SSL_ENC_IDEA_IDX;
-		break;
-	case SSL_eNULL:
-		i=SSL_ENC_NULL_IDX;
-		break;
-	case SSL_AES128:
-		i=SSL_ENC_AES128_IDX;
-		break;
-	case SSL_AES256:
-		i=SSL_ENC_AES256_IDX;
-		break;
-	case SSL_CAMELLIA128:
-		i=SSL_ENC_CAMELLIA128_IDX;
-		break;
-	case SSL_CAMELLIA256:
-		i=SSL_ENC_CAMELLIA256_IDX;
-		break;
-	case SSL_eGOST2814789CNT:
-		i=SSL_ENC_GOST89_IDX;
-		break;
-	case SSL_SEED:
-		i=SSL_ENC_SEED_IDX;
-		break;
-	case SSL_AES128GCM:
-		i=SSL_ENC_AES128GCM_IDX;
-		break;
-	case SSL_AES256GCM:
-		i=SSL_ENC_AES256GCM_IDX;
-		break;
-	default:
-		i= -1;
-		break;
-		}
-
-	if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
-		*enc=NULL;
-	else
-		{
-		if (i == SSL_ENC_NULL_IDX)
-			*enc=EVP_enc_null();
-		else
-			*enc=ssl_cipher_methods[i];
-		}
-
-	switch (c->algorithm_mac)
-		{
-	case SSL_MD5:
-		i=SSL_MD_MD5_IDX;
-		break;
-	case SSL_SHA1:
-		i=SSL_MD_SHA1_IDX;
-		break;
-	case SSL_SHA256:
-		i=SSL_MD_SHA256_IDX;
-		break;
-	case SSL_SHA384:
-		i=SSL_MD_SHA384_IDX;
-		break;
-	case SSL_GOST94:
-		i = SSL_MD_GOST94_IDX;
-		break;
-	case SSL_GOST89MAC:
-		i = SSL_MD_GOST89MAC_IDX;
-		break;
-	default:
-		i= -1;
-		break;
-		}
-	if ((i < 0) || (i >= SSL_MD_NUM_IDX))
-	{
-		*md=NULL; 
-		if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
-		if (mac_secret_size!=NULL) *mac_secret_size = 0;
-		if (c->algorithm_mac == SSL_AEAD)
-			mac_pkey_type = NULL;
-	}
-	else
-	{
-		*md=ssl_digest_methods[i];
-		if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
-		if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
-	}
-
-	if ((*enc != NULL) &&
-	    (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
-	    (!mac_pkey_type||*mac_pkey_type != NID_undef))
-		{
-		const EVP_CIPHER *evp;
-
-		if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
-		    s->ssl_version < TLS1_VERSION)
-			return 1;
-
-#ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			return 1;
-#endif
-
-		if	(c->algorithm_enc == SSL_RC4 &&
-			 c->algorithm_mac == SSL_MD5 &&
-			 (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
-			*enc = evp, *md = NULL;
-		else if (c->algorithm_enc == SSL_AES128 &&
-			 c->algorithm_mac == SSL_SHA1 &&
-			 (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
-			*enc = evp, *md = NULL;
-		else if (c->algorithm_enc == SSL_AES256 &&
-			 c->algorithm_mac == SSL_SHA1 &&
-			 (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
-			*enc = evp, *md = NULL;
-		return(1);
-		}
-	else
-		return(0);
-	}
-
-int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md) 
-{
-	if (idx <0||idx>=SSL_MD_NUM_IDX) 
-		{
-		return 0;
-		}
-	*mask = ssl_handshake_digest_flag[idx];
-	if (*mask)
-		*md = ssl_digest_methods[idx];
-	else
-		*md = NULL;
-	return 1;
-}
-
-#define ITEM_SEP(a) \
-	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
-
-static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
-	     CIPHER_ORDER **tail)
-	{
-	if (curr == *tail) return;
-	if (curr == *head)
-		*head=curr->next;
-	if (curr->prev != NULL)
-		curr->prev->next=curr->next;
-	if (curr->next != NULL)
-		curr->next->prev=curr->prev;
-	(*tail)->next=curr;
-	curr->prev= *tail;
-	curr->next=NULL;
-	*tail=curr;
-	}
-
-static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
-	     CIPHER_ORDER **tail)
-	{
-	if (curr == *head) return;
-	if (curr == *tail)
-		*tail=curr->prev;
-	if (curr->next != NULL)
-		curr->next->prev=curr->prev;
-	if (curr->prev != NULL)
-		curr->prev->next=curr->next;
-	(*head)->prev=curr;
-	curr->next= *head;
-	curr->prev=NULL;
-	*head=curr;
-	}
-
-static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, unsigned long *enc, unsigned long *mac, unsigned long *ssl)
-	{
-	*mkey = 0;
-	*auth = 0;
-	*enc = 0;
-	*mac = 0;
-	*ssl = 0;
-
-#ifdef OPENSSL_NO_RSA
-	*mkey |= SSL_kRSA;
-	*auth |= SSL_aRSA;
-#endif
-#ifdef OPENSSL_NO_DSA
-	*auth |= SSL_aDSS;
-#endif
-	*mkey |= SSL_kDHr|SSL_kDHd; /* no such ciphersuites supported! */
-	*auth |= SSL_aDH;
-#ifdef OPENSSL_NO_DH
-	*mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
-	*auth |= SSL_aDH;
-#endif
-#ifdef OPENSSL_NO_KRB5
-	*mkey |= SSL_kKRB5;
-	*auth |= SSL_aKRB5;
-#endif
-#ifdef OPENSSL_NO_ECDSA
-	*auth |= SSL_aECDSA;
-#endif
-#ifdef OPENSSL_NO_ECDH
-	*mkey |= SSL_kECDHe|SSL_kECDHr;
-	*auth |= SSL_aECDH;
-#endif
-#ifdef OPENSSL_NO_PSK
-	*mkey |= SSL_kPSK;
-	*auth |= SSL_aPSK;
-#endif
-#ifdef OPENSSL_NO_SRP
-	*mkey |= SSL_kSRP;
-#endif
-	/* Check for presence of GOST 34.10 algorithms, and if they
-	 * do not present, disable  appropriate auth and key exchange */
-	if (!get_optional_pkey_id("gost94")) {
-		*auth |= SSL_aGOST94;
-	}
-	if (!get_optional_pkey_id("gost2001")) {
-		*auth |= SSL_aGOST01;
-	}
-	/* Disable GOST key exchange if no GOST signature algs are available * */
-	if ((*auth & (SSL_aGOST94|SSL_aGOST01)) == (SSL_aGOST94|SSL_aGOST01)) {
-		*mkey |= SSL_kGOST;
-	}	
-#ifdef SSL_FORBID_ENULL
-	*enc |= SSL_eNULL;
-#endif
-		
-
-
-	*enc |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
-	*enc |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
-
-	*mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
-	*mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
-	*mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
-	*mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
-	*mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
-	*mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
-
-	}
-
-static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
-                int num_of_ciphers,
-                unsigned long disabled_mkey, unsigned long disabled_auth,
-                unsigned long disabled_enc, unsigned long disabled_mac,
-                unsigned long disabled_ssl,
-                CIPHER_ORDER *co_list,
-                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
-	{
-	int i, co_list_num;
-	const SSL_CIPHER *c;
-
-	/*
-	 * We have num_of_ciphers descriptions compiled in, depending on the
-	 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
-	 * These will later be sorted in a linked list with at most num
-	 * entries.
-	 */
-
-	/* Get the initial list of ciphers */
-	co_list_num = 0;	/* actual count of ciphers */
-	for (i = 0; i < num_of_ciphers; i++)
-		{
-		c = ssl_method->get_cipher(i);
-		/* drop those that use any of that is not available */
-		if ((c != NULL) && c->valid &&
-#ifdef OPENSSL_FIPS
-		    (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
-#endif
-		    !(c->algorithm_mkey & disabled_mkey) &&
-		    !(c->algorithm_auth & disabled_auth) &&
-		    !(c->algorithm_enc & disabled_enc) &&
-		    !(c->algorithm_mac & disabled_mac) &&
-		    !(c->algorithm_ssl & disabled_ssl))
-			{
-			co_list[co_list_num].cipher = c;
-			co_list[co_list_num].next = NULL;
-			co_list[co_list_num].prev = NULL;
-			co_list[co_list_num].active = 0;
-			co_list_num++;
-#ifdef KSSL_DEBUG
-			fprintf(stderr,"\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
-#endif	/* KSSL_DEBUG */
-			/*
-			if (!sk_push(ca_list,(char *)c)) goto err;
-			*/
-			}
-		}
-
-	/*
-	 * Prepare linked list from list entries
-	 */	
-	if (co_list_num > 0)
-		{
-		co_list[0].prev = NULL;
-
-		if (co_list_num > 1)
-			{
-			co_list[0].next = &co_list[1];
-			
-			for (i = 1; i < co_list_num - 1; i++)
-				{
-				co_list[i].prev = &co_list[i - 1];
-				co_list[i].next = &co_list[i + 1];
-				}
-
-			co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
-			}
-		
-		co_list[co_list_num - 1].next = NULL;
-
-		*head_p = &co_list[0];
-		*tail_p = &co_list[co_list_num - 1];
-		}
-	}
-
-static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
-                        int num_of_group_aliases,
-                        unsigned long disabled_mkey, unsigned long disabled_auth,
-                        unsigned long disabled_enc, unsigned long disabled_mac,
-                        unsigned long disabled_ssl,
-			CIPHER_ORDER *head)
-	{
-	CIPHER_ORDER *ciph_curr;
-	const SSL_CIPHER **ca_curr;
-	int i;
-	unsigned long mask_mkey = ~disabled_mkey;
-	unsigned long mask_auth = ~disabled_auth;
-	unsigned long mask_enc = ~disabled_enc;
-	unsigned long mask_mac = ~disabled_mac;
-	unsigned long mask_ssl = ~disabled_ssl;
-
-	/*
-	 * First, add the real ciphers as already collected
-	 */
-	ciph_curr = head;
-	ca_curr = ca_list;
-	while (ciph_curr != NULL)
-		{
-		*ca_curr = ciph_curr->cipher;
-		ca_curr++;
-		ciph_curr = ciph_curr->next;
-		}
-
-	/*
-	 * Now we add the available ones from the cipher_aliases[] table.
-	 * They represent either one or more algorithms, some of which
-	 * in any affected category must be supported (set in enabled_mask),
-	 * or represent a cipher strength value (will be added in any case because algorithms=0).
-	 */
-	for (i = 0; i < num_of_group_aliases; i++)
-		{
-		unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
-		unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
-		unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
-		unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
-		unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
-
-		if (algorithm_mkey)
-			if ((algorithm_mkey & mask_mkey) == 0)
-				continue;
-	
-		if (algorithm_auth)
-			if ((algorithm_auth & mask_auth) == 0)
-				continue;
-		
-		if (algorithm_enc)
-			if ((algorithm_enc & mask_enc) == 0)
-				continue;
-		
-		if (algorithm_mac)
-			if ((algorithm_mac & mask_mac) == 0)
-				continue;
-		
-		if (algorithm_ssl)
-			if ((algorithm_ssl & mask_ssl) == 0)
-				continue;
-		
-		*ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
-		ca_curr++;
-		}
-
-	*ca_curr = NULL;	/* end of list */
-	}
-
-static void ssl_cipher_apply_rule(unsigned long cipher_id,
-                unsigned long alg_mkey, unsigned long alg_auth,
-                unsigned long alg_enc, unsigned long alg_mac,
-                unsigned long alg_ssl,
-		unsigned long algo_strength,
-		int rule, int strength_bits,
-		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
-	{
-	CIPHER_ORDER *head, *tail, *curr, *next, *last;
-	const SSL_CIPHER *cp;
-	int reverse = 0;
-
-#ifdef CIPHER_DEBUG
-	fprintf(stderr, "Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
-		rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
-#endif
-
-	if (rule == CIPHER_DEL)
-		reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
-
-	head = *head_p;
-	tail = *tail_p;
-
-	if (reverse)
-		{
-		next = tail;
-		last = head;
-		}
-	else
-		{
-		next = head;
-		last = tail;
-		}
-
-	curr = NULL;
-	for (;;)
-		{
-		if (curr == last) break;
-
-		curr = next;
-
-		if (curr == NULL) break;
-
-		next = reverse ? curr->prev : curr->next;
-
-		cp = curr->cipher;
-
-		/*
-		 * Selection criteria is either the value of strength_bits
-		 * or the algorithms used.
-		 */
-		if (strength_bits >= 0)
-			{
-			if (strength_bits != cp->strength_bits)
-				continue;
-			}
-		else
-			{
-#ifdef CIPHER_DEBUG
-			fprintf(stderr, "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
-#endif
-
-			if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
-				continue;
-			if (alg_auth && !(alg_auth & cp->algorithm_auth))
-				continue;
-			if (alg_enc && !(alg_enc & cp->algorithm_enc))
-				continue;
-			if (alg_mac && !(alg_mac & cp->algorithm_mac))
-				continue;
-			if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
-				continue;
-			if ((algo_strength & SSL_EXP_MASK) && !(algo_strength & SSL_EXP_MASK & cp->algo_strength))
-				continue;
-			if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
-				continue;
-			}
-
-#ifdef CIPHER_DEBUG
-		fprintf(stderr, "Action = %d\n", rule);
-#endif
-
-		/* add the cipher if it has not been added yet. */
-		if (rule == CIPHER_ADD)
-			{
-			/* reverse == 0 */
-			if (!curr->active)
-				{
-				ll_append_tail(&head, curr, &tail);
-				curr->active = 1;
-				}
-			}
-		/* Move the added cipher to this location */
-		else if (rule == CIPHER_ORD)
-			{
-			/* reverse == 0 */
-			if (curr->active)
-				{
-				ll_append_tail(&head, curr, &tail);
-				}
-			}
-		else if	(rule == CIPHER_DEL)
-			{
-			/* reverse == 1 */
-			if (curr->active)
-				{
-				/* most recently deleted ciphersuites get best positions
-				 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
-				 * works in reverse to maintain the order) */
-				ll_append_head(&head, curr, &tail);
-				curr->active = 0;
-				}
-			}
-		else if (rule == CIPHER_KILL)
-			{
-			/* reverse == 0 */
-			if (head == curr)
-				head = curr->next;
-			else
-				curr->prev->next = curr->next;
-			if (tail == curr)
-				tail = curr->prev;
-			curr->active = 0;
-			if (curr->next != NULL)
-				curr->next->prev = curr->prev;
-			if (curr->prev != NULL)
-				curr->prev->next = curr->next;
-			curr->next = NULL;
-			curr->prev = NULL;
-			}
-		}
-
-	*head_p = head;
-	*tail_p = tail;
-	}
-
-static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
-				    CIPHER_ORDER **tail_p)
-	{
-	int max_strength_bits, i, *number_uses;
-	CIPHER_ORDER *curr;
-
-	/*
-	 * This routine sorts the ciphers with descending strength. The sorting
-	 * must keep the pre-sorted sequence, so we apply the normal sorting
-	 * routine as '+' movement to the end of the list.
-	 */
-	max_strength_bits = 0;
-	curr = *head_p;
-	while (curr != NULL)
-		{
-		if (curr->active &&
-		    (curr->cipher->strength_bits > max_strength_bits))
-		    max_strength_bits = curr->cipher->strength_bits;
-		curr = curr->next;
-		}
-
-	number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
-	if (!number_uses)
-		{
-		SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
-
-	/*
-	 * Now find the strength_bits values actually used
-	 */
-	curr = *head_p;
-	while (curr != NULL)
-		{
-		if (curr->active)
-			number_uses[curr->cipher->strength_bits]++;
-		curr = curr->next;
-		}
-	/*
-	 * Go through the list of used strength_bits values in descending
-	 * order.
-	 */
-	for (i = max_strength_bits; i >= 0; i--)
-		if (number_uses[i] > 0)
-			ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
-
-	OPENSSL_free(number_uses);
-	return(1);
-	}
-
-static int ssl_cipher_process_rulestr(const char *rule_str,
-                CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
-                const SSL_CIPHER **ca_list)
-	{
-	unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
-	const char *l, *buf;
-	int j, multi, found, rule, retval, ok, buflen;
-	unsigned long cipher_id = 0;
-	char ch;
-
-	retval = 1;
-	l = rule_str;
-	for (;;)
-		{
-		ch = *l;
-
-		if (ch == '\0')
-			break;		/* done */
-		if (ch == '-')
-			{ rule = CIPHER_DEL; l++; }
-		else if (ch == '+')
-			{ rule = CIPHER_ORD; l++; }
-		else if (ch == '!')
-			{ rule = CIPHER_KILL; l++; }
-		else if (ch == '@')
-			{ rule = CIPHER_SPECIAL; l++; }
-		else
-			{ rule = CIPHER_ADD; }
-
-		if (ITEM_SEP(ch))
-			{
-			l++;
-			continue;
-			}
-
-		alg_mkey = 0;
-		alg_auth = 0;
-		alg_enc = 0;
-		alg_mac = 0;
-		alg_ssl = 0;
-		algo_strength = 0;
-
-		for (;;)
-			{
-			ch = *l;
-			buf = l;
-			buflen = 0;
-#ifndef CHARSET_EBCDIC
-			while (	((ch >= 'A') && (ch <= 'Z')) ||
-				((ch >= '0') && (ch <= '9')) ||
-				((ch >= 'a') && (ch <= 'z')) ||
-				 (ch == '-') || (ch == '.'))
-#else
-			while (	isalnum(ch) || (ch == '-') || (ch == '.'))
-#endif
-				 {
-				 ch = *(++l);
-				 buflen++;
-				 }
-
-			if (buflen == 0)
-				{
-				/*
-				 * We hit something we cannot deal with,
-				 * it is no command or separator nor
-				 * alphanumeric, so we call this an error.
-				 */
-				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
-				       SSL_R_INVALID_COMMAND);
-				retval = found = 0;
-				l++;
-				break;
-				}
-
-			if (rule == CIPHER_SPECIAL)
-				{
-				found = 0; /* unused -- avoid compiler warning */
-				break;	/* special treatment */
-				}
-
-			/* check for multi-part specification */
-			if (ch == '+')
-				{
-				multi=1;
-				l++;
-				}
-			else
-				multi=0;
-
-			/*
-			 * Now search for the cipher alias in the ca_list. Be careful
-			 * with the strncmp, because the "buflen" limitation
-			 * will make the rule "ADH:SOME" and the cipher
-			 * "ADH-MY-CIPHER" look like a match for buflen=3.
-			 * So additionally check whether the cipher name found
-			 * has the correct length. We can save a strlen() call:
-			 * just checking for the '\0' at the right place is
-			 * sufficient, we have to strncmp() anyway. (We cannot
-			 * use strcmp(), because buf is not '\0' terminated.)
-			 */
-			j = found = 0;
-			cipher_id = 0;
-			while (ca_list[j])
-				{
-				if (!strncmp(buf, ca_list[j]->name, buflen) &&
-				    (ca_list[j]->name[buflen] == '\0'))
-					{
-					found = 1;
-					break;
-					}
-				else
-					j++;
-				}
-
-			if (!found)
-				break;	/* ignore this entry */
-
-			if (ca_list[j]->algorithm_mkey)
-				{
-				if (alg_mkey)
-					{
-					alg_mkey &= ca_list[j]->algorithm_mkey;
-					if (!alg_mkey) { found = 0; break; }
-					}
-				else
-					alg_mkey = ca_list[j]->algorithm_mkey;
-				}
-
-			if (ca_list[j]->algorithm_auth)
-				{
-				if (alg_auth)
-					{
-					alg_auth &= ca_list[j]->algorithm_auth;
-					if (!alg_auth) { found = 0; break; }
-					}
-				else
-					alg_auth = ca_list[j]->algorithm_auth;
-				}
-			
-			if (ca_list[j]->algorithm_enc)
-				{
-				if (alg_enc)
-					{
-					alg_enc &= ca_list[j]->algorithm_enc;
-					if (!alg_enc) { found = 0; break; }
-					}
-				else
-					alg_enc = ca_list[j]->algorithm_enc;
-				}
-						
-			if (ca_list[j]->algorithm_mac)
-				{
-				if (alg_mac)
-					{
-					alg_mac &= ca_list[j]->algorithm_mac;
-					if (!alg_mac) { found = 0; break; }
-					}
-				else
-					alg_mac = ca_list[j]->algorithm_mac;
-				}
-			
-			if (ca_list[j]->algo_strength & SSL_EXP_MASK)
-				{
-				if (algo_strength & SSL_EXP_MASK)
-					{
-					algo_strength &= (ca_list[j]->algo_strength & SSL_EXP_MASK) | ~SSL_EXP_MASK;
-					if (!(algo_strength & SSL_EXP_MASK)) { found = 0; break; }
-					}
-				else
-					algo_strength |= ca_list[j]->algo_strength & SSL_EXP_MASK;
-				}
-
-			if (ca_list[j]->algo_strength & SSL_STRONG_MASK)
-				{
-				if (algo_strength & SSL_STRONG_MASK)
-					{
-					algo_strength &= (ca_list[j]->algo_strength & SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
-					if (!(algo_strength & SSL_STRONG_MASK)) { found = 0; break; }
-					}
-				else
-					algo_strength |= ca_list[j]->algo_strength & SSL_STRONG_MASK;
-				}
-			
-			if (ca_list[j]->valid)
-				{
-				/* explicit ciphersuite found; its protocol version
-				 * does not become part of the search pattern!*/
-
-				cipher_id = ca_list[j]->id;
-				}
-			else
-				{
-				/* not an explicit ciphersuite; only in this case, the
-				 * protocol version is considered part of the search pattern */
-
-				if (ca_list[j]->algorithm_ssl)
-					{
-					if (alg_ssl)
-						{
-						alg_ssl &= ca_list[j]->algorithm_ssl;
-						if (!alg_ssl) { found = 0; break; }
-						}
-					else
-						alg_ssl = ca_list[j]->algorithm_ssl;
-					}
-				}
-			
-			if (!multi) break;
-			}
-
-		/*
-		 * Ok, we have the rule, now apply it
-		 */
-		if (rule == CIPHER_SPECIAL)
-			{	/* special command */
-			ok = 0;
-			if ((buflen == 8) &&
-				!strncmp(buf, "STRENGTH", 8))
-				ok = ssl_cipher_strength_sort(head_p, tail_p);
-			else
-				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
-					SSL_R_INVALID_COMMAND);
-			if (ok == 0)
-				retval = 0;
-			/*
-			 * We do not support any "multi" options
-			 * together with "@", so throw away the
-			 * rest of the command, if any left, until
-			 * end or ':' is found.
-			 */
-			while ((*l != '\0') && !ITEM_SEP(*l))
-				l++;
-			}
-		else if (found)
-			{
-			ssl_cipher_apply_rule(cipher_id,
-				alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
-				rule, -1, head_p, tail_p);
-			}
-		else
-			{
-			while ((*l != '\0') && !ITEM_SEP(*l))
-				l++;
-			}
-		if (*l == '\0') break; /* done */
-		}
-
-	return(retval);
-	}
-
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
-		STACK_OF(SSL_CIPHER) **cipher_list,
-		STACK_OF(SSL_CIPHER) **cipher_list_by_id,
-		const char *rule_str)
-	{
-	int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
-	unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
-	STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
-	const char *rule_p;
-	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
-	const SSL_CIPHER **ca_list = NULL;
-
-	/*
-	 * Return with error if nothing to do.
-	 */
-	if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
-		return NULL;
-
-	/*
-	 * To reduce the work to do we only want to process the compiled
-	 * in algorithms, so we first get the mask of disabled ciphers.
-	 */
-	ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
-
-	/*
-	 * Now we have to collect the available ciphers from the compiled
-	 * in ciphers. We cannot get more than the number compiled in, so
-	 * it is used for allocation.
-	 */
-	num_of_ciphers = ssl_method->num_ciphers();
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
-#endif    /* KSSL_DEBUG */
-	co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
-	if (co_list == NULL)
-		{
-		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
-		return(NULL);	/* Failure */
-		}
-
-	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-	                           disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
-	                           co_list, &head, &tail);
-
-
-	/* Now arrange all ciphers by preference: */
-
-	/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
-	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
-
-	/* AES is our preferred symmetric cipher */
-	ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-
-	/* Temporarily enable everything else for sorting */
-	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-
-	/* Low priority for MD5 */
-	ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
-
-	/* Move anonymous ciphers to the end.  Usually, these will remain disabled.
-	 * (For applications that allow them, they aren't too bad, but we prefer
-	 * authenticated ciphers.) */
-	ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
-
-	/* Move ciphers without forward secrecy to the end */
-	ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
-	/* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
-	ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
-	ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
-	ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
-
-	/* RC4 is sort-of broken -- move the the end */
-	ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
-
-	/* Now sort by symmetric encryption strength.  The above ordering remains
-	 * in force within each class */
-	if (!ssl_cipher_strength_sort(&head, &tail))
-		{
-		OPENSSL_free(co_list);
-		return NULL;
-		}
-
-	/* Now disable everything (maintaining the ordering!) */
-	ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
-
-
-	/*
-	 * We also need cipher aliases for selecting based on the rule_str.
-	 * There might be two types of entries in the rule_str: 1) names
-	 * of ciphers themselves 2) aliases for groups of ciphers.
-	 * For 1) we need the available ciphers and for 2) the cipher
-	 * groups of cipher_aliases added together in one list (otherwise
-	 * we would be happy with just the cipher_aliases table).
-	 */
-	num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
-	num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
-	ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
-	if (ca_list == NULL)
-		{
-		OPENSSL_free(co_list);
-		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
-		return(NULL);	/* Failure */
-		}
-	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
-	                           disabled_mkey, disabled_auth, disabled_enc,
-				   disabled_mac, disabled_ssl, head);
-
-	/*
-	 * If the rule_string begins with DEFAULT, apply the default rule
-	 * before using the (possibly available) additional rules.
-	 */
-	ok = 1;
-	rule_p = rule_str;
-	if (strncmp(rule_str,"DEFAULT",7) == 0)
-		{
-		ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
-			&head, &tail, ca_list);
-		rule_p += 7;
-		if (*rule_p == ':')
-			rule_p++;
-		}
-
-	if (ok && (strlen(rule_p) > 0))
-		ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
-
-	OPENSSL_free((void *)ca_list);	/* Not needed anymore */
-
-	if (!ok)
-		{	/* Rule processing failure */
-		OPENSSL_free(co_list);
-		return(NULL);
-		}
-	
-	/*
-	 * Allocate new "cipherstack" for the result, return with error
-	 * if we cannot get one.
-	 */
-	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
-		{
-		OPENSSL_free(co_list);
-		return(NULL);
-		}
-
-	/*
-	 * The cipher selection for the list is done. The ciphers are added
-	 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
-	 */
-	for (curr = head; curr != NULL; curr = curr->next)
-		{
-#ifdef OPENSSL_FIPS
-		if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
-#else
-		if (curr->active)
-#endif
-			{
-			sk_SSL_CIPHER_push(cipherstack, curr->cipher);
-#ifdef CIPHER_DEBUG
-			fprintf(stderr, "<%s>\n",curr->cipher->name);
-#endif
-			}
-		}
-	OPENSSL_free(co_list);	/* Not needed any longer */
-
-	tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
-	if (tmp_cipher_list == NULL)
-		{
-		sk_SSL_CIPHER_free(cipherstack);
-		return NULL;
-		}
-	if (*cipher_list != NULL)
-		sk_SSL_CIPHER_free(*cipher_list);
-	*cipher_list = cipherstack;
-	if (*cipher_list_by_id != NULL)
-		sk_SSL_CIPHER_free(*cipher_list_by_id);
-	*cipher_list_by_id = tmp_cipher_list;
-	(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
-
-	sk_SSL_CIPHER_sort(*cipher_list_by_id);
-	return(cipherstack);
-	}
-
-char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
-	{
-	int is_export,pkl,kl;
-	const char *ver,*exp_str;
-	const char *kx,*au,*enc,*mac;
-	unsigned long alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl,alg2;
-#ifdef KSSL_DEBUG
-	static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n";
-#else
-	static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
-#endif /* KSSL_DEBUG */
-
-	alg_mkey = cipher->algorithm_mkey;
-	alg_auth = cipher->algorithm_auth;
-	alg_enc = cipher->algorithm_enc;
-	alg_mac = cipher->algorithm_mac;
-	alg_ssl = cipher->algorithm_ssl;
-
-	alg2=cipher->algorithm2;
-
-	is_export=SSL_C_IS_EXPORT(cipher);
-	pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
-	kl=SSL_C_EXPORT_KEYLENGTH(cipher);
-	exp_str=is_export?" export":"";
-	
-	if (alg_ssl & SSL_SSLV2)
-		ver="SSLv2";
-	else if (alg_ssl & SSL_SSLV3)
-		ver="SSLv3";
-	else if (alg_ssl & SSL_TLSV1_2)
-		ver="TLSv1.2";
-	else
-		ver="unknown";
-
-	switch (alg_mkey)
-		{
-	case SSL_kRSA:
-		kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
-		break;
-	case SSL_kDHr:
-		kx="DH/RSA";
-		break;
-	case SSL_kDHd:
-		kx="DH/DSS";
-		break;
-        case SSL_kKRB5:
-		kx="KRB5";
-		break;
-	case SSL_kEDH:
-		kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
-		break;
-	case SSL_kECDHr:
-		kx="ECDH/RSA";
-		break;
-	case SSL_kECDHe:
-		kx="ECDH/ECDSA";
-		break;
-	case SSL_kEECDH:
-		kx="ECDH";
-		break;
-	case SSL_kPSK:
-		kx="PSK";
-		break;
-	case SSL_kSRP:
-		kx="SRP";
-		break;
-	case SSL_kGOST:
-		kx="GOST";
-		break;
-	default:
-		kx="unknown";
-		}
-
-	switch (alg_auth)
-		{
-	case SSL_aRSA:
-		au="RSA";
-		break;
-	case SSL_aDSS:
-		au="DSS";
-		break;
-	case SSL_aDH:
-		au="DH";
-		break;
-        case SSL_aKRB5:
-		au="KRB5";
-		break;
-        case SSL_aECDH:
-		au="ECDH";
-		break;
-	case SSL_aNULL:
-		au="None";
-		break;
-	case SSL_aECDSA:
-		au="ECDSA";
-		break;
-	case SSL_aPSK:
-		au="PSK";
-		break;
-	case SSL_aSRP:
-		au="SRP";
-		break;
-	case SSL_aGOST94:
-		au="GOST94";
-		break;
-	case SSL_aGOST01:
-		au="GOST01";
-		break;
-	default:
-		au="unknown";
-		break;
-		}
-
-	switch (alg_enc)
-		{
-	case SSL_DES:
-		enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
-		break;
-	case SSL_3DES:
-		enc="3DES(168)";
-		break;
-	case SSL_RC4:
-		enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
-		  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
-		break;
-	case SSL_RC2:
-		enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
-		break;
-	case SSL_IDEA:
-		enc="IDEA(128)";
-		break;
-	case SSL_eNULL:
-		enc="None";
-		break;
-	case SSL_AES128:
-		enc="AES(128)";
-		break;
-	case SSL_AES256:
-		enc="AES(256)";
-		break;
-	case SSL_AES128GCM:
-		enc="AESGCM(128)";
-		break;
-	case SSL_AES256GCM:
-		enc="AESGCM(256)";
-		break;
-	case SSL_CAMELLIA128:
-		enc="Camellia(128)";
-		break;
-	case SSL_CAMELLIA256:
-		enc="Camellia(256)";
-		break;
-	case SSL_SEED:
-		enc="SEED(128)";
-		break;
-	case SSL_eGOST2814789CNT:
-		enc="GOST89(256)";
-		break;
-	default:
-		enc="unknown";
-		break;
-		}
-
-	switch (alg_mac)
-		{
-	case SSL_MD5:
-		mac="MD5";
-		break;
-	case SSL_SHA1:
-		mac="SHA1";
-		break;
-	case SSL_SHA256:
-		mac="SHA256";
-		break;
-	case SSL_SHA384:
-		mac="SHA384";
-		break;
-	case SSL_AEAD:
-		mac="AEAD";
-		break;
-	case SSL_GOST89MAC:
-		mac="GOST89";
-		break;
-	case SSL_GOST94:
-		mac="GOST94";
-		break;
-	default:
-		mac="unknown";
-		break;
-		}
-
-	if (buf == NULL)
-		{
-		len=128;
-		buf=OPENSSL_malloc(len);
-		if (buf == NULL) return("OPENSSL_malloc Error");
-		}
-	else if (len < 128)
-		return("Buffer too small");
-
-#ifdef KSSL_DEBUG
-	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg_mkey,alg_auth,alg_enc,alg_mac,alg_ssl);
-#else
-	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
-#endif /* KSSL_DEBUG */
-	return(buf);
-	}
-
-char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
-	{
-	int i;
-
-	if (c == NULL) return("(NONE)");
-	i=(int)(c->id>>24L);
-	if (i == 3)
-		return("TLSv1/SSLv3");
-	else if (i == 2)
-		return("SSLv2");
-	else
-		return("unknown");
-	}
-
-/* return the actual cipher being used */
-const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
-	{
-	if (c != NULL)
-		return(c->name);
-	return("(NONE)");
-	}
-
-/* number of bits for symmetric cipher */
-int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
-	{
-	int ret=0;
-
-	if (c != NULL)
-		{
-		if (alg_bits != NULL) *alg_bits = c->alg_bits;
-		ret = c->strength_bits;
-		}
-	return(ret);
-	}
-
-unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
-	{
-	return c->id;
-	}
-
-/* return string version of key exchange algorithm */
-const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher)
-	{
-	switch (cipher->algorithm_mkey)
-		{
-	case SSL_kRSA:
-		return SSL_TXT_RSA;
-	case SSL_kDHr:
-		return SSL_TXT_DH "_" SSL_TXT_RSA;
-	case SSL_kDHd:
-		return SSL_TXT_DH "_" SSL_TXT_DSS;
-	case SSL_kEDH:
-		switch (cipher->algorithm_auth)
-			{
-		case SSL_aDSS:
-			return "DHE_" SSL_TXT_DSS;
-		case SSL_aRSA:
-			return "DHE_" SSL_TXT_RSA;
-		case SSL_aNULL:
-			return SSL_TXT_DH "_anon";
-		default:
-			return "UNKNOWN";
-                        }
-	case SSL_kKRB5:
-		return SSL_TXT_KRB5;
-	case SSL_kECDHr:
-		return SSL_TXT_ECDH "_" SSL_TXT_RSA;
-	case SSL_kECDHe:
-		return SSL_TXT_ECDH "_" SSL_TXT_ECDSA;
-	case SSL_kEECDH:
-		switch (cipher->algorithm_auth)
-			{
-		case SSL_aECDSA:
-			return "ECDHE_" SSL_TXT_ECDSA;
-		case SSL_aRSA:
-			return "ECDHE_" SSL_TXT_RSA;
-		case SSL_aNULL:
-			return SSL_TXT_ECDH "_anon";
-		default:
-			return "UNKNOWN";
-                        }
-        default:
-		return "UNKNOWN";
-		}
-	}
-
-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
-	{
-	SSL_COMP *ctmp;
-	int i,nn;
-
-	if ((n == 0) || (sk == NULL)) return(NULL);
-	nn=sk_SSL_COMP_num(sk);
-	for (i=0; i<nn; i++)
-		{
-		ctmp=sk_SSL_COMP_value(sk,i);
-		if (ctmp->id == n)
-			return(ctmp);
-		}
-	return(NULL);
-	}
-
-#ifdef OPENSSL_NO_COMP
-void *SSL_COMP_get_compression_methods(void)
-	{
-	return NULL;
-	}
-int SSL_COMP_add_compression_method(int id, void *cm)
-	{
-	return 1;
-	}
-
-const char *SSL_COMP_get_name(const void *comp)
-	{
-	return NULL;
-	}
-#else
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
-	{
-	load_builtin_compressions();
-	return(ssl_comp_methods);
-	}
-
-int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
-	{
-	SSL_COMP *comp;
-
-        if (cm == NULL || cm->type == NID_undef)
-                return 1;
-
-	/* According to draft-ietf-tls-compression-04.txt, the
-	   compression number ranges should be the following:
-
-	   0 to 63:    methods defined by the IETF
-	   64 to 192:  external party methods assigned by IANA
-	   193 to 255: reserved for private use */
-	if (id < 193 || id > 255)
-		{
-		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
-		return 0;
-		}
-
-	MemCheck_off();
-	comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
-	comp->id=id;
-	comp->method=cm;
-	load_builtin_compressions();
-	if (ssl_comp_methods
-		&& sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
-		{
-		OPENSSL_free(comp);
-		MemCheck_on();
-		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
-		return(1);
-		}
-	else if ((ssl_comp_methods == NULL)
-		|| !sk_SSL_COMP_push(ssl_comp_methods,comp))
-		{
-		OPENSSL_free(comp);
-		MemCheck_on();
-		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
-		return(1);
-		}
-	else
-		{
-		MemCheck_on();
-		return(0);
-		}
-	}
-
-const char *SSL_COMP_get_name(const COMP_METHOD *comp)
-	{
-	if (comp)
-		return comp->name;
-	return NULL;
-	}
-
-#endif
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
deleted file mode 100644
index 0e92ccb024..0000000000
--- a/ssl/ssl_err.c
+++ /dev/null
@@ -1,625 +0,0 @@
-/* ssl/ssl_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
-
-static ERR_STRING_DATA SSL_str_functs[]=
-	{
-{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE),	"CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_CLIENT_FINISHED),	"CLIENT_FINISHED"},
-{ERR_FUNC(SSL_F_CLIENT_HELLO),	"CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY),	"CLIENT_MASTER_KEY"},
-{ERR_FUNC(SSL_F_D2I_SSL_SESSION),	"d2i_SSL_SESSION"},
-{ERR_FUNC(SSL_F_DO_DTLS1_WRITE),	"DO_DTLS1_WRITE"},
-{ERR_FUNC(SSL_F_DO_SSL3_WRITE),	"DO_SSL3_WRITE"},
-{ERR_FUNC(SSL_F_DTLS1_ACCEPT),	"DTLS1_ACCEPT"},
-{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF),	"DTLS1_ADD_CERT_TO_BUF"},
-{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD),	"DTLS1_BUFFER_RECORD"},
-{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM),	"DTLS1_CHECK_TIMEOUT_NUM"},
-{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO),	"DTLS1_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_DTLS1_CONNECT),	"DTLS1_CONNECT"},
-{ERR_FUNC(SSL_F_DTLS1_ENC),	"DTLS1_ENC"},
-{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY),	"DTLS1_GET_HELLO_VERIFY"},
-{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE),	"DTLS1_GET_MESSAGE"},
-{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),	"DTLS1_GET_MESSAGE_FRAGMENT"},
-{ERR_FUNC(SSL_F_DTLS1_GET_RECORD),	"DTLS1_GET_RECORD"},
-{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT),	"DTLS1_HANDLE_TIMEOUT"},
-{ERR_FUNC(SSL_F_DTLS1_HEARTBEAT),	"DTLS1_HEARTBEAT"},
-{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN),	"DTLS1_OUTPUT_CERT_CHAIN"},
-{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT),	"DTLS1_PREPROCESS_FRAGMENT"},
-{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),	"DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
-{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD),	"DTLS1_PROCESS_RECORD"},
-{ERR_FUNC(SSL_F_DTLS1_READ_BYTES),	"DTLS1_READ_BYTES"},
-{ERR_FUNC(SSL_F_DTLS1_READ_FAILED),	"DTLS1_READ_FAILED"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),	"DTLS1_SEND_CERTIFICATE_REQUEST"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE),	"DTLS1_SEND_CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),	"DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY),	"DTLS1_SEND_CLIENT_VERIFY"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),	"DTLS1_SEND_HELLO_VERIFY_REQUEST"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE),	"DTLS1_SEND_SERVER_CERTIFICATE"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO),	"DTLS1_SEND_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),	"DTLS1_SEND_SERVER_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),	"DTLS1_WRITE_APP_DATA_BYTES"},
-{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED),	"GET_CLIENT_FINISHED"},
-{ERR_FUNC(SSL_F_GET_CLIENT_HELLO),	"GET_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY),	"GET_CLIENT_MASTER_KEY"},
-{ERR_FUNC(SSL_F_GET_SERVER_FINISHED),	"GET_SERVER_FINISHED"},
-{ERR_FUNC(SSL_F_GET_SERVER_HELLO),	"GET_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_GET_SERVER_VERIFY),	"GET_SERVER_VERIFY"},
-{ERR_FUNC(SSL_F_I2D_SSL_SESSION),	"i2d_SSL_SESSION"},
-{ERR_FUNC(SSL_F_READ_N),	"READ_N"},
-{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE),	"REQUEST_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SERVER_FINISH),	"SERVER_FINISH"},
-{ERR_FUNC(SSL_F_SERVER_HELLO),	"SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SERVER_VERIFY),	"SERVER_VERIFY"},
-{ERR_FUNC(SSL_F_SSL23_ACCEPT),	"SSL23_ACCEPT"},
-{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO),	"SSL23_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL23_CONNECT),	"SSL23_CONNECT"},
-{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO),	"SSL23_GET_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO),	"SSL23_GET_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SSL23_PEEK),	"SSL23_PEEK"},
-{ERR_FUNC(SSL_F_SSL23_READ),	"SSL23_READ"},
-{ERR_FUNC(SSL_F_SSL23_WRITE),	"SSL23_WRITE"},
-{ERR_FUNC(SSL_F_SSL2_ACCEPT),	"SSL2_ACCEPT"},
-{ERR_FUNC(SSL_F_SSL2_CONNECT),	"SSL2_CONNECT"},
-{ERR_FUNC(SSL_F_SSL2_ENC_INIT),	"SSL2_ENC_INIT"},
-{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL),	"SSL2_GENERATE_KEY_MATERIAL"},
-{ERR_FUNC(SSL_F_SSL2_PEEK),	"SSL2_PEEK"},
-{ERR_FUNC(SSL_F_SSL2_READ),	"SSL2_READ"},
-{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL),	"SSL2_READ_INTERNAL"},
-{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE),	"SSL2_SET_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL2_WRITE),	"SSL2_WRITE"},
-{ERR_FUNC(SSL_F_SSL3_ACCEPT),	"SSL3_ACCEPT"},
-{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF),	"SSL3_ADD_CERT_TO_BUF"},
-{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL),	"SSL3_CALLBACK_CTRL"},
-{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE),	"SSL3_CHANGE_CIPHER_STATE"},
-{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),	"SSL3_CHECK_CERT_AND_ALGORITHM"},
-{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO),	"SSL3_CHECK_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO),	"SSL3_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_CONNECT),	"SSL3_CONNECT"},
-{ERR_FUNC(SSL_F_SSL3_CTRL),	"SSL3_CTRL"},
-{ERR_FUNC(SSL_F_SSL3_CTX_CTRL),	"SSL3_CTX_CTRL"},
-{ERR_FUNC(SSL_F_SSL3_DIGEST_CACHED_RECORDS),	"SSL3_DIGEST_CACHED_RECORDS"},
-{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),	"SSL3_DO_CHANGE_CIPHER_SPEC"},
-{ERR_FUNC(SSL_F_SSL3_ENC),	"SSL3_ENC"},
-{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK),	"SSL3_GENERATE_KEY_BLOCK"},
-{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),	"SSL3_GET_CERTIFICATE_REQUEST"},
-{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS),	"SSL3_GET_CERT_STATUS"},
-{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY),	"SSL3_GET_CERT_VERIFY"},
-{ERR_FUNC(SSL_F_SSL3_GET_CHANNEL_ID),	"SSL3_GET_CHANNEL_ID"},
-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE),	"SSL3_GET_CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO),	"SSL3_GET_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE),	"SSL3_GET_CLIENT_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_GET_FINISHED),	"SSL3_GET_FINISHED"},
-{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE),	"SSL3_GET_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE),	"SSL3_GET_MESSAGE"},
-{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET),	"SSL3_GET_NEW_SESSION_TICKET"},
-{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO),	"SSL3_GET_NEXT_PROTO"},
-{ERR_FUNC(SSL_F_SSL3_GET_RECORD),	"SSL3_GET_RECORD"},
-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE),	"SSL3_GET_SERVER_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE),	"SSL3_GET_SERVER_DONE"},
-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO),	"SSL3_GET_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_HANDSHAKE_MAC),	"ssl3_handshake_mac"},
-{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET),	"SSL3_NEW_SESSION_TICKET"},
-{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN),	"SSL3_OUTPUT_CERT_CHAIN"},
-{ERR_FUNC(SSL_F_SSL3_PEEK),	"SSL3_PEEK"},
-{ERR_FUNC(SSL_F_SSL3_READ_BYTES),	"SSL3_READ_BYTES"},
-{ERR_FUNC(SSL_F_SSL3_READ_N),	"SSL3_READ_N"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST),	"SSL3_SEND_CERTIFICATE_REQUEST"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CHANNEL_ID),	"SSL3_SEND_CHANNEL_ID"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE),	"SSL3_SEND_CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE),	"SSL3_SEND_CLIENT_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY),	"SSL3_SEND_CLIENT_VERIFY"},
-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE),	"SSL3_SEND_SERVER_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO),	"SSL3_SEND_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE),	"SSL3_SEND_SERVER_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK),	"SSL3_SETUP_KEY_BLOCK"},
-{ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER),	"SSL3_SETUP_READ_BUFFER"},
-{ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER),	"SSL3_SETUP_WRITE_BUFFER"},
-{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES),	"SSL3_WRITE_BYTES"},
-{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING),	"SSL3_WRITE_PENDING"},
-{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),	"SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
-{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),	"SSL_ADD_CLIENTHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),	"SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"},
-{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),	"SSL_add_dir_cert_subjects_to_stack"},
-{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),	"SSL_add_file_cert_subjects_to_stack"},
-{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),	"SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
-{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),	"SSL_ADD_SERVERHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),	"SSL_ADD_SERVERHELLO_USE_SRTP_EXT"},
-{ERR_FUNC(SSL_F_SSL_BAD_METHOD),	"SSL_BAD_METHOD"},
-{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST),	"SSL_BYTES_TO_CIPHER_LIST"},
-{ERR_FUNC(SSL_F_SSL_CERT_DUP),	"SSL_CERT_DUP"},
-{ERR_FUNC(SSL_F_SSL_CERT_INST),	"SSL_CERT_INST"},
-{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE),	"SSL_CERT_INSTANTIATE"},
-{ERR_FUNC(SSL_F_SSL_CERT_NEW),	"SSL_CERT_NEW"},
-{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY),	"SSL_check_private_key"},
-{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT),	"SSL_CHECK_SERVERHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),	"SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},
-{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),	"SSL_CIPHER_PROCESS_RULESTR"},
-{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT),	"SSL_CIPHER_STRENGTH_SORT"},
-{ERR_FUNC(SSL_F_SSL_CLEAR),	"SSL_clear"},
-{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),	"SSL_COMP_add_compression_method"},
-{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST),	"SSL_CREATE_CIPHER_LIST"},
-{ERR_FUNC(SSL_F_SSL_CTRL),	"SSL_ctrl"},
-{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY),	"SSL_CTX_check_private_key"},
-{ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES),	"SSL_CTX_MAKE_PROFILES"},
-{ERR_FUNC(SSL_F_SSL_CTX_NEW),	"SSL_CTX_new"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST),	"SSL_CTX_set_cipher_list"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE),	"SSL_CTX_set_client_cert_engine"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE),	"SSL_CTX_set_purpose"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT),	"SSL_CTX_set_session_id_context"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION),	"SSL_CTX_set_ssl_version"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST),	"SSL_CTX_set_trust"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE),	"SSL_CTX_use_certificate"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),	"SSL_CTX_use_certificate_ASN1"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE),	"SSL_CTX_use_certificate_chain_file"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE),	"SSL_CTX_use_certificate_file"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY),	"SSL_CTX_use_PrivateKey"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1),	"SSL_CTX_use_PrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE),	"SSL_CTX_use_PrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT),	"SSL_CTX_use_psk_identity_hint"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY),	"SSL_CTX_use_RSAPrivateKey"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1),	"SSL_CTX_use_RSAPrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE),	"SSL_CTX_use_RSAPrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE),	"SSL_do_handshake"},
-{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION),	"SSL_GET_NEW_SESSION"},
-{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION),	"SSL_GET_PREV_SESSION"},
-{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT),	"SSL_GET_SERVER_SEND_CERT"},
-{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY),	"SSL_GET_SERVER_SEND_PKEY"},
-{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY),	"SSL_GET_SIGN_PKEY"},
-{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER),	"SSL_INIT_WBIO_BUFFER"},
-{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),	"SSL_load_client_CA_file"},
-{ERR_FUNC(SSL_F_SSL_NEW),	"SSL_new"},
-{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT),	"SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
-{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT),	"SSL_PARSE_CLIENTHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT),	"SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"},
-{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT),	"SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
-{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT),	"SSL_PARSE_SERVERHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),	"SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"},
-{ERR_FUNC(SSL_F_SSL_PEEK),	"SSL_peek"},
-{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),	"SSL_PREPARE_CLIENTHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),	"SSL_PREPARE_SERVERHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_READ),	"SSL_read"},
-{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT),	"SSL_RSA_PRIVATE_DECRYPT"},
-{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT),	"SSL_RSA_PUBLIC_ENCRYPT"},
-{ERR_FUNC(SSL_F_SSL_SESSION_NEW),	"SSL_SESSION_new"},
-{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP),	"SSL_SESSION_print_fp"},
-{ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),	"SSL_SESSION_set1_id_context"},
-{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW),	"SSL_SESS_CERT_NEW"},
-{ERR_FUNC(SSL_F_SSL_SET_CERT),	"SSL_SET_CERT"},
-{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST),	"SSL_set_cipher_list"},
-{ERR_FUNC(SSL_F_SSL_SET_FD),	"SSL_set_fd"},
-{ERR_FUNC(SSL_F_SSL_SET_PKEY),	"SSL_SET_PKEY"},
-{ERR_FUNC(SSL_F_SSL_SET_PURPOSE),	"SSL_set_purpose"},
-{ERR_FUNC(SSL_F_SSL_SET_RFD),	"SSL_set_rfd"},
-{ERR_FUNC(SSL_F_SSL_SET_SESSION),	"SSL_set_session"},
-{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),	"SSL_set_session_id_context"},
-{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT),	"SSL_set_session_ticket_ext"},
-{ERR_FUNC(SSL_F_SSL_SET_TRUST),	"SSL_set_trust"},
-{ERR_FUNC(SSL_F_SSL_SET_WFD),	"SSL_set_wfd"},
-{ERR_FUNC(SSL_F_SSL_SHUTDOWN),	"SSL_shutdown"},
-{ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT),	"SSL_SRP_CTX_init"},
-{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION),	"SSL_UNDEFINED_CONST_FUNCTION"},
-{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION),	"SSL_UNDEFINED_FUNCTION"},
-{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),	"SSL_UNDEFINED_VOID_FUNCTION"},
-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE),	"SSL_use_certificate"},
-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1),	"SSL_use_certificate_ASN1"},
-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE),	"SSL_use_certificate_file"},
-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY),	"SSL_use_PrivateKey"},
-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1),	"SSL_use_PrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE),	"SSL_use_PrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_USE_PSK_IDENTITY_HINT),	"SSL_use_psk_identity_hint"},
-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY),	"SSL_use_RSAPrivateKey"},
-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),	"SSL_use_RSAPrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),	"SSL_use_RSAPrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN),	"SSL_VERIFY_CERT_CHAIN"},
-{ERR_FUNC(SSL_F_SSL_WRITE),	"SSL_write"},
-{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC),	"tls1_cert_verify_mac"},
-{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE),	"TLS1_CHANGE_CIPHER_STATE"},
-{ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT),	"TLS1_CHECK_SERVERHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_TLS1_ENC),	"TLS1_ENC"},
-{ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL),	"TLS1_EXPORT_KEYING_MATERIAL"},
-{ERR_FUNC(SSL_F_TLS1_HEARTBEAT),	"SSL_F_TLS1_HEARTBEAT"},
-{ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT),	"TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT),	"TLS1_PREPARE_SERVERHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_TLS1_PRF),	"tls1_prf"},
-{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK),	"TLS1_SETUP_KEY_BLOCK"},
-{ERR_FUNC(SSL_F_WRITE_PENDING),	"WRITE_PENDING"},
-{0,NULL}
-	};
-
-static ERR_STRING_DATA SSL_str_reasons[]=
-	{
-{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},
-{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},
-{ERR_REASON(SSL_R_BAD_ALERT_RECORD)      ,"bad alert record"},
-{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
-{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
-{ERR_REASON(SSL_R_BAD_CHECKSUM)          ,"bad checksum"},
-{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
-{ERR_REASON(SSL_R_BAD_DECOMPRESSION)     ,"bad decompression"},
-{ERR_REASON(SSL_R_BAD_DH_G_LENGTH)       ,"bad dh g length"},
-{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},
-{ERR_REASON(SSL_R_BAD_DH_P_LENGTH)       ,"bad dh p length"},
-{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH)     ,"bad digest length"},
-{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE)     ,"bad dsa signature"},
-{ERR_REASON(SSL_R_BAD_ECC_CERT)          ,"bad ecc cert"},
-{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE)   ,"bad ecdsa signature"},
-{ERR_REASON(SSL_R_BAD_ECPOINT)           ,"bad ecpoint"},
-{ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH)  ,"bad handshake length"},
-{ERR_REASON(SSL_R_BAD_HELLO_REQUEST)     ,"bad hello request"},
-{ERR_REASON(SSL_R_BAD_LENGTH)            ,"bad length"},
-{ERR_REASON(SSL_R_BAD_MAC_DECODE)        ,"bad mac decode"},
-{ERR_REASON(SSL_R_BAD_MAC_LENGTH)        ,"bad mac length"},
-{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE)      ,"bad message type"},
-{ERR_REASON(SSL_R_BAD_PACKET_LENGTH)     ,"bad packet length"},
-{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
-{ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH),"bad psk identity hint length"},
-{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
-{ERR_REASON(SSL_R_BAD_RSA_DECRYPT)       ,"bad rsa decrypt"},
-{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT)       ,"bad rsa encrypt"},
-{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH)      ,"bad rsa e length"},
-{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
-{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE)     ,"bad rsa signature"},
-{ERR_REASON(SSL_R_BAD_SIGNATURE)         ,"bad signature"},
-{ERR_REASON(SSL_R_BAD_SRP_A_LENGTH)      ,"bad srp a length"},
-{ERR_REASON(SSL_R_BAD_SRP_B_LENGTH)      ,"bad srp b length"},
-{ERR_REASON(SSL_R_BAD_SRP_G_LENGTH)      ,"bad srp g length"},
-{ERR_REASON(SSL_R_BAD_SRP_N_LENGTH)      ,"bad srp n length"},
-{ERR_REASON(SSL_R_BAD_SRP_PARAMETERS)    ,"bad srp parameters"},
-{ERR_REASON(SSL_R_BAD_SRP_S_LENGTH)      ,"bad srp s length"},
-{ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE)    ,"bad srtp mki value"},
-{ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"},
-{ERR_REASON(SSL_R_BAD_SSL_FILETYPE)      ,"bad ssl filetype"},
-{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
-{ERR_REASON(SSL_R_BAD_STATE)             ,"bad state"},
-{ERR_REASON(SSL_R_BAD_WRITE_RETRY)       ,"bad write retry"},
-{ERR_REASON(SSL_R_BIO_NOT_SET)           ,"bio not set"},
-{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
-{ERR_REASON(SSL_R_BN_LIB)                ,"bn lib"},
-{ERR_REASON(SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY),"cannot serialize public key"},
-{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
-{ERR_REASON(SSL_R_CA_DN_TOO_LONG)        ,"ca dn too long"},
-{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY)    ,"ccs received early"},
-{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
-{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH)  ,"cert length mismatch"},
-{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
-{ERR_REASON(SSL_R_CHANNEL_ID_NOT_P256)   ,"channel id not p256"},
-{ERR_REASON(SSL_R_CHANNEL_ID_SIGNATURE_INVALID),"Channel ID signature invalid"},
-{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
-{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
-{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
-{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT)    ,"clienthello tlsext"},
-{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
-{ERR_REASON(SSL_R_COMPRESSION_DISABLED)  ,"compression disabled"},
-{ERR_REASON(SSL_R_COMPRESSION_FAILURE)   ,"compression failure"},
-{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
-{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
-{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
-{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
-{ERR_REASON(SSL_R_COOKIE_MISMATCH)       ,"cookie mismatch"},
-{ERR_REASON(SSL_R_D2I_ECDSA_SIG)         ,"d2i ecdsa sig"},
-{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
-{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG)  ,"data length too long"},
-{ERR_REASON(SSL_R_DECRYPTION_FAILED)     ,"decryption failed"},
-{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
-{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
-{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED)   ,"digest check failed"},
-{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG)  ,"dtls message too big"},
-{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},
-{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"},
-{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},
-{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
-{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
-{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
-{ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"},
-{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
-{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
-{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
-{ERR_REASON(SSL_R_EVP_DIGESTSIGNFINAL_FAILED),"evp digestsignfinal failed"},
-{ERR_REASON(SSL_R_EVP_DIGESTSIGNINIT_FAILED),"evp digestsigninit failed"},
-{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
-{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
-{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
-{ERR_REASON(SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS),"got Channel ID before a ccs"},
-{ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"},
-{ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"},
-{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST)   ,"https proxy request"},
-{ERR_REASON(SSL_R_HTTP_REQUEST)          ,"http request"},
-{ERR_REASON(SSL_R_ILLEGAL_PADDING)       ,"illegal padding"},
-{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK),"inappropriate fallback"},
-{ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"},
-{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
-{ERR_REASON(SSL_R_INVALID_COMMAND)       ,"invalid command"},
-{ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"},
-{ERR_REASON(SSL_R_INVALID_MESSAGE)       ,"invalid message"},
-{ERR_REASON(SSL_R_INVALID_PURPOSE)       ,"invalid purpose"},
-{ERR_REASON(SSL_R_INVALID_SRP_USERNAME)  ,"invalid srp username"},
-{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
-{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
-{ERR_REASON(SSL_R_INVALID_TRUST)         ,"invalid trust"},
-{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG)      ,"key arg too long"},
-{ERR_REASON(SSL_R_KRB5)                  ,"krb5"},
-{ERR_REASON(SSL_R_KRB5_C_CC_PRINC)       ,"krb5 client cc principal (no tkt?)"},
-{ERR_REASON(SSL_R_KRB5_C_GET_CRED)       ,"krb5 client get cred"},
-{ERR_REASON(SSL_R_KRB5_C_INIT)           ,"krb5 client init"},
-{ERR_REASON(SSL_R_KRB5_C_MK_REQ)         ,"krb5 client mk_req (expired tkt?)"},
-{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET)     ,"krb5 server bad ticket"},
-{ERR_REASON(SSL_R_KRB5_S_INIT)           ,"krb5 server init"},
-{ERR_REASON(SSL_R_KRB5_S_RD_REQ)         ,"krb5 server rd_req (keytab perms?)"},
-{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED)    ,"krb5 server tkt expired"},
-{ERR_REASON(SSL_R_KRB5_S_TKT_NYV)        ,"krb5 server tkt not yet valid"},
-{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW)       ,"krb5 server tkt skew"},
-{ERR_REASON(SSL_R_LENGTH_MISMATCH)       ,"length mismatch"},
-{ERR_REASON(SSL_R_LENGTH_TOO_SHORT)      ,"length too short"},
-{ERR_REASON(SSL_R_LIBRARY_BUG)           ,"library bug"},
-{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
-{ERR_REASON(SSL_R_MESSAGE_TOO_LONG)      ,"message too long"},
-{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT)   ,"missing dh dsa cert"},
-{ERR_REASON(SSL_R_MISSING_DH_KEY)        ,"missing dh key"},
-{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT)   ,"missing dh rsa cert"},
-{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
-{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
-{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
-{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
-{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
-{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
-{ERR_REASON(SSL_R_MISSING_SRP_PARAM)     ,"can't find SRP server param"},
-{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY)    ,"missing tmp dh key"},
-{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY)  ,"missing tmp ecdh key"},
-{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY)   ,"missing tmp rsa key"},
-{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY)  ,"missing tmp rsa pkey"},
-{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
-{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
-{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
-{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_SET)    ,"no certificate set"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},
-{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE)  ,"no ciphers available"},
-{ERR_REASON(SSL_R_NO_CIPHERS_PASSED)     ,"no ciphers passed"},
-{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED)  ,"no ciphers specified"},
-{ERR_REASON(SSL_R_NO_CIPHER_LIST)        ,"no cipher list"},
-{ERR_REASON(SSL_R_NO_CIPHER_MATCH)       ,"no cipher match"},
-{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"},
-{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
-{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
-{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
-{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   ,"no method specified"},
-{ERR_REASON(SSL_R_NO_P256_SUPPORT)       ,"no p256 support"},
-{ERR_REASON(SSL_R_NO_PRIVATEKEY)         ,"no privatekey"},
-{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
-{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
-{ERR_REASON(SSL_R_NO_PUBLICKEY)          ,"no publickey"},
-{ERR_REASON(SSL_R_NO_RENEGOTIATION)      ,"no renegotiation"},
-{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST)    ,"digest requred for handshake isn't computed"},
-{ERR_REASON(SSL_R_NO_SHARED_CIPHER)      ,"no shared cipher"},
-{ERR_REASON(SSL_R_NO_SRTP_PROFILES)      ,"no srtp profiles"},
-{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK)    ,"no verify callback"},
-{ERR_REASON(SSL_R_NULL_SSL_CTX)          ,"null ssl ctx"},
-{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
-{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
-{ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),"old session compression algorithm not returned"},
-{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
-{ERR_REASON(SSL_R_OPAQUE_PRF_INPUT_TOO_LONG),"opaque PRF input too long"},
-{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
-{ERR_REASON(SSL_R_PARSE_TLSEXT)          ,"parse tlsext"},
-{ERR_REASON(SSL_R_PATH_TOO_LONG)         ,"path too long"},
-{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
-{ERR_REASON(SSL_R_PEER_ERROR)            ,"peer error"},
-{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},
-{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
-{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER)  ,"peer error no cipher"},
-{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
-{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
-{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
-{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN)  ,"protocol is shutdown"},
-{ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND),"psk identity not found"},
-{ERR_REASON(SSL_R_PSK_NO_CLIENT_CB)      ,"psk no client cb"},
-{ERR_REASON(SSL_R_PSK_NO_SERVER_CB)      ,"psk no server cb"},
-{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
-{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
-{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
-{ERR_REASON(SSL_R_READ_BIO_NOT_SET)      ,"read bio not set"},
-{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED)  ,"read timeout expired"},
-{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
-{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
-{ERR_REASON(SSL_R_RECORD_TOO_LARGE)      ,"record too large"},
-{ERR_REASON(SSL_R_RECORD_TOO_SMALL)      ,"record too small"},
-{ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"},
-{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"},
-{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"},
-{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
-{ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),"required compresssion algorithm missing"},
-{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
-{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
-{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
-{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
-{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT)    ,"serverhello tlsext"},
-{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
-{ERR_REASON(SSL_R_SESSION_MAY_NOT_BE_CREATED),"session may not be created"},
-{ERR_REASON(SSL_R_SHORT_READ)            ,"short read"},
-{ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),"signature algorithms error"},
-{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
-{ERR_REASON(SSL_R_SRP_A_CALC)            ,"error with the srp params"},
-{ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),"srtp could not allocate profiles"},
-{ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),"srtp protection profile list too long"},
-{ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),"srtp unknown protection profile"},
-{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
-{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
-{ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"},
-{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"},
-{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"},
-{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
-{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
-{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
-{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
-{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),"tlsv1 alert inappropriate fallback"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
-{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"},
-{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"},
-{ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"},
-{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"},
-{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"},
-{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
-{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbeats"},
-{ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"},
-{ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"},
-{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
-{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
-{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
-{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
-{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
-{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"},
-{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},
-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},
-{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE)    ,"unexpected message"},
-{ERR_REASON(SSL_R_UNEXPECTED_RECORD)     ,"unexpected record"},
-{ERR_REASON(SSL_R_UNINITIALIZED)         ,"uninitialized"},
-{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE)    ,"unknown alert type"},
-{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
-{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
-{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE)   ,"unknown cipher type"},
-{ERR_REASON(SSL_R_UNKNOWN_DIGEST)        ,"unknown digest"},
-{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
-{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE)     ,"unknown pkey type"},
-{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL)      ,"unknown protocol"},
-{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
-{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION)   ,"unknown ssl version"},
-{ERR_REASON(SSL_R_UNKNOWN_STATE)         ,"unknown state"},
-{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"},
-{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
-{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
-{ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE),"unsupported digest type"},
-{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},
-{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL)  ,"unsupported protocol"},
-{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
-{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"},
-{ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED),"use srtp not negotiated"},
-{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET)     ,"write bio not set"},
-{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
-{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE)    ,"wrong message type"},
-{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
-{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
-{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE)  ,"wrong signature size"},
-{ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE)  ,"wrong signature type"},
-{ERR_REASON(SSL_R_WRONG_SSL_VERSION)     ,"wrong ssl version"},
-{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  ,"wrong version number"},
-{ERR_REASON(SSL_R_X509_LIB)              ,"x509 lib"},
-{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
-{0,NULL}
-	};
-
-#endif
-
-void ERR_load_SSL_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(SSL_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,SSL_str_functs);
-		ERR_load_strings(0,SSL_str_reasons);
-		}
-#endif
-	}
diff --git a/ssl/ssl_err2.c b/ssl/ssl_err2.c
deleted file mode 100644
index ea95a5f983..0000000000
--- a/ssl/ssl_err2.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/* ssl/ssl_err2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-void SSL_load_error_strings(void)
-	{
-#ifndef OPENSSL_NO_ERR
-	ERR_load_crypto_strings();
-	ERR_load_SSL_strings();
-#endif
-	}
-
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
deleted file mode 100644
index 3ea817ab1a..0000000000
--- a/ssl/ssl_lib.c
+++ /dev/null
@@ -1,3543 +0,0 @@
-/*! \file ssl/ssl_lib.c
- *  \brief Version independent SSL functions.
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifdef REF_CHECK
-#  include <assert.h>
-#endif
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/objects.h>
-#include <openssl/lhash.h>
-#include <openssl/x509v3.h>
-#include <openssl/rand.h>
-#include <openssl/ocsp.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-const char *SSL_version_str=OPENSSL_VERSION_TEXT;
-
-SSL3_ENC_METHOD ssl3_undef_enc_method={
-	/* evil casts, but these functions are only called if there's a library bug */
-	(int (*)(SSL *,int))ssl_undefined_function,
-	(int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
-	ssl_undefined_function,
-	(int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
-	(int (*)(SSL*, int))ssl_undefined_function,
-	(int (*)(SSL *,  const char*, int, unsigned char *))ssl_undefined_function,
-	0,	/* finish_mac_length */
-	(int (*)(SSL *, int, unsigned char *))ssl_undefined_function,
-	NULL,	/* client_finished_label */
-	0,	/* client_finished_label_len */
-	NULL,	/* server_finished_label */
-	0,	/* server_finished_label_len */
-	(int (*)(int))ssl_undefined_function,
-	(int (*)(SSL *, unsigned char *, size_t, const char *,
-		 size_t, const unsigned char *, size_t,
-		 int use_context)) ssl_undefined_function,
-	};
-
-int SSL_clear(SSL *s)
-	{
-
-	if (s->method == NULL)
-		{
-		SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
-		return(0);
-		}
-
-	if (ssl_clear_bad_session(s))
-		{
-		SSL_SESSION_free(s->session);
-		s->session=NULL;
-		}
-
-	s->error=0;
-	s->hit=0;
-	s->shutdown=0;
-
-#if 0 /* Disabled since version 1.10 of this file (early return not
-       * needed because SSL_clear is not called when doing renegotiation) */
-	/* This is set if we are doing dynamic renegotiation so keep
-	 * the old cipher.  It is sort of a SSL_clear_lite :-) */
-	if (s->renegotiate) return(1);
-#else
-	if (s->renegotiate)
-		{
-		SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
-		return 0;
-		}
-#endif
-
-	s->type=0;
-
-	s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
-
-	s->version=s->method->version;
-	s->client_version=s->version;
-	s->rwstate=SSL_NOTHING;
-	s->rstate=SSL_ST_READ_HEADER;
-#if 0
-	s->read_ahead=s->ctx->read_ahead;
-#endif
-
-	if (s->init_buf != NULL)
-		{
-		BUF_MEM_free(s->init_buf);
-		s->init_buf=NULL;
-		}
-
-	ssl_clear_cipher_ctx(s);
-	ssl_clear_hash_ctx(&s->read_hash);
-	ssl_clear_hash_ctx(&s->write_hash);
-
-	s->first_packet=0;
-
-#if 1
-	/* Check to see if we were changed into a different method, if
-	 * so, revert back if we are not doing session-id reuse. */
-	if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
-		{
-		s->method->ssl_free(s);
-		s->method=s->ctx->method;
-		if (!s->method->ssl_new(s))
-			return(0);
-		}
-	else
-#endif
-		s->method->ssl_clear(s);
-	return(1);
-	}
-
-/** Used to change an SSL_CTXs default SSL method type */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,const SSL_METHOD *meth)
-	{
-	STACK_OF(SSL_CIPHER) *sk;
-
-	ctx->method=meth;
-
-	sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
-		&(ctx->cipher_list_by_id),
-		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
-	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
-		{
-		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
-		return(0);
-		}
-	return(1);
-	}
-
-SSL *SSL_new(SSL_CTX *ctx)
-	{
-	SSL *s;
-
-	if (ctx == NULL)
-		{
-		SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
-		return(NULL);
-		}
-	if (ctx->method == NULL)
-		{
-		SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
-		return(NULL);
-		}
-
-	s=(SSL *)OPENSSL_malloc(sizeof(SSL));
-	if (s == NULL) goto err;
-	memset(s,0,sizeof(SSL));
-
-#ifndef	OPENSSL_NO_KRB5
-	s->kssl_ctx = kssl_ctx_new();
-#endif	/* OPENSSL_NO_KRB5 */
-
-	s->options=ctx->options;
-	s->mode=ctx->mode;
-	s->max_cert_list=ctx->max_cert_list;
-
-	if (ctx->cert != NULL)
-		{
-		/* Earlier library versions used to copy the pointer to
-		 * the CERT, not its contents; only when setting new
-		 * parameters for the per-SSL copy, ssl_cert_new would be
-		 * called (and the direct reference to the per-SSL_CTX
-		 * settings would be lost, but those still were indirectly
-		 * accessed for various purposes, and for that reason they
-		 * used to be known as s->ctx->default_cert).
-		 * Now we don't look at the SSL_CTX's CERT after having
-		 * duplicated it once. */
-
-		s->cert = ssl_cert_dup(ctx->cert);
-		if (s->cert == NULL)
-			goto err;
-		}
-	else
-		s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
-
-	s->read_ahead=ctx->read_ahead;
-	s->msg_callback=ctx->msg_callback;
-	s->msg_callback_arg=ctx->msg_callback_arg;
-	s->verify_mode=ctx->verify_mode;
-#if 0
-	s->verify_depth=ctx->verify_depth;
-#endif
-	s->sid_ctx_length=ctx->sid_ctx_length;
-	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
-	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
-	s->verify_callback=ctx->default_verify_callback;
-	s->session_creation_enabled=1;
-	s->generate_session_id=ctx->generate_session_id;
-
-	s->param = X509_VERIFY_PARAM_new();
-	if (!s->param)
-		goto err;
-	X509_VERIFY_PARAM_inherit(s->param, ctx->param);
-#if 0
-	s->purpose = ctx->purpose;
-	s->trust = ctx->trust;
-#endif
-	s->quiet_shutdown=ctx->quiet_shutdown;
-	s->max_send_fragment = ctx->max_send_fragment;
-
-	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
-	s->ctx=ctx;
-#ifndef OPENSSL_NO_TLSEXT
-	s->tlsext_debug_cb = 0;
-	s->tlsext_debug_arg = NULL;
-	s->tlsext_ticket_expected = 0;
-	s->tlsext_status_type = -1;
-	s->tlsext_status_expected = 0;
-	s->tlsext_ocsp_ids = NULL;
-	s->tlsext_ocsp_exts = NULL;
-	s->tlsext_ocsp_resp = NULL;
-	s->tlsext_ocsp_resplen = -1;
-	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
-	s->initial_ctx=ctx;
-# ifndef OPENSSL_NO_NEXTPROTONEG
-	s->next_proto_negotiated = NULL;
-# endif
-
-	if (s->ctx->alpn_client_proto_list)
-		{
-		s->alpn_client_proto_list =
-			OPENSSL_malloc(s->ctx->alpn_client_proto_list_len);
-		if (s->alpn_client_proto_list == NULL)
-			goto err;
-		memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list,
-		       s->ctx->alpn_client_proto_list_len);
-		s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
-		}
-#endif
-
-	s->verify_result=X509_V_OK;
-
-	s->method=ctx->method;
-
-	if (!s->method->ssl_new(s))
-		goto err;
-
-	s->references=1;
-	s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
-
-	SSL_clear(s);
-
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
-#ifndef OPENSSL_NO_PSK
-	s->psk_identity_hint = NULL;
-	if (ctx->psk_identity_hint)
-		{
-		s->psk_identity_hint = BUF_strdup(ctx->psk_identity_hint);
-		if (s->psk_identity_hint == NULL)
-			goto err;
-		}
-	s->psk_client_callback=ctx->psk_client_callback;
-	s->psk_server_callback=ctx->psk_server_callback;
-#endif
-
-	return(s);
-err:
-	if (s != NULL)
-		SSL_free(s);
-	SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
-	return(NULL);
-	}
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
-				   unsigned int sid_ctx_len)
-    {
-    if(sid_ctx_len > sizeof ctx->sid_ctx)
-	{
-	SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
-	return 0;
-	}
-    ctx->sid_ctx_length=sid_ctx_len;
-    memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
-
-    return 1;
-    }
-
-int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
-			       unsigned int sid_ctx_len)
-    {
-    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
-	{
-	SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
-	return 0;
-	}
-    ssl->sid_ctx_length=sid_ctx_len;
-    memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
-
-    return 1;
-    }
-
-int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-	ctx->generate_session_id = cb;
-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-	return 1;
-	}
-
-int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-	ssl->generate_session_id = cb;
-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-	return 1;
-	}
-
-int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-				unsigned int id_len)
-	{
-	/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
-	 * we can "construct" a session to give us the desired check - ie. to
-	 * find if there's a session in the hash table that would conflict with
-	 * any new session built out of this id/id_len and the ssl_version in
-	 * use by this SSL. */
-	SSL_SESSION r, *p;
-
-	if(id_len > sizeof r.session_id)
-		return 0;
-
-	r.ssl_version = ssl->version;
-	r.session_id_length = id_len;
-	memcpy(r.session_id, id, id_len);
-	/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
-	 * callback is calling us to check the uniqueness of a shorter ID, it
-	 * must be compared as a padded-out ID because that is what it will be
-	 * converted to when the callback has finished choosing it. */
-	if((r.ssl_version == SSL2_VERSION) &&
-			(id_len < SSL2_SSL_SESSION_ID_LENGTH))
-		{
-		memset(r.session_id + id_len, 0,
-			SSL2_SSL_SESSION_ID_LENGTH - id_len);
-		r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
-		}
-
-	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-	p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
-	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-	return (p != NULL);
-	}
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
-	{
-	return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
-	}
-
-int SSL_set_purpose(SSL *s, int purpose)
-	{
-	return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
-	}
-
-int SSL_CTX_set_trust(SSL_CTX *s, int trust)
-	{
-	return X509_VERIFY_PARAM_set_trust(s->param, trust);
-	}
-
-int SSL_set_trust(SSL *s, int trust)
-	{
-	return X509_VERIFY_PARAM_set_trust(s->param, trust);
-	}
-
-int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
-	{
-	return X509_VERIFY_PARAM_set1(ctx->param, vpm);
-	}
-
-int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
-	{
-	return X509_VERIFY_PARAM_set1(ssl->param, vpm);
-	}
-
-void SSL_free(SSL *s)
-	{
-	int i;
-
-	if(s == NULL)
-	    return;
-
-	i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
-#ifdef REF_PRINT
-	REF_PRINT("SSL",s);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"SSL_free, bad reference count\n");
-		abort(); /* ok */
-		}
-#endif
-
-	if (s->param)
-		X509_VERIFY_PARAM_free(s->param);
-
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
-	if (s->bbio != NULL)
-		{
-		/* If the buffering BIO is in place, pop it off */
-		if (s->bbio == s->wbio)
-			{
-			s->wbio=BIO_pop(s->wbio);
-			}
-		BIO_free(s->bbio);
-		s->bbio=NULL;
-		}
-	if (s->rbio != NULL)
-		BIO_free_all(s->rbio);
-	if ((s->wbio != NULL) && (s->wbio != s->rbio))
-		BIO_free_all(s->wbio);
-
-	if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
-
-	/* add extra stuff */
-	if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
-	if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
-
-	/* Make the next call work :-) */
-	if (s->session != NULL)
-		{
-		ssl_clear_bad_session(s);
-		SSL_SESSION_free(s->session);
-		}
-
-	ssl_clear_cipher_ctx(s);
-	ssl_clear_hash_ctx(&s->read_hash);
-	ssl_clear_hash_ctx(&s->write_hash);
-
-	if (s->cert != NULL) ssl_cert_free(s->cert);
-	/* Free up if allocated */
-
-#ifndef OPENSSL_NO_TLSEXT
-	if (s->tlsext_hostname)
-		OPENSSL_free(s->tlsext_hostname);
-	if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
-#ifndef OPENSSL_NO_EC
-	if (s->tlsext_ecpointformatlist) OPENSSL_free(s->tlsext_ecpointformatlist);
-	if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist);
-#endif /* OPENSSL_NO_EC */
-	if (s->tlsext_opaque_prf_input) OPENSSL_free(s->tlsext_opaque_prf_input);
-	if (s->tlsext_ocsp_exts)
-		sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
-						X509_EXTENSION_free);
-	if (s->tlsext_ocsp_ids)
-		sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
-	if (s->tlsext_ocsp_resp)
-		OPENSSL_free(s->tlsext_ocsp_resp);
-	if (s->tlsext_channel_id_private)
-		EVP_PKEY_free(s->tlsext_channel_id_private);
-	if (s->alpn_client_proto_list)
-		OPENSSL_free(s->alpn_client_proto_list);
-#endif
-
-#ifndef OPENSSL_NO_PSK
-	if (s->psk_identity_hint)
-		OPENSSL_free(s->psk_identity_hint);
-#endif
-
-	if (s->client_CA != NULL)
-		sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
-
-	if (s->method != NULL) s->method->ssl_free(s);
-
-	if (s->ctx) SSL_CTX_free(s->ctx);
-
-#ifndef	OPENSSL_NO_KRB5
-	if (s->kssl_ctx != NULL)
-		kssl_ctx_free(s->kssl_ctx);
-#endif	/* OPENSSL_NO_KRB5 */
-
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-	if (s->next_proto_negotiated)
-		OPENSSL_free(s->next_proto_negotiated);
-#endif
-
-#ifndef OPENSSL_NO_SRTP
-        if (s->srtp_profiles)
-            sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
-#endif
-
-	OPENSSL_free(s);
-	}
-
-void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
-	{
-	/* If the output buffering BIO is still in place, remove it
-	 */
-	if (s->bbio != NULL)
-		{
-		if (s->wbio == s->bbio)
-			{
-			s->wbio=s->wbio->next_bio;
-			s->bbio->next_bio=NULL;
-			}
-		}
-	if ((s->rbio != NULL) && (s->rbio != rbio))
-		BIO_free_all(s->rbio);
-	if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
-		BIO_free_all(s->wbio);
-	s->rbio=rbio;
-	s->wbio=wbio;
-	}
-
-BIO *SSL_get_rbio(const SSL *s)
-	{ return(s->rbio); }
-
-BIO *SSL_get_wbio(const SSL *s)
-	{ return(s->wbio); }
-
-int SSL_get_fd(const SSL *s)
-	{
-	return(SSL_get_rfd(s));
-	}
-
-int SSL_get_rfd(const SSL *s)
-	{
-	int ret= -1;
-	BIO *b,*r;
-
-	b=SSL_get_rbio(s);
-	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
-	if (r != NULL)
-		BIO_get_fd(r,&ret);
-	return(ret);
-	}
-
-int SSL_get_wfd(const SSL *s)
-	{
-	int ret= -1;
-	BIO *b,*r;
-
-	b=SSL_get_wbio(s);
-	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
-	if (r != NULL)
-		BIO_get_fd(r,&ret);
-	return(ret);
-	}
-
-#ifndef OPENSSL_NO_SOCK
-int SSL_set_fd(SSL *s,int fd)
-	{
-	int ret=0;
-	BIO *bio=NULL;
-
-	bio=BIO_new(BIO_s_socket());
-
-	if (bio == NULL)
-		{
-		SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
-		goto err;
-		}
-	BIO_set_fd(bio,fd,BIO_NOCLOSE);
-	SSL_set_bio(s,bio,bio);
-	ret=1;
-err:
-	return(ret);
-	}
-
-int SSL_set_wfd(SSL *s,int fd)
-	{
-	int ret=0;
-	BIO *bio=NULL;
-
-	if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
-		|| ((int)BIO_get_fd(s->rbio,NULL) != fd))
-		{
-		bio=BIO_new(BIO_s_socket());
-
-		if (bio == NULL)
-			{ SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
-		BIO_set_fd(bio,fd,BIO_NOCLOSE);
-		SSL_set_bio(s,SSL_get_rbio(s),bio);
-		}
-	else
-		SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
-	ret=1;
-err:
-	return(ret);
-	}
-
-int SSL_set_rfd(SSL *s,int fd)
-	{
-	int ret=0;
-	BIO *bio=NULL;
-
-	if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
-		|| ((int)BIO_get_fd(s->wbio,NULL) != fd))
-		{
-		bio=BIO_new(BIO_s_socket());
-
-		if (bio == NULL)
-			{
-			SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
-			goto err;
-			}
-		BIO_set_fd(bio,fd,BIO_NOCLOSE);
-		SSL_set_bio(s,bio,SSL_get_wbio(s));
-		}
-	else
-		SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
-	ret=1;
-err:
-	return(ret);
-	}
-#endif
-
-
-/* return length of latest Finished message we sent, copy to 'buf' */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
-	{
-	size_t ret = 0;
-	
-	if (s->s3 != NULL)
-		{
-		ret = s->s3->tmp.finish_md_len;
-		if (count > ret)
-			count = ret;
-		memcpy(buf, s->s3->tmp.finish_md, count);
-		}
-	return ret;
-	}
-
-/* return length of latest Finished message we expected, copy to 'buf' */
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
-	{
-	size_t ret = 0;
-	
-	if (s->s3 != NULL)
-		{
-		ret = s->s3->tmp.peer_finish_md_len;
-		if (count > ret)
-			count = ret;
-		memcpy(buf, s->s3->tmp.peer_finish_md, count);
-		}
-	return ret;
-	}
-
-
-int SSL_get_verify_mode(const SSL *s)
-	{
-	return(s->verify_mode);
-	}
-
-int SSL_get_verify_depth(const SSL *s)
-	{
-	return X509_VERIFY_PARAM_get_depth(s->param);
-	}
-
-int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
-	{
-	return(s->verify_callback);
-	}
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
-	{
-	return(ctx->verify_mode);
-	}
-
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
-	{
-	return X509_VERIFY_PARAM_get_depth(ctx->param);
-	}
-
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
-	{
-	return(ctx->default_verify_callback);
-	}
-
-void SSL_set_verify(SSL *s,int mode,
-		    int (*callback)(int ok,X509_STORE_CTX *ctx))
-	{
-	s->verify_mode=mode;
-	if (callback != NULL)
-		s->verify_callback=callback;
-	}
-
-void SSL_set_verify_depth(SSL *s,int depth)
-	{
-	X509_VERIFY_PARAM_set_depth(s->param, depth);
-	}
-
-void SSL_set_read_ahead(SSL *s,int yes)
-	{
-	s->read_ahead=yes;
-	}
-
-int SSL_get_read_ahead(const SSL *s)
-	{
-	return(s->read_ahead);
-	}
-
-int SSL_pending(const SSL *s)
-	{
-	/* SSL_pending cannot work properly if read-ahead is enabled
-	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
-	 * and it is impossible to fix since SSL_pending cannot report
-	 * errors that may be observed while scanning the new data.
-	 * (Note that SSL_pending() is often used as a boolean value,
-	 * so we'd better not return -1.)
-	 */
-	return(s->method->ssl_pending(s));
-	}
-
-X509 *SSL_get_peer_certificate(const SSL *s)
-	{
-	X509 *r;
-	
-	if ((s == NULL) || (s->session == NULL))
-		r=NULL;
-	else
-		r=s->session->peer;
-
-	if (r == NULL) return(r);
-
-	CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
-
-	return(r);
-	}
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
-	{
-	STACK_OF(X509) *r;
-	
-	if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
-		r=NULL;
-	else
-		r=s->session->sess_cert->cert_chain;
-
-	/* If we are a client, cert_chain includes the peer's own
-	 * certificate; if we are a server, it does not. */
-	
-	return(r);
-	}
-
-/* Now in theory, since the calling process own 't' it should be safe to
- * modify.  We need to be able to read f without being hassled */
-void SSL_copy_session_id(SSL *t,const SSL *f)
-	{
-	CERT *tmp;
-
-	/* Do we need to to SSL locking? */
-	SSL_set_session(t,SSL_get_session(f));
-
-	/* what if we are setup as SSLv2 but want to talk SSLv3 or
-	 * vice-versa */
-	if (t->method != f->method)
-		{
-		t->method->ssl_free(t);	/* cleanup current */
-		t->method=f->method;	/* change method */
-		t->method->ssl_new(t);	/* setup new */
-		}
-
-	tmp=t->cert;
-	if (f->cert != NULL)
-		{
-		CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
-		t->cert=f->cert;
-		}
-	else
-		t->cert=NULL;
-	if (tmp != NULL) ssl_cert_free(tmp);
-	SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
-	}
-
-/* Fix this so it checks all the valid key/cert options */
-int SSL_CTX_check_private_key(const SSL_CTX *ctx)
-	{
-	if (	(ctx == NULL) ||
-		(ctx->cert == NULL) ||
-		(ctx->cert->key->x509 == NULL))
-		{
-		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
-		return(0);
-		}
-	if 	(ctx->cert->key->privatekey == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
-		return(0);
-		}
-	return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
-	}
-
-/* Fix this function so that it takes an optional type parameter */
-int SSL_check_private_key(const SSL *ssl)
-	{
-	if (ssl == NULL)
-		{
-		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if (ssl->cert == NULL)
-		{
-		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
-		return 0;
-		}
-	if (ssl->cert->key->x509 == NULL)
-		{
-		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
-		return(0);
-		}
-	if (ssl->cert->key->privatekey == NULL)
-		{
-		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
-		return(0);
-		}
-	return(X509_check_private_key(ssl->cert->key->x509,
-		ssl->cert->key->privatekey));
-	}
-
-int SSL_accept(SSL *s)
-	{
-	if (s->handshake_func == 0)
-		/* Not properly initialized yet */
-		SSL_set_accept_state(s);
-
-	return(s->method->ssl_accept(s));
-	}
-
-int SSL_connect(SSL *s)
-	{
-	if (s->handshake_func == 0)
-		/* Not properly initialized yet */
-		SSL_set_connect_state(s);
-
-	return(s->method->ssl_connect(s));
-	}
-
-long SSL_get_default_timeout(const SSL *s)
-	{
-	return(s->method->get_timeout());
-	}
-
-int SSL_read(SSL *s,void *buf,int num)
-	{
-	if (s->handshake_func == 0)
-		{
-		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
-		return -1;
-		}
-
-	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
-		{
-		s->rwstate=SSL_NOTHING;
-		return(0);
-		}
-	return(s->method->ssl_read(s,buf,num));
-	}
-
-int SSL_peek(SSL *s,void *buf,int num)
-	{
-	if (s->handshake_func == 0)
-		{
-		SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
-		return -1;
-		}
-
-	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
-		{
-		return(0);
-		}
-	return(s->method->ssl_peek(s,buf,num));
-	}
-
-int SSL_write(SSL *s,const void *buf,int num)
-	{
-	if (s->handshake_func == 0)
-		{
-		SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
-		return -1;
-		}
-
-	if (s->shutdown & SSL_SENT_SHUTDOWN)
-		{
-		s->rwstate=SSL_NOTHING;
-		SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
-		return(-1);
-		}
-	return(s->method->ssl_write(s,buf,num));
-	}
-
-int SSL_shutdown(SSL *s)
-	{
-	/* Note that this function behaves differently from what one might
-	 * expect.  Return values are 0 for no success (yet),
-	 * 1 for success; but calling it once is usually not enough,
-	 * even if blocking I/O is used (see ssl3_shutdown).
-	 */
-
-	if (s->handshake_func == 0)
-		{
-		SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
-		return -1;
-		}
-
-	if ((s != NULL) && !SSL_in_init(s))
-		return(s->method->ssl_shutdown(s));
-	else
-		return(1);
-	}
-
-int SSL_renegotiate(SSL *s)
-	{
-	if (s->renegotiate == 0)
-		s->renegotiate=1;
-
-	s->new_session=1;
-
-	return(s->method->ssl_renegotiate(s));
-	}
-
-int SSL_renegotiate_abbreviated(SSL *s)
-	{
-	if (s->renegotiate == 0)
-		s->renegotiate=1;
-
-	s->new_session=0;
-
-	return(s->method->ssl_renegotiate(s));
-	}
-
-int SSL_renegotiate_pending(SSL *s)
-	{
-	/* becomes true when negotiation is requested;
-	 * false again once a handshake has finished */
-	return (s->renegotiate != 0);
-	}
-
-long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
-	{
-	long l;
-
-	switch (cmd)
-		{
-	case SSL_CTRL_GET_READ_AHEAD:
-		return(s->read_ahead);
-	case SSL_CTRL_SET_READ_AHEAD:
-		l=s->read_ahead;
-		s->read_ahead=larg;
-		return(l);
-
-	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
-		s->msg_callback_arg = parg;
-		return 1;
-
-	case SSL_CTRL_OPTIONS:
-		return(s->options|=larg);
-	case SSL_CTRL_CLEAR_OPTIONS:
-		return(s->options&=~larg);
-	case SSL_CTRL_MODE:
-		return(s->mode|=larg);
-	case SSL_CTRL_CLEAR_MODE:
-		return(s->mode &=~larg);
-	case SSL_CTRL_GET_MAX_CERT_LIST:
-		return(s->max_cert_list);
-	case SSL_CTRL_SET_MAX_CERT_LIST:
-		l=s->max_cert_list;
-		s->max_cert_list=larg;
-		return(l);
-	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
-		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
-			return 0;
-		s->max_send_fragment = larg;
-		return 1;
-	case SSL_CTRL_GET_RI_SUPPORT:
-		if (s->s3)
-			return s->s3->send_connection_binding;
-		else return 0;
-	default:
-		return(s->method->ssl_ctrl(s,cmd,larg,parg));
-		}
-	}
-
-long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
-	{
-	switch(cmd)
-		{
-	case SSL_CTRL_SET_MSG_CALLBACK:
-		s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
-		return 1;
-		
-	default:
-		return(s->method->ssl_callback_ctrl(s,cmd,fp));
-		}
-	}
-
-LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
-	{
-	return ctx->sessions;
-	}
-
-long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
-	{
-	long l;
-
-	switch (cmd)
-		{
-	case SSL_CTRL_GET_READ_AHEAD:
-		return(ctx->read_ahead);
-	case SSL_CTRL_SET_READ_AHEAD:
-		l=ctx->read_ahead;
-		ctx->read_ahead=larg;
-		return(l);
-		
-	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
-		ctx->msg_callback_arg = parg;
-		return 1;
-
-	case SSL_CTRL_GET_MAX_CERT_LIST:
-		return(ctx->max_cert_list);
-	case SSL_CTRL_SET_MAX_CERT_LIST:
-		l=ctx->max_cert_list;
-		ctx->max_cert_list=larg;
-		return(l);
-
-	case SSL_CTRL_SET_SESS_CACHE_SIZE:
-		l=ctx->session_cache_size;
-		ctx->session_cache_size=larg;
-		return(l);
-	case SSL_CTRL_GET_SESS_CACHE_SIZE:
-		return(ctx->session_cache_size);
-	case SSL_CTRL_SET_SESS_CACHE_MODE:
-		l=ctx->session_cache_mode;
-		ctx->session_cache_mode=larg;
-		return(l);
-	case SSL_CTRL_GET_SESS_CACHE_MODE:
-		return(ctx->session_cache_mode);
-
-	case SSL_CTRL_SESS_NUMBER:
-		return(lh_SSL_SESSION_num_items(ctx->sessions));
-	case SSL_CTRL_SESS_CONNECT:
-		return(ctx->stats.sess_connect);
-	case SSL_CTRL_SESS_CONNECT_GOOD:
-		return(ctx->stats.sess_connect_good);
-	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
-		return(ctx->stats.sess_connect_renegotiate);
-	case SSL_CTRL_SESS_ACCEPT:
-		return(ctx->stats.sess_accept);
-	case SSL_CTRL_SESS_ACCEPT_GOOD:
-		return(ctx->stats.sess_accept_good);
-	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
-		return(ctx->stats.sess_accept_renegotiate);
-	case SSL_CTRL_SESS_HIT:
-		return(ctx->stats.sess_hit);
-	case SSL_CTRL_SESS_CB_HIT:
-		return(ctx->stats.sess_cb_hit);
-	case SSL_CTRL_SESS_MISSES:
-		return(ctx->stats.sess_miss);
-	case SSL_CTRL_SESS_TIMEOUTS:
-		return(ctx->stats.sess_timeout);
-	case SSL_CTRL_SESS_CACHE_FULL:
-		return(ctx->stats.sess_cache_full);
-	case SSL_CTRL_OPTIONS:
-		return(ctx->options|=larg);
-	case SSL_CTRL_CLEAR_OPTIONS:
-		return(ctx->options&=~larg);
-	case SSL_CTRL_MODE:
-		return(ctx->mode|=larg);
-	case SSL_CTRL_CLEAR_MODE:
-		return(ctx->mode&=~larg);
-	case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
-		if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
-			return 0;
-		ctx->max_send_fragment = larg;
-		return 1;
-	default:
-		return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
-		}
-	}
-
-long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
-	{
-	switch(cmd)
-		{
-	case SSL_CTRL_SET_MSG_CALLBACK:
-		ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
-		return 1;
-
-	default:
-		return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
-		}
-	}
-
-int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
-	{
-	long l;
-
-	l=a->id-b->id;
-	if (l == 0L)
-		return(0);
-	else
-		return((l > 0)?1:-1);
-	}
-
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
-			const SSL_CIPHER * const *bp)
-	{
-	long l;
-
-	l=(*ap)->id-(*bp)->id;
-	if (l == 0L)
-		return(0);
-	else
-		return((l > 0)?1:-1);
-	}
-
-/** return a STACK of the ciphers available for the SSL and in order of
- * preference */
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
-	{
-	if (s != NULL)
-		{
-		if (s->cipher_list != NULL)
-			{
-			return(s->cipher_list);
-			}
-		else if ((s->ctx != NULL) &&
-			(s->ctx->cipher_list != NULL))
-			{
-			return(s->ctx->cipher_list);
-			}
-		}
-	return(NULL);
-	}
-
-/** return a STACK of the ciphers available for the SSL and in order of
- * algorithm id */
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
-	{
-	if (s != NULL)
-		{
-		if (s->cipher_list_by_id != NULL)
-			{
-			return(s->cipher_list_by_id);
-			}
-		else if ((s->ctx != NULL) &&
-			(s->ctx->cipher_list_by_id != NULL))
-			{
-			return(s->ctx->cipher_list_by_id);
-			}
-		}
-	return(NULL);
-	}
-
-/** The old interface to get the same thing as SSL_get_ciphers() */
-const char *SSL_get_cipher_list(const SSL *s,int n)
-	{
-	SSL_CIPHER *c;
-	STACK_OF(SSL_CIPHER) *sk;
-
-	if (s == NULL) return(NULL);
-	sk=SSL_get_ciphers(s);
-	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
-		return(NULL);
-	c=sk_SSL_CIPHER_value(sk,n);
-	if (c == NULL) return(NULL);
-	return(c->name);
-	}
-
-/** specify the ciphers to be used by default by the SSL_CTX */
-int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
-	{
-	STACK_OF(SSL_CIPHER) *sk;
-	
-	sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
-		&ctx->cipher_list_by_id,str);
-	/* ssl_create_cipher_list may return an empty stack if it
-	 * was unable to find a cipher matching the given rule string
-	 * (for example if the rule string specifies a cipher which
-	 * has been disabled). This is not an error as far as
-	 * ssl_create_cipher_list is concerned, and hence
-	 * ctx->cipher_list and ctx->cipher_list_by_id has been
-	 * updated. */
-	if (sk == NULL)
-		return 0;
-	else if (sk_SSL_CIPHER_num(sk) == 0)
-		{
-		SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
-		return 0;
-		}
-	return 1;
-	}
-
-/** specify the ciphers to be used by the SSL */
-int SSL_set_cipher_list(SSL *s,const char *str)
-	{
-	STACK_OF(SSL_CIPHER) *sk;
-	
-	sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
-		&s->cipher_list_by_id,str);
-	/* see comment in SSL_CTX_set_cipher_list */
-	if (sk == NULL)
-		return 0;
-	else if (sk_SSL_CIPHER_num(sk) == 0)
-		{
-		SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
-		return 0;
-		}
-	return 1;
-	}
-
-/** specify the ciphers to be used by the SSL */
-int SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk)
-	{
-	STACK_OF(SSL_CIPHER) *tmp_cipher_list;
-
-	if (sk == NULL)
-		return 0;
-
-        /* Based on end of ssl_create_cipher_list */
-	tmp_cipher_list = sk_SSL_CIPHER_dup(sk);
-	if (tmp_cipher_list == NULL)
-		{
-		return 0;
-		}
-	if (s->cipher_list != NULL)
-		sk_SSL_CIPHER_free(s->cipher_list);
-	s->cipher_list = sk;
-	if (s->cipher_list_by_id != NULL)
-		sk_SSL_CIPHER_free(s->cipher_list_by_id);
-	s->cipher_list_by_id = tmp_cipher_list;
-	(void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_cmp);
-
-	sk_SSL_CIPHER_sort(s->cipher_list_by_id);
-	return 1;
-	}
-
-/* works well for SSLv2, not so good for SSLv3 */
-char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
-	{
-	char *p;
-	STACK_OF(SSL_CIPHER) *sk;
-	SSL_CIPHER *c;
-	int i;
-
-	if ((s->session == NULL) || (s->session->ciphers == NULL) ||
-		(len < 2))
-		return(NULL);
-
-	p=buf;
-	sk=s->session->ciphers;
-
-	if (sk_SSL_CIPHER_num(sk) == 0)
-		return NULL;
-
-	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
-		{
-		int n;
-
-		c=sk_SSL_CIPHER_value(sk,i);
-		n=strlen(c->name);
-		if (n+1 > len)
-			{
-			if (p != buf)
-				--p;
-			*p='\0';
-			return buf;
-			}
-		strcpy(p,c->name);
-		p+=n;
-		*(p++)=':';
-		len-=n+1;
-		}
-	p[-1]='\0';
-	return(buf);
-	}
-
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
-			     int (*put_cb)(const SSL_CIPHER *, unsigned char *))
-	{
-	int i,j=0;
-	SSL_CIPHER *c;
-	unsigned char *q;
-#ifndef OPENSSL_NO_KRB5
-	int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
-#endif /* OPENSSL_NO_KRB5 */
-
-	if (sk == NULL) return(0);
-	q=p;
-	if (put_cb == NULL)
-		put_cb = s->method->put_cipher_by_char;
-
-	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
-		{
-		c=sk_SSL_CIPHER_value(sk,i);
-		/* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
-		if ((c->algorithm_ssl & SSL_TLSV1_2) && 
-			(TLS1_get_client_version(s) < TLS1_2_VERSION))
-			continue;
-#ifndef OPENSSL_NO_KRB5
-		if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
-		    nokrb5)
-		    continue;
-#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_PSK
-		/* with PSK there must be client callback set */
-		if ((c->algorithm_auth & SSL_aPSK) &&
-		    s->psk_client_callback == NULL)
-			continue;
-#endif /* OPENSSL_NO_PSK */
-#ifndef OPENSSL_NO_SRP
-		if (((c->algorithm_mkey & SSL_kSRP) || (c->algorithm_auth & SSL_aSRP)) &&
-		    !(s->srp_ctx.srp_Mask & SSL_kSRP))
-		    continue;
-#endif /* OPENSSL_NO_SRP */
-		j = put_cb(c,p);
-		p+=j;
-		}
-	/* If p == q, no ciphers; caller indicates an error.
-	 * Otherwise, add applicable SCSVs. */
-	if (p != q)
-		{
-		if (!s->renegotiate)
-			{
-			static SSL_CIPHER scsv =
-				{
-				0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-				};
-			j = put_cb(&scsv,p);
-			p+=j;
-#ifdef OPENSSL_RI_DEBUG
-			fprintf(stderr, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n");
-#endif
-			}
-
-		if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV)
-			{
-			static SSL_CIPHER scsv =
-				{
-				0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-				};
-			j = put_cb(&scsv,p);
-			p+=j;
-			}
- 		}
-
-	return(p-q);
-	}
-
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
-					       STACK_OF(SSL_CIPHER) **skp)
-	{
-	const SSL_CIPHER *c;
-	STACK_OF(SSL_CIPHER) *sk;
-	int i,n;
-
-	if (s->s3)
-		s->s3->send_connection_binding = 0;
-
-	n=ssl_put_cipher_by_char(s,NULL,NULL);
-	if (n == 0 || (num%n) != 0)
-		{
-		SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
-		return(NULL);
-		}
-	if ((skp == NULL) || (*skp == NULL))
-		sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
-	else
-		{
-		sk= *skp;
-		sk_SSL_CIPHER_zero(sk);
-		}
-
-	for (i=0; i<num; i+=n)
-		{
-		/* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
-		if (s->s3 && (n != 3 || !p[0]) &&
-			(p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
-			(p[n-1] == (SSL3_CK_SCSV & 0xff)))
-			{
-			/* SCSV fatal if renegotiating */
-			if (s->renegotiate)
-				{
-				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 
-				goto err;
-				}
-			s->s3->send_connection_binding = 1;
-			p += n;
-#ifdef OPENSSL_RI_DEBUG
-			fprintf(stderr, "SCSV received by server\n");
-#endif
-			continue;
-			}
-
-		/* Check for TLS_FALLBACK_SCSV */
-		if ((n != 3 || !p[0]) &&
-			(p[n-2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
-			(p[n-1] == (SSL3_CK_FALLBACK_SCSV & 0xff)))
-			{
-			/* The SCSV indicates that the client previously tried a higher version.
-			 * Fail if the current version is an unexpected downgrade. */
-			if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL))
-				{
-				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_INAPPROPRIATE_FALLBACK);
-				if (s->s3)
-					ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK);
-				goto err;
-				}
-			p += n;
-			continue;
-			}
-
-		c=ssl_get_cipher_by_char(s,p);
-		p+=n;
-		if (c != NULL)
-			{
-			if (!sk_SSL_CIPHER_push(sk,c))
-				{
-				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			}
-		}
-
-	if (skp != NULL)
-		*skp=sk;
-	return(sk);
-err:
-	if ((skp == NULL) || (*skp == NULL))
-		sk_SSL_CIPHER_free(sk);
-	return(NULL);
-	}
-
-
-#ifndef OPENSSL_NO_TLSEXT
-/** return a servername extension value if provided in Client Hello, or NULL.
- * So far, only host_name types are defined (RFC 3546).
- */
-
-const char *SSL_get_servername(const SSL *s, const int type)
-	{
-	if (type != TLSEXT_NAMETYPE_host_name)
-		return NULL;
-
-	return s->session && !s->tlsext_hostname ?
-		s->session->tlsext_hostname :
-		s->tlsext_hostname;
-	}
-
-int SSL_get_servername_type(const SSL *s)
-	{
-	if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
-		return TLSEXT_NAMETYPE_host_name;
-	return -1;
-	}
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-/* SSL_select_next_proto implements the standard protocol selection. It is
- * expected that this function is called from the callback set by
- * SSL_CTX_set_next_proto_select_cb.
- *
- * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
- * strings. The length byte itself is not included in the length. A byte
- * string of length 0 is invalid. No byte string may be truncated.
- *
- * The current, but experimental algorithm for selecting the protocol is:
- *
- * 1) If the server doesn't support NPN then this is indicated to the
- * callback. In this case, the client application has to abort the connection
- * or have a default application level protocol.
- *
- * 2) If the server supports NPN, but advertises an empty list then the
- * client selects the first protcol in its list, but indicates via the
- * API that this fallback case was enacted.
- *
- * 3) Otherwise, the client finds the first protocol in the server's list
- * that it supports and selects this protocol. This is because it's
- * assumed that the server has better information about which protocol
- * a client should use.
- *
- * 4) If the client doesn't support any of the server's advertised
- * protocols, then this is treated the same as case 2.
- *
- * It returns either
- * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
- * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
- */
-int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len)
-	{
-	unsigned int i, j;
-	const unsigned char *result;
-	int status = OPENSSL_NPN_UNSUPPORTED;
-
-	/* For each protocol in server preference order, see if we support it. */
-	for (i = 0; i < server_len; )
-		{
-		for (j = 0; j < client_len; )
-			{
-			if (server[i] == client[j] &&
-			    memcmp(&server[i+1], &client[j+1], server[i]) == 0)
-				{
-				/* We found a match */
-				result = &server[i];
-				status = OPENSSL_NPN_NEGOTIATED;
-				goto found;
-				}
-			j += client[j];
-			j++;
-			}
-		i += server[i];
-		i++;
-		}
-
-	/* There's no overlap between our protocols and the server's list. */
-	result = client;
-	status = OPENSSL_NPN_NO_OVERLAP;
-
-	found:
-	*out = (unsigned char *) result + 1;
-	*outlen = result[0];
-	return status;
-	}
-
-/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
- * requested protocol for this connection and returns 0. If the client didn't
- * request any protocol, then *data is set to NULL.
- *
- * Note that the client can request any protocol it chooses. The value returned
- * from this function need not be a member of the list of supported protocols
- * provided by the callback.
- */
-void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len)
-	{
-	*data = s->next_proto_negotiated;
-	if (!*data) {
-		*len = 0;
-	} else {
-		*len = s->next_proto_negotiated_len;
-	}
-}
-
-/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
- * TLS server needs a list of supported protocols for Next Protocol
- * Negotiation. The returned list must be in wire format.  The list is returned
- * by setting |out| to point to it and |outlen| to its length. This memory will
- * not be modified, but one should assume that the SSL* keeps a reference to
- * it.
- *
- * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no
- * such extension will be included in the ServerHello. */
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
-	{
-	ctx->next_protos_advertised_cb = cb;
-	ctx->next_protos_advertised_cb_arg = arg;
-	}
-
-/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
- * client needs to select a protocol from the server's provided list. |out|
- * must be set to point to the selected protocol (which may be within |in|).
- * The length of the protocol name must be written into |outlen|. The server's
- * advertised protocols are provided in |in| and |inlen|. The callback can
- * assume that |in| is syntactically valid.
- *
- * The client must select a protocol. It is fatal to the connection if this
- * callback returns a value other than SSL_TLSEXT_ERR_OK.
- */
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg)
-	{
-	ctx->next_proto_select_cb = cb;
-	ctx->next_proto_select_cb_arg = arg;
-	}
-# endif
-
-/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
- * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
- * length-prefixed strings).
- *
- * Returns 0 on success. */
-int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
-			    unsigned protos_len)
-	{
-	if (ctx->alpn_client_proto_list)
-		OPENSSL_free(ctx->alpn_client_proto_list);
-
-	ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len);
-	if (!ctx->alpn_client_proto_list)
-		return 1;
-	memcpy(ctx->alpn_client_proto_list, protos, protos_len);
-	ctx->alpn_client_proto_list_len = protos_len;
-
-	return 0;
-	}
-
-/* SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
- * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
- * length-prefixed strings).
- *
- * Returns 0 on success. */
-int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
-			unsigned protos_len)
-	{
-	if (ssl->alpn_client_proto_list)
-		OPENSSL_free(ssl->alpn_client_proto_list);
-
-	ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len);
-	if (!ssl->alpn_client_proto_list)
-		return 1;
-	memcpy(ssl->alpn_client_proto_list, protos, protos_len);
-	ssl->alpn_client_proto_list_len = protos_len;
-
-	return 0;
-	}
-
-/* SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called
- * during ClientHello processing in order to select an ALPN protocol from the
- * client's list of offered protocols. */
-void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
-				int (*cb) (SSL *ssl,
-					   const unsigned char **out,
-					   unsigned char *outlen,
-					   const unsigned char *in,
-					   unsigned int inlen,
-					   void *arg),
-				void *arg)
-	{
-	ctx->alpn_select_cb = cb;
-	ctx->alpn_select_cb_arg = arg;
-	}
-
-/* SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
- * On return it sets |*data| to point to |*len| bytes of protocol name (not
- * including the leading length-prefix byte). If the server didn't respond with
- * a negotiated protocol then |*len| will be zero. */
-void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
-			    unsigned *len)
-	{
-	*data = NULL;
-	if (ssl->s3)
-		*data = ssl->s3->alpn_selected;
-	if (*data == NULL)
-		*len = 0;
-	else
-		*len = ssl->s3->alpn_selected_len;
-	}
-#endif
-
-int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-	const char *label, size_t llen, const unsigned char *p, size_t plen,
-	int use_context)
-	{
-	if (s->version < TLS1_VERSION)
-		return -1;
-
-	return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
-							   llen, p, plen,
-							   use_context);
-	}
-
-static unsigned long ssl_session_hash(const SSL_SESSION *a)
-	{
-	unsigned long l;
-
-	l=(unsigned long)
-		((unsigned int) a->session_id[0]     )|
-		((unsigned int) a->session_id[1]<< 8L)|
-		((unsigned long)a->session_id[2]<<16L)|
-		((unsigned long)a->session_id[3]<<24L);
-	return(l);
-	}
-
-/* NB: If this function (or indeed the hash function which uses a sort of
- * coarser function than this one) is changed, ensure
- * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
- * able to construct an SSL_SESSION that will collide with any existing session
- * with a matching session ID. */
-static int ssl_session_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
-	{
-	if (a->ssl_version != b->ssl_version)
-		return(1);
-	if (a->session_id_length != b->session_id_length)
-		return(1);
-	return(memcmp(a->session_id,b->session_id,a->session_id_length));
-	}
-
-/* These wrapper functions should remain rather than redeclaring
- * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
- * variable. The reason is that the functions aren't static, they're exposed via
- * ssl.h. */
-static IMPLEMENT_LHASH_HASH_FN(ssl_session, SSL_SESSION)
-static IMPLEMENT_LHASH_COMP_FN(ssl_session, SSL_SESSION)
-
-SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
-	{
-	SSL_CTX *ret=NULL;
-
-	if (meth == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
-		return(NULL);
-		}
-
-#ifdef OPENSSL_FIPS
-	if (FIPS_mode() && (meth->version < TLS1_VERSION))	
-		{
-		SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
-		return NULL;
-		}
-#endif
-
-	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
-		{
-		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
-		goto err;
-		}
-	ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
-	if (ret == NULL)
-		goto err;
-
-	memset(ret,0,sizeof(SSL_CTX));
-
-	ret->method=meth;
-
-	ret->cert_store=NULL;
-	ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
-	ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
-	ret->session_cache_head=NULL;
-	ret->session_cache_tail=NULL;
-
-	/* We take the system default */
-	ret->session_timeout=meth->get_timeout();
-
-	ret->new_session_cb=0;
-	ret->remove_session_cb=0;
-	ret->get_session_cb=0;
-	ret->generate_session_id=0;
-
-	memset((char *)&ret->stats,0,sizeof(ret->stats));
-
-	ret->references=1;
-	ret->quiet_shutdown=0;
-
-/*	ret->cipher=NULL;*/
-/*	ret->s2->challenge=NULL;
-	ret->master_key=NULL;
-	ret->key_arg=NULL;
-	ret->s2->conn_id=NULL; */
-
-	ret->info_callback=NULL;
-
-	ret->app_verify_callback=0;
-	ret->app_verify_arg=NULL;
-
-	ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
-	ret->read_ahead=0;
-	ret->msg_callback=0;
-	ret->msg_callback_arg=NULL;
-	ret->verify_mode=SSL_VERIFY_NONE;
-#if 0
-	ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
-#endif
-	ret->sid_ctx_length=0;
-	ret->default_verify_callback=NULL;
-	if ((ret->cert=ssl_cert_new()) == NULL)
-		goto err;
-
-	ret->default_passwd_callback=0;
-	ret->default_passwd_callback_userdata=NULL;
-	ret->client_cert_cb=0;
-	ret->app_gen_cookie_cb=0;
-	ret->app_verify_cookie_cb=0;
-
-	ret->sessions=lh_SSL_SESSION_new();
-	if (ret->sessions == NULL) goto err;
-	ret->cert_store=X509_STORE_new();
-	if (ret->cert_store == NULL) goto err;
-
-	ssl_create_cipher_list(ret->method,
-		&ret->cipher_list,&ret->cipher_list_by_id,
-		meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST);
-	if (ret->cipher_list == NULL
-	    || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
-		{
-		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
-		goto err2;
-		}
-
-	ret->param = X509_VERIFY_PARAM_new();
-	if (!ret->param)
-		goto err;
-
-	if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
-		goto err2;
-		}
-	if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
-		goto err2;
-		}
-	if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
-		goto err2;
-		}
-
-	if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
-		goto err;
-
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
-
-	ret->extra_certs=NULL;
-	/* No compression for DTLS */
-	if (meth->version != DTLS1_VERSION)
-		ret->comp_methods=SSL_COMP_get_compression_methods();
-
-	ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
-
-#ifndef OPENSSL_NO_TLSEXT
-	ret->tlsext_servername_callback = 0;
-	ret->tlsext_servername_arg = NULL;
-	/* Setup RFC4507 ticket keys */
-	if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
-		|| (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
-		|| (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
-		ret->options |= SSL_OP_NO_TICKET;
-
-	ret->tlsext_status_cb = 0;
-	ret->tlsext_status_arg = NULL;
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-	ret->next_protos_advertised_cb = 0;
-	ret->next_proto_select_cb = 0;
-# endif
-#endif
-#ifndef OPENSSL_NO_PSK
-	ret->psk_identity_hint=NULL;
-	ret->psk_client_callback=NULL;
-	ret->psk_server_callback=NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-	SSL_CTX_SRP_CTX_init(ret);
-#endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
-	ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
-	ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
-	if (!ret->rbuf_freelist)
-		goto err;
-	ret->rbuf_freelist->chunklen = 0;
-	ret->rbuf_freelist->len = 0;
-	ret->rbuf_freelist->head = NULL;
-	ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
-	if (!ret->wbuf_freelist)
-		{
-		OPENSSL_free(ret->rbuf_freelist);
-		goto err;
-		}
-	ret->wbuf_freelist->chunklen = 0;
-	ret->wbuf_freelist->len = 0;
-	ret->wbuf_freelist->head = NULL;
-#endif
-#ifndef OPENSSL_NO_ENGINE
-	ret->client_cert_engine = NULL;
-#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
-#define eng_strx(x)	#x
-#define eng_str(x)	eng_strx(x)
-	/* Use specific client engine automatically... ignore errors */
-	{
-	ENGINE *eng;
-	eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
-	if (!eng)
-		{
-		ERR_clear_error();
-		ENGINE_load_builtin_engines();
-		eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
-		}
-	if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
-		ERR_clear_error();
-	}
-#endif
-#endif
-	/* Default is to connect to non-RI servers. When RI is more widely
-	 * deployed might change this.
-	 */
-	ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
-
-	return(ret);
-err:
-	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
-err2:
-	if (ret != NULL) SSL_CTX_free(ret);
-	return(NULL);
-	}
-
-#if 0
-static void SSL_COMP_free(SSL_COMP *comp)
-    { OPENSSL_free(comp); }
-#endif
-
-#ifndef OPENSSL_NO_BUF_FREELISTS
-static void
-ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
-	{
-	SSL3_BUF_FREELIST_ENTRY *ent, *next;
-	for (ent = list->head; ent; ent = next)
-		{
-		next = ent->next;
-		OPENSSL_free(ent);
-		}
-	OPENSSL_free(list);
-	}
-#endif
-
-void SSL_CTX_free(SSL_CTX *a)
-	{
-	int i;
-
-	if (a == NULL) return;
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
-#ifdef REF_PRINT
-	REF_PRINT("SSL_CTX",a);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"SSL_CTX_free, bad reference count\n");
-		abort(); /* ok */
-		}
-#endif
-
-	if (a->param)
-		X509_VERIFY_PARAM_free(a->param);
-
-	/*
-	 * Free internal session cache. However: the remove_cb() may reference
-	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
-	 * after the sessions were flushed.
-	 * As the ex_data handling routines might also touch the session cache,
-	 * the most secure solution seems to be: empty (flush) the cache, then
-	 * free ex_data, then finally free the cache.
-	 * (See ticket [openssl.org #212].)
-	 */
-	if (a->sessions != NULL)
-		SSL_CTX_flush_sessions(a,0);
-
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
-
-	if (a->sessions != NULL)
-		lh_SSL_SESSION_free(a->sessions);
-
-	if (a->cert_store != NULL)
-		X509_STORE_free(a->cert_store);
-	if (a->cipher_list != NULL)
-		sk_SSL_CIPHER_free(a->cipher_list);
-	if (a->cipher_list_by_id != NULL)
-		sk_SSL_CIPHER_free(a->cipher_list_by_id);
-	if (a->cert != NULL)
-		ssl_cert_free(a->cert);
-	if (a->client_CA != NULL)
-		sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
-	if (a->extra_certs != NULL)
-		sk_X509_pop_free(a->extra_certs,X509_free);
-#if 0 /* This should never be done, since it removes a global database */
-	if (a->comp_methods != NULL)
-		sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
-#else
-	a->comp_methods = NULL;
-#endif
-
-#ifndef OPENSSL_NO_SRTP
-        if (a->srtp_profiles)
-                sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
-#endif
-
-#ifndef OPENSSL_NO_PSK
-	if (a->psk_identity_hint)
-		OPENSSL_free(a->psk_identity_hint);
-#endif
-#ifndef OPENSSL_NO_SRP
-	SSL_CTX_SRP_CTX_free(a);
-#endif
-#ifndef OPENSSL_NO_ENGINE
-	if (a->client_cert_engine)
-		ENGINE_finish(a->client_cert_engine);
-#endif
-
-#ifndef OPENSSL_NO_BUF_FREELISTS
-	if (a->wbuf_freelist)
-		ssl_buf_freelist_free(a->wbuf_freelist);
-	if (a->rbuf_freelist)
-		ssl_buf_freelist_free(a->rbuf_freelist);
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-	if (a->tlsext_channel_id_private)
-		EVP_PKEY_free(a->tlsext_channel_id_private);
-	if (a->alpn_client_proto_list != NULL)
-		OPENSSL_free(a->alpn_client_proto_list);
-#endif
-
-	OPENSSL_free(a);
-	}
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
-	{
-	ctx->default_passwd_callback=cb;
-	}
-
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
-	{
-	ctx->default_passwd_callback_userdata=u;
-	}
-
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
-	{
-	ctx->app_verify_callback=cb;
-	ctx->app_verify_arg=arg;
-	}
-
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
-	{
-	ctx->verify_mode=mode;
-	ctx->default_verify_callback=cb;
-	}
-
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
-	{
-	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
-	}
-
-void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
-	{
-	CERT_PKEY *cpk;
-	int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
-	int rsa_enc_export,dh_rsa_export,dh_dsa_export;
-	int rsa_tmp_export,dh_tmp_export,kl;
-	unsigned long mask_k,mask_a,emask_k,emask_a;
-	int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
-#ifndef OPENSSL_NO_ECDH
-	int have_ecdh_tmp;
-#endif
-	X509 *x = NULL;
-	EVP_PKEY *ecc_pkey = NULL;
-	int signature_nid = 0, pk_nid = 0, md_nid = 0;
-
-	if (c == NULL) return;
-
-	kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
-
-#ifndef OPENSSL_NO_RSA
-	rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
-	rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
-		(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
-#else
-	rsa_tmp=rsa_tmp_export=0;
-#endif
-#ifndef OPENSSL_NO_DH
-	dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
-	dh_tmp_export=(c->dh_tmp_cb != NULL ||
-		(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
-#else
-	dh_tmp=dh_tmp_export=0;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-	have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
-#endif
-	cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
-	rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
-	rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
-	cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
-	rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
-	cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
-	dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
-	cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
-	dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
-	dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
-	cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
-/* FIX THIS EAY EAY EAY */
-	dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
-	dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
-	cpk= &(c->pkeys[SSL_PKEY_ECC]);
-	have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
-	mask_k=0;
-	mask_a=0;
-	emask_k=0;
-	emask_a=0;
-
-	
-
-#ifdef CIPHER_DEBUG
-	fprintf(stderr,"rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
-	        rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
-		rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
-#endif
-	
-	cpk = &(c->pkeys[SSL_PKEY_GOST01]);
-	if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
-		mask_k |= SSL_kGOST;
-		mask_a |= SSL_aGOST01;
-	}
-	cpk = &(c->pkeys[SSL_PKEY_GOST94]);
-	if (cpk->x509 != NULL && cpk->privatekey !=NULL) {
-		mask_k |= SSL_kGOST;
-		mask_a |= SSL_aGOST94;
-	}
-
-	if (rsa_enc || (rsa_tmp && rsa_sign))
-		mask_k|=SSL_kRSA;
-	if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
-		emask_k|=SSL_kRSA;
-
-#if 0
-	/* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
-	if (	(dh_tmp || dh_rsa || dh_dsa) &&
-		(rsa_enc || rsa_sign || dsa_sign))
-		mask_k|=SSL_kEDH;
-	if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
-		(rsa_enc || rsa_sign || dsa_sign))
-		emask_k|=SSL_kEDH;
-#endif
-
-	if (dh_tmp_export)
-		emask_k|=SSL_kEDH;
-
-	if (dh_tmp)
-		mask_k|=SSL_kEDH;
-
-	if (dh_rsa) mask_k|=SSL_kDHr;
-	if (dh_rsa_export) emask_k|=SSL_kDHr;
-
-	if (dh_dsa) mask_k|=SSL_kDHd;
-	if (dh_dsa_export) emask_k|=SSL_kDHd;
-
-	if (rsa_enc || rsa_sign)
-		{
-		mask_a|=SSL_aRSA;
-		emask_a|=SSL_aRSA;
-		}
-
-	if (dsa_sign)
-		{
-		mask_a|=SSL_aDSS;
-		emask_a|=SSL_aDSS;
-		}
-
-	mask_a|=SSL_aNULL;
-	emask_a|=SSL_aNULL;
-
-#ifndef OPENSSL_NO_KRB5
-	mask_k|=SSL_kKRB5;
-	mask_a|=SSL_aKRB5;
-	emask_k|=SSL_kKRB5;
-	emask_a|=SSL_aKRB5;
-#endif
-
-	/* An ECC certificate may be usable for ECDH and/or
-	 * ECDSA cipher suites depending on the key usage extension.
-	 */
-	if (have_ecc_cert)
-		{
-		/* This call populates extension flags (ex_flags) */
-		x = (c->pkeys[SSL_PKEY_ECC]).x509;
-		X509_check_purpose(x, -1, 0);
-		ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
-		    (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
-		ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
-		    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
-		ecc_pkey = X509_get_pubkey(x);
-		ecc_pkey_size = (ecc_pkey != NULL) ?
-		    EVP_PKEY_bits(ecc_pkey) : 0;
-		EVP_PKEY_free(ecc_pkey);
-		if ((x->sig_alg) && (x->sig_alg->algorithm))
-			{
-			signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-			OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
-			}
-#ifndef OPENSSL_NO_ECDH
-		if (ecdh_ok)
-			{
-
-			if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
-				{
-				mask_k|=SSL_kECDHr;
-				mask_a|=SSL_aECDH;
-				if (ecc_pkey_size <= 163)
-					{
-					emask_k|=SSL_kECDHr;
-					emask_a|=SSL_aECDH;
-					}
-				}
-
-			if (pk_nid == NID_X9_62_id_ecPublicKey)
-				{
-				mask_k|=SSL_kECDHe;
-				mask_a|=SSL_aECDH;
-				if (ecc_pkey_size <= 163)
-					{
-					emask_k|=SSL_kECDHe;
-					emask_a|=SSL_aECDH;
-					}
-				}
-			}
-#endif
-#ifndef OPENSSL_NO_ECDSA
-		if (ecdsa_ok)
-			{
-			mask_a|=SSL_aECDSA;
-			emask_a|=SSL_aECDSA;
-			}
-#endif
-		}
-
-#ifndef OPENSSL_NO_ECDH
-	if (have_ecdh_tmp)
-		{
-		mask_k|=SSL_kEECDH;
-		emask_k|=SSL_kEECDH;
-		}
-#endif
-
-#ifndef OPENSSL_NO_PSK
-	mask_k |= SSL_kPSK;
-	mask_a |= SSL_aPSK;
-	emask_k |= SSL_kPSK;
-	emask_a |= SSL_aPSK;
-#endif
-
-	c->mask_k=mask_k;
-	c->mask_a=mask_a;
-	c->export_mask_k=emask_k;
-	c->export_mask_a=emask_a;
-	c->valid=1;
-	}
-
-/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
-#define ku_reject(x, usage) \
-	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-
-#ifndef OPENSSL_NO_EC
-
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
-	{
-	unsigned long alg_k, alg_a;
-	EVP_PKEY *pkey = NULL;
-	int keysize = 0;
-	int signature_nid = 0, md_nid = 0, pk_nid = 0;
-	const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
-
-	alg_k = cs->algorithm_mkey;
-	alg_a = cs->algorithm_auth;
-
-	if (SSL_C_IS_EXPORT(cs))
-		{
-		/* ECDH key length in export ciphers must be <= 163 bits */
-		pkey = X509_get_pubkey(x);
-		if (pkey == NULL) return 0;
-		keysize = EVP_PKEY_bits(pkey);
-		EVP_PKEY_free(pkey);
-		if (keysize > 163) return 0;
-		}
-
-	/* This call populates the ex_flags field correctly */
-	X509_check_purpose(x, -1, 0);
-	if ((x->sig_alg) && (x->sig_alg->algorithm))
-		{
-		signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-		OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
-		}
-	if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
-		{
-		/* key usage, if present, must allow key agreement */
-		if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
-			{
-			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
-			return 0;
-			}
-		if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
-			{
-			/* signature alg must be ECDSA */
-			if (pk_nid != NID_X9_62_id_ecPublicKey)
-				{
-				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
-				return 0;
-				}
-			}
-		if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION)
-			{
-			/* signature alg must be RSA */
-
-			if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
-				{
-				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
-				return 0;
-				}
-			}
-		}
-	if (alg_a & SSL_aECDSA)
-		{
-		/* key usage, if present, must allow signing */
-		if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
-			{
-			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
-			return 0;
-			}
-		}
-
-	return 1;  /* all checks are ok */
-	}
-
-#endif
-
-/* THIS NEEDS CLEANING UP */
-CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
-	{
-	unsigned long alg_k,alg_a;
-	CERT *c;
-	int i;
-
-	c=s->cert;
-	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
-	
-	alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-	alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-
-	if (alg_k & (SSL_kECDHr|SSL_kECDHe))
-		{
-		/* we don't need to look at SSL_kEECDH
-		 * since no certificate is needed for
-		 * anon ECDH and for authenticated
-		 * EECDH, the check for the auth
-		 * algorithm will set i correctly
-		 * NOTE: For ECDH-RSA, we need an ECC
-		 * not an RSA cert but for EECDH-RSA
-		 * we need an RSA cert. Placing the
-		 * checks for SSL_kECDH before RSA
-		 * checks ensures the correct cert is chosen.
-		 */
-		i=SSL_PKEY_ECC;
-		}
-	else if (alg_a & SSL_aECDSA)
-		{
-		i=SSL_PKEY_ECC;
-		}
-	else if (alg_k & SSL_kDHr)
-		i=SSL_PKEY_DH_RSA;
-	else if (alg_k & SSL_kDHd)
-		i=SSL_PKEY_DH_DSA;
-	else if (alg_a & SSL_aDSS)
-		i=SSL_PKEY_DSA_SIGN;
-	else if (alg_a & SSL_aRSA)
-		{
-		if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
-			i=SSL_PKEY_RSA_SIGN;
-		else
-			i=SSL_PKEY_RSA_ENC;
-		}
-	else if (alg_a & SSL_aKRB5)
-		{
-		/* VRS something else here? */
-		return(NULL);
-		}
-	else if (alg_a & SSL_aGOST94) 
-		i=SSL_PKEY_GOST94;
-	else if (alg_a & SSL_aGOST01)
-		i=SSL_PKEY_GOST01;
-	else /* if (alg_a & SSL_aNULL) */
-		{
-		SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR);
-		return(NULL);
-		}
-
-	return c->pkeys + i;
-	}
-
-X509 *ssl_get_server_send_cert(const SSL *s)
-	{
-	CERT_PKEY *cpk;
-	cpk = ssl_get_server_send_pkey(s);
-	if (!cpk)
-		return NULL;
-	return cpk->x509;
-	}
-
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
-	{
-	unsigned long alg_a;
-	CERT *c;
-
-	alg_a = cipher->algorithm_auth;
-	c=s->cert;
-
-	/* SHA1 is the default for all signature algorithms up to TLS 1.2,
-	 * except RSA which is handled specially in s3_srvr.c */
-	if (pmd)
-		*pmd = EVP_sha1();
-
-	if ((alg_a & SSL_aDSS) &&
-	    (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
-		{
-		if (pmd && s->s3 && s->s3->digest_dsa)
-			*pmd = s->s3->digest_dsa;
-		return c->pkeys[SSL_PKEY_DSA_SIGN].privatekey;
-		}
-	else if (alg_a & SSL_aRSA)
-		{
-		if (pmd && s->s3 && s->s3->digest_rsa)
-			*pmd = s->s3->digest_rsa;
-		if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
-			return c->pkeys[SSL_PKEY_RSA_SIGN].privatekey;
-		if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
-			return c->pkeys[SSL_PKEY_RSA_ENC].privatekey;
-		}
-	else if ((alg_a & SSL_aECDSA) &&
-	         (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
-		{
-		if (pmd && s->s3 && s->s3->digest_ecdsa)
-			*pmd = s->s3->digest_ecdsa;
-		return c->pkeys[SSL_PKEY_ECC].privatekey;
-		}
-
-	SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
-	return(NULL);
-	}
-
-void ssl_update_cache(SSL *s,int mode)
-	{
-	int i;
-
-	/* If the session_id_length is 0, we are not supposed to cache it,
-	 * and it would be rather hard to do anyway :-) */
-	if (s->session->session_id_length == 0) return;
-
-	i=s->session_ctx->session_cache_mode;
-	if ((i & mode) && (!s->hit)
-		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
-		    || SSL_CTX_add_session(s->session_ctx,s->session))
-		&& (s->session_ctx->new_session_cb != NULL))
-		{
-		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
-		if (!s->session_ctx->new_session_cb(s,s->session))
-			SSL_SESSION_free(s->session);
-		}
-
-	/* auto flush every 255 connections */
-	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
-		((i & mode) == mode))
-		{
-		if (  (((mode & SSL_SESS_CACHE_CLIENT)
-			?s->session_ctx->stats.sess_connect_good
-			:s->session_ctx->stats.sess_accept_good) & 0xff) == 0xff)
-			{
-			SSL_CTX_flush_sessions(s->session_ctx,(unsigned long)time(NULL));
-			}
-		}
-	}
-
-const SSL_METHOD *SSL_get_ssl_method(SSL *s)
-	{
-	return(s->method);
-	}
-
-int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
-	{
-	int conn= -1;
-	int ret=1;
-
-	if (s->method != meth)
-		{
-		if (s->handshake_func != NULL)
-			conn=(s->handshake_func == s->method->ssl_connect);
-
-		if (s->method->version == meth->version)
-			s->method=meth;
-		else
-			{
-			s->method->ssl_free(s);
-			s->method=meth;
-			ret=s->method->ssl_new(s);
-			}
-
-		if (conn == 1)
-			s->handshake_func=meth->ssl_connect;
-		else if (conn == 0)
-			s->handshake_func=meth->ssl_accept;
-		}
-	return(ret);
-	}
-
-int SSL_get_error(const SSL *s,int i)
-	{
-	int reason;
-	unsigned long l;
-	BIO *bio;
-
-	if (i > 0) return(SSL_ERROR_NONE);
-
-	/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
-	 * etc, where we do encode the error */
-	if ((l=ERR_peek_error()) != 0)
-		{
-		if (ERR_GET_LIB(l) == ERR_LIB_SYS)
-			return(SSL_ERROR_SYSCALL);
-		else
-			return(SSL_ERROR_SSL);
-		}
-
-	if ((i < 0) && SSL_want_read(s))
-		{
-		bio=SSL_get_rbio(s);
-		if (BIO_should_read(bio))
-			return(SSL_ERROR_WANT_READ);
-		else if (BIO_should_write(bio))
-			/* This one doesn't make too much sense ... We never try
-			 * to write to the rbio, and an application program where
-			 * rbio and wbio are separate couldn't even know what it
-			 * should wait for.
-			 * However if we ever set s->rwstate incorrectly
-			 * (so that we have SSL_want_read(s) instead of
-			 * SSL_want_write(s)) and rbio and wbio *are* the same,
-			 * this test works around that bug; so it might be safer
-			 * to keep it. */
-			return(SSL_ERROR_WANT_WRITE);
-		else if (BIO_should_io_special(bio))
-			{
-			reason=BIO_get_retry_reason(bio);
-			if (reason == BIO_RR_CONNECT)
-				return(SSL_ERROR_WANT_CONNECT);
-			else if (reason == BIO_RR_ACCEPT)
-				return(SSL_ERROR_WANT_ACCEPT);
-			else
-				return(SSL_ERROR_SYSCALL); /* unknown */
-			}
-		}
-
-	if ((i < 0) && SSL_want_write(s))
-		{
-		bio=SSL_get_wbio(s);
-		if (BIO_should_write(bio))
-			return(SSL_ERROR_WANT_WRITE);
-		else if (BIO_should_read(bio))
-			/* See above (SSL_want_read(s) with BIO_should_write(bio)) */
-			return(SSL_ERROR_WANT_READ);
-		else if (BIO_should_io_special(bio))
-			{
-			reason=BIO_get_retry_reason(bio);
-			if (reason == BIO_RR_CONNECT)
-				return(SSL_ERROR_WANT_CONNECT);
-			else if (reason == BIO_RR_ACCEPT)
-				return(SSL_ERROR_WANT_ACCEPT);
-			else
-				return(SSL_ERROR_SYSCALL);
-			}
-		}
-	if ((i < 0) && SSL_want_x509_lookup(s))
-		{
-		return(SSL_ERROR_WANT_X509_LOOKUP);
-		}
-	if ((i < 0) && SSL_want_channel_id_lookup(s))
-		{
-		return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP);
-		}
-
-	if (i == 0)
-		{
-		if (s->version == SSL2_VERSION)
-			{
-			/* assume it is the socket being closed */
-			return(SSL_ERROR_ZERO_RETURN);
-			}
-		else
-			{
-			if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
-				(s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
-				return(SSL_ERROR_ZERO_RETURN);
-			}
-		}
-	return(SSL_ERROR_SYSCALL);
-	}
-
-int SSL_do_handshake(SSL *s)
-	{
-	int ret=1;
-
-	if (s->handshake_func == NULL)
-		{
-		SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
-		return(-1);
-		}
-
-	s->method->ssl_renegotiate_check(s);
-
-	if (SSL_in_init(s) || SSL_in_before(s))
-		{
-		ret=s->handshake_func(s);
-		}
-	return(ret);
-	}
-
-/* For the next 2 functions, SSL_clear() sets shutdown and so
- * one of these calls will reset it */
-void SSL_set_accept_state(SSL *s)
-	{
-	s->server=1;
-	s->shutdown=0;
-	s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
-	s->handshake_func=s->method->ssl_accept;
-	/* clear the current cipher */
-	ssl_clear_cipher_ctx(s);
-	ssl_clear_hash_ctx(&s->read_hash);
-	ssl_clear_hash_ctx(&s->write_hash);
-	}
-
-void SSL_set_connect_state(SSL *s)
-	{
-	s->server=0;
-	s->shutdown=0;
-	s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
-	s->handshake_func=s->method->ssl_connect;
-	/* clear the current cipher */
-	ssl_clear_cipher_ctx(s);
-	ssl_clear_hash_ctx(&s->read_hash);
-	ssl_clear_hash_ctx(&s->write_hash);
-	}
-
-int ssl_undefined_function(SSL *s)
-	{
-	SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-	return(0);
-	}
-
-int ssl_undefined_void_function(void)
-	{
-	SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-	return(0);
-	}
-
-int ssl_undefined_const_function(const SSL *s)
-	{
-	SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-	return(0);
-	}
-
-SSL_METHOD *ssl_bad_method(int ver)
-	{
-	SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-	return(NULL);
-	}
-
-static const char *ssl_get_version(int version)
-	{
-	if (version == TLS1_2_VERSION)
-		return("TLSv1.2");
-	else if (version == TLS1_1_VERSION)
-		return("TLSv1.1");
-	else if (version == TLS1_VERSION)
-		return("TLSv1");
-	else if (version == SSL3_VERSION)
-		return("SSLv3");
-	else if (version == SSL2_VERSION)
-		return("SSLv2");
-	else
-		return("unknown");
-	}
-
-const char *SSL_get_version(const SSL *s)
-	{
-		return ssl_get_version(s->version);
-	}
-
-const char *SSL_SESSION_get_version(const SSL_SESSION *s)
-	{
-		return ssl_get_version(s->ssl_version);
-	}
-
-const char* SSL_authentication_method(const SSL* ssl)
-	{
-	if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL)
-		return SSL_TXT_RSA "_" SSL_TXT_EXPORT;
-	switch (ssl->version)
-		{
-	case SSL2_VERSION:
-		return SSL_TXT_RSA;
-	default:
-		return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
-		}
-	}
-
-SSL *SSL_dup(SSL *s)
-	{
-	STACK_OF(X509_NAME) *sk;
-	X509_NAME *xn;
-	SSL *ret;
-	int i;
-	
-	if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
-	    return(NULL);
-
-	ret->version = s->version;
-	ret->type = s->type;
-	ret->method = s->method;
-
-	if (s->session != NULL)
-		{
-		/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
-		SSL_copy_session_id(ret,s);
-		}
-	else
-		{
-		/* No session has been established yet, so we have to expect
-		 * that s->cert or ret->cert will be changed later --
-		 * they should not both point to the same object,
-		 * and thus we can't use SSL_copy_session_id. */
-
-		ret->method->ssl_free(ret);
-		ret->method = s->method;
-		ret->method->ssl_new(ret);
-
-		if (s->cert != NULL)
-			{
-			if (ret->cert != NULL)
-				{
-				ssl_cert_free(ret->cert);
-				}
-			ret->cert = ssl_cert_dup(s->cert);
-			if (ret->cert == NULL)
-				goto err;
-			}
-				
-		SSL_set_session_id_context(ret,
-			s->sid_ctx, s->sid_ctx_length);
-		}
-
-	ret->options=s->options;
-	ret->mode=s->mode;
-	SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
-	SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
-	ret->msg_callback = s->msg_callback;
-	ret->msg_callback_arg = s->msg_callback_arg;
-	SSL_set_verify(ret,SSL_get_verify_mode(s),
-		SSL_get_verify_callback(s));
-	SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
-	ret->generate_session_id = s->generate_session_id;
-
-	SSL_set_info_callback(ret,SSL_get_info_callback(s));
-	
-	ret->debug=s->debug;
-
-	/* copy app data, a little dangerous perhaps */
-	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
-		goto err;
-
-	/* setup rbio, and wbio */
-	if (s->rbio != NULL)
-		{
-		if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
-			goto err;
-		}
-	if (s->wbio != NULL)
-		{
-		if (s->wbio != s->rbio)
-			{
-			if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
-				goto err;
-			}
-		else
-			ret->wbio=ret->rbio;
-		}
-	ret->rwstate = s->rwstate;
-	ret->in_handshake = s->in_handshake;
-	ret->handshake_func = s->handshake_func;
-	ret->server = s->server;
-	ret->renegotiate = s->renegotiate;
-	ret->new_session = s->new_session;
-	ret->quiet_shutdown = s->quiet_shutdown;
-	ret->shutdown=s->shutdown;
-	ret->state=s->state; /* SSL_dup does not really work at any state, though */
-	ret->rstate=s->rstate;
-	ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
-	ret->hit=s->hit;
-
-	X509_VERIFY_PARAM_inherit(ret->param, s->param);
-
-	/* dup the cipher_list and cipher_list_by_id stacks */
-	if (s->cipher_list != NULL)
-		{
-		if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
-			goto err;
-		}
-	if (s->cipher_list_by_id != NULL)
-		if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
-			== NULL)
-			goto err;
-
-	/* Dup the client_CA list */
-	if (s->client_CA != NULL)
-		{
-		if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
-		ret->client_CA=sk;
-		for (i=0; i<sk_X509_NAME_num(sk); i++)
-			{
-			xn=sk_X509_NAME_value(sk,i);
-			if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
-				{
-				X509_NAME_free(xn);
-				goto err;
-				}
-			}
-		}
-
-	if (0)
-		{
-err:
-		if (ret != NULL) SSL_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
-
-void ssl_clear_cipher_ctx(SSL *s)
-	{
-	if (s->enc_read_ctx != NULL)
-		{
-		EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
-		OPENSSL_free(s->enc_read_ctx);
-		s->enc_read_ctx=NULL;
-		}
-	if (s->enc_write_ctx != NULL)
-		{
-		EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
-		OPENSSL_free(s->enc_write_ctx);
-		s->enc_write_ctx=NULL;
-		}
-#ifndef OPENSSL_NO_COMP
-	if (s->expand != NULL)
-		{
-		COMP_CTX_free(s->expand);
-		s->expand=NULL;
-		}
-	if (s->compress != NULL)
-		{
-		COMP_CTX_free(s->compress);
-		s->compress=NULL;
-		}
-#endif
-	}
-
-/* Fix this function so that it takes an optional type parameter */
-X509 *SSL_get_certificate(const SSL *s)
-	{
-	if (s->cert != NULL)
-		return(s->cert->key->x509);
-	else
-		return(NULL);
-	}
-
-/* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(SSL *s)
-	{
-	if (s->cert != NULL)
-		return(s->cert->key->privatekey);
-	else
-		return(NULL);
-	}
-
-const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
-	{
-	if ((s->session != NULL) && (s->session->cipher != NULL))
-		return(s->session->cipher);
-	return(NULL);
-	}
-#ifdef OPENSSL_NO_COMP
-const void *SSL_get_current_compression(SSL *s)
-	{
-	return NULL;
-	}
-const void *SSL_get_current_expansion(SSL *s)
-	{
-	return NULL;
-	}
-#else
-
-const COMP_METHOD *SSL_get_current_compression(SSL *s)
-	{
-	if (s->compress != NULL)
-		return(s->compress->meth);
-	return(NULL);
-	}
-
-const COMP_METHOD *SSL_get_current_expansion(SSL *s)
-	{
-	if (s->expand != NULL)
-		return(s->expand->meth);
-	return(NULL);
-	}
-#endif
-
-int ssl_init_wbio_buffer(SSL *s,int push)
-	{
-	BIO *bbio;
-
-	if (s->bbio == NULL)
-		{
-		bbio=BIO_new(BIO_f_buffer());
-		if (bbio == NULL) return(0);
-		s->bbio=bbio;
-		}
-	else
-		{
-		bbio=s->bbio;
-		if (s->bbio == s->wbio)
-			s->wbio=BIO_pop(s->wbio);
-		}
-	(void)BIO_reset(bbio);
-/*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
-	if (!BIO_set_read_buffer_size(bbio,1))
-		{
-		SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
-		return(0);
-		}
-	if (push)
-		{
-		if (s->wbio != bbio)
-			s->wbio=BIO_push(bbio,s->wbio);
-		}
-	else
-		{
-		if (s->wbio == bbio)
-			s->wbio=BIO_pop(bbio);
-		}
-	return(1);
-	}
-
-void ssl_free_wbio_buffer(SSL *s)
-	{
-	if (s->bbio == NULL) return;
-
-	if (s->bbio == s->wbio)
-		{
-		/* remove buffering */
-		s->wbio=BIO_pop(s->wbio);
-#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
-		assert(s->wbio != NULL);
-#endif
-	}
-	BIO_free(s->bbio);
-	s->bbio=NULL;
-	}
-	
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
-	{
-	ctx->quiet_shutdown=mode;
-	}
-
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
-	{
-	return(ctx->quiet_shutdown);
-	}
-
-void SSL_set_quiet_shutdown(SSL *s,int mode)
-	{
-	s->quiet_shutdown=mode;
-	}
-
-int SSL_get_quiet_shutdown(const SSL *s)
-	{
-	return(s->quiet_shutdown);
-	}
-
-void SSL_set_shutdown(SSL *s,int mode)
-	{
-	s->shutdown=mode;
-	}
-
-int SSL_get_shutdown(const SSL *s)
-	{
-	return(s->shutdown);
-	}
-
-int SSL_version(const SSL *s)
-	{
-	return(s->version);
-	}
-
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
-	{
-	return(ssl->ctx);
-	}
-
-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
-	{
-	if (ssl->ctx == ctx)
-		return ssl->ctx;
-#ifndef OPENSSL_NO_TLSEXT
-	if (ctx == NULL)
-		ctx = ssl->initial_ctx;
-#endif
-	if (ssl->cert != NULL)
-		ssl_cert_free(ssl->cert);
-	ssl->cert = ssl_cert_dup(ctx->cert);
-
-	/*
-	 * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
-	 * so setter APIs must prevent invalid lengths from entering the system.
-	 */
-	OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
-
-	/*
-	 * If the session ID context matches that of the parent SSL_CTX,
-	 * inherit it from the new SSL_CTX as well. If however the context does
-	 * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
-	 * leave it unchanged.
-	 */
-	if ((ssl->ctx != NULL) &&
-		(ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
-		(memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0))
-		{
-		ssl->sid_ctx_length = ctx->sid_ctx_length;
-		memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
-		}
-
-	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
-	if (ssl->ctx != NULL)
-		SSL_CTX_free(ssl->ctx); /* decrement reference count */
-	ssl->ctx = ctx;
-
-	return(ssl->ctx);
-	}
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
-	{
-	return(X509_STORE_set_default_paths(ctx->cert_store));
-	}
-
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-		const char *CApath)
-	{
-	return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
-	}
-#endif
-
-void SSL_set_info_callback(SSL *ssl,
-	void (*cb)(const SSL *ssl,int type,int val))
-	{
-	ssl->info_callback=cb;
-	}
-
-/* One compiler (Diab DCC) doesn't like argument names in returned
-   function pointer.  */
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
-	{
-	return ssl->info_callback;
-	}
-
-int SSL_state(const SSL *ssl)
-	{
-	return(ssl->state);
-	}
-
-void SSL_set_state(SSL *ssl, int state)
-	{
-	ssl->state = state;
-	}
-
-void SSL_set_verify_result(SSL *ssl,long arg)
-	{
-	ssl->verify_result=arg;
-	}
-
-long SSL_get_verify_result(const SSL *ssl)
-	{
-	return(ssl->verify_result);
-	}
-
-int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
-			 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
-	{
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
-				new_func, dup_func, free_func);
-	}
-
-int SSL_set_ex_data(SSL *s,int idx,void *arg)
-	{
-	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
-	}
-
-void *SSL_get_ex_data(const SSL *s,int idx)
-	{
-	return(CRYPTO_get_ex_data(&s->ex_data,idx));
-	}
-
-int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
-			     CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
-	{
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
-				new_func, dup_func, free_func);
-	}
-
-int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
-	{
-	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
-	}
-
-void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)
-	{
-	return(CRYPTO_get_ex_data(&s->ex_data,idx));
-	}
-
-int ssl_ok(SSL *s)
-	{
-	return(1);
-	}
-
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
-	{
-	return(ctx->cert_store);
-	}
-
-void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
-	{
-	if (ctx->cert_store != NULL)
-		X509_STORE_free(ctx->cert_store);
-	ctx->cert_store=store;
-	}
-
-int SSL_want(const SSL *s)
-	{
-	return(s->rwstate);
-	}
-
-/*!
- * \brief Set the callback for generating temporary RSA keys.
- * \param ctx the SSL context.
- * \param cb the callback
- */
-
-#ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
-							  int is_export,
-							  int keylength))
-    {
-    SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
-    }
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
-						  int is_export,
-						  int keylength))
-    {
-    SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
-    }
-#endif
-
-#ifdef DOXYGEN
-/*!
- * \brief The RSA temporary key callback function.
- * \param ssl the SSL session.
- * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
- * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
- * of the required key in bits.
- * \return the temporary RSA key.
- * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
- */
-
-RSA *cb(SSL *ssl,int is_export,int keylength)
-    {}
-#endif
-
-/*!
- * \brief Set the callback for generating temporary DH keys.
- * \param ctx the SSL context.
- * \param dh the callback
- */
-
-#ifndef OPENSSL_NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
-                                                        int keylength))
-	{
-	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
-	}
-
-void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
-                                                int keylength))
-	{
-	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
-	}
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-                                                                int keylength))
-	{
-	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
-	}
-
-void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-                                                        int keylength))
-	{
-	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
-	}
-#endif
-
-#ifndef OPENSSL_NO_PSK
-int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
-	{
-	if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
-		return 0;
-		}
-	if (ctx->psk_identity_hint != NULL)
-		OPENSSL_free(ctx->psk_identity_hint);
-	if (identity_hint != NULL)
-		{
-		ctx->psk_identity_hint = BUF_strdup(identity_hint);
-		if (ctx->psk_identity_hint == NULL)
-			return 0;
-		}
-	else
-		ctx->psk_identity_hint = NULL;
-	return 1;
-	}
-
-int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
-	{
-	if (s == NULL)
-		return 0;
-
-	if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN)
-		{
-		SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
-		return 0;
-		}
-
-	/* Clear hint in SSL and associated SSL_SESSION (if any). */
-	if (s->psk_identity_hint != NULL)
-		{
-		OPENSSL_free(s->psk_identity_hint);
-		s->psk_identity_hint = NULL;
-		}
-	if (s->session != NULL && s->session->psk_identity_hint != NULL)
-		{
-		OPENSSL_free(s->session->psk_identity_hint);
-		s->session->psk_identity_hint = NULL;
-		}
-
-	if (identity_hint != NULL)
-		{
-		/* The hint is stored in SSL and SSL_SESSION with the one in
-		 * SSL_SESSION taking precedence. Thus, if SSL_SESSION is avaiable,
-		 * we store the hint there, otherwise we store it in SSL. */
-		if (s->session != NULL)
-			{
-			s->session->psk_identity_hint = BUF_strdup(identity_hint);
-			if (s->session->psk_identity_hint == NULL)
-				return 0;
-			}
-		else
-			{
-			s->psk_identity_hint = BUF_strdup(identity_hint);
-			if (s->psk_identity_hint == NULL)
-				return 0;
-			}
-		}
-	return 1;
-	}
-
-const char *SSL_get_psk_identity_hint(const SSL *s)
-	{
-	if (s == NULL)
-		return NULL;
-	/* The hint is stored in SSL and SSL_SESSION with the one in SSL_SESSION
-	 * taking precedence. */
-	if (s->session != NULL)
-		return(s->session->psk_identity_hint);
-	return(s->psk_identity_hint);
-	}
-
-const char *SSL_get_psk_identity(const SSL *s)
-	{
-	if (s == NULL || s->session == NULL)
-		return NULL;
-	return(s->session->psk_identity);
-	}
-
-void SSL_set_psk_client_callback(SSL *s,
-    unsigned int (*cb)(SSL *ssl, const char *hint,
-                       char *identity, unsigned int max_identity_len, unsigned char *psk,
-                       unsigned int max_psk_len))
-	{
-	s->psk_client_callback = cb;
-	}
-
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
-    unsigned int (*cb)(SSL *ssl, const char *hint,
-                       char *identity, unsigned int max_identity_len, unsigned char *psk,
-                       unsigned int max_psk_len))
-	{
-	ctx->psk_client_callback = cb;
-	}
-
-void SSL_set_psk_server_callback(SSL *s,
-    unsigned int (*cb)(SSL *ssl, const char *identity,
-                       unsigned char *psk, unsigned int max_psk_len))
-	{
-	s->psk_server_callback = cb;
-	}
-
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
-    unsigned int (*cb)(SSL *ssl, const char *identity,
-                       unsigned char *psk, unsigned int max_psk_len))
-	{
-	ctx->psk_server_callback = cb;
-	}
-#endif
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
-	{
-	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
-	}
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
-	{
-	SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
-	}
-
-int SSL_cutthrough_complete(const SSL *s)
-	{
-	return (!s->server &&                 /* cutthrough only applies to clients */
-		!s->hit &&                        /* full-handshake */
-		s->version >= SSL3_VERSION &&
-		s->s3->in_read_app_data == 0 &&   /* cutthrough only applies to write() */
-		(SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) &&  /* cutthrough enabled */
-		ssl3_can_cutthrough(s) &&                                   /* cutthrough allowed */
-		s->s3->previous_server_finished_len == 0 &&                 /* not a renegotiation handshake */
-		(s->state == SSL3_ST_CR_SESSION_TICKET_A ||                 /* ready to write app-data*/
-			s->state == SSL3_ST_CR_FINISHED_A));
-	}
-
-int ssl3_can_cutthrough(const SSL *s)
-	{
-	const SSL_CIPHER *c;
-
-	/* require a strong enough cipher */
-	if (SSL_get_cipher_bits(s, NULL) < 128)
-		return 0;
-
-	/* require ALPN or NPN extension */
-	if (!s->s3->alpn_selected
-#ifndef OPENSSL_NO_NEXTPROTONEG
-		&& !s->s3->next_proto_neg_seen
-#endif
-	)
-		{
-		return 0;
-		}
-
-	/* require a forward-secret cipher */
-	c = SSL_get_current_cipher(s);
-	if (!c || (c->algorithm_mkey != SSL_kEDH &&
-			c->algorithm_mkey != SSL_kEECDH))
-		{
-		return 0;
-		}
-
-	return 1;
-	}
-
-/* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
- * vairable, freeing  EVP_MD_CTX previously stored in that variable, if
- * any. If EVP_MD pointer is passed, initializes ctx with this md
- * Returns newly allocated ctx;
- */
-
-EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) 
-{
-	ssl_clear_hash_ctx(hash);
-	*hash = EVP_MD_CTX_create();
-	if (md) EVP_DigestInit_ex(*hash,md,NULL);
-	return *hash;
-}
-void ssl_clear_hash_ctx(EVP_MD_CTX **hash) 
-{
-
-	if (*hash) EVP_MD_CTX_destroy(*hash);
-	*hash=NULL;
-}
-
-void SSL_set_debug(SSL *s, int debug)
-	{
-	s->debug = debug;
-	}
-
-int SSL_cache_hit(SSL *s)
-	{
-	return s->hit;
-	}
-
-#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
-#include "../crypto/bio/bss_file.c"
-#endif
-
-IMPLEMENT_STACK_OF(SSL_CIPHER)
-IMPLEMENT_STACK_OF(SSL_COMP)
-IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
-				    ssl_cipher_id);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
deleted file mode 100644
index b07782bcc9..0000000000
--- a/ssl/ssl_locl.h
+++ /dev/null
@@ -1,1204 +0,0 @@
-/* ssl/ssl_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifndef HEADER_SSL_LOCL_H
-#define HEADER_SSL_LOCL_H
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-
-#include "e_os.h"
-
-#include <openssl/buffer.h>
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <openssl/bio.h>
-#include <openssl/stack.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include <openssl/symhacks.h>
-
-#ifdef OPENSSL_BUILD_SHLIBSSL
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#undef PKCS1_CHECK
-
-#define c2l(c,l)	(l = ((unsigned long)(*((c)++)))     , \
-			 l|=(((unsigned long)(*((c)++)))<< 8), \
-			 l|=(((unsigned long)(*((c)++)))<<16), \
-			 l|=(((unsigned long)(*((c)++)))<<24))
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))<<24; \
-			case 7: l2|=((unsigned long)(*(--(c))))<<16; \
-			case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
-			case 5: l2|=((unsigned long)(*(--(c))));     \
-			case 4: l1 =((unsigned long)(*(--(c))))<<24; \
-			case 3: l1|=((unsigned long)(*(--(c))))<<16; \
-			case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
-			case 1: l1|=((unsigned long)(*(--(c))));     \
-				} \
-			}
-
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
-
-#define n2l(c,l)	(l =((unsigned long)(*((c)++)))<<24, \
-			 l|=((unsigned long)(*((c)++)))<<16, \
-			 l|=((unsigned long)(*((c)++)))<< 8, \
-			 l|=((unsigned long)(*((c)++))))
-
-#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)    )&0xff))
-
-#define l2n6(l,c)	(*((c)++)=(unsigned char)(((l)>>40)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)    )&0xff))
-
-#define l2n8(l,c)	(*((c)++)=(unsigned char)(((l)>>56)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>48)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>40)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>32)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)    )&0xff))
-
-#define n2l6(c,l)	(l =((BN_ULLONG)(*((c)++)))<<40, \
-			 l|=((BN_ULLONG)(*((c)++)))<<32, \
-			 l|=((BN_ULLONG)(*((c)++)))<<24, \
-			 l|=((BN_ULLONG)(*((c)++)))<<16, \
-			 l|=((BN_ULLONG)(*((c)++)))<< 8, \
-			 l|=((BN_ULLONG)(*((c)++))))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-				} \
-			}
-
-#define n2s(c,s)	((s=(((unsigned int)(c[0]))<< 8)| \
-			    (((unsigned int)(c[1]))    )),c+=2)
-#define s2n(s,c)	((c[0]=(unsigned char)(((s)>> 8)&0xff), \
-			  c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
-
-#define n2l3(c,l)	((l =(((unsigned long)(c[0]))<<16)| \
-			     (((unsigned long)(c[1]))<< 8)| \
-			     (((unsigned long)(c[2]))    )),c+=3)
-
-#define l2n3(l,c)	((c[0]=(unsigned char)(((l)>>16)&0xff), \
-			  c[1]=(unsigned char)(((l)>> 8)&0xff), \
-			  c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
-
-/* LOCAL STUFF */
-
-#define SSL_DECRYPT	0
-#define SSL_ENCRYPT	1
-
-#define TWO_BYTE_BIT	0x80
-#define SEC_ESC_BIT	0x40
-#define TWO_BYTE_MASK	0x7fff
-#define THREE_BYTE_MASK	0x3fff
-
-#define INC32(a)	((a)=((a)+1)&0xffffffffL)
-#define DEC32(a)	((a)=((a)-1)&0xffffffffL)
-#define MAX_MAC_SIZE	20 /* up from 16 for SSLv3 */
-
-/*
- * Define the Bitmasks for SSL_CIPHER.algorithms.
- * This bits are used packed as dense as possible. If new methods/ciphers
- * etc will be added, the bits a likely to change, so this information
- * is for internal library use only, even though SSL_CIPHER.algorithms
- * can be publicly accessed.
- * Use the according functions for cipher management instead.
- *
- * The bit mask handling in the selection and sorting scheme in
- * ssl_create_cipher_list() has only limited capabilities, reflecting
- * that the different entities within are mutually exclusive:
- * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
- */
-
-/* Bits for algorithm_mkey (key exchange algorithm) */
-#define SSL_kRSA		0x00000001L /* RSA key exchange */
-#define SSL_kDHr		0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
-#define SSL_kDHd		0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
-#define SSL_kEDH		0x00000008L /* tmp DH key no DH cert */
-#define SSL_kKRB5		0x00000010L /* Kerberos5 key exchange */
-#define SSL_kECDHr		0x00000020L /* ECDH cert, RSA CA cert */
-#define SSL_kECDHe		0x00000040L /* ECDH cert, ECDSA CA cert */
-#define SSL_kEECDH		0x00000080L /* ephemeral ECDH */
-#define SSL_kPSK		0x00000100L /* PSK */
-#define SSL_kGOST       0x00000200L /* GOST key exchange */
-#define SSL_kSRP        0x00000400L /* SRP */
-
-/* Bits for algorithm_auth (server authentication) */
-#define SSL_aRSA		0x00000001L /* RSA auth */
-#define SSL_aDSS 		0x00000002L /* DSS auth */
-#define SSL_aNULL 		0x00000004L /* no auth (i.e. use ADH or AECDH) */
-#define SSL_aDH 		0x00000008L /* Fixed DH auth (kDHd or kDHr) */ /* no such ciphersuites supported! */
-#define SSL_aECDH 		0x00000010L /* Fixed ECDH auth (kECDHe or kECDHr) */
-#define SSL_aKRB5               0x00000020L /* KRB5 auth */
-#define SSL_aECDSA              0x00000040L /* ECDSA auth*/
-#define SSL_aPSK                0x00000080L /* PSK auth */
-#define SSL_aGOST94				0x00000100L /* GOST R 34.10-94 signature auth */
-#define SSL_aGOST01 			0x00000200L /* GOST R 34.10-2001 signature auth */
-#define SSL_aSRP 		0x00000400L /* SRP auth */
-
-
-/* Bits for algorithm_enc (symmetric encryption) */
-#define SSL_DES			0x00000001L
-#define SSL_3DES		0x00000002L
-#define SSL_RC4			0x00000004L
-#define SSL_RC2			0x00000008L
-#define SSL_IDEA		0x00000010L
-#define SSL_eNULL		0x00000020L
-#define SSL_AES128		0x00000040L
-#define SSL_AES256		0x00000080L
-#define SSL_CAMELLIA128		0x00000100L
-#define SSL_CAMELLIA256		0x00000200L
-#define SSL_eGOST2814789CNT	0x00000400L
-#define SSL_SEED		0x00000800L
-#define SSL_AES128GCM		0x00001000L
-#define SSL_AES256GCM		0x00002000L
-
-#define SSL_AES        		(SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
-#define SSL_CAMELLIA		(SSL_CAMELLIA128|SSL_CAMELLIA256)
-
-
-/* Bits for algorithm_mac (symmetric authentication) */
-
-#define SSL_MD5			0x00000001L
-#define SSL_SHA1		0x00000002L
-#define SSL_GOST94      0x00000004L
-#define SSL_GOST89MAC   0x00000008L
-#define SSL_SHA256		0x00000010L
-#define SSL_SHA384		0x00000020L
-/* Not a real MAC, just an indication it is part of cipher */
-#define SSL_AEAD		0x00000040L
-
-/* Bits for algorithm_ssl (protocol version) */
-#define SSL_SSLV2		0x00000001L
-#define SSL_SSLV3		0x00000002L
-#define SSL_TLSV1		SSL_SSLV3	/* for now */
-#define SSL_TLSV1_2		0x00000004L
-
-
-/* Bits for algorithm2 (handshake digests and other extra flags) */
-
-#define SSL_HANDSHAKE_MAC_MD5 0x10
-#define SSL_HANDSHAKE_MAC_SHA 0x20
-#define SSL_HANDSHAKE_MAC_GOST94 0x40
-#define SSL_HANDSHAKE_MAC_SHA256 0x80
-#define SSL_HANDSHAKE_MAC_SHA384 0x100
-#define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
-
-/* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
- * make sure to update this constant too */
-#define SSL_MAX_DIGEST 6
-
-#define TLS1_PRF_DGST_MASK	(0xff << TLS1_PRF_DGST_SHIFT)
-
-#define TLS1_PRF_DGST_SHIFT 10
-#define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
-#define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
-
-/* Stream MAC for GOST ciphersuites from cryptopro draft
- * (currently this also goes into algorithm2) */
-#define TLS1_STREAM_MAC 0x04
-
-#define TLSEXT_CHANNEL_ID_SIZE 128
-
-
-/*
- * Export and cipher strength information. For each cipher we have to decide
- * whether it is exportable or not. This information is likely to change
- * over time, since the export control rules are no static technical issue.
- *
- * Independent of the export flag the cipher strength is sorted into classes.
- * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
- * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
- * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
- * since SSL_EXP64 could be similar to SSL_LOW.
- * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
- * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
- * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
- * be possible.
- */
-#define SSL_EXP_MASK		0x00000003L
-#define SSL_STRONG_MASK		0x000001fcL
-
-#define SSL_NOT_EXP		0x00000001L
-#define SSL_EXPORT		0x00000002L
-
-#define SSL_STRONG_NONE		0x00000004L
-#define SSL_EXP40		0x00000008L
-#define SSL_MICRO		(SSL_EXP40)
-#define SSL_EXP56		0x00000010L
-#define SSL_MINI		(SSL_EXP56)
-#define SSL_LOW			0x00000020L
-#define SSL_MEDIUM		0x00000040L
-#define SSL_HIGH		0x00000080L
-#define SSL_FIPS		0x00000100L
-
-/* we have used 000001ff - 23 bits left to go */
-
-/*
- * Macros to check the export status and cipher strength for export ciphers.
- * Even though the macros for EXPORT and EXPORT40/56 have similar names,
- * their meaning is different:
- * *_EXPORT macros check the 'exportable' status.
- * *_EXPORT40/56 macros are used to check whether a certain cipher strength
- *          is given.
- * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
- * algorithm structure element to be passed (algorithms, algo_strength) and no
- * typechecking can be done as they are all of type unsigned long, their
- * direct usage is discouraged.
- * Use the SSL_C_* macros instead.
- */
-#define SSL_IS_EXPORT(a)	((a)&SSL_EXPORT)
-#define SSL_IS_EXPORT56(a)	((a)&SSL_EXP56)
-#define SSL_IS_EXPORT40(a)	((a)&SSL_EXP40)
-#define SSL_C_IS_EXPORT(c)	SSL_IS_EXPORT((c)->algo_strength)
-#define SSL_C_IS_EXPORT56(c)	SSL_IS_EXPORT56((c)->algo_strength)
-#define SSL_C_IS_EXPORT40(c)	SSL_IS_EXPORT40((c)->algo_strength)
-
-#define SSL_EXPORT_KEYLENGTH(a,s)	(SSL_IS_EXPORT40(s) ? 5 : \
-				 (a) == SSL_DES ? 8 : 7)
-#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
-#define SSL_C_EXPORT_KEYLENGTH(c)	SSL_EXPORT_KEYLENGTH((c)->algorithm_enc, \
-				(c)->algo_strength)
-#define SSL_C_EXPORT_PKEYLENGTH(c)	SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
-
-
-
-
-/* Mostly for SSLv3 */
-#define SSL_PKEY_RSA_ENC	0
-#define SSL_PKEY_RSA_SIGN	1
-#define SSL_PKEY_DSA_SIGN	2
-#define SSL_PKEY_DH_RSA		3
-#define SSL_PKEY_DH_DSA		4
-#define SSL_PKEY_ECC            5
-#define SSL_PKEY_GOST94		6
-#define SSL_PKEY_GOST01		7
-#define SSL_PKEY_NUM		8
-
-/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
- * 	    <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
- * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
- * SSL_aRSA <- RSA_ENC | RSA_SIGN
- * SSL_aDSS <- DSA_SIGN
- */
-
-/*
-#define CERT_INVALID		0
-#define CERT_PUBLIC_KEY		1
-#define CERT_PRIVATE_KEY	2
-*/
-
-#ifndef OPENSSL_NO_EC
-/* From ECC-TLS draft, used in encoding the curve type in 
- * ECParameters
- */
-#define EXPLICIT_PRIME_CURVE_TYPE  1   
-#define EXPLICIT_CHAR2_CURVE_TYPE  2
-#define NAMED_CURVE_TYPE           3
-#endif  /* OPENSSL_NO_EC */
-
-typedef struct cert_pkey_st
-	{
-	X509 *x509;
-	STACK_OF(X509) *cert_chain;
-	EVP_PKEY *privatekey;
-	} CERT_PKEY;
-
-typedef struct cert_st
-	{
-	/* Current active set */
-	CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
-			 * Probably it would make more sense to store
-			 * an index, not a pointer. */
- 
-	/* The following masks are for the key and auth
-	 * algorithms that are supported by the certs below */
-	int valid;
-	unsigned long mask_k;
-	unsigned long mask_a;
-	unsigned long export_mask_k;
-	unsigned long export_mask_a;
-#ifndef OPENSSL_NO_RSA
-	RSA *rsa_tmp;
-	RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-#ifndef OPENSSL_NO_DH
-	DH *dh_tmp;
-	DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-#ifndef OPENSSL_NO_ECDH
-	EC_KEY *ecdh_tmp;
-	/* Callback for generating ephemeral ECDH keys */
-	EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-
-	CERT_PKEY pkeys[SSL_PKEY_NUM];
-
-	int references; /* >1 only if SSL_copy_session_id is used */
-	} CERT;
-
-
-typedef struct sess_cert_st
-	{
-	STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
-
-	/* The 'peer_...' members are used only by clients. */
-	int peer_cert_type;
-
-	CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
-	CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
-	/* Obviously we don't have the private keys of these,
-	 * so maybe we shouldn't even use the CERT_PKEY type here. */
-
-#ifndef OPENSSL_NO_RSA
-	RSA *peer_rsa_tmp; /* not used for SSL 2 */
-#endif
-#ifndef OPENSSL_NO_DH
-	DH *peer_dh_tmp; /* not used for SSL 2 */
-#endif
-#ifndef OPENSSL_NO_ECDH
-	EC_KEY *peer_ecdh_tmp;
-#endif
-
-	int references; /* actually always 1 at the moment */
-	} SESS_CERT;
-
-
-/*#define MAC_DEBUG	*/
-
-/*#define ERR_DEBUG	*/
-/*#define ABORT_DEBUG	*/
-/*#define PKT_DEBUG 1   */
-/*#define DES_DEBUG	*/
-/*#define DES_OFB_DEBUG	*/
-/*#define SSL_DEBUG	*/
-/*#define RSA_DEBUG	*/ 
-/*#define IDEA_DEBUG	*/ 
-
-#define FP_ICC  (int (*)(const void *,const void *))
-#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
-		((ssl)->method->put_cipher_by_char((ciph),(ptr)))
-#define ssl_get_cipher_by_char(ssl,ptr) \
-		((ssl)->method->get_cipher_by_char(ptr))
-
-/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
- * It is a bit of a mess of functions, but hell, think of it as
- * an opaque structure :-) */
-typedef struct ssl3_enc_method
-	{
-	int (*enc)(SSL *, int);
-	int (*mac)(SSL *, unsigned char *, int);
-	int (*setup_key_block)(SSL *);
-	int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
-	int (*change_cipher_state)(SSL *, int);
-	int (*final_finish_mac)(SSL *,  const char *, int, unsigned char *);
-	int finish_mac_length;
-	int (*cert_verify_mac)(SSL *, int, unsigned char *);
-	const char *client_finished_label;
-	int client_finished_label_len;
-	const char *server_finished_label;
-	int server_finished_label_len;
-	int (*alert_value)(int);
-	int (*export_keying_material)(SSL *, unsigned char *, size_t,
-				      const char *, size_t,
-				      const unsigned char *, size_t,
-				      int use_context);
-	} SSL3_ENC_METHOD;
-
-#ifndef OPENSSL_NO_COMP
-/* Used for holding the relevant compression methods loaded into SSL_CTX */
-typedef struct ssl3_comp_st
-	{
-	int comp_id;	/* The identifier byte for this compression type */
-	char *name;	/* Text name used for the compression type */
-	COMP_METHOD *method; /* The method :-) */
-	} SSL3_COMP;
-#endif
-
-#ifndef OPENSSL_NO_BUF_FREELISTS
-typedef struct ssl3_buf_freelist_st
-	{
-	size_t chunklen;
-	unsigned int len;
-	struct ssl3_buf_freelist_entry_st *head;
-	} SSL3_BUF_FREELIST;
-
-typedef struct ssl3_buf_freelist_entry_st
-	{
-	struct ssl3_buf_freelist_entry_st *next;
-	} SSL3_BUF_FREELIST_ENTRY;
-#endif
-
-extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN const SSL_CIPHER ssl2_ciphers[];
-OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
-
-
-SSL_METHOD *ssl_bad_method(int ver);
-
-extern SSL3_ENC_METHOD TLSv1_enc_data;
-extern SSL3_ENC_METHOD SSLv3_enc_data;
-extern SSL3_ENC_METHOD DTLSv1_enc_data;
-
-#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
-
-#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
-				s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-	{ \
-	static const SSL_METHOD func_name##_data= { \
-		version, \
-		tls1_new, \
-		tls1_clear, \
-		tls1_free, \
-		s_accept, \
-		s_connect, \
-		ssl3_read, \
-		ssl3_peek, \
-		ssl3_write, \
-		ssl3_shutdown, \
-		ssl3_renegotiate, \
-		ssl3_renegotiate_check, \
-		ssl3_get_message, \
-		ssl3_read_bytes, \
-		ssl3_write_bytes, \
-		ssl3_dispatch_alert, \
-		ssl3_ctrl, \
-		ssl3_ctx_ctrl, \
-		ssl3_get_cipher_by_char, \
-		ssl3_put_cipher_by_char, \
-		ssl3_pending, \
-		ssl3_num_ciphers, \
-		ssl3_get_cipher, \
-		s_get_meth, \
-		tls1_default_timeout, \
-		&TLSv1_enc_data, \
-		ssl_undefined_void_function, \
-		ssl3_callback_ctrl, \
-		ssl3_ctx_callback_ctrl, \
-	}; \
-	return &func_name##_data; \
-	}
-
-#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-	{ \
-	static const SSL_METHOD func_name##_data= { \
-		SSL3_VERSION, \
-		ssl3_new, \
-		ssl3_clear, \
-		ssl3_free, \
-		s_accept, \
-		s_connect, \
-		ssl3_read, \
-		ssl3_peek, \
-		ssl3_write, \
-		ssl3_shutdown, \
-		ssl3_renegotiate, \
-		ssl3_renegotiate_check, \
-		ssl3_get_message, \
-		ssl3_read_bytes, \
-		ssl3_write_bytes, \
-		ssl3_dispatch_alert, \
-		ssl3_ctrl, \
-		ssl3_ctx_ctrl, \
-		ssl3_get_cipher_by_char, \
-		ssl3_put_cipher_by_char, \
-		ssl3_pending, \
-		ssl3_num_ciphers, \
-		ssl3_get_cipher, \
-		s_get_meth, \
-		ssl3_default_timeout, \
-		&SSLv3_enc_data, \
-		ssl_undefined_void_function, \
-		ssl3_callback_ctrl, \
-		ssl3_ctx_callback_ctrl, \
-	}; \
-	return &func_name##_data; \
-	}
-
-#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-	{ \
-	static const SSL_METHOD func_name##_data= { \
-	TLS1_2_VERSION, \
-	tls1_new, \
-	tls1_clear, \
-	tls1_free, \
-	s_accept, \
-	s_connect, \
-	ssl23_read, \
-	ssl23_peek, \
-	ssl23_write, \
-	ssl_undefined_function, \
-	ssl_undefined_function, \
-	ssl_ok, \
-	ssl3_get_message, \
-	ssl3_read_bytes, \
-	ssl3_write_bytes, \
-	ssl3_dispatch_alert, \
-	ssl3_ctrl, \
-	ssl3_ctx_ctrl, \
-	ssl23_get_cipher_by_char, \
-	ssl23_put_cipher_by_char, \
-	ssl_undefined_const_function, \
-	ssl23_num_ciphers, \
-	ssl23_get_cipher, \
-	s_get_meth, \
-	ssl23_default_timeout, \
-	&ssl3_undef_enc_method, \
-	ssl_undefined_void_function, \
-	ssl3_callback_ctrl, \
-	ssl3_ctx_callback_ctrl, \
-	}; \
-	return &func_name##_data; \
-	}
-
-#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-	{ \
-	static const SSL_METHOD func_name##_data= { \
-		SSL2_VERSION, \
-		ssl2_new,	/* local */ \
-		ssl2_clear,	/* local */ \
-		ssl2_free,	/* local */ \
-		s_accept, \
-		s_connect, \
-		ssl2_read, \
-		ssl2_peek, \
-		ssl2_write, \
-		ssl2_shutdown, \
-		ssl_ok,	/* NULL - renegotiate */ \
-		ssl_ok,	/* NULL - check renegotiate */ \
-		NULL, /* NULL - ssl_get_message */ \
-		NULL, /* NULL - ssl_get_record */ \
-		NULL, /* NULL - ssl_write_bytes */ \
-		NULL, /* NULL - dispatch_alert */ \
-		ssl2_ctrl,	/* local */ \
-		ssl2_ctx_ctrl,	/* local */ \
-		ssl2_get_cipher_by_char, \
-		ssl2_put_cipher_by_char, \
-		ssl2_pending, \
-		ssl2_num_ciphers, \
-		ssl2_get_cipher, \
-		s_get_meth, \
-		ssl2_default_timeout, \
-		&ssl3_undef_enc_method, \
-		ssl_undefined_void_function, \
-		ssl2_callback_ctrl,	/* local */ \
-		ssl2_ctx_callback_ctrl,	/* local */ \
-	}; \
-	return &func_name##_data; \
-	}
-
-#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-const SSL_METHOD *func_name(void)  \
-	{ \
-	static const SSL_METHOD func_name##_data= { \
-		DTLS1_VERSION, \
-		dtls1_new, \
-		dtls1_clear, \
-		dtls1_free, \
-		s_accept, \
-		s_connect, \
-		ssl3_read, \
-		ssl3_peek, \
-		ssl3_write, \
-		dtls1_shutdown, \
-		ssl3_renegotiate, \
-		ssl3_renegotiate_check, \
-		dtls1_get_message, \
-		dtls1_read_bytes, \
-		dtls1_write_app_data_bytes, \
-		dtls1_dispatch_alert, \
-		dtls1_ctrl, \
-		ssl3_ctx_ctrl, \
-		ssl3_get_cipher_by_char, \
-		ssl3_put_cipher_by_char, \
-		ssl3_pending, \
-		ssl3_num_ciphers, \
-		dtls1_get_cipher, \
-		s_get_meth, \
-		dtls1_default_timeout, \
-		&DTLSv1_enc_data, \
-		ssl_undefined_void_function, \
-		ssl3_callback_ctrl, \
-		ssl3_ctx_callback_ctrl, \
-	}; \
-	return &func_name##_data; \
-	}
-
-struct openssl_ssl_test_functions
-	{
-	int (*p_ssl_init_wbio_buffer)(SSL *s, int push);
-	int (*p_ssl3_setup_buffers)(SSL *s);
-	int (*p_tls1_process_heartbeat)(SSL *s);
-	int (*p_dtls1_process_heartbeat)(SSL *s);
-	};
-
-#ifndef OPENSSL_UNIT_TEST
-
-void ssl_clear_cipher_ctx(SSL *s);
-int ssl_clear_bad_session(SSL *s);
-CERT *ssl_cert_new(void);
-CERT *ssl_cert_dup(CERT *cert);
-int ssl_cert_inst(CERT **o);
-void ssl_cert_free(CERT *c);
-SESS_CERT *ssl_sess_cert_new(void);
-void ssl_sess_cert_free(SESS_CERT *sc);
-int ssl_set_peer_cert_type(SESS_CERT *c, int type);
-int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
-int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
-DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
-				  ssl_cipher_id);
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
-			const SSL_CIPHER * const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
-					       STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
-                             int (*put_cb)(const SSL_CIPHER *, unsigned char *));
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
-					     STACK_OF(SSL_CIPHER) **pref,
-					     STACK_OF(SSL_CIPHER) **sorted,
-					     const char *rule_str);
-void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
-		       const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
-int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);			   
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
-int ssl_undefined_function(SSL *s);
-int ssl_undefined_void_function(void);
-int ssl_undefined_const_function(const SSL *s);
-CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
-X509 *ssl_get_server_send_cert(const SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
-int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
-int ssl_verify_alarm_type(long type);
-void ssl_load_ciphers(void);
-int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
-
-int ssl2_enc_init(SSL *s, int client);
-int ssl2_generate_key_material(SSL *s);
-int ssl2_enc(SSL *s,int send_data);
-void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
-const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
-int ssl2_part_read(SSL *s, unsigned long f, int i);
-int ssl2_do_write(SSL *s);
-int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
-void ssl2_return_error(SSL *s,int reason);
-void ssl2_write_error(SSL *s);
-int ssl2_num_ciphers(void);
-const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
-int	ssl2_new(SSL *s);
-void	ssl2_free(SSL *s);
-int	ssl2_accept(SSL *s);
-int	ssl2_connect(SSL *s);
-int	ssl2_read(SSL *s, void *buf, int len);
-int	ssl2_peek(SSL *s, void *buf, int len);
-int	ssl2_write(SSL *s, const void *buf, int len);
-int	ssl2_shutdown(SSL *s);
-void	ssl2_clear(SSL *s);
-long	ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
-long	ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long	ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-long	ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
-int	ssl2_pending(const SSL *s);
-long	ssl2_default_timeout(void );
-
-const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
-void ssl3_init_finished_mac(SSL *s);
-int ssl3_send_server_certificate(SSL *s);
-int ssl3_send_newsession_ticket(SSL *s);
-int ssl3_send_cert_status(SSL *s);
-int ssl3_get_finished(SSL *s,int state_a,int state_b);
-int ssl3_setup_key_block(SSL *s);
-int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
-int ssl3_change_cipher_state(SSL *s,int which);
-void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s,int type);
-int ssl3_send_alert(SSL *s,int level, int desc);
-int ssl3_generate_master_secret(SSL *s, unsigned char *out,
-	unsigned char *p, int len);
-int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
-int ssl3_num_ciphers(void);
-const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
-int ssl3_renegotiate(SSL *ssl); 
-int ssl3_renegotiate_check(SSL *ssl); 
-int ssl3_dispatch_alert(SSL *s);
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
-int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-int ssl3_enc(SSL *s, int send_data);
-int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
-void ssl3_free_digest_list(SSL *s);
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
-			       STACK_OF(SSL_CIPHER) *srvr);
-int	ssl3_setup_buffers(SSL *s);
-int	ssl3_setup_read_buffer(SSL *s);
-int	ssl3_setup_write_buffer(SSL *s);
-int	ssl3_release_read_buffer(SSL *s);
-int	ssl3_release_write_buffer(SSL *s);
-int	ssl3_digest_cached_records(SSL *s);
-int	ssl3_new(SSL *s);
-void	ssl3_free(SSL *s);
-int	ssl3_accept(SSL *s);
-int	ssl3_connect(SSL *s);
-int	ssl3_read(SSL *s, void *buf, int len);
-int	ssl3_peek(SSL *s, void *buf, int len);
-int	ssl3_write(SSL *s, const void *buf, int len);
-int	ssl3_shutdown(SSL *s);
-void	ssl3_clear(SSL *s);
-long	ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
-long	ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long	ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-long	ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
-int	ssl3_pending(const SSL *s);
-
-void ssl3_record_sequence_update(unsigned char *seq);
-int ssl3_do_change_cipher_spec(SSL *ssl);
-long ssl3_default_timeout(void );
-
-int ssl23_num_ciphers(void );
-const SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-int ssl23_read(SSL *s, void *buf, int len);
-int ssl23_peek(SSL *s, void *buf, int len);
-int ssl23_write(SSL *s, const void *buf, int len);
-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
-long ssl23_default_timeout(void );
-
-long tls1_default_timeout(void);
-int dtls1_do_write(SSL *s,int type);
-int ssl3_read_n(SSL *s, int n, int max, int extend);
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_do_compress(SSL *ssl);
-int ssl3_do_uncompress(SSL *ssl);
-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-	unsigned int len);
-unsigned char *dtls1_set_message_header(SSL *s, 
-	unsigned char *p, unsigned char mt,	unsigned long len, 
-	unsigned long frag_off, unsigned long frag_len);
-
-int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
-
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
-int dtls1_read_failed(SSL *s, int code);
-int dtls1_buffer_message(SSL *s, int ccs);
-int dtls1_retransmit_message(SSL *s, unsigned short seq, 
-	unsigned long frag_off, int *found);
-int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
-int dtls1_retransmit_buffered_messages(SSL *s);
-void dtls1_clear_record_buffer(SSL *s);
-void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
-void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
-void dtls1_reset_seq_numbers(SSL *s, int rw);
-long dtls1_default_timeout(void);
-struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
-int dtls1_check_timeout_num(SSL *s);
-int dtls1_handle_timeout(SSL *s);
-const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
-void dtls1_start_timer(SSL *s);
-void dtls1_stop_timer(SSL *s);
-int dtls1_is_timer_expired(SSL *s);
-void dtls1_double_timeout(SSL *s);
-int dtls1_send_newsession_ticket(SSL *s);
-unsigned int dtls1_min_mtu(SSL *s);
-unsigned int dtls1_link_min_mtu(void);
-void dtls1_hm_fragment_free(hm_fragment *frag);
-
-/* some client-only functions */
-int ssl3_client_hello(SSL *s);
-int ssl3_get_server_hello(SSL *s);
-int ssl3_get_certificate_request(SSL *s);
-int ssl3_get_new_session_ticket(SSL *s);
-int ssl3_get_cert_status(SSL *s);
-int ssl3_get_server_done(SSL *s);
-int ssl3_send_client_verify(SSL *s);
-int ssl3_send_client_certificate(SSL *s);
-int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
-int ssl3_send_client_key_exchange(SSL *s);
-int ssl3_get_key_exchange(SSL *s);
-int ssl3_get_server_certificate(SSL *s);
-int ssl3_check_cert_and_algorithm(SSL *s);
-#ifndef OPENSSL_NO_TLSEXT
-# ifndef OPENSSL_NO_NEXTPROTONEG
-int ssl3_send_next_proto(SSL *s);
-int ssl3_send_channel_id(SSL *s);
-# endif
-#endif
-
-int dtls1_client_hello(SSL *s);
-int dtls1_send_client_certificate(SSL *s);
-int dtls1_send_client_key_exchange(SSL *s);
-int dtls1_send_client_verify(SSL *s);
-
-/* some server-only functions */
-int ssl3_get_client_hello(SSL *s);
-int ssl3_send_server_hello(SSL *s);
-int ssl3_send_hello_request(SSL *s);
-int ssl3_send_server_key_exchange(SSL *s);
-int ssl3_send_certificate_request(SSL *s);
-int ssl3_send_server_done(SSL *s);
-int ssl3_check_client_hello(SSL *s);
-int ssl3_get_client_certificate(SSL *s);
-int ssl3_get_client_key_exchange(SSL *s);
-int ssl3_get_cert_verify(SSL *s);
-#ifndef OPENSSL_NO_NEXTPROTONEG
-int ssl3_get_next_proto(SSL *s);
-#endif
-int ssl3_get_channel_id(SSL *s);
-
-int dtls1_send_hello_request(SSL *s);
-int dtls1_send_server_hello(SSL *s);
-int dtls1_send_server_certificate(SSL *s);
-int dtls1_send_server_key_exchange(SSL *s);
-int dtls1_send_certificate_request(SSL *s);
-int dtls1_send_server_done(SSL *s);
-
-
-
-int ssl23_accept(SSL *s);
-int ssl23_connect(SSL *s);
-int ssl23_read_bytes(SSL *s, int n);
-int ssl23_write_bytes(SSL *s);
-
-int tls1_new(SSL *s);
-void tls1_free(SSL *s);
-void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-
-int dtls1_new(SSL *s);
-int	dtls1_accept(SSL *s);
-int	dtls1_connect(SSL *s);
-void dtls1_free(SSL *s);
-void dtls1_clear(SSL *s);
-long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
-int dtls1_shutdown(SSL *s);
-
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int dtls1_get_record(SSL *s);
-int dtls1_dispatch_alert(SSL *s);
-int dtls1_enc(SSL *s, int snd);
-
-int ssl_init_wbio_buffer(SSL *s, int push);
-void ssl_free_wbio_buffer(SSL *s);
-
-int tls1_change_cipher_state(SSL *s, int which);
-int tls1_setup_key_block(SSL *s);
-int tls1_enc(SSL *s, int snd);
-int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len);
-int tls1_final_finish_mac(SSL *s,
-	const char *str, int slen, unsigned char *p);
-int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
-int tls1_mac(SSL *ssl, unsigned char *md, int snd);
-int tls1_generate_master_secret(SSL *s, unsigned char *out,
-	unsigned char *p, int len);
-int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-	const char *label, size_t llen,
-	const unsigned char *p, size_t plen, int use_context);
-int tls1_alert_code(int code);
-int ssl3_alert_code(int code);
-int ssl_ok(SSL *s);
-
-#ifndef OPENSSL_NO_ECDH
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
-#endif
-
-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
-
-#ifndef OPENSSL_NO_EC
-int tls1_ec_curve_id2nid(int curve_id);
-int tls1_ec_nid2curve_id(int nid);
-#endif /* OPENSSL_NO_EC */
-
-#ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); 
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit); 
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
-int ssl_prepare_clienthello_tlsext(SSL *s);
-int ssl_prepare_serverhello_tlsext(SSL *s);
-int ssl_check_clienthello_tlsext_early(SSL *s);
-int ssl_check_clienthello_tlsext_late(SSL *s);
-int ssl_check_serverhello_tlsext(SSL *s);
-
-#ifndef OPENSSL_NO_HEARTBEATS
-int tls1_heartbeat(SSL *s);
-int dtls1_heartbeat(SSL *s);
-int tls1_process_heartbeat(SSL *s);
-int dtls1_process_heartbeat(SSL *s);
-#endif
-
-#ifdef OPENSSL_NO_SHA256
-#define tlsext_tick_md	EVP_sha1
-#else
-#define tlsext_tick_md	EVP_sha256
-#endif
-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
-				const unsigned char *limit, SSL_SESSION **ret);
-
-int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
-				const EVP_MD *md);
-int tls12_get_sigid(const EVP_PKEY *pk);
-const EVP_MD *tls12_get_hash(unsigned char hash_alg);
-
-int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s);
-int tls1_record_handshake_hashes_for_channel_id(SSL *s);
-#endif
-
-int ssl3_can_cutthrough(const SSL *s);
-EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
-void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-					int maxlen);
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-					  int *al);
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-					int maxlen);
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-					  int *al);
-long ssl_get_algorithm2(SSL *s);
-void tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
-int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
-
-int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
-int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
-int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
-
-/* s3_cbc.c */
-void ssl3_cbc_copy_mac(unsigned char* out,
-		       const SSL3_RECORD *rec,
-		       unsigned md_size,unsigned orig_len);
-int ssl3_cbc_remove_padding(const SSL* s,
-			    SSL3_RECORD *rec,
-			    unsigned block_size,
-			    unsigned mac_size);
-int tls1_cbc_remove_padding(const SSL* s,
-			    SSL3_RECORD *rec,
-			    unsigned block_size,
-			    unsigned mac_size);
-char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
-void ssl3_cbc_digest_record(
-	const EVP_MD_CTX *ctx,
-	unsigned char* md_out,
-	size_t* md_out_size,
-	const unsigned char header[13],
-	const unsigned char *data,
-	size_t data_plus_mac_size,
-	size_t data_plus_mac_plus_padding_size,
-	const unsigned char *mac_secret,
-	unsigned mac_secret_length,
-	char is_sslv3);
-
-void tls_fips_digest_extra(
-	const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
-	const unsigned char *data, size_t data_len, size_t orig_len);
-
-int srp_verify_server_param(SSL *s, int *al);
-
-#else
-
-#define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
-#define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
-#define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat
-#define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
-
-#endif
-#endif
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
deleted file mode 100644
index e98e862d92..0000000000
--- a/ssl/ssl_rsa.c
+++ /dev/null
@@ -1,821 +0,0 @@
-/* ssl/ssl_rsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/bio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-static int ssl_set_cert(CERT *c, X509 *x509);
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
-int SSL_use_certificate(SSL *ssl, X509 *x)
-	{
-	if (x == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if (!ssl_cert_inst(&ssl->cert))
-		{
-		SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	return(ssl_set_cert(ssl->cert,x));
-	}
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
-	{
-	int j;
-	BIO *in;
-	int ret=0;
-	X509 *x=NULL;
-
-	in=BIO_new(BIO_s_file_internal());
-	if (in == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
-		goto end;
-		}
-
-	if (BIO_read_filename(in,file) <= 0)
-		{
-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
-		goto end;
-		}
-	if (type == SSL_FILETYPE_ASN1)
-		{
-		j=ERR_R_ASN1_LIB;
-		x=d2i_X509_bio(in,NULL);
-		}
-	else if (type == SSL_FILETYPE_PEM)
-		{
-		j=ERR_R_PEM_LIB;
-		x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
-		}
-	else
-		{
-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
-		goto end;
-		}
-
-	if (x == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
-		goto end;
-		}
-
-	ret=SSL_use_certificate(ssl,x);
-end:
-	if (x != NULL) X509_free(x);
-	if (in != NULL) BIO_free(in);
-	return(ret);
-	}
-#endif
-
-int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
-	{
-	X509 *x;
-	int ret;
-
-	x=d2i_X509(NULL,&d,(long)len);
-	if (x == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
-		return(0);
-		}
-
-	ret=SSL_use_certificate(ssl,x);
-	X509_free(x);
-	return(ret);
-	}
-
-#ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
-	{
-	EVP_PKEY *pkey;
-	int ret;
-
-	if (rsa == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if (!ssl_cert_inst(&ssl->cert))
-		{
-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	if ((pkey=EVP_PKEY_new()) == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
-		return(0);
-		}
-
-	RSA_up_ref(rsa);
-	EVP_PKEY_assign_RSA(pkey,rsa);
-
-	ret=ssl_set_pkey(ssl->cert,pkey);
-	EVP_PKEY_free(pkey);
-	return(ret);
-	}
-#endif
-
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
-	{
-	int i;
-
-	i=ssl_cert_type(NULL,pkey);
-	if (i < 0)
-		{
-		SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-		return(0);
-		}
-
-	if (c->pkeys[i].x509 != NULL)
-		{
-		EVP_PKEY *pktmp;
-		pktmp =	X509_get_pubkey(c->pkeys[i].x509);
-		EVP_PKEY_copy_parameters(pktmp,pkey);
-		EVP_PKEY_free(pktmp);
-		ERR_clear_error();
-
-#ifndef OPENSSL_NO_RSA
-		/* Don't check the public/private key, this is mostly
-		 * for smart cards. */
-		if ((pkey->type == EVP_PKEY_RSA) &&
-			(RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
-			;
-		else
-#endif
-		if (!X509_check_private_key(c->pkeys[i].x509,pkey))
-			{
-			X509_free(c->pkeys[i].x509);
-			c->pkeys[i].x509 = NULL;
-			return 0;
-			}
-		}
-
-	if (c->pkeys[i].privatekey != NULL)
-		EVP_PKEY_free(c->pkeys[i].privatekey);
-	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-	c->pkeys[i].privatekey=pkey;
-	c->key= &(c->pkeys[i]);
-
-	c->valid=0;
-	return(1);
-	}
-
-#ifndef OPENSSL_NO_RSA
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
-	{
-	int j,ret=0;
-	BIO *in;
-	RSA *rsa=NULL;
-
-	in=BIO_new(BIO_s_file_internal());
-	if (in == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
-		goto end;
-		}
-
-	if (BIO_read_filename(in,file) <= 0)
-		{
-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
-		goto end;
-		}
-	if	(type == SSL_FILETYPE_ASN1)
-		{
-		j=ERR_R_ASN1_LIB;
-		rsa=d2i_RSAPrivateKey_bio(in,NULL);
-		}
-	else if (type == SSL_FILETYPE_PEM)
-		{
-		j=ERR_R_PEM_LIB;
-		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-			ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
-		}
-	else
-		{
-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-		goto end;
-		}
-	if (rsa == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
-		goto end;
-		}
-	ret=SSL_use_RSAPrivateKey(ssl,rsa);
-	RSA_free(rsa);
-end:
-	if (in != NULL) BIO_free(in);
-	return(ret);
-	}
-#endif
-
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
-	{
-	int ret;
-	const unsigned char *p;
-	RSA *rsa;
-
-	p=d;
-	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-		return(0);
-		}
-
-	ret=SSL_use_RSAPrivateKey(ssl,rsa);
-	RSA_free(rsa);
-	return(ret);
-	}
-#endif /* !OPENSSL_NO_RSA */
-
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
-	{
-	int ret;
-
-	if (pkey == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if (!ssl_cert_inst(&ssl->cert))
-		{
-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	ret=ssl_set_pkey(ssl->cert,pkey);
-	return(ret);
-	}
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
-	{
-	int j,ret=0;
-	BIO *in;
-	EVP_PKEY *pkey=NULL;
-
-	in=BIO_new(BIO_s_file_internal());
-	if (in == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
-		goto end;
-		}
-
-	if (BIO_read_filename(in,file) <= 0)
-		{
-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
-		goto end;
-		}
-	if (type == SSL_FILETYPE_PEM)
-		{
-		j=ERR_R_PEM_LIB;
-		pkey=PEM_read_bio_PrivateKey(in,NULL,
-			ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
-		}
-	else if (type == SSL_FILETYPE_ASN1)
-		{
-		j = ERR_R_ASN1_LIB;
-		pkey = d2i_PrivateKey_bio(in,NULL);
-		}
-	else
-		{
-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-		goto end;
-		}
-	if (pkey == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
-		goto end;
-		}
-	ret=SSL_use_PrivateKey(ssl,pkey);
-	EVP_PKEY_free(pkey);
-end:
-	if (in != NULL) BIO_free(in);
-	return(ret);
-	}
-#endif
-
-int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
-	{
-	int ret;
-	const unsigned char *p;
-	EVP_PKEY *pkey;
-
-	p=d;
-	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-		return(0);
-		}
-
-	ret=SSL_use_PrivateKey(ssl,pkey);
-	EVP_PKEY_free(pkey);
-	return(ret);
-	}
-
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
-	{
-	if (x == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if (!ssl_cert_inst(&ctx->cert))
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	return(ssl_set_cert(ctx->cert, x));
-	}
-
-static int ssl_set_cert(CERT *c, X509 *x)
-	{
-	EVP_PKEY *pkey;
-	int i;
-
-	pkey=X509_get_pubkey(x);
-	if (pkey == NULL)
-		{
-		SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
-		return(0);
-		}
-
-	i=ssl_cert_type(x,pkey);
-	if (i < 0)
-		{
-		SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-		EVP_PKEY_free(pkey);
-		return(0);
-		}
-
-	if (c->pkeys[i].privatekey != NULL)
-		{
-		EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
-		ERR_clear_error();
-
-#ifndef OPENSSL_NO_RSA
-		/* Don't check the public/private key, this is mostly
-		 * for smart cards. */
-		if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
-			(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
-			 RSA_METHOD_FLAG_NO_CHECK))
-			 ;
-		else
-#endif /* OPENSSL_NO_RSA */
-		if (!X509_check_private_key(x,c->pkeys[i].privatekey))
-			{
-			/* don't fail for a cert/key mismatch, just free
-			 * current private key (when switching to a different
-			 * cert & key, first this function should be used,
-			 * then ssl_set_pkey */
-			EVP_PKEY_free(c->pkeys[i].privatekey);
-			c->pkeys[i].privatekey=NULL;
-			/* clear error queue */
-			ERR_clear_error();
-			}
-		}
-
-	EVP_PKEY_free(pkey);
-
-	if (c->pkeys[i].x509 != NULL)
-		X509_free(c->pkeys[i].x509);
-	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-	c->pkeys[i].x509=x;
-	c->key= &(c->pkeys[i]);
-
-	c->valid=0;
-	return(1);
-	}
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
-	{
-	int j;
-	BIO *in;
-	int ret=0;
-	X509 *x=NULL;
-
-	in=BIO_new(BIO_s_file_internal());
-	if (in == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
-		goto end;
-		}
-
-	if (BIO_read_filename(in,file) <= 0)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
-		goto end;
-		}
-	if (type == SSL_FILETYPE_ASN1)
-		{
-		j=ERR_R_ASN1_LIB;
-		x=d2i_X509_bio(in,NULL);
-		}
-	else if (type == SSL_FILETYPE_PEM)
-		{
-		j=ERR_R_PEM_LIB;
-		x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-		}
-	else
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
-		goto end;
-		}
-
-	if (x == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
-		goto end;
-		}
-
-	ret=SSL_CTX_use_certificate(ctx,x);
-end:
-	if (x != NULL) X509_free(x);
-	if (in != NULL) BIO_free(in);
-	return(ret);
-	}
-#endif
-
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
-	{
-	X509 *x;
-	int ret;
-
-	x=d2i_X509(NULL,&d,(long)len);
-	if (x == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
-		return(0);
-		}
-
-	ret=SSL_CTX_use_certificate(ctx,x);
-	X509_free(x);
-	return(ret);
-	}
-
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
-	{
-	int ret;
-	EVP_PKEY *pkey;
-
-	if (rsa == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if (!ssl_cert_inst(&ctx->cert))
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	if ((pkey=EVP_PKEY_new()) == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
-		return(0);
-		}
-
-	RSA_up_ref(rsa);
-	EVP_PKEY_assign_RSA(pkey,rsa);
-
-	ret=ssl_set_pkey(ctx->cert, pkey);
-	EVP_PKEY_free(pkey);
-	return(ret);
-	}
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-	{
-	int j,ret=0;
-	BIO *in;
-	RSA *rsa=NULL;
-
-	in=BIO_new(BIO_s_file_internal());
-	if (in == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
-		goto end;
-		}
-
-	if (BIO_read_filename(in,file) <= 0)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
-		goto end;
-		}
-	if	(type == SSL_FILETYPE_ASN1)
-		{
-		j=ERR_R_ASN1_LIB;
-		rsa=d2i_RSAPrivateKey_bio(in,NULL);
-		}
-	else if (type == SSL_FILETYPE_PEM)
-		{
-		j=ERR_R_PEM_LIB;
-		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-			ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-		}
-	else
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-		goto end;
-		}
-	if (rsa == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
-		goto end;
-		}
-	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
-	RSA_free(rsa);
-end:
-	if (in != NULL) BIO_free(in);
-	return(ret);
-	}
-#endif
-
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
-	{
-	int ret;
-	const unsigned char *p;
-	RSA *rsa;
-
-	p=d;
-	if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-		return(0);
-		}
-
-	ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
-	RSA_free(rsa);
-	return(ret);
-	}
-#endif /* !OPENSSL_NO_RSA */
-
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
-	{
-	if (pkey == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if (!ssl_cert_inst(&ctx->cert))
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	return(ssl_set_pkey(ctx->cert,pkey));
-	}
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-	{
-	int j,ret=0;
-	BIO *in;
-	EVP_PKEY *pkey=NULL;
-
-	in=BIO_new(BIO_s_file_internal());
-	if (in == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
-		goto end;
-		}
-
-	if (BIO_read_filename(in,file) <= 0)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
-		goto end;
-		}
-	if (type == SSL_FILETYPE_PEM)
-		{
-		j=ERR_R_PEM_LIB;
-		pkey=PEM_read_bio_PrivateKey(in,NULL,
-			ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
-		}
-	else if (type == SSL_FILETYPE_ASN1)
-		{
-		j = ERR_R_ASN1_LIB;
-		pkey = d2i_PrivateKey_bio(in,NULL);
-		}
-	else
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
-		goto end;
-		}
-	if (pkey == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
-		goto end;
-		}
-	ret=SSL_CTX_use_PrivateKey(ctx,pkey);
-	EVP_PKEY_free(pkey);
-end:
-	if (in != NULL) BIO_free(in);
-	return(ret);
-	}
-#endif
-
-int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
-	     long len)
-	{
-	int ret;
-	const unsigned char *p;
-	EVP_PKEY *pkey;
-
-	p=d;
-	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
-		return(0);
-		}
-
-	ret=SSL_CTX_use_PrivateKey(ctx,pkey);
-	EVP_PKEY_free(pkey);
-	return(ret);
-	}
-
-
-int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain)
-	{
-	if (ssl == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if (ssl->cert == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED);
-		return(0);
-		}
-	if (ssl->cert->key == NULL)
-		{
-		SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED);
-		return(0);
-		}
-	if (ssl->cert->key->cert_chain != NULL)
-		sk_X509_pop_free(ssl->cert->key->cert_chain, X509_free);
-	ssl->cert->key->cert_chain = cert_chain;
-	return(1);
-	}
-
-STACK_OF(X509) *SSL_get_certificate_chain(SSL *ssl, X509 *x)
-	{
-	int i;
-	if (x == NULL)
-		return NULL;
-	if (ssl == NULL)
-		return NULL;
-	if (ssl->cert == NULL)
-		return NULL;
-	for (i = 0; i < SSL_PKEY_NUM; i++)
-		if (ssl->cert->pkeys[i].x509 == x)
-			return ssl->cert->pkeys[i].cert_chain;
-	return NULL;
-	}
-
-#ifndef OPENSSL_NO_STDIO
-/* Read a file that contains our certificate in "PEM" format,
- * possibly followed by a sequence of CA certificates that should be
- * sent to the peer in the Certificate message.
- */
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
-	{
-	BIO *in;
-	int ret=0;
-	X509 *x=NULL;
-
-	ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
-
-	in = BIO_new(BIO_s_file_internal());
-	if (in == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
-		goto end;
-		}
-
-	if (BIO_read_filename(in,file) <= 0)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
-		goto end;
-		}
-
-	x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,
-				ctx->default_passwd_callback_userdata);
-	if (x == NULL)
-		{
-		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
-		goto end;
-		}
-
-	ret = SSL_CTX_use_certificate(ctx, x);
-
-	if (ERR_peek_error() != 0)
-		ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
-	if (ret)
-		{
-		/* If we could set up our certificate, now proceed to
-		 * the CA certificates.
-		 */
-		X509 *ca;
-		int r;
-		unsigned long err;
-		
-		if (ctx->extra_certs != NULL)
-			{
-			sk_X509_pop_free(ctx->extra_certs, X509_free);
-			ctx->extra_certs = NULL;
-			}
-
-		while ((ca = PEM_read_bio_X509(in, NULL,
-					ctx->default_passwd_callback,
-					ctx->default_passwd_callback_userdata))
-			!= NULL)
-			{
-			r = SSL_CTX_add_extra_chain_cert(ctx, ca);
-			if (!r) 
-				{
-				X509_free(ca);
-				ret = 0;
-				goto end;
-				}
-			/* Note that we must not free r if it was successfully
-			 * added to the chain (while we must free the main
-			 * certificate, since its reference count is increased
-			 * by SSL_CTX_use_certificate). */
-			}
-		/* When the while loop ends, it's usually just EOF. */
-		err = ERR_peek_last_error();
-		if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
-			ERR_clear_error();
-		else 
-			ret = 0; /* some real error */
-		}
-
-end:
-	if (x != NULL) X509_free(x);
-	if (in != NULL) BIO_free(in);
-	return(ret);
-	}
-#endif
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
deleted file mode 100644
index 97902cd5d9..0000000000
--- a/ssl/ssl_sess.c
+++ /dev/null
@@ -1,1203 +0,0 @@
-/* ssl/ssl_sess.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include <openssl/lhash.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include "ssl_locl.h"
-
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
-static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
-
-SSL_SESSION *SSL_get_session(const SSL *ssl)
-/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
-	{
-	return(ssl->session);
-	}
-
-SSL_SESSION *SSL_get1_session(SSL *ssl)
-/* variant of SSL_get_session: caller really gets something */
-	{
-	SSL_SESSION *sess;
-	/* Need to lock this all up rather than just use CRYPTO_add so that
-	 * somebody doesn't free ssl->session between when we check it's
-	 * non-null and when we up the reference count. */
-	CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
-	sess = ssl->session;
-	if(sess)
-		sess->references++;
-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
-	return(sess);
-	}
-
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-	{
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
-			new_func, dup_func, free_func);
-	}
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
-	}
-
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
-	{
-	return(CRYPTO_get_ex_data(&s->ex_data,idx));
-	}
-
-SSL_SESSION *SSL_SESSION_new(void)
-	{
-	SSL_SESSION *ss;
-
-	ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
-	if (ss == NULL)
-		{
-		SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	memset(ss,0,sizeof(SSL_SESSION));
-
-	ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
-	ss->references=1;
-	ss->timeout=60*5+4; /* 5 minute timeout by default */
-	ss->time=(unsigned long)time(NULL);
-	ss->prev=NULL;
-	ss->next=NULL;
-	ss->compress_meth=0;
-#ifndef OPENSSL_NO_TLSEXT
-	ss->tlsext_hostname = NULL; 
-#ifndef OPENSSL_NO_EC
-	ss->tlsext_ecpointformatlist_length = 0;
-	ss->tlsext_ecpointformatlist = NULL;
-	ss->tlsext_ellipticcurvelist_length = 0;
-	ss->tlsext_ellipticcurvelist = NULL;
-#endif
-#endif
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-#ifndef OPENSSL_NO_PSK
-	ss->psk_identity_hint=NULL;
-	ss->psk_identity=NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-	ss->srp_username=NULL;
-#endif
-	return(ss);
-	}
-
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
-	{
-	if(len)
-		*len = s->session_id_length;
-	return s->session_id;
-	}
-
-unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
-	{
-	return s->compress_meth;
-	}
-
-/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
- * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
- * until we have no conflict is going to complete in one iteration pretty much
- * "most" of the time (btw: understatement). So, if it takes us 10 iterations
- * and we still can't avoid a conflict - well that's a reasonable point to call
- * it quits. Either the RAND code is broken or someone is trying to open roughly
- * very close to 2^128 (or 2^256) SSL sessions to our server. How you might
- * store that many sessions is perhaps a more interesting question ... */
-
-#define MAX_SESS_ID_ATTEMPTS 10
-static int def_generate_session_id(const SSL *ssl, unsigned char *id,
-				unsigned int *id_len)
-{
-	unsigned int retry = 0;
-	do
-		if (RAND_pseudo_bytes(id, *id_len) <= 0)
-			return 0;
-	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
-		(++retry < MAX_SESS_ID_ATTEMPTS));
-	if(retry < MAX_SESS_ID_ATTEMPTS)
-		return 1;
-	/* else - woops a session_id match */
-	/* XXX We should also check the external cache --
-	 * but the probability of a collision is negligible, and
-	 * we could not prevent the concurrent creation of sessions
-	 * with identical IDs since we currently don't have means
-	 * to atomically check whether a session ID already exists
-	 * and make a reservation for it if it does not
-	 * (this problem applies to the internal cache as well).
-	 */
-	return 0;
-}
-
-void SSL_set_session_creation_enabled (SSL *s, int creation_enabled)
-	{
-	s->session_creation_enabled = creation_enabled;
-	}
-
-int ssl_get_new_session(SSL *s, int session)
-	{
-	/* This gets used by clients and servers. */
-
-	unsigned int tmp;
-	SSL_SESSION *ss=NULL;
-	GEN_SESSION_CB cb = def_generate_session_id;
-
-	/* caller should check this if they can do better error handling */
-        if (!s->session_creation_enabled) return(0);
-	if ((ss=SSL_SESSION_new()) == NULL) return(0);
-
-	/* If the context has a default timeout, use it */
-	if (s->session_ctx->session_timeout == 0)
-		ss->timeout=SSL_get_default_timeout(s);
-	else
-		ss->timeout=s->session_ctx->session_timeout;
-
-	if (s->session != NULL)
-		{
-		SSL_SESSION_free(s->session);
-		s->session=NULL;
-		}
-
-	if (session)
-		{
-		if (s->version == SSL2_VERSION)
-			{
-			ss->ssl_version=SSL2_VERSION;
-			ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == SSL3_VERSION)
-			{
-			ss->ssl_version=SSL3_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == TLS1_VERSION)
-			{
-			ss->ssl_version=TLS1_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == TLS1_1_VERSION)
-			{
-			ss->ssl_version=TLS1_1_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == TLS1_2_VERSION)
-			{
-			ss->ssl_version=TLS1_2_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == DTLS1_BAD_VER)
-			{
-			ss->ssl_version=DTLS1_BAD_VER;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == DTLS1_VERSION)
-			{
-			ss->ssl_version=DTLS1_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else
-			{
-			SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
-			SSL_SESSION_free(ss);
-			return(0);
-			}
-#ifndef OPENSSL_NO_TLSEXT
-		/*
-		 * If RFC5077 ticket, use empty session ID (as server).
-		 * Note that:
-		 * (a) ssl_get_prev_session() does lookahead into the
-		 *     ClientHello extensions to find the session ticket.
-		 *     When ssl_get_prev_session() fails, s3_srvr.c calls
-		 *     ssl_get_new_session() in ssl3_get_client_hello().
-		 *     At that point, it has not yet parsed the extensions,
-		 *     however, because of the lookahead, it already knows
-		 *     whether a ticket is expected or not.
-		 *
-		 * (b) s3_clnt.c calls ssl_get_new_session() before parsing
-		 *     ServerHello extensions, and before recording the session
-		 *     ID received from the server, so this block is a noop.
-		 */
-		if (s->tlsext_ticket_expected)
-			{
-			ss->session_id_length = 0;
-			goto sess_id_done;
-			}
-#endif
-		/* Choose which callback will set the session ID */
-		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-		if(s->generate_session_id)
-			cb = s->generate_session_id;
-		else if(s->session_ctx->generate_session_id)
-			cb = s->session_ctx->generate_session_id;
-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-		/* Choose a session ID */
-		tmp = ss->session_id_length;
-		if(!cb(s, ss->session_id, &tmp))
-			{
-			/* The callback failed */
-			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
-				SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
-			SSL_SESSION_free(ss);
-			return(0);
-			}
-		/* Don't allow the callback to set the session length to zero.
-		 * nor set it higher than it was. */
-		if(!tmp || (tmp > ss->session_id_length))
-			{
-			/* The callback set an illegal length */
-			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
-				SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
-			SSL_SESSION_free(ss);
-			return(0);
-			}
-		/* If the session length was shrunk and we're SSLv2, pad it */
-		if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
-			memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
-		else
-			ss->session_id_length = tmp;
-		/* Finally, check for a conflict */
-		if(SSL_has_matching_session_id(s, ss->session_id,
-						ss->session_id_length))
-			{
-			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
-				SSL_R_SSL_SESSION_ID_CONFLICT);
-			SSL_SESSION_free(ss);
-			return(0);
-			}
-#ifndef OPENSSL_NO_TLSEXT
-		sess_id_done:
-		if (s->tlsext_hostname) {
-			ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
-			if (ss->tlsext_hostname == NULL) {
-				SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
-				SSL_SESSION_free(ss);
-				return 0;
-				}
-			}
-#ifndef OPENSSL_NO_EC
-		if (s->tlsext_ecpointformatlist)
-			{
-			if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
-			if ((ss->tlsext_ecpointformatlist = OPENSSL_malloc(s->tlsext_ecpointformatlist_length)) == NULL)
-				{
-				SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
-				SSL_SESSION_free(ss);
-				return 0;
-				}
-			ss->tlsext_ecpointformatlist_length = s->tlsext_ecpointformatlist_length;
-			memcpy(ss->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
-			}
-		if (s->tlsext_ellipticcurvelist)
-			{
-			if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
-			if ((ss->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
-				{
-				SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
-				SSL_SESSION_free(ss);
-				return 0;
-				}
-			ss->tlsext_ellipticcurvelist_length = s->tlsext_ellipticcurvelist_length;
-			memcpy(ss->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
-			}
-#endif
-#endif
-#ifndef OPENSSL_NO_PSK
-		if (s->psk_identity_hint)
-			{
-			ss->psk_identity_hint = BUF_strdup(s->psk_identity_hint);
-			if (ss->psk_identity_hint == NULL)
-				{
-				SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_MALLOC_FAILURE);
-				SSL_SESSION_free(ss);
-				return 0;
-				}
-			}
-#endif
-		}
-	else
-		{
-		ss->session_id_length=0;
-		}
-
-	if (s->sid_ctx_length > sizeof ss->sid_ctx)
-		{
-		SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
-		SSL_SESSION_free(ss);
-		return 0;
-		}
-	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
-	ss->sid_ctx_length=s->sid_ctx_length;
-	s->session=ss;
-	ss->ssl_version=s->version;
-	ss->verify_result = X509_V_OK;
-
-	return(1);
-	}
-
-/* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
- * connection. It is only called by servers.
- *
- *   session_id: points at the session ID in the ClientHello. This code will
- *       read past the end of this in order to parse out the session ticket
- *       extension, if any.
- *   len: the length of the session ID.
- *   limit: a pointer to the first byte after the ClientHello.
- *
- * Returns:
- *   -1: error
- *    0: a session may have been found.
- *
- * Side effects:
- *   - If a session is found then s->session is pointed at it (after freeing an
- *     existing session if need be) and s->verify_result is set from the session.
- *   - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1
- *     if the server should issue a new session ticket (to 0 otherwise).
- */
-int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
-			const unsigned char *limit)
-	{
-	/* This is used only by servers. */
-
-	SSL_SESSION *ret=NULL;
-	int fatal = 0;
-	int try_session_cache = 1;
-#ifndef OPENSSL_NO_TLSEXT
-	int r;
-#endif
-
-	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
-		goto err;
-
-	if (len == 0)
-		try_session_cache = 0;
-
-#ifndef OPENSSL_NO_TLSEXT
-	r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */
-	switch (r)
-		{
-	case -1: /* Error during processing */
-		fatal = 1;
-		goto err;
-	case 0: /* No ticket found */
-	case 1: /* Zero length ticket found */
-		break; /* Ok to carry on processing session id. */
-	case 2: /* Ticket found but not decrypted. */
-	case 3: /* Ticket decrypted, *ret has been set. */
-		try_session_cache = 0;
-		break;
-	default:
-		abort();
-		}
-#endif
-
-	if (try_session_cache &&
-	    ret == NULL &&
-	    !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
-		{
-		SSL_SESSION data;
-		data.ssl_version=s->version;
-		data.session_id_length=len;
-		if (len == 0)
-			return 0;
-		memcpy(data.session_id,session_id,len);
-		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-		ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data);
-		if (ret != NULL)
-			{
-			/* don't allow other threads to steal it: */
-			CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-			}
-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-		if (ret == NULL)
-			s->session_ctx->stats.sess_miss++;
-		}
-
-	if (try_session_cache &&
-	    ret == NULL &&
-	    s->session_ctx->get_session_cb != NULL)
-		{
-		int copy=1;
-	
-		if ((ret=s->session_ctx->get_session_cb(s,session_id,len,&copy)))
-			{
-			s->session_ctx->stats.sess_cb_hit++;
-
-			/* Increment reference count now if the session callback
-			 * asks us to do so (note that if the session structures
-			 * returned by the callback are shared between threads,
-			 * it must handle the reference count itself [i.e. copy == 0],
-			 * or things won't be thread-safe). */
-			if (copy)
-				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-
-			/* Add the externally cached session to the internal
-			 * cache as well if and only if we are supposed to. */
-			if(!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
-				/* The following should not return 1, otherwise,
-				 * things are very strange */
-				SSL_CTX_add_session(s->session_ctx,ret);
-			}
-		}
-
-	if (ret == NULL)
-		goto err;
-
-	/* Now ret is non-NULL and we own one of its reference counts. */
-
-	if (ret->sid_ctx_length != s->sid_ctx_length
-	    || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
-		{
-		/* We have the session requested by the client, but we don't
-		 * want to use it in this context. */
-		goto err; /* treat like cache miss */
-		}
-	
-	if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
-		{
-		/* We can't be sure if this session is being used out of
-		 * context, which is especially important for SSL_VERIFY_PEER.
-		 * The application should have used SSL[_CTX]_set_session_id_context.
-		 *
-		 * For this error case, we generate an error instead of treating
-		 * the event like a cache miss (otherwise it would be easy for
-		 * applications to effectively disable the session cache by
-		 * accident without anyone noticing).
-		 */
-		
-		SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
-		fatal = 1;
-		goto err;
-		}
-
-	if (ret->cipher == NULL)
-		{
-		unsigned char buf[5],*p;
-		unsigned long l;
-
-		p=buf;
-		l=ret->cipher_id;
-		l2n(l,p);
-		if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR)
-			ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
-		else 
-			ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
-		if (ret->cipher == NULL)
-			goto err;
-		}
-
-	if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
-		{
-		s->session_ctx->stats.sess_timeout++;
-		if (try_session_cache)
-			{
-			/* session was from the cache, so remove it */
-			SSL_CTX_remove_session(s->session_ctx,ret);
-			}
-		goto err;
-		}
-
-	s->session_ctx->stats.sess_hit++;
-
-	if (s->session != NULL)
-		SSL_SESSION_free(s->session);
-	s->session=ret;
-	s->verify_result = s->session->verify_result;
-	return 1;
-
- err:
-	if (ret != NULL)
-		{
-		SSL_SESSION_free(ret);
-#ifndef OPENSSL_NO_TLSEXT
-		if (!try_session_cache)
-			{
-			/* The session was from a ticket, so we should
-			 * issue a ticket for the new session */
-			s->tlsext_ticket_expected = 1;
-			}
-#endif
-		}
-	if (fatal)
-		return -1;
-	else
-		return 0;
-	}
-
-int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
-	{
-	int ret=0;
-	SSL_SESSION *s;
-
-	/* add just 1 reference count for the SSL_CTX's session cache
-	 * even though it has two ways of access: each session is in a
-	 * doubly linked list and an lhash */
-	CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
-	/* if session c is in already in cache, we take back the increment later */
-
-	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-	s=lh_SSL_SESSION_insert(ctx->sessions,c);
-	
-	/* s != NULL iff we already had a session with the given PID.
-	 * In this case, s == c should hold (then we did not really modify
-	 * ctx->sessions), or we're in trouble. */
-	if (s != NULL && s != c)
-		{
-		/* We *are* in trouble ... */
-		SSL_SESSION_list_remove(ctx,s);
-		SSL_SESSION_free(s);
-		/* ... so pretend the other session did not exist in cache
-		 * (we cannot handle two SSL_SESSION structures with identical
-		 * session ID in the same cache, which could happen e.g. when
-		 * two threads concurrently obtain the same session from an external
-		 * cache) */
-		s = NULL;
-		}
-
- 	/* Put at the head of the queue unless it is already in the cache */
-	if (s == NULL)
-		SSL_SESSION_list_add(ctx,c);
-
-	if (s != NULL)
-		{
-		/* existing cache entry -- decrement previously incremented reference
-		 * count because it already takes into account the cache */
-
-		SSL_SESSION_free(s); /* s == c */
-		ret=0;
-		}
-	else
-		{
-		/* new cache entry -- remove old ones if cache has become too large */
-		
-		ret=1;
-
-		if (SSL_CTX_sess_get_cache_size(ctx) > 0)
-			{
-			while (SSL_CTX_sess_number(ctx) >
-				SSL_CTX_sess_get_cache_size(ctx))
-				{
-				if (!remove_session_lock(ctx,
-					ctx->session_cache_tail, 0))
-					break;
-				else
-					ctx->stats.sess_cache_full++;
-				}
-			}
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-	return(ret);
-	}
-
-int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
-{
-	return remove_session_lock(ctx, c, 1);
-}
-
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
-	{
-	SSL_SESSION *r;
-	int ret=0;
-
-	if ((c != NULL) && (c->session_id_length != 0))
-		{
-		if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-		if ((r = lh_SSL_SESSION_retrieve(ctx->sessions,c)) == c)
-			{
-			ret=1;
-			r=lh_SSL_SESSION_delete(ctx->sessions,c);
-			SSL_SESSION_list_remove(ctx,c);
-			}
-
-		if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-
-		if (ret)
-			{
-			r->not_resumable=1;
-			if (ctx->remove_session_cb != NULL)
-				ctx->remove_session_cb(ctx,r);
-			SSL_SESSION_free(r);
-			}
-		}
-	else
-		ret=0;
-	return(ret);
-	}
-
-void SSL_SESSION_free(SSL_SESSION *ss)
-	{
-	int i;
-
-	if(ss == NULL)
-	    return;
-
-	i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
-#ifdef REF_PRINT
-	REF_PRINT("SSL_SESSION",ss);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
-		abort(); /* ok */
-		}
-#endif
-
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-
-	OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
-	OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
-	OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
-	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
-	if (ss->peer != NULL) X509_free(ss->peer);
-	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
-#ifndef OPENSSL_NO_TLSEXT
-	if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
-	if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
-#ifndef OPENSSL_NO_EC
-	ss->tlsext_ecpointformatlist_length = 0;
-	if (ss->tlsext_ecpointformatlist != NULL) OPENSSL_free(ss->tlsext_ecpointformatlist);
-	ss->tlsext_ellipticcurvelist_length = 0;
-	if (ss->tlsext_ellipticcurvelist != NULL) OPENSSL_free(ss->tlsext_ellipticcurvelist);
-#endif /* OPENSSL_NO_EC */
-#endif
-#ifndef OPENSSL_NO_PSK
-	if (ss->psk_identity_hint != NULL)
-		OPENSSL_free(ss->psk_identity_hint);
-	if (ss->psk_identity != NULL)
-		OPENSSL_free(ss->psk_identity);
-#endif
-#ifndef OPENSSL_NO_SRP
-	if (ss->srp_username != NULL)
-		OPENSSL_free(ss->srp_username);
-#endif
-	OPENSSL_cleanse(ss,sizeof(*ss));
-	OPENSSL_free(ss);
-	}
-
-int SSL_set_session(SSL *s, SSL_SESSION *session)
-	{
-	int ret=0;
-	const SSL_METHOD *meth;
-
-	if (session != NULL)
-		{
-		meth=s->ctx->method->get_ssl_method(session->ssl_version);
-		if (meth == NULL)
-			meth=s->method->get_ssl_method(session->ssl_version);
-		if (meth == NULL)
-			{
-			SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
-			return(0);
-			}
-
-		if (meth != s->method)
-			{
-			if (!SSL_set_ssl_method(s,meth))
-				return(0);
-			}
-
-#ifndef OPENSSL_NO_KRB5
-                if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
-                    session->krb5_client_princ_len > 0)
-                {
-                    s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
-                    memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
-                            session->krb5_client_princ_len);
-                    s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
-                }
-#endif /* OPENSSL_NO_KRB5 */
-
-		/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
-		CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
-		if (s->session != NULL)
-			SSL_SESSION_free(s->session);
-		s->session=session;
-		s->verify_result = s->session->verify_result;
-		/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
-		ret=1;
-		}
-	else
-		{
-		if (s->session != NULL)
-			{
-			SSL_SESSION_free(s->session);
-			s->session=NULL;
-			}
-
-		meth=s->ctx->method;
-		if (meth != s->method)
-			{
-			if (!SSL_set_ssl_method(s,meth))
-				return(0);
-			}
-		ret=1;
-		}
-	return(ret);
-	}
-
-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
-	{
-	if (s == NULL) return(0);
-	s->timeout=t;
-	return(1);
-	}
-
-long SSL_SESSION_get_timeout(const SSL_SESSION *s)
-	{
-	if (s == NULL) return(0);
-	return(s->timeout);
-	}
-
-long SSL_SESSION_get_time(const SSL_SESSION *s)
-	{
-	if (s == NULL) return(0);
-	return(s->time);
-	}
-
-long SSL_SESSION_set_time(SSL_SESSION *s, long t)
-	{
-	if (s == NULL) return(0);
-	s->time=t;
-	return(t);
-	}
-
-X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
-	{
-	return s->peer;
-	}
-
-int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
-			       unsigned int sid_ctx_len)
-	{
-	if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
-		{
-		SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
-		return 0;
-		}
-	s->sid_ctx_length=sid_ctx_len;
-	memcpy(s->sid_ctx,sid_ctx,sid_ctx_len);
-
-	return 1;
-	}
-
-long SSL_CTX_set_timeout(SSL_CTX *s, long t)
-	{
-	long l;
-	if (s == NULL) return(0);
-	l=s->session_timeout;
-	s->session_timeout=t;
-	return(l);
-	}
-
-long SSL_CTX_get_timeout(const SSL_CTX *s)
-	{
-	if (s == NULL) return(0);
-	return(s->session_timeout);
-	}
-
-#ifndef OPENSSL_NO_TLSEXT
-int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
-	STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
-	{
-	if (s == NULL) return(0);
-	s->tls_session_secret_cb = tls_session_secret_cb;
-	s->tls_session_secret_cb_arg = arg;
-	return(1);
-	}
-
-int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
-				  void *arg)
-	{
-	if (s == NULL) return(0);
-	s->tls_session_ticket_ext_cb = cb;
-	s->tls_session_ticket_ext_cb_arg = arg;
-	return(1);
-	}
-
-int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
-	{
-	if (s->version >= TLS1_VERSION)
-		{
-		if (s->tlsext_session_ticket)
-			{
-			OPENSSL_free(s->tlsext_session_ticket);
-			s->tlsext_session_ticket = NULL;
-			}
-
-		s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
-		if (!s->tlsext_session_ticket)
-			{
-			SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-
-		if (ext_data)
-			{
-			s->tlsext_session_ticket->length = ext_len;
-			s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
-			memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
-			}
-		else
-			{
-			s->tlsext_session_ticket->length = 0;
-			s->tlsext_session_ticket->data = NULL;
-			}
-
-		return 1;
-		}
-
-	return 0;
-	}
-#endif /* OPENSSL_NO_TLSEXT */
-
-typedef struct timeout_param_st
-	{
-	SSL_CTX *ctx;
-	long time;
-	LHASH_OF(SSL_SESSION) *cache;
-	} TIMEOUT_PARAM;
-
-static void timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
-	{
-	if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
-		{
-		/* The reason we don't call SSL_CTX_remove_session() is to
-		 * save on locking overhead */
-		(void)lh_SSL_SESSION_delete(p->cache,s);
-		SSL_SESSION_list_remove(p->ctx,s);
-		s->not_resumable=1;
-		if (p->ctx->remove_session_cb != NULL)
-			p->ctx->remove_session_cb(p->ctx,s);
-		SSL_SESSION_free(s);
-		}
-	}
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION, TIMEOUT_PARAM)
-
-void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
-	{
-	unsigned long i;
-	TIMEOUT_PARAM tp;
-
-	tp.ctx=s;
-	tp.cache=s->sessions;
-	if (tp.cache == NULL) return;
-	tp.time=t;
-	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-	i=CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load;
-	CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=0;
-	lh_SSL_SESSION_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout),
-				 TIMEOUT_PARAM, &tp);
-	CHECKED_LHASH_OF(SSL_SESSION, tp.cache)->down_load=i;
-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-	}
-
-int ssl_clear_bad_session(SSL *s)
-	{
-	if (	(s->session != NULL) &&
-		!(s->shutdown & SSL_SENT_SHUTDOWN) &&
-		!(SSL_in_init(s) || SSL_in_before(s)))
-		{
-		SSL_CTX_remove_session(s->ctx,s->session);
-		return(1);
-		}
-	else
-		return(0);
-	}
-
-/* locked by SSL_CTX in the calling function */
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
-	{
-	if ((s->next == NULL) || (s->prev == NULL)) return;
-
-	if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
-		{ /* last element in list */
-		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
-			{ /* only one element in list */
-			ctx->session_cache_head=NULL;
-			ctx->session_cache_tail=NULL;
-			}
-		else
-			{
-			ctx->session_cache_tail=s->prev;
-			s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
-			}
-		}
-	else
-		{
-		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
-			{ /* first element in list */
-			ctx->session_cache_head=s->next;
-			s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
-			}
-		else
-			{ /* middle of list */
-			s->next->prev=s->prev;
-			s->prev->next=s->next;
-			}
-		}
-	s->prev=s->next=NULL;
-	}
-
-static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
-	{
-	if ((s->next != NULL) && (s->prev != NULL))
-		SSL_SESSION_list_remove(ctx,s);
-
-	if (ctx->session_cache_head == NULL)
-		{
-		ctx->session_cache_head=s;
-		ctx->session_cache_tail=s;
-		s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
-		s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
-		}
-	else
-		{
-		s->next=ctx->session_cache_head;
-		s->next->prev=s;
-		s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
-		ctx->session_cache_head=s;
-		}
-	}
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
-	int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess))
-	{
-	ctx->new_session_cb=cb;
-	}
-
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
-	{
-	return ctx->new_session_cb;
-	}
-
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
-	void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess))
-	{
-	ctx->remove_session_cb=cb;
-	}
-
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess)
-	{
-	return ctx->remove_session_cb;
-	}
-
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
-	SSL_SESSION *(*cb)(struct ssl_st *ssl,
-	         unsigned char *data,int len,int *copy))
-	{
-	ctx->get_session_cb=cb;
-	}
-
-SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
-	         unsigned char *data,int len,int *copy)
-	{
-	return ctx->get_session_cb;
-	}
-
-void SSL_CTX_set_info_callback(SSL_CTX *ctx, 
-	void (*cb)(const SSL *ssl,int type,int val))
-	{
-	ctx->info_callback=cb;
-	}
-
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val)
-	{
-	return ctx->info_callback;
-	}
-
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
-	int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
-	{
-	ctx->client_cert_cb=cb;
-	}
-
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey)
-	{
-	return ctx->client_cert_cb;
-	}
-
-void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx,
-	void (*cb)(SSL *ssl, EVP_PKEY **pkey))
-	{
-	ctx->channel_id_cb=cb;
-	}
-
-void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey)
-	{
-	return ctx->channel_id_cb;
-	}
-
-#ifndef OPENSSL_NO_ENGINE
-int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
-	{
-	if (!ENGINE_init(e))
-		{
-		SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
-		return 0;
-		}
-	if(!ENGINE_get_ssl_client_cert_function(e))
-		{
-		SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD);
-		ENGINE_finish(e);
-		return 0;
-		}
-	ctx->client_cert_engine = e;
-	return 1;
-	}
-#endif
-
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
-	int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
-	{
-	ctx->app_gen_cookie_cb=cb;
-	}
-
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
-	int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
-	{
-	ctx->app_verify_cookie_cb=cb;
-	}
-
-IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
deleted file mode 100644
index c5a15ce548..0000000000
--- a/ssl/ssl_stat.c
+++ /dev/null
@@ -1,564 +0,0 @@
-/* ssl/ssl_stat.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-
-const char *SSL_state_string_long(const SSL *s)
-	{
-	const char *str;
-
-	switch (s->state)
-		{
-case SSL_ST_BEFORE: str="before SSL initialization"; break;
-case SSL_ST_ACCEPT: str="before accept initialization"; break;
-case SSL_ST_CONNECT: str="before connect initialization"; break;
-case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
-case SSL_ST_RENEGOTIATE:	str="SSL renegotiate ciphers"; break;
-case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
-case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
-case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
-case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
-#ifndef OPENSSL_NO_SSL2
-case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
-case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
-case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
-case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
-case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
-case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
-case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
-case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
-case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
-case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
-case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
-case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
-case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
-#endif
-
-#ifndef OPENSSL_NO_SSL3
-/* SSLv3 additions */
-case SSL3_ST_CW_CLNT_HELLO_A:	str="SSLv3 write client hello A"; break;
-case SSL3_ST_CW_CLNT_HELLO_B:	str="SSLv3 write client hello B"; break;
-case SSL3_ST_CR_SRVR_HELLO_A:	str="SSLv3 read server hello A"; break;
-case SSL3_ST_CR_SRVR_HELLO_B:	str="SSLv3 read server hello B"; break;
-case SSL3_ST_CR_CERT_A:		str="SSLv3 read server certificate A"; break;
-case SSL3_ST_CR_CERT_B:		str="SSLv3 read server certificate B"; break;
-case SSL3_ST_CR_KEY_EXCH_A:	str="SSLv3 read server key exchange A"; break;
-case SSL3_ST_CR_KEY_EXCH_B:	str="SSLv3 read server key exchange B"; break;
-case SSL3_ST_CR_CERT_REQ_A:	str="SSLv3 read server certificate request A"; break;
-case SSL3_ST_CR_CERT_REQ_B:	str="SSLv3 read server certificate request B"; break;
-case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break;
-case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break;
-case SSL3_ST_CR_SRVR_DONE_A:	str="SSLv3 read server done A"; break;
-case SSL3_ST_CR_SRVR_DONE_B:	str="SSLv3 read server done B"; break;
-case SSL3_ST_CW_CERT_A:		str="SSLv3 write client certificate A"; break;
-case SSL3_ST_CW_CERT_B:		str="SSLv3 write client certificate B"; break;
-case SSL3_ST_CW_CERT_C:		str="SSLv3 write client certificate C"; break;
-case SSL3_ST_CW_CERT_D:		str="SSLv3 write client certificate D"; break;
-case SSL3_ST_CW_KEY_EXCH_A:	str="SSLv3 write client key exchange A"; break;
-case SSL3_ST_CW_KEY_EXCH_B:	str="SSLv3 write client key exchange B"; break;
-case SSL3_ST_CW_CERT_VRFY_A:	str="SSLv3 write certificate verify A"; break;
-case SSL3_ST_CW_CERT_VRFY_B:	str="SSLv3 write certificate verify B"; break;
-
-case SSL3_ST_CW_CHANGE_A:
-case SSL3_ST_SW_CHANGE_A:	str="SSLv3 write change cipher spec A"; break;
-case SSL3_ST_CW_CHANGE_B:	
-case SSL3_ST_SW_CHANGE_B:	str="SSLv3 write change cipher spec B"; break;
-case SSL3_ST_CW_FINISHED_A:	
-case SSL3_ST_SW_FINISHED_A:	str="SSLv3 write finished A"; break;
-case SSL3_ST_CW_FINISHED_B:	
-case SSL3_ST_SW_FINISHED_B:	str="SSLv3 write finished B"; break;
-case SSL3_ST_CR_CHANGE_A:	
-case SSL3_ST_SR_CHANGE_A:	str="SSLv3 read change cipher spec A"; break;
-case SSL3_ST_CR_CHANGE_B:	
-case SSL3_ST_SR_CHANGE_B:	str="SSLv3 read change cipher spec B"; break;
-case SSL3_ST_CR_FINISHED_A:	
-case SSL3_ST_SR_FINISHED_A:	str="SSLv3 read finished A"; break;
-case SSL3_ST_CR_FINISHED_B:	
-case SSL3_ST_SR_FINISHED_B:	str="SSLv3 read finished B"; break;
-
-case SSL3_ST_CW_FLUSH:
-case SSL3_ST_SW_FLUSH:		str="SSLv3 flush data"; break;
-
-case SSL3_ST_SR_CLNT_HELLO_A:	str="SSLv3 read client hello A"; break;
-case SSL3_ST_SR_CLNT_HELLO_B:	str="SSLv3 read client hello B"; break;
-case SSL3_ST_SR_CLNT_HELLO_C:	str="SSLv3 read client hello C"; break;
-case SSL3_ST_SW_HELLO_REQ_A:	str="SSLv3 write hello request A"; break;
-case SSL3_ST_SW_HELLO_REQ_B:	str="SSLv3 write hello request B"; break;
-case SSL3_ST_SW_HELLO_REQ_C:	str="SSLv3 write hello request C"; break;
-case SSL3_ST_SW_SRVR_HELLO_A:	str="SSLv3 write server hello A"; break;
-case SSL3_ST_SW_SRVR_HELLO_B:	str="SSLv3 write server hello B"; break;
-case SSL3_ST_SW_CERT_A:		str="SSLv3 write certificate A"; break;
-case SSL3_ST_SW_CERT_B:		str="SSLv3 write certificate B"; break;
-case SSL3_ST_SW_KEY_EXCH_A:	str="SSLv3 write key exchange A"; break;
-case SSL3_ST_SW_KEY_EXCH_B:	str="SSLv3 write key exchange B"; break;
-case SSL3_ST_SW_CERT_REQ_A:	str="SSLv3 write certificate request A"; break;
-case SSL3_ST_SW_CERT_REQ_B:	str="SSLv3 write certificate request B"; break;
-case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break;
-case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break;
-case SSL3_ST_SW_SRVR_DONE_A:	str="SSLv3 write server done A"; break;
-case SSL3_ST_SW_SRVR_DONE_B:	str="SSLv3 write server done B"; break;
-case SSL3_ST_SR_CERT_A:		str="SSLv3 read client certificate A"; break;
-case SSL3_ST_SR_CERT_B:		str="SSLv3 read client certificate B"; break;
-case SSL3_ST_SR_KEY_EXCH_A:	str="SSLv3 read client key exchange A"; break;
-case SSL3_ST_SR_KEY_EXCH_B:	str="SSLv3 read client key exchange B"; break;
-case SSL3_ST_SR_CERT_VRFY_A:	str="SSLv3 read certificate verify A"; break;
-case SSL3_ST_SR_CERT_VRFY_B:	str="SSLv3 read certificate verify B"; break;
-#endif
-
-/* SSLv2/v3 compatibility states */
-/* client */
-case SSL23_ST_CW_CLNT_HELLO_A:	str="SSLv2/v3 write client hello A"; break;
-case SSL23_ST_CW_CLNT_HELLO_B:	str="SSLv2/v3 write client hello B"; break;
-case SSL23_ST_CR_SRVR_HELLO_A:	str="SSLv2/v3 read server hello A"; break;
-case SSL23_ST_CR_SRVR_HELLO_B:	str="SSLv2/v3 read server hello B"; break;
-/* server */
-case SSL23_ST_SR_CLNT_HELLO_A:	str="SSLv2/v3 read client hello A"; break;
-case SSL23_ST_SR_CLNT_HELLO_B:	str="SSLv2/v3 read client hello B"; break;
-
-/* DTLS */
-case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break;
-case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break;
-case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break;
-case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break;
-
-default:	str="unknown state"; break;
-		}
-	return(str);
-	}
-
-const char *SSL_rstate_string_long(const SSL *s)
-	{
-	const char *str;
-
-	switch (s->rstate)
-		{
-	case SSL_ST_READ_HEADER: str="read header"; break;
-	case SSL_ST_READ_BODY: str="read body"; break;
-	case SSL_ST_READ_DONE: str="read done"; break;
-	default: str="unknown"; break;
-		}
-	return(str);
-	}
-
-const char *SSL_state_string(const SSL *s)
-	{
-	const char *str;
-
-	switch (s->state)
-		{
-case SSL_ST_BEFORE:				str="PINIT "; break;
-case SSL_ST_ACCEPT:				str="AINIT "; break;
-case SSL_ST_CONNECT:				str="CINIT "; break;
-case SSL_ST_OK:			 		str="SSLOK "; break;
-#ifndef OPENSSL_NO_SSL2
-case SSL2_ST_CLIENT_START_ENCRYPTION:		str="2CSENC"; break;
-case SSL2_ST_SERVER_START_ENCRYPTION:		str="2SSENC"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_A:		str="2SCH_A"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_B:		str="2SCH_B"; break;
-case SSL2_ST_GET_SERVER_HELLO_A:		str="2GSH_A"; break;
-case SSL2_ST_GET_SERVER_HELLO_B:		str="2GSH_B"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:		str="2SCMKA"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:		str="2SCMKB"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_A:		str="2SCF_A"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_B:		str="2SCF_B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:		str="2SCC_A"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:		str="2SCC_B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:		str="2SCC_C"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:		str="2SCC_D"; break;
-case SSL2_ST_GET_SERVER_VERIFY_A:		str="2GSV_A"; break;
-case SSL2_ST_GET_SERVER_VERIFY_B:		str="2GSV_B"; break;
-case SSL2_ST_GET_SERVER_FINISHED_A:		str="2GSF_A"; break;
-case SSL2_ST_GET_SERVER_FINISHED_B:		str="2GSF_B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_A:		str="2GCH_A"; break;
-case SSL2_ST_GET_CLIENT_HELLO_B:		str="2GCH_B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_C:		str="2GCH_C"; break;
-case SSL2_ST_SEND_SERVER_HELLO_A:		str="2SSH_A"; break;
-case SSL2_ST_SEND_SERVER_HELLO_B:		str="2SSH_B"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_A:		str="2GCMKA"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_B:		str="2GCMKA"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_A:		str="2SSV_A"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_B:		str="2SSV_B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_C:		str="2SSV_C"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_A:		str="2GCF_A"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_B:		str="2GCF_B"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_A:		str="2SSF_A"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_B:		str="2SSF_B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:	str="2SRC_A"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:	str="2SRC_B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:	str="2SRC_C"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:	str="2SRC_D"; break;
-case SSL2_ST_X509_GET_SERVER_CERTIFICATE:	str="2X9GSC"; break;
-case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:	str="2X9GCC"; break;
-#endif
-
-#ifndef OPENSSL_NO_SSL3
-/* SSLv3 additions */
-case SSL3_ST_SW_FLUSH:
-case SSL3_ST_CW_FLUSH:				str="3FLUSH"; break;
-case SSL3_ST_CW_CLNT_HELLO_A:			str="3WCH_A"; break;
-case SSL3_ST_CW_CLNT_HELLO_B:			str="3WCH_B"; break;
-case SSL3_ST_CR_SRVR_HELLO_A:			str="3RSH_A"; break;
-case SSL3_ST_CR_SRVR_HELLO_B:			str="3RSH_B"; break;
-case SSL3_ST_CR_CERT_A:				str="3RSC_A"; break;
-case SSL3_ST_CR_CERT_B:				str="3RSC_B"; break;
-case SSL3_ST_CR_KEY_EXCH_A:			str="3RSKEA"; break;
-case SSL3_ST_CR_KEY_EXCH_B:			str="3RSKEB"; break;
-case SSL3_ST_CR_CERT_REQ_A:			str="3RCR_A"; break;
-case SSL3_ST_CR_CERT_REQ_B:			str="3RCR_B"; break;
-case SSL3_ST_CR_SRVR_DONE_A:			str="3RSD_A"; break;
-case SSL3_ST_CR_SRVR_DONE_B:			str="3RSD_B"; break;
-case SSL3_ST_CW_CERT_A:				str="3WCC_A"; break;
-case SSL3_ST_CW_CERT_B:				str="3WCC_B"; break;
-case SSL3_ST_CW_CERT_C:				str="3WCC_C"; break;
-case SSL3_ST_CW_CERT_D:				str="3WCC_D"; break;
-case SSL3_ST_CW_KEY_EXCH_A:			str="3WCKEA"; break;
-case SSL3_ST_CW_KEY_EXCH_B:			str="3WCKEB"; break;
-case SSL3_ST_CW_CERT_VRFY_A:			str="3WCV_A"; break;
-case SSL3_ST_CW_CERT_VRFY_B:			str="3WCV_B"; break;
-
-case SSL3_ST_SW_CHANGE_A:
-case SSL3_ST_CW_CHANGE_A:			str="3WCCSA"; break;
-case SSL3_ST_SW_CHANGE_B:
-case SSL3_ST_CW_CHANGE_B:			str="3WCCSB"; break;
-case SSL3_ST_SW_FINISHED_A:
-case SSL3_ST_CW_FINISHED_A:			str="3WFINA"; break;
-case SSL3_ST_SW_FINISHED_B:
-case SSL3_ST_CW_FINISHED_B:			str="3WFINB"; break;
-case SSL3_ST_SR_CHANGE_A:
-case SSL3_ST_CR_CHANGE_A:			str="3RCCSA"; break;
-case SSL3_ST_SR_CHANGE_B:
-case SSL3_ST_CR_CHANGE_B:			str="3RCCSB"; break;
-case SSL3_ST_SR_FINISHED_A:
-case SSL3_ST_CR_FINISHED_A:			str="3RFINA"; break;
-case SSL3_ST_SR_FINISHED_B:
-case SSL3_ST_CR_FINISHED_B:			str="3RFINB"; break;
-
-case SSL3_ST_SW_HELLO_REQ_A:			str="3WHR_A"; break;
-case SSL3_ST_SW_HELLO_REQ_B:			str="3WHR_B"; break;
-case SSL3_ST_SW_HELLO_REQ_C:			str="3WHR_C"; break;
-case SSL3_ST_SR_CLNT_HELLO_A:			str="3RCH_A"; break;
-case SSL3_ST_SR_CLNT_HELLO_B:			str="3RCH_B"; break;
-case SSL3_ST_SR_CLNT_HELLO_C:			str="3RCH_C"; break;
-case SSL3_ST_SW_SRVR_HELLO_A:			str="3WSH_A"; break;
-case SSL3_ST_SW_SRVR_HELLO_B:			str="3WSH_B"; break;
-case SSL3_ST_SW_CERT_A:				str="3WSC_A"; break;
-case SSL3_ST_SW_CERT_B:				str="3WSC_B"; break;
-case SSL3_ST_SW_KEY_EXCH_A:			str="3WSKEA"; break;
-case SSL3_ST_SW_KEY_EXCH_B:			str="3WSKEB"; break;
-case SSL3_ST_SW_CERT_REQ_A:			str="3WCR_A"; break;
-case SSL3_ST_SW_CERT_REQ_B:			str="3WCR_B"; break;
-case SSL3_ST_SW_SRVR_DONE_A:			str="3WSD_A"; break;
-case SSL3_ST_SW_SRVR_DONE_B:			str="3WSD_B"; break;
-case SSL3_ST_SR_CERT_A:				str="3RCC_A"; break;
-case SSL3_ST_SR_CERT_B:				str="3RCC_B"; break;
-case SSL3_ST_SR_KEY_EXCH_A:			str="3RCKEA"; break;
-case SSL3_ST_SR_KEY_EXCH_B:			str="3RCKEB"; break;
-case SSL3_ST_SR_CERT_VRFY_A:			str="3RCV_A"; break;
-case SSL3_ST_SR_CERT_VRFY_B:			str="3RCV_B"; break;
-#endif
-
-/* SSLv2/v3 compatibility states */
-/* client */
-case SSL23_ST_CW_CLNT_HELLO_A:			str="23WCHA"; break;
-case SSL23_ST_CW_CLNT_HELLO_B:			str="23WCHB"; break;
-case SSL23_ST_CR_SRVR_HELLO_A:			str="23RSHA"; break;
-case SSL23_ST_CR_SRVR_HELLO_B:			str="23RSHA"; break;
-/* server */
-case SSL23_ST_SR_CLNT_HELLO_A:			str="23RCHA"; break;
-case SSL23_ST_SR_CLNT_HELLO_B:			str="23RCHB"; break;
-
-/* DTLS */
-case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break;
-case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break;
-case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break;
-case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break;
-
-default:					str="UNKWN "; break;
-		}
-	return(str);
-	}
-
-const char *SSL_alert_type_string_long(int value)
-	{
-	value>>=8;
-	if (value == SSL3_AL_WARNING)
-		return("warning");
-	else if (value == SSL3_AL_FATAL)
-		return("fatal");
-	else
-		return("unknown");
-	}
-
-const char *SSL_alert_type_string(int value)
-	{
-	value>>=8;
-	if (value == SSL3_AL_WARNING)
-		return("W");
-	else if (value == SSL3_AL_FATAL)
-		return("F");
-	else
-		return("U");
-	}
-
-const char *SSL_alert_desc_string(int value)
-	{
-	const char *str;
-
-	switch (value & 0xff)
-		{
-	case SSL3_AD_CLOSE_NOTIFY:		str="CN"; break;
-	case SSL3_AD_UNEXPECTED_MESSAGE:	str="UM"; break;
-	case SSL3_AD_BAD_RECORD_MAC:		str="BM"; break;
-	case SSL3_AD_DECOMPRESSION_FAILURE:	str="DF"; break;
-	case SSL3_AD_HANDSHAKE_FAILURE:		str="HF"; break;
-	case SSL3_AD_NO_CERTIFICATE:		str="NC"; break;
-	case SSL3_AD_BAD_CERTIFICATE:		str="BC"; break;
-	case SSL3_AD_UNSUPPORTED_CERTIFICATE:	str="UC"; break;
-	case SSL3_AD_CERTIFICATE_REVOKED:	str="CR"; break;
-	case SSL3_AD_CERTIFICATE_EXPIRED:	str="CE"; break;
-	case SSL3_AD_CERTIFICATE_UNKNOWN:	str="CU"; break;
-	case SSL3_AD_ILLEGAL_PARAMETER:		str="IP"; break;
-	case TLS1_AD_DECRYPTION_FAILED:		str="DC"; break;
-	case TLS1_AD_RECORD_OVERFLOW:		str="RO"; break;
-	case TLS1_AD_UNKNOWN_CA:		str="CA"; break;
-	case TLS1_AD_ACCESS_DENIED:		str="AD"; break;
-	case TLS1_AD_DECODE_ERROR:		str="DE"; break;
-	case TLS1_AD_DECRYPT_ERROR:		str="CY"; break;
-	case TLS1_AD_EXPORT_RESTRICTION:	str="ER"; break;
-	case TLS1_AD_PROTOCOL_VERSION:		str="PV"; break;
-	case TLS1_AD_INSUFFICIENT_SECURITY:	str="IS"; break;
-	case TLS1_AD_INTERNAL_ERROR:		str="IE"; break;
-	case TLS1_AD_USER_CANCELLED:		str="US"; break;
-	case TLS1_AD_NO_RENEGOTIATION:		str="NR"; break;
-	case TLS1_AD_UNSUPPORTED_EXTENSION:	str="UE"; break;
-	case TLS1_AD_CERTIFICATE_UNOBTAINABLE:	str="CO"; break;
-	case TLS1_AD_UNRECOGNIZED_NAME:		str="UN"; break;
-	case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break;
-	case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break;
-	case TLS1_AD_UNKNOWN_PSK_IDENTITY:	str="UP"; break;
-	default:				str="UK"; break;
-		}
-	return(str);
-	}
-
-const char *SSL_alert_desc_string_long(int value)
-	{
-	const char *str;
-
-	switch (value & 0xff)
-		{
-	case SSL3_AD_CLOSE_NOTIFY:
-		str="close notify";
-		break;
-	case SSL3_AD_UNEXPECTED_MESSAGE:
-		str="unexpected_message";
-		break;
-	case SSL3_AD_BAD_RECORD_MAC:
-		str="bad record mac";
-		break;
-	case SSL3_AD_DECOMPRESSION_FAILURE:
-		str="decompression failure";
-		break;
-	case SSL3_AD_HANDSHAKE_FAILURE:
-		str="handshake failure";
-		break;
-	case SSL3_AD_NO_CERTIFICATE:
-		str="no certificate";
-		break;
-	case SSL3_AD_BAD_CERTIFICATE:
-		str="bad certificate";
-		break;
-	case SSL3_AD_UNSUPPORTED_CERTIFICATE:
-		str="unsupported certificate";
-		break;
-	case SSL3_AD_CERTIFICATE_REVOKED:
-		str="certificate revoked";
-		break;
-	case SSL3_AD_CERTIFICATE_EXPIRED:
-		str="certificate expired";
-		break;
-	case SSL3_AD_CERTIFICATE_UNKNOWN:
-		str="certificate unknown";
-		break;
-	case SSL3_AD_ILLEGAL_PARAMETER:
-		str="illegal parameter";
-		break;
-	case TLS1_AD_DECRYPTION_FAILED:
-		str="decryption failed";
-		break;
-	case TLS1_AD_RECORD_OVERFLOW:
-		str="record overflow";
-		break;
-	case TLS1_AD_UNKNOWN_CA:
-		str="unknown CA";
-		break;
-	case TLS1_AD_ACCESS_DENIED:
-		str="access denied";
-		break;
-	case TLS1_AD_DECODE_ERROR:
-		str="decode error";
-		break;
-	case TLS1_AD_DECRYPT_ERROR:
-		str="decrypt error";
-		break;
-	case TLS1_AD_EXPORT_RESTRICTION:
-		str="export restriction";
-		break;
-	case TLS1_AD_PROTOCOL_VERSION:
-		str="protocol version";
-		break;
-	case TLS1_AD_INSUFFICIENT_SECURITY:
-		str="insufficient security";
-		break;
-	case TLS1_AD_INTERNAL_ERROR:
-		str="internal error";
-		break;
-	case TLS1_AD_USER_CANCELLED:
-		str="user canceled";
-		break;
-	case TLS1_AD_NO_RENEGOTIATION:
-		str="no renegotiation";
-		break;
-	case TLS1_AD_UNSUPPORTED_EXTENSION:
-		str="unsupported extension";
-		break;
-	case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
-		str="certificate unobtainable";
-		break;
-	case TLS1_AD_UNRECOGNIZED_NAME:
-		str="unrecognized name";
-		break;
-	case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
-		str="bad certificate status response";
-		break;
-	case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
-		str="bad certificate hash value";
-		break;
-	case TLS1_AD_UNKNOWN_PSK_IDENTITY:
-		str="unknown PSK identity";
-		break;
-	default: str="unknown"; break;
-		}
-	return(str);
-	}
-
-const char *SSL_rstate_string(const SSL *s)
-	{
-	const char *str;
-
-	switch (s->rstate)
-		{
-	case SSL_ST_READ_HEADER:str="RH"; break;
-	case SSL_ST_READ_BODY:	str="RB"; break;
-	case SSL_ST_READ_DONE:	str="RD"; break;
-	default: str="unknown"; break;
-		}
-	return(str);
-	}
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
deleted file mode 100644
index 6479d52c0c..0000000000
--- a/ssl/ssl_txt.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/* ssl/ssl_txt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include <openssl/buffer.h>
-#include "ssl_locl.h"
-
-#ifndef OPENSSL_NO_FP_API
-int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file_internal())) == NULL)
-		{
-		SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
-		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=SSL_SESSION_print(b,x);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
-
-int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
-	{
-	unsigned int i;
-	const char *s;
-
-	if (x == NULL) goto err;
-	if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
-	if (x->ssl_version == SSL2_VERSION)
-		s="SSLv2";
-	else if (x->ssl_version == SSL3_VERSION)
-		s="SSLv3";
-	else if (x->ssl_version == TLS1_2_VERSION)
-		s="TLSv1.2";
-	else if (x->ssl_version == TLS1_1_VERSION)
-		s="TLSv1.1";
-	else if (x->ssl_version == TLS1_VERSION)
-		s="TLSv1";
-	else if (x->ssl_version == DTLS1_VERSION)
-		s="DTLSv1";
-	else if (x->ssl_version == DTLS1_BAD_VER)
-		s="DTLSv1-bad";
-	else
-		s="unknown";
-	if (BIO_printf(bp,"    Protocol  : %s\n",s) <= 0) goto err;
-
-	if (x->cipher == NULL)
-		{
-		if (((x->cipher_id) & 0xff000000) == 0x02000000)
-			{
-			if (BIO_printf(bp,"    Cipher    : %06lX\n",x->cipher_id&0xffffff) <= 0)
-				goto err;
-			}
-		else
-			{
-			if (BIO_printf(bp,"    Cipher    : %04lX\n",x->cipher_id&0xffff) <= 0)
-				goto err;
-			}
-		}
-	else
-		{
-		if (BIO_printf(bp,"    Cipher    : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
-			goto err;
-		}
-	if (BIO_puts(bp,"    Session-ID: ") <= 0) goto err;
-	for (i=0; i<x->session_id_length; i++)
-		{
-		if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
-		}
-	if (BIO_puts(bp,"\n    Session-ID-ctx: ") <= 0) goto err;
-	for (i=0; i<x->sid_ctx_length; i++)
-		{
-		if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
-			goto err;
-		}
-	if (BIO_puts(bp,"\n    Master-Key: ") <= 0) goto err;
-	for (i=0; i<(unsigned int)x->master_key_length; i++)
-		{
-		if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
-		}
-	if (BIO_puts(bp,"\n    Key-Arg   : ") <= 0) goto err;
-	if (x->key_arg_length == 0)
-		{
-		if (BIO_puts(bp,"None") <= 0) goto err;
-		}
-	else
-		for (i=0; i<x->key_arg_length; i++)
-			{
-			if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
-			}
-#ifndef OPENSSL_NO_KRB5
-       if (BIO_puts(bp,"\n    Krb5 Principal: ") <= 0) goto err;
-            if (x->krb5_client_princ_len == 0)
-            {
-		if (BIO_puts(bp,"None") <= 0) goto err;
-		}
-	else
-		for (i=0; i<x->krb5_client_princ_len; i++)
-			{
-			if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
-			}
-#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_PSK
-	if (BIO_puts(bp,"\n    PSK identity: ") <= 0) goto err;
-	if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0) goto err;
-	if (BIO_puts(bp,"\n    PSK identity hint: ") <= 0) goto err;
-	if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err;
-#endif
-#ifndef OPENSSL_NO_SRP
-	if (BIO_puts(bp,"\n    SRP username: ") <= 0) goto err;
-	if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-	if (x->tlsext_tick_lifetime_hint)
-		{
-		if (BIO_printf(bp,
-			"\n    TLS session ticket lifetime hint: %ld (seconds)",
-			x->tlsext_tick_lifetime_hint) <=0)
-			goto err;
-		}
-	if (x->tlsext_tick)
-		{
-		if (BIO_puts(bp, "\n    TLS session ticket:\n") <= 0) goto err;
-		if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
-			goto err;
-		}
-#endif
-
-#ifndef OPENSSL_NO_COMP
-	if (x->compress_meth != 0)
-		{
-		SSL_COMP *comp = NULL;
-
-		ssl_cipher_get_evp(x,NULL,NULL,NULL,NULL,&comp);
-		if (comp == NULL)
-			{
-			if (BIO_printf(bp,"\n    Compression: %d",x->compress_meth) <= 0) goto err;
-			}
-		else
-			{
-			if (BIO_printf(bp,"\n    Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
-			}
-		}	
-#endif
-	if (x->time != 0L)
-		{
-		if (BIO_printf(bp, "\n    Start Time: %ld",x->time) <= 0) goto err;
-		}
-	if (x->timeout != 0L)
-		{
-		if (BIO_printf(bp, "\n    Timeout   : %ld (sec)",x->timeout) <= 0) goto err;
-		}
-	if (BIO_puts(bp,"\n") <= 0) goto err;
-
-	if (BIO_puts(bp, "    Verify return code: ") <= 0) goto err;
-	if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
-		X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
-		
-	return(1);
-err:
-	return(0);
-	}
-
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
deleted file mode 100644
index 4f0abfe2d9..0000000000
--- a/ssl/ssltest.c
+++ /dev/null
@@ -1,2634 +0,0 @@
-/* ssl/ssltest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#define _BSD_SOURCE 1		/* Or gethostname won't be declared properly
-				   on Linux and GNU platforms. */
-
-#include <assert.h>
-#include <errno.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
-#define USE_SOCKETS
-#include "e_os.h"
-
-#ifdef OPENSSL_SYS_VMS
-#define _XOPEN_SOURCE 500	/* Or isascii won't be declared properly on
-				   VMS (at least with DECompHP C).  */
-#endif
-
-#include <ctype.h>
-
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/ssl.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_SRP
-#include <openssl/srp.h>
-#endif
-#include <openssl/bn.h>
-
-#define _XOPEN_SOURCE_EXTENDED	1 /* Or gethostname won't be declared properly
-				     on Compaq platforms (at least with DEC C).
-				     Do not try to put it earlier, or IPv6 includes
-				     get screwed...
-				  */
-
-#ifdef OPENSSL_SYS_WINDOWS
-#include <winsock.h>
-#else
-#include OPENSSL_UNISTD
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-#  define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
-#  define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
-#elif defined(OPENSSL_SYS_WINCE)
-#  define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
-#  define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
-#elif defined(OPENSSL_SYS_NETWARE)
-#  define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
-#  define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
-#else
-#  define TEST_SERVER_CERT "../apps/server.pem"
-#  define TEST_CLIENT_CERT "../apps/client.pem"
-#endif
-
-/* There is really no standard for this, so let's assign some tentative
-   numbers.  In any case, these numbers are only for this test */
-#define COMP_RLE	255
-#define COMP_ZLIB	1
-
-static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
-static void free_tmp_rsa(void);
-#endif
-static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
-#define APP_CALLBACK_STRING "Test Callback Argument"
-struct app_verify_arg
-	{
-	char *string;
-	int app_verify;
-	int allow_proxy_certs;
-	char *proxy_auth;
-	char *proxy_cond;
-	};
-
-#ifndef OPENSSL_NO_DH
-static DH *get_dh512(void);
-static DH *get_dh1024(void);
-static DH *get_dh1024dsa(void);
-#endif
-
-
-static char *psk_key=NULL; /* by default PSK is not used */
-#ifndef OPENSSL_NO_PSK
-static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity,
-	unsigned int max_identity_len, unsigned char *psk,
-	unsigned int max_psk_len);
-static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk,
-	unsigned int max_psk_len);
-#endif
-
-#ifndef OPENSSL_NO_SRP
-/* SRP client */
-/* This is a context that we pass to all callbacks */
-typedef struct srp_client_arg_st
-	{
-	char *srppassin;
-	char *srplogin;
-	} SRP_CLIENT_ARG;
-
-#define PWD_STRLEN 1024
-
-static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
-	{
-	SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
-	return BUF_strdup((char *)srp_client_arg->srppassin);
-	}
-
-/* SRP server */
-/* This is a context that we pass to SRP server callbacks */
-typedef struct srp_server_arg_st
-	{
-	char *expected_user;
-	char *pass;
-	} SRP_SERVER_ARG;
-
-static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
-	{
-	SRP_SERVER_ARG * p = (SRP_SERVER_ARG *) arg;
-
-	if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0)
-		{
-		fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
-		return SSL3_AL_FATAL;
-		}
-	if (SSL_set_srp_server_param_pw(s,p->expected_user,p->pass,"1024")<0)
-		{
-		*ad = SSL_AD_INTERNAL_ERROR;
-		return SSL3_AL_FATAL;
-		}
-	return SSL_ERROR_NONE;
-	}
-#endif
-
-static BIO *bio_err=NULL;
-static BIO *bio_stdout=NULL;
-
-static char *cipher=NULL;
-static int verbose=0;
-static int debug=0;
-#if 0
-/* Not used yet. */
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-#endif
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
-int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
-static int do_test_cipherlist(void);
-static void sv_usage(void)
-	{
-	fprintf(stderr,"usage: ssltest [args ...]\n");
-	fprintf(stderr,"\n");
-#ifdef OPENSSL_FIPS
-	fprintf(stderr,"-F             - run test in FIPS mode\n");
-#endif
-	fprintf(stderr," -server_auth  - check server certificate\n");
-	fprintf(stderr," -client_auth  - do client authentication\n");
-	fprintf(stderr," -proxy        - allow proxy certificates\n");
-	fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
-	fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");
-	fprintf(stderr," -v            - more output\n");
-	fprintf(stderr," -d            - debug output\n");
-	fprintf(stderr," -reuse        - use session-id reuse\n");
-	fprintf(stderr," -num <val>    - number of connections to perform\n");
-	fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
-#ifndef OPENSSL_NO_DH
-	fprintf(stderr," -dhe1024      - use 1024 bit key (safe prime) for DHE\n");
-	fprintf(stderr," -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
-	fprintf(stderr," -no_dhe       - disable DHE\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
-	fprintf(stderr," -no_ecdhe     - disable ECDHE\n");
-#endif
-#ifndef OPENSSL_NO_PSK
-	fprintf(stderr," -psk arg      - PSK in hex (without 0x)\n");
-#endif
-#ifndef OPENSSL_NO_SRP
-	fprintf(stderr," -srpuser user  - SRP username to use\n");
-	fprintf(stderr," -srppass arg   - password for 'user'\n");
-#endif
-#ifndef OPENSSL_NO_SSL2
-	fprintf(stderr," -ssl2         - use SSLv2\n");
-#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
-	fprintf(stderr," -ssl3         - use SSLv3\n");
-#endif
-#ifndef OPENSSL_NO_TLS1
-	fprintf(stderr," -tls1         - use TLSv1\n");
-#endif
-	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
-	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
-	fprintf(stderr," -cert arg     - Server certificate file\n");
-	fprintf(stderr," -key arg      - Server key file (default: same as -cert)\n");
-	fprintf(stderr," -c_cert arg   - Client certificate file\n");
-	fprintf(stderr," -c_key arg    - Client key file (default: same as -c_cert)\n");
-	fprintf(stderr," -cipher arg   - The cipher list\n");
-	fprintf(stderr," -bio_pair     - Use BIO pairs\n");
-	fprintf(stderr," -f            - Test even cases that can't work\n");
-	fprintf(stderr," -time         - measure processor time used by client and server\n");
-	fprintf(stderr," -zlib         - use zlib compression\n");
-	fprintf(stderr," -rle          - use rle compression\n");
-#ifndef OPENSSL_NO_ECDH
-	fprintf(stderr," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
-	               "                 Use \"openssl ecparam -list_curves\" for all names\n"  \
-	               "                 (default is sect163r2).\n");
-#endif
-	fprintf(stderr," -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
-		       "                    When this option is requested, the cipherlist\n"
-		       "                    tests are run instead of handshake tests.\n");
-	fprintf(stderr," -cutthrough      - enable 1-RTT full-handshake for strong ciphers\n");
-	}
-
-static void print_details(SSL *c_ssl, const char *prefix)
-	{
-	const SSL_CIPHER *ciph;
-	X509 *cert;
-		
-	ciph=SSL_get_current_cipher(c_ssl);
-	BIO_printf(bio_stdout,"%s%s, cipher %s %s",
-		prefix,
-		SSL_get_version(c_ssl),
-		SSL_CIPHER_get_version(ciph),
-		SSL_CIPHER_get_name(ciph));
-	cert=SSL_get_peer_certificate(c_ssl);
-	if (cert != NULL)
-		{
-		EVP_PKEY *pkey = X509_get_pubkey(cert);
-		if (pkey != NULL)
-			{
-			if (0) 
-				;
-#ifndef OPENSSL_NO_RSA
-			else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
-				&& pkey->pkey.rsa->n != NULL)
-				{
-				BIO_printf(bio_stdout, ", %d bit RSA",
-					BN_num_bits(pkey->pkey.rsa->n));
-				}
-#endif
-#ifndef OPENSSL_NO_DSA
-			else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
-				&& pkey->pkey.dsa->p != NULL)
-				{
-				BIO_printf(bio_stdout, ", %d bit DSA",
-					BN_num_bits(pkey->pkey.dsa->p));
-				}
-#endif
-			EVP_PKEY_free(pkey);
-			}
-		X509_free(cert);
-		}
-	/* The SSL API does not allow us to look at temporary RSA/DH keys,
-	 * otherwise we should print their lengths too */
-	BIO_printf(bio_stdout,"\n");
-	}
-
-static void lock_dbg_cb(int mode, int type, const char *file, int line)
-	{
-	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
-	const char *errstr = NULL;
-	int rw;
-	
-	rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
-	if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
-		{
-		errstr = "invalid mode";
-		goto err;
-		}
-
-	if (type < 0 || type >= CRYPTO_NUM_LOCKS)
-		{
-		errstr = "type out of bounds";
-		goto err;
-		}
-
-	if (mode & CRYPTO_LOCK)
-		{
-		if (modes[type])
-			{
-			errstr = "already locked";
-			/* must not happen in a single-threaded program
-			 * (would deadlock) */
-			goto err;
-			}
-
-		modes[type] = rw;
-		}
-	else if (mode & CRYPTO_UNLOCK)
-		{
-		if (!modes[type])
-			{
-			errstr = "not locked";
-			goto err;
-			}
-		
-		if (modes[type] != rw)
-			{
-			errstr = (rw == CRYPTO_READ) ?
-				"CRYPTO_r_unlock on write lock" :
-				"CRYPTO_w_unlock on read lock";
-			}
-
-		modes[type] = 0;
-		}
-	else
-		{
-		errstr = "invalid mode";
-		goto err;
-		}
-
- err:
-	if (errstr)
-		{
-		/* we cannot use bio_err here */
-		fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
-			errstr, mode, type, file, line);
-		}
-	}
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-struct cb_info_st { void *input; size_t len; int ret; };
-struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
-struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
-struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
-struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
-
-int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
-	{
-	struct cb_info_st *arg = arg_;
-
-	if (arg == NULL)
-		return 1;
-	
-	if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
-		return 0;
-	return arg->ret;
-	}
-#endif
-	int cutthrough = 0;
-
-int main(int argc, char *argv[])
-	{
-	char *CApath=NULL,*CAfile=NULL;
-	int badop=0;
-	int bio_pair=0;
-	int force=0;
-	int tls1=0,ssl2=0,ssl3=0,ret=1;
-	int client_auth=0;
-	int server_auth=0,i;
-	struct app_verify_arg app_verify_arg =
-		{ APP_CALLBACK_STRING, 0, 0, NULL, NULL };
-	char *server_cert=TEST_SERVER_CERT;
-	char *server_key=NULL;
-	char *client_cert=TEST_CLIENT_CERT;
-	char *client_key=NULL;
-#ifndef OPENSSL_NO_ECDH
-	char *named_curve = NULL;
-#endif
-	SSL_CTX *s_ctx=NULL;
-	SSL_CTX *c_ctx=NULL;
-	const SSL_METHOD *meth=NULL;
-	SSL *c_ssl,*s_ssl;
-	int number=1,reuse=0;
-	long bytes=256L;
-#ifndef OPENSSL_NO_DH
-	DH *dh;
-	int dhe1024 = 0, dhe1024dsa = 0;
-#endif
-#ifndef OPENSSL_NO_ECDH
-	EC_KEY *ecdh = NULL;
-#endif
-#ifndef OPENSSL_NO_SRP
-	/* client */
-	SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
-	/* server */
-	SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
-#endif
-	int no_dhe = 0;
-	int no_ecdhe = 0;
-	int no_psk = 0;
-	int print_time = 0;
-	clock_t s_time = 0, c_time = 0;
-	int comp = 0;
-#ifndef OPENSSL_NO_COMP
-	COMP_METHOD *cm = NULL;
-	STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
-#endif
-	int test_cipherlist = 0;
-#ifdef OPENSSL_FIPS
-	int fips_mode=0;
-#endif
-        int no_protocol = 0;
-
-	verbose = 0;
-	debug = 0;
-	cipher = 0;
-
-	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT);	
-
-	CRYPTO_set_locking_callback(lock_dbg_cb);
-
-	/* enable memory leak checking unless explicitly disabled */
-	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
-		{
-		CRYPTO_malloc_debug_init();
-		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-		}
-	else
-		{
-		/* OPENSSL_DEBUG_MEMORY=off */
-		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
-		}
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-	RAND_seed(rnd_seed, sizeof rnd_seed);
-
-	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	argc--;
-	argv++;
-
-	while (argc >= 1)
-		{
-		if(!strcmp(*argv,"-F"))
-			{
-#ifdef OPENSSL_FIPS
-			fips_mode=1;
-#else
-			fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
-			EXIT(0);
-#endif
-			}
-		else if (strcmp(*argv,"-server_auth") == 0)
-			server_auth=1;
-		else if	(strcmp(*argv,"-client_auth") == 0)
-			client_auth=1;
-		else if (strcmp(*argv,"-proxy_auth") == 0)
-			{
-			if (--argc < 1) goto bad;
-			app_verify_arg.proxy_auth= *(++argv);
-			}
-		else if (strcmp(*argv,"-proxy_cond") == 0)
-			{
-			if (--argc < 1) goto bad;
-			app_verify_arg.proxy_cond= *(++argv);
-			}
-		else if	(strcmp(*argv,"-v") == 0)
-			verbose=1;
-		else if	(strcmp(*argv,"-d") == 0)
-			debug=1;
-		else if	(strcmp(*argv,"-reuse") == 0)
-			reuse=1;
-		else if	(strcmp(*argv,"-dhe1024") == 0)
-			{
-#ifndef OPENSSL_NO_DH
-			dhe1024=1;
-#else
-			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
-#endif
-			}
-		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
-			{
-#ifndef OPENSSL_NO_DH
-			dhe1024dsa=1;
-#else
-			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
-#endif
-			}
-		else if	(strcmp(*argv,"-no_dhe") == 0)
-			no_dhe=1;
-		else if	(strcmp(*argv,"-no_ecdhe") == 0)
-			no_ecdhe=1;
-		else if (strcmp(*argv,"-psk") == 0)
-			{
-			if (--argc < 1) goto bad;
-			psk_key=*(++argv);
-#ifndef OPENSSL_NO_PSK
-			if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key))
-				{
-				BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
-				goto bad;
-				}
-#else
-			no_psk=1;
-#endif
-			}
-#ifndef OPENSSL_NO_SRP
-		else if (strcmp(*argv,"-srpuser") == 0)
-			{
-			if (--argc < 1) goto bad;
-			srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
-			tls1=1;
-			}
-		else if (strcmp(*argv,"-srppass") == 0)
-			{
-			if (--argc < 1) goto bad;
-			srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
-			tls1=1;
-			}
-#endif
-		else if	(strcmp(*argv,"-ssl2") == 0)
-			{
-#ifdef OPENSSL_NO_SSL2
-			no_protocol = 1;
-#endif
-			ssl2 = 1;
-			}
-		else if	(strcmp(*argv,"-tls1") == 0)
-			{
-#ifdef OPENSSL_NO_TLS1
-			no_protocol = 1;
-#endif
-			tls1 = 1;
-			}
-		else if	(strcmp(*argv,"-ssl3") == 0)
-			{
-#ifdef OPENSSL_NO_SSL3_METHOD
-			no_protocol = 1;
-#endif
-			ssl3 = 1;
-			}
-		else if	(strncmp(*argv,"-num",4) == 0)
-			{
-			if (--argc < 1) goto bad;
-			number= atoi(*(++argv));
-			if (number == 0) number=1;
-			}
-		else if	(strcmp(*argv,"-bytes") == 0)
-			{
-			if (--argc < 1) goto bad;
-			bytes= atol(*(++argv));
-			if (bytes == 0L) bytes=1L;
-			i=strlen(argv[0]);
-			if (argv[0][i-1] == 'k') bytes*=1024L;
-			if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
-			}
-		else if	(strcmp(*argv,"-cert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			server_cert= *(++argv);
-			}
-		else if	(strcmp(*argv,"-s_cert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			server_cert= *(++argv);
-			}
-		else if	(strcmp(*argv,"-key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			server_key= *(++argv);
-			}
-		else if	(strcmp(*argv,"-s_key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			server_key= *(++argv);
-			}
-		else if	(strcmp(*argv,"-c_cert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			client_cert= *(++argv);
-			}
-		else if	(strcmp(*argv,"-c_key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			client_key= *(++argv);
-			}
-		else if	(strcmp(*argv,"-cipher") == 0)
-			{
-			if (--argc < 1) goto bad;
-			cipher= *(++argv);
-			}
-		else if	(strcmp(*argv,"-CApath") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CApath= *(++argv);
-			}
-		else if	(strcmp(*argv,"-CAfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAfile= *(++argv);
-			}
-		else if	(strcmp(*argv,"-bio_pair") == 0)
-			{
-			bio_pair = 1;
-			}
-		else if	(strcmp(*argv,"-f") == 0)
-			{
-			force = 1;
-			}
-		else if	(strcmp(*argv,"-time") == 0)
-			{
-			print_time = 1;
-			}
-		else if	(strcmp(*argv,"-zlib") == 0)
-			{
-			comp = COMP_ZLIB;
-			}
-		else if	(strcmp(*argv,"-rle") == 0)
-			{
-			comp = COMP_RLE;
-			}
-		else if	(strcmp(*argv,"-named_curve") == 0)
-			{
-			if (--argc < 1) goto bad;
-#ifndef OPENSSL_NO_ECDH		
-			named_curve = *(++argv);
-#else
-			fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
-			++argv;
-#endif
-			}
-		else if	(strcmp(*argv,"-app_verify") == 0)
-			{
-			app_verify_arg.app_verify = 1;
-			}
-		else if	(strcmp(*argv,"-proxy") == 0)
-			{
-			app_verify_arg.allow_proxy_certs = 1;
-			}
-		else if (strcmp(*argv,"-test_cipherlist") == 0)
-			{
-			test_cipherlist = 1;
-			}
-		else if (strcmp(*argv, "-cutthrough") == 0)
-			{
-			cutthrough = 1;
-			}
-		else
-			{
-			fprintf(stderr,"unknown option %s\n",*argv);
-			badop=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-	if (badop)
-		{
-bad:
-		sv_usage();
-		goto end;
-		}
-
-	/*
-	 * test_cipherlist prevails over protocol switch: we test the cipherlist
-	 * for all enabled protocols.
-	 */
-	if (test_cipherlist == 1)
-		{
-		/* ensure that the cipher list are correctly sorted and exit */
-		fprintf(stdout, "Testing cipherlist order only. Ignoring all "
-			"other options.\n");
-		if (do_test_cipherlist() == 0)
-			EXIT(1);
-		ret = 0;
-		goto end;
-		}
-
-	if (ssl2 + ssl3 + tls1 > 1)
-		{
-		fprintf(stderr, "At most one of -ssl2, -ssl3, or -tls1 should "
-			"be requested.\n");
-		EXIT(1);
-		}
-
-	/*
-	 * Testing was requested for a compiled-out protocol (e.g. SSLv2).
-         * Ideally, we would error out, but the generic test wrapper can't know
-	 * when to expect failure. So we do nothing and return success.
-	 */
-	if (no_protocol)
-		{
-		fprintf(stderr, "Testing was requested for a disabled protocol. "
-			"Skipping tests.\n");
-		ret = 0;
-		goto end;
-		}
-
-	if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
-		{
-		fprintf(stderr, "This case cannot work.  Use -f to perform "
-			"the test anyway (and\n-d to see what happens), "
-			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
-			"to avoid protocol mismatch.\n");
-		EXIT(1);
-		}
-
-#ifdef OPENSSL_FIPS
-	if(fips_mode)
-		{
-		if(!FIPS_mode_set(1))
-			{
-			ERR_load_crypto_strings();
-			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-			EXIT(1);
-			}
-		else
-			fprintf(stderr,"*** IN FIPS MODE ***\n");
-		}
-#endif
-
-	if (print_time)
-		{
-		if (!bio_pair)
-			{
-			fprintf(stderr, "Using BIO pair (-bio_pair)\n");
-			bio_pair = 1;
-			}
-		if (number < 50 && !force)
-			fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
-		}
-
-/*	if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
-
-	SSL_library_init();
-	SSL_load_error_strings();
-
-#ifndef OPENSSL_NO_COMP
-	if (comp == COMP_ZLIB) cm = COMP_zlib();
-	if (comp == COMP_RLE) cm = COMP_rle();
-	if (cm != NULL)
-		{
-		if (cm->type != NID_undef)
-			{
-			if (SSL_COMP_add_compression_method(comp, cm) != 0)
-				{
-				fprintf(stderr,
-					"Failed to add compression method\n");
-				ERR_print_errors_fp(stderr);
-				}
-			}
-		else
-			{
-			fprintf(stderr,
-				"Warning: %s compression not supported\n",
-				(comp == COMP_RLE ? "rle" :
-					(comp == COMP_ZLIB ? "zlib" :
-						"unknown")));
-			ERR_print_errors_fp(stderr);
-			}
-		}
-	ssl_comp_methods = SSL_COMP_get_compression_methods();
-	fprintf(stderr, "Available compression methods:\n");
-	{
-	int j, n = sk_SSL_COMP_num(ssl_comp_methods);
-	if (n == 0)
-		fprintf(stderr, "  NONE\n");
-	else
-		for (j = 0; j < n; j++)
-			{
-			SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
-			fprintf(stderr, "  %d: %s\n", c->id, c->name);
-			}
-	}
-#endif
-
-/* At this point, ssl2/ssl3/tls1 is only set if the protocol is available.
- * (Otherwise we exit early.)
- * However the compiler doesn't know this, so we ifdef. */
-#ifndef OPENSSL_NO_SSL2
-	if (ssl2)
-		meth=SSLv2_method();
-	else
-#endif
-#ifndef OPENSSL_NO_SSL3
-	if (ssl3)
-		meth=SSLv3_method();
-	else
-#endif
-#ifndef OPENSSL_NO_TLS1
-	if (tls1)
-		meth=TLSv1_method();
-	else
-#endif
-	meth=SSLv23_method();
-
-	c_ctx=SSL_CTX_new(meth);
-	s_ctx=SSL_CTX_new(meth);
-	if ((c_ctx == NULL) || (s_ctx == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (cipher != NULL)
-		{
-		SSL_CTX_set_cipher_list(c_ctx,cipher);
-		SSL_CTX_set_cipher_list(s_ctx,cipher);
-		}
-	if (cutthrough)
-		{
-		int ssl_mode = SSL_CTX_get_mode(c_ctx);
-		ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH;
-		SSL_CTX_set_mode(c_ctx, ssl_mode);
-		}
-
-#ifndef OPENSSL_NO_DH
-	if (!no_dhe)
-		{
-		if (dhe1024dsa)
-			{
-			/* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
-			SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
-			dh=get_dh1024dsa();
-			}
-		else if (dhe1024)
-			dh=get_dh1024();
-		else
-			dh=get_dh512();
-		SSL_CTX_set_tmp_dh(s_ctx,dh);
-		DH_free(dh);
-		}
-#else
-	(void)no_dhe;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-	if (!no_ecdhe)
-		{
-		int nid;
-
-		if (named_curve != NULL)
-			{
-			nid = OBJ_sn2nid(named_curve);
-			if (nid == 0)
-			{
-				BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
-				goto end;
-				}
-			}
-		else
-#ifdef OPENSSL_NO_EC2M
-			nid = NID_X9_62_prime256v1;
-#else
-			nid = NID_sect163r2;
-#endif
-
-		ecdh = EC_KEY_new_by_curve_name(nid);
-		if (ecdh == NULL)
-			{
-			BIO_printf(bio_err, "unable to create curve\n");
-			goto end;
-			}
-
-		SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
-		SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
-		EC_KEY_free(ecdh);
-		}
-#else
-	(void)no_ecdhe;
-#endif
-
-#ifndef OPENSSL_NO_RSA
-	SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
-#endif
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
-	SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
-	SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */
-	SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */
-#endif
-
-	if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
-		{
-		ERR_print_errors(bio_err);
-		}
-	else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
-		(server_key?server_key:server_cert), SSL_FILETYPE_PEM))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (client_auth)
-		{
-		SSL_CTX_use_certificate_file(c_ctx,client_cert,
-			SSL_FILETYPE_PEM);
-		SSL_CTX_use_PrivateKey_file(c_ctx,
-			(client_key?client_key:client_cert),
-			SSL_FILETYPE_PEM);
-		}
-
-	if (	(!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
-		(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
-		(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
-		(!SSL_CTX_set_default_verify_paths(c_ctx)))
-		{
-		/* fprintf(stderr,"SSL_load_verify_locations\n"); */
-		ERR_print_errors(bio_err);
-		/* goto end; */
-		}
-
-	if (client_auth)
-		{
-		BIO_printf(bio_err,"client authentication\n");
-		SSL_CTX_set_verify(s_ctx,
-			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-			verify_callback);
-		SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg);
-		}
-	if (server_auth)
-		{
-		BIO_printf(bio_err,"server authentication\n");
-		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
-			verify_callback);
-		SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg);
-		}
-	
-	{
-		int session_id_context = 0;
-		SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
-	}
-
-	/* Use PSK only if PSK key is given */
-	if (psk_key != NULL)
-		{
-		/* no_psk is used to avoid putting psk command to openssl tool */
-		if (no_psk)
-			{
-			/* if PSK is not compiled in and psk key is
-			 * given, do nothing and exit successfully */
-			ret=0;
-			goto end;
-			}
-#ifndef OPENSSL_NO_PSK
-		SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
-		SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
-		if (debug)
-			BIO_printf(bio_err,"setting PSK identity hint to s_ctx\n");
-		if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint"))
-			{
-			BIO_printf(bio_err,"error setting PSK identity hint to s_ctx\n");
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-#endif
-		}
-#ifndef OPENSSL_NO_SRP
-        if (srp_client_arg.srplogin)
-		{
-		if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
-			{
-			BIO_printf(bio_err,"Unable to set SRP username\n");
-			goto end;
-			}
-		SSL_CTX_set_srp_cb_arg(c_ctx,&srp_client_arg);
-		SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
-		/*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/
-		}
-
-	if (srp_server_arg.expected_user != NULL)
-		{
-		SSL_CTX_set_verify(s_ctx,SSL_VERIFY_NONE,verify_callback);
-		SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
-		SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
-		}
-#endif
-
-	c_ssl=SSL_new(c_ctx);
-	s_ssl=SSL_new(s_ctx);
-
-#ifndef OPENSSL_NO_KRB5
-	if (c_ssl  &&  c_ssl->kssl_ctx)
-                {
-                char	localhost[MAXHOSTNAMELEN+2];
-
-		if (gethostname(localhost, sizeof localhost-1) == 0)
-                        {
-			localhost[sizeof localhost-1]='\0';
-			if(strlen(localhost) == sizeof localhost-1)
-				{
-				BIO_printf(bio_err,"localhost name too long\n");
-				goto end;
-				}
-			kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
-                                localhost);
-			}
-		}
-#endif    /* OPENSSL_NO_KRB5  */
-
-	for (i=0; i<number; i++)
-		{
-		if (!reuse) SSL_set_session(c_ssl,NULL);
-		if (bio_pair)
-			ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
-		else
-			ret=doit(s_ssl,c_ssl,bytes);
-		}
-
-	if (!verbose)
-		{
-		print_details(c_ssl, "");
-		}
-	if ((number > 1) || (bytes > 1L))
-		BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
-	if (print_time)
-		{
-#ifdef CLOCKS_PER_SEC
-		/* "To determine the time in seconds, the value returned
-		 * by the clock function should be divided by the value
-		 * of the macro CLOCKS_PER_SEC."
-		 *                                       -- ISO/IEC 9899 */
-		BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
-			"Approximate total client time: %6.2f s\n",
-			(double)s_time/CLOCKS_PER_SEC,
-			(double)c_time/CLOCKS_PER_SEC);
-#else
-		/* "`CLOCKS_PER_SEC' undeclared (first use this function)"
-		 *                            -- cc on NeXTstep/OpenStep */
-		BIO_printf(bio_stdout,
-			"Approximate total server time: %6.2f units\n"
-			"Approximate total client time: %6.2f units\n",
-			(double)s_time,
-			(double)c_time);
-#endif
-		}
-
-	SSL_free(s_ssl);
-	SSL_free(c_ssl);
-
-end:
-	if (s_ctx != NULL) SSL_CTX_free(s_ctx);
-	if (c_ctx != NULL) SSL_CTX_free(c_ctx);
-
-	if (bio_stdout != NULL) BIO_free(bio_stdout);
-
-#ifndef OPENSSL_NO_RSA
-	free_tmp_rsa();
-#endif
-#ifndef OPENSSL_NO_ENGINE
-	ENGINE_cleanup();
-#endif
-	CRYPTO_cleanup_all_ex_data();
-	ERR_free_strings();
-	ERR_remove_thread_state(NULL);
-	EVP_cleanup();
-	CRYPTO_mem_leaks(bio_err);
-	if (bio_err != NULL) BIO_free(bio_err);
-	EXIT(ret);
-	return ret;
-	}
-
-int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
-	clock_t *s_time, clock_t *c_time)
-	{
-	long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
-	BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
-	BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
-	int ret = 1;
-	
-	size_t bufsiz = 256; /* small buffer for testing */
-
-	if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
-		goto err;
-	if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
-		goto err;
-	
-	s_ssl_bio = BIO_new(BIO_f_ssl());
-	if (!s_ssl_bio)
-		goto err;
-
-	c_ssl_bio = BIO_new(BIO_f_ssl());
-	if (!c_ssl_bio)
-		goto err;
-
-	SSL_set_connect_state(c_ssl);
-	SSL_set_bio(c_ssl, client, client);
-	(void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
-
-	SSL_set_accept_state(s_ssl);
-	SSL_set_bio(s_ssl, server, server);
-	(void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
-
-	do
-		{
-		/* c_ssl_bio:          SSL filter BIO
-		 *
-		 * client:             pseudo-I/O for SSL library
-		 *
-		 * client_io:          client's SSL communication; usually to be
-		 *                     relayed over some I/O facility, but in this
-		 *                     test program, we're the server, too:
-		 *
-		 * server_io:          server's SSL communication
-		 *
-		 * server:             pseudo-I/O for SSL library
-		 *
-		 * s_ssl_bio:          SSL filter BIO
-		 *
-		 * The client and the server each employ a "BIO pair":
-		 * client + client_io, server + server_io.
-		 * BIO pairs are symmetric.  A BIO pair behaves similar
-		 * to a non-blocking socketpair (but both endpoints must
-		 * be handled by the same thread).
-		 * [Here we could connect client and server to the ends
-		 * of a single BIO pair, but then this code would be less
-		 * suitable as an example for BIO pairs in general.]
-		 *
-		 * Useful functions for querying the state of BIO pair endpoints:
-		 *
-		 * BIO_ctrl_pending(bio)              number of bytes we can read now
-		 * BIO_ctrl_get_read_request(bio)     number of bytes needed to fulfil
-		 *                                      other side's read attempt
-		 * BIO_ctrl_get_write_guarantee(bio)   number of bytes we can write now
-		 *
-		 * ..._read_request is never more than ..._write_guarantee;
-		 * it depends on the application which one you should use.
-		 */
-
-		/* We have non-blocking behaviour throughout this test program, but
-		 * can be sure that there is *some* progress in each iteration; so
-		 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
-		 * -- we just try everything in each iteration
-		 */
-
-			{
-			/* CLIENT */
-		
-			MS_STATIC char cbuf[1024*8];
-			int i, r;
-			clock_t c_clock = clock();
-
-			memset(cbuf, 0, sizeof(cbuf));
-
-			if (debug)
-				if (SSL_in_init(c_ssl))
-					printf("client waiting in SSL_connect - %s\n",
-						SSL_state_string_long(c_ssl));
-
-			if (cw_num > 0)
-				{
-				/* Write to server. */
-				
-				if (cw_num > (long)sizeof cbuf)
-					i = sizeof cbuf;
-				else
-					i = (int)cw_num;
-				r = BIO_write(c_ssl_bio, cbuf, i);
-				if (r < 0)
-					{
-					if (!BIO_should_retry(c_ssl_bio))
-						{
-						fprintf(stderr,"ERROR in CLIENT\n");
-						goto err;
-						}
-					/* BIO_should_retry(...) can just be ignored here.
-					 * The library expects us to call BIO_write with
-					 * the same arguments again, and that's what we will
-					 * do in the next iteration. */
-					}
-				else if (r == 0)
-					{
-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
-					goto err;
-					}
-				else
-					{
-					if (debug)
-						printf("client wrote %d\n", r);
-					cw_num -= r;				
-					}
-				}
-
-			if (cr_num > 0)
-				{
-				/* Read from server. */
-
-				r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
-				if (r < 0)
-					{
-					if (!BIO_should_retry(c_ssl_bio))
-						{
-						fprintf(stderr,"ERROR in CLIENT\n");
-						goto err;
-						}
-					/* Again, "BIO_should_retry" can be ignored. */
-					}
-				else if (r == 0)
-					{
-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
-					goto err;
-					}
-				else
-					{
-					if (debug)
-						printf("client read %d\n", r);
-					cr_num -= r;
-					}
-				}
-
-			/* c_time and s_time increments will typically be very small
-			 * (depending on machine speed and clock tick intervals),
-			 * but sampling over a large number of connections should
-			 * result in fairly accurate figures.  We cannot guarantee
-			 * a lot, however -- if each connection lasts for exactly
-			 * one clock tick, it will be counted only for the client
-			 * or only for the server or even not at all.
-			 */
-			*c_time += (clock() - c_clock);
-			}
-
-			{
-			/* SERVER */
-		
-			MS_STATIC char sbuf[1024*8];
-			int i, r;
-			clock_t s_clock = clock();
-
-			memset(sbuf, 0, sizeof(sbuf));
-
-			if (debug)
-				if (SSL_in_init(s_ssl))
-					printf("server waiting in SSL_accept - %s\n",
-						SSL_state_string_long(s_ssl));
-
-			if (sw_num > 0)
-				{
-				/* Write to client. */
-				
-				if (sw_num > (long)sizeof sbuf)
-					i = sizeof sbuf;
-				else
-					i = (int)sw_num;
-				r = BIO_write(s_ssl_bio, sbuf, i);
-				if (r < 0)
-					{
-					if (!BIO_should_retry(s_ssl_bio))
-						{
-						fprintf(stderr,"ERROR in SERVER\n");
-						goto err;
-						}
-					/* Ignore "BIO_should_retry". */
-					}
-				else if (r == 0)
-					{
-					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
-					goto err;
-					}
-				else
-					{
-					if (debug)
-						printf("server wrote %d\n", r);
-					sw_num -= r;				
-					}
-				}
-
-			if (sr_num > 0)
-				{
-				/* Read from client. */
-
-				r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
-				if (r < 0)
-					{
-					if (!BIO_should_retry(s_ssl_bio))
-						{
-						fprintf(stderr,"ERROR in SERVER\n");
-						goto err;
-						}
-					/* blah, blah */
-					}
-				else if (r == 0)
-					{
-					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
-					goto err;
-					}
-				else
-					{
-					if (debug)
-						printf("server read %d\n", r);
-					sr_num -= r;
-					}
-				}
-
-			*s_time += (clock() - s_clock);
-			}
-			
-			{
-			/* "I/O" BETWEEN CLIENT AND SERVER. */
-
-			size_t r1, r2;
-			BIO *io1 = server_io, *io2 = client_io;
-			/* we use the non-copying interface for io1
-			 * and the standard BIO_write/BIO_read interface for io2
-			 */
-			
-			static int prev_progress = 1;
-			int progress = 0;
-			
-			/* io1 to io2 */
-			do
-				{
-				size_t num;
-				int r;
-
-				r1 = BIO_ctrl_pending(io1);
-				r2 = BIO_ctrl_get_write_guarantee(io2);
-
-				num = r1;
-				if (r2 < num)
-					num = r2;
-				if (num)
-					{
-					char *dataptr;
-
-					if (INT_MAX < num) /* yeah, right */
-						num = INT_MAX;
-					
-					r = BIO_nread(io1, &dataptr, (int)num);
-					assert(r > 0);
-					assert(r <= (int)num);
-					/* possibly r < num (non-contiguous data) */
-					num = r;
-					r = BIO_write(io2, dataptr, (int)num);
-					if (r != (int)num) /* can't happen */
-						{
-						fprintf(stderr, "ERROR: BIO_write could not write "
-							"BIO_ctrl_get_write_guarantee() bytes");
-						goto err;
-						}
-					progress = 1;
-
-					if (debug)
-						printf((io1 == client_io) ?
-							"C->S relaying: %d bytes\n" :
-							"S->C relaying: %d bytes\n",
-							(int)num);
-					}
-				}
-			while (r1 && r2);
-
-			/* io2 to io1 */
-			{
-				size_t num;
-				int r;
-
-				r1 = BIO_ctrl_pending(io2);
-				r2 = BIO_ctrl_get_read_request(io1);
-				/* here we could use ..._get_write_guarantee instead of
-				 * ..._get_read_request, but by using the latter
-				 * we test restartability of the SSL implementation
-				 * more thoroughly */
-				num = r1;
-				if (r2 < num)
-					num = r2;
-				if (num)
-					{
-					char *dataptr;
-					
-					if (INT_MAX < num)
-						num = INT_MAX;
-
-					if (num > 1)
-						--num; /* test restartability even more thoroughly */
-					
-					r = BIO_nwrite0(io1, &dataptr);
-					assert(r > 0);
-					if (r < (int)num)
-						num = r;
-					r = BIO_read(io2, dataptr, (int)num);
-					if (r != (int)num) /* can't happen */
-						{
-						fprintf(stderr, "ERROR: BIO_read could not read "
-							"BIO_ctrl_pending() bytes");
-						goto err;
-						}
-					progress = 1;
-					r = BIO_nwrite(io1, &dataptr, (int)num);
-					if (r != (int)num) /* can't happen */
-						{
-						fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
-							"BIO_nwrite0() bytes");
-						goto err;
-						}
-					
-					if (debug)
-						printf((io2 == client_io) ?
-							"C->S relaying: %d bytes\n" :
-							"S->C relaying: %d bytes\n",
-							(int)num);
-					}
-			} /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
-
-			if (!progress && !prev_progress)
-				if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
-					{
-					fprintf(stderr, "ERROR: got stuck\n");
-					if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
-						{
-						fprintf(stderr, "This can happen for SSL2 because "
-							"CLIENT-FINISHED and SERVER-VERIFY are written \n"
-							"concurrently ...");
-						if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
-							&& strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
-							{
-							fprintf(stderr, " ok.\n");
-							goto end;
-							}
-						}
-					fprintf(stderr, " ERROR.\n");
-					goto err;
-					}
-			prev_progress = progress;
-			}
-		}
-	while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
-
-	if (verbose)
-		print_details(c_ssl, "DONE via BIO pair: ");
-end:
-	ret = 0;
-
- err:
-	ERR_print_errors(bio_err);
-	
-	if (server)
-		BIO_free(server);
-	if (server_io)
-		BIO_free(server_io);
-	if (client)
-		BIO_free(client);
-	if (client_io)
-		BIO_free(client_io);
-	if (s_ssl_bio)
-		BIO_free(s_ssl_bio);
-	if (c_ssl_bio)
-		BIO_free(c_ssl_bio);
-
-	return ret;
-	}
-
-
-#define W_READ	1
-#define W_WRITE	2
-#define C_DONE	1
-#define S_DONE	2
-
-int doit(SSL *s_ssl, SSL *c_ssl, long count)
-	{
-	MS_STATIC char cbuf[1024*8],sbuf[1024*8];
-	long cw_num=count,cr_num=count;
-	long sw_num=count,sr_num=count;
-	int ret=1;
-	BIO *c_to_s=NULL;
-	BIO *s_to_c=NULL;
-	BIO *c_bio=NULL;
-	BIO *s_bio=NULL;
-	int c_r,c_w,s_r,s_w;
-	int i,j;
-	int done=0;
-	int c_write,s_write;
-	int do_server=0,do_client=0;
-
-	memset(cbuf,0,sizeof(cbuf));
-	memset(sbuf,0,sizeof(sbuf));
-
-	c_to_s=BIO_new(BIO_s_mem());
-	s_to_c=BIO_new(BIO_s_mem());
-	if ((s_to_c == NULL) || (c_to_s == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	c_bio=BIO_new(BIO_f_ssl());
-	s_bio=BIO_new(BIO_f_ssl());
-	if ((c_bio == NULL) || (s_bio == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto err;
-		}
-
-	SSL_set_connect_state(c_ssl);
-	SSL_set_bio(c_ssl,s_to_c,c_to_s);
-	BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
-
-	SSL_set_accept_state(s_ssl);
-	SSL_set_bio(s_ssl,c_to_s,s_to_c);
-	BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
-
-	c_r=0; s_r=1;
-	c_w=1; s_w=0;
-	c_write=1,s_write=0;
-
-	/* We can always do writes */
-	for (;;)
-		{
-		do_server=0;
-		do_client=0;
-
-		i=(int)BIO_pending(s_bio);
-		if ((i && s_r) || s_w) do_server=1;
-
-		i=(int)BIO_pending(c_bio);
-		if ((i && c_r) || c_w) do_client=1;
-
-		if (do_server && debug)
-			{
-			if (SSL_in_init(s_ssl))
-				printf("server waiting in SSL_accept - %s\n",
-					SSL_state_string_long(s_ssl));
-/*			else if (s_write)
-				printf("server:SSL_write()\n");
-			else
-				printf("server:SSL_read()\n"); */
-			}
-
-		if (do_client && debug)
-			{
-			if (SSL_in_init(c_ssl))
-				printf("client waiting in SSL_connect - %s\n",
-					SSL_state_string_long(c_ssl));
-/*			else if (c_write)
-				printf("client:SSL_write()\n");
-			else
-				printf("client:SSL_read()\n"); */
-			}
-
-		if (!do_client && !do_server)
-			{
-			fprintf(stdout,"ERROR IN STARTUP\n");
-			ERR_print_errors(bio_err);
-			break;
-			}
-		if (do_client && !(done & C_DONE))
-			{
-			if (c_write)
-				{
-				j = (cw_num > (long)sizeof(cbuf)) ?
-					(int)sizeof(cbuf) : (int)cw_num;
-				i=BIO_write(c_bio,cbuf,j);
-				if (i < 0)
-					{
-					c_r=0;
-					c_w=0;
-					if (BIO_should_retry(c_bio))
-						{
-						if (BIO_should_read(c_bio))
-							c_r=1;
-						if (BIO_should_write(c_bio))
-							c_w=1;
-						}
-					else
-						{
-						fprintf(stderr,"ERROR in CLIENT\n");
-						ERR_print_errors(bio_err);
-						goto err;
-						}
-					}
-				else if (i == 0)
-					{
-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
-					goto err;
-					}
-				else
-					{
-					if (debug)
-						printf("client wrote %d\n",i);
-					/* ok */
-					s_r=1;
-					c_write=0;
-					cw_num-=i;
-					}
-				}
-			else
-				{
-				i=BIO_read(c_bio,cbuf,sizeof(cbuf));
-				if (i < 0)
-					{
-					c_r=0;
-					c_w=0;
-					if (BIO_should_retry(c_bio))
-						{
-						if (BIO_should_read(c_bio))
-							c_r=1;
-						if (BIO_should_write(c_bio))
-							c_w=1;
-						}
-					else
-						{
-						fprintf(stderr,"ERROR in CLIENT\n");
-						ERR_print_errors(bio_err);
-						goto err;
-						}
-					}
-				else if (i == 0)
-					{
-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
-					goto err;
-					}
-				else
-					{
-					if (debug)
-						printf("client read %d\n",i);
-					cr_num-=i;
-					if (sw_num > 0)
-						{
-						s_write=1;
-						s_w=1;
-						}
-					if (cr_num <= 0)
-						{
-						s_write=1;
-						s_w=1;
-						done=S_DONE|C_DONE;
-						}
-					}
-				}
-			}
-
-		if (do_server && !(done & S_DONE))
-			{
-			if (!s_write)
-				{
-				i=BIO_read(s_bio,sbuf,sizeof(cbuf));
-				if (i < 0)
-					{
-					s_r=0;
-					s_w=0;
-					if (BIO_should_retry(s_bio))
-						{
-						if (BIO_should_read(s_bio))
-							s_r=1;
-						if (BIO_should_write(s_bio))
-							s_w=1;
-						}
-					else
-						{
-						fprintf(stderr,"ERROR in SERVER\n");
-						ERR_print_errors(bio_err);
-						goto err;
-						}
-					}
-				else if (i == 0)
-					{
-					ERR_print_errors(bio_err);
-					fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
-					goto err;
-					}
-				else
-					{
-					if (debug)
-						printf("server read %d\n",i);
-					sr_num-=i;
-					if (cw_num > 0)
-						{
-						c_write=1;
-						c_w=1;
-						}
-					if (sr_num <= 0)
-						{
-						s_write=1;
-						s_w=1;
-						c_write=0;
-						}
-					}
-				}
-			else
-				{
-				j = (sw_num > (long)sizeof(sbuf)) ?
-					(int)sizeof(sbuf) : (int)sw_num;
-				i=BIO_write(s_bio,sbuf,j);
-				if (i < 0)
-					{
-					s_r=0;
-					s_w=0;
-					if (BIO_should_retry(s_bio))
-						{
-						if (BIO_should_read(s_bio))
-							s_r=1;
-						if (BIO_should_write(s_bio))
-							s_w=1;
-						}
-					else
-						{
-						fprintf(stderr,"ERROR in SERVER\n");
-						ERR_print_errors(bio_err);
-						goto err;
-						}
-					}
-				else if (i == 0)
-					{
-					ERR_print_errors(bio_err);
-					fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
-					goto err;
-					}
-				else
-					{
-					if (debug)
-						printf("server wrote %d\n",i);
-					sw_num-=i;
-					s_write=0;
-					c_r=1;
-					if (sw_num <= 0)
-						done|=S_DONE;
-					}
-				}
-			}
-
-		if ((done & S_DONE) && (done & C_DONE)) break;
-		}
-
-	if (verbose)
-		print_details(c_ssl, "DONE: ");
-	ret=0;
-err:
-	/* We have to set the BIO's to NULL otherwise they will be
-	 * OPENSSL_free()ed twice.  Once when th s_ssl is SSL_free()ed and
-	 * again when c_ssl is SSL_free()ed.
-	 * This is a hack required because s_ssl and c_ssl are sharing the same
-	 * BIO structure and SSL_set_bio() and SSL_free() automatically
-	 * BIO_free non NULL entries.
-	 * You should not normally do this or be required to do this */
-	if (s_ssl != NULL)
-		{
-		s_ssl->rbio=NULL;
-		s_ssl->wbio=NULL;
-		}
-	if (c_ssl != NULL)
-		{
-		c_ssl->rbio=NULL;
-		c_ssl->wbio=NULL;
-		}
-
-	if (c_to_s != NULL) BIO_free(c_to_s);
-	if (s_to_c != NULL) BIO_free(s_to_c);
-	if (c_bio != NULL) BIO_free_all(c_bio);
-	if (s_bio != NULL) BIO_free_all(s_bio);
-	return(ret);
-	}
-
-static int get_proxy_auth_ex_data_idx(void)
-	{
-	static volatile int idx = -1;
-	if (idx < 0)
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-		if (idx < 0)
-			{
-			idx = X509_STORE_CTX_get_ex_new_index(0,
-				"SSLtest for verify callback", NULL,NULL,NULL);
-			}
-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-		}
-	return idx;
-	}
-
-static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
-	{
-	char *s,buf[256];
-
-	s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
-			    sizeof buf);
-	if (s != NULL)
-		{
-		if (ok)
-			fprintf(stderr,"depth=%d %s\n",
-				ctx->error_depth,buf);
-		else
-			{
-			fprintf(stderr,"depth=%d error=%d %s\n",
-				ctx->error_depth,ctx->error,buf);
-			}
-		}
-
-	if (ok == 0)
-		{
-		fprintf(stderr,"Error string: %s\n",
-			X509_verify_cert_error_string(ctx->error));
-		switch (ctx->error)
-			{
-		case X509_V_ERR_CERT_NOT_YET_VALID:
-		case X509_V_ERR_CERT_HAS_EXPIRED:
-		case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-			fprintf(stderr,"  ... ignored.\n");
-			ok=1;
-			}
-		}
-
-	if (ok == 1)
-		{
-		X509 *xs = ctx->current_cert;
-#if 0
-		X509 *xi = ctx->current_issuer;
-#endif
-
-		if (xs->ex_flags & EXFLAG_PROXY)
-			{
-			unsigned int *letters =
-				X509_STORE_CTX_get_ex_data(ctx,
-					get_proxy_auth_ex_data_idx());
-
-			if (letters)
-				{
-				int found_any = 0;
-				int i;
-				PROXY_CERT_INFO_EXTENSION *pci =
-					X509_get_ext_d2i(xs, NID_proxyCertInfo,
-						NULL, NULL);
-
-				switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
-					{
-				case NID_Independent:
-					/* Completely meaningless in this
-					   program, as there's no way to
-					   grant explicit rights to a
-					   specific PrC.  Basically, using
-					   id-ppl-Independent is the perfect
-					   way to grant no rights at all. */
-					fprintf(stderr, "  Independent proxy certificate");
-					for (i = 0; i < 26; i++)
-						letters[i] = 0;
-					break;
-				case NID_id_ppl_inheritAll:
-					/* This is basically a NOP, we
-					   simply let the current rights
-					   stand as they are. */
-					fprintf(stderr, "  Proxy certificate inherits all");
-					break;
-				default:
-					s = (char *)
-						pci->proxyPolicy->policy->data;
-					i = pci->proxyPolicy->policy->length;
-
-					/* The algorithm works as follows:
-					   it is assumed that previous
-					   iterations or the initial granted
-					   rights has already set some elements
-					   of `letters'.  What we need to do is
-					   to clear those that weren't granted
-					   by the current PrC as well.  The
-					   easiest way to do this is to add 1
-					   to all the elements whose letters
-					   are given with the current policy.
-					   That way, all elements that are set
-					   by the current policy and were
-					   already set by earlier policies and
-					   through the original grant of rights
-					   will get the value 2 or higher.
-					   The last thing to do is to sweep
-					   through `letters' and keep the
-					   elements having the value 2 as set,
-					   and clear all the others. */
-
-					fprintf(stderr, "  Certificate proxy rights = %*.*s", i, i, s);
-					while(i-- > 0)
-						{
-						int c = *s++;
-						if (isascii(c) && isalpha(c))
-							{
-							if (islower(c))
-								c = toupper(c);
-							letters[c - 'A']++;
-							}
-						}
-					for (i = 0; i < 26; i++)
-						if (letters[i] < 2)
-							letters[i] = 0;
-						else
-							letters[i] = 1;
-					}
-
-				found_any = 0;
-				fprintf(stderr,
-					", resulting proxy rights = ");
-				for(i = 0; i < 26; i++)
-					if (letters[i])
-						{
-						fprintf(stderr, "%c", i + 'A');
-						found_any = 1;
-						}
-				if (!found_any)
-					fprintf(stderr, "none");
-				fprintf(stderr, "\n");
-
-				PROXY_CERT_INFO_EXTENSION_free(pci);
-				}
-			}
-		}
-
-	return(ok);
-	}
-
-static void process_proxy_debug(int indent, const char *format, ...)
-	{
-	static const char indentation[] =
-		">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
-		">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
-	char my_format[256];
-	va_list args;
-
-	BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
-		indent, indent, indentation, format);
-
-	va_start(args, format);
-	vfprintf(stderr, my_format, args);
-	va_end(args);
-	}
-/* Priority levels:
-   0	[!]var, ()
-   1	& ^
-   2	|
-*/
-static int process_proxy_cond_adders(unsigned int letters[26],
-	const char *cond, const char **cond_end, int *pos, int indent);
-static int process_proxy_cond_val(unsigned int letters[26],
-	const char *cond, const char **cond_end, int *pos, int indent)
-	{
-	int c;
-	int ok = 1;
-	int negate = 0;
-
-	while(isspace((int)*cond))
-		{
-		cond++; (*pos)++;
-		}
-	c = *cond;
-
-	if (debug)
-		process_proxy_debug(indent,
-			"Start process_proxy_cond_val at position %d: %s\n",
-			*pos, cond);
-
-	while(c == '!')
-		{
-		negate = !negate;
-		cond++; (*pos)++;
-		while(isspace((int)*cond))
-			{
-			cond++; (*pos)++;
-			}
-		c = *cond;
-		}
-
-	if (c == '(')
-		{
-		cond++; (*pos)++;
-		ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
-			indent + 1);
-		cond = *cond_end;
-		if (ok < 0)
-			goto end;
-		while(isspace((int)*cond))
-			{
-			cond++; (*pos)++;
-			}
-		c = *cond;
-		if (c != ')')
-			{
-			fprintf(stderr,
-				"Weird condition character in position %d: "
-				"%c\n", *pos, c);
-			ok = -1;
-			goto end;
-			}
-		cond++; (*pos)++;
-		}
-	else if (isascii(c) && isalpha(c))
-		{
-		if (islower(c))
-			c = toupper(c);
-		ok = letters[c - 'A'];
-		cond++; (*pos)++;
-		}
-	else
-		{
-		fprintf(stderr,
-			"Weird condition character in position %d: "
-			"%c\n", *pos, c);
-		ok = -1;
-		goto end;
-		}
- end:
-	*cond_end = cond;
-	if (ok >= 0 && negate)
-		ok = !ok;
-
-	if (debug)
-		process_proxy_debug(indent,
-			"End process_proxy_cond_val at position %d: %s, returning %d\n",
-			*pos, cond, ok);
-
-	return ok;
-	}
-static int process_proxy_cond_multipliers(unsigned int letters[26],
-	const char *cond, const char **cond_end, int *pos, int indent)
-	{
-	int ok;
-	char c;
-
-	if (debug)
-		process_proxy_debug(indent,
-			"Start process_proxy_cond_multipliers at position %d: %s\n",
-			*pos, cond);
-
-	ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
-	cond = *cond_end;
-	if (ok < 0)
-		goto end;
-
-	while(ok >= 0)
-		{
-		while(isspace((int)*cond))
-			{
-			cond++; (*pos)++;
-			}
-		c = *cond;
-
-		switch(c)
-			{
-		case '&':
-		case '^':
-			{
-			int save_ok = ok;
-
-			cond++; (*pos)++;
-			ok = process_proxy_cond_val(letters,
-				cond, cond_end, pos, indent + 1);
-			cond = *cond_end;
-			if (ok < 0)
-				break;
-
-			switch(c)
-				{
-			case '&':
-				ok &= save_ok;
-				break;
-			case '^':
-				ok ^= save_ok;
-				break;
-			default:
-				fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
-					" STOPPING\n");
-				EXIT(1);
-				}
-			}
-			break;
-		default:
-			goto end;
-			}
-		}
- end:
-	if (debug)
-		process_proxy_debug(indent,
-			"End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
-			*pos, cond, ok);
-
-	*cond_end = cond;
-	return ok;
-	}
-static int process_proxy_cond_adders(unsigned int letters[26],
-	const char *cond, const char **cond_end, int *pos, int indent)
-	{
-	int ok;
-	char c;
-
-	if (debug)
-		process_proxy_debug(indent,
-			"Start process_proxy_cond_adders at position %d: %s\n",
-			*pos, cond);
-
-	ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
-		indent + 1);
-	cond = *cond_end;
-	if (ok < 0)
-		goto end;
-
-	while(ok >= 0)
-		{
-		while(isspace((int)*cond))
-			{
-			cond++; (*pos)++;
-			}
-		c = *cond;
-
-		switch(c)
-			{
-		case '|':
-			{
-			int save_ok = ok;
-
-			cond++; (*pos)++;
-			ok = process_proxy_cond_multipliers(letters,
-				cond, cond_end, pos, indent + 1);
-			cond = *cond_end;
-			if (ok < 0)
-				break;
-
-			switch(c)
-				{
-			case '|':
-				ok |= save_ok;
-				break;
-			default:
-				fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
-					" STOPPING\n");
-				EXIT(1);
-				}
-			}
-			break;
-		default:
-			goto end;
-			}
-		}
- end:
-	if (debug)
-		process_proxy_debug(indent,
-			"End process_proxy_cond_adders at position %d: %s, returning %d\n",
-			*pos, cond, ok);
-
-	*cond_end = cond;
-	return ok;
-	}
-
-static int process_proxy_cond(unsigned int letters[26],
-	const char *cond, const char **cond_end)
-	{
-	int pos = 1;
-	return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
-	}
-
-static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
-	{
-	int ok=1;
-	struct app_verify_arg *cb_arg = arg;
-	unsigned int letters[26]; /* only used with proxy_auth */
-
-	if (cb_arg->app_verify)
-		{
-		char *s = NULL,buf[256];
-
-		fprintf(stderr, "In app_verify_callback, allowing cert. ");
-		fprintf(stderr, "Arg is: %s\n", cb_arg->string);
-		fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
-			(void *)ctx, (void *)ctx->cert);
-		if (ctx->cert)
-			s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
-		if (s != NULL)
-			{
-			fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
-			}
-		return(1);
-		}
-	if (cb_arg->proxy_auth)
-		{
-		int found_any = 0, i;
-		char *sp;
-
-		for(i = 0; i < 26; i++)
-			letters[i] = 0;
-		for(sp = cb_arg->proxy_auth; *sp; sp++)
-			{
-			int c = *sp;
-			if (isascii(c) && isalpha(c))
-				{
-				if (islower(c))
-					c = toupper(c);
-				letters[c - 'A'] = 1;
-				}
-			}
-
-		fprintf(stderr,
-			"  Initial proxy rights = ");
-		for(i = 0; i < 26; i++)
-			if (letters[i])
-				{
-				fprintf(stderr, "%c", i + 'A');
-				found_any = 1;
-				}
-		if (!found_any)
-			fprintf(stderr, "none");
-		fprintf(stderr, "\n");
-
-		X509_STORE_CTX_set_ex_data(ctx,
-			get_proxy_auth_ex_data_idx(),letters);
-		}
-	if (cb_arg->allow_proxy_certs)
-		{
-		X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
-		}
-
-#ifndef OPENSSL_NO_X509_VERIFY
-	ok = X509_verify_cert(ctx);
-#endif
-
-	if (cb_arg->proxy_auth)
-		{
-		if (ok > 0)
-			{
-			const char *cond_end = NULL;
-
-			ok = process_proxy_cond(letters,
-				cb_arg->proxy_cond, &cond_end);
-
-			if (ok < 0)
-				EXIT(3);
-			if (*cond_end)
-				{
-				fprintf(stderr, "Stopped processing condition before it's end.\n");
-				ok = 0;
-				}
-			if (!ok)
-				fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
-					cb_arg->proxy_cond);
-			else
-				fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
-					cb_arg->proxy_cond);
-			}
-		}
-	return(ok);
-	}
-
-#ifndef OPENSSL_NO_RSA
-static RSA *rsa_tmp=NULL;
-
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
-	{
-	BIGNUM *bn = NULL;
-	if (rsa_tmp == NULL)
-		{
-		bn = BN_new();
-		rsa_tmp = RSA_new();
-		if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4))
-			{
-			BIO_printf(bio_err, "Memory error...");
-			goto end;
-			}
-		BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
-		(void)BIO_flush(bio_err);
-		if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL))
-			{
-			BIO_printf(bio_err, "Error generating key.");
-			RSA_free(rsa_tmp);
-			rsa_tmp = NULL;
-			}
-end:
-		BIO_printf(bio_err,"\n");
-		(void)BIO_flush(bio_err);
-		}
-	if(bn) BN_free(bn);
-	return(rsa_tmp);
-	}
-
-static void free_tmp_rsa(void)
-	{
-	if (rsa_tmp != NULL)
-		{
-		RSA_free(rsa_tmp);
-		rsa_tmp = NULL;
-		}
-	}
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* These DH parameters have been generated as follows:
- *    $ openssl dhparam -C -noout 512
- *    $ openssl dhparam -C -noout 1024
- *    $ openssl dhparam -C -noout -dsaparam 1024
- * (The third function has been renamed to avoid name conflicts.)
- */
-static DH *get_dh512()
-	{
-	static unsigned char dh512_p[]={
-		0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
-		0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
-		0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
-		0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
-		0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
-		0x02,0xC5,0xAE,0x23,
-		};
-	static unsigned char dh512_g[]={
-		0x02,
-		};
-	DH *dh;
-
-	if ((dh=DH_new()) == NULL) return(NULL);
-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
-	if ((dh->p == NULL) || (dh->g == NULL))
-		{ DH_free(dh); return(NULL); }
-	return(dh);
-	}
-
-static DH *get_dh1024()
-	{
-	static unsigned char dh1024_p[]={
-		0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
-		0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
-		0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
-		0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
-		0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
-		0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
-		0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
-		0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
-		0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
-		0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
-		0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
-		};
-	static unsigned char dh1024_g[]={
-		0x02,
-		};
-	DH *dh;
-
-	if ((dh=DH_new()) == NULL) return(NULL);
-	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
-	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
-	if ((dh->p == NULL) || (dh->g == NULL))
-		{ DH_free(dh); return(NULL); }
-	return(dh);
-	}
-
-static DH *get_dh1024dsa()
-	{
-	static unsigned char dh1024_p[]={
-		0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
-		0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
-		0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
-		0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
-		0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
-		0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
-		0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
-		0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
-		0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
-		0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
-		0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
-		};
-	static unsigned char dh1024_g[]={
-		0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
-		0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
-		0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
-		0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
-		0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
-		0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
-		0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
-		0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
-		0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
-		0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
-		0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
-		};
-	DH *dh;
-
-	if ((dh=DH_new()) == NULL) return(NULL);
-	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
-	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
-	if ((dh->p == NULL) || (dh->g == NULL))
-		{ DH_free(dh); return(NULL); }
-	dh->length = 160;
-	return(dh);
-	}
-#endif
-
-#ifndef OPENSSL_NO_PSK
-/* convert the PSK key (psk_key) in ascii to binary (psk) */
-static int psk_key2bn(const char *pskkey, unsigned char *psk,
-	unsigned int max_psk_len)
-	{
-	int ret;
-	BIGNUM *bn = NULL;
-
-	ret = BN_hex2bn(&bn, pskkey);
-	if (!ret)
-		{
-		BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", pskkey); 
-		if (bn)
-			BN_free(bn);
-		return 0;
-		}
-	if (BN_num_bytes(bn) > (int)max_psk_len)
-		{
-		BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
-			max_psk_len, BN_num_bytes(bn));
-		BN_free(bn);
-		return 0;
-		}
-	ret = BN_bn2bin(bn, psk);
-	BN_free(bn);
-	return ret;
-	}
-
-static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity,
-	unsigned int max_identity_len, unsigned char *psk,
-	unsigned int max_psk_len)
-	{
-	int ret;
-	unsigned int psk_len = 0;
-
-	ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
-	if (ret < 0)
-		goto out_err;
-	if (debug)
-		fprintf(stderr, "client: created identity '%s' len=%d\n", identity, ret);
-	ret = psk_key2bn(psk_key, psk, max_psk_len);
-	if (ret < 0)
-		goto out_err;
-	psk_len = ret;
-out_err:
-	return psk_len;
-	}
-
-static unsigned int psk_server_callback(SSL *ssl, const char *identity,
-	unsigned char *psk, unsigned int max_psk_len)
-	{
-	unsigned int psk_len=0;
-
-	if (strcmp(identity, "Client_identity") != 0)
-		{
-		BIO_printf(bio_err, "server: PSK error: client identity not found\n");
-		return 0;
-		}
-	psk_len=psk_key2bn(psk_key, psk, max_psk_len);
-	return psk_len;
-	}
-#endif
-
-static int do_test_cipherlist(void)
-	{
-	int i = 0;
-	const SSL_METHOD *meth;
-	const SSL_CIPHER *ci, *tci = NULL;
-
-#ifndef OPENSSL_NO_SSL2
-	fprintf(stderr, "testing SSLv2 cipher list order: ");
-	meth = SSLv2_method();
-	while ((ci = meth->get_cipher(i++)) != NULL)
-		{
-		if (tci != NULL)
-			if (ci->id >= tci->id)
-				{
-				fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
-				return 0;
-				}
-		tci = ci;
-		}
-	fprintf(stderr, "ok\n");
-#endif
-#ifndef OPENSSL_NO_SSL3
-	fprintf(stderr, "testing SSLv3 cipher list order: ");
-	meth = SSLv3_method();
-	tci = NULL;
-	while ((ci = meth->get_cipher(i++)) != NULL)
-		{
-		if (tci != NULL)
-			if (ci->id >= tci->id)
-				{
-				fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
-				return 0;
-				}
-		tci = ci;
-		}
-	fprintf(stderr, "ok\n");
-#endif
-#ifndef OPENSSL_NO_TLS1
-	fprintf(stderr, "testing TLSv1 cipher list order: ");
-	meth = TLSv1_method();
-	tci = NULL;
-	while ((ci = meth->get_cipher(i++)) != NULL)
-		{
-		if (tci != NULL)
-			if (ci->id >= tci->id)
-				{
-				fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
-				return 0;
-				}
-		tci = ci;
-		}
-	fprintf(stderr, "ok\n");
-#endif
-
-	return 1;
-	}
diff --git a/ssl/t1_clnt.c b/ssl/t1_clnt.c
deleted file mode 100644
index 578617ed84..0000000000
--- a/ssl/t1_clnt.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/* ssl/t1_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static const SSL_METHOD *tls1_get_client_method(int ver);
-static const SSL_METHOD *tls1_get_client_method(int ver)
-	{
-	if (ver == TLS1_2_VERSION)
-		return TLSv1_2_client_method();
-	if (ver == TLS1_1_VERSION)
-		return TLSv1_1_client_method();
-	if (ver == TLS1_VERSION)
-		return TLSv1_client_method();
-	return NULL;
-	}
-
-IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method,
-			ssl_undefined_function,
-			ssl3_connect,
-			tls1_get_client_method)
-
-IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method,
-			ssl_undefined_function,
-			ssl3_connect,
-			tls1_get_client_method)
-
-IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method,
-			ssl_undefined_function,
-			ssl3_connect,
-			tls1_get_client_method)
-
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
deleted file mode 100644
index 5b5bc148d3..0000000000
--- a/ssl/t1_enc.c
+++ /dev/null
@@ -1,1276 +0,0 @@
-/* ssl/t1_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
-#ifdef KSSL_DEBUG
-#include <openssl/des.h>
-#endif
-
-/* seed1 through seed5 are virtually concatenated */
-static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
-			int sec_len,
-			const void *seed1, int seed1_len,
-			const void *seed2, int seed2_len,
-			const void *seed3, int seed3_len,
-			const void *seed4, int seed4_len,
-			const void *seed5, int seed5_len,
-			unsigned char *out, int olen)
-	{
-	int chunk;
-	size_t j;
-	EVP_MD_CTX ctx, ctx_tmp;
-	EVP_PKEY *mac_key;
-	unsigned char A1[EVP_MAX_MD_SIZE];
-	size_t A1_len;
-	int ret = 0;
-	
-	chunk=EVP_MD_size(md);
-	OPENSSL_assert(chunk >= 0);
-
-	EVP_MD_CTX_init(&ctx);
-	EVP_MD_CTX_init(&ctx_tmp);
-	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-	EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-	mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
-	if (!mac_key)
-		goto err;
-	if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key))
-		goto err;
-	if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key))
-		goto err;
-	if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
-		goto err;
-	if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len))
-		goto err;
-	if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len))
-		goto err;
-	if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len))
-		goto err;
-	if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
-		goto err;
-	if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
-		goto err;
-
-	for (;;)
-		{
-		/* Reinit mac contexts */
-		if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key))
-			goto err;
-		if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key))
-			goto err;
-		if (!EVP_DigestSignUpdate(&ctx,A1,A1_len))
-			goto err;
-		if (!EVP_DigestSignUpdate(&ctx_tmp,A1,A1_len))
-			goto err;
-		if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
-			goto err;
-		if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len))
-			goto err;
-		if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len))
-			goto err;
-		if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len))
-			goto err;
-		if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
-			goto err;
-
-		if (olen > chunk)
-			{
-			if (!EVP_DigestSignFinal(&ctx,out,&j))
-				goto err;
-			out+=j;
-			olen-=j;
-			/* calc the next A1 value */
-			if (!EVP_DigestSignFinal(&ctx_tmp,A1,&A1_len))
-				goto err;
-			}
-		else	/* last one */
-			{
-			if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
-				goto err;
-			memcpy(out,A1,olen);
-			break;
-			}
-		}
-	ret = 1;
-err:
-	EVP_PKEY_free(mac_key);
-	EVP_MD_CTX_cleanup(&ctx);
-	EVP_MD_CTX_cleanup(&ctx_tmp);
-	OPENSSL_cleanse(A1,sizeof(A1));
-	return ret;
-	}
-
-/* seed1 through seed5 are virtually concatenated */
-static int tls1_PRF(long digest_mask,
-		     const void *seed1, int seed1_len,
-		     const void *seed2, int seed2_len,
-		     const void *seed3, int seed3_len,
-		     const void *seed4, int seed4_len,
-		     const void *seed5, int seed5_len,
-		     const unsigned char *sec, int slen,
-		     unsigned char *out1,
-		     unsigned char *out2, int olen)
-	{
-	int len,i,idx,count;
-	const unsigned char *S1;
-	long m;
-	const EVP_MD *md;
-	int ret = 0;
-
-	/* Count number of digests and partition sec evenly */
-	count=0;
-	for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
-		if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++;
-	}	
-	len=slen/count;
-	if (count == 1)
-		slen = 0;
-	S1=sec;
-	memset(out1,0,olen);
-	for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
-		if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) {
-			if (!md) {
-				SSLerr(SSL_F_TLS1_PRF,
-				SSL_R_UNSUPPORTED_DIGEST_TYPE);
-				goto err;				
-			}
-			if (!tls1_P_hash(md ,S1,len+(slen&1),
-					seed1,seed1_len,seed2,seed2_len,seed3,seed3_len,seed4,seed4_len,seed5,seed5_len,
-					out2,olen))
-				goto err;
-			S1+=len;
-			for (i=0; i<olen; i++)
-			{
-				out1[i]^=out2[i];
-			}
-		}
-	}
-	ret = 1;
-err:
-	return ret;
-}
-static int tls1_generate_key_block(SSL *s, unsigned char *km,
-	     unsigned char *tmp, int num)
-	{
-	int ret;
-	ret = tls1_PRF(ssl_get_algorithm2(s),
-		 TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE,
-		 s->s3->server_random,SSL3_RANDOM_SIZE,
-		 s->s3->client_random,SSL3_RANDOM_SIZE,
-		 NULL,0,NULL,0,
-		 s->session->master_key,s->session->master_key_length,
-		 km,tmp,num);
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"tls1_generate_key_block() ==> %d byte master_key =\n\t",
-                s->session->master_key_length);
-	{
-        int i;
-        for (i=0; i < s->session->master_key_length; i++)
-                {
-                fprintf(stderr,"%02X", s->session->master_key[i]);
-                }
-        fprintf(stderr,"\n");  }
-#endif    /* KSSL_DEBUG */
-	return ret;
-	}
-
-int tls1_change_cipher_state(SSL *s, int which)
-	{
-	static const unsigned char empty[]="";
-	unsigned char *p,*mac_secret;
-	unsigned char *exp_label;
-	unsigned char tmp1[EVP_MAX_KEY_LENGTH];
-	unsigned char tmp2[EVP_MAX_KEY_LENGTH];
-	unsigned char iv1[EVP_MAX_IV_LENGTH*2];
-	unsigned char iv2[EVP_MAX_IV_LENGTH*2];
-	unsigned char *ms,*key,*iv;
-	int client_write;
-	EVP_CIPHER_CTX *dd;
-	const EVP_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
-	const SSL_COMP *comp;
-#endif
-	const EVP_MD *m;
-	int mac_type;
-	int *mac_secret_size;
-	EVP_MD_CTX *mac_ctx;
-	EVP_PKEY *mac_key;
-	int is_export,n,i,j,k,exp_label_len,cl;
-	int reuse_dd = 0;
-
-	is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
-	c=s->s3->tmp.new_sym_enc;
-	m=s->s3->tmp.new_hash;
-	mac_type = s->s3->tmp.new_mac_pkey_type;
-#ifndef OPENSSL_NO_COMP
-	comp=s->s3->tmp.new_compression;
-#endif
-
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"tls1_change_cipher_state(which= %d) w/\n", which);
-	fprintf(stderr,"\talg= %ld/%ld, comp= %p\n",
-	       s->s3->tmp.new_cipher->algorithm_mkey,
-	       s->s3->tmp.new_cipher->algorithm_auth,
-	       comp);
-	fprintf(stderr,"\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
-	fprintf(stderr,"\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
-                c->nid,c->block_size,c->key_len,c->iv_len);
-	fprintf(stderr,"\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
-	{
-        int i;
-        for (i=0; i<s->s3->tmp.key_block_length; i++)
-		fprintf(stderr,"%02x", s->s3->tmp.key_block[i]);  fprintf(stderr,"\n");
-        }
-#endif	/* KSSL_DEBUG */
-
-	if (which & SSL3_CC_READ)
-		{
-		if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
-			s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
-		else
-			s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
-
-		if (s->enc_read_ctx != NULL)
-			reuse_dd = 1;
-		else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
-			goto err;
-		else
-			/* make sure it's intialized in case we exit later with an error */
-			EVP_CIPHER_CTX_init(s->enc_read_ctx);
-		dd= s->enc_read_ctx;
-		mac_ctx=ssl_replace_hash(&s->read_hash,NULL);
-#ifndef OPENSSL_NO_COMP
-		if (s->expand != NULL)
-			{
-			COMP_CTX_free(s->expand);
-			s->expand=NULL;
-			}
-		if (comp != NULL)
-			{
-			s->expand=COMP_CTX_new(comp->method);
-			if (s->expand == NULL)
-				{
-				SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
-				goto err2;
-				}
-			if (s->s3->rrec.comp == NULL)
-				s->s3->rrec.comp=(unsigned char *)
-					OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
-			if (s->s3->rrec.comp == NULL)
-				goto err;
-			}
-#endif
-		/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
- 		if (s->version != DTLS1_VERSION)
-			memset(&(s->s3->read_sequence[0]),0,8);
-		mac_secret= &(s->s3->read_mac_secret[0]);
-		mac_secret_size=&(s->s3->read_mac_secret_size);
-		}
-	else
-		{
-		if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
-			s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
-			else
-			s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
-		if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
-			reuse_dd = 1;
-		else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
-			goto err;
-		dd= s->enc_write_ctx;
-		if (SSL_IS_DTLS(s))
-			{
-			mac_ctx = EVP_MD_CTX_create();
-			if (!mac_ctx)
-				goto err;
-			s->write_hash = mac_ctx;
-			}
-		else
-			mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
-#ifndef OPENSSL_NO_COMP
-		if (s->compress != NULL)
-			{
-			COMP_CTX_free(s->compress);
-			s->compress=NULL;
-			}
-		if (comp != NULL)
-			{
-			s->compress=COMP_CTX_new(comp->method);
-			if (s->compress == NULL)
-				{
-				SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
-				goto err2;
-				}
-			}
-#endif
-		/* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
- 		if (s->version != DTLS1_VERSION)
-			memset(&(s->s3->write_sequence[0]),0,8);
-		mac_secret= &(s->s3->write_mac_secret[0]);
-		mac_secret_size = &(s->s3->write_mac_secret_size);
-		}
-
-	if (reuse_dd)
-		EVP_CIPHER_CTX_cleanup(dd);
-
-	p=s->s3->tmp.key_block;
-	i=*mac_secret_size=s->s3->tmp.new_mac_secret_size;
-
-	cl=EVP_CIPHER_key_length(c);
-	j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
-	               cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
-	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
-	/* If GCM mode only part of IV comes from PRF */
-	if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
-		k = EVP_GCM_TLS_FIXED_IV_LEN;
-	else
-		k=EVP_CIPHER_iv_length(c);
-	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
-		(which == SSL3_CHANGE_CIPHER_SERVER_READ))
-		{
-		ms=  &(p[ 0]); n=i+i;
-		key= &(p[ n]); n+=j+j;
-		iv=  &(p[ n]); n+=k+k;
-		exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
-		exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
-		client_write=1;
-		}
-	else
-		{
-		n=i;
-		ms=  &(p[ n]); n+=i+j;
-		key= &(p[ n]); n+=j+k;
-		iv=  &(p[ n]); n+=k;
-		exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
-		exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
-		client_write=0;
-		}
-
-	if (n > s->s3->tmp.key_block_length)
-		{
-		SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
-		goto err2;
-		}
-
-	memcpy(mac_secret,ms,i);
-
-	if (!(EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER))
-		{
-		mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
-				mac_secret,*mac_secret_size);
-		EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key);
-		EVP_PKEY_free(mac_key);
-		}
-#ifdef TLS_DEBUG
-printf("which = %04X\nmac key=",which);
-{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
-#endif
-	if (is_export)
-		{
-		/* In here I set both the read and write key/iv to the
-		 * same value since only the correct one will be used :-).
-		 */
-		if (!tls1_PRF(ssl_get_algorithm2(s),
-				exp_label,exp_label_len,
-				s->s3->client_random,SSL3_RANDOM_SIZE,
-				s->s3->server_random,SSL3_RANDOM_SIZE,
-				NULL,0,NULL,0,
-				key,j,tmp1,tmp2,EVP_CIPHER_key_length(c)))
-			goto err2;
-		key=tmp1;
-
-		if (k > 0)
-			{
-			if (!tls1_PRF(ssl_get_algorithm2(s),
-					TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
-					s->s3->client_random,SSL3_RANDOM_SIZE,
-					s->s3->server_random,SSL3_RANDOM_SIZE,
-					NULL,0,NULL,0,
-					empty,0,iv1,iv2,k*2))
-				goto err2;
-			if (client_write)
-				iv=iv1;
-			else
-				iv= &(iv1[k]);
-			}
-		}
-
-	s->session->key_arg_length=0;
-#ifdef KSSL_DEBUG
-	{
-        int i;
-	fprintf(stderr,"EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
-	fprintf(stderr,"\tkey= "); for (i=0; i<c->key_len; i++) fprintf(stderr,"%02x", key[i]);
-	fprintf(stderr,"\n");
-	fprintf(stderr,"\t iv= "); for (i=0; i<c->iv_len; i++) fprintf(stderr,"%02x", iv[i]);
-	fprintf(stderr,"\n");
-	}
-#endif	/* KSSL_DEBUG */
-
-	if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
-		{
-		EVP_CipherInit_ex(dd,c,NULL,key,NULL,(which & SSL3_CC_WRITE));
-		EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv);
-		}
-	else	
-		EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
-
-	/* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
-	if ((EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size)
-		EVP_CIPHER_CTX_ctrl(dd,EVP_CTRL_AEAD_SET_MAC_KEY,
-				*mac_secret_size,mac_secret);
-
-#ifdef TLS_DEBUG
-printf("which = %04X\nkey=",which);
-{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
-printf("\niv=");
-{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
-	OPENSSL_cleanse(tmp1,sizeof(tmp1));
-	OPENSSL_cleanse(tmp2,sizeof(tmp1));
-	OPENSSL_cleanse(iv1,sizeof(iv1));
-	OPENSSL_cleanse(iv2,sizeof(iv2));
-	return(1);
-err:
-	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
-err2:
-	return(0);
-	}
-
-int tls1_setup_key_block(SSL *s)
-	{
-	unsigned char *p1,*p2=NULL;
-	const EVP_CIPHER *c;
-	const EVP_MD *hash;
-	int num;
-	SSL_COMP *comp;
-	int mac_type= NID_undef,mac_secret_size=0;
-	int ret=0;
-
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"tls1_setup_key_block()\n");
-#endif	/* KSSL_DEBUG */
-
-	if (s->s3->tmp.key_block_length != 0)
-		return(1);
-
-	if (!ssl_cipher_get_evp(s->session,&c,&hash,&mac_type,&mac_secret_size,&comp))
-		{
-		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
-		return(0);
-		}
-
-	s->s3->tmp.new_sym_enc=c;
-	s->s3->tmp.new_hash=hash;
-	s->s3->tmp.new_mac_pkey_type = mac_type;
-	s->s3->tmp.new_mac_secret_size = mac_secret_size;
-	num=EVP_CIPHER_key_length(c)+mac_secret_size+EVP_CIPHER_iv_length(c);
-	num*=2;
-
-	ssl3_cleanup_key_block(s);
-
-	if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-		{
-		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	s->s3->tmp.key_block_length=num;
-	s->s3->tmp.key_block=p1;
-
-	if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-		{
-		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-#ifdef TLS_DEBUG
-printf("client random\n");
-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
-printf("server random\n");
-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
-printf("pre-master\n");
-{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
-#endif
-	if (!tls1_generate_key_block(s,p1,p2,num))
-		goto err;
-#ifdef TLS_DEBUG
-printf("\nkey block\n");
-{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
-#endif
-
-	if (s->method->version <= TLS1_VERSION &&
-	    (s->mode & SSL_MODE_CBC_RECORD_SPLITTING) != 0)
-		{
-		/* enable vulnerability countermeasure for CBC ciphers with
-		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
-		 */
-		s->s3->need_record_splitting = 1;
-
-		if (s->session->cipher != NULL)
-			{
-			if (s->session->cipher->algorithm_enc == SSL_eNULL)
-				s->s3->need_record_splitting = 0;
-			
-#ifndef OPENSSL_NO_RC4
-			if (s->session->cipher->algorithm_enc == SSL_RC4)
-				s->s3->need_record_splitting = 0;
-#endif
-			}
-		}
-		
-	ret = 1;
-err:
-	if (p2)
-		{
-		OPENSSL_cleanse(p2,num);
-		OPENSSL_free(p2);
-		}
-	return(ret);
-	}
-
-/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
- *
- * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
- *       short etc).
- *   1: if the record's padding is valid / the encryption was successful.
- *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- *       an internal error occured.
- */
-int tls1_enc(SSL *s, int send)
-	{
-	SSL3_RECORD *rec;
-	EVP_CIPHER_CTX *ds;
-	unsigned long l;
-	int bs,i,j,k,pad=0,ret,mac_size=0;
-	const EVP_CIPHER *enc;
-
-	if (send)
-		{
-		if (EVP_MD_CTX_md(s->write_hash))
-			{
-			int n=EVP_MD_CTX_size(s->write_hash);
-			OPENSSL_assert(n >= 0);
-			}
-		ds=s->enc_write_ctx;
-		rec= &(s->s3->wrec);
-		if (s->enc_write_ctx == NULL)
-			enc=NULL;
-		else
-			{
-			int ivlen;
-			enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
-			/* For TLSv1.1 and later explicit IV */
-			if (s->version >= TLS1_1_VERSION
-				&& EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
-				ivlen = EVP_CIPHER_iv_length(enc);
-			else
-				ivlen = 0;
-			if (ivlen > 1)
-				{
-				if ( rec->data != rec->input)
-					/* we can't write into the input stream:
-					 * Can this ever happen?? (steve)
-					 */
-					fprintf(stderr,
-						"%s:%d: rec->data != rec->input\n",
-						__FILE__, __LINE__);
-				else if (RAND_bytes(rec->input, ivlen) <= 0)
-					return -1;
-				}
-			}
-		}
-	else
-		{
-		if (EVP_MD_CTX_md(s->read_hash))
-			{
-			int n=EVP_MD_CTX_size(s->read_hash);
-			OPENSSL_assert(n >= 0);
-			}
-		ds=s->enc_read_ctx;
-		rec= &(s->s3->rrec);
-		if (s->enc_read_ctx == NULL)
-			enc=NULL;
-		else
-			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
-		}
-
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"tls1_enc(%d)\n", send);
-#endif    /* KSSL_DEBUG */
-
-	if ((s->session == NULL) || (ds == NULL) || (enc == NULL))
-		{
-		memmove(rec->data,rec->input,rec->length);
-		rec->input=rec->data;
-		ret = 1;
-		}
-	else
-		{
-		l=rec->length;
-		bs=EVP_CIPHER_block_size(ds->cipher);
-
-		if (EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
-			{
-			unsigned char buf[13],*seq;
-
-			seq = send?s->s3->write_sequence:s->s3->read_sequence;
-
-			if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
-				{
-				unsigned char dtlsseq[9],*p=dtlsseq;
-
-				s2n(send?s->d1->w_epoch:s->d1->r_epoch,p);
-				memcpy(p,&seq[2],6);
-				memcpy(buf,dtlsseq,8);
-				}
-			else
-				{
-				memcpy(buf,seq,8);
-				for (i=7; i>=0; i--)	/* increment */
-					{
-					++seq[i];
-					if (seq[i] != 0) break; 
-					}
-				}
-
-			buf[8]=rec->type;
-			buf[9]=(unsigned char)(s->version>>8);
-			buf[10]=(unsigned char)(s->version);
-			buf[11]=rec->length>>8;
-			buf[12]=rec->length&0xff;
-			pad=EVP_CIPHER_CTX_ctrl(ds,EVP_CTRL_AEAD_TLS1_AAD,13,buf);
-			if (send)
-				{
-				l+=pad;
-				rec->length+=pad;
-				}
-			}
-		else if ((bs != 1) && send)
-			{
-			i=bs-((int)l%bs);
-
-			/* Add weird padding of upto 256 bytes */
-
-			/* we need to add 'i' padding bytes of value j */
-			j=i-1;
-			if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
-				{
-				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
-					j++;
-				}
-			for (k=(int)l; k<(int)(l+i); k++)
-				rec->input[k]=j;
-			l+=i;
-			rec->length+=i;
-			}
-
-#ifdef KSSL_DEBUG
-		{
-		unsigned long ui;
-		fprintf(stderr,"EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
-			ds,rec->data,rec->input,l);
-		fprintf(stderr,"\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%lu %lu], %d iv_len\n",
-			ds->buf_len, ds->cipher->key_len,
-			DES_KEY_SZ, DES_SCHEDULE_SZ,
-			ds->cipher->iv_len);
-		fprintf(stderr,"\t\tIV: ");
-		for (i=0; i<ds->cipher->iv_len; i++) fprintf(stderr,"%02X", ds->iv[i]);
-		fprintf(stderr,"\n");
-		fprintf(stderr,"\trec->input=");
-		for (ui=0; ui<l; ui++) fprintf(stderr," %02x", rec->input[ui]);
-		fprintf(stderr,"\n");
-		}
-#endif	/* KSSL_DEBUG */
-
-		if (!send)
-			{
-			if (l == 0 || l%bs != 0)
-				return 0;
-			}
-		
-		i = EVP_Cipher(ds,rec->data,rec->input,l);
-		if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER)
-						?(i<0)
-						:(i==0))
-			return -1;	/* AEAD can fail to verify MAC */
-		if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send)
-			{
-			rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-			rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
-			rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
-			}
-
-#ifdef KSSL_DEBUG
-		{
-		unsigned long i;
-		fprintf(stderr,"\trec->data=");
-		for (i=0; i<l; i++)
-			fprintf(stderr," %02x", rec->data[i]);  fprintf(stderr,"\n");
-		}
-#endif	/* KSSL_DEBUG */
-
-		ret = 1;
-		if (EVP_MD_CTX_md(s->read_hash) != NULL)
-			mac_size = EVP_MD_CTX_size(s->read_hash);
-		if ((bs != 1) && !send)
-			ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
-		if (pad && !send)
-			rec->length -= pad;
-		}
-	return ret;
-	}
-
-int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
-	{
-	unsigned int ret;
-	EVP_MD_CTX ctx, *d=NULL;
-	int i;
-
-	if (s->s3->handshake_buffer) 
-		if (!ssl3_digest_cached_records(s))
-			return 0;
-
-	for (i=0;i<SSL_MAX_DIGEST;i++) 
-		{
-		  if (s->s3->handshake_dgst[i]&&EVP_MD_CTX_type(s->s3->handshake_dgst[i])==md_nid) 
-		  	{
-		  	d=s->s3->handshake_dgst[i];
-			break;
-			}
-		}
-	if (!d) {
-		SSLerr(SSL_F_TLS1_CERT_VERIFY_MAC,SSL_R_NO_REQUIRED_DIGEST);
-		return 0;
-	}	
-
-	EVP_MD_CTX_init(&ctx);
-	EVP_MD_CTX_copy_ex(&ctx,d);
-	EVP_DigestFinal_ex(&ctx,out,&ret);
-	EVP_MD_CTX_cleanup(&ctx);
-	return((int)ret);
-	}
-
-/* tls1_handshake_digest calculates the current handshake hash and writes it to
- * |out|, which has space for |out_len| bytes. It returns the number of bytes
- * written or -1 in the event of an error. This function works on a copy of the
- * underlying digests so can be called multiple times and prior to the final
- * update etc. */
-int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len)
-	{
-	const EVP_MD *md;
-	EVP_MD_CTX ctx;
-	int i, err = 0, len = 0;
-	long mask;
-
-	EVP_MD_CTX_init(&ctx);
-
-	for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++)
-		{
-		int hash_size;
-		unsigned int digest_len;
-		EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i];
-
-		if ((mask & ssl_get_algorithm2(s)) == 0)
-			continue;
-
-		hash_size = EVP_MD_size(md);
-		if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len)
-			{
-			err = 1;
-			break;
-			}
-
-		if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
-		    !EVP_DigestFinal_ex(&ctx, out, &digest_len) ||
-		    digest_len != (unsigned int)hash_size) /* internal error */
-			{
-			err = 1;
-			break;
-			}
-		out += digest_len;
-		out_len -= digest_len;
-		len += digest_len;
-		}
-
-	EVP_MD_CTX_cleanup(&ctx);
-
-	if (err != 0)
-		return -1;
-	return len;
-	}
-
-int tls1_final_finish_mac(SSL *s,
-	     const char *str, int slen, unsigned char *out)
-	{
-	unsigned char buf[2*EVP_MAX_MD_SIZE];
-	unsigned char buf2[12];
-	int err=0;
-	int digests_len;
-
-	if (s->s3->handshake_buffer)
-		if (!ssl3_digest_cached_records(s))
-			return 0;
-
-	digests_len = tls1_handshake_digest(s, buf, sizeof(buf));
-	if (digests_len < 0)
-		{
-		err = 1;
-		digests_len = 0;
-		}
-
-	if (!tls1_PRF(ssl_get_algorithm2(s),
-			str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0,
-			s->session->master_key,s->session->master_key_length,
-			out,buf2,sizeof buf2))
-		err = 1;
-
-	if (err)
-		return 0;
-	else
-		return sizeof buf2;
-	}
-
-int tls1_mac(SSL *ssl, unsigned char *md, int send)
-	{
-	SSL3_RECORD *rec;
-	unsigned char *seq;
-	EVP_MD_CTX *hash;
-	size_t md_size, orig_len;
-	int i;
-	EVP_MD_CTX hmac, *mac_ctx;
-	unsigned char header[13];
-	int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
-	int t;
-
-	if (send)
-		{
-		rec= &(ssl->s3->wrec);
-		seq= &(ssl->s3->write_sequence[0]);
-		hash=ssl->write_hash;
-		}
-	else
-		{
-		rec= &(ssl->s3->rrec);
-		seq= &(ssl->s3->read_sequence[0]);
-		hash=ssl->read_hash;
-		}
-
-	t=EVP_MD_CTX_size(hash);
-	OPENSSL_assert(t >= 0);
-	md_size=t;
-
-	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
-	if (stream_mac) 
-		{
-			mac_ctx = hash;
-		}
-		else
-		{
-			if (!EVP_MD_CTX_copy(&hmac,hash))
-				return -1;
-			mac_ctx = &hmac;
-		}
-
-	if (ssl->version == DTLS1_VERSION || ssl->version == DTLS1_BAD_VER)
-		{
-		unsigned char dtlsseq[8],*p=dtlsseq;
-
-		s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
-		memcpy (p,&seq[2],6);
-
-		memcpy(header, dtlsseq, 8);
-		}
-	else
-		memcpy(header, seq, 8);
-
-	/* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
-	orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
-	rec->type &= 0xff;
-
-	header[8]=rec->type;
-	header[9]=(unsigned char)(ssl->version>>8);
-	header[10]=(unsigned char)(ssl->version);
-	header[11]=(rec->length)>>8;
-	header[12]=(rec->length)&0xff;
-
-	if (!send &&
-	    EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
-	    ssl3_cbc_record_digest_supported(mac_ctx))
-		{
-		/* This is a CBC-encrypted record. We must avoid leaking any
-		 * timing-side channel information about how many blocks of
-		 * data we are hashing because that gives an attacker a
-		 * timing-oracle. */
-		ssl3_cbc_digest_record(
-			mac_ctx,
-			md, &md_size,
-			header, rec->input,
-			rec->length + md_size, orig_len,
-			ssl->s3->read_mac_secret,
-			ssl->s3->read_mac_secret_size,
-			0 /* not SSLv3 */);
-		}
-	else
-		{
-		EVP_DigestSignUpdate(mac_ctx,header,sizeof(header));
-		EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
-		t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
-		OPENSSL_assert(t > 0);
-#ifdef OPENSSL_FIPS
-		if (!send && FIPS_mode())
-			tls_fips_digest_extra(
-	    				ssl->enc_read_ctx,
-					mac_ctx, rec->input,
-					rec->length, orig_len);
-#endif
-		}
-		
-	if (!stream_mac)
-		EVP_MD_CTX_cleanup(&hmac);
-#ifdef TLS_DEBUG
-fprintf(stderr,"seq=");
-{int z; for (z=0; z<8; z++) fprintf(stderr,"%02X ",seq[z]); fprintf(stderr,"\n"); }
-fprintf(stderr,"rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) fprintf(stderr,"%02X ",rec->data[z]); fprintf(stderr,"\n"); }
-#endif
-
-	if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
-		{
-		for (i=7; i>=0; i--)
-			{
-			++seq[i];
-			if (seq[i] != 0) break; 
-			}
-		}
-
-#ifdef TLS_DEBUG
-{unsigned int z; for (z=0; z<md_size; z++) fprintf(stderr,"%02X ",md[z]); fprintf(stderr,"\n"); }
-#endif
-	return(md_size);
-	}
-
-int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
-	     int len)
-	{
-	unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
-	const void *co = NULL, *so = NULL;
-	int col = 0, sol = 0;
-
-
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
-#endif	/* KSSL_DEBUG */
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	if (s->s3->client_opaque_prf_input != NULL && s->s3->server_opaque_prf_input != NULL &&
-	    s->s3->client_opaque_prf_input_len > 0 &&
-	    s->s3->client_opaque_prf_input_len == s->s3->server_opaque_prf_input_len)
-		{
-		co = s->s3->client_opaque_prf_input;
-		col = s->s3->server_opaque_prf_input_len;
-		so = s->s3->server_opaque_prf_input;
-		sol = s->s3->client_opaque_prf_input_len; /* must be same as col (see draft-rescorla-tls-opaque-prf-input-00.txt, section 3.1) */
-		}
-#endif
-
-	tls1_PRF(ssl_get_algorithm2(s),
-		TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE,
-		s->s3->client_random,SSL3_RANDOM_SIZE,
-		co, col,
-		s->s3->server_random,SSL3_RANDOM_SIZE,
-		so, sol,
-		p,len,
-		s->session->master_key,buff,sizeof buff);
-#ifdef SSL_DEBUG
-	fprintf(stderr, "Premaster Secret:\n");
-	BIO_dump_fp(stderr, (char *)p, len);
-	fprintf(stderr, "Client Random:\n");
-	BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
-	fprintf(stderr, "Server Random:\n");
-	BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
-	fprintf(stderr, "Master Secret:\n");
-	BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
-#endif
-
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"tls1_generate_master_secret() complete\n");
-#endif	/* KSSL_DEBUG */
-	return(SSL3_MASTER_SECRET_SIZE);
-	}
-
-int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-	 const char *label, size_t llen, const unsigned char *context,
-	 size_t contextlen, int use_context)
-	{
-	unsigned char *buff;
-	unsigned char *val = NULL;
-	size_t vallen, currentvalpos;
-	int rv;
-
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"tls1_export_keying_material(%p,%p,%lu,%s,%lu,%p,%lu)\n", s, out, olen, label, llen, context, contextlen);
-#endif	/* KSSL_DEBUG */
-
-	buff = OPENSSL_malloc(olen);
-	if (buff == NULL) goto err2;
-
-	/* construct PRF arguments
-	 * we construct the PRF argument ourself rather than passing separate
-	 * values into the TLS PRF to ensure that the concatenation of values
-	 * does not create a prohibited label.
-	 */
-	vallen = llen + SSL3_RANDOM_SIZE * 2;
-	if (use_context)
-		{
-		vallen += 2 + contextlen;
-		}
-
-	val = OPENSSL_malloc(vallen);
-	if (val == NULL) goto err2;
-	currentvalpos = 0;
-	memcpy(val + currentvalpos, (unsigned char *) label, llen);
-	currentvalpos += llen;
-	memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
-	currentvalpos += SSL3_RANDOM_SIZE;
-	memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
-	currentvalpos += SSL3_RANDOM_SIZE;
-
-	if (use_context)
-		{
-		val[currentvalpos] = (contextlen >> 8) & 0xff;
-		currentvalpos++;
-		val[currentvalpos] = contextlen & 0xff;
-		currentvalpos++;
-		if ((contextlen > 0) || (context != NULL))
-			{
-			memcpy(val + currentvalpos, context, contextlen);
-			}
-		}
-
-	/* disallow prohibited labels
-	 * note that SSL3_RANDOM_SIZE > max(prohibited label len) =
-	 * 15, so size of val > max(prohibited label len) = 15 and the
-	 * comparisons won't have buffer overflow
-	 */
-	if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
-		 TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) goto err1;
-	if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
-		 TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) goto err1;
-	if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
-		 TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) goto err1;
-	if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
-		 TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
-
-	rv = tls1_PRF(ssl_get_algorithm2(s),
-		      val, vallen,
-		      NULL, 0,
-		      NULL, 0,
-		      NULL, 0,
-		      NULL, 0,
-		      s->session->master_key,s->session->master_key_length,
-		      out,buff,olen);
-
-#ifdef KSSL_DEBUG
-	fprintf(stderr,"tls1_export_keying_material() complete\n");
-#endif	/* KSSL_DEBUG */
-	goto ret;
-err1:
-	SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
-	rv = 0;
-	goto ret;
-err2:
-	SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
-	rv = 0;
-ret:
-	if (buff != NULL) OPENSSL_free(buff);
-	if (val != NULL) OPENSSL_free(val);
-	return(rv);
-	}
-
-int tls1_alert_code(int code)
-	{
-	switch (code)
-		{
-	case SSL_AD_CLOSE_NOTIFY:	return(SSL3_AD_CLOSE_NOTIFY);
-	case SSL_AD_UNEXPECTED_MESSAGE:	return(SSL3_AD_UNEXPECTED_MESSAGE);
-	case SSL_AD_BAD_RECORD_MAC:	return(SSL3_AD_BAD_RECORD_MAC);
-	case SSL_AD_DECRYPTION_FAILED:	return(TLS1_AD_DECRYPTION_FAILED);
-	case SSL_AD_RECORD_OVERFLOW:	return(TLS1_AD_RECORD_OVERFLOW);
-	case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
-	case SSL_AD_HANDSHAKE_FAILURE:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_NO_CERTIFICATE:	return(-1);
-	case SSL_AD_BAD_CERTIFICATE:	return(SSL3_AD_BAD_CERTIFICATE);
-	case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
-	case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
-	case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
-	case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
-	case SSL_AD_ILLEGAL_PARAMETER:	return(SSL3_AD_ILLEGAL_PARAMETER);
-	case SSL_AD_UNKNOWN_CA:		return(TLS1_AD_UNKNOWN_CA);
-	case SSL_AD_ACCESS_DENIED:	return(TLS1_AD_ACCESS_DENIED);
-	case SSL_AD_DECODE_ERROR:	return(TLS1_AD_DECODE_ERROR);
-	case SSL_AD_DECRYPT_ERROR:	return(TLS1_AD_DECRYPT_ERROR);
-	case SSL_AD_EXPORT_RESTRICTION:	return(TLS1_AD_EXPORT_RESTRICTION);
-	case SSL_AD_PROTOCOL_VERSION:	return(TLS1_AD_PROTOCOL_VERSION);
-	case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
-	case SSL_AD_INTERNAL_ERROR:	return(TLS1_AD_INTERNAL_ERROR);
-	case SSL_AD_USER_CANCELLED:	return(TLS1_AD_USER_CANCELLED);
-	case SSL_AD_NO_RENEGOTIATION:	return(TLS1_AD_NO_RENEGOTIATION);
-	case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION);
-	case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE);
-	case SSL_AD_UNRECOGNIZED_NAME:	return(TLS1_AD_UNRECOGNIZED_NAME);
-	case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
-	case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
-	case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
-	case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
-#if 0 /* not appropriate for TLS, not used for DTLS */
-	case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return 
-					  (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
-	default:			return(-1);
-		}
-	}
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
deleted file mode 100644
index a8829207b5..0000000000
--- a/ssl/t1_lib.c
+++ /dev/null
@@ -1,3010 +0,0 @@
-/* ssl/t1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/ocsp.h>
-#include <openssl/rand.h>
-#include "ssl_locl.h"
-
-const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;
-
-#ifndef OPENSSL_NO_TLSEXT
-static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
-				const unsigned char *sess_id, int sesslen,
-				SSL_SESSION **psess);
-#endif
-
-SSL3_ENC_METHOD TLSv1_enc_data={
-	tls1_enc,
-	tls1_mac,
-	tls1_setup_key_block,
-	tls1_generate_master_secret,
-	tls1_change_cipher_state,
-	tls1_final_finish_mac,
-	TLS1_FINISH_MAC_LENGTH,
-	tls1_cert_verify_mac,
-	TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
-	TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
-	tls1_alert_code,
-	tls1_export_keying_material,
-	};
-
-long tls1_default_timeout(void)
-	{
-	/* 2 hours, the 24 hours mentioned in the TLSv1 spec
-	 * is way too long for http, the cache would over fill */
-	return(60*60*2);
-	}
-
-int tls1_new(SSL *s)
-	{
-	if (!ssl3_new(s)) return(0);
-	s->method->ssl_clear(s);
-	return(1);
-	}
-
-void tls1_free(SSL *s)
-	{
-#ifndef OPENSSL_NO_TLSEXT
-	if (s->tlsext_session_ticket)
-		{
-		OPENSSL_free(s->tlsext_session_ticket);
-		}
-#endif /* OPENSSL_NO_TLSEXT */
-	ssl3_free(s);
-	}
-
-void tls1_clear(SSL *s)
-	{
-	ssl3_clear(s);
-	s->version = s->method->version;
-	}
-
-#ifndef OPENSSL_NO_EC
-
-static int nid_list[] =
-	{
-		NID_sect163k1, /* sect163k1 (1) */
-		NID_sect163r1, /* sect163r1 (2) */
-		NID_sect163r2, /* sect163r2 (3) */
-		NID_sect193r1, /* sect193r1 (4) */ 
-		NID_sect193r2, /* sect193r2 (5) */ 
-		NID_sect233k1, /* sect233k1 (6) */
-		NID_sect233r1, /* sect233r1 (7) */ 
-		NID_sect239k1, /* sect239k1 (8) */ 
-		NID_sect283k1, /* sect283k1 (9) */
-		NID_sect283r1, /* sect283r1 (10) */ 
-		NID_sect409k1, /* sect409k1 (11) */ 
-		NID_sect409r1, /* sect409r1 (12) */
-		NID_sect571k1, /* sect571k1 (13) */ 
-		NID_sect571r1, /* sect571r1 (14) */ 
-		NID_secp160k1, /* secp160k1 (15) */
-		NID_secp160r1, /* secp160r1 (16) */ 
-		NID_secp160r2, /* secp160r2 (17) */ 
-		NID_secp192k1, /* secp192k1 (18) */
-		NID_X9_62_prime192v1, /* secp192r1 (19) */ 
-		NID_secp224k1, /* secp224k1 (20) */ 
-		NID_secp224r1, /* secp224r1 (21) */
-		NID_secp256k1, /* secp256k1 (22) */ 
-		NID_X9_62_prime256v1, /* secp256r1 (23) */ 
-		NID_secp384r1, /* secp384r1 (24) */
-		NID_secp521r1  /* secp521r1 (25) */	
-	};
-
-static int pref_list[] =
-	{
-#ifndef OPENSSL_NO_EC2M
-		NID_sect571r1, /* sect571r1 (14) */ 
-		NID_sect571k1, /* sect571k1 (13) */ 
-#endif
-		NID_secp521r1, /* secp521r1 (25) */	
-#ifndef OPENSSL_NO_EC2M
-		NID_sect409k1, /* sect409k1 (11) */ 
-		NID_sect409r1, /* sect409r1 (12) */
-#endif
-		NID_secp384r1, /* secp384r1 (24) */
-#ifndef OPENSSL_NO_EC2M
-		NID_sect283k1, /* sect283k1 (9) */
-		NID_sect283r1, /* sect283r1 (10) */ 
-#endif
-		NID_secp256k1, /* secp256k1 (22) */ 
-		NID_X9_62_prime256v1, /* secp256r1 (23) */ 
-#ifndef OPENSSL_NO_EC2M
-		NID_sect239k1, /* sect239k1 (8) */ 
-		NID_sect233k1, /* sect233k1 (6) */
-		NID_sect233r1, /* sect233r1 (7) */ 
-#endif
-		NID_secp224k1, /* secp224k1 (20) */ 
-		NID_secp224r1, /* secp224r1 (21) */
-#ifndef OPENSSL_NO_EC2M
-		NID_sect193r1, /* sect193r1 (4) */ 
-		NID_sect193r2, /* sect193r2 (5) */ 
-#endif
-		NID_secp192k1, /* secp192k1 (18) */
-		NID_X9_62_prime192v1, /* secp192r1 (19) */ 
-#ifndef OPENSSL_NO_EC2M
-		NID_sect163k1, /* sect163k1 (1) */
-		NID_sect163r1, /* sect163r1 (2) */
-		NID_sect163r2, /* sect163r2 (3) */
-#endif
-		NID_secp160k1, /* secp160k1 (15) */
-		NID_secp160r1, /* secp160r1 (16) */ 
-		NID_secp160r2, /* secp160r2 (17) */ 
-	};
-
-int tls1_ec_curve_id2nid(int curve_id)
-	{
-	/* ECC curves from RFC 4492 */
-	if ((curve_id < 1) || ((unsigned int)curve_id >
-				sizeof(nid_list)/sizeof(nid_list[0])))
-		return 0;
-	return nid_list[curve_id-1];
-	}
-
-int tls1_ec_nid2curve_id(int nid)
-	{
-	/* ECC curves from RFC 4492 */
-	switch (nid)
-		{
-	case NID_sect163k1: /* sect163k1 (1) */
-		return 1;
-	case NID_sect163r1: /* sect163r1 (2) */
-		return 2;
-	case NID_sect163r2: /* sect163r2 (3) */
-		return 3;
-	case NID_sect193r1: /* sect193r1 (4) */ 
-		return 4;
-	case NID_sect193r2: /* sect193r2 (5) */ 
-		return 5;
-	case NID_sect233k1: /* sect233k1 (6) */
-		return 6;
-	case NID_sect233r1: /* sect233r1 (7) */ 
-		return 7;
-	case NID_sect239k1: /* sect239k1 (8) */ 
-		return 8;
-	case NID_sect283k1: /* sect283k1 (9) */
-		return 9;
-	case NID_sect283r1: /* sect283r1 (10) */ 
-		return 10;
-	case NID_sect409k1: /* sect409k1 (11) */ 
-		return 11;
-	case NID_sect409r1: /* sect409r1 (12) */
-		return 12;
-	case NID_sect571k1: /* sect571k1 (13) */ 
-		return 13;
-	case NID_sect571r1: /* sect571r1 (14) */ 
-		return 14;
-	case NID_secp160k1: /* secp160k1 (15) */
-		return 15;
-	case NID_secp160r1: /* secp160r1 (16) */ 
-		return 16;
-	case NID_secp160r2: /* secp160r2 (17) */ 
-		return 17;
-	case NID_secp192k1: /* secp192k1 (18) */
-		return 18;
-	case NID_X9_62_prime192v1: /* secp192r1 (19) */ 
-		return 19;
-	case NID_secp224k1: /* secp224k1 (20) */ 
-		return 20;
-	case NID_secp224r1: /* secp224r1 (21) */
-		return 21;
-	case NID_secp256k1: /* secp256k1 (22) */ 
-		return 22;
-	case NID_X9_62_prime256v1: /* secp256r1 (23) */ 
-		return 23;
-	case NID_secp384r1: /* secp384r1 (24) */
-		return 24;
-	case NID_secp521r1:  /* secp521r1 (25) */	
-		return 25;
-	default:
-		return 0;
-		}
-	}
-#endif /* OPENSSL_NO_EC */
-
-#ifndef OPENSSL_NO_TLSEXT
-
-/* List of supported signature algorithms and hashes. Should make this
- * customisable at some point, for now include everything we support.
- */
-
-#ifdef OPENSSL_NO_RSA
-#define tlsext_sigalg_rsa(md) /* */
-#else
-#define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
-#endif
-
-#ifdef OPENSSL_NO_DSA
-#define tlsext_sigalg_dsa(md) /* */
-#else
-#define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
-#endif
-
-#ifdef OPENSSL_NO_ECDSA
-#define tlsext_sigalg_ecdsa(md) /* */
-#else
-#define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
-#endif
-
-#define tlsext_sigalg(md) \
-		tlsext_sigalg_rsa(md) \
-		tlsext_sigalg_dsa(md) \
-		tlsext_sigalg_ecdsa(md)
-
-static unsigned char tls12_sigalgs[] = {
-#ifndef OPENSSL_NO_SHA512
-	tlsext_sigalg(TLSEXT_hash_sha512)
-	tlsext_sigalg(TLSEXT_hash_sha384)
-#endif
-#ifndef OPENSSL_NO_SHA256
-	tlsext_sigalg(TLSEXT_hash_sha256)
-	tlsext_sigalg(TLSEXT_hash_sha224)
-#endif
-#ifndef OPENSSL_NO_SHA
-	tlsext_sigalg(TLSEXT_hash_sha1)
-#endif
-};
-
-int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
-	{
-	size_t slen = sizeof(tls12_sigalgs);
-	if (p)
-		memcpy(p, tls12_sigalgs, slen);
-	return (int)slen;
-	}
-
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit)
-	{
-	int extdatalen=0;
-	unsigned char *orig = buf;
-	unsigned char *ret = buf;
-
-	/* don't add extensions for SSLv3 unless doing secure renegotiation */
-	if (s->client_version == SSL3_VERSION
-					&& !s->s3->send_connection_binding)
-		return orig;
-
-	ret+=2;
-
-	if (ret>=limit) return NULL; /* this really never occurs, but ... */
-
- 	if (s->tlsext_hostname != NULL)
-		{ 
-		/* Add TLS extension servername to the Client Hello message */
-		unsigned long size_str;
-		long lenmax; 
-
-		/* check for enough space.
-		   4 for the servername type and entension length
-		   2 for servernamelist length
-		   1 for the hostname type
-		   2 for hostname length
-		   + hostname length 
-		*/
-		   
-		if ((lenmax = limit - ret - 9) < 0 
-		    || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) 
-			return NULL;
-			
-		/* extension type and length */
-		s2n(TLSEXT_TYPE_server_name,ret); 
-		s2n(size_str+5,ret);
-		
-		/* length of servername list */
-		s2n(size_str+3,ret);
-	
-		/* hostname type, length and hostname */
-		*(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;
-		s2n(size_str,ret);
-		memcpy(ret, s->tlsext_hostname, size_str);
-		ret+=size_str;
-		}
-
-        /* Add RI if renegotiating */
-        if (s->renegotiate)
-          {
-          int el;
-          
-          if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
-              {
-              SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-              return NULL;
-              }
-
-          if((limit - ret - 4 - el) < 0) return NULL;
-          
-          s2n(TLSEXT_TYPE_renegotiate,ret);
-          s2n(el,ret);
-
-          if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
-              {
-              SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-              return NULL;
-              }
-
-          ret += el;
-        }
-
-#ifndef OPENSSL_NO_SRP
-	/* Add SRP username if there is one */
-	if (s->srp_ctx.login != NULL)
-		{ /* Add TLS extension SRP username to the Client Hello message */
-
-		int login_len = strlen(s->srp_ctx.login);	
-		if (login_len > 255 || login_len == 0)
-			{
-			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-			return NULL;
-			} 
-
-		/* check for enough space.
-		   4 for the srp type type and entension length
-		   1 for the srp user identity
-		   + srp user identity length 
-		*/
-		if ((limit - ret - 5 - login_len) < 0) return NULL; 
-
-		/* fill in the extension */
-		s2n(TLSEXT_TYPE_srp,ret);
-		s2n(login_len+1,ret);
-		(*ret++) = (unsigned char) login_len;
-		memcpy(ret, s->srp_ctx.login, login_len);
-		ret+=login_len;
-		}
-#endif
-
-#ifndef OPENSSL_NO_EC
-	if (s->tlsext_ecpointformatlist != NULL)
-		{
-		/* Add TLS extension ECPointFormats to the ClientHello message */
-		long lenmax; 
-
-		if ((lenmax = limit - ret - 5) < 0) return NULL; 
-		if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
-		if (s->tlsext_ecpointformatlist_length > 255)
-			{
-			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-			return NULL;
-			}
-		
-		s2n(TLSEXT_TYPE_ec_point_formats,ret);
-		s2n(s->tlsext_ecpointformatlist_length + 1,ret);
-		*(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
-		memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
-		ret+=s->tlsext_ecpointformatlist_length;
-		}
-	if (s->tlsext_ellipticcurvelist != NULL)
-		{
-		/* Add TLS extension EllipticCurves to the ClientHello message */
-		long lenmax; 
-
-		if ((lenmax = limit - ret - 6) < 0) return NULL; 
-		if (s->tlsext_ellipticcurvelist_length > (unsigned long)lenmax) return NULL;
-		if (s->tlsext_ellipticcurvelist_length > 65532)
-			{
-			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-			return NULL;
-			}
-		
-		s2n(TLSEXT_TYPE_elliptic_curves,ret);
-		s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
-
-		s2n(s->tlsext_ellipticcurvelist_length, ret);
-		memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
-		ret+=s->tlsext_ellipticcurvelist_length;
-		}
-#endif /* OPENSSL_NO_EC */
-
-	if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
-		{
-		int ticklen;
-		if (!s->new_session && s->session && s->session->tlsext_tick)
-			ticklen = s->session->tlsext_ticklen;
-		else if (s->session && s->tlsext_session_ticket &&
-			 s->tlsext_session_ticket->data)
-			{
-			ticklen = s->tlsext_session_ticket->length;
-			s->session->tlsext_tick = OPENSSL_malloc(ticklen);
-			if (!s->session->tlsext_tick)
-				return NULL;
-			memcpy(s->session->tlsext_tick,
-			       s->tlsext_session_ticket->data,
-			       ticklen);
-			s->session->tlsext_ticklen = ticklen;
-			}
-		else
-			ticklen = 0;
-		if (ticklen == 0 && s->tlsext_session_ticket &&
-		    s->tlsext_session_ticket->data == NULL)
-			goto skip_ext;
-		/* Check for enough room 2 for extension type, 2 for len
- 		 * rest for ticket
-  		 */
-		if ((long)(limit - ret - 4 - ticklen) < 0) return NULL;
-		s2n(TLSEXT_TYPE_session_ticket,ret); 
-		s2n(ticklen,ret);
-		if (ticklen)
-			{
-			memcpy(ret, s->session->tlsext_tick, ticklen);
-			ret += ticklen;
-			}
-		}
-		skip_ext:
-
-	if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
-		{
-		if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
-			return NULL; 
-		s2n(TLSEXT_TYPE_signature_algorithms,ret);
-		s2n(sizeof(tls12_sigalgs) + 2, ret);
-		s2n(sizeof(tls12_sigalgs), ret);
-		memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
-		ret += sizeof(tls12_sigalgs);
-		}
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	if (s->s3->client_opaque_prf_input != NULL &&
-	    s->version != DTLS1_VERSION)
-		{
-		size_t col = s->s3->client_opaque_prf_input_len;
-		
-		if ((long)(limit - ret - 6 - col < 0))
-			return NULL;
-		if (col > 0xFFFD) /* can't happen */
-			return NULL;
-
-		s2n(TLSEXT_TYPE_opaque_prf_input, ret); 
-		s2n(col + 2, ret);
-		s2n(col, ret);
-		memcpy(ret, s->s3->client_opaque_prf_input, col);
-		ret += col;
-		}
-#endif
-
-	if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
-	    s->version != DTLS1_VERSION)
-		{
-		int i;
-		long extlen, idlen, itmp;
-		OCSP_RESPID *id;
-
-		idlen = 0;
-		for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
-			{
-			id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
-			itmp = i2d_OCSP_RESPID(id, NULL);
-			if (itmp <= 0)
-				return NULL;
-			idlen += itmp + 2;
-			}
-
-		if (s->tlsext_ocsp_exts)
-			{
-			extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
-			if (extlen < 0)
-				return NULL;
-			}
-		else
-			extlen = 0;
-			
-		if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL;
-		s2n(TLSEXT_TYPE_status_request, ret);
-		if (extlen + idlen > 0xFFF0)
-			return NULL;
-		s2n(extlen + idlen + 5, ret);
-		*(ret++) = TLSEXT_STATUSTYPE_ocsp;
-		s2n(idlen, ret);
-		for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
-			{
-			/* save position of id len */
-			unsigned char *q = ret;
-			id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
-			/* skip over id len */
-			ret += 2;
-			itmp = i2d_OCSP_RESPID(id, &ret);
-			/* write id len */
-			s2n(itmp, q);
-			}
-		s2n(extlen, ret);
-		if (extlen > 0)
-			i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
-		}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-	/* Add Heartbeat extension */
-	if ((limit - ret - 4 - 1) < 0)
-		return NULL;
-	s2n(TLSEXT_TYPE_heartbeat,ret);
-	s2n(1,ret);
-	/* Set mode:
-	 * 1: peer may send requests
-	 * 2: peer not allowed to send requests
-	 */
-	if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
-		*(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-	else
-		*(ret++) = SSL_TLSEXT_HB_ENABLED;
-#endif
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-	if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len)
-		{
-		/* The client advertises an emtpy extension to indicate its
-		 * support for Next Protocol Negotiation */
-		if (limit - ret - 4 < 0)
-			return NULL;
-		s2n(TLSEXT_TYPE_next_proto_neg,ret);
-		s2n(0,ret);
-		}
-#endif
-
-	if (s->tlsext_channel_id_enabled)
-		{
-		/* The client advertises an emtpy extension to indicate its
-		 * support for Channel ID. */
-		if (limit - ret - 4 < 0)
-			return NULL;
-		if (s->ctx->tlsext_channel_id_enabled_new)
-			s2n(TLSEXT_TYPE_channel_id_new,ret);
-		else
-			s2n(TLSEXT_TYPE_channel_id,ret);
-		s2n(0,ret);
-		}
-
-	if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len)
-		{
-		if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len)
-			return NULL;
-		s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret);
-		s2n(2 + s->alpn_client_proto_list_len,ret);
-		s2n(s->alpn_client_proto_list_len,ret);
-		memcpy(ret, s->alpn_client_proto_list,
-		       s->alpn_client_proto_list_len);
-		ret += s->alpn_client_proto_list_len;
-		}
-
-#ifndef OPENSSL_NO_SRTP
-	if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
-                {
-                int el;
-
-                ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
-                
-                if((limit - ret - 4 - el) < 0) return NULL;
-
-                s2n(TLSEXT_TYPE_use_srtp,ret);
-                s2n(el,ret);
-
-                if(ssl_add_clienthello_use_srtp_ext(s, ret, &el, el))
-			{
-			SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-			return NULL;
-			}
-                ret += el;
-                }
-#endif
-	/* Add padding to workaround bugs in F5 terminators.
-	 * See https://tools.ietf.org/html/draft-agl-tls-padding-03
-	 *
-	 * NB: because this code works out the length of all existing
-	 * extensions it MUST always appear last.
-	 */
-	if (s->options & SSL_OP_TLSEXT_PADDING)
-		{
-		int hlen = ret - (unsigned char *)s->init_buf->data;
-		/* The code in s23_clnt.c to build ClientHello messages
-		 * includes the 5-byte record header in the buffer, while
-		 * the code in s3_clnt.c does not.
-		 */
-		if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
-			hlen -= 5;
-		if (hlen > 0xff && hlen < 0x200)
-			{
-			hlen = 0x200 - hlen;
-			if (hlen >= 4)
-				hlen -= 4;
-			else
-				hlen = 0;
-
-			s2n(TLSEXT_TYPE_padding, ret);
-			s2n(hlen, ret);
-			memset(ret, 0, hlen);
-			ret += hlen;
-			}
-		}
-
-	if ((extdatalen = ret-orig-2)== 0) 
-		return orig;
-
-	s2n(extdatalen, orig);
-	return ret;
-	}
-
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *limit)
-	{
-	int extdatalen=0;
-	unsigned char *orig = buf;
-	unsigned char *ret = buf;
-#ifndef OPENSSL_NO_NEXTPROTONEG
-	int next_proto_neg_seen;
-#endif
-
-	/* don't add extensions for SSLv3, unless doing secure renegotiation */
-	if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
-		return orig;
-	
-	ret+=2;
-	if (ret>=limit) return NULL; /* this really never occurs, but ... */
-
-	if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
-		{ 
-		if ((long)(limit - ret - 4) < 0) return NULL; 
-
-		s2n(TLSEXT_TYPE_server_name,ret);
-		s2n(0,ret);
-		}
-
-	if(s->s3->send_connection_binding)
-        {
-          int el;
-          
-          if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0))
-              {
-              SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-              return NULL;
-              }
-
-          if((limit - ret - 4 - el) < 0) return NULL;
-          
-          s2n(TLSEXT_TYPE_renegotiate,ret);
-          s2n(el,ret);
-
-          if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el))
-              {
-              SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-              return NULL;
-              }
-
-          ret += el;
-        }
-
-#ifndef OPENSSL_NO_EC
-	if (s->tlsext_ecpointformatlist != NULL)
-		{
-		/* Add TLS extension ECPointFormats to the ServerHello message */
-		long lenmax; 
-
-		if ((lenmax = limit - ret - 5) < 0) return NULL; 
-		if (s->tlsext_ecpointformatlist_length > (unsigned long)lenmax) return NULL;
-		if (s->tlsext_ecpointformatlist_length > 255)
-			{
-			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-			return NULL;
-			}
-		
-		s2n(TLSEXT_TYPE_ec_point_formats,ret);
-		s2n(s->tlsext_ecpointformatlist_length + 1,ret);
-		*(ret++) = (unsigned char) s->tlsext_ecpointformatlist_length;
-		memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length);
-		ret+=s->tlsext_ecpointformatlist_length;
-
-		}
-	/* Currently the server should not respond with a SupportedCurves extension */
-#endif /* OPENSSL_NO_EC */
-
-	if (s->tlsext_ticket_expected
-		&& !(SSL_get_options(s) & SSL_OP_NO_TICKET)) 
-		{ 
-		if ((long)(limit - ret - 4) < 0) return NULL; 
-		s2n(TLSEXT_TYPE_session_ticket,ret);
-		s2n(0,ret);
-		}
-
-	if (s->tlsext_status_expected)
-		{ 
-		if ((long)(limit - ret - 4) < 0) return NULL; 
-		s2n(TLSEXT_TYPE_status_request,ret);
-		s2n(0,ret);
-		}
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	if (s->s3->server_opaque_prf_input != NULL &&
-	    s->version != DTLS1_VERSION)
-		{
-		size_t sol = s->s3->server_opaque_prf_input_len;
-		
-		if ((long)(limit - ret - 6 - sol) < 0)
-			return NULL;
-		if (sol > 0xFFFD) /* can't happen */
-			return NULL;
-
-		s2n(TLSEXT_TYPE_opaque_prf_input, ret); 
-		s2n(sol + 2, ret);
-		s2n(sol, ret);
-		memcpy(ret, s->s3->server_opaque_prf_input, sol);
-		ret += sol;
-		}
-#endif
-
-#ifndef OPENSSL_NO_SRTP
-	if(SSL_IS_DTLS(s) && s->srtp_profile)
-                {
-                int el;
-
-                ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
-                
-                if((limit - ret - 4 - el) < 0) return NULL;
-
-                s2n(TLSEXT_TYPE_use_srtp,ret);
-                s2n(el,ret);
-
-                if(ssl_add_serverhello_use_srtp_ext(s, ret, &el, el))
-			{
-			SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
-			return NULL;
-			}
-                ret+=el;
-                }
-#endif
-
-	if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) 
-		&& (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
-		{ const unsigned char cryptopro_ext[36] = {
-			0xfd, 0xe8, /*65000*/
-			0x00, 0x20, /*32 bytes length*/
-			0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85, 
-			0x03,   0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06, 
-			0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08, 
-			0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17};
-			if (limit-ret<36) return NULL;
-			memcpy(ret,cryptopro_ext,36);
-			ret+=36;
-
-		}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-	/* Add Heartbeat extension if we've received one */
-	if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED)
-		{
-		if ((limit - ret - 4 - 1) < 0)
-			return NULL;
-		s2n(TLSEXT_TYPE_heartbeat,ret);
-		s2n(1,ret);
-		/* Set mode:
-		 * 1: peer may send requests
-		 * 2: peer not allowed to send requests
-		 */
-		if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
-			*(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-		else
-			*(ret++) = SSL_TLSEXT_HB_ENABLED;
-
-		}
-#endif
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-	next_proto_neg_seen = s->s3->next_proto_neg_seen;
-	s->s3->next_proto_neg_seen = 0;
-	if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb)
-		{
-		const unsigned char *npa;
-		unsigned int npalen;
-		int r;
-
-		r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg);
-		if (r == SSL_TLSEXT_ERR_OK)
-			{
-			if ((long)(limit - ret - 4 - npalen) < 0) return NULL;
-			s2n(TLSEXT_TYPE_next_proto_neg,ret);
-			s2n(npalen,ret);
-			memcpy(ret, npa, npalen);
-			ret += npalen;
-			s->s3->next_proto_neg_seen = 1;
-			}
-		}
-#endif
-
-	/* If the client advertised support for Channel ID, and we have it
-	 * enabled, then we want to echo it back. */
-	if (s->s3->tlsext_channel_id_valid)
-		{
-		if (limit - ret - 4 < 0)
-			return NULL;
-		if (s->s3->tlsext_channel_id_new)
-			s2n(TLSEXT_TYPE_channel_id_new,ret);
-		else
-			s2n(TLSEXT_TYPE_channel_id,ret);
-		s2n(0,ret);
-		}
-
-	if (s->s3->alpn_selected)
-		{
-		const unsigned char *selected = s->s3->alpn_selected;
-		unsigned len = s->s3->alpn_selected_len;
-
-		if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
-			return NULL;
-		s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret);
-		s2n(3 + len,ret);
-		s2n(1 + len,ret);
-		*ret++ = len;
-		memcpy(ret, selected, len);
-		ret += len;
-		}
-
-	if ((extdatalen = ret-orig-2)== 0) 
-		return orig;
-
-	s2n(extdatalen, orig);
-	return ret;
-	}
-
-#ifndef OPENSSL_NO_EC
-/* ssl_check_for_safari attempts to fingerprint Safari using OS X
- * SecureTransport using the TLS extension block in |d|, of length |n|.
- * Safari, since 10.6, sends exactly these extensions, in this order:
- *   SNI,
- *   elliptic_curves
- *   ec_point_formats
- *
- * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
- * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
- * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
- * 10.8..10.8.3 (which don't work).
- */
-static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) {
-	unsigned short type, size;
-	static const unsigned char kSafariExtensionsBlock[] = {
-		0x00, 0x0a,  /* elliptic_curves extension */
-		0x00, 0x08,  /* 8 bytes */
-		0x00, 0x06,  /* 6 bytes of curve ids */
-		0x00, 0x17,  /* P-256 */
-		0x00, 0x18,  /* P-384 */
-		0x00, 0x19,  /* P-521 */
-
-		0x00, 0x0b,  /* ec_point_formats */
-		0x00, 0x02,  /* 2 bytes */
-		0x01,        /* 1 point format */
-		0x00,        /* uncompressed */
-	};
-
-	/* The following is only present in TLS 1.2 */
-	static const unsigned char kSafariTLS12ExtensionsBlock[] = {
-		0x00, 0x0d,  /* signature_algorithms */
-		0x00, 0x0c,  /* 12 bytes */
-		0x00, 0x0a,  /* 10 bytes */
-		0x05, 0x01,  /* SHA-384/RSA */
-		0x04, 0x01,  /* SHA-256/RSA */
-		0x02, 0x01,  /* SHA-1/RSA */
-		0x04, 0x03,  /* SHA-256/ECDSA */
-		0x02, 0x03,  /* SHA-1/ECDSA */
-	};
-
-	if (data >= (d+n-2))
-		return;
-	data += 2;
-
-	if (data > (d+n-4))
-		return;
-	n2s(data,type);
-	n2s(data,size);
-
-	if (type != TLSEXT_TYPE_server_name)
-		return;
-
-	if (data+size > d+n)
-		return;
-	data += size;
-
-	if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
-		{
-		const size_t len1 = sizeof(kSafariExtensionsBlock);
-		const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
-
-		if (data + len1 + len2 != d+n)
-			return;
-		if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
-			return;
-		if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
-			return;
-		}
-	else
-		{
-		const size_t len = sizeof(kSafariExtensionsBlock);
-
-		if (data + len != d+n)
-			return;
-		if (memcmp(data, kSafariExtensionsBlock, len) != 0)
-			return;
-		}
-
-	s->s3->is_probably_safari = 1;
-}
-#endif /* !OPENSSL_NO_EC */
-
-/* tls1_alpn_handle_client_hello is called to process the ALPN extension in a
- * ClientHello.
- *   data: the contents of the extension, not including the type and length.
- *   data_len: the number of bytes in |data|
- *   al: a pointer to the alert value to send in the event of a non-zero
- *       return.
- *
- *   returns: 0 on success. */
-static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
-					 unsigned data_len, int *al)
-	{
-	unsigned i;
-	unsigned proto_len;
-	const unsigned char *selected;
-	unsigned char selected_len;
-	int r;
-
-	if (s->ctx->alpn_select_cb == NULL)
-		return 0;
-
-	if (data_len < 2)
-		goto parse_error;
-
-	/* data should contain a uint16 length followed by a series of 8-bit,
-	 * length-prefixed strings. */
-	i = ((unsigned) data[0]) << 8 |
-	    ((unsigned) data[1]);
-	data_len -= 2;
-	data += 2;
-	if (data_len != i)
-		goto parse_error;
-
-	if (data_len < 2)
-		goto parse_error;
-
-	for (i = 0; i < data_len;)
-		{
-		proto_len = data[i];
-		i++;
-
-		if (proto_len == 0)
-			goto parse_error;
-
-		if (i + proto_len < i || i + proto_len > data_len)
-			goto parse_error;
-
-		i += proto_len;
-		}
-
-	r = s->ctx->alpn_select_cb(s, &selected, &selected_len, data, data_len,
-				   s->ctx->alpn_select_cb_arg);
-	if (r == SSL_TLSEXT_ERR_OK) {
-		if (s->s3->alpn_selected)
-			OPENSSL_free(s->s3->alpn_selected);
-		s->s3->alpn_selected = OPENSSL_malloc(selected_len);
-		if (!s->s3->alpn_selected)
-			{
-			*al = SSL_AD_INTERNAL_ERROR;
-			return -1;
-			}
-		memcpy(s->s3->alpn_selected, selected, selected_len);
-		s->s3->alpn_selected_len = selected_len;
-	}
-	return 0;
-
-parse_error:
-	*al = SSL_AD_DECODE_ERROR;
-	return -1;
-	}
-
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
-	{
-	unsigned short type;
-	unsigned short size;
-	unsigned short len;
-	unsigned char *data = *p;
-	int renegotiate_seen = 0;
-	int sigalg_seen = 0;
-
-	s->servername_done = 0;
-	s->tlsext_status_type = -1;
-
-	/* Reset TLS 1.2 digest functions to defaults because they don't carry
-	 * over to a renegotiation. */
-	s->s3->digest_rsa = NULL;
-	s->s3->digest_dsa = NULL;
-	s->s3->digest_ecdsa = NULL;
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-	s->s3->next_proto_neg_seen = 0;
-#endif
-
-	if (s->s3->alpn_selected)
-		{
-		OPENSSL_free(s->s3->alpn_selected);
-		s->s3->alpn_selected = NULL;
-		}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-	s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
-	                       SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
-#endif
-
-#ifndef OPENSSL_NO_EC
-	if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
-		ssl_check_for_safari(s, data, d, n);
-#endif /* !OPENSSL_NO_EC */
-
-#ifndef OPENSSL_NO_SRP
-	if (s->srp_ctx.login != NULL)
-		{
-		OPENSSL_free(s->srp_ctx.login);
-		s->srp_ctx.login = NULL;
-		}
-#endif
-
-	s->srtp_profile = NULL;
-
-	if (data >= (d+n-2))
-		goto ri_check;
-	n2s(data,len);
-
-	if (data > (d+n-len)) 
-		goto ri_check;
-
-	while (data <= (d+n-4))
-		{
-		n2s(data,type);
-		n2s(data,size);
-
-		if (data+size > (d+n))
-	   		goto ri_check;
-#if 0
-		fprintf(stderr,"Received extension type %d size %d\n",type,size);
-#endif
-		if (s->tlsext_debug_cb)
-			s->tlsext_debug_cb(s, 0, type, data, size,
-						s->tlsext_debug_arg);
-/* The servername extension is treated as follows:
-
-   - Only the hostname type is supported with a maximum length of 255.
-   - The servername is rejected if too long or if it contains zeros,
-     in which case an fatal alert is generated.
-   - The servername field is maintained together with the session cache.
-   - When a session is resumed, the servername call back invoked in order
-     to allow the application to position itself to the right context. 
-   - The servername is acknowledged if it is new for a session or when 
-     it is identical to a previously used for the same session. 
-     Applications can control the behaviour.  They can at any time
-     set a 'desirable' servername for a new SSL object. This can be the
-     case for example with HTTPS when a Host: header field is received and
-     a renegotiation is requested. In this case, a possible servername
-     presented in the new client hello is only acknowledged if it matches
-     the value of the Host: field. 
-   - Applications must  use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
-     if they provide for changing an explicit servername context for the session,
-     i.e. when the session has been established with a servername extension. 
-   - On session reconnect, the servername extension may be absent. 
-
-*/      
-
-		if (type == TLSEXT_TYPE_server_name)
-			{
-			unsigned char *sdata;
-			int servname_type;
-			int dsize; 
-		
-			if (size < 2) 
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-			n2s(data,dsize);  
-			size -= 2;
-			if (dsize > size  ) 
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				} 
-
-			sdata = data;
-			while (dsize > 3) 
-				{
-	 			servname_type = *(sdata++); 
-				n2s(sdata,len);
-				dsize -= 3;
-
-				if (len > dsize) 
-					{
-					*al = SSL_AD_DECODE_ERROR;
-					return 0;
-					}
-				if (s->servername_done == 0)
-				switch (servname_type)
-					{
-				case TLSEXT_NAMETYPE_host_name:
-					if (!s->hit)
-						{
-						if(s->session->tlsext_hostname)
-							{
-							*al = SSL_AD_DECODE_ERROR;
-							return 0;
-							}
-						if (len > TLSEXT_MAXLEN_host_name)
-							{
-							*al = TLS1_AD_UNRECOGNIZED_NAME;
-							return 0;
-							}
-						if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
-							{
-							*al = TLS1_AD_INTERNAL_ERROR;
-							return 0;
-							}
-						memcpy(s->session->tlsext_hostname, sdata, len);
-						s->session->tlsext_hostname[len]='\0';
-						if (strlen(s->session->tlsext_hostname) != len) {
-							OPENSSL_free(s->session->tlsext_hostname);
-							s->session->tlsext_hostname = NULL;
-							*al = TLS1_AD_UNRECOGNIZED_NAME;
-							return 0;
-						}
-						s->servername_done = 1; 
-
-						}
-					else 
-						s->servername_done = s->session->tlsext_hostname
-							&& strlen(s->session->tlsext_hostname) == len 
-							&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
-					
-					break;
-
-				default:
-					break;
-					}
-				 
-				dsize -= len;
-				}
-			if (dsize != 0) 
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-
-			}
-#ifndef OPENSSL_NO_SRP
-		else if (type == TLSEXT_TYPE_srp)
-			{
-			if (size <= 0 || ((len = data[0])) != (size -1))
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-			if (s->srp_ctx.login != NULL)
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-			if ((s->srp_ctx.login = OPENSSL_malloc(len+1)) == NULL)
-				return -1;
-			memcpy(s->srp_ctx.login, &data[1], len);
-			s->srp_ctx.login[len]='\0';
-  
-			if (strlen(s->srp_ctx.login) != len) 
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-			}
-#endif
-
-#ifndef OPENSSL_NO_EC
-		else if (type == TLSEXT_TYPE_ec_point_formats)
-			{
-			unsigned char *sdata = data;
-			int ecpointformatlist_length = *(sdata++);
-
-			if (ecpointformatlist_length != size - 1)
-				{
-				*al = TLS1_AD_DECODE_ERROR;
-				return 0;
-				}
-			if (!s->hit)
-				{
-				if(s->session->tlsext_ecpointformatlist)
-					{
-					OPENSSL_free(s->session->tlsext_ecpointformatlist);
-					s->session->tlsext_ecpointformatlist = NULL;
-					}
-				s->session->tlsext_ecpointformatlist_length = 0;
-				if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
-					{
-					*al = TLS1_AD_INTERNAL_ERROR;
-					return 0;
-					}
-				s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
-				memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
-				}
-#if 0
-			fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length);
-			sdata = s->session->tlsext_ecpointformatlist;
-			for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
-				fprintf(stderr,"%i ",*(sdata++));
-			fprintf(stderr,"\n");
-#endif
-			}
-		else if (type == TLSEXT_TYPE_elliptic_curves)
-			{
-			unsigned char *sdata = data;
-			int ellipticcurvelist_length = (*(sdata++) << 8);
-			ellipticcurvelist_length += (*(sdata++));
-
-			if (ellipticcurvelist_length != size - 2 ||
-				ellipticcurvelist_length < 1 ||
-				/* Each NamedCurve is 2 bytes. */
-				ellipticcurvelist_length & 1)
-				{
-				*al = TLS1_AD_DECODE_ERROR;
-				return 0;
-				}
-			if (!s->hit)
-				{
-				if(s->session->tlsext_ellipticcurvelist)
-					{
-					*al = TLS1_AD_DECODE_ERROR;
-					return 0;
-					}
-				s->session->tlsext_ellipticcurvelist_length = 0;
-				if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
-					{
-					*al = TLS1_AD_INTERNAL_ERROR;
-					return 0;
-					}
-				s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
-				memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
-				}
-#if 0
-			fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length);
-			sdata = s->session->tlsext_ellipticcurvelist;
-			for (i = 0; i < s->session->tlsext_ellipticcurvelist_length; i++)
-				fprintf(stderr,"%i ",*(sdata++));
-			fprintf(stderr,"\n");
-#endif
-			}
-#endif /* OPENSSL_NO_EC */
-#ifdef TLSEXT_TYPE_opaque_prf_input
-		else if (type == TLSEXT_TYPE_opaque_prf_input &&
-	             s->version != DTLS1_VERSION)
-			{
-			unsigned char *sdata = data;
-
-			if (size < 2)
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-			n2s(sdata, s->s3->client_opaque_prf_input_len);
-			if (s->s3->client_opaque_prf_input_len != size - 2)
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-
-			if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
-				OPENSSL_free(s->s3->client_opaque_prf_input);
-			if (s->s3->client_opaque_prf_input_len == 0)
-				s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
-			else
-				s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
-			if (s->s3->client_opaque_prf_input == NULL)
-				{
-				*al = TLS1_AD_INTERNAL_ERROR;
-				return 0;
-				}
-			}
-#endif
-		else if (type == TLSEXT_TYPE_session_ticket)
-			{
-			if (s->tls_session_ticket_ext_cb &&
-			    !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
-				{
-				*al = TLS1_AD_INTERNAL_ERROR;
-				return 0;
-				}
-			}
-		else if (type == TLSEXT_TYPE_renegotiate)
-			{
-			if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
-				return 0;
-			renegotiate_seen = 1;
-			}
-		else if (type == TLSEXT_TYPE_signature_algorithms)
-			{
-			int dsize;
-			if (sigalg_seen || size < 2) 
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-			sigalg_seen = 1;
-			n2s(data,dsize);
-			size -= 2;
-			if (dsize != size || dsize & 1) 
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-			tls1_process_sigalgs(s, data, dsize);
-			}
-		else if (type == TLSEXT_TYPE_status_request &&
-		         s->version != DTLS1_VERSION)
-			{
-		
-			if (size < 5) 
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-
-			s->tlsext_status_type = *data++;
-			size--;
-			if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
-				{
-				const unsigned char *sdata;
-				int dsize;
-				/* Read in responder_id_list */
-				n2s(data,dsize);
-				size -= 2;
-				if (dsize > size  ) 
-					{
-					*al = SSL_AD_DECODE_ERROR;
-					return 0;
-					}
-				while (dsize > 0)
-					{
-					OCSP_RESPID *id;
-					int idsize;
-					if (dsize < 4)
-						{
-						*al = SSL_AD_DECODE_ERROR;
-						return 0;
-						}
-					n2s(data, idsize);
-					dsize -= 2 + idsize;
-					size -= 2 + idsize;
-					if (dsize < 0)
-						{
-						*al = SSL_AD_DECODE_ERROR;
-						return 0;
-						}
-					sdata = data;
-					data += idsize;
-					id = d2i_OCSP_RESPID(NULL,
-								&sdata, idsize);
-					if (!id)
-						{
-						*al = SSL_AD_DECODE_ERROR;
-						return 0;
-						}
-					if (data != sdata)
-						{
-						OCSP_RESPID_free(id);
-						*al = SSL_AD_DECODE_ERROR;
-						return 0;
-						}
-					if (!s->tlsext_ocsp_ids
-						&& !(s->tlsext_ocsp_ids =
-						sk_OCSP_RESPID_new_null()))
-						{
-						OCSP_RESPID_free(id);
-						*al = SSL_AD_INTERNAL_ERROR;
-						return 0;
-						}
-					if (!sk_OCSP_RESPID_push(
-							s->tlsext_ocsp_ids, id))
-						{
-						OCSP_RESPID_free(id);
-						*al = SSL_AD_INTERNAL_ERROR;
-						return 0;
-						}
-					}
-
-				/* Read in request_extensions */
-				if (size < 2)
-					{
-					*al = SSL_AD_DECODE_ERROR;
-					return 0;
-					}
-				n2s(data,dsize);
-				size -= 2;
-				if (dsize != size)
-					{
-					*al = SSL_AD_DECODE_ERROR;
-					return 0;
-					}
-				sdata = data;
-				if (dsize > 0)
-					{
-					if (s->tlsext_ocsp_exts)
-						{
-						sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
-									   X509_EXTENSION_free);
-						}
-
-					s->tlsext_ocsp_exts =
-						d2i_X509_EXTENSIONS(NULL,
-							&sdata, dsize);
-					if (!s->tlsext_ocsp_exts
-						|| (data + dsize != sdata))
-						{
-						*al = SSL_AD_DECODE_ERROR;
-						return 0;
-						}
-					}
-				}
-				/* We don't know what to do with any other type
- 			 	* so ignore it.
- 			 	*/
-				else
-					s->tlsext_status_type = -1;
-			}
-#ifndef OPENSSL_NO_HEARTBEATS
-		else if (type == TLSEXT_TYPE_heartbeat)
-			{
-			switch(data[0])
-				{
-				case 0x01:	/* Client allows us to send HB requests */
-							s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
-							break;
-				case 0x02:	/* Client doesn't accept HB requests */
-							s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
-							s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-							break;
-				default:	*al = SSL_AD_ILLEGAL_PARAMETER;
-							return 0;
-				}
-			}
-#endif
-#ifndef OPENSSL_NO_NEXTPROTONEG
-		else if (type == TLSEXT_TYPE_next_proto_neg &&
-			 s->s3->tmp.finish_md_len == 0 &&
-			 s->s3->alpn_selected == NULL)
-			{
-			/* We shouldn't accept this extension on a
-			 * renegotiation.
-			 *
-			 * s->new_session will be set on renegotiation, but we
-			 * probably shouldn't rely that it couldn't be set on
-			 * the initial renegotation too in certain cases (when
-			 * there's some other reason to disallow resuming an
-			 * earlier session -- the current code won't be doing
-			 * anything like that, but this might change).
-
-			 * A valid sign that there's been a previous handshake
-			 * in this connection is if s->s3->tmp.finish_md_len >
-			 * 0.  (We are talking about a check that will happen
-			 * in the Hello protocol round, well before a new
-			 * Finished message could have been computed.) */
-			s->s3->next_proto_neg_seen = 1;
-			}
-#endif
-
-		else if (type == TLSEXT_TYPE_channel_id && s->tlsext_channel_id_enabled)
-			s->s3->tlsext_channel_id_valid = 1;
-
-		else if (type == TLSEXT_TYPE_channel_id_new &&
-			 s->tlsext_channel_id_enabled)
-			{
-			s->s3->tlsext_channel_id_valid = 1;
-			s->s3->tlsext_channel_id_new = 1;
-			}
-
-		else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
-			 s->ctx->alpn_select_cb &&
-			 s->s3->tmp.finish_md_len == 0)
-			{
-			if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
-				return 0;
-			/* ALPN takes precedence over NPN. */
-			s->s3->next_proto_neg_seen = 0;
-			}
-
-		/* session ticket processed earlier */
-#ifndef OPENSSL_NO_SRTP
-		else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
-			 && type == TLSEXT_TYPE_use_srtp)
-			{
-			if(ssl_parse_clienthello_use_srtp_ext(s, data, size,
-							      al))
-				return 0;
-			}
-#endif
-
-		data+=size;
-		}
-				
-	*p = data;
-
-	ri_check:
-
-	/* Need RI if renegotiating */
-
-	if (!renegotiate_seen && s->renegotiate &&
-		!(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-		{
-		*al = SSL_AD_HANDSHAKE_FAILURE;
-	 	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
-				SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-		return 0;
-		}
-
-	return 1;
-	}
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
- * elements of zero length are allowed and the set of elements must exactly fill
- * the length of the block. */
-static char ssl_next_proto_validate(unsigned char *d, unsigned len)
-	{
-	unsigned int off = 0;
-
-	while (off < len)
-		{
-		if (d[off] == 0)
-			return 0;
-		off += d[off];
-		off++;
-		}
-
-	return off == len;
-	}
-#endif
-
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
-	{
-	unsigned short length;
-	unsigned short type;
-	unsigned short size;
-	unsigned char *data = *p;
-	int tlsext_servername = 0;
-	int renegotiate_seen = 0;
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-	s->s3->next_proto_neg_seen = 0;
-#endif
-	s->tlsext_ticket_expected = 0;
-
-	if (s->s3->alpn_selected)
-		{
-		OPENSSL_free(s->s3->alpn_selected);
-		s->s3->alpn_selected = NULL;
-		}
-
-#ifndef OPENSSL_NO_HEARTBEATS
-	s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
-	                       SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
-#endif
-
-	if (data >= (d+n-2))
-		goto ri_check;
-
-	n2s(data,length);
-	if (data+length != d+n)
-		{
-		*al = SSL_AD_DECODE_ERROR;
-		return 0;
-		}
-
-	while(data <= (d+n-4))
-		{
-		n2s(data,type);
-		n2s(data,size);
-
-		if (data+size > (d+n))
-	   		goto ri_check;
-
-		if (s->tlsext_debug_cb)
-			s->tlsext_debug_cb(s, 1, type, data, size,
-						s->tlsext_debug_arg);
-
-		if (type == TLSEXT_TYPE_server_name)
-			{
-			if (s->tlsext_hostname == NULL || size > 0)
-				{
-				*al = TLS1_AD_UNRECOGNIZED_NAME;
-				return 0;
-				}
-			tlsext_servername = 1;   
-			}
-
-#ifndef OPENSSL_NO_EC
-		else if (type == TLSEXT_TYPE_ec_point_formats)
-			{
-			unsigned char *sdata = data;
-			int ecpointformatlist_length = *(sdata++);
-
-			if (ecpointformatlist_length != size - 1 || 
-				ecpointformatlist_length < 1)
-				{
-				*al = TLS1_AD_DECODE_ERROR;
-				return 0;
-				}
-			if (!s->hit)
-				{
-				s->session->tlsext_ecpointformatlist_length = 0;
-				if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
-				if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
-					{
-					*al = TLS1_AD_INTERNAL_ERROR;
-					return 0;
-					}
-				s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
-				memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
-				}
-#if 0
-			fprintf(stderr,"ssl_parse_serverhello_tlsext s->session->tlsext_ecpointformatlist ");
-			sdata = s->session->tlsext_ecpointformatlist;
-			for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
-				fprintf(stderr,"%i ",*(sdata++));
-			fprintf(stderr,"\n");
-#endif
-			}
-#endif /* OPENSSL_NO_EC */
-
-		else if (type == TLSEXT_TYPE_session_ticket)
-			{
-			if (s->tls_session_ticket_ext_cb &&
-			    !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
-				{
-				*al = TLS1_AD_INTERNAL_ERROR;
-				return 0;
-				}
-			if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
-				|| (size > 0))
-				{
-				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
-				return 0;
-				}
-			s->tlsext_ticket_expected = 1;
-			}
-#ifdef TLSEXT_TYPE_opaque_prf_input
-		else if (type == TLSEXT_TYPE_opaque_prf_input &&
-	             s->version != DTLS1_VERSION)
-			{
-			unsigned char *sdata = data;
-
-			if (size < 2)
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-			n2s(sdata, s->s3->server_opaque_prf_input_len);
-			if (s->s3->server_opaque_prf_input_len != size - 2)
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-			
-			if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
-				OPENSSL_free(s->s3->server_opaque_prf_input);
-			if (s->s3->server_opaque_prf_input_len == 0)
-				s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
-			else
-				s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
-
-			if (s->s3->server_opaque_prf_input == NULL)
-				{
-				*al = TLS1_AD_INTERNAL_ERROR;
-				return 0;
-				}
-			}
-#endif
-		else if (type == TLSEXT_TYPE_status_request &&
-		         s->version != DTLS1_VERSION)
-			{
-			/* MUST be empty and only sent if we've requested
-			 * a status request message.
-			 */ 
-			if ((s->tlsext_status_type == -1) || (size > 0))
-				{
-				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
-				return 0;
-				}
-			/* Set flag to expect CertificateStatus message */
-			s->tlsext_status_expected = 1;
-			}
-#ifndef OPENSSL_NO_NEXTPROTONEG
-		else if (type == TLSEXT_TYPE_next_proto_neg &&
-			 s->s3->tmp.finish_md_len == 0)
-			{
-			unsigned char *selected;
-			unsigned char selected_len;
-
-			/* We must have requested it. */
-			if (s->ctx->next_proto_select_cb == NULL)
-				{
-				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
-				return 0;
-				}
-			/* The data must be valid */
-			if (!ssl_next_proto_validate(data, size))
-				{
-				*al = TLS1_AD_DECODE_ERROR;
-				return 0;
-				}
-			if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK)
-				{
-				*al = TLS1_AD_INTERNAL_ERROR;
-				return 0;
-				}
-			s->next_proto_negotiated = OPENSSL_malloc(selected_len);
-			if (!s->next_proto_negotiated)
-				{
-				*al = TLS1_AD_INTERNAL_ERROR;
-				return 0;
-				}
-			memcpy(s->next_proto_negotiated, selected, selected_len);
-			s->next_proto_negotiated_len = selected_len;
-			s->s3->next_proto_neg_seen = 1;
-			}
-#endif
-		else if (type == TLSEXT_TYPE_channel_id)
-			s->s3->tlsext_channel_id_valid = 1;
-
-		else if (type == TLSEXT_TYPE_channel_id_new)
-			{
-			s->s3->tlsext_channel_id_valid = 1;
-			s->s3->tlsext_channel_id_new = 1;
-			}
-
-		else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation)
-			{
-			unsigned len;
-
-			/* We must have requested it. */
-			if (s->alpn_client_proto_list == NULL)
-				{
-				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
-				return 0;
-				}
-			if (size < 4)
-				{
-				*al = TLS1_AD_DECODE_ERROR;
-				return 0;
-				}
-			/* The extension data consists of:
-			 *   uint16 list_length
-			 *   uint8 proto_length;
-			 *   uint8 proto[proto_length]; */
-			len = data[0];
-			len <<= 8;
-			len |= data[1];
-			if (len != (unsigned) size - 2)
-				{
-				*al = TLS1_AD_DECODE_ERROR;
-				return 0;
-				}
-			len = data[2];
-			if (len != (unsigned) size - 3)
-				{
-				*al = TLS1_AD_DECODE_ERROR;
-				return 0;
-				}
-			if (s->s3->alpn_selected)
-				OPENSSL_free(s->s3->alpn_selected);
-			s->s3->alpn_selected = OPENSSL_malloc(len);
-			if (!s->s3->alpn_selected)
-				{
-				*al = TLS1_AD_INTERNAL_ERROR;
-				return 0;
-				}
-			memcpy(s->s3->alpn_selected, data + 3, len);
-			s->s3->alpn_selected_len = len;
-			}
-
-		else if (type == TLSEXT_TYPE_renegotiate)
-			{
-			if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
-				return 0;
-			renegotiate_seen = 1;
-			}
-#ifndef OPENSSL_NO_HEARTBEATS
-		else if (type == TLSEXT_TYPE_heartbeat)
-			{
-			switch(data[0])
-				{
-				case 0x01:	/* Server allows us to send HB requests */
-							s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
-							break;
-				case 0x02:	/* Server doesn't accept HB requests */
-							s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
-							s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
-							break;
-				default:	*al = SSL_AD_ILLEGAL_PARAMETER;
-							return 0;
-				}
-			}
-#endif
-#ifndef OPENSSL_NO_SRTP
-		else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp)
-			{
-                        if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
-							      al))
-                                return 0;
-			}
-#endif
-
-		data+=size;		
-		}
-
-	if (data != d+n)
-		{
-		*al = SSL_AD_DECODE_ERROR;
-		return 0;
-		}
-
-	if (!s->hit && tlsext_servername == 1)
-		{
- 		if (s->tlsext_hostname)
-			{
-			if (s->session->tlsext_hostname == NULL)
-				{
-				s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);	
-				if (!s->session->tlsext_hostname)
-					{
-					*al = SSL_AD_UNRECOGNIZED_NAME;
-					return 0;
-					}
-				}
-			else 
-				{
-				*al = SSL_AD_DECODE_ERROR;
-				return 0;
-				}
-			}
-		}
-
-	*p = data;
-
-	ri_check:
-
-	/* Determine if we need to see RI. Strictly speaking if we want to
-	 * avoid an attack we should *always* see RI even on initial server
-	 * hello because the client doesn't see any renegotiation during an
-	 * attack. However this would mean we could not connect to any server
-	 * which doesn't support RI so for the immediate future tolerate RI
-	 * absence on initial connect only.
-	 */
-	if (!renegotiate_seen
-		&& !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
-		&& !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-		{
-		*al = SSL_AD_HANDSHAKE_FAILURE;
-		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
-				SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-		return 0;
-		}
-
-	return 1;
-	}
-
-
-int ssl_prepare_clienthello_tlsext(SSL *s)
-	{
-#ifndef OPENSSL_NO_EC
-	/* If we are client and using an elliptic curve cryptography cipher suite, send the point formats 
-	 * and elliptic curves we support.
-	 */
-	int using_ecc = 0;
-	int i;
-	unsigned char *j;
-	unsigned long alg_k, alg_a;
-	STACK_OF(SSL_CIPHER) *cipher_stack = SSL_get_ciphers(s);
-
-	for (i = 0; i < sk_SSL_CIPHER_num(cipher_stack); i++)
-		{
-		SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
-
-		alg_k = c->algorithm_mkey;
-		alg_a = c->algorithm_auth;
-		if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA)))
-			{
-			using_ecc = 1;
-			break;
-			}
-		}
-	using_ecc = using_ecc && (s->version >= TLS1_VERSION);
-	if (using_ecc)
-		{
-		if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
-		if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
-			{
-			SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
-			return -1;
-			}
-		s->tlsext_ecpointformatlist_length = 3;
-		s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
-		s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
-		s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
-
-		/* we support all named elliptic curves in RFC 4492 */
-		if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
-		s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
-		if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
-			{
-			s->tlsext_ellipticcurvelist_length = 0;
-			SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
-			return -1;
-			}
-		for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i <
-				sizeof(pref_list)/sizeof(pref_list[0]); i++)
-			{
-			int id = tls1_ec_nid2curve_id(pref_list[i]);
-			s2n(id,j);
-			}
-		}
-#endif /* OPENSSL_NO_EC */
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
- 	{
-		int r = 1;
-	
-		if (s->ctx->tlsext_opaque_prf_input_callback != 0)
-			{
-			r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
-			if (!r)
-				return -1;
-			}
-
-		if (s->tlsext_opaque_prf_input != NULL)
-			{
-			if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
-				OPENSSL_free(s->s3->client_opaque_prf_input);
-
-			if (s->tlsext_opaque_prf_input_len == 0)
-				s->s3->client_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
-			else
-				s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
-			if (s->s3->client_opaque_prf_input == NULL)
-				{
-				SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
-				return -1;
-				}
-			s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
-			}
-
-		if (r == 2)
-			/* at callback's request, insist on receiving an appropriate server opaque PRF input */
-			s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
-	}
-#endif
-
-	return 1;
-	}
-
-int ssl_prepare_serverhello_tlsext(SSL *s)
-	{
-#ifndef OPENSSL_NO_EC
-	/* If we are server and using an ECC cipher suite, send the point formats we support 
-	 * if the client sent us an ECPointsFormat extension.  Note that the server is not
-	 * supposed to send an EllipticCurves extension.
-	 */
-
-	unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-	unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-	int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
-	using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
-	
-	if (using_ecc)
-		{
-		if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
-		if ((s->tlsext_ecpointformatlist = OPENSSL_malloc(3)) == NULL)
-			{
-			SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
-			return -1;
-			}
-		s->tlsext_ecpointformatlist_length = 3;
-		s->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed;
-		s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
-		s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
-		}
-#endif /* OPENSSL_NO_EC */
-
-	return 1;
-	}
-
-int ssl_check_clienthello_tlsext_early(SSL *s)
-	{
-	int ret=SSL_TLSEXT_ERR_NOACK;
-	int al = SSL_AD_UNRECOGNIZED_NAME;
-
-#ifndef OPENSSL_NO_EC
-	/* The handling of the ECPointFormats extension is done elsewhere, namely in 
-	 * ssl3_choose_cipher in s3_lib.c.
-	 */
-	/* The handling of the EllipticCurves extension is done elsewhere, namely in 
-	 * ssl3_choose_cipher in s3_lib.c.
-	 */
-#endif
-
-	if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 
-		ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
-	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 		
-		ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
- 	{
-		/* This sort of belongs into ssl_prepare_serverhello_tlsext(),
-		 * but we might be sending an alert in response to the client hello,
-		 * so this has to happen here in
-		 * ssl_check_clienthello_tlsext_early(). */
-
-		int r = 1;
-	
-		if (s->ctx->tlsext_opaque_prf_input_callback != 0)
-			{
-			r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, s->ctx->tlsext_opaque_prf_input_callback_arg);
-			if (!r)
-				{
-				ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-				al = SSL_AD_INTERNAL_ERROR;
-				goto err;
-				}
-			}
-
-		if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
-			OPENSSL_free(s->s3->server_opaque_prf_input);
-		s->s3->server_opaque_prf_input = NULL;
-
-		if (s->tlsext_opaque_prf_input != NULL)
-			{
-			if (s->s3->client_opaque_prf_input != NULL &&
-				s->s3->client_opaque_prf_input_len == s->tlsext_opaque_prf_input_len)
-				{
-				/* can only use this extension if we have a server opaque PRF input
-				 * of the same length as the client opaque PRF input! */
-
-				if (s->tlsext_opaque_prf_input_len == 0)
-					s->s3->server_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte just to get non-NULL */
-				else
-					s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
-				if (s->s3->server_opaque_prf_input == NULL)
-					{
-					ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-					al = SSL_AD_INTERNAL_ERROR;
-					goto err;
-					}
-				s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
-				}
-			}
-
-		if (r == 2 && s->s3->server_opaque_prf_input == NULL)
-			{
-			/* The callback wants to enforce use of the extension,
-			 * but we can't do that with the client opaque PRF input;
-			 * abort the handshake.
-			 */
-			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-			al = SSL_AD_HANDSHAKE_FAILURE;
-			}
-	}
-
- err:
-#endif
-	switch (ret)
-		{
-		case SSL_TLSEXT_ERR_ALERT_FATAL:
-			ssl3_send_alert(s,SSL3_AL_FATAL,al); 
-			return -1;
-
-		case SSL_TLSEXT_ERR_ALERT_WARNING:
-			ssl3_send_alert(s,SSL3_AL_WARNING,al);
-			return 1; 
-					
-		case SSL_TLSEXT_ERR_NOACK:
-			s->servername_done=0;
-			default:
-		return 1;
-		}
-	}
-
-int ssl_check_clienthello_tlsext_late(SSL *s)
-	{
-	int ret = SSL_TLSEXT_ERR_OK;
-	int al;
-
-	/* If status request then ask callback what to do.
- 	 * Note: this must be called after servername callbacks in case 
- 	 * the certificate has changed, and must be called after the cipher
-	 * has been chosen because this may influence which certificate is sent
- 	 */
-	if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
-		{
-		int r;
-		CERT_PKEY *certpkey;
-		certpkey = ssl_get_server_send_pkey(s);
-		/* If no certificate can't return certificate status */
-		if (certpkey == NULL)
-			{
-			s->tlsext_status_expected = 0;
-			return 1;
-			}
-		/* Set current certificate to one we will use so
-		 * SSL_get_certificate et al can pick it up.
-		 */
-		s->cert->key = certpkey;
-		r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-		switch (r)
-			{
-			/* We don't want to send a status request response */
-			case SSL_TLSEXT_ERR_NOACK:
-				s->tlsext_status_expected = 0;
-				break;
-			/* status request response should be sent */
-			case SSL_TLSEXT_ERR_OK:
-				if (s->tlsext_ocsp_resp)
-					s->tlsext_status_expected = 1;
-				else
-					s->tlsext_status_expected = 0;
-				break;
-			/* something bad happened */
-			case SSL_TLSEXT_ERR_ALERT_FATAL:
-				ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-				al = SSL_AD_INTERNAL_ERROR;
-				goto err;
-			}
-		}
-	else
-		s->tlsext_status_expected = 0;
-
- err:
-	switch (ret)
-		{
-		case SSL_TLSEXT_ERR_ALERT_FATAL:
-			ssl3_send_alert(s,SSL3_AL_FATAL,al); 
-			return -1;
-
-		case SSL_TLSEXT_ERR_ALERT_WARNING:
-			ssl3_send_alert(s,SSL3_AL_WARNING,al);
-			return 1; 
-
-		default:
-			return 1;
-		}
-	}
-
-int ssl_check_serverhello_tlsext(SSL *s)
-	{
-	int ret=SSL_TLSEXT_ERR_NOACK;
-	int al = SSL_AD_UNRECOGNIZED_NAME;
-
-#ifndef OPENSSL_NO_EC
-	/* If we are client and using an elliptic curve cryptography cipher
-	 * suite, then if server returns an EC point formats lists extension
-	 * it must contain uncompressed.
-	 */
-	unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
-	unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-	if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && 
-	    (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && 
-	    ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
-		{
-		/* we are using an ECC cipher */
-		size_t i;
-		unsigned char *list;
-		int found_uncompressed = 0;
-		list = s->session->tlsext_ecpointformatlist;
-		for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
-			{
-			if (*(list++) == TLSEXT_ECPOINTFORMAT_uncompressed)
-				{
-				found_uncompressed = 1;
-				break;
-				}
-			}
-		if (!found_uncompressed)
-			{
-			SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
-			return -1;
-			}
-		}
-	ret = SSL_TLSEXT_ERR_OK;
-#endif /* OPENSSL_NO_EC */
-
-	if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) 
-		ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
-	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 		
-		ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
-
-#ifdef TLSEXT_TYPE_opaque_prf_input
-	if (s->s3->server_opaque_prf_input_len > 0)
-		{
-		/* This case may indicate that we, as a client, want to insist on using opaque PRF inputs.
-		 * So first verify that we really have a value from the server too. */
-
-		if (s->s3->server_opaque_prf_input == NULL)
-			{
-			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-			al = SSL_AD_HANDSHAKE_FAILURE;
-			}
-		
-		/* Anytime the server *has* sent an opaque PRF input, we need to check
-		 * that we have a client opaque PRF input of the same size. */
-		if (s->s3->client_opaque_prf_input == NULL ||
-		    s->s3->client_opaque_prf_input_len != s->s3->server_opaque_prf_input_len)
-			{
-			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-			al = SSL_AD_ILLEGAL_PARAMETER;
-			}
-		}
-#endif
-
-	/* If we've requested certificate status and we wont get one
- 	 * tell the callback
- 	 */
-	if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
-			&& s->ctx && s->ctx->tlsext_status_cb)
-		{
-		int r;
-		/* Set resp to NULL, resplen to -1 so callback knows
- 		 * there is no response.
- 		 */
-		if (s->tlsext_ocsp_resp)
-			{
-			OPENSSL_free(s->tlsext_ocsp_resp);
-			s->tlsext_ocsp_resp = NULL;
-			}
-		s->tlsext_ocsp_resplen = -1;
-		r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-		if (r == 0)
-			{
-			al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
-			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-			}
-		if (r < 0)
-			{
-			al = SSL_AD_INTERNAL_ERROR;
-			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-			}
-		}
-
-	switch (ret)
-		{
-		case SSL_TLSEXT_ERR_ALERT_FATAL:
-			ssl3_send_alert(s,SSL3_AL_FATAL,al); 
-			return -1;
-
-		case SSL_TLSEXT_ERR_ALERT_WARNING:
-			ssl3_send_alert(s,SSL3_AL_WARNING,al);
-			return 1; 
-					
-		case SSL_TLSEXT_ERR_NOACK:
-			s->servername_done=0;
-			default:
-		return 1;
-		}
-	}
-
-/* Since the server cache lookup is done early on in the processing of the
- * ClientHello, and other operations depend on the result, we need to handle
- * any TLS session ticket extension at the same time.
- *
- *   session_id: points at the session ID in the ClientHello. This code will
- *       read past the end of this in order to parse out the session ticket
- *       extension, if any.
- *   len: the length of the session ID.
- *   limit: a pointer to the first byte after the ClientHello.
- *   ret: (output) on return, if a ticket was decrypted, then this is set to
- *       point to the resulting session.
- *
- * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
- * ciphersuite, in which case we have no use for session tickets and one will
- * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
- *
- * Returns:
- *   -1: fatal error, either from parsing or decrypting the ticket.
- *    0: no ticket was found (or was ignored, based on settings).
- *    1: a zero length extension was found, indicating that the client supports
- *       session tickets but doesn't currently have one to offer.
- *    2: either s->tls_session_secret_cb was set, or a ticket was offered but
- *       couldn't be decrypted because of a non-fatal error.
- *    3: a ticket was successfully decrypted and *ret was set.
- *
- * Side effects:
- *   Sets s->tlsext_ticket_expected to 1 if the server will have to issue
- *   a new session ticket to the client because the client indicated support
- *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
- *   a session ticket or we couldn't use the one it gave us, or if
- *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
- *   Otherwise, s->tlsext_ticket_expected is set to 0.
- */
-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
-			const unsigned char *limit, SSL_SESSION **ret)
-	{
-	/* Point after session ID in client hello */
-	const unsigned char *p = session_id + len;
-	unsigned short i;
-
-	*ret = NULL;
-	s->tlsext_ticket_expected = 0;
-
-	/* If tickets disabled behave as if no ticket present
-	 * to permit stateful resumption.
-	 */
-	if (SSL_get_options(s) & SSL_OP_NO_TICKET)
-		return 0;
-	if ((s->version <= SSL3_VERSION) || !limit)
-		return 0;
-	if (p >= limit)
-		return -1;
-	/* Skip past DTLS cookie */
-	if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
-		{
-		i = *(p++);
-		p+= i;
-		if (p >= limit)
-			return -1;
-		}
-	/* Skip past cipher list */
-	n2s(p, i);
-	p+= i;
-	if (p >= limit)
-		return -1;
-	/* Skip past compression algorithm list */
-	i = *(p++);
-	p += i;
-	if (p > limit)
-		return -1;
-	/* Now at start of extensions */
-	if ((p + 2) >= limit)
-		return 0;
-	n2s(p, i);
-	while ((p + 4) <= limit)
-		{
-		unsigned short type, size;
-		n2s(p, type);
-		n2s(p, size);
-		if (p + size > limit)
-			return 0;
-		if (type == TLSEXT_TYPE_session_ticket)
-			{
-			int r;
-			if (size == 0)
-				{
-				/* The client will accept a ticket but doesn't
-				 * currently have one. */
-				s->tlsext_ticket_expected = 1;
-				return 1;
-				}
-			if (s->tls_session_secret_cb)
-				{
-				/* Indicate that the ticket couldn't be
-				 * decrypted rather than generating the session
-				 * from ticket now, trigger abbreviated
-				 * handshake based on external mechanism to
-				 * calculate the master secret later. */
-				return 2;
-				}
-			r = tls_decrypt_ticket(s, p, size, session_id, len, ret);
-			switch (r)
-				{
-				case 2: /* ticket couldn't be decrypted */
-					s->tlsext_ticket_expected = 1;
-					return 2;
-				case 3: /* ticket was decrypted */
-					return r;
-				case 4: /* ticket decrypted but need to renew */
-					s->tlsext_ticket_expected = 1;
-					return 3;
-				default: /* fatal error */
-					return -1;
-				}
-			}
-		p += size;
-		}
-	return 0;
-	}
-
-/* tls_decrypt_ticket attempts to decrypt a session ticket.
- *
- *   etick: points to the body of the session ticket extension.
- *   eticklen: the length of the session tickets extenion.
- *   sess_id: points at the session ID.
- *   sesslen: the length of the session ID.
- *   psess: (output) on return, if a ticket was decrypted, then this is set to
- *       point to the resulting session.
- *
- * Returns:
- *   -1: fatal error, either from parsing or decrypting the ticket.
- *    2: the ticket couldn't be decrypted.
- *    3: a ticket was successfully decrypted and *psess was set.
- *    4: same as 3, but the ticket needs to be renewed.
- */
-static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
-				const unsigned char *sess_id, int sesslen,
-				SSL_SESSION **psess)
-	{
-	SSL_SESSION *sess;
-	unsigned char *sdec;
-	const unsigned char *p;
-	int slen, mlen, renew_ticket = 0;
-	unsigned char tick_hmac[EVP_MAX_MD_SIZE];
-	HMAC_CTX hctx;
-	EVP_CIPHER_CTX ctx;
-	SSL_CTX *tctx = s->initial_ctx;
-	/* Need at least keyname + iv + some encrypted data */
-	if (eticklen < 48)
-		return 2;
-	/* Initialize session ticket encryption and HMAC contexts */
-	HMAC_CTX_init(&hctx);
-	EVP_CIPHER_CTX_init(&ctx);
-	if (tctx->tlsext_ticket_key_cb)
-		{
-		unsigned char *nctick = (unsigned char *)etick;
-		int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
-							&ctx, &hctx, 0);
-		if (rv < 0)
-			return -1;
-		if (rv == 0)
-			return 2;
-		if (rv == 2)
-			renew_ticket = 1;
-		}
-	else
-		{
-		/* Check key name matches */
-		if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
-			return 2;
-		HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
-					tlsext_tick_md(), NULL);
-		EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-				tctx->tlsext_tick_aes_key, etick + 16);
-		}
-	/* Attempt to process session ticket, first conduct sanity and
-	 * integrity checks on ticket.
-	 */
-	mlen = HMAC_size(&hctx);
-	if (mlen < 0)
-		{
-		EVP_CIPHER_CTX_cleanup(&ctx);
-		return -1;
-		}
-	eticklen -= mlen;
-	/* Check HMAC of encrypted ticket */
-	HMAC_Update(&hctx, etick, eticklen);
-	HMAC_Final(&hctx, tick_hmac, NULL);
-	HMAC_CTX_cleanup(&hctx);
-	if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
-		{
-		EVP_CIPHER_CTX_cleanup(&ctx);
-		return 2;
-		}
-	/* Attempt to decrypt session data */
-	/* Move p after IV to start of encrypted ticket, update length */
-	p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
-	eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
-	sdec = OPENSSL_malloc(eticklen);
-	if (!sdec)
-		{
-		EVP_CIPHER_CTX_cleanup(&ctx);
-		return -1;
-		}
-	EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
-	if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
-		{
-		EVP_CIPHER_CTX_cleanup(&ctx);
-		OPENSSL_free(sdec);
-		return 2;
-		}
-	slen += mlen;
-	EVP_CIPHER_CTX_cleanup(&ctx);
-	p = sdec;
-
-	sess = d2i_SSL_SESSION(NULL, &p, slen);
-	OPENSSL_free(sdec);
-	if (sess)
-		{
-		/* The session ID, if non-empty, is used by some clients to
-		 * detect that the ticket has been accepted. So we copy it to
-		 * the session structure. If it is empty set length to zero
-		 * as required by standard.
-		 */
-		if (sesslen)
-			memcpy(sess->session_id, sess_id, sesslen);
-		sess->session_id_length = sesslen;
-		*psess = sess;
-		if (renew_ticket)
-			return 4;
-		else
-			return 3;
-		}
-        ERR_clear_error();
-	/* For session parse failure, indicate that we need to send a new
-	 * ticket. */
-	return 2;
-	}
-
-/* Tables to translate from NIDs to TLS v1.2 ids */
-
-typedef struct 
-	{
-	int nid;
-	int id;
-	} tls12_lookup;
-
-static tls12_lookup tls12_md[] = {
-#ifndef OPENSSL_NO_MD5
-	{NID_md5, TLSEXT_hash_md5},
-#endif
-#ifndef OPENSSL_NO_SHA
-	{NID_sha1, TLSEXT_hash_sha1},
-#endif
-#ifndef OPENSSL_NO_SHA256
-	{NID_sha224, TLSEXT_hash_sha224},
-	{NID_sha256, TLSEXT_hash_sha256},
-#endif
-#ifndef OPENSSL_NO_SHA512
-	{NID_sha384, TLSEXT_hash_sha384},
-	{NID_sha512, TLSEXT_hash_sha512}
-#endif
-};
-
-static tls12_lookup tls12_sig[] = {
-#ifndef OPENSSL_NO_RSA
-	{EVP_PKEY_RSA, TLSEXT_signature_rsa},
-#endif
-#ifndef OPENSSL_NO_DSA
-	{EVP_PKEY_DSA, TLSEXT_signature_dsa},
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	{EVP_PKEY_EC, TLSEXT_signature_ecdsa}
-#endif
-};
-
-static int tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
-	{
-	size_t i;
-	for (i = 0; i < tlen; i++)
-		{
-		if (table[i].nid == nid)
-			return table[i].id;
-		}
-	return -1;
-	}
-
-int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
-	{
-	int sig_id, md_id;
-	if (!md)
-		return 0;
-	md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
-				sizeof(tls12_md)/sizeof(tls12_lookup));
-	if (md_id == -1)
-		return 0;
-	sig_id = tls12_get_sigid(pk);
-	if (sig_id == -1)
-		return 0;
-	p[0] = (unsigned char)md_id;
-	p[1] = (unsigned char)sig_id;
-	return 1;
-	}
-
-/* tls12_get_sigid returns the TLS 1.2 SignatureAlgorithm value corresponding
- * to the given public key, or -1 if not known. */
-int tls12_get_sigid(const EVP_PKEY *pk)
-	{
-	return tls12_find_id(pk->type, tls12_sig,
-				sizeof(tls12_sig)/sizeof(tls12_lookup));
-	}
-
-const EVP_MD *tls12_get_hash(unsigned char hash_alg)
-	{
-	switch(hash_alg)
-		{
-#ifndef OPENSSL_NO_SHA
-	case TLSEXT_hash_sha1:
-		return EVP_sha1();
-#endif
-#ifndef OPENSSL_NO_SHA256
-	case TLSEXT_hash_sha224:
-		return EVP_sha224();
-
-	case TLSEXT_hash_sha256:
-		return EVP_sha256();
-#endif
-#ifndef OPENSSL_NO_SHA512
-	case TLSEXT_hash_sha384:
-		return EVP_sha384();
-
-	case TLSEXT_hash_sha512:
-		return EVP_sha512();
-#endif
-	default:
-		return NULL;
-
-		}
-	}
-
-/* tls1_process_sigalgs processes a signature_algorithms extension and sets the
- * digest functions accordingly for each key type.
- *
- * See RFC 5246, section 7.4.1.4.1.
- *
- * data: points to the content of the extension, not including type and length
- *     headers.
- * dsize: the number of bytes of |data|. Must be even.
- */
-void tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
-	{
-	int i;
-	const EVP_MD *md, **digest_ptr;
-	/* Extension ignored for TLS versions below 1.2 */
-	if (TLS1_get_version(s) < TLS1_2_VERSION)
-		return;
-
-	s->s3->digest_rsa = NULL;
-	s->s3->digest_dsa = NULL;
-	s->s3->digest_ecdsa = NULL;
-
-	for (i = 0; i < dsize; i += 2)
-		{
-		unsigned char hash_alg = data[i], sig_alg = data[i+1];
-
-		switch(sig_alg)
-			{
-#ifndef OPENSSL_NO_RSA
-			case TLSEXT_signature_rsa:
-			digest_ptr = &s->s3->digest_rsa;
-			break;
-#endif
-#ifndef OPENSSL_NO_DSA
-			case TLSEXT_signature_dsa:
-			digest_ptr = &s->s3->digest_dsa;
-			break;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-			case TLSEXT_signature_ecdsa:
-			digest_ptr = &s->s3->digest_ecdsa;
-			break;
-#endif
-			default:
-			continue;
-			}
-
-		if (*digest_ptr == NULL)
-			{
-			md = tls12_get_hash(hash_alg);
-			if (md)
-				*digest_ptr = md;
-			}
-
-		}
-	}
-
-#endif
-
-#ifndef OPENSSL_NO_HEARTBEATS
-int
-tls1_process_heartbeat(SSL *s)
-	{
-	unsigned char *p = &s->s3->rrec.data[0], *pl;
-	unsigned short hbtype;
-	unsigned int payload;
-	unsigned int padding = 16; /* Use minimum padding */
-
-	if (s->msg_callback)
-		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
-			&s->s3->rrec.data[0], s->s3->rrec.length,
-			s, s->msg_callback_arg);
-
-	/* Read type and payload length first */
-	if (1 + 2 + 16 > s->s3->rrec.length)
-		return 0; /* silently discard */
-	hbtype = *p++;
-	n2s(p, payload);
-	if (1 + 2 + payload + 16 > s->s3->rrec.length)
-		return 0; /* silently discard per RFC 6520 sec. 4 */
-	pl = p;
-
-	if (hbtype == TLS1_HB_REQUEST)
-		{
-		unsigned char *buffer, *bp;
-		int r;
-
-		/* Allocate memory for the response, size is 1 bytes
-		 * message type, plus 2 bytes payload length, plus
-		 * payload, plus padding
-		 */
-		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
-		bp = buffer;
-		
-		/* Enter response type, length and copy payload */
-		*bp++ = TLS1_HB_RESPONSE;
-		s2n(payload, bp);
-		memcpy(bp, pl, payload);
-		bp += payload;
-		/* Random padding */
-		RAND_pseudo_bytes(bp, padding);
-
-		r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
-
-		if (r >= 0 && s->msg_callback)
-			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-				buffer, 3 + payload + padding,
-				s, s->msg_callback_arg);
-
-		OPENSSL_free(buffer);
-
-		if (r < 0)
-			return r;
-		}
-	else if (hbtype == TLS1_HB_RESPONSE)
-		{
-		unsigned int seq;
-		
-		/* We only send sequence numbers (2 bytes unsigned int),
-		 * and 16 random bytes, so we just try to read the
-		 * sequence number */
-		n2s(pl, seq);
-		
-		if (payload == 18 && seq == s->tlsext_hb_seq)
-			{
-			s->tlsext_hb_seq++;
-			s->tlsext_hb_pending = 0;
-			}
-		}
-
-	return 0;
-	}
-
-int
-tls1_heartbeat(SSL *s)
-	{
-	unsigned char *buf, *p;
-	int ret;
-	unsigned int payload = 18; /* Sequence number + random bytes */
-	unsigned int padding = 16; /* Use minimum padding */
-
-	/* Only send if peer supports and accepts HB requests... */
-	if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
-	    s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS)
-		{
-		SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
-		return -1;
-		}
-
-	/* ...and there is none in flight yet... */
-	if (s->tlsext_hb_pending)
-		{
-		SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PENDING);
-		return -1;
-		}
-		
-	/* ...and no handshake in progress. */
-	if (SSL_in_init(s) || s->in_handshake)
-		{
-		SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_UNEXPECTED_MESSAGE);
-		return -1;
-		}
-		
-	/* Check if padding is too long, payload and padding
-	 * must not exceed 2^14 - 3 = 16381 bytes in total.
-	 */
-	OPENSSL_assert(payload + padding <= 16381);
-
-	/* Create HeartBeat message, we just use a sequence number
-	 * as payload to distuingish different messages and add
-	 * some random stuff.
-	 *  - Message Type, 1 byte
-	 *  - Payload Length, 2 bytes (unsigned int)
-	 *  - Payload, the sequence number (2 bytes uint)
-	 *  - Payload, random bytes (16 bytes uint)
-	 *  - Padding
-	 */
-	buf = OPENSSL_malloc(1 + 2 + payload + padding);
-	p = buf;
-	/* Message Type */
-	*p++ = TLS1_HB_REQUEST;
-	/* Payload length (18 bytes here) */
-	s2n(payload, p);
-	/* Sequence number */
-	s2n(s->tlsext_hb_seq, p);
-	/* 16 random bytes */
-	RAND_pseudo_bytes(p, 16);
-	p += 16;
-	/* Random padding */
-	RAND_pseudo_bytes(p, padding);
-
-	ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
-	if (ret >= 0)
-		{
-		if (s->msg_callback)
-			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
-				buf, 3 + payload + padding,
-				s, s->msg_callback_arg);
-
-		s->tlsext_hb_pending = 1;
-		}
-		
-	OPENSSL_free(buf);
-
-	return ret;
-	}
-#endif
-
-#if !defined(OPENSSL_NO_TLSEXT)
-/* tls1_channel_id_hash calculates the signed data for a Channel ID on the given
- * SSL connection and writes it to |md|.
- */
-int
-tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s)
-	{
-	EVP_MD_CTX ctx;
-	unsigned char temp_digest[EVP_MAX_MD_SIZE];
-	unsigned temp_digest_len;
-	int i;
-	static const char kClientIDMagic[] = "TLS Channel ID signature";
-
-	if (s->s3->handshake_buffer)
-		if (!ssl3_digest_cached_records(s))
-			return 0;
-
-	EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic));
-
-	if (s->hit && s->s3->tlsext_channel_id_new)
-		{
-		static const char kResumptionMagic[] = "Resumption";
-		EVP_DigestUpdate(md, kResumptionMagic,
-				 sizeof(kResumptionMagic));
-		if (s->session->original_handshake_hash_len == 0)
-			return 0;
-		EVP_DigestUpdate(md, s->session->original_handshake_hash,
-				 s->session->original_handshake_hash_len);
-		}
-
-	EVP_MD_CTX_init(&ctx);
-	for (i = 0; i < SSL_MAX_DIGEST; i++)
-		{
-		if (s->s3->handshake_dgst[i] == NULL)
-			continue;
-		EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]);
-		EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len);
-		EVP_DigestUpdate(md, temp_digest, temp_digest_len);
-		}
-	EVP_MD_CTX_cleanup(&ctx);
-
-	return 1;
-	}
-#endif
-
-/* tls1_record_handshake_hashes_for_channel_id records the current handshake
- * hashes in |s->session| so that Channel ID resumptions can sign that data. */
-int tls1_record_handshake_hashes_for_channel_id(SSL *s)
-	{
-	int digest_len;
-	/* This function should never be called for a resumed session because
-	 * the handshake hashes that we wish to record are for the original,
-	 * full handshake. */
-	if (s->hit)
-		return -1;
-	/* It only makes sense to call this function if Channel IDs have been
-	 * negotiated. */
-	if (!s->s3->tlsext_channel_id_new)
-		return -1;
-
-	digest_len = tls1_handshake_digest(
-		s, s->session->original_handshake_hash,
-		sizeof(s->session->original_handshake_hash));
-	if (digest_len < 0)
-		return -1;
-
-	s->session->original_handshake_hash_len = digest_len;
-
-	return 1;
-	}
diff --git a/ssl/t1_meth.c b/ssl/t1_meth.c
deleted file mode 100644
index 53c807de28..0000000000
--- a/ssl/t1_meth.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* ssl/t1_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static const SSL_METHOD *tls1_get_method(int ver)
-	{
-	if (ver == TLS1_2_VERSION)
-		return TLSv1_2_method();
-	if (ver == TLS1_1_VERSION)
-		return TLSv1_1_method();
-	if (ver == TLS1_VERSION)
-		return TLSv1_method();
-	return NULL;
-	}
-
-IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method,
-			ssl3_accept,
-			ssl3_connect,
-			tls1_get_method)
-
-IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method,
-			ssl3_accept,
-			ssl3_connect,
-			tls1_get_method)
-
-IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method,
-			ssl3_accept,
-			ssl3_connect,
-			tls1_get_method)
-
diff --git a/ssl/t1_reneg.c b/ssl/t1_reneg.c
deleted file mode 100644
index 9c2cc3c712..0000000000
--- a/ssl/t1_reneg.c
+++ /dev/null
@@ -1,292 +0,0 @@
-/* ssl/t1_reneg.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2009 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-/* Add the client's renegotiation binding */
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-					int maxlen)
-    {
-    if(p)
-        {
-	if((s->s3->previous_client_finished_len+1) > maxlen)
-            {
-            SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
-            return 0;
-            }
-            
-        /* Length byte */
-	*p = s->s3->previous_client_finished_len;
-        p++;
-
-        memcpy(p, s->s3->previous_client_finished,
-	       s->s3->previous_client_finished_len);
-#ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "%s RI extension sent by client\n",
-		s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
-#endif
-        }
-    
-    *len=s->s3->previous_client_finished_len + 1;
-
- 
-    return 1;
-    }
-
-/* Parse the client's renegotiation binding and abort if it's not
-   right */
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-					  int *al)
-    {
-    int ilen;
-
-    /* Parse the length byte */
-    if(len < 1)
-        {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
-        *al=SSL_AD_ILLEGAL_PARAMETER;
-        return 0;
-        }
-    ilen = *d;
-    d++;
-
-    /* Consistency check */
-    if((ilen+1) != len)
-        {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
-        *al=SSL_AD_ILLEGAL_PARAMETER;
-        return 0;
-        }
-
-    /* Check that the extension matches */
-    if(ilen != s->s3->previous_client_finished_len)
-        {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
-        *al=SSL_AD_HANDSHAKE_FAILURE;
-        return 0;
-        }
-    
-    if(memcmp(d, s->s3->previous_client_finished,
-	      s->s3->previous_client_finished_len))
-        {
-        SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
-        *al=SSL_AD_HANDSHAKE_FAILURE;
-        return 0;
-        }
-#ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "%s RI extension received by server\n",
-				ilen ? "Non-empty" : "Empty");
-#endif
-
-    s->s3->send_connection_binding=1;
-
-    return 1;
-    }
-
-/* Add the server's renegotiation binding */
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-					int maxlen)
-    {
-    if(p)
-        {
-        if((s->s3->previous_client_finished_len +
-            s->s3->previous_server_finished_len + 1) > maxlen)
-            {
-            SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
-            return 0;
-            }
-        
-        /* Length byte */
-        *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
-        p++;
-
-        memcpy(p, s->s3->previous_client_finished,
-	       s->s3->previous_client_finished_len);
-        p += s->s3->previous_client_finished_len;
-
-        memcpy(p, s->s3->previous_server_finished,
-	       s->s3->previous_server_finished_len);
-#ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "%s RI extension sent by server\n",
-    		s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
-#endif
-        }
-    
-    *len=s->s3->previous_client_finished_len
-	+ s->s3->previous_server_finished_len + 1;
-    
-    return 1;
-    }
-
-/* Parse the server's renegotiation binding and abort if it's not
-   right */
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-					  int *al)
-    {
-    int expected_len=s->s3->previous_client_finished_len
-	+ s->s3->previous_server_finished_len;
-    int ilen;
-
-    /* Check for logic errors */
-    OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
-    OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
-    
-    /* Parse the length byte */
-    if(len < 1)
-        {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
-        *al=SSL_AD_ILLEGAL_PARAMETER;
-        return 0;
-        }
-    ilen = *d;
-    d++;
-
-    /* Consistency check */
-    if(ilen+1 != len)
-        {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
-        *al=SSL_AD_ILLEGAL_PARAMETER;
-        return 0;
-        }
-    
-    /* Check that the extension matches */
-    if(ilen != expected_len)
-        {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
-        *al=SSL_AD_HANDSHAKE_FAILURE;
-        return 0;
-        }
-
-    if(memcmp(d, s->s3->previous_client_finished,
-	      s->s3->previous_client_finished_len))
-        {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
-        *al=SSL_AD_HANDSHAKE_FAILURE;
-        return 0;
-        }
-    d += s->s3->previous_client_finished_len;
-
-    if(memcmp(d, s->s3->previous_server_finished,
-	      s->s3->previous_server_finished_len))
-        {
-        SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
-        *al=SSL_AD_ILLEGAL_PARAMETER;
-        return 0;
-        }
-#ifdef OPENSSL_RI_DEBUG
-    fprintf(stderr, "%s RI extension received by client\n",
-				ilen ? "Non-empty" : "Empty");
-#endif
-    s->s3->send_connection_binding=1;
-
-    return 1;
-    }
diff --git a/ssl/t1_srvr.c b/ssl/t1_srvr.c
deleted file mode 100644
index f1d1565769..0000000000
--- a/ssl/t1_srvr.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/* ssl/t1_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-static const SSL_METHOD *tls1_get_server_method(int ver);
-static const SSL_METHOD *tls1_get_server_method(int ver)
-	{
-	if (ver == TLS1_2_VERSION)
-		return TLSv1_2_server_method();
-	if (ver == TLS1_1_VERSION)
-		return TLSv1_1_server_method();
-	if (ver == TLS1_VERSION)
-		return TLSv1_server_method();
-	return NULL;
-	}
-
-IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method,
-			ssl3_accept,
-			ssl_undefined_function,
-			tls1_get_server_method)
-
-IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method,
-			ssl3_accept,
-			ssl_undefined_function,
-			tls1_get_server_method)
-
-IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method,
-			ssl3_accept,
-			ssl_undefined_function,
-			tls1_get_server_method)
-
diff --git a/ssl/tls1.h b/ssl/tls1.h
deleted file mode 100644
index dc36f79f06..0000000000
--- a/ssl/tls1.h
+++ /dev/null
@@ -1,761 +0,0 @@
-/* ssl/tls1.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifndef HEADER_TLS1_H 
-#define HEADER_TLS1_H 
-
-#include <openssl/buffer.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
-
-#define TLS1_VERSION			0x0301
-#define TLS1_1_VERSION			0x0302
-#define TLS1_2_VERSION			0x0303
-#define TLS_MAX_VERSION			TLS1_2_VERSION
-
-#define TLS1_VERSION_MAJOR		0x03
-#define TLS1_VERSION_MINOR		0x01
-
-#define TLS1_1_VERSION_MAJOR		0x03
-#define TLS1_1_VERSION_MINOR		0x02
-
-#define TLS1_2_VERSION_MAJOR		0x03
-#define TLS1_2_VERSION_MINOR		0x03
-
-#define TLS1_get_version(s) \
-		((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
-
-#define TLS1_get_client_version(s) \
-		((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
-
-#define TLS1_AD_DECRYPTION_FAILED	21
-#define TLS1_AD_RECORD_OVERFLOW		22
-#define TLS1_AD_UNKNOWN_CA		48	/* fatal */
-#define TLS1_AD_ACCESS_DENIED		49	/* fatal */
-#define TLS1_AD_DECODE_ERROR		50	/* fatal */
-#define TLS1_AD_DECRYPT_ERROR		51
-#define TLS1_AD_EXPORT_RESTRICTION	60	/* fatal */
-#define TLS1_AD_PROTOCOL_VERSION	70	/* fatal */
-#define TLS1_AD_INSUFFICIENT_SECURITY	71	/* fatal */
-#define TLS1_AD_INTERNAL_ERROR		80	/* fatal */
-#define TLS1_AD_INAPPROPRIATE_FALLBACK	86	/* fatal */
-#define TLS1_AD_USER_CANCELLED		90
-#define TLS1_AD_NO_RENEGOTIATION	100
-/* codes 110-114 are from RFC3546 */
-#define TLS1_AD_UNSUPPORTED_EXTENSION	110
-#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
-#define TLS1_AD_UNRECOGNIZED_NAME 	112
-#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
-#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
-#define TLS1_AD_UNKNOWN_PSK_IDENTITY	115	/* fatal */
-
-/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
-#define TLSEXT_TYPE_server_name			0
-#define TLSEXT_TYPE_max_fragment_length		1
-#define TLSEXT_TYPE_client_certificate_url	2
-#define TLSEXT_TYPE_trusted_ca_keys		3
-#define TLSEXT_TYPE_truncated_hmac		4
-#define TLSEXT_TYPE_status_request		5
-/* ExtensionType values from RFC4681 */
-#define TLSEXT_TYPE_user_mapping		6
-
-/* ExtensionType values from RFC5878 */
-#define TLSEXT_TYPE_client_authz		7
-#define TLSEXT_TYPE_server_authz		8
-
-/* ExtensionType values from RFC6091 */
-#define TLSEXT_TYPE_cert_type		9
-
-/* ExtensionType values from RFC4492 */
-#define TLSEXT_TYPE_elliptic_curves		10
-#define TLSEXT_TYPE_ec_point_formats		11
-
-/* ExtensionType value from RFC5054 */
-#define TLSEXT_TYPE_srp				12
-
-/* ExtensionType values from RFC5246 */
-#define TLSEXT_TYPE_signature_algorithms	13
-
-/* ExtensionType value from RFC5764 */
-#define TLSEXT_TYPE_use_srtp	14
-
-/* ExtensionType value from RFC5620 */
-#define TLSEXT_TYPE_heartbeat	15
-
-/* ExtensionType value for TLS padding extension.
- * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
- * http://tools.ietf.org/html/draft-agl-tls-padding-03
- */
-#define TLSEXT_TYPE_padding	21
-
-/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
-#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
-
-/* ExtensionType value from RFC4507 */
-#define TLSEXT_TYPE_session_ticket		35
-
-/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
-#if 0 /* will have to be provided externally for now ,
-       * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
-       * using whatever extension number you'd like to try */
-# define TLSEXT_TYPE_opaque_prf_input		?? */
-#endif
-
-/* Temporary extension type */
-#define TLSEXT_TYPE_renegotiate                 0xff01
-
-#ifndef OPENSSL_NO_NEXTPROTONEG
-/* This is not an IANA defined extension number */
-#define TLSEXT_TYPE_next_proto_neg		13172
-#endif
-
-/* This is not an IANA defined extension number */
-#define TLSEXT_TYPE_channel_id			30031
-#define TLSEXT_TYPE_channel_id_new		30032
-
-/* NameType value from RFC 3546 */
-#define TLSEXT_NAMETYPE_host_name 0
-/* status request value from RFC 3546 */
-#define TLSEXT_STATUSTYPE_ocsp 1
-
-/* ECPointFormat values from draft-ietf-tls-ecc-12 */
-#define TLSEXT_ECPOINTFORMAT_first			0
-#define TLSEXT_ECPOINTFORMAT_uncompressed		0
-#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime	1
-#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2	2
-#define TLSEXT_ECPOINTFORMAT_last			2
-
-/* Signature and hash algorithms from RFC 5246 */
-
-#define TLSEXT_signature_anonymous			0
-#define TLSEXT_signature_rsa				1
-#define TLSEXT_signature_dsa				2
-#define TLSEXT_signature_ecdsa				3
-
-#define TLSEXT_hash_none				0
-#define TLSEXT_hash_md5					1
-#define TLSEXT_hash_sha1				2
-#define TLSEXT_hash_sha224				3
-#define TLSEXT_hash_sha256				4
-#define TLSEXT_hash_sha384				5
-#define TLSEXT_hash_sha512				6
-
-#ifndef OPENSSL_NO_TLSEXT
-
-#define TLSEXT_MAXLEN_host_name 255
-
-const char *SSL_get_servername(const SSL *s, const int type);
-int SSL_get_servername_type(const SSL *s);
-/* SSL_export_keying_material exports a value derived from the master secret,
- * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
- * optional context. (Since a zero length context is allowed, the |use_context|
- * flag controls whether a context is included.)
- *
- * It returns 1 on success and zero otherwise.
- */
-int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-	const char *label, size_t llen, const unsigned char *p, size_t plen,
-	int use_context);
-
-#define SSL_set_tlsext_host_name(s,name) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
-
-#define SSL_set_tlsext_debug_callback(ssl, cb) \
-SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
-
-#define SSL_set_tlsext_debug_arg(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
-
-#define SSL_set_tlsext_status_type(ssl, type) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
-
-#define SSL_get_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
-
-#define SSL_set_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
-
-#define SSL_get_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
-
-#define SSL_set_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
-
-#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
-
-#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
-
-#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
-
-#define SSL_TLSEXT_ERR_OK 0
-#define SSL_TLSEXT_ERR_ALERT_WARNING 1
-#define SSL_TLSEXT_ERR_ALERT_FATAL 2
-#define SSL_TLSEXT_ERR_NOACK 3
-
-#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
-
-#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
-#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
-	SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
-
-#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
-
-#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
-SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
-
-#define SSL_set_tlsext_opaque_prf_input(s, src, len) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
-#define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
-#define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
-
-#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
-
-#ifndef OPENSSL_NO_HEARTBEATS
-#define SSL_TLSEXT_HB_ENABLED				0x01
-#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS	0x02
-#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS	0x04
-
-#define SSL_get_tlsext_heartbeat_pending(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
-#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
-        SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
-#endif
-#endif
-
-/* PSK ciphersuites from 4279 */
-#define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
-#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
-#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C
-#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D
-
-/* Additional TLS ciphersuites from expired Internet Draft
- * draft-ietf-tls-56-bit-ciphersuites-01.txt
- * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
- * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
- * shouldn't.  Note that the first two are actually not in the IDs. */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5		0x03000060 /* not in ID */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	0x03000061 /* not in ID */
-#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA		0x03000062
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x03000063
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA		0x03000064
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x03000065
-#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA		0x03000066
-
-/* AES ciphersuites from RFC3268 */
-
-#define TLS1_CK_RSA_WITH_AES_128_SHA			0x0300002F
-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA			0x03000030
-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA			0x03000031
-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA		0x03000032
-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA		0x03000033
-#define TLS1_CK_ADH_WITH_AES_128_SHA			0x03000034
-
-#define TLS1_CK_RSA_WITH_AES_256_SHA			0x03000035
-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA			0x03000036
-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA			0x03000037
-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA		0x03000038
-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA		0x03000039
-#define TLS1_CK_ADH_WITH_AES_256_SHA			0x0300003A
-
-/* TLS v1.2 ciphersuites */
-#define TLS1_CK_RSA_WITH_NULL_SHA256			0x0300003B
-#define TLS1_CK_RSA_WITH_AES_128_SHA256			0x0300003C
-#define TLS1_CK_RSA_WITH_AES_256_SHA256			0x0300003D
-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256		0x0300003E
-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256		0x0300003F
-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256		0x03000040
-
-/* Camellia ciphersuites from RFC4132 */
-#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA		0x03000041
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA	0x03000042
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA	0x03000043
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x03000044
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x03000045
-#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA		0x03000046
-
-/* TLS v1.2 ciphersuites */
-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256		0x03000067
-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256		0x03000068
-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256		0x03000069
-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256		0x0300006A
-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256		0x0300006B
-#define TLS1_CK_ADH_WITH_AES_128_SHA256			0x0300006C
-#define TLS1_CK_ADH_WITH_AES_256_SHA256			0x0300006D
-
-/* Camellia ciphersuites from RFC4132 */
-#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA		0x03000084
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA	0x03000085
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA	0x03000086
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x03000087
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x03000088
-#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA		0x03000089
-
-/* SEED ciphersuites from RFC4162 */
-#define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096
-#define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097
-#define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
-#define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
-#define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
-#define TLS1_CK_ADH_WITH_SEED_SHA                	0x0300009B
-
-/* TLS v1.2 GCM ciphersuites from RFC5288 */
-#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256		0x0300009C
-#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384		0x0300009D
-#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256		0x0300009E
-#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384		0x0300009F
-#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256		0x030000A0
-#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384		0x030000A1
-#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256		0x030000A2
-#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384		0x030000A3
-#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256		0x030000A4
-#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384		0x030000A5
-#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256		0x030000A6
-#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384		0x030000A7
-
-/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
-#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
-#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
-#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005
-
-#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006
-#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007
-#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A
-
-#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B
-#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C
-#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F
-
-#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010
-#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011
-#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014
-
-#define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015
-#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016
-#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017
-#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
-#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
-
-/* SRP ciphersuites from RFC 5054 */
-#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA		0x0300C01A
-#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA	0x0300C01B
-#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA	0x0300C01C
-#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA		0x0300C01D
-#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA	0x0300C01E
-#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA	0x0300C01F
-#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA		0x0300C020
-#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA	0x0300C021
-#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA	0x0300C022
-
-/* ECDH HMAC based ciphersuites from RFC5289 */
-
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
-
-/* ECDH GCM based ciphersuites from RFC5289 */
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256	0x0300C02B
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384	0x0300C02C
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
-
-/* ECDHE PSK ciphersuites from RFC5489
- * SHA-2 cipher suites are omitted because they cannot be used safely with
- * SSLv3. */
-#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA          0x0300C035
-#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA          0x0300C036
-
-/* XXX
- * Inconsistency alert:
- * The OpenSSL names of ciphers with ephemeral DH here include the string
- * "DHE", while elsewhere it has always been "EDH".
- * (The alias for the list of all such ciphers also is "EDH".)
- * The specifications speak of "EDH"; maybe we should allow both forms
- * for everything. */
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5		"EXP1024-RC4-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	"EXP1024-RC2-CBC-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DES-CBC-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DHE-DSS-DES-CBC-SHA"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA		"EXP1024-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	"EXP1024-DHE-DSS-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA		"DHE-DSS-RC4-SHA"
-
-/* AES ciphersuites from RFC3268 */
-#define TLS1_TXT_RSA_WITH_AES_128_SHA			"AES128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA		"DH-DSS-AES128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA		"DH-RSA-AES128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA		"DHE-DSS-AES128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA		"DHE-RSA-AES128-SHA"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA			"ADH-AES128-SHA"
-
-#define TLS1_TXT_RSA_WITH_AES_256_SHA			"AES256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA		"DH-DSS-AES256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA		"DH-RSA-AES256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA		"DHE-DSS-AES256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA		"DHE-RSA-AES256-SHA"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA			"ADH-AES256-SHA"
-
-/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
-#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
-
-#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"
-
-#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
-
-#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"
-
-#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
-
-/* PSK ciphersuites from RFC 4279 */
-#define TLS1_TXT_PSK_WITH_RC4_128_SHA			"PSK-RC4-SHA"
-#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA		"PSK-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA		"PSK-AES128-CBC-SHA"
-#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA		"PSK-AES256-CBC-SHA"
-
-/* SRP ciphersuite from RFC 5054 */
-#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA		"SRP-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA	"SRP-RSA-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA	"SRP-DSS-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA		"SRP-AES-128-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA	"SRP-RSA-AES-128-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA	"SRP-DSS-AES-128-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA		"SRP-AES-256-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA	"SRP-RSA-AES-256-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA	"SRP-DSS-AES-256-CBC-SHA"
-
-/* Camellia ciphersuites from RFC4132 */
-#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA		"CAMELLIA128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA	"DH-DSS-CAMELLIA128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA	"DH-RSA-CAMELLIA128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	"DHE-DSS-CAMELLIA128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	"DHE-RSA-CAMELLIA128-SHA"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA		"ADH-CAMELLIA128-SHA"
-
-#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA		"CAMELLIA256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA	"DH-DSS-CAMELLIA256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA	"DH-RSA-CAMELLIA256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	"DHE-DSS-CAMELLIA256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	"DHE-RSA-CAMELLIA256-SHA"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA		"ADH-CAMELLIA256-SHA"
-
-/* SEED ciphersuites from RFC4162 */
-#define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"
-#define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"
-#define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
-#define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
-
-/* TLS v1.2 ciphersuites */
-#define TLS1_TXT_RSA_WITH_NULL_SHA256			"NULL-SHA256"
-#define TLS1_TXT_RSA_WITH_AES_128_SHA256		"AES128-SHA256"
-#define TLS1_TXT_RSA_WITH_AES_256_SHA256		"AES256-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256		"DH-DSS-AES128-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256		"DH-RSA-AES128-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256		"DHE-DSS-AES128-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256		"DHE-RSA-AES128-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256		"DH-DSS-AES256-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256		"DH-RSA-AES256-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256		"DHE-DSS-AES256-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256		"DHE-RSA-AES256-SHA256"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA256		"ADH-AES128-SHA256"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA256		"ADH-AES256-SHA256"
-
-/* TLS v1.2 GCM ciphersuites from RFC5288 */
-#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256		"AES128-GCM-SHA256"
-#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384		"AES256-GCM-SHA384"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256	"DHE-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384	"DHE-RSA-AES256-GCM-SHA384"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256		"DH-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384		"DH-RSA-AES256-GCM-SHA384"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256	"DHE-DSS-AES128-GCM-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384	"DHE-DSS-AES256-GCM-SHA384"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256		"DH-DSS-AES128-GCM-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384		"DH-DSS-AES256-GCM-SHA384"
-#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256		"ADH-AES128-GCM-SHA256"
-#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384		"ADH-AES256-GCM-SHA384"
-
-/* ECDH HMAC based ciphersuites from RFC5289 */
-
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
-
-/* ECDH GCM based ciphersuites from RFC5289 */
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
-
-/* ECDHE PSK ciphersuites from RFC5489 */
-#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA         "ECDHE-PSK-AES128-CBC-SHA"
-#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA         "ECDHE-PSK-AES256-CBC-SHA"
-
-#define TLS_CT_RSA_SIGN			1
-#define TLS_CT_DSS_SIGN			2
-#define TLS_CT_RSA_FIXED_DH		3
-#define TLS_CT_DSS_FIXED_DH		4
-#define TLS_CT_ECDSA_SIGN		64
-#define TLS_CT_RSA_FIXED_ECDH		65
-#define TLS_CT_ECDSA_FIXED_ECDH 	66
-#define TLS_CT_GOST94_SIGN		21
-#define TLS_CT_GOST01_SIGN		22
-/* when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
- * comment there) */
-#define TLS_CT_NUMBER			9
-
-#define TLS1_FINISH_MAC_LENGTH		12
-
-#define TLS_MD_MAX_CONST_SIZE			20
-#define TLS_MD_CLIENT_FINISH_CONST		"client finished"
-#define TLS_MD_CLIENT_FINISH_CONST_SIZE		15
-#define TLS_MD_SERVER_FINISH_CONST		"server finished"
-#define TLS_MD_SERVER_FINISH_CONST_SIZE		15
-#define TLS_MD_SERVER_WRITE_KEY_CONST		"server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE	16
-#define TLS_MD_KEY_EXPANSION_CONST		"key expansion"
-#define TLS_MD_KEY_EXPANSION_CONST_SIZE		13
-#define TLS_MD_CLIENT_WRITE_KEY_CONST		"client write key"
-#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE	16
-#define TLS_MD_SERVER_WRITE_KEY_CONST		"server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE	16
-#define TLS_MD_IV_BLOCK_CONST			"IV block"
-#define TLS_MD_IV_BLOCK_CONST_SIZE		8
-#define TLS_MD_MASTER_SECRET_CONST		"master secret"
-#define TLS_MD_MASTER_SECRET_CONST_SIZE		13
-
-#ifdef CHARSET_EBCDIC
-#undef TLS_MD_CLIENT_FINISH_CONST
-#define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*client finished*/
-#undef TLS_MD_SERVER_FINISH_CONST
-#define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*server finished*/
-#undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
-#undef TLS_MD_KEY_EXPANSION_CONST
-#define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"  /*key expansion*/
-#undef TLS_MD_CLIENT_WRITE_KEY_CONST
-#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*client write key*/
-#undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
-#undef TLS_MD_IV_BLOCK_CONST
-#define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"  /*IV block*/
-#undef TLS_MD_MASTER_SECRET_CONST
-#define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/
-#endif
-
-/* TLS Session Ticket extension struct */
-struct tls_session_ticket_ext_st
-	{
-	unsigned short length;
-	void *data;
-	};
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c
deleted file mode 100644
index e7368a8f6b..0000000000
--- a/ssl/tls_srp.c
+++ /dev/null
@@ -1,533 +0,0 @@
-/* ssl/tls_srp.c */
-/* Written by Christophe Renou (christophe.renou@edelweb.fr) with 
- * the precious help of Peter Sylvester (peter.sylvester@edelweb.fr) 
- * for the EdelKey project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SRP
-
-#include <openssl/rand.h>
-#include <openssl/srp.h>
-#include <openssl/err.h>
-
-int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
-	{
-	if (ctx == NULL)
-		return 0;
-	OPENSSL_free(ctx->srp_ctx.login);
-	BN_free(ctx->srp_ctx.N);
-	BN_free(ctx->srp_ctx.g);
-	BN_free(ctx->srp_ctx.s);
-	BN_free(ctx->srp_ctx.B);
-	BN_free(ctx->srp_ctx.A);
-	BN_free(ctx->srp_ctx.a);
-	BN_free(ctx->srp_ctx.b);
-	BN_free(ctx->srp_ctx.v);
-	ctx->srp_ctx.TLS_ext_srp_username_callback = NULL;
-	ctx->srp_ctx.SRP_cb_arg = NULL;
-	ctx->srp_ctx.SRP_verify_param_callback = NULL;
-	ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
-	ctx->srp_ctx.N = NULL;
-	ctx->srp_ctx.g = NULL;
-	ctx->srp_ctx.s = NULL;
-	ctx->srp_ctx.B = NULL;
-	ctx->srp_ctx.A = NULL;
-	ctx->srp_ctx.a = NULL;
-	ctx->srp_ctx.b = NULL;
-	ctx->srp_ctx.v = NULL;
-	ctx->srp_ctx.login = NULL;
-	ctx->srp_ctx.info = NULL;
-	ctx->srp_ctx.strength = SRP_MINIMAL_N;
-	ctx->srp_ctx.srp_Mask = 0;
-	return (1);
-	}
-
-int SSL_SRP_CTX_free(struct ssl_st *s)
-	{
-	if (s == NULL)
-		return 0;
-	OPENSSL_free(s->srp_ctx.login);
-	BN_free(s->srp_ctx.N);
-	BN_free(s->srp_ctx.g);
-	BN_free(s->srp_ctx.s);
-	BN_free(s->srp_ctx.B);
-	BN_free(s->srp_ctx.A);
-	BN_free(s->srp_ctx.a);
-	BN_free(s->srp_ctx.b);
-	BN_free(s->srp_ctx.v);
-	s->srp_ctx.TLS_ext_srp_username_callback = NULL;
-	s->srp_ctx.SRP_cb_arg = NULL;
-	s->srp_ctx.SRP_verify_param_callback = NULL;
-	s->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
-	s->srp_ctx.N = NULL;
-	s->srp_ctx.g = NULL;
-	s->srp_ctx.s = NULL;
-	s->srp_ctx.B = NULL;
-	s->srp_ctx.A = NULL;
-	s->srp_ctx.a = NULL;
-	s->srp_ctx.b = NULL;
-	s->srp_ctx.v = NULL;
-	s->srp_ctx.login = NULL;
-	s->srp_ctx.info = NULL;
-	s->srp_ctx.strength = SRP_MINIMAL_N;
-	s->srp_ctx.srp_Mask = 0;
-	return (1);
-	}
-
-int SSL_SRP_CTX_init(struct ssl_st *s)
-	{
-	SSL_CTX *ctx;
-
-	if ((s == NULL) || ((ctx = s->ctx) == NULL))
-		return 0;
-	s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg;
-	/* set client Hello login callback */
-	s->srp_ctx.TLS_ext_srp_username_callback = ctx->srp_ctx.TLS_ext_srp_username_callback;
-	/* set SRP N/g param callback for verification */
-	s->srp_ctx.SRP_verify_param_callback = ctx->srp_ctx.SRP_verify_param_callback;
-	/* set SRP client passwd callback */
-	s->srp_ctx.SRP_give_srp_client_pwd_callback = ctx->srp_ctx.SRP_give_srp_client_pwd_callback;
-
-	s->srp_ctx.N = NULL;
-	s->srp_ctx.g = NULL;
-	s->srp_ctx.s = NULL;
-	s->srp_ctx.B = NULL;
-	s->srp_ctx.A = NULL;
-	s->srp_ctx.a = NULL;
-	s->srp_ctx.b = NULL;
-	s->srp_ctx.v = NULL;
-	s->srp_ctx.login = NULL;
-	s->srp_ctx.info = ctx->srp_ctx.info;
-	s->srp_ctx.strength = ctx->srp_ctx.strength;
-
-	if (((ctx->srp_ctx.N != NULL) &&
-		 ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) ||
-		((ctx->srp_ctx.g != NULL) &&
-		 ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) ||
-		((ctx->srp_ctx.s != NULL) &&
-		 ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) ||
-		((ctx->srp_ctx.B != NULL) &&
-		 ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) ||
-		((ctx->srp_ctx.A != NULL) &&
-		 ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) ||
-		((ctx->srp_ctx.a != NULL) &&
-		 ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) ||
-		((ctx->srp_ctx.v != NULL) &&
-		 ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) ||
-		((ctx->srp_ctx.b != NULL) &&
-		 ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL)))
-		{
-		SSLerr(SSL_F_SSL_SRP_CTX_INIT,ERR_R_BN_LIB);
-		goto err;
-		}
-	if ((ctx->srp_ctx.login != NULL) && 
-		((s->srp_ctx.login = BUF_strdup(ctx->srp_ctx.login)) == NULL))
-		{
-		SSLerr(SSL_F_SSL_SRP_CTX_INIT,ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-	s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask;
-
-	return (1);
-err:
-	OPENSSL_free(s->srp_ctx.login);
-	BN_free(s->srp_ctx.N);
-	BN_free(s->srp_ctx.g);
-	BN_free(s->srp_ctx.s);
-	BN_free(s->srp_ctx.B);
-	BN_free(s->srp_ctx.A);
-	BN_free(s->srp_ctx.a);
-	BN_free(s->srp_ctx.b);
-	BN_free(s->srp_ctx.v);
-	return (0);
-	}
-
-int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
-	{
-	if (ctx == NULL)
-		return 0;
-
-	ctx->srp_ctx.SRP_cb_arg = NULL;
-	/* set client Hello login callback */
-	ctx->srp_ctx.TLS_ext_srp_username_callback = NULL;
-	/* set SRP N/g param callback for verification */
-	ctx->srp_ctx.SRP_verify_param_callback = NULL;
-	/* set SRP client passwd callback */
-	ctx->srp_ctx.SRP_give_srp_client_pwd_callback = NULL;
-
-	ctx->srp_ctx.N = NULL;
-	ctx->srp_ctx.g = NULL;
-	ctx->srp_ctx.s = NULL;
-	ctx->srp_ctx.B = NULL;
-	ctx->srp_ctx.A = NULL;
-	ctx->srp_ctx.a = NULL;
-	ctx->srp_ctx.b = NULL;
-	ctx->srp_ctx.v = NULL;
-	ctx->srp_ctx.login = NULL;
-	ctx->srp_ctx.srp_Mask = 0;
-	ctx->srp_ctx.info = NULL;
-	ctx->srp_ctx.strength = SRP_MINIMAL_N;
-
-	return (1);
-	}
-
-/* server side */
-int SSL_srp_server_param_with_username(SSL *s, int *ad)
-	{
-	unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
-	int al;
-
-	*ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
-	if ((s->srp_ctx.TLS_ext_srp_username_callback !=NULL) &&
-		((al = s->srp_ctx.TLS_ext_srp_username_callback(s, ad, s->srp_ctx.SRP_cb_arg))!=SSL_ERROR_NONE))
-			return al;
-
-	*ad = SSL_AD_INTERNAL_ERROR;
-	if ((s->srp_ctx.N == NULL) ||
-		(s->srp_ctx.g == NULL) ||
-		(s->srp_ctx.s == NULL) ||
-		(s->srp_ctx.v == NULL))
-		return SSL3_AL_FATAL;
-
-	if (RAND_bytes(b, sizeof(b)) <= 0)
-		return SSL3_AL_FATAL;
-	s->srp_ctx.b = BN_bin2bn(b,sizeof(b),NULL);
-	OPENSSL_cleanse(b,sizeof(b));
-
-	/* Calculate:  B = (kv + g^b) % N  */
-
-	return ((s->srp_ctx.B = SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g, s->srp_ctx.v)) != NULL)?
-			SSL_ERROR_NONE:SSL3_AL_FATAL;
-	}
-
-/* If the server just has the raw password, make up a verifier entry on the fly */
-int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp)
-	{
-	SRP_gN *GN = SRP_get_default_gN(grp);
-	if(GN == NULL) return -1;
-	s->srp_ctx.N = BN_dup(GN->N);
-	s->srp_ctx.g = BN_dup(GN->g);
-	if(s->srp_ctx.v != NULL)
-		{
-		BN_clear_free(s->srp_ctx.v);
-		s->srp_ctx.v = NULL;
-		}
-	if(s->srp_ctx.s != NULL)
-		{
-		BN_clear_free(s->srp_ctx.s);
-		s->srp_ctx.s = NULL;
-		}
-	if(!SRP_create_verifier_BN(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g)) return -1;
-
-	return 1;
-	}
-
-int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
-			     BIGNUM *sa, BIGNUM *v, char *info)
-	{
-	if (N!= NULL)
-		{
-		if (s->srp_ctx.N != NULL)
-			{
-			if (!BN_copy(s->srp_ctx.N,N))
-				{
-				BN_free(s->srp_ctx.N);
-				s->srp_ctx.N = NULL;
-				}
-			}
-		else
-			s->srp_ctx.N = BN_dup(N);
-		}
-	if (g!= NULL)
-		{
-		if (s->srp_ctx.g != NULL)
-			{
-			if (!BN_copy(s->srp_ctx.g,g))
-				{
-				BN_free(s->srp_ctx.g);
-				s->srp_ctx.g = NULL;
-				}
-			}
-		else
-			s->srp_ctx.g = BN_dup(g);
-		}
-	if (sa!= NULL)
-		{
-		if (s->srp_ctx.s != NULL)
-			{
-			if (!BN_copy(s->srp_ctx.s,sa))
-				{
-				BN_free(s->srp_ctx.s);
-				s->srp_ctx.s = NULL;
-				}
-			}
-		else
-			s->srp_ctx.s = BN_dup(sa);
-		}
-	if (v!= NULL)
-		{
-		if (s->srp_ctx.v != NULL)
-			{
-			if (!BN_copy(s->srp_ctx.v,v))
-				{
-				BN_free(s->srp_ctx.v);
-				s->srp_ctx.v = NULL;
-				}
-			}
-		else
-			s->srp_ctx.v = BN_dup(v);
-		}
-	s->srp_ctx.info = info;
-
-	if (!(s->srp_ctx.N) ||
-		!(s->srp_ctx.g) ||
-		!(s->srp_ctx.s) ||
-		!(s->srp_ctx.v))
-		return -1;
-
-	return 1;
-	}
-
-int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key)
-	{
-	BIGNUM *K = NULL, *u = NULL;
-	int ret = -1, tmp_len;
-	unsigned char *tmp = NULL;
-
-	if (!SRP_Verify_A_mod_N(s->srp_ctx.A,s->srp_ctx.N))
-		goto err;
-	if (!(u = SRP_Calc_u(s->srp_ctx.A,s->srp_ctx.B,s->srp_ctx.N)))
-		goto err;
-	if (!(K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, s->srp_ctx.N)))
-		goto err;
-
-	tmp_len = BN_num_bytes(K);
-	if ((tmp = OPENSSL_malloc(tmp_len)) == NULL)
-		goto err;
-	BN_bn2bin(K, tmp);
-	ret = s->method->ssl3_enc->generate_master_secret(s,master_key,tmp,tmp_len);
-err:
-	if (tmp)
-		{
-		OPENSSL_cleanse(tmp,tmp_len) ;
-		OPENSSL_free(tmp);
-		}
-	BN_clear_free(K);
-	BN_clear_free(u);
-	return ret;
-	}
-
-/* client side */
-int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key)
-	{
-	BIGNUM *x = NULL, *u = NULL, *K = NULL;
-	int ret = -1, tmp_len;
-	char *passwd = NULL;
-	unsigned char *tmp = NULL;
-
-	/* Checks if b % n == 0
-	 */
-	if (SRP_Verify_B_mod_N(s->srp_ctx.B,s->srp_ctx.N)==0) goto err;
-	if (!(u = SRP_Calc_u(s->srp_ctx.A,s->srp_ctx.B,s->srp_ctx.N))) goto err;
-	if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) goto err;
-	if (!(passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_cb_arg))) goto err;
-	if (!(x = SRP_Calc_x(s->srp_ctx.s,s->srp_ctx.login,passwd))) goto err;
-	if (!(K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g, x, s->srp_ctx.a, u))) goto err;
-
-	tmp_len = BN_num_bytes(K);
-	if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) goto err;
-	BN_bn2bin(K, tmp);
-	ret = s->method->ssl3_enc->generate_master_secret(s,master_key,tmp,tmp_len);
-err:
-	if (tmp)
-		{
-		OPENSSL_cleanse(tmp,tmp_len) ;
-		OPENSSL_free(tmp);
-		}
-	BN_clear_free(K);
-	BN_clear_free(x);
-	if (passwd)
-		{
-		OPENSSL_cleanse(passwd,strlen(passwd)) ;
-		OPENSSL_free(passwd);
-		}
-	BN_clear_free(u);
-	return ret;
-	}
-
-int srp_verify_server_param(SSL *s, int *al)
-	{
-	SRP_CTX *srp = &s->srp_ctx;
-	/* Sanity check parameters: we can quickly check B % N == 0
-	 * by checking B != 0 since B < N
-	 */
-	if (BN_ucmp(srp->g, srp->N) >=0 || BN_ucmp(srp->B, srp->N) >= 0
-		|| BN_is_zero(srp->B))
-		{
-		*al = SSL3_AD_ILLEGAL_PARAMETER;
-		return 0;
-		}
-
-	if (BN_num_bits(srp->N) < srp->strength)
-		{
-		*al = TLS1_AD_INSUFFICIENT_SECURITY;
-		return 0;
-		}
-
-	if (srp->SRP_verify_param_callback)
-		{
-		if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0)
-			{
-			*al = TLS1_AD_INSUFFICIENT_SECURITY;
-			return 0;
-			}
-		}
-	else if(!SRP_check_known_gN_param(srp->g, srp->N))
-		{
-		*al = TLS1_AD_INSUFFICIENT_SECURITY;
-		return 0;
-		}
-
-	return 1;
-	}
-	
-
-int SRP_Calc_A_param(SSL *s)
-	{
-	unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
-
-	RAND_bytes(rnd, sizeof(rnd));
-	s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
-	OPENSSL_cleanse(rnd, sizeof(rnd));
-
-	if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a,s->srp_ctx.N,s->srp_ctx.g)))
-		return -1;
-
-	return 1;
-	}
-
-BIGNUM *SSL_get_srp_g(SSL *s)
-	{
-	if (s->srp_ctx.g != NULL)
-		return s->srp_ctx.g;
-	return s->ctx->srp_ctx.g;
-	}
-
-BIGNUM *SSL_get_srp_N(SSL *s)
-	{
-	if (s->srp_ctx.N != NULL)
-		return s->srp_ctx.N;
-	return s->ctx->srp_ctx.N;
-	}
-
-char *SSL_get_srp_username(SSL *s)
-	{
-	if (s->srp_ctx.login != NULL)
-		return s->srp_ctx.login;
-	return s->ctx->srp_ctx.login;
-	}
-
-char *SSL_get_srp_userinfo(SSL *s)
-	{
-	if (s->srp_ctx.info != NULL)
-		return s->srp_ctx.info;
-	return s->ctx->srp_ctx.info;
-	}
-
-#define tls1_ctx_ctrl ssl3_ctx_ctrl
-#define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl
-
-int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name)
-	{
-	return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_USERNAME,0,name);
-	}
-
-int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password)
-	{
-	return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD,0,password);
-	}
-
-int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength)
-	{
-	return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength,
-			     NULL);
-	}
-
-int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *,void *))
-	{
-	return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_SRP_VERIFY_PARAM_CB,
-				      (void (*)(void))cb);
-	}
-
-int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg)
-	{
-	return tls1_ctx_ctrl(ctx,SSL_CTRL_SET_SRP_ARG,0,arg);
-	}
-
-int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
-				      int (*cb)(SSL *,int *,void *))
-	{
-	return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB,
-				      (void (*)(void))cb);
-	}
-
-int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *,void *))
-	{
-	return tls1_ctx_callback_ctrl(ctx,SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB,
-				      (void (*)(void))cb);
-	}
-
-#endif
author	Kenny Root <kroot@google.com>	2016-06-16 22:40:43 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2016-06-16 22:40:44 +0000
commit	8953c287cf742a22411f75fab28a33772240e44f (patch)
tree	c47b14108644e49f0ae74f10798f55a6ffa89106
parent	e67c7edd65f69f58535fb358a8665a23e5de62a4 (diff)
parent	96ec8d2622a5c17816f1ae17016f1d71e351fd55 (diff)
download	openssl-aosp-emu-30-release.tar.gz